diff --git a/.dockerignore b/.dockerignore index 042dcf2f..a883e89c 100644 --- a/.dockerignore +++ b/.dockerignore @@ -28,3 +28,4 @@ LICENSE CONTRIBUTING.md dist .git +config/ \ No newline at end of file diff --git a/.github/dependabot.yml b/.github/dependabot.yml index d17590ef..196676e9 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -38,3 +38,25 @@ updates: directory: "/" schedule: interval: "weekly" + + - package-ecosystem: "gomod" + directory: "/install" + schedule: + interval: "daily" + groups: + dev-patch-updates: + dependency-type: "development" + update-types: + - "patch" + dev-minor-updates: + dependency-type: "development" + update-types: + - "minor" + prod-patch-updates: + dependency-type: "production" + update-types: + - "patch" + prod-minor-updates: + dependency-type: "production" + update-types: + - "minor" \ No newline at end of file diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index dfee7512..fb0b516a 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -30,7 +30,7 @@ jobs: - name: Install Go uses: actions/setup-go@v5 with: - go-version: 1.23.0 + go-version: 1.24 - name: Update version in package.json run: | diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index c574dc00..c3db3738 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -23,7 +23,7 @@ jobs: - name: Set up Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version: '22' - name: Install dependencies run: | diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index a8027089..12316cd7 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -15,7 +15,7 @@ jobs: - uses: actions/setup-node@v4 with: - node-version: '20' + node-version: '22' - name: Copy config file run: cp config/config.example.yml config/config.yml diff --git a/.gitignore b/.gitignore index 167b4a91..95b1b9be 100644 --- a/.gitignore +++ b/.gitignore @@ -26,6 +26,10 @@ next-env.d.ts migrations tsconfig.tsbuildinfo config/config.yml +config/postgres +config/postgres* +config/openapi.yaml +config/key dist .dist installer @@ -34,4 +38,9 @@ bin .secrets test_event.json .idea/ +public/branding server/db/index.ts +server/build.ts +postgres/ +dynamic/ +certificates/ diff --git a/.nvmrc b/.nvmrc index 209e3ef4..2bd5a0a9 100644 --- a/.nvmrc +++ b/.nvmrc @@ -1 +1 @@ -20 +22 diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 179cd86d..9bd2bc67 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -4,7 +4,7 @@ Contributions are welcome! Please see the contribution and local development guide on the docs page before getting started: -https://docs.fossorial.io/development +https://docs.digpangolin.com/development/contributing ### Licensing Considerations @@ -17,4 +17,4 @@ By creating this pull request, I grant the project maintainers an unlimited, perpetual license to use, modify, and redistribute these contributions under any terms they choose, including both the AGPLv3 and the Fossorial Commercial license terms. I represent that I have the right to grant this license for all contributed content. -``` \ No newline at end of file +``` diff --git a/Dockerfile.pg b/Dockerfile similarity index 55% rename from Dockerfile.pg rename to Dockerfile index f59a3153..996ef057 100644 --- a/Dockerfile.pg +++ b/Dockerfile @@ -1,21 +1,26 @@ -FROM node:20-alpine AS builder +FROM node:22-alpine AS builder WORKDIR /app +ARG BUILD=oss +ARG DATABASE=sqlite + # COPY package.json package-lock.json ./ COPY package*.json ./ RUN npm ci COPY . . -RUN echo 'export * from "./pg";' > server/db/index.ts +RUN echo "export * from \"./$DATABASE\";" > server/db/index.ts -RUN npx drizzle-kit generate --dialect postgresql --schema ./server/db/pg/schema.ts --out init +RUN echo "export const build = \"$BUILD\" as any;" > server/build.ts -RUN npm run build:pg +RUN if [ "$DATABASE" = "pg" ]; then npx drizzle-kit generate --dialect postgresql --schema ./server/db/pg/schema.ts --out init; else npx drizzle-kit generate --dialect $DATABASE --schema ./server/db/$DATABASE/schema.ts --out init; fi + +RUN npm run build:$DATABASE RUN npm run build:cli -FROM node:20-alpine AS runner +FROM node:22-alpine AS runner WORKDIR /app @@ -38,4 +43,4 @@ COPY server/db/names.json ./dist/names.json COPY public ./public -CMD ["npm", "run", "start:pg"] +CMD ["npm", "run", "start"] diff --git a/Dockerfile.dev b/Dockerfile.dev index 141cfd10..c40775c2 100644 --- a/Dockerfile.dev +++ b/Dockerfile.dev @@ -1,4 +1,4 @@ -FROM node:20-alpine +FROM node:22-alpine WORKDIR /app diff --git a/Dockerfile.sqlite b/Dockerfile.sqlite deleted file mode 100644 index e1c6e9b8..00000000 --- a/Dockerfile.sqlite +++ /dev/null @@ -1,41 +0,0 @@ -FROM node:20-alpine AS builder - -WORKDIR /app - -# COPY package.json package-lock.json ./ -COPY package*.json ./ -RUN npm ci - -COPY . . - -RUN echo 'export * from "./sqlite";' > server/db/index.ts - -RUN npx drizzle-kit generate --dialect sqlite --schema ./server/db/sqlite/schema.ts --out init - -RUN npm run build:sqlite -RUN npm run build:cli - -FROM node:20-alpine AS runner - -WORKDIR /app - -# Curl used for the health checks -RUN apk add --no-cache curl - -# COPY package.json package-lock.json ./ -COPY package*.json ./ -RUN npm ci --omit=dev && npm cache clean --force - -COPY --from=builder /app/.next/standalone ./ -COPY --from=builder /app/.next/static ./.next/static -COPY --from=builder /app/dist ./dist -COPY --from=builder /app/init ./dist/init - -COPY ./cli/wrapper.sh /usr/local/bin/pangctl -RUN chmod +x /usr/local/bin/pangctl ./dist/cli.mjs - -COPY server/db/names.json ./dist/names.json - -COPY public ./public - -CMD ["npm", "run", "start:sqlite"] diff --git a/Makefile b/Makefile index 0e0394b4..de67a5f2 100644 --- a/Makefile +++ b/Makefile @@ -5,10 +5,10 @@ build-release: echo "Error: tag is required. Usage: make build-release tag="; \ exit 1; \ fi - docker buildx build --platform linux/arm64,linux/amd64 -t fosrl/pangolin:latest -f Dockerfile.sqlite --push . - docker buildx build --platform linux/arm64,linux/amd64 -t fosrl/pangolin:$(tag) -f Dockerfile.sqlite --push . - docker buildx build --platform linux/arm64,linux/amd64 -t fosrl/pangolin:postgresql-latest -f Dockerfile.pg --push . - docker buildx build --platform linux/arm64,linux/amd64 -t fosrl/pangolin:postgresql-$(tag) -f Dockerfile.pg --push . + docker buildx build --build-arg DATABASE=sqlite --platform linux/arm64,linux/amd64 -t fosrl/pangolin:latest --push . + docker buildx build --build-arg DATABASE=sqlite --platform linux/arm64,linux/amd64 -t fosrl/pangolin:$(tag) --push . + docker buildx build --build-arg DATABASE=pg --platform linux/arm64,linux/amd64 -t fosrl/pangolin:postgresql-latest --push . + docker buildx build --build-arg DATABASE=pg --platform linux/arm64,linux/amd64 -t fosrl/pangolin:postgresql-$(tag) --push . build-arm: docker buildx build --platform linux/arm64 -t fosrl/pangolin:latest . @@ -17,10 +17,10 @@ build-x86: docker buildx build --platform linux/amd64 -t fosrl/pangolin:latest . build-sqlite: - docker build -t fosrl/pangolin:latest -f Dockerfile.sqlite . + docker build --build-arg DATABASE=sqlite -t fosrl/pangolin:latest . build-pg: - docker build -t fosrl/pangolin:postgresql-latest -f Dockerfile.pg . + docker build --build-arg DATABASE=pg -t fosrl/pangolin:postgresql-latest . test: docker run -it -p 3000:3000 -p 3001:3001 -p 3002:3002 -v ./config:/app/config fosrl/pangolin:latest diff --git a/README.md b/README.md index 8c94815d..ee888428 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ _Pangolin tunnels your services to the internet so you can access anything from Website | - + Install Guide | @@ -104,7 +104,7 @@ Pangolin is a self-hosted tunneled reverse proxy server with identity and access ### Fully Self Hosted -Host the full application on your own server or on the cloud with a VPS. Take a look at the [documentation](https://docs.fossorial.io/Getting%20Started/quick-install) to get started. +Host the full application on your own server or on the cloud with a VPS. Take a look at the [documentation](https://docs.digpangolin.com/self-host/quick-install) to get started. > Many of our users have had a great experience with [RackNerd](https://my.racknerd.com/aff.php?aff=13788). Depending on promotions, you can get a [**VPS with 1 vCPU, 1GB RAM, and ~20GB SSD for just around $12/year**](https://my.racknerd.com/aff.php?aff=13788&pid=912). That's a great deal! @@ -139,7 +139,7 @@ Pangolin is dual licensed under the AGPL-3 and the Fossorial Commercial license. ## Contributions -Looking for something to contribute? Take a look at issues marked with [help wanted](https://github.com/fosrl/pangolin/issues?q=is%3Aissue%20state%3Aopen%20label%3A%22help%20wanted%22). +Looking for something to contribute? Take a look at issues marked with [help wanted](https://github.com/fosrl/pangolin/issues?q=is%3Aissue%20state%3Aopen%20label%3A%22help%20wanted%22). Also take a look through the freature requests in Discussions - any are available and some are marked as a good first issue. Please see [CONTRIBUTING](./CONTRIBUTING.md) in the repository for guidelines and best practices. diff --git a/cli/commands/resetUserSecurityKeys.ts b/cli/commands/resetUserSecurityKeys.ts new file mode 100644 index 00000000..fdae0ebd --- /dev/null +++ b/cli/commands/resetUserSecurityKeys.ts @@ -0,0 +1,72 @@ +import { CommandModule } from "yargs"; +import { db, users, securityKeys } from "@server/db"; +import { eq } from "drizzle-orm"; + +type ResetUserSecurityKeysArgs = { + email: string; +}; + +export const resetUserSecurityKeys: CommandModule< + {}, + ResetUserSecurityKeysArgs +> = { + command: "reset-user-security-keys", + describe: + "Reset a user's security keys (passkeys) by deleting all their webauthn credentials", + builder: (yargs) => { + return yargs.option("email", { + type: "string", + demandOption: true, + describe: "User email address" + }); + }, + handler: async (argv: { email: string }) => { + try { + const { email } = argv; + + console.log(`Looking for user with email: ${email}`); + + // Find the user by email + const [user] = await db + .select() + .from(users) + .where(eq(users.email, email)) + .limit(1); + + if (!user) { + console.error(`User with email '${email}' not found`); + process.exit(1); + } + + console.log(`Found user: ${user.email} (ID: ${user.userId})`); + + // Check if user has any security keys + const userSecurityKeys = await db + .select() + .from(securityKeys) + .where(eq(securityKeys.userId, user.userId)); + + if (userSecurityKeys.length === 0) { + console.log(`User '${email}' has no security keys to reset`); + process.exit(0); + } + + console.log( + `Found ${userSecurityKeys.length} security key(s) for user '${email}'` + ); + + // Delete all security keys for the user + await db + .delete(securityKeys) + .where(eq(securityKeys.userId, user.userId)); + + console.log(`Successfully reset security keys for user '${email}'`); + console.log(`Deleted ${userSecurityKeys.length} security key(s)`); + + process.exit(0); + } catch (error) { + console.error("Error:", error); + process.exit(1); + } + } +}; diff --git a/cli/commands/setAdminCredentials.ts b/cli/commands/setAdminCredentials.ts index 72ff8bff..91a6bcf7 100644 --- a/cli/commands/setAdminCredentials.ts +++ b/cli/commands/setAdminCredentials.ts @@ -32,7 +32,9 @@ export const setAdminCredentials: CommandModule<{}, SetAdminCredentialsArgs> = { }, handler: async (argv: { email: string; password: string }) => { try { - const { email, password } = argv; + const { password } = argv; + let { email } = argv; + email = email.trim().toLowerCase(); const parsed = passwordSchema.safeParse(password); diff --git a/cli/index.ts b/cli/index.ts index db76dbf9..f9e884cc 100644 --- a/cli/index.ts +++ b/cli/index.ts @@ -3,9 +3,11 @@ import yargs from "yargs"; import { hideBin } from "yargs/helpers"; import { setAdminCredentials } from "@cli/commands/setAdminCredentials"; +import { resetUserSecurityKeys } from "@cli/commands/resetUserSecurityKeys"; yargs(hideBin(process.argv)) .scriptName("pangctl") .command(setAdminCredentials) + .command(resetUserSecurityKeys) .demandCommand() .help().argv; diff --git a/config/config.example.yml b/config/config.example.yml index 5a78ae5e..fcb7edde 100644 --- a/config/config.example.yml +++ b/config/config.example.yml @@ -1,48 +1,28 @@ # To see all available options, please visit the docs: -# https://docs.fossorial.io/Pangolin/Configuration/config +# https://docs.digpangolin.com/self-host/advanced/config-file app: - dashboard_url: "http://localhost:3002" - log_level: "info" - save_logs: false + dashboard_url: http://localhost:3002 + log_level: debug domains: - domain1: - base_domain: "example.com" - cert_resolver: "letsencrypt" + domain1: + base_domain: example.com server: - external_port: 3000 - internal_port: 3001 - next_port: 3002 - internal_hostname: "pangolin" - session_cookie_name: "p_session_token" - resource_access_token_param: "p_token" - secret: "your_secret_key_here" - resource_access_token_headers: - id: "P-Access-Token-Id" - token: "P-Access-Token" - resource_session_request_param: "p_session_request" - -traefik: - http_entrypoint: "web" - https_entrypoint: "websecure" + secret: my_secret_key gerbil: - start_port: 51820 - base_endpoint: "localhost" - block_size: 24 - site_block_size: 30 - subnet_group: 100.89.137.0/20 - use_subdomain: true + base_endpoint: example.com -rate_limits: - global: - window_minutes: 1 - max_requests: 500 +orgs: + block_size: 24 + subnet_group: 100.90.137.0/20 flags: - require_email_verification: false - disable_signup_without_invite: true - disable_user_create_org: true - allow_raw_resources: true + require_email_verification: false + disable_signup_without_invite: true + disable_user_create_org: true + allow_raw_resources: true + enable_integration_api: true + enable_clients: true diff --git a/config/db/db.sqlite.bak b/config/db/db.sqlite.bak deleted file mode 100644 index 9d0b3db3..00000000 Binary files a/config/db/db.sqlite.bak and /dev/null differ diff --git a/config/traefik/dynamic_config.yml b/config/traefik/dynamic_config.yml new file mode 100644 index 00000000..8fcf8e55 --- /dev/null +++ b/config/traefik/dynamic_config.yml @@ -0,0 +1,53 @@ +http: + middlewares: + redirect-to-https: + redirectScheme: + scheme: https + + routers: + # HTTP to HTTPS redirect router + main-app-router-redirect: + rule: "Host(`{{.DashboardDomain}}`)" + service: next-service + entryPoints: + - web + middlewares: + - redirect-to-https + + # Next.js router (handles everything except API and WebSocket paths) + next-router: + rule: "Host(`{{.DashboardDomain}}`) && !PathPrefix(`/api/v1`)" + service: next-service + entryPoints: + - websecure + tls: + certResolver: letsencrypt + + # API router (handles /api/v1 paths) + api-router: + rule: "Host(`{{.DashboardDomain}}`) && PathPrefix(`/api/v1`)" + service: api-service + entryPoints: + - websecure + tls: + certResolver: letsencrypt + + # WebSocket router + ws-router: + rule: "Host(`{{.DashboardDomain}}`)" + service: api-service + entryPoints: + - websecure + tls: + certResolver: letsencrypt + + services: + next-service: + loadBalancer: + servers: + - url: "http://pangolin:3002" # Next.js server + + api-service: + loadBalancer: + servers: + - url: "http://pangolin:3000" # API/WebSocket server diff --git a/config/traefik/traefik_config.yml b/config/traefik/traefik_config.yml new file mode 100644 index 00000000..43ea97be --- /dev/null +++ b/config/traefik/traefik_config.yml @@ -0,0 +1,34 @@ +api: + insecure: true + dashboard: true + +providers: + file: + directory: "/var/dynamic" + watch: true + +experimental: + plugins: + badger: + moduleName: "github.com/fosrl/badger" + version: "v1.2.0" + +log: + level: "DEBUG" + format: "common" + maxSize: 100 + maxBackups: 3 + maxAge: 3 + compress: true + +entryPoints: + web: + address: ":80" + websecure: + address: ":9443" + transport: + respondingTimeouts: + readTimeout: "30m" + +serversTransport: + insecureSkipVerify: true diff --git a/docker-compose.example.yml b/docker-compose.example.yml index c7c068f0..28097f32 100644 --- a/docker-compose.example.yml +++ b/docker-compose.example.yml @@ -22,8 +22,7 @@ services: command: - --reachableAt=http://gerbil:3003 - --generateAndSaveKeyTo=/var/config/key - - --remoteConfig=http://pangolin:3001/api/v1/gerbil/get-config - - --reportBandwidthTo=http://pangolin:3001/api/v1/gerbil/receive-bandwidth + - --remoteConfig=http://pangolin:3001/api/v1/ volumes: - ./config/:/var/config cap_add: @@ -36,7 +35,7 @@ services: - 80:80 # Port for traefik because of the network_mode traefik: - image: traefik:v3.4.0 + image: traefik:v3.5 container_name: traefik restart: unless-stopped network_mode: service:gerbil # Ports appear on the gerbil service diff --git a/docker-compose.pg.yml b/docker-compose.pg.yml index aeffc2cf..ee50d328 100644 --- a/docker-compose.pg.yml +++ b/docker-compose.pg.yml @@ -7,6 +7,8 @@ services: POSTGRES_DB: postgres # Default database name POSTGRES_USER: postgres # Default user POSTGRES_PASSWORD: password # Default password (change for production!) + volumes: + - ./config/postgres:/var/lib/postgresql/data ports: - "5432:5432" # Map host port 5432 to container port 5432 - restart: no \ No newline at end of file + restart: no diff --git a/docker-compose.t.yml b/docker-compose.t.yml new file mode 100644 index 00000000..1c7716dd --- /dev/null +++ b/docker-compose.t.yml @@ -0,0 +1,32 @@ +name: pangolin +services: + gerbil: + image: gerbil + container_name: gerbil + network_mode: host + restart: unless-stopped + command: + - --reachableAt=http://localhost:3003 + - --generateAndSaveKeyTo=/var/config/key + - --remoteConfig=http://localhost:3001/api/v1/ + - --sni-port=443 + volumes: + - ./config/:/var/config + cap_add: + - NET_ADMIN + - SYS_MODULE + + traefik: + image: docker.io/traefik:v3.4.1 + container_name: traefik + restart: unless-stopped + network_mode: host + command: + - --configFile=/etc/traefik/traefik_config.yml + volumes: + - ./config/traefik:/etc/traefik:ro # Volume to store the Traefik configuration + - ./config/letsencrypt:/letsencrypt # Volume to store the Let's Encrypt certificates + - ./config/traefik/logs:/var/log/traefik # Volume to store Traefik logs + - ./certificates:/var/certificates:ro + - ./dynamic:/var/dynamic:ro + diff --git a/docker-compose.yml b/docker-compose.yml index 49713379..09b150d7 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,6 +9,7 @@ services: - "3000:3000" - "3001:3001" - "3002:3002" + - "3003:3003" environment: - NODE_ENV=development - ENVIRONMENT=dev @@ -26,4 +27,4 @@ services: - ./postcss.config.mjs:/app/postcss.config.mjs - ./eslint.config.js:/app/eslint.config.js - ./config:/app/config - restart: no \ No newline at end of file + restart: no diff --git a/esbuild.mjs b/esbuild.mjs index 48a2fb31..b0227099 100644 --- a/esbuild.mjs +++ b/esbuild.mjs @@ -64,7 +64,7 @@ esbuild }), ], sourcemap: true, - target: "node20", + target: "node22", }) .then(() => { console.log("Build completed successfully"); diff --git a/install/config.go b/install/config.go index 3be62601..e75dd50d 100644 --- a/install/config.go +++ b/install/config.go @@ -37,15 +37,28 @@ type DynamicConfig struct { } `yaml:"http"` } -// ConfigValues holds the extracted configuration values -type ConfigValues struct { +// TraefikConfigValues holds the extracted configuration values +type TraefikConfigValues struct { DashboardDomain string LetsEncryptEmail string BadgerVersion string } +// AppConfig represents the app section of the config.yml +type AppConfig struct { + App struct { + DashboardURL string `yaml:"dashboard_url"` + LogLevel string `yaml:"log_level"` + } `yaml:"app"` +} + +type AppConfigValues struct { + DashboardURL string + LogLevel string +} + // ReadTraefikConfig reads and extracts values from Traefik configuration files -func ReadTraefikConfig(mainConfigPath, dynamicConfigPath string) (*ConfigValues, error) { +func ReadTraefikConfig(mainConfigPath string) (*TraefikConfigValues, error) { // Read main config file mainConfigData, err := os.ReadFile(mainConfigPath) if err != nil { @@ -57,48 +70,33 @@ func ReadTraefikConfig(mainConfigPath, dynamicConfigPath string) (*ConfigValues, return nil, fmt.Errorf("error parsing main config file: %w", err) } - // Read dynamic config file - dynamicConfigData, err := os.ReadFile(dynamicConfigPath) - if err != nil { - return nil, fmt.Errorf("error reading dynamic config file: %w", err) - } - - var dynamicConfig DynamicConfig - if err := yaml.Unmarshal(dynamicConfigData, &dynamicConfig); err != nil { - return nil, fmt.Errorf("error parsing dynamic config file: %w", err) - } - // Extract values - values := &ConfigValues{ + values := &TraefikConfigValues{ BadgerVersion: mainConfig.Experimental.Plugins.Badger.Version, LetsEncryptEmail: mainConfig.CertificatesResolvers.LetsEncrypt.Acme.Email, } - // Extract DashboardDomain from router rules - // Look for it in the main router rules - for _, router := range dynamicConfig.HTTP.Routers { - if router.Rule != "" { - // Extract domain from Host(`mydomain.com`) - if domain := extractDomainFromRule(router.Rule); domain != "" { - values.DashboardDomain = domain - break - } - } - } - return values, nil } -// extractDomainFromRule extracts the domain from a router rule -func extractDomainFromRule(rule string) string { - // Look for the Host(`mydomain.com`) pattern - if start := findPattern(rule, "Host(`"); start != -1 { - end := findPattern(rule[start:], "`)") - if end != -1 { - return rule[start+6 : start+end] - } +func ReadAppConfig(configPath string) (*AppConfigValues, error) { + // Read config file + configData, err := os.ReadFile(configPath) + if err != nil { + return nil, fmt.Errorf("error reading config file: %w", err) } - return "" + + var appConfig AppConfig + if err := yaml.Unmarshal(configData, &appConfig); err != nil { + return nil, fmt.Errorf("error parsing config file: %w", err) + } + + values := &AppConfigValues{ + DashboardURL: appConfig.App.DashboardURL, + LogLevel: appConfig.App.LogLevel, + } + + return values, nil } // findPattern finds the start of a pattern in a string diff --git a/install/config/config.yml b/install/config/config.yml index 00d7c897..5a86a930 100644 --- a/install/config/config.yml +++ b/install/config/config.yml @@ -1,6 +1,15 @@ # To see all available options, please visit the docs: -# https://docs.fossorial.io/Pangolin/Configuration/config +# https://docs.digpangolin.com/self-host/advanced/config-file +gerbil: + start_port: 51820 + base_endpoint: "{{.DashboardDomain}}" +{{if .HybridMode}} +managed: + id: "{{.HybridId}}" + secret: "{{.HybridSecret}}" + +{{else}} app: dashboard_url: "https://{{.DashboardDomain}}" log_level: "info" @@ -17,11 +26,6 @@ server: methods: ["GET", "POST", "PUT", "DELETE", "PATCH"] allowed_headers: ["X-CSRF-Token", "Content-Type"] credentials: false - -gerbil: - start_port: 51820 - base_endpoint: "{{.DashboardDomain}}" - {{if .EnableEmail}} email: smtp_host: "{{.EmailSMTPHost}}" @@ -30,9 +34,9 @@ email: smtp_pass: "{{.EmailSMTPPass}}" no_reply: "{{.EmailNoReply}}" {{end}} - flags: require_email_verification: {{.EnableEmail}} disable_signup_without_invite: true disable_user_create_org: false allow_raw_resources: true +{{end}} \ No newline at end of file diff --git a/install/config/crowdsec/traefik_config.yml b/install/config/crowdsec/traefik_config.yml index 7ccfd7cf..198693ef 100644 --- a/install/config/crowdsec/traefik_config.yml +++ b/install/config/crowdsec/traefik_config.yml @@ -16,7 +16,7 @@ experimental: version: "{{.BadgerVersion}}" crowdsec: # CrowdSec plugin configuration added moduleName: "github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin" - version: "v1.4.2" + version: "v1.4.4" log: level: "INFO" diff --git a/install/config/docker-compose.yml b/install/config/docker-compose.yml index 4ce31e41..97b30317 100644 --- a/install/config/docker-compose.yml +++ b/install/config/docker-compose.yml @@ -6,6 +6,8 @@ services: restart: unless-stopped volumes: - ./config:/app/config + - pangolin-data:/var/certificates + - pangolin-data:/var/dynamic healthcheck: test: ["CMD", "curl", "-f", "http://localhost:3001/api/v1/"] interval: "10s" @@ -22,8 +24,7 @@ services: command: - --reachableAt=http://gerbil:3003 - --generateAndSaveKeyTo=/var/config/key - - --remoteConfig=http://pangolin:3001/api/v1/gerbil/get-config - - --reportBandwidthTo=http://pangolin:3001/api/v1/gerbil/receive-bandwidth + - --remoteConfig=http://pangolin:3001/api/v1/ volumes: - ./config/:/var/config cap_add: @@ -32,11 +33,11 @@ services: ports: - 51820:51820/udp - 21820:21820/udp - - 443:443 # Port for traefik because of the network_mode - - 80:80 # Port for traefik because of the network_mode + - 443:{{if .HybridMode}}8443{{else}}443{{end}} + - 80:80 {{end}} traefik: - image: docker.io/traefik:v3.4.1 + image: docker.io/traefik:v3.5 container_name: traefik restart: unless-stopped {{if .InstallGerbil}} @@ -55,9 +56,15 @@ services: - ./config/traefik:/etc/traefik:ro # Volume to store the Traefik configuration - ./config/letsencrypt:/letsencrypt # Volume to store the Let's Encrypt certificates - ./config/traefik/logs:/var/log/traefik # Volume to store Traefik logs + # Shared volume for certificates and dynamic config in file mode + - pangolin-data:/var/certificates:ro + - pangolin-data:/var/dynamic:ro networks: default: driver: bridge name: pangolin - enable_ipv6: true +{{if .EnableIPv6}} enable_ipv6: true{{end}} + +volumes: + pangolin-data: diff --git a/install/config/traefik/traefik_config.yml b/install/config/traefik/traefik_config.yml index 842786fa..dd0ba1b2 100644 --- a/install/config/traefik/traefik_config.yml +++ b/install/config/traefik/traefik_config.yml @@ -3,12 +3,17 @@ api: dashboard: true providers: +{{if not .HybridMode}} http: endpoint: "http://pangolin:3001/api/v1/traefik-config" pollInterval: "5s" file: filename: "/etc/traefik/dynamic_config.yml" - +{{else}} + file: + directory: "/var/dynamic" + watch: true +{{end}} experimental: plugins: badger: @@ -22,7 +27,7 @@ log: maxBackups: 3 maxAge: 3 compress: true - +{{if not .HybridMode}} certificatesResolvers: letsencrypt: acme: @@ -31,7 +36,7 @@ certificatesResolvers: email: "{{.LetsEncryptEmail}}" storage: "/letsencrypt/acme.json" caServer: "https://acme-v02.api.letsencrypt.org/directory" - +{{end}} entryPoints: web: address: ":80" @@ -40,9 +45,12 @@ entryPoints: transport: respondingTimeouts: readTimeout: "30m" - http: +{{if not .HybridMode}} http: tls: - certResolver: "letsencrypt" + certResolver: "letsencrypt"{{end}} serversTransport: insecureSkipVerify: true + +ping: + entryPoint: "web" \ No newline at end of file diff --git a/install/containers.go b/install/containers.go new file mode 100644 index 00000000..cea3a6ef --- /dev/null +++ b/install/containers.go @@ -0,0 +1,332 @@ +package main + +import ( + "bytes" + "fmt" + "os" + "os/exec" + "os/user" + "runtime" + "strconv" + "strings" + "time" +) + +func waitForContainer(containerName string, containerType SupportedContainer) error { + maxAttempts := 30 + retryInterval := time.Second * 2 + + for attempt := 0; attempt < maxAttempts; attempt++ { + // Check if container is running + cmd := exec.Command(string(containerType), "container", "inspect", "-f", "{{.State.Running}}", containerName) + var out bytes.Buffer + cmd.Stdout = &out + + if err := cmd.Run(); err != nil { + // If the container doesn't exist or there's another error, wait and retry + time.Sleep(retryInterval) + continue + } + + isRunning := strings.TrimSpace(out.String()) == "true" + if isRunning { + return nil + } + + // Container exists but isn't running yet, wait and retry + time.Sleep(retryInterval) + } + + return fmt.Errorf("container %s did not start within %v seconds", containerName, maxAttempts*int(retryInterval.Seconds())) +} + +func installDocker() error { + // Detect Linux distribution + cmd := exec.Command("cat", "/etc/os-release") + output, err := cmd.Output() + if err != nil { + return fmt.Errorf("failed to detect Linux distribution: %v", err) + } + osRelease := string(output) + + // Detect system architecture + archCmd := exec.Command("uname", "-m") + archOutput, err := archCmd.Output() + if err != nil { + return fmt.Errorf("failed to detect system architecture: %v", err) + } + arch := strings.TrimSpace(string(archOutput)) + + // Map architecture to Docker's architecture naming + var dockerArch string + switch arch { + case "x86_64": + dockerArch = "amd64" + case "aarch64": + dockerArch = "arm64" + default: + return fmt.Errorf("unsupported architecture: %s", arch) + } + + var installCmd *exec.Cmd + switch { + case strings.Contains(osRelease, "ID=ubuntu"): + installCmd = exec.Command("bash", "-c", fmt.Sprintf(` + apt-get update && + apt-get install -y apt-transport-https ca-certificates curl software-properties-common && + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg && + echo "deb [arch=%s signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list && + apt-get update && + apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin + `, dockerArch)) + case strings.Contains(osRelease, "ID=debian"): + installCmd = exec.Command("bash", "-c", fmt.Sprintf(` + apt-get update && + apt-get install -y apt-transport-https ca-certificates curl software-properties-common && + curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg && + echo "deb [arch=%s signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list && + apt-get update && + apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin + `, dockerArch)) + case strings.Contains(osRelease, "ID=fedora"): + // Detect Fedora version to handle DNF 5 changes + versionCmd := exec.Command("bash", "-c", "grep VERSION_ID /etc/os-release | cut -d'=' -f2 | tr -d '\"'") + versionOutput, err := versionCmd.Output() + var fedoraVersion int + if err == nil { + if v, parseErr := strconv.Atoi(strings.TrimSpace(string(versionOutput))); parseErr == nil { + fedoraVersion = v + } + } + + // Use appropriate DNF syntax based on version + var repoCmd string + if fedoraVersion >= 41 { + // DNF 5 syntax for Fedora 41+ + repoCmd = "dnf config-manager addrepo --from-repofile=https://download.docker.com/linux/fedora/docker-ce.repo" + } else { + // DNF 4 syntax for Fedora < 41 + repoCmd = "dnf config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo" + } + + installCmd = exec.Command("bash", "-c", fmt.Sprintf(` + dnf -y install dnf-plugins-core && + %s && + dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin + `, repoCmd)) + case strings.Contains(osRelease, "ID=opensuse") || strings.Contains(osRelease, "ID=\"opensuse-"): + installCmd = exec.Command("bash", "-c", ` + zypper install -y docker docker-compose && + systemctl enable docker + `) + case strings.Contains(osRelease, "ID=rhel") || strings.Contains(osRelease, "ID=\"rhel"): + installCmd = exec.Command("bash", "-c", ` + dnf remove -y runc && + dnf -y install yum-utils && + dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo && + dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin && + systemctl enable docker + `) + case strings.Contains(osRelease, "ID=amzn"): + installCmd = exec.Command("bash", "-c", ` + yum update -y && + yum install -y docker && + systemctl enable docker && + usermod -a -G docker ec2-user + `) + default: + return fmt.Errorf("unsupported Linux distribution") + } + + installCmd.Stdout = os.Stdout + installCmd.Stderr = os.Stderr + return installCmd.Run() +} + +func startDockerService() error { + if runtime.GOOS == "linux" { + cmd := exec.Command("systemctl", "enable", "--now", "docker") + cmd.Stdout = os.Stdout + cmd.Stderr = os.Stderr + return cmd.Run() + } else if runtime.GOOS == "darwin" { + // On macOS, Docker is usually started via the Docker Desktop application + fmt.Println("Please start Docker Desktop manually on macOS.") + return nil + } + return fmt.Errorf("unsupported operating system for starting Docker service") +} + +func isDockerInstalled() bool { + return isContainerInstalled("docker") +} + +func isPodmanInstalled() bool { + return isContainerInstalled("podman") && isContainerInstalled("podman-compose") +} + +func isContainerInstalled(container string) bool { + cmd := exec.Command(container, "--version") + if err := cmd.Run(); err != nil { + return false + } + return true +} + +func isUserInDockerGroup() bool { + if runtime.GOOS == "darwin" { + // Docker group is not applicable on macOS + // So we assume that the user can run Docker commands + return true + } + + if os.Geteuid() == 0 { + return true // Root user can run Docker commands anyway + } + + // Check if the current user is in the docker group + if dockerGroup, err := user.LookupGroup("docker"); err == nil { + if currentUser, err := user.Current(); err == nil { + if currentUserGroupIds, err := currentUser.GroupIds(); err == nil { + for _, groupId := range currentUserGroupIds { + if groupId == dockerGroup.Gid { + return true + } + } + } + } + } + + // Eventually, if any of the checks fail, we assume the user cannot run Docker commands + return false +} + +// isDockerRunning checks if the Docker daemon is running by using the `docker info` command. +func isDockerRunning() bool { + cmd := exec.Command("docker", "info") + if err := cmd.Run(); err != nil { + return false + } + return true +} + +// executeDockerComposeCommandWithArgs executes the appropriate docker command with arguments supplied +func executeDockerComposeCommandWithArgs(args ...string) error { + var cmd *exec.Cmd + var useNewStyle bool + + if !isDockerInstalled() { + return fmt.Errorf("docker is not installed") + } + + checkCmd := exec.Command("docker", "compose", "version") + if err := checkCmd.Run(); err == nil { + useNewStyle = true + } else { + checkCmd = exec.Command("docker-compose", "version") + if err := checkCmd.Run(); err == nil { + useNewStyle = false + } else { + return fmt.Errorf("neither 'docker compose' nor 'docker-compose' command is available") + } + } + + if useNewStyle { + cmd = exec.Command("docker", append([]string{"compose"}, args...)...) + } else { + cmd = exec.Command("docker-compose", args...) + } + + cmd.Stdout = os.Stdout + cmd.Stderr = os.Stderr + return cmd.Run() +} + +// pullContainers pulls the containers using the appropriate command. +func pullContainers(containerType SupportedContainer) error { + fmt.Println("Pulling the container images...") + if containerType == Podman { + if err := run("podman-compose", "-f", "docker-compose.yml", "pull"); err != nil { + return fmt.Errorf("failed to pull the containers: %v", err) + } + + return nil + } + + if containerType == Docker { + if err := executeDockerComposeCommandWithArgs("-f", "docker-compose.yml", "pull", "--policy", "always"); err != nil { + return fmt.Errorf("failed to pull the containers: %v", err) + } + + return nil + } + + return fmt.Errorf("Unsupported container type: %s", containerType) +} + +// startContainers starts the containers using the appropriate command. +func startContainers(containerType SupportedContainer) error { + fmt.Println("Starting containers...") + + if containerType == Podman { + if err := run("podman-compose", "-f", "docker-compose.yml", "up", "-d", "--force-recreate"); err != nil { + return fmt.Errorf("failed start containers: %v", err) + } + + return nil + } + + if containerType == Docker { + if err := executeDockerComposeCommandWithArgs("-f", "docker-compose.yml", "up", "-d", "--force-recreate"); err != nil { + return fmt.Errorf("failed to start containers: %v", err) + } + + return nil + } + + return fmt.Errorf("Unsupported container type: %s", containerType) +} + +// stopContainers stops the containers using the appropriate command. +func stopContainers(containerType SupportedContainer) error { + fmt.Println("Stopping containers...") + if containerType == Podman { + if err := run("podman-compose", "-f", "docker-compose.yml", "down"); err != nil { + return fmt.Errorf("failed to stop containers: %v", err) + } + + return nil + } + + if containerType == Docker { + if err := executeDockerComposeCommandWithArgs("-f", "docker-compose.yml", "down"); err != nil { + return fmt.Errorf("failed to stop containers: %v", err) + } + + return nil + } + + return fmt.Errorf("Unsupported container type: %s", containerType) +} + +// restartContainer restarts a specific container using the appropriate command. +func restartContainer(container string, containerType SupportedContainer) error { + fmt.Println("Restarting containers...") + if containerType == Podman { + if err := run("podman-compose", "-f", "docker-compose.yml", "restart"); err != nil { + return fmt.Errorf("failed to stop the container \"%s\": %v", container, err) + } + + return nil + } + + if containerType == Docker { + if err := executeDockerComposeCommandWithArgs("-f", "docker-compose.yml", "restart", container); err != nil { + return fmt.Errorf("failed to stop the container \"%s\": %v", container, err) + } + + return nil + } + + return fmt.Errorf("Unsupported container type: %s", containerType) +} diff --git a/install/go.mod b/install/go.mod index 1d12aa12..37b815e8 100644 --- a/install/go.mod +++ b/install/go.mod @@ -1,10 +1,10 @@ module installer -go 1.23.0 +go 1.24 require ( - golang.org/x/term v0.28.0 + golang.org/x/term v0.33.0 gopkg.in/yaml.v3 v3.0.1 ) -require golang.org/x/sys v0.29.0 // indirect +require golang.org/x/sys v0.34.0 // indirect diff --git a/install/go.sum b/install/go.sum index 169165e4..71a81b94 100644 --- a/install/go.sum +++ b/install/go.sum @@ -1,7 +1,7 @@ -golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= -golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg= -golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek= +golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA= +golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/term v0.33.0 h1:NuFncQrRcaRvVmgRkvM3j/F00gWIAlcmlB8ACEKmGIg= +golang.org/x/term v0.33.0/go.mod h1:s18+ql9tYWp1IfpV9DmCtQDDSRBUjKaw9M1eAv5UeF0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= diff --git a/install/input.go b/install/input.go new file mode 100644 index 00000000..cf8fd7a3 --- /dev/null +++ b/install/input.go @@ -0,0 +1,74 @@ +package main + +import ( + "bufio" + "fmt" + "strings" + "syscall" + + "golang.org/x/term" +) + +func readString(reader *bufio.Reader, prompt string, defaultValue string) string { + if defaultValue != "" { + fmt.Printf("%s (default: %s): ", prompt, defaultValue) + } else { + fmt.Print(prompt + ": ") + } + input, _ := reader.ReadString('\n') + input = strings.TrimSpace(input) + if input == "" { + return defaultValue + } + return input +} + +func readStringNoDefault(reader *bufio.Reader, prompt string) string { + fmt.Print(prompt + ": ") + input, _ := reader.ReadString('\n') + return strings.TrimSpace(input) +} + +func readPassword(prompt string, reader *bufio.Reader) string { + if term.IsTerminal(int(syscall.Stdin)) { + fmt.Print(prompt + ": ") + // Read password without echo if we're in a terminal + password, err := term.ReadPassword(int(syscall.Stdin)) + fmt.Println() // Add a newline since ReadPassword doesn't add one + if err != nil { + return "" + } + input := strings.TrimSpace(string(password)) + if input == "" { + return readPassword(prompt, reader) + } + return input + } else { + // Fallback to reading from stdin if not in a terminal + return readString(reader, prompt, "") + } +} + +func readBool(reader *bufio.Reader, prompt string, defaultValue bool) bool { + defaultStr := "no" + if defaultValue { + defaultStr = "yes" + } + input := readString(reader, prompt+" (yes/no)", defaultStr) + return strings.ToLower(input) == "yes" +} + +func readBoolNoDefault(reader *bufio.Reader, prompt string) bool { + input := readStringNoDefault(reader, prompt+" (yes/no)") + return strings.ToLower(input) == "yes" +} + +func readInt(reader *bufio.Reader, prompt string, defaultValue int) int { + input := readString(reader, prompt, fmt.Sprintf("%d", defaultValue)) + if input == "" { + return defaultValue + } + value := defaultValue + fmt.Sscanf(input, "%d", &value) + return value +} diff --git a/install/input.txt b/install/input.txt index 9ecf0d4d..12df39d7 100644 --- a/install/input.txt +++ b/install/input.txt @@ -1,6 +1,7 @@ docker example.com pangolin.example.com +yes admin@example.com yes admin@example.com diff --git a/install/main.go b/install/main.go index e28d05d5..1d684b51 100644 --- a/install/main.go +++ b/install/main.go @@ -10,17 +10,12 @@ import ( "math/rand" "os" "os/exec" - "os/user" "path/filepath" "runtime" - "strconv" "strings" - "syscall" "text/template" "time" "net" - - "golang.org/x/term" ) // DO NOT EDIT THIS FUNCTION; IT MATCHED BY REGEX IN CICD @@ -40,6 +35,7 @@ type Config struct { BadgerVersion string BaseDomain string DashboardDomain string + EnableIPv6 bool LetsEncryptEmail string EnableEmail bool EmailSMTPHost string @@ -51,6 +47,9 @@ type Config struct { TraefikBouncerKey string DoCrowdsecInstall bool Secret string + HybridMode bool + HybridId string + HybridSecret string } type SupportedContainer string @@ -66,28 +65,178 @@ func main() { fmt.Println("Welcome to the Pangolin installer!") fmt.Println("This installer will help you set up Pangolin on your server.") - fmt.Println("") - fmt.Println("Please make sure you have the following prerequisites:") + fmt.Println("\nPlease make sure you have the following prerequisites:") fmt.Println("- Open TCP ports 80 and 443 and UDP ports 51820 and 21820 on your VPS and firewall.") - fmt.Println("- Point your domain to the VPS IP with A records.") - fmt.Println("") - fmt.Println("http://docs.fossorial.io/Getting%20Started/dns-networking") - fmt.Println("") - fmt.Println("Lets get started!") - fmt.Println("") + fmt.Println("\nLets get started!") + if os.Geteuid() == 0 { // WE NEED TO BE SUDO TO CHECK THIS + for _, p := range []int{80, 443} { + if err := checkPortsAvailable(p); err != nil { + fmt.Fprintln(os.Stderr, err) - for _, p := range []int{80, 443} { - if err := checkPortsAvailable(p); err != nil { - fmt.Fprintln(os.Stderr, err) - - fmt.Printf("Please close any services on ports 80/443 in order to run the installation smoothly") - os.Exit(1) - } - } - + fmt.Printf("Please close any services on ports 80/443 in order to run the installation smoothly") + os.Exit(1) + } + } + } reader := bufio.NewReader(os.Stdin) + + var config Config + + // check if there is already a config file + if _, err := os.Stat("config/config.yml"); err != nil { + config = collectUserInput(reader) + + loadVersions(&config) + config.DoCrowdsecInstall = false + config.Secret = generateRandomSecretKey() + + fmt.Println("\n=== Generating Configuration Files ===") + + // If the secret and id are not generated then generate them + if config.HybridMode && (config.HybridId == "" || config.HybridSecret == "") { + // fmt.Println("Requesting hybrid credentials from cloud...") + credentials, err := requestHybridCredentials() + if err != nil { + fmt.Printf("Error requesting hybrid credentials: %v\n", err) + fmt.Println("Please obtain credentials manually from the dashboard and run the installer again.") + os.Exit(1) + } + config.HybridId = credentials.RemoteExitNodeId + config.HybridSecret = credentials.Secret + fmt.Printf("Your managed credentials have been obtained successfully.\n") + fmt.Printf(" ID: %s\n", config.HybridId) + fmt.Printf(" Secret: %s\n", config.HybridSecret) + fmt.Println("Take these to the Pangolin dashboard https://pangolin.fossorial.io to adopt your node.") + readBool(reader, "Have you adopted your node?", true) + } + + if err := createConfigFiles(config); err != nil { + fmt.Printf("Error creating config files: %v\n", err) + os.Exit(1) + } + + moveFile("config/docker-compose.yml", "docker-compose.yml") + + fmt.Println("\nConfiguration files created successfully!") + + fmt.Println("\n=== Starting installation ===") + + if readBool(reader, "Would you like to install and start the containers?", true) { + + config.InstallationContainerType = podmanOrDocker(reader) + + if !isDockerInstalled() && runtime.GOOS == "linux" && config.InstallationContainerType == Docker { + if readBool(reader, "Docker is not installed. Would you like to install it?", true) { + installDocker() + // try to start docker service but ignore errors + if err := startDockerService(); err != nil { + fmt.Println("Error starting Docker service:", err) + } else { + fmt.Println("Docker service started successfully!") + } + // wait 10 seconds for docker to start checking if docker is running every 2 seconds + fmt.Println("Waiting for Docker to start...") + for i := 0; i < 5; i++ { + if isDockerRunning() { + fmt.Println("Docker is running!") + break + } + fmt.Println("Docker is not running yet, waiting...") + time.Sleep(2 * time.Second) + } + if !isDockerRunning() { + fmt.Println("Docker is still not running after 10 seconds. Please check the installation.") + os.Exit(1) + } + fmt.Println("Docker installed successfully!") + } + } + + if err := pullContainers(config.InstallationContainerType); err != nil { + fmt.Println("Error: ", err) + return + } + + if err := startContainers(config.InstallationContainerType); err != nil { + fmt.Println("Error: ", err) + return + } + } + + } else { + fmt.Println("Looks like you already installed Pangolin!") + } + + if !checkIsCrowdsecInstalledInCompose() && !checkIsPangolinInstalledWithHybrid() { + fmt.Println("\n=== CrowdSec Install ===") + // check if crowdsec is installed + if readBool(reader, "Would you like to install CrowdSec?", false) { + fmt.Println("This installer constitutes a minimal viable CrowdSec deployment. CrowdSec will add extra complexity to your Pangolin installation and may not work to the best of its abilities out of the box. Users are expected to implement configuration adjustments on their own to achieve the best security posture. Consult the CrowdSec documentation for detailed configuration instructions.") + + // BUG: crowdsec installation will be skipped if the user chooses to install on the first installation. + if readBool(reader, "Are you willing to manage CrowdSec?", false) { + if config.DashboardDomain == "" { + traefikConfig, err := ReadTraefikConfig("config/traefik/traefik_config.yml") + if err != nil { + fmt.Printf("Error reading config: %v\n", err) + return + } + appConfig, err := ReadAppConfig("config/config.yml") + if err != nil { + fmt.Printf("Error reading config: %v\n", err) + return + } + + config.DashboardDomain = appConfig.DashboardURL + config.LetsEncryptEmail = traefikConfig.LetsEncryptEmail + config.BadgerVersion = traefikConfig.BadgerVersion + + // print the values and check if they are right + fmt.Println("Detected values:") + fmt.Printf("Dashboard Domain: %s\n", config.DashboardDomain) + fmt.Printf("Let's Encrypt Email: %s\n", config.LetsEncryptEmail) + fmt.Printf("Badger Version: %s\n", config.BadgerVersion) + + if !readBool(reader, "Are these values correct?", true) { + config = collectUserInput(reader) + } + } + + config.DoCrowdsecInstall = true + installCrowdsec(config) + } + } + } + + if !config.HybridMode { + // Setup Token Section + fmt.Println("\n=== Setup Token ===") + + // Check if containers were started during this installation + containersStarted := false + if (isDockerInstalled() && config.InstallationContainerType == Docker) || + (isPodmanInstalled() && config.InstallationContainerType == Podman) { + // Try to fetch and display the token if containers are running + containersStarted = true + printSetupToken(config.InstallationContainerType, config.DashboardDomain) + } + + // If containers weren't started or token wasn't found, show instructions + if !containersStarted { + showSetupTokenInstructions(config.InstallationContainerType, config.DashboardDomain) + } + } + + fmt.Println("\nInstallation complete!") + + if !config.HybridMode && !checkIsPangolinInstalledWithHybrid() { + fmt.Printf("\nTo complete the initial setup, please visit:\nhttps://%s/auth/initial-setup\n", config.DashboardDomain) + } +} + +func podmanOrDocker(reader *bufio.Reader) SupportedContainer { inputContainer := readString(reader, "Would you like to run Pangolin as Docker or Podman containers?", "docker") chosenContainer := Docker @@ -151,161 +300,7 @@ func main() { os.Exit(1) } - var config Config - config.InstallationContainerType = chosenContainer - - // check if there is already a config file - if _, err := os.Stat("config/config.yml"); err != nil { - config = collectUserInput(reader) - - loadVersions(&config) - config.DoCrowdsecInstall = false - config.Secret = generateRandomSecretKey() - - if err := createConfigFiles(config); err != nil { - fmt.Printf("Error creating config files: %v\n", err) - os.Exit(1) - } - - moveFile("config/docker-compose.yml", "docker-compose.yml") - - if !isDockerInstalled() && runtime.GOOS == "linux" && chosenContainer == Docker { - if readBool(reader, "Docker is not installed. Would you like to install it?", true) { - installDocker() - // try to start docker service but ignore errors - if err := startDockerService(); err != nil { - fmt.Println("Error starting Docker service:", err) - } else { - fmt.Println("Docker service started successfully!") - } - // wait 10 seconds for docker to start checking if docker is running every 2 seconds - fmt.Println("Waiting for Docker to start...") - for i := 0; i < 5; i++ { - if isDockerRunning() { - fmt.Println("Docker is running!") - break - } - fmt.Println("Docker is not running yet, waiting...") - time.Sleep(2 * time.Second) - } - if !isDockerRunning() { - fmt.Println("Docker is still not running after 10 seconds. Please check the installation.") - os.Exit(1) - } - fmt.Println("Docker installed successfully!") - } - } - - fmt.Println("\n=== Starting installation ===") - - if (isDockerInstalled() && chosenContainer == Docker) || - (isPodmanInstalled() && chosenContainer == Podman) { - if readBool(reader, "Would you like to install and start the containers?", true) { - if err := pullContainers(chosenContainer); err != nil { - fmt.Println("Error: ", err) - return - } - - if err := startContainers(chosenContainer); err != nil { - fmt.Println("Error: ", err) - return - } - } - } - } else { - fmt.Println("Looks like you already installed, so I am going to do the setup...") - } - - if !checkIsCrowdsecInstalledInCompose() { - fmt.Println("\n=== CrowdSec Install ===") - // check if crowdsec is installed - if readBool(reader, "Would you like to install CrowdSec?", false) { - fmt.Println("This installer constitutes a minimal viable CrowdSec deployment. CrowdSec will add extra complexity to your Pangolin installation and may not work to the best of its abilities out of the box. Users are expected to implement configuration adjustments on their own to achieve the best security posture. Consult the CrowdSec documentation for detailed configuration instructions.") - - // BUG: crowdsec installation will be skipped if the user chooses to install on the first installation. - if readBool(reader, "Are you willing to manage CrowdSec?", false) { - if config.DashboardDomain == "" { - traefikConfig, err := ReadTraefikConfig("config/traefik/traefik_config.yml", "config/traefik/dynamic_config.yml") - if err != nil { - fmt.Printf("Error reading config: %v\n", err) - return - } - config.DashboardDomain = traefikConfig.DashboardDomain - config.LetsEncryptEmail = traefikConfig.LetsEncryptEmail - config.BadgerVersion = traefikConfig.BadgerVersion - - // print the values and check if they are right - fmt.Println("Detected values:") - fmt.Printf("Dashboard Domain: %s\n", config.DashboardDomain) - fmt.Printf("Let's Encrypt Email: %s\n", config.LetsEncryptEmail) - fmt.Printf("Badger Version: %s\n", config.BadgerVersion) - - if !readBool(reader, "Are these values correct?", true) { - config = collectUserInput(reader) - } - } - - config.DoCrowdsecInstall = true - installCrowdsec(config) - } - } - } - - fmt.Println("Installation complete!") - fmt.Printf("\nTo complete the initial setup, please visit:\nhttps://%s/auth/initial-setup\n", config.DashboardDomain) -} - -func readString(reader *bufio.Reader, prompt string, defaultValue string) string { - if defaultValue != "" { - fmt.Printf("%s (default: %s): ", prompt, defaultValue) - } else { - fmt.Print(prompt + ": ") - } - input, _ := reader.ReadString('\n') - input = strings.TrimSpace(input) - if input == "" { - return defaultValue - } - return input -} - -func readPassword(prompt string, reader *bufio.Reader) string { - if term.IsTerminal(int(syscall.Stdin)) { - fmt.Print(prompt + ": ") - // Read password without echo if we're in a terminal - password, err := term.ReadPassword(int(syscall.Stdin)) - fmt.Println() // Add a newline since ReadPassword doesn't add one - if err != nil { - return "" - } - input := strings.TrimSpace(string(password)) - if input == "" { - return readPassword(prompt, reader) - } - return input - } else { - // Fallback to reading from stdin if not in a terminal - return readString(reader, prompt, "") - } -} - -func readBool(reader *bufio.Reader, prompt string, defaultValue bool) bool { - defaultStr := "no" - if defaultValue { - defaultStr = "yes" - } - input := readString(reader, prompt+" (yes/no)", defaultStr) - return strings.ToLower(input) == "yes" -} - -func readInt(reader *bufio.Reader, prompt string, defaultValue int) int { - input := readString(reader, prompt, fmt.Sprintf("%d", defaultValue)) - if input == "" { - return defaultValue - } - value := defaultValue - fmt.Sscanf(input, "%d", &value) - return value + return chosenContainer } func collectUserInput(reader *bufio.Reader) Config { @@ -313,36 +308,73 @@ func collectUserInput(reader *bufio.Reader) Config { // Basic configuration fmt.Println("\n=== Basic Configuration ===") - config.BaseDomain = readString(reader, "Enter your base domain (no subdomain e.g. example.com)", "") - config.DashboardDomain = readString(reader, "Enter the domain for the Pangolin dashboard", "pangolin."+config.BaseDomain) - config.LetsEncryptEmail = readString(reader, "Enter email for Let's Encrypt certificates", "") - config.InstallGerbil = readBool(reader, "Do you want to use Gerbil to allow tunneled connections", true) - - // Email configuration - fmt.Println("\n=== Email Configuration ===") - config.EnableEmail = readBool(reader, "Enable email functionality (SMTP)", false) - - if config.EnableEmail { - config.EmailSMTPHost = readString(reader, "Enter SMTP host", "") - config.EmailSMTPPort = readInt(reader, "Enter SMTP port (default 587)", 587) - config.EmailSMTPUser = readString(reader, "Enter SMTP username", "") - config.EmailSMTPPass = readString(reader, "Enter SMTP password", "") // Should this be readPassword? - config.EmailNoReply = readString(reader, "Enter no-reply email address", "") + for { + response := readString(reader, "Do you want to install Pangolin as a cloud-managed (beta) node? (yes/no)", "") + if strings.EqualFold(response, "yes") || strings.EqualFold(response, "y") { + config.HybridMode = true + break + } else if strings.EqualFold(response, "no") || strings.EqualFold(response, "n") { + config.HybridMode = false + break + } + fmt.Println("Please answer 'yes' or 'no'") } - // Validate required fields - if config.BaseDomain == "" { - fmt.Println("Error: Domain name is required") - os.Exit(1) + if config.HybridMode { + alreadyHaveCreds := readBool(reader, "Do you already have credentials from the dashboard? If not, we will create them later", false) + + if alreadyHaveCreds { + config.HybridId = readString(reader, "Enter your ID", "") + config.HybridSecret = readString(reader, "Enter your secret", "") + } + + config.DashboardDomain = readString(reader, "The public addressable IP address for this node or a domain pointing to it", "") + config.InstallGerbil = true + } else { + config.BaseDomain = readString(reader, "Enter your base domain (no subdomain e.g. example.com)", "") + + // Set default dashboard domain after base domain is collected + defaultDashboardDomain := "" + if config.BaseDomain != "" { + defaultDashboardDomain = "pangolin." + config.BaseDomain + } + config.DashboardDomain = readString(reader, "Enter the domain for the Pangolin dashboard", defaultDashboardDomain) + config.LetsEncryptEmail = readString(reader, "Enter email for Let's Encrypt certificates", "") + config.InstallGerbil = readBool(reader, "Do you want to use Gerbil to allow tunneled connections", true) + + // Email configuration + fmt.Println("\n=== Email Configuration ===") + config.EnableEmail = readBool(reader, "Enable email functionality (SMTP)", false) + + if config.EnableEmail { + config.EmailSMTPHost = readString(reader, "Enter SMTP host", "") + config.EmailSMTPPort = readInt(reader, "Enter SMTP port (default 587)", 587) + config.EmailSMTPUser = readString(reader, "Enter SMTP username", "") + config.EmailSMTPPass = readString(reader, "Enter SMTP password", "") // Should this be readPassword? + config.EmailNoReply = readString(reader, "Enter no-reply email address", "") + } + + // Validate required fields + if config.BaseDomain == "" { + fmt.Println("Error: Domain name is required") + os.Exit(1) + } + if config.LetsEncryptEmail == "" { + fmt.Println("Error: Let's Encrypt email is required") + os.Exit(1) + } } + + // Advanced configuration + + fmt.Println("\n=== Advanced Configuration ===") + + config.EnableIPv6 = readBool(reader, "Is your server IPv6 capable?", true) + if config.DashboardDomain == "" { fmt.Println("Error: Dashboard Domain name is required") os.Exit(1) } - if config.LetsEncryptEmail == "" { - fmt.Println("Error: Let's Encrypt email is required") - os.Exit(1) - } return config } @@ -372,6 +404,11 @@ func createConfigFiles(config Config) error { return nil } + // the hybrid does not need the dynamic config + if config.HybridMode && strings.Contains(path, "dynamic_config.yml") { + return nil + } + // skip .DS_Store if strings.Contains(path, ".DS_Store") { return nil @@ -423,297 +460,6 @@ func createConfigFiles(config Config) error { return nil } -func installDocker() error { - // Detect Linux distribution - cmd := exec.Command("cat", "/etc/os-release") - output, err := cmd.Output() - if err != nil { - return fmt.Errorf("failed to detect Linux distribution: %v", err) - } - osRelease := string(output) - - // Detect system architecture - archCmd := exec.Command("uname", "-m") - archOutput, err := archCmd.Output() - if err != nil { - return fmt.Errorf("failed to detect system architecture: %v", err) - } - arch := strings.TrimSpace(string(archOutput)) - - // Map architecture to Docker's architecture naming - var dockerArch string - switch arch { - case "x86_64": - dockerArch = "amd64" - case "aarch64": - dockerArch = "arm64" - default: - return fmt.Errorf("unsupported architecture: %s", arch) - } - - var installCmd *exec.Cmd - switch { - case strings.Contains(osRelease, "ID=ubuntu"): - installCmd = exec.Command("bash", "-c", fmt.Sprintf(` - apt-get update && - apt-get install -y apt-transport-https ca-certificates curl software-properties-common && - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg && - echo "deb [arch=%s signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list && - apt-get update && - apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin - `, dockerArch)) - case strings.Contains(osRelease, "ID=debian"): - installCmd = exec.Command("bash", "-c", fmt.Sprintf(` - apt-get update && - apt-get install -y apt-transport-https ca-certificates curl software-properties-common && - curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg && - echo "deb [arch=%s signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list && - apt-get update && - apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin - `, dockerArch)) - case strings.Contains(osRelease, "ID=fedora"): - // Detect Fedora version to handle DNF 5 changes - versionCmd := exec.Command("bash", "-c", "grep VERSION_ID /etc/os-release | cut -d'=' -f2 | tr -d '\"'") - versionOutput, err := versionCmd.Output() - var fedoraVersion int - if err == nil { - if v, parseErr := strconv.Atoi(strings.TrimSpace(string(versionOutput))); parseErr == nil { - fedoraVersion = v - } - } - - // Use appropriate DNF syntax based on version - var repoCmd string - if fedoraVersion >= 41 { - // DNF 5 syntax for Fedora 41+ - repoCmd = "dnf config-manager addrepo --from-repofile=https://download.docker.com/linux/fedora/docker-ce.repo" - } else { - // DNF 4 syntax for Fedora < 41 - repoCmd = "dnf config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo" - } - - installCmd = exec.Command("bash", "-c", fmt.Sprintf(` - dnf -y install dnf-plugins-core && - %s && - dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin - `, repoCmd)) - case strings.Contains(osRelease, "ID=opensuse") || strings.Contains(osRelease, "ID=\"opensuse-"): - installCmd = exec.Command("bash", "-c", ` - zypper install -y docker docker-compose && - systemctl enable docker - `) - case strings.Contains(osRelease, "ID=rhel") || strings.Contains(osRelease, "ID=\"rhel"): - installCmd = exec.Command("bash", "-c", ` - dnf remove -y runc && - dnf -y install yum-utils && - dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo && - dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin && - systemctl enable docker - `) - case strings.Contains(osRelease, "ID=amzn"): - installCmd = exec.Command("bash", "-c", ` - yum update -y && - yum install -y docker && - systemctl enable docker && - usermod -a -G docker ec2-user - `) - default: - return fmt.Errorf("unsupported Linux distribution") - } - - installCmd.Stdout = os.Stdout - installCmd.Stderr = os.Stderr - return installCmd.Run() -} - -func startDockerService() error { - if runtime.GOOS == "linux" { - cmd := exec.Command("systemctl", "enable", "--now", "docker") - cmd.Stdout = os.Stdout - cmd.Stderr = os.Stderr - return cmd.Run() - } else if runtime.GOOS == "darwin" { - // On macOS, Docker is usually started via the Docker Desktop application - fmt.Println("Please start Docker Desktop manually on macOS.") - return nil - } - return fmt.Errorf("unsupported operating system for starting Docker service") -} - -func isDockerInstalled() bool { - return isContainerInstalled("docker") -} - -func isPodmanInstalled() bool { - return isContainerInstalled("podman") && isContainerInstalled("podman-compose") -} - -func isContainerInstalled(container string) bool { - cmd := exec.Command(container, "--version") - if err := cmd.Run(); err != nil { - return false - } - return true -} - -func isUserInDockerGroup() bool { - if runtime.GOOS == "darwin" { - // Docker group is not applicable on macOS - // So we assume that the user can run Docker commands - return true - } - - if os.Geteuid() == 0 { - return true // Root user can run Docker commands anyway - } - - // Check if the current user is in the docker group - if dockerGroup, err := user.LookupGroup("docker"); err == nil { - if currentUser, err := user.Current(); err == nil { - if currentUserGroupIds, err := currentUser.GroupIds(); err == nil { - for _, groupId := range currentUserGroupIds { - if groupId == dockerGroup.Gid { - return true - } - } - } - } - } - - // Eventually, if any of the checks fail, we assume the user cannot run Docker commands - return false -} - -// isDockerRunning checks if the Docker daemon is running by using the `docker info` command. -func isDockerRunning() bool { - cmd := exec.Command("docker", "info") - if err := cmd.Run(); err != nil { - return false - } - return true -} - -// executeDockerComposeCommandWithArgs executes the appropriate docker command with arguments supplied -func executeDockerComposeCommandWithArgs(args ...string) error { - var cmd *exec.Cmd - var useNewStyle bool - - if !isDockerInstalled() { - return fmt.Errorf("docker is not installed") - } - - checkCmd := exec.Command("docker", "compose", "version") - if err := checkCmd.Run(); err == nil { - useNewStyle = true - } else { - checkCmd = exec.Command("docker-compose", "version") - if err := checkCmd.Run(); err == nil { - useNewStyle = false - } else { - return fmt.Errorf("neither 'docker compose' nor 'docker-compose' command is available") - } - } - - if useNewStyle { - cmd = exec.Command("docker", append([]string{"compose"}, args...)...) - } else { - cmd = exec.Command("docker-compose", args...) - } - - cmd.Stdout = os.Stdout - cmd.Stderr = os.Stderr - return cmd.Run() -} - -// pullContainers pulls the containers using the appropriate command. -func pullContainers(containerType SupportedContainer) error { - fmt.Println("Pulling the container images...") - if containerType == Podman { - if err := run("podman-compose", "-f", "docker-compose.yml", "pull"); err != nil { - return fmt.Errorf("failed to pull the containers: %v", err) - } - - return nil - } - - if containerType == Docker { - if err := executeDockerComposeCommandWithArgs("-f", "docker-compose.yml", "pull", "--policy", "always"); err != nil { - return fmt.Errorf("failed to pull the containers: %v", err) - } - - return nil - } - - return fmt.Errorf("Unsupported container type: %s", containerType) -} - -// startContainers starts the containers using the appropriate command. -func startContainers(containerType SupportedContainer) error { - fmt.Println("Starting containers...") - - if containerType == Podman { - if err := run("podman-compose", "-f", "docker-compose.yml", "up", "-d", "--force-recreate"); err != nil { - return fmt.Errorf("failed start containers: %v", err) - } - - return nil - } - - if containerType == Docker { - if err := executeDockerComposeCommandWithArgs("-f", "docker-compose.yml", "up", "-d", "--force-recreate"); err != nil { - return fmt.Errorf("failed to start containers: %v", err) - } - - return nil - } - - return fmt.Errorf("Unsupported container type: %s", containerType) -} - -// stopContainers stops the containers using the appropriate command. -func stopContainers(containerType SupportedContainer) error { - fmt.Println("Stopping containers...") - if containerType == Podman { - if err := run("podman-compose", "-f", "docker-compose.yml", "down"); err != nil { - return fmt.Errorf("failed to stop containers: %v", err) - } - - return nil - } - - if containerType == Docker { - if err := executeDockerComposeCommandWithArgs("-f", "docker-compose.yml", "down"); err != nil { - return fmt.Errorf("failed to stop containers: %v", err) - } - - return nil - } - - return fmt.Errorf("Unsupported container type: %s", containerType) -} - -// restartContainer restarts a specific container using the appropriate command. -func restartContainer(container string, containerType SupportedContainer) error { - fmt.Println("Restarting containers...") - if containerType == Podman { - if err := run("podman-compose", "-f", "docker-compose.yml", "restart"); err != nil { - return fmt.Errorf("failed to stop the container \"%s\": %v", container, err) - } - - return nil - } - - if containerType == Docker { - if err := executeDockerComposeCommandWithArgs("-f", "docker-compose.yml", "restart", container); err != nil { - return fmt.Errorf("failed to stop the container \"%s\": %v", container, err) - } - - return nil - } - - return fmt.Errorf("Unsupported container type: %s", containerType) -} - func copyFile(src, dst string) error { source, err := os.Open(src) if err != nil { @@ -739,32 +485,89 @@ func moveFile(src, dst string) error { return os.Remove(src) } -func waitForContainer(containerName string, containerType SupportedContainer) error { - maxAttempts := 30 - retryInterval := time.Second * 2 +func printSetupToken(containerType SupportedContainer, dashboardDomain string) { + fmt.Println("Waiting for Pangolin to generate setup token...") - for attempt := 0; attempt < maxAttempts; attempt++ { - // Check if container is running - cmd := exec.Command(string(containerType), "container", "inspect", "-f", "{{.State.Running}}", containerName) - var out bytes.Buffer - cmd.Stdout = &out - - if err := cmd.Run(); err != nil { - // If the container doesn't exist or there's another error, wait and retry - time.Sleep(retryInterval) - continue - } - - isRunning := strings.TrimSpace(out.String()) == "true" - if isRunning { - return nil - } - - // Container exists but isn't running yet, wait and retry - time.Sleep(retryInterval) + // Wait for Pangolin to be healthy + if err := waitForContainer("pangolin", containerType); err != nil { + fmt.Println("Warning: Pangolin container did not become healthy in time.") + return } - return fmt.Errorf("container %s did not start within %v seconds", containerName, maxAttempts*int(retryInterval.Seconds())) + // Give a moment for the setup token to be generated + time.Sleep(2 * time.Second) + + // Fetch logs + var cmd *exec.Cmd + if containerType == Docker { + cmd = exec.Command("docker", "logs", "pangolin") + } else { + cmd = exec.Command("podman", "logs", "pangolin") + } + output, err := cmd.Output() + if err != nil { + fmt.Println("Warning: Could not fetch Pangolin logs to find setup token.") + return + } + + // Parse for setup token + lines := strings.Split(string(output), "\n") + for i, line := range lines { + if strings.Contains(line, "=== SETUP TOKEN GENERATED ===") || strings.Contains(line, "=== SETUP TOKEN EXISTS ===") { + // Look for "Token: ..." in the next few lines + for j := i + 1; j < i+5 && j < len(lines); j++ { + trimmedLine := strings.TrimSpace(lines[j]) + if strings.Contains(trimmedLine, "Token:") { + // Extract token after "Token:" + tokenStart := strings.Index(trimmedLine, "Token:") + if tokenStart != -1 { + token := strings.TrimSpace(trimmedLine[tokenStart+6:]) + fmt.Printf("Setup token: %s\n", token) + fmt.Println("") + fmt.Println("This token is required to register the first admin account in the web UI at:") + fmt.Printf("https://%s/auth/initial-setup\n", dashboardDomain) + fmt.Println("") + fmt.Println("Save this token securely. It will be invalid after the first admin is created.") + return + } + } + } + } + } + fmt.Println("Warning: Could not find a setup token in Pangolin logs.") +} + +func showSetupTokenInstructions(containerType SupportedContainer, dashboardDomain string) { + fmt.Println("\n=== Setup Token Instructions ===") + fmt.Println("To get your setup token, you need to:") + fmt.Println("") + fmt.Println("1. Start the containers:") + if containerType == Docker { + fmt.Println(" docker-compose up -d") + } else { + fmt.Println(" podman-compose up -d") + } + fmt.Println("") + fmt.Println("2. Wait for the Pangolin container to start and generate the token") + fmt.Println("") + fmt.Println("3. Check the container logs for the setup token:") + if containerType == Docker { + fmt.Println(" docker logs pangolin | grep -A 2 -B 2 'SETUP TOKEN'") + } else { + fmt.Println(" podman logs pangolin | grep -A 2 -B 2 'SETUP TOKEN'") + } + fmt.Println("") + fmt.Println("4. Look for output like:") + fmt.Println(" === SETUP TOKEN GENERATED ===") + fmt.Println(" Token: [your-token-here]") + fmt.Println(" Use this token on the initial setup page") + fmt.Println("") + fmt.Println("5. Use the token to complete initial setup at:") + fmt.Printf(" https://%s/auth/initial-setup\n", dashboardDomain) + fmt.Println("") + fmt.Println("The setup token is required to register the first admin account.") + fmt.Println("Save it securely - it will be invalid after the first admin is created.") + fmt.Println("================================") } func generateRandomSecretKey() string { @@ -806,3 +609,19 @@ func checkPortsAvailable(port int) error { } return nil } + +func checkIsPangolinInstalledWithHybrid() bool { + // Check if config/config.yml exists and contains hybrid section + if _, err := os.Stat("config/config.yml"); err != nil { + return false + } + + // Read config file to check for hybrid section + content, err := os.ReadFile("config/config.yml") + if err != nil { + return false + } + + // Check for hybrid section + return bytes.Contains(content, []byte("managed:")) +} diff --git a/install/quickStart.go b/install/quickStart.go new file mode 100644 index 00000000..ece8e8ff --- /dev/null +++ b/install/quickStart.go @@ -0,0 +1,110 @@ +package main + +import ( + "bytes" + "encoding/base64" + "encoding/json" + "fmt" + "io" + "net/http" + "time" +) + +const ( + FRONTEND_SECRET_KEY = "af4e4785-7e09-11f0-b93a-74563c4e2a7e" + // CLOUD_API_URL = "https://pangolin.fossorial.io/api/v1/remote-exit-node/quick-start" + CLOUD_API_URL = "https://pangolin.fossorial.io/api/v1/remote-exit-node/quick-start" +) + +// HybridCredentials represents the response from the cloud API +type HybridCredentials struct { + RemoteExitNodeId string `json:"remoteExitNodeId"` + Secret string `json:"secret"` +} + +// APIResponse represents the full response structure from the cloud API +type APIResponse struct { + Data HybridCredentials `json:"data"` +} + +// RequestPayload represents the request body structure +type RequestPayload struct { + Token string `json:"token"` +} + +func generateValidationToken() string { + timestamp := time.Now().UnixMilli() + data := fmt.Sprintf("%s|%d", FRONTEND_SECRET_KEY, timestamp) + obfuscated := make([]byte, len(data)) + for i, char := range []byte(data) { + obfuscated[i] = char + 5 + } + return base64.StdEncoding.EncodeToString(obfuscated) +} + +// requestHybridCredentials makes an HTTP POST request to the cloud API +// to get hybrid credentials (ID and secret) +func requestHybridCredentials() (*HybridCredentials, error) { + // Generate validation token + token := generateValidationToken() + + // Create request payload + payload := RequestPayload{ + Token: token, + } + + // Marshal payload to JSON + jsonData, err := json.Marshal(payload) + if err != nil { + return nil, fmt.Errorf("failed to marshal request payload: %v", err) + } + + // Create HTTP request + req, err := http.NewRequest("POST", CLOUD_API_URL, bytes.NewBuffer(jsonData)) + if err != nil { + return nil, fmt.Errorf("failed to create HTTP request: %v", err) + } + + // Set headers + req.Header.Set("Content-Type", "application/json") + req.Header.Set("X-CSRF-Token", "x-csrf-protection") + + // Create HTTP client with timeout + client := &http.Client{ + Timeout: 30 * time.Second, + } + + // Make the request + resp, err := client.Do(req) + if err != nil { + return nil, fmt.Errorf("failed to make HTTP request: %v", err) + } + defer resp.Body.Close() + + // Check response status + if resp.StatusCode != http.StatusOK { + return nil, fmt.Errorf("API request failed with status code: %d", resp.StatusCode) + } + + // Read response body for debugging + body, err := io.ReadAll(resp.Body) + if err != nil { + return nil, fmt.Errorf("failed to read response body: %v", err) + } + + // Print the raw JSON response for debugging + // fmt.Printf("Raw JSON response: %s\n", string(body)) + + // Parse response + var apiResponse APIResponse + if err := json.Unmarshal(body, &apiResponse); err != nil { + return nil, fmt.Errorf("failed to decode API response: %v", err) + } + + // Validate response data + if apiResponse.Data.RemoteExitNodeId == "" || apiResponse.Data.Secret == "" { + return nil, fmt.Errorf("invalid response: missing remoteExitNodeId or secret") + } + + return &apiResponse.Data, nil +} diff --git a/messages/bg-BG.json b/messages/bg-BG.json new file mode 100644 index 00000000..9b6686b5 --- /dev/null +++ b/messages/bg-BG.json @@ -0,0 +1,1454 @@ +{ + "setupCreate": "Създайте своя организация, сайт и ресурси", + "setupNewOrg": "Нова организация", + "setupCreateOrg": "Създаване на организация", + "setupCreateResources": "Създаване на ресурси", + "setupOrgName": "Име на организацията", + "orgDisplayName": "Това е публичното име на вашата организация.", + "orgId": "Идентификатор на организация", + "setupIdentifierMessage": "Това е уникалният идентификатор на вашата организация. Това е различно от публичното ѝ име.", + "setupErrorIdentifier": "Идентификаторът на организация вече е зает. Моля, изберете друг.", + "componentsErrorNoMemberCreate": "В момента не сте част от организация. Създайте организация, за да продължите.", + "componentsErrorNoMember": "В момента не сте част от организация.", + "welcome": "Добре дошли!", + "welcomeTo": "Добре дошли в", + "componentsCreateOrg": "Създаване на организация", + "componentsMember": "Вие сте част от {count, plural, =0 {нула организации} one {една организация} other {# организации}}.", + "componentsInvalidKey": "Засечен е невалиден или изтекъл лиценз. Проверете лицензионните условия, за да се възползвате от всички функционалности.", + "dismiss": "Отхвърляне", + "componentsLicenseViolation": "Нарушение на лиценза: Сървърът използва {usedSites} сайта, което надвишава лицензионния лимит от {maxSites} сайта. Проверете лицензионните условия, за да се възползвате от всички функционалности.", + "componentsSupporterMessage": "Благодарим ви, че подкрепяте Pangolin като {tier}!", + "inviteErrorNotValid": "We're sorry, but it looks like the invite you're trying to access has not been accepted or is no longer valid.", + "inviteErrorUser": "We're sorry, but it looks like the invite you're trying to access is not for this user.", + "inviteLoginUser": "Please make sure you're logged in as the correct user.", + "inviteErrorNoUser": "We're sorry, but it looks like the invite you're trying to access is not for a user that exists.", + "inviteCreateUser": "Please create an account first.", + "goHome": "Go Home", + "inviteLogInOtherUser": "Log In as a Different User", + "createAnAccount": "Create an Account", + "inviteNotAccepted": "Invite Not Accepted", + "authCreateAccount": "Create an account to get started", + "authNoAccount": "Don't have an account?", + "email": "Имейл", + "password": "Парола", + "confirmPassword": "Потвърждение на паролата", + "createAccount": "Създаване на профил", + "viewSettings": "Преглед на настройките", + "delete": "Изтриване", + "name": "Име", + "online": "На линия", + "offline": "Извън линия", + "site": "Сайт", + "dataIn": "Входящ трафик", + "dataOut": "Изходящ трафик", + "connectionType": "Вид на връзката", + "tunnelType": "Вид на тунела", + "local": "Локална", + "edit": "Редактиране", + "siteConfirmDelete": "Потвърждение на изтриване на сайта", + "siteDelete": "Изтриване на сайта", + "siteMessageRemove": "Once removed, the site will no longer be accessible. All resources and targets associated with the site will also be removed.", + "siteMessageConfirm": "To confirm, please type the name of the site below.", + "siteQuestionRemove": "Are you sure you want to remove the site {selectedSite} from the organization?", + "siteManageSites": "Manage Sites", + "siteDescription": "Allow connectivity to your network through secure tunnels", + "siteCreate": "Create Site", + "siteCreateDescription2": "Follow the steps below to create and connect a new site", + "siteCreateDescription": "Create a new site to start connecting your resources", + "close": "Close", + "siteErrorCreate": "Error creating site", + "siteErrorCreateKeyPair": "Key pair or site defaults not found", + "siteErrorCreateDefaults": "Site defaults not found", + "method": "Method", + "siteMethodDescription": "This is how you will expose connections.", + "siteLearnNewt": "Learn how to install Newt on your system", + "siteSeeConfigOnce": "You will only be able to see the configuration once.", + "siteLoadWGConfig": "Loading WireGuard configuration...", + "siteDocker": "Expand for Docker Deployment Details", + "toggle": "Toggle", + "dockerCompose": "Docker Compose", + "dockerRun": "Docker Run", + "siteLearnLocal": "Local sites do not tunnel, learn more", + "siteConfirmCopy": "I have copied the config", + "searchSitesProgress": "Search sites...", + "siteAdd": "Add Site", + "siteInstallNewt": "Install Newt", + "siteInstallNewtDescription": "Get Newt running on your system", + "WgConfiguration": "WireGuard Configuration", + "WgConfigurationDescription": "Use the following configuration to connect to your network", + "operatingSystem": "Operating System", + "commands": "Commands", + "recommended": "Recommended", + "siteNewtDescription": "For the best user experience, use Newt. It uses WireGuard under the hood and allows you to address your private resources by their LAN address on your private network from within the Pangolin dashboard.", + "siteRunsInDocker": "Runs in Docker", + "siteRunsInShell": "Runs in shell on macOS, Linux, and Windows", + "siteErrorDelete": "Error deleting site", + "siteErrorUpdate": "Failed to update site", + "siteErrorUpdateDescription": "An error occurred while updating the site.", + "siteUpdated": "Сайтът е обновен", + "siteUpdatedDescription": "The site has been updated.", + "siteGeneralDescription": "Configure the general settings for this site", + "siteSettingDescription": "Configure the settings on your site", + "siteSetting": "{siteName} Settings", + "siteNewtTunnel": "Newt Tunnel (Recommended)", + "siteNewtTunnelDescription": "Easiest way to create an entrypoint into your network. No extra setup.", + "siteWg": "Basic WireGuard", + "siteWgDescription": "Use any WireGuard client to establish a tunnel. Manual NAT setup required.", + "siteWgDescriptionSaas": "Use any WireGuard client to establish a tunnel. Manual NAT setup required. ONLY WORKS ON SELF HOSTED NODES", + "siteLocalDescription": "Local resources only. No tunneling.", + "siteLocalDescriptionSaas": "Local resources only. No tunneling. ONLY WORKS ON SELF HOSTED NODES", + "siteSeeAll": "See All Sites", + "siteTunnelDescription": "Determine how you want to connect to your site", + "siteNewtCredentials": "Newt Credentials", + "siteNewtCredentialsDescription": "This is how Newt will authenticate with the server", + "siteCredentialsSave": "Save Your Credentials", + "siteCredentialsSaveDescription": "You will only be able to see this once. Make sure to copy it to a secure place.", + "siteInfo": "Site Information", + "status": "Status", + "shareTitle": "Manage Share Links", + "shareDescription": "Create shareable links to grant temporary or permanent access to your resources", + "shareSearch": "Search share links...", + "shareCreate": "Create Share Link", + "shareErrorDelete": "Failed to delete link", + "shareErrorDeleteMessage": "An error occurred deleting link", + "shareDeleted": "Link deleted", + "shareDeletedDescription": "The link has been deleted", + "shareTokenDescription": "Your access token can be passed in two ways: as a query parameter or in the request headers. These must be passed from the client on every request for authenticated access.", + "accessToken": "Access Token", + "usageExamples": "Usage Examples", + "tokenId": "Token ID", + "requestHeades": "Request Headers", + "queryParameter": "Query Parameter", + "importantNote": "Important Note", + "shareImportantDescription": "For security reasons, using headers is recommended over query parameters when possible, as query parameters may be logged in server logs or browser history.", + "token": "Token", + "shareTokenSecurety": "Keep your access token secure. Do not share it in publicly accessible areas or client-side code.", + "shareErrorFetchResource": "Failed to fetch resources", + "shareErrorFetchResourceDescription": "An error occurred while fetching the resources", + "shareErrorCreate": "Failed to create share link", + "shareErrorCreateDescription": "An error occurred while creating the share link", + "shareCreateDescription": "Anyone with this link can access the resource", + "shareTitleOptional": "Title (optional)", + "expireIn": "Expire In", + "neverExpire": "Never expire", + "shareExpireDescription": "Expiration time is how long the link will be usable and provide access to the resource. After this time, the link will no longer work, and users who used this link will lose access to the resource.", + "shareSeeOnce": "You will only be able to see this linkonce. Make sure to copy it.", + "shareAccessHint": "Anyone with this link can access the resource. Share it with care.", + "shareTokenUsage": "See Access Token Usage", + "createLink": "Create Link", + "resourcesNotFound": "No resources found", + "resourceSearch": "Search resources", + "openMenu": "Open menu", + "resource": "Resource", + "title": "Title", + "created": "Created", + "expires": "Expires", + "never": "Never", + "shareErrorSelectResource": "Please select a resource", + "resourceTitle": "Manage Resources", + "resourceDescription": "Create secure proxies to your private applications", + "resourcesSearch": "Search resources...", + "resourceAdd": "Add Resource", + "resourceErrorDelte": "Error deleting resource", + "authentication": "Authentication", + "protected": "Protected", + "notProtected": "Not Protected", + "resourceMessageRemove": "Once removed, the resource will no longer be accessible. All targets associated with the resource will also be removed.", + "resourceMessageConfirm": "To confirm, please type the name of the resource below.", + "resourceQuestionRemove": "Are you sure you want to remove the resource {selectedResource} from the organization?", + "resourceHTTP": "HTTPS Resource", + "resourceHTTPDescription": "Proxy requests to your app over HTTPS using a subdomain or base domain.", + "resourceRaw": "Raw TCP/UDP Resource", + "resourceRawDescription": "Proxy requests to your app over TCP/UDP using a port number.", + "resourceCreate": "Create Resource", + "resourceCreateDescription": "Follow the steps below to create a new resource", + "resourceSeeAll": "See All Resources", + "resourceInfo": "Resource Information", + "resourceNameDescription": "This is the display name for the resource.", + "siteSelect": "Select site", + "siteSearch": "Search site", + "siteNotFound": "No site found.", + "siteSelectionDescription": "This site will provide connectivity to the target.", + "resourceType": "Resource Type", + "resourceTypeDescription": "Determine how you want to access your resource", + "resourceHTTPSSettings": "HTTPS Settings", + "resourceHTTPSSettingsDescription": "Configure how your resource will be accessed over HTTPS", + "domainType": "Domain Type", + "subdomain": "Subdomain", + "baseDomain": "Base Domain", + "subdomnainDescription": "The subdomain where your resource will be accessible.", + "resourceRawSettings": "TCP/UDP Settings", + "resourceRawSettingsDescription": "Configure how your resource will be accessed over TCP/UDP", + "protocol": "Protocol", + "protocolSelect": "Select a protocol", + "resourcePortNumber": "Port Number", + "resourcePortNumberDescription": "The external port number to proxy requests.", + "cancel": "Cancel", + "resourceConfig": "Configuration Snippets", + "resourceConfigDescription": "Copy and paste these configuration snippets to set up your TCP/UDP resource", + "resourceAddEntrypoints": "Traefik: Add Entrypoints", + "resourceExposePorts": "Gerbil: Expose Ports in Docker Compose", + "resourceLearnRaw": "Learn how to configure TCP/UDP resources", + "resourceBack": "Back to Resources", + "resourceGoTo": "Go to Resource", + "resourceDelete": "Delete Resource", + "resourceDeleteConfirm": "Confirm Delete Resource", + "visibility": "Visibility", + "enabled": "Enabled", + "disabled": "Disabled", + "general": "General", + "generalSettings": "General Settings", + "proxy": "Proxy", + "internal": "Internal", + "rules": "Rules", + "resourceSettingDescription": "Configure the settings on your resource", + "resourceSetting": "{resourceName} Settings", + "alwaysAllow": "Always Allow", + "alwaysDeny": "Always Deny", + "orgSettingsDescription": "Configure your organization's general settings", + "orgGeneralSettings": "Organization Settings", + "orgGeneralSettingsDescription": "Manage your organization details and configuration", + "saveGeneralSettings": "Save General Settings", + "saveSettings": "Save Settings", + "orgDangerZone": "Danger Zone", + "orgDangerZoneDescription": "Once you delete this org, there is no going back. Please be certain.", + "orgDelete": "Delete Organization", + "orgDeleteConfirm": "Confirm Delete Organization", + "orgMessageRemove": "This action is irreversible and will delete all associated data.", + "orgMessageConfirm": "To confirm, please type the name of the organization below.", + "orgQuestionRemove": "Are you sure you want to remove the organization {selectedOrg}?", + "orgUpdated": "Organization updated", + "orgUpdatedDescription": "The organization has been updated.", + "orgErrorUpdate": "Failed to update organization", + "orgErrorUpdateMessage": "An error occurred while updating the organization.", + "orgErrorFetch": "Failed to fetch organizations", + "orgErrorFetchMessage": "An error occurred while listing your organizations", + "orgErrorDelete": "Failed to delete organization", + "orgErrorDeleteMessage": "An error occurred while deleting the organization.", + "orgDeleted": "Organization deleted", + "orgDeletedMessage": "The organization and its data has been deleted.", + "orgMissing": "Organization ID Missing", + "orgMissingMessage": "Unable to regenerate invitation without an organization ID.", + "accessUsersManage": "Manage Users", + "accessUsersDescription": "Invite users and add them to roles to manage access to your organization", + "accessUsersSearch": "Search users...", + "accessUserCreate": "Create User", + "accessUserRemove": "Remove User", + "username": "Username", + "identityProvider": "Identity Provider", + "role": "Role", + "nameRequired": "Name is required", + "accessRolesManage": "Manage Roles", + "accessRolesDescription": "Configure roles to manage access to your organization", + "accessRolesSearch": "Search roles...", + "accessRolesAdd": "Add Role", + "accessRoleDelete": "Delete Role", + "description": "Description", + "inviteTitle": "Open Invitations", + "inviteDescription": "Manage your invitations to other users", + "inviteSearch": "Search invitations...", + "minutes": "Minutes", + "hours": "Hours", + "days": "Days", + "weeks": "Weeks", + "months": "Months", + "years": "Years", + "day": "{count, plural, one {# day} other {# days}}", + "apiKeysTitle": "API Key Information", + "apiKeysConfirmCopy2": "You must confirm that you have copied the API key.", + "apiKeysErrorCreate": "Error creating API key", + "apiKeysErrorSetPermission": "Error setting permissions", + "apiKeysCreate": "Generate API Key", + "apiKeysCreateDescription": "Generate a new API key for your organization", + "apiKeysGeneralSettings": "Permissions", + "apiKeysGeneralSettingsDescription": "Determine what this API key can do", + "apiKeysList": "Your API Key", + "apiKeysSave": "Save Your API Key", + "apiKeysSaveDescription": "You will only be able to see this once. Make sure to copy it to a secure place.", + "apiKeysInfo": "Your API key is:", + "apiKeysConfirmCopy": "I have copied the API key", + "generate": "Generate", + "done": "Done", + "apiKeysSeeAll": "See All API Keys", + "apiKeysPermissionsErrorLoadingActions": "Error loading API key actions", + "apiKeysPermissionsErrorUpdate": "Error setting permissions", + "apiKeysPermissionsUpdated": "Permissions updated", + "apiKeysPermissionsUpdatedDescription": "The permissions have been updated.", + "apiKeysPermissionsGeneralSettings": "Permissions", + "apiKeysPermissionsGeneralSettingsDescription": "Determine what this API key can do", + "apiKeysPermissionsSave": "Save Permissions", + "apiKeysPermissionsTitle": "Permissions", + "apiKeys": "API Keys", + "searchApiKeys": "Search API keys...", + "apiKeysAdd": "Generate API Key", + "apiKeysErrorDelete": "Error deleting API key", + "apiKeysErrorDeleteMessage": "Error deleting API key", + "apiKeysQuestionRemove": "Are you sure you want to remove the API key {selectedApiKey} from the organization?", + "apiKeysMessageRemove": "Once removed, the API key will no longer be able to be used.", + "apiKeysMessageConfirm": "To confirm, please type the name of the API key below.", + "apiKeysDeleteConfirm": "Confirm Delete API Key", + "apiKeysDelete": "Delete API Key", + "apiKeysManage": "Manage API Keys", + "apiKeysDescription": "API keys are used to authenticate with the integration API", + "apiKeysSettings": "{apiKeyName} Settings", + "userTitle": "Manage All Users", + "userDescription": "View and manage all users in the system", + "userAbount": "About User Management", + "userAbountDescription": "This table displays all root user objects in the system. Each user may belong to multiple organizations. Removing a user from an organization does not delete their root user object - they will remain in the system. To completely remove a user from the system, you must delete their root user object using the delete action in this table.", + "userServer": "Server Users", + "userSearch": "Search server users...", + "userErrorDelete": "Error deleting user", + "userDeleteConfirm": "Confirm Delete User", + "userDeleteServer": "Delete User from Server", + "userMessageRemove": "The user will be removed from all organizations and be completely removed from the server.", + "userMessageConfirm": "To confirm, please type the name of the user below.", + "userQuestionRemove": "Are you sure you want to permanently delete {selectedUser} from the server?", + "licenseKey": "License Key", + "valid": "Valid", + "numberOfSites": "Number of Sites", + "licenseKeySearch": "Search license keys...", + "licenseKeyAdd": "Add License Key", + "type": "Type", + "licenseKeyRequired": "License key is required", + "licenseTermsAgree": "You must agree to the license terms", + "licenseErrorKeyLoad": "Failed to load license keys", + "licenseErrorKeyLoadDescription": "An error occurred loading license keys.", + "licenseErrorKeyDelete": "Failed to delete license key", + "licenseErrorKeyDeleteDescription": "An error occurred deleting license key.", + "licenseKeyDeleted": "License key deleted", + "licenseKeyDeletedDescription": "The license key has been deleted.", + "licenseErrorKeyActivate": "Failed to activate license key", + "licenseErrorKeyActivateDescription": "An error occurred while activating the license key.", + "licenseAbout": "About Licensing", + "communityEdition": "Community Edition", + "licenseAboutDescription": "This is for business and enterprise users who are using Pangolin in a commercial environment. If you are using Pangolin for personal use, you can ignore this section.", + "licenseKeyActivated": "License key activated", + "licenseKeyActivatedDescription": "The license key has been successfully activated.", + "licenseErrorKeyRecheck": "Failed to recheck license keys", + "licenseErrorKeyRecheckDescription": "An error occurred rechecking license keys.", + "licenseErrorKeyRechecked": "License keys rechecked", + "licenseErrorKeyRecheckedDescription": "All license keys have been rechecked", + "licenseActivateKey": "Activate License Key", + "licenseActivateKeyDescription": "Enter a license key to activate it.", + "licenseActivate": "Activate License", + "licenseAgreement": "By checking this box, you confirm that you have read and agree to the license terms corresponding to the tier associated with your license key.", + "fossorialLicense": "View Fossorial Commercial License & Subscription Terms", + "licenseMessageRemove": "This will remove the license key and all associated permissions granted by it.", + "licenseMessageConfirm": "To confirm, please type the license key below.", + "licenseQuestionRemove": "Are you sure you want to delete the license key {selectedKey} ?", + "licenseKeyDelete": "Delete License Key", + "licenseKeyDeleteConfirm": "Confirm Delete License Key", + "licenseTitle": "Manage License Status", + "licenseTitleDescription": "View and manage license keys in the system", + "licenseHost": "Host License", + "licenseHostDescription": "Manage the main license key for the host.", + "licensedNot": "Not Licensed", + "hostId": "Host ID", + "licenseReckeckAll": "Recheck All Keys", + "licenseSiteUsage": "Sites Usage", + "licenseSiteUsageDecsription": "View the number of sites using this license.", + "licenseNoSiteLimit": "There is no limit on the number of sites using an unlicensed host.", + "licensePurchase": "Purchase License", + "licensePurchaseSites": "Purchase Additional Sites", + "licenseSitesUsedMax": "{usedSites} of {maxSites} sites used", + "licenseSitesUsed": "{count, plural, =0 {# sites} one {# site} other {# sites}} in system.", + "licensePurchaseDescription": "Choose how many sites you want to {selectedMode, select, license {purchase a license for. You can always add more sites later.} other {add to your existing license.}}", + "licenseFee": "License fee", + "licensePriceSite": "Price per site", + "total": "Total", + "licenseContinuePayment": "Continue to Payment", + "pricingPage": "pricing page", + "pricingPortal": "See Purchase Portal", + "licensePricingPage": "For the most up-to-date pricing and discounts, please visit the ", + "invite": "Invitations", + "inviteRegenerate": "Regenerate Invitation", + "inviteRegenerateDescription": "Revoke previous invitation and create a new one", + "inviteRemove": "Remove Invitation", + "inviteRemoveError": "Failed to remove invitation", + "inviteRemoveErrorDescription": "An error occurred while removing the invitation.", + "inviteRemoved": "Invitation removed", + "inviteRemovedDescription": "The invitation for {email} has been removed.", + "inviteQuestionRemove": "Are you sure you want to remove the invitation {email}?", + "inviteMessageRemove": "Once removed, this invitation will no longer be valid. You can always re-invite the user later.", + "inviteMessageConfirm": "To confirm, please type the email address of the invitation below.", + "inviteQuestionRegenerate": "Are you sure you want to regenerate the invitation for {email}? This will revoke the previous invitation.", + "inviteRemoveConfirm": "Confirm Remove Invitation", + "inviteRegenerated": "Invitation Regenerated", + "inviteSent": "A new invitation has been sent to {email}.", + "inviteSentEmail": "Send email notification to the user", + "inviteGenerate": "A new invitation has been generated for {email}.", + "inviteDuplicateError": "Duplicate Invite", + "inviteDuplicateErrorDescription": "An invitation for this user already exists.", + "inviteRateLimitError": "Rate Limit Exceeded", + "inviteRateLimitErrorDescription": "You have exceeded the limit of 3 regenerations per hour. Please try again later.", + "inviteRegenerateError": "Failed to Regenerate Invitation", + "inviteRegenerateErrorDescription": "An error occurred while regenerating the invitation.", + "inviteValidityPeriod": "Validity Period", + "inviteValidityPeriodSelect": "Select validity period", + "inviteRegenerateMessage": "The invitation has been regenerated. The user must access the link below to accept the invitation.", + "inviteRegenerateButton": "Regenerate", + "expiresAt": "Expires At", + "accessRoleUnknown": "Unknown Role", + "placeholder": "Placeholder", + "userErrorOrgRemove": "Failed to remove user", + "userErrorOrgRemoveDescription": "An error occurred while removing the user.", + "userOrgRemoved": "User removed", + "userOrgRemovedDescription": "The user {email} has been removed from the organization.", + "userQuestionOrgRemove": "Are you sure you want to remove {email} from the organization?", + "userMessageOrgRemove": "Once removed, this user will no longer have access to the organization. You can always re-invite them later, but they will need to accept the invitation again.", + "userMessageOrgConfirm": "To confirm, please type the name of the of the user below.", + "userRemoveOrgConfirm": "Confirm Remove User", + "userRemoveOrg": "Remove User from Organization", + "users": "Users", + "accessRoleMember": "Member", + "accessRoleOwner": "Owner", + "userConfirmed": "Confirmed", + "idpNameInternal": "Internal", + "emailInvalid": "Invalid email address", + "inviteValidityDuration": "Please select a duration", + "accessRoleSelectPlease": "Please select a role", + "usernameRequired": "Username is required", + "idpSelectPlease": "Please select an identity provider", + "idpGenericOidc": "Generic OAuth2/OIDC provider.", + "accessRoleErrorFetch": "Failed to fetch roles", + "accessRoleErrorFetchDescription": "An error occurred while fetching the roles", + "idpErrorFetch": "Failed to fetch identity providers", + "idpErrorFetchDescription": "An error occurred while fetching identity providers", + "userErrorExists": "User Already Exists", + "userErrorExistsDescription": "This user is already a member of the organization.", + "inviteError": "Failed to invite user", + "inviteErrorDescription": "An error occurred while inviting the user", + "userInvited": "User invited", + "userInvitedDescription": "The user has been successfully invited.", + "userErrorCreate": "Failed to create user", + "userErrorCreateDescription": "An error occurred while creating the user", + "userCreated": "User created", + "userCreatedDescription": "The user has been successfully created.", + "userTypeInternal": "Internal User", + "userTypeInternalDescription": "Invite a user to join your organization directly.", + "userTypeExternal": "External User", + "userTypeExternalDescription": "Create a user with an external identity provider.", + "accessUserCreateDescription": "Follow the steps below to create a new user", + "userSeeAll": "See All Users", + "userTypeTitle": "User Type", + "userTypeDescription": "Determine how you want to create the user", + "userSettings": "User Information", + "userSettingsDescription": "Enter the details for the new user", + "inviteEmailSent": "Send invite email to user", + "inviteValid": "Valid For", + "selectDuration": "Select duration", + "accessRoleSelect": "Select role", + "inviteEmailSentDescription": "An email has been sent to the user with the access link below. They must access the link to accept the invitation.", + "inviteSentDescription": "The user has been invited. They must access the link below to accept the invitation.", + "inviteExpiresIn": "The invite will expire in {days, plural, one {# day} other {# days}}.", + "idpTitle": "Identity Provider", + "idpSelect": "Select the identity provider for the external user", + "idpNotConfigured": "No identity providers are configured. Please configure an identity provider before creating external users.", + "usernameUniq": "This must match the unique username that exists in the selected identity provider.", + "emailOptional": "Email (Optional)", + "nameOptional": "Name (Optional)", + "accessControls": "Access Controls", + "userDescription2": "Manage the settings on this user", + "accessRoleErrorAdd": "Failed to add user to role", + "accessRoleErrorAddDescription": "An error occurred while adding user to the role.", + "userSaved": "User saved", + "userSavedDescription": "The user has been updated.", + "accessControlsDescription": "Manage what this user can access and do in the organization", + "accessControlsSubmit": "Save Access Controls", + "roles": "Roles", + "accessUsersRoles": "Manage Users & Roles", + "accessUsersRolesDescription": "Invite users and add them to roles to manage access to your organization", + "key": "Key", + "createdAt": "Created At", + "proxyErrorInvalidHeader": "Invalid custom Host Header value. Use domain name format, or save empty to unset custom Host Header.", + "proxyErrorTls": "Invalid TLS Server Name. Use domain name format, or save empty to remove the TLS Server Name.", + "proxyEnableSSL": "Enable SSL (https)", + "targetErrorFetch": "Failed to fetch targets", + "targetErrorFetchDescription": "An error occurred while fetching targets", + "siteErrorFetch": "Failed to fetch resource", + "siteErrorFetchDescription": "An error occurred while fetching resource", + "targetErrorDuplicate": "Duplicate target", + "targetErrorDuplicateDescription": "A target with these settings already exists", + "targetWireGuardErrorInvalidIp": "Invalid target IP", + "targetWireGuardErrorInvalidIpDescription": "Target IP must be within the site subnet", + "targetsUpdated": "Targets updated", + "targetsUpdatedDescription": "Targets and settings updated successfully", + "targetsErrorUpdate": "Failed to update targets", + "targetsErrorUpdateDescription": "An error occurred while updating targets", + "targetTlsUpdate": "TLS settings updated", + "targetTlsUpdateDescription": "Your TLS settings have been updated successfully", + "targetErrorTlsUpdate": "Failed to update TLS settings", + "targetErrorTlsUpdateDescription": "An error occurred while updating TLS settings", + "proxyUpdated": "Proxy settings updated", + "proxyUpdatedDescription": "Your proxy settings have been updated successfully", + "proxyErrorUpdate": "Failed to update proxy settings", + "proxyErrorUpdateDescription": "An error occurred while updating proxy settings", + "targetAddr": "IP / Hostname", + "targetPort": "Port", + "targetProtocol": "Protocol", + "targetTlsSettings": "Secure Connection Configuration", + "targetTlsSettingsDescription": "Configure SSL/TLS settings for your resource", + "targetTlsSettingsAdvanced": "Advanced TLS Settings", + "targetTlsSni": "TLS Server Name (SNI)", + "targetTlsSniDescription": "The TLS Server Name to use for SNI. Leave empty to use the default.", + "targetTlsSubmit": "Save Settings", + "targets": "Targets Configuration", + "targetsDescription": "Set up targets to route traffic to your backend services", + "targetStickySessions": "Enable Sticky Sessions", + "targetStickySessionsDescription": "Keep connections on the same backend target for their entire session.", + "methodSelect": "Select method", + "targetSubmit": "Add Target", + "targetNoOne": "No targets. Add a target using the form.", + "targetNoOneDescription": "Adding more than one target above will enable load balancing.", + "targetsSubmit": "Save Targets", + "proxyAdditional": "Additional Proxy Settings", + "proxyAdditionalDescription": "Configure how your resource handles proxy settings", + "proxyCustomHeader": "Custom Host Header", + "proxyCustomHeaderDescription": "The host header to set when proxying requests. Leave empty to use the default.", + "proxyAdditionalSubmit": "Save Proxy Settings", + "subnetMaskErrorInvalid": "Invalid subnet mask. Must be between 0 and 32.", + "ipAddressErrorInvalidFormat": "Invalid IP address format", + "ipAddressErrorInvalidOctet": "Invalid IP address octet", + "path": "Path", + "ipAddressRange": "IP Range", + "rulesErrorFetch": "Failed to fetch rules", + "rulesErrorFetchDescription": "An error occurred while fetching rules", + "rulesErrorDuplicate": "Duplicate rule", + "rulesErrorDuplicateDescription": "A rule with these settings already exists", + "rulesErrorInvalidIpAddressRange": "Invalid CIDR", + "rulesErrorInvalidIpAddressRangeDescription": "Please enter a valid CIDR value", + "rulesErrorInvalidUrl": "Invalid URL path", + "rulesErrorInvalidUrlDescription": "Please enter a valid URL path value", + "rulesErrorInvalidIpAddress": "Invalid IP", + "rulesErrorInvalidIpAddressDescription": "Please enter a valid IP address", + "rulesErrorUpdate": "Failed to update rules", + "rulesErrorUpdateDescription": "An error occurred while updating rules", + "rulesUpdated": "Enable Rules", + "rulesUpdatedDescription": "Rule evaluation has been updated", + "rulesMatchIpAddressRangeDescription": "Enter an address in CIDR format (e.g., 103.21.244.0/22)", + "rulesMatchIpAddress": "Enter an IP address (e.g., 103.21.244.12)", + "rulesMatchUrl": "Enter a URL path or pattern (e.g., /api/v1/todos or /api/v1/*)", + "rulesErrorInvalidPriority": "Invalid Priority", + "rulesErrorInvalidPriorityDescription": "Please enter a valid priority", + "rulesErrorDuplicatePriority": "Duplicate Priorities", + "rulesErrorDuplicatePriorityDescription": "Please enter unique priorities", + "ruleUpdated": "Rules updated", + "ruleUpdatedDescription": "Rules updated successfully", + "ruleErrorUpdate": "Operation failed", + "ruleErrorUpdateDescription": "An error occurred during the save operation", + "rulesPriority": "Priority", + "rulesAction": "Action", + "rulesMatchType": "Match Type", + "value": "Value", + "rulesAbout": "About Rules", + "rulesAboutDescription": "Rules allow you to control access to your resource based on a set of criteria. You can create rules to allow or deny access based on IP address or URL path.", + "rulesActions": "Actions", + "rulesActionAlwaysAllow": "Always Allow: Bypass all authentication methods", + "rulesActionAlwaysDeny": "Always Deny: Block all requests; no authentication can be attempted", + "rulesMatchCriteria": "Matching Criteria", + "rulesMatchCriteriaIpAddress": "Match a specific IP address", + "rulesMatchCriteriaIpAddressRange": "Match a range of IP addresses in CIDR notation", + "rulesMatchCriteriaUrl": "Match a URL path or pattern", + "rulesEnable": "Enable Rules", + "rulesEnableDescription": "Enable or disable rule evaluation for this resource", + "rulesResource": "Resource Rules Configuration", + "rulesResourceDescription": "Configure rules to control access to your resource", + "ruleSubmit": "Add Rule", + "rulesNoOne": "No rules. Add a rule using the form.", + "rulesOrder": "Rules are evaluated by priority in ascending order.", + "rulesSubmit": "Save Rules", + "resourceErrorCreate": "Error creating resource", + "resourceErrorCreateDescription": "An error occurred when creating the resource", + "resourceErrorCreateMessage": "Error creating resource:", + "resourceErrorCreateMessageDescription": "An unexpected error occurred", + "sitesErrorFetch": "Error fetching sites", + "sitesErrorFetchDescription": "An error occurred when fetching the sites", + "domainsErrorFetch": "Error fetching domains", + "domainsErrorFetchDescription": "An error occurred when fetching the domains", + "none": "None", + "unknown": "Unknown", + "resources": "Resources", + "resourcesDescription": "Resources are proxies to applications running on your private network. Create a resource for any HTTP/HTTPS or raw TCP/UDP service on your private network. Each resource must be connected to a site to enable private, secure connectivity through an encrypted WireGuard tunnel.", + "resourcesWireGuardConnect": "Secure connectivity with WireGuard encryption", + "resourcesMultipleAuthenticationMethods": "Configure multiple authentication methods", + "resourcesUsersRolesAccess": "User and role-based access control", + "resourcesErrorUpdate": "Failed to toggle resource", + "resourcesErrorUpdateDescription": "An error occurred while updating the resource", + "access": "Access", + "shareLink": "{resource} Share Link", + "resourceSelect": "Select resource", + "shareLinks": "Share Links", + "share": "Shareable Links", + "shareDescription2": "Create shareable links to your resources. Links provide temporary or unlimited access to your resource. You can configure the expiration duration of the link when you create one.", + "shareEasyCreate": "Easy to create and share", + "shareConfigurableExpirationDuration": "Configurable expiration duration", + "shareSecureAndRevocable": "Secure and revocable", + "nameMin": "Name must be at least {len} characters.", + "nameMax": "Name must not be longer than {len} characters.", + "sitesConfirmCopy": "Please confirm that you have copied the config.", + "unknownCommand": "Unknown command", + "newtErrorFetchReleases": "Failed to fetch release info: {err}", + "newtErrorFetchLatest": "Error fetching latest release: {err}", + "newtEndpoint": "Newt Endpoint", + "newtId": "Newt ID", + "newtSecretKey": "Newt Secret Key", + "architecture": "Architecture", + "sites": "Sites", + "siteWgAnyClients": "Use any WireGuard client to connect. You will have to address your internal resources using the peer IP.", + "siteWgCompatibleAllClients": "Compatible with all WireGuard clients", + "siteWgManualConfigurationRequired": "Manual configuration required", + "userErrorNotAdminOrOwner": "User is not an admin or owner", + "pangolinSettings": "Settings - Pangolin", + "accessRoleYour": "Your role:", + "accessRoleSelect2": "Select a role", + "accessUserSelect": "Select a user", + "otpEmailEnter": "Enter an email", + "otpEmailEnterDescription": "Press enter to add an email after typing it in the input field.", + "otpEmailErrorInvalid": "Invalid email address. Wildcard (*) must be the entire local part.", + "otpEmailSmtpRequired": "SMTP Required", + "otpEmailSmtpRequiredDescription": "SMTP must be enabled on the server to use one-time password authentication.", + "otpEmailTitle": "One-time Passwords", + "otpEmailTitleDescription": "Require email-based authentication for resource access", + "otpEmailWhitelist": "Email Whitelist", + "otpEmailWhitelistList": "Whitelisted Emails", + "otpEmailWhitelistListDescription": "Only users with these email addresses will be able to access this resource. They will be prompted to enter a one-time password sent to their email. Wildcards (*@example.com) can be used to allow any email address from a domain.", + "otpEmailWhitelistSave": "Save Whitelist", + "passwordAdd": "Add Password", + "passwordRemove": "Remove Password", + "pincodeAdd": "Add PIN Code", + "pincodeRemove": "Remove PIN Code", + "resourceAuthMethods": "Authentication Methods", + "resourceAuthMethodsDescriptions": "Allow access to the resource via additional auth methods", + "resourceAuthSettingsSave": "Saved successfully", + "resourceAuthSettingsSaveDescription": "Authentication settings have been saved", + "resourceErrorAuthFetch": "Failed to fetch data", + "resourceErrorAuthFetchDescription": "An error occurred while fetching the data", + "resourceErrorPasswordRemove": "Error removing resource password", + "resourceErrorPasswordRemoveDescription": "An error occurred while removing the resource password", + "resourceErrorPasswordSetup": "Error setting resource password", + "resourceErrorPasswordSetupDescription": "An error occurred while setting the resource password", + "resourceErrorPincodeRemove": "Error removing resource pincode", + "resourceErrorPincodeRemoveDescription": "An error occurred while removing the resource pincode", + "resourceErrorPincodeSetup": "Error setting resource PIN code", + "resourceErrorPincodeSetupDescription": "An error occurred while setting the resource PIN code", + "resourceErrorUsersRolesSave": "Failed to set roles", + "resourceErrorUsersRolesSaveDescription": "An error occurred while setting the roles", + "resourceErrorWhitelistSave": "Failed to save whitelist", + "resourceErrorWhitelistSaveDescription": "An error occurred while saving the whitelist", + "resourcePasswordSubmit": "Enable Password Protection", + "resourcePasswordProtection": "Password Protection {status}", + "resourcePasswordRemove": "Resource password removed", + "resourcePasswordRemoveDescription": "The resource password has been removed successfully", + "resourcePasswordSetup": "Resource password set", + "resourcePasswordSetupDescription": "The resource password has been set successfully", + "resourcePasswordSetupTitle": "Set Password", + "resourcePasswordSetupTitleDescription": "Set a password to protect this resource", + "resourcePincode": "PIN Code", + "resourcePincodeSubmit": "Enable PIN Code Protection", + "resourcePincodeProtection": "PIN Code Protection {status}", + "resourcePincodeRemove": "Resource pincode removed", + "resourcePincodeRemoveDescription": "The resource password has been removed successfully", + "resourcePincodeSetup": "Resource PIN code set", + "resourcePincodeSetupDescription": "The resource pincode has been set successfully", + "resourcePincodeSetupTitle": "Set Pincode", + "resourcePincodeSetupTitleDescription": "Set a pincode to protect this resource", + "resourceRoleDescription": "Admins can always access this resource.", + "resourceUsersRoles": "Users & Roles", + "resourceUsersRolesDescription": "Configure which users and roles can visit this resource", + "resourceUsersRolesSubmit": "Save Users & Roles", + "resourceWhitelistSave": "Saved successfully", + "resourceWhitelistSaveDescription": "Whitelist settings have been saved", + "ssoUse": "Use Platform SSO", + "ssoUseDescription": "Existing users will only have to log in once for all resources that have this enabled.", + "proxyErrorInvalidPort": "Invalid port number", + "subdomainErrorInvalid": "Invalid subdomain", + "domainErrorFetch": "Error fetching domains", + "domainErrorFetchDescription": "An error occurred when fetching the domains", + "resourceErrorUpdate": "Failed to update resource", + "resourceErrorUpdateDescription": "An error occurred while updating the resource", + "resourceUpdated": "Resource updated", + "resourceUpdatedDescription": "The resource has been updated successfully", + "resourceErrorTransfer": "Failed to transfer resource", + "resourceErrorTransferDescription": "An error occurred while transferring the resource", + "resourceTransferred": "Resource transferred", + "resourceTransferredDescription": "The resource has been transferred successfully", + "resourceErrorToggle": "Failed to toggle resource", + "resourceErrorToggleDescription": "An error occurred while updating the resource", + "resourceVisibilityTitle": "Visibility", + "resourceVisibilityTitleDescription": "Completely enable or disable resource visibility", + "resourceGeneral": "General Settings", + "resourceGeneralDescription": "Configure the general settings for this resource", + "resourceEnable": "Enable Resource", + "resourceTransfer": "Transfer Resource", + "resourceTransferDescription": "Transfer this resource to a different site", + "resourceTransferSubmit": "Transfer Resource", + "siteDestination": "Destination Site", + "searchSites": "Search sites", + "accessRoleCreate": "Create Role", + "accessRoleCreateDescription": "Create a new role to group users and manage their permissions.", + "accessRoleCreateSubmit": "Create Role", + "accessRoleCreated": "Role created", + "accessRoleCreatedDescription": "The role has been successfully created.", + "accessRoleErrorCreate": "Failed to create role", + "accessRoleErrorCreateDescription": "An error occurred while creating the role.", + "accessRoleErrorNewRequired": "New role is required", + "accessRoleErrorRemove": "Failed to remove role", + "accessRoleErrorRemoveDescription": "An error occurred while removing the role.", + "accessRoleName": "Role Name", + "accessRoleQuestionRemove": "You're about to delete the {name} role. You cannot undo this action.", + "accessRoleRemove": "Remove Role", + "accessRoleRemoveDescription": "Remove a role from the organization", + "accessRoleRemoveSubmit": "Remove Role", + "accessRoleRemoved": "Role removed", + "accessRoleRemovedDescription": "The role has been successfully removed.", + "accessRoleRequiredRemove": "Before deleting this role, please select a new role to transfer existing members to.", + "manage": "Manage", + "sitesNotFound": "No sites found.", + "pangolinServerAdmin": "Server Admin - Pangolin", + "licenseTierProfessional": "Professional License", + "licenseTierEnterprise": "Enterprise License", + "licenseTierCommercial": "Commercial License", + "licensed": "Licensed", + "yes": "Yes", + "no": "No", + "sitesAdditional": "Additional Sites", + "licenseKeys": "License Keys", + "sitestCountDecrease": "Decrease site count", + "sitestCountIncrease": "Increase site count", + "idpManage": "Manage Identity Providers", + "idpManageDescription": "View and manage identity providers in the system", + "idpDeletedDescription": "Identity provider deleted successfully", + "idpOidc": "OAuth2/OIDC", + "idpQuestionRemove": "Are you sure you want to permanently delete the identity provider {name}?", + "idpMessageRemove": "This will remove the identity provider and all associated configurations. Users who authenticate through this provider will no longer be able to log in.", + "idpMessageConfirm": "To confirm, please type the name of the identity provider below.", + "idpConfirmDelete": "Confirm Delete Identity Provider", + "idpDelete": "Delete Identity Provider", + "idp": "Identity Providers", + "idpSearch": "Search identity providers...", + "idpAdd": "Add Identity Provider", + "idpClientIdRequired": "Client ID is required.", + "idpClientSecretRequired": "Client Secret is required.", + "idpErrorAuthUrlInvalid": "Auth URL must be a valid URL.", + "idpErrorTokenUrlInvalid": "Token URL must be a valid URL.", + "idpPathRequired": "Identifier Path is required.", + "idpScopeRequired": "Scopes are required.", + "idpOidcDescription": "Configure an OpenID Connect identity provider", + "idpCreatedDescription": "Identity provider created successfully", + "idpCreate": "Create Identity Provider", + "idpCreateDescription": "Configure a new identity provider for user authentication", + "idpSeeAll": "See All Identity Providers", + "idpSettingsDescription": "Configure the basic information for your identity provider", + "idpDisplayName": "A display name for this identity provider", + "idpAutoProvisionUsers": "Auto Provision Users", + "idpAutoProvisionUsersDescription": "When enabled, users will be automatically created in the system upon first login with the ability to map users to roles and organizations.", + "licenseBadge": "Professional", + "idpType": "Provider Type", + "idpTypeDescription": "Select the type of identity provider you want to configure", + "idpOidcConfigure": "OAuth2/OIDC Configuration", + "idpOidcConfigureDescription": "Configure the OAuth2/OIDC provider endpoints and credentials", + "idpClientId": "Client ID", + "idpClientIdDescription": "The OAuth2 client ID from your identity provider", + "idpClientSecret": "Client Secret", + "idpClientSecretDescription": "The OAuth2 client secret from your identity provider", + "idpAuthUrl": "Authorization URL", + "idpAuthUrlDescription": "The OAuth2 authorization endpoint URL", + "idpTokenUrl": "Token URL", + "idpTokenUrlDescription": "The OAuth2 token endpoint URL", + "idpOidcConfigureAlert": "Important Information", + "idpOidcConfigureAlertDescription": "After creating the identity provider, you will need to configure the callback URL in your identity provider's settings. The callback URL will be provided after successful creation.", + "idpToken": "Token Configuration", + "idpTokenDescription": "Configure how to extract user information from the ID token", + "idpJmespathAbout": "About JMESPath", + "idpJmespathAboutDescription": "The paths below use JMESPath syntax to extract values from the ID token.", + "idpJmespathAboutDescriptionLink": "Learn more about JMESPath", + "idpJmespathLabel": "Identifier Path", + "idpJmespathLabelDescription": "The path to the user identifier in the ID token", + "idpJmespathEmailPathOptional": "Email Path (Optional)", + "idpJmespathEmailPathOptionalDescription": "The path to the user's email in the ID token", + "idpJmespathNamePathOptional": "Name Path (Optional)", + "idpJmespathNamePathOptionalDescription": "The path to the user's name in the ID token", + "idpOidcConfigureScopes": "Scopes", + "idpOidcConfigureScopesDescription": "Space-separated list of OAuth2 scopes to request", + "idpSubmit": "Create Identity Provider", + "orgPolicies": "Organization Policies", + "idpSettings": "{idpName} Settings", + "idpCreateSettingsDescription": "Configure the settings for your identity provider", + "roleMapping": "Role Mapping", + "orgMapping": "Organization Mapping", + "orgPoliciesSearch": "Search organization policies...", + "orgPoliciesAdd": "Add Organization Policy", + "orgRequired": "Organization is required", + "error": "Error", + "success": "Success", + "orgPolicyAddedDescription": "Policy added successfully", + "orgPolicyUpdatedDescription": "Policy updated successfully", + "orgPolicyDeletedDescription": "Policy deleted successfully", + "defaultMappingsUpdatedDescription": "Default mappings updated successfully", + "orgPoliciesAbout": "About Organization Policies", + "orgPoliciesAboutDescription": "Organization policies are used to control access to organizations based on the user's ID token. You can specify JMESPath expressions to extract role and organization information from the ID token.", + "orgPoliciesAboutDescriptionLink": "See documentation, for more information.", + "defaultMappingsOptional": "Default Mappings (Optional)", + "defaultMappingsOptionalDescription": "The default mappings are used when when there is not an organization policy defined for an organization. You can specify the default role and organization mappings to fall back to here.", + "defaultMappingsRole": "Default Role Mapping", + "defaultMappingsRoleDescription": "The result of this expression must return the role name as defined in the organization as a string.", + "defaultMappingsOrg": "Default Organization Mapping", + "defaultMappingsOrgDescription": "This expression must return the org ID or true for the user to be allowed to access the organization.", + "defaultMappingsSubmit": "Save Default Mappings", + "orgPoliciesEdit": "Edit Organization Policy", + "org": "Organization", + "orgSelect": "Select organization", + "orgSearch": "Search org", + "orgNotFound": "No org found.", + "roleMappingPathOptional": "Role Mapping Path (Optional)", + "orgMappingPathOptional": "Organization Mapping Path (Optional)", + "orgPolicyUpdate": "Update Policy", + "orgPolicyAdd": "Add Policy", + "orgPolicyConfig": "Configure access for an organization", + "idpUpdatedDescription": "Identity provider updated successfully", + "redirectUrl": "Redirect URL", + "redirectUrlAbout": "About Redirect URL", + "redirectUrlAboutDescription": "This is the URL to which users will be redirected after authentication. You need to configure this URL in your identity provider settings.", + "pangolinAuth": "Auth - Pangolin", + "verificationCodeLengthRequirements": "Your verification code must be 8 characters.", + "errorOccurred": "An error occurred", + "emailErrorVerify": "Failed to verify email:", + "emailVerified": "Email successfully verified! Redirecting you...", + "verificationCodeErrorResend": "Failed to resend verification code:", + "verificationCodeResend": "Verification code resent", + "verificationCodeResendDescription": "We've resent a verification code to your email address. Please check your inbox.", + "emailVerify": "Verify Email", + "emailVerifyDescription": "Enter the verification code sent to your email address.", + "verificationCode": "Verification Code", + "verificationCodeEmailSent": "We sent a verification code to your email address.", + "submit": "Submit", + "emailVerifyResendProgress": "Resending...", + "emailVerifyResend": "Didn't receive a code? Click here to resend", + "passwordNotMatch": "Passwords do not match", + "signupError": "An error occurred while signing up", + "pangolinLogoAlt": "Pangolin Logo", + "inviteAlready": "Looks like you've been invited!", + "inviteAlreadyDescription": "To accept the invite, you must log in or create an account.", + "signupQuestion": "Already have an account?", + "login": "Log in", + "resourceNotFound": "Resource Not Found", + "resourceNotFoundDescription": "The resource you're trying to access does not exist.", + "pincodeRequirementsLength": "PIN must be exactly 6 digits", + "pincodeRequirementsChars": "PIN must only contain numbers", + "passwordRequirementsLength": "Password must be at least 1 character long", + "passwordRequirementsTitle": "Password requirements:", + "passwordRequirementLength": "At least 8 characters long", + "passwordRequirementUppercase": "At least one uppercase letter", + "passwordRequirementLowercase": "At least one lowercase letter", + "passwordRequirementNumber": "At least one number", + "passwordRequirementSpecial": "At least one special character", + "passwordRequirementsMet": "✓ Password meets all requirements", + "passwordStrength": "Password strength", + "passwordStrengthWeak": "Weak", + "passwordStrengthMedium": "Medium", + "passwordStrengthStrong": "Strong", + "passwordRequirements": "Requirements:", + "passwordRequirementLengthText": "8+ characters", + "passwordRequirementUppercaseText": "Uppercase letter (A-Z)", + "passwordRequirementLowercaseText": "Lowercase letter (a-z)", + "passwordRequirementNumberText": "Number (0-9)", + "passwordRequirementSpecialText": "Special character (!@#$%...)", + "passwordsDoNotMatch": "Passwords do not match", + "otpEmailRequirementsLength": "OTP must be at least 1 character long", + "otpEmailSent": "OTP Sent", + "otpEmailSentDescription": "An OTP has been sent to your email", + "otpEmailErrorAuthenticate": "Failed to authenticate with email", + "pincodeErrorAuthenticate": "Failed to authenticate with pincode", + "passwordErrorAuthenticate": "Failed to authenticate with password", + "poweredBy": "Powered by", + "authenticationRequired": "Authentication Required", + "authenticationMethodChoose": "Choose your preferred method to access {name}", + "authenticationRequest": "You must authenticate to access {name}", + "user": "User", + "pincodeInput": "6-digit PIN Code", + "pincodeSubmit": "Log in with PIN", + "passwordSubmit": "Log In with Password", + "otpEmailDescription": "A one-time code will be sent to this email.", + "otpEmailSend": "Send One-time Code", + "otpEmail": "One-Time Password (OTP)", + "otpEmailSubmit": "Submit OTP", + "backToEmail": "Back to Email", + "noSupportKey": "Server is running without a supporter key. Consider supporting the project!", + "accessDenied": "Access Denied", + "accessDeniedDescription": "You're not allowed to access this resource. If this is a mistake, please contact the administrator.", + "accessTokenError": "Error checking access token", + "accessGranted": "Access Granted", + "accessUrlInvalid": "Access URL Invalid", + "accessGrantedDescription": "You have been granted access to this resource. Redirecting you...", + "accessUrlInvalidDescription": "This shared access URL is invalid. Please contact the resource owner for a new URL.", + "tokenInvalid": "Invalid token", + "pincodeInvalid": "Invalid code", + "passwordErrorRequestReset": "Failed to request reset:", + "passwordErrorReset": "Failed to reset password:", + "passwordResetSuccess": "Password reset successfully! Back to log in...", + "passwordReset": "Reset Password", + "passwordResetDescription": "Follow the steps to reset your password", + "passwordResetSent": "We'll send a password reset code to this email address.", + "passwordResetCode": "Reset Code", + "passwordResetCodeDescription": "Check your email for the reset code.", + "passwordNew": "New Password", + "passwordNewConfirm": "Confirm New Password", + "pincodeAuth": "Authenticator Code", + "pincodeSubmit2": "Submit Code", + "passwordResetSubmit": "Request Reset", + "passwordBack": "Back to Password", + "loginBack": "Go back to log in", + "signup": "Sign up", + "loginStart": "Log in to get started", + "idpOidcTokenValidating": "Validating OIDC token", + "idpOidcTokenResponse": "Validate OIDC token response", + "idpErrorOidcTokenValidating": "Error validating OIDC token", + "idpConnectingTo": "Connecting to {name}", + "idpConnectingToDescription": "Validating your identity", + "idpConnectingToProcess": "Connecting...", + "idpConnectingToFinished": "Connected", + "idpErrorConnectingTo": "There was a problem connecting to {name}. Please contact your administrator.", + "idpErrorNotFound": "IdP not found", + "inviteInvalid": "Invalid Invite", + "inviteInvalidDescription": "The invite link is invalid.", + "inviteErrorWrongUser": "Invite is not for this user", + "inviteErrorUserNotExists": "User does not exist. Please create an account first.", + "inviteErrorLoginRequired": "You must be logged in to accept an invite", + "inviteErrorExpired": "The invite may have expired", + "inviteErrorRevoked": "The invite might have been revoked", + "inviteErrorTypo": "There could be a typo in the invite link", + "pangolinSetup": "Setup - Pangolin", + "orgNameRequired": "Organization name is required", + "orgIdRequired": "Organization ID is required", + "orgErrorCreate": "An error occurred while creating org", + "pageNotFound": "Page Not Found", + "pageNotFoundDescription": "Oops! The page you're looking for doesn't exist.", + "overview": "Overview", + "home": "Home", + "accessControl": "Access Control", + "settings": "Settings", + "usersAll": "All Users", + "license": "License", + "pangolinDashboard": "Dashboard - Pangolin", + "noResults": "No results found.", + "terabytes": "{count} TB", + "gigabytes": "{count} GB", + "megabytes": "{count} MB", + "tagsEntered": "Entered Tags", + "tagsEnteredDescription": "These are the tags you`ve entered.", + "tagsWarnCannotBeLessThanZero": "maxTags and minTags cannot be less than 0", + "tagsWarnNotAllowedAutocompleteOptions": "Tag not allowed as per autocomplete options", + "tagsWarnInvalid": "Invalid tag as per validateTag", + "tagWarnTooShort": "Tag {tagText} is too short", + "tagWarnTooLong": "Tag {tagText} is too long", + "tagsWarnReachedMaxNumber": "Reached the maximum number of tags allowed", + "tagWarnDuplicate": "Duplicate tag {tagText} not added", + "supportKeyInvalid": "Invalid Key", + "supportKeyInvalidDescription": "Your supporter key is invalid.", + "supportKeyValid": "Valid Key", + "supportKeyValidDescription": "Your supporter key has been validated. Thank you for your support!", + "supportKeyErrorValidationDescription": "Failed to validate supporter key.", + "supportKey": "Support Development and Adopt a Pangolin!", + "supportKeyDescription": "Purchase a supporter key to help us continue developing Pangolin for the community. Your contribution allows us to commit more time to maintain and add new features to the application for everyone. We will never use this to paywall features. This is separate from any Commercial Edition.", + "supportKeyPet": "You will also get to adopt and meet your very own pet Pangolin!", + "supportKeyPurchase": "Payments are processed via GitHub. Afterward, you can retrieve your key on", + "supportKeyPurchaseLink": "our website", + "supportKeyPurchase2": "and redeem it here.", + "supportKeyLearnMore": "Learn more.", + "supportKeyOptions": "Please select the option that best suits you.", + "supportKetOptionFull": "Full Supporter", + "forWholeServer": "For the whole server", + "lifetimePurchase": "Lifetime purchase", + "supporterStatus": "Supporter status", + "buy": "Buy", + "supportKeyOptionLimited": "Limited Supporter", + "forFiveUsers": "For 5 or less users", + "supportKeyRedeem": "Redeem Supporter Key", + "supportKeyHideSevenDays": "Hide for 7 days", + "supportKeyEnter": "Enter Supporter Key", + "supportKeyEnterDescription": "Meet your very own pet Pangolin!", + "githubUsername": "GitHub Username", + "supportKeyInput": "Supporter Key", + "supportKeyBuy": "Buy Supporter Key", + "logoutError": "Error logging out", + "signingAs": "Signed in as", + "serverAdmin": "Server Admin", + "managedSelfhosted": "Managed Self-Hosted", + "otpEnable": "Enable Two-factor", + "otpDisable": "Disable Two-factor", + "logout": "Log Out", + "licenseTierProfessionalRequired": "Professional Edition Required", + "licenseTierProfessionalRequiredDescription": "This feature is only available in the Professional Edition.", + "actionGetOrg": "Get Organization", + "actionUpdateOrg": "Update Organization", + "actionUpdateUser": "Update User", + "actionGetUser": "Get User", + "actionGetOrgUser": "Get Organization User", + "actionListOrgDomains": "List Organization Domains", + "actionCreateSite": "Create Site", + "actionDeleteSite": "Delete Site", + "actionGetSite": "Get Site", + "actionListSites": "List Sites", + "setupToken": "Setup Token", + "setupTokenDescription": "Enter the setup token from the server console.", + "setupTokenRequired": "Setup token is required", + "actionUpdateSite": "Update Site", + "actionListSiteRoles": "List Allowed Site Roles", + "actionCreateResource": "Create Resource", + "actionDeleteResource": "Delete Resource", + "actionGetResource": "Get Resource", + "actionListResource": "List Resources", + "actionUpdateResource": "Update Resource", + "actionListResourceUsers": "List Resource Users", + "actionSetResourceUsers": "Set Resource Users", + "actionSetAllowedResourceRoles": "Set Allowed Resource Roles", + "actionListAllowedResourceRoles": "List Allowed Resource Roles", + "actionSetResourcePassword": "Set Resource Password", + "actionSetResourcePincode": "Set Resource Pincode", + "actionSetResourceEmailWhitelist": "Set Resource Email Whitelist", + "actionGetResourceEmailWhitelist": "Get Resource Email Whitelist", + "actionCreateTarget": "Create Target", + "actionDeleteTarget": "Delete Target", + "actionGetTarget": "Get Target", + "actionListTargets": "List Targets", + "actionUpdateTarget": "Update Target", + "actionCreateRole": "Create Role", + "actionDeleteRole": "Delete Role", + "actionGetRole": "Get Role", + "actionListRole": "List Roles", + "actionUpdateRole": "Update Role", + "actionListAllowedRoleResources": "List Allowed Role Resources", + "actionInviteUser": "Invite User", + "actionRemoveUser": "Remove User", + "actionListUsers": "List Users", + "actionAddUserRole": "Add User Role", + "actionGenerateAccessToken": "Generate Access Token", + "actionDeleteAccessToken": "Delete Access Token", + "actionListAccessTokens": "List Access Tokens", + "actionCreateResourceRule": "Create Resource Rule", + "actionDeleteResourceRule": "Delete Resource Rule", + "actionListResourceRules": "List Resource Rules", + "actionUpdateResourceRule": "Update Resource Rule", + "actionListOrgs": "List Organizations", + "actionCheckOrgId": "Check ID", + "actionCreateOrg": "Create Organization", + "actionDeleteOrg": "Delete Organization", + "actionListApiKeys": "List API Keys", + "actionListApiKeyActions": "List API Key Actions", + "actionSetApiKeyActions": "Set API Key Allowed Actions", + "actionCreateApiKey": "Create API Key", + "actionDeleteApiKey": "Delete API Key", + "actionCreateIdp": "Create IDP", + "actionUpdateIdp": "Update IDP", + "actionDeleteIdp": "Delete IDP", + "actionListIdps": "List IDP", + "actionGetIdp": "Get IDP", + "actionCreateIdpOrg": "Create IDP Org Policy", + "actionDeleteIdpOrg": "Delete IDP Org Policy", + "actionListIdpOrgs": "List IDP Orgs", + "actionUpdateIdpOrg": "Update IDP Org", + "actionCreateClient": "Create Client", + "actionDeleteClient": "Delete Client", + "actionUpdateClient": "Update Client", + "actionListClients": "List Clients", + "actionGetClient": "Get Client", + "noneSelected": "None selected", + "orgNotFound2": "No organizations found.", + "searchProgress": "Search...", + "create": "Create", + "orgs": "Organizations", + "loginError": "An error occurred while logging in", + "passwordForgot": "Forgot your password?", + "otpAuth": "Two-Factor Authentication", + "otpAuthDescription": "Enter the code from your authenticator app or one of your single-use backup codes.", + "otpAuthSubmit": "Submit Code", + "idpContinue": "Or continue with", + "otpAuthBack": "Back to Log In", + "navbar": "Navigation Menu", + "navbarDescription": "Main navigation menu for the application", + "navbarDocsLink": "Documentation", + "commercialEdition": "Commercial Edition", + "otpErrorEnable": "Unable to enable 2FA", + "otpErrorEnableDescription": "An error occurred while enabling 2FA", + "otpSetupCheckCode": "Please enter a 6-digit code", + "otpSetupCheckCodeRetry": "Invalid code. Please try again.", + "otpSetup": "Enable Two-factor Authentication", + "otpSetupDescription": "Secure your account with an extra layer of protection", + "otpSetupScanQr": "Scan this QR code with your authenticator app or enter the secret key manually:", + "otpSetupSecretCode": "Authenticator Code", + "otpSetupSuccess": "Two-Factor Authentication Enabled", + "otpSetupSuccessStoreBackupCodes": "Your account is now more secure. Don't forget to save your backup codes.", + "otpErrorDisable": "Unable to disable 2FA", + "otpErrorDisableDescription": "An error occurred while disabling 2FA", + "otpRemove": "Disable Two-factor Authentication", + "otpRemoveDescription": "Disable two-factor authentication for your account", + "otpRemoveSuccess": "Two-Factor Authentication Disabled", + "otpRemoveSuccessMessage": "Two-factor authentication has been disabled for your account. You can enable it again at any time.", + "otpRemoveSubmit": "Disable 2FA", + "paginator": "Page {current} of {last}", + "paginatorToFirst": "Go to first page", + "paginatorToPrevious": "Go to previous page", + "paginatorToNext": "Go to next page", + "paginatorToLast": "Go to last page", + "copyText": "Copy text", + "copyTextFailed": "Failed to copy text: ", + "copyTextClipboard": "Copy to clipboard", + "inviteErrorInvalidConfirmation": "Invalid confirmation", + "passwordRequired": "Password is required", + "allowAll": "Allow All", + "permissionsAllowAll": "Allow All Permissions", + "githubUsernameRequired": "GitHub username is required", + "supportKeyRequired": "Supporter key is required", + "passwordRequirementsChars": "Password must be at least 8 characters", + "language": "Language", + "verificationCodeRequired": "Code is required", + "userErrorNoUpdate": "No user to update", + "siteErrorNoUpdate": "No site to update", + "resourceErrorNoUpdate": "No resource to update", + "authErrorNoUpdate": "No auth info to update", + "orgErrorNoUpdate": "No org to update", + "orgErrorNoProvided": "No org provided", + "apiKeysErrorNoUpdate": "No API key to update", + "sidebarOverview": "Overview", + "sidebarHome": "Home", + "sidebarSites": "Sites", + "sidebarResources": "Resources", + "sidebarAccessControl": "Access Control", + "sidebarUsers": "Users", + "sidebarInvitations": "Invitations", + "sidebarRoles": "Roles", + "sidebarShareableLinks": "Shareable Links", + "sidebarApiKeys": "API Keys", + "sidebarSettings": "Settings", + "sidebarAllUsers": "All Users", + "sidebarIdentityProviders": "Identity Providers", + "sidebarLicense": "License", + "sidebarClients": "Clients (Beta)", + "sidebarDomains": "Domains", + "enableDockerSocket": "Enable Docker Socket", + "enableDockerSocketDescription": "Enable Docker Socket discovery for populating container information. Socket path must be provided to Newt.", + "enableDockerSocketLink": "Learn More", + "viewDockerContainers": "View Docker Containers", + "containersIn": "Containers in {siteName}", + "selectContainerDescription": "Select any container to use as a hostname for this target. Click a port to use a port.", + "containerName": "Name", + "containerImage": "Image", + "containerState": "State", + "containerNetworks": "Networks", + "containerHostnameIp": "Hostname/IP", + "containerLabels": "Labels", + "containerLabelsCount": "{count, plural, one {# label} other {# labels}}", + "containerLabelsTitle": "Container Labels", + "containerLabelEmpty": "", + "containerPorts": "Ports", + "containerPortsMore": "+{count} more", + "containerActions": "Actions", + "select": "Select", + "noContainersMatchingFilters": "No containers found matching the current filters.", + "showContainersWithoutPorts": "Show containers without ports", + "showStoppedContainers": "Show stopped containers", + "noContainersFound": "No containers found. Make sure Docker containers are running.", + "searchContainersPlaceholder": "Search across {count} containers...", + "searchResultsCount": "{count, plural, one {# result} other {# results}}", + "filters": "Filters", + "filterOptions": "Filter Options", + "filterPorts": "Ports", + "filterStopped": "Stopped", + "clearAllFilters": "Clear all filters", + "columns": "Columns", + "toggleColumns": "Toggle Columns", + "refreshContainersList": "Refresh containers list", + "searching": "Searching...", + "noContainersFoundMatching": "No containers found matching \"{filter}\".", + "light": "light", + "dark": "dark", + "system": "system", + "theme": "Theme", + "subnetRequired": "Subnet is required", + "initialSetupTitle": "Initial Server Setup", + "initialSetupDescription": "Create the intial server admin account. Only one server admin can exist. You can always change these credentials later.", + "createAdminAccount": "Create Admin Account", + "setupErrorCreateAdmin": "An error occurred while creating the server admin account.", + "certificateStatus": "Certificate Status", + "loading": "Loading", + "restart": "Restart", + "domains": "Domains", + "domainsDescription": "Manage domains for your organization", + "domainsSearch": "Search domains...", + "domainAdd": "Add Domain", + "domainAddDescription": "Register a new domain with your organization", + "domainCreate": "Create Domain", + "domainCreatedDescription": "Domain created successfully", + "domainDeletedDescription": "Domain deleted successfully", + "domainQuestionRemove": "Are you sure you want to remove the domain {domain} from your account?", + "domainMessageRemove": "Once removed, the domain will no longer be associated with your account.", + "domainMessageConfirm": "To confirm, please type the domain name below.", + "domainConfirmDelete": "Confirm Delete Domain", + "domainDelete": "Delete Domain", + "domain": "Domain", + "selectDomainTypeNsName": "Domain Delegation (NS)", + "selectDomainTypeNsDescription": "This domain and all its subdomains. Use this when you want to control an entire domain zone.", + "selectDomainTypeCnameName": "Single Domain (CNAME)", + "selectDomainTypeCnameDescription": "Just this specific domain. Use this for individual subdomains or specific domain entries.", + "selectDomainTypeWildcardName": "Wildcard Domain", + "selectDomainTypeWildcardDescription": "This domain and its subdomains.", + "domainDelegation": "Single Domain", + "selectType": "Select a type", + "actions": "Actions", + "refresh": "Refresh", + "refreshError": "Failed to refresh data", + "verified": "Verified", + "pending": "Pending", + "sidebarBilling": "Billing", + "billing": "Billing", + "orgBillingDescription": "Manage your billing information and subscriptions", + "github": "GitHub", + "pangolinHosted": "Pangolin Hosted", + "fossorial": "Fossorial", + "completeAccountSetup": "Complete Account Setup", + "completeAccountSetupDescription": "Set your password to get started", + "accountSetupSent": "We'll send an account setup code to this email address.", + "accountSetupCode": "Setup Code", + "accountSetupCodeDescription": "Check your email for the setup code.", + "passwordCreate": "Create Password", + "passwordCreateConfirm": "Confirm Password", + "accountSetupSubmit": "Send Setup Code", + "completeSetup": "Complete Setup", + "accountSetupSuccess": "Account setup completed! Welcome to Pangolin!", + "documentation": "Documentation", + "saveAllSettings": "Save All Settings", + "settingsUpdated": "Settings updated", + "settingsUpdatedDescription": "All settings have been updated successfully", + "settingsErrorUpdate": "Failed to update settings", + "settingsErrorUpdateDescription": "An error occurred while updating settings", + "sidebarCollapse": "Collapse", + "sidebarExpand": "Expand", + "newtUpdateAvailable": "Update Available", + "newtUpdateAvailableInfo": "A new version of Newt is available. Please update to the latest version for the best experience.", + "domainPickerEnterDomain": "Domain", + "domainPickerPlaceholder": "myapp.example.com, api.v1.mydomain.com, or just myapp", + "domainPickerDescription": "Enter the full domain of the resource to see available options.", + "domainPickerDescriptionSaas": "Enter a full domain, subdomain, or just a name to see available options", + "domainPickerTabAll": "All", + "domainPickerTabOrganization": "Organization", + "domainPickerTabProvided": "Provided", + "domainPickerSortAsc": "A-Z", + "domainPickerSortDesc": "Z-A", + "domainPickerCheckingAvailability": "Checking availability...", + "domainPickerNoMatchingDomains": "No matching domains found. Try a different domain or check your organization's domain settings.", + "domainPickerOrganizationDomains": "Organization Domains", + "domainPickerProvidedDomains": "Provided Domains", + "domainPickerSubdomain": "Subdomain: {subdomain}", + "domainPickerNamespace": "Namespace: {namespace}", + "domainPickerShowMore": "Show More", + "domainNotFound": "Domain Not Found", + "domainNotFoundDescription": "This resource is disabled because the domain no longer exists our system. Please set a new domain for this resource.", + "failed": "Failed", + "createNewOrgDescription": "Create a new organization", + "organization": "Organization", + "port": "Port", + "securityKeyManage": "Manage Security Keys", + "securityKeyDescription": "Add or remove security keys for passwordless authentication", + "securityKeyRegister": "Register New Security Key", + "securityKeyList": "Your Security Keys", + "securityKeyNone": "No security keys registered yet", + "securityKeyNameRequired": "Name is required", + "securityKeyRemove": "Remove", + "securityKeyLastUsed": "Last used: {date}", + "securityKeyNameLabel": "Security Key Name", + "securityKeyRegisterSuccess": "Security key registered successfully", + "securityKeyRegisterError": "Failed to register security key", + "securityKeyRemoveSuccess": "Security key removed successfully", + "securityKeyRemoveError": "Failed to remove security key", + "securityKeyLoadError": "Failed to load security keys", + "securityKeyLogin": "Continue with security key", + "securityKeyAuthError": "Failed to authenticate with security key", + "securityKeyRecommendation": "Register a backup security key on another device to ensure you always have access to your account.", + "registering": "Registering...", + "securityKeyPrompt": "Please verify your identity using your security key. Make sure your security key is connected and ready.", + "securityKeyBrowserNotSupported": "Your browser doesn't support security keys. Please use a modern browser like Chrome, Firefox, or Safari.", + "securityKeyPermissionDenied": "Please allow access to your security key to continue signing in.", + "securityKeyRemovedTooQuickly": "Please keep your security key connected until the sign-in process completes.", + "securityKeyNotSupported": "Your security key may not be compatible. Please try a different security key.", + "securityKeyUnknownError": "There was a problem using your security key. Please try again.", + "twoFactorRequired": "Two-factor authentication is required to register a security key.", + "twoFactor": "Two-Factor Authentication", + "adminEnabled2FaOnYourAccount": "Your administrator has enabled two-factor authentication for {email}. Please complete the setup process to continue.", + "continueToApplication": "Continue to Application", + "securityKeyAdd": "Add Security Key", + "securityKeyRegisterTitle": "Register New Security Key", + "securityKeyRegisterDescription": "Connect your security key and enter a name to identify it", + "securityKeyTwoFactorRequired": "Two-Factor Authentication Required", + "securityKeyTwoFactorDescription": "Please enter your two-factor authentication code to register the security key", + "securityKeyTwoFactorRemoveDescription": "Please enter your two-factor authentication code to remove the security key", + "securityKeyTwoFactorCode": "Two-Factor Code", + "securityKeyRemoveTitle": "Remove Security Key", + "securityKeyRemoveDescription": "Enter your password to remove the security key \"{name}\"", + "securityKeyNoKeysRegistered": "No security keys registered", + "securityKeyNoKeysDescription": "Add a security key to enhance your account security", + "createDomainRequired": "Domain is required", + "createDomainAddDnsRecords": "Add DNS Records", + "createDomainAddDnsRecordsDescription": "Add the following DNS records to your domain provider to complete the setup.", + "createDomainNsRecords": "NS Records", + "createDomainRecord": "Record", + "createDomainType": "Type:", + "createDomainName": "Name:", + "createDomainValue": "Value:", + "createDomainCnameRecords": "CNAME Records", + "createDomainARecords": "A Records", + "createDomainRecordNumber": "Record {number}", + "createDomainTxtRecords": "TXT Records", + "createDomainSaveTheseRecords": "Save These Records", + "createDomainSaveTheseRecordsDescription": "Make sure to save these DNS records as you will not see them again.", + "createDomainDnsPropagation": "DNS Propagation", + "createDomainDnsPropagationDescription": "DNS changes may take some time to propagate across the internet. This can take anywhere from a few minutes to 48 hours, depending on your DNS provider and TTL settings.", + "resourcePortRequired": "Port number is required for non-HTTP resources", + "resourcePortNotAllowed": "Port number should not be set for HTTP resources", + "signUpTerms": { + "IAgreeToThe": "I agree to the", + "termsOfService": "terms of service", + "and": "and", + "privacyPolicy": "privacy policy" + }, + "siteRequired": "Site is required.", + "olmTunnel": "Olm Tunnel", + "olmTunnelDescription": "Use Olm for client connectivity", + "errorCreatingClient": "Error creating client", + "clientDefaultsNotFound": "Client defaults not found", + "createClient": "Create Client", + "createClientDescription": "Create a new client for connecting to your sites", + "seeAllClients": "See All Clients", + "clientInformation": "Client Information", + "clientNamePlaceholder": "Client name", + "address": "Address", + "subnetPlaceholder": "Subnet", + "addressDescription": "The address that this client will use for connectivity", + "selectSites": "Select sites", + "sitesDescription": "The client will have connectivity to the selected sites", + "clientInstallOlm": "Install Olm", + "clientInstallOlmDescription": "Get Olm running on your system", + "clientOlmCredentials": "Olm Credentials", + "clientOlmCredentialsDescription": "This is how Olm will authenticate with the server", + "olmEndpoint": "Olm Endpoint", + "olmId": "Olm ID", + "olmSecretKey": "Olm Secret Key", + "clientCredentialsSave": "Save Your Credentials", + "clientCredentialsSaveDescription": "You will only be able to see this once. Make sure to copy it to a secure place.", + "generalSettingsDescription": "Configure the general settings for this client", + "clientUpdated": "Client updated", + "clientUpdatedDescription": "The client has been updated.", + "clientUpdateFailed": "Failed to update client", + "clientUpdateError": "An error occurred while updating the client.", + "sitesFetchFailed": "Failed to fetch sites", + "sitesFetchError": "An error occurred while fetching sites.", + "olmErrorFetchReleases": "An error occurred while fetching Olm releases.", + "olmErrorFetchLatest": "An error occurred while fetching the latest Olm release.", + "remoteSubnets": "Remote Subnets", + "enterCidrRange": "Enter CIDR range", + "remoteSubnetsDescription": "Add CIDR ranges that can be accessed from this site remotely using clients. Use format like 10.0.0.0/24. This ONLY applies to VPN client connectivity.", + "resourceEnableProxy": "Enable Public Proxy", + "resourceEnableProxyDescription": "Enable public proxying to this resource. This allows access to the resource from outside the network through the cloud on an open port. Requires Traefik config.", + "externalProxyEnabled": "External Proxy Enabled", + "addNewTarget": "Add New Target", + "targetsList": "Targets List", + "targetErrorDuplicateTargetFound": "Duplicate target found", + "httpMethod": "HTTP Method", + "selectHttpMethod": "Select HTTP method", + "domainPickerSubdomainLabel": "Subdomain", + "domainPickerBaseDomainLabel": "Base Domain", + "domainPickerSearchDomains": "Search domains...", + "domainPickerNoDomainsFound": "No domains found", + "domainPickerLoadingDomains": "Loading domains...", + "domainPickerSelectBaseDomain": "Select base domain...", + "domainPickerNotAvailableForCname": "Not available for CNAME domains", + "domainPickerEnterSubdomainOrLeaveBlank": "Enter subdomain or leave blank to use base domain.", + "domainPickerEnterSubdomainToSearch": "Enter a subdomain to search and select from available free domains.", + "domainPickerFreeDomains": "Free Domains", + "domainPickerSearchForAvailableDomains": "Search for available domains", + "resourceDomain": "Domain", + "resourceEditDomain": "Edit Domain", + "siteName": "Site Name", + "proxyPort": "Port", + "resourcesTableProxyResources": "Proxy Resources", + "resourcesTableClientResources": "Client Resources", + "resourcesTableNoProxyResourcesFound": "No proxy resources found.", + "resourcesTableNoInternalResourcesFound": "No internal resources found.", + "resourcesTableDestination": "Destination", + "resourcesTableTheseResourcesForUseWith": "These resources are for use with", + "resourcesTableClients": "Clients", + "resourcesTableAndOnlyAccessibleInternally": "and are only accessible internally when connected with a client.", + "editInternalResourceDialogEditClientResource": "Edit Client Resource", + "editInternalResourceDialogUpdateResourceProperties": "Update the resource properties and target configuration for {resourceName}.", + "editInternalResourceDialogResourceProperties": "Resource Properties", + "editInternalResourceDialogName": "Name", + "editInternalResourceDialogProtocol": "Protocol", + "editInternalResourceDialogSitePort": "Site Port", + "editInternalResourceDialogTargetConfiguration": "Target Configuration", + "editInternalResourceDialogDestinationIP": "Destination IP", + "editInternalResourceDialogDestinationPort": "Destination Port", + "editInternalResourceDialogCancel": "Cancel", + "editInternalResourceDialogSaveResource": "Save Resource", + "editInternalResourceDialogSuccess": "Success", + "editInternalResourceDialogInternalResourceUpdatedSuccessfully": "Internal resource updated successfully", + "editInternalResourceDialogError": "Error", + "editInternalResourceDialogFailedToUpdateInternalResource": "Failed to update internal resource", + "editInternalResourceDialogNameRequired": "Name is required", + "editInternalResourceDialogNameMaxLength": "Name must be less than 255 characters", + "editInternalResourceDialogProxyPortMin": "Proxy port must be at least 1", + "editInternalResourceDialogProxyPortMax": "Proxy port must be less than 65536", + "editInternalResourceDialogInvalidIPAddressFormat": "Invalid IP address format", + "editInternalResourceDialogDestinationPortMin": "Destination port must be at least 1", + "editInternalResourceDialogDestinationPortMax": "Destination port must be less than 65536", + "createInternalResourceDialogNoSitesAvailable": "No Sites Available", + "createInternalResourceDialogNoSitesAvailableDescription": "You need to have at least one Newt site with a subnet configured to create internal resources.", + "createInternalResourceDialogClose": "Close", + "createInternalResourceDialogCreateClientResource": "Create Client Resource", + "createInternalResourceDialogCreateClientResourceDescription": "Create a new resource that will be accessible to clients connected to the selected site.", + "createInternalResourceDialogResourceProperties": "Resource Properties", + "createInternalResourceDialogName": "Name", + "createInternalResourceDialogSite": "Site", + "createInternalResourceDialogSelectSite": "Select site...", + "createInternalResourceDialogSearchSites": "Search sites...", + "createInternalResourceDialogNoSitesFound": "No sites found.", + "createInternalResourceDialogProtocol": "Protocol", + "createInternalResourceDialogTcp": "TCP", + "createInternalResourceDialogUdp": "UDP", + "createInternalResourceDialogSitePort": "Site Port", + "createInternalResourceDialogSitePortDescription": "Use this port to access the resource on the site when connected with a client.", + "createInternalResourceDialogTargetConfiguration": "Target Configuration", + "createInternalResourceDialogDestinationIP": "Destination IP", + "createInternalResourceDialogDestinationIPDescription": "The IP address of the resource on the site's network.", + "createInternalResourceDialogDestinationPort": "Destination Port", + "createInternalResourceDialogDestinationPortDescription": "The port on the destination IP where the resource is accessible.", + "createInternalResourceDialogCancel": "Cancel", + "createInternalResourceDialogCreateResource": "Create Resource", + "createInternalResourceDialogSuccess": "Success", + "createInternalResourceDialogInternalResourceCreatedSuccessfully": "Internal resource created successfully", + "createInternalResourceDialogError": "Error", + "createInternalResourceDialogFailedToCreateInternalResource": "Failed to create internal resource", + "createInternalResourceDialogNameRequired": "Name is required", + "createInternalResourceDialogNameMaxLength": "Name must be less than 255 characters", + "createInternalResourceDialogPleaseSelectSite": "Please select a site", + "createInternalResourceDialogProxyPortMin": "Proxy port must be at least 1", + "createInternalResourceDialogProxyPortMax": "Proxy port must be less than 65536", + "createInternalResourceDialogInvalidIPAddressFormat": "Invalid IP address format", + "createInternalResourceDialogDestinationPortMin": "Destination port must be at least 1", + "createInternalResourceDialogDestinationPortMax": "Destination port must be less than 65536", + "siteConfiguration": "Configuration", + "siteAcceptClientConnections": "Accept Client Connections", + "siteAcceptClientConnectionsDescription": "Allow other devices to connect through this Newt instance as a gateway using clients.", + "siteAddress": "Site Address", + "siteAddressDescription": "Specify the IP address of the host for clients to connect to. This is the internal address of the site in the Pangolin network for clients to address. Must fall within the Org subnet.", + "autoLoginExternalIdp": "Auto Login with External IDP", + "autoLoginExternalIdpDescription": "Immediately redirect the user to the external IDP for authentication.", + "selectIdp": "Select IDP", + "selectIdpPlaceholder": "Choose an IDP...", + "selectIdpRequired": "Please select an IDP when auto login is enabled.", + "autoLoginTitle": "Redirecting", + "autoLoginDescription": "Redirecting you to the external identity provider for authentication.", + "autoLoginProcessing": "Preparing authentication...", + "autoLoginRedirecting": "Redirecting to login...", + "autoLoginError": "Auto Login Error", + "autoLoginErrorNoRedirectUrl": "No redirect URL received from the identity provider.", + "autoLoginErrorGeneratingUrl": "Failed to generate authentication URL." +} diff --git a/messages/cs-CZ.json b/messages/cs-CZ.json index 043367f9..6c25055c 100644 --- a/messages/cs-CZ.json +++ b/messages/cs-CZ.json @@ -10,8 +10,8 @@ "setupErrorIdentifier": "ID organizace je již použito. Zvolte prosím jiné.", "componentsErrorNoMemberCreate": "Zatím nejste členem žádné organizace. Abyste mohli začít, vytvořte si organizaci.", "componentsErrorNoMember": "Zatím nejste členem žádných organizací.", - "welcome": "Welcome!", - "welcomeTo": "Welcome to", + "welcome": "Vítejte!", + "welcomeTo": "Vítejte v", "componentsCreateOrg": "Vytvořte organizaci", "componentsMember": "Jste členem {count, plural, =0 {0 organizací} one {1 organizace} other {# organizací}}.", "componentsInvalidKey": "Byly nalezeny neplatné nebo propadlé licenční klíče. Pokud chcete nadále používat všechny funkce, postupujte podle licenčních podmínek.", @@ -62,91 +62,93 @@ "method": "Způsob", "siteMethodDescription": "Tímto způsobem budete vystavovat spojení.", "siteLearnNewt": "Naučte se, jak nainstalovat Newt na svůj systém", - "siteSeeConfigOnce": "You will only be able to see the configuration once.", - "siteLoadWGConfig": "Loading WireGuard configuration...", - "siteDocker": "Expand for Docker Deployment Details", - "toggle": "Toggle", + "siteSeeConfigOnce": "Konfiguraci uvidíte pouze jednou.", + "siteLoadWGConfig": "Načítání konfigurace WireGuard...", + "siteDocker": "Rozbalit pro detaily nasazení v Dockeru", + "toggle": "Přepínač", "dockerCompose": "Docker Compose", "dockerRun": "Docker Run", - "siteLearnLocal": "Local sites do not tunnel, learn more", - "siteConfirmCopy": "I have copied the config", - "searchSitesProgress": "Search sites...", - "siteAdd": "Add Site", - "siteInstallNewt": "Install Newt", - "siteInstallNewtDescription": "Get Newt running on your system", - "WgConfiguration": "WireGuard Configuration", - "WgConfigurationDescription": "Use the following configuration to connect to your network", - "operatingSystem": "Operating System", - "commands": "Commands", - "recommended": "Recommended", - "siteNewtDescription": "For the best user experience, use Newt. It uses WireGuard under the hood and allows you to address your private resources by their LAN address on your private network from within the Pangolin dashboard.", - "siteRunsInDocker": "Runs in Docker", - "siteRunsInShell": "Runs in shell on macOS, Linux, and Windows", - "siteErrorDelete": "Error deleting site", - "siteErrorUpdate": "Failed to update site", - "siteErrorUpdateDescription": "An error occurred while updating the site.", - "siteUpdated": "Site updated", - "siteUpdatedDescription": "The site has been updated.", - "siteGeneralDescription": "Configure the general settings for this site", - "siteSettingDescription": "Configure the settings on your site", - "siteSetting": "{siteName} Settings", - "siteNewtTunnel": "Newt Tunnel (Recommended)", - "siteNewtTunnelDescription": "Easiest way to create an entrypoint into your network. No extra setup.", - "siteWg": "Basic WireGuard", - "siteWgDescription": "Use any WireGuard client to establish a tunnel. Manual NAT setup required.", - "siteLocalDescription": "Local resources only. No tunneling.", - "siteSeeAll": "See All Sites", - "siteTunnelDescription": "Determine how you want to connect to your site", - "siteNewtCredentials": "Newt Credentials", - "siteNewtCredentialsDescription": "This is how Newt will authenticate with the server", - "siteCredentialsSave": "Save Your Credentials", - "siteCredentialsSaveDescription": "You will only be able to see this once. Make sure to copy it to a secure place.", - "siteInfo": "Site Information", - "status": "Status", - "shareTitle": "Manage Share Links", - "shareDescription": "Create shareable links to grant temporary or permanent access to your resources", - "shareSearch": "Search share links...", - "shareCreate": "Create Share Link", - "shareErrorDelete": "Failed to delete link", - "shareErrorDeleteMessage": "An error occurred deleting link", - "shareDeleted": "Link deleted", - "shareDeletedDescription": "The link has been deleted", - "shareTokenDescription": "Your access token can be passed in two ways: as a query parameter or in the request headers. These must be passed from the client on every request for authenticated access.", - "accessToken": "Access Token", - "usageExamples": "Usage Examples", - "tokenId": "Token ID", - "requestHeades": "Request Headers", - "queryParameter": "Query Parameter", - "importantNote": "Important Note", - "shareImportantDescription": "For security reasons, using headers is recommended over query parameters when possible, as query parameters may be logged in server logs or browser history.", + "siteLearnLocal": "Místní lokality se netunelují, dozvědět se více", + "siteConfirmCopy": "Konfiguraci jsem zkopíroval", + "searchSitesProgress": "Hledat lokality...", + "siteAdd": "Přidat lokalitu", + "siteInstallNewt": "Nainstalovat Newt", + "siteInstallNewtDescription": "Spustit Newt na vašem systému", + "WgConfiguration": "Konfigurace WireGuard", + "WgConfigurationDescription": "Použijte následující konfiguraci pro připojení k vaší síti", + "operatingSystem": "Operační systém", + "commands": "Příkazy", + "recommended": "Doporučeno", + "siteNewtDescription": "Ideálně použijte Newt, který využívá WireGuard a umožňuje adresovat vaše soukromé zdroje pomocí jejich LAN adresy ve vaší privátní síti přímo z dashboardu Pangolin.", + "siteRunsInDocker": "Běží v Dockeru", + "siteRunsInShell": "Běží v shellu na macOS, Linuxu a Windows", + "siteErrorDelete": "Chyba při odstraňování lokality", + "siteErrorUpdate": "Nepodařilo se upravit lokalitu", + "siteErrorUpdateDescription": "Při úpravě lokality došlo k chybě.", + "siteUpdated": "Lokalita upravena", + "siteUpdatedDescription": "Lokalita byla upravena.", + "siteGeneralDescription": "Upravte obecná nastavení pro tuto lokalitu", + "siteSettingDescription": "Upravte nastavení vaší lokality", + "siteSetting": "Nastavení {siteName}", + "siteNewtTunnel": "Tunel Newt (doporučeno)", + "siteNewtTunnelDescription": "Nejjednodušší způsob, jak vytvořit vstupní bod do vaší sítě. Žádné další nastavení.", + "siteWg": "Základní WireGuard", + "siteWgDescription": "Použijte jakéhokoli klienta WireGuard abyste sestavili tunel. Vyžaduje se ruční nastavení NAT.", + "siteWgDescriptionSaas": "Použijte jakéhokoli klienta WireGuard abyste sestavili tunel. Vyžaduje se ruční nastavení NAT. FUNGUJE POUZE NA SELF-HOSTED SERVERECH", + "siteLocalDescription": "Pouze lokální zdroje. Žádný tunel.", + "siteLocalDescriptionSaas": "Pouze lokální zdroje. Žádný tunel. FUNGUJE POUZE NA SELF-HOSTED SERVERECH", + "siteSeeAll": "Zobrazit všechny lokality", + "siteTunnelDescription": "Určete jak se chcete připojit k vaší lokalitě", + "siteNewtCredentials": "Přihlašovací údaje Newt", + "siteNewtCredentialsDescription": "Tímto způsobem se bude Newt autentizovat na serveru", + "siteCredentialsSave": "Uložit přihlašovací údaje", + "siteCredentialsSaveDescription": "Toto nastavení uvidíte pouze jednou. Ujistěte se, že jej zkopírujete na bezpečné místo.", + "siteInfo": "Údaje o lokalitě", + "status": "Stav", + "shareTitle": "Spravovat sdílení odkazů", + "shareDescription": "Vytvořte odkazy, abyste udělili dočasný nebo trvalý přístup k vašim zdrojům", + "shareSearch": "Hledat sdílené odkazy...", + "shareCreate": "Vytvořit odkaz", + "shareErrorDelete": "Nepodařilo se odstranit odkaz", + "shareErrorDeleteMessage": "Došlo k chybě při odstraňování odkazu", + "shareDeleted": "Odkaz odstraněn", + "shareDeletedDescription": "Odkaz byl odstraněn", + "shareTokenDescription": "Váš přístupový token může být předán dvěma způsoby: jako parametr dotazu nebo v záhlaví požadavku. Tyto údaje musí být předány klientem v každé žádosti o ověřený přístup.", + "accessToken": "Přístupový token", + "usageExamples": "Příklady použití", + "tokenId": "ID tokenu", + "requestHeades": "Hlavičky požadavku", + "queryParameter": "Parametry dotazu", + "importantNote": "Důležité upozornění", + "shareImportantDescription": "Z bezpečnostních důvodů je doporučeno používat raději hlavičky než parametry dotazu pokud je to možné, protože parametry dotazu mohou být zaznamenány v logu serveru nebo v historii prohlížeče.", "token": "Token", - "shareTokenSecurety": "Keep your access token secure. Do not share it in publicly accessible areas or client-side code.", - "shareErrorFetchResource": "Failed to fetch resources", - "shareErrorFetchResourceDescription": "An error occurred while fetching the resources", - "shareErrorCreate": "Failed to create share link", - "shareErrorCreateDescription": "An error occurred while creating the share link", - "shareCreateDescription": "Anyone with this link can access the resource", - "shareTitleOptional": "Title (optional)", - "expireIn": "Expire In", - "neverExpire": "Never expire", - "shareExpireDescription": "Expiration time is how long the link will be usable and provide access to the resource. After this time, the link will no longer work, and users who used this link will lose access to the resource.", - "shareSeeOnce": "You will only be able to see this linkonce. Make sure to copy it.", - "shareAccessHint": "Anyone with this link can access the resource. Share it with care.", - "shareTokenUsage": "See Access Token Usage", - "createLink": "Create Link", - "resourcesNotFound": "No resources found", - "resourceSearch": "Search resources", - "openMenu": "Open menu", - "resource": "Resource", - "title": "Title", - "created": "Created", - "expires": "Expires", - "never": "Never", - "shareErrorSelectResource": "Please select a resource", - "resourceTitle": "Manage Resources", - "resourceDescription": "Create secure proxies to your private applications", - "resourcesSearch": "Search resources...", - "resourceAdd": "Add Resource", + "shareTokenSecurety": "Uchovejte přístupový token v bezpečí. Nesdílejte jej na veřejně přístupných místěch nebo v kódu na straně klienta.", + "shareErrorFetchResource": "Nepodařilo se načíst zdroje", + "shareErrorFetchResourceDescription": "Při načítání zdrojů došlo k chybě", + "shareErrorCreate": "Nepodařilo se vytvořit odkaz", + "shareErrorCreateDescription": "Při vytváření odkazu došlo k chybě", + "shareCreateDescription": "Kdokoliv s tímto odkazem může přistupovat ke zdroji", + "shareTitleOptional": "Název (volitelné)", + "expireIn": "Platnost vyprší za", + "neverExpire": "Nikdy nevyprší", + "shareExpireDescription": "Doba platnosti určuje, jak dlouho bude odkaz použitelný a bude poskytovat přístup ke zdroji. Po této době odkaz již nebude fungovat a uživatelé kteří tento odkaz používali ztratí přístup ke zdroji.", + "shareSeeOnce": "Tento odkaz uvidíte pouze jednou. Ujistěte se, že jste jej zkopírovali.", + "shareAccessHint": "Kdokoli s tímto odkazem může přistupovat ke zdroji. Sdílejte jej s rozvahou.", + "shareTokenUsage": "Zobrazit využití přístupového tokenu", + "createLink": "Vytvořit odkaz", + "resourcesNotFound": "Nebyly nalezeny žádné zdroje", + "resourceSearch": "Vyhledat zdroje", + "openMenu": "Otevřít nabídku", + "resource": "Zdroj", + "title": "Název", + "created": "Vytvořeno", + "expires": "Vyprší", + "never": "Nikdy", + "shareErrorSelectResource": "Zvolte prosím zdroj", + "resourceTitle": "Spravovat zdroje", + "resourceDescription": "Vytvořte bezpečné proxy služby pro přístup k privátním aplikacím", + "resourcesSearch": "Prohledat zdroje...", + "resourceAdd": "Přidat zdroj", "resourceErrorDelte": "Error deleting resource", "authentication": "Authentication", "protected": "Protected", @@ -166,7 +168,7 @@ "siteSelect": "Select site", "siteSearch": "Search site", "siteNotFound": "No site found.", - "siteSelectionDescription": "This site will provide connectivity to the resource.", + "siteSelectionDescription": "This site will provide connectivity to the target.", "resourceType": "Resource Type", "resourceTypeDescription": "Determine how you want to access your resource", "resourceHTTPSSettings": "HTTPS Settings", @@ -197,6 +199,7 @@ "general": "General", "generalSettings": "General Settings", "proxy": "Proxy", + "internal": "Internal", "rules": "Rules", "resourceSettingDescription": "Configure the settings on your resource", "resourceSetting": "{resourceName} Settings", @@ -490,7 +493,7 @@ "targetTlsSniDescription": "The TLS Server Name to use for SNI. Leave empty to use the default.", "targetTlsSubmit": "Save Settings", "targets": "Targets Configuration", - "targetsDescription": "Set up targets to route traffic to your services", + "targetsDescription": "Set up targets to route traffic to your backend services", "targetStickySessions": "Enable Sticky Sessions", "targetStickySessionsDescription": "Keep connections on the same backend target for their entire session.", "methodSelect": "Select method", @@ -833,6 +836,24 @@ "pincodeRequirementsLength": "PIN must be exactly 6 digits", "pincodeRequirementsChars": "PIN must only contain numbers", "passwordRequirementsLength": "Password must be at least 1 character long", + "passwordRequirementsTitle": "Password requirements:", + "passwordRequirementLength": "At least 8 characters long", + "passwordRequirementUppercase": "At least one uppercase letter", + "passwordRequirementLowercase": "At least one lowercase letter", + "passwordRequirementNumber": "At least one number", + "passwordRequirementSpecial": "At least one special character", + "passwordRequirementsMet": "✓ Password meets all requirements", + "passwordStrength": "Password strength", + "passwordStrengthWeak": "Weak", + "passwordStrengthMedium": "Medium", + "passwordStrengthStrong": "Strong", + "passwordRequirements": "Requirements:", + "passwordRequirementLengthText": "8+ characters", + "passwordRequirementUppercaseText": "Uppercase letter (A-Z)", + "passwordRequirementLowercaseText": "Lowercase letter (a-z)", + "passwordRequirementNumberText": "Number (0-9)", + "passwordRequirementSpecialText": "Special character (!@#$%...)", + "passwordsDoNotMatch": "Passwords do not match", "otpEmailRequirementsLength": "OTP must be at least 1 character long", "otpEmailSent": "OTP Sent", "otpEmailSentDescription": "An OTP has been sent to your email", @@ -952,6 +973,7 @@ "logoutError": "Error logging out", "signingAs": "Signed in as", "serverAdmin": "Server Admin", + "managedSelfhosted": "Managed Self-Hosted", "otpEnable": "Enable Two-factor", "otpDisable": "Disable Two-factor", "logout": "Log Out", @@ -967,6 +989,9 @@ "actionDeleteSite": "Delete Site", "actionGetSite": "Get Site", "actionListSites": "List Sites", + "setupToken": "Setup Token", + "setupTokenDescription": "Enter the setup token from the server console.", + "setupTokenRequired": "Setup token is required", "actionUpdateSite": "Update Site", "actionListSiteRoles": "List Allowed Site Roles", "actionCreateResource": "Create Resource", @@ -1022,6 +1047,11 @@ "actionDeleteIdpOrg": "Delete IDP Org Policy", "actionListIdpOrgs": "List IDP Orgs", "actionUpdateIdpOrg": "Update IDP Org", + "actionCreateClient": "Create Client", + "actionDeleteClient": "Delete Client", + "actionUpdateClient": "Update Client", + "actionListClients": "List Clients", + "actionGetClient": "Get Client", "noneSelected": "None selected", "orgNotFound2": "No organizations found.", "searchProgress": "Search...", @@ -1315,8 +1345,110 @@ "olmErrorFetchLatest": "An error occurred while fetching the latest Olm release.", "remoteSubnets": "Remote Subnets", "enterCidrRange": "Enter CIDR range", - "remoteSubnetsDescription": "Add CIDR ranges that can access this site remotely. Use format like 10.0.0.0/24 or 192.168.1.0/24.", + "remoteSubnetsDescription": "Add CIDR ranges that can be accessed from this site remotely using clients. Use format like 10.0.0.0/24. This ONLY applies to VPN client connectivity.", "resourceEnableProxy": "Enable Public Proxy", "resourceEnableProxyDescription": "Enable public proxying to this resource. This allows access to the resource from outside the network through the cloud on an open port. Requires Traefik config.", - "externalProxyEnabled": "External Proxy Enabled" + "externalProxyEnabled": "External Proxy Enabled", + "addNewTarget": "Add New Target", + "targetsList": "Targets List", + "targetErrorDuplicateTargetFound": "Duplicate target found", + "httpMethod": "HTTP Method", + "selectHttpMethod": "Select HTTP method", + "domainPickerSubdomainLabel": "Subdomain", + "domainPickerBaseDomainLabel": "Base Domain", + "domainPickerSearchDomains": "Search domains...", + "domainPickerNoDomainsFound": "No domains found", + "domainPickerLoadingDomains": "Loading domains...", + "domainPickerSelectBaseDomain": "Select base domain...", + "domainPickerNotAvailableForCname": "Not available for CNAME domains", + "domainPickerEnterSubdomainOrLeaveBlank": "Enter subdomain or leave blank to use base domain.", + "domainPickerEnterSubdomainToSearch": "Enter a subdomain to search and select from available free domains.", + "domainPickerFreeDomains": "Free Domains", + "domainPickerSearchForAvailableDomains": "Search for available domains", + "resourceDomain": "Domain", + "resourceEditDomain": "Edit Domain", + "siteName": "Site Name", + "proxyPort": "Port", + "resourcesTableProxyResources": "Proxy Resources", + "resourcesTableClientResources": "Client Resources", + "resourcesTableNoProxyResourcesFound": "No proxy resources found.", + "resourcesTableNoInternalResourcesFound": "No internal resources found.", + "resourcesTableDestination": "Destination", + "resourcesTableTheseResourcesForUseWith": "These resources are for use with", + "resourcesTableClients": "Clients", + "resourcesTableAndOnlyAccessibleInternally": "and are only accessible internally when connected with a client.", + "editInternalResourceDialogEditClientResource": "Edit Client Resource", + "editInternalResourceDialogUpdateResourceProperties": "Update the resource properties and target configuration for {resourceName}.", + "editInternalResourceDialogResourceProperties": "Resource Properties", + "editInternalResourceDialogName": "Name", + "editInternalResourceDialogProtocol": "Protocol", + "editInternalResourceDialogSitePort": "Site Port", + "editInternalResourceDialogTargetConfiguration": "Target Configuration", + "editInternalResourceDialogDestinationIP": "Destination IP", + "editInternalResourceDialogDestinationPort": "Destination Port", + "editInternalResourceDialogCancel": "Cancel", + "editInternalResourceDialogSaveResource": "Save Resource", + "editInternalResourceDialogSuccess": "Success", + "editInternalResourceDialogInternalResourceUpdatedSuccessfully": "Internal resource updated successfully", + "editInternalResourceDialogError": "Error", + "editInternalResourceDialogFailedToUpdateInternalResource": "Failed to update internal resource", + "editInternalResourceDialogNameRequired": "Name is required", + "editInternalResourceDialogNameMaxLength": "Name must be less than 255 characters", + "editInternalResourceDialogProxyPortMin": "Proxy port must be at least 1", + "editInternalResourceDialogProxyPortMax": "Proxy port must be less than 65536", + "editInternalResourceDialogInvalidIPAddressFormat": "Invalid IP address format", + "editInternalResourceDialogDestinationPortMin": "Destination port must be at least 1", + "editInternalResourceDialogDestinationPortMax": "Destination port must be less than 65536", + "createInternalResourceDialogNoSitesAvailable": "No Sites Available", + "createInternalResourceDialogNoSitesAvailableDescription": "You need to have at least one Newt site with a subnet configured to create internal resources.", + "createInternalResourceDialogClose": "Close", + "createInternalResourceDialogCreateClientResource": "Create Client Resource", + "createInternalResourceDialogCreateClientResourceDescription": "Create a new resource that will be accessible to clients connected to the selected site.", + "createInternalResourceDialogResourceProperties": "Resource Properties", + "createInternalResourceDialogName": "Name", + "createInternalResourceDialogSite": "Site", + "createInternalResourceDialogSelectSite": "Select site...", + "createInternalResourceDialogSearchSites": "Search sites...", + "createInternalResourceDialogNoSitesFound": "No sites found.", + "createInternalResourceDialogProtocol": "Protocol", + "createInternalResourceDialogTcp": "TCP", + "createInternalResourceDialogUdp": "UDP", + "createInternalResourceDialogSitePort": "Site Port", + "createInternalResourceDialogSitePortDescription": "Use this port to access the resource on the site when connected with a client.", + "createInternalResourceDialogTargetConfiguration": "Target Configuration", + "createInternalResourceDialogDestinationIP": "Destination IP", + "createInternalResourceDialogDestinationIPDescription": "The IP address of the resource on the site's network.", + "createInternalResourceDialogDestinationPort": "Destination Port", + "createInternalResourceDialogDestinationPortDescription": "The port on the destination IP where the resource is accessible.", + "createInternalResourceDialogCancel": "Cancel", + "createInternalResourceDialogCreateResource": "Create Resource", + "createInternalResourceDialogSuccess": "Success", + "createInternalResourceDialogInternalResourceCreatedSuccessfully": "Internal resource created successfully", + "createInternalResourceDialogError": "Error", + "createInternalResourceDialogFailedToCreateInternalResource": "Failed to create internal resource", + "createInternalResourceDialogNameRequired": "Name is required", + "createInternalResourceDialogNameMaxLength": "Name must be less than 255 characters", + "createInternalResourceDialogPleaseSelectSite": "Please select a site", + "createInternalResourceDialogProxyPortMin": "Proxy port must be at least 1", + "createInternalResourceDialogProxyPortMax": "Proxy port must be less than 65536", + "createInternalResourceDialogInvalidIPAddressFormat": "Invalid IP address format", + "createInternalResourceDialogDestinationPortMin": "Destination port must be at least 1", + "createInternalResourceDialogDestinationPortMax": "Destination port must be less than 65536", + "siteConfiguration": "Configuration", + "siteAcceptClientConnections": "Accept Client Connections", + "siteAcceptClientConnectionsDescription": "Allow other devices to connect through this Newt instance as a gateway using clients.", + "siteAddress": "Site Address", + "siteAddressDescription": "Specify the IP address of the host for clients to connect to. This is the internal address of the site in the Pangolin network for clients to address. Must fall within the Org subnet.", + "autoLoginExternalIdp": "Auto Login with External IDP", + "autoLoginExternalIdpDescription": "Immediately redirect the user to the external IDP for authentication.", + "selectIdp": "Select IDP", + "selectIdpPlaceholder": "Choose an IDP...", + "selectIdpRequired": "Please select an IDP when auto login is enabled.", + "autoLoginTitle": "Redirecting", + "autoLoginDescription": "Redirecting you to the external identity provider for authentication.", + "autoLoginProcessing": "Preparing authentication...", + "autoLoginRedirecting": "Redirecting to login...", + "autoLoginError": "Auto Login Error", + "autoLoginErrorNoRedirectUrl": "No redirect URL received from the identity provider.", + "autoLoginErrorGeneratingUrl": "Failed to generate authentication URL." } diff --git a/messages/de-DE.json b/messages/de-DE.json index 7cce81e5..c31b691f 100644 --- a/messages/de-DE.json +++ b/messages/de-DE.json @@ -1,5 +1,5 @@ { - "setupCreate": "Erstelle eine Organisation, Site und Ressourcen", + "setupCreate": "Erstelle eine Organisation, einen Standort und Ressourcen", "setupNewOrg": "Neue Organisation", "setupCreateOrg": "Organisation erstellen", "setupCreateResources": "Ressource erstellen", @@ -16,7 +16,7 @@ "componentsMember": "Du bist Mitglied von {count, plural, =0 {keiner Organisation} one {einer Organisation} other {# Organisationen}}.", "componentsInvalidKey": "Ungültige oder abgelaufene Lizenzschlüssel erkannt. Beachte die Lizenzbedingungen, um alle Funktionen weiterhin zu nutzen.", "dismiss": "Verwerfen", - "componentsLicenseViolation": "Lizenzverstoß: Dieser Server benutzt {usedSites} Sites, die das Lizenzlimit der {maxSites} Sites überschreiten. Beachte die Lizenzbedingungen, um alle Funktionen weiterhin zu nutzen.", + "componentsLicenseViolation": "Lizenzverstoß: Dieser Server benutzt {usedSites} Standorte, was das Lizenzlimit von {maxSites} Standorten überschreitet. Beachte die Lizenzbedingungen, um alle Funktionen weiterhin zu nutzen.", "componentsSupporterMessage": "Vielen Dank für die Unterstützung von Pangolin als {tier}!", "inviteErrorNotValid": "Es tut uns leid, aber es sieht so aus, als wäre die Einladung, auf die du zugreifen möchtest, entweder nicht angenommen worden oder nicht mehr gültig.", "inviteErrorUser": "Es tut uns leid, aber es scheint, als sei die Einladung, auf die du zugreifen möchtest, nicht für diesen Benutzer bestimmt.", @@ -38,25 +38,25 @@ "name": "Name", "online": "Online", "offline": "Offline", - "site": "Seite", + "site": "Standort", "dataIn": "Daten eingehend", "dataOut": "Daten ausgehend", "connectionType": "Verbindungstyp", "tunnelType": "Tunneltyp", "local": "Lokal", "edit": "Bearbeiten", - "siteConfirmDelete": "Site löschen bestätigen", - "siteDelete": "Site löschen", - "siteMessageRemove": "Sobald diese Seite entfernt ist, wird sie nicht mehr zugänglich sein. Alle Ressourcen und Ziele, die mit der Site verbunden sind, werden ebenfalls entfernt.", - "siteMessageConfirm": "Um zu bestätigen, gib den Namen der Site ein.", - "siteQuestionRemove": "Bist du sicher, dass Sie die Site {selectedSite} aus der Organisation entfernt werden soll?", - "siteManageSites": "Sites verwalten", + "siteConfirmDelete": "Standort löschen bestätigen", + "siteDelete": "Standort löschen", + "siteMessageRemove": "Sobald dieser Standort entfernt ist, wird er nicht mehr zugänglich sein. Alle Ressourcen und Ziele, die mit diesem Standort verbunden sind, werden ebenfalls entfernt.", + "siteMessageConfirm": "Um zu bestätigen, gib den Namen des Standortes unten ein.", + "siteQuestionRemove": "Bist du sicher, dass der Standort {selectedSite} aus der Organisation entfernt werden soll?", + "siteManageSites": "Standorte verwalten", "siteDescription": "Verbindung zum Netzwerk durch sichere Tunnel erlauben", - "siteCreate": "Site erstellen", - "siteCreateDescription2": "Folge den nachfolgenden Schritten, um eine neue Site zu erstellen und zu verbinden", - "siteCreateDescription": "Erstelle eine neue Site, um Ressourcen zu verbinden", + "siteCreate": "Standort erstellen", + "siteCreateDescription2": "Folge den nachfolgenden Schritten, um einen neuen Standort zu erstellen und zu verbinden", + "siteCreateDescription": "Erstelle einen neuen Standort, um Ressourcen zu verbinden", "close": "Schließen", - "siteErrorCreate": "Fehler beim Erstellen der Site", + "siteErrorCreate": "Fehler beim Erstellen des Standortes", "siteErrorCreateKeyPair": "Schlüsselpaar oder Standardwerte nicht gefunden", "siteErrorCreateDefaults": "Standardwerte der Site nicht gefunden", "method": "Methode", @@ -70,8 +70,8 @@ "dockerRun": "Docker Run", "siteLearnLocal": "Mehr Infos zu lokalen Sites", "siteConfirmCopy": "Ich habe die Konfiguration kopiert", - "searchSitesProgress": "Sites durchsuchen...", - "siteAdd": "Site hinzufügen", + "searchSitesProgress": "Standorte durchsuchen...", + "siteAdd": "Standort hinzufügen", "siteInstallNewt": "Newt installieren", "siteInstallNewtDescription": "Installiere Newt auf deinem System.", "WgConfiguration": "WireGuard Konfiguration", @@ -82,26 +82,28 @@ "siteNewtDescription": "Nutze Newt für die beste Benutzererfahrung. Newt verwendet WireGuard as Basis und erlaubt Ihnen, Ihre privaten Ressourcen über ihre LAN-Adresse in Ihrem privaten Netzwerk aus dem Pangolin-Dashboard heraus zu adressieren.", "siteRunsInDocker": "Läuft in Docker", "siteRunsInShell": "Läuft in der Konsole auf macOS, Linux und Windows", - "siteErrorDelete": "Fehler beim Löschen der Site", - "siteErrorUpdate": "Fehler beim Aktualisieren der Site", - "siteErrorUpdateDescription": "Beim Aktualisieren der Site ist ein Fehler aufgetreten.", - "siteUpdated": "Site aktualisiert", - "siteUpdatedDescription": "Die Site wurde aktualisiert.", - "siteGeneralDescription": "Allgemeine Einstellungen für diese Site konfigurieren", - "siteSettingDescription": "Konfigurieren der Site Einstellungen", + "siteErrorDelete": "Fehler beim Löschen des Standortes", + "siteErrorUpdate": "Fehler beim Aktualisieren des Standortes", + "siteErrorUpdateDescription": "Beim Aktualisieren des Standortes ist ein Fehler aufgetreten.", + "siteUpdated": "Standort aktualisiert", + "siteUpdatedDescription": "Der Standort wurde aktualisiert.", + "siteGeneralDescription": "Allgemeine Einstellungen für diesen Standort konfigurieren", + "siteSettingDescription": "Konfigurieren der Standort Einstellungen", "siteSetting": "{siteName} Einstellungen", "siteNewtTunnel": "Newt-Tunnel (empfohlen)", "siteNewtTunnelDescription": "Einfachster Weg, einen Zugriffspunkt zu deinem Netzwerk zu erstellen. Keine zusätzliche Einrichtung erforderlich.", "siteWg": "Einfacher WireGuard Tunnel", "siteWgDescription": "Verwende jeden WireGuard-Client, um einen Tunnel einzurichten. Manuelles NAT-Setup erforderlich.", + "siteWgDescriptionSaas": "Verwenden Sie jeden WireGuard-Client, um einen Tunnel zu erstellen. Manuelles NAT-Setup erforderlich. FUNKTIONIERT NUR BEI SELBSTGEHOSTETEN KNOTEN", "siteLocalDescription": "Nur lokale Ressourcen. Kein Tunneling.", - "siteSeeAll": "Alle Sites anzeigen", - "siteTunnelDescription": "Lege fest, wie du dich mit deiner Site verbinden möchtest", + "siteLocalDescriptionSaas": "Nur lokale Ressourcen. Keine Tunneldurchführung. FUNKTIONIERT NUR BEI SELBSTGEHOSTETEN KNOTEN", + "siteSeeAll": "Alle Standorte anzeigen", + "siteTunnelDescription": "Lege fest, wie du dich mit deinem Standort verbinden möchtest", "siteNewtCredentials": "Neue Newt Zugangsdaten", "siteNewtCredentialsDescription": "So wird sich Newt mit dem Server authentifizieren", "siteCredentialsSave": "Ihre Zugangsdaten speichern", "siteCredentialsSaveDescription": "Du kannst das nur einmal sehen. Stelle sicher, dass du es an einen sicheren Ort kopierst.", - "siteInfo": "Site-Informationen", + "siteInfo": "Standort-Informationen", "status": "Status", "shareTitle": "Links zum Teilen verwalten", "shareDescription": "Erstellen Sie teilbare Links, um temporären oder permanenten Zugriff auf Ihre Ressourcen zu gewähren", @@ -163,10 +165,10 @@ "resourceSeeAll": "Alle Ressourcen anzeigen", "resourceInfo": "Ressourcen-Informationen", "resourceNameDescription": "Dies ist der Anzeigename für die Ressource.", - "siteSelect": "Site auswählen", - "siteSearch": "Website durchsuchen", - "siteNotFound": "Keine Site gefunden.", - "siteSelectionDescription": "Diese Seite wird die Verbindung zu der Ressource herstellen.", + "siteSelect": "Standort auswählen", + "siteSearch": "Standorte durchsuchen", + "siteNotFound": "Keinen Standort gefunden.", + "siteSelectionDescription": "Dieser Standort wird die Verbindung zum Ziel herstellen.", "resourceType": "Ressourcentyp", "resourceTypeDescription": "Legen Sie fest, wie Sie auf Ihre Ressource zugreifen möchten", "resourceHTTPSSettings": "HTTPS-Einstellungen", @@ -197,6 +199,7 @@ "general": "Allgemein", "generalSettings": "Allgemeine Einstellungen", "proxy": "Proxy", + "internal": "Intern", "rules": "Regeln", "resourceSettingDescription": "Konfigurieren Sie die Einstellungen Ihrer Ressource", "resourceSetting": "{resourceName} Einstellungen", @@ -302,7 +305,7 @@ "userQuestionRemove": "Sind Sie sicher, dass Sie {selectedUser} dauerhaft vom Server löschen möchten?", "licenseKey": "Lizenzschlüssel", "valid": "Gültig", - "numberOfSites": "Anzahl der Sites", + "numberOfSites": "Anzahl der Standorte", "licenseKeySearch": "Lizenzschlüssel suchen...", "licenseKeyAdd": "Lizenzschlüssel hinzufügen", "type": "Typ", @@ -342,16 +345,16 @@ "licensedNot": "Nicht lizenziert", "hostId": "Host-ID", "licenseReckeckAll": "Überprüfe alle Schlüssel", - "licenseSiteUsage": "Website-Nutzung", - "licenseSiteUsageDecsription": "Sehen Sie sich die Anzahl der Sites an, die diese Lizenz verwenden.", - "licenseNoSiteLimit": "Die Anzahl der Sites, die einen nicht lizenzierten Host verwenden, ist unbegrenzt.", + "licenseSiteUsage": "Standort-Nutzung", + "licenseSiteUsageDecsription": "Sehen Sie sich die Anzahl der Standorte an, die diese Lizenz verwenden.", + "licenseNoSiteLimit": "Die Anzahl der Standorte, die einen nicht lizenzierten Host verwenden, ist unbegrenzt.", "licensePurchase": "Lizenz kaufen", - "licensePurchaseSites": "Zusätzliche Seiten kaufen", - "licenseSitesUsedMax": "{usedSites} der {maxSites} Seiten verwendet", - "licenseSitesUsed": "{count, plural, =0 {# Seiten} one {# Seite} other {# Seiten}} im System.", + "licensePurchaseSites": "Zusätzliche Standorte kaufen\n", + "licenseSitesUsedMax": "{usedSites} von {maxSites} Standorten verwendet", + "licenseSitesUsed": "{count, plural, =0 {# Standorte} one {# Standort} other {# Standorte}} im System.", "licensePurchaseDescription": "Wähle aus, für wieviele Seiten du möchtest {selectedMode, select, license {kaufe eine Lizenz. Du kannst später immer weitere Seiten hinzufügen.} other {Füge zu deiner bestehenden Lizenz hinzu.}}", "licenseFee": "Lizenzgebühr", - "licensePriceSite": "Preis pro Seite", + "licensePriceSite": "Preis pro Standort", "total": "Gesamt", "licenseContinuePayment": "Weiter zur Zahlung", "pricingPage": "Preisseite", @@ -467,7 +470,7 @@ "targetErrorDuplicate": "Doppeltes Ziel", "targetErrorDuplicateDescription": "Ein Ziel mit diesen Einstellungen existiert bereits", "targetWireGuardErrorInvalidIp": "Ungültige Ziel-IP", - "targetWireGuardErrorInvalidIpDescription": "Die Ziel-IP muss innerhalb des Site-Subnets liegen", + "targetWireGuardErrorInvalidIpDescription": "Die Ziel-IP muss innerhalb des Standort-Subnets liegen", "targetsUpdated": "Ziele aktualisiert", "targetsUpdatedDescription": "Ziele und Einstellungen erfolgreich aktualisiert", "targetsErrorUpdate": "Fehler beim Aktualisieren der Ziele", @@ -490,7 +493,7 @@ "targetTlsSniDescription": "Der zu verwendende TLS-Servername für SNI. Leer lassen, um den Standard zu verwenden.", "targetTlsSubmit": "Einstellungen speichern", "targets": "Ziel-Konfiguration", - "targetsDescription": "Richten Sie Ziele ein, um Datenverkehr zu Ihren Diensten zu leiten", + "targetsDescription": "Richten Sie Ziele ein, um Datenverkehr zu Ihren Backend-Diensten zu leiten", "targetStickySessions": "Sticky Sessions aktivieren", "targetStickySessionsDescription": "Verbindungen für die gesamte Sitzung auf demselben Backend-Ziel halten.", "methodSelect": "Methode auswählen", @@ -558,8 +561,8 @@ "resourceErrorCreateDescription": "Beim Erstellen der Ressource ist ein Fehler aufgetreten", "resourceErrorCreateMessage": "Fehler beim Erstellen der Ressource:", "resourceErrorCreateMessageDescription": "Ein unerwarteter Fehler ist aufgetreten", - "sitesErrorFetch": "Fehler beim Abrufen der Sites", - "sitesErrorFetchDescription": "Beim Abrufen der Sites ist ein Fehler aufgetreten", + "sitesErrorFetch": "Fehler beim Abrufen der Standorte", + "sitesErrorFetchDescription": "Beim Abrufen der Standorte ist ein Fehler aufgetreten", "domainsErrorFetch": "Fehler beim Abrufen der Domains", "domainsErrorFetchDescription": "Beim Abrufen der Domains ist ein Fehler aufgetreten", "none": "Keine", @@ -677,10 +680,10 @@ "resourceGeneralDescription": "Konfigurieren Sie die allgemeinen Einstellungen für diese Ressource", "resourceEnable": "Ressource aktivieren", "resourceTransfer": "Ressource übertragen", - "resourceTransferDescription": "Diese Ressource auf eine andere Site übertragen", + "resourceTransferDescription": "Diese Ressource auf einen anderen Standort übertragen", "resourceTransferSubmit": "Ressource übertragen", - "siteDestination": "Zielsite", - "searchSites": "Sites durchsuchen", + "siteDestination": "Zielort", + "searchSites": "Standorte durchsuchen", "accessRoleCreate": "Rolle erstellen", "accessRoleCreateDescription": "Erstellen Sie eine neue Rolle, um Benutzer zu gruppieren und ihre Berechtigungen zu verwalten.", "accessRoleCreateSubmit": "Rolle erstellen", @@ -700,7 +703,7 @@ "accessRoleRemovedDescription": "Die Rolle wurde erfolgreich entfernt.", "accessRoleRequiredRemove": "Bevor Sie diese Rolle löschen, wählen Sie bitte eine neue Rolle aus, zu der die bestehenden Mitglieder übertragen werden sollen.", "manage": "Verwalten", - "sitesNotFound": "Keine Sites gefunden.", + "sitesNotFound": "Keine Standorte gefunden.", "pangolinServerAdmin": "Server-Admin - Pangolin", "licenseTierProfessional": "Professional Lizenz", "licenseTierEnterprise": "Enterprise Lizenz", @@ -708,10 +711,10 @@ "licensed": "Lizenziert", "yes": "Ja", "no": "Nein", - "sitesAdditional": "Zusätzliche Sites", + "sitesAdditional": "Zusätzliche Standorte", "licenseKeys": "Lizenzschlüssel", - "sitestCountDecrease": "Anzahl der Sites verringern", - "sitestCountIncrease": "Anzahl der Sites erhöhen", + "sitestCountDecrease": "Anzahl der Standorte verringern", + "sitestCountIncrease": "Anzahl der Standorte erhöhen", "idpManage": "Identitätsanbieter verwalten", "idpManageDescription": "Identitätsanbieter im System anzeigen und verwalten", "idpDeletedDescription": "Identitätsanbieter erfolgreich gelöscht", @@ -833,6 +836,24 @@ "pincodeRequirementsLength": "PIN muss genau 6 Ziffern lang sein", "pincodeRequirementsChars": "PIN darf nur Zahlen enthalten", "passwordRequirementsLength": "Passwort muss mindestens 1 Zeichen lang sein", + "passwordRequirementsTitle": "Passwortanforderungen:", + "passwordRequirementLength": "Mindestens 8 Zeichen lang", + "passwordRequirementUppercase": "Mindestens ein Großbuchstabe", + "passwordRequirementLowercase": "Mindestens ein Kleinbuchstabe", + "passwordRequirementNumber": "Mindestens eine Zahl", + "passwordRequirementSpecial": "Mindestens ein Sonderzeichen", + "passwordRequirementsMet": "✓ Passwort erfüllt alle Anforderungen", + "passwordStrength": "Passwortstärke", + "passwordStrengthWeak": "Schwach", + "passwordStrengthMedium": "Mittel", + "passwordStrengthStrong": "Stark", + "passwordRequirements": "Anforderungen:", + "passwordRequirementLengthText": "8+ Zeichen", + "passwordRequirementUppercaseText": "Großbuchstabe (A-Z)", + "passwordRequirementLowercaseText": "Kleinbuchstabe (a-z)", + "passwordRequirementNumberText": "Zahl (0-9)", + "passwordRequirementSpecialText": "Sonderzeichen (!@#$%...)", + "passwordsDoNotMatch": "Passwörter stimmen nicht überein", "otpEmailRequirementsLength": "OTP muss mindestens 1 Zeichen lang sein", "otpEmailSent": "OTP gesendet", "otpEmailSentDescription": "Ein OTP wurde an Ihre E-Mail gesendet", @@ -952,6 +973,7 @@ "logoutError": "Fehler beim Abmelden", "signingAs": "Angemeldet als", "serverAdmin": "Server-Administrator", + "managedSelfhosted": "Verwaltetes Selbsthosted", "otpEnable": "Zwei-Faktor aktivieren", "otpDisable": "Zwei-Faktor deaktivieren", "logout": "Abmelden", @@ -963,12 +985,15 @@ "actionGetUser": "Benutzer abrufen", "actionGetOrgUser": "Organisationsbenutzer abrufen", "actionListOrgDomains": "Organisationsdomänen auflisten", - "actionCreateSite": "Site erstellen", - "actionDeleteSite": "Site löschen", - "actionGetSite": "Site abrufen", - "actionListSites": "Sites auflisten", - "actionUpdateSite": "Site aktualisieren", - "actionListSiteRoles": "Erlaubte Site-Rollen auflisten", + "actionCreateSite": "Standort erstellen", + "actionDeleteSite": "Standort löschen", + "actionGetSite": "Standort abrufen", + "actionListSites": "Standorte auflisten", + "setupToken": "Setup-Token", + "setupTokenDescription": "Geben Sie das Setup-Token von der Serverkonsole ein.", + "setupTokenRequired": "Setup-Token ist erforderlich", + "actionUpdateSite": "Standorte aktualisieren", + "actionListSiteRoles": "Erlaubte Standort-Rollen auflisten", "actionCreateResource": "Ressource erstellen", "actionDeleteResource": "Ressource löschen", "actionGetResource": "Ressource abrufen", @@ -1022,6 +1047,11 @@ "actionDeleteIdpOrg": "IDP-Organisationsrichtlinie löschen", "actionListIdpOrgs": "IDP-Organisationen auflisten", "actionUpdateIdpOrg": "IDP-Organisation aktualisieren", + "actionCreateClient": "Kunde erstellen", + "actionDeleteClient": "Kunde löschen", + "actionUpdateClient": "Kunde aktualisieren", + "actionListClients": "Kunden auflisten", + "actionGetClient": "Kunde holen", "noneSelected": "Keine ausgewählt", "orgNotFound2": "Keine Organisationen gefunden.", "searchProgress": "Suche...", @@ -1073,7 +1103,7 @@ "language": "Sprache", "verificationCodeRequired": "Code ist erforderlich", "userErrorNoUpdate": "Kein Benutzer zum Aktualisieren", - "siteErrorNoUpdate": "Keine Site zum Aktualisieren", + "siteErrorNoUpdate": "Keine Standorte zum Aktualisieren", "resourceErrorNoUpdate": "Keine Ressource zum Aktualisieren", "authErrorNoUpdate": "Keine Auth-Informationen zum Aktualisieren", "orgErrorNoUpdate": "Keine Organisation zum Aktualisieren", @@ -1081,7 +1111,7 @@ "apiKeysErrorNoUpdate": "Kein API-Schlüssel zum Aktualisieren", "sidebarOverview": "Übersicht", "sidebarHome": "Zuhause", - "sidebarSites": "Seiten", + "sidebarSites": "Standorte", "sidebarResources": "Ressourcen", "sidebarAccessControl": "Zugriffskontrolle", "sidebarUsers": "Benutzer", @@ -1280,21 +1310,21 @@ "and": "und", "privacyPolicy": "Datenschutzrichtlinie" }, - "siteRequired": "Site ist erforderlich.", + "siteRequired": "Standort ist erforderlich.", "olmTunnel": "Olm Tunnel", "olmTunnelDescription": "Nutzen Sie Olm für die Kundenverbindung", "errorCreatingClient": "Fehler beim Erstellen des Clients", "clientDefaultsNotFound": "Kundenvorgaben nicht gefunden", "createClient": "Client erstellen", - "createClientDescription": "Erstellen Sie einen neuen Client für die Verbindung zu Ihren Sites.", + "createClientDescription": "Erstellen Sie einen neuen Client für die Verbindung zu Ihren Standorten.", "seeAllClients": "Alle Clients anzeigen", "clientInformation": "Kundeninformationen", "clientNamePlaceholder": "Kundenname", "address": "Adresse", "subnetPlaceholder": "Subnetz", "addressDescription": "Die Adresse, die dieser Client für die Verbindung verwenden wird.", - "selectSites": "Sites auswählen", - "sitesDescription": "Der Client wird zu den ausgewählten Sites eine Verbindung haben.", + "selectSites": "Standorte auswählen", + "sitesDescription": "Der Client wird zu den ausgewählten Standorten eine Verbindung haben.", "clientInstallOlm": "Olm installieren", "clientInstallOlmDescription": "Olm auf Ihrem System zum Laufen bringen", "clientOlmCredentials": "Olm-Zugangsdaten", @@ -1309,14 +1339,116 @@ "clientUpdatedDescription": "Der Client wurde aktualisiert.", "clientUpdateFailed": "Fehler beim Aktualisieren des Clients", "clientUpdateError": "Beim Aktualisieren des Clients ist ein Fehler aufgetreten.", - "sitesFetchFailed": "Fehler beim Abrufen von Sites", - "sitesFetchError": "Beim Abrufen von Sites ist ein Fehler aufgetreten.", + "sitesFetchFailed": "Fehler beim Abrufen von Standorten", + "sitesFetchError": "Beim Abrufen von Standorten ist ein Fehler aufgetreten.", "olmErrorFetchReleases": "Beim Abrufen von Olm-Veröffentlichungen ist ein Fehler aufgetreten.", "olmErrorFetchLatest": "Beim Abrufen der neuesten Olm-Veröffentlichung ist ein Fehler aufgetreten.", "remoteSubnets": "Remote-Subnetze", "enterCidrRange": "Geben Sie den CIDR-Bereich ein", - "remoteSubnetsDescription": "Fügen Sie CIDR-Bereiche hinzu, die aus der Ferne auf diese Site zugreifen können. Verwenden Sie das Format wie 10.0.0.0/24 oder 192.168.1.0/24.", + "remoteSubnetsDescription": "Fügen Sie CIDR-Bereiche hinzu, die über Clients von dieser Site aus remote zugänglich sind. Verwenden Sie ein Format wie 10.0.0.0/24. Dies gilt NUR für die VPN-Client-Konnektivität.", "resourceEnableProxy": "Öffentlichen Proxy aktivieren", "resourceEnableProxyDescription": "Ermöglichen Sie öffentliches Proxieren zu dieser Ressource. Dies ermöglicht den Zugriff auf die Ressource von außerhalb des Netzwerks durch die Cloud über einen offenen Port. Erfordert Traefik-Config.", - "externalProxyEnabled": "Externer Proxy aktiviert" + "externalProxyEnabled": "Externer Proxy aktiviert", + "addNewTarget": "Neues Ziel hinzufügen", + "targetsList": "Ziel-Liste", + "targetErrorDuplicateTargetFound": "Doppeltes Ziel gefunden", + "httpMethod": "HTTP-Methode", + "selectHttpMethod": "HTTP-Methode auswählen", + "domainPickerSubdomainLabel": "Subdomain", + "domainPickerBaseDomainLabel": "Basisdomäne", + "domainPickerSearchDomains": "Domains suchen...", + "domainPickerNoDomainsFound": "Keine Domains gefunden", + "domainPickerLoadingDomains": "Domains werden geladen...", + "domainPickerSelectBaseDomain": "Basisdomäne auswählen...", + "domainPickerNotAvailableForCname": "Für CNAME-Domains nicht verfügbar", + "domainPickerEnterSubdomainOrLeaveBlank": "Geben Sie eine Subdomain ein oder lassen Sie das Feld leer, um die Basisdomäne zu verwenden.", + "domainPickerEnterSubdomainToSearch": "Geben Sie eine Subdomain ein, um verfügbare freie Domains zu suchen und auszuwählen.", + "domainPickerFreeDomains": "Freie Domains", + "domainPickerSearchForAvailableDomains": "Verfügbare Domains suchen", + "resourceDomain": "Domain", + "resourceEditDomain": "Domain bearbeiten", + "siteName": "Site-Name", + "proxyPort": "Port", + "resourcesTableProxyResources": "Proxy-Ressourcen", + "resourcesTableClientResources": "Client-Ressourcen", + "resourcesTableNoProxyResourcesFound": "Keine Proxy-Ressourcen gefunden.", + "resourcesTableNoInternalResourcesFound": "Keine internen Ressourcen gefunden.", + "resourcesTableDestination": "Ziel", + "resourcesTableTheseResourcesForUseWith": "Diese Ressourcen sind zur Verwendung mit", + "resourcesTableClients": "Kunden", + "resourcesTableAndOnlyAccessibleInternally": "und sind nur intern zugänglich, wenn mit einem Client verbunden.", + "editInternalResourceDialogEditClientResource": "Client-Ressource bearbeiten", + "editInternalResourceDialogUpdateResourceProperties": "Aktualisieren Sie die Ressourceneigenschaften und die Zielkonfiguration für {resourceName}.", + "editInternalResourceDialogResourceProperties": "Ressourceneigenschaften", + "editInternalResourceDialogName": "Name", + "editInternalResourceDialogProtocol": "Protokoll", + "editInternalResourceDialogSitePort": "Site-Port", + "editInternalResourceDialogTargetConfiguration": "Zielkonfiguration", + "editInternalResourceDialogDestinationIP": "Ziel-IP", + "editInternalResourceDialogDestinationPort": "Ziel-Port", + "editInternalResourceDialogCancel": "Abbrechen", + "editInternalResourceDialogSaveResource": "Ressource speichern", + "editInternalResourceDialogSuccess": "Erfolg", + "editInternalResourceDialogInternalResourceUpdatedSuccessfully": "Interne Ressource erfolgreich aktualisiert", + "editInternalResourceDialogError": "Fehler", + "editInternalResourceDialogFailedToUpdateInternalResource": "Interne Ressource konnte nicht aktualisiert werden", + "editInternalResourceDialogNameRequired": "Name ist erforderlich", + "editInternalResourceDialogNameMaxLength": "Der Name darf nicht länger als 255 Zeichen sein", + "editInternalResourceDialogProxyPortMin": "Proxy-Port muss mindestens 1 sein", + "editInternalResourceDialogProxyPortMax": "Proxy-Port muss kleiner als 65536 sein", + "editInternalResourceDialogInvalidIPAddressFormat": "Ungültiges IP-Adressformat", + "editInternalResourceDialogDestinationPortMin": "Ziel-Port muss mindestens 1 sein", + "editInternalResourceDialogDestinationPortMax": "Ziel-Port muss kleiner als 65536 sein", + "createInternalResourceDialogNoSitesAvailable": "Keine Sites verfügbar", + "createInternalResourceDialogNoSitesAvailableDescription": "Sie müssen mindestens eine Newt-Site mit einem konfigurierten Subnetz haben, um interne Ressourcen zu erstellen.", + "createInternalResourceDialogClose": "Schließen", + "createInternalResourceDialogCreateClientResource": "Ressource erstellen", + "createInternalResourceDialogCreateClientResourceDescription": "Erstellen Sie eine neue Ressource, die für Clients zugänglich ist, die mit der ausgewählten Site verbunden sind.", + "createInternalResourceDialogResourceProperties": "Ressourceneigenschaften", + "createInternalResourceDialogName": "Name", + "createInternalResourceDialogSite": "Standort", + "createInternalResourceDialogSelectSite": "Standort auswählen...", + "createInternalResourceDialogSearchSites": "Sites durchsuchen...", + "createInternalResourceDialogNoSitesFound": "Keine Standorte gefunden.", + "createInternalResourceDialogProtocol": "Protokoll", + "createInternalResourceDialogTcp": "TCP", + "createInternalResourceDialogUdp": "UDP", + "createInternalResourceDialogSitePort": "Site-Port", + "createInternalResourceDialogSitePortDescription": "Verwenden Sie diesen Port, um bei Verbindung mit einem Client auf die Ressource an der Site zuzugreifen.", + "createInternalResourceDialogTargetConfiguration": "Zielkonfiguration", + "createInternalResourceDialogDestinationIP": "Ziel-IP", + "createInternalResourceDialogDestinationIPDescription": "Die IP-Adresse der Ressource im Netzwerkstandort der Site.", + "createInternalResourceDialogDestinationPort": "Ziel-Port", + "createInternalResourceDialogDestinationPortDescription": "Der Port auf der Ziel-IP, unter dem die Ressource zugänglich ist.", + "createInternalResourceDialogCancel": "Abbrechen", + "createInternalResourceDialogCreateResource": "Ressource erstellen", + "createInternalResourceDialogSuccess": "Erfolg", + "createInternalResourceDialogInternalResourceCreatedSuccessfully": "Interne Ressource erfolgreich erstellt", + "createInternalResourceDialogError": "Fehler", + "createInternalResourceDialogFailedToCreateInternalResource": "Interne Ressource konnte nicht erstellt werden", + "createInternalResourceDialogNameRequired": "Name ist erforderlich", + "createInternalResourceDialogNameMaxLength": "Der Name darf nicht länger als 255 Zeichen sein", + "createInternalResourceDialogPleaseSelectSite": "Bitte wählen Sie eine Site aus", + "createInternalResourceDialogProxyPortMin": "Proxy-Port muss mindestens 1 sein", + "createInternalResourceDialogProxyPortMax": "Proxy-Port muss kleiner als 65536 sein", + "createInternalResourceDialogInvalidIPAddressFormat": "Ungültiges IP-Adressformat", + "createInternalResourceDialogDestinationPortMin": "Ziel-Port muss mindestens 1 sein", + "createInternalResourceDialogDestinationPortMax": "Ziel-Port muss kleiner als 65536 sein", + "siteConfiguration": "Konfiguration", + "siteAcceptClientConnections": "Clientverbindungen akzeptieren", + "siteAcceptClientConnectionsDescription": "Erlauben Sie anderen Geräten, über diese Newt-Instanz mit Clients als Gateway zu verbinden.", + "siteAddress": "Site-Adresse", + "siteAddressDescription": "Geben Sie die IP-Adresse des Hosts an, mit dem sich die Clients verbinden sollen. Dies ist die interne Adresse der Site im Pangolin-Netzwerk, die von Clients angesprochen werden muss. Muss innerhalb des Unternehmens-Subnetzes liegen.", + "autoLoginExternalIdp": "Automatische Anmeldung mit externem IDP", + "autoLoginExternalIdpDescription": "Leiten Sie den Benutzer sofort zur Authentifizierung an den externen IDP weiter.", + "selectIdp": "IDP auswählen", + "selectIdpPlaceholder": "Wählen Sie einen IDP...", + "selectIdpRequired": "Bitte wählen Sie einen IDP aus, wenn automatische Anmeldung aktiviert ist.", + "autoLoginTitle": "Weiterleitung", + "autoLoginDescription": "Sie werden zum externen Identitätsanbieter zur Authentifizierung weitergeleitet.", + "autoLoginProcessing": "Authentifizierung vorbereiten...", + "autoLoginRedirecting": "Weiterleitung zur Anmeldung...", + "autoLoginError": "Fehler bei der automatischen Anmeldung", + "autoLoginErrorNoRedirectUrl": "Keine Weiterleitungs-URL vom Identitätsanbieter erhalten.", + "autoLoginErrorGeneratingUrl": "Fehler beim Generieren der Authentifizierungs-URL." } diff --git a/messages/en-US.json b/messages/en-US.json index e69e2b46..ba22ff77 100644 --- a/messages/en-US.json +++ b/messages/en-US.json @@ -94,7 +94,9 @@ "siteNewtTunnelDescription": "Easiest way to create an entrypoint into your network. No extra setup.", "siteWg": "Basic WireGuard", "siteWgDescription": "Use any WireGuard client to establish a tunnel. Manual NAT setup required.", + "siteWgDescriptionSaas": "Use any WireGuard client to establish a tunnel. Manual NAT setup required. ONLY WORKS ON SELF HOSTED NODES", "siteLocalDescription": "Local resources only. No tunneling.", + "siteLocalDescriptionSaas": "Local resources only. No tunneling. ONLY WORKS ON SELF HOSTED NODES", "siteSeeAll": "See All Sites", "siteTunnelDescription": "Determine how you want to connect to your site", "siteNewtCredentials": "Newt Credentials", @@ -166,7 +168,7 @@ "siteSelect": "Select site", "siteSearch": "Search site", "siteNotFound": "No site found.", - "siteSelectionDescription": "This site will provide connectivity to the resource.", + "siteSelectionDescription": "This site will provide connectivity to the target.", "resourceType": "Resource Type", "resourceTypeDescription": "Determine how you want to access your resource", "resourceHTTPSSettings": "HTTPS Settings", @@ -197,6 +199,7 @@ "general": "General", "generalSettings": "General Settings", "proxy": "Proxy", + "internal": "Internal", "rules": "Rules", "resourceSettingDescription": "Configure the settings on your resource", "resourceSetting": "{resourceName} Settings", @@ -490,7 +493,7 @@ "targetTlsSniDescription": "The TLS Server Name to use for SNI. Leave empty to use the default.", "targetTlsSubmit": "Save Settings", "targets": "Targets Configuration", - "targetsDescription": "Set up targets to route traffic to your services", + "targetsDescription": "Set up targets to route traffic to your backend services", "targetStickySessions": "Enable Sticky Sessions", "targetStickySessionsDescription": "Keep connections on the same backend target for their entire session.", "methodSelect": "Select method", @@ -833,6 +836,24 @@ "pincodeRequirementsLength": "PIN must be exactly 6 digits", "pincodeRequirementsChars": "PIN must only contain numbers", "passwordRequirementsLength": "Password must be at least 1 character long", + "passwordRequirementsTitle": "Password requirements:", + "passwordRequirementLength": "At least 8 characters long", + "passwordRequirementUppercase": "At least one uppercase letter", + "passwordRequirementLowercase": "At least one lowercase letter", + "passwordRequirementNumber": "At least one number", + "passwordRequirementSpecial": "At least one special character", + "passwordRequirementsMet": "✓ Password meets all requirements", + "passwordStrength": "Password strength", + "passwordStrengthWeak": "Weak", + "passwordStrengthMedium": "Medium", + "passwordStrengthStrong": "Strong", + "passwordRequirements": "Requirements:", + "passwordRequirementLengthText": "8+ characters", + "passwordRequirementUppercaseText": "Uppercase letter (A-Z)", + "passwordRequirementLowercaseText": "Lowercase letter (a-z)", + "passwordRequirementNumberText": "Number (0-9)", + "passwordRequirementSpecialText": "Special character (!@#$%...)", + "passwordsDoNotMatch": "Passwords do not match", "otpEmailRequirementsLength": "OTP must be at least 1 character long", "otpEmailSent": "OTP Sent", "otpEmailSentDescription": "An OTP has been sent to your email", @@ -952,6 +973,7 @@ "logoutError": "Error logging out", "signingAs": "Signed in as", "serverAdmin": "Server Admin", + "managedSelfhosted": "Managed Self-Hosted", "otpEnable": "Enable Two-factor", "otpDisable": "Disable Two-factor", "logout": "Log Out", @@ -967,6 +989,9 @@ "actionDeleteSite": "Delete Site", "actionGetSite": "Get Site", "actionListSites": "List Sites", + "setupToken": "Setup Token", + "setupTokenDescription": "Enter the setup token from the server console.", + "setupTokenRequired": "Setup token is required", "actionUpdateSite": "Update Site", "actionListSiteRoles": "List Allowed Site Roles", "actionCreateResource": "Create Resource", @@ -1022,6 +1047,11 @@ "actionDeleteIdpOrg": "Delete IDP Org Policy", "actionListIdpOrgs": "List IDP Orgs", "actionUpdateIdpOrg": "Update IDP Org", + "actionCreateClient": "Create Client", + "actionDeleteClient": "Delete Client", + "actionUpdateClient": "Update Client", + "actionListClients": "List Clients", + "actionGetClient": "Get Client", "noneSelected": "None selected", "orgNotFound2": "No organizations found.", "searchProgress": "Search...", @@ -1315,8 +1345,110 @@ "olmErrorFetchLatest": "An error occurred while fetching the latest Olm release.", "remoteSubnets": "Remote Subnets", "enterCidrRange": "Enter CIDR range", - "remoteSubnetsDescription": "Add CIDR ranges that can access this site remotely. Use format like 10.0.0.0/24 or 192.168.1.0/24.", + "remoteSubnetsDescription": "Add CIDR ranges that can be accessed from this site remotely using clients. Use format like 10.0.0.0/24. This ONLY applies to VPN client connectivity.", "resourceEnableProxy": "Enable Public Proxy", "resourceEnableProxyDescription": "Enable public proxying to this resource. This allows access to the resource from outside the network through the cloud on an open port. Requires Traefik config.", - "externalProxyEnabled": "External Proxy Enabled" + "externalProxyEnabled": "External Proxy Enabled", + "addNewTarget": "Add New Target", + "targetsList": "Targets List", + "targetErrorDuplicateTargetFound": "Duplicate target found", + "httpMethod": "HTTP Method", + "selectHttpMethod": "Select HTTP method", + "domainPickerSubdomainLabel": "Subdomain", + "domainPickerBaseDomainLabel": "Base Domain", + "domainPickerSearchDomains": "Search domains...", + "domainPickerNoDomainsFound": "No domains found", + "domainPickerLoadingDomains": "Loading domains...", + "domainPickerSelectBaseDomain": "Select base domain...", + "domainPickerNotAvailableForCname": "Not available for CNAME domains", + "domainPickerEnterSubdomainOrLeaveBlank": "Enter subdomain or leave blank to use base domain.", + "domainPickerEnterSubdomainToSearch": "Enter a subdomain to search and select from available free domains.", + "domainPickerFreeDomains": "Free Domains", + "domainPickerSearchForAvailableDomains": "Search for available domains", + "resourceDomain": "Domain", + "resourceEditDomain": "Edit Domain", + "siteName": "Site Name", + "proxyPort": "Port", + "resourcesTableProxyResources": "Proxy Resources", + "resourcesTableClientResources": "Client Resources", + "resourcesTableNoProxyResourcesFound": "No proxy resources found.", + "resourcesTableNoInternalResourcesFound": "No internal resources found.", + "resourcesTableDestination": "Destination", + "resourcesTableTheseResourcesForUseWith": "These resources are for use with", + "resourcesTableClients": "Clients", + "resourcesTableAndOnlyAccessibleInternally": "and are only accessible internally when connected with a client.", + "editInternalResourceDialogEditClientResource": "Edit Client Resource", + "editInternalResourceDialogUpdateResourceProperties": "Update the resource properties and target configuration for {resourceName}.", + "editInternalResourceDialogResourceProperties": "Resource Properties", + "editInternalResourceDialogName": "Name", + "editInternalResourceDialogProtocol": "Protocol", + "editInternalResourceDialogSitePort": "Site Port", + "editInternalResourceDialogTargetConfiguration": "Target Configuration", + "editInternalResourceDialogDestinationIP": "Destination IP", + "editInternalResourceDialogDestinationPort": "Destination Port", + "editInternalResourceDialogCancel": "Cancel", + "editInternalResourceDialogSaveResource": "Save Resource", + "editInternalResourceDialogSuccess": "Success", + "editInternalResourceDialogInternalResourceUpdatedSuccessfully": "Internal resource updated successfully", + "editInternalResourceDialogError": "Error", + "editInternalResourceDialogFailedToUpdateInternalResource": "Failed to update internal resource", + "editInternalResourceDialogNameRequired": "Name is required", + "editInternalResourceDialogNameMaxLength": "Name must be less than 255 characters", + "editInternalResourceDialogProxyPortMin": "Proxy port must be at least 1", + "editInternalResourceDialogProxyPortMax": "Proxy port must be less than 65536", + "editInternalResourceDialogInvalidIPAddressFormat": "Invalid IP address format", + "editInternalResourceDialogDestinationPortMin": "Destination port must be at least 1", + "editInternalResourceDialogDestinationPortMax": "Destination port must be less than 65536", + "createInternalResourceDialogNoSitesAvailable": "No Sites Available", + "createInternalResourceDialogNoSitesAvailableDescription": "You need to have at least one Newt site with a subnet configured to create internal resources.", + "createInternalResourceDialogClose": "Close", + "createInternalResourceDialogCreateClientResource": "Create Client Resource", + "createInternalResourceDialogCreateClientResourceDescription": "Create a new resource that will be accessible to clients connected to the selected site.", + "createInternalResourceDialogResourceProperties": "Resource Properties", + "createInternalResourceDialogName": "Name", + "createInternalResourceDialogSite": "Site", + "createInternalResourceDialogSelectSite": "Select site...", + "createInternalResourceDialogSearchSites": "Search sites...", + "createInternalResourceDialogNoSitesFound": "No sites found.", + "createInternalResourceDialogProtocol": "Protocol", + "createInternalResourceDialogTcp": "TCP", + "createInternalResourceDialogUdp": "UDP", + "createInternalResourceDialogSitePort": "Site Port", + "createInternalResourceDialogSitePortDescription": "Use this port to access the resource on the site when connected with a client.", + "createInternalResourceDialogTargetConfiguration": "Target Configuration", + "createInternalResourceDialogDestinationIP": "Destination IP", + "createInternalResourceDialogDestinationIPDescription": "The IP address of the resource on the site's network.", + "createInternalResourceDialogDestinationPort": "Destination Port", + "createInternalResourceDialogDestinationPortDescription": "The port on the destination IP where the resource is accessible.", + "createInternalResourceDialogCancel": "Cancel", + "createInternalResourceDialogCreateResource": "Create Resource", + "createInternalResourceDialogSuccess": "Success", + "createInternalResourceDialogInternalResourceCreatedSuccessfully": "Internal resource created successfully", + "createInternalResourceDialogError": "Error", + "createInternalResourceDialogFailedToCreateInternalResource": "Failed to create internal resource", + "createInternalResourceDialogNameRequired": "Name is required", + "createInternalResourceDialogNameMaxLength": "Name must be less than 255 characters", + "createInternalResourceDialogPleaseSelectSite": "Please select a site", + "createInternalResourceDialogProxyPortMin": "Proxy port must be at least 1", + "createInternalResourceDialogProxyPortMax": "Proxy port must be less than 65536", + "createInternalResourceDialogInvalidIPAddressFormat": "Invalid IP address format", + "createInternalResourceDialogDestinationPortMin": "Destination port must be at least 1", + "createInternalResourceDialogDestinationPortMax": "Destination port must be less than 65536", + "siteConfiguration": "Configuration", + "siteAcceptClientConnections": "Accept Client Connections", + "siteAcceptClientConnectionsDescription": "Allow other devices to connect through this Newt instance as a gateway using clients.", + "siteAddress": "Site Address", + "siteAddressDescription": "Specify the IP address of the host for clients to connect to. This is the internal address of the site in the Pangolin network for clients to address. Must fall within the Org subnet.", + "autoLoginExternalIdp": "Auto Login with External IDP", + "autoLoginExternalIdpDescription": "Immediately redirect the user to the external IDP for authentication.", + "selectIdp": "Select IDP", + "selectIdpPlaceholder": "Choose an IDP...", + "selectIdpRequired": "Please select an IDP when auto login is enabled.", + "autoLoginTitle": "Redirecting", + "autoLoginDescription": "Redirecting you to the external identity provider for authentication.", + "autoLoginProcessing": "Preparing authentication...", + "autoLoginRedirecting": "Redirecting to login...", + "autoLoginError": "Auto Login Error", + "autoLoginErrorNoRedirectUrl": "No redirect URL received from the identity provider.", + "autoLoginErrorGeneratingUrl": "Failed to generate authentication URL." } diff --git a/messages/es-ES.json b/messages/es-ES.json index e1d289c8..f4d03d69 100644 --- a/messages/es-ES.json +++ b/messages/es-ES.json @@ -94,7 +94,9 @@ "siteNewtTunnelDescription": "La forma más fácil de crear un punto de entrada en tu red. Sin configuración adicional.", "siteWg": "Wirex Guardia Básica", "siteWgDescription": "Utilice cualquier cliente Wirex Guard para establecer un túnel. Se requiere una configuración manual de NAT.", + "siteWgDescriptionSaas": "Utilice cualquier cliente de WireGuard para establecer un túnel. Se requiere configuración manual de NAT. SOLO FUNCIONA EN NODOS AUTOGESTIONADOS", "siteLocalDescription": "Solo recursos locales. Sin túneles.", + "siteLocalDescriptionSaas": "Solo recursos locales. Sin túneles. SOLO FUNCIONA EN NODOS AUTOGESTIONADOS", "siteSeeAll": "Ver todos los sitios", "siteTunnelDescription": "Determina cómo quieres conectarte a tu sitio", "siteNewtCredentials": "Credenciales nuevas", @@ -166,7 +168,7 @@ "siteSelect": "Seleccionar sitio", "siteSearch": "Buscar sitio", "siteNotFound": "Sitio no encontrado.", - "siteSelectionDescription": "Este sitio proporcionará conectividad al recurso.", + "siteSelectionDescription": "Este sitio proporcionará conectividad al objetivo.", "resourceType": "Tipo de recurso", "resourceTypeDescription": "Determina cómo quieres acceder a tu recurso", "resourceHTTPSSettings": "Configuración HTTPS", @@ -197,6 +199,7 @@ "general": "General", "generalSettings": "Configuración General", "proxy": "Proxy", + "internal": "Interno", "rules": "Reglas", "resourceSettingDescription": "Configure la configuración de su recurso", "resourceSetting": "Ajustes {resourceName}", @@ -833,6 +836,24 @@ "pincodeRequirementsLength": "El PIN debe tener exactamente 6 dígitos", "pincodeRequirementsChars": "El PIN sólo debe contener números", "passwordRequirementsLength": "La contraseña debe tener al menos 1 carácter", + "passwordRequirementsTitle": "Requisitos de la contraseña:", + "passwordRequirementLength": "Al menos 8 caracteres de largo", + "passwordRequirementUppercase": "Al menos una letra mayúscula", + "passwordRequirementLowercase": "Al menos una letra minúscula", + "passwordRequirementNumber": "Al menos un número", + "passwordRequirementSpecial": "Al menos un carácter especial", + "passwordRequirementsMet": "✓ La contraseña cumple con todos los requisitos", + "passwordStrength": "Seguridad de la contraseña", + "passwordStrengthWeak": "Débil", + "passwordStrengthMedium": "Media", + "passwordStrengthStrong": "Fuerte", + "passwordRequirements": "Requisitos:", + "passwordRequirementLengthText": "8+ caracteres", + "passwordRequirementUppercaseText": "Letra mayúscula (A-Z)", + "passwordRequirementLowercaseText": "Letra minúscula (a-z)", + "passwordRequirementNumberText": "Número (0-9)", + "passwordRequirementSpecialText": "Caracter especial (!@#$%...)", + "passwordsDoNotMatch": "Las contraseñas no coinciden", "otpEmailRequirementsLength": "OTP debe tener al menos 1 carácter", "otpEmailSent": "OTP enviado", "otpEmailSentDescription": "Un OTP ha sido enviado a tu correo electrónico", @@ -952,6 +973,7 @@ "logoutError": "Error al cerrar sesión", "signingAs": "Conectado como", "serverAdmin": "Admin Servidor", + "managedSelfhosted": "Autogestionado", "otpEnable": "Activar doble factor", "otpDisable": "Desactivar doble factor", "logout": "Cerrar sesión", @@ -967,6 +989,9 @@ "actionDeleteSite": "Eliminar sitio", "actionGetSite": "Obtener sitio", "actionListSites": "Listar sitios", + "setupToken": "Configuración de token", + "setupTokenDescription": "Ingrese el token de configuración desde la consola del servidor.", + "setupTokenRequired": "Se requiere el token de configuración", "actionUpdateSite": "Actualizar sitio", "actionListSiteRoles": "Lista de roles permitidos del sitio", "actionCreateResource": "Crear Recurso", @@ -1022,6 +1047,11 @@ "actionDeleteIdpOrg": "Eliminar política de IDP Org", "actionListIdpOrgs": "Listar Orgs IDP", "actionUpdateIdpOrg": "Actualizar IDP Org", + "actionCreateClient": "Crear cliente", + "actionDeleteClient": "Eliminar cliente", + "actionUpdateClient": "Actualizar cliente", + "actionListClients": "Listar clientes", + "actionGetClient": "Obtener cliente", "noneSelected": "Ninguno seleccionado", "orgNotFound2": "No se encontraron organizaciones.", "searchProgress": "Buscar...", @@ -1315,8 +1345,110 @@ "olmErrorFetchLatest": "Se ha producido un error al recuperar la última versión de Olm.", "remoteSubnets": "Subredes remotas", "enterCidrRange": "Ingresa el rango CIDR", - "remoteSubnetsDescription": "Agregue rangos CIDR que puedan acceder a este sitio de forma remota. Use un formato como 10.0.0.0/24 o 192.168.1.0/24.", + "remoteSubnetsDescription": "Agregue rangos CIDR que se puedan acceder desde este sitio de forma remota usando clientes. Utilice el formato como 10.0.0.0/24. Esto SOLO se aplica a la conectividad del cliente VPN.", "resourceEnableProxy": "Habilitar proxy público", "resourceEnableProxyDescription": "Habilite el proxy público para este recurso. Esto permite el acceso al recurso desde fuera de la red a través de la nube en un puerto abierto. Requiere configuración de Traefik.", - "externalProxyEnabled": "Proxy externo habilitado" + "externalProxyEnabled": "Proxy externo habilitado", + "addNewTarget": "Agregar nuevo destino", + "targetsList": "Lista de destinos", + "targetErrorDuplicateTargetFound": "Se encontró un destino duplicado", + "httpMethod": "Método HTTP", + "selectHttpMethod": "Seleccionar método HTTP", + "domainPickerSubdomainLabel": "Subdominio", + "domainPickerBaseDomainLabel": "Dominio base", + "domainPickerSearchDomains": "Buscar dominios...", + "domainPickerNoDomainsFound": "No se encontraron dominios", + "domainPickerLoadingDomains": "Cargando dominios...", + "domainPickerSelectBaseDomain": "Seleccionar dominio base...", + "domainPickerNotAvailableForCname": "No disponible para dominios CNAME", + "domainPickerEnterSubdomainOrLeaveBlank": "Ingrese subdominio o deje en blanco para usar dominio base.", + "domainPickerEnterSubdomainToSearch": "Ingrese un subdominio para buscar y seleccionar entre dominios gratuitos disponibles.", + "domainPickerFreeDomains": "Dominios gratuitos", + "domainPickerSearchForAvailableDomains": "Buscar dominios disponibles", + "resourceDomain": "Dominio", + "resourceEditDomain": "Editar dominio", + "siteName": "Nombre del sitio", + "proxyPort": "Puerto", + "resourcesTableProxyResources": "Recursos de proxy", + "resourcesTableClientResources": "Recursos del cliente", + "resourcesTableNoProxyResourcesFound": "No se encontraron recursos de proxy.", + "resourcesTableNoInternalResourcesFound": "No se encontraron recursos internos.", + "resourcesTableDestination": "Destino", + "resourcesTableTheseResourcesForUseWith": "Estos recursos son para uso con", + "resourcesTableClients": "Clientes", + "resourcesTableAndOnlyAccessibleInternally": "y solo son accesibles internamente cuando se conectan con un cliente.", + "editInternalResourceDialogEditClientResource": "Editar recurso del cliente", + "editInternalResourceDialogUpdateResourceProperties": "Actualizar las propiedades del recurso y la configuración del objetivo para {resourceName}.", + "editInternalResourceDialogResourceProperties": "Propiedades del recurso", + "editInternalResourceDialogName": "Nombre", + "editInternalResourceDialogProtocol": "Protocolo", + "editInternalResourceDialogSitePort": "Puerto del sitio", + "editInternalResourceDialogTargetConfiguration": "Configuración de objetivos", + "editInternalResourceDialogDestinationIP": "IP de destino", + "editInternalResourceDialogDestinationPort": "Puerto de destino", + "editInternalResourceDialogCancel": "Cancelar", + "editInternalResourceDialogSaveResource": "Guardar recurso", + "editInternalResourceDialogSuccess": "Éxito", + "editInternalResourceDialogInternalResourceUpdatedSuccessfully": "Recurso interno actualizado con éxito", + "editInternalResourceDialogError": "Error", + "editInternalResourceDialogFailedToUpdateInternalResource": "Error al actualizar el recurso interno", + "editInternalResourceDialogNameRequired": "El nombre es requerido", + "editInternalResourceDialogNameMaxLength": "El nombre no debe tener más de 255 caracteres", + "editInternalResourceDialogProxyPortMin": "El puerto del proxy debe ser al menos 1", + "editInternalResourceDialogProxyPortMax": "El puerto del proxy debe ser menor de 65536", + "editInternalResourceDialogInvalidIPAddressFormat": "Formato de dirección IP inválido", + "editInternalResourceDialogDestinationPortMin": "El puerto de destino debe ser al menos 1", + "editInternalResourceDialogDestinationPortMax": "El puerto de destino debe ser menor de 65536", + "createInternalResourceDialogNoSitesAvailable": "No hay sitios disponibles", + "createInternalResourceDialogNoSitesAvailableDescription": "Necesita tener al menos un sitio de Newt con una subred configurada para crear recursos internos.", + "createInternalResourceDialogClose": "Cerrar", + "createInternalResourceDialogCreateClientResource": "Crear recurso del cliente", + "createInternalResourceDialogCreateClientResourceDescription": "Crear un nuevo recurso que será accesible para los clientes conectados al sitio seleccionado.", + "createInternalResourceDialogResourceProperties": "Propiedades del recurso", + "createInternalResourceDialogName": "Nombre", + "createInternalResourceDialogSite": "Sitio", + "createInternalResourceDialogSelectSite": "Seleccionar sitio...", + "createInternalResourceDialogSearchSites": "Buscar sitios...", + "createInternalResourceDialogNoSitesFound": "Sitios no encontrados.", + "createInternalResourceDialogProtocol": "Protocolo", + "createInternalResourceDialogTcp": "TCP", + "createInternalResourceDialogUdp": "UDP", + "createInternalResourceDialogSitePort": "Puerto del sitio", + "createInternalResourceDialogSitePortDescription": "Use este puerto para acceder al recurso en el sitio cuando se conecta con un cliente.", + "createInternalResourceDialogTargetConfiguration": "Configuración de objetivos", + "createInternalResourceDialogDestinationIP": "IP de destino", + "createInternalResourceDialogDestinationIPDescription": "La dirección IP del recurso en la red del sitio.", + "createInternalResourceDialogDestinationPort": "Puerto de destino", + "createInternalResourceDialogDestinationPortDescription": "El puerto en la IP de destino donde el recurso es accesible.", + "createInternalResourceDialogCancel": "Cancelar", + "createInternalResourceDialogCreateResource": "Crear recurso", + "createInternalResourceDialogSuccess": "Éxito", + "createInternalResourceDialogInternalResourceCreatedSuccessfully": "Recurso interno creado con éxito", + "createInternalResourceDialogError": "Error", + "createInternalResourceDialogFailedToCreateInternalResource": "Error al crear recurso interno", + "createInternalResourceDialogNameRequired": "El nombre es requerido", + "createInternalResourceDialogNameMaxLength": "El nombre debe ser menor de 255 caracteres", + "createInternalResourceDialogPleaseSelectSite": "Por favor seleccione un sitio", + "createInternalResourceDialogProxyPortMin": "El puerto del proxy debe ser al menos 1", + "createInternalResourceDialogProxyPortMax": "El puerto del proxy debe ser menor de 65536", + "createInternalResourceDialogInvalidIPAddressFormat": "Formato de dirección IP inválido", + "createInternalResourceDialogDestinationPortMin": "El puerto de destino debe ser al menos 1", + "createInternalResourceDialogDestinationPortMax": "El puerto de destino debe ser menor de 65536", + "siteConfiguration": "Configuración", + "siteAcceptClientConnections": "Aceptar conexiones de clientes", + "siteAcceptClientConnectionsDescription": "Permitir que otros dispositivos se conecten a través de esta instancia Newt como una puerta de enlace utilizando clientes.", + "siteAddress": "Dirección del sitio", + "siteAddressDescription": "Especifique la dirección IP del host que los clientes deben usar para conectarse. Esta es la dirección interna del sitio en la red de Pangolín para que los clientes dirijan. Debe estar dentro de la subred de la organización.", + "autoLoginExternalIdp": "Inicio de sesión automático con IDP externo", + "autoLoginExternalIdpDescription": "Redirigir inmediatamente al usuario al IDP externo para autenticación.", + "selectIdp": "Seleccionar IDP", + "selectIdpPlaceholder": "Elegir un IDP...", + "selectIdpRequired": "Por favor seleccione un IDP cuando el inicio de sesión automático esté habilitado.", + "autoLoginTitle": "Redirigiendo", + "autoLoginDescription": "Te estamos redirigiendo al proveedor de identidad externo para autenticación.", + "autoLoginProcessing": "Preparando autenticación...", + "autoLoginRedirecting": "Redirigiendo al inicio de sesión...", + "autoLoginError": "Error de inicio de sesión automático", + "autoLoginErrorNoRedirectUrl": "No se recibió URL de redirección del proveedor de identidad.", + "autoLoginErrorGeneratingUrl": "Error al generar URL de autenticación." } diff --git a/messages/fr-FR.json b/messages/fr-FR.json index ccf9ccea..e2a6fa4a 100644 --- a/messages/fr-FR.json +++ b/messages/fr-FR.json @@ -94,7 +94,9 @@ "siteNewtTunnelDescription": "La façon la plus simple de créer un point d'entrée dans votre réseau. Pas de configuration supplémentaire.", "siteWg": "WireGuard basique", "siteWgDescription": "Utilisez n'importe quel client WireGuard pour établir un tunnel. Configuration NAT manuelle requise.", + "siteWgDescriptionSaas": "Utilisez n'importe quel client WireGuard pour établir un tunnel. Configuration NAT manuelle requise. FONCTIONNE UNIQUEMENT SUR DES NŒUDS AUTONOMES", "siteLocalDescription": "Ressources locales seulement. Pas de tunneling.", + "siteLocalDescriptionSaas": "Ressources locales uniquement. Pas de tunneling. FONCTIONNE UNIQUEMENT SUR DES NŒUDS AUTONOMES", "siteSeeAll": "Voir tous les sites", "siteTunnelDescription": "Déterminez comment vous voulez vous connecter à votre site", "siteNewtCredentials": "Identifiants Newt", @@ -166,7 +168,7 @@ "siteSelect": "Sélectionner un site", "siteSearch": "Chercher un site", "siteNotFound": "Aucun site trouvé.", - "siteSelectionDescription": "Ce site fournira la connectivité à la ressource.", + "siteSelectionDescription": "Ce site fournira la connectivité à la cible.", "resourceType": "Type de ressource", "resourceTypeDescription": "Déterminer comment vous voulez accéder à votre ressource", "resourceHTTPSSettings": "Paramètres HTTPS", @@ -197,6 +199,7 @@ "general": "Généraux", "generalSettings": "Paramètres généraux", "proxy": "Proxy", + "internal": "Interne", "rules": "Règles", "resourceSettingDescription": "Configurer les paramètres de votre ressource", "resourceSetting": "Réglages {resourceName}", @@ -490,7 +493,7 @@ "targetTlsSniDescription": "Le nom de serveur TLS à utiliser pour SNI. Laissez vide pour utiliser la valeur par défaut.", "targetTlsSubmit": "Enregistrer les paramètres", "targets": "Configuration des cibles", - "targetsDescription": "Configurez les cibles pour router le trafic vers vos services", + "targetsDescription": "Configurez les cibles pour router le trafic vers vos services.", "targetStickySessions": "Activer les sessions persistantes", "targetStickySessionsDescription": "Maintenir les connexions sur la même cible backend pendant toute leur session.", "methodSelect": "Sélectionner la méthode", @@ -833,6 +836,24 @@ "pincodeRequirementsLength": "Le code PIN doit comporter exactement 6 chiffres", "pincodeRequirementsChars": "Le code PIN ne doit contenir que des chiffres", "passwordRequirementsLength": "Le mot de passe doit comporter au moins 1 caractère", + "passwordRequirementsTitle": "Exigences relatives au mot de passe :", + "passwordRequirementLength": "Au moins 8 caractères", + "passwordRequirementUppercase": "Au moins une lettre majuscule", + "passwordRequirementLowercase": "Au moins une lettre minuscule", + "passwordRequirementNumber": "Au moins un chiffre", + "passwordRequirementSpecial": "Au moins un caractère spécial", + "passwordRequirementsMet": "✓ Le mot de passe répond à toutes les exigences", + "passwordStrength": "Solidité du mot de passe", + "passwordStrengthWeak": "Faible", + "passwordStrengthMedium": "Moyen", + "passwordStrengthStrong": "Fort", + "passwordRequirements": "Exigences :", + "passwordRequirementLengthText": "8+ caractères", + "passwordRequirementUppercaseText": "Lettre majuscule (A-Z)", + "passwordRequirementLowercaseText": "Lettre minuscule (a-z)", + "passwordRequirementNumberText": "Nombre (0-9)", + "passwordRequirementSpecialText": "Caractère spécial (!@#$%...)", + "passwordsDoNotMatch": "Les mots de passe ne correspondent pas", "otpEmailRequirementsLength": "L'OTP doit comporter au moins 1 caractère", "otpEmailSent": "OTP envoyé", "otpEmailSentDescription": "Un OTP a été envoyé à votre e-mail", @@ -952,6 +973,7 @@ "logoutError": "Erreur lors de la déconnexion", "signingAs": "Connecté en tant que", "serverAdmin": "Admin Serveur", + "managedSelfhosted": "Gestion autonome", "otpEnable": "Activer l'authentification à deux facteurs", "otpDisable": "Désactiver l'authentification à deux facteurs", "logout": "Déconnexion", @@ -967,6 +989,9 @@ "actionDeleteSite": "Supprimer un site", "actionGetSite": "Obtenir un site", "actionListSites": "Lister les sites", + "setupToken": "Jeton de configuration", + "setupTokenDescription": "Entrez le jeton de configuration depuis la console du serveur.", + "setupTokenRequired": "Le jeton de configuration est requis.", "actionUpdateSite": "Mettre à jour un site", "actionListSiteRoles": "Lister les rôles autorisés du site", "actionCreateResource": "Créer une ressource", @@ -1022,6 +1047,11 @@ "actionDeleteIdpOrg": "Supprimer une politique d'organisation IDP", "actionListIdpOrgs": "Lister les organisations IDP", "actionUpdateIdpOrg": "Mettre à jour une organisation IDP", + "actionCreateClient": "Créer un client", + "actionDeleteClient": "Supprimer le client", + "actionUpdateClient": "Mettre à jour le client", + "actionListClients": "Liste des clients", + "actionGetClient": "Obtenir le client", "noneSelected": "Aucune sélection", "orgNotFound2": "Aucune organisation trouvée.", "searchProgress": "Rechercher...", @@ -1315,8 +1345,110 @@ "olmErrorFetchLatest": "Une erreur s'est produite lors de la récupération de la dernière version d'Olm.", "remoteSubnets": "Sous-réseaux distants", "enterCidrRange": "Entrez la plage CIDR", - "remoteSubnetsDescription": "Ajoutez des plages CIDR pouvant accéder à ce site à distance. Utilisez le format comme 10.0.0.0/24 ou 192.168.1.0/24.", + "remoteSubnetsDescription": "Ajoutez des plages CIDR accessibles à distance depuis ce site à l'aide de clients. Utilisez le format comme 10.0.0.0/24. Cela s'applique UNIQUEMENT à la connectivité des clients VPN.", "resourceEnableProxy": "Activer le proxy public", "resourceEnableProxyDescription": "Activez le proxy public vers cette ressource. Cela permet d'accéder à la ressource depuis l'extérieur du réseau via le cloud sur un port ouvert. Nécessite la configuration de Traefik.", - "externalProxyEnabled": "Proxy externe activé" + "externalProxyEnabled": "Proxy externe activé", + "addNewTarget": "Ajouter une nouvelle cible", + "targetsList": "Liste des cibles", + "targetErrorDuplicateTargetFound": "Cible en double trouvée", + "httpMethod": "Méthode HTTP", + "selectHttpMethod": "Sélectionnez la méthode HTTP", + "domainPickerSubdomainLabel": "Sous-domaine", + "domainPickerBaseDomainLabel": "Domaine de base", + "domainPickerSearchDomains": "Rechercher des domaines...", + "domainPickerNoDomainsFound": "Aucun domaine trouvé", + "domainPickerLoadingDomains": "Chargement des domaines...", + "domainPickerSelectBaseDomain": "Sélectionnez le domaine de base...", + "domainPickerNotAvailableForCname": "Non disponible pour les domaines CNAME", + "domainPickerEnterSubdomainOrLeaveBlank": "Entrez un sous-domaine ou laissez vide pour utiliser le domaine de base.", + "domainPickerEnterSubdomainToSearch": "Entrez un sous-domaine pour rechercher et sélectionner parmi les domaines gratuits disponibles.", + "domainPickerFreeDomains": "Domaines gratuits", + "domainPickerSearchForAvailableDomains": "Rechercher des domaines disponibles", + "resourceDomain": "Domaine", + "resourceEditDomain": "Modifier le domaine", + "siteName": "Nom du site", + "proxyPort": "Port", + "resourcesTableProxyResources": "Ressources proxy", + "resourcesTableClientResources": "Ressources client", + "resourcesTableNoProxyResourcesFound": "Aucune ressource proxy trouvée.", + "resourcesTableNoInternalResourcesFound": "Aucune ressource interne trouvée.", + "resourcesTableDestination": "Destination", + "resourcesTableTheseResourcesForUseWith": "Ces ressources sont à utiliser avec", + "resourcesTableClients": "Clients", + "resourcesTableAndOnlyAccessibleInternally": "et sont uniquement accessibles en interne lorsqu'elles sont connectées avec un client.", + "editInternalResourceDialogEditClientResource": "Modifier la ressource client", + "editInternalResourceDialogUpdateResourceProperties": "Mettez à jour les propriétés de la ressource et la configuration de la cible pour {resourceName}.", + "editInternalResourceDialogResourceProperties": "Propriétés de la ressource", + "editInternalResourceDialogName": "Nom", + "editInternalResourceDialogProtocol": "Protocole", + "editInternalResourceDialogSitePort": "Port du site", + "editInternalResourceDialogTargetConfiguration": "Configuration de la cible", + "editInternalResourceDialogDestinationIP": "IP de destination", + "editInternalResourceDialogDestinationPort": "Port de destination", + "editInternalResourceDialogCancel": "Abandonner", + "editInternalResourceDialogSaveResource": "Enregistrer la ressource", + "editInternalResourceDialogSuccess": "Succès", + "editInternalResourceDialogInternalResourceUpdatedSuccessfully": "Ressource interne mise à jour avec succès", + "editInternalResourceDialogError": "Erreur", + "editInternalResourceDialogFailedToUpdateInternalResource": "Échec de la mise à jour de la ressource interne", + "editInternalResourceDialogNameRequired": "Le nom est requis", + "editInternalResourceDialogNameMaxLength": "Le nom doit être inférieur à 255 caractères", + "editInternalResourceDialogProxyPortMin": "Le port proxy doit être d'au moins 1", + "editInternalResourceDialogProxyPortMax": "Le port proxy doit être inférieur à 65536", + "editInternalResourceDialogInvalidIPAddressFormat": "Format d'adresse IP invalide", + "editInternalResourceDialogDestinationPortMin": "Le port de destination doit être d'au moins 1", + "editInternalResourceDialogDestinationPortMax": "Le port de destination doit être inférieur à 65536", + "createInternalResourceDialogNoSitesAvailable": "Aucun site disponible", + "createInternalResourceDialogNoSitesAvailableDescription": "Vous devez avoir au moins un site Newt avec un sous-réseau configuré pour créer des ressources internes.", + "createInternalResourceDialogClose": "Fermer", + "createInternalResourceDialogCreateClientResource": "Créer une ressource client", + "createInternalResourceDialogCreateClientResourceDescription": "Créez une ressource accessible aux clients connectés au site sélectionné.", + "createInternalResourceDialogResourceProperties": "Propriétés de la ressource", + "createInternalResourceDialogName": "Nom", + "createInternalResourceDialogSite": "Site", + "createInternalResourceDialogSelectSite": "Sélectionner un site...", + "createInternalResourceDialogSearchSites": "Rechercher des sites...", + "createInternalResourceDialogNoSitesFound": "Aucun site trouvé.", + "createInternalResourceDialogProtocol": "Protocole", + "createInternalResourceDialogTcp": "TCP", + "createInternalResourceDialogUdp": "UDP", + "createInternalResourceDialogSitePort": "Port du site", + "createInternalResourceDialogSitePortDescription": "Utilisez ce port pour accéder à la ressource sur le site lors de la connexion avec un client.", + "createInternalResourceDialogTargetConfiguration": "Configuration de la cible", + "createInternalResourceDialogDestinationIP": "IP de destination", + "createInternalResourceDialogDestinationIPDescription": "L'adresse IP de la ressource sur le réseau du site.", + "createInternalResourceDialogDestinationPort": "Port de destination", + "createInternalResourceDialogDestinationPortDescription": "Le port sur l'IP de destination où la ressource est accessible.", + "createInternalResourceDialogCancel": "Abandonner", + "createInternalResourceDialogCreateResource": "Créer une ressource", + "createInternalResourceDialogSuccess": "Succès", + "createInternalResourceDialogInternalResourceCreatedSuccessfully": "Ressource interne créée avec succès", + "createInternalResourceDialogError": "Erreur", + "createInternalResourceDialogFailedToCreateInternalResource": "Échec de la création de la ressource interne", + "createInternalResourceDialogNameRequired": "Le nom est requis", + "createInternalResourceDialogNameMaxLength": "Le nom doit être inférieur à 255 caractères", + "createInternalResourceDialogPleaseSelectSite": "Veuillez sélectionner un site", + "createInternalResourceDialogProxyPortMin": "Le port proxy doit être d'au moins 1", + "createInternalResourceDialogProxyPortMax": "Le port proxy doit être inférieur à 65536", + "createInternalResourceDialogInvalidIPAddressFormat": "Format d'adresse IP invalide", + "createInternalResourceDialogDestinationPortMin": "Le port de destination doit être d'au moins 1", + "createInternalResourceDialogDestinationPortMax": "Le port de destination doit être inférieur à 65536", + "siteConfiguration": "Configuration", + "siteAcceptClientConnections": "Accepter les connexions client", + "siteAcceptClientConnectionsDescription": "Permet à d'autres appareils de se connecter via cette instance de Newt en tant que passerelle utilisant des clients.", + "siteAddress": "Adresse du site", + "siteAddressDescription": "Spécifiez l'adresse IP de l'hôte pour que les clients puissent s'y connecter. C'est l'adresse interne du site dans le réseau Pangolin pour que les clients puissent s'adresser. Doit être dans le sous-réseau de l'organisation.", + "autoLoginExternalIdp": "Connexion automatique avec IDP externe", + "autoLoginExternalIdpDescription": "Rediriger immédiatement l'utilisateur vers l'IDP externe pour l'authentification.", + "selectIdp": "Sélectionner l'IDP", + "selectIdpPlaceholder": "Choisissez un IDP...", + "selectIdpRequired": "Veuillez sélectionner un IDP lorsque la connexion automatique est activée.", + "autoLoginTitle": "Redirection", + "autoLoginDescription": "Redirection vers le fournisseur d'identité externe pour l'authentification.", + "autoLoginProcessing": "Préparation de l'authentification...", + "autoLoginRedirecting": "Redirection vers la connexion...", + "autoLoginError": "Erreur de connexion automatique", + "autoLoginErrorNoRedirectUrl": "Aucune URL de redirection reçue du fournisseur d'identité.", + "autoLoginErrorGeneratingUrl": "Échec de la génération de l'URL d'authentification." } diff --git a/messages/it-IT.json b/messages/it-IT.json index 00fff828..803e94a9 100644 --- a/messages/it-IT.json +++ b/messages/it-IT.json @@ -94,7 +94,9 @@ "siteNewtTunnelDescription": "Modo più semplice per creare un entrypoint nella rete. Nessuna configurazione aggiuntiva.", "siteWg": "WireGuard Base", "siteWgDescription": "Usa qualsiasi client WireGuard per stabilire un tunnel. Impostazione NAT manuale richiesta.", + "siteWgDescriptionSaas": "Usa qualsiasi client WireGuard per stabilire un tunnel. Impostazione NAT manuale richiesta. FUNZIONA SOLO SU NODI AUTO-OSPITATI", "siteLocalDescription": "Solo risorse locali. Nessun tunneling.", + "siteLocalDescriptionSaas": "Solo risorse locali. Nessun tunneling. FUNZIONA SOLO SU NODI AUTO-OSPITATI", "siteSeeAll": "Vedi Tutti I Siti", "siteTunnelDescription": "Determina come vuoi connetterti al tuo sito", "siteNewtCredentials": "Credenziali Newt", @@ -166,7 +168,7 @@ "siteSelect": "Seleziona sito", "siteSearch": "Cerca sito", "siteNotFound": "Nessun sito trovato.", - "siteSelectionDescription": "Questo sito fornirà connettività alla risorsa.", + "siteSelectionDescription": "Questo sito fornirà connettività all'obiettivo.", "resourceType": "Tipo Di Risorsa", "resourceTypeDescription": "Determina come vuoi accedere alla tua risorsa", "resourceHTTPSSettings": "Impostazioni HTTPS", @@ -197,6 +199,7 @@ "general": "Generale", "generalSettings": "Impostazioni Generali", "proxy": "Proxy", + "internal": "Interno", "rules": "Regole", "resourceSettingDescription": "Configura le impostazioni sulla tua risorsa", "resourceSetting": "Impostazioni {resourceName}", @@ -490,7 +493,7 @@ "targetTlsSniDescription": "Il Nome Server TLS da usare per SNI. Lascia vuoto per usare quello predefinito.", "targetTlsSubmit": "Salva Impostazioni", "targets": "Configurazione Target", - "targetsDescription": "Configura i target per instradare il traffico ai tuoi servizi", + "targetsDescription": "Configura i target per instradare il traffico ai tuoi servizi backend", "targetStickySessions": "Abilita Sessioni Persistenti", "targetStickySessionsDescription": "Mantieni le connessioni sullo stesso target backend per l'intera sessione.", "methodSelect": "Seleziona metodo", @@ -833,6 +836,24 @@ "pincodeRequirementsLength": "Il PIN deve essere esattamente di 6 cifre", "pincodeRequirementsChars": "Il PIN deve contenere solo numeri", "passwordRequirementsLength": "La password deve essere lunga almeno 1 carattere", + "passwordRequirementsTitle": "Requisiti della password:", + "passwordRequirementLength": "Almeno 8 caratteri", + "passwordRequirementUppercase": "Almeno una lettera maiuscola", + "passwordRequirementLowercase": "Almeno una lettera minuscola", + "passwordRequirementNumber": "Almeno un numero", + "passwordRequirementSpecial": "Almeno un carattere speciale", + "passwordRequirementsMet": "✓ La password soddisfa tutti i requisiti", + "passwordStrength": "Forza della password", + "passwordStrengthWeak": "Debole", + "passwordStrengthMedium": "Media", + "passwordStrengthStrong": "Forte", + "passwordRequirements": "Requisiti:", + "passwordRequirementLengthText": "8+ caratteri", + "passwordRequirementUppercaseText": "Lettera maiuscola (A-Z)", + "passwordRequirementLowercaseText": "Lettera minuscola (a-z)", + "passwordRequirementNumberText": "Numero (0-9)", + "passwordRequirementSpecialText": "Carattere speciale (!@#$%...)", + "passwordsDoNotMatch": "Le password non coincidono", "otpEmailRequirementsLength": "L'OTP deve essere lungo almeno 1 carattere", "otpEmailSent": "OTP Inviato", "otpEmailSentDescription": "Un OTP è stato inviato alla tua email", @@ -952,6 +973,7 @@ "logoutError": "Errore durante il logout", "signingAs": "Accesso come", "serverAdmin": "Amministratore Server", + "managedSelfhosted": "Gestito Auto-Ospitato", "otpEnable": "Abilita Autenticazione a Due Fattori", "otpDisable": "Disabilita Autenticazione a Due Fattori", "logout": "Disconnetti", @@ -967,6 +989,9 @@ "actionDeleteSite": "Elimina Sito", "actionGetSite": "Ottieni Sito", "actionListSites": "Elenca Siti", + "setupToken": "Configura Token", + "setupTokenDescription": "Inserisci il token di configurazione dalla console del server.", + "setupTokenRequired": "Il token di configurazione è richiesto", "actionUpdateSite": "Aggiorna Sito", "actionListSiteRoles": "Elenca Ruoli Sito Consentiti", "actionCreateResource": "Crea Risorsa", @@ -1022,6 +1047,11 @@ "actionDeleteIdpOrg": "Elimina Politica Org IDP", "actionListIdpOrgs": "Elenca Org IDP", "actionUpdateIdpOrg": "Aggiorna Org IDP", + "actionCreateClient": "Crea Client", + "actionDeleteClient": "Elimina Client", + "actionUpdateClient": "Aggiorna Client", + "actionListClients": "Elenco Clienti", + "actionGetClient": "Ottieni Client", "noneSelected": "Nessuna selezione", "orgNotFound2": "Nessuna organizzazione trovata.", "searchProgress": "Ricerca...", @@ -1315,8 +1345,110 @@ "olmErrorFetchLatest": "Si è verificato un errore durante il recupero dell'ultima versione di Olm.", "remoteSubnets": "Sottoreti Remote", "enterCidrRange": "Inserisci l'intervallo CIDR", - "remoteSubnetsDescription": "Aggiungi intervalli CIDR che possono accedere a questo sito da remoto. Usa il formato come 10.0.0.0/24 o 192.168.1.0/24.", + "remoteSubnetsDescription": "Aggiungi intervalli CIDR che possono essere accessibili da questo sito in remoto utilizzando i client. Usa il formato come 10.0.0.0/24. Questo si applica SOLO alla connettività del client VPN.", "resourceEnableProxy": "Abilita Proxy Pubblico", "resourceEnableProxyDescription": "Abilita il proxy pubblico a questa risorsa. Consente l'accesso alla risorsa dall'esterno della rete tramite il cloud su una porta aperta. Richiede la configurazione di Traefik.", - "externalProxyEnabled": "Proxy Esterno Abilitato" + "externalProxyEnabled": "Proxy Esterno Abilitato", + "addNewTarget": "Aggiungi Nuovo Target", + "targetsList": "Elenco dei Target", + "targetErrorDuplicateTargetFound": "Target duplicato trovato", + "httpMethod": "Metodo HTTP", + "selectHttpMethod": "Seleziona metodo HTTP", + "domainPickerSubdomainLabel": "Sottodominio", + "domainPickerBaseDomainLabel": "Dominio Base", + "domainPickerSearchDomains": "Cerca domini...", + "domainPickerNoDomainsFound": "Nessun dominio trovato", + "domainPickerLoadingDomains": "Caricamento domini...", + "domainPickerSelectBaseDomain": "Seleziona dominio base...", + "domainPickerNotAvailableForCname": "Non disponibile per i domini CNAME", + "domainPickerEnterSubdomainOrLeaveBlank": "Inserisci un sottodominio o lascia vuoto per utilizzare il dominio base.", + "domainPickerEnterSubdomainToSearch": "Inserisci un sottodominio per cercare e selezionare dai domini gratuiti disponibili.", + "domainPickerFreeDomains": "Domini Gratuiti", + "domainPickerSearchForAvailableDomains": "Cerca domini disponibili", + "resourceDomain": "Dominio", + "resourceEditDomain": "Modifica Dominio", + "siteName": "Nome del Sito", + "proxyPort": "Porta", + "resourcesTableProxyResources": "Risorse Proxy", + "resourcesTableClientResources": "Risorse Client", + "resourcesTableNoProxyResourcesFound": "Nessuna risorsa proxy trovata.", + "resourcesTableNoInternalResourcesFound": "Nessuna risorsa interna trovata.", + "resourcesTableDestination": "Destinazione", + "resourcesTableTheseResourcesForUseWith": "Queste risorse sono per uso con", + "resourcesTableClients": "Client", + "resourcesTableAndOnlyAccessibleInternally": "e sono accessibili solo internamente quando connessi con un client.", + "editInternalResourceDialogEditClientResource": "Modifica Risorsa Client", + "editInternalResourceDialogUpdateResourceProperties": "Aggiorna le proprietà della risorsa e la configurazione del target per {resourceName}.", + "editInternalResourceDialogResourceProperties": "Proprietà della Risorsa", + "editInternalResourceDialogName": "Nome", + "editInternalResourceDialogProtocol": "Protocollo", + "editInternalResourceDialogSitePort": "Porta del Sito", + "editInternalResourceDialogTargetConfiguration": "Configurazione Target", + "editInternalResourceDialogDestinationIP": "IP di Destinazione", + "editInternalResourceDialogDestinationPort": "Porta di Destinazione", + "editInternalResourceDialogCancel": "Annulla", + "editInternalResourceDialogSaveResource": "Salva Risorsa", + "editInternalResourceDialogSuccess": "Successo", + "editInternalResourceDialogInternalResourceUpdatedSuccessfully": "Risorsa interna aggiornata con successo", + "editInternalResourceDialogError": "Errore", + "editInternalResourceDialogFailedToUpdateInternalResource": "Impossibile aggiornare la risorsa interna", + "editInternalResourceDialogNameRequired": "Il nome è obbligatorio", + "editInternalResourceDialogNameMaxLength": "Il nome deve essere inferiore a 255 caratteri", + "editInternalResourceDialogProxyPortMin": "La porta proxy deve essere almeno 1", + "editInternalResourceDialogProxyPortMax": "La porta proxy deve essere inferiore a 65536", + "editInternalResourceDialogInvalidIPAddressFormat": "Formato dell'indirizzo IP non valido", + "editInternalResourceDialogDestinationPortMin": "La porta di destinazione deve essere almeno 1", + "editInternalResourceDialogDestinationPortMax": "La porta di destinazione deve essere inferiore a 65536", + "createInternalResourceDialogNoSitesAvailable": "Nessun Sito Disponibile", + "createInternalResourceDialogNoSitesAvailableDescription": "Devi avere almeno un sito Newt con una subnet configurata per creare risorse interne.", + "createInternalResourceDialogClose": "Chiudi", + "createInternalResourceDialogCreateClientResource": "Crea Risorsa Client", + "createInternalResourceDialogCreateClientResourceDescription": "Crea una nuova risorsa che sarà accessibile ai client connessi al sito selezionato.", + "createInternalResourceDialogResourceProperties": "Proprietà della Risorsa", + "createInternalResourceDialogName": "Nome", + "createInternalResourceDialogSite": "Sito", + "createInternalResourceDialogSelectSite": "Seleziona sito...", + "createInternalResourceDialogSearchSites": "Cerca siti...", + "createInternalResourceDialogNoSitesFound": "Nessun sito trovato.", + "createInternalResourceDialogProtocol": "Protocollo", + "createInternalResourceDialogTcp": "TCP", + "createInternalResourceDialogUdp": "UDP", + "createInternalResourceDialogSitePort": "Porta del Sito", + "createInternalResourceDialogSitePortDescription": "Usa questa porta per accedere alla risorsa nel sito quando sei connesso con un client.", + "createInternalResourceDialogTargetConfiguration": "Configurazione Target", + "createInternalResourceDialogDestinationIP": "IP di Destinazione", + "createInternalResourceDialogDestinationIPDescription": "L'indirizzo IP della risorsa sulla rete del sito.", + "createInternalResourceDialogDestinationPort": "Porta di Destinazione", + "createInternalResourceDialogDestinationPortDescription": "La porta sull'IP di destinazione dove la risorsa è accessibile.", + "createInternalResourceDialogCancel": "Annulla", + "createInternalResourceDialogCreateResource": "Crea Risorsa", + "createInternalResourceDialogSuccess": "Successo", + "createInternalResourceDialogInternalResourceCreatedSuccessfully": "Risorsa interna creata con successo", + "createInternalResourceDialogError": "Errore", + "createInternalResourceDialogFailedToCreateInternalResource": "Impossibile creare la risorsa interna", + "createInternalResourceDialogNameRequired": "Il nome è obbligatorio", + "createInternalResourceDialogNameMaxLength": "Il nome non deve superare i 255 caratteri", + "createInternalResourceDialogPleaseSelectSite": "Si prega di selezionare un sito", + "createInternalResourceDialogProxyPortMin": "La porta proxy deve essere almeno 1", + "createInternalResourceDialogProxyPortMax": "La porta proxy deve essere inferiore a 65536", + "createInternalResourceDialogInvalidIPAddressFormat": "Formato dell'indirizzo IP non valido", + "createInternalResourceDialogDestinationPortMin": "La porta di destinazione deve essere almeno 1", + "createInternalResourceDialogDestinationPortMax": "La porta di destinazione deve essere inferiore a 65536", + "siteConfiguration": "Configurazione", + "siteAcceptClientConnections": "Accetta Connessioni Client", + "siteAcceptClientConnectionsDescription": "Permetti ad altri dispositivi di connettersi attraverso questa istanza Newt come gateway utilizzando i client.", + "siteAddress": "Indirizzo del Sito", + "siteAddressDescription": "Specifica l'indirizzo IP dell'host a cui i client si collegano. Questo è l'indirizzo interno del sito nella rete Pangolin per indirizzare i client. Deve rientrare nella subnet dell'Organizzazione.", + "autoLoginExternalIdp": "Accesso Automatico con IDP Esterno", + "autoLoginExternalIdpDescription": "Reindirizzare immediatamente l'utente all'IDP esterno per l'autenticazione.", + "selectIdp": "Seleziona IDP", + "selectIdpPlaceholder": "Scegli un IDP...", + "selectIdpRequired": "Si prega di selezionare un IDP quando l'accesso automatico è abilitato.", + "autoLoginTitle": "Reindirizzamento", + "autoLoginDescription": "Reindirizzandoti al provider di identità esterno per l'autenticazione.", + "autoLoginProcessing": "Preparazione dell'autenticazione...", + "autoLoginRedirecting": "Reindirizzamento al login...", + "autoLoginError": "Errore di Accesso Automatico", + "autoLoginErrorNoRedirectUrl": "Nessun URL di reindirizzamento ricevuto dal provider di identità.", + "autoLoginErrorGeneratingUrl": "Impossibile generare l'URL di autenticazione." } diff --git a/messages/ko-KR.json b/messages/ko-KR.json index 923cf4b3..35f86baf 100644 --- a/messages/ko-KR.json +++ b/messages/ko-KR.json @@ -94,7 +94,9 @@ "siteNewtTunnelDescription": "네트워크에 대한 진입점을 생성하는 가장 쉬운 방법입니다. 추가 설정이 필요 없습니다.", "siteWg": "기본 WireGuard", "siteWgDescription": "모든 WireGuard 클라이언트를 사용하여 터널을 설정하세요. 수동 NAT 설정이 필요합니다.", + "siteWgDescriptionSaas": "모든 WireGuard 클라이언트를 사용하여 터널을 설정하세요. 수동 NAT 설정이 필요합니다. 자체 호스팅 노드에서만 작동합니다.", "siteLocalDescription": "로컬 리소스만 사용 가능합니다. 터널링이 없습니다.", + "siteLocalDescriptionSaas": "로컬 리소스만. 터널링 없음. 자체 호스팅 노드에서만 작동합니다.", "siteSeeAll": "모든 사이트 보기", "siteTunnelDescription": "사이트에 연결하는 방법을 결정하세요", "siteNewtCredentials": "Newt 자격 증명", @@ -166,7 +168,7 @@ "siteSelect": "사이트 선택", "siteSearch": "사이트 검색", "siteNotFound": "사이트를 찾을 수 없습니다.", - "siteSelectionDescription": "이 사이트는 리소스에 대한 연결을 제공합니다.", + "siteSelectionDescription": "이 사이트는 대상에 대한 연결을 제공합니다.", "resourceType": "리소스 유형", "resourceTypeDescription": "리소스에 접근하는 방법을 결정하세요", "resourceHTTPSSettings": "HTTPS 설정", @@ -197,6 +199,7 @@ "general": "일반", "generalSettings": "일반 설정", "proxy": "프록시", + "internal": "내부", "rules": "규칙", "resourceSettingDescription": "리소스의 설정을 구성하세요.", "resourceSetting": "{resourceName} 설정", @@ -490,7 +493,7 @@ "targetTlsSniDescription": "SNI에 사용할 TLS 서버 이름. 기본값을 사용하려면 비워 두십시오.", "targetTlsSubmit": "설정 저장", "targets": "대상 구성", - "targetsDescription": "서비스로 트래픽을 라우팅할 대상을 설정하십시오", + "targetsDescription": "사용자 백엔드 서비스로 트래픽을 라우팅할 대상을 설정하십시오.", "targetStickySessions": "스티키 세션 활성화", "targetStickySessionsDescription": "세션 전체 동안 동일한 백엔드 대상을 유지합니다.", "methodSelect": "선택 방법", @@ -833,6 +836,24 @@ "pincodeRequirementsLength": "PIN은 정확히 6자리여야 합니다", "pincodeRequirementsChars": "PIN은 숫자만 포함해야 합니다.", "passwordRequirementsLength": "비밀번호는 최소 1자 이상이어야 합니다", + "passwordRequirementsTitle": "비밀번호 요구사항:", + "passwordRequirementLength": "최소 8자 이상", + "passwordRequirementUppercase": "최소 대문자 하나", + "passwordRequirementLowercase": "최소 소문자 하나", + "passwordRequirementNumber": "최소 숫자 하나", + "passwordRequirementSpecial": "최소 특수 문자 하나", + "passwordRequirementsMet": "✓ 비밀번호가 모든 요구사항을 충족합니다.", + "passwordStrength": "비밀번호 강도", + "passwordStrengthWeak": "약함", + "passwordStrengthMedium": "보통", + "passwordStrengthStrong": "강함", + "passwordRequirements": "요구 사항:", + "passwordRequirementLengthText": "8자 이상", + "passwordRequirementUppercaseText": "대문자 (A-Z)", + "passwordRequirementLowercaseText": "소문자 (a-z)", + "passwordRequirementNumberText": "숫자 (0-9)", + "passwordRequirementSpecialText": "특수 문자 (!@#$%...)", + "passwordsDoNotMatch": "비밀번호가 일치하지 않습니다.", "otpEmailRequirementsLength": "OTP는 최소 1자 이상이어야 합니다", "otpEmailSent": "OTP 전송됨", "otpEmailSentDescription": "OTP가 귀하의 이메일로 전송되었습니다.", @@ -952,6 +973,7 @@ "logoutError": "로그아웃 중 오류 발생", "signingAs": "로그인한 사용자", "serverAdmin": "서버 관리자", + "managedSelfhosted": "관리 자체 호스팅", "otpEnable": "이중 인증 활성화", "otpDisable": "이중 인증 비활성화", "logout": "로그 아웃", @@ -967,6 +989,9 @@ "actionDeleteSite": "사이트 삭제", "actionGetSite": "사이트 가져오기", "actionListSites": "사이트 목록", + "setupToken": "설정 토큰", + "setupTokenDescription": "서버 콘솔에서 설정 토큰 입력.", + "setupTokenRequired": "설정 토큰이 필요합니다", "actionUpdateSite": "사이트 업데이트", "actionListSiteRoles": "허용된 사이트 역할 목록", "actionCreateResource": "리소스 생성", @@ -1022,6 +1047,11 @@ "actionDeleteIdpOrg": "IDP 조직 정책 삭제", "actionListIdpOrgs": "IDP 조직 목록", "actionUpdateIdpOrg": "IDP 조직 업데이트", + "actionCreateClient": "클라이언트 생성", + "actionDeleteClient": "클라이언트 삭제", + "actionUpdateClient": "클라이언트 업데이트", + "actionListClients": "클라이언트 목록", + "actionGetClient": "클라이언트 가져오기", "noneSelected": "선택된 항목 없음", "orgNotFound2": "조직이 없습니다.", "searchProgress": "검색...", @@ -1093,7 +1123,7 @@ "sidebarAllUsers": "모든 사용자", "sidebarIdentityProviders": "신원 공급자", "sidebarLicense": "라이선스", - "sidebarClients": "Clients (Beta)", + "sidebarClients": "클라이언트 (Beta)", "sidebarDomains": "도메인", "enableDockerSocket": "Docker 소켓 활성화", "enableDockerSocketDescription": "컨테이너 정보를 채우기 위해 Docker 소켓 검색을 활성화합니다. 소켓 경로는 Newt에 제공되어야 합니다.", @@ -1161,7 +1191,7 @@ "selectDomainTypeCnameName": "단일 도메인 (CNAME)", "selectDomainTypeCnameDescription": "단일 하위 도메인 또는 특정 도메인 항목에 사용됩니다.", "selectDomainTypeWildcardName": "와일드카드 도메인", - "selectDomainTypeWildcardDescription": "This domain and its subdomains.", + "selectDomainTypeWildcardDescription": "이 도메인 및 그 하위 도메인.", "domainDelegation": "단일 도메인", "selectType": "유형 선택", "actions": "작업", @@ -1195,17 +1225,17 @@ "sidebarExpand": "확장하기", "newtUpdateAvailable": "업데이트 가능", "newtUpdateAvailableInfo": "뉴트의 새 버전이 출시되었습니다. 최상의 경험을 위해 최신 버전으로 업데이트하세요.", - "domainPickerEnterDomain": "Domain", + "domainPickerEnterDomain": "도메인", "domainPickerPlaceholder": "myapp.example.com, api.v1.mydomain.com, 또는 그냥 myapp", - "domainPickerDescription": "Enter the full domain of the resource to see available options.", - "domainPickerDescriptionSaas": "Enter a full domain, subdomain, or just a name to see available options", + "domainPickerDescription": "리소스의 전체 도메인을 입력하여 사용 가능한 옵션을 확인하십시오.", + "domainPickerDescriptionSaas": "전체 도메인, 서브도메인 또는 이름을 입력하여 사용 가능한 옵션을 확인하십시오.", "domainPickerTabAll": "모두", "domainPickerTabOrganization": "조직", "domainPickerTabProvided": "제공 됨", "domainPickerSortAsc": "A-Z", "domainPickerSortDesc": "Z-A", "domainPickerCheckingAvailability": "가용성을 확인 중...", - "domainPickerNoMatchingDomains": "No matching domains found. Try a different domain or check your organization's domain settings.", + "domainPickerNoMatchingDomains": "일치하는 도메인을 찾을 수 없습니다. 다른 도메인을 시도하거나 조직의 도메인 설정을 확인하십시오.", "domainPickerOrganizationDomains": "조직 도메인", "domainPickerProvidedDomains": "제공된 도메인", "domainPickerSubdomain": "서브도메인: {subdomain}", @@ -1231,7 +1261,7 @@ "securityKeyRemoveSuccess": "보안 키가 성공적으로 제거되었습니다", "securityKeyRemoveError": "보안 키 제거 실패", "securityKeyLoadError": "보안 키를 불러오는 데 실패했습니다", - "securityKeyLogin": "Continue with security key", + "securityKeyLogin": "보안 키로 계속하기", "securityKeyAuthError": "보안 키를 사용한 인증 실패", "securityKeyRecommendation": "항상 계정에 액세스할 수 있도록 다른 장치에 백업 보안 키를 등록하세요.", "registering": "등록 중...", @@ -1265,7 +1295,7 @@ "createDomainName": "이름:", "createDomainValue": "값:", "createDomainCnameRecords": "CNAME 레코드", - "createDomainARecords": "A Records", + "createDomainARecords": "A 레코드", "createDomainRecordNumber": "레코드 {number}", "createDomainTxtRecords": "TXT 레코드", "createDomainSaveTheseRecords": "이 레코드 저장", @@ -1275,48 +1305,150 @@ "resourcePortRequired": "HTTP 리소스가 아닌 경우 포트 번호가 필요합니다", "resourcePortNotAllowed": "HTTP 리소스에 대해 포트 번호를 설정하지 마세요", "signUpTerms": { - "IAgreeToThe": "I agree to the", - "termsOfService": "terms of service", - "and": "and", - "privacyPolicy": "privacy policy" + "IAgreeToThe": "동의합니다", + "termsOfService": "서비스 약관", + "and": "및", + "privacyPolicy": "개인 정보 보호 정책" }, - "siteRequired": "Site is required.", - "olmTunnel": "Olm Tunnel", - "olmTunnelDescription": "Use Olm for client connectivity", - "errorCreatingClient": "Error creating client", - "clientDefaultsNotFound": "Client defaults not found", - "createClient": "Create Client", - "createClientDescription": "Create a new client for connecting to your sites", - "seeAllClients": "See All Clients", - "clientInformation": "Client Information", - "clientNamePlaceholder": "Client name", - "address": "Address", - "subnetPlaceholder": "Subnet", - "addressDescription": "The address that this client will use for connectivity", - "selectSites": "Select sites", - "sitesDescription": "The client will have connectivity to the selected sites", - "clientInstallOlm": "Install Olm", - "clientInstallOlmDescription": "Get Olm running on your system", - "clientOlmCredentials": "Olm Credentials", - "clientOlmCredentialsDescription": "This is how Olm will authenticate with the server", - "olmEndpoint": "Olm Endpoint", + "siteRequired": "사이트가 필요합니다.", + "olmTunnel": "Olm 터널", + "olmTunnelDescription": "클라이언트 연결에 Olm 사용", + "errorCreatingClient": "클라이언트 생성 오류", + "clientDefaultsNotFound": "클라이언트 기본값을 찾을 수 없습니다.", + "createClient": "클라이언트 생성", + "createClientDescription": "사이트에 연결하기 위한 새 클라이언트를 생성하십시오.", + "seeAllClients": "모든 클라이언트 보기", + "clientInformation": "클라이언트 정보", + "clientNamePlaceholder": "클라이언트 이름", + "address": "주소", + "subnetPlaceholder": "서브넷", + "addressDescription": "이 클라이언트가 연결에 사용할 주소", + "selectSites": "사이트 선택", + "sitesDescription": "클라이언트는 선택한 사이트에 연결됩니다.", + "clientInstallOlm": "Olm 설치", + "clientInstallOlmDescription": "시스템에서 Olm을 실행하기", + "clientOlmCredentials": "Olm 자격 증명", + "clientOlmCredentialsDescription": "Olm이 서버와 인증하는 방법입니다.", + "olmEndpoint": "Olm 엔드포인트", "olmId": "Olm ID", - "olmSecretKey": "Olm Secret Key", - "clientCredentialsSave": "Save Your Credentials", - "clientCredentialsSaveDescription": "You will only be able to see this once. Make sure to copy it to a secure place.", - "generalSettingsDescription": "Configure the general settings for this client", - "clientUpdated": "Client updated", - "clientUpdatedDescription": "The client has been updated.", - "clientUpdateFailed": "Failed to update client", - "clientUpdateError": "An error occurred while updating the client.", - "sitesFetchFailed": "Failed to fetch sites", - "sitesFetchError": "An error occurred while fetching sites.", - "olmErrorFetchReleases": "An error occurred while fetching Olm releases.", - "olmErrorFetchLatest": "An error occurred while fetching the latest Olm release.", - "remoteSubnets": "Remote Subnets", - "enterCidrRange": "Enter CIDR range", - "remoteSubnetsDescription": "Add CIDR ranges that can access this site remotely. Use format like 10.0.0.0/24 or 192.168.1.0/24.", - "resourceEnableProxy": "Enable Public Proxy", - "resourceEnableProxyDescription": "Enable public proxying to this resource. This allows access to the resource from outside the network through the cloud on an open port. Requires Traefik config.", - "externalProxyEnabled": "External Proxy Enabled" + "olmSecretKey": "Olm 비밀 키", + "clientCredentialsSave": "자격 증명 저장", + "clientCredentialsSaveDescription": "이것은 한 번만 볼 수 있습니다. 안전한 장소에 복사해 두세요.", + "generalSettingsDescription": "이 클라이언트에 대한 일반 설정을 구성하세요.", + "clientUpdated": "클라이언트 업데이트됨", + "clientUpdatedDescription": "클라이언트가 업데이트되었습니다.", + "clientUpdateFailed": "클라이언트 업데이트 실패", + "clientUpdateError": "클라이언트 업데이트 중 오류가 발생했습니다.", + "sitesFetchFailed": "사이트 가져오기 실패", + "sitesFetchError": "사이트 가져오는 중 오류가 발생했습니다.", + "olmErrorFetchReleases": "Olm 릴리즈 가져오는 중 오류가 발생했습니다.", + "olmErrorFetchLatest": "최신 Olm 릴리즈 가져오는 중 오류가 발생했습니다.", + "remoteSubnets": "원격 서브넷", + "enterCidrRange": "CIDR 범위 입력", + "remoteSubnetsDescription": "이 사이트에서 원격으로 액세스할 수 있는 CIDR 범위를 추가하세요. 10.0.0.0/24와 같은 형식을 사용하세요. 이는 VPN 클라이언트 연결에만 적용됩니다.", + "resourceEnableProxy": "공개 프록시 사용", + "resourceEnableProxyDescription": "이 리소스에 대한 공개 프록시를 활성화하십시오. 이를 통해 네트워크 외부로부터 클라우드를 통해 열린 포트에서 리소스에 액세스할 수 있습니다. Traefik 구성이 필요합니다.", + "externalProxyEnabled": "외부 프록시 활성화됨", + "addNewTarget": "새 대상 추가", + "targetsList": "대상 목록", + "targetErrorDuplicateTargetFound": "중복 대상 발견", + "httpMethod": "HTTP 메소드", + "selectHttpMethod": "HTTP 메소드 선택", + "domainPickerSubdomainLabel": "서브도메인", + "domainPickerBaseDomainLabel": "기본 도메인", + "domainPickerSearchDomains": "도메인 검색...", + "domainPickerNoDomainsFound": "찾을 수 없는 도메인이 없습니다", + "domainPickerLoadingDomains": "도메인 로딩 중...", + "domainPickerSelectBaseDomain": "기본 도메인 선택...", + "domainPickerNotAvailableForCname": "CNAME 도메인에는 사용할 수 없습니다", + "domainPickerEnterSubdomainOrLeaveBlank": "서브도메인을 입력하거나 기본 도메인을 사용하려면 공백으로 두십시오.", + "domainPickerEnterSubdomainToSearch": "사용 가능한 무료 도메인에서 검색 및 선택할 서브도메인 입력.", + "domainPickerFreeDomains": "무료 도메인", + "domainPickerSearchForAvailableDomains": "사용 가능한 도메인 검색", + "resourceDomain": "도메인", + "resourceEditDomain": "도메인 수정", + "siteName": "사이트 이름", + "proxyPort": "포트", + "resourcesTableProxyResources": "프록시 리소스", + "resourcesTableClientResources": "클라이언트 리소스", + "resourcesTableNoProxyResourcesFound": "프록시 리소스를 찾을 수 없습니다.", + "resourcesTableNoInternalResourcesFound": "내부 리소스를 찾을 수 없습니다.", + "resourcesTableDestination": "대상지", + "resourcesTableTheseResourcesForUseWith": "이 리소스는 다음과 함께 사용하기 위한 것입니다.", + "resourcesTableClients": "클라이언트", + "resourcesTableAndOnlyAccessibleInternally": "클라이언트와 연결되었을 때만 내부적으로 접근 가능합니다.", + "editInternalResourceDialogEditClientResource": "클라이언트 리소스 수정", + "editInternalResourceDialogUpdateResourceProperties": "{resourceName}의 리소스 속성과 대상 구성을 업데이트하세요.", + "editInternalResourceDialogResourceProperties": "리소스 속성", + "editInternalResourceDialogName": "이름", + "editInternalResourceDialogProtocol": "프로토콜", + "editInternalResourceDialogSitePort": "사이트 포트", + "editInternalResourceDialogTargetConfiguration": "대상 구성", + "editInternalResourceDialogDestinationIP": "대상 IP", + "editInternalResourceDialogDestinationPort": "대상 IP의 포트", + "editInternalResourceDialogCancel": "취소", + "editInternalResourceDialogSaveResource": "리소스 저장", + "editInternalResourceDialogSuccess": "성공", + "editInternalResourceDialogInternalResourceUpdatedSuccessfully": "내부 리소스가 성공적으로 업데이트되었습니다", + "editInternalResourceDialogError": "오류", + "editInternalResourceDialogFailedToUpdateInternalResource": "내부 리소스 업데이트 실패", + "editInternalResourceDialogNameRequired": "이름은 필수입니다.", + "editInternalResourceDialogNameMaxLength": "이름은 255자 이하이어야 합니다.", + "editInternalResourceDialogProxyPortMin": "프록시 포트는 최소 1이어야 합니다.", + "editInternalResourceDialogProxyPortMax": "프록시 포트는 65536 미만이어야 합니다.", + "editInternalResourceDialogInvalidIPAddressFormat": "잘못된 IP 주소 형식", + "editInternalResourceDialogDestinationPortMin": "대상 포트는 최소 1이어야 합니다.", + "editInternalResourceDialogDestinationPortMax": "대상 포트는 65536 미만이어야 합니다.", + "createInternalResourceDialogNoSitesAvailable": "사용 가능한 사이트가 없습니다.", + "createInternalResourceDialogNoSitesAvailableDescription": "내부 리소스를 생성하려면 서브넷이 구성된 최소 하나의 Newt 사이트가 필요합니다.", + "createInternalResourceDialogClose": "닫기", + "createInternalResourceDialogCreateClientResource": "클라이언트 리소스 생성", + "createInternalResourceDialogCreateClientResourceDescription": "선택한 사이트에 연결된 클라이언트에 접근할 새 리소스를 생성합니다.", + "createInternalResourceDialogResourceProperties": "리소스 속성", + "createInternalResourceDialogName": "이름", + "createInternalResourceDialogSite": "사이트", + "createInternalResourceDialogSelectSite": "사이트 선택...", + "createInternalResourceDialogSearchSites": "사이트 검색...", + "createInternalResourceDialogNoSitesFound": "사이트를 찾을 수 없습니다.", + "createInternalResourceDialogProtocol": "프로토콜", + "createInternalResourceDialogTcp": "TCP", + "createInternalResourceDialogUdp": "UDP", + "createInternalResourceDialogSitePort": "사이트 포트", + "createInternalResourceDialogSitePortDescription": "사이트에 연결되었을 때 리소스에 접근하기 위해 이 포트를 사용합니다.", + "createInternalResourceDialogTargetConfiguration": "대상 설정", + "createInternalResourceDialogDestinationIP": "대상 IP", + "createInternalResourceDialogDestinationIPDescription": "사이트 네트워크의 자원 IP 주소입니다.", + "createInternalResourceDialogDestinationPort": "대상 포트", + "createInternalResourceDialogDestinationPortDescription": "대상 IP에서 리소스에 접근할 수 있는 포트입니다.", + "createInternalResourceDialogCancel": "취소", + "createInternalResourceDialogCreateResource": "리소스 생성", + "createInternalResourceDialogSuccess": "성공", + "createInternalResourceDialogInternalResourceCreatedSuccessfully": "내부 리소스가 성공적으로 생성되었습니다.", + "createInternalResourceDialogError": "오류", + "createInternalResourceDialogFailedToCreateInternalResource": "내부 리소스 생성 실패", + "createInternalResourceDialogNameRequired": "이름은 필수입니다.", + "createInternalResourceDialogNameMaxLength": "이름은 255자 이하이어야 합니다.", + "createInternalResourceDialogPleaseSelectSite": "사이트를 선택하세요", + "createInternalResourceDialogProxyPortMin": "프록시 포트는 최소 1이어야 합니다.", + "createInternalResourceDialogProxyPortMax": "프록시 포트는 65536 미만이어야 합니다.", + "createInternalResourceDialogInvalidIPAddressFormat": "잘못된 IP 주소 형식", + "createInternalResourceDialogDestinationPortMin": "대상 포트는 최소 1이어야 합니다.", + "createInternalResourceDialogDestinationPortMax": "대상 포트는 65536 미만이어야 합니다.", + "siteConfiguration": "설정", + "siteAcceptClientConnections": "클라이언트 연결 허용", + "siteAcceptClientConnectionsDescription": "이 Newt 인스턴스를 게이트웨이로 사용하여 다른 장치가 연결될 수 있도록 허용합니다.", + "siteAddress": "사이트 주소", + "siteAddressDescription": "클라이언트가 연결하기 위한 호스트의 IP 주소를 지정합니다. 이는 클라이언트가 주소를 지정하기 위한 Pangolin 네트워크의 사이트 내부 주소입니다. 조직 서브넷 내에 있어야 합니다.", + "autoLoginExternalIdp": "외부 IDP로 자동 로그인", + "autoLoginExternalIdpDescription": "인증을 위해 외부 IDP로 사용자를 즉시 리디렉션합니다.", + "selectIdp": "IDP 선택", + "selectIdpPlaceholder": "IDP 선택...", + "selectIdpRequired": "자동 로그인이 활성화된 경우 IDP를 선택하십시오.", + "autoLoginTitle": "리디렉션 중", + "autoLoginDescription": "인증을 위해 외부 ID 공급자로 리디렉션 중입니다.", + "autoLoginProcessing": "인증 준비 중...", + "autoLoginRedirecting": "로그인으로 리디렉션 중...", + "autoLoginError": "자동 로그인 오류", + "autoLoginErrorNoRedirectUrl": "ID 공급자로부터 리디렉션 URL을 받지 못했습니다.", + "autoLoginErrorGeneratingUrl": "인증 URL 생성 실패." } diff --git a/messages/nb-NO.json b/messages/nb-NO.json new file mode 100644 index 00000000..3d2467ce --- /dev/null +++ b/messages/nb-NO.json @@ -0,0 +1,1454 @@ +{ + "setupCreate": "Lag din organisasjon, område og dine ressurser", + "setupNewOrg": "Ny Organisasjon", + "setupCreateOrg": "Opprett organisasjon", + "setupCreateResources": "Opprett ressurser", + "setupOrgName": "Organisasjonsnavn", + "orgDisplayName": "Dette er visningsnavnet til organisasjonen din.", + "orgId": "Organisasjons-ID", + "setupIdentifierMessage": "Dette er den unike identifikator for din organisasjon. Dette er separat fra visningsnavnet.", + "setupErrorIdentifier": "Organisasjons-ID er allerede tatt. Vennligst velg en annen.", + "componentsErrorNoMemberCreate": "Du er for øyeblikket ikke medlem av noen organisasjoner. Lag en organisasjon for å komme i gang.", + "componentsErrorNoMember": "Du er for øyeblikket ikke medlem av noen organisasjoner.", + "welcome": "Velkommen!", + "welcomeTo": "Velkommen til", + "componentsCreateOrg": "Lag en Organisasjon", + "componentsMember": "Du er {count, plural, =0 {ikke medlem av noen organisasjoner} one {medlem av en organisasjon} other {medlem av # organisasjoner}}.", + "componentsInvalidKey": "Ugyldig eller utgått lisensnøkkel oppdaget. Følg lisensvilkårene for å fortsette å kunne bruke alle funksjonene.", + "dismiss": "Avvis", + "componentsLicenseViolation": "Lisens Brudd: Denne serveren bruker {usedSites} områder som overskrider den lisensierte grenser av {maxSites} områder. Følg lisensvilkårene for å fortsette å kunne bruke alle funksjonene.", + "componentsSupporterMessage": "Takk for at du støtter Pangolin som en {tier}!", + "inviteErrorNotValid": "Beklager, men det ser ut som invitasjonen du prøver å bruke ikke har blitt akseptert eller ikke er gyldig lenger.", + "inviteErrorUser": "Vi beklager, men det ser ut som invitasjonen du prøver å få tilgang til, ikke er for denne brukeren.", + "inviteLoginUser": "Vennligst sjekk at du er logget inn som riktig bruker.", + "inviteErrorNoUser": "Vi beklager, men det ser ut som invitasjonen du prøver å få tilgang til ikke er for en bruker som eksisterer.", + "inviteCreateUser": "Vennligst opprett en konto først.", + "goHome": "Gå hjem", + "inviteLogInOtherUser": "Logg inn som en annen bruker", + "createAnAccount": "Lag konto", + "inviteNotAccepted": "Invitasjonen ikke akseptert", + "authCreateAccount": "Opprett en konto for å komme i gang", + "authNoAccount": "Har du ikke konto?", + "email": "E-post", + "password": "Passord", + "confirmPassword": "Bekreft Passord", + "createAccount": "Opprett Konto", + "viewSettings": "Vis Innstillinger", + "delete": "Slett", + "name": "Navn", + "online": "Online", + "offline": "Frakoblet", + "site": "Område", + "dataIn": "Data Inn", + "dataOut": "Data Ut", + "connectionType": "Tilkoblingstype", + "tunnelType": "Tunneltype", + "local": "Lokal", + "edit": "Rediger", + "siteConfirmDelete": "Bekreft Sletting av Område", + "siteDelete": "Slett Område", + "siteMessageRemove": "Når området slettes, vil det ikke lenger være tilgjengelig. Alle ressurser og mål assosiert med området vil også bli slettet.", + "siteMessageConfirm": "For å bekrefte, vennligst skriv inn navnet i området nedenfor.", + "siteQuestionRemove": "Er du sikker på at du vil slette området {selectedSite} fra organisasjonen?", + "siteManageSites": "Administrer Områder", + "siteDescription": "Tillat tilkobling til nettverket ditt gjennom sikre tunneler", + "siteCreate": "Opprett område", + "siteCreateDescription2": "Følg trinnene nedenfor for å opprette og koble til et nytt område", + "siteCreateDescription": "Opprett et nytt område for å begynne å koble til ressursene dine", + "close": "Lukk", + "siteErrorCreate": "Feil ved oppretting av område", + "siteErrorCreateKeyPair": "Nøkkelpar eller standardinnstillinger for område ikke funnet", + "siteErrorCreateDefaults": "Standardinnstillinger for område ikke funnet", + "method": "Metode", + "siteMethodDescription": "Slik eksponerer du tilkoblinger.", + "siteLearnNewt": "Lær hvordan du installerer Newt på systemet ditt", + "siteSeeConfigOnce": "Du kan kun se konfigurasjonen én gang.", + "siteLoadWGConfig": "Laster WireGuard-konfigurasjon...", + "siteDocker": "Utvid for detaljer om Docker-deployment", + "toggle": "Veksle", + "dockerCompose": "Docker Compose", + "dockerRun": "Docker Run", + "siteLearnLocal": "Lokale områder tunnelerer ikke, lær mer", + "siteConfirmCopy": "Jeg har kopiert konfigurasjonen", + "searchSitesProgress": "Søker i områder...", + "siteAdd": "Legg til område", + "siteInstallNewt": "Installer Newt", + "siteInstallNewtDescription": "Få Newt til å kjøre på systemet ditt", + "WgConfiguration": "WireGuard Konfigurasjon", + "WgConfigurationDescription": "Bruk følgende konfigurasjon for å koble til nettverket ditt", + "operatingSystem": "Operativsystem", + "commands": "Kommandoer", + "recommended": "Anbefalt", + "siteNewtDescription": "For den beste brukeropplevelsen, bruk Newt. Den bruker WireGuard i bakgrunnen og lar deg adressere dine private ressurser med deres LAN-adresse på ditt private nettverk fra Pangolin-dashbordet.", + "siteRunsInDocker": "Kjører i Docker", + "siteRunsInShell": "Kjører i skall på macOS, Linux og Windows", + "siteErrorDelete": "Feil ved sletting av området", + "siteErrorUpdate": "Klarte ikke å oppdatere området", + "siteErrorUpdateDescription": "En feil oppstod under oppdatering av området.", + "siteUpdated": "Område oppdatert", + "siteUpdatedDescription": "Området har blitt oppdatert.", + "siteGeneralDescription": "Konfigurer de generelle innstillingene for dette området", + "siteSettingDescription": "Konfigurer innstillingene for området ditt", + "siteSetting": "{siteName} Innstillinger", + "siteNewtTunnel": "Newt Tunnel (Anbefalt)", + "siteNewtTunnelDescription": "Enkleste måte å opprette et inngangspunkt i nettverket ditt. Ingen ekstra oppsett.", + "siteWg": "Grunnleggende WireGuard", + "siteWgDescription": "Bruk hvilken som helst WireGuard-klient for å etablere en tunnel. Manuell NAT-oppsett kreves.", + "siteWgDescriptionSaas": "Bruk hvilken som helst WireGuard-klient for å etablere en tunnel. Manuell NAT-oppsett er nødvendig. FUNGERER KUN PÅ SELVHOSTEDE NODER", + "siteLocalDescription": "Kun lokale ressurser. Ingen tunnelering.", + "siteLocalDescriptionSaas": "Kun lokale ressurser. Ingen tunneling. FUNGERER KUN PÅ SELVHOSTEDE NODER", + "siteSeeAll": "Se alle områder", + "siteTunnelDescription": "Bestem hvordan du vil koble deg til ditt område", + "siteNewtCredentials": "Newt påloggingsinformasjon", + "siteNewtCredentialsDescription": "Slik vil Newt autentisere seg mot serveren", + "siteCredentialsSave": "Lagre påloggingsinformasjonen din", + "siteCredentialsSaveDescription": "Du vil kun kunne se dette én gang. Sørg for å kopiere det til et sikkert sted.", + "siteInfo": "Områdeinformasjon", + "status": "Status", + "shareTitle": "Administrer delingslenker", + "shareDescription": "Opprett delbare lenker for å gi midlertidig eller permanent tilgang til ressursene dine", + "shareSearch": "Søk delingslenker...", + "shareCreate": "Opprett delingslenke", + "shareErrorDelete": "Klarte ikke å slette lenke", + "shareErrorDeleteMessage": "En feil oppstod ved sletting av lenke", + "shareDeleted": "Lenke slettet", + "shareDeletedDescription": "Lenken har blitt slettet", + "shareTokenDescription": "Din tilgangsnøkkel kan sendes på to måter: som en query parameter eller i request headers. Disse må sendes fra klienten på hver forespørsel for autentisert tilgang.", + "accessToken": "Tilgangsnøkkel", + "usageExamples": "Brukseksempler", + "tokenId": "Token-ID", + "requestHeades": "Request Headers", + "queryParameter": "Query Parameter", + "importantNote": "Viktig merknad", + "shareImportantDescription": "Av sikkerhetsgrunner anbefales det å bruke headere fremfor query parametere der det er mulig, da query parametere kan logges i serverlogger eller nettleserhistorikk.", + "token": "Token", + "shareTokenSecurety": "Hold tilgangsnøkkelen ditt sikkert. Ikke del i offentlig tilgjengelige områder eller klientkode.", + "shareErrorFetchResource": "Klarte ikke å hente ressurser", + "shareErrorFetchResourceDescription": "En feil oppstod under henting av ressursene", + "shareErrorCreate": "Mislyktes med å opprette delingslenke", + "shareErrorCreateDescription": "Det oppsto en feil ved opprettelse av delingslenken", + "shareCreateDescription": "Alle med denne lenken får tilgang til ressursen", + "shareTitleOptional": "Tittel (valgfritt)", + "expireIn": "Utløper om", + "neverExpire": "Utløper aldri", + "shareExpireDescription": "Utløpstid er hvor lenge lenken vil være brukbar og gi tilgang til ressursen. Etter denne tiden vil lenken ikke lenger fungere, og brukere som brukte denne lenken vil miste tilgangen til ressursen.", + "shareSeeOnce": "Du får bare se denne lenken én gang. Pass på å kopiere den.", + "shareAccessHint": "Alle med denne lenken kan få tilgang til ressursen. Del forsiktig.", + "shareTokenUsage": "Se tilgangstokenbruk", + "createLink": "Opprett lenke", + "resourcesNotFound": "Ingen ressurser funnet", + "resourceSearch": "Søk i ressurser", + "openMenu": "Åpne meny", + "resource": "Ressurs", + "title": "Tittel", + "created": "Opprettet", + "expires": "Utløper", + "never": "Aldri", + "shareErrorSelectResource": "Vennligst velg en ressurs", + "resourceTitle": "Administrer Ressurser", + "resourceDescription": "Opprett sikre proxyer til dine private applikasjoner", + "resourcesSearch": "Søk i ressurser...", + "resourceAdd": "Legg til ressurs", + "resourceErrorDelte": "Feil ved sletting av ressurs", + "authentication": "Autentisering", + "protected": "Beskyttet", + "notProtected": "Ikke beskyttet", + "resourceMessageRemove": "Når den er fjernet, vil ressursen ikke lenger være tilgjengelig. Alle mål knyttet til ressursen vil også bli fjernet.", + "resourceMessageConfirm": "For å bekrefte, skriv inn navnet på ressursen nedenfor.", + "resourceQuestionRemove": "Er du sikker på at du vil fjerne ressursen {selectedResource} fra organisasjonen?", + "resourceHTTP": "HTTPS-ressurs", + "resourceHTTPDescription": "Proxy-forespørsler til appen din over HTTPS ved bruk av et underdomene eller grunndomene.", + "resourceRaw": "Rå TCP/UDP-ressurs", + "resourceRawDescription": "Proxyer forespørsler til appen din over TCP/UDP ved å bruke et portnummer.", + "resourceCreate": "Opprett ressurs", + "resourceCreateDescription": "Følg trinnene nedenfor for å opprette en ny ressurs", + "resourceSeeAll": "Se alle ressurser", + "resourceInfo": "Ressursinformasjon", + "resourceNameDescription": "Dette er visningsnavnet for ressursen.", + "siteSelect": "Velg område", + "siteSearch": "Søk i område", + "siteNotFound": "Ingen område funnet.", + "siteSelectionDescription": "Dette området vil gi tilkobling til mål.", + "resourceType": "Ressurstype", + "resourceTypeDescription": "Bestem hvordan du vil få tilgang til ressursen din", + "resourceHTTPSSettings": "HTTPS-innstillinger", + "resourceHTTPSSettingsDescription": "Konfigurer tilgang til ressursen din over HTTPS", + "domainType": "Domenetype", + "subdomain": "Underdomene", + "baseDomain": "Grunndomene", + "subdomnainDescription": "Underdomenet der ressursen din vil være tilgjengelig.", + "resourceRawSettings": "TCP/UDP-innstillinger", + "resourceRawSettingsDescription": "Konfigurer tilgang til ressursen din over TCP/UDP", + "protocol": "Protokoll", + "protocolSelect": "Velg en protokoll", + "resourcePortNumber": "Portnummer", + "resourcePortNumberDescription": "Det eksterne portnummeret for proxy forespørsler.", + "cancel": "Avbryt", + "resourceConfig": "Konfigurasjonsutdrag", + "resourceConfigDescription": "Kopier og lim inn disse konfigurasjonsutdragene for å sette opp din TCP/UDP-ressurs", + "resourceAddEntrypoints": "Traefik: Legg til inngangspunkter", + "resourceExposePorts": "Gerbil: Eksponer Porter i Docker Compose", + "resourceLearnRaw": "Lær hvordan å konfigurere TCP/UDP-ressurser", + "resourceBack": "Tilbake til ressurser", + "resourceGoTo": "Gå til ressurs", + "resourceDelete": "Slett ressurs", + "resourceDeleteConfirm": "Bekreft sletting av ressurs", + "visibility": "Synlighet", + "enabled": "Aktivert", + "disabled": "Deaktivert", + "general": "Generelt", + "generalSettings": "Generelle innstillinger", + "proxy": "Proxy", + "internal": "Intern", + "rules": "Regler", + "resourceSettingDescription": "Konfigurer innstillingene på ressursen din", + "resourceSetting": "{resourceName} Innstillinger", + "alwaysAllow": "Alltid tillat", + "alwaysDeny": "Alltid avslå", + "orgSettingsDescription": "Konfigurer organisasjonens generelle innstillinger", + "orgGeneralSettings": "Organisasjonsinnstillinger", + "orgGeneralSettingsDescription": "Administrer dine organisasjonsdetaljer og konfigurasjon", + "saveGeneralSettings": "Lagre generelle innstillinger", + "saveSettings": "Lagre innstillinger", + "orgDangerZone": "Faresone", + "orgDangerZoneDescription": "Når du sletter denne organisasjonen er det ingen vei tilbake. Vennligst vær sikker.", + "orgDelete": "Slett organisasjon", + "orgDeleteConfirm": "Bekreft Sletting av Organisasjon", + "orgMessageRemove": "Denne handlingen er irreversibel og vil slette alle tilknyttede data.", + "orgMessageConfirm": "For å bekrefte, vennligst skriv inn navnet på organisasjonen nedenfor.", + "orgQuestionRemove": "Er du sikker på at du vil fjerne organisasjonen {selectedOrg}?", + "orgUpdated": "Organisasjon oppdatert", + "orgUpdatedDescription": "Organisasjonen har blitt oppdatert.", + "orgErrorUpdate": "Kunne ikke oppdatere organisasjonen", + "orgErrorUpdateMessage": "En feil oppsto under oppdatering av organisasjonen.", + "orgErrorFetch": "Klarte ikke å hente organisasjoner", + "orgErrorFetchMessage": "Det oppstod en feil under opplisting av organisasjonene dine", + "orgErrorDelete": "Klarte ikke å slette organisasjon", + "orgErrorDeleteMessage": "Det oppsto en feil under sletting av organisasjonen.", + "orgDeleted": "Organisasjon slettet", + "orgDeletedMessage": "Organisasjonen og tilhørende data er slettet.", + "orgMissing": "Organisasjons-ID Mangler", + "orgMissingMessage": "Kan ikke regenerere invitasjon uten en organisasjons-ID.", + "accessUsersManage": "Administrer brukere", + "accessUsersDescription": "Inviter brukere og gi dem roller for å administrere tilgang til organisasjonen din", + "accessUsersSearch": "Søk etter brukere...", + "accessUserCreate": "Opprett bruker", + "accessUserRemove": "Fjern bruker", + "username": "Brukernavn", + "identityProvider": "Identitetsleverandør", + "role": "Rolle", + "nameRequired": "Navn er påkrevd", + "accessRolesManage": "Administrer Roller", + "accessRolesDescription": "Konfigurer roller for å administrere tilgang til organisasjonen din", + "accessRolesSearch": "Søk etter roller...", + "accessRolesAdd": "Legg til rolle", + "accessRoleDelete": "Slett rolle", + "description": "Beskrivelse", + "inviteTitle": "Åpne invitasjoner", + "inviteDescription": "Administrer invitasjonene dine til andre brukere", + "inviteSearch": "Søk i invitasjoner...", + "minutes": "Minutter", + "hours": "Timer", + "days": "Dager", + "weeks": "Uker", + "months": "Måneder", + "years": "År", + "day": "{count, plural, one {en dag} other {# dager}}", + "apiKeysTitle": "API-nøkkel informasjon", + "apiKeysConfirmCopy2": "Du må bekrefte at du har kopiert API-nøkkelen.", + "apiKeysErrorCreate": "Feil ved oppretting av API-nøkkel", + "apiKeysErrorSetPermission": "Feil ved innstilling av tillatelser", + "apiKeysCreate": "Generer API-nøkkel", + "apiKeysCreateDescription": "Generer en ny API-nøkkel for din organisasjon", + "apiKeysGeneralSettings": "Tillatelser", + "apiKeysGeneralSettingsDescription": "Finn ut hva denne API-nøkkelen kan gjøre", + "apiKeysList": "Din API-nøkkel", + "apiKeysSave": "Lagre API-nøkkelen din", + "apiKeysSaveDescription": "Du vil bare kunne se dette én gang. Sørg for å kopiere det til et sikkert sted.", + "apiKeysInfo": "Din API-nøkkel er:", + "apiKeysConfirmCopy": "Jeg har kopiert API-nøkkelen", + "generate": "Generer", + "done": "Ferdig", + "apiKeysSeeAll": "Se alle API-nøkler", + "apiKeysPermissionsErrorLoadingActions": "Feil ved innlasting av API-nøkkel handlinger", + "apiKeysPermissionsErrorUpdate": "Feil ved innstilling av tillatelser", + "apiKeysPermissionsUpdated": "Tillatelser oppdatert", + "apiKeysPermissionsUpdatedDescription": "Tillatelsene har blitt oppdatert.", + "apiKeysPermissionsGeneralSettings": "Tillatelser", + "apiKeysPermissionsGeneralSettingsDescription": "Bestem hva denne API-nøkkelen kan gjøre", + "apiKeysPermissionsSave": "Lagre tillatelser", + "apiKeysPermissionsTitle": "Tillatelser", + "apiKeys": "API-nøkler", + "searchApiKeys": "Søk API-nøkler", + "apiKeysAdd": "Generer API-nøkkel", + "apiKeysErrorDelete": "Feil under sletting av API-nøkkel", + "apiKeysErrorDeleteMessage": "Feil ved sletting av API-nøkkel", + "apiKeysQuestionRemove": "Er du sikker på at du vil fjerne API-nøkkelen {selectedApiKey} fra organisasjonen?", + "apiKeysMessageRemove": "Når den er fjernet, vil API-nøkkelen ikke lenger kunne brukes.", + "apiKeysMessageConfirm": "For å bekrefte, vennligst skriv inn navnet på API-nøkkelen nedenfor.", + "apiKeysDeleteConfirm": "Bekreft sletting av API-nøkkel", + "apiKeysDelete": "Slett API-nøkkel", + "apiKeysManage": "Administrer API-nøkler", + "apiKeysDescription": "API-nøkler brukes for å autentisere med integrasjons-API", + "apiKeysSettings": "{apiKeyName} Innstillinger", + "userTitle": "Administrer alle brukere", + "userDescription": "Vis og administrer alle brukere i systemet", + "userAbount": "Om brukeradministrasjon", + "userAbountDescription": "Denne tabellen viser alle rotbrukerobjekter i systemet. Hver bruker kan tilhøre flere organisasjoner. Å fjerne en bruker fra en organisasjon sletter ikke deres rotbrukerobjekt – de vil forbli i systemet. For å fullstendig fjerne en bruker fra systemet, må du slette deres rotbrukerobjekt ved å bruke slett-handlingen i denne tabellen.", + "userServer": "Serverbrukere", + "userSearch": "Søk serverbrukere...", + "userErrorDelete": "Feil ved sletting av bruker", + "userDeleteConfirm": "Bekreft sletting av bruker", + "userDeleteServer": "Slett bruker fra server", + "userMessageRemove": "Brukeren vil bli fjernet fra alle organisasjoner og vil bli fullstendig fjernet fra serveren.", + "userMessageConfirm": "For å bekrefte, vennligst skriv inn navnet på brukeren nedenfor.", + "userQuestionRemove": "Er du sikker på at du vil slette {selectedUser} permanent fra serveren?", + "licenseKey": "Lisensnøkkel", + "valid": "Gyldig", + "numberOfSites": "Antall områder", + "licenseKeySearch": "Søk lisensnøkler...", + "licenseKeyAdd": "Legg til lisensnøkkel", + "type": "Type", + "licenseKeyRequired": "Lisensnøkkel er påkrevd", + "licenseTermsAgree": "Du må godta lisensvilkårene", + "licenseErrorKeyLoad": "Feil ved lasting av lisensnøkler", + "licenseErrorKeyLoadDescription": "Det oppstod en feil ved lasting av lisensnøkler.", + "licenseErrorKeyDelete": "Kunne ikke slette lisensnøkkel", + "licenseErrorKeyDeleteDescription": "Det oppstod en feil ved sletting av lisensnøkkel.", + "licenseKeyDeleted": "Lisensnøkkel slettet", + "licenseKeyDeletedDescription": "Lisensnøkkelen har blitt slettet.", + "licenseErrorKeyActivate": "Aktivering av lisensnøkkel feilet", + "licenseErrorKeyActivateDescription": "Det oppstod en feil under aktivering av lisensnøkkelen.", + "licenseAbout": "Om Lisensiering", + "communityEdition": "Fellesskapsutgave", + "licenseAboutDescription": "Dette er for bedrifts- og foretaksbrukere som bruker Pangolin i et kommersielt miljø. Hvis du bruker Pangolin til personlig bruk, kan du ignorere denne seksjonen.", + "licenseKeyActivated": "Lisensnøkkel aktivert", + "licenseKeyActivatedDescription": "Lisensnøkkelen har blitt vellykket aktivert.", + "licenseErrorKeyRecheck": "En feil oppsto under verifisering av lisensnøkler", + "licenseErrorKeyRecheckDescription": "Det oppstod en feil under verifisering av lisensnøkler.", + "licenseErrorKeyRechecked": "Lisensnøkler verifisert", + "licenseErrorKeyRecheckedDescription": "Alle lisensnøkler er verifisert", + "licenseActivateKey": "Aktiver lisensnøkkel", + "licenseActivateKeyDescription": "Skriv inn en lisensnøkkel for å aktivere den.", + "licenseActivate": "Aktiver lisens", + "licenseAgreement": "Ved å krysse av denne boksen bekrefter du at du har lest og godtar lisensvilkårene som tilsvarer nivået tilknyttet lisensnøkkelen din.", + "fossorialLicense": "Vis Fossorial kommersiell lisens og abonnementsvilkår", + "licenseMessageRemove": "Dette vil fjerne lisensnøkkelen og alle tilknyttede tillatelser gitt av den.", + "licenseMessageConfirm": "For å bekrefte, vennligst skriv inn lisensnøkkelen nedenfor.", + "licenseQuestionRemove": "Er du sikker på at du vil slette lisensnøkkelen {selectedKey} ?", + "licenseKeyDelete": "Slett Lisensnøkkel", + "licenseKeyDeleteConfirm": "Bekreft sletting av lisensnøkkel", + "licenseTitle": "Behandle lisensstatus", + "licenseTitleDescription": "Se og administrer lisensnøkler i systemet", + "licenseHost": "Vertslisens", + "licenseHostDescription": "Behandle hovedlisensnøkkelen for verten.", + "licensedNot": "Ikke lisensiert", + "hostId": "Verts-ID", + "licenseReckeckAll": "Verifiser alle nøkler", + "licenseSiteUsage": "Område Bruk", + "licenseSiteUsageDecsription": "Vis antall områder som bruker denne lisensen.", + "licenseNoSiteLimit": "Det er ingen grense på antall områder som bruker en ulisensiert vert.", + "licensePurchase": "Kjøp lisens", + "licensePurchaseSites": "Kjøp flere områder", + "licenseSitesUsedMax": "{usedSites} av {maxSites} områder brukt", + "licenseSitesUsed": "{count, plural, =0 {ingen områder} one {ett område} other {# områder}} i systemet.", + "licensePurchaseDescription": "Velg hvor mange områder du vil {selectedMode, select, license {kjøpe en lisens for. Du kan alltid legge til flere områder senere.} other {legge til din eksisterende lisens.}}", + "licenseFee": "Lisensavgift", + "licensePriceSite": "Pris per område", + "total": "Totalt", + "licenseContinuePayment": "Fortsett til betaling", + "pricingPage": "Pris oversikt", + "pricingPortal": "Se Kjøpsportal", + "licensePricingPage": "For de mest oppdaterte prisene og rabattene, vennligst besøk", + "invite": "Invitasjoner", + "inviteRegenerate": "Regenerer invitasjonen", + "inviteRegenerateDescription": "Tilbakekall tidligere invitasjon og opprette en ny", + "inviteRemove": "Fjern invitasjon", + "inviteRemoveError": "Mislyktes å fjerne invitasjon", + "inviteRemoveErrorDescription": "Det oppstod en feil under fjerning av invitasjonen.", + "inviteRemoved": "Invitasjon fjernet", + "inviteRemovedDescription": "Invitasjonen for {email} er fjernet.", + "inviteQuestionRemove": "Er du sikker på at du vil fjerne invitasjonen {email}?", + "inviteMessageRemove": "Når fjernet, vil denne invitasjonen ikke lenger være gyldig. Du kan alltid invitere brukeren på nytt senere.", + "inviteMessageConfirm": "For å bekrefte, vennligst tast inn invitasjonens e-postadresse nedenfor.", + "inviteQuestionRegenerate": "Er du sikker på at du vil generere invitasjonen på nytt for {email}? Dette vil ugyldiggjøre den forrige invitasjonen.", + "inviteRemoveConfirm": "Bekreft fjerning av invitasjon", + "inviteRegenerated": "Invitasjon fornyet", + "inviteSent": "En ny invitasjon er sendt til {email}.", + "inviteSentEmail": "Send e-postvarsel til brukeren", + "inviteGenerate": "En ny invitasjon er generert for {email}.", + "inviteDuplicateError": "Dupliser invitasjon", + "inviteDuplicateErrorDescription": "En invitasjon for denne brukeren eksisterer allerede.", + "inviteRateLimitError": "Forespørselsgrense overskredet", + "inviteRateLimitErrorDescription": "Du har overskredet grensen på 3 regenerasjoner per time. Prøv igjen senere.", + "inviteRegenerateError": "Kunne ikke regenerere invitasjon", + "inviteRegenerateErrorDescription": "Det oppsto en feil under regenerering av invitasjonen.", + "inviteValidityPeriod": "Gyldighetsperiode", + "inviteValidityPeriodSelect": "Velg gyldighetsperiode", + "inviteRegenerateMessage": "Invitasjonen er generert på nytt. Brukeren må gå til lenken nedenfor for å akseptere invitasjonen.", + "inviteRegenerateButton": "Regenerer", + "expiresAt": "Utløpstidspunkt", + "accessRoleUnknown": "Ukjent rolle", + "placeholder": "Plassholder", + "userErrorOrgRemove": "En feil oppsto under fjerning av bruker", + "userErrorOrgRemoveDescription": "Det oppstod en feil under fjerning av brukeren.", + "userOrgRemoved": "Bruker fjernet", + "userOrgRemovedDescription": "Brukeren {email} er fjernet fra organisasjonen.", + "userQuestionOrgRemove": "Er du sikker på at du vil fjerne {email} fra organisasjonen?", + "userMessageOrgRemove": "Når denne brukeren er fjernet, vil de ikke lenger ha tilgang til organisasjonen. Du kan alltid invitere dem på nytt senere, men de vil måtte godta invitasjonen på nytt.", + "userMessageOrgConfirm": "For å bekrefte, vennligst skriv inn navnet på brukeren nedenfor.", + "userRemoveOrgConfirm": "Bekreft fjerning av bruker", + "userRemoveOrg": "Fjern bruker fra organisasjon", + "users": "Brukere", + "accessRoleMember": "Medlem", + "accessRoleOwner": "Eier", + "userConfirmed": "Bekreftet", + "idpNameInternal": "Intern", + "emailInvalid": "Ugyldig e-postadresse", + "inviteValidityDuration": "Vennligst velg en varighet", + "accessRoleSelectPlease": "Vennligst velg en rolle", + "usernameRequired": "Brukernavn er påkrevd", + "idpSelectPlease": "Vennligst velg en identitetsleverandør", + "idpGenericOidc": "Generisk OAuth2/OIDC-leverandør.", + "accessRoleErrorFetch": "En feil oppsto under henting av roller", + "accessRoleErrorFetchDescription": "En feil oppsto under henting av rollene", + "idpErrorFetch": "En feil oppsto under henting av identitetsleverandører", + "idpErrorFetchDescription": "En feil oppsto ved henting av identitetsleverandører", + "userErrorExists": "Bruker eksisterer allerede", + "userErrorExistsDescription": "Denne brukeren er allerede medlem av organisasjonen.", + "inviteError": "Kunne ikke invitere bruker", + "inviteErrorDescription": "En feil oppsto under invitering av brukeren", + "userInvited": "Bruker invitert", + "userInvitedDescription": "Brukeren er vellykket invitert.", + "userErrorCreate": "Kunne ikke opprette bruker", + "userErrorCreateDescription": "Det oppsto en feil under oppretting av brukeren", + "userCreated": "Bruker opprettet", + "userCreatedDescription": "Brukeren har blitt vellykket opprettet.", + "userTypeInternal": "Intern bruker", + "userTypeInternalDescription": "Inviter en bruker til å bli med i organisasjonen din direkte.", + "userTypeExternal": "Ekstern bruker", + "userTypeExternalDescription": "Opprett en bruker med en ekstern identitetsleverandør.", + "accessUserCreateDescription": "Følg stegene under for å opprette en ny bruker", + "userSeeAll": "Se alle brukere", + "userTypeTitle": "Brukertype", + "userTypeDescription": "Bestem hvordan du vil opprette brukeren", + "userSettings": "Brukerinformasjon", + "userSettingsDescription": "Skriv inn detaljene for den nye brukeren", + "inviteEmailSent": "Send invitasjonsepost til bruker", + "inviteValid": "Gyldig for", + "selectDuration": "Velg varighet", + "accessRoleSelect": "Velg rolle", + "inviteEmailSentDescription": "En e-post er sendt til brukeren med tilgangslenken nedenfor. De må åpne lenken for å akseptere invitasjonen.", + "inviteSentDescription": "Brukeren har blitt invitert. De må åpne lenken nedenfor for å godta invitasjonen.", + "inviteExpiresIn": "Invitasjonen utløper om {days, plural, one {en dag} other {# dager}}.", + "idpTitle": "Identitetsleverandør", + "idpSelect": "Velg identitetsleverandøren for den eksterne brukeren", + "idpNotConfigured": "Ingen identitetsleverandører er konfigurert. Vennligst konfigurer en identitetsleverandør før du oppretter eksterne brukere.", + "usernameUniq": "Dette må matche det unike brukernavnet som finnes i den valgte identitetsleverandøren.", + "emailOptional": "E-post (Valgfritt)", + "nameOptional": "Navn (valgfritt)", + "accessControls": "Tilgangskontroller", + "userDescription2": "Administrer innstillingene for denne brukeren", + "accessRoleErrorAdd": "Kunne ikke legge til bruker i rolle", + "accessRoleErrorAddDescription": "Det oppstod en feil under tilordning av brukeren til rollen.", + "userSaved": "Bruker lagret", + "userSavedDescription": "Brukeren har blitt oppdatert.", + "accessControlsDescription": "Administrer hva denne brukeren kan få tilgang til og gjøre i organisasjonen", + "accessControlsSubmit": "Lagre tilgangskontroller", + "roles": "Roller", + "accessUsersRoles": "Administrer brukere og roller", + "accessUsersRolesDescription": "Inviter brukere og legg dem til roller for å administrere tilgang til organisasjonen din.", + "key": "Nøkkel", + "createdAt": "Opprettet", + "proxyErrorInvalidHeader": "Ugyldig verdi for egendefinert vertsoverskrift. Bruk domenenavnformat, eller lagre tomt for å fjerne den egendefinerte vertsoverskriften.", + "proxyErrorTls": "Ugyldig TLS-servernavn. Bruk domenenavnformat, eller la stå tomt for å fjerne TLS-servernavnet.", + "proxyEnableSSL": "Aktiver SSL (https)", + "targetErrorFetch": "Kunne ikke hente mål", + "targetErrorFetchDescription": "Det oppsto en feil under henting av mål", + "siteErrorFetch": "Klarte ikke å hente ressurs", + "siteErrorFetchDescription": "Det oppstod en feil under henting av ressurs", + "targetErrorDuplicate": "Dupliser mål", + "targetErrorDuplicateDescription": "Et mål med disse innstillingene finnes allerede", + "targetWireGuardErrorInvalidIp": "Ugyldig mål-IP", + "targetWireGuardErrorInvalidIpDescription": "Mål-IP må være i områdets undernett.", + "targetsUpdated": "Mål oppdatert", + "targetsUpdatedDescription": "Mål og innstillinger oppdatert vellykket", + "targetsErrorUpdate": "Feilet å oppdatere mål", + "targetsErrorUpdateDescription": "En feil oppsto under oppdatering av mål", + "targetTlsUpdate": "TLS-innstillinger oppdatert", + "targetTlsUpdateDescription": "Dine TLS-innstillinger er oppdatert", + "targetErrorTlsUpdate": "Feilet under oppdatering av TLS-innstillinger", + "targetErrorTlsUpdateDescription": "Det oppstod en feil under oppdatering av TLS-innstillinger", + "proxyUpdated": "Proxy-innstillinger oppdatert", + "proxyUpdatedDescription": "Proxy-innstillingene dine er oppdatert", + "proxyErrorUpdate": "En feil oppsto under oppdatering av proxyinnstillinger", + "proxyErrorUpdateDescription": "En feil oppsto under oppdatering av proxyinnstillinger", + "targetAddr": "IP / vertsnavn", + "targetPort": "Port", + "targetProtocol": "Protokoll", + "targetTlsSettings": "Sikker tilkoblings-konfigurasjon", + "targetTlsSettingsDescription": "Konfigurer SSL/TLS-innstillinger for ressursen din", + "targetTlsSettingsAdvanced": "Avanserte TLS-innstillinger", + "targetTlsSni": "TLS Servernavn (SNI)", + "targetTlsSniDescription": "TLS-servernavnet som skal brukes for SNI. La stå tomt for å bruke standardverdien.", + "targetTlsSubmit": "Lagre innstillinger", + "targets": "Målkonfigurasjon", + "targetsDescription": "Sett opp mål for å rute trafikk til dine backend-tjenester", + "targetStickySessions": "Aktiver klebrige sesjoner", + "targetStickySessionsDescription": "Behold tilkoblinger på samme bakend-mål gjennom hele sesjonen.", + "methodSelect": "Velg metode", + "targetSubmit": "Legg til mål", + "targetNoOne": "Ingen mål. Legg til et mål ved hjelp av skjemaet.", + "targetNoOneDescription": "Å legge til mer enn ett mål ovenfor vil aktivere lastbalansering.", + "targetsSubmit": "Lagre mål", + "proxyAdditional": "Ytterligere Proxy-innstillinger", + "proxyAdditionalDescription": "Konfigurer hvordan ressursen din håndterer proxy-innstillinger", + "proxyCustomHeader": "Tilpasset verts-header", + "proxyCustomHeaderDescription": "Verts-header som skal settes ved videresending av forespørsler. La stå tom for å bruke standardinnstillingen.", + "proxyAdditionalSubmit": "Lagre proxy-innstillinger", + "subnetMaskErrorInvalid": "Ugyldig subnettmaske. Må være mellom 0 og 32.", + "ipAddressErrorInvalidFormat": "Ugyldig IP-adresseformat", + "ipAddressErrorInvalidOctet": "Ugyldig IP-adresse-oktet", + "path": "Sti", + "ipAddressRange": "IP-område", + "rulesErrorFetch": "Klarte ikke å hente regler", + "rulesErrorFetchDescription": "Det oppsto en feil under henting av regler", + "rulesErrorDuplicate": "Duplisert regel", + "rulesErrorDuplicateDescription": "En regel med disse innstillingene finnes allerede", + "rulesErrorInvalidIpAddressRange": "Ugyldig CIDR", + "rulesErrorInvalidIpAddressRangeDescription": "Vennligst skriv inn en gyldig CIDR-verdi", + "rulesErrorInvalidUrl": "Ugyldig URL-sti", + "rulesErrorInvalidUrlDescription": "Skriv inn en gyldig verdi for URL-sti", + "rulesErrorInvalidIpAddress": "Ugyldig IP", + "rulesErrorInvalidIpAddressDescription": "Skriv inn en gyldig IP-adresse", + "rulesErrorUpdate": "Kunne ikke oppdatere regler", + "rulesErrorUpdateDescription": "Det oppsto en feil under oppdatering av regler", + "rulesUpdated": "Aktiver Regler", + "rulesUpdatedDescription": "Regelevalueringen har blitt oppdatert", + "rulesMatchIpAddressRangeDescription": "Angi en adresse i CIDR-format (f.eks., 103.21.244.0/22)", + "rulesMatchIpAddress": "Angi en IP-adresse (f.eks. 103.21.244.12)", + "rulesMatchUrl": "Skriv inn en URL-sti eller et mønster (f.eks. /api/v1/todos eller /api/v1/*)", + "rulesErrorInvalidPriority": "Ugyldig prioritet", + "rulesErrorInvalidPriorityDescription": "Vennligst skriv inn en gyldig prioritet", + "rulesErrorDuplicatePriority": "Dupliserte prioriteringer", + "rulesErrorDuplicatePriorityDescription": "Vennligst angi unike prioriteringer", + "ruleUpdated": "Regler oppdatert", + "ruleUpdatedDescription": "Reglene er oppdatert", + "ruleErrorUpdate": "Operasjon mislyktes", + "ruleErrorUpdateDescription": "En feil oppsto under lagringsoperasjonen", + "rulesPriority": "Prioritet", + "rulesAction": "Handling", + "rulesMatchType": "Trefftype", + "value": "Verdi", + "rulesAbout": "Om regler", + "rulesAboutDescription": "Regler lar deg kontrollere tilgang til din ressurs basert på et sett med kriterier. Du kan opprette regler for å tillate eller nekte tilgang basert på IP-adresse eller URL-sti.", + "rulesActions": "Handlinger", + "rulesActionAlwaysAllow": "Alltid Tillat: Omgå alle autentiserings metoder", + "rulesActionAlwaysDeny": "Alltid Nekt: Blokker alle forespørsler; ingen autentisering kan forsøkes", + "rulesMatchCriteria": "Samsvarende kriterier", + "rulesMatchCriteriaIpAddress": "Samsvar med en spesifikk IP-adresse", + "rulesMatchCriteriaIpAddressRange": "Samsvar et IP-adresseområde i CIDR-notasjon", + "rulesMatchCriteriaUrl": "Match en URL-sti eller et mønster", + "rulesEnable": "Aktiver regler", + "rulesEnableDescription": "Aktiver eller deaktiver regelvurdering for denne ressursen", + "rulesResource": "Konfigurasjon av ressursregler", + "rulesResourceDescription": "Konfigurere regler for tilgangskontroll til ressursen din", + "ruleSubmit": "Legg til regel", + "rulesNoOne": "Ingen regler. Legg til en regel ved å bruke skjemaet.", + "rulesOrder": "Regler evalueres etter prioritet i stigende rekkefølge.", + "rulesSubmit": "Lagre regler", + "resourceErrorCreate": "Feil under oppretting av ressurs", + "resourceErrorCreateDescription": "Det oppstod en feil under oppretting av ressursen", + "resourceErrorCreateMessage": "Feil ved oppretting av ressurs:", + "resourceErrorCreateMessageDescription": "En uventet feil oppstod", + "sitesErrorFetch": "Feil ved henting av områder", + "sitesErrorFetchDescription": "En feil oppstod ved henting av områdene", + "domainsErrorFetch": "Kunne ikke hente domener", + "domainsErrorFetchDescription": "Det oppsto en feil under henting av domenene", + "none": "Ingen", + "unknown": "Ukjent", + "resources": "Ressurser", + "resourcesDescription": "Ressurser er proxyer for applikasjoner som kjører på ditt private nettverk. Opprett en ressurs for enhver HTTP/HTTPS- eller rå TCP/UDP-tjeneste på ditt private nettverk. Hver ressurs må kobles til et område for å muliggjøre privat, sikker tilkobling gjennom en kryptert WireGuard-tunnel.", + "resourcesWireGuardConnect": "Sikker tilkobling med WireGuard-kryptering", + "resourcesMultipleAuthenticationMethods": "Konfigurer flere autentiseringsmetoder", + "resourcesUsersRolesAccess": "Bruker- og rollebasert tilgangskontroll", + "resourcesErrorUpdate": "Feilet å slå av/på ressurs", + "resourcesErrorUpdateDescription": "En feil oppstod under oppdatering av ressursen", + "access": "Tilgang", + "shareLink": "{resource} Del Lenke", + "resourceSelect": "Velg ressurs", + "shareLinks": "Del lenker", + "share": "Delbare lenker", + "shareDescription2": "Opprett delbare lenker til ressursene dine. Lenker gir midlertidig eller ubegrenset tilgang til ressursen din. Du kan konfigurere utløpsvarigheten for lenken når du oppretter den.", + "shareEasyCreate": "Enkelt å lage og dele", + "shareConfigurableExpirationDuration": "Konfigurerbar utløpsvarighet", + "shareSecureAndRevocable": "Sikker og tilbakekallbar", + "nameMin": "Navn må være minst {len} tegn.", + "nameMax": "Navn kan ikke være lengre enn {len} tegn.", + "sitesConfirmCopy": "Vennligst bekreft at du har kopiert konfigurasjonen.", + "unknownCommand": "Ukjent kommando", + "newtErrorFetchReleases": "Feilet å hente utgivelsesinfo: {err}", + "newtErrorFetchLatest": "Feil ved henting av siste utgivelse: {err}", + "newtEndpoint": "Newt endepunkt", + "newtId": "Newt-ID", + "newtSecretKey": "Newt hemmelig nøkkel", + "architecture": "Arkitektur", + "sites": "Områder", + "siteWgAnyClients": "Bruk en hvilken som helst WireGuard-klient for å koble til. Du må adressere dine interne ressurser ved å bruke peer-IP-en.", + "siteWgCompatibleAllClients": "Kompatibel med alle WireGuard-klienter", + "siteWgManualConfigurationRequired": "Manuell konfigurasjon påkrevd", + "userErrorNotAdminOrOwner": "Bruker er ikke administrator eller eier", + "pangolinSettings": "Innstillinger - Pangolin", + "accessRoleYour": "Din rolle:", + "accessRoleSelect2": "Velg en rolle", + "accessUserSelect": "Velg en bruker", + "otpEmailEnter": "Skriv inn én e-post", + "otpEmailEnterDescription": "Trykk enter for å legge til en e-post etter å ha tastet den inn i tekstfeltet.", + "otpEmailErrorInvalid": "Ugyldig e-postadresse. Jokertegnet (*) må være hele lokaldelen.", + "otpEmailSmtpRequired": "SMTP påkrevd", + "otpEmailSmtpRequiredDescription": "SMTP må være aktivert på serveren for å bruke engangspassord-autentisering.", + "otpEmailTitle": "Engangspassord", + "otpEmailTitleDescription": "Krev e-postbasert autentisering for ressurstilgang", + "otpEmailWhitelist": "E-post-hviteliste", + "otpEmailWhitelistList": "Hvitlistede e-poster", + "otpEmailWhitelistListDescription": "Kun brukere med disse e-postadressene vil ha tilgang til denne ressursen. De vil bli bedt om å skrive inn et engangspassord sendt til e-posten deres. Jokertegn (*@example.com) kan brukes for å tillate enhver e-postadresse fra et domene.", + "otpEmailWhitelistSave": "Lagre hvitliste", + "passwordAdd": "Legg til passord", + "passwordRemove": "Fjern passord", + "pincodeAdd": "Legg til PIN-kode", + "pincodeRemove": "Fjern PIN-kode", + "resourceAuthMethods": "Autentiseringsmetoder", + "resourceAuthMethodsDescriptions": "Tillat tilgang til ressursen via ytterligere autentiseringsmetoder", + "resourceAuthSettingsSave": "Lagret vellykket", + "resourceAuthSettingsSaveDescription": "Autentiseringsinnstillinger er lagret", + "resourceErrorAuthFetch": "Kunne ikke hente data", + "resourceErrorAuthFetchDescription": "Det oppstod en feil ved henting av data", + "resourceErrorPasswordRemove": "Feil ved fjerning av passord for ressurs", + "resourceErrorPasswordRemoveDescription": "Det oppstod en feil ved fjerning av ressurspassordet", + "resourceErrorPasswordSetup": "Feil ved innstilling av ressurspassord", + "resourceErrorPasswordSetupDescription": "Det oppstod en feil ved innstilling av ressurspassordet", + "resourceErrorPincodeRemove": "Feil ved fjerning av ressurs-PIN-koden", + "resourceErrorPincodeRemoveDescription": "Det oppstod en feil under fjerning av ressurs-pinkoden", + "resourceErrorPincodeSetup": "Feil ved innstilling av ressurs-PIN-kode", + "resourceErrorPincodeSetupDescription": "Det oppstod en feil under innstilling av ressursens PIN-kode", + "resourceErrorUsersRolesSave": "Klarte ikke å sette roller", + "resourceErrorUsersRolesSaveDescription": "En feil oppstod ved innstilling av rollene", + "resourceErrorWhitelistSave": "Feilet å lagre hvitliste", + "resourceErrorWhitelistSaveDescription": "Det oppstod en feil under lagring av hvitlisten", + "resourcePasswordSubmit": "Aktiver passordbeskyttelse", + "resourcePasswordProtection": "Passordbeskyttelse {status}", + "resourcePasswordRemove": "Ressurspassord fjernet", + "resourcePasswordRemoveDescription": "Fjerning av ressurspassordet var vellykket", + "resourcePasswordSetup": "Ressurspassord satt", + "resourcePasswordSetupDescription": "Ressurspassordet har blitt vellykket satt", + "resourcePasswordSetupTitle": "Angi passord", + "resourcePasswordSetupTitleDescription": "Sett et passord for å beskytte denne ressursen", + "resourcePincode": "PIN-kode", + "resourcePincodeSubmit": "Aktiver PIN-kodebeskyttelse", + "resourcePincodeProtection": "PIN-kodebeskyttelse {status}", + "resourcePincodeRemove": "Ressurs PIN-kode fjernet", + "resourcePincodeRemoveDescription": "Ressurspassordet ble fjernet", + "resourcePincodeSetup": "Ressurs PIN-kode satt", + "resourcePincodeSetupDescription": "Ressurs PIN-kode er satt vellykket", + "resourcePincodeSetupTitle": "Angi PIN-kode", + "resourcePincodeSetupTitleDescription": "Sett en pinkode for å beskytte denne ressursen", + "resourceRoleDescription": "Administratorer har alltid tilgang til denne ressursen.", + "resourceUsersRoles": "Brukere og Roller", + "resourceUsersRolesDescription": "Konfigurer hvilke brukere og roller som har tilgang til denne ressursen", + "resourceUsersRolesSubmit": "Lagre brukere og roller", + "resourceWhitelistSave": "Lagring vellykket", + "resourceWhitelistSaveDescription": "Hvitlisteinnstillinger er lagret", + "ssoUse": "Bruk plattform SSO", + "ssoUseDescription": "Eksisterende brukere trenger kun å logge på én gang for alle ressurser som har dette aktivert.", + "proxyErrorInvalidPort": "Ugyldig portnummer", + "subdomainErrorInvalid": "Ugyldig underdomene", + "domainErrorFetch": "Feil ved henting av domener", + "domainErrorFetchDescription": "Det oppstod en feil ved henting av domenene", + "resourceErrorUpdate": "Mislyktes å oppdatere ressurs", + "resourceErrorUpdateDescription": "Det oppstod en feil under oppdatering av ressursen", + "resourceUpdated": "Ressurs oppdatert", + "resourceUpdatedDescription": "Ressursen er oppdatert vellykket", + "resourceErrorTransfer": "Klarte ikke å overføre ressurs", + "resourceErrorTransferDescription": "En feil oppsto under overføring av ressursen", + "resourceTransferred": "Ressurs overført", + "resourceTransferredDescription": "Ressursen er overført vellykket.", + "resourceErrorToggle": "Feilet å veksle ressurs", + "resourceErrorToggleDescription": "Det oppstod en feil ved oppdatering av ressursen", + "resourceVisibilityTitle": "Synlighet", + "resourceVisibilityTitleDescription": "Fullstendig aktiver eller deaktiver ressursynlighet", + "resourceGeneral": "Generelle innstillinger", + "resourceGeneralDescription": "Konfigurer de generelle innstillingene for denne ressursen", + "resourceEnable": "Aktiver ressurs", + "resourceTransfer": "Overfør Ressurs", + "resourceTransferDescription": "Overfør denne ressursen til et annet område", + "resourceTransferSubmit": "Overfør ressurs", + "siteDestination": "Destinasjonsområde", + "searchSites": "Søk områder", + "accessRoleCreate": "Opprett rolle", + "accessRoleCreateDescription": "Opprett en ny rolle for å gruppere brukere og administrere deres tillatelser.", + "accessRoleCreateSubmit": "Opprett rolle", + "accessRoleCreated": "Rolle opprettet", + "accessRoleCreatedDescription": "Rollen er vellykket opprettet.", + "accessRoleErrorCreate": "Klarte ikke å opprette rolle", + "accessRoleErrorCreateDescription": "Det oppstod en feil under opprettelse av rollen.", + "accessRoleErrorNewRequired": "Ny rolle kreves", + "accessRoleErrorRemove": "Kunne ikke fjerne rolle", + "accessRoleErrorRemoveDescription": "Det oppstod en feil under fjerning av rollen.", + "accessRoleName": "Rollenavn", + "accessRoleQuestionRemove": "Du er i ferd med å slette rollen {name}. Du kan ikke angre denne handlingen.", + "accessRoleRemove": "Fjern Rolle", + "accessRoleRemoveDescription": "Fjern en rolle fra organisasjonen", + "accessRoleRemoveSubmit": "Fjern Rolle", + "accessRoleRemoved": "Rolle fjernet", + "accessRoleRemovedDescription": "Rollen er vellykket fjernet.", + "accessRoleRequiredRemove": "Før du sletter denne rollen, vennligst velg en ny rolle å overføre eksisterende medlemmer til.", + "manage": "Administrer", + "sitesNotFound": "Ingen områder funnet.", + "pangolinServerAdmin": "Server Admin - Pangolin", + "licenseTierProfessional": "Profesjonell lisens", + "licenseTierEnterprise": "Bedriftslisens", + "licenseTierCommercial": "Kommersiell lisens", + "licensed": "Lisensiert", + "yes": "Ja", + "no": "Nei", + "sitesAdditional": "Ytterligere områder", + "licenseKeys": "Lisensnøkler", + "sitestCountDecrease": "Reduser antall områder", + "sitestCountIncrease": "Øk antall områder", + "idpManage": "Administrer Identitetsleverandører", + "idpManageDescription": "Vis og administrer identitetsleverandører i systemet", + "idpDeletedDescription": "Identitetsleverandør slettet vellykket", + "idpOidc": "OAuth2/OIDC", + "idpQuestionRemove": "Er du sikker på at du vil slette identitetsleverandøren {name} permanent?", + "idpMessageRemove": "Dette vil fjerne identitetsleverandøren og alle tilhørende konfigurasjoner. Brukere som autentiserer seg via denne leverandøren vil ikke lenger kunne logge inn.", + "idpMessageConfirm": "For å bekrefte, vennligst skriv inn navnet på identitetsleverandøren nedenfor.", + "idpConfirmDelete": "Bekreft Sletting av Identitetsleverandør", + "idpDelete": "Slett identitetsleverandør", + "idp": "Identitetsleverandører", + "idpSearch": "Søk identitetsleverandører...", + "idpAdd": "Legg til Identitetsleverandør", + "idpClientIdRequired": "Klient-ID er påkrevd.", + "idpClientSecretRequired": "Klienthemmelighet er påkrevd.", + "idpErrorAuthUrlInvalid": "Autentiserings-URL må være en gyldig URL.", + "idpErrorTokenUrlInvalid": "Token-URL må være en gyldig URL.", + "idpPathRequired": "Identifikatorbane er påkrevd.", + "idpScopeRequired": "Omfang kreves.", + "idpOidcDescription": "Konfigurer en OpenID Connect identitetsleverandør", + "idpCreatedDescription": "Identitetsleverandør opprettet vellykket.", + "idpCreate": "Opprett identitetsleverandør", + "idpCreateDescription": "Konfigurer en ny identitetsleverandør for brukerautentisering", + "idpSeeAll": "Se alle identitetsleverandører", + "idpSettingsDescription": "Konfigurer grunnleggende informasjon for din identitetsleverandør", + "idpDisplayName": "Et visningsnavn for denne identitetsleverandøren", + "idpAutoProvisionUsers": "Automatisk brukerklargjøring", + "idpAutoProvisionUsersDescription": "Når aktivert, opprettes brukere automatisk i systemet ved første innlogging, med mulighet til å tilordne brukere til roller og organisasjoner.", + "licenseBadge": "Profesjonell", + "idpType": "Leverandørtype", + "idpTypeDescription": "Velg typen identitetsleverandør du ønsker å konfigurere", + "idpOidcConfigure": "OAuth2/OIDC-konfigurasjon", + "idpOidcConfigureDescription": "Konfigurer OAuth2/OIDC-leverandørens endepunkter og legitimasjon", + "idpClientId": "Klient-ID", + "idpClientIdDescription": "OAuth2-klient-ID-en fra identitetsleverandøren din", + "idpClientSecret": "Klienthemmelighet", + "idpClientSecretDescription": "OAuth2-klienthemmeligheten fra din identitetsleverandør", + "idpAuthUrl": "Autorisasjons-URL", + "idpAuthUrlDescription": "OAuth2 autorisasjonsendepunkt URL", + "idpTokenUrl": "Token-URL", + "idpTokenUrlDescription": "OAuth2-tokenendepunkt-URL", + "idpOidcConfigureAlert": "Viktig informasjon", + "idpOidcConfigureAlertDescription": "Etter at du har opprettet identitetsleverandøren, må du konfigurere callback-URL-en i identitetsleverandørens innstillinger. Callback-URL-en blir oppgitt etter vellykket opprettelse.", + "idpToken": "Token-konfigurasjon", + "idpTokenDescription": "Konfigurer hvordan brukerinformasjon trekkes ut fra ID-tokenet", + "idpJmespathAbout": "Om JMESPath", + "idpJmespathAboutDescription": "Stiene nedenfor bruker JMESPath-syntaks for å hente ut verdier fra ID-tokenet.", + "idpJmespathAboutDescriptionLink": "Lær mer om JMESPath", + "idpJmespathLabel": "Identifikatorsti", + "idpJmespathLabelDescription": "Stien til brukeridentifikatoren i ID-tokenet", + "idpJmespathEmailPathOptional": "E-poststi (Valgfritt)", + "idpJmespathEmailPathOptionalDescription": "Stien til brukerens e-postadresse i ID-tokenet", + "idpJmespathNamePathOptional": "Navn Sti (Valgfritt)", + "idpJmespathNamePathOptionalDescription": "Stien til brukerens navn i ID-tokenet", + "idpOidcConfigureScopes": "Omfang", + "idpOidcConfigureScopesDescription": "Mellomromseparert liste over OAuth2-omfang å be om", + "idpSubmit": "Opprett identitetsleverandør", + "orgPolicies": "Organisasjonsretningslinjer", + "idpSettings": "{idpName} Innstillinger", + "idpCreateSettingsDescription": "Konfigurer innstillingene for din identitetsleverandør", + "roleMapping": "Rolletilordning", + "orgMapping": "Organisasjon Kartlegging", + "orgPoliciesSearch": "Søk i organisasjonens retningslinjer...", + "orgPoliciesAdd": "Legg til organisasjonspolicy", + "orgRequired": "Organisasjon er påkrevd", + "error": "Feil", + "success": "Suksess", + "orgPolicyAddedDescription": "Policy vellykket lagt til", + "orgPolicyUpdatedDescription": "Policyen er vellykket oppdatert", + "orgPolicyDeletedDescription": "Policy slettet vellykket", + "defaultMappingsUpdatedDescription": "Standardtilordninger oppdatert vellykket", + "orgPoliciesAbout": "Om organisasjonens retningslinjer", + "orgPoliciesAboutDescription": "Organisasjonspolicyer brukes til å kontrollere tilgang til organisasjoner basert på brukerens ID-token. Du kan spesifisere JMESPath-uttrykk for å trekke ut rolle- og organisasjonsinformasjon fra ID-tokenet.", + "orgPoliciesAboutDescriptionLink": "Se dokumentasjon, for mer informasjon.", + "defaultMappingsOptional": "Standard Tilordninger (Valgfritt)", + "defaultMappingsOptionalDescription": "Standardtilordningene brukes når det ikke er definert en organisasjonspolicy for en organisasjon. Du kan spesifisere standard rolle- og organisasjonstilordninger som det kan falles tilbake på her.", + "defaultMappingsRole": "Standard rolletilordning", + "defaultMappingsRoleDescription": "Resultatet av dette uttrykket må returnere rollenavnet slik det er definert i organisasjonen som en streng.", + "defaultMappingsOrg": "Standard organisasjonstilordning", + "defaultMappingsOrgDescription": "Dette uttrykket må returnere organisasjons-ID-en eller «true» for å gi brukeren tilgang til organisasjonen.", + "defaultMappingsSubmit": "Lagre standard tilordninger", + "orgPoliciesEdit": "Rediger Organisasjonspolicy", + "org": "Organisasjon", + "orgSelect": "Velg organisasjon", + "orgSearch": "Søk organisasjon", + "orgNotFound": "Ingen organisasjon funnet.", + "roleMappingPathOptional": "Rollekartleggingssti (Valgfritt)", + "orgMappingPathOptional": "Organisasjonstilordningssti (Valgfritt)", + "orgPolicyUpdate": "Oppdater policy", + "orgPolicyAdd": "Legg til policy", + "orgPolicyConfig": "Konfigurer tilgang for en organisasjon", + "idpUpdatedDescription": "Identitetsleverandør vellykket oppdatert", + "redirectUrl": "Omdirigerings-URL", + "redirectUrlAbout": "Om omdirigerings-URL", + "redirectUrlAboutDescription": "Dette er URL-en som brukere vil bli omdirigert til etter autentisering. Du må konfigurere denne URL-en i innstillingene for identitetsleverandøren din.", + "pangolinAuth": "Autentisering - Pangolin", + "verificationCodeLengthRequirements": "Din verifiseringskode må være 8 tegn.", + "errorOccurred": "Det oppstod en feil", + "emailErrorVerify": "Kunne ikke verifisere e-post:", + "emailVerified": "E-posten er bekreftet! Omdirigerer deg...", + "verificationCodeErrorResend": "Kunne ikke sende bekreftelseskode på nytt:", + "verificationCodeResend": "Bekreftelseskode sendt på nytt", + "verificationCodeResendDescription": "Vi har sendt en ny bekreftelseskode til e-postadressen din. Vennligst sjekk innboksen din.", + "emailVerify": "Verifiser e-post", + "emailVerifyDescription": "Skriv inn bekreftelseskoden sendt til e-postadressen din.", + "verificationCode": "Verifiseringskode", + "verificationCodeEmailSent": "Vi har sendt en bekreftelseskode til e-postadressen din.", + "submit": "Send inn", + "emailVerifyResendProgress": "Sender på nytt...", + "emailVerifyResend": "Har du ikke mottatt en kode? Klikk her for å sende på nytt", + "passwordNotMatch": "Passordene stemmer ikke", + "signupError": "Det oppsto en feil ved registrering", + "pangolinLogoAlt": "Pangolin Logo", + "inviteAlready": "Ser ut til at du har blitt invitert!", + "inviteAlreadyDescription": "For å godta invitasjonen, må du logge inn eller opprette en konto.", + "signupQuestion": "Har du allerede en konto?", + "login": "Logg inn", + "resourceNotFound": "Ressurs ikke funnet", + "resourceNotFoundDescription": "Ressursen du prøver å få tilgang til eksisterer ikke.", + "pincodeRequirementsLength": "PIN må være nøyaktig 6 siffer", + "pincodeRequirementsChars": "PIN må kun inneholde tall", + "passwordRequirementsLength": "Passord må være minst 1 tegn langt", + "passwordRequirementsTitle": "Passordkrav:", + "passwordRequirementLength": "Minst 8 tegn lang", + "passwordRequirementUppercase": "Minst én stor bokstav", + "passwordRequirementLowercase": "Minst én liten bokstav", + "passwordRequirementNumber": "Minst ét tall", + "passwordRequirementSpecial": "Minst ett spesialtegn", + "passwordRequirementsMet": "✓ Passord oppfyller alle krav", + "passwordStrength": "Passordstyrke", + "passwordStrengthWeak": "Svakt", + "passwordStrengthMedium": "Medium", + "passwordStrengthStrong": "Sterkt", + "passwordRequirements": "Krav:", + "passwordRequirementLengthText": "8+ tegn", + "passwordRequirementUppercaseText": "Stor bokstav (A-Z)", + "passwordRequirementLowercaseText": "Liten bokstav (a-z)", + "passwordRequirementNumberText": "Tall (0-9)", + "passwordRequirementSpecialText": "Spesialtegn (!@#$%...)", + "passwordsDoNotMatch": "Passordene stemmer ikke", + "otpEmailRequirementsLength": "OTP må være minst 1 tegn lang.", + "otpEmailSent": "OTP sendt", + "otpEmailSentDescription": "En OTP er sendt til din e-post", + "otpEmailErrorAuthenticate": "Mislyktes å autentisere med e-post", + "pincodeErrorAuthenticate": "Kunne ikke autentisere med pinkode", + "passwordErrorAuthenticate": "Kunne ikke autentisere med passord", + "poweredBy": "Drevet av", + "authenticationRequired": "Autentisering påkrevd", + "authenticationMethodChoose": "Velg din foretrukne metode for å få tilgang til {name}", + "authenticationRequest": "Du må autentisere deg for å få tilgang til {name}", + "user": "Bruker", + "pincodeInput": "6-sifret PIN-kode", + "pincodeSubmit": "Logg inn med PIN", + "passwordSubmit": "Logg inn med passord", + "otpEmailDescription": "En engangskode vil bli sendt til denne e-posten.", + "otpEmailSend": "Send engangskode", + "otpEmail": "Engangspassord (OTP)", + "otpEmailSubmit": "Send inn OTP", + "backToEmail": "Tilbake til E-post", + "noSupportKey": "Serveren kjører uten en supporterlisens. Vurder å støtte prosjektet!", + "accessDenied": "Tilgang nektet", + "accessDeniedDescription": "Du har ikke tilgang til denne ressursen. Hvis dette er en feil, vennligst kontakt administratoren.", + "accessTokenError": "Feil ved sjekk av tilgangstoken", + "accessGranted": "Tilgang gitt", + "accessUrlInvalid": "Ugyldig tilgangs-URL", + "accessGrantedDescription": "Du har fått tilgang til denne ressursen. Omdirigerer deg...", + "accessUrlInvalidDescription": "Denne delings-URL-en er ugyldig. Vennligst kontakt ressurseieren for en ny URL.", + "tokenInvalid": "Ugyldig token", + "pincodeInvalid": "Ugyldig kode", + "passwordErrorRequestReset": "Forespørsel om tilbakestilling mislyktes", + "passwordErrorReset": "Klarte ikke å tilbakestille passord:", + "passwordResetSuccess": "Passordet er tilbakestilt! Går tilbake til innlogging...", + "passwordReset": "Tilbakestill passord", + "passwordResetDescription": "Følg stegene for å tilbakestille passordet ditt", + "passwordResetSent": "Vi sender en kode for tilbakestilling av passord til denne e-postadressen.", + "passwordResetCode": "Tilbakestillingskode", + "passwordResetCodeDescription": "Sjekk e-posten din for tilbakestillingskoden.", + "passwordNew": "Nytt passord", + "passwordNewConfirm": "Bekreft nytt passord", + "pincodeAuth": "Autentiseringskode", + "pincodeSubmit2": "Send inn kode", + "passwordResetSubmit": "Be om tilbakestilling", + "passwordBack": "Tilbake til passord", + "loginBack": "Gå tilbake til innlogging", + "signup": "Registrer deg", + "loginStart": "Logg inn for å komme i gang", + "idpOidcTokenValidating": "Validerer OIDC-token", + "idpOidcTokenResponse": "Valider OIDC-tokensvar", + "idpErrorOidcTokenValidating": "Feil ved validering av OIDC-token", + "idpConnectingTo": "Kobler til {name}", + "idpConnectingToDescription": "Validerer identiteten din", + "idpConnectingToProcess": "Kobler til...", + "idpConnectingToFinished": "Tilkoblet", + "idpErrorConnectingTo": "Det oppstod et problem med å koble til {name}. Vennligst kontakt din administrator.", + "idpErrorNotFound": "IdP ikke funnet", + "inviteInvalid": "Ugyldig invitasjon", + "inviteInvalidDescription": "Invitasjonslenken er ugyldig.", + "inviteErrorWrongUser": "Invitasjonen er ikke for denne brukeren", + "inviteErrorUserNotExists": "Brukeren eksisterer ikke. Vennligst opprett en konto først.", + "inviteErrorLoginRequired": "Du må være logget inn for å godta en invitasjon", + "inviteErrorExpired": "Invitasjonen kan ha utløpt", + "inviteErrorRevoked": "Invitasjonen kan ha blitt trukket tilbake", + "inviteErrorTypo": "Det kan være en skrivefeil i invitasjonslenken", + "pangolinSetup": "Oppsett - Pangolin", + "orgNameRequired": "Organisasjonsnavn er påkrevd", + "orgIdRequired": "Organisasjons-ID er påkrevd", + "orgErrorCreate": "En feil oppstod under oppretting av organisasjon", + "pageNotFound": "Siden ble ikke funnet", + "pageNotFoundDescription": "Oops! Siden du leter etter finnes ikke.", + "overview": "Oversikt", + "home": "Hjem", + "accessControl": "Tilgangskontroll", + "settings": "Innstillinger", + "usersAll": "Alle brukere", + "license": "Lisens", + "pangolinDashboard": "Dashbord - Pangolin", + "noResults": "Ingen resultater funnet.", + "terabytes": "{count} TB", + "gigabytes": "{count} GB", + "megabytes": "{count} MB", + "tagsEntered": "Inntastede tagger", + "tagsEnteredDescription": "Dette er taggene du har tastet inn.", + "tagsWarnCannotBeLessThanZero": "maxTags og minTags kan ikke være mindre enn 0", + "tagsWarnNotAllowedAutocompleteOptions": "Tagg ikke tillatt i henhold til autofullfør-alternativer", + "tagsWarnInvalid": "Ugyldig tagg i henhold til validateTag", + "tagWarnTooShort": "Tagg {tagText} er for kort", + "tagWarnTooLong": "Tagg {tagText} er for lang", + "tagsWarnReachedMaxNumber": "Maksimalt antall tillatte tagger er nådd", + "tagWarnDuplicate": "Duplisert tagg {tagText} ble ikke lagt til", + "supportKeyInvalid": "Ugyldig nøkkel", + "supportKeyInvalidDescription": "Din supporternøkkel er ugyldig.", + "supportKeyValid": "Gyldig nøkkel", + "supportKeyValidDescription": "Din supporternøkkel er validert. Takk for din støtte!", + "supportKeyErrorValidationDescription": "Klarte ikke å validere supporternøkkel.", + "supportKey": "Støtt utviklingen og adopter en Pangolin!", + "supportKeyDescription": "Kjøp en supporternøkkel for å hjelpe oss med å fortsette utviklingen av Pangolin for fellesskapet. Ditt bidrag lar oss bruke mer tid på å vedlikeholde og legge til nye funksjoner i applikasjonen for alle. Vi vil aldri bruke dette til å legge funksjoner bak en betalingsmur. Dette er atskilt fra enhver kommersiell utgave.", + "supportKeyPet": "Du vil også få adoptere og møte din helt egen kjæledyr-Pangolin!", + "supportKeyPurchase": "Betalinger behandles via GitHub. Etterpå kan du hente nøkkelen din på", + "supportKeyPurchaseLink": "vår nettside", + "supportKeyPurchase2": "og løse den inn her.", + "supportKeyLearnMore": "Lær mer.", + "supportKeyOptions": "Vennligst velg det alternativet som passer deg best.", + "supportKetOptionFull": "Full støttespiller", + "forWholeServer": "For hele serveren", + "lifetimePurchase": "Livstidskjøp", + "supporterStatus": "Supporterstatus", + "buy": "Kjøp", + "supportKeyOptionLimited": "Begrenset støttespiller", + "forFiveUsers": "For 5 eller færre brukere", + "supportKeyRedeem": "Løs inn supporternøkkel", + "supportKeyHideSevenDays": "Skjul i 7 dager", + "supportKeyEnter": "Skriv inn supporternøkkel", + "supportKeyEnterDescription": "Møt din helt egen kjæledyr-Pangolin!", + "githubUsername": "GitHub-brukernavn", + "supportKeyInput": "Supporternøkkel", + "supportKeyBuy": "Kjøp supporternøkkel", + "logoutError": "Feil ved utlogging", + "signingAs": "Logget inn som", + "serverAdmin": "Serveradministrator", + "managedSelfhosted": "Administrert selv-hostet", + "otpEnable": "Aktiver tofaktor", + "otpDisable": "Deaktiver tofaktor", + "logout": "Logg ut", + "licenseTierProfessionalRequired": "Profesjonell utgave påkrevd", + "licenseTierProfessionalRequiredDescription": "Denne funksjonen er kun tilgjengelig i den profesjonelle utgaven.", + "actionGetOrg": "Hent organisasjon", + "actionUpdateOrg": "Oppdater organisasjon", + "actionUpdateUser": "Oppdater bruker", + "actionGetUser": "Hent bruker", + "actionGetOrgUser": "Hent organisasjonsbruker", + "actionListOrgDomains": "List opp organisasjonsdomener", + "actionCreateSite": "Opprett område", + "actionDeleteSite": "Slett område", + "actionGetSite": "Hent område", + "actionListSites": "List opp områder", + "setupToken": "Oppsetttoken", + "setupTokenDescription": "Skriv inn oppsetttoken fra serverkonsollen.", + "setupTokenRequired": "Oppsetttoken er nødvendig", + "actionUpdateSite": "Oppdater område", + "actionListSiteRoles": "List opp tillatte områderoller", + "actionCreateResource": "Opprett ressurs", + "actionDeleteResource": "Slett ressurs", + "actionGetResource": "Hent ressurs", + "actionListResource": "List opp ressurser", + "actionUpdateResource": "Oppdater ressurs", + "actionListResourceUsers": "List opp ressursbrukere", + "actionSetResourceUsers": "Angi ressursbrukere", + "actionSetAllowedResourceRoles": "Angi tillatte ressursroller", + "actionListAllowedResourceRoles": "List opp tillatte ressursroller", + "actionSetResourcePassword": "Angi ressurspassord", + "actionSetResourcePincode": "Angi ressurspinkode", + "actionSetResourceEmailWhitelist": "Angi e-post-hviteliste for ressurs", + "actionGetResourceEmailWhitelist": "Hent e-post-hviteliste for ressurs", + "actionCreateTarget": "Opprett mål", + "actionDeleteTarget": "Slett mål", + "actionGetTarget": "Hent mål", + "actionListTargets": "List opp mål", + "actionUpdateTarget": "Oppdater mål", + "actionCreateRole": "Opprett rolle", + "actionDeleteRole": "Slett rolle", + "actionGetRole": "Hent rolle", + "actionListRole": "List opp roller", + "actionUpdateRole": "Oppdater rolle", + "actionListAllowedRoleResources": "List opp tillatte rolleressurser", + "actionInviteUser": "Inviter bruker", + "actionRemoveUser": "Fjern bruker", + "actionListUsers": "List opp brukere", + "actionAddUserRole": "Legg til brukerrolle", + "actionGenerateAccessToken": "Generer tilgangstoken", + "actionDeleteAccessToken": "Slett tilgangstoken", + "actionListAccessTokens": "List opp tilgangstokener", + "actionCreateResourceRule": "Opprett ressursregel", + "actionDeleteResourceRule": "Slett ressursregel", + "actionListResourceRules": "List opp ressursregler", + "actionUpdateResourceRule": "Oppdater ressursregel", + "actionListOrgs": "List opp organisasjoner", + "actionCheckOrgId": "Sjekk ID", + "actionCreateOrg": "Opprett organisasjon", + "actionDeleteOrg": "Slett organisasjon", + "actionListApiKeys": "List opp API-nøkler", + "actionListApiKeyActions": "List opp API-nøkkelhandlinger", + "actionSetApiKeyActions": "Angi tillatte handlinger for API-nøkkel", + "actionCreateApiKey": "Opprett API-nøkkel", + "actionDeleteApiKey": "Slett API-nøkkel", + "actionCreateIdp": "Opprett IDP", + "actionUpdateIdp": "Oppdater IDP", + "actionDeleteIdp": "Slett IDP", + "actionListIdps": "List opp IDP-er", + "actionGetIdp": "Hent IDP", + "actionCreateIdpOrg": "Opprett IDP-organisasjonspolicy", + "actionDeleteIdpOrg": "Slett IDP-organisasjonspolicy", + "actionListIdpOrgs": "List opp IDP-organisasjoner", + "actionUpdateIdpOrg": "Oppdater IDP-organisasjon", + "actionCreateClient": "Opprett Klient", + "actionDeleteClient": "Slett klient", + "actionUpdateClient": "Oppdater klient", + "actionListClients": "List klienter", + "actionGetClient": "Hent klient", + "noneSelected": "Ingen valgt", + "orgNotFound2": "Ingen organisasjoner funnet.", + "searchProgress": "Søker...", + "create": "Opprett", + "orgs": "Organisasjoner", + "loginError": "En feil oppstod under innlogging", + "passwordForgot": "Glemt passordet ditt?", + "otpAuth": "Tofaktorautentisering", + "otpAuthDescription": "Skriv inn koden fra autentiseringsappen din eller en av dine engangs reservekoder.", + "otpAuthSubmit": "Send inn kode", + "idpContinue": "Eller fortsett med", + "otpAuthBack": "Tilbake til innlogging", + "navbar": "Navigasjonsmeny", + "navbarDescription": "Hovednavigasjonsmeny for applikasjonen", + "navbarDocsLink": "Dokumentasjon", + "commercialEdition": "Kommersiell utgave", + "otpErrorEnable": "Kunne ikke aktivere 2FA", + "otpErrorEnableDescription": "En feil oppstod under aktivering av 2FA", + "otpSetupCheckCode": "Vennligst skriv inn en 6-sifret kode", + "otpSetupCheckCodeRetry": "Ugyldig kode. Vennligst prøv igjen.", + "otpSetup": "Aktiver tofaktorautentisering", + "otpSetupDescription": "Sikre kontoen din med et ekstra lag med beskyttelse", + "otpSetupScanQr": "Skann denne QR-koden med autentiseringsappen din eller skriv inn den hemmelige nøkkelen manuelt:", + "otpSetupSecretCode": "Autentiseringskode", + "otpSetupSuccess": "Tofaktorautentisering aktivert", + "otpSetupSuccessStoreBackupCodes": "Kontoen din er nå sikrere. Ikke glem å lagre reservekodene dine.", + "otpErrorDisable": "Kunne ikke deaktivere 2FA", + "otpErrorDisableDescription": "En feil oppstod under deaktivering av 2FA", + "otpRemove": "Deaktiver tofaktorautentisering", + "otpRemoveDescription": "Deaktiver tofaktorautentisering for kontoen din", + "otpRemoveSuccess": "Tofaktorautentisering deaktivert", + "otpRemoveSuccessMessage": "Tofaktorautentisering er deaktivert for kontoen din. Du kan aktivere den igjen når som helst.", + "otpRemoveSubmit": "Deaktiver 2FA", + "paginator": "Side {current} av {last}", + "paginatorToFirst": "Gå til første side", + "paginatorToPrevious": "Gå til forrige side", + "paginatorToNext": "Gå til neste side", + "paginatorToLast": "Gå til siste side", + "copyText": "Kopier tekst", + "copyTextFailed": "Klarte ikke å kopiere tekst: ", + "copyTextClipboard": "Kopier til utklippstavle", + "inviteErrorInvalidConfirmation": "Ugyldig bekreftelse", + "passwordRequired": "Passord er påkrevd", + "allowAll": "Tillat alle", + "permissionsAllowAll": "Tillat alle rettigheter", + "githubUsernameRequired": "GitHub-brukernavn er påkrevd", + "supportKeyRequired": "supporternøkkel er påkrevd", + "passwordRequirementsChars": "Passordet må være minst 8 tegn", + "language": "Språk", + "verificationCodeRequired": "Kode er påkrevd", + "userErrorNoUpdate": "Ingen bruker å oppdatere", + "siteErrorNoUpdate": "Ingen område å oppdatere", + "resourceErrorNoUpdate": "Ingen ressurs å oppdatere", + "authErrorNoUpdate": "Ingen autentiseringsinfo å oppdatere", + "orgErrorNoUpdate": "Ingen organisasjon å oppdatere", + "orgErrorNoProvided": "Ingen organisasjon angitt", + "apiKeysErrorNoUpdate": "Ingen API-nøkkel å oppdatere", + "sidebarOverview": "Oversikt", + "sidebarHome": "Hjem", + "sidebarSites": "Områder", + "sidebarResources": "Ressurser", + "sidebarAccessControl": "Tilgangskontroll", + "sidebarUsers": "Brukere", + "sidebarInvitations": "Invitasjoner", + "sidebarRoles": "Roller", + "sidebarShareableLinks": "Delbare lenker", + "sidebarApiKeys": "API-nøkler", + "sidebarSettings": "Innstillinger", + "sidebarAllUsers": "Alle brukere", + "sidebarIdentityProviders": "Identitetsleverandører", + "sidebarLicense": "Lisens", + "sidebarClients": "Klienter (Beta)", + "sidebarDomains": "Domener", + "enableDockerSocket": "Aktiver Docker Socket", + "enableDockerSocketDescription": "Aktiver Docker Socket-oppdagelse for å fylle ut containerinformasjon. Socket-stien må oppgis til Newt.", + "enableDockerSocketLink": "Lær mer", + "viewDockerContainers": "Vis Docker-containere", + "containersIn": "Containere i {siteName}", + "selectContainerDescription": "Velg en hvilken som helst container for å bruke som vertsnavn for dette målet. Klikk på en port for å bruke en port.", + "containerName": "Navn", + "containerImage": "Bilde", + "containerState": "Tilstand", + "containerNetworks": "Nettverk", + "containerHostnameIp": "Vertsnavn/IP", + "containerLabels": "Etiketter", + "containerLabelsCount": "{count, plural, one {en etikett} other {# etiketter}}", + "containerLabelsTitle": "Containeretiketter", + "containerLabelEmpty": "", + "containerPorts": "Porter", + "containerPortsMore": "+{count} til", + "containerActions": "Handlinger", + "select": "Velg", + "noContainersMatchingFilters": "Ingen containere funnet som matcher de nåværende filtrene.", + "showContainersWithoutPorts": "Vis containere uten porter", + "showStoppedContainers": "Vis stoppede containere", + "noContainersFound": "Ingen containere funnet. Sørg for at Docker-containere kjører.", + "searchContainersPlaceholder": "Søk blant {count} containere...", + "searchResultsCount": "{count, plural, one {ett resultat} other {# resultater}}", + "filters": "Filtre", + "filterOptions": "Filteralternativer", + "filterPorts": "Porter", + "filterStopped": "Stoppet", + "clearAllFilters": "Fjern alle filtre", + "columns": "Kolonner", + "toggleColumns": "Vis/skjul kolonner", + "refreshContainersList": "Oppdater containerliste", + "searching": "Søker...", + "noContainersFoundMatching": "Ingen containere funnet som matcher \"{filter}\".", + "light": "lys", + "dark": "mørk", + "system": "system", + "theme": "Tema", + "subnetRequired": "Subnett er påkrevd", + "initialSetupTitle": "Førstegangsoppsett av server", + "initialSetupDescription": "Opprett den første serveradministratorkontoen. Det kan bare finnes én serveradministrator. Du kan alltid endre denne påloggingsinformasjonen senere.", + "createAdminAccount": "Opprett administratorkonto", + "setupErrorCreateAdmin": "En feil oppstod under opprettelsen av serveradministratorkontoen.", + "certificateStatus": "Sertifikatstatus", + "loading": "Laster inn", + "restart": "Start på nytt", + "domains": "Domener", + "domainsDescription": "Administrer domener for organisasjonen din", + "domainsSearch": "Søk i domener...", + "domainAdd": "Legg til domene", + "domainAddDescription": "Registrer et nytt domene hos organisasjonen din", + "domainCreate": "Opprett domene", + "domainCreatedDescription": "Domene ble opprettet", + "domainDeletedDescription": "Domene ble slettet", + "domainQuestionRemove": "Er du sikker på at du vil fjerne domenet {domain} fra kontoen din?", + "domainMessageRemove": "Når domenet er fjernet, vil det ikke lenger være knyttet til kontoen din.", + "domainMessageConfirm": "For å bekrefte, vennligst skriv inn domenenavnet nedenfor.", + "domainConfirmDelete": "Bekreft sletting av domene", + "domainDelete": "Slett domene", + "domain": "Domene", + "selectDomainTypeNsName": "Domenedelegering (NS)", + "selectDomainTypeNsDescription": "Dette domenet og alle dets underdomener. Bruk dette når du vil kontrollere en hel domenesone.", + "selectDomainTypeCnameName": "Enkelt domene (CNAME)", + "selectDomainTypeCnameDescription": "Bare dette spesifikke domenet. Bruk dette for individuelle underdomener eller spesifikke domeneoppføringer.", + "selectDomainTypeWildcardName": "Wildcard-domene", + "selectDomainTypeWildcardDescription": "Dette domenet og dets underdomener.", + "domainDelegation": "Enkelt domene", + "selectType": "Velg en type", + "actions": "Handlinger", + "refresh": "Oppdater", + "refreshError": "Klarte ikke å oppdatere data", + "verified": "Verifisert", + "pending": "Venter", + "sidebarBilling": "Fakturering", + "billing": "Fakturering", + "orgBillingDescription": "Administrer faktureringsinformasjon og abonnementer", + "github": "GitHub", + "pangolinHosted": "Driftet av Pangolin", + "fossorial": "Fossorial", + "completeAccountSetup": "Fullfør kontooppsett", + "completeAccountSetupDescription": "Angi passordet ditt for å komme i gang", + "accountSetupSent": "Vi sender en oppsettskode for kontoen til denne e-postadressen.", + "accountSetupCode": "Oppsettskode", + "accountSetupCodeDescription": "Sjekk e-posten din for oppsettskoden.", + "passwordCreate": "Opprett passord", + "passwordCreateConfirm": "Bekreft passord", + "accountSetupSubmit": "Send oppsettskode", + "completeSetup": "Fullfør oppsett", + "accountSetupSuccess": "Kontooppsett fullført! Velkommen til Pangolin!", + "documentation": "Dokumentasjon", + "saveAllSettings": "Lagre alle innstillinger", + "settingsUpdated": "Innstillinger oppdatert", + "settingsUpdatedDescription": "Alle innstillinger er oppdatert", + "settingsErrorUpdate": "Klarte ikke å oppdatere innstillinger", + "settingsErrorUpdateDescription": "En feil oppstod under oppdatering av innstillinger", + "sidebarCollapse": "Skjul", + "sidebarExpand": "Utvid", + "newtUpdateAvailable": "Oppdatering tilgjengelig", + "newtUpdateAvailableInfo": "En ny versjon av Newt er tilgjengelig. Vennligst oppdater til den nyeste versjonen for den beste opplevelsen.", + "domainPickerEnterDomain": "Domene", + "domainPickerPlaceholder": "minapp.eksempel.com, api.v1.mittdomene.com, eller bare minapp", + "domainPickerDescription": "Skriv inn hele domenet til ressursen for å se tilgjengelige alternativer.", + "domainPickerDescriptionSaas": "Skriv inn et fullt domene, underdomene eller bare et navn for å se tilgjengelige alternativer", + "domainPickerTabAll": "Alle", + "domainPickerTabOrganization": "Organisasjon", + "domainPickerTabProvided": "Levert", + "domainPickerSortAsc": "A-Å", + "domainPickerSortDesc": "Å-A", + "domainPickerCheckingAvailability": "Sjekker tilgjengelighet...", + "domainPickerNoMatchingDomains": "Ingen samsvarende domener funnet. Prøv et annet domene eller sjekk organisasjonens domeneinnstillinger.", + "domainPickerOrganizationDomains": "Organisasjonsdomener", + "domainPickerProvidedDomains": "Leverte domener", + "domainPickerSubdomain": "Underdomene: {subdomain}", + "domainPickerNamespace": "Navnerom: {namespace}", + "domainPickerShowMore": "Vis mer", + "domainNotFound": "Domene ikke funnet", + "domainNotFoundDescription": "Denne ressursen er deaktivert fordi domenet ikke lenger eksisterer i systemet vårt. Vennligst angi et nytt domene for denne ressursen.", + "failed": "Mislyktes", + "createNewOrgDescription": "Opprett en ny organisasjon", + "organization": "Organisasjon", + "port": "Port", + "securityKeyManage": "Administrer sikkerhetsnøkler", + "securityKeyDescription": "Legg til eller fjern sikkerhetsnøkler for passordløs autentisering", + "securityKeyRegister": "Registrer ny sikkerhetsnøkkel", + "securityKeyList": "Dine sikkerhetsnøkler", + "securityKeyNone": "Ingen sikkerhetsnøkler er registrert enda", + "securityKeyNameRequired": "Navn er påkrevd", + "securityKeyRemove": "Fjern", + "securityKeyLastUsed": "Sist brukt: {date}", + "securityKeyNameLabel": "Navn på sikkerhetsnøkkel", + "securityKeyRegisterSuccess": "Sikkerhetsnøkkel registrert", + "securityKeyRegisterError": "Klarte ikke å registrere sikkerhetsnøkkel", + "securityKeyRemoveSuccess": "Sikkerhetsnøkkel fjernet", + "securityKeyRemoveError": "Klarte ikke å fjerne sikkerhetsnøkkel", + "securityKeyLoadError": "Klarte ikke å laste inn sikkerhetsnøkler", + "securityKeyLogin": "Fortsett med sikkerhetsnøkkel", + "securityKeyAuthError": "Klarte ikke å autentisere med sikkerhetsnøkkel", + "securityKeyRecommendation": "Registrer en reservesikkerhetsnøkkel på en annen enhet for å sikre at du alltid har tilgang til kontoen din.", + "registering": "Registrerer...", + "securityKeyPrompt": "Vennligst verifiser identiteten din med sikkerhetsnøkkelen. Sørg for at sikkerhetsnøkkelen er koblet til og klar.", + "securityKeyBrowserNotSupported": "Nettleseren din støtter ikke sikkerhetsnøkler. Vennligst bruk en moderne nettleser som Chrome, Firefox eller Safari.", + "securityKeyPermissionDenied": "Vennligst tillat tilgang til sikkerhetsnøkkelen din for å fortsette innloggingen.", + "securityKeyRemovedTooQuickly": "Vennligst hold sikkerhetsnøkkelen tilkoblet til innloggingsprosessen er fullført.", + "securityKeyNotSupported": "Sikkerhetsnøkkelen din er kanskje ikke kompatibel. Vennligst prøv en annen sikkerhetsnøkkel.", + "securityKeyUnknownError": "Det oppstod et problem med å bruke sikkerhetsnøkkelen din. Vennligst prøv igjen.", + "twoFactorRequired": "Tofaktorautentisering er påkrevd for å registrere en sikkerhetsnøkkel.", + "twoFactor": "Tofaktorautentisering", + "adminEnabled2FaOnYourAccount": "Din administrator har aktivert tofaktorautentisering for {email}. Vennligst fullfør oppsettsprosessen for å fortsette.", + "continueToApplication": "Fortsett til applikasjonen", + "securityKeyAdd": "Legg til sikkerhetsnøkkel", + "securityKeyRegisterTitle": "Registrer ny sikkerhetsnøkkel", + "securityKeyRegisterDescription": "Koble til sikkerhetsnøkkelen og skriv inn et navn for å identifisere den", + "securityKeyTwoFactorRequired": "Tofaktorautentisering påkrevd", + "securityKeyTwoFactorDescription": "Vennligst skriv inn koden for tofaktorautentisering for å registrere sikkerhetsnøkkelen", + "securityKeyTwoFactorRemoveDescription": "Vennligst skriv inn koden for tofaktorautentisering for å fjerne sikkerhetsnøkkelen", + "securityKeyTwoFactorCode": "Tofaktorkode", + "securityKeyRemoveTitle": "Fjern sikkerhetsnøkkel", + "securityKeyRemoveDescription": "Skriv inn passordet ditt for å fjerne sikkerhetsnøkkelen \"{name}\"", + "securityKeyNoKeysRegistered": "Ingen sikkerhetsnøkler registrert", + "securityKeyNoKeysDescription": "Legg til en sikkerhetsnøkkel for å øke sikkerheten på kontoen din", + "createDomainRequired": "Domene er påkrevd", + "createDomainAddDnsRecords": "Legg til DNS-oppføringer", + "createDomainAddDnsRecordsDescription": "Legg til følgende DNS-oppføringer hos din domeneleverandør for å fullføre oppsettet.", + "createDomainNsRecords": "NS-oppføringer", + "createDomainRecord": "Oppføring", + "createDomainType": "Type:", + "createDomainName": "Navn:", + "createDomainValue": "Verdi:", + "createDomainCnameRecords": "CNAME-oppføringer", + "createDomainARecords": "A-oppføringer", + "createDomainRecordNumber": "Oppføring {number}", + "createDomainTxtRecords": "TXT-oppføringer", + "createDomainSaveTheseRecords": "Lagre disse oppføringene", + "createDomainSaveTheseRecordsDescription": "Sørg for å lagre disse DNS-oppføringene, da du ikke vil se dem igjen.", + "createDomainDnsPropagation": "DNS-propagering", + "createDomainDnsPropagationDescription": "DNS-endringer kan ta litt tid å propagere over internett. Dette kan ta fra noen få minutter til 48 timer, avhengig av din DNS-leverandør og TTL-innstillinger.", + "resourcePortRequired": "Portnummer er påkrevd for ikke-HTTP-ressurser", + "resourcePortNotAllowed": "Portnummer skal ikke angis for HTTP-ressurser", + "signUpTerms": { + "IAgreeToThe": "Jeg godtar", + "termsOfService": "brukervilkårene", + "and": "og", + "privacyPolicy": "personvernerklæringen" + }, + "siteRequired": "Område er påkrevd.", + "olmTunnel": "Olm-tunnel", + "olmTunnelDescription": "Bruk Olm for klienttilkobling", + "errorCreatingClient": "Feil ved oppretting av klient", + "clientDefaultsNotFound": "Klientstandarder ikke funnet", + "createClient": "Opprett klient", + "createClientDescription": "Opprett en ny klient for å koble til dine områder", + "seeAllClients": "Se alle klienter", + "clientInformation": "Klientinformasjon", + "clientNamePlaceholder": "Klientnavn", + "address": "Adresse", + "subnetPlaceholder": "Subnett", + "addressDescription": "Adressen denne klienten vil bruke for tilkobling", + "selectSites": "Velg områder", + "sitesDescription": "Klienten vil ha tilkobling til de valgte områdene", + "clientInstallOlm": "Installer Olm", + "clientInstallOlmDescription": "Få Olm til å kjøre på systemet ditt", + "clientOlmCredentials": "Olm-legitimasjon", + "clientOlmCredentialsDescription": "Slik vil Olm autentisere med serveren", + "olmEndpoint": "Olm-endepunkt", + "olmId": "Olm-ID", + "olmSecretKey": "Olm hemmelig nøkkel", + "clientCredentialsSave": "Lagre din legitimasjon", + "clientCredentialsSaveDescription": "Du vil bare kunne se dette én gang. Sørg for å kopiere det til et sikkert sted.", + "generalSettingsDescription": "Konfigurer de generelle innstillingene for denne klienten", + "clientUpdated": "Klient oppdatert", + "clientUpdatedDescription": "Klienten er blitt oppdatert.", + "clientUpdateFailed": "Klarte ikke å oppdatere klient", + "clientUpdateError": "En feil oppstod under oppdatering av klienten.", + "sitesFetchFailed": "Klarte ikke å hente områder", + "sitesFetchError": "En feil oppstod under henting av områder.", + "olmErrorFetchReleases": "En feil oppstod under henting av Olm-utgivelser.", + "olmErrorFetchLatest": "En feil oppstod under henting av den nyeste Olm-utgivelsen.", + "remoteSubnets": "Fjern-subnett", + "enterCidrRange": "Skriv inn CIDR-område", + "remoteSubnetsDescription": "Legg til CIDR-områder som kan få fjerntilgang til dette området. Bruk format som 10.0.0.0/24 eller 192.168.1.0/24.", + "resourceEnableProxy": "Aktiver offentlig proxy", + "resourceEnableProxyDescription": "Aktiver offentlig proxying til denne ressursen. Dette gir tilgang til ressursen fra utsiden av nettverket gjennom skyen på en åpen port. Krever Traefik-konfigurasjon.", + "externalProxyEnabled": "Ekstern proxy aktivert", + "addNewTarget": "Legg til nytt mål", + "targetsList": "Liste over mål", + "targetErrorDuplicateTargetFound": "Duplikat av mål funnet", + "httpMethod": "HTTP-metode", + "selectHttpMethod": "Velg HTTP-metode", + "domainPickerSubdomainLabel": "Underdomene", + "domainPickerBaseDomainLabel": "Grunndomene", + "domainPickerSearchDomains": "Søk i domener...", + "domainPickerNoDomainsFound": "Ingen domener funnet", + "domainPickerLoadingDomains": "Laster inn domener...", + "domainPickerSelectBaseDomain": "Velg grunndomene...", + "domainPickerNotAvailableForCname": "Ikke tilgjengelig for CNAME-domener", + "domainPickerEnterSubdomainOrLeaveBlank": "Skriv inn underdomene eller la feltet stå tomt for å bruke grunndomene.", + "domainPickerEnterSubdomainToSearch": "Skriv inn et underdomene for å søke og velge blant tilgjengelige gratis domener.", + "domainPickerFreeDomains": "Gratis domener", + "domainPickerSearchForAvailableDomains": "Søk etter tilgjengelige domener", + "resourceDomain": "Domene", + "resourceEditDomain": "Rediger domene", + "siteName": "Områdenavn", + "proxyPort": "Port", + "resourcesTableProxyResources": "Proxy-ressurser", + "resourcesTableClientResources": "Klientressurser", + "resourcesTableNoProxyResourcesFound": "Ingen proxy-ressurser funnet.", + "resourcesTableNoInternalResourcesFound": "Ingen interne ressurser funnet.", + "resourcesTableDestination": "Destinasjon", + "resourcesTableTheseResourcesForUseWith": "Disse ressursene er til bruk med", + "resourcesTableClients": "Klienter", + "resourcesTableAndOnlyAccessibleInternally": "og er kun tilgjengelig internt når de er koblet til med en klient.", + "editInternalResourceDialogEditClientResource": "Rediger klientressurs", + "editInternalResourceDialogUpdateResourceProperties": "Oppdater ressursens egenskaper og målkonfigurasjon for {resourceName}.", + "editInternalResourceDialogResourceProperties": "Ressursegenskaper", + "editInternalResourceDialogName": "Navn", + "editInternalResourceDialogProtocol": "Protokoll", + "editInternalResourceDialogSitePort": "Områdeport", + "editInternalResourceDialogTargetConfiguration": "Målkonfigurasjon", + "editInternalResourceDialogDestinationIP": "Destinasjons-IP", + "editInternalResourceDialogDestinationPort": "Destinasjonsport", + "editInternalResourceDialogCancel": "Avbryt", + "editInternalResourceDialogSaveResource": "Lagre ressurs", + "editInternalResourceDialogSuccess": "Suksess", + "editInternalResourceDialogInternalResourceUpdatedSuccessfully": "Intern ressurs oppdatert vellykket", + "editInternalResourceDialogError": "Feil", + "editInternalResourceDialogFailedToUpdateInternalResource": "Mislyktes å oppdatere intern ressurs", + "editInternalResourceDialogNameRequired": "Navn er påkrevd", + "editInternalResourceDialogNameMaxLength": "Navn kan ikke være lengre enn 255 tegn", + "editInternalResourceDialogProxyPortMin": "Proxy-port må være minst 1", + "editInternalResourceDialogProxyPortMax": "Proxy-port må være mindre enn 65536", + "editInternalResourceDialogInvalidIPAddressFormat": "Ugyldig IP-adresseformat", + "editInternalResourceDialogDestinationPortMin": "Destinasjonsport må være minst 1", + "editInternalResourceDialogDestinationPortMax": "Destinasjonsport må være mindre enn 65536", + "createInternalResourceDialogNoSitesAvailable": "Ingen tilgjengelige steder", + "createInternalResourceDialogNoSitesAvailableDescription": "Du må ha minst ett Newt-område med et konfigureret delnett for å lage interne ressurser.", + "createInternalResourceDialogClose": "Lukk", + "createInternalResourceDialogCreateClientResource": "Opprett klientressurs", + "createInternalResourceDialogCreateClientResourceDescription": "Lag en ny ressurs som blir tilgjengelig for klienter koblet til det valgte området.", + "createInternalResourceDialogResourceProperties": "Ressursegenskaper", + "createInternalResourceDialogName": "Navn", + "createInternalResourceDialogSite": "Område", + "createInternalResourceDialogSelectSite": "Velg område...", + "createInternalResourceDialogSearchSites": "Søk i områder...", + "createInternalResourceDialogNoSitesFound": "Ingen områder funnet.", + "createInternalResourceDialogProtocol": "Protokoll", + "createInternalResourceDialogTcp": "TCP", + "createInternalResourceDialogUdp": "UDP", + "createInternalResourceDialogSitePort": "Områdeport", + "createInternalResourceDialogSitePortDescription": "Bruk denne porten for å få tilgang til ressursen på området når du er tilkoblet med en klient.", + "createInternalResourceDialogTargetConfiguration": "Målkonfigurasjon", + "createInternalResourceDialogDestinationIP": "Destinasjons-IP", + "createInternalResourceDialogDestinationIPDescription": "IP-adressen til ressursen på områdets nettverk.", + "createInternalResourceDialogDestinationPort": "Destinasjonsport", + "createInternalResourceDialogDestinationPortDescription": "Porten på destinasjons-IP-en der ressursen kan nås.", + "createInternalResourceDialogCancel": "Avbryt", + "createInternalResourceDialogCreateResource": "Opprett ressurs", + "createInternalResourceDialogSuccess": "Suksess", + "createInternalResourceDialogInternalResourceCreatedSuccessfully": "Intern ressurs opprettet vellykket", + "createInternalResourceDialogError": "Feil", + "createInternalResourceDialogFailedToCreateInternalResource": "Kunne ikke opprette intern ressurs", + "createInternalResourceDialogNameRequired": "Navn er påkrevd", + "createInternalResourceDialogNameMaxLength": "Navn kan ikke være lengre enn 255 tegn", + "createInternalResourceDialogPleaseSelectSite": "Vennligst velg et område", + "createInternalResourceDialogProxyPortMin": "Proxy-port må være minst 1", + "createInternalResourceDialogProxyPortMax": "Proxy-port må være mindre enn 65536", + "createInternalResourceDialogInvalidIPAddressFormat": "Ugyldig IP-adresseformat", + "createInternalResourceDialogDestinationPortMin": "Destinasjonsport må være minst 1", + "createInternalResourceDialogDestinationPortMax": "Destinasjonsport må være mindre enn 65536", + "siteConfiguration": "Konfigurasjon", + "siteAcceptClientConnections": "Godta klientforbindelser", + "siteAcceptClientConnectionsDescription": "Tillat andre enheter å koble seg til gjennom denne Newt-instansen som en gateway ved hjelp av klienter.", + "siteAddress": "Områdeadresse", + "siteAddressDescription": "Angi IP-adressen til verten for klienter å koble seg til. Dette er den interne adressen til området i Pangolin-nettverket for klienter som adresserer. Må falle innenfor Org-underettet.", + "autoLoginExternalIdp": "Automatisk innlogging med ekstern IDP", + "autoLoginExternalIdpDescription": "Omdiriger brukeren umiddelbart til den eksterne IDP-en for autentisering.", + "selectIdp": "Velg IDP", + "selectIdpPlaceholder": "Velg en IDP...", + "selectIdpRequired": "Vennligst velg en IDP når automatisk innlogging er aktivert.", + "autoLoginTitle": "Omdirigering", + "autoLoginDescription": "Omdirigerer deg til den eksterne identitetsleverandøren for autentisering.", + "autoLoginProcessing": "Forbereder autentisering...", + "autoLoginRedirecting": "Omdirigerer til innlogging...", + "autoLoginError": "Feil ved automatisk innlogging", + "autoLoginErrorNoRedirectUrl": "Ingen omdirigerings-URL mottatt fra identitetsleverandøren.", + "autoLoginErrorGeneratingUrl": "Kunne ikke generere autentiserings-URL." +} diff --git a/messages/nl-NL.json b/messages/nl-NL.json index 14cfe9ac..69c70083 100644 --- a/messages/nl-NL.json +++ b/messages/nl-NL.json @@ -94,7 +94,9 @@ "siteNewtTunnelDescription": "Gemakkelijkste manier om een ingangspunt in uw netwerk te maken. Geen extra opzet.", "siteWg": "Basis WireGuard", "siteWgDescription": "Gebruik een WireGuard client om een tunnel te bouwen. Handmatige NAT installatie vereist.", + "siteWgDescriptionSaas": "Gebruik elke WireGuard-client om een tunnel op te zetten. Handmatige NAT-instelling vereist. WERKT ALLEEN OP SELF HOSTED NODES", "siteLocalDescription": "Alleen lokale bronnen. Geen tunneling.", + "siteLocalDescriptionSaas": "Alleen lokale bronnen. Geen tunneling. WERKT ALLEEN OP SELF HOSTED NODES", "siteSeeAll": "Alle werkruimtes bekijken", "siteTunnelDescription": "Bepaal hoe u verbinding wilt maken met uw site", "siteNewtCredentials": "Nieuwste aanmeldgegevens", @@ -166,7 +168,7 @@ "siteSelect": "Selecteer site", "siteSearch": "Zoek site", "siteNotFound": "Geen site gevonden.", - "siteSelectionDescription": "Deze site zal connectiviteit met de bron geven.", + "siteSelectionDescription": "Deze site zal connectiviteit met het doelwit bieden.", "resourceType": "Type bron", "resourceTypeDescription": "Bepaal hoe u toegang wilt krijgen tot uw bron", "resourceHTTPSSettings": "HTTPS instellingen", @@ -197,6 +199,7 @@ "general": "Algemeen", "generalSettings": "Algemene instellingen", "proxy": "Proxy", + "internal": "Intern", "rules": "Regels", "resourceSettingDescription": "Configureer de instellingen op uw bron", "resourceSetting": "{resourceName} instellingen", @@ -490,7 +493,7 @@ "targetTlsSniDescription": "De TLS servernaam om te gebruiken voor SNI. Laat leeg om de standaard te gebruiken.", "targetTlsSubmit": "Instellingen opslaan", "targets": "Doelstellingen configuratie", - "targetsDescription": "Stel doelen in om verkeer naar uw diensten te leiden", + "targetsDescription": "Stel doelen in om verkeer naar uw backend-services te leiden", "targetStickySessions": "Sticky sessies inschakelen", "targetStickySessionsDescription": "Behoud verbindingen op hetzelfde backend doel voor hun hele sessie.", "methodSelect": "Selecteer methode", @@ -833,6 +836,24 @@ "pincodeRequirementsLength": "Pincode moet precies 6 cijfers zijn", "pincodeRequirementsChars": "Pincode mag alleen cijfers bevatten", "passwordRequirementsLength": "Wachtwoord moet ten minste 1 teken lang zijn", + "passwordRequirementsTitle": "Wachtwoordvereisten:", + "passwordRequirementLength": "Minstens 8 tekens lang", + "passwordRequirementUppercase": "Minstens één hoofdletter", + "passwordRequirementLowercase": "Minstens één kleine letter", + "passwordRequirementNumber": "Minstens één cijfer", + "passwordRequirementSpecial": "Minstens één speciaal teken", + "passwordRequirementsMet": "✓ Wachtwoord voldoet aan alle vereisten", + "passwordStrength": "Wachtwoord sterkte", + "passwordStrengthWeak": "Zwak", + "passwordStrengthMedium": "Gemiddeld", + "passwordStrengthStrong": "Sterk", + "passwordRequirements": "Vereisten:", + "passwordRequirementLengthText": "8+ tekens", + "passwordRequirementUppercaseText": "Hoofdletter (A-Z)", + "passwordRequirementLowercaseText": "Kleine letter (a-z)", + "passwordRequirementNumberText": "Cijfer (0-9)", + "passwordRequirementSpecialText": "Speciaal teken (!@#$%...)", + "passwordsDoNotMatch": "Wachtwoorden komen niet overeen", "otpEmailRequirementsLength": "OTP moet minstens 1 teken lang zijn", "otpEmailSent": "OTP verzonden", "otpEmailSentDescription": "Een OTP is naar uw e-mail verzonden", @@ -952,6 +973,7 @@ "logoutError": "Fout bij uitloggen", "signingAs": "Ingelogd als", "serverAdmin": "Server Beheerder", + "managedSelfhosted": "Beheerde Self-Hosted", "otpEnable": "Twee-factor inschakelen", "otpDisable": "Tweestapsverificatie uitschakelen", "logout": "Log uit", @@ -967,6 +989,9 @@ "actionDeleteSite": "Site verwijderen", "actionGetSite": "Site ophalen", "actionListSites": "Sites weergeven", + "setupToken": "Setup Token", + "setupTokenDescription": "Voer het setup-token in vanaf de serverconsole.", + "setupTokenRequired": "Setup-token is vereist", "actionUpdateSite": "Site bijwerken", "actionListSiteRoles": "Toon toegestane sitenollen", "actionCreateResource": "Bron maken", @@ -1022,6 +1047,11 @@ "actionDeleteIdpOrg": "Verwijder IDP Org Beleid", "actionListIdpOrgs": "Toon IDP Orgs", "actionUpdateIdpOrg": "IDP-org bijwerken", + "actionCreateClient": "Client aanmaken", + "actionDeleteClient": "Verwijder klant", + "actionUpdateClient": "Klant bijwerken", + "actionListClients": "Lijst klanten", + "actionGetClient": "Client ophalen", "noneSelected": "Niet geselecteerd", "orgNotFound2": "Geen organisaties gevonden.", "searchProgress": "Zoeken...", @@ -1315,8 +1345,110 @@ "olmErrorFetchLatest": "Er is een fout opgetreden bij het ophalen van de nieuwste Olm release.", "remoteSubnets": "Externe Subnets", "enterCidrRange": "Voer CIDR-bereik in", - "remoteSubnetsDescription": "Voeg CIDR-bereiken toe die deze site op afstand kunnen openen. Gebruik een format zoals 10.0.0.0/24 of 192.168.1.0/24.", + "remoteSubnetsDescription": "Voeg CIDR-bereiken toe die vanaf deze site op afstand toegankelijk zijn met behulp van clients. Gebruik een formaat zoals 10.0.0.0/24. Dit geldt ALLEEN voor VPN-clientconnectiviteit.", "resourceEnableProxy": "Openbare proxy inschakelen", "resourceEnableProxyDescription": "Schakel publieke proxy in voor deze resource. Dit maakt toegang tot de resource mogelijk vanuit het netwerk via de cloud met een open poort. Vereist Traefik-configuratie.", - "externalProxyEnabled": "Externe Proxy Ingeschakeld" + "externalProxyEnabled": "Externe Proxy Ingeschakeld", + "addNewTarget": "Voeg nieuw doelwit toe", + "targetsList": "Lijst met doelen", + "targetErrorDuplicateTargetFound": "Dubbel doelwit gevonden", + "httpMethod": "HTTP-methode", + "selectHttpMethod": "Selecteer HTTP-methode", + "domainPickerSubdomainLabel": "Subdomein", + "domainPickerBaseDomainLabel": "Basisdomein", + "domainPickerSearchDomains": "Zoek domeinen...", + "domainPickerNoDomainsFound": "Geen domeinen gevonden", + "domainPickerLoadingDomains": "Domeinen laden...", + "domainPickerSelectBaseDomain": "Selecteer basisdomein...", + "domainPickerNotAvailableForCname": "Niet beschikbaar voor CNAME-domeinen", + "domainPickerEnterSubdomainOrLeaveBlank": "Voer een subdomein in of laat leeg om basisdomein te gebruiken.", + "domainPickerEnterSubdomainToSearch": "Voer een subdomein in om te zoeken en te selecteren uit beschikbare gratis domeinen.", + "domainPickerFreeDomains": "Gratis Domeinen", + "domainPickerSearchForAvailableDomains": "Zoek naar beschikbare domeinen", + "resourceDomain": "Domein", + "resourceEditDomain": "Domein bewerken", + "siteName": "Site Naam", + "proxyPort": "Poort", + "resourcesTableProxyResources": "Proxybronnen", + "resourcesTableClientResources": "Clientbronnen", + "resourcesTableNoProxyResourcesFound": "Geen proxybronnen gevonden.", + "resourcesTableNoInternalResourcesFound": "Geen interne bronnen gevonden.", + "resourcesTableDestination": "Bestemming", + "resourcesTableTheseResourcesForUseWith": "Deze bronnen zijn bedoeld voor gebruik met", + "resourcesTableClients": "Clienten", + "resourcesTableAndOnlyAccessibleInternally": "en zijn alleen intern toegankelijk wanneer verbonden met een client.", + "editInternalResourceDialogEditClientResource": "Bewerk clientbron", + "editInternalResourceDialogUpdateResourceProperties": "Werk de eigenschapen van de bron en doelconfiguratie bij voor {resourceName}.", + "editInternalResourceDialogResourceProperties": "Bron eigenschappen", + "editInternalResourceDialogName": "Naam", + "editInternalResourceDialogProtocol": "Protocol", + "editInternalResourceDialogSitePort": "Site Poort", + "editInternalResourceDialogTargetConfiguration": "Doelconfiguratie", + "editInternalResourceDialogDestinationIP": "Bestemming IP", + "editInternalResourceDialogDestinationPort": "Bestemmingspoort", + "editInternalResourceDialogCancel": "Annuleren", + "editInternalResourceDialogSaveResource": "Sla bron op", + "editInternalResourceDialogSuccess": "Succes", + "editInternalResourceDialogInternalResourceUpdatedSuccessfully": "Interne bron succesvol bijgewerkt", + "editInternalResourceDialogError": "Fout", + "editInternalResourceDialogFailedToUpdateInternalResource": "Het bijwerken van de interne bron is mislukt", + "editInternalResourceDialogNameRequired": "Naam is verplicht", + "editInternalResourceDialogNameMaxLength": "Naam mag niet langer zijn dan 255 tekens", + "editInternalResourceDialogProxyPortMin": "Proxy poort moet minstens 1 zijn", + "editInternalResourceDialogProxyPortMax": "Proxy poort moet minder dan 65536 zijn", + "editInternalResourceDialogInvalidIPAddressFormat": "Ongeldig IP-adresformaat", + "editInternalResourceDialogDestinationPortMin": "Bestemmingspoort moet minstens 1 zijn", + "editInternalResourceDialogDestinationPortMax": "Bestemmingspoort moet minder dan 65536 zijn", + "createInternalResourceDialogNoSitesAvailable": "Geen sites beschikbaar", + "createInternalResourceDialogNoSitesAvailableDescription": "U moet ten minste één Newt-site hebben met een geconfigureerd subnet om interne bronnen aan te maken.", + "createInternalResourceDialogClose": "Sluiten", + "createInternalResourceDialogCreateClientResource": "Maak clientbron", + "createInternalResourceDialogCreateClientResourceDescription": "Maak een nieuwe bron die toegankelijk zal zijn voor clients die verbonden zijn met de geselecteerde site.", + "createInternalResourceDialogResourceProperties": "Bron-eigenschappen", + "createInternalResourceDialogName": "Naam", + "createInternalResourceDialogSite": "Site", + "createInternalResourceDialogSelectSite": "Selecteer site...", + "createInternalResourceDialogSearchSites": "Zoek sites...", + "createInternalResourceDialogNoSitesFound": "Geen sites gevonden.", + "createInternalResourceDialogProtocol": "Protocol", + "createInternalResourceDialogTcp": "TCP", + "createInternalResourceDialogUdp": "UDP", + "createInternalResourceDialogSitePort": "Site Poort", + "createInternalResourceDialogSitePortDescription": "Gebruik deze poort om toegang te krijgen tot de bron op de site wanneer verbonden met een client.", + "createInternalResourceDialogTargetConfiguration": "Doelconfiguratie", + "createInternalResourceDialogDestinationIP": "Bestemming IP", + "createInternalResourceDialogDestinationIPDescription": "Het IP-adres van de bron op het netwerk van de site.", + "createInternalResourceDialogDestinationPort": "Bestemmingspoort", + "createInternalResourceDialogDestinationPortDescription": "De poort op het bestemmings-IP waar de bron toegankelijk is.", + "createInternalResourceDialogCancel": "Annuleren", + "createInternalResourceDialogCreateResource": "Bron aanmaken", + "createInternalResourceDialogSuccess": "Succes", + "createInternalResourceDialogInternalResourceCreatedSuccessfully": "Interne bron succesvol aangemaakt", + "createInternalResourceDialogError": "Fout", + "createInternalResourceDialogFailedToCreateInternalResource": "Het aanmaken van de interne bron is mislukt", + "createInternalResourceDialogNameRequired": "Naam is verplicht", + "createInternalResourceDialogNameMaxLength": "Naam mag niet langer zijn dan 255 tekens", + "createInternalResourceDialogPleaseSelectSite": "Selecteer alstublieft een site", + "createInternalResourceDialogProxyPortMin": "Proxy poort moet minstens 1 zijn", + "createInternalResourceDialogProxyPortMax": "Proxy poort moet minder dan 65536 zijn", + "createInternalResourceDialogInvalidIPAddressFormat": "Ongeldig IP-adresformaat", + "createInternalResourceDialogDestinationPortMin": "Bestemmingspoort moet minstens 1 zijn", + "createInternalResourceDialogDestinationPortMax": "Bestemmingspoort moet minder dan 65536 zijn", + "siteConfiguration": "Configuratie", + "siteAcceptClientConnections": "Accepteer clientverbindingen", + "siteAcceptClientConnectionsDescription": "Sta toe dat andere apparaten verbinding maken via deze Newt-instantie als een gateway met behulp van clients.", + "siteAddress": "Siteadres", + "siteAddressDescription": "Specificeren het IP-adres van de host voor clients om verbinding mee te maken. Dit is het interne adres van de site in het Pangolin netwerk voor clients om te adresseren. Moet binnen het Organisatienetwerk vallen.", + "autoLoginExternalIdp": "Auto Login met Externe IDP", + "autoLoginExternalIdpDescription": "De gebruiker onmiddellijk doorsturen naar de externe IDP voor authenticatie.", + "selectIdp": "Selecteer IDP", + "selectIdpPlaceholder": "Kies een IDP...", + "selectIdpRequired": "Selecteer alstublieft een IDP wanneer automatisch inloggen is ingeschakeld.", + "autoLoginTitle": "Omleiden", + "autoLoginDescription": "Je wordt doorverwezen naar de externe identity provider voor authenticatie.", + "autoLoginProcessing": "Authenticatie voorbereiden...", + "autoLoginRedirecting": "Redirecting naar inloggen...", + "autoLoginError": "Auto Login Fout", + "autoLoginErrorNoRedirectUrl": "Geen redirect URL ontvangen van de identity provider.", + "autoLoginErrorGeneratingUrl": "Genereren van authenticatie-URL mislukt." } diff --git a/messages/pl-PL.json b/messages/pl-PL.json index 087a717e..a23e634a 100644 --- a/messages/pl-PL.json +++ b/messages/pl-PL.json @@ -94,7 +94,9 @@ "siteNewtTunnelDescription": "Łatwiejszy sposób na stworzenie punktu wejścia w sieci. Nie ma dodatkowej konfiguracji.", "siteWg": "Podstawowy WireGuard", "siteWgDescription": "Użyj dowolnego klienta WireGuard do utworzenia tunelu. Wymagana jest ręczna konfiguracja NAT.", + "siteWgDescriptionSaas": "Użyj dowolnego klienta WireGuard do utworzenia tunelu. Wymagana ręczna konfiguracja NAT. DZIAŁA TYLKO NA SAMODZIELNIE HOSTOWANYCH WĘZŁACH", "siteLocalDescription": "Tylko lokalne zasoby. Brak tunelu.", + "siteLocalDescriptionSaas": "Tylko zasoby lokalne. Brak tunelowania. DZIAŁA TYLKO NA SAMODZIELNIE HOSTOWANYCH WĘZŁACH", "siteSeeAll": "Zobacz wszystkie witryny", "siteTunnelDescription": "Określ jak chcesz połączyć się ze swoją stroną", "siteNewtCredentials": "Aktualne dane logowania", @@ -166,7 +168,7 @@ "siteSelect": "Wybierz witrynę", "siteSearch": "Szukaj witryny", "siteNotFound": "Nie znaleziono witryny.", - "siteSelectionDescription": "Ta strona zapewni połączenie z zasobem.", + "siteSelectionDescription": "Ta strona zapewni połączenie z celem.", "resourceType": "Typ zasobu", "resourceTypeDescription": "Określ jak chcesz uzyskać dostęp do swojego zasobu", "resourceHTTPSSettings": "Ustawienia HTTPS", @@ -197,6 +199,7 @@ "general": "Ogólny", "generalSettings": "Ustawienia ogólne", "proxy": "Serwer pośredniczący", + "internal": "Wewętrzny", "rules": "Regulamin", "resourceSettingDescription": "Skonfiguruj ustawienia zasobu", "resourceSetting": "Ustawienia {resourceName}", @@ -490,7 +493,7 @@ "targetTlsSniDescription": "Nazwa serwera TLS do użycia dla SNI. Pozostaw puste, aby użyć domyślnej.", "targetTlsSubmit": "Zapisz ustawienia", "targets": "Konfiguracja celów", - "targetsDescription": "Skonfiguruj cele do kierowania ruchu do swoich usług", + "targetsDescription": "Skonfiguruj cele do kierowania ruchu do usług zaplecza", "targetStickySessions": "Włącz sesje trwałe", "targetStickySessionsDescription": "Utrzymuj połączenia na tym samym celu backendowym przez całą sesję.", "methodSelect": "Wybierz metodę", @@ -833,6 +836,24 @@ "pincodeRequirementsLength": "PIN musi składać się dokładnie z 6 cyfr", "pincodeRequirementsChars": "PIN może zawierać tylko cyfry", "passwordRequirementsLength": "Hasło musi mieć co najmniej 1 znak", + "passwordRequirementsTitle": "Wymagania dotyczące hasła:", + "passwordRequirementLength": "Przynajmniej 8 znaków długości", + "passwordRequirementUppercase": "Przynajmniej jedna wielka litera", + "passwordRequirementLowercase": "Przynajmniej jedna mała litera", + "passwordRequirementNumber": "Przynajmniej jedna cyfra", + "passwordRequirementSpecial": "Przynajmniej jeden znak specjalny", + "passwordRequirementsMet": "✓ Hasło spełnia wszystkie wymagania", + "passwordStrength": "Siła hasła", + "passwordStrengthWeak": "Słabe", + "passwordStrengthMedium": "Średnie", + "passwordStrengthStrong": "Silne", + "passwordRequirements": "Wymagania:", + "passwordRequirementLengthText": "8+ znaków", + "passwordRequirementUppercaseText": "Wielka litera (A-Z)", + "passwordRequirementLowercaseText": "Mała litera (a-z)", + "passwordRequirementNumberText": "Cyfra (0-9)", + "passwordRequirementSpecialText": "Znak specjalny (!@#$%...)", + "passwordsDoNotMatch": "Hasła nie są zgodne", "otpEmailRequirementsLength": "Kod jednorazowy musi mieć co najmniej 1 znak", "otpEmailSent": "Kod jednorazowy wysłany", "otpEmailSentDescription": "Kod jednorazowy został wysłany na Twój e-mail", @@ -952,6 +973,7 @@ "logoutError": "Błąd podczas wylogowywania", "signingAs": "Zalogowany jako", "serverAdmin": "Administrator serwera", + "managedSelfhosted": "Zarządzane Samodzielnie-Hostingowane", "otpEnable": "Włącz uwierzytelnianie dwuskładnikowe", "otpDisable": "Wyłącz uwierzytelnianie dwuskładnikowe", "logout": "Wyloguj się", @@ -967,6 +989,9 @@ "actionDeleteSite": "Usuń witrynę", "actionGetSite": "Pobierz witrynę", "actionListSites": "Lista witryn", + "setupToken": "Skonfiguruj token", + "setupTokenDescription": "Wprowadź token konfiguracji z konsoli serwera.", + "setupTokenRequired": "Wymagany jest token konfiguracji", "actionUpdateSite": "Aktualizuj witrynę", "actionListSiteRoles": "Lista dozwolonych ról witryny", "actionCreateResource": "Utwórz zasób", @@ -1022,6 +1047,11 @@ "actionDeleteIdpOrg": "Usuń politykę organizacji IDP", "actionListIdpOrgs": "Lista organizacji IDP", "actionUpdateIdpOrg": "Aktualizuj organizację IDP", + "actionCreateClient": "Utwórz klienta", + "actionDeleteClient": "Usuń klienta", + "actionUpdateClient": "Aktualizuj klienta", + "actionListClients": "Lista klientów", + "actionGetClient": "Pobierz klienta", "noneSelected": "Nie wybrano", "orgNotFound2": "Nie znaleziono organizacji.", "searchProgress": "Szukaj...", @@ -1315,8 +1345,110 @@ "olmErrorFetchLatest": "Wystąpił błąd podczas pobierania najnowszego wydania Olm.", "remoteSubnets": "Zdalne Podsieci", "enterCidrRange": "Wprowadź zakres CIDR", - "remoteSubnetsDescription": "Dodaj zakresy CIDR, które mogą uzyskać zdalny dostęp do tej witryny. Użyj formatu takiego jak 10.0.0.0/24 lub 192.168.1.0/24.", + "remoteSubnetsDescription": "Dodaj zakresy CIDR, które można uzyskać zdalnie z tej strony za pomocą klientów. Użyj formatu jak 10.0.0.0/24. Dotyczy to WYŁĄCZNIE łączności klienta VPN.", "resourceEnableProxy": "Włącz publiczny proxy", "resourceEnableProxyDescription": "Włącz publiczne proxy dla tego zasobu. To umożliwia dostęp do zasobu spoza sieci przez chmurę na otwartym porcie. Wymaga konfiguracji Traefik.", - "externalProxyEnabled": "Zewnętrzny Proxy Włączony" + "externalProxyEnabled": "Zewnętrzny Proxy Włączony", + "addNewTarget": "Dodaj nowy cel", + "targetsList": "Lista celów", + "targetErrorDuplicateTargetFound": "Znaleziono duplikat celu", + "httpMethod": "Metoda HTTP", + "selectHttpMethod": "Wybierz metodę HTTP", + "domainPickerSubdomainLabel": "Poddomena", + "domainPickerBaseDomainLabel": "Domen bazowa", + "domainPickerSearchDomains": "Szukaj domen...", + "domainPickerNoDomainsFound": "Nie znaleziono domen", + "domainPickerLoadingDomains": "Ładowanie domen...", + "domainPickerSelectBaseDomain": "Wybierz domenę bazową...", + "domainPickerNotAvailableForCname": "Niedostępne dla domen CNAME", + "domainPickerEnterSubdomainOrLeaveBlank": "Wprowadź poddomenę lub pozostaw puste, aby użyć domeny bazowej.", + "domainPickerEnterSubdomainToSearch": "Wprowadź poddomenę, aby wyszukać i wybrać z dostępnych darmowych domen.", + "domainPickerFreeDomains": "Darmowe domeny", + "domainPickerSearchForAvailableDomains": "Szukaj dostępnych domen", + "resourceDomain": "Domena", + "resourceEditDomain": "Edytuj domenę", + "siteName": "Nazwa strony", + "proxyPort": "Port", + "resourcesTableProxyResources": "Zasoby proxy", + "resourcesTableClientResources": "Zasoby klienta", + "resourcesTableNoProxyResourcesFound": "Nie znaleziono zasobów proxy.", + "resourcesTableNoInternalResourcesFound": "Nie znaleziono wewnętrznych zasobów.", + "resourcesTableDestination": "Miejsce docelowe", + "resourcesTableTheseResourcesForUseWith": "Te zasoby są do użytku z", + "resourcesTableClients": "Klientami", + "resourcesTableAndOnlyAccessibleInternally": "i są dostępne tylko wewnętrznie po połączeniu z klientem.", + "editInternalResourceDialogEditClientResource": "Edytuj zasób klienta", + "editInternalResourceDialogUpdateResourceProperties": "Zaktualizuj właściwości zasobu i konfigurację celu dla {resourceName}.", + "editInternalResourceDialogResourceProperties": "Właściwości zasobów", + "editInternalResourceDialogName": "Nazwa", + "editInternalResourceDialogProtocol": "Protokół", + "editInternalResourceDialogSitePort": "Port witryny", + "editInternalResourceDialogTargetConfiguration": "Konfiguracja celu", + "editInternalResourceDialogDestinationIP": "IP docelowe", + "editInternalResourceDialogDestinationPort": "Port docelowy", + "editInternalResourceDialogCancel": "Anuluj", + "editInternalResourceDialogSaveResource": "Zapisz zasób", + "editInternalResourceDialogSuccess": "Sukces", + "editInternalResourceDialogInternalResourceUpdatedSuccessfully": "Wewnętrzny zasób zaktualizowany pomyślnie", + "editInternalResourceDialogError": "Błąd", + "editInternalResourceDialogFailedToUpdateInternalResource": "Nie udało się zaktualizować wewnętrznego zasobu", + "editInternalResourceDialogNameRequired": "Nazwa jest wymagana", + "editInternalResourceDialogNameMaxLength": "Nazwa nie może mieć więcej niż 255 znaków", + "editInternalResourceDialogProxyPortMin": "Port proxy musi wynosić przynajmniej 1", + "editInternalResourceDialogProxyPortMax": "Port proxy nie może być większy niż 65536", + "editInternalResourceDialogInvalidIPAddressFormat": "Nieprawidłowy format adresu IP", + "editInternalResourceDialogDestinationPortMin": "Port docelowy musi wynosić przynajmniej 1", + "editInternalResourceDialogDestinationPortMax": "Port docelowy nie może być większy niż 65536", + "createInternalResourceDialogNoSitesAvailable": "Brak dostępnych stron", + "createInternalResourceDialogNoSitesAvailableDescription": "Musisz mieć co najmniej jedną stronę Newt z skonfigurowanym podsiecią, aby tworzyć wewnętrzne zasoby.", + "createInternalResourceDialogClose": "Zamknij", + "createInternalResourceDialogCreateClientResource": "Utwórz zasób klienta", + "createInternalResourceDialogCreateClientResourceDescription": "Utwórz nowy zasób, który będzie dostępny dla klientów połączonych z wybraną stroną.", + "createInternalResourceDialogResourceProperties": "Właściwości zasobów", + "createInternalResourceDialogName": "Nazwa", + "createInternalResourceDialogSite": "Witryna", + "createInternalResourceDialogSelectSite": "Wybierz stronę...", + "createInternalResourceDialogSearchSites": "Szukaj stron...", + "createInternalResourceDialogNoSitesFound": "Nie znaleziono stron.", + "createInternalResourceDialogProtocol": "Protokół", + "createInternalResourceDialogTcp": "TCP", + "createInternalResourceDialogUdp": "UDP", + "createInternalResourceDialogSitePort": "Port witryny", + "createInternalResourceDialogSitePortDescription": "Użyj tego portu, aby uzyskać dostęp do zasobu na stronie, gdy połączony z klientem.", + "createInternalResourceDialogTargetConfiguration": "Konfiguracja celu", + "createInternalResourceDialogDestinationIP": "IP docelowe", + "createInternalResourceDialogDestinationIPDescription": "Adres IP zasobu w sieci strony.", + "createInternalResourceDialogDestinationPort": "Port docelowy", + "createInternalResourceDialogDestinationPortDescription": "Port na docelowym IP, gdzie zasób jest dostępny.", + "createInternalResourceDialogCancel": "Anuluj", + "createInternalResourceDialogCreateResource": "Utwórz zasób", + "createInternalResourceDialogSuccess": "Sukces", + "createInternalResourceDialogInternalResourceCreatedSuccessfully": "Wewnętrzny zasób utworzony pomyślnie", + "createInternalResourceDialogError": "Błąd", + "createInternalResourceDialogFailedToCreateInternalResource": "Nie udało się utworzyć wewnętrznego zasobu", + "createInternalResourceDialogNameRequired": "Nazwa jest wymagana", + "createInternalResourceDialogNameMaxLength": "Nazwa nie może mieć więcej niż 255 znaków", + "createInternalResourceDialogPleaseSelectSite": "Proszę wybrać stronę", + "createInternalResourceDialogProxyPortMin": "Port proxy musi wynosić przynajmniej 1", + "createInternalResourceDialogProxyPortMax": "Port proxy nie może być większy niż 65536", + "createInternalResourceDialogInvalidIPAddressFormat": "Nieprawidłowy format adresu IP", + "createInternalResourceDialogDestinationPortMin": "Port docelowy musi wynosić przynajmniej 1", + "createInternalResourceDialogDestinationPortMax": "Port docelowy nie może być większy niż 65536", + "siteConfiguration": "Konfiguracja", + "siteAcceptClientConnections": "Akceptuj połączenia klienta", + "siteAcceptClientConnectionsDescription": "Pozwól innym urządzeniom połączyć się przez tę instancję Newt jako bramę za pomocą klientów.", + "siteAddress": "Adres strony", + "siteAddressDescription": "Podaj adres IP hosta, do którego klienci będą się łączyć. Jest to wewnętrzny adres strony w sieci Pangolin dla klientów do adresowania. Musi zawierać się w podsieci organizacji.", + "autoLoginExternalIdp": "Automatyczny login z zewnętrznym IDP", + "autoLoginExternalIdpDescription": "Natychmiastowe przekierowanie użytkownika do zewnętrznego IDP w celu uwierzytelnienia.", + "selectIdp": "Wybierz IDP", + "selectIdpPlaceholder": "Wybierz IDP...", + "selectIdpRequired": "Proszę wybrać IDP, gdy aktywne jest automatyczne logowanie.", + "autoLoginTitle": "Przekierowywanie", + "autoLoginDescription": "Przekierowanie do zewnętrznego dostawcy tożsamości w celu uwierzytelnienia.", + "autoLoginProcessing": "Przygotowywanie uwierzytelniania...", + "autoLoginRedirecting": "Przekierowanie do logowania...", + "autoLoginError": "Błąd automatycznego logowania", + "autoLoginErrorNoRedirectUrl": "Nie otrzymano URL przekierowania od dostawcy tożsamości.", + "autoLoginErrorGeneratingUrl": "Nie udało się wygenerować URL uwierzytelniania." } diff --git a/messages/pt-PT.json b/messages/pt-PT.json index 5e46c51f..7c27df64 100644 --- a/messages/pt-PT.json +++ b/messages/pt-PT.json @@ -94,7 +94,9 @@ "siteNewtTunnelDescription": "A maneira mais fácil de criar um ponto de entrada na sua rede. Nenhuma configuração extra.", "siteWg": "WireGuard Básico", "siteWgDescription": "Use qualquer cliente do WireGuard para estabelecer um túnel. Configuração manual NAT é necessária.", + "siteWgDescriptionSaas": "Use qualquer cliente WireGuard para estabelecer um túnel. Configuração manual NAT necessária. SOMENTE FUNCIONA EM NODES AUTO-HOSPEDADOS", "siteLocalDescription": "Recursos locais apenas. Sem túneis.", + "siteLocalDescriptionSaas": "Apenas recursos locais. Sem tunelamento. SOMENTE FUNCIONA EM NODES AUTO-HOSPEDADOS", "siteSeeAll": "Ver todos os sites", "siteTunnelDescription": "Determine como você deseja se conectar ao seu site", "siteNewtCredentials": "Credenciais Novas", @@ -166,7 +168,7 @@ "siteSelect": "Selecionar site", "siteSearch": "Procurar no site", "siteNotFound": "Nenhum site encontrado.", - "siteSelectionDescription": "Este site fornecerá conectividade ao recurso.", + "siteSelectionDescription": "Este site fornecerá conectividade ao destino.", "resourceType": "Tipo de Recurso", "resourceTypeDescription": "Determine como você deseja acessar seu recurso", "resourceHTTPSSettings": "Configurações de HTTPS", @@ -197,6 +199,7 @@ "general": "Gerais", "generalSettings": "Configurações Gerais", "proxy": "Proxy", + "internal": "Interno", "rules": "Regras", "resourceSettingDescription": "Configure as configurações do seu recurso", "resourceSetting": "Configurações do {resourceName}", @@ -490,7 +493,7 @@ "targetTlsSniDescription": "O Nome do Servidor TLS para usar para SNI. Deixe vazio para usar o padrão.", "targetTlsSubmit": "Salvar Configurações", "targets": "Configuração de Alvos", - "targetsDescription": "Configure alvos para rotear tráfego para seus serviços", + "targetsDescription": "Configure alvos para rotear tráfego para seus serviços de backend", "targetStickySessions": "Ativar Sessões Persistentes", "targetStickySessionsDescription": "Manter conexões no mesmo alvo backend durante toda a sessão.", "methodSelect": "Selecionar método", @@ -833,6 +836,24 @@ "pincodeRequirementsLength": "O PIN deve ter exatamente 6 dígitos", "pincodeRequirementsChars": "O PIN deve conter apenas números", "passwordRequirementsLength": "A palavra-passe deve ter pelo menos 1 caractere", + "passwordRequirementsTitle": "Requisitos de senha:", + "passwordRequirementLength": "Pelo menos 8 caracteres de comprimento", + "passwordRequirementUppercase": "Pelo menos uma letra maiúscula", + "passwordRequirementLowercase": "Pelo menos uma letra minúscula", + "passwordRequirementNumber": "Pelo menos um número", + "passwordRequirementSpecial": "Pelo menos um caractere especial", + "passwordRequirementsMet": "✓ Senha atende a todos os requisitos", + "passwordStrength": "Força da senha", + "passwordStrengthWeak": "Fraca", + "passwordStrengthMedium": "Média", + "passwordStrengthStrong": "Forte", + "passwordRequirements": "Requisitos:", + "passwordRequirementLengthText": "8+ caracteres", + "passwordRequirementUppercaseText": "Letra maiúscula (A-Z)", + "passwordRequirementLowercaseText": "Letra minúscula (a-z)", + "passwordRequirementNumberText": "Número (0-9)", + "passwordRequirementSpecialText": "Caractere especial (!@#$%...)", + "passwordsDoNotMatch": "As palavras-passe não correspondem", "otpEmailRequirementsLength": "O OTP deve ter pelo menos 1 caractere", "otpEmailSent": "OTP Enviado", "otpEmailSentDescription": "Um OTP foi enviado para o seu email", @@ -952,6 +973,7 @@ "logoutError": "Erro ao terminar sessão", "signingAs": "Sessão iniciada como", "serverAdmin": "Administrador do Servidor", + "managedSelfhosted": "Gerenciado Auto-Hospedado", "otpEnable": "Ativar Autenticação de Dois Fatores", "otpDisable": "Desativar Autenticação de Dois Fatores", "logout": "Terminar Sessão", @@ -967,6 +989,9 @@ "actionDeleteSite": "Eliminar Site", "actionGetSite": "Obter Site", "actionListSites": "Listar Sites", + "setupToken": "Configuração do Token", + "setupTokenDescription": "Digite o token de configuração do console do servidor.", + "setupTokenRequired": "Token de configuração é necessário", "actionUpdateSite": "Atualizar Site", "actionListSiteRoles": "Listar Funções Permitidas do Site", "actionCreateResource": "Criar Recurso", @@ -1022,6 +1047,11 @@ "actionDeleteIdpOrg": "Eliminar Política de Organização IDP", "actionListIdpOrgs": "Listar Organizações IDP", "actionUpdateIdpOrg": "Atualizar Organização IDP", + "actionCreateClient": "Criar Cliente", + "actionDeleteClient": "Excluir Cliente", + "actionUpdateClient": "Atualizar Cliente", + "actionListClients": "Listar Clientes", + "actionGetClient": "Obter Cliente", "noneSelected": "Nenhum selecionado", "orgNotFound2": "Nenhuma organização encontrada.", "searchProgress": "Pesquisar...", @@ -1315,8 +1345,110 @@ "olmErrorFetchLatest": "Ocorreu um erro ao buscar o lançamento mais recente do Olm.", "remoteSubnets": "Sub-redes Remotas", "enterCidrRange": "Insira o intervalo CIDR", - "remoteSubnetsDescription": "Adicione intervalos CIDR que podem acessar este site remotamente. Use o formato como 10.0.0.0/24 ou 192.168.1.0/24.", + "remoteSubnetsDescription": "Adicionar intervalos CIDR que podem ser acessados deste site remotamente usando clientes. Use um formato como 10.0.0.0/24. Isso SOMENTE se aplica à conectividade do cliente VPN.", "resourceEnableProxy": "Ativar Proxy Público", "resourceEnableProxyDescription": "Permite proxy público para este recurso. Isso permite o acesso ao recurso de fora da rede através da nuvem em uma porta aberta. Requer configuração do Traefik.", - "externalProxyEnabled": "Proxy Externo Habilitado" + "externalProxyEnabled": "Proxy Externo Habilitado", + "addNewTarget": "Adicionar Novo Alvo", + "targetsList": "Lista de Alvos", + "targetErrorDuplicateTargetFound": "Alvo duplicado encontrado", + "httpMethod": "Método HTTP", + "selectHttpMethod": "Selecionar método HTTP", + "domainPickerSubdomainLabel": "Subdomínio", + "domainPickerBaseDomainLabel": "Domínio Base", + "domainPickerSearchDomains": "Buscar domínios...", + "domainPickerNoDomainsFound": "Nenhum domínio encontrado", + "domainPickerLoadingDomains": "Carregando domínios...", + "domainPickerSelectBaseDomain": "Selecione o domínio base...", + "domainPickerNotAvailableForCname": "Não disponível para domínios CNAME", + "domainPickerEnterSubdomainOrLeaveBlank": "Digite um subdomínio ou deixe em branco para usar o domínio base.", + "domainPickerEnterSubdomainToSearch": "Digite um subdomínio para buscar e selecionar entre os domínios gratuitos disponíveis.", + "domainPickerFreeDomains": "Domínios Gratuitos", + "domainPickerSearchForAvailableDomains": "Pesquise por domínios disponíveis", + "resourceDomain": "Domínio", + "resourceEditDomain": "Editar Domínio", + "siteName": "Nome do Site", + "proxyPort": "Porta", + "resourcesTableProxyResources": "Recursos de Proxy", + "resourcesTableClientResources": "Recursos do Cliente", + "resourcesTableNoProxyResourcesFound": "Nenhum recurso de proxy encontrado.", + "resourcesTableNoInternalResourcesFound": "Nenhum recurso interno encontrado.", + "resourcesTableDestination": "Destino", + "resourcesTableTheseResourcesForUseWith": "Esses recursos são para uso com", + "resourcesTableClients": "Clientes", + "resourcesTableAndOnlyAccessibleInternally": "e são acessíveis apenas internamente quando conectados com um cliente.", + "editInternalResourceDialogEditClientResource": "Editar Recurso do Cliente", + "editInternalResourceDialogUpdateResourceProperties": "Atualize as propriedades do recurso e a configuração do alvo para {resourceName}.", + "editInternalResourceDialogResourceProperties": "Propriedades do Recurso", + "editInternalResourceDialogName": "Nome", + "editInternalResourceDialogProtocol": "Protocolo", + "editInternalResourceDialogSitePort": "Porta do Site", + "editInternalResourceDialogTargetConfiguration": "Configuração do Alvo", + "editInternalResourceDialogDestinationIP": "IP de Destino", + "editInternalResourceDialogDestinationPort": "Porta de Destino", + "editInternalResourceDialogCancel": "Cancelar", + "editInternalResourceDialogSaveResource": "Salvar Recurso", + "editInternalResourceDialogSuccess": "Sucesso", + "editInternalResourceDialogInternalResourceUpdatedSuccessfully": "Recurso interno atualizado com sucesso", + "editInternalResourceDialogError": "Erro", + "editInternalResourceDialogFailedToUpdateInternalResource": "Falha ao atualizar recurso interno", + "editInternalResourceDialogNameRequired": "Nome é obrigatório", + "editInternalResourceDialogNameMaxLength": "Nome deve ser inferior a 255 caracteres", + "editInternalResourceDialogProxyPortMin": "Porta de proxy deve ser pelo menos 1", + "editInternalResourceDialogProxyPortMax": "Porta de proxy deve ser inferior a 65536", + "editInternalResourceDialogInvalidIPAddressFormat": "Formato de endereço IP inválido", + "editInternalResourceDialogDestinationPortMin": "Porta de destino deve ser pelo menos 1", + "editInternalResourceDialogDestinationPortMax": "Porta de destino deve ser inferior a 65536", + "createInternalResourceDialogNoSitesAvailable": "Nenhum Site Disponível", + "createInternalResourceDialogNoSitesAvailableDescription": "Você precisa ter pelo menos um site Newt com uma sub-rede configurada para criar recursos internos.", + "createInternalResourceDialogClose": "Fechar", + "createInternalResourceDialogCreateClientResource": "Criar Recurso do Cliente", + "createInternalResourceDialogCreateClientResourceDescription": "Crie um novo recurso que estará acessível aos clientes conectados ao site selecionado.", + "createInternalResourceDialogResourceProperties": "Propriedades do Recurso", + "createInternalResourceDialogName": "Nome", + "createInternalResourceDialogSite": "Site", + "createInternalResourceDialogSelectSite": "Selecionar site...", + "createInternalResourceDialogSearchSites": "Procurar sites...", + "createInternalResourceDialogNoSitesFound": "Nenhum site encontrado.", + "createInternalResourceDialogProtocol": "Protocolo", + "createInternalResourceDialogTcp": "TCP", + "createInternalResourceDialogUdp": "UDP", + "createInternalResourceDialogSitePort": "Porta do Site", + "createInternalResourceDialogSitePortDescription": "Use esta porta para acessar o recurso no site quando conectado com um cliente.", + "createInternalResourceDialogTargetConfiguration": "Configuração do Alvo", + "createInternalResourceDialogDestinationIP": "IP de Destino", + "createInternalResourceDialogDestinationIPDescription": "O endereço IP do recurso na rede do site.", + "createInternalResourceDialogDestinationPort": "Porta de Destino", + "createInternalResourceDialogDestinationPortDescription": "A porta no IP de destino onde o recurso está acessível.", + "createInternalResourceDialogCancel": "Cancelar", + "createInternalResourceDialogCreateResource": "Criar Recurso", + "createInternalResourceDialogSuccess": "Sucesso", + "createInternalResourceDialogInternalResourceCreatedSuccessfully": "Recurso interno criado com sucesso", + "createInternalResourceDialogError": "Erro", + "createInternalResourceDialogFailedToCreateInternalResource": "Falha ao criar recurso interno", + "createInternalResourceDialogNameRequired": "Nome é obrigatório", + "createInternalResourceDialogNameMaxLength": "Nome deve ser inferior a 255 caracteres", + "createInternalResourceDialogPleaseSelectSite": "Por favor, selecione um site", + "createInternalResourceDialogProxyPortMin": "Porta de proxy deve ser pelo menos 1", + "createInternalResourceDialogProxyPortMax": "Porta de proxy deve ser inferior a 65536", + "createInternalResourceDialogInvalidIPAddressFormat": "Formato de endereço IP inválido", + "createInternalResourceDialogDestinationPortMin": "Porta de destino deve ser pelo menos 1", + "createInternalResourceDialogDestinationPortMax": "Porta de destino deve ser inferior a 65536", + "siteConfiguration": "Configuração", + "siteAcceptClientConnections": "Aceitar Conexões de Clientes", + "siteAcceptClientConnectionsDescription": "Permitir que outros dispositivos se conectem através desta instância Newt como um gateway usando clientes.", + "siteAddress": "Endereço do Site", + "siteAddressDescription": "Especificar o endereço IP do host para que os clientes se conectem. Este é o endereço interno do site na rede Pangolin para os clientes endereçarem. Deve estar dentro da sub-rede da Organização.", + "autoLoginExternalIdp": "Login Automático com IDP Externo", + "autoLoginExternalIdpDescription": "Redirecionar imediatamente o usuário para o IDP externo para autenticação.", + "selectIdp": "Selecionar IDP", + "selectIdpPlaceholder": "Escolher um IDP...", + "selectIdpRequired": "Por favor, selecione um IDP quando o login automático estiver ativado.", + "autoLoginTitle": "Redirecionando", + "autoLoginDescription": "Redirecionando você para o provedor de identidade externo para autenticação.", + "autoLoginProcessing": "Preparando autenticação...", + "autoLoginRedirecting": "Redirecionando para login...", + "autoLoginError": "Erro de Login Automático", + "autoLoginErrorNoRedirectUrl": "Nenhum URL de redirecionamento recebido do provedor de identidade.", + "autoLoginErrorGeneratingUrl": "Falha ao gerar URL de autenticação." } diff --git a/messages/ru-RU.json b/messages/ru-RU.json index 5bbbf780..21d94b2e 100644 --- a/messages/ru-RU.json +++ b/messages/ru-RU.json @@ -94,7 +94,9 @@ "siteNewtTunnelDescription": "Простейший способ создать точку входа в вашу сеть. Дополнительная настройка не требуется.", "siteWg": "Базовый WireGuard", "siteWgDescription": "Используйте любой клиент WireGuard для открытия туннеля. Требуется ручная настройка NAT.", + "siteWgDescriptionSaas": "Используйте любой клиент WireGuard для создания туннеля. Требуется ручная настройка NAT. РАБОТАЕТ ТОЛЬКО НА САМОСТОЯТЕЛЬНО РАЗМЕЩЕННЫХ УЗЛАХ", "siteLocalDescription": "Только локальные ресурсы. Без туннелирования.", + "siteLocalDescriptionSaas": "Только локальные ресурсы. Без туннелирования. РАБОТАЕТ ТОЛЬКО НА САМОСТОЯТЕЛЬНО РАЗМЕЩЕННЫХ УЗЛАХ", "siteSeeAll": "Просмотреть все сайты", "siteTunnelDescription": "Выберите способ подключения к вашему сайту", "siteNewtCredentials": "Учётные данные Newt", @@ -166,7 +168,7 @@ "siteSelect": "Выберите сайт", "siteSearch": "Поиск сайта", "siteNotFound": "Сайт не найден.", - "siteSelectionDescription": "Этот сайт обеспечит подключение к ресурсу.", + "siteSelectionDescription": "Этот сайт предоставит подключение к цели.", "resourceType": "Тип ресурса", "resourceTypeDescription": "Определите, как вы хотите получать доступ к вашему ресурсу", "resourceHTTPSSettings": "Настройки HTTPS", @@ -197,6 +199,7 @@ "general": "Общие", "generalSettings": "Общие настройки", "proxy": "Прокси", + "internal": "Внутренний", "rules": "Правила", "resourceSettingDescription": "Настройте параметры вашего ресурса", "resourceSetting": "Настройки {resourceName}", @@ -490,7 +493,7 @@ "targetTlsSniDescription": "Имя TLS сервера для использования в SNI. Оставьте пустым для использования по умолчанию.", "targetTlsSubmit": "Сохранить настройки", "targets": "Конфигурация целей", - "targetsDescription": "Настройте цели для маршрутизации трафика к вашим сервисам", + "targetsDescription": "Настройте цели для маршрутизации трафика к вашим бэкэнд сервисам", "targetStickySessions": "Включить фиксированные сессии", "targetStickySessionsDescription": "Сохранять соединения на одной и той же целевой точке в течение всей сессии.", "methodSelect": "Выберите метод", @@ -833,6 +836,24 @@ "pincodeRequirementsLength": "PIN должен состоять ровно из 6 цифр", "pincodeRequirementsChars": "PIN должен содержать только цифры", "passwordRequirementsLength": "Пароль должен быть не менее 1 символа", + "passwordRequirementsTitle": "Требования к паролю:", + "passwordRequirementLength": "Не менее 8 символов", + "passwordRequirementUppercase": "По крайней мере, одна заглавная буква", + "passwordRequirementLowercase": "По крайней мере, одна строчная буква", + "passwordRequirementNumber": "По крайней мере, одна цифра", + "passwordRequirementSpecial": "По крайней мере, один специальный символ", + "passwordRequirementsMet": "✓ Пароль соответствует всем требованиям", + "passwordStrength": "Сила пароля", + "passwordStrengthWeak": "Слабый", + "passwordStrengthMedium": "Средний", + "passwordStrengthStrong": "Сильный", + "passwordRequirements": "Требования:", + "passwordRequirementLengthText": "8+ символов", + "passwordRequirementUppercaseText": "Заглавная буква (A-Z)", + "passwordRequirementLowercaseText": "Строчная буква (a-z)", + "passwordRequirementNumberText": "Цифра (0-9)", + "passwordRequirementSpecialText": "Специальный символ (!@#$%...)", + "passwordsDoNotMatch": "Пароли не совпадают", "otpEmailRequirementsLength": "OTP должен быть не менее 1 символа", "otpEmailSent": "OTP отправлен", "otpEmailSentDescription": "OTP был отправлен на ваш email", @@ -925,74 +946,78 @@ "supportKeyInvalid": "Недействительный ключ", "supportKeyInvalidDescription": "Ваш ключ поддержки недействителен.", "supportKeyValid": "Действительный ключ", - "supportKeyValidDescription": "Your supporter key has been validated. Thank you for your support!", - "supportKeyErrorValidationDescription": "Failed to validate supporter key.", - "supportKey": "Support Development and Adopt a Pangolin!", + "supportKeyValidDescription": "Ваш ключ поддержки был проверен. Спасибо за поддержку!", + "supportKeyErrorValidationDescription": "Не удалось проверить ключ поддержки.", + "supportKey": "Поддержите разработку и усыновите Панголина!", "supportKeyDescription": "Приобретите ключ поддержки, чтобы помочь нам продолжать разработку Pangolin для сообщества. Ваш вклад позволяет нам уделять больше времени поддержке и добавлению новых функций в приложение для всех. Мы никогда не будем использовать это для платного доступа к функциям. Это отдельно от любой коммерческой версии.", - "supportKeyPet": "You will also get to adopt and meet your very own pet Pangolin!", - "supportKeyPurchase": "Payments are processed via GitHub. Afterward, you can retrieve your key on", - "supportKeyPurchaseLink": "our website", - "supportKeyPurchase2": "and redeem it here.", - "supportKeyLearnMore": "Learn more.", - "supportKeyOptions": "Please select the option that best suits you.", - "supportKetOptionFull": "Full Supporter", - "forWholeServer": "For the whole server", - "lifetimePurchase": "Lifetime purchase", - "supporterStatus": "Supporter status", - "buy": "Buy", - "supportKeyOptionLimited": "Limited Supporter", - "forFiveUsers": "For 5 or less users", - "supportKeyRedeem": "Redeem Supporter Key", - "supportKeyHideSevenDays": "Hide for 7 days", - "supportKeyEnter": "Enter Supporter Key", - "supportKeyEnterDescription": "Meet your very own pet Pangolin!", - "githubUsername": "GitHub Username", - "supportKeyInput": "Supporter Key", - "supportKeyBuy": "Buy Supporter Key", - "logoutError": "Error logging out", - "signingAs": "Signed in as", - "serverAdmin": "Server Admin", - "otpEnable": "Enable Two-factor", - "otpDisable": "Disable Two-factor", - "logout": "Log Out", - "licenseTierProfessionalRequired": "Professional Edition Required", + "supportKeyPet": "Вы также сможете усыновить и встретить вашего собственного питомца Панголина!", + "supportKeyPurchase": "Платежи обрабатываются через GitHub. После этого вы сможете получить свой ключ на", + "supportKeyPurchaseLink": "нашем сайте", + "supportKeyPurchase2": "и активировать его здесь.", + "supportKeyLearnMore": "Узнать больше.", + "supportKeyOptions": "Пожалуйста, выберите подходящий вам вариант.", + "supportKetOptionFull": "Полная поддержка", + "forWholeServer": "За весь сервер", + "lifetimePurchase": "Пожизненная покупка", + "supporterStatus": "Статус поддержки", + "buy": "Купить", + "supportKeyOptionLimited": "Лимитированная поддержка", + "forFiveUsers": "За 5 или меньше пользователей", + "supportKeyRedeem": "Использовать ключ Поддержки", + "supportKeyHideSevenDays": "Скрыть на 7 дней", + "supportKeyEnter": "Введите ключ поддержки", + "supportKeyEnterDescription": "Встречайте своего питомца Панголина!", + "githubUsername": "Имя пользователя Github", + "supportKeyInput": "Ключ поддержки", + "supportKeyBuy": "Ключ поддержки", + "logoutError": "Ошибка при выходе", + "signingAs": "Вы вошли как", + "serverAdmin": "Администратор сервера", + "managedSelfhosted": "Управляемый с самовывоза", + "otpEnable": "Включить Двухфакторную Аутентификацию", + "otpDisable": "Отключить двухфакторную аутентификацию", + "logout": "Выйти", + "licenseTierProfessionalRequired": "Требуется профессиональная версия", "licenseTierProfessionalRequiredDescription": "Эта функция доступна только в профессиональной версии.", - "actionGetOrg": "Get Organization", - "actionUpdateOrg": "Update Organization", - "actionUpdateUser": "Update User", - "actionGetUser": "Get User", - "actionGetOrgUser": "Get Organization User", - "actionListOrgDomains": "List Organization Domains", - "actionCreateSite": "Create Site", - "actionDeleteSite": "Delete Site", - "actionGetSite": "Get Site", - "actionListSites": "List Sites", - "actionUpdateSite": "Update Site", - "actionListSiteRoles": "List Allowed Site Roles", - "actionCreateResource": "Create Resource", - "actionDeleteResource": "Delete Resource", - "actionGetResource": "Get Resource", - "actionListResource": "List Resources", - "actionUpdateResource": "Update Resource", - "actionListResourceUsers": "List Resource Users", - "actionSetResourceUsers": "Set Resource Users", - "actionSetAllowedResourceRoles": "Set Allowed Resource Roles", - "actionListAllowedResourceRoles": "List Allowed Resource Roles", - "actionSetResourcePassword": "Set Resource Password", - "actionSetResourcePincode": "Set Resource Pincode", - "actionSetResourceEmailWhitelist": "Set Resource Email Whitelist", - "actionGetResourceEmailWhitelist": "Get Resource Email Whitelist", - "actionCreateTarget": "Create Target", - "actionDeleteTarget": "Delete Target", - "actionGetTarget": "Get Target", - "actionListTargets": "List Targets", - "actionUpdateTarget": "Update Target", - "actionCreateRole": "Create Role", - "actionDeleteRole": "Delete Role", - "actionGetRole": "Get Role", - "actionListRole": "List Roles", - "actionUpdateRole": "Update Role", - "actionListAllowedRoleResources": "List Allowed Role Resources", + "actionGetOrg": "Получить организацию", + "actionUpdateOrg": "Обновить организацию", + "actionUpdateUser": "Обновить пользователя", + "actionGetUser": "Получить пользователя", + "actionGetOrgUser": "Получить пользователя организации", + "actionListOrgDomains": "Список доменов организации", + "actionCreateSite": "Создать сайт", + "actionDeleteSite": "Удалить сайт", + "actionGetSite": "Получить сайт", + "actionListSites": "Список сайтов", + "setupToken": "Код настройки", + "setupTokenDescription": "Введите токен настройки из консоли сервера.", + "setupTokenRequired": "Токен настройки обязателен", + "actionUpdateSite": "Обновить сайт", + "actionListSiteRoles": "Список разрешенных ролей сайта", + "actionCreateResource": "Создать ресурс", + "actionDeleteResource": "Удалить ресурс", + "actionGetResource": "Получить ресурсы", + "actionListResource": "Список ресурсов", + "actionUpdateResource": "Обновить ресурс", + "actionListResourceUsers": "Список пользователей ресурсов", + "actionSetResourceUsers": "Список пользователей ресурсов", + "actionSetAllowedResourceRoles": "Набор разрешенных ролей ресурсов", + "actionListAllowedResourceRoles": "Список разрешенных ролей сайта", + "actionSetResourcePassword": "Задать пароль ресурса", + "actionSetResourcePincode": "Установить ПИН-код ресурса", + "actionSetResourceEmailWhitelist": "Настроить белый список ресурсов email", + "actionGetResourceEmailWhitelist": "Получить белый список ресурсов email", + "actionCreateTarget": "Создать цель", + "actionDeleteTarget": "Удалить цель", + "actionGetTarget": "Получить цель", + "actionListTargets": "Список целей", + "actionUpdateTarget": "Обновить цель", + "actionCreateRole": "Создать роль", + "actionDeleteRole": "Удалить роль", + "actionGetRole": "Получить Роль", + "actionListRole": "Список ролей", + "actionUpdateRole": "Обновить роль", + "actionListAllowedRoleResources": "Список разрешенных ролей сайта", "actionInviteUser": "Пригласить пользователя", "actionRemoveUser": "Удалить пользователя", "actionListUsers": "Список пользователей", @@ -1022,6 +1047,11 @@ "actionDeleteIdpOrg": "Удалить политику IDP организации", "actionListIdpOrgs": "Список организаций IDP", "actionUpdateIdpOrg": "Обновить организацию IDP", + "actionCreateClient": "Создать Клиента", + "actionDeleteClient": "Удалить Клиента", + "actionUpdateClient": "Обновить Клиента", + "actionListClients": "Список Клиентов", + "actionGetClient": "Получить Клиента", "noneSelected": "Ничего не выбрано", "orgNotFound2": "Организации не найдены.", "searchProgress": "Поиск...", @@ -1093,8 +1123,8 @@ "sidebarAllUsers": "Все пользователи", "sidebarIdentityProviders": "Поставщики удостоверений", "sidebarLicense": "Лицензия", - "sidebarClients": "Clients (Beta)", - "sidebarDomains": "Domains", + "sidebarClients": "Клиенты (бета)", + "sidebarDomains": "Домены", "enableDockerSocket": "Включить Docker Socket", "enableDockerSocketDescription": "Включить обнаружение Docker Socket для заполнения информации о контейнерах. Путь к сокету должен быть предоставлен Newt.", "enableDockerSocketLink": "Узнать больше", @@ -1134,189 +1164,291 @@ "dark": "тёмная", "system": "системная", "theme": "Тема", - "subnetRequired": "Subnet is required", + "subnetRequired": "Требуется подсеть", "initialSetupTitle": "Начальная настройка сервера", "initialSetupDescription": "Создайте первоначальную учётную запись администратора сервера. Может существовать только один администратор сервера. Вы всегда можете изменить эти учётные данные позже.", "createAdminAccount": "Создать учётную запись администратора", "setupErrorCreateAdmin": "Произошла ошибка при создании учётной записи администратора сервера.", - "certificateStatus": "Certificate Status", - "loading": "Loading", - "restart": "Restart", - "domains": "Domains", - "domainsDescription": "Manage domains for your organization", - "domainsSearch": "Search domains...", - "domainAdd": "Add Domain", - "domainAddDescription": "Register a new domain with your organization", - "domainCreate": "Create Domain", - "domainCreatedDescription": "Domain created successfully", - "domainDeletedDescription": "Domain deleted successfully", - "domainQuestionRemove": "Are you sure you want to remove the domain {domain} from your account?", - "domainMessageRemove": "Once removed, the domain will no longer be associated with your account.", - "domainMessageConfirm": "To confirm, please type the domain name below.", - "domainConfirmDelete": "Confirm Delete Domain", - "domainDelete": "Delete Domain", - "domain": "Domain", - "selectDomainTypeNsName": "Domain Delegation (NS)", - "selectDomainTypeNsDescription": "This domain and all its subdomains. Use this when you want to control an entire domain zone.", - "selectDomainTypeCnameName": "Single Domain (CNAME)", - "selectDomainTypeCnameDescription": "Just this specific domain. Use this for individual subdomains or specific domain entries.", - "selectDomainTypeWildcardName": "Wildcard Domain", - "selectDomainTypeWildcardDescription": "This domain and its subdomains.", - "domainDelegation": "Single Domain", - "selectType": "Select a type", - "actions": "Actions", - "refresh": "Refresh", - "refreshError": "Failed to refresh data", - "verified": "Verified", - "pending": "Pending", - "sidebarBilling": "Billing", - "billing": "Billing", - "orgBillingDescription": "Manage your billing information and subscriptions", + "certificateStatus": "Статус сертификата", + "loading": "Загрузка", + "restart": "Перезагрузка", + "domains": "Домены", + "domainsDescription": "Управление доменами для вашей организации", + "domainsSearch": "Поиск доменов...", + "domainAdd": "Добавить Домен", + "domainAddDescription": "Зарегистрировать новый домен в вашей организации", + "domainCreate": "Создать Домен", + "domainCreatedDescription": "Домен успешно создан", + "domainDeletedDescription": "Домен успешно удален", + "domainQuestionRemove": "Вы уверены, что хотите удалить домен {domain} из вашего аккаунта?", + "domainMessageRemove": "После удаления домен больше не будет связан с вашей учетной записью.", + "domainMessageConfirm": "Для подтверждения введите ниже имя домена.", + "domainConfirmDelete": "Подтвердить удаление домена", + "domainDelete": "Удалить Домен", + "domain": "Домен", + "selectDomainTypeNsName": "Делегация домена (NS)", + "selectDomainTypeNsDescription": "Этот домен и все его субдомены. Используйте это, когда вы хотите управлять всей доменной зоной.", + "selectDomainTypeCnameName": "Одиночный домен (CNAME)", + "selectDomainTypeCnameDescription": "Только этот конкретный домен. Используйте это для отдельных субдоменов или отдельных записей домена.", + "selectDomainTypeWildcardName": "Подставной домен", + "selectDomainTypeWildcardDescription": "Этот домен и его субдомены.", + "domainDelegation": "Единый домен", + "selectType": "Выберите тип", + "actions": "Действия", + "refresh": "Обновить", + "refreshError": "Не удалось обновить данные", + "verified": "Подтверждено", + "pending": "В ожидании", + "sidebarBilling": "Выставление счетов", + "billing": "Выставление счетов", + "orgBillingDescription": "Управляйте информацией о выставлении счетов и подписками", "github": "GitHub", "pangolinHosted": "Pangolin Hosted", "fossorial": "Fossorial", - "completeAccountSetup": "Complete Account Setup", - "completeAccountSetupDescription": "Set your password to get started", - "accountSetupSent": "We'll send an account setup code to this email address.", - "accountSetupCode": "Setup Code", - "accountSetupCodeDescription": "Check your email for the setup code.", - "passwordCreate": "Create Password", - "passwordCreateConfirm": "Confirm Password", - "accountSetupSubmit": "Send Setup Code", - "completeSetup": "Complete Setup", - "accountSetupSuccess": "Account setup completed! Welcome to Pangolin!", - "documentation": "Documentation", - "saveAllSettings": "Save All Settings", - "settingsUpdated": "Settings updated", - "settingsUpdatedDescription": "All settings have been updated successfully", - "settingsErrorUpdate": "Failed to update settings", - "settingsErrorUpdateDescription": "An error occurred while updating settings", - "sidebarCollapse": "Collapse", - "sidebarExpand": "Expand", - "newtUpdateAvailable": "Update Available", - "newtUpdateAvailableInfo": "A new version of Newt is available. Please update to the latest version for the best experience.", - "domainPickerEnterDomain": "Domain", - "domainPickerPlaceholder": "myapp.example.com, api.v1.mydomain.com, or just myapp", - "domainPickerDescription": "Enter the full domain of the resource to see available options.", - "domainPickerDescriptionSaas": "Enter a full domain, subdomain, or just a name to see available options", - "domainPickerTabAll": "All", - "domainPickerTabOrganization": "Organization", - "domainPickerTabProvided": "Provided", - "domainPickerSortAsc": "A-Z", - "domainPickerSortDesc": "Z-A", - "domainPickerCheckingAvailability": "Checking availability...", - "domainPickerNoMatchingDomains": "No matching domains found. Try a different domain or check your organization's domain settings.", - "domainPickerOrganizationDomains": "Organization Domains", - "domainPickerProvidedDomains": "Provided Domains", - "domainPickerSubdomain": "Subdomain: {subdomain}", - "domainPickerNamespace": "Namespace: {namespace}", - "domainPickerShowMore": "Show More", - "domainNotFound": "Domain Not Found", - "domainNotFoundDescription": "This resource is disabled because the domain no longer exists our system. Please set a new domain for this resource.", - "failed": "Failed", - "createNewOrgDescription": "Create a new organization", - "organization": "Organization", - "port": "Port", - "securityKeyManage": "Manage Security Keys", - "securityKeyDescription": "Add or remove security keys for passwordless authentication", - "securityKeyRegister": "Register New Security Key", - "securityKeyList": "Your Security Keys", - "securityKeyNone": "No security keys registered yet", - "securityKeyNameRequired": "Name is required", - "securityKeyRemove": "Remove", - "securityKeyLastUsed": "Last used: {date}", - "securityKeyNameLabel": "Security Key Name", - "securityKeyRegisterSuccess": "Security key registered successfully", - "securityKeyRegisterError": "Failed to register security key", - "securityKeyRemoveSuccess": "Security key removed successfully", - "securityKeyRemoveError": "Failed to remove security key", - "securityKeyLoadError": "Failed to load security keys", - "securityKeyLogin": "Continue with security key", - "securityKeyAuthError": "Failed to authenticate with security key", - "securityKeyRecommendation": "Register a backup security key on another device to ensure you always have access to your account.", - "registering": "Registering...", - "securityKeyPrompt": "Please verify your identity using your security key. Make sure your security key is connected and ready.", - "securityKeyBrowserNotSupported": "Your browser doesn't support security keys. Please use a modern browser like Chrome, Firefox, or Safari.", - "securityKeyPermissionDenied": "Please allow access to your security key to continue signing in.", - "securityKeyRemovedTooQuickly": "Please keep your security key connected until the sign-in process completes.", - "securityKeyNotSupported": "Your security key may not be compatible. Please try a different security key.", - "securityKeyUnknownError": "There was a problem using your security key. Please try again.", - "twoFactorRequired": "Two-factor authentication is required to register a security key.", - "twoFactor": "Two-Factor Authentication", - "adminEnabled2FaOnYourAccount": "Your administrator has enabled two-factor authentication for {email}. Please complete the setup process to continue.", - "continueToApplication": "Continue to Application", - "securityKeyAdd": "Add Security Key", - "securityKeyRegisterTitle": "Register New Security Key", - "securityKeyRegisterDescription": "Connect your security key and enter a name to identify it", - "securityKeyTwoFactorRequired": "Two-Factor Authentication Required", - "securityKeyTwoFactorDescription": "Please enter your two-factor authentication code to register the security key", - "securityKeyTwoFactorRemoveDescription": "Please enter your two-factor authentication code to remove the security key", - "securityKeyTwoFactorCode": "Two-Factor Code", - "securityKeyRemoveTitle": "Remove Security Key", - "securityKeyRemoveDescription": "Enter your password to remove the security key \"{name}\"", - "securityKeyNoKeysRegistered": "No security keys registered", - "securityKeyNoKeysDescription": "Add a security key to enhance your account security", - "createDomainRequired": "Domain is required", - "createDomainAddDnsRecords": "Add DNS Records", - "createDomainAddDnsRecordsDescription": "Add the following DNS records to your domain provider to complete the setup.", - "createDomainNsRecords": "NS Records", - "createDomainRecord": "Record", - "createDomainType": "Type:", - "createDomainName": "Name:", - "createDomainValue": "Value:", - "createDomainCnameRecords": "CNAME Records", - "createDomainARecords": "A Records", - "createDomainRecordNumber": "Record {number}", - "createDomainTxtRecords": "TXT Records", - "createDomainSaveTheseRecords": "Save These Records", - "createDomainSaveTheseRecordsDescription": "Make sure to save these DNS records as you will not see them again.", - "createDomainDnsPropagation": "DNS Propagation", - "createDomainDnsPropagationDescription": "DNS changes may take some time to propagate across the internet. This can take anywhere from a few minutes to 48 hours, depending on your DNS provider and TTL settings.", - "resourcePortRequired": "Port number is required for non-HTTP resources", - "resourcePortNotAllowed": "Port number should not be set for HTTP resources", + "completeAccountSetup": "Завершите настройку аккаунта", + "completeAccountSetupDescription": "Установите ваш пароль, чтобы начать", + "accountSetupSent": "Мы отправим код для настройки аккаунта на этот email адрес.", + "accountSetupCode": "Код настройки", + "accountSetupCodeDescription": "Проверьте вашу почту для получения кода настройки.", + "passwordCreate": "Создать пароль", + "passwordCreateConfirm": "Подтвердите пароль", + "accountSetupSubmit": "Отправить код настройки", + "completeSetup": "Завершить настройку", + "accountSetupSuccess": "Настройка аккаунта завершена! Добро пожаловать в Pangolin!", + "documentation": "Документация", + "saveAllSettings": "Сохранить все настройки", + "settingsUpdated": "Настройки обновлены", + "settingsUpdatedDescription": "Все настройки успешно обновлены", + "settingsErrorUpdate": "Не удалось обновить настройки", + "settingsErrorUpdateDescription": "Произошла ошибка при обновлении настроек", + "sidebarCollapse": "Свернуть", + "sidebarExpand": "Развернуть", + "newtUpdateAvailable": "Доступно обновление", + "newtUpdateAvailableInfo": "Доступна новая версия Newt. Пожалуйста, обновитесь до последней версии для лучшего опыта.", + "domainPickerEnterDomain": "Домен", + "domainPickerPlaceholder": "myapp.example.com, api.v1.mydomain.com, или просто myapp", + "domainPickerDescription": "Введите полный домен ресурса, чтобы увидеть доступные опции.", + "domainPickerDescriptionSaas": "Введите полный домен, поддомен или просто имя, чтобы увидеть доступные опции", + "domainPickerTabAll": "Все", + "domainPickerTabOrganization": "Организация", + "domainPickerTabProvided": "Предоставлено", + "domainPickerSortAsc": "А-Я", + "domainPickerSortDesc": "Я-А", + "domainPickerCheckingAvailability": "Проверка доступности...", + "domainPickerNoMatchingDomains": "Не найдены сопоставимые домены. Попробуйте другой домен или проверьте настройки доменов вашей организации.", + "domainPickerOrganizationDomains": "Домены организации", + "domainPickerProvidedDomains": "Предоставленные домены", + "domainPickerSubdomain": "Поддомен: {subdomain}", + "domainPickerNamespace": "Пространство имен: {namespace}", + "domainPickerShowMore": "Показать еще", + "domainNotFound": "Домен не найден", + "domainNotFoundDescription": "Этот ресурс отключен, так как домен больше не существует в нашей системе. Пожалуйста, установите новый домен для этого ресурса.", + "failed": "Ошибка", + "createNewOrgDescription": "Создать новую организацию", + "organization": "Организация", + "port": "Порт", + "securityKeyManage": "Управление ключами безопасности", + "securityKeyDescription": "Добавить или удалить ключи безопасности для аутентификации без пароля", + "securityKeyRegister": "Зарегистрировать новый ключ безопасности", + "securityKeyList": "Ваши ключи безопасности", + "securityKeyNone": "Ключи безопасности еще не зарегистрированы", + "securityKeyNameRequired": "Имя обязательно", + "securityKeyRemove": "Удалить", + "securityKeyLastUsed": "Последнее использование: {date}", + "securityKeyNameLabel": "Имя ключа безопасности", + "securityKeyRegisterSuccess": "Ключ безопасности успешно зарегистрирован", + "securityKeyRegisterError": "Не удалось зарегистрировать ключ безопасности", + "securityKeyRemoveSuccess": "Ключ безопасности успешно удален", + "securityKeyRemoveError": "Не удалось удалить ключ безопасности", + "securityKeyLoadError": "Не удалось загрузить ключи безопасности", + "securityKeyLogin": "Продолжить с ключом безопасности", + "securityKeyAuthError": "Не удалось аутентифицироваться с ключом безопасности", + "securityKeyRecommendation": "Зарегистрируйте резервный ключ безопасности на другом устройстве, чтобы всегда иметь доступ к вашему аккаунту.", + "registering": "Регистрация...", + "securityKeyPrompt": "Пожалуйста, подтвердите свою личность с использованием вашего ключа безопасности. Убедитесь, что ваш ключ безопасности подключен и готов.", + "securityKeyBrowserNotSupported": "Ваш браузер не поддерживает ключи безопасности. Пожалуйста, используйте современный браузер, такой как Chrome, Firefox или Safari.", + "securityKeyPermissionDenied": "Пожалуйста, разрешите доступ к вашему ключу безопасности, чтобы продолжить вход.", + "securityKeyRemovedTooQuickly": "Пожалуйста, держите ваш ключ безопасности подключенным, пока процесс входа не завершится.", + "securityKeyNotSupported": "Ваш ключ безопасности может быть несовместим. Попробуйте другой ключ безопасности.", + "securityKeyUnknownError": "Произошла проблема при использовании вашего ключа безопасности. Пожалуйста, попробуйте еще раз.", + "twoFactorRequired": "Для регистрации ключа безопасности требуется двухфакторная аутентификация.", + "twoFactor": "Двухфакторная аутентификация", + "adminEnabled2FaOnYourAccount": "Ваш администратор включил двухфакторную аутентификацию для {email}. Пожалуйста, завершите процесс настройки, чтобы продолжить.", + "continueToApplication": "Перейти к приложению", + "securityKeyAdd": "Добавить ключ безопасности", + "securityKeyRegisterTitle": "Регистрация нового ключа безопасности", + "securityKeyRegisterDescription": "Подключите свой ключ безопасности и введите имя для его идентификации", + "securityKeyTwoFactorRequired": "Требуется двухфакторная аутентификация", + "securityKeyTwoFactorDescription": "Пожалуйста, введите ваш код двухфакторной аутентификации для регистрации ключа безопасности", + "securityKeyTwoFactorRemoveDescription": "Пожалуйста, введите ваш код двухфакторной аутентификации для удаления ключа безопасности", + "securityKeyTwoFactorCode": "Код двухфакторной аутентификации", + "securityKeyRemoveTitle": "Удалить ключ безопасности", + "securityKeyRemoveDescription": "Введите ваш пароль для удаления ключа безопасности \"{name}\"", + "securityKeyNoKeysRegistered": "Ключи безопасности не зарегистрированы", + "securityKeyNoKeysDescription": "Добавьте ключ безопасности, чтобы повысить безопасность вашего аккаунта", + "createDomainRequired": "Домен обязателен", + "createDomainAddDnsRecords": "Добавить DNS записи", + "createDomainAddDnsRecordsDescription": "Добавьте следующие DNS записи у вашего провайдера доменных имен для завершения настройки.", + "createDomainNsRecords": "NS Записи", + "createDomainRecord": "Запись", + "createDomainType": "Тип:", + "createDomainName": "Имя:", + "createDomainValue": "Значение:", + "createDomainCnameRecords": "CNAME Записи", + "createDomainARecords": "A Записи", + "createDomainRecordNumber": "Запись {number}", + "createDomainTxtRecords": "TXT Записи", + "createDomainSaveTheseRecords": "Сохранить эти записи", + "createDomainSaveTheseRecordsDescription": "Обязательно сохраните эти DNS записи, так как вы их больше не увидите.", + "createDomainDnsPropagation": "Распространение DNS", + "createDomainDnsPropagationDescription": "Изменения DNS могут занять некоторое время для распространения через интернет. Это может занять от нескольких минут до 48 часов в зависимости от вашего DNS провайдера и настроек TTL.", + "resourcePortRequired": "Номер порта необходим для не-HTTP ресурсов", + "resourcePortNotAllowed": "Номер порта не должен быть установлен для HTTP ресурсов", "signUpTerms": { - "IAgreeToThe": "I agree to the", - "termsOfService": "terms of service", - "and": "and", - "privacyPolicy": "privacy policy" + "IAgreeToThe": "Я согласен с", + "termsOfService": "условия использования", + "and": "и", + "privacyPolicy": "политика конфиденциальности" }, - "siteRequired": "Site is required.", - "olmTunnel": "Olm Tunnel", - "olmTunnelDescription": "Use Olm for client connectivity", - "errorCreatingClient": "Error creating client", - "clientDefaultsNotFound": "Client defaults not found", - "createClient": "Create Client", - "createClientDescription": "Create a new client for connecting to your sites", - "seeAllClients": "See All Clients", - "clientInformation": "Client Information", - "clientNamePlaceholder": "Client name", - "address": "Address", - "subnetPlaceholder": "Subnet", - "addressDescription": "The address that this client will use for connectivity", - "selectSites": "Select sites", - "sitesDescription": "The client will have connectivity to the selected sites", - "clientInstallOlm": "Install Olm", - "clientInstallOlmDescription": "Get Olm running on your system", - "clientOlmCredentials": "Olm Credentials", - "clientOlmCredentialsDescription": "This is how Olm will authenticate with the server", - "olmEndpoint": "Olm Endpoint", + "siteRequired": "Необходимо указать сайт.", + "olmTunnel": "Olm Туннель", + "olmTunnelDescription": "Используйте Olm для подключений клиентов", + "errorCreatingClient": "Ошибка при создании клиента", + "clientDefaultsNotFound": "Настройки клиента по умолчанию не найдены", + "createClient": "Создать клиента", + "createClientDescription": "Создайте нового клиента для подключения к вашим сайтам", + "seeAllClients": "Просмотреть всех клиентов", + "clientInformation": "Информация о клиенте", + "clientNamePlaceholder": "Имя клиента", + "address": "Адрес", + "subnetPlaceholder": "Подсеть", + "addressDescription": "Адрес, который этот клиент будет использовать для подключения", + "selectSites": "Выберите сайты", + "sitesDescription": "Клиент будет иметь подключение к выбранным сайтам", + "clientInstallOlm": "Установить Olm", + "clientInstallOlmDescription": "Запустите Olm на вашей системе", + "clientOlmCredentials": "Учётные данные Olm", + "clientOlmCredentialsDescription": "Так Olm будет аутентифицироваться через сервер", + "olmEndpoint": "Конечная точка Olm", "olmId": "Olm ID", - "olmSecretKey": "Olm Secret Key", - "clientCredentialsSave": "Save Your Credentials", - "clientCredentialsSaveDescription": "You will only be able to see this once. Make sure to copy it to a secure place.", - "generalSettingsDescription": "Configure the general settings for this client", - "clientUpdated": "Client updated", - "clientUpdatedDescription": "The client has been updated.", - "clientUpdateFailed": "Failed to update client", - "clientUpdateError": "An error occurred while updating the client.", - "sitesFetchFailed": "Failed to fetch sites", - "sitesFetchError": "An error occurred while fetching sites.", - "olmErrorFetchReleases": "An error occurred while fetching Olm releases.", - "olmErrorFetchLatest": "An error occurred while fetching the latest Olm release.", - "remoteSubnets": "Remote Subnets", - "enterCidrRange": "Enter CIDR range", - "remoteSubnetsDescription": "Add CIDR ranges that can access this site remotely. Use format like 10.0.0.0/24 or 192.168.1.0/24.", - "resourceEnableProxy": "Enable Public Proxy", - "resourceEnableProxyDescription": "Enable public proxying to this resource. This allows access to the resource from outside the network through the cloud on an open port. Requires Traefik config.", - "externalProxyEnabled": "External Proxy Enabled" + "olmSecretKey": "Секретный ключ Olm", + "clientCredentialsSave": "Сохраните ваши учётные данные", + "clientCredentialsSaveDescription": "Вы сможете увидеть их только один раз. Обязательно скопируйте в безопасное место.", + "generalSettingsDescription": "Настройте общие параметры для этого клиента", + "clientUpdated": "Клиент обновлен", + "clientUpdatedDescription": "Клиент был обновлён.", + "clientUpdateFailed": "Не удалось обновить клиента", + "clientUpdateError": "Произошла ошибка при обновлении клиента.", + "sitesFetchFailed": "Не удалось получить сайты", + "sitesFetchError": "Произошла ошибка при получении сайтов.", + "olmErrorFetchReleases": "Произошла ошибка при получении релизов Olm.", + "olmErrorFetchLatest": "Произошла ошибка при получении последнего релиза Olm.", + "remoteSubnets": "Удалённые подсети", + "enterCidrRange": "Введите диапазон CIDR", + "remoteSubnetsDescription": "Добавьте диапазоны адресов CIDR, которые можно получить из этого сайта удаленно, используя клиентов. Используйте формат 10.0.0.0/24. Это относится ТОЛЬКО к подключению через VPN клиентов.", + "resourceEnableProxy": "Включить публичный прокси", + "resourceEnableProxyDescription": "Включите публичное проксирование для этого ресурса. Это позволяет получить доступ к ресурсу извне сети через облако через открытый порт. Требуется конфигурация Traefik.", + "externalProxyEnabled": "Внешний прокси включен", + "addNewTarget": "Добавить новую цель", + "targetsList": "Список целей", + "targetErrorDuplicateTargetFound": "Обнаружена дублирующаяся цель", + "httpMethod": "HTTP метод", + "selectHttpMethod": "Выберите HTTP метод", + "domainPickerSubdomainLabel": "Поддомен", + "domainPickerBaseDomainLabel": "Основной домен", + "domainPickerSearchDomains": "Поиск доменов...", + "domainPickerNoDomainsFound": "Доменов не найдено", + "domainPickerLoadingDomains": "Загрузка доменов...", + "domainPickerSelectBaseDomain": "Выбор основного домена...", + "domainPickerNotAvailableForCname": "Не доступно для CNAME доменов", + "domainPickerEnterSubdomainOrLeaveBlank": "Введите поддомен или оставьте пустым для использования основного домена.", + "domainPickerEnterSubdomainToSearch": "Введите поддомен для поиска и выбора из доступных свободных доменов.", + "domainPickerFreeDomains": "Свободные домены", + "domainPickerSearchForAvailableDomains": "Поиск доступных доменов", + "resourceDomain": "Домен", + "resourceEditDomain": "Редактировать домен", + "siteName": "Имя сайта", + "proxyPort": "Порт", + "resourcesTableProxyResources": "Проксированные ресурсы", + "resourcesTableClientResources": "Клиентские ресурсы", + "resourcesTableNoProxyResourcesFound": "Проксированных ресурсов не найдено.", + "resourcesTableNoInternalResourcesFound": "Внутренних ресурсов не найдено.", + "resourcesTableDestination": "Пункт назначения", + "resourcesTableTheseResourcesForUseWith": "Эти ресурсы предназначены для использования с", + "resourcesTableClients": "Клиенты", + "resourcesTableAndOnlyAccessibleInternally": "и доступны только внутренне при подключении с клиентом.", + "editInternalResourceDialogEditClientResource": "Редактировать ресурс клиента", + "editInternalResourceDialogUpdateResourceProperties": "Обновите свойства ресурса и настройку цели для {resourceName}.", + "editInternalResourceDialogResourceProperties": "Свойства ресурса", + "editInternalResourceDialogName": "Имя", + "editInternalResourceDialogProtocol": "Протокол", + "editInternalResourceDialogSitePort": "Порт сайта", + "editInternalResourceDialogTargetConfiguration": "Настройка цели", + "editInternalResourceDialogDestinationIP": "Целевая IP", + "editInternalResourceDialogDestinationPort": "Целевой порт", + "editInternalResourceDialogCancel": "Отмена", + "editInternalResourceDialogSaveResource": "Сохранить ресурс", + "editInternalResourceDialogSuccess": "Успешно", + "editInternalResourceDialogInternalResourceUpdatedSuccessfully": "Внутренний ресурс успешно обновлен", + "editInternalResourceDialogError": "Ошибка", + "editInternalResourceDialogFailedToUpdateInternalResource": "Не удалось обновить внутренний ресурс", + "editInternalResourceDialogNameRequired": "Имя обязательно", + "editInternalResourceDialogNameMaxLength": "Имя не должно быть длиннее 255 символов", + "editInternalResourceDialogProxyPortMin": "Порт прокси должен быть не менее 1", + "editInternalResourceDialogProxyPortMax": "Порт прокси должен быть меньше 65536", + "editInternalResourceDialogInvalidIPAddressFormat": "Неверный формат IP адреса", + "editInternalResourceDialogDestinationPortMin": "Целевой порт должен быть не менее 1", + "editInternalResourceDialogDestinationPortMax": "Целевой порт должен быть меньше 65536", + "createInternalResourceDialogNoSitesAvailable": "Нет доступных сайтов", + "createInternalResourceDialogNoSitesAvailableDescription": "Вам необходимо иметь хотя бы один сайт Newt с настроенной подсетью для создания внутреннего ресурса.", + "createInternalResourceDialogClose": "Закрыть", + "createInternalResourceDialogCreateClientResource": "Создать ресурс клиента", + "createInternalResourceDialogCreateClientResourceDescription": "Создайте новый ресурс, который будет доступен клиентам, подключенным к выбранному сайту.", + "createInternalResourceDialogResourceProperties": "Свойства ресурса", + "createInternalResourceDialogName": "Имя", + "createInternalResourceDialogSite": "Сайт", + "createInternalResourceDialogSelectSite": "Выберите сайт...", + "createInternalResourceDialogSearchSites": "Поиск сайтов...", + "createInternalResourceDialogNoSitesFound": "Сайты не найдены.", + "createInternalResourceDialogProtocol": "Протокол", + "createInternalResourceDialogTcp": "TCP", + "createInternalResourceDialogUdp": "UDP", + "createInternalResourceDialogSitePort": "Порт сайта", + "createInternalResourceDialogSitePortDescription": "Используйте этот порт для доступа к ресурсу на сайте при подключении с клиентом.", + "createInternalResourceDialogTargetConfiguration": "Настройка цели", + "createInternalResourceDialogDestinationIP": "Целевая IP", + "createInternalResourceDialogDestinationIPDescription": "IP-адрес ресурса в сети сайта.", + "createInternalResourceDialogDestinationPort": "Целевой порт", + "createInternalResourceDialogDestinationPortDescription": "Порт на IP-адресе назначения, где доступен ресурс.", + "createInternalResourceDialogCancel": "Отмена", + "createInternalResourceDialogCreateResource": "Создать ресурс", + "createInternalResourceDialogSuccess": "Успешно", + "createInternalResourceDialogInternalResourceCreatedSuccessfully": "Внутренний ресурс успешно создан", + "createInternalResourceDialogError": "Ошибка", + "createInternalResourceDialogFailedToCreateInternalResource": "Не удалось создать внутренний ресурс", + "createInternalResourceDialogNameRequired": "Имя обязательно", + "createInternalResourceDialogNameMaxLength": "Имя должно содержать менее 255 символов", + "createInternalResourceDialogPleaseSelectSite": "Пожалуйста, выберите сайт", + "createInternalResourceDialogProxyPortMin": "Прокси-порт должен быть не менее 1", + "createInternalResourceDialogProxyPortMax": "Прокси-порт должен быть меньше 65536", + "createInternalResourceDialogInvalidIPAddressFormat": "Неверный формат IP-адреса", + "createInternalResourceDialogDestinationPortMin": "Целевой порт должен быть не менее 1", + "createInternalResourceDialogDestinationPortMax": "Целевой порт должен быть меньше 65536", + "siteConfiguration": "Конфигурация", + "siteAcceptClientConnections": "Принимать подключения клиентов", + "siteAcceptClientConnectionsDescription": "Разрешите другим устройствам подключаться через этот экземпляр Newt в качестве шлюза с использованием клиентов.", + "siteAddress": "Адрес сайта", + "siteAddressDescription": "Укажите IP-адрес хоста для подключения клиентов. Это внутренний адрес сайта в сети Pangolin для адресации клиентов. Должен находиться в пределах подсети организационного уровня.", + "autoLoginExternalIdp": "Автоматический вход с внешним провайдером", + "autoLoginExternalIdpDescription": "Немедленно перенаправьте пользователя к внешнему провайдеру для аутентификации.", + "selectIdp": "Выберите провайдера", + "selectIdpPlaceholder": "Выберите провайдера...", + "selectIdpRequired": "Пожалуйста, выберите провайдера, когда автоматический вход включен.", + "autoLoginTitle": "Перенаправление", + "autoLoginDescription": "Перенаправление вас к внешнему провайдеру для аутентификации.", + "autoLoginProcessing": "Подготовка аутентификации...", + "autoLoginRedirecting": "Перенаправление к входу...", + "autoLoginError": "Ошибка автоматического входа", + "autoLoginErrorNoRedirectUrl": "URL-адрес перенаправления не получен от провайдера удостоверения.", + "autoLoginErrorGeneratingUrl": "Не удалось сгенерировать URL-адрес аутентификации." } diff --git a/messages/tr-TR.json b/messages/tr-TR.json index abd4b3e9..f1e3b793 100644 --- a/messages/tr-TR.json +++ b/messages/tr-TR.json @@ -94,7 +94,9 @@ "siteNewtTunnelDescription": "Ağınıza giriş noktası oluşturmanın en kolay yolu. Ekstra kurulum gerekmez.", "siteWg": "Temel WireGuard", "siteWgDescription": "Bir tünel oluşturmak için herhangi bir WireGuard istemcisi kullanın. Manuel NAT kurulumu gereklidir.", + "siteWgDescriptionSaas": "Bir tünel oluşturmak için herhangi bir WireGuard istemcisi kullanın. Manuel NAT kurulumu gereklidir. YALNIZCA SELF HOSTED DÜĞÜMLERDE ÇALIŞIR", "siteLocalDescription": "Yalnızca yerel kaynaklar. Tünelleme yok.", + "siteLocalDescriptionSaas": "Yalnızca yerel kaynaklar. Tünel yok. YALNIZCA SELF HOSTED DÜĞÜMLERDE ÇALIŞIR", "siteSeeAll": "Tüm Siteleri Gör", "siteTunnelDescription": "Sitenize nasıl bağlanmak istediğinizi belirleyin", "siteNewtCredentials": "Newt Kimlik Bilgileri", @@ -166,7 +168,7 @@ "siteSelect": "Site seç", "siteSearch": "Site ara", "siteNotFound": "Herhangi bir site bulunamadı.", - "siteSelectionDescription": "Bu site, kaynağa bağlanabilirliği sağlayacaktır.", + "siteSelectionDescription": "Bu site hedefe bağlantı sağlayacaktır.", "resourceType": "Kaynak Türü", "resourceTypeDescription": "Kaynağınıza nasıl erişmek istediğinizi belirleyin", "resourceHTTPSSettings": "HTTPS Ayarları", @@ -197,6 +199,7 @@ "general": "Genel", "generalSettings": "Genel Ayarlar", "proxy": "Vekil Sunucu", + "internal": "Dahili", "rules": "Kurallar", "resourceSettingDescription": "Kaynağınızdaki ayarları yapılandırın", "resourceSetting": "{resourceName} Ayarları", @@ -490,7 +493,7 @@ "targetTlsSniDescription": "SNI için kullanılacak TLS Sunucu Adı'", "targetTlsSubmit": "Ayarları Kaydet", "targets": "Hedefler Konfigürasyonu", - "targetsDescription": "Trafiği hizmetlerinize yönlendirmek için hedefleri ayarlayın", + "targetsDescription": "Trafiği arka uç hizmetlerinize yönlendirmek için hedefleri ayarlayın", "targetStickySessions": "Yapışkan Oturumları Etkinleştir", "targetStickySessionsDescription": "Bağlantıları oturum süresince aynı arka uç hedef üzerinde tutun.", "methodSelect": "Yöntemi Seç", @@ -833,6 +836,24 @@ "pincodeRequirementsLength": "PIN kesinlikle 6 haneli olmalıdır", "pincodeRequirementsChars": "PIN sadece numaralardan oluşmalıdır", "passwordRequirementsLength": "Şifre en az 1 karakter uzunluğunda olmalıdır", + "passwordRequirementsTitle": "Şifre gereksinimleri:", + "passwordRequirementLength": "En az 8 karakter uzunluğunda", + "passwordRequirementUppercase": "En az bir büyük harf", + "passwordRequirementLowercase": "En az bir küçük harf", + "passwordRequirementNumber": "En az bir sayı", + "passwordRequirementSpecial": "En az bir özel karakter", + "passwordRequirementsMet": "✓ Şifre tüm gereksinimleri karşılıyor", + "passwordStrength": "Şifre gücü", + "passwordStrengthWeak": "Zayıf", + "passwordStrengthMedium": "Orta", + "passwordStrengthStrong": "Güçlü", + "passwordRequirements": "Gereksinimler:", + "passwordRequirementLengthText": "8+ karakter", + "passwordRequirementUppercaseText": "Büyük harf (A-Z)", + "passwordRequirementLowercaseText": "Küçük harf (a-z)", + "passwordRequirementNumberText": "Sayı (0-9)", + "passwordRequirementSpecialText": "Özel karakter (!@#$%...)", + "passwordsDoNotMatch": "Parolalar eşleşmiyor", "otpEmailRequirementsLength": "OTP en az 1 karakter uzunluğunda olmalıdır", "otpEmailSent": "OTP Gönderildi", "otpEmailSentDescription": "E-posta adresinize bir OTP gönderildi", @@ -952,6 +973,7 @@ "logoutError": "Çıkış yaparken hata", "signingAs": "Olarak giriş yapıldı", "serverAdmin": "Sunucu Yöneticisi", + "managedSelfhosted": "Yönetilen Self-Hosted", "otpEnable": "İki faktörlü özelliğini etkinleştir", "otpDisable": "İki faktörlü özelliğini devre dışı bırak", "logout": "Çıkış Yap", @@ -967,6 +989,9 @@ "actionDeleteSite": "Siteyi Sil", "actionGetSite": "Siteyi Al", "actionListSites": "Siteleri Listele", + "setupToken": "Kurulum Simgesi", + "setupTokenDescription": "Sunucu konsolundan kurulum simgesini girin.", + "setupTokenRequired": "Kurulum simgesi gerekli", "actionUpdateSite": "Siteyi Güncelle", "actionListSiteRoles": "İzin Verilen Site Rolleri Listele", "actionCreateResource": "Kaynak Oluştur", @@ -1022,6 +1047,11 @@ "actionDeleteIdpOrg": "Kimlik Sağlayıcı Organizasyon Politikasını Sil", "actionListIdpOrgs": "Kimlik Sağlayıcı Organizasyonları Listele", "actionUpdateIdpOrg": "Kimlik Sağlayıcı Organizasyonu Güncelle", + "actionCreateClient": "Müşteri Oluştur", + "actionDeleteClient": "Müşteri Sil", + "actionUpdateClient": "Müşteri Güncelle", + "actionListClients": "Müşterileri Listele", + "actionGetClient": "Müşteriyi Al", "noneSelected": "Hiçbiri seçili değil", "orgNotFound2": "Hiçbir organizasyon bulunamadı.", "searchProgress": "Ara...", @@ -1315,8 +1345,110 @@ "olmErrorFetchLatest": "En son Olm yayını alınırken bir hata oluştu.", "remoteSubnets": "Uzak Alt Ağlar", "enterCidrRange": "CIDR aralığını girin", - "remoteSubnetsDescription": "Bu siteye uzaktan erişebilecek CIDR aralıklarını ekleyin. 10.0.0.0/24 veya 192.168.1.0/24 gibi formatlar kullanın.", + "remoteSubnetsDescription": "Bu siteye uzaktan erişilebilen CIDR aralıklarını ekleyin. 10.0.0.0/24 formatını kullanın. Bu YALNIZCA VPN istemci bağlantıları için geçerlidir.", "resourceEnableProxy": "Genel Proxy'i Etkinleştir", "resourceEnableProxyDescription": "Bu kaynağa genel proxy erişimini etkinleştirin. Bu sayede ağ dışından açık bir port üzerinden kaynağa bulut aracılığıyla erişim sağlanır. Traefik yapılandırması gereklidir.", - "externalProxyEnabled": "Dış Proxy Etkinleştirildi" + "externalProxyEnabled": "Dış Proxy Etkinleştirildi", + "addNewTarget": "Yeni Hedef Ekle", + "targetsList": "Hedefler Listesi", + "targetErrorDuplicateTargetFound": "Yinelenen hedef bulundu", + "httpMethod": "HTTP Yöntemi", + "selectHttpMethod": "HTTP yöntemini seçin", + "domainPickerSubdomainLabel": "Alt Alan Adı", + "domainPickerBaseDomainLabel": "Temel Alan Adı", + "domainPickerSearchDomains": "Alan adlarını ara...", + "domainPickerNoDomainsFound": "Hiçbir alan adı bulunamadı", + "domainPickerLoadingDomains": "Alan adları yükleniyor...", + "domainPickerSelectBaseDomain": "Temel alan adını seçin...", + "domainPickerNotAvailableForCname": "CNAME alan adları için kullanılabilir değil", + "domainPickerEnterSubdomainOrLeaveBlank": "Alt alan adını girin veya temel alan adını kullanmak için boş bırakın.", + "domainPickerEnterSubdomainToSearch": "Mevcut ücretsiz alan adları arasından aramak ve seçmek için bir alt alan adı girin.", + "domainPickerFreeDomains": "Ücretsiz Alan Adları", + "domainPickerSearchForAvailableDomains": "Mevcut alan adlarını ara", + "resourceDomain": "Alan Adı", + "resourceEditDomain": "Alan Adını Düzenle", + "siteName": "Site Adı", + "proxyPort": "Bağlantı Noktası", + "resourcesTableProxyResources": "Proxy Kaynaklar", + "resourcesTableClientResources": "İstemci Kaynaklar", + "resourcesTableNoProxyResourcesFound": "Hiçbir proxy kaynağı bulunamadı.", + "resourcesTableNoInternalResourcesFound": "Hiçbir dahili kaynak bulunamadı.", + "resourcesTableDestination": "Hedef", + "resourcesTableTheseResourcesForUseWith": "Bu kaynaklar ile kullanılmak için", + "resourcesTableClients": "İstemciler", + "resourcesTableAndOnlyAccessibleInternally": "veyalnızca bir istemci ile bağlandığında dahili olarak erişilebilir.", + "editInternalResourceDialogEditClientResource": "İstemci Kaynağı Düzenleyin", + "editInternalResourceDialogUpdateResourceProperties": "{resourceName} için kaynak özelliklerini ve hedef yapılandırmasını güncelleyin.", + "editInternalResourceDialogResourceProperties": "Kaynak Özellikleri", + "editInternalResourceDialogName": "Ad", + "editInternalResourceDialogProtocol": "Protokol", + "editInternalResourceDialogSitePort": "Site Bağlantı Noktası", + "editInternalResourceDialogTargetConfiguration": "Hedef Yapılandırma", + "editInternalResourceDialogDestinationIP": "Hedef IP", + "editInternalResourceDialogDestinationPort": "Hedef Bağlantı Noktası", + "editInternalResourceDialogCancel": "İptal", + "editInternalResourceDialogSaveResource": "Kaynağı Kaydet", + "editInternalResourceDialogSuccess": "Başarı", + "editInternalResourceDialogInternalResourceUpdatedSuccessfully": "Dahili kaynak başarıyla güncellendi", + "editInternalResourceDialogError": "Hata", + "editInternalResourceDialogFailedToUpdateInternalResource": "Dahili kaynak güncellenemedi", + "editInternalResourceDialogNameRequired": "Ad gerekli", + "editInternalResourceDialogNameMaxLength": "Ad 255 karakterden kısa olmalıdır", + "editInternalResourceDialogProxyPortMin": "Proxy bağlantı noktası en az 1 olmalıdır", + "editInternalResourceDialogProxyPortMax": "Proxy bağlantı noktası 65536'dan küçük olmalıdır", + "editInternalResourceDialogInvalidIPAddressFormat": "Geçersiz IP adresi formatı", + "editInternalResourceDialogDestinationPortMin": "Hedef bağlantı noktası en az 1 olmalıdır", + "editInternalResourceDialogDestinationPortMax": "Hedef bağlantı noktası 65536'dan küçük olmalıdır", + "createInternalResourceDialogNoSitesAvailable": "Site Bulunamadı", + "createInternalResourceDialogNoSitesAvailableDescription": "Dahili kaynak oluşturmak için en az bir Newt sitesine ve alt ağa sahip olmalısınız.", + "createInternalResourceDialogClose": "Kapat", + "createInternalResourceDialogCreateClientResource": "İstemci Kaynağı Oluştur", + "createInternalResourceDialogCreateClientResourceDescription": "Seçilen siteye bağlı istemciler için erişilebilir olacak yeni bir kaynak oluşturun.", + "createInternalResourceDialogResourceProperties": "Kaynak Özellikleri", + "createInternalResourceDialogName": "Ad", + "createInternalResourceDialogSite": "Site", + "createInternalResourceDialogSelectSite": "Site seç...", + "createInternalResourceDialogSearchSites": "Siteleri ara...", + "createInternalResourceDialogNoSitesFound": "Site bulunamadı.", + "createInternalResourceDialogProtocol": "Protokol", + "createInternalResourceDialogTcp": "TCP", + "createInternalResourceDialogUdp": "UDP", + "createInternalResourceDialogSitePort": "Site Bağlantı Noktası", + "createInternalResourceDialogSitePortDescription": "İstemci ile bağlanıldığında site üzerindeki kaynağa erişmek için bu bağlantı noktasını kullanın.", + "createInternalResourceDialogTargetConfiguration": "Hedef Yapılandırma", + "createInternalResourceDialogDestinationIP": "Hedef IP", + "createInternalResourceDialogDestinationIPDescription": "Site ağındaki kaynağın IP adresi.", + "createInternalResourceDialogDestinationPort": "Hedef Bağlantı Noktası", + "createInternalResourceDialogDestinationPortDescription": "Kaynağa erişilebilecek hedef IP üzerindeki bağlantı noktası.", + "createInternalResourceDialogCancel": "İptal", + "createInternalResourceDialogCreateResource": "Kaynak Oluştur", + "createInternalResourceDialogSuccess": "Başarı", + "createInternalResourceDialogInternalResourceCreatedSuccessfully": "Dahili kaynak başarıyla oluşturuldu", + "createInternalResourceDialogError": "Hata", + "createInternalResourceDialogFailedToCreateInternalResource": "Dahili kaynak oluşturulamadı", + "createInternalResourceDialogNameRequired": "Ad gerekli", + "createInternalResourceDialogNameMaxLength": "Ad 255 karakterden kısa olmalıdır", + "createInternalResourceDialogPleaseSelectSite": "Lütfen bir site seçin", + "createInternalResourceDialogProxyPortMin": "Proxy bağlantı noktası en az 1 olmalıdır", + "createInternalResourceDialogProxyPortMax": "Proxy bağlantı noktası 65536'dan küçük olmalıdır", + "createInternalResourceDialogInvalidIPAddressFormat": "Geçersiz IP adresi formatı", + "createInternalResourceDialogDestinationPortMin": "Hedef bağlantı noktası en az 1 olmalıdır", + "createInternalResourceDialogDestinationPortMax": "Hedef bağlantı noktası 65536'dan küçük olmalıdır", + "siteConfiguration": "Yapılandırma", + "siteAcceptClientConnections": "İstemci Bağlantılarını Kabul Et", + "siteAcceptClientConnectionsDescription": "Bu Newt örneğini bir geçit olarak kullanarak diğer cihazların bağlanmasına izin verin.", + "siteAddress": "Site Adresi", + "siteAddressDescription": "İstemcilerin bağlanması için hostun IP adresini belirtin. Bu, Pangolin ağındaki sitenin iç adresidir ve istemciler için atlas olmalıdır. Org alt ağına düşmelidir.", + "autoLoginExternalIdp": "Harici IDP ile Otomatik Giriş", + "autoLoginExternalIdpDescription": "Kullanıcıyı kimlik doğrulama için otomatik olarak harici IDP'ye yönlendirin.", + "selectIdp": "IDP Seç", + "selectIdpPlaceholder": "IDP seçin...", + "selectIdpRequired": "Otomatik giriş etkinleştirildiğinde lütfen bir IDP seçin.", + "autoLoginTitle": "Yönlendiriliyor", + "autoLoginDescription": "Kimlik doğrulama için harici kimlik sağlayıcıya yönlendiriliyorsunuz.", + "autoLoginProcessing": "Kimlik doğrulama hazırlanıyor...", + "autoLoginRedirecting": "Girişe yönlendiriliyorsunuz...", + "autoLoginError": "Otomatik Giriş Hatası", + "autoLoginErrorNoRedirectUrl": "Kimlik sağlayıcıdan yönlendirme URL'si alınamadı.", + "autoLoginErrorGeneratingUrl": "Kimlik doğrulama URL'si oluşturulamadı." } diff --git a/messages/zh-CN.json b/messages/zh-CN.json index 38da8715..d7f27b72 100644 --- a/messages/zh-CN.json +++ b/messages/zh-CN.json @@ -94,7 +94,9 @@ "siteNewtTunnelDescription": "最简单的方式来连接到您的网络。不需要任何额外设置。", "siteWg": "基本 WireGuard", "siteWgDescription": "使用任何 WireGuard 客户端来建立隧道。需要手动配置 NAT。", + "siteWgDescriptionSaas": "使用任何WireGuard客户端建立隧道。需要手动配置NAT。仅适用于自托管节点。", "siteLocalDescription": "仅限本地资源。不需要隧道。", + "siteLocalDescriptionSaas": "仅本地资源。无需隧道。仅适用于自托管节点。", "siteSeeAll": "查看所有站点", "siteTunnelDescription": "确定如何连接到您的网站", "siteNewtCredentials": "Newt 凭据", @@ -166,7 +168,7 @@ "siteSelect": "选择站点", "siteSearch": "搜索站点", "siteNotFound": "未找到站点。", - "siteSelectionDescription": "此站点将为资源提供连接。", + "siteSelectionDescription": "此站点将为目标提供连接。", "resourceType": "资源类型", "resourceTypeDescription": "确定如何访问您的资源", "resourceHTTPSSettings": "HTTPS 设置", @@ -197,6 +199,7 @@ "general": "概览", "generalSettings": "常规设置", "proxy": "代理服务器", + "internal": "内部设置", "rules": "规则", "resourceSettingDescription": "配置您资源上的设置", "resourceSetting": "{resourceName} 设置", @@ -490,7 +493,7 @@ "targetTlsSniDescription": "SNI使用的 TLS 服务器名称。留空使用默认值。", "targetTlsSubmit": "保存设置", "targets": "目标配置", - "targetsDescription": "设置目标来路由流量到您的服务", + "targetsDescription": "设置目标来路由流量到您的后端服务", "targetStickySessions": "启用置顶会话", "targetStickySessionsDescription": "将连接保持在同一个后端目标的整个会话中。", "methodSelect": "选择方法", @@ -833,6 +836,24 @@ "pincodeRequirementsLength": "PIN码必须是6位数字", "pincodeRequirementsChars": "PIN 必须只包含数字", "passwordRequirementsLength": "密码必须至少 1 个字符长", + "passwordRequirementsTitle": "密码要求:", + "passwordRequirementLength": "至少8个字符长", + "passwordRequirementUppercase": "至少一个大写字母", + "passwordRequirementLowercase": "至少一个小写字母", + "passwordRequirementNumber": "至少一个数字", + "passwordRequirementSpecial": "至少一个特殊字符", + "passwordRequirementsMet": "✓ 密码满足所有要求", + "passwordStrength": "密码强度", + "passwordStrengthWeak": "弱", + "passwordStrengthMedium": "中", + "passwordStrengthStrong": "强", + "passwordRequirements": "要求:", + "passwordRequirementLengthText": "8+ 个字符", + "passwordRequirementUppercaseText": "大写字母 (A-Z)", + "passwordRequirementLowercaseText": "小写字母 (a-z)", + "passwordRequirementNumberText": "数字 (0-9)", + "passwordRequirementSpecialText": "特殊字符 (!@#$%...)", + "passwordsDoNotMatch": "密码不匹配", "otpEmailRequirementsLength": "OTP 必须至少 1 个字符长", "otpEmailSent": "OTP 已发送", "otpEmailSentDescription": "OTP 已经发送到您的电子邮件", @@ -952,6 +973,7 @@ "logoutError": "注销错误", "signingAs": "登录为", "serverAdmin": "服务器管理员", + "managedSelfhosted": "托管自托管", "otpEnable": "启用双因子认证", "otpDisable": "禁用双因子认证", "logout": "登出", @@ -967,6 +989,9 @@ "actionDeleteSite": "删除站点", "actionGetSite": "获取站点", "actionListSites": "站点列表", + "setupToken": "设置令牌", + "setupTokenDescription": "从服务器控制台输入设置令牌。", + "setupTokenRequired": "需要设置令牌", "actionUpdateSite": "更新站点", "actionListSiteRoles": "允许站点角色列表", "actionCreateResource": "创建资源", @@ -1022,6 +1047,11 @@ "actionDeleteIdpOrg": "删除 IDP组织策略", "actionListIdpOrgs": "列出 IDP组织", "actionUpdateIdpOrg": "更新 IDP组织", + "actionCreateClient": "创建客户端", + "actionDeleteClient": "删除客户端", + "actionUpdateClient": "更新客户端", + "actionListClients": "列出客户端", + "actionGetClient": "获取客户端", "noneSelected": "未选择", "orgNotFound2": "未找到组织。", "searchProgress": "搜索中...", @@ -1315,8 +1345,110 @@ "olmErrorFetchLatest": "获取最新 Olm 发布版本时出错。", "remoteSubnets": "远程子网", "enterCidrRange": "输入 CIDR 范围", - "remoteSubnetsDescription": "添加能远程访问此站点的 CIDR 范围。使用格式如 10.0.0.0/24 或 192.168.1.0/24。", + "remoteSubnetsDescription": "添加可以通过客户端远程访问该站点的CIDR范围。使用类似10.0.0.0/24的格式。这仅适用于VPN客户端连接。", "resourceEnableProxy": "启用公共代理", "resourceEnableProxyDescription": "启用到此资源的公共代理。这允许外部网络通过开放端口访问资源。需要 Traefik 配置。", - "externalProxyEnabled": "外部代理已启用" + "externalProxyEnabled": "外部代理已启用", + "addNewTarget": "添加新目标", + "targetsList": "目标列表", + "targetErrorDuplicateTargetFound": "找到重复的目标", + "httpMethod": "HTTP 方法", + "selectHttpMethod": "选择 HTTP 方法", + "domainPickerSubdomainLabel": "子域名", + "domainPickerBaseDomainLabel": "根域名", + "domainPickerSearchDomains": "搜索域名...", + "domainPickerNoDomainsFound": "未找到域名", + "domainPickerLoadingDomains": "加载域名...", + "domainPickerSelectBaseDomain": "选择根域名...", + "domainPickerNotAvailableForCname": "不适用于CNAME域", + "domainPickerEnterSubdomainOrLeaveBlank": "输入子域名或留空以使用根域名。", + "domainPickerEnterSubdomainToSearch": "输入一个子域名以搜索并从可用免费域名中选择。", + "domainPickerFreeDomains": "免费域名", + "domainPickerSearchForAvailableDomains": "搜索可用域名", + "resourceDomain": "域名", + "resourceEditDomain": "编辑域名", + "siteName": "站点名称", + "proxyPort": "端口", + "resourcesTableProxyResources": "代理资源", + "resourcesTableClientResources": "客户端资源", + "resourcesTableNoProxyResourcesFound": "未找到代理资源。", + "resourcesTableNoInternalResourcesFound": "未找到内部资源。", + "resourcesTableDestination": "目标", + "resourcesTableTheseResourcesForUseWith": "这些资源供...使用", + "resourcesTableClients": "客户端", + "resourcesTableAndOnlyAccessibleInternally": "且仅在与客户端连接时可内部访问。", + "editInternalResourceDialogEditClientResource": "编辑客户端资源", + "editInternalResourceDialogUpdateResourceProperties": "更新{resourceName}的资源属性和目标配置。", + "editInternalResourceDialogResourceProperties": "资源属性", + "editInternalResourceDialogName": "名称", + "editInternalResourceDialogProtocol": "协议", + "editInternalResourceDialogSitePort": "站点端口", + "editInternalResourceDialogTargetConfiguration": "目标配置", + "editInternalResourceDialogDestinationIP": "目标IP", + "editInternalResourceDialogDestinationPort": "目标端口", + "editInternalResourceDialogCancel": "取消", + "editInternalResourceDialogSaveResource": "保存资源", + "editInternalResourceDialogSuccess": "成功", + "editInternalResourceDialogInternalResourceUpdatedSuccessfully": "内部资源更新成功", + "editInternalResourceDialogError": "错误", + "editInternalResourceDialogFailedToUpdateInternalResource": "更新内部资源失败", + "editInternalResourceDialogNameRequired": "名称为必填项", + "editInternalResourceDialogNameMaxLength": "名称长度必须小于255个字符", + "editInternalResourceDialogProxyPortMin": "代理端口必须至少为1", + "editInternalResourceDialogProxyPortMax": "代理端口必须小于65536", + "editInternalResourceDialogInvalidIPAddressFormat": "无效的IP地址格式", + "editInternalResourceDialogDestinationPortMin": "目标端口必须至少为1", + "editInternalResourceDialogDestinationPortMax": "目标端口必须小于65536", + "createInternalResourceDialogNoSitesAvailable": "暂无可用站点", + "createInternalResourceDialogNoSitesAvailableDescription": "您需要至少配置一个子网的Newt站点来创建内部资源。", + "createInternalResourceDialogClose": "关闭", + "createInternalResourceDialogCreateClientResource": "创建客户端资源", + "createInternalResourceDialogCreateClientResourceDescription": "创建一个新资源,该资源将可供连接到所选站点的客户端访问。", + "createInternalResourceDialogResourceProperties": "资源属性", + "createInternalResourceDialogName": "名称", + "createInternalResourceDialogSite": "站点", + "createInternalResourceDialogSelectSite": "选择站点...", + "createInternalResourceDialogSearchSites": "搜索站点...", + "createInternalResourceDialogNoSitesFound": "未找到站点。", + "createInternalResourceDialogProtocol": "协议", + "createInternalResourceDialogTcp": "TCP", + "createInternalResourceDialogUdp": "UDP", + "createInternalResourceDialogSitePort": "站点端口", + "createInternalResourceDialogSitePortDescription": "使用此端口在连接到客户端时访问站点上的资源。", + "createInternalResourceDialogTargetConfiguration": "目标配置", + "createInternalResourceDialogDestinationIP": "目标IP", + "createInternalResourceDialogDestinationIPDescription": "站点网络上资源的IP地址。", + "createInternalResourceDialogDestinationPort": "目标端口", + "createInternalResourceDialogDestinationPortDescription": "资源在目标IP上可访问的端口。", + "createInternalResourceDialogCancel": "取消", + "createInternalResourceDialogCreateResource": "创建资源", + "createInternalResourceDialogSuccess": "成功", + "createInternalResourceDialogInternalResourceCreatedSuccessfully": "内部资源创建成功", + "createInternalResourceDialogError": "错误", + "createInternalResourceDialogFailedToCreateInternalResource": "创建内部资源失败", + "createInternalResourceDialogNameRequired": "名称为必填项", + "createInternalResourceDialogNameMaxLength": "名称长度必须小于255个字符", + "createInternalResourceDialogPleaseSelectSite": "请选择一个站点", + "createInternalResourceDialogProxyPortMin": "代理端口必须至少为1", + "createInternalResourceDialogProxyPortMax": "代理端口必须小于65536", + "createInternalResourceDialogInvalidIPAddressFormat": "无效的IP地址格式", + "createInternalResourceDialogDestinationPortMin": "目标端口必须至少为1", + "createInternalResourceDialogDestinationPortMax": "目标端口必须小于65536", + "siteConfiguration": "配置", + "siteAcceptClientConnections": "接受客户端连接", + "siteAcceptClientConnectionsDescription": "允许其他设备通过此Newt实例使用客户端作为网关连接。", + "siteAddress": "站点地址", + "siteAddressDescription": "指定主机的IP地址以供客户端连接。这是Pangolin网络中站点的内部地址,供客户端访问。必须在Org子网内。", + "autoLoginExternalIdp": "自动使用外部IDP登录", + "autoLoginExternalIdpDescription": "立即将用户重定向到外部IDP进行身份验证。", + "selectIdp": "选择IDP", + "selectIdpPlaceholder": "选择一个IDP...", + "selectIdpRequired": "在启用自动登录时,请选择一个IDP。", + "autoLoginTitle": "重定向中", + "autoLoginDescription": "正在将您重定向到外部身份提供商进行身份验证。", + "autoLoginProcessing": "准备身份验证...", + "autoLoginRedirecting": "重定向到登录...", + "autoLoginError": "自动登录错误", + "autoLoginErrorNoRedirectUrl": "未从身份提供商收到重定向URL。", + "autoLoginErrorGeneratingUrl": "生成身份验证URL失败。" } diff --git a/package-lock.json b/package-lock.json index 0fd527d6..b50a4836 100644 --- a/package-lock.json +++ b/package-lock.json @@ -54,7 +54,7 @@ "drizzle-orm": "0.44.4", "eslint": "9.33.0", "eslint-config-next": "15.4.6", - "express": "4.21.2", + "express": "5.1.0", "express-rate-limit": "8.0.1", "glob": "11.0.3", "helmet": "8.1.0", @@ -75,6 +75,7 @@ "npm": "^11.5.2", "oslo": "1.2.1", "pg": "^8.16.2", + "posthog-node": "^5.7.0", "qrcode.react": "4.2.0", "react": "19.1.1", "react-dom": "19.1.1", @@ -103,7 +104,7 @@ "@types/cookie-parser": "1.4.9", "@types/cors": "2.8.19", "@types/crypto-js": "^4.2.2", - "@types/express": "5.0.0", + "@types/express": "5.0.3", "@types/express-session": "^1.18.2", "@types/jmespath": "^0.15.2", "@types/js-yaml": "4.0.9", @@ -267,9 +268,9 @@ } }, "node_modules/@babel/types": { - "version": "7.28.1", - "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.28.1.tgz", - "integrity": "sha512-x0LvFTekgSX+83TI28Y9wYPUfzrnl2aT5+5QLnO6v7mSJYtEEevuDRN0F0uSHRk1G1IWZC43o00Y0xDDrpBGPQ==", + "version": "7.28.2", + "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.28.2.tgz", + "integrity": "sha512-ruv7Ae4J5dUYULmeXw1gmb7rYRz57OWCPM57pHojnLq/3Z1CK2lNSLTCVjxVk1F/TZHwOZZrOWi0ur95BbLxNQ==", "dev": true, "license": "MIT", "dependencies": { @@ -347,20 +348,20 @@ } }, "node_modules/@emnapi/core": { - "version": "1.4.4", - "resolved": "https://registry.npmjs.org/@emnapi/core/-/core-1.4.4.tgz", - "integrity": "sha512-A9CnAbC6ARNMKcIcrQwq6HeHCjpcBZ5wSx4U01WXCqEKlrzB9F9315WDNHkrs2xbx7YjjSxbUYxuN6EQzpcY2g==", + "version": "1.4.5", + "resolved": "https://registry.npmjs.org/@emnapi/core/-/core-1.4.5.tgz", + "integrity": "sha512-XsLw1dEOpkSX/WucdqUhPWP7hDxSvZiY+fsUC14h+FtQ2Ifni4znbBt8punRX+Uj2JG/uDb8nEHVKvrVlvdZ5Q==", "license": "MIT", "optional": true, "dependencies": { - "@emnapi/wasi-threads": "1.0.3", + "@emnapi/wasi-threads": "1.0.4", "tslib": "^2.4.0" } }, "node_modules/@emnapi/runtime": { - "version": "1.4.4", - "resolved": "https://registry.npmjs.org/@emnapi/runtime/-/runtime-1.4.4.tgz", - "integrity": "sha512-hHyapA4A3gPaDCNfiqyZUStTMqIkKRshqPIuDOXv1hcBnD4U3l8cP0T1HMCfGRxQ6V64TGCcoswChANyOAwbQg==", + "version": "1.4.5", + "resolved": "https://registry.npmjs.org/@emnapi/runtime/-/runtime-1.4.5.tgz", + "integrity": "sha512-++LApOtY0pEEz1zrd9vy1/zXVaVJJ/EbAF3u0fXIzPJEDtnITsBGbbK0EkM72amhl/R5b+5xx0Y/QhcVOpuulg==", "license": "MIT", "optional": true, "dependencies": { @@ -368,9 +369,9 @@ } }, "node_modules/@emnapi/wasi-threads": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/@emnapi/wasi-threads/-/wasi-threads-1.0.3.tgz", - "integrity": "sha512-8K5IFFsQqF9wQNJptGbS6FNKgUTsSRYnTqNCG1vPP8jFdjSv18n2mQfJpkt2Oibo9iBEzcDnDxNwKTzC7svlJw==", + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/@emnapi/wasi-threads/-/wasi-threads-1.0.4.tgz", + "integrity": "sha512-PJR+bOmMOPH8AtcTGAyYNiuJ3/Fcoj2XN/gBEWzDIKh254XO+mM9XoXHk5GNEhodxeMznbg7BlRojVbKN+gC6g==", "license": "MIT", "optional": true, "dependencies": { @@ -1403,31 +1404,31 @@ } }, "node_modules/@floating-ui/core": { - "version": "1.7.2", - "resolved": "https://registry.npmjs.org/@floating-ui/core/-/core-1.7.2.tgz", - "integrity": "sha512-wNB5ooIKHQc+Kui96jE/n69rHFWAVoxn5CAzL1Xdd8FG03cgY3MLO+GF9U3W737fYDSgPWA6MReKhBQBop6Pcw==", + "version": "1.7.3", + "resolved": "https://registry.npmjs.org/@floating-ui/core/-/core-1.7.3.tgz", + "integrity": "sha512-sGnvb5dmrJaKEZ+LDIpguvdX3bDlEllmv4/ClQ9awcmCZrlx5jQyyMWFM5kBI+EyNOCDDiKk8il0zeuX3Zlg/w==", "license": "MIT", "dependencies": { "@floating-ui/utils": "^0.2.10" } }, "node_modules/@floating-ui/dom": { - "version": "1.7.2", - "resolved": "https://registry.npmjs.org/@floating-ui/dom/-/dom-1.7.2.tgz", - "integrity": "sha512-7cfaOQuCS27HD7DX+6ib2OrnW+b4ZBwDNnCcT0uTyidcmyWb03FnQqJybDBoCnpdxwBSfA94UAYlRCt7mV+TbA==", + "version": "1.7.3", + "resolved": "https://registry.npmjs.org/@floating-ui/dom/-/dom-1.7.3.tgz", + "integrity": "sha512-uZA413QEpNuhtb3/iIKoYMSK07keHPYeXF02Zhd6e213j+d1NamLix/mCLxBUDW/Gx52sPH2m+chlUsyaBs/Ag==", "license": "MIT", "dependencies": { - "@floating-ui/core": "^1.7.2", + "@floating-ui/core": "^1.7.3", "@floating-ui/utils": "^0.2.10" } }, "node_modules/@floating-ui/react-dom": { - "version": "2.1.4", - "resolved": "https://registry.npmjs.org/@floating-ui/react-dom/-/react-dom-2.1.4.tgz", - "integrity": "sha512-JbbpPhp38UmXDDAu60RJmbeme37Jbgsm7NrHGgzYYFKmblzRUh6Pa641dII6LsjwF4XlScDrde2UAzDo/b9KPw==", + "version": "2.1.5", + "resolved": "https://registry.npmjs.org/@floating-ui/react-dom/-/react-dom-2.1.5.tgz", + "integrity": "sha512-HDO/1/1oH9fjj4eLgegrlH3dklZpHtUYYFiVwMUwfGvk9jWDRWqkklA2/NFScknrcNSspbV868WjXORvreDX+Q==", "license": "MIT", "dependencies": { - "@floating-ui/dom": "^1.7.2" + "@floating-ui/dom": "^1.7.3" }, "peerDependencies": { "react": ">=16.8.0", @@ -2046,9 +2047,9 @@ } }, "node_modules/@jridgewell/gen-mapping": { - "version": "0.3.12", - "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.12.tgz", - "integrity": "sha512-OuLGC46TjB5BbN1dH8JULVVZY4WTdkF7tV9Ys6wLL1rubZnCMstOhNHueU5bLCrnRuDhKPDM4g6sw4Bel5Gzqg==", + "version": "0.3.13", + "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.13.tgz", + "integrity": "sha512-2kkt/7niJ6MgEPxF0bYdQ6etZaA+fQvDcLKckhy1yIQOzaoKjBBjSj63/aLVjYE3qhRt5dvM+uUyfCg6UKCBbA==", "dev": true, "license": "MIT", "dependencies": { @@ -2078,16 +2079,16 @@ } }, "node_modules/@jridgewell/sourcemap-codec": { - "version": "1.5.4", - "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.4.tgz", - "integrity": "sha512-VT2+G1VQs/9oz078bLrYbecdZKs912zQlkelYpuf+SXF+QvZDYJlbx/LSx+meSAwdDFnF8FVXW92AVjjkVmgFw==", + "version": "1.5.5", + "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.5.tgz", + "integrity": "sha512-cYQ9310grqxueWbl+WuIUIaiUaDcj7WOq5fVhEljNVgRfOUhY9fy2zTvfoqWsnebh8Sl70VScFbICvJnLKB0Og==", "dev": true, "license": "MIT" }, "node_modules/@jridgewell/trace-mapping": { - "version": "0.3.29", - "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.29.tgz", - "integrity": "sha512-uw6guiW/gcAGPDhLmd77/6lW8QLeiV5RUTsAX46Db6oLhGaVj4lhnPwb184s1bkc8kdVg/+h988dro8GRDpmYQ==", + "version": "0.3.30", + "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.30.tgz", + "integrity": "sha512-GQ7Nw5G2lTu/BtHTKfXhKHok2WGetd4XYcVKGx00SjAk8GMwgJM3zr6zORiPGuOE+/vkc90KtTosSSvaCjKb2Q==", "dev": true, "license": "MIT", "dependencies": { @@ -2270,9 +2271,9 @@ } }, "node_modules/@noble/curves": { - "version": "1.9.2", - "resolved": "https://registry.npmjs.org/@noble/curves/-/curves-1.9.2.tgz", - "integrity": "sha512-HxngEd2XUcg9xi20JkwlLCtYwfoFw4JGkuZpT+WlsPD4gB/cxkvTD8fSsoAnphGZhFdZYKeQIPCuFlWPm1uE0g==", + "version": "1.9.6", + "resolved": "https://registry.npmjs.org/@noble/curves/-/curves-1.9.6.tgz", + "integrity": "sha512-GIKz/j99FRthB8icyJQA51E8Uk5hXmdyThjgQXRKiv9h0zeRlzSCLIzFw6K1LotZ3XuB7yzlf76qk7uBmTdFqA==", "dev": true, "license": "MIT", "dependencies": { @@ -2924,63 +2925,69 @@ "license": "MIT" }, "node_modules/@peculiar/asn1-android": { - "version": "2.3.16", - "resolved": "https://registry.npmjs.org/@peculiar/asn1-android/-/asn1-android-2.3.16.tgz", - "integrity": "sha512-a1viIv3bIahXNssrOIkXZIlI2ePpZaNmR30d4aBL99mu2rO+mT9D6zBsp7H6eROWGtmwv0Ionp5olJurIo09dw==", + "version": "2.4.0", + "resolved": "https://registry.npmjs.org/@peculiar/asn1-android/-/asn1-android-2.4.0.tgz", + "integrity": "sha512-YFueREq97CLslZZBI8dKzis7jMfEHSLxM+nr0Zdx1POiXFLjqqwoY5s0F1UimdBiEw/iKlHey2m56MRDv7Jtyg==", "license": "MIT", "dependencies": { - "@peculiar/asn1-schema": "^2.3.15", - "asn1js": "^3.0.5", + "@peculiar/asn1-schema": "^2.4.0", + "asn1js": "^3.0.6", "tslib": "^2.8.1" } }, "node_modules/@peculiar/asn1-ecc": { - "version": "2.3.15", - "resolved": "https://registry.npmjs.org/@peculiar/asn1-ecc/-/asn1-ecc-2.3.15.tgz", - "integrity": "sha512-/HtR91dvgog7z/WhCVdxZJ/jitJuIu8iTqiyWVgRE9Ac5imt2sT/E4obqIVGKQw7PIy+X6i8lVBoT6wC73XUgA==", + "version": "2.4.0", + "resolved": "https://registry.npmjs.org/@peculiar/asn1-ecc/-/asn1-ecc-2.4.0.tgz", + "integrity": "sha512-fJiYUBCJBDkjh347zZe5H81BdJ0+OGIg0X9z06v8xXUoql3MFeENUX0JsjCaVaU9A0L85PefLPGYkIoGpTnXLQ==", "license": "MIT", "dependencies": { - "@peculiar/asn1-schema": "^2.3.15", - "@peculiar/asn1-x509": "^2.3.15", - "asn1js": "^3.0.5", + "@peculiar/asn1-schema": "^2.4.0", + "@peculiar/asn1-x509": "^2.4.0", + "asn1js": "^3.0.6", "tslib": "^2.8.1" } }, "node_modules/@peculiar/asn1-rsa": { - "version": "2.3.15", - "resolved": "https://registry.npmjs.org/@peculiar/asn1-rsa/-/asn1-rsa-2.3.15.tgz", - "integrity": "sha512-p6hsanvPhexRtYSOHihLvUUgrJ8y0FtOM97N5UEpC+VifFYyZa0iZ5cXjTkZoDwxJ/TTJ1IJo3HVTB2JJTpXvg==", + "version": "2.4.0", + "resolved": "https://registry.npmjs.org/@peculiar/asn1-rsa/-/asn1-rsa-2.4.0.tgz", + "integrity": "sha512-6PP75voaEnOSlWR9sD25iCQyLgFZHXbmxvUfnnDcfL6Zh5h2iHW38+bve4LfH7a60x7fkhZZNmiYqAlAff9Img==", "license": "MIT", "dependencies": { - "@peculiar/asn1-schema": "^2.3.15", - "@peculiar/asn1-x509": "^2.3.15", - "asn1js": "^3.0.5", + "@peculiar/asn1-schema": "^2.4.0", + "@peculiar/asn1-x509": "^2.4.0", + "asn1js": "^3.0.6", "tslib": "^2.8.1" } }, "node_modules/@peculiar/asn1-schema": { - "version": "2.3.15", - "resolved": "https://registry.npmjs.org/@peculiar/asn1-schema/-/asn1-schema-2.3.15.tgz", - "integrity": "sha512-QPeD8UA8axQREpgR5UTAfu2mqQmm97oUqahDtNdBcfj3qAnoXzFdQW+aNf/tD2WVXF8Fhmftxoj0eMIT++gX2w==", + "version": "2.4.0", + "resolved": "https://registry.npmjs.org/@peculiar/asn1-schema/-/asn1-schema-2.4.0.tgz", + "integrity": "sha512-umbembjIWOrPSOzEGG5vxFLkeM8kzIhLkgigtsOrfLKnuzxWxejAcUX+q/SoZCdemlODOcr5WiYa7+dIEzBXZQ==", "license": "MIT", "dependencies": { - "asn1js": "^3.0.5", + "asn1js": "^3.0.6", "pvtsutils": "^1.3.6", "tslib": "^2.8.1" } }, "node_modules/@peculiar/asn1-x509": { - "version": "2.3.15", - "resolved": "https://registry.npmjs.org/@peculiar/asn1-x509/-/asn1-x509-2.3.15.tgz", - "integrity": "sha512-0dK5xqTqSLaxv1FHXIcd4Q/BZNuopg+u1l23hT9rOmQ1g4dNtw0g/RnEi+TboB0gOwGtrWn269v27cMgchFIIg==", + "version": "2.4.0", + "resolved": "https://registry.npmjs.org/@peculiar/asn1-x509/-/asn1-x509-2.4.0.tgz", + "integrity": "sha512-F7mIZY2Eao2TaoVqigGMLv+NDdpwuBKU1fucHPONfzaBS4JXXCNCmfO0Z3dsy7JzKGqtDcYC1mr9JjaZQZNiuw==", "license": "MIT", "dependencies": { - "@peculiar/asn1-schema": "^2.3.15", - "asn1js": "^3.0.5", + "@peculiar/asn1-schema": "^2.4.0", + "asn1js": "^3.0.6", "pvtsutils": "^1.3.6", "tslib": "^2.8.1" } }, + "node_modules/@posthog/core": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@posthog/core/-/core-1.0.0.tgz", + "integrity": "sha512-gquQld+duT9DdzLIFoHZkUMW0DZOTSLCtSjuuC/zKFz65Qecbz9p37DHBJMkw0dCuB8Mgh2GtH8Ag3PznJrP3g==", + "license": "MIT" + }, "node_modules/@radix-ui/number": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/@radix-ui/number/-/number-1.1.1.tgz", @@ -4880,15 +4887,14 @@ "license": "MIT" }, "node_modules/@types/express": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/@types/express/-/express-5.0.0.tgz", - "integrity": "sha512-DvZriSMehGHL1ZNLzi6MidnsDhUZM/x2pRdDIKdwbUNqqwHxMlRdkxtn6/EPKyqKpHqTl/4nRZsRNLpZxZRpPQ==", + "version": "5.0.3", + "resolved": "https://registry.npmjs.org/@types/express/-/express-5.0.3.tgz", + "integrity": "sha512-wGA0NX93b19/dZC1J18tKWVIYWyyF2ZjT9vin/NRu0qzzvfVzWjs04iq2rQ3H65vCTQYlRqs3YHfY7zjdV+9Kw==", "dev": true, "license": "MIT", "dependencies": { "@types/body-parser": "*", "@types/express-serve-static-core": "^5.0.0", - "@types/qs": "*", "@types/serve-static": "*" } }, @@ -5637,13 +5643,13 @@ ] }, "node_modules/accepts": { - "version": "1.3.8", - "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz", - "integrity": "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==", + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/accepts/-/accepts-2.0.0.tgz", + "integrity": "sha512-5cvg6CtKwfgdmVqY1WIiXKc3Q1bkRqGLi+2W/6ao+6Y7gu/RCwRuAhGEzh5B4KlszSuTLgZYuqFqo5bImjNKng==", "license": "MIT", "dependencies": { - "mime-types": "~2.1.34", - "negotiator": "0.6.3" + "mime-types": "^3.0.0", + "negotiator": "^1.0.0" }, "engines": { "node": ">= 0.6" @@ -5794,12 +5800,6 @@ "url": "https://github.com/sponsors/ljharb" } }, - "node_modules/array-flatten": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", - "integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg==", - "license": "MIT" - }, "node_modules/array-includes": { "version": "3.1.9", "resolved": "https://registry.npmjs.org/array-includes/-/array-includes-3.1.9.tgz", @@ -6124,44 +6124,25 @@ } }, "node_modules/body-parser": { - "version": "1.20.3", - "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.3.tgz", - "integrity": "sha512-7rAxByjUMqQ3/bHJy7D6OGXvx/MMc4IqBn/X0fcM1QUcAItpZrBEYhWGem+tzXH90c+G01ypMcYJBO9Y30203g==", + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-2.2.0.tgz", + "integrity": "sha512-02qvAaxv8tp7fBa/mw1ga98OGm+eCbqzJOKoRt70sLmfEEi+jyBYVTDGfCL/k06/4EMk/z01gCe7HoCH/f2LTg==", "license": "MIT", "dependencies": { - "bytes": "3.1.2", - "content-type": "~1.0.5", - "debug": "2.6.9", - "depd": "2.0.0", - "destroy": "1.2.0", - "http-errors": "2.0.0", - "iconv-lite": "0.4.24", - "on-finished": "2.4.1", - "qs": "6.13.0", - "raw-body": "2.5.2", - "type-is": "~1.6.18", - "unpipe": "1.0.0" + "bytes": "^3.1.2", + "content-type": "^1.0.5", + "debug": "^4.4.0", + "http-errors": "^2.0.0", + "iconv-lite": "^0.6.3", + "on-finished": "^2.4.1", + "qs": "^6.14.0", + "raw-body": "^3.0.0", + "type-is": "^2.0.0" }, "engines": { - "node": ">= 0.8", - "npm": "1.2.8000 || >= 1.4.16" + "node": ">=18" } }, - "node_modules/body-parser/node_modules/debug": { - "version": "2.6.9", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", - "license": "MIT", - "dependencies": { - "ms": "2.0.0" - } - }, - "node_modules/body-parser/node_modules/ms": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", - "license": "MIT" - }, "node_modules/brace-expansion": { "version": "1.1.12", "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz", @@ -6287,9 +6268,9 @@ } }, "node_modules/caniuse-lite": { - "version": "1.0.30001727", - "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001727.tgz", - "integrity": "sha512-pB68nIHmbN6L/4C6MH1DokyR3bYqFwjaSs/sWDHGj4CTcFtQUQMuJftVwWkXq7mNWOybD3KhUv3oWHoGxgP14Q==", + "version": "1.0.30001734", + "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001734.tgz", + "integrity": "sha512-uhE1Ye5vgqju6OI71HTQqcBCZrvHugk0MjLak7Q+HfoBgoq5Bi+5YnwjP4fjDgrtYr/l8MVRBvzz9dPD4KyK0A==", "funding": [ { "type": "opencollective", @@ -6638,9 +6619,9 @@ } }, "node_modules/content-disposition": { - "version": "0.5.4", - "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz", - "integrity": "sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==", + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-1.0.0.tgz", + "integrity": "sha512-Au9nRL8VNUut/XSzbQA38+M78dzP4D+eqg3gfJHMIHHYa3bg067xj1KxMUWj+VULbiZMowKngFFbKczUrNJ1mg==", "license": "MIT", "dependencies": { "safe-buffer": "5.2.1" @@ -6991,16 +6972,6 @@ "node": ">= 0.8" } }, - "node_modules/destroy": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz", - "integrity": "sha512-2sJGJTaXIIaR1w4iJSNoN0hnMY7Gpc/n8D4qSCJw8QqFWXf7cuAgnEHxBpweaVcPevC2l3KpjYCx3NypQQgaJg==", - "license": "MIT", - "engines": { - "node": ">= 0.8", - "npm": "1.2.8000 || >= 1.4.16" - } - }, "node_modules/detect-libc": { "version": "2.0.4", "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-2.0.4.tgz", @@ -7364,6 +7335,20 @@ "node": ">=10.0.0" } }, + "node_modules/engine.io/node_modules/accepts": { + "version": "1.3.8", + "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz", + "integrity": "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==", + "dev": true, + "license": "MIT", + "dependencies": { + "mime-types": "~2.1.34", + "negotiator": "0.6.3" + }, + "engines": { + "node": ">= 0.6" + } + }, "node_modules/engine.io/node_modules/cookie": { "version": "0.7.2", "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz", @@ -7392,6 +7377,39 @@ } } }, + "node_modules/engine.io/node_modules/mime-db": { + "version": "1.52.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/engine.io/node_modules/mime-types": { + "version": "2.1.35", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", + "dev": true, + "license": "MIT", + "dependencies": { + "mime-db": "1.52.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/engine.io/node_modules/negotiator": { + "version": "0.6.3", + "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz", + "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, "node_modules/engine.io/node_modules/ws": { "version": "8.17.1", "resolved": "https://registry.npmjs.org/ws/-/ws-8.17.1.tgz", @@ -8154,45 +8172,41 @@ } }, "node_modules/express": { - "version": "4.21.2", - "resolved": "https://registry.npmjs.org/express/-/express-4.21.2.tgz", - "integrity": "sha512-28HqgMZAmih1Czt9ny7qr6ek2qddF4FclbMzwhCREB6OFfH+rXAnuNCwo1/wFvrtbgsQDb4kSbX9de9lFbrXnA==", + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/express/-/express-5.1.0.tgz", + "integrity": "sha512-DT9ck5YIRU+8GYzzU5kT3eHGA5iL+1Zd0EutOmTE9Dtk+Tvuzd23VBU+ec7HPNSTxXYO55gPV/hq4pSBJDjFpA==", "license": "MIT", "dependencies": { - "accepts": "~1.3.8", - "array-flatten": "1.1.1", - "body-parser": "1.20.3", - "content-disposition": "0.5.4", - "content-type": "~1.0.4", - "cookie": "0.7.1", - "cookie-signature": "1.0.6", - "debug": "2.6.9", - "depd": "2.0.0", - "encodeurl": "~2.0.0", - "escape-html": "~1.0.3", - "etag": "~1.8.1", - "finalhandler": "1.3.1", - "fresh": "0.5.2", - "http-errors": "2.0.0", - "merge-descriptors": "1.0.3", - "methods": "~1.1.2", - "on-finished": "2.4.1", - "parseurl": "~1.3.3", - "path-to-regexp": "0.1.12", - "proxy-addr": "~2.0.7", - "qs": "6.13.0", - "range-parser": "~1.2.1", - "safe-buffer": "5.2.1", - "send": "0.19.0", - "serve-static": "1.16.2", - "setprototypeof": "1.2.0", - "statuses": "2.0.1", - "type-is": "~1.6.18", - "utils-merge": "1.0.1", - "vary": "~1.1.2" + "accepts": "^2.0.0", + "body-parser": "^2.2.0", + "content-disposition": "^1.0.0", + "content-type": "^1.0.5", + "cookie": "^0.7.1", + "cookie-signature": "^1.2.1", + "debug": "^4.4.0", + "encodeurl": "^2.0.0", + "escape-html": "^1.0.3", + "etag": "^1.8.1", + "finalhandler": "^2.1.0", + "fresh": "^2.0.0", + "http-errors": "^2.0.0", + "merge-descriptors": "^2.0.0", + "mime-types": "^3.0.0", + "on-finished": "^2.4.1", + "once": "^1.4.0", + "parseurl": "^1.3.3", + "proxy-addr": "^2.0.7", + "qs": "^6.14.0", + "range-parser": "^1.2.1", + "router": "^2.2.0", + "send": "^1.1.0", + "serve-static": "^2.2.0", + "statuses": "^2.0.1", + "type-is": "^2.0.1", + "vary": "^1.1.2" }, "engines": { - "node": ">= 0.10.0" + "node": ">= 18" }, "funding": { "type": "opencollective", @@ -8218,29 +8232,23 @@ } }, "node_modules/express/node_modules/cookie": { - "version": "0.7.1", - "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.1.tgz", - "integrity": "sha512-6DnInpx7SJ2AK3+CTUE/ZM0vWTUboZCegxhC2xiIydHR9jNuTAASBrfEpHhiGOZw/nX51bHt6YQl8jsGo4y/0w==", + "version": "0.7.2", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz", + "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==", "license": "MIT", "engines": { "node": ">= 0.6" } }, - "node_modules/express/node_modules/debug": { - "version": "2.6.9", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "node_modules/express/node_modules/cookie-signature": { + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.2.2.tgz", + "integrity": "sha512-D76uU73ulSXrD1UXF4KE2TMxVVwhsnCgfAyTg9k8P6KGZjlXKrOLe4dJQKI3Bxi5wjesZoFXJWElNWBjPZMbhg==", "license": "MIT", - "dependencies": { - "ms": "2.0.0" + "engines": { + "node": ">=6.6.0" } }, - "node_modules/express/node_modules/ms": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", - "license": "MIT" - }, "node_modules/exsolve": { "version": "1.0.7", "resolved": "https://registry.npmjs.org/exsolve/-/exsolve-1.0.7.tgz", @@ -8386,38 +8394,22 @@ } }, "node_modules/finalhandler": { - "version": "1.3.1", - "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.3.1.tgz", - "integrity": "sha512-6BN9trH7bp3qvnrRyzsBz+g3lZxTNZTbVO2EV1CS0WIcDbawYVdYvGflME/9QP0h0pYlCDBCTjYa9nZzMDpyxQ==", + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-2.1.0.tgz", + "integrity": "sha512-/t88Ty3d5JWQbWYgaOGCCYfXRwV1+be02WqYYlL6h0lEiUAMPM8o8qKGO01YIkOHzka2up08wvgYD0mDiI+q3Q==", "license": "MIT", "dependencies": { - "debug": "2.6.9", - "encodeurl": "~2.0.0", - "escape-html": "~1.0.3", - "on-finished": "2.4.1", - "parseurl": "~1.3.3", - "statuses": "2.0.1", - "unpipe": "~1.0.0" + "debug": "^4.4.0", + "encodeurl": "^2.0.0", + "escape-html": "^1.0.3", + "on-finished": "^2.4.1", + "parseurl": "^1.3.3", + "statuses": "^2.0.1" }, "engines": { "node": ">= 0.8" } }, - "node_modules/finalhandler/node_modules/debug": { - "version": "2.6.9", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", - "license": "MIT", - "dependencies": { - "ms": "2.0.0" - } - }, - "node_modules/finalhandler/node_modules/ms": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", - "license": "MIT" - }, "node_modules/find-up": { "version": "5.0.0", "resolved": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz", @@ -8460,9 +8452,9 @@ "license": "MIT" }, "node_modules/follow-redirects": { - "version": "1.15.9", - "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.9.tgz", - "integrity": "sha512-gew4GsXizNgdoRyqmyfMHyAmXsZDk6mHkSxZFCzW9gwlbtOW44CDtYavM+y+72qD/Vq2l550kMF52DT8fOLJqQ==", + "version": "1.15.11", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.11.tgz", + "integrity": "sha512-deG2P0JfjrTxl50XGCDyfI97ZGVCxIpfKYmfyrQ54n5FO/0gfIES8C/Psl6kWVDolizcaaxZJnTS0QSMxvnsBQ==", "funding": [ { "type": "individual", @@ -8538,6 +8530,27 @@ "node": ">= 6" } }, + "node_modules/form-data/node_modules/mime-db": { + "version": "1.52.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/form-data/node_modules/mime-types": { + "version": "2.1.35", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", + "license": "MIT", + "dependencies": { + "mime-db": "1.52.0" + }, + "engines": { + "node": ">= 0.6" + } + }, "node_modules/formdata-polyfill": { "version": "4.0.10", "resolved": "https://registry.npmjs.org/formdata-polyfill/-/formdata-polyfill-4.0.10.tgz", @@ -8560,12 +8573,12 @@ } }, "node_modules/fresh": { - "version": "0.5.2", - "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", - "integrity": "sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q==", + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/fresh/-/fresh-2.0.0.tgz", + "integrity": "sha512-Rx/WycZ60HOaqLKAi6cHRKKI7zxWbJ31MhntmtwMoaTeF7XFH9hhBp8vITaMidfljRQ6eYWCKkaTK+ykVJHP2A==", "license": "MIT", "engines": { - "node": ">= 0.6" + "node": ">= 0.8" } }, "node_modules/fs-constants": { @@ -8575,9 +8588,9 @@ "license": "MIT" }, "node_modules/fs-monkey": { - "version": "1.0.6", - "resolved": "https://registry.npmjs.org/fs-monkey/-/fs-monkey-1.0.6.tgz", - "integrity": "sha512-b1FMfwetIKymC0eioW7mTywihSQE4oLzQn1dB6rZB5fx/3NpNEdAWeCSMB+60/AeT0TCXsxzAlcYVEFCTAksWg==", + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/fs-monkey/-/fs-monkey-1.1.0.tgz", + "integrity": "sha512-QMUezzXWII9EV5aTFXW1UBVUO77wYPpjqIF8/AviUCThNeSYZykpoTixUeaNNBwmCev0AMDWMAni+f8Hxb1IFw==", "license": "Unlicense", "optional": true }, @@ -9020,6 +9033,15 @@ "node": ">= 0.8" } }, + "node_modules/http-errors/node_modules/statuses": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", + "integrity": "sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, "node_modules/human-signals": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/human-signals/-/human-signals-2.1.0.tgz", @@ -9039,12 +9061,12 @@ } }, "node_modules/iconv-lite": { - "version": "0.4.24", - "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", - "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==", + "version": "0.6.3", + "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz", + "integrity": "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==", "license": "MIT", "dependencies": { - "safer-buffer": ">= 2.1.2 < 3" + "safer-buffer": ">= 2.1.2 < 3.0.0" }, "engines": { "node": ">=0.10.0" @@ -9450,6 +9472,12 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/is-promise": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/is-promise/-/is-promise-4.0.0.tgz", + "integrity": "sha512-hvpoI6korhJMnej285dSg6nu1+e6uxs7zG3BYAm5byqDsgJNWwxzM6z6iZiAgQR4TJ30JmBTOwqZUw3WlyH3AQ==", + "license": "MIT" + }, "node_modules/is-regex": { "version": "1.2.1", "resolved": "https://registry.npmjs.org/is-regex/-/is-regex-1.2.1.tgz", @@ -9660,11 +9688,12 @@ } }, "node_modules/jiti": { - "version": "2.4.2", - "resolved": "https://registry.npmjs.org/jiti/-/jiti-2.4.2.tgz", - "integrity": "sha512-rg9zJN+G4n2nfJl5MW3BMygZX56zKPNVEYYqq7adpmMh4Jn2QNEwhvQlFy6jPVdcod7txZtKHWnyZiA3a0zP7A==", - "devOptional": true, + "version": "2.5.1", + "resolved": "https://registry.npmjs.org/jiti/-/jiti-2.5.1.tgz", + "integrity": "sha512-twQoecYPiVA5K/h6SxtORw/Bs3ar+mLUtoPSc7iMXzQzK8d7eJ/R09wmTwAjiamETn1cXYPGfNnu7DMoHgu12w==", "license": "MIT", + "optional": true, + "peer": true, "bin": { "jiti": "lib/jiti-cli.mjs" } @@ -10284,12 +10313,12 @@ } }, "node_modules/media-typer": { - "version": "0.3.0", - "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", - "integrity": "sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ==", + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-1.1.0.tgz", + "integrity": "sha512-aisnrDP4GNe06UcKFnV5bfMNPBUw4jsLGaWwWfnH3v02GnBuXX2MCVn5RbrWo0j3pczUilYblq7fQ7Nw2t5XKw==", "license": "MIT", "engines": { - "node": ">= 0.6" + "node": ">= 0.8" } }, "node_modules/memfs": { @@ -10316,10 +10345,13 @@ } }, "node_modules/merge-descriptors": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.3.tgz", - "integrity": "sha512-gaNvAS7TZ897/rVaZ0nMtAyxNyi/pdbjbAwUpFQpN70GqnVfOiXpeUUMKRBmzXaSQ8DdTX4/0ms62r2K+hE6mQ==", + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-2.0.0.tgz", + "integrity": "sha512-Snk314V5ayFLhp3fkUREub6WtjBfPdCPY1Ln8/8munuLuiYhsABgBVWsozAG+MWMbVEvcdcpbi9R7ww22l9Q3g==", "license": "MIT", + "engines": { + "node": ">=18" + }, "funding": { "url": "https://github.com/sponsors/sindresorhus" } @@ -10340,15 +10372,6 @@ "node": ">= 8" } }, - "node_modules/methods": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", - "integrity": "sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==", - "license": "MIT", - "engines": { - "node": ">= 0.6" - } - }, "node_modules/micromatch": { "version": "4.0.8", "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz", @@ -10374,34 +10397,22 @@ "url": "https://github.com/sponsors/jonschlinkert" } }, - "node_modules/mime": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", - "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==", - "license": "MIT", - "bin": { - "mime": "cli.js" - }, - "engines": { - "node": ">=4" - } - }, "node_modules/mime-db": { - "version": "1.52.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", - "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", + "version": "1.54.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.54.0.tgz", + "integrity": "sha512-aU5EJuIN2WDemCcAp2vFBfp/m4EAhWJnUNSSw0ixs7/kXbd6Pg64EmwJkNdFhB8aWt1sH2CTXrLxo/iAGV3oPQ==", "license": "MIT", "engines": { "node": ">= 0.6" } }, "node_modules/mime-types": { - "version": "2.1.35", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", - "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-3.0.1.tgz", + "integrity": "sha512-xRc4oEhT6eaBpU1XF7AjpOFD+xQmXNB5OVKwp4tqCuBpHLS/ZbBDrc07mYTDqVMg6PfxUjjNp85O6Cd2Z/5HWA==", "license": "MIT", "dependencies": { - "mime-db": "1.52.0" + "mime-db": "^1.54.0" }, "engines": { "node": ">= 0.6" @@ -10570,9 +10581,9 @@ "license": "MIT" }, "node_modules/napi-postinstall": { - "version": "0.3.0", - "resolved": "https://registry.npmjs.org/napi-postinstall/-/napi-postinstall-0.3.0.tgz", - "integrity": "sha512-M7NqKyhODKV1gRLdkwE7pDsZP2/SC2a2vHkOYh9MCpKMbWVfyVfUw5MaH83Fv6XMjxr5jryUp3IDDL9rlxsTeA==", + "version": "0.3.3", + "resolved": "https://registry.npmjs.org/napi-postinstall/-/napi-postinstall-0.3.3.tgz", + "integrity": "sha512-uTp172LLXSxuSYHv/kou+f6KW3SMppU9ivthaVTXian9sOt3XM/zHYHpRZiLgQoxeWfYUnslNWQHF1+G71xcow==", "license": "MIT", "bin": { "napi-postinstall": "lib/cli.js" @@ -10591,9 +10602,9 @@ "license": "MIT" }, "node_modules/negotiator": { - "version": "0.6.3", - "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz", - "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==", + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-1.0.0.tgz", + "integrity": "sha512-8Ofs/AUQh8MaEcrlq5xOX0CQ9ypTF5dl78mjlMNfOK08fzpgTHQRQPBxcPlEtIw0yRpws+Zo/3r+5WRby7u3Gg==", "license": "MIT", "engines": { "node": ">= 0.6" @@ -10678,15 +10689,6 @@ } } }, - "node_modules/next-intl/node_modules/negotiator": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-1.0.0.tgz", - "integrity": "sha512-8Ofs/AUQh8MaEcrlq5xOX0CQ9ypTF5dl78mjlMNfOK08fzpgTHQRQPBxcPlEtIw0yRpws+Zo/3r+5WRby7u3Gg==", - "license": "MIT", - "engines": { - "node": ">= 0.6" - } - }, "node_modules/next-themes": { "version": "0.4.6", "resolved": "https://registry.npmjs.org/next-themes/-/next-themes-0.4.6.tgz", @@ -13543,9 +13545,9 @@ } }, "node_modules/ora/node_modules/chalk": { - "version": "5.4.1", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-5.4.1.tgz", - "integrity": "sha512-zgVZuo2WcZgfUEmsn6eO3kINexW8RAE4maiQ8QNs8CtpPCSyMiYsULR3HQYkm3w8FIA3SberyMJMSldGsW+U3w==", + "version": "5.5.0", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-5.5.0.tgz", + "integrity": "sha512-1tm8DTaJhPBG3bIkVeZt1iZM9GfSX2lzOeDVZH9R9ffRHpmHvxZ/QhgQH/aDTkswQVt+YHdXAdS/In/30OjCbg==", "dev": true, "license": "MIT", "engines": { @@ -14031,10 +14033,13 @@ } }, "node_modules/path-to-regexp": { - "version": "0.1.12", - "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.12.tgz", - "integrity": "sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ==", - "license": "MIT" + "version": "8.2.0", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.2.0.tgz", + "integrity": "sha512-TdrF7fW9Rphjq4RjrW0Kp2AW0Ahwu9sRGTkS6bvDi0SCwZlEZYmcfDbEsTz8RVk0EHIS/Vd1bv3JhG+1xZuAyQ==", + "license": "MIT", + "engines": { + "node": ">=16" + } }, "node_modules/path-type": { "version": "4.0.0", @@ -14271,6 +14276,18 @@ "node": ">=0.10.0" } }, + "node_modules/posthog-node": { + "version": "5.7.0", + "resolved": "https://registry.npmjs.org/posthog-node/-/posthog-node-5.7.0.tgz", + "integrity": "sha512-6J1AIZWtbr2lEbZOO2AzO/h1FPJjUZM4KWcdaL2UQw7FY8J7VNaH3NiaRockASFmglpID7zEY25gV/YwCtuXjg==", + "license": "MIT", + "dependencies": { + "@posthog/core": "1.0.0" + }, + "engines": { + "node": ">=20" + } + }, "node_modules/prebuild-install": { "version": "7.1.3", "resolved": "https://registry.npmjs.org/prebuild-install/-/prebuild-install-7.1.3.tgz", @@ -14421,12 +14438,12 @@ } }, "node_modules/qs": { - "version": "6.13.0", - "resolved": "https://registry.npmjs.org/qs/-/qs-6.13.0.tgz", - "integrity": "sha512-+38qI9SOr8tfZ4QmJNplMUxqjbe7LKvvZgWdExBOmd+egZTtjLB67Gu0HRX3u/XOq7UU2Nx6nsjvS16Z9uwfpg==", + "version": "6.14.0", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.0.tgz", + "integrity": "sha512-YWWTjgABSKcvs/nWBi9PycY/JiPJqOD4JA6o9Sej2AtvSGarXxKC3OQSk4pAarbdQlKAh5D4FCQkJNkW+GAn3w==", "license": "BSD-3-Clause", "dependencies": { - "side-channel": "^1.0.6" + "side-channel": "^1.1.0" }, "engines": { "node": ">=0.6" @@ -14475,14 +14492,14 @@ } }, "node_modules/raw-body": { - "version": "2.5.2", - "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz", - "integrity": "sha512-8zGqypfENjCIqGhgXToC8aB2r7YrBX+AQAfIPs/Mlk+BtPTztOvTS01NRW/3Eh60J+a48lt8qsCzirQ6loCVfA==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-3.0.0.tgz", + "integrity": "sha512-RmkhL8CAyCRPXCE28MMH0z2PNWQBNk2Q09ZdxM9IOOXwxwZbN+qbWaatPkdkWIKL2ZVDImrN/pK5HTRz2PcS4g==", "license": "MIT", "dependencies": { "bytes": "3.1.2", "http-errors": "2.0.0", - "iconv-lite": "0.4.24", + "iconv-lite": "0.6.3", "unpipe": "1.0.0" }, "engines": { @@ -14590,9 +14607,9 @@ } }, "node_modules/react-email/node_modules/chalk": { - "version": "5.4.1", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-5.4.1.tgz", - "integrity": "sha512-zgVZuo2WcZgfUEmsn6eO3kINexW8RAE4maiQ8QNs8CtpPCSyMiYsULR3HQYkm3w8FIA3SberyMJMSldGsW+U3w==", + "version": "5.5.0", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-5.5.0.tgz", + "integrity": "sha512-1tm8DTaJhPBG3bIkVeZt1iZM9GfSX2lzOeDVZH9R9ffRHpmHvxZ/QhgQH/aDTkswQVt+YHdXAdS/In/30OjCbg==", "dev": true, "license": "MIT", "engines": { @@ -14612,6 +14629,16 @@ "node": ">=18" } }, + "node_modules/react-email/node_modules/jiti": { + "version": "2.4.2", + "resolved": "https://registry.npmjs.org/jiti/-/jiti-2.4.2.tgz", + "integrity": "sha512-rg9zJN+G4n2nfJl5MW3BMygZX56zKPNVEYYqq7adpmMh4Jn2QNEwhvQlFy6jPVdcod7txZtKHWnyZiA3a0zP7A==", + "dev": true, + "license": "MIT", + "bin": { + "jiti": "lib/jiti-cli.mjs" + } + }, "node_modules/react-email/node_modules/json5": { "version": "2.2.3", "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz", @@ -14625,29 +14652,6 @@ "node": ">=6" } }, - "node_modules/react-email/node_modules/mime-db": { - "version": "1.54.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.54.0.tgz", - "integrity": "sha512-aU5EJuIN2WDemCcAp2vFBfp/m4EAhWJnUNSSw0ixs7/kXbd6Pg64EmwJkNdFhB8aWt1sH2CTXrLxo/iAGV3oPQ==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/react-email/node_modules/mime-types": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-3.0.1.tgz", - "integrity": "sha512-xRc4oEhT6eaBpU1XF7AjpOFD+xQmXNB5OVKwp4tqCuBpHLS/ZbBDrc07mYTDqVMg6PfxUjjNp85O6Cd2Z/5HWA==", - "dev": true, - "license": "MIT", - "dependencies": { - "mime-db": "^1.54.0" - }, - "engines": { - "node": ">= 0.6" - } - }, "node_modules/react-email/node_modules/tsconfig-paths": { "version": "4.2.0", "resolved": "https://registry.npmjs.org/tsconfig-paths/-/tsconfig-paths-4.2.0.tgz", @@ -14956,6 +14960,22 @@ "node": ">=0.10.0" } }, + "node_modules/router": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/router/-/router-2.2.0.tgz", + "integrity": "sha512-nLTrUKm2UyiL7rlhapu/Zl45FwNgkZGaCpZbIHajDYgwlJCOzLSk+cIPAnsEqV955GjILJnKbdQC1nVPz+gAYQ==", + "license": "MIT", + "dependencies": { + "debug": "^4.4.0", + "depd": "^2.0.0", + "is-promise": "^4.0.0", + "parseurl": "^1.3.3", + "path-to-regexp": "^8.0.0" + }, + "engines": { + "node": ">= 18" + } + }, "node_modules/run-parallel": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", @@ -15097,66 +15117,40 @@ } }, "node_modules/send": { - "version": "0.19.0", - "resolved": "https://registry.npmjs.org/send/-/send-0.19.0.tgz", - "integrity": "sha512-dW41u5VfLXu8SJh5bwRmyYUbAoSB3c9uQh6L8h/KtsFREPWpbX1lrljJo186Jc4nmci/sGUZ9a0a0J2zgfq2hw==", + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/send/-/send-1.2.0.tgz", + "integrity": "sha512-uaW0WwXKpL9blXE2o0bRhoL2EGXIrZxQ2ZQ4mgcfoBxdFmQold+qWsD2jLrfZ0trjKL6vOw0j//eAwcALFjKSw==", "license": "MIT", "dependencies": { - "debug": "2.6.9", - "depd": "2.0.0", - "destroy": "1.2.0", - "encodeurl": "~1.0.2", - "escape-html": "~1.0.3", - "etag": "~1.8.1", - "fresh": "0.5.2", - "http-errors": "2.0.0", - "mime": "1.6.0", - "ms": "2.1.3", - "on-finished": "2.4.1", - "range-parser": "~1.2.1", - "statuses": "2.0.1" + "debug": "^4.3.5", + "encodeurl": "^2.0.0", + "escape-html": "^1.0.3", + "etag": "^1.8.1", + "fresh": "^2.0.0", + "http-errors": "^2.0.0", + "mime-types": "^3.0.1", + "ms": "^2.1.3", + "on-finished": "^2.4.1", + "range-parser": "^1.2.1", + "statuses": "^2.0.1" }, "engines": { - "node": ">= 0.8.0" - } - }, - "node_modules/send/node_modules/debug": { - "version": "2.6.9", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", - "license": "MIT", - "dependencies": { - "ms": "2.0.0" - } - }, - "node_modules/send/node_modules/debug/node_modules/ms": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", - "license": "MIT" - }, - "node_modules/send/node_modules/encodeurl": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz", - "integrity": "sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w==", - "license": "MIT", - "engines": { - "node": ">= 0.8" + "node": ">= 18" } }, "node_modules/serve-static": { - "version": "1.16.2", - "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.16.2.tgz", - "integrity": "sha512-VqpjJZKadQB/PEbEwvFdO43Ax5dFBZ2UECszz8bQ7pi7wt//PWe1P6MN7eCnjsatYtBT6EuiClbjSWP2WrIoTw==", + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-2.2.0.tgz", + "integrity": "sha512-61g9pCh0Vnh7IutZjtLGGpTA355+OPn2TyDv/6ivP2h/AdAVX9azsoxmg2/M6nZeQZNYBEwIcsne1mJd9oQItQ==", "license": "MIT", "dependencies": { - "encodeurl": "~2.0.0", - "escape-html": "~1.0.3", - "parseurl": "~1.3.3", - "send": "0.19.0" + "encodeurl": "^2.0.0", + "escape-html": "^1.0.3", + "parseurl": "^1.3.3", + "send": "^1.2.0" }, "engines": { - "node": ">= 0.8.0" + "node": ">= 18" } }, "node_modules/set-function-length": { @@ -15527,6 +15521,20 @@ } } }, + "node_modules/socket.io/node_modules/accepts": { + "version": "1.3.8", + "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz", + "integrity": "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==", + "dev": true, + "license": "MIT", + "dependencies": { + "mime-types": "~2.1.34", + "negotiator": "0.6.3" + }, + "engines": { + "node": ">= 0.6" + } + }, "node_modules/socket.io/node_modules/debug": { "version": "4.3.7", "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.7.tgz", @@ -15545,6 +15553,39 @@ } } }, + "node_modules/socket.io/node_modules/mime-db": { + "version": "1.52.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/socket.io/node_modules/mime-types": { + "version": "2.1.35", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", + "dev": true, + "license": "MIT", + "dependencies": { + "mime-db": "1.52.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/socket.io/node_modules/negotiator": { + "version": "0.6.3", + "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz", + "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, "node_modules/source-map": { "version": "0.6.1", "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", @@ -15600,9 +15641,9 @@ } }, "node_modules/statuses": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", - "integrity": "sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ==", + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.2.tgz", + "integrity": "sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==", "license": "MIT", "engines": { "node": ">= 0.8" @@ -15925,9 +15966,9 @@ } }, "node_modules/swagger-ui-dist": { - "version": "5.26.2", - "resolved": "https://registry.npmjs.org/swagger-ui-dist/-/swagger-ui-dist-5.26.2.tgz", - "integrity": "sha512-WmMS9iMlHQejNm/Uw5ZTo4e3M2QMmEavRz7WLWVsq7Mlx4PSHJbY+VCrLsAz9wLxyHVgrJdt7N8+SdQLa52Ykg==", + "version": "5.27.1", + "resolved": "https://registry.npmjs.org/swagger-ui-dist/-/swagger-ui-dist-5.27.1.tgz", + "integrity": "sha512-oGtpYO3lnoaqyGtlJalvryl7TwzgRuxpOVWqEHx8af0YXI+Kt+4jMpLdgMtMcmWmuQ0QTCHLKExwrBFMSxvAUA==", "license": "Apache-2.0", "dependencies": { "@scarf/scarf": "=1.4.0" @@ -16280,13 +16321,14 @@ } }, "node_modules/type-is": { - "version": "1.6.18", - "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz", - "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==", + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/type-is/-/type-is-2.0.1.tgz", + "integrity": "sha512-OZs6gsjF4vMp32qrCbiVSkrFmXtG/AZhY3t0iAMrMBiAZyV9oALtXO8hsrHbMXF9x6L3grlFuwW2oAz7cav+Gw==", "license": "MIT", "dependencies": { - "media-typer": "0.3.0", - "mime-types": "~2.1.24" + "content-type": "^1.0.5", + "media-typer": "^1.1.0", + "mime-types": "^3.0.0" }, "engines": { "node": ">= 0.6" @@ -16552,15 +16594,6 @@ "integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==", "license": "MIT" }, - "node_modules/utils-merge": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz", - "integrity": "sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA==", - "license": "MIT", - "engines": { - "node": ">= 0.4.0" - } - }, "node_modules/uuid": { "version": "11.1.0", "resolved": "https://registry.npmjs.org/uuid/-/uuid-11.1.0.tgz", @@ -16938,9 +16971,9 @@ } }, "node_modules/yaml": { - "version": "2.8.0", - "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.0.tgz", - "integrity": "sha512-4lLa/EcQCB0cJkyts+FpIRx5G/llPxfP6VQU5KByHEhLxY3IJCH0f0Hy1MHI8sClTvsIb8qwRJ6R/ZdlDJ/leQ==", + "version": "2.8.1", + "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.1.tgz", + "integrity": "sha512-lcYcMxX2PO9XMGvAJkJ3OsNMw+/7FKes7/hgerGUYWIoWu5j/+YQqcZr5JnPZWzOsEBgMbSbiSTn/dv/69Mkpw==", "license": "ISC", "bin": { "yaml": "bin.mjs" diff --git a/package.json b/package.json index 89b7e0e0..669c63f4 100644 --- a/package.json +++ b/package.json @@ -21,8 +21,7 @@ "db:clear-migrations": "rm -rf server/migrations", "build:sqlite": "mkdir -p dist && next build && node esbuild.mjs -e server/index.ts -o dist/server.mjs && node esbuild.mjs -e server/setup/migrationsSqlite.ts -o dist/migrations.mjs", "build:pg": "mkdir -p dist && next build && node esbuild.mjs -e server/index.ts -o dist/server.mjs && node esbuild.mjs -e server/setup/migrationsPg.ts -o dist/migrations.mjs", - "start:sqlite": "DB_TYPE=sqlite NODE_OPTIONS=--enable-source-maps NODE_ENV=development ENVIRONMENT=prod sh -c 'node dist/migrations.mjs && node dist/server.mjs'", - "start:pg": "DB_TYPE=pg NODE_OPTIONS=--enable-source-maps NODE_ENV=development ENVIRONMENT=prod sh -c 'node dist/migrations.mjs && node dist/server.mjs'", + "start": "DB_TYPE=sqlite NODE_OPTIONS=--enable-source-maps NODE_ENV=development ENVIRONMENT=prod sh -c 'node dist/migrations.mjs && node dist/server.mjs'", "email": "email dev --dir server/emails/templates --port 3005", "build:cli": "node esbuild.mjs -e cli/index.ts -o dist/cli.mjs" }, @@ -52,9 +51,9 @@ "@radix-ui/react-tooltip": "^1.2.8", "@react-email/components": "0.5.0", "@react-email/render": "^1.2.0", + "@react-email/tailwind": "1.2.2", "@simplewebauthn/browser": "^13.1.0", "@simplewebauthn/server": "^9.0.3", - "@react-email/tailwind": "1.2.2", "@tailwindcss/forms": "^0.5.10", "@tanstack/react-table": "8.21.3", "arctic": "^3.7.0", @@ -72,7 +71,7 @@ "drizzle-orm": "0.44.4", "eslint": "9.33.0", "eslint-config-next": "15.4.6", - "express": "4.21.2", + "express": "5.1.0", "express-rate-limit": "8.0.1", "glob": "11.0.3", "helmet": "8.1.0", @@ -93,6 +92,7 @@ "npm": "^11.5.2", "oslo": "1.2.1", "pg": "^8.16.2", + "posthog-node": "^5.7.0", "qrcode.react": "4.2.0", "react": "19.1.1", "react-dom": "19.1.1", @@ -109,9 +109,9 @@ "winston": "3.17.0", "winston-daily-rotate-file": "5.0.0", "ws": "8.18.3", + "yargs": "18.0.0", "zod": "3.25.76", - "zod-validation-error": "3.5.2", - "yargs": "18.0.0" + "zod-validation-error": "3.5.2" }, "devDependencies": { "@dotenvx/dotenvx": "1.49.0", @@ -121,7 +121,7 @@ "@types/cookie-parser": "1.4.9", "@types/cors": "2.8.19", "@types/crypto-js": "^4.2.2", - "@types/express": "5.0.0", + "@types/express": "5.0.3", "@types/express-session": "^1.18.2", "@types/jmespath": "^0.15.2", "@types/js-yaml": "4.0.9", diff --git a/server/auth/actions.ts b/server/auth/actions.ts index ee2c5dac..a3ad60ab 100644 --- a/server/auth/actions.ts +++ b/server/auth/actions.ts @@ -69,6 +69,11 @@ export enum ActionsEnum { deleteResourceRule = "deleteResourceRule", listResourceRules = "listResourceRules", updateResourceRule = "updateResourceRule", + createSiteResource = "createSiteResource", + deleteSiteResource = "deleteSiteResource", + getSiteResource = "getSiteResource", + listSiteResources = "listSiteResources", + updateSiteResource = "updateSiteResource", createClient = "createClient", deleteClient = "deleteClient", updateClient = "updateClient", diff --git a/server/auth/sessions/app.ts b/server/auth/sessions/app.ts index 34d584f6..514bee00 100644 --- a/server/auth/sessions/app.ts +++ b/server/auth/sessions/app.ts @@ -24,8 +24,8 @@ export const SESSION_COOKIE_EXPIRES = 60 * 60 * config.getRawConfig().server.dashboard_session_length_hours; -export const COOKIE_DOMAIN = - "." + new URL(config.getRawConfig().app.dashboard_url).hostname; +export const COOKIE_DOMAIN = config.getRawConfig().app.dashboard_url ? + "." + new URL(config.getRawConfig().app.dashboard_url!).hostname : undefined; export function generateSessionToken(): string { const bytes = new Uint8Array(20); diff --git a/server/auth/sessions/resource.ts b/server/auth/sessions/resource.ts index f29a8b75..511dadda 100644 --- a/server/auth/sessions/resource.ts +++ b/server/auth/sessions/resource.ts @@ -4,6 +4,9 @@ import { resourceSessions, ResourceSession } from "@server/db"; import { db } from "@server/db"; import { eq, and } from "drizzle-orm"; import config from "@server/lib/config"; +import axios from "axios"; +import logger from "@server/logger"; +import { tokenManager } from "@server/lib/tokenManager"; export const SESSION_COOKIE_NAME = config.getRawConfig().server.session_cookie_name; @@ -62,6 +65,29 @@ export async function validateResourceSessionToken( token: string, resourceId: number ): Promise { + if (config.isManagedMode()) { + try { + const response = await axios.post(`${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/resource/${resourceId}/session/validate`, { + token: token + }, await tokenManager.getAuthHeader()); + return response.data.data; + } catch (error) { + if (axios.isAxiosError(error)) { + logger.error("Error validating resource session token in hybrid mode:", { + message: error.message, + code: error.code, + status: error.response?.status, + statusText: error.response?.statusText, + url: error.config?.url, + method: error.config?.method + }); + } else { + logger.error("Error validating resource session token in hybrid mode:", error); + } + return { resourceSession: null }; + } + } + const sessionId = encodeHexLowerCase( sha256(new TextEncoder().encode(token)) ); diff --git a/server/db/pg/schema.ts b/server/db/pg/schema.ts index b9228286..fcbf2621 100644 --- a/server/db/pg/schema.ts +++ b/server/db/pg/schema.ts @@ -23,7 +23,8 @@ export const domains = pgTable("domains", { export const orgs = pgTable("orgs", { orgId: varchar("orgId").primaryKey(), name: varchar("name").notNull(), - subnet: varchar("subnet") + subnet: varchar("subnet"), + createdAt: text("createdAt") }); export const orgDomains = pgTable("orgDomains", { @@ -65,11 +66,6 @@ export const sites = pgTable("sites", { export const resources = pgTable("resources", { resourceId: serial("resourceId").primaryKey(), - siteId: integer("siteId") - .references(() => sites.siteId, { - onDelete: "cascade" - }) - .notNull(), orgId: varchar("orgId") .references(() => orgs.orgId, { onDelete: "cascade" @@ -96,6 +92,9 @@ export const resources = pgTable("resources", { tlsServerName: varchar("tlsServerName"), setHostHeader: varchar("setHostHeader"), enableProxy: boolean("enableProxy").default(true), + skipToIdpId: integer("skipToIdpId").references(() => idp.idpId, { + onDelete: "cascade" + }), }); export const targets = pgTable("targets", { @@ -105,6 +104,11 @@ export const targets = pgTable("targets", { onDelete: "cascade" }) .notNull(), + siteId: integer("siteId") + .references(() => sites.siteId, { + onDelete: "cascade" + }) + .notNull(), ip: varchar("ip").notNull(), method: varchar("method"), port: integer("port").notNull(), @@ -120,7 +124,26 @@ export const exitNodes = pgTable("exitNodes", { publicKey: varchar("publicKey").notNull(), listenPort: integer("listenPort").notNull(), reachableAt: varchar("reachableAt"), - maxConnections: integer("maxConnections") + maxConnections: integer("maxConnections"), + online: boolean("online").notNull().default(false), + lastPing: integer("lastPing"), + type: text("type").default("gerbil") // gerbil, remoteExitNode +}); + +export const siteResources = pgTable("siteResources", { // this is for the clients + siteResourceId: serial("siteResourceId").primaryKey(), + siteId: integer("siteId") + .notNull() + .references(() => sites.siteId, { onDelete: "cascade" }), + orgId: varchar("orgId") + .notNull() + .references(() => orgs.orgId, { onDelete: "cascade" }), + name: varchar("name").notNull(), + protocol: varchar("protocol").notNull(), + proxyPort: integer("proxyPort").notNull(), + destinationPort: integer("destinationPort").notNull(), + destinationIp: varchar("destinationIp").notNull(), + enabled: boolean("enabled").notNull().default(true), }); export const users = pgTable("user", { @@ -512,10 +535,10 @@ export const clients = pgTable("clients", { megabytesIn: real("bytesIn"), megabytesOut: real("bytesOut"), lastBandwidthUpdate: varchar("lastBandwidthUpdate"), - lastPing: varchar("lastPing"), + lastPing: integer("lastPing"), type: varchar("type").notNull(), // "olm" online: boolean("online").notNull().default(false), - endpoint: varchar("endpoint"), + // endpoint: varchar("endpoint"), lastHolePunch: integer("lastHolePunch"), maxConnections: integer("maxConnections") }); @@ -527,13 +550,15 @@ export const clientSites = pgTable("clientSites", { siteId: integer("siteId") .notNull() .references(() => sites.siteId, { onDelete: "cascade" }), - isRelayed: boolean("isRelayed").notNull().default(false) + isRelayed: boolean("isRelayed").notNull().default(false), + endpoint: varchar("endpoint") }); export const olms = pgTable("olms", { olmId: varchar("id").primaryKey(), secretHash: varchar("secretHash").notNull(), dateCreated: varchar("dateCreated").notNull(), + version: text("version"), clientId: integer("clientId").references(() => clients.clientId, { onDelete: "cascade" }) @@ -591,6 +616,14 @@ export const webauthnChallenge = pgTable("webauthnChallenge", { expiresAt: bigint("expiresAt", { mode: "number" }).notNull() // Unix timestamp }); +export const setupTokens = pgTable("setupTokens", { + tokenId: varchar("tokenId").primaryKey(), + token: varchar("token").notNull(), + used: boolean("used").notNull().default(false), + dateCreated: varchar("dateCreated").notNull(), + dateUsed: varchar("dateUsed") +}); + export type Org = InferSelectModel; export type User = InferSelectModel; export type Site = InferSelectModel; @@ -636,3 +669,6 @@ export type OlmSession = InferSelectModel; export type UserClient = InferSelectModel; export type RoleClient = InferSelectModel; export type OrgDomains = InferSelectModel; +export type SiteResource = InferSelectModel; +export type SetupToken = InferSelectModel; +export type HostMeta = InferSelectModel; diff --git a/server/db/queries/verifySessionQueries.ts b/server/db/queries/verifySessionQueries.ts new file mode 100644 index 00000000..728880f2 --- /dev/null +++ b/server/db/queries/verifySessionQueries.ts @@ -0,0 +1,277 @@ +import { db } from "@server/db"; +import { + Resource, + ResourcePassword, + ResourcePincode, + ResourceRule, + resourcePassword, + resourcePincode, + resourceRules, + resources, + roleResources, + sessions, + userOrgs, + userResources, + users +} from "@server/db"; +import { and, eq } from "drizzle-orm"; +import axios from "axios"; +import config from "@server/lib/config"; +import logger from "@server/logger"; +import { tokenManager } from "@server/lib/tokenManager"; + +export type ResourceWithAuth = { + resource: Resource | null; + pincode: ResourcePincode | null; + password: ResourcePassword | null; +}; + +export type UserSessionWithUser = { + session: any; + user: any; +}; + +/** + * Get resource by domain with pincode and password information + */ +export async function getResourceByDomain( + domain: string +): Promise { + if (config.isManagedMode()) { + try { + const response = await axios.get(`${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/resource/domain/${domain}`, await tokenManager.getAuthHeader()); + return response.data.data; + } catch (error) { + if (axios.isAxiosError(error)) { + logger.error("Error fetching config in verify session:", { + message: error.message, + code: error.code, + status: error.response?.status, + statusText: error.response?.statusText, + url: error.config?.url, + method: error.config?.method + }); + } else { + logger.error("Error fetching config in verify session:", error); + } + return null; + } + } + + const [result] = await db + .select() + .from(resources) + .leftJoin( + resourcePincode, + eq(resourcePincode.resourceId, resources.resourceId) + ) + .leftJoin( + resourcePassword, + eq(resourcePassword.resourceId, resources.resourceId) + ) + .where(eq(resources.fullDomain, domain)) + .limit(1); + + if (!result) { + return null; + } + + return { + resource: result.resources, + pincode: result.resourcePincode, + password: result.resourcePassword + }; +} + +/** + * Get user session with user information + */ +export async function getUserSessionWithUser( + userSessionId: string +): Promise { + if (config.isManagedMode()) { + try { + const response = await axios.get(`${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/session/${userSessionId}`, await tokenManager.getAuthHeader()); + return response.data.data; + } catch (error) { + if (axios.isAxiosError(error)) { + logger.error("Error fetching config in verify session:", { + message: error.message, + code: error.code, + status: error.response?.status, + statusText: error.response?.statusText, + url: error.config?.url, + method: error.config?.method + }); + } else { + logger.error("Error fetching config in verify session:", error); + } + return null; + } + } + + const [res] = await db + .select() + .from(sessions) + .leftJoin(users, eq(users.userId, sessions.userId)) + .where(eq(sessions.sessionId, userSessionId)); + + if (!res) { + return null; + } + + return { + session: res.session, + user: res.user + }; +} + +/** + * Get user organization role + */ +export async function getUserOrgRole(userId: string, orgId: string) { + if (config.isManagedMode()) { + try { + const response = await axios.get(`${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/user/${userId}/org/${orgId}/role`, await tokenManager.getAuthHeader()); + return response.data.data; + } catch (error) { + if (axios.isAxiosError(error)) { + logger.error("Error fetching config in verify session:", { + message: error.message, + code: error.code, + status: error.response?.status, + statusText: error.response?.statusText, + url: error.config?.url, + method: error.config?.method + }); + } else { + logger.error("Error fetching config in verify session:", error); + } + return null; + } + } + + const userOrgRole = await db + .select() + .from(userOrgs) + .where( + and( + eq(userOrgs.userId, userId), + eq(userOrgs.orgId, orgId) + ) + ) + .limit(1); + + return userOrgRole.length > 0 ? userOrgRole[0] : null; +} + +/** + * Check if role has access to resource + */ +export async function getRoleResourceAccess(resourceId: number, roleId: number) { + if (config.isManagedMode()) { + try { + const response = await axios.get(`${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/role/${roleId}/resource/${resourceId}/access`, await tokenManager.getAuthHeader()); + return response.data.data; + } catch (error) { + if (axios.isAxiosError(error)) { + logger.error("Error fetching config in verify session:", { + message: error.message, + code: error.code, + status: error.response?.status, + statusText: error.response?.statusText, + url: error.config?.url, + method: error.config?.method + }); + } else { + logger.error("Error fetching config in verify session:", error); + } + return null; + } + } + + const roleResourceAccess = await db + .select() + .from(roleResources) + .where( + and( + eq(roleResources.resourceId, resourceId), + eq(roleResources.roleId, roleId) + ) + ) + .limit(1); + + return roleResourceAccess.length > 0 ? roleResourceAccess[0] : null; +} + +/** + * Check if user has direct access to resource + */ +export async function getUserResourceAccess(userId: string, resourceId: number) { + if (config.isManagedMode()) { + try { + const response = await axios.get(`${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/user/${userId}/resource/${resourceId}/access`, await tokenManager.getAuthHeader()); + return response.data.data; + } catch (error) { + if (axios.isAxiosError(error)) { + logger.error("Error fetching config in verify session:", { + message: error.message, + code: error.code, + status: error.response?.status, + statusText: error.response?.statusText, + url: error.config?.url, + method: error.config?.method + }); + } else { + logger.error("Error fetching config in verify session:", error); + } + return null; + } + } + + const userResourceAccess = await db + .select() + .from(userResources) + .where( + and( + eq(userResources.userId, userId), + eq(userResources.resourceId, resourceId) + ) + ) + .limit(1); + + return userResourceAccess.length > 0 ? userResourceAccess[0] : null; +} + +/** + * Get resource rules for a given resource + */ +export async function getResourceRules(resourceId: number): Promise { + if (config.isManagedMode()) { + try { + const response = await axios.get(`${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/resource/${resourceId}/rules`, await tokenManager.getAuthHeader()); + return response.data.data; + } catch (error) { + if (axios.isAxiosError(error)) { + logger.error("Error fetching config in verify session:", { + message: error.message, + code: error.code, + status: error.response?.status, + statusText: error.response?.statusText, + url: error.config?.url, + method: error.config?.method + }); + } else { + logger.error("Error fetching config in verify session:", error); + } + return []; + } + } + + const rules = await db + .select() + .from(resourceRules) + .where(eq(resourceRules.resourceId, resourceId)); + + return rules; +} diff --git a/server/db/sqlite/schema.ts b/server/db/sqlite/schema.ts index 974faa67..5db6bfdd 100644 --- a/server/db/sqlite/schema.ts +++ b/server/db/sqlite/schema.ts @@ -16,7 +16,8 @@ export const domains = sqliteTable("domains", { export const orgs = sqliteTable("orgs", { orgId: text("orgId").primaryKey(), name: text("name").notNull(), - subnet: text("subnet") + subnet: text("subnet"), + createdAt: text("createdAt") }); export const userDomains = sqliteTable("userDomains", { @@ -66,16 +67,11 @@ export const sites = sqliteTable("sites", { dockerSocketEnabled: integer("dockerSocketEnabled", { mode: "boolean" }) .notNull() .default(true), - remoteSubnets: text("remoteSubnets"), // comma-separated list of subnets that this site can access + remoteSubnets: text("remoteSubnets") // comma-separated list of subnets that this site can access }); export const resources = sqliteTable("resources", { resourceId: integer("resourceId").primaryKey({ autoIncrement: true }), - siteId: integer("siteId") - .references(() => sites.siteId, { - onDelete: "cascade" - }) - .notNull(), orgId: text("orgId") .references(() => orgs.orgId, { onDelete: "cascade" @@ -108,6 +104,9 @@ export const resources = sqliteTable("resources", { tlsServerName: text("tlsServerName"), setHostHeader: text("setHostHeader"), enableProxy: integer("enableProxy", { mode: "boolean" }).default(true), + skipToIdpId: integer("skipToIdpId").references(() => idp.idpId, { + onDelete: "cascade" + }), }); export const targets = sqliteTable("targets", { @@ -117,6 +116,11 @@ export const targets = sqliteTable("targets", { onDelete: "cascade" }) .notNull(), + siteId: integer("siteId") + .references(() => sites.siteId, { + onDelete: "cascade" + }) + .notNull(), ip: text("ip").notNull(), method: text("method"), port: integer("port").notNull(), @@ -132,7 +136,26 @@ export const exitNodes = sqliteTable("exitNodes", { publicKey: text("publicKey").notNull(), listenPort: integer("listenPort").notNull(), reachableAt: text("reachableAt"), // this is the internal address of the gerbil http server for command control - maxConnections: integer("maxConnections") + maxConnections: integer("maxConnections"), + online: integer("online", { mode: "boolean" }).notNull().default(false), + lastPing: integer("lastPing"), + type: text("type").default("gerbil") // gerbil, remoteExitNode +}); + +export const siteResources = sqliteTable("siteResources", { // this is for the clients + siteResourceId: integer("siteResourceId").primaryKey({ autoIncrement: true }), + siteId: integer("siteId") + .notNull() + .references(() => sites.siteId, { onDelete: "cascade" }), + orgId: text("orgId") + .notNull() + .references(() => orgs.orgId, { onDelete: "cascade" }), + name: text("name").notNull(), + protocol: text("protocol").notNull(), + proxyPort: integer("proxyPort").notNull(), + destinationPort: integer("destinationPort").notNull(), + destinationIp: text("destinationIp").notNull(), + enabled: integer("enabled", { mode: "boolean" }).notNull().default(true), }); export const users = sqliteTable("user", { @@ -165,9 +188,11 @@ export const users = sqliteTable("user", { export const securityKeys = sqliteTable("webauthnCredentials", { credentialId: text("credentialId").primaryKey(), - userId: text("userId").notNull().references(() => users.userId, { - onDelete: "cascade" - }), + userId: text("userId") + .notNull() + .references(() => users.userId, { + onDelete: "cascade" + }), publicKey: text("publicKey").notNull(), signCount: integer("signCount").notNull(), transports: text("transports"), @@ -186,6 +211,14 @@ export const webauthnChallenge = sqliteTable("webauthnChallenge", { expiresAt: integer("expiresAt").notNull() // Unix timestamp }); +export const setupTokens = sqliteTable("setupTokens", { + tokenId: text("tokenId").primaryKey(), + token: text("token").notNull(), + used: integer("used", { mode: "boolean" }).notNull().default(false), + dateCreated: text("dateCreated").notNull(), + dateUsed: text("dateUsed") +}); + export const newts = sqliteTable("newt", { newtId: text("id").primaryKey(), secretHash: text("secretHash").notNull(), @@ -212,10 +245,10 @@ export const clients = sqliteTable("clients", { megabytesIn: integer("bytesIn"), megabytesOut: integer("bytesOut"), lastBandwidthUpdate: text("lastBandwidthUpdate"), - lastPing: text("lastPing"), + lastPing: integer("lastPing"), type: text("type").notNull(), // "olm" online: integer("online", { mode: "boolean" }).notNull().default(false), - endpoint: text("endpoint"), + // endpoint: text("endpoint"), lastHolePunch: integer("lastHolePunch") }); @@ -226,13 +259,15 @@ export const clientSites = sqliteTable("clientSites", { siteId: integer("siteId") .notNull() .references(() => sites.siteId, { onDelete: "cascade" }), - isRelayed: integer("isRelayed", { mode: "boolean" }).notNull().default(false) + isRelayed: integer("isRelayed", { mode: "boolean" }).notNull().default(false), + endpoint: text("endpoint") }); export const olms = sqliteTable("olms", { olmId: text("id").primaryKey(), secretHash: text("secretHash").notNull(), dateCreated: text("dateCreated").notNull(), + version: text("version"), clientId: integer("clientId").references(() => clients.clientId, { onDelete: "cascade" }) @@ -677,4 +712,7 @@ export type Idp = InferSelectModel; export type ApiKey = InferSelectModel; export type ApiKeyAction = InferSelectModel; export type ApiKeyOrg = InferSelectModel; +export type SiteResource = InferSelectModel; export type OrgDomains = InferSelectModel; +export type SetupToken = InferSelectModel; +export type HostMeta = InferSelectModel; diff --git a/server/emails/index.ts b/server/emails/index.ts index 42cfa39c..2cdef8a1 100644 --- a/server/emails/index.ts +++ b/server/emails/index.ts @@ -6,6 +6,11 @@ import logger from "@server/logger"; import SMTPTransport from "nodemailer/lib/smtp-transport"; function createEmailClient() { + if (config.isManagedMode()) { + // LETS NOT WORRY ABOUT EMAILS IN HYBRID + return; + } + const emailConfig = config.getRawConfig().email; if (!emailConfig) { logger.warn( diff --git a/server/emails/templates/WelcomeQuickStart.tsx b/server/emails/templates/WelcomeQuickStart.tsx index caebff06..cd18f8b5 100644 --- a/server/emails/templates/WelcomeQuickStart.tsx +++ b/server/emails/templates/WelcomeQuickStart.tsx @@ -88,7 +88,7 @@ export const WelcomeQuickStart = ({ To learn how to use Newt, including more installation methods, visit the{" "} docs diff --git a/server/hybridServer.ts b/server/hybridServer.ts new file mode 100644 index 00000000..bb26489d --- /dev/null +++ b/server/hybridServer.ts @@ -0,0 +1,151 @@ +import logger from "@server/logger"; +import config from "@server/lib/config"; +import { createWebSocketClient } from "./routers/ws/client"; +import { addPeer, deletePeer } from "./routers/gerbil/peers"; +import { db, exitNodes } from "./db"; +import { TraefikConfigManager } from "./lib/traefikConfig"; +import { tokenManager } from "./lib/tokenManager"; +import { APP_VERSION } from "./lib/consts"; +import axios from "axios"; + +export async function createHybridClientServer() { + logger.info("Starting hybrid client server..."); + + // Start the token manager + await tokenManager.start(); + + const token = await tokenManager.getToken(); + + const monitor = new TraefikConfigManager(); + + await monitor.start(); + + // Create client + const client = createWebSocketClient( + token, + config.getRawConfig().managed!.endpoint!, + { + reconnectInterval: 5000, + pingInterval: 30000, + pingTimeout: 10000 + } + ); + + // Register message handlers + client.registerHandler("remoteExitNode/peers/add", async (message) => { + const { publicKey, allowedIps } = message.data; + + // TODO: we are getting the exit node twice here + // NOTE: there should only be one gerbil registered so... + const [exitNode] = await db.select().from(exitNodes).limit(1); + await addPeer(exitNode.exitNodeId, { + publicKey: publicKey, + allowedIps: allowedIps || [] + }); + }); + + client.registerHandler("remoteExitNode/peers/remove", async (message) => { + const { publicKey } = message.data; + + // TODO: we are getting the exit node twice here + // NOTE: there should only be one gerbil registered so... + const [exitNode] = await db.select().from(exitNodes).limit(1); + await deletePeer(exitNode.exitNodeId, publicKey); + }); + + // /update-proxy-mapping + client.registerHandler("remoteExitNode/update-proxy-mapping", async (message) => { + try { + const [exitNode] = await db.select().from(exitNodes).limit(1); + if (!exitNode) { + logger.error("No exit node found for proxy mapping update"); + return; + } + + const response = await axios.post(`${exitNode.endpoint}/update-proxy-mapping`, message.data); + logger.info(`Successfully updated proxy mapping: ${response.status}`); + } catch (error) { + // pull data out of the axios error to log + if (axios.isAxiosError(error)) { + logger.error("Error updating proxy mapping:", { + message: error.message, + code: error.code, + status: error.response?.status, + statusText: error.response?.statusText, + url: error.config?.url, + method: error.config?.method + }); + } else { + logger.error("Error updating proxy mapping:", error); + } + } + }); + + // /update-destinations + client.registerHandler("remoteExitNode/update-destinations", async (message) => { + try { + const [exitNode] = await db.select().from(exitNodes).limit(1); + if (!exitNode) { + logger.error("No exit node found for destinations update"); + return; + } + + const response = await axios.post(`${exitNode.endpoint}/update-destinations`, message.data); + logger.info(`Successfully updated destinations: ${response.status}`); + } catch (error) { + // pull data out of the axios error to log + if (axios.isAxiosError(error)) { + logger.error("Error updating destinations:", { + message: error.message, + code: error.code, + status: error.response?.status, + statusText: error.response?.statusText, + url: error.config?.url, + method: error.config?.method + }); + } else { + logger.error("Error updating destinations:", error); + } + } + }); + + client.registerHandler("remoteExitNode/traefik/reload", async (message) => { + await monitor.HandleTraefikConfig(); + }); + + // Listen to connection events + client.on("connect", () => { + logger.info("Connected to WebSocket server"); + client.sendMessage("remoteExitNode/register", { + remoteExitNodeVersion: APP_VERSION + }); + }); + + client.on("disconnect", () => { + logger.info("Disconnected from WebSocket server"); + }); + + client.on("message", (message) => { + logger.info( + `Received message: ${message.type} ${JSON.stringify(message.data)}` + ); + }); + + // Connect to the server + try { + await client.connect(); + logger.info("Connection initiated"); + } catch (error) { + logger.error("Failed to connect:", error); + } + + // Store the ping interval stop function for cleanup if needed + const stopPingInterval = client.sendMessageInterval( + "remoteExitNode/ping", + { timestamp: Date.now() / 1000 }, + 60000 + ); // send every minute + + // Return client and cleanup function for potential use + return { client, stopPingInterval }; +} diff --git a/server/index.ts b/server/index.ts index d3f90281..746de7b9 100644 --- a/server/index.ts +++ b/server/index.ts @@ -7,16 +7,35 @@ import { createNextServer } from "./nextServer"; import { createInternalServer } from "./internalServer"; import { ApiKey, ApiKeyOrg, Session, User, UserOrg } from "@server/db"; import { createIntegrationApiServer } from "./integrationApiServer"; +import { createHybridClientServer } from "./hybridServer"; import config from "@server/lib/config"; +import { setHostMeta } from "@server/lib/hostMeta"; +import { initTelemetryClient } from "./lib/telemetry.js"; +import { TraefikConfigManager } from "./lib/traefikConfig.js"; async function startServers() { + await setHostMeta(); + await config.initServer(); await runSetupFunctions(); + initTelemetryClient(); + // Start all servers const apiServer = createApiServer(); const internalServer = createInternalServer(); - const nextServer = await createNextServer(); + + let hybridClientServer; + let nextServer; + if (config.isManagedMode()) { + hybridClientServer = await createHybridClientServer(); + } else { + nextServer = await createNextServer(); + if (config.getRawConfig().traefik.file_mode) { + const monitor = new TraefikConfigManager(); + await monitor.start(); + } + } let integrationServer; if (config.getRawConfig().flags?.enable_integration_api) { @@ -27,7 +46,8 @@ async function startServers() { apiServer, nextServer, internalServer, - integrationServer + integrationServer, + hybridClientServer }; } diff --git a/server/lib/config.ts b/server/lib/config.ts index 0a964469..667df744 100644 --- a/server/lib/config.ts +++ b/server/lib/config.ts @@ -30,12 +30,6 @@ export class Config { throw new Error(`Invalid configuration file: ${errors}`); } - if (process.env.APP_BASE_DOMAIN) { - console.log( - "WARNING: You're using deprecated environment variables. Transition to the configuration file. https://docs.fossorial.io/" - ); - } - if ( // @ts-ignore parsedConfig.users || @@ -102,16 +96,18 @@ export class Config { if (!this.rawConfig) { throw new Error("Config not loaded. Call load() first."); } - license.setServerSecret(this.rawConfig.server.secret); + if (this.rawConfig.managed) { + // LETS NOT WORRY ABOUT THE SERVER SECRET WHEN MANAGED + return; + } + license.setServerSecret(this.rawConfig.server.secret!); await this.checkKeyStatus(); } private async checkKeyStatus() { const licenseStatus = await license.check(); - if ( - !licenseStatus.isHostLicensed - ) { + if (!licenseStatus.isHostLicensed) { this.checkSupporterKey(); } } @@ -153,6 +149,10 @@ export class Config { return false; } + public isManagedMode() { + return typeof this.rawConfig?.managed === "object"; + } + public async checkSupporterKey() { const [key] = await db.select().from(supporterKey).limit(1); diff --git a/server/lib/consts.ts b/server/lib/consts.ts index cfe45620..b9afa792 100644 --- a/server/lib/consts.ts +++ b/server/lib/consts.ts @@ -2,7 +2,7 @@ import path from "path"; import { fileURLToPath } from "url"; // This is a placeholder value replaced by the build process -export const APP_VERSION = "1.8.0"; +export const APP_VERSION = "1.9.0"; export const __FILENAME = fileURLToPath(import.meta.url); export const __DIRNAME = path.dirname(__FILENAME); diff --git a/server/lib/exitNodeComms.ts b/server/lib/exitNodeComms.ts new file mode 100644 index 00000000..f79b718f --- /dev/null +++ b/server/lib/exitNodeComms.ts @@ -0,0 +1,86 @@ +import axios from "axios"; +import logger from "@server/logger"; +import { ExitNode } from "@server/db"; + +interface ExitNodeRequest { + remoteType: string; + localPath: string; + method?: "POST" | "DELETE" | "GET" | "PUT"; + data?: any; + queryParams?: Record; +} + +/** + * Sends a request to an exit node, handling both remote and local exit nodes + * @param exitNode The exit node to send the request to + * @param request The request configuration + * @returns Promise Response data for local nodes, undefined for remote nodes + */ +export async function sendToExitNode( + exitNode: ExitNode, + request: ExitNodeRequest +): Promise { + if (!exitNode.reachableAt) { + throw new Error( + `Exit node with ID ${exitNode.exitNodeId} is not reachable` + ); + } + + // Handle local exit node with HTTP API + const method = request.method || "POST"; + let url = `${exitNode.reachableAt}${request.localPath}`; + + // Add query parameters if provided + if (request.queryParams) { + const params = new URLSearchParams(request.queryParams); + url += `?${params.toString()}`; + } + + try { + let response; + + switch (method) { + case "POST": + response = await axios.post(url, request.data, { + headers: { + "Content-Type": "application/json" + } + }); + break; + case "DELETE": + response = await axios.delete(url); + break; + case "GET": + response = await axios.get(url); + break; + case "PUT": + response = await axios.put(url, request.data, { + headers: { + "Content-Type": "application/json" + } + }); + break; + default: + throw new Error(`Unsupported HTTP method: ${method}`); + } + + logger.info(`Exit node request successful:`, { + method, + url, + status: response.data.status + }); + + return response.data; + } catch (error) { + if (axios.isAxiosError(error)) { + logger.error( + `Error making ${method} request (can Pangolin see Gerbil HTTP API?) for exit node at ${exitNode.reachableAt} (status: ${error.response?.status}): ${error.message}` + ); + } else { + logger.error( + `Error making ${method} request for exit node at ${exitNode.reachableAt}: ${error}` + ); + } + throw error; + } +} diff --git a/server/lib/exitNodes/exitNodes.ts b/server/lib/exitNodes/exitNodes.ts new file mode 100644 index 00000000..06539bb0 --- /dev/null +++ b/server/lib/exitNodes/exitNodes.ts @@ -0,0 +1,59 @@ +import { db, exitNodes } from "@server/db"; +import logger from "@server/logger"; +import { ExitNodePingResult } from "@server/routers/newt"; +import { eq } from "drizzle-orm"; + +export async function verifyExitNodeOrgAccess( + exitNodeId: number, + orgId: string +) { + const [exitNode] = await db + .select() + .from(exitNodes) + .where(eq(exitNodes.exitNodeId, exitNodeId)); + + // For any other type, deny access + return { hasAccess: true, exitNode }; +} + +export async function listExitNodes(orgId: string, filterOnline = false) { + // TODO: pick which nodes to send and ping better than just all of them that are not remote + const allExitNodes = await db + .select({ + exitNodeId: exitNodes.exitNodeId, + name: exitNodes.name, + address: exitNodes.address, + endpoint: exitNodes.endpoint, + publicKey: exitNodes.publicKey, + listenPort: exitNodes.listenPort, + reachableAt: exitNodes.reachableAt, + maxConnections: exitNodes.maxConnections, + online: exitNodes.online, + lastPing: exitNodes.lastPing, + type: exitNodes.type + }) + .from(exitNodes); + + // Filter the nodes. If there are NO remoteExitNodes then do nothing. If there are then remove all of the non-remoteExitNodes + if (allExitNodes.length === 0) { + logger.warn("No exit nodes found!"); + return []; + } + + return allExitNodes; +} + +export function selectBestExitNode( + pingResults: ExitNodePingResult[] +): ExitNodePingResult | null { + if (!pingResults || pingResults.length === 0) { + logger.warn("No ping results provided"); + return null; + } + + return pingResults[0]; +} + +export async function checkExitNodeOrg(exitNodeId: number, orgId: string) { + return false; +} \ No newline at end of file diff --git a/server/lib/exitNodes/index.ts b/server/lib/exitNodes/index.ts new file mode 100644 index 00000000..8889bc35 --- /dev/null +++ b/server/lib/exitNodes/index.ts @@ -0,0 +1,2 @@ +export * from "./exitNodes"; +export * from "./shared"; \ No newline at end of file diff --git a/server/lib/exitNodes/shared.ts b/server/lib/exitNodes/shared.ts new file mode 100644 index 00000000..c06f1d05 --- /dev/null +++ b/server/lib/exitNodes/shared.ts @@ -0,0 +1,30 @@ +import { db, exitNodes } from "@server/db"; +import config from "@server/lib/config"; +import { findNextAvailableCidr } from "@server/lib/ip"; + +export async function getNextAvailableSubnet(): Promise { + // Get all existing subnets from routes table + const existingAddresses = await db + .select({ + address: exitNodes.address + }) + .from(exitNodes); + + const addresses = existingAddresses.map((a) => a.address); + let subnet = findNextAvailableCidr( + addresses, + config.getRawConfig().gerbil.block_size, + config.getRawConfig().gerbil.subnet_group + ); + if (!subnet) { + throw new Error("No available subnets remaining in space"); + } + + // replace the last octet with 1 + subnet = + subnet.split(".").slice(0, 3).join(".") + + ".1" + + "/" + + subnet.split("/")[1]; + return subnet; +} \ No newline at end of file diff --git a/server/setup/setHostMeta.ts b/server/lib/hostMeta.ts similarity index 57% rename from server/setup/setHostMeta.ts rename to server/lib/hostMeta.ts index 2223d11b..2f2c7ed7 100644 --- a/server/setup/setHostMeta.ts +++ b/server/lib/hostMeta.ts @@ -1,7 +1,9 @@ -import { db } from "@server/db"; +import { db, HostMeta } from "@server/db"; import { hostMeta } from "@server/db"; import { v4 as uuidv4 } from "uuid"; +let gotHostMeta: HostMeta | undefined; + export async function setHostMeta() { const [existing] = await db.select().from(hostMeta).limit(1); @@ -15,3 +17,12 @@ export async function setHostMeta() { .insert(hostMeta) .values({ hostMetaId: id, createdAt: new Date().getTime() }); } + +export async function getHostMeta() { + if (gotHostMeta) { + return gotHostMeta; + } + const [meta] = await db.select().from(hostMeta).limit(1); + gotHostMeta = meta; + return meta; +} diff --git a/server/lib/index.ts b/server/lib/index.ts index 9d2cfb1f..7705e0af 100644 --- a/server/lib/index.ts +++ b/server/lib/index.ts @@ -1 +1,2 @@ export * from "./response"; +export { tokenManager, TokenManager } from "./tokenManager"; diff --git a/server/lib/readConfigFile.ts b/server/lib/readConfigFile.ts index 42fcefd3..6543b25c 100644 --- a/server/lib/readConfigFile.ts +++ b/server/lib/readConfigFile.ts @@ -3,7 +3,6 @@ import yaml from "js-yaml"; import { configFilePath1, configFilePath2 } from "./consts"; import { z } from "zod"; import stoi from "./stoi"; -import { build } from "@server/build"; const portSchema = z.number().positive().gt(0).lte(65535); @@ -17,16 +16,38 @@ export const configSchema = z dashboard_url: z .string() .url() - .optional() .pipe(z.string().url()) - .transform((url) => url.toLowerCase()), + .transform((url) => url.toLowerCase()) + .optional(), log_level: z .enum(["debug", "info", "warn", "error"]) .optional() .default("info"), save_logs: z.boolean().optional().default(false), - log_failed_attempts: z.boolean().optional().default(false) + log_failed_attempts: z.boolean().optional().default(false), + telemetry: z + .object({ + anonymous_usage: z.boolean().optional().default(true) + }) + .optional() + .default({}) + }).optional().default({ + log_level: "info", + save_logs: false, + log_failed_attempts: false, + telemetry: { + anonymous_usage: true + } }), + managed: z + .object({ + name: z.string().optional(), + id: z.string().optional(), + secret: z.string().optional(), + endpoint: z.string().optional().default("https://pangolin.fossorial.io"), + redirect_endpoint: z.string().optional() + }) + .optional(), domains: z .record( z.string(), @@ -43,7 +64,7 @@ export const configSchema = z server: z.object({ integration_port: portSchema .optional() - .default(3003) + .default(3004) .transform(stoi) .pipe(portSchema.optional()), external_port: portSchema @@ -108,9 +129,25 @@ export const configSchema = z trust_proxy: z.number().int().gte(0).optional().default(1), secret: z .string() - .optional() .transform(getEnvOrYaml("SERVER_SECRET")) .pipe(z.string().min(8)) + .optional() + }).optional().default({ + integration_port: 3003, + external_port: 3000, + internal_port: 3001, + next_port: 3002, + internal_hostname: "pangolin", + session_cookie_name: "p_session_token", + resource_access_token_param: "p_token", + resource_access_token_headers: { + id: "P-Access-Token-Id", + token: "P-Access-Token" + }, + resource_session_request_param: "resource_session_request_param", + dashboard_session_length_hours: 720, + resource_session_length_hours: 720, + trust_proxy: 1 }), postgres: z .object({ @@ -130,7 +167,20 @@ export const configSchema = z https_entrypoint: z.string().optional().default("websecure"), additional_middlewares: z.array(z.string()).optional(), cert_resolver: z.string().optional().default("letsencrypt"), - prefer_wildcard_cert: z.boolean().optional().default(false) + prefer_wildcard_cert: z.boolean().optional().default(false), + certificates_path: z.string().default("/var/certificates"), + monitor_interval: z.number().default(5000), + dynamic_cert_config_path: z + .string() + .optional() + .default("/var/dynamic/cert_config.yml"), + dynamic_router_config_path: z + .string() + .optional() + .default("/var/dynamic/router_config.yml"), + static_domains: z.array(z.string()).optional().default([]), + site_types: z.array(z.string()).optional().default(["newt", "wireguard", "local"]), + file_mode: z.boolean().optional().default(false) }) .optional() .default({}), @@ -213,7 +263,10 @@ export const configSchema = z smtp_host: z.string().optional(), smtp_port: portSchema.optional(), smtp_user: z.string().optional(), - smtp_pass: z.string().optional().transform(getEnvOrYaml("EMAIL_SMTP_PASS")), + smtp_pass: z + .string() + .optional() + .transform(getEnvOrYaml("EMAIL_SMTP_PASS")), smtp_secure: z.boolean().optional(), smtp_tls_reject_unauthorized: z.boolean().optional(), no_reply: z.string().email().optional() @@ -229,7 +282,7 @@ export const configSchema = z disable_local_sites: z.boolean().optional(), disable_basic_wireguard_sites: z.boolean().optional(), disable_config_managed_domains: z.boolean().optional(), - enable_clients: z.boolean().optional().default(true), + enable_clients: z.boolean().optional().default(true) }) .optional(), dns: z @@ -252,6 +305,10 @@ export const configSchema = z if (data.flags?.disable_config_managed_domains) { return true; } + // If hybrid is defined, domains are not required + if (data.managed) { + return true; + } if (keys.length === 0) { return false; } @@ -260,6 +317,32 @@ export const configSchema = z { message: "At least one domain must be defined" } + ) + .refine( + (data) => { + // If hybrid is defined, server secret is not required + if (data.managed) { + return true; + } + // If hybrid is not defined, server secret must be defined + return data.server?.secret !== undefined && data.server.secret.length > 0; + }, + { + message: "Server secret must be defined" + } + ) + .refine( + (data) => { + // If hybrid is defined, dashboard_url is not required + if (data.managed) { + return true; + } + // If hybrid is not defined, dashboard_url must be defined + return data.app.dashboard_url !== undefined && data.app.dashboard_url.length > 0; + }, + { + message: "Dashboard URL must be defined" + } ); export function readConfigFile() { @@ -287,7 +370,7 @@ export function readConfigFile() { if (!environment) { throw new Error( - "No configuration file found. Please create one. https://docs.fossorial.io/" + "No configuration file found. Please create one. https://docs.digpangolin.com/self-host/advanced/config-file" ); } diff --git a/server/lib/remoteCertificates/certificates.ts b/server/lib/remoteCertificates/certificates.ts new file mode 100644 index 00000000..db6fa6ad --- /dev/null +++ b/server/lib/remoteCertificates/certificates.ts @@ -0,0 +1,78 @@ +import axios from "axios"; +import { tokenManager } from "../tokenManager"; +import logger from "@server/logger"; +import config from "../config"; + +/** + * Get valid certificates for the specified domains + */ +export async function getValidCertificatesForDomainsHybrid(domains: Set): Promise< + Array<{ + id: number; + domain: string; + certFile: string | null; + keyFile: string | null; + expiresAt: Date | null; + updatedAt?: Date | null; + }> +> { + if (domains.size === 0) { + return []; + } + + const domainArray = Array.from(domains); + + try { + const response = await axios.get( + `${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/certificates/domains`, + { + params: { + domains: domainArray + }, + headers: (await tokenManager.getAuthHeader()).headers + } + ); + + if (response.status !== 200) { + logger.error( + `Failed to fetch certificates for domains: ${response.status} ${response.statusText}`, + { responseData: response.data, domains: domainArray } + ); + return []; + } + + // logger.debug( + // `Successfully retrieved ${response.data.data?.length || 0} certificates for ${domainArray.length} domains` + // ); + + return response.data.data; + } catch (error) { + // pull data out of the axios error to log + if (axios.isAxiosError(error)) { + logger.error("Error getting certificates:", { + message: error.message, + code: error.code, + status: error.response?.status, + statusText: error.response?.statusText, + url: error.config?.url, + method: error.config?.method + }); + } else { + logger.error("Error getting certificates:", error); + } + return []; + } +} + +export async function getValidCertificatesForDomains(domains: Set): Promise< + Array<{ + id: number; + domain: string; + certFile: string | null; + keyFile: string | null; + expiresAt: Date | null; + updatedAt?: Date | null; + }> +> { + return []; // stub +} \ No newline at end of file diff --git a/server/lib/remoteCertificates/index.ts b/server/lib/remoteCertificates/index.ts new file mode 100644 index 00000000..53051b6c --- /dev/null +++ b/server/lib/remoteCertificates/index.ts @@ -0,0 +1 @@ +export * from "./certificates"; \ No newline at end of file diff --git a/server/lib/remoteProxy.ts b/server/lib/remoteProxy.ts new file mode 100644 index 00000000..c9016071 --- /dev/null +++ b/server/lib/remoteProxy.ts @@ -0,0 +1,73 @@ +import { Request, Response, NextFunction } from "express"; +import { Router } from "express"; +import axios from "axios"; +import HttpCode from "@server/types/HttpCode"; +import createHttpError from "http-errors"; +import logger from "@server/logger"; +import config from "@server/lib/config"; +import { tokenManager } from "./tokenManager"; + +/** + * Proxy function that forwards requests to the remote cloud server + */ + +export const proxyToRemote = async ( + req: Request, + res: Response, + next: NextFunction, + endpoint: string +): Promise => { + try { + const remoteUrl = `${config.getRawConfig().managed?.endpoint?.replace(/\/$/, '')}/api/v1/${endpoint}`; + + logger.debug(`Proxying request to remote server: ${remoteUrl}`); + + // Forward the request to the remote server + const response = await axios({ + method: req.method as any, + url: remoteUrl, + data: req.body, + headers: { + 'Content-Type': 'application/json', + ...(await tokenManager.getAuthHeader()).headers + }, + params: req.query, + timeout: 30000, // 30 second timeout + validateStatus: () => true // Don't throw on non-2xx status codes + }); + + logger.debug(`Proxy response: ${JSON.stringify(response.data)}`); + + // Forward the response status and data + return res.status(response.status).json(response.data); + + } catch (error) { + logger.error("Error proxying request to remote server:", error); + + if (axios.isAxiosError(error)) { + if (error.code === 'ECONNREFUSED' || error.code === 'ENOTFOUND') { + return next( + createHttpError( + HttpCode.SERVICE_UNAVAILABLE, + "Remote server is unavailable" + ) + ); + } + if (error.code === 'ECONNABORTED') { + return next( + createHttpError( + HttpCode.REQUEST_TIMEOUT, + "Request to remote server timed out" + ) + ); + } + } + + return next( + createHttpError( + HttpCode.INTERNAL_SERVER_ERROR, + "Error communicating with remote server" + ) + ); + } +}; \ No newline at end of file diff --git a/server/lib/telemetry.ts b/server/lib/telemetry.ts new file mode 100644 index 00000000..cd000767 --- /dev/null +++ b/server/lib/telemetry.ts @@ -0,0 +1,304 @@ +import { PostHog } from "posthog-node"; +import config from "./config"; +import { getHostMeta } from "./hostMeta"; +import logger from "@server/logger"; +import { apiKeys, db, roles } from "@server/db"; +import { sites, users, orgs, resources, clients, idp } from "@server/db"; +import { eq, count, notInArray } from "drizzle-orm"; +import { APP_VERSION } from "./consts"; +import crypto from "crypto"; +import { UserType } from "@server/types/UserTypes"; +import { build } from "@server/build"; + +class TelemetryClient { + private client: PostHog | null = null; + private enabled: boolean; + private intervalId: NodeJS.Timeout | null = null; + + constructor() { + const enabled = config.getRawConfig().app.telemetry.anonymous_usage; + this.enabled = enabled; + const dev = process.env.ENVIRONMENT !== "prod"; + + if (dev) { + return; + } + + if (build !== "oss") { + return; + } + + if (this.enabled) { + this.client = new PostHog( + "phc_QYuATSSZt6onzssWcYJbXLzQwnunIpdGGDTYhzK3VjX", + { + host: "https://digpangolin.com/relay-O7yI" + } + ); + + process.on("exit", () => { + this.client?.shutdown(); + }); + + this.sendStartupEvents().catch((err) => { + logger.error("Failed to send startup telemetry:", err); + }); + + this.startAnalyticsInterval(); + + logger.info( + "Pangolin now gathers anonymous usage data to help us better understand how the software is used and guide future improvements and feature development. You can find more details, including instructions for opting out of this anonymous data collection, at: https://docs.digpangolin.com/telemetry" + ); + } else if (!this.enabled) { + logger.info( + "Analytics usage statistics collection is disabled. If you enable this, you can help us make Pangolin better for everyone. Learn more at: https://docs.digpangolin.com/telemetry" + ); + } + } + + private startAnalyticsInterval() { + this.intervalId = setInterval( + () => { + this.collectAndSendAnalytics().catch((err) => { + logger.error("Failed to collect analytics:", err); + }); + }, + 6 * 60 * 60 * 1000 + ); + + this.collectAndSendAnalytics().catch((err) => { + logger.error("Failed to collect initial analytics:", err); + }); + } + + private anon(value: string): string { + return crypto + .createHash("sha256") + .update(value.toLowerCase()) + .digest("hex"); + } + + private async getSystemStats() { + try { + const [sitesCount] = await db + .select({ count: count() }) + .from(sites); + const [usersCount] = await db + .select({ count: count() }) + .from(users); + const [usersInternalCount] = await db + .select({ count: count() }) + .from(users) + .where(eq(users.type, UserType.Internal)); + const [usersOidcCount] = await db + .select({ count: count() }) + .from(users) + .where(eq(users.type, UserType.OIDC)); + const [orgsCount] = await db.select({ count: count() }).from(orgs); + const [resourcesCount] = await db + .select({ count: count() }) + .from(resources); + const [clientsCount] = await db + .select({ count: count() }) + .from(clients); + const [idpCount] = await db.select({ count: count() }).from(idp); + const [onlineSitesCount] = await db + .select({ count: count() }) + .from(sites) + .where(eq(sites.online, true)); + const [numApiKeys] = await db + .select({ count: count() }) + .from(apiKeys); + const [customRoles] = await db + .select({ count: count() }) + .from(roles) + .where(notInArray(roles.name, ["Admin", "Member"])); + + const adminUsers = await db + .select({ email: users.email }) + .from(users) + .where(eq(users.serverAdmin, true)); + + const resourceDetails = await db + .select({ + name: resources.name, + sso: resources.sso, + protocol: resources.protocol, + http: resources.http + }) + .from(resources); + + const siteDetails = await db + .select({ + siteName: sites.name, + megabytesIn: sites.megabytesIn, + megabytesOut: sites.megabytesOut, + type: sites.type, + online: sites.online + }) + .from(sites); + + const supporterKey = config.getSupporterData(); + + return { + numSites: sitesCount.count, + numUsers: usersCount.count, + numUsersInternal: usersInternalCount.count, + numUsersOidc: usersOidcCount.count, + numOrganizations: orgsCount.count, + numResources: resourcesCount.count, + numClients: clientsCount.count, + numIdentityProviders: idpCount.count, + numSitesOnline: onlineSitesCount.count, + resources: resourceDetails, + adminUsers: adminUsers.map((u) => u.email), + sites: siteDetails, + appVersion: APP_VERSION, + numApiKeys: numApiKeys.count, + numCustomRoles: customRoles.count, + supporterStatus: { + valid: supporterKey?.valid || false, + tier: supporterKey?.tier || "None", + githubUsername: supporterKey?.githubUsername || null + } + }; + } catch (error) { + logger.error("Failed to collect system stats:", error); + throw error; + } + } + + private async sendStartupEvents() { + if (!this.enabled || !this.client) return; + + const hostMeta = await getHostMeta(); + if (!hostMeta) return; + + const stats = await this.getSystemStats(); + + this.client.capture({ + distinctId: hostMeta.hostMetaId, + event: "supporter_status", + properties: { + valid: stats.supporterStatus.valid, + tier: stats.supporterStatus.tier, + github_username: stats.supporterStatus.githubUsername + ? this.anon(stats.supporterStatus.githubUsername) + : "None" + } + }); + + this.client.capture({ + distinctId: hostMeta.hostMetaId, + event: "host_startup", + properties: { + host_id: hostMeta.hostMetaId, + app_version: stats.appVersion, + install_timestamp: hostMeta.createdAt + } + }); + + for (const email of stats.adminUsers) { + // There should only be on admin user, but just in case + if (email) { + this.client.capture({ + distinctId: this.anon(email), + event: "admin_user", + properties: { + host_id: hostMeta.hostMetaId, + app_version: stats.appVersion, + hashed_email: this.anon(email) + } + }); + } + } + } + + private async collectAndSendAnalytics() { + if (!this.enabled || !this.client) return; + + try { + const hostMeta = await getHostMeta(); + if (!hostMeta) { + logger.warn( + "Telemetry: Host meta not found, skipping analytics" + ); + return; + } + + const stats = await this.getSystemStats(); + + this.client.capture({ + distinctId: hostMeta.hostMetaId, + event: "system_analytics", + properties: { + app_version: stats.appVersion, + num_sites: stats.numSites, + num_users: stats.numUsers, + num_users_internal: stats.numUsersInternal, + num_users_oidc: stats.numUsersOidc, + num_organizations: stats.numOrganizations, + num_resources: stats.numResources, + num_clients: stats.numClients, + num_identity_providers: stats.numIdentityProviders, + num_sites_online: stats.numSitesOnline, + resources: stats.resources.map((r) => ({ + name: this.anon(r.name), + sso_enabled: r.sso, + protocol: r.protocol, + http_enabled: r.http + })), + sites: stats.sites.map((s) => ({ + site_name: this.anon(s.siteName), + megabytes_in: s.megabytesIn, + megabytes_out: s.megabytesOut, + type: s.type, + online: s.online + })), + num_api_keys: stats.numApiKeys, + num_custom_roles: stats.numCustomRoles + } + }); + } catch (error) { + logger.error("Failed to send analytics:", error); + } + } + + async sendTelemetry(eventName: string, properties: Record) { + if (!this.enabled || !this.client) return; + + const hostMeta = await getHostMeta(); + if (!hostMeta) { + logger.warn("Telemetry: Host meta not found, skipping telemetry"); + return; + } + + this.client.groupIdentify({ + groupType: "host_id", + groupKey: hostMeta.hostMetaId, + properties + }); + } + + shutdown() { + if (this.intervalId) { + clearInterval(this.intervalId); + this.intervalId = null; + } + + if (this.enabled && this.client) { + this.client.shutdown(); + } + } +} + +let telemetryClient!: TelemetryClient; + +export function initTelemetryClient() { + if (!telemetryClient) { + telemetryClient = new TelemetryClient(); + } + return telemetryClient; +} + +export default telemetryClient; diff --git a/server/lib/tokenManager.ts b/server/lib/tokenManager.ts new file mode 100644 index 00000000..2e0e1118 --- /dev/null +++ b/server/lib/tokenManager.ts @@ -0,0 +1,274 @@ +import axios from "axios"; +import config from "@server/lib/config"; +import logger from "@server/logger"; + +export interface TokenResponse { + success: boolean; + message?: string; + data: { + token: string; + }; +} + +/** + * Token Manager - Handles automatic token refresh for hybrid server authentication + * + * Usage throughout the application: + * ```typescript + * import { tokenManager } from "@server/lib/tokenManager"; + * + * // Get the current valid token + * const token = await tokenManager.getToken(); + * + * // Force refresh if needed + * await tokenManager.refreshToken(); + * ``` + * + * The token manager automatically refreshes tokens every 24 hours by default + * and is started once in the privateHybridServer.ts file. + */ + +export class TokenManager { + private token: string | null = null; + private refreshInterval: NodeJS.Timeout | null = null; + private isRefreshing: boolean = false; + private refreshIntervalMs: number; + private retryInterval: NodeJS.Timeout | null = null; + private retryIntervalMs: number; + private tokenAvailablePromise: Promise | null = null; + private tokenAvailableResolve: (() => void) | null = null; + + constructor(refreshIntervalMs: number = 24 * 60 * 60 * 1000, retryIntervalMs: number = 5000) { + // Default to 24 hours for refresh, 5 seconds for retry + this.refreshIntervalMs = refreshIntervalMs; + this.retryIntervalMs = retryIntervalMs; + this.setupTokenAvailablePromise(); + } + + /** + * Set up promise that resolves when token becomes available + */ + private setupTokenAvailablePromise(): void { + this.tokenAvailablePromise = new Promise((resolve) => { + this.tokenAvailableResolve = resolve; + }); + } + + /** + * Resolve the token available promise + */ + private resolveTokenAvailable(): void { + if (this.tokenAvailableResolve) { + this.tokenAvailableResolve(); + this.tokenAvailableResolve = null; + } + } + + /** + * Start the token manager - gets initial token and sets up refresh interval + * If initial token fetch fails, keeps retrying every few seconds until successful + */ + async start(): Promise { + logger.info("Starting token manager..."); + + try { + await this.refreshToken(); + this.setupRefreshInterval(); + this.resolveTokenAvailable(); + logger.info("Token manager started successfully"); + } catch (error) { + logger.warn(`Failed to get initial token, will retry in ${this.retryIntervalMs / 1000} seconds:`, error); + this.setupRetryInterval(); + } + } + + /** + * Set up retry interval for initial token acquisition + */ + private setupRetryInterval(): void { + if (this.retryInterval) { + clearInterval(this.retryInterval); + } + + this.retryInterval = setInterval(async () => { + try { + logger.debug("Retrying initial token acquisition"); + await this.refreshToken(); + this.setupRefreshInterval(); + this.clearRetryInterval(); + this.resolveTokenAvailable(); + logger.info("Token manager started successfully after retry"); + } catch (error) { + logger.debug("Token acquisition retry failed, will try again"); + } + }, this.retryIntervalMs); + } + + /** + * Clear retry interval + */ + private clearRetryInterval(): void { + if (this.retryInterval) { + clearInterval(this.retryInterval); + this.retryInterval = null; + } + } + + /** + * Stop the token manager and clear all intervals + */ + stop(): void { + if (this.refreshInterval) { + clearInterval(this.refreshInterval); + this.refreshInterval = null; + } + this.clearRetryInterval(); + logger.info("Token manager stopped"); + } + + /** + * Get the current valid token + */ + + // TODO: WE SHOULD NOT BE GETTING A TOKEN EVERY TIME WE REQUEST IT + async getToken(): Promise { + // If we don't have a token yet, wait for it to become available + if (!this.token && this.tokenAvailablePromise) { + await this.tokenAvailablePromise; + } + + if (!this.token) { + if (this.isRefreshing) { + // Wait for current refresh to complete + await this.waitForRefresh(); + } else { + throw new Error("No valid token available"); + } + } + + if (!this.token) { + throw new Error("No valid token available"); + } + + return this.token; + } + + async getAuthHeader() { + return { + headers: { + Authorization: `Bearer ${await this.getToken()}`, + "X-CSRF-Token": "x-csrf-protection", + } + }; + } + + /** + * Force refresh the token + */ + async refreshToken(): Promise { + if (this.isRefreshing) { + await this.waitForRefresh(); + return; + } + + this.isRefreshing = true; + + try { + const hybridConfig = config.getRawConfig().managed; + + if ( + !hybridConfig?.id || + !hybridConfig?.secret || + !hybridConfig?.endpoint + ) { + throw new Error("Hybrid configuration is not defined"); + } + + const tokenEndpoint = `${hybridConfig.endpoint}/api/v1/auth/remoteExitNode/get-token`; + + const tokenData = { + remoteExitNodeId: hybridConfig.id, + secret: hybridConfig.secret + }; + + logger.debug("Requesting new token from server"); + + const response = await axios.post( + tokenEndpoint, + tokenData, + { + headers: { + "Content-Type": "application/json", + "X-CSRF-Token": "x-csrf-protection" + }, + timeout: 10000 // 10 second timeout + } + ); + + if (!response.data.success) { + throw new Error( + `Failed to get token: ${response.data.message}` + ); + } + + if (!response.data.data.token) { + throw new Error("Received empty token from server"); + } + + this.token = response.data.data.token; + logger.debug("Token refreshed successfully"); + } catch (error) { + if (axios.isAxiosError(error)) { + logger.error("Error updating proxy mapping:", { + message: error.message, + code: error.code, + status: error.response?.status, + statusText: error.response?.statusText, + url: error.config?.url, + method: error.config?.method + }); + } else { + logger.error("Error updating proxy mapping:", error); + } + + throw new Error("Failed to refresh token"); + } finally { + this.isRefreshing = false; + } + } + + /** + * Set up automatic token refresh interval + */ + private setupRefreshInterval(): void { + if (this.refreshInterval) { + clearInterval(this.refreshInterval); + } + + this.refreshInterval = setInterval(async () => { + try { + logger.debug("Auto-refreshing token"); + await this.refreshToken(); + } catch (error) { + logger.error("Failed to auto-refresh token:", error); + } + }, this.refreshIntervalMs); + } + + /** + * Wait for current refresh operation to complete + */ + private async waitForRefresh(): Promise { + return new Promise((resolve) => { + const checkInterval = setInterval(() => { + if (!this.isRefreshing) { + clearInterval(checkInterval); + resolve(); + } + }, 100); + }); + } +} + +// Export a singleton instance for use throughout the application +export const tokenManager = new TokenManager(); diff --git a/server/lib/traefikConfig.ts b/server/lib/traefikConfig.ts new file mode 100644 index 00000000..03656506 --- /dev/null +++ b/server/lib/traefikConfig.ts @@ -0,0 +1,907 @@ +import * as fs from "fs"; +import * as path from "path"; +import config from "@server/lib/config"; +import logger from "@server/logger"; +import * as yaml from "js-yaml"; +import axios from "axios"; +import { db, exitNodes } from "@server/db"; +import { eq } from "drizzle-orm"; +import { tokenManager } from "./tokenManager"; +import { + getCurrentExitNodeId, + getTraefikConfig +} from "@server/routers/traefik"; +import { + getValidCertificatesForDomains, + getValidCertificatesForDomainsHybrid +} from "./remoteCertificates"; + +export class TraefikConfigManager { + private intervalId: NodeJS.Timeout | null = null; + private isRunning = false; + private activeDomains = new Set(); + private timeoutId: NodeJS.Timeout | null = null; + private lastCertificateFetch: Date | null = null; + private lastKnownDomains = new Set(); + private lastLocalCertificateState = new Map< + string, + { + exists: boolean; + lastModified: Date | null; + expiresAt: Date | null; + } + >(); + + constructor() {} + + /** + * Start monitoring certificates + */ + private scheduleNextExecution(): void { + const intervalMs = config.getRawConfig().traefik.monitor_interval; + const now = Date.now(); + const nextExecution = Math.ceil(now / intervalMs) * intervalMs; + const delay = nextExecution - now; + + this.timeoutId = setTimeout(async () => { + try { + await this.HandleTraefikConfig(); + } catch (error) { + logger.error("Error during certificate monitoring:", error); + } + + if (this.isRunning) { + this.scheduleNextExecution(); // Schedule the next execution + } + }, delay); + } + + async start(): Promise { + if (this.isRunning) { + logger.info("Certificate monitor is already running"); + return; + } + this.isRunning = true; + logger.info(`Starting certificate monitor for exit node`); + + // Ensure certificates directory exists + await this.ensureDirectoryExists( + config.getRawConfig().traefik.certificates_path + ); + + // Initialize local certificate state + this.lastLocalCertificateState = await this.scanLocalCertificateState(); + logger.info( + `Found ${this.lastLocalCertificateState.size} existing certificate directories` + ); + + // Run initial check + await this.HandleTraefikConfig(); + + // Start synchronized scheduling + this.scheduleNextExecution(); + + logger.info( + `Certificate monitor started with synchronized ${ + config.getRawConfig().traefik.monitor_interval + }ms interval` + ); + } + /** + * Stop monitoring certificates + */ + stop(): void { + if (!this.isRunning) { + logger.info("Certificate monitor is not running"); + return; + } + + if (this.intervalId) { + clearInterval(this.intervalId); + this.intervalId = null; + } + + this.isRunning = false; + logger.info("Certificate monitor stopped"); + } + + /** + * Scan local certificate directories to build current state + */ + private async scanLocalCertificateState(): Promise< + Map< + string, + { + exists: boolean; + lastModified: Date | null; + expiresAt: Date | null; + } + > + > { + const state = new Map(); + const certsPath = config.getRawConfig().traefik.certificates_path; + + try { + if (!fs.existsSync(certsPath)) { + return state; + } + + const certDirs = fs.readdirSync(certsPath, { withFileTypes: true }); + + for (const dirent of certDirs) { + if (!dirent.isDirectory()) continue; + + const domain = dirent.name; + const domainDir = path.join(certsPath, domain); + const certPath = path.join(domainDir, "cert.pem"); + const keyPath = path.join(domainDir, "key.pem"); + const lastUpdatePath = path.join(domainDir, ".last_update"); + + const certExists = await this.fileExists(certPath); + const keyExists = await this.fileExists(keyPath); + const lastUpdateExists = await this.fileExists(lastUpdatePath); + + let lastModified: Date | null = null; + const expiresAt: Date | null = null; + + if (lastUpdateExists) { + try { + const lastUpdateStr = fs + .readFileSync(lastUpdatePath, "utf8") + .trim(); + lastModified = new Date(lastUpdateStr); + } catch { + // If we can't read the last update, fall back to file stats + try { + const stats = fs.statSync(certPath); + lastModified = stats.mtime; + } catch { + lastModified = null; + } + } + } + + state.set(domain, { + exists: certExists && keyExists, + lastModified, + expiresAt + }); + } + } catch (error) { + logger.error("Error scanning local certificate state:", error); + } + + return state; + } + + /** + * Check if we need to fetch certificates from remote + */ + private shouldFetchCertificates(currentDomains: Set): boolean { + // Always fetch on first run + if (!this.lastCertificateFetch) { + return true; + } + + // Fetch if it's been more than 24 hours (for renewals) + const dayInMs = 24 * 60 * 60 * 1000; + const timeSinceLastFetch = + Date.now() - this.lastCertificateFetch.getTime(); + if (timeSinceLastFetch > dayInMs) { + logger.info("Fetching certificates due to 24-hour renewal check"); + return true; + } + + // Fetch if domains have changed + if ( + this.lastKnownDomains.size !== currentDomains.size || + !Array.from(this.lastKnownDomains).every((domain) => + currentDomains.has(domain) + ) + ) { + logger.info("Fetching certificates due to domain changes"); + return true; + } + + // Check if any local certificates are missing or appear to be outdated + for (const domain of currentDomains) { + const localState = this.lastLocalCertificateState.get(domain); + if (!localState || !localState.exists) { + logger.info( + `Fetching certificates due to missing local cert for ${domain}` + ); + return true; + } + + // Check if certificate is expiring soon (within 30 days) + if (localState.expiresAt) { + const daysUntilExpiry = + (localState.expiresAt.getTime() - Date.now()) / + (1000 * 60 * 60 * 24); + if (daysUntilExpiry < 30) { + logger.info( + `Fetching certificates due to upcoming expiry for ${domain} (${Math.round(daysUntilExpiry)} days remaining)` + ); + return true; + } + } + } + + return false; + } + + /** + * Main monitoring logic + */ + lastActiveDomains: Set = new Set(); + public async HandleTraefikConfig(): Promise { + try { + // Get all active domains for this exit node via HTTP call + const getTraefikConfig = await this.getTraefikConfig(); + + if (!getTraefikConfig) { + logger.error( + "Failed to fetch active domains from traefik config" + ); + return; + } + + const { domains, traefikConfig } = getTraefikConfig; + + // Add static domains from config + // const staticDomains = [config.getRawConfig().app.dashboard_url]; + // staticDomains.forEach((domain) => domains.add(domain)); + + // Log if domains changed + if ( + this.lastActiveDomains.size !== domains.size || + !Array.from(this.lastActiveDomains).every((domain) => + domains.has(domain) + ) + ) { + logger.info( + `Active domains changed for exit node: ${Array.from(domains).join(", ")}` + ); + this.lastActiveDomains = new Set(domains); + } + + // Scan current local certificate state + this.lastLocalCertificateState = + await this.scanLocalCertificateState(); + + // Only fetch certificates if needed (domain changes, missing certs, or daily renewal check) + let validCertificates: Array<{ + id: number; + domain: string; + certFile: string | null; + keyFile: string | null; + expiresAt: Date | null; + updatedAt?: Date | null; + }> = []; + + if (this.shouldFetchCertificates(domains)) { + // Get valid certificates for active domains + if (config.isManagedMode()) { + validCertificates = + await getValidCertificatesForDomainsHybrid(domains); + } else { + validCertificates = + await getValidCertificatesForDomains(domains); + } + this.lastCertificateFetch = new Date(); + this.lastKnownDomains = new Set(domains); + + logger.info( + `Fetched ${validCertificates.length} certificates from remote` + ); + + // Download and decrypt new certificates + await this.processValidCertificates(validCertificates); + } else { + const timeSinceLastFetch = this.lastCertificateFetch + ? Math.round( + (Date.now() - this.lastCertificateFetch.getTime()) / + (1000 * 60) + ) + : 0; + + // logger.debug( + // `Skipping certificate fetch - no changes detected and within 24-hour window (last fetch: ${timeSinceLastFetch} minutes ago)` + // ); + + // Still need to ensure config is up to date with existing certificates + await this.updateDynamicConfigFromLocalCerts(domains); + } + + // Clean up certificates for domains no longer in use + await this.cleanupUnusedCertificates(domains); + + // wait 1 second for traefik to pick up the new certificates + await new Promise((resolve) => setTimeout(resolve, 500)); + + // Write traefik config as YAML to a second dynamic config file if changed + await this.writeTraefikDynamicConfig(traefikConfig); + + // Send domains to SNI proxy + try { + let exitNode; + if (config.getRawConfig().gerbil.exit_node_name) { + const exitNodeName = + config.getRawConfig().gerbil.exit_node_name!; + [exitNode] = await db + .select() + .from(exitNodes) + .where(eq(exitNodes.name, exitNodeName)) + .limit(1); + } else { + [exitNode] = await db.select().from(exitNodes).limit(1); + } + if (exitNode) { + try { + await axios.post( + `${exitNode.reachableAt}/update-local-snis`, + { fullDomains: Array.from(domains) }, + { headers: { "Content-Type": "application/json" } } + ); + } catch (error) { + // pull data out of the axios error to log + if (axios.isAxiosError(error)) { + logger.error("Error updating local SNI:", { + message: error.message, + code: error.code, + status: error.response?.status, + statusText: error.response?.statusText, + url: error.config?.url, + method: error.config?.method + }); + } else { + logger.error("Error updating local SNI:", error); + } + } + } else { + logger.error( + "No exit node found. Has gerbil registered yet?" + ); + } + } catch (err) { + logger.error("Failed to post domains to SNI proxy:", err); + } + + // Update active domains tracking + this.activeDomains = domains; + } catch (error) { + logger.error("Error in traefik config monitoring cycle:", error); + } + } + + /** + * Get all domains currently in use from traefik config API + */ + private async getTraefikConfig(): Promise<{ + domains: Set; + traefikConfig: any; + } | null> { + let traefikConfig; + try { + if (config.isManagedMode()) { + const resp = await axios.get( + `${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/traefik-config`, + await tokenManager.getAuthHeader() + ); + + if (resp.status !== 200) { + logger.error( + `Failed to fetch traefik config: ${resp.status} ${resp.statusText}`, + { responseData: resp.data } + ); + return null; + } + + traefikConfig = resp.data.data; + } else { + const currentExitNode = await getCurrentExitNodeId(); + traefikConfig = await getTraefikConfig( + currentExitNode, + config.getRawConfig().traefik.site_types + ); + } + + const domains = new Set(); + + if (traefikConfig?.http?.routers) { + for (const router of Object.values( + traefikConfig.http.routers + )) { + if (router.rule && typeof router.rule === "string") { + // Match Host(`domain`) + const match = router.rule.match(/Host\(`([^`]+)`\)/); + if (match && match[1]) { + domains.add(match[1]); + } + } + } + } + + // logger.debug( + // `Successfully retrieved traefik config: ${JSON.stringify(traefikConfig)}` + // ); + + const badgerMiddlewareName = "badger"; + if (traefikConfig?.http?.middlewares) { + traefikConfig.http.middlewares[badgerMiddlewareName] = { + plugin: { + [badgerMiddlewareName]: { + apiBaseUrl: new URL( + "/api/v1", + `http://${ + config.getRawConfig().server + .internal_hostname + }:${config.getRawConfig().server.internal_port}` + ).href, + userSessionCookieName: + config.getRawConfig().server + .session_cookie_name, + + // deprecated + accessTokenQueryParam: + config.getRawConfig().server + .resource_access_token_param, + + resourceSessionRequestParam: + config.getRawConfig().server + .resource_session_request_param + } + } + }; + } + + return { domains, traefikConfig }; + } catch (error) { + // pull data out of the axios error to log + if (axios.isAxiosError(error)) { + logger.error("Error fetching traefik config:", { + message: error.message, + code: error.code, + status: error.response?.status, + statusText: error.response?.statusText, + url: error.config?.url, + method: error.config?.method + }); + } else { + logger.error("Error fetching traefik config:", error); + } + return null; + } + } + + /** + * Write traefik config as YAML to a second dynamic config file if changed + */ + private async writeTraefikDynamicConfig(traefikConfig: any): Promise { + const traefikDynamicConfigPath = + config.getRawConfig().traefik.dynamic_router_config_path; + let shouldWrite = false; + let oldJson = ""; + if (fs.existsSync(traefikDynamicConfigPath)) { + try { + const oldContent = fs.readFileSync( + traefikDynamicConfigPath, + "utf8" + ); + // Try to parse as YAML then JSON.stringify for comparison + const oldObj = yaml.load(oldContent); + oldJson = JSON.stringify(oldObj); + } catch { + oldJson = ""; + } + } + const newJson = JSON.stringify(traefikConfig); + if (oldJson !== newJson) { + shouldWrite = true; + } + if (shouldWrite) { + try { + fs.writeFileSync( + traefikDynamicConfigPath, + yaml.dump(traefikConfig, { noRefs: true }), + "utf8" + ); + logger.info("Traefik dynamic config updated"); + } catch (err) { + logger.error("Failed to write traefik dynamic config:", err); + } + } + } + + /** + * Update dynamic config from existing local certificates without fetching from remote + */ + private async updateDynamicConfigFromLocalCerts( + domains: Set + ): Promise { + const dynamicConfigPath = + config.getRawConfig().traefik.dynamic_cert_config_path; + + // Load existing dynamic config if it exists, otherwise initialize + let dynamicConfig: any = { tls: { certificates: [] } }; + if (fs.existsSync(dynamicConfigPath)) { + try { + const fileContent = fs.readFileSync(dynamicConfigPath, "utf8"); + dynamicConfig = yaml.load(fileContent) || dynamicConfig; + if (!dynamicConfig.tls) + dynamicConfig.tls = { certificates: [] }; + if (!Array.isArray(dynamicConfig.tls.certificates)) { + dynamicConfig.tls.certificates = []; + } + } catch (err) { + logger.error("Failed to load existing dynamic config:", err); + } + } + + // Keep a copy of the original config for comparison + const originalConfigYaml = yaml.dump(dynamicConfig, { noRefs: true }); + + // Clear existing certificates and rebuild from local state + dynamicConfig.tls.certificates = []; + + for (const domain of domains) { + const localState = this.lastLocalCertificateState.get(domain); + if (localState && localState.exists) { + const domainDir = path.join( + config.getRawConfig().traefik.certificates_path, + domain + ); + const certPath = path.join(domainDir, "cert.pem"); + const keyPath = path.join(domainDir, "key.pem"); + + const certEntry = { + certFile: certPath, + keyFile: keyPath + }; + dynamicConfig.tls.certificates.push(certEntry); + } + } + + // Only write the config if it has changed + const newConfigYaml = yaml.dump(dynamicConfig, { noRefs: true }); + if (newConfigYaml !== originalConfigYaml) { + fs.writeFileSync(dynamicConfigPath, newConfigYaml, "utf8"); + logger.info("Dynamic cert config updated from local certificates"); + } + } + + /** + * Process valid certificates - download and decrypt them + */ + private async processValidCertificates( + validCertificates: Array<{ + id: number; + domain: string; + certFile: string | null; + keyFile: string | null; + expiresAt: Date | null; + updatedAt?: Date | null; + }> + ): Promise { + const dynamicConfigPath = + config.getRawConfig().traefik.dynamic_cert_config_path; + + // Load existing dynamic config if it exists, otherwise initialize + let dynamicConfig: any = { tls: { certificates: [] } }; + if (fs.existsSync(dynamicConfigPath)) { + try { + const fileContent = fs.readFileSync(dynamicConfigPath, "utf8"); + dynamicConfig = yaml.load(fileContent) || dynamicConfig; + if (!dynamicConfig.tls) + dynamicConfig.tls = { certificates: [] }; + if (!Array.isArray(dynamicConfig.tls.certificates)) { + dynamicConfig.tls.certificates = []; + } + } catch (err) { + logger.error("Failed to load existing dynamic config:", err); + } + } + + // Keep a copy of the original config for comparison + const originalConfigYaml = yaml.dump(dynamicConfig, { noRefs: true }); + + for (const cert of validCertificates) { + try { + if (!cert.certFile || !cert.keyFile) { + logger.warn( + `Certificate for domain ${cert.domain} is missing cert or key file` + ); + continue; + } + + const domainDir = path.join( + config.getRawConfig().traefik.certificates_path, + cert.domain + ); + await this.ensureDirectoryExists(domainDir); + + const certPath = path.join(domainDir, "cert.pem"); + const keyPath = path.join(domainDir, "key.pem"); + const lastUpdatePath = path.join(domainDir, ".last_update"); + + // Check if we need to update the certificate + const shouldUpdate = await this.shouldUpdateCertificate( + cert, + certPath, + keyPath, + lastUpdatePath + ); + + if (shouldUpdate) { + logger.info( + `Processing certificate for domain: ${cert.domain}` + ); + + fs.writeFileSync(certPath, cert.certFile, "utf8"); + fs.writeFileSync(keyPath, cert.keyFile, "utf8"); + + // Set appropriate permissions (readable by owner only for key file) + fs.chmodSync(certPath, 0o644); + fs.chmodSync(keyPath, 0o600); + + // Write/update .last_update file with current timestamp + fs.writeFileSync( + lastUpdatePath, + new Date().toISOString(), + "utf8" + ); + + logger.info( + `Certificate updated for domain: ${cert.domain}` + ); + + // Update local state tracking + this.lastLocalCertificateState.set(cert.domain, { + exists: true, + lastModified: new Date(), + expiresAt: cert.expiresAt + }); + } + + // Always ensure the config entry exists and is up to date + const certEntry = { + certFile: certPath, + keyFile: keyPath + }; + // Remove any existing entry for this cert/key path + dynamicConfig.tls.certificates = + dynamicConfig.tls.certificates.filter( + (entry: any) => + entry.certFile !== certEntry.certFile || + entry.keyFile !== certEntry.keyFile + ); + dynamicConfig.tls.certificates.push(certEntry); + } catch (error) { + logger.error( + `Error processing certificate for domain ${cert.domain}:`, + error + ); + } + } + + // Only write the config if it has changed + const newConfigYaml = yaml.dump(dynamicConfig, { noRefs: true }); + if (newConfigYaml !== originalConfigYaml) { + fs.writeFileSync(dynamicConfigPath, newConfigYaml, "utf8"); + logger.info("Dynamic cert config updated"); + } + } + + /** + * Check if certificate should be updated + */ + private async shouldUpdateCertificate( + cert: { + id: number; + domain: string; + expiresAt: Date | null; + updatedAt?: Date | null; + }, + certPath: string, + keyPath: string, + lastUpdatePath: string + ): Promise { + try { + // If files don't exist, we need to create them + const certExists = await this.fileExists(certPath); + const keyExists = await this.fileExists(keyPath); + const lastUpdateExists = await this.fileExists(lastUpdatePath); + + if (!certExists || !keyExists || !lastUpdateExists) { + return true; + } + + // Read last update time from .last_update file + let lastUpdateTime: Date | null = null; + try { + const lastUpdateStr = fs + .readFileSync(lastUpdatePath, "utf8") + .trim(); + lastUpdateTime = new Date(lastUpdateStr); + } catch { + lastUpdateTime = null; + } + + // Use updatedAt from cert, fallback to expiresAt if not present + const dbUpdateTime = cert.updatedAt ?? cert.expiresAt; + + if (!dbUpdateTime) { + // If no update time in DB, always update + return true; + } + + // If DB updatedAt is newer than last update file, update + if (!lastUpdateTime || dbUpdateTime > lastUpdateTime) { + return true; + } + + return false; + } catch (error) { + logger.error( + `Error checking certificate update status for ${cert.domain}:`, + error + ); + return true; // When in doubt, update + } + } + + /** + * Clean up certificates for domains no longer in use + */ + private async cleanupUnusedCertificates( + currentActiveDomains: Set + ): Promise { + try { + const certsPath = config.getRawConfig().traefik.certificates_path; + const dynamicConfigPath = + config.getRawConfig().traefik.dynamic_cert_config_path; + + // Load existing dynamic config if it exists + let dynamicConfig: any = { tls: { certificates: [] } }; + if (fs.existsSync(dynamicConfigPath)) { + try { + const fileContent = fs.readFileSync( + dynamicConfigPath, + "utf8" + ); + dynamicConfig = yaml.load(fileContent) || dynamicConfig; + if (!dynamicConfig.tls) + dynamicConfig.tls = { certificates: [] }; + if (!Array.isArray(dynamicConfig.tls.certificates)) { + dynamicConfig.tls.certificates = []; + } + } catch (err) { + logger.error( + "Failed to load existing dynamic config:", + err + ); + } + } + + const certDirs = fs.readdirSync(certsPath, { + withFileTypes: true + }); + + let configChanged = false; + + for (const dirent of certDirs) { + if (!dirent.isDirectory()) continue; + + const dirName = dirent.name; + // Only delete if NO current domain is exactly the same or ends with `.${dirName}` + const shouldDelete = !Array.from(currentActiveDomains).some( + (domain) => + domain === dirName || domain.endsWith(`.${dirName}`) + ); + + if (shouldDelete) { + const domainDir = path.join(certsPath, dirName); + logger.info( + `Cleaning up unused certificate directory: ${dirName}` + ); + fs.rmSync(domainDir, { recursive: true, force: true }); + + // Remove from local state tracking + this.lastLocalCertificateState.delete(dirName); + + // Remove from dynamic config + const certFilePath = path.join( + domainDir, + "cert.pem" + ); + const keyFilePath = path.join( + domainDir, + "key.pem" + ); + const before = dynamicConfig.tls.certificates.length; + dynamicConfig.tls.certificates = + dynamicConfig.tls.certificates.filter( + (entry: any) => + entry.certFile !== certFilePath && + entry.keyFile !== keyFilePath + ); + if (dynamicConfig.tls.certificates.length !== before) { + configChanged = true; + } + } + } + + if (configChanged) { + try { + fs.writeFileSync( + dynamicConfigPath, + yaml.dump(dynamicConfig, { noRefs: true }), + "utf8" + ); + logger.info("Dynamic config updated after cleanup"); + } catch (err) { + logger.error( + "Failed to update dynamic config after cleanup:", + err + ); + } + } + } catch (error) { + logger.error("Error during certificate cleanup:", error); + } + } + + /** + * Ensure directory exists + */ + private async ensureDirectoryExists(dirPath: string): Promise { + try { + fs.mkdirSync(dirPath, { recursive: true }); + } catch (error) { + logger.error(`Error creating directory ${dirPath}:`, error); + throw error; + } + } + + /** + * Check if file exists + */ + private async fileExists(filePath: string): Promise { + try { + fs.accessSync(filePath); + return true; + } catch { + return false; + } + } + + /** + * Force a certificate refresh regardless of cache state + */ + public async forceCertificateRefresh(): Promise { + logger.info("Forcing certificate refresh"); + this.lastCertificateFetch = null; + this.lastKnownDomains = new Set(); + await this.HandleTraefikConfig(); + } + + /** + * Get current status + */ + getStatus(): { + isRunning: boolean; + activeDomains: string[]; + monitorInterval: number; + lastCertificateFetch: Date | null; + localCertificateCount: number; + } { + return { + isRunning: this.isRunning, + activeDomains: Array.from(this.activeDomains), + monitorInterval: + config.getRawConfig().traefik.monitor_interval || 5000, + lastCertificateFetch: this.lastCertificateFetch, + localCertificateCount: this.lastLocalCertificateState.size + }; + } +} diff --git a/server/license/license.ts b/server/license/license.ts index 0adc54fd..aeb628df 100644 --- a/server/license/license.ts +++ b/server/license/license.ts @@ -5,7 +5,7 @@ import NodeCache from "node-cache"; import { validateJWT } from "./licenseJwt"; import { count, eq } from "drizzle-orm"; import moment from "moment"; -import { setHostMeta } from "@server/setup/setHostMeta"; +import { setHostMeta } from "@server/lib/hostMeta"; import { encrypt, decrypt } from "@server/lib/crypto"; const keyTypes = ["HOST", "SITES"] as const; diff --git a/server/logger.ts b/server/logger.ts index cd12d735..15dd6e3f 100644 --- a/server/logger.ts +++ b/server/logger.ts @@ -3,6 +3,7 @@ import config from "@server/lib/config"; import * as winston from "winston"; import path from "path"; import { APP_PATH } from "./lib/consts"; +import telemetryClient from "./lib/telemetry"; const hformat = winston.format.printf( ({ level, label, message, timestamp, stack, ...metadata }) => { diff --git a/server/middlewares/index.ts b/server/middlewares/index.ts index b1180995..28a73afd 100644 --- a/server/middlewares/index.ts +++ b/server/middlewares/index.ts @@ -27,3 +27,4 @@ export * from "./verifyApiKeyAccess"; export * from "./verifyDomainAccess"; export * from "./verifyClientsEnabled"; export * from "./verifyUserIsOrgOwner"; +export * from "./verifySiteResourceAccess"; diff --git a/server/middlewares/integration/index.ts b/server/middlewares/integration/index.ts index 19bf128e..4caf017b 100644 --- a/server/middlewares/integration/index.ts +++ b/server/middlewares/integration/index.ts @@ -10,3 +10,4 @@ export * from "./verifyApiKeySetResourceUsers"; export * from "./verifyAccessTokenAccess"; export * from "./verifyApiKeyIsRoot"; export * from "./verifyApiKeyApiKeyAccess"; +export * from "./verifyApiKeyClientAccess"; diff --git a/server/middlewares/integration/verifyApiKeyApiKeyAccess.ts b/server/middlewares/integration/verifyApiKeyApiKeyAccess.ts index 1441589d..ad5b7fc4 100644 --- a/server/middlewares/integration/verifyApiKeyApiKeyAccess.ts +++ b/server/middlewares/integration/verifyApiKeyApiKeyAccess.ts @@ -35,6 +35,11 @@ export async function verifyApiKeyApiKeyAccess( ); } + if (callerApiKey.isRoot) { + // Root keys can access any key in any org + return next(); + } + const [callerApiKeyOrg] = await db .select() .from(apiKeyOrg) diff --git a/server/middlewares/integration/verifyApiKeyClientAccess.ts b/server/middlewares/integration/verifyApiKeyClientAccess.ts new file mode 100644 index 00000000..e5ed624d --- /dev/null +++ b/server/middlewares/integration/verifyApiKeyClientAccess.ts @@ -0,0 +1,91 @@ +import { Request, Response, NextFunction } from "express"; +import { clients, db } from "@server/db"; +import { apiKeyOrg } from "@server/db"; +import { and, eq } from "drizzle-orm"; +import createHttpError from "http-errors"; +import HttpCode from "@server/types/HttpCode"; + +export async function verifyApiKeyClientAccess( + req: Request, + res: Response, + next: NextFunction +) { + try { + const apiKey = req.apiKey; + const clientId = parseInt( + req.params.clientId || req.body.clientId || req.query.clientId + ); + + if (!apiKey) { + return next( + createHttpError(HttpCode.UNAUTHORIZED, "Key not authenticated") + ); + } + + if (isNaN(clientId)) { + return next( + createHttpError(HttpCode.BAD_REQUEST, "Invalid client ID") + ); + } + + if (apiKey.isRoot) { + // Root keys can access any key in any org + return next(); + } + + const client = await db + .select() + .from(clients) + .where(eq(clients.clientId, clientId)) + .limit(1); + + if (client.length === 0) { + return next( + createHttpError( + HttpCode.NOT_FOUND, + `Client with ID ${clientId} not found` + ) + ); + } + + if (!client[0].orgId) { + return next( + createHttpError( + HttpCode.INTERNAL_SERVER_ERROR, + `Client with ID ${clientId} does not have an organization ID` + ) + ); + } + + if (!req.apiKeyOrg) { + const apiKeyOrgRes = await db + .select() + .from(apiKeyOrg) + .where( + and( + eq(apiKeyOrg.apiKeyId, apiKey.apiKeyId), + eq(apiKeyOrg.orgId, client[0].orgId) + ) + ); + req.apiKeyOrg = apiKeyOrgRes[0]; + } + + if (!req.apiKeyOrg) { + return next( + createHttpError( + HttpCode.FORBIDDEN, + "Key does not have access to this organization" + ) + ); + } + + return next(); + } catch (error) { + return next( + createHttpError( + HttpCode.INTERNAL_SERVER_ERROR, + "Error verifying site access" + ) + ); + } +} diff --git a/server/middlewares/integration/verifyApiKeyOrgAccess.ts b/server/middlewares/integration/verifyApiKeyOrgAccess.ts index 84ba7fe9..c705dc0f 100644 --- a/server/middlewares/integration/verifyApiKeyOrgAccess.ts +++ b/server/middlewares/integration/verifyApiKeyOrgAccess.ts @@ -27,6 +27,11 @@ export async function verifyApiKeyOrgAccess( ); } + if (req.apiKey?.isRoot) { + // Root keys can access any key in any org + return next(); + } + if (!req.apiKeyOrg) { const apiKeyOrgRes = await db .select() diff --git a/server/middlewares/integration/verifyApiKeyResourceAccess.ts b/server/middlewares/integration/verifyApiKeyResourceAccess.ts index 2473c814..184ee73c 100644 --- a/server/middlewares/integration/verifyApiKeyResourceAccess.ts +++ b/server/middlewares/integration/verifyApiKeyResourceAccess.ts @@ -37,6 +37,11 @@ export async function verifyApiKeyResourceAccess( ); } + if (apiKey.isRoot) { + // Root keys can access any key in any org + return next(); + } + if (!resource.orgId) { return next( createHttpError( diff --git a/server/middlewares/integration/verifyApiKeyRoleAccess.ts b/server/middlewares/integration/verifyApiKeyRoleAccess.ts index 0df10913..ffe223a6 100644 --- a/server/middlewares/integration/verifyApiKeyRoleAccess.ts +++ b/server/middlewares/integration/verifyApiKeyRoleAccess.ts @@ -45,6 +45,11 @@ export async function verifyApiKeyRoleAccess( ); } + if (apiKey.isRoot) { + // Root keys can access any key in any org + return next(); + } + const orgIds = new Set(rolesData.map((role) => role.orgId)); for (const role of rolesData) { diff --git a/server/middlewares/integration/verifyApiKeySetResourceUsers.ts b/server/middlewares/integration/verifyApiKeySetResourceUsers.ts index cbb2b598..9c96e6ec 100644 --- a/server/middlewares/integration/verifyApiKeySetResourceUsers.ts +++ b/server/middlewares/integration/verifyApiKeySetResourceUsers.ts @@ -32,6 +32,11 @@ export async function verifyApiKeySetResourceUsers( return next(createHttpError(HttpCode.BAD_REQUEST, "Invalid user IDs")); } + if (apiKey.isRoot) { + // Root keys can access any key in any org + return next(); + } + if (userIds.length === 0) { return next(); } diff --git a/server/middlewares/integration/verifyApiKeySiteAccess.ts b/server/middlewares/integration/verifyApiKeySiteAccess.ts index 35ec3b6a..0a310d15 100644 --- a/server/middlewares/integration/verifyApiKeySiteAccess.ts +++ b/server/middlewares/integration/verifyApiKeySiteAccess.ts @@ -1,9 +1,6 @@ import { Request, Response, NextFunction } from "express"; import { db } from "@server/db"; -import { - sites, - apiKeyOrg -} from "@server/db"; +import { sites, apiKeyOrg } from "@server/db"; import { and, eq, or } from "drizzle-orm"; import createHttpError from "http-errors"; import HttpCode from "@server/types/HttpCode"; @@ -31,6 +28,11 @@ export async function verifyApiKeySiteAccess( ); } + if (apiKey.isRoot) { + // Root keys can access any key in any org + return next(); + } + const site = await db .select() .from(sites) diff --git a/server/middlewares/integration/verifyApiKeyTargetAccess.ts b/server/middlewares/integration/verifyApiKeyTargetAccess.ts index f810e4a2..71146c15 100644 --- a/server/middlewares/integration/verifyApiKeyTargetAccess.ts +++ b/server/middlewares/integration/verifyApiKeyTargetAccess.ts @@ -66,6 +66,11 @@ export async function verifyApiKeyTargetAccess( ); } + if (apiKey.isRoot) { + // Root keys can access any key in any org + return next(); + } + if (!resource.orgId) { return next( createHttpError( diff --git a/server/middlewares/integration/verifyApiKeyUserAccess.ts b/server/middlewares/integration/verifyApiKeyUserAccess.ts index 070ae5ac..a69489bf 100644 --- a/server/middlewares/integration/verifyApiKeyUserAccess.ts +++ b/server/middlewares/integration/verifyApiKeyUserAccess.ts @@ -27,6 +27,11 @@ export async function verifyApiKeyUserAccess( ); } + if (apiKey.isRoot) { + // Root keys can access any key in any org + return next(); + } + if (!req.apiKeyOrg || !req.apiKeyOrg.orgId) { return next( createHttpError( diff --git a/server/middlewares/verifySiteResourceAccess.ts b/server/middlewares/verifySiteResourceAccess.ts new file mode 100644 index 00000000..e7fefd24 --- /dev/null +++ b/server/middlewares/verifySiteResourceAccess.ts @@ -0,0 +1,62 @@ +import { Request, Response, NextFunction } from "express"; +import { db } from "@server/db"; +import { siteResources } from "@server/db"; +import { eq, and } from "drizzle-orm"; +import createHttpError from "http-errors"; +import HttpCode from "@server/types/HttpCode"; +import logger from "@server/logger"; + +export async function verifySiteResourceAccess( + req: Request, + res: Response, + next: NextFunction +): Promise { + try { + const siteResourceId = parseInt(req.params.siteResourceId); + const siteId = parseInt(req.params.siteId); + const orgId = req.params.orgId; + + if (!siteResourceId || !siteId || !orgId) { + return next( + createHttpError( + HttpCode.BAD_REQUEST, + "Missing required parameters" + ) + ); + } + + // Check if the site resource exists and belongs to the specified site and org + const [siteResource] = await db + .select() + .from(siteResources) + .where(and( + eq(siteResources.siteResourceId, siteResourceId), + eq(siteResources.siteId, siteId), + eq(siteResources.orgId, orgId) + )) + .limit(1); + + if (!siteResource) { + return next( + createHttpError( + HttpCode.NOT_FOUND, + "Site resource not found" + ) + ); + } + + // Attach the siteResource to the request for use in the next middleware/route + // @ts-ignore - Extending Request type + req.siteResource = siteResource; + + next(); + } catch (error) { + logger.error("Error verifying site resource access:", error); + return next( + createHttpError( + HttpCode.INTERNAL_SERVER_ERROR, + "Error verifying site resource access" + ) + ); + } +} diff --git a/server/nextServer.ts b/server/nextServer.ts index e12c06e6..4c96d04f 100644 --- a/server/nextServer.ts +++ b/server/nextServer.ts @@ -15,7 +15,7 @@ export async function createNextServer() { const nextServer = express(); - nextServer.all("*", (req, res) => { + nextServer.all("/{*splat}", (req, res) => { const parsedUrl = parse(req.url!, true); return handle(req, res, parsedUrl); }); diff --git a/server/routers/apiKeys/createRootApiKey.ts b/server/routers/apiKeys/createRootApiKey.ts index 095d952b..0754574a 100644 --- a/server/routers/apiKeys/createRootApiKey.ts +++ b/server/routers/apiKeys/createRootApiKey.ts @@ -63,15 +63,6 @@ export async function createRootApiKey( lastChars, isRoot: true }); - - const allOrgs = await trx.select().from(orgs); - - for (const org of allOrgs) { - await trx.insert(apiKeyOrg).values({ - apiKeyId, - orgId: org.orgId - }); - } }); try { diff --git a/server/routers/auth/index.ts b/server/routers/auth/index.ts index cc8fd630..505d12c2 100644 --- a/server/routers/auth/index.ts +++ b/server/routers/auth/index.ts @@ -10,6 +10,7 @@ export * from "./resetPassword"; export * from "./requestPasswordReset"; export * from "./setServerAdmin"; export * from "./initialSetupComplete"; +export * from "./validateSetupToken"; export * from "./changePassword"; export * from "./checkResourceSession"; export * from "./securityKey"; diff --git a/server/routers/auth/securityKey.ts b/server/routers/auth/securityKey.ts index dad3c692..6b014986 100644 --- a/server/routers/auth/securityKey.ts +++ b/server/routers/auth/securityKey.ts @@ -36,16 +36,16 @@ import { verifyTotpCode } from "@server/auth/totp"; // The RP ID is the domain name of your application const rpID = (() => { - const url = new URL(config.getRawConfig().app.dashboard_url); + const url = config.getRawConfig().app.dashboard_url ? new URL(config.getRawConfig().app.dashboard_url!) : undefined; // For localhost, we must use 'localhost' without port - if (url.hostname === 'localhost') { + if (url?.hostname === 'localhost' || !url) { return 'localhost'; } return url.hostname; })(); const rpName = "Pangolin"; -const origin = config.getRawConfig().app.dashboard_url; +const origin = config.getRawConfig().app.dashboard_url || "localhost"; // Database-based challenge storage (replaces in-memory storage) // Challenges are stored in the webauthnChallenge table with automatic expiration diff --git a/server/routers/auth/setServerAdmin.ts b/server/routers/auth/setServerAdmin.ts index 7c49753e..ebb95359 100644 --- a/server/routers/auth/setServerAdmin.ts +++ b/server/routers/auth/setServerAdmin.ts @@ -8,14 +8,15 @@ import logger from "@server/logger"; import { hashPassword } from "@server/auth/password"; import { passwordSchema } from "@server/auth/passwordSchema"; import { response } from "@server/lib"; -import { db, users } from "@server/db"; -import { eq } from "drizzle-orm"; +import { db, users, setupTokens } from "@server/db"; +import { eq, and } from "drizzle-orm"; import { UserType } from "@server/types/UserTypes"; import moment from "moment"; export const bodySchema = z.object({ email: z.string().toLowerCase().email(), - password: passwordSchema + password: passwordSchema, + setupToken: z.string().min(1, "Setup token is required") }); export type SetServerAdminBody = z.infer; @@ -39,7 +40,27 @@ export async function setServerAdmin( ); } - const { email, password } = parsedBody.data; + const { email, password, setupToken } = parsedBody.data; + + // Validate setup token + const [validToken] = await db + .select() + .from(setupTokens) + .where( + and( + eq(setupTokens.token, setupToken), + eq(setupTokens.used, false) + ) + ); + + if (!validToken) { + return next( + createHttpError( + HttpCode.BAD_REQUEST, + "Invalid or expired setup token" + ) + ); + } const [existing] = await db .select() @@ -58,15 +79,27 @@ export async function setServerAdmin( const passwordHash = await hashPassword(password); const userId = generateId(15); - await db.insert(users).values({ - userId: userId, - email: email, - type: UserType.Internal, - username: email, - passwordHash, - dateCreated: moment().toISOString(), - serverAdmin: true, - emailVerified: true + await db.transaction(async (trx) => { + // Mark the token as used + await trx + .update(setupTokens) + .set({ + used: true, + dateUsed: moment().toISOString() + }) + .where(eq(setupTokens.tokenId, validToken.tokenId)); + + // Create the server admin user + await trx.insert(users).values({ + userId: userId, + email: email, + type: UserType.Internal, + username: email, + passwordHash, + dateCreated: moment().toISOString(), + serverAdmin: true, + emailVerified: true + }); }); return response(res, { diff --git a/server/routers/auth/validateSetupToken.ts b/server/routers/auth/validateSetupToken.ts new file mode 100644 index 00000000..e3c29833 --- /dev/null +++ b/server/routers/auth/validateSetupToken.ts @@ -0,0 +1,84 @@ +import { Request, Response, NextFunction } from "express"; +import { z } from "zod"; +import { db, setupTokens } from "@server/db"; +import { eq, and } from "drizzle-orm"; +import response from "@server/lib/response"; +import HttpCode from "@server/types/HttpCode"; +import createHttpError from "http-errors"; +import logger from "@server/logger"; +import { fromError } from "zod-validation-error"; + +const validateSetupTokenSchema = z + .object({ + token: z.string().min(1, "Token is required") + }) + .strict(); + +export type ValidateSetupTokenResponse = { + valid: boolean; + message: string; +}; + +export async function validateSetupToken( + req: Request, + res: Response, + next: NextFunction +): Promise { + try { + const parsedBody = validateSetupTokenSchema.safeParse(req.body); + + if (!parsedBody.success) { + return next( + createHttpError( + HttpCode.BAD_REQUEST, + fromError(parsedBody.error).toString() + ) + ); + } + + const { token } = parsedBody.data; + + // Find the token in the database + const [setupToken] = await db + .select() + .from(setupTokens) + .where( + and( + eq(setupTokens.token, token), + eq(setupTokens.used, false) + ) + ); + + if (!setupToken) { + return response(res, { + data: { + valid: false, + message: "Invalid or expired setup token" + }, + success: true, + error: false, + message: "Token validation completed", + status: HttpCode.OK + }); + } + + return response(res, { + data: { + valid: true, + message: "Setup token is valid" + }, + success: true, + error: false, + message: "Token validation completed", + status: HttpCode.OK + }); + } catch (error) { + logger.error(error); + return next( + createHttpError( + HttpCode.INTERNAL_SERVER_ERROR, + "Failed to validate setup token" + ) + ); + } +} \ No newline at end of file diff --git a/server/routers/badger/exchangeSession.ts b/server/routers/badger/exchangeSession.ts index 8139694a..d6f2c7c7 100644 --- a/server/routers/badger/exchangeSession.ts +++ b/server/routers/badger/exchangeSession.ts @@ -52,20 +52,26 @@ export async function exchangeSession( try { const { requestToken, host, requestIp } = parsedBody.data; + let cleanHost = host; + // if the host ends with :port + if (cleanHost.match(/:[0-9]{1,5}$/)) { + const matched = ''+cleanHost.match(/:[0-9]{1,5}$/); + cleanHost = cleanHost.slice(0, -1*matched.length); + } const clientIp = requestIp?.split(":")[0]; const [resource] = await db .select() .from(resources) - .where(eq(resources.fullDomain, host)) + .where(eq(resources.fullDomain, cleanHost)) .limit(1); if (!resource) { return next( createHttpError( HttpCode.NOT_FOUND, - `Resource with host ${host} not found` + `Resource with host ${cleanHost} not found` ) ); } diff --git a/server/routers/badger/verifySession.ts b/server/routers/badger/verifySession.ts index 7ee431d6..905f748d 100644 --- a/server/routers/badger/verifySession.ts +++ b/server/routers/badger/verifySession.ts @@ -6,20 +6,21 @@ import { } from "@server/auth/sessions/resource"; import { verifyResourceAccessToken } from "@server/auth/verifyResourceAccessToken"; import { db } from "@server/db"; +import { + getResourceByDomain, + getUserSessionWithUser, + getUserOrgRole, + getRoleResourceAccess, + getUserResourceAccess, + getResourceRules +} from "@server/db/queries/verifySessionQueries"; import { Resource, ResourceAccessToken, ResourcePassword, - resourcePassword, ResourcePincode, - resourcePincode, ResourceRule, - resourceRules, - resources, - roleResources, sessions, - userOrgs, - userResources, users } from "@server/db"; import config from "@server/lib/config"; @@ -27,7 +28,6 @@ import { isIpInCidr } from "@server/lib/ip"; import { response } from "@server/lib/response"; import logger from "@server/logger"; import HttpCode from "@server/types/HttpCode"; -import { and, eq } from "drizzle-orm"; import { NextFunction, Request, Response } from "express"; import createHttpError from "http-errors"; import NodeCache from "node-cache"; @@ -121,11 +121,10 @@ export async function verifyResourceSession( logger.debug("Client IP:", { clientIp }); let cleanHost = host; - // if the host ends with :443 or :80 remove it - if (cleanHost.endsWith(":443")) { - cleanHost = cleanHost.slice(0, -4); - } else if (cleanHost.endsWith(":80")) { - cleanHost = cleanHost.slice(0, -3); + // if the host ends with :port, strip it + if (cleanHost.match(/:[0-9]{1,5}$/)) { + const matched = ''+cleanHost.match(/:[0-9]{1,5}$/); + cleanHost = cleanHost.slice(0, -1*matched.length); } const resourceCacheKey = `resource:${cleanHost}`; @@ -138,38 +137,21 @@ export async function verifyResourceSession( | undefined = cache.get(resourceCacheKey); if (!resourceData) { - const [result] = await db - .select() - .from(resources) - .leftJoin( - resourcePincode, - eq(resourcePincode.resourceId, resources.resourceId) - ) - .leftJoin( - resourcePassword, - eq(resourcePassword.resourceId, resources.resourceId) - ) - .where(eq(resources.fullDomain, cleanHost)) - .limit(1); + const result = await getResourceByDomain(cleanHost); if (!result) { - logger.debug("Resource not found", cleanHost); + logger.debug(`Resource not found ${cleanHost}`); return notAllowed(res); } - resourceData = { - resource: result.resources, - pincode: result.resourcePincode, - password: result.resourcePassword - }; - + resourceData = result; cache.set(resourceCacheKey, resourceData); } const { resource, pincode, password } = resourceData; if (!resource) { - logger.debug("Resource not found", cleanHost); + logger.debug(`Resource not found ${cleanHost}`); return notAllowed(res); } @@ -209,7 +191,13 @@ export async function verifyResourceSession( return allowed(res); } - const redirectUrl = `${config.getRawConfig().app.dashboard_url}/auth/resource/${encodeURIComponent( + let endpoint: string; + if (config.isManagedMode()) { + endpoint = config.getRawConfig().managed?.redirect_endpoint || config.getRawConfig().managed?.endpoint || ""; + } else { + endpoint = config.getRawConfig().app.dashboard_url!; + } + const redirectUrl = `${endpoint}/auth/resource/${encodeURIComponent( resource.resourceId )}?redirect=${encodeURIComponent(originalRequestURL)}`; @@ -530,14 +518,13 @@ async function isUserAllowedToAccessResource( userSessionId: string, resource: Resource ): Promise { - const [res] = await db - .select() - .from(sessions) - .leftJoin(users, eq(users.userId, sessions.userId)) - .where(eq(sessions.sessionId, userSessionId)); + const result = await getUserSessionWithUser(userSessionId); - const user = res.user; - const session = res.session; + if (!result) { + return null; + } + + const { user, session } = result; if (!user || !session) { return null; @@ -550,33 +537,18 @@ async function isUserAllowedToAccessResource( return null; } - const userOrgRole = await db - .select() - .from(userOrgs) - .where( - and( - eq(userOrgs.userId, user.userId), - eq(userOrgs.orgId, resource.orgId) - ) - ) - .limit(1); + const userOrgRole = await getUserOrgRole(user.userId, resource.orgId); - if (userOrgRole.length === 0) { + if (!userOrgRole) { return null; } - const roleResourceAccess = await db - .select() - .from(roleResources) - .where( - and( - eq(roleResources.resourceId, resource.resourceId), - eq(roleResources.roleId, userOrgRole[0].roleId) - ) - ) - .limit(1); + const roleResourceAccess = await getRoleResourceAccess( + resource.resourceId, + userOrgRole.roleId + ); - if (roleResourceAccess.length > 0) { + if (roleResourceAccess) { return { username: user.username, email: user.email, @@ -584,18 +556,12 @@ async function isUserAllowedToAccessResource( }; } - const userResourceAccess = await db - .select() - .from(userResources) - .where( - and( - eq(userResources.userId, user.userId), - eq(userResources.resourceId, resource.resourceId) - ) - ) - .limit(1); + const userResourceAccess = await getUserResourceAccess( + user.userId, + resource.resourceId + ); - if (userResourceAccess.length > 0) { + if (userResourceAccess) { return { username: user.username, email: user.email, @@ -616,11 +582,7 @@ async function checkRules( let rules: ResourceRule[] | undefined = cache.get(ruleCacheKey); if (!rules) { - rules = await db - .select() - .from(resourceRules) - .where(eq(resourceRules.resourceId, resourceId)); - + rules = await getResourceRules(resourceId); cache.set(ruleCacheKey, rules); } diff --git a/server/routers/client/createClient.ts b/server/routers/client/createClient.ts index 4e9dcdce..e7762223 100644 --- a/server/routers/client/createClient.ts +++ b/server/routers/client/createClient.ts @@ -24,6 +24,7 @@ import { hashPassword } from "@server/auth/password"; import { isValidCIDR, isValidIP } from "@server/lib/validators"; import { isIpInCidr } from "@server/lib/ip"; import { OpenAPITags, registry } from "@server/openApi"; +import { listExitNodes } from "@server/lib/exitNodes"; const createClientParamsSchema = z .object({ @@ -177,20 +178,9 @@ export async function createClient( await db.transaction(async (trx) => { // TODO: more intelligent way to pick the exit node - - // make sure there is an exit node by counting the exit nodes table - const nodes = await db.select().from(exitNodes); - if (nodes.length === 0) { - return next( - createHttpError( - HttpCode.NOT_FOUND, - "No exit nodes available" - ) - ); - } - - // get the first exit node - const exitNode = nodes[0]; + const exitNodesList = await listExitNodes(orgId); + const randomExitNode = + exitNodesList[Math.floor(Math.random() * exitNodesList.length)]; const adminRole = await trx .select() @@ -208,7 +198,7 @@ export async function createClient( const [newClient] = await trx .insert(clients) .values({ - exitNodeId: exitNode.exitNodeId, + exitNodeId: randomExitNode.exitNodeId, orgId, name, subnet: updatedSubnet, diff --git a/server/routers/client/getClient.ts b/server/routers/client/getClient.ts index b1927788..d362526f 100644 --- a/server/routers/client/getClient.ts +++ b/server/routers/client/getClient.ts @@ -13,8 +13,7 @@ import { OpenAPITags, registry } from "@server/openApi"; const getClientSchema = z .object({ - clientId: z.string().transform(stoi).pipe(z.number().int().positive()), - orgId: z.string() + clientId: z.string().transform(stoi).pipe(z.number().int().positive()) }) .strict(); @@ -23,23 +22,23 @@ async function query(clientId: number) { const [client] = await db .select() .from(clients) - .where(eq(clients.clientId, clientId)) + .where(and(eq(clients.clientId, clientId))) .limit(1); - + if (!client) { return null; } - + // Get the siteIds associated with this client const sites = await db .select({ siteId: clientSites.siteId }) .from(clientSites) .where(eq(clientSites.clientId, clientId)); - + // Add the siteIds to the client object return { ...client, - siteIds: sites.map(site => site.siteId) + siteIds: sites.map((site) => site.siteId) }; } @@ -47,9 +46,9 @@ export type GetClientResponse = NonNullable>>; registry.registerPath({ method: "get", - path: "/org/{orgId}/client/{clientId}", + path: "/client/{clientId}", description: "Get a client by its client ID.", - tags: [OpenAPITags.Client, OpenAPITags.Org], + tags: [OpenAPITags.Client], request: { params: getClientSchema }, @@ -98,4 +97,4 @@ export async function getClient( createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") ); } -} \ No newline at end of file +} diff --git a/server/routers/client/pickClientDefaults.ts b/server/routers/client/pickClientDefaults.ts index b1459400..6f452142 100644 --- a/server/routers/client/pickClientDefaults.ts +++ b/server/routers/client/pickClientDefaults.ts @@ -23,7 +23,7 @@ const pickClientDefaultsSchema = z registry.registerPath({ method: "get", - path: "/site/{siteId}/pick-client-defaults", + path: "/org/{orgId}/pick-client-defaults", description: "Return pre-requisite data for creating a client.", tags: [OpenAPITags.Client, OpenAPITags.Site], request: { diff --git a/server/routers/client/targets.ts b/server/routers/client/targets.ts new file mode 100644 index 00000000..e34a23e9 --- /dev/null +++ b/server/routers/client/targets.ts @@ -0,0 +1,35 @@ +import { sendToClient } from "../ws"; + +export async function addTargets( + newtId: string, + destinationIp: string, + destinationPort: number, + protocol: string, + port: number +) { + const target = `${port}:${destinationIp}:${destinationPort}`; + + await sendToClient(newtId, { + type: `newt/wg/${protocol}/add`, + data: { + targets: [target] // We can only use one target for WireGuard right now + } + }); +} + +export async function removeTargets( + newtId: string, + destinationIp: string, + destinationPort: number, + protocol: string, + port: number +) { + const target = `${port}:${destinationIp}:${destinationPort}`; + + await sendToClient(newtId, { + type: `newt/wg/${protocol}/remove`, + data: { + targets: [target] // We can only use one target for WireGuard right now + } + }); +} diff --git a/server/routers/client/updateClient.ts b/server/routers/client/updateClient.ts index 0dd75186..81ee4278 100644 --- a/server/routers/client/updateClient.ts +++ b/server/routers/client/updateClient.ts @@ -17,7 +17,7 @@ import { addPeer as olmAddPeer, deletePeer as olmDeletePeer } from "../olm/peers"; -import axios from "axios"; +import { sendToExitNode } from "../../lib/exitNodeComms"; const updateClientParamsSchema = z .object({ @@ -129,7 +129,7 @@ export async function updateClient( `Adding ${sitesAdded.length} new sites to client ${client.clientId}` ); for (const siteId of sitesAdded) { - if (!client.subnet || !client.pubKey || !client.endpoint) { + if (!client.subnet || !client.pubKey) { logger.debug( "Client subnet, pubKey or endpoint is not set" ); @@ -140,10 +140,27 @@ export async function updateClient( // BUT REALLY WE NEED TO TRACK THE USERS PREFERENCE THAT THEY CHOSE IN THE CLIENTS const isRelayed = true; + // get the clientsite + const [clientSite] = await db + .select() + .from(clientSites) + .where( + and( + eq(clientSites.clientId, client.clientId), + eq(clientSites.siteId, siteId) + ) + ) + .limit(1); + + if (!clientSite || !clientSite.endpoint) { + logger.debug("Client site is missing or has no endpoint"); + continue; + } + const site = await newtAddPeer(siteId, { publicKey: client.pubKey, allowedIps: [`${client.subnet.split("/")[0]}/32`], // we want to only allow from that client - endpoint: isRelayed ? "" : client.endpoint + endpoint: isRelayed ? "" : clientSite.endpoint }); if (!site) { @@ -255,99 +272,100 @@ export async function updateClient( } } - if (client.endpoint) { - // get all sites for this client and join with exit nodes with site.exitNodeId - const sitesData = await db - .select() - .from(sites) - .innerJoin( - clientSites, - eq(sites.siteId, clientSites.siteId) - ) - .leftJoin( - exitNodes, - eq(sites.exitNodeId, exitNodes.exitNodeId) - ) - .where(eq(clientSites.clientId, client.clientId)); + // get all sites for this client and join with exit nodes with site.exitNodeId + const sitesData = await db + .select() + .from(sites) + .innerJoin(clientSites, eq(sites.siteId, clientSites.siteId)) + .leftJoin(exitNodes, eq(sites.exitNodeId, exitNodes.exitNodeId)) + .where(eq(clientSites.clientId, client.clientId)); - let exitNodeDestinations: { - reachableAt: string; - destinations: PeerDestination[]; - }[] = []; + let exitNodeDestinations: { + reachableAt: string; + exitNodeId: number; + type: string; + sourceIp: string; + sourcePort: number; + destinations: PeerDestination[]; + }[] = []; - for (const site of sitesData) { - if (!site.sites.subnet) { - logger.warn( - `Site ${site.sites.siteId} has no subnet, skipping` - ); - continue; - } - // find the destinations in the array - let destinations = exitNodeDestinations.find( - (d) => d.reachableAt === site.exitNodes?.reachableAt + for (const site of sitesData) { + if (!site.sites.subnet) { + logger.warn( + `Site ${site.sites.siteId} has no subnet, skipping` ); - - if (!destinations) { - destinations = { - reachableAt: site.exitNodes?.reachableAt || "", - destinations: [ - { - destinationIP: - site.sites.subnet.split("/")[0], - destinationPort: site.sites.listenPort || 0 - } - ] - }; - } else { - // add to the existing destinations - destinations.destinations.push({ - destinationIP: site.sites.subnet.split("/")[0], - destinationPort: site.sites.listenPort || 0 - }); - } - - // update it in the array - exitNodeDestinations = exitNodeDestinations.filter( - (d) => d.reachableAt !== site.exitNodes?.reachableAt - ); - exitNodeDestinations.push(destinations); + continue; } - for (const destination of exitNodeDestinations) { - try { - logger.info( - `Updating destinations for exit node at ${destination.reachableAt}` - ); - const payload = { - sourceIp: client.endpoint?.split(":")[0] || "", - sourcePort: parseInt(client.endpoint?.split(":")[1]) || 0, - destinations: destination.destinations - }; - logger.info( - `Payload for update-destinations: ${JSON.stringify(payload, null, 2)}` - ); - const response = await axios.post( - `${destination.reachableAt}/update-destinations`, - payload, + if (!site.clientSites.endpoint) { + logger.warn( + `Site ${site.sites.siteId} has no endpoint, skipping` + ); + continue; + } + + // find the destinations in the array + let destinations = exitNodeDestinations.find( + (d) => d.reachableAt === site.exitNodes?.reachableAt + ); + + if (!destinations) { + destinations = { + reachableAt: site.exitNodes?.reachableAt || "", + exitNodeId: site.exitNodes?.exitNodeId || 0, + type: site.exitNodes?.type || "", + sourceIp: site.clientSites.endpoint.split(":")[0] || "", + sourcePort: + parseInt(site.clientSites.endpoint.split(":")[1]) || + 0, + destinations: [ { - headers: { - "Content-Type": "application/json" - } + destinationIP: site.sites.subnet.split("/")[0], + destinationPort: site.sites.listenPort || 0 } - ); - - logger.info("Destinations updated:", { - peer: response.data.status - }); - } catch (error) { - if (axios.isAxiosError(error)) { - throw new Error( - `Error communicating with Gerbil. Make sure Pangolin can reach the Gerbil HTTP API: ${error.response?.status}` - ); - } - throw error; - } + ] + }; + } else { + // add to the existing destinations + destinations.destinations.push({ + destinationIP: site.sites.subnet.split("/")[0], + destinationPort: site.sites.listenPort || 0 + }); } + + // update it in the array + exitNodeDestinations = exitNodeDestinations.filter( + (d) => d.reachableAt !== site.exitNodes?.reachableAt + ); + exitNodeDestinations.push(destinations); + } + + for (const destination of exitNodeDestinations) { + logger.info( + `Updating destinations for exit node at ${destination.reachableAt}` + ); + const payload = { + sourceIp: destination.sourceIp, + sourcePort: destination.sourcePort, + destinations: destination.destinations + }; + logger.info( + `Payload for update-destinations: ${JSON.stringify(payload, null, 2)}` + ); + + // Create an ExitNode-like object for sendToExitNode + const exitNodeForComm = { + exitNodeId: destination.exitNodeId, + type: destination.type, + reachableAt: destination.reachableAt + } as any; // Using 'as any' since we know sendToExitNode will handle this correctly + + await sendToExitNode(exitNodeForComm, { + remoteType: "remoteExitNode/update-destinations", + localPath: "/update-destinations", + method: "POST", + data: payload + }); } // Fetch the updated client diff --git a/server/routers/external.ts b/server/routers/external.ts index 5bae553e..d68ec33d 100644 --- a/server/routers/external.ts +++ b/server/routers/external.ts @@ -9,6 +9,7 @@ import * as user from "./user"; import * as auth from "./auth"; import * as role from "./role"; import * as client from "./client"; +import * as siteResource from "./siteResource"; import * as supporterKey from "./supporterKey"; import * as accessToken from "./accessToken"; import * as idp from "./idp"; @@ -34,7 +35,8 @@ import { verifyDomainAccess, verifyClientsEnabled, verifyUserHasAction, - verifyUserIsOrgOwner + verifyUserIsOrgOwner, + verifySiteResourceAccess } from "@server/middlewares"; import { createStore } from "@server/lib/rateLimitStore"; import { ActionsEnum } from "@server/auth/actions"; @@ -132,9 +134,9 @@ authenticated.get( ); authenticated.get( - "/org/:orgId/client/:clientId", + "/client/:clientId", verifyClientsEnabled, - verifyOrgAccess, + verifyClientAccess, verifyUserHasAction(ActionsEnum.getClient), client.getClient ); @@ -213,9 +215,60 @@ authenticated.get( site.listContainers ); +// Site Resource endpoints authenticated.put( "/org/:orgId/site/:siteId/resource", verifyOrgAccess, + verifySiteAccess, + verifyUserHasAction(ActionsEnum.createSiteResource), + siteResource.createSiteResource +); + +authenticated.get( + "/org/:orgId/site/:siteId/resources", + verifyOrgAccess, + verifySiteAccess, + verifyUserHasAction(ActionsEnum.listSiteResources), + siteResource.listSiteResources +); + +authenticated.get( + "/org/:orgId/site-resources", + verifyOrgAccess, + verifyUserHasAction(ActionsEnum.listSiteResources), + siteResource.listAllSiteResourcesByOrg +); + +authenticated.get( + "/org/:orgId/site/:siteId/resource/:siteResourceId", + verifyOrgAccess, + verifySiteAccess, + verifySiteResourceAccess, + verifyUserHasAction(ActionsEnum.getSiteResource), + siteResource.getSiteResource +); + +authenticated.post( + "/org/:orgId/site/:siteId/resource/:siteResourceId", + verifyOrgAccess, + verifySiteAccess, + verifySiteResourceAccess, + verifyUserHasAction(ActionsEnum.updateSiteResource), + siteResource.updateSiteResource +); + +authenticated.delete( + "/org/:orgId/site/:siteId/resource/:siteResourceId", + verifyOrgAccess, + verifySiteAccess, + verifySiteResourceAccess, + verifyUserHasAction(ActionsEnum.deleteSiteResource), + siteResource.deleteSiteResource +); + +authenticated.put( + "/org/:orgId/resource", + verifyOrgAccess, verifyUserHasAction(ActionsEnum.createResource), resource.createResource ); @@ -397,28 +450,6 @@ authenticated.post( user.addUserRole ); -// authenticated.put( -// "/role/:roleId/site", -// verifyRoleAccess, -// verifyUserInRole, -// verifyUserHasAction(ActionsEnum.addRoleSite), -// role.addRoleSite -// ); -// authenticated.delete( -// "/role/:roleId/site", -// verifyRoleAccess, -// verifyUserInRole, -// verifyUserHasAction(ActionsEnum.removeRoleSite), -// role.removeRoleSite -// ); -// authenticated.get( -// "/role/:roleId/sites", -// verifyRoleAccess, -// verifyUserInRole, -// verifyUserHasAction(ActionsEnum.listRoleSites), -// role.listRoleSites -// ); - authenticated.post( "/resource/:resourceId/roles", verifyResourceAccess, @@ -463,13 +494,6 @@ authenticated.get( resource.getResourceWhitelist ); -authenticated.post( - `/resource/:resourceId/transfer`, - verifyResourceAccess, - verifyUserHasAction(ActionsEnum.updateResource), - resource.transferResource -); - authenticated.post( `/resource/:resourceId/access-token`, verifyResourceAccess, @@ -848,7 +872,7 @@ authRouter.post( rateLimit({ windowMs: 15 * 60 * 1000, max: 900, - keyGenerator: (req) => `newtGetToken:${req.body.newtId || req.ip}`, + keyGenerator: (req) => `olmGetToken:${req.body.newtId || req.ip}`, handler: (req, res, next) => { const message = `You can only request an Olm token ${900} times every ${15} minutes. Please try again later.`; return next(createHttpError(HttpCode.TOO_MANY_REQUESTS, message)); @@ -927,7 +951,8 @@ authRouter.post( rateLimit({ windowMs: 15 * 60 * 1000, max: 15, - keyGenerator: (req) => `requestEmailVerificationCode:${req.body.email || req.ip}`, + keyGenerator: (req) => + `requestEmailVerificationCode:${req.body.email || req.ip}`, handler: (req, res, next) => { const message = `You can only request an email verification code ${15} times every ${15} minutes. Please try again later.`; return next(createHttpError(HttpCode.TOO_MANY_REQUESTS, message)); @@ -948,7 +973,8 @@ authRouter.post( rateLimit({ windowMs: 15 * 60 * 1000, max: 15, - keyGenerator: (req) => `requestPasswordReset:${req.body.email || req.ip}`, + keyGenerator: (req) => + `requestPasswordReset:${req.body.email || req.ip}`, handler: (req, res, next) => { const message = `You can only request a password reset ${15} times every ${15} minutes. Please try again later.`; return next(createHttpError(HttpCode.TOO_MANY_REQUESTS, message)); @@ -1033,6 +1059,7 @@ authRouter.post("/idp/:idpId/oidc/validate-callback", idp.validateOidcCallback); authRouter.put("/set-server-admin", auth.setServerAdmin); authRouter.get("/initial-setup-complete", auth.initialSetupComplete); +authRouter.post("/validate-setup-token", auth.validateSetupToken); // Security Key routes authRouter.post( @@ -1041,7 +1068,8 @@ authRouter.post( rateLimit({ windowMs: 15 * 60 * 1000, // 15 minutes max: 5, // Allow 5 security key registrations per 15 minutes - keyGenerator: (req) => `securityKeyRegister:${req.user?.userId || req.ip}`, + keyGenerator: (req) => + `securityKeyRegister:${req.user?.userId || req.ip}`, handler: (req, res, next) => { const message = `You can only register a security key ${5} times every ${15} minutes. Please try again later.`; return next(createHttpError(HttpCode.TOO_MANY_REQUESTS, message)); diff --git a/server/routers/gerbil/getAllRelays.ts b/server/routers/gerbil/getAllRelays.ts index aa87c187..6eaf87e2 100644 --- a/server/routers/gerbil/getAllRelays.ts +++ b/server/routers/gerbil/getAllRelays.ts @@ -1,6 +1,15 @@ import { Request, Response, NextFunction } from "express"; import { z } from "zod"; -import { clients, exitNodes, newts, olms, Site, sites, clientSites } from "@server/db"; +import { + clients, + exitNodes, + newts, + olms, + Site, + sites, + clientSites, + ExitNode +} from "@server/db"; import { db } from "@server/db"; import { eq } from "drizzle-orm"; import HttpCode from "@server/types/HttpCode"; @@ -10,7 +19,7 @@ import { fromError } from "zod-validation-error"; // Define Zod schema for request validation const getAllRelaysSchema = z.object({ - publicKey: z.string().optional(), + publicKey: z.string().optional() }); // Type for peer destination @@ -44,109 +53,27 @@ export async function getAllRelays( const { publicKey } = parsedParams.data; if (!publicKey) { - return next(createHttpError(HttpCode.BAD_REQUEST, 'publicKey is required')); + return next( + createHttpError(HttpCode.BAD_REQUEST, "publicKey is required") + ); } // Fetch exit node - const [exitNode] = await db.select().from(exitNodes).where(eq(exitNodes.publicKey, publicKey)); + const [exitNode] = await db + .select() + .from(exitNodes) + .where(eq(exitNodes.publicKey, publicKey)); if (!exitNode) { - return next(createHttpError(HttpCode.NOT_FOUND, "Exit node not found")); + return next( + createHttpError(HttpCode.NOT_FOUND, "Exit node not found") + ); } - // Fetch sites for this exit node - const sitesRes = await db.select().from(sites).where(eq(sites.exitNodeId, exitNode.exitNodeId)); + const mappings = await generateRelayMappings(exitNode); - if (sitesRes.length === 0) { - return res.status(HttpCode.OK).send({ - mappings: {} - }); - } - - // Initialize mappings object for multi-peer support - const mappings: { [key: string]: ProxyMapping } = {}; - - // Process each site - for (const site of sitesRes) { - if (!site.endpoint || !site.subnet || !site.listenPort) { - continue; - } - - // Find all clients associated with this site through clientSites - const clientSitesRes = await db - .select() - .from(clientSites) - .where(eq(clientSites.siteId, site.siteId)); - - for (const clientSite of clientSitesRes) { - // Get client information - const [client] = await db - .select() - .from(clients) - .where(eq(clients.clientId, clientSite.clientId)); - - if (!client || !client.endpoint) { - continue; - } - - // Add this site as a destination for the client - if (!mappings[client.endpoint]) { - mappings[client.endpoint] = { destinations: [] }; - } - - // Add site as a destination for this client - const destination: PeerDestination = { - destinationIP: site.subnet.split("/")[0], - destinationPort: site.listenPort - }; - - // Check if this destination is already in the array to avoid duplicates - const isDuplicate = mappings[client.endpoint].destinations.some( - dest => dest.destinationIP === destination.destinationIP && - dest.destinationPort === destination.destinationPort - ); - - if (!isDuplicate) { - mappings[client.endpoint].destinations.push(destination); - } - } - - // Also handle site-to-site communication (all sites in the same org) - if (site.orgId) { - const orgSites = await db - .select() - .from(sites) - .where(eq(sites.orgId, site.orgId)); - - for (const peer of orgSites) { - // Skip self - if (peer.siteId === site.siteId || !peer.endpoint || !peer.subnet || !peer.listenPort) { - continue; - } - - // Add peer site as a destination for this site - if (!mappings[site.endpoint]) { - mappings[site.endpoint] = { destinations: [] }; - } - - const destination: PeerDestination = { - destinationIP: peer.subnet.split("/")[0], - destinationPort: peer.listenPort - }; - - // Check for duplicates - const isDuplicate = mappings[site.endpoint].destinations.some( - dest => dest.destinationIP === destination.destinationIP && - dest.destinationPort === destination.destinationPort - ); - - if (!isDuplicate) { - mappings[site.endpoint].destinations.push(destination); - } - } - } - } - - logger.debug(`Returning mappings for ${Object.keys(mappings).length} endpoints`); + logger.debug( + `Returning mappings for ${Object.keys(mappings).length} endpoints` + ); return res.status(HttpCode.OK).send({ mappings }); } catch (error) { logger.error(error); @@ -157,4 +84,103 @@ export async function getAllRelays( ) ); } -} \ No newline at end of file +} + +export async function generateRelayMappings(exitNode: ExitNode) { + // Fetch sites for this exit node + const sitesRes = await db + .select() + .from(sites) + .where(eq(sites.exitNodeId, exitNode.exitNodeId)); + + if (sitesRes.length === 0) { + return {}; + } + + // Initialize mappings object for multi-peer support + const mappings: { [key: string]: ProxyMapping } = {}; + + // Process each site + for (const site of sitesRes) { + if (!site.endpoint || !site.subnet || !site.listenPort) { + continue; + } + + // Find all clients associated with this site through clientSites + const clientSitesRes = await db + .select() + .from(clientSites) + .where(eq(clientSites.siteId, site.siteId)); + + for (const clientSite of clientSitesRes) { + if (!clientSite.endpoint) { + continue; + } + + // Add this site as a destination for the client + if (!mappings[clientSite.endpoint]) { + mappings[clientSite.endpoint] = { destinations: [] }; + } + + // Add site as a destination for this client + const destination: PeerDestination = { + destinationIP: site.subnet.split("/")[0], + destinationPort: site.listenPort + }; + + // Check if this destination is already in the array to avoid duplicates + const isDuplicate = mappings[clientSite.endpoint].destinations.some( + (dest) => + dest.destinationIP === destination.destinationIP && + dest.destinationPort === destination.destinationPort + ); + + if (!isDuplicate) { + mappings[clientSite.endpoint].destinations.push(destination); + } + } + + // Also handle site-to-site communication (all sites in the same org) + if (site.orgId) { + const orgSites = await db + .select() + .from(sites) + .where(eq(sites.orgId, site.orgId)); + + for (const peer of orgSites) { + // Skip self + if ( + peer.siteId === site.siteId || + !peer.endpoint || + !peer.subnet || + !peer.listenPort + ) { + continue; + } + + // Add peer site as a destination for this site + if (!mappings[site.endpoint]) { + mappings[site.endpoint] = { destinations: [] }; + } + + const destination: PeerDestination = { + destinationIP: peer.subnet.split("/")[0], + destinationPort: peer.listenPort + }; + + // Check for duplicates + const isDuplicate = mappings[site.endpoint].destinations.some( + (dest) => + dest.destinationIP === destination.destinationIP && + dest.destinationPort === destination.destinationPort + ); + + if (!isDuplicate) { + mappings[site.endpoint].destinations.push(destination); + } + } + } + } + + return mappings; +} diff --git a/server/routers/gerbil/getConfig.ts b/server/routers/gerbil/getConfig.ts index 696e7ea2..77f7d2e0 100644 --- a/server/routers/gerbil/getConfig.ts +++ b/server/routers/gerbil/getConfig.ts @@ -1,6 +1,6 @@ import { Request, Response, NextFunction } from "express"; import { z } from "zod"; -import { sites, resources, targets, exitNodes } from "@server/db"; +import { sites, resources, targets, exitNodes, ExitNode } from "@server/db"; import { db } from "@server/db"; import { eq, isNotNull, and } from "drizzle-orm"; import HttpCode from "@server/types/HttpCode"; @@ -11,6 +11,8 @@ import { getUniqueExitNodeEndpointName } from "../../db/names"; import { findNextAvailableCidr } from "@server/lib/ip"; import { fromError } from "zod-validation-error"; import { getAllowedIps } from "../target/helpers"; +import { proxyToRemote } from "@server/lib/remoteProxy"; +import { getNextAvailableSubnet } from "@server/lib/exitNodes"; // Define Zod schema for request validation const getConfigSchema = z.object({ publicKey: z.string(), @@ -101,42 +103,17 @@ export async function getConfig( ); } - const sitesRes = await db - .select() - .from(sites) - .where( - and( - eq(sites.exitNodeId, exitNode[0].exitNodeId), - isNotNull(sites.pubKey), - isNotNull(sites.subnet) - ) - ); + // STOP HERE IN HYBRID MODE + if (config.isManagedMode()) { + req.body = { + ...req.body, + endpoint: exitNode[0].endpoint, + listenPort: exitNode[0].listenPort + }; + return proxyToRemote(req, res, next, "hybrid/gerbil/get-config"); + } - const peers = await Promise.all( - sitesRes.map(async (site) => { - if (site.type === "wireguard") { - return { - publicKey: site.pubKey, - allowedIps: await getAllowedIps(site.siteId) - }; - } else if (site.type === "newt") { - return { - publicKey: site.pubKey, - allowedIps: [site.subnet!] - }; - } - return { - publicKey: null, - allowedIps: [] - }; - }) - ); - - const configResponse: GetConfigResponse = { - listenPort: exitNode[0].listenPort || 51820, - ipAddress: exitNode[0].address, - peers - }; + const configResponse = await generateGerbilConfig(exitNode[0]); logger.debug("Sending config: ", configResponse); @@ -152,31 +129,45 @@ export async function getConfig( } } -async function getNextAvailableSubnet(): Promise { - // Get all existing subnets from routes table - const existingAddresses = await db - .select({ - address: exitNodes.address +export async function generateGerbilConfig(exitNode: ExitNode) { + const sitesRes = await db + .select() + .from(sites) + .where( + and( + eq(sites.exitNodeId, exitNode.exitNodeId), + isNotNull(sites.pubKey), + isNotNull(sites.subnet) + ) + ); + + const peers = await Promise.all( + sitesRes.map(async (site) => { + if (site.type === "wireguard") { + return { + publicKey: site.pubKey, + allowedIps: await getAllowedIps(site.siteId) + }; + } else if (site.type === "newt") { + return { + publicKey: site.pubKey, + allowedIps: [site.subnet!] + }; + } + return { + publicKey: null, + allowedIps: [] + }; }) - .from(exitNodes); - - const addresses = existingAddresses.map((a) => a.address); - let subnet = findNextAvailableCidr( - addresses, - config.getRawConfig().gerbil.block_size, - config.getRawConfig().gerbil.subnet_group ); - if (!subnet) { - throw new Error("No available subnets remaining in space"); - } - // replace the last octet with 1 - subnet = - subnet.split(".").slice(0, 3).join(".") + - ".1" + - "/" + - subnet.split("/")[1]; - return subnet; + const configResponse: GetConfigResponse = { + listenPort: exitNode.listenPort || 51820, + ipAddress: exitNode.address, + peers + }; + + return configResponse; } async function getNextAvailablePort(): Promise { diff --git a/server/routers/gerbil/getResolvedHostname.ts b/server/routers/gerbil/getResolvedHostname.ts new file mode 100644 index 00000000..da2ab39a --- /dev/null +++ b/server/routers/gerbil/getResolvedHostname.ts @@ -0,0 +1,46 @@ +import { Request, Response, NextFunction } from "express"; +import { z } from "zod"; +import HttpCode from "@server/types/HttpCode"; +import createHttpError from "http-errors"; +import logger from "@server/logger"; +import { fromError } from "zod-validation-error"; + +// Define Zod schema for request validation +const getResolvedHostnameSchema = z.object({ + hostname: z.string(), + publicKey: z.string() +}); + +export async function getResolvedHostname( + req: Request, + res: Response, + next: NextFunction +): Promise { + try { + // Validate request parameters + const parsedParams = getResolvedHostnameSchema.safeParse( + req.body + ); + if (!parsedParams.success) { + return next( + createHttpError( + HttpCode.BAD_REQUEST, + fromError(parsedParams.error).toString() + ) + ); + } + + // return the endpoints + return res.status(HttpCode.OK).send({ + endpoints: [] // ALWAYS ROUTE LOCALLY + }); + } catch (error) { + logger.error(error); + return next( + createHttpError( + HttpCode.INTERNAL_SERVER_ERROR, + "An error occurred..." + ) + ); + } +} diff --git a/server/routers/gerbil/index.ts b/server/routers/gerbil/index.ts index 4a4f3b60..bff57d05 100644 --- a/server/routers/gerbil/index.ts +++ b/server/routers/gerbil/index.ts @@ -1,4 +1,5 @@ export * from "./getConfig"; export * from "./receiveBandwidth"; export * from "./updateHolePunch"; -export * from "./getAllRelays"; \ No newline at end of file +export * from "./getAllRelays"; +export * from "./getResolvedHostname"; \ No newline at end of file diff --git a/server/routers/gerbil/peers.ts b/server/routers/gerbil/peers.ts index 70c56e04..51a338a7 100644 --- a/server/routers/gerbil/peers.ts +++ b/server/routers/gerbil/peers.ts @@ -1,56 +1,58 @@ -import axios from 'axios'; -import logger from '@server/logger'; +import logger from "@server/logger"; import { db } from "@server/db"; -import { exitNodes } from '@server/db'; -import { eq } from 'drizzle-orm'; +import { exitNodes } from "@server/db"; +import { eq } from "drizzle-orm"; +import { sendToExitNode } from "../../lib/exitNodeComms"; -export async function addPeer(exitNodeId: number, peer: { - publicKey: string; - allowedIps: string[]; -}) { - logger.info(`Adding peer with public key ${peer.publicKey} to exit node ${exitNodeId}`); - const [exitNode] = await db.select().from(exitNodes).where(eq(exitNodes.exitNodeId, exitNodeId)).limit(1); +export async function addPeer( + exitNodeId: number, + peer: { + publicKey: string; + allowedIps: string[]; + } +) { + logger.info( + `Adding peer with public key ${peer.publicKey} to exit node ${exitNodeId}` + ); + const [exitNode] = await db + .select() + .from(exitNodes) + .where(eq(exitNodes.exitNodeId, exitNodeId)) + .limit(1); if (!exitNode) { throw new Error(`Exit node with ID ${exitNodeId} not found`); } - if (!exitNode.reachableAt) { - throw new Error(`Exit node with ID ${exitNodeId} is not reachable`); - } - try { - const response = await axios.post(`${exitNode.reachableAt}/peer`, peer, { - headers: { - 'Content-Type': 'application/json', - } - }); - - logger.info('Peer added successfully:', { peer: response.data.status }); - return response.data; - } catch (error) { - if (axios.isAxiosError(error)) { - throw new Error(`Error communicating with Gerbil. Make sure Pangolin can reach the Gerbil HTTP API: ${error.response?.status}`); - } - throw error; - } + return await sendToExitNode(exitNode, { + remoteType: "remoteExitNode/peers/add", + localPath: "/peer", + method: "POST", + data: peer + }); } export async function deletePeer(exitNodeId: number, publicKey: string) { - logger.info(`Deleting peer with public key ${publicKey} from exit node ${exitNodeId}`); - const [exitNode] = await db.select().from(exitNodes).where(eq(exitNodes.exitNodeId, exitNodeId)).limit(1); + logger.info( + `Deleting peer with public key ${publicKey} from exit node ${exitNodeId}` + ); + const [exitNode] = await db + .select() + .from(exitNodes) + .where(eq(exitNodes.exitNodeId, exitNodeId)) + .limit(1); if (!exitNode) { throw new Error(`Exit node with ID ${exitNodeId} not found`); } - if (!exitNode.reachableAt) { - throw new Error(`Exit node with ID ${exitNodeId} is not reachable`); - } - try { - const response = await axios.delete(`${exitNode.reachableAt}/peer?public_key=${encodeURIComponent(publicKey)}`); - logger.info('Peer deleted successfully:', response.data.status); - return response.data; - } catch (error) { - if (axios.isAxiosError(error)) { - throw new Error(`Error communicating with Gerbil. Make sure Pangolin can reach the Gerbil HTTP API: ${error.response?.status}`); + + return await sendToExitNode(exitNode, { + remoteType: "remoteExitNode/peers/remove", + localPath: "/peer", + method: "DELETE", + data: { + publicKey: publicKey + }, + queryParams: { + public_key: publicKey } - throw error; - } + }); } diff --git a/server/routers/gerbil/receiveBandwidth.ts b/server/routers/gerbil/receiveBandwidth.ts index 5e672d0f..fb7723ee 100644 --- a/server/routers/gerbil/receiveBandwidth.ts +++ b/server/routers/gerbil/receiveBandwidth.ts @@ -6,6 +6,7 @@ import logger from "@server/logger"; import createHttpError from "http-errors"; import HttpCode from "@server/types/HttpCode"; import response from "@server/lib/response"; +import { checkExitNodeOrg } from "@server/lib/exitNodes"; // Track sites that are already offline to avoid unnecessary queries const offlineSites = new Set(); @@ -28,103 +29,7 @@ export const receiveBandwidth = async ( throw new Error("Invalid bandwidth data"); } - const currentTime = new Date(); - const oneMinuteAgo = new Date(currentTime.getTime() - 60000); // 1 minute ago - - logger.debug(`Received data: ${JSON.stringify(bandwidthData)}`); - - await db.transaction(async (trx) => { - // First, handle sites that are actively reporting bandwidth - const activePeers = bandwidthData.filter(peer => peer.bytesIn > 0); // Bytesout will have data as it tries to send keep alive messages - - if (activePeers.length > 0) { - // Remove any active peers from offline tracking since they're sending data - activePeers.forEach(peer => offlineSites.delete(peer.publicKey)); - - // Aggregate usage data by organization - const orgUsageMap = new Map(); - const orgUptimeMap = new Map(); - - // Update all active sites with bandwidth data and get the site data in one operation - const updatedSites = []; - for (const peer of activePeers) { - const updatedSite = await trx - .update(sites) - .set({ - megabytesOut: sql`${sites.megabytesOut} + ${peer.bytesIn}`, - megabytesIn: sql`${sites.megabytesIn} + ${peer.bytesOut}`, - lastBandwidthUpdate: currentTime.toISOString(), - online: true - }) - .where(eq(sites.pubKey, peer.publicKey)) - .returning({ - online: sites.online, - orgId: sites.orgId, - siteId: sites.siteId, - lastBandwidthUpdate: sites.lastBandwidthUpdate, - }); - - if (updatedSite.length > 0) { - updatedSites.push({ ...updatedSite[0], peer }); - } - } - - // Calculate org usage aggregations using the updated site data - for (const { peer, ...site } of updatedSites) { - // Aggregate bandwidth usage for the org - const totalBandwidth = peer.bytesIn + peer.bytesOut; - const currentOrgUsage = orgUsageMap.get(site.orgId) || 0; - orgUsageMap.set(site.orgId, currentOrgUsage + totalBandwidth); - - // Add 10 seconds of uptime for each active site - const currentOrgUptime = orgUptimeMap.get(site.orgId) || 0; - orgUptimeMap.set(site.orgId, currentOrgUptime + 10 / 60); // Store in minutes and jut add 10 seconds - } - } - - // Handle sites that reported zero bandwidth but need online status updated - const zeroBandwidthPeers = bandwidthData.filter(peer => - peer.bytesIn === 0 && !offlineSites.has(peer.publicKey) // Bytesout will have data as it tries to send keep alive messages - ); - - if (zeroBandwidthPeers.length > 0) { - const zeroBandwidthSites = await trx - .select() - .from(sites) - .where(inArray(sites.pubKey, zeroBandwidthPeers.map(p => p.publicKey))); - - for (const site of zeroBandwidthSites) { - let newOnlineStatus = site.online; - - // Check if site should go offline based on last bandwidth update WITH DATA - if (site.lastBandwidthUpdate) { - const lastUpdateWithData = new Date(site.lastBandwidthUpdate); - if (lastUpdateWithData < oneMinuteAgo) { - newOnlineStatus = false; - } - } else { - // No previous data update recorded, set to offline - newOnlineStatus = false; - } - - // Always update lastBandwidthUpdate to show this instance is receiving reports - // Only update online status if it changed - if (site.online !== newOnlineStatus) { - await trx - .update(sites) - .set({ - online: newOnlineStatus - }) - .where(eq(sites.siteId, site.siteId)); - - // If site went offline, add it to our tracking set - if (!newOnlineStatus && site.pubKey) { - offlineSites.add(site.pubKey); - } - } - } - } - }); + await updateSiteBandwidth(bandwidthData); return response(res, { data: {}, @@ -142,4 +47,142 @@ export const receiveBandwidth = async ( ) ); } -}; \ No newline at end of file +}; + +export async function updateSiteBandwidth( + bandwidthData: PeerBandwidth[], + exitNodeId?: number +) { + const currentTime = new Date(); + const oneMinuteAgo = new Date(currentTime.getTime() - 60000); // 1 minute ago + + // logger.debug(`Received data: ${JSON.stringify(bandwidthData)}`); + + await db.transaction(async (trx) => { + // First, handle sites that are actively reporting bandwidth + const activePeers = bandwidthData.filter((peer) => peer.bytesIn > 0); // Bytesout will have data as it tries to send keep alive messages + + if (activePeers.length > 0) { + // Remove any active peers from offline tracking since they're sending data + activePeers.forEach((peer) => offlineSites.delete(peer.publicKey)); + + // Aggregate usage data by organization + const orgUsageMap = new Map(); + const orgUptimeMap = new Map(); + + // Update all active sites with bandwidth data and get the site data in one operation + const updatedSites = []; + for (const peer of activePeers) { + const [updatedSite] = await trx + .update(sites) + .set({ + megabytesOut: sql`${sites.megabytesOut} + ${peer.bytesIn}`, + megabytesIn: sql`${sites.megabytesIn} + ${peer.bytesOut}`, + lastBandwidthUpdate: currentTime.toISOString(), + online: true + }) + .where(eq(sites.pubKey, peer.publicKey)) + .returning({ + online: sites.online, + orgId: sites.orgId, + siteId: sites.siteId, + lastBandwidthUpdate: sites.lastBandwidthUpdate + }); + + if (exitNodeId) { + if (await checkExitNodeOrg(exitNodeId, updatedSite.orgId)) { + // not allowed + logger.warn( + `Exit node ${exitNodeId} is not allowed for org ${updatedSite.orgId}` + ); + // THIS SHOULD TRIGGER THE TRANSACTION TO FAIL? + throw new Error("Exit node not allowed"); + } + } + + if (updatedSite) { + updatedSites.push({ ...updatedSite, peer }); + } + } + + // Calculate org usage aggregations using the updated site data + for (const { peer, ...site } of updatedSites) { + // Aggregate bandwidth usage for the org + const totalBandwidth = peer.bytesIn + peer.bytesOut; + const currentOrgUsage = orgUsageMap.get(site.orgId) || 0; + orgUsageMap.set(site.orgId, currentOrgUsage + totalBandwidth); + + // Add 10 seconds of uptime for each active site + const currentOrgUptime = orgUptimeMap.get(site.orgId) || 0; + orgUptimeMap.set(site.orgId, currentOrgUptime + 10 / 60); // Store in minutes and jut add 10 seconds + } + } + + // Handle sites that reported zero bandwidth but need online status updated + const zeroBandwidthPeers = bandwidthData.filter( + (peer) => peer.bytesIn === 0 && !offlineSites.has(peer.publicKey) // Bytesout will have data as it tries to send keep alive messages + ); + + if (zeroBandwidthPeers.length > 0) { + const zeroBandwidthSites = await trx + .select() + .from(sites) + .where( + inArray( + sites.pubKey, + zeroBandwidthPeers.map((p) => p.publicKey) + ) + ); + + for (const site of zeroBandwidthSites) { + let newOnlineStatus = site.online; + + // Check if site should go offline based on last bandwidth update WITH DATA + if (site.lastBandwidthUpdate) { + const lastUpdateWithData = new Date( + site.lastBandwidthUpdate + ); + if (lastUpdateWithData < oneMinuteAgo) { + newOnlineStatus = false; + } + } else { + // No previous data update recorded, set to offline + newOnlineStatus = false; + } + + // Always update lastBandwidthUpdate to show this instance is receiving reports + // Only update online status if it changed + if (site.online !== newOnlineStatus) { + const [updatedSite] = await trx + .update(sites) + .set({ + online: newOnlineStatus + }) + .where(eq(sites.siteId, site.siteId)) + .returning(); + + if (exitNodeId) { + if ( + await checkExitNodeOrg( + exitNodeId, + updatedSite.orgId + ) + ) { + // not allowed + logger.warn( + `Exit node ${exitNodeId} is not allowed for org ${updatedSite.orgId}` + ); + // THIS SHOULD TRIGGER THE TRANSACTION TO FAIL? + throw new Error("Exit node not allowed"); + } + } + + // If site went offline, add it to our tracking set + if (!newOnlineStatus && site.pubKey) { + offlineSites.add(site.pubKey); + } + } + } + } + }); +} diff --git a/server/routers/gerbil/updateHolePunch.ts b/server/routers/gerbil/updateHolePunch.ts index 6d64249c..1662e420 100644 --- a/server/routers/gerbil/updateHolePunch.ts +++ b/server/routers/gerbil/updateHolePunch.ts @@ -1,8 +1,17 @@ import { Request, Response, NextFunction } from "express"; import { z } from "zod"; -import { clients, newts, olms, Site, sites, clientSites, exitNodes } from "@server/db"; +import { + clients, + newts, + olms, + Site, + sites, + clientSites, + exitNodes, + ExitNode +} from "@server/db"; import { db } from "@server/db"; -import { eq } from "drizzle-orm"; +import { eq, and } from "drizzle-orm"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; import logger from "@server/logger"; @@ -10,6 +19,7 @@ import { fromError } from "zod-validation-error"; import { validateNewtSessionToken } from "@server/auth/sessions/newt"; import { validateOlmSessionToken } from "@server/auth/sessions/olm"; import axios from "axios"; +import { checkExitNodeOrg } from "@server/lib/exitNodes"; // Define Zod schema for request validation const updateHolePunchSchema = z.object({ @@ -19,7 +29,8 @@ const updateHolePunchSchema = z.object({ ip: z.string(), port: z.number(), timestamp: z.number(), - reachableAt: z.string().optional() + reachableAt: z.string().optional(), + publicKey: z.string().optional() }); // New response type with multi-peer destination support @@ -45,280 +56,49 @@ export async function updateHolePunch( ); } - const { olmId, newtId, ip, port, timestamp, token, reachableAt } = parsedParams.data; + const { + olmId, + newtId, + ip, + port, + timestamp, + token, + reachableAt, + publicKey + } = parsedParams.data; - let currentSiteId: number | undefined; - let destinations: PeerDestination[] = []; - - if (olmId) { - logger.debug(`Got hole punch with ip: ${ip}, port: ${port} for olmId: ${olmId}`); - - const { session, olm: olmSession } = - await validateOlmSessionToken(token); - if (!session || !olmSession) { - return next( - createHttpError(HttpCode.UNAUTHORIZED, "Unauthorized") - ); - } - - if (olmId !== olmSession.olmId) { - logger.warn(`Olm ID mismatch: ${olmId} !== ${olmSession.olmId}`); - return next( - createHttpError(HttpCode.UNAUTHORIZED, "Unauthorized") - ); - } - - const [olm] = await db + let exitNode: ExitNode | undefined; + if (publicKey) { + // Get the exit node by public key + [exitNode] = await db .select() - .from(olms) - .where(eq(olms.olmId, olmId)); - - if (!olm || !olm.clientId) { - logger.warn(`Olm not found: ${olmId}`); - return next( - createHttpError(HttpCode.NOT_FOUND, "Olm not found") - ); - } - - const [client] = await db - .update(clients) - .set({ - endpoint: `${ip}:${port}`, - lastHolePunch: timestamp - }) - .where(eq(clients.clientId, olm.clientId)) - .returning(); - - if (!client) { - logger.warn(`Client not found for olm: ${olmId}`); - return next( - createHttpError(HttpCode.NOT_FOUND, "Client not found") - ); - } - - // // Get all sites that this client is connected to - // const clientSitePairs = await db - // .select() - // .from(clientSites) - // .where(eq(clientSites.clientId, client.clientId)); - - // if (clientSitePairs.length === 0) { - // logger.warn(`No sites found for client: ${client.clientId}`); - // return next( - // createHttpError(HttpCode.NOT_FOUND, "No sites found for client") - // ); - // } - - // // Get all sites details - // const siteIds = clientSitePairs.map(pair => pair.siteId); - - // for (const siteId of siteIds) { - // const [site] = await db - // .select() - // .from(sites) - // .where(eq(sites.siteId, siteId)); - - // if (site && site.subnet && site.listenPort) { - // destinations.push({ - // destinationIP: site.subnet.split("/")[0], - // destinationPort: site.listenPort - // }); - // } - // } - - // get all sites for this client and join with exit nodes with site.exitNodeId - const sitesData = await db - .select() - .from(sites) - .innerJoin(clientSites, eq(sites.siteId, clientSites.siteId)) - .leftJoin(exitNodes, eq(sites.exitNodeId, exitNodes.exitNodeId)) - .where(eq(clientSites.clientId, client.clientId)); - - let exitNodeDestinations: { - reachableAt: string; - destinations: PeerDestination[]; - }[] = []; - - for (const site of sitesData) { - if (!site.sites.subnet) { - logger.warn(`Site ${site.sites.siteId} has no subnet, skipping`); - continue; - } - // find the destinations in the array - let destinations = exitNodeDestinations.find( - (d) => d.reachableAt === site.exitNodes?.reachableAt - ); - - if (!destinations) { - destinations = { - reachableAt: site.exitNodes?.reachableAt || "", - destinations: [ - { - destinationIP: site.sites.subnet.split("/")[0], - destinationPort: site.sites.listenPort || 0 - } - ] - }; - } else { - // add to the existing destinations - destinations.destinations.push({ - destinationIP: site.sites.subnet.split("/")[0], - destinationPort: site.sites.listenPort || 0 - }); - } - - // update it in the array - exitNodeDestinations = exitNodeDestinations.filter( - (d) => d.reachableAt !== site.exitNodes?.reachableAt - ); - exitNodeDestinations.push(destinations); - } - - logger.debug(JSON.stringify(exitNodeDestinations, null, 2)); - - for (const destination of exitNodeDestinations) { - // if its the current exit node skip it because it is replying with the same data - if (reachableAt && destination.reachableAt == reachableAt) { - logger.debug(`Skipping update for reachableAt: ${reachableAt}`); - continue; - } - - try { - const response = await axios.post( - `${destination.reachableAt}/update-destinations`, - { - sourceIp: client.endpoint?.split(":")[0] || "", - sourcePort: client.endpoint?.split(":")[1] || 0, - destinations: destination.destinations - }, - { - headers: { - "Content-Type": "application/json" - } - } - ); - - logger.info("Destinations updated:", { - peer: response.data.status - }); - } catch (error) { - if (axios.isAxiosError(error)) { - throw new Error( - `Error communicating with Gerbil. Make sure Pangolin can reach the Gerbil HTTP API: ${error.response?.status}` - ); - } - throw error; - } - } - - // Send the desinations back to the origin - destinations = exitNodeDestinations.find( - (d) => d.reachableAt === reachableAt - )?.destinations || []; - - } else if (newtId) { - logger.debug(`Got hole punch with ip: ${ip}, port: ${port} for olmId: ${olmId}`); - - const { session, newt: newtSession } = - await validateNewtSessionToken(token); - - if (!session || !newtSession) { - return next( - createHttpError(HttpCode.UNAUTHORIZED, "Unauthorized") - ); - } - - if (newtId !== newtSession.newtId) { - logger.warn(`Newt ID mismatch: ${newtId} !== ${newtSession.newtId}`); - return next( - createHttpError(HttpCode.UNAUTHORIZED, "Unauthorized") - ); - } - - const [newt] = await db - .select() - .from(newts) - .where(eq(newts.newtId, newtId)); - - if (!newt || !newt.siteId) { - logger.warn(`Newt not found: ${newtId}`); - return next( - createHttpError(HttpCode.NOT_FOUND, "New not found") - ); - } - - currentSiteId = newt.siteId; - - // Update the current site with the new endpoint - const [updatedSite] = await db - .update(sites) - .set({ - endpoint: `${ip}:${port}`, - lastHolePunch: timestamp - }) - .where(eq(sites.siteId, newt.siteId)) - .returning(); - - if (!updatedSite || !updatedSite.subnet) { - logger.warn(`Site not found: ${newt.siteId}`); - return next( - createHttpError(HttpCode.NOT_FOUND, "Site not found") - ); - } - - // Find all clients that connect to this site - // const sitesClientPairs = await db - // .select() - // .from(clientSites) - // .where(eq(clientSites.siteId, newt.siteId)); - - // THE NEWT IS NOT SENDING RAW WG TO THE GERBIL SO IDK IF WE REALLY NEED THIS - REMOVING - // Get client details for each client - // for (const pair of sitesClientPairs) { - // const [client] = await db - // .select() - // .from(clients) - // .where(eq(clients.clientId, pair.clientId)); - - // if (client && client.endpoint) { - // const [host, portStr] = client.endpoint.split(':'); - // if (host && portStr) { - // destinations.push({ - // destinationIP: host, - // destinationPort: parseInt(portStr, 10) - // }); - // } - // } - // } - - // If this is a newt/site, also add other sites in the same org - // if (updatedSite.orgId) { - // const orgSites = await db - // .select() - // .from(sites) - // .where(eq(sites.orgId, updatedSite.orgId)); - - // for (const site of orgSites) { - // // Don't add the current site to the destinations - // if (site.siteId !== currentSiteId && site.subnet && site.endpoint && site.listenPort) { - // const [host, portStr] = site.endpoint.split(':'); - // if (host && portStr) { - // destinations.push({ - // destinationIP: host, - // destinationPort: site.listenPort - // }); - // } - // } - // } - // } + .from(exitNodes) + .where(eq(exitNodes.publicKey, publicKey)); + } else { + // FOR BACKWARDS COMPATIBILITY IF GERBIL IS STILL =<1.1.0 + [exitNode] = await db.select().from(exitNodes).limit(1); } - // if (destinations.length === 0) { - // logger.warn( - // `No peer destinations found for olmId: ${olmId} or newtId: ${newtId}` - // ); - // return next(createHttpError(HttpCode.NOT_FOUND, "No peer destinations found")); - // } + if (!exitNode) { + logger.warn(`Exit node not found for publicKey: ${publicKey}`); + return next( + createHttpError(HttpCode.NOT_FOUND, "Exit node not found") + ); + } + + const destinations = await updateAndGenerateEndpointDestinations( + olmId, + newtId, + ip, + port, + timestamp, + token, + exitNode + ); + + logger.debug( + `Returning ${destinations.length} peer destinations for olmId: ${olmId} or newtId: ${newtId}: ${JSON.stringify(destinations, null, 2)}` + ); // Return the new multi-peer structure return res.status(HttpCode.OK).send({ @@ -333,4 +113,216 @@ export async function updateHolePunch( ) ); } -} \ No newline at end of file +} + +export async function updateAndGenerateEndpointDestinations( + olmId: string | undefined, + newtId: string | undefined, + ip: string, + port: number, + timestamp: number, + token: string, + exitNode: ExitNode +) { + let currentSiteId: number | undefined; + const destinations: PeerDestination[] = []; + + if (olmId) { + logger.debug( + `Got hole punch with ip: ${ip}, port: ${port} for olmId: ${olmId}` + ); + + const { session, olm: olmSession } = + await validateOlmSessionToken(token); + if (!session || !olmSession) { + throw new Error("Unauthorized"); + } + + if (olmId !== olmSession.olmId) { + logger.warn(`Olm ID mismatch: ${olmId} !== ${olmSession.olmId}`); + throw new Error("Unauthorized"); + } + + const [olm] = await db.select().from(olms).where(eq(olms.olmId, olmId)); + + if (!olm || !olm.clientId) { + logger.warn(`Olm not found: ${olmId}`); + throw new Error("Olm not found"); + } + + const [client] = await db + .update(clients) + .set({ + lastHolePunch: timestamp + }) + .where(eq(clients.clientId, olm.clientId)) + .returning(); + + if (await checkExitNodeOrg(exitNode.exitNodeId, client.orgId)) { + // not allowed + logger.warn( + `Exit node ${exitNode.exitNodeId} is not allowed for org ${client.orgId}` + ); + throw new Error("Exit node not allowed"); + } + + // Get sites that are on this specific exit node and connected to this client + const sitesOnExitNode = await db + .select({ + siteId: sites.siteId, + subnet: sites.subnet, + listenPort: sites.listenPort + }) + .from(sites) + .innerJoin(clientSites, eq(sites.siteId, clientSites.siteId)) + .where( + and( + eq(sites.exitNodeId, exitNode.exitNodeId), + eq(clientSites.clientId, olm.clientId) + ) + ); + + // Update clientSites for each site on this exit node + for (const site of sitesOnExitNode) { + logger.debug( + `Updating site ${site.siteId} on exit node ${exitNode.exitNodeId}` + ); + + await db + .update(clientSites) + .set({ + endpoint: `${ip}:${port}` + }) + .where( + and( + eq(clientSites.clientId, olm.clientId), + eq(clientSites.siteId, site.siteId) + ) + ); + } + + logger.debug( + `Updated ${sitesOnExitNode.length} sites on exit node ${exitNode.exitNodeId}` + ); + if (!client) { + logger.warn(`Client not found for olm: ${olmId}`); + throw new Error("Client not found"); + } + + // Create a list of the destinations from the sites + for (const site of sitesOnExitNode) { + if (site.subnet && site.listenPort) { + destinations.push({ + destinationIP: site.subnet.split("/")[0], + destinationPort: site.listenPort + }); + } + } + } else if (newtId) { + logger.debug( + `Got hole punch with ip: ${ip}, port: ${port} for newtId: ${newtId}` + ); + + const { session, newt: newtSession } = + await validateNewtSessionToken(token); + + if (!session || !newtSession) { + throw new Error("Unauthorized"); + } + + if (newtId !== newtSession.newtId) { + logger.warn( + `Newt ID mismatch: ${newtId} !== ${newtSession.newtId}` + ); + throw new Error("Unauthorized"); + } + + const [newt] = await db + .select() + .from(newts) + .where(eq(newts.newtId, newtId)); + + if (!newt || !newt.siteId) { + logger.warn(`Newt not found: ${newtId}`); + throw new Error("Newt not found"); + } + + const [site] = await db + .select() + .from(sites) + .where(eq(sites.siteId, newt.siteId)) + .limit(1); + + if (await checkExitNodeOrg(exitNode.exitNodeId, site.orgId)) { + // not allowed + logger.warn( + `Exit node ${exitNode.exitNodeId} is not allowed for org ${site.orgId}` + ); + throw new Error("Exit node not allowed"); + } + + currentSiteId = newt.siteId; + + // Update the current site with the new endpoint + const [updatedSite] = await db + .update(sites) + .set({ + endpoint: `${ip}:${port}`, + lastHolePunch: timestamp + }) + .where(eq(sites.siteId, newt.siteId)) + .returning(); + + if (!updatedSite || !updatedSite.subnet) { + logger.warn(`Site not found: ${newt.siteId}`); + throw new Error("Site not found"); + } + + // Find all clients that connect to this site + // const sitesClientPairs = await db + // .select() + // .from(clientSites) + // .where(eq(clientSites.siteId, newt.siteId)); + + // THE NEWT IS NOT SENDING RAW WG TO THE GERBIL SO IDK IF WE REALLY NEED THIS - REMOVING + // Get client details for each client + // for (const pair of sitesClientPairs) { + // const [client] = await db + // .select() + // .from(clients) + // .where(eq(clients.clientId, pair.clientId)); + + // if (client && client.endpoint) { + // const [host, portStr] = client.endpoint.split(':'); + // if (host && portStr) { + // destinations.push({ + // destinationIP: host, + // destinationPort: parseInt(portStr, 10) + // }); + // } + // } + // } + + // If this is a newt/site, also add other sites in the same org + // if (updatedSite.orgId) { + // const orgSites = await db + // .select() + // .from(sites) + // .where(eq(sites.orgId, updatedSite.orgId)); + + // for (const site of orgSites) { + // // Don't add the current site to the destinations + // if (site.siteId !== currentSiteId && site.subnet && site.endpoint && site.listenPort) { + // const [host, portStr] = site.endpoint.split(':'); + // if (host && portStr) { + // destinations.push({ + // destinationIP: host, + // destinationPort: site.listenPort + // }); + // } + // } + // } + // } + } + return destinations; +} diff --git a/server/routers/idp/createOidcIdp.ts b/server/routers/idp/createOidcIdp.ts index aac5d15e..6078f5aa 100644 --- a/server/routers/idp/createOidcIdp.ts +++ b/server/routers/idp/createOidcIdp.ts @@ -81,7 +81,7 @@ export async function createOidcIdp( autoProvision } = parsedBody.data; - const key = config.getRawConfig().server.secret; + const key = config.getRawConfig().server.secret!; const encryptedSecret = encrypt(clientSecret, key); const encryptedClientId = encrypt(clientId, key); diff --git a/server/routers/idp/generateOidcUrl.ts b/server/routers/idp/generateOidcUrl.ts index 36c55dcb..c507198a 100644 --- a/server/routers/idp/generateOidcUrl.ts +++ b/server/routers/idp/generateOidcUrl.ts @@ -89,7 +89,7 @@ export async function generateOidcUrl( return scope.length > 0; }); - const key = config.getRawConfig().server.secret; + const key = config.getRawConfig().server.secret!; const decryptedClientId = decrypt( existingIdp.idpOidcConfig.clientId, @@ -124,7 +124,7 @@ export async function generateOidcUrl( state, codeVerifier }, - config.getRawConfig().server.secret + config.getRawConfig().server.secret! ); res.cookie("p_oidc_state", stateJwt, { diff --git a/server/routers/idp/getIdp.ts b/server/routers/idp/getIdp.ts index 227a2429..a202f4ea 100644 --- a/server/routers/idp/getIdp.ts +++ b/server/routers/idp/getIdp.ts @@ -65,7 +65,7 @@ export async function getIdp( return next(createHttpError(HttpCode.NOT_FOUND, "Idp not found")); } - const key = config.getRawConfig().server.secret; + const key = config.getRawConfig().server.secret!; if (idpRes.idp.type === "oidc") { const clientSecret = idpRes.idpOidcConfig!.clientSecret; diff --git a/server/routers/idp/updateOidcIdp.ts b/server/routers/idp/updateOidcIdp.ts index 58771b33..904d0d9e 100644 --- a/server/routers/idp/updateOidcIdp.ts +++ b/server/routers/idp/updateOidcIdp.ts @@ -119,7 +119,7 @@ export async function updateOidcIdp( ); } - const key = config.getRawConfig().server.secret; + const key = config.getRawConfig().server.secret!; const encryptedSecret = clientSecret ? encrypt(clientSecret, key) : undefined; diff --git a/server/routers/idp/validateOidcCallback.ts b/server/routers/idp/validateOidcCallback.ts index 3a643386..67e2baad 100644 --- a/server/routers/idp/validateOidcCallback.ts +++ b/server/routers/idp/validateOidcCallback.ts @@ -96,7 +96,7 @@ export async function validateOidcCallback( ); } - const key = config.getRawConfig().server.secret; + const key = config.getRawConfig().server.secret!; const decryptedClientId = decrypt( existingIdp.idpOidcConfig.clientId, @@ -116,7 +116,7 @@ export async function validateOidcCallback( const statePayload = jsonwebtoken.verify( storedState, - config.getRawConfig().server.secret, + config.getRawConfig().server.secret!, function (err, decoded) { if (err) { logger.error("Error verifying state JWT", { err }); diff --git a/server/routers/integration.ts b/server/routers/integration.ts index 51604a11..d2734fd3 100644 --- a/server/routers/integration.ts +++ b/server/routers/integration.ts @@ -5,7 +5,7 @@ import * as domain from "./domain"; import * as target from "./target"; import * as user from "./user"; import * as role from "./role"; -// import * as client from "./client"; +import * as client from "./client"; import * as accessToken from "./accessToken"; import * as apiKeys from "./apiKeys"; import * as idp from "./idp"; @@ -20,7 +20,9 @@ import { verifyApiKeyUserAccess, verifyApiKeySetResourceUsers, verifyApiKeyAccessTokenAccess, - verifyApiKeyIsRoot + verifyApiKeyIsRoot, + verifyApiKeyClientAccess, + verifyClientsEnabled } from "@server/middlewares"; import HttpCode from "@server/types/HttpCode"; import { Router } from "express"; @@ -339,13 +341,6 @@ authenticated.get( resource.getResourceWhitelist ); -authenticated.post( - `/resource/:resourceId/transfer`, - verifyApiKeyResourceAccess, - verifyApiKeyHasAction(ActionsEnum.updateResource), - resource.transferResource -); - authenticated.post( `/resource/:resourceId/access-token`, verifyApiKeyResourceAccess, @@ -513,3 +508,51 @@ authenticated.get( verifyApiKeyHasAction(ActionsEnum.listIdpOrgs), idp.listIdpOrgPolicies ); + +authenticated.get( + "/org/:orgId/pick-client-defaults", + verifyClientsEnabled, + verifyApiKeyOrgAccess, + verifyApiKeyHasAction(ActionsEnum.createClient), + client.pickClientDefaults +); + +authenticated.get( + "/org/:orgId/clients", + verifyClientsEnabled, + verifyApiKeyOrgAccess, + verifyApiKeyHasAction(ActionsEnum.listClients), + client.listClients +); + +authenticated.get( + "/client/:clientId", + verifyClientsEnabled, + verifyApiKeyClientAccess, + verifyApiKeyHasAction(ActionsEnum.getClient), + client.getClient +); + +authenticated.put( + "/org/:orgId/client", + verifyClientsEnabled, + verifyApiKeyOrgAccess, + verifyApiKeyHasAction(ActionsEnum.createClient), + client.createClient +); + +authenticated.delete( + "/client/:clientId", + verifyClientsEnabled, + verifyApiKeyClientAccess, + verifyApiKeyHasAction(ActionsEnum.deleteClient), + client.deleteClient +); + +authenticated.post( + "/client/:clientId", + verifyClientsEnabled, + verifyApiKeyClientAccess, + verifyApiKeyHasAction(ActionsEnum.updateClient), + client.updateClient +); diff --git a/server/routers/internal.ts b/server/routers/internal.ts index 118c8ae3..b961ef6f 100644 --- a/server/routers/internal.ts +++ b/server/routers/internal.ts @@ -7,6 +7,8 @@ import * as auth from "@server/routers/auth"; import * as supporterKey from "@server/routers/supporterKey"; import * as license from "@server/routers/license"; import * as idp from "@server/routers/idp"; +import { proxyToRemote } from "@server/lib/remoteProxy"; +import config from "@server/lib/config"; import HttpCode from "@server/types/HttpCode"; import { verifyResourceAccess, @@ -49,16 +51,51 @@ internalRouter.get("/idp/:idpId", idp.getIdp); const gerbilRouter = Router(); internalRouter.use("/gerbil", gerbilRouter); +if (config.isManagedMode()) { + // Use proxy router to forward requests to remote cloud server + // Proxy endpoints for each gerbil route + gerbilRouter.post("/receive-bandwidth", (req, res, next) => + proxyToRemote(req, res, next, "hybrid/gerbil/receive-bandwidth") + ); + + gerbilRouter.post("/update-hole-punch", (req, res, next) => + proxyToRemote(req, res, next, "hybrid/gerbil/update-hole-punch") + ); + + gerbilRouter.post("/get-all-relays", (req, res, next) => + proxyToRemote(req, res, next, "hybrid/gerbil/get-all-relays") + ); + + gerbilRouter.post("/get-resolved-hostname", (req, res, next) => + proxyToRemote(req, res, next, `hybrid/gerbil/get-resolved-hostname`) + ); + + // GET CONFIG IS HANDLED IN THE ORIGINAL HANDLER + // SO IT CAN REGISTER THE LOCAL EXIT NODE +} else { + // Use local gerbil endpoints + gerbilRouter.post("/receive-bandwidth", gerbil.receiveBandwidth); + gerbilRouter.post("/update-hole-punch", gerbil.updateHolePunch); + gerbilRouter.post("/get-all-relays", gerbil.getAllRelays); + gerbilRouter.post("/get-resolved-hostname", gerbil.getResolvedHostname); +} + +// WE HANDLE THE PROXY INSIDE OF THIS FUNCTION +// SO IT REGISTERS THE EXIT NODE LOCALLY AS WELL gerbilRouter.post("/get-config", gerbil.getConfig); -gerbilRouter.post("/receive-bandwidth", gerbil.receiveBandwidth); -gerbilRouter.post("/update-hole-punch", gerbil.updateHolePunch); -gerbilRouter.post("/get-all-relays", gerbil.getAllRelays); // Badger routes const badgerRouter = Router(); internalRouter.use("/badger", badgerRouter); badgerRouter.post("/verify-session", badger.verifyResourceSession); -badgerRouter.post("/exchange-session", badger.exchangeSession); + +if (config.isManagedMode()) { + badgerRouter.post("/exchange-session", (req, res, next) => + proxyToRemote(req, res, next, "hybrid/badger/exchange-session") + ); +} else { + badgerRouter.post("/exchange-session", badger.exchangeSession); +} export default internalRouter; diff --git a/server/routers/newt/handleGetConfigMessage.ts b/server/routers/newt/handleGetConfigMessage.ts index 2d6ed98b..b6206064 100644 --- a/server/routers/newt/handleGetConfigMessage.ts +++ b/server/routers/newt/handleGetConfigMessage.ts @@ -7,13 +7,14 @@ import { ExitNode, exitNodes, resources, + siteResources, Target, targets } from "@server/db"; import { clients, clientSites, Newt, sites } from "@server/db"; import { eq, and, inArray } from "drizzle-orm"; import { updatePeer } from "../olm/peers"; -import axios from "axios"; +import { sendToExitNode } from "../../lib/exitNodeComms"; const inputSchema = z.object({ publicKey: z.string(), @@ -102,38 +103,28 @@ export const handleGetConfigMessage: MessageHandler = async (context) => { .from(exitNodes) .where(eq(exitNodes.exitNodeId, site.exitNodeId)) .limit(1); - if (exitNode.reachableAt) { - try { - const response = await axios.post( - `${exitNode.reachableAt}/update-proxy-mapping`, - { - oldDestination: { - destinationIP: existingSite.subnet?.split("/")[0], - destinationPort: existingSite.listenPort - }, - newDestination: { - destinationIP: site.subnet?.split("/")[0], - destinationPort: site.listenPort - } - }, - { - headers: { - "Content-Type": "application/json" - } - } - ); - - logger.info("Destinations updated:", { - peer: response.data.status - }); - } catch (error) { - if (axios.isAxiosError(error)) { - throw new Error( - `Error communicating with Gerbil. Make sure Pangolin can reach the Gerbil HTTP API: ${error.response?.status}` - ); + if ( + exitNode.reachableAt && + existingSite.subnet && + existingSite.listenPort + ) { + const payload = { + oldDestination: { + destinationIP: existingSite.subnet?.split("/")[0], + destinationPort: existingSite.listenPort + }, + newDestination: { + destinationIP: site.subnet?.split("/")[0], + destinationPort: site.listenPort } - throw error; - } + }; + + await sendToExitNode(exitNode, { + remoteType: "remoteExitNode/update-proxy-mapping", + localPath: "/update-proxy-mapping", + method: "POST", + data: payload + }); } } @@ -154,9 +145,6 @@ export const handleGetConfigMessage: MessageHandler = async (context) => { if (!client.clients.subnet) { return false; } - if (!client.clients.endpoint) { - return false; - } return true; }) .map(async (client) => { @@ -212,7 +200,7 @@ export const handleGetConfigMessage: MessageHandler = async (context) => { allowedIps: [`${client.clients.subnet.split("/")[0]}/32`], // we want to only allow from that client endpoint: client.clientSites.isRelayed ? "" - : client.clients.endpoint! // if its relayed it should be localhost + : client.clientSites.endpoint! // if its relayed it should be localhost }; }) ); @@ -220,78 +208,27 @@ export const handleGetConfigMessage: MessageHandler = async (context) => { // Filter out any null values from peers that didn't have an olm const validPeers = peers.filter((peer) => peer !== null); - // Improved version - const allResources = await db.transaction(async (tx) => { - // First get all resources for the site - const resourcesList = await tx - .select({ - resourceId: resources.resourceId, - subdomain: resources.subdomain, - fullDomain: resources.fullDomain, - ssl: resources.ssl, - blockAccess: resources.blockAccess, - sso: resources.sso, - emailWhitelistEnabled: resources.emailWhitelistEnabled, - http: resources.http, - proxyPort: resources.proxyPort, - protocol: resources.protocol - }) - .from(resources) - .where(and(eq(resources.siteId, siteId), eq(resources.http, false))); + // Get all enabled targets with their resource protocol information + const allSiteResources = await db + .select() + .from(siteResources) + .where(eq(siteResources.siteId, siteId)); - // Get all enabled targets for these resources in a single query - const resourceIds = resourcesList.map((r) => r.resourceId); - const allTargets = - resourceIds.length > 0 - ? await tx - .select({ - resourceId: targets.resourceId, - targetId: targets.targetId, - ip: targets.ip, - method: targets.method, - port: targets.port, - internalPort: targets.internalPort, - enabled: targets.enabled, - }) - .from(targets) - .where( - and( - inArray(targets.resourceId, resourceIds), - eq(targets.enabled, true) - ) - ) - : []; - - // Combine the data in JS instead of using SQL for the JSON - return resourcesList.map((resource) => ({ - ...resource, - targets: allTargets.filter( - (target) => target.resourceId === resource.resourceId - ) - })); - }); - - const { tcpTargets, udpTargets } = allResources.reduce( + const { tcpTargets, udpTargets } = allSiteResources.reduce( (acc, resource) => { - // Skip resources with no targets - if (!resource.targets?.length) return acc; + // Filter out invalid targets + if (!resource.proxyPort || !resource.destinationIp || !resource.destinationPort) { + return acc; + } - // Format valid targets into strings - const formattedTargets = resource.targets - .filter( - (target: Target) => - resource.proxyPort && target?.ip && target?.port - ) - .map( - (target: Target) => - `${resource.proxyPort}:${target.ip}:${target.port}` - ); + // Format target into string + const formattedTarget = `${resource.proxyPort}:${resource.destinationIp}:${resource.destinationPort}`; // Add to the appropriate protocol array if (resource.protocol === "tcp") { - acc.tcpTargets.push(...formattedTargets); + acc.tcpTargets.push(formattedTarget); } else { - acc.udpTargets.push(...formattedTargets); + acc.udpTargets.push(formattedTarget); } return acc; diff --git a/server/routers/newt/handleNewtPingRequestMessage.ts b/server/routers/newt/handleNewtPingRequestMessage.ts index 65edea61..f93862f6 100644 --- a/server/routers/newt/handleNewtPingRequestMessage.ts +++ b/server/routers/newt/handleNewtPingRequestMessage.ts @@ -4,6 +4,7 @@ import { exitNodes, Newt } from "@server/db"; import logger from "@server/logger"; import config from "@server/lib/config"; import { ne, eq, or, and, count } from "drizzle-orm"; +import { listExitNodes } from "@server/lib/exitNodes"; export const handleNewtPingRequestMessage: MessageHandler = async (context) => { const { message, client, sendToClient } = context; @@ -16,12 +17,19 @@ export const handleNewtPingRequestMessage: MessageHandler = async (context) => { return; } - // TODO: pick which nodes to send and ping better than just all of them - let exitNodesList = await db - .select() - .from(exitNodes); + // Get the newt's orgId through the site relationship + if (!newt.siteId) { + logger.warn("Newt siteId not found"); + return; + } - exitNodesList = exitNodesList.filter((node) => node.maxConnections !== 0); + const [site] = await db + .select({ orgId: sites.orgId }) + .from(sites) + .where(eq(sites.siteId, newt.siteId)) + .limit(1); + + const exitNodesList = await listExitNodes(site.orgId, true); // filter for only the online ones let lastExitNodeId = null; if (newt.siteId) { @@ -54,9 +62,9 @@ export const handleNewtPingRequestMessage: MessageHandler = async (context) => { ) ); - if (currentConnections.count >= maxConnections) { - return null; - } + if (currentConnections.count >= maxConnections) { + return null; + } weight = (maxConnections - currentConnections.count) / diff --git a/server/routers/newt/handleNewtRegisterMessage.ts b/server/routers/newt/handleNewtRegisterMessage.ts index 71a6fd5c..3c7ecaff 100644 --- a/server/routers/newt/handleNewtRegisterMessage.ts +++ b/server/routers/newt/handleNewtRegisterMessage.ts @@ -9,6 +9,7 @@ import { findNextAvailableCidr, getNextAvailableClientSubnet } from "@server/lib/ip"; +import { selectBestExitNode, verifyExitNodeOrgAccess } from "@server/lib/exitNodes"; export type ExitNodePingResult = { exitNodeId: number; @@ -24,7 +25,7 @@ export const handleNewtRegisterMessage: MessageHandler = async (context) => { const { message, client, sendToClient } = context; const newt = client as Newt; - logger.info("Handling register newt message!"); + logger.debug("Handling register newt message!"); if (!newt) { logger.warn("Newt not found"); @@ -64,24 +65,14 @@ export const handleNewtRegisterMessage: MessageHandler = async (context) => { exitNodeId = bestPingResult.exitNodeId; } - if (newtVersion) { - // update the newt version in the database - await db - .update(newts) - .set({ - version: newtVersion as string - }) - .where(eq(newts.newtId, newt.newtId)); - } - const [oldSite] = await db .select() .from(sites) .where(eq(sites.siteId, siteId)) .limit(1); - if (!oldSite || !oldSite.exitNodeId) { - logger.warn("Site not found or does not have exit node"); + if (!oldSite) { + logger.warn("Site not found"); return; } @@ -91,6 +82,18 @@ export const handleNewtRegisterMessage: MessageHandler = async (context) => { // This effectively moves the exit node to the new one exitNodeIdToQuery = exitNodeId; // Use the provided exitNodeId if it differs from the site's exitNodeId + const { exitNode, hasAccess } = await verifyExitNodeOrgAccess(exitNodeIdToQuery, oldSite.orgId); + + if (!exitNode) { + logger.warn("Exit node not found"); + return; + } + + if (!hasAccess) { + logger.warn("Not authorized to use this exit node"); + return; + } + const sitesQuery = await db .select({ subnet: sites.subnet @@ -98,14 +101,10 @@ export const handleNewtRegisterMessage: MessageHandler = async (context) => { .from(sites) .where(eq(sites.exitNodeId, exitNodeId)); - const [exitNode] = await db - .select() - .from(exitNodes) - .where(eq(exitNodes.exitNodeId, exitNodeIdToQuery)) - .limit(1); - const blockSize = config.getRawConfig().gerbil.site_block_size; - const subnets = sitesQuery.map((site) => site.subnet).filter((subnet) => subnet !== null); + const subnets = sitesQuery + .map((site) => site.subnet) + .filter((subnet) => subnet !== null); subnets.push(exitNode.address.replace(/\/\d+$/, `/${blockSize}`)); const newSubnet = findNextAvailableCidr( subnets, @@ -138,13 +137,18 @@ export const handleNewtRegisterMessage: MessageHandler = async (context) => { .returning(); } + if (!exitNodeIdToQuery) { + logger.warn("No exit node ID to query"); + return; + } + const [exitNode] = await db .select() .from(exitNodes) .where(eq(exitNodes.exitNodeId, exitNodeIdToQuery)) .limit(1); - if (oldSite.pubKey && oldSite.pubKey !== publicKey) { + if (oldSite.pubKey && oldSite.pubKey !== publicKey && oldSite.exitNodeId) { logger.info("Public key mismatch. Deleting old peer..."); await deletePeer(oldSite.exitNodeId, oldSite.pubKey); } @@ -160,78 +164,47 @@ export const handleNewtRegisterMessage: MessageHandler = async (context) => { allowedIps: [siteSubnet] }); - // Improved version - const allResources = await db.transaction(async (tx) => { - // First get all resources for the site - const resourcesList = await tx - .select({ - resourceId: resources.resourceId, - subdomain: resources.subdomain, - fullDomain: resources.fullDomain, - ssl: resources.ssl, - blockAccess: resources.blockAccess, - sso: resources.sso, - emailWhitelistEnabled: resources.emailWhitelistEnabled, - http: resources.http, - proxyPort: resources.proxyPort, - protocol: resources.protocol + if (newtVersion && newtVersion !== newt.version) { + // update the newt version in the database + await db + .update(newts) + .set({ + version: newtVersion as string }) - .from(resources) - .where(eq(resources.siteId, siteId)); + .where(eq(newts.newtId, newt.newtId)); + } - // Get all enabled targets for these resources in a single query - const resourceIds = resourcesList.map((r) => r.resourceId); - const allTargets = - resourceIds.length > 0 - ? await tx - .select({ - resourceId: targets.resourceId, - targetId: targets.targetId, - ip: targets.ip, - method: targets.method, - port: targets.port, - internalPort: targets.internalPort, - enabled: targets.enabled - }) - .from(targets) - .where( - and( - inArray(targets.resourceId, resourceIds), - eq(targets.enabled, true) - ) - ) - : []; + // Get all enabled targets with their resource protocol information + const allTargets = await db + .select({ + resourceId: targets.resourceId, + targetId: targets.targetId, + ip: targets.ip, + method: targets.method, + port: targets.port, + internalPort: targets.internalPort, + enabled: targets.enabled, + protocol: resources.protocol + }) + .from(targets) + .innerJoin(resources, eq(targets.resourceId, resources.resourceId)) + .where(and(eq(targets.siteId, siteId), eq(targets.enabled, true))); - // Combine the data in JS instead of using SQL for the JSON - return resourcesList.map((resource) => ({ - ...resource, - targets: allTargets.filter( - (target) => target.resourceId === resource.resourceId - ) - })); - }); + const { tcpTargets, udpTargets } = allTargets.reduce( + (acc, target) => { + // Filter out invalid targets + if (!target.internalPort || !target.ip || !target.port) { + return acc; + } - const { tcpTargets, udpTargets } = allResources.reduce( - (acc, resource) => { - // Skip resources with no targets - if (!resource.targets?.length) return acc; - - // Format valid targets into strings - const formattedTargets = resource.targets - .filter( - (target: Target) => - target?.internalPort && target?.ip && target?.port - ) - .map( - (target: Target) => - `${target.internalPort}:${target.ip}:${target.port}` - ); + // Format target into string + const formattedTarget = `${target.internalPort}:${target.ip}:${target.port}`; // Add to the appropriate protocol array - if (resource.protocol === "tcp") { - acc.tcpTargets.push(...formattedTargets); + if (target.protocol === "tcp") { + acc.tcpTargets.push(formattedTarget); } else { - acc.udpTargets.push(...formattedTargets); + acc.udpTargets.push(formattedTarget); } return acc; @@ -256,15 +229,4 @@ export const handleNewtRegisterMessage: MessageHandler = async (context) => { broadcast: false, // Send to all clients excludeSender: false // Include sender in broadcast }; -}; - -function selectBestExitNode( - pingResults: ExitNodePingResult[] -): ExitNodePingResult | null { - if (!pingResults || pingResults.length === 0) { - logger.warn("No ping results provided"); - return null; - } - - return pingResults[0]; -} +}; \ No newline at end of file diff --git a/server/routers/newt/targets.ts b/server/routers/newt/targets.ts index 642fc2df..91a0ac3f 100644 --- a/server/routers/newt/targets.ts +++ b/server/routers/newt/targets.ts @@ -1,7 +1,8 @@ import { Target } from "@server/db"; import { sendToClient } from "../ws"; +import logger from "@server/logger"; -export function addTargets( +export async function addTargets( newtId: string, targets: Target[], protocol: string, @@ -20,22 +21,9 @@ export function addTargets( targets: payloadTargets } }); - - const payloadTargetsResources = targets.map((target) => { - return `${port ? port + ":" : ""}${ - target.ip - }:${target.port}`; - }); - - sendToClient(newtId, { - type: `newt/wg/${protocol}/add`, - data: { - targets: [payloadTargetsResources[0]] // We can only use one target for WireGuard right now - } - }); } -export function removeTargets( +export async function removeTargets( newtId: string, targets: Target[], protocol: string, @@ -48,23 +36,10 @@ export function removeTargets( }:${target.port}`; }); - sendToClient(newtId, { + await sendToClient(newtId, { type: `newt/${protocol}/remove`, data: { targets: payloadTargets } }); - - const payloadTargetsResources = targets.map((target) => { - return `${port ? port + ":" : ""}${ - target.ip - }:${target.port}`; - }); - - sendToClient(newtId, { - type: `newt/wg/${protocol}/remove`, - data: { - targets: [payloadTargetsResources[0]] // We can only use one target for WireGuard right now - } - }); } diff --git a/server/routers/olm/handleOlmPingMessage.ts b/server/routers/olm/handleOlmPingMessage.ts index c95f36af..6c4b5600 100644 --- a/server/routers/olm/handleOlmPingMessage.ts +++ b/server/routers/olm/handleOlmPingMessage.ts @@ -1,7 +1,7 @@ import { db } from "@server/db"; import { MessageHandler } from "../ws"; import { clients, Olm } from "@server/db"; -import { eq, lt, isNull } from "drizzle-orm"; +import { eq, lt, isNull, and, or } from "drizzle-orm"; import logger from "@server/logger"; // Track if the offline checker interval is running @@ -13,22 +13,27 @@ const OFFLINE_THRESHOLD_MS = 2 * 60 * 1000; // 2 minutes * Starts the background interval that checks for clients that haven't pinged recently * and marks them as offline */ -export const startOfflineChecker = (): void => { +export const startOlmOfflineChecker = (): void => { if (offlineCheckerInterval) { return; // Already running } offlineCheckerInterval = setInterval(async () => { try { - const twoMinutesAgo = new Date(Date.now() - OFFLINE_THRESHOLD_MS); + const twoMinutesAgo = Math.floor((Date.now() - OFFLINE_THRESHOLD_MS) / 1000); // Find clients that haven't pinged in the last 2 minutes and mark them as offline await db .update(clients) .set({ online: false }) .where( - eq(clients.online, true) && - (lt(clients.lastPing, twoMinutesAgo.toISOString()) || isNull(clients.lastPing)) + and( + eq(clients.online, true), + or( + lt(clients.lastPing, twoMinutesAgo), + isNull(clients.lastPing) + ) + ) ); } catch (error) { @@ -42,7 +47,7 @@ export const startOfflineChecker = (): void => { /** * Stops the background interval that checks for offline clients */ -export const stopOfflineChecker = (): void => { +export const stopOlmOfflineChecker = (): void => { if (offlineCheckerInterval) { clearInterval(offlineCheckerInterval); offlineCheckerInterval = null; @@ -72,7 +77,7 @@ export const handleOlmPingMessage: MessageHandler = async (context) => { await db .update(clients) .set({ - lastPing: new Date().toISOString(), + lastPing: Math.floor(Date.now() / 1000), online: true, }) .where(eq(clients.clientId, olm.clientId)); diff --git a/server/routers/olm/handleOlmRegisterMessage.ts b/server/routers/olm/handleOlmRegisterMessage.ts index 95c6d519..11ca8b5e 100644 --- a/server/routers/olm/handleOlmRegisterMessage.ts +++ b/server/routers/olm/handleOlmRegisterMessage.ts @@ -1,16 +1,10 @@ import { db, ExitNode } from "@server/db"; import { MessageHandler } from "../ws"; -import { - clients, - clientSites, - exitNodes, - Olm, - olms, - sites -} from "@server/db"; -import { eq, inArray } from "drizzle-orm"; +import { clients, clientSites, exitNodes, Olm, olms, sites } from "@server/db"; +import { and, eq, inArray } from "drizzle-orm"; import { addPeer, deletePeer } from "../newt/peers"; import logger from "@server/logger"; +import { listExitNodes } from "@server/lib/exitNodes"; export const handleOlmRegisterMessage: MessageHandler = async (context) => { logger.info("Handling register olm message!"); @@ -28,9 +22,11 @@ export const handleOlmRegisterMessage: MessageHandler = async (context) => { return; } const clientId = olm.clientId; - const { publicKey, relay } = message.data; + const { publicKey, relay, olmVersion } = message.data; - logger.debug(`Olm client ID: ${clientId}, Public Key: ${publicKey}, Relay: ${relay}`); + logger.debug( + `Olm client ID: ${clientId}, Public Key: ${publicKey}, Relay: ${relay}` + ); if (!publicKey) { logger.warn("Public key not provided"); @@ -50,22 +46,46 @@ export const handleOlmRegisterMessage: MessageHandler = async (context) => { } if (client.exitNodeId) { - // Get the exit node for this site - const [exitNode] = await db - .select() - .from(exitNodes) - .where(eq(exitNodes.exitNodeId, client.exitNodeId)) - .limit(1); + // TODO: FOR NOW WE ARE JUST HOLEPUNCHING ALL EXIT NODES BUT IN THE FUTURE WE SHOULD HANDLE THIS BETTER - // Send holepunch message for each site - sendToClient(olm.olmId, { - type: "olm/wg/holepunch", + // Get the exit node + const allExitNodes = await listExitNodes(client.orgId, true); // FILTER THE ONLINE ONES + + const exitNodesHpData = allExitNodes.map((exitNode: ExitNode) => { + return { + publicKey: exitNode.publicKey, + endpoint: exitNode.endpoint + }; + }); + + // Send holepunch message + await sendToClient(olm.olmId, { + type: "olm/wg/holepunch/all", data: { - serverPubKey: exitNode.publicKey, - endpoint: exitNode.endpoint, + exitNodes: exitNodesHpData } }); - + + if (!olmVersion) { + // THIS IS FOR BACKWARDS COMPATIBILITY + // THE OLDER CLIENTS DID NOT SEND THE VERSION + await sendToClient(olm.olmId, { + type: "olm/wg/holepunch", + data: { + serverPubKey: allExitNodes[0].publicKey, + endpoint: allExitNodes[0].endpoint + } + }); + } + } + + if (olmVersion) { + await db + .update(olms) + .set({ + version: olmVersion + }) + .where(eq(olms.olmId, olm.olmId)); } if (now - (client.lastHolePunch || 0) > 6) { @@ -103,7 +123,9 @@ export const handleOlmRegisterMessage: MessageHandler = async (context) => { // Prepare an array to store site configurations const siteConfigurations = []; - logger.debug(`Found ${sitesData.length} sites for client ${client.clientId}`); + logger.debug( + `Found ${sitesData.length} sites for client ${client.clientId}` + ); if (sitesData.length === 0) { sendToClient(olm.olmId, { @@ -147,15 +169,26 @@ export const handleOlmRegisterMessage: MessageHandler = async (context) => { continue; } + const [clientSite] = await db + .select() + .from(clientSites) + .where( + and( + eq(clientSites.clientId, client.clientId), + eq(clientSites.siteId, site.siteId) + ) + ) + .limit(1); + // Add the peer to the exit node for this site - if (client.endpoint) { + if (clientSite.endpoint) { logger.info( - `Adding peer ${publicKey} to site ${site.siteId} with endpoint ${client.endpoint}` + `Adding peer ${publicKey} to site ${site.siteId} with endpoint ${clientSite.endpoint}` ); await addPeer(site.siteId, { publicKey: publicKey, - allowedIps: [`${client.subnet.split('/')[0]}/32`], // we want to only allow from that client - endpoint: relay ? "" : client.endpoint + allowedIps: [`${client.subnet.split("/")[0]}/32`], // we want to only allow from that client + endpoint: relay ? "" : clientSite.endpoint }); } else { logger.warn( @@ -188,7 +221,7 @@ export const handleOlmRegisterMessage: MessageHandler = async (context) => { }); } - // REMOVED THIS SO IT CREATES THE INTERFACE AND JUST WAITS FOR THE SITES + // REMOVED THIS SO IT CREATES THE INTERFACE AND JUST WAITS FOR THE SITES // if (siteConfigurations.length === 0) { // logger.warn("No valid site configurations found"); // return; diff --git a/server/routers/org/createOrg.ts b/server/routers/org/createOrg.ts index 9ac65115..d26774dd 100644 --- a/server/routers/org/createOrg.ts +++ b/server/routers/org/createOrg.ts @@ -136,7 +136,8 @@ export async function createOrg( .values({ orgId, name, - subnet + subnet, + createdAt: new Date().toISOString() }) .returning(); @@ -214,7 +215,7 @@ export async function createOrg( orgId: newOrg[0].orgId, roleId: roleId, isOwner: true - }); + }); } const memberRole = await trx @@ -233,18 +234,6 @@ export async function createOrg( orgId })) ); - - const rootApiKeys = await trx - .select() - .from(apiKeys) - .where(eq(apiKeys.isRoot, true)); - - for (const apiKey of rootApiKeys) { - await trx.insert(apiKeyOrg).values({ - apiKeyId: apiKey.apiKeyId, - orgId: newOrg[0].orgId - }); - } }); if (!org) { diff --git a/server/routers/resource/createResource.ts b/server/routers/resource/createResource.ts index 8c80c90c..e3e431ec 100644 --- a/server/routers/resource/createResource.ts +++ b/server/routers/resource/createResource.ts @@ -15,7 +15,6 @@ import response from "@server/lib/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; import { eq, and } from "drizzle-orm"; -import stoi from "@server/lib/stoi"; import { fromError } from "zod-validation-error"; import logger from "@server/logger"; import { subdomainSchema } from "@server/lib/schemas"; @@ -25,7 +24,6 @@ import { build } from "@server/build"; const createResourceParamsSchema = z .object({ - siteId: z.string().transform(stoi).pipe(z.number().int().positive()), orgId: z.string() }) .strict(); @@ -34,7 +32,6 @@ const createHttpResourceSchema = z .object({ name: z.string().min(1).max(255), subdomain: z.string().nullable().optional(), - siteId: z.number(), http: z.boolean(), protocol: z.enum(["tcp", "udp"]), domainId: z.string() @@ -53,11 +50,10 @@ const createHttpResourceSchema = z const createRawResourceSchema = z .object({ name: z.string().min(1).max(255), - siteId: z.number(), http: z.boolean(), protocol: z.enum(["tcp", "udp"]), proxyPort: z.number().int().min(1).max(65535), - enableProxy: z.boolean().default(true) + // enableProxy: z.boolean().default(true) // always true now }) .strict() .refine( @@ -78,7 +74,7 @@ export type CreateResourceResponse = Resource; registry.registerPath({ method: "put", - path: "/org/{orgId}/site/{siteId}/resource", + path: "/org/{orgId}/resource", description: "Create a resource.", tags: [OpenAPITags.Org, OpenAPITags.Resource], request: { @@ -111,7 +107,7 @@ export async function createResource( ); } - const { siteId, orgId } = parsedParams.data; + const { orgId } = parsedParams.data; if (req.user && !req.userOrgRoleId) { return next( @@ -146,7 +142,7 @@ export async function createResource( if (http) { return await createHttpResource( { req, res, next }, - { siteId, orgId } + { orgId } ); } else { if ( @@ -162,7 +158,7 @@ export async function createResource( } return await createRawResource( { req, res, next }, - { siteId, orgId } + { orgId } ); } } catch (error) { @@ -180,12 +176,11 @@ async function createHttpResource( next: NextFunction; }, meta: { - siteId: number; orgId: string; } ) { const { req, res, next } = route; - const { siteId, orgId } = meta; + const { orgId } = meta; const parsedBody = createHttpResourceSchema.safeParse(req.body); if (!parsedBody.success) { @@ -292,7 +287,6 @@ async function createHttpResource( const newResource = await trx .insert(resources) .values({ - siteId, fullDomain, domainId, orgId, @@ -357,12 +351,11 @@ async function createRawResource( next: NextFunction; }, meta: { - siteId: number; orgId: string; } ) { const { req, res, next } = route; - const { siteId, orgId } = meta; + const { orgId } = meta; const parsedBody = createRawResourceSchema.safeParse(req.body); if (!parsedBody.success) { @@ -374,7 +367,7 @@ async function createRawResource( ); } - const { name, http, protocol, proxyPort, enableProxy } = parsedBody.data; + const { name, http, protocol, proxyPort } = parsedBody.data; // if http is false check to see if there is already a resource with the same port and protocol const existingResource = await db @@ -402,13 +395,12 @@ async function createRawResource( const newResource = await trx .insert(resources) .values({ - siteId, orgId, name, http, protocol, proxyPort, - enableProxy + // enableProxy }) .returning(); diff --git a/server/routers/resource/deleteResource.ts b/server/routers/resource/deleteResource.ts index 99adc5f7..3b0e9df4 100644 --- a/server/routers/resource/deleteResource.ts +++ b/server/routers/resource/deleteResource.ts @@ -71,44 +71,44 @@ export async function deleteResource( ); } - const [site] = await db - .select() - .from(sites) - .where(eq(sites.siteId, deletedResource.siteId!)) - .limit(1); - - if (!site) { - return next( - createHttpError( - HttpCode.NOT_FOUND, - `Site with ID ${deletedResource.siteId} not found` - ) - ); - } - - if (site.pubKey) { - if (site.type == "wireguard") { - await addPeer(site.exitNodeId!, { - publicKey: site.pubKey, - allowedIps: await getAllowedIps(site.siteId) - }); - } else if (site.type == "newt") { - // get the newt on the site by querying the newt table for siteId - const [newt] = await db - .select() - .from(newts) - .where(eq(newts.siteId, site.siteId)) - .limit(1); - - removeTargets( - newt.newtId, - targetsToBeRemoved, - deletedResource.protocol, - deletedResource.proxyPort - ); - } - } - + // const [site] = await db + // .select() + // .from(sites) + // .where(eq(sites.siteId, deletedResource.siteId!)) + // .limit(1); + // + // if (!site) { + // return next( + // createHttpError( + // HttpCode.NOT_FOUND, + // `Site with ID ${deletedResource.siteId} not found` + // ) + // ); + // } + // + // if (site.pubKey) { + // if (site.type == "wireguard") { + // await addPeer(site.exitNodeId!, { + // publicKey: site.pubKey, + // allowedIps: await getAllowedIps(site.siteId) + // }); + // } else if (site.type == "newt") { + // // get the newt on the site by querying the newt table for siteId + // const [newt] = await db + // .select() + // .from(newts) + // .where(eq(newts.siteId, site.siteId)) + // .limit(1); + // + // removeTargets( + // newt.newtId, + // targetsToBeRemoved, + // deletedResource.protocol, + // deletedResource.proxyPort + // ); + // } + // } + // return response(res, { data: null, success: true, diff --git a/server/routers/resource/getResource.ts b/server/routers/resource/getResource.ts index 0cffb1cf..a2c1c0d1 100644 --- a/server/routers/resource/getResource.ts +++ b/server/routers/resource/getResource.ts @@ -19,9 +19,7 @@ const getResourceSchema = z }) .strict(); -export type GetResourceResponse = Resource & { - siteName: string; -}; +export type GetResourceResponse = Resource; registry.registerPath({ method: "get", @@ -56,11 +54,9 @@ export async function getResource( .select() .from(resources) .where(eq(resources.resourceId, resourceId)) - .leftJoin(sites, eq(sites.siteId, resources.siteId)) .limit(1); - const resource = resp.resources; - const site = resp.sites; + const resource = resp; if (!resource) { return next( @@ -73,8 +69,7 @@ export async function getResource( return response(res, { data: { - ...resource, - siteName: site?.name + ...resource }, success: true, error: false, diff --git a/server/routers/resource/getResourceAuthInfo.ts b/server/routers/resource/getResourceAuthInfo.ts index 64fade89..191221f1 100644 --- a/server/routers/resource/getResourceAuthInfo.ts +++ b/server/routers/resource/getResourceAuthInfo.ts @@ -31,6 +31,7 @@ export type GetResourceAuthInfoResponse = { blockAccess: boolean; url: string; whitelist: boolean; + skipToIdpId: number | null; }; export async function getResourceAuthInfo( @@ -86,7 +87,8 @@ export async function getResourceAuthInfo( sso: resource.sso, blockAccess: resource.blockAccess, url, - whitelist: resource.emailWhitelistEnabled + whitelist: resource.emailWhitelistEnabled, + skipToIdpId: resource.skipToIdpId }, success: true, error: false, diff --git a/server/routers/resource/getUserResources.ts b/server/routers/resource/getUserResources.ts index 681ec4d0..3d28da6f 100644 --- a/server/routers/resource/getUserResources.ts +++ b/server/routers/resource/getUserResources.ts @@ -1,16 +1,14 @@ import { Request, Response, NextFunction } from "express"; import { db } from "@server/db"; import { and, eq, or, inArray } from "drizzle-orm"; -import { - resources, - userResources, - roleResources, - userOrgs, - roles, +import { + resources, + userResources, + roleResources, + userOrgs, resourcePassword, resourcePincode, - resourceWhitelist, - sites + resourceWhitelist } from "@server/db"; import createHttpError from "http-errors"; import HttpCode from "@server/types/HttpCode"; @@ -37,12 +35,7 @@ export async function getUserResources( roleId: userOrgs.roleId }) .from(userOrgs) - .where( - and( - eq(userOrgs.userId, userId), - eq(userOrgs.orgId, orgId) - ) - ) + .where(and(eq(userOrgs.userId, userId), eq(userOrgs.orgId, orgId))) .limit(1); if (userOrgResult.length === 0) { @@ -71,8 +64,8 @@ export async function getUserResources( // Combine all accessible resource IDs const accessibleResourceIds = [ - ...directResources.map(r => r.resourceId), - ...roleResourceResults.map(r => r.resourceId) + ...directResources.map((r) => r.resourceId), + ...roleResourceResults.map((r) => r.resourceId) ]; if (accessibleResourceIds.length === 0) { @@ -95,11 +88,9 @@ export async function getUserResources( enabled: resources.enabled, sso: resources.sso, protocol: resources.protocol, - emailWhitelistEnabled: resources.emailWhitelistEnabled, - siteName: sites.name + emailWhitelistEnabled: resources.emailWhitelistEnabled }) .from(resources) - .leftJoin(sites, eq(sites.siteId, resources.siteId)) .where( and( inArray(resources.resourceId, accessibleResourceIds), @@ -111,28 +102,61 @@ export async function getUserResources( // Check for password, pincode, and whitelist protection for each resource const resourcesWithAuth = await Promise.all( resourcesData.map(async (resource) => { - const [passwordCheck, pincodeCheck, whitelistCheck] = await Promise.all([ - db.select().from(resourcePassword).where(eq(resourcePassword.resourceId, resource.resourceId)).limit(1), - db.select().from(resourcePincode).where(eq(resourcePincode.resourceId, resource.resourceId)).limit(1), - db.select().from(resourceWhitelist).where(eq(resourceWhitelist.resourceId, resource.resourceId)).limit(1) - ]); + const [passwordCheck, pincodeCheck, whitelistCheck] = + await Promise.all([ + db + .select() + .from(resourcePassword) + .where( + eq( + resourcePassword.resourceId, + resource.resourceId + ) + ) + .limit(1), + db + .select() + .from(resourcePincode) + .where( + eq( + resourcePincode.resourceId, + resource.resourceId + ) + ) + .limit(1), + db + .select() + .from(resourceWhitelist) + .where( + eq( + resourceWhitelist.resourceId, + resource.resourceId + ) + ) + .limit(1) + ]); const hasPassword = passwordCheck.length > 0; const hasPincode = pincodeCheck.length > 0; - const hasWhitelist = whitelistCheck.length > 0 || resource.emailWhitelistEnabled; + const hasWhitelist = + whitelistCheck.length > 0 || resource.emailWhitelistEnabled; return { resourceId: resource.resourceId, name: resource.name, domain: `${resource.ssl ? "https://" : "http://"}${resource.fullDomain}`, enabled: resource.enabled, - protected: !!(resource.sso || hasPassword || hasPincode || hasWhitelist), + protected: !!( + resource.sso || + hasPassword || + hasPincode || + hasWhitelist + ), protocol: resource.protocol, sso: resource.sso, password: hasPassword, pincode: hasPincode, - whitelist: hasWhitelist, - siteName: resource.siteName + whitelist: hasWhitelist }; }) ); @@ -144,11 +168,13 @@ export async function getUserResources( message: "User resources retrieved successfully", status: HttpCode.OK }); - } catch (error) { console.error("Error fetching user resources:", error); return next( - createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "Internal server error") + createHttpError( + HttpCode.INTERNAL_SERVER_ERROR, + "Internal server error" + ) ); } } @@ -165,4 +191,4 @@ export type GetUserResourcesResponse = { protocol: string; }>; }; -}; \ No newline at end of file +}; diff --git a/server/routers/resource/index.ts b/server/routers/resource/index.ts index f97fcdf4..1a2e5c2d 100644 --- a/server/routers/resource/index.ts +++ b/server/routers/resource/index.ts @@ -16,10 +16,9 @@ export * from "./setResourceWhitelist"; export * from "./getResourceWhitelist"; export * from "./authWithWhitelist"; export * from "./authWithAccessToken"; -export * from "./transferResource"; export * from "./getExchangeToken"; export * from "./createResourceRule"; export * from "./deleteResourceRule"; export * from "./listResourceRules"; export * from "./updateResourceRule"; -export * from "./getUserResources"; \ No newline at end of file +export * from "./getUserResources"; diff --git a/server/routers/resource/listResources.ts b/server/routers/resource/listResources.ts index 6df56001..43757b27 100644 --- a/server/routers/resource/listResources.ts +++ b/server/routers/resource/listResources.ts @@ -3,7 +3,6 @@ import { z } from "zod"; import { db } from "@server/db"; import { resources, - sites, userResources, roleResources, resourcePassword, @@ -20,17 +19,9 @@ import { OpenAPITags, registry } from "@server/openApi"; const listResourcesParamsSchema = z .object({ - siteId: z - .string() - .optional() - .transform(stoi) - .pipe(z.number().int().positive().optional()), - orgId: z.string().optional() + orgId: z.string() }) - .strict() - .refine((data) => !!data.siteId !== !!data.orgId, { - message: "Either siteId or orgId must be provided, but not both" - }); + .strict(); const listResourcesSchema = z.object({ limit: z @@ -48,82 +39,38 @@ const listResourcesSchema = z.object({ .pipe(z.number().int().nonnegative()) }); -function queryResources( - accessibleResourceIds: number[], - siteId?: number, - orgId?: string -) { - if (siteId) { - return db - .select({ - resourceId: resources.resourceId, - name: resources.name, - fullDomain: resources.fullDomain, - ssl: resources.ssl, - siteName: sites.name, - siteId: sites.niceId, - passwordId: resourcePassword.passwordId, - pincodeId: resourcePincode.pincodeId, - sso: resources.sso, - whitelist: resources.emailWhitelistEnabled, - http: resources.http, - protocol: resources.protocol, - proxyPort: resources.proxyPort, - enabled: resources.enabled, - domainId: resources.domainId - }) - .from(resources) - .leftJoin(sites, eq(resources.siteId, sites.siteId)) - .leftJoin( - resourcePassword, - eq(resourcePassword.resourceId, resources.resourceId) +function queryResources(accessibleResourceIds: number[], orgId: string) { + return db + .select({ + resourceId: resources.resourceId, + name: resources.name, + ssl: resources.ssl, + fullDomain: resources.fullDomain, + passwordId: resourcePassword.passwordId, + sso: resources.sso, + pincodeId: resourcePincode.pincodeId, + whitelist: resources.emailWhitelistEnabled, + http: resources.http, + protocol: resources.protocol, + proxyPort: resources.proxyPort, + enabled: resources.enabled, + domainId: resources.domainId + }) + .from(resources) + .leftJoin( + resourcePassword, + eq(resourcePassword.resourceId, resources.resourceId) + ) + .leftJoin( + resourcePincode, + eq(resourcePincode.resourceId, resources.resourceId) + ) + .where( + and( + inArray(resources.resourceId, accessibleResourceIds), + eq(resources.orgId, orgId) ) - .leftJoin( - resourcePincode, - eq(resourcePincode.resourceId, resources.resourceId) - ) - .where( - and( - inArray(resources.resourceId, accessibleResourceIds), - eq(resources.siteId, siteId) - ) - ); - } else if (orgId) { - return db - .select({ - resourceId: resources.resourceId, - name: resources.name, - ssl: resources.ssl, - fullDomain: resources.fullDomain, - siteName: sites.name, - siteId: sites.niceId, - passwordId: resourcePassword.passwordId, - sso: resources.sso, - pincodeId: resourcePincode.pincodeId, - whitelist: resources.emailWhitelistEnabled, - http: resources.http, - protocol: resources.protocol, - proxyPort: resources.proxyPort, - enabled: resources.enabled, - domainId: resources.domainId - }) - .from(resources) - .leftJoin(sites, eq(resources.siteId, sites.siteId)) - .leftJoin( - resourcePassword, - eq(resourcePassword.resourceId, resources.resourceId) - ) - .leftJoin( - resourcePincode, - eq(resourcePincode.resourceId, resources.resourceId) - ) - .where( - and( - inArray(resources.resourceId, accessibleResourceIds), - eq(resources.orgId, orgId) - ) - ); - } + ); } export type ListResourcesResponse = { @@ -131,20 +78,6 @@ export type ListResourcesResponse = { pagination: { total: number; limit: number; offset: number }; }; -registry.registerPath({ - method: "get", - path: "/site/{siteId}/resources", - description: "List resources for a site.", - tags: [OpenAPITags.Site, OpenAPITags.Resource], - request: { - params: z.object({ - siteId: z.number() - }), - query: listResourcesSchema - }, - responses: {} -}); - registry.registerPath({ method: "get", path: "/org/{orgId}/resources", @@ -185,9 +118,11 @@ export async function listResources( ) ); } - const { siteId } = parsedParams.data; - const orgId = parsedParams.data.orgId || req.userOrg?.orgId || req.apiKeyOrg?.orgId; + const orgId = + parsedParams.data.orgId || + req.userOrg?.orgId || + req.apiKeyOrg?.orgId; if (!orgId) { return next( @@ -207,24 +142,27 @@ export async function listResources( let accessibleResources; if (req.user) { accessibleResources = await db - .select({ - resourceId: sql`COALESCE(${userResources.resourceId}, ${roleResources.resourceId})` - }) - .from(userResources) - .fullJoin( - roleResources, - eq(userResources.resourceId, roleResources.resourceId) - ) - .where( - or( - eq(userResources.userId, req.user!.userId), - eq(roleResources.roleId, req.userOrgRoleId!) + .select({ + resourceId: sql`COALESCE(${userResources.resourceId}, ${roleResources.resourceId})` + }) + .from(userResources) + .fullJoin( + roleResources, + eq(userResources.resourceId, roleResources.resourceId) ) - ); + .where( + or( + eq(userResources.userId, req.user!.userId), + eq(roleResources.roleId, req.userOrgRoleId!) + ) + ); } else { - accessibleResources = await db.select({ - resourceId: resources.resourceId - }).from(resources).where(eq(resources.orgId, orgId)); + accessibleResources = await db + .select({ + resourceId: resources.resourceId + }) + .from(resources) + .where(eq(resources.orgId, orgId)); } const accessibleResourceIds = accessibleResources.map( @@ -236,7 +174,7 @@ export async function listResources( .from(resources) .where(inArray(resources.resourceId, accessibleResourceIds)); - const baseQuery = queryResources(accessibleResourceIds, siteId, orgId); + const baseQuery = queryResources(accessibleResourceIds, orgId); const resourcesList = await baseQuery!.limit(limit).offset(offset); const totalCountResult = await countQuery; diff --git a/server/routers/resource/transferResource.ts b/server/routers/resource/transferResource.ts deleted file mode 100644 index a99405df..00000000 --- a/server/routers/resource/transferResource.ts +++ /dev/null @@ -1,214 +0,0 @@ -import { Request, Response, NextFunction } from "express"; -import { z } from "zod"; -import { db } from "@server/db"; -import { newts, resources, sites, targets } from "@server/db"; -import { eq } from "drizzle-orm"; -import response from "@server/lib/response"; -import HttpCode from "@server/types/HttpCode"; -import createHttpError from "http-errors"; -import logger from "@server/logger"; -import { fromError } from "zod-validation-error"; -import { addPeer } from "../gerbil/peers"; -import { addTargets, removeTargets } from "../newt/targets"; -import { getAllowedIps } from "../target/helpers"; -import { OpenAPITags, registry } from "@server/openApi"; - -const transferResourceParamsSchema = z - .object({ - resourceId: z - .string() - .transform(Number) - .pipe(z.number().int().positive()) - }) - .strict(); - -const transferResourceBodySchema = z - .object({ - siteId: z.number().int().positive() - }) - .strict(); - -registry.registerPath({ - method: "post", - path: "/resource/{resourceId}/transfer", - description: - "Transfer a resource to a different site. This will also transfer the targets associated with the resource.", - tags: [OpenAPITags.Resource], - request: { - params: transferResourceParamsSchema, - body: { - content: { - "application/json": { - schema: transferResourceBodySchema - } - } - } - }, - responses: {} -}); - -export async function transferResource( - req: Request, - res: Response, - next: NextFunction -): Promise { - try { - const parsedParams = transferResourceParamsSchema.safeParse(req.params); - if (!parsedParams.success) { - return next( - createHttpError( - HttpCode.BAD_REQUEST, - fromError(parsedParams.error).toString() - ) - ); - } - - const parsedBody = transferResourceBodySchema.safeParse(req.body); - if (!parsedBody.success) { - return next( - createHttpError( - HttpCode.BAD_REQUEST, - fromError(parsedBody.error).toString() - ) - ); - } - - const { resourceId } = parsedParams.data; - const { siteId } = parsedBody.data; - - const [oldResource] = await db - .select() - .from(resources) - .where(eq(resources.resourceId, resourceId)) - .limit(1); - - if (!oldResource) { - return next( - createHttpError( - HttpCode.NOT_FOUND, - `Resource with ID ${resourceId} not found` - ) - ); - } - - if (oldResource.siteId === siteId) { - return next( - createHttpError( - HttpCode.BAD_REQUEST, - `Resource is already assigned to this site` - ) - ); - } - - const [newSite] = await db - .select() - .from(sites) - .where(eq(sites.siteId, siteId)) - .limit(1); - - if (!newSite) { - return next( - createHttpError( - HttpCode.NOT_FOUND, - `Site with ID ${siteId} not found` - ) - ); - } - - const [oldSite] = await db - .select() - .from(sites) - .where(eq(sites.siteId, oldResource.siteId)) - .limit(1); - - if (!oldSite) { - return next( - createHttpError( - HttpCode.NOT_FOUND, - `Site with ID ${oldResource.siteId} not found` - ) - ); - } - - const [updatedResource] = await db - .update(resources) - .set({ siteId }) - .where(eq(resources.resourceId, resourceId)) - .returning(); - - if (!updatedResource) { - return next( - createHttpError( - HttpCode.NOT_FOUND, - `Resource with ID ${resourceId} not found` - ) - ); - } - - const resourceTargets = await db - .select() - .from(targets) - .where(eq(targets.resourceId, resourceId)); - - if (resourceTargets.length > 0) { - ////// REMOVE THE TARGETS FROM THE OLD SITE ////// - if (oldSite.pubKey) { - if (oldSite.type == "wireguard") { - await addPeer(oldSite.exitNodeId!, { - publicKey: oldSite.pubKey, - allowedIps: await getAllowedIps(oldSite.siteId) - }); - } else if (oldSite.type == "newt") { - const [newt] = await db - .select() - .from(newts) - .where(eq(newts.siteId, oldSite.siteId)) - .limit(1); - - removeTargets( - newt.newtId, - resourceTargets, - updatedResource.protocol, - updatedResource.proxyPort - ); - } - } - - ////// ADD THE TARGETS TO THE NEW SITE ////// - if (newSite.pubKey) { - if (newSite.type == "wireguard") { - await addPeer(newSite.exitNodeId!, { - publicKey: newSite.pubKey, - allowedIps: await getAllowedIps(newSite.siteId) - }); - } else if (newSite.type == "newt") { - const [newt] = await db - .select() - .from(newts) - .where(eq(newts.siteId, newSite.siteId)) - .limit(1); - - addTargets( - newt.newtId, - resourceTargets, - updatedResource.protocol, - updatedResource.proxyPort - ); - } - } - } - - return response(res, { - data: updatedResource, - success: true, - error: false, - message: "Resource transferred successfully", - status: HttpCode.OK - }); - } catch (error) { - logger.error(error); - return next( - createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred") - ); - } -} diff --git a/server/routers/resource/updateResource.ts b/server/routers/resource/updateResource.ts index 5cf68c2b..30acc0c1 100644 --- a/server/routers/resource/updateResource.ts +++ b/server/routers/resource/updateResource.ts @@ -20,7 +20,6 @@ import { tlsNameSchema } from "@server/lib/schemas"; import { subdomainSchema } from "@server/lib/schemas"; import { registry } from "@server/openApi"; import { OpenAPITags } from "@server/openApi"; -import { build } from "@server/build"; const updateResourceParamsSchema = z .object({ @@ -44,7 +43,8 @@ const updateHttpResourceBodySchema = z enabled: z.boolean().optional(), stickySession: z.boolean().optional(), tlsServerName: z.string().nullable().optional(), - setHostHeader: z.string().nullable().optional() + setHostHeader: z.string().nullable().optional(), + skipToIdpId: z.number().int().positive().nullable().optional() }) .strict() .refine((data) => Object.keys(data).length > 0, { @@ -91,8 +91,8 @@ const updateRawResourceBodySchema = z name: z.string().min(1).max(255).optional(), proxyPort: z.number().int().min(1).max(65535).optional(), stickySession: z.boolean().optional(), - enabled: z.boolean().optional(), - enableProxy: z.boolean().optional() + enabled: z.boolean().optional() + // enableProxy: z.boolean().optional() // always true now }) .strict() .refine((data) => Object.keys(data).length > 0, { diff --git a/server/routers/role/addRoleSite.ts b/server/routers/role/addRoleSite.ts index 58da9879..d268eed4 100644 --- a/server/routers/role/addRoleSite.ts +++ b/server/routers/role/addRoleSite.ts @@ -60,18 +60,18 @@ export async function addRoleSite( }) .returning(); - const siteResources = await db - .select() - .from(resources) - .where(eq(resources.siteId, siteId)); - - for (const resource of siteResources) { - await trx.insert(roleResources).values({ - roleId, - resourceId: resource.resourceId - }); - } - + // const siteResources = await db + // .select() + // .from(resources) + // .where(eq(resources.siteId, siteId)); + // + // for (const resource of siteResources) { + // await trx.insert(roleResources).values({ + // roleId, + // resourceId: resource.resourceId + // }); + // } + // return response(res, { data: newRoleSite[0], success: true, diff --git a/server/routers/role/index.ts b/server/routers/role/index.ts index 0194c1f0..bbbe4ba8 100644 --- a/server/routers/role/index.ts +++ b/server/routers/role/index.ts @@ -1,6 +1,5 @@ export * from "./addRoleAction"; export * from "../resource/setResourceRoles"; -export * from "./addRoleSite"; export * from "./createRole"; export * from "./deleteRole"; export * from "./getRole"; @@ -11,5 +10,4 @@ export * from "./listRoles"; export * from "./listRoleSites"; export * from "./removeRoleAction"; export * from "./removeRoleResource"; -export * from "./removeRoleSite"; -export * from "./updateRole"; \ No newline at end of file +export * from "./updateRole"; diff --git a/server/routers/role/removeRoleSite.ts b/server/routers/role/removeRoleSite.ts index c88e4711..2670272d 100644 --- a/server/routers/role/removeRoleSite.ts +++ b/server/routers/role/removeRoleSite.ts @@ -71,22 +71,22 @@ export async function removeRoleSite( ); } - const siteResources = await db - .select() - .from(resources) - .where(eq(resources.siteId, siteId)); - - for (const resource of siteResources) { - await trx - .delete(roleResources) - .where( - and( - eq(roleResources.roleId, roleId), - eq(roleResources.resourceId, resource.resourceId) - ) - ) - .returning(); - } + // const siteResources = await db + // .select() + // .from(resources) + // .where(eq(resources.siteId, siteId)); + // + // for (const resource of siteResources) { + // await trx + // .delete(roleResources) + // .where( + // and( + // eq(roleResources.roleId, roleId), + // eq(roleResources.resourceId, resource.resourceId) + // ) + // ) + // .returning(); + // } }); return response(res, { diff --git a/server/routers/site/createSite.ts b/server/routers/site/createSite.ts index fb1170cd..3a4dd885 100644 --- a/server/routers/site/createSite.ts +++ b/server/routers/site/createSite.ts @@ -1,6 +1,6 @@ import { Request, Response, NextFunction } from "express"; import { z } from "zod"; -import { clients, db } from "@server/db"; +import { clients, db, exitNodes } from "@server/db"; import { roles, userSites, sites, roleSites, Site, orgs } from "@server/db"; import response from "@server/lib/response"; import HttpCode from "@server/types/HttpCode"; @@ -17,6 +17,7 @@ import { hashPassword } from "@server/auth/password"; import { isValidIP } from "@server/lib/validators"; import { isIpInCidr } from "@server/lib/ip"; import config from "@server/lib/config"; +import { verifyExitNodeOrgAccess } from "@server/lib/exitNodes"; const createSiteParamsSchema = z .object({ @@ -144,7 +145,7 @@ export async function createSite( return next( createHttpError( HttpCode.BAD_REQUEST, - "Invalid subnet format. Please provide a valid CIDR notation." + "Invalid address format. Please provide a valid IP notation." ) ); } @@ -206,7 +207,7 @@ export async function createSite( await db.transaction(async (trx) => { let newSite: Site; - if (exitNodeId) { + if ((type == "wireguard" || type == "newt") && exitNodeId) { // we are creating a site with an exit node (tunneled) if (!subnet) { return next( @@ -217,6 +218,32 @@ export async function createSite( ); } + const { exitNode, hasAccess } = + await verifyExitNodeOrgAccess( + exitNodeId, + orgId + ); + + if (!exitNode) { + logger.warn("Exit node not found"); + return next( + createHttpError( + HttpCode.NOT_FOUND, + "Exit node not found" + ) + ); + } + + if (!hasAccess) { + logger.warn("Not authorized to use this exit node"); + return next( + createHttpError( + HttpCode.FORBIDDEN, + "Not authorized to use this exit node" + ) + ); + } + [newSite] = await trx .insert(sites) .values({ @@ -237,12 +264,14 @@ export async function createSite( [newSite] = await trx .insert(sites) .values({ + exitNodeId: exitNodeId, orgId, name, niceId, address: updatedAddress || null, type, - dockerSocketEnabled: type == "newt", + dockerSocketEnabled: false, + online: true, subnet: "0.0.0.0/0" }) .returning(); diff --git a/server/routers/site/listSites.ts b/server/routers/site/listSites.ts index bdf44026..b2655ff6 100644 --- a/server/routers/site/listSites.ts +++ b/server/routers/site/listSites.ts @@ -21,11 +21,22 @@ async function getLatestNewtVersion(): Promise { return cachedVersion; } + const controller = new AbortController(); + const timeoutId = setTimeout(() => controller.abort(), 1500); // Reduced timeout to 1.5 seconds + const response = await fetch( - "https://api.github.com/repos/fosrl/newt/tags" + "https://api.github.com/repos/fosrl/newt/tags", + { + signal: controller.signal + } ); + + clearTimeout(timeoutId); + if (!response.ok) { - logger.warn("Failed to fetch latest Newt version from GitHub"); + logger.warn( + `Failed to fetch latest Newt version from GitHub: ${response.status} ${response.statusText}` + ); return null; } @@ -40,8 +51,21 @@ async function getLatestNewtVersion(): Promise { newtVersionCache.set("latestNewtVersion", latestVersion); return latestVersion; - } catch (error) { - logger.error("Error fetching latest Newt version:", error); + } catch (error: any) { + if (error.name === "AbortError") { + logger.warn( + "Request to fetch latest Newt version timed out (1.5s)" + ); + } else if (error.cause?.code === "UND_ERR_CONNECT_TIMEOUT") { + logger.warn( + "Connection timeout while fetching latest Newt version" + ); + } else { + logger.warn( + "Error fetching latest Newt version:", + error.message || error + ); + } return null; } } @@ -190,33 +214,48 @@ export async function listSites( const totalCountResult = await countQuery; const totalCount = totalCountResult[0].count; - const latestNewtVersion = await getLatestNewtVersion(); + // Get latest version asynchronously without blocking the response + const latestNewtVersionPromise = getLatestNewtVersion(); const sitesWithUpdates: SiteWithUpdateAvailable[] = sitesList.map( (site) => { const siteWithUpdate: SiteWithUpdateAvailable = { ...site }; - - if ( - site.type === "newt" && - site.newtVersion && - latestNewtVersion - ) { - try { - siteWithUpdate.newtUpdateAvailable = semver.lt( - site.newtVersion, - latestNewtVersion - ); - } catch (error) { - siteWithUpdate.newtUpdateAvailable = false; - } - } else { - siteWithUpdate.newtUpdateAvailable = false; - } - + // Initially set to false, will be updated if version check succeeds + siteWithUpdate.newtUpdateAvailable = false; return siteWithUpdate; } ); + // Try to get the latest version, but don't block if it fails + try { + const latestNewtVersion = await latestNewtVersionPromise; + + if (latestNewtVersion) { + sitesWithUpdates.forEach((site) => { + if ( + site.type === "newt" && + site.newtVersion && + latestNewtVersion + ) { + try { + site.newtUpdateAvailable = semver.lt( + site.newtVersion, + latestNewtVersion + ); + } catch (error) { + site.newtUpdateAvailable = false; + } + } + }); + } + } catch (error) { + // Log the error but don't let it block the response + logger.warn( + "Failed to check for Newt updates, continuing without update info:", + error + ); + } + return response(res, { data: { sites: sitesWithUpdates, diff --git a/server/routers/site/pickSiteDefaults.ts b/server/routers/site/pickSiteDefaults.ts index d6309d0c..2e705c56 100644 --- a/server/routers/site/pickSiteDefaults.ts +++ b/server/routers/site/pickSiteDefaults.ts @@ -6,12 +6,16 @@ import response from "@server/lib/response"; import HttpCode from "@server/types/HttpCode"; import createHttpError from "http-errors"; import logger from "@server/logger"; -import { findNextAvailableCidr, getNextAvailableClientSubnet } from "@server/lib/ip"; +import { + findNextAvailableCidr, + getNextAvailableClientSubnet +} from "@server/lib/ip"; import { generateId } from "@server/auth/sessions/app"; import config from "@server/lib/config"; import { OpenAPITags, registry } from "@server/openApi"; import { fromError } from "zod-validation-error"; import { z } from "zod"; +import { listExitNodes } from "@server/lib/exitNodes"; export type PickSiteDefaultsResponse = { exitNodeId: number; @@ -65,16 +69,10 @@ export async function pickSiteDefaults( const { orgId } = parsedParams.data; // TODO: more intelligent way to pick the exit node - // make sure there is an exit node by counting the exit nodes table - const nodes = await db.select().from(exitNodes); - if (nodes.length === 0) { - return next( - createHttpError(HttpCode.NOT_FOUND, "No exit nodes available") - ); - } + const exitNodesList = await listExitNodes(orgId); - // get the first exit node - const exitNode = nodes[0]; + const randomExitNode = + exitNodesList[Math.floor(Math.random() * exitNodesList.length)]; // TODO: this probably can be optimized... // list all of the sites on that exit node @@ -83,13 +81,15 @@ export async function pickSiteDefaults( subnet: sites.subnet }) .from(sites) - .where(eq(sites.exitNodeId, exitNode.exitNodeId)); + .where(eq(sites.exitNodeId, randomExitNode.exitNodeId)); // TODO: we need to lock this subnet for some time so someone else does not take it - const subnets = sitesQuery.map((site) => site.subnet).filter((subnet) => subnet !== null); + const subnets = sitesQuery + .map((site) => site.subnet) + .filter((subnet) => subnet !== null); // exclude the exit node address by replacing after the / with a site block size subnets.push( - exitNode.address.replace( + randomExitNode.address.replace( /\/\d+$/, `/${config.getRawConfig().gerbil.site_block_size}` ) @@ -97,7 +97,7 @@ export async function pickSiteDefaults( const newSubnet = findNextAvailableCidr( subnets, config.getRawConfig().gerbil.site_block_size, - exitNode.address + randomExitNode.address ); if (!newSubnet) { return next( @@ -125,12 +125,12 @@ export async function pickSiteDefaults( return response(res, { data: { - exitNodeId: exitNode.exitNodeId, - address: exitNode.address, - publicKey: exitNode.publicKey, - name: exitNode.name, - listenPort: exitNode.listenPort, - endpoint: exitNode.endpoint, + exitNodeId: randomExitNode.exitNodeId, + address: randomExitNode.address, + publicKey: randomExitNode.publicKey, + name: randomExitNode.name, + listenPort: randomExitNode.listenPort, + endpoint: randomExitNode.endpoint, // subnet: `${newSubnet.split("/")[0]}/${config.getRawConfig().gerbil.block_size}`, // we want the block size of the whole subnet subnet: newSubnet, clientAddress: clientAddress, diff --git a/server/routers/siteResource/createSiteResource.ts b/server/routers/siteResource/createSiteResource.ts new file mode 100644 index 00000000..da41c19c --- /dev/null +++ b/server/routers/siteResource/createSiteResource.ts @@ -0,0 +1,171 @@ +import { Request, Response, NextFunction } from "express"; +import { z } from "zod"; +import { db, newts } from "@server/db"; +import { siteResources, sites, orgs, SiteResource } from "@server/db"; +import response from "@server/lib/response"; +import HttpCode from "@server/types/HttpCode"; +import createHttpError from "http-errors"; +import { eq, and } from "drizzle-orm"; +import { fromError } from "zod-validation-error"; +import logger from "@server/logger"; +import { OpenAPITags, registry } from "@server/openApi"; +import { addTargets } from "../client/targets"; + +const createSiteResourceParamsSchema = z + .object({ + siteId: z.string().transform(Number).pipe(z.number().int().positive()), + orgId: z.string() + }) + .strict(); + +const createSiteResourceSchema = z + .object({ + name: z.string().min(1).max(255), + protocol: z.enum(["tcp", "udp"]), + proxyPort: z.number().int().positive(), + destinationPort: z.number().int().positive(), + destinationIp: z.string(), + enabled: z.boolean().default(true) + }) + .strict(); + +export type CreateSiteResourceBody = z.infer; +export type CreateSiteResourceResponse = SiteResource; + +registry.registerPath({ + method: "put", + path: "/org/{orgId}/site/{siteId}/resource", + description: "Create a new site resource.", + tags: [OpenAPITags.Client, OpenAPITags.Org], + request: { + params: createSiteResourceParamsSchema, + body: { + content: { + "application/json": { + schema: createSiteResourceSchema + } + } + } + }, + responses: {} +}); + +export async function createSiteResource( + req: Request, + res: Response, + next: NextFunction +): Promise { + try { + const parsedParams = createSiteResourceParamsSchema.safeParse( + req.params + ); + if (!parsedParams.success) { + return next( + createHttpError( + HttpCode.BAD_REQUEST, + fromError(parsedParams.error).toString() + ) + ); + } + + const parsedBody = createSiteResourceSchema.safeParse(req.body); + if (!parsedBody.success) { + return next( + createHttpError( + HttpCode.BAD_REQUEST, + fromError(parsedBody.error).toString() + ) + ); + } + + const { siteId, orgId } = parsedParams.data; + const { + name, + protocol, + proxyPort, + destinationPort, + destinationIp, + enabled + } = parsedBody.data; + + // Verify the site exists and belongs to the org + const [site] = await db + .select() + .from(sites) + .where(and(eq(sites.siteId, siteId), eq(sites.orgId, orgId))) + .limit(1); + + if (!site) { + return next(createHttpError(HttpCode.NOT_FOUND, "Site not found")); + } + + // check if resource with same protocol and proxy port already exists + const [existingResource] = await db + .select() + .from(siteResources) + .where( + and( + eq(siteResources.siteId, siteId), + eq(siteResources.orgId, orgId), + eq(siteResources.protocol, protocol), + eq(siteResources.proxyPort, proxyPort) + ) + ) + .limit(1); + if (existingResource && existingResource.siteResourceId) { + return next( + createHttpError( + HttpCode.CONFLICT, + "A resource with the same protocol and proxy port already exists" + ) + ); + } + + // Create the site resource + const [newSiteResource] = await db + .insert(siteResources) + .values({ + siteId, + orgId, + name, + protocol, + proxyPort, + destinationPort, + destinationIp, + enabled + }) + .returning(); + + const [newt] = await db + .select() + .from(newts) + .where(eq(newts.siteId, site.siteId)) + .limit(1); + + if (!newt) { + return next(createHttpError(HttpCode.NOT_FOUND, "Newt not found")); + } + + await addTargets(newt.newtId, destinationIp, destinationPort, protocol, proxyPort); + + logger.info( + `Created site resource ${newSiteResource.siteResourceId} for site ${siteId}` + ); + + return response(res, { + data: newSiteResource, + success: true, + error: false, + message: "Site resource created successfully", + status: HttpCode.CREATED + }); + } catch (error) { + logger.error("Error creating site resource:", error); + return next( + createHttpError( + HttpCode.INTERNAL_SERVER_ERROR, + "Failed to create site resource" + ) + ); + } +} diff --git a/server/routers/siteResource/deleteSiteResource.ts b/server/routers/siteResource/deleteSiteResource.ts new file mode 100644 index 00000000..347d4b53 --- /dev/null +++ b/server/routers/siteResource/deleteSiteResource.ts @@ -0,0 +1,125 @@ +import { Request, Response, NextFunction } from "express"; +import { z } from "zod"; +import { db, newts, sites } from "@server/db"; +import { siteResources } from "@server/db"; +import response from "@server/lib/response"; +import HttpCode from "@server/types/HttpCode"; +import createHttpError from "http-errors"; +import { eq, and } from "drizzle-orm"; +import { fromError } from "zod-validation-error"; +import logger from "@server/logger"; +import { OpenAPITags, registry } from "@server/openApi"; +import { removeTargets } from "../client/targets"; + +const deleteSiteResourceParamsSchema = z + .object({ + siteResourceId: z.string().transform(Number).pipe(z.number().int().positive()), + siteId: z.string().transform(Number).pipe(z.number().int().positive()), + orgId: z.string() + }) + .strict(); + +export type DeleteSiteResourceResponse = { + message: string; +}; + +registry.registerPath({ + method: "delete", + path: "/org/{orgId}/site/{siteId}/resource/{siteResourceId}", + description: "Delete a site resource.", + tags: [OpenAPITags.Client, OpenAPITags.Org], + request: { + params: deleteSiteResourceParamsSchema + }, + responses: {} +}); + +export async function deleteSiteResource( + req: Request, + res: Response, + next: NextFunction +): Promise { + try { + const parsedParams = deleteSiteResourceParamsSchema.safeParse(req.params); + if (!parsedParams.success) { + return next( + createHttpError( + HttpCode.BAD_REQUEST, + fromError(parsedParams.error).toString() + ) + ); + } + + const { siteResourceId, siteId, orgId } = parsedParams.data; + + const [site] = await db + .select() + .from(sites) + .where(and(eq(sites.siteId, siteId), eq(sites.orgId, orgId))) + .limit(1); + + if (!site) { + return next(createHttpError(HttpCode.NOT_FOUND, "Site not found")); + } + + // Check if site resource exists + const [existingSiteResource] = await db + .select() + .from(siteResources) + .where(and( + eq(siteResources.siteResourceId, siteResourceId), + eq(siteResources.siteId, siteId), + eq(siteResources.orgId, orgId) + )) + .limit(1); + + if (!existingSiteResource) { + return next( + createHttpError( + HttpCode.NOT_FOUND, + "Site resource not found" + ) + ); + } + + // Delete the site resource + await db + .delete(siteResources) + .where(and( + eq(siteResources.siteResourceId, siteResourceId), + eq(siteResources.siteId, siteId), + eq(siteResources.orgId, orgId) + )); + + const [newt] = await db + .select() + .from(newts) + .where(eq(newts.siteId, site.siteId)) + .limit(1); + + if (!newt) { + return next(createHttpError(HttpCode.NOT_FOUND, "Newt not found")); + } + + await removeTargets( + newt.newtId, + existingSiteResource.destinationIp, + existingSiteResource.destinationPort, + existingSiteResource.protocol, + existingSiteResource.proxyPort + ); + + logger.info(`Deleted site resource ${siteResourceId} for site ${siteId}`); + + return response(res, { + data: { message: "Site resource deleted successfully" }, + success: true, + error: false, + message: "Site resource deleted successfully", + status: HttpCode.OK + }); + } catch (error) { + logger.error("Error deleting site resource:", error); + return next(createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "Failed to delete site resource")); + } +} diff --git a/server/routers/siteResource/getSiteResource.ts b/server/routers/siteResource/getSiteResource.ts new file mode 100644 index 00000000..914706cd --- /dev/null +++ b/server/routers/siteResource/getSiteResource.ts @@ -0,0 +1,83 @@ +import { Request, Response, NextFunction } from "express"; +import { z } from "zod"; +import { db } from "@server/db"; +import { siteResources, SiteResource } from "@server/db"; +import response from "@server/lib/response"; +import HttpCode from "@server/types/HttpCode"; +import createHttpError from "http-errors"; +import { eq, and } from "drizzle-orm"; +import { fromError } from "zod-validation-error"; +import logger from "@server/logger"; +import { OpenAPITags, registry } from "@server/openApi"; + +const getSiteResourceParamsSchema = z + .object({ + siteResourceId: z.string().transform(Number).pipe(z.number().int().positive()), + siteId: z.string().transform(Number).pipe(z.number().int().positive()), + orgId: z.string() + }) + .strict(); + +export type GetSiteResourceResponse = SiteResource; + +registry.registerPath({ + method: "get", + path: "/org/{orgId}/site/{siteId}/resource/{siteResourceId}", + description: "Get a specific site resource.", + tags: [OpenAPITags.Client, OpenAPITags.Org], + request: { + params: getSiteResourceParamsSchema + }, + responses: {} +}); + +export async function getSiteResource( + req: Request, + res: Response, + next: NextFunction +): Promise { + try { + const parsedParams = getSiteResourceParamsSchema.safeParse(req.params); + if (!parsedParams.success) { + return next( + createHttpError( + HttpCode.BAD_REQUEST, + fromError(parsedParams.error).toString() + ) + ); + } + + const { siteResourceId, siteId, orgId } = parsedParams.data; + + // Get the site resource + const [siteResource] = await db + .select() + .from(siteResources) + .where(and( + eq(siteResources.siteResourceId, siteResourceId), + eq(siteResources.siteId, siteId), + eq(siteResources.orgId, orgId) + )) + .limit(1); + + if (!siteResource) { + return next( + createHttpError( + HttpCode.NOT_FOUND, + "Site resource not found" + ) + ); + } + + return response(res, { + data: siteResource, + success: true, + error: false, + message: "Site resource retrieved successfully", + status: HttpCode.OK + }); + } catch (error) { + logger.error("Error getting site resource:", error); + return next(createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "Failed to get site resource")); + } +} diff --git a/server/routers/siteResource/index.ts b/server/routers/siteResource/index.ts new file mode 100644 index 00000000..2c3e2526 --- /dev/null +++ b/server/routers/siteResource/index.ts @@ -0,0 +1,6 @@ +export * from "./createSiteResource"; +export * from "./deleteSiteResource"; +export * from "./getSiteResource"; +export * from "./updateSiteResource"; +export * from "./listSiteResources"; +export * from "./listAllSiteResourcesByOrg"; diff --git a/server/routers/siteResource/listAllSiteResourcesByOrg.ts b/server/routers/siteResource/listAllSiteResourcesByOrg.ts new file mode 100644 index 00000000..948fc2c2 --- /dev/null +++ b/server/routers/siteResource/listAllSiteResourcesByOrg.ts @@ -0,0 +1,111 @@ +import { Request, Response, NextFunction } from "express"; +import { z } from "zod"; +import { db } from "@server/db"; +import { siteResources, sites, SiteResource } from "@server/db"; +import response from "@server/lib/response"; +import HttpCode from "@server/types/HttpCode"; +import createHttpError from "http-errors"; +import { eq, and } from "drizzle-orm"; +import { fromError } from "zod-validation-error"; +import logger from "@server/logger"; +import { OpenAPITags, registry } from "@server/openApi"; + +const listAllSiteResourcesByOrgParamsSchema = z + .object({ + orgId: z.string() + }) + .strict(); + +const listAllSiteResourcesByOrgQuerySchema = z.object({ + limit: z + .string() + .optional() + .default("1000") + .transform(Number) + .pipe(z.number().int().positive()), + offset: z + .string() + .optional() + .default("0") + .transform(Number) + .pipe(z.number().int().nonnegative()) +}); + +export type ListAllSiteResourcesByOrgResponse = { + siteResources: (SiteResource & { siteName: string, siteNiceId: string })[]; +}; + +registry.registerPath({ + method: "get", + path: "/org/{orgId}/site-resources", + description: "List all site resources for an organization.", + tags: [OpenAPITags.Client, OpenAPITags.Org], + request: { + params: listAllSiteResourcesByOrgParamsSchema, + query: listAllSiteResourcesByOrgQuerySchema + }, + responses: {} +}); + +export async function listAllSiteResourcesByOrg( + req: Request, + res: Response, + next: NextFunction +): Promise { + try { + const parsedParams = listAllSiteResourcesByOrgParamsSchema.safeParse(req.params); + if (!parsedParams.success) { + return next( + createHttpError( + HttpCode.BAD_REQUEST, + fromError(parsedParams.error).toString() + ) + ); + } + + const parsedQuery = listAllSiteResourcesByOrgQuerySchema.safeParse(req.query); + if (!parsedQuery.success) { + return next( + createHttpError( + HttpCode.BAD_REQUEST, + fromError(parsedQuery.error).toString() + ) + ); + } + + const { orgId } = parsedParams.data; + const { limit, offset } = parsedQuery.data; + + // Get all site resources for the org with site names + const siteResourcesList = await db + .select({ + siteResourceId: siteResources.siteResourceId, + siteId: siteResources.siteId, + orgId: siteResources.orgId, + name: siteResources.name, + protocol: siteResources.protocol, + proxyPort: siteResources.proxyPort, + destinationPort: siteResources.destinationPort, + destinationIp: siteResources.destinationIp, + enabled: siteResources.enabled, + siteName: sites.name, + siteNiceId: sites.niceId + }) + .from(siteResources) + .innerJoin(sites, eq(siteResources.siteId, sites.siteId)) + .where(eq(siteResources.orgId, orgId)) + .limit(limit) + .offset(offset); + + return response(res, { + data: { siteResources: siteResourcesList }, + success: true, + error: false, + message: "Site resources retrieved successfully", + status: HttpCode.OK + }); + } catch (error) { + logger.error("Error listing all site resources by org:", error); + return next(createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "Failed to list site resources")); + } +} diff --git a/server/routers/siteResource/listSiteResources.ts b/server/routers/siteResource/listSiteResources.ts new file mode 100644 index 00000000..7fdb7a85 --- /dev/null +++ b/server/routers/siteResource/listSiteResources.ts @@ -0,0 +1,118 @@ +import { Request, Response, NextFunction } from "express"; +import { z } from "zod"; +import { db } from "@server/db"; +import { siteResources, sites, SiteResource } from "@server/db"; +import response from "@server/lib/response"; +import HttpCode from "@server/types/HttpCode"; +import createHttpError from "http-errors"; +import { eq, and } from "drizzle-orm"; +import { fromError } from "zod-validation-error"; +import logger from "@server/logger"; +import { OpenAPITags, registry } from "@server/openApi"; + +const listSiteResourcesParamsSchema = z + .object({ + siteId: z.string().transform(Number).pipe(z.number().int().positive()), + orgId: z.string() + }) + .strict(); + +const listSiteResourcesQuerySchema = z.object({ + limit: z + .string() + .optional() + .default("100") + .transform(Number) + .pipe(z.number().int().positive()), + offset: z + .string() + .optional() + .default("0") + .transform(Number) + .pipe(z.number().int().nonnegative()) +}); + +export type ListSiteResourcesResponse = { + siteResources: SiteResource[]; +}; + +registry.registerPath({ + method: "get", + path: "/org/{orgId}/site/{siteId}/resources", + description: "List site resources for a site.", + tags: [OpenAPITags.Client, OpenAPITags.Org], + request: { + params: listSiteResourcesParamsSchema, + query: listSiteResourcesQuerySchema + }, + responses: {} +}); + +export async function listSiteResources( + req: Request, + res: Response, + next: NextFunction +): Promise { + try { + const parsedParams = listSiteResourcesParamsSchema.safeParse(req.params); + if (!parsedParams.success) { + return next( + createHttpError( + HttpCode.BAD_REQUEST, + fromError(parsedParams.error).toString() + ) + ); + } + + const parsedQuery = listSiteResourcesQuerySchema.safeParse(req.query); + if (!parsedQuery.success) { + return next( + createHttpError( + HttpCode.BAD_REQUEST, + fromError(parsedQuery.error).toString() + ) + ); + } + + const { siteId, orgId } = parsedParams.data; + const { limit, offset } = parsedQuery.data; + + // Verify the site exists and belongs to the org + const site = await db + .select() + .from(sites) + .where(and(eq(sites.siteId, siteId), eq(sites.orgId, orgId))) + .limit(1); + + if (site.length === 0) { + return next( + createHttpError( + HttpCode.NOT_FOUND, + "Site not found" + ) + ); + } + + // Get site resources + const siteResourcesList = await db + .select() + .from(siteResources) + .where(and( + eq(siteResources.siteId, siteId), + eq(siteResources.orgId, orgId) + )) + .limit(limit) + .offset(offset); + + return response(res, { + data: { siteResources: siteResourcesList }, + success: true, + error: false, + message: "Site resources retrieved successfully", + status: HttpCode.OK + }); + } catch (error) { + logger.error("Error listing site resources:", error); + return next(createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "Failed to list site resources")); + } +} diff --git a/server/routers/siteResource/updateSiteResource.ts b/server/routers/siteResource/updateSiteResource.ts new file mode 100644 index 00000000..82e2fe68 --- /dev/null +++ b/server/routers/siteResource/updateSiteResource.ts @@ -0,0 +1,197 @@ +import { Request, Response, NextFunction } from "express"; +import { z } from "zod"; +import { db, newts, sites } from "@server/db"; +import { siteResources, SiteResource } from "@server/db"; +import response from "@server/lib/response"; +import HttpCode from "@server/types/HttpCode"; +import createHttpError from "http-errors"; +import { eq, and } from "drizzle-orm"; +import { fromError } from "zod-validation-error"; +import logger from "@server/logger"; +import { OpenAPITags, registry } from "@server/openApi"; +import { addTargets } from "../client/targets"; + +const updateSiteResourceParamsSchema = z + .object({ + siteResourceId: z + .string() + .transform(Number) + .pipe(z.number().int().positive()), + siteId: z.string().transform(Number).pipe(z.number().int().positive()), + orgId: z.string() + }) + .strict(); + +const updateSiteResourceSchema = z + .object({ + name: z.string().min(1).max(255).optional(), + protocol: z.enum(["tcp", "udp"]).optional(), + proxyPort: z.number().int().positive().optional(), + destinationPort: z.number().int().positive().optional(), + destinationIp: z.string().ip().optional(), + enabled: z.boolean().optional() + }) + .strict(); + +export type UpdateSiteResourceBody = z.infer; +export type UpdateSiteResourceResponse = SiteResource; + +registry.registerPath({ + method: "post", + path: "/org/{orgId}/site/{siteId}/resource/{siteResourceId}", + description: "Update a site resource.", + tags: [OpenAPITags.Client, OpenAPITags.Org], + request: { + params: updateSiteResourceParamsSchema, + body: { + content: { + "application/json": { + schema: updateSiteResourceSchema + } + } + } + }, + responses: {} +}); + +export async function updateSiteResource( + req: Request, + res: Response, + next: NextFunction +): Promise { + try { + const parsedParams = updateSiteResourceParamsSchema.safeParse( + req.params + ); + if (!parsedParams.success) { + return next( + createHttpError( + HttpCode.BAD_REQUEST, + fromError(parsedParams.error).toString() + ) + ); + } + + const parsedBody = updateSiteResourceSchema.safeParse(req.body); + if (!parsedBody.success) { + return next( + createHttpError( + HttpCode.BAD_REQUEST, + fromError(parsedBody.error).toString() + ) + ); + } + + const { siteResourceId, siteId, orgId } = parsedParams.data; + const updateData = parsedBody.data; + + const [site] = await db + .select() + .from(sites) + .where(and(eq(sites.siteId, siteId), eq(sites.orgId, orgId))) + .limit(1); + + if (!site) { + return next(createHttpError(HttpCode.NOT_FOUND, "Site not found")); + } + + // Check if site resource exists + const [existingSiteResource] = await db + .select() + .from(siteResources) + .where( + and( + eq(siteResources.siteResourceId, siteResourceId), + eq(siteResources.siteId, siteId), + eq(siteResources.orgId, orgId) + ) + ) + .limit(1); + + if (!existingSiteResource) { + return next( + createHttpError(HttpCode.NOT_FOUND, "Site resource not found") + ); + } + + const protocol = updateData.protocol || existingSiteResource.protocol; + const proxyPort = + updateData.proxyPort || existingSiteResource.proxyPort; + + // check if resource with same protocol and proxy port already exists + const [existingResource] = await db + .select() + .from(siteResources) + .where( + and( + eq(siteResources.siteId, siteId), + eq(siteResources.orgId, orgId), + eq(siteResources.protocol, protocol), + eq(siteResources.proxyPort, proxyPort) + ) + ) + .limit(1); + if ( + existingResource && + existingResource.siteResourceId !== siteResourceId + ) { + return next( + createHttpError( + HttpCode.CONFLICT, + "A resource with the same protocol and proxy port already exists" + ) + ); + } + + // Update the site resource + const [updatedSiteResource] = await db + .update(siteResources) + .set(updateData) + .where( + and( + eq(siteResources.siteResourceId, siteResourceId), + eq(siteResources.siteId, siteId), + eq(siteResources.orgId, orgId) + ) + ) + .returning(); + + const [newt] = await db + .select() + .from(newts) + .where(eq(newts.siteId, site.siteId)) + .limit(1); + + if (!newt) { + return next(createHttpError(HttpCode.NOT_FOUND, "Newt not found")); + } + + await addTargets( + newt.newtId, + updatedSiteResource.destinationIp, + updatedSiteResource.destinationPort, + updatedSiteResource.protocol, + updatedSiteResource.proxyPort + ); + + logger.info( + `Updated site resource ${siteResourceId} for site ${siteId}` + ); + + return response(res, { + data: updatedSiteResource, + success: true, + error: false, + message: "Site resource updated successfully", + status: HttpCode.OK + }); + } catch (error) { + logger.error("Error updating site resource:", error); + return next( + createHttpError( + HttpCode.INTERNAL_SERVER_ERROR, + "Failed to update site resource" + ) + ); + } +} diff --git a/server/routers/target/createTarget.ts b/server/routers/target/createTarget.ts index ffea1571..7a3acd55 100644 --- a/server/routers/target/createTarget.ts +++ b/server/routers/target/createTarget.ts @@ -26,6 +26,7 @@ const createTargetParamsSchema = z const createTargetSchema = z .object({ + siteId: z.number().int().positive(), ip: z.string().refine(isTargetValid), method: z.string().optional().nullable(), port: z.number().int().min(1).max(65535), @@ -98,17 +99,41 @@ export async function createTarget( ); } + const siteId = targetData.siteId; + const [site] = await db .select() .from(sites) - .where(eq(sites.siteId, resource.siteId!)) + .where(eq(sites.siteId, siteId)) .limit(1); if (!site) { return next( createHttpError( HttpCode.NOT_FOUND, - `Site with ID ${resource.siteId} not found` + `Site with ID ${siteId} not found` + ) + ); + } + + const existingTargets = await db + .select() + .from(targets) + .where(eq(targets.resourceId, resourceId)); + + const existingTarget = existingTargets.find( + (target) => + target.ip === targetData.ip && + target.port === targetData.port && + target.method === targetData.method && + target.siteId === targetData.siteId + ); + + if (existingTarget) { + return next( + createHttpError( + HttpCode.BAD_REQUEST, + `Target with IP ${targetData.ip}, port ${targetData.port}, method ${targetData.method} already exists for resource ID ${resourceId}` ) ); } @@ -173,7 +198,12 @@ export async function createTarget( .where(eq(newts.siteId, site.siteId)) .limit(1); - addTargets(newt.newtId, newTarget, resource.protocol, resource.proxyPort); + await addTargets( + newt.newtId, + newTarget, + resource.protocol, + resource.proxyPort + ); } } } diff --git a/server/routers/target/deleteTarget.ts b/server/routers/target/deleteTarget.ts index 6eadeccd..596691e4 100644 --- a/server/routers/target/deleteTarget.ts +++ b/server/routers/target/deleteTarget.ts @@ -76,38 +76,38 @@ export async function deleteTarget( ); } - const [site] = await db - .select() - .from(sites) - .where(eq(sites.siteId, resource.siteId!)) - .limit(1); - - if (!site) { - return next( - createHttpError( - HttpCode.NOT_FOUND, - `Site with ID ${resource.siteId} not found` - ) - ); - } - - if (site.pubKey) { - if (site.type == "wireguard") { - await addPeer(site.exitNodeId!, { - publicKey: site.pubKey, - allowedIps: await getAllowedIps(site.siteId) - }); - } else if (site.type == "newt") { - // get the newt on the site by querying the newt table for siteId - const [newt] = await db - .select() - .from(newts) - .where(eq(newts.siteId, site.siteId)) - .limit(1); - - removeTargets(newt.newtId, [deletedTarget], resource.protocol, resource.proxyPort); - } - } + // const [site] = await db + // .select() + // .from(sites) + // .where(eq(sites.siteId, resource.siteId!)) + // .limit(1); + // + // if (!site) { + // return next( + // createHttpError( + // HttpCode.NOT_FOUND, + // `Site with ID ${resource.siteId} not found` + // ) + // ); + // } + // + // if (site.pubKey) { + // if (site.type == "wireguard") { + // await addPeer(site.exitNodeId!, { + // publicKey: site.pubKey, + // allowedIps: await getAllowedIps(site.siteId) + // }); + // } else if (site.type == "newt") { + // // get the newt on the site by querying the newt table for siteId + // const [newt] = await db + // .select() + // .from(newts) + // .where(eq(newts.siteId, site.siteId)) + // .limit(1); + // + // removeTargets(newt.newtId, [deletedTarget], resource.protocol, resource.proxyPort); + // } + // } return response(res, { data: null, diff --git a/server/routers/target/getTarget.ts b/server/routers/target/getTarget.ts index 071ec8a6..b0691087 100644 --- a/server/routers/target/getTarget.ts +++ b/server/routers/target/getTarget.ts @@ -1,6 +1,6 @@ import { Request, Response, NextFunction } from "express"; import { z } from "zod"; -import { db } from "@server/db"; +import { db, Target } from "@server/db"; import { targets } from "@server/db"; import { eq } from "drizzle-orm"; import response from "@server/lib/response"; @@ -16,6 +16,8 @@ const getTargetSchema = z }) .strict(); +type GetTargetResponse = Target; + registry.registerPath({ method: "get", path: "/target/{targetId}", @@ -60,7 +62,7 @@ export async function getTarget( ); } - return response(res, { + return response(res, { data: target[0], success: true, error: false, diff --git a/server/routers/target/helpers.ts b/server/routers/target/helpers.ts index e5aa2ba9..4935d28a 100644 --- a/server/routers/target/helpers.ts +++ b/server/routers/target/helpers.ts @@ -8,29 +8,21 @@ export async function pickPort(siteId: number): Promise<{ internalPort: number; targetIps: string[]; }> { - const resourcesRes = await db - .select() - .from(resources) - .where(eq(resources.siteId, siteId)); - - // TODO: is this all inefficient? // Fetch targets for all resources of this site const targetIps: string[] = []; const targetInternalPorts: number[] = []; - await Promise.all( - resourcesRes.map(async (resource) => { - const targetsRes = await db - .select() - .from(targets) - .where(eq(targets.resourceId, resource.resourceId)); - targetsRes.forEach((target) => { - targetIps.push(`${target.ip}/32`); - if (target.internalPort) { - targetInternalPorts.push(target.internalPort); - } - }); - }) - ); + + const targetsRes = await db + .select() + .from(targets) + .where(eq(targets.siteId, siteId)); + + targetsRes.forEach((target) => { + targetIps.push(`${target.ip}/32`); + if (target.internalPort) { + targetInternalPorts.push(target.internalPort); + } + }); let internalPort!: number; // pick a port random port from 40000 to 65535 that is not in use @@ -43,28 +35,20 @@ export async function pickPort(siteId: number): Promise<{ break; } } + currentBannedPorts.push(internalPort); return { internalPort, targetIps }; } export async function getAllowedIps(siteId: number) { - // TODO: is this all inefficient? - - const resourcesRes = await db - .select() - .from(resources) - .where(eq(resources.siteId, siteId)); - // Fetch targets for all resources of this site - const targetIps = await Promise.all( - resourcesRes.map(async (resource) => { - const targetsRes = await db - .select() - .from(targets) - .where(eq(targets.resourceId, resource.resourceId)); - return targetsRes.map((target) => `${target.ip}/32`); - }) - ); + const targetsRes = await db + .select() + .from(targets) + .where(eq(targets.siteId, siteId)); + + const targetIps = targetsRes.map((target) => `${target.ip}/32`); + return targetIps.flat(); } diff --git a/server/routers/target/index.ts b/server/routers/target/index.ts index b128edcd..dc1323f7 100644 --- a/server/routers/target/index.ts +++ b/server/routers/target/index.ts @@ -2,4 +2,4 @@ export * from "./getTarget"; export * from "./createTarget"; export * from "./deleteTarget"; export * from "./updateTarget"; -export * from "./listTargets"; \ No newline at end of file +export * from "./listTargets"; diff --git a/server/routers/target/listTargets.ts b/server/routers/target/listTargets.ts index 44f27d48..eab8f1c8 100644 --- a/server/routers/target/listTargets.ts +++ b/server/routers/target/listTargets.ts @@ -1,4 +1,4 @@ -import { db } from "@server/db"; +import { db, sites } from "@server/db"; import { targets } from "@server/db"; import HttpCode from "@server/types/HttpCode"; import response from "@server/lib/response"; @@ -42,11 +42,12 @@ function queryTargets(resourceId: number) { method: targets.method, port: targets.port, enabled: targets.enabled, - resourceId: targets.resourceId - // resourceName: resources.name, + resourceId: targets.resourceId, + siteId: targets.siteId, + siteType: sites.type }) .from(targets) - // .leftJoin(resources, eq(targets.resourceId, resources.resourceId)) + .leftJoin(sites, eq(sites.siteId, targets.siteId)) .where(eq(targets.resourceId, resourceId)); return baseQuery; diff --git a/server/routers/target/updateTarget.ts b/server/routers/target/updateTarget.ts index 0b7c4692..67d9a8df 100644 --- a/server/routers/target/updateTarget.ts +++ b/server/routers/target/updateTarget.ts @@ -22,6 +22,7 @@ const updateTargetParamsSchema = z const updateTargetBodySchema = z .object({ + siteId: z.number().int().positive(), ip: z.string().refine(isTargetValid), method: z.string().min(1).max(10).optional().nullable(), port: z.number().int().min(1).max(65535).optional(), @@ -77,6 +78,7 @@ export async function updateTarget( } const { targetId } = parsedParams.data; + const { siteId } = parsedBody.data; const [target] = await db .select() @@ -111,14 +113,42 @@ export async function updateTarget( const [site] = await db .select() .from(sites) - .where(eq(sites.siteId, resource.siteId!)) + .where(eq(sites.siteId, siteId)) .limit(1); if (!site) { return next( createHttpError( HttpCode.NOT_FOUND, - `Site with ID ${resource.siteId} not found` + `Site with ID ${siteId} not found` + ) + ); + } + + const targetData = { + ...target, + ...parsedBody.data + }; + + const existingTargets = await db + .select() + .from(targets) + .where(eq(targets.resourceId, target.resourceId)); + + const foundTarget = existingTargets.find( + (target) => + target.targetId !== targetId && // Exclude the current target being updated + target.ip === targetData.ip && + target.port === targetData.port && + target.method === targetData.method && + target.siteId === targetData.siteId + ); + + if (foundTarget) { + return next( + createHttpError( + HttpCode.BAD_REQUEST, + `Target with IP ${targetData.ip}, port ${targetData.port}, and method ${targetData.method} already exists on the same site.` ) ); } @@ -157,7 +187,12 @@ export async function updateTarget( .where(eq(newts.siteId, site.siteId)) .limit(1); - addTargets(newt.newtId, [updatedTarget], resource.protocol, resource.proxyPort); + await addTargets( + newt.newtId, + [updatedTarget], + resource.protocol, + resource.proxyPort + ); } } return response(res, { diff --git a/server/routers/traefik/getTraefikConfig.ts b/server/routers/traefik/getTraefikConfig.ts index 882a296a..f9a67432 100644 --- a/server/routers/traefik/getTraefikConfig.ts +++ b/server/routers/traefik/getTraefikConfig.ts @@ -1,231 +1,282 @@ import { Request, Response } from "express"; import { db, exitNodes } from "@server/db"; -import { and, eq, inArray, or, isNull } from "drizzle-orm"; +import { and, eq, inArray, or, isNull, ne } from "drizzle-orm"; import logger from "@server/logger"; import HttpCode from "@server/types/HttpCode"; import config from "@server/lib/config"; import { orgs, resources, sites, Target, targets } from "@server/db"; +import { build } from "@server/build"; let currentExitNodeId: number; +const redirectHttpsMiddlewareName = "redirect-to-https"; +const badgerMiddlewareName = "badger"; + +export async function getCurrentExitNodeId(): Promise { + if (!currentExitNodeId) { + if (config.getRawConfig().gerbil.exit_node_name) { + const exitNodeName = config.getRawConfig().gerbil.exit_node_name!; + const [exitNode] = await db + .select({ + exitNodeId: exitNodes.exitNodeId + }) + .from(exitNodes) + .where(eq(exitNodes.name, exitNodeName)); + if (exitNode) { + currentExitNodeId = exitNode.exitNodeId; + } + } else { + const [exitNode] = await db + .select({ + exitNodeId: exitNodes.exitNodeId + }) + .from(exitNodes) + .limit(1); + + if (exitNode) { + currentExitNodeId = exitNode.exitNodeId; + } + } + } + return currentExitNodeId; +} export async function traefikConfigProvider( _: Request, res: Response ): Promise { try { - // Get all resources with related data - const allResources = await db.transaction(async (tx) => { - // First query to get resources with site and org info - // Get the current exit node name from config - if (!currentExitNodeId) { - if (config.getRawConfig().gerbil.exit_node_name) { - const exitNodeName = - config.getRawConfig().gerbil.exit_node_name!; - const [exitNode] = await tx - .select({ - exitNodeId: exitNodes.exitNodeId - }) - .from(exitNodes) - .where(eq(exitNodes.name, exitNodeName)); - if (exitNode) { - currentExitNodeId = exitNode.exitNodeId; - } - } else { - const [exitNode] = await tx - .select({ - exitNodeId: exitNodes.exitNodeId - }) - .from(exitNodes) - .limit(1); + // First query to get resources with site and org info + // Get the current exit node name from config + await getCurrentExitNodeId(); - if (exitNode) { - currentExitNodeId = exitNode.exitNodeId; + const traefikConfig = await getTraefikConfig( + currentExitNodeId, + config.getRawConfig().traefik.site_types + ); + + if (traefikConfig?.http?.middlewares) { // BECAUSE SOMETIMES THE CONFIG CAN BE EMPTY IF THERE IS NOTHING + traefikConfig.http.middlewares[badgerMiddlewareName] = { + plugin: { + [badgerMiddlewareName]: { + apiBaseUrl: new URL( + "/api/v1", + `http://${ + config.getRawConfig().server.internal_hostname + }:${config.getRawConfig().server.internal_port}` + ).href, + userSessionCookieName: + config.getRawConfig().server.session_cookie_name, + + // deprecated + accessTokenQueryParam: + config.getRawConfig().server + .resource_access_token_param, + + resourceSessionRequestParam: + config.getRawConfig().server + .resource_session_request_param } } - } - - // Get the site(s) on this exit node - const resourcesWithRelations = await tx - .select({ - // Resource fields - resourceId: resources.resourceId, - fullDomain: resources.fullDomain, - ssl: resources.ssl, - http: resources.http, - proxyPort: resources.proxyPort, - protocol: resources.protocol, - subdomain: resources.subdomain, - domainId: resources.domainId, - // Site fields - site: { - siteId: sites.siteId, - type: sites.type, - subnet: sites.subnet, - exitNodeId: sites.exitNodeId - }, - enabled: resources.enabled, - stickySession: resources.stickySession, - tlsServerName: resources.tlsServerName, - setHostHeader: resources.setHostHeader, - enableProxy: resources.enableProxy - }) - .from(resources) - .innerJoin(sites, eq(sites.siteId, resources.siteId)) - .where( - or( - eq(sites.exitNodeId, currentExitNodeId), - isNull(sites.exitNodeId) - ) - ); - - // Get all resource IDs from the first query - const resourceIds = resourcesWithRelations.map((r) => r.resourceId); - - // Second query to get all enabled targets for these resources - const allTargets = - resourceIds.length > 0 - ? await tx - .select({ - resourceId: targets.resourceId, - targetId: targets.targetId, - ip: targets.ip, - method: targets.method, - port: targets.port, - internalPort: targets.internalPort, - enabled: targets.enabled - }) - .from(targets) - .where( - and( - inArray(targets.resourceId, resourceIds), - eq(targets.enabled, true) - ) - ) - : []; - - // Create a map for fast target lookup by resourceId - const targetsMap = allTargets.reduce((map, target) => { - if (!map.has(target.resourceId)) { - map.set(target.resourceId, []); - } - map.get(target.resourceId).push(target); - return map; - }, new Map()); - - // Combine the data - return resourcesWithRelations.map((resource) => ({ - ...resource, - targets: targetsMap.get(resource.resourceId) || [] - })); - }); - - if (!allResources.length) { - return res.status(HttpCode.OK).json({}); + }; } - const badgerMiddlewareName = "badger"; - const redirectHttpsMiddlewareName = "redirect-to-https"; + return res.status(HttpCode.OK).json(traefikConfig); + } catch (e) { + logger.error(`Failed to build Traefik config: ${e}`); + return res.status(HttpCode.INTERNAL_SERVER_ERROR).json({ + error: "Failed to build Traefik config" + }); + } +} - const config_output: any = { - http: { - middlewares: { - [badgerMiddlewareName]: { - plugin: { - [badgerMiddlewareName]: { - apiBaseUrl: new URL( - "/api/v1", - `http://${ - config.getRawConfig().server - .internal_hostname - }:${ - config.getRawConfig().server - .internal_port - }` - ).href, - userSessionCookieName: - config.getRawConfig().server - .session_cookie_name, +export async function getTraefikConfig( + exitNodeId: number, + siteTypes: string[] +): Promise { + // Define extended target type with site information + type TargetWithSite = Target & { + site: { + siteId: number; + type: string; + subnet: string | null; + exitNodeId: number | null; + online: boolean; + }; + }; - // deprecated - accessTokenQueryParam: - config.getRawConfig().server - .resource_access_token_param, + // Get all resources with related data + const allResources = await db.transaction(async (tx) => { + // Get resources with their targets and sites in a single optimized query + // Start from sites on this exit node, then join to targets and resources + const resourcesWithTargetsAndSites = await tx + .select({ + // Resource fields + resourceId: resources.resourceId, + fullDomain: resources.fullDomain, + ssl: resources.ssl, + http: resources.http, + proxyPort: resources.proxyPort, + protocol: resources.protocol, + subdomain: resources.subdomain, + domainId: resources.domainId, + enabled: resources.enabled, + stickySession: resources.stickySession, + tlsServerName: resources.tlsServerName, + setHostHeader: resources.setHostHeader, + enableProxy: resources.enableProxy, + // Target fields + targetId: targets.targetId, + targetEnabled: targets.enabled, + ip: targets.ip, + method: targets.method, + port: targets.port, + internalPort: targets.internalPort, + // Site fields + siteId: sites.siteId, + siteType: sites.type, + siteOnline: sites.online, + subnet: sites.subnet, + exitNodeId: sites.exitNodeId + }) + .from(sites) + .innerJoin(targets, eq(targets.siteId, sites.siteId)) + .innerJoin(resources, eq(resources.resourceId, targets.resourceId)) + .where( + and( + eq(targets.enabled, true), + eq(resources.enabled, true), + or( + eq(sites.exitNodeId, exitNodeId), + isNull(sites.exitNodeId) + ), + inArray(sites.type, siteTypes) + ) + ); - resourceSessionRequestParam: - config.getRawConfig().server - .resource_session_request_param - } - } - }, - [redirectHttpsMiddlewareName]: { - redirectScheme: { - scheme: "https" - } + // Group by resource and include targets with their unique site data + const resourcesMap = new Map(); + + resourcesWithTargetsAndSites.forEach((row) => { + const resourceId = row.resourceId; + + if (!resourcesMap.has(resourceId)) { + resourcesMap.set(resourceId, { + resourceId: row.resourceId, + fullDomain: row.fullDomain, + ssl: row.ssl, + http: row.http, + proxyPort: row.proxyPort, + protocol: row.protocol, + subdomain: row.subdomain, + domainId: row.domainId, + enabled: row.enabled, + stickySession: row.stickySession, + tlsServerName: row.tlsServerName, + setHostHeader: row.setHostHeader, + enableProxy: row.enableProxy, + targets: [] + }); + } + + // Add target with its associated site data + resourcesMap.get(resourceId).targets.push({ + resourceId: row.resourceId, + targetId: row.targetId, + ip: row.ip, + method: row.method, + port: row.port, + internalPort: row.internalPort, + enabled: row.targetEnabled, + site: { + siteId: row.siteId, + type: row.siteType, + subnet: row.subnet, + exitNodeId: row.exitNodeId, + online: row.siteOnline + } + }); + }); + + return Array.from(resourcesMap.values()); + }); + + if (!allResources.length) { + return {}; + } + + const config_output: any = { + http: { + middlewares: { + [redirectHttpsMiddlewareName]: { + redirectScheme: { + scheme: "https" } } } - }; + } + }; - for (const resource of allResources) { - const targets = resource.targets as Target[]; - const site = resource.site; + for (const resource of allResources) { + const targets = resource.targets; - const routerName = `${resource.resourceId}-router`; - const serviceName = `${resource.resourceId}-service`; - const fullDomain = `${resource.fullDomain}`; - const transportName = `${resource.resourceId}-transport`; - const hostHeaderMiddlewareName = `${resource.resourceId}-host-header-middleware`; + const routerName = `${resource.resourceId}-router`; + const serviceName = `${resource.resourceId}-service`; + const fullDomain = `${resource.fullDomain}`; + const transportName = `${resource.resourceId}-transport`; + const hostHeaderMiddlewareName = `${resource.resourceId}-host-header-middleware`; - if (!resource.enabled) { + if (!resource.enabled) { + continue; + } + + if (resource.http) { + if (!resource.domainId) { continue; } - if (resource.http) { - if (!resource.domainId) { - continue; - } + if (!resource.fullDomain) { + logger.error( + `Resource ${resource.resourceId} has no fullDomain` + ); + continue; + } - if (!resource.fullDomain) { - logger.error( - `Resource ${resource.resourceId} has no fullDomain` - ); - continue; - } + // add routers and services empty objects if they don't exist + if (!config_output.http.routers) { + config_output.http.routers = {}; + } - // add routers and services empty objects if they don't exist - if (!config_output.http.routers) { - config_output.http.routers = {}; - } + if (!config_output.http.services) { + config_output.http.services = {}; + } - if (!config_output.http.services) { - config_output.http.services = {}; - } + const domainParts = fullDomain.split("."); + let wildCard; + if (domainParts.length <= 2) { + wildCard = `*.${domainParts.join(".")}`; + } else { + wildCard = `*.${domainParts.slice(1).join(".")}`; + } - const domainParts = fullDomain.split("."); - let wildCard; - if (domainParts.length <= 2) { - wildCard = `*.${domainParts.join(".")}`; - } else { - wildCard = `*.${domainParts.slice(1).join(".")}`; - } + if (!resource.subdomain) { + wildCard = resource.fullDomain; + } - if (!resource.subdomain) { - wildCard = resource.fullDomain; - } + const configDomain = config.getDomain(resource.domainId); - const configDomain = config.getDomain(resource.domainId); + let certResolver: string, preferWildcardCert: boolean; + if (!configDomain) { + certResolver = config.getRawConfig().traefik.cert_resolver; + preferWildcardCert = + config.getRawConfig().traefik.prefer_wildcard_cert; + } else { + certResolver = configDomain.cert_resolver; + preferWildcardCert = configDomain.prefer_wildcard_cert; + } - let certResolver: string, preferWildcardCert: boolean; - if (!configDomain) { - certResolver = config.getRawConfig().traefik.cert_resolver; - preferWildcardCert = - config.getRawConfig().traefik.prefer_wildcard_cert; - } else { - certResolver = configDomain.cert_resolver; - preferWildcardCert = configDomain.prefer_wildcard_cert; - } - - const tls = { + let tls = {}; + if (build == "oss") { + tls = { certResolver: certResolver, ...(preferWildcardCert ? { @@ -237,48 +288,63 @@ export async function traefikConfigProvider( } : {}) }; + } - const additionalMiddlewares = - config.getRawConfig().traefik.additional_middlewares || []; + const additionalMiddlewares = + config.getRawConfig().traefik.additional_middlewares || []; - config_output.http.routers![routerName] = { + config_output.http.routers![routerName] = { + entryPoints: [ + resource.ssl + ? config.getRawConfig().traefik.https_entrypoint + : config.getRawConfig().traefik.http_entrypoint + ], + middlewares: [badgerMiddlewareName, ...additionalMiddlewares], + service: serviceName, + rule: `Host(\`${fullDomain}\`)`, + priority: 100, + ...(resource.ssl ? { tls } : {}) + }; + + if (resource.ssl) { + config_output.http.routers![routerName + "-redirect"] = { entryPoints: [ - resource.ssl - ? config.getRawConfig().traefik.https_entrypoint - : config.getRawConfig().traefik.http_entrypoint - ], - middlewares: [ - badgerMiddlewareName, - ...additionalMiddlewares + config.getRawConfig().traefik.http_entrypoint ], + middlewares: [redirectHttpsMiddlewareName], service: serviceName, rule: `Host(\`${fullDomain}\`)`, - priority: 100, - ...(resource.ssl ? { tls } : {}) + priority: 100 }; + } - if (resource.ssl) { - config_output.http.routers![routerName + "-redirect"] = { - entryPoints: [ - config.getRawConfig().traefik.http_entrypoint - ], - middlewares: [redirectHttpsMiddlewareName], - service: serviceName, - rule: `Host(\`${fullDomain}\`)`, - priority: 100 - }; - } + config_output.http.services![serviceName] = { + loadBalancer: { + servers: (() => { + // Check if any sites are online + // THIS IS SO THAT THERE IS SOME IMMEDIATE FEEDBACK + // EVEN IF THE SITES HAVE NOT UPDATED YET FROM THE + // RECEIVE BANDWIDTH ENDPOINT. - config_output.http.services![serviceName] = { - loadBalancer: { - servers: targets - .filter((target: Target) => { + // TODO: HOW TO HANDLE ^^^^^^ BETTER + const anySitesOnline = ( + targets as TargetWithSite[] + ).some((target: TargetWithSite) => target.site.online); + + return (targets as TargetWithSite[]) + .filter((target: TargetWithSite) => { if (!target.enabled) { return false; } + + // If any sites are online, exclude offline sites + if (anySitesOnline && !target.site.online) { + return false; + } + if ( - site.type === "local" || - site.type === "wireguard" + target.site.type === "local" || + target.site.type === "wireguard" ) { if ( !target.ip || @@ -287,164 +353,176 @@ export async function traefikConfigProvider( ) { return false; } - } else if (site.type === "newt") { + } else if (target.site.type === "newt") { if ( !target.internalPort || !target.method || - !site.subnet + !target.site.subnet ) { return false; } } return true; }) - .map((target: Target) => { + .map((target: TargetWithSite) => { if ( - site.type === "local" || - site.type === "wireguard" + target.site.type === "local" || + target.site.type === "wireguard" ) { return { url: `${target.method}://${target.ip}:${target.port}` }; - } else if (site.type === "newt") { - const ip = site.subnet!.split("/")[0]; + } else if (target.site.type === "newt") { + const ip = + target.site.subnet!.split("/")[0]; return { url: `${target.method}://${ip}:${target.internalPort}` }; } - }), - ...(resource.stickySession - ? { - sticky: { - cookie: { - name: "p_sticky", // TODO: make this configurable via config.yml like other cookies - secure: resource.ssl, - httpOnly: true - } + }); + })(), + ...(resource.stickySession + ? { + sticky: { + cookie: { + name: "p_sticky", // TODO: make this configurable via config.yml like other cookies + secure: resource.ssl, + httpOnly: true } } - : {}) - } - }; - - // Add the serversTransport if TLS server name is provided - if (resource.tlsServerName) { - if (!config_output.http.serversTransports) { - config_output.http.serversTransports = {}; - } - config_output.http.serversTransports![transportName] = { - serverName: resource.tlsServerName, - //unfortunately the following needs to be set. traefik doesn't merge the default serverTransport settings - // if defined in the static config and here. if not set, self-signed certs won't work - insecureSkipVerify: true - }; - config_output.http.services![ - serviceName - ].loadBalancer.serversTransport = transportName; + } + : {}) } + }; - // Add the host header middleware - if (resource.setHostHeader) { - if (!config_output.http.middlewares) { - config_output.http.middlewares = {}; - } - config_output.http.middlewares[hostHeaderMiddlewareName] = { - headers: { - customRequestHeaders: { - Host: resource.setHostHeader - } + // Add the serversTransport if TLS server name is provided + if (resource.tlsServerName) { + if (!config_output.http.serversTransports) { + config_output.http.serversTransports = {}; + } + config_output.http.serversTransports![transportName] = { + serverName: resource.tlsServerName, + //unfortunately the following needs to be set. traefik doesn't merge the default serverTransport settings + // if defined in the static config and here. if not set, self-signed certs won't work + insecureSkipVerify: true + }; + config_output.http.services![ + serviceName + ].loadBalancer.serversTransport = transportName; + } + + // Add the host header middleware + if (resource.setHostHeader) { + if (!config_output.http.middlewares) { + config_output.http.middlewares = {}; + } + config_output.http.middlewares[hostHeaderMiddlewareName] = { + headers: { + customRequestHeaders: { + Host: resource.setHostHeader } - }; - if (!config_output.http.routers![routerName].middlewares) { - config_output.http.routers![routerName].middlewares = - []; } - config_output.http.routers![routerName].middlewares = [ - ...config_output.http.routers![routerName].middlewares, - hostHeaderMiddlewareName - ]; - } - } else { - // Non-HTTP (TCP/UDP) configuration - if (!resource.enableProxy) { - continue; - } - - const protocol = resource.protocol.toLowerCase(); - const port = resource.proxyPort; - - if (!port) { - continue; - } - - if (!config_output[protocol]) { - config_output[protocol] = { - routers: {}, - services: {} - }; - } - - config_output[protocol].routers[routerName] = { - entryPoints: [`${protocol}-${port}`], - service: serviceName, - ...(protocol === "tcp" ? { rule: "HostSNI(`*`)" } : {}) }; + if (!config_output.http.routers![routerName].middlewares) { + config_output.http.routers![routerName].middlewares = []; + } + config_output.http.routers![routerName].middlewares = [ + ...config_output.http.routers![routerName].middlewares, + hostHeaderMiddlewareName + ]; + } + } else { + // Non-HTTP (TCP/UDP) configuration + if (!resource.enableProxy) { + continue; + } - config_output[protocol].services[serviceName] = { - loadBalancer: { - servers: targets - .filter((target: Target) => { + const protocol = resource.protocol.toLowerCase(); + const port = resource.proxyPort; + + if (!port) { + continue; + } + + if (!config_output[protocol]) { + config_output[protocol] = { + routers: {}, + services: {} + }; + } + + config_output[protocol].routers[routerName] = { + entryPoints: [`${protocol}-${port}`], + service: serviceName, + ...(protocol === "tcp" ? { rule: "HostSNI(`*`)" } : {}) + }; + + config_output[protocol].services[serviceName] = { + loadBalancer: { + servers: (() => { + // Check if any sites are online + const anySitesOnline = ( + targets as TargetWithSite[] + ).some((target: TargetWithSite) => target.site.online); + + return (targets as TargetWithSite[]) + .filter((target: TargetWithSite) => { if (!target.enabled) { return false; } + + // If any sites are online, exclude offline sites + if (anySitesOnline && !target.site.online) { + return false; + } + if ( - site.type === "local" || - site.type === "wireguard" + target.site.type === "local" || + target.site.type === "wireguard" ) { if (!target.ip || !target.port) { return false; } - } else if (site.type === "newt") { - if (!target.internalPort || !site.subnet) { + } else if (target.site.type === "newt") { + if ( + !target.internalPort || + !target.site.subnet + ) { return false; } } return true; }) - .map((target: Target) => { + .map((target: TargetWithSite) => { if ( - site.type === "local" || - site.type === "wireguard" + target.site.type === "local" || + target.site.type === "wireguard" ) { return { address: `${target.ip}:${target.port}` }; - } else if (site.type === "newt") { - const ip = site.subnet!.split("/")[0]; + } else if (target.site.type === "newt") { + const ip = + target.site.subnet!.split("/")[0]; return { address: `${ip}:${target.internalPort}` }; } - }), - ...(resource.stickySession - ? { - sticky: { - ipStrategy: { - depth: 0, - sourcePort: true - } + }); + })(), + ...(resource.stickySession + ? { + sticky: { + ipStrategy: { + depth: 0, + sourcePort: true } } - : {}) - } - }; - } + } + : {}) + } + }; } - return res.status(HttpCode.OK).json(config_output); - } catch (e) { - logger.error(`Failed to build Traefik config: ${e}`); - return res.status(HttpCode.INTERNAL_SERVER_ERROR).json({ - error: "Failed to build Traefik config" - }); } + return config_output; } diff --git a/server/routers/user/addUserSite.ts b/server/routers/user/addUserSite.ts index c55d5463..f094e20e 100644 --- a/server/routers/user/addUserSite.ts +++ b/server/routers/user/addUserSite.ts @@ -43,17 +43,17 @@ export async function addUserSite( }) .returning(); - const siteResources = await trx - .select() - .from(resources) - .where(eq(resources.siteId, siteId)); - - for (const resource of siteResources) { - await trx.insert(userResources).values({ - userId, - resourceId: resource.resourceId - }); - } + // const siteResources = await trx + // .select() + // .from(resources) + // .where(eq(resources.siteId, siteId)); + // + // for (const resource of siteResources) { + // await trx.insert(userResources).values({ + // userId, + // resourceId: resource.resourceId + // }); + // } return response(res, { data: newUserSite[0], diff --git a/server/routers/user/inviteUser.ts b/server/routers/user/inviteUser.ts index 837ef179..174600fc 100644 --- a/server/routers/user/inviteUser.ts +++ b/server/routers/user/inviteUser.ts @@ -189,7 +189,7 @@ export async function inviteUser( ) ); - const inviteLink = `${config.getRawConfig().app.dashboard_url}/invite?token=${inviteId}-${token}`; + const inviteLink = `${config.getRawConfig().app.dashboard_url}/invite?token=${inviteId}-${token}&email=${encodeURIComponent(email)}`; if (doEmail) { await sendEmail( @@ -241,7 +241,7 @@ export async function inviteUser( }); }); - const inviteLink = `${config.getRawConfig().app.dashboard_url}/invite?token=${inviteId}-${token}`; + const inviteLink = `${config.getRawConfig().app.dashboard_url}/invite?token=${inviteId}-${token}&email=${encodeURIComponent(email)}`; if (doEmail) { await sendEmail( diff --git a/server/routers/user/removeUserSite.ts b/server/routers/user/removeUserSite.ts index 200999fd..7dbb4a15 100644 --- a/server/routers/user/removeUserSite.ts +++ b/server/routers/user/removeUserSite.ts @@ -71,22 +71,22 @@ export async function removeUserSite( ); } - const siteResources = await trx - .select() - .from(resources) - .where(eq(resources.siteId, siteId)); - - for (const resource of siteResources) { - await trx - .delete(userResources) - .where( - and( - eq(userResources.userId, userId), - eq(userResources.resourceId, resource.resourceId) - ) - ) - .returning(); - } + // const siteResources = await trx + // .select() + // .from(resources) + // .where(eq(resources.siteId, siteId)); + // + // for (const resource of siteResources) { + // await trx + // .delete(userResources) + // .where( + // and( + // eq(userResources.userId, userId), + // eq(userResources.resourceId, resource.resourceId) + // ) + // ) + // .returning(); + // } }); return response(res, { diff --git a/server/routers/ws/client.ts b/server/routers/ws/client.ts new file mode 100644 index 00000000..13b5d0da --- /dev/null +++ b/server/routers/ws/client.ts @@ -0,0 +1,315 @@ +import WebSocket from 'ws'; +import axios from 'axios'; +import { URL } from 'url'; +import { EventEmitter } from 'events'; +import logger from '@server/logger'; + +export interface Config { + id: string; + secret: string; + endpoint: string; +} + +export interface WSMessage { + type: string; + data: any; +} + +export type MessageHandler = (message: WSMessage) => void; + +export interface ClientOptions { + baseURL?: string; + reconnectInterval?: number; + pingInterval?: number; + pingTimeout?: number; +} + +export class WebSocketClient extends EventEmitter { + private conn: WebSocket | null = null; + private baseURL: string; + private handlers: Map = new Map(); + private reconnectInterval: number; + private isConnected: boolean = false; + private pingInterval: number; + private pingTimeout: number; + private shouldReconnect: boolean = true; + private reconnectTimer: NodeJS.Timeout | null = null; + private pingTimer: NodeJS.Timeout | null = null; + private pingTimeoutTimer: NodeJS.Timeout | null = null; + private token: string; + private isConnecting: boolean = false; + + constructor( + token: string, + endpoint: string, + options: ClientOptions = {} + ) { + super(); + + this.token = token; + this.baseURL = options.baseURL || endpoint; + this.reconnectInterval = options.reconnectInterval || 5000; + this.pingInterval = options.pingInterval || 30000; + this.pingTimeout = options.pingTimeout || 10000; + } + + public async connect(): Promise { + this.shouldReconnect = true; + if (!this.isConnecting) { + await this.connectWithRetry(); + } + } + + public async close(): Promise { + this.shouldReconnect = false; + + // Clear timers + if (this.reconnectTimer) { + clearTimeout(this.reconnectTimer); + this.reconnectTimer = null; + } + if (this.pingTimer) { + clearInterval(this.pingTimer); + this.pingTimer = null; + } + if (this.pingTimeoutTimer) { + clearTimeout(this.pingTimeoutTimer); + this.pingTimeoutTimer = null; + } + + if (this.conn) { + this.conn.close(1000, 'Client closing'); + this.conn = null; + } + + this.setConnected(false); + } + + public sendMessage(messageType: string, data: any): Promise { + return new Promise((resolve, reject) => { + if (!this.conn || this.conn.readyState !== WebSocket.OPEN) { + reject(new Error('Not connected')); + return; + } + + const message: WSMessage = { + type: messageType, + data: data + }; + + logger.debug(`Sending message: ${messageType}`, data); + + this.conn.send(JSON.stringify(message), (error) => { + if (error) { + reject(error); + } else { + resolve(); + } + }); + }); + } + + public sendMessageInterval( + messageType: string, + data: any, + interval: number + ): () => void { + // Send immediately + this.sendMessage(messageType, data).catch(err => { + logger.error('Failed to send initial message:', err); + }); + + // Set up interval + const intervalId = setInterval(() => { + this.sendMessage(messageType, data).catch(err => { + logger.error('Failed to send message:', err); + }); + }, interval); + + // Return stop function + return () => { + clearInterval(intervalId); + }; + } + + public registerHandler(messageType: string, handler: MessageHandler): void { + this.handlers.set(messageType, handler); + } + + public unregisterHandler(messageType: string): void { + this.handlers.delete(messageType); + } + + public isClientConnected(): boolean { + return this.isConnected; + } + + private async connectWithRetry(): Promise { + if (this.isConnecting || this.isConnected) return; + + this.isConnecting = true; + + while (this.shouldReconnect && !this.isConnected && this.isConnecting) { + try { + await this.establishConnection(); + this.isConnecting = false; + return; + } catch (error) { + logger.error(`Failed to connect: ${error}. Retrying in ${this.reconnectInterval}ms...`); + + if (!this.shouldReconnect || !this.isConnecting) { + this.isConnecting = false; + return; + } + + await new Promise(resolve => { + this.reconnectTimer = setTimeout(resolve, this.reconnectInterval); + }); + } + } + + this.isConnecting = false; + } + + private async establishConnection(): Promise { + // Clean up any existing connection before establishing a new one + if (this.conn) { + this.conn.removeAllListeners(); + this.conn.close(); + this.conn = null; + } + + // Parse the base URL to determine protocol and hostname + const baseURL = new URL(this.baseURL); + const wsProtocol = baseURL.protocol === 'https:' ? 'wss' : 'ws'; + const wsURL = new URL(`${wsProtocol}://${baseURL.host}/api/v1/ws`); + + // Add token and client type to query parameters + wsURL.searchParams.set('token', this.token); + wsURL.searchParams.set('clientType', "remoteExitNode"); + + return new Promise((resolve, reject) => { + const conn = new WebSocket(wsURL.toString()); + + conn.on('open', () => { + logger.debug('WebSocket connection established'); + this.conn = conn; + this.setConnected(true); + this.isConnecting = false; + this.startPingMonitor(); + this.emit('connect'); + resolve(); + }); + + conn.on('message', (data: WebSocket.Data) => { + try { + const message: WSMessage = JSON.parse(data.toString()); + const handler = this.handlers.get(message.type); + if (handler) { + handler(message); + } + this.emit('message', message); + } catch (error) { + logger.error('Failed to parse message:', error); + } + }); + + conn.on('close', (code, reason) => { + logger.debug(`WebSocket connection closed: ${code} ${reason}`); + this.handleDisconnect(); + }); + + conn.on('error', (error) => { + logger.error('WebSocket error:', error); + if (this.conn === null) { + // Connection failed during establishment + reject(error); + } + // Don't call handleDisconnect here as the 'close' event will handle it + }); + + conn.on('pong', () => { + if (this.pingTimeoutTimer) { + clearTimeout(this.pingTimeoutTimer); + this.pingTimeoutTimer = null; + } + }); + }); + } + + private startPingMonitor(): void { + // Clear any existing ping timer to prevent duplicates + if (this.pingTimer) { + clearInterval(this.pingTimer); + this.pingTimer = null; + } + + this.pingTimer = setInterval(() => { + if (this.conn && this.conn.readyState === WebSocket.OPEN) { + this.conn.ping(); + + // Set timeout for pong response + this.pingTimeoutTimer = setTimeout(() => { + logger.error('Ping timeout - no pong received'); + this.handleDisconnect(); + }, this.pingTimeout); + } + }, this.pingInterval); + } + + private handleDisconnect(): void { + // Prevent multiple disconnect handlers from running simultaneously + if (!this.isConnected && !this.isConnecting) { + return; + } + + this.setConnected(false); + this.isConnecting = false; + + // Clear ping timers + if (this.pingTimer) { + clearInterval(this.pingTimer); + this.pingTimer = null; + } + if (this.pingTimeoutTimer) { + clearTimeout(this.pingTimeoutTimer); + this.pingTimeoutTimer = null; + } + + // Clear any existing reconnect timer to prevent multiple reconnection attempts + if (this.reconnectTimer) { + clearTimeout(this.reconnectTimer); + this.reconnectTimer = null; + } + + if (this.conn) { + this.conn.removeAllListeners(); + this.conn = null; + } + + this.emit('disconnect'); + + // Reconnect if needed + if (this.shouldReconnect) { + // Add a small delay before starting reconnection to prevent immediate retry + this.reconnectTimer = setTimeout(() => { + this.connectWithRetry(); + }, 1000); + } + } + + private setConnected(status: boolean): void { + this.isConnected = status; + } +} + +// Factory function for easier instantiation +export function createWebSocketClient( + token: string, + endpoint: string, + options?: ClientOptions +): WebSocketClient { + return new WebSocketClient(token, endpoint, options); +} + +export default WebSocketClient; \ No newline at end of file diff --git a/server/routers/ws/messageHandlers.ts b/server/routers/ws/messageHandlers.ts index d85cc277..a30daf43 100644 --- a/server/routers/ws/messageHandlers.ts +++ b/server/routers/ws/messageHandlers.ts @@ -10,7 +10,7 @@ import { handleOlmRegisterMessage, handleOlmRelayMessage, handleOlmPingMessage, - startOfflineChecker + startOlmOfflineChecker } from "../olm"; import { MessageHandler } from "./ws"; @@ -23,7 +23,7 @@ export const messageHandlers: Record = { "olm/ping": handleOlmPingMessage, "newt/socket/status": handleDockerStatusMessage, "newt/socket/containers": handleDockerContainersMessage, - "newt/ping/request": handleNewtPingRequestMessage, + "newt/ping/request": handleNewtPingRequestMessage }; -startOfflineChecker(); // this is to handle the offline check for olms +startOlmOfflineChecker(); // this is to handle the offline check for olms diff --git a/server/setup/copyInConfig.ts b/server/setup/copyInConfig.ts index eccee475..b8c00192 100644 --- a/server/setup/copyInConfig.ts +++ b/server/setup/copyInConfig.ts @@ -8,7 +8,7 @@ export async function copyInConfig() { const endpoint = config.getRawConfig().gerbil.base_endpoint; const listenPort = config.getRawConfig().gerbil.start_port; - if (!config.getRawConfig().flags?.disable_config_managed_domains) { + if (!config.getRawConfig().flags?.disable_config_managed_domains && config.getRawConfig().domains) { await copyInDomains(); } diff --git a/server/setup/ensureSetupToken.ts b/server/setup/ensureSetupToken.ts new file mode 100644 index 00000000..078c99ee --- /dev/null +++ b/server/setup/ensureSetupToken.ts @@ -0,0 +1,79 @@ +import { db, setupTokens, users } from "@server/db"; +import { eq } from "drizzle-orm"; +import { generateRandomString, RandomReader } from "@oslojs/crypto/random"; +import moment from "moment"; +import logger from "@server/logger"; +import config from "@server/lib/config"; + +const random: RandomReader = { + read(bytes: Uint8Array): void { + crypto.getRandomValues(bytes); + } +}; + +function generateToken(): string { + // Generate a 32-character alphanumeric token + const alphabet = "abcdefghijklmnopqrstuvwxyz0123456789"; + return generateRandomString(random, alphabet, 32); +} + +function generateId(length: number): string { + const alphabet = "abcdefghijklmnopqrstuvwxyz0123456789"; + return generateRandomString(random, alphabet, length); +} + +export async function ensureSetupToken() { + if (config.isManagedMode()) { + // LETS NOT WORRY ABOUT THE SERVER SECRET WHEN HYBRID + return; + } + + try { + // Check if a server admin already exists + const [existingAdmin] = await db + .select() + .from(users) + .where(eq(users.serverAdmin, true)); + + // If admin exists, no need for setup token + if (existingAdmin) { + logger.warn("Server admin exists. Setup token generation skipped."); + return; + } + + // Check if a setup token already exists + const existingTokens = await db + .select() + .from(setupTokens) + .where(eq(setupTokens.used, false)); + + // If unused token exists, display it instead of creating a new one + if (existingTokens.length > 0) { + console.log("=== SETUP TOKEN EXISTS ==="); + console.log("Token:", existingTokens[0].token); + console.log("Use this token on the initial setup page"); + console.log("================================"); + return; + } + + // Generate a new setup token + const token = generateToken(); + const tokenId = generateId(15); + + await db.insert(setupTokens).values({ + tokenId: tokenId, + token: token, + used: false, + dateCreated: moment().toISOString(), + dateUsed: null + }); + + console.log("=== SETUP TOKEN GENERATED ==="); + console.log("Token:", token); + console.log("Use this token on the initial setup page"); + console.log("================================"); + } catch (error) { + console.error("Failed to ensure setup token:", error); + throw error; + } +} \ No newline at end of file diff --git a/server/setup/index.ts b/server/setup/index.ts index d126869a..2dfb633e 100644 --- a/server/setup/index.ts +++ b/server/setup/index.ts @@ -1,9 +1,11 @@ import { ensureActions } from "./ensureActions"; import { copyInConfig } from "./copyInConfig"; import { clearStaleData } from "./clearStaleData"; +import { ensureSetupToken } from "./ensureSetupToken"; export async function runSetupFunctions() { await copyInConfig(); // copy in the config to the db as needed await ensureActions(); // make sure all of the actions are in the db and the roles await clearStaleData(); + await ensureSetupToken(); // ensure setup token exists for initial setup } diff --git a/server/setup/migrationsPg.ts b/server/setup/migrationsPg.ts index 07ece65b..6b3f20b9 100644 --- a/server/setup/migrationsPg.ts +++ b/server/setup/migrationsPg.ts @@ -8,6 +8,7 @@ import path from "path"; import m1 from "./scriptsPg/1.6.0"; import m2 from "./scriptsPg/1.7.0"; import m3 from "./scriptsPg/1.8.0"; +import m4 from "./scriptsPg/1.9.0"; // THIS CANNOT IMPORT ANYTHING FROM THE SERVER // EXCEPT FOR THE DATABASE AND THE SCHEMA @@ -16,7 +17,8 @@ import m3 from "./scriptsPg/1.8.0"; const migrations = [ { version: "1.6.0", run: m1 }, { version: "1.7.0", run: m2 }, - { version: "1.8.0", run: m3 } + { version: "1.8.0", run: m3 }, + { version: "1.9.0", run: m4 } // Add new migrations here as they are created ] as { version: string; diff --git a/server/setup/migrationsSqlite.ts b/server/setup/migrationsSqlite.ts index 15dd28d2..5b0850c8 100644 --- a/server/setup/migrationsSqlite.ts +++ b/server/setup/migrationsSqlite.ts @@ -25,6 +25,7 @@ import m20 from "./scriptsSqlite/1.5.0"; import m21 from "./scriptsSqlite/1.6.0"; import m22 from "./scriptsSqlite/1.7.0"; import m23 from "./scriptsSqlite/1.8.0"; +import m24 from "./scriptsSqlite/1.9.0"; // THIS CANNOT IMPORT ANYTHING FROM THE SERVER // EXCEPT FOR THE DATABASE AND THE SCHEMA @@ -49,6 +50,7 @@ const migrations = [ { version: "1.6.0", run: m21 }, { version: "1.7.0", run: m22 }, { version: "1.8.0", run: m23 }, + { version: "1.9.0", run: m24 }, // Add new migrations here as they are created ] as const; diff --git a/server/setup/scriptsPg/1.6.0.ts b/server/setup/scriptsPg/1.6.0.ts index 4e23fe4d..30c9c269 100644 --- a/server/setup/scriptsPg/1.6.0.ts +++ b/server/setup/scriptsPg/1.6.0.ts @@ -37,8 +37,7 @@ export default async function migration() { // Read and parse the YAML file const fileContents = fs.readFileSync(filePath, "utf8"); - let rawConfig: any; - rawConfig = yaml.load(fileContents); + const rawConfig = yaml.load(fileContents) as any; if (rawConfig.server?.trust_proxy) { rawConfig.server.trust_proxy = 1; diff --git a/server/setup/scriptsPg/1.9.0.ts b/server/setup/scriptsPg/1.9.0.ts new file mode 100644 index 00000000..a25bd780 --- /dev/null +++ b/server/setup/scriptsPg/1.9.0.ts @@ -0,0 +1,136 @@ +import { db } from "@server/db/pg/driver"; +import { sql } from "drizzle-orm"; + +const version = "1.9.0"; + +export default async function migration() { + console.log(`Running setup script ${version}...`); + + const resourceSiteMap = new Map(); + let firstSiteId: number = 1; + + try { + // Get the first siteId to use as default + const firstSite = await db.execute(sql`SELECT "siteId" FROM "sites" LIMIT 1`); + if (firstSite.rows.length > 0) { + firstSiteId = firstSite.rows[0].siteId as number; + } + + const resources = await db.execute(sql` + SELECT "resourceId", "siteId" FROM "resources" WHERE "siteId" IS NOT NULL + `); + for (const resource of resources.rows) { + resourceSiteMap.set( + resource.resourceId as number, + resource.siteId as number + ); + } + } catch (e) { + console.log("Error getting resources:", e); + } + + try { + await db.execute(sql`BEGIN`); + + await db.execute(sql`CREATE TABLE "setupTokens" ( + "tokenId" varchar PRIMARY KEY NOT NULL, + "token" varchar NOT NULL, + "used" boolean DEFAULT false NOT NULL, + "dateCreated" varchar NOT NULL, + "dateUsed" varchar +);`); + + await db.execute(sql`CREATE TABLE "siteResources" ( + "siteResourceId" serial PRIMARY KEY NOT NULL, + "siteId" integer NOT NULL, + "orgId" varchar NOT NULL, + "name" varchar NOT NULL, + "protocol" varchar NOT NULL, + "proxyPort" integer NOT NULL, + "destinationPort" integer NOT NULL, + "destinationIp" varchar NOT NULL, + "enabled" boolean DEFAULT true NOT NULL +);`); + + await db.execute(sql`ALTER TABLE "resources" DROP CONSTRAINT "resources_siteId_sites_siteId_fk";`); + + await db.execute(sql`ALTER TABLE "clients" ALTER COLUMN "lastPing" TYPE integer USING NULL;`); + + await db.execute(sql`ALTER TABLE "clientSites" ADD COLUMN "endpoint" varchar;`); + + await db.execute(sql`ALTER TABLE "olms" ADD COLUMN "version" text;`); + + await db.execute(sql`ALTER TABLE "orgs" ADD COLUMN "createdAt" text;`); + + await db.execute(sql`ALTER TABLE "resources" ADD COLUMN "skipToIdpId" integer;`); + + await db.execute(sql.raw(`ALTER TABLE "targets" ADD COLUMN "siteId" integer NOT NULL DEFAULT ${firstSiteId || 1};`)); + + await db.execute(sql`ALTER TABLE "siteResources" ADD CONSTRAINT "siteResources_siteId_sites_siteId_fk" FOREIGN KEY ("siteId") REFERENCES "public"."sites"("siteId") ON DELETE cascade ON UPDATE no action;`); + + await db.execute(sql`ALTER TABLE "siteResources" ADD CONSTRAINT "siteResources_orgId_orgs_orgId_fk" FOREIGN KEY ("orgId") REFERENCES "public"."orgs"("orgId") ON DELETE cascade ON UPDATE no action;`); + + await db.execute(sql`ALTER TABLE "resources" ADD CONSTRAINT "resources_skipToIdpId_idp_idpId_fk" FOREIGN KEY ("skipToIdpId") REFERENCES "public"."idp"("idpId") ON DELETE cascade ON UPDATE no action;`); + + await db.execute(sql`ALTER TABLE "targets" ADD CONSTRAINT "targets_siteId_sites_siteId_fk" FOREIGN KEY ("siteId") REFERENCES "public"."sites"("siteId") ON DELETE cascade ON UPDATE no action;`); + + await db.execute(sql`ALTER TABLE "clients" DROP COLUMN "endpoint";`); + + await db.execute(sql`ALTER TABLE "resources" DROP COLUMN "siteId";`); + + // for each resource, get all of its targets, and update the siteId to be the previously stored siteId + for (const [resourceId, siteId] of resourceSiteMap) { + const targets = await db.execute(sql` + SELECT "targetId" FROM "targets" WHERE "resourceId" = ${resourceId} + `); + for (const target of targets.rows) { + await db.execute(sql` + UPDATE "targets" SET "siteId" = ${siteId} WHERE "targetId" = ${target.targetId} + `); + } + } + + // list resources that have enableProxy false + // move them to the siteResources table + // remove them from the resources table + const proxyFalseResources = await db.execute(sql` + SELECT * FROM "resources" WHERE "enableProxy" = false + `); + + for (const resource of proxyFalseResources.rows) { + // Get the first target to derive destination IP and port + const firstTarget = await db.execute(sql` + SELECT "ip", "port" FROM "targets" WHERE "resourceId" = ${resource.resourceId} LIMIT 1 + `); + + if (firstTarget.rows.length === 0) { + continue; + } + + const target = firstTarget.rows[0]; + + // Insert into siteResources table + await db.execute(sql` + INSERT INTO "siteResources" ("siteId", "orgId", "name", "protocol", "proxyPort", "destinationPort", "destinationIp", "enabled") + VALUES (${resourceSiteMap.get(resource.resourceId as number)}, ${resource.orgId}, ${resource.name}, ${resource.protocol}, ${resource.proxyPort}, ${target.port}, ${target.ip}, ${resource.enabled}) + `); + + // Delete from resources table + await db.execute(sql` + DELETE FROM "resources" WHERE "resourceId" = ${resource.resourceId} + `); + + // Delete the targets for this resource + await db.execute(sql` + DELETE FROM "targets" WHERE "resourceId" = ${resource.resourceId} + `); + } + + await db.execute(sql`COMMIT`); + console.log(`Migrated database`); + } catch (e) { + await db.execute(sql`ROLLBACK`); + console.log("Failed to migrate db:", e); + throw e; + } +} diff --git a/server/setup/scriptsSqlite/1.0.0-beta10.ts b/server/setup/scriptsSqlite/1.0.0-beta10.ts index cf988f04..400cbc31 100644 --- a/server/setup/scriptsSqlite/1.0.0-beta10.ts +++ b/server/setup/scriptsSqlite/1.0.0-beta10.ts @@ -24,8 +24,7 @@ export default async function migration() { // Read and parse the YAML file const fileContents = fs.readFileSync(filePath, "utf8"); - let rawConfig: any; - rawConfig = yaml.load(fileContents); + const rawConfig = yaml.load(fileContents) as any; delete rawConfig.server.secure_cookies; diff --git a/server/setup/scriptsSqlite/1.0.0-beta12.ts b/server/setup/scriptsSqlite/1.0.0-beta12.ts index 2fbc00b6..8c96e663 100644 --- a/server/setup/scriptsSqlite/1.0.0-beta12.ts +++ b/server/setup/scriptsSqlite/1.0.0-beta12.ts @@ -26,8 +26,7 @@ export default async function migration() { // Read and parse the YAML file const fileContents = fs.readFileSync(filePath, "utf8"); - let rawConfig: any; - rawConfig = yaml.load(fileContents); + const rawConfig = yaml.load(fileContents) as any; if (!rawConfig.flags) { rawConfig.flags = {}; diff --git a/server/setup/scriptsSqlite/1.0.0-beta15.ts b/server/setup/scriptsSqlite/1.0.0-beta15.ts index ef82d029..cf39fd8a 100644 --- a/server/setup/scriptsSqlite/1.0.0-beta15.ts +++ b/server/setup/scriptsSqlite/1.0.0-beta15.ts @@ -31,8 +31,7 @@ export default async function migration() { // Read and parse the YAML file const fileContents = fs.readFileSync(filePath, "utf8"); - let rawConfig: any; - rawConfig = yaml.load(fileContents); + const rawConfig = yaml.load(fileContents) as any; const baseDomain = rawConfig.app.base_domain; const certResolver = rawConfig.traefik.cert_resolver; diff --git a/server/setup/scriptsSqlite/1.0.0-beta2.ts b/server/setup/scriptsSqlite/1.0.0-beta2.ts index b2ad8386..1241e9c5 100644 --- a/server/setup/scriptsSqlite/1.0.0-beta2.ts +++ b/server/setup/scriptsSqlite/1.0.0-beta2.ts @@ -23,8 +23,7 @@ export default async function migration() { // Read and parse the YAML file const fileContents = fs.readFileSync(filePath, "utf8"); - let rawConfig: any; - rawConfig = yaml.load(fileContents); + const rawConfig = yaml.load(fileContents) as any; // Validate the structure if (!rawConfig.app || !rawConfig.app.base_url) { diff --git a/server/setup/scriptsSqlite/1.0.0-beta3.ts b/server/setup/scriptsSqlite/1.0.0-beta3.ts index 36fab908..fccfeb88 100644 --- a/server/setup/scriptsSqlite/1.0.0-beta3.ts +++ b/server/setup/scriptsSqlite/1.0.0-beta3.ts @@ -23,8 +23,7 @@ export default async function migration() { // Read and parse the YAML file const fileContents = fs.readFileSync(filePath, "utf8"); - let rawConfig: any; - rawConfig = yaml.load(fileContents); + const rawConfig = yaml.load(fileContents) as any; // Validate the structure if (!rawConfig.gerbil) { diff --git a/server/setup/scriptsSqlite/1.0.0-beta5.ts b/server/setup/scriptsSqlite/1.0.0-beta5.ts index 44412ad0..1c49503c 100644 --- a/server/setup/scriptsSqlite/1.0.0-beta5.ts +++ b/server/setup/scriptsSqlite/1.0.0-beta5.ts @@ -26,8 +26,7 @@ export default async function migration() { // Read and parse the YAML file const fileContents = fs.readFileSync(filePath, "utf8"); - let rawConfig: any; - rawConfig = yaml.load(fileContents); + const rawConfig = yaml.load(fileContents) as any; // Validate the structure if (!rawConfig.server) { diff --git a/server/setup/scriptsSqlite/1.0.0-beta6.ts b/server/setup/scriptsSqlite/1.0.0-beta6.ts index ba927b35..89129678 100644 --- a/server/setup/scriptsSqlite/1.0.0-beta6.ts +++ b/server/setup/scriptsSqlite/1.0.0-beta6.ts @@ -24,8 +24,7 @@ export default async function migration() { // Read and parse the YAML file const fileContents = fs.readFileSync(filePath, "utf8"); - let rawConfig: any; - rawConfig = yaml.load(fileContents); + const rawConfig = yaml.load(fileContents) as any; // Validate the structure if (!rawConfig.server) { diff --git a/server/setup/scriptsSqlite/1.0.0-beta9.ts b/server/setup/scriptsSqlite/1.0.0-beta9.ts index 58f1d5d3..350293dc 100644 --- a/server/setup/scriptsSqlite/1.0.0-beta9.ts +++ b/server/setup/scriptsSqlite/1.0.0-beta9.ts @@ -59,8 +59,7 @@ export default async function migration() { // Read and parse the YAML file const fileContents = fs.readFileSync(filePath, "utf8"); - let rawConfig: any; - rawConfig = yaml.load(fileContents); + const rawConfig = yaml.load(fileContents) as any; rawConfig.server.resource_session_request_param = "p_session_request"; @@ -78,7 +77,7 @@ export default async function migration() { fs.writeFileSync(filePath, updatedYaml, "utf8"); } catch (e) { console.log( - `Failed to add resource_session_request_param to config. Please add it manually. https://docs.fossorial.io/Pangolin/Configuration/config` + `Failed to add resource_session_request_param to config. Please add it manually. https://docs.digpangolin.com/self-host/advanced/config-file` ); trx.rollback(); return; diff --git a/server/setup/scriptsSqlite/1.2.0.ts b/server/setup/scriptsSqlite/1.2.0.ts index 22862210..d6008407 100644 --- a/server/setup/scriptsSqlite/1.2.0.ts +++ b/server/setup/scriptsSqlite/1.2.0.ts @@ -44,8 +44,7 @@ export default async function migration() { // Read and parse the YAML file const fileContents = fs.readFileSync(filePath, "utf8"); - let rawConfig: any; - rawConfig = yaml.load(fileContents); + const rawConfig = yaml.load(fileContents) as any; if (!rawConfig.flags) { rawConfig.flags = {}; @@ -63,7 +62,7 @@ export default async function migration() { console.log(`Added new config option: resource_access_token_headers`); } catch (e) { console.log( - `Unable to add new config option: resource_access_token_headers. Please add it manually. https://docs.fossorial.io/Pangolin/Configuration/config` + `Unable to add new config option: resource_access_token_headers. Please add it manually. https://docs.digpangolin.com/self-host/advanced/config-file` ); console.error(e); } diff --git a/server/setup/scriptsSqlite/1.3.0.ts b/server/setup/scriptsSqlite/1.3.0.ts index 820ce0ad..a084d59f 100644 --- a/server/setup/scriptsSqlite/1.3.0.ts +++ b/server/setup/scriptsSqlite/1.3.0.ts @@ -177,8 +177,7 @@ export default async function migration() { } const fileContents = fs.readFileSync(filePath, "utf8"); - let rawConfig: any; - rawConfig = yaml.load(fileContents); + const rawConfig = yaml.load(fileContents) as any; if (!rawConfig.server.secret) { rawConfig.server.secret = generateIdFromEntropySize(32); diff --git a/server/setup/scriptsSqlite/1.5.0.ts b/server/setup/scriptsSqlite/1.5.0.ts index 30dd98e7..46e9ccca 100644 --- a/server/setup/scriptsSqlite/1.5.0.ts +++ b/server/setup/scriptsSqlite/1.5.0.ts @@ -45,8 +45,7 @@ export default async function migration() { // Read and parse the YAML file const fileContents = fs.readFileSync(filePath, "utf8"); - let rawConfig: any; - rawConfig = yaml.load(fileContents); + const rawConfig = yaml.load(fileContents) as any; if (rawConfig.cors?.headers) { const headers = JSON.parse( diff --git a/server/setup/scriptsSqlite/1.6.0.ts b/server/setup/scriptsSqlite/1.6.0.ts index 35915b7d..adab2697 100644 --- a/server/setup/scriptsSqlite/1.6.0.ts +++ b/server/setup/scriptsSqlite/1.6.0.ts @@ -46,8 +46,7 @@ export default async function migration() { // Read and parse the YAML file const fileContents = fs.readFileSync(filePath, "utf8"); - let rawConfig: any; - rawConfig = yaml.load(fileContents); + const rawConfig = yaml.load(fileContents) as any; if (rawConfig.server?.trust_proxy) { rawConfig.server.trust_proxy = 1; diff --git a/server/setup/scriptsSqlite/1.9.0.ts b/server/setup/scriptsSqlite/1.9.0.ts new file mode 100644 index 00000000..5f247ea5 --- /dev/null +++ b/server/setup/scriptsSqlite/1.9.0.ts @@ -0,0 +1,191 @@ +import { APP_PATH } from "@server/lib/consts"; +import Database from "better-sqlite3"; +import path from "path"; + +const version = "1.9.0"; + +export default async function migration() { + console.log(`Running setup script ${version}...`); + + const location = path.join(APP_PATH, "db", "db.sqlite"); + const db = new Database(location); + + const resourceSiteMap = new Map(); + let firstSiteId: number = 1; + + try { + // Get the first siteId to use as default + const firstSite = db.prepare("SELECT siteId FROM sites LIMIT 1").get() as { siteId: number } | undefined; + if (firstSite) { + firstSiteId = firstSite.siteId; + } + + const resources = db + .prepare( + "SELECT resourceId, siteId FROM resources WHERE siteId IS NOT NULL" + ) + .all() as Array<{ resourceId: number; siteId: number }>; + for (const resource of resources) { + resourceSiteMap.set(resource.resourceId, resource.siteId); + } + } catch (e) { + console.log("Error getting resources:", e); + } + + try { + db.pragma("foreign_keys = OFF"); + + db.transaction(() => { + db.exec(`CREATE TABLE 'setupTokens' ( + 'tokenId' text PRIMARY KEY NOT NULL, + 'token' text NOT NULL, + 'used' integer DEFAULT false NOT NULL, + 'dateCreated' text NOT NULL, + 'dateUsed' text +); +--> statement-breakpoint +CREATE TABLE 'siteResources' ( + 'siteResourceId' integer PRIMARY KEY AUTOINCREMENT NOT NULL, + 'siteId' integer NOT NULL, + 'orgId' text NOT NULL, + 'name' text NOT NULL, + 'protocol' text NOT NULL, + 'proxyPort' integer NOT NULL, + 'destinationPort' integer NOT NULL, + 'destinationIp' text NOT NULL, + 'enabled' integer DEFAULT true NOT NULL, + FOREIGN KEY ('siteId') REFERENCES 'sites'('siteId') ON UPDATE no action ON DELETE cascade, + FOREIGN KEY ('orgId') REFERENCES 'orgs'('orgId') ON UPDATE no action ON DELETE cascade +); +--> statement-breakpoint +PRAGMA foreign_keys=OFF;--> statement-breakpoint +CREATE TABLE '__new_resources' ( + 'resourceId' integer PRIMARY KEY AUTOINCREMENT NOT NULL, + 'orgId' text NOT NULL, + 'name' text NOT NULL, + 'subdomain' text, + 'fullDomain' text, + 'domainId' text, + 'ssl' integer DEFAULT false NOT NULL, + 'blockAccess' integer DEFAULT false NOT NULL, + 'sso' integer DEFAULT true NOT NULL, + 'http' integer DEFAULT true NOT NULL, + 'protocol' text NOT NULL, + 'proxyPort' integer, + 'emailWhitelistEnabled' integer DEFAULT false NOT NULL, + 'applyRules' integer DEFAULT false NOT NULL, + 'enabled' integer DEFAULT true NOT NULL, + 'stickySession' integer DEFAULT false NOT NULL, + 'tlsServerName' text, + 'setHostHeader' text, + 'enableProxy' integer DEFAULT true, + 'skipToIdpId' integer, + FOREIGN KEY ('orgId') REFERENCES 'orgs'('orgId') ON UPDATE no action ON DELETE cascade, + FOREIGN KEY ('domainId') REFERENCES 'domains'('domainId') ON UPDATE no action ON DELETE set null, + FOREIGN KEY ('skipToIdpId') REFERENCES 'idp'('idpId') ON UPDATE no action ON DELETE cascade +); +--> statement-breakpoint +INSERT INTO '__new_resources'("resourceId", "orgId", "name", "subdomain", "fullDomain", "domainId", "ssl", "blockAccess", "sso", "http", "protocol", "proxyPort", "emailWhitelistEnabled", "applyRules", "enabled", "stickySession", "tlsServerName", "setHostHeader", "enableProxy", "skipToIdpId") SELECT "resourceId", "orgId", "name", "subdomain", "fullDomain", "domainId", "ssl", "blockAccess", "sso", "http", "protocol", "proxyPort", "emailWhitelistEnabled", "applyRules", "enabled", "stickySession", "tlsServerName", "setHostHeader", "enableProxy", null FROM 'resources';--> statement-breakpoint +DROP TABLE 'resources';--> statement-breakpoint +ALTER TABLE '__new_resources' RENAME TO 'resources';--> statement-breakpoint +PRAGMA foreign_keys=ON;--> statement-breakpoint +CREATE TABLE '__new_clients' ( + 'id' integer PRIMARY KEY AUTOINCREMENT NOT NULL, + 'orgId' text NOT NULL, + 'exitNode' integer, + 'name' text NOT NULL, + 'pubKey' text, + 'subnet' text NOT NULL, + 'bytesIn' integer, + 'bytesOut' integer, + 'lastBandwidthUpdate' text, + 'lastPing' integer, + 'type' text NOT NULL, + 'online' integer DEFAULT false NOT NULL, + 'lastHolePunch' integer, + FOREIGN KEY ('orgId') REFERENCES 'orgs'('orgId') ON UPDATE no action ON DELETE cascade, + FOREIGN KEY ('exitNode') REFERENCES 'exitNodes'('exitNodeId') ON UPDATE no action ON DELETE set null +); +--> statement-breakpoint +INSERT INTO '__new_clients'("id", "orgId", "exitNode", "name", "pubKey", "subnet", "bytesIn", "bytesOut", "lastBandwidthUpdate", "lastPing", "type", "online", "lastHolePunch") SELECT "id", "orgId", "exitNode", "name", "pubKey", "subnet", "bytesIn", "bytesOut", "lastBandwidthUpdate", NULL, "type", "online", "lastHolePunch" FROM 'clients';--> statement-breakpoint +DROP TABLE 'clients';--> statement-breakpoint +ALTER TABLE '__new_clients' RENAME TO 'clients';--> statement-breakpoint +ALTER TABLE 'clientSites' ADD 'endpoint' text;--> statement-breakpoint +ALTER TABLE 'exitNodes' ADD 'online' integer DEFAULT false NOT NULL;--> statement-breakpoint +ALTER TABLE 'exitNodes' ADD 'lastPing' integer;--> statement-breakpoint +ALTER TABLE 'exitNodes' ADD 'type' text DEFAULT 'gerbil';--> statement-breakpoint +ALTER TABLE 'olms' ADD 'version' text;--> statement-breakpoint +ALTER TABLE 'orgs' ADD 'createdAt' text;--> statement-breakpoint +ALTER TABLE 'targets' ADD 'siteId' integer NOT NULL DEFAULT ${firstSiteId || 1} REFERENCES sites(siteId);`); + + // for each resource, get all of its targets, and update the siteId to be the previously stored siteId + for (const [resourceId, siteId] of resourceSiteMap) { + const targets = db + .prepare( + "SELECT targetId FROM targets WHERE resourceId = ?" + ) + .all(resourceId) as Array<{ targetId: number }>; + for (const target of targets) { + db.prepare( + "UPDATE targets SET siteId = ? WHERE targetId = ?" + ).run(siteId, target.targetId); + } + } + + // list resources that have enableProxy false + // move them to the siteResources table + // remove them from the resources table + const proxyFalseResources = db + .prepare("SELECT * FROM resources WHERE enableProxy = 0") + .all() as Array; + + for (const resource of proxyFalseResources) { + // Get the first target to derive destination IP and port + const firstTarget = db + .prepare( + "SELECT ip, port FROM targets WHERE resourceId = ? LIMIT 1" + ) + .get(resource.resourceId) as + | { ip: string; port: number } + | undefined; + + if (!firstTarget) { + continue; + } + + // Insert into siteResources table + const stmt = db.prepare(` + INSERT INTO siteResources (siteId, orgId, name, protocol, proxyPort, destinationPort, destinationIp, enabled) + VALUES (?, ?, ?, ?, ?, ?, ?, ?) + `); + stmt.run( + resourceSiteMap.get(resource.resourceId), + resource.orgId, + resource.name, + resource.protocol, + resource.proxyPort, + firstTarget.port, + firstTarget.ip, + resource.enabled + ); + + // Delete from resources table + db.prepare("DELETE FROM resources WHERE resourceId = ?").run( + resource.resourceId + ); + + // Delete the targets for this resource + db.prepare("DELETE FROM targets WHERE resourceId = ?").run( + resource.resourceId + ); + } + })(); + + db.pragma("foreign_keys = ON"); + + console.log(`Migrated database`); + } catch (e) { + console.log("Failed to migrate db:", e); + throw e; + } +} diff --git a/src/app/[orgId]/settings/clients/[clientId]/layout.tsx b/src/app/[orgId]/settings/clients/[clientId]/layout.tsx index 804162a2..d137b00c 100644 --- a/src/app/[orgId]/settings/clients/[clientId]/layout.tsx +++ b/src/app/[orgId]/settings/clients/[clientId]/layout.tsx @@ -21,7 +21,7 @@ export default async function SettingsLayout(props: SettingsLayoutProps) { let client = null; try { const res = await internal.get>( - `/org/${params.orgId}/client/${params.clientId}`, + `/client/${params.clientId}`, await authCookieHeader() ); client = res.data.data; diff --git a/src/app/[orgId]/settings/clients/create/page.tsx b/src/app/[orgId]/settings/clients/create/page.tsx index 419487d0..0736ee64 100644 --- a/src/app/[orgId]/settings/clients/create/page.tsx +++ b/src/app/[orgId]/settings/clients/create/page.tsx @@ -331,9 +331,16 @@ export default function Page() { let olmVersion = "latest"; try { + const controller = new AbortController(); + const timeoutId = setTimeout(() => controller.abort(), 3000); + const response = await fetch( - `https://api.github.com/repos/fosrl/olm/releases/latest` + `https://api.github.com/repos/fosrl/olm/releases/latest`, + { signal: controller.signal } ); + + clearTimeout(timeoutId); + if (!response.ok) { throw new Error( t("olmErrorFetchReleases", { @@ -345,14 +352,18 @@ export default function Page() { const latestVersion = data.tag_name; olmVersion = latestVersion; } catch (error) { - console.error( - t("olmErrorFetchLatest", { - err: - error instanceof Error - ? error.message - : String(error) - }) - ); + if (error instanceof Error && error.name === 'AbortError') { + console.error(t("olmErrorFetchTimeout")); + } else { + console.error( + t("olmErrorFetchLatest", { + err: + error instanceof Error + ? error.message + : String(error) + }) + ); + } } await api @@ -705,4 +716,4 @@ export default function Page() { )} ); -} \ No newline at end of file +} diff --git a/src/app/[orgId]/settings/resources/ResourcesDataTable.tsx b/src/app/[orgId]/settings/resources/ResourcesDataTable.tsx deleted file mode 100644 index a675213a..00000000 --- a/src/app/[orgId]/settings/resources/ResourcesDataTable.tsx +++ /dev/null @@ -1,36 +0,0 @@ -"use client"; - -import { ColumnDef } from "@tanstack/react-table"; -import { DataTable } from "@app/components/ui/data-table"; -import { useTranslations } from 'next-intl'; - -interface DataTableProps { - columns: ColumnDef[]; - data: TData[]; - createResource?: () => void; -} - -export function ResourcesDataTable({ - columns, - data, - createResource -}: DataTableProps) { - - const t = useTranslations(); - - return ( - - ); -} diff --git a/src/app/[orgId]/settings/resources/ResourcesSplashCard.tsx b/src/app/[orgId]/settings/resources/ResourcesSplashCard.tsx deleted file mode 100644 index 50f6fd0b..00000000 --- a/src/app/[orgId]/settings/resources/ResourcesSplashCard.tsx +++ /dev/null @@ -1,70 +0,0 @@ -"use client"; - -import React, { useState, useEffect } from "react"; -import { Server, Lock, Key, Users, X, ArrowRight } from "lucide-react"; // Replace with actual imports -import { Card, CardContent } from "@app/components/ui/card"; -import { Button } from "@app/components/ui/button"; -import { useTranslations } from "next-intl"; - -export const ResourcesSplashCard = () => { - const [isDismissed, setIsDismissed] = useState(false); - - const key = "resources-splash-dismissed"; - - useEffect(() => { - const dismissed = localStorage.getItem(key); - if (dismissed === "true") { - setIsDismissed(true); - } - }, []); - - const handleDismiss = () => { - setIsDismissed(true); - localStorage.setItem(key, "true"); - }; - - const t = useTranslations(); - - if (isDismissed) { - return null; - } - - return ( - - - -
-

- - {t('resources')} -

-

- {t('resourcesDescription')} -

-
    -
  • - - {t('resourcesWireGuardConnect')} -
    • -
  • - - {t('resourcesMultipleAuthenticationMethods')} -
    • -
  • - - {t('resourcesUsersRolesAccess')} -
    • -
-
- - - ); -}; - -export default ResourcesSplashCard; diff --git a/src/app/[orgId]/settings/resources/ResourcesTable.tsx b/src/app/[orgId]/settings/resources/ResourcesTable.tsx index e64fb4e3..97bdfdd9 100644 --- a/src/app/[orgId]/settings/resources/ResourcesTable.tsx +++ b/src/app/[orgId]/settings/resources/ResourcesTable.tsx @@ -1,7 +1,16 @@ "use client"; -import { ColumnDef } from "@tanstack/react-table"; -import { ResourcesDataTable } from "./ResourcesDataTable"; +import { + ColumnDef, + flexRender, + getCoreRowModel, + useReactTable, + getPaginationRowModel, + SortingState, + getSortedRowModel, + ColumnFiltersState, + getFilteredRowModel +} from "@tanstack/react-table"; import { DropdownMenu, DropdownMenuContent, @@ -10,18 +19,16 @@ import { } from "@app/components/ui/dropdown-menu"; import { Button } from "@app/components/ui/button"; import { - Copy, ArrowRight, ArrowUpDown, MoreHorizontal, - Check, ArrowUpRight, ShieldOff, ShieldCheck } from "lucide-react"; import Link from "next/link"; import { useRouter } from "next/navigation"; -import { useState } from "react"; +import { useState, useEffect } from "react"; import ConfirmDeleteDialog from "@app/components/ConfirmDeleteDialog"; import { formatAxiosError } from "@app/lib/api"; import { toast } from "@app/hooks/useToast"; @@ -31,17 +38,37 @@ import CopyToClipboard from "@app/components/CopyToClipboard"; import { Switch } from "@app/components/ui/switch"; import { AxiosResponse } from "axios"; import { UpdateResourceResponse } from "@server/routers/resource"; +import { ListSitesResponse } from "@server/routers/site"; import { useTranslations } from "next-intl"; import { InfoPopup } from "@app/components/ui/info-popup"; -import { Badge } from "@app/components/ui/badge"; +import { Input } from "@app/components/ui/input"; +import { DataTablePagination } from "@app/components/DataTablePagination"; +import { Plus, Search } from "lucide-react"; +import { Card, CardContent, CardHeader } from "@app/components/ui/card"; +import { + Table, + TableBody, + TableCell, + TableHead, + TableHeader, + TableRow +} from "@app/components/ui/table"; +import { + Tabs, + TabsContent, + TabsList, + TabsTrigger +} from "@app/components/ui/tabs"; +import { useSearchParams } from "next/navigation"; +import EditInternalResourceDialog from "@app/components/EditInternalResourceDialog"; +import CreateInternalResourceDialog from "@app/components/CreateInternalResourceDialog"; +import { Alert, AlertDescription } from "@app/components/ui/alert"; export type ResourceRow = { id: number; name: string; orgId: string; domain: string; - site: string; - siteId: string; authState: string; http: boolean; protocol: string; @@ -50,20 +77,147 @@ export type ResourceRow = { domainId?: string; }; -type ResourcesTableProps = { - resources: ResourceRow[]; +export type InternalResourceRow = { + id: number; + name: string; orgId: string; + siteName: string; + protocol: string; + proxyPort: number | null; + siteId: number; + siteNiceId: string; + destinationIp: string; + destinationPort: number; }; -export default function SitesTable({ resources, orgId }: ResourcesTableProps) { +type Site = ListSitesResponse["sites"][0]; + +type ResourcesTableProps = { + resources: ResourceRow[]; + internalResources: InternalResourceRow[]; + orgId: string; + defaultView?: "proxy" | "internal"; +}; + +export default function ResourcesTable({ + resources, + internalResources, + orgId, + defaultView = "proxy" +}: ResourcesTableProps) { const router = useRouter(); + const searchParams = useSearchParams(); const t = useTranslations(); - const api = createApiClient(useEnvContext()); + const { env } = useEnvContext(); + + const api = createApiClient({ env }); const [isDeleteModalOpen, setIsDeleteModalOpen] = useState(false); const [selectedResource, setSelectedResource] = useState(); + const [selectedInternalResource, setSelectedInternalResource] = + useState(); + const [isEditDialogOpen, setIsEditDialogOpen] = useState(false); + const [editingResource, setEditingResource] = + useState(); + const [isCreateDialogOpen, setIsCreateDialogOpen] = useState(false); + const [sites, setSites] = useState([]); + + const [proxySorting, setProxySorting] = useState([]); + const [proxyColumnFilters, setProxyColumnFilters] = + useState([]); + const [proxyGlobalFilter, setProxyGlobalFilter] = useState([]); + + const [internalSorting, setInternalSorting] = useState([]); + const [internalColumnFilters, setInternalColumnFilters] = + useState([]); + const [internalGlobalFilter, setInternalGlobalFilter] = useState([]); + + const currentView = searchParams.get("view") || defaultView; + + useEffect(() => { + const fetchSites = async () => { + try { + const res = await api.get>( + `/org/${orgId}/sites` + ); + setSites(res.data.data.sites); + } catch (error) { + console.error("Failed to fetch sites:", error); + } + }; + + if (orgId) { + fetchSites(); + } + }, [orgId]); + + const handleTabChange = (value: string) => { + const params = new URLSearchParams(searchParams); + if (value === "internal") { + params.set("view", "internal"); + } else { + params.delete("view"); + } + + const newUrl = `${window.location.pathname}${params.toString() ? "?" + params.toString() : ""}`; + router.replace(newUrl, { scroll: false }); + }; + + const getSearchInput = () => { + if (currentView === "internal") { + return ( +
+ + internalTable.setGlobalFilter( + String(e.target.value) + ) + } + className="w-full pl-8" + /> + +
+ ); + } + return ( +
+ + proxyTable.setGlobalFilter(String(e.target.value)) + } + className="w-full pl-8" + /> + +
+ ); + }; + + const getActionButton = () => { + if (currentView === "internal") { + return ( + + ); + } + return ( + + ); + }; const deleteResource = (resourceId: number) => { api.delete(`/resource/${resourceId}`) @@ -81,6 +235,26 @@ export default function SitesTable({ resources, orgId }: ResourcesTableProps) { }); }; + const deleteInternalResource = async ( + resourceId: number, + siteId: number + ) => { + try { + await api.delete( + `/org/${orgId}/site/${siteId}/resource/${resourceId}` + ); + router.refresh(); + setIsDeleteModalOpen(false); + } catch (e) { + console.error(t("resourceErrorDelete"), e); + toast({ + variant: "destructive", + title: t("resourceErrorDelte"), + description: formatAxiosError(e, t("v")) + }); + } + }; + async function toggleResourceEnabled(val: boolean, resourceId: number) { const res = await api .post>( @@ -101,7 +275,7 @@ export default function SitesTable({ resources, orgId }: ResourcesTableProps) { }); } - const columns: ColumnDef[] = [ + const proxyColumns: ColumnDef[] = [ { accessorKey: "name", header: ({ column }) => { @@ -118,35 +292,6 @@ export default function SitesTable({ resources, orgId }: ResourcesTableProps) { ); } }, - { - accessorKey: "site", - header: ({ column }) => { - return ( - - ); - }, - cell: ({ row }) => { - const resourceRow = row.original; - return ( - - - - ); - } - }, { accessorKey: "protocol", header: t("protocol"), @@ -225,10 +370,12 @@ export default function SitesTable({ resources, orgId }: ResourcesTableProps) { toggleResourceEnabled(val, row.original.id) } @@ -289,6 +436,163 @@ export default function SitesTable({ resources, orgId }: ResourcesTableProps) { } ]; + const internalColumns: ColumnDef[] = [ + { + accessorKey: "name", + header: ({ column }) => { + return ( + + ); + } + }, + { + accessorKey: "siteName", + header: t("siteName"), + cell: ({ row }) => { + const resourceRow = row.original; + return ( + + + + ); + } + }, + { + accessorKey: "protocol", + header: t("protocol"), + cell: ({ row }) => { + const resourceRow = row.original; + return {resourceRow.protocol.toUpperCase()}; + } + }, + { + accessorKey: "proxyPort", + header: t("proxyPort"), + cell: ({ row }) => { + const resourceRow = row.original; + return ( + + ); + } + }, + { + accessorKey: "destination", + header: t("resourcesTableDestination"), + cell: ({ row }) => { + const resourceRow = row.original; + const destination = `${resourceRow.destinationIp}:${resourceRow.destinationPort}`; + return ; + } + }, + + { + id: "actions", + cell: ({ row }) => { + const resourceRow = row.original; + return ( +
+ + + + + + { + setSelectedInternalResource( + resourceRow + ); + setIsDeleteModalOpen(true); + }} + > + + {t("delete")} + + + + + +
+ ); + } + } + ]; + + const proxyTable = useReactTable({ + data: resources, + columns: proxyColumns, + getCoreRowModel: getCoreRowModel(), + getPaginationRowModel: getPaginationRowModel(), + onSortingChange: setProxySorting, + getSortedRowModel: getSortedRowModel(), + onColumnFiltersChange: setProxyColumnFilters, + getFilteredRowModel: getFilteredRowModel(), + onGlobalFilterChange: setProxyGlobalFilter, + initialState: { + pagination: { + pageSize: 20, + pageIndex: 0 + } + }, + state: { + sorting: proxySorting, + columnFilters: proxyColumnFilters, + globalFilter: proxyGlobalFilter + } + }); + + const internalTable = useReactTable({ + data: internalResources, + columns: internalColumns, + getCoreRowModel: getCoreRowModel(), + getPaginationRowModel: getPaginationRowModel(), + onSortingChange: setInternalSorting, + getSortedRowModel: getSortedRowModel(), + onColumnFiltersChange: setInternalColumnFilters, + getFilteredRowModel: getFilteredRowModel(), + onGlobalFilterChange: setInternalGlobalFilter, + initialState: { + pagination: { + pageSize: 20, + pageIndex: 0 + } + }, + state: { + sorting: internalSorting, + columnFilters: internalColumnFilters, + globalFilter: internalGlobalFilter + } + }); + return ( <> {selectedResource && ( @@ -320,11 +624,271 @@ export default function SitesTable({ resources, orgId }: ResourcesTableProps) { /> )} - { - router.push(`/${orgId}/settings/resources/create`); + {selectedInternalResource && ( + { + setIsDeleteModalOpen(val); + setSelectedInternalResource(null); + }} + dialog={ +
+

+ {t("resourceQuestionRemove", { + selectedResource: + selectedInternalResource?.name || + selectedInternalResource?.id + })} +

+ +

{t("resourceMessageRemove")}

+ +

{t("resourceMessageConfirm")}

+
+ } + buttonText={t("resourceDeleteConfirm")} + onConfirm={async () => + deleteInternalResource( + selectedInternalResource!.id, + selectedInternalResource!.siteId + ) + } + string={selectedInternalResource.name} + title={t("resourceDelete")} + /> + )} + +
+ + + +
+ {getSearchInput()} + + {env.flags.enableClients && ( + + + {t("resourcesTableProxyResources")} + + + {t("resourcesTableClientResources")} + + + )} +
+
+ {getActionButton()} +
+ + + + + + {proxyTable + .getHeaderGroups() + .map((headerGroup) => ( + + {headerGroup.headers.map( + (header) => ( + + {header.isPlaceholder + ? null + : flexRender( + header + .column + .columnDef + .header, + header.getContext() + )} + + ) + )} + + ))} + + + {proxyTable.getRowModel().rows + ?.length ? ( + proxyTable + .getRowModel() + .rows.map((row) => ( + + {row + .getVisibleCells() + .map((cell) => ( + + {flexRender( + cell + .column + .columnDef + .cell, + cell.getContext() + )} + + ))} + + )) + ) : ( + + + {t( + "resourcesTableNoProxyResourcesFound" + )} + + + )} + +
+
+ +
+ + +
+ + + {t( + "resourcesTableTheseResourcesForUseWith" + )}{" "} + + {t("resourcesTableClients")} + + {" "} + {t( + "resourcesTableAndOnlyAccessibleInternally" + )} + + +
+ + + {internalTable + .getHeaderGroups() + .map((headerGroup) => ( + + {headerGroup.headers.map( + (header) => ( + + {header.isPlaceholder + ? null + : flexRender( + header + .column + .columnDef + .header, + header.getContext() + )} + + ) + )} + + ))} + + + {internalTable.getRowModel().rows + ?.length ? ( + internalTable + .getRowModel() + .rows.map((row) => ( + + {row + .getVisibleCells() + .map((cell) => ( + + {flexRender( + cell + .column + .columnDef + .cell, + cell.getContext() + )} + + ))} + + )) + ) : ( + + + {t( + "resourcesTableNoInternalResourcesFound" + )} + + + )} + +
+
+ +
+ + + + +
+ + {editingResource && ( + { + router.refresh(); + setEditingResource(null); + }} + /> + )} + + { + router.refresh(); }} /> diff --git a/src/app/[orgId]/settings/resources/[resourceId]/ResourceInfoBox.tsx b/src/app/[orgId]/settings/resources/[resourceId]/ResourceInfoBox.tsx index 68331ff9..af7d96fc 100644 --- a/src/app/[orgId]/settings/resources/[resourceId]/ResourceInfoBox.tsx +++ b/src/app/[orgId]/settings/resources/[resourceId]/ResourceInfoBox.tsx @@ -10,35 +10,22 @@ import { InfoSections, InfoSectionTitle } from "@app/components/InfoSection"; -import { useEnvContext } from "@app/hooks/useEnvContext"; -import { useDockerSocket } from "@app/hooks/useDockerSocket"; import { useTranslations } from "next-intl"; -import { AxiosResponse } from "axios"; -import { useEffect, useState } from "react"; -import { Button } from "@/components/ui/button"; -import { RotateCw } from "lucide-react"; -import { createApiClient } from "@app/lib/api"; import { build } from "@server/build"; type ResourceInfoBoxType = {}; export default function ResourceInfoBox({}: ResourceInfoBoxType) { - const { resource, authInfo, site } = useResourceContext(); - const api = createApiClient(useEnvContext()); + const { resource, authInfo } = useResourceContext(); - const { isEnabled, isAvailable } = useDockerSocket(site!); const t = useTranslations(); const fullUrl = `${resource.ssl ? "https" : "http"}://${resource.fullDomain}`; return ( - - - {t("resourceInfo")} - - - + + {resource.http ? ( <> @@ -71,12 +58,6 @@ export default function ResourceInfoBox({}: ResourceInfoBoxType) { /> - - {t("site")} - - {resource.siteName} - - {/* {isEnabled && ( Socket @@ -117,7 +98,7 @@ export default function ResourceInfoBox({}: ResourceInfoBoxType) { /> - {build == "oss" && ( + {/* {build == "oss" && ( {t("externalProxyEnabled")} @@ -130,7 +111,7 @@ export default function ResourceInfoBox({}: ResourceInfoBoxType) { - )} + )} */} )} diff --git a/src/app/[orgId]/settings/resources/[resourceId]/authentication/page.tsx b/src/app/[orgId]/settings/resources/[resourceId]/authentication/page.tsx index c8f6255c..9bb9919a 100644 --- a/src/app/[orgId]/settings/resources/[resourceId]/authentication/page.tsx +++ b/src/app/[orgId]/settings/resources/[resourceId]/authentication/page.tsx @@ -49,6 +49,15 @@ import { UserType } from "@server/types/UserTypes"; import { Alert, AlertDescription, AlertTitle } from "@app/components/ui/alert"; import { InfoIcon } from "lucide-react"; import { useTranslations } from "next-intl"; +import { CheckboxWithLabel } from "@app/components/ui/checkbox"; +import { + Select, + SelectContent, + SelectItem, + SelectTrigger, + SelectValue +} from "@app/components/ui/select"; +import { Separator } from "@app/components/ui/separator"; const UsersRolesFormSchema = z.object({ roles: z.array( @@ -110,6 +119,14 @@ export default function ResourceAuthenticationPage() { resource.emailWhitelistEnabled ); + const [autoLoginEnabled, setAutoLoginEnabled] = useState( + resource.skipToIdpId !== null && resource.skipToIdpId !== undefined + ); + const [selectedIdpId, setSelectedIdpId] = useState( + resource.skipToIdpId || null + ); + const [allIdps, setAllIdps] = useState<{ id: number; text: string }[]>([]); + const [loadingSaveUsersRoles, setLoadingSaveUsersRoles] = useState(false); const [loadingSaveWhitelist, setLoadingSaveWhitelist] = useState(false); @@ -139,7 +156,8 @@ export default function ResourceAuthenticationPage() { resourceRolesResponse, usersResponse, resourceUsersResponse, - whitelist + whitelist, + idpsResponse ] = await Promise.all([ api.get>( `/org/${org?.org.orgId}/roles` @@ -155,7 +173,12 @@ export default function ResourceAuthenticationPage() { ), api.get>( `/resource/${resource.resourceId}/whitelist` - ) + ), + api.get< + AxiosResponse<{ + idps: { idpId: number; name: string }[]; + }> + >("/idp") ]); setAllRoles( @@ -200,6 +223,21 @@ export default function ResourceAuthenticationPage() { })) ); + setAllIdps( + idpsResponse.data.data.idps.map((idp) => ({ + id: idp.idpId, + text: idp.name + })) + ); + + if ( + autoLoginEnabled && + !selectedIdpId && + idpsResponse.data.data.idps.length > 0 + ) { + setSelectedIdpId(idpsResponse.data.data.idps[0].idpId); + } + setPageLoading(false); } catch (e) { console.error(e); @@ -260,6 +298,16 @@ export default function ResourceAuthenticationPage() { try { setLoadingSaveUsersRoles(true); + // Validate that an IDP is selected if auto login is enabled + if (autoLoginEnabled && !selectedIdpId) { + toast({ + variant: "destructive", + title: t("error"), + description: t("selectIdpRequired") + }); + return; + } + const jobs = [ api.post(`/resource/${resource.resourceId}/roles`, { roleIds: data.roles.map((i) => parseInt(i.id)) @@ -268,14 +316,16 @@ export default function ResourceAuthenticationPage() { userIds: data.users.map((i) => i.id) }), api.post(`/resource/${resource.resourceId}`, { - sso: ssoEnabled + sso: ssoEnabled, + skipToIdpId: autoLoginEnabled ? selectedIdpId : null }) ]; await Promise.all(jobs); updateResource({ - sso: ssoEnabled + sso: ssoEnabled, + skipToIdpId: autoLoginEnabled ? selectedIdpId : null }); updateAuthInfo({ @@ -542,6 +592,89 @@ export default function ResourceAuthenticationPage() { /> )} + + {ssoEnabled && allIdps.length > 0 && ( +
+
+ { + setAutoLoginEnabled( + checked as boolean + ); + if ( + checked && + allIdps.length > 0 + ) { + setSelectedIdpId( + allIdps[0].id + ); + } else { + setSelectedIdpId( + null + ); + } + }} + /> +

+ {t( + "autoLoginExternalIdpDescription" + )} +

+
+ + {autoLoginEnabled && ( +
+ + +
+ )} +
+ )} diff --git a/src/app/[orgId]/settings/resources/[resourceId]/general/page.tsx b/src/app/[orgId]/settings/resources/[resourceId]/general/page.tsx index b4e14d64..8c5ee667 100644 --- a/src/app/[orgId]/settings/resources/[resourceId]/general/page.tsx +++ b/src/app/[orgId]/settings/resources/[resourceId]/general/page.tsx @@ -14,19 +14,6 @@ import { FormMessage } from "@/components/ui/form"; import { Input } from "@/components/ui/input"; -import { - Command, - CommandEmpty, - CommandGroup, - CommandInput, - CommandItem -} from "@/components/ui/command"; -import { cn } from "@app/lib/cn"; -import { - Popover, - PopoverContent, - PopoverTrigger -} from "@/components/ui/popover"; import { useResourceContext } from "@app/hooks/useResourceContext"; import { ListSitesResponse } from "@server/routers/site"; import { useEffect, useState } from "react"; @@ -45,25 +32,11 @@ import { SettingsSectionFooter } from "@app/components/Settings"; import { useOrgContext } from "@app/hooks/useOrgContext"; -import CustomDomainInput from "../CustomDomainInput"; import { createApiClient } from "@app/lib/api"; import { useEnvContext } from "@app/hooks/useEnvContext"; -import { subdomainSchema, tlsNameSchema } from "@server/lib/schemas"; -import { CaretSortIcon, CheckIcon } from "@radix-ui/react-icons"; -import { RadioGroup, RadioGroupItem } from "@app/components/ui/radio-group"; import { Label } from "@app/components/ui/label"; import { ListDomainsResponse } from "@server/routers/domain"; -import { - Select, - SelectContent, - SelectItem, - SelectTrigger, - SelectValue -} from "@app/components/ui/select"; -import { - UpdateResourceResponse, - updateResourceRule -} from "@server/routers/resource"; +import { UpdateResourceResponse } from "@server/routers/resource"; import { SwitchInput } from "@app/components/SwitchInput"; import { useTranslations } from "next-intl"; import { Checkbox } from "@app/components/ui/checkbox"; @@ -81,12 +54,6 @@ import DomainPicker from "@app/components/DomainPicker"; import { Globe } from "lucide-react"; import { build } from "@server/build"; -const TransferFormSchema = z.object({ - siteId: z.number() -}); - -type TransferFormValues = z.infer; - export default function GeneralForm() { const [formKey, setFormKey] = useState(0); const params = useParams(); @@ -127,7 +94,7 @@ export default function GeneralForm() { name: z.string().min(1).max(255), domainId: z.string().optional(), proxyPort: z.number().int().min(1).max(65535).optional(), - enableProxy: z.boolean().optional() + // enableProxy: z.boolean().optional() }) .refine( (data) => { @@ -156,18 +123,11 @@ export default function GeneralForm() { subdomain: resource.subdomain ? resource.subdomain : undefined, domainId: resource.domainId || undefined, proxyPort: resource.proxyPort || undefined, - enableProxy: resource.enableProxy || false + // enableProxy: resource.enableProxy || false }, mode: "onChange" }); - const transferForm = useForm({ - resolver: zodResolver(TransferFormSchema), - defaultValues: { - siteId: resource.siteId ? Number(resource.siteId) : undefined - } - }); - useEffect(() => { const fetchSites = async () => { const res = await api.get>( @@ -221,9 +181,9 @@ export default function GeneralForm() { subdomain: data.subdomain, domainId: data.domainId, proxyPort: data.proxyPort, - ...(!resource.http && { - enableProxy: data.enableProxy - }) + // ...(!resource.http && { + // enableProxy: data.enableProxy + // }) } ) .catch((e) => { @@ -251,9 +211,9 @@ export default function GeneralForm() { subdomain: data.subdomain, fullDomain: resource.fullDomain, proxyPort: data.proxyPort, - ...(!resource.http && { - enableProxy: data.enableProxy - }), + // ...(!resource.http && { + // enableProxy: data.enableProxy + // }) }); router.refresh(); @@ -261,40 +221,6 @@ export default function GeneralForm() { setSaveLoading(false); } - async function onTransfer(data: TransferFormValues) { - setTransferLoading(true); - - const res = await api - .post(`resource/${resource?.resourceId}/transfer`, { - siteId: data.siteId - }) - .catch((e) => { - toast({ - variant: "destructive", - title: t("resourceErrorTransfer"), - description: formatAxiosError( - e, - t("resourceErrorTransferDescription") - ) - }); - }); - - if (res && res.status === 200) { - toast({ - title: t("resourceTransferred"), - description: t("resourceTransferredDescription") - }); - router.refresh(); - - updateResource({ - siteName: - sites.find((site) => site.siteId === data.siteId)?.name || - "" - }); - } - setTransferLoading(false); - } - return ( !loadingPage && ( <> @@ -410,7 +336,7 @@ export default function GeneralForm() { )} /> - {build == "oss" && ( + {/* {build == "oss" && ( )} /> - )} + )} */} )} {resource.http && (
- +
@@ -466,7 +394,9 @@ export default function GeneralForm() { ) } > - Edit Domain + {t( + "resourceEditDomain" + )}
@@ -490,140 +420,6 @@ export default function GeneralForm() { - - - - - {t("resourceTransfer")} - - - {t("resourceTransferDescription")} - - - - - -
- - ( - - - {t("siteDestination")} - - - - - - - - - - - - {t( - "sitesNotFound" - )} - - - {sites.map( - ( - site - ) => ( - { - transferForm.setValue( - "siteId", - site.siteId - ); - setOpen( - false - ); - }} - > - { - site.name - } - - - ) - )} - - - - - - - )} - /> - - -
- - - - - - >( `/resource/${params.resourceId}`, @@ -44,19 +43,6 @@ export default async function ResourceLayout(props: ResourceLayoutProps) { redirect(`/${params.orgId}/settings/resources`); } - // Fetch site info - if (resource.siteId) { - try { - const res = await internal.get>( - `/site/${resource.siteId}`, - await authCookieHeader() - ); - site = res.data.data; - } catch { - redirect(`/${params.orgId}/settings/resources`); - } - } - try { const res = await internal.get< AxiosResponse @@ -119,7 +105,6 @@ export default async function ResourceLayout(props: ResourceLayoutProps) { diff --git a/src/app/[orgId]/settings/resources/[resourceId]/proxy/page.tsx b/src/app/[orgId]/settings/resources/[resourceId]/proxy/page.tsx index 7ab02c7e..c6584219 100644 --- a/src/app/[orgId]/settings/resources/[resourceId]/proxy/page.tsx +++ b/src/app/[orgId]/settings/resources/[resourceId]/proxy/page.tsx @@ -3,7 +3,6 @@ import { useEffect, useState, use } from "react"; import { Button } from "@/components/ui/button"; import { Input } from "@/components/ui/input"; -import { Label } from "@/components/ui/label"; import { Select, SelectContent, @@ -34,12 +33,12 @@ import { getPaginationRowModel, getCoreRowModel, useReactTable, - flexRender + flexRender, + Row } from "@tanstack/react-table"; import { Table, TableBody, - TableCaption, TableCell, TableHead, TableHeader, @@ -51,7 +50,7 @@ import { ArrayElement } from "@server/types/ArrayElement"; import { formatAxiosError } from "@app/lib/api/formatAxiosError"; import { useEnvContext } from "@app/hooks/useEnvContext"; import { createApiClient } from "@app/lib/api"; -import { GetSiteResponse } from "@server/routers/site"; +import { GetSiteResponse, ListSitesResponse } from "@server/routers/site"; import { SettingsContainer, SettingsSection, @@ -59,28 +58,48 @@ import { SettingsSectionTitle, SettingsSectionDescription, SettingsSectionBody, - SettingsSectionFooter, - SettingsSectionForm, - SettingsSectionGrid + SettingsSectionForm } from "@app/components/Settings"; import { SwitchInput } from "@app/components/SwitchInput"; import { useRouter } from "next/navigation"; import { isTargetValid } from "@server/lib/validators"; import { tlsNameSchema } from "@server/lib/schemas"; -import { ChevronsUpDown } from "lucide-react"; import { - Collapsible, - CollapsibleContent, - CollapsibleTrigger -} from "@app/components/ui/collapsible"; + CheckIcon, + ChevronsUpDown, + Settings, + Heart, + Check, + CircleCheck, + CircleX +} from "lucide-react"; import { ContainersSelector } from "@app/components/ContainersSelector"; import { useTranslations } from "next-intl"; import { build } from "@server/build"; +import { DockerManager, DockerState } from "@app/lib/docker"; +import { Container } from "@server/routers/site"; +import { + Popover, + PopoverContent, + PopoverTrigger +} from "@app/components/ui/popover"; +import { cn } from "@app/lib/cn"; +import { CaretSortIcon } from "@radix-ui/react-icons"; +import { + Command, + CommandEmpty, + CommandGroup, + CommandInput, + CommandItem, + CommandList +} from "@app/components/ui/command"; +import { Badge } from "@app/components/ui/badge"; const addTargetSchema = z.object({ ip: z.string().refine(isTargetValid), method: z.string().nullable(), - port: z.coerce.number().int().positive() + port: z.coerce.number().int().positive(), + siteId: z.number().int().positive() }); const targetsSettingsSchema = z.object({ @@ -91,12 +110,13 @@ type LocalTarget = Omit< ArrayElement & { new?: boolean; updated?: boolean; + siteType: string | null; }, "protocol" >; export default function ReverseProxyTargets(props: { - params: Promise<{ resourceId: number }>; + params: Promise<{ resourceId: number; orgId: string }>; }) { const params = use(props.params); const t = useTranslations(); @@ -106,15 +126,48 @@ export default function ReverseProxyTargets(props: { const api = createApiClient(useEnvContext()); const [targets, setTargets] = useState([]); - const [site, setSite] = useState(); const [targetsToRemove, setTargetsToRemove] = useState([]); + const [sites, setSites] = useState([]); + const [dockerStates, setDockerStates] = useState>(new Map()); + + const initializeDockerForSite = async (siteId: number) => { + if (dockerStates.has(siteId)) { + return; // Already initialized + } + + const dockerManager = new DockerManager(api, siteId); + const dockerState = await dockerManager.initializeDocker(); + + setDockerStates(prev => new Map(prev.set(siteId, dockerState))); + }; + + const refreshContainersForSite = async (siteId: number) => { + const dockerManager = new DockerManager(api, siteId); + const containers = await dockerManager.fetchContainers(); + + setDockerStates(prev => { + const newMap = new Map(prev); + const existingState = newMap.get(siteId); + if (existingState) { + newMap.set(siteId, { ...existingState, containers }); + } + return newMap; + }); + }; + + const getDockerStateForSite = (siteId: number): DockerState => { + return dockerStates.get(siteId) || { + isEnabled: false, + isAvailable: false, + containers: [] + }; + }; const [httpsTlsLoading, setHttpsTlsLoading] = useState(false); const [targetsLoading, setTargetsLoading] = useState(false); const [proxySettingsLoading, setProxySettingsLoading] = useState(false); const [pageLoading, setPageLoading] = useState(true); - const [isAdvancedOpen, setIsAdvancedOpen] = useState(false); const router = useRouter(); const proxySettingsSchema = z.object({ @@ -167,6 +220,14 @@ export default function ReverseProxyTargets(props: { const watchedIp = addTargetForm.watch("ip"); const watchedPort = addTargetForm.watch("port"); + const watchedSiteId = addTargetForm.watch("siteId"); + + const handleContainerSelect = (hostname: string, port?: number) => { + addTargetForm.setValue("ip", hostname); + if (port) { + addTargetForm.setValue("port", port); + } + }; const tlsSettingsForm = useForm({ resolver: zodResolver(tlsSettingsSchema), @@ -216,28 +277,64 @@ export default function ReverseProxyTargets(props: { }; fetchTargets(); - const fetchSite = async () => { - try { - const res = await api.get>( - `/site/${resource.siteId}` - ); - - if (res.status === 200) { - setSite(res.data.data); - } - } catch (err) { - console.error(err); - toast({ - variant: "destructive", - title: t("siteErrorFetch"), - description: formatAxiosError( - err, - t("siteErrorFetchDescription") - ) + const fetchSites = async () => { + const res = await api + .get< + AxiosResponse + >(`/org/${params.orgId}/sites`) + .catch((e) => { + toast({ + variant: "destructive", + title: t("sitesErrorFetch"), + description: formatAxiosError( + e, + t("sitesErrorFetchDescription") + ) + }); }); + + if (res?.status === 200) { + setSites(res.data.data.sites); + + // Initialize Docker for newt sites + const newtSites = res.data.data.sites.filter(site => site.type === "newt"); + for (const site of newtSites) { + initializeDockerForSite(site.siteId); + } + + // If there's only one site, set it as the default in the form + if (res.data.data.sites.length) { + addTargetForm.setValue( + "siteId", + res.data.data.sites[0].siteId + ); + } } }; - fetchSite(); + fetchSites(); + + // const fetchSite = async () => { + // try { + // const res = await api.get>( + // `/site/${resource.siteId}` + // ); + // + // if (res.status === 200) { + // setSite(res.data.data); + // } + // } catch (err) { + // console.error(err); + // toast({ + // variant: "destructive", + // title: t("siteErrorFetch"), + // description: formatAxiosError( + // err, + // t("siteErrorFetchDescription") + // ) + // }); + // } + // }; + // fetchSite(); }, []); async function addTarget(data: z.infer) { @@ -246,7 +343,8 @@ export default function ReverseProxyTargets(props: { (target) => target.ip === data.ip && target.port === data.port && - target.method === data.method + target.method === data.method && + target.siteId === data.siteId ); if (isDuplicate) { @@ -258,34 +356,37 @@ export default function ReverseProxyTargets(props: { return; } - if (site && site.type == "wireguard" && site.subnet) { - // make sure that the target IP is within the site subnet - const targetIp = data.ip; - const subnet = site.subnet; - try { - if (!isIPInSubnet(targetIp, subnet)) { - toast({ - variant: "destructive", - title: t("targetWireGuardErrorInvalidIp"), - description: t( - "targetWireGuardErrorInvalidIpDescription" - ) - }); - return; - } - } catch (error) { - console.error(error); - toast({ - variant: "destructive", - title: t("targetWireGuardErrorInvalidIp"), - description: t("targetWireGuardErrorInvalidIpDescription") - }); - return; - } - } + // if (site && site.type == "wireguard" && site.subnet) { + // // make sure that the target IP is within the site subnet + // const targetIp = data.ip; + // const subnet = site.subnet; + // try { + // if (!isIPInSubnet(targetIp, subnet)) { + // toast({ + // variant: "destructive", + // title: t("targetWireGuardErrorInvalidIp"), + // description: t( + // "targetWireGuardErrorInvalidIpDescription" + // ) + // }); + // return; + // } + // } catch (error) { + // console.error(error); + // toast({ + // variant: "destructive", + // title: t("targetWireGuardErrorInvalidIp"), + // description: t("targetWireGuardErrorInvalidIpDescription") + // }); + // return; + // } + // } + + const site = sites.find((site) => site.siteId === data.siteId); const newTarget: LocalTarget = { ...data, + siteType: site?.type || null, enabled: true, targetId: new Date().getTime(), new: true, @@ -311,10 +412,16 @@ export default function ReverseProxyTargets(props: { }; async function updateTarget(targetId: number, data: Partial) { + const site = sites.find((site) => site.siteId === data.siteId); setTargets( targets.map((target) => target.targetId === targetId - ? { ...target, ...data, updated: true } + ? { + ...target, + ...data, + updated: true, + siteType: site?.type || null + } : target ) ); @@ -332,7 +439,8 @@ export default function ReverseProxyTargets(props: { ip: target.ip, port: target.port, method: target.method, - enabled: target.enabled + enabled: target.enabled, + siteId: target.siteId }; if (target.new) { @@ -403,6 +511,135 @@ export default function ReverseProxyTargets(props: { } const columns: ColumnDef[] = [ + { + accessorKey: "siteId", + header: t("site"), + cell: ({ row }) => { + const selectedSite = sites.find( + (site) => site.siteId === row.original.siteId + ); + + const handleContainerSelectForTarget = ( + hostname: string, + port?: number + ) => { + updateTarget(row.original.targetId, { + ...row.original, + ip: hostname + }); + if (port) { + updateTarget(row.original.targetId, { + ...row.original, + port: port + }); + } + }; + + return ( +
+ + + + + + + + + + {t("siteNotFound")} + + + {sites.map((site) => ( + { + updateTarget( + row.original + .targetId, + { + siteId: site.siteId + } + ); + }} + > + + {site.name} + + ))} + + + + + + {selectedSite && selectedSite.type === "newt" && (() => { + const dockerState = getDockerStateForSite(selectedSite.siteId); + return ( + refreshContainersForSite(selectedSite.siteId)} + /> + ); + })()} +
+ ); + } + }, + ...(resource.http + ? [ + { + accessorKey: "method", + header: t("method"), + cell: ({ row }: { row: Row }) => ( + + ) + } + ] + : []), { accessorKey: "ip", header: t("targetAddr"), @@ -412,6 +649,7 @@ export default function ReverseProxyTargets(props: { className="min-w-[150px]" onBlur={(e) => updateTarget(row.original.targetId, { + ...row.original, ip: e.target.value }) } @@ -428,6 +666,7 @@ export default function ReverseProxyTargets(props: { className="min-w-[100px]" onBlur={(e) => updateTarget(row.original.targetId, { + ...row.original, port: parseInt(e.target.value, 10) }) } @@ -451,7 +690,7 @@ export default function ReverseProxyTargets(props: { // // // ), - // }, + // }, { accessorKey: "enabled", header: t("enabled"), @@ -459,7 +698,10 @@ export default function ReverseProxyTargets(props: { - updateTarget(row.original.targetId, { enabled: val }) + updateTarget(row.original.targetId, { + ...row.original, + enabled: val + }) } /> ) @@ -489,33 +731,6 @@ export default function ReverseProxyTargets(props: { } ]; - if (resource.http) { - const methodCol: ColumnDef = { - accessorKey: "method", - header: t("method"), - cell: ({ row }) => ( - - ) - }; - - // add this to the first column - columns.unshift(methodCol); - } - const table = useReactTable({ data: targets, columns, @@ -545,221 +760,355 @@ export default function ReverseProxyTargets(props: { - -
+
+ - {targets.length >= 2 && ( +
( - - - { - field.onChange(val); - }} - /> - + + + {t("site")} + +
+ + + + + + + + + + + + {t( + "siteNotFound" + )} + + + {sites.map( + ( + site + ) => ( + { + addTargetForm.setValue( + "siteId", + site.siteId + ); + }} + > + + { + site.name + } + + ) + )} + + + + + + + {field.value && + (() => { + const selectedSite = + sites.find( + (site) => + site.siteId === + field.value + ); + return selectedSite && + selectedSite.type === + "newt" ? (() => { + const dockerState = getDockerStateForSite(selectedSite.siteId); + return ( + refreshContainersForSite(selectedSite.siteId)} + /> + ); + })() : null; + })()} +
+ )} /> - )} - - - -
- -
- {resource.http && ( + {resource.http && ( + ( + + + {t("method")} + + + + + + + )} + /> + )} + ( - + - {t("method")} + {t("targetAddr")} - + )} /> - )} - - ( - - - {t("targetAddr")} - - - - - {site && site.type == "newt" && ( - { - addTargetForm.setValue( - "ip", - hostname - ); - if (port) { - addTargetForm.setValue( - "port", - port - ); - } - }} - /> - )} - - - )} - /> - ( - - - {t("targetPort")} - - - - - - - )} - /> - -
-
- - - - - {table.getHeaderGroups().map((headerGroup) => ( - - {headerGroup.headers.map((header) => ( - - {header.isPlaceholder - ? null - : flexRender( - header.column.columnDef - .header, - header.getContext() - )} - - ))} - - ))} - - - {table.getRowModel().rows?.length ? ( - table.getRowModel().rows.map((row) => ( - - {row.getVisibleCells().map((cell) => ( - - {flexRender( - cell.column.columnDef.cell, - cell.getContext() - )} - - ))} - - )) - ) : ( - - ( + + + {t("targetPort")} + + + + + + + )} + /> +
+ {t("targetSubmit")} + +
+ + +
+ + {targets.length > 0 ? ( + <> +
+ {t("targetsList")} +
+ +
+ + ( + + + { + field.onChange( + val + ); + }} + /> + + + )} + /> + + +
+
+ + + {table + .getHeaderGroups() + .map((headerGroup) => ( + + {headerGroup.headers.map( + (header) => ( + + {header.isPlaceholder + ? null + : flexRender( + header + .column + .columnDef + .header, + header.getContext() + )} + + ) + )} + + ))} + + + {table.getRowModel().rows?.length ? ( + table + .getRowModel() + .rows.map((row) => ( + + {row + .getVisibleCells() + .map((cell) => ( + + {flexRender( + cell + .column + .columnDef + .cell, + cell.getContext() + )} + + ))} + + )) + ) : ( + + + {t("targetNoOne")} + + + )} + + {/* */} + {/* {t('targetNoOneDescription')} */} + {/* */} +
+
+ + ) : ( +
+

+ {t("targetNoOne")} +

+
+ )} @@ -885,7 +1234,7 @@ export default function ReverseProxyTargets(props: { proxySettingsLoading } > - {t("saveAllSettings")} + {t("saveSettings")} diff --git a/src/app/[orgId]/settings/resources/create/page.tsx b/src/app/[orgId]/settings/resources/create/page.tsx index fc90d26c..438b8917 100644 --- a/src/app/[orgId]/settings/resources/create/page.tsx +++ b/src/app/[orgId]/settings/resources/create/page.tsx @@ -42,9 +42,7 @@ import { SelectTrigger, SelectValue } from "@app/components/ui/select"; -import { subdomainSchema } from "@server/lib/schemas"; import { ListDomainsResponse } from "@server/routers/domain"; -import LoaderPlaceholder from "@app/components/PlaceHolderLoader"; import { Command, CommandEmpty, @@ -66,10 +64,33 @@ import Link from "next/link"; import { useTranslations } from "next-intl"; import DomainPicker from "@app/components/DomainPicker"; import { build } from "@server/build"; +import { ContainersSelector } from "@app/components/ContainersSelector"; +import { + ColumnDef, + getFilteredRowModel, + getSortedRowModel, + getPaginationRowModel, + getCoreRowModel, + useReactTable, + flexRender, + Row +} from "@tanstack/react-table"; +import { + Table, + TableBody, + TableCell, + TableHead, + TableHeader, + TableRow +} from "@app/components/ui/table"; +import { Switch } from "@app/components/ui/switch"; +import { ArrayElement } from "@server/types/ArrayElement"; +import { isTargetValid } from "@server/lib/validators"; +import { ListTargetsResponse } from "@server/routers/target"; +import { DockerManager, DockerState } from "@app/lib/docker"; const baseResourceFormSchema = z.object({ name: z.string().min(1).max(255), - siteId: z.number(), http: z.boolean() }); @@ -80,8 +101,15 @@ const httpResourceFormSchema = z.object({ const tcpUdpResourceFormSchema = z.object({ protocol: z.string(), - proxyPort: z.number().int().min(1).max(65535), - enableProxy: z.boolean().default(false) + proxyPort: z.number().int().min(1).max(65535) + // enableProxy: z.boolean().default(false) +}); + +const addTargetSchema = z.object({ + ip: z.string().refine(isTargetValid), + method: z.string().nullable(), + port: z.coerce.number().int().positive(), + siteId: z.number().int().positive() }); type BaseResourceFormValues = z.infer; @@ -97,6 +125,15 @@ interface ResourceTypeOption { disabled?: boolean; } +type LocalTarget = Omit< + ArrayElement & { + new?: boolean; + updated?: boolean; + siteType: string | null; + }, + "protocol" +>; + export default function Page() { const { env } = useEnvContext(); const api = createApiClient({ env }); @@ -113,6 +150,11 @@ export default function Page() { const [showSnippets, setShowSnippets] = useState(false); const [resourceId, setResourceId] = useState(null); + // Target management state + const [targets, setTargets] = useState([]); + const [targetsToRemove, setTargetsToRemove] = useState([]); + const [dockerStates, setDockerStates] = useState>(new Map()); + const resourceTypes: ReadonlyArray = [ { id: "http", @@ -147,11 +189,128 @@ export default function Page() { resolver: zodResolver(tcpUdpResourceFormSchema), defaultValues: { protocol: "tcp", - proxyPort: undefined, - enableProxy: false + proxyPort: undefined + // enableProxy: false } }); + const addTargetForm = useForm({ + resolver: zodResolver(addTargetSchema), + defaultValues: { + ip: "", + method: baseForm.watch("http") ? "http" : null, + port: "" as any as number + } as z.infer + }); + + const watchedIp = addTargetForm.watch("ip"); + const watchedPort = addTargetForm.watch("port"); + const watchedSiteId = addTargetForm.watch("siteId"); + + const handleContainerSelect = (hostname: string, port?: number) => { + addTargetForm.setValue("ip", hostname); + if (port) { + addTargetForm.setValue("port", port); + } + }; + + const initializeDockerForSite = async (siteId: number) => { + if (dockerStates.has(siteId)) { + return; // Already initialized + } + + const dockerManager = new DockerManager(api, siteId); + const dockerState = await dockerManager.initializeDocker(); + + setDockerStates(prev => new Map(prev.set(siteId, dockerState))); + }; + + const refreshContainersForSite = async (siteId: number) => { + const dockerManager = new DockerManager(api, siteId); + const containers = await dockerManager.fetchContainers(); + + setDockerStates(prev => { + const newMap = new Map(prev); + const existingState = newMap.get(siteId); + if (existingState) { + newMap.set(siteId, { ...existingState, containers }); + } + return newMap; + }); + }; + + const getDockerStateForSite = (siteId: number): DockerState => { + return dockerStates.get(siteId) || { + isEnabled: false, + isAvailable: false, + containers: [] + }; + }; + + async function addTarget(data: z.infer) { + // Check if target with same IP, port and method already exists + const isDuplicate = targets.some( + (target) => + target.ip === data.ip && + target.port === data.port && + target.method === data.method && + target.siteId === data.siteId + ); + + if (isDuplicate) { + toast({ + variant: "destructive", + title: t("targetErrorDuplicate"), + description: t("targetErrorDuplicateDescription") + }); + return; + } + + const site = sites.find((site) => site.siteId === data.siteId); + + const newTarget: LocalTarget = { + ...data, + siteType: site?.type || null, + enabled: true, + targetId: new Date().getTime(), + new: true, + resourceId: 0 // Will be set when resource is created + }; + + setTargets([...targets, newTarget]); + addTargetForm.reset({ + ip: "", + method: baseForm.watch("http") ? "http" : null, + port: "" as any as number + }); + } + + const removeTarget = (targetId: number) => { + setTargets([ + ...targets.filter((target) => target.targetId !== targetId) + ]); + + if (!targets.find((target) => target.targetId === targetId)?.new) { + setTargetsToRemove([...targetsToRemove, targetId]); + } + }; + + async function updateTarget(targetId: number, data: Partial) { + const site = sites.find((site) => site.siteId === data.siteId); + setTargets( + targets.map((target) => + target.targetId === targetId + ? { + ...target, + ...data, + updated: true, + siteType: site?.type || null + } + : target + ) + ); + } + async function onSubmit() { setCreateLoading(true); @@ -161,7 +320,6 @@ export default function Page() { try { const payload = { name: baseData.name, - siteId: baseData.siteId, http: baseData.http }; @@ -176,15 +334,15 @@ export default function Page() { const tcpUdpData = tcpUdpForm.getValues(); Object.assign(payload, { protocol: tcpUdpData.protocol, - proxyPort: tcpUdpData.proxyPort, - enableProxy: tcpUdpData.enableProxy + proxyPort: tcpUdpData.proxyPort + // enableProxy: tcpUdpData.enableProxy }); } const res = await api .put< AxiosResponse - >(`/org/${orgId}/site/${baseData.siteId}/resource/`, payload) + >(`/org/${orgId}/resource/`, payload) .catch((e) => { toast({ variant: "destructive", @@ -200,18 +358,45 @@ export default function Page() { const id = res.data.data.resourceId; setResourceId(id); + // Create targets if any exist + if (targets.length > 0) { + try { + for (const target of targets) { + const data = { + ip: target.ip, + port: target.port, + method: target.method, + enabled: target.enabled, + siteId: target.siteId + }; + + await api.put(`/resource/${id}/target`, data); + } + } catch (targetError) { + console.error("Error creating targets:", targetError); + toast({ + variant: "destructive", + title: t("targetErrorCreate"), + description: formatAxiosError( + targetError, + t("targetErrorCreateDescription") + ) + }); + } + } + if (isHttp) { router.push(`/${orgId}/settings/resources/${id}`); } else { const tcpUdpData = tcpUdpForm.getValues(); // Only show config snippets if enableProxy is explicitly true - if (tcpUdpData.enableProxy === true) { - setShowSnippets(true); - router.refresh(); - } else { - // If enableProxy is false or undefined, go directly to resource page - router.push(`/${orgId}/settings/resources/${id}`); - } + // if (tcpUdpData.enableProxy === true) { + setShowSnippets(true); + router.refresh(); + // } else { + // // If enableProxy is false or undefined, go directly to resource page + // router.push(`/${orgId}/settings/resources/${id}`); + // } } } } catch (e) { @@ -249,8 +434,16 @@ export default function Page() { if (res?.status === 200) { setSites(res.data.data.sites); - if (res.data.data.sites.length > 0) { - baseForm.setValue( + // Initialize Docker for newt sites + for (const site of res.data.data.sites) { + if (site.type === "newt") { + initializeDockerForSite(site.siteId); + } + } + + // If there's only one site, set it as the default in the form + if (res.data.data.sites.length) { + addTargetForm.setValue( "siteId", res.data.data.sites[0].siteId ); @@ -292,6 +485,216 @@ export default function Page() { load(); }, []); + const columns: ColumnDef[] = [ + { + accessorKey: "siteId", + header: t("site"), + cell: ({ row }) => { + const selectedSite = sites.find( + (site) => site.siteId === row.original.siteId + ); + + const handleContainerSelectForTarget = ( + hostname: string, + port?: number + ) => { + updateTarget(row.original.targetId, { + ...row.original, + ip: hostname + }); + if (port) { + updateTarget(row.original.targetId, { + ...row.original, + port: port + }); + } + }; + + return ( +
+ + + + + + + + + + {t("siteNotFound")} + + + {sites.map((site) => ( + { + updateTarget( + row.original + .targetId, + { + siteId: site.siteId + } + ); + }} + > + + {site.name} + + ))} + + + + + + {selectedSite && selectedSite.type === "newt" && (() => { + const dockerState = getDockerStateForSite(selectedSite.siteId); + return ( + refreshContainersForSite(selectedSite.siteId)} + /> + ); + })()} +
+ ); + } + }, + ...(baseForm.watch("http") + ? [ + { + accessorKey: "method", + header: t("method"), + cell: ({ row }: { row: Row }) => ( + + ) + } + ] + : []), + { + accessorKey: "ip", + header: t("targetAddr"), + cell: ({ row }) => ( + + updateTarget(row.original.targetId, { + ...row.original, + ip: e.target.value + }) + } + /> + ) + }, + { + accessorKey: "port", + header: t("targetPort"), + cell: ({ row }) => ( + + updateTarget(row.original.targetId, { + ...row.original, + port: parseInt(e.target.value, 10) + }) + } + /> + ) + }, + { + accessorKey: "enabled", + header: t("enabled"), + cell: ({ row }) => ( + + updateTarget(row.original.targetId, { + ...row.original, + enabled: val + }) + } + /> + ) + }, + { + id: "actions", + cell: ({ row }) => ( + <> +
+ +
+ + ) + } + ]; + + const table = useReactTable({ + data: targets, + columns, + getCoreRowModel: getCoreRowModel(), + getPaginationRowModel: getPaginationRowModel(), + getSortedRowModel: getSortedRowModel(), + getFilteredRowModel: getFilteredRowModel(), + state: { + pagination: { + pageIndex: 0, + pageSize: 1000 + } + } + }); + return ( <>
@@ -348,104 +751,6 @@ export default function Page() { )} /> - - ( - - - {t("site")} - - - - - - - - - - - - - {t( - "siteNotFound" - )} - - - {sites.map( - ( - site - ) => ( - { - baseForm.setValue( - "siteId", - site.siteId - ); - }} - > - - { - site.name - } - - ) - )} - - - - - - - - {t( - "siteSelectionDescription" - )} - - - )} - /> @@ -471,6 +776,13 @@ export default function Page() { "http", value === "http" ); + // Update method default when switching resource type + addTargetForm.setValue( + "method", + value === "http" + ? "http" + : null + ); }} cols={2} /> @@ -616,7 +928,7 @@ export default function Page() { )} /> - {build == "oss" && ( + {/* {build == "oss" && ( )} /> - )} + )} */} @@ -662,6 +974,379 @@ export default function Page() { )} + + + + {t("targets")} + + + {t("targetsDescription")} + + + +
+
+ +
+ ( + + + {t("site")} + +
+ + + + + + + + + + + + {t( + "siteNotFound" + )} + + + {sites.map( + ( + site + ) => ( + { + addTargetForm.setValue( + "siteId", + site.siteId + ); + }} + > + + { + site.name + } + + ) + )} + + + + + + + {field.value && + (() => { + const selectedSite = + sites.find( + ( + site + ) => + site.siteId === + field.value + ); + return selectedSite && + selectedSite.type === + "newt" ? (() => { + const dockerState = getDockerStateForSite(selectedSite.siteId); + return ( + refreshContainersForSite(selectedSite.siteId)} + /> + ); + })() : null; + })()} +
+ + + )} + /> + + {baseForm.watch("http") && ( + ( + + + {t( + "method" + )} + + + + + + + )} + /> + )} + + ( + + + {t( + "targetAddr" + )} + + + + + + + )} + /> + ( + + + {t( + "targetPort" + )} + + + + + + + )} + /> + +
+
+ +
+ + {targets.length > 0 ? ( + <> +
+ {t("targetsList")} +
+
+ + + {table + .getHeaderGroups() + .map( + ( + headerGroup + ) => ( + + {headerGroup.headers.map( + ( + header + ) => ( + + {header.isPlaceholder + ? null + : flexRender( + header + .column + .columnDef + .header, + header.getContext() + )} + + ) + )} + + ) + )} + + + {table.getRowModel() + .rows?.length ? ( + table + .getRowModel() + .rows.map( + (row) => ( + + {row + .getVisibleCells() + .map( + ( + cell + ) => ( + + {flexRender( + cell + .column + .columnDef + .cell, + cell.getContext() + )} + + ) + )} + + ) + ) + ) : ( + + + {t( + "targetNoOne" + )} + + + )} + +
+
+ + ) : ( +
+

+ {t("targetNoOne")} +

+
+ )} + + +
diff --git a/src/app/[orgId]/settings/sites/SitesSplashCard.tsx b/src/app/[orgId]/settings/sites/SitesSplashCard.tsx index 8bab93e6..35d7bd83 100644 --- a/src/app/[orgId]/settings/sites/SitesSplashCard.tsx +++ b/src/app/[orgId]/settings/sites/SitesSplashCard.tsx @@ -64,7 +64,7 @@ export const SitesSplashCard = () => {
diff --git a/src/app/[orgId]/settings/sites/[niceId]/SiteInfoCard.tsx b/src/app/[orgId]/settings/sites/[niceId]/SiteInfoCard.tsx index 6094f167..5eed91c5 100644 --- a/src/app/[orgId]/settings/sites/[niceId]/SiteInfoCard.tsx +++ b/src/app/[orgId]/settings/sites/[niceId]/SiteInfoCard.tsx @@ -33,9 +33,7 @@ export default function SiteInfoCard({}: SiteInfoCardProps) { return ( - - {t("siteInfo")} - + {(site.type == "newt" || site.type == "wireguard") && ( <> @@ -68,7 +66,7 @@ export default function SiteInfoCard({}: SiteInfoCardProps) { - {env.flags.enableClients && ( + {env.flags.enableClients && site.type == "newt" && ( Address diff --git a/src/app/[orgId]/settings/sites/[niceId]/general/page.tsx b/src/app/[orgId]/settings/sites/[niceId]/general/page.tsx index 1581d961..8bd8dc4b 100644 --- a/src/app/[orgId]/settings/sites/[niceId]/general/page.tsx +++ b/src/app/[orgId]/settings/sites/[niceId]/general/page.tsx @@ -38,12 +38,14 @@ import { Tag, TagInput } from "@app/components/tags/tag-input"; const GeneralFormSchema = z.object({ name: z.string().nonempty("Name is required"), dockerSocketEnabled: z.boolean().optional(), - remoteSubnets: z.array( - z.object({ - id: z.string(), - text: z.string() - }) - ).optional() + remoteSubnets: z + .array( + z.object({ + id: z.string(), + text: z.string() + }) + ) + .optional() }); type GeneralFormValues = z.infer; @@ -55,7 +57,9 @@ export default function GeneralPage() { const api = createApiClient(useEnvContext()); const [loading, setLoading] = useState(false); - const [activeCidrTagIndex, setActiveCidrTagIndex] = useState(null); + const [activeCidrTagIndex, setActiveCidrTagIndex] = useState( + null + ); const router = useRouter(); const t = useTranslations(); @@ -65,11 +69,11 @@ export default function GeneralPage() { defaultValues: { name: site?.name, dockerSocketEnabled: site?.dockerSocketEnabled ?? false, - remoteSubnets: site?.remoteSubnets - ? site.remoteSubnets.split(',').map((subnet, index) => ({ - id: subnet.trim(), - text: subnet.trim() - })) + remoteSubnets: site?.remoteSubnets + ? site.remoteSubnets.split(",").map((subnet, index) => ({ + id: subnet.trim(), + text: subnet.trim() + })) : [] }, mode: "onChange" @@ -82,7 +86,10 @@ export default function GeneralPage() { .post(`/site/${site?.siteId}`, { name: data.name, dockerSocketEnabled: data.dockerSocketEnabled, - remoteSubnets: data.remoteSubnets?.map(subnet => subnet.text).join(',') || '' + remoteSubnets: + data.remoteSubnets + ?.map((subnet) => subnet.text) + .join(",") || "" }) .catch((e) => { toast({ @@ -98,7 +105,8 @@ export default function GeneralPage() { updateSite({ name: data.name, dockerSocketEnabled: data.dockerSocketEnabled, - remoteSubnets: data.remoteSubnets?.map(subnet => subnet.text).join(',') || '' + remoteSubnets: + data.remoteSubnets?.map((subnet) => subnet.text).join(",") || "" }); toast({ @@ -144,43 +152,65 @@ export default function GeneralPage() { )} /> - - ( - - {t("remoteSubnets")} - - { - form.setValue( - "remoteSubnets", - newSubnets as Tag[] - ); - }} - validateTag={(tag) => { - // Basic CIDR validation regex - const cidrRegex = /^(\d{1,3}\.){3}\d{1,3}\/\d{1,2}$/; - return cidrRegex.test(tag); - }} - allowDuplicates={false} - sortTags={true} - /> - - - {t("remoteSubnetsDescription")} - - - - )} - /> + + {env.flags.enableClients && + site.type === "newt" ? ( + ( + + + {t("remoteSubnets")} + + + { + form.setValue( + "remoteSubnets", + newSubnets as Tag[] + ); + }} + validateTag={(tag) => { + // Basic CIDR validation regex + const cidrRegex = + /^(\d{1,3}\.){3}\d{1,3}\/\d{1,2}$/; + return cidrRegex.test( + tag + ); + }} + allowDuplicates={false} + sortTags={true} + /> + + + {t( + "remoteSubnetsDescription" + )} + + + + )} + /> + ) : null} {site && site.type === "newt" && ( ; linux: Record; + freebsd: Record; windows: Record; docker: Record; podman: Record; @@ -107,7 +109,8 @@ export default function Page() { }), method: z.enum(["newt", "wireguard", "local"]), copied: z.boolean(), - clientAddress: z.string().optional() + clientAddress: z.string().optional(), + acceptClients: z.boolean() }) .refine( (data) => { @@ -140,7 +143,7 @@ export default function Page() { { id: "wireguard" as SiteType, title: t("siteWg"), - description: t("siteWgDescription"), + description: build == "saas" ? t("siteWgDescriptionSaas") : t("siteWgDescription"), disabled: true } ]), @@ -150,7 +153,7 @@ export default function Page() { { id: "local" as SiteType, title: t("local"), - description: t("siteLocalDescription") + description: build == "saas" ? t("siteLocalDescriptionSaas") : t("siteLocalDescription") } ]) ]); @@ -170,6 +173,8 @@ export default function Page() { const [wgConfig, setWgConfig] = useState(""); const [createLoading, setCreateLoading] = useState(false); + const [acceptClients, setAcceptClients] = useState(false); + const [newtVersion, setNewtVersion] = useState("latest"); const [siteDefaults, setSiteDefaults] = useState(null); @@ -199,55 +204,61 @@ PersistentKeepalive = 5`; id: string, secret: string, endpoint: string, - version: string + version: string, + acceptClients: boolean = false ) => { + const acceptClientsFlag = acceptClients ? " --accept-clients" : ""; + const acceptClientsEnv = acceptClients + ? "\n - ACCEPT_CLIENTS=true" + : ""; + const commands = { mac: { - "Apple Silicon (arm64)": [ - `curl -L -o newt "https://github.com/fosrl/newt/releases/download/${version}/newt_darwin_arm64" && chmod +x ./newt`, - `./newt --id ${id} --secret ${secret} --endpoint ${endpoint}` - ], - "Intel x64 (amd64)": [ - `curl -L -o newt "https://github.com/fosrl/newt/releases/download/${version}/newt_darwin_amd64" && chmod +x ./newt`, - `./newt --id ${id} --secret ${secret} --endpoint ${endpoint}` + All: [ + `curl -fsSL https://digpangolin.com/get-newt.sh | bash`, + `newt --id ${id} --secret ${secret} --endpoint ${endpoint}${acceptClientsFlag}` ] + // "Intel x64 (amd64)": [ + // `curl -fsSL https://digpangolin.com/get-newt.sh | bash`, + // `newt --id ${id} --secret ${secret} --endpoint ${endpoint}${acceptClientsFlag}` + // ] }, linux: { - amd64: [ - `wget -O newt "https://github.com/fosrl/newt/releases/download/${version}/newt_linux_amd64" && chmod +x ./newt`, - `./newt --id ${id} --secret ${secret} --endpoint ${endpoint}` - ], - arm64: [ - `wget -O newt "https://github.com/fosrl/newt/releases/download/${version}/newt_linux_arm64" && chmod +x ./newt`, - `./newt --id ${id} --secret ${secret} --endpoint ${endpoint}` - ], - arm32: [ - `wget -O newt "https://github.com/fosrl/newt/releases/download/${version}/newt_linux_arm32" && chmod +x ./newt`, - `./newt --id ${id} --secret ${secret} --endpoint ${endpoint}` - ], - arm32v6: [ - `wget -O newt "https://github.com/fosrl/newt/releases/download/${version}/newt_linux_arm32v6" && chmod +x ./newt`, - `./newt --id ${id} --secret ${secret} --endpoint ${endpoint}` - ], - riscv64: [ - `wget -O newt "https://github.com/fosrl/newt/releases/download/${version}/newt_linux_riscv64" && chmod +x ./newt`, - `./newt --id ${id} --secret ${secret} --endpoint ${endpoint}` + All: [ + `curl -fsSL https://digpangolin.com/get-newt.sh | bash`, + `newt --id ${id} --secret ${secret} --endpoint ${endpoint}${acceptClientsFlag}` ] + // arm64: [ + // `curl -fsSL https://digpangolin.com/get-newt.sh | bash`, + // `newt --id ${id} --secret ${secret} --endpoint ${endpoint}${acceptClientsFlag}` + // ], + // arm32: [ + // `curl -fsSL https://digpangolin.com/get-newt.sh | bash`, + // `newt --id ${id} --secret ${secret} --endpoint ${endpoint}${acceptClientsFlag}` + // ], + // arm32v6: [ + // `curl -fsSL https://digpangolin.com/get-newt.sh | bash`, + // `newt --id ${id} --secret ${secret} --endpoint ${endpoint}${acceptClientsFlag}` + // ], + // riscv64: [ + // `curl -fsSL https://digpangolin.com/get-newt.sh | bash`, + // `newt --id ${id} --secret ${secret} --endpoint ${endpoint}${acceptClientsFlag}` + // ] }, freebsd: { - amd64: [ - `fetch -o newt "https://github.com/fosrl/newt/releases/download/${version}/newt_freebsd_amd64" && chmod +x ./newt`, - `./newt --id ${id} --secret ${secret} --endpoint ${endpoint}` - ], - arm64: [ - `fetch -o newt "https://github.com/fosrl/newt/releases/download/${version}/newt_freebsd_arm64" && chmod +x ./newt`, - `./newt --id ${id} --secret ${secret} --endpoint ${endpoint}` + All: [ + `curl -fsSL https://digpangolin.com/get-newt.sh | bash`, + `newt --id ${id} --secret ${secret} --endpoint ${endpoint}${acceptClientsFlag}` ] + // arm64: [ + // `curl -fsSL https://digpangolin.com/get-newt.sh | bash`, + // `newt --id ${id} --secret ${secret} --endpoint ${endpoint}${acceptClientsFlag}` + // ] }, windows: { x64: [ `curl -o newt.exe -L "https://github.com/fosrl/newt/releases/download/${version}/newt_windows_amd64.exe"`, - `newt.exe --id ${id} --secret ${secret} --endpoint ${endpoint}` + `newt.exe --id ${id} --secret ${secret} --endpoint ${endpoint}${acceptClientsFlag}` ] }, docker: { @@ -260,10 +271,10 @@ PersistentKeepalive = 5`; environment: - PANGOLIN_ENDPOINT=${endpoint} - NEWT_ID=${id} - - NEWT_SECRET=${secret}` + - NEWT_SECRET=${secret}${acceptClientsEnv}` ], "Docker Run": [ - `docker run -dit fosrl/newt --id ${id} --secret ${secret} --endpoint ${endpoint}` + `docker run -dit fosrl/newt --id ${id} --secret ${secret} --endpoint ${endpoint}${acceptClientsFlag}` ] }, podman: { @@ -276,7 +287,7 @@ ContainerName=newt Image=docker.io/fosrl/newt Environment=PANGOLIN_ENDPOINT=${endpoint} Environment=NEWT_ID=${id} -Environment=NEWT_SECRET=${secret} +Environment=NEWT_SECRET=${secret}${acceptClients ? "\nEnvironment=ACCEPT_CLIENTS=true" : ""} # Secret=newt-secret,type=env,target=NEWT_SECRET [Service] @@ -286,16 +297,16 @@ Restart=always WantedBy=default.target` ], "Podman Run": [ - `podman run -dit docker.io/fosrl/newt --id ${id} --secret ${secret} --endpoint ${endpoint}` + `podman run -dit docker.io/fosrl/newt --id ${id} --secret ${secret} --endpoint ${endpoint}${acceptClientsFlag}` ] }, nixos: { - x86_64: [ - `nix run 'nixpkgs#fosrl-newt' -- --id ${id} --secret ${secret} --endpoint ${endpoint}` + All: [ + `nix run 'nixpkgs#fosrl-newt' -- --id ${id} --secret ${secret} --endpoint ${endpoint}${acceptClientsFlag}` ], - aarch64: [ - `nix run 'nixpkgs#fosrl-newt' -- --id ${id} --secret ${secret} --endpoint ${endpoint}` - ] + // aarch64: [ + // `nix run 'nixpkgs#fosrl-newt' -- --id ${id} --secret ${secret} --endpoint ${endpoint}${acceptClientsFlag}` + // ] } }; setCommands(commands); @@ -304,9 +315,11 @@ WantedBy=default.target` const getArchitectures = () => { switch (platform) { case "linux": - return ["amd64", "arm64", "arm32", "arm32v6", "riscv64"]; + // return ["amd64", "arm64", "arm32", "arm32v6", "riscv64"]; + return ["All"]; case "mac": - return ["Apple Silicon (arm64)", "Intel x64 (amd64)"]; + // return ["Apple Silicon (arm64)", "Intel x64 (amd64)"]; + return ["All"]; case "windows": return ["x64"]; case "docker": @@ -314,9 +327,11 @@ WantedBy=default.target` case "podman": return ["Podman Quadlet", "Podman Run"]; case "freebsd": - return ["amd64", "arm64"]; + // return ["amd64", "arm64"]; + return ["All"]; case "nixos": - return ["x86_64", "aarch64"]; + // return ["x86_64", "aarch64"]; + return ["All"]; default: return ["x64"]; } @@ -381,7 +396,7 @@ WantedBy=default.target` case "freebsd": return ; case "nixos": - return ; + return ; default: return ; } @@ -393,7 +408,8 @@ WantedBy=default.target` name: "", copied: false, method: "newt", - clientAddress: "" + clientAddress: "", + acceptClients: false } }); @@ -469,12 +485,19 @@ WantedBy=default.target` const load = async () => { setLoadingPage(true); - let newtVersion = "latest"; + let currentNewtVersion = "latest"; try { + const controller = new AbortController(); + const timeoutId = setTimeout(() => controller.abort(), 3000); + const response = await fetch( - `https://api.github.com/repos/fosrl/newt/releases/latest` + `https://api.github.com/repos/fosrl/newt/releases/latest`, + { signal: controller.signal } ); + + clearTimeout(timeoutId); + if (!response.ok) { throw new Error( t("newtErrorFetchReleases", { @@ -484,16 +507,21 @@ WantedBy=default.target` } const data = await response.json(); const latestVersion = data.tag_name; - newtVersion = latestVersion; + currentNewtVersion = latestVersion; + setNewtVersion(latestVersion); } catch (error) { - console.error( - t("newtErrorFetchLatest", { - err: - error instanceof Error - ? error.message - : String(error) - }) - ); + if (error instanceof Error && error.name === 'AbortError') { + console.error(t("newtErrorFetchTimeout")); + } else { + console.error( + t("newtErrorFetchLatest", { + err: + error instanceof Error + ? error.message + : String(error) + }) + ); + } } const generatedKeypair = generateKeypair(); @@ -530,7 +558,8 @@ WantedBy=default.target` newtId, newtSecret, env.app.dashboardUrl, - newtVersion + currentNewtVersion, + acceptClients ); hydrateWireGuardConfig( @@ -556,6 +585,11 @@ WantedBy=default.target` load(); }, []); + // Sync form acceptClients value with local state + useEffect(() => { + form.setValue("acceptClients", acceptClients); + }, [acceptClients, form]); + return ( <>
@@ -616,7 +650,9 @@ WantedBy=default.target` render={({ field }) => ( - Site Address + {t( + "siteAddress" + )} - Specify the - IP address - of the host - for clients - to connect - to. + {t( + "siteAddressDescription" + )} )} @@ -851,6 +884,59 @@ WantedBy=default.target` ) )}
+ +
+

+ {t("siteConfiguration")} +

+
+ { + const value = + checked as boolean; + setAcceptClients( + value + ); + form.setValue( + "acceptClients", + value + ); + // Re-hydrate commands with new acceptClients value + if ( + newtId && + newtSecret && + newtVersion + ) { + hydrateCommands( + newtId, + newtSecret, + env.app + .dashboardUrl, + newtVersion, + value + ); + } + }} + label={t( + "siteAcceptClientConnections" + )} + /> +
+

+ {t( + "siteAcceptClientConnectionsDescription" + )} +

+
+

{t("commands")} diff --git a/src/app/admin/idp/[idpId]/policies/page.tsx b/src/app/admin/idp/[idpId]/policies/page.tsx index 8f36434e..aadd6eb8 100644 --- a/src/app/admin/idp/[idpId]/policies/page.tsx +++ b/src/app/admin/idp/[idpId]/policies/page.tsx @@ -326,7 +326,7 @@ export default function PoliciesPage() { {/*TODO(vlalx): Validate replacing */} {t('orgPoliciesAboutDescription')}{" "} + + + + + +

+ Managed Self-Hosted Pangolin is a + deployment option designed for people who want + simplicity and extra reliability while still keeping + their data private and self-hosted. +

+

+ With this option, you still run your own Pangolin + node — your tunnels, SSL termination, and traffic + all stay on your server. The difference is that + management and monitoring are handled through our + cloud dashboard, which unlocks a number of benefits: +

+ +
+
+
+ +
+

+ Simpler operations +

+

+ No need to run your own mail server + or set up complex alerting. You'll + get health checks and downtime + alerts out of the box. +

+
+
+ +
+ +
+

+ Automatic updates +

+

+ The cloud dashboard evolves quickly, + so you get new features and bug + fixes without having to manually + pull new containers every time. +

+
+
+ +
+ +
+

+ Less maintenance +

+

+ No database migrations, backups, or + extra infrastructure to manage. We + handle that in the cloud. +

+
+
+
+ +
+
+ +
+

+ Cloud failover +

+

+ If your node goes down, your tunnels + can temporarily fail over to our + cloud points of presence until you + bring it back online. +

+
+
+
+ +
+

+ High availability (PoPs) +

+

+ You can also attach multiple nodes + to your account for redundancy and + better performance. +

+
+
+ +
+ +
+

+ Future enhancements +

+

+ We're planning to add more + analytics, alerting, and management + tools to make your deployment even + more robust. +

+
+
+
+
+ + + Read the docs to learn more about the Managed + Self-Hosted option in our{" "} + + documentation + + + . + + + + + + + + + + + ); +} diff --git a/src/app/auth/initial-setup/page.tsx b/src/app/auth/initial-setup/page.tsx index 17e6c2ec..e1dd3f06 100644 --- a/src/app/auth/initial-setup/page.tsx +++ b/src/app/auth/initial-setup/page.tsx @@ -10,6 +10,7 @@ import { Input } from "@/components/ui/input"; import { Form, FormControl, + FormDescription, FormField, FormItem, FormLabel, @@ -31,6 +32,7 @@ import { passwordSchema } from "@server/auth/passwordSchema"; const formSchema = z .object({ + setupToken: z.string().min(1, "Setup token is required"), email: z.string().email({ message: "Invalid email address" }), password: passwordSchema, confirmPassword: z.string() @@ -52,6 +54,7 @@ export default function InitialSetupPage() { const form = useForm>({ resolver: zodResolver(formSchema), defaultValues: { + setupToken: "", email: "", password: "", confirmPassword: "" @@ -63,6 +66,7 @@ export default function InitialSetupPage() { setError(null); try { const res = await api.put("/auth/set-server-admin", { + setupToken: values.setupToken, email: values.email, password: values.password }); @@ -102,6 +106,22 @@ export default function InitialSetupPage() { onSubmit={form.handleSubmit(onSubmit)} className="space-y-4" > + ( + + {t("setupToken")} + + + + + {t("setupTokenDescription")} + + + + )} + /> (null); + + useEffect(() => { + async function initiateAutoLogin() { + setLoading(true); + + try { + const res = await api.post< + AxiosResponse + >(`/auth/idp/${skipToIdpId}/oidc/generate-url`, { + redirectUrl + }); + + if (res.data.data.redirectUrl) { + // Redirect to the IDP for authentication + window.location.href = res.data.data.redirectUrl; + } else { + setError(t("autoLoginErrorNoRedirectUrl")); + } + } catch (e) { + console.error("Failed to generate OIDC URL:", e); + setError(formatAxiosError(e, t("autoLoginErrorGeneratingUrl"))); + } finally { + setLoading(false); + } + } + + initiateAutoLogin(); + }, []); + + return ( +
+ + + {t("autoLoginTitle")} + {t("autoLoginDescription")} + + + {loading && ( +
+ + {t("autoLoginProcessing")} +
+ )} + {!loading && !error && ( +
+ + {t("autoLoginRedirecting")} +
+ )} + {error && ( + + + + {t("autoLoginError")} + {error} + + + )} + + +
+ ); +} diff --git a/src/app/auth/resource/[resourceId]/page.tsx b/src/app/auth/resource/[resourceId]/page.tsx index ad5afa0f..347d3586 100644 --- a/src/app/auth/resource/[resourceId]/page.tsx +++ b/src/app/auth/resource/[resourceId]/page.tsx @@ -15,6 +15,7 @@ import AccessToken from "./AccessToken"; import { pullEnv } from "@app/lib/pullEnv"; import { LoginFormIDP } from "@app/components/LoginForm"; import { ListIdpsResponse } from "@server/routers/idp"; +import AutoLoginHandler from "./AutoLoginHandler"; export const dynamic = "force-dynamic"; @@ -30,11 +31,13 @@ export default async function ResourceAuthPage(props: { const env = pullEnv(); + const authHeader = await authCookieHeader(); + let authInfo: GetResourceAuthInfoResponse | undefined; try { const res = await internal.get< AxiosResponse - >(`/resource/${params.resourceId}/auth`, await authCookieHeader()); + >(`/resource/${params.resourceId}/auth`, authHeader); if (res && res.status === 200) { authInfo = res.data.data; @@ -59,9 +62,13 @@ export default async function ResourceAuthPage(props: { try { const serverResourceHost = new URL(authInfo.url).host; const redirectHost = new URL(searchParams.redirect).host; + const redirectPort = new URL(searchParams.redirect).port; + const serverResourceHostWithPort = `${serverResourceHost}:${redirectPort}`; if (serverResourceHost === redirectHost) { redirectUrl = searchParams.redirect; + } else if (serverResourceHostWithPort === redirectHost) { + redirectUrl = searchParams.redirect; } } catch (e) {} } @@ -139,6 +146,19 @@ export default async function ResourceAuthPage(props: { name: idp.name })) as LoginFormIDP[]; + if (authInfo.skipToIdpId && authInfo.skipToIdpId !== null) { + const idp = loginIdps.find((idp) => idp.idpId === authInfo.skipToIdpId); + if (idp) { + return ( + + ); + } + } + return ( <> {userIsUnauthorized && isSSOOnly ? ( diff --git a/src/app/auth/signup/SignupForm.tsx b/src/app/auth/signup/SignupForm.tsx index 5494ba10..f4690683 100644 --- a/src/app/auth/signup/SignupForm.tsx +++ b/src/app/auth/signup/SignupForm.tsx @@ -1,6 +1,6 @@ "use client"; -import { useState } from "react"; +import { useState, useEffect } from "react"; import { useForm } from "react-hook-form"; import { zodResolver } from "@hookform/resolvers/zod"; import * as z from "zod"; @@ -23,6 +23,7 @@ import { CardTitle } from "@/components/ui/card"; import { Alert, AlertDescription } from "@/components/ui/alert"; +import { Progress } from "@/components/ui/progress"; import { SignUpResponse } from "@server/routers/auth"; import { useRouter } from "next/navigation"; import { passwordSchema } from "@server/auth/passwordSchema"; @@ -35,11 +36,46 @@ import { cleanRedirect } from "@app/lib/cleanRedirect"; import { useTranslations } from "next-intl"; import BrandingLogo from "@app/components/BrandingLogo"; import { build } from "@server/build"; +import { Check, X } from "lucide-react"; +import { cn } from "@app/lib/cn"; + +// Password strength calculation +const calculatePasswordStrength = (password: string) => { + const requirements = { + length: password.length >= 8, + uppercase: /[A-Z]/.test(password), + lowercase: /[a-z]/.test(password), + number: /[0-9]/.test(password), + special: /[~!`@#$%^&*()_\-+={}[\]|\\:;"'<>,.\/?]/.test(password) + }; + + const score = Object.values(requirements).filter(Boolean).length; + let strength: "weak" | "medium" | "strong" = "weak"; + let color = "bg-red-500"; + let percentage = 0; + + if (score >= 5) { + strength = "strong"; + color = "bg-green-500"; + percentage = 100; + } else if (score >= 3) { + strength = "medium"; + color = "bg-yellow-500"; + percentage = 60; + } else if (score >= 1) { + strength = "weak"; + color = "bg-red-500"; + percentage = 30; + } + + return { requirements, strength, color, percentage, score }; +}; type SignupFormProps = { redirect?: string; inviteId?: string; inviteToken?: string; + emailParam?: string; }; const formSchema = z @@ -68,29 +104,32 @@ const formSchema = z export default function SignupForm({ redirect, inviteId, - inviteToken + inviteToken, + emailParam }: SignupFormProps) { const router = useRouter(); - - const { env } = useEnvContext(); - - const api = createApiClient({ env }); + const api = createApiClient(useEnvContext()); + const t = useTranslations(); const [loading, setLoading] = useState(false); const [error, setError] = useState(null); const [termsAgreedAt, setTermsAgreedAt] = useState(null); + const [passwordValue, setPasswordValue] = useState(""); + const [confirmPasswordValue, setConfirmPasswordValue] = useState(""); const form = useForm>({ resolver: zodResolver(formSchema), defaultValues: { - email: "", + email: emailParam || "", password: "", confirmPassword: "", agreeToTerms: false - } + }, + mode: "onChange" // Enable real-time validation }); - const t = useTranslations(); + const passwordStrength = calculatePasswordStrength(passwordValue); + const doPasswordsMatch = passwordValue.length > 0 && confirmPasswordValue.length > 0 && passwordValue === confirmPasswordValue; async function onSubmit(values: z.infer) { const { email, password } = values; @@ -172,7 +211,10 @@ export default function SignupForm({ {t("email")} - + @@ -183,11 +225,128 @@ export default function SignupForm({ name="password" render={({ field }) => ( - {t("password")} +
+ {t("password")} + {passwordStrength.strength === "strong" && ( + + )} +
- +
+ { + field.onChange(e); + setPasswordValue(e.target.value); + }} + className={cn( + passwordStrength.strength === "strong" && "border-green-500 focus-visible:ring-green-500", + passwordStrength.strength === "medium" && "border-yellow-500 focus-visible:ring-yellow-500", + passwordStrength.strength === "weak" && passwordValue.length > 0 && "border-red-500 focus-visible:ring-red-500" + )} + autoComplete="new-password" + /> +
- + + {passwordValue.length > 0 && ( +
+ {/* Password Strength Meter */} +
+
+ {t("passwordStrength")} + + {t(`passwordStrength${passwordStrength.strength.charAt(0).toUpperCase() + passwordStrength.strength.slice(1)}`)} + +
+ +
+ + {/* Requirements Checklist */} +
+
{t("passwordRequirements")}
+
+
+ {passwordStrength.requirements.length ? ( + + ) : ( + + )} + + {t("passwordRequirementLengthText")} + +
+
+ {passwordStrength.requirements.uppercase ? ( + + ) : ( + + )} + + {t("passwordRequirementUppercaseText")} + +
+
+ {passwordStrength.requirements.lowercase ? ( + + ) : ( + + )} + + {t("passwordRequirementLowercaseText")} + +
+
+ {passwordStrength.requirements.number ? ( + + ) : ( + + )} + + {t("passwordRequirementNumberText")} + +
+
+ {passwordStrength.requirements.special ? ( + + ) : ( + + )} + + {t("passwordRequirementSpecialText")} + +
+
+
+
+ )} + + {/* Only show FormMessage when not showing our custom requirements */} + {passwordValue.length === 0 && } )} /> @@ -196,13 +355,36 @@ export default function SignupForm({ name="confirmPassword" render={({ field }) => ( - - {t("confirmPassword")} - +
+ {t('confirmPassword')} + {doPasswordsMatch && ( + + )} +
- +
+ { + field.onChange(e); + setConfirmPasswordValue(e.target.value); + }} + className={cn( + doPasswordsMatch && "border-green-500 focus-visible:ring-green-500", + confirmPasswordValue.length > 0 && !doPasswordsMatch && "border-red-500 focus-visible:ring-red-500" + )} + autoComplete="new-password" + /> +
- + {confirmPasswordValue.length > 0 && !doPasswordsMatch && ( +

+ {t("passwordsDoNotMatch")} +

+ )} + {/* Only show FormMessage when field is empty */} + {confirmPasswordValue.length === 0 && } )} /> @@ -269,4 +451,4 @@ export default function SignupForm({ ); -} +} \ No newline at end of file diff --git a/src/app/auth/signup/page.tsx b/src/app/auth/signup/page.tsx index debd7c58..673e69bf 100644 --- a/src/app/auth/signup/page.tsx +++ b/src/app/auth/signup/page.tsx @@ -11,7 +11,10 @@ import { getTranslations } from "next-intl/server"; export const dynamic = "force-dynamic"; export default async function Page(props: { - searchParams: Promise<{ redirect: string | undefined }>; + searchParams: Promise<{ + redirect: string | undefined; + email: string | undefined; + }>; }) { const searchParams = await props.searchParams; const getUser = cache(verifySession); @@ -69,6 +72,7 @@ export default async function Page(props: { redirect={redirectUrl} inviteToken={inviteToken} inviteId={inviteId} + emailParam={searchParams.email} />

diff --git a/src/app/invite/InviteStatusCard.tsx b/src/app/invite/InviteStatusCard.tsx index 3ecf16f5..6d7db4dc 100644 --- a/src/app/invite/InviteStatusCard.tsx +++ b/src/app/invite/InviteStatusCard.tsx @@ -17,11 +17,13 @@ import { useTranslations } from "next-intl"; type InviteStatusCardProps = { type: "rejected" | "wrong_user" | "user_does_not_exist" | "not_logged_in"; token: string; + email?: string; }; export default function InviteStatusCard({ type, token, + email, }: InviteStatusCardProps) { const router = useRouter(); const api = createApiClient(useEnvContext()); @@ -29,12 +31,18 @@ export default function InviteStatusCard({ async function goToLogin() { await api.post("/auth/logout", {}); - router.push(`/auth/login?redirect=/invite?token=${token}`); + const redirectUrl = email + ? `/auth/login?redirect=/invite?token=${token}&email=${encodeURIComponent(email)}` + : `/auth/login?redirect=/invite?token=${token}`; + router.push(redirectUrl); } async function goToSignup() { await api.post("/auth/logout", {}); - router.push(`/auth/signup?redirect=/invite?token=${token}`); + const redirectUrl = email + ? `/auth/signup?redirect=/invite?token=${token}&email=${encodeURIComponent(email)}` + : `/auth/signup?redirect=/invite?token=${token}`; + router.push(redirectUrl); } function renderBody() { diff --git a/src/app/invite/page.tsx b/src/app/invite/page.tsx index 014fb45b..0df7b810 100644 --- a/src/app/invite/page.tsx +++ b/src/app/invite/page.tsx @@ -14,6 +14,7 @@ export default async function InvitePage(props: { const params = await props.searchParams; const tokenParam = params.token as string; + const emailParam = params.email as string; if (!tokenParam) { redirect("/"); @@ -70,16 +71,22 @@ export default async function InvitePage(props: { const type = cardType(); if (!user && type === "user_does_not_exist") { - redirect(`/auth/signup?redirect=/invite?token=${params.token}`); + const redirectUrl = emailParam + ? `/auth/signup?redirect=/invite?token=${params.token}&email=${encodeURIComponent(emailParam)}` + : `/auth/signup?redirect=/invite?token=${params.token}`; + redirect(redirectUrl); } if (!user && type === "not_logged_in") { - redirect(`/auth/login?redirect=/invite?token=${params.token}`); + const redirectUrl = emailParam + ? `/auth/login?redirect=/invite?token=${params.token}&email=${encodeURIComponent(emailParam)}` + : `/auth/login?redirect=/invite?token=${params.token}`; + redirect(redirectUrl); } return ( <> - + ); } diff --git a/src/app/navigation.tsx b/src/app/navigation.tsx index b26b98ec..f77bf3a9 100644 --- a/src/app/navigation.tsx +++ b/src/app/navigation.tsx @@ -13,10 +13,12 @@ import { TicketCheck, User, Globe, // Added from 'dev' branch - MonitorUp // Added from 'dev' branch + MonitorUp, // Added from 'dev' branch + Zap } from "lucide-react"; -export type SidebarNavSection = { // Added from 'dev' branch +export type SidebarNavSection = { + // Added from 'dev' branch heading: string; items: SidebarNavItem[]; }; @@ -108,6 +110,15 @@ export const adminNavSections: SidebarNavSection[] = [ { heading: "Admin", items: [ + ...(build == "oss" + ? [ + { + title: "managedSelfhosted", + href: "/admin/managed", + icon: + } + ] + : []), { title: "sidebarAllUsers", href: "/admin/users", diff --git a/src/components/ContainersSelector.tsx b/src/components/ContainersSelector.tsx index 0f09fb5a..7ed31b62 100644 --- a/src/components/ContainersSelector.tsx +++ b/src/components/ContainersSelector.tsx @@ -43,35 +43,30 @@ import { } from "@/components/ui/dropdown-menu"; import { ScrollArea } from "@/components/ui/scroll-area"; import { Search, RefreshCw, Filter, Columns } from "lucide-react"; -import { GetSiteResponse, Container } from "@server/routers/site"; -import { useDockerSocket } from "@app/hooks/useDockerSocket"; +import { Container } from "@server/routers/site"; import { useTranslations } from "next-intl"; - -// Type definitions based on the JSON structure +import { FaDocker } from "react-icons/fa"; interface ContainerSelectorProps { - site: GetSiteResponse; + site: { siteId: number; name: string; type: string }; + containers: Container[]; + isAvailable: boolean; onContainerSelect?: (hostname: string, port?: number) => void; + onRefresh?: () => void; } export const ContainersSelector: FC = ({ site, - onContainerSelect + containers, + isAvailable, + onContainerSelect, + onRefresh }) => { const [open, setOpen] = useState(false); const t = useTranslations(); - const { isAvailable, containers, fetchContainers } = useDockerSocket(site); - - useEffect(() => { - console.log("DockerSocket isAvailable:", isAvailable); - if (isAvailable) { - fetchContainers(); - } - }, [isAvailable]); - - if (!site || !isAvailable) { + if (!site || !isAvailable || site.type !== "newt") { return null; } @@ -84,13 +79,14 @@ export const ContainersSelector: FC = ({ return ( <> - setOpen(true)} + title={t("viewDockerContainers")} > - {t("viewDockerContainers")} - + + @@ -106,7 +102,7 @@ export const ContainersSelector: FC = ({ fetchContainers()} + onRefresh={onRefresh || (() => {})} />

@@ -263,7 +259,9 @@ const DockerContainersTable: FC<{ size="sm" className="h-6 px-2 text-xs hover:bg-muted" > - {t("containerLabelsCount", { count: labelEntries.length })} + {t("containerLabelsCount", { + count: labelEntries.length + })} @@ -279,7 +277,10 @@ const DockerContainersTable: FC<{ {key}
- {value || t("containerLabelEmpty")} + {value || + t( + "containerLabelEmpty" + )}
))} @@ -316,7 +317,9 @@ const DockerContainersTable: FC<{ onContainerSelect(row.original, ports[0])} + onClick={() => + onContainerSelect(row.original, ports[0]) + } disabled={row.original.state !== "running"} > {t("select")} @@ -415,9 +420,7 @@ const DockerContainersTable: FC<{ hideStoppedContainers) && containers.length > 0 ? ( <> -

- {t("noContainersMatchingFilters")} -

+

{t("noContainersMatchingFilters")}

{hideContainersWithoutPorts && (
@@ -463,7 +464,9 @@ const DockerContainersTable: FC<{
setSearchInput(event.target.value) @@ -473,7 +476,10 @@ const DockerContainersTable: FC<{ {searchInput && table.getFilteredRowModel().rows.length > 0 && (
- {t("searchResultsCount", { count: table.getFilteredRowModel().rows.length })} + {t("searchResultsCount", { + count: table.getFilteredRowModel().rows + .length + })}
)}
@@ -644,7 +650,9 @@ const DockerContainersTable: FC<{ {t("searching")} ) : ( - t("noContainersFoundMatching", { filter: globalFilter }) + t("noContainersFoundMatching", { + filter: globalFilter + }) )} diff --git a/src/components/CreateInternalResourceDialog.tsx b/src/components/CreateInternalResourceDialog.tsx new file mode 100644 index 00000000..ccfddcd8 --- /dev/null +++ b/src/components/CreateInternalResourceDialog.tsx @@ -0,0 +1,422 @@ +"use client"; + +import { useEffect, useState } from "react"; +import { Button } from "@app/components/ui/button"; +import { Input } from "@app/components/ui/input"; +import { + Select, + SelectContent, + SelectItem, + SelectTrigger, + SelectValue +} from "@app/components/ui/select"; +import { + Command, + CommandEmpty, + CommandGroup, + CommandInput, + CommandItem, + CommandList +} from "@app/components/ui/command"; +import { + Popover, + PopoverContent, + PopoverTrigger +} from "@app/components/ui/popover"; +import { Check, ChevronsUpDown } from "lucide-react"; +import { useForm } from "react-hook-form"; +import { zodResolver } from "@hookform/resolvers/zod"; +import { z } from "zod"; +import { + Form, + FormControl, + FormDescription, + FormField, + FormItem, + FormLabel, + FormMessage +} from "@app/components/ui/form"; +import { + Credenza, + CredenzaBody, + CredenzaClose, + CredenzaContent, + CredenzaDescription, + CredenzaFooter, + CredenzaHeader, + CredenzaTitle +} from "@app/components/Credenza"; +import { toast } from "@app/hooks/useToast"; +import { useTranslations } from "next-intl"; +import { createApiClient, formatAxiosError } from "@app/lib/api"; +import { useEnvContext } from "@app/hooks/useEnvContext"; +import { ListSitesResponse } from "@server/routers/site"; +import { cn } from "@app/lib/cn"; + +type Site = ListSitesResponse["sites"][0]; + +type CreateInternalResourceDialogProps = { + open: boolean; + setOpen: (val: boolean) => void; + orgId: string; + sites: Site[]; + onSuccess?: () => void; +}; + +export default function CreateInternalResourceDialog({ + open, + setOpen, + orgId, + sites, + onSuccess +}: CreateInternalResourceDialogProps) { + const t = useTranslations(); + const api = createApiClient(useEnvContext()); + const [isSubmitting, setIsSubmitting] = useState(false); + + const formSchema = z.object({ + name: z + .string() + .min(1, t("createInternalResourceDialogNameRequired")) + .max(255, t("createInternalResourceDialogNameMaxLength")), + siteId: z.number().int().positive(t("createInternalResourceDialogPleaseSelectSite")), + protocol: z.enum(["tcp", "udp"]), + proxyPort: z + .number() + .int() + .positive() + .min(1, t("createInternalResourceDialogProxyPortMin")) + .max(65535, t("createInternalResourceDialogProxyPortMax")), + destinationIp: z.string(), + destinationPort: z + .number() + .int() + .positive() + .min(1, t("createInternalResourceDialogDestinationPortMin")) + .max(65535, t("createInternalResourceDialogDestinationPortMax")) + }); + + type FormData = z.infer; + + const availableSites = sites.filter( + (site) => site.type === "newt" && site.subnet + ); + + const form = useForm({ + resolver: zodResolver(formSchema), + defaultValues: { + name: "", + siteId: availableSites[0]?.siteId || 0, + protocol: "tcp", + proxyPort: undefined, + destinationIp: "", + destinationPort: undefined + } + }); + + useEffect(() => { + if (open && availableSites.length > 0) { + form.reset({ + name: "", + siteId: availableSites[0].siteId, + protocol: "tcp", + proxyPort: undefined, + destinationIp: "", + destinationPort: undefined + }); + } + }, [open]); + + const handleSubmit = async (data: FormData) => { + setIsSubmitting(true); + try { + await api.put(`/org/${orgId}/site/${data.siteId}/resource`, { + name: data.name, + protocol: data.protocol, + proxyPort: data.proxyPort, + destinationIp: data.destinationIp, + destinationPort: data.destinationPort, + enabled: true + }); + + toast({ + title: t("createInternalResourceDialogSuccess"), + description: t("createInternalResourceDialogInternalResourceCreatedSuccessfully"), + variant: "default" + }); + + onSuccess?.(); + setOpen(false); + } catch (error) { + console.error("Error creating internal resource:", error); + toast({ + title: t("createInternalResourceDialogError"), + description: formatAxiosError( + error, + t("createInternalResourceDialogFailedToCreateInternalResource") + ), + variant: "destructive" + }); + } finally { + setIsSubmitting(false); + } + }; + + if (availableSites.length === 0) { + return ( + + + + {t("createInternalResourceDialogNoSitesAvailable")} + + {t("createInternalResourceDialogNoSitesAvailableDescription")} + + + + + + + + ); + } + + return ( + + + + {t("createInternalResourceDialogCreateClientResource")} + + {t("createInternalResourceDialogCreateClientResourceDescription")} + + + +
+ + {/* Resource Properties Form */} +
+

+ {t("createInternalResourceDialogResourceProperties")} +

+
+ ( + + {t("createInternalResourceDialogName")} + + + + + + )} + /> + +
+ ( + + {t("createInternalResourceDialogSite")} + + + + + + + + + + + {t("createInternalResourceDialogNoSitesFound")} + + {availableSites.map((site) => ( + { + field.onChange(site.siteId); + }} + > + + {site.name} + + ))} + + + + + + + + )} + /> + + ( + + + {t("createInternalResourceDialogProtocol")} + + + + + )} + /> +
+ + ( + + {t("createInternalResourceDialogSitePort")} + + + field.onChange( + e.target.value === "" ? undefined : parseInt(e.target.value) + ) + } + /> + + + {t("createInternalResourceDialogSitePortDescription")} + + + + )} + /> +
+
+ + {/* Target Configuration Form */} +
+

+ {t("createInternalResourceDialogTargetConfiguration")} +

+
+
+ ( + + + {t("createInternalResourceDialogDestinationIP")} + + + + + + {t("createInternalResourceDialogDestinationIPDescription")} + + + + )} + /> + + ( + + + {t("createInternalResourceDialogDestinationPort")} + + + + field.onChange( + e.target.value === "" ? undefined : parseInt(e.target.value) + ) + } + /> + + + {t("createInternalResourceDialogDestinationPortDescription")} + + + + )} + /> +
+
+
+
+ + + + + + + + + ); +} diff --git a/src/components/DomainPicker.tsx b/src/components/DomainPicker.tsx index 5f4104ea..1fc856c9 100644 --- a/src/components/DomainPicker.tsx +++ b/src/components/DomainPicker.tsx @@ -3,13 +3,28 @@ import { useState, useEffect, useCallback } from "react"; import { Input } from "@/components/ui/input"; import { Label } from "@/components/ui/label"; -import { Badge } from "@/components/ui/badge"; import { Button } from "@/components/ui/button"; +import { + Command, + CommandEmpty, + CommandGroup, + CommandInput, + CommandItem, + CommandList, + CommandSeparator +} from "@/components/ui/command"; +import { + Popover, + PopoverContent, + PopoverTrigger +} from "@/components/ui/popover"; import { AlertCircle, CheckCircle2, Building2, Zap, + Check, + ChevronsUpDown, ArrowUpDown } from "lucide-react"; import { Alert, AlertDescription } from "@/components/ui/alert"; @@ -19,9 +34,9 @@ import { toast } from "@/hooks/useToast"; import { ListDomainsResponse } from "@server/routers/domain/listDomains"; import { AxiosResponse } from "axios"; import { cn } from "@/lib/cn"; -import { Tabs, TabsList, TabsTrigger } from "@/components/ui/tabs"; import { useTranslations } from "next-intl"; import { build } from "@server/build"; +import { RadioGroup, RadioGroupItem } from "@/components/ui/radio-group"; type OrganizationDomain = { domainId: string; @@ -39,17 +54,15 @@ type AvailableOption = { type DomainOption = { id: string; domain: string; - type: "organization" | "provided"; + type: "organization" | "provided" | "provided-search"; verified?: boolean; domainType?: "ns" | "cname" | "wildcard"; domainId?: string; domainNamespaceId?: string; - subdomain?: string; }; -interface DomainPickerProps { +interface DomainPicker2Props { orgId: string; - cols?: number; onDomainChange?: (domainInfo: { domainId: string; domainNamespaceId?: string; @@ -58,34 +71,37 @@ interface DomainPickerProps { fullDomain: string; baseDomain: string; }) => void; + cols?: number; } -export default function DomainPicker({ +export default function DomainPicker2({ orgId, - cols, - onDomainChange -}: DomainPickerProps) { + onDomainChange, + cols = 2 +}: DomainPicker2Props) { const { env } = useEnvContext(); const api = createApiClient({ env }); const t = useTranslations(); - const [userInput, setUserInput] = useState(""); - const [selectedOption, setSelectedOption] = useState( - null - ); + const [subdomainInput, setSubdomainInput] = useState(""); + const [selectedBaseDomain, setSelectedBaseDomain] = + useState(null); const [availableOptions, setAvailableOptions] = useState( [] ); - const [isChecking, setIsChecking] = useState(false); const [organizationDomains, setOrganizationDomains] = useState< OrganizationDomain[] >([]); const [loadingDomains, setLoadingDomains] = useState(false); + const [open, setOpen] = useState(false); + + // Provided domain search states + const [userInput, setUserInput] = useState(""); + const [isChecking, setIsChecking] = useState(false); const [sortOrder, setSortOrder] = useState<"asc" | "desc">("asc"); - const [activeTab, setActiveTab] = useState< - "all" | "organization" | "provided" - >("all"); const [providedDomainsShown, setProvidedDomainsShown] = useState(3); + const [selectedProvidedDomain, setSelectedProvidedDomain] = + useState(null); useEffect(() => { const loadOrganizationDomains = async () => { @@ -107,6 +123,41 @@ export default function DomainPicker({ type: domain.type as "ns" | "cname" | "wildcard" })); setOrganizationDomains(domains); + + // Auto-select first available domain + if (domains.length > 0) { + // Select the first organization domain + const firstOrgDomain = domains[0]; + const domainOption: DomainOption = { + id: `org-${firstOrgDomain.domainId}`, + domain: firstOrgDomain.baseDomain, + type: "organization", + verified: firstOrgDomain.verified, + domainType: firstOrgDomain.type, + domainId: firstOrgDomain.domainId + }; + setSelectedBaseDomain(domainOption); + + onDomainChange?.({ + domainId: firstOrgDomain.domainId, + type: "organization", + subdomain: undefined, + fullDomain: firstOrgDomain.baseDomain, + baseDomain: firstOrgDomain.baseDomain + }); + } else if (build === "saas" || build === "enterprise") { + // If no organization domains, select the provided domain option + const domainOptionText = + build === "enterprise" + ? "Provided Domain" + : "Free Provided Domain"; + const freeDomainOption: DomainOption = { + id: "provided-search", + domain: domainOptionText, + type: "provided-search" + }; + setSelectedBaseDomain(freeDomainOption); + } } } catch (error) { console.error("Failed to load organization domains:", error); @@ -123,135 +174,131 @@ export default function DomainPicker({ loadOrganizationDomains(); }, [orgId, api]); - // Generate domain options based on user input - const generateDomainOptions = (): DomainOption[] => { + const checkAvailability = useCallback( + async (input: string) => { + if (!input.trim()) { + setAvailableOptions([]); + setIsChecking(false); + return; + } + + setIsChecking(true); + try { + const checkSubdomain = input + .toLowerCase() + .replace(/\./g, "-") + .replace(/[^a-z0-9-]/g, "") + .replace(/-+/g, "-"); + } catch (error) { + console.error("Failed to check domain availability:", error); + setAvailableOptions([]); + toast({ + variant: "destructive", + title: "Error", + description: "Failed to check domain availability" + }); + } finally { + setIsChecking(false); + } + }, + [api] + ); + + const debouncedCheckAvailability = useCallback( + debounce(checkAvailability, 500), + [checkAvailability] + ); + + useEffect(() => { + if (selectedBaseDomain?.type === "provided-search") { + setProvidedDomainsShown(3); + setSelectedProvidedDomain(null); + + if (userInput.trim()) { + setIsChecking(true); + debouncedCheckAvailability(userInput); + } else { + setAvailableOptions([]); + setIsChecking(false); + } + } + }, [userInput, debouncedCheckAvailability, selectedBaseDomain]); + + const generateDropdownOptions = (): DomainOption[] => { const options: DomainOption[] = []; - if (!userInput.trim()) return options; - - // Add organization domain options organizationDomains.forEach((orgDomain) => { - if (orgDomain.type === "cname") { - // For CNAME domains, check if the user input matches exactly - if ( - orgDomain.baseDomain.toLowerCase() === - userInput.toLowerCase() - ) { - options.push({ - id: `org-${orgDomain.domainId}`, - domain: orgDomain.baseDomain, - type: "organization", - verified: orgDomain.verified, - domainType: "cname", - domainId: orgDomain.domainId - }); - } - } else if (orgDomain.type === "ns") { - // For NS domains, check if the user input could be a subdomain - const userInputLower = userInput.toLowerCase(); - const baseDomainLower = orgDomain.baseDomain.toLowerCase(); - - // Check if user input ends with the base domain - if (userInputLower.endsWith(`.${baseDomainLower}`)) { - const subdomain = userInputLower.slice( - 0, - -(baseDomainLower.length + 1) - ); - options.push({ - id: `org-${orgDomain.domainId}`, - domain: userInput, - type: "organization", - verified: orgDomain.verified, - domainType: "ns", - domainId: orgDomain.domainId, - subdomain: subdomain - }); - } else if (userInputLower === baseDomainLower) { - // Exact match for base domain - options.push({ - id: `org-${orgDomain.domainId}`, - domain: orgDomain.baseDomain, - type: "organization", - verified: orgDomain.verified, - domainType: "ns", - domainId: orgDomain.domainId - }); - } - } else if (orgDomain.type === "wildcard") { - // For wildcard domains, allow the base domain or multiple levels up - const userInputLower = userInput.toLowerCase(); - const baseDomainLower = orgDomain.baseDomain.toLowerCase(); - - // Check if user input is exactly the base domain - if (userInputLower === baseDomainLower) { - options.push({ - id: `org-${orgDomain.domainId}`, - domain: orgDomain.baseDomain, - type: "organization", - verified: orgDomain.verified, - domainType: "wildcard", - domainId: orgDomain.domainId - }); - } - // Check if user input ends with the base domain (allows multiple level subdomains) - else if (userInputLower.endsWith(`.${baseDomainLower}`)) { - const subdomain = userInputLower.slice( - 0, - -(baseDomainLower.length + 1) - ); - // Allow multiple levels (subdomain can contain dots) - options.push({ - id: `org-${orgDomain.domainId}`, - domain: userInput, - type: "organization", - verified: orgDomain.verified, - domainType: "wildcard", - domainId: orgDomain.domainId, - subdomain: subdomain - }); - } - } - }); - - // Add provided domain options (always try to match provided domains) - availableOptions.forEach((option) => { options.push({ - id: `provided-${option.domainNamespaceId}`, - domain: option.fullDomain, - type: "provided", - domainNamespaceId: option.domainNamespaceId, - domainId: option.domainId + id: `org-${orgDomain.domainId}`, + domain: orgDomain.baseDomain, + type: "organization", + verified: orgDomain.verified, + domainType: orgDomain.type, + domainId: orgDomain.domainId }); }); - // Sort options - return options.sort((a, b) => { - const comparison = a.domain.localeCompare(b.domain); - return sortOrder === "asc" ? comparison : -comparison; - }); + if (build === "saas" || build === "enterprise") { + const domainOptionText = + build === "enterprise" + ? "Provided Domain" + : "Free Provided Domain"; + options.push({ + id: "provided-search", + domain: domainOptionText, + type: "provided-search" + }); + } + + return options; }; - const domainOptions = generateDomainOptions(); + const dropdownOptions = generateDropdownOptions(); - // Filter options based on active tab - const filteredOptions = domainOptions.filter((option) => { - if (activeTab === "all") return true; - return option.type === activeTab; - }); + const validateSubdomain = ( + subdomain: string, + baseDomain: DomainOption + ): boolean => { + if (!baseDomain) return false; - // Separate organization and provided options for pagination - const organizationOptions = filteredOptions.filter( - (opt) => opt.type === "organization" - ); - const allProvidedOptions = filteredOptions.filter( - (opt) => opt.type === "provided" - ); - const providedOptions = allProvidedOptions.slice(0, providedDomainsShown); - const hasMoreProvided = allProvidedOptions.length > providedDomainsShown; + if (baseDomain.type === "provided-search") { + return /^[a-zA-Z0-9-]+$/.test(subdomain); + } - // Handle option selection - const handleOptionSelect = (option: DomainOption) => { - setSelectedOption(option); + if (baseDomain.type === "organization") { + if (baseDomain.domainType === "cname") { + return subdomain === ""; + } else if (baseDomain.domainType === "ns") { + return /^[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)*$/.test(subdomain); + } else if (baseDomain.domainType === "wildcard") { + return /^[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)*$/.test(subdomain); + } + } + + return false; + }; + + // Handle base domain selection + const handleBaseDomainSelect = (option: DomainOption) => { + setSelectedBaseDomain(option); + setOpen(false); + + if (option.domainType === "cname") { + setSubdomainInput(""); + } + + if (option.type === "provided-search") { + setUserInput(""); + setAvailableOptions([]); + setSelectedProvidedDomain(null); + onDomainChange?.({ + domainId: option.domainId!, + type: "organization", + subdomain: undefined, + fullDomain: option.domain, + baseDomain: option.domain + }); + } if (option.type === "organization") { if (option.domainType === "cname") { @@ -262,258 +309,413 @@ export default function DomainPicker({ fullDomain: option.domain, baseDomain: option.domain }); - } else if (option.domainType === "ns") { - const subdomain = option.subdomain || ""; + } else { onDomainChange?.({ domainId: option.domainId!, type: "organization", - subdomain: subdomain || undefined, + subdomain: undefined, fullDomain: option.domain, baseDomain: option.domain }); - } else if (option.domainType === "wildcard") { + } + } + }; + + const handleSubdomainChange = (value: string) => { + const validInput = value.replace(/[^a-zA-Z0-9.-]/g, ""); + setSubdomainInput(validInput); + + setSelectedProvidedDomain(null); + + if (selectedBaseDomain && selectedBaseDomain.type === "organization") { + const isValid = validateSubdomain(validInput, selectedBaseDomain); + if (isValid) { + const fullDomain = validInput + ? `${validInput}.${selectedBaseDomain.domain}` + : selectedBaseDomain.domain; onDomainChange?.({ - domainId: option.domainId!, + domainId: selectedBaseDomain.domainId!, type: "organization", - subdomain: option.subdomain || undefined, - fullDomain: option.domain, - baseDomain: option.subdomain - ? option.domain.split(".").slice(1).join(".") - : option.domain + subdomain: validInput || undefined, + fullDomain: fullDomain, + baseDomain: selectedBaseDomain.domain + }); + } else if (validInput === "") { + onDomainChange?.({ + domainId: selectedBaseDomain.domainId!, + type: "organization", + subdomain: undefined, + fullDomain: selectedBaseDomain.domain, + baseDomain: selectedBaseDomain.domain }); } - } else if (option.type === "provided") { - // Extract subdomain from full domain - const parts = option.domain.split("."); - const subdomain = parts[0]; - const baseDomain = parts.slice(1).join("."); + } + }; + + const handleProvidedDomainInputChange = (value: string) => { + const validInput = value.replace(/[^a-zA-Z0-9.-]/g, ""); + setUserInput(validInput); + + // Clear selected domain when user types + if (selectedProvidedDomain) { + setSelectedProvidedDomain(null); onDomainChange?.({ - domainId: option.domainId!, - domainNamespaceId: option.domainNamespaceId, + domainId: "", type: "provided", - subdomain: subdomain, - fullDomain: option.domain, - baseDomain: baseDomain + subdomain: undefined, + fullDomain: "", + baseDomain: "" }); } }; + const handleProvidedDomainSelect = (option: AvailableOption) => { + setSelectedProvidedDomain(option); + + const parts = option.fullDomain.split("."); + const subdomain = parts[0]; + const baseDomain = parts.slice(1).join("."); + + onDomainChange?.({ + domainId: option.domainId, + domainNamespaceId: option.domainNamespaceId, + type: "provided", + subdomain: subdomain, + fullDomain: option.fullDomain, + baseDomain: baseDomain + }); + }; + + const isSubdomainValid = selectedBaseDomain + ? validateSubdomain(subdomainInput, selectedBaseDomain) + : true; + const showSubdomainInput = + selectedBaseDomain && + selectedBaseDomain.type === "organization" && + selectedBaseDomain.domainType !== "cname"; + const showProvidedDomainSearch = + selectedBaseDomain?.type === "provided-search"; + + const sortedAvailableOptions = availableOptions.sort((a, b) => { + const comparison = a.fullDomain.localeCompare(b.fullDomain); + return sortOrder === "asc" ? comparison : -comparison; + }); + + const displayedProvidedOptions = sortedAvailableOptions.slice( + 0, + providedDomainsShown + ); + const hasMoreProvided = + sortedAvailableOptions.length > providedDomainsShown; + return ( -
- {/* Domain Input */} -
- - { - // Only allow letters, numbers, hyphens, and periods - const validInput = e.target.value.replace( - /[^a-zA-Z0-9.-]/g, - "" - ); - setUserInput(validInput); - // Clear selection when input changes - setSelectedOption(null); - }} - /> -

- {build === "saas" - ? t("domainPickerDescriptionSaas") - : t("domainPickerDescription")} -

+
+
+
+ + { + if (showProvidedDomainSearch) { + handleProvidedDomainInputChange(e.target.value); + } else { + handleSubdomainChange(e.target.value); + } + }} + /> + {showSubdomainInput && !subdomainInput && ( +

+ {t("domainPickerEnterSubdomainOrLeaveBlank")} +

+ )} + {showProvidedDomainSearch && !userInput && ( +

+ {t("domainPickerEnterSubdomainToSearch")} +

+ )} +
+ +
+ + + + + + + + + +
+ {t("domainPickerNoDomainsFound")} +
+ + + {organizationDomains.length > 0 && ( + <> + + + {organizationDomains.map( + (orgDomain) => ( + + handleBaseDomainSelect( + { + id: `org-${orgDomain.domainId}`, + domain: orgDomain.baseDomain, + type: "organization", + verified: + orgDomain.verified, + domainType: + orgDomain.type, + domainId: + orgDomain.domainId + } + ) + } + className="mx-2 rounded-md" + disabled={ + !orgDomain.verified + } + > +
+ +
+
+ + { + orgDomain.baseDomain + } + + + {orgDomain.type.toUpperCase()}{" "} + •{" "} + {orgDomain.verified + ? "Verified" + : "Unverified"} + +
+ + + ) + )} + + + {(build === "saas" || + build === "enterprise") && ( + + )} + + )} + + {(build === "saas" || + build === "enterprise") && ( + + + + handleBaseDomainSelect({ + id: "provided-search", + domain: + build === + "enterprise" + ? "Provided Domain" + : "Free Provided Domain", + type: "provided-search" + }) + } + className="mx-2 rounded-md" + > +
+ +
+
+ + {build === "enterprise" + ? "Provided Domain" + : "Free Provided Domain"} + + + {t( + "domainPickerSearchForAvailableDomains" + )} + +
+ + + + + )} + + + +
- {/* Tabs and Sort Toggle */} - {build === "saas" && ( -
- - setActiveTab( - value as "all" | "organization" | "provided" - ) - } - > - - - {t("domainPickerTabAll")} - - - {t("domainPickerTabOrganization")} - - {build == "saas" && ( - - {t("domainPickerTabProvided")} - - )} - - - -
- )} - - {/* Loading State */} - {isChecking && ( -
-
-
- {t("domainPickerCheckingAvailability")} -
-
- )} - - {/* No Options */} - {!isChecking && - filteredOptions.length === 0 && - userInput.trim() && ( - - - - {t("domainPickerNoMatchingDomains")} - - - )} - - {/* Domain Options */} - {!isChecking && filteredOptions.length > 0 && ( + {showProvidedDomainSearch && (
- {/* Organization Domains */} - {organizationOptions.length > 0 && ( -
- {build !== "oss" && ( -
- -

- {t("domainPickerOrganizationDomains")} -

-
- )} -
- {organizationOptions.map((option) => ( -
- option.verified && - handleOptionSelect(option) - } - > -
-
-
-

- {option.domain} -

- {/* */} - {/* {option.domainType} */} - {/* */} - {option.verified ? ( - - ) : ( - - )} -
- {option.subdomain && ( -

- {t( - "domainPickerSubdomain", - { - subdomain: - option.subdomain - } - )} -

- )} - {!option.verified && ( -

- Domain is unverified -

- )} -
-
-
- ))} + {isChecking && ( +
+
+
+ + {t("domainPickerCheckingAvailability")} +
)} - {/* Provided Domains */} - {providedOptions.length > 0 && ( + {!isChecking && + sortedAvailableOptions.length === 0 && + userInput.trim() && ( + + + + {t("domainPickerNoMatchingDomains")} + + + )} + + {!isChecking && sortedAvailableOptions.length > 0 && (
-
- -
- {t("domainPickerProvidedDomains")} -
-
-
- {providedOptions.map((option) => ( -
- handleOptionSelect(option) + { + const option = + displayedProvidedOptions.find( + (opt) => + opt.domainNamespaceId === value + ); + if (option) { + handleProvidedDomainSelect(option); + } + }} + className={`grid gap-2 grid-cols-1 sm:grid-cols-${cols}`} + > + {displayedProvidedOptions.map((option) => ( + ))} -
+ {hasMoreProvided && (
); } diff --git a/src/components/EditInternalResourceDialog.tsx b/src/components/EditInternalResourceDialog.tsx new file mode 100644 index 00000000..adfed1b7 --- /dev/null +++ b/src/components/EditInternalResourceDialog.tsx @@ -0,0 +1,276 @@ +"use client"; + +import { useEffect, useState } from "react"; +import { Button } from "@app/components/ui/button"; +import { Input } from "@app/components/ui/input"; +import { + Select, + SelectContent, + SelectItem, + SelectTrigger, + SelectValue +} from "@app/components/ui/select"; +import { useForm } from "react-hook-form"; +import { zodResolver } from "@hookform/resolvers/zod"; +import { z } from "zod"; +import { + Form, + FormControl, + FormDescription, + FormField, + FormItem, + FormLabel, + FormMessage +} from "@app/components/ui/form"; +import { + Credenza, + CredenzaBody, + CredenzaClose, + CredenzaContent, + CredenzaDescription, + CredenzaFooter, + CredenzaHeader, + CredenzaTitle +} from "@app/components/Credenza"; +import { toast } from "@app/hooks/useToast"; +import { useTranslations } from "next-intl"; +import { createApiClient, formatAxiosError } from "@app/lib/api"; +import { useEnvContext } from "@app/hooks/useEnvContext"; +import { Separator } from "@app/components/ui/separator"; + +type InternalResourceData = { + id: number; + name: string; + orgId: string; + siteName: string; + protocol: string; + proxyPort: number | null; + siteId: number; + destinationIp?: string; + destinationPort?: number; +}; + +type EditInternalResourceDialogProps = { + open: boolean; + setOpen: (val: boolean) => void; + resource: InternalResourceData; + orgId: string; + onSuccess?: () => void; +}; + +export default function EditInternalResourceDialog({ + open, + setOpen, + resource, + orgId, + onSuccess +}: EditInternalResourceDialogProps) { + const t = useTranslations(); + const api = createApiClient(useEnvContext()); + const [isSubmitting, setIsSubmitting] = useState(false); + + const formSchema = z.object({ + name: z.string().min(1, t("editInternalResourceDialogNameRequired")).max(255, t("editInternalResourceDialogNameMaxLength")), + protocol: z.enum(["tcp", "udp"]), + proxyPort: z.number().int().positive().min(1, t("editInternalResourceDialogProxyPortMin")).max(65535, t("editInternalResourceDialogProxyPortMax")), + destinationIp: z.string(), + destinationPort: z.number().int().positive().min(1, t("editInternalResourceDialogDestinationPortMin")).max(65535, t("editInternalResourceDialogDestinationPortMax")) + }); + + type FormData = z.infer; + + const form = useForm({ + resolver: zodResolver(formSchema), + defaultValues: { + name: resource.name, + protocol: resource.protocol as "tcp" | "udp", + proxyPort: resource.proxyPort || undefined, + destinationIp: resource.destinationIp || "", + destinationPort: resource.destinationPort || undefined + } + }); + + useEffect(() => { + if (open) { + form.reset({ + name: resource.name, + protocol: resource.protocol as "tcp" | "udp", + proxyPort: resource.proxyPort || undefined, + destinationIp: resource.destinationIp || "", + destinationPort: resource.destinationPort || undefined + }); + } + }, [open, resource, form]); + + const handleSubmit = async (data: FormData) => { + setIsSubmitting(true); + try { + // Update the site resource + await api.post(`/org/${orgId}/site/${resource.siteId}/resource/${resource.id}`, { + name: data.name, + protocol: data.protocol, + proxyPort: data.proxyPort, + destinationIp: data.destinationIp, + destinationPort: data.destinationPort + }); + + toast({ + title: t("editInternalResourceDialogSuccess"), + description: t("editInternalResourceDialogInternalResourceUpdatedSuccessfully"), + variant: "default" + }); + + onSuccess?.(); + setOpen(false); + } catch (error) { + console.error("Error updating internal resource:", error); + toast({ + title: t("editInternalResourceDialogError"), + description: formatAxiosError(error, t("editInternalResourceDialogFailedToUpdateInternalResource")), + variant: "destructive" + }); + } finally { + setIsSubmitting(false); + } + }; + + return ( + + + + {t("editInternalResourceDialogEditClientResource")} + + {t("editInternalResourceDialogUpdateResourceProperties", { resourceName: resource.name })} + + + +
+ + {/* Resource Properties Form */} +
+

{t("editInternalResourceDialogResourceProperties")}

+
+ ( + + {t("editInternalResourceDialogName")} + + + + + + )} + /> + +
+ ( + + {t("editInternalResourceDialogProtocol")} + + + + )} + /> + + ( + + {t("editInternalResourceDialogSitePort")} + + field.onChange(parseInt(e.target.value) || 0)} + /> + + + + )} + /> +
+
+
+ + {/* Target Configuration Form */} +
+

{t("editInternalResourceDialogTargetConfiguration")}

+
+
+ ( + + {t("editInternalResourceDialogDestinationIP")} + + + + + + )} + /> + + ( + + {t("editInternalResourceDialogDestinationPort")} + + field.onChange(parseInt(e.target.value) || 0)} + /> + + + + )} + /> +
+
+
+
+ + + + + + + + + ); +} diff --git a/src/components/LayoutSidebar.tsx b/src/components/LayoutSidebar.tsx index 98ef87eb..cfc21144 100644 --- a/src/components/LayoutSidebar.tsx +++ b/src/components/LayoutSidebar.tsx @@ -6,7 +6,7 @@ import { OrgSelector } from "@app/components/OrgSelector"; import { cn } from "@app/lib/cn"; import { ListUserOrgsResponse } from "@server/routers/org"; import SupporterStatus from "@app/components/SupporterStatus"; -import { ExternalLink, Server, BookOpenText } from "lucide-react"; +import { ExternalLink, Server, BookOpenText, Zap } from "lucide-react"; import Link from "next/link"; import { usePathname } from "next/navigation"; import { useUserContext } from "@app/hooks/useUserContext"; @@ -20,6 +20,7 @@ import { TooltipProvider, TooltipTrigger } from "@app/components/ui/tooltip"; +import { build } from "@server/build"; interface LayoutSidebarProps { orgId?: string; @@ -70,9 +71,38 @@ export function LayoutSidebar({ isCollapsed={isSidebarCollapsed} />
-
+
{!isAdminPage && user.serverAdmin && (
+ {build === "oss" && ( + + + + + {!isSidebarCollapsed && ( + {t("managedSelfhosted")} + )} + + )} +
); -} +} \ No newline at end of file diff --git a/src/components/OrgSelector.tsx b/src/components/OrgSelector.tsx index abf34a45..d105e31c 100644 --- a/src/components/OrgSelector.tsx +++ b/src/components/OrgSelector.tsx @@ -54,7 +54,7 @@ export function OrgSelector({ orgId, orgs, isCollapsed = false }: OrgSelectorPro role="combobox" aria-expanded={open} className={cn( - "shadow-xs", + "shadow-2xs", isCollapsed ? "w-8 h-8" : "w-full h-12 px-3 py-4" )} > diff --git a/src/components/PermissionsSelectBox.tsx b/src/components/PermissionsSelectBox.tsx index 6f11d98e..848d116c 100644 --- a/src/components/PermissionsSelectBox.tsx +++ b/src/components/PermissionsSelectBox.tsx @@ -82,6 +82,14 @@ function getActionsCategories(root: boolean) { [t('actionDeleteResourceRule')]: "deleteResourceRule", [t('actionListResourceRules')]: "listResourceRules", [t('actionUpdateResourceRule')]: "updateResourceRule" + }, + + "Client": { + [t('actionCreateClient')]: "createClient", + [t('actionDeleteClient')]: "deleteClient", + [t('actionUpdateClient')]: "updateClient", + [t('actionListClients')]: "listClients", + [t('actionGetClient')]: "getClient" } }; diff --git a/src/components/SupporterStatus.tsx b/src/components/SupporterStatus.tsx index 74d4bf8b..4e3723f4 100644 --- a/src/components/SupporterStatus.tsx +++ b/src/components/SupporterStatus.tsx @@ -219,7 +219,7 @@ export default function SupporterStatus({ isCollapsed = false }: SupporterStatus {" "} {t('supportKeyPurchase2')}{" "} svg]:text-destructive", success: diff --git a/src/components/ui/data-table.tsx b/src/components/ui/data-table.tsx index 6b22ddfe..fde1f12b 100644 --- a/src/components/ui/data-table.tsx +++ b/src/components/ui/data-table.tsx @@ -30,7 +30,15 @@ import { CardHeader, CardTitle } from "@app/components/ui/card"; +import { Tabs, TabsList, TabsTrigger } from "@app/components/ui/tabs"; import { useTranslations } from "next-intl"; +import { useMemo } from "react"; + +type TabFilter = { + id: string; + label: string; + filterFn: (row: any) => boolean; +}; type DataTableProps = { columns: ColumnDef[]; @@ -46,6 +54,8 @@ type DataTableProps = { id: string; desc: boolean; }; + tabs?: TabFilter[]; + defaultTab?: string; }; export function DataTable({ @@ -58,17 +68,36 @@ export function DataTable({ isRefreshing, searchPlaceholder = "Search...", searchColumn = "name", - defaultSort + defaultSort, + tabs, + defaultTab }: DataTableProps) { const [sorting, setSorting] = useState( defaultSort ? [defaultSort] : [] ); const [columnFilters, setColumnFilters] = useState([]); const [globalFilter, setGlobalFilter] = useState([]); + const [activeTab, setActiveTab] = useState( + defaultTab || tabs?.[0]?.id || "" + ); const t = useTranslations(); + // Apply tab filter to data + const filteredData = useMemo(() => { + if (!tabs || activeTab === "") { + return data; + } + + const activeTabFilter = tabs.find((tab) => tab.id === activeTab); + if (!activeTabFilter) { + return data; + } + + return data.filter(activeTabFilter.filterFn); + }, [data, tabs, activeTab]); + const table = useReactTable({ - data, + data: filteredData, columns, getCoreRowModel: getCoreRowModel(), getPaginationRowModel: getPaginationRowModel(), @@ -90,20 +119,49 @@ export function DataTable({ } }); + const handleTabChange = (value: string) => { + setActiveTab(value); + // Reset to first page when changing tabs + table.setPageIndex(0); + }; + return (
-
- - table.setGlobalFilter(String(e.target.value)) - } - className="w-full pl-8" - /> - +
+
+ + table.setGlobalFilter( + String(e.target.value) + ) + } + className="w-full pl-8" + /> + +
+ {tabs && tabs.length > 0 && ( + + + {tabs.map((tab) => ( + + {tab.label} ( + {data.filter(tab.filterFn).length}) + + ))} + + + )}
{onRefresh && ( diff --git a/src/components/ui/input-otp.tsx b/src/components/ui/input-otp.tsx index 9293541d..2afda77d 100644 --- a/src/components/ui/input-otp.tsx +++ b/src/components/ui/input-otp.tsx @@ -55,7 +55,7 @@ function InputOTPSlot({ data-slot="input-otp-slot" data-active={isActive} className={cn( - "data-[active=true]:border-ring data-[active=true]:ring-ring/50 data-[active=true]:aria-invalid:ring-destructive/20 dark:data-[active=true]:aria-invalid:ring-destructive/40 aria-invalid:border-destructive data-[active=true]:aria-invalid:border-destructive border-input relative flex h-9 w-9 items-center justify-center border-y border-r text-sm shadow-xs transition-all outline-none first:rounded-l-md first:border-l last:rounded-r-md data-[active=true]:z-10 data-[active=true]:ring-[3px]", + "data-[active=true]:border-ring data-[active=true]:ring-ring/50 data-[active=true]:aria-invalid:ring-destructive/20 dark:data-[active=true]:aria-invalid:ring-destructive/40 aria-invalid:border-destructive data-[active=true]:aria-invalid:border-destructive border-input relative flex h-9 w-9 items-center justify-center border-y border-r text-sm shadow-2xs transition-all outline-none first:rounded-l-md first:border-l last:rounded-r-md data-[active=true]:z-10 data-[active=true]:ring-[3px]", className )} {...props} diff --git a/src/components/ui/input.tsx b/src/components/ui/input.tsx index 880a44b7..eacaa12e 100644 --- a/src/components/ui/input.tsx +++ b/src/components/ui/input.tsx @@ -16,7 +16,7 @@ const Input = React.forwardRef( type={showPassword ? "text" : "password"} data-slot="input" className={cn( - "file:text-foreground placeholder:text-muted-foreground selection:bg-primary selection:text-primary-foreground border-input flex h-9 w-full min-w-0 rounded-md border bg-transparent px-3 py-1 text-base inset-shadow-2xs transition-[color,box-shadow] outline-none file:inline-flex file:h-7 file:border-0 file:bg-transparent file:text-sm file:font-medium disabled:pointer-events-none disabled:cursor-not-allowed disabled:opacity-50 md:text-sm", + "file:text-foreground placeholder:text-muted-foreground selection:bg-primary selection:text-primary-foreground border-input flex h-9 w-full min-w-0 rounded-md border bg-transparent px-3 py-1 text-base transition-[color,box-shadow] outline-none file:inline-flex file:h-7 file:border-0 file:bg-transparent file:text-sm file:font-medium disabled:pointer-events-none disabled:cursor-not-allowed disabled:opacity-50 md:text-sm shadow-2xs", "focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px]", "aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive", className @@ -43,7 +43,7 @@ const Input = React.forwardRef( type={type} data-slot="input" className={cn( - "file:text-foreground placeholder:text-muted-foreground selection:bg-primary selection:text-primary-foreground border-input flex h-9 w-full min-w-0 rounded-md border bg-transparent px-3 py-1 text-base inset-shadow-2xs transition-[color,box-shadow] outline-none file:inline-flex file:h-7 file:border-0 file:bg-transparent file:text-sm file:font-medium disabled:pointer-events-none disabled:cursor-not-allowed disabled:opacity-50 md:text-sm", + "file:text-foreground placeholder:text-muted-foreground selection:bg-primary selection:text-primary-foreground border-input flex h-9 w-full min-w-0 rounded-md border bg-transparent px-3 py-1 text-base transition-[color,box-shadow] outline-none file:inline-flex file:h-7 file:border-0 file:bg-transparent file:text-sm file:font-medium disabled:pointer-events-none disabled:cursor-not-allowed disabled:opacity-50 md:text-sm shadow-2xs", "focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px]", "aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive", className diff --git a/src/components/ui/select.tsx b/src/components/ui/select.tsx index db231e17..03dd3d26 100644 --- a/src/components/ui/select.tsx +++ b/src/components/ui/select.tsx @@ -36,7 +36,7 @@ function SelectTrigger({ data-slot="select-trigger" data-size={size} className={cn( - "border-input data-[placeholder]:text-muted-foreground [&_svg:not([class*='text-'])]:text-muted-foreground focus-visible:border-ring focus-visible:ring-ring/50 aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive cursor-pointer flex w-fit items-center justify-between gap-2 rounded-md border bg-transparent px-3 py-2 text-sm whitespace-nowrap shadow-xs transition-[color,box-shadow] outline-none focus-visible:ring-[3px] disabled:cursor-not-allowed disabled:opacity-50 data-[size=default]:h-9 data-[size=sm]:h-8 *:data-[slot=select-value]:line-clamp-1 *:data-[slot=select-value]:flex *:data-[slot=select-value]:items-center *:data-[slot=select-value]:gap-2 [&_svg]:pointer-events-none [&_svg]:shrink-0 [&_svg:not([class*='size-'])]:size-4 w-full", + "border-input data-[placeholder]:text-muted-foreground [&_svg:not([class*='text-'])]:text-muted-foreground focus-visible:border-ring focus-visible:ring-ring/50 aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive cursor-pointer flex w-fit items-center justify-between gap-2 rounded-md border bg-transparent px-3 py-2 text-sm whitespace-nowrap shadow-2xs transition-[color,box-shadow] outline-none focus-visible:ring-[3px] disabled:cursor-not-allowed disabled:opacity-50 data-[size=default]:h-9 data-[size=sm]:h-8 *:data-[slot=select-value]:line-clamp-1 *:data-[slot=select-value]:flex *:data-[slot=select-value]:items-center *:data-[slot=select-value]:gap-2 [&_svg]:pointer-events-none [&_svg]:shrink-0 [&_svg:not([class*='size-'])]:size-4 w-full", className )} {...props} diff --git a/src/components/ui/tabs.tsx b/src/components/ui/tabs.tsx index 7fa26a9e..94050ae2 100644 --- a/src/components/ui/tabs.tsx +++ b/src/components/ui/tabs.tsx @@ -29,7 +29,7 @@ const TabsTrigger = React.forwardRef< ) => void; updateAuthInfo: ( diff --git a/src/hooks/useDockerSocket.ts b/src/hooks/useDockerSocket.ts deleted file mode 100644 index dc4f08f4..00000000 --- a/src/hooks/useDockerSocket.ts +++ /dev/null @@ -1,168 +0,0 @@ -import { createApiClient, formatAxiosError } from "@app/lib/api"; -import { useCallback, useEffect, useState } from "react"; -import { useEnvContext } from "./useEnvContext"; -import { - Container, - GetDockerStatusResponse, - ListContainersResponse, - TriggerFetchResponse -} from "@server/routers/site"; -import { AxiosResponse } from "axios"; -import { toast } from "./useToast"; -import { Site } from "@server/db"; - -const sleep = (ms: number) => new Promise((resolve) => setTimeout(resolve, ms)); - -export function useDockerSocket(site: Site) { - console.log(`useDockerSocket initialized for site ID: ${site.siteId}`); - - const [dockerSocket, setDockerSocket] = useState(); - const [containers, setContainers] = useState([]); - - const api = createApiClient(useEnvContext()); - - const { dockerSocketEnabled: rawIsEnabled = true, type: siteType } = site || {}; - const isEnabled = rawIsEnabled && siteType === "newt"; - const { isAvailable = false, socketPath } = dockerSocket || {}; - - const checkDockerSocket = useCallback(async () => { - if (!isEnabled) { - console.warn("Docker socket is not enabled for this site."); - return; - } - try { - const res = await api.post(`/site/${site.siteId}/docker/check`); - console.log("Docker socket check response:", res); - } catch (error) { - console.error("Failed to check Docker socket:", error); - } - }, [api, site.siteId, isEnabled]); - - const getDockerSocketStatus = useCallback(async () => { - if (!isEnabled) { - console.warn("Docker socket is not enabled for this site."); - return; - } - - try { - const res = await api.get>( - `/site/${site.siteId}/docker/status` - ); - - if (res.status === 200) { - setDockerSocket(res.data.data); - } else { - console.error("Failed to get Docker status:", res); - toast({ - variant: "destructive", - title: "Failed to get Docker status", - description: - "An error occurred while fetching Docker status." - }); - } - } catch (error) { - console.error("Failed to get Docker status:", error); - toast({ - variant: "destructive", - title: "Failed to get Docker status", - description: "An error occurred while fetching Docker status." - }); - } - }, [api, site.siteId, isEnabled]); - - const getContainers = useCallback( - async (maxRetries: number = 3) => { - if (!isEnabled || !isAvailable) { - console.warn("Docker socket is not enabled or available."); - return; - } - - const fetchContainerList = async () => { - if (!isEnabled || !isAvailable) { - return; - } - - let attempt = 0; - while (attempt < maxRetries) { - try { - const res = await api.get< - AxiosResponse - >(`/site/${site.siteId}/docker/containers`); - setContainers(res.data.data); - return res.data.data; - } catch (error: any) { - attempt++; - - // Check if the error is a 425 (Too Early) status - if (error?.response?.status === 425) { - if (attempt < maxRetries) { - console.log( - `Containers not ready yet (attempt ${attempt}/${maxRetries}). Retrying in 250ms...` - ); - await sleep(250); - continue; - } else { - console.warn( - "Max retry attempts reached. Containers may still be loading." - ); - // toast({ - // variant: "destructive", - // title: "Containers not ready", - // description: - // "Containers are still loading. Please try again in a moment." - // }); - } - } else { - console.error( - "Failed to fetch Docker containers:", - error - ); - toast({ - variant: "destructive", - title: "Failed to fetch containers", - description: formatAxiosError( - error, - "An error occurred while fetching containers" - ) - }); - } - break; - } - } - }; - - try { - const res = await api.post>( - `/site/${site.siteId}/docker/trigger` - ); - // TODO: identify a way to poll the server for latest container list periodically? - await fetchContainerList(); - return res.data.data; - } catch (error) { - console.error("Failed to trigger Docker containers:", error); - } - }, - [api, site.siteId, isEnabled, isAvailable] - ); - - // 2. Docker socket status monitoring - useEffect(() => { - if (!isEnabled || isAvailable) { - return; - } - - checkDockerSocket(); - getDockerSocketStatus(); - - }, [isEnabled, isAvailable, checkDockerSocket, getDockerSocketStatus]); - - return { - isEnabled, - isAvailable: isEnabled && isAvailable, - socketPath, - containers, - check: checkDockerSocket, - status: getDockerSocketStatus, - fetchContainers: getContainers - }; -} diff --git a/src/i18n/config.ts b/src/i18n/config.ts index 9871a199..3644b06d 100644 --- a/src/i18n/config.ts +++ b/src/i18n/config.ts @@ -1,4 +1,4 @@ export type Locale = (typeof locales)[number]; -export const locales = ['en-US', 'es-ES', 'fr-FR', 'de-DE', 'nl-NL', 'it-IT', 'pl-PL', 'pt-PT', 'tr-TR', 'zh-CN', 'ko-KR'] as const; +export const locales = ['en-US', 'es-ES', 'fr-FR', 'de-DE', 'nl-NL', 'it-IT', 'pl-PL', 'pt-PT', 'tr-TR', 'zh-CN', 'ko-KR', 'bg-BG', 'cs-CZ', 'ru-RU', 'nb-NO'] as const; export const defaultLocale: Locale = 'en-US'; \ No newline at end of file diff --git a/src/lib/docker.ts b/src/lib/docker.ts new file mode 100644 index 00000000..d463237b --- /dev/null +++ b/src/lib/docker.ts @@ -0,0 +1,136 @@ +import { createApiClient, formatAxiosError } from "@app/lib/api"; +import { + Container, + GetDockerStatusResponse, + ListContainersResponse, + TriggerFetchResponse +} from "@server/routers/site"; +import { AxiosResponse } from "axios"; + +const sleep = (ms: number) => new Promise((resolve) => setTimeout(resolve, ms)); + +export interface DockerState { + isEnabled: boolean; + isAvailable: boolean; + socketPath?: string; + containers: Container[]; +} + +export class DockerManager { + private api: any; + private siteId: number; + + constructor(api: any, siteId: number) { + this.api = api; + this.siteId = siteId; + } + + async checkDockerSocket(): Promise { + try { + const res = await this.api.post(`/site/${this.siteId}/docker/check`); + console.log("Docker socket check response:", res); + } catch (error) { + console.error("Failed to check Docker socket:", error); + } + } + + async getDockerSocketStatus(): Promise { + try { + const res = await this.api.get( + `/site/${this.siteId}/docker/status` + ); + + if (res.status === 200) { + return res.data.data as GetDockerStatusResponse; + } else { + console.error("Failed to get Docker status:", res); + return null; + } + } catch (error) { + console.error("Failed to get Docker status:", error); + return null; + } + } + + async fetchContainers(maxRetries: number = 3): Promise { + const fetchContainerList = async (): Promise => { + let attempt = 0; + while (attempt < maxRetries) { + try { + const res = await this.api.get( + `/site/${this.siteId}/docker/containers` + ); + return res.data.data as Container[]; + } catch (error: any) { + attempt++; + + // Check if the error is a 425 (Too Early) status + if (error?.response?.status === 425) { + if (attempt < maxRetries) { + console.log( + `Containers not ready yet (attempt ${attempt}/${maxRetries}). Retrying in 250ms...` + ); + await sleep(250); + continue; + } else { + console.warn( + "Max retry attempts reached. Containers may still be loading." + ); + } + } else { + console.error( + "Failed to fetch Docker containers:", + error + ); + throw error; + } + break; + } + } + return []; + }; + + try { + await this.api.post( + `/site/${this.siteId}/docker/trigger` + ); + return await fetchContainerList(); + } catch (error) { + console.error("Failed to trigger Docker containers:", error); + return []; + } + } + + async initializeDocker(): Promise { + console.log(`Initializing Docker for site ID: ${this.siteId}`); + + // For now, assume Docker is enabled for newt sites + const isEnabled = true; + + if (!isEnabled) { + return { + isEnabled: false, + isAvailable: false, + containers: [] + }; + } + + // Check and get Docker socket status + await this.checkDockerSocket(); + const dockerStatus = await this.getDockerSocketStatus(); + + const isAvailable = dockerStatus?.isAvailable || false; + let containers: Container[] = []; + + if (isAvailable) { + containers = await this.fetchContainers(); + } + + return { + isEnabled, + isAvailable, + socketPath: dockerStatus?.socketPath, + containers + }; + } +} diff --git a/src/lib/types/env.ts b/src/lib/types/env.ts index a01b9cfd..66686619 100644 --- a/src/lib/types/env.ts +++ b/src/lib/types/env.ts @@ -25,5 +25,5 @@ export type Env = { disableBasicWireguardSites: boolean; enableClients: boolean; hideSupporterKey: boolean; - }, + } }; diff --git a/src/providers/ResourceProvider.tsx b/src/providers/ResourceProvider.tsx index 4541035a..da6aca87 100644 --- a/src/providers/ResourceProvider.tsx +++ b/src/providers/ResourceProvider.tsx @@ -3,20 +3,17 @@ import ResourceContext from "@app/contexts/resourceContext"; import { GetResourceAuthInfoResponse } from "@server/routers/resource"; import { GetResourceResponse } from "@server/routers/resource/getResource"; -import { GetSiteResponse } from "@server/routers/site"; import { useState } from "react"; import { useTranslations } from "next-intl"; interface ResourceProviderProps { children: React.ReactNode; resource: GetResourceResponse; - site: GetSiteResponse | null; authInfo: GetResourceAuthInfoResponse; } export function ResourceProvider({ children, - site, resource: serverResource, authInfo: serverAuthInfo }: ResourceProviderProps) { @@ -66,7 +63,7 @@ export function ResourceProvider({ return ( {children} diff --git a/src/services/locale.ts b/src/services/locale.ts index 29051152..46e5fd10 100644 --- a/src/services/locale.ts +++ b/src/services/locale.ts @@ -1,16 +1,36 @@ 'use server'; -import {cookies} from 'next/headers'; -import {Locale, defaultLocale} from '@/i18n/config'; +import { cookies, headers } from 'next/headers'; +import { Locale, defaultLocale, locales } from '@/i18n/config'; // In this example the locale is read from a cookie. You could alternatively // also read it from a database, backend service, or any other source. const COOKIE_NAME = 'NEXT_LOCALE'; -export async function getUserLocale() { - return (await cookies()).get(COOKIE_NAME)?.value || defaultLocale; +export async function getUserLocale(): Promise { + const cookieLocale = (await cookies()).get(COOKIE_NAME)?.value; + + if (cookieLocale && locales.includes(cookieLocale as Locale)) { + return cookieLocale as Locale; + } + + const headerList = await headers(); + const acceptLang = headerList.get('accept-language'); + + if (acceptLang) { + const browserLang = acceptLang.split(',')[0]; + const matched = locales.find((locale) => + browserLang.toLowerCase().startsWith(locale.split('-')[0].toLowerCase()) + ); + if (matched) { + return matched; + } + } + + return defaultLocale; } + export async function setUserLocale(locale: Locale) { (await cookies()).set(COOKIE_NAME, locale); } diff --git a/tsconfig.json b/tsconfig.json index 24a1cf09..7af98e53 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -25,7 +25,7 @@ "name": "next" } ], - "target": "ES2017" + "target": "ES2022" }, "include": ["next-env.d.ts", "**/*.ts", "**/*.tsx", ".next/types/**/*.ts"], "exclude": ["node_modules"]