ThatGuyJack/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2025-10-04 20:00:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: ThatGuyJack:ebd914881318d528440efeee1c277204e4f946b5
Branches Tags
ThatGuyJack:develop ThatGuyJack:react ThatGuyJack:dependabot/npm_and_yarn/test/axios-1.12.0 ThatGuyJack:dependabot/npm_and_yarn/docs/vite-5.4.20 ThatGuyJack:dependabot/npm_and_yarn/test/eslint/plugin-kit-0.3.5 ThatGuyJack:dependabot/npm_and_yarn/test/form-data-4.0.4 ThatGuyJack:master ThatGuyJack:v3 ThatGuyJack:bump-freedns ThatGuyJack:openidc ThatGuyJack:ssl-passthrough-hosts ThatGuyJack:static-content
ThatGuyJack:v2.12.6 ThatGuyJack:v2.12.5 ThatGuyJack:v2.12.4 ThatGuyJack:v2.12.3 ThatGuyJack:v2.12.2 ThatGuyJack:v2.12.1 ThatGuyJack:v2.12.0 ThatGuyJack:v2.11.3 ThatGuyJack:v2.11.2 ThatGuyJack:v2.11.1 ThatGuyJack:v2.11.0 ThatGuyJack:v2.10.4 ThatGuyJack:v2.10.3 ThatGuyJack:v2.10.2 ThatGuyJack:v2.10.1 ThatGuyJack:v2.10.0 ThatGuyJack:v2.9.22 ThatGuyJack:v2.9.21 ThatGuyJack:v2.9.20 ThatGuyJack:v2.9.19 ThatGuyJack:v2.9.18 ThatGuyJack:v2.9.17 ThatGuyJack:v2.9.16 ThatGuyJack:v2.9.15 ThatGuyJack:v2.9.14 ThatGuyJack:v2.9.13 ThatGuyJack:v2.9.12 ThatGuyJack:v2.9.11 ThatGuyJack:v2.9.10 ThatGuyJack:v2.9.9 ThatGuyJack:v2.9.8 ThatGuyJack:v2.9.7 ThatGuyJack:v2.9.6 ThatGuyJack:v2.9.5 ThatGuyJack:v2.9.4 ThatGuyJack:v2.9.3 ThatGuyJack:v2.9.2 ThatGuyJack:v2.9.1 ThatGuyJack:v2.9.0 ThatGuyJack:v2.8.1 ThatGuyJack:v2.8.0 ThatGuyJack:v2.7.3 ThatGuyJack:v2.7.2 ThatGuyJack:v2.7.1 ThatGuyJack:v2.7.0 ThatGuyJack:v2.6.2 ThatGuyJack:v2.6.1 ThatGuyJack:v2.6.0 ThatGuyJack:v2.5.0 ThatGuyJack:v2.4.0 ThatGuyJack:v2.3.1 ThatGuyJack:v2.3.0 ThatGuyJack:v2.2.4 ThatGuyJack:v2.2.3 ThatGuyJack:v2.2.2 ThatGuyJack:v2.2.1 ThatGuyJack:v2.2.0 ThatGuyJack:v2.1.2 ThatGuyJack:v2.1.1 ThatGuyJack:v2.1.0 ThatGuyJack:2.0.14 ThatGuyJack:2.0.13 ThatGuyJack:2.0.12 ThatGuyJack:2.0.11 ThatGuyJack:2.0.10 ThatGuyJack:2.0.9 ThatGuyJack:2.0.8 ThatGuyJack:2.0.7 ThatGuyJack:2.0.6 ThatGuyJack:2.0.5 ThatGuyJack:2.0.4 ThatGuyJack:2.0.3 ThatGuyJack:2.0.2 ThatGuyJack:2.0.0 ThatGuyJack:v2.0.0 ThatGuyJack:1.1.2 ThatGuyJack:1.1.1 ThatGuyJack:1.0.1
..
compare: ThatGuyJack:react
Branches Tags
ThatGuyJack:react ThatGuyJack:dependabot/npm_and_yarn/test/axios-1.12.0 ThatGuyJack:dependabot/npm_and_yarn/docs/vite-5.4.20 ThatGuyJack:develop ThatGuyJack:dependabot/npm_and_yarn/test/eslint/plugin-kit-0.3.5 ThatGuyJack:dependabot/npm_and_yarn/test/form-data-4.0.4 ThatGuyJack:master ThatGuyJack:v3 ThatGuyJack:bump-freedns ThatGuyJack:openidc ThatGuyJack:ssl-passthrough-hosts ThatGuyJack:static-content
ThatGuyJack:v2.12.6 ThatGuyJack:v2.12.5 ThatGuyJack:v2.12.4 ThatGuyJack:v2.12.3 ThatGuyJack:v2.12.2 ThatGuyJack:v2.12.1 ThatGuyJack:v2.12.0 ThatGuyJack:v2.11.3 ThatGuyJack:v2.11.2 ThatGuyJack:v2.11.1 ThatGuyJack:v2.11.0 ThatGuyJack:v2.10.4 ThatGuyJack:v2.10.3 ThatGuyJack:v2.10.2 ThatGuyJack:v2.10.1 ThatGuyJack:v2.10.0 ThatGuyJack:v2.9.22 ThatGuyJack:v2.9.21 ThatGuyJack:v2.9.20 ThatGuyJack:v2.9.19 ThatGuyJack:v2.9.18 ThatGuyJack:v2.9.17 ThatGuyJack:v2.9.16 ThatGuyJack:v2.9.15 ThatGuyJack:v2.9.14 ThatGuyJack:v2.9.13 ThatGuyJack:v2.9.12 ThatGuyJack:v2.9.11 ThatGuyJack:v2.9.10 ThatGuyJack:v2.9.9 ThatGuyJack:v2.9.8 ThatGuyJack:v2.9.7 ThatGuyJack:v2.9.6 ThatGuyJack:v2.9.5 ThatGuyJack:v2.9.4 ThatGuyJack:v2.9.3 ThatGuyJack:v2.9.2 ThatGuyJack:v2.9.1 ThatGuyJack:v2.9.0 ThatGuyJack:v2.8.1 ThatGuyJack:v2.8.0 ThatGuyJack:v2.7.3 ThatGuyJack:v2.7.2 ThatGuyJack:v2.7.1 ThatGuyJack:v2.7.0 ThatGuyJack:v2.6.2 ThatGuyJack:v2.6.1 ThatGuyJack:v2.6.0 ThatGuyJack:v2.5.0 ThatGuyJack:v2.4.0 ThatGuyJack:v2.3.1 ThatGuyJack:v2.3.0 ThatGuyJack:v2.2.4 ThatGuyJack:v2.2.3 ThatGuyJack:v2.2.2 ThatGuyJack:v2.2.1 ThatGuyJack:v2.2.0 ThatGuyJack:v2.1.2 ThatGuyJack:v2.1.1 ThatGuyJack:v2.1.0 ThatGuyJack:2.0.14 ThatGuyJack:2.0.13 ThatGuyJack:2.0.12 ThatGuyJack:2.0.11 ThatGuyJack:2.0.10 ThatGuyJack:2.0.9 ThatGuyJack:2.0.8 ThatGuyJack:2.0.7 ThatGuyJack:2.0.6 ThatGuyJack:2.0.5 ThatGuyJack:2.0.4 ThatGuyJack:2.0.3 ThatGuyJack:2.0.2 ThatGuyJack:2.0.0 ThatGuyJack:v2.0.0 ThatGuyJack:1.1.2 ThatGuyJack:1.1.1 ThatGuyJack:1.0.1

31 Commits
ebd9148813 ... react

Author SHA1 Message Date
Jamie Curnow
227e818040 Wrap intl in span identifying translation 2025-10-02 23:06:51 +10:00
Jamie Curnow
fcb08d3003 Bump version 2025-10-02 08:57:46 +10:00
Jamie Curnow
d0767baafa Proxy host modal basis, other improvements 2025-10-02 08:12:37 +10:00
Jamie Curnow
abdf8866e0 Auto sorting of locale files 2025-10-02 08:12:37 +10:00
Jamie Curnow
e36c1b99a5 Redirection hosts ui 2025-10-02 08:12:37 +10:00
Jamie Curnow
9339626933 Streams polish 2025-10-02 08:12:37 +10:00
Jamie Curnow
100a7e3ff8 Streams modal 2025-10-02 08:12:37 +10:00
Jamie Curnow
4866988772 Fix stream creation with new ssl cert 2025-10-02 08:12:37 +10:00
Jamie Curnow
8884e3b261 TZ for dev db 2025-10-02 08:12:37 +10:00
Jamie Curnow
a3d17249d0 User table polish and audit log updates 2025-10-02 08:12:37 +10:00
Jamie Curnow
fc8a5e8b97 404 hosts search 2025-10-02 08:12:37 +10:00
Jamie Curnow
da68fe29ac 404 hosts polish 2025-10-02 08:12:37 +10:00
Jamie Curnow
18537b9288 404 hosts add update complete, fix certbot renewals 
and remove the need for email and agreement on cert requests
 2025-10-02 08:12:37 +10:00
Jamie Curnow
d85e515ab9 Dark UI for react-select 2025-10-02 08:12:37 +10:00
Jamie Curnow
94375bbc5f DNS Provider configuration 2025-10-02 08:12:37 +10:00
Jamie Curnow
54e036276a API lib cleanup, 404 hosts WIP 2025-10-02 08:12:36 +10:00
Jamie Curnow
058f49ceea Certificates react table basis 2025-10-02 08:12:33 +10:00
Jamie Curnow
efcefe0c17 Fix custom cert writes, fix schema 2025-10-02 08:12:33 +10:00
Jamie Curnow
429046f32e Audit log table and modal 2025-10-02 08:12:33 +10:00
Jamie Curnow
8ad95c5695 Set password for users 2025-10-02 08:12:31 +10:00
Jamie Curnow
038de3e5f9 Refactor from Promises to async/await 2025-10-02 08:12:28 +10:00
Jamie Curnow
1928e554fd Fix proxy hosts routes throwing errors 2025-10-02 08:12:28 +10:00
Jamie Curnow
d40e290a89 Biome update 2025-10-02 08:12:24 +10:00
Jamie Curnow
fb2708d81d Fix cypress tests following user wizard changes 2025-10-02 08:12:09 +10:00
Jamie Curnow
7a6efd8ebb User Permissions Modal 2025-10-02 08:12:09 +10:00
Jamie Curnow
0b2fa826e0 Introducing the Setup Wizard for creating the first user 
- no longer setup a default
- still able to do that with env vars however
 2025-10-02 08:12:05 +10:00
Jamie Curnow
6ab7198e61 User table polishing, user delete modal 2025-10-02 08:11:17 +10:00
Jamie Curnow
61a92906f3 Notification toasts, nicer loading, add new user support 2025-10-02 08:11:14 +10:00
Jamie Curnow
fadec9751e React 2025-10-02 08:10:42 +10:00
Jamie Curnow
330993f028 Convert backend to ESM 
- About 5 years overdue
- Remove eslint, use bomejs instead
 2025-10-02 08:10:18 +10:00
Jamie Curnow
487fa6d31b Attempt to fix frontend build for node 22
All checks were successful
Close stale issues and PRs / stale (push) Successful in 54s
Details 
replaced node-sass with sass
 2025-09-10 10:38:21 +10:00
245 changed files with 10087 additions and 4335 deletions
Expand all files Collapse all files

2
.version
View File

@@ -1 +1 @@
2.12.6
2.13.0

10
README.md
View File

@@ -1,7 +1,7 @@
<p align="center">
<img src="https://nginxproxymanager.com/github.png">
<br><br>
<img src="https://img.shields.io/badge/version-2.12.6-green.svg?style=for-the-badge">
<img src="https://img.shields.io/badge/version-2.13.0-green.svg?style=for-the-badge">
<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager">
<img src="https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge">
</a>
@@ -88,14 +88,6 @@ Sometimes this can take a little bit because of the entropy of keys.
[http://127.0.0.1:81](http://127.0.0.1:81)
Default Admin User:
```
Email: admin@example.com
Password: changeme
```
Immediately after logging in with this default user you will be asked to modify your details and change your password.
## Contributing

2
backend/biome.json
View File

@@ -1,5 +1,5 @@
{
"$schema": "https://biomejs.dev/schemas/2.2.0/schema.json",
"$schema": "https://biomejs.dev/schemas/2.2.4/schema.json",
"vcs": {
"enabled": true,
"clientKind": "git",

765
backend/internal/access-list.js
View File

@@ -21,88 +21,74 @@ const internalAccessList = {
* @param {Object} data
* @returns {Promise}
*/
create: (access, data) => {
return access
.can("access_lists:create", data)
.then((/*access_data*/) => {
return accessListModel
.query()
.insertAndFetch({
name: data.name,
satisfy_any: data.satisfy_any,
pass_auth: data.pass_auth,
owner_user_id: access.token.getUserId(1),
})
.then(utils.omitRow(omissions()));
create: async (access, data) => {
await access.can("access_lists:create", data);
const row = await accessListModel
.query()
.insertAndFetch({
name: data.name,
satisfy_any: data.satisfy_any,
pass_auth: data.pass_auth,
owner_user_id: access.token.getUserId(1),
})
.then((row) => {
data.id = row.id;
.then(utils.omitRow(omissions()));
const promises = [];
data.id = row.id;
// Now add the items
data.items.map((item) => {
promises.push(
accessListAuthModel.query().insert({
access_list_id: row.id,
username: item.username,
password: item.password,
}),
);
return true;
});
const promises = [];
// Items
data.items.map((item) => {
promises.push(
accessListAuthModel.query().insert({
access_list_id: row.id,
username: item.username,
password: item.password,
}),
);
return true;
});
// Now add the clients
if (typeof data.clients !== "undefined" && data.clients) {
data.clients.map((client) => {
promises.push(
accessListClientModel.query().insert({
access_list_id: row.id,
address: client.address,
directive: client.directive,
}),
);
return true;
});
}
// Clients
data.clients?.map((client) => {
promises.push(
accessListClientModel.query().insert({
access_list_id: row.id,
address: client.address,
directive: client.directive,
}),
);
return true;
});
return Promise.all(promises);
})
.then(() => {
// re-fetch with expansions
return internalAccessList.get(
access,
{
id: data.id,
expand: ["owner", "items", "clients", "proxy_hosts.access_list.[clients,items]"],
},
true /* <- skip masking */,
);
})
.then((row) => {
// Audit log
data.meta = _.assign({}, data.meta || {}, row.meta);
await Promise.all(promises);
return internalAccessList
.build(row)
.then(() => {
if (Number.parseInt(row.proxy_host_count, 10)) {
return internalNginx.bulkGenerateConfigs("proxy_host", row.proxy_hosts);
}
})
.then(() => {
// Add to audit log
return internalAuditLog.add(access, {
action: "created",
object_type: "access-list",
object_id: row.id,
meta: internalAccessList.maskItems(data),
});
})
.then(() => {
return internalAccessList.maskItems(row);
});
});
// re-fetch with expansions
const freshRow = await internalAccessList.get(
access,
{
id: data.id,
expand: ["owner", "items", "clients", "proxy_hosts.access_list.[clients,items]"],
},
true // skip masking
);
// Audit log
data.meta = _.assign({}, data.meta || {}, freshRow.meta);
await internalAccessList.build(freshRow);
if (Number.parseInt(freshRow.proxy_host_count, 10)) {
await internalNginx.bulkGenerateConfigs("proxy_host", freshRow.proxy_hosts);
}
// Add to audit log
await internalAuditLog.add(access, {
action: "created",
object_type: "access-list",
object_id: freshRow.id,
meta: internalAccessList.maskItems(data),
});
return internalAccessList.maskItems(freshRow);
},
/**
@@ -113,127 +99,107 @@ const internalAccessList = {
* @param {String} [data.items]
* @return {Promise}
*/
update: (access, data) => {
return access
.can("access_lists:update", data.id)
.then((/*access_data*/) => {
return internalAccessList.get(access, { id: data.id });
})
.then((row) => {
if (row.id !== data.id) {
// Sanity check that something crazy hasn't happened
throw new errs.InternalValidationError(
`Access List could not be updated, IDs do not match: ${row.id} !== ${data.id}`,
update: async (access, data) => {
await access.can("access_lists:update", data.id);
const row = await internalAccessList.get(access, { id: data.id });
if (row.id !== data.id) {
// Sanity check that something crazy hasn't happened
throw new errs.InternalValidationError(
`Access List could not be updated, IDs do not match: ${row.id} !== ${data.id}`,
);
}
// patch name if specified
if (typeof data.name !== "undefined" && data.name) {
await accessListModel.query().where({ id: data.id }).patch({
name: data.name,
satisfy_any: data.satisfy_any,
pass_auth: data.pass_auth,
});
}
// Check for items and add/update/remove them
if (typeof data.items !== "undefined" && data.items) {
const promises = [];
const itemsToKeep = [];
data.items.map((item) => {
if (item.password) {
promises.push(
accessListAuthModel.query().insert({
access_list_id: data.id,
username: item.username,
password: item.password,
}),
);
} else {
// This was supplied with an empty password, which means keep it but don't change the password
itemsToKeep.push(item.username);
}
return true;
});
const query = accessListAuthModel.query().delete().where("access_list_id", data.id);
if (itemsToKeep.length) {
query.andWhere("username", "NOT IN", itemsToKeep);
}
await query;
// Add new items
if (promises.length) {
await Promise.all(promises);
}
}
// Check for clients and add/update/remove them
if (typeof data.clients !== "undefined" && data.clients) {
const clientPromises = [];
data.clients.map((client) => {
if (client.address) {
clientPromises.push(
accessListClientModel.query().insert({
access_list_id: data.id,
address: client.address,
directive: client.directive,
}),
);
}
})
.then(() => {
// patch name if specified
if (typeof data.name !== "undefined" && data.name) {
return accessListModel.query().where({ id: data.id }).patch({
name: data.name,
satisfy_any: data.satisfy_any,
pass_auth: data.pass_auth,
});
}
})
.then(() => {
// Check for items and add/update/remove them
if (typeof data.items !== "undefined" && data.items) {
const promises = [];
const items_to_keep = [];
data.items.map((item) => {
if (item.password) {
promises.push(
accessListAuthModel.query().insert({
access_list_id: data.id,
username: item.username,
password: item.password,
}),
);
} else {
// This was supplied with an empty password, which means keep it but don't change the password
items_to_keep.push(item.username);
}
return true;
});
const query = accessListAuthModel.query().delete().where("access_list_id", data.id);
if (items_to_keep.length) {
query.andWhere("username", "NOT IN", items_to_keep);
}
return query.then(() => {
// Add new items
if (promises.length) {
return Promise.all(promises);
}
});
}
})
.then(() => {
// Check for clients and add/update/remove them
if (typeof data.clients !== "undefined" && data.clients) {
const promises = [];
data.clients.map((client) => {
if (client.address) {
promises.push(
accessListClientModel.query().insert({
access_list_id: data.id,
address: client.address,
directive: client.directive,
}),
);
}
return true;
});
const query = accessListClientModel.query().delete().where("access_list_id", data.id);
return query.then(() => {
// Add new items
if (promises.length) {
return Promise.all(promises);
}
});
}
})
.then(() => {
// Add to audit log
return internalAuditLog.add(access, {
action: "updated",
object_type: "access-list",
object_id: data.id,
meta: internalAccessList.maskItems(data),
});
})
.then(() => {
// re-fetch with expansions
return internalAccessList.get(
access,
{
id: data.id,
expand: ["owner", "items", "clients", "proxy_hosts.[certificate,access_list.[clients,items]]"],
},
true /* <- skip masking */,
);
})
.then((row) => {
return internalAccessList
.build(row)
.then(() => {
if (Number.parseInt(row.proxy_host_count, 10)) {
return internalNginx.bulkGenerateConfigs("proxy_host", row.proxy_hosts);
}
})
.then(internalNginx.reload)
.then(() => {
return internalAccessList.maskItems(row);
});
return true;
});
const query = accessListClientModel.query().delete().where("access_list_id", data.id);
await query;
// Add new clitens
if (clientPromises.length) {
await Promise.all(clientPromises);
}
}
// Add to audit log
await internalAuditLog.add(access, {
action: "updated",
object_type: "access-list",
object_id: data.id,
meta: internalAccessList.maskItems(data),
});
// re-fetch with expansions
const freshRow = await internalAccessList.get(
access,
{
id: data.id,
expand: ["owner", "items", "clients", "proxy_hosts.[certificate,access_list.[clients,items]]"],
},
true // skip masking
);
await internalAccessList.build(freshRow)
if (Number.parseInt(row.proxy_host_count, 10)) {
await internalNginx.bulkGenerateConfigs("proxy_host", row.proxy_hosts);
}
await internalNginx.reload();
return internalAccessList.maskItems(row);
},
/**
@@ -242,55 +208,50 @@ const internalAccessList = {
* @param {Integer} data.id
* @param {Array} [data.expand]
* @param {Array} [data.omit]
* @param {Boolean} [skip_masking]
* @param {Boolean} [skipMasking]
* @return {Promise}
*/
get: (access, data, skip_masking) => {
get: async (access, data, skipMasking) => {
const thisData = data || {};
const accessData = await access.can("access_lists:get", thisData.id)
return access
.can("access_lists:get", thisData.id)
.then((accessData) => {
const query = accessListModel
.query()
.select("access_list.*", accessListModel.raw("COUNT(proxy_host.id) as proxy_host_count"))
.leftJoin("proxy_host", function () {
this.on("proxy_host.access_list_id", "=", "access_list.id").andOn(
"proxy_host.is_deleted",
"=",
0,
);
})
.where("access_list.is_deleted", 0)
.andWhere("access_list.id", thisData.id)
.groupBy("access_list.id")
.allowGraph("[owner,items,clients,proxy_hosts.[certificate,access_list.[clients,items]]]")
.first();
if (accessData.permission_visibility !== "all") {
query.andWhere("access_list.owner_user_id", access.token.getUserId(1));
}
if (typeof thisData.expand !== "undefined" && thisData.expand !== null) {
query.withGraphFetched(`[${thisData.expand.join(", ")}]`);
}
return query.then(utils.omitRow(omissions()));
const query = accessListModel
.query()
.select("access_list.*", accessListModel.raw("COUNT(proxy_host.id) as proxy_host_count"))
.leftJoin("proxy_host", function () {
this.on("proxy_host.access_list_id", "=", "access_list.id").andOn(
"proxy_host.is_deleted",
"=",
0,
);
})
.then((row) => {
let thisRow = row;
if (!row || !row.id) {
throw new errs.ItemNotFoundError(thisData.id);
}
if (!skip_masking && typeof thisRow.items !== "undefined" && thisRow.items) {
thisRow = internalAccessList.maskItems(thisRow);
}
// Custom omissions
if (typeof data.omit !== "undefined" && data.omit !== null) {
thisRow = _.omit(thisRow, data.omit);
}
return thisRow;
});
.where("access_list.is_deleted", 0)
.andWhere("access_list.id", thisData.id)
.groupBy("access_list.id")
.allowGraph("[owner,items,clients,proxy_hosts.[certificate,access_list.[clients,items]]]")
.first();
if (accessData.permission_visibility !== "all") {
query.andWhere("access_list.owner_user_id", access.token.getUserId(1));
}
if (typeof thisData.expand !== "undefined" && thisData.expand !== null) {
query.withGraphFetched(`[${thisData.expand.join(", ")}]`);
}
let row = await query.then(utils.omitRow(omissions()));
if (!row || !row.id) {
throw new errs.ItemNotFoundError(thisData.id);
}
if (!skipMasking && typeof row.items !== "undefined" && row.items) {
row = internalAccessList.maskItems(row);
}
// Custom omissions
if (typeof data.omit !== "undefined" && data.omit !== null) {
row = _.omit(row, data.omit);
}
return row;
},
/**
@@ -300,75 +261,64 @@ const internalAccessList = {
* @param {String} [data.reason]
* @returns {Promise}
*/
delete: (access, data) => {
return access
.can("access_lists:delete", data.id)
.then(() => {
return internalAccessList.get(access, { id: data.id, expand: ["proxy_hosts", "items", "clients"] });
})
.then((row) => {
if (!row || !row.id) {
throw new errs.ItemNotFoundError(data.id);
}
delete: async (access, data) => {
await access.can("access_lists:delete", data.id);
const row = await internalAccessList.get(access, {
id: data.id,
expand: ["proxy_hosts", "items", "clients"],
});
// 1. update row to be deleted
// 2. update any proxy hosts that were using it (ignoring permissions)
// 3. reconfigure those hosts
// 4. audit log
if (!row || !row.id) {
throw new errs.ItemNotFoundError(data.id);
}
// 1. update row to be deleted
return accessListModel
.query()
.where("id", row.id)
.patch({
is_deleted: 1,
})
.then(() => {
// 2. update any proxy hosts that were using it (ignoring permissions)
if (row.proxy_hosts) {
return proxyHostModel
.query()
.where("access_list_id", "=", row.id)
.patch({ access_list_id: 0 })
.then(() => {
// 3. reconfigure those hosts, then reload nginx
// 1. update row to be deleted
// 2. update any proxy hosts that were using it (ignoring permissions)
// 3. reconfigure those hosts
// 4. audit log
// set the access_list_id to zero for these items
row.proxy_hosts.map((_val, idx) => {
row.proxy_hosts[idx].access_list_id = 0;
return true;
});
// 1. update row to be deleted
await accessListModel
.query()
.where("id", row.id)
.patch({
is_deleted: 1,
});
return internalNginx.bulkGenerateConfigs("proxy_host", row.proxy_hosts);
})
.then(() => {
return internalNginx.reload();
});
}
})
.then(() => {
// delete the htpasswd file
const htpasswd_file = internalAccessList.getFilename(row);
// 2. update any proxy hosts that were using it (ignoring permissions)
if (row.proxy_hosts) {
await proxyHostModel
.query()
.where("access_list_id", "=", row.id)
.patch({ access_list_id: 0 });
try {
fs.unlinkSync(htpasswd_file);
} catch (_err) {
// do nothing
}
})
.then(() => {
// 4. audit log
return internalAuditLog.add(access, {
action: "deleted",
object_type: "access-list",
object_id: row.id,
meta: _.omit(internalAccessList.maskItems(row), ["is_deleted", "proxy_hosts"]),
});
});
})
.then(() => {
// 3. reconfigure those hosts, then reload nginx
// set the access_list_id to zero for these items
row.proxy_hosts.map((_val, idx) => {
row.proxy_hosts[idx].access_list_id = 0;
return true;
});
await internalNginx.bulkGenerateConfigs("proxy_host", row.proxy_hosts);
}
await internalNginx.reload();
// delete the htpasswd file
try {
fs.unlinkSync(internalAccessList.getFilename(row));
} catch (_err) {
// do nothing
}
// 4. audit log
await internalAuditLog.add(access, {
action: "deleted",
object_type: "access-list",
object_id: row.id,
meta: _.omit(internalAccessList.maskItems(row), ["is_deleted", "proxy_hosts"]),
});
return true;
},
/**
@@ -376,76 +326,73 @@ const internalAccessList = {
*
* @param {Access} access
* @param {Array} [expand]
* @param {String} [search_query]
* @param {String} [searchQuery]
* @returns {Promise}
*/
getAll: (access, expand, search_query) => {
return access
.can("access_lists:list")
.then((access_data) => {
const query = accessListModel
.query()
.select("access_list.*", accessListModel.raw("COUNT(proxy_host.id) as proxy_host_count"))
.leftJoin("proxy_host", function () {
this.on("proxy_host.access_list_id", "=", "access_list.id").andOn(
"proxy_host.is_deleted",
"=",
0,
);
})
.where("access_list.is_deleted", 0)
.groupBy("access_list.id")
.allowGraph("[owner,items,clients]")
.orderBy("access_list.name", "ASC");
getAll: async (access, expand, searchQuery) => {
const accessData = await access.can("access_lists:list");
if (access_data.permission_visibility !== "all") {
query.andWhere("access_list.owner_user_id", access.token.getUserId(1));
}
// Query is used for searching
if (typeof search_query === "string") {
query.where(function () {
this.where("name", "like", `%${search_query}%`);
});
}
if (typeof expand !== "undefined" && expand !== null) {
query.withGraphFetched(`[${expand.join(", ")}]`);
}
return query.then(utils.omitRows(omissions()));
const query = accessListModel
.query()
.select("access_list.*", accessListModel.raw("COUNT(proxy_host.id) as proxy_host_count"))
.leftJoin("proxy_host", function () {
this.on("proxy_host.access_list_id", "=", "access_list.id").andOn(
"proxy_host.is_deleted",
"=",
0,
);
})
.then((rows) => {
if (rows) {
rows.map((row, idx) => {
if (typeof row.items !== "undefined" && row.items) {
rows[idx] = internalAccessList.maskItems(row);
}
return true;
});
}
.where("access_list.is_deleted", 0)
.groupBy("access_list.id")
.allowGraph("[owner,items,clients]")
.orderBy("access_list.name", "ASC");
return rows;
if (accessData.permission_visibility !== "all") {
query.andWhere("access_list.owner_user_id", access.token.getUserId(1));
}
// Query is used for searching
if (typeof searchQuery === "string") {
query.where(function () {
this.where("name", "like", `%${searchQuery}%`);
});
}
if (typeof expand !== "undefined" && expand !== null) {
query.withGraphFetched(`[${expand.join(", ")}]`);
}
const rows = await query.then(utils.omitRows(omissions()));
if (rows) {
rows.map((row, idx) => {
if (typeof row.items !== "undefined" && row.items) {
rows[idx] = internalAccessList.maskItems(row);
}
return true;
});
}
return rows;
},
/**
* Report use
* Count is used in reports
*
* @param {Integer} user_id
* @param {Integer} userId
* @param {String} visibility
* @returns {Promise}
*/
getCount: (user_id, visibility) => {
const query = accessListModel.query().count("id as count").where("is_deleted", 0);
getCount: async (userId, visibility) => {
const query = accessListModel
.query()
.count("id as count")
.where("is_deleted", 0);
if (visibility !== "all") {
query.andWhere("owner_user_id", user_id);
query.andWhere("owner_user_id", userId);
}
return query.first().then((row) => {
return Number.parseInt(row.count, 10);
});
const row = await query.first();
return Number.parseInt(row.count, 10);
},
/**
@@ -455,20 +402,19 @@ const internalAccessList = {
maskItems: (list) => {
if (list && typeof list.items !== "undefined") {
list.items.map((val, idx) => {
let repeat_for = 8;
let first_char = "*";
let repeatFor = 8;
let firstChar = "*";
if (typeof val.password !== "undefined" && val.password) {
repeat_for = val.password.length - 1;
first_char = val.password.charAt(0);
repeatFor = val.password.length - 1;
firstChar = val.password.charAt(0);
}
list.items[idx].hint = first_char + "*".repeat(repeat_for);
list.items[idx].hint = firstChar + "*".repeat(repeatFor);
list.items[idx].password = "";
return true;
});
}
return list;
},
@@ -488,66 +434,55 @@ const internalAccessList = {
* @param {Array} list.items
* @returns {Promise}
*/
build: (list) => {
build: async (list) => {
logger.info(`Building Access file #${list.id} for: ${list.name}`);
return new Promise((resolve, reject) => {
const htpasswd_file = internalAccessList.getFilename(list);
const htpasswdFile = internalAccessList.getFilename(list);
// 1. remove any existing access file
try {
fs.unlinkSync(htpasswd_file);
} catch (_err) {
// do nothing
}
// 1. remove any existing access file
try {
fs.unlinkSync(htpasswdFile);
} catch (_err) {
// do nothing
}
// 2. create empty access file
try {
fs.writeFileSync(htpasswd_file, "", { encoding: "utf8" });
resolve(htpasswd_file);
} catch (err) {
reject(err);
}
}).then((htpasswd_file) => {
// 3. generate password for each user
if (list.items.length) {
return new Promise((resolve, reject) => {
batchflow(list.items)
.sequential()
.each((_i, item, next) => {
if (typeof item.password !== "undefined" && item.password.length) {
logger.info(`Adding: ${item.username}`);
// 2. create empty access file
fs.writeFileSync(htpasswdFile, '', {encoding: 'utf8'});
utils
.execFile("openssl", ["passwd", "-apr1", item.password])
.then((res) => {
try {
fs.appendFileSync(htpasswd_file, `${item.username}:${res}\n`, {
encoding: "utf8",
});
} catch (err) {
reject(err);
}
next();
})
.catch((err) => {
logger.error(err);
next(err);
});
}
})
.error((err) => {
logger.error(err);
reject(err);
})
.end((results) => {
logger.success(`Built Access file #${list.id} for: ${list.name}`);
resolve(results);
});
});
}
});
},
};
// 3. generate password for each user
if (list.items.length) {
await new Promise((resolve, reject) => {
batchflow(list.items).sequential()
.each((_i, item, next) => {
if (item.password?.length) {
logger.info(`Adding: ${item.username}`);
utils.execFile('openssl', ['passwd', '-apr1', item.password])
.then((res) => {
try {
fs.appendFileSync(htpasswdFile, `${item.username}:${res}\n`, {encoding: 'utf8'});
} catch (err) {
reject(err);
}
next();
})
.catch((err) => {
logger.error(err);
next(err);
});
}
})
.error((err) => {
logger.error(err);
reject(err);
})
.end((results) => {
logger.success(`Built Access file #${list.id} for: ${list.name}`);
resolve(results);
});
});
}
}
}
export default internalAccessList;

104
backend/internal/audit-log.js
View File

@@ -9,31 +9,60 @@ const internalAuditLog = {
*
* @param {Access} access
* @param {Array} [expand]
* @param {String} [search_query]
* @param {String} [searchQuery]
* @returns {Promise}
*/
getAll: (access, expand, search_query) => {
return access.can("auditlog:list").then(() => {
const query = auditLogModel
.query()
.orderBy("created_on", "DESC")
.orderBy("id", "DESC")
.limit(100)
.allowGraph("[user]");
getAll: async (access, expand, searchQuery) => {
await access.can("auditlog:list");
// Query is used for searching
if (typeof search_query === "string" && search_query.length > 0) {
query.where(function () {
this.where(castJsonIfNeed("meta"), "like", `%${search_query}`);
});
}
const query = auditLogModel
.query()
.orderBy("created_on", "DESC")
.orderBy("id", "DESC")
.limit(100)
.allowGraph("[user]");
if (typeof expand !== "undefined" && expand !== null) {
query.withGraphFetched(`[${expand.join(", ")}]`);
}
// Query is used for searching
if (typeof searchQuery === "string" && searchQuery.length > 0) {
query.where(function () {
this.where(castJsonIfNeed("meta"), "like", `%${searchQuery}`);
});
}
return query;
});
if (typeof expand !== "undefined" && expand !== null) {
query.withGraphFetched(`[${expand.join(", ")}]`);
}
return await query;
},
/**
* @param {Access} access
* @param {Object} [data]
* @param {Integer} [data.id] Defaults to the token user
* @param {Array} [data.expand]
* @return {Promise}
*/
get: async (access, data) => {
await access.can("auditlog:list");
const query = auditLogModel
.query()
.andWhere("id", data.id)
.allowGraph("[user]")
.first();
if (typeof data.expand !== "undefined" && data.expand !== null) {
query.withGraphFetched(`[${data.expand.join(", ")}]`);
}
const row = await query;
if (!row?.id) {
throw new errs.ItemNotFoundError(data.id);
}
return row;
},
/**
@@ -50,27 +79,22 @@ const internalAuditLog = {
* @param {Object} [data.meta]
* @returns {Promise}
*/
add: (access, data) => {
return new Promise((resolve, reject) => {
// Default the user id
if (typeof data.user_id === "undefined" || !data.user_id) {
data.user_id = access.token.getUserId(1);
}
add: async (access, data) => {
if (typeof data.user_id === "undefined" || !data.user_id) {
data.user_id = access.token.getUserId(1);
}
if (typeof data.action === "undefined" || !data.action) {
reject(new errs.InternalValidationError("Audit log entry must contain an Action"));
} else {
// Make sure at least 1 of the IDs are set and action
resolve(
auditLogModel.query().insert({
user_id: data.user_id,
action: data.action,
object_type: data.object_type || "",
object_id: data.object_id || 0,
meta: data.meta || {},
}),
);
}
if (typeof data.action === "undefined" || !data.action) {
throw new errs.InternalValidationError("Audit log entry must contain an Action");
}
// Make sure at least 1 of the IDs are set and action
return await auditLogModel.query().insert({
user_id: data.user_id,
action: data.action,
object_type: data.object_type || "",
object_id: data.object_id || 0,
meta: data.meta || {},
});
},
};

1075
backend/internal/certificate.js
View File

File diff suppressed because it is too large Load Diff

619
backend/internal/dead-host.js
View File

@@ -18,91 +18,79 @@ const internalDeadHost = {
* @param {Object} data
* @returns {Promise}
*/
create: (access, data) => {
create: async (access, data) => {
const createCertificate = data.certificate_id === "new";
if (createCertificate) {
delete data.certificate_id;
}
return access
.can("dead_hosts:create", data)
.then((/*access_data*/) => {
// Get a list of the domain names and check each of them against existing records
const domain_name_check_promises = [];
await access.can("dead_hosts:create", data);
data.domain_names.map((domain_name) => {
domain_name_check_promises.push(internalHost.isHostnameTaken(domain_name));
return true;
});
// Get a list of the domain names and check each of them against existing records
const domainNameCheckPromises = [];
return Promise.all(domain_name_check_promises).then((check_results) => {
check_results.map((result) => {
if (result.is_taken) {
throw new errs.ValidationError(`${result.hostname} is already in use`);
}
return true;
});
});
})
.then(() => {
// At this point the domains should have been checked
data.owner_user_id = access.token.getUserId(1);
const thisData = internalHost.cleanSslHstsData(data);
data.domain_names.map((domain_name) => {
domainNameCheckPromises.push(internalHost.isHostnameTaken(domain_name));
return true;
});
// Fix for db field not having a default value
// for this optional field.
if (typeof data.advanced_config === "undefined") {
thisData.advanced_config = "";
await Promise.all(domainNameCheckPromises).then((check_results) => {
check_results.map((result) => {
if (result.is_taken) {
throw new errs.ValidationError(`${result.hostname} is already in use`);
}
return deadHostModel.query().insertAndFetch(thisData).then(utils.omitRow(omissions()));
})
.then((row) => {
if (createCertificate) {
return internalCertificate
.createQuickCertificate(access, data)
.then((cert) => {
// update host with cert id
return internalDeadHost.update(access, {
id: row.id,
certificate_id: cert.id,
});
})
.then(() => {
return row;
});
}
return row;
})
.then((row) => {
// re-fetch with cert
return internalDeadHost.get(access, {
id: row.id,
expand: ["certificate", "owner"],
});
})
.then((row) => {
// Configure nginx
return internalNginx.configure(deadHostModel, "dead_host", row).then(() => {
return row;
});
})
.then((row) => {
data.meta = _.assign({}, data.meta || {}, row.meta);
// Add to audit log
return internalAuditLog
.add(access, {
action: "created",
object_type: "dead-host",
object_id: row.id,
meta: data,
})
.then(() => {
return row;
});
return true;
});
});
// At this point the domains should have been checked
data.owner_user_id = access.token.getUserId(1);
const thisData = internalHost.cleanSslHstsData(data);
// Fix for db field not having a default value
// for this optional field.
if (typeof data.advanced_config === "undefined") {
thisData.advanced_config = "";
}
const row = await deadHostModel.query()
.insertAndFetch(thisData)
.then(utils.omitRow(omissions()));
// Add to audit log
await internalAuditLog.add(access, {
action: "created",
object_type: "dead-host",
object_id: row.id,
meta: thisData,
});
if (createCertificate) {
const cert = await internalCertificate.createQuickCertificate(access, data);
// update host with cert id
await internalDeadHost.update(access, {
id: row.id,
certificate_id: cert.id,
});
}
// re-fetch with cert
const freshRow = await internalDeadHost.get(access, {
id: row.id,
expand: ["certificate", "owner"],
});
// Sanity check
if (createCertificate && !freshRow.certificate_id) {
throw new errs.InternalValidationError("The host was created but the Certificate creation failed.");
}
// Configure nginx
await internalNginx.configure(deadHostModel, "dead_host", freshRow);
return freshRow;
},
/**
@@ -111,107 +99,85 @@ const internalDeadHost = {
* @param {Number} data.id
* @return {Promise}
*/
update: (access, data) => {
let thisData = data;
const createCertificate = thisData.certificate_id === "new";
update: async (access, data) => {
const createCertificate = data.certificate_id === "new";
if (createCertificate) {
delete thisData.certificate_id;
delete data.certificate_id;
}
return access
.can("dead_hosts:update", thisData.id)
.then((/*access_data*/) => {
// Get a list of the domain names and check each of them against existing records
const domain_name_check_promises = [];
await access.can("dead_hosts:update", data.id);
if (typeof thisData.domain_names !== "undefined") {
thisData.domain_names.map((domain_name) => {
domain_name_check_promises.push(internalHost.isHostnameTaken(domain_name, "dead", data.id));
return true;
});
return Promise.all(domain_name_check_promises).then((check_results) => {
check_results.map((result) => {
if (result.is_taken) {
throw new errs.ValidationError(`${result.hostname} is already in use`);
}
return true;
});
});
}
})
.then(() => {
return internalDeadHost.get(access, { id: thisData.id });
})
.then((row) => {
if (row.id !== thisData.id) {
// Sanity check that something crazy hasn't happened
throw new errs.InternalValidationError(
`404 Host could not be updated, IDs do not match: ${row.id} !== ${thisData.id}`,
);
}
if (createCertificate) {
return internalCertificate
.createQuickCertificate(access, {
domain_names: thisData.domain_names || row.domain_names,
meta: _.assign({}, row.meta, thisData.meta),
})
.then((cert) => {
// update host with cert id
thisData.certificate_id = cert.id;
})
.then(() => {
return row;
});
}
return row;
})
.then((row) => {
// Add domain_names to the data in case it isn't there, so that the audit log renders correctly. The order is important here.
thisData = _.assign(
{},
{
domain_names: row.domain_names,
},
data,
);
thisData = internalHost.cleanSslHstsData(thisData, row);
return deadHostModel
.query()
.where({ id: thisData.id })
.patch(thisData)
.then((saved_row) => {
// Add to audit log
return internalAuditLog
.add(access, {
action: "updated",
object_type: "dead-host",
object_id: row.id,
meta: thisData,
})
.then(() => {
return _.omit(saved_row, omissions());
});
});
})
.then(() => {
return internalDeadHost
.get(access, {
id: thisData.id,
expand: ["owner", "certificate"],
})
.then((row) => {
// Configure nginx
return internalNginx.configure(deadHostModel, "dead_host", row).then((new_meta) => {
row.meta = new_meta;
return _.omit(internalHost.cleanRowCertificateMeta(row), omissions());
});
});
// Get a list of the domain names and check each of them against existing records
const domainNameCheckPromises = [];
if (typeof data.domain_names !== "undefined") {
data.domain_names.map((domainName) => {
domainNameCheckPromises.push(internalHost.isHostnameTaken(domainName, "dead", data.id));
return true;
});
const checkResults = await Promise.all(domainNameCheckPromises);
checkResults.map((result) => {
if (result.is_taken) {
throw new errs.ValidationError(`${result.hostname} is already in use`);
}
return true;
});
}
const row = await internalDeadHost.get(access, { id: data.id });
if (row.id !== data.id) {
// Sanity check that something crazy hasn't happened
throw new errs.InternalValidationError(
`404 Host could not be updated, IDs do not match: ${row.id} !== ${data.id}`,
);
}
if (createCertificate) {
const cert = await internalCertificate.createQuickCertificate(access, {
domain_names: data.domain_names || row.domain_names,
meta: _.assign({}, row.meta, data.meta),
});
// update host with cert id
data.certificate_id = cert.id;
}
// Add domain_names to the data in case it isn't there, so that the audit log renders correctly. The order is important here.
let thisData = _.assign(
{},
{
domain_names: row.domain_names,
},
data,
);
thisData = internalHost.cleanSslHstsData(thisData, row);
// do the row update
await deadHostModel
.query()
.where({id: data.id})
.patch(data);
// Add to audit log
await internalAuditLog.add(access, {
action: "updated",
object_type: "dead-host",
object_id: row.id,
meta: thisData,
});
const thisRow = await internalDeadHost
.get(access, {
id: thisData.id,
expand: ["owner", "certificate"],
});
// Configure nginx
const newMeta = await internalNginx.configure(deadHostModel, "dead_host", row);
row.meta = newMeta;
return _.omit(internalHost.cleanRowCertificateMeta(thisRow), omissions());
},
/**
@@ -222,39 +188,32 @@ const internalDeadHost = {
* @param {Array} [data.omit]
* @return {Promise}
*/
get: (access, data) => {
const thisData = data || {};
get: async (access, data) => {
const accessData = await access.can("dead_hosts:get", data.id);
const query = deadHostModel
.query()
.where("is_deleted", 0)
.andWhere("id", data.id)
.allowGraph("[owner,certificate]")
.first();
return access
.can("dead_hosts:get", thisData.id)
.then((access_data) => {
const query = deadHostModel
.query()
.where("is_deleted", 0)
.andWhere("id", dthisDataata.id)
.allowGraph("[owner,certificate]")
.first();
if (accessData.permission_visibility !== "all") {
query.andWhere("owner_user_id", access.token.getUserId(1));
}
if (access_data.permission_visibility !== "all") {
query.andWhere("owner_user_id", access.token.getUserId(1));
}
if (typeof data.expand !== "undefined" && data.expand !== null) {
query.withGraphFetched(`[${data.expand.join(", ")}]`);
}
if (typeof thisData.expand !== "undefined" && thisData.expand !== null) {
query.withGraphFetched(`[${data.expand.join(", ")}]`);
}
return query.then(utils.omitRow(omissions()));
})
.then((row) => {
if (!row || !row.id) {
throw new errs.ItemNotFoundError(thisData.id);
}
// Custom omissions
if (typeof thisData.omit !== "undefined" && thisData.omit !== null) {
return _.omit(row, thisData.omit);
}
return row;
});
const row = await query.then(utils.omitRow(omissions()));
if (!row || !row.id) {
throw new errs.ItemNotFoundError(data.id);
}
// Custom omissions
if (typeof data.omit !== "undefined" && data.omit !== null) {
return _.omit(row, data.omit);
}
return row;
},
/**
@@ -264,42 +223,32 @@ const internalDeadHost = {
* @param {String} [data.reason]
* @returns {Promise}
*/
delete: (access, data) => {
return access
.can("dead_hosts:delete", data.id)
.then(() => {
return internalDeadHost.get(access, { id: data.id });
})
.then((row) => {
if (!row || !row.id) {
throw new errs.ItemNotFoundError(data.id);
}
delete: async (access, data) => {
await access.can("dead_hosts:delete", data.id)
const row = await internalDeadHost.get(access, { id: data.id });
if (!row || !row.id) {
throw new errs.ItemNotFoundError(data.id);
}
return deadHostModel
.query()
.where("id", row.id)
.patch({
is_deleted: 1,
})
.then(() => {
// Delete Nginx Config
return internalNginx.deleteConfig("dead_host", row).then(() => {
return internalNginx.reload();
});
})
.then(() => {
// Add to audit log
return internalAuditLog.add(access, {
action: "deleted",
object_type: "dead-host",
object_id: row.id,
meta: _.omit(row, omissions()),
});
});
})
.then(() => {
return true;
await deadHostModel
.query()
.where("id", row.id)
.patch({
is_deleted: 1,
});
// Delete Nginx Config
await internalNginx.deleteConfig("dead_host", row);
await internalNginx.reload();
// Add to audit log
await internalAuditLog.add(access, {
action: "deleted",
object_type: "dead-host",
object_id: row.id,
meta: _.omit(row, omissions()),
});
return true;
},
/**
@@ -309,48 +258,39 @@ const internalDeadHost = {
* @param {String} [data.reason]
* @returns {Promise}
*/
enable: (access, data) => {
return access
.can("dead_hosts:update", data.id)
.then(() => {
return internalDeadHost.get(access, {
id: data.id,
expand: ["certificate", "owner"],
});
})
.then((row) => {
if (!row || !row.id) {
throw new errs.ItemNotFoundError(data.id);
}
if (row.enabled) {
throw new errs.ValidationError("Host is already enabled");
}
enable: async (access, data) => {
await access.can("dead_hosts:update", data.id)
const row = await internalDeadHost.get(access, {
id: data.id,
expand: ["certificate", "owner"],
});
if (!row || !row.id) {
throw new errs.ItemNotFoundError(data.id);
}
if (row.enabled) {
throw new errs.ValidationError("Host is already enabled");
}
row.enabled = 1;
row.enabled = 1;
return deadHostModel
.query()
.where("id", row.id)
.patch({
enabled: 1,
})
.then(() => {
// Configure nginx
return internalNginx.configure(deadHostModel, "dead_host", row);
})
.then(() => {
// Add to audit log
return internalAuditLog.add(access, {
action: "enabled",
object_type: "dead-host",
object_id: row.id,
meta: _.omit(row, omissions()),
});
});
})
.then(() => {
return true;
await deadHostModel
.query()
.where("id", row.id)
.patch({
enabled: 1,
});
// Configure nginx
await internalNginx.configure(deadHostModel, "dead_host", row);
// Add to audit log
await internalAuditLog.add(access, {
action: "enabled",
object_type: "dead-host",
object_id: row.id,
meta: _.omit(row, omissions()),
});
return true;
},
/**
@@ -360,47 +300,37 @@ const internalDeadHost = {
* @param {String} [data.reason]
* @returns {Promise}
*/
disable: (access, data) => {
return access
.can("dead_hosts:update", data.id)
.then(() => {
return internalDeadHost.get(access, { id: data.id });
})
.then((row) => {
if (!row || !row.id) {
throw new errs.ItemNotFoundError(data.id);
}
if (!row.enabled) {
throw new errs.ValidationError("Host is already disabled");
}
disable: async (access, data) => {
await access.can("dead_hosts:update", data.id)
const row = await internalDeadHost.get(access, { id: data.id });
if (!row || !row.id) {
throw new errs.ItemNotFoundError(data.id);
}
if (!row.enabled) {
throw new errs.ValidationError("Host is already disabled");
}
row.enabled = 0;
row.enabled = 0;
return deadHostModel
.query()
.where("id", row.id)
.patch({
enabled: 0,
})
.then(() => {
// Delete Nginx Config
return internalNginx.deleteConfig("dead_host", row).then(() => {
return internalNginx.reload();
});
})
.then(() => {
// Add to audit log
return internalAuditLog.add(access, {
action: "disabled",
object_type: "dead-host",
object_id: row.id,
meta: _.omit(row, omissions()),
});
});
})
.then(() => {
return true;
await deadHostModel
.query()
.where("id", row.id)
.patch({
enabled: 0,
});
// Delete Nginx Config
await internalNginx.deleteConfig("dead_host", row);
await internalNginx.reload();
// Add to audit log
await internalAuditLog.add(access, {
action: "disabled",
object_type: "dead-host",
object_id: row.id,
meta: _.omit(row, omissions()),
});
return true;
},
/**
@@ -408,44 +338,38 @@ const internalDeadHost = {
*
* @param {Access} access
* @param {Array} [expand]
* @param {String} [search_query]
* @param {String} [searchQuery]
* @returns {Promise}
*/
getAll: (access, expand, search_query) => {
return access
.can("dead_hosts:list")
.then((access_data) => {
const query = deadHostModel
.query()
.where("is_deleted", 0)
.groupBy("id")
.allowGraph("[owner,certificate]")
.orderBy(castJsonIfNeed("domain_names"), "ASC");
getAll: async (access, expand, searchQuery) => {
const accessData = await access.can("dead_hosts:list")
const query = deadHostModel
.query()
.where("is_deleted", 0)
.groupBy("id")
.allowGraph("[owner,certificate]")
.orderBy(castJsonIfNeed("domain_names"), "ASC");
if (access_data.permission_visibility !== "all") {
query.andWhere("owner_user_id", access.token.getUserId(1));
}
if (accessData.permission_visibility !== "all") {
query.andWhere("owner_user_id", access.token.getUserId(1));
}
// Query is used for searching
if (typeof search_query === "string" && search_query.length > 0) {
query.where(function () {
this.where(castJsonIfNeed("domain_names"), "like", `%${search_query}%`);
});
}
if (typeof expand !== "undefined" && expand !== null) {
query.withGraphFetched(`[${expand.join(", ")}]`);
}
return query.then(utils.omitRows(omissions()));
})
.then((rows) => {
if (typeof expand !== "undefined" && expand !== null && expand.indexOf("certificate") !== -1) {
return internalHost.cleanAllRowsCertificateMeta(rows);
}
return rows;
// Query is used for searching
if (typeof searchQuery === "string" && searchQuery.length > 0) {
query.where(function () {
this.where(castJsonIfNeed("domain_names"), "like", `%${searchQuery}%`);
});
}
if (typeof expand !== "undefined" && expand !== null) {
query.withGraphFetched(`[${expand.join(", ")}]`);
}
const rows = await query.then(utils.omitRows(omissions()));
if (typeof expand !== "undefined" && expand !== null && expand.indexOf("certificate") !== -1) {
internalHost.cleanAllRowsCertificateMeta(rows);
}
return rows;
},
/**
@@ -455,16 +379,15 @@ const internalDeadHost = {
* @param {String} visibility
* @returns {Promise}
*/
getCount: (user_id, visibility) => {
getCount: async (user_id, visibility) => {
const query = deadHostModel.query().count("id as count").where("is_deleted", 0);
if (visibility !== "all") {
query.andWhere("owner_user_id", user_id);
}
return query.first().then((row) => {
return Number.parseInt(row.count, 10);
});
const row = await query.first();
return Number.parseInt(row.count, 10);
},
};

55
backend/internal/host.js
View File

@@ -65,50 +65,33 @@ const internalHost = {
},
/**
* This returns all the host types with any domain listed in the provided domain_names array.
* This returns all the host types with any domain listed in the provided domainNames array.
* This is used by the certificates to temporarily disable any host that is using the domain
*
* @param {Array} domain_names
* @param {Array} domainNames
* @returns {Promise}
*/
getHostsWithDomains: (domain_names) => {
const promises = [
proxyHostModel.query().where("is_deleted", 0),
redirectionHostModel.query().where("is_deleted", 0),
deadHostModel.query().where("is_deleted", 0),
];
getHostsWithDomains: async (domainNames) => {
const responseObject = {
total_count: 0,
dead_hosts: [],
proxy_hosts: [],
redirection_hosts: [],
};
return Promise.all(promises).then((promises_results) => {
const response_object = {
total_count: 0,
dead_hosts: [],
proxy_hosts: [],
redirection_hosts: [],
};
const proxyRes = await proxyHostModel.query().where("is_deleted", 0);
responseObject.proxy_hosts = internalHost._getHostsWithDomains(proxyRes, domainNames);
responseObject.total_count += responseObject.proxy_hosts.length;
if (promises_results[0]) {
// Proxy Hosts
response_object.proxy_hosts = internalHost._getHostsWithDomains(promises_results[0], domain_names);
response_object.total_count += response_object.proxy_hosts.length;
}
const redirRes = await redirectionHostModel.query().where("is_deleted", 0);
responseObject.redirection_hosts = internalHost._getHostsWithDomains(redirRes, domainNames);
responseObject.total_count += responseObject.redirection_hosts.length;
if (promises_results[1]) {
// Redirection Hosts
response_object.redirection_hosts = internalHost._getHostsWithDomains(
promises_results[1],
domain_names,
);
response_object.total_count += response_object.redirection_hosts.length;
}
const deadRes = await deadHostModel.query().where("is_deleted", 0);
responseObject.dead_hosts = internalHost._getHostsWithDomains(deadRes, domainNames);
responseObject.total_count += responseObject.dead_hosts.length;
if (promises_results[2]) {
// Dead Hosts
response_object.dead_hosts = internalHost._getHostsWithDomains(promises_results[2], domain_names);
response_object.total_count += response_object.dead_hosts.length;
}
return response_object;
});
return responseObject;
},
/**

5
backend/internal/nginx.js
View File

@@ -301,8 +301,11 @@ const internalNginx = {
* @param {String} filename
*/
deleteFile: (filename) => {
logger.debug(`Deleting file: ${filename}`);
if (!fs.existsSync(filename)) {
return;
}
try {
logger.debug(`Deleting file: ${filename}`);
fs.unlinkSync(filename);
} catch (err) {
logger.debug("Could not delete file:", JSON.stringify(err, null, 2));

58
backend/internal/proxy-host.js
View File

@@ -420,41 +420,35 @@ const internalProxyHost = {
* @param {String} [search_query]
* @returns {Promise}
*/
getAll: (access, expand, search_query) => {
return access
.can("proxy_hosts:list")
.then((access_data) => {
const query = proxyHostModel
.query()
.where("is_deleted", 0)
.groupBy("id")
.allowGraph("[owner,access_list,certificate]")
.orderBy(castJsonIfNeed("domain_names"), "ASC");
getAll: async (access, expand, searchQuery) => {
const accessData = await access.can("proxy_hosts:list");
const query = proxyHostModel
.query()
.where("is_deleted", 0)
.groupBy("id")
.allowGraph("[owner,access_list,certificate]")
.orderBy(castJsonIfNeed("domain_names"), "ASC");
if (access_data.permission_visibility !== "all") {
query.andWhere("owner_user_id", access.token.getUserId(1));
}
if (accessData.permission_visibility !== "all") {
query.andWhere("owner_user_id", access.token.getUserId(1));
}
// Query is used for searching
if (typeof search_query === "string" && search_query.length > 0) {
query.where(function () {
this.where(castJsonIfNeed("domain_names"), "like", `%${search_query}%`);
});
}
if (typeof expand !== "undefined" && expand !== null) {
query.withGraphFetched(`[${expand.join(", ")}]`);
}
return query.then(utils.omitRows(omissions()));
})
.then((rows) => {
if (typeof expand !== "undefined" && expand !== null && expand.indexOf("certificate") !== -1) {
return internalHost.cleanAllRowsCertificateMeta(rows);
}
return rows;
// Query is used for searching
if (typeof searchQuery === "string" && searchQuery.length > 0) {
query.where(function () {
this.where(castJsonIfNeed("domain_names"), "like", `%${searchQuery}%`);
});
}
if (typeof expand !== "undefined" && expand !== null) {
query.withGraphFetched(`[${expand.join(", ")}]`);
}
const rows = await query.then(utils.omitRows(omissions()));
if (typeof expand !== "undefined" && expand !== null && expand.indexOf("certificate") !== -1) {
return internalHost.cleanAllRowsCertificateMeta(rows);
}
return rows;
},
/**

2
backend/internal/stream.js
View File

@@ -348,7 +348,7 @@ const internalStream = {
// Add to audit log
return internalAuditLog.add(access, {
action: "disabled",
object_type: "stream-host",
object_type: "stream",
object_id: row.id,
meta: _.omit(row, omissions()),
});

131
backend/internal/token.js
View File

@@ -18,67 +18,66 @@ export default {
* @param {String} [issuer]
* @returns {Promise}
*/
getTokenFromEmail: (data, issuer) => {
getTokenFromEmail: async (data, issuer) => {
const Token = TokenModel();
data.scope = data.scope || "user";
data.expiry = data.expiry || "1d";
return userModel
const user = await userModel
.query()
.where("email", data.identity.toLowerCase().trim())
.andWhere("is_deleted", 0)
.andWhere("is_disabled", 0)
.first()
.then((user) => {
if (user) {
// Get auth
return authModel
.query()
.where("user_id", "=", user.id)
.where("type", "=", "password")
.first()
.then((auth) => {
if (auth) {
return auth.verifyPassword(data.secret).then((valid) => {
if (valid) {
if (data.scope !== "user" && _.indexOf(user.roles, data.scope) === -1) {
// The scope requested doesn't exist as a role against the user,
// you shall not pass.
throw new errs.AuthError(`Invalid scope: ${data.scope}`);
}
.first();
// Create a moment of the expiry expression
const expiry = parseDatePeriod(data.expiry);
if (expiry === null) {
throw new errs.AuthError(`Invalid expiry time: ${data.expiry}`);
}
if (!user) {
throw new errs.AuthError(ERROR_MESSAGE_INVALID_AUTH);
}
return Token.create({
iss: issuer || "api",
attrs: {
id: user.id,
},
scope: [data.scope],
expiresIn: data.expiry,
}).then((signed) => {
return {
token: signed.token,
expires: expiry.toISOString(),
};
});
}
throw new errs.AuthError(
ERROR_MESSAGE_INVALID_AUTH,
ERROR_MESSAGE_INVALID_AUTH_I18N,
);
});
}
throw new errs.AuthError(ERROR_MESSAGE_INVALID_AUTH);
});
}
throw new errs.AuthError(ERROR_MESSAGE_INVALID_AUTH);
});
const auth = await authModel
.query()
.where("user_id", "=", user.id)
.where("type", "=", "password")
.first();
if (!auth) {
throw new errs.AuthError(ERROR_MESSAGE_INVALID_AUTH);
}
const valid = await auth.verifyPassword(data.secret);
if (!valid) {
throw new errs.AuthError(
ERROR_MESSAGE_INVALID_AUTH,
ERROR_MESSAGE_INVALID_AUTH_I18N,
);
}
if (data.scope !== "user" && _.indexOf(user.roles, data.scope) === -1) {
// The scope requested doesn't exist as a role against the user,
// you shall not pass.
throw new errs.AuthError(`Invalid scope: ${data.scope}`);
}
// Create a moment of the expiry expression
const expiry = parseDatePeriod(data.expiry);
if (expiry === null) {
throw new errs.AuthError(`Invalid expiry time: ${data.expiry}`);
}
const signed = await Token.create({
iss: issuer || "api",
attrs: {
id: user.id,
},
scope: [data.scope],
expiresIn: data.expiry,
});
return {
token: signed.token,
expires: expiry.toISOString(),
};
},
/**
@@ -88,7 +87,7 @@ export default {
* @param {String} [data.scope] Only considered if existing token scope is admin
* @returns {Promise}
*/
getFreshToken: (access, data) => {
getFreshToken: async (access, data) => {
const Token = TokenModel();
const thisData = data || {};
@@ -115,17 +114,17 @@ export default {
}
}
return Token.create({
const signed = await Token.create({
iss: "api",
scope: scope,
attrs: token_attrs,
expiresIn: thisData.expiry,
}).then((signed) => {
return {
token: signed.token,
expires: expiry.toISOString(),
};
});
return {
token: signed.token,
expires: expiry.toISOString(),
};
}
throw new error.AssertionFailedError("Existing token contained invalid user data");
},
@@ -134,24 +133,24 @@ export default {
* @param {Object} user
* @returns {Promise}
*/
getTokenFromUser: (user) => {
getTokenFromUser: async (user) => {
const expire = "1d";
const Token = new TokenModel();
const Token = TokenModel();
const expiry = parseDatePeriod(expire);
return Token.create({
const signed = await Token.create({
iss: "api",
attrs: {
id: user.id,
},
scope: ["user"],
expiresIn: expire,
}).then((signed) => {
return {
token: signed.token,
expires: expiry.toISOString(),
user: user,
};
});
return {
token: signed.token,
expires: expiry.toISOString(),
user: user,
};
},
};

121
backend/internal/user.js
View File

@@ -9,18 +9,21 @@ import internalAuditLog from "./audit-log.js";
import internalToken from "./token.js";
const omissions = () => {
return ["is_deleted"];
}
return ["is_deleted", "permissions.id", "permissions.user_id", "permissions.created_on", "permissions.modified_on"];
};
const DEFAULT_AVATAR = 'https://gravatar.com/avatar/e64c7d89f26bd1972efa854d13d7dd61?s=200&d=mp&r=g';
const DEFAULT_AVATAR = gravatar.url("admin@example.com", { default: "mm" });
const internalUser = {
/**
* Create a user can happen unauthenticated only once and only when no active users exist.
* Otherwise, a valid auth method is required.
*
* @param {Access} access
* @param {Object} data
* @returns {Promise}
*/
create: (access, data) => {
create: async (access, data) => {
const auth = data.auth || null;
delete data.auth;
@@ -31,61 +34,43 @@ const internalUser = {
data.is_disabled = data.is_disabled ? 1 : 0;
}
return access
.can("users:create", data)
.then(() => {
data.avatar = gravatar.url(data.email, { default: "mm" });
return userModel.query().insertAndFetch(data).then(utils.omitRow(omissions()));
})
.then((user) => {
if (auth) {
return authModel
.query()
.insert({
user_id: user.id,
type: auth.type,
secret: auth.secret,
meta: {},
})
.then(() => {
return user;
});
}
return user;
})
.then((user) => {
// Create permissions row as well
const is_admin = data.roles.indexOf("admin") !== -1;
await access.can("users:create", data);
data.avatar = gravatar.url(data.email, { default: "mm" });
return userPermissionModel
.query()
.insert({
user_id: user.id,
visibility: is_admin ? "all" : "user",
proxy_hosts: "manage",
redirection_hosts: "manage",
dead_hosts: "manage",
streams: "manage",
access_lists: "manage",
certificates: "manage",
})
.then(() => {
return internalUser.get(access, { id: user.id, expand: ["permissions"] });
});
})
.then((user) => {
// Add to audit log
return internalAuditLog
.add(access, {
action: "created",
object_type: "user",
object_id: user.id,
meta: user,
})
.then(() => {
return user;
});
let user = await userModel.query().insertAndFetch(data).then(utils.omitRow(omissions()));
if (auth) {
user = await authModel.query().insert({
user_id: user.id,
type: auth.type,
secret: auth.secret,
meta: {},
});
}
// Create permissions row as well
const isAdmin = data.roles.indexOf("admin") !== -1;
await userPermissionModel.query().insert({
user_id: user.id,
visibility: isAdmin ? "all" : "user",
proxy_hosts: "manage",
redirection_hosts: "manage",
dead_hosts: "manage",
streams: "manage",
access_lists: "manage",
certificates: "manage",
});
user = await internalUser.get(access, { id: user.id, expand: ["permissions"] });
await internalAuditLog.add(access, {
action: "created",
object_type: "user",
object_id: user.id,
meta: user,
});
return user;
},
/**
@@ -146,7 +131,7 @@ const internalUser = {
action: "updated",
object_type: "user",
object_id: user.id,
meta: data,
meta: { ...data, id: user.id, name: user.name },
})
.then(() => {
return user;
@@ -265,6 +250,14 @@ const internalUser = {
});
},
deleteAll: async () => {
await userModel
.query()
.patch({
is_deleted: 1,
});
},
/**
* This will only count the users
*
@@ -316,11 +309,7 @@ const internalUser = {
// Query is used for searching
if (typeof search_query === "string") {
query.where(function () {
this.where("name", "like", `%${search_query}%`).orWhere(
"email",
"like",
`%${search_query}%`,
);
this.where("name", "like", `%${search_query}%`).orWhere("email", "like", `%${search_query}%`);
});
}
@@ -337,11 +326,11 @@ const internalUser = {
* @param {Integer} [id_requested]
* @returns {[String]}
*/
getUserOmisionsByAccess: (access, id_requested) => {
getUserOmisionsByAccess: (access, idRequested) => {
let response = []; // Admin response
if (!access.token.hasScope("admin") && access.token.getUserId(0) !== id_requested) {
response = ["roles", "is_deleted"]; // Restricted response
if (!access.token.hasScope("admin") && access.token.getUserId(0) !== idRequested) {
response = ["is_deleted"]; // Restricted response
}
return response;

276
backend/lib/access.js
View File

@@ -22,13 +22,13 @@ import errs from "./error.js";
const __filename = fileURLToPath(import.meta.url);
const __dirname = dirname(__filename);
export default function (token_string) {
export default function (tokenString) {
const Token = TokenModel();
let token_data = null;
let tokenData = null;
let initialised = false;
const object_cache = {};
let allow_internal_access = false;
let user_roles = [];
const objectCache = {};
let allowInternalAccess = false;
let userRoles = [];
let permissions = {};
/**
@@ -36,65 +36,58 @@ export default function (token_string) {
*
* @returns {Promise}
*/
this.init = () => {
return new Promise((resolve, reject) => {
if (initialised) {
resolve();
} else if (!token_string) {
reject(new errs.PermissionError("Permission Denied"));
this.init = async () => {
if (initialised) {
return;
}
if (!tokenString) {
throw new errs.PermissionError("Permission Denied");
}
tokenData = await Token.load(tokenString);
// At this point we need to load the user from the DB and make sure they:
// - exist (and not soft deleted)
// - still have the appropriate scopes for this token
// This is only required when the User ID is supplied or if the token scope has `user`
if (
tokenData.attrs.id ||
(typeof tokenData.scope !== "undefined" && _.indexOf(tokenData.scope, "user") !== -1)
) {
// Has token user id or token user scope
const user = await userModel
.query()
.where("id", tokenData.attrs.id)
.andWhere("is_deleted", 0)
.andWhere("is_disabled", 0)
.allowGraph("[permissions]")
.withGraphFetched("[permissions]")
.first();
if (user) {
// make sure user has all scopes of the token
// The `user` role is not added against the user row, so we have to just add it here to get past this check.
user.roles.push("user");
let ok = true;
_.forEach(tokenData.scope, (scope_item) => {
if (_.indexOf(user.roles, scope_item) === -1) {
ok = false;
}
});
if (!ok) {
throw new errs.AuthError("Invalid token scope for User");
}
initialised = true;
userRoles = user.roles;
permissions = user.permissions;
} else {
resolve(
Token.load(token_string).then((data) => {
token_data = data;
// At this point we need to load the user from the DB and make sure they:
// - exist (and not soft deleted)
// - still have the appropriate scopes for this token
// This is only required when the User ID is supplied or if the token scope has `user`
if (
token_data.attrs.id ||
(typeof token_data.scope !== "undefined" &&
_.indexOf(token_data.scope, "user") !== -1)
) {
// Has token user id or token user scope
return userModel
.query()
.where("id", token_data.attrs.id)
.andWhere("is_deleted", 0)
.andWhere("is_disabled", 0)
.allowGraph("[permissions]")
.withGraphFetched("[permissions]")
.first()
.then((user) => {
if (user) {
// make sure user has all scopes of the token
// The `user` role is not added against the user row, so we have to just add it here to get past this check.
user.roles.push("user");
let is_ok = true;
_.forEach(token_data.scope, (scope_item) => {
if (_.indexOf(user.roles, scope_item) === -1) {
is_ok = false;
}
});
if (!is_ok) {
throw new errs.AuthError("Invalid token scope for User");
}
initialised = true;
user_roles = user.roles;
permissions = user.permissions;
} else {
throw new errs.AuthError("User cannot be loaded for Token");
}
});
}
initialised = true;
}),
);
throw new errs.AuthError("User cannot be loaded for Token");
}
});
}
initialised = true;
};
/**
@@ -102,82 +95,66 @@ export default function (token_string) {
* This only applies to USER token scopes, as all other tokens are not really bound
* by object scopes
*
* @param {String} object_type
* @param {String} objectType
* @returns {Promise}
*/
this.loadObjects = (object_type) => {
return new Promise((resolve, reject) => {
if (Token.hasScope("user")) {
if (
typeof token_data.attrs.id === "undefined" ||
!token_data.attrs.id
) {
reject(new errs.AuthError("User Token supplied without a User ID"));
} else {
const token_user_id = token_data.attrs.id ? token_data.attrs.id : 0;
let query;
this.loadObjects = async (objectType) => {
let objects = null;
if (typeof object_cache[object_type] === "undefined") {
switch (object_type) {
// USERS - should only return yourself
case "users":
resolve(token_user_id ? [token_user_id] : []);
break;
if (Token.hasScope("user")) {
if (typeof tokenData.attrs.id === "undefined" || !tokenData.attrs.id) {
throw new errs.AuthError("User Token supplied without a User ID");
}
// Proxy Hosts
case "proxy_hosts":
query = proxyHostModel
.query()
.select("id")
.andWhere("is_deleted", 0);
const tokenUserId = tokenData.attrs.id ? tokenData.attrs.id : 0;
if (permissions.visibility === "user") {
query.andWhere("owner_user_id", token_user_id);
}
if (typeof objectCache[objectType] !== "undefined") {
objects = objectCache[objectType];
} else {
switch (objectType) {
// USERS - should only return yourself
case "users":
objects = tokenUserId ? [tokenUserId] : [];
break;
resolve(
query.then((rows) => {
const result = [];
_.forEach(rows, (rule_row) => {
result.push(rule_row.id);
});
// Proxy Hosts
case "proxy_hosts": {
const query = proxyHostModel
.query()
.select("id")
.andWhere("is_deleted", 0);
// enum should not have less than 1 item
if (!result.length) {
result.push(0);
}
return result;
}),
);
break;
// DEFAULT: null
default:
resolve(null);
break;
if (permissions.visibility === "user") {
query.andWhere("owner_user_id", tokenUserId);
}
} else {
resolve(object_cache[object_type]);
const rows = await query;
objects = [];
_.forEach(rows, (ruleRow) => {
objects.push(ruleRow.id);
});
// enum should not have less than 1 item
if (!objects.length) {
objects.push(0);
}
break;
}
}
} else {
resolve(null);
objectCache[objectType] = objects;
}
}).then((objects) => {
object_cache[object_type] = objects;
return objects;
});
}
return objects;
};
/**
* Creates a schema object on the fly with the IDs and other values required to be checked against the permissionSchema
*
* @param {String} permission_label
* @param {String} permissionLabel
* @returns {Object}
*/
this.getObjectSchema = (permission_label) => {
const base_object_type = permission_label.split(":").shift();
this.getObjectSchema = async (permissionLabel) => {
const baseObjectType = permissionLabel.split(":").shift();
const schema = {
$id: "objects",
@@ -200,41 +177,39 @@ export default function (token_string) {
},
};
return this.loadObjects(base_object_type).then((object_result) => {
if (typeof object_result === "object" && object_result !== null) {
schema.properties[base_object_type] = {
type: "number",
enum: object_result,
minimum: 1,
};
} else {
schema.properties[base_object_type] = {
type: "number",
minimum: 1,
};
}
const result = await this.loadObjects(baseObjectType);
if (typeof result === "object" && result !== null) {
schema.properties[baseObjectType] = {
type: "number",
enum: result,
minimum: 1,
};
} else {
schema.properties[baseObjectType] = {
type: "number",
minimum: 1,
};
}
return schema;
});
return schema;
};
// here:
return {
token: Token,
/**
*
* @param {Boolean} [allow_internal]
* @param {Boolean} [allowInternal]
* @returns {Promise}
*/
load: (allow_internal) => {
return new Promise((resolve /*, reject*/) => {
if (token_string) {
resolve(Token.load(token_string));
} else {
allow_internal_access = allow_internal;
resolve(allow_internal_access || null);
}
});
load: async (allowInternal) => {
if (tokenString) {
return await Token.load(tokenString);
}
allowInternalAccess = allowInternal;
return allowInternal || null;
},
reloadObjects: this.loadObjects,
@@ -246,7 +221,7 @@ export default function (token_string) {
* @returns {Promise}
*/
can: async (permission, data) => {
if (allow_internal_access === true) {
if (allowInternalAccess === true) {
return true;
}
@@ -258,7 +233,7 @@ export default function (token_string) {
[permission]: {
data: data,
scope: Token.get("scope"),
roles: user_roles,
roles: userRoles,
permission_visibility: permissions.visibility,
permission_proxy_hosts: permissions.proxy_hosts,
permission_redirection_hosts: permissions.redirection_hosts,
@@ -277,10 +252,9 @@ export default function (token_string) {
properties: {},
};
const rawData = fs.readFileSync(
`${__dirname}/access/${permission.replace(/:/gim, "-")}.json`,
{ encoding: "utf8" },
);
const rawData = fs.readFileSync(`${__dirname}/access/${permission.replace(/:/gim, "-")}.json`, {
encoding: "utf8",
});
permissionSchema.properties[permission] = JSON.parse(rawData);
const ajv = new Ajv({

79
backend/lib/certbot.js
View File

@@ -6,46 +6,6 @@ import utils from "./utils.js";
const CERTBOT_VERSION_REPLACEMENT = "$(certbot --version | grep -Eo '[0-9](\\.[0-9]+)+')";
/**
* @param {array} pluginKeys
*/
const installPlugins = async (pluginKeys) => {
let hasErrors = false;
return new Promise((resolve, reject) => {
if (pluginKeys.length === 0) {
resolve();
return;
}
batchflow(pluginKeys)
.sequential()
.each((_i, pluginKey, next) => {
certbot
.installPlugin(pluginKey)
.then(() => {
next();
})
.catch((err) => {
hasErrors = true;
next(err);
});
})
.error((err) => {
logger.error(err.message);
})
.end(() => {
if (hasErrors) {
reject(
new errs.CommandError("Some plugins failed to install. Please check the logs above", 1),
);
} else {
resolve();
}
});
});
};
/**
* Installs a cerbot plugin given the key for the object from
* ../global/certbot-dns-plugins.json
@@ -84,4 +44,43 @@ const installPlugin = async (pluginKey) => {
});
};
/**
* @param {array} pluginKeys
*/
const installPlugins = async (pluginKeys) => {
let hasErrors = false;
return new Promise((resolve, reject) => {
if (pluginKeys.length === 0) {
resolve();
return;
}
batchflow(pluginKeys)
.sequential()
.each((_i, pluginKey, next) => {
installPlugin(pluginKey)
.then(() => {
next();
})
.catch((err) => {
hasErrors = true;
next(err);
});
})
.error((err) => {
logger.error(err.message);
})
.end(() => {
if (hasErrors) {
reject(
new errs.CommandError("Some plugins failed to install. Please check the logs above", 1),
);
} else {
resolve();
}
});
});
};
export { installPlugins, installPlugin };

9
backend/lib/config.js
View File

@@ -199,6 +199,13 @@ const isPostgres = () => {
*/
const isDebugMode = () => !!process.env.DEBUG;
/**
* Are we running in CI?
*
* @returns {boolean}
*/
const isCI = () => process.env.CI === 'true' && process.env.DEBUG === 'true';
/**
* Returns a public key
*
@@ -234,4 +241,4 @@ const useLetsencryptServer = () => {
return null;
};
export { configHas, configGet, isSqlite, isMysql, isPostgres, isDebugMode, getPrivateKey, getPublicKey, useLetsencryptStaging, useLetsencryptServer };
export { isCI, configHas, configGet, isSqlite, isMysql, isPostgres, isDebugMode, getPrivateKey, getPublicKey, useLetsencryptStaging, useLetsencryptServer };

5
backend/lib/error.js
View File

@@ -14,7 +14,10 @@ const errs = {
Error.captureStackTrace(this, this.constructor);
this.name = this.constructor.name;
this.previous = previous;
this.message = `Item Not Found - ${id}`;
this.message = "Not Found";
if (id) {
this.message = `Not Found - ${id}`;
}
this.public = true;
this.status = 404;
},

20
backend/lib/express/jwt-decode.js
View File

@@ -1,15 +1,15 @@
import Access from "../access.js";
export default () => {
return (_, res, next) => {
res.locals.access = null;
const access = new Access(res.locals.token || null);
access
.load()
.then(() => {
res.locals.access = access;
next();
})
.catch(next);
return async (_, res, next) => {
try {
res.locals.access = null;
const access = new Access(res.locals.token || null);
await access.load();
res.locals.access = access;
next();
} catch (err) {
next(err);
}
};
};

41
backend/lib/validator/api.js
View File

@@ -14,30 +14,27 @@ const ajv = new Ajv({
* @param {Object} payload
* @returns {Promise}
*/
function apiValidator(schema, payload /*, description*/) {
return new Promise(function Promise_apiValidator(resolve, reject) {
if (schema === null) {
reject(new errs.ValidationError("Schema is undefined"));
return;
}
const apiValidator = async (schema, payload /*, description*/) => {
if (!schema) {
throw new errs.ValidationError("Schema is undefined");
}
if (typeof payload === "undefined") {
reject(new errs.ValidationError("Payload is undefined"));
return;
}
// Can't use falsy check here as valid payload could be `0` or `false`
if (typeof payload === "undefined") {
throw new errs.ValidationError("Payload is undefined");
}
const validate = ajv.compile(schema);
const valid = validate(payload);
const validate = ajv.compile(schema);
const valid = validate(payload);
if (valid && !validate.errors) {
resolve(payload);
} else {
const message = ajv.errorsText(validate.errors);
const err = new errs.ValidationError(message);
err.debug = [validate.errors, payload];
reject(err);
}
});
}
if (valid && !validate.errors) {
return payload;
}
const message = ajv.errorsText(validate.errors);
const err = new errs.ValidationError(message);
err.debug = [validate.errors, payload];
throw err;
};
export default apiValidator;

30
backend/models/token.js
View File

@@ -13,7 +13,7 @@ import { global as logger } from "../logger.js";
const ALGO = "RS256";
export default () => {
let token_data = {};
let tokenData = {};
const self = {
/**
@@ -37,7 +37,7 @@ export default () => {
if (err) {
reject(err);
} else {
token_data = payload;
tokenData = payload;
resolve({
token: token,
payload: payload,
@@ -72,18 +72,18 @@ export default () => {
reject(err);
}
} else {
token_data = result;
tokenData = result;
// Hack: some tokens out in the wild have a scope of 'all' instead of 'user'.
// For 30 days at least, we need to replace 'all' with user.
if (
typeof token_data.scope !== "undefined" &&
_.indexOf(token_data.scope, "all") !== -1
typeof tokenData.scope !== "undefined" &&
_.indexOf(tokenData.scope, "all") !== -1
) {
token_data.scope = ["user"];
tokenData.scope = ["user"];
}
resolve(token_data);
resolve(tokenData);
}
},
);
@@ -100,15 +100,15 @@ export default () => {
* @param {String} scope
* @returns {Boolean}
*/
hasScope: (scope) => typeof token_data.scope !== "undefined" && _.indexOf(token_data.scope, scope) !== -1,
hasScope: (scope) => typeof tokenData.scope !== "undefined" && _.indexOf(tokenData.scope, scope) !== -1,
/**
* @param {String} key
* @return {*}
*/
get: (key) => {
if (typeof token_data[key] !== "undefined") {
return token_data[key];
if (typeof tokenData[key] !== "undefined") {
return tokenData[key];
}
return null;
@@ -119,20 +119,20 @@ export default () => {
* @param {*} value
*/
set: (key, value) => {
token_data[key] = value;
tokenData[key] = value;
},
/**
* @param [default_value]
* @param [defaultValue]
* @returns {Integer}
*/
getUserId: (default_value) => {
getUserId: (defaultValue) => {
const attrs = self.get("attrs");
if (attrs && typeof attrs.id !== "undefined" && attrs.id) {
if (attrs?.id) {
return attrs.id;
}
return default_value || 0;
return defaultValue || 0;
},
};

2
backend/nodemon.json
View File

@@ -3,5 +3,5 @@
"ignore": [
"data"
],
"ext": "js json ejs"
"ext": "js json ejs cjs"
}

2
backend/package.json
View File

@@ -38,7 +38,7 @@
},
"devDependencies": {
"@apidevtools/swagger-parser": "^10.1.0",
"@biomejs/biome": "2.2.0",
"@biomejs/biome": "^2.2.4",
"chalk": "4.1.2",
"nodemon": "^2.0.2"
},

99
backend/routes/audit-log.js
View File

@@ -2,6 +2,7 @@ import express from "express";
import internalAuditLog from "../internal/audit-log.js";
import jwtdecode from "../lib/express/jwt-decode.js";
import validator from "../lib/validator/index.js";
import { express as logger } from "../logger.js";
const router = express.Router({
caseSensitive: true,
@@ -24,31 +25,83 @@ router
*
* Retrieve all logs
*/
.get((req, res, next) => {
validator(
{
additionalProperties: false,
properties: {
expand: {
$ref: "common#/properties/expand",
},
query: {
$ref: "common#/properties/query",
.get(async (req, res, next) => {
try {
const data = await validator(
{
additionalProperties: false,
properties: {
expand: {
$ref: "common#/properties/expand",
},
query: {
$ref: "common#/properties/query",
},
},
},
},
{
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
query: typeof req.query.query === "string" ? req.query.query : null,
},
)
.then((data) => {
return internalAuditLog.getAll(res.locals.access, data.expand, data.query);
})
.then((rows) => {
res.status(200).send(rows);
})
.catch(next);
{
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
query: typeof req.query.query === "string" ? req.query.query : null,
},
);
const rows = await internalAuditLog.getAll(res.locals.access, data.expand, data.query);
res.status(200).send(rows);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
/**
* Specific audit log entry
*
* /api/audit-log/123
*/
router
.route("/:event_id")
.options((_, res) => {
res.sendStatus(204);
})
.all(jwtdecode())
/**
* GET /api/audit-log/123
*
* Retrieve a specific entry
*/
.get(async (req, res, next) => {
try {
const data = await validator(
{
required: ["event_id"],
additionalProperties: false,
properties: {
event_id: {
$ref: "common#/properties/id",
},
expand: {
$ref: "common#/properties/expand",
},
},
},
{
event_id: req.params.event_id,
expand:
typeof req.query.expand === "string"
? req.query.expand.split(",")
: null,
},
);
const item = await internalAuditLog.get(res.locals.access, {
id: data.event_id,
expand: data.expand,
});
res.status(200).send(item);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
export default router;

5
backend/routes/main.js
View File

@@ -1,6 +1,7 @@
import express from "express";
import errs from "../lib/error.js";
import pjson from "../package.json" with { type: "json" };
import { isSetup } from "../setup.js";
import auditLogRoutes from "./audit-log.js";
import accessListsRoutes from "./nginx/access_lists.js";
import certificatesHostsRoutes from "./nginx/certificates.js";
@@ -24,11 +25,13 @@ const router = express.Router({
* Health Check
* GET /api
*/
router.get("/", (_, res /*, next*/) => {
router.get("/", async (_, res /*, next*/) => {
const version = pjson.version.split("-").shift().split(".");
const setup = await isSetup();
res.status(200).send({
status: "OK",
setup,
version: {
major: Number.parseInt(version.shift(), 10),
minor: Number.parseInt(version.shift(), 10),

156
backend/routes/nginx/access_lists.js
View File

@@ -3,6 +3,7 @@ import internalAccessList from "../../internal/access-list.js";
import jwtdecode from "../../lib/express/jwt-decode.js";
import apiValidator from "../../lib/validator/api.js";
import validator from "../../lib/validator/index.js";
import { express as logger } from "../../logger.js";
import { getValidationSchema } from "../../schema/index.js";
const router = express.Router({
@@ -26,31 +27,31 @@ router
*
* Retrieve all access-lists
*/
.get((req, res, next) => {
validator(
{
additionalProperties: false,
properties: {
expand: {
$ref: "common#/properties/expand",
},
query: {
$ref: "common#/properties/query",
.get(async (req, res, next) => {
try {
const data = await validator(
{
additionalProperties: false,
properties: {
expand: {
$ref: "common#/properties/expand",
},
query: {
$ref: "common#/properties/query",
},
},
},
},
{
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
query: typeof req.query.query === "string" ? req.query.query : null,
},
)
.then((data) => {
return internalAccessList.getAll(res.locals.access, data.expand, data.query);
})
.then((rows) => {
res.status(200).send(rows);
})
.catch(next);
{
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
query: typeof req.query.query === "string" ? req.query.query : null,
},
);
const rows = await internalAccessList.getAll(res.locals.access, data.expand, data.query);
res.status(200).send(rows);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
})
/**
@@ -58,15 +59,15 @@ router
*
* Create a new access-list
*/
.post((req, res, next) => {
apiValidator(getValidationSchema("/nginx/access-lists", "post"), req.body)
.then((payload) => {
return internalAccessList.create(res.locals.access, payload);
})
.then((result) => {
res.status(201).send(result);
})
.catch(next);
.post(async (req, res, next) => {
try {
const payload = await apiValidator(getValidationSchema("/nginx/access-lists", "post"), req.body);
const result = await internalAccessList.create(res.locals.access, payload);
res.status(201).send(result);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
/**
@@ -86,35 +87,35 @@ router
*
* Retrieve a specific access-list
*/
.get((req, res, next) => {
validator(
{
required: ["list_id"],
additionalProperties: false,
properties: {
list_id: {
$ref: "common#/properties/id",
},
expand: {
$ref: "common#/properties/expand",
.get(async (req, res, next) => {
try {
const data = await validator(
{
required: ["list_id"],
additionalProperties: false,
properties: {
list_id: {
$ref: "common#/properties/id",
},
expand: {
$ref: "common#/properties/expand",
},
},
},
},
{
list_id: req.params.list_id,
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
},
)
.then((data) => {
return internalAccessList.get(res.locals.access, {
id: Number.parseInt(data.list_id, 10),
expand: data.expand,
});
})
.then((row) => {
res.status(200).send(row);
})
.catch(next);
{
list_id: req.params.list_id,
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
},
);
const row = await internalAccessList.get(res.locals.access, {
id: Number.parseInt(data.list_id, 10),
expand: data.expand,
});
res.status(200).send(row);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
})
/**
@@ -122,16 +123,16 @@ router
*
* Update and existing access-list
*/
.put((req, res, next) => {
apiValidator(getValidationSchema("/nginx/access-lists/{listID}", "put"), req.body)
.then((payload) => {
payload.id = Number.parseInt(req.params.list_id, 10);
return internalAccessList.update(res.locals.access, payload);
})
.then((result) => {
res.status(200).send(result);
})
.catch(next);
.put(async (req, res, next) => {
try {
const payload = await apiValidator(getValidationSchema("/nginx/access-lists/{listID}", "put"), req.body);
payload.id = Number.parseInt(req.params.list_id, 10);
const result = await internalAccessList.update(res.locals.access, payload);
res.status(200).send(result);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
})
/**
@@ -139,13 +140,16 @@ router
*
* Delete and existing access-list
*/
.delete((req, res, next) => {
internalAccessList
.delete(res.locals.access, { id: Number.parseInt(req.params.list_id, 10) })
.then((result) => {
res.status(200).send(result);
})
.catch(next);
.delete(async (req, res, next) => {
try {
const result = await internalAccessList.delete(res.locals.access, {
id: Number.parseInt(req.params.list_id, 10),
});
res.status(200).send(result);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
export default router;

314
backend/routes/nginx/certificates.js
View File

@@ -1,9 +1,11 @@
import express from "express";
import dnsPlugins from "../../global/certbot-dns-plugins.json" with { type: "json" };
import internalCertificate from "../../internal/certificate.js";
import errs from "../../lib/error.js";
import jwtdecode from "../../lib/express/jwt-decode.js";
import apiValidator from "../../lib/validator/api.js";
import validator from "../../lib/validator/index.js";
import { express as logger } from "../../logger.js";
import { getValidationSchema } from "../../schema/index.js";
const router = express.Router({
@@ -27,31 +29,31 @@ router
*
* Retrieve all certificates
*/
.get((req, res, next) => {
validator(
{
additionalProperties: false,
properties: {
expand: {
$ref: "common#/properties/expand",
},
query: {
$ref: "common#/properties/query",
.get(async (req, res, next) => {
try {
const data = await validator(
{
additionalProperties: false,
properties: {
expand: {
$ref: "common#/properties/expand",
},
query: {
$ref: "common#/properties/query",
},
},
},
},
{
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
query: typeof req.query.query === "string" ? req.query.query : null,
},
)
.then((data) => {
return internalCertificate.getAll(res.locals.access, data.expand, data.query);
})
.then((rows) => {
res.status(200).send(rows);
})
.catch(next);
{
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
query: typeof req.query.query === "string" ? req.query.query : null,
},
);
const rows = await internalCertificate.getAll(res.locals.access, data.expand, data.query);
res.status(200).send(rows);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
})
/**
@@ -59,16 +61,50 @@ router
*
* Create a new certificate
*/
.post((req, res, next) => {
apiValidator(getValidationSchema("/nginx/certificates", "post"), req.body)
.then((payload) => {
req.setTimeout(900000); // 15 minutes timeout
return internalCertificate.create(res.locals.access, payload);
})
.then((result) => {
res.status(201).send(result);
})
.catch(next);
.post(async (req, res, next) => {
try {
const payload = await apiValidator(getValidationSchema("/nginx/certificates", "post"), req.body);
req.setTimeout(900000); // 15 minutes timeout
const result = await internalCertificate.create(res.locals.access, payload);
res.status(201).send(result);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
/**
* /api/nginx/certificates/dns-providers
*/
router
.route("/dns-providers")
.options((_, res) => {
res.sendStatus(204);
})
.all(jwtdecode())
/**
* GET /api/nginx/certificates/dns-providers
*
* Get list of all supported DNS providers
*/
.get(async (req, res, next) => {
try {
if (!res.locals.access.token.getUserId()) {
throw new errs.PermissionError("Login required");
}
const clean = Object.keys(dnsPlugins).map((key) => ({
id: key,
name: dnsPlugins[key].name,
credentials: dnsPlugins[key].credentials,
}));
clean.sort((a, b) => a.name.localeCompare(b.name));
res.status(200).send(clean);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
/**
@@ -88,18 +124,57 @@ router
*
* Test HTTP challenge for domains
*/
.get((req, res, next) => {
.get(async (req, res, next) => {
if (req.query.domains === undefined) {
next(new errs.ValidationError("Domains are required as query parameters"));
return;
}
internalCertificate
.testHttpsChallenge(res.locals.access, JSON.parse(req.query.domains))
.then((result) => {
res.status(200).send(result);
})
.catch(next);
try {
const result = await internalCertificate.testHttpsChallenge(
res.locals.access,
JSON.parse(req.query.domains),
);
res.status(200).send(result);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
/**
* Validate Certs before saving
*
* /api/nginx/certificates/validate
*/
router
.route("/validate")
.options((_, res) => {
res.sendStatus(204);
})
.all(jwtdecode())
/**
* POST /api/nginx/certificates/validate
*
* Validate certificates
*/
.post(async (req, res, next) => {
if (!req.files) {
res.status(400).send({ error: "No files were uploaded" });
return;
}
try {
const result = await internalCertificate.validate({
files: req.files,
});
res.status(200).send(result);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
/**
@@ -119,35 +194,35 @@ router
*
* Retrieve a specific certificate
*/
.get((req, res, next) => {
validator(
{
required: ["certificate_id"],
additionalProperties: false,
properties: {
certificate_id: {
$ref: "common#/properties/id",
},
expand: {
$ref: "common#/properties/expand",
.get(async (req, res, next) => {
try {
const data = await validator(
{
required: ["certificate_id"],
additionalProperties: false,
properties: {
certificate_id: {
$ref: "common#/properties/id",
},
expand: {
$ref: "common#/properties/expand",
},
},
},
},
{
certificate_id: req.params.certificate_id,
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
},
)
.then((data) => {
return internalCertificate.get(res.locals.access, {
id: Number.parseInt(data.certificate_id, 10),
expand: data.expand,
});
})
.then((row) => {
res.status(200).send(row);
})
.catch(next);
{
certificate_id: req.params.certificate_id,
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
},
);
const row = await internalCertificate.get(res.locals.access, {
id: Number.parseInt(data.certificate_id, 10),
expand: data.expand,
});
res.status(200).send(row);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
})
/**
@@ -155,13 +230,16 @@ router
*
* Update and existing certificate
*/
.delete((req, res, next) => {
internalCertificate
.delete(res.locals.access, { id: Number.parseInt(req.params.certificate_id, 10) })
.then((result) => {
res.status(200).send(result);
})
.catch(next);
.delete(async (req, res, next) => {
try {
const result = await internalCertificate.delete(res.locals.access, {
id: Number.parseInt(req.params.certificate_id, 10),
});
res.status(200).send(result);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
/**
@@ -181,19 +259,21 @@ router
*
* Upload certificates
*/
.post((req, res, next) => {
.post(async (req, res, next) => {
if (!req.files) {
res.status(400).send({ error: "No files were uploaded" });
} else {
internalCertificate
.upload(res.locals.access, {
id: Number.parseInt(req.params.certificate_id, 10),
files: req.files,
})
.then((result) => {
res.status(200).send(result);
})
.catch(next);
return;
}
try {
const result = await internalCertificate.upload(res.locals.access, {
id: Number.parseInt(req.params.certificate_id, 10),
files: req.files,
});
res.status(200).send(result);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
@@ -214,16 +294,17 @@ router
*
* Renew certificate
*/
.post((req, res, next) => {
.post(async (req, res, next) => {
req.setTimeout(900000); // 15 minutes timeout
internalCertificate
.renew(res.locals.access, {
try {
const result = await internalCertificate.renew(res.locals.access, {
id: Number.parseInt(req.params.certificate_id, 10),
})
.then((result) => {
res.status(200).send(result);
})
.catch(next);
});
res.status(200).send(result);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
/**
@@ -243,46 +324,15 @@ router
*
* Renew certificate
*/
.get((req, res, next) => {
internalCertificate
.download(res.locals.access, {
.get(async (req, res, next) => {
try {
const result = await internalCertificate.download(res.locals.access, {
id: Number.parseInt(req.params.certificate_id, 10),
})
.then((result) => {
res.status(200).download(result.fileName);
})
.catch(next);
});
/**
* Validate Certs before saving
*
* /api/nginx/certificates/validate
*/
router
.route("/validate")
.options((_, res) => {
res.sendStatus(204);
})
.all(jwtdecode())
/**
* POST /api/nginx/certificates/validate
*
* Validate certificates
*/
.post((req, res, next) => {
if (!req.files) {
res.status(400).send({ error: "No files were uploaded" });
} else {
internalCertificate
.validate({
files: req.files,
})
.then((result) => {
res.status(200).send(result);
})
.catch(next);
});
res.status(200).download(result.fileName);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});

190
backend/routes/nginx/dead_hosts.js
View File

@@ -3,6 +3,7 @@ import internalDeadHost from "../../internal/dead-host.js";
import jwtdecode from "../../lib/express/jwt-decode.js";
import apiValidator from "../../lib/validator/api.js";
import validator from "../../lib/validator/index.js";
import { express as logger } from "../../logger.js";
import { getValidationSchema } from "../../schema/index.js";
const router = express.Router({
@@ -26,31 +27,31 @@ router
*
* Retrieve all dead-hosts
*/
.get((req, res, next) => {
validator(
{
additionalProperties: false,
properties: {
expand: {
$ref: "common#/properties/expand",
},
query: {
$ref: "common#/properties/query",
.get(async (req, res, next) => {
try {
const data = await validator(
{
additionalProperties: false,
properties: {
expand: {
$ref: "common#/properties/expand",
},
query: {
$ref: "common#/properties/query",
},
},
},
},
{
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
query: typeof req.query.query === "string" ? req.query.query : null,
},
)
.then((data) => {
return internalDeadHost.getAll(res.locals.access, data.expand, data.query);
})
.then((rows) => {
res.status(200).send(rows);
})
.catch(next);
{
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
query: typeof req.query.query === "string" ? req.query.query : null,
},
);
const rows = await internalDeadHost.getAll(res.locals.access, data.expand, data.query);
res.status(200).send(rows);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
})
/**
@@ -58,15 +59,15 @@ router
*
* Create a new dead-host
*/
.post((req, res, next) => {
apiValidator(getValidationSchema("/nginx/dead-hosts", "post"), req.body)
.then((payload) => {
return internalDeadHost.create(res.locals.access, payload);
})
.then((result) => {
res.status(201).send(result);
})
.catch(next);
.post(async (req, res, next) => {
try {
const payload = await apiValidator(getValidationSchema("/nginx/dead-hosts", "post"), req.body);
const result = await internalDeadHost.create(res.locals.access, payload);
res.status(201).send(result);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
/**
@@ -86,66 +87,69 @@ router
*
* Retrieve a specific dead-host
*/
.get((req, res, next) => {
validator(
{
required: ["host_id"],
additionalProperties: false,
properties: {
host_id: {
$ref: "common#/properties/id",
},
expand: {
$ref: "common#/properties/expand",
.get(async (req, res, next) => {
try {
const data = await validator(
{
required: ["host_id"],
additionalProperties: false,
properties: {
host_id: {
$ref: "common#/properties/id",
},
expand: {
$ref: "common#/properties/expand",
},
},
},
},
{
host_id: req.params.host_id,
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
},
)
.then((data) => {
return internalDeadHost.get(res.locals.access, {
id: Number.parseInt(data.host_id, 10),
expand: data.expand,
});
})
.then((row) => {
res.status(200).send(row);
})
.catch(next);
{
host_id: req.params.host_id,
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
},
);
const row = await internalDeadHost.get(res.locals.access, {
id: Number.parseInt(data.host_id, 10),
expand: data.expand,
});
res.status(200).send(row);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
})
/**
* PUT /api/nginx/dead-hosts/123
*
* Update and existing dead-host
* Update an existing dead-host
*/
.put((req, res, next) => {
apiValidator(getValidationSchema("/nginx/dead-hosts/{hostID}", "put"), req.body)
.then((payload) => {
payload.id = Number.parseInt(req.params.host_id, 10);
return internalDeadHost.update(res.locals.access, payload);
})
.then((result) => {
res.status(200).send(result);
})
.catch(next);
.put(async (req, res, next) => {
try {
const payload = await apiValidator(getValidationSchema("/nginx/dead-hosts/{hostID}", "put"), req.body);
payload.id = Number.parseInt(req.params.host_id, 10);
const result = await internalDeadHost.update(res.locals.access, payload);
res.status(200).send(result);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
})
/**
* DELETE /api/nginx/dead-hosts/123
*
* Update and existing dead-host
* Delete a dead-host
*/
.delete((req, res, next) => {
internalDeadHost
.delete(res.locals.access, { id: Number.parseInt(req.params.host_id, 10) })
.then((result) => {
res.status(200).send(result);
})
.catch(next);
.delete(async (req, res, next) => {
try {
const result = await internalDeadHost.delete(res.locals.access, {
id: Number.parseInt(req.params.host_id, 10),
});
res.status(200).send(result);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
/**
@@ -163,13 +167,16 @@ router
/**
* POST /api/nginx/dead-hosts/123/enable
*/
.post((req, res, next) => {
internalDeadHost
.enable(res.locals.access, { id: Number.parseInt(req.params.host_id, 10) })
.then((result) => {
res.status(200).send(result);
})
.catch(next);
.post(async (req, res, next) => {
try {
const result = await internalDeadHost.enable(res.locals.access, {
id: Number.parseInt(req.params.host_id, 10),
});
res.status(200).send(result);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
/**
@@ -188,12 +195,13 @@ router
* POST /api/nginx/dead-hosts/123/disable
*/
.post((req, res, next) => {
internalDeadHost
.disable(res.locals.access, { id: Number.parseInt(req.params.host_id, 10) })
.then((result) => {
res.status(200).send(result);
})
.catch(next);
try {
const result = internalDeadHost.disable(res.locals.access, { id: Number.parseInt(req.params.host_id, 10) });
res.status(200).send(result);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
export default router;

190
backend/routes/nginx/proxy_hosts.js
View File

@@ -3,6 +3,7 @@ import internalProxyHost from "../../internal/proxy-host.js";
import jwtdecode from "../../lib/express/jwt-decode.js";
import apiValidator from "../../lib/validator/api.js";
import validator from "../../lib/validator/index.js";
import { express as logger } from "../../logger.js";
import { getValidationSchema } from "../../schema/index.js";
const router = express.Router({
@@ -26,31 +27,31 @@ router
*
* Retrieve all proxy-hosts
*/
.get((req, res, next) => {
validator(
{
additionalProperties: false,
properties: {
expand: {
$ref: "common#/properties/expand",
},
query: {
$ref: "common#/properties/query",
.get(async (req, res, next) => {
try {
const data = await validator(
{
additionalProperties: false,
properties: {
expand: {
$ref: "common#/properties/expand",
},
query: {
$ref: "common#/properties/query",
},
},
},
},
{
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
query: typeof req.query.query === "string" ? req.query.query : null,
},
)
.then((data) => {
return internalProxyHost.getAll(res.locals.access, data.expand, data.query);
})
.then((rows) => {
res.status(200).send(rows);
})
.catch(next);
{
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
query: typeof req.query.query === "string" ? req.query.query : null,
},
);
const rows = await internalProxyHost.getAll(res.locals.access, data.expand, data.query);
res.status(200).send(rows);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
})
/**
@@ -58,15 +59,15 @@ router
*
* Create a new proxy-host
*/
.post((req, res, next) => {
apiValidator(getValidationSchema("/nginx/proxy-hosts", "post"), req.body)
.then((payload) => {
return internalProxyHost.create(res.locals.access, payload);
})
.then((result) => {
res.status(201).send(result);
})
.catch(next);
.post(async (req, res, next) => {
try {
const payload = await apiValidator(getValidationSchema("/nginx/proxy-hosts", "post"), req.body);
const result = await internalProxyHost.create(res.locals.access, payload);
res.status(201).send(result);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
/**
@@ -86,35 +87,35 @@ router
*
* Retrieve a specific proxy-host
*/
.get((req, res, next) => {
validator(
{
required: ["host_id"],
additionalProperties: false,
properties: {
host_id: {
$ref: "common#/properties/id",
},
expand: {
$ref: "common#/properties/expand",
.get(async (req, res, next) => {
try {
const data = await validator(
{
required: ["host_id"],
additionalProperties: false,
properties: {
host_id: {
$ref: "common#/properties/id",
},
expand: {
$ref: "common#/properties/expand",
},
},
},
},
{
host_id: req.params.host_id,
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
},
)
.then((data) => {
return internalProxyHost.get(res.locals.access, {
id: Number.parseInt(data.host_id, 10),
expand: data.expand,
});
})
.then((row) => {
res.status(200).send(row);
})
.catch(next);
{
host_id: req.params.host_id,
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
},
);
const row = await internalProxyHost.get(res.locals.access, {
id: Number.parseInt(data.host_id, 10),
expand: data.expand,
});
res.status(200).send(row);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
})
/**
@@ -122,16 +123,16 @@ router
*
* Update and existing proxy-host
*/
.put((req, res, next) => {
apiValidator(getValidationSchema("/nginx/proxy-hosts/{hostID}", "put"), req.body)
.then((payload) => {
payload.id = Number.parseInt(req.params.host_id, 10);
return internalProxyHost.update(res.locals.access, payload);
})
.then((result) => {
res.status(200).send(result);
})
.catch(next);
.put(async (req, res, next) => {
try {
const payload = await apiValidator(getValidationSchema("/nginx/proxy-hosts/{hostID}", "put"), req.body);
payload.id = Number.parseInt(req.params.host_id, 10);
const result = await internalProxyHost.update(res.locals.access, payload);
res.status(200).send(result);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
})
/**
@@ -139,13 +140,16 @@ router
*
* Update and existing proxy-host
*/
.delete((req, res, next) => {
internalProxyHost
.delete(res.locals.access, { id: Number.parseInt(req.params.host_id, 10) })
.then((result) => {
res.status(200).send(result);
})
.catch(next);
.delete(async (req, res, next) => {
try {
const result = await internalProxyHost.delete(res.locals.access, {
id: Number.parseInt(req.params.host_id, 10),
});
res.status(200).send(result);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
/**
@@ -163,13 +167,16 @@ router
/**
* POST /api/nginx/proxy-hosts/123/enable
*/
.post((req, res, next) => {
internalProxyHost
.enable(res.locals.access, { id: Number.parseInt(req.params.host_id, 10) })
.then((result) => {
res.status(200).send(result);
})
.catch(next);
.post(async (req, res, next) => {
try {
const result = await internalProxyHost.enable(res.locals.access, {
id: Number.parseInt(req.params.host_id, 10),
});
res.status(200).send(result);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
/**
@@ -187,13 +194,16 @@ router
/**
* POST /api/nginx/proxy-hosts/123/disable
*/
.post((req, res, next) => {
internalProxyHost
.disable(res.locals.access, { id: Number.parseInt(req.params.host_id, 10) })
.then((result) => {
res.status(200).send(result);
})
.catch(next);
.post(async (req, res, next) => {
try {
const result = await internalProxyHost.disable(res.locals.access, {
id: Number.parseInt(req.params.host_id, 10),
});
res.status(200).send(result);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
export default router;

193
backend/routes/nginx/redirection_hosts.js
View File

@@ -3,6 +3,7 @@ import internalRedirectionHost from "../../internal/redirection-host.js";
import jwtdecode from "../../lib/express/jwt-decode.js";
import apiValidator from "../../lib/validator/api.js";
import validator from "../../lib/validator/index.js";
import { express as logger } from "../../logger.js";
import { getValidationSchema } from "../../schema/index.js";
const router = express.Router({
@@ -26,31 +27,31 @@ router
*
* Retrieve all redirection-hosts
*/
.get((req, res, next) => {
validator(
{
additionalProperties: false,
properties: {
expand: {
$ref: "common#/properties/expand",
},
query: {
$ref: "common#/properties/query",
.get(async (req, res, next) => {
try {
const data = await validator(
{
additionalProperties: false,
properties: {
expand: {
$ref: "common#/properties/expand",
},
query: {
$ref: "common#/properties/query",
},
},
},
},
{
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
query: typeof req.query.query === "string" ? req.query.query : null,
},
)
.then((data) => {
return internalRedirectionHost.getAll(res.locals.access, data.expand, data.query);
})
.then((rows) => {
res.status(200).send(rows);
})
.catch(next);
{
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
query: typeof req.query.query === "string" ? req.query.query : null,
},
);
const rows = await internalRedirectionHost.getAll(res.locals.access, data.expand, data.query);
res.status(200).send(rows);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
})
/**
@@ -58,15 +59,15 @@ router
*
* Create a new redirection-host
*/
.post((req, res, next) => {
apiValidator(getValidationSchema("/nginx/redirection-hosts", "post"), req.body)
.then((payload) => {
return internalRedirectionHost.create(res.locals.access, payload);
})
.then((result) => {
res.status(201).send(result);
})
.catch(next);
.post(async (req, res, next) => {
try {
const payload = await apiValidator(getValidationSchema("/nginx/redirection-hosts", "post"), req.body);
const result = await internalRedirectionHost.create(res.locals.access, payload);
res.status(201).send(result);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
/**
@@ -86,35 +87,35 @@ router
*
* Retrieve a specific redirection-host
*/
.get((req, res, next) => {
validator(
{
required: ["host_id"],
additionalProperties: false,
properties: {
host_id: {
$ref: "common#/properties/id",
},
expand: {
$ref: "common#/properties/expand",
.get(async (req, res, next) => {
try {
const data = await validator(
{
required: ["host_id"],
additionalProperties: false,
properties: {
host_id: {
$ref: "common#/properties/id",
},
expand: {
$ref: "common#/properties/expand",
},
},
},
},
{
host_id: req.params.host_id,
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
},
)
.then((data) => {
return internalRedirectionHost.get(res.locals.access, {
id: Number.parseInt(data.host_id, 10),
expand: data.expand,
});
})
.then((row) => {
res.status(200).send(row);
})
.catch(next);
{
host_id: req.params.host_id,
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
},
);
const row = await internalRedirectionHost.get(res.locals.access, {
id: Number.parseInt(data.host_id, 10),
expand: data.expand,
});
res.status(200).send(row);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
})
/**
@@ -122,16 +123,19 @@ router
*
* Update and existing redirection-host
*/
.put((req, res, next) => {
apiValidator(getValidationSchema("/nginx/redirection-hosts/{hostID}", "put"), req.body)
.then((payload) => {
payload.id = Number.parseInt(req.params.host_id, 10);
return internalRedirectionHost.update(res.locals.access, payload);
})
.then((result) => {
res.status(200).send(result);
})
.catch(next);
.put(async (req, res, next) => {
try {
const payload = await apiValidator(
getValidationSchema("/nginx/redirection-hosts/{hostID}", "put"),
req.body,
);
payload.id = Number.parseInt(req.params.host_id, 10);
const result = await internalRedirectionHost.update(res.locals.access, payload);
res.status(200).send(result);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
})
/**
@@ -139,13 +143,16 @@ router
*
* Update and existing redirection-host
*/
.delete((req, res, next) => {
internalRedirectionHost
.delete(res.locals.access, { id: Number.parseInt(req.params.host_id, 10) })
.then((result) => {
res.status(200).send(result);
})
.catch(next);
.delete(async (req, res, next) => {
try {
const result = await internalRedirectionHost.delete(res.locals.access, {
id: Number.parseInt(req.params.host_id, 10),
});
res.status(200).send(result);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
/**
@@ -163,13 +170,16 @@ router
/**
* POST /api/nginx/redirection-hosts/123/enable
*/
.post((req, res, next) => {
internalRedirectionHost
.enable(res.locals.access, { id: Number.parseInt(req.params.host_id, 10) })
.then((result) => {
res.status(200).send(result);
})
.catch(next);
.post(async (req, res, next) => {
try {
const result = await internalRedirectionHost.enable(res.locals.access, {
id: Number.parseInt(req.params.host_id, 10),
});
res.status(200).send(result);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
/**
@@ -187,13 +197,16 @@ router
/**
* POST /api/nginx/redirection-hosts/123/disable
*/
.post((req, res, next) => {
internalRedirectionHost
.disable(res.locals.access, { id: Number.parseInt(req.params.host_id, 10) })
.then((result) => {
res.status(200).send(result);
})
.catch(next);
.post(async (req, res, next) => {
try {
const result = await internalRedirectionHost.disable(res.locals.access, {
id: Number.parseInt(req.params.host_id, 10),
});
res.status(200).send(result);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
export default router;

190
backend/routes/nginx/streams.js
View File

@@ -3,6 +3,7 @@ import internalStream from "../../internal/stream.js";
import jwtdecode from "../../lib/express/jwt-decode.js";
import apiValidator from "../../lib/validator/api.js";
import validator from "../../lib/validator/index.js";
import { express as logger } from "../../logger.js";
import { getValidationSchema } from "../../schema/index.js";
const router = express.Router({
@@ -26,31 +27,31 @@ router
*
* Retrieve all streams
*/
.get((req, res, next) => {
validator(
{
additionalProperties: false,
properties: {
expand: {
$ref: "common#/properties/expand",
},
query: {
$ref: "common#/properties/query",
.get(async (req, res, next) => {
try {
const data = await validator(
{
additionalProperties: false,
properties: {
expand: {
$ref: "common#/properties/expand",
},
query: {
$ref: "common#/properties/query",
},
},
},
},
{
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
query: typeof req.query.query === "string" ? req.query.query : null,
},
)
.then((data) => {
return internalStream.getAll(res.locals.access, data.expand, data.query);
})
.then((rows) => {
res.status(200).send(rows);
})
.catch(next);
{
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
query: typeof req.query.query === "string" ? req.query.query : null,
},
);
const rows = await internalStream.getAll(res.locals.access, data.expand, data.query);
res.status(200).send(rows);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
})
/**
@@ -58,15 +59,15 @@ router
*
* Create a new stream
*/
.post((req, res, next) => {
apiValidator(getValidationSchema("/nginx/streams", "post"), req.body)
.then((payload) => {
return internalStream.create(res.locals.access, payload);
})
.then((result) => {
res.status(201).send(result);
})
.catch(next);
.post(async (req, res, next) => {
try {
const payload = await apiValidator(getValidationSchema("/nginx/streams", "post"), req.body);
const result = await internalStream.create(res.locals.access, payload);
res.status(201).send(result);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
/**
@@ -86,35 +87,35 @@ router
*
* Retrieve a specific stream
*/
.get((req, res, next) => {
validator(
{
required: ["stream_id"],
additionalProperties: false,
properties: {
stream_id: {
$ref: "common#/properties/id",
},
expand: {
$ref: "common#/properties/expand",
.get(async (req, res, next) => {
try {
const data = await validator(
{
required: ["stream_id"],
additionalProperties: false,
properties: {
stream_id: {
$ref: "common#/properties/id",
},
expand: {
$ref: "common#/properties/expand",
},
},
},
},
{
stream_id: req.params.stream_id,
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
},
)
.then((data) => {
return internalStream.get(res.locals.access, {
id: Number.parseInt(data.stream_id, 10),
expand: data.expand,
});
})
.then((row) => {
res.status(200).send(row);
})
.catch(next);
{
stream_id: req.params.stream_id,
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
},
);
const row = await internalStream.get(res.locals.access, {
id: Number.parseInt(data.stream_id, 10),
expand: data.expand,
});
res.status(200).send(row);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
})
/**
@@ -122,16 +123,16 @@ router
*
* Update and existing stream
*/
.put((req, res, next) => {
apiValidator(getValidationSchema("/nginx/streams/{streamID}", "put"), req.body)
.then((payload) => {
payload.id = Number.parseInt(req.params.stream_id, 10);
return internalStream.update(res.locals.access, payload);
})
.then((result) => {
res.status(200).send(result);
})
.catch(next);
.put(async (req, res, next) => {
try {
const payload = await apiValidator(getValidationSchema("/nginx/streams/{streamID}", "put"), req.body);
payload.id = Number.parseInt(req.params.stream_id, 10);
const result = await internalStream.update(res.locals.access, payload);
res.status(200).send(result);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
})
/**
@@ -139,13 +140,16 @@ router
*
* Update and existing stream
*/
.delete((req, res, next) => {
internalStream
.delete(res.locals.access, { id: Number.parseInt(req.params.stream_id, 10) })
.then((result) => {
res.status(200).send(result);
})
.catch(next);
.delete(async (req, res, next) => {
try {
const result = await internalStream.delete(res.locals.access, {
id: Number.parseInt(req.params.stream_id, 10),
});
res.status(200).send(result);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
/**
@@ -163,13 +167,16 @@ router
/**
* POST /api/nginx/streams/123/enable
*/
.post((req, res, next) => {
internalStream
.enable(res.locals.access, { id: Number.parseInt(req.params.host_id, 10) })
.then((result) => {
res.status(200).send(result);
})
.catch(next);
.post(async (req, res, next) => {
try {
const result = await internalStream.enable(res.locals.access, {
id: Number.parseInt(req.params.host_id, 10),
});
res.status(200).send(result);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
/**
@@ -187,13 +194,16 @@ router
/**
* POST /api/nginx/streams/123/disable
*/
.post((req, res, next) => {
internalStream
.disable(res.locals.access, { id: Number.parseInt(req.params.host_id, 10) })
.then((result) => {
res.status(200).send(result);
})
.catch(next);
.post(async (req, res, next) => {
try {
const result = await internalStream.disable(res.locals.access, {
id: Number.parseInt(req.params.host_id, 10),
});
res.status(200).send(result);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
export default router;

17
backend/routes/reports.js
View File

@@ -1,6 +1,7 @@
import express from "express";
import internalReport from "../internal/report.js";
import jwtdecode from "../lib/express/jwt-decode.js";
import { express as logger } from "../logger.js";
const router = express.Router({
caseSensitive: true,
@@ -13,17 +14,19 @@ router
.options((_, res) => {
res.sendStatus(204);
})
.all(jwtdecode())
/**
* GET /reports/hosts
*/
.get(jwtdecode(), (_, res, next) => {
internalReport
.getHostsReport(res.locals.access)
.then((data) => {
res.status(200).send(data);
})
.catch(next);
.get(async (req, res, next) => {
try {
const data = await internalReport.getHostsReport(res.locals.access);
res.status(200).send(data);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
export default router;

32
backend/routes/schema.js
View File

@@ -1,4 +1,5 @@
import express from "express";
import { express as logger } from "../logger.js";
import PACKAGE from "../package.json" with { type: "json" };
import { getCompiledSchema } from "../schema/index.js";
@@ -18,21 +19,26 @@ router
* GET /schema
*/
.get(async (req, res) => {
const swaggerJSON = await getCompiledSchema();
try {
const swaggerJSON = await getCompiledSchema();
let proto = req.protocol;
if (typeof req.headers["x-forwarded-proto"] !== "undefined" && req.headers["x-forwarded-proto"]) {
proto = req.headers["x-forwarded-proto"];
let proto = req.protocol;
if (typeof req.headers["x-forwarded-proto"] !== "undefined" && req.headers["x-forwarded-proto"]) {
proto = req.headers["x-forwarded-proto"];
}
let origin = `${proto}://${req.hostname}`;
if (typeof req.headers.origin !== "undefined" && req.headers.origin) {
origin = req.headers.origin;
}
swaggerJSON.info.version = PACKAGE.version;
swaggerJSON.servers[0].url = `${origin}/api`;
res.status(200).send(swaggerJSON);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
let origin = `${proto}://${req.hostname}`;
if (typeof req.headers.origin !== "undefined" && req.headers.origin) {
origin = req.headers.origin;
}
swaggerJSON.info.version = PACKAGE.version;
swaggerJSON.servers[0].url = `${origin}/api`;
res.status(200).send(swaggerJSON);
});
export default router;

82
backend/routes/settings.js
View File

@@ -3,6 +3,7 @@ import internalSetting from "../internal/setting.js";
import jwtdecode from "../lib/express/jwt-decode.js";
import apiValidator from "../lib/validator/api.js";
import validator from "../lib/validator/index.js";
import { express as logger } from "../logger.js";
import { getValidationSchema } from "../schema/index.js";
const router = express.Router({
@@ -26,13 +27,14 @@ router
*
* Retrieve all settings
*/
.get((_, res, next) => {
internalSetting
.getAll(res.locals.access)
.then((rows) => {
res.status(200).send(rows);
})
.catch(next);
.get(async (req, res, next) => {
try {
const rows = await internalSetting.getAll(res.locals.access);
res.status(200).send(rows);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
/**
@@ -52,31 +54,31 @@ router
*
* Retrieve a specific setting
*/
.get((req, res, next) => {
validator(
{
required: ["setting_id"],
additionalProperties: false,
properties: {
setting_id: {
type: "string",
minLength: 1,
.get(async (req, res, next) => {
try {
const data = await validator(
{
required: ["setting_id"],
additionalProperties: false,
properties: {
setting_id: {
type: "string",
minLength: 1,
},
},
},
},
{
setting_id: req.params.setting_id,
},
)
.then((data) => {
return internalSetting.get(res.locals.access, {
id: data.setting_id,
});
})
.then((row) => {
res.status(200).send(row);
})
.catch(next);
{
setting_id: req.params.setting_id,
},
);
const row = await internalSetting.get(res.locals.access, {
id: data.setting_id,
});
res.status(200).send(row);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
})
/**
@@ -84,16 +86,16 @@ router
*
* Update and existing setting
*/
.put((req, res, next) => {
apiValidator(getValidationSchema("/settings/{settingID}", "put"), req.body)
.then((payload) => {
payload.id = req.params.setting_id;
return internalSetting.update(res.locals.access, payload);
})
.then((result) => {
res.status(200).send(result);
})
.catch(next);
.put(async (req, res, next) => {
try {
const payload = await apiValidator(getValidationSchema("/settings/{settingID}", "put"), req.body);
payload.id = req.params.setting_id;
const result = await internalSetting.update(res.locals.access, payload);
res.status(200).send(result);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
export default router;

32
backend/routes/tokens.js
View File

@@ -2,6 +2,7 @@ import express from "express";
import internalToken from "../internal/token.js";
import jwtdecode from "../lib/express/jwt-decode.js";
import apiValidator from "../lib/validator/api.js";
import { express as logger } from "../logger.js";
import { getValidationSchema } from "../schema/index.js";
const router = express.Router({
@@ -23,16 +24,17 @@ router
* We also piggy back on to this method, allowing admins to get tokens
* for services like Job board and Worker.
*/
.get(jwtdecode(), (req, res, next) => {
internalToken
.getFreshToken(res.locals.access, {
.get(jwtdecode(), async (req, res, next) => {
try {
const data = await internalToken.getFreshToken(res.locals.access, {
expiry: typeof req.query.expiry !== "undefined" ? req.query.expiry : null,
scope: typeof req.query.scope !== "undefined" ? req.query.scope : null,
})
.then((data) => {
res.status(200).send(data);
})
.catch(next);
});
res.status(200).send(data);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
})
/**
@@ -41,12 +43,14 @@ router
* Create a new Token
*/
.post(async (req, res, next) => {
apiValidator(getValidationSchema("/tokens", "post"), req.body)
.then(internalToken.getTokenFromEmail)
.then((data) => {
res.status(200).send(data);
})
.catch(next);
try {
const data = await apiValidator(getValidationSchema("/tokens", "post"), req.body);
const result = await internalToken.getTokenFromEmail(data);
res.status(200).send(result);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
export default router;

301
backend/routes/users.js
View File

@@ -1,10 +1,15 @@
import express from "express";
import internalUser from "../internal/user.js";
import Access from "../lib/access.js";
import { isCI } from "../lib/config.js";
import errs from "../lib/error.js";
import jwtdecode from "../lib/express/jwt-decode.js";
import userIdFromMe from "../lib/express/user-id-from-me.js";
import apiValidator from "../lib/validator/api.js";
import validator from "../lib/validator/index.js";
import { express as logger } from "../logger.js";
import { getValidationSchema } from "../schema/index.js";
import { isSetup } from "../setup.js";
const router = express.Router({
caseSensitive: true,
@@ -27,35 +32,38 @@ router
*
* Retrieve all users
*/
.get((req, res, next) => {
validator(
{
additionalProperties: false,
properties: {
expand: {
$ref: "common#/properties/expand",
},
query: {
$ref: "common#/properties/query",
.get(async (req, res, next) => {
try {
const data = await validator(
{
additionalProperties: false,
properties: {
expand: {
$ref: "common#/properties/expand",
},
query: {
$ref: "common#/properties/query",
},
},
},
},
{
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
query: typeof req.query.query === "string" ? req.query.query : null,
},
)
.then((data) => {
return internalUser.getAll(res.locals.access, data.expand, data.query);
})
.then((users) => {
res.status(200).send(users);
})
.catch((err) => {
console.log(err);
next(err);
});
//.catch(next);
{
expand:
typeof req.query.expand === "string"
? req.query.expand.split(",")
: null,
query: typeof req.query.query === "string" ? req.query.query : null,
},
);
const users = await internalUser.getAll(
res.locals.access,
data.expand,
data.query,
);
res.status(200).send(users);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
})
/**
@@ -63,15 +71,66 @@ router
*
* Create a new User
*/
.post((req, res, next) => {
apiValidator(getValidationSchema("/users", "post"), req.body)
.then((payload) => {
return internalUser.create(res.locals.access, payload);
})
.then((result) => {
res.status(201).send(result);
})
.catch(next);
.post(async (req, res, next) => {
const body = req.body;
try {
// If we are in setup mode, we don't check access for current user
const setup = await isSetup();
if (!setup) {
logger.info("Creating a new user in setup mode");
const access = new Access(null);
await access.load(true);
res.locals.access = access;
// We are in setup mode, set some defaults for this first new user, such as making
// them an admin.
body.is_disabled = false;
if (typeof body.roles !== "object" || body.roles === null) {
body.roles = [];
}
if (body.roles.indexOf("admin") === -1) {
body.roles.push("admin");
}
}
const payload = await apiValidator(
getValidationSchema("/users", "post"),
body,
);
const user = await internalUser.create(res.locals.access, payload);
res.status(201).send(user);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
})
/**
* DELETE /api/users
*
* Deletes ALL users. This is NOT GENERALLY AVAILABLE!
* (!) It is NOT an authenticated endpoint.
* (!) Only CI should be able to call this endpoint. As a result,
*
* it will only work when the env vars DEBUG=true and CI=true
*
* Do NOT set those env vars in a production environment!
*/
.delete(async (_, res, next) => {
if (isCI()) {
try {
logger.warn("Deleting all users - CI environment detected, allowing this operation");
await internalUser.deleteAll();
res.status(200).send(true);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
return;
}
next(new errs.ItemNotFoundError());
});
/**
@@ -92,39 +151,43 @@ router
*
* Retrieve a specific user
*/
.get((req, res, next) => {
validator(
{
required: ["user_id"],
additionalProperties: false,
properties: {
user_id: {
$ref: "common#/properties/id",
},
expand: {
$ref: "common#/properties/expand",
.get(async (req, res, next) => {
try {
const data = await validator(
{
required: ["user_id"],
additionalProperties: false,
properties: {
user_id: {
$ref: "common#/properties/id",
},
expand: {
$ref: "common#/properties/expand",
},
},
},
},
{
user_id: req.params.user_id,
expand: typeof req.query.expand === "string" ? req.query.expand.split(",") : null,
},
)
.then((data) => {
return internalUser.get(res.locals.access, {
id: data.user_id,
expand: data.expand,
omit: internalUser.getUserOmisionsByAccess(res.locals.access, data.user_id),
});
})
.then((user) => {
res.status(200).send(user);
})
.catch((err) => {
console.log(err);
next(err);
{
user_id: req.params.user_id,
expand:
typeof req.query.expand === "string"
? req.query.expand.split(",")
: null,
},
);
const user = await internalUser.get(res.locals.access, {
id: data.user_id,
expand: data.expand,
omit: internalUser.getUserOmisionsByAccess(
res.locals.access,
data.user_id,
),
});
res.status(200).send(user);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
})
/**
@@ -132,16 +195,19 @@ router
*
* Update and existing user
*/
.put((req, res, next) => {
apiValidator(getValidationSchema("/users/{userID}", "put"), req.body)
.then((payload) => {
payload.id = req.params.user_id;
return internalUser.update(res.locals.access, payload);
})
.then((result) => {
res.status(200).send(result);
})
.catch(next);
.put(async (req, res, next) => {
try {
const payload = await apiValidator(
getValidationSchema("/users/{userID}", "put"),
req.body,
);
payload.id = req.params.user_id;
const result = await internalUser.update(res.locals.access, payload);
res.status(200).send(result);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
})
/**
@@ -149,13 +215,16 @@ router
*
* Update and existing user
*/
.delete((req, res, next) => {
internalUser
.delete(res.locals.access, { id: req.params.user_id })
.then((result) => {
res.status(200).send(result);
})
.catch(next);
.delete(async (req, res, next) => {
try {
const result = await internalUser.delete(res.locals.access, {
id: req.params.user_id,
});
res.status(200).send(result);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
/**
@@ -176,16 +245,19 @@ router
*
* Update password for a user
*/
.put((req, res, next) => {
apiValidator(getValidationSchema("/users/{userID}/auth", "put"), req.body)
.then((payload) => {
payload.id = req.params.user_id;
return internalUser.setPassword(res.locals.access, payload);
})
.then((result) => {
res.status(200).send(result);
})
.catch(next);
.put(async (req, res, next) => {
try {
const payload = await apiValidator(
getValidationSchema("/users/{userID}/auth", "put"),
req.body,
);
payload.id = req.params.user_id;
const result = await internalUser.setPassword(res.locals.access, payload);
res.status(200).send(result);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
/**
@@ -206,16 +278,22 @@ router
*
* Set some or all permissions for a user
*/
.put((req, res, next) => {
apiValidator(getValidationSchema("/users/{userID}/permissions", "put"), req.body)
.then((payload) => {
payload.id = req.params.user_id;
return internalUser.setPermissions(res.locals.access, payload);
})
.then((result) => {
res.status(200).send(result);
})
.catch(next);
.put(async (req, res, next) => {
try {
const payload = await apiValidator(
getValidationSchema("/users/{userID}/permissions", "put"),
req.body,
);
payload.id = req.params.user_id;
const result = await internalUser.setPermissions(
res.locals.access,
payload,
);
res.status(200).send(result);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
/**
@@ -235,13 +313,16 @@ router
*
* Log in as a user
*/
.post((req, res, next) => {
internalUser
.loginAs(res.locals.access, { id: Number.parseInt(req.params.user_id, 10) })
.then((result) => {
res.status(200).send(result);
})
.catch(next);
.post(async (req, res, next) => {
try {
const result = await internalUser.loginAs(res.locals.access, {
id: Number.parseInt(req.params.user_id, 10),
});
res.status(200).send(result);
} catch (err) {
logger.debug(`${req.method.toUpperCase()} ${req.path}: ${err}`);
next(err);
}
});
export default router;

7
backend/schema/components/audit-log-list.json Normal file
View File

@@ -0,0 +1,7 @@
{
"type": "array",
"description": "Audit Log list",
"items": {
"$ref": "./audit-log-object.json"
}
}

14
backend/schema/components/audit-log-object.json
View File

@@ -1,7 +1,16 @@
{
"type": "object",
"description": "Audit Log object",
"required": ["id", "created_on", "modified_on", "user_id", "object_type", "object_id", "action", "meta"],
"required": [
"id",
"created_on",
"modified_on",
"user_id",
"object_type",
"object_id",
"action",
"meta"
],
"additionalProperties": false,
"properties": {
"id": {
@@ -27,6 +36,9 @@
},
"meta": {
"type": "object"
},
"user": {
"$ref": "./user-object.json"
}
}
}

6
backend/schema/components/certificate-object.json
View File

@@ -62,15 +62,9 @@
"dns_provider_credentials": {
"type": "string"
},
"letsencrypt_agree": {
"type": "boolean"
},
"letsencrypt_certificate": {
"type": "object"
},
"letsencrypt_email": {
"$ref": "../common.json#/properties/email"
},
"propagation_seconds": {
"type": "integer",
"minimum": 0

5
backend/schema/components/health-object.json
View File

@@ -9,6 +9,11 @@
"description": "Healthy",
"example": "OK"
},
"setup": {
"type": "boolean",
"description": "Whether the initial setup has been completed",
"example": true
},
"version": {
"type": "object",
"description": "The version object",

2
backend/schema/components/stream-object.json
View File

@@ -31,7 +31,7 @@
},
{
"type": "string",
"format": "ipv4"
"format": "^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}$"
},
{
"type": "string",

57
backend/schema/components/user-object.json
View File

@@ -54,6 +54,63 @@
"items": {
"type": "string"
}
},
"permissions": {
"type": "object",
"description": "Permissions if expanded in request",
"required": [
"visibility",
"proxy_hosts",
"redirection_hosts",
"dead_hosts",
"streams",
"access_lists",
"certificates"
],
"properties": {
"visibility": {
"type": "string",
"description": "Visibility level",
"example": "all",
"pattern": "^(all|user)$"
},
"proxy_hosts": {
"type": "string",
"description": "Proxy Hosts access level",
"example": "all",
"pattern": "^(manage|view|hidden)$"
},
"redirection_hosts": {
"type": "string",
"description": "Redirection Hosts access level",
"example": "all",
"pattern": "^(manage|view|hidden)$"
},
"dead_hosts": {
"type": "string",
"description": "Dead Hosts access level",
"example": "all",
"pattern": "^(manage|view|hidden)$"
},
"streams": {
"type": "string",
"description": "Streams access level",
"example": "all",
"pattern": "^(manage|view|hidden)$"
},
"access_lists": {
"type": "string",
"description": "Access Lists access level",
"example": "all",
"pattern": "^(manage|view|hidden)$"
},
"certificates": {
"type": "string",
"description": "Certificates access level",
"example": "all",
"pattern": "^(manage|view|hidden)$"
}
}
}
}
}

6
backend/schema/paths/audit-log/get.json
View File

@@ -1,6 +1,6 @@
{
"operationId": "getAuditLog",
"summary": "Get Audit Log",
"operationId": "getAuditLogs",
"summary": "Get Audit Logs",
"tags": ["Audit Log"],
"security": [
{
@@ -44,7 +44,7 @@
}
},
"schema": {
"$ref": "../../components/audit-log-object.json"
"$ref": "../../components/audit-log-list.json"
}
}
}

73
backend/schema/paths/audit-log/id/get.json Normal file
View File

@@ -0,0 +1,73 @@
{
"operationId": "getAuditLog",
"summary": "Get Audit Log Event",
"tags": [
"Audit Log"
],
"security": [
{
"BearerAuth": [
"audit-log"
]
}
],
"parameters": [
{
"in": "path",
"name": "id",
"schema": {
"type": "integer",
"minimum": 1
},
"required": true,
"example": 1
}
],
"responses": {
"200": {
"description": "200 response",
"content": {
"application/json": {
"examples": {
"default": {
"value": {
"id": 1,
"created_on": "2025-09-15T17:27:45.000Z",
"modified_on": "2025-09-15T17:27:45.000Z",
"user_id": 1,
"object_type": "user",
"object_id": 1,
"action": "created",
"meta": {
"id": 1,
"created_on": "2025-09-15T17:27:45.000Z",
"modified_on": "2025-09-15T17:27:45.000Z",
"is_disabled": false,
"email": "jc@jc21.com",
"name": "Jamie",
"nickname": "Jamie",
"avatar": "//www.gravatar.com/avatar/6193176330f8d38747f038c170ddb193?default=mm",
"roles": [
"admin"
],
"permissions": {
"visibility": "all",
"proxy_hosts": "manage",
"redirection_hosts": "manage",
"dead_hosts": "manage",
"streams": "manage",
"access_lists": "manage",
"certificates": "manage"
}
}
}
}
},
"schema": {
"$ref": "../../../components/audit-log-object.json"
}
}
}
}
}
}

1
backend/schema/paths/get.json
View File

@@ -11,6 +11,7 @@
"default": {
"value": {
"status": "OK",
"setup": true,
"version": {
"major": 2,
"minor": 1,

2
backend/schema/paths/nginx/certificates/certID/get.json
View File

@@ -36,8 +36,6 @@
"domain_names": ["test.example.com"],
"expires_on": "2025-01-07T04:34:18.000Z",
"meta": {
"letsencrypt_email": "jc@jc21.com",
"letsencrypt_agree": true,
"dns_challenge": false
}
}

2
backend/schema/paths/nginx/certificates/certID/renew/post.json
View File

@@ -37,8 +37,6 @@
"nice_name": "My Test Cert",
"domain_names": ["test.jc21.supernerd.pro"],
"meta": {
"letsencrypt_email": "jc@jc21.com",
"letsencrypt_agree": true,
"dns_challenge": false
}
}

2
backend/schema/paths/nginx/certificates/get.json
View File

@@ -36,8 +36,6 @@
"domain_names": ["test.example.com"],
"expires_on": "2025-01-07T04:34:18.000Z",
"meta": {
"letsencrypt_email": "jc@jc21.com",
"letsencrypt_agree": true,
"dns_challenge": false
}
}

2
backend/schema/paths/nginx/certificates/post.json
View File

@@ -52,8 +52,6 @@
"nice_name": "test.example.com",
"domain_names": ["test.example.com"],
"meta": {
"letsencrypt_email": "jc@jc21.com",
"letsencrypt_agree": true,
"dns_challenge": false,
"letsencrypt_certificate": {
"cn": "test.example.com",

3
backend/schema/paths/nginx/streams/post.json
View File

@@ -37,6 +37,9 @@
},
"meta": {
"$ref": "../../../components/stream-object.json#/properties/meta"
},
"domain_names": {
"$ref": "../../../components/dead-host-object.json#/properties/domain_names"
}
}
}

5
backend/schema/swagger.json
View File

@@ -29,6 +29,11 @@
"$ref": "./paths/audit-log/get.json"
}
},
"/audit-log/{id}": {
"get": {
"$ref": "./paths/audit-log/id/get.json"
}
},
"/nginx/access-lists": {
"get": {
"$ref": "./paths/nginx/access-lists/get.json"

199
backend/setup.js
View File

@@ -7,65 +7,68 @@ import settingModel from "./models/setting.js";
import userModel from "./models/user.js";
import userPermissionModel from "./models/user_permission.js";
export const isSetup = async () => {
const row = await userModel.query().select("id").where("is_deleted", 0).first();
return row?.id > 0;
}
/**
* Creates a default admin users if one doesn't already exist in the database
*
* @returns {Promise}
*/
const setupDefaultUser = () => {
return userModel
.query()
.select("id")
.where("is_deleted", 0)
.first()
.then((row) => {
if (!row || !row.id) {
// Create a new user and set password
const email = (process.env.INITIAL_ADMIN_EMAIL || 'admin@example.com').toLowerCase();
const password = process.env.INITIAL_ADMIN_PASSWORD || "changeme";
const setupDefaultUser = async () => {
const initialAdminEmail = process.env.INITIAL_ADMIN_EMAIL;
const initialAdminPassword = process.env.INITIAL_ADMIN_PASSWORD;
logger.info(`Creating a new user: ${email} with password: ${password}`);
// This will only create a new user when there are no active users in the database
// and the INITIAL_ADMIN_EMAIL and INITIAL_ADMIN_PASSWORD environment variables are set.
// Otherwise, users should be shown the setup wizard in the frontend.
// I'm keeping this legacy behavior in case some people are automating deployments.
const data = {
is_deleted: 0,
email: email,
name: "Administrator",
nickname: "Admin",
avatar: "",
roles: ["admin"],
};
if (!initialAdminEmail || !initialAdminPassword) {
return Promise.resolve();
}
return userModel
.query()
.insertAndFetch(data)
.then((user) => {
return authModel
.query()
.insert({
user_id: user.id,
type: "password",
secret: password,
meta: {},
})
.then(() => {
return userPermissionModel.query().insert({
user_id: user.id,
visibility: "all",
proxy_hosts: "manage",
redirection_hosts: "manage",
dead_hosts: "manage",
streams: "manage",
access_lists: "manage",
certificates: "manage",
});
});
})
.then(() => {
logger.info("Initial admin setup completed");
});
}
logger.debug("Admin user setup not required");
const userIsetup = await isSetup();
if (!userIsetup) {
// Create a new user and set password
logger.info(`Creating a new user: ${initialAdminEmail} with password: ${initialAdminPassword}`);
const data = {
is_deleted: 0,
email: email,
name: "Administrator",
nickname: "Admin",
avatar: "",
roles: ["admin"],
};
const user = await userModel
.query()
.insertAndFetch(data);
await authModel
.query()
.insert({
user_id: user.id,
type: "password",
secret: password,
meta: {},
});
await userPermissionModel.query().insert({
user_id: user.id,
visibility: "all",
proxy_hosts: "manage",
redirection_hosts: "manage",
dead_hosts: "manage",
streams: "manage",
access_lists: "manage",
certificates: "manage",
});
logger.info("Initial admin setup completed");
}
};
/**
@@ -73,29 +76,25 @@ const setupDefaultUser = () => {
*
* @returns {Promise}
*/
const setupDefaultSettings = () => {
return settingModel
const setupDefaultSettings = async () => {
const row = await settingModel
.query()
.select("id")
.where({ id: "default-site" })
.first()
.then((row) => {
if (!row || !row.id) {
settingModel
.query()
.insert({
id: "default-site",
name: "Default Site",
description: "What to show when Nginx is hit with an unknown Host",
value: "congratulations",
meta: {},
})
.then(() => {
logger.info("Default settings added");
});
}
logger.debug("Default setting setup not required");
});
.first();
if (!row?.id) {
await settingModel
.query()
.insert({
id: "default-site",
name: "Default Site",
description: "What to show when Nginx is hit with an unknown Host",
value: "congratulations",
meta: {},
});
logger.info("Default settings added");
}
};
/**
@@ -103,43 +102,43 @@ const setupDefaultSettings = () => {
*
* @returns {Promise}
*/
const setupCertbotPlugins = () => {
return certificateModel
const setupCertbotPlugins = async () => {
const certificates = await certificateModel
.query()
.where("is_deleted", 0)
.andWhere("provider", "letsencrypt")
.then((certificates) => {
if (certificates?.length) {
const plugins = [];
const promises = [];
.andWhere("provider", "letsencrypt");
certificates.map((certificate) => {
if (certificate.meta && certificate.meta.dns_challenge === true) {
if (plugins.indexOf(certificate.meta.dns_provider) === -1) {
plugins.push(certificate.meta.dns_provider);
}
if (certificates?.length) {
const plugins = [];
const promises = [];
// Make sure credentials file exists
const credentials_loc = `/etc/letsencrypt/credentials/credentials-${certificate.id}`;
// Escape single quotes and backslashes
const escapedCredentials = certificate.meta.dns_provider_credentials
.replaceAll("'", "\\'")
.replaceAll("\\", "\\\\");
const credentials_cmd = `[ -f '${credentials_loc}' ] || { mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo '${escapedCredentials}' > '${credentials_loc}' && chmod 600 '${credentials_loc}'; }`;
promises.push(utils.exec(credentials_cmd));
}
return true;
});
certificates.map((certificate) => {
if (certificate.meta && certificate.meta.dns_challenge === true) {
if (plugins.indexOf(certificate.meta.dns_provider) === -1) {
plugins.push(certificate.meta.dns_provider);
}
return installPlugins(plugins).then(() => {
if (promises.length) {
return Promise.all(promises).then(() => {
logger.info(`Added Certbot plugins ${plugins.join(", ")}`);
});
}
});
// Make sure credentials file exists
const credentials_loc = `/etc/letsencrypt/credentials/credentials-${certificate.id}`;
// Escape single quotes and backslashes
if (typeof certificate.meta.dns_provider_credentials === "string") {
const escapedCredentials = certificate.meta.dns_provider_credentials
.replaceAll("'", "\\'")
.replaceAll("\\", "\\\\");
const credentials_cmd = `[ -f '${credentials_loc}' ] || { mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo '${escapedCredentials}' > '${credentials_loc}' && chmod 600 '${credentials_loc}'; }`;
promises.push(utils.exec(credentials_cmd));
}
}
return true;
});
await installPlugins(plugins);
if (promises.length) {
await Promise.all(promises);
logger.info(`Added Certbot plugins ${plugins.join(", ")}`);
}
}
};
/**

88
backend/yarn.lock
View File

@@ -43,59 +43,59 @@
ajv-draft-04 "^1.0.0"
call-me-maybe "^1.0.2"
"@biomejs/biome@2.2.0":
version "2.2.0"
resolved "https://registry.yarnpkg.com/@biomejs/biome/-/biome-2.2.0.tgz#823ba77363651f310c47909747c879791ebd15c9"
integrity sha512-3On3RSYLsX+n9KnoSgfoYlckYBoU6VRM22cw1gB4Y0OuUVSYd/O/2saOJMrA4HFfA1Ff0eacOvMN1yAAvHtzIw==
"@biomejs/biome@^2.2.4":
version "2.2.4"
resolved "https://registry.yarnpkg.com/@biomejs/biome/-/biome-2.2.4.tgz#184e4b83f89bd0d4151682a5aa3840df37748e17"
integrity sha512-TBHU5bUy/Ok6m8c0y3pZiuO/BZoY/OcGxoLlrfQof5s8ISVwbVBdFINPQZyFfKwil8XibYWb7JMwnT8wT4WVPg==
optionalDependencies:
"@biomejs/cli-darwin-arm64" "2.2.0"
"@biomejs/cli-darwin-x64" "2.2.0"
"@biomejs/cli-linux-arm64" "2.2.0"
"@biomejs/cli-linux-arm64-musl" "2.2.0"
"@biomejs/cli-linux-x64" "2.2.0"
"@biomejs/cli-linux-x64-musl" "2.2.0"
"@biomejs/cli-win32-arm64" "2.2.0"
"@biomejs/cli-win32-x64" "2.2.0"
"@biomejs/cli-darwin-arm64" "2.2.4"
"@biomejs/cli-darwin-x64" "2.2.4"
"@biomejs/cli-linux-arm64" "2.2.4"
"@biomejs/cli-linux-arm64-musl" "2.2.4"
"@biomejs/cli-linux-x64" "2.2.4"
"@biomejs/cli-linux-x64-musl" "2.2.4"
"@biomejs/cli-win32-arm64" "2.2.4"
"@biomejs/cli-win32-x64" "2.2.4"
"@biomejs/cli-darwin-arm64@2.2.0":
version "2.2.0"
resolved "https://registry.yarnpkg.com/@biomejs/cli-darwin-arm64/-/cli-darwin-arm64-2.2.0.tgz#1abf9508e7d0776871710687ddad36e692dce3bc"
integrity sha512-zKbwUUh+9uFmWfS8IFxmVD6XwqFcENjZvEyfOxHs1epjdH3wyyMQG80FGDsmauPwS2r5kXdEM0v/+dTIA9FXAg==
"@biomejs/cli-darwin-arm64@2.2.4":
version "2.2.4"
resolved "https://registry.yarnpkg.com/@biomejs/cli-darwin-arm64/-/cli-darwin-arm64-2.2.4.tgz#9b50620c93501e370b7e6d5a8445f117f9946a0c"
integrity sha512-RJe2uiyaloN4hne4d2+qVj3d3gFJFbmrr5PYtkkjei1O9c+BjGXgpUPVbi8Pl8syumhzJjFsSIYkcLt2VlVLMA==
"@biomejs/cli-darwin-x64@2.2.0":
version "2.2.0"
resolved "https://registry.yarnpkg.com/@biomejs/cli-darwin-x64/-/cli-darwin-x64-2.2.0.tgz#3a51aa569505fedd3a32bb914d608ec27d87f26d"
integrity sha512-+OmT4dsX2eTfhD5crUOPw3RPhaR+SKVspvGVmSdZ9y9O/AgL8pla6T4hOn1q+VAFBHuHhsdxDRJgFCSC7RaMOw==
"@biomejs/cli-darwin-x64@2.2.4":
version "2.2.4"
resolved "https://registry.yarnpkg.com/@biomejs/cli-darwin-x64/-/cli-darwin-x64-2.2.4.tgz#343620c884fc8141155d114430e80e4eacfddc9e"
integrity sha512-cFsdB4ePanVWfTnPVaUX+yr8qV8ifxjBKMkZwN7gKb20qXPxd/PmwqUH8mY5wnM9+U0QwM76CxFyBRJhC9tQwg==
"@biomejs/cli-linux-arm64-musl@2.2.0":
version "2.2.0"
resolved "https://registry.yarnpkg.com/@biomejs/cli-linux-arm64-musl/-/cli-linux-arm64-musl-2.2.0.tgz#4d720930732a825b7a8c7cfe1741aec9e7d5ae1d"
integrity sha512-egKpOa+4FL9YO+SMUMLUvf543cprjevNc3CAgDNFLcjknuNMcZ0GLJYa3EGTCR2xIkIUJDVneBV3O9OcIlCEZQ==
"@biomejs/cli-linux-arm64-musl@2.2.4":
version "2.2.4"
resolved "https://registry.yarnpkg.com/@biomejs/cli-linux-arm64-musl/-/cli-linux-arm64-musl-2.2.4.tgz#cabcdadce2bc88b697f4063374224266c6f8b6e5"
integrity sha512-7TNPkMQEWfjvJDaZRSkDCPT/2r5ESFPKx+TEev+I2BXDGIjfCZk2+b88FOhnJNHtksbOZv8ZWnxrA5gyTYhSsQ==
"@biomejs/cli-linux-arm64@2.2.0":
version "2.2.0"
resolved "https://registry.yarnpkg.com/@biomejs/cli-linux-arm64/-/cli-linux-arm64-2.2.0.tgz#d0a5c153ff9243b15600781947d70d6038226feb"
integrity sha512-6eoRdF2yW5FnW9Lpeivh7Mayhq0KDdaDMYOJnH9aT02KuSIX5V1HmWJCQQPwIQbhDh68Zrcpl8inRlTEan0SXw==
"@biomejs/cli-linux-arm64@2.2.4":
version "2.2.4"
resolved "https://registry.yarnpkg.com/@biomejs/cli-linux-arm64/-/cli-linux-arm64-2.2.4.tgz#55620f8f088145e62e1158eb85c568554d0c8673"
integrity sha512-M/Iz48p4NAzMXOuH+tsn5BvG/Jb07KOMTdSVwJpicmhN309BeEyRyQX+n1XDF0JVSlu28+hiTQ2L4rZPvu7nMw==
"@biomejs/cli-linux-x64-musl@2.2.0":
version "2.2.0"
resolved "https://registry.yarnpkg.com/@biomejs/cli-linux-x64-musl/-/cli-linux-x64-musl-2.2.0.tgz#946095b0a444f395b2df9244153e1cd6b07404c0"
integrity sha512-I5J85yWwUWpgJyC1CcytNSGusu2p9HjDnOPAFG4Y515hwRD0jpR9sT9/T1cKHtuCvEQ/sBvx+6zhz9l9wEJGAg==
"@biomejs/cli-linux-x64-musl@2.2.4":
version "2.2.4"
resolved "https://registry.yarnpkg.com/@biomejs/cli-linux-x64-musl/-/cli-linux-x64-musl-2.2.4.tgz#6bfaea72505afdbda66a66c998d2d169a8b55f90"
integrity sha512-m41nFDS0ksXK2gwXL6W6yZTYPMH0LughqbsxInSKetoH6morVj43szqKx79Iudkp8WRT5SxSh7qVb8KCUiewGg==
"@biomejs/cli-linux-x64@2.2.0":
version "2.2.0"
resolved "https://registry.yarnpkg.com/@biomejs/cli-linux-x64/-/cli-linux-x64-2.2.0.tgz#ae01e0a70c7cd9f842c77dfb4ebd425734667a34"
integrity sha512-5UmQx/OZAfJfi25zAnAGHUMuOd+LOsliIt119x2soA2gLggQYrVPA+2kMUxR6Mw5M1deUF/AWWP2qpxgH7Nyfw==
"@biomejs/cli-linux-x64@2.2.4":
version "2.2.4"
resolved "https://registry.yarnpkg.com/@biomejs/cli-linux-x64/-/cli-linux-x64-2.2.4.tgz#8c1ed61dcafb8a5939346c714ec122651f57e1db"
integrity sha512-orr3nnf2Dpb2ssl6aihQtvcKtLySLta4E2UcXdp7+RTa7mfJjBgIsbS0B9GC8gVu0hjOu021aU8b3/I1tn+pVQ==
"@biomejs/cli-win32-arm64@2.2.0":
version "2.2.0"
resolved "https://registry.yarnpkg.com/@biomejs/cli-win32-arm64/-/cli-win32-arm64-2.2.0.tgz#09a3988b9d4bab8b8b3a41b4de9560bf70943964"
integrity sha512-n9a1/f2CwIDmNMNkFs+JI0ZjFnMO0jdOyGNtihgUNFnlmd84yIYY2KMTBmMV58ZlVHjgmY5Y6E1hVTnSRieggA==
"@biomejs/cli-win32-arm64@2.2.4":
version "2.2.4"
resolved "https://registry.yarnpkg.com/@biomejs/cli-win32-arm64/-/cli-win32-arm64-2.2.4.tgz#b2528f6c436e753d6083d7779f0662e08786cedb"
integrity sha512-NXnfTeKHDFUWfxAefa57DiGmu9VyKi0cDqFpdI+1hJWQjGJhJutHPX0b5m+eXvTKOaf+brU+P0JrQAZMb5yYaQ==
"@biomejs/cli-win32-x64@2.2.0":
version "2.2.0"
resolved "https://registry.yarnpkg.com/@biomejs/cli-win32-x64/-/cli-win32-x64-2.2.0.tgz#5d2523b421d847b13fac146cf745436ea8a72b95"
integrity sha512-Nawu5nHjP/zPKTIryh2AavzTc/KEg4um/MxWdXW0A6P/RZOyIpa7+QSjeXwAwX/utJGaCoXRPWtF3m5U/bB3Ww==
"@biomejs/cli-win32-x64@2.2.4":
version "2.2.4"
resolved "https://registry.yarnpkg.com/@biomejs/cli-win32-x64/-/cli-win32-x64-2.2.4.tgz#c8e21413120fe073fa49b78fdd987022941ff66f"
integrity sha512-3Y4V4zVRarVh/B/eSHczR4LYoSVyv3Dfuvm3cWs5w/HScccS0+Wt/lHOcDTRYeHjQmMYVC3rIRWqyN2EI52+zg==
"@gar/promisify@^1.0.1":
version "1.1.3"

2
docker/dev/Dockerfile
View File

@@ -15,7 +15,7 @@ ENV SUPPRESS_NO_CONFIG_WARNING=1 \
RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
&& apt-get update \
&& apt-get install -y jq python3-pip logrotate \
&& apt-get install -y jq python3-pip logrotate moreutils \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*

2
docker/docker-compose.ci.yml
View File

@@ -7,7 +7,9 @@ services:
fullstack:
image: "${IMAGE}:${BRANCH_LOWER}-ci-${BUILD_NUMBER}"
environment:
TZ: "${TZ:-Australia/Brisbane}"
DEBUG: 'true'
CI: 'true'
FORCE_COLOR: 1
# Required for DNS Certificate provisioning in CI
LE_SERVER: 'https://ca.internal/acme/acme/directory'

8
docker/docker-compose.dev.yml
View File

@@ -18,6 +18,7 @@ services:
- website2.example.com
- website3.example.com
environment:
TZ: "${TZ:-Australia/Brisbane}"
PUID: 1000
PGID: 1000
FORCE_COLOR: 1
@@ -49,8 +50,9 @@ services:
- ../backend:/app
- ../frontend:/app/frontend
- ../global:/app/global
- '/etc/localtime:/etc/localtime:ro'
healthcheck:
test: ["CMD", "/usr/bin/check-health"]
test: [ "CMD", "/usr/bin/check-health" ]
interval: 10s
timeout: 3s
depends_on:
@@ -69,12 +71,14 @@ services:
networks:
- nginx_proxy_manager
environment:
TZ: "${TZ:-Australia/Brisbane}"
MYSQL_ROOT_PASSWORD: 'npm'
MYSQL_DATABASE: 'npm'
MYSQL_USER: 'npm'
MYSQL_PASSWORD: 'npm'
volumes:
- db_data:/var/lib/mysql
- '/etc/localtime:/etc/localtime:ro'
db-postgres:
image: postgres:latest
@@ -200,7 +204,7 @@ services:
- nginx_proxy_manager
restart: unless-stopped
healthcheck:
test: ['CMD-SHELL', 'redis-cli ping | grep PONG']
test: [ 'CMD-SHELL', 'redis-cli ping | grep PONG' ]
start_period: 20s
interval: 30s
retries: 5

2
docs/package.json
View File

@@ -5,7 +5,7 @@
"preview": "vitepress preview"
},
"devDependencies": {
"vitepress": "^1.4.0"
"vitepress": "^1.6.4"
},
"dependencies": {}
}

10
docs/src/advanced-config/index.md
View File

@@ -228,3 +228,13 @@ To enable the geoip2 module, you can create the custom configuration file `/data
load_module /usr/lib/nginx/modules/ngx_http_geoip2_module.so;
load_module /usr/lib/nginx/modules/ngx_stream_geoip2_module.so;
```
## Auto Initial User Creation
Setting these environment variables will create the default user on startup, skipping the UI first user setup screen:
```
environment:
INITIAL_ADMIN_EMAIL: my@example.com
INITIAL_ADMIN_PASSWORD: mypassword1
```

8
docs/src/faq/index.md
View File

@@ -23,4 +23,10 @@ Your best bet is to ask the [Reddit community for support](https://www.reddit.co
## When adding username and password access control to a proxy host, I can no longer login into the app.
Having an Access Control List (ACL) with username and password requires the browser to always send this username and password in the `Authorization` header on each request. If your proxied app also requires authentication (like Nginx Proxy Manager itself), most likely the app will also use the `Authorization` header to transmit this information, as this is the standardized header meant for this kind of information. However having multiples of the same headers is not allowed in the [internet standard](https://www.rfc-editor.org/rfc/rfc7230#section-3.2.2) and almost all apps do not support multiple values in the `Authorization` header. Hence one of the two logins will be broken. This can only be fixed by either removing one of the logins or by changing the app to use other non-standard headers for authorization.
Having an Access Control List (ACL) with username and password requires the browser to always send this username
and password in the `Authorization` header on each request. If your proxied app also requires authentication (like
Nginx Proxy Manager itself), most likely the app will also use the `Authorization` header to transmit this information,
as this is the standardized header meant for this kind of information. However having multiples of the same headers
is not allowed in the [internet standard](https://www.rfc-editor.org/rfc/rfc7230#section-3.2.2) and almost all apps
do not support multiple values in the `Authorization` header. Hence one of the two logins will be broken. This can
only be fixed by either removing one of the logins or by changing the app to use other non-standard headers for authorization.

13
docs/src/guide/index.md
View File

@@ -35,7 +35,7 @@ so that the barrier for entry here is low.
## Features
- Beautiful and Secure Admin Interface based on [Tabler](https://tabler.github.io/)
- Beautiful and Secure Admin Interface based on [Tabler](https://tabler.io/)
- Easily create forwarding domains, redirections, streams and 404 hosts without knowing anything about Nginx
- Free SSL using Let's Encrypt or provide your own custom SSL certificates
- Access Lists and basic HTTP Authentication for your hosts
@@ -66,6 +66,8 @@ services:
app:
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
environment:
TZ: "Australia/Brisbane"
ports:
- '80:80'
- '81:81'
@@ -89,17 +91,10 @@ docker compose up -d
4. Log in to the Admin UI
When your docker container is running, connect to it on port `81` for the admin interface.
Sometimes this can take a little bit because of the entropy of keys.
[http://127.0.0.1:81](http://127.0.0.1:81)
Default Admin User:
```
Email: admin@example.com
Password: changeme
```
Immediately after logging in with this default user you will be asked to modify your details and change your password.
This startup can take a minute depending on your hardware.
## Contributing

25
docs/src/setup/index.md
View File

@@ -13,6 +13,7 @@ services:
app:
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
ports:
# These ports are in format <host-port>:<container-port>
- '80:80' # Public HTTP Port
@@ -21,7 +22,9 @@ services:
# Add any other Stream port you want to expose
# - '21:21' # FTP
#environment:
environment:
TZ: "Australia/Brisbane"
# Uncomment this if you want to change the location of
# the SQLite DB file within the container
# DB_SQLITE_FILE: "/data/database.sqlite"
@@ -65,6 +68,7 @@ services:
# Add any other Stream port you want to expose
# - '21:21' # FTP
environment:
TZ: "Australia/Brisbane"
# Mysql/Maria connection parameters:
DB_MYSQL_HOST: "db"
DB_MYSQL_PORT: 3306
@@ -115,6 +119,7 @@ services:
# Add any other Stream port you want to expose
# - '21:21' # FTP
environment:
TZ: "Australia/Brisbane"
# Postgres parameters:
DB_POSTGRES_HOST: 'db'
DB_POSTGRES_PORT: '5432'
@@ -173,21 +178,3 @@ After the app is running for the first time, the following will happen:
3. A default admin user will be created
This process can take a couple of minutes depending on your machine.
## Default Administrator User
```
Email: admin@example.com
Password: changeme
```
Immediately after logging in with this default user you will be asked to modify your details and change your password. You can change defaults with:
```
environment:
INITIAL_ADMIN_EMAIL: my@example.com
INITIAL_ADMIN_PASSWORD: mypassword1
```

5
frontend/biome.json
View File

@@ -1,5 +1,5 @@
{
"$schema": "https://biomejs.dev/schemas/2.2.2/schema.json",
"$schema": "https://biomejs.dev/schemas/2.2.4/schema.json",
"vcs": {
"enabled": true,
"clientKind": "git",
@@ -64,7 +64,8 @@
"useUniqueElementIds": "off"
},
"suspicious": {
"noExplicitAny": "off"
"noExplicitAny": "off",
"noArrayIndexKey": "off"
},
"performance": {
"noDelete": "off"

29
frontend/package.json
View File

@@ -12,46 +12,51 @@
"prettier": "biome format --write ./src",
"locale-extract": "formatjs extract 'src/**/*.tsx'",
"locale-compile": "formatjs compile-folder src/locale/src src/locale/lang",
"locale-sort": "./src/locale/scripts/locale-sort.sh",
"test": "vitest"
},
"dependencies": {
"@tabler/core": "^1.4.0",
"@tabler/icons-react": "^3.34.1",
"@tanstack/react-query": "^5.85.6",
"@tabler/icons-react": "^3.35.0",
"@tanstack/react-query": "^5.89.0",
"@tanstack/react-table": "^8.21.3",
"@uiw/react-textarea-code-editor": "^3.1.1",
"classnames": "^2.5.1",
"country-flag-icons": "^1.5.19",
"country-flag-icons": "^1.5.20",
"date-fns": "^4.1.0",
"formik": "^2.4.6",
"generate-password-browser": "^1.1.0",
"humps": "^2.0.1",
"query-string": "^9.2.2",
"query-string": "^9.3.1",
"react": "^19.1.1",
"react-bootstrap": "^2.10.10",
"react-dom": "^19.1.1",
"react-intl": "^7.1.11",
"react-router-dom": "^7.8.2",
"rooks": "^9.2.0"
"react-router-dom": "^7.9.1",
"react-select": "^5.10.2",
"react-toastify": "^11.0.5",
"rooks": "^9.3.0"
},
"devDependencies": {
"@biomejs/biome": "2.2.2",
"@biomejs/biome": "^2.2.4",
"@formatjs/cli": "^6.7.2",
"@tanstack/react-query-devtools": "^5.85.6",
"@tanstack/react-query-devtools": "^5.89.0",
"@testing-library/dom": "^10.4.1",
"@testing-library/jest-dom": "^6.8.0",
"@testing-library/react": "^16.3.0",
"@types/country-flag-icons": "^1.2.2",
"@types/humps": "^2.0.6",
"@types/react": "^19.1.12",
"@types/react": "^19.1.13",
"@types/react-dom": "^19.1.9",
"@types/react-table": "^7.7.20",
"@vitejs/plugin-react": "^5.0.2",
"@vitejs/plugin-react": "^5.0.3",
"happy-dom": "^18.0.1",
"postcss": "^8.5.6",
"postcss-simple-vars": "^7.0.1",
"sass": "^1.91.0",
"sass": "^1.93.0",
"tmp": "^0.2.5",
"typescript": "5.9.2",
"vite": "^7.1.4",
"vite": "^7.1.6",
"vite-plugin-checker": "^0.10.3",
"vite-tsconfig-paths": "^5.1.4",
"vitest": "^3.2.4"

69
frontend/src/App.css
View File

@@ -1,3 +1,14 @@
:root {
color-scheme: light dark;
}
.light {
color-scheme: light;
}
.dark {
color-scheme: dark;
}
.modal-backdrop {
--tblr-backdrop-opacity: 0.8 !important;
}
@@ -5,3 +16,61 @@
.domain-name {
font-family: monospace;
}
.mr-1 {
margin-right: 0.25rem;
}
.ml-1 {
margin-left: 0.25rem;
}
.react-select-container {
.react-select__control {
color: var(--tblr-body-color);
background-color: var(--tblr-bg-forms);
border: var(--tblr-border-width) solid var(--tblr-border-color);
.react-select__input {
color: var(--tblr-body-color) !important;
}
.react-select__single-value {
color: var(--tblr-body-color);
}
.react-select__multi-value {
border: 1px solid var(--tblr-border-color);
background-color: var(--tblr-bg-surface-tertiary);
color: var(--tblr-secondary) !important;
.react-select__multi-value__label {
color: var(--tblr-secondary) !important;
}
}
}
.react-select__menu {
background-color: var(--tblr-bg-forms);
.react-select__option {
background: rgba(var(--tblr-primary-rgb), .04);
color: inherit !important;
&.react-select__option--is-focused {
background: rgba(var(--tblr-primary-rgb), .1);
}
&.react-select__option--is-focused.react-select__option--is-selected {
background: rgba(var(--tblr-primary-rgb), .2);
}
}
}
}
.textareaMono {
font-family: 'Courier New', Courier, monospace !important;
resize: vertical;
}
label.row {
cursor: pointer;
}

10
frontend/src/App.tsx
View File

@@ -1,6 +1,7 @@
import { QueryClient, QueryClientProvider } from "@tanstack/react-query";
import { ReactQueryDevtools } from "@tanstack/react-query-devtools";
import { RawIntlProvider } from "react-intl";
import { ToastContainer } from "react-toastify";
import { AuthProvider, LocaleProvider, ThemeProvider } from "src/context";
import { intl } from "src/locale";
import Router from "src/Router.tsx";
@@ -16,6 +17,15 @@ function App() {
<QueryClientProvider client={queryClient}>
<AuthProvider>
<Router />
<ToastContainer
position="top-right"
autoClose={5000}
hideProgressBar={true}
newestOnTop={true}
closeOnClick={true}
rtl={false}
closeButton={false}
/>
</AuthProvider>
<ReactQueryDevtools buttonPosition="bottom-right" position="right" />
</QueryClientProvider>

7
frontend/src/Router.tsx
View File

@@ -13,8 +13,9 @@ import {
import { useAuthState } from "src/context";
import { useHealth } from "src/hooks";
const Dashboard = lazy(() => import("src/pages/Dashboard"));
const Setup = lazy(() => import("src/pages/Setup"));
const Login = lazy(() => import("src/pages/Login"));
const Dashboard = lazy(() => import("src/pages/Dashboard"));
const Settings = lazy(() => import("src/pages/Settings"));
const Certificates = lazy(() => import("src/pages/Certificates"));
const Access = lazy(() => import("src/pages/Access"));
@@ -37,6 +38,10 @@ function Router() {
return <Unhealthy />;
}
if (!health.data?.setup) {
return <Setup />;
}
if (!authenticated) {
return (
<Suspense fallback={<LoadingPage />}>

14
frontend/src/api/backend/base.ts
View File

@@ -88,15 +88,19 @@ interface PostArgs {
url: string;
params?: queryString.StringifiableRecord;
data?: any;
noAuth?: boolean;
}
export async function post({ url, params, data }: PostArgs, abortController?: AbortController) {
export async function post({ url, params, data, noAuth }: PostArgs, abortController?: AbortController) {
const apiUrl = buildUrl({ url, params });
const method = "POST";
let headers = {
...buildAuthHeader(),
};
let headers: Record<string, string> = {};
if (!noAuth) {
headers = {
...buildAuthHeader(),
};
}
let body: string | FormData | undefined;
// Check if the data is an instance of FormData
@@ -120,7 +124,7 @@ export async function post({ url, params, data }: PostArgs, abortController?: Ab
interface PutArgs {
url: string;
params?: queryString.StringifiableRecord;
data?: Record<string, unknown>;
data?: Record<string, any>;
}
export async function put({ url, params, data }: PutArgs, abortController?: AbortController) {
const apiUrl = buildUrl({ url, params });

15
frontend/src/api/backend/createAccessList.ts
View File

@@ -1,13 +1,10 @@
import * as api from "./base";
import type { AccessList } from "./models";
export async function createAccessList(item: AccessList, abortController?: AbortController): Promise<AccessList> {
return await api.post(
{
url: "/nginx/access-lists",
// todo: only use whitelist of fields for this data
data: item,
},
abortController,
);
export async function createAccessList(item: AccessList): Promise<AccessList> {
return await api.post({
url: "/nginx/access-lists",
// todo: only use whitelist of fields for this data
data: item,
});
}

15
frontend/src/api/backend/createCertificate.ts
View File

@@ -1,13 +1,10 @@
import * as api from "./base";
import type { Certificate } from "./models";
export async function createCertificate(item: Certificate, abortController?: AbortController): Promise<Certificate> {
return await api.post(
{
url: "/nginx/certificates",
// todo: only use whitelist of fields for this data
data: item,
},
abortController,
);
export async function createCertificate(item: Certificate): Promise<Certificate> {
return await api.post({
url: "/nginx/certificates",
// todo: only use whitelist of fields for this data
data: item,
});
}

15
frontend/src/api/backend/createDeadHost.ts
View File

@@ -1,13 +1,10 @@
import * as api from "./base";
import type { DeadHost } from "./models";
export async function createDeadHost(item: DeadHost, abortController?: AbortController): Promise<DeadHost> {
return await api.post(
{
url: "/nginx/dead-hosts",
// todo: only use whitelist of fields for this data
data: item,
},
abortController,
);
export async function createDeadHost(item: DeadHost): Promise<DeadHost> {
return await api.post({
url: "/nginx/dead-hosts",
// todo: only use whitelist of fields for this data
data: item,
});
}

15
frontend/src/api/backend/createProxyHost.ts
View File

@@ -1,13 +1,10 @@
import * as api from "./base";
import type { ProxyHost } from "./models";
export async function createProxyHost(item: ProxyHost, abortController?: AbortController): Promise<ProxyHost> {
return await api.post(
{
url: "/nginx/proxy-hosts",
// todo: only use whitelist of fields for this data
data: item,
},
abortController,
);
export async function createProxyHost(item: ProxyHost): Promise<ProxyHost> {
return await api.post({
url: "/nginx/proxy-hosts",
// todo: only use whitelist of fields for this data
data: item,
});
}

18
frontend/src/api/backend/createRedirectionHost.ts
View File

@@ -1,16 +1,10 @@
import * as api from "./base";
import type { RedirectionHost } from "./models";
export async function createRedirectionHost(
item: RedirectionHost,
abortController?: AbortController,
): Promise<RedirectionHost> {
return await api.post(
{
url: "/nginx/redirection-hosts",
// todo: only use whitelist of fields for this data
data: item,
},
abortController,
);
export async function createRedirectionHost(item: RedirectionHost): Promise<RedirectionHost> {
return await api.post({
url: "/nginx/redirection-hosts",
// todo: only use whitelist of fields for this data
data: item,
});
}

15
frontend/src/api/backend/createStream.ts
View File

@@ -1,13 +1,10 @@
import * as api from "./base";
import type { Stream } from "./models";
export async function createStream(item: Stream, abortController?: AbortController): Promise<Stream> {
return await api.post(
{
url: "/nginx/streams",
// todo: only use whitelist of fields for this data
data: item,
},
abortController,
);
export async function createStream(item: Stream): Promise<Stream> {
return await api.post({
url: "/nginx/streams",
// todo: only use whitelist of fields for this data
data: item,
});
}

30
frontend/src/api/backend/createUser.ts
View File

@@ -1,13 +1,25 @@
import * as api from "./base";
import type { User } from "./models";
export async function createUser(item: User, abortController?: AbortController): Promise<User> {
return await api.post(
{
url: "/users",
// todo: only use whitelist of fields for this data
data: item,
},
abortController,
);
export interface AuthOptions {
type: string;
secret: string;
}
export interface NewUser {
name: string;
nickname: string;
email: string;
isDisabled?: boolean;
auth?: AuthOptions;
roles?: string[];
}
export async function createUser(item: NewUser, noAuth?: boolean): Promise<User> {
return await api.post({
url: "/users",
// todo: only use whitelist of fields for this data
data: item,
noAuth,
});
}

11
frontend/src/api/backend/deleteAccessList.ts
View File

@@ -1,10 +1,7 @@
import * as api from "./base";
export async function deleteAccessList(id: number, abortController?: AbortController): Promise<boolean> {
return await api.del(
{
url: `/nginx/access-lists/${id}`,
},
abortController,
);
export async function deleteAccessList(id: number): Promise<boolean> {
return await api.del({
url: `/nginx/access-lists/${id}`,
});
}

11
frontend/src/api/backend/deleteCertificate.ts
View File

@@ -1,10 +1,7 @@
import * as api from "./base";
export async function deleteCertificate(id: number, abortController?: AbortController): Promise<boolean> {
return await api.del(
{
url: `/nginx/certificates/${id}`,
},
abortController,
);
export async function deleteCertificate(id: number): Promise<boolean> {
return await api.del({
url: `/nginx/certificates/${id}`,
});
}

11
frontend/src/api/backend/deleteDeadHost.ts
View File

@@ -1,10 +1,7 @@
import * as api from "./base";
export async function deleteDeadHost(id: number, abortController?: AbortController): Promise<boolean> {
return await api.del(
{
url: `/nginx/dead-hosts/${id}`,
},
abortController,
);
export async function deleteDeadHost(id: number): Promise<boolean> {
return await api.del({
url: `/nginx/dead-hosts/${id}`,
});
}

11
frontend/src/api/backend/deleteProxyHost.ts
View File

@@ -1,10 +1,7 @@
import * as api from "./base";
export async function deleteProxyHost(id: number, abortController?: AbortController): Promise<boolean> {
return await api.del(
{
url: `/nginx/proxy-hosts/${id}`,
},
abortController,
);
export async function deleteProxyHost(id: number): Promise<boolean> {
return await api.del({
url: `/nginx/proxy-hosts/${id}`,
});
}

11
frontend/src/api/backend/deleteRedirectionHost.ts
View File

@@ -1,10 +1,7 @@
import * as api from "./base";
export async function deleteRedirectionHost(id: number, abortController?: AbortController): Promise<boolean> {
return await api.del(
{
url: `/nginx/redirection-hosts/${id}`,
},
abortController,
);
export async function deleteRedirectionHost(id: number): Promise<boolean> {
return await api.del({
url: `/nginx/redirection-hosts/${id}`,
});
}

11
frontend/src/api/backend/deleteStream.ts
View File

@@ -1,10 +1,7 @@
import * as api from "./base";
export async function deleteStream(id: number, abortController?: AbortController): Promise<boolean> {
return await api.del(
{
url: `/nginx/streams/${id}`,
},
abortController,
);
export async function deleteStream(id: number): Promise<boolean> {
return await api.del({
url: `/nginx/streams/${id}`,
});
}

11
frontend/src/api/backend/deleteUser.ts
View File

@@ -1,10 +1,7 @@
import * as api from "./base";
export async function deleteUser(id: number, abortController?: AbortController): Promise<boolean> {
return await api.del(
{
url: `/users/${id}`,
},
abortController,
);
export async function deleteUser(id: number): Promise<boolean> {
return await api.del({
url: `/users/${id}`,
});
}

11
frontend/src/api/backend/downloadCertificate.ts
View File

@@ -1,11 +1,8 @@
import * as api from "./base";
import type { Binary } from "./responseTypes";
export async function downloadCertificate(id: number, abortController?: AbortController): Promise<Binary> {
return await api.get(
{
url: `/nginx/certificates/${id}/download`,
},
abortController,
);
export async function downloadCertificate(id: number): Promise<Binary> {
return await api.get({
url: `/nginx/certificates/${id}/download`,
});
}

6
frontend/src/api/backend/expansions.ts Normal file
View File

@@ -0,0 +1,6 @@
export type AccessListExpansion = "owner" | "items" | "clients";
export type AuditLogExpansion = "user";
export type CertificateExpansion = "owner" | "proxy_hosts" | "redirection_hosts" | "dead_hosts";
export type HostExpansion = "owner" | "certificate";
export type ProxyHostExpansion = "owner" | "access_list" | "certificate";
export type UserExpansion = "permissions";

14
frontend/src/api/backend/getAccessList.ts
View File

@@ -1,11 +1,13 @@
import * as api from "./base";
import type { AccessListExpansion } from "./expansions";
import type { AccessList } from "./models";
export async function getAccessList(id: number, abortController?: AbortController): Promise<AccessList> {
return await api.get(
{
url: `/nginx/access-lists/${id}`,
export async function getAccessList(id: number, expand?: AccessListExpansion[], params = {}): Promise<AccessList> {
return await api.get({
url: `/nginx/access-lists/${id}`,
params: {
expand: expand?.join(","),
...params,
},
abortController,
);
});
}

3
frontend/src/api/backend/getAccessLists.ts
View File

@@ -1,8 +1,7 @@
import * as api from "./base";
import type { AccessListExpansion } from "./expansions";
import type { AccessList } from "./models";
export type AccessListExpansion = "owner" | "items" | "clients";
export async function getAccessLists(expand?: AccessListExpansion[], params = {}): Promise<AccessList[]> {
return await api.get({
url: "/nginx/access-lists",

5
frontend/src/api/backend/getAuditLog.ts
View File

@@ -1,9 +1,10 @@
import * as api from "./base";
import type { AuditLogExpansion } from "./expansions";
import type { AuditLog } from "./models";
export async function getAuditLog(expand?: string[], params = {}): Promise<AuditLog[]> {
export async function getAuditLog(id: number, expand?: AuditLogExpansion[], params = {}): Promise<AuditLog> {
return await api.get({
url: "/audit-log",
url: `/audit-log/${id}`,
params: {
expand: expand?.join(","),
...params,

13
frontend/src/api/backend/getAuditLogs.ts Normal file
View File

@@ -0,0 +1,13 @@
import * as api from "./base";
import type { AuditLogExpansion } from "./expansions";
import type { AuditLog } from "./models";
export async function getAuditLogs(expand?: AuditLogExpansion[], params = {}): Promise<AuditLog[]> {
return await api.get({
url: "/audit-log",
params: {
expand: expand?.join(","),
...params,
},
});
}

14
frontend/src/api/backend/getCertificate.ts
View File

@@ -1,11 +1,13 @@
import * as api from "./base";
import type { CertificateExpansion } from "./expansions";
import type { Certificate } from "./models";
export async function getCertificate(id: number, abortController?: AbortController): Promise<Certificate> {
return await api.get(
{
url: `/nginx/certificates/${id}`,
export async function getCertificate(id: number, expand?: CertificateExpansion[], params = {}): Promise<Certificate> {
return await api.get({
url: `/nginx/certificates/${id}`,
params: {
expand: expand?.join(","),
...params,
},
abortController,
);
});
}

9
frontend/src/api/backend/getCertificateDNSProviders.ts Normal file
View File

@@ -0,0 +1,9 @@
import * as api from "./base";
import type { DNSProvider } from "./models";
export async function getCertificateDNSProviders(params = {}): Promise<DNSProvider[]> {
return await api.get({
url: "/nginx/certificates/dns-providers",
params,
});
}

3
frontend/src/api/backend/getCertificates.ts
View File

@@ -1,7 +1,8 @@
import * as api from "./base";
import type { CertificateExpansion } from "./expansions";
import type { Certificate } from "./models";
export async function getCertificates(expand?: string[], params = {}): Promise<Certificate[]> {
export async function getCertificates(expand?: CertificateExpansion[], params = {}): Promise<Certificate[]> {
return await api.get({
url: "/nginx/certificates",
params: {

14
frontend/src/api/backend/getDeadHost.ts
View File

@@ -1,11 +1,13 @@
import * as api from "./base";
import type { HostExpansion } from "./expansions";
import type { DeadHost } from "./models";
export async function getDeadHost(id: number, abortController?: AbortController): Promise<DeadHost> {
return await api.get(
{
url: `/nginx/dead-hosts/${id}`,
export async function getDeadHost(id: number, expand?: HostExpansion[], params = {}): Promise<DeadHost> {
return await api.get({
url: `/nginx/dead-hosts/${id}`,
params: {
expand: expand?.join(","),
...params,
},
abortController,
);
});
}

5
frontend/src/api/backend/getDeadHosts.ts
View File

@@ -1,9 +1,8 @@
import * as api from "./base";
import type { HostExpansion } from "./expansions";
import type { DeadHost } from "./models";
export type DeadHostExpansion = "owner" | "certificate";
export async function getDeadHosts(expand?: DeadHostExpansion[], params = {}): Promise<DeadHost[]> {
export async function getDeadHosts(expand?: HostExpansion[], params = {}): Promise<DeadHost[]> {
return await api.get({
url: "/nginx/dead-hosts",
params: {

11
frontend/src/api/backend/getHealth.ts
View File

@@ -1,11 +1,8 @@
import * as api from "./base";
import type { HealthResponse } from "./responseTypes";
export async function getHealth(abortController?: AbortController): Promise<HealthResponse> {
return await api.get(
{
url: "/",
},
abortController,
);
export async function getHealth(): Promise<HealthResponse> {
return await api.get({
url: "/",
});
}

11
frontend/src/api/backend/getHostsReport.ts
View File

@@ -1,10 +1,7 @@
import * as api from "./base";
export async function getHostsReport(abortController?: AbortController): Promise<Record<string, number>> {
return await api.get(
{
url: "/reports/hosts",
},
abortController,
);
export async function getHostsReport(): Promise<Record<string, number>> {
return await api.get({
url: "/reports/hosts",
});
}

14
frontend/src/api/backend/getProxyHost.ts
View File

@@ -1,11 +1,13 @@
import * as api from "./base";
import type { ProxyHostExpansion } from "./expansions";
import type { ProxyHost } from "./models";
export async function getProxyHost(id: number, abortController?: AbortController): Promise<ProxyHost> {
return await api.get(
{
url: `/nginx/proxy-hosts/${id}`,
export async function getProxyHost(id: number, expand?: ProxyHostExpansion[], params = {}): Promise<ProxyHost> {
return await api.get({
url: `/nginx/proxy-hosts/${id}`,
params: {
expand: expand?.join(","),
...params,
},
abortController,
);
});
}

3
frontend/src/api/backend/getProxyHosts.ts
View File

@@ -1,8 +1,7 @@
import * as api from "./base";
import type { ProxyHostExpansion } from "./expansions";
import type { ProxyHost } from "./models";
export type ProxyHostExpansion = "owner" | "access_list" | "certificate";
export async function getProxyHosts(expand?: ProxyHostExpansion[], params = {}): Promise<ProxyHost[]> {
return await api.get({
url: "/nginx/proxy-hosts",

16
frontend/src/api/backend/getRedirectionHost.ts
View File

@@ -1,11 +1,13 @@
import * as api from "./base";
import type { ProxyHost } from "./models";
import type { HostExpansion } from "./expansions";
import type { RedirectionHost } from "./models";
export async function getRedirectionHost(id: number, abortController?: AbortController): Promise<ProxyHost> {
return await api.get(
{
url: `/nginx/redirection-hosts/${id}`,
export async function getRedirectionHost(id: number, expand?: HostExpansion[], params = {}): Promise<RedirectionHost> {
return await api.get({
url: `/nginx/redirection-hosts/${id}`,
params: {
expand: expand?.join(","),
...params,
},
abortController,
);
});
}

7
frontend/src/api/backend/getRedirectionHosts.ts
View File

@@ -1,11 +1,8 @@
import * as api from "./base";
import type { HostExpansion } from "./expansions";
import type { RedirectionHost } from "./models";
export type RedirectionHostExpansion = "owner" | "certificate";
export async function getRedirectionHosts(
expand?: RedirectionHostExpansion[],
params = {},
): Promise<RedirectionHost[]> {
export async function getRedirectionHosts(expand?: HostExpansion[], params = {}): Promise<RedirectionHost[]> {
return await api.get({
url: "/nginx/redirection-hosts",
params: {

13
frontend/src/api/backend/getSetting.ts
View File

@@ -1,11 +1,12 @@
import * as api from "./base";
import type { Setting } from "./models";
export async function getSetting(id: string, abortController?: AbortController): Promise<Setting> {
return await api.get(
{
url: `/settings/${id}`,
export async function getSetting(id: string, expand?: string[], params = {}): Promise<Setting> {
return await api.get({
url: `/settings/${id}`,
params: {
expand: expand?.join(","),
...params,
},
abortController,
);
});
}

14
frontend/src/api/backend/getStream.ts
View File

@@ -1,11 +1,13 @@
import * as api from "./base";
import type { HostExpansion } from "./expansions";
import type { Stream } from "./models";
export async function getStream(id: number, abortController?: AbortController): Promise<Stream> {
return await api.get(
{
url: `/nginx/streams/${id}`,
export async function getStream(id: number, expand?: HostExpansion[], params = {}): Promise<Stream> {
return await api.get({
url: `/nginx/streams/${id}`,
params: {
expand: expand?.join(","),
...params,
},
abortController,
);
});
}

5
frontend/src/api/backend/getStreams.ts
View File

@@ -1,9 +1,8 @@
import * as api from "./base";
import type { HostExpansion } from "./expansions";
import type { Stream } from "./models";
export type StreamExpansion = "owner" | "certificate";
export async function getStreams(expand?: StreamExpansion[], params = {}): Promise<Stream[]> {
export async function getStreams(expand?: HostExpansion[], params = {}): Promise<Stream[]> {
return await api.get({
url: "/nginx/streams",
params: {

Some files were not shown because too many files have changed in this diff Show More