add egress ips by access to user configs (#3659) (#3660)

abhishek9686 · web-flow · commit c450bb068d3d · 2025-09-22T10:20:49.000+05:30
diff --git a/logic/acls.go b/logic/acls.go
@@ -1465,6 +1465,18 @@ func GetDefaultPolicy(netID models.NetworkID, ruleType models.AclPolicyType) (mo
 	return acl, nil
 }
 
+// ListUserPolicies - lists all user policies in a network
+func ListUserPolicies(netID models.NetworkID) []models.Acl {
+	allAcls := ListAcls()
+	userAcls := []models.Acl{}
+	for _, acl := range allAcls {
+		if acl.NetworkID == netID && acl.RuleType == models.UserPolicy {
+			userAcls = append(userAcls, acl)
+		}
+	}
+	return userAcls
+}
+
 // ListAcls - lists all acl policies
 func ListAclsByNetwork(netID models.NetworkID) ([]models.Acl, error) {
 
diff --git a/logic/dns.go b/logic/dns.go
@@ -226,9 +226,7 @@ func GetGwDNS(node *models.Node) string {
 }
 
 func SetDNSOnWgConfig(gwNode *models.Node, extclient *models.ExtClient) {
-	if extclient.DNS == "" {
-		extclient.DNS = GetGwDNS(gwNode)
-	}
+	extclient.DNS = GetGwDNS(gwNode)
 }
 
 // GetCustomDNS - gets the custom DNS of a network
diff --git a/logic/extpeers.go b/logic/extpeers.go
@@ -71,11 +71,35 @@ func GetEgressRangesOnNetwork(client *models.ExtClient) ([]string, error) {
 
 	var result []string
 	eli, _ := (&schema.Egress{Network: client.Network}).ListByNetwork(db.WithContext(context.TODO()))
+	staticNode := client.ConvertToStaticNode()
+	userPolicies := ListUserPolicies(models.NetworkID(client.Network))
 	for _, eI := range eli {
-		if !eI.Status || eI.Range == "" {
+		if !eI.Status {
 			continue
 		}
-		result = append(result, eI.Range)
+		if eI.Domain == "" && eI.Range == "" {
+			continue
+		}
+		if eI.Domain != "" && len(eI.DomainAns) == 0 {
+			continue
+		}
+		rangesToBeAdded := []string{}
+		if eI.Domain != "" {
+			rangesToBeAdded = append(rangesToBeAdded, eI.DomainAns...)
+		} else {
+			rangesToBeAdded = append(rangesToBeAdded, eI.Range)
+		}
+		if staticNode.IsUserNode && staticNode.StaticNode.OwnerID != "" {
+			user, err := GetUser(staticNode.StaticNode.OwnerID)
+			if err != nil {
+				return []string{}, errors.New("user not found")
+			}
+			if DoesUserHaveAccessToEgress(user, &eI, userPolicies) {
+				result = append(result, rangesToBeAdded...)
+			}
+		} else {
+			result = append(result, rangesToBeAdded...)
+		}
 	}
 	extclients, _ := GetNetworkExtClients(client.Network)
 	for _, extclient := range extclients {
diff --git a/models/extclient.go b/models/extclient.go
@@ -66,7 +66,7 @@ func (ext *ExtClient) ConvertToStaticNode() Node {
 		Tags:       ext.Tags,
 		IsStatic:   true,
 		StaticNode: *ext,
-		IsUserNode: ext.RemoteAccessClientID != "",
+		IsUserNode: ext.RemoteAccessClientID != "" || ext.DeviceID != "",
 		Mutex:      ext.Mutex,
 	}
 }

Original file line number	Diff line number	Diff line change
`@@ -226,9 +226,7 @@ func GetGwDNS(node *models.Node) string {`
`226`	`226`	`}`
`227`	`227`
`228`	`228`	`func SetDNSOnWgConfig(gwNode models.Node, extclient models.ExtClient) {`
`229`		`- if extclient.DNS == "" {`
`230`		`- extclient.DNS = GetGwDNS(gwNode)`
`231`		`- }`
	`229`	`+ extclient.DNS = GetGwDNS(gwNode)`
`232`	`230`	`}`
`233`	`231`
`234`	`232`	`// GetCustomDNS - gets the custom DNS of a network`
Original file line number	Diff line number	Diff line change
`@@ -66,7 +66,7 @@ func (ext *ExtClient) ConvertToStaticNode() Node {`
`66`	`66`	`Tags: ext.Tags,`
`67`	`67`	`IsStatic: true,`
`68`	`68`	`StaticNode: *ext,`
`69`		`- IsUserNode: ext.RemoteAccessClientID != "",`
	`69`	`+ IsUserNode: ext.RemoteAccessClientID != "" \|\| ext.DeviceID != "",`
`70`	`70`	`Mutex: ext.Mutex,`
`71`	`71`	`}`
`72`	`72`	`}`