From 7fd1fb89f13fd817235e481a307cc7f0d55e8afd Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Tue, 17 Jun 2025 16:35:05 -0400
Subject: [PATCH] disable local and wg sites with flag

---
 server/lib/config.ts                           |  8 ++++++++
 server/lib/readConfigFile.ts                   |  5 +++--
 server/routers/site/createSite.ts              | 11 ++++++++++-
 src/app/[orgId]/settings/sites/create/page.tsx | 12 ++++++------
 src/lib/pullEnv.ts                             |  6 ++++++
 src/lib/types/env.ts                           |  2 ++
 6 files changed, 35 insertions(+), 9 deletions(-)

diff --git a/server/lib/config.ts b/server/lib/config.ts
index d83bb5b2..eeb0f59b 100644
--- a/server/lib/config.ts
+++ b/server/lib/config.ts
@@ -61,6 +61,14 @@ export class Config {
             ? "true"
             : "false";
         process.env.DASHBOARD_URL = parsedConfig.app.dashboard_url;
+        process.env.FLAGS_DISABLE_LOCAL_SITES = parsedConfig.flags
+            ?.disable_local_sites
+            ? "true"
+            : "false";
+        process.env.FLAGS_DISABLE_BASIC_WIREGUARD_SITES = parsedConfig.flags
+            ?.disable_basic_wireguard_sites
+            ? "true"
+            : "false";
 
         license.setServerSecret(parsedConfig.server.secret);
 
diff --git a/server/lib/readConfigFile.ts b/server/lib/readConfigFile.ts
index b9f90d46..df420fe9 100644
--- a/server/lib/readConfigFile.ts
+++ b/server/lib/readConfigFile.ts
@@ -249,9 +249,10 @@ export const configSchema = z
                 disable_user_create_org: z.boolean().optional(),
                 allow_raw_resources: z.boolean().optional(),
                 allow_base_domain_resources: z.boolean().optional(),
-                allow_local_sites: z.boolean().optional(),
                 enable_integration_api: z.boolean().optional(),
-                enable_redis: z.boolean().optional()
+                enable_redis: z.boolean().optional(),
+                disable_local_sites: z.boolean().optional(),
+                disable_basic_wireguard_sites: z.boolean().optional(),
             })
             .optional()
     })
diff --git a/server/routers/site/createSite.ts b/server/routers/site/createSite.ts
index 2a907e1c..5132196d 100644
--- a/server/routers/site/createSite.ts
+++ b/server/routers/site/createSite.ts
@@ -16,6 +16,7 @@ import { OpenAPITags, registry } from "@server/openApi";
 import { hashPassword } from "@server/auth/password";
 import { isValidIP } from "@server/lib/validators";
 import { isIpInCidr } from "@server/lib/ip";
+import config from "@server/lib/config";
 
 const createSiteParamsSchema = z
     .object({
@@ -40,7 +41,15 @@ const createSiteSchema = z
         address: z.string().optional(),
         type: z.enum(["newt", "wireguard", "local"])
     })
-    .strict();
+    .strict()
+    .refine((data) => {
+        if (data.type === "local") {
+            return !config.getRawConfig().flags?.disable_local_sites;
+        } else if (data.type === "wireguard") {
+            return !config.getRawConfig().flags?.disable_basic_wireguard_sites;
+        }
+        return true;
+    });
 
 export type CreateSiteBody = z.infer<typeof createSiteSchema>;
 
diff --git a/src/app/[orgId]/settings/sites/create/page.tsx b/src/app/[orgId]/settings/sites/create/page.tsx
index 89f14a82..e979e2a0 100644
--- a/src/app/[orgId]/settings/sites/create/page.tsx
+++ b/src/app/[orgId]/settings/sites/create/page.tsx
@@ -138,17 +138,17 @@ export default function Page() {
             description: t('siteNewtTunnelDescription'),
             disabled: true
         },
-        {
-            id: "wireguard",
+        ...(env.flags.disableBasicWireguardSites ? [] : [{
+            id: "wireguard" as SiteType,
             title: t('siteWg'),
             description: t('siteWgDescription'),
             disabled: true
-        },
-        {
-            id: "local",
+        }]),
+        ...(env.flags.disableLocalSites ? [] : [{
+            id: "local" as SiteType,
             title: t('local'),
             description: t('siteLocalDescription')
-        }
+        }])
     ]);
 
     const [loadingPage, setLoadingPage] = useState(true);
diff --git a/src/lib/pullEnv.ts b/src/lib/pullEnv.ts
index 3f829436..fea07e22 100644
--- a/src/lib/pullEnv.ts
+++ b/src/lib/pullEnv.ts
@@ -38,6 +38,12 @@ export function pullEnv(): Env {
                 process.env.FLAGS_ALLOW_RAW_RESOURCES === "true" ? true : false,
             allowBaseDomainResources:
                 process.env.FLAGS_ALLOW_BASE_DOMAIN_RESOURCES === "true"
+                    ? true
+                    : false,
+            disableLocalSites:
+                process.env.FLAGS_DISABLE_LOCAL_SITES === "true" ? true : false,
+            disableBasicWireguardSites:
+                process.env.FLAGS_DISABLE_BASIC_WIREGUARD_SITES === "true"
                     ? true
                     : false
         }
diff --git a/src/lib/types/env.ts b/src/lib/types/env.ts
index 80593ad7..5e4599aa 100644
--- a/src/lib/types/env.ts
+++ b/src/lib/types/env.ts
@@ -22,5 +22,7 @@ export type Env = {
         emailVerificationRequired: boolean;
         allowRawResources: boolean;
         allowBaseDomainResources: boolean;
+        disableLocalSites: boolean;
+        disableBasicWireguardSites: boolean;
     };
 };