From 5b7013b8d5a9d3783a738425937f60c91606a514 Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Sun, 26 Oct 2025 00:28:03 +1000 Subject: [PATCH] Moved certrbot plugin list to backend frontend doesn't include when building in react version adds swagger for existing dns-providers endpoint --- .gitignore | 1 + {global => backend/certbot}/README.md | 2 +- .../certbot/dns-plugins.json | 0 backend/internal/certificate.js | 545 +++++++++++------- backend/lib/certbot.js | 4 +- backend/lib/validator/api.js | 7 +- backend/routes/nginx/certificates.js | 46 +- backend/routes/nginx/proxy_hosts.js | 2 +- .../schema/components/dns-providers-list.json | 23 + .../nginx/certificates/dns-providers/get.json | 52 ++ .../test-http/{get.json => post.json} | 26 +- backend/schema/swagger.json | 9 +- backend/scripts/install-certbot-plugins | 21 +- docker/Dockerfile | 1 - docker/docker-compose.dev.yml | 112 ++-- .../etc/s6-overlay/s6-rc.d/frontend/run | 6 +- scripts/ci/frontend-build | 1 - scripts/ci/test-and-build | 1 - 18 files changed, 553 insertions(+), 306 deletions(-) rename {global => backend/certbot}/README.md (97%) rename global/certbot-dns-plugins.json => backend/certbot/dns-plugins.json (100%) create mode 100644 backend/schema/components/dns-providers-list.json create mode 100644 backend/schema/paths/nginx/certificates/dns-providers/get.json rename backend/schema/paths/nginx/certificates/test-http/{get.json => post.json} (59%) diff --git a/.gitignore b/.gitignore index fbb8167e..5bf37c0d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,6 @@ .DS_Store .idea +.qodo ._* .vscode certbot-help.txt diff --git a/global/README.md b/backend/certbot/README.md similarity index 97% rename from global/README.md rename to backend/certbot/README.md index 83e6c8c5..3c456462 100644 --- a/global/README.md +++ b/backend/certbot/README.md @@ -1,4 +1,4 @@ -# certbot-dns-plugins +# Certbot dns-plugins This file contains info about available Certbot DNS plugins. This only works for plugins which use the standard argument structure, so: diff --git a/global/certbot-dns-plugins.json b/backend/certbot/dns-plugins.json similarity index 100% rename from global/certbot-dns-plugins.json rename to backend/certbot/dns-plugins.json diff --git a/backend/internal/certificate.js b/backend/internal/certificate.js index 00614cf0..786b1414 100644 --- a/backend/internal/certificate.js +++ b/backend/internal/certificate.js @@ -1,11 +1,11 @@ import fs from "node:fs"; import https from "node:https"; -import path from "path"; import archiver from "archiver"; import _ from "lodash"; import moment from "moment"; +import path from "path"; import tempWrite from "temp-write"; -import dnsPlugins from "../global/certbot-dns-plugins.json" with { type: "json" }; +import dnsPlugins from "../certbot/dns-plugins.json" with { type: "json" }; import { installPlugin } from "../lib/certbot.js"; import { useLetsencryptServer, useLetsencryptStaging } from "../lib/config.js"; import error from "../lib/error.js"; @@ -26,7 +26,11 @@ const omissions = () => { }; const internalCertificate = { - allowedSslFiles: ["certificate", "certificate_key", "intermediate_certificate"], + allowedSslFiles: [ + "certificate", + "certificate_key", + "intermediate_certificate", + ], intervalTimeout: 1000 * 60 * 60, // 1 hour interval: null, intervalProcessing: false, @@ -53,7 +57,10 @@ const internalCertificate = { ); const expirationThreshold = moment() - .add(internalCertificate.renewBeforeExpirationBy[0], internalCertificate.renewBeforeExpirationBy[1]) + .add( + internalCertificate.renewBeforeExpirationBy[0], + internalCertificate.renewBeforeExpirationBy[1], + ) .format("YYYY-MM-DD HH:mm:ss"); // Fetch all the letsencrypt certs from the db that will expire within the configured threshold @@ -119,91 +126,115 @@ const internalCertificate = { data.nice_name = data.domain_names.join(", "); } - const certificate = await certificateModel.query().insertAndFetch(data).then(utils.omitRow(omissions())); + // this command really should clean up and delete the cert if it can't fully succeed + const certificate = await certificateModel + .query() + .insertAndFetch(data) + .then(utils.omitRow(omissions())); - if (certificate.provider === "letsencrypt") { - // Request a new Cert from LE. Let the fun begin. + try { + if (certificate.provider === "letsencrypt") { + // Request a new Cert from LE. Let the fun begin. - // 1. Find out any hosts that are using any of the hostnames in this cert - // 2. Disable them in nginx temporarily - // 3. Generate the LE config - // 4. Request cert - // 5. Remove LE config - // 6. Re-instate previously disabled hosts - - // 1. Find out any hosts that are using any of the hostnames in this cert - const inUseResult = await internalHost.getHostsWithDomains(certificate.domain_names); - - // 2. Disable them in nginx temporarily - await internalCertificate.disableInUseHosts(inUseResult); - - const user = await userModel.query().where("is_deleted", 0).andWhere("id", data.owner_user_id).first(); - if (!user || !user.email) { - throw new error.ValidationError( - "A valid email address must be set on your user account to use Let's Encrypt", - ); - } - - // With DNS challenge no config is needed, so skip 3 and 5. - if (certificate.meta?.dns_challenge) { - try { - await internalNginx.reload(); - // 4. Request cert - await internalCertificate.requestLetsEncryptSslWithDnsChallenge(certificate, user.email); - await internalNginx.reload(); - // 6. Re-instate previously disabled hosts - await internalCertificate.enableInUseHosts(inUseResult); - } catch (err) { - // In the event of failure, revert things and throw err back - await internalCertificate.enableInUseHosts(inUseResult); - await internalNginx.reload(); - throw err; - } - } else { + // 1. Find out any hosts that are using any of the hostnames in this cert + // 2. Disable them in nginx temporarily // 3. Generate the LE config + // 4. Request cert + // 5. Remove LE config + // 6. Re-instate previously disabled hosts + + // 1. Find out any hosts that are using any of the hostnames in this cert + const inUseResult = await internalHost.getHostsWithDomains( + certificate.domain_names, + ); + + // 2. Disable them in nginx temporarily + await internalCertificate.disableInUseHosts(inUseResult); + + const user = await userModel + .query() + .where("is_deleted", 0) + .andWhere("id", data.owner_user_id) + .first(); + if (!user || !user.email) { + throw new error.ValidationError( + "A valid email address must be set on your user account to use Let's Encrypt", + ); + } + + // With DNS challenge no config is needed, so skip 3 and 5. + if (certificate.meta?.dns_challenge) { + try { + await internalNginx.reload(); + // 4. Request cert + await internalCertificate.requestLetsEncryptSslWithDnsChallenge( + certificate, + user.email, + ); + await internalNginx.reload(); + // 6. Re-instate previously disabled hosts + await internalCertificate.enableInUseHosts(inUseResult); + } catch (err) { + // In the event of failure, revert things and throw err back + await internalCertificate.enableInUseHosts(inUseResult); + await internalNginx.reload(); + throw err; + } + } else { + // 3. Generate the LE config + try { + await internalNginx.generateLetsEncryptRequestConfig(certificate); + await internalNginx.reload(); + setTimeout(() => {}, 5000); + // 4. Request cert + await internalCertificate.requestLetsEncryptSsl( + certificate, + user.email, + ); + // 5. Remove LE config + await internalNginx.deleteLetsEncryptRequestConfig(certificate); + await internalNginx.reload(); + // 6. Re-instate previously disabled hosts + await internalCertificate.enableInUseHosts(inUseResult); + } catch (err) { + // In the event of failure, revert things and throw err back + await internalNginx.deleteLetsEncryptRequestConfig(certificate); + await internalCertificate.enableInUseHosts(inUseResult); + await internalNginx.reload(); + throw err; + } + } + + // At this point, the letsencrypt cert should exist on disk. + // Lets get the expiry date from the file and update the row silently try { - await internalNginx.generateLetsEncryptRequestConfig(certificate); - await internalNginx.reload(); - setTimeout(() => {}, 5000); - // 4. Request cert - await internalCertificate.requestLetsEncryptSsl(certificate, user.email); - // 5. Remove LE config - await internalNginx.deleteLetsEncryptRequestConfig(certificate); - await internalNginx.reload(); - // 6. Re-instate previously disabled hosts - await internalCertificate.enableInUseHosts(inUseResult); + const certInfo = await internalCertificate.getCertificateInfoFromFile( + `${internalCertificate.getLiveCertPath(certificate.id)}/fullchain.pem`, + ); + const savedRow = await certificateModel + .query() + .patchAndFetchById(certificate.id, { + expires_on: moment(certInfo.dates.to, "X").format( + "YYYY-MM-DD HH:mm:ss", + ), + }) + .then(utils.omitRow(omissions())); + + // Add cert data for audit log + savedRow.meta = _.assign({}, savedRow.meta, { + letsencrypt_certificate: certInfo, + }); + return savedRow; } catch (err) { - // In the event of failure, revert things and throw err back - await internalNginx.deleteLetsEncryptRequestConfig(certificate); - await internalCertificate.enableInUseHosts(inUseResult); - await internalNginx.reload(); + // Delete the certificate from the database if it was not created successfully + await certificateModel.query().deleteById(certificate.id); throw err; } } - - // At this point, the letsencrypt cert should exist on disk. - // Lets get the expiry date from the file and update the row silently - try { - const certInfo = await internalCertificate.getCertificateInfoFromFile( - `${internalCertificate.getLiveCertPath(certificate.id)}/fullchain.pem`, - ); - const savedRow = await certificateModel - .query() - .patchAndFetchById(certificate.id, { - expires_on: moment(certInfo.dates.to, "X").format("YYYY-MM-DD HH:mm:ss"), - }) - .then(utils.omitRow(omissions())); - - // Add cert data for audit log - savedRow.meta = _.assign({}, savedRow.meta, { - letsencrypt_certificate: certInfo, - }); - return savedRow; - } catch (err) { - // Delete the certificate from the database if it was not created successfully - await certificateModel.query().deleteById(certificate.id); - throw err; - } + } catch (err) { + // Delete the certificate here. This is a hard delete, since it never existed properly + await certificateModel.query().deleteById(certificate.id); + throw err; } data.meta = _.assign({}, data.meta || {}, certificate.meta); @@ -313,7 +344,9 @@ const internalCertificate = { if (certificate.provider === "letsencrypt") { const zipDirectory = internalCertificate.getLiveCertPath(data.id); if (!fs.existsSync(zipDirectory)) { - throw new error.ItemNotFoundError(`Certificate ${certificate.nice_name} does not exists`); + throw new error.ItemNotFoundError( + `Certificate ${certificate.nice_name} does not exists`, + ); } const certFiles = fs @@ -330,7 +363,9 @@ const internalCertificate = { fileName: opName, }; } - throw new error.ValidationError("Only Let'sEncrypt certificates can be downloaded"); + throw new error.ValidationError( + "Only Let'sEncrypt certificates can be downloaded", + ); }, /** @@ -435,7 +470,10 @@ const internalCertificate = { * @returns {Promise} */ getCount: async (userId, visibility) => { - const query = certificateModel.query().count("id as count").where("is_deleted", 0); + const query = certificateModel + .query() + .count("id as count") + .where("is_deleted", 0); if (visibility !== "all") { query.andWhere("owner_user_id", userId); @@ -483,13 +521,17 @@ const internalCertificate = { }); }).then(() => { return new Promise((resolve, reject) => { - fs.writeFile(`${dir}/privkey.pem`, certificate.meta.certificate_key, (err) => { - if (err) { - reject(err); - } else { - resolve(); - } - }); + fs.writeFile( + `${dir}/privkey.pem`, + certificate.meta.certificate_key, + (err) => { + if (err) { + reject(err); + } else { + resolve(); + } + }, + ); }); }); }, @@ -562,7 +604,9 @@ const internalCertificate = { upload: async (access, data) => { const row = await internalCertificate.get(access, { id: data.id }); if (row.provider !== "other") { - throw new error.ValidationError("Cannot upload certificates for this type of provider"); + throw new error.ValidationError( + "Cannot upload certificates for this type of provider", + ); } const validations = await internalCertificate.validate(data); @@ -578,7 +622,9 @@ const internalCertificate = { const certificate = await internalCertificate.update(access, { id: data.id, - expires_on: moment(validations.certificate.dates.to, "X").format("YYYY-MM-DD HH:mm:ss"), + expires_on: moment(validations.certificate.dates.to, "X").format( + "YYYY-MM-DD HH:mm:ss", + ), domain_names: [validations.certificate.cn], meta: _.clone(row.meta), // Prevent the update method from changing this value that we'll use later }); @@ -603,7 +649,9 @@ const internalCertificate = { }, 10000); try { - const result = await utils.exec(`openssl pkey -in ${filepath} -check -noout 2>&1 `); + const result = await utils.exec( + `openssl pkey -in ${filepath} -check -noout 2>&1 `, + ); clearTimeout(failTimeout); if (!result.toLowerCase().includes("key is valid")) { throw new error.ValidationError(`Result Validation Error: ${result}`); @@ -613,7 +661,10 @@ const internalCertificate = { } catch (err) { clearTimeout(failTimeout); fs.unlinkSync(filepath); - throw new error.ValidationError(`Certificate Key is not valid (${err.message})`, err); + throw new error.ValidationError( + `Certificate Key is not valid (${err.message})`, + err, + ); } }, @@ -627,7 +678,10 @@ const internalCertificate = { getCertificateInfo: async (certificate, throwExpired) => { try { const filepath = await tempWrite(certificate, "/tmp"); - const certData = await internalCertificate.getCertificateInfoFromFile(filepath, throwExpired); + const certData = await internalCertificate.getCertificateInfoFromFile( + filepath, + throwExpired, + ); fs.unlinkSync(filepath); return certData; } catch (err) { @@ -647,7 +701,13 @@ const internalCertificate = { const certData = {}; try { - const result = await utils.execFile("openssl", ["x509", "-in", certificateFile, "-subject", "-noout"]); + const result = await utils.execFile("openssl", [ + "x509", + "-in", + certificateFile, + "-subject", + "-noout", + ]); // Examples: // subject=CN = *.jc21.com // subject=CN = something.example.com @@ -657,7 +717,13 @@ const internalCertificate = { certData.cn = match[1]; } - const result2 = await utils.execFile("openssl", ["x509", "-in", certificateFile, "-issuer", "-noout"]); + const result2 = await utils.execFile("openssl", [ + "x509", + "-in", + certificateFile, + "-issuer", + "-noout", + ]); // Examples: // issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 // issuer=C = US, O = Let's Encrypt, CN = E5 @@ -668,7 +734,13 @@ const internalCertificate = { certData.issuer = match2[1]; } - const result3 = await utils.execFile("openssl", ["x509", "-in", certificateFile, "-dates", "-noout"]); + const result3 = await utils.execFile("openssl", [ + "x509", + "-in", + certificateFile, + "-dates", + "-noout", + ]); // notBefore=Jul 14 04:04:29 2018 GMT // notAfter=Oct 12 04:04:29 2018 GMT let validFrom = null; @@ -680,7 +752,10 @@ const internalCertificate = { const match = regex.exec(str.trim()); if (match && typeof match[2] !== "undefined") { - const date = Number.parseInt(moment(match[2], "MMM DD HH:mm:ss YYYY z").format("X"), 10); + const date = Number.parseInt( + moment(match[2], "MMM DD HH:mm:ss YYYY z").format("X"), + 10, + ); if (match[1].toLowerCase() === "notbefore") { validFrom = date; @@ -692,10 +767,15 @@ const internalCertificate = { }); if (!validFrom || !validTo) { - throw new error.ValidationError(`Could not determine dates from certificate: ${result}`); + throw new error.ValidationError( + `Could not determine dates from certificate: ${result}`, + ); } - if (throw_expired && validTo < Number.parseInt(moment().format("X"), 10)) { + if ( + throw_expired && + validTo < Number.parseInt(moment().format("X"), 10) + ) { throw new error.ValidationError("Certificate has expired"); } @@ -706,7 +786,10 @@ const internalCertificate = { return certData; } catch (err) { - throw new error.ValidationError(`Certificate is not valid (${err.message})`, err); + throw new error.ValidationError( + `Certificate is not valid (${err.message})`, + err, + ); } }, @@ -787,7 +870,11 @@ const internalCertificate = { const credentialsLocation = `/etc/letsencrypt/credentials/credentials-${certificate.id}`; fs.mkdirSync("/etc/letsencrypt/credentials", { recursive: true }); - fs.writeFileSync(credentialsLocation, certificate.meta.dns_provider_credentials, { mode: 0o600 }); + fs.writeFileSync( + credentialsLocation, + certificate.meta.dns_provider_credentials, + { mode: 0o600 }, + ); // Whether the plugin has a ---credentials argument const hasConfigArg = certificate.meta.dns_provider !== "route53"; @@ -812,7 +899,10 @@ const internalCertificate = { ]; if (hasConfigArg) { - args.push(`--${dnsPlugin.full_plugin_name}-credentials`, credentialsLocation); + args.push( + `--${dnsPlugin.full_plugin_name}-credentials`, + credentialsLocation, + ); } if (certificate.meta.propagation_seconds !== undefined) { args.push( @@ -821,7 +911,10 @@ const internalCertificate = { ); } - const adds = internalCertificate.getAdditionalCertbotArgs(certificate.id, certificate.meta.dns_provider); + const adds = internalCertificate.getAdditionalCertbotArgs( + certificate.id, + certificate.meta.dns_provider, + ); args.push(...adds.args); logger.info(`Command: ${certbotCommand} ${args ? args.join(" ") : ""}`); @@ -857,9 +950,13 @@ const internalCertificate = { `${internalCertificate.getLiveCertPath(certificate.id)}/fullchain.pem`, ); - const updatedCertificate = await certificateModel.query().patchAndFetchById(certificate.id, { - expires_on: moment(certInfo.dates.to, "X").format("YYYY-MM-DD HH:mm:ss"), - }); + const updatedCertificate = await certificateModel + .query() + .patchAndFetchById(certificate.id, { + expires_on: moment(certInfo.dates.to, "X").format( + "YYYY-MM-DD HH:mm:ss", + ), + }); // Add to audit log await internalAuditLog.add(access, { @@ -869,7 +966,9 @@ const internalCertificate = { meta: updatedCertificate, }); } else { - throw new error.ValidationError("Only Let'sEncrypt certificates can be renewed"); + throw new error.ValidationError( + "Only Let'sEncrypt certificates can be renewed", + ); } }, @@ -899,7 +998,10 @@ const internalCertificate = { "--disable-hook-validation", ]; - const adds = internalCertificate.getAdditionalCertbotArgs(certificate.id, certificate.meta.dns_provider); + const adds = internalCertificate.getAdditionalCertbotArgs( + certificate.id, + certificate.meta.dns_provider, + ); args.push(...adds.args); logger.info(`Command: ${certbotCommand} ${args ? args.join(" ") : ""}`); @@ -938,7 +1040,10 @@ const internalCertificate = { "--no-random-sleep-on-renew", ]; - const adds = internalCertificate.getAdditionalCertbotArgs(certificate.id, certificate.meta.dns_provider); + const adds = internalCertificate.getAdditionalCertbotArgs( + certificate.id, + certificate.meta.dns_provider, + ); args.push(...adds.args); logger.info(`Command: ${certbotCommand} ${args ? args.join(" ") : ""}`); @@ -978,7 +1083,9 @@ const internalCertificate = { try { const result = await utils.execFile(certbotCommand, args, adds.opts); - await utils.exec(`rm -f '/etc/letsencrypt/credentials/credentials-${certificate.id}' || true`); + await utils.exec( + `rm -f '/etc/letsencrypt/credentials/credentials-${certificate.id}' || true`, + ); logger.info(result); return result; } catch (err) { @@ -995,7 +1102,10 @@ const internalCertificate = { */ hasLetsEncryptSslCerts: (certificate) => { const letsencryptPath = internalCertificate.getLiveCertPath(certificate.id); - return fs.existsSync(`${letsencryptPath}/fullchain.pem`) && fs.existsSync(`${letsencryptPath}/privkey.pem`); + return ( + fs.existsSync(`${letsencryptPath}/fullchain.pem`) && + fs.existsSync(`${letsencryptPath}/privkey.pem`) + ); }, /** @@ -1009,15 +1119,24 @@ const internalCertificate = { disableInUseHosts: async (inUseResult) => { if (inUseResult?.total_count) { if (inUseResult?.proxy_hosts.length) { - await internalNginx.bulkDeleteConfigs("proxy_host", inUseResult.proxy_hosts); + await internalNginx.bulkDeleteConfigs( + "proxy_host", + inUseResult.proxy_hosts, + ); } if (inUseResult?.redirection_hosts.length) { - await internalNginx.bulkDeleteConfigs("redirection_host", inUseResult.redirection_hosts); + await internalNginx.bulkDeleteConfigs( + "redirection_host", + inUseResult.redirection_hosts, + ); } if (inUseResult?.dead_hosts.length) { - await internalNginx.bulkDeleteConfigs("dead_host", inUseResult.dead_hosts); + await internalNginx.bulkDeleteConfigs( + "dead_host", + inUseResult.dead_hosts, + ); } } }, @@ -1033,50 +1152,73 @@ const internalCertificate = { enableInUseHosts: async (inUseResult) => { if (inUseResult.total_count) { if (inUseResult.proxy_hosts.length) { - await internalNginx.bulkGenerateConfigs("proxy_host", inUseResult.proxy_hosts); + await internalNginx.bulkGenerateConfigs( + "proxy_host", + inUseResult.proxy_hosts, + ); } if (inUseResult.redirection_hosts.length) { - await internalNginx.bulkGenerateConfigs("redirection_host", inUseResult.redirection_hosts); + await internalNginx.bulkGenerateConfigs( + "redirection_host", + inUseResult.redirection_hosts, + ); } if (inUseResult.dead_hosts.length) { - await internalNginx.bulkGenerateConfigs("dead_host", inUseResult.dead_hosts); + await internalNginx.bulkGenerateConfigs( + "dead_host", + inUseResult.dead_hosts, + ); } } }, - testHttpsChallenge: async (access, domains) => { + /** + * + * @param {Object} payload + * @param {string[]} payload.domains + * @returns + */ + testHttpsChallenge: async (access, payload) => { await access.can("certificates:list"); - if (!isArray(domains)) { - throw new error.InternalValidationError("Domains must be an array of strings"); - } - if (domains.length === 0) { - throw new error.InternalValidationError("No domains provided"); - } - // Create a test challenge file - const testChallengeDir = "/data/letsencrypt-acme-challenge/.well-known/acme-challenge"; + const testChallengeDir = + "/data/letsencrypt-acme-challenge/.well-known/acme-challenge"; const testChallengeFile = `${testChallengeDir}/test-challenge`; fs.mkdirSync(testChallengeDir, { recursive: true }); fs.writeFileSync(testChallengeFile, "Success", { encoding: "utf8" }); - async function performTestForDomain(domain) { - logger.info(`Testing http challenge for ${domain}`); - const url = `http://${domain}/.well-known/acme-challenge/test-challenge`; - const formBody = `method=G&url=${encodeURI(url)}&bodytype=T&requestbody=&headername=User-Agent&headervalue=None&locationid=1&ch=false&cc=false`; - const options = { - method: "POST", - headers: { - "User-Agent": "Mozilla/5.0", - "Content-Type": "application/x-www-form-urlencoded", - "Content-Length": Buffer.byteLength(formBody), - }, - }; + const results = {}; + for (const domain of payload.domains) { + results[domain] = await internalCertificate.performTestForDomain(domain); + } - const result = await new Promise((resolve) => { - const req = https.request("https://www.site24x7.com/tools/restapi-tester", options, (res) => { + // Remove the test challenge file + fs.unlinkSync(testChallengeFile); + + return results; + }, + + performTestForDomain: async (domain) => { + logger.info(`Testing http challenge for ${domain}`); + const url = `http://${domain}/.well-known/acme-challenge/test-challenge`; + const formBody = `method=G&url=${encodeURI(url)}&bodytype=T&requestbody=&headername=User-Agent&headervalue=None&locationid=1&ch=false&cc=false`; + const options = { + method: "POST", + headers: { + "User-Agent": "Mozilla/5.0", + "Content-Type": "application/x-www-form-urlencoded", + "Content-Length": Buffer.byteLength(formBody), + }, + }; + + const result = await new Promise((resolve) => { + const req = https.request( + "https://www.site24x7.com/tools/restapi-tester", + options, + (res) => { let responseBody = ""; res.on("data", (chunk) => { @@ -1107,69 +1249,66 @@ const internalCertificate = { resolve(undefined); } }); - }); - - // Make sure to write the request body. - req.write(formBody); - req.end(); - req.on("error", (e) => { - logger.warn(`Failed to test HTTP challenge for domain ${domain}`, e); - resolve(undefined); - }); - }); - - if (!result) { - // Some error occurred while trying to get the data - return "failed"; - } - if (result.error) { - logger.info( - `HTTP challenge test failed for domain ${domain} because error was returned: ${result.error.msg}`, - ); - return `other:${result.error.msg}`; - } - if (`${result.responsecode}` === "200" && result.htmlresponse === "Success") { - // Server exists and has responded with the correct data - return "ok"; - } - if (`${result.responsecode}` === "200") { - // Server exists but has responded with wrong data - logger.info( - `HTTP challenge test failed for domain ${domain} because of invalid returned data:`, - result.htmlresponse, - ); - return "wrong-data"; - } - if (`${result.responsecode}` === "404") { - // Server exists but responded with a 404 - logger.info(`HTTP challenge test failed for domain ${domain} because code 404 was returned`); - return "404"; - } - if ( - `${result.responsecode}` === "0" || - (typeof result.reason === "string" && result.reason.toLowerCase() === "host unavailable") - ) { - // Server does not exist at domain - logger.info(`HTTP challenge test failed for domain ${domain} the host was not found`); - return "no-host"; - } - // Other errors - logger.info( - `HTTP challenge test failed for domain ${domain} because code ${result.responsecode} was returned`, + }, ); - return `other:${result.responsecode}`; + + // Make sure to write the request body. + req.write(formBody); + req.end(); + req.on("error", (e) => { + logger.warn(`Failed to test HTTP challenge for domain ${domain}`, e); + resolve(undefined); + }); + }); + + if (!result) { + // Some error occurred while trying to get the data + return "failed"; } - - const results = {}; - - for (const domain of domains) { - results[domain] = await performTestForDomain(domain); + if (result.error) { + logger.info( + `HTTP challenge test failed for domain ${domain} because error was returned: ${result.error.msg}`, + ); + return `other:${result.error.msg}`; } - - // Remove the test challenge file - fs.unlinkSync(testChallengeFile); - - return results; + if ( + `${result.responsecode}` === "200" && + result.htmlresponse === "Success" + ) { + // Server exists and has responded with the correct data + return "ok"; + } + if (`${result.responsecode}` === "200") { + // Server exists but has responded with wrong data + logger.info( + `HTTP challenge test failed for domain ${domain} because of invalid returned data:`, + result.htmlresponse, + ); + return "wrong-data"; + } + if (`${result.responsecode}` === "404") { + // Server exists but responded with a 404 + logger.info( + `HTTP challenge test failed for domain ${domain} because code 404 was returned`, + ); + return "404"; + } + if ( + `${result.responsecode}` === "0" || + (typeof result.reason === "string" && + result.reason.toLowerCase() === "host unavailable") + ) { + // Server does not exist at domain + logger.info( + `HTTP challenge test failed for domain ${domain} the host was not found`, + ); + return "no-host"; + } + // Other errors + logger.info( + `HTTP challenge test failed for domain ${domain} because code ${result.responsecode} was returned`, + ); + return `other:${result.responsecode}`; }, getAdditionalCertbotArgs: (certificate_id, dns_provider) => { diff --git a/backend/lib/certbot.js b/backend/lib/certbot.js index ea0b728f..3a2dd072 100644 --- a/backend/lib/certbot.js +++ b/backend/lib/certbot.js @@ -1,5 +1,5 @@ import batchflow from "batchflow"; -import dnsPlugins from "../global/certbot-dns-plugins.json" with { type: "json" }; +import dnsPlugins from "../certbot/dns-plugins.json" with { type: "json" }; import { certbot as logger } from "../logger.js"; import errs from "./error.js"; import utils from "./utils.js"; @@ -8,7 +8,7 @@ const CERTBOT_VERSION_REPLACEMENT = "$(certbot --version | grep -Eo '[0-9](\\.[0 /** * Installs a cerbot plugin given the key for the object from - * ../global/certbot-dns-plugins.json + * ../certbot/dns-plugins.json * * @param {string} pluginKey * @returns {Object} diff --git a/backend/lib/validator/api.js b/backend/lib/validator/api.js index 9fd74a43..6c738d50 100644 --- a/backend/lib/validator/api.js +++ b/backend/lib/validator/api.js @@ -24,16 +24,21 @@ const apiValidator = async (schema, payload /*, description*/) => { throw new errs.ValidationError("Payload is undefined"); } + const validate = ajv.compile(schema); + const valid = validate(payload); + if (valid && !validate.errors) { return payload; } + + const message = ajv.errorsText(validate.errors); const err = new errs.ValidationError(message); - err.debug = [validate.errors, payload]; + err.debug = {validationErrors: validate.errors, payload}; throw err; }; diff --git a/backend/routes/nginx/certificates.js b/backend/routes/nginx/certificates.js index 33ff1a96..0a2c4b1b 100644 --- a/backend/routes/nginx/certificates.js +++ b/backend/routes/nginx/certificates.js @@ -1,5 +1,5 @@ import express from "express"; -import dnsPlugins from "../../global/certbot-dns-plugins.json" with { type: "json" }; +import dnsPlugins from "../../certbot/dns-plugins.json" with { type: "json" }; import internalCertificate from "../../internal/certificate.js"; import errs from "../../lib/error.js"; import jwtdecode from "../../lib/express/jwt-decode.js"; @@ -44,11 +44,18 @@ router }, }, { - expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null, + expand: + typeof req.query.expand === "string" + ? req.query.expand.split(",") + : null, query: typeof req.query.query === "string" ? req.query.query : null, }, ); - const rows = await internalCertificate.getAll(res.locals.access, data.expand, data.query); + const rows = await internalCertificate.getAll( + res.locals.access, + data.expand, + data.query, + ); res.status(200).send(rows); } catch (err) { logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`); @@ -63,9 +70,15 @@ router */ .post(async (req, res, next) => { try { - const payload = await apiValidator(getValidationSchema("/nginx/certificates", "post"), req.body); + const payload = await apiValidator( + getValidationSchema("/nginx/certificates", "post"), + req.body, + ); req.setTimeout(900000); // 15 minutes timeout - const result = await internalCertificate.create(res.locals.access, payload); + const result = await internalCertificate.create( + res.locals.access, + payload, + ); res.status(201).send(result); } catch (err) { logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`); @@ -120,20 +133,21 @@ router .all(jwtdecode()) /** - * GET /api/nginx/certificates/test-http + * POST /api/nginx/certificates/test-http * * Test HTTP challenge for domains */ - .get(async (req, res, next) => { - if (req.query.domains === undefined) { - next(new errs.ValidationError("Domains are required as query parameters")); - return; - } - + .post(async (req, res, next) => { try { + const payload = await apiValidator( + getValidationSchema("/nginx/certificates/test-http", "post"), + req.body, + ); + req.setTimeout(60000); // 1 minute timeout + const result = await internalCertificate.testHttpsChallenge( res.locals.access, - JSON.parse(req.query.domains), + payload, ); res.status(200).send(result); } catch (err) { @@ -142,7 +156,6 @@ router } }); - /** * Validate Certs before saving * @@ -211,7 +224,10 @@ router }, { certificate_id: req.params.certificate_id, - expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null, + expand: + typeof req.query.expand === "string" + ? req.query.expand.split(",") + : null, }, ); const row = await internalCertificate.get(res.locals.access, { diff --git a/backend/routes/nginx/proxy_hosts.js b/backend/routes/nginx/proxy_hosts.js index 5b3ef057..5b2a4178 100644 --- a/backend/routes/nginx/proxy_hosts.js +++ b/backend/routes/nginx/proxy_hosts.js @@ -65,7 +65,7 @@ router const result = await internalProxyHost.create(res.locals.access, payload); res.status(201).send(result); } catch (err) { - logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`); + logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err} ${JSON.stringify(err.debug, null, 2)}`); next(err); } }); diff --git a/backend/schema/components/dns-providers-list.json b/backend/schema/components/dns-providers-list.json new file mode 100644 index 00000000..c240db18 --- /dev/null +++ b/backend/schema/components/dns-providers-list.json @@ -0,0 +1,23 @@ +{ + "type": "array", + "description": "DNS Providers list", + "items": { + "type": "object", + "required": ["id", "name", "credentials"], + "additionalProperties": false, + "properties": { + "id": { + "type": "string", + "description": "Unique identifier for the DNS provider, matching the python package" + }, + "name": { + "type": "string", + "description": "Human-readable name of the DNS provider" + }, + "credentials": { + "type": "string", + "description": "Instructions on how to format the credentials for this DNS provider" + } + } + } +} diff --git a/backend/schema/paths/nginx/certificates/dns-providers/get.json b/backend/schema/paths/nginx/certificates/dns-providers/get.json new file mode 100644 index 00000000..ec064627 --- /dev/null +++ b/backend/schema/paths/nginx/certificates/dns-providers/get.json @@ -0,0 +1,52 @@ +{ + "operationId": "getDNSProviders", + "summary": "Get DNS Providers for Certificates", + "tags": [ + "Certificates" + ], + "security": [ + { + "BearerAuth": [ + "certificates" + ] + } + ], + "responses": { + "200": { + "description": "200 response", + "content": { + "application/json": { + "examples": { + "default": { + "value": [ + { + "id": "vultr", + "name": "Vultr", + "credentials": "dns_vultr_key = YOUR_VULTR_API_KEY" + }, + { + "id": "websupport", + "name": "Websupport.sk", + "credentials": "dns_websupport_identifier = \ndns_websupport_secret_key = " + }, + { + "id": "wedos", + "name": "Wedos", + "credentials": "dns_wedos_user = \ndns_wedos_auth = " + }, + { + "id": "zoneedit", + "name": "ZoneEdit", + "credentials": "dns_zoneedit_user = \ndns_zoneedit_token = " + } + ] + } + }, + "schema": { + "$ref": "../../../../components/dns-providers-list.json" + } + } + } + } + } +} diff --git a/backend/schema/paths/nginx/certificates/test-http/get.json b/backend/schema/paths/nginx/certificates/test-http/post.json similarity index 59% rename from backend/schema/paths/nginx/certificates/test-http/get.json rename to backend/schema/paths/nginx/certificates/test-http/post.json index 2b9a8dd3..f4f82e3f 100644 --- a/backend/schema/paths/nginx/certificates/test-http/get.json +++ b/backend/schema/paths/nginx/certificates/test-http/post.json @@ -7,18 +7,24 @@ "BearerAuth": ["certificates"] } ], - "parameters": [ - { - "in": "query", - "name": "domains", - "description": "Expansions", - "required": true, - "schema": { - "type": "string", - "example": "[\"test.example.ord\",\"test.example.com\",\"nonexistent.example.com\"]" + "requestBody": { + "description": "Test Payload", + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "additionalProperties": false, + "required": ["domains"], + "properties": { + "domains": { + "$ref": "../../../../common.json#/properties/domain_names" + } + } + } } } - ], + }, "responses": { "200": { "description": "200 response", diff --git a/backend/schema/swagger.json b/backend/schema/swagger.json index b1076916..7feb4ebc 100644 --- a/backend/schema/swagger.json +++ b/backend/schema/swagger.json @@ -61,14 +61,19 @@ "$ref": "./paths/nginx/certificates/post.json" } }, + "/nginx/certificates/dns-providers": { + "get": { + "$ref": "./paths/nginx/certificates/dns-providers/get.json" + } + }, "/nginx/certificates/validate": { "post": { "$ref": "./paths/nginx/certificates/validate/post.json" } }, "/nginx/certificates/test-http": { - "get": { - "$ref": "./paths/nginx/certificates/test-http/get.json" + "post": { + "$ref": "./paths/nginx/certificates/test-http/post.json" } }, "/nginx/certificates/{certID}": { diff --git a/backend/scripts/install-certbot-plugins b/backend/scripts/install-certbot-plugins index 2c111b8a..6acb0226 100755 --- a/backend/scripts/install-certbot-plugins +++ b/backend/scripts/install-certbot-plugins @@ -1,7 +1,7 @@ #!/usr/bin/node // Usage: -// Install all plugins defined in `certbot-dns-plugins.json`: +// Install all plugins defined in `../certbot/dns-plugins.json`: // ./install-certbot-plugins // Install one or more specific plugins: // ./install-certbot-plugins route53 cloudflare @@ -10,20 +10,21 @@ // docker exec npm_core /command/s6-setuidgid 1000:1000 bash -c "/app/scripts/install-certbot-plugins" // -import dnsPlugins from "../global/certbot-dns-plugins.json" with { type: "json" }; +import batchflow from "batchflow"; +import dnsPlugins from "../certbot/dns-plugins.json" with { type: "json" }; import { installPlugin } from "../lib/certbot.js"; import { certbot as logger } from "../logger.js"; -import batchflow from "batchflow"; -let hasErrors = false; -let failingPlugins = []; +let hasErrors = false; +const failingPlugins = []; let pluginKeys = Object.keys(dnsPlugins); if (process.argv.length > 2) { pluginKeys = process.argv.slice(2); } -batchflow(pluginKeys).sequential() +batchflow(pluginKeys) + .sequential() .each((i, pluginKey, next) => { installPlugin(pluginKey) .then(() => { @@ -40,10 +41,14 @@ batchflow(pluginKeys).sequential() }) .end(() => { if (hasErrors) { - logger.error('Some plugins failed to install. Please check the logs above. Failing plugins: ' + '\n - ' + failingPlugins.join('\n - ')); + logger.error( + "Some plugins failed to install. Please check the logs above. Failing plugins: " + + "\n - " + + failingPlugins.join("\n - "), + ); process.exit(1); } else { - logger.complete('Plugins installed successfully'); + logger.complete("Plugins installed successfully"); process.exit(0); } }); diff --git a/docker/Dockerfile b/docker/Dockerfile index 0603e2de..913f79d5 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -39,7 +39,6 @@ EXPOSE 80 81 443 COPY backend /app COPY frontend/dist /app/frontend -COPY global /app/global WORKDIR /app RUN yarn install \ diff --git a/docker/docker-compose.dev.yml b/docker/docker-compose.dev.yml index 5059595b..3c2abbc3 100644 --- a/docker/docker-compose.dev.yml +++ b/docker/docker-compose.dev.yml @@ -1,6 +1,5 @@ # WARNING: This is a DEVELOPMENT docker-compose file, it should not be used for production. services: - fullstack: image: npm2dev:core container_name: npm2dev.core @@ -23,9 +22,9 @@ services: PGID: 1000 FORCE_COLOR: 1 # specifically for dev: - DEBUG: 'true' - DEVELOPMENT: 'true' - LE_STAGING: 'true' + DEBUG: "true" + DEVELOPMENT: "true" + LE_STAGING: "true" # db: # DB_MYSQL_HOST: 'db' # DB_MYSQL_PORT: '3306' @@ -33,26 +32,25 @@ services: # DB_MYSQL_PASSWORD: 'npm' # DB_MYSQL_NAME: 'npm' # db-postgres: - DB_POSTGRES_HOST: 'db-postgres' - DB_POSTGRES_PORT: '5432' - DB_POSTGRES_USER: 'npm' - DB_POSTGRES_PASSWORD: 'npmpass' - DB_POSTGRES_NAME: 'npm' + DB_POSTGRES_HOST: "db-postgres" + DB_POSTGRES_PORT: "5432" + DB_POSTGRES_USER: "npm" + DB_POSTGRES_PASSWORD: "npmpass" + DB_POSTGRES_NAME: "npm" # DB_SQLITE_FILE: "/data/database.sqlite" # DISABLE_IPV6: "true" # Required for DNS Certificate provisioning testing: - LE_SERVER: 'https://ca.internal/acme/acme/directory' - REQUESTS_CA_BUNDLE: '/etc/ssl/certs/NginxProxyManager.crt' + LE_SERVER: "https://ca.internal/acme/acme/directory" + REQUESTS_CA_BUNDLE: "/etc/ssl/certs/NginxProxyManager.crt" volumes: - npm_data:/data - le_data:/etc/letsencrypt - - './dev/resolv.conf:/etc/resolv.conf:ro' + - "./dev/resolv.conf:/etc/resolv.conf:ro" - ../backend:/app - - ../frontend:/app/frontend - - ../global:/app/global - - '/etc/localtime:/etc/localtime:ro' + - ../frontend:/frontend + - "/etc/localtime:/etc/localtime:ro" healthcheck: - test: [ "CMD", "/usr/bin/check-health" ] + test: ["CMD", "/usr/bin/check-health"] interval: 10s timeout: 3s depends_on: @@ -72,13 +70,13 @@ services: - nginx_proxy_manager environment: TZ: "${TZ:-Australia/Brisbane}" - MYSQL_ROOT_PASSWORD: 'npm' - MYSQL_DATABASE: 'npm' - MYSQL_USER: 'npm' - MYSQL_PASSWORD: 'npm' + MYSQL_ROOT_PASSWORD: "npm" + MYSQL_DATABASE: "npm" + MYSQL_USER: "npm" + MYSQL_PASSWORD: "npm" volumes: - db_data:/var/lib/mysql - - '/etc/localtime:/etc/localtime:ro' + - "/etc/localtime:/etc/localtime:ro" db-postgres: image: postgres:latest @@ -86,9 +84,9 @@ services: networks: - nginx_proxy_manager environment: - POSTGRES_USER: 'npm' - POSTGRES_PASSWORD: 'npmpass' - POSTGRES_DB: 'npm' + POSTGRES_USER: "npm" + POSTGRES_PASSWORD: "npmpass" + POSTGRES_DB: "npm" volumes: - psql_data:/var/lib/postgresql/data - ./ci/postgres:/docker-entrypoint-initdb.d @@ -97,8 +95,8 @@ services: image: jc21/testca container_name: npm2dev.stepca volumes: - - './dev/resolv.conf:/etc/resolv.conf:ro' - - '/etc/localtime:/etc/localtime:ro' + - "./dev/resolv.conf:/etc/resolv.conf:ro" + - "/etc/localtime:/etc/localtime:ro" networks: nginx_proxy_manager: aliases: @@ -119,7 +117,7 @@ services: - 3082:80 environment: URL: "http://npm:81/api/schema" - PORT: '80' + PORT: "80" depends_on: - fullstack @@ -127,9 +125,9 @@ services: image: ubuntu/squid container_name: npm2dev.squid volumes: - - './dev/squid.conf:/etc/squid/squid.conf:ro' - - './dev/resolv.conf:/etc/resolv.conf:ro' - - '/etc/localtime:/etc/localtime:ro' + - "./dev/squid.conf:/etc/squid/squid.conf:ro" + - "./dev/resolv.conf:/etc/resolv.conf:ro" + - "/etc/localtime:/etc/localtime:ro" networks: - nginx_proxy_manager ports: @@ -139,18 +137,18 @@ services: image: pschiffe/pdns-mysql:4.8 container_name: npm2dev.pdns volumes: - - '/etc/localtime:/etc/localtime:ro' + - "/etc/localtime:/etc/localtime:ro" environment: - PDNS_master: 'yes' - PDNS_api: 'yes' - PDNS_api_key: 'npm' - PDNS_webserver: 'yes' - PDNS_webserver_address: '0.0.0.0' - PDNS_webserver_password: 'npm' - PDNS_webserver-allow-from: '127.0.0.0/8,192.0.0.0/8,10.0.0.0/8,172.0.0.0/8' - PDNS_version_string: 'anonymous' + PDNS_master: "yes" + PDNS_api: "yes" + PDNS_api_key: "npm" + PDNS_webserver: "yes" + PDNS_webserver_address: "0.0.0.0" + PDNS_webserver_password: "npm" + PDNS_webserver-allow-from: "127.0.0.0/8,192.0.0.0/8,10.0.0.0/8,172.0.0.0/8" + PDNS_version_string: "anonymous" PDNS_default_ttl: 1500 - PDNS_allow_axfr_ips: '127.0.0.0/8,192.0.0.0/8,10.0.0.0/8,172.0.0.0/8' + PDNS_allow_axfr_ips: "127.0.0.0/8,192.0.0.0/8,10.0.0.0/8,172.0.0.0/8" PDNS_gmysql_host: pdns-db PDNS_gmysql_port: 3306 PDNS_gmysql_user: pdns @@ -168,14 +166,14 @@ services: image: mariadb container_name: npm2dev.pdns-db environment: - MYSQL_ROOT_PASSWORD: 'pdns' - MYSQL_DATABASE: 'pdns' - MYSQL_USER: 'pdns' - MYSQL_PASSWORD: 'pdns' + MYSQL_ROOT_PASSWORD: "pdns" + MYSQL_DATABASE: "pdns" + MYSQL_USER: "pdns" + MYSQL_PASSWORD: "pdns" volumes: - - 'pdns_mysql:/var/lib/mysql' - - '/etc/localtime:/etc/localtime:ro' - - './dev/pdns-db.sql:/docker-entrypoint-initdb.d/01_init.sql:ro' + - "pdns_mysql:/var/lib/mysql" + - "/etc/localtime:/etc/localtime:ro" + - "./dev/pdns-db.sql:/docker-entrypoint-initdb.d/01_init.sql:ro" networks: - nginx_proxy_manager @@ -186,25 +184,25 @@ services: context: ../ dockerfile: test/cypress/Dockerfile environment: - HTTP_PROXY: 'squid:3128' - HTTPS_PROXY: 'squid:3128' + HTTP_PROXY: "squid:3128" + HTTPS_PROXY: "squid:3128" volumes: - - '../test/results:/results' - - './dev/resolv.conf:/etc/resolv.conf:ro' - - '/etc/localtime:/etc/localtime:ro' + - "../test/results:/results" + - "./dev/resolv.conf:/etc/resolv.conf:ro" + - "/etc/localtime:/etc/localtime:ro" command: cypress run --browser chrome --config-file=cypress/config/ci.js networks: - nginx_proxy_manager authentik-redis: - image: 'redis:alpine' + image: "redis:alpine" container_name: npm2dev.authentik-redis command: --save 60 1 --loglevel warning networks: - nginx_proxy_manager restart: unless-stopped healthcheck: - test: [ 'CMD-SHELL', 'redis-cli ping | grep PONG' ] + test: ["CMD-SHELL", "redis-cli ping | grep PONG"] start_period: 20s interval: 30s retries: 5 @@ -246,9 +244,9 @@ services: networks: - nginx_proxy_manager environment: - AUTHENTIK_HOST: 'http://authentik:9000' - AUTHENTIK_INSECURE: 'true' - AUTHENTIK_TOKEN: 'wKYZuRcI0ETtb8vWzMCr04oNbhrQUUICy89hSpDln1OEKLjiNEuQ51044Vkp' + AUTHENTIK_HOST: "http://authentik:9000" + AUTHENTIK_INSECURE: "true" + AUTHENTIK_TOKEN: "wKYZuRcI0ETtb8vWzMCr04oNbhrQUUICy89hSpDln1OEKLjiNEuQ51044Vkp" restart: unless-stopped depends_on: - authentik diff --git a/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/run b/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/run index c8be37f9..91ed3fa8 100755 --- a/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/run +++ b/docker/rootfs/etc/s6-overlay/s6-rc.d/frontend/run @@ -7,11 +7,11 @@ set -e if [ "$DEVELOPMENT" = 'true' ]; then . /usr/bin/common.sh - cd /app/frontend || exit 1 + cd /frontend || exit 1 HOME=$NPMHOME export HOME - mkdir -p /app/frontend/dist - chown -R "$PUID:$PGID" /app/frontend/dist + mkdir -p /frontend/dist + chown -R "$PUID:$PGID" /frontend/dist log_info 'Starting frontend ...' s6-setuidgid "$PUID:$PGID" yarn install diff --git a/scripts/ci/frontend-build b/scripts/ci/frontend-build index e1d92923..64e26e50 100755 --- a/scripts/ci/frontend-build +++ b/scripts/ci/frontend-build @@ -15,7 +15,6 @@ if hash docker 2>/dev/null; then -e CI=true \ -e NODE_OPTIONS=--openssl-legacy-provider \ -v "$(pwd)/frontend:/app/frontend" \ - -v "$(pwd)/global:/app/global" \ -w /app/frontend "${DOCKER_IMAGE}" \ sh -c "yarn install && yarn lint && yarn build && chown -R $(id -u):$(id -g) /app/frontend" diff --git a/scripts/ci/test-and-build b/scripts/ci/test-and-build index f9cba906..a0de3414 100755 --- a/scripts/ci/test-and-build +++ b/scripts/ci/test-and-build @@ -10,7 +10,6 @@ docker pull "${TESTING_IMAGE}" echo -e "${BLUE}❯ ${CYAN}Testing backend ...${RESET}" docker run --rm \ -v "$(pwd)/backend:/app" \ - -v "$(pwd)/global:/app/global" \ -w /app \ "${TESTING_IMAGE}" \ sh -c 'yarn install && yarn lint . && rm -rf node_modules'