npm - @serve.zone/dcrouter - Versions diffs - 12.10.0 → 13.0.1 - Mend

@serve.zone/dcrouter 12.10.0 → 13.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (86) hide show

package/dist_serve/bundle.js +1873 -1850
package/dist_ts/00_commitinfo_data.js +2 -2
package/dist_ts/classes.dcrouter.d.ts +5 -4
package/dist_ts/classes.dcrouter.js +25 -49
package/dist_ts/config/classes.reference-resolver.d.ts +7 -7
package/dist_ts/config/classes.reference-resolver.js +27 -27
package/dist_ts/config/classes.route-config-manager.d.ts +2 -2
package/dist_ts/config/classes.route-config-manager.js +12 -15
package/dist_ts/config/classes.target-profile-manager.d.ts +63 -0
package/dist_ts/config/classes.target-profile-manager.js +295 -0
package/dist_ts/config/index.d.ts +1 -0
package/dist_ts/config/index.js +2 -1
package/dist_ts/db/documents/{classes.security-profile.doc.d.ts → classes.source-profile.doc.d.ts} +4 -4
package/dist_ts/db/documents/{classes.security-profile.doc.js → classes.source-profile.doc.js} +9 -9
package/dist_ts/db/documents/classes.target-profile.doc.d.ts +17 -0
package/dist_ts/db/documents/classes.target-profile.doc.js +124 -0
package/dist_ts/db/documents/classes.vpn-client.doc.d.ts +1 -1
package/dist_ts/db/documents/classes.vpn-client.doc.js +8 -8
package/dist_ts/db/documents/index.d.ts +2 -1
package/dist_ts/db/documents/index.js +3 -2
package/dist_ts/opsserver/classes.opsserver.d.ts +2 -1
package/dist_ts/opsserver/classes.opsserver.js +5 -3
package/dist_ts/opsserver/handlers/index.d.ts +2 -1
package/dist_ts/opsserver/handlers/index.js +3 -2
package/dist_ts/opsserver/handlers/{security-profile.handler.d.ts → source-profile.handler.d.ts} +1 -1
package/dist_ts/opsserver/handlers/{security-profile.handler.js → source-profile.handler.js} +20 -20
package/dist_ts/opsserver/handlers/target-profile.handler.d.ts +10 -0
package/dist_ts/opsserver/handlers/target-profile.handler.js +115 -0
package/dist_ts/opsserver/handlers/vpn.handler.js +5 -5
package/dist_ts/vpn/classes.vpn-manager.d.ts +6 -10
package/dist_ts/vpn/classes.vpn-manager.js +11 -34
package/dist_ts_interfaces/data/index.d.ts +1 -0
package/dist_ts_interfaces/data/index.js +2 -1
package/dist_ts_interfaces/data/remoteingress.d.ts +4 -15
package/dist_ts_interfaces/data/route-management.d.ts +9 -6
package/dist_ts_interfaces/data/target-profile.d.ts +28 -0
package/dist_ts_interfaces/data/target-profile.js +2 -0
package/dist_ts_interfaces/data/vpn.d.ts +2 -1
package/dist_ts_interfaces/requests/index.d.ts +2 -1
package/dist_ts_interfaces/requests/index.js +3 -2
package/dist_ts_interfaces/requests/{security-profiles.d.ts → source-profiles.d.ts} +21 -21
package/dist_ts_interfaces/requests/source-profiles.js +2 -0
package/dist_ts_interfaces/requests/target-profiles.d.ts +103 -0
package/dist_ts_interfaces/requests/target-profiles.js +2 -0
package/dist_ts_interfaces/requests/vpn.d.ts +2 -2
package/dist_ts_web/00_commitinfo_data.js +2 -2
package/dist_ts_web/appstate.d.ts +36 -3
package/dist_ts_web/appstate.js +127 -10
package/dist_ts_web/elements/index.d.ts +2 -1
package/dist_ts_web/elements/index.js +3 -2
package/dist_ts_web/elements/ops-dashboard.js +10 -4
package/dist_ts_web/elements/ops-view-routes.js +8 -8
package/dist_ts_web/elements/{ops-view-securityprofiles.d.ts → ops-view-sourceprofiles.d.ts} +2 -2
package/dist_ts_web/elements/{ops-view-securityprofiles.js → ops-view-sourceprofiles.js} +12 -12
package/dist_ts_web/elements/ops-view-targetprofiles.d.ts +19 -0
package/dist_ts_web/elements/ops-view-targetprofiles.js +412 -0
package/dist_ts_web/elements/ops-view-vpn.js +13 -13
package/dist_ts_web/router.d.ts +1 -1
package/dist_ts_web/router.js +2 -2
package/package.json +3 -3
package/ts/00_commitinfo_data.ts +1 -1
package/ts/classes.dcrouter.ts +33 -50
package/ts/config/classes.reference-resolver.ts +34 -34
package/ts/config/classes.route-config-manager.ts +9 -12
package/ts/config/classes.target-profile-manager.ts +348 -0
package/ts/config/index.ts +2 -1
package/ts/db/documents/{classes.security-profile.doc.ts → classes.source-profile.doc.ts} +7 -7
package/ts/db/documents/classes.target-profile.doc.ts +52 -0
package/ts/db/documents/classes.vpn-client.doc.ts +1 -1
package/ts/db/documents/index.ts +2 -1
package/ts/opsserver/classes.opsserver.ts +4 -2
package/ts/opsserver/handlers/index.ts +2 -1
package/ts/opsserver/handlers/{security-profile.handler.ts → source-profile.handler.ts} +25 -25
package/ts/opsserver/handlers/target-profile.handler.ts +155 -0
package/ts/opsserver/handlers/vpn.handler.ts +4 -4
package/ts/vpn/classes.vpn-manager.ts +14 -38
package/ts_web/00_commitinfo_data.ts +1 -1
package/ts_web/appstate.ts +180 -17
package/ts_web/elements/index.ts +2 -1
package/ts_web/elements/ops-dashboard.ts +9 -3
package/ts_web/elements/ops-view-routes.ts +7 -7
package/ts_web/elements/{ops-view-securityprofiles.ts → ops-view-sourceprofiles.ts} +13 -13
package/ts_web/elements/ops-view-targetprofiles.ts +379 -0
package/ts_web/elements/ops-view-vpn.ts +12 -12
package/ts_web/router.ts +1 -1
package/dist_ts_interfaces/requests/security-profiles.js +0 -2

package/ts/db/documents/classes.target-profile.doc.ts ADDED Viewed

@@ -0,0 +1,52 @@
+import * as plugins from '../../plugins.js';
+import { DcRouterDb } from '../classes.dcrouter-db.js';
+import type { ITargetProfileTarget } from '../../../ts_interfaces/data/target-profile.js';
+const getDb = () => DcRouterDb.getInstance().getDb();
+@plugins.smartdata.Collection(() => getDb())
+export class TargetProfileDoc extends plugins.smartdata.SmartDataDbDoc<TargetProfileDoc, TargetProfileDoc> {
+  @plugins.smartdata.unI()
+  @plugins.smartdata.svDb()
+  public id!: string;
+  @plugins.smartdata.svDb()
+  public name: string = '';
+  @plugins.smartdata.svDb()
+  public description?: string;
+  @plugins.smartdata.svDb()
+  public domains?: string[];
+  @plugins.smartdata.svDb()
+  public targets?: ITargetProfileTarget[];
+  @plugins.smartdata.svDb()
+  public routeRefs?: string[];
+  @plugins.smartdata.svDb()
+  public createdAt!: number;
+  @plugins.smartdata.svDb()
+  public updatedAt!: number;
+  @plugins.smartdata.svDb()
+  public createdBy!: string;
+  constructor() {
+    super();
+  }
+  public static async findById(id: string): Promise<TargetProfileDoc | null> {
+    return await TargetProfileDoc.getInstance({ id });
+  }
+  public static async findByName(name: string): Promise<TargetProfileDoc | null> {
+    return await TargetProfileDoc.getInstance({ name });
+  }
+  public static async findAll(): Promise<TargetProfileDoc[]> {
+    return await TargetProfileDoc.getInstances({});
+  }
+}

package/ts/db/documents/classes.vpn-client.doc.ts CHANGED Viewed

@@ -13,7 +13,7 @@ export class VpnClientDoc extends plugins.smartdata.SmartDataDbDoc<VpnClientDoc,
   public enabled!: boolean;
   @plugins.smartdata.svDb()
-  public serverDefinedClientTags?: string[];
+  public targetProfileIds?: string[];
   @plugins.smartdata.svDb()
   public description?: string;

package/ts/db/documents/index.ts CHANGED Viewed

@@ -6,7 +6,8 @@ export * from './classes.cached.ip.reputation.js';
 export * from './classes.stored-route.doc.js';
 export * from './classes.route-override.doc.js';
 export * from './classes.api-token.doc.js';
-export * from './classes.security-profile.doc.js';
+export * from './classes.source-profile.doc.js';
+export * from './classes.target-profile.doc.js';
 export * from './classes.network-target.doc.js';
 // VPN document classes

package/ts/opsserver/classes.opsserver.ts CHANGED Viewed

@@ -29,7 +29,8 @@ export class OpsServer {
   private routeManagementHandler!: handlers.RouteManagementHandler;
   private apiTokenHandler!: handlers.ApiTokenHandler;
   private vpnHandler!: handlers.VpnHandler;
-  private securityProfileHandler!: handlers.SecurityProfileHandler;
+  private sourceProfileHandler!: handlers.SourceProfileHandler;
+  private targetProfileHandler!: handlers.TargetProfileHandler;
   private networkTargetHandler!: handlers.NetworkTargetHandler;
   constructor(dcRouterRefArg: DcRouter) {
@@ -90,7 +91,8 @@ export class OpsServer {
     this.routeManagementHandler = new handlers.RouteManagementHandler(this);
     this.apiTokenHandler = new handlers.ApiTokenHandler(this);
     this.vpnHandler = new handlers.VpnHandler(this);
-    this.securityProfileHandler = new handlers.SecurityProfileHandler(this);
+    this.sourceProfileHandler = new handlers.SourceProfileHandler(this);
+    this.targetProfileHandler = new handlers.TargetProfileHandler(this);
     this.networkTargetHandler = new handlers.NetworkTargetHandler(this);
     console.log('✅ OpsServer TypedRequest handlers initialized');

package/ts/opsserver/handlers/index.ts CHANGED Viewed

@@ -10,5 +10,6 @@ export * from './remoteingress.handler.js';
 export * from './route-management.handler.js';
 export * from './api-token.handler.js';
 export * from './vpn.handler.js';
-export * from './security-profile.handler.js';
+export * from './source-profile.handler.js';
+export * from './target-profile.handler.js';
 export * from './network-target.handler.js';

package/ts/opsserver/handlers/{security-profile.handler.ts → source-profile.handler.ts} RENAMED Viewed

@@ -2,7 +2,7 @@ import * as plugins from '../../plugins.js';
 import type { OpsServer } from '../classes.opsserver.js';
 import * as interfaces from '../../../ts_interfaces/index.js';
-export class SecurityProfileHandler {
+export class SourceProfileHandler {
   public typedrouter = new plugins.typedrequest.TypedRouter();
   constructor(private opsServerRef: OpsServer) {
@@ -40,12 +40,12 @@ export class SecurityProfileHandler {
   }
   private registerHandlers(): void {
-    // Get all security profiles
+    // Get all source profiles
     this.typedrouter.addTypedHandler(
-      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetSecurityProfiles>(
-        'getSecurityProfiles',
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetSourceProfiles>(
+        'getSourceProfiles',
         async (dataArg) => {
-          await this.requireAuth(dataArg, 'profiles:read');
+          await this.requireAuth(dataArg, 'source-profiles:read');
           const resolver = this.opsServerRef.dcRouterRef.referenceResolver;
           if (!resolver) {
             return { profiles: [] };
@@ -55,12 +55,12 @@ export class SecurityProfileHandler {
       ),
     );
-    // Get a single security profile
+    // Get a single source profile
     this.typedrouter.addTypedHandler(
-      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetSecurityProfile>(
-        'getSecurityProfile',
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetSourceProfile>(
+        'getSourceProfile',
         async (dataArg) => {
-          await this.requireAuth(dataArg, 'profiles:read');
+          await this.requireAuth(dataArg, 'source-profiles:read');
           const resolver = this.opsServerRef.dcRouterRef.referenceResolver;
           if (!resolver) {
             return { profile: null };
@@ -70,12 +70,12 @@ export class SecurityProfileHandler {
       ),
     );
-    // Create a security profile
+    // Create a source profile
     this.typedrouter.addTypedHandler(
-      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_CreateSecurityProfile>(
-        'createSecurityProfile',
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_CreateSourceProfile>(
+        'createSourceProfile',
         async (dataArg) => {
-          const userId = await this.requireAuth(dataArg, 'profiles:write');
+          const userId = await this.requireAuth(dataArg, 'source-profiles:write');
           const resolver = this.opsServerRef.dcRouterRef.referenceResolver;
           if (!resolver) {
             return { success: false, message: 'Reference resolver not initialized' };
@@ -92,12 +92,12 @@ export class SecurityProfileHandler {
       ),
     );
-    // Update a security profile
+    // Update a source profile
     this.typedrouter.addTypedHandler(
-      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_UpdateSecurityProfile>(
-        'updateSecurityProfile',
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_UpdateSourceProfile>(
+        'updateSourceProfile',
         async (dataArg) => {
-          await this.requireAuth(dataArg, 'profiles:write');
+          await this.requireAuth(dataArg, 'source-profiles:write');
           const resolver = this.opsServerRef.dcRouterRef.referenceResolver;
           const manager = this.opsServerRef.dcRouterRef.routeConfigManager;
           if (!resolver || !manager) {
@@ -121,12 +121,12 @@ export class SecurityProfileHandler {
       ),
     );
-    // Delete a security profile
+    // Delete a source profile
     this.typedrouter.addTypedHandler(
-      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_DeleteSecurityProfile>(
-        'deleteSecurityProfile',
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_DeleteSourceProfile>(
+        'deleteSourceProfile',
         async (dataArg) => {
-          await this.requireAuth(dataArg, 'profiles:write');
+          await this.requireAuth(dataArg, 'source-profiles:write');
           const resolver = this.opsServerRef.dcRouterRef.referenceResolver;
           const manager = this.opsServerRef.dcRouterRef.routeConfigManager;
           if (!resolver || !manager) {
@@ -149,12 +149,12 @@ export class SecurityProfileHandler {
       ),
     );
-    // Get routes using a security profile
+    // Get routes using a source profile
     this.typedrouter.addTypedHandler(
-      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetSecurityProfileUsage>(
-        'getSecurityProfileUsage',
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetSourceProfileUsage>(
+        'getSourceProfileUsage',
         async (dataArg) => {
-          await this.requireAuth(dataArg, 'profiles:read');
+          await this.requireAuth(dataArg, 'source-profiles:read');
           const resolver = this.opsServerRef.dcRouterRef.referenceResolver;
           const manager = this.opsServerRef.dcRouterRef.routeConfigManager;
           if (!resolver || !manager) {

package/ts/opsserver/handlers/target-profile.handler.ts ADDED Viewed

@@ -0,0 +1,155 @@
+import * as plugins from '../../plugins.js';
+import type { OpsServer } from '../classes.opsserver.js';
+import * as interfaces from '../../../ts_interfaces/index.js';
+export class TargetProfileHandler {
+  public typedrouter = new plugins.typedrequest.TypedRouter();
+  constructor(private opsServerRef: OpsServer) {
+    this.opsServerRef.typedrouter.addTypedRouter(this.typedrouter);
+    this.registerHandlers();
+  }
+  private async requireAuth(
+    request: { identity?: interfaces.data.IIdentity; apiToken?: string },
+    requiredScope?: interfaces.data.TApiTokenScope,
+  ): Promise<string> {
+    if (request.identity?.jwt) {
+      try {
+        const isAdmin = await this.opsServerRef.adminHandler.adminIdentityGuard.exec({
+          identity: request.identity,
+        });
+        if (isAdmin) return request.identity.userId;
+      } catch { /* fall through */ }
+    }
+    if (request.apiToken) {
+      const tokenManager = this.opsServerRef.dcRouterRef.apiTokenManager;
+      if (tokenManager) {
+        const token = await tokenManager.validateToken(request.apiToken);
+        if (token) {
+          if (!requiredScope || tokenManager.hasScope(token, requiredScope)) {
+            return token.createdBy;
+          }
+          throw new plugins.typedrequest.TypedResponseError('insufficient scope');
+        }
+      }
+    }
+    throw new plugins.typedrequest.TypedResponseError('unauthorized');
+  }
+  private registerHandlers(): void {
+    // Get all target profiles
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetTargetProfiles>(
+        'getTargetProfiles',
+        async (dataArg) => {
+          await this.requireAuth(dataArg, 'target-profiles:read');
+          const manager = this.opsServerRef.dcRouterRef.targetProfileManager;
+          if (!manager) {
+            return { profiles: [] };
+          }
+          return { profiles: manager.listProfiles() };
+        },
+      ),
+    );
+    // Get a single target profile
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetTargetProfile>(
+        'getTargetProfile',
+        async (dataArg) => {
+          await this.requireAuth(dataArg, 'target-profiles:read');
+          const manager = this.opsServerRef.dcRouterRef.targetProfileManager;
+          if (!manager) {
+            return { profile: null };
+          }
+          return { profile: manager.getProfile(dataArg.id) || null };
+        },
+      ),
+    );
+    // Create a target profile
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_CreateTargetProfile>(
+        'createTargetProfile',
+        async (dataArg) => {
+          const userId = await this.requireAuth(dataArg, 'target-profiles:write');
+          const manager = this.opsServerRef.dcRouterRef.targetProfileManager;
+          if (!manager) {
+            return { success: false, message: 'Target profile manager not initialized' };
+          }
+          const id = await manager.createProfile({
+            name: dataArg.name,
+            description: dataArg.description,
+            domains: dataArg.domains,
+            targets: dataArg.targets,
+            routeRefs: dataArg.routeRefs,
+            createdBy: userId,
+          });
+          return { success: true, id };
+        },
+      ),
+    );
+    // Update a target profile
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_UpdateTargetProfile>(
+        'updateTargetProfile',
+        async (dataArg) => {
+          await this.requireAuth(dataArg, 'target-profiles:write');
+          const manager = this.opsServerRef.dcRouterRef.targetProfileManager;
+          if (!manager) {
+            return { success: false, message: 'Not initialized' };
+          }
+          await manager.updateProfile(dataArg.id, {
+            name: dataArg.name,
+            description: dataArg.description,
+            domains: dataArg.domains,
+            targets: dataArg.targets,
+            routeRefs: dataArg.routeRefs,
+          });
+          // Re-apply routes to update VPN access
+          this.opsServerRef.dcRouterRef.routeConfigManager?.applyRoutes();
+          return { success: true };
+        },
+      ),
+    );
+    // Delete a target profile
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_DeleteTargetProfile>(
+        'deleteTargetProfile',
+        async (dataArg) => {
+          await this.requireAuth(dataArg, 'target-profiles:write');
+          const manager = this.opsServerRef.dcRouterRef.targetProfileManager;
+          if (!manager) {
+            return { success: false, message: 'Not initialized' };
+          }
+          const result = await manager.deleteProfile(dataArg.id, dataArg.force);
+          if (result.success) {
+            // Re-apply routes to update VPN access
+            this.opsServerRef.dcRouterRef.routeConfigManager?.applyRoutes();
+          }
+          return result;
+        },
+      ),
+    );
+    // Get VPN clients using a target profile
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetTargetProfileUsage>(
+        'getTargetProfileUsage',
+        async (dataArg) => {
+          await this.requireAuth(dataArg, 'target-profiles:read');
+          const manager = this.opsServerRef.dcRouterRef.targetProfileManager;
+          if (!manager) {
+            return { clients: [] };
+          }
+          return { clients: await manager.getProfileUsage(dataArg.id) };
+        },
+      ),
+    );
+  }
+}

package/ts/opsserver/handlers/vpn.handler.ts CHANGED Viewed

@@ -25,7 +25,7 @@ export class VpnHandler {
           const clients = manager.listClients().map((c) => ({
             clientId: c.clientId,
             enabled: c.enabled,
-            serverDefinedClientTags: c.serverDefinedClientTags,
+            targetProfileIds: c.targetProfileIds,
             description: c.description,
             assignedIp: c.assignedIp,
             createdAt: c.createdAt,
@@ -120,7 +120,7 @@ export class VpnHandler {
           try {
             const bundle = await manager.createClient({
               clientId: dataArg.clientId,
-              serverDefinedClientTags: dataArg.serverDefinedClientTags,
+              targetProfileIds: dataArg.targetProfileIds,
               description: dataArg.description,
               forceDestinationSmartproxy: dataArg.forceDestinationSmartproxy,
               destinationAllowList: dataArg.destinationAllowList,
@@ -142,7 +142,7 @@ export class VpnHandler {
               client: {
                 clientId: bundle.entry.clientId,
                 enabled: bundle.entry.enabled ?? true,
-                serverDefinedClientTags: bundle.entry.serverDefinedClientTags,
+                targetProfileIds: persistedClient?.targetProfileIds,
                 description: bundle.entry.description,
                 assignedIp: bundle.entry.assignedIp,
                 createdAt: Date.now(),
@@ -179,7 +179,7 @@ export class VpnHandler {
           try {
             await manager.updateClient(dataArg.clientId, {
               description: dataArg.description,
-              serverDefinedClientTags: dataArg.serverDefinedClientTags,
+              targetProfileIds: dataArg.targetProfileIds,
               forceDestinationSmartproxy: dataArg.forceDestinationSmartproxy,
               destinationAllowList: dataArg.destinationAllowList,
               destinationBlockList: dataArg.destinationBlockList,

package/ts/vpn/classes.vpn-manager.ts CHANGED Viewed

@@ -14,7 +14,7 @@ export interface IVpnManagerConfig {
   /** Pre-defined VPN clients created on startup (idempotent — skips already-persisted clients) */
   initialClients?: Array<{
     clientId: string;
-    serverDefinedClientTags?: string[];
+    targetProfileIds?: string[];
     description?: string;
   }>;
   /** Called when clients are created/deleted/toggled — triggers route re-application */
@@ -26,10 +26,10 @@ export interface IVpnManagerConfig {
     allowList?: string[];
     blockList?: string[];
   };
-  /** Compute per-client AllowedIPs based on the client's server-defined tags.
+  /** Compute per-client AllowedIPs based on the client's target profile IDs.
    *  Called at config generation time (create/export). Returns CIDRs for WireGuard AllowedIPs.
    *  When not set, defaults to [subnet]. */
-  getClientAllowedIPs?: (clientTags: string[]) => Promise<string[]>;
+  getClientAllowedIPs?: (targetProfileIds: string[]) => Promise<string[]>;
   /** Forwarding mode: 'socket' (default, userspace NAT), 'bridge' (L2 bridge to host LAN),
    *  or 'hybrid' (socket default, bridge for clients with useHostIp=true) */
   forwardingMode?: 'socket' | 'bridge' | 'hybrid';
@@ -90,7 +90,6 @@ export class VpnManager {
         publicKey: client.noisePublicKey,
         wgPublicKey: client.wgPublicKey,
         enabled: client.enabled,
-        serverDefinedClientTags: client.serverDefinedClientTags,
         description: client.description,
         assignedIp: client.assignedIp,
         expiresAt: client.expiresAt,
@@ -163,7 +162,7 @@ export class VpnManager {
         if (!this.clients.has(initial.clientId)) {
           const bundle = await this.createClient({
             clientId: initial.clientId,
-            serverDefinedClientTags: initial.serverDefinedClientTags,
+            targetProfileIds: initial.targetProfileIds,
             description: initial.description,
           });
           logger.log('info', `VPN: Created initial client '${initial.clientId}' (IP: ${bundle.entry.assignedIp})`);
@@ -197,7 +196,7 @@ export class VpnManager {
    */
   public async createClient(opts: {
     clientId: string;
-    serverDefinedClientTags?: string[];
+    targetProfileIds?: string[];
     description?: string;
     forceDestinationSmartproxy?: boolean;
     destinationAllowList?: string[];
@@ -214,13 +213,12 @@ export class VpnManager {
     const bundle = await this.vpnServer.createClient({
       clientId: opts.clientId,
-      serverDefinedClientTags: opts.serverDefinedClientTags,
       description: opts.description,
     });
-    // Override AllowedIPs with per-client values based on tag-matched routes
+    // Override AllowedIPs with per-client values based on target profiles
     if (this.config.getClientAllowedIPs && bundle.wireguardConfig) {
-      const allowedIPs = await this.config.getClientAllowedIPs(opts.serverDefinedClientTags || []);
+      const allowedIPs = await this.config.getClientAllowedIPs(opts.targetProfileIds || []);
       bundle.wireguardConfig = bundle.wireguardConfig.replace(
         /AllowedIPs\s*=\s*.+/,
         `AllowedIPs = ${allowedIPs.join(', ')}`,
@@ -231,7 +229,7 @@ export class VpnManager {
     const doc = new VpnClientDoc();
     doc.clientId = bundle.entry.clientId;
     doc.enabled = bundle.entry.enabled ?? true;
-    doc.serverDefinedClientTags = bundle.entry.serverDefinedClientTags;
+    doc.targetProfileIds = opts.targetProfileIds;
     doc.description = bundle.entry.description;
     doc.assignedIp = bundle.entry.assignedIp;
     doc.noisePublicKey = bundle.entry.publicKey;
@@ -332,11 +330,11 @@ export class VpnManager {
   }
   /**
-   * Update a client's metadata (description, tags) without rotating keys.
+   * Update a client's metadata (description, target profiles) without rotating keys.
    */
   public async updateClient(clientId: string, update: {
     description?: string;
-    serverDefinedClientTags?: string[];
+    targetProfileIds?: string[];
     forceDestinationSmartproxy?: boolean;
     destinationAllowList?: string[];
     destinationBlockList?: string[];
@@ -349,7 +347,7 @@ export class VpnManager {
     const client = this.clients.get(clientId);
     if (!client) throw new Error(`Client not found: ${clientId}`);
     if (update.description !== undefined) client.description = update.description;
-    if (update.serverDefinedClientTags !== undefined) client.serverDefinedClientTags = update.serverDefinedClientTags;
+    if (update.targetProfileIds !== undefined) client.targetProfileIds = update.targetProfileIds;
     if (update.forceDestinationSmartproxy !== undefined) client.forceDestinationSmartproxy = update.forceDestinationSmartproxy;
     if (update.destinationAllowList !== undefined) client.destinationAllowList = update.destinationAllowList;
     if (update.destinationBlockList !== undefined) client.destinationBlockList = update.destinationBlockList;
@@ -409,10 +407,10 @@ export class VpnManager {
         );
       }
-      // Override AllowedIPs with per-client values based on tag-matched routes
+      // Override AllowedIPs with per-client values based on target profiles
       if (this.config.getClientAllowedIPs) {
-        const clientTags = persisted?.serverDefinedClientTags || [];
-        const allowedIPs = await this.config.getClientAllowedIPs(clientTags);
+        const profileIds = persisted?.targetProfileIds || [];
+        const allowedIPs = await this.config.getClientAllowedIPs(profileIds);
         config = config.replace(
           /AllowedIPs\s*=\s*.+/,
           `AllowedIPs = ${allowedIPs.join(', ')}`,
@@ -423,22 +421,6 @@ export class VpnManager {
     return config;
   }
-  // ── Tag-based access control ───────────────────────────────────────────
-  /**
-   * Get assigned IPs for all enabled clients matching any of the given server-defined tags.
-   */
-  public getClientIpsForServerDefinedTags(tags: string[]): string[] {
-    const ips: string[] = [];
-    for (const client of this.clients.values()) {
-      if (!client.enabled || !client.assignedIp) continue;
-      if (client.serverDefinedClientTags?.some(t => tags.includes(t))) {
-        ips.push(client.assignedIp);
-      }
-    }
-    return ips;
-  }
   // ── Status and telemetry ───────────────────────────────────────────────
   /**
@@ -548,12 +530,6 @@ export class VpnManager {
   private async loadPersistedClients(): Promise<void> {
     const docs = await VpnClientDoc.findAll();
     for (const doc of docs) {
-      // Migrate legacy `tags` → `serverDefinedClientTags`
-      if (!doc.serverDefinedClientTags && (doc as any).tags) {
-        doc.serverDefinedClientTags = (doc as any).tags;
-        (doc as any).tags = undefined;
-        await doc.save();
-      }
       this.clients.set(doc.clientId, doc);
     }
     if (this.clients.size > 0) {

package/ts_web/00_commitinfo_data.ts CHANGED Viewed

@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@serve.zone/dcrouter',
-  version: '12.10.0',
+  version: '13.0.1',
   description: 'A multifaceted routing service handling mail and SMS delivery functions.'
 }