add egress domain to match domain list, fix egress nat rule for domains

2025-09-06 13:14:24 +08:00 · 2025-08-31 01:15:35 +05:30 · 2025-08-31 01:15:35 +05:30 · ee5f2675c2
commit ee5f2675c2
parent d07b10a54a
2 changed files with 34 additions and 7 deletions
--- a/logic/egress.go
+++ b/logic/egress.go
@ -137,6 +137,27 @@ func AddEgressInfoToPeerByAccess(node, targetNode *models.Node, eli []schema.Egr
 	}
 }

+func GetEgressDomainsByAccess(node *models.Node) (domains []string) {
+	acls, _ := ListAclsByNetwork(models.NetworkID(node.Network))
+	eli, _ := (&schema.Egress{Network: node.Network}).ListByNetwork(db.WithContext(context.TODO()))
+	defaultDevicePolicy, _ := GetDefaultPolicy(models.NetworkID(node.Network), models.DevicePolicy)
+	isDefaultPolicyActive := defaultDevicePolicy.Enabled
+	for _, e := range eli {
+		if !e.Status || e.Network != node.Network {
+			continue
+		}
+		if !isDefaultPolicyActive {
+			if !DoesNodeHaveAccessToEgress(node, &e, acls) {
+				continue
+			}
+		}
+		if e.Domain != "" && len(e.DomainAns) > 0 {
+			domains = append(domains, e.Domain)
+		}
+	}
+	return
+}
+
 func GetNodeEgressInfo(targetNode *models.Node, eli []schema.Egress, acls []models.Acl) {

 	req := models.EgressGatewayRequest{
@ -156,16 +177,20 @@ func GetNodeEgressInfo(targetNode *models.Node, eli []schema.Egress, acls []mode
 			m := uint32(m64)
 			if e.Range != "" {
 				req.Ranges = append(req.Ranges, e.Range)
-			} else {
+				req.RangesWithMetric = append(req.RangesWithMetric, models.EgressRangeMetric{
+					Network:     e.Range,
+					Nat:         e.Nat,
+					RouteMetric: m,
+				})
+			} else if len(e.DomainAns) > 0 {
 				req.Ranges = append(req.Ranges, e.DomainAns...)
+				req.RangesWithMetric = append(req.RangesWithMetric, models.EgressRangeMetric{
+					Network:     e.DomainAns[0],
+					Nat:         e.Nat,
+					RouteMetric: m,
+				})
 			}

-			req.RangesWithMetric = append(req.RangesWithMetric, models.EgressRangeMetric{
-				Network:     e.Range,
-				Nat:         e.Nat,
-				RouteMetric: m,
-			})
-
 		}
 	}
 	if targetNode.Mutex != nil {
--- a/pro/controllers/users.go
+++ b/pro/controllers/users.go
@ -1575,6 +1575,7 @@ func getUserRemoteAccessGwsV1(w http.ResponseWriter, r *http.Request) {
 				gw.MatchDomains = append(gw.MatchDomains, nsI.MatchDomain)
 			}
 		}
+		gw.MatchDomains = append(gw.MatchDomains, logic.GetEgressDomainsByAccess(&node)...)
 		gws = append(gws, gw)
 		userGws[node.Network] = gws
 		delete(userGwNodes, node.ID.String())
@ -1625,6 +1626,7 @@ func getUserRemoteAccessGwsV1(w http.ResponseWriter, r *http.Request) {
 				gw.MatchDomains = append(gw.MatchDomains, nsI.MatchDomain)
 			}
 		}
+		gw.MatchDomains = append(gw.MatchDomains, logic.GetEgressDomainsByAccess(&node)...)
 		gws = append(gws, gw)
 		userGws[node.Network] = gws
 	}