Gerhard Scheikl
d317e8c758
WS1: pin all Docker stages to node:24.16.0-alpine; add engines node>=20. WS2: lib/redis.ts gains TTL-backed redisSet, redisDel, setTunnelActive (writes tunnel:active:<sub>=1/0 EX 30, TUNNEL_ACTIVE_TTL override, no-op without REDIS_URL); wired into tunnel active/delete/reassign routes. WS3: sortable columns, CSV export routes (token excluded), and bulk actions (self-account guard) across users/tunnels/audit admin tables.
102 lines
3.2 KiB
TypeScript
102 lines
3.2 KiB
TypeScript
import { type NextRequest } from 'next/server';
|
|
import { requireAdminApi } from '@/lib/auth/admin-guard';
|
|
import { getSupabaseAdmin } from '@/lib/supabase/admin';
|
|
import { logAdminAction } from '@/lib/auth/audit';
|
|
import { isUuid } from '@/lib/admin/validators';
|
|
import { validateSubdomain } from '@/lib/validation';
|
|
import { isSubdomainReserved } from '@/lib/admin/reserved';
|
|
import { setTunnelActive } from '@/lib/redis';
|
|
import { jsonNoStore } from '@/lib/admin/response';
|
|
|
|
export const runtime = 'nodejs';
|
|
export const dynamic = 'force-dynamic';
|
|
|
|
export async function POST(
|
|
req: NextRequest,
|
|
{ params }: { params: { id: string } },
|
|
) {
|
|
const auth = await requireAdminApi();
|
|
if (!auth.ok) return auth.response;
|
|
|
|
const { id } = params;
|
|
if (!isUuid(id)) {
|
|
return jsonNoStore({ error: 'invalid tunnel id' }, { status: 400 });
|
|
}
|
|
|
|
let body: { subdomain?: unknown };
|
|
try {
|
|
body = (await req.json()) as { subdomain?: unknown };
|
|
} catch {
|
|
return jsonNoStore({ error: 'invalid json' }, { status: 400 });
|
|
}
|
|
|
|
// Same validation as the user-facing claim flow (format + hardcoded reserved).
|
|
const v = validateSubdomain(body.subdomain);
|
|
if (!v.ok) {
|
|
return jsonNoStore({ error: v.error }, { status: 400 });
|
|
}
|
|
const subdomain = v.value;
|
|
|
|
// Also reject anything reserved in the DB table.
|
|
if (await isSubdomainReserved(subdomain)) {
|
|
return jsonNoStore(
|
|
{ error: `'${subdomain}' is reserved` },
|
|
{ status: 400 },
|
|
);
|
|
}
|
|
|
|
const admin = getSupabaseAdmin();
|
|
|
|
// Reject if taken by a different tunnel (keyed by owner user_id).
|
|
const { data: existing } = await admin
|
|
.from('tunnels')
|
|
.select('user_id, subdomain')
|
|
.eq('subdomain', subdomain)
|
|
.maybeSingle<{ user_id: string; subdomain: string }>();
|
|
if (existing && existing.user_id !== id) {
|
|
return jsonNoStore({ error: 'subdomain taken' }, { status: 409 });
|
|
}
|
|
|
|
// Capture the current subdomain so we can drop the OLD hostname's live
|
|
// connection once it is freed by the rename.
|
|
const { data: current } = await admin
|
|
.from('tunnels')
|
|
.select('subdomain')
|
|
.eq('user_id', id)
|
|
.maybeSingle<{ subdomain: string }>();
|
|
const oldSubdomain = current?.subdomain ?? null;
|
|
|
|
const { data, error } = await admin
|
|
.from('tunnels')
|
|
.update({ subdomain })
|
|
.eq('user_id', id)
|
|
.select('subdomain')
|
|
.maybeSingle<{ subdomain: string }>();
|
|
if (error) {
|
|
const code = (error as { code?: string }).code;
|
|
if (code === '23505') {
|
|
return jsonNoStore({ error: 'subdomain taken' }, { status: 409 });
|
|
}
|
|
console.error('admin tunnel.reassign failed', error);
|
|
return jsonNoStore({ error: 'internal error' }, { status: 500 });
|
|
}
|
|
if (!data) {
|
|
return jsonNoStore({ error: 'tunnel not found' }, { status: 404 });
|
|
}
|
|
|
|
// Best-effort: drop any live connection on the OLD subdomain so the former
|
|
// hostname stops resolving as active. No-op when REDIS_URL is unset.
|
|
if (oldSubdomain && oldSubdomain !== subdomain) {
|
|
await setTunnelActive(oldSubdomain, false);
|
|
}
|
|
|
|
await logAdminAction(auth.user, {
|
|
action: 'tunnel.reassign',
|
|
target_type: 'tunnel',
|
|
target_id: id,
|
|
details: { subdomain, previous_subdomain: oldSubdomain },
|
|
});
|
|
|
|
return jsonNoStore({ ok: true, subdomain });
|
|
}
|