mirror of
https://github.com/mauriceboe/TREK.git
synced 2026-06-20 22:01:45 +00:00
Maurice
56655d53b4
* feat(admin): register AirTrail as an integration addon
Off by default; toggle lives in Admin -> Addons with a Plane icon. The
per-user connection (URL + API key) follows in integration settings.
* feat(integrations): add per-user AirTrail connection
Settings -> Integrations gains an AirTrail section: instance URL + Bearer
API key (encrypted at rest via apiKeyCrypto), a self-signed-TLS opt-in and
a test-connection check. Served by a small Nest controller under
/api/integrations/airtrail, gated on the airtrail addon and SSRF-guarded.
The key is per-user, so it only ever returns that user's own flights.
* feat(transport): import flights from AirTrail
Adds an AirTrail Import button next to Manual Transport that lists the
user's AirTrail flights and highlights the ones inside the trip dates.
Selected flights become reservations linked to their AirTrail origin
(external_* columns), deduped against flights already in the trip, then
broadcast to every member. The mapping resolves airports, airport-local
times and flight metadata; the linkage is what the two-way sync rides on.
* feat(transport): badge AirTrail-linked flights as synced
Linked reservations show an 'AirTrail synced' badge, or 'no longer
synced' once the flight is gone from AirTrail.
* feat(transport): keep TREK and AirTrail flights in sync both ways
A scheduled poll reconciles each connected owner's flights: field edits
(detected by snapshot hash, since AirTrail has no updated_at) flow into
the linked reservation and broadcast live; a flight deleted in AirTrail
keeps the TREK row but stops syncing. Editing a linked flight in TREK
pushes back to AirTrail under the importer's credentials, preserving the
existing seat manifest; if the owner disconnected the link detaches so the
poll can't revert the local edit. Deleting in TREK never touches AirTrail.
* i18n(airtrail): add AirTrail strings across all locales
* test(airtrail): cover flight mapping, timezones and snapshot hashing
* fix(airtrail): reduce airline/aircraft objects to codes
The flight list/get response returns airline and aircraft as joined
objects ({icao, iata, name, ...}), not bare codes. Mapping them straight
through produced '[object Object]' titles and stored objects in metadata,
which crashed reservation rendering. Extract the ICAO/IATA code instead,
and title flights by their flight number.
* fix(airtrail): clear error on non-JSON responses, tolerate /api in URL
A misconfigured instance URL made AirTrail serve its SPA/login HTML, and
the raw JSON.parse failure surfaced as 'Unexpected token <'. Surface an
actionable message instead, and strip a pasted trailing /api so the base
URL still resolves.
* feat(transport): sync AirTrail edits on trip open, not just on the poll
Add a per-user on-demand sync (POST /integrations/airtrail/sync) triggered
when a connected user opens a trip, so AirTrail-side edits appear right away
instead of waiting up to a full poll cycle. Lower the background poll from 15
to 5 minutes as a safety net.
* fix(transport): refresh imported AirTrail flights without a reload
loadTrip doesn't fetch reservations, so a freshly imported flight only
appeared after a full page reload — use loadReservations instead. Also show
flight dates in the user's locale format (e.g. 13.06.2026) rather than the
raw ISO string.
* style(settings): align AirTrail connection with the photo-provider layout
Match the Immich section: stacked URL/key fields, a ToggleSwitch for
self-signed TLS, and a Save / Test-connection row with a status badge.
* feat(transport): add a seat field when editing flights
The transport editor only offered a seat field for trains; flights had
none even though imports store metadata.seat. Show and persist a seat for
flights too.
* style(transport): match the AirTrail button height to Manual Transport
* feat(transport): put the flight seat next to flight number and sync it to AirTrail
Move the seat from a standalone row to the per-leg flight details (beside
the flight number), stored per leg in metadata.legs[].seat with the first
leg mirrored to metadata.seat. On push, set the seat number on the user's
own AirTrail seat (the one with a userId), leaving co-passengers untouched;
import/poll read that same seat back.
* refactor(planner): move the AirTrail trip-open sync into useTripPlanner
Page containers must not own state/effects (lint:pages). Same logic,
relocated from the page into its data hook.
* test(db): pin the region-reconciliation test to its schema version
The test re-ran 'the last migration' assuming the reconciliation is last;
it no longer is once later migrations are appended. Pin to version 135 and
re-run from there (the appended migrations are idempotent).
154 lines
5.9 KiB
TypeScript
154 lines
5.9 KiB
TypeScript
import type { AirtrailFlight } from '@trek/shared';
|
|
import { db } from '../../db/database';
|
|
import { maybe_encrypt_api_key, decrypt_api_key } from '../apiKeyCrypto';
|
|
import { checkSsrf } from '../../utils/ssrfGuard';
|
|
import { writeAudit } from '../auditLog';
|
|
import { AirtrailAuthError, AirtrailCreds, AirtrailRequestError, listFlights } from './airtrailClient';
|
|
import { normalizeFlight } from './airtrailMapper';
|
|
|
|
const KEY_MASK = '••••••••';
|
|
|
|
interface UserConnRow {
|
|
airtrail_url?: string | null;
|
|
airtrail_api_key?: string | null;
|
|
airtrail_allow_insecure_tls?: number | null;
|
|
}
|
|
|
|
function readRow(userId: number): UserConnRow | undefined {
|
|
return db
|
|
.prepare('SELECT airtrail_url, airtrail_api_key, airtrail_allow_insecure_tls FROM users WHERE id = ?')
|
|
.get(userId) as UserConnRow | undefined;
|
|
}
|
|
|
|
/** Decrypted creds for outbound calls, or null when the user has no connection. */
|
|
export function getAirtrailCredentials(userId: number): AirtrailCreds | null {
|
|
const row = readRow(userId);
|
|
if (!row?.airtrail_url || !row?.airtrail_api_key) return null;
|
|
const apiKey = decrypt_api_key(row.airtrail_api_key);
|
|
if (!apiKey) return null;
|
|
return {
|
|
baseUrl: row.airtrail_url,
|
|
apiKey,
|
|
allowInsecureTls: !!row.airtrail_allow_insecure_tls,
|
|
};
|
|
}
|
|
|
|
/** Settings as shown in the UI — the key is never echoed, only masked. */
|
|
export function getConnectionSettings(userId: number) {
|
|
const row = readRow(userId);
|
|
return {
|
|
url: row?.airtrail_url || '',
|
|
apiKeyMasked: row?.airtrail_api_key ? KEY_MASK : '',
|
|
allowInsecureTls: !!row?.airtrail_allow_insecure_tls,
|
|
connected: !!(row?.airtrail_url && row?.airtrail_api_key),
|
|
};
|
|
}
|
|
|
|
export async function saveSettings(
|
|
userId: number,
|
|
url: string | undefined,
|
|
apiKey: string | undefined,
|
|
allowInsecureTls: boolean,
|
|
clientIp: string | null,
|
|
): Promise<{ success: boolean; warning?: string; error?: string }> {
|
|
const trimmedUrl = (url || '').trim();
|
|
let warning: string | undefined;
|
|
|
|
if (trimmedUrl) {
|
|
const ssrf = await checkSsrf(trimmedUrl);
|
|
// Reject only genuinely unusable URLs (malformed, unresolvable, non-http,
|
|
// loopback). Private/LAN instances are the common self-hosted case, so we
|
|
// persist them with a warning rather than blocking — the outbound calls
|
|
// still need ALLOW_INTERNAL_NETWORK=true to actually reach them.
|
|
if (!ssrf.allowed && !ssrf.isPrivate) {
|
|
return { success: false, error: ssrf.error ?? 'Invalid AirTrail URL' };
|
|
}
|
|
if (ssrf.isPrivate) {
|
|
writeAudit({
|
|
userId,
|
|
action: 'airtrail.private_ip_configured',
|
|
ip: clientIp,
|
|
details: { airtrail_url: trimmedUrl, resolved_ip: ssrf.resolvedIp },
|
|
});
|
|
warning = `AirTrail URL resolves to a private IP (${ssrf.resolvedIp}). Make sure this is intentional — the server may need ALLOW_INTERNAL_NETWORK=true to reach it.`;
|
|
}
|
|
}
|
|
|
|
// Only overwrite the stored key when a genuinely new value is supplied;
|
|
// a blank field or the mask means "keep the existing key".
|
|
const provided = (apiKey || '').trim();
|
|
const newKey = provided && provided !== KEY_MASK ? maybe_encrypt_api_key(provided) : undefined;
|
|
|
|
if (newKey !== undefined) {
|
|
db.prepare(
|
|
'UPDATE users SET airtrail_url = ?, airtrail_api_key = ?, airtrail_allow_insecure_tls = ? WHERE id = ?',
|
|
).run(trimmedUrl || null, newKey, allowInsecureTls ? 1 : 0, userId);
|
|
} else {
|
|
db.prepare(
|
|
'UPDATE users SET airtrail_url = ?, airtrail_allow_insecure_tls = ? WHERE id = ?',
|
|
).run(trimmedUrl || null, allowInsecureTls ? 1 : 0, userId);
|
|
// Clearing the URL with no key left makes the connection meaningless — drop the key too.
|
|
if (!trimmedUrl) {
|
|
db.prepare('UPDATE users SET airtrail_api_key = NULL WHERE id = ?').run(userId);
|
|
}
|
|
}
|
|
|
|
return { success: true, warning };
|
|
}
|
|
|
|
async function probe(creds: AirtrailCreds): Promise<{ connected: boolean; flightCount?: number; error?: string }> {
|
|
try {
|
|
const flights = await listFlights(creds);
|
|
return { connected: true, flightCount: flights.length };
|
|
} catch (err: unknown) {
|
|
if (err instanceof AirtrailAuthError) return { connected: false, error: 'Invalid API key' };
|
|
return { connected: false, error: err instanceof Error ? err.message : 'Connection failed' };
|
|
}
|
|
}
|
|
|
|
/** Live check using the stored connection. */
|
|
export async function getConnectionStatus(
|
|
userId: number,
|
|
): Promise<{ connected: boolean; flightCount?: number; error?: string }> {
|
|
const creds = getAirtrailCredentials(userId);
|
|
if (!creds) return { connected: false, error: 'Not configured' };
|
|
return probe(creds);
|
|
}
|
|
|
|
/**
|
|
* "Test connection" from the settings form. Uses the typed URL/key when given;
|
|
* falls back to the stored key when the key field still shows the mask.
|
|
*/
|
|
export async function testConnection(
|
|
userId: number,
|
|
url: string | undefined,
|
|
apiKey: string | undefined,
|
|
allowInsecureTls: boolean,
|
|
): Promise<{ connected: boolean; flightCount?: number; error?: string }> {
|
|
const trimmedUrl = (url || '').trim();
|
|
const provided = (apiKey || '').trim();
|
|
|
|
const stored = getAirtrailCredentials(userId);
|
|
const effectiveUrl = trimmedUrl || stored?.baseUrl;
|
|
const effectiveKey = provided && provided !== KEY_MASK ? provided : stored?.apiKey;
|
|
|
|
if (!effectiveUrl || !effectiveKey) {
|
|
return { connected: false, error: 'URL and API key required' };
|
|
}
|
|
|
|
const ssrf = await checkSsrf(effectiveUrl);
|
|
if (!ssrf.allowed && !ssrf.isPrivate) {
|
|
return { connected: false, error: ssrf.error ?? 'Invalid AirTrail URL' };
|
|
}
|
|
|
|
return probe({ baseUrl: effectiveUrl, apiKey: effectiveKey, allowInsecureTls });
|
|
}
|
|
|
|
/** The user's AirTrail flights, normalized for the import picker. */
|
|
export async function getFlightsForPicker(userId: number): Promise<AirtrailFlight[]> {
|
|
const creds = getAirtrailCredentials(userId);
|
|
if (!creds) throw new AirtrailRequestError('AirTrail is not connected', 400);
|
|
const raw = await listFlights(creds);
|
|
return raw.map(normalizeFlight);
|
|
}
|