diff --git a/server/auth/sessions/resource.ts b/server/auth/sessions/resource.ts index f29a8b75..8d676bec 100644 --- a/server/auth/sessions/resource.ts +++ b/server/auth/sessions/resource.ts @@ -4,6 +4,9 @@ import { resourceSessions, ResourceSession } from "@server/db"; import { db } from "@server/db"; import { eq, and } from "drizzle-orm"; import config from "@server/lib/config"; +import axios from "axios"; +import logger from "@server/logger"; +import { tokenManager } from "@server/lib/tokenManager"; export const SESSION_COOKIE_NAME = config.getRawConfig().server.session_cookie_name; @@ -62,6 +65,29 @@ export async function validateResourceSessionToken( token: string, resourceId: number ): Promise { + if (config.isHybridMode()) { + try { + const response = await axios.post(`${config.getRawConfig().hybrid?.endpoint}/api/v1/hybrid/resource/${resourceId}/session/validate`, { + token: token + }, await tokenManager.getAuthHeader()); + return response.data.data; + } catch (error) { + if (axios.isAxiosError(error)) { + logger.error("Error validating resource session token in hybrid mode:", { + message: error.message, + code: error.code, + status: error.response?.status, + statusText: error.response?.statusText, + url: error.config?.url, + method: error.config?.method + }); + } else { + logger.error("Error validating resource session token in hybrid mode:", error); + } + return { resourceSession: null }; + } + } + const sessionId = encodeHexLowerCase( sha256(new TextEncoder().encode(token)) ); diff --git a/server/db/queries/verifySessionQueries.ts b/server/db/queries/verifySessionQueries.ts index 44982f64..4c800125 100644 --- a/server/db/queries/verifySessionQueries.ts +++ b/server/db/queries/verifySessionQueries.ts @@ -17,6 +17,8 @@ import { import { and, eq } from "drizzle-orm"; import axios from "axios"; import config from "@server/lib/config"; +import logger from "@server/logger"; +import { tokenManager } from "@server/lib/tokenManager"; export type ResourceWithAuth = { resource: Resource | null; @@ -37,10 +39,21 @@ export async function getResourceByDomain( ): Promise { if (config.isHybridMode()) { try { - const response = await axios.get(`${config.getRawConfig().hybrid?.endpoint}/resource/domain/${domain}`); - return response.data; + const response = await axios.get(`${config.getRawConfig().hybrid?.endpoint}/api/v1/hybrid/resource/domain/${domain}`, await tokenManager.getAuthHeader()); + return response.data.data; } catch (error) { - console.error("Error fetching resource by domain:", error); + if (axios.isAxiosError(error)) { + logger.error("Error fetching config in verify session:", { + message: error.message, + code: error.code, + status: error.response?.status, + statusText: error.response?.statusText, + url: error.config?.url, + method: error.config?.method + }); + } else { + logger.error("Error fetching config in verify session:", error); + } return null; } } @@ -78,10 +91,21 @@ export async function getUserSessionWithUser( ): Promise { if (config.isHybridMode()) { try { - const response = await axios.get(`${config.getRawConfig().hybrid?.endpoint}/session/${userSessionId}`); - return response.data; + const response = await axios.get(`${config.getRawConfig().hybrid?.endpoint}/api/v1/hybrid/session/${userSessionId}`, await tokenManager.getAuthHeader()); + return response.data.data; } catch (error) { - console.error("Error fetching user session:", error); + if (axios.isAxiosError(error)) { + logger.error("Error fetching config in verify session:", { + message: error.message, + code: error.code, + status: error.response?.status, + statusText: error.response?.statusText, + url: error.config?.url, + method: error.config?.method + }); + } else { + logger.error("Error fetching config in verify session:", error); + } return null; } } @@ -108,10 +132,21 @@ export async function getUserSessionWithUser( export async function getUserOrgRole(userId: string, orgId: string) { if (config.isHybridMode()) { try { - const response = await axios.get(`${config.getRawConfig().hybrid?.endpoint}/user/${userId}/org/${orgId}/role`); - return response.data; + const response = await axios.get(`${config.getRawConfig().hybrid?.endpoint}/api/v1/hybrid/user/${userId}/org/${orgId}/role`, await tokenManager.getAuthHeader()); + return response.data.data; } catch (error) { - console.error("Error fetching user org role:", error); + if (axios.isAxiosError(error)) { + logger.error("Error fetching config in verify session:", { + message: error.message, + code: error.code, + status: error.response?.status, + statusText: error.response?.statusText, + url: error.config?.url, + method: error.config?.method + }); + } else { + logger.error("Error fetching config in verify session:", error); + } return null; } } @@ -136,10 +171,21 @@ export async function getUserOrgRole(userId: string, orgId: string) { export async function getRoleResourceAccess(resourceId: number, roleId: number) { if (config.isHybridMode()) { try { - const response = await axios.get(`${config.getRawConfig().hybrid?.endpoint}/role/${roleId}/resource/${resourceId}/access`); - return response.data; + const response = await axios.get(`${config.getRawConfig().hybrid?.endpoint}/api/v1/hybrid/role/${roleId}/resource/${resourceId}/access`, await tokenManager.getAuthHeader()); + return response.data.data; } catch (error) { - console.error("Error fetching role resource access:", error); + if (axios.isAxiosError(error)) { + logger.error("Error fetching config in verify session:", { + message: error.message, + code: error.code, + status: error.response?.status, + statusText: error.response?.statusText, + url: error.config?.url, + method: error.config?.method + }); + } else { + logger.error("Error fetching config in verify session:", error); + } return null; } } @@ -164,10 +210,21 @@ export async function getRoleResourceAccess(resourceId: number, roleId: number) export async function getUserResourceAccess(userId: string, resourceId: number) { if (config.isHybridMode()) { try { - const response = await axios.get(`${config.getRawConfig().hybrid?.endpoint}/user/${userId}/resource/${resourceId}/access`); - return response.data; + const response = await axios.get(`${config.getRawConfig().hybrid?.endpoint}/api/v1/hybrid/user/${userId}/resource/${resourceId}/access`, await tokenManager.getAuthHeader()); + return response.data.data; } catch (error) { - console.error("Error fetching user resource access:", error); + if (axios.isAxiosError(error)) { + logger.error("Error fetching config in verify session:", { + message: error.message, + code: error.code, + status: error.response?.status, + statusText: error.response?.statusText, + url: error.config?.url, + method: error.config?.method + }); + } else { + logger.error("Error fetching config in verify session:", error); + } return null; } } @@ -192,10 +249,21 @@ export async function getUserResourceAccess(userId: string, resourceId: number) export async function getResourceRules(resourceId: number): Promise { if (config.isHybridMode()) { try { - const response = await axios.get(`${config.getRawConfig().hybrid?.endpoint}/resource/${resourceId}/rules`); - return response.data; + const response = await axios.get(`${config.getRawConfig().hybrid?.endpoint}/api/v1/hybrid/resource/${resourceId}/rules`, await tokenManager.getAuthHeader()); + return response.data.data; } catch (error) { - console.error("Error fetching resource rules:", error); + if (axios.isAxiosError(error)) { + logger.error("Error fetching config in verify session:", { + message: error.message, + code: error.code, + status: error.response?.status, + statusText: error.response?.statusText, + url: error.config?.url, + method: error.config?.method + }); + } else { + logger.error("Error fetching config in verify session:", error); + } return []; } } diff --git a/server/lib/readConfigFile.ts b/server/lib/readConfigFile.ts index 5fb7b955..93a716c5 100644 --- a/server/lib/readConfigFile.ts +++ b/server/lib/readConfigFile.ts @@ -32,7 +32,8 @@ export const configSchema = z .object({ id: z.string().optional(), secret: z.string().optional(), - endpoint: z.string().optional() + endpoint: z.string().optional(), + redirect_endpoint: z.string().optional() }) .optional(), domains: z diff --git a/server/lib/remoteTraefikConfig.ts b/server/lib/remoteTraefikConfig.ts index bca59ab2..e192ab67 100644 --- a/server/lib/remoteTraefikConfig.ts +++ b/server/lib/remoteTraefikConfig.ts @@ -218,7 +218,7 @@ export class TraefikConfigManager { plugin: { [badgerMiddlewareName]: { apiBaseUrl: new URL( - "/api/v0", + "/api/v1", `http://${ config.getRawConfig().server.internal_hostname }:${config.getRawConfig().server.internal_port}` diff --git a/server/routers/badger/verifySession.ts b/server/routers/badger/verifySession.ts index 54a2e0c9..50b9ed68 100644 --- a/server/routers/badger/verifySession.ts +++ b/server/routers/badger/verifySession.ts @@ -140,7 +140,7 @@ export async function verifyResourceSession( const result = await getResourceByDomain(cleanHost); if (!result) { - logger.debug("Resource not found", cleanHost); + logger.debug(`Resource not found ${cleanHost}`); return notAllowed(res); } @@ -151,7 +151,7 @@ export async function verifyResourceSession( const { resource, pincode, password } = resourceData; if (!resource) { - logger.debug("Resource not found", cleanHost); + logger.debug(`Resource not found ${cleanHost}`); return notAllowed(res); } @@ -191,7 +191,13 @@ export async function verifyResourceSession( return allowed(res); } - const redirectUrl = `${config.getRawConfig().app.dashboard_url}/auth/resource/${encodeURIComponent( + let endpoint: string; + if (config.isHybridMode()) { + endpoint = config.getRawConfig().hybrid?.redirect_endpoint || config.getRawConfig().hybrid?.endpoint || ""; + } else { + endpoint = config.getRawConfig().app.dashboard_url; + } + const redirectUrl = `${endpoint}/auth/resource/${encodeURIComponent( resource.resourceId )}?redirect=${encodeURIComponent(originalRequestURL)}`; diff --git a/server/routers/internal.ts b/server/routers/internal.ts index 977248e5..d19355b7 100644 --- a/server/routers/internal.ts +++ b/server/routers/internal.ts @@ -87,7 +87,7 @@ badgerRouter.post("/verify-session", badger.verifyResourceSession); if (config.isHybridMode()) { badgerRouter.post("/exchange-session", (req, res, next) => - proxyToRemote(req, res, next, "badger/exchange-session") + proxyToRemote(req, res, next, "hybrid/badger/exchange-session") ); } else { badgerRouter.post("/exchange-session", badger.exchangeSession); diff --git a/server/routers/traefik/getTraefikConfig.ts b/server/routers/traefik/getTraefikConfig.ts index a0e22acb..ac1369c9 100644 --- a/server/routers/traefik/getTraefikConfig.ts +++ b/server/routers/traefik/getTraefikConfig.ts @@ -51,7 +51,7 @@ export async function traefikConfigProvider( plugin: { [badgerMiddlewareName]: { apiBaseUrl: new URL( - "/api/v0", + "/api/v1", `http://${ config.getRawConfig().server.internal_hostname }:${config.getRawConfig().server.internal_port}`