@serve.zone/dcrouter 13.41.2 → 13.42.1

package/ts_web/elements/network/ops-view-routes.ts

@@ -24,11 +24,176 @@ const tlsCertOptions = [
   { key: 'auto', option: 'Auto (ACME/Let\'s Encrypt)' },
   { key: 'custom', option: 'Custom certificate' },
 ];
+const sourcePolicyPresetOptions = [
+  { key: 'manual', option: 'Manual source policy' },
+  { key: 'gitea', option: 'Gitea bot protection' },
+];
+const giteaSourcePolicyProfileNames = ['TRUSTED NETWORKS', 'AI CRAWLERS', 'PUBLIC'] as const;
+
+function rateLimit(maxRequests: number): interfaces.data.IRouteSecurity['rateLimit'] {
+  return { enabled: true, maxRequests, window: 60, keyBy: 'ip' };
+}
 
 function getDropdownKey(value: any): string {
   return typeof value === 'string' ? value : value?.key || '';
 }
 
+function getSourcePolicyRefsFromFormData(formData: Record<string, any>): string[] {
+  const refs: string[] = [];
+  for (let index = 0; index < 4; index++) {
+    const ref = getDropdownKey(formData[`sourcePolicyProfileRef${index}`]);
+    if (ref && !refs.includes(ref)) {
+      refs.push(ref);
+    }
+  }
+  return refs;
+}
+
+function buildSourcePolicyMetadata(
+  profileRefs: string[],
+  existingSourcePolicy?: interfaces.data.IRouteSourcePolicy,
+): interfaces.data.IRouteSourcePolicy {
+  return {
+    bindings: profileRefs.map((sourceProfileRef) => {
+      const existingBinding = existingSourcePolicy?.bindings.find((binding) => binding.sourceProfileRef === sourceProfileRef);
+      return existingBinding
+        ? {
+            ...existingBinding,
+            sourceProfileRef,
+            onExceeded: existingBinding.onExceeded || { type: '429' as const },
+          }
+        : {
+            sourceProfileRef,
+            onExceeded: { type: '429' as const },
+          };
+    }),
+  };
+}
+
+function getGiteaPresetProfileRefs(profiles: interfaces.data.ISourceProfile[]): {
+  refs: string[];
+  missingNames: string[];
+} {
+  const refs: string[] = [];
+  const missingNames: string[] = [];
+  for (const profileName of giteaSourcePolicyProfileNames) {
+    const profile = profiles.find((item) => item.name.trim().toUpperCase() === profileName);
+    if (profile) {
+      refs.push(profile.id);
+    } else {
+      missingNames.push(profileName);
+    }
+  }
+  return { refs, missingNames };
+}
+
+function buildGiteaSourcePolicyMetadata(profileRefs: string[]): interfaces.data.IRouteSourcePolicy {
+  const [trustedRef, aiRef, publicRef] = profileRefs;
+  return {
+    bindings: [
+      {
+        sourceProfileRef: trustedRef,
+        onExceeded: { type: '429' as const },
+      },
+      {
+        sourceProfileRef: aiRef,
+        onExceeded: { type: '429' as const },
+        pathPolicies: [
+          { pathClass: 'git-smart-http', rateLimit: rateLimit(1200) },
+          { pathClass: 'static', rateLimit: rateLimit(240) },
+          { pathClass: 'raw', rateLimit: rateLimit(20) },
+          { pathClass: 'archive', rateLimit: rateLimit(6) },
+          { pathClass: 'expensive-html', rateLimit: rateLimit(6) },
+          { pathClass: 'normal-html', rateLimit: rateLimit(20) },
+        ],
+      },
+      {
+        sourceProfileRef: publicRef,
+        onExceeded: { type: '429' as const },
+        pathPolicies: [
+          { pathClass: 'git-smart-http', rateLimit: rateLimit(1200) },
+          { pathClass: 'static', rateLimit: rateLimit(600) },
+          { pathClass: 'raw', rateLimit: rateLimit(120) },
+          { pathClass: 'archive', rateLimit: rateLimit(30) },
+          { pathClass: 'expensive-html', rateLimit: rateLimit(30) },
+          { pathClass: 'normal-html', rateLimit: rateLimit(120) },
+        ],
+      },
+    ],
+  };
+}
+
+function getGiteaPresetSourcePolicy(profiles: interfaces.data.ISourceProfile[]): interfaces.data.IRouteSourcePolicy | null {
+  const { refs, missingNames } = getGiteaPresetProfileRefs(profiles);
+  if (missingNames.length > 0) {
+    alert(`Gitea source-policy preset needs these seeded profiles: ${missingNames.join(', ')}`);
+    return null;
+  }
+  if (!validateSourcePolicySelection(refs, profiles)) {
+    return null;
+  }
+  return buildGiteaSourcePolicyMetadata(refs);
+}
+
+function metadataUsesPathPolicies(metadata?: interfaces.data.IRouteMetadata): boolean {
+  return Boolean(metadata?.sourcePolicy?.bindings.some((binding) => binding.pathPolicies?.length));
+}
+
+function sourceProfileMatchesAll(profile: interfaces.data.ISourceProfile): boolean {
+  return (profile.security?.ipAllowList || []).some((entry) => {
+    const source = typeof entry === 'string' ? entry : entry.ip;
+    return ['*', '0.0.0.0/0', '::/0'].includes(source.trim());
+  });
+}
+
+function sourceProfileHasSourceMatches(profile: interfaces.data.ISourceProfile): boolean {
+  return (profile.security?.ipAllowList || []).some((entry) => {
+    const source = typeof entry === 'string' ? entry : entry.ip;
+    return source.trim().length > 0;
+  });
+}
+
+function validateSourcePolicySelection(
+  profileRefs: string[],
+  profiles: interfaces.data.ISourceProfile[],
+): boolean {
+  if (profileRefs.length === 0) {
+    return true;
+  }
+
+  const selectedProfiles = profileRefs
+    .map((profileRef) => profiles.find((profile) => profile.id === profileRef))
+    .filter(Boolean) as interfaces.data.ISourceProfile[];
+
+  if (selectedProfiles.length !== profileRefs.length) {
+    alert('One or more selected source profiles could not be found. Refresh profiles and try again.');
+    return false;
+  }
+
+  const profilesWithoutMatches = selectedProfiles.filter((profile) => !sourceProfileHasSourceMatches(profile));
+  if (profilesWithoutMatches.length > 0) {
+    alert(`Source profiles need IP/CIDR match entries before use: ${profilesWithoutMatches.map((profile) => profile.name).join(', ')}`);
+    return false;
+  }
+
+  const fallbackProfile = selectedProfiles[selectedProfiles.length - 1];
+  if (!sourceProfileMatchesAll(fallbackProfile)) {
+    alert('Source policy needs an explicit public/wildcard fallback profile as the last binding. Add a profile with IP Allow List "*".');
+    return false;
+  }
+
+  if (selectedProfiles.slice(0, -1).some((profile) => sourceProfileMatchesAll(profile))) {
+    alert('Wildcard source profiles must be last. Earlier wildcard profiles would shadow all following profiles.');
+    return false;
+  }
+
+  if (fallbackProfile.security?.rateLimit?.enabled !== true) {
+    return confirm(`The fallback profile "${fallbackProfile.name}" has no enabled rate limit. Save anyway?`);
+  }
+
+  return true;
+}
+
 function parseTargetPort(value: any): number | undefined {
   const parsed = typeof value === 'number'
     ? value
@@ -355,6 +520,7 @@ export class OpsViewRoutes extends DeesElement {
 
     const meta = merged.metadata;
     const isSystemManaged = this.isSystemManagedRoute(merged);
+    const sourcePolicySummary = this.describeSourcePolicy(meta);
     await DeesModal.createAndShow({
       heading: `Route: ${merged.route.name}`,
       content: html`
@@ -364,7 +530,7 @@ export class OpsViewRoutes extends DeesElement {
           ${merged.route.vpnOnly ? html`<p>Access: <strong style="color: #22c55e;">VPN only</strong></p>` : ''}
           <p>ID: <code style="color: #888;">${merged.id}</code></p>
           ${isSystemManaged ? html`<p>This route is system-managed. Change its source config to modify it directly.</p>` : ''}
-          ${meta?.sourceProfileName ? html`<p>Source Profile: <strong style="color: #a78bfa;">${meta.sourceProfileName}</strong></p>` : ''}
+          ${sourcePolicySummary ? html`<p>Source Policy: <strong style="color: #a78bfa;">${sourcePolicySummary}</strong></p>` : ''}
           ${meta?.networkTargetName ? html`<p>Network Target: <strong style="color: #a78bfa;">${meta.networkTargetName}</strong></p>` : ''}
         </div>
       `,
@@ -496,6 +662,8 @@ export class OpsViewRoutes extends DeesElement {
     const currentVpnOnly = route.vpnOnly === true;
     const currentRemoteIngressEnabled = route.remoteIngress?.enabled === true;
     const currentEdgeFilter = route.remoteIngress?.edgeFilter || [];
+    const currentSourcePolicyRefs = this.getSourcePolicyRefs(merged.metadata);
+    const currentSourcePolicyPreset = metadataUsesPathPolicies(merged.metadata) ? 'gitea' : 'manual';
 
     // Compute current TLS state for pre-population
     const currentTls = (route.action as any).tls;
@@ -516,7 +684,25 @@ export class OpsViewRoutes extends DeesElement {
           <dees-input-text .key=${'ports'} .label=${'Ports'} .description=${'Comma-separated, e.g. 80, 443'} .value=${currentPorts} .required=${true}></dees-input-text>
           <dees-input-list .key=${'domains'} .label=${'Domains'} .placeholder=${'Add domain...'} .value=${currentDomains}></dees-input-list>
           <dees-input-text .key=${'priority'} .label=${'Priority'} .description=${'Higher values are matched first'} .value=${route.priority != null ? String(route.priority) : ''}></dees-input-text>
-          <dees-input-dropdown .key=${'sourceProfileRef'} .label=${'Source Profile'} .options=${profileOptions} .selectedOption=${profileOptions.find((o) => o.key === (merged.metadata?.sourceProfileRef || '')) || null}></dees-input-dropdown>
+          <div class="sourcePolicyGroup" style="display: flex; flex-direction: column; gap: 12px; padding: 12px; border: 1px solid rgba(255,255,255,0.12); border-radius: 8px;">
+            <strong>Source Policy</strong>
+            <small>First matching profile wins. Exceeded limits return 429 and do not fall through.</small>
+            <dees-input-dropdown
+              .key=${'sourcePolicyPreset'}
+              .label=${'Source Policy Preset'}
+              .options=${sourcePolicyPresetOptions}
+              .selectedOption=${sourcePolicyPresetOptions.find((o) => o.key === currentSourcePolicyPreset) || sourcePolicyPresetOptions[0]}
+            ></dees-input-dropdown>
+            <small>Gitea preset uses TRUSTED NETWORKS -> AI CRAWLERS -> PUBLIC and applies path-class limits.</small>
+            ${[0, 1, 2, 3].map((index) => html`
+              <dees-input-dropdown
+                .key=${`sourcePolicyProfileRef${index}`}
+                .label=${`Source Profile ${index + 1}`}
+                .options=${profileOptions}
+                .selectedOption=${profileOptions.find((o) => o.key === (currentSourcePolicyRefs[index] || '')) || profileOptions[0]}
+              ></dees-input-dropdown>
+            `)}
+          </div>
           <dees-input-dropdown .key=${'networkTargetRef'} .label=${'Network Target'} .options=${targetOptions} .selectedOption=${targetOptions.find((o) => o.key === (merged.metadata?.networkTargetRef || '')) || null}></dees-input-dropdown>
           <dees-input-text .key=${'targetHost'} .label=${'Target Host'} .description=${'Used when no network target is selected'} .value=${currentTargetHost}></dees-input-text>
           <dees-input-text .key=${'targetPort'} .label=${'Target Port'} .description=${'Used when no network target is selected'} .value=${currentTargetPort}></dees-input-text>
@@ -557,7 +743,11 @@ export class OpsViewRoutes extends DeesElement {
               : [];
             const priority = formData.priority ? parseInt(formData.priority, 10) : undefined;
 
-            const profileKey = getDropdownKey(formData.sourceProfileRef);
+            const sourcePolicyPreset = getDropdownKey(formData.sourcePolicyPreset) || 'manual';
+            const sourcePolicyRefs = sourcePolicyPreset === 'gitea'
+              ? []
+              : getSourcePolicyRefsFromFormData(formData);
+            if (sourcePolicyPreset !== 'gitea' && !validateSourcePolicySelection(sourcePolicyRefs, profiles)) return;
             const targetKey = getDropdownKey(formData.networkTargetRef);
             const preserveMatchPort = !targetKey && Boolean(formData.preserveMatchPort);
             const targetPort = preserveMatchPort
@@ -621,9 +811,18 @@ export class OpsViewRoutes extends DeesElement {
             }
 
             const metadata: any = {};
-            if (profileKey) {
-              metadata.sourceProfileRef = profileKey;
-            } else if (merged.metadata?.sourceProfileRef) {
+            if (sourcePolicyPreset === 'gitea') {
+              const sourcePolicy = getGiteaPresetSourcePolicy(profiles);
+              if (!sourcePolicy) return;
+              metadata.sourcePolicy = sourcePolicy;
+              metadata.sourceProfileRef = '';
+              metadata.sourceProfileName = '';
+            } else if (sourcePolicyRefs.length > 0) {
+              metadata.sourcePolicy = buildSourcePolicyMetadata(sourcePolicyRefs, merged.metadata?.sourcePolicy);
+              metadata.sourceProfileRef = '';
+              metadata.sourceProfileName = '';
+            } else if (merged.metadata?.sourcePolicy || merged.metadata?.sourceProfileRef) {
+              metadata.sourcePolicy = { bindings: [] };
               metadata.sourceProfileRef = '';
               metadata.sourceProfileName = '';
             }
@@ -685,7 +884,25 @@ export class OpsViewRoutes extends DeesElement {
           <dees-input-text .key=${'ports'} .label=${'Ports'} .description=${'Comma-separated, e.g. 80, 443'} .required=${true}></dees-input-text>
           <dees-input-list .key=${'domains'} .label=${'Domains'} .placeholder=${'Add domain...'}></dees-input-list>
           <dees-input-text .key=${'priority'} .label=${'Priority'} .description=${'Higher values are matched first'}></dees-input-text>
-          <dees-input-dropdown .key=${'sourceProfileRef'} .label=${'Source Profile'} .options=${profileOptions}></dees-input-dropdown>
+          <div class="sourcePolicyGroup" style="display: flex; flex-direction: column; gap: 12px; padding: 12px; border: 1px solid rgba(255,255,255,0.12); border-radius: 8px;">
+            <strong>Source Policy</strong>
+            <small>First matching profile wins. Exceeded limits return 429 and do not fall through.</small>
+            <dees-input-dropdown
+              .key=${'sourcePolicyPreset'}
+              .label=${'Source Policy Preset'}
+              .options=${sourcePolicyPresetOptions}
+              .selectedOption=${sourcePolicyPresetOptions[0]}
+            ></dees-input-dropdown>
+            <small>Gitea preset uses TRUSTED NETWORKS -> AI CRAWLERS -> PUBLIC and applies path-class limits.</small>
+            ${[0, 1, 2, 3].map((index) => html`
+              <dees-input-dropdown
+                .key=${`sourcePolicyProfileRef${index}`}
+                .label=${`Source Profile ${index + 1}`}
+                .options=${profileOptions}
+                .selectedOption=${profileOptions[0]}
+              ></dees-input-dropdown>
+            `)}
+          </div>
           <dees-input-dropdown .key=${'networkTargetRef'} .label=${'Network Target'} .options=${targetOptions}></dees-input-dropdown>
           <dees-input-text .key=${'targetHost'} .label=${'Target Host'} .description=${'Used when no network target is selected'} .value=${'localhost'}></dees-input-text>
           <dees-input-text .key=${'targetPort'} .label=${'Target Port'} .description=${'Used when no network target is selected'}></dees-input-text>
@@ -726,7 +943,11 @@ export class OpsViewRoutes extends DeesElement {
               : [];
             const priority = formData.priority ? parseInt(formData.priority, 10) : undefined;
 
-            const profileKey = getDropdownKey(formData.sourceProfileRef);
+            const sourcePolicyPreset = getDropdownKey(formData.sourcePolicyPreset) || 'manual';
+            const sourcePolicyRefs = sourcePolicyPreset === 'gitea'
+              ? []
+              : getSourcePolicyRefsFromFormData(formData);
+            if (sourcePolicyPreset !== 'gitea' && !validateSourcePolicySelection(sourcePolicyRefs, profiles)) return;
             const targetKey = getDropdownKey(formData.networkTargetRef);
             const preserveMatchPort = !targetKey && Boolean(formData.preserveMatchPort);
             const targetPort = preserveMatchPort
@@ -791,8 +1012,12 @@ export class OpsViewRoutes extends DeesElement {
 
             // Build metadata if profile/target selected
             const metadata: any = {};
-            if (profileKey) {
-              metadata.sourceProfileRef = profileKey;
+            if (sourcePolicyPreset === 'gitea') {
+              const sourcePolicy = getGiteaPresetSourcePolicy(profiles);
+              if (!sourcePolicy) return;
+              metadata.sourcePolicy = sourcePolicy;
+            } else if (sourcePolicyRefs.length > 0) {
+              metadata.sourcePolicy = buildSourcePolicyMetadata(sourcePolicyRefs);
             }
             if (targetKey) {
               metadata.networkTargetRef = targetKey;
@@ -823,6 +1048,28 @@ export class OpsViewRoutes extends DeesElement {
     appstate.routeManagementStatePart.dispatchAction(appstate.fetchMergedRoutesAction, null);
   }
 
+  private getSourcePolicyRefs(metadata?: interfaces.data.IRouteMetadata): string[] {
+    const policyRefs = metadata?.sourcePolicy?.bindings
+      ?.map((binding) => binding.sourceProfileRef)
+      .filter(Boolean) || [];
+    if (policyRefs.length > 0) {
+      return policyRefs;
+    }
+    return metadata?.sourceProfileRef ? [metadata.sourceProfileRef] : [];
+  }
+
+  private describeSourcePolicy(metadata?: interfaces.data.IRouteMetadata): string {
+    const refs = this.getSourcePolicyRefs(metadata);
+    if (refs.length === 0) {
+      return '';
+    }
+    return refs.map((ref) => {
+      const binding = metadata?.sourcePolicy?.bindings?.find((item) => item.sourceProfileRef === ref);
+      const profile = this.profilesTargetsState.profiles.find((item) => item.id === ref);
+      return binding?.sourceProfileName || profile?.name || ref.slice(0, 8);
+    }).join(' → ');
+  }
+
   private findMergedRoute(clickedRoute: { id?: string; name?: string }): interfaces.data.IMergedRoute | undefined {
     if (clickedRoute.id) {
       const routeById = this.routeState.mergedRoutes.find((mr) => mr.id === clickedRoute.id);

package/ts_web/elements/network/ops-view-sourceprofiles.ts

@@ -12,6 +12,33 @@ import * as interfaces from '../../../dist_ts_interfaces/index.js';
 import { viewHostCss } from '../shared/css.js';
 import { type IStatsTile } from '@design.estate/dees-catalog';
 
+function parseOptionalPositiveInteger(value: unknown): number | undefined {
+  const parsed = typeof value === 'number'
+    ? value
+    : typeof value === 'string'
+      ? parseInt(value.trim(), 10)
+      : Number.NaN;
+  return Number.isInteger(parsed) && parsed > 0 ? parsed : undefined;
+}
+
+function buildRateLimitFromFormData(data: Record<string, any>) {
+  if (!Boolean(data.rateLimitEnabled)) {
+    return undefined;
+  }
+  const maxRequests = parseOptionalPositiveInteger(data.rateLimitMaxRequests);
+  const window = parseOptionalPositiveInteger(data.rateLimitWindow);
+  if (!maxRequests || !window) {
+    alert('Rate limit requires positive Max Requests and Window values.');
+    return null;
+  }
+  return {
+    enabled: true,
+    maxRequests,
+    window,
+    keyBy: 'ip' as const,
+  };
+}
+
 declare global {
   interface HTMLElementTagNameMap {
     'ops-view-sourceprofiles': OpsViewSourceProfiles;
@@ -138,6 +165,9 @@ export class OpsViewSourceProfiles extends DeesElement {
           <dees-input-list .key=${'ipAllowList'} .label=${'IP Allow List'} .placeholder=${'Add IP or CIDR...'}></dees-input-list>
           <dees-input-list .key=${'ipBlockList'} .label=${'IP Block List'} .placeholder=${'Add IP or CIDR...'}></dees-input-list>
           <dees-input-text .key=${'maxConnections'} .label=${'Max Connections'}></dees-input-text>
+          <dees-input-checkbox .key=${'rateLimitEnabled'} .label=${'Enable Rate Limit'} .description=${'Per source IP. Exceeded requests receive 429.'} .value=${false}></dees-input-checkbox>
+          <dees-input-text .key=${'rateLimitMaxRequests'} .label=${'Max Requests'} .description=${'Requests per source IP'}></dees-input-text>
+          <dees-input-text .key=${'rateLimitWindow'} .label=${'Window Seconds'}></dees-input-text>
         </dees-form>
       `,
       menuOptions: [
@@ -150,8 +180,9 @@ export class OpsViewSourceProfiles extends DeesElement {
             const data = await form.collectFormData();
             const ipAllowList: string[] = Array.isArray(data.ipAllowList) ? data.ipAllowList : [];
             const ipBlockList: string[] = Array.isArray(data.ipBlockList) ? data.ipBlockList : [];
-            const parsed = data.maxConnections ? parseInt(String(data.maxConnections), 10) : NaN;
-            const maxConnections = Number.isNaN(parsed) ? undefined : parsed;
+            const maxConnections = parseOptionalPositiveInteger(data.maxConnections);
+            const rateLimit = buildRateLimitFromFormData(data);
+            if (rateLimit === null) return;
 
             await appstate.profilesTargetsStatePart.dispatchAction(appstate.createProfileAction, {
               name: String(data.name),
@@ -160,6 +191,7 @@ export class OpsViewSourceProfiles extends DeesElement {
                 ...(ipAllowList.length > 0 ? { ipAllowList } : {}),
                 ...(ipBlockList.length > 0 ? { ipBlockList } : {}),
                 ...(maxConnections ? { maxConnections } : {}),
+                ...(rateLimit ? { rateLimit } : {}),
               },
             });
             modalArg.destroy();
@@ -180,6 +212,9 @@ export class OpsViewSourceProfiles extends DeesElement {
           <dees-input-list .key=${'ipAllowList'} .label=${'IP Allow List'} .placeholder=${'Add IP or CIDR...'} .value=${profile.security?.ipAllowList || []}></dees-input-list>
           <dees-input-list .key=${'ipBlockList'} .label=${'IP Block List'} .placeholder=${'Add IP or CIDR...'} .value=${profile.security?.ipBlockList || []}></dees-input-list>
           <dees-input-text .key=${'maxConnections'} .label=${'Max Connections'} .value=${String(profile.security?.maxConnections || '')}></dees-input-text>
+          <dees-input-checkbox .key=${'rateLimitEnabled'} .label=${'Enable Rate Limit'} .description=${'Per source IP. Exceeded requests receive 429.'} .value=${profile.security?.rateLimit?.enabled === true}></dees-input-checkbox>
+          <dees-input-text .key=${'rateLimitMaxRequests'} .label=${'Max Requests'} .description=${'Requests per source IP'} .value=${String(profile.security?.rateLimit?.maxRequests || '')}></dees-input-text>
+          <dees-input-text .key=${'rateLimitWindow'} .label=${'Window Seconds'} .value=${String(profile.security?.rateLimit?.window || '')}></dees-input-text>
         </dees-form>
       `,
       menuOptions: [
@@ -192,8 +227,9 @@ export class OpsViewSourceProfiles extends DeesElement {
             const data = await form.collectFormData();
             const ipAllowList: string[] = Array.isArray(data.ipAllowList) ? data.ipAllowList : [];
             const ipBlockList: string[] = Array.isArray(data.ipBlockList) ? data.ipBlockList : [];
-            const parsed = data.maxConnections ? parseInt(String(data.maxConnections), 10) : NaN;
-            const maxConnections = Number.isNaN(parsed) ? undefined : parsed;
+            const maxConnections = parseOptionalPositiveInteger(data.maxConnections);
+            const rateLimit = buildRateLimitFromFormData(data);
+            if (rateLimit === null) return;
 
             await appstate.profilesTargetsStatePart.dispatchAction(appstate.updateProfileAction, {
               id: profile.id,
@@ -203,6 +239,7 @@ export class OpsViewSourceProfiles extends DeesElement {
                 ipAllowList,
                 ipBlockList,
                 ...(maxConnections ? { maxConnections } : {}),
+                ...(rateLimit ? { rateLimit } : {}),
               },
             });
             modalArg.destroy();