Update to bring down features from pangolin

Author: oschwartz10612

package-lock.json

@@ -46,6 +46,7 @@
         "@types/js-yaml": "4.0.9",
         "@types/node": "24.9.1",
         "@types/pg": "8.15.5",
+        "@types/semver": "7.7.1",
         "@types/ws": "8.18.1",
         "esbuild": "0.25.11",
         "esbuild-node-externals": "1.18.0",

package.json

@@ -0,0 +1,32 @@
+import logger from "@server/logger";
+import axios from "axios";
+import config from "./config";
+import { tokenManager } from "./tokenManager";
+
+export async function remoteGetASNForIp(
+    ip: string
+): Promise<number | undefined> {
+    try {
+        const response = await axios.get(
+            `${config.getRawConfig().managed?.endpoint}/api/v1/hybrid/asnip/${ip}`,
+            await tokenManager.getAuthHeader()
+        );
+
+        return response.data.data.asn;
+    } catch (error) {
+        if (axios.isAxiosError(error)) {
+            logger.error("Error fetching config in verify session:", {
+                message: error.message,
+                code: error.code,
+                status: error.response?.status,
+                statusText: error.response?.statusText,
+                url: error.config?.url,
+                method: error.config?.method
+            });
+        } else {
+            logger.error("Error fetching config in verify session:", error);
+        }
+    }
+
+    return;
+}

server/lib/asn.ts

@@ -0,0 +1,30 @@
+import { Org, ResourceSession } from "./types";
+
+export function enforceResourceSessionLength(
+    resourceSession: ResourceSession,
+    org: Org
+): { valid: boolean; error?: string } {
+    if (org.maxSessionLengthHours) {
+        const sessionIssuedAt = resourceSession.issuedAt; // may be null
+        const maxSessionLengthHours = org.maxSessionLengthHours;
+
+        if (sessionIssuedAt) {
+            const maxSessionLengthMs = maxSessionLengthHours * 60 * 60 * 1000;
+            const sessionAgeMs = Date.now() - sessionIssuedAt;
+
+            if (sessionAgeMs > maxSessionLengthMs) {
+                return {
+                    valid: false,
+                    error: `Resource session has expired due to organization policy (max session length: ${maxSessionLengthHours} hours)`
+                };
+            }
+        } else {
+            return {
+                valid: false,
+                error: `Resource session is invalid due to organization policy (max session length: ${maxSessionLengthHours} hours)`
+            };
+        }
+    }
+
+    return { valid: true };
+}

server/lib/checkOrgAccessPolicy.ts

@@ -43,6 +43,26 @@ export type ResourceHeaderAuth = {
     headerAuthHash: string;
 };
 
+export type ResourceHeaderAuthExtendedCompatibility = {
+    resourceId: number;
+    headerAuthExtendedCompatibilityId: number;
+    extendedCompatibilityIsActivated: boolean;
+}
+
+export type Org = {
+    name: string;
+    orgId: string;
+    subnet: string | null;
+    utilitySubnet: string | null;
+    createdAt: string | null;
+    requireTwoFactor: boolean | null;
+    maxSessionLengthHours: number | null;
+    passwordExpiryDays: number | null;
+    settingsLogRetentionDaysRequest: number;
+    settingsLogRetentionDaysAccess: number;
+    settingsLogRetentionDaysAction: number;
+}
+
 export type LoginPage = {
     loginPageId: number;
     subdomain: string | null;
@@ -83,6 +103,7 @@ export type ResourceSession = {
     accessTokenId: string | null;
     isRequestToken: boolean;
     userSessionId: string | null;
+    issuedAt: number | null;
 };
 
 export type ResourceAccessToken = {
@@ -95,4 +116,4 @@ export type ResourceAccessToken = {
     title: string | null;
     description: string | null;
     createdAt: number;
-};
+};