fix: foreign credential handling and trusted key visibility (#1993)

* fix foreign credential handling * allow list foreign network trusted keys * fix(gui): delete removed config-server networks * fix(web): reset managed instances on first sync
2026-05-06 17:59:11 +00:00 · 2026-03-16 22:19:31 +08:00
parent e6ac31fb20
commit 8922e7b991
8 changed files with 457 additions and 56 deletions
@@ -1,4 +1,4 @@
-use std::{fmt::Debug, str::FromStr as _, sync::Arc};
+use std::{collections::HashSet, fmt::Debug, str::FromStr as _, sync::Arc};

 use anyhow::Context;
 use easytier::{
@@ -399,6 +399,7 @@ impl Session {
        storage: WeakRefStorage,
        rpc_client: SessionRpcClient,
    ) {
+        let mut cleaned_web_managed_instances = false;
        loop {
            heartbeat_waiter = heartbeat_waiter.resubscribe();
            let req = heartbeat_waiter.recv().await;
@@ -420,7 +421,7 @@ impl Session {
                .running_network_instances
                .iter()
                .map(|x| x.to_string())
-                .collect::<Vec<_>>();
+                .collect::<HashSet<_>>();
            let Some(storage) = storage.upgrade() else {
                tracing::error!("Failed to get storage");
                return;
@@ -456,6 +457,60 @@ impl Session {

            let mut has_failed = false;

+            if !cleaned_web_managed_instances {
+                let all_local_configs = match storage
+                    .db
+                    .list_network_configs((user_id, machine_id.into()), ListNetworkProps::All)
+                    .await
+                {
+                    Ok(configs) => configs,
+                    Err(e) => {
+                        tracing::error!("Failed to list all network configs, error: {:?}", e);
+                        return;
+                    }
+                };
+
+                let all_inst_ids = all_local_configs
+                    .iter()
+                    .map(|cfg| cfg.network_instance_id.clone())
+                    .collect::<HashSet<_>>();
+
+                let should_be_alive_inst_ids = local_configs
+                    .iter()
+                    .map(|cfg| cfg.network_instance_id.clone())
+                    .collect::<HashSet<_>>();
+
+                let should_delete_ids = running_inst_ids
+                    .iter()
+                    .chain(all_inst_ids.iter())
+                    .filter(|inst_id| !should_be_alive_inst_ids.contains(*inst_id))
+                    .filter_map(|inst_id| uuid::Uuid::parse_str(inst_id).ok())
+                    .map(Into::into)
+                    .collect::<Vec<_>>();
+
+                if !should_delete_ids.is_empty() {
+                    let ret = rpc_client
+                        .delete_network_instance(
+                            BaseController::default(),
+                            easytier::proto::api::manage::DeleteNetworkInstanceRequest {
+                                inst_ids: should_delete_ids,
+                            },
+                        )
+                        .await;
+                    tracing::info!(
+                        ?user_id,
+                        "Clean non-web-managed network instances on start: {:?}, user_token: {:?}",
+                        ret,
+                        req.user_token
+                    );
+                    has_failed |= ret.is_err();
+                }
+
+                if !has_failed {
+                    cleaned_web_managed_instances = true;
+                }
+            }
+
            for c in local_configs {
                if running_inst_ids.contains(&c.network_instance_id) {
                    continue;