-
Notifications
You must be signed in to change notification settings - Fork 44
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
dfe5f8b
commit 359b4f3
Showing
8 changed files
with
113 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,70 @@ | ||
use api_helper::{anchor::WatchIndexQuery, ctx::Ctx}; | ||
use proto::backend; | ||
use rivet_operation::prelude::*; | ||
use serde::{Deserialize, Serialize}; | ||
|
||
use crate::{auth::Auth, types}; | ||
|
||
#[derive(Debug, Serialize, Deserialize)] | ||
#[serde(deny_unknown_fields)] | ||
pub struct ConfigQuery { | ||
token: String, | ||
} | ||
|
||
#[tracing::instrument(skip(ctx))] | ||
pub async fn config( | ||
ctx: Ctx<Auth>, | ||
_watch_index: WatchIndexQuery, | ||
ConfigQuery { token }: ConfigQuery, | ||
) -> GlobalResult<types::TraefikConfigResponseNullified> { | ||
ctx.auth().token(&token).await?; | ||
|
||
let mut config = types::TraefikConfigResponse::default(); | ||
|
||
build_ip_allowlist(&ctx, &mut config).await?; | ||
|
||
tracing::info!( | ||
services = ?config.tcp.services.len(), | ||
routers = config.tcp.routers.len(), | ||
middlewares = ?config.tcp.middlewares.len(), | ||
"tunnel traefik config" | ||
); | ||
|
||
Ok(types::TraefikConfigResponseNullified { | ||
http: config.http.nullified(), | ||
tcp: config.tcp.nullified(), | ||
udp: config.udp.nullified(), | ||
}) | ||
} | ||
|
||
/// Builds configuration for GG edge node routes. | ||
#[tracing::instrument(skip(ctx))] | ||
pub async fn build_ip_allowlist( | ||
ctx: &Ctx<Auth>, | ||
config: &mut types::TraefikConfigResponse, | ||
) -> GlobalResult<()> { | ||
let servers_res = op!([ctx] cluster_server_list { | ||
filter: Some(backend::cluster::ServerFilter { | ||
pool_types: vec![backend::cluster::PoolType::Gg as i32], | ||
..Default::default() | ||
}), | ||
include_destroyed: false, | ||
}) | ||
.await?; | ||
|
||
let public_ips = servers_res | ||
.servers | ||
.iter() | ||
.filter_map(|server| server.public_ip.clone()) | ||
.collect::<Vec<_>>(); | ||
|
||
config.tcp.middlewares.insert( | ||
"tunnel-ip-allowlist".to_owned(), | ||
types::TraefikMiddlewareHttp::IpAllowList { | ||
source_range: public_ips, | ||
ip_strategy: None, | ||
}, | ||
); | ||
|
||
Ok(()) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters