Resources working with new picker

2025-08-01 08:34:53 +02:00 · 2025-07-14 15:36:15 -07:00 · 2025-07-14 15:36:15 -07:00 · 78661799f2
commit 78661799f2
parent ec57996b01
6 changed files with 218 additions and 160 deletions
--- a/server/routers/resource/createResource.ts
+++ b/server/routers/resource/createResource.ts
@ -21,6 +21,7 @@ import logger from "@server/logger";
 import { subdomainSchema } from "@server/lib/schemas";
 import config from "@server/lib/config";
 import { OpenAPITags, registry } from "@server/openApi";
+import { build } from "@server/build";

 const createResourceParamsSchema = z
    .object({
@ -36,7 +37,6 @@ const createHttpResourceSchema = z
            .string()
            .optional()
            .transform((val) => val?.toLowerCase()),
-        isBaseDomain: z.boolean().optional(),
        siteId: z.number(),
        http: z.boolean(),
        protocol: z.enum(["tcp", "udp"]),
@ -52,19 +52,6 @@ const createHttpResourceSchema = z
        },
        { message: "Invalid subdomain" }
    )
-    .refine(
-        (data) => {
-            if (!config.getRawConfig().flags?.allow_base_domain_resources) {
-                if (data.isBaseDomain) {
-                    return false;
-                }
-            }
-            return true;
-        },
-        {
-            message: "Base domain resources are not allowed"
-        }
-    );

 const createRawResourceSchema = z
    .object({
@ -101,9 +88,12 @@ registry.registerPath({
        body: {
            content: {
                "application/json": {
-                    schema: createHttpResourceSchema.or(
-                        createRawResourceSchema
-                    )
+                    schema:
+                        build == "oss"
+                            ? createHttpResourceSchema.or(
+                                  createRawResourceSchema
+                              )
+                            : createHttpResourceSchema
                }
            }
        }
@ -166,7 +156,7 @@ export async function createResource(
                { siteId, orgId }
            );
        } else {
-            if (!config.getRawConfig().flags?.allow_raw_resources) {
+            if (!config.getRawConfig().flags?.allow_raw_resources && build == "oss") {
                return next(
                    createHttpError(
                        HttpCode.BAD_REQUEST,
@ -211,35 +201,81 @@ async function createHttpResource(
        );
    }

-    const { name, subdomain, isBaseDomain, http, protocol, domainId } =
-        parsedBody.data;
+    const { name, subdomain, domainId } = parsedBody.data;

-    const [orgDomain] = await db
+    const [domainRes] = await db
        .select()
-        .from(orgDomains)
-        .where(
+        .from(domains)
+        .where(eq(domains.domainId, domainId))
+        .leftJoin(
+            orgDomains,
            and(eq(orgDomains.orgId, orgId), eq(orgDomains.domainId, domainId))
-        )
-        .leftJoin(domains, eq(orgDomains.domainId, domains.domainId));
+        );

-    if (!orgDomain || !orgDomain.domains) {
+    if (!domainRes || !domainRes.domains) {
        return next(
            createHttpError(
                HttpCode.NOT_FOUND,
-                `Domain with ID ${parsedBody.data.domainId} not found`
+                `Domain with ID ${domainId} not found`
            )
        );
    }

-    const domain = orgDomain.domains;
+    if (domainRes.orgDomains && domainRes.orgDomains.orgId !== orgId) {
+        return next(
+            createHttpError(
+                HttpCode.FORBIDDEN,
+                `Organization does not have access to domain with ID ${domainId}`
+            )
+        );
+    }
+
+    if (!domainRes.domains.verified) {
+        return next(
+            createHttpError(
+                HttpCode.BAD_REQUEST,
+                `Domain with ID ${domainRes.domains.domainId} is not verified`
+            )
+        );
+    }

    let fullDomain = "";
-    if (isBaseDomain) {
-        fullDomain = domain.baseDomain;
-    } else {
-        fullDomain = `${subdomain}.${domain.baseDomain}`;
+    if (domainRes.domains.type == "ns") {
+        if (subdomain) {
+            fullDomain = `${subdomain}.${domainRes.domains.baseDomain}`;
+        } else {
+            fullDomain = domainRes.domains.baseDomain;
+        }
+    } else if (domainRes.domains.type == "cname") {
+        fullDomain = domainRes.domains.baseDomain;
+    } else if (domainRes.domains.type == "wildcard") {
+        if (subdomain) {
+            // the subdomain cant have a dot in it
+            const parsedSubdomain = subdomainSchema.safeParse(subdomain);
+            if (!parsedSubdomain.success) {
+                return next(
+                    createHttpError(
+                        HttpCode.BAD_REQUEST,
+                        fromError(parsedSubdomain.error).toString()
+                    )
+                );
+            }
+            if (parsedSubdomain.data.includes(".")) {
+                return next(
+                    createHttpError(
+                        HttpCode.BAD_REQUEST,
+                        "Subdomain cannot contain a dot when using wildcard domains"
+                    )
+                );
+            }
+            fullDomain = `${subdomain}.${domainRes.domains.baseDomain}`;
+        } else {
+            fullDomain = domainRes.domains.baseDomain;
+        }
    }

+    fullDomain = fullDomain.toLowerCase();
+
    logger.debug(`Full domain: ${fullDomain}`);

    // make sure the full domain is unique
@ -269,10 +305,10 @@ async function createHttpResource(
                orgId,
                name,
                subdomain,
-                http,
-                protocol,
+                http: true,
+                protocol: "tcp",
                ssl: true,
-                isBaseDomain
+                isBaseDomain: false
            })
            .returning();