ThatGuyJack/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2025-09-14 10:52:34 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Refactor from Promises to async/await

Browse Source
This commit is contained in:
Jamie Curnow
2025-09-10 23:59:00 +10:00
parent a7d4fd55d9
commit 538d28d32d
5 changed files with 1128 additions and 1440 deletions
Download Patch File Download Diff File Expand all files Collapse all files

291
backend/internal/access-list.js
View File

@@ -21,11 +21,9 @@ const internalAccessList = {
* @param {Object} data
* @returns {Promise}
*/
create: (access, data) => {
return access
.can("access_lists:create", data)
.then((/*access_data*/) => {
return accessListModel
create: async (access, data) => {
await access.can("access_lists:create", data);
const row = await accessListModel
.query()
.insertAndFetch({
name: data.name,
@@ -34,13 +32,11 @@ const internalAccessList = {
owner_user_id: access.token.getUserId(1),
})
.then(utils.omitRow(omissions()));
})
.then((row) => {
data.id = row.id;
const promises = [];
// Now add the items
// Items
data.items.map((item) => {
promises.push(
accessListAuthModel.query().insert({
@@ -52,9 +48,8 @@ const internalAccessList = {
return true;
});
// Now add the clients
if (typeof data.clients !== "undefined" && data.clients) {
data.clients.map((client) => {
// Clients
data.clients?.map((client) => {
promises.push(
accessListClientModel.query().insert({
access_list_id: row.id,
@@ -64,45 +59,36 @@ const internalAccessList = {
);
return true;
});
}
return Promise.all(promises);
})
.then(() => {
await Promise.all(promises);
// re-fetch with expansions
return internalAccessList.get(
const freshRow = await internalAccessList.get(
access,
{
id: data.id,
expand: ["owner", "items", "clients", "proxy_hosts.access_list.[clients,items]"],
},
true /* <- skip masking */,
true // skip masking
);
})
.then((row) => {
// Audit log
data.meta = _.assign({}, data.meta || {}, row.meta);
return internalAccessList
.build(row)
.then(() => {
if (Number.parseInt(row.proxy_host_count, 10)) {
return internalNginx.bulkGenerateConfigs("proxy_host", row.proxy_hosts);
// Audit log
data.meta = _.assign({}, data.meta || {}, freshRow.meta);
await internalAccessList.build(freshRow);
if (Number.parseInt(freshRow.proxy_host_count, 10)) {
await internalNginx.bulkGenerateConfigs("proxy_host", freshRow.proxy_hosts);
}
})
.then(() => {
// Add to audit log
return internalAuditLog.add(access, {
await internalAuditLog.add(access, {
action: "created",
object_type: "access-list",
object_id: row.id,
object_id: freshRow.id,
meta: internalAccessList.maskItems(data),
});
})
.then(() => {
return internalAccessList.maskItems(row);
});
});
return internalAccessList.maskItems(freshRow);
},
/**
@@ -113,35 +99,29 @@ const internalAccessList = {
* @param {String} [data.items]
* @return {Promise}
*/
update: (access, data) => {
return access
.can("access_lists:update", data.id)
.then((/*access_data*/) => {
return internalAccessList.get(access, { id: data.id });
})
.then((row) => {
update: async (access, data) => {
await access.can("access_lists:update", data.id);
const row = await internalAccessList.get(access, { id: data.id });
if (row.id !== data.id) {
// Sanity check that something crazy hasn't happened
throw new errs.InternalValidationError(
`Access List could not be updated, IDs do not match: ${row.id} !== ${data.id}`,
);
}
})
.then(() => {
// patch name if specified
if (typeof data.name !== "undefined" && data.name) {
return accessListModel.query().where({ id: data.id }).patch({
await accessListModel.query().where({ id: data.id }).patch({
name: data.name,
satisfy_any: data.satisfy_any,
pass_auth: data.pass_auth,
});
}
})
.then(() => {
// Check for items and add/update/remove them
if (typeof data.items !== "undefined" && data.items) {
const promises = [];
const items_to_keep = [];
const itemsToKeep = [];
data.items.map((item) => {
if (item.password) {
@@ -154,33 +134,30 @@ const internalAccessList = {
);
} else {
// This was supplied with an empty password, which means keep it but don't change the password
items_to_keep.push(item.username);
itemsToKeep.push(item.username);
}
return true;
});
const query = accessListAuthModel.query().delete().where("access_list_id", data.id);
if (items_to_keep.length) {
query.andWhere("username", "NOT IN", items_to_keep);
if (itemsToKeep.length) {
query.andWhere("username", "NOT IN", itemsToKeep);
}
return query.then(() => {
await query;
// Add new items
if (promises.length) {
return Promise.all(promises);
await Promise.all(promises);
}
});
}
})
.then(() => {
// Check for clients and add/update/remove them
if (typeof data.clients !== "undefined" && data.clients) {
const promises = [];
const clientPromises = [];
data.clients.map((client) => {
if (client.address) {
promises.push(
clientPromises.push(
accessListClientModel.query().insert({
access_list_id: data.id,
address: client.address,
@@ -192,48 +169,37 @@ const internalAccessList = {
});
const query = accessListClientModel.query().delete().where("access_list_id", data.id);
await query;
// Add new clitens
if (clientPromises.length) {
await Promise.all(clientPromises);
}
}
return query.then(() => {
// Add new items
if (promises.length) {
return Promise.all(promises);
}
});
}
})
.then(() => {
// Add to audit log
return internalAuditLog.add(access, {
await internalAuditLog.add(access, {
action: "updated",
object_type: "access-list",
object_id: data.id,
meta: internalAccessList.maskItems(data),
});
})
.then(() => {
// re-fetch with expansions
return internalAccessList.get(
const freshRow = await internalAccessList.get(
access,
{
id: data.id,
expand: ["owner", "items", "clients", "proxy_hosts.[certificate,access_list.[clients,items]]"],
},
true /* <- skip masking */,
true // skip masking
);
})
.then((row) => {
return internalAccessList
.build(row)
.then(() => {
await internalAccessList.build(freshRow)
if (Number.parseInt(row.proxy_host_count, 10)) {
return internalNginx.bulkGenerateConfigs("proxy_host", row.proxy_hosts);
await internalNginx.bulkGenerateConfigs("proxy_host", row.proxy_hosts);
}
})
.then(internalNginx.reload)
.then(() => {
await internalNginx.reload();
return internalAccessList.maskItems(row);
});
});
},
/**
@@ -242,15 +208,13 @@ const internalAccessList = {
* @param {Integer} data.id
* @param {Array} [data.expand]
* @param {Array} [data.omit]
* @param {Boolean} [skip_masking]
* @param {Boolean} [skipMasking]
* @return {Promise}
*/
get: (access, data, skip_masking) => {
get: async (access, data, skipMasking) => {
const thisData = data || {};
const accessData = await access.can("access_lists:get", thisData.id)
return access
.can("access_lists:get", thisData.id)
.then((accessData) => {
const query = accessListModel
.query()
.select("access_list.*", accessListModel.raw("COUNT(proxy_host.id) as proxy_host_count"))
@@ -275,22 +239,19 @@ const internalAccessList = {
query.withGraphFetched(`[${thisData.expand.join(", ")}]`);
}
return query.then(utils.omitRow(omissions()));
})
.then((row) => {
let thisRow = row;
let row = await query.then(utils.omitRow(omissions()));
if (!row || !row.id) {
throw new errs.ItemNotFoundError(thisData.id);
}
if (!skip_masking && typeof thisRow.items !== "undefined" && thisRow.items) {
thisRow = internalAccessList.maskItems(thisRow);
if (!skipMasking && typeof row.items !== "undefined" && row.items) {
row = internalAccessList.maskItems(row);
}
// Custom omissions
if (typeof data.omit !== "undefined" && data.omit !== null) {
thisRow = _.omit(thisRow, data.omit);
row = _.omit(row, data.omit);
}
return thisRow;
});
return row;
},
/**
@@ -300,13 +261,13 @@ const internalAccessList = {
* @param {String} [data.reason]
* @returns {Promise}
*/
delete: (access, data) => {
return access
.can("access_lists:delete", data.id)
.then(() => {
return internalAccessList.get(access, { id: data.id, expand: ["proxy_hosts", "items", "clients"] });
})
.then((row) => {
delete: async (access, data) => {
await access.can("access_lists:delete", data.id);
const row = await internalAccessList.get(access, {
id: data.id,
expand: ["proxy_hosts", "items", "clients"],
});
if (!row || !row.id) {
throw new errs.ItemNotFoundError(data.id);
}
@@ -317,58 +278,47 @@ const internalAccessList = {
// 4. audit log
// 1. update row to be deleted
return accessListModel
await accessListModel
.query()
.where("id", row.id)
.patch({
is_deleted: 1,
})
.then(() => {
});
// 2. update any proxy hosts that were using it (ignoring permissions)
if (row.proxy_hosts) {
return proxyHostModel
await proxyHostModel
.query()
.where("access_list_id", "=", row.id)
.patch({ access_list_id: 0 })
.then(() => {
// 3. reconfigure those hosts, then reload nginx
.patch({ access_list_id: 0 });
// 3. reconfigure those hosts, then reload nginx
// set the access_list_id to zero for these items
row.proxy_hosts.map((_val, idx) => {
row.proxy_hosts[idx].access_list_id = 0;
return true;
});
return internalNginx.bulkGenerateConfigs("proxy_host", row.proxy_hosts);
})
.then(() => {
return internalNginx.reload();
});
await internalNginx.bulkGenerateConfigs("proxy_host", row.proxy_hosts);
}
})
.then(() => {
// delete the htpasswd file
const htpasswd_file = internalAccessList.getFilename(row);
await internalNginx.reload();
// delete the htpasswd file
try {
fs.unlinkSync(htpasswd_file);
fs.unlinkSync(internalAccessList.getFilename(row));
} catch (_err) {
// do nothing
}
})
.then(() => {
// 4. audit log
return internalAuditLog.add(access, {
await internalAuditLog.add(access, {
action: "deleted",
object_type: "access-list",
object_id: row.id,
meta: _.omit(internalAccessList.maskItems(row), ["is_deleted", "proxy_hosts"]),
});
});
})
.then(() => {
return true;
});
},
/**
@@ -376,13 +326,12 @@ const internalAccessList = {
*
* @param {Access} access
* @param {Array} [expand]
* @param {String} [search_query]
* @param {String} [searchQuery]
* @returns {Promise}
*/
getAll: (access, expand, search_query) => {
return access
.can("access_lists:list")
.then((access_data) => {
getAll: async (access, expand, searchQuery) => {
const accessData = await access.can("access_lists:list");
const query = accessListModel
.query()
.select("access_list.*", accessListModel.raw("COUNT(proxy_host.id) as proxy_host_count"))
@@ -398,14 +347,14 @@ const internalAccessList = {
.allowGraph("[owner,items,clients]")
.orderBy("access_list.name", "ASC");
if (access_data.permission_visibility !== "all") {
if (accessData.permission_visibility !== "all") {
query.andWhere("access_list.owner_user_id", access.token.getUserId(1));
}
// Query is used for searching
if (typeof search_query === "string") {
if (typeof searchQuery === "string") {
query.where(function () {
this.where("name", "like", `%${search_query}%`);
this.where("name", "like", `%${searchQuery}%`);
});
}
@@ -413,9 +362,7 @@ const internalAccessList = {
query.withGraphFetched(`[${expand.join(", ")}]`);
}
return query.then(utils.omitRows(omissions()));
})
.then((rows) => {
const rows = await query.then(utils.omitRows(omissions()));
if (rows) {
rows.map((row, idx) => {
if (typeof row.items !== "undefined" && row.items) {
@@ -424,28 +371,28 @@ const internalAccessList = {
return true;
});
}
return rows;
});
},
/**
* Report use
* Count is used in reports
*
* @param {Integer} user_id
* @param {Integer} userId
* @param {String} visibility
* @returns {Promise}
*/
getCount: (user_id, visibility) => {
const query = accessListModel.query().count("id as count").where("is_deleted", 0);
getCount: async (userId, visibility) => {
const query = accessListModel
.query()
.count("id as count")
.where("is_deleted", 0);
if (visibility !== "all") {
query.andWhere("owner_user_id", user_id);
query.andWhere("owner_user_id", userId);
}
return query.first().then((row) => {
const row = await query.first();
return Number.parseInt(row.count, 10);
});
},
/**
@@ -455,20 +402,19 @@ const internalAccessList = {
maskItems: (list) => {
if (list && typeof list.items !== "undefined") {
list.items.map((val, idx) => {
let repeat_for = 8;
let first_char = "*";
let repeatFor = 8;
let firstChar = "*";
if (typeof val.password !== "undefined" && val.password) {
repeat_for = val.password.length - 1;
first_char = val.password.charAt(0);
repeatFor = val.password.length - 1;
firstChar = val.password.charAt(0);
}
list.items[idx].hint = first_char + "*".repeat(repeat_for);
list.items[idx].hint = firstChar + "*".repeat(repeatFor);
list.items[idx].password = "";
return true;
});
}
return list;
},
@@ -488,43 +434,33 @@ const internalAccessList = {
* @param {Array} list.items
* @returns {Promise}
*/
build: (list) => {
build: async (list) => {
logger.info(`Building Access file #${list.id} for: ${list.name}`);
return new Promise((resolve, reject) => {
const htpasswd_file = internalAccessList.getFilename(list);
const htpasswdFile = internalAccessList.getFilename(list);
// 1. remove any existing access file
try {
fs.unlinkSync(htpasswd_file);
fs.unlinkSync(htpasswdFile);
} catch (_err) {
// do nothing
}
// 2. create empty access file
try {
fs.writeFileSync(htpasswd_file, "", { encoding: "utf8" });
resolve(htpasswd_file);
} catch (err) {
reject(err);
}
}).then((htpasswd_file) => {
fs.writeFileSync(htpasswdFile, '', {encoding: 'utf8'});
// 3. generate password for each user
if (list.items.length) {
return new Promise((resolve, reject) => {
batchflow(list.items)
.sequential()
await new Promise((resolve, reject) => {
batchflow(list.items).sequential()
.each((_i, item, next) => {
if (item.password?.length) {
logger.info(`Adding: ${item.username}`);
utils
.execFile("openssl", ["passwd", "-apr1", item.password])
utils.execFile('openssl', ['passwd', '-apr1', item.password])
.then((res) => {
try {
fs.appendFileSync(htpasswd_file, `${item.username}:${res}\n`, {
encoding: "utf8",
});
fs.appendFileSync(htpasswdFile, `${item.username}:${res}\n`, {encoding: 'utf8'});
} catch (err) {
reject(err);
}
@@ -546,8 +482,7 @@ const internalAccessList = {
});
});
}
});
},
};
}
}
export default internalAccessList;

29
backend/internal/audit-log.js
View File

@@ -9,11 +9,12 @@ const internalAuditLog = {
*
* @param {Access} access
* @param {Array} [expand]
* @param {String} [search_query]
* @param {String} [searchQuery]
* @returns {Promise}
*/
getAll: (access, expand, search_query) => {
return access.can("auditlog:list").then(() => {
getAll: async (access, expand, searchQuery) => {
await access.can("auditlog:list");
const query = auditLogModel
.query()
.orderBy("created_on", "DESC")
@@ -22,9 +23,9 @@ const internalAuditLog = {
.allowGraph("[user]");
// Query is used for searching
if (typeof search_query === "string" && search_query.length > 0) {
if (typeof searchQuery === "string" && searchQuery.length > 0) {
query.where(function () {
this.where(castJsonIfNeed("meta"), "like", `%${search_query}`);
this.where(castJsonIfNeed("meta"), "like", `%${searchQuery}`);
});
}
@@ -32,8 +33,7 @@ const internalAuditLog = {
query.withGraphFetched(`[${expand.join(", ")}]`);
}
return query;
});
return await query;
},
/**
@@ -50,27 +50,22 @@ const internalAuditLog = {
* @param {Object} [data.meta]
* @returns {Promise}
*/
add: (access, data) => {
return new Promise((resolve, reject) => {
// Default the user id
add: async (access, data) => {
if (typeof data.user_id === "undefined" || !data.user_id) {
data.user_id = access.token.getUserId(1);
}
if (typeof data.action === "undefined" || !data.action) {
reject(new errs.InternalValidationError("Audit log entry must contain an Action"));
} else {
throw new errs.InternalValidationError("Audit log entry must contain an Action");
}
// Make sure at least 1 of the IDs are set and action
resolve(
auditLogModel.query().insert({
return await auditLogModel.query().insert({
user_id: data.user_id,
action: data.action,
object_type: data.object_type || "",
object_id: data.object_id || 0,
meta: data.meta || {},
}),
);
}
});
},
};

561
backend/internal/certificate.js
View File

@@ -110,19 +110,19 @@ const internalCertificate = {
* @param {Object} data
* @returns {Promise}
*/
create: (access, data) => {
return access
.can("certificates:create", data)
.then(() => {
create: async (access, data) => {
await access.can("certificates:create", data);
data.owner_user_id = access.token.getUserId(1);
if (data.provider === "letsencrypt") {
data.nice_name = data.domain_names.join(", ");
}
return certificateModel.query().insertAndFetch(data).then(utils.omitRow(omissions()));
})
.then((certificate) => {
const certificate = await certificateModel
.query()
.insertAndFetch(data)
.then(utils.omitRow(omissions()));
if (certificate.provider === "letsencrypt") {
// Request a new Cert from LE. Let the fun begin.
@@ -134,123 +134,85 @@ const internalCertificate = {
// 6. Re-instate previously disabled hosts
// 1. Find out any hosts that are using any of the hostnames in this cert
return internalHost
.getHostsWithDomains(certificate.domain_names)
.then((in_use_result) => {
const inUseResult = await internalHost.getHostsWithDomains(certificate.domain_names);
// 2. Disable them in nginx temporarily
return internalCertificate.disableInUseHosts(in_use_result).then(() => {
return in_use_result;
});
})
.then((in_use_result) => {
await internalCertificate.disableInUseHosts(inUseResult);
// With DNS challenge no config is needed, so skip 3 and 5.
if (certificate.meta.dns_challenge) {
return internalNginx
.reload()
.then(() => {
if (certificate.meta?.dns_challenge) {
try {
await internalNginx.reload();
// 4. Request cert
return internalCertificate.requestLetsEncryptSslWithDnsChallenge(certificate);
})
.then(internalNginx.reload)
.then(() => {
await internalCertificate.requestLetsEncryptSslWithDnsChallenge(certificate);
await internalNginx.reload();
// 6. Re-instate previously disabled hosts
return internalCertificate.enableInUseHosts(in_use_result);
})
.then(() => {
return certificate;
})
.catch((err) => {
await internalCertificate.enableInUseHosts(inUseResult);
} catch (err) {
// In the event of failure, revert things and throw err back
return internalCertificate
.enableInUseHosts(in_use_result)
.then(internalNginx.reload)
.then(() => {
await internalCertificate.enableInUseHosts(inUseResult);
await internalNginx.reload();
throw err;
});
});
}
} else {
// 3. Generate the LE config
return internalNginx
.generateLetsEncryptRequestConfig(certificate)
.then(internalNginx.reload)
.then(async () => await new Promise((r) => setTimeout(r, 5000)))
.then(() => {
try {
await internalNginx.generateLetsEncryptRequestConfig(certificate);
await internalNginx.reload();
setTimeout(() => {}, 5000)
// 4. Request cert
return internalCertificate.requestLetsEncryptSsl(certificate);
})
.then(() => {
await internalCertificate.requestLetsEncryptSsl(certificate);
// 5. Remove LE config
return internalNginx.deleteLetsEncryptRequestConfig(certificate);
})
.then(internalNginx.reload)
.then(() => {
await internalNginx.deleteLetsEncryptRequestConfig(certificate);
await internalNginx.reload();
// 6. Re-instate previously disabled hosts
return internalCertificate.enableInUseHosts(in_use_result);
})
.then(() => {
return certificate;
})
.catch((err) => {
await internalCertificate.enableInUseHosts(inUseResult);
} catch (err) {
// In the event of failure, revert things and throw err back
return internalNginx
.deleteLetsEncryptRequestConfig(certificate)
.then(() => {
return internalCertificate.enableInUseHosts(in_use_result);
})
.then(internalNginx.reload)
.then(() => {
await internalNginx.deleteLetsEncryptRequestConfig(certificate);
await internalCertificate.enableInUseHosts(inUseResult);
await internalNginx.reload();
throw err;
});
});
})
.then(() => {
}
}
// At this point, the letsencrypt cert should exist on disk.
// Lets get the expiry date from the file and update the row silently
return internalCertificate
.getCertificateInfoFromFile(
try {
const certInfo = await internalCertificate.getCertificateInfoFromFile(
`${internalCertificate.getLiveCertPath(certificate.id)}/fullchain.pem`,
)
.then((cert_info) => {
return certificateModel
);
const savedRow = await certificateModel
.query()
.patchAndFetchById(certificate.id, {
expires_on: moment(cert_info.dates.to, "X").format("YYYY-MM-DD HH:mm:ss"),
expires_on: moment(certInfo.dates.to, "X").format("YYYY-MM-DD HH:mm:ss"),
})
.then(utils.omitRow(omissions()))
.then((saved_row) => {
// Add cert data for audit log
saved_row.meta = _.assign({}, saved_row.meta, {
letsencrypt_certificate: cert_info,
});
.then(utils.omitRow(omissions()));
return saved_row;
// Add cert data for audit log
savedRow.meta = _.assign({}, savedRow.meta, {
letsencrypt_certificate: certInfo,
});
});
})
.catch(async (error) => {
return savedRow;
} catch (err) {
// Delete the certificate from the database if it was not created successfully
await certificateModel.query().deleteById(certificate.id);
throw error;
});
throw err;
}
return certificate;
})
.then((certificate) => {
}
data.meta = _.assign({}, data.meta || {}, certificate.meta);
// Add to audit log
return internalAuditLog
await internalAuditLog
.add(access, {
action: "created",
object_type: "certificate",
object_id: certificate.id,
meta: data,
})
.then(() => {
});
return certificate;
});
});
},
/**
@@ -261,13 +223,10 @@ const internalCertificate = {
* @param {String} [data.name]
* @return {Promise}
*/
update: (access, data) => {
return access
.can("certificates:update", data.id)
.then((/*access_data*/) => {
return internalCertificate.get(access, { id: data.id });
})
.then((row) => {
update: async (access, data) => {
await access.can("certificates:update", data.id);
const row = await internalCertificate.get(access, { id: data.id });
if (row.id !== data.id) {
// Sanity check that something crazy hasn't happened
throw new error.InternalValidationError(
@@ -275,32 +234,29 @@ const internalCertificate = {
);
}
return certificateModel
const savedRow = await certificateModel
.query()
.patchAndFetchById(row.id, data)
.then(utils.omitRow(omissions()))
.then((saved_row) => {
saved_row.meta = internalCertificate.cleanMeta(saved_row.meta);
.then(utils.omitRow(omissions()));
savedRow.meta = internalCertificate.cleanMeta(savedRow.meta);
data.meta = internalCertificate.cleanMeta(data.meta);
// Add row.nice_name for custom certs
if (saved_row.provider === "other") {
data.nice_name = saved_row.nice_name;
if (savedRow.provider === "other") {
data.nice_name = savedRow.nice_name;
}
// Add to audit log
return internalAuditLog
await internalAuditLog
.add(access, {
action: "updated",
object_type: "certificate",
object_id: row.id,
meta: _.omit(data, ["expires_on"]), // this prevents json circular reference because expires_on might be raw
})
.then(() => {
return saved_row;
});
});
});
return savedRow;
},
/**
@@ -311,16 +267,12 @@ const internalCertificate = {
* @param {Array} [data.omit]
* @return {Promise}
*/
get: (access, data) => {
const thisData = data || {};
return access
.can("certificates:get", thisData.id)
.then((accessData) => {
get: async (access, data) => {
const accessData = await access.can("certificates:get", data.id)
const query = certificateModel
.query()
.where("is_deleted", 0)
.andWhere("id", thisData.id)
.andWhere("id", data.id)
.allowGraph("[owner]")
.allowGraph("[proxy_hosts]")
.allowGraph("[redirection_hosts]")
@@ -331,22 +283,19 @@ const internalCertificate = {
query.andWhere("owner_user_id", access.token.getUserId(1));
}
if (typeof thisData.expand !== "undefined" && thisData.expand !== null) {
query.withGraphFetched(`[${thisData.expand.join(", ")}]`);
if (typeof data.expand !== "undefined" && data.expand !== null) {
query.withGraphFetched(`[${data.expand.join(", ")}]`);
}
return query.then(utils.omitRow(omissions()));
})
.then((row) => {
const row = await query.then(utils.omitRow(omissions()));
if (!row || !row.id) {
throw new error.ItemNotFoundError(thisData.id);
throw new error.ItemNotFoundError(data.id);
}
// Custom omissions
if (typeof thisData.omit !== "undefined" && thisData.omit !== null) {
return _.omit(row, thisData.omit);
if (typeof data.omit !== "undefined" && data.omit !== null) {
return _.omit(row, data.omit);
}
return row;
});
},
/**
@@ -355,17 +304,11 @@ const internalCertificate = {
* @param {Number} data.id
* @returns {Promise}
*/
download: (access, data) => {
return new Promise((resolve, reject) => {
access
.can("certificates:get", data)
.then(() => {
return internalCertificate.get(access, data);
})
.then((certificate) => {
download: async (access, data) => {
await access.can("certificates:get", data);
const certificate = await internalCertificate.get(access, data);
if (certificate.provider === "letsencrypt") {
const zipDirectory = internalCertificate.getLiveCertPath(data.id);
if (!fs.existsSync(zipDirectory)) {
throw new error.ItemNotFoundError(`Certificate ${certificate.nice_name} does not exists`);
}
@@ -374,24 +317,17 @@ const internalCertificate = {
.readdirSync(zipDirectory)
.filter((fn) => fn.endsWith(".pem"))
.map((fn) => fs.realpathSync(path.join(zipDirectory, fn)));
const downloadName = `npm-${data.id}-${Date.now()}.zip`;
const opName = `/tmp/${downloadName}`;
internalCertificate
.zipFiles(certFiles, opName)
.then(() => {
await internalCertificate.zipFiles(certFiles, opName);
logger.debug("zip completed : ", opName);
const resp = {
return {
fileName: opName,
};
resolve(resp);
})
.catch((err) => reject(err));
} else {
throw new error.ValidationError("Only Let'sEncrypt certificates can be downloaded");
}
})
.catch((err) => reject(err));
});
throw new error.ValidationError("Only Let'sEncrypt certificates can be downloaded");
},
/**
@@ -399,7 +335,7 @@ const internalCertificate = {
* @param {String} out
* @returns {Promise}
*/
zipFiles(source, out) {
zipFiles: async (source, out) => {
const archive = archiver("zip", { zlib: { level: 9 } });
const stream = fs.createWriteStream(out);
@@ -423,44 +359,36 @@ const internalCertificate = {
* @param {String} [data.reason]
* @returns {Promise}
*/
delete: (access, data) => {
return access
.can("certificates:delete", data.id)
.then(() => {
return internalCertificate.get(access, { id: data.id });
})
.then((row) => {
delete: async (access, data) => {
await access.can("certificates:delete", data.id);
const row = await internalCertificate.get(access, { id: data.id });
if (!row || !row.id) {
throw new error.ItemNotFoundError(data.id);
}
return certificateModel
await certificateModel
.query()
.where("id", row.id)
.patch({
is_deleted: 1,
})
.then(() => {
});
// Add to audit log
row.meta = internalCertificate.cleanMeta(row.meta);
return internalAuditLog.add(access, {
await internalAuditLog.add(access, {
action: "deleted",
object_type: "certificate",
object_id: row.id,
meta: _.omit(row, omissions()),
});
})
.then(() => {
if (row.provider === "letsencrypt") {
// Revoke the cert
return internalCertificate.revokeLetsEncryptSsl(row);
await internalCertificate.revokeLetsEncryptSsl(row);
}
});
})
.then(() => {
return true;
});
},
/**
@@ -468,11 +396,12 @@ const internalCertificate = {
*
* @param {Access} access
* @param {Array} [expand]
* @param {String} [search_query]
* @param {String} [searchQuery]
* @returns {Promise}
*/
getAll: (access, expand, search_query) => {
return access.can("certificates:list").then((access_data) => {
getAll: async (access, expand, searchQuery) => {
const accessData = await access.can("certificates:list");
const query = certificateModel
.query()
.where("is_deleted", 0)
@@ -483,14 +412,14 @@ const internalCertificate = {
.allowGraph("[dead_hosts]")
.orderBy("nice_name", "ASC");
if (access_data.permission_visibility !== "all") {
if (accessData.permission_visibility !== "all") {
query.andWhere("owner_user_id", access.token.getUserId(1));
}
// Query is used for searching
if (typeof search_query === "string") {
if (typeof searchQuery === "string") {
query.where(function () {
this.where("nice_name", "like", `%${search_query}%`);
this.where("nice_name", "like", `%${searchQuery}%`);
});
}
@@ -498,34 +427,35 @@ const internalCertificate = {
query.withGraphFetched(`[${expand.join(", ")}]`);
}
return query.then(utils.omitRows(omissions()));
});
return await query.then(utils.omitRows(omissions()));
},
/**
* Report use
*
* @param {Number} user_id
* @param {Number} userId
* @param {String} visibility
* @returns {Promise}
*/
getCount: (user_id, visibility) => {
const query = certificateModel.query().count("id as count").where("is_deleted", 0);
getCount: async (userId, visibility) => {
const query = certificateModel
.query()
.count("id as count")
.where("is_deleted", 0);
if (visibility !== "all") {
query.andWhere("owner_user_id", user_id);
query.andWhere("owner_user_id", userId);
}
return query.first().then((row) => {
const row = await query.first();
return Number.parseInt(row.count, 10);
});
},
/**
* @param {Object} certificate
* @returns {Promise}
*/
writeCustomCert: (certificate) => {
writeCustomCert: async (certificate) => {
logger.info("Writing Custom Certificate:", certificate);
const dir = `/data/custom_ssl/npm-${certificate.id}`;
@@ -578,7 +508,7 @@ const internalCertificate = {
* @param {Boolean} data.meta.letsencrypt_agree
* @returns {Promise}
*/
createQuickCertificate: (access, data) => {
createQuickCertificate: async (access, data) => {
return internalCertificate.create(access, {
provider: "letsencrypt",
domain_names: data.domain_names,
@@ -595,7 +525,6 @@ const internalCertificate = {
* @returns {Promise}
*/
validate: (data) => {
return new Promise((resolve) => {
// Put file contents into an object
const files = {};
_.map(data.files, (file, name) => {
@@ -604,8 +533,6 @@ const internalCertificate = {
}
});
resolve(files);
}).then((files) => {
// For each file, create a temp file and write the contents to it
// Then test it depending on the file type
const promises = [];
@@ -626,14 +553,11 @@ const internalCertificate = {
return Promise.all(promises).then((files) => {
let data = {};
_.each(files, (file) => {
data = _.assign({}, data, file);
});
return data;
});
});
},
/**
@@ -643,15 +567,13 @@ const internalCertificate = {
* @param {Object} data.files
* @returns {Promise}
*/
upload: (access, data) => {
return internalCertificate.get(access, { id: data.id }).then((row) => {
upload: async (access, data) => {
const row = await internalCertificate.get(access, { id: data.id });
if (row.provider !== "other") {
throw new error.ValidationError("Cannot upload certificates for this type of provider");
}
return internalCertificate
.validate(data)
.then((validations) => {
const validations = await internalCertificate.validate(data);
if (typeof validations.certificate === "undefined") {
throw new error.ValidationError("Certificate file was not provided");
}
@@ -662,58 +584,45 @@ const internalCertificate = {
}
});
// TODO: This uses a mysql only raw function that won't translate to postgres
return internalCertificate
.update(access, {
const certificate = internalCertificate.update(access, {
id: data.id,
expires_on: moment(validations.certificate.dates.to, "X").format("YYYY-MM-DD HH:mm:ss"),
domain_names: [validations.certificate.cn],
meta: _.clone(row.meta), // Prevent the update method from changing this value that we'll use later
})
.then((certificate) => {
});
certificate.meta = row.meta;
return internalCertificate.writeCustomCert(certificate);
});
})
.then(() => {
await internalCertificate.writeCustomCert(certificate);
return _.pick(row.meta, internalCertificate.allowedSslFiles);
});
});
},
/**
* Uses the openssl command to validate the private key.
* It will save the file to disk first, then run commands on it, then delete the file.
*
* @param {String} private_key This is the entire key contents as a string
* @param {String} privateKey This is the entire key contents as a string
*/
checkPrivateKey: (private_key) => {
return tempWrite(private_key, "/tmp").then((filepath) => {
return new Promise((resolve, reject) => {
checkPrivateKey: async (privateKey) => {
const filepath = await tempWrite(privateKey, "/tmp");
const failTimeout = setTimeout(() => {
reject(
new error.ValidationError(
throw new error.ValidationError(
"Result Validation Error: Validation timed out. This could be due to the key being passphrase-protected.",
),
);
}, 10000);
utils
.exec(`openssl pkey -in ${filepath} -check -noout 2>&1 `)
.then((result) => {
try {
const result = await utils.exec(`openssl pkey -in ${filepath} -check -noout 2>&1 `);
clearTimeout(failTimeout);
if (!result.toLowerCase().includes("key is valid")) {
reject(new error.ValidationError(`Result Validation Error: ${result}`));
throw new error.ValidationError(`Result Validation Error: ${result}`);
}
fs.unlinkSync(filepath);
resolve(true);
})
.catch((err) => {
return true;
} catch (err) {
clearTimeout(failTimeout);
fs.unlinkSync(filepath);
reject(new error.ValidationError(`Certificate Key is not valid (${err.message})`, err));
});
});
});
throw new error.ValidationError(`Certificate Key is not valid (${err.message})`, err);
}
},
/**
@@ -721,36 +630,32 @@ const internalCertificate = {
* It will save the file to disk first, then run commands on it, then delete the file.
*
* @param {String} certificate This is the entire cert contents as a string
* @param {Boolean} [throw_expired] Throw when the certificate is out of date
* @param {Boolean} [throwExpired] Throw when the certificate is out of date
*/
getCertificateInfo: (certificate, throw_expired) => {
return tempWrite(certificate, "/tmp").then((filepath) => {
return internalCertificate
.getCertificateInfoFromFile(filepath, throw_expired)
.then((certData) => {
getCertificateInfo: async (certificate, throwExpired) => {
try {
const filepath = await tempWrite(certificate, "/tmp");
const certData = await internalCertificate.getCertificateInfoFromFile(filepath, throwExpired);
fs.unlinkSync(filepath);
return certData;
})
.catch((err) => {
} catch (err) {
fs.unlinkSync(filepath);
throw err;
});
});
}
},
/**
* Uses the openssl command to both validate and get info out of the certificate.
* It will save the file to disk first, then run commands on it, then delete the file.
*
* @param {String} certificate_file The file location on disk
* @param {String} certificateFile The file location on disk
* @param {Boolean} [throw_expired] Throw when the certificate is out of date
*/
getCertificateInfoFromFile: (certificate_file, throw_expired) => {
getCertificateInfoFromFile: async (certificateFile, throw_expired) => {
const certData = {};
return utils
.execFile("openssl", ["x509", "-in", certificate_file, "-subject", "-noout"])
.then((result) => {
try {
const result = await utils.execFile("openssl", ["x509", "-in", certificateFile, "-subject", "-noout"])
// Examples:
// subject=CN = *.jc21.com
// subject=CN = something.example.com
@@ -759,32 +664,25 @@ const internalCertificate = {
if (match && typeof match[1] !== "undefined") {
certData.cn = match[1];
}
})
.then(() => {
return utils.execFile("openssl", ["x509", "-in", certificate_file, "-issuer", "-noout"]);
})
.then((result) => {
const result2 = await utils.execFile("openssl", ["x509", "-in", certificateFile, "-issuer", "-noout"]);
// Examples:
// issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
// issuer=C = US, O = Let's Encrypt, CN = E5
// issuer=O = NginxProxyManager, CN = NginxProxyManager Intermediate CA","O = NginxProxyManager, CN = NginxProxyManager Intermediate CA
const regex = /^(?:issuer=)?(.*)$/gim;
const match = regex.exec(result);
if (match && typeof match[1] !== "undefined") {
certData.issuer = match[1];
const regex2 = /^(?:issuer=)?(.*)$/gim;
const match2 = regex2.exec(result2);
if (match2 && typeof match2[1] !== "undefined") {
certData.issuer = match2[1];
}
})
.then(() => {
return utils.execFile("openssl", ["x509", "-in", certificate_file, "-dates", "-noout"]);
})
.then((result) => {
const result3 = await utils.execFile("openssl", ["x509", "-in", certificateFile, "-dates", "-noout"]);
// notBefore=Jul 14 04:04:29 2018 GMT
// notAfter=Oct 12 04:04:29 2018 GMT
let validFrom = null;
let validTo = null;
const lines = result.split("\n");
const lines = result3.split("\n");
lines.map((str) => {
const regex = /^(\S+)=(.*)$/gim;
const match = regex.exec(str.trim());
@@ -815,10 +713,9 @@ const internalCertificate = {
};
return certData;
})
.catch((err) => {
} catch (err) {
throw new error.ValidationError(`Certificate is not valid (${err.message})`, err);
});
}
},
/**
@@ -839,7 +736,6 @@ const internalCertificate = {
}
return true;
});
return meta;
},
@@ -848,7 +744,7 @@ const internalCertificate = {
* @param {Object} certificate the certificate row
* @returns {Promise}
*/
requestLetsEncryptSsl: (certificate) => {
requestLetsEncryptSsl: async (certificate) => {
logger.info(
`Requesting LetsEncrypt certificates for Cert #${certificate.id}: ${certificate.domain_names.join(", ")}`,
);
@@ -879,17 +775,13 @@ const internalCertificate = {
logger.info(`Command: ${certbotCommand} ${args ? args.join(" ") : ""}`);
return utils.execFile(certbotCommand, args, adds.opts).then((result) => {
const result = await utils.execFile(certbotCommand, args, adds.opts);
logger.success(result);
return result;
});
},
/**
* @param {Object} certificate the certificate row
* @param {String} dns_provider the dns provider name (key used in `certbot-dns-plugins.json`)
* @param {String | null} credentials the content of this providers credentials file
* @param {String} propagation_seconds
* @returns {Promise}
*/
requestLetsEncryptSslWithDnsChallenge: async (certificate) => {
@@ -957,52 +849,43 @@ const internalCertificate = {
* @param {Number} data.id
* @returns {Promise}
*/
renew: (access, data) => {
return access
.can("certificates:update", data)
.then(() => {
return internalCertificate.get(access, data);
})
.then((certificate) => {
renew: async (access, data) => {
await access.can("certificates:update", data)
const certificate = await internalCertificate.get(access, data);
if (certificate.provider === "letsencrypt") {
const renewMethod = certificate.meta.dns_challenge
? internalCertificate.renewLetsEncryptSslWithDnsChallenge
: internalCertificate.renewLetsEncryptSsl;
return renewMethod(certificate)
.then(() => {
return internalCertificate.getCertificateInfoFromFile(
await renewMethod(certificate);
const certInfo = await internalCertificate.getCertificateInfoFromFile(
`${internalCertificate.getLiveCertPath(certificate.id)}/fullchain.pem`,
);
})
.then((cert_info) => {
return certificateModel.query().patchAndFetchById(certificate.id, {
expires_on: moment(cert_info.dates.to, "X").format("YYYY-MM-DD HH:mm:ss"),
const updatedCertificate = await certificateModel
.query()
.patchAndFetchById(certificate.id, {
expires_on: moment(certInfo.dates.to, "X").format("YYYY-MM-DD HH:mm:ss"),
});
})
.then((updated_certificate) => {
// Add to audit log
return internalAuditLog
.add(access, {
await internalAuditLog.add(access, {
action: "renewed",
object_type: "certificate",
object_id: updated_certificate.id,
meta: updated_certificate,
})
.then(() => {
return updated_certificate;
object_id: updatedCertificate.id,
meta: updatedCertificate,
});
});
}
} else {
throw new error.ValidationError("Only Let'sEncrypt certificates can be renewed");
});
}
},
/**
* @param {Object} certificate the certificate row
* @returns {Promise}
*/
renewLetsEncryptSsl: (certificate) => {
renewLetsEncryptSsl: async (certificate) => {
logger.info(
`Renewing LetsEncrypt certificates for Cert #${certificate.id}: ${certificate.domain_names.join(", ")}`,
);
@@ -1029,19 +912,17 @@ const internalCertificate = {
logger.info(`Command: ${certbotCommand} ${args ? args.join(" ") : ""}`);
return utils.execFile(certbotCommand, args, adds.opts).then((result) => {
const result = await utils.execFile(certbotCommand, args, adds.opts);
logger.info(result);
return result;
});
},
/**
* @param {Object} certificate the certificate row
* @returns {Promise}
*/
renewLetsEncryptSslWithDnsChallenge: (certificate) => {
renewLetsEncryptSslWithDnsChallenge: async (certificate) => {
const dnsPlugin = dnsPlugins[certificate.meta.dns_provider];
if (!dnsPlugin) {
throw Error(`Unknown DNS provider '${certificate.meta.dns_provider}'`);
}
@@ -1070,18 +951,17 @@ const internalCertificate = {
logger.info(`Command: ${certbotCommand} ${args ? args.join(" ") : ""}`);
return utils.execFile(certbotCommand, args, adds.opts).then(async (result) => {
const result = await utils.execFile(certbotCommand, args, adds.opts);
logger.info(result);
return result;
});
},
/**
* @param {Object} certificate the certificate row
* @param {Boolean} [throw_errors]
* @param {Boolean} [throwErrors]
* @returns {Promise}
*/
revokeLetsEncryptSsl: (certificate, throw_errors) => {
revokeLetsEncryptSsl: async (certificate, throwErrors) => {
logger.info(
`Revoking LetsEncrypt certificates for Cert #${certificate.id}: ${certificate.domain_names.join(", ")}`,
);
@@ -1104,20 +984,17 @@ const internalCertificate = {
logger.info(`Command: ${certbotCommand} ${args ? args.join(" ") : ""}`);
return utils
.execFile(certbotCommand, args, adds.opts)
.then(async (result) => {
try {
const result = await utils.execFile(certbotCommand, args, adds.opts);
await utils.exec(`rm -f '/etc/letsencrypt/credentials/credentials-${certificate.id}' || true`);
logger.info(result);
return result;
})
.catch((err) => {
} catch (err) {
logger.error(err.message);
if (throw_errors) {
if (throwErrors) {
throw err;
}
});
}
},
/**
@@ -1130,59 +1007,51 @@ const internalCertificate = {
},
/**
* @param {Object} in_use_result
* @param {Number} in_use_result.total_count
* @param {Array} in_use_result.proxy_hosts
* @param {Array} in_use_result.redirection_hosts
* @param {Array} in_use_result.dead_hosts
* @param {Object} inUseResult
* @param {Number} inUseResult.total_count
* @param {Array} inUseResult.proxy_hosts
* @param {Array} inUseResult.redirection_hosts
* @param {Array} inUseResult.dead_hosts
* @returns {Promise}
*/
disableInUseHosts: (in_use_result) => {
if (in_use_result.total_count) {
const promises = [];
if (in_use_result.proxy_hosts.length) {
promises.push(internalNginx.bulkDeleteConfigs("proxy_host", in_use_result.proxy_hosts));
disableInUseHosts: async (inUseResult) => {
if (inUseResult?.total_count) {
if (inUseResult?.proxy_hosts.length) {
await internalNginx.bulkDeleteConfigs("proxy_host", inUseResult.proxy_hosts);
}
if (in_use_result.redirection_hosts.length) {
promises.push(internalNginx.bulkDeleteConfigs("redirection_host", in_use_result.redirection_hosts));
if (inUseResult?.redirection_hosts.length) {
await internalNginx.bulkDeleteConfigs("redirection_host", inUseResult.redirection_hosts);
}
if (in_use_result.dead_hosts.length) {
promises.push(internalNginx.bulkDeleteConfigs("dead_host", in_use_result.dead_hosts));
if (inUseResult?.dead_hosts.length) {
await internalNginx.bulkDeleteConfigs("dead_host", inUseResult.dead_hosts);
}
return Promise.all(promises);
}
return Promise.resolve();
},
/**
* @param {Object} in_use_result
* @param {Number} in_use_result.total_count
* @param {Array} in_use_result.proxy_hosts
* @param {Array} in_use_result.redirection_hosts
* @param {Array} in_use_result.dead_hosts
* @param {Object} inUseResult
* @param {Number} inUseResult.total_count
* @param {Array} inUseResult.proxy_hosts
* @param {Array} inUseResult.redirection_hosts
* @param {Array} inUseResult.dead_hosts
* @returns {Promise}
*/
enableInUseHosts: (in_use_result) => {
if (in_use_result.total_count) {
const promises = [];
if (in_use_result.proxy_hosts.length) {
promises.push(internalNginx.bulkGenerateConfigs("proxy_host", in_use_result.proxy_hosts));
enableInUseHosts: async (inUseResult) => {
if (inUseResult.total_count) {
if (inUseResult.proxy_hosts.length) {
await internalNginx.bulkGenerateConfigs("proxy_host", inUseResult.proxy_hosts);
}
if (in_use_result.redirection_hosts.length) {
promises.push(internalNginx.bulkGenerateConfigs("redirection_host", in_use_result.redirection_hosts));
if (inUseResult.redirection_hosts.length) {
await internalNginx.bulkGenerateConfigs("redirection_host", inUseResult.redirection_hosts);
}
if (in_use_result.dead_hosts.length) {
promises.push(internalNginx.bulkGenerateConfigs("dead_host", in_use_result.dead_hosts));
if (inUseResult.dead_hosts.length) {
await internalNginx.bulkGenerateConfigs("dead_host", inUseResult.dead_hosts);
}
return Promise.all(promises);
}
return Promise.resolve();
},
testHttpsChallenge: async (access, domains) => {
@@ -1293,9 +1162,7 @@ const internalCertificate = {
return "no-host";
}
// Other errors
logger.info(
`HTTP challenge test failed for domain ${domain} because code ${result.responsecode} was returned`,
);
logger.info(`HTTP challenge test failed for domain ${domain} because code ${result.responsecode} was returned`);
return `other:${result.responsecode}`;
}
@@ -1335,9 +1202,9 @@ const internalCertificate = {
return { args: args, opts: opts };
},
getLiveCertPath: (certificate_id) => {
return `/etc/letsencrypt/live/npm-${certificate_id}`;
},
getLiveCertPath: (certificateId) => {
return `/etc/letsencrypt/live/npm-${certificateId}`;
}
};
export default internalCertificate;

288
backend/internal/dead-host.js
View File

@@ -18,25 +18,24 @@ const internalDeadHost = {
* @param {Object} data
* @returns {Promise}
*/
create: (access, data) => {
create: async (access, data) => {
const createCertificate = data.certificate_id === "new";
if (createCertificate) {
delete data.certificate_id;
}
return access
.can("dead_hosts:create", data)
.then((/*access_data*/) => {
await access.can("dead_hosts:create", data);
// Get a list of the domain names and check each of them against existing records
const domain_name_check_promises = [];
const domainNameCheckPromises = [];
data.domain_names.map((domain_name) => {
domain_name_check_promises.push(internalHost.isHostnameTaken(domain_name));
domainNameCheckPromises.push(internalHost.isHostnameTaken(domain_name));
return true;
});
return Promise.all(domain_name_check_promises).then((check_results) => {
await Promise.all(domainNameCheckPromises).then((check_results) => {
check_results.map((result) => {
if (result.is_taken) {
throw new errs.ValidationError(`${result.hostname} is already in use`);
@@ -44,8 +43,7 @@ const internalDeadHost = {
return true;
});
});
})
.then(() => {
// At this point the domains should have been checked
data.owner_user_id = access.token.getUserId(1);
const thisData = internalHost.cleanSslHstsData(data);
@@ -56,53 +54,36 @@ const internalDeadHost = {
thisData.advanced_config = "";
}
return deadHostModel.query().insertAndFetch(thisData).then(utils.omitRow(omissions()));
})
.then((row) => {
const row = await deadHostModel.query().insertAndFetch(thisData).then(utils.omitRow(omissions()));
if (createCertificate) {
return internalCertificate
.createQuickCertificate(access, data)
.then((cert) => {
const cert = await internalCertificate.createQuickCertificate(access, data);
// update host with cert id
return internalDeadHost.update(access, {
await internalDeadHost.update(access, {
id: row.id,
certificate_id: cert.id,
});
})
.then(() => {
return row;
});
}
return row;
})
.then((row) => {
// re-fetch with cert
return internalDeadHost.get(access, {
const freshRow = await internalDeadHost.get(access, {
id: row.id,
expand: ["certificate", "owner"],
});
})
.then((row) => {
// Configure nginx
return internalNginx.configure(deadHostModel, "dead_host", row).then(() => {
return row;
});
})
.then((row) => {
data.meta = _.assign({}, data.meta || {}, row.meta);
await internalNginx.configure(deadHostModel, "dead_host", freshRow);
data.meta = _.assign({}, data.meta || {}, freshRow.meta);
// Add to audit log
return internalAuditLog
.add(access, {
await internalAuditLog.add(access, {
action: "created",
object_type: "dead-host",
object_id: row.id,
object_id: freshRow.id,
meta: data,
})
.then(() => {
return row;
});
});
return freshRow;
},
/**
@@ -111,66 +92,52 @@ const internalDeadHost = {
* @param {Number} data.id
* @return {Promise}
*/
update: (access, data) => {
let thisData = data;
const createCertificate = thisData.certificate_id === "new";
update: async (access, data) => {
const createCertificate = data.certificate_id === "new";
if (createCertificate) {
delete thisData.certificate_id;
delete data.certificate_id;
}
return access
.can("dead_hosts:update", thisData.id)
.then((/*access_data*/) => {
// Get a list of the domain names and check each of them against existing records
const domain_name_check_promises = [];
await access.can("dead_hosts:update", data.id);
if (typeof thisData.domain_names !== "undefined") {
thisData.domain_names.map((domain_name) => {
domain_name_check_promises.push(internalHost.isHostnameTaken(domain_name, "dead", data.id));
// Get a list of the domain names and check each of them against existing records
const domainNameCheckPromises = [];
if (typeof data.domain_names !== "undefined") {
data.domain_names.map((domainName) => {
domainNameCheckPromises.push(internalHost.isHostnameTaken(domainName, "dead", data.id));
return true;
});
return Promise.all(domain_name_check_promises).then((check_results) => {
check_results.map((result) => {
const checkResults = await Promise.all(domainNameCheckPromises);
checkResults.map((result) => {
if (result.is_taken) {
throw new errs.ValidationError(`${result.hostname} is already in use`);
}
return true;
});
});
}
})
.then(() => {
return internalDeadHost.get(access, { id: thisData.id });
})
.then((row) => {
if (row.id !== thisData.id) {
const row = await internalDeadHost.get(access, { id: data.id });
if (row.id !== data.id) {
// Sanity check that something crazy hasn't happened
throw new errs.InternalValidationError(
`404 Host could not be updated, IDs do not match: ${row.id} !== ${thisData.id}`,
`404 Host could not be updated, IDs do not match: ${row.id} !== ${data.id}`,
);
}
if (createCertificate) {
return internalCertificate
.createQuickCertificate(access, {
domain_names: thisData.domain_names || row.domain_names,
meta: _.assign({}, row.meta, thisData.meta),
})
.then((cert) => {
// update host with cert id
thisData.certificate_id = cert.id;
})
.then(() => {
return row;
const cert = await internalCertificate.createQuickCertificate(access, {
domain_names: data.domain_names || row.domain_names,
meta: _.assign({}, row.meta, data.meta),
});
// update host with cert id
data.certificate_id = cert.id;
}
return row;
})
.then((row) => {
// Add domain_names to the data in case it isn't there, so that the audit log renders correctly. The order is important here.
thisData = _.assign(
let thisData = _.assign(
{},
{
domain_names: row.domain_names,
@@ -180,38 +147,24 @@ const internalDeadHost = {
thisData = internalHost.cleanSslHstsData(thisData, row);
return deadHostModel
.query()
.where({ id: thisData.id })
.patch(thisData)
.then((saved_row) => {
// Add to audit log
return internalAuditLog
.add(access, {
await internalAuditLog.add(access, {
action: "updated",
object_type: "dead-host",
object_id: row.id,
meta: thisData,
})
.then(() => {
return _.omit(saved_row, omissions());
});
});
})
.then(() => {
return internalDeadHost
const thisRow = await internalDeadHost
.get(access, {
id: thisData.id,
expand: ["owner", "certificate"],
})
.then((row) => {
});
// Configure nginx
return internalNginx.configure(deadHostModel, "dead_host", row).then((new_meta) => {
row.meta = new_meta;
return _.omit(internalHost.cleanRowCertificateMeta(row), omissions());
});
});
});
const newMeta = await internalNginx.configure(deadHostModel, "dead_host", row);
row.meta = newMeta;
return _.omit(internalHost.cleanRowCertificateMeta(thisRow), omissions());
},
/**
@@ -222,39 +175,32 @@ const internalDeadHost = {
* @param {Array} [data.omit]
* @return {Promise}
*/
get: (access, data) => {
const thisData = data || {};
return access
.can("dead_hosts:get", thisData.id)
.then((access_data) => {
get: async (access, data) => {
const accessData = await access.can("dead_hosts:get", data.id);
const query = deadHostModel
.query()
.where("is_deleted", 0)
.andWhere("id", dthisDataata.id)
.andWhere("id", data.id)
.allowGraph("[owner,certificate]")
.first();
if (access_data.permission_visibility !== "all") {
if (accessData.permission_visibility !== "all") {
query.andWhere("owner_user_id", access.token.getUserId(1));
}
if (typeof thisData.expand !== "undefined" && thisData.expand !== null) {
if (typeof data.expand !== "undefined" && data.expand !== null) {
query.withGraphFetched(`[${data.expand.join(", ")}]`);
}
return query.then(utils.omitRow(omissions()));
})
.then((row) => {
const row = await query.then(utils.omitRow(omissions()));
if (!row || !row.id) {
throw new errs.ItemNotFoundError(thisData.id);
throw new errs.ItemNotFoundError(data.id);
}
// Custom omissions
if (typeof thisData.omit !== "undefined" && thisData.omit !== null) {
return _.omit(row, thisData.omit);
if (typeof data.omit !== "undefined" && data.omit !== null) {
return _.omit(row, data.omit);
}
return row;
});
},
/**
@@ -264,42 +210,30 @@ const internalDeadHost = {
* @param {String} [data.reason]
* @returns {Promise}
*/
delete: (access, data) => {
return access
.can("dead_hosts:delete", data.id)
.then(() => {
return internalDeadHost.get(access, { id: data.id });
})
.then((row) => {
delete: async (access, data) => {
await access.can("dead_hosts:delete", data.id)
const row = await internalDeadHost.get(access, { id: data.id });
if (!row || !row.id) {
throw new errs.ItemNotFoundError(data.id);
}
return deadHostModel
await deadHostModel
.query()
.where("id", row.id)
.patch({
is_deleted: 1,
})
.then(() => {
// Delete Nginx Config
return internalNginx.deleteConfig("dead_host", row).then(() => {
return internalNginx.reload();
});
})
.then(() => {
// Delete Nginx Config
await internalNginx.deleteConfig("dead_host", row);
await internalNginx.reload();
// Add to audit log
return internalAuditLog.add(access, {
await internalAuditLog.add(access, {
action: "deleted",
object_type: "dead-host",
object_id: row.id,
meta: _.omit(row, omissions()),
});
});
})
.then(() => {
return true;
});
},
/**
@@ -309,16 +243,12 @@ const internalDeadHost = {
* @param {String} [data.reason]
* @returns {Promise}
*/
enable: (access, data) => {
return access
.can("dead_hosts:update", data.id)
.then(() => {
return internalDeadHost.get(access, {
enable: async (access, data) => {
await access.can("dead_hosts:update", data.id)
const row = await internalDeadHost.get(access, {
id: data.id,
expand: ["certificate", "owner"],
});
})
.then((row) => {
if (!row || !row.id) {
throw new errs.ItemNotFoundError(data.id);
}
@@ -328,29 +258,24 @@ const internalDeadHost = {
row.enabled = 1;
return deadHostModel
await deadHostModel
.query()
.where("id", row.id)
.patch({
enabled: 1,
})
.then(() => {
});
// Configure nginx
return internalNginx.configure(deadHostModel, "dead_host", row);
})
.then(() => {
await internalNginx.configure(deadHostModel, "dead_host", row);
// Add to audit log
return internalAuditLog.add(access, {
await internalAuditLog.add(access, {
action: "enabled",
object_type: "dead-host",
object_id: row.id,
meta: _.omit(row, omissions()),
});
});
})
.then(() => {
return true;
});
},
/**
@@ -360,13 +285,9 @@ const internalDeadHost = {
* @param {String} [data.reason]
* @returns {Promise}
*/
disable: (access, data) => {
return access
.can("dead_hosts:update", data.id)
.then(() => {
return internalDeadHost.get(access, { id: data.id });
})
.then((row) => {
disable: async (access, data) => {
await access.can("dead_hosts:update", data.id)
const row = await internalDeadHost.get(access, { id: data.id });
if (!row || !row.id) {
throw new errs.ItemNotFoundError(data.id);
}
@@ -376,31 +297,25 @@ const internalDeadHost = {
row.enabled = 0;
return deadHostModel
await deadHostModel
.query()
.where("id", row.id)
.patch({
enabled: 0,
})
.then(() => {
// Delete Nginx Config
return internalNginx.deleteConfig("dead_host", row).then(() => {
return internalNginx.reload();
});
})
.then(() => {
// Delete Nginx Config
await internalNginx.deleteConfig("dead_host", row);
await internalNginx.reload();
// Add to audit log
return internalAuditLog.add(access, {
await internalAuditLog.add(access, {
action: "disabled",
object_type: "dead-host",
object_id: row.id,
meta: _.omit(row, omissions()),
});
});
})
.then(() => {
return true;
});
},
/**
@@ -408,13 +323,11 @@ const internalDeadHost = {
*
* @param {Access} access
* @param {Array} [expand]
* @param {String} [search_query]
* @param {String} [searchQuery]
* @returns {Promise}
*/
getAll: (access, expand, search_query) => {
return access
.can("dead_hosts:list")
.then((access_data) => {
getAll: async (access, expand, searchQuery) => {
const accessData = await access.can("dead_hosts:list")
const query = deadHostModel
.query()
.where("is_deleted", 0)
@@ -422,14 +335,14 @@ const internalDeadHost = {
.allowGraph("[owner,certificate]")
.orderBy(castJsonIfNeed("domain_names"), "ASC");
if (access_data.permission_visibility !== "all") {
if (accessData.permission_visibility !== "all") {
query.andWhere("owner_user_id", access.token.getUserId(1));
}
// Query is used for searching
if (typeof search_query === "string" && search_query.length > 0) {
if (typeof searchQuery === "string" && searchQuery.length > 0) {
query.where(function () {
this.where(castJsonIfNeed("domain_names"), "like", `%${search_query}%`);
this.where(castJsonIfNeed("domain_names"), "like", `%${searchQuery}%`);
});
}
@@ -437,15 +350,11 @@ const internalDeadHost = {
query.withGraphFetched(`[${expand.join(", ")}]`);
}
return query.then(utils.omitRows(omissions()));
})
.then((rows) => {
const rows = await query.then(utils.omitRows(omissions()));
if (typeof expand !== "undefined" && expand !== null && expand.indexOf("certificate") !== -1) {
return internalHost.cleanAllRowsCertificateMeta(rows);
internalHost.cleanAllRowsCertificateMeta(rows);
}
return rows;
});
},
/**
@@ -455,16 +364,15 @@ const internalDeadHost = {
* @param {String} visibility
* @returns {Promise}
*/
getCount: (user_id, visibility) => {
getCount: async (user_id, visibility) => {
const query = deadHostModel.query().count("id as count").where("is_deleted", 0);
if (visibility !== "all") {
query.andWhere("owner_user_id", user_id);
}
return query.first().then((row) => {
const row = await query.first();
return Number.parseInt(row.count, 10);
});
},
};

45
backend/internal/host.js
View File

@@ -65,50 +65,33 @@ const internalHost = {
},
/**
* This returns all the host types with any domain listed in the provided domain_names array.
* This returns all the host types with any domain listed in the provided domainNames array.
* This is used by the certificates to temporarily disable any host that is using the domain
*
* @param {Array} domain_names
* @param {Array} domainNames
* @returns {Promise}
*/
getHostsWithDomains: (domain_names) => {
const promises = [
proxyHostModel.query().where("is_deleted", 0),
redirectionHostModel.query().where("is_deleted", 0),
deadHostModel.query().where("is_deleted", 0),
];
return Promise.all(promises).then((promises_results) => {
const response_object = {
getHostsWithDomains: async (domainNames) => {
const responseObject = {
total_count: 0,
dead_hosts: [],
proxy_hosts: [],
redirection_hosts: [],
};
if (promises_results[0]) {
// Proxy Hosts
response_object.proxy_hosts = internalHost._getHostsWithDomains(promises_results[0], domain_names);
response_object.total_count += response_object.proxy_hosts.length;
}
const proxyRes = await proxyHostModel.query().where("is_deleted", 0);
responseObject.proxy_hosts = internalHost._getHostsWithDomains(proxyRes, domainNames);
responseObject.total_count += responseObject.proxy_hosts.length;
if (promises_results[1]) {
// Redirection Hosts
response_object.redirection_hosts = internalHost._getHostsWithDomains(
promises_results[1],
domain_names,
);
response_object.total_count += response_object.redirection_hosts.length;
}
const redirRes = await redirectionHostModel.query().where("is_deleted", 0);
responseObject.redirection_hosts = internalHost._getHostsWithDomains(redirRes, domainNames);
responseObject.total_count += responseObject.redirection_hosts.length;
if (promises_results[2]) {
// Dead Hosts
response_object.dead_hosts = internalHost._getHostsWithDomains(promises_results[2], domain_names);
response_object.total_count += response_object.dead_hosts.length;
}
const deadRes = await deadHostModel.query().where("is_deleted", 0);
responseObject.dead_hosts = internalHost._getHostsWithDomains(deadRes, domainNames);
responseObject.total_count += responseObject.dead_hosts.length;
return response_object;
});
return responseObject;
},
/**