add egress ips by access to user configs (#3659)

2025-09-26 21:01:32 +08:00 · 2025-09-20 14:50:51 +05:30
parent cba62bfb83
commit d1b82aa977
4 changed files with 40 additions and 6 deletions
--- a/logic/acls.go
+++ b/logic/acls.go
@@ -1465,6 +1465,18 @@ func GetDefaultPolicy(netID models.NetworkID, ruleType models.AclPolicyType) (mo
 	return acl, nil
 }

+// ListUserPolicies - lists all user policies in a network
+func ListUserPolicies(netID models.NetworkID) []models.Acl {
+	allAcls := ListAcls()
+	userAcls := []models.Acl{}
+	for _, acl := range allAcls {
+		if acl.NetworkID == netID && acl.RuleType == models.UserPolicy {
+			userAcls = append(userAcls, acl)
+		}
+	}
+	return userAcls
+}
+
 // ListAcls - lists all acl policies
 func ListAclsByNetwork(netID models.NetworkID) ([]models.Acl, error) {

--- a/logic/dns.go
+++ b/logic/dns.go
@@ -226,9 +226,7 @@ func GetGwDNS(node *models.Node) string {
 }

 func SetDNSOnWgConfig(gwNode *models.Node, extclient *models.ExtClient) {
-	if extclient.DNS == "" {
-		extclient.DNS = GetGwDNS(gwNode)
-	}
+	extclient.DNS = GetGwDNS(gwNode)
 }

 // GetCustomDNS - gets the custom DNS of a network
--- a/logic/extpeers.go
+++ b/logic/extpeers.go
@@ -71,11 +71,35 @@ func GetEgressRangesOnNetwork(client *models.ExtClient) ([]string, error) {

 	var result []string
 	eli, _ := (&schema.Egress{Network: client.Network}).ListByNetwork(db.WithContext(context.TODO()))
+	staticNode := client.ConvertToStaticNode()
+	userPolicies := ListUserPolicies(models.NetworkID(client.Network))
 	for _, eI := range eli {
-		if !eI.Status || eI.Range == "" {
+		if !eI.Status {
 			continue
 		}
-		result = append(result, eI.Range)
+		if eI.Domain == "" && eI.Range == "" {
+			continue
+		}
+		if eI.Domain != "" && len(eI.DomainAns) == 0 {
+			continue
+		}
+		rangesToBeAdded := []string{}
+		if eI.Domain != "" {
+			rangesToBeAdded = append(rangesToBeAdded, eI.DomainAns...)
+		} else {
+			rangesToBeAdded = append(rangesToBeAdded, eI.Range)
+		}
+		if staticNode.IsUserNode && staticNode.StaticNode.OwnerID != "" {
+			user, err := GetUser(staticNode.StaticNode.OwnerID)
+			if err != nil {
+				return []string{}, errors.New("user not found")
+			}
+			if DoesUserHaveAccessToEgress(user, &eI, userPolicies) {
+				result = append(result, rangesToBeAdded...)
+			}
+		} else {
+			result = append(result, rangesToBeAdded...)
+		}
 	}
 	extclients, _ := GetNetworkExtClients(client.Network)
 	for _, extclient := range extclients {
--- a/models/extclient.go
+++ b/models/extclient.go
@@ -66,7 +66,7 @@ func (ext *ExtClient) ConvertToStaticNode() Node {
 		Tags:       ext.Tags,
 		IsStatic:   true,
 		StaticNode: *ext,
-		IsUserNode: ext.RemoteAccessClientID != "",
+		IsUserNode: ext.RemoteAccessClientID != "" || ext.DeviceID != "",
 		Mutex:      ext.Mutex,
 	}
 }