feat(config): add reusable security profiles and network targets with route reference resolution

2026-04-02 15:44:36 +00:00
parent 6344c2deae
commit 55699f6618
31 changed files with 2845 additions and 12 deletions
--- a/ts/classes.dcrouter.ts
+++ b/ts/classes.dcrouter.ts
@@ -21,7 +21,7 @@ import { MetricsManager } from './monitoring/index.js';
 import { RadiusServer, type IRadiusServerConfig } from './radius/index.js';
 import { RemoteIngressManager, TunnelManager } from './remoteingress/index.js';
 import { VpnManager, type IVpnManagerConfig } from './vpn/index.js';
-import { RouteConfigManager, ApiTokenManager } from './config/index.js';
+import { RouteConfigManager, ApiTokenManager, ReferenceResolver, DbSeeder } from './config/index.js';
 import { SecurityLogger, ContentScanner, IPReputationChecker } from './security/index.js';
 import { type IHttp3Config, augmentRoutesWithHttp3 } from './http3/index.js';

@@ -137,6 +137,10 @@ export interface IDcRouterOptions {
    dbName?: string;
    /** Cache cleanup interval in hours (default: 1) */
    cleanupIntervalHours?: number;
+    /** Seed default security profiles and network targets when DB is empty on first startup. */
+    seedOnEmpty?: boolean;
+    /** Custom seed data for profiles and targets (overrides built-in defaults). */
+    seedData?: import('./config/classes.db-seeder.js').ISeedData;
  };

  /**
@@ -269,6 +273,7 @@ export class DcRouter {
  // Programmatic config API
  public routeConfigManager?: RouteConfigManager;
  public apiTokenManager?: ApiTokenManager;
+  public referenceResolver?: ReferenceResolver;

  // Auto-discovered public IP (populated by generateAuthoritativeRecords)
  public detectedPublicIp: string | null = null;
@@ -456,6 +461,10 @@ export class DcRouter {
          .optional()
          .dependsOn('SmartProxy', 'DcRouterDb')
          .withStart(async () => {
+            // Initialize reference resolver first (profiles + targets)
+            this.referenceResolver = new ReferenceResolver();
+            await this.referenceResolver.initialize();
+
            this.routeConfigManager = new RouteConfigManager(
              () => this.getConstructorRoutes(),
              () => this.smartProxy,
@@ -468,14 +477,23 @@ export class DcRouter {
                    return [this.options.vpnConfig?.subnet || '10.8.0.0/24'];
                  }
                : undefined,
+              this.referenceResolver,
            );
            this.apiTokenManager = new ApiTokenManager();
            await this.apiTokenManager.initialize();
            await this.routeConfigManager.initialize();
+
+            // Seed default profiles/targets if DB is empty and seeding is enabled
+            const seeder = new DbSeeder(this.referenceResolver);
+            await seeder.seedIfEmpty(
+              this.options.dbConfig?.seedOnEmpty,
+              this.options.dbConfig?.seedData,
+            );
          })
          .withStop(async () => {
            this.routeConfigManager = undefined;
            this.apiTokenManager = undefined;
+            this.referenceResolver = undefined;
          })
          .withRetry({ maxRetries: 2, baseDelayMs: 1000 }),
      );