fosrl.pangolin/server/routers/site/createSite.ts
2024-10-26 22:44:53 -04:00

140 lines
No EOL
4.4 KiB
TypeScript

import { Request, Response, NextFunction } from 'express';
import { z } from 'zod';
import { db } from '@server/db';
import { roles, userSites, sites, roleSites, exitNodes } from '@server/db/schema';
import response from "@server/utils/response";
import HttpCode from '@server/types/HttpCode';
import createHttpError from 'http-errors';
import { ActionsEnum, checkUserActionPermission } from '@server/auth/actions';
import logger from '@server/logger';
import { eq, and } from 'drizzle-orm';
import { getUniqueSiteName } from '@server/db/names';
import { addPeer } from '../gerbil/peers';
const API_BASE_URL = "http://localhost:3000";
const createSiteParamsSchema = z.object({
orgId: z.string()
});
// Define Zod schema for request body validation
const createSiteSchema = z.object({
name: z.string().min(1).max(255),
exitNodeId: z.number().int().positive(),
subdomain: z.string().min(1).max(255).optional(),
pubKey: z.string(),
subnet: z.string(),
});
export type CreateSiteResponse = {
name: string;
siteId: number;
orgId: string;
niceId: string;
// niceId: string;
// subdomain: string;
// subnet: string;
};
export async function createSite(req: Request, res: Response, next: NextFunction): Promise<any> {
try {
// Validate request body
const parsedBody = createSiteSchema.safeParse(req.body);
if (!parsedBody.success) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
parsedBody.error.errors.map(e => e.message).join(', ')
)
);
}
const { name, subdomain, exitNodeId, pubKey, subnet } = parsedBody.data;
// Validate request params
const parsedParams = createSiteParamsSchema.safeParse(req.params);
if (!parsedParams.success) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
parsedParams.error.errors.map(e => e.message).join(', ')
)
);
}
const { orgId } = parsedParams.data;
// Check if the user has permission to list sites
const hasPermission = await checkUserActionPermission(ActionsEnum.createSite, req);
if (!hasPermission) {
return next(createHttpError(HttpCode.FORBIDDEN, 'User does not have permission perform this action'));
}
if (!req.userOrgRoleId) {
return next(createHttpError(HttpCode.FORBIDDEN, 'User does not have a role'));
}
const niceId = await getUniqueSiteName(orgId);
// Create new site in the database
const [newSite] = await db.insert(sites).values({
orgId,
exitNodeId,
name,
niceId,
pubKey,
subnet,
}).returning();
// find the superuser roleId and also add the resource to the superuser role
const superuserRole = await db.select()
.from(roles)
.where(and(eq(roles.isSuperuserRole, true), eq(roles.orgId, orgId)))
.limit(1);
if (superuserRole.length === 0) {
return next(
createHttpError(
HttpCode.NOT_FOUND,
`Superuser role not found`
)
);
}
await db.insert(roleSites).values({
roleId: superuserRole[0].roleId,
siteId: newSite.siteId,
});
if (req.userOrgRoleId != superuserRole[0].roleId) {
// make sure the user can access the site
db.insert(userSites).values({
userId: req.user?.userId!,
siteId: newSite.siteId,
});
}
// Add the peer to the exit node
await addPeer(exitNodeId, {
publicKey: pubKey,
allowedIps: [],
});
return response(res, {
data: {
name: newSite.name,
niceId: newSite.niceId,
siteId: newSite.siteId,
orgId: newSite.orgId,
// subdomain: newSite.subdomain,
// subnet: newSite.subnet,
},
success: true,
error: false,
message: "Site created successfully",
status: HttpCode.CREATED,
});
} catch (error) {
logger.error(error);
return next(createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred..."));
}
}