Merge branch 'dev'

Author: oschwartz10612

.github/dependabot.yml

@@ -44,19 +44,9 @@ updates:
     schedule:
       interval: "daily"
     groups:
-      dev-patch-updates:
-        dependency-type: "development"
+      patch-updates:
         update-types:
           - "patch"
-      dev-minor-updates:
-        dependency-type: "development"
+      minor-updates:
         update-types:
           - "minor"
-      prod-patch-updates:
-        dependency-type: "production"
-        update-types:
-          - "patch"
-      prod-minor-updates:
-        dependency-type: "production"
-        update-types:
-          - "minor"

.github/workflows/linting.yml

@@ -26,7 +26,7 @@ jobs:
             - name: Set up Node.js
               uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
               with:
-                node-version: '22'
+                node-version: '24'
 
             - name: Install dependencies
               run: npm ci

.github/workflows/test.yml

@@ -19,7 +19,7 @@ jobs:
       - name: Install Node
         uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
         with:
-          node-version: '22'
+          node-version: '24'
 
       - name: Copy config file
         run: cp config/config.example.yml config/config.yml
@@ -34,7 +34,7 @@ jobs:
         run: npm run set:oss
 
       - name: Generate database migrations
-        run: npm run db:sqlite:generate
+        run: npm run db:generate
 
       - name: Apply database migrations
         run: npm run db:sqlite:push
@@ -64,9 +64,6 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
-      - name: Copy config file
-        run: cp config/config.example.yml config/config.yml
-
       - name: Build Docker image sqlite
         run: make dev-build-sqlite
 
@@ -76,8 +73,5 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
-      - name: Copy config file
-        run: cp config/config.example.yml config/config.yml
-
       - name: Build Docker image pg
         run: make dev-build-pg

Dockerfile

@@ -1,63 +1,43 @@
 FROM node:24-alpine AS builder
 
-# OCI Image Labels - Build Args for dynamic values
-ARG VERSION="dev"
-ARG REVISION=""
-ARG CREATED=""
-ARG LICENSE="AGPL-3.0"
-
 WORKDIR /app
 
 ARG BUILD=oss
 ARG DATABASE=sqlite
 
-# Derive title and description based on BUILD type
-ARG IMAGE_TITLE="Pangolin"
-ARG IMAGE_DESCRIPTION="Identity-aware VPN and proxy for remote access to anything, anywhere"
-
-RUN apk add --no-cache curl tzdata python3 make g++
+RUN apk add --no-cache python3 make g++
 
 # COPY package.json package-lock.json ./
 COPY package*.json ./
 RUN npm ci
 
 COPY . .
 
-RUN echo "export * from \"./$DATABASE\";" > server/db/index.ts
-RUN echo "export const driver: \"pg\" | \"sqlite\" = \"$DATABASE\";" >> server/db/index.ts
-
-RUN echo "export const build = \"$BUILD\" as \"saas\" | \"enterprise\" | \"oss\";" > server/build.ts
-
-# Copy the appropriate TypeScript configuration based on build type
-RUN if [ "$BUILD" = "oss" ]; then cp tsconfig.oss.json tsconfig.json; \
-    elif [ "$BUILD" = "saas" ]; then cp tsconfig.saas.json tsconfig.json; \
-    elif [ "$BUILD" = "enterprise" ]; then cp tsconfig.enterprise.json tsconfig.json; \
-    fi
-
-# if the build is oss then remove the server/private directory
-RUN if [ "$BUILD" = "oss" ]; then rm -rf server/private; fi
-
-RUN if [ "$DATABASE" = "pg" ]; then npx drizzle-kit generate --dialect postgresql --schema ./server/db/pg/schema --out init; else npx drizzle-kit generate --dialect $DATABASE --schema ./server/db/$DATABASE/schema --out init; fi
-
-RUN mkdir -p dist
-RUN npm run next:build
-RUN node esbuild.mjs -e server/index.ts -o dist/server.mjs -b $BUILD
-RUN if [ "$DATABASE" = "pg" ]; then \
-    node esbuild.mjs -e server/setup/migrationsPg.ts -o dist/migrations.mjs; \
-    else \
-    node esbuild.mjs -e server/setup/migrationsSqlite.ts -o dist/migrations.mjs; \
-    fi
+RUN if [ "$BUILD" = "oss" ]; then rm -rf server/private; fi && \
+    npm run set:$DATABASE && \
+    npm run set:$BUILD && \
+    npm run db:generate && \
+    npm run build && \
+    npm run build:cli
 
 # test to make sure the build output is there and error if not
 RUN test -f dist/server.mjs
 
-RUN npm run build:cli
-
 # Prune dev dependencies and clean up to prepare for copy to runner
 RUN npm prune --omit=dev && npm cache clean --force
 
 FROM node:24-alpine AS runner
 
+# OCI Image Labels - Build Args for dynamic values
+ARG VERSION="dev"
+ARG REVISION=""
+ARG CREATED=""
+ARG LICENSE="AGPL-3.0"
+
+# Derive title and description based on BUILD type
+ARG IMAGE_TITLE="Pangolin"
+ARG IMAGE_DESCRIPTION="Identity-aware VPN and proxy for remote access to anything, anywhere"
+
 WORKDIR /app
 
 # Only curl and tzdata needed at runtime - no build tools!
@@ -66,11 +46,10 @@ RUN apk add --no-cache curl tzdata
 # Copy pre-built node_modules from builder (already pruned to production only)
 # This includes the compiled native modules like better-sqlite3
 COPY --from=builder /app/node_modules ./node_modules
-
 COPY --from=builder /app/.next/standalone ./
 COPY --from=builder /app/.next/static ./.next/static
 COPY --from=builder /app/dist ./dist
-COPY --from=builder /app/init ./dist/init
+COPY --from=builder /app/server/migrations ./dist/init
 COPY --from=builder /app/package.json ./package.json
 
 COPY ./cli/wrapper.sh /usr/local/bin/pangctl

esbuild.mjs

@@ -6,6 +6,12 @@ import path from "path";
 import fs from "fs";
 // import { glob } from "glob";
 
+// Read default build type from server/build.ts
+let build = "oss";
+const buildFile = fs.readFileSync(path.resolve("server/build.ts"), "utf8");
+const m = buildFile.match(/export\s+const\s+build\s*=\s*["'](oss|saas|enterprise)["']/);
+if (m) build = m[1];
+
 const banner = `
 // patch __dirname
 // import { fileURLToPath } from "url";
@@ -37,7 +43,7 @@ const argv = yargs(hideBin(process.argv))
         describe: "Build type (oss, saas, enterprise)",
         type: "string",
         choices: ["oss", "saas", "enterprise"],
-        default: "oss"
+        default: build
     })
     .help()
     .alias("help", "h").argv;

install/main.go

@@ -6,7 +6,8 @@ import (
 	"fmt"
 	"io"
 	"io/fs"
-	"math/rand"
+	"crypto/rand"
+	"encoding/base64"
 	"net"
 	"net/http"
 	"net/url"
@@ -592,17 +593,12 @@ func showSetupTokenInstructions(containerType SupportedContainer, dashboardDomai
 }
 
 func generateRandomSecretKey() string {
-	const charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
-	const length = 32
-
-	var seededRand *rand.Rand = rand.New(
-		rand.NewSource(time.Now().UnixNano()))
-
-	b := make([]byte, length)
-	for i := range b {
-		b[i] = charset[seededRand.Intn(len(charset))]
+	secret := make([]byte, 32)
+	_, err := rand.Read(secret)
+	if err != nil {
+		panic(fmt.Sprintf("Failed to generate random secret key: %v", err))
 	}
-	return string(b)
+	return base64.StdEncoding.EncodeToString(secret)
 }
 
 func getPublicIP() string {

messages/en-US.json

@@ -1436,6 +1436,15 @@
     "billingUsersInfo": "You're charged for each user in the organization. Billing is calculated daily based on the number of active user accounts in your org.",
     "billingDomainInfo": "You're charged for each domain in the organization. Billing is calculated daily based on the number of active domain accounts in your org.",
     "billingRemoteExitNodesInfo": "You're charged for each managed Node in the organization. Billing is calculated daily based on the number of active managed Nodes in your org.",
+    "billingLicenseKeys": "License Keys",
+    "billingLicenseKeysDescription": "Manage your license key subscriptions",
+    "billingLicenseSubscription": "License Subscription",
+    "billingInactive": "Inactive",
+    "billingLicenseItem": "License Item",
+    "billingQuantity": "Quantity",
+    "billingTotal": "total",
+    "billingModifyLicenses": "Modify License Subscription",
+    "billingPricingCalculatorLink": "View Pricing Calculator",
     "domainNotFound": "Domain Not Found",
     "domainNotFoundDescription": "This resource is disabled because the domain no longer exists our system. Please set a new domain for this resource.",
     "failed": "Failed",
@@ -2113,6 +2122,32 @@
             }
         }
     },
+    "newPricingLicenseForm": {
+        "title": "Get a license",
+        "description": "Choose a plan and tell us how you plan to use Pangolin.",
+        "chooseTier": "Choose your plan",
+        "viewPricingLink": "See pricing, features, and limits",
+        "tiers": {
+            "starter": {
+                "title": "Starter",
+                "description": "Enterprise features, 25 users, 25 sites, and community support."
+            },
+            "scale": {
+                "title": "Scale",
+                "description": "Enterprise features, 50 users, 50 sites, and priority support."
+            }
+        },
+        "personalUseOnly": "Personal use only (free license — no checkout)",
+        "buttons": {
+            "continueToCheckout": "Continue to Checkout"
+        },
+        "toasts": {
+            "checkoutError": {
+                "title": "Checkout error",
+                "description": "Could not start checkout. Please try again."
+            }
+        }
+    },
     "priority": "Priority",
     "priorityDescription": "Higher priority routes are evaluated first. Priority = 100 means automatic ordering (system decides). Use another number to enforce manual priority.",
     "instanceName": "Instance Name",