[PR #1248] [CLOSED] Enhancement #906/Add Shared IP Rule Sets, Auto CIDR Handling, and Preserve Match Type #1006

New Issue

Closed

opened 2025-11-13 12:15:58 -06:00 by GiteaMirror · 0 comments

GiteaMirror commented 2025-11-13 12:15:58 -06:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/fosrl/pangolin/pull/1248
Author: @Pallavikumarimdb
Created: 8/10/2025
Status: ❌ Closed

Base: dev ← Head: enhancement-#906/IP-Rules-Global-Sets-Usability

---

📝 Commits (8)

• 58fa9ff Shared IP Rule Sets, IP Range and Add rule changes match type
• fe4281e Shared IP Rule Sets, IP Range and Add rule changes match type
• 17c1540 update pg schema
• 60db9a7 pg schema fix
• c12c42d Add IP Set logic into reusable components
• 6194ccf fix lint
• 211a9b5 add db migration files
• 821392b Refactor IPSet flow and fix continuous re-render issue

📊 Changes

29 files changed (+2052 additions, -166 deletions)

View changed files

📝 messages/en-US.json (+54 -1)
📝 server/auth/actions.ts (+5 -1)
📝 server/db/pg/schema.ts (+25 -5)
📝 server/db/sqlite/schema.ts (+17 -3)
📝 server/lib/validators.ts (+29 -4)
📝 server/middlewares/index.ts (+1 -0)
➕ server/middlewares/verifyIpSetsAccess.ts (+64 -0)
📝 server/openApi.ts (+1 -0)
📝 server/routers/external.ts (+37 -1)
➕ server/routers/ipSets/createIPSet.ts (+128 -0)
➕ server/routers/ipSets/deleteIPSet.ts (+103 -0)
➕ server/routers/ipSets/index.ts (+4 -0)
➕ server/routers/ipSets/listIPSets.ts (+133 -0)
➕ server/routers/ipSets/updateIPSet.ts (+173 -0)
📝 server/routers/resource/createResourceRule.ts (+82 -13)
📝 server/routers/resource/listResourceRules.ts (+8 -5)
📝 server/routers/resource/updateResourceRule.ts (+78 -21)
📝 server/setup/migrationsPg.ts (+3 -1)
📝 server/setup/migrationsSqlite.ts (+2 -0)
➕ server/setup/scriptsPg/1.10.0.ts (+48 -0)

...and 9 more files

📄 Description

Community Contribution License Agreement

By creating this pull request, I grant the project maintainers an unlimited,
perpetual license to use, modify, and redistribute these contributions under any terms they
choose, including both the AGPLv3 and the Fossorial Commercial license terms. I
represent that I have the right to grant this license for all contributed content.

Description

1. IP Rules: Global Sets + Usability (Fixes #906 )

1.1 Shared IP Rule Sets (Global Lists)

• Allows users to create reusable IP allow/deny lists (IP_SET) that can be applied to multiple resources.
• Backend stores only the ipSetId; actual matching is resolved via the IP set contents.
• UI shows IPs from the selected set for clarity, but backend still uses ipSetId for matching.

1.2 Automatic CIDR for Single IPs

• No need to choose between "IP" and "CIDR" manually.
• Single IPs (v4/v6) are auto-normalized to /32 or /128.
• CIDRs are accepted as-is.

1.3 Preserve Match Type when Adding Rules

• When clicking “Add rule”, the current match type remains unchanged.
• Prevents accidental resets when entering multiple rules.

This is a sub-issue of #906

How to test?

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/fosrl/pangolin/pull/1248 **Author:** [@Pallavikumarimdb](https://github.com/Pallavikumarimdb) **Created:** 8/10/2025 **Status:** ❌ Closed **Base:** `dev` ← **Head:** `enhancement-#906/IP-Rules-Global-Sets-Usability` --- ### 📝 Commits (8) - [`58fa9ff`](https://github.com/fosrl/pangolin/commit/58fa9ff88d483a1e1644bc19832872cc6f69aa80) Shared IP Rule Sets, IP Range and Add rule changes match type - [`fe4281e`](https://github.com/fosrl/pangolin/commit/fe4281e6cdef175859677f6e916b1ce8ed4cb826) Shared IP Rule Sets, IP Range and Add rule changes match type - [`17c1540`](https://github.com/fosrl/pangolin/commit/17c154073c389b5e1b735d0dbcbac2bd908d0f59) update pg schema - [`60db9a7`](https://github.com/fosrl/pangolin/commit/60db9a7ab40dd8a2b65077ce552434abf7185bbe) pg schema fix - [`c12c42d`](https://github.com/fosrl/pangolin/commit/c12c42d70d2323ab53da8f389367688f9c5fe983) Add IP Set logic into reusable components - [`6194ccf`](https://github.com/fosrl/pangolin/commit/6194ccfef94e9064dcdd27dbb1e11ca55563f5be) fix lint - [`211a9b5`](https://github.com/fosrl/pangolin/commit/211a9b58ecc65f3c3c03ffa50c1a478a9dc5f1de) add db migration files - [`821392b`](https://github.com/fosrl/pangolin/commit/821392bf6cb64d5ee33b31c83225349f04be3567) Refactor IPSet flow and fix continuous re-render issue ### 📊 Changes **29 files changed** (+2052 additions, -166 deletions) <details> <summary>View changed files</summary> 📝 `messages/en-US.json` (+54 -1) 📝 `server/auth/actions.ts` (+5 -1) 📝 `server/db/pg/schema.ts` (+25 -5) 📝 `server/db/sqlite/schema.ts` (+17 -3) 📝 `server/lib/validators.ts` (+29 -4) 📝 `server/middlewares/index.ts` (+1 -0) ➕ `server/middlewares/verifyIpSetsAccess.ts` (+64 -0) 📝 `server/openApi.ts` (+1 -0) 📝 `server/routers/external.ts` (+37 -1) ➕ `server/routers/ipSets/createIPSet.ts` (+128 -0) ➕ `server/routers/ipSets/deleteIPSet.ts` (+103 -0) ➕ `server/routers/ipSets/index.ts` (+4 -0) ➕ `server/routers/ipSets/listIPSets.ts` (+133 -0) ➕ `server/routers/ipSets/updateIPSet.ts` (+173 -0) 📝 `server/routers/resource/createResourceRule.ts` (+82 -13) 📝 `server/routers/resource/listResourceRules.ts` (+8 -5) 📝 `server/routers/resource/updateResourceRule.ts` (+78 -21) 📝 `server/setup/migrationsPg.ts` (+3 -1) 📝 `server/setup/migrationsSqlite.ts` (+2 -0) ➕ `server/setup/scriptsPg/1.10.0.ts` (+48 -0) _...and 9 more files_ </details> ### 📄 Description ## Community Contribution License Agreement By creating this pull request, I grant the project maintainers an unlimited, perpetual license to use, modify, and redistribute these contributions under any terms they choose, including both the AGPLv3 and the Fossorial Commercial license terms. I represent that I have the right to grant this license for all contributed content. ## Description ## 1. IP Rules: Global Sets + Usability (Fixes #906 ) 1.1 **Shared IP Rule Sets (Global Lists)** * Allows users to create reusable IP allow/deny lists (`IP_SET`) that can be applied to multiple resources. * Backend stores only the `ipSetId`; actual matching is resolved via the IP set contents. * UI shows IPs from the selected set for clarity, but backend still uses `ipSetId` for matching. 1.2 **Automatic CIDR for Single IPs** * No need to choose between `"IP"` and `"CIDR"` manually. * Single IPs (v4/v6) are auto-normalized to `/32` or `/128`. * CIDRs are accepted as-is. 1.3 **Preserve Match Type when Adding Rules** * When clicking “Add rule”, the current match type remains unchanged. * Prevents accidental resets when entering multiple rules. <img width="1523" height="638" alt="image" src="https://github.com/user-attachments/assets/63f73cf8-0ec3-44ca-8d7a-84dc166fc10f" /> <img width="1526" height="633" alt="image" src="https://github.com/user-attachments/assets/5511b057-2138-4b5e-bdad-fe0926a0a00b" /> <img width="757" height="700" alt="image" src="https://github.com/user-attachments/assets/05307a2d-7b1a-4d9f-8b16-49f9b934496a" /> <img width="1506" height="607" alt="image" src="https://github.com/user-attachments/assets/50f953d2-9876-469e-a140-3eba0414a452" /> This is a sub-issue of #906 ## How to test? --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

GiteaMirror added the pull-request label 2025-11-13 12:15:58 -06:00

GiteaMirror closed this issue 2025-11-13 12:15:58 -06:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

jit

dev

dependabot/npm_and_yarn/prod-minor-updates-47a8475ba0

dependabot/npm_and_yarn/dev-patch-updates-c4a0f28f13

dependabot/go_modules/install/minor-updates-a98db8910e

crowdin_dev

delete-domains

dependabot/npm_and_yarn/eslint-10.0.3

dependabot/npm_and_yarn/next-16.1.6

dependabot/npm_and_yarn/recharts-3.7.0

dependabot/go_modules/install/github.com/charmbracelet/huh-1.0.0

dependabot/github_actions/docker/login-action-4.0.0

dependabot/github_actions/actions/setup-node-6.3.0

msg-opt

dependabot/docker/docker/library/node-25-slim

dependabot/github_actions/actions/upload-artifact-7.0.0

dependabot/github_actions/actions/setup-go-6.3.0

cache

multi-role

logs-database

ssh

cloud-multi-org

delete-account

new-pricing

msg-delivery

org-only-idp

cicd

clients-user

1.12.3

policies

patch

site-targets-auto-login

1.16.2-s.7

1.16.2-s.6

1.16.2-s.5

1.16.2-s.4

1.16.2-s.3

1.16.2-s.2

1.16.2-s.1

1.16.2

1.16.2-s.0

1.16.1-s.1

1.16.1

1.16.1-s.0

1.16.0

1.16.0-s.1

1.16.0-s.0

1.16.0-rc.0

1.15.4-s.10

1.15.4-s.9

1.15.4-s.8

1.15.4-s.7

1.15.4-s.6

1.15.4-s.5

1.15.4-s.4

1.15.4-s.3

1.15.4-s.2

1.15.4-s.1

1.15.4

1.15.4-s.0

1.15.3

1.15.3-s.1

1.15.3-s.0

1.15.2

1.15.1-s.1

1.15.1-s.0

1.15.1

1.15.0-s.5

1.15.0

1.15.0-s.4

1.15.0-s.3

1.15.0-s.2

1.15.0-s.1

1.15.0-s.0

1.15.0-rc.0

1.14.1-s.3

1.14.1-s.2

1.14.1-s.1

1.14.1-s.0

1.14.1

1.14.0-s.2

1.14.0

1.14.0-rc.0

1.13.1

1.13.1-s.0

1.13.0

1.13.0.s.0

1.13.0-rc.0

1.12.2-s.5

1.12.3

1.12.2-s.4

1.12.2-s.3

1.12.2-s.2

1.12.2-s.1

1.12.2

1.12.2-s.0

1.12.1

1.12.0

1.12.0-s.0

1.12.0-rc.0

1.11.1

1.11.1-s.0

1.11.0-s.5

1.11.0

1.11.0-s.4

1.11.0-s.3

1.11.0-s.2

1.11.0-s.1

1.11.0-s.0

1.10.3

1.10.2

1.10.1

1.10.0

1.9.4

1.9.3

1.9.2

1.9.1

1.9.0

1.8.0

1.7.3

1.7.2

1.7.1

1.7.0

1.6.2

1.6.1

1.6.0

1.5.1

1.5.0

1.4.0

1.3.2

1.3.1

1.3.0

1.2.0

1.1.0

1.0.1

1.0.0

1.0.0-beta.15

1.0.0-beta.14

1.0.0-beta.13

1.0.0-beta.12

1.0.0-beta.11

1.0.0-beta.10

1.0.0-beta.9

1.0.0-beta.8

1.0.0-beta.7

1.0.0-beta.6

1.0.0-beta.5

1.0.0-beta.4

1.0.0-beta.3

1.0.0-beta.2

1.0.0-beta.1

Labels

Clear labels

api

authentication

bug

config

dependencies

docker

documentation

enhancement

good first issue

help wanted

Improvement

Look Into

needs investigating

networking

new feature

non-critical bug

potential bug

pull-request

Mirrored from GitHub Pull Request

question

reverse proxy

Security

stale

ui

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/pangolin#1006