mirror/fosrl.pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2025-07-12 23:15:00 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

share links

Browse source
This commit is contained in:
Milo Schwartz 2024-12-20 22:24:44 -05:00
parent 72dc02ff2e
commit 845d65ad33
No known key found for this signature in database
31 changed files with 1281 additions and 212 deletions
Download patch file Download diff file Expand all files Collapse all files

2
server/auth/resource.ts
View file

@ -25,7 +25,7 @@ export async function createResourceSession(opts: {
usedOtp?: boolean;
doNotExtend?: boolean;
expiresAt?: number | null;
sessionLength: number;
sessionLength?: number | null;
}): Promise<ResourceSession> {
if (
!opts.passwordId &&

1
server/config.ts
View file

@ -136,5 +136,6 @@ process.env.FLAGS_EMAIL_VERIFICATION_REQUIRED = parsedConfig.data.flags
process.env.SESSION_COOKIE_NAME = parsedConfig.data.server.session_cookie_name;
process.env.RESOURCE_SESSION_COOKIE_NAME =
parsedConfig.data.server.resource_session_cookie_name;
process.env.EMAIL_ENABLED = parsedConfig.data.email ? "true" : "false";
export default parsedConfig.data;

3
server/db/schema.ts
View file

@ -288,7 +288,7 @@ export const resourceAccessToken = sqliteTable("resourceAccessToken", {
tokenHash: text("tokenHash").notNull(),
sessionLength: integer("sessionLength").notNull(),
expiresAt: integer("expiresAt"),
title: text("title").notNull(),
title: text("title"),
description: text("description"),
createdAt: integer("createdAt").notNull()
});
@ -378,3 +378,4 @@ export type ResourceSession = InferSelectModel<typeof resourceSessions>;
export type ResourcePincode = InferSelectModel<typeof resourcePincode>;
export type ResourcePassword = InferSelectModel<typeof resourcePassword>;
export type ResourceOtp = InferSelectModel<typeof resourceOtp>;
export type ResourceAccessToken = InferSelectModel<typeof resourceAccessToken>;

75
server/logger.ts
View file

@ -4,82 +4,53 @@ import * as winston from "winston";
import path from "path";
const hformat = winston.format.printf(
({ level, label, message, timestamp, ...metadata }) => {
let msg = `${timestamp} [${level}]${label ? `[${label}]` : ""}: ${message} `;
({ level, label, message, timestamp, stack, ...metadata }) => {
let msg = `${timestamp} [${level}]${label ? `[${label}]` : ""}: ${message}`;
if (stack) {
msg += `\nStack: ${stack}`;
}
if (Object.keys(metadata).length > 0) {
msg += JSON.stringify(metadata);
msg += ` ${JSON.stringify(metadata)}`;
}
return msg;
},
}
);
const transports: any = [
new winston.transports.Console({
format: winston.format.combine(
winston.format.errors({ stack: true }),
winston.format.colorize(),
winston.format.splat(),
winston.format.timestamp(),
hformat,
),
}),
];
const transports: any = [new winston.transports.Console({})];
if (config.app.save_logs) {
transports.push(
new winston.transports.DailyRotateFile({
filename: path.join(
APP_PATH,
"logs",
"pangolin-%DATE%.log",
),
filename: path.join(APP_PATH, "logs", "pangolin-%DATE%.log"),
datePattern: "YYYY-MM-DD",
zippedArchive: true,
maxSize: "20m",
maxFiles: "7d",
createSymlink: true,
symlinkName: "pangolin.log",
}),
);
transports.push(
new winston.transports.DailyRotateFile({
filename: path.join(
APP_PATH,
"logs",
".machinelogs-%DATE%.json",
),
datePattern: "YYYY-MM-DD",
zippedArchive: true,
maxSize: "20m",
maxFiles: "1d",
createSymlink: true,
symlinkName: ".machinelogs.json",
format: winston.format.combine(
winston.format.timestamp(),
winston.format.splat(),
winston.format.json(),
),
}),
symlinkName: "pangolin.log"
})
);
}
const logger = winston.createLogger({
level: config.app.log_level.toLowerCase(),
format: winston.format.combine(
winston.format.errors({ stack: true }),
winston.format.colorize(),
winston.format.splat(),
winston.format.timestamp(),
hformat,
hformat
),
transports,
transports
});
// process.on("uncaughtException", (error) => {
// logger.error("Uncaught Exception:", { error, stack: error.stack });
// process.exit(1);
// });
//
// process.on("unhandledRejection", (reason, _) => {
// logger.error("Unhandled Rejection:", { reason });
// });
process.on("uncaughtException", (error) => {
logger.error("Uncaught Exception:", { error, stack: error.stack });
process.exit(1);
});
process.on("unhandledRejection", (reason, _) => {
logger.error("Unhandled Rejection:", { reason });
});
export default logger;

6
server/middlewares/formatError.ts
View file

@ -11,9 +11,9 @@ export const errorHandlerMiddleware: ErrorRequestHandler = (
next: NextFunction
) => {
const statusCode = error.statusCode || HttpCode.INTERNAL_SERVER_ERROR;
if (process.env.ENVIRONMENT !== "prod") {
logger.error(error);
}
// if (process.env.ENVIRONMENT !== "prod") {
// logger.error(error);
// }
res?.status(statusCode).send({
data: null,
success: false,

30
server/nextServer.ts
View file

@ -7,23 +7,25 @@ import config from "@server/config";
const nextPort = config.server.next_port;
export async function createNextServer() {
// const app = next({ dev });
const app = next({ dev: process.env.ENVIRONMENT !== "prod" });
const handle = app.getRequestHandler();
// const app = next({ dev });
const app = next({ dev: process.env.ENVIRONMENT !== "prod" });
const handle = app.getRequestHandler();
await app.prepare();
await app.prepare();
const nextServer = express();
const nextServer = express();
nextServer.all("*", (req, res) => {
const parsedUrl = parse(req.url!, true);
return handle(req, res, parsedUrl);
});
nextServer.all("*", (req, res) => {
const parsedUrl = parse(req.url!, true);
return handle(req, res, parsedUrl);
});
nextServer.listen(nextPort, (err?: any) => {
if (err) throw err;
logger.info(`Next.js server is running on http://localhost:${nextPort}`);
});
nextServer.listen(nextPort, (err?: any) => {
if (err) throw err;
logger.info(
`Next.js server is running on http://localhost:${nextPort}`
);
});
return nextServer;
return nextServer;
}

39
server/routers/accessToken/generateAccessToken.ts
View file

@ -5,7 +5,7 @@ import {
SESSION_COOKIE_EXPIRES
} from "@server/auth";
import db from "@server/db";
import { resourceAccessToken, resources } from "@server/db/schema";
import { ResourceAccessToken, resourceAccessToken, resources } from "@server/db/schema";
import HttpCode from "@server/types/HttpCode";
import response from "@server/utils/response";
import { eq } from "drizzle-orm";
@ -26,9 +26,7 @@ export const generateAccssTokenParamsSchema = z.object({
resourceId: z.string().transform(Number).pipe(z.number().int().positive())
});
export type GenerateAccessTokenResponse = {
token: string;
};
export type GenerateAccessTokenResponse = ResourceAccessToken;
export async function generateAccessToken(
req: Request,
@ -79,30 +77,37 @@ export async function generateAccessToken(
const token = generateIdFromEntropySize(25);
const tokenHash = await hash(token, {
memoryCost: 19456,
timeCost: 2,
outputLen: 32,
parallelism: 1
});
// const tokenHash = await hash(token, {
// memoryCost: 19456,
// timeCost: 2,
// outputLen: 32,
// parallelism: 1
// });
const id = generateId(15);
await db.insert(resourceAccessToken).values({
const [result] = await db.insert(resourceAccessToken).values({
accessTokenId: id,
orgId: resource.orgId,
resourceId,
tokenHash,
tokenHash: token,
expiresAt: expiresAt || null,
sessionLength: sessionLength,
title: title || `${resource.name} Token ${new Date().getTime()}`,
title: title || null,
description: description || null,
createdAt: new Date().getTime()
});
}).returning();
if (!result) {
return next(
createHttpError(
HttpCode.INTERNAL_SERVER_ERROR,
"Failed to generate access token"
)
);
}
return response<GenerateAccessTokenResponse>(res, {
data: {
token: `${id}.${token}`
},
data: result,
success: true,
error: false,
message: "Resource access token generated successfully",

31
server/routers/accessToken/listAccessTokens.ts
View file

@ -10,7 +10,7 @@ import {
import response from "@server/utils/response";
import HttpCode from "@server/types/HttpCode";
import createHttpError from "http-errors";
import { sql, eq, or, inArray, and, count } from "drizzle-orm";
import { sql, eq, or, inArray, and, count, isNull, lt, gt } from "drizzle-orm";
import logger from "@server/logger";
import stoi from "@server/utils/stoi";
@ -54,29 +54,47 @@ function queryAccessTokens(
resourceId: resourceAccessToken.resourceId,
sessionLength: resourceAccessToken.sessionLength,
expiresAt: resourceAccessToken.expiresAt,
tokenHash: resourceAccessToken.tokenHash,
title: resourceAccessToken.title,
description: resourceAccessToken.description,
createdAt: resourceAccessToken.createdAt
createdAt: resourceAccessToken.createdAt,
resourceName: resources.name
};
if (orgId) {
return db
.select(cols)
.from(resourceAccessToken)
.leftJoin(resources, eq(resourceAccessToken.resourceId, resources.resourceId))
.where(
and(
inArray(resourceAccessToken.resourceId, accessibleResourceIds),
eq(resourceAccessToken.orgId, orgId)
inArray(
resourceAccessToken.resourceId,
accessibleResourceIds
),
eq(resourceAccessToken.orgId, orgId),
or(
isNull(resourceAccessToken.expiresAt),
gt(resourceAccessToken.expiresAt, new Date().getTime())
)
)
);
} else if (resourceId) {
return db
.select(cols)
.from(resourceAccessToken)
.leftJoin(resources, eq(resourceAccessToken.resourceId, resources.resourceId))
.where(
and(
inArray(resources.resourceId, accessibleResourceIds),
eq(resources.resourceId, resourceId)
inArray(
resourceAccessToken.resourceId,
accessibleResourceIds
),
eq(resourceAccessToken.resourceId, resourceId),
or(
isNull(resourceAccessToken.expiresAt),
gt(resourceAccessToken.expiresAt, new Date().getTime())
)
)
);
}
@ -174,7 +192,6 @@ export async function listAccessTokens(
status: HttpCode.OK
});
} catch (error) {
throw error;
logger.error(error);
return next(
createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")

14
server/routers/resource/authWithAccessToken.ts
View file

@ -98,12 +98,14 @@ export async function authWithAccessToken(
);
}
const validCode = await verify(tokenItem.tokenHash, accessToken, {
memoryCost: 19456,
timeCost: 2,
outputLen: 32,
parallelism: 1
});
// const validCode = await verify(tokenItem.tokenHash, accessToken, {
// memoryCost: 19456,
// timeCost: 2,
// outputLen: 32,
// parallelism: 1
// });
logger.debug(`${accessToken} ${tokenItem.tokenHash}`)
const validCode = accessToken === tokenItem.tokenHash;
if (!validCode) {
return next(

1
server/routers/resource/authWithPassword.ts
View file

@ -123,7 +123,6 @@ export async function authWithPassword(
const cookie = serializeResourceSessionCookie(
cookieName,
token,
resource.fullDomain
);
res.appendHeader("Set-Cookie", cookie);

1
server/routers/resource/authWithPincode.ts
View file

@ -131,7 +131,6 @@ export async function authWithPincode(
const cookie = serializeResourceSessionCookie(
cookieName,
token,
resource.fullDomain
);
res.appendHeader("Set-Cookie", cookie);

1
server/routers/site/pickSiteDefaults.ts
View file

@ -84,7 +84,6 @@ export async function pickSiteDefaults(
status: HttpCode.OK,
});
} catch (error) {
throw error;
logger.error(error);
return next(
createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")