Fix entries of a deleted user break the UI

feat: Add leaseweb to certbot-dns-plugins

.gitignore

@@ -3,3 +3,7 @@
 ._*
 .vscode
 certbot-help.txt
+test/node_modules
+*/node_modules
+docker/dev/dnsrouter-config.json.tmp
+docker/dev/resolv.conf

.version

@@ -1 +1 @@
-2.11.0
+2.12.1

Jenkinsfile

@@ -18,10 +18,8 @@ pipeline {
 		BUILD_VERSION              = getVersion()
 		MAJOR_VERSION              = '2'
 		BRANCH_LOWER               = "${BRANCH_NAME.toLowerCase().replaceAll('\\\\', '-').replaceAll('/', '-').replaceAll('\\.', '-')}"
-		COMPOSE_PROJECT_NAME       = "npm_${BRANCH_LOWER}_${BUILD_NUMBER}"
-		COMPOSE_FILE               = 'docker/docker-compose.ci.yml'
+		BUILDX_NAME                = "npm_${BRANCH_LOWER}_${BUILD_NUMBER}"
 		COMPOSE_INTERACTIVE_NO_CLI = 1
-		BUILDX_NAME                = "${COMPOSE_PROJECT_NAME}"
 	}
 	stages {
 		stage('Environment') {
@@ -45,7 +43,7 @@ pipeline {
 					steps {
 						script {
 							// Defaults to the Branch name, which is applies to all branches AND pr's
-							buildxPushTags = "-t docker.io/jc21/${IMAGE}:github-${BRANCH_LOWER}"
+							buildxPushTags = "-t docker.io/nginxproxymanager/${IMAGE}-dev:${BRANCH_LOWER}"
 						}
 					}
 				}
@@ -58,6 +56,13 @@ pipeline {
 						sh 'sed -i -E "s/(version-)[0-9]+\\.[0-9]+\\.[0-9]+(-green)/\\1${BUILD_VERSION}\\2/" README.md'
 					}
 				}
+				stage('Docker Login') {
+					steps {
+						withCredentials([usernamePassword(credentialsId: 'jc21-dockerhub', passwordVariable: 'dpass', usernameVariable: 'duser')]) {
+							sh 'docker login -u "${duser}" -p "${dpass}"'
+						}
+					}
+				}
 			}
 		}
 		stage('Builds') {
@@ -92,80 +97,72 @@ pipeline {
 							sh 'yarn install'
 							sh 'yarn build'
 						}
-						dir(path: 'docs/.vuepress/dist') {
-							sh 'tar -czf ../../docs.tgz *'
-						}
-						archiveArtifacts(artifacts: 'docs/docs.tgz', allowEmptyArchive: false)
-					}
-				}
-				stage('Cypress') {
-					steps {
-						// Creating will also create the network prior to
-						// using it in parallel stages below and mitigating
-						// a race condition.
-						sh 'docker-compose build cypress-sqlite'
-						sh 'docker-compose build cypress-mysql'
-						sh 'docker-compose create cypress-sqlite'
-						sh 'docker-compose create cypress-mysql'
 					}
 				}
 			}
 		}
-		stage('Integration Tests') {
-			parallel {
-				stage('Sqlite') {
-					steps {
-						// Bring up a stack
-						sh 'docker-compose up -d fullstack-sqlite'
-						sh './scripts/wait-healthy $(docker-compose ps --all -q fullstack-sqlite) 120'
-						// Stop and Start it, as this will test it's ability to restart with existing data
-						sh 'docker-compose stop fullstack-sqlite'
-						sh 'docker-compose start fullstack-sqlite'
-						sh './scripts/wait-healthy $(docker-compose ps --all -q fullstack-sqlite) 120'
-
-						// Run tests
-						sh 'rm -rf test/results-sqlite'
-						sh 'docker-compose up cypress-sqlite'
-						// Get results
-						sh 'docker cp -L "$(docker-compose ps --all -q cypress-sqlite):/test/results" test/results-sqlite'
-					}
-					post {
-						always {
-							// Dumps to analyze later
-							sh 'mkdir -p debug/sqlite'
-							sh 'docker-compose logs fullstack-sqlite > debug/sqlite/docker_fullstack_sqlite.log'
-							// Cypress videos and screenshot artifacts
-							dir(path: 'test/results-sqlite') {
-								archiveArtifacts allowEmptyArchive: true, artifacts: '**/*', excludes: '**/*.xml'
-							}
-							junit 'test/results-sqlite/junit/*'
-						}
+		stage('Test Sqlite') {
+			environment {
+				COMPOSE_PROJECT_NAME = "npm_${BRANCH_LOWER}_${BUILD_NUMBER}_sqlite"
+				COMPOSE_FILE         = 'docker/docker-compose.ci.yml:docker/docker-compose.ci.sqlite.yml'
+			}
+			when {
+				not {
+					equals expected: 'UNSTABLE', actual: currentBuild.result
+				}
+			}
+			steps {
+				sh 'rm -rf ./test/results/junit/*'
+				sh './scripts/ci/fulltest-cypress'
+			}
+			post {
+				always {
+					// Dumps to analyze later
+					sh 'mkdir -p debug/sqlite'
+					sh 'docker logs $(docker-compose ps --all -q fullstack) > debug/sqlite/docker_fullstack.log 2>&1'
+					sh 'docker logs $(docker-compose ps --all -q stepca) > debug/sqlite/docker_stepca.log 2>&1'
+					sh 'docker logs $(docker-compose ps --all -q pdns) > debug/sqlite/docker_pdns.log 2>&1'
+					sh 'docker logs $(docker-compose ps --all -q pdns-db) > debug/sqlite/docker_pdns-db.log 2>&1'
+					sh 'docker logs $(docker-compose ps --all -q dnsrouter) > debug/sqlite/docker_dnsrouter.log 2>&1'
+					junit 'test/results/junit/*'
+					sh 'docker-compose down --remove-orphans --volumes -t 30 || true'
+				}
+				unstable {
+					dir(path: 'testing/results') {
+						archiveArtifacts(allowEmptyArchive: true, artifacts: '**/*', excludes: '**/*.xml')
 					}
 				}
-				stage('Mysql') {
-					steps {
-						// Bring up a stack
-						sh 'docker-compose up -d fullstack-mysql'
-						sh './scripts/wait-healthy $(docker-compose ps --all -q fullstack-mysql) 120'
-
-						// Run tests
-						sh 'rm -rf test/results-mysql'
-						sh 'docker-compose up cypress-mysql'
-						// Get results
-						sh 'docker cp -L "$(docker-compose ps --all -q cypress-mysql):/test/results" test/results-mysql'
-					}
-					post {
-						always {
-							// Dumps to analyze later
-							sh 'mkdir -p debug/mysql'
-							sh 'docker-compose logs fullstack-mysql > debug/mysql/docker_fullstack_mysql.log'
-							sh 'docker-compose logs db > debug/mysql/docker_db.log'
-							// Cypress videos and screenshot artifacts
-							dir(path: 'test/results-mysql') {
-								archiveArtifacts allowEmptyArchive: true, artifacts: '**/*', excludes: '**/*.xml'
-							}
-							junit 'test/results-mysql/junit/*'
-						}
+			}
+		}
+		stage('Test Mysql') {
+			environment {
+				COMPOSE_PROJECT_NAME = "npm_${BRANCH_LOWER}_${BUILD_NUMBER}_mysql"
+				COMPOSE_FILE         = 'docker/docker-compose.ci.yml:docker/docker-compose.ci.mysql.yml'
+			}
+			when {
+				not {
+					equals expected: 'UNSTABLE', actual: currentBuild.result
+				}
+			}
+			steps {
+				sh 'rm -rf ./test/results/junit/*'
+				sh './scripts/ci/fulltest-cypress'
+			}
+			post {
+				always {
+					// Dumps to analyze later
+					sh 'mkdir -p debug/mysql'
+					sh 'docker logs $(docker-compose ps --all -q fullstack) > debug/mysql/docker_fullstack.log 2>&1'
+					sh 'docker logs $(docker-compose ps --all -q stepca) > debug/mysql/docker_stepca.log 2>&1'
+					sh 'docker logs $(docker-compose ps --all -q pdns) > debug/mysql/docker_pdns.log 2>&1'
+					sh 'docker logs $(docker-compose ps --all -q pdns-db) > debug/mysql/docker_pdns-db.log 2>&1'
+					sh 'docker logs $(docker-compose ps --all -q dnsrouter) > debug/mysql/docker_dnsrouter.log 2>&1'
+					junit 'test/results/junit/*'
+					sh 'docker-compose down --remove-orphans --volumes -t 30 || true'
+				}
+				unstable {
+					dir(path: 'testing/results') {
+						archiveArtifacts(allowEmptyArchive: true, artifacts: '**/*', excludes: '**/*.xml')
 					}
 				}
 			}
@@ -177,38 +174,22 @@ pipeline {
 				}
 			}
 			steps {
-				withCredentials([usernamePassword(credentialsId: 'jc21-dockerhub', passwordVariable: 'dpass', usernameVariable: 'duser')]) {
-					sh 'docker login -u "${duser}" -p "${dpass}"'
-					sh "./scripts/buildx --push ${buildxPushTags}"
-				}
+				sh "./scripts/buildx --push ${buildxPushTags}"
 			}
 		}
 		stage('Docs / Comment') {
 			parallel {
-				stage('Master Docs') {
+				stage('Docs Job') {
 					when {
 						allOf {
-							branch 'master'
+							branch pattern: "^(develop|master)\$", comparator: "REGEXP"
 							not {
 								equals expected: 'UNSTABLE', actual: currentBuild.result
 							}
 						}
 					}
 					steps {
-						npmDocsReleaseMaster()
-					}
-				}
-				stage('Develop Docs') {
-					when {
-						allOf {
-							branch 'develop'
-							not {
-								equals expected: 'UNSTABLE', actual: currentBuild.result
-							}
-						}
-					}
-					steps {
-						npmDocsReleaseDevelop()
+						build wait: false, job: 'nginx-proxy-manager-docs', parameters: [string(name: 'docs_branch', value: "$BRANCH_NAME")]
 					}
 				}
 				stage('PR Comment') {
@@ -222,7 +203,13 @@ pipeline {
 					}
 					steps {
 						script {
-							npmGithubPrComment("Docker Image for build ${BUILD_NUMBER} is available on [DockerHub](https://cloud.docker.com/repository/docker/jc21/${IMAGE}) as `jc21/${IMAGE}:github-${BRANCH_LOWER}`\n\n**Note:** ensure you backup your NPM instance before testing this PR image! Especially if this PR contains database changes.", true)
+							npmGithubPrComment("""Docker Image for build ${BUILD_NUMBER} is available on
+[DockerHub](https://cloud.docker.com/repository/docker/nginxproxymanager/${IMAGE}-dev)
+as `nginxproxymanager/${IMAGE}-dev:${BRANCH_LOWER}`
+
+**Note:** ensure you backup your NPM instance before testing this image! Especially if there are database changes
+**Note:** this is a different docker image namespace than the official image
+""", true)
 						}
 					}
 				}
@@ -231,23 +218,15 @@ pipeline {
 	}
 	post {
 		always {
-			sh 'docker-compose down --remove-orphans --volumes -t 30'
 			sh 'echo Reverting ownership'
-			sh 'docker run --rm -v $(pwd):/data jc21/ci-tools chown -R $(id -u):$(id -g) /data'
-		}
-		success {
-			juxtapose event: 'success'
-			sh 'figlet "SUCCESS"'
+			sh 'docker run --rm -v "$(pwd):/data" jc21/ci-tools chown -R "$(id -u):$(id -g)" /data'
+			printResult(true)
 		}
 		failure {
 			archiveArtifacts(artifacts: 'debug/**/*.*', allowEmptyArchive: true)
-			juxtapose event: 'failure'
-			sh 'figlet "FAILURE"'
 		}
 		unstable {
 			archiveArtifacts(artifacts: 'debug/**/*.*', allowEmptyArchive: true)
-			juxtapose event: 'unstable'
-			sh 'figlet "UNSTABLE"'
 		}
 	}
 }

README.md

@@ -1,7 +1,7 @@
 <p align="center">
 	<img src="https://nginxproxymanager.com/github.png">
 	<br><br>
-	<img src="https://img.shields.io/badge/version-2.11.0-green.svg?style=for-the-badge">
+	<img src="https://img.shields.io/badge/version-2.12.1-green.svg?style=for-the-badge">
 	<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager">
 		<img src="https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge">
 	</a>
@@ -19,7 +19,7 @@ running at home or otherwise, including free SSL, without having to know too muc
 
 ## Project Goal
 
-I created this project to fill a personal need to provide users with a easy way to accomplish reverse
+I created this project to fill a personal need to provide users with an easy way to accomplish reverse
 proxying hosts with SSL termination and it had to be so easy that a monkey could do it. This goal hasn't changed.
 While there might be advanced options they are optional and the project should be as simple as possible
 so that the barrier for entry here is low.
@@ -56,10 +56,9 @@ I won't go in to too much detail here but here are the basics for someone new to
 2. Create a docker-compose.yml file similar to this:
 
 ```yml
-version: '3.8'
 services:
   app:
-    image: 'jc21/nginx-proxy-manager:latest'
+    image: 'docker.io/jc21/nginx-proxy-manager:latest'
     restart: unless-stopped
     ports:
       - '80:80'

backend/.vscode/settings.json

@@ -1,8 +0,0 @@
-{
-	"editor.insertSpaces": false,
-	"editor.formatOnSave": true,
-	"files.trimTrailingWhitespace": true,
-	"editor.codeActionsOnSave": {
-		"source.fixAll.eslint": true
-	}
-}

backend/app.js

@@ -52,7 +52,7 @@ app.use(function (req, res, next) {
 });
 
 app.use(require('./lib/express/jwt')());
-app.use('/', require('./routes/api/main'));
+app.use('/', require('./routes/main'));
 
 // production error handler
 // no stacktraces leaked to user

backend/config/default.json

@@ -1,6 +1,6 @@
 {
   "database": {
-    "engine": "mysql",
+    "engine": "mysql2",
     "host": "db",
     "name": "npm",
     "user": "npm",

backend/index.js

@@ -1,23 +1,20 @@
 #!/usr/bin/env node
 
+const schema = require('./schema');
 const logger = require('./logger').global;
 
 async function appStart () {
 	const migrate             = require('./migrate');
 	const setup               = require('./setup');
 	const app                 = require('./app');
-	const apiValidator        = require('./lib/validator/api');
 	const internalCertificate = require('./internal/certificate');
 	const internalIpRanges    = require('./internal/ip_ranges');
 
 	return migrate.latest()
 		.then(setup)
-		.then(() => {
-			return apiValidator.loadSchemas;
-		})
+		.then(schema.getCompiledSchema)
 		.then(internalIpRanges.fetch)
 		.then(() => {
-
 			internalCertificate.initTimer();
 			internalIpRanges.initTimer();
 
@@ -34,7 +31,7 @@ async function appStart () {
 			});
 		})
 		.catch((err) => {
-			logger.error(err.message);
+			logger.error(err.message, err);
 			setTimeout(appStart, 1000);
 		});
 }

backend/internal/access-list.js

@@ -204,7 +204,6 @@ const internalAccessList = {
 						});
 				}
 			})
-			.then(internalNginx.reload)
 			.then(() => {
 				// Add to audit log
 				return internalAuditLog.add(access, {
@@ -227,7 +226,7 @@ const internalAccessList = {
 						if (row.proxy_host_count) {
 							return internalNginx.bulkGenerateConfigs('proxy_host', row.proxy_hosts);
 						}
-					})
+					}).then(internalNginx.reload)
 					.then(() => {
 						return internalAccessList.maskItems(row);
 					});
@@ -270,7 +269,7 @@ const internalAccessList = {
 				return query.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				}
 				if (!skip_masking && typeof row.items !== 'undefined' && row.items) {
@@ -297,7 +296,7 @@ const internalAccessList = {
 				return internalAccessList.get(access, {id: data.id, expand: ['proxy_hosts', 'items', 'clients']});
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				}
 

backend/internal/certificate.js

@@ -3,27 +3,29 @@ const fs               = require('fs');
 const https            = require('https');
 const tempWrite        = require('temp-write');
 const moment           = require('moment');
+const archiver         = require('archiver');
+const path             = require('path');
+const { isArray }      = require('lodash');
 const logger           = require('../logger').ssl;
 const config           = require('../lib/config');
 const error            = require('../lib/error');
 const utils            = require('../lib/utils');
+const certbot          = require('../lib/certbot');
 const certificateModel = require('../models/certificate');
 const tokenModel       = require('../models/token');
 const dnsPlugins       = require('../global/certbot-dns-plugins.json');
 const internalAuditLog = require('./audit-log');
 const internalNginx    = require('./nginx');
 const internalHost     = require('./host');
-const certbot          = require('../lib/certbot');
-const archiver         = require('archiver');
-const path             = require('path');
-const { isArray }      = require('lodash');
+
 
 const letsencryptStaging = config.useLetsencryptStaging();
+const letsencryptServer  = config.useLetsencryptServer();
 const letsencryptConfig  = '/etc/letsencrypt.ini';
 const certbotCommand     = 'certbot';
 
 function omissions() {
-	return ['is_deleted'];
+	return ['is_deleted', 'owner.is_deleted'];
 }
 
 const internalCertificate = {
@@ -207,6 +209,7 @@ const internalCertificate = {
 										.patchAndFetchById(certificate.id, {
 											expires_on: moment(cert_info.dates.to, 'X').format('YYYY-MM-DD HH:mm:ss')
 										})
+										.then(utils.omitRow(omissions()))
 										.then((saved_row) => {
 											// Add cert data for audit log
 											saved_row.meta = _.assign({}, saved_row.meta, {
@@ -323,7 +326,7 @@ const internalCertificate = {
 				return query.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				}
 				// Custom omissions
@@ -412,7 +415,7 @@ const internalCertificate = {
 				return internalCertificate.get(access, {id: data.id});
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				}
 
@@ -730,29 +733,29 @@ const internalCertificate = {
 
 		return utils.exec('openssl x509 -in ' + certificate_file + ' -subject -noout')
 			.then((result) => {
+				// Examples:
+				// subject=CN = *.jc21.com
 				// subject=CN = something.example.com
 				const regex = /(?:subject=)?[^=]+=\s+(\S+)/gim;
 				const match = regex.exec(result);
-
-				if (typeof match[1] === 'undefined') {
-					throw new error.ValidationError('Could not determine subject from certificate: ' + result);
+				if (match && typeof match[1] !== 'undefined') {
+					certData['cn'] = match[1];
 				}
-
-				certData['cn'] = match[1];
 			})
 			.then(() => {
 				return utils.exec('openssl x509 -in ' + certificate_file + ' -issuer -noout');
 			})
+
 			.then((result) => {
+				// Examples:
 				// issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
+				// issuer=C = US, O = Let's Encrypt, CN = E5
+				// issuer=O = NginxProxyManager, CN = NginxProxyManager Intermediate CA","O = NginxProxyManager, CN = NginxProxyManager Intermediate CA
 				const regex = /^(?:issuer=)?(.*)$/gim;
 				const match = regex.exec(result);
-
-				if (typeof match[1] === 'undefined') {
-					throw new error.ValidationError('Could not determine issuer from certificate: ' + result);
+				if (match && typeof match[1] !== 'undefined') {
+					certData['issuer'] = match[1];
 				}
-
-				certData['issuer'] = match[1];
 			})
 			.then(() => {
 				return utils.exec('openssl x509 -in ' + certificate_file + ' -dates -noout');
@@ -827,17 +830,18 @@ const internalCertificate = {
 	requestLetsEncryptSsl: (certificate) => {
 		logger.info('Requesting Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));
 
-		const cmd = certbotCommand + ' certonly ' +
-			'--config "' + letsencryptConfig + '" ' +
+		const cmd = `${certbotCommand} certonly ` +
+			`--config '${letsencryptConfig}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
-			'--cert-name "npm-' + certificate.id + '" ' +
+			`--cert-name "npm-${certificate.id}" ` +
 			'--agree-tos ' +
 			'--authenticator webroot ' +
-			'--email "' + certificate.meta.letsencrypt_email + '" ' +
+			`--email '${certificate.meta.letsencrypt_email}' ` +
 			'--preferred-challenges "dns,http" ' +
-			'--domains "' + certificate.domain_names.join(',') + '" ' +
-			(letsencryptStaging ? '--staging' : '');
+			`--domains "${certificate.domain_names.join(',')}" ` +
+			(letsencryptServer !== null ? `--server '${letsencryptServer}' ` : '') +
+			(letsencryptStaging && letsencryptServer === null ? '--staging ' : '');
 
 		logger.info('Command:', cmd);
 
@@ -861,33 +865,33 @@ const internalCertificate = {
 		logger.info(`Requesting Let'sEncrypt certificates via ${dnsPlugin.name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`);
 
 		const credentialsLocation = '/etc/letsencrypt/credentials/credentials-' + certificate.id;
-		// Escape single quotes and backslashes
-		const escapedCredentials = certificate.meta.dns_provider_credentials.replaceAll('\'', '\\\'').replaceAll('\\', '\\\\');
-		const credentialsCmd     = 'mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo \'' + escapedCredentials + '\' > \'' + credentialsLocation + '\' && chmod 600 \'' + credentialsLocation + '\'';
+		fs.mkdirSync('/etc/letsencrypt/credentials', { recursive: true });
+		fs.writeFileSync(credentialsLocation, certificate.meta.dns_provider_credentials, {mode: 0o600});
 
 		// Whether the plugin has a --<name>-credentials argument
 		const hasConfigArg = certificate.meta.dns_provider !== 'route53';
 
 		let mainCmd = certbotCommand + ' certonly ' +
-			'--config "' + letsencryptConfig + '" ' +
+			`--config '${letsencryptConfig}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
-			'--cert-name "npm-' + certificate.id + '" ' +
+			`--cert-name 'npm-${certificate.id}' ` +
 			'--agree-tos ' +
-			'--email "' + certificate.meta.letsencrypt_email + '" ' +
-			'--domains "' + certificate.domain_names.join(',') + '" ' +
-			'--authenticator ' + dnsPlugin.full_plugin_name + ' ' +
+			`--email '${certificate.meta.letsencrypt_email}' ` +
+			`--domains '${certificate.domain_names.join(',')}' ` +
+			`--authenticator '${dnsPlugin.full_plugin_name}' ` +
 			(
 				hasConfigArg
-					? '--' + dnsPlugin.full_plugin_name + '-credentials "' + credentialsLocation + '"'
+					? `--${dnsPlugin.full_plugin_name}-credentials '${credentialsLocation}' `
 					: ''
 			) +
 			(
 				certificate.meta.propagation_seconds !== undefined
-					? ' --' + dnsPlugin.full_plugin_name + '-propagation-seconds ' + certificate.meta.propagation_seconds
+					? `--${dnsPlugin.full_plugin_name}-propagation-seconds '${certificate.meta.propagation_seconds}' `
 					: ''
 			) +
-			(letsencryptStaging ? ' --staging' : '');
+			(letsencryptServer !== null ? `--server '${letsencryptServer}' ` : '') +
+			(letsencryptStaging && letsencryptServer === null ? '--staging ' : '');
 
 		// Prepend the path to the credentials file as an environment variable
 		if (certificate.meta.dns_provider === 'route53') {
@@ -898,17 +902,15 @@ const internalCertificate = {
 			mainCmd = mainCmd + ' --dns-duckdns-no-txt-restore';
 		}
 
-		logger.info('Command:', `${credentialsCmd} && && ${mainCmd}`);
+		logger.info('Command:', mainCmd);
 
 		try {
-			await utils.exec(credentialsCmd);
 			const result = await utils.exec(mainCmd);
 			logger.info(result);
 			return result;
 		} catch (err) {
-			// Don't fail if file does not exist
-			const delete_credentialsCmd = `rm -f '${credentialsLocation}' || true`;
-			await utils.exec(delete_credentialsCmd);
+			// Don't fail if file does not exist, so no need for action in the callback
+			fs.unlink(credentialsLocation, () => {});
 			throw err;
 		}
 	},
@@ -966,14 +968,15 @@ const internalCertificate = {
 		logger.info('Renewing Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));
 
 		const cmd = certbotCommand + ' renew --force-renewal ' +
-			'--config "' + letsencryptConfig + '" ' +
+			`--config '${letsencryptConfig}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
-			'--cert-name "npm-' + certificate.id + '" ' +
+			`--cert-name 'npm-${certificate.id}' ` +
 			'--preferred-challenges "dns,http" ' +
 			'--no-random-sleep-on-renew ' +
 			'--disable-hook-validation ' +
-			(letsencryptStaging ? '--staging' : '');
+			(letsencryptServer !== null ? `--server '${letsencryptServer}' ` : '') +
+			(letsencryptStaging && letsencryptServer === null ? '--staging ' : '');
 
 		logger.info('Command:', cmd);
 
@@ -998,13 +1001,14 @@ const internalCertificate = {
 		logger.info(`Renewing Let'sEncrypt certificates via ${dnsPlugin.name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`);
 
 		let mainCmd = certbotCommand + ' renew --force-renewal ' +
-			'--config "' + letsencryptConfig + '" ' +
+			`--config "${letsencryptConfig}" ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
-			'--cert-name "npm-' + certificate.id + '" ' +
+			`--cert-name 'npm-${certificate.id}' ` +
 			'--disable-hook-validation ' +
 			'--no-random-sleep-on-renew ' +
-			(letsencryptStaging ? ' --staging' : '');
+			(letsencryptServer !== null ? `--server '${letsencryptServer}' ` : '') +
+			(letsencryptStaging && letsencryptServer === null ? '--staging ' : '');
 
 		// Prepend the path to the credentials file as an environment variable
 		if (certificate.meta.dns_provider === 'route53') {
@@ -1030,12 +1034,13 @@ const internalCertificate = {
 		logger.info('Revoking Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));
 
 		const mainCmd = certbotCommand + ' revoke ' +
-			'--config "' + letsencryptConfig + '" ' +
+			`--config '${letsencryptConfig}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
-			'--cert-path "/etc/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem" ' +
+			`--cert-path '/etc/letsencrypt/live/npm-${certificate.id}/fullchain.pem' ` +
 			'--delete-after-revoke ' +
-			(letsencryptStaging ? '--staging' : '');
+			(letsencryptServer !== null ? `--server '${letsencryptServer}' ` : '') +
+			(letsencryptStaging && letsencryptServer === null ? '--staging ' : '');
 
 		// Don't fail command if file does not exist
 		const delete_credentialsCmd = `rm -f '/etc/letsencrypt/credentials/credentials-${certificate.id}' || true`;

backend/internal/dead-host.js

@@ -48,6 +48,12 @@ const internalDeadHost = {
 				data.owner_user_id = access.token.getUserId(1);
 				data               = internalHost.cleanSslHstsData(data);
 
+				// Fix for db field not having a default value
+				// for this optional field.
+				if (typeof data.advanced_config === 'undefined') {
+					data.advanced_config = '';
+				}
+
 				return deadHostModel
 					.query()
 					.insertAndFetch(data)
@@ -233,7 +239,7 @@ const internalDeadHost = {
 				return query.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				}
 				// Custom omissions
@@ -257,7 +263,7 @@ const internalDeadHost = {
 				return internalDeadHost.get(access, {id: data.id});
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				}
 
@@ -305,7 +311,7 @@ const internalDeadHost = {
 				});
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				} else if (row.enabled) {
 					throw new error.ValidationError('Host is already enabled');
@@ -351,7 +357,7 @@ const internalDeadHost = {
 				return internalDeadHost.get(access, {id: data.id});
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				} else if (!row.enabled) {
 					throw new error.ValidationError('Host is already disabled');

backend/internal/nginx.js

@@ -181,7 +181,9 @@ const internalNginx = {
 	 * @param   {Object}  host
 	 * @returns {Promise}
 	 */
-	generateConfig: (host_type, host) => {
+	generateConfig: (host_type, host_row) => {
+		// Prevent modifying the original object:
+		let host             = JSON.parse(JSON.stringify(host_row));
 		const nice_host_type = internalNginx.getFileFriendlyHostType(host_type);
 
 		if (config.debug()) {

backend/internal/proxy-host.js

@@ -8,7 +8,7 @@ const internalAuditLog    = require('./audit-log');
 const internalCertificate = require('./certificate');
 
 function omissions () {
-	return ['is_deleted'];
+	return ['is_deleted', 'owner.is_deleted'];
 }
 
 const internalProxyHost = {
@@ -48,6 +48,12 @@ const internalProxyHost = {
 				data.owner_user_id = access.token.getUserId(1);
 				data               = internalHost.cleanSslHstsData(data);
 
+				// Fix for db field not having a default value
+				// for this optional field.
+				if (typeof data.advanced_config === 'undefined') {
+					data.advanced_config = '';
+				}
+
 				return proxyHostModel
 					.query()
 					.insertAndFetch(data)
@@ -239,7 +245,7 @@ const internalProxyHost = {
 				return query.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				}
 				row = internalHost.cleanRowCertificateMeta(row);
@@ -264,7 +270,7 @@ const internalProxyHost = {
 				return internalProxyHost.get(access, {id: data.id});
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				}
 
@@ -312,7 +318,7 @@ const internalProxyHost = {
 				});
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				} else if (row.enabled) {
 					throw new error.ValidationError('Host is already enabled');
@@ -358,7 +364,7 @@ const internalProxyHost = {
 				return internalProxyHost.get(access, {id: data.id});
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				} else if (!row.enabled) {
 					throw new error.ValidationError('Host is already disabled');

backend/internal/redirection-host.js

@@ -48,6 +48,12 @@ const internalRedirectionHost = {
 				data.owner_user_id = access.token.getUserId(1);
 				data               = internalHost.cleanSslHstsData(data);
 
+				// Fix for db field not having a default value
+				// for this optional field.
+				if (typeof data.advanced_config === 'undefined') {
+					data.advanced_config = '';
+				}
+
 				return redirectionHostModel
 					.query()
 					.insertAndFetch(data)
@@ -232,7 +238,7 @@ const internalRedirectionHost = {
 				return query.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				}
 				row = internalHost.cleanRowCertificateMeta(row);
@@ -257,7 +263,7 @@ const internalRedirectionHost = {
 				return internalRedirectionHost.get(access, {id: data.id});
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				}
 
@@ -305,7 +311,7 @@ const internalRedirectionHost = {
 				});
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				} else if (row.enabled) {
 					throw new error.ValidationError('Host is already enabled');
@@ -351,7 +357,7 @@ const internalRedirectionHost = {
 				return internalRedirectionHost.get(access, {id: data.id});
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				} else if (!row.enabled) {
 					throw new error.ValidationError('Host is already disabled');

backend/internal/stream.js

@@ -128,7 +128,7 @@ const internalStream = {
 				return query.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				}
 				// Custom omissions
@@ -152,7 +152,7 @@ const internalStream = {
 				return internalStream.get(access, {id: data.id});
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				}
 
@@ -200,7 +200,7 @@ const internalStream = {
 				});
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				} else if (row.enabled) {
 					throw new error.ValidationError('Host is already enabled');
@@ -246,7 +246,7 @@ const internalStream = {
 				return internalStream.get(access, {id: data.id});
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				} else if (!row.enabled) {
 					throw new error.ValidationError('Host is already disabled');

backend/internal/user.js

@@ -194,7 +194,7 @@ const internalUser = {
 				return query.then(utils.omitRow(omissions()));
 			})
 			.then((row) => {
-				if (!row) {
+				if (!row || !row.id) {
 					throw new error.ItemNotFoundError(data.id);
 				}
 				// Custom omissions

backend/knexfile.js

@@ -1,6 +1,6 @@
 module.exports = {
 	development: {
-		client:     'mysql',
+		client:     'mysql2',
 		migrations: {
 			tableName: 'migrations',
 			stub:      'lib/migrate_template.js',
@@ -9,7 +9,7 @@ module.exports = {
 	},
 
 	production: {
-		client:     'mysql',
+		client:     'mysql2',
 		migrations: {
 			tableName: 'migrations',
 			stub:      'lib/migrate_template.js',

backend/lib/access.js

@@ -10,7 +10,7 @@
 
 const _              = require('lodash');
 const logger         = require('../logger').access;
-const validator      = require('ajv');
+const Ajv            = require('ajv/dist/2020');
 const error          = require('./error');
 const userModel      = require('../models/user');
 const proxyHostModel = require('../models/proxy_host');
@@ -174,7 +174,6 @@ module.exports = function (token_string) {
 
 		let schema = {
 			$id:                  'objects',
-			$schema:              'http://json-schema.org/draft-07/schema#',
 			description:          'Actor Properties',
 			type:                 'object',
 			additionalProperties: false,
@@ -251,7 +250,7 @@ module.exports = function (token_string) {
 						// Initialised, token decoded ok
 						return this.getObjectSchema(permission)
 							.then((objectSchema) => {
-								let data_schema = {
+								const data_schema = {
 									[permission]: {
 										data:                         data,
 										scope:                        Token.get('scope'),
@@ -267,24 +266,18 @@ module.exports = function (token_string) {
 								};
 
 								let permissionSchema = {
-									$schema:              'http://json-schema.org/draft-07/schema#',
 									$async:               true,
 									$id:                  'permissions',
+									type:                 'object',
 									additionalProperties: false,
 									properties:           {}
 								};
 
 								permissionSchema.properties[permission] = require('./access/' + permission.replace(/:/gim, '-') + '.json');
 
-								// logger.info('objectSchema', JSON.stringify(objectSchema, null, 2));
-								// logger.info('permissionSchema', JSON.stringify(permissionSchema, null, 2));
-								// logger.info('data_schema', JSON.stringify(data_schema, null, 2));
-
-								let ajv = validator({
+								const ajv = new Ajv({
 									verbose:      true,
 									allErrors:    true,
-									format:       'full',
-									missingRefs:  'fail',
 									breakOnError: true,
 									coerceTypes:  true,
 									schemas:      [

backend/lib/access/permissions.json

@@ -1,5 +1,4 @@
 {
-	"$schema": "http://json-schema.org/draft-07/schema#",
 	"$id": "perms",
 	"definitions": {
 		"view": {

backend/lib/access/roles.json

@@ -1,5 +1,4 @@
 {
-	"$schema": "http://json-schema.org/draft-07/schema#",
 	"$id": "roles",
 	"definitions": {
 		"admin": {

backend/lib/certbot.js

@@ -16,6 +16,7 @@ const certbot = {
 
 		return new Promise((resolve, reject) => {
 			if (pluginKeys.length === 0) {
+				resolve();
 				return;
 			}
 

backend/lib/config.js

@@ -34,7 +34,7 @@ const configure = () => {
 		logger.info('Using MySQL configuration');
 		instance = {
 			database: {
-				engine:   'mysql',
+				engine:   'mysql2',
 				host:     envMysqlHost,
 				port:     process.env.DB_MYSQL_PORT || 3306,
 				user:     envMysqlUser,
@@ -93,7 +93,7 @@ const generateKeys = () => {
 	try {
 		fs.writeFileSync(keysFile, JSON.stringify(keys, null, 2));
 	} catch (err) {
-		logger.error('Could not write JWT key pair to config file: ' + keysFile + ': ' . err.message);
+		logger.error('Could not write JWT key pair to config file: ' + keysFile + ': ' + err.message);
 		process.exit(1);
 	}
 	logger.info('Wrote JWT key pair to config file: ' + keysFile);
@@ -180,5 +180,15 @@ module.exports = {
 	 */
 	useLetsencryptStaging: function () {
 		return !!process.env.LE_STAGING;
+	},
+
+	/**
+	 * @returns {string|null}
+	 */
+	useLetsencryptServer: function () {
+		if (process.env.LE_SERVER) {
+			return process.env.LE_SERVER;
+		}
+		return null;
 	}
 };

backend/lib/express/cors.js

@@ -1,40 +1,16 @@
-const validator = require('../validator');
-
 module.exports = function (req, res, next) {
-
 	if (req.headers.origin) {
-
-		const originSchema = {
-			oneOf: [
-				{
-					type:    'string',
-					pattern: '^[a-z\\-]+:\\/\\/(?:[\\w\\-\\.]+(:[0-9]+)?/?)?$'
-				},
-				{
-					type:    'string',
-					pattern: '^[a-z\\-]+:\\/\\/(?:\\[([a-z0-9]{0,4}\\:?)+\\])?/?(:[0-9]+)?$'
-				}
-			]
-		};
-
-		// very relaxed validation....
-		validator(originSchema, req.headers.origin)
-			.then(function () {
-				res.set({
-					'Access-Control-Allow-Origin':      req.headers.origin,
-					'Access-Control-Allow-Credentials': true,
-					'Access-Control-Allow-Methods':     'OPTIONS, GET, POST',
-					'Access-Control-Allow-Headers':     'Content-Type, Cache-Control, Pragma, Expires, Authorization, X-Dataset-Total, X-Dataset-Offset, X-Dataset-Limit',
-					'Access-Control-Max-Age':           5 * 60,
-					'Access-Control-Expose-Headers':    'X-Dataset-Total, X-Dataset-Offset, X-Dataset-Limit'
-				});
-				next();
-			})
-			.catch(next);
-
+		res.set({
+			'Access-Control-Allow-Origin':      req.headers.origin,
+			'Access-Control-Allow-Credentials': true,
+			'Access-Control-Allow-Methods':     'OPTIONS, GET, POST',
+			'Access-Control-Allow-Headers':     'Content-Type, Cache-Control, Pragma, Expires, Authorization, X-Dataset-Total, X-Dataset-Offset, X-Dataset-Limit',
+			'Access-Control-Max-Age':           5 * 60,
+			'Access-Control-Expose-Headers':    'X-Dataset-Total, X-Dataset-Offset, X-Dataset-Limit'
+		});
+		next();
 	} else {
 		// No origin
 		next();
 	}
-
 };

backend/lib/helpers.js

@@ -27,6 +27,24 @@ module.exports = {
 		}
 
 		return null;
+	},
+
+	convertIntFieldsToBool: function (obj, fields) {
+		fields.forEach(function (field) {
+			if (typeof obj[field] !== 'undefined') {
+				obj[field] = obj[field] === 1;
+			}
+		});
+		return obj;
+	},
+
+	convertBoolFieldsToInt: function (obj, fields) {
+		fields.forEach(function (field) {
+			if (typeof obj[field] !== 'undefined') {
+				obj[field] = obj[field] ? 1 : 0;
+			}
+		});
+		return obj;
 	}
 
 };

backend/lib/validator/api.js

@@ -1,13 +1,12 @@
-const error  = require('../error');
-const path   = require('path');
-const parser = require('json-schema-ref-parser');
+const Ajv   = require('ajv/dist/2020');
+const error = require('../error');
 
-const ajv = require('ajv')({
-	verbose:        true,
-	validateSchema: true,
-	allErrors:      false,
-	format:         'full',
-	coerceTypes:    true
+const ajv = new Ajv({
+	verbose:         true,
+	allErrors:       true,
+	allowUnionTypes: true,
+	strict:          false,
+	coerceTypes:     true,
 });
 
 /**
@@ -17,12 +16,18 @@ const ajv = require('ajv')({
  */
 function apiValidator (schema, payload/*, description*/) {
 	return new Promise(function Promise_apiValidator (resolve, reject) {
-		if (typeof payload === 'undefined') {
-			reject(new error.ValidationError('Payload is undefined'));
+		if (schema === null) {
+			reject(new error.ValidationError('Schema is undefined'));
+			return;
 		}
 
-		let validate = ajv.compile(schema);
-		let valid    = validate(payload);
+		if (typeof payload === 'undefined') {
+			reject(new error.ValidationError('Payload is undefined'));
+			return;
+		}
+
+		const validate = ajv.compile(schema);
+		const valid    = validate(payload);
 
 		if (valid && !validate.errors) {
 			resolve(payload);
@@ -35,11 +40,4 @@ function apiValidator (schema, payload/*, description*/) {
 	});
 }
 
-apiValidator.loadSchemas = parser
-	.dereference(path.resolve('schema/index.json'))
-	.then((schema) => {
-		ajv.addSchema(schema);
-		return schema;
-	});
-
 module.exports = apiValidator;

backend/lib/validator/index.js

@@ -1,17 +1,17 @@
-const _           = require('lodash');
-const error       = require('../error');
-const definitions = require('../../schema/definitions.json');
+const _                 = require('lodash');
+const Ajv               = require('ajv/dist/2020');
+const error             = require('../error');
+const commonDefinitions = require('../../schema/common.json');
 
 RegExp.prototype.toJSON = RegExp.prototype.toString;
 
-const ajv = require('ajv')({
-	verbose:     true,
-	allErrors:   true,
-	format:      'full',  // strict regexes for format checks
-	coerceTypes: true,
-	schemas:     [
-		definitions
-	]
+const ajv = new Ajv({
+	verbose:         true,
+	allErrors:       true,
+	allowUnionTypes: true,
+	coerceTypes:     true,
+	strict:          false,
+	schemas:         [commonDefinitions]
 });
 
 /**
@@ -27,23 +27,19 @@ function validator (schema, payload) {
 		} else {
 			try {
 				let validate = ajv.compile(schema);
+				let valid    = validate(payload);
 
-				let valid = validate(payload);
 				if (valid && !validate.errors) {
 					resolve(_.cloneDeep(payload));
 				} else {
 					let message = ajv.errorsText(validate.errors);
 					reject(new error.InternalValidationError(message));
 				}
-
 			} catch (err) {
 				reject(err);
 			}
-
 		}
-
 	});
-
 }
 
 module.exports = validator;

backend/models/access_list.js

@@ -2,6 +2,7 @@
 // http://vincit.github.io/objection.js/
 
 const db               = require('../db');
+const helpers          = require('../lib/helpers');
 const Model            = require('objection').Model;
 const User             = require('./user');
 const AccessListAuth   = require('./access_list_auth');
@@ -10,6 +11,12 @@ const now              = require('./now_helper');
 
 Model.knex(db);
 
+const boolFields = [
+	'is_deleted',
+	'satisfy_any',
+	'pass_auth',
+];
+
 class AccessList extends Model {
 	$beforeInsert () {
 		this.created_on  = now();
@@ -25,6 +32,16 @@ class AccessList extends Model {
 		this.modified_on = now();
 	}
 
+	$parseDatabaseJson(json) {
+		json = super.$parseDatabaseJson(json);
+		return helpers.convertIntFieldsToBool(json, boolFields);
+	}
+
+	$formatDatabaseJson(json) {
+		json = helpers.convertBoolFieldsToInt(json, boolFields);
+		return super.$formatDatabaseJson(json);
+	}
+
 	static get name () {
 		return 'AccessList';
 	}

backend/models/auth.js

@@ -1,14 +1,19 @@
 // Objection Docs:
 // http://vincit.github.io/objection.js/
 
-const bcrypt = require('bcrypt');
-const db     = require('../db');
-const Model  = require('objection').Model;
-const User   = require('./user');
-const now    = require('./now_helper');
+const bcrypt  = require('bcrypt');
+const db      = require('../db');
+const helpers = require('../lib/helpers');
+const Model   = require('objection').Model;
+const User    = require('./user');
+const now     = require('./now_helper');
 
 Model.knex(db);
 
+const boolFields = [
+	'is_deleted',
+];
+
 function encryptPassword () {
 	/* jshint -W040 */
 	let _this = this;
@@ -41,6 +46,16 @@ class Auth extends Model {
 		return encryptPassword.apply(this, queryContext);
 	}
 
+	$parseDatabaseJson(json) {
+		json = super.$parseDatabaseJson(json);
+		return helpers.convertIntFieldsToBool(json, boolFields);
+	}
+
+	$formatDatabaseJson(json) {
+		json = helpers.convertBoolFieldsToInt(json, boolFields);
+		return super.$formatDatabaseJson(json);
+	}
+
 	/**
 	 * Verify a plain password against the encrypted password
 	 *

backend/models/certificate.js

@@ -1,13 +1,18 @@
 // Objection Docs:
 // http://vincit.github.io/objection.js/
 
-const db    = require('../db');
-const Model = require('objection').Model;
-const User  = require('./user');
-const now   = require('./now_helper');
+const db      = require('../db');
+const helpers = require('../lib/helpers');
+const Model   = require('objection').Model;
+const User    = require('./user');
+const now     = require('./now_helper');
 
 Model.knex(db);
 
+const boolFields = [
+	'is_deleted',
+];
+
 class Certificate extends Model {
 	$beforeInsert () {
 		this.created_on  = now();
@@ -40,6 +45,16 @@ class Certificate extends Model {
 		}
 	}
 
+	$parseDatabaseJson(json) {
+		json = super.$parseDatabaseJson(json);
+		return helpers.convertIntFieldsToBool(json, boolFields);
+	}
+
+	$formatDatabaseJson(json) {
+		json = helpers.convertBoolFieldsToInt(json, boolFields);
+		return super.$formatDatabaseJson(json);
+	}
+
 	static get name () {
 		return 'Certificate';
 	}

backend/models/dead_host.js

@@ -2,6 +2,7 @@
 // http://vincit.github.io/objection.js/
 
 const db          = require('../db');
+const helpers     = require('../lib/helpers');
 const Model       = require('objection').Model;
 const User        = require('./user');
 const Certificate = require('./certificate');
@@ -9,6 +10,11 @@ const now         = require('./now_helper');
 
 Model.knex(db);
 
+const boolFields = [
+	'is_deleted',
+	'enabled',
+];
+
 class DeadHost extends Model {
 	$beforeInsert () {
 		this.created_on  = now();
@@ -36,6 +42,16 @@ class DeadHost extends Model {
 		}
 	}
 
+	$parseDatabaseJson(json) {
+		json = super.$parseDatabaseJson(json);
+		return helpers.convertIntFieldsToBool(json, boolFields);
+	}
+
+	$formatDatabaseJson(json) {
+		json = helpers.convertBoolFieldsToInt(json, boolFields);
+		return super.$formatDatabaseJson(json);
+	}
+
 	static get name () {
 		return 'DeadHost';
 	}

backend/models/proxy_host.js

@@ -2,6 +2,7 @@
 // http://vincit.github.io/objection.js/
 
 const db          = require('../db');
+const helpers     = require('../lib/helpers');
 const Model       = require('objection').Model;
 const User        = require('./user');
 const AccessList  = require('./access_list');
@@ -10,6 +11,18 @@ const now         = require('./now_helper');
 
 Model.knex(db);
 
+const boolFields = [
+	'is_deleted',
+	'ssl_forced',
+	'caching_enabled',
+	'block_exploits',
+	'allow_websocket_upgrade',
+	'http2_support',
+	'enabled',
+	'hsts_enabled',
+	'hsts_subdomains',
+];
+
 class ProxyHost extends Model {
 	$beforeInsert () {
 		this.created_on  = now();
@@ -37,6 +50,16 @@ class ProxyHost extends Model {
 		}
 	}
 
+	$parseDatabaseJson(json) {
+		json = super.$parseDatabaseJson(json);
+		return helpers.convertIntFieldsToBool(json, boolFields);
+	}
+
+	$formatDatabaseJson(json) {
+		json = helpers.convertBoolFieldsToInt(json, boolFields);
+		return super.$formatDatabaseJson(json);
+	}
+
 	static get name () {
 		return 'ProxyHost';
 	}

backend/models/redirection_host.js

@@ -3,6 +3,7 @@
 // http://vincit.github.io/objection.js/
 
 const db          = require('../db');
+const helpers     = require('../lib/helpers');
 const Model       = require('objection').Model;
 const User        = require('./user');
 const Certificate = require('./certificate');
@@ -10,6 +11,14 @@ const now         = require('./now_helper');
 
 Model.knex(db);
 
+const boolFields = [
+	'is_deleted',
+	'enabled',
+	'preserve_path',
+	'ssl_forced',
+	'block_exploits',
+];
+
 class RedirectionHost extends Model {
 	$beforeInsert () {
 		this.created_on  = now();
@@ -37,6 +46,16 @@ class RedirectionHost extends Model {
 		}
 	}
 
+	$parseDatabaseJson(json) {
+		json = super.$parseDatabaseJson(json);
+		return helpers.convertIntFieldsToBool(json, boolFields);
+	}
+
+	$formatDatabaseJson(json) {
+		json = helpers.convertBoolFieldsToInt(json, boolFields);
+		return super.$formatDatabaseJson(json);
+	}
+
 	static get name () {
 		return 'RedirectionHost';
 	}

backend/models/stream.js

@@ -1,13 +1,20 @@
 // Objection Docs:
 // http://vincit.github.io/objection.js/
 
-const db    = require('../db');
-const Model = require('objection').Model;
-const User  = require('./user');
-const now   = require('./now_helper');
+const db      = require('../db');
+const helpers = require('../lib/helpers');
+const Model   = require('objection').Model;
+const User    = require('./user');
+const now     = require('./now_helper');
 
 Model.knex(db);
 
+const boolFields = [
+	'is_deleted',
+	'tcp_forwarding',
+	'udp_forwarding',
+];
+
 class Stream extends Model {
 	$beforeInsert () {
 		this.created_on  = now();
@@ -23,6 +30,16 @@ class Stream extends Model {
 		this.modified_on = now();
 	}
 
+	$parseDatabaseJson(json) {
+		json = super.$parseDatabaseJson(json);
+		return helpers.convertIntFieldsToBool(json, boolFields);
+	}
+
+	$formatDatabaseJson(json) {
+		json = helpers.convertBoolFieldsToInt(json, boolFields);
+		return super.$formatDatabaseJson(json);
+	}
+
 	static get name () {
 		return 'Stream';
 	}

backend/models/user.js

@@ -2,12 +2,18 @@
 // http://vincit.github.io/objection.js/
 
 const db             = require('../db');
+const helpers        = require('../lib/helpers');
 const Model          = require('objection').Model;
 const UserPermission = require('./user_permission');
 const now            = require('./now_helper');
 
 Model.knex(db);
 
+const boolFields = [
+	'is_deleted',
+	'is_disabled',
+];
+
 class User extends Model {
 	$beforeInsert () {
 		this.created_on  = now();
@@ -23,6 +29,16 @@ class User extends Model {
 		this.modified_on = now();
 	}
 
+	$parseDatabaseJson(json) {
+		json = super.$parseDatabaseJson(json);
+		return helpers.convertIntFieldsToBool(json, boolFields);
+	}
+
+	$formatDatabaseJson(json) {
+		json = helpers.convertBoolFieldsToInt(json, boolFields);
+		return super.$formatDatabaseJson(json);
+	}
+
 	static get name () {
 		return 'User';
 	}

backend/package.json

@@ -2,24 +2,24 @@
 	"name": "nginx-proxy-manager",
 	"version": "0.0.0",
 	"description": "A beautiful interface for creating Nginx endpoints",
-	"main": "js/index.js",
+	"main": "index.js",
 	"dependencies": {
-		"ajv": "^6.12.0",
+		"@apidevtools/json-schema-ref-parser": "^11.7.0",
+		"ajv": "^8.17.1",
 		"archiver": "^5.3.0",
 		"batchflow": "^0.4.0",
 		"bcrypt": "^5.0.0",
-		"body-parser": "^1.19.0",
+		"body-parser": "^1.20.3",
 		"compression": "^1.7.4",
-		"express": "^4.17.3",
+		"express": "^4.20.0",
 		"express-fileupload": "^1.1.9",
 		"gravatar": "^1.8.0",
-		"json-schema-ref-parser": "^8.0.0",
 		"jsonwebtoken": "^9.0.0",
 		"knex": "2.4.2",
 		"liquidjs": "10.6.1",
 		"lodash": "^4.17.21",
 		"moment": "^2.29.4",
-		"mysql": "^2.18.1",
+		"mysql2": "^3.11.1",
 		"node-rsa": "^1.0.8",
 		"objection": "3.0.1",
 		"path": "^0.12.7",
@@ -34,9 +34,14 @@
 	"author": "Jamie Curnow <jc@jc21.com>",
 	"license": "MIT",
 	"devDependencies": {
+		"@apidevtools/swagger-parser": "^10.1.0",
+		"chalk": "4.1.2",
 		"eslint": "^8.36.0",
 		"eslint-plugin-align-assignments": "^1.1.2",
 		"nodemon": "^2.0.2",
 		"prettier": "^2.0.4"
+	},
+	"scripts": {
+		"validate-schema": "node validate-schema.js"
 	}
 }

backend/routes/audit-log.js

@@ -1,7 +1,7 @@
 const express          = require('express');
-const validator        = require('../../lib/validator');
-const jwtdecode        = require('../../lib/express/jwt-decode');
-const internalAuditLog = require('../../internal/audit-log');
+const validator        = require('../lib/validator');
+const jwtdecode        = require('../lib/express/jwt-decode');
+const internalAuditLog = require('../internal/audit-log');
 
 let router = express.Router({
 	caseSensitive: true,
@@ -14,7 +14,7 @@ let router = express.Router({
  */
 router
 	.route('/')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())
@@ -29,10 +29,10 @@ router
 			additionalProperties: false,
 			properties:           {
 				expand: {
-					$ref: 'definitions#/definitions/expand'
+					$ref: 'common#/properties/expand'
 				},
 				query: {
-					$ref: 'definitions#/definitions/query'
+					$ref: 'common#/properties/query'
 				}
 			}
 		}, {

backend/routes/main.js

@@ -1,6 +1,6 @@
 const express = require('express');
-const pjson   = require('../../package.json');
-const error   = require('../../lib/error');
+const pjson   = require('../package.json');
+const error   = require('../lib/error');
 
 let router = express.Router({
 	caseSensitive: true,
@@ -43,7 +43,7 @@ router.use('/nginx/certificates', require('./nginx/certificates'));
  *
  * ALL /api/*
  */
-router.all(/(.+)/, function (req, res, next) {
+router.all(/(.+)/, function (req, _, next) {
 	req.params.page = req.params['0'];
 	next(new error.ItemNotFoundError(req.params.page));
 });

backend/routes/nginx/access_lists.js

@@ -1,8 +1,9 @@
 const express            = require('express');
-const validator          = require('../../../lib/validator');
-const jwtdecode          = require('../../../lib/express/jwt-decode');
-const internalAccessList = require('../../../internal/access-list');
-const apiValidator       = require('../../../lib/validator/api');
+const validator          = require('../../lib/validator');
+const jwtdecode          = require('../../lib/express/jwt-decode');
+const apiValidator       = require('../../lib/validator/api');
+const internalAccessList = require('../../internal/access-list');
+const schema             = require('../../schema');
 
 let router = express.Router({
 	caseSensitive: true,
@@ -30,10 +31,10 @@ router
 			additionalProperties: false,
 			properties:           {
 				expand: {
-					$ref: 'definitions#/definitions/expand'
+					$ref: 'common#/properties/expand'
 				},
 				query: {
-					$ref: 'definitions#/definitions/query'
+					$ref: 'common#/properties/query'
 				}
 			}
 		}, {
@@ -56,7 +57,7 @@ router
 	 * Create a new access-list
 	 */
 	.post((req, res, next) => {
-		apiValidator({$ref: 'endpoints/access-lists#/links/1/schema'}, req.body)
+		apiValidator(schema.getValidationSchema('/nginx/access-lists', 'post'), req.body)
 			.then((payload) => {
 				return internalAccessList.create(res.locals.access, payload);
 			})
@@ -74,7 +75,7 @@ router
  */
 router
 	.route('/:list_id')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())
@@ -90,10 +91,10 @@ router
 			additionalProperties: false,
 			properties:           {
 				list_id: {
-					$ref: 'definitions#/definitions/id'
+					$ref: 'common#/properties/id'
 				},
 				expand: {
-					$ref: 'definitions#/definitions/expand'
+					$ref: 'common#/properties/expand'
 				}
 			}
 		}, {
@@ -119,7 +120,7 @@ router
 	 * Update and existing access-list
 	 */
 	.put((req, res, next) => {
-		apiValidator({$ref: 'endpoints/access-lists#/links/2/schema'}, req.body)
+		apiValidator(schema.getValidationSchema('/nginx/access-lists/{listID}', 'put'), req.body)
 			.then((payload) => {
 				payload.id = parseInt(req.params.list_id, 10);
 				return internalAccessList.update(res.locals.access, payload);

backend/routes/nginx/certificates.js

@@ -1,8 +1,10 @@
 const express             = require('express');
-const validator           = require('../../../lib/validator');
-const jwtdecode           = require('../../../lib/express/jwt-decode');
-const internalCertificate = require('../../../internal/certificate');
-const apiValidator        = require('../../../lib/validator/api');
+const error               = require('../../lib/error');
+const validator           = require('../../lib/validator');
+const jwtdecode           = require('../../lib/express/jwt-decode');
+const apiValidator        = require('../../lib/validator/api');
+const internalCertificate = require('../../internal/certificate');
+const schema              = require('../../schema');
 
 let router = express.Router({
 	caseSensitive: true,
@@ -15,7 +17,7 @@ let router = express.Router({
  */
 router
 	.route('/')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())
@@ -30,10 +32,10 @@ router
 			additionalProperties: false,
 			properties:           {
 				expand: {
-					$ref: 'definitions#/definitions/expand'
+					$ref: 'common#/properties/expand'
 				},
 				query: {
-					$ref: 'definitions#/definitions/query'
+					$ref: 'common#/properties/query'
 				}
 			}
 		}, {
@@ -56,7 +58,7 @@ router
 	 * Create a new certificate
 	 */
 	.post((req, res, next) => {
-		apiValidator({$ref: 'endpoints/certificates#/links/1/schema'}, req.body)
+		apiValidator(schema.getValidationSchema('/nginx/certificates', 'post'), req.body)
 			.then((payload) => {
 				req.setTimeout(900000); // 15 minutes timeout
 				return internalCertificate.create(res.locals.access, payload);
@@ -75,17 +77,22 @@ router
  */
 router
 	.route('/test-http')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())
 
-/**
- * GET /api/nginx/certificates/test-http
- *
- * Test HTTP challenge for domains
- */
+	/**
+	 * GET /api/nginx/certificates/test-http
+	 *
+	 * Test HTTP challenge for domains
+	 */
 	.get((req, res, next) => {
+		if (req.query.domains === undefined) {
+			next(new error.ValidationError('Domains are required as query parameters'));
+			return;
+		}
+
 		internalCertificate.testHttpsChallenge(res.locals.access, JSON.parse(req.query.domains))
 			.then((result) => {
 				res.status(200)
@@ -101,7 +108,7 @@ router
  */
 router
 	.route('/:certificate_id')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())
@@ -117,10 +124,10 @@ router
 			additionalProperties: false,
 			properties:           {
 				certificate_id: {
-					$ref: 'definitions#/definitions/id'
+					$ref: 'common#/properties/id'
 				},
 				expand: {
-					$ref: 'definitions#/definitions/expand'
+					$ref: 'common#/properties/expand'
 				}
 			}
 		}, {
@@ -140,24 +147,6 @@ router
 			.catch(next);
 	})
 
-	/**
-	 * PUT /api/nginx/certificates/123
-	 *
-	 * Update and existing certificate
-	 */
-	.put((req, res, next) => {
-		apiValidator({$ref: 'endpoints/certificates#/links/2/schema'}, req.body)
-			.then((payload) => {
-				payload.id = parseInt(req.params.certificate_id, 10);
-				return internalCertificate.update(res.locals.access, payload);
-			})
-			.then((result) => {
-				res.status(200)
-					.send(result);
-			})
-			.catch(next);
-	})
-
 	/**
 	 * DELETE /api/nginx/certificates/123
 	 *
@@ -179,7 +168,7 @@ router
  */
 router
 	.route('/:certificate_id/upload')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())
@@ -213,7 +202,7 @@ router
  */
 router
 	.route('/:certificate_id/renew')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())
@@ -270,7 +259,7 @@ router
  */
 router
 	.route('/validate')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())

backend/routes/nginx/dead_hosts.js

@@ -1,8 +1,9 @@
 const express          = require('express');
-const validator        = require('../../../lib/validator');
-const jwtdecode        = require('../../../lib/express/jwt-decode');
-const internalDeadHost = require('../../../internal/dead-host');
-const apiValidator     = require('../../../lib/validator/api');
+const validator        = require('../../lib/validator');
+const jwtdecode        = require('../../lib/express/jwt-decode');
+const apiValidator     = require('../../lib/validator/api');
+const internalDeadHost = require('../../internal/dead-host');
+const schema           = require('../../schema');
 
 let router = express.Router({
 	caseSensitive: true,
@@ -15,7 +16,7 @@ let router = express.Router({
  */
 router
 	.route('/')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())
@@ -30,10 +31,10 @@ router
 			additionalProperties: false,
 			properties:           {
 				expand: {
-					$ref: 'definitions#/definitions/expand'
+					$ref: 'common#/properties/expand'
 				},
 				query: {
-					$ref: 'definitions#/definitions/query'
+					$ref: 'common#/properties/query'
 				}
 			}
 		}, {
@@ -56,7 +57,7 @@ router
 	 * Create a new dead-host
 	 */
 	.post((req, res, next) => {
-		apiValidator({$ref: 'endpoints/dead-hosts#/links/1/schema'}, req.body)
+		apiValidator(schema.getValidationSchema('/nginx/dead-hosts', 'post'), req.body)
 			.then((payload) => {
 				return internalDeadHost.create(res.locals.access, payload);
 			})
@@ -90,10 +91,10 @@ router
 			additionalProperties: false,
 			properties:           {
 				host_id: {
-					$ref: 'definitions#/definitions/id'
+					$ref: 'common#/properties/id'
 				},
 				expand: {
-					$ref: 'definitions#/definitions/expand'
+					$ref: 'common#/properties/expand'
 				}
 			}
 		}, {
@@ -119,7 +120,7 @@ router
 	 * Update and existing dead-host
 	 */
 	.put((req, res, next) => {
-		apiValidator({$ref: 'endpoints/dead-hosts#/links/2/schema'}, req.body)
+		apiValidator(schema.getValidationSchema('/nginx/dead-hosts/{hostID}', 'put'), req.body)
 			.then((payload) => {
 				payload.id = parseInt(req.params.host_id, 10);
 				return internalDeadHost.update(res.locals.access, payload);
@@ -152,7 +153,7 @@ router
  */
 router
 	.route('/:host_id/enable')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())
@@ -176,7 +177,7 @@ router
  */
 router
 	.route('/:host_id/disable')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())

backend/routes/nginx/proxy_hosts.js

@@ -1,8 +1,9 @@
 const express           = require('express');
-const validator         = require('../../../lib/validator');
-const jwtdecode         = require('../../../lib/express/jwt-decode');
-const internalProxyHost = require('../../../internal/proxy-host');
-const apiValidator      = require('../../../lib/validator/api');
+const validator         = require('../../lib/validator');
+const jwtdecode         = require('../../lib/express/jwt-decode');
+const apiValidator      = require('../../lib/validator/api');
+const internalProxyHost = require('../../internal/proxy-host');
+const schema            = require('../../schema');
 
 let router = express.Router({
 	caseSensitive: true,
@@ -30,10 +31,10 @@ router
 			additionalProperties: false,
 			properties:           {
 				expand: {
-					$ref: 'definitions#/definitions/expand'
+					$ref: 'common#/properties/expand'
 				},
 				query: {
-					$ref: 'definitions#/definitions/query'
+					$ref: 'common#/properties/query'
 				}
 			}
 		}, {
@@ -56,7 +57,7 @@ router
 	 * Create a new proxy-host
 	 */
 	.post((req, res, next) => {
-		apiValidator({$ref: 'endpoints/proxy-hosts#/links/1/schema'}, req.body)
+		apiValidator(schema.getValidationSchema('/nginx/proxy-hosts', 'post'), req.body)
 			.then((payload) => {
 				return internalProxyHost.create(res.locals.access, payload);
 			})
@@ -90,10 +91,10 @@ router
 			additionalProperties: false,
 			properties:           {
 				host_id: {
-					$ref: 'definitions#/definitions/id'
+					$ref: 'common#/properties/id'
 				},
 				expand: {
-					$ref: 'definitions#/definitions/expand'
+					$ref: 'common#/properties/expand'
 				}
 			}
 		}, {
@@ -119,7 +120,7 @@ router
 	 * Update and existing proxy-host
 	 */
 	.put((req, res, next) => {
-		apiValidator({$ref: 'endpoints/proxy-hosts#/links/2/schema'}, req.body)
+		apiValidator(schema.getValidationSchema('/nginx/proxy-hosts/{hostID}', 'put'), req.body)
 			.then((payload) => {
 				payload.id = parseInt(req.params.host_id, 10);
 				return internalProxyHost.update(res.locals.access, payload);
@@ -152,7 +153,7 @@ router
  */
 router
 	.route('/:host_id/enable')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())
@@ -176,7 +177,7 @@ router
  */
 router
 	.route('/:host_id/disable')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())

backend/routes/nginx/redirection_hosts.js

@@ -1,8 +1,9 @@
 const express                 = require('express');
-const validator               = require('../../../lib/validator');
-const jwtdecode               = require('../../../lib/express/jwt-decode');
-const internalRedirectionHost = require('../../../internal/redirection-host');
-const apiValidator            = require('../../../lib/validator/api');
+const validator               = require('../../lib/validator');
+const jwtdecode               = require('../../lib/express/jwt-decode');
+const apiValidator            = require('../../lib/validator/api');
+const internalRedirectionHost = require('../../internal/redirection-host');
+const schema                  = require('../../schema');
 
 let router = express.Router({
 	caseSensitive: true,
@@ -30,10 +31,10 @@ router
 			additionalProperties: false,
 			properties:           {
 				expand: {
-					$ref: 'definitions#/definitions/expand'
+					$ref: 'common#/properties/expand'
 				},
 				query: {
-					$ref: 'definitions#/definitions/query'
+					$ref: 'common#/properties/query'
 				}
 			}
 		}, {
@@ -56,7 +57,7 @@ router
 	 * Create a new redirection-host
 	 */
 	.post((req, res, next) => {
-		apiValidator({$ref: 'endpoints/redirection-hosts#/links/1/schema'}, req.body)
+		apiValidator(schema.getValidationSchema('/nginx/redirection-hosts', 'post'), req.body)
 			.then((payload) => {
 				return internalRedirectionHost.create(res.locals.access, payload);
 			})
@@ -90,10 +91,10 @@ router
 			additionalProperties: false,
 			properties:           {
 				host_id: {
-					$ref: 'definitions#/definitions/id'
+					$ref: 'common#/properties/id'
 				},
 				expand: {
-					$ref: 'definitions#/definitions/expand'
+					$ref: 'common#/properties/expand'
 				}
 			}
 		}, {
@@ -119,7 +120,7 @@ router
 	 * Update and existing redirection-host
 	 */
 	.put((req, res, next) => {
-		apiValidator({$ref: 'endpoints/redirection-hosts#/links/2/schema'}, req.body)
+		apiValidator(schema.getValidationSchema('/nginx/redirection-hosts/{hostID}', 'put'), req.body)
 			.then((payload) => {
 				payload.id = parseInt(req.params.host_id, 10);
 				return internalRedirectionHost.update(res.locals.access, payload);

backend/routes/nginx/streams.js

@@ -1,8 +1,9 @@
 const express        = require('express');
-const validator      = require('../../../lib/validator');
-const jwtdecode      = require('../../../lib/express/jwt-decode');
-const internalStream = require('../../../internal/stream');
-const apiValidator   = require('../../../lib/validator/api');
+const validator      = require('../../lib/validator');
+const jwtdecode      = require('../../lib/express/jwt-decode');
+const apiValidator   = require('../../lib/validator/api');
+const internalStream = require('../../internal/stream');
+const schema         = require('../../schema');
 
 let router = express.Router({
 	caseSensitive: true,
@@ -30,10 +31,10 @@ router
 			additionalProperties: false,
 			properties:           {
 				expand: {
-					$ref: 'definitions#/definitions/expand'
+					$ref: 'common#/properties/expand'
 				},
 				query: {
-					$ref: 'definitions#/definitions/query'
+					$ref: 'common#/properties/query'
 				}
 			}
 		}, {
@@ -56,7 +57,7 @@ router
 	 * Create a new stream
 	 */
 	.post((req, res, next) => {
-		apiValidator({$ref: 'endpoints/streams#/links/1/schema'}, req.body)
+		apiValidator(schema.getValidationSchema('/nginx/streams', 'post'), req.body)
 			.then((payload) => {
 				return internalStream.create(res.locals.access, payload);
 			})
@@ -90,10 +91,10 @@ router
 			additionalProperties: false,
 			properties:           {
 				stream_id: {
-					$ref: 'definitions#/definitions/id'
+					$ref: 'common#/properties/id'
 				},
 				expand: {
-					$ref: 'definitions#/definitions/expand'
+					$ref: 'common#/properties/expand'
 				}
 			}
 		}, {
@@ -119,7 +120,7 @@ router
 	 * Update and existing stream
 	 */
 	.put((req, res, next) => {
-		apiValidator({$ref: 'endpoints/streams#/links/2/schema'}, req.body)
+		apiValidator(schema.getValidationSchema('/nginx/streams/{streamID}', 'put'), req.body)
 			.then((payload) => {
 				payload.id = parseInt(req.params.stream_id, 10);
 				return internalStream.update(res.locals.access, payload);
@@ -152,7 +153,7 @@ router
  */
 router
 	.route('/:host_id/enable')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())
@@ -176,7 +177,7 @@ router
  */
 router
 	.route('/:host_id/disable')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())

backend/routes/reports.js

@@ -1,6 +1,6 @@
 const express        = require('express');
-const jwtdecode      = require('../../lib/express/jwt-decode');
-const internalReport = require('../../internal/report');
+const jwtdecode      = require('../lib/express/jwt-decode');
+const internalReport = require('../internal/report');
 
 let router = express.Router({
 	caseSensitive: true,
@@ -10,14 +10,14 @@ let router = express.Router({
 
 router
 	.route('/hosts')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 
 	/**
 	 * GET /reports/hosts
 	 */
-	.get(jwtdecode(), (req, res, next) => {
+	.get(jwtdecode(), (_, res, next) => {
 		internalReport.getHostsReport(res.locals.access)
 			.then((data) => {
 				res.status(200)

backend/routes/schema.js

@@ -1,8 +1,8 @@
-const express     = require('express');
-const swaggerJSON = require('../../doc/api.swagger.json');
-const PACKAGE     = require('../../package.json');
+const express = require('express');
+const schema  = require('../schema');
+const PACKAGE = require('../package.json');
 
-let router = express.Router({
+const router = express.Router({
 	caseSensitive: true,
 	strict:        true,
 	mergeParams:   true
@@ -10,14 +10,16 @@ let router = express.Router({
 
 router
 	.route('/')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 
 	/**
 	 * GET /schema
 	 */
-	.get((req, res/*, next*/) => {
+	.get(async (req, res) => {
+		let swaggerJSON = await schema.getCompiledSchema();
+
 		let proto = req.protocol;
 		if (typeof req.headers['x-forwarded-proto'] !== 'undefined' && req.headers['x-forwarded-proto']) {
 			proto = req.headers['x-forwarded-proto'];

backend/routes/settings.js

@@ -1,8 +1,9 @@
 const express         = require('express');
-const validator       = require('../../lib/validator');
-const jwtdecode       = require('../../lib/express/jwt-decode');
-const internalSetting = require('../../internal/setting');
-const apiValidator    = require('../../lib/validator/api');
+const validator       = require('../lib/validator');
+const jwtdecode       = require('../lib/express/jwt-decode');
+const apiValidator    = require('../lib/validator/api');
+const internalSetting = require('../internal/setting');
+const schema          = require('../schema');
 
 let router = express.Router({
 	caseSensitive: true,
@@ -15,7 +16,7 @@ let router = express.Router({
  */
 router
 	.route('/')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())
@@ -25,7 +26,7 @@ router
 	 *
 	 * Retrieve all settings
 	 */
-	.get((req, res, next) => {
+	.get((_, res, next) => {
 		internalSetting.getAll(res.locals.access)
 			.then((rows) => {
 				res.status(200)
@@ -41,7 +42,7 @@ router
  */
 router
 	.route('/:setting_id')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())
@@ -57,7 +58,8 @@ router
 			additionalProperties: false,
 			properties:           {
 				setting_id: {
-					$ref: 'definitions#/definitions/setting_id'
+					type:      'string',
+					minLength: 1
 				}
 			}
 		}, {
@@ -81,7 +83,7 @@ router
 	 * Update and existing setting
 	 */
 	.put((req, res, next) => {
-		apiValidator({$ref: 'endpoints/settings#/links/1/schema'}, req.body)
+		apiValidator(schema.getValidationSchema('/settings/{settingID}', 'put'), req.body)
 			.then((payload) => {
 				payload.id = req.params.setting_id;
 				return internalSetting.update(res.locals.access, payload);

backend/routes/tokens.js

@@ -1,7 +1,8 @@
 const express       = require('express');
-const jwtdecode     = require('../../lib/express/jwt-decode');
-const internalToken = require('../../internal/token');
-const apiValidator  = require('../../lib/validator/api');
+const jwtdecode     = require('../lib/express/jwt-decode');
+const apiValidator  = require('../lib/validator/api');
+const internalToken = require('../internal/token');
+const schema        = require('../schema');
 
 let router = express.Router({
 	caseSensitive: true,
@@ -11,7 +12,7 @@ let router = express.Router({
 
 router
 	.route('/')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 
@@ -39,11 +40,9 @@ router
 	 *
 	 * Create a new Token
 	 */
-	.post((req, res, next) => {
-		apiValidator({$ref: 'endpoints/tokens#/links/0/schema'}, req.body)
-			.then((payload) => {
-				return internalToken.getTokenFromEmail(payload);
-			})
+	.post(async (req, res, next) => {
+		apiValidator(schema.getValidationSchema('/tokens', 'post'), req.body)
+			.then(internalToken.getTokenFromEmail)
 			.then((data) => {
 				res.status(200)
 					.send(data);

backend/routes/users.js

@@ -1,9 +1,10 @@
 const express      = require('express');
-const validator    = require('../../lib/validator');
-const jwtdecode    = require('../../lib/express/jwt-decode');
-const userIdFromMe = require('../../lib/express/user-id-from-me');
-const internalUser = require('../../internal/user');
-const apiValidator = require('../../lib/validator/api');
+const validator    = require('../lib/validator');
+const jwtdecode    = require('../lib/express/jwt-decode');
+const userIdFromMe = require('../lib/express/user-id-from-me');
+const internalUser = require('../internal/user');
+const apiValidator = require('../lib/validator/api');
+const schema       = require('../schema');
 
 let router = express.Router({
 	caseSensitive: true,
@@ -16,7 +17,7 @@ let router = express.Router({
  */
 router
 	.route('/')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())
@@ -31,10 +32,10 @@ router
 			additionalProperties: false,
 			properties:           {
 				expand: {
-					$ref: 'definitions#/definitions/expand'
+					$ref: 'common#/properties/expand'
 				},
 				query: {
-					$ref: 'definitions#/definitions/query'
+					$ref: 'common#/properties/query'
 				}
 			}
 		}, {
@@ -48,7 +49,11 @@ router
 				res.status(200)
 					.send(users);
 			})
-			.catch(next);
+			.catch((err) => {
+				console.log(err);
+				next(err);
+			});
+		//.catch(next);
 	})
 
 	/**
@@ -57,7 +62,7 @@ router
 	 * Create a new User
 	 */
 	.post((req, res, next) => {
-		apiValidator({$ref: 'endpoints/users#/links/1/schema'}, req.body)
+		apiValidator(schema.getValidationSchema('/users', 'post'), req.body)
 			.then((payload) => {
 				return internalUser.create(res.locals.access, payload);
 			})
@@ -75,7 +80,7 @@ router
  */
 router
 	.route('/:user_id')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())
@@ -92,10 +97,10 @@ router
 			additionalProperties: false,
 			properties:           {
 				user_id: {
-					$ref: 'definitions#/definitions/id'
+					$ref: 'common#/properties/id'
 				},
 				expand: {
-					$ref: 'definitions#/definitions/expand'
+					$ref: 'common#/properties/expand'
 				}
 			}
 		}, {
@@ -113,7 +118,10 @@ router
 				res.status(200)
 					.send(user);
 			})
-			.catch(next);
+			.catch((err) => {
+				console.log(err);
+				next(err);
+			});
 	})
 
 	/**
@@ -122,7 +130,7 @@ router
 	 * Update and existing user
 	 */
 	.put((req, res, next) => {
-		apiValidator({$ref: 'endpoints/users#/links/2/schema'}, req.body)
+		apiValidator(schema.getValidationSchema('/users/{userID}', 'put'), req.body)
 			.then((payload) => {
 				payload.id = req.params.user_id;
 				return internalUser.update(res.locals.access, payload);
@@ -167,7 +175,7 @@ router
 	 * Update password for a user
 	 */
 	.put((req, res, next) => {
-		apiValidator({$ref: 'endpoints/users#/links/4/schema'}, req.body)
+		apiValidator(schema.getValidationSchema('/users/{userID}/auth', 'put'), req.body)
 			.then((payload) => {
 				payload.id = req.params.user_id;
 				return internalUser.setPassword(res.locals.access, payload);
@@ -198,7 +206,7 @@ router
 	 * Set some or all permissions for a user
 	 */
 	.put((req, res, next) => {
-		apiValidator({$ref: 'endpoints/users#/links/5/schema'}, req.body)
+		apiValidator(schema.getValidationSchema('/users/{userID}/permissions', 'put'), req.body)
 			.then((payload) => {
 				payload.id = req.params.user_id;
 				return internalUser.setPermissions(res.locals.access, payload);
@@ -217,7 +225,7 @@ router
  */
 router
 	.route('/:user_id/login')
-	.options((req, res) => {
+	.options((_, res) => {
 		res.sendStatus(204);
 	})
 	.all(jwtdecode())

backend/schema/common.json

@@ -0,0 +1,115 @@
+{
+	"$schema": "https://json-schema.org/draft/2020-12/schema",
+	"$id": "common",
+	"type": "object",
+	"properties": {
+		"id": {
+			"description": "Unique identifier",
+			"readOnly": true,
+			"type": "integer",
+			"minimum": 1
+		},
+		"expand": {
+			"anyOf": [
+				{
+					"type": "null"
+				},
+				{
+					"type": "array",
+					"minItems": 1,
+					"items": {
+						"type": "string"
+					}
+				}
+			]
+		},
+		"query": {
+			"anyOf": [
+				{
+					"type": "null"
+				},
+				{
+					"type": "string",
+					"minLength": 1,
+					"maxLength": 255
+				}
+			]
+		},
+		"created_on": {
+			"description": "Date and time of creation",
+			"readOnly": true,
+			"type": "string"
+		},
+		"modified_on": {
+			"description": "Date and time of last update",
+			"readOnly": true,
+			"type": "string"
+		},
+		"user_id": {
+			"description": "User ID",
+			"type": "integer",
+			"minimum": 1
+		},
+		"certificate_id": {
+			"description": "Certificate ID",
+			"anyOf": [
+				{
+					"type": "integer",
+					"minimum": 0
+				},
+				{
+					"type": "string",
+					"pattern": "^new$"
+				}
+			]
+		},
+		"access_list_id": {
+			"description": "Access List ID",
+			"type": "integer",
+			"minimum": 0
+		},
+		"domain_names": {
+			"description": "Domain Names separated by a comma",
+			"type": "array",
+			"minItems": 1,
+			"maxItems": 100,
+			"uniqueItems": true,
+			"items": {
+				"type": "string",
+				"pattern": "^[^&| @!#%^();:/\\\\}{=+?<>,~`'\"]+$"
+			}
+		},
+		"enabled": {
+			"description": "Is Enabled",
+			"type": "boolean"
+		},
+		"ssl_forced": {
+			"description": "Is SSL Forced",
+			"type": "boolean"
+		},
+		"hsts_enabled": {
+			"description": "Is HSTS Enabled",
+			"type": "boolean"
+		},
+		"hsts_subdomains": {
+			"description": "Is HSTS applicable to all subdomains",
+			"type": "boolean"
+		},
+		"ssl_provider": {
+			"type": "string",
+			"pattern": "^(letsencrypt|other)$"
+		},
+		"http2_support": {
+			"description": "HTTP2 Protocol Support",
+			"type": "boolean"
+		},
+		"block_exploits": {
+			"description": "Should we block common exploits",
+			"type": "boolean"
+		},
+		"caching_enabled": {
+			"description": "Should we cache assets",
+			"type": "boolean"
+		}
+	}
+}

backend/schema/components/access-list-object.json

@@ -0,0 +1,53 @@
+{
+	"type": "object",
+	"description": "Access List object",
+	"required": ["id", "created_on", "modified_on", "owner_user_id", "name", "directive", "address", "satisfy_any", "pass_auth", "meta"],
+	"additionalProperties": false,
+	"properties": {
+		"id": {
+			"$ref": "../common.json#/properties/id"
+		},
+		"created_on": {
+			"$ref": "../common.json#/properties/created_on"
+		},
+		"modified_on": {
+			"$ref": "../common.json#/properties/modified_on"
+		},
+		"owner_user_id": {
+			"$ref": "../common.json#/properties/user_id"
+		},
+		"name": {
+			"type": "string",
+			"minLength": 1
+		},
+		"directive": {
+			"type": "string",
+			"enum": ["allow", "deny"]
+		},
+		"address": {
+			"oneOf": [
+				{
+					"type": "string",
+					"pattern": "^([0-9]{1,3}\\.){3}[0-9]{1,3}(/([0-9]|[1-2][0-9]|3[0-2]))?$"
+				},
+				{
+					"type": "string",
+					"pattern": "^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?$"
+				},
+				{
+					"type": "string",
+					"pattern": "^all$"
+				}
+			]
+		},
+		"satisfy_any": {
+			"type": "boolean"
+		},
+		"pass_auth": {
+			"type": "boolean"
+		},
+		"meta": {
+			"type": "object"
+		}
+	}
+}

backend/schema/components/audit-log-object.json

@@ -0,0 +1,32 @@
+{
+	"type": "object",
+	"description": "Audit Log object",
+	"required": ["id", "created_on", "modified_on", "user_id", "object_type", "object_id", "action", "meta"],
+	"additionalProperties": false,
+	"properties": {
+		"id": {
+			"$ref": "../common.json#/properties/id"
+		},
+		"created_on": {
+			"$ref": "../common.json#/properties/created_on"
+		},
+		"modified_on": {
+			"$ref": "../common.json#/properties/modified_on"
+		},
+		"user_id": {
+			"$ref": "../common.json#/properties/user_id"
+		},
+		"object_type": {
+			"type": "string"
+		},
+		"object_id": {
+			"$ref": "../common.json#/properties/id"
+		},
+		"action": {
+			"type": "string"
+		},
+		"meta": {
+			"type": "object"
+		}
+	}
+}

backend/schema/components/certificate-list.json

@@ -0,0 +1,7 @@
+{
+	"type": "array",
+	"description": "Certificates list",
+	"items": {
+		"$ref": "./certificate-object.json"
+	}
+}

backend/schema/components/certificate-object.json

@@ -0,0 +1,81 @@
+{
+	"type": "object",
+	"description": "Certificate object",
+	"required": ["id", "created_on", "modified_on", "owner_user_id", "provider", "nice_name", "domain_names", "expires_on", "meta"],
+	"additionalProperties": false,
+	"properties": {
+		"id": {
+			"$ref": "../common.json#/properties/id"
+		},
+		"created_on": {
+			"$ref": "../common.json#/properties/created_on"
+		},
+		"modified_on": {
+			"$ref": "../common.json#/properties/modified_on"
+		},
+		"owner_user_id": {
+			"$ref": "../common.json#/properties/user_id"
+		},
+		"provider": {
+			"$ref": "../common.json#/properties/ssl_provider"
+		},
+		"nice_name": {
+			"type": "string",
+			"description": "Nice Name for the custom certificate"
+		},
+		"domain_names": {
+			"description": "Domain Names separated by a comma",
+			"type": "array",
+			"maxItems": 100,
+			"uniqueItems": true,
+			"items": {
+				"type": "string",
+				"pattern": "^[^&| @!#%^();:/\\\\}{=+?<>,~`'\"]+$"
+			}
+		},
+		"expires_on": {
+			"description": "Date and time of expiration",
+			"readOnly": true,
+			"type": "string"
+		},
+		"owner": {
+			"$ref": "./user-object.json"
+		},
+		"meta": {
+			"type": "object",
+			"additionalProperties": false,
+			"properties": {
+				"certificate": {
+					"type": "string",
+					"minLength": 1
+				},
+				"certificate_key": {
+					"type": "string",
+					"minLength": 1
+				},
+				"dns_challenge": {
+					"type": "boolean"
+				},
+				"dns_provider": {
+					"type": "string"
+				},
+				"dns_provider_credentials": {
+					"type": "string"
+				},
+				"letsencrypt_agree": {
+					"type": "boolean"
+				},
+				"letsencrypt_certificate": {
+					"type": "object"
+				},
+				"letsencrypt_email": {
+					"type": "string"
+				},
+				"propagation_seconds": {
+					"type": "integer",
+					"minimum": 0
+				}
+			}
+		}
+	}
+}

backend/schema/components/dead-host-list.json

@@ -0,0 +1,7 @@
+{
+	"type": "array",
+	"description": "404 Hosts list",
+	"items": {
+		"$ref": "./dead-host-object.json"
+	}
+}

backend/schema/components/dead-host-object.json

@@ -0,0 +1,47 @@
+{
+	"type": "object",
+	"description": "404 Host object",
+	"required": ["id", "created_on", "modified_on", "owner_user_id", "domain_names", "certificate_id", "ssl_forced", "hsts_enabled", "hsts_subdomains", "http2_support", "advanced_config", "enabled", "meta"],
+	"additionalProperties": false,
+	"properties": {
+		"id": {
+			"$ref": "../common.json#/properties/id"
+		},
+		"created_on": {
+			"$ref": "../common.json#/properties/created_on"
+		},
+		"modified_on": {
+			"$ref": "../common.json#/properties/modified_on"
+		},
+		"owner_user_id": {
+			"$ref": "../common.json#/properties/user_id"
+		},
+		"domain_names": {
+			"$ref": "../common.json#/properties/domain_names"
+		},
+		"certificate_id": {
+			"$ref": "../common.json#/properties/certificate_id"
+		},
+		"ssl_forced": {
+			"$ref": "../common.json#/properties/ssl_forced"
+		},
+		"hsts_enabled": {
+			"$ref": "../common.json#/properties/hsts_enabled"
+		},
+		"hsts_subdomains": {
+			"$ref": "../common.json#/properties/hsts_subdomains"
+		},
+		"http2_support": {
+			"$ref": "../common.json#/properties/http2_support"
+		},
+		"advanced_config": {
+			"type": "string"
+		},
+		"enabled": {
+			"$ref": "../common.json#/properties/enabled"
+		},
+		"meta": {
+			"type": "object"
+		}
+	}
+}

backend/schema/components/error-object.json

@@ -0,0 +1,14 @@
+{
+	"type": "object",
+	"description": "Error object",
+	"additionalProperties": false,
+	"required": ["code", "message"],
+	"properties": {
+		"code": {
+			"type": "integer"
+		},
+		"message": {
+			"type": "string"
+		}
+	}
+}

backend/schema/components/error.json

@@ -0,0 +1,9 @@
+{
+	"type": "object",
+	"description": "Error",
+	"properties": {
+		"error": {
+			"$ref": "./error-object.json"
+		}
+	}
+}

backend/schema/components/health-object.json

@@ -0,0 +1,38 @@
+{
+	"type": "object",
+	"description": "Health object",
+	"additionalProperties": false,
+	"required": ["status", "version"],
+	"properties": {
+		"status": {
+			"type": "string",
+			"description": "Healthy",
+			"example": "OK"
+		},
+		"version": {
+			"type": "object",
+			"description": "The version object",
+			"example": {
+				"major": 2,
+				"minor": 0,
+				"revision": 0
+			},
+			"additionalProperties": false,
+			"required": ["major", "minor", "revision"],
+			"properties": {
+				"major": {
+					"type": "integer",
+					"minimum": 0
+				},
+				"minor": {
+					"type": "integer",
+					"minimum": 0
+				},
+				"revision": {
+					"type": "integer",
+					"minimum": 0
+				}
+			}
+		}
+	}
+}

backend/schema/components/permission-object.json

@@ -0,0 +1,41 @@
+{
+	"type": "object",
+	"minProperties": 1,
+	"properties": {
+		"visibility": {
+			"type": "string",
+			"description": "Visibility Type",
+			"enum": ["all", "user"]
+		},
+		"access_lists": {
+			"type": "string",
+			"description": "Access Lists Permissions",
+			"enum": ["hidden", "view", "manage"]
+		},
+		"dead_hosts": {
+			"type": "string",
+			"description": "404 Hosts Permissions",
+			"enum": ["hidden", "view", "manage"]
+		},
+		"proxy_hosts": {
+			"type": "string",
+			"description": "Proxy Hosts Permissions",
+			"enum": ["hidden", "view", "manage"]
+		},
+		"redirection_hosts": {
+			"type": "string",
+			"description": "Redirection Permissions",
+			"enum": ["hidden", "view", "manage"]
+		},
+		"streams": {
+			"type": "string",
+			"description": "Streams Permissions",
+			"enum": ["hidden", "view", "manage"]
+		},
+		"certificates": {
+			"type": "string",
+			"description": "Certificates Permissions",
+			"enum": ["hidden", "view", "manage"]
+		}
+	}
+}

backend/schema/components/proxy-host-list.json

@@ -0,0 +1,7 @@
+{
+	"type": "array",
+	"description": "Proxy Hosts list",
+	"items": {
+		"$ref": "./proxy-host-object.json"
+	}
+}

backend/schema/components/proxy-host-object.json

@@ -0,0 +1,154 @@
+{
+	"type": "object",
+	"description": "Proxy Host object",
+	"required": [
+		"id",
+		"created_on",
+		"modified_on",
+		"owner_user_id",
+		"domain_names",
+		"forward_host",
+		"forward_port",
+		"access_list_id",
+		"certificate_id",
+		"ssl_forced",
+		"caching_enabled",
+		"block_exploits",
+		"advanced_config",
+		"meta",
+		"allow_websocket_upgrade",
+		"http2_support",
+		"forward_scheme",
+		"enabled",
+		"locations",
+		"hsts_enabled",
+		"hsts_subdomains",
+		"certificate"
+	],
+	"additionalProperties": false,
+	"properties": {
+		"id": {
+			"$ref": "../common.json#/properties/id"
+		},
+		"created_on": {
+			"$ref": "../common.json#/properties/created_on"
+		},
+		"modified_on": {
+			"$ref": "../common.json#/properties/modified_on"
+		},
+		"owner_user_id": {
+			"$ref": "../common.json#/properties/user_id"
+		},
+		"domain_names": {
+			"$ref": "../common.json#/properties/domain_names"
+		},
+		"forward_host": {
+			"type": "string",
+			"minLength": 1,
+			"maxLength": 255
+		},
+		"forward_port": {
+			"type": "integer",
+			"minimum": 1,
+			"maximum": 65535
+		},
+		"access_list_id": {
+			"$ref": "../common.json#/properties/access_list_id"
+		},
+		"certificate_id": {
+			"$ref": "../common.json#/properties/certificate_id"
+		},
+		"ssl_forced": {
+			"$ref": "../common.json#/properties/ssl_forced"
+		},
+		"caching_enabled": {
+			"$ref": "../common.json#/properties/caching_enabled"
+		},
+		"block_exploits": {
+			"$ref": "../common.json#/properties/block_exploits"
+		},
+		"advanced_config": {
+			"type": "string"
+		},
+		"meta": {
+			"type": "object"
+		},
+		"allow_websocket_upgrade": {
+			"description": "Allow Websocket Upgrade for all paths",
+			"example": true,
+			"type": "boolean"
+		},
+		"http2_support": {
+			"$ref": "../common.json#/properties/http2_support"
+		},
+		"forward_scheme": {
+			"type": "string",
+			"enum": ["http", "https"]
+		},
+		"enabled": {
+			"$ref": "../common.json#/properties/enabled"
+		},
+		"locations": {
+			"type": "array",
+			"minItems": 0,
+			"items": {
+				"type": "object",
+				"required": ["forward_scheme", "forward_host", "forward_port", "path"],
+				"additionalProperties": false,
+				"properties": {
+					"id": {
+						"type": ["integer", "null"]
+					},
+					"path": {
+						"type": "string",
+						"minLength": 1
+					},
+					"forward_scheme": {
+						"$ref": "#/properties/forward_scheme"
+					},
+					"forward_host": {
+						"$ref": "#/properties/forward_host"
+					},
+					"forward_port": {
+						"$ref": "#/properties/forward_port"
+					},
+					"forward_path": {
+						"type": "string"
+					},
+					"advanced_config": {
+						"type": "string"
+					}
+				}
+			}
+		},
+		"hsts_enabled": {
+			"$ref": "../common.json#/properties/hsts_enabled"
+		},
+		"hsts_subdomains": {
+			"$ref": "../common.json#/properties/hsts_subdomains"
+		},
+		"certificate": {
+			"oneOf": [
+				{
+					"type": "null"
+				},
+				{
+					"$ref": "./certificate-object.json"
+				}
+			]
+		},
+		"owner": {
+			"$ref": "./user-object.json"
+		},
+		"access_list": {
+			"oneOf": [
+				{
+					"type": "null"
+				},
+				{
+					"$ref": "./access-list-object.json"
+				}
+			]
+		}
+	}
+}

backend/schema/components/redirection-host-list.json

@@ -0,0 +1,7 @@
+{
+	"type": "array",
+	"description": "Redirection Hosts list",
+	"items": {
+		"$ref": "./redirection-host-object.json"
+	}
+}

backend/schema/components/redirection-host-object.json

@@ -0,0 +1,72 @@
+{
+	"type": "object",
+	"description": "Redirection Host object",
+	"required": ["id", "created_on", "modified_on", "owner_user_id", "domain_names", "forward_http_code", "forward_scheme", "forward_domain_name", "preserve_path", "certificate_id", "ssl_forced", "hsts_enabled", "hsts_subdomains", "http2_support", "block_exploits", "advanced_config", "enabled", "meta"],
+	"additionalProperties": false,
+	"properties": {
+		"id": {
+			"$ref": "../common.json#/properties/id"
+		},
+		"created_on": {
+			"$ref": "../common.json#/properties/created_on"
+		},
+		"modified_on": {
+			"$ref": "../common.json#/properties/modified_on"
+		},
+		"owner_user_id": {
+			"$ref": "../common.json#/properties/user_id"
+		},
+		"domain_names": {
+			"$ref": "../common.json#/properties/domain_names"
+		},
+		"forward_http_code": {
+			"description": "Redirect HTTP Status Code",
+			"example": 302,
+			"type": "integer",
+			"minimum": 300,
+			"maximum": 308
+		},
+		"forward_scheme": {
+			"type": "string",
+			"enum": ["auto", "http", "https"]
+		},
+		"forward_domain_name": {
+			"description": "Domain Name",
+			"example": "jc21.com",
+			"type": "string",
+			"pattern": "^(?:[^.*]+\\.?)+[^.]$"
+		},
+		"preserve_path": {
+			"description": "Should the path be preserved",
+			"example": true,
+			"type": "boolean"
+		},
+		"certificate_id": {
+			"$ref": "../common.json#/properties/certificate_id"
+		},
+		"ssl_forced": {
+			"$ref": "../common.json#/properties/ssl_forced"
+		},
+		"hsts_enabled": {
+			"$ref": "../common.json#/properties/hsts_enabled"
+		},
+		"hsts_subdomains": {
+			"$ref": "../common.json#/properties/hsts_subdomains"
+		},
+		"http2_support": {
+			"$ref": "../common.json#/properties/http2_support"
+		},
+		"block_exploits": {
+			"$ref": "../common.json#/properties/block_exploits"
+		},
+		"advanced_config": {
+			"type": "string"
+		},
+		"enabled": {
+			"$ref": "../common.json#/properties/enabled"
+		},
+		"meta": {
+			"type": "object"
+		}
+	}
+}

backend/schema/components/security-schemes.json

@@ -0,0 +1,6 @@
+{
+	"BearerAuth": {
+		"type": "http",
+		"scheme": "bearer"
+	}
+}

backend/schema/components/setting-list.json

@@ -0,0 +1,7 @@
+{
+	"type": "array",
+	"description": "Setting list",
+	"items": {
+		"$ref": "./setting-object.json"
+	}
+}

backend/schema/components/setting-object.json

@@ -0,0 +1,56 @@
+{
+	"type": "object",
+	"description": "Setting object",
+	"required": ["id", "name", "description", "value", "meta"],
+	"additionalProperties": false,
+	"properties": {
+		"id": {
+			"type": "string",
+			"description": "Setting ID",
+			"minLength": 1,
+			"example": "default-site"
+		},
+		"name": {
+			"type": "string",
+			"description": "Setting Display Name",
+			"minLength": 1,
+			"example": "Default Site"
+		},
+		"description": {
+			"type": "string",
+			"description": "Meaningful description",
+			"minLength": 1,
+			"example": "What to show when Nginx is hit with an unknown Host"
+		},
+		"value": {
+			"description": "Value in almost any form",
+			"example": "congratulations",
+			"anyOf": [
+				{
+					"type": "string",
+					"minLength": 1
+				},
+				{
+					"type": "integer"
+				},
+				{
+					"type": "object"
+				},
+				{
+					"type": "number"
+				},
+				{
+					"type": "array"
+				}
+			]
+		},
+		"meta": {
+			"description": "Extra metadata",
+			"example": {
+				"redirect": "http://example.com",
+				"html": "<h1>404</h1>"
+			},
+			"type": "object"
+		}
+	}
+}

backend/schema/components/stream-list.json

@@ -0,0 +1,7 @@
+{
+	"type": "array",
+	"description": "Proxy Hosts list",
+	"items": {
+		"$ref": "./proxy-host-object.json"
+	}
+}

backend/schema/components/stream-object.json

@@ -0,0 +1,60 @@
+{
+	"type": "object",
+	"description": "Stream object",
+	"required": ["id", "created_on", "modified_on", "owner_user_id", "incoming_port", "forwarding_host", "forwarding_port", "tcp_forwarding", "udp_forwarding", "enabled", "meta"],
+	"additionalProperties": false,
+	"properties": {
+		"id": {
+			"$ref": "../common.json#/properties/id"
+		},
+		"created_on": {
+			"$ref": "../common.json#/properties/created_on"
+		},
+		"modified_on": {
+			"$ref": "../common.json#/properties/modified_on"
+		},
+		"owner_user_id": {
+			"$ref": "../common.json#/properties/user_id"
+		},
+		"incoming_port": {
+			"type": "integer",
+			"minimum": 1,
+			"maximum": 65535
+		},
+		"forwarding_host": {
+			"anyOf": [
+				{
+					"description": "Domain Name",
+					"example": "jc21.com",
+					"type": "string",
+					"pattern": "^(?:[^.*]+\\.?)+[^.]$"
+				},
+				{
+					"type": "string",
+					"format": "ipv4"
+				},
+				{
+					"type": "string",
+					"format": "ipv6"
+				}
+			]
+		},
+		"forwarding_port": {
+			"type": "integer",
+			"minimum": 1,
+			"maximum": 65535
+		},
+		"tcp_forwarding": {
+			"type": "boolean"
+		},
+		"udp_forwarding": {
+			"type": "boolean"
+		},
+		"enabled": {
+			"$ref": "../common.json#/properties/enabled"
+		},
+		"meta": {
+			"type": "object"
+		}
+	}
+}

backend/schema/components/token-object.json

@@ -0,0 +1,19 @@
+{
+	"type": "object",
+	"description": "Token object",
+	"required": ["expires", "token"],
+	"additionalProperties": false,
+	"properties": {
+		"expires": {
+			"description": "Token Expiry Unix Time",
+			"example": 1566540249,
+			"minimum": 1,
+			"type": "number"
+		},
+		"token": {
+			"description": "JWT Token",
+			"example": "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.ey...xaHKYr3Kk6MvkUjcC4",
+			"type": "string"
+		}
+	}
+}

backend/schema/components/user-list.json

@@ -0,0 +1,7 @@
+{
+	"type": "array",
+	"description": "User list",
+	"items": {
+		"$ref": "./user-object.json"
+	}
+}

backend/schema/components/user-object.json

@@ -0,0 +1,59 @@
+{
+	"type": "object",
+	"description": "User object",
+	"required": ["id", "created_on", "modified_on", "is_disabled", "email", "name", "nickname", "avatar", "roles"],
+	"additionalProperties": false,
+	"properties": {
+		"id": {
+			"type": "integer",
+			"description": "User ID",
+			"minimum": 1,
+			"example": 1
+		},
+		"created_on": {
+			"type": "string",
+			"description": "Created Date",
+			"example": "2020-01-30T09:36:08.000Z"
+		},
+		"modified_on": {
+			"type": "string",
+			"description": "Modified Date",
+			"example": "2020-01-30T09:41:04.000Z"
+		},
+		"is_disabled": {
+			"type": "boolean",
+			"description": "Is user Disabled",
+			"example": true
+		},
+		"email": {
+			"type": "string",
+			"description": "Email",
+			"minLength": 3,
+			"example": "jc@jc21.com"
+		},
+		"name": {
+			"type": "string",
+			"description": "Name",
+			"minLength": 1,
+			"example": "Jamie Curnow"
+		},
+		"nickname": {
+			"type": "string",
+			"description": "Nickname",
+			"example": "James"
+		},
+		"avatar": {
+			"type": "string",
+			"description": "Gravatar URL based on email, without scheme",
+			"example": "//www.gravatar.com/avatar/6193176330f8d38747f038c170ddb193?default=mm"
+		},
+		"roles": {
+			"description": "Roles applied",
+			"example": ["admin"],
+			"type": "array",
+			"items": {
+				"type": "string"
+			}
+		}
+	}
+}

backend/schema/definitions.json

@@ -1,240 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "$id": "definitions",
-  "definitions": {
-    "id": {
-      "description": "Unique identifier",
-      "example": 123456,
-      "readOnly": true,
-      "type": "integer",
-      "minimum": 1
-    },
-    "setting_id": {
-      "description": "Unique identifier for a Setting",
-      "example": "default-site",
-      "readOnly": true,
-      "type": "string",
-      "minLength": 2
-    },
-    "token": {
-      "type": "string",
-      "minLength": 10
-    },
-    "expand": {
-      "anyOf": [
-        {
-          "type": "null"
-        },
-        {
-          "type": "array",
-          "minItems": 1,
-          "items": {
-            "type": "string"
-          }
-        }
-      ]
-    },
-    "sort": {
-      "type": "array",
-      "minItems": 1,
-      "items": {
-        "type": "object",
-        "required": [
-          "field",
-          "dir"
-        ],
-        "additionalProperties": false,
-        "properties": {
-          "field": {
-            "type": "string"
-          },
-          "dir": {
-            "type": "string",
-            "pattern": "^(asc|desc)$"
-          }
-        }
-      }
-    },
-    "query": {
-      "anyOf": [
-        {
-          "type": "null"
-        },
-        {
-          "type": "string",
-          "minLength": 1,
-          "maxLength": 255
-        }
-      ]
-    },
-    "criteria": {
-      "anyOf": [
-        {
-          "type": "null"
-        },
-        {
-          "type": "object"
-        }
-      ]
-    },
-    "fields": {
-      "anyOf": [
-        {
-          "type": "null"
-        },
-        {
-          "type": "array",
-          "minItems": 1,
-          "items": {
-            "type": "string"
-          }
-        }
-      ]
-    },
-    "omit": {
-      "anyOf": [
-        {
-          "type": "null"
-        },
-        {
-          "type": "array",
-          "minItems": 1,
-          "items": {
-            "type": "string"
-          }
-        }
-      ]
-    },
-    "created_on": {
-      "description": "Date and time of creation",
-      "format": "date-time",
-      "readOnly": true,
-      "type": "string"
-    },
-    "modified_on": {
-      "description": "Date and time of last update",
-      "format": "date-time",
-      "readOnly": true,
-      "type": "string"
-    },
-    "user_id": {
-      "description": "User ID",
-      "example": 1234,
-      "type": "integer",
-      "minimum": 1
-    },
-    "certificate_id": {
-      "description": "Certificate ID",
-      "example": 1234,
-      "anyOf": [
-        {
-          "type": "integer",
-          "minimum": 0
-        },
-        {
-          "type": "string",
-          "pattern": "^new$"
-        }
-      ]
-    },
-    "access_list_id": {
-      "description": "Access List ID",
-      "example": 1234,
-      "type": "integer",
-      "minimum": 0
-    },
-    "name": {
-      "type": "string",
-      "minLength": 1,
-      "maxLength": 255
-    },
-    "email": {
-      "description": "Email Address",
-      "example": "john@example.com",
-      "format": "email",
-      "type": "string",
-      "minLength": 6,
-      "maxLength": 100
-    },
-    "password": {
-      "description": "Password",
-      "type": "string",
-      "minLength": 8,
-      "maxLength": 255
-    },
-    "domain_name": {
-      "description": "Domain Name",
-      "example": "jc21.com",
-      "type": "string",
-      "pattern": "^(?:[^.*]+\\.?)+[^.]$"
-    },
-    "domain_names": {
-      "description": "Domain Names separated by a comma",
-      "example": "*.jc21.com,blog.jc21.com",
-      "type": "array",
-      "maxItems": 30,
-      "uniqueItems": true,
-      "items": {
-        "type": "string",
-        "pattern": "^(?:\\*\\.)?(?:[^.*]+\\.?)+[^.]$"
-      }
-    },
-    "http_code": {
-      "description": "Redirect HTTP Status Code",
-      "example": 302,
-      "type": "integer",
-      "minimum": 300,
-      "maximum": 308
-    },
-    "scheme": {
-      "description": "RFC Protocol",
-      "example": "HTTPS or $scheme",
-      "type": "string",
-      "minLength": 4
-    },
-    "enabled": {
-      "description": "Is Enabled",
-      "example": true,
-      "type": "boolean"
-    },
-    "ssl_enabled": {
-      "description": "Is SSL Enabled",
-      "example": true,
-      "type": "boolean"
-    },
-    "ssl_forced": {
-      "description": "Is SSL Forced",
-      "example": false,
-      "type": "boolean"
-    },
-    "hsts_enabled": {
-      "description": "Is HSTS Enabled",
-      "example": false,
-      "type": "boolean"
-    },
-    "hsts_subdomains": {
-      "description": "Is HSTS applicable to all subdomains",
-      "example": false,
-      "type": "boolean"
-    },
-    "ssl_provider": {
-      "type": "string",
-      "pattern": "^(letsencrypt|other)$"
-    },
-    "http2_support": {
-      "description": "HTTP2 Protocol Support",
-      "example": false,
-      "type": "boolean"
-    },
-    "block_exploits": {
-      "description": "Should we block common exploits",
-      "example": true,
-      "type": "boolean"
-    },
-    "caching_enabled": {
-      "description": "Should we cache assets",
-      "example": true,
-      "type": "boolean"
-    }
-  }
-}

backend/schema/endpoints/access-lists.json

@@ -1,236 +0,0 @@
-{
-	"$schema": "http://json-schema.org/draft-07/schema#",
-	"$id": "endpoints/access-lists",
-	"title": "Access Lists",
-	"description": "Endpoints relating to Access Lists",
-	"stability": "stable",
-	"type": "object",
-	"definitions": {
-		"id": {
-			"$ref": "../definitions.json#/definitions/id"
-		},
-		"created_on": {
-			"$ref": "../definitions.json#/definitions/created_on"
-		},
-		"modified_on": {
-			"$ref": "../definitions.json#/definitions/modified_on"
-		},
-		"name": {
-			"type": "string",
-			"description": "Name of the Access List"
-		},
-		"directive": {
-			"type": "string",
-			"enum": ["allow", "deny"]
-		},
-		"address": {
-			"oneOf": [
-				{
-					"type": "string",
-					"pattern": "^([0-9]{1,3}\\.){3}[0-9]{1,3}(/([0-9]|[1-2][0-9]|3[0-2]))?$"
-				},
-				{
-					"type": "string",
-					"pattern": "^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?$"
-				},
-				{
-					"type": "string",
-					"pattern": "^all$"
-				}
-			]
-		},
-		"satisfy_any": {
-			"type": "boolean"
-		},
-		"pass_auth": {
-			"type": "boolean"
-		},
-		"meta": {
-			"type": "object"
-		}
-	},
-	"properties": {
-		"id": {
-			"$ref": "#/definitions/id"
-		},
-		"created_on": {
-			"$ref": "#/definitions/created_on"
-		},
-		"modified_on": {
-			"$ref": "#/definitions/modified_on"
-		},
-		"name": {
-			"$ref": "#/definitions/name"
-		},
-		"meta": {
-			"$ref": "#/definitions/meta"
-		}
-	},
-	"links": [
-		{
-			"title": "List",
-			"description": "Returns a list of Access Lists",
-			"href": "/nginx/access-lists",
-			"access": "private",
-			"method": "GET",
-			"rel": "self",
-			"http_header": {
-				"$ref": "../examples.json#/definitions/auth_header"
-			},
-			"targetSchema": {
-				"type": "array",
-				"items": {
-					"$ref": "#/properties"
-				}
-			}
-		},
-		{
-			"title": "Create",
-			"description": "Creates a new Access List",
-			"href": "/nginx/access-list",
-			"access": "private",
-			"method": "POST",
-			"rel": "create",
-			"http_header": {
-				"$ref": "../examples.json#/definitions/auth_header"
-			},
-			"schema": {
-				"type": "object",
-				"additionalProperties": false,
-				"required": ["name"],
-				"properties": {
-					"name": {
-						"$ref": "#/definitions/name"
-					},
-					"satisfy_any": {
-						"$ref": "#/definitions/satisfy_any"
-					},
-					"pass_auth": {
-						"$ref": "#/definitions/pass_auth"
-					},
-					"items": {
-						"type": "array",
-						"minItems": 0,
-						"items": {
-							"type": "object",
-							"additionalProperties": false,
-							"properties": {
-								"username": {
-									"type": "string",
-									"minLength": 1
-								},
-								"password": {
-									"type": "string",
-									"minLength": 1
-								}
-							}
-						}
-					},
-					"clients": {
-						"type": "array",
-						"minItems": 0,
-						"items": {
-							"type": "object",
-							"additionalProperties": false,
-							"properties": {
-								"address": {
-									"$ref": "#/definitions/address"
-								},
-								"directive": {
-									"$ref": "#/definitions/directive"
-								}
-							}
-						}
-					},
-					"meta": {
-						"$ref": "#/definitions/meta"
-					}
-				}
-			},
-			"targetSchema": {
-				"properties": {
-					"$ref": "#/properties"
-				}
-			}
-		},
-		{
-			"title": "Update",
-			"description": "Updates a existing Access List",
-			"href": "/nginx/access-list/{definitions.identity.example}",
-			"access": "private",
-			"method": "PUT",
-			"rel": "update",
-			"http_header": {
-				"$ref": "../examples.json#/definitions/auth_header"
-			},
-			"schema": {
-				"type": "object",
-				"additionalProperties": false,
-				"properties": {
-					"name": {
-						"$ref": "#/definitions/name"
-					},
-					"satisfy_any": {
-						"$ref": "#/definitions/satisfy_any"
-					},
-					"pass_auth": {
-						"$ref": "#/definitions/pass_auth"
-					},
-					"items": {
-						"type": "array",
-						"minItems": 0,
-						"items": {
-							"type": "object",
-							"additionalProperties": false,
-							"properties": {
-								"username": {
-									"type": "string",
-									"minLength": 1
-								},
-								"password": {
-									"type": "string",
-									"minLength": 0
-								}
-							}
-						}
-					},
-					"clients": {
-						"type": "array",
-						"minItems": 0,
-						"items": {
-							"type": "object",
-							"additionalProperties": false,
-							"properties": {
-								"address": {
-									"$ref": "#/definitions/address"
-								},
-								"directive": {
-									"$ref": "#/definitions/directive"
-								}
-							}
-						}
-					}
-				}
-			},
-			"targetSchema": {
-				"properties": {
-					"$ref": "#/properties"
-				}
-			}
-		},
-		{
-			"title": "Delete",
-			"description": "Deletes a existing Access List",
-			"href": "/nginx/access-list/{definitions.identity.example}",
-			"access": "private",
-			"method": "DELETE",
-			"rel": "delete",
-			"http_header": {
-				"$ref": "../examples.json#/definitions/auth_header"
-			},
-			"targetSchema": {
-				"type": "boolean"
-			}
-		}
-	]
-}

backend/schema/endpoints/certificates.json

@@ -1,173 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "$id": "endpoints/certificates",
-  "title": "Certificates",
-  "description": "Endpoints relating to Certificates",
-  "stability": "stable",
-  "type": "object",
-  "definitions": {
-    "id": {
-      "$ref": "../definitions.json#/definitions/id"
-    },
-    "created_on": {
-      "$ref": "../definitions.json#/definitions/created_on"
-    },
-    "modified_on": {
-      "$ref": "../definitions.json#/definitions/modified_on"
-    },
-    "provider": {
-      "$ref": "../definitions.json#/definitions/ssl_provider"
-    },
-    "nice_name": {
-      "type": "string",
-      "description": "Nice Name for the custom certificate"
-    },
-    "domain_names": {
-      "$ref": "../definitions.json#/definitions/domain_names"
-    },
-    "expires_on": {
-      "description": "Date and time of expiration",
-      "format": "date-time",
-      "readOnly": true,
-      "type": "string"
-    },
-    "meta": {
-      "type": "object",
-      "additionalProperties": false,
-      "properties": {
-        "letsencrypt_email": {
-          "type": "string",
-          "format": "email"
-        },
-        "letsencrypt_agree": {
-          "type": "boolean"
-        },
-        "dns_challenge": {
-          "type": "boolean"
-        },
-        "dns_provider": {
-          "type": "string"
-        },
-        "dns_provider_credentials": {
-          "type": "string"
-        },
-        "propagation_seconds": {
-          "anyOf": [
-            { 
-              "type": "integer",
-              "minimum": 0 
-            }
-          ]
-          
-        }
-      }
-    }
-  },
-  "properties": {
-    "id": {
-      "$ref": "#/definitions/id"
-    },
-    "created_on": {
-      "$ref": "#/definitions/created_on"
-    },
-    "modified_on": {
-      "$ref": "#/definitions/modified_on"
-    },
-    "provider": {
-      "$ref": "#/definitions/provider"
-    },
-    "nice_name": {
-      "$ref": "#/definitions/nice_name"
-    },
-    "domain_names": {
-      "$ref": "#/definitions/domain_names"
-    },
-    "expires_on": {
-      "$ref": "#/definitions/expires_on"
-    },
-    "meta": {
-      "$ref": "#/definitions/meta"
-    }
-  },
-  "links": [
-    {
-      "title": "List",
-      "description": "Returns a list of Certificates",
-      "href": "/nginx/certificates",
-      "access": "private",
-      "method": "GET",
-      "rel": "self",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "array",
-        "items": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Create",
-      "description": "Creates a new Certificate",
-      "href": "/nginx/certificates",
-      "access": "private",
-      "method": "POST",
-      "rel": "create",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "schema": {
-        "type": "object",
-        "additionalProperties": false,
-        "required": [
-          "provider"
-        ],
-        "properties": {
-          "provider": {
-            "$ref": "#/definitions/provider"
-          },
-          "nice_name": {
-            "$ref": "#/definitions/nice_name"
-          },
-          "domain_names": {
-            "$ref": "#/definitions/domain_names"
-          },
-          "meta": {
-            "$ref": "#/definitions/meta"
-          }
-        }
-      },
-      "targetSchema": {
-        "properties": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Delete",
-      "description": "Deletes a existing Certificate",
-      "href": "/nginx/certificates/{definitions.identity.example}",
-      "access": "private",
-      "method": "DELETE",
-      "rel": "delete",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "boolean"
-      }
-    },
-    {
-      "title": "Test HTTP Challenge",
-      "description": "Tests whether the HTTP challenge should work",
-      "href": "/nginx/certificates/{definitions.identity.example}/test-http",
-      "access": "private",
-      "method": "GET",
-      "rel": "info",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      }
-    }
-  ]
-}

backend/schema/endpoints/dead-hosts.json

@@ -1,240 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "$id": "endpoints/dead-hosts",
-  "title": "404 Hosts",
-  "description": "Endpoints relating to 404 Hosts",
-  "stability": "stable",
-  "type": "object",
-  "definitions": {
-    "id": {
-      "$ref": "../definitions.json#/definitions/id"
-    },
-    "created_on": {
-      "$ref": "../definitions.json#/definitions/created_on"
-    },
-    "modified_on": {
-      "$ref": "../definitions.json#/definitions/modified_on"
-    },
-    "domain_names": {
-      "$ref": "../definitions.json#/definitions/domain_names"
-    },
-    "certificate_id": {
-      "$ref": "../definitions.json#/definitions/certificate_id"
-    },
-    "ssl_forced": {
-      "$ref": "../definitions.json#/definitions/ssl_forced"
-    },
-    "hsts_enabled": {
-      "$ref": "../definitions.json#/definitions/hsts_enabled"
-    },
-    "hsts_subdomains": {
-      "$ref": "../definitions.json#/definitions/hsts_subdomains"
-    },
-    "http2_support": {
-      "$ref": "../definitions.json#/definitions/http2_support"
-    },
-    "advanced_config": {
-      "type": "string"
-    },
-    "enabled": {
-      "$ref": "../definitions.json#/definitions/enabled"
-    },
-    "meta": {
-      "type": "object"
-    }
-  },
-  "properties": {
-    "id": {
-      "$ref": "#/definitions/id"
-    },
-    "created_on": {
-      "$ref": "#/definitions/created_on"
-    },
-    "modified_on": {
-      "$ref": "#/definitions/modified_on"
-    },
-    "domain_names": {
-      "$ref": "#/definitions/domain_names"
-    },
-    "certificate_id": {
-      "$ref": "#/definitions/certificate_id"
-    },
-    "ssl_forced": {
-      "$ref": "#/definitions/ssl_forced"
-    },
-    "hsts_enabled": {
-      "$ref": "#/definitions/hsts_enabled"
-    },
-    "hsts_subdomains": {
-      "$ref": "#/definitions/hsts_subdomains"
-    },
-    "http2_support": {
-      "$ref": "#/definitions/http2_support"
-    },
-    "advanced_config": {
-      "$ref": "#/definitions/advanced_config"
-    },
-    "enabled": {
-      "$ref": "#/definitions/enabled"
-    },
-    "meta": {
-      "$ref": "#/definitions/meta"
-    }
-  },
-  "links": [
-    {
-      "title": "List",
-      "description": "Returns a list of 404 Hosts",
-      "href": "/nginx/dead-hosts",
-      "access": "private",
-      "method": "GET",
-      "rel": "self",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "array",
-        "items": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Create",
-      "description": "Creates a new 404 Host",
-      "href": "/nginx/dead-hosts",
-      "access": "private",
-      "method": "POST",
-      "rel": "create",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "schema": {
-        "type": "object",
-        "additionalProperties": false,
-        "required": [
-          "domain_names"
-        ],
-        "properties": {
-          "domain_names": {
-            "$ref": "#/definitions/domain_names"
-          },
-          "certificate_id": {
-            "$ref": "#/definitions/certificate_id"
-          },
-          "ssl_forced": {
-            "$ref": "#/definitions/ssl_forced"
-          },
-          "hsts_enabled": {
-            "$ref": "#/definitions/hsts_enabled"
-          },
-          "hsts_subdomains": {
-            "$ref": "#/definitions/hsts_enabled"
-          },
-          "http2_support": {
-            "$ref": "#/definitions/http2_support"
-          },
-          "advanced_config": {
-            "$ref": "#/definitions/advanced_config"
-          },
-          "meta": {
-            "$ref": "#/definitions/meta"
-          }
-        }
-      },
-      "targetSchema": {
-        "properties": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Update",
-      "description": "Updates a existing 404 Host",
-      "href": "/nginx/dead-hosts/{definitions.identity.example}",
-      "access": "private",
-      "method": "PUT",
-      "rel": "update",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "schema": {
-        "type": "object",
-        "additionalProperties": false,
-        "properties": {
-          "domain_names": {
-            "$ref": "#/definitions/domain_names"
-          },
-          "certificate_id": {
-            "$ref": "#/definitions/certificate_id"
-          },
-          "ssl_forced": {
-            "$ref": "#/definitions/ssl_forced"
-          },
-          "hsts_enabled": {
-            "$ref": "#/definitions/hsts_enabled"
-          },
-          "hsts_subdomains": {
-            "$ref": "#/definitions/hsts_enabled"
-          },
-          "http2_support": {
-            "$ref": "#/definitions/http2_support"
-          },
-          "advanced_config": {
-            "$ref": "#/definitions/advanced_config"
-          },
-          "meta": {
-            "$ref": "#/definitions/meta"
-          }
-        }
-      },
-      "targetSchema": {
-        "properties": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Delete",
-      "description": "Deletes a existing 404 Host",
-      "href": "/nginx/dead-hosts/{definitions.identity.example}",
-      "access": "private",
-      "method": "DELETE",
-      "rel": "delete",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "boolean"
-      }
-    },
-    {
-      "title": "Enable",
-      "description": "Enables a existing 404 Host",
-      "href": "/nginx/dead-hosts/{definitions.identity.example}/enable",
-      "access": "private",
-      "method": "POST",
-      "rel": "update",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "boolean"
-      }
-    },
-    {
-      "title": "Disable",
-      "description": "Disables a existing 404 Host",
-      "href": "/nginx/dead-hosts/{definitions.identity.example}/disable",
-      "access": "private",
-      "method": "POST",
-      "rel": "update",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "boolean"
-      }
-    }
-  ]
-}

backend/schema/endpoints/proxy-hosts.json

@@ -1,387 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "$id": "endpoints/proxy-hosts",
-  "title": "Proxy Hosts",
-  "description": "Endpoints relating to Proxy Hosts",
-  "stability": "stable",
-  "type": "object",
-  "definitions": {
-    "id": {
-      "$ref": "../definitions.json#/definitions/id"
-    },
-    "created_on": {
-      "$ref": "../definitions.json#/definitions/created_on"
-    },
-    "modified_on": {
-      "$ref": "../definitions.json#/definitions/modified_on"
-    },
-    "domain_names": {
-      "$ref": "../definitions.json#/definitions/domain_names"
-    },
-    "forward_scheme": {
-      "type": "string",
-      "enum": ["http", "https"]
-    },
-    "forward_host": {
-      "type": "string",
-      "minLength": 1,
-      "maxLength": 255
-    },
-    "forward_port": {
-      "type": "integer",
-      "minimum": 1,
-      "maximum": 65535
-    },
-    "certificate_id": {
-      "$ref": "../definitions.json#/definitions/certificate_id"
-    },
-    "ssl_forced": {
-      "$ref": "../definitions.json#/definitions/ssl_forced"
-    },
-    "hsts_enabled": {
-      "$ref": "../definitions.json#/definitions/hsts_enabled"
-    },
-    "hsts_subdomains": {
-      "$ref": "../definitions.json#/definitions/hsts_subdomains"
-    },
-    "http2_support": {
-      "$ref": "../definitions.json#/definitions/http2_support"
-    },
-    "block_exploits": {
-      "$ref": "../definitions.json#/definitions/block_exploits"
-    },
-    "caching_enabled": {
-      "$ref": "../definitions.json#/definitions/caching_enabled"
-    },
-    "allow_websocket_upgrade": {
-      "description": "Allow Websocket Upgrade for all paths",
-      "example": true,
-      "type": "boolean"
-    },
-    "access_list_id": {
-      "$ref": "../definitions.json#/definitions/access_list_id"
-    },
-    "advanced_config": {
-      "type": "string"
-    },
-    "enabled": {
-      "$ref": "../definitions.json#/definitions/enabled"
-    },
-    "meta": {
-      "type": "object"
-    },
-    "locations": {
-      "type": "array",
-      "minItems": 0,
-      "items": {
-        "type": "object",
-        "required": [
-          "forward_scheme",
-          "forward_host",
-          "forward_port",
-          "path"
-        ],
-        "additionalProperties": false,
-        "properties": {
-          "id": {
-            "type": ["integer", "null"]
-          },
-          "path": {
-            "type": "string",
-            "minLength": 1
-          },
-          "forward_scheme": {
-            "$ref": "#/definitions/forward_scheme"
-          },
-          "forward_host": {
-            "$ref": "#/definitions/forward_host"
-          },
-          "forward_port": {
-            "$ref": "#/definitions/forward_port"
-          },
-          "forward_path": {
-            "type": "string"
-          },
-          "advanced_config": {
-            "type": "string"
-          }
-        }
-      }
-    }
-  },
-  "properties": {
-    "id": {
-      "$ref": "#/definitions/id"
-    },
-    "created_on": {
-      "$ref": "#/definitions/created_on"
-    },
-    "modified_on": {
-      "$ref": "#/definitions/modified_on"
-    },
-    "domain_names": {
-      "$ref": "#/definitions/domain_names"
-    },
-    "forward_scheme": {
-      "$ref": "#/definitions/forward_scheme"
-    },
-    "forward_host": {
-      "$ref": "#/definitions/forward_host"
-    },
-    "forward_port": {
-      "$ref": "#/definitions/forward_port"
-    },
-    "certificate_id": {
-      "$ref": "#/definitions/certificate_id"
-    },
-    "ssl_forced": {
-      "$ref": "#/definitions/ssl_forced"
-    },
-    "hsts_enabled": {
-      "$ref": "#/definitions/hsts_enabled"
-    },
-    "hsts_subdomains": {
-      "$ref": "#/definitions/hsts_subdomains"
-    },
-    "http2_support": {
-      "$ref": "#/definitions/http2_support"
-    },
-    "block_exploits": {
-      "$ref": "#/definitions/block_exploits"
-    },
-    "caching_enabled": {
-      "$ref": "#/definitions/caching_enabled"
-    },
-    "allow_websocket_upgrade": {
-      "$ref": "#/definitions/allow_websocket_upgrade"
-    },
-    "access_list_id": {
-      "$ref": "#/definitions/access_list_id"
-    },
-    "advanced_config": {
-      "$ref": "#/definitions/advanced_config"
-    },
-    "enabled": {
-      "$ref": "#/definitions/enabled"
-    },
-    "meta": {
-      "$ref": "#/definitions/meta"
-    },
-    "locations": {
-      "$ref": "#/definitions/locations"
-    }
-  },
-  "links": [
-    {
-      "title": "List",
-      "description": "Returns a list of Proxy Hosts",
-      "href": "/nginx/proxy-hosts",
-      "access": "private",
-      "method": "GET",
-      "rel": "self",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "array",
-        "items": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Create",
-      "description": "Creates a new Proxy Host",
-      "href": "/nginx/proxy-hosts",
-      "access": "private",
-      "method": "POST",
-      "rel": "create",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "schema": {
-        "type": "object",
-        "additionalProperties": false,
-        "required": [
-          "domain_names",
-          "forward_scheme",
-          "forward_host",
-          "forward_port"
-        ],
-        "properties": {
-          "domain_names": {
-            "$ref": "#/definitions/domain_names"
-          },
-          "forward_scheme": {
-            "$ref": "#/definitions/forward_scheme"
-          },
-          "forward_host": {
-            "$ref": "#/definitions/forward_host"
-          },
-          "forward_port": {
-            "$ref": "#/definitions/forward_port"
-          },
-          "certificate_id": {
-            "$ref": "#/definitions/certificate_id"
-          },
-          "ssl_forced": {
-            "$ref": "#/definitions/ssl_forced"
-          },
-          "hsts_enabled": {
-            "$ref": "#/definitions/hsts_enabled"
-          },
-          "hsts_subdomains": {
-            "$ref": "#/definitions/hsts_enabled"
-          },
-          "http2_support": {
-            "$ref": "#/definitions/http2_support"
-          },
-          "block_exploits": {
-            "$ref": "#/definitions/block_exploits"
-          },
-          "caching_enabled": {
-            "$ref": "#/definitions/caching_enabled"
-          },
-          "allow_websocket_upgrade": {
-            "$ref": "#/definitions/allow_websocket_upgrade"
-          },
-          "access_list_id": {
-            "$ref": "#/definitions/access_list_id"
-          },
-          "advanced_config": {
-            "$ref": "#/definitions/advanced_config"
-          },
-          "enabled": {
-            "$ref": "#/definitions/enabled"
-          },
-          "meta": {
-            "$ref": "#/definitions/meta"
-          },
-          "locations": {
-            "$ref": "#/definitions/locations"
-          }
-        }
-      },
-      "targetSchema": {
-        "properties": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Update",
-      "description": "Updates a existing Proxy Host",
-      "href": "/nginx/proxy-hosts/{definitions.identity.example}",
-      "access": "private",
-      "method": "PUT",
-      "rel": "update",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "schema": {
-        "type": "object",
-        "additionalProperties": false,
-        "properties": {
-          "domain_names": {
-            "$ref": "#/definitions/domain_names"
-          },
-          "forward_scheme": {
-            "$ref": "#/definitions/forward_scheme"
-          },
-          "forward_host": {
-            "$ref": "#/definitions/forward_host"
-          },
-          "forward_port": {
-            "$ref": "#/definitions/forward_port"
-          },
-          "certificate_id": {
-            "$ref": "#/definitions/certificate_id"
-          },
-          "ssl_forced": {
-            "$ref": "#/definitions/ssl_forced"
-          },
-          "hsts_enabled": {
-            "$ref": "#/definitions/hsts_enabled"
-          },
-          "hsts_subdomains": {
-            "$ref": "#/definitions/hsts_enabled"
-          },
-          "http2_support": {
-            "$ref": "#/definitions/http2_support"
-          },
-          "block_exploits": {
-            "$ref": "#/definitions/block_exploits"
-          },
-          "caching_enabled": {
-            "$ref": "#/definitions/caching_enabled"
-          },
-          "allow_websocket_upgrade": {
-            "$ref": "#/definitions/allow_websocket_upgrade"
-          },
-          "access_list_id": {
-            "$ref": "#/definitions/access_list_id"
-          },
-          "advanced_config": {
-            "$ref": "#/definitions/advanced_config"
-          },
-          "enabled": {
-            "$ref": "#/definitions/enabled"
-          },
-          "meta": {
-            "$ref": "#/definitions/meta"
-          },
-          "locations": {
-            "$ref": "#/definitions/locations"
-          }
-        }
-      },
-      "targetSchema": {
-        "properties": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Delete",
-      "description": "Deletes a existing Proxy Host",
-      "href": "/nginx/proxy-hosts/{definitions.identity.example}",
-      "access": "private",
-      "method": "DELETE",
-      "rel": "delete",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "boolean"
-      }
-    },
-    {
-      "title": "Enable",
-      "description": "Enables a existing Proxy Host",
-      "href": "/nginx/proxy-hosts/{definitions.identity.example}/enable",
-      "access": "private",
-      "method": "POST",
-      "rel": "update",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "boolean"
-      }
-    },
-    {
-      "title": "Disable",
-      "description": "Disables a existing Proxy Host",
-      "href": "/nginx/proxy-hosts/{definitions.identity.example}/disable",
-      "access": "private",
-      "method": "POST",
-      "rel": "update",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "boolean"
-      }
-    }
-  ]
-}

backend/schema/endpoints/redirection-hosts.json

@@ -1,305 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "$id": "endpoints/redirection-hosts",
-  "title": "Redirection Hosts",
-  "description": "Endpoints relating to Redirection Hosts",
-  "stability": "stable",
-  "type": "object",
-  "definitions": {
-    "id": {
-      "$ref": "../definitions.json#/definitions/id"
-    },
-    "created_on": {
-      "$ref": "../definitions.json#/definitions/created_on"
-    },
-    "modified_on": {
-      "$ref": "../definitions.json#/definitions/modified_on"
-    },
-    "domain_names": {
-      "$ref": "../definitions.json#/definitions/domain_names"
-    },
-    "forward_http_code": {
-      "$ref": "../definitions.json#/definitions/http_code"
-    },
-    "forward_scheme": {
-      "$ref": "../definitions.json#/definitions/scheme"
-    },
-    "forward_domain_name": {
-      "$ref": "../definitions.json#/definitions/domain_name"
-    },
-    "preserve_path": {
-      "description": "Should the path be preserved",
-      "example": true,
-      "type": "boolean"
-    },
-    "certificate_id": {
-      "$ref": "../definitions.json#/definitions/certificate_id"
-    },
-    "ssl_forced": {
-      "$ref": "../definitions.json#/definitions/ssl_forced"
-    },
-    "hsts_enabled": {
-      "$ref": "../definitions.json#/definitions/hsts_enabled"
-    },
-    "hsts_subdomains": {
-      "$ref": "../definitions.json#/definitions/hsts_subdomains"
-    },
-    "http2_support": {
-      "$ref": "../definitions.json#/definitions/http2_support"
-    },
-    "block_exploits": {
-      "$ref": "../definitions.json#/definitions/block_exploits"
-    },
-    "advanced_config": {
-      "type": "string"
-    },
-    "enabled": {
-      "$ref": "../definitions.json#/definitions/enabled"
-    },
-    "meta": {
-      "type": "object"
-    }
-  },
-  "properties": {
-    "id": {
-      "$ref": "#/definitions/id"
-    },
-    "created_on": {
-      "$ref": "#/definitions/created_on"
-    },
-    "modified_on": {
-      "$ref": "#/definitions/modified_on"
-    },
-    "domain_names": {
-      "$ref": "#/definitions/domain_names"
-    },
-    "forward_http_code": {
-      "$ref": "#/definitions/forward_http_code"
-    },
-    "forward_scheme": {
-      "$ref": "#/definitions/forward_scheme"
-    },
-    "forward_domain_name": {
-      "$ref": "#/definitions/forward_domain_name"
-    },
-    "preserve_path": {
-      "$ref": "#/definitions/preserve_path"
-    },
-    "certificate_id": {
-      "$ref": "#/definitions/certificate_id"
-    },
-    "ssl_forced": {
-      "$ref": "#/definitions/ssl_forced"
-    },
-    "hsts_enabled": {
-      "$ref": "#/definitions/hsts_enabled"
-    },
-    "hsts_subdomains": {
-      "$ref": "#/definitions/hsts_subdomains"
-    },
-    "http2_support": {
-      "$ref": "#/definitions/http2_support"
-    },
-    "block_exploits": {
-      "$ref": "#/definitions/block_exploits"
-    },
-    "advanced_config": {
-      "$ref": "#/definitions/advanced_config"
-    },
-    "enabled": {
-      "$ref": "#/definitions/enabled"
-    },
-    "meta": {
-      "$ref": "#/definitions/meta"
-    }
-  },
-  "links": [
-    {
-      "title": "List",
-      "description": "Returns a list of Redirection Hosts",
-      "href": "/nginx/redirection-hosts",
-      "access": "private",
-      "method": "GET",
-      "rel": "self",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "array",
-        "items": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Create",
-      "description": "Creates a new Redirection Host",
-      "href": "/nginx/redirection-hosts",
-      "access": "private",
-      "method": "POST",
-      "rel": "create",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "schema": {
-        "type": "object",
-        "additionalProperties": false,
-        "required": [
-          "domain_names",
-          "forward_scheme",
-          "forward_http_code",
-          "forward_domain_name"
-        ],
-        "properties": {
-          "domain_names": {
-            "$ref": "#/definitions/domain_names"
-          },
-          "forward_http_code": {
-            "$ref": "#/definitions/forward_http_code"
-          },
-          "forward_scheme": {
-            "$ref": "#/definitions/forward_scheme"
-          },
-          "forward_domain_name": {
-            "$ref": "#/definitions/forward_domain_name"
-          },
-          "preserve_path": {
-            "$ref": "#/definitions/preserve_path"
-          },
-          "certificate_id": {
-            "$ref": "#/definitions/certificate_id"
-          },
-          "ssl_forced": {
-            "$ref": "#/definitions/ssl_forced"
-          },
-          "hsts_enabled": {
-            "$ref": "#/definitions/hsts_enabled"
-          },
-          "hsts_subdomains": {
-            "$ref": "#/definitions/hsts_enabled"
-          },
-          "http2_support": {
-            "$ref": "#/definitions/http2_support"
-          },
-          "block_exploits": {
-            "$ref": "#/definitions/block_exploits"
-          },
-          "advanced_config": {
-            "$ref": "#/definitions/advanced_config"
-          },
-          "meta": {
-            "$ref": "#/definitions/meta"
-          }
-        }
-      },
-      "targetSchema": {
-        "properties": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Update",
-      "description": "Updates a existing Redirection Host",
-      "href": "/nginx/redirection-hosts/{definitions.identity.example}",
-      "access": "private",
-      "method": "PUT",
-      "rel": "update",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "schema": {
-        "type": "object",
-        "additionalProperties": false,
-        "properties": {
-          "domain_names": {
-            "$ref": "#/definitions/domain_names"
-          },
-          "forward_http_code": {
-            "$ref": "#/definitions/forward_http_code"
-          },
-          "forward_scheme": {
-            "$ref": "#/definitions/forward_scheme"
-          },
-          "forward_domain_name": {
-            "$ref": "#/definitions/forward_domain_name"
-          },
-          "preserve_path": {
-            "$ref": "#/definitions/preserve_path"
-          },
-          "certificate_id": {
-            "$ref": "#/definitions/certificate_id"
-          },
-          "ssl_forced": {
-            "$ref": "#/definitions/ssl_forced"
-          },
-          "hsts_enabled": {
-            "$ref": "#/definitions/hsts_enabled"
-          },
-          "hsts_subdomains": {
-            "$ref": "#/definitions/hsts_enabled"
-          },
-          "http2_support": {
-            "$ref": "#/definitions/http2_support"
-          },
-          "block_exploits": {
-            "$ref": "#/definitions/block_exploits"
-          },
-          "advanced_config": {
-            "$ref": "#/definitions/advanced_config"
-          },
-          "meta": {
-            "$ref": "#/definitions/meta"
-          }
-        }
-      },
-      "targetSchema": {
-        "properties": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Delete",
-      "description": "Deletes a existing Redirection Host",
-      "href": "/nginx/redirection-hosts/{definitions.identity.example}",
-      "access": "private",
-      "method": "DELETE",
-      "rel": "delete",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "boolean"
-      }
-    },
-    {
-      "title": "Enable",
-      "description": "Enables a existing Redirection Host",
-      "href": "/nginx/redirection-hosts/{definitions.identity.example}/enable",
-      "access": "private",
-      "method": "POST",
-      "rel": "update",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "boolean"
-      }
-    },
-    {
-      "title": "Disable",
-      "description": "Disables a existing Redirection Host",
-      "href": "/nginx/redirection-hosts/{definitions.identity.example}/disable",
-      "access": "private",
-      "method": "POST",
-      "rel": "update",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "boolean"
-      }
-    }
-  ]
-}

backend/schema/endpoints/settings.json

@@ -1,99 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "$id": "endpoints/settings",
-  "title": "Settings",
-  "description": "Endpoints relating to Settings",
-  "stability": "stable",
-  "type": "object",
-  "definitions": {
-    "id": {
-      "$ref": "../definitions.json#/definitions/setting_id"
-    },
-    "name": {
-      "description": "Name",
-      "example": "Default Site",
-      "type": "string",
-      "minLength": 2,
-      "maxLength": 100
-    },
-    "description": {
-      "description": "Description",
-      "example": "Default Site",
-      "type": "string",
-      "minLength": 2,
-      "maxLength": 255
-    },
-    "value": {
-      "description": "Value",
-      "example": "404",
-      "type": "string",
-      "maxLength": 255
-    },
-    "meta": {
-      "type": "object"
-    }
-  },
-  "links": [
-    {
-      "title": "List",
-      "description": "Returns a list of Settings",
-      "href": "/settings",
-      "access": "private",
-      "method": "GET",
-      "rel": "self",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "array",
-        "items": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Update",
-      "description": "Updates a existing Setting",
-      "href": "/settings/{definitions.identity.example}",
-      "access": "private",
-      "method": "PUT",
-      "rel": "update",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "schema": {
-        "type": "object",
-        "properties": {
-          "value": {
-            "$ref": "#/definitions/value"
-          },
-          "meta": {
-            "$ref": "#/definitions/meta"
-          }
-        }
-      },
-      "targetSchema": {
-        "properties": {
-          "$ref": "#/properties"
-        }
-      }
-    }
-  ],
-  "properties": {
-    "id": {
-      "$ref": "#/definitions/id"
-    },
-    "name": {
-      "$ref": "#/definitions/description"
-    },
-    "description": {
-      "$ref": "#/definitions/description"
-    },
-    "value": {
-      "$ref": "#/definitions/value"
-    },
-    "meta": {
-      "$ref": "#/definitions/meta"
-    }
-  }
-}

backend/schema/endpoints/streams.json

@@ -1,234 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "$id": "endpoints/streams",
-  "title": "Streams",
-  "description": "Endpoints relating to Streams",
-  "stability": "stable",
-  "type": "object",
-  "definitions": {
-    "id": {
-      "$ref": "../definitions.json#/definitions/id"
-    },
-    "created_on": {
-      "$ref": "../definitions.json#/definitions/created_on"
-    },
-    "modified_on": {
-      "$ref": "../definitions.json#/definitions/modified_on"
-    },
-    "incoming_port": {
-      "type": "integer",
-      "minimum": 1,
-      "maximum": 65535
-    },
-    "forwarding_host": {
-      "anyOf": [
-        {
-          "$ref": "../definitions.json#/definitions/domain_name"
-        },
-        {
-          "type": "string",
-          "format": "ipv4"
-        },
-        {
-          "type": "string",
-          "format": "ipv6"
-        }
-      ]
-    },
-    "forwarding_port": {
-      "type": "integer",
-      "minimum": 1,
-      "maximum": 65535
-    },
-    "tcp_forwarding": {
-      "type": "boolean"
-    },
-    "udp_forwarding": {
-      "type": "boolean"
-    },
-    "enabled": {
-      "$ref": "../definitions.json#/definitions/enabled"
-    },
-    "meta": {
-      "type": "object"
-    }
-  },
-  "properties": {
-    "id": {
-      "$ref": "#/definitions/id"
-    },
-    "created_on": {
-      "$ref": "#/definitions/created_on"
-    },
-    "modified_on": {
-      "$ref": "#/definitions/modified_on"
-    },
-    "incoming_port": {
-      "$ref": "#/definitions/incoming_port"
-    },
-    "forwarding_host": {
-      "$ref": "#/definitions/forwarding_host"
-    },
-    "forwarding_port": {
-      "$ref": "#/definitions/forwarding_port"
-    },
-    "tcp_forwarding": {
-      "$ref": "#/definitions/tcp_forwarding"
-    },
-    "udp_forwarding": {
-      "$ref": "#/definitions/udp_forwarding"
-    },
-    "enabled": {
-      "$ref": "#/definitions/enabled"
-    },
-    "meta": {
-      "$ref": "#/definitions/meta"
-    }
-  },
-  "links": [
-    {
-      "title": "List",
-      "description": "Returns a list of Steams",
-      "href": "/nginx/streams",
-      "access": "private",
-      "method": "GET",
-      "rel": "self",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "array",
-        "items": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Create",
-      "description": "Creates a new Stream",
-      "href": "/nginx/streams",
-      "access": "private",
-      "method": "POST",
-      "rel": "create",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "schema": {
-        "type": "object",
-        "additionalProperties": false,
-        "required": [
-          "incoming_port",
-          "forwarding_host",
-          "forwarding_port"
-        ],
-        "properties": {
-          "incoming_port": {
-            "$ref": "#/definitions/incoming_port"
-          },
-          "forwarding_host": {
-            "$ref": "#/definitions/forwarding_host"
-          },
-          "forwarding_port": {
-            "$ref": "#/definitions/forwarding_port"
-          },
-          "tcp_forwarding": {
-            "$ref": "#/definitions/tcp_forwarding"
-          },
-          "udp_forwarding": {
-            "$ref": "#/definitions/udp_forwarding"
-          },
-          "meta": {
-            "$ref": "#/definitions/meta"
-          }
-        }
-      },
-      "targetSchema": {
-        "properties": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Update",
-      "description": "Updates a existing Stream",
-      "href": "/nginx/streams/{definitions.identity.example}",
-      "access": "private",
-      "method": "PUT",
-      "rel": "update",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "schema": {
-        "type": "object",
-        "additionalProperties": false,
-        "properties": {
-          "incoming_port": {
-            "$ref": "#/definitions/incoming_port"
-          },
-          "forwarding_host": {
-            "$ref": "#/definitions/forwarding_host"
-          },
-          "forwarding_port": {
-            "$ref": "#/definitions/forwarding_port"
-          },
-          "tcp_forwarding": {
-            "$ref": "#/definitions/tcp_forwarding"
-          },
-          "udp_forwarding": {
-            "$ref": "#/definitions/udp_forwarding"
-          },
-          "meta": {
-            "$ref": "#/definitions/meta"
-          }
-        }
-      },
-      "targetSchema": {
-        "properties": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Delete",
-      "description": "Deletes a existing Stream",
-      "href": "/nginx/streams/{definitions.identity.example}",
-      "access": "private",
-      "method": "DELETE",
-      "rel": "delete",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "boolean"
-      }
-    },
-    {
-      "title": "Enable",
-      "description": "Enables a existing Stream",
-      "href": "/nginx/streams/{definitions.identity.example}/enable",
-      "access": "private",
-      "method": "POST",
-      "rel": "update",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "boolean"
-      }
-    },
-    {
-      "title": "Disable",
-      "description": "Disables a existing Stream",
-      "href": "/nginx/streams/{definitions.identity.example}/disable",
-      "access": "private",
-      "method": "POST",
-      "rel": "update",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "boolean"
-      }
-    }
-  ]
-}

backend/schema/endpoints/tokens.json

@@ -1,100 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "$id": "endpoints/tokens",
-  "title": "Token",
-  "description": "Tokens are required to authenticate against the API",
-  "stability": "stable",
-  "type": "object",
-  "definitions": {
-    "identity": {
-      "description": "Email Address or other 3rd party providers identifier",
-      "example": "john@example.com",
-      "type": "string"
-    },
-    "secret": {
-      "description": "A password or key",
-      "example": "correct horse battery staple",
-      "type": "string"
-    },
-    "token": {
-      "description": "JWT",
-      "example": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.O_frfYM8RzmRsUNigHtu0_jZ_utSejyr1axMGa8rlsk",
-      "type": "string"
-    },
-    "expires": {
-      "description": "Token expiry time",
-      "format": "date-time",
-      "type": "string"
-    },
-    "scope": {
-      "description": "Scope of the Token, defaults to 'user'",
-      "example": "user",
-      "type": "string"
-    }
-  },
-  "links": [
-    {
-      "title": "Create",
-      "description": "Creates a new token.",
-      "href": "/tokens",
-      "access": "public",
-      "method": "POST",
-      "rel": "create",
-      "schema": {
-        "type": "object",
-        "required": [
-          "identity",
-          "secret"
-        ],
-        "properties": {
-          "identity": {
-            "$ref": "#/definitions/identity"
-          },
-          "secret": {
-            "$ref": "#/definitions/secret"
-          },
-          "scope": {
-            "$ref": "#/definitions/scope"
-          }
-        }
-      },
-      "targetSchema": {
-        "type": "object",
-        "properties": {
-          "token": {
-            "$ref": "#/definitions/token"
-          },
-          "expires": {
-            "$ref": "#/definitions/expires"
-          }
-        }
-      }
-    },
-    {
-      "title": "Refresh",
-      "description": "Returns a new token.",
-      "href": "/tokens",
-      "access": "private",
-      "method": "GET",
-      "rel": "self",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "schema": {},
-      "targetSchema": {
-        "type": "object",
-        "properties": {
-          "token": {
-            "$ref": "#/definitions/token"
-          },
-          "expires": {
-            "$ref": "#/definitions/expires"
-          },
-          "scope": {
-            "$ref": "#/definitions/scope"
-          }
-        }
-      }
-    }
-  ]
-}

backend/schema/endpoints/users.json

@@ -1,287 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "$id": "endpoints/users",
-  "title": "Users",
-  "description": "Endpoints relating to Users",
-  "stability": "stable",
-  "type": "object",
-  "definitions": {
-    "id": {
-      "$ref": "../definitions.json#/definitions/id"
-    },
-    "created_on": {
-      "$ref": "../definitions.json#/definitions/created_on"
-    },
-    "modified_on": {
-      "$ref": "../definitions.json#/definitions/modified_on"
-    },
-    "name": {
-      "description": "Name",
-      "example": "Jamie Curnow",
-      "type": "string",
-      "minLength": 2,
-      "maxLength": 100
-    },
-    "nickname": {
-      "description": "Nickname",
-      "example": "Jamie",
-      "type": "string",
-      "minLength": 2,
-      "maxLength": 50
-    },
-    "email": {
-      "$ref": "../definitions.json#/definitions/email"
-    },
-    "avatar": {
-      "description": "Avatar",
-      "example": "http://somewhere.jpg",
-      "type": "string",
-      "minLength": 2,
-      "maxLength": 150,
-      "readOnly": true
-    },
-    "roles": {
-      "description": "Roles",
-      "example": [
-        "admin"
-      ],
-      "type": "array"
-    },
-    "is_disabled": {
-      "description": "Is Disabled",
-      "example": false,
-      "type": "boolean"
-    }
-  },
-  "links": [
-    {
-      "title": "List",
-      "description": "Returns a list of Users",
-      "href": "/users",
-      "access": "private",
-      "method": "GET",
-      "rel": "self",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "array",
-        "items": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Create",
-      "description": "Creates a new User",
-      "href": "/users",
-      "access": "private",
-      "method": "POST",
-      "rel": "create",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "schema": {
-        "type": "object",
-        "required": [
-          "name",
-          "nickname",
-          "email"
-        ],
-        "properties": {
-          "name": {
-            "$ref": "#/definitions/name"
-          },
-          "nickname": {
-            "$ref": "#/definitions/nickname"
-          },
-          "email": {
-            "$ref": "#/definitions/email"
-          },
-          "roles": {
-            "$ref": "#/definitions/roles"
-          },
-          "is_disabled": {
-            "$ref": "#/definitions/is_disabled"
-          },
-          "auth": {
-            "type": "object",
-            "description": "Auth Credentials",
-            "example": {
-              "type": "password",
-              "secret": "bigredhorsebanana"
-            }
-          }
-        }
-      },
-      "targetSchema": {
-        "properties": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Update",
-      "description": "Updates a existing User",
-      "href": "/users/{definitions.identity.example}",
-      "access": "private",
-      "method": "PUT",
-      "rel": "update",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "schema": {
-        "type": "object",
-        "properties": {
-          "name": {
-            "$ref": "#/definitions/name"
-          },
-          "nickname": {
-            "$ref": "#/definitions/nickname"
-          },
-          "email": {
-            "$ref": "#/definitions/email"
-          },
-          "roles": {
-            "$ref": "#/definitions/roles"
-          },
-          "is_disabled": {
-            "$ref": "#/definitions/is_disabled"
-          }
-        }
-      },
-      "targetSchema": {
-        "properties": {
-          "$ref": "#/properties"
-        }
-      }
-    },
-    {
-      "title": "Delete",
-      "description": "Deletes a existing User",
-      "href": "/users/{definitions.identity.example}",
-      "access": "private",
-      "method": "DELETE",
-      "rel": "delete",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "targetSchema": {
-        "type": "boolean"
-      }
-    },
-    {
-      "title": "Set Password",
-      "description": "Sets a password for an existing User",
-      "href": "/users/{definitions.identity.example}/auth",
-      "access": "private",
-      "method": "PUT",
-      "rel": "update",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "schema": {
-        "type": "object",
-        "required": [
-          "type",
-          "secret"
-        ],
-        "properties": {
-          "type": {
-            "type": "string",
-            "pattern": "^password$"
-          },
-          "current": {
-            "type": "string",
-            "minLength": 1,
-            "maxLength": 64
-          },
-          "secret": {
-            "type": "string",
-            "minLength": 8,
-            "maxLength": 64
-          }
-        }
-      },
-      "targetSchema": {
-        "type": "boolean"
-      }
-    },
-    {
-      "title": "Set Permissions",
-      "description": "Sets Permissions for a User",
-      "href": "/users/{definitions.identity.example}/permissions",
-      "access": "private",
-      "method": "PUT",
-      "rel": "update",
-      "http_header": {
-        "$ref": "../examples.json#/definitions/auth_header"
-      },
-      "schema": {
-        "type": "object",
-        "properties": {
-          "visibility": {
-            "type": "string",
-            "pattern": "^(all|user)$"
-          },
-          "access_lists": {
-            "type": "string",
-            "pattern": "^(hidden|view|manage)$"
-          },
-          "dead_hosts": {
-            "type": "string",
-            "pattern": "^(hidden|view|manage)$"
-          },
-          "proxy_hosts": {
-            "type": "string",
-            "pattern": "^(hidden|view|manage)$"
-          },
-          "redirection_hosts": {
-            "type": "string",
-            "pattern": "^(hidden|view|manage)$"
-          },
-          "streams": {
-            "type": "string",
-            "pattern": "^(hidden|view|manage)$"
-          },
-          "certificates": {
-            "type": "string",
-            "pattern": "^(hidden|view|manage)$"
-          }
-        }
-      },
-      "targetSchema": {
-        "type": "boolean"
-      }
-    }
-  ],
-  "properties": {
-    "id": {
-      "$ref": "#/definitions/id"
-    },
-    "created_on": {
-      "$ref": "#/definitions/created_on"
-    },
-    "modified_on": {
-      "$ref": "#/definitions/modified_on"
-    },
-    "name": {
-      "$ref": "#/definitions/name"
-    },
-    "nickname": {
-      "$ref": "#/definitions/nickname"
-    },
-    "email": {
-      "$ref": "#/definitions/email"
-    },
-    "avatar": {
-      "$ref": "#/definitions/avatar"
-    },
-    "roles": {
-      "$ref": "#/definitions/roles"
-    },
-    "is_disabled": {
-      "$ref": "#/definitions/is_disabled"
-    }
-  }
-}

backend/schema/examples.json

@@ -1,23 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "$id": "examples",
-  "type": "object",
-  "definitions": {
-    "name": {
-      "description": "Name",
-      "example": "John Smith",
-      "type": "string",
-      "minLength": 1,
-      "maxLength": 255
-    },
-    "auth_header": {
-      "Authorization": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.O_frfYM8RzmRsUNigHtu0_jZ_utSejyr1axMGa8rlsk",
-      "X-API-Version": "next"
-    },
-    "token": {
-      "type": "string",
-      "description": "JWT",
-      "example": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.O_frfYM8RzmRsUNigHtu0_jZ_utSejyr1axMGa8rlsk"
-    }
-  }
-}

backend/schema/index.js

@@ -0,0 +1,41 @@
+const refParser = require('@apidevtools/json-schema-ref-parser');
+
+let compiledSchema = null;
+
+module.exports = {
+
+	/**
+	 * Compiles the schema, by dereferencing it, only once
+	 * and returns the memory cached value
+	 */
+	getCompiledSchema: async () => {
+		if (compiledSchema === null) {
+			compiledSchema = await refParser.dereference(__dirname + '/swagger.json', {
+				mutateInputSchema: false,
+			});
+		}
+		return compiledSchema;
+	},
+
+	/**
+	 * Scans the schema for the validation schema for the given path and method
+	 * and returns it.
+	 *
+	 * @param {string} path
+	 * @param {string} method
+	 * @returns string|null
+	 */
+	getValidationSchema: (path, method) => {
+		if (compiledSchema !== null &&
+			typeof compiledSchema.paths[path] !== 'undefined' &&
+			typeof compiledSchema.paths[path][method] !== 'undefined' &&
+			typeof compiledSchema.paths[path][method].requestBody !== 'undefined' &&
+			typeof compiledSchema.paths[path][method].requestBody.content !== 'undefined' &&
+			typeof compiledSchema.paths[path][method].requestBody.content['application/json'] !== 'undefined' &&
+			typeof compiledSchema.paths[path][method].requestBody.content['application/json'].schema !== 'undefined'
+		) {
+			return compiledSchema.paths[path][method].requestBody.content['application/json'].schema;
+		}
+		return null;
+	}
+};

backend/schema/index.json

@@ -1,42 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "$id": "root",
-  "title": "Nginx Proxy Manager REST API",
-  "description": "This is the Nginx Proxy Manager REST API",
-  "version": "2.0.0",
-  "links": [
-    {
-      "href": "http://npm.example.com/api",
-      "rel": "self"
-    }
-  ],
-  "properties": {
-    "tokens": {
-      "$ref": "endpoints/tokens.json"
-    },
-    "users": {
-      "$ref": "endpoints/users.json"
-    },
-    "proxy-hosts": {
-      "$ref": "endpoints/proxy-hosts.json"
-    },
-    "redirection-hosts": {
-      "$ref": "endpoints/redirection-hosts.json"
-    },
-    "dead-hosts": {
-      "$ref": "endpoints/dead-hosts.json"
-    },
-    "streams": {
-      "$ref": "endpoints/streams.json"
-    },
-    "certificates": {
-      "$ref": "endpoints/certificates.json"
-    },
-    "access-lists": {
-      "$ref": "endpoints/access-lists.json"
-    },
-    "settings": {
-      "$ref": "endpoints/settings.json"
-    }
-  }
-}

backend/schema/paths/audit-log/get.json

@@ -0,0 +1,53 @@
+{
+	"operationId": "getAuditLog",
+	"summary": "Get Audit Log",
+	"tags": ["Audit Log"],
+	"security": [
+		{
+			"BearerAuth": ["audit-log"]
+		}
+	],
+	"responses": {
+		"200": {
+			"description": "200 response",
+			"content": {
+				"application/json": {
+					"examples": {
+						"default": {
+							"value": [
+								{
+									"id": 7,
+									"created_on": "2024-10-08T13:09:54.000Z",
+									"modified_on": "2024-10-08T13:09:54.000Z",
+									"user_id": 1,
+									"object_type": "user",
+									"object_id": 3,
+									"action": "updated",
+									"meta": {
+										"name": "John Doe",
+										"permissions": {
+											"user_id": 3,
+											"visibility": "all",
+											"access_lists": "manage",
+											"dead_hosts": "hidden",
+											"proxy_hosts": "manage",
+											"redirection_hosts": "view",
+											"streams": "hidden",
+											"certificates": "manage",
+											"id": 3,
+											"modified_on": "2024-10-08T13:09:54.000Z",
+											"created_on": "2024-10-08T13:09:51.000Z"
+										}
+									}
+								}
+							]
+						}
+					},
+					"schema": {
+						"$ref": "../../components/audit-log-object.json"
+					}
+				}
+			}
+		}
+	}
+}

backend/schema/paths/get.json

@@ -0,0 +1,29 @@
+{
+	"operationId": "health",
+	"summary": "Returns the API health status",
+	"tags": ["Public"],
+	"responses": {
+		"200": {
+			"description": "200 response",
+			"content": {
+				"application/json": {
+					"examples": {
+						"default": {
+							"value": {
+								"status": "OK",
+								"version": {
+									"major": 2,
+									"minor": 1,
+									"revision": 0
+								}
+							}
+						}
+					},
+					"schema": {
+						"$ref": "../components/health-object.json"
+					}
+				}
+			}
+		}
+	}
+}

backend/schema/paths/nginx/access-lists/get.json

@@ -0,0 +1,50 @@
+{
+	"operationId": "getAccessLists",
+	"summary": "Get all access lists",
+	"tags": ["Access Lists"],
+	"security": [
+		{
+			"BearerAuth": ["access_lists"]
+		}
+	],
+	"parameters": [
+		{
+			"in": "query",
+			"name": "expand",
+			"description": "Expansions",
+			"schema": {
+				"type": "string",
+				"enum": ["owner", "items", "clients", "proxy_hosts"]
+			}
+		}
+	],
+	"responses": {
+		"200": {
+			"description": "200 response",
+			"content": {
+				"application/json": {
+					"examples": {
+						"default": {
+							"value": [
+								{
+									"id": 1,
+									"created_on": "2024-10-08T22:15:40.000Z",
+									"modified_on": "2024-10-08T22:15:40.000Z",
+									"owner_user_id": 1,
+									"name": "test1234",
+									"meta": {},
+									"satisfy_any": true,
+									"pass_auth": false,
+									"proxy_host_count": 0
+								}
+							]
+						}
+					},
+					"schema": {
+						"$ref": "../../../components/access-list-object.json"
+					}
+				}
+			}
+		}
+	}
+}

backend/schema/paths/nginx/access-lists/listID/delete.json

@@ -0,0 +1,39 @@
+{
+	"operationId": "deleteAccessList",
+	"summary": "Delete a Access List",
+	"tags": ["Access Lists"],
+	"security": [
+		{
+			"BearerAuth": ["access_lists"]
+		}
+	],
+	"parameters": [
+		{
+			"in": "path",
+			"name": "listID",
+			"schema": {
+				"type": "integer",
+				"minimum": 1
+			},
+			"required": true,
+			"example": 2
+		}
+	],
+	"responses": {
+		"200": {
+			"description": "200 response",
+			"content": {
+				"application/json": {
+					"examples": {
+						"default": {
+							"value": true
+						}
+					},
+					"schema": {
+						"type": "boolean"
+					}
+				}
+			}
+		}
+	}
+}

backend/schema/paths/nginx/access-lists/listID/get.json

@@ -0,0 +1,49 @@
+{
+	"operationId": "getAccessList",
+	"summary": "Get a access List",
+	"tags": ["Access Lists"],
+	"security": [
+		{
+			"BearerAuth": ["access_lists"]
+		}
+	],
+	"parameters": [
+		{
+			"in": "path",
+			"name": "listID",
+			"schema": {
+				"type": "integer",
+				"minimum": 1
+			},
+			"required": true,
+			"example": 1
+		}
+	],
+	"responses": {
+		"200": {
+			"description": "200 response",
+			"content": {
+				"application/json": {
+					"examples": {
+						"default": {
+							"value": {
+								"id": 1,
+								"created_on": "2020-01-30T09:36:08.000Z",
+								"modified_on": "2020-01-30T09:41:04.000Z",
+								"is_disabled": false,
+								"email": "jc@jc21.com",
+								"name": "Jamie Curnow",
+								"nickname": "James",
+								"avatar": "//www.gravatar.com/avatar/6193176330f8d38747f038c170ddb193?default=mm",
+								"roles": ["admin"]
+							}
+						}
+					},
+					"schema": {
+						"$ref": "../../../../components/access-list-object.json"
+					}
+				}
+			}
+		}
+	}
+}

backend/schema/paths/nginx/access-lists/listID/put.json

@@ -0,0 +1,163 @@
+{
+	"operationId": "updateAccessList",
+	"summary": "Update a Access List",
+	"tags": ["Access Lists"],
+	"security": [
+		{
+			"BearerAuth": ["access_lists"]
+		}
+	],
+	"parameters": [
+		{
+			"in": "path",
+			"name": "listID",
+			"schema": {
+				"type": "integer",
+				"minimum": 1
+			},
+			"required": true,
+			"example": 2
+		}
+	],
+	"requestBody": {
+		"description": "Access List Payload",
+		"required": true,
+		"content": {
+			"application/json": {
+				"schema": {
+					"type": "object",
+					"additionalProperties": false,
+					"minProperties": 1,
+					"properties": {
+						"name": {
+							"$ref": "../../../../components/access-list-object.json#/properties/name"
+						},
+						"satisfy_any": {
+							"$ref": "../../../../components/access-list-object.json#/properties/satisfy_any"
+						},
+						"pass_auth": {
+							"$ref": "../../../../components/access-list-object.json#/properties/pass_auth"
+						},
+						"items": {
+							"type": "array",
+							"items": {
+								"type": "object",
+								"additionalProperties": false,
+								"properties": {
+									"username": {
+										"type": "string",
+										"minLength": 1
+									},
+									"password": {
+										"type": "string"
+									}
+								}
+							}
+						},
+						"clients": {
+							"type": "array",
+							"items": {
+								"type": "object",
+								"additionalProperties": false,
+								"properties": {
+									"address": {
+										"oneOf": [
+											{
+												"type": "string",
+												"pattern": "^([0-9]{1,3}\\.){3}[0-9]{1,3}(/([0-9]|[1-2][0-9]|3[0-2]))?$"
+											},
+											{
+												"type": "string",
+												"pattern": "^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?$"
+											},
+											{
+												"type": "string",
+												"pattern": "^all$"
+											}
+										]
+									},
+									"directive": {
+										"$ref": "../../../../components/access-list-object.json#/properties/directive"
+									}
+								}
+							}
+						}
+					}
+				}
+			}
+		}
+	},
+	"responses": {
+		"200": {
+			"description": "200 response",
+			"content": {
+				"application/json": {
+					"examples": {
+						"default": {
+							"value": {
+								"id": 1,
+								"created_on": "2024-10-08T22:15:40.000Z",
+								"modified_on": "2024-10-08T22:34:34.000Z",
+								"owner_user_id": 1,
+								"name": "test123!!",
+								"meta": {},
+								"satisfy_any": true,
+								"pass_auth": false,
+								"proxy_host_count": 0,
+								"owner": {
+									"id": 1,
+									"created_on": "2024-10-07T22:43:55.000Z",
+									"modified_on": "2024-10-08T12:52:54.000Z",
+									"is_deleted": false,
+									"is_disabled": false,
+									"email": "admin@example.com",
+									"name": "Administrator",
+									"nickname": "some guy",
+									"avatar": "//www.gravatar.com/avatar/e64c7d89f26bd1972efa854d13d7dd61?default=mm",
+									"roles": ["admin"]
+								},
+								"items": [
+									{
+										"id": 1,
+										"created_on": "2024-10-08T22:15:40.000Z",
+										"modified_on": "2024-10-08T22:15:40.000Z",
+										"access_list_id": 1,
+										"username": "admin",
+										"password": "",
+										"meta": {},
+										"hint": "a****"
+									},
+									{
+										"id": 2,
+										"created_on": "2024-10-08T22:15:40.000Z",
+										"modified_on": "2024-10-08T22:15:40.000Z",
+										"access_list_id": 1,
+										"username": "asdad",
+										"password": "",
+										"meta": {},
+										"hint": "a*****"
+									}
+								],
+								"clients": [
+									{
+										"id": 1,
+										"created_on": "2024-10-08T22:15:40.000Z",
+										"modified_on": "2024-10-08T22:15:40.000Z",
+										"access_list_id": 1,
+										"address": "127.0.0.1",
+										"directive": "allow",
+										"meta": {}
+									}
+								],
+								"proxy_hosts": []
+							}
+						}
+					},
+					"schema": {
+						"$ref": "../../../../components/access-list-object.json"
+					}
+				}
+			}
+		}
+	}
+}

backend/schema/paths/nginx/access-lists/post.json

@@ -0,0 +1,155 @@
+{
+	"operationId": "createAccessList",
+	"summary": "Create a Access List",
+	"tags": ["Access Lists"],
+	"security": [
+		{
+			"BearerAuth": ["access_lists"]
+		}
+	],
+	"requestBody": {
+		"description": "Access List Payload",
+		"required": true,
+		"content": {
+			"application/json": {
+				"schema": {
+					"type": "object",
+					"additionalProperties": false,
+					"required": ["name"],
+					"properties": {
+						"name": {
+							"$ref": "../../../components/access-list-object.json#/properties/name"
+						},
+						"satisfy_any": {
+							"$ref": "../../../components/access-list-object.json#/properties/satisfy_any"
+						},
+						"pass_auth": {
+							"$ref": "../../../components/access-list-object.json#/properties/pass_auth"
+						},
+						"items": {
+							"type": "array",
+							"items": {
+								"type": "object",
+								"additionalProperties": false,
+								"properties": {
+									"username": {
+										"type": "string",
+										"minLength": 1
+									},
+									"password": {
+										"type": "string",
+										"minLength": 1
+									}
+								}
+							}
+						},
+						"clients": {
+							"type": "array",
+							"items": {
+								"type": "object",
+								"additionalProperties": false,
+								"properties": {
+									"address": {
+										"oneOf": [
+											{
+												"type": "string",
+												"pattern": "^([0-9]{1,3}\\.){3}[0-9]{1,3}(/([0-9]|[1-2][0-9]|3[0-2]))?$"
+											},
+											{
+												"type": "string",
+												"pattern": "^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?$"
+											},
+											{
+												"type": "string",
+												"pattern": "^all$"
+											}
+										]
+									},
+									"directive": {
+										"$ref": "../../../components/access-list-object.json#/properties/directive"
+									}
+								}
+							}
+						},
+						"meta": {
+							"$ref": "../../../components/access-list-object.json#/properties/meta"
+						}
+					}
+				}
+			}
+		}
+	},
+	"responses": {
+		"201": {
+			"description": "201 response",
+			"content": {
+				"application/json": {
+					"examples": {
+						"default": {
+							"value": {
+								"id": 1,
+								"created_on": "2024-10-08T22:15:40.000Z",
+								"modified_on": "2024-10-08T22:15:40.000Z",
+								"owner_user_id": 1,
+								"name": "test1234",
+								"meta": {},
+								"satisfy_any": true,
+								"pass_auth": false,
+								"proxy_host_count": 0,
+								"owner": {
+									"id": 1,
+									"created_on": "2024-10-07T22:43:55.000Z",
+									"modified_on": "2024-10-08T12:52:54.000Z",
+									"is_deleted": false,
+									"is_disabled": false,
+									"email": "admin@example.com",
+									"name": "Administrator",
+									"nickname": "some guy",
+									"avatar": "//www.gravatar.com/avatar/e64c7d89f26bd1972efa854d13d7dd61?default=mm",
+									"roles": ["admin"]
+								},
+								"items": [
+									{
+										"id": 1,
+										"created_on": "2024-10-08T22:15:40.000Z",
+										"modified_on": "2024-10-08T22:15:40.000Z",
+										"access_list_id": 1,
+										"username": "admin",
+										"password": "",
+										"meta": {},
+										"hint": "a****"
+									},
+									{
+										"id": 2,
+										"created_on": "2024-10-08T22:15:40.000Z",
+										"modified_on": "2024-10-08T22:15:40.000Z",
+										"access_list_id": 1,
+										"username": "asdad",
+										"password": "",
+										"meta": {},
+										"hint": "a*****"
+									}
+								],
+								"proxy_hosts": [],
+								"clients": [
+									{
+										"id": 1,
+										"created_on": "2024-10-08T22:15:40.000Z",
+										"modified_on": "2024-10-08T22:15:40.000Z",
+										"access_list_id": 1,
+										"address": "127.0.0.1",
+										"directive": "allow",
+										"meta": {}
+									}
+								]
+							}
+						}
+					},
+					"schema": {
+						"$ref": "../../../components/access-list-object.json"
+					}
+				}
+			}
+		}
+	}
+}

backend/schema/paths/nginx/certificates/certID/delete.json

@@ -0,0 +1,39 @@
+{
+	"operationId": "deleteCertificate",
+	"summary": "Delete a Certificate",
+	"tags": ["Certificates"],
+	"security": [
+		{
+			"BearerAuth": ["certificates"]
+		}
+	],
+	"parameters": [
+		{
+			"in": "path",
+			"name": "certID",
+			"schema": {
+				"type": "integer",
+				"minimum": 1
+			},
+			"required": true,
+			"example": 2
+		}
+	],
+	"responses": {
+		"200": {
+			"description": "200 response",
+			"content": {
+				"application/json": {
+					"examples": {
+						"default": {
+							"value": true
+						}
+					},
+					"schema": {
+						"type": "boolean"
+					}
+				}
+			}
+		}
+	}
+}

backend/schema/paths/nginx/certificates/certID/download/get.json

@@ -0,0 +1,35 @@
+{
+	"operationId": "downloadCertificate",
+	"summary": "Downloads a Certificate",
+	"tags": ["Certificates"],
+	"security": [
+		{
+			"BearerAuth": ["certificates"]
+		}
+	],
+	"parameters": [
+		{
+			"in": "path",
+			"name": "certID",
+			"schema": {
+				"type": "integer",
+				"minimum": 1
+			},
+			"required": true,
+			"example": 1
+		}
+	],
+	"responses": {
+		"200": {
+			"description": "200 response",
+			"content": {
+				"application/zip": {
+					"schema": {
+						"type": "string",
+						"format": "binary"
+					}
+				}
+			}
+		}
+	}
+}

backend/schema/paths/nginx/certificates/certID/get.json

@@ -0,0 +1,53 @@
+{
+	"operationId": "getCertificate",
+	"summary": "Get a Certificate",
+	"tags": ["Certificates"],
+	"security": [
+		{
+			"BearerAuth": ["certificates"]
+		}
+	],
+	"parameters": [
+		{
+			"in": "path",
+			"name": "certID",
+			"schema": {
+				"type": "integer",
+				"minimum": 1
+			},
+			"required": true,
+			"example": 1
+		}
+	],
+	"responses": {
+		"200": {
+			"description": "200 response",
+			"content": {
+				"application/json": {
+					"examples": {
+						"default": {
+							"value": {
+								"id": 4,
+								"created_on": "2024-10-09T05:31:58.000Z",
+								"modified_on": "2024-10-09T05:32:11.000Z",
+								"owner_user_id": 1,
+								"provider": "letsencrypt",
+								"nice_name": "test.example.com",
+								"domain_names": ["test.example.com"],
+								"expires_on": "2025-01-07T04:34:18.000Z",
+								"meta": {
+									"letsencrypt_email": "jc@jc21.com",
+									"letsencrypt_agree": true,
+									"dns_challenge": false
+								}
+							}
+						}
+					},
+					"schema": {
+						"$ref": "../../../../components/certificate-object.json"
+					}
+				}
+			}
+		}
+	}
+}

backend/schema/paths/nginx/certificates/certID/renew/post.json

@@ -0,0 +1,54 @@
+{
+	"operationId": "renewCertificate",
+	"summary": "Renews a Certificate",
+	"tags": ["Certificates"],
+	"security": [
+		{
+			"BearerAuth": ["certificates"]
+		}
+	],
+	"parameters": [
+		{
+			"in": "path",
+			"name": "certID",
+			"schema": {
+				"type": "integer",
+				"minimum": 1
+			},
+			"required": true,
+			"example": 1
+		}
+	],
+	"responses": {
+		"200": {
+			"description": "200 response",
+			"content": {
+				"application/json": {
+					"examples": {
+						"default": {
+							"value": {
+								"expires_on": "2025-01-07T06:41:58.000Z",
+								"modified_on": "2024-10-09T07:39:51.000Z",
+								"id": 4,
+								"created_on": "2024-10-09T05:31:58.000Z",
+								"owner_user_id": 1,
+								"is_deleted": false,
+								"provider": "letsencrypt",
+								"nice_name": "My Test Cert",
+								"domain_names": ["test.jc21.supernerd.pro"],
+								"meta": {
+									"letsencrypt_email": "jc@jc21.com",
+									"letsencrypt_agree": true,
+									"dns_challenge": false
+								}
+							}
+						}
+					},
+					"schema": {
+						"$ref": "../../../../../components/certificate-object.json"
+					}
+				}
+			}
+		}
+	}
+}

backend/schema/paths/nginx/certificates/certID/upload/post.json

@@ -0,0 +1,82 @@
+{
+	"operationId": "uploadCertificate",
+	"summary": "Uploads a custom Certificate",
+	"tags": ["Certificates"],
+	"security": [
+		{
+			"BearerAuth": ["certificates"]
+		}
+	],
+	"parameters": [
+		{
+			"in": "path",
+			"name": "certID",
+			"schema": {
+				"type": "integer",
+				"minimum": 1
+			},
+			"required": true,
+			"example": 1
+		}
+	],
+	"requestBody": {
+		"description": "Certificate Files",
+		"required": true,
+		"content": {
+			"multipart/form-data": {
+				"schema": {
+					"type": "object",
+					"additionalProperties": false,
+					"required": ["certificate", "certificate_key"],
+					"properties": {
+						"certificate": {
+							"type": "string"
+						},
+						"certificate_key": {
+							"type": "string"
+						},
+						"intermediate_certificate": {
+							"type": "string"
+						}
+					}
+				}
+			}
+		}
+	},
+	"responses": {
+		"200": {
+			"description": "200 response",
+			"content": {
+				"application/json": {
+					"examples": {
+						"default": {
+							"value": {
+								"certificate": "-----BEGIN CERTIFICATE-----\nMIIEYDCCAsigAwIBAgIRAPoSC0hvitb26ODMlsH6YbowDQYJKoZIhvcNAQELBQAw\ngZExHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEzMDEGA1UECwwqamN1\ncm5vd0BKYW1pZXMtTGFwdG9wLmxvY2FsIChKYW1pZSBDdXJub3cpMTowOAYDVQQD\nDDFta2NlcnQgamN1cm5vd0BKYW1pZXMtTGFwdG9wLmxvY2FsIChKYW1pZSBDdXJu\nb3cpMB4XDTI0MTAwOTA3MjIxN1oXDTI3MDEwOTA3MjIxN1owXjEnMCUGA1UEChMe\nbWtjZXJ0IGRldmVsb3BtZW50IGNlcnRpZmljYXRlMTMwMQYDVQQLDCpqY3Vybm93\nQEphbWllcy1MYXB0b3AubG9jYWwgKEphbWllIEN1cm5vdykwggEiMA0GCSqGSIb3\nDQEBAQUAA4IBDwAwggEKAoIBAQC1n9j9C5Bes1ndqACDckERauxXVNKCnUlUM1bu\nGBx1xc+j2e2Ar23wUJJuWBY18VfT8yqfqVDktO2wrbmvZvLuPmXePOKbIKS+XXh+\n2NG9L5bDG9rwGFCRXnbQj+GWCdMfzx14+CR1IHgeYz6Cv/Si2/LJPCh/CoBfM4hU\nQJON3lxAWrWBpdbZnKYMrxuPBRfW9OuzTbCVXToQoxRAHiOR9081Xn1WeoKr7kVB\nIa5UphlvWXa12w1YmUwJu7YndnJGIavLWeNCVc7ZEo+nS8Wr/4QWicatIWZXpVaE\nOPhRoeplQDxNWg5b/Q26rYoVd7PrCmRs7sVcH79XzGONeH1PAgMBAAGjZTBjMA4G\nA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBSB\n/vfmBUd4W7CvyEMl7YpMVQs8vTAbBgNVHREEFDASghB0ZXN0LmV4YW1wbGUuY29t\nMA0GCSqGSIb3DQEBCwUAA4IBgQASwON/jPAHzcARSenY0ZGY1m5OVTYoQ/JWH0oy\nl8SyFCQFEXt7UHDD/eTtLT0vMyc190nP57P8lTnZGf7hSinZz1B1d6V4cmzxpk0s\nVXZT+irL6bJVJoMBHRpllKAhGULIo33baTrWFKA0oBuWx4AevSWKcLW5j87kEawn\nATCuMQ1I3ifR1mSlB7X8fb+vF+571q0NGuB3a42j6rdtXJ6SmH4+9B4qO0sfHDNt\nIImpLCH/tycDpcYrGSCn1QrekFG1bSEh+Bb9i8rqMDSDsYrTFPZTuOQ3EtjGni9u\nm+rEP3OyJg+md8c+0LVP7/UU4QWWnw3/Wolo5kSCxE8vNTFqi4GhVbdLnUtcIdTV\nXxuR6cKyW87Snj1a0nG76ZLclt/akxDhtzqeV60BO0p8pmiev8frp+E94wFNYCmp\n1cr3CnMEGRaficLSDFC6EBENzlZW2BQT6OMIV+g0NBgSyQe39s2zcdEl5+SzDVuw\nhp8bJUp/QN7pnOVCDbjTQ+HVMXw=\n-----END CERTIFICATE-----\n",
+								"certificate_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC1n9j9C5Bes1nd\nqACDckERauxXVNKCnUlUM1buGBx1xc+j2e2Ar23wUJJuWBY18VfT8yqfqVDktO2w\nrbmvZvLuPmXePOKbIKS+XXh+2NG9L5bDG9rwGFCRXnbQj+GWCdMfzx14+CR1IHge\nYz6Cv/Si2/LJPCh/CoBfM4hUQJON3lxAWrWBpdbZnKYMrxuPBRfW9OuzTbCVXToQ\noxRAHiOR9081Xn1WeoKr7kVBIa5UphlvWXa12w1YmUwJu7YndnJGIavLWeNCVc7Z\nEo+nS8Wr/4QWicatIWZXpVaEOPhRoeplQDxNWg5b/Q26rYoVd7PrCmRs7sVcH79X\nzGONeH1PAgMBAAECggEAANb3Wtwl07pCjRrMvc7WbC0xYIn82yu8/g2qtjkYUJcU\nia5lQbYN7RGCS85Oc/tkq48xQEG5JQWNH8b918jDEMTrFab0aUEyYcru1q9L8PL6\nYHaNgZSrMrDcHcS8h0QOXNRJT5jeGkiHJaTR0irvB526tqF3knbK9yW22KTfycUe\na0Z9voKn5xRk1DCbHi/nk2EpT7xnjeQeLFaTIRXbS68omkr4YGhwWm5OizoyEGZu\nW0Zum5BkQyMr6kor3wdxOTG97ske2rcyvvHi+ErnwL0xBv0qY0Dhe8DpuXpDezqw\no72yY8h31Fu84i7sAj24YuE5Df8DozItFXQpkgbQ6QKBgQDPrufhvIFm2S/MzBdW\nH8JxY7CJlJPyxOvc1NIl9RczQGAQR90kx52cgIcuIGEG6/wJ/xnGfMmW40F0DnQ+\nN+oLgB9SFxeLkRb7s9Z/8N3uIN8JJFYcerEOiRQeN2BXEEWJ7bUThNtsVrAcKoUh\nELsDmnHW/3V+GKwhd0vpk842+wKBgQDf4PGLG9PTE5tlAoyHFodJRd2RhTJQkwsU\nMDNjLJ+KecLv+Nl+QiJhoflG1ccqtSFlBSCG067CDQ5LV0xm3mLJ7pfJoMgjcq31\nqjEmX4Ls91GuVOPtbwst3yFKjsHaSoKB5fBvWRcKFpBUezM7Qcw2JP3+dQT+bQIq\ncMTkRWDSvQKBgQDOdCQFDjxg/lR7NQOZ1PaZe61aBz5P3pxNqa7ClvMaOsuEQ7w9\nvMYcdtRq8TsjA2JImbSI0TIg8gb2FQxPcYwTJKl+FICOeIwtaSg5hTtJZpnxX5LO\nutTaC0DZjNkTk5RdOdWA8tihyUdGqKoxJY2TVmwGe2rUEDjFB++J4inkEwKBgB6V\ng0nmtkxanFrzOzFlMXwgEEHF+Xaqb9QFNa/xs6XeNnREAapO7JV75Cr6H2hFMFe1\nmJjyqCgYUoCWX3iaHtLJRnEkBtNY4kzyQB6m46LtsnnnXO/dwKA2oDyoPfFNRoDq\nYatEd3JIXNU9s2T/+x7WdOBjKhh72dTkbPFmTPDdAoGAU6rlPBevqOFdObYxdPq8\nEQWu44xqky3Mf5sBpOwtu6rqCYuziLiN7K4sjN5GD5mb1cEU+oS92ZiNcUQ7MFXk\n8yTYZ7U0VcXyAcpYreWwE8thmb0BohJBr+Mp3wLTx32x0HKdO6vpUa0d35LUTUmM\nRrKmPK/msHKK/sVHiL+NFqo=\n-----END PRIVATE KEY-----\n"
+							}
+						}
+					},
+					"schema": {
+						"type": "object",
+						"additionalProperties": false,
+						"required": ["certificate", "certificate_key"],
+						"properties": {
+							"certificate": {
+								"type": "string",
+								"minLength": 1
+							},
+							"certificate_key": {
+								"type": "string",
+								"minLength": 1
+							},
+							"intermediate_certificate": {
+								"type": "string",
+								"minLength": 1
+							}
+						}
+					}
+				}
+			}
+		}
+	}
+}

backend/schema/paths/nginx/certificates/get.json

@@ -0,0 +1,54 @@
+{
+	"operationId": "getCertificates",
+	"summary": "Get all certificates",
+	"tags": ["Certificates"],
+	"security": [
+		{
+			"BearerAuth": ["certificates"]
+		}
+	],
+	"parameters": [
+		{
+			"in": "query",
+			"name": "expand",
+			"description": "Expansions",
+			"schema": {
+				"type": "string",
+				"enum": ["owner"]
+			}
+		}
+	],
+	"responses": {
+		"200": {
+			"description": "200 response",
+			"content": {
+				"application/json": {
+					"examples": {
+						"default": {
+							"value": [
+								{
+									"id": 4,
+									"created_on": "2024-10-09T05:31:58.000Z",
+									"modified_on": "2024-10-09T05:32:11.000Z",
+									"owner_user_id": 1,
+									"provider": "letsencrypt",
+									"nice_name": "test.example.com",
+									"domain_names": ["test.example.com"],
+									"expires_on": "2025-01-07T04:34:18.000Z",
+									"meta": {
+										"letsencrypt_email": "jc@jc21.com",
+										"letsencrypt_agree": true,
+										"dns_challenge": false
+									}
+								}
+							]
+						}
+					},
+					"schema": {
+						"$ref": "../../../components/certificate-list.json"
+					}
+				}
+			}
+		}
+	}
+}

backend/schema/paths/nginx/certificates/post.json

@@ -0,0 +1,97 @@
+{
+	"operationId": "createCertificate",
+	"summary": "Create a Certificate",
+	"tags": ["Certificates"],
+	"security": [
+		{
+			"BearerAuth": ["certificates"]
+		}
+	],
+	"requestBody": {
+		"description": "Certificate Payload",
+		"required": true,
+		"content": {
+			"application/json": {
+				"schema": {
+					"type": "object",
+					"additionalProperties": false,
+					"required": ["provider"],
+					"properties": {
+						"provider": {
+							"$ref": "../../../components/certificate-object.json#/properties/provider"
+						},
+						"nice_name": {
+							"$ref": "../../../components/certificate-object.json#/properties/nice_name"
+						},
+						"domain_names": {
+							"$ref": "../../../components/certificate-object.json#/properties/domain_names"
+						},
+						"meta": {
+							"$ref": "../../../components/certificate-object.json#/properties/meta"
+						}
+					}
+				}
+			}
+		}
+	},
+	"responses": {
+		"201": {
+			"description": "201 response",
+			"content": {
+				"application/json": {
+					"examples": {
+						"default": {
+							"value": {
+								"expires_on": "2025-01-07 04:30:17",
+								"modified_on": "2024-10-09 05:28:51",
+								"id": 5,
+								"created_on": "2024-10-09 05:28:35",
+								"owner_user_id": 1,
+								"is_deleted": false,
+								"provider": "letsencrypt",
+								"nice_name": "test.example.com",
+								"domain_names": ["test.example.com"],
+								"meta": {
+									"letsencrypt_email": "jc@jc21.com",
+									"letsencrypt_agree": true,
+									"dns_challenge": false,
+									"letsencrypt_certificate": {
+										"cn": "test.example.com",
+										"issuer": "C = US, O = Let's Encrypt, CN = E5",
+										"dates": {
+											"from": 1728448218,
+											"to": 1736224217
+										}
+									}
+								}
+							}
+						}
+					},
+					"schema": {
+						"$ref": "../../../components/certificate-object.json"
+					}
+				}
+			}
+		},
+		"400": {
+			"description": "400 response",
+			"content": {
+				"application/json": {
+					"examples": {
+						"default": {
+							"value": {
+								"error": {
+									"code": 400,
+									"message": "Domains are invalid"
+								}
+							}
+						}
+					},
+					"schema": {
+						"$ref": "../../../components/error.json"
+					}
+				}
+			}
+		}
+	}
+}

backend/schema/paths/nginx/certificates/test-http/get.json

@@ -0,0 +1,40 @@
+{
+	"operationId": "testHttpReach",
+	"summary": "Test HTTP Reachability",
+	"tags": ["Certificates"],
+	"security": [
+		{
+			"BearerAuth": ["certificates"]
+		}
+	],
+	"parameters": [
+		{
+			"in": "query",
+			"name": "domains",
+			"description": "Expansions",
+			"required": true,
+			"schema": {
+				"type": "string",
+				"example": "[\"test.example.ord\",\"test.example.com\",\"nonexistent.example.com\"]"
+			}
+		}
+	],
+	"responses": {
+		"200": {
+			"description": "200 response",
+			"content": {
+				"application/json": {
+					"examples": {
+						"default": {
+							"value": {
+								"test.example.org": "ok",
+								"test.example.com": "other:Invalid domain or IP",
+								"nonexistent.example.com": "404"
+							}
+						}
+					}
+				}
+			}
+		}
+	}
+}