serve.zone/dcrouter
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(vpn): add tag-based VPN route access control and support configured initial VPN clients

Browse Source
This commit is contained in:
Jürgen Kunz
2026-03-30 12:07:58 +00:00
parent 43618abeba
commit eb211348d2
14 changed files with 125 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
ts/config/classes.route-config-manager.ts
View File

@@ -23,7 +23,7 @@ export class RouteConfigManager {
private getHardcodedRoutes: () => plugins.smartproxy.IRouteConfig[],
private getSmartProxy: () => plugins.smartproxy.SmartProxy | undefined,
private getHttp3Config?: () => IHttp3Config | undefined,
private getVpnSubnet?: () => string | undefined,
private getVpnAllowList?: (tags?: string[]) => string[],
) {}
/**
@@ -246,7 +246,7 @@ export class RouteConfigManager {
// Private: apply merged routes to SmartProxy
// =========================================================================
private async applyRoutes(): Promise<void> {
public async applyRoutes(): Promise<void> {
const smartProxy = this.getSmartProxy();
if (!smartProxy) return;
@@ -262,9 +262,9 @@ export class RouteConfigManager {
enabledRoutes.push(route);
}
// Add enabled programmatic routes (with HTTP/3 augmentation if enabled)
// Add enabled programmatic routes (with HTTP/3 and VPN augmentation)
const http3Config = this.getHttp3Config?.();
const vpnSubnet = this.getVpnSubnet?.();
const vpnAllowList = this.getVpnAllowList;
for (const stored of this.storedRoutes.values()) {
if (stored.enabled) {
let route = stored.route;
@@ -272,15 +272,16 @@ export class RouteConfigManager {
route = augmentRouteWithHttp3(route, { enabled: true, ...http3Config });
}
// Inject VPN security for programmatic routes with vpn.required
if (vpnSubnet) {
if (vpnAllowList) {
const dcRoute = route as IDcRouterRouteConfig;
if (dcRoute.vpn?.required) {
const existing = route.security?.ipAllowList || [];
const allowList = vpnAllowList(dcRoute.vpn.allowedServerDefinedClientTags);
route = {
...route,
security: {
...route.security,
ipAllowList: [...existing, vpnSubnet],
ipAllowList: [...existing, ...allowList],
},
};
}