Audit Log items, backend stuff, help pages

2025-12-18 21:33:25 +00:00 · 2018-08-01 21:18:17 +10:00
parent a43c2d74bf
commit 66e25e315b
47 changed files with 936 additions and 134 deletions
--- a/src/backend/internal/ssl.js
+++ b/src/backend/internal/ssl.js
@@ -0,0 +1,163 @@
+'use strict';
+
+const fs            = require('fs');
+const Liquid        = require('liquidjs');
+const timestamp     = require('unix-timestamp');
+const internalNginx = require('./nginx');
+const logger        = require('../logger').ssl;
+const utils         = require('../lib/utils');
+const error         = require('../lib/error');
+
+timestamp.round = true;
+
+const internalSsl = {
+
+    interval_timeout:    1000 * 60 * 60 * 12, // 12 hours
+    interval:            null,
+    interval_processing: false,
+
+    initTimer: () => {
+        internalSsl.interval = setInterval(internalSsl.processExpiringHosts, internalSsl.interval_timeout);
+    },
+
+    /**
+     * Triggered by a timer, this will check for expiring hosts and renew their ssl certs if required
+     */
+    processExpiringHosts: () => {
+        if (!internalSsl.interval_processing) {
+            logger.info('Renewing SSL certs close to expiry...');
+            return utils.exec('/usr/bin/certbot renew -q')
+                .then(result => {
+                    logger.info(result);
+                    internalSsl.interval_processing = false;
+
+                    return internalNginx.reload()
+                        .then(() => {
+                            logger.info('Renew Complete');
+                            return result;
+                        });
+                })
+                .catch(err => {
+                    logger.error(err);
+                    internalSsl.interval_processing = false;
+                });
+        }
+    },
+
+    /**
+     * @param   {String}  host_type
+     * @param   {Object}  host
+     * @returns {Boolean}
+     */
+    hasValidSslCerts: (host_type, host) => {
+        host_type   = host_type.replace(new RegExp('-', 'g'), '_');
+        let le_path = '/etc/letsencrypt/live/' + host_type + '_' + host.id;
+
+        return fs.existsSync(le_path + '/fullchain.pem') && fs.existsSync(le_path + '/privkey.pem');
+    },
+
+    /**
+     * @param   {String}  host_type
+     * @param   {Object}  host
+     * @returns {Promise}
+     */
+    requestSsl: (host_type, host) => {
+        logger.info('Requesting SSL certificates for ' + host_type + ' #' + host.id);
+
+        // TODO
+
+        return utils.exec('/usr/bin/letsencrypt certonly --agree-tos --email "' + host.letsencrypt_email + '" -n -a webroot -d "' + host.hostname + '"')
+            .then(result => {
+                logger.info(result);
+                return result;
+            });
+    },
+
+    /**
+     * @param   {String}  host_type
+     * @param   {Object}  host
+     * @returns {Promise}
+     */
+    renewSsl: (host_type, host) => {
+        logger.info('Renewing SSL certificates for ' + host_type + ' #' + host.id);
+
+        // TODO
+
+        return utils.exec('/usr/bin/certbot renew --force-renewal --disable-hook-validation --cert-name "' + host.hostname + '"')
+            .then(result => {
+                logger.info(result);
+                return result;
+            });
+    },
+
+    /**
+     * @param   {String}  host_type
+     * @param   {Object}  host
+     * @returns {Promise}
+     */
+    deleteCerts: (host_type, host) => {
+        logger.info('Deleting SSL certificates for ' + host_type + ' #' + host.id);
+
+        // TODO
+
+        return utils.exec('/usr/bin/certbot delete -n --cert-name "' + host.hostname + '"')
+            .then(result => {
+                logger.info(result);
+            })
+            .catch(err => {
+                logger.error(err);
+            });
+    },
+
+    /**
+     * @param   {String}  host_type
+     * @param   {Object}  host
+     * @returns {Promise}
+     */
+    generateSslSetupConfig: (host_type, host) => {
+        host_type = host_type.replace(new RegExp('-', 'g'), '_');
+
+        let renderEngine = Liquid();
+        let template     = null;
+        let filename     = internalNginx.getConfigName(host_type, host);
+
+        return new Promise((resolve, reject) => {
+            try {
+                template = fs.readFileSync(__dirname + '/../templates/letsencrypt.conf', {encoding: 'utf8'});
+            } catch (err) {
+                reject(new error.ConfigurationError(err.message));
+                return;
+            }
+
+            return renderEngine
+                .parseAndRender(template, host)
+                .then(config_text => {
+                    fs.writeFileSync(filename, config_text, {encoding: 'utf8'});
+                    return template_data;
+                })
+                .catch(err => {
+                    throw new error.ConfigurationError(err.message);
+                });
+        });
+    },
+
+    /**
+     * @param   {String}  host_type
+     * @param   {Object}  host
+     * @returns {Promise}
+     */
+    configureSsl: (host_type, host) => {
+
+        // TODO
+
+        return internalSsl.generateSslSetupConfig(host)
+            .then(data => {
+                return internalNginx.reload()
+                    .then(() => {
+                        return internalSsl.requestSsl(data);
+                    });
+            });
+    }
+};
+
+module.exports = internalSsl;