mirror of
				https://github.com/NginxProxyManager/nginx-proxy-manager.git
				synced 2025-10-22 19:43:32 +00:00 
			
		
		
		
	Compare commits
	
		
			1565 Commits
		
	
	
		
			2.0.5
			...
			dependabot
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
|  | 08bdc23131 | ||
|  | 487fa6d31b | ||
|  | 5b6ca1bf00 | ||
|  | 5039738aa3 | ||
|  | 4451be8f1c | ||
|  | bee2fd1978 | ||
|  | c8adbdfc15 | ||
|  | aff4182ab8 | ||
|  | 8c9d2745e2 | ||
|  | 076d14b5e4 | ||
|  | 8a6d815152 | ||
|  | 54d463ac36 | ||
|  | a23dc24021 | ||
|  | 4f9df893c8 | ||
|  | 304b38e82b | ||
|  | 1b0929ade6 | ||
|  | ddbafb62a6 | ||
|  | 9a0383bc73 | ||
|  | 307cb94e84 | ||
|  | 63ae924fbc | ||
|  | 1710a263c0 | ||
|  | 1357774f21 | ||
|  | 5f54490d86 | ||
|  | c97b8a339d | ||
|  | ed1d90ee7f | ||
|  | 70894e55b8 | ||
|  | 817021a43d | ||
|  | 36e3449a56 | ||
|  | db9f25638f | ||
|  | ddd3355d95 | ||
|  | aade8b42fc | ||
|  | 3735f3c11d | ||
|  | b84762b5b9 | ||
|  | 953faeac15 | ||
|  | c58f3f3ec9 | ||
|  | 0ee4d04d5f | ||
|  | 94f6756250 | ||
|  | 27e3f73854 | ||
|  | d98f4b43dc | ||
|  | ff3116a626 | ||
|  | 7047750b04 | ||
|  | 0792fc0768 | ||
|  | 9758c12ca3 | ||
|  | ccd69c8867 | ||
|  | 23fd1fec6c | ||
|  | 6f04543744 | ||
|  | cbb1fe44ca | ||
|  | 4c23f22d5b | ||
|  | af5d3eccd6 | ||
|  | a87283b030 | ||
|  | 97dbbdd60f | ||
|  | ec81f2489a | ||
|  | d0ec8e89aa | ||
|  | 9a96fbb5f4 | ||
|  | a573450bb8 | ||
|  | 60a25ffbd5 | ||
|  | 7d2369b380 | ||
|  | 64f00e8dba | ||
|  | c99143f548 | ||
|  | cc4ee6919a | ||
|  | 8a69c65b40 | ||
|  | 95ee5ca958 | ||
|  | 40f22d30c4 | ||
|  | 30dfa9e3de | ||
|  | b873499feb | ||
|  | ef69be2036 | ||
|  | 7580e65dd4 | ||
|  | f11dc5d7c1 | ||
|  | 77061a7bd6 | ||
|  | b6afc19135 | ||
|  | 09ba400d09 | ||
|  | 0291cfc270 | ||
|  | 34267e0af9 | ||
|  | f327c1e825 | ||
|  | 6f539979ec | ||
|  | 3d8079a137 | ||
|  | 6d6d83c0d0 | ||
|  | 100a4888d0 | ||
|  | 34a46bd733 | ||
|  | 7f8adc7e50 | ||
|  | 98d118cb74 | ||
|  | 4fb93542c3 | ||
|  | 4fe305520a | ||
|  | 76be31cf76 | ||
|  | 55dadb2004 | ||
|  | d9cdb3dc2c | ||
|  | 0cab720f23 | ||
|  | f5879dff6c | ||
|  | 5e66d677f1 | ||
|  | 18830f81b0 | ||
|  | 341ac65587 | ||
|  | 078baa255a | ||
|  | bf9d9bd43b | ||
|  | a394b25e61 | ||
|  | 1c47fc2ba4 | ||
|  | 312e2ab80c | ||
|  | d147ccd88d | ||
|  | 03fd292c61 | ||
|  | 79d28f03d0 | ||
|  | b09147eca8 | ||
|  | c5a319cb20 | ||
|  | c4df89df1f | ||
|  | 34c703f8b4 | ||
|  | 0a05d8f0ad | ||
|  | 0a9141fad5 | ||
|  | 42836774b7 | ||
|  | 2a07544f58 | ||
|  | dc9d884743 | ||
|  | 0d5d2b1b7c | ||
|  | df48b835c4 | ||
|  | 8a1557154a | ||
|  | a6af5ec2c7 | ||
|  | 14d7c35fd7 | ||
|  | cfcf78aaee | ||
|  | 3a01b2c84f | ||
|  | e1c84a5c10 | ||
|  | c56c95a59a | ||
|  | 6a60627833 | ||
|  | b4793d3c16 | ||
|  | 68a7803513 | ||
|  | 2657af97cf | ||
|  | 4452f014b9 | ||
|  | cd80cc8e4d | ||
|  | ee4250d770 | ||
|  | 3dbc70faa6 | ||
|  | 3091c21cae | ||
|  | 57cd2a1919 | ||
|  | ad5936c530 | ||
|  | 498109addb | ||
|  | 3f3aacd7ec | ||
|  | bb4ecf812d | ||
|  | c05f9695d0 | ||
|  | 6343b398f0 | ||
|  | 59362b7477 | ||
|  | aedaaa18e0 | ||
|  | 080bd0b749 | ||
|  | 9687e9e450 | ||
|  | 5a234bb88c | ||
|  | 4de4b65036 | ||
|  | f1c97c7c36 | ||
|  | b4f49969d6 | ||
|  | ec12d8f9bf | ||
|  | e50e3def9d | ||
|  | 6415f284f9 | ||
|  | 98e5997f0a | ||
|  | fc30a92bd4 | ||
|  | e2011ee45c | ||
|  | 1406e75c2c | ||
|  | ca3ee98c68 | ||
|  | f90d839ebe | ||
|  | be5278f31e | ||
|  | 73110d5e1e | ||
|  | 356b98bf7e | ||
|  | 3eecf7a38b | ||
|  | 7f9240dda7 | ||
|  | f537619ffe | ||
|  | 805968aac6 | ||
|  | 2a4093c1b8 | ||
|  | ae2ac8a733 | ||
|  | 5d087f1256 | ||
|  | c6eca2578e | ||
|  | 56033bee9c | ||
|  | c6630e87bb | ||
|  | d6b98f51b0 | ||
|  | 1e322804ce | ||
|  | b3de76c945 | ||
|  | fcf4117f8e | ||
|  | d26e8c1d0c | ||
|  | 19ed4c1212 | ||
|  | 03018d252b | ||
|  | 8351dd41f6 | ||
|  | 97212f2686 | ||
|  | fe068a8b51 | ||
|  | 61e2bde98f | ||
|  | 81c9038929 | ||
|  | 4ea50ca40c | ||
|  | 53ed12bcf2 | ||
|  | cb3e4ed59c | ||
|  | b20dc5eade | ||
|  | 586afc0c91 | ||
|  | 93ea17a9bb | ||
|  | 151160a834 | ||
|  | 2075f98cad | ||
|  | 07a4e5791f | ||
|  | 640a1eeb68 | ||
|  | 126d3d44ca | ||
|  | 20646e7bb5 | ||
|  | 87998a03ce | ||
|  | 2cee211fb0 | ||
|  | a56342c76a | ||
|  | 4c89379671 | ||
|  | 10b9a49274 | ||
|  | 595a742c40 | ||
|  | c171752137 | ||
|  | a0b26b9e98 | ||
|  | d6791f4e38 | ||
|  | 62c94f3099 | ||
|  | 25a26d6175 | ||
|  | 17246e418f | ||
|  | f7d3ca0b07 | ||
|  | a55de386e7 | ||
|  | e9d4f5b827 | ||
|  | 1c1cee3836 | ||
|  | eaf6335694 | ||
|  | ffe05ebd41 | ||
|  | 2e9a4f1aed | ||
|  | d17c85e4c8 | ||
|  | dad8d0ca00 | ||
|  | d7e0558a35 | ||
|  | ee41bb5562 | ||
|  | 0cf6b9caa4 | ||
|  | 68a9baf206 | ||
|  | d92421d098 | ||
|  | 96c58b203e | ||
|  | d499e2bfef | ||
|  | 5084cb7296 | ||
|  | 2f9e062718 | ||
|  | edbed1af90 | ||
|  | 8497022e41 | ||
|  | fa2c814fcb | ||
|  | d96a3987c0 | ||
|  | e677bfa2e8 | ||
|  | fe2d8895d6 | ||
|  | 5bdc05878f | ||
|  | 929ac3bd7c | ||
|  | f48e1b46a8 | ||
|  | 351ba8dacd | ||
|  | 3b89d5f380 | ||
|  | e5aa880ec4 | ||
|  | 7322d35bd7 | ||
|  | 81b89185f2 | ||
|  | f2bb8f2b3d | ||
|  | b01817bc7f | ||
|  | 5aeb99b856 | ||
|  | e7e4003d15 | ||
|  | 78f3e7281b | ||
|  | c9d97aff38 | ||
|  | 9813071e76 | ||
|  | d7a7fa3496 | ||
|  | 2e72f253a0 | ||
|  | ac47eab23b | ||
|  | 0bfa6c9d4f | ||
|  | f71de7474d | ||
|  | 3a2617e6bf | ||
|  | 6c6722464d | ||
|  | 02a7b43932 | ||
|  | 42a5bb6af3 | ||
|  | a08d18bdb2 | ||
|  | d2d104b723 | ||
|  | e0352ecc48 | ||
|  | 4e035f285d | ||
|  | b046bb3229 | ||
|  | 304899e604 | ||
|  | e525b5470e | ||
|  | aacb2302bf | ||
|  | d21403ca1e | ||
|  | c39d5433bc | ||
|  | 7c97516de6 | ||
|  | 4572b205c9 | ||
|  | 6f7963ee08 | ||
|  | dfe2588523 | ||
|  | a8f1f7f017 | ||
|  | e401095707 | ||
|  | d69cb26157 | ||
|  | 48a9f5f9db | ||
|  | ca9eeb5118 | ||
|  | a03009056c | ||
|  | 554d1ff2b6 | ||
|  | 0042726477 | ||
|  | ed5d87b021 | ||
|  | 894cd25534 | ||
|  | 4446e2f760 | ||
|  | 35d7a3a407 | ||
|  | 63d06da8a8 | ||
|  | b5a0d74654 | ||
|  | 99cce7e2b0 | ||
|  | 120d50e5c0 | ||
|  | 5454fd61b3 | ||
|  | b33012705b | ||
|  | e948b60194 | ||
|  | 7913c9a07d | ||
|  | d1c23b6286 | ||
|  | c7e2946dbf | ||
|  | 8936402229 | ||
|  | 001c77e686 | ||
|  | 5578e825b1 | ||
|  | c93656a7a1 | ||
|  | 50aeae234f | ||
|  | a5c06c1a34 | ||
|  | 51414ced3a | ||
|  | 5e35e538af | ||
|  | 13fec42d1f | ||
|  | b4560d7dde | ||
|  | 6f9eed8a61 | ||
|  | d66e4e03e6 | ||
|  | 1d19c29bb0 | ||
|  | e20a11de4a | ||
|  | d3a654b546 | ||
|  | bed387ebd4 | ||
|  | 6ac9a82279 | ||
|  | ef23e796ec | ||
|  | 3754a569ba | ||
|  | b383f46656 | ||
|  | 3ce477d350 | ||
|  | 516b4d991c | ||
|  | 12d77e3ab6 | ||
|  | 8d80af3a26 | ||
|  | 1f45e6a5e9 | ||
|  | dcb9628c36 | ||
|  | 029b184398 | ||
|  | 2422587530 | ||
|  | 4ee940d3dc | ||
|  | 47dddc548b | ||
|  | 256a667e2c | ||
|  | 79cd0c5294 | ||
|  | 09a03edfd7 | ||
|  | 35f0fe745d | ||
|  | f1e433714e | ||
|  | 035eaed0a4 | ||
|  | 4b100a384d | ||
|  | c5c5fa0a5a | ||
|  | 280bac8b43 | ||
|  | 02aefa50cd | ||
|  | 4d91cfc397 | ||
|  | 79a453f2fe | ||
|  | c62c09569d | ||
|  | 09bcf4010c | ||
|  | 6aeade6c98 | ||
|  | 8655b7d2db | ||
|  | 2d929dffa8 | ||
|  | 52eaa042d8 | ||
|  | b35aa50b88 | ||
|  | c575a706b5 | ||
|  | 587b97c2d3 | ||
|  | 317003beda | ||
|  | 5a761236c5 | ||
|  | b135527347 | ||
|  | abca9cc89c | ||
|  | 6721923601 | ||
|  | a88f77c1a5 | ||
|  | a5b21d0306 | ||
|  | 8eab8d71f2 | ||
|  | d06572bb5f | ||
|  | d40f9e06fc | ||
|  | 69ec017a53 | ||
|  | fa67f257ef | ||
|  | 0dcd648c9d | ||
|  | c989a282e3 | ||
|  | 5aff969c04 | ||
|  | bfbf7519ec | ||
|  | bf36c7966a | ||
|  | 63cd9ba08f | ||
|  | e3d4882c3d | ||
|  | 3e1b73143e | ||
|  | 10ece3548d | ||
|  | 0503a6af75 | ||
|  | 55d765e785 | ||
|  | 1fb9a75a33 | ||
|  | 9c2e838d61 | ||
|  | c55e47aacf | ||
|  | 40d81d6e44 | ||
|  | 1c84eaac02 | ||
|  | 577954ef8c | ||
|  | f0c75641d8 | ||
|  | e42e2acf12 | ||
|  | eaa11fe460 | ||
|  | 5b53825ccb | ||
|  | a94660120f | ||
|  | 39f4836485 | ||
|  | aec30207da | ||
|  | 209c1b3334 | ||
|  | 58138fbac4 | ||
|  | da820db4e1 | ||
|  | 47b868bfc6 | ||
|  | 89a405f60c | ||
|  | 0353051436 | ||
|  | a3630a6286 | ||
|  | 10d9760242 | ||
|  | c722eb1cea | ||
|  | 0472abacd2 | ||
|  | a2e85ceed8 | ||
|  | cddd6fb985 | ||
|  | db23c9a52f | ||
|  | 8646cb5a19 | ||
|  | fe0c04610f | ||
|  | 9f16dae2ff | ||
|  | 00264bcfb2 | ||
|  | 834fb1a361 | ||
|  | 1be87f48c1 | ||
|  | 9c54d1b718 | ||
|  | f7d1c490b3 | ||
|  | fe4bd9fed6 | ||
|  | 58ef9a688e | ||
|  | d19ebf5925 | ||
|  | 96fc6a20bb | ||
|  | e69684919c | ||
|  | be39253a6f | ||
|  | 30772a48bd | ||
|  | 33c867895c | ||
|  | a7fe687bae | ||
|  | 4028120f55 | ||
|  | d1119ec63f | ||
|  | 4c906283df | ||
|  | 8ec0c76f51 | ||
|  | c70f65d349 | ||
|  | 883a272b0a | ||
|  | 6aee2bbcba | ||
|  | 025fc9776b | ||
|  | b699f05f47 | ||
|  | f7c87f63bd | ||
|  | e4ef095254 | ||
|  | 09d5e2c94f | ||
|  | 459b7a2223 | ||
|  | 9c813bcce3 | ||
|  | b8596ac01c | ||
|  | 082c4e1008 | ||
|  | 2273eae6ee | ||
|  | 997e9d431b | ||
|  | b3564b6d4b | ||
|  | 4e27cdabc4 | ||
|  | 965873adc5 | ||
|  | 5de95a8c90 | ||
|  | fa557d8159 | ||
|  | bc8211a6a9 | ||
|  | 1c498f84ad | ||
|  | ea6e9757e3 | ||
|  | 1308ae42c2 | ||
|  | 7be548575b | ||
|  | c6aab8d4e6 | ||
|  | da55e93183 | ||
|  | af475ab5d4 | ||
|  | 7d85463dae | ||
|  | 13d4f98fdb | ||
|  | 388fff84f2 | ||
|  | 49a765516c | ||
|  | 27bc8c4e33 | ||
|  | 881a067aff | ||
|  | 1975e4a151 | ||
|  | 4704bd6a38 | ||
|  | ca56e0483f | ||
|  | 3b8cb86d72 | ||
|  | 5165de4a91 | ||
|  | 1ab3575c68 | ||
|  | ccf9cce825 | ||
|  | 3ad2188f78 | ||
|  | 33dbffb974 | ||
|  | 289e438c59 | ||
|  | e08a4d4490 | ||
|  | d1d1819677 | ||
|  | 4e0768d56c | ||
|  | 3666364418 | ||
|  | 9052502a17 | ||
|  | b608d3392d | ||
|  | edb81ecce0 | ||
|  | e24181936f | ||
|  | 940d06cac9 | ||
|  | 134902d127 | ||
|  | 2df4620d05 | ||
|  | f41b1069ae | ||
|  | 004a93fbc3 | ||
|  | 2d9f04edcd | ||
|  | 53dbe258a5 | ||
|  | e4ba22f0f8 | ||
|  | 3197de41de | ||
|  | 0f7be7987b | ||
|  | 853c48dff6 | ||
|  | 410c3484ab | ||
|  | 44e9f377f9 | ||
|  | 0f3b76f607 | ||
|  | f426e64569 | ||
|  | 4867db078c | ||
|  | 6b565e628f | ||
|  | 881d70502b | ||
|  | 62e4edddf0 | ||
|  | 4b9c02cc0c | ||
|  | 5af834e40b | ||
|  | 6f8db95249 | ||
|  | fe93cb3474 | ||
|  | fa851b61da | ||
|  | 3333a32612 | ||
|  | 9a79fce498 | ||
|  | b1180f5077 | ||
|  | 5454352fe5 | ||
|  | aee93a2f6f | ||
|  | f38cb5b500 | ||
|  | f1b7156c89 | ||
|  | 98465cf1b0 | ||
|  | 137e865b66 | ||
|  | e740fb4064 | ||
|  | f91f0ee8db | ||
|  | 1c9f751512 | ||
|  | a602bdd514 | ||
|  | f7b2be68cc | ||
|  | ab4586fc6b | ||
|  | a984a68065 | ||
|  | 52875fca6e | ||
|  | 63b50fcd95 | ||
|  | 5ab4aea03f | ||
|  | d73135378e | ||
|  | e19d685cb6 | ||
|  | c8caaa56d9 | ||
|  | 11a98f4c12 | ||
|  | 4a85d4ac4e | ||
|  | 3138ba46ce | ||
|  | cdd0b2e6d3 | ||
|  | f458730d87 | ||
|  | d20873dcbb | ||
|  | d1e9407e4d | ||
|  | 63ee69f432 | ||
|  | f39e527680 | ||
|  | 2dd4434ceb | ||
|  | 81054631f9 | ||
|  | 53d61bd626 | ||
|  | 847e879b3f | ||
|  | 4c59400731 | ||
|  | 824c837a38 | ||
|  | 2a06384a4a | ||
|  | 05307aa253 | ||
|  | 3d2406ac3d | ||
|  | 0127dc7f03 | ||
|  | 4349d42636 | ||
|  | 4b6f9d9419 | ||
|  | c3f019c911 | ||
|  | ecf0290203 | ||
|  | 4f41fe0c95 | ||
|  | c3735fdbbb | ||
|  | c432c34fb3 | ||
|  | a1245bc161 | ||
|  | db4ab1d548 | ||
|  | 86ddd9c83c | ||
|  | 67208e43cc | ||
|  | ddf80302c6 | ||
|  | 5f2576946d | ||
|  | 9fe07fa6c3 | ||
|  | d9b9af543e | ||
|  | eb2e2e0478 | ||
|  | 9225d5d442 | ||
|  | 308a7149ed | ||
|  | 8a4a7d0caf | ||
|  | 5d03ede100 | ||
|  | 4a86bb42cc | ||
|  | dad8561ea1 | ||
|  | 56a92e5c0e | ||
|  | 9d672f5813 | ||
|  | d5ed70dbb6 | ||
|  | c197e66d62 | ||
|  | 91cf3c8873 | ||
|  | 7f5e0414ac | ||
|  | d179887c15 | ||
|  | 35abb4d7ae | ||
|  | 61b290e220 | ||
|  | e1bcef6e5c | ||
|  | 81f51f9e2d | ||
|  | 661953db25 | ||
|  | 065c2dac42 | ||
|  | 2926844cbe | ||
|  | c1960f3793 | ||
|  | 11a29a8b67 | ||
|  | c40e48e678 | ||
|  | 124cb18e17 | ||
|  | 5ac9dc0758 | ||
|  | 9a799d51ce | ||
|  | 77eb618758 | ||
|  | 79fedfcea4 | ||
|  | 8fdb8ac853 | ||
|  | 4fdc80be01 | ||
|  | f8e6c8d018 | ||
|  | c3469de61b | ||
|  | ea61b15a40 | ||
|  | 60175e6d8c | ||
|  | 2a07445005 | ||
|  | dad3e1da7c | ||
|  | 82d9452001 | ||
|  | 095bc8f676 | ||
|  | 8c15340b83 | ||
|  | a13f7c3792 | ||
|  | 6748985669 | ||
|  | e2957f070b | ||
|  | fccbde1371 | ||
|  | fec36834f7 | ||
|  | 00aeef75b6 | ||
|  | 5b7682f13c | ||
|  | b30fcb50c8 | ||
|  | 100c56ad10 | ||
|  | 44bebf366a | ||
|  | 6a28701242 | ||
|  | 09d1d3744c | ||
|  | 84e0b30f8d | ||
|  | 546ce8d4bc | ||
|  | 9b40bb288d | ||
|  | c812b674b6 | ||
|  | 86e63197f6 | ||
|  | c371b2e953 | ||
|  | 2142e25029 | ||
|  | 30076a0e66 | ||
|  | 42bd39163a | ||
|  | cc4891d9ec | ||
|  | 40c26839f5 | ||
|  | 2ff66ee238 | ||
|  | 9d60b4a756 | ||
|  | d2becc0681 | ||
|  | 579c32a724 | ||
|  | b08ef17894 | ||
|  | 589ab8757e | ||
|  | abdaac8584 | ||
|  | d5c950a231 | ||
|  | d9a1701927 | ||
|  | 6e500c35dc | ||
|  | a06e96061f | ||
|  | f0513d34f9 | ||
|  | 09349efbbe | ||
|  | 06453e9668 | ||
|  | b1e904df84 | ||
|  | 5f435b6325 | ||
|  | 7b48488c29 | ||
|  | 3f6ad0d807 | ||
|  | edba369ae8 | ||
|  | b77d916bdd | ||
|  | 2706454635 | ||
|  | 32a3bb1d6d | ||
|  | 95665ca378 | ||
|  | 09d6cf7c48 | ||
|  | 2addc48a9b | ||
|  | ebf07a7912 | ||
|  | abe6493244 | ||
|  | 9f192ab275 | ||
|  | 52e013d289 | ||
|  | 331da3841e | ||
|  | e227f4177b | ||
|  | 88fa7cdfff | ||
|  | f3b3072711 | ||
|  | cf6cc7dcc5 | ||
|  | 448c8a2dd5 | ||
|  | 634cfe13f1 | ||
|  | 7597515c20 | ||
|  | 93f57aece5 | ||
|  | ef6da1bbe1 | ||
|  | 4ad9e68886 | ||
|  | 9b35e7c188 | ||
|  | 2aa6e55d6b | ||
|  | 1ac28410ff | ||
|  | b0fd976b97 | ||
|  | 7fe7e94fbd | ||
|  | 8864960eb4 | ||
|  | 23326895b2 | ||
|  | d2f707b76d | ||
|  | a7f0c3b730 | ||
|  | a9e84f1750 | ||
|  | 7ca3a9e7a6 | ||
|  | c80d099193 | ||
|  | 35aba13122 | ||
|  | b69e493c54 | ||
|  | 99d73a2da8 | ||
|  | 3c23aa935e | ||
|  | 8dee139810 | ||
|  | 6349cb6094 | ||
|  | 452838b04a | ||
|  | fd30cfe98b | ||
|  | 6f281fef42 | ||
|  | 5920b0cf5e | ||
|  | 41bbfcf165 | ||
|  | 80a93e17fa | ||
|  | 4a1eebc54b | ||
|  | 264ba71462 | ||
|  | e229fa89f8 | ||
|  | d3b72ae07d | ||
|  | b62b6b5112 | ||
|  | c44f8c6155 | ||
|  | 0dfa3d9ca3 | ||
|  | 8c7c84906b | ||
|  | 662143cf21 | ||
|  | c60fc7926e | ||
|  | cfbdc6c340 | ||
|  | 2f6d8257ec | ||
|  | b9a6b5d4f5 | ||
|  | 32f77dbcee | ||
|  | 052cb8f12d | ||
|  | 03b544023b | ||
|  | 5070499cfd | ||
|  | e77b13d36e | ||
|  | 4bb237d7c2 | ||
|  | aa5a7faa94 | ||
|  | 837f4dcbd4 | ||
|  | d73a246b66 | ||
|  | f85e82973d | ||
|  | 84afec567c | ||
|  | e1525e5d56 | ||
|  | d2688cf08c | ||
|  | 7372319568 | ||
|  | 60ffec5c64 | ||
|  | 23c88f6955 | ||
|  | dd14207b63 | ||
|  | 103adfbb57 | ||
|  | b673ebe2ca | ||
|  | 0e0c3df0cd | ||
|  | 8dbd482e08 | ||
|  | ab5f7c0f26 | ||
|  | 191f493eb9 | ||
|  | d1f4640a9c | ||
|  | 3d97f4578d | ||
|  | fb0ef08fd8 | ||
|  | 0de78205b5 | ||
|  | e0821bd927 | ||
|  | e5966b54a8 | ||
|  | d2f6b09901 | ||
|  | 5c8aa8517b | ||
|  | 1e5916db28 | ||
|  | a3ae6956e2 | ||
|  | 518b84b38b | ||
|  | 932dc4bf02 | ||
|  | bdc3a555b6 | ||
|  | d4dcb61ee6 | ||
|  | cce73beb2d | ||
|  | 4db34f5894 | ||
|  | 063ac4619f | ||
|  | d1a338107b | ||
|  | 0d0b7e117f | ||
|  | 3538f9719f | ||
|  | feaafdc559 | ||
|  | edf369a3d4 | ||
|  | eb148eb8f0 | ||
|  | 4251157ffa | ||
|  | 9866eec21c | ||
|  | e879d41ee4 | ||
|  | bb26f5b2c7 | ||
|  | 8e61d3eadf | ||
|  | 749ab36b1a | ||
|  | c68874743d | ||
|  | 1a76f4ebfc | ||
|  | 59238d1dc1 | ||
|  | 661f3d6899 | ||
|  | 14b889a85f | ||
|  | ac25171420 | ||
|  | 7281ed5968 | ||
|  | dc541b2c72 | ||
|  | 9a854fd8fe | ||
|  | 8eb44c404d | ||
|  | 61b25e1213 | ||
|  | d3a5a3d0d6 | ||
|  | 366fcf0bed | ||
|  | 29c0fcbad6 | ||
|  | de84d5d463 | ||
|  | 078114ee67 | ||
|  | 49f350fb00 | ||
|  | e141b5ff20 | ||
|  | 181f163cb5 | ||
|  | 30a9d3ae8d | ||
|  | 83e09ad5a7 | ||
|  | 8e5255a275 | ||
|  | e4f06368bb | ||
|  | 0edd87324c | ||
|  | 96e034aa75 | ||
|  | 821432263a | ||
|  | 5edb16f36e | ||
|  | a233bc0045 | ||
|  | eed40d095e | ||
|  | 0d0e5295f4 | ||
|  | 51ac4bc688 | ||
|  | 4f97592965 | ||
|  | be5a763d39 | ||
|  | c435ce0224 | ||
|  | 67d8ede247 | ||
|  | 5e98ce32b7 | ||
|  | a2c01655f0 | ||
|  | 3a71281937 | ||
|  | f235ec8b5a | ||
|  | fa7df05b92 | ||
|  | 1f3ac7a9ec | ||
|  | 5bd002a568 | ||
|  | 5fb0cc5fab | ||
|  | 818b9595aa | ||
|  | c78f641e85 | ||
|  | 081380c8d5 | ||
|  | 7e451bce0b | ||
|  | a082ec0604 | ||
|  | 973a10a9d1 | ||
|  | 1ec95096d5 | ||
|  | e81cc45405 | ||
|  | b9ef11e8bf | ||
|  | 0d8dd03c3d | ||
|  | 74d610d9ad | ||
|  | 9146ca6c63 | ||
|  | d7e0ae0fa0 | ||
|  | 29ee48530c | ||
|  | abe53a4bdd | ||
|  | 2d23bedf12 | ||
|  | 4e17fb476b | ||
|  | c803ec7e26 | ||
|  | 7e67f33766 | ||
|  | 9dd5644183 | ||
|  | 5a8028a72d | ||
|  | 747de511d4 | ||
|  | 7800938fd2 | ||
|  | ab80fe13e9 | ||
|  | 5d106c4064 | ||
|  | 2ac1026e4b | ||
|  | b78c7e1c53 | ||
|  | 849bdcda7b | ||
|  | 5aae8cd0e3 | ||
|  | adc5a2020a | ||
|  | 40b1521f72 | ||
|  | ac23c66659 | ||
|  | 84bc33db8a | ||
|  | 6392df36c3 | ||
|  | c82843279c | ||
|  | b394eb8e55 | ||
|  | bb422d4454 | ||
|  | 3dfe23836c | ||
|  | d45f39aae3 | ||
|  | cb091040a8 | ||
|  | ddd538944a | ||
|  | 1f879f67a9 | ||
|  | ee89dedd0f | ||
|  | 9ab5333652 | ||
|  | 3bd97ae1b0 | ||
|  | 432062e0f4 | ||
|  | 0c8bbb4bc2 | ||
|  | 48e96c46d5 | ||
|  | 25e9acf618 | ||
|  | a517e80236 | ||
|  | 3d4d3bc73b | ||
|  | cf4d1f73fa | ||
|  | c203d1a0d8 | ||
|  | 5f29f6b039 | ||
|  | f75b5b867b | ||
|  | 67463ca136 | ||
|  | 8db541f37f | ||
|  | a5229d0e92 | ||
|  | 38ec0f9f95 | ||
|  | 3d80759a21 | ||
|  | d95cd36b3e | ||
|  | 4c6b96ad5d | ||
|  | c3bef2867e | ||
|  | efc5bff2e1 | ||
|  | ffe3db8c08 | ||
|  | 4ada0feae3 | ||
|  | e17de6058e | ||
|  | 9efe6cfb39 | ||
|  | c86a1a50bd | ||
|  | c55476b196 | ||
|  | 3b47decbb0 | ||
|  | d0bfa082e0 | ||
|  | 6b7a8b009e | ||
|  | ca59e585d8 | ||
|  | bbde7a108a | ||
|  | 87731a8b5c | ||
|  | 29d4bd4ccf | ||
|  | 925ad90f91 | ||
|  | 650ae61c43 | ||
|  | 02f3f9704f | ||
|  | da7c3057b4 | ||
|  | 040b45cafa | ||
|  | 8ece310b9f | ||
|  | 96959db3c2 | ||
|  | 6360100611 | ||
|  | b833044cea | ||
|  | 97909830f5 | ||
|  | 8ae2de2f49 | ||
|  | bf7b659e89 | ||
|  | 4e3c7749af | ||
|  | f63441921f | ||
|  | 725ba83606 | ||
|  | 281906c0b5 | ||
|  | 8ed121f43d | ||
|  | 81a9cab2b3 | ||
|  | 8d98a417c5 | ||
|  | 6fa81b179b | ||
|  | 9e169fbb42 | ||
|  | 27f84f880a | ||
|  | 0d9c941b4e | ||
|  | 8865aa9c8c | ||
|  | 6d8c4218f1 | ||
|  | c134a43337 | ||
|  | 780759dc27 | ||
|  | 85128f08f3 | ||
|  | d2f8c1e5f1 | ||
|  | 9c88b9c1e9 | ||
|  | 13fd2ce4e2 | ||
|  | 9979f516d6 | ||
|  | 39a5cd2d6e | ||
|  | 784516283f | ||
|  | ce503232c3 | ||
|  | f2edf9130f | ||
|  | 413ab50fc4 | ||
|  | c1880bd3ff | ||
|  | 0f0a672275 | ||
|  | 06c5f991e7 | ||
|  | babc5b7a38 | ||
|  | b96c996a45 | ||
|  | fb8f2c2f9a | ||
|  | 6794937391 | ||
|  | f022e84979 | ||
|  | fd5ac952cc | ||
|  | 07f60e5c77 | ||
|  | 628b8a7e1f | ||
|  | 30a442807d | ||
|  | 1626c8edd1 | ||
|  | ca6561bf6c | ||
|  | 273a81471d | ||
|  | 8b07a67133 | ||
|  | 32089ea272 | ||
|  | 658acd147c | ||
|  | ca3370a6ac | ||
|  | c4e2557de2 | ||
|  | 6f2b4fdf86 | ||
|  | f302ff71c9 | ||
|  | fee87a44d6 | ||
|  | 8944609b63 | ||
|  | be87c45f27 | ||
|  | 1b1807c79a | ||
|  | a8f4699816 | ||
|  | ac3df6dd77 | ||
|  | 5c67908460 | ||
|  | 7b67ef3015 | ||
|  | e5a3b5ee2f | ||
|  | 5e9ff4d2bf | ||
|  | daa71764b6 | ||
|  | 6a6c2ef192 | ||
|  | 320315956d | ||
|  | 4f10d129c2 | ||
|  | 62eb3fcd85 | ||
|  | ab40e4e2cf | ||
|  | 0bb9450642 | ||
|  | a6e15532b9 | ||
|  | 9a89a8a77e | ||
|  | fe3675dc7a | ||
|  | 5c9acc2bff | ||
|  | c94e937a50 | ||
|  | 3e4e10e644 | ||
|  | ba7bb57ca2 | ||
|  | 14c125150a | ||
|  | 053701a702 | ||
|  | 3fc3e43042 | ||
|  | b0dc68d7d4 | ||
|  | e895baaeb4 | ||
|  | c47f6fdb21 | ||
|  | 9e188e441a | ||
|  | f6efcdf9f9 | ||
|  | b1ceda3af4 | ||
|  | cd3a0684d0 | ||
|  | f25e54c6cb | ||
|  | 66f86cf497 | ||
|  | d260edc547 | ||
|  | ba1e6fa984 | ||
|  | 6b59f36213 | ||
|  | 1894960762 | ||
|  | 83c5c55f32 | ||
|  | fb8c0b9a48 | ||
|  | d34691152c | ||
|  | cea80b482e | ||
|  | c460a8fa5c | ||
|  | 5f852437fe | ||
|  | 8aded1a685 | ||
|  | f2acb9e150 | ||
|  | 6f3a00c9b8 | ||
|  | fbae107c04 | ||
|  | 6c1ae77a2a | ||
|  | 67e8ca6714 | ||
|  | a56d976947 | ||
|  | ac0bb6bee2 | ||
|  | dee67dac75 | ||
|  | 9458cfbd1a | ||
|  | 4b8bdd22b3 | ||
|  | a4c143e2d1 | ||
|  | e91019feb9 | ||
|  | 8a37ec72b7 | ||
|  | c263a33095 | ||
|  | 4b2c0115db | ||
|  | 673f40bd85 | ||
|  | b9f8108cd3 | ||
|  | a16ecf656b | ||
|  | 842cff130b | ||
|  | 346b9b4b79 | ||
|  | 56c317d223 | ||
|  | b7b150a979 | ||
|  | fae848bd1b | ||
|  | a5b8087dc5 | ||
|  | 7aa078e025 | ||
|  | 4b6b276b64 | ||
|  | 0373daae5c | ||
|  | 7f30dd0475 | ||
|  | d2a77c2371 | ||
|  | 104f65b541 | ||
|  | d0fb4b6914 | ||
|  | 42c3272def | ||
|  | 2812889d61 | ||
|  | bd3a13b2a5 | ||
|  | 289d179142 | ||
|  | deca493912 | ||
|  | d16bf7d6c0 | ||
|  | 3f1415dad1 | ||
|  | 3e744b6b2d | ||
|  | 56c4f8a106 | ||
|  | 99ef8bae4c | ||
|  | b7f0343730 | ||
|  | c807b59fb4 | ||
|  | 60fc57431a | ||
|  | d988a3a307 | ||
|  | de763d3fa9 | ||
|  | 21bfb61cc8 | ||
|  | a79adeb280 | ||
|  | 9b7a019222 | ||
|  | e65143d276 | ||
|  | 61bb183eda | ||
|  | f3d3a6db91 | ||
|  | 9ebb443cb7 | ||
|  | fa4c4d0a8d | ||
|  | 3e1518fef6 | ||
|  | e59db84721 | ||
|  | c281b31fc8 | ||
|  | 1c93ca9896 | ||
|  | df5836e573 | ||
|  | 41ef35f0d0 | ||
|  | 5e6ce8643f | ||
|  | f575400bc8 | ||
|  | 6d9a335b0e | ||
|  | f94eb5f318 | ||
|  | 245fa421a2 | ||
|  | 655094a816 | ||
|  | d544650b05 | ||
|  | d9d682585c | ||
|  | 44a202552e | ||
|  | fd6673420b | ||
|  | 0e9cd5db9c | ||
|  | 6da6e6f145 | ||
|  | bdaa7460e4 | ||
|  | d6d1c1ac35 | ||
|  | 67958155fc | ||
|  | 198bd74ec6 | ||
|  | 92eec95dad | ||
|  | b73a034fca | ||
|  | 11b508f021 | ||
|  | c2b5be37f9 | ||
|  | 1a04863a08 | ||
|  | 077d3eb993 | ||
|  | ac38221bdf | ||
|  | 9f146b8fc3 | ||
|  | 9a2d9659a7 | ||
|  | 6faae5350a | ||
|  | 2616709e7f | ||
|  | bed9ff084c | ||
|  | fb3082b0bb | ||
|  | c8439b8429 | ||
|  | 4c3632d3e7 | ||
|  | 24d8cd57da | ||
|  | b7c0a8b0c2 | ||
|  | d6d7b22b1e | ||
|  | 5269c957ce | ||
|  | bf8d2672c8 | ||
|  | 8461acab9b | ||
|  | 731ae43fe8 | ||
|  | 5354c85352 | ||
|  | 22a37bb923 | ||
|  | 07bbece704 | ||
|  | 9af2f50d81 | ||
|  | 7b148f7970 | ||
|  | a1e52d919f | ||
|  | 899b487daa | ||
|  | 86eeb5fc44 | ||
|  | 62a708b416 | ||
|  | a7ce8704b3 | ||
|  | 7319a13077 | ||
|  | 95bd4d93c5 | ||
|  | 69c33f0395 | ||
|  | cd4caea2dc | ||
|  | c9daf19940 | ||
|  | 7c2540b193 | ||
|  | 3e600552dc | ||
|  | 69ee6b1699 | ||
|  | ca1ea042b2 | ||
|  | f26df7d9bb | ||
|  | ba45705571 | ||
|  | bf8ea71c77 | ||
|  | 7deb64a5de | ||
|  | e283865d3d | ||
|  | a32be3e96b | ||
|  | 0cfd6eab3f | ||
|  | c2361f13e6 | ||
|  | bc81de54b9 | ||
|  | 07884bc9b1 | ||
|  | 58c3204187 | ||
|  | 19d3deddd4 | ||
|  | f0233b947e | ||
|  | c6a90a2fd0 | ||
|  | 3607c30d98 | ||
|  | 717105f243 | ||
|  | 2373e4a06d | ||
|  | 4c76803f13 | ||
|  | 6a46e88f8f | ||
|  | e4e94d5be0 | ||
|  | a3b896fa70 | ||
|  | 60347a90e9 | ||
|  | a02d4ec46f | ||
|  | 485bae8f22 | ||
|  | 655477316b | ||
|  | e22f87dee7 | ||
|  | d3337322dd | ||
|  | 6202f4f943 | ||
|  | b42cc9ed3e | ||
|  | fbf72c0f61 | ||
|  | cbd0b0c070 | ||
|  | 874f049323 | ||
|  | 42ab4020e2 | ||
|  | 7ab9683b87 | ||
|  | 865facfd05 | ||
|  | 0951f4a202 | ||
|  | 882ec27969 | ||
|  | a84158c1ff | ||
|  | 161d3ec817 | ||
|  | 5b15249689 | ||
|  | 602fce1c7e | ||
|  | f2f653e345 | ||
|  | b55738bd6e | ||
|  | b39a59ce72 | ||
|  | 9872daf29f | ||
|  | 91044e730b | ||
|  | 656a7dceef | ||
|  | d636502eaa | ||
|  | 389fd158ad | ||
|  | 30fa63b379 | ||
|  | 691063545c | ||
|  | 421934efed | ||
|  | f056b9dc7f | ||
|  | 48d421ba28 | ||
|  | 096b714117 | ||
|  | 0d25dc1aaa | ||
|  | 63d3c2d06f | ||
|  | 5fc704ccad | ||
|  | 61d99561c1 | ||
|  | c26ce2083f | ||
|  | 847d71f72a | ||
|  | 3c35039445 | ||
|  | 1a64d44857 | ||
|  | ba5f0c212c | ||
|  | 4eddb5d7f3 | ||
|  | 3b104710d5 | ||
|  | 74db0004bd | ||
|  | 6e67352a0f | ||
|  | b127f02468 | ||
|  | c9c53d9670 | ||
|  | d36dbb868b | ||
|  | b7fb2cfe92 | ||
|  | d0a0c77556 | ||
|  | 9469b9c78a | ||
|  | e4988f34c7 | ||
|  | 1fe9e24f0a | ||
|  | 9c39de3454 | ||
|  | 9bb68ad4eb | ||
|  | 5bf774bee1 | ||
|  | 99514464fb | ||
|  | 3bf1c1e531 | ||
|  | e2e31094aa | ||
|  | f29ff15167 | ||
|  | 1c64252015 | ||
|  | ead19915f3 | ||
|  | 967e0dd98a | ||
|  | bd0324dba0 | ||
|  | 607fb83a1e | ||
|  | bb5fc58f3a | ||
|  | afbec0aca9 | ||
|  | 1e5d9dfbff | ||
|  | cfcb657cde | ||
|  | 7f243e6f06 | ||
|  | 7e7032c051 | ||
|  | b7b808d98d | ||
|  | a21289bf11 | ||
|  | 4a8d01224a | ||
|  | f0eebc43e3 | ||
|  | 49fbf031d1 | ||
|  | 4060718e5c | ||
|  | 49b0f11ae7 | ||
|  | 9b83d35ef4 | ||
|  | eb20add0c7 | ||
|  | 1f122e9145 | ||
|  | 329d0ecaed | ||
|  | 77a2ee948a | ||
|  | ebeda6345e | ||
|  | e35138ebed | ||
|  | 8ba6c4f7e7 | ||
|  | 6df7b72e08 | ||
|  | fe13b12f43 | ||
|  | ea28da90b2 | ||
|  | b243324c65 | ||
|  | a2dde00f40 | ||
|  | 5ff07faa7e | ||
|  | 272c652847 | ||
|  | 3964bbf3fe | ||
|  | 11175aaa5f | ||
|  | 7fcc4a7ef0 | ||
|  | 5abb9458c7 | ||
|  | 0ca5587a6f | ||
|  | d29650882b | ||
|  | 9c3a7b02ec | ||
|  | ef3a073af5 | ||
|  | 15c4857a4b | ||
|  | 63a71afbc8 | ||
|  | 64761ee9c6 | ||
|  | d6c344b5ec | ||
|  | d27826d10e | ||
|  | 4ac52a0e25 | ||
|  | efa841d75a | ||
|  | d1fac583ea | ||
|  | 8cb44c7b97 | ||
|  | f2293a9dda | ||
|  | da0d1d4a2f | ||
|  | 6a8d5e2166 | ||
|  | d732665a23 | ||
|  | e0748c9bc7 | ||
|  | 23573543a3 | ||
|  | bfb328238e | ||
|  | 64cc4f57d6 | ||
|  | 7a3c91c6a4 | ||
|  | 508bc62852 | ||
|  | 59e8446d47 | ||
|  | d13596d2f7 | ||
|  | 9adccfa341 | ||
|  | 5cc3b53378 | ||
|  | b62b0a2fb7 | ||
|  | 1faac4edf2 | ||
|  | 4c60dce169 | ||
|  | 771f31f44d | ||
|  | 8bedb95e1d | ||
|  | ac4be08df2 | ||
|  | 0d6e058e23 | ||
|  | bee2ceb667 | ||
|  | 6af13d4f40 | ||
|  | 9dd0ebd899 | ||
|  | 6e97bfa717 | ||
|  | 07b69f41eb | ||
|  | 6bd2ac7d6d | ||
|  | 528e5ef3bc | ||
|  | bc1c50ac92 | ||
|  | 8c2ab42b75 | ||
|  | 62053d15d4 | ||
|  | 6fed642aba | ||
|  | 72ac549a58 | ||
|  | 9f38617135 | ||
|  | 94eec805df | ||
|  | 05a940e732 | ||
|  | 1c43cc2181 | ||
|  | 657ee73ff1 | ||
|  | 4ee5d993cf | ||
|  | 70a445e2d7 | ||
|  | 2115da210d | ||
|  | 540554c4f6 | ||
|  | 1337c50d28 | ||
|  | c5ceb3b2b1 | ||
|  | 57fc1d8f08 | ||
|  | 1518ecd1e9 | ||
|  | 6be0343918 | ||
|  | cf8812c932 | ||
|  | 5bc3e474a9 | ||
|  | 13eaa346bc | ||
|  | d7437cc4a7 | ||
|  | ddb3c6590c | ||
|  | 89d6773bda | ||
|  | 3651b9484f | ||
|  | 2200c950b7 | ||
|  | 14f84f01b5 | ||
|  | cb014027bb | ||
|  | 32e5155783 | ||
|  | a3159ad59e | ||
|  | 60a40197f1 | ||
|  | 7d693a4271 | ||
|  | f192748bf9 | ||
|  | 96f401cba6 | ||
|  | ffd2430160 | ||
|  | 190cd2d6bb | ||
|  | 7ba58bdbd3 | ||
|  | 08ab62108f | ||
|  | 1028de8158 | ||
|  | 301499dc52 | ||
|  | 5c2f13ed8e | ||
|  | e30ad81f69 | ||
|  | 21f36f535f | ||
|  | c14236823a | ||
|  | 551a9fe1c6 | ||
|  | e3399e1035 | ||
|  | c413b4af3f | ||
|  | dbf5dec23b | ||
|  | 10f0eb17d7 | ||
|  | e3b680c351 | ||
|  | 0df0545777 | ||
|  | 165bfc9f5f | ||
|  | 5830bd73b9 | ||
|  | 3c4ce839b9 | ||
|  | ac9f052309 | ||
|  | 049e424957 | ||
|  | 07e78aec48 | ||
|  | 3fec135fe5 | ||
|  | 867fe1322b | ||
|  | 95208a50a7 | ||
|  | 514b13fcc2 | ||
|  | 4cbc1f5bbe | ||
|  | 64de36cdf2 | ||
|  | 093b48ad7b | ||
|  | 05f6a55a0b | ||
|  | 2523424f68 | ||
|  | b81325d7bf | ||
|  | 3e10b7b2b1 | ||
|  | e5cb750015 | ||
|  | 28f72086ec | ||
|  | a6b9bd7b01 | ||
|  | 2c5eac9dad | ||
|  | 87f61b8527 | ||
|  | 74bfe490c6 | ||
|  | 015167f34d | ||
|  | 4bafc7ff1a | ||
|  | bf8beb50b4 | ||
|  | e5034a34f5 | ||
|  | a561605653 | ||
|  | e8596c1554 | ||
|  | ab67481e99 | ||
|  | 1b611e67c8 | ||
|  | c5aa2b9f77 | ||
|  | cff6c4d1f5 | ||
|  | 077cf75ef2 | ||
|  | ff1770204c | ||
|  | b9a95840e0 | ||
|  | 2d7576c57e | ||
|  | 251aac716a | ||
|  | 6694a42270 | ||
|  | f78a4c6ad1 | ||
|  | 83fad8bcda | ||
|  | f539e813aa | ||
|  | 5d65166777 | ||
|  | 70346138a7 | ||
|  | d68656559c | ||
|  | 01660b5b80 | ||
|  | 74010acd85 | ||
|  | 7c7d255172 | ||
|  | 058f1e9835 | ||
|  | b4fc629ec0 | ||
|  | ae06b2da75 | ||
|  | 54d423a11f | ||
|  | 5da6c97a00 | ||
|  | bf2f13443f | ||
|  | 9ce4c3fe2f | ||
|  | 4a07bf666d | ||
|  | 5be46b4b20 | ||
|  | 7fd825b76b | ||
|  | b23d59dec7 | ||
|  | 492d450d26 | ||
|  | 04412f3624 | ||
|  | c41057b28a | ||
|  | 8312bc0100 | ||
|  | 85ac43bc5e | ||
|  | d1a0780c7a | ||
|  | f9b8d76527 | ||
|  | 26f00eeae4 | ||
|  | 1bc2df2178 | ||
|  | 8dfbcef198 | ||
|  | 6690b7735d | ||
|  | a9e7222e5e | ||
|  | f8edeb2775 | ||
|  | d1786fe159 | ||
|  | 157a12fb7c | ||
|  | 3f723b1638 | ||
|  | e2e9835d01 | ||
|  | 7599617b67 | ||
|  | 18a5b11033 | ||
|  | fff31b0f34 | ||
|  | c02e30663a | ||
|  | 4c6527cafc | ||
|  | 55bddb12e5 | ||
|  | d95861e1fb | ||
|  | 94754a5cb3 | ||
|  | 546f862236 | ||
|  | f105e29e56 | ||
|  | 5c15993d06 | ||
|  | a369ea1080 | ||
|  | 98068c0f57 | ||
|  | e0ef8683a2 | ||
|  | 66412a75f9 | ||
|  | 84d8fb0899 | ||
|  | c631537dbe | ||
|  | 8d2f49541c | ||
|  | 55a28e3437 | ||
|  | 67ea2d01c8 | ||
|  | dab229e37c | ||
|  | 7084473330 | ||
|  | dd2e335fae | ||
|  | 1ff87bbc12 | ||
|  | 2ebfdcf0c9 | ||
|  | 8ab161a3ee | ||
|  | e74b9617be | ||
|  | c3d88c83e3 | ||
|  | 3e912a7474 | ||
|  | 0d726a1d83 | ||
|  | affabf065e | ||
|  | e6ea77d263 | ||
|  | df73c2a458 | ||
|  | 96c5c79aef | ||
|  | 64922f07ff | ||
|  | bae21f3210 | ||
|  | 0702a4e58e | ||
|  | 31f1d304d6 | ||
|  | 291a74c295 | ||
|  | c0e9d1eb2f | ||
|  | a7cabdde3a | ||
|  | 3af560c2d0 | ||
|  | 1d23d5c761 | ||
|  | 995db12f22 | ||
|  | 4c60bfb66b | ||
|  | 1716747047 | ||
|  | 090b4d0388 | ||
|  | a9f068daa8 | ||
|  | f5ee91aeb3 | ||
|  | e2ee2cbf2d | ||
|  | dcf8364899 | ||
|  | b783602786 | ||
|  | 005e64eb9f | ||
|  | e9e5d293cc | ||
|  | a57255350f | ||
|  | 781442bf1e | ||
|  | 604bd2c576 | ||
|  | d9e1e1bbb7 | ||
|  | 907e9e182d | ||
|  | 0f238a5021 | ||
|  | 8d432bd60a | ||
|  | fd932c7678 | ||
|  | 46a9f5cb96 | ||
|  | f990d3f674 | ||
|  | 4a6de8deee | ||
|  | 9a7a216b23 | ||
|  | fccaaaae4d | ||
|  | a882b0be82 | ||
|  | db7bbab768 | ||
|  | 030e553549 | ||
|  | 8b0ca8e367 | ||
|  | 83b2b07200 | ||
|  | bdb591af9e | ||
|  | 2993a08777 | ||
|  | 2a2d3d57ec | ||
|  | 33c2c131c2 | ||
|  | e4286c96a7 | ||
|  | 2d9486b6fd | ||
|  | 632ee2d0bd | ||
|  | b09f201819 | ||
|  | baaf39c23d | ||
|  | b7467c10e8 | ||
|  | 701ef18606 | ||
|  | 3e7d2b216b | ||
|  | 41f16c20b6 | ||
|  | 96bc0b53c3 | ||
|  | b80baa78ef | ||
|  | ce88e0745d | ||
|  | 256bd2336f | ||
|  | 1b6993ee70 | ||
|  | af319b4729 | ||
|  | 1a15b4f18d | ||
|  | 3ddd3b49fd | ||
|  | e2c4b32311 | ||
|  | 8fb2821343 | ||
|  | 93f29734b7 | ||
|  | 569d2b0dce | ||
|  | b7e1e4fd9e | ||
|  | a1cebb889c | ||
|  | f040de5788 | ||
|  | e869c76e63 | ||
|  | 6f298ada61 | ||
|  | 26a8e234fa | ||
|  | 43b5720532 | ||
|  | a25f196ceb | ||
|  | f9e15a4470 | ||
|  | 447cf12629 | ||
|  | bb0f4bfa62 | ||
|  | bf036cbb88 | ||
|  | 8a9495de18 | ||
|  | 3e9614879a | ||
|  | 0057c793ee | ||
|  | ea5bdab374 | ||
|  | 0e96ad62bb | ||
|  | aa26f3908b | ||
|  | d3f90647f5 | ||
|  | 7d6c6129f2 | ||
|  | 0bc12f3bdf | ||
|  | 13767d13d6 | ||
|  | a215958cec | ||
|  | 288086c78d | ||
|  | 31aa9c9644 | ||
|  | ddbfdf6f6e | ||
|  | 43c7063538 | ||
|  | 3f089fb239 | ||
|  | 2d0f7d5126 | ||
|  | 06272d3d2c | ||
|  | 3885c0ad6d | ||
|  | 099ec00155 | ||
|  | 92fcae9c54 | ||
|  | 22e8961c80 | ||
|  | 4d5adefa41 | ||
|  | feaa0e51bd | ||
|  | af83cb57d0 | ||
|  | 8b4f3507c3 | ||
|  | bda3dba369 | ||
|  | beb313af40 | ||
|  | 4fad9d672f | ||
|  | 0fca64929e | ||
|  | 9e476e5b24 | ||
|  | 0819a265f5 | ||
|  | ad8eac4f07 | ||
|  | b49de0e23e | ||
|  | efbd024da9 | ||
|  | e7ddcb91fc | ||
|  | 3095cff7d9 | ||
|  | 6d8f5aa3a7 | ||
|  | 27a06850ff | ||
|  | dce6423c85 | ||
|  | d79fcbf447 | ||
|  | 631d9ae4eb | ||
|  | 0ac349ba67 | ||
|  | 1b0563a4a6 | ||
|  | 1db2a29d49 | ||
|  | 14e62a0830 | ||
|  | 2280a61c2b | ||
|  | f3e6f64c0c | ||
|  | d04b7a0d88 | ||
|  | 71dfd5d8f8 | ||
|  | 133d66c2fe | ||
|  | 6f1d38a0e2 | ||
|  | aad9ecde6b | ||
|  | ae9324295c | ||
|  | 0acec1105b | ||
|  | 5a9a716ca6 | ||
|  | 418899d425 | ||
|  | e7379e3683 | ||
|  | 29bebcc73e | ||
|  | 26064b20b8 | ||
|  | 3dc9b20543 | ||
|  | 444dbd5160 | ||
|  | c2f99e253c | ||
|  | 5c7fb7b698 | ||
|  | 733d7d9583 | ||
|  | 6d2f532806 | ||
|  | f76c9226c8 | ||
|  | ecbc41b622 | ||
|  | 4f60d3e7df | ||
|  | 7d86fd223e | ||
|  | e3ed216a70 | ||
|  | 2a3d792591 | ||
|  | 4d754275ab | ||
|  | 44e5f0957c | ||
|  | 83ef426b93 | ||
|  | 8b8f5fac69 | ||
|  | 424ccce43c | ||
|  | ad41cc985d | ||
|  | 981d5a199f | ||
|  | 48f2bb4cd8 | ||
|  | aa270925e9 | ||
|  | 3836f7c40a | ||
|  | 9fcd32c2ca | ||
|  | 2657bcf30c | ||
|  | 86ad7d6238 | ||
|  | c97e6ada5b | ||
|  | cd40ca7f0a | ||
|  | e2ac3b4880 | ||
|  | 7f8b185e48 | ||
|  | e923db7e94 | ||
|  | e53d9fa3eb | ||
|  | 411734f392 | ||
|  | a457a40359 | ||
|  | caa183c8de | ||
|  | 0ea5014edb | ||
|  | 046cb0b76e | ||
|  | 9fd480cf77 | 
							
								
								
									
										12
									
								
								.babelrc
									
									
									
									
									
								
							
							
						
						
									
										12
									
								
								.babelrc
									
									
									
									
									
								
							| @@ -1,12 +0,0 @@ | ||||
| { | ||||
|   "presets": [ | ||||
|     ["env", { | ||||
|       "targets": { | ||||
|         "browsers": ["Chrome >= 65"] | ||||
|       }, | ||||
|       "debug": false, | ||||
|       "modules": false, | ||||
|       "useBuiltIns": "usage" | ||||
|     }] | ||||
|   ] | ||||
| } | ||||
							
								
								
									
										55
									
								
								.github/ISSUE_TEMPLATE/bug_report.md
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										55
									
								
								.github/ISSUE_TEMPLATE/bug_report.md
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,55 @@ | ||||
| --- | ||||
| name: Bug report | ||||
| about: Create a report to help us improve | ||||
| title: '' | ||||
| labels: bug | ||||
| assignees: '' | ||||
|  | ||||
| --- | ||||
| <!-- | ||||
|   | ||||
| Are you in the right place? | ||||
| - If you are looking for support on how to get your upstream server forwarding, please consider asking the community on Reddit. | ||||
| - If you are writing code changes to contribute and need to ask about the internals of the software, Gitter is the best place to ask. | ||||
| - If you think you found a bug with NPM (not Nginx, or your upstream server or MySql) then you are in the *right place.* | ||||
|  | ||||
| --> | ||||
|  | ||||
| **Checklist** | ||||
| - Have you pulled and found the error with `jc21/nginx-proxy-manager:latest` docker image? | ||||
|   - Yes / No | ||||
| - Are you sure you're not using someone else's docker image? | ||||
|   - Yes / No | ||||
| - Have you searched for similar issues (both open and closed)? | ||||
|   - Yes / No | ||||
|  | ||||
| **Describe the bug** | ||||
| <!-- A clear and concise description of what the bug is. --> | ||||
|  | ||||
|  | ||||
| **Nginx Proxy Manager Version** | ||||
| <!-- What version of Nginx Proxy Manager is reported on the login page? --> | ||||
|  | ||||
|  | ||||
| **To Reproduce** | ||||
| Steps to reproduce the behavior: | ||||
| 1. Go to '...' | ||||
| 2. Click on '....' | ||||
| 3. Scroll down to '....' | ||||
| 4. See error | ||||
|  | ||||
|  | ||||
| **Expected behavior** | ||||
| <!-- A clear and concise description of what you expected to happen. --> | ||||
|  | ||||
|  | ||||
| **Screenshots** | ||||
| <!-- If applicable, add screenshots to help explain your problem. --> | ||||
|  | ||||
|  | ||||
| **Operating System** | ||||
| <!-- Please specify if using a Rpi, Mac, orchestration tool or any other setups that might affect the reproduction of this error. --> | ||||
|  | ||||
|  | ||||
| **Additional context** | ||||
| <!-- Add any other context about the problem here, docker version, browser version, logs if applicable to the problem. Too much info is better than too little. --> | ||||
							
								
								
									
										18
									
								
								.github/ISSUE_TEMPLATE/dns_challenge_request.md
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										18
									
								
								.github/ISSUE_TEMPLATE/dns_challenge_request.md
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,18 @@ | ||||
| --- | ||||
| name: DNS challenge provider request | ||||
| about: Suggest a new provider to be available for a certificate DNS challenge | ||||
| title: '' | ||||
| labels: dns provider request | ||||
| assignees: '' | ||||
|  | ||||
| --- | ||||
|  | ||||
| **What provider would you like to see added to NPM?** | ||||
| <!-- What is this provider called? --> | ||||
|  | ||||
|  | ||||
| **Have you checked if a certbot plugin exists?** | ||||
| <!--  | ||||
| Currently NPM only supports DNS challenge providers for which a certbot plugin exists.  | ||||
| You can visit pypi.org, and search for a package with the name `certbot-dns-<privider>`. | ||||
| --> | ||||
							
								
								
									
										32
									
								
								.github/ISSUE_TEMPLATE/feature_request.md
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										32
									
								
								.github/ISSUE_TEMPLATE/feature_request.md
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,32 @@ | ||||
| --- | ||||
| name: Feature request | ||||
| about: Suggest an idea for this project | ||||
| title: '' | ||||
| labels: enhancement | ||||
| assignees: '' | ||||
|  | ||||
| --- | ||||
|  | ||||
| <!-- | ||||
|  | ||||
| Are you in the right place? | ||||
| - If you are looking for support on how to get your upstream server forwarding, please consider asking the community on Reddit. | ||||
| - If you are writing code changes to contribute and need to ask about the internals of the software, Gitter is the best place to ask. | ||||
| - If you think you found a bug with NPM (not Nginx, or your upstream server or MySql) then you are in the *right place.* | ||||
|  | ||||
| --> | ||||
|  | ||||
| **Is your feature request related to a problem? Please describe.** | ||||
| <!-- A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] --> | ||||
|  | ||||
|  | ||||
| **Describe the solution you'd like** | ||||
| <!-- A clear and concise description of what you want to happen. --> | ||||
|  | ||||
|  | ||||
| **Describe alternatives you've considered** | ||||
| <!-- A clear and concise description of any alternative solutions or features you've considered. --> | ||||
|  | ||||
|  | ||||
| **Additional context** | ||||
| <!-- Add any other context or screenshots about the feature request here. --> | ||||
							
								
								
									
										21
									
								
								.github/workflows/stale.yml
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										21
									
								
								.github/workflows/stale.yml
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,21 @@ | ||||
| name: 'Close stale issues and PRs' | ||||
| on: | ||||
|   schedule: | ||||
|     - cron: '30 1 * * *' | ||||
|   workflow_dispatch: | ||||
|  | ||||
| jobs: | ||||
|   stale: | ||||
|     runs-on: ubuntu-latest | ||||
|     steps: | ||||
|       - uses: actions/stale@v9 | ||||
|         with: | ||||
|           stale-issue-label: 'stale' | ||||
|           stale-pr-label: 'stale' | ||||
|           stale-issue-message: 'Issue is now considered stale. If you want to keep it open, please comment :+1:' | ||||
|           stale-pr-message: 'PR is now considered stale. If you want to keep it open, please comment :+1:' | ||||
|           close-issue-message: 'Issue was closed due to inactivity.' | ||||
|           close-pr-message: 'PR was closed due to inactivity.' | ||||
|           days-before-stale: 182 | ||||
|           days-before-close: 365 | ||||
|           operations-per-run: 50 | ||||
							
								
								
									
										17
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										17
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							| @@ -1,14 +1,9 @@ | ||||
| .DS_Store | ||||
| .idea | ||||
| ._* | ||||
| node_modules | ||||
| core* | ||||
| config/development.json | ||||
| dist | ||||
| webpack_stats.html | ||||
| data/* | ||||
| yarn-error.log | ||||
| yarn.lock | ||||
| tmp | ||||
| certbot.log | ||||
|  | ||||
| .vscode | ||||
| certbot-help.txt | ||||
| test/node_modules | ||||
| */node_modules | ||||
| docker/dev/dnsrouter-config.json.tmp | ||||
| docker/dev/resolv.conf | ||||
|   | ||||
							
								
								
									
										39
									
								
								Dockerfile
									
									
									
									
									
								
							
							
						
						
									
										39
									
								
								Dockerfile
									
									
									
									
									
								
							| @@ -1,39 +0,0 @@ | ||||
| FROM jc21/nginx-proxy-manager-base:latest | ||||
|  | ||||
| MAINTAINER Jamie Curnow <jc@jc21.com> | ||||
| LABEL maintainer="Jamie Curnow <jc@jc21.com>" | ||||
|  | ||||
| ENV SUPPRESS_NO_CONFIG_WARNING=1 | ||||
| ENV S6_FIX_ATTRS_HIDDEN=1 | ||||
| RUN echo "fs.file-max = 65535" > /etc/sysctl.conf | ||||
|  | ||||
| # Nginx, Node and required packages should already be installed from the base image | ||||
|  | ||||
| # root filesystem | ||||
| COPY rootfs / | ||||
|  | ||||
| # s6 overlay | ||||
| RUN curl -L -o /tmp/s6-overlay-amd64.tar.gz "https://github.com/just-containers/s6-overlay/releases/download/v1.21.4.0/s6-overlay-amd64.tar.gz" \ | ||||
|     && tar xzf /tmp/s6-overlay-amd64.tar.gz -C / | ||||
|  | ||||
| # App | ||||
| ENV NODE_ENV=production | ||||
|  | ||||
| ADD dist                /app/dist | ||||
| ADD node_modules        /app/node_modules | ||||
| ADD src/backend         /app/src/backend | ||||
| ADD package.json        /app/package.json | ||||
| ADD knexfile.js         /app/knexfile.js | ||||
|  | ||||
| # Volumes | ||||
| VOLUME [ "/data", "/etc/letsencrypt" ] | ||||
| CMD [ "/init" ] | ||||
|  | ||||
| # Ports | ||||
| EXPOSE 80 | ||||
| EXPOSE 81 | ||||
| EXPOSE 443 | ||||
| EXPOSE 9876 | ||||
|  | ||||
| HEALTHCHECK --interval=15s --timeout=3s CMD curl -f http://localhost:9876/health || exit 1 | ||||
|  | ||||
| @@ -1,38 +0,0 @@ | ||||
| FROM jc21/nginx-proxy-manager-base:armhf | ||||
|  | ||||
| MAINTAINER Jamie Curnow <jc@jc21.com> | ||||
| LABEL maintainer="Jamie Curnow <jc@jc21.com>" | ||||
|  | ||||
| ENV SUPPRESS_NO_CONFIG_WARNING=1 | ||||
| ENV S6_FIX_ATTRS_HIDDEN=1 | ||||
| RUN echo "fs.file-max = 65535" > /etc/sysctl.conf | ||||
|  | ||||
| # Nginx, Node and required packages should already be installed from the base image | ||||
|  | ||||
| # root filesystem | ||||
| COPY rootfs / | ||||
|  | ||||
| # s6 overlay | ||||
| RUN curl -L -o /tmp/s6-overlay-armhf.tar.gz "https://github.com/just-containers/s6-overlay/releases/download/v1.21.4.0/s6-overlay-armhf.tar.gz" \ | ||||
|     && tar xzf /tmp/s6-overlay-armhf.tar.gz -C / | ||||
|  | ||||
| # App | ||||
| ENV NODE_ENV=production | ||||
|  | ||||
| ADD dist                /app/dist | ||||
| ADD node_modules        /app/node_modules | ||||
| ADD src/backend         /app/src/backend | ||||
| ADD package.json        /app/package.json | ||||
| ADD knexfile.js         /app/knexfile.js | ||||
|  | ||||
| # Volumes | ||||
| VOLUME [ "/data", "/etc/letsencrypt" ] | ||||
| CMD [ "/init" ] | ||||
|  | ||||
| # Ports | ||||
| EXPOSE 80 | ||||
| EXPOSE 81 | ||||
| EXPOSE 443 | ||||
| EXPOSE 9876 | ||||
|  | ||||
| HEALTHCHECK --interval=15s --timeout=3s CMD curl -f http://localhost:9876/health || exit 1 | ||||
							
								
								
									
										393
									
								
								Jenkinsfile
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										393
									
								
								Jenkinsfile
									
									
									
									
										vendored
									
									
								
							| @@ -1,124 +1,285 @@ | ||||
| import groovy.transform.Field | ||||
|  | ||||
| @Field | ||||
| def shOutput = "" | ||||
| def buildxPushTags = "" | ||||
|  | ||||
| pipeline { | ||||
|   options { | ||||
|     buildDiscarder(logRotator(numToKeepStr: '10')) | ||||
|     disableConcurrentBuilds() | ||||
|   } | ||||
|   agent any | ||||
|   environment { | ||||
|     IMAGE_NAME          = "nginx-proxy-manager" | ||||
|     BASE_IMAGE_NAME     = "jc21/nginx-proxy-manager-base:v2" | ||||
|     TEMP_IMAGE_NAME     = "nginx-proxy-manager-build_${BUILD_NUMBER}" | ||||
|     TEMP_IMAGE_NAME_ARM = "nginx-proxy-manager-arm-build_${BUILD_NUMBER}" | ||||
|     TAG_VERSION         = getPackageVersion() | ||||
|     MAJOR_VERSION       = "2" | ||||
|   } | ||||
|   stages { | ||||
|     stage('Prepare') { | ||||
|       steps { | ||||
|         sh 'docker pull $DOCKER_CI_TOOLS' | ||||
|       } | ||||
|     } | ||||
|     stage('Build') { | ||||
|       parallel { | ||||
|         stage('x86_64') { | ||||
|           when { | ||||
|             branch 'master' | ||||
|           } | ||||
|           steps { | ||||
|             ansiColor('xterm') { | ||||
|               // Codebase | ||||
|               sh 'docker run --rm -v $(pwd):/app -w /app $BASE_IMAGE_NAME yarn install' | ||||
|               sh 'docker run --rm -v $(pwd):/app -w /app $BASE_IMAGE_NAME npm run-script build' | ||||
|               sh 'rm -rf node_modules' | ||||
|               sh 'docker run --rm -v $(pwd):/app -w /app $BASE_IMAGE_NAME yarn install --prod' | ||||
|               sh 'docker run --rm -v $(pwd):/data $DOCKER_CI_TOOLS node-prune' | ||||
| 	agent { | ||||
| 		label 'docker-multiarch' | ||||
| 	} | ||||
| 	options { | ||||
| 		buildDiscarder(logRotator(numToKeepStr: '5')) | ||||
| 		disableConcurrentBuilds() | ||||
| 		ansiColor('xterm') | ||||
| 	} | ||||
| 	environment { | ||||
| 		IMAGE                      = 'nginx-proxy-manager' | ||||
| 		BUILD_VERSION              = getVersion() | ||||
| 		MAJOR_VERSION              = '2' | ||||
| 		BRANCH_LOWER               = "${BRANCH_NAME.toLowerCase().replaceAll('\\\\', '-').replaceAll('/', '-').replaceAll('\\.', '-')}" | ||||
| 		BUILDX_NAME                = "npm_${BRANCH_LOWER}_${BUILD_NUMBER}" | ||||
| 		COMPOSE_INTERACTIVE_NO_CLI = 1 | ||||
| 	} | ||||
| 	stages { | ||||
| 		stage('Environment') { | ||||
| 			parallel { | ||||
| 				stage('Master') { | ||||
| 					when { | ||||
| 						branch 'master' | ||||
| 					} | ||||
| 					steps { | ||||
| 						script { | ||||
| 							buildxPushTags = "-t docker.io/jc21/${IMAGE}:${BUILD_VERSION} -t docker.io/jc21/${IMAGE}:${MAJOR_VERSION} -t docker.io/jc21/${IMAGE}:latest" | ||||
| 						} | ||||
| 					} | ||||
| 				} | ||||
| 				stage('Other') { | ||||
| 					when { | ||||
| 						not { | ||||
| 							branch 'master' | ||||
| 						} | ||||
| 					} | ||||
| 					steps { | ||||
| 						script { | ||||
| 							// Defaults to the Branch name, which is applies to all branches AND pr's | ||||
| 							buildxPushTags = "-t docker.io/nginxproxymanager/${IMAGE}-dev:${BRANCH_LOWER}" | ||||
| 						} | ||||
| 					} | ||||
| 				} | ||||
| 				stage('Versions') { | ||||
| 					steps { | ||||
| 						sh 'cat frontend/package.json | jq --arg BUILD_VERSION "${BUILD_VERSION}" \'.version = $BUILD_VERSION\' | sponge frontend/package.json' | ||||
| 						sh 'echo -e "\\E[1;36mFrontend Version is:\\E[1;33m $(cat frontend/package.json | jq -r .version)\\E[0m"' | ||||
| 						sh 'cat backend/package.json | jq --arg BUILD_VERSION "${BUILD_VERSION}" \'.version = $BUILD_VERSION\' | sponge backend/package.json' | ||||
| 						sh 'echo -e "\\E[1;36mBackend Version is:\\E[1;33m  $(cat backend/package.json | jq -r .version)\\E[0m"' | ||||
| 						sh 'sed -i -E "s/(version-)[0-9]+\\.[0-9]+\\.[0-9]+(-green)/\\1${BUILD_VERSION}\\2/" README.md' | ||||
| 					} | ||||
| 				} | ||||
| 				stage('Docker Login') { | ||||
| 					steps { | ||||
| 						withCredentials([usernamePassword(credentialsId: 'jc21-dockerhub', passwordVariable: 'dpass', usernameVariable: 'duser')]) { | ||||
| 							sh 'docker login -u "${duser}" -p "${dpass}"' | ||||
| 						} | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 		stage('Builds') { | ||||
| 			parallel { | ||||
| 				stage('Project') { | ||||
| 					steps { | ||||
| 						script { | ||||
| 							// Frontend and Backend | ||||
| 							def shStatusCode = sh(label: 'Checking and Building', returnStatus: true, script: ''' | ||||
| 								set -e | ||||
| 								./scripts/ci/frontend-build > ${WORKSPACE}/tmp-sh-build 2>&1 | ||||
| 								./scripts/ci/test-and-build > ${WORKSPACE}/tmp-sh-build 2>&1 | ||||
| 							''') | ||||
| 							shOutput = readFile "${env.WORKSPACE}/tmp-sh-build" | ||||
| 							if (shStatusCode != 0) { | ||||
| 								error "${shOutput}" | ||||
| 							} | ||||
| 						} | ||||
| 					} | ||||
| 					post { | ||||
| 						always { | ||||
| 							sh 'rm -f ${WORKSPACE}/tmp-sh-build' | ||||
| 						} | ||||
| 						failure { | ||||
| 							npmGithubPrComment("CI Error:\n\n```\n${shOutput}\n```", true) | ||||
| 						} | ||||
| 					} | ||||
| 				} | ||||
| 				stage('Docs') { | ||||
| 					steps { | ||||
| 						dir(path: 'docs') { | ||||
| 							sh 'yarn install' | ||||
| 							sh 'yarn build' | ||||
| 						} | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 		stage('Test Sqlite') { | ||||
| 			environment { | ||||
| 				COMPOSE_PROJECT_NAME = "npm_${BRANCH_LOWER}_${BUILD_NUMBER}_sqlite" | ||||
| 				COMPOSE_FILE         = 'docker/docker-compose.ci.yml:docker/docker-compose.ci.sqlite.yml' | ||||
| 			} | ||||
| 			when { | ||||
| 				not { | ||||
| 					equals expected: 'UNSTABLE', actual: currentBuild.result | ||||
| 				} | ||||
| 			} | ||||
| 			steps { | ||||
| 				sh 'rm -rf ./test/results/junit/*' | ||||
| 				sh './scripts/ci/fulltest-cypress' | ||||
| 			} | ||||
| 			post { | ||||
| 				always { | ||||
| 					// Dumps to analyze later | ||||
| 					sh 'mkdir -p debug/sqlite' | ||||
| 					sh 'docker logs $(docker-compose ps --all -q fullstack) > debug/sqlite/docker_fullstack.log 2>&1' | ||||
| 					sh 'docker logs $(docker-compose ps --all -q stepca) > debug/sqlite/docker_stepca.log 2>&1' | ||||
| 					sh 'docker logs $(docker-compose ps --all -q pdns) > debug/sqlite/docker_pdns.log 2>&1' | ||||
| 					sh 'docker logs $(docker-compose ps --all -q pdns-db) > debug/sqlite/docker_pdns-db.log 2>&1' | ||||
| 					sh 'docker logs $(docker-compose ps --all -q dnsrouter) > debug/sqlite/docker_dnsrouter.log 2>&1' | ||||
| 					junit 'test/results/junit/*' | ||||
| 					sh 'docker-compose down --remove-orphans --volumes -t 30 || true' | ||||
| 				} | ||||
| 				unstable { | ||||
| 					dir(path: 'test/results') { | ||||
| 						archiveArtifacts(allowEmptyArchive: true, artifacts: '**/*', excludes: '**/*.xml') | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 		stage('Test Mysql') { | ||||
| 			environment { | ||||
| 				COMPOSE_PROJECT_NAME = "npm_${BRANCH_LOWER}_${BUILD_NUMBER}_mysql" | ||||
| 				COMPOSE_FILE         = 'docker/docker-compose.ci.yml:docker/docker-compose.ci.mysql.yml' | ||||
| 			} | ||||
| 			when { | ||||
| 				not { | ||||
| 					equals expected: 'UNSTABLE', actual: currentBuild.result | ||||
| 				} | ||||
| 			} | ||||
| 			steps { | ||||
| 				sh 'rm -rf ./test/results/junit/*' | ||||
| 				sh './scripts/ci/fulltest-cypress' | ||||
| 			} | ||||
| 			post { | ||||
| 				always { | ||||
| 					// Dumps to analyze later | ||||
| 					sh 'mkdir -p debug/mysql' | ||||
| 					sh 'docker logs $(docker-compose ps --all -q fullstack) > debug/mysql/docker_fullstack.log 2>&1' | ||||
| 					sh 'docker logs $(docker-compose ps --all -q stepca) > debug/mysql/docker_stepca.log 2>&1' | ||||
| 					sh 'docker logs $(docker-compose ps --all -q pdns) > debug/mysql/docker_pdns.log 2>&1' | ||||
| 					sh 'docker logs $(docker-compose ps --all -q pdns-db) > debug/mysql/docker_pdns-db.log 2>&1' | ||||
| 					sh 'docker logs $(docker-compose ps --all -q dnsrouter) > debug/mysql/docker_dnsrouter.log 2>&1' | ||||
| 					junit 'test/results/junit/*' | ||||
| 					sh 'docker-compose down --remove-orphans --volumes -t 30 || true' | ||||
| 				} | ||||
| 				unstable { | ||||
| 					dir(path: 'test/results') { | ||||
| 						archiveArtifacts(allowEmptyArchive: true, artifacts: '**/*', excludes: '**/*.xml') | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 		stage('Test Postgres') { | ||||
| 			environment { | ||||
| 				COMPOSE_PROJECT_NAME = "npm_${BRANCH_LOWER}_${BUILD_NUMBER}_postgres" | ||||
| 				COMPOSE_FILE         = 'docker/docker-compose.ci.yml:docker/docker-compose.ci.postgres.yml' | ||||
| 			} | ||||
| 			when { | ||||
| 				not { | ||||
| 					equals expected: 'UNSTABLE', actual: currentBuild.result | ||||
| 				} | ||||
| 			} | ||||
| 			steps { | ||||
| 				sh 'rm -rf ./test/results/junit/*' | ||||
| 				sh './scripts/ci/fulltest-cypress' | ||||
| 			} | ||||
| 			post { | ||||
| 				always { | ||||
| 					// Dumps to analyze later | ||||
| 					sh 'mkdir -p debug/postgres' | ||||
| 					sh 'docker logs $(docker-compose ps --all -q fullstack) > debug/postgres/docker_fullstack.log 2>&1' | ||||
| 					sh 'docker logs $(docker-compose ps --all -q stepca) > debug/postgres/docker_stepca.log 2>&1' | ||||
| 					sh 'docker logs $(docker-compose ps --all -q pdns) > debug/postgres/docker_pdns.log 2>&1' | ||||
| 					sh 'docker logs $(docker-compose ps --all -q pdns-db) > debug/postgres/docker_pdns-db.log 2>&1' | ||||
| 					sh 'docker logs $(docker-compose ps --all -q dnsrouter) > debug/postgres/docker_dnsrouter.log 2>&1' | ||||
| 					sh 'docker logs $(docker-compose ps --all -q db-postgres) > debug/postgres/docker_db-postgres.log 2>&1' | ||||
| 					sh 'docker logs $(docker-compose ps --all -q authentik) > debug/postgres/docker_authentik.log 2>&1' | ||||
| 					sh 'docker logs $(docker-compose ps --all -q authentik-redis) > debug/postgres/docker_authentik-redis.log 2>&1' | ||||
| 					sh 'docker logs $(docker-compose ps --all -q authentik-ldap) > debug/postgres/docker_authentik-ldap.log 2>&1' | ||||
|  | ||||
|               // Docker Build | ||||
|               sh 'docker build --pull --no-cache --squash --compress -t $TEMP_IMAGE_NAME .' | ||||
| 					junit 'test/results/junit/*' | ||||
| 					sh 'docker-compose down --remove-orphans --volumes -t 30 || true' | ||||
| 				} | ||||
| 				unstable { | ||||
| 					dir(path: 'test/results') { | ||||
| 						archiveArtifacts(allowEmptyArchive: true, artifacts: '**/*', excludes: '**/*.xml') | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 		stage('MultiArch Build') { | ||||
| 			when { | ||||
| 				not { | ||||
| 					equals expected: 'UNSTABLE', actual: currentBuild.result | ||||
| 				} | ||||
| 			} | ||||
| 			steps { | ||||
| 				sh "./scripts/buildx --push ${buildxPushTags}" | ||||
| 			} | ||||
| 		} | ||||
| 		stage('Docs / Comment') { | ||||
| 			parallel { | ||||
| 				stage('Docs Job') { | ||||
| 					when { | ||||
| 						allOf { | ||||
| 							branch pattern: "^(develop|master)\$", comparator: "REGEXP" | ||||
| 							not { | ||||
| 								equals expected: 'UNSTABLE', actual: currentBuild.result | ||||
| 							} | ||||
| 						} | ||||
| 					} | ||||
| 					steps { | ||||
| 						build wait: false, job: 'nginx-proxy-manager-docs', parameters: [string(name: 'docs_branch', value: "$BRANCH_NAME")] | ||||
| 					} | ||||
| 				} | ||||
| 				stage('PR Comment') { | ||||
| 					when { | ||||
| 						allOf { | ||||
| 							changeRequest() | ||||
| 							not { | ||||
| 								equals expected: 'UNSTABLE', actual: currentBuild.result | ||||
| 							} | ||||
| 						} | ||||
| 					} | ||||
| 					steps { | ||||
| 						script { | ||||
| 							npmGithubPrComment("""Docker Image for build ${BUILD_NUMBER} is available on [DockerHub](https://cloud.docker.com/repository/docker/nginxproxymanager/${IMAGE}-dev): | ||||
| ``` | ||||
| nginxproxymanager/${IMAGE}-dev:${BRANCH_LOWER} | ||||
| ``` | ||||
|  | ||||
|               // Private Registry | ||||
|               sh 'docker tag $TEMP_IMAGE_NAME $DOCKER_PRIVATE_REGISTRY/$IMAGE_NAME:$TAG_VERSION' | ||||
|               sh 'docker push $DOCKER_PRIVATE_REGISTRY/$IMAGE_NAME:$TAG_VERSION' | ||||
|               sh 'docker tag $TEMP_IMAGE_NAME $DOCKER_PRIVATE_REGISTRY/$IMAGE_NAME:$MAJOR_VERSION' | ||||
|               sh 'docker push $DOCKER_PRIVATE_REGISTRY/$IMAGE_NAME:$MAJOR_VERSION' | ||||
|               sh 'docker tag $TEMP_IMAGE_NAME $DOCKER_PRIVATE_REGISTRY/$IMAGE_NAME:latest' | ||||
|               sh 'docker push $DOCKER_PRIVATE_REGISTRY/$IMAGE_NAME:latest' | ||||
| > [!NOTE] | ||||
| > Ensure you backup your NPM instance before testing this image! Especially if there are database changes. | ||||
| > This is a different docker image namespace than the official image. | ||||
|  | ||||
|               // Dockerhub | ||||
|               sh 'docker tag $TEMP_IMAGE_NAME docker.io/jc21/$IMAGE_NAME:$TAG_VERSION' | ||||
|               sh 'docker tag $TEMP_IMAGE_NAME docker.io/jc21/$IMAGE_NAME:$MAJOR_VERSION' | ||||
|               sh 'docker tag $TEMP_IMAGE_NAME docker.io/jc21/$IMAGE_NAME:latest' | ||||
|  | ||||
|               withCredentials([usernamePassword(credentialsId: 'jc21-dockerhub', passwordVariable: 'dpass', usernameVariable: 'duser')]) { | ||||
|                 sh "docker login -u '${duser}' -p '$dpass'" | ||||
|                 sh 'docker push docker.io/jc21/$IMAGE_NAME:$TAG_VERSION' | ||||
|                 sh 'docker push docker.io/jc21/$IMAGE_NAME:$MAJOR_VERSION' | ||||
|                 sh 'docker push docker.io/jc21/$IMAGE_NAME:latest' | ||||
|               } | ||||
|  | ||||
|               sh 'docker rmi $TEMP_IMAGE_NAME' | ||||
|             } | ||||
|           } | ||||
|         } | ||||
|         stage('armhf') { | ||||
|           when { | ||||
|             branch 'master' | ||||
|           } | ||||
|           agent { | ||||
|             label 'armhf' | ||||
|           } | ||||
|           steps { | ||||
|             ansiColor('xterm') { | ||||
|               // Codebase | ||||
|               sh 'docker run --rm -v $(pwd):/app -w /app $BASE_IMAGE_NAME-armhf yarn install' | ||||
|               sh 'docker run --rm -v $(pwd):/app -w /app $BASE_IMAGE_NAME-armhf npm run-script build' | ||||
|               sh 'rm -rf node_modules' | ||||
|               sh 'docker run --rm -v $(pwd):/app -w /app $BASE_IMAGE_NAME-armhf yarn install --prod' | ||||
|  | ||||
|               // Docker Build | ||||
|               sh 'docker build --pull --no-cache --squash --compress -t $TEMP_IMAGE_NAME_ARM -f Dockerfile.armhf .' | ||||
|  | ||||
|               // Private Registry | ||||
|               sh 'docker tag $TEMP_IMAGE_NAME_ARM $DOCKER_PRIVATE_REGISTRY/$IMAGE_NAME:$TAG_VERSION-armhf' | ||||
|               sh 'docker push $DOCKER_PRIVATE_REGISTRY/$IMAGE_NAME:$TAG_VERSION-armhf' | ||||
|               sh 'docker tag $TEMP_IMAGE_NAME_ARM $DOCKER_PRIVATE_REGISTRY/$IMAGE_NAME:$MAJOR_VERSION-armhf' | ||||
|               sh 'docker push $DOCKER_PRIVATE_REGISTRY/$IMAGE_NAME:$MAJOR_VERSION-armhf' | ||||
|               sh 'docker tag $TEMP_IMAGE_NAME_ARM $DOCKER_PRIVATE_REGISTRY/$IMAGE_NAME:latest-armhf' | ||||
|               sh 'docker push $DOCKER_PRIVATE_REGISTRY/$IMAGE_NAME:latest-armhf' | ||||
|  | ||||
|               // Dockerhub | ||||
|               sh 'docker tag $TEMP_IMAGE_NAME_ARM docker.io/jc21/$IMAGE_NAME:$TAG_VERSION-armhf' | ||||
|               sh 'docker tag $TEMP_IMAGE_NAME_ARM docker.io/jc21/$IMAGE_NAME:$MAJOR_VERSION-armhf' | ||||
|               sh 'docker tag $TEMP_IMAGE_NAME_ARM docker.io/jc21/$IMAGE_NAME:latest-armhf' | ||||
|  | ||||
|               withCredentials([usernamePassword(credentialsId: 'jc21-dockerhub', passwordVariable: 'dpass', usernameVariable: 'duser')]) { | ||||
|                 sh "docker login -u '${duser}' -p '$dpass'" | ||||
|                 sh 'docker push docker.io/jc21/$IMAGE_NAME:$TAG_VERSION-armhf' | ||||
|                 sh 'docker push docker.io/jc21/$IMAGE_NAME:$MAJOR_VERSION-armhf' | ||||
|                 sh 'docker push docker.io/jc21/$IMAGE_NAME:latest-armhf' | ||||
|               } | ||||
|  | ||||
|               sh 'docker rmi $TEMP_IMAGE_NAME_ARM' | ||||
|             } | ||||
|           } | ||||
|         } | ||||
|       } | ||||
|     } | ||||
|   } | ||||
|   post { | ||||
|     success { | ||||
|       juxtapose event: 'success' | ||||
|       sh 'figlet "SUCCESS"' | ||||
|     } | ||||
|     failure { | ||||
|       juxtapose event: 'failure' | ||||
|       sh 'figlet "FAILURE"' | ||||
|     } | ||||
|   } | ||||
| > [!WARNING] | ||||
| > Changes and additions to DNS Providers require verification by at least 2 members of the community! | ||||
| """, true) | ||||
| 						} | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	} | ||||
| 	post { | ||||
| 		always { | ||||
| 			sh 'echo Reverting ownership' | ||||
| 			sh 'docker run --rm -v "$(pwd):/data" jc21/ci-tools chown -R "$(id -u):$(id -g)" /data' | ||||
| 			printResult(true) | ||||
| 		} | ||||
| 		failure { | ||||
| 			archiveArtifacts(artifacts: 'debug/**/*.*', allowEmptyArchive: true) | ||||
| 		} | ||||
| 		unstable { | ||||
| 			archiveArtifacts(artifacts: 'debug/**/*.*', allowEmptyArchive: true) | ||||
| 		} | ||||
| 	} | ||||
| } | ||||
|  | ||||
| def getPackageVersion() { | ||||
|   ver = sh(script: 'docker run --rm -v $(pwd):/data $DOCKER_CI_TOOLS bash -c "cat /data/package.json|jq -r \'.version\'"', returnStdout: true) | ||||
|   return ver.trim() | ||||
| def getVersion() { | ||||
| 	ver = sh(script: 'cat .version', returnStdout: true) | ||||
| 	return ver.trim() | ||||
| } | ||||
|  | ||||
| def getCommit() { | ||||
| 	ver = sh(script: 'git log -n 1 --format=%h', returnStdout: true) | ||||
| 	return ver.trim() | ||||
| } | ||||
|   | ||||
							
								
								
									
										135
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										135
									
								
								README.md
									
									
									
									
									
								
							| @@ -1,20 +1,31 @@ | ||||
|  | ||||
|  | ||||
| # Nginx Proxy Manager | ||||
|  | ||||
|  | ||||
|  | ||||
|  | ||||
| <p align="center"> | ||||
| 	<img src="https://nginxproxymanager.com/github.png"> | ||||
| 	<br><br> | ||||
| 	<img src="https://img.shields.io/badge/version-2.12.6-green.svg?style=for-the-badge"> | ||||
| 	<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager"> | ||||
| 		<img src="https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge"> | ||||
| 	</a> | ||||
| 	<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager"> | ||||
| 		<img src="https://img.shields.io/docker/pulls/jc21/nginx-proxy-manager.svg?style=for-the-badge"> | ||||
| 	</a> | ||||
| </p> | ||||
|  | ||||
| This project comes as a pre-built docker image that enables you to easily forward to your websites | ||||
| running at home or otherwise, including free SSL, without having to know too much about Nginx or Letsencrypt. | ||||
|  | ||||
| ---------- | ||||
| - [Quick Setup](#quick-setup) | ||||
| - [Full Setup](https://nginxproxymanager.com/setup/) | ||||
| - [Screenshots](https://nginxproxymanager.com/screenshots/) | ||||
|  | ||||
| **WARNING: Version 2 a complete rewrite!** If you are using the `latest` docker tag and update to version 2 | ||||
| without preparation, horrible things might happen. Refer to the [Importing Documentation](doc/IMPORTING.md).  | ||||
| ## Project Goal | ||||
|  | ||||
| I created this project to fill a personal need to provide users with an easy way to accomplish reverse | ||||
| proxying hosts with SSL termination and it had to be so easy that a monkey could do it. This goal hasn't changed. | ||||
| While there might be advanced options they are optional and the project should be as simple as possible | ||||
| so that the barrier for entry here is low. | ||||
|  | ||||
| <a href="https://www.buymeacoffee.com/jc21" target="_blank"><img src="http://public.jc21.com/github/by-me-a-coffee.png" alt="Buy Me A Coffee" style="height: 51px !important;width: 217px !important;" ></a> | ||||
|  | ||||
| ---------- | ||||
|  | ||||
| ## Features | ||||
|  | ||||
| @@ -26,64 +37,58 @@ without preparation, horrible things might happen. Refer to the [Importing Docum | ||||
| - User management, permissions and audit log | ||||
|  | ||||
|  | ||||
| ## Screenshots | ||||
| ## Hosting your home network | ||||
|  | ||||
| [](https://public.jc21.com/nginx-proxy-manager/v2/large/login.jpg) | ||||
| [](https://public.jc21.com/nginx-proxy-manager/v2/large/dashboard.jpg) | ||||
| [](https://public.jc21.com/nginx-proxy-manager/v2/large/proxy-hosts.jpg) | ||||
| [](https://public.jc21.com/nginx-proxy-manager/v2/large/proxy-hosts-new1.jpg) | ||||
| [](https://public.jc21.com/nginx-proxy-manager/v2/large/proxy-hosts-new2.jpg) | ||||
| [](https://public.jc21.com/nginx-proxy-manager/v2/large/redirection-hosts.jpg) | ||||
| [](https://public.jc21.com/nginx-proxy-manager/v2/large/redirection-hosts-new1.jpg) | ||||
| [](https://public.jc21.com/nginx-proxy-manager/v2/large/streams.jpg) | ||||
| [](https://public.jc21.com/nginx-proxy-manager/v2/large/streams-new1.jpg) | ||||
| [](https://public.jc21.com/nginx-proxy-manager/v2/large/dead-hosts.jpg) | ||||
| [](https://public.jc21.com/nginx-proxy-manager/v2/large/dead-hosts-new1.jpg) | ||||
| [](https://public.jc21.com/nginx-proxy-manager/v2/large/certificates.jpg) | ||||
| [](https://public.jc21.com/nginx-proxy-manager/v2/large/certificates-new1.jpg) | ||||
| [](https://public.jc21.com/nginx-proxy-manager/v2/large/certificates-new2.jpg) | ||||
| [](https://public.jc21.com/nginx-proxy-manager/v2/large/access-lists.jpg) | ||||
| [](https://public.jc21.com/nginx-proxy-manager/v2/large/access-lists-new1.jpg) | ||||
| [](https://public.jc21.com/nginx-proxy-manager/v2/large/users.jpg) | ||||
| [](https://public.jc21.com/nginx-proxy-manager/v2/large/users-permissions.jpg) | ||||
| [](https://public.jc21.com/nginx-proxy-manager/v2/large/audit-log.jpg) | ||||
| I won't go in to too much detail here but here are the basics for someone new to this self-hosted world. | ||||
|  | ||||
| 1. Your home router will have a Port Forwarding section somewhere. Log in and find it | ||||
| 2. Add port forwarding for port 80 and 443 to the server hosting this project | ||||
| 3. Configure your domain name details to point to your home, either with a static ip or a service like DuckDNS or [Amazon Route53](https://github.com/jc21/route53-ddns) | ||||
| 4. Use the Nginx Proxy Manager as your gateway to forward to your other web based services | ||||
|  | ||||
| ## Getting started | ||||
| ## Quick Setup | ||||
|  | ||||
| Please consult the [installation instructions](doc/INSTALL.md) for a complete guide or | ||||
| if you just want to get up and running in the quickest time possible, grab all the files in the `doc/example/` folder and run `docker-compose up -d`  | ||||
| 1. Install Docker and Docker-Compose | ||||
|  | ||||
| - [Docker Install documentation](https://docs.docker.com/install/) | ||||
| - [Docker-Compose Install documentation](https://docs.docker.com/compose/install/) | ||||
|  | ||||
| ## Importing from Version 1? | ||||
| 2. Create a docker-compose.yml file similar to this: | ||||
|  | ||||
| Here's a [guide for you to migrate your configuration](doc/IMPORTING.md). You should definitely read the [installation instructions](doc/INSTALL.md) first though. | ||||
| ```yml | ||||
| services: | ||||
|   app: | ||||
|     image: 'docker.io/jc21/nginx-proxy-manager:latest' | ||||
|     restart: unless-stopped | ||||
|     ports: | ||||
|       - '80:80' | ||||
|       - '81:81' | ||||
|       - '443:443' | ||||
|     volumes: | ||||
|       - ./data:/data | ||||
|       - ./letsencrypt:/etc/letsencrypt | ||||
| ``` | ||||
|  | ||||
| **Why should I?** | ||||
| This is the bare minimum configuration required. See the [documentation](https://nginxproxymanager.com/setup/) for more. | ||||
|  | ||||
| Version 2 has the following improvements: | ||||
| 3. Bring up your stack by running | ||||
|  | ||||
| - Management security and multiple user access | ||||
| - User permissions and visibility | ||||
| - Custom SSL certificate support | ||||
| - Audit log of changes | ||||
| - Broken nginx config detection | ||||
| - Multiple domains in Let's Encrypt certificates | ||||
| - Wildcard domain name support (not available with a Let's Encrypt certificate though) | ||||
| - It's super sexy | ||||
| ```bash | ||||
| docker-compose up -d | ||||
|  | ||||
| # If using docker-compose-plugin | ||||
| docker compose up -d | ||||
|  | ||||
| ## Administration | ||||
| ``` | ||||
|  | ||||
| 4. Log in to the Admin UI | ||||
|  | ||||
| When your docker container is running, connect to it on port `81` for the admin interface. | ||||
| Sometimes this can take a little bit because of the entropy of keys. | ||||
|  | ||||
| [http://localhost:81](http://localhost:81) | ||||
|  | ||||
| Note: Requesting SSL Certificates won't work until this project is accessible from the outside world, as explained below. | ||||
|  | ||||
|  | ||||
| ### Default Administrator User | ||||
| [http://127.0.0.1:81](http://127.0.0.1:81) | ||||
|  | ||||
| Default Admin User: | ||||
| ``` | ||||
| Email:    admin@example.com | ||||
| Password: changeme | ||||
| @@ -92,12 +97,24 @@ Password: changeme | ||||
| Immediately after logging in with this default user you will be asked to modify your details and change your password. | ||||
|  | ||||
|  | ||||
| ## Hosting your home network | ||||
| ## Contributing | ||||
|  | ||||
| I won't go in to too much detail here but here are the basics for someone new to this self-hosted world. | ||||
| All are welcome to create pull requests for this project, against the `develop` branch. Official releases are created from the `master` branch. | ||||
|  | ||||
| 1. Your home router will have a Port Forwarding section somewhere. Log in and find it | ||||
| 2. Add port forwarding for port 80 and 443 to the server hosting this project | ||||
| 3. Configure your domain name details to point to your home, either with a static ip or a service like DuckDNS | ||||
| 4. Use the Nginx Proxy Manager here as your gateway to forward to your other web based services | ||||
| CI is used in this project. All PR's must pass before being considered. After passing, | ||||
| docker builds for PR's are available on dockerhub for manual verifications. | ||||
|  | ||||
| Documentation within the `develop` branch is available for preview at | ||||
| [https://develop.nginxproxymanager.com](https://develop.nginxproxymanager.com) | ||||
|  | ||||
|  | ||||
| ### Contributors | ||||
|  | ||||
| Special thanks to [all of our contributors](https://github.com/NginxProxyManager/nginx-proxy-manager/graphs/contributors). | ||||
|  | ||||
|  | ||||
| ## Getting Support | ||||
|  | ||||
| 1. [Found a bug?](https://github.com/NginxProxyManager/nginx-proxy-manager/issues) | ||||
| 2. [Discussions](https://github.com/NginxProxyManager/nginx-proxy-manager/discussions) | ||||
| 3. [Reddit](https://reddit.com/r/nginxproxymanager) | ||||
|   | ||||
							
								
								
									
										17
									
								
								TODO.md
									
									
									
									
									
								
							
							
						
						
									
										17
									
								
								TODO.md
									
									
									
									
									
								
							| @@ -1,17 +0,0 @@ | ||||
| # TODO  | ||||
|  | ||||
| - Dashboard stats are caching instead of querying | ||||
|  | ||||
| Next version: | ||||
|  | ||||
| - UI Log tail | ||||
| - Enable/Disable a config | ||||
|  | ||||
| Testing: | ||||
|  | ||||
| - Access Levels | ||||
|   - Adding a proxy host without access to read certs or access lists  | ||||
| - Visibility | ||||
| - Forwarding | ||||
| - Cert renewals | ||||
| - Custom certs | ||||
							
								
								
									
										73
									
								
								backend/.eslintrc.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										73
									
								
								backend/.eslintrc.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,73 @@ | ||||
| { | ||||
| 	"env": { | ||||
| 		"node": true, | ||||
| 		"es6": true | ||||
| 	}, | ||||
| 	"extends": [ | ||||
| 		"eslint:recommended" | ||||
| 	], | ||||
| 	"globals": { | ||||
| 		"Atomics": "readonly", | ||||
| 		"SharedArrayBuffer": "readonly" | ||||
| 	}, | ||||
| 	"parserOptions": { | ||||
| 		"ecmaVersion": 2018, | ||||
| 		"sourceType": "module" | ||||
| 	}, | ||||
| 	"plugins": [ | ||||
| 		"align-assignments" | ||||
| 	], | ||||
| 	"rules": { | ||||
| 		"arrow-parens": [ | ||||
| 			"error", | ||||
| 			"always" | ||||
| 		], | ||||
| 		"indent": [ | ||||
| 			"error", | ||||
| 			"tab" | ||||
| 		], | ||||
| 		"linebreak-style": [ | ||||
| 			"error", | ||||
| 			"unix" | ||||
| 		], | ||||
| 		"quotes": [ | ||||
| 			"error", | ||||
| 			"single" | ||||
| 		], | ||||
| 		"semi": [ | ||||
| 			"error", | ||||
| 			"always" | ||||
| 		], | ||||
| 		"key-spacing": [ | ||||
| 			"error", | ||||
| 			{ | ||||
| 				"align": "value" | ||||
| 			} | ||||
| 		], | ||||
| 		"comma-spacing": [ | ||||
| 			"error", | ||||
| 			{ | ||||
| 				"before": false, | ||||
| 				"after": true | ||||
| 			} | ||||
| 		], | ||||
| 		"func-call-spacing": [ | ||||
| 			"error", | ||||
| 			"never" | ||||
| 		], | ||||
| 		"keyword-spacing": [ | ||||
| 			"error", | ||||
| 			{ | ||||
| 				"before": true | ||||
| 			} | ||||
| 		], | ||||
| 		"no-irregular-whitespace": "error", | ||||
| 		"no-unused-expressions": 0, | ||||
| 		"align-assignments/align-assignments": [ | ||||
| 			2, | ||||
| 			{ | ||||
| 				"requiresOnly": false | ||||
| 			} | ||||
| 		] | ||||
| 	} | ||||
| } | ||||
							
								
								
									
										8
									
								
								backend/.gitignore
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										8
									
								
								backend/.gitignore
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,8 @@ | ||||
| config/development.json | ||||
| data/* | ||||
| yarn-error.log | ||||
| tmp | ||||
| certbot.log | ||||
| node_modules | ||||
| core.* | ||||
|  | ||||
							
								
								
									
										11
									
								
								backend/.prettierrc
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										11
									
								
								backend/.prettierrc
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,11 @@ | ||||
| { | ||||
| 	"printWidth": 320, | ||||
| 	"tabWidth": 4, | ||||
| 	"useTabs": true, | ||||
| 	"semi": true, | ||||
| 	"singleQuote": true, | ||||
| 	"bracketSpacing": true, | ||||
| 	"jsxBracketSameLine": true, | ||||
| 	"trailingComma": "all", | ||||
| 	"proseWrap": "always" | ||||
| } | ||||
							
								
								
									
										90
									
								
								backend/app.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										90
									
								
								backend/app.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,90 @@ | ||||
| const express     = require('express'); | ||||
| const bodyParser  = require('body-parser'); | ||||
| const fileUpload  = require('express-fileupload'); | ||||
| const compression = require('compression'); | ||||
| const config      = require('./lib/config'); | ||||
| const log         = require('./logger').express; | ||||
|  | ||||
| /** | ||||
|  * App | ||||
|  */ | ||||
| const app = express(); | ||||
| app.use(fileUpload()); | ||||
| app.use(bodyParser.json()); | ||||
| app.use(bodyParser.urlencoded({extended: true})); | ||||
|  | ||||
| // Gzip | ||||
| app.use(compression()); | ||||
|  | ||||
| /** | ||||
|  * General Logging, BEFORE routes | ||||
|  */ | ||||
|  | ||||
| app.disable('x-powered-by'); | ||||
| app.enable('trust proxy', ['loopback', 'linklocal', 'uniquelocal']); | ||||
| app.enable('strict routing'); | ||||
|  | ||||
| // pretty print JSON when not live | ||||
| if (config.debug()) { | ||||
| 	app.set('json spaces', 2); | ||||
| } | ||||
|  | ||||
| // CORS for everything | ||||
| app.use(require('./lib/express/cors')); | ||||
|  | ||||
| // General security/cache related headers + server header | ||||
| app.use(function (req, res, next) { | ||||
| 	let x_frame_options = 'DENY'; | ||||
|  | ||||
| 	if (typeof process.env.X_FRAME_OPTIONS !== 'undefined' && process.env.X_FRAME_OPTIONS) { | ||||
| 		x_frame_options = process.env.X_FRAME_OPTIONS; | ||||
| 	} | ||||
|  | ||||
| 	res.set({ | ||||
| 		'X-XSS-Protection':       '1; mode=block', | ||||
| 		'X-Content-Type-Options': 'nosniff', | ||||
| 		'X-Frame-Options':        x_frame_options, | ||||
| 		'Cache-Control':          'no-cache, no-store, max-age=0, must-revalidate', | ||||
| 		Pragma:                   'no-cache', | ||||
| 		Expires:                  0 | ||||
| 	}); | ||||
| 	next(); | ||||
| }); | ||||
|  | ||||
| app.use(require('./lib/express/jwt')()); | ||||
| app.use('/', require('./routes/main')); | ||||
|  | ||||
| // production error handler | ||||
| // no stacktraces leaked to user | ||||
| // eslint-disable-next-line | ||||
| app.use(function (err, req, res, next) { | ||||
|  | ||||
| 	let payload = { | ||||
| 		error: { | ||||
| 			code:    err.status, | ||||
| 			message: err.public ? err.message : 'Internal Error' | ||||
| 		} | ||||
| 	}; | ||||
|  | ||||
| 	if (config.debug() || (req.baseUrl + req.path).includes('nginx/certificates')) { | ||||
| 		payload.debug = { | ||||
| 			stack:    typeof err.stack !== 'undefined' && err.stack ? err.stack.split('\n') : null, | ||||
| 			previous: err.previous | ||||
| 		}; | ||||
| 	} | ||||
|  | ||||
| 	// Not every error is worth logging - but this is good for now until it gets annoying. | ||||
| 	if (typeof err.stack !== 'undefined' && err.stack) { | ||||
| 		if (config.debug()) { | ||||
| 			log.debug(err.stack); | ||||
| 		} else if (typeof err.public == 'undefined' || !err.public) { | ||||
| 			log.warn(err.message); | ||||
| 		} | ||||
| 	} | ||||
|  | ||||
| 	res | ||||
| 		.status(err.status || 500) | ||||
| 		.send(payload); | ||||
| }); | ||||
|  | ||||
| module.exports = app; | ||||
| @@ -1,6 +1,6 @@ | ||||
| { | ||||
|   "database": { | ||||
|     "engine": "mysql", | ||||
|     "engine": "mysql2", | ||||
|     "host": "db", | ||||
|     "name": "npm", | ||||
|     "user": "npm", | ||||
							
								
								
									
										26
									
								
								backend/config/sqlite-test-db.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										26
									
								
								backend/config/sqlite-test-db.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,26 @@ | ||||
| { | ||||
|   "database": { | ||||
|       "engine": "knex-native", | ||||
|       "knex": { | ||||
|         "client": "sqlite3", | ||||
|         "connection": { | ||||
|           "filename": "/app/config/mydb.sqlite" | ||||
|         }, | ||||
|         "pool": { | ||||
|           "min": 0, | ||||
|           "max": 1, | ||||
|           "createTimeoutMillis": 3000, | ||||
|           "acquireTimeoutMillis": 30000, | ||||
|           "idleTimeoutMillis": 30000, | ||||
|           "reapIntervalMillis": 1000, | ||||
|           "createRetryIntervalMillis": 100, | ||||
|           "propagateCreateError": false | ||||
|         }, | ||||
|         "migrations": { | ||||
|           "tableName": "migrations", | ||||
|           "stub": "src/backend/lib/migrate_template.js", | ||||
|           "directory": "src/backend/migrations" | ||||
|         } | ||||
|       } | ||||
|     } | ||||
| } | ||||
							
								
								
									
										27
									
								
								backend/db.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										27
									
								
								backend/db.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,27 @@ | ||||
| const config = require('./lib/config'); | ||||
|  | ||||
| if (!config.has('database')) { | ||||
| 	throw new Error('Database config does not exist! Please read the instructions: https://nginxproxymanager.com/setup/'); | ||||
| } | ||||
|  | ||||
| function generateDbConfig() { | ||||
| 	const cfg = config.get('database'); | ||||
| 	if (cfg.engine === 'knex-native') { | ||||
| 		return cfg.knex; | ||||
| 	} | ||||
| 	return { | ||||
| 		client:     cfg.engine, | ||||
| 		connection: { | ||||
| 			host:     cfg.host, | ||||
| 			user:     cfg.user, | ||||
| 			password: cfg.password, | ||||
| 			database: cfg.name, | ||||
| 			port:     cfg.port | ||||
| 		}, | ||||
| 		migrations: { | ||||
| 			tableName: 'migrations' | ||||
| 		} | ||||
| 	}; | ||||
| } | ||||
|  | ||||
| module.exports = require('knex')(generateDbConfig()); | ||||
							
								
								
									
										56
									
								
								backend/index.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										56
									
								
								backend/index.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,56 @@ | ||||
| #!/usr/bin/env node | ||||
|  | ||||
| const schema = require('./schema'); | ||||
| const logger = require('./logger').global; | ||||
|  | ||||
| const IP_RANGES_FETCH_ENABLED = process.env.IP_RANGES_FETCH_ENABLED !== 'false'; | ||||
|  | ||||
| async function appStart () { | ||||
| 	const migrate             = require('./migrate'); | ||||
| 	const setup               = require('./setup'); | ||||
| 	const app                 = require('./app'); | ||||
| 	const internalCertificate = require('./internal/certificate'); | ||||
| 	const internalIpRanges    = require('./internal/ip_ranges'); | ||||
|  | ||||
| 	return migrate.latest() | ||||
| 		.then(setup) | ||||
| 		.then(schema.getCompiledSchema) | ||||
| 		.then(() => { | ||||
| 			if (IP_RANGES_FETCH_ENABLED) { | ||||
| 				logger.info('IP Ranges fetch is enabled'); | ||||
| 				return internalIpRanges.fetch().catch((err) => { | ||||
| 					logger.error('IP Ranges fetch failed, continuing anyway:', err.message); | ||||
| 				}); | ||||
| 			} else { | ||||
| 				logger.info('IP Ranges fetch is disabled by environment variable'); | ||||
| 			} | ||||
| 		}) | ||||
| 		.then(() => { | ||||
| 			internalCertificate.initTimer(); | ||||
| 			internalIpRanges.initTimer(); | ||||
|  | ||||
| 			const server = app.listen(3000, () => { | ||||
| 				logger.info('Backend PID ' + process.pid + ' listening on port 3000 ...'); | ||||
|  | ||||
| 				process.on('SIGTERM', () => { | ||||
| 					logger.info('PID ' + process.pid + ' received SIGTERM'); | ||||
| 					server.close(() => { | ||||
| 						logger.info('Stopping.'); | ||||
| 						process.exit(0); | ||||
| 					}); | ||||
| 				}); | ||||
| 			}); | ||||
| 		}) | ||||
| 		.catch((err) => { | ||||
| 			logger.error(err.message, err); | ||||
| 			setTimeout(appStart, 1000); | ||||
| 		}); | ||||
| } | ||||
|  | ||||
| try { | ||||
| 	appStart(); | ||||
| } catch (err) { | ||||
| 	logger.error(err.message, err); | ||||
| 	process.exit(1); | ||||
| } | ||||
|  | ||||
							
								
								
									
										540
									
								
								backend/internal/access-list.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										540
									
								
								backend/internal/access-list.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,540 @@ | ||||
| const _                     = require('lodash'); | ||||
| const fs                    = require('node:fs'); | ||||
| const batchflow             = require('batchflow'); | ||||
| const logger                = require('../logger').access; | ||||
| const error                 = require('../lib/error'); | ||||
| const utils                 = require('../lib/utils'); | ||||
| const accessListModel       = require('../models/access_list'); | ||||
| const accessListAuthModel   = require('../models/access_list_auth'); | ||||
| const accessListClientModel = require('../models/access_list_client'); | ||||
| const proxyHostModel        = require('../models/proxy_host'); | ||||
| const internalAuditLog      = require('./audit-log'); | ||||
| const internalNginx         = require('./nginx'); | ||||
|  | ||||
| function omissions () { | ||||
| 	return ['is_deleted']; | ||||
| } | ||||
|  | ||||
| const internalAccessList = { | ||||
|  | ||||
| 	/** | ||||
| 	 * @param   {Access}  access | ||||
| 	 * @param   {Object}  data | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	create: (access, data) => { | ||||
| 		return access.can('access_lists:create', data) | ||||
| 			.then((/*access_data*/) => { | ||||
| 				return accessListModel | ||||
| 					.query() | ||||
| 					.insertAndFetch({ | ||||
| 						name:          data.name, | ||||
| 						satisfy_any:   data.satisfy_any, | ||||
| 						pass_auth:     data.pass_auth, | ||||
| 						owner_user_id: access.token.getUserId(1) | ||||
| 					}) | ||||
| 					.then(utils.omitRow(omissions())); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				data.id = row.id; | ||||
|  | ||||
| 				const promises = []; | ||||
|  | ||||
| 				// Now add the items | ||||
| 				data.items.map((item) => { | ||||
| 					promises.push(accessListAuthModel | ||||
| 						.query() | ||||
| 						.insert({ | ||||
| 							access_list_id: row.id, | ||||
| 							username:       item.username, | ||||
| 							password:       item.password | ||||
| 						}) | ||||
| 					); | ||||
| 				}); | ||||
|  | ||||
| 				// Now add the clients | ||||
| 				if (typeof data.clients !== 'undefined' && data.clients) { | ||||
| 					data.clients.map((client) => { | ||||
| 						promises.push(accessListClientModel | ||||
| 							.query() | ||||
| 							.insert({ | ||||
| 								access_list_id: row.id, | ||||
| 								address:        client.address, | ||||
| 								directive:      client.directive | ||||
| 							}) | ||||
| 						); | ||||
| 					}); | ||||
| 				} | ||||
|  | ||||
| 				return Promise.all(promises); | ||||
| 			}) | ||||
| 			.then(() => { | ||||
| 				// re-fetch with expansions | ||||
| 				return internalAccessList.get(access, { | ||||
| 					id:     data.id, | ||||
| 					expand: ['owner', 'items', 'clients', 'proxy_hosts.access_list.[clients,items]'] | ||||
| 				}, true /* <- skip masking */); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				// Audit log | ||||
| 				data.meta = _.assign({}, data.meta || {}, row.meta); | ||||
|  | ||||
| 				return internalAccessList.build(row) | ||||
| 					.then(() => { | ||||
| 						if (parseInt(row.proxy_host_count, 10)) { | ||||
| 							return internalNginx.bulkGenerateConfigs('proxy_host', row.proxy_hosts); | ||||
| 						} | ||||
| 					}) | ||||
| 					.then(() => { | ||||
| 						// Add to audit log | ||||
| 						return internalAuditLog.add(access, { | ||||
| 							action:      'created', | ||||
| 							object_type: 'access-list', | ||||
| 							object_id:   row.id, | ||||
| 							meta:        internalAccessList.maskItems(data) | ||||
| 						}); | ||||
| 					}) | ||||
| 					.then(() => { | ||||
| 						return internalAccessList.maskItems(row); | ||||
| 					}); | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param  {Access}  access | ||||
| 	 * @param  {Object}  data | ||||
| 	 * @param  {Integer} data.id | ||||
| 	 * @param  {String}  [data.name] | ||||
| 	 * @param  {String}  [data.items] | ||||
| 	 * @return {Promise} | ||||
| 	 */ | ||||
| 	update: (access, data) => { | ||||
| 		return access.can('access_lists:update', data.id) | ||||
| 			.then((/*access_data*/) => { | ||||
| 				return internalAccessList.get(access, {id: data.id}); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				if (row.id !== data.id) { | ||||
| 					// Sanity check that something crazy hasn't happened | ||||
| 					throw new error.InternalValidationError(`Access List could not be updated, IDs do not match: ${row.id} !== ${data.id}`); | ||||
| 				} | ||||
| 			}) | ||||
| 			.then(() => { | ||||
| 				// patch name if specified | ||||
| 				if (typeof data.name !== 'undefined' && data.name) { | ||||
| 					return accessListModel | ||||
| 						.query() | ||||
| 						.where({id: data.id}) | ||||
| 						.patch({ | ||||
| 							name:        data.name, | ||||
| 							satisfy_any: data.satisfy_any, | ||||
| 							pass_auth:   data.pass_auth, | ||||
| 						}); | ||||
| 				} | ||||
| 			}) | ||||
| 			.then(() => { | ||||
| 				// Check for items and add/update/remove them | ||||
| 				if (typeof data.items !== 'undefined' && data.items) { | ||||
| 					const promises      = []; | ||||
| 					const items_to_keep = []; | ||||
|  | ||||
| 					data.items.map((item) => { | ||||
| 						if (item.password) { | ||||
| 							promises.push(accessListAuthModel | ||||
| 								.query() | ||||
| 								.insert({ | ||||
| 									access_list_id: data.id, | ||||
| 									username:       item.username, | ||||
| 									password:       item.password | ||||
| 								}) | ||||
| 							); | ||||
| 						} else { | ||||
| 							// This was supplied with an empty password, which means keep it but don't change the password | ||||
| 							items_to_keep.push(item.username); | ||||
| 						} | ||||
| 					}); | ||||
|  | ||||
| 					const query = accessListAuthModel | ||||
| 						.query() | ||||
| 						.delete() | ||||
| 						.where('access_list_id', data.id); | ||||
|  | ||||
| 					if (items_to_keep.length) { | ||||
| 						query.andWhere('username', 'NOT IN', items_to_keep); | ||||
| 					} | ||||
|  | ||||
| 					return query | ||||
| 						.then(() => { | ||||
| 							// Add new items | ||||
| 							if (promises.length) { | ||||
| 								return Promise.all(promises); | ||||
| 							} | ||||
| 						}); | ||||
| 				} | ||||
| 			}) | ||||
| 			.then(() => { | ||||
| 				// Check for clients and add/update/remove them | ||||
| 				if (typeof data.clients !== 'undefined' && data.clients) { | ||||
| 					const promises = []; | ||||
|  | ||||
| 					data.clients.map((client) => { | ||||
| 						if (client.address) { | ||||
| 							promises.push(accessListClientModel | ||||
| 								.query() | ||||
| 								.insert({ | ||||
| 									access_list_id: data.id, | ||||
| 									address:        client.address, | ||||
| 									directive:      client.directive | ||||
| 								}) | ||||
| 							); | ||||
| 						} | ||||
| 					}); | ||||
|  | ||||
| 					const query = accessListClientModel | ||||
| 						.query() | ||||
| 						.delete() | ||||
| 						.where('access_list_id', data.id); | ||||
|  | ||||
| 					return query | ||||
| 						.then(() => { | ||||
| 							// Add new items | ||||
| 							if (promises.length) { | ||||
| 								return Promise.all(promises); | ||||
| 							} | ||||
| 						}); | ||||
| 				} | ||||
| 			}) | ||||
| 			.then(() => { | ||||
| 				// Add to audit log | ||||
| 				return internalAuditLog.add(access, { | ||||
| 					action:      'updated', | ||||
| 					object_type: 'access-list', | ||||
| 					object_id:   data.id, | ||||
| 					meta:        internalAccessList.maskItems(data) | ||||
| 				}); | ||||
| 			}) | ||||
| 			.then(() => { | ||||
| 				// re-fetch with expansions | ||||
| 				return internalAccessList.get(access, { | ||||
| 					id:     data.id, | ||||
| 					expand: ['owner', 'items', 'clients', 'proxy_hosts.[certificate,access_list.[clients,items]]'] | ||||
| 				}, true /* <- skip masking */); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				return internalAccessList.build(row) | ||||
| 					.then(() => { | ||||
| 						if (parseInt(row.proxy_host_count, 10)) { | ||||
| 							return internalNginx.bulkGenerateConfigs('proxy_host', row.proxy_hosts); | ||||
| 						} | ||||
| 					}).then(internalNginx.reload) | ||||
| 					.then(() => { | ||||
| 						return internalAccessList.maskItems(row); | ||||
| 					}); | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param  {Access}   access | ||||
| 	 * @param  {Object}   data | ||||
| 	 * @param  {Integer}  data.id | ||||
| 	 * @param  {Array}    [data.expand] | ||||
| 	 * @param  {Array}    [data.omit] | ||||
| 	 * @param  {Boolean}  [skip_masking] | ||||
| 	 * @return {Promise} | ||||
| 	 */ | ||||
| 	get: (access, data, skip_masking) => { | ||||
| 		if (typeof data === 'undefined') { | ||||
| 			data = {}; | ||||
| 		} | ||||
|  | ||||
| 		return access.can('access_lists:get', data.id) | ||||
| 			.then((access_data) => { | ||||
| 				const query = accessListModel | ||||
| 					.query() | ||||
| 					.select('access_list.*', accessListModel.raw('COUNT(proxy_host.id) as proxy_host_count')) | ||||
| 					.leftJoin('proxy_host', function() { | ||||
| 						this.on('proxy_host.access_list_id', '=', 'access_list.id') | ||||
| 							.andOn('proxy_host.is_deleted', '=', 0); | ||||
| 					}) | ||||
| 					.where('access_list.is_deleted', 0) | ||||
| 					.andWhere('access_list.id', data.id) | ||||
| 					.groupBy('access_list.id') | ||||
| 					.allowGraph('[owner,items,clients,proxy_hosts.[certificate,access_list.[clients,items]]]') | ||||
| 					.first(); | ||||
|  | ||||
| 				if (access_data.permission_visibility !== 'all') { | ||||
| 					query.andWhere('access_list.owner_user_id', access.token.getUserId(1)); | ||||
| 				} | ||||
|  | ||||
| 				if (typeof data.expand !== 'undefined' && data.expand !== null) { | ||||
| 					query.withGraphFetched(`[${data.expand.join(', ')}]`); | ||||
| 				} | ||||
|  | ||||
| 				return query.then(utils.omitRow(omissions())); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				if (!row || !row.id) { | ||||
| 					throw new error.ItemNotFoundError(data.id); | ||||
| 				} | ||||
| 				if (!skip_masking && typeof row.items !== 'undefined' && row.items) { | ||||
| 					row = internalAccessList.maskItems(row); | ||||
| 				} | ||||
| 				// Custom omissions | ||||
| 				if (typeof data.omit !== 'undefined' && data.omit !== null) { | ||||
| 					row = _.omit(row, data.omit); | ||||
| 				} | ||||
| 				return row; | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param   {Access}  access | ||||
| 	 * @param   {Object}  data | ||||
| 	 * @param   {Integer} data.id | ||||
| 	 * @param   {String}  [data.reason] | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	delete: (access, data) => { | ||||
| 		return access.can('access_lists:delete', data.id) | ||||
| 			.then(() => { | ||||
| 				return internalAccessList.get(access, {id: data.id, expand: ['proxy_hosts', 'items', 'clients']}); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				if (!row || !row.id) { | ||||
| 					throw new error.ItemNotFoundError(data.id); | ||||
| 				} | ||||
|  | ||||
| 				// 1. update row to be deleted | ||||
| 				// 2. update any proxy hosts that were using it (ignoring permissions) | ||||
| 				// 3. reconfigure those hosts | ||||
| 				// 4. audit log | ||||
|  | ||||
| 				// 1. update row to be deleted | ||||
| 				return accessListModel | ||||
| 					.query() | ||||
| 					.where('id', row.id) | ||||
| 					.patch({ | ||||
| 						is_deleted: 1 | ||||
| 					}) | ||||
| 					.then(() => { | ||||
| 						// 2. update any proxy hosts that were using it (ignoring permissions) | ||||
| 						if (row.proxy_hosts) { | ||||
| 							return proxyHostModel | ||||
| 								.query() | ||||
| 								.where('access_list_id', '=', row.id) | ||||
| 								.patch({access_list_id: 0}) | ||||
| 								.then(() => { | ||||
| 									// 3. reconfigure those hosts, then reload nginx | ||||
|  | ||||
| 									// set the access_list_id to zero for these items | ||||
| 									row.proxy_hosts.map((_val, idx) => { | ||||
| 										row.proxy_hosts[idx].access_list_id = 0; | ||||
| 									}); | ||||
|  | ||||
| 									return internalNginx.bulkGenerateConfigs('proxy_host', row.proxy_hosts); | ||||
| 								}) | ||||
| 								.then(() => { | ||||
| 									return internalNginx.reload(); | ||||
| 								}); | ||||
| 						} | ||||
| 					}) | ||||
| 					.then(() => { | ||||
| 						// delete the htpasswd file | ||||
| 						const htpasswd_file = internalAccessList.getFilename(row); | ||||
|  | ||||
| 						try { | ||||
| 							fs.unlinkSync(htpasswd_file); | ||||
| 						} catch (_err) { | ||||
| 							// do nothing | ||||
| 						} | ||||
| 					}) | ||||
| 					.then(() => { | ||||
| 						// 4. audit log | ||||
| 						return internalAuditLog.add(access, { | ||||
| 							action:      'deleted', | ||||
| 							object_type: 'access-list', | ||||
| 							object_id:   row.id, | ||||
| 							meta:        _.omit(internalAccessList.maskItems(row), ['is_deleted', 'proxy_hosts']) | ||||
| 						}); | ||||
| 					}); | ||||
| 			}) | ||||
| 			.then(() => { | ||||
| 				return true; | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * All Lists | ||||
| 	 * | ||||
| 	 * @param   {Access}  access | ||||
| 	 * @param   {Array}   [expand] | ||||
| 	 * @param   {String}  [search_query] | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	getAll: (access, expand, search_query) => { | ||||
| 		return access.can('access_lists:list') | ||||
| 			.then((access_data) => { | ||||
| 				const query = accessListModel | ||||
| 					.query() | ||||
| 					.select('access_list.*', accessListModel.raw('COUNT(proxy_host.id) as proxy_host_count')) | ||||
| 					.leftJoin('proxy_host', function() { | ||||
| 						this.on('proxy_host.access_list_id', '=', 'access_list.id') | ||||
| 							.andOn('proxy_host.is_deleted', '=', 0); | ||||
| 					}) | ||||
| 					.where('access_list.is_deleted', 0) | ||||
| 					.groupBy('access_list.id') | ||||
| 					.allowGraph('[owner,items,clients]') | ||||
| 					.orderBy('access_list.name', 'ASC'); | ||||
|  | ||||
| 				if (access_data.permission_visibility !== 'all') { | ||||
| 					query.andWhere('access_list.owner_user_id', access.token.getUserId(1)); | ||||
| 				} | ||||
|  | ||||
| 				// Query is used for searching | ||||
| 				if (typeof search_query === 'string') { | ||||
| 					query.where(function () { | ||||
| 						this.where('name', 'like', `%${search_query}%`); | ||||
| 					}); | ||||
| 				} | ||||
|  | ||||
| 				if (typeof expand !== 'undefined' && expand !== null) { | ||||
| 					query.withGraphFetched(`[${expand.join(', ')}]`); | ||||
| 				} | ||||
|  | ||||
| 				return query.then(utils.omitRows(omissions())); | ||||
| 			}) | ||||
| 			.then((rows) => { | ||||
| 				if (rows) { | ||||
| 					rows.map((row, idx) => { | ||||
| 						if (typeof row.items !== 'undefined' && row.items) { | ||||
| 							rows[idx] = internalAccessList.maskItems(row); | ||||
| 						} | ||||
| 					}); | ||||
| 				} | ||||
|  | ||||
| 				return rows; | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * Report use | ||||
| 	 * | ||||
| 	 * @param   {Integer} user_id | ||||
| 	 * @param   {String}  visibility | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	getCount: (user_id, visibility) => { | ||||
| 		const query = accessListModel | ||||
| 			.query() | ||||
| 			.count('id as count') | ||||
| 			.where('is_deleted', 0); | ||||
|  | ||||
| 		if (visibility !== 'all') { | ||||
| 			query.andWhere('owner_user_id', user_id); | ||||
| 		} | ||||
|  | ||||
| 		return query.first() | ||||
| 			.then((row) => { | ||||
| 				return parseInt(row.count, 10); | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param   {Object}  list | ||||
| 	 * @returns {Object} | ||||
| 	 */ | ||||
| 	maskItems: (list) => { | ||||
| 		if (list && typeof list.items !== 'undefined') { | ||||
| 			list.items.map((val, idx) => { | ||||
| 				let repeat_for = 8; | ||||
| 				let first_char = '*'; | ||||
|  | ||||
| 				if (typeof val.password !== 'undefined' && val.password) { | ||||
| 					repeat_for = val.password.length - 1; | ||||
| 					first_char = val.password.charAt(0); | ||||
| 				} | ||||
|  | ||||
| 				list.items[idx].hint     = first_char + ('*').repeat(repeat_for); | ||||
| 				list.items[idx].password = ''; | ||||
| 			}); | ||||
| 		} | ||||
|  | ||||
| 		return list; | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param   {Object}  list | ||||
| 	 * @param   {Integer} list.id | ||||
| 	 * @returns {String} | ||||
| 	 */ | ||||
| 	getFilename: (list) => { | ||||
| 		return `/data/access/${list.id}`; | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param   {Object}  list | ||||
| 	 * @param   {Integer} list.id | ||||
| 	 * @param   {String}  list.name | ||||
| 	 * @param   {Array}   list.items | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	build: (list) => { | ||||
| 		logger.info(`Building Access file #${list.id} for: ${list.name}`); | ||||
|  | ||||
| 		return new Promise((resolve, reject) => { | ||||
| 			const htpasswd_file = internalAccessList.getFilename(list); | ||||
|  | ||||
| 			// 1. remove any existing access file | ||||
| 			try { | ||||
| 				fs.unlinkSync(htpasswd_file); | ||||
| 			} catch (_err) { | ||||
| 				// do nothing | ||||
| 			} | ||||
|  | ||||
| 			// 2. create empty access file | ||||
| 			try { | ||||
| 				fs.writeFileSync(htpasswd_file, '', {encoding: 'utf8'}); | ||||
| 				resolve(htpasswd_file); | ||||
| 			} catch (err) { | ||||
| 				reject(err); | ||||
| 			} | ||||
| 		}) | ||||
| 			.then((htpasswd_file) => { | ||||
| 				// 3. generate password for each user | ||||
| 				if (list.items.length) { | ||||
| 					return new Promise((resolve, reject) => { | ||||
| 						batchflow(list.items).sequential() | ||||
| 							.each((_i, item, next) => { | ||||
| 								if (typeof item.password !== 'undefined' && item.password.length) { | ||||
| 									logger.info(`Adding: ${item.username}`); | ||||
|  | ||||
| 									utils.execFile('openssl', ['passwd', '-apr1', item.password]) | ||||
| 										.then((res) => { | ||||
| 											try { | ||||
| 												fs.appendFileSync(htpasswd_file, `${item.username}:${res}\n`, {encoding: 'utf8'}); | ||||
| 											} catch (err) { | ||||
| 												reject(err); | ||||
| 											} | ||||
| 											next(); | ||||
| 										}) | ||||
| 										.catch((err) => { | ||||
| 											logger.error(err); | ||||
| 											next(err); | ||||
| 										}); | ||||
| 								} | ||||
| 							}) | ||||
| 							.error((err) => { | ||||
| 								logger.error(err); | ||||
| 								reject(err); | ||||
| 							}) | ||||
| 							.end((results) => { | ||||
| 								logger.success(`Built Access file #${list.id} for: ${list.name}`); | ||||
| 								resolve(results); | ||||
| 							}); | ||||
| 					}); | ||||
| 				} | ||||
| 			}); | ||||
| 	} | ||||
| }; | ||||
|  | ||||
| module.exports = internalAccessList; | ||||
							
								
								
									
										79
									
								
								backend/internal/audit-log.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										79
									
								
								backend/internal/audit-log.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,79 @@ | ||||
| const error            = require('../lib/error'); | ||||
| const auditLogModel    = require('../models/audit-log'); | ||||
| const {castJsonIfNeed} = require('../lib/helpers'); | ||||
|  | ||||
| const internalAuditLog = { | ||||
|  | ||||
| 	/** | ||||
| 	 * All logs | ||||
| 	 * | ||||
| 	 * @param   {Access}  access | ||||
| 	 * @param   {Array}   [expand] | ||||
| 	 * @param   {String}  [search_query] | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	getAll: (access, expand, search_query) => { | ||||
| 		return access.can('auditlog:list') | ||||
| 			.then(() => { | ||||
| 				let query = auditLogModel | ||||
| 					.query() | ||||
| 					.orderBy('created_on', 'DESC') | ||||
| 					.orderBy('id', 'DESC') | ||||
| 					.limit(100) | ||||
| 					.allowGraph('[user]'); | ||||
|  | ||||
| 				// Query is used for searching | ||||
| 				if (typeof search_query === 'string' && search_query.length > 0) { | ||||
| 					query.where(function () { | ||||
| 						this.where(castJsonIfNeed('meta'), 'like', '%' + search_query + '%'); | ||||
| 					}); | ||||
| 				} | ||||
|  | ||||
| 				if (typeof expand !== 'undefined' && expand !== null) { | ||||
| 					query.withGraphFetched('[' + expand.join(', ') + ']'); | ||||
| 				} | ||||
|  | ||||
| 				return query; | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * This method should not be publicly used, it doesn't check certain things. It will be assumed | ||||
| 	 * that permission to add to audit log is already considered, however the access token is used for | ||||
| 	 * default user id determination. | ||||
| 	 * | ||||
| 	 * @param   {Access}   access | ||||
| 	 * @param   {Object}   data | ||||
| 	 * @param   {String}   data.action | ||||
| 	 * @param   {Number}   [data.user_id] | ||||
| 	 * @param   {Number}   [data.object_id] | ||||
| 	 * @param   {Number}   [data.object_type] | ||||
| 	 * @param   {Object}   [data.meta] | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	add: (access, data) => { | ||||
| 		return new Promise((resolve, reject) => { | ||||
| 			// Default the user id | ||||
| 			if (typeof data.user_id === 'undefined' || !data.user_id) { | ||||
| 				data.user_id = access.token.getUserId(1); | ||||
| 			} | ||||
|  | ||||
| 			if (typeof data.action === 'undefined' || !data.action) { | ||||
| 				reject(new error.InternalValidationError('Audit log entry must contain an Action')); | ||||
| 			} else { | ||||
| 				// Make sure at least 1 of the IDs are set and action | ||||
| 				resolve(auditLogModel | ||||
| 					.query() | ||||
| 					.insert({ | ||||
| 						user_id:     data.user_id, | ||||
| 						action:      data.action, | ||||
| 						object_type: data.object_type || '', | ||||
| 						object_id:   data.object_id || 0, | ||||
| 						meta:        data.meta || {} | ||||
| 					})); | ||||
| 			} | ||||
| 		}); | ||||
| 	} | ||||
| }; | ||||
|  | ||||
| module.exports = internalAuditLog; | ||||
							
								
								
									
										1298
									
								
								backend/internal/certificate.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										1298
									
								
								backend/internal/certificate.js
									
									
									
									
									
										Normal file
									
								
							
										
											
												File diff suppressed because it is too large
												Load Diff
											
										
									
								
							
							
								
								
									
										465
									
								
								backend/internal/dead-host.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										465
									
								
								backend/internal/dead-host.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,465 @@ | ||||
| const _                   = require('lodash'); | ||||
| const error               = require('../lib/error'); | ||||
| const utils               = require('../lib/utils'); | ||||
| const deadHostModel       = require('../models/dead_host'); | ||||
| const internalHost        = require('./host'); | ||||
| const internalNginx       = require('./nginx'); | ||||
| const internalAuditLog    = require('./audit-log'); | ||||
| const internalCertificate = require('./certificate'); | ||||
| const {castJsonIfNeed}    = require('../lib/helpers'); | ||||
|  | ||||
| function omissions () { | ||||
| 	return ['is_deleted']; | ||||
| } | ||||
|  | ||||
| const internalDeadHost = { | ||||
|  | ||||
| 	/** | ||||
| 	 * @param   {Access}  access | ||||
| 	 * @param   {Object}  data | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	create: (access, data) => { | ||||
| 		let create_certificate = data.certificate_id === 'new'; | ||||
|  | ||||
| 		if (create_certificate) { | ||||
| 			delete data.certificate_id; | ||||
| 		} | ||||
|  | ||||
| 		return access.can('dead_hosts:create', data) | ||||
| 			.then((/*access_data*/) => { | ||||
| 				// Get a list of the domain names and check each of them against existing records | ||||
| 				let domain_name_check_promises = []; | ||||
|  | ||||
| 				data.domain_names.map(function (domain_name) { | ||||
| 					domain_name_check_promises.push(internalHost.isHostnameTaken(domain_name)); | ||||
| 				}); | ||||
|  | ||||
| 				return Promise.all(domain_name_check_promises) | ||||
| 					.then((check_results) => { | ||||
| 						check_results.map(function (result) { | ||||
| 							if (result.is_taken) { | ||||
| 								throw new error.ValidationError(result.hostname + ' is already in use'); | ||||
| 							} | ||||
| 						}); | ||||
| 					}); | ||||
| 			}) | ||||
| 			.then(() => { | ||||
| 				// At this point the domains should have been checked | ||||
| 				data.owner_user_id = access.token.getUserId(1); | ||||
| 				data               = internalHost.cleanSslHstsData(data); | ||||
|  | ||||
| 				// Fix for db field not having a default value | ||||
| 				// for this optional field. | ||||
| 				if (typeof data.advanced_config === 'undefined') { | ||||
| 					data.advanced_config = ''; | ||||
| 				} | ||||
|  | ||||
| 				return deadHostModel | ||||
| 					.query() | ||||
| 					.insertAndFetch(data) | ||||
| 					.then(utils.omitRow(omissions())); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				if (create_certificate) { | ||||
| 					return internalCertificate.createQuickCertificate(access, data) | ||||
| 						.then((cert) => { | ||||
| 							// update host with cert id | ||||
| 							return internalDeadHost.update(access, { | ||||
| 								id:             row.id, | ||||
| 								certificate_id: cert.id | ||||
| 							}); | ||||
| 						}) | ||||
| 						.then(() => { | ||||
| 							return row; | ||||
| 						}); | ||||
| 				} else { | ||||
| 					return row; | ||||
| 				} | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				// re-fetch with cert | ||||
| 				return internalDeadHost.get(access, { | ||||
| 					id:     row.id, | ||||
| 					expand: ['certificate', 'owner'] | ||||
| 				}); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				// Configure nginx | ||||
| 				return internalNginx.configure(deadHostModel, 'dead_host', row) | ||||
| 					.then(() => { | ||||
| 						return row; | ||||
| 					}); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				data.meta = _.assign({}, data.meta || {}, row.meta); | ||||
|  | ||||
| 				// Add to audit log | ||||
| 				return internalAuditLog.add(access, { | ||||
| 					action:      'created', | ||||
| 					object_type: 'dead-host', | ||||
| 					object_id:   row.id, | ||||
| 					meta:        data | ||||
| 				}) | ||||
| 					.then(() => { | ||||
| 						return row; | ||||
| 					}); | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param  {Access}  access | ||||
| 	 * @param  {Object}  data | ||||
| 	 * @param  {Number}  data.id | ||||
| 	 * @return {Promise} | ||||
| 	 */ | ||||
| 	update: (access, data) => { | ||||
| 		let create_certificate = data.certificate_id === 'new'; | ||||
|  | ||||
| 		if (create_certificate) { | ||||
| 			delete data.certificate_id; | ||||
| 		} | ||||
|  | ||||
| 		return access.can('dead_hosts:update', data.id) | ||||
| 			.then((/*access_data*/) => { | ||||
| 				// Get a list of the domain names and check each of them against existing records | ||||
| 				let domain_name_check_promises = []; | ||||
|  | ||||
| 				if (typeof data.domain_names !== 'undefined') { | ||||
| 					data.domain_names.map(function (domain_name) { | ||||
| 						domain_name_check_promises.push(internalHost.isHostnameTaken(domain_name, 'dead', data.id)); | ||||
| 					}); | ||||
|  | ||||
| 					return Promise.all(domain_name_check_promises) | ||||
| 						.then((check_results) => { | ||||
| 							check_results.map(function (result) { | ||||
| 								if (result.is_taken) { | ||||
| 									throw new error.ValidationError(result.hostname + ' is already in use'); | ||||
| 								} | ||||
| 							}); | ||||
| 						}); | ||||
| 				} | ||||
| 			}) | ||||
| 			.then(() => { | ||||
| 				return internalDeadHost.get(access, {id: data.id}); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				if (row.id !== data.id) { | ||||
| 					// Sanity check that something crazy hasn't happened | ||||
| 					throw new error.InternalValidationError('404 Host could not be updated, IDs do not match: ' + row.id + ' !== ' + data.id); | ||||
| 				} | ||||
|  | ||||
| 				if (create_certificate) { | ||||
| 					return internalCertificate.createQuickCertificate(access, { | ||||
| 						domain_names: data.domain_names || row.domain_names, | ||||
| 						meta:         _.assign({}, row.meta, data.meta) | ||||
| 					}) | ||||
| 						.then((cert) => { | ||||
| 							// update host with cert id | ||||
| 							data.certificate_id = cert.id; | ||||
| 						}) | ||||
| 						.then(() => { | ||||
| 							return row; | ||||
| 						}); | ||||
| 				} else { | ||||
| 					return row; | ||||
| 				} | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				// Add domain_names to the data in case it isn't there, so that the audit log renders correctly. The order is important here. | ||||
| 				data = _.assign({}, { | ||||
| 					domain_names: row.domain_names | ||||
| 				}, data); | ||||
|  | ||||
| 				data = internalHost.cleanSslHstsData(data, row); | ||||
|  | ||||
| 				return deadHostModel | ||||
| 					.query() | ||||
| 					.where({id: data.id}) | ||||
| 					.patch(data) | ||||
| 					.then((saved_row) => { | ||||
| 						// Add to audit log | ||||
| 						return internalAuditLog.add(access, { | ||||
| 							action:      'updated', | ||||
| 							object_type: 'dead-host', | ||||
| 							object_id:   row.id, | ||||
| 							meta:        data | ||||
| 						}) | ||||
| 							.then(() => { | ||||
| 								return _.omit(saved_row, omissions()); | ||||
| 							}); | ||||
| 					}); | ||||
| 			}) | ||||
| 			.then(() => { | ||||
| 				return internalDeadHost.get(access, { | ||||
| 					id:     data.id, | ||||
| 					expand: ['owner', 'certificate'] | ||||
| 				}) | ||||
| 					.then((row) => { | ||||
| 						// Configure nginx | ||||
| 						return internalNginx.configure(deadHostModel, 'dead_host', row) | ||||
| 							.then((new_meta) => { | ||||
| 								row.meta = new_meta; | ||||
| 								row      = internalHost.cleanRowCertificateMeta(row); | ||||
| 								return _.omit(row, omissions()); | ||||
| 							}); | ||||
| 					}); | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param  {Access}   access | ||||
| 	 * @param  {Object}   data | ||||
| 	 * @param  {Number}   data.id | ||||
| 	 * @param  {Array}    [data.expand] | ||||
| 	 * @param  {Array}    [data.omit] | ||||
| 	 * @return {Promise} | ||||
| 	 */ | ||||
| 	get: (access, data) => { | ||||
| 		if (typeof data === 'undefined') { | ||||
| 			data = {}; | ||||
| 		} | ||||
|  | ||||
| 		return access.can('dead_hosts:get', data.id) | ||||
| 			.then((access_data) => { | ||||
| 				let query = deadHostModel | ||||
| 					.query() | ||||
| 					.where('is_deleted', 0) | ||||
| 					.andWhere('id', data.id) | ||||
| 					.allowGraph('[owner,certificate]') | ||||
| 					.first(); | ||||
|  | ||||
| 				if (access_data.permission_visibility !== 'all') { | ||||
| 					query.andWhere('owner_user_id', access.token.getUserId(1)); | ||||
| 				} | ||||
|  | ||||
| 				if (typeof data.expand !== 'undefined' && data.expand !== null) { | ||||
| 					query.withGraphFetched('[' + data.expand.join(', ') + ']'); | ||||
| 				} | ||||
|  | ||||
| 				return query.then(utils.omitRow(omissions())); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				if (!row || !row.id) { | ||||
| 					throw new error.ItemNotFoundError(data.id); | ||||
| 				} | ||||
| 				// Custom omissions | ||||
| 				if (typeof data.omit !== 'undefined' && data.omit !== null) { | ||||
| 					row = _.omit(row, data.omit); | ||||
| 				} | ||||
| 				return row; | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param {Access}  access | ||||
| 	 * @param {Object}  data | ||||
| 	 * @param {Number}  data.id | ||||
| 	 * @param {String}  [data.reason] | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	delete: (access, data) => { | ||||
| 		return access.can('dead_hosts:delete', data.id) | ||||
| 			.then(() => { | ||||
| 				return internalDeadHost.get(access, {id: data.id}); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				if (!row || !row.id) { | ||||
| 					throw new error.ItemNotFoundError(data.id); | ||||
| 				} | ||||
|  | ||||
| 				return deadHostModel | ||||
| 					.query() | ||||
| 					.where('id', row.id) | ||||
| 					.patch({ | ||||
| 						is_deleted: 1 | ||||
| 					}) | ||||
| 					.then(() => { | ||||
| 						// Delete Nginx Config | ||||
| 						return internalNginx.deleteConfig('dead_host', row) | ||||
| 							.then(() => { | ||||
| 								return internalNginx.reload(); | ||||
| 							}); | ||||
| 					}) | ||||
| 					.then(() => { | ||||
| 						// Add to audit log | ||||
| 						return internalAuditLog.add(access, { | ||||
| 							action:      'deleted', | ||||
| 							object_type: 'dead-host', | ||||
| 							object_id:   row.id, | ||||
| 							meta:        _.omit(row, omissions()) | ||||
| 						}); | ||||
| 					}); | ||||
| 			}) | ||||
| 			.then(() => { | ||||
| 				return true; | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param {Access}  access | ||||
| 	 * @param {Object}  data | ||||
| 	 * @param {Number}  data.id | ||||
| 	 * @param {String}  [data.reason] | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	enable: (access, data) => { | ||||
| 		return access.can('dead_hosts:update', data.id) | ||||
| 			.then(() => { | ||||
| 				return internalDeadHost.get(access, { | ||||
| 					id:     data.id, | ||||
| 					expand: ['certificate', 'owner'] | ||||
| 				}); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				if (!row || !row.id) { | ||||
| 					throw new error.ItemNotFoundError(data.id); | ||||
| 				} else if (row.enabled) { | ||||
| 					throw new error.ValidationError('Host is already enabled'); | ||||
| 				} | ||||
|  | ||||
| 				row.enabled = 1; | ||||
|  | ||||
| 				return deadHostModel | ||||
| 					.query() | ||||
| 					.where('id', row.id) | ||||
| 					.patch({ | ||||
| 						enabled: 1 | ||||
| 					}) | ||||
| 					.then(() => { | ||||
| 						// Configure nginx | ||||
| 						return internalNginx.configure(deadHostModel, 'dead_host', row); | ||||
| 					}) | ||||
| 					.then(() => { | ||||
| 						// Add to audit log | ||||
| 						return internalAuditLog.add(access, { | ||||
| 							action:      'enabled', | ||||
| 							object_type: 'dead-host', | ||||
| 							object_id:   row.id, | ||||
| 							meta:        _.omit(row, omissions()) | ||||
| 						}); | ||||
| 					}); | ||||
| 			}) | ||||
| 			.then(() => { | ||||
| 				return true; | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param {Access}  access | ||||
| 	 * @param {Object}  data | ||||
| 	 * @param {Number}  data.id | ||||
| 	 * @param {String}  [data.reason] | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	disable: (access, data) => { | ||||
| 		return access.can('dead_hosts:update', data.id) | ||||
| 			.then(() => { | ||||
| 				return internalDeadHost.get(access, {id: data.id}); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				if (!row || !row.id) { | ||||
| 					throw new error.ItemNotFoundError(data.id); | ||||
| 				} else if (!row.enabled) { | ||||
| 					throw new error.ValidationError('Host is already disabled'); | ||||
| 				} | ||||
|  | ||||
| 				row.enabled = 0; | ||||
|  | ||||
| 				return deadHostModel | ||||
| 					.query() | ||||
| 					.where('id', row.id) | ||||
| 					.patch({ | ||||
| 						enabled: 0 | ||||
| 					}) | ||||
| 					.then(() => { | ||||
| 						// Delete Nginx Config | ||||
| 						return internalNginx.deleteConfig('dead_host', row) | ||||
| 							.then(() => { | ||||
| 								return internalNginx.reload(); | ||||
| 							}); | ||||
| 					}) | ||||
| 					.then(() => { | ||||
| 						// Add to audit log | ||||
| 						return internalAuditLog.add(access, { | ||||
| 							action:      'disabled', | ||||
| 							object_type: 'dead-host', | ||||
| 							object_id:   row.id, | ||||
| 							meta:        _.omit(row, omissions()) | ||||
| 						}); | ||||
| 					}); | ||||
| 			}) | ||||
| 			.then(() => { | ||||
| 				return true; | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * All Hosts | ||||
| 	 * | ||||
| 	 * @param   {Access}  access | ||||
| 	 * @param   {Array}   [expand] | ||||
| 	 * @param   {String}  [search_query] | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	getAll: (access, expand, search_query) => { | ||||
| 		return access.can('dead_hosts:list') | ||||
| 			.then((access_data) => { | ||||
| 				let query = deadHostModel | ||||
| 					.query() | ||||
| 					.where('is_deleted', 0) | ||||
| 					.groupBy('id') | ||||
| 					.allowGraph('[owner,certificate]') | ||||
| 					.orderBy(castJsonIfNeed('domain_names'), 'ASC'); | ||||
|  | ||||
| 				if (access_data.permission_visibility !== 'all') { | ||||
| 					query.andWhere('owner_user_id', access.token.getUserId(1)); | ||||
| 				} | ||||
|  | ||||
| 				// Query is used for searching | ||||
| 				if (typeof search_query === 'string' && search_query.length > 0) { | ||||
| 					query.where(function () { | ||||
| 						this.where(castJsonIfNeed('domain_names'), 'like', '%' + search_query + '%'); | ||||
| 					}); | ||||
| 				} | ||||
|  | ||||
| 				if (typeof expand !== 'undefined' && expand !== null) { | ||||
| 					query.withGraphFetched('[' + expand.join(', ') + ']'); | ||||
| 				} | ||||
|  | ||||
| 				return query.then(utils.omitRows(omissions())); | ||||
| 			}) | ||||
| 			.then((rows) => { | ||||
| 				if (typeof expand !== 'undefined' && expand !== null && expand.indexOf('certificate') !== -1) { | ||||
| 					return internalHost.cleanAllRowsCertificateMeta(rows); | ||||
| 				} | ||||
|  | ||||
| 				return rows; | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * Report use | ||||
| 	 * | ||||
| 	 * @param   {Number}  user_id | ||||
| 	 * @param   {String}  visibility | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	getCount: (user_id, visibility) => { | ||||
| 		let query = deadHostModel | ||||
| 			.query() | ||||
| 			.count('id as count') | ||||
| 			.where('is_deleted', 0); | ||||
|  | ||||
| 		if (visibility !== 'all') { | ||||
| 			query.andWhere('owner_user_id', user_id); | ||||
| 		} | ||||
|  | ||||
| 		return query.first() | ||||
| 			.then((row) => { | ||||
| 				return parseInt(row.count, 10); | ||||
| 			}); | ||||
| 	} | ||||
| }; | ||||
|  | ||||
| module.exports = internalDeadHost; | ||||
							
								
								
									
										236
									
								
								backend/internal/host.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										236
									
								
								backend/internal/host.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,236 @@ | ||||
| const _                    = require('lodash'); | ||||
| const proxyHostModel       = require('../models/proxy_host'); | ||||
| const redirectionHostModel = require('../models/redirection_host'); | ||||
| const deadHostModel        = require('../models/dead_host'); | ||||
| const {castJsonIfNeed}     = require('../lib/helpers'); | ||||
|  | ||||
| const internalHost = { | ||||
|  | ||||
| 	/** | ||||
| 	 * Makes sure that the ssl_* and hsts_* fields play nicely together. | ||||
| 	 * ie: if there is no cert, then force_ssl is off. | ||||
| 	 *     if force_ssl is off, then hsts_enabled is definitely off. | ||||
| 	 * | ||||
| 	 * @param   {object} data | ||||
| 	 * @param   {object} [existing_data] | ||||
| 	 * @returns {object} | ||||
| 	 */ | ||||
| 	cleanSslHstsData: function (data, existing_data) { | ||||
| 		existing_data = existing_data === undefined ? {} : existing_data; | ||||
|  | ||||
| 		const combined_data = _.assign({}, existing_data, data); | ||||
|  | ||||
| 		if (!combined_data.certificate_id) { | ||||
| 			combined_data.ssl_forced    = false; | ||||
| 			combined_data.http2_support = false; | ||||
| 		} | ||||
|  | ||||
| 		if (!combined_data.ssl_forced) { | ||||
| 			combined_data.hsts_enabled = false; | ||||
| 		} | ||||
|  | ||||
| 		if (!combined_data.hsts_enabled) { | ||||
| 			combined_data.hsts_subdomains = false; | ||||
| 		} | ||||
|  | ||||
| 		return combined_data; | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * used by the getAll functions of hosts, this removes the certificate meta if present | ||||
| 	 * | ||||
| 	 * @param   {Array}  rows | ||||
| 	 * @returns {Array} | ||||
| 	 */ | ||||
| 	cleanAllRowsCertificateMeta: function (rows) { | ||||
| 		rows.map(function (row, idx) { | ||||
| 			if (typeof rows[idx].certificate !== 'undefined' && rows[idx].certificate) { | ||||
| 				rows[idx].certificate.meta = {}; | ||||
| 			} | ||||
| 		}); | ||||
|  | ||||
| 		return rows; | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * used by the get/update functions of hosts, this removes the certificate meta if present | ||||
| 	 * | ||||
| 	 * @param   {Object}  row | ||||
| 	 * @returns {Object} | ||||
| 	 */ | ||||
| 	cleanRowCertificateMeta: function (row) { | ||||
| 		if (typeof row.certificate !== 'undefined' && row.certificate) { | ||||
| 			row.certificate.meta = {}; | ||||
| 		} | ||||
|  | ||||
| 		return row; | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * This returns all the host types with any domain listed in the provided domain_names array. | ||||
| 	 * This is used by the certificates to temporarily disable any host that is using the domain | ||||
| 	 * | ||||
| 	 * @param   {Array}  domain_names | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	getHostsWithDomains: function (domain_names) { | ||||
| 		const promises = [ | ||||
| 			proxyHostModel | ||||
| 				.query() | ||||
| 				.where('is_deleted', 0), | ||||
| 			redirectionHostModel | ||||
| 				.query() | ||||
| 				.where('is_deleted', 0), | ||||
| 			deadHostModel | ||||
| 				.query() | ||||
| 				.where('is_deleted', 0) | ||||
| 		]; | ||||
|  | ||||
| 		return Promise.all(promises) | ||||
| 			.then((promises_results) => { | ||||
| 				let response_object = { | ||||
| 					total_count:       0, | ||||
| 					dead_hosts:        [], | ||||
| 					proxy_hosts:       [], | ||||
| 					redirection_hosts: [] | ||||
| 				}; | ||||
|  | ||||
| 				if (promises_results[0]) { | ||||
| 					// Proxy Hosts | ||||
| 					response_object.proxy_hosts  = internalHost._getHostsWithDomains(promises_results[0], domain_names); | ||||
| 					response_object.total_count += response_object.proxy_hosts.length; | ||||
| 				} | ||||
|  | ||||
| 				if (promises_results[1]) { | ||||
| 					// Redirection Hosts | ||||
| 					response_object.redirection_hosts = internalHost._getHostsWithDomains(promises_results[1], domain_names); | ||||
| 					response_object.total_count      += response_object.redirection_hosts.length; | ||||
| 				} | ||||
|  | ||||
| 				if (promises_results[2]) { | ||||
| 					// Dead Hosts | ||||
| 					response_object.dead_hosts   = internalHost._getHostsWithDomains(promises_results[2], domain_names); | ||||
| 					response_object.total_count += response_object.dead_hosts.length; | ||||
| 				} | ||||
|  | ||||
| 				return response_object; | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * Internal use only, checks to see if the domain is already taken by any other record | ||||
| 	 * | ||||
| 	 * @param   {String}   hostname | ||||
| 	 * @param   {String}   [ignore_type]   'proxy', 'redirection', 'dead' | ||||
| 	 * @param   {Integer}  [ignore_id]     Must be supplied if type was also supplied | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	isHostnameTaken: function (hostname, ignore_type, ignore_id) { | ||||
| 		const promises = [ | ||||
| 			proxyHostModel | ||||
| 				.query() | ||||
| 				.where('is_deleted', 0) | ||||
| 				.andWhere(castJsonIfNeed('domain_names'), 'like', '%' + hostname + '%'), | ||||
| 			redirectionHostModel | ||||
| 				.query() | ||||
| 				.where('is_deleted', 0) | ||||
| 				.andWhere(castJsonIfNeed('domain_names'), 'like', '%' + hostname + '%'), | ||||
| 			deadHostModel | ||||
| 				.query() | ||||
| 				.where('is_deleted', 0) | ||||
| 				.andWhere(castJsonIfNeed('domain_names'), 'like', '%' + hostname + '%') | ||||
| 		]; | ||||
|  | ||||
| 		return Promise.all(promises) | ||||
| 			.then((promises_results) => { | ||||
| 				let is_taken = false; | ||||
|  | ||||
| 				if (promises_results[0]) { | ||||
| 					// Proxy Hosts | ||||
| 					if (internalHost._checkHostnameRecordsTaken(hostname, promises_results[0], ignore_type === 'proxy' && ignore_id ? ignore_id : 0)) { | ||||
| 						is_taken = true; | ||||
| 					} | ||||
| 				} | ||||
|  | ||||
| 				if (promises_results[1]) { | ||||
| 					// Redirection Hosts | ||||
| 					if (internalHost._checkHostnameRecordsTaken(hostname, promises_results[1], ignore_type === 'redirection' && ignore_id ? ignore_id : 0)) { | ||||
| 						is_taken = true; | ||||
| 					} | ||||
| 				} | ||||
|  | ||||
| 				if (promises_results[2]) { | ||||
| 					// Dead Hosts | ||||
| 					if (internalHost._checkHostnameRecordsTaken(hostname, promises_results[2], ignore_type === 'dead' && ignore_id ? ignore_id : 0)) { | ||||
| 						is_taken = true; | ||||
| 					} | ||||
| 				} | ||||
|  | ||||
| 				return { | ||||
| 					hostname: hostname, | ||||
| 					is_taken: is_taken | ||||
| 				}; | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * Private call only | ||||
| 	 * | ||||
| 	 * @param   {String}  hostname | ||||
| 	 * @param   {Array}   existing_rows | ||||
| 	 * @param   {Integer} [ignore_id] | ||||
| 	 * @returns {Boolean} | ||||
| 	 */ | ||||
| 	_checkHostnameRecordsTaken: function (hostname, existing_rows, ignore_id) { | ||||
| 		let is_taken = false; | ||||
|  | ||||
| 		if (existing_rows && existing_rows.length) { | ||||
| 			existing_rows.map(function (existing_row) { | ||||
| 				existing_row.domain_names.map(function (existing_hostname) { | ||||
| 					// Does this domain match? | ||||
| 					if (existing_hostname.toLowerCase() === hostname.toLowerCase()) { | ||||
| 						if (!ignore_id || ignore_id !== existing_row.id) { | ||||
| 							is_taken = true; | ||||
| 						} | ||||
| 					} | ||||
| 				}); | ||||
| 			}); | ||||
| 		} | ||||
|  | ||||
| 		return is_taken; | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * Private call only | ||||
| 	 * | ||||
| 	 * @param   {Array}   hosts | ||||
| 	 * @param   {Array}   domain_names | ||||
| 	 * @returns {Array} | ||||
| 	 */ | ||||
| 	_getHostsWithDomains: function (hosts, domain_names) { | ||||
| 		let response = []; | ||||
|  | ||||
| 		if (hosts && hosts.length) { | ||||
| 			hosts.map(function (host) { | ||||
| 				let host_matches = false; | ||||
|  | ||||
| 				domain_names.map(function (domain_name) { | ||||
| 					host.domain_names.map(function (host_domain_name) { | ||||
| 						if (domain_name.toLowerCase() === host_domain_name.toLowerCase()) { | ||||
| 							host_matches = true; | ||||
| 						} | ||||
| 					}); | ||||
| 				}); | ||||
|  | ||||
| 				if (host_matches) { | ||||
| 					response.push(host); | ||||
| 				} | ||||
| 			}); | ||||
| 		} | ||||
|  | ||||
| 		return response; | ||||
| 	} | ||||
|  | ||||
| }; | ||||
|  | ||||
| module.exports = internalHost; | ||||
							
								
								
									
										147
									
								
								backend/internal/ip_ranges.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										147
									
								
								backend/internal/ip_ranges.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,147 @@ | ||||
| const https         = require('https'); | ||||
| const fs            = require('fs'); | ||||
| const logger        = require('../logger').ip_ranges; | ||||
| const error         = require('../lib/error'); | ||||
| const utils         = require('../lib/utils'); | ||||
| const internalNginx = require('./nginx'); | ||||
|  | ||||
| const CLOUDFRONT_URL   = 'https://ip-ranges.amazonaws.com/ip-ranges.json'; | ||||
| const CLOUDFARE_V4_URL = 'https://www.cloudflare.com/ips-v4'; | ||||
| const CLOUDFARE_V6_URL = 'https://www.cloudflare.com/ips-v6'; | ||||
|  | ||||
| const regIpV4 = /^(\d+\.?){4}\/\d+/; | ||||
| const regIpV6 = /^(([\da-fA-F]+)?:)+\/\d+/; | ||||
|  | ||||
| const internalIpRanges = { | ||||
|  | ||||
| 	interval_timeout:    1000 * 60 * 60 * 6, // 6 hours | ||||
| 	interval:            null, | ||||
| 	interval_processing: false, | ||||
| 	iteration_count:     0, | ||||
|  | ||||
| 	initTimer: () => { | ||||
| 		logger.info('IP Ranges Renewal Timer initialized'); | ||||
| 		internalIpRanges.interval = setInterval(internalIpRanges.fetch, internalIpRanges.interval_timeout); | ||||
| 	}, | ||||
|  | ||||
| 	fetchUrl: (url) => { | ||||
| 		return new Promise((resolve, reject) => { | ||||
| 			logger.info('Fetching ' + url); | ||||
| 			return https.get(url, (res) => { | ||||
| 				res.setEncoding('utf8'); | ||||
| 				let raw_data = ''; | ||||
| 				res.on('data', (chunk) => { | ||||
| 					raw_data += chunk; | ||||
| 				}); | ||||
|  | ||||
| 				res.on('end', () => { | ||||
| 					resolve(raw_data); | ||||
| 				}); | ||||
| 			}).on('error', (err) => { | ||||
| 				reject(err); | ||||
| 			}); | ||||
| 		}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * Triggered at startup and then later by a timer, this will fetch the ip ranges from services and apply them to nginx. | ||||
| 	 */ | ||||
| 	fetch: () => { | ||||
| 		if (!internalIpRanges.interval_processing) { | ||||
| 			internalIpRanges.interval_processing = true; | ||||
| 			logger.info('Fetching IP Ranges from online services...'); | ||||
|  | ||||
| 			let ip_ranges = []; | ||||
|  | ||||
| 			return internalIpRanges.fetchUrl(CLOUDFRONT_URL) | ||||
| 				.then((cloudfront_data) => { | ||||
| 					let data = JSON.parse(cloudfront_data); | ||||
|  | ||||
| 					if (data && typeof data.prefixes !== 'undefined') { | ||||
| 						data.prefixes.map((item) => { | ||||
| 							if (item.service === 'CLOUDFRONT') { | ||||
| 								ip_ranges.push(item.ip_prefix); | ||||
| 							} | ||||
| 						}); | ||||
| 					} | ||||
|  | ||||
| 					if (data && typeof data.ipv6_prefixes !== 'undefined') { | ||||
| 						data.ipv6_prefixes.map((item) => { | ||||
| 							if (item.service === 'CLOUDFRONT') { | ||||
| 								ip_ranges.push(item.ipv6_prefix); | ||||
| 							} | ||||
| 						}); | ||||
| 					} | ||||
| 				}) | ||||
| 				.then(() => { | ||||
| 					return internalIpRanges.fetchUrl(CLOUDFARE_V4_URL); | ||||
| 				}) | ||||
| 				.then((cloudfare_data) => { | ||||
| 					let items = cloudfare_data.split('\n').filter((line) => regIpV4.test(line)); | ||||
| 					ip_ranges = [... ip_ranges, ... items]; | ||||
| 				}) | ||||
| 				.then(() => { | ||||
| 					return internalIpRanges.fetchUrl(CLOUDFARE_V6_URL); | ||||
| 				}) | ||||
| 				.then((cloudfare_data) => { | ||||
| 					let items = cloudfare_data.split('\n').filter((line) => regIpV6.test(line)); | ||||
| 					ip_ranges = [... ip_ranges, ... items]; | ||||
| 				}) | ||||
| 				.then(() => { | ||||
| 					let clean_ip_ranges = []; | ||||
| 					ip_ranges.map((range) => { | ||||
| 						if (range) { | ||||
| 							clean_ip_ranges.push(range); | ||||
| 						} | ||||
| 					}); | ||||
|  | ||||
| 					return internalIpRanges.generateConfig(clean_ip_ranges) | ||||
| 						.then(() => { | ||||
| 							if (internalIpRanges.iteration_count) { | ||||
| 								// Reload nginx | ||||
| 								return internalNginx.reload(); | ||||
| 							} | ||||
| 						}); | ||||
| 				}) | ||||
| 				.then(() => { | ||||
| 					internalIpRanges.interval_processing = false; | ||||
| 					internalIpRanges.iteration_count++; | ||||
| 				}) | ||||
| 				.catch((err) => { | ||||
| 					logger.error(err.message); | ||||
| 					internalIpRanges.interval_processing = false; | ||||
| 				}); | ||||
| 		} | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param   {Array}  ip_ranges | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	generateConfig: (ip_ranges) => { | ||||
| 		const renderEngine = utils.getRenderEngine(); | ||||
| 		return new Promise((resolve, reject) => { | ||||
| 			let template = null; | ||||
| 			let filename = '/etc/nginx/conf.d/include/ip_ranges.conf'; | ||||
| 			try { | ||||
| 				template = fs.readFileSync(__dirname + '/../templates/ip_ranges.conf', {encoding: 'utf8'}); | ||||
| 			} catch (err) { | ||||
| 				reject(new error.ConfigurationError(err.message)); | ||||
| 				return; | ||||
| 			} | ||||
|  | ||||
| 			renderEngine | ||||
| 				.parseAndRender(template, {ip_ranges: ip_ranges}) | ||||
| 				.then((config_text) => { | ||||
| 					fs.writeFileSync(filename, config_text, {encoding: 'utf8'}); | ||||
| 					resolve(true); | ||||
| 				}) | ||||
| 				.catch((err) => { | ||||
| 					logger.warn('Could not write ' + filename + ':', err.message); | ||||
| 					reject(new error.ConfigurationError(err.message)); | ||||
| 				}); | ||||
| 		}); | ||||
| 	} | ||||
| }; | ||||
|  | ||||
| module.exports = internalIpRanges; | ||||
							
								
								
									
										436
									
								
								backend/internal/nginx.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										436
									
								
								backend/internal/nginx.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,436 @@ | ||||
| const _      = require('lodash'); | ||||
| const fs     = require('node:fs'); | ||||
| const logger = require('../logger').nginx; | ||||
| const config = require('../lib/config'); | ||||
| const utils  = require('../lib/utils'); | ||||
| const error  = require('../lib/error'); | ||||
|  | ||||
| const internalNginx = { | ||||
|  | ||||
| 	/** | ||||
| 	 * This will: | ||||
| 	 * - test the nginx config first to make sure it's OK | ||||
| 	 * - create / recreate the config for the host | ||||
| 	 * - test again | ||||
| 	 * - IF OK:  update the meta with online status | ||||
| 	 * - IF BAD: update the meta with offline status and remove the config entirely | ||||
| 	 * - then reload nginx | ||||
| 	 * | ||||
| 	 * @param   {Object|String}  model | ||||
| 	 * @param   {String}         host_type | ||||
| 	 * @param   {Object}         host | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	configure: (model, host_type, host) => { | ||||
| 		let combined_meta = {}; | ||||
|  | ||||
| 		return internalNginx.test() | ||||
| 			.then(() => { | ||||
| 				// Nginx is OK | ||||
| 				// We're deleting this config regardless. | ||||
| 				// Don't throw errors, as the file may not exist at all | ||||
| 				// Delete the .err file too | ||||
| 				return internalNginx.deleteConfig(host_type, host, false, true); | ||||
| 			}) | ||||
| 			.then(() => { | ||||
| 				return internalNginx.generateConfig(host_type, host); | ||||
| 			}) | ||||
| 			.then(() => { | ||||
| 				// Test nginx again and update meta with result | ||||
| 				return internalNginx.test() | ||||
| 					.then(() => { | ||||
| 						// nginx is ok | ||||
| 						combined_meta = _.assign({}, host.meta, { | ||||
| 							nginx_online: true, | ||||
| 							nginx_err:    null | ||||
| 						}); | ||||
|  | ||||
| 						return model | ||||
| 							.query() | ||||
| 							.where('id', host.id) | ||||
| 							.patch({ | ||||
| 								meta: combined_meta | ||||
| 							}); | ||||
| 					}) | ||||
| 					.catch((err) => { | ||||
| 						// Remove the error_log line because it's a docker-ism false positive that doesn't need to be reported. | ||||
| 						// It will always look like this: | ||||
| 						//   nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (6: No such device or address) | ||||
|  | ||||
| 						const valid_lines = []; | ||||
| 						const err_lines   = err.message.split('\n'); | ||||
| 						err_lines.map((line) => { | ||||
| 							if (line.indexOf('/var/log/nginx/error.log') === -1) { | ||||
| 								valid_lines.push(line); | ||||
| 							} | ||||
| 						}); | ||||
|  | ||||
| 						if (config.debug()) { | ||||
| 							logger.error('Nginx test failed:', valid_lines.join('\n')); | ||||
| 						} | ||||
|  | ||||
| 						// config is bad, update meta and delete config | ||||
| 						combined_meta = _.assign({}, host.meta, { | ||||
| 							nginx_online: false, | ||||
| 							nginx_err:    valid_lines.join('\n') | ||||
| 						}); | ||||
|  | ||||
| 						return model | ||||
| 							.query() | ||||
| 							.where('id', host.id) | ||||
| 							.patch({ | ||||
| 								meta: combined_meta | ||||
| 							}) | ||||
| 							.then(() => { | ||||
| 								internalNginx.renameConfigAsError(host_type, host); | ||||
| 							}) | ||||
| 							.then(() => { | ||||
| 								return internalNginx.deleteConfig(host_type, host, true); | ||||
| 							}); | ||||
| 					}); | ||||
| 			}) | ||||
| 			.then(() => { | ||||
| 				return internalNginx.reload(); | ||||
| 			}) | ||||
| 			.then(() => { | ||||
| 				return combined_meta; | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	test: () => { | ||||
| 		if (config.debug()) { | ||||
| 			logger.info('Testing Nginx configuration'); | ||||
| 		} | ||||
|  | ||||
| 		return utils.execFile('/usr/sbin/nginx', ['-t', '-g', 'error_log off;']); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	reload: () => { | ||||
| 		return internalNginx.test() | ||||
| 			.then(() => { | ||||
| 				logger.info('Reloading Nginx'); | ||||
| 				return utils.execFile('/usr/sbin/nginx', ['-s', 'reload']); | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param   {String}  host_type | ||||
| 	 * @param   {Integer} host_id | ||||
| 	 * @returns {String} | ||||
| 	 */ | ||||
| 	getConfigName: (host_type, host_id) => { | ||||
| 		if (host_type === 'default') { | ||||
| 			return '/data/nginx/default_host/site.conf'; | ||||
| 		} | ||||
| 		return `/data/nginx/${internalNginx.getFileFriendlyHostType(host_type)}/${host_id}.conf`; | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * Generates custom locations | ||||
| 	 * @param   {Object}  host | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	renderLocations: (host) => { | ||||
| 		return new Promise((resolve, reject) => { | ||||
| 			let template; | ||||
|  | ||||
| 			try { | ||||
| 				template = fs.readFileSync(`${__dirname}/../templates/_location.conf`, {encoding: 'utf8'}); | ||||
| 			} catch (err) { | ||||
| 				reject(new error.ConfigurationError(err.message)); | ||||
| 				return; | ||||
| 			} | ||||
|  | ||||
| 			const renderEngine    = utils.getRenderEngine(); | ||||
| 			let renderedLocations = ''; | ||||
|  | ||||
| 			const locationRendering = async () => { | ||||
| 				for (let i = 0; i < host.locations.length; i++) { | ||||
| 					const locationCopy = Object.assign({}, {access_list_id: host.access_list_id}, {certificate_id: host.certificate_id}, | ||||
| 						{ssl_forced: host.ssl_forced}, {caching_enabled: host.caching_enabled}, {block_exploits: host.block_exploits}, | ||||
| 						{allow_websocket_upgrade: host.allow_websocket_upgrade}, {http2_support: host.http2_support}, | ||||
| 						{hsts_enabled: host.hsts_enabled}, {hsts_subdomains: host.hsts_subdomains}, {access_list: host.access_list}, | ||||
| 						{certificate: host.certificate}, host.locations[i]); | ||||
|  | ||||
| 					if (locationCopy.forward_host.indexOf('/') > -1) { | ||||
| 						const splitted = locationCopy.forward_host.split('/'); | ||||
|  | ||||
| 						locationCopy.forward_host = splitted.shift(); | ||||
| 						locationCopy.forward_path = `/${splitted.join('/')}`; | ||||
| 					} | ||||
|  | ||||
| 					// eslint-disable-next-line | ||||
| 					renderedLocations += await renderEngine.parseAndRender(template, locationCopy); | ||||
| 				} | ||||
|  | ||||
| 			}; | ||||
|  | ||||
| 			locationRendering().then(() => resolve(renderedLocations)); | ||||
|  | ||||
| 		}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param   {String}  host_type | ||||
| 	 * @param   {Object}  host | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	generateConfig: (host_type, host_row) => { | ||||
| 		// Prevent modifying the original object: | ||||
| 		const host           = JSON.parse(JSON.stringify(host_row)); | ||||
| 		const nice_host_type = internalNginx.getFileFriendlyHostType(host_type); | ||||
|  | ||||
| 		if (config.debug()) { | ||||
| 			logger.info(`Generating ${nice_host_type} Config:`, JSON.stringify(host, null, 2)); | ||||
| 		} | ||||
|  | ||||
| 		const renderEngine = utils.getRenderEngine(); | ||||
|  | ||||
| 		return new Promise((resolve, reject) => { | ||||
| 			let template   = null; | ||||
| 			const filename = internalNginx.getConfigName(nice_host_type, host.id); | ||||
|  | ||||
| 			try { | ||||
| 				template = fs.readFileSync(`${__dirname}/../templates/${nice_host_type}.conf`, {encoding: 'utf8'}); | ||||
| 			} catch (err) { | ||||
| 				reject(new error.ConfigurationError(err.message)); | ||||
| 				return; | ||||
| 			} | ||||
|  | ||||
| 			let locationsPromise; | ||||
| 			let origLocations; | ||||
|  | ||||
| 			// Manipulate the data a bit before sending it to the template | ||||
| 			if (nice_host_type !== 'default') { | ||||
| 				host.use_default_location = true; | ||||
| 				if (typeof host.advanced_config !== 'undefined' && host.advanced_config) { | ||||
| 					host.use_default_location = !internalNginx.advancedConfigHasDefaultLocation(host.advanced_config); | ||||
| 				} | ||||
| 			} | ||||
|  | ||||
| 			if (host.locations) { | ||||
| 				//logger.info ('host.locations = ' + JSON.stringify(host.locations, null, 2)); | ||||
| 				origLocations    = [].concat(host.locations); | ||||
| 				locationsPromise = internalNginx.renderLocations(host).then((renderedLocations) => { | ||||
| 					host.locations = renderedLocations; | ||||
| 				}); | ||||
|  | ||||
| 				// Allow someone who is using / custom location path to use it, and skip the default / location | ||||
| 				_.map(host.locations, (location) => { | ||||
| 					if (location.path === '/') { | ||||
| 						host.use_default_location = false; | ||||
| 					} | ||||
| 				}); | ||||
|  | ||||
| 			} else { | ||||
| 				locationsPromise = Promise.resolve(); | ||||
| 			} | ||||
|  | ||||
| 			// Set the IPv6 setting for the host | ||||
| 			host.ipv6 = internalNginx.ipv6Enabled(); | ||||
|  | ||||
| 			locationsPromise.then(() => { | ||||
| 				renderEngine | ||||
| 					.parseAndRender(template, host) | ||||
| 					.then((config_text) => { | ||||
| 						fs.writeFileSync(filename, config_text, {encoding: 'utf8'}); | ||||
|  | ||||
| 						if (config.debug()) { | ||||
| 							logger.success('Wrote config:', filename, config_text); | ||||
| 						} | ||||
|  | ||||
| 						// Restore locations array | ||||
| 						host.locations = origLocations; | ||||
|  | ||||
| 						resolve(true); | ||||
| 					}) | ||||
| 					.catch((err) => { | ||||
| 						if (config.debug()) { | ||||
| 							logger.warn(`Could not write ${filename}:`, err.message); | ||||
| 						} | ||||
|  | ||||
| 						reject(new error.ConfigurationError(err.message)); | ||||
| 					}); | ||||
| 			}); | ||||
| 		}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * This generates a temporary nginx config listening on port 80 for the domain names listed | ||||
| 	 * in the certificate setup. It allows the letsencrypt acme challenge to be requested by letsencrypt | ||||
| 	 * when requesting a certificate without having a hostname set up already. | ||||
| 	 * | ||||
| 	 * @param   {Object}  certificate | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	generateLetsEncryptRequestConfig: (certificate) => { | ||||
| 		if (config.debug()) { | ||||
| 			logger.info('Generating LetsEncrypt Request Config:', certificate); | ||||
| 		} | ||||
|  | ||||
| 		const renderEngine = utils.getRenderEngine(); | ||||
|  | ||||
| 		return new Promise((resolve, reject) => { | ||||
| 			let template   = null; | ||||
| 			const filename = `/data/nginx/temp/letsencrypt_${certificate.id}.conf`; | ||||
|  | ||||
| 			try { | ||||
| 				template = fs.readFileSync(`${__dirname}/../templates/letsencrypt-request.conf`, {encoding: 'utf8'}); | ||||
| 			} catch (err) { | ||||
| 				reject(new error.ConfigurationError(err.message)); | ||||
| 				return; | ||||
| 			} | ||||
|  | ||||
| 			certificate.ipv6 = internalNginx.ipv6Enabled(); | ||||
|  | ||||
| 			renderEngine | ||||
| 				.parseAndRender(template, certificate) | ||||
| 				.then((config_text) => { | ||||
| 					fs.writeFileSync(filename, config_text, {encoding: 'utf8'}); | ||||
|  | ||||
| 					if (config.debug()) { | ||||
| 						logger.success('Wrote config:', filename, config_text); | ||||
| 					} | ||||
|  | ||||
| 					resolve(true); | ||||
| 				}) | ||||
| 				.catch((err) => { | ||||
| 					if (config.debug()) { | ||||
| 						logger.warn(`Could not write ${filename}:`, err.message); | ||||
| 					} | ||||
|  | ||||
| 					reject(new error.ConfigurationError(err.message)); | ||||
| 				}); | ||||
| 		}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * A simple wrapper around unlinkSync that writes to the logger | ||||
| 	 * | ||||
| 	 * @param   {String}  filename | ||||
| 	 */ | ||||
| 	deleteFile: (filename) => { | ||||
| 		logger.debug(`Deleting file: ${filename}`); | ||||
| 		try { | ||||
| 			fs.unlinkSync(filename); | ||||
| 		} catch (err) { | ||||
| 			logger.debug('Could not delete file:', JSON.stringify(err, null, 2)); | ||||
| 		} | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * | ||||
| 	 * @param   {String} host_type | ||||
| 	 * @returns String | ||||
| 	 */ | ||||
| 	getFileFriendlyHostType: (host_type) => { | ||||
| 		return host_type.replace(/-/g, '_'); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * This removes the temporary nginx config file generated by `generateLetsEncryptRequestConfig` | ||||
| 	 * | ||||
| 	 * @param   {Object}  certificate | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	deleteLetsEncryptRequestConfig: (certificate) => { | ||||
| 		const config_file = `/data/nginx/temp/letsencrypt_${certificate.id}.conf`; | ||||
| 		return new Promise((resolve/*, reject*/) => { | ||||
| 			internalNginx.deleteFile(config_file); | ||||
| 			resolve(); | ||||
| 		}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param   {String}  host_type | ||||
| 	 * @param   {Object}  [host] | ||||
| 	 * @param   {Boolean} [delete_err_file] | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	deleteConfig: (host_type, host, delete_err_file) => { | ||||
| 		const config_file     = internalNginx.getConfigName(internalNginx.getFileFriendlyHostType(host_type), typeof host === 'undefined' ? 0 : host.id); | ||||
| 		const config_file_err = `${config_file}.err`; | ||||
|  | ||||
| 		return new Promise((resolve/*, reject*/) => { | ||||
| 			internalNginx.deleteFile(config_file); | ||||
| 			if (delete_err_file) { | ||||
| 				internalNginx.deleteFile(config_file_err); | ||||
| 			} | ||||
| 			resolve(); | ||||
| 		}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param   {String}  host_type | ||||
| 	 * @param   {Object}  [host] | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	renameConfigAsError: (host_type, host) => { | ||||
| 		const config_file     = internalNginx.getConfigName(internalNginx.getFileFriendlyHostType(host_type), typeof host === 'undefined' ? 0 : host.id); | ||||
| 		const config_file_err = `${config_file}.err`; | ||||
|  | ||||
| 		return new Promise((resolve/*, reject*/) => { | ||||
| 			fs.unlink(config_file, () => { | ||||
| 				// ignore result, continue | ||||
| 				fs.rename(config_file, config_file_err, () => { | ||||
| 					// also ignore result, as this is a debugging informative file anyway | ||||
| 					resolve(); | ||||
| 				}); | ||||
| 			}); | ||||
| 		}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param   {String}  host_type | ||||
| 	 * @param   {Array}   hosts | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	bulkGenerateConfigs: (host_type, hosts) => { | ||||
| 		const promises = []; | ||||
| 		hosts.map((host) => { | ||||
| 			promises.push(internalNginx.generateConfig(host_type, host)); | ||||
| 		}); | ||||
|  | ||||
| 		return Promise.all(promises); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param   {String}  host_type | ||||
| 	 * @param   {Array}   hosts | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	bulkDeleteConfigs: (host_type, hosts) => { | ||||
| 		const promises = []; | ||||
| 		hosts.map((host) => { | ||||
| 			promises.push(internalNginx.deleteConfig(host_type, host, true)); | ||||
| 		}); | ||||
|  | ||||
| 		return Promise.all(promises); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param   {string}  config | ||||
| 	 * @returns {boolean} | ||||
| 	 */ | ||||
| 	advancedConfigHasDefaultLocation: (cfg) => !!cfg.match(/^(?:.*;)?\s*?location\s*?\/\s*?{/im), | ||||
|  | ||||
| 	/** | ||||
| 	 * @returns {boolean} | ||||
| 	 */ | ||||
| 	ipv6Enabled: () => { | ||||
| 		if (typeof process.env.DISABLE_IPV6 !== 'undefined') { | ||||
| 			const disabled = process.env.DISABLE_IPV6.toLowerCase(); | ||||
| 			return !(disabled === 'on' || disabled === 'true' || disabled === '1' || disabled === 'yes'); | ||||
| 		} | ||||
|  | ||||
| 		return true; | ||||
| 	} | ||||
| }; | ||||
|  | ||||
| module.exports = internalNginx; | ||||
							
								
								
									
										472
									
								
								backend/internal/proxy-host.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										472
									
								
								backend/internal/proxy-host.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,472 @@ | ||||
| const _                   = require('lodash'); | ||||
| const error               = require('../lib/error'); | ||||
| const utils               = require('../lib/utils'); | ||||
| const proxyHostModel      = require('../models/proxy_host'); | ||||
| const internalHost        = require('./host'); | ||||
| const internalNginx       = require('./nginx'); | ||||
| const internalAuditLog    = require('./audit-log'); | ||||
| const internalCertificate = require('./certificate'); | ||||
| const {castJsonIfNeed}    = require('../lib/helpers'); | ||||
|  | ||||
| function omissions () { | ||||
| 	return ['is_deleted', 'owner.is_deleted']; | ||||
| } | ||||
|  | ||||
| const internalProxyHost = { | ||||
|  | ||||
| 	/** | ||||
| 	 * @param   {Access}  access | ||||
| 	 * @param   {Object}  data | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	create: (access, data) => { | ||||
| 		let create_certificate = data.certificate_id === 'new'; | ||||
|  | ||||
| 		if (create_certificate) { | ||||
| 			delete data.certificate_id; | ||||
| 		} | ||||
|  | ||||
| 		return access.can('proxy_hosts:create', data) | ||||
| 			.then(() => { | ||||
| 				// Get a list of the domain names and check each of them against existing records | ||||
| 				let domain_name_check_promises = []; | ||||
|  | ||||
| 				data.domain_names.map(function (domain_name) { | ||||
| 					domain_name_check_promises.push(internalHost.isHostnameTaken(domain_name)); | ||||
| 				}); | ||||
|  | ||||
| 				return Promise.all(domain_name_check_promises) | ||||
| 					.then((check_results) => { | ||||
| 						check_results.map(function (result) { | ||||
| 							if (result.is_taken) { | ||||
| 								throw new error.ValidationError(result.hostname + ' is already in use'); | ||||
| 							} | ||||
| 						}); | ||||
| 					}); | ||||
| 			}) | ||||
| 			.then(() => { | ||||
| 				// At this point the domains should have been checked | ||||
| 				data.owner_user_id = access.token.getUserId(1); | ||||
| 				data               = internalHost.cleanSslHstsData(data); | ||||
|  | ||||
| 				// Fix for db field not having a default value | ||||
| 				// for this optional field. | ||||
| 				if (typeof data.advanced_config === 'undefined') { | ||||
| 					data.advanced_config = ''; | ||||
| 				} | ||||
|  | ||||
| 				return proxyHostModel | ||||
| 					.query() | ||||
| 					.insertAndFetch(data) | ||||
| 					.then(utils.omitRow(omissions())); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				if (create_certificate) { | ||||
| 					return internalCertificate.createQuickCertificate(access, data) | ||||
| 						.then((cert) => { | ||||
| 							// update host with cert id | ||||
| 							return internalProxyHost.update(access, { | ||||
| 								id:             row.id, | ||||
| 								certificate_id: cert.id | ||||
| 							}); | ||||
| 						}) | ||||
| 						.then(() => { | ||||
| 							return row; | ||||
| 						}); | ||||
| 				} else { | ||||
| 					return row; | ||||
| 				} | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				// re-fetch with cert | ||||
| 				return internalProxyHost.get(access, { | ||||
| 					id:     row.id, | ||||
| 					expand: ['certificate', 'owner', 'access_list.[clients,items]'] | ||||
| 				}); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				// Configure nginx | ||||
| 				return internalNginx.configure(proxyHostModel, 'proxy_host', row) | ||||
| 					.then(() => { | ||||
| 						return row; | ||||
| 					}); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				// Audit log | ||||
| 				data.meta = _.assign({}, data.meta || {}, row.meta); | ||||
|  | ||||
| 				// Add to audit log | ||||
| 				return internalAuditLog.add(access, { | ||||
| 					action:      'created', | ||||
| 					object_type: 'proxy-host', | ||||
| 					object_id:   row.id, | ||||
| 					meta:        data | ||||
| 				}) | ||||
| 					.then(() => { | ||||
| 						return row; | ||||
| 					}); | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param  {Access}  access | ||||
| 	 * @param  {Object}  data | ||||
| 	 * @param  {Number}  data.id | ||||
| 	 * @return {Promise} | ||||
| 	 */ | ||||
| 	update: (access, data) => { | ||||
| 		let create_certificate = data.certificate_id === 'new'; | ||||
|  | ||||
| 		if (create_certificate) { | ||||
| 			delete data.certificate_id; | ||||
| 		} | ||||
|  | ||||
| 		return access.can('proxy_hosts:update', data.id) | ||||
| 			.then((/*access_data*/) => { | ||||
| 				// Get a list of the domain names and check each of them against existing records | ||||
| 				let domain_name_check_promises = []; | ||||
|  | ||||
| 				if (typeof data.domain_names !== 'undefined') { | ||||
| 					data.domain_names.map(function (domain_name) { | ||||
| 						domain_name_check_promises.push(internalHost.isHostnameTaken(domain_name, 'proxy', data.id)); | ||||
| 					}); | ||||
|  | ||||
| 					return Promise.all(domain_name_check_promises) | ||||
| 						.then((check_results) => { | ||||
| 							check_results.map(function (result) { | ||||
| 								if (result.is_taken) { | ||||
| 									throw new error.ValidationError(result.hostname + ' is already in use'); | ||||
| 								} | ||||
| 							}); | ||||
| 						}); | ||||
| 				} | ||||
| 			}) | ||||
| 			.then(() => { | ||||
| 				return internalProxyHost.get(access, {id: data.id}); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				if (row.id !== data.id) { | ||||
| 					// Sanity check that something crazy hasn't happened | ||||
| 					throw new error.InternalValidationError('Proxy Host could not be updated, IDs do not match: ' + row.id + ' !== ' + data.id); | ||||
| 				} | ||||
|  | ||||
| 				if (create_certificate) { | ||||
| 					return internalCertificate.createQuickCertificate(access, { | ||||
| 						domain_names: data.domain_names || row.domain_names, | ||||
| 						meta:         _.assign({}, row.meta, data.meta) | ||||
| 					}) | ||||
| 						.then((cert) => { | ||||
| 							// update host with cert id | ||||
| 							data.certificate_id = cert.id; | ||||
| 						}) | ||||
| 						.then(() => { | ||||
| 							return row; | ||||
| 						}); | ||||
| 				} else { | ||||
| 					return row; | ||||
| 				} | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				// Add domain_names to the data in case it isn't there, so that the audit log renders correctly. The order is important here. | ||||
| 				data = _.assign({}, { | ||||
| 					domain_names: row.domain_names | ||||
| 				}, data); | ||||
|  | ||||
| 				data = internalHost.cleanSslHstsData(data, row); | ||||
|  | ||||
| 				return proxyHostModel | ||||
| 					.query() | ||||
| 					.where({id: data.id}) | ||||
| 					.patch(data) | ||||
| 					.then(utils.omitRow(omissions())) | ||||
| 					.then((saved_row) => { | ||||
| 						// Add to audit log | ||||
| 						return internalAuditLog.add(access, { | ||||
| 							action:      'updated', | ||||
| 							object_type: 'proxy-host', | ||||
| 							object_id:   row.id, | ||||
| 							meta:        data | ||||
| 						}) | ||||
| 							.then(() => { | ||||
| 								return saved_row; | ||||
| 							}); | ||||
| 					}); | ||||
| 			}) | ||||
| 			.then(() => { | ||||
| 				return internalProxyHost.get(access, { | ||||
| 					id:     data.id, | ||||
| 					expand: ['owner', 'certificate', 'access_list.[clients,items]'] | ||||
| 				}) | ||||
| 					.then((row) => { | ||||
| 						if (!row.enabled) { | ||||
| 							// No need to add nginx config if host is disabled | ||||
| 							return row; | ||||
| 						} | ||||
| 						// Configure nginx | ||||
| 						return internalNginx.configure(proxyHostModel, 'proxy_host', row) | ||||
| 							.then((new_meta) => { | ||||
| 								row.meta = new_meta; | ||||
| 								row      = internalHost.cleanRowCertificateMeta(row); | ||||
| 								return _.omit(row, omissions()); | ||||
| 							}); | ||||
| 					}); | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param  {Access}   access | ||||
| 	 * @param  {Object}   data | ||||
| 	 * @param  {Number}   data.id | ||||
| 	 * @param  {Array}    [data.expand] | ||||
| 	 * @param  {Array}    [data.omit] | ||||
| 	 * @return {Promise} | ||||
| 	 */ | ||||
| 	get: (access, data) => { | ||||
| 		if (typeof data === 'undefined') { | ||||
| 			data = {}; | ||||
| 		} | ||||
|  | ||||
| 		return access.can('proxy_hosts:get', data.id) | ||||
| 			.then((access_data) => { | ||||
| 				let query = proxyHostModel | ||||
| 					.query() | ||||
| 					.where('is_deleted', 0) | ||||
| 					.andWhere('id', data.id) | ||||
| 					.allowGraph('[owner,access_list.[clients,items],certificate]') | ||||
| 					.first(); | ||||
|  | ||||
| 				if (access_data.permission_visibility !== 'all') { | ||||
| 					query.andWhere('owner_user_id', access.token.getUserId(1)); | ||||
| 				} | ||||
|  | ||||
| 				if (typeof data.expand !== 'undefined' && data.expand !== null) { | ||||
| 					query.withGraphFetched('[' + data.expand.join(', ') + ']'); | ||||
| 				} | ||||
|  | ||||
| 				return query.then(utils.omitRow(omissions())); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				if (!row || !row.id) { | ||||
| 					throw new error.ItemNotFoundError(data.id); | ||||
| 				} | ||||
| 				row = internalHost.cleanRowCertificateMeta(row); | ||||
| 				// Custom omissions | ||||
| 				if (typeof data.omit !== 'undefined' && data.omit !== null) { | ||||
| 					row = _.omit(row, data.omit); | ||||
| 				} | ||||
| 				return row; | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param {Access}  access | ||||
| 	 * @param {Object}  data | ||||
| 	 * @param {Number}  data.id | ||||
| 	 * @param {String}  [data.reason] | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	delete: (access, data) => { | ||||
| 		return access.can('proxy_hosts:delete', data.id) | ||||
| 			.then(() => { | ||||
| 				return internalProxyHost.get(access, {id: data.id}); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				if (!row || !row.id) { | ||||
| 					throw new error.ItemNotFoundError(data.id); | ||||
| 				} | ||||
|  | ||||
| 				return proxyHostModel | ||||
| 					.query() | ||||
| 					.where('id', row.id) | ||||
| 					.patch({ | ||||
| 						is_deleted: 1 | ||||
| 					}) | ||||
| 					.then(() => { | ||||
| 						// Delete Nginx Config | ||||
| 						return internalNginx.deleteConfig('proxy_host', row) | ||||
| 							.then(() => { | ||||
| 								return internalNginx.reload(); | ||||
| 							}); | ||||
| 					}) | ||||
| 					.then(() => { | ||||
| 						// Add to audit log | ||||
| 						return internalAuditLog.add(access, { | ||||
| 							action:      'deleted', | ||||
| 							object_type: 'proxy-host', | ||||
| 							object_id:   row.id, | ||||
| 							meta:        _.omit(row, omissions()) | ||||
| 						}); | ||||
| 					}); | ||||
| 			}) | ||||
| 			.then(() => { | ||||
| 				return true; | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param {Access}  access | ||||
| 	 * @param {Object}  data | ||||
| 	 * @param {Number}  data.id | ||||
| 	 * @param {String}  [data.reason] | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	enable: (access, data) => { | ||||
| 		return access.can('proxy_hosts:update', data.id) | ||||
| 			.then(() => { | ||||
| 				return internalProxyHost.get(access, { | ||||
| 					id:     data.id, | ||||
| 					expand: ['certificate', 'owner', 'access_list'] | ||||
| 				}); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				if (!row || !row.id) { | ||||
| 					throw new error.ItemNotFoundError(data.id); | ||||
| 				} else if (row.enabled) { | ||||
| 					throw new error.ValidationError('Host is already enabled'); | ||||
| 				} | ||||
|  | ||||
| 				row.enabled = 1; | ||||
|  | ||||
| 				return proxyHostModel | ||||
| 					.query() | ||||
| 					.where('id', row.id) | ||||
| 					.patch({ | ||||
| 						enabled: 1 | ||||
| 					}) | ||||
| 					.then(() => { | ||||
| 						// Configure nginx | ||||
| 						return internalNginx.configure(proxyHostModel, 'proxy_host', row); | ||||
| 					}) | ||||
| 					.then(() => { | ||||
| 						// Add to audit log | ||||
| 						return internalAuditLog.add(access, { | ||||
| 							action:      'enabled', | ||||
| 							object_type: 'proxy-host', | ||||
| 							object_id:   row.id, | ||||
| 							meta:        _.omit(row, omissions()) | ||||
| 						}); | ||||
| 					}); | ||||
| 			}) | ||||
| 			.then(() => { | ||||
| 				return true; | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param {Access}  access | ||||
| 	 * @param {Object}  data | ||||
| 	 * @param {Number}  data.id | ||||
| 	 * @param {String}  [data.reason] | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	disable: (access, data) => { | ||||
| 		return access.can('proxy_hosts:update', data.id) | ||||
| 			.then(() => { | ||||
| 				return internalProxyHost.get(access, {id: data.id}); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				if (!row || !row.id) { | ||||
| 					throw new error.ItemNotFoundError(data.id); | ||||
| 				} else if (!row.enabled) { | ||||
| 					throw new error.ValidationError('Host is already disabled'); | ||||
| 				} | ||||
|  | ||||
| 				row.enabled = 0; | ||||
|  | ||||
| 				return proxyHostModel | ||||
| 					.query() | ||||
| 					.where('id', row.id) | ||||
| 					.patch({ | ||||
| 						enabled: 0 | ||||
| 					}) | ||||
| 					.then(() => { | ||||
| 						// Delete Nginx Config | ||||
| 						return internalNginx.deleteConfig('proxy_host', row) | ||||
| 							.then(() => { | ||||
| 								return internalNginx.reload(); | ||||
| 							}); | ||||
| 					}) | ||||
| 					.then(() => { | ||||
| 						// Add to audit log | ||||
| 						return internalAuditLog.add(access, { | ||||
| 							action:      'disabled', | ||||
| 							object_type: 'proxy-host', | ||||
| 							object_id:   row.id, | ||||
| 							meta:        _.omit(row, omissions()) | ||||
| 						}); | ||||
| 					}); | ||||
| 			}) | ||||
| 			.then(() => { | ||||
| 				return true; | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * All Hosts | ||||
| 	 * | ||||
| 	 * @param   {Access}  access | ||||
| 	 * @param   {Array}   [expand] | ||||
| 	 * @param   {String}  [search_query] | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	getAll: (access, expand, search_query) => { | ||||
| 		return access.can('proxy_hosts:list') | ||||
| 			.then((access_data) => { | ||||
| 				let query = proxyHostModel | ||||
| 					.query() | ||||
| 					.where('is_deleted', 0) | ||||
| 					.groupBy('id') | ||||
| 					.allowGraph('[owner,access_list,certificate]') | ||||
| 					.orderBy(castJsonIfNeed('domain_names'), 'ASC'); | ||||
|  | ||||
| 				if (access_data.permission_visibility !== 'all') { | ||||
| 					query.andWhere('owner_user_id', access.token.getUserId(1)); | ||||
| 				} | ||||
|  | ||||
| 				// Query is used for searching | ||||
| 				if (typeof search_query === 'string' && search_query.length > 0) { | ||||
| 					query.where(function () { | ||||
| 						this.where(castJsonIfNeed('domain_names'), 'like', `%${search_query}%`); | ||||
| 					}); | ||||
| 				} | ||||
|  | ||||
| 				if (typeof expand !== 'undefined' && expand !== null) { | ||||
| 					query.withGraphFetched('[' + expand.join(', ') + ']'); | ||||
| 				} | ||||
|  | ||||
| 				return query.then(utils.omitRows(omissions())); | ||||
| 			}) | ||||
| 			.then((rows) => { | ||||
| 				if (typeof expand !== 'undefined' && expand !== null && expand.indexOf('certificate') !== -1) { | ||||
| 					return internalHost.cleanAllRowsCertificateMeta(rows); | ||||
| 				} | ||||
|  | ||||
| 				return rows; | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * Report use | ||||
| 	 * | ||||
| 	 * @param   {Number}  user_id | ||||
| 	 * @param   {String}  visibility | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	getCount: (user_id, visibility) => { | ||||
| 		let query = proxyHostModel | ||||
| 			.query() | ||||
| 			.count('id as count') | ||||
| 			.where('is_deleted', 0); | ||||
|  | ||||
| 		if (visibility !== 'all') { | ||||
| 			query.andWhere('owner_user_id', user_id); | ||||
| 		} | ||||
|  | ||||
| 		return query.first() | ||||
| 			.then((row) => { | ||||
| 				return parseInt(row.count, 10); | ||||
| 			}); | ||||
| 	} | ||||
| }; | ||||
|  | ||||
| module.exports = internalProxyHost; | ||||
							
								
								
									
										465
									
								
								backend/internal/redirection-host.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										465
									
								
								backend/internal/redirection-host.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,465 @@ | ||||
| const _                    = require('lodash'); | ||||
| const error                = require('../lib/error'); | ||||
| const utils                = require('../lib/utils'); | ||||
| const redirectionHostModel = require('../models/redirection_host'); | ||||
| const internalHost         = require('./host'); | ||||
| const internalNginx        = require('./nginx'); | ||||
| const internalAuditLog     = require('./audit-log'); | ||||
| const internalCertificate  = require('./certificate'); | ||||
| const {castJsonIfNeed}     = require('../lib/helpers'); | ||||
|  | ||||
| function omissions () { | ||||
| 	return ['is_deleted']; | ||||
| } | ||||
|  | ||||
| const internalRedirectionHost = { | ||||
|  | ||||
| 	/** | ||||
| 	 * @param   {Access}  access | ||||
| 	 * @param   {Object}  data | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	create: (access, data) => { | ||||
| 		let create_certificate = data.certificate_id === 'new'; | ||||
|  | ||||
| 		if (create_certificate) { | ||||
| 			delete data.certificate_id; | ||||
| 		} | ||||
|  | ||||
| 		return access.can('redirection_hosts:create', data) | ||||
| 			.then((/*access_data*/) => { | ||||
| 				// Get a list of the domain names and check each of them against existing records | ||||
| 				let domain_name_check_promises = []; | ||||
|  | ||||
| 				data.domain_names.map(function (domain_name) { | ||||
| 					domain_name_check_promises.push(internalHost.isHostnameTaken(domain_name)); | ||||
| 				}); | ||||
|  | ||||
| 				return Promise.all(domain_name_check_promises) | ||||
| 					.then((check_results) => { | ||||
| 						check_results.map(function (result) { | ||||
| 							if (result.is_taken) { | ||||
| 								throw new error.ValidationError(result.hostname + ' is already in use'); | ||||
| 							} | ||||
| 						}); | ||||
| 					}); | ||||
| 			}) | ||||
| 			.then(() => { | ||||
| 				// At this point the domains should have been checked | ||||
| 				data.owner_user_id = access.token.getUserId(1); | ||||
| 				data               = internalHost.cleanSslHstsData(data); | ||||
|  | ||||
| 				// Fix for db field not having a default value | ||||
| 				// for this optional field. | ||||
| 				if (typeof data.advanced_config === 'undefined') { | ||||
| 					data.advanced_config = ''; | ||||
| 				} | ||||
|  | ||||
| 				return redirectionHostModel | ||||
| 					.query() | ||||
| 					.insertAndFetch(data) | ||||
| 					.then(utils.omitRow(omissions())); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				if (create_certificate) { | ||||
| 					return internalCertificate.createQuickCertificate(access, data) | ||||
| 						.then((cert) => { | ||||
| 							// update host with cert id | ||||
| 							return internalRedirectionHost.update(access, { | ||||
| 								id:             row.id, | ||||
| 								certificate_id: cert.id | ||||
| 							}); | ||||
| 						}) | ||||
| 						.then(() => { | ||||
| 							return row; | ||||
| 						}); | ||||
| 				} | ||||
| 				return row; | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				// re-fetch with cert | ||||
| 				return internalRedirectionHost.get(access, { | ||||
| 					id:     row.id, | ||||
| 					expand: ['certificate', 'owner'] | ||||
| 				}); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				// Configure nginx | ||||
| 				return internalNginx.configure(redirectionHostModel, 'redirection_host', row) | ||||
| 					.then(() => { | ||||
| 						return row; | ||||
| 					}); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				data.meta = _.assign({}, data.meta || {}, row.meta); | ||||
|  | ||||
| 				// Add to audit log | ||||
| 				return internalAuditLog.add(access, { | ||||
| 					action:      'created', | ||||
| 					object_type: 'redirection-host', | ||||
| 					object_id:   row.id, | ||||
| 					meta:        data | ||||
| 				}) | ||||
| 					.then(() => { | ||||
| 						return row; | ||||
| 					}); | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param  {Access}  access | ||||
| 	 * @param  {Object}  data | ||||
| 	 * @param  {Number}  data.id | ||||
| 	 * @return {Promise} | ||||
| 	 */ | ||||
| 	update: (access, data) => { | ||||
| 		let create_certificate = data.certificate_id === 'new'; | ||||
|  | ||||
| 		if (create_certificate) { | ||||
| 			delete data.certificate_id; | ||||
| 		} | ||||
|  | ||||
| 		return access.can('redirection_hosts:update', data.id) | ||||
| 			.then((/*access_data*/) => { | ||||
| 				// Get a list of the domain names and check each of them against existing records | ||||
| 				let domain_name_check_promises = []; | ||||
|  | ||||
| 				if (typeof data.domain_names !== 'undefined') { | ||||
| 					data.domain_names.map(function (domain_name) { | ||||
| 						domain_name_check_promises.push(internalHost.isHostnameTaken(domain_name, 'redirection', data.id)); | ||||
| 					}); | ||||
|  | ||||
| 					return Promise.all(domain_name_check_promises) | ||||
| 						.then((check_results) => { | ||||
| 							check_results.map(function (result) { | ||||
| 								if (result.is_taken) { | ||||
| 									throw new error.ValidationError(result.hostname + ' is already in use'); | ||||
| 								} | ||||
| 							}); | ||||
| 						}); | ||||
| 				} | ||||
| 			}) | ||||
| 			.then(() => { | ||||
| 				return internalRedirectionHost.get(access, {id: data.id}); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				if (row.id !== data.id) { | ||||
| 					// Sanity check that something crazy hasn't happened | ||||
| 					throw new error.InternalValidationError('Redirection Host could not be updated, IDs do not match: ' + row.id + ' !== ' + data.id); | ||||
| 				} | ||||
|  | ||||
| 				if (create_certificate) { | ||||
| 					return internalCertificate.createQuickCertificate(access, { | ||||
| 						domain_names: data.domain_names || row.domain_names, | ||||
| 						meta:         _.assign({}, row.meta, data.meta) | ||||
| 					}) | ||||
| 						.then((cert) => { | ||||
| 							// update host with cert id | ||||
| 							data.certificate_id = cert.id; | ||||
| 						}) | ||||
| 						.then(() => { | ||||
| 							return row; | ||||
| 						}); | ||||
| 				} else { | ||||
| 					return row; | ||||
| 				} | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				// Add domain_names to the data in case it isn't there, so that the audit log renders correctly. The order is important here. | ||||
| 				data = _.assign({}, { | ||||
| 					domain_names: row.domain_names | ||||
| 				}, data); | ||||
|  | ||||
| 				data = internalHost.cleanSslHstsData(data, row); | ||||
|  | ||||
| 				return redirectionHostModel | ||||
| 					.query() | ||||
| 					.where({id: data.id}) | ||||
| 					.patch(data) | ||||
| 					.then((saved_row) => { | ||||
| 						// Add to audit log | ||||
| 						return internalAuditLog.add(access, { | ||||
| 							action:      'updated', | ||||
| 							object_type: 'redirection-host', | ||||
| 							object_id:   row.id, | ||||
| 							meta:        data | ||||
| 						}) | ||||
| 							.then(() => { | ||||
| 								return _.omit(saved_row, omissions()); | ||||
| 							}); | ||||
| 					}); | ||||
| 			}) | ||||
| 			.then(() => { | ||||
| 				return internalRedirectionHost.get(access, { | ||||
| 					id:     data.id, | ||||
| 					expand: ['owner', 'certificate'] | ||||
| 				}) | ||||
| 					.then((row) => { | ||||
| 						// Configure nginx | ||||
| 						return internalNginx.configure(redirectionHostModel, 'redirection_host', row) | ||||
| 							.then((new_meta) => { | ||||
| 								row.meta = new_meta; | ||||
| 								row      = internalHost.cleanRowCertificateMeta(row); | ||||
| 								return _.omit(row, omissions()); | ||||
| 							}); | ||||
| 					}); | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param  {Access}   access | ||||
| 	 * @param  {Object}   data | ||||
| 	 * @param  {Number}   data.id | ||||
| 	 * @param  {Array}    [data.expand] | ||||
| 	 * @param  {Array}    [data.omit] | ||||
| 	 * @return {Promise} | ||||
| 	 */ | ||||
| 	get: (access, data) => { | ||||
| 		if (typeof data === 'undefined') { | ||||
| 			data = {}; | ||||
| 		} | ||||
|  | ||||
| 		return access.can('redirection_hosts:get', data.id) | ||||
| 			.then((access_data) => { | ||||
| 				let query = redirectionHostModel | ||||
| 					.query() | ||||
| 					.where('is_deleted', 0) | ||||
| 					.andWhere('id', data.id) | ||||
| 					.allowGraph('[owner,certificate]') | ||||
| 					.first(); | ||||
|  | ||||
| 				if (access_data.permission_visibility !== 'all') { | ||||
| 					query.andWhere('owner_user_id', access.token.getUserId(1)); | ||||
| 				} | ||||
|  | ||||
| 				if (typeof data.expand !== 'undefined' && data.expand !== null) { | ||||
| 					query.withGraphFetched('[' + data.expand.join(', ') + ']'); | ||||
| 				} | ||||
|  | ||||
| 				return query.then(utils.omitRow(omissions())); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				if (!row || !row.id) { | ||||
| 					throw new error.ItemNotFoundError(data.id); | ||||
| 				} | ||||
| 				row = internalHost.cleanRowCertificateMeta(row); | ||||
| 				// Custom omissions | ||||
| 				if (typeof data.omit !== 'undefined' && data.omit !== null) { | ||||
| 					row = _.omit(row, data.omit); | ||||
| 				} | ||||
| 				return row; | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param {Access}  access | ||||
| 	 * @param {Object}  data | ||||
| 	 * @param {Number}  data.id | ||||
| 	 * @param {String}  [data.reason] | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	delete: (access, data) => { | ||||
| 		return access.can('redirection_hosts:delete', data.id) | ||||
| 			.then(() => { | ||||
| 				return internalRedirectionHost.get(access, {id: data.id}); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				if (!row || !row.id) { | ||||
| 					throw new error.ItemNotFoundError(data.id); | ||||
| 				} | ||||
|  | ||||
| 				return redirectionHostModel | ||||
| 					.query() | ||||
| 					.where('id', row.id) | ||||
| 					.patch({ | ||||
| 						is_deleted: 1 | ||||
| 					}) | ||||
| 					.then(() => { | ||||
| 						// Delete Nginx Config | ||||
| 						return internalNginx.deleteConfig('redirection_host', row) | ||||
| 							.then(() => { | ||||
| 								return internalNginx.reload(); | ||||
| 							}); | ||||
| 					}) | ||||
| 					.then(() => { | ||||
| 						// Add to audit log | ||||
| 						return internalAuditLog.add(access, { | ||||
| 							action:      'deleted', | ||||
| 							object_type: 'redirection-host', | ||||
| 							object_id:   row.id, | ||||
| 							meta:        _.omit(row, omissions()) | ||||
| 						}); | ||||
| 					}); | ||||
| 			}) | ||||
| 			.then(() => { | ||||
| 				return true; | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param {Access}  access | ||||
| 	 * @param {Object}  data | ||||
| 	 * @param {Number}  data.id | ||||
| 	 * @param {String}  [data.reason] | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	enable: (access, data) => { | ||||
| 		return access.can('redirection_hosts:update', data.id) | ||||
| 			.then(() => { | ||||
| 				return internalRedirectionHost.get(access, { | ||||
| 					id:     data.id, | ||||
| 					expand: ['certificate', 'owner'] | ||||
| 				}); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				if (!row || !row.id) { | ||||
| 					throw new error.ItemNotFoundError(data.id); | ||||
| 				} else if (row.enabled) { | ||||
| 					throw new error.ValidationError('Host is already enabled'); | ||||
| 				} | ||||
|  | ||||
| 				row.enabled = 1; | ||||
|  | ||||
| 				return redirectionHostModel | ||||
| 					.query() | ||||
| 					.where('id', row.id) | ||||
| 					.patch({ | ||||
| 						enabled: 1 | ||||
| 					}) | ||||
| 					.then(() => { | ||||
| 						// Configure nginx | ||||
| 						return internalNginx.configure(redirectionHostModel, 'redirection_host', row); | ||||
| 					}) | ||||
| 					.then(() => { | ||||
| 						// Add to audit log | ||||
| 						return internalAuditLog.add(access, { | ||||
| 							action:      'enabled', | ||||
| 							object_type: 'redirection-host', | ||||
| 							object_id:   row.id, | ||||
| 							meta:        _.omit(row, omissions()) | ||||
| 						}); | ||||
| 					}); | ||||
| 			}) | ||||
| 			.then(() => { | ||||
| 				return true; | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param {Access}  access | ||||
| 	 * @param {Object}  data | ||||
| 	 * @param {Number}  data.id | ||||
| 	 * @param {String}  [data.reason] | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	disable: (access, data) => { | ||||
| 		return access.can('redirection_hosts:update', data.id) | ||||
| 			.then(() => { | ||||
| 				return internalRedirectionHost.get(access, {id: data.id}); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				if (!row || !row.id) { | ||||
| 					throw new error.ItemNotFoundError(data.id); | ||||
| 				} else if (!row.enabled) { | ||||
| 					throw new error.ValidationError('Host is already disabled'); | ||||
| 				} | ||||
|  | ||||
| 				row.enabled = 0; | ||||
|  | ||||
| 				return redirectionHostModel | ||||
| 					.query() | ||||
| 					.where('id', row.id) | ||||
| 					.patch({ | ||||
| 						enabled: 0 | ||||
| 					}) | ||||
| 					.then(() => { | ||||
| 						// Delete Nginx Config | ||||
| 						return internalNginx.deleteConfig('redirection_host', row) | ||||
| 							.then(() => { | ||||
| 								return internalNginx.reload(); | ||||
| 							}); | ||||
| 					}) | ||||
| 					.then(() => { | ||||
| 						// Add to audit log | ||||
| 						return internalAuditLog.add(access, { | ||||
| 							action:      'disabled', | ||||
| 							object_type: 'redirection-host', | ||||
| 							object_id:   row.id, | ||||
| 							meta:        _.omit(row, omissions()) | ||||
| 						}); | ||||
| 					}); | ||||
| 			}) | ||||
| 			.then(() => { | ||||
| 				return true; | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * All Hosts | ||||
| 	 * | ||||
| 	 * @param   {Access}  access | ||||
| 	 * @param   {Array}   [expand] | ||||
| 	 * @param   {String}  [search_query] | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	getAll: (access, expand, search_query) => { | ||||
| 		return access.can('redirection_hosts:list') | ||||
| 			.then((access_data) => { | ||||
| 				let query = redirectionHostModel | ||||
| 					.query() | ||||
| 					.where('is_deleted', 0) | ||||
| 					.groupBy('id') | ||||
| 					.allowGraph('[owner,certificate]') | ||||
| 					.orderBy(castJsonIfNeed('domain_names'), 'ASC'); | ||||
|  | ||||
| 				if (access_data.permission_visibility !== 'all') { | ||||
| 					query.andWhere('owner_user_id', access.token.getUserId(1)); | ||||
| 				} | ||||
|  | ||||
| 				// Query is used for searching | ||||
| 				if (typeof search_query === 'string' && search_query.length > 0) { | ||||
| 					query.where(function () { | ||||
| 						this.where(castJsonIfNeed('domain_names'), 'like', `%${search_query}%`); | ||||
| 					}); | ||||
| 				} | ||||
|  | ||||
| 				if (typeof expand !== 'undefined' && expand !== null) { | ||||
| 					query.withGraphFetched('[' + expand.join(', ') + ']'); | ||||
| 				} | ||||
|  | ||||
| 				return query.then(utils.omitRows(omissions())); | ||||
| 			}) | ||||
| 			.then((rows) => { | ||||
| 				if (typeof expand !== 'undefined' && expand !== null && expand.indexOf('certificate') !== -1) { | ||||
| 					return internalHost.cleanAllRowsCertificateMeta(rows); | ||||
| 				} | ||||
|  | ||||
| 				return rows; | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * Report use | ||||
| 	 * | ||||
| 	 * @param   {Number}  user_id | ||||
| 	 * @param   {String}  visibility | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	getCount: (user_id, visibility) => { | ||||
| 		let query = redirectionHostModel | ||||
| 			.query() | ||||
| 			.count('id as count') | ||||
| 			.where('is_deleted', 0); | ||||
|  | ||||
| 		if (visibility !== 'all') { | ||||
| 			query.andWhere('owner_user_id', user_id); | ||||
| 		} | ||||
|  | ||||
| 		return query.first() | ||||
| 			.then((row) => { | ||||
| 				return parseInt(row.count, 10); | ||||
| 			}); | ||||
| 	} | ||||
| }; | ||||
|  | ||||
| module.exports = internalRedirectionHost; | ||||
							
								
								
									
										38
									
								
								backend/internal/report.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										38
									
								
								backend/internal/report.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,38 @@ | ||||
| const internalProxyHost       = require('./proxy-host'); | ||||
| const internalRedirectionHost = require('./redirection-host'); | ||||
| const internalDeadHost        = require('./dead-host'); | ||||
| const internalStream          = require('./stream'); | ||||
|  | ||||
| const internalReport = { | ||||
|  | ||||
| 	/** | ||||
| 	 * @param  {Access}   access | ||||
| 	 * @return {Promise} | ||||
| 	 */ | ||||
| 	getHostsReport: (access) => { | ||||
| 		return access.can('reports:hosts', 1) | ||||
| 			.then((access_data) => { | ||||
| 				let user_id = access.token.getUserId(1); | ||||
|  | ||||
| 				let promises = [ | ||||
| 					internalProxyHost.getCount(user_id, access_data.visibility), | ||||
| 					internalRedirectionHost.getCount(user_id, access_data.visibility), | ||||
| 					internalStream.getCount(user_id, access_data.visibility), | ||||
| 					internalDeadHost.getCount(user_id, access_data.visibility) | ||||
| 				]; | ||||
|  | ||||
| 				return Promise.all(promises); | ||||
| 			}) | ||||
| 			.then((counts) => { | ||||
| 				return { | ||||
| 					proxy:       counts.shift(), | ||||
| 					redirection: counts.shift(), | ||||
| 					stream:      counts.shift(), | ||||
| 					dead:        counts.shift() | ||||
| 				}; | ||||
| 			}); | ||||
|  | ||||
| 	} | ||||
| }; | ||||
|  | ||||
| module.exports = internalReport; | ||||
							
								
								
									
										133
									
								
								backend/internal/setting.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										133
									
								
								backend/internal/setting.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,133 @@ | ||||
| const fs            = require('fs'); | ||||
| const error         = require('../lib/error'); | ||||
| const settingModel  = require('../models/setting'); | ||||
| const internalNginx = require('./nginx'); | ||||
|  | ||||
| const internalSetting = { | ||||
|  | ||||
| 	/** | ||||
| 	 * @param  {Access}  access | ||||
| 	 * @param  {Object}  data | ||||
| 	 * @param  {String}  data.id | ||||
| 	 * @return {Promise} | ||||
| 	 */ | ||||
| 	update: (access, data) => { | ||||
| 		return access.can('settings:update', data.id) | ||||
| 			.then((/*access_data*/) => { | ||||
| 				return internalSetting.get(access, {id: data.id}); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				if (row.id !== data.id) { | ||||
| 					// Sanity check that something crazy hasn't happened | ||||
| 					throw new error.InternalValidationError('Setting could not be updated, IDs do not match: ' + row.id + ' !== ' + data.id); | ||||
| 				} | ||||
|  | ||||
| 				return settingModel | ||||
| 					.query() | ||||
| 					.where({id: data.id}) | ||||
| 					.patch(data); | ||||
| 			}) | ||||
| 			.then(() => { | ||||
| 				return internalSetting.get(access, { | ||||
| 					id: data.id | ||||
| 				}); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				if (row.id === 'default-site') { | ||||
| 					// write the html if we need to | ||||
| 					if (row.value === 'html') { | ||||
| 						fs.writeFileSync('/data/nginx/default_www/index.html', row.meta.html, {encoding: 'utf8'}); | ||||
| 					} | ||||
|  | ||||
| 					// Configure nginx | ||||
| 					return internalNginx.deleteConfig('default') | ||||
| 						.then(() => { | ||||
| 							return internalNginx.generateConfig('default', row); | ||||
| 						}) | ||||
| 						.then(() => { | ||||
| 							return internalNginx.test(); | ||||
| 						}) | ||||
| 						.then(() => { | ||||
| 							return internalNginx.reload(); | ||||
| 						}) | ||||
| 						.then(() => { | ||||
| 							return row; | ||||
| 						}) | ||||
| 						.catch((/*err*/) => { | ||||
| 							internalNginx.deleteConfig('default') | ||||
| 								.then(() => { | ||||
| 									return internalNginx.test(); | ||||
| 								}) | ||||
| 								.then(() => { | ||||
| 									return internalNginx.reload(); | ||||
| 								}) | ||||
| 								.then(() => { | ||||
| 									// I'm being slack here I know.. | ||||
| 									throw new error.ValidationError('Could not reconfigure Nginx. Please check logs.'); | ||||
| 								}); | ||||
| 						}); | ||||
| 				} else { | ||||
| 					return row; | ||||
| 				} | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param  {Access}   access | ||||
| 	 * @param  {Object}   data | ||||
| 	 * @param  {String}   data.id | ||||
| 	 * @return {Promise} | ||||
| 	 */ | ||||
| 	get: (access, data) => { | ||||
| 		return access.can('settings:get', data.id) | ||||
| 			.then(() => { | ||||
| 				return settingModel | ||||
| 					.query() | ||||
| 					.where('id', data.id) | ||||
| 					.first(); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				if (row) { | ||||
| 					return row; | ||||
| 				} else { | ||||
| 					throw new error.ItemNotFoundError(data.id); | ||||
| 				} | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * This will only count the settings | ||||
| 	 * | ||||
| 	 * @param   {Access}  access | ||||
| 	 * @returns {*} | ||||
| 	 */ | ||||
| 	getCount: (access) => { | ||||
| 		return access.can('settings:list') | ||||
| 			.then(() => { | ||||
| 				return settingModel | ||||
| 					.query() | ||||
| 					.count('id as count') | ||||
| 					.first(); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				return parseInt(row.count, 10); | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * All settings | ||||
| 	 * | ||||
| 	 * @param   {Access}  access | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	getAll: (access) => { | ||||
| 		return access.can('settings:list') | ||||
| 			.then(() => { | ||||
| 				return settingModel | ||||
| 					.query() | ||||
| 					.orderBy('description', 'ASC'); | ||||
| 			}); | ||||
| 	} | ||||
| }; | ||||
|  | ||||
| module.exports = internalSetting; | ||||
							
								
								
									
										424
									
								
								backend/internal/stream.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										424
									
								
								backend/internal/stream.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,424 @@ | ||||
| const _                   = require('lodash'); | ||||
| const error               = require('../lib/error'); | ||||
| const utils               = require('../lib/utils'); | ||||
| const streamModel         = require('../models/stream'); | ||||
| const internalNginx       = require('./nginx'); | ||||
| const internalAuditLog    = require('./audit-log'); | ||||
| const internalCertificate = require('./certificate'); | ||||
| const internalHost        = require('./host'); | ||||
| const {castJsonIfNeed}    = require('../lib/helpers'); | ||||
|  | ||||
| function omissions () { | ||||
| 	return ['is_deleted', 'owner.is_deleted', 'certificate.is_deleted']; | ||||
| } | ||||
|  | ||||
| const internalStream = { | ||||
|  | ||||
| 	/** | ||||
| 	 * @param   {Access}  access | ||||
| 	 * @param   {Object}  data | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	create: (access, data) => { | ||||
| 		const create_certificate = data.certificate_id === 'new'; | ||||
|  | ||||
| 		if (create_certificate) { | ||||
| 			delete data.certificate_id; | ||||
| 		} | ||||
|  | ||||
| 		return access.can('streams:create', data) | ||||
| 			.then((/*access_data*/) => { | ||||
| 				// TODO: At this point the existing ports should have been checked | ||||
| 				data.owner_user_id = access.token.getUserId(1); | ||||
|  | ||||
| 				if (typeof data.meta === 'undefined') { | ||||
| 					data.meta = {}; | ||||
| 				} | ||||
|  | ||||
| 				// streams aren't routed by domain name so don't store domain names in the DB | ||||
| 				let data_no_domains = structuredClone(data); | ||||
| 				delete data_no_domains.domain_names; | ||||
|  | ||||
| 				return streamModel | ||||
| 					.query() | ||||
| 					.insertAndFetch(data_no_domains) | ||||
| 					.then(utils.omitRow(omissions())); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				if (create_certificate) { | ||||
| 					return internalCertificate.createQuickCertificate(access, data) | ||||
| 						.then((cert) => { | ||||
| 							// update host with cert id | ||||
| 							return internalStream.update(access, { | ||||
| 								id:             row.id, | ||||
| 								certificate_id: cert.id | ||||
| 							}); | ||||
| 						}) | ||||
| 						.then(() => { | ||||
| 							return row; | ||||
| 						}); | ||||
| 				} else { | ||||
| 					return row; | ||||
| 				} | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				// re-fetch with cert | ||||
| 				return internalStream.get(access, { | ||||
| 					id:     row.id, | ||||
| 					expand: ['certificate', 'owner'] | ||||
| 				}); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				// Configure nginx | ||||
| 				return internalNginx.configure(streamModel, 'stream', row) | ||||
| 					.then(() => { | ||||
| 						return row; | ||||
| 					}); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				// Add to audit log | ||||
| 				return internalAuditLog.add(access, { | ||||
| 					action:      'created', | ||||
| 					object_type: 'stream', | ||||
| 					object_id:   row.id, | ||||
| 					meta:        data | ||||
| 				}) | ||||
| 					.then(() => { | ||||
| 						return row; | ||||
| 					}); | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param  {Access}  access | ||||
| 	 * @param  {Object}  data | ||||
| 	 * @param  {Number}  data.id | ||||
| 	 * @return {Promise} | ||||
| 	 */ | ||||
| 	update: (access, data) => { | ||||
| 		const create_certificate = data.certificate_id === 'new'; | ||||
|  | ||||
| 		if (create_certificate) { | ||||
| 			delete data.certificate_id; | ||||
| 		} | ||||
|  | ||||
| 		return access.can('streams:update', data.id) | ||||
| 			.then((/*access_data*/) => { | ||||
| 				// TODO: at this point the existing streams should have been checked | ||||
| 				return internalStream.get(access, {id: data.id}); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				if (row.id !== data.id) { | ||||
| 					// Sanity check that something crazy hasn't happened | ||||
| 					throw new error.InternalValidationError('Stream could not be updated, IDs do not match: ' + row.id + ' !== ' + data.id); | ||||
| 				} | ||||
|  | ||||
| 				if (create_certificate) { | ||||
| 					return internalCertificate.createQuickCertificate(access, { | ||||
| 						domain_names: data.domain_names || row.domain_names, | ||||
| 						meta:         _.assign({}, row.meta, data.meta) | ||||
| 					}) | ||||
| 						.then((cert) => { | ||||
| 							// update host with cert id | ||||
| 							data.certificate_id = cert.id; | ||||
| 						}) | ||||
| 						.then(() => { | ||||
| 							return row; | ||||
| 						}); | ||||
| 				} else { | ||||
| 					return row; | ||||
| 				} | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				// Add domain_names to the data in case it isn't there, so that the audit log renders correctly. The order is important here. | ||||
| 				data = _.assign({}, { | ||||
| 					domain_names: row.domain_names | ||||
| 				}, data); | ||||
|  | ||||
| 				return streamModel | ||||
| 					.query() | ||||
| 					.patchAndFetchById(row.id, data) | ||||
| 					.then(utils.omitRow(omissions())) | ||||
| 					.then((saved_row) => { | ||||
| 						// Add to audit log | ||||
| 						return internalAuditLog.add(access, { | ||||
| 							action:      'updated', | ||||
| 							object_type: 'stream', | ||||
| 							object_id:   row.id, | ||||
| 							meta:        data | ||||
| 						}) | ||||
| 							.then(() => { | ||||
| 								return saved_row; | ||||
| 							}); | ||||
| 					}); | ||||
| 			}) | ||||
| 			.then(() => { | ||||
| 				return internalStream.get(access, {id: data.id, expand: ['owner', 'certificate']}) | ||||
| 					.then((row) => { | ||||
| 						return internalNginx.configure(streamModel, 'stream', row) | ||||
| 							.then((new_meta) => { | ||||
| 								row.meta = new_meta; | ||||
| 								row      = internalHost.cleanRowCertificateMeta(row); | ||||
| 								return _.omit(row, omissions()); | ||||
| 							}); | ||||
| 					}); | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param  {Access}   access | ||||
| 	 * @param  {Object}   data | ||||
| 	 * @param  {Number}   data.id | ||||
| 	 * @param  {Array}    [data.expand] | ||||
| 	 * @param  {Array}    [data.omit] | ||||
| 	 * @return {Promise} | ||||
| 	 */ | ||||
| 	get: (access, data) => { | ||||
| 		if (typeof data === 'undefined') { | ||||
| 			data = {}; | ||||
| 		} | ||||
|  | ||||
| 		return access.can('streams:get', data.id) | ||||
| 			.then((access_data) => { | ||||
| 				let query = streamModel | ||||
| 					.query() | ||||
| 					.where('is_deleted', 0) | ||||
| 					.andWhere('id', data.id) | ||||
| 					.allowGraph('[owner,certificate]') | ||||
| 					.first(); | ||||
|  | ||||
| 				if (access_data.permission_visibility !== 'all') { | ||||
| 					query.andWhere('owner_user_id', access.token.getUserId(1)); | ||||
| 				} | ||||
|  | ||||
| 				if (typeof data.expand !== 'undefined' && data.expand !== null) { | ||||
| 					query.withGraphFetched('[' + data.expand.join(', ') + ']'); | ||||
| 				} | ||||
|  | ||||
| 				return query.then(utils.omitRow(omissions())); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				if (!row || !row.id) { | ||||
| 					throw new error.ItemNotFoundError(data.id); | ||||
| 				} | ||||
| 				row = internalHost.cleanRowCertificateMeta(row); | ||||
| 				// Custom omissions | ||||
| 				if (typeof data.omit !== 'undefined' && data.omit !== null) { | ||||
| 					row = _.omit(row, data.omit); | ||||
| 				} | ||||
| 				return row; | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param {Access}  access | ||||
| 	 * @param {Object}  data | ||||
| 	 * @param {Number}  data.id | ||||
| 	 * @param {String}  [data.reason] | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	delete: (access, data) => { | ||||
| 		return access.can('streams:delete', data.id) | ||||
| 			.then(() => { | ||||
| 				return internalStream.get(access, {id: data.id}); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				if (!row || !row.id) { | ||||
| 					throw new error.ItemNotFoundError(data.id); | ||||
| 				} | ||||
|  | ||||
| 				return streamModel | ||||
| 					.query() | ||||
| 					.where('id', row.id) | ||||
| 					.patch({ | ||||
| 						is_deleted: 1 | ||||
| 					}) | ||||
| 					.then(() => { | ||||
| 						// Delete Nginx Config | ||||
| 						return internalNginx.deleteConfig('stream', row) | ||||
| 							.then(() => { | ||||
| 								return internalNginx.reload(); | ||||
| 							}); | ||||
| 					}) | ||||
| 					.then(() => { | ||||
| 						// Add to audit log | ||||
| 						return internalAuditLog.add(access, { | ||||
| 							action:      'deleted', | ||||
| 							object_type: 'stream', | ||||
| 							object_id:   row.id, | ||||
| 							meta:        _.omit(row, omissions()) | ||||
| 						}); | ||||
| 					}); | ||||
| 			}) | ||||
| 			.then(() => { | ||||
| 				return true; | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param {Access}  access | ||||
| 	 * @param {Object}  data | ||||
| 	 * @param {Number}  data.id | ||||
| 	 * @param {String}  [data.reason] | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	enable: (access, data) => { | ||||
| 		return access.can('streams:update', data.id) | ||||
| 			.then(() => { | ||||
| 				return internalStream.get(access, { | ||||
| 					id:     data.id, | ||||
| 					expand: ['certificate', 'owner'] | ||||
| 				}); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				if (!row || !row.id) { | ||||
| 					throw new error.ItemNotFoundError(data.id); | ||||
| 				} else if (row.enabled) { | ||||
| 					throw new error.ValidationError('Stream is already enabled'); | ||||
| 				} | ||||
|  | ||||
| 				row.enabled = 1; | ||||
|  | ||||
| 				return streamModel | ||||
| 					.query() | ||||
| 					.where('id', row.id) | ||||
| 					.patch({ | ||||
| 						enabled: 1 | ||||
| 					}) | ||||
| 					.then(() => { | ||||
| 						// Configure nginx | ||||
| 						return internalNginx.configure(streamModel, 'stream', row); | ||||
| 					}) | ||||
| 					.then(() => { | ||||
| 						// Add to audit log | ||||
| 						return internalAuditLog.add(access, { | ||||
| 							action:      'enabled', | ||||
| 							object_type: 'stream', | ||||
| 							object_id:   row.id, | ||||
| 							meta:        _.omit(row, omissions()) | ||||
| 						}); | ||||
| 					}); | ||||
| 			}) | ||||
| 			.then(() => { | ||||
| 				return true; | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param {Access}  access | ||||
| 	 * @param {Object}  data | ||||
| 	 * @param {Number}  data.id | ||||
| 	 * @param {String}  [data.reason] | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	disable: (access, data) => { | ||||
| 		return access.can('streams:update', data.id) | ||||
| 			.then(() => { | ||||
| 				return internalStream.get(access, {id: data.id}); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				if (!row || !row.id) { | ||||
| 					throw new error.ItemNotFoundError(data.id); | ||||
| 				} else if (!row.enabled) { | ||||
| 					throw new error.ValidationError('Stream is already disabled'); | ||||
| 				} | ||||
|  | ||||
| 				row.enabled = 0; | ||||
|  | ||||
| 				return streamModel | ||||
| 					.query() | ||||
| 					.where('id', row.id) | ||||
| 					.patch({ | ||||
| 						enabled: 0 | ||||
| 					}) | ||||
| 					.then(() => { | ||||
| 						// Delete Nginx Config | ||||
| 						return internalNginx.deleteConfig('stream', row) | ||||
| 							.then(() => { | ||||
| 								return internalNginx.reload(); | ||||
| 							}); | ||||
| 					}) | ||||
| 					.then(() => { | ||||
| 						// Add to audit log | ||||
| 						return internalAuditLog.add(access, { | ||||
| 							action:      'disabled', | ||||
| 							object_type: 'stream-host', | ||||
| 							object_id:   row.id, | ||||
| 							meta:        _.omit(row, omissions()) | ||||
| 						}); | ||||
| 					}); | ||||
| 			}) | ||||
| 			.then(() => { | ||||
| 				return true; | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * All Streams | ||||
| 	 * | ||||
| 	 * @param   {Access}  access | ||||
| 	 * @param   {Array}   [expand] | ||||
| 	 * @param   {String}  [search_query] | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	getAll: (access, expand, search_query) => { | ||||
| 		return access.can('streams:list') | ||||
| 			.then((access_data) => { | ||||
| 				const query = streamModel | ||||
| 					.query() | ||||
| 					.where('is_deleted', 0) | ||||
| 					.groupBy('id') | ||||
| 					.allowGraph('[owner,certificate]') | ||||
| 					.orderBy('incoming_port', 'ASC'); | ||||
|  | ||||
| 				if (access_data.permission_visibility !== 'all') { | ||||
| 					query.andWhere('owner_user_id', access.token.getUserId(1)); | ||||
| 				} | ||||
|  | ||||
| 				// Query is used for searching | ||||
| 				if (typeof search_query === 'string' && search_query.length > 0) { | ||||
| 					query.where(function () { | ||||
| 						this.where(castJsonIfNeed('incoming_port'), 'like', `%${search_query}%`); | ||||
| 					}); | ||||
| 				} | ||||
|  | ||||
| 				if (typeof expand !== 'undefined' && expand !== null) { | ||||
| 					query.withGraphFetched('[' + expand.join(', ') + ']'); | ||||
| 				} | ||||
|  | ||||
| 				return query.then(utils.omitRows(omissions())); | ||||
| 			}) | ||||
| 			.then((rows) => { | ||||
| 				if (typeof expand !== 'undefined' && expand !== null && expand.indexOf('certificate') !== -1) { | ||||
| 					return internalHost.cleanAllRowsCertificateMeta(rows); | ||||
| 				} | ||||
|  | ||||
| 				return rows; | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * Report use | ||||
| 	 * | ||||
| 	 * @param   {Number}  user_id | ||||
| 	 * @param   {String}  visibility | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	getCount: (user_id, visibility) => { | ||||
| 		const query = streamModel | ||||
| 			.query() | ||||
| 			.count('id AS count') | ||||
| 			.where('is_deleted', 0); | ||||
|  | ||||
| 		if (visibility !== 'all') { | ||||
| 			query.andWhere('owner_user_id', user_id); | ||||
| 		} | ||||
|  | ||||
| 		return query.first() | ||||
| 			.then((row) => { | ||||
| 				return parseInt(row.count, 10); | ||||
| 			}); | ||||
| 	} | ||||
| }; | ||||
|  | ||||
| module.exports = internalStream; | ||||
							
								
								
									
										164
									
								
								backend/internal/token.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										164
									
								
								backend/internal/token.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,164 @@ | ||||
| const _          = require('lodash'); | ||||
| const error      = require('../lib/error'); | ||||
| const userModel  = require('../models/user'); | ||||
| const authModel  = require('../models/auth'); | ||||
| const helpers    = require('../lib/helpers'); | ||||
| const TokenModel = require('../models/token'); | ||||
|  | ||||
| const ERROR_MESSAGE_INVALID_AUTH = 'Invalid email or password'; | ||||
|  | ||||
| module.exports = { | ||||
|  | ||||
| 	/** | ||||
| 	 * @param   {Object} data | ||||
| 	 * @param   {String} data.identity | ||||
| 	 * @param   {String} data.secret | ||||
| 	 * @param   {String} [data.scope] | ||||
| 	 * @param   {String} [data.expiry] | ||||
| 	 * @param   {String} [issuer] | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	getTokenFromEmail: (data, issuer) => { | ||||
| 		let Token = new TokenModel(); | ||||
|  | ||||
| 		data.scope  = data.scope || 'user'; | ||||
| 		data.expiry = data.expiry || '1d'; | ||||
|  | ||||
| 		return userModel | ||||
| 			.query() | ||||
| 			.where('email', data.identity.toLowerCase().trim()) | ||||
| 			.andWhere('is_deleted', 0) | ||||
| 			.andWhere('is_disabled', 0) | ||||
| 			.first() | ||||
| 			.then((user) => { | ||||
| 				if (user) { | ||||
| 					// Get auth | ||||
| 					return authModel | ||||
| 						.query() | ||||
| 						.where('user_id', '=', user.id) | ||||
| 						.where('type', '=', 'password') | ||||
| 						.first() | ||||
| 						.then((auth) => { | ||||
| 							if (auth) { | ||||
| 								return auth.verifyPassword(data.secret) | ||||
| 									.then((valid) => { | ||||
| 										if (valid) { | ||||
|  | ||||
| 											if (data.scope !== 'user' && _.indexOf(user.roles, data.scope) === -1) { | ||||
| 												// The scope requested doesn't exist as a role against the user, | ||||
| 												// you shall not pass. | ||||
| 												throw new error.AuthError('Invalid scope: ' + data.scope); | ||||
| 											} | ||||
|  | ||||
| 											// Create a moment of the expiry expression | ||||
| 											let expiry = helpers.parseDatePeriod(data.expiry); | ||||
| 											if (expiry === null) { | ||||
| 												throw new error.AuthError('Invalid expiry time: ' + data.expiry); | ||||
| 											} | ||||
|  | ||||
| 											return Token.create({ | ||||
| 												iss:   issuer || 'api', | ||||
| 												attrs: { | ||||
| 													id: user.id | ||||
| 												}, | ||||
| 												scope:     [data.scope], | ||||
| 												expiresIn: data.expiry | ||||
| 											}) | ||||
| 												.then((signed) => { | ||||
| 													return { | ||||
| 														token:   signed.token, | ||||
| 														expires: expiry.toISOString() | ||||
| 													}; | ||||
| 												}); | ||||
| 										} else { | ||||
| 											throw new error.AuthError(ERROR_MESSAGE_INVALID_AUTH); | ||||
| 										} | ||||
| 									}); | ||||
| 							} else { | ||||
| 								throw new error.AuthError(ERROR_MESSAGE_INVALID_AUTH); | ||||
| 							} | ||||
| 						}); | ||||
| 				} else { | ||||
| 					throw new error.AuthError(ERROR_MESSAGE_INVALID_AUTH); | ||||
| 				} | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param {Access} access | ||||
| 	 * @param {Object} [data] | ||||
| 	 * @param {String} [data.expiry] | ||||
| 	 * @param {String} [data.scope]   Only considered if existing token scope is admin | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	getFreshToken: (access, data) => { | ||||
| 		let Token = new TokenModel(); | ||||
|  | ||||
| 		data        = data || {}; | ||||
| 		data.expiry = data.expiry || '1d'; | ||||
|  | ||||
| 		if (access && access.token.getUserId(0)) { | ||||
|  | ||||
| 			// Create a moment of the expiry expression | ||||
| 			let expiry = helpers.parseDatePeriod(data.expiry); | ||||
| 			if (expiry === null) { | ||||
| 				throw new error.AuthError('Invalid expiry time: ' + data.expiry); | ||||
| 			} | ||||
|  | ||||
| 			let token_attrs = { | ||||
| 				id: access.token.getUserId(0) | ||||
| 			}; | ||||
|  | ||||
| 			// Only admins can request otherwise scoped tokens | ||||
| 			let scope = access.token.get('scope'); | ||||
| 			if (data.scope && access.token.hasScope('admin')) { | ||||
| 				scope = [data.scope]; | ||||
|  | ||||
| 				if (data.scope === 'job-board' || data.scope === 'worker') { | ||||
| 					token_attrs.id = 0; | ||||
| 				} | ||||
| 			} | ||||
|  | ||||
| 			return Token.create({ | ||||
| 				iss:       'api', | ||||
| 				scope:     scope, | ||||
| 				attrs:     token_attrs, | ||||
| 				expiresIn: data.expiry | ||||
| 			}) | ||||
| 				.then((signed) => { | ||||
| 					return { | ||||
| 						token:   signed.token, | ||||
| 						expires: expiry.toISOString() | ||||
| 					}; | ||||
| 				}); | ||||
| 		} else { | ||||
| 			throw new error.AssertionFailedError('Existing token contained invalid user data'); | ||||
| 		} | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param   {Object} user | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	getTokenFromUser: (user) => { | ||||
| 		const expire = '1d'; | ||||
| 		const Token  = new TokenModel(); | ||||
| 		const expiry = helpers.parseDatePeriod(expire); | ||||
|  | ||||
| 		return Token.create({ | ||||
| 			iss:   'api', | ||||
| 			attrs: { | ||||
| 				id: user.id | ||||
| 			}, | ||||
| 			scope:     ['user'], | ||||
| 			expiresIn: expire | ||||
| 		}) | ||||
| 			.then((signed) => { | ||||
| 				return { | ||||
| 					token:   signed.token, | ||||
| 					expires: expiry.toISOString(), | ||||
| 					user:    user | ||||
| 				}; | ||||
| 			}); | ||||
| 	} | ||||
| }; | ||||
							
								
								
									
										513
									
								
								backend/internal/user.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										513
									
								
								backend/internal/user.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,513 @@ | ||||
| const _                   = require('lodash'); | ||||
| const error               = require('../lib/error'); | ||||
| const utils               = require('../lib/utils'); | ||||
| const userModel           = require('../models/user'); | ||||
| const userPermissionModel = require('../models/user_permission'); | ||||
| const authModel           = require('../models/auth'); | ||||
| const gravatar            = require('gravatar'); | ||||
| const internalToken       = require('./token'); | ||||
| const internalAuditLog    = require('./audit-log'); | ||||
|  | ||||
| function omissions () { | ||||
| 	return ['is_deleted']; | ||||
| } | ||||
|  | ||||
| const internalUser = { | ||||
|  | ||||
| 	/** | ||||
| 	 * @param   {Access}  access | ||||
| 	 * @param   {Object}  data | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	create: (access, data) => { | ||||
| 		let auth = data.auth || null; | ||||
| 		delete data.auth; | ||||
|  | ||||
| 		data.avatar = data.avatar || ''; | ||||
| 		data.roles  = data.roles || []; | ||||
|  | ||||
| 		if (typeof data.is_disabled !== 'undefined') { | ||||
| 			data.is_disabled = data.is_disabled ? 1 : 0; | ||||
| 		} | ||||
|  | ||||
| 		return access.can('users:create', data) | ||||
| 			.then(() => { | ||||
| 				data.avatar = gravatar.url(data.email, {default: 'mm'}); | ||||
|  | ||||
| 				return userModel | ||||
| 					.query() | ||||
| 					.insertAndFetch(data) | ||||
| 					.then(utils.omitRow(omissions())); | ||||
| 			}) | ||||
| 			.then((user) => { | ||||
| 				if (auth) { | ||||
| 					return authModel | ||||
| 						.query() | ||||
| 						.insert({ | ||||
| 							user_id: user.id, | ||||
| 							type:    auth.type, | ||||
| 							secret:  auth.secret, | ||||
| 							meta:    {} | ||||
| 						}) | ||||
| 						.then(() => { | ||||
| 							return user; | ||||
| 						}); | ||||
| 				} else { | ||||
| 					return user; | ||||
| 				} | ||||
| 			}) | ||||
| 			.then((user) => { | ||||
| 				// Create permissions row as well | ||||
| 				let is_admin = data.roles.indexOf('admin') !== -1; | ||||
|  | ||||
| 				return userPermissionModel | ||||
| 					.query() | ||||
| 					.insert({ | ||||
| 						user_id:           user.id, | ||||
| 						visibility:        is_admin ? 'all' : 'user', | ||||
| 						proxy_hosts:       'manage', | ||||
| 						redirection_hosts: 'manage', | ||||
| 						dead_hosts:        'manage', | ||||
| 						streams:           'manage', | ||||
| 						access_lists:      'manage', | ||||
| 						certificates:      'manage' | ||||
| 					}) | ||||
| 					.then(() => { | ||||
| 						return internalUser.get(access, {id: user.id, expand: ['permissions']}); | ||||
| 					}); | ||||
| 			}) | ||||
| 			.then((user) => { | ||||
| 				// Add to audit log | ||||
| 				return internalAuditLog.add(access, { | ||||
| 					action:      'created', | ||||
| 					object_type: 'user', | ||||
| 					object_id:   user.id, | ||||
| 					meta:        user | ||||
| 				}) | ||||
| 					.then(() => { | ||||
| 						return user; | ||||
| 					}); | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param  {Access}  access | ||||
| 	 * @param  {Object}  data | ||||
| 	 * @param  {Integer} data.id | ||||
| 	 * @param  {String}  [data.email] | ||||
| 	 * @param  {String}  [data.name] | ||||
| 	 * @return {Promise} | ||||
| 	 */ | ||||
| 	update: (access, data) => { | ||||
| 		if (typeof data.is_disabled !== 'undefined') { | ||||
| 			data.is_disabled = data.is_disabled ? 1 : 0; | ||||
| 		} | ||||
|  | ||||
| 		return access.can('users:update', data.id) | ||||
| 			.then(() => { | ||||
|  | ||||
| 				// Make sure that the user being updated doesn't change their email to another user that is already using it | ||||
| 				// 1. get user we want to update | ||||
| 				return internalUser.get(access, {id: data.id}) | ||||
| 					.then((user) => { | ||||
|  | ||||
| 						// 2. if email is to be changed, find other users with that email | ||||
| 						if (typeof data.email !== 'undefined') { | ||||
| 							data.email = data.email.toLowerCase().trim(); | ||||
|  | ||||
| 							if (user.email !== data.email) { | ||||
| 								return internalUser.isEmailAvailable(data.email, data.id) | ||||
| 									.then((available) => { | ||||
| 										if (!available) { | ||||
| 											throw new error.ValidationError('Email address already in use - ' + data.email); | ||||
| 										} | ||||
|  | ||||
| 										return user; | ||||
| 									}); | ||||
| 							} | ||||
| 						} | ||||
|  | ||||
| 						// No change to email: | ||||
| 						return user; | ||||
| 					}); | ||||
| 			}) | ||||
| 			.then((user) => { | ||||
| 				if (user.id !== data.id) { | ||||
| 					// Sanity check that something crazy hasn't happened | ||||
| 					throw new error.InternalValidationError('User could not be updated, IDs do not match: ' + user.id + ' !== ' + data.id); | ||||
| 				} | ||||
|  | ||||
| 				data.avatar = gravatar.url(data.email || user.email, {default: 'mm'}); | ||||
|  | ||||
| 				return userModel | ||||
| 					.query() | ||||
| 					.patchAndFetchById(user.id, data) | ||||
| 					.then(utils.omitRow(omissions())); | ||||
| 			}) | ||||
| 			.then(() => { | ||||
| 				return internalUser.get(access, {id: data.id}); | ||||
| 			}) | ||||
| 			.then((user) => { | ||||
| 				// Add to audit log | ||||
| 				return internalAuditLog.add(access, { | ||||
| 					action:      'updated', | ||||
| 					object_type: 'user', | ||||
| 					object_id:   user.id, | ||||
| 					meta:        data | ||||
| 				}) | ||||
| 					.then(() => { | ||||
| 						return user; | ||||
| 					}); | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param  {Access}   access | ||||
| 	 * @param  {Object}   [data] | ||||
| 	 * @param  {Integer}  [data.id]          Defaults to the token user | ||||
| 	 * @param  {Array}    [data.expand] | ||||
| 	 * @param  {Array}    [data.omit] | ||||
| 	 * @return {Promise} | ||||
| 	 */ | ||||
| 	get: (access, data) => { | ||||
| 		if (typeof data === 'undefined') { | ||||
| 			data = {}; | ||||
| 		} | ||||
|  | ||||
| 		if (typeof data.id === 'undefined' || !data.id) { | ||||
| 			data.id = access.token.getUserId(0); | ||||
| 		} | ||||
|  | ||||
| 		return access.can('users:get', data.id) | ||||
| 			.then(() => { | ||||
| 				let query = userModel | ||||
| 					.query() | ||||
| 					.where('is_deleted', 0) | ||||
| 					.andWhere('id', data.id) | ||||
| 					.allowGraph('[permissions]') | ||||
| 					.first(); | ||||
|  | ||||
| 				if (typeof data.expand !== 'undefined' && data.expand !== null) { | ||||
| 					query.withGraphFetched('[' + data.expand.join(', ') + ']'); | ||||
| 				} | ||||
|  | ||||
| 				return query.then(utils.omitRow(omissions())); | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				if (!row || !row.id) { | ||||
| 					throw new error.ItemNotFoundError(data.id); | ||||
| 				} | ||||
| 				// Custom omissions | ||||
| 				if (typeof data.omit !== 'undefined' && data.omit !== null) { | ||||
| 					row = _.omit(row, data.omit); | ||||
| 				} | ||||
| 				return row; | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * Checks if an email address is available, but if a user_id is supplied, it will ignore checking | ||||
| 	 * against that user. | ||||
| 	 * | ||||
| 	 * @param email | ||||
| 	 * @param user_id | ||||
| 	 */ | ||||
| 	isEmailAvailable: (email, user_id) => { | ||||
| 		let query = userModel | ||||
| 			.query() | ||||
| 			.where('email', '=', email.toLowerCase().trim()) | ||||
| 			.where('is_deleted', 0) | ||||
| 			.first(); | ||||
|  | ||||
| 		if (typeof user_id !== 'undefined') { | ||||
| 			query.where('id', '!=', user_id); | ||||
| 		} | ||||
|  | ||||
| 		return query | ||||
| 			.then((user) => { | ||||
| 				return !user; | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param {Access}  access | ||||
| 	 * @param {Object}  data | ||||
| 	 * @param {Integer} data.id | ||||
| 	 * @param {String}  [data.reason] | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	delete: (access, data) => { | ||||
| 		return access.can('users:delete', data.id) | ||||
| 			.then(() => { | ||||
| 				return internalUser.get(access, {id: data.id}); | ||||
| 			}) | ||||
| 			.then((user) => { | ||||
| 				if (!user) { | ||||
| 					throw new error.ItemNotFoundError(data.id); | ||||
| 				} | ||||
|  | ||||
| 				// Make sure user can't delete themselves | ||||
| 				if (user.id === access.token.getUserId(0)) { | ||||
| 					throw new error.PermissionError('You cannot delete yourself.'); | ||||
| 				} | ||||
|  | ||||
| 				return userModel | ||||
| 					.query() | ||||
| 					.where('id', user.id) | ||||
| 					.patch({ | ||||
| 						is_deleted: 1 | ||||
| 					}) | ||||
| 					.then(() => { | ||||
| 						// Add to audit log | ||||
| 						return internalAuditLog.add(access, { | ||||
| 							action:      'deleted', | ||||
| 							object_type: 'user', | ||||
| 							object_id:   user.id, | ||||
| 							meta:        _.omit(user, omissions()) | ||||
| 						}); | ||||
| 					}); | ||||
| 			}) | ||||
| 			.then(() => { | ||||
| 				return true; | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * This will only count the users | ||||
| 	 * | ||||
| 	 * @param   {Access}  access | ||||
| 	 * @param   {String}  [search_query] | ||||
| 	 * @returns {*} | ||||
| 	 */ | ||||
| 	getCount: (access, search_query) => { | ||||
| 		return access.can('users:list') | ||||
| 			.then(() => { | ||||
| 				let query = userModel | ||||
| 					.query() | ||||
| 					.count('id as count') | ||||
| 					.where('is_deleted', 0) | ||||
| 					.first(); | ||||
|  | ||||
| 				// Query is used for searching | ||||
| 				if (typeof search_query === 'string') { | ||||
| 					query.where(function () { | ||||
| 						this.where('user.name', 'like', '%' + search_query + '%') | ||||
| 							.orWhere('user.email', 'like', '%' + search_query + '%'); | ||||
| 					}); | ||||
| 				} | ||||
|  | ||||
| 				return query; | ||||
| 			}) | ||||
| 			.then((row) => { | ||||
| 				return parseInt(row.count, 10); | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * All users | ||||
| 	 * | ||||
| 	 * @param   {Access}  access | ||||
| 	 * @param   {Array}   [expand] | ||||
| 	 * @param   {String}  [search_query] | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	getAll: (access, expand, search_query) => { | ||||
| 		return access.can('users:list') | ||||
| 			.then(() => { | ||||
| 				let query = userModel | ||||
| 					.query() | ||||
| 					.where('is_deleted', 0) | ||||
| 					.groupBy('id') | ||||
| 					.allowGraph('[permissions]') | ||||
| 					.orderBy('name', 'ASC'); | ||||
|  | ||||
| 				// Query is used for searching | ||||
| 				if (typeof search_query === 'string') { | ||||
| 					query.where(function () { | ||||
| 						this.where('name', 'like', '%' + search_query + '%') | ||||
| 							.orWhere('email', 'like', '%' + search_query + '%'); | ||||
| 					}); | ||||
| 				} | ||||
|  | ||||
| 				if (typeof expand !== 'undefined' && expand !== null) { | ||||
| 					query.withGraphFetched('[' + expand.join(', ') + ']'); | ||||
| 				} | ||||
|  | ||||
| 				return query.then(utils.omitRows(omissions())); | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param   {Access} access | ||||
| 	 * @param   {Integer} [id_requested] | ||||
| 	 * @returns {[String]} | ||||
| 	 */ | ||||
| 	getUserOmisionsByAccess: (access, id_requested) => { | ||||
| 		let response = []; // Admin response | ||||
|  | ||||
| 		if (!access.token.hasScope('admin') && access.token.getUserId(0) !== id_requested) { | ||||
| 			response = ['roles', 'is_deleted']; // Restricted response | ||||
| 		} | ||||
|  | ||||
| 		return response; | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param  {Access}  access | ||||
| 	 * @param  {Object}  data | ||||
| 	 * @param  {Integer} data.id | ||||
| 	 * @param  {String}  data.type | ||||
| 	 * @param  {String}  data.secret | ||||
| 	 * @return {Promise} | ||||
| 	 */ | ||||
| 	setPassword: (access, data) => { | ||||
| 		return access.can('users:password', data.id) | ||||
| 			.then(() => { | ||||
| 				return internalUser.get(access, {id: data.id}); | ||||
| 			}) | ||||
| 			.then((user) => { | ||||
| 				if (user.id !== data.id) { | ||||
| 					// Sanity check that something crazy hasn't happened | ||||
| 					throw new error.InternalValidationError('User could not be updated, IDs do not match: ' + user.id + ' !== ' + data.id); | ||||
| 				} | ||||
|  | ||||
| 				if (user.id === access.token.getUserId(0)) { | ||||
| 					// they're setting their own password. Make sure their current password is correct | ||||
| 					if (typeof data.current === 'undefined' || !data.current) { | ||||
| 						throw new error.ValidationError('Current password was not supplied'); | ||||
| 					} | ||||
|  | ||||
| 					return internalToken.getTokenFromEmail({ | ||||
| 						identity: user.email, | ||||
| 						secret:   data.current | ||||
| 					}) | ||||
| 						.then(() => { | ||||
| 							return user; | ||||
| 						}); | ||||
| 				} | ||||
|  | ||||
| 				return user; | ||||
| 			}) | ||||
| 			.then((user) => { | ||||
| 				// Get auth, patch if it exists | ||||
| 				return authModel | ||||
| 					.query() | ||||
| 					.where('user_id', user.id) | ||||
| 					.andWhere('type', data.type) | ||||
| 					.first() | ||||
| 					.then((existing_auth) => { | ||||
| 						if (existing_auth) { | ||||
| 							// patch | ||||
| 							return authModel | ||||
| 								.query() | ||||
| 								.where('user_id', user.id) | ||||
| 								.andWhere('type', data.type) | ||||
| 								.patch({ | ||||
| 									type:   data.type, // This is required for the model to encrypt on save | ||||
| 									secret: data.secret | ||||
| 								}); | ||||
| 						} else { | ||||
| 							// insert | ||||
| 							return authModel | ||||
| 								.query() | ||||
| 								.insert({ | ||||
| 									user_id: user.id, | ||||
| 									type:    data.type, | ||||
| 									secret:  data.secret, | ||||
| 									meta:    {} | ||||
| 								}); | ||||
| 						} | ||||
| 					}) | ||||
| 					.then(() => { | ||||
| 						// Add to Audit Log | ||||
| 						return internalAuditLog.add(access, { | ||||
| 							action:      'updated', | ||||
| 							object_type: 'user', | ||||
| 							object_id:   user.id, | ||||
| 							meta:        { | ||||
| 								name:             user.name, | ||||
| 								password_changed: true, | ||||
| 								auth_type:        data.type | ||||
| 							} | ||||
| 						}); | ||||
| 					}); | ||||
| 			}) | ||||
| 			.then(() => { | ||||
| 				return true; | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param  {Access}  access | ||||
| 	 * @param  {Object}  data | ||||
| 	 * @return {Promise} | ||||
| 	 */ | ||||
| 	setPermissions: (access, data) => { | ||||
| 		return access.can('users:permissions', data.id) | ||||
| 			.then(() => { | ||||
| 				return internalUser.get(access, {id: data.id}); | ||||
| 			}) | ||||
| 			.then((user) => { | ||||
| 				if (user.id !== data.id) { | ||||
| 					// Sanity check that something crazy hasn't happened | ||||
| 					throw new error.InternalValidationError('User could not be updated, IDs do not match: ' + user.id + ' !== ' + data.id); | ||||
| 				} | ||||
|  | ||||
| 				return user; | ||||
| 			}) | ||||
| 			.then((user) => { | ||||
| 				// Get perms row, patch if it exists | ||||
| 				return userPermissionModel | ||||
| 					.query() | ||||
| 					.where('user_id', user.id) | ||||
| 					.first() | ||||
| 					.then((existing_auth) => { | ||||
| 						if (existing_auth) { | ||||
| 							// patch | ||||
| 							return userPermissionModel | ||||
| 								.query() | ||||
| 								.where('user_id', user.id) | ||||
| 								.patchAndFetchById(existing_auth.id, _.assign({user_id: user.id}, data)); | ||||
| 						} else { | ||||
| 							// insert | ||||
| 							return userPermissionModel | ||||
| 								.query() | ||||
| 								.insertAndFetch(_.assign({user_id: user.id}, data)); | ||||
| 						} | ||||
| 					}) | ||||
| 					.then((permissions) => { | ||||
| 						// Add to Audit Log | ||||
| 						return internalAuditLog.add(access, { | ||||
| 							action:      'updated', | ||||
| 							object_type: 'user', | ||||
| 							object_id:   user.id, | ||||
| 							meta:        { | ||||
| 								name:        user.name, | ||||
| 								permissions: permissions | ||||
| 							} | ||||
| 						}); | ||||
|  | ||||
| 					}); | ||||
| 			}) | ||||
| 			.then(() => { | ||||
| 				return true; | ||||
| 			}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param {Access}   access | ||||
| 	 * @param {Object}   data | ||||
| 	 * @param {Integer}  data.id | ||||
| 	 */ | ||||
| 	loginAs: (access, data) => { | ||||
| 		return access.can('users:loginas', data.id) | ||||
| 			.then(() => { | ||||
| 				return internalUser.get(access, data); | ||||
| 			}) | ||||
| 			.then((user) => { | ||||
| 				return internalToken.getTokenFromUser(user); | ||||
| 			}); | ||||
| 	} | ||||
| }; | ||||
|  | ||||
| module.exports = internalUser; | ||||
							
								
								
									
										19
									
								
								backend/knexfile.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										19
									
								
								backend/knexfile.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,19 @@ | ||||
| module.exports = { | ||||
| 	development: { | ||||
| 		client:     'mysql2', | ||||
| 		migrations: { | ||||
| 			tableName: 'migrations', | ||||
| 			stub:      'lib/migrate_template.js', | ||||
| 			directory: 'migrations' | ||||
| 		} | ||||
| 	}, | ||||
|  | ||||
| 	production: { | ||||
| 		client:     'mysql2', | ||||
| 		migrations: { | ||||
| 			tableName: 'migrations', | ||||
| 			stub:      'lib/migrate_template.js', | ||||
| 			directory: 'migrations' | ||||
| 		} | ||||
| 	} | ||||
| }; | ||||
							
								
								
									
										307
									
								
								backend/lib/access.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										307
									
								
								backend/lib/access.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,307 @@ | ||||
| /** | ||||
|  * Some Notes: This is a friggin complicated piece of code. | ||||
|  * | ||||
|  * "scope" in this file means "where did this token come from and what is using it", so 99% of the time | ||||
|  * the "scope" is going to be "user" because it would be a user token. This is not to be confused with | ||||
|  * the "role" which could be "user" or "admin". The scope in fact, could be "worker" or anything else. | ||||
|  * | ||||
|  * | ||||
|  */ | ||||
|  | ||||
| const _              = require('lodash'); | ||||
| const logger         = require('../logger').access; | ||||
| const Ajv            = require('ajv/dist/2020'); | ||||
| const error          = require('./error'); | ||||
| const userModel      = require('../models/user'); | ||||
| const proxyHostModel = require('../models/proxy_host'); | ||||
| const TokenModel     = require('../models/token'); | ||||
| const roleSchema     = require('./access/roles.json'); | ||||
| const permsSchema    = require('./access/permissions.json'); | ||||
|  | ||||
| module.exports = function (token_string) { | ||||
| 	let Token                 = new TokenModel(); | ||||
| 	let token_data            = null; | ||||
| 	let initialised           = false; | ||||
| 	let object_cache          = {}; | ||||
| 	let allow_internal_access = false; | ||||
| 	let user_roles            = []; | ||||
| 	let permissions           = {}; | ||||
|  | ||||
| 	/** | ||||
| 	 * Loads the Token object from the token string | ||||
| 	 * | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	this.init = () => { | ||||
| 		return new Promise((resolve, reject) => { | ||||
| 			if (initialised) { | ||||
| 				resolve(); | ||||
| 			} else if (!token_string) { | ||||
| 				reject(new error.PermissionError('Permission Denied')); | ||||
| 			} else { | ||||
| 				resolve(Token.load(token_string) | ||||
| 					.then((data) => { | ||||
| 						token_data = data; | ||||
|  | ||||
| 						// At this point we need to load the user from the DB and make sure they: | ||||
| 						// - exist (and not soft deleted) | ||||
| 						// - still have the appropriate scopes for this token | ||||
| 						// This is only required when the User ID is supplied or if the token scope has `user` | ||||
|  | ||||
| 						if (token_data.attrs.id || (typeof token_data.scope !== 'undefined' && _.indexOf(token_data.scope, 'user') !== -1)) { | ||||
| 							// Has token user id or token user scope | ||||
| 							return userModel | ||||
| 								.query() | ||||
| 								.where('id', token_data.attrs.id) | ||||
| 								.andWhere('is_deleted', 0) | ||||
| 								.andWhere('is_disabled', 0) | ||||
| 								.allowGraph('[permissions]') | ||||
| 								.withGraphFetched('[permissions]') | ||||
| 								.first() | ||||
| 								.then((user) => { | ||||
| 									if (user) { | ||||
| 										// make sure user has all scopes of the token | ||||
| 										// The `user` role is not added against the user row, so we have to just add it here to get past this check. | ||||
| 										user.roles.push('user'); | ||||
|  | ||||
| 										let is_ok = true; | ||||
| 										_.forEach(token_data.scope, (scope_item) => { | ||||
| 											if (_.indexOf(user.roles, scope_item) === -1) { | ||||
| 												is_ok = false; | ||||
| 											} | ||||
| 										}); | ||||
|  | ||||
| 										if (!is_ok) { | ||||
| 											throw new error.AuthError('Invalid token scope for User'); | ||||
| 										} else { | ||||
| 											initialised = true; | ||||
| 											user_roles  = user.roles; | ||||
| 											permissions = user.permissions; | ||||
| 										} | ||||
|  | ||||
| 									} else { | ||||
| 										throw new error.AuthError('User cannot be loaded for Token'); | ||||
| 									} | ||||
| 								}); | ||||
| 						} else { | ||||
| 							initialised = true; | ||||
| 						} | ||||
| 					})); | ||||
| 			} | ||||
| 		}); | ||||
| 	}; | ||||
|  | ||||
| 	/** | ||||
| 	 * Fetches the object ids from the database, only once per object type, for this token. | ||||
| 	 * This only applies to USER token scopes, as all other tokens are not really bound | ||||
| 	 * by object scopes | ||||
| 	 * | ||||
| 	 * @param   {String} object_type | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	this.loadObjects = (object_type) => { | ||||
| 		return new Promise((resolve, reject) => { | ||||
| 			if (Token.hasScope('user')) { | ||||
| 				if (typeof token_data.attrs.id === 'undefined' || !token_data.attrs.id) { | ||||
| 					reject(new error.AuthError('User Token supplied without a User ID')); | ||||
| 				} else { | ||||
| 					let token_user_id = token_data.attrs.id ? token_data.attrs.id : 0; | ||||
| 					let query; | ||||
|  | ||||
| 					if (typeof object_cache[object_type] === 'undefined') { | ||||
| 						switch (object_type) { | ||||
|  | ||||
| 						// USERS - should only return yourself | ||||
| 						case 'users': | ||||
| 							resolve(token_user_id ? [token_user_id] : []); | ||||
| 							break; | ||||
|  | ||||
| 							// Proxy Hosts | ||||
| 						case 'proxy_hosts': | ||||
| 							query = proxyHostModel | ||||
| 								.query() | ||||
| 								.select('id') | ||||
| 								.andWhere('is_deleted', 0); | ||||
|  | ||||
| 							if (permissions.visibility === 'user') { | ||||
| 								query.andWhere('owner_user_id', token_user_id); | ||||
| 							} | ||||
|  | ||||
| 							resolve(query | ||||
| 								.then((rows) => { | ||||
| 									let result = []; | ||||
| 									_.forEach(rows, (rule_row) => { | ||||
| 										result.push(rule_row.id); | ||||
| 									}); | ||||
|  | ||||
| 									// enum should not have less than 1 item | ||||
| 									if (!result.length) { | ||||
| 										result.push(0); | ||||
| 									} | ||||
|  | ||||
| 									return result; | ||||
| 								}) | ||||
| 							); | ||||
| 							break; | ||||
|  | ||||
| 							// DEFAULT: null | ||||
| 						default: | ||||
| 							resolve(null); | ||||
| 							break; | ||||
| 						} | ||||
| 					} else { | ||||
| 						resolve(object_cache[object_type]); | ||||
| 					} | ||||
| 				} | ||||
| 			} else { | ||||
| 				resolve(null); | ||||
| 			} | ||||
| 		}) | ||||
| 			.then((objects) => { | ||||
| 				object_cache[object_type] = objects; | ||||
| 				return objects; | ||||
| 			}); | ||||
| 	}; | ||||
|  | ||||
| 	/** | ||||
| 	 * Creates a schema object on the fly with the IDs and other values required to be checked against the permissionSchema | ||||
| 	 * | ||||
| 	 * @param   {String} permission_label | ||||
| 	 * @returns {Object} | ||||
| 	 */ | ||||
| 	this.getObjectSchema = (permission_label) => { | ||||
| 		let base_object_type = permission_label.split(':').shift(); | ||||
|  | ||||
| 		let schema = { | ||||
| 			$id:                  'objects', | ||||
| 			description:          'Actor Properties', | ||||
| 			type:                 'object', | ||||
| 			additionalProperties: false, | ||||
| 			properties:           { | ||||
| 				user_id: { | ||||
| 					anyOf: [ | ||||
| 						{ | ||||
| 							type: 'number', | ||||
| 							enum: [Token.get('attrs').id] | ||||
| 						} | ||||
| 					] | ||||
| 				}, | ||||
| 				scope: { | ||||
| 					type:    'string', | ||||
| 					pattern: '^' + Token.get('scope') + '$' | ||||
| 				} | ||||
| 			} | ||||
| 		}; | ||||
|  | ||||
| 		return this.loadObjects(base_object_type) | ||||
| 			.then((object_result) => { | ||||
| 				if (typeof object_result === 'object' && object_result !== null) { | ||||
| 					schema.properties[base_object_type] = { | ||||
| 						type:    'number', | ||||
| 						enum:    object_result, | ||||
| 						minimum: 1 | ||||
| 					}; | ||||
| 				} else { | ||||
| 					schema.properties[base_object_type] = { | ||||
| 						type:    'number', | ||||
| 						minimum: 1 | ||||
| 					}; | ||||
| 				} | ||||
|  | ||||
| 				return schema; | ||||
| 			}); | ||||
| 	}; | ||||
|  | ||||
| 	return { | ||||
|  | ||||
| 		token: Token, | ||||
|  | ||||
| 		/** | ||||
| 		 * | ||||
| 		 * @param   {Boolean}  [allow_internal] | ||||
| 		 * @returns {Promise} | ||||
| 		 */ | ||||
| 		load: (allow_internal) => { | ||||
| 			return new Promise(function (resolve/*, reject*/) { | ||||
| 				if (token_string) { | ||||
| 					resolve(Token.load(token_string)); | ||||
| 				} else { | ||||
| 					allow_internal_access = allow_internal; | ||||
| 					resolve(allow_internal_access || null); | ||||
| 				} | ||||
| 			}); | ||||
| 		}, | ||||
|  | ||||
| 		reloadObjects: this.loadObjects, | ||||
|  | ||||
| 		/** | ||||
| 		 * | ||||
| 		 * @param {String}  permission | ||||
| 		 * @param {*}       [data] | ||||
| 		 * @returns {Promise} | ||||
| 		 */ | ||||
| 		can: (permission, data) => { | ||||
| 			if (allow_internal_access === true) { | ||||
| 				return Promise.resolve(true); | ||||
| 				//return true; | ||||
| 			} else { | ||||
| 				return this.init() | ||||
| 					.then(() => { | ||||
| 						// Initialised, token decoded ok | ||||
| 						return this.getObjectSchema(permission) | ||||
| 							.then((objectSchema) => { | ||||
| 								const data_schema = { | ||||
| 									[permission]: { | ||||
| 										data:                         data, | ||||
| 										scope:                        Token.get('scope'), | ||||
| 										roles:                        user_roles, | ||||
| 										permission_visibility:        permissions.visibility, | ||||
| 										permission_proxy_hosts:       permissions.proxy_hosts, | ||||
| 										permission_redirection_hosts: permissions.redirection_hosts, | ||||
| 										permission_dead_hosts:        permissions.dead_hosts, | ||||
| 										permission_streams:           permissions.streams, | ||||
| 										permission_access_lists:      permissions.access_lists, | ||||
| 										permission_certificates:      permissions.certificates | ||||
| 									} | ||||
| 								}; | ||||
|  | ||||
| 								let permissionSchema = { | ||||
| 									$async:               true, | ||||
| 									$id:                  'permissions', | ||||
| 									type:                 'object', | ||||
| 									additionalProperties: false, | ||||
| 									properties:           {} | ||||
| 								}; | ||||
|  | ||||
| 								permissionSchema.properties[permission] = require('./access/' + permission.replace(/:/gim, '-') + '.json'); | ||||
|  | ||||
| 								const ajv = new Ajv({ | ||||
| 									verbose:      true, | ||||
| 									allErrors:    true, | ||||
| 									breakOnError: true, | ||||
| 									coerceTypes:  true, | ||||
| 									schemas:      [ | ||||
| 										roleSchema, | ||||
| 										permsSchema, | ||||
| 										objectSchema, | ||||
| 										permissionSchema | ||||
| 									] | ||||
| 								}); | ||||
|  | ||||
| 								return ajv.validate('permissions', data_schema) | ||||
| 									.then(() => { | ||||
| 										return data_schema[permission]; | ||||
| 									}); | ||||
| 							}); | ||||
| 					}) | ||||
| 					.catch((err) => { | ||||
| 						err.permission      = permission; | ||||
| 						err.permission_data = data; | ||||
| 						logger.error(permission, data, err.message); | ||||
|  | ||||
| 						throw new error.PermissionError('Permission Denied', err); | ||||
| 					}); | ||||
| 			} | ||||
| 		} | ||||
| 	}; | ||||
| }; | ||||
							
								
								
									
										23
									
								
								backend/lib/access/access_lists-create.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								backend/lib/access/access_lists-create.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"type": "object", | ||||
| 			"required": ["permission_access_lists", "roles"], | ||||
| 			"properties": { | ||||
| 				"permission_access_lists": { | ||||
| 					"$ref": "perms#/definitions/manage" | ||||
| 				}, | ||||
| 				"roles": { | ||||
| 					"type": "array", | ||||
| 					"items": { | ||||
| 						"type": "string", | ||||
| 						"enum": ["user"] | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										23
									
								
								backend/lib/access/access_lists-delete.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								backend/lib/access/access_lists-delete.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"type": "object", | ||||
| 			"required": ["permission_access_lists", "roles"], | ||||
| 			"properties": { | ||||
| 				"permission_access_lists": { | ||||
| 					"$ref": "perms#/definitions/manage" | ||||
| 				}, | ||||
| 				"roles": { | ||||
| 					"type": "array", | ||||
| 					"items": { | ||||
| 						"type": "string", | ||||
| 						"enum": ["user"] | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										23
									
								
								backend/lib/access/access_lists-get.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								backend/lib/access/access_lists-get.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"type": "object", | ||||
| 			"required": ["permission_access_lists", "roles"], | ||||
| 			"properties": { | ||||
| 				"permission_access_lists": { | ||||
| 					"$ref": "perms#/definitions/view" | ||||
| 				}, | ||||
| 				"roles": { | ||||
| 					"type": "array", | ||||
| 					"items": { | ||||
| 						"type": "string", | ||||
| 						"enum": ["user"] | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										23
									
								
								backend/lib/access/access_lists-list.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								backend/lib/access/access_lists-list.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"type": "object", | ||||
| 			"required": ["permission_access_lists", "roles"], | ||||
| 			"properties": { | ||||
| 				"permission_access_lists": { | ||||
| 					"$ref": "perms#/definitions/view" | ||||
| 				}, | ||||
| 				"roles": { | ||||
| 					"type": "array", | ||||
| 					"items": { | ||||
| 						"type": "string", | ||||
| 						"enum": ["user"] | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										23
									
								
								backend/lib/access/access_lists-update.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								backend/lib/access/access_lists-update.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"type": "object", | ||||
| 			"required": ["permission_access_lists", "roles"], | ||||
| 			"properties": { | ||||
| 				"permission_access_lists": { | ||||
| 					"$ref": "perms#/definitions/manage" | ||||
| 				}, | ||||
| 				"roles": { | ||||
| 					"type": "array", | ||||
| 					"items": { | ||||
| 						"type": "string", | ||||
| 						"enum": ["user"] | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										7
									
								
								backend/lib/access/auditlog-list.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										7
									
								
								backend/lib/access/auditlog-list.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,7 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										23
									
								
								backend/lib/access/certificates-create.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								backend/lib/access/certificates-create.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"type": "object", | ||||
| 			"required": ["permission_certificates", "roles"], | ||||
| 			"properties": { | ||||
| 				"permission_certificates": { | ||||
| 					"$ref": "perms#/definitions/manage" | ||||
| 				}, | ||||
| 				"roles": { | ||||
| 					"type": "array", | ||||
| 					"items": { | ||||
| 						"type": "string", | ||||
| 						"enum": ["user"] | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										23
									
								
								backend/lib/access/certificates-delete.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								backend/lib/access/certificates-delete.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"type": "object", | ||||
| 			"required": ["permission_certificates", "roles"], | ||||
| 			"properties": { | ||||
| 				"permission_certificates": { | ||||
| 					"$ref": "perms#/definitions/manage" | ||||
| 				}, | ||||
| 				"roles": { | ||||
| 					"type": "array", | ||||
| 					"items": { | ||||
| 						"type": "string", | ||||
| 						"enum": ["user"] | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										23
									
								
								backend/lib/access/certificates-get.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								backend/lib/access/certificates-get.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"type": "object", | ||||
| 			"required": ["permission_certificates", "roles"], | ||||
| 			"properties": { | ||||
| 				"permission_certificates": { | ||||
| 					"$ref": "perms#/definitions/view" | ||||
| 				}, | ||||
| 				"roles": { | ||||
| 					"type": "array", | ||||
| 					"items": { | ||||
| 						"type": "string", | ||||
| 						"enum": ["user"] | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										23
									
								
								backend/lib/access/certificates-list.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								backend/lib/access/certificates-list.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"type": "object", | ||||
| 			"required": ["permission_certificates", "roles"], | ||||
| 			"properties": { | ||||
| 				"permission_certificates": { | ||||
| 					"$ref": "perms#/definitions/view" | ||||
| 				}, | ||||
| 				"roles": { | ||||
| 					"type": "array", | ||||
| 					"items": { | ||||
| 						"type": "string", | ||||
| 						"enum": ["user"] | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										23
									
								
								backend/lib/access/certificates-update.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								backend/lib/access/certificates-update.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"type": "object", | ||||
| 			"required": ["permission_certificates", "roles"], | ||||
| 			"properties": { | ||||
| 				"permission_certificates": { | ||||
| 					"$ref": "perms#/definitions/manage" | ||||
| 				}, | ||||
| 				"roles": { | ||||
| 					"type": "array", | ||||
| 					"items": { | ||||
| 						"type": "string", | ||||
| 						"enum": ["user"] | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										23
									
								
								backend/lib/access/dead_hosts-create.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								backend/lib/access/dead_hosts-create.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"type": "object", | ||||
| 			"required": ["permission_dead_hosts", "roles"], | ||||
| 			"properties": { | ||||
| 				"permission_dead_hosts": { | ||||
| 					"$ref": "perms#/definitions/manage" | ||||
| 				}, | ||||
| 				"roles": { | ||||
| 					"type": "array", | ||||
| 					"items": { | ||||
| 						"type": "string", | ||||
| 						"enum": ["user"] | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										23
									
								
								backend/lib/access/dead_hosts-delete.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								backend/lib/access/dead_hosts-delete.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"type": "object", | ||||
| 			"required": ["permission_dead_hosts", "roles"], | ||||
| 			"properties": { | ||||
| 				"permission_dead_hosts": { | ||||
| 					"$ref": "perms#/definitions/manage" | ||||
| 				}, | ||||
| 				"roles": { | ||||
| 					"type": "array", | ||||
| 					"items": { | ||||
| 						"type": "string", | ||||
| 						"enum": ["user"] | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										23
									
								
								backend/lib/access/dead_hosts-get.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								backend/lib/access/dead_hosts-get.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"type": "object", | ||||
| 			"required": ["permission_dead_hosts", "roles"], | ||||
| 			"properties": { | ||||
| 				"permission_dead_hosts": { | ||||
| 					"$ref": "perms#/definitions/view" | ||||
| 				}, | ||||
| 				"roles": { | ||||
| 					"type": "array", | ||||
| 					"items": { | ||||
| 						"type": "string", | ||||
| 						"enum": ["user"] | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										23
									
								
								backend/lib/access/dead_hosts-list.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								backend/lib/access/dead_hosts-list.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"type": "object", | ||||
| 			"required": ["permission_dead_hosts", "roles"], | ||||
| 			"properties": { | ||||
| 				"permission_dead_hosts": { | ||||
| 					"$ref": "perms#/definitions/view" | ||||
| 				}, | ||||
| 				"roles": { | ||||
| 					"type": "array", | ||||
| 					"items": { | ||||
| 						"type": "string", | ||||
| 						"enum": ["user"] | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										23
									
								
								backend/lib/access/dead_hosts-update.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								backend/lib/access/dead_hosts-update.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"type": "object", | ||||
| 			"required": ["permission_dead_hosts", "roles"], | ||||
| 			"properties": { | ||||
| 				"permission_dead_hosts": { | ||||
| 					"$ref": "perms#/definitions/manage" | ||||
| 				}, | ||||
| 				"roles": { | ||||
| 					"type": "array", | ||||
| 					"items": { | ||||
| 						"type": "string", | ||||
| 						"enum": ["user"] | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										13
									
								
								backend/lib/access/permissions.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										13
									
								
								backend/lib/access/permissions.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,13 @@ | ||||
| { | ||||
| 	"$id": "perms", | ||||
| 	"definitions": { | ||||
| 		"view": { | ||||
| 			"type": "string", | ||||
| 			"pattern": "^(view|manage)$" | ||||
| 		}, | ||||
| 		"manage": { | ||||
| 			"type": "string", | ||||
| 			"pattern": "^(manage)$" | ||||
| 		} | ||||
| 	} | ||||
| } | ||||
							
								
								
									
										23
									
								
								backend/lib/access/proxy_hosts-create.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								backend/lib/access/proxy_hosts-create.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"type": "object", | ||||
| 			"required": ["permission_proxy_hosts", "roles"], | ||||
| 			"properties": { | ||||
| 				"permission_proxy_hosts": { | ||||
| 					"$ref": "perms#/definitions/manage" | ||||
| 				}, | ||||
| 				"roles": { | ||||
| 					"type": "array", | ||||
| 					"items": { | ||||
| 						"type": "string", | ||||
| 						"enum": ["user"] | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										23
									
								
								backend/lib/access/proxy_hosts-delete.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								backend/lib/access/proxy_hosts-delete.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"type": "object", | ||||
| 			"required": ["permission_proxy_hosts", "roles"], | ||||
| 			"properties": { | ||||
| 				"permission_proxy_hosts": { | ||||
| 					"$ref": "perms#/definitions/manage" | ||||
| 				}, | ||||
| 				"roles": { | ||||
| 					"type": "array", | ||||
| 					"items": { | ||||
| 						"type": "string", | ||||
| 						"enum": ["user"] | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										23
									
								
								backend/lib/access/proxy_hosts-get.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								backend/lib/access/proxy_hosts-get.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"type": "object", | ||||
| 			"required": ["permission_proxy_hosts", "roles"], | ||||
| 			"properties": { | ||||
| 				"permission_proxy_hosts": { | ||||
| 					"$ref": "perms#/definitions/view" | ||||
| 				}, | ||||
| 				"roles": { | ||||
| 					"type": "array", | ||||
| 					"items": { | ||||
| 						"type": "string", | ||||
| 						"enum": ["user"] | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										23
									
								
								backend/lib/access/proxy_hosts-list.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								backend/lib/access/proxy_hosts-list.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"type": "object", | ||||
| 			"required": ["permission_proxy_hosts", "roles"], | ||||
| 			"properties": { | ||||
| 				"permission_proxy_hosts": { | ||||
| 					"$ref": "perms#/definitions/view" | ||||
| 				}, | ||||
| 				"roles": { | ||||
| 					"type": "array", | ||||
| 					"items": { | ||||
| 						"type": "string", | ||||
| 						"enum": ["user"] | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										23
									
								
								backend/lib/access/proxy_hosts-update.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								backend/lib/access/proxy_hosts-update.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"type": "object", | ||||
| 			"required": ["permission_proxy_hosts", "roles"], | ||||
| 			"properties": { | ||||
| 				"permission_proxy_hosts": { | ||||
| 					"$ref": "perms#/definitions/manage" | ||||
| 				}, | ||||
| 				"roles": { | ||||
| 					"type": "array", | ||||
| 					"items": { | ||||
| 						"type": "string", | ||||
| 						"enum": ["user"] | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										23
									
								
								backend/lib/access/redirection_hosts-create.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								backend/lib/access/redirection_hosts-create.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"type": "object", | ||||
| 			"required": ["permission_redirection_hosts", "roles"], | ||||
| 			"properties": { | ||||
| 				"permission_redirection_hosts": { | ||||
| 					"$ref": "perms#/definitions/manage" | ||||
| 				}, | ||||
| 				"roles": { | ||||
| 					"type": "array", | ||||
| 					"items": { | ||||
| 						"type": "string", | ||||
| 						"enum": ["user"] | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										23
									
								
								backend/lib/access/redirection_hosts-delete.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								backend/lib/access/redirection_hosts-delete.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"type": "object", | ||||
| 			"required": ["permission_redirection_hosts", "roles"], | ||||
| 			"properties": { | ||||
| 				"permission_redirection_hosts": { | ||||
| 					"$ref": "perms#/definitions/manage" | ||||
| 				}, | ||||
| 				"roles": { | ||||
| 					"type": "array", | ||||
| 					"items": { | ||||
| 						"type": "string", | ||||
| 						"enum": ["user"] | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										23
									
								
								backend/lib/access/redirection_hosts-get.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								backend/lib/access/redirection_hosts-get.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"type": "object", | ||||
| 			"required": ["permission_redirection_hosts", "roles"], | ||||
| 			"properties": { | ||||
| 				"permission_redirection_hosts": { | ||||
| 					"$ref": "perms#/definitions/view" | ||||
| 				}, | ||||
| 				"roles": { | ||||
| 					"type": "array", | ||||
| 					"items": { | ||||
| 						"type": "string", | ||||
| 						"enum": ["user"] | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										23
									
								
								backend/lib/access/redirection_hosts-list.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								backend/lib/access/redirection_hosts-list.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"type": "object", | ||||
| 			"required": ["permission_redirection_hosts", "roles"], | ||||
| 			"properties": { | ||||
| 				"permission_redirection_hosts": { | ||||
| 					"$ref": "perms#/definitions/view" | ||||
| 				}, | ||||
| 				"roles": { | ||||
| 					"type": "array", | ||||
| 					"items": { | ||||
| 						"type": "string", | ||||
| 						"enum": ["user"] | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										23
									
								
								backend/lib/access/redirection_hosts-update.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								backend/lib/access/redirection_hosts-update.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"type": "object", | ||||
| 			"required": ["permission_redirection_hosts", "roles"], | ||||
| 			"properties": { | ||||
| 				"permission_redirection_hosts": { | ||||
| 					"$ref": "perms#/definitions/manage" | ||||
| 				}, | ||||
| 				"roles": { | ||||
| 					"type": "array", | ||||
| 					"items": { | ||||
| 						"type": "string", | ||||
| 						"enum": ["user"] | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										7
									
								
								backend/lib/access/reports-hosts.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										7
									
								
								backend/lib/access/reports-hosts.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,7 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/user" | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										38
									
								
								backend/lib/access/roles.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										38
									
								
								backend/lib/access/roles.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,38 @@ | ||||
| { | ||||
| 	"$id": "roles", | ||||
| 	"definitions": { | ||||
| 		"admin": { | ||||
| 			"type": "object", | ||||
| 			"required": ["scope", "roles"], | ||||
| 			"properties": { | ||||
| 				"scope": { | ||||
| 					"type": "array", | ||||
| 					"contains": { | ||||
| 						"type": "string", | ||||
| 						"pattern": "^user$" | ||||
| 					} | ||||
| 				}, | ||||
| 				"roles": { | ||||
| 					"type": "array", | ||||
| 					"contains": { | ||||
| 						"type": "string", | ||||
| 						"pattern": "^admin$" | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		}, | ||||
| 		"user": { | ||||
| 			"type": "object", | ||||
| 			"required": ["scope"], | ||||
| 			"properties": { | ||||
| 				"scope": { | ||||
| 					"type": "array", | ||||
| 					"contains": { | ||||
| 						"type": "string", | ||||
| 						"pattern": "^user$" | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	} | ||||
| } | ||||
							
								
								
									
										7
									
								
								backend/lib/access/settings-get.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										7
									
								
								backend/lib/access/settings-get.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,7 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										7
									
								
								backend/lib/access/settings-list.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										7
									
								
								backend/lib/access/settings-list.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,7 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										7
									
								
								backend/lib/access/settings-update.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										7
									
								
								backend/lib/access/settings-update.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,7 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										23
									
								
								backend/lib/access/streams-create.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								backend/lib/access/streams-create.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"type": "object", | ||||
| 			"required": ["permission_streams", "roles"], | ||||
| 			"properties": { | ||||
| 				"permission_streams": { | ||||
| 					"$ref": "perms#/definitions/manage" | ||||
| 				}, | ||||
| 				"roles": { | ||||
| 					"type": "array", | ||||
| 					"items": { | ||||
| 						"type": "string", | ||||
| 						"enum": ["user"] | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										23
									
								
								backend/lib/access/streams-delete.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								backend/lib/access/streams-delete.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"type": "object", | ||||
| 			"required": ["permission_streams", "roles"], | ||||
| 			"properties": { | ||||
| 				"permission_streams": { | ||||
| 					"$ref": "perms#/definitions/manage" | ||||
| 				}, | ||||
| 				"roles": { | ||||
| 					"type": "array", | ||||
| 					"items": { | ||||
| 						"type": "string", | ||||
| 						"enum": ["user"] | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										23
									
								
								backend/lib/access/streams-get.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								backend/lib/access/streams-get.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"type": "object", | ||||
| 			"required": ["permission_streams", "roles"], | ||||
| 			"properties": { | ||||
| 				"permission_streams": { | ||||
| 					"$ref": "perms#/definitions/view" | ||||
| 				}, | ||||
| 				"roles": { | ||||
| 					"type": "array", | ||||
| 					"items": { | ||||
| 						"type": "string", | ||||
| 						"enum": ["user"] | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										23
									
								
								backend/lib/access/streams-list.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								backend/lib/access/streams-list.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"type": "object", | ||||
| 			"required": ["permission_streams", "roles"], | ||||
| 			"properties": { | ||||
| 				"permission_streams": { | ||||
| 					"$ref": "perms#/definitions/view" | ||||
| 				}, | ||||
| 				"roles": { | ||||
| 					"type": "array", | ||||
| 					"items": { | ||||
| 						"type": "string", | ||||
| 						"enum": ["user"] | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										23
									
								
								backend/lib/access/streams-update.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								backend/lib/access/streams-update.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"type": "object", | ||||
| 			"required": ["permission_streams", "roles"], | ||||
| 			"properties": { | ||||
| 				"permission_streams": { | ||||
| 					"$ref": "perms#/definitions/manage" | ||||
| 				}, | ||||
| 				"roles": { | ||||
| 					"type": "array", | ||||
| 					"items": { | ||||
| 						"type": "string", | ||||
| 						"enum": ["user"] | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										7
									
								
								backend/lib/access/users-create.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										7
									
								
								backend/lib/access/users-create.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,7 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										7
									
								
								backend/lib/access/users-delete.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										7
									
								
								backend/lib/access/users-delete.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,7 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										23
									
								
								backend/lib/access/users-get.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								backend/lib/access/users-get.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"type": "object", | ||||
| 			"required": ["data", "scope"], | ||||
| 			"properties": { | ||||
| 				"data": { | ||||
| 					"$ref": "objects#/properties/users" | ||||
| 				}, | ||||
| 				"scope": { | ||||
| 					"type": "array", | ||||
| 					"contains": { | ||||
| 						"type": "string", | ||||
| 						"pattern": "^user$" | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										7
									
								
								backend/lib/access/users-list.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										7
									
								
								backend/lib/access/users-list.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,7 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										7
									
								
								backend/lib/access/users-loginas.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										7
									
								
								backend/lib/access/users-loginas.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,7 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										23
									
								
								backend/lib/access/users-password.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								backend/lib/access/users-password.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"type": "object", | ||||
| 			"required": ["data", "scope"], | ||||
| 			"properties": { | ||||
| 				"data": { | ||||
| 					"$ref": "objects#/properties/users" | ||||
| 				}, | ||||
| 				"scope": { | ||||
| 					"type": "array", | ||||
| 					"contains": { | ||||
| 						"type": "string", | ||||
| 						"pattern": "^user$" | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										7
									
								
								backend/lib/access/users-permissions.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										7
									
								
								backend/lib/access/users-permissions.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,7 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										23
									
								
								backend/lib/access/users-update.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								backend/lib/access/users-update.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| { | ||||
| 	"anyOf": [ | ||||
| 		{ | ||||
| 			"$ref": "roles#/definitions/admin" | ||||
| 		}, | ||||
| 		{ | ||||
| 			"type": "object", | ||||
| 			"required": ["data", "scope"], | ||||
| 			"properties": { | ||||
| 				"data": { | ||||
| 					"$ref": "objects#/properties/users" | ||||
| 				}, | ||||
| 				"scope": { | ||||
| 					"type": "array", | ||||
| 					"contains": { | ||||
| 						"type": "string", | ||||
| 						"pattern": "^user$" | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	] | ||||
| } | ||||
							
								
								
									
										85
									
								
								backend/lib/certbot.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										85
									
								
								backend/lib/certbot.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,85 @@ | ||||
| const dnsPlugins = require('../global/certbot-dns-plugins.json'); | ||||
| const utils      = require('./utils'); | ||||
| const error      = require('./error'); | ||||
| const logger     = require('../logger').certbot; | ||||
| const batchflow  = require('batchflow'); | ||||
|  | ||||
| const CERTBOT_VERSION_REPLACEMENT = '$(certbot --version | grep -Eo \'[0-9](\\.[0-9]+)+\')'; | ||||
|  | ||||
| const certbot = { | ||||
|  | ||||
| 	/** | ||||
| 	 * @param {array} pluginKeys | ||||
| 	 */ | ||||
| 	installPlugins: async (pluginKeys) => { | ||||
| 		let hasErrors = false; | ||||
|  | ||||
| 		return new Promise((resolve, reject) => { | ||||
| 			if (pluginKeys.length === 0) { | ||||
| 				resolve(); | ||||
| 				return; | ||||
| 			} | ||||
|  | ||||
| 			batchflow(pluginKeys).sequential() | ||||
| 				.each((_i, pluginKey, next) => { | ||||
| 					certbot.installPlugin(pluginKey) | ||||
| 						.then(() => { | ||||
| 							next(); | ||||
| 						}) | ||||
| 						.catch((err) => { | ||||
| 							hasErrors = true; | ||||
| 							next(err); | ||||
| 						}); | ||||
| 				}) | ||||
| 				.error((err) => { | ||||
| 					logger.error(err.message); | ||||
| 				}) | ||||
| 				.end(() => { | ||||
| 					if (hasErrors) { | ||||
| 						reject(new error.CommandError('Some plugins failed to install. Please check the logs above', 1)); | ||||
| 					} else { | ||||
| 						resolve(); | ||||
| 					} | ||||
| 				}); | ||||
| 		}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * Installs a cerbot plugin given the key for the object from | ||||
| 	 * ../global/certbot-dns-plugins.json | ||||
| 	 * | ||||
| 	 * @param   {string}  pluginKey | ||||
| 	 * @returns {Object} | ||||
| 	 */ | ||||
| 	installPlugin: async (pluginKey) => { | ||||
| 		if (typeof dnsPlugins[pluginKey] === 'undefined') { | ||||
| 			// throw Error(`Certbot plugin ${pluginKey} not found`); | ||||
| 			throw new error.ItemNotFoundError(pluginKey); | ||||
| 		} | ||||
|  | ||||
| 		const plugin = dnsPlugins[pluginKey]; | ||||
| 		logger.start(`Installing ${pluginKey}...`); | ||||
|  | ||||
| 		plugin.version      = plugin.version.replace(/{{certbot-version}}/g, CERTBOT_VERSION_REPLACEMENT); | ||||
| 		plugin.dependencies = plugin.dependencies.replace(/{{certbot-version}}/g, CERTBOT_VERSION_REPLACEMENT); | ||||
|  | ||||
| 		// SETUPTOOLS_USE_DISTUTILS is required for certbot plugins to install correctly | ||||
| 		// in new versions of Python | ||||
| 		let env = Object.assign({}, process.env, {SETUPTOOLS_USE_DISTUTILS: 'stdlib'}); | ||||
| 		if (typeof plugin.env === 'object') { | ||||
| 			env = Object.assign(env, plugin.env); | ||||
| 		} | ||||
|  | ||||
| 		const cmd = `. /opt/certbot/bin/activate && pip install --no-cache-dir ${plugin.dependencies} ${plugin.package_name}${plugin.version}  && deactivate`; | ||||
| 		return utils.exec(cmd, {env}) | ||||
| 			.then((result) => { | ||||
| 				logger.complete(`Installed ${pluginKey}`); | ||||
| 				return result; | ||||
| 			}) | ||||
| 			.catch((err) => { | ||||
| 				throw err; | ||||
| 			}); | ||||
| 	}, | ||||
| }; | ||||
|  | ||||
| module.exports = certbot; | ||||
							
								
								
									
										237
									
								
								backend/lib/config.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										237
									
								
								backend/lib/config.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,237 @@ | ||||
| const fs      = require('fs'); | ||||
| const NodeRSA = require('node-rsa'); | ||||
| const logger  = require('../logger').global; | ||||
|  | ||||
| const keysFile         = '/data/keys.json'; | ||||
| const mysqlEngine      = 'mysql2'; | ||||
| const postgresEngine   = 'pg'; | ||||
| const sqliteClientName = 'sqlite3'; | ||||
|  | ||||
| let instance = null; | ||||
|  | ||||
| // 1. Load from config file first (not recommended anymore) | ||||
| // 2. Use config env variables next | ||||
| const configure = () => { | ||||
| 	const filename = (process.env.NODE_CONFIG_DIR || './config') + '/' + (process.env.NODE_ENV || 'default') + '.json'; | ||||
| 	if (fs.existsSync(filename)) { | ||||
| 		let configData; | ||||
| 		try { | ||||
| 			configData = require(filename); | ||||
| 		} catch (_) { | ||||
| 			// do nothing | ||||
| 		} | ||||
|  | ||||
| 		if (configData && configData.database) { | ||||
| 			logger.info(`Using configuration from file: ${filename}`); | ||||
| 			instance      = configData; | ||||
| 			instance.keys = getKeys(); | ||||
| 			return; | ||||
| 		} | ||||
| 	} | ||||
|  | ||||
| 	const envMysqlHost = process.env.DB_MYSQL_HOST || null; | ||||
| 	const envMysqlUser = process.env.DB_MYSQL_USER || null; | ||||
| 	const envMysqlName = process.env.DB_MYSQL_NAME || null; | ||||
| 	if (envMysqlHost && envMysqlUser && envMysqlName) { | ||||
| 		// we have enough mysql creds to go with mysql | ||||
| 		logger.info('Using MySQL configuration'); | ||||
| 		instance = { | ||||
| 			database: { | ||||
| 				engine:   mysqlEngine, | ||||
| 				host:     envMysqlHost, | ||||
| 				port:     process.env.DB_MYSQL_PORT || 3306, | ||||
| 				user:     envMysqlUser, | ||||
| 				password: process.env.DB_MYSQL_PASSWORD, | ||||
| 				name:     envMysqlName, | ||||
| 			}, | ||||
| 			keys: getKeys(), | ||||
| 		}; | ||||
| 		return; | ||||
| 	} | ||||
|  | ||||
| 	const envPostgresHost = process.env.DB_POSTGRES_HOST || null; | ||||
| 	const envPostgresUser = process.env.DB_POSTGRES_USER || null; | ||||
| 	const envPostgresName = process.env.DB_POSTGRES_NAME || null; | ||||
| 	if (envPostgresHost && envPostgresUser && envPostgresName) { | ||||
| 		// we have enough postgres creds to go with postgres | ||||
| 		logger.info('Using Postgres configuration'); | ||||
| 		instance = { | ||||
| 			database: { | ||||
| 				engine:   postgresEngine, | ||||
| 				host:     envPostgresHost, | ||||
| 				port:     process.env.DB_POSTGRES_PORT || 5432, | ||||
| 				user:     envPostgresUser, | ||||
| 				password: process.env.DB_POSTGRES_PASSWORD, | ||||
| 				name:     envPostgresName, | ||||
| 			}, | ||||
| 			keys: getKeys(), | ||||
| 		}; | ||||
| 		return; | ||||
| 	} | ||||
|  | ||||
| 	const envSqliteFile = process.env.DB_SQLITE_FILE || '/data/database.sqlite'; | ||||
| 	logger.info(`Using Sqlite: ${envSqliteFile}`); | ||||
| 	instance = { | ||||
| 		database: { | ||||
| 			engine: 'knex-native', | ||||
| 			knex:   { | ||||
| 				client:     sqliteClientName, | ||||
| 				connection: { | ||||
| 					filename: envSqliteFile | ||||
| 				}, | ||||
| 				useNullAsDefault: true | ||||
| 			} | ||||
| 		}, | ||||
| 		keys: getKeys(), | ||||
| 	}; | ||||
| }; | ||||
|  | ||||
| const getKeys = () => { | ||||
| 	// Get keys from file | ||||
| 	if (!fs.existsSync(keysFile)) { | ||||
| 		generateKeys(); | ||||
| 	} else if (process.env.DEBUG) { | ||||
| 		logger.info('Keys file exists OK'); | ||||
| 	} | ||||
| 	try { | ||||
| 		return require(keysFile); | ||||
| 	} catch (err) { | ||||
| 		logger.error('Could not read JWT key pair from config file: ' + keysFile, err); | ||||
| 		process.exit(1); | ||||
| 	} | ||||
| }; | ||||
|  | ||||
| const generateKeys = () => { | ||||
| 	logger.info('Creating a new JWT key pair...'); | ||||
| 	// Now create the keys and save them in the config. | ||||
| 	const key = new NodeRSA({ b: 2048 }); | ||||
| 	key.generateKeyPair(); | ||||
|  | ||||
| 	const keys = { | ||||
| 		key: key.exportKey('private').toString(), | ||||
| 		pub: key.exportKey('public').toString(), | ||||
| 	}; | ||||
|  | ||||
| 	// Write keys config | ||||
| 	try { | ||||
| 		fs.writeFileSync(keysFile, JSON.stringify(keys, null, 2)); | ||||
| 	} catch (err) { | ||||
| 		logger.error('Could not write JWT key pair to config file: ' + keysFile + ': ' + err.message); | ||||
| 		process.exit(1); | ||||
| 	} | ||||
| 	logger.info('Wrote JWT key pair to config file: ' + keysFile); | ||||
| }; | ||||
|  | ||||
| module.exports = { | ||||
|  | ||||
| 	/** | ||||
| 	 * | ||||
| 	 * @param   {string}  key   ie: 'database' or 'database.engine' | ||||
| 	 * @returns {boolean} | ||||
| 	 */ | ||||
| 	has: function(key) { | ||||
| 		instance === null && configure(); | ||||
| 		const keys = key.split('.'); | ||||
| 		let level  = instance; | ||||
| 		let has    = true; | ||||
| 		keys.forEach((keyItem) =>{ | ||||
| 			if (typeof level[keyItem] === 'undefined') { | ||||
| 				has = false; | ||||
| 			} else { | ||||
| 				level = level[keyItem]; | ||||
| 			} | ||||
| 		}); | ||||
|  | ||||
| 		return has; | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * Gets a specific key from the top level | ||||
| 	 * | ||||
| 	 * @param {string} key | ||||
| 	 * @returns {*} | ||||
| 	 */ | ||||
| 	get: function (key) { | ||||
| 		instance === null && configure(); | ||||
| 		if (key && typeof instance[key] !== 'undefined') { | ||||
| 			return instance[key]; | ||||
| 		} | ||||
| 		return instance; | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * Is this a sqlite configuration? | ||||
| 	 * | ||||
| 	 * @returns {boolean} | ||||
| 	 */ | ||||
| 	isSqlite: function () { | ||||
| 		instance === null && configure(); | ||||
| 		return instance.database.knex && instance.database.knex.client === sqliteClientName; | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * Is this a mysql configuration? | ||||
| 	 * | ||||
| 	 * @returns {boolean} | ||||
| 	 */ | ||||
| 	isMysql: function () { | ||||
| 		instance === null && configure(); | ||||
| 		return instance.database.engine === mysqlEngine; | ||||
| 	}, | ||||
| 	 | ||||
| 	/** | ||||
| 		 * Is this a postgres configuration? | ||||
| 		 * | ||||
| 		 * @returns {boolean} | ||||
| 		 */ | ||||
| 	isPostgres: function () { | ||||
| 		instance === null && configure(); | ||||
| 		return instance.database.engine === postgresEngine; | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * Are we running in debug mdoe? | ||||
| 	 * | ||||
| 	 * @returns {boolean} | ||||
| 	 */ | ||||
| 	debug: function () { | ||||
| 		return !!process.env.DEBUG; | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * Returns a public key | ||||
| 	 * | ||||
| 	 * @returns {string} | ||||
| 	 */ | ||||
| 	getPublicKey: function () { | ||||
| 		instance === null && configure(); | ||||
| 		return instance.keys.pub; | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * Returns a private key | ||||
| 	 * | ||||
| 	 * @returns {string} | ||||
| 	 */ | ||||
| 	getPrivateKey: function () { | ||||
| 		instance === null && configure(); | ||||
| 		return instance.keys.key; | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @returns {boolean} | ||||
| 	 */ | ||||
| 	useLetsencryptStaging: function () { | ||||
| 		return !!process.env.LE_STAGING; | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @returns {string|null} | ||||
| 	 */ | ||||
| 	useLetsencryptServer: function () { | ||||
| 		if (process.env.LE_SERVER) { | ||||
| 			return process.env.LE_SERVER; | ||||
| 		} | ||||
| 		return null; | ||||
| 	} | ||||
| }; | ||||
							
								
								
									
										99
									
								
								backend/lib/error.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										99
									
								
								backend/lib/error.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,99 @@ | ||||
| const _    = require('lodash'); | ||||
| const util = require('util'); | ||||
|  | ||||
| module.exports = { | ||||
|  | ||||
| 	PermissionError: function (message, previous) { | ||||
| 		Error.captureStackTrace(this, this.constructor); | ||||
| 		this.name     = this.constructor.name; | ||||
| 		this.previous = previous; | ||||
| 		this.message  = 'Permission Denied'; | ||||
| 		this.public   = true; | ||||
| 		this.status   = 403; | ||||
| 	}, | ||||
|  | ||||
| 	ItemNotFoundError: function (id, previous) { | ||||
| 		Error.captureStackTrace(this, this.constructor); | ||||
| 		this.name     = this.constructor.name; | ||||
| 		this.previous = previous; | ||||
| 		this.message  = 'Item Not Found - ' + id; | ||||
| 		this.public   = true; | ||||
| 		this.status   = 404; | ||||
| 	}, | ||||
|  | ||||
| 	AuthError: function (message, previous) { | ||||
| 		Error.captureStackTrace(this, this.constructor); | ||||
| 		this.name     = this.constructor.name; | ||||
| 		this.previous = previous; | ||||
| 		this.message  = message; | ||||
| 		this.public   = true; | ||||
| 		this.status   = 401; | ||||
| 	}, | ||||
|  | ||||
| 	InternalError: function (message, previous) { | ||||
| 		Error.captureStackTrace(this, this.constructor); | ||||
| 		this.name     = this.constructor.name; | ||||
| 		this.previous = previous; | ||||
| 		this.message  = message; | ||||
| 		this.status   = 500; | ||||
| 		this.public   = false; | ||||
| 	}, | ||||
|  | ||||
| 	InternalValidationError: function (message, previous) { | ||||
| 		Error.captureStackTrace(this, this.constructor); | ||||
| 		this.name     = this.constructor.name; | ||||
| 		this.previous = previous; | ||||
| 		this.message  = message; | ||||
| 		this.status   = 400; | ||||
| 		this.public   = false; | ||||
| 	}, | ||||
|  | ||||
| 	ConfigurationError: function (message, previous) { | ||||
| 		Error.captureStackTrace(this, this.constructor); | ||||
| 		this.name     = this.constructor.name; | ||||
| 		this.previous = previous; | ||||
| 		this.message  = message; | ||||
| 		this.status   = 400; | ||||
| 		this.public   = true; | ||||
| 	}, | ||||
|  | ||||
| 	CacheError: function (message, previous) { | ||||
| 		Error.captureStackTrace(this, this.constructor); | ||||
| 		this.name     = this.constructor.name; | ||||
| 		this.message  = message; | ||||
| 		this.previous = previous; | ||||
| 		this.status   = 500; | ||||
| 		this.public   = false; | ||||
| 	}, | ||||
|  | ||||
| 	ValidationError: function (message, previous) { | ||||
| 		Error.captureStackTrace(this, this.constructor); | ||||
| 		this.name     = this.constructor.name; | ||||
| 		this.previous = previous; | ||||
| 		this.message  = message; | ||||
| 		this.public   = true; | ||||
| 		this.status   = 400; | ||||
| 	}, | ||||
|  | ||||
| 	AssertionFailedError: function (message, previous) { | ||||
| 		Error.captureStackTrace(this, this.constructor); | ||||
| 		this.name     = this.constructor.name; | ||||
| 		this.previous = previous; | ||||
| 		this.message  = message; | ||||
| 		this.public   = false; | ||||
| 		this.status   = 400; | ||||
| 	}, | ||||
|  | ||||
| 	CommandError: function (stdErr, code, previous) { | ||||
| 		Error.captureStackTrace(this, this.constructor); | ||||
| 		this.name     = this.constructor.name; | ||||
| 		this.previous = previous; | ||||
| 		this.message  = stdErr; | ||||
| 		this.code     = code; | ||||
| 		this.public   = false; | ||||
| 	}, | ||||
| }; | ||||
|  | ||||
| _.forEach(module.exports, function (error) { | ||||
| 	util.inherits(error, Error); | ||||
| }); | ||||
							
								
								
									
										16
									
								
								backend/lib/express/cors.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										16
									
								
								backend/lib/express/cors.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,16 @@ | ||||
| module.exports = function (req, res, next) { | ||||
| 	if (req.headers.origin) { | ||||
| 		res.set({ | ||||
| 			'Access-Control-Allow-Origin':      req.headers.origin, | ||||
| 			'Access-Control-Allow-Credentials': true, | ||||
| 			'Access-Control-Allow-Methods':     'OPTIONS, GET, POST', | ||||
| 			'Access-Control-Allow-Headers':     'Content-Type, Cache-Control, Pragma, Expires, Authorization, X-Dataset-Total, X-Dataset-Offset, X-Dataset-Limit', | ||||
| 			'Access-Control-Max-Age':           5 * 60, | ||||
| 			'Access-Control-Expose-Headers':    'X-Dataset-Total, X-Dataset-Offset, X-Dataset-Limit' | ||||
| 		}); | ||||
| 		next(); | ||||
| 	} else { | ||||
| 		// No origin | ||||
| 		next(); | ||||
| 	} | ||||
| }; | ||||
							
								
								
									
										15
									
								
								backend/lib/express/jwt-decode.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										15
									
								
								backend/lib/express/jwt-decode.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,15 @@ | ||||
| const Access = require('../access'); | ||||
|  | ||||
| module.exports = () => { | ||||
| 	return function (req, res, next) { | ||||
| 		res.locals.access = null; | ||||
| 		let access        = new Access(res.locals.token || null); | ||||
| 		access.load() | ||||
| 			.then(() => { | ||||
| 				res.locals.access = access; | ||||
| 				next(); | ||||
| 			}) | ||||
| 			.catch(next); | ||||
| 	}; | ||||
| }; | ||||
|  | ||||
							
								
								
									
										13
									
								
								backend/lib/express/jwt.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										13
									
								
								backend/lib/express/jwt.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,13 @@ | ||||
| module.exports = function () { | ||||
| 	return function (req, res, next) { | ||||
| 		if (req.headers.authorization) { | ||||
| 			let parts = req.headers.authorization.split(' '); | ||||
|  | ||||
| 			if (parts && parts[0] === 'Bearer' && parts[1]) { | ||||
| 				res.locals.token = parts[1]; | ||||
| 			} | ||||
| 		} | ||||
|  | ||||
| 		next(); | ||||
| 	}; | ||||
| }; | ||||
							
								
								
									
										55
									
								
								backend/lib/express/pagination.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										55
									
								
								backend/lib/express/pagination.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,55 @@ | ||||
| let _ = require('lodash'); | ||||
|  | ||||
| module.exports = function (default_sort, default_offset, default_limit, max_limit) { | ||||
|  | ||||
| 	/** | ||||
| 	 * This will setup the req query params with filtered data and defaults | ||||
| 	 * | ||||
| 	 * sort    will be an array of fields and their direction | ||||
| 	 * offset  will be an int, defaulting to zero if no other default supplied | ||||
| 	 * limit   will be an int, defaulting to 50 if no other default supplied, and limited to the max if that was supplied | ||||
| 	 * | ||||
| 	 */ | ||||
|  | ||||
| 	return function (req, res, next) { | ||||
|  | ||||
| 		req.query.offset = typeof req.query.limit === 'undefined' ? default_offset || 0 : parseInt(req.query.offset, 10); | ||||
| 		req.query.limit  = typeof req.query.limit === 'undefined' ? default_limit || 50 : parseInt(req.query.limit, 10); | ||||
|  | ||||
| 		if (max_limit && req.query.limit > max_limit) { | ||||
| 			req.query.limit = max_limit; | ||||
| 		} | ||||
|  | ||||
| 		// Sorting | ||||
| 		let sort       = typeof req.query.sort === 'undefined' ? default_sort : req.query.sort; | ||||
| 		let myRegexp   = /.*\.(asc|desc)$/ig; | ||||
| 		let sort_array = []; | ||||
|  | ||||
| 		sort = sort.split(','); | ||||
| 		_.map(sort, function (val) { | ||||
| 			let matches = myRegexp.exec(val); | ||||
|  | ||||
| 			if (matches !== null) { | ||||
| 				let dir = matches[1]; | ||||
| 				sort_array.push({ | ||||
| 					field: val.substr(0, val.length - (dir.length + 1)), | ||||
| 					dir:   dir.toLowerCase() | ||||
| 				}); | ||||
| 			} else { | ||||
| 				sort_array.push({ | ||||
| 					field: val, | ||||
| 					dir:   'asc' | ||||
| 				}); | ||||
| 			} | ||||
| 		}); | ||||
|  | ||||
| 		// Sort will now be in this format: | ||||
| 		// [ | ||||
| 		//    { field: 'field1', dir: 'asc' }, | ||||
| 		//    { field: 'field2', dir: 'desc' } | ||||
| 		// ] | ||||
|  | ||||
| 		req.query.sort = sort_array; | ||||
| 		next(); | ||||
| 	}; | ||||
| }; | ||||
							
								
								
									
										9
									
								
								backend/lib/express/user-id-from-me.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										9
									
								
								backend/lib/express/user-id-from-me.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,9 @@ | ||||
| module.exports = (req, res, next) => { | ||||
| 	if (req.params.user_id === 'me' && res.locals.access) { | ||||
| 		req.params.user_id = res.locals.access.token.get('attrs').id; | ||||
| 	} else { | ||||
| 		req.params.user_id = parseInt(req.params.user_id, 10); | ||||
| 	} | ||||
|  | ||||
| 	next(); | ||||
| }; | ||||
							
								
								
									
										62
									
								
								backend/lib/helpers.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										62
									
								
								backend/lib/helpers.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,62 @@ | ||||
| const moment       = require('moment'); | ||||
| const {isPostgres} = require('./config'); | ||||
| const {ref}        = require('objection'); | ||||
|  | ||||
| module.exports = { | ||||
|  | ||||
| 	/** | ||||
| 	 * Takes an expression such as 30d and returns a moment object of that date in future | ||||
| 	 * | ||||
| 	 * Key      Shorthand | ||||
| 	 * ================== | ||||
| 	 * years         y | ||||
| 	 * quarters      Q | ||||
| 	 * months        M | ||||
| 	 * weeks         w | ||||
| 	 * days          d | ||||
| 	 * hours         h | ||||
| 	 * minutes       m | ||||
| 	 * seconds       s | ||||
| 	 * milliseconds  ms | ||||
| 	 * | ||||
| 	 * @param {String}  expression | ||||
| 	 * @returns {Object} | ||||
| 	 */ | ||||
| 	parseDatePeriod: function (expression) { | ||||
| 		let matches = expression.match(/^([0-9]+)(y|Q|M|w|d|h|m|s|ms)$/m); | ||||
| 		if (matches) { | ||||
| 			return moment().add(matches[1], matches[2]); | ||||
| 		} | ||||
|  | ||||
| 		return null; | ||||
| 	}, | ||||
|  | ||||
| 	convertIntFieldsToBool: function (obj, fields) { | ||||
| 		fields.forEach(function (field) { | ||||
| 			if (typeof obj[field] !== 'undefined') { | ||||
| 				obj[field] = obj[field] === 1; | ||||
| 			} | ||||
| 		}); | ||||
| 		return obj; | ||||
| 	}, | ||||
|  | ||||
| 	convertBoolFieldsToInt: function (obj, fields) { | ||||
| 		fields.forEach(function (field) { | ||||
| 			if (typeof obj[field] !== 'undefined') { | ||||
| 				obj[field] = obj[field] ? 1 : 0; | ||||
| 			} | ||||
| 		}); | ||||
| 		return obj; | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * Casts a column to json if using postgres | ||||
| 	 * | ||||
| 	 * @param {string} colName | ||||
| 	 * @returns {string|Objection.ReferenceBuilder} | ||||
| 	 */ | ||||
| 	castJsonIfNeed: function (colName) { | ||||
| 		return isPostgres() ? ref(colName).castText() : colName; | ||||
| 	} | ||||
|  | ||||
| }; | ||||
							
								
								
									
										55
									
								
								backend/lib/migrate_template.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										55
									
								
								backend/lib/migrate_template.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,55 @@ | ||||
| const migrate_name = 'identifier_for_migrate'; | ||||
| const logger       = require('../logger').migrate; | ||||
|  | ||||
| /** | ||||
|  * Migrate | ||||
|  * | ||||
|  * @see http://knexjs.org/#Schema | ||||
|  * | ||||
|  * @param {Object} knex | ||||
|  * @param {Promise} Promise | ||||
|  * @returns {Promise} | ||||
|  */ | ||||
| exports.up = function (knex, Promise) { | ||||
|  | ||||
| 	logger.info('[' + migrate_name + '] Migrating Up...'); | ||||
|  | ||||
| 	// Create Table example: | ||||
|  | ||||
| 	/*return knex.schema.createTable('notification', (table) => { | ||||
| 		 table.increments().primary(); | ||||
| 		 table.string('name').notNull(); | ||||
| 		 table.string('type').notNull(); | ||||
| 		 table.integer('created_on').notNull(); | ||||
| 		 table.integer('modified_on').notNull(); | ||||
| 	 }) | ||||
| 	 .then(function () { | ||||
| 		logger.info('[' + migrate_name + '] Notification Table created'); | ||||
| 	 });*/ | ||||
|  | ||||
| 	logger.info('[' + migrate_name + '] Migrating Up Complete'); | ||||
|  | ||||
| 	return Promise.resolve(true); | ||||
| }; | ||||
|  | ||||
| /** | ||||
|  * Undo Migrate | ||||
|  * | ||||
|  * @param {Object} knex | ||||
|  * @param {Promise} Promise | ||||
|  * @returns {Promise} | ||||
|  */ | ||||
| exports.down = function (knex, Promise) { | ||||
| 	logger.info('[' + migrate_name + '] Migrating Down...'); | ||||
|  | ||||
| 	// Drop table example: | ||||
|  | ||||
| 	/*return knex.schema.dropTable('notification') | ||||
| 	 .then(() => { | ||||
| 		logger.info('[' + migrate_name + '] Notification Table dropped'); | ||||
| 	 });*/ | ||||
|  | ||||
| 	logger.info('[' + migrate_name + '] Migrating Down Complete'); | ||||
|  | ||||
| 	return Promise.resolve(true); | ||||
| }; | ||||
							
								
								
									
										110
									
								
								backend/lib/utils.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										110
									
								
								backend/lib/utils.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,110 @@ | ||||
| const _          = require('lodash'); | ||||
| const exec       = require('node:child_process').exec; | ||||
| const execFile   = require('node:child_process').execFile; | ||||
| const { Liquid } = require('liquidjs'); | ||||
| const logger     = require('../logger').global; | ||||
| const error      = require('./error'); | ||||
|  | ||||
| module.exports = { | ||||
|  | ||||
| 	exec: async (cmd, options = {}) => { | ||||
| 		logger.debug('CMD:', cmd); | ||||
|  | ||||
| 		const { stdout, stderr } = await new Promise((resolve, reject) => { | ||||
| 			const child = exec(cmd, options, (isError, stdout, stderr) => { | ||||
| 				if (isError) { | ||||
| 					reject(new error.CommandError(stderr, isError)); | ||||
| 				} else { | ||||
| 					resolve({ stdout, stderr }); | ||||
| 				} | ||||
| 			}); | ||||
|  | ||||
| 			child.on('error', (e) => { | ||||
| 				reject(new error.CommandError(stderr, 1, e)); | ||||
| 			}); | ||||
| 		}); | ||||
| 		return stdout; | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @param   {String} cmd | ||||
| 	 * @param   {Array}  args | ||||
| 	 * @param   {Object|undefined}  options | ||||
| 	 * @returns {Promise} | ||||
| 	 */ | ||||
| 	execFile: (cmd, args, options) => { | ||||
| 		logger.debug(`CMD: ${cmd} ${args ? args.join(' ') : ''}`); | ||||
| 		if (typeof options === 'undefined') { | ||||
| 			options = {}; | ||||
| 		} | ||||
|  | ||||
| 		return new Promise((resolve, reject) => { | ||||
| 			execFile(cmd, args, options, (err, stdout, stderr) => { | ||||
| 				if (err && typeof err === 'object') { | ||||
| 					reject(new error.CommandError(stderr, 1, err)); | ||||
| 				} else { | ||||
| 					resolve(stdout.trim()); | ||||
| 				} | ||||
| 			}); | ||||
| 		}); | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * Used in objection query builder | ||||
| 	 * | ||||
| 	 * @param   {Array}  omissions | ||||
| 	 * @returns {Function} | ||||
| 	 */ | ||||
| 	omitRow: (omissions) => { | ||||
| 		/** | ||||
| 		 * @param   {Object} row | ||||
| 		 * @returns {Object} | ||||
| 		 */ | ||||
| 		return (row) => { | ||||
| 			return _.omit(row, omissions); | ||||
| 		}; | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * Used in objection query builder | ||||
| 	 * | ||||
| 	 * @param   {Array}  omissions | ||||
| 	 * @returns {Function} | ||||
| 	 */ | ||||
| 	omitRows: (omissions) => { | ||||
| 		/** | ||||
| 		 * @param   {Array} rows | ||||
| 		 * @returns {Object} | ||||
| 		 */ | ||||
| 		return (rows) => { | ||||
| 			rows.forEach((row, idx) => { | ||||
| 				rows[idx] = _.omit(row, omissions); | ||||
| 			}); | ||||
| 			return rows; | ||||
| 		}; | ||||
| 	}, | ||||
|  | ||||
| 	/** | ||||
| 	 * @returns {Object} Liquid render engine | ||||
| 	 */ | ||||
| 	getRenderEngine: () => { | ||||
| 		const renderEngine = new Liquid({ | ||||
| 			root: `${__dirname}/../templates/` | ||||
| 		}); | ||||
|  | ||||
| 		/** | ||||
| 		 * nginxAccessRule expects the object given to have 2 properties: | ||||
| 		 * | ||||
| 		 * directive  string | ||||
| 		 * address    string | ||||
| 		 */ | ||||
| 		renderEngine.registerFilter('nginxAccessRule', (v) => { | ||||
| 			if (typeof v.directive !== 'undefined' && typeof v.address !== 'undefined' && v.directive && v.address) { | ||||
| 				return `${v.directive} ${v.address};`; | ||||
| 			} | ||||
| 			return ''; | ||||
| 		}); | ||||
|  | ||||
| 		return renderEngine; | ||||
| 	} | ||||
| }; | ||||
							
								
								
									
										43
									
								
								backend/lib/validator/api.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										43
									
								
								backend/lib/validator/api.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,43 @@ | ||||
| const Ajv   = require('ajv/dist/2020'); | ||||
| const error = require('../error'); | ||||
|  | ||||
| const ajv = new Ajv({ | ||||
| 	verbose:         true, | ||||
| 	allErrors:       true, | ||||
| 	allowUnionTypes: true, | ||||
| 	strict:          false, | ||||
| 	coerceTypes:     true, | ||||
| }); | ||||
|  | ||||
| /** | ||||
|  * @param {Object} schema | ||||
|  * @param {Object} payload | ||||
|  * @returns {Promise} | ||||
|  */ | ||||
| function apiValidator (schema, payload/*, description*/) { | ||||
| 	return new Promise(function Promise_apiValidator (resolve, reject) { | ||||
| 		if (schema === null) { | ||||
| 			reject(new error.ValidationError('Schema is undefined')); | ||||
| 			return; | ||||
| 		} | ||||
|  | ||||
| 		if (typeof payload === 'undefined') { | ||||
| 			reject(new error.ValidationError('Payload is undefined')); | ||||
| 			return; | ||||
| 		} | ||||
|  | ||||
| 		const validate = ajv.compile(schema); | ||||
| 		const valid    = validate(payload); | ||||
|  | ||||
| 		if (valid && !validate.errors) { | ||||
| 			resolve(payload); | ||||
| 		} else { | ||||
| 			let message = ajv.errorsText(validate.errors); | ||||
| 			let err     = new error.ValidationError(message); | ||||
| 			err.debug   = [validate.errors, payload]; | ||||
| 			reject(err); | ||||
| 		} | ||||
| 	}); | ||||
| } | ||||
|  | ||||
| module.exports = apiValidator; | ||||
							
								
								
									
										45
									
								
								backend/lib/validator/index.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										45
									
								
								backend/lib/validator/index.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,45 @@ | ||||
| const _                 = require('lodash'); | ||||
| const Ajv               = require('ajv/dist/2020'); | ||||
| const error             = require('../error'); | ||||
| const commonDefinitions = require('../../schema/common.json'); | ||||
|  | ||||
| RegExp.prototype.toJSON = RegExp.prototype.toString; | ||||
|  | ||||
| const ajv = new Ajv({ | ||||
| 	verbose:         true, | ||||
| 	allErrors:       true, | ||||
| 	allowUnionTypes: true, | ||||
| 	coerceTypes:     true, | ||||
| 	strict:          false, | ||||
| 	schemas:         [commonDefinitions] | ||||
| }); | ||||
|  | ||||
| /** | ||||
|  * | ||||
|  * @param   {Object} schema | ||||
|  * @param   {Object} payload | ||||
|  * @returns {Promise} | ||||
|  */ | ||||
| function validator (schema, payload) { | ||||
| 	return new Promise(function (resolve, reject) { | ||||
| 		if (!payload) { | ||||
| 			reject(new error.InternalValidationError('Payload is falsy')); | ||||
| 		} else { | ||||
| 			try { | ||||
| 				let validate = ajv.compile(schema); | ||||
| 				let valid    = validate(payload); | ||||
|  | ||||
| 				if (valid && !validate.errors) { | ||||
| 					resolve(_.cloneDeep(payload)); | ||||
| 				} else { | ||||
| 					let message = ajv.errorsText(validate.errors); | ||||
| 					reject(new error.InternalValidationError(message)); | ||||
| 				} | ||||
| 			} catch (err) { | ||||
| 				reject(err); | ||||
| 			} | ||||
| 		} | ||||
| 	}); | ||||
| } | ||||
|  | ||||
| module.exports = validator; | ||||
							
								
								
									
										14
									
								
								backend/logger.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										14
									
								
								backend/logger.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,14 @@ | ||||
| const {Signale} = require('signale'); | ||||
|  | ||||
| module.exports = { | ||||
| 	global:    new Signale({scope: 'Global   '}), | ||||
| 	migrate:   new Signale({scope: 'Migrate  '}), | ||||
| 	express:   new Signale({scope: 'Express  '}), | ||||
| 	access:    new Signale({scope: 'Access   '}), | ||||
| 	nginx:     new Signale({scope: 'Nginx    '}), | ||||
| 	ssl:       new Signale({scope: 'SSL      '}), | ||||
| 	certbot:   new Signale({scope: 'Certbot  '}), | ||||
| 	import:    new Signale({scope: 'Importer '}), | ||||
| 	setup:     new Signale({scope: 'Setup    '}), | ||||
| 	ip_ranges: new Signale({scope: 'IP Ranges'}) | ||||
| }; | ||||
							
								
								
									
										15
									
								
								backend/migrate.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										15
									
								
								backend/migrate.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,15 @@ | ||||
| const db     = require('./db'); | ||||
| const logger = require('./logger').migrate; | ||||
|  | ||||
| module.exports = { | ||||
| 	latest: function () { | ||||
| 		return db.migrate.currentVersion() | ||||
| 			.then((version) => { | ||||
| 				logger.info('Current database version:', version); | ||||
| 				return db.migrate.latest({ | ||||
| 					tableName: 'migrations', | ||||
| 					directory: 'migrations' | ||||
| 				}); | ||||
| 			}); | ||||
| 	} | ||||
| }; | ||||
							
								
								
									
										205
									
								
								backend/migrations/20180618015850_initial.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										205
									
								
								backend/migrations/20180618015850_initial.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,205 @@ | ||||
| const migrate_name = 'initial-schema'; | ||||
| const logger       = require('../logger').migrate; | ||||
|  | ||||
| /** | ||||
|  * Migrate | ||||
|  * | ||||
|  * @see http://knexjs.org/#Schema | ||||
|  * | ||||
|  * @param   {Object}  knex | ||||
|  * @param   {Promise} Promise | ||||
|  * @returns {Promise} | ||||
|  */ | ||||
| exports.up = function (knex/*, Promise*/) { | ||||
| 	logger.info('[' + migrate_name + '] Migrating Up...'); | ||||
|  | ||||
| 	return knex.schema.createTable('auth', (table) => { | ||||
| 		table.increments().primary(); | ||||
| 		table.dateTime('created_on').notNull(); | ||||
| 		table.dateTime('modified_on').notNull(); | ||||
| 		table.integer('user_id').notNull().unsigned(); | ||||
| 		table.string('type', 30).notNull(); | ||||
| 		table.string('secret').notNull(); | ||||
| 		table.json('meta').notNull(); | ||||
| 		table.integer('is_deleted').notNull().unsigned().defaultTo(0); | ||||
| 	}) | ||||
| 		.then(() => { | ||||
| 			logger.info('[' + migrate_name + '] auth Table created'); | ||||
|  | ||||
| 			return knex.schema.createTable('user', (table) => { | ||||
| 				table.increments().primary(); | ||||
| 				table.dateTime('created_on').notNull(); | ||||
| 				table.dateTime('modified_on').notNull(); | ||||
| 				table.integer('is_deleted').notNull().unsigned().defaultTo(0); | ||||
| 				table.integer('is_disabled').notNull().unsigned().defaultTo(0); | ||||
| 				table.string('email').notNull(); | ||||
| 				table.string('name').notNull(); | ||||
| 				table.string('nickname').notNull(); | ||||
| 				table.string('avatar').notNull(); | ||||
| 				table.json('roles').notNull(); | ||||
| 			}); | ||||
| 		}) | ||||
| 		.then(() => { | ||||
| 			logger.info('[' + migrate_name + '] user Table created'); | ||||
|  | ||||
| 			return knex.schema.createTable('user_permission', (table) => { | ||||
| 				table.increments().primary(); | ||||
| 				table.dateTime('created_on').notNull(); | ||||
| 				table.dateTime('modified_on').notNull(); | ||||
| 				table.integer('user_id').notNull().unsigned(); | ||||
| 				table.string('visibility').notNull(); | ||||
| 				table.string('proxy_hosts').notNull(); | ||||
| 				table.string('redirection_hosts').notNull(); | ||||
| 				table.string('dead_hosts').notNull(); | ||||
| 				table.string('streams').notNull(); | ||||
| 				table.string('access_lists').notNull(); | ||||
| 				table.string('certificates').notNull(); | ||||
| 				table.unique('user_id'); | ||||
| 			}); | ||||
| 		}) | ||||
| 		.then(() => { | ||||
| 			logger.info('[' + migrate_name + '] user_permission Table created'); | ||||
|  | ||||
| 			return knex.schema.createTable('proxy_host', (table) => { | ||||
| 				table.increments().primary(); | ||||
| 				table.dateTime('created_on').notNull(); | ||||
| 				table.dateTime('modified_on').notNull(); | ||||
| 				table.integer('owner_user_id').notNull().unsigned(); | ||||
| 				table.integer('is_deleted').notNull().unsigned().defaultTo(0); | ||||
| 				table.json('domain_names').notNull(); | ||||
| 				table.string('forward_ip').notNull(); | ||||
| 				table.integer('forward_port').notNull().unsigned(); | ||||
| 				table.integer('access_list_id').notNull().unsigned().defaultTo(0); | ||||
| 				table.integer('certificate_id').notNull().unsigned().defaultTo(0); | ||||
| 				table.integer('ssl_forced').notNull().unsigned().defaultTo(0); | ||||
| 				table.integer('caching_enabled').notNull().unsigned().defaultTo(0); | ||||
| 				table.integer('block_exploits').notNull().unsigned().defaultTo(0); | ||||
| 				table.text('advanced_config').notNull().defaultTo(''); | ||||
| 				table.json('meta').notNull(); | ||||
| 			}); | ||||
| 		}) | ||||
| 		.then(() => { | ||||
| 			logger.info('[' + migrate_name + '] proxy_host Table created'); | ||||
|  | ||||
| 			return knex.schema.createTable('redirection_host', (table) => { | ||||
| 				table.increments().primary(); | ||||
| 				table.dateTime('created_on').notNull(); | ||||
| 				table.dateTime('modified_on').notNull(); | ||||
| 				table.integer('owner_user_id').notNull().unsigned(); | ||||
| 				table.integer('is_deleted').notNull().unsigned().defaultTo(0); | ||||
| 				table.json('domain_names').notNull(); | ||||
| 				table.string('forward_domain_name').notNull(); | ||||
| 				table.integer('preserve_path').notNull().unsigned().defaultTo(0); | ||||
| 				table.integer('certificate_id').notNull().unsigned().defaultTo(0); | ||||
| 				table.integer('ssl_forced').notNull().unsigned().defaultTo(0); | ||||
| 				table.integer('block_exploits').notNull().unsigned().defaultTo(0); | ||||
| 				table.text('advanced_config').notNull().defaultTo(''); | ||||
| 				table.json('meta').notNull(); | ||||
| 			}); | ||||
| 		}) | ||||
| 		.then(() => { | ||||
| 			logger.info('[' + migrate_name + '] redirection_host Table created'); | ||||
|  | ||||
| 			return knex.schema.createTable('dead_host', (table) => { | ||||
| 				table.increments().primary(); | ||||
| 				table.dateTime('created_on').notNull(); | ||||
| 				table.dateTime('modified_on').notNull(); | ||||
| 				table.integer('owner_user_id').notNull().unsigned(); | ||||
| 				table.integer('is_deleted').notNull().unsigned().defaultTo(0); | ||||
| 				table.json('domain_names').notNull(); | ||||
| 				table.integer('certificate_id').notNull().unsigned().defaultTo(0); | ||||
| 				table.integer('ssl_forced').notNull().unsigned().defaultTo(0); | ||||
| 				table.text('advanced_config').notNull().defaultTo(''); | ||||
| 				table.json('meta').notNull(); | ||||
| 			}); | ||||
| 		}) | ||||
| 		.then(() => { | ||||
| 			logger.info('[' + migrate_name + '] dead_host Table created'); | ||||
|  | ||||
| 			return knex.schema.createTable('stream', (table) => { | ||||
| 				table.increments().primary(); | ||||
| 				table.dateTime('created_on').notNull(); | ||||
| 				table.dateTime('modified_on').notNull(); | ||||
| 				table.integer('owner_user_id').notNull().unsigned(); | ||||
| 				table.integer('is_deleted').notNull().unsigned().defaultTo(0); | ||||
| 				table.integer('incoming_port').notNull().unsigned(); | ||||
| 				table.string('forward_ip').notNull(); | ||||
| 				table.integer('forwarding_port').notNull().unsigned(); | ||||
| 				table.integer('tcp_forwarding').notNull().unsigned().defaultTo(0); | ||||
| 				table.integer('udp_forwarding').notNull().unsigned().defaultTo(0); | ||||
| 				table.json('meta').notNull(); | ||||
| 			}); | ||||
| 		}) | ||||
| 		.then(() => { | ||||
| 			logger.info('[' + migrate_name + '] stream Table created'); | ||||
|  | ||||
| 			return knex.schema.createTable('access_list', (table) => { | ||||
| 				table.increments().primary(); | ||||
| 				table.dateTime('created_on').notNull(); | ||||
| 				table.dateTime('modified_on').notNull(); | ||||
| 				table.integer('owner_user_id').notNull().unsigned(); | ||||
| 				table.integer('is_deleted').notNull().unsigned().defaultTo(0); | ||||
| 				table.string('name').notNull(); | ||||
| 				table.json('meta').notNull(); | ||||
| 			}); | ||||
| 		}) | ||||
| 		.then(() => { | ||||
| 			logger.info('[' + migrate_name + '] access_list Table created'); | ||||
|  | ||||
| 			return knex.schema.createTable('certificate', (table) => { | ||||
| 				table.increments().primary(); | ||||
| 				table.dateTime('created_on').notNull(); | ||||
| 				table.dateTime('modified_on').notNull(); | ||||
| 				table.integer('owner_user_id').notNull().unsigned(); | ||||
| 				table.integer('is_deleted').notNull().unsigned().defaultTo(0); | ||||
| 				table.string('provider').notNull(); | ||||
| 				table.string('nice_name').notNull().defaultTo(''); | ||||
| 				table.json('domain_names').notNull(); | ||||
| 				table.dateTime('expires_on').notNull(); | ||||
| 				table.json('meta').notNull(); | ||||
| 			}); | ||||
| 		}) | ||||
| 		.then(() => { | ||||
| 			logger.info('[' + migrate_name + '] certificate Table created'); | ||||
|  | ||||
| 			return knex.schema.createTable('access_list_auth', (table) => { | ||||
| 				table.increments().primary(); | ||||
| 				table.dateTime('created_on').notNull(); | ||||
| 				table.dateTime('modified_on').notNull(); | ||||
| 				table.integer('access_list_id').notNull().unsigned(); | ||||
| 				table.string('username').notNull(); | ||||
| 				table.string('password').notNull(); | ||||
| 				table.json('meta').notNull(); | ||||
| 			}); | ||||
| 		}) | ||||
| 		.then(() => { | ||||
| 			logger.info('[' + migrate_name + '] access_list_auth Table created'); | ||||
|  | ||||
| 			return knex.schema.createTable('audit_log', (table) => { | ||||
| 				table.increments().primary(); | ||||
| 				table.dateTime('created_on').notNull(); | ||||
| 				table.dateTime('modified_on').notNull(); | ||||
| 				table.integer('user_id').notNull().unsigned(); | ||||
| 				table.string('object_type').notNull().defaultTo(''); | ||||
| 				table.integer('object_id').notNull().unsigned().defaultTo(0); | ||||
| 				table.string('action').notNull(); | ||||
| 				table.json('meta').notNull(); | ||||
| 			}); | ||||
| 		}) | ||||
| 		.then(() => { | ||||
| 			logger.info('[' + migrate_name + '] audit_log Table created'); | ||||
| 		}); | ||||
|  | ||||
| }; | ||||
|  | ||||
| /** | ||||
|  * Undo Migrate | ||||
|  * | ||||
|  * @param   {Object}  knex | ||||
|  * @param   {Promise} Promise | ||||
|  * @returns {Promise} | ||||
|  */ | ||||
| exports.down = function (knex, Promise) { | ||||
| 	logger.warn('[' + migrate_name + '] You can\'t migrate down the initial data.'); | ||||
| 	return Promise.resolve(true); | ||||
| }; | ||||
							
								
								
									
										35
									
								
								backend/migrations/20180929054513_websockets.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										35
									
								
								backend/migrations/20180929054513_websockets.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,35 @@ | ||||
| const migrate_name = 'websockets'; | ||||
| const logger       = require('../logger').migrate; | ||||
|  | ||||
| /** | ||||
|  * Migrate | ||||
|  * | ||||
|  * @see http://knexjs.org/#Schema | ||||
|  * | ||||
|  * @param   {Object}  knex | ||||
|  * @param   {Promise} Promise | ||||
|  * @returns {Promise} | ||||
|  */ | ||||
| exports.up = function (knex/*, Promise*/) { | ||||
| 	logger.info('[' + migrate_name + '] Migrating Up...'); | ||||
|  | ||||
| 	return knex.schema.table('proxy_host', function (proxy_host) { | ||||
| 		proxy_host.integer('allow_websocket_upgrade').notNull().unsigned().defaultTo(0); | ||||
| 	}) | ||||
| 		.then(() => { | ||||
| 			logger.info('[' + migrate_name + '] proxy_host Table altered'); | ||||
| 		}); | ||||
|  | ||||
| }; | ||||
|  | ||||
| /** | ||||
|  * Undo Migrate | ||||
|  * | ||||
|  * @param   {Object}  knex | ||||
|  * @param   {Promise} Promise | ||||
|  * @returns {Promise} | ||||
|  */ | ||||
| exports.down = function (knex, Promise) { | ||||
| 	logger.warn('[' + migrate_name + '] You can\'t migrate down this one.'); | ||||
| 	return Promise.resolve(true); | ||||
| }; | ||||
							
								
								
									
										34
									
								
								backend/migrations/20181019052346_forward_host.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										34
									
								
								backend/migrations/20181019052346_forward_host.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,34 @@ | ||||
| const migrate_name = 'forward_host'; | ||||
| const logger       = require('../logger').migrate; | ||||
|  | ||||
| /** | ||||
|  * Migrate | ||||
|  * | ||||
|  * @see http://knexjs.org/#Schema | ||||
|  * | ||||
|  * @param   {Object}  knex | ||||
|  * @param   {Promise} Promise | ||||
|  * @returns {Promise} | ||||
|  */ | ||||
| exports.up = function (knex/*, Promise*/) { | ||||
| 	logger.info('[' + migrate_name + '] Migrating Up...'); | ||||
|  | ||||
| 	return knex.schema.table('proxy_host', function (proxy_host) { | ||||
| 		proxy_host.renameColumn('forward_ip', 'forward_host'); | ||||
| 	}) | ||||
| 		.then(() => { | ||||
| 			logger.info('[' + migrate_name + '] proxy_host Table altered'); | ||||
| 		}); | ||||
| }; | ||||
|  | ||||
| /** | ||||
|  * Undo Migrate | ||||
|  * | ||||
|  * @param   {Object}  knex | ||||
|  * @param   {Promise} Promise | ||||
|  * @returns {Promise} | ||||
|  */ | ||||
| exports.down = function (knex, Promise) { | ||||
| 	logger.warn('[' + migrate_name + '] You can\'t migrate down this one.'); | ||||
| 	return Promise.resolve(true); | ||||
| }; | ||||
Some files were not shown because too many files have changed in this diff Show More
		Reference in New Issue
	
	Block a user