@aaricchen1991/deploy 0.1.0

package/src/lib/logger.ts

@@ -0,0 +1,79 @@
+/**
+ * Unified logger: timestamp, level, optional file output.
+ */
+
+import fs from "node:fs";
+import path from "node:path";
+
+export type LogLevel = "info" | "warn" | "error";
+
+const PREFIX: Record<LogLevel, string> = {
+  info: "\x1b[32m[INFO]\x1b[0m",
+  warn: "\x1b[33m[WARN]\x1b[0m",
+  error: "\x1b[31m[ERROR]\x1b[0m",
+};
+
+function timestamp(): string {
+  return new Date().toISOString().replace("T", " ").slice(0, 19);
+}
+
+function format(level: LogLevel, msg: string): string {
+  return `${timestamp()} ${PREFIX[level]} ${msg}`;
+}
+
+let logFile: string | null = null;
+
+export function setLogFile(filePath: string): void {
+  logFile = filePath;
+}
+
+export function getLogFilePath(): string | null {
+  return logFile;
+}
+
+function writeToLogFileSync(line: string): void {
+  if (!logFile) return;
+  try {
+    const dir = path.dirname(logFile);
+    fs.mkdirSync(dir, { recursive: true });
+    fs.appendFileSync(logFile, line + "\n");
+  } catch {
+    // ignore
+  }
+}
+
+export function info(msg: string): void {
+  const line = format("info", msg);
+  console.log(line);
+  writeToLogFileSync(line);
+}
+
+export function warn(msg: string): void {
+  const line = format("warn", msg);
+  console.warn(line);
+  writeToLogFileSync(line);
+}
+
+export function error(msg: string): void {
+  const line = format("error", msg);
+  console.error(line);
+  writeToLogFileSync(line);
+}
+
+/** Append a raw line to the log file (no timestamp/level prefix). */
+export function appendRaw(line: string): void {
+  writeToLogFileSync(line);
+}
+
+/** Append a structured SSL log line (time, action, domain, result, message). */
+export function appendSslLog(
+  action: "create" | "renew" | "success" | "failure" | "run",
+  domain: string,
+  result: "ok" | "fail",
+  message?: string
+): void {
+  const line = [timestamp(), "ssl", action, domain, result, message ?? ""].join(
+    "\t"
+  );
+  writeToLogFileSync(line);
+}

package/src/lib/nginx.ts

@@ -0,0 +1,120 @@
+/**
+ * Generate nginx n2.conf from domains config (same output as generate-nginx-conf.js).
+ */
+
+import type { DomainsConfig } from "./domains.js";
+
+function apiServerBlock(domain: string, backendPort: number): string {
+  return `# HTTPS - API (${domain})
+server {
+    listen 443 ssl http2;
+    server_name ${domain};
+
+    ssl_certificate /etc/nginx/ssl/${domain}.crt;
+    ssl_certificate_key /etc/nginx/ssl/${domain}.key;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers HIGH:!aNULL:!MD5;
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+
+    access_log /var/log/nginx/api-access.log;
+    error_log /var/log/nginx/api-error.log;
+
+    location / {
+        proxy_pass http://127.0.0.1:${backendPort};
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+}
+
+`;
+}
+
+function staticAppServerBlock(domain: string, appName: string): string {
+  const root = `/var/www/${appName}`;
+  return `# HTTPS - ${appName} (${domain})
+server {
+    listen 443 ssl http2;
+    server_name ${domain};
+
+    root ${root};
+    index index.html;
+
+    ssl_certificate /etc/nginx/ssl/${domain}.crt;
+    ssl_certificate_key /etc/nginx/ssl/${domain}.key;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers HIGH:!aNULL:!MD5;
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+
+    access_log /var/log/nginx/${appName}-access.log;
+    error_log /var/log/nginx/${appName}-error.log;
+
+    gzip on;
+    gzip_vary on;
+    gzip_min_length 1024;
+    gzip_types text/plain text/css text/xml text/javascript application/javascript application/xml+rss application/json;
+
+    location ~* \\.(jpg|jpeg|png|gif|ico|css|js|svg|woff|woff2|ttf|eot|mp3)$ {
+        expires 1y;
+        add_header Cache-Control "public, immutable";
+        access_log off;
+    }
+
+    location / {
+        try_files $uri $uri/ /index.html;
+    }
+
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+}
+
+`;
+}
+
+export function generateNginxConf(config: DomainsConfig): string {
+  const blocks: string[] = [];
+  const apiPort = config.api.backend_port ?? 3000;
+
+  for (const d of config.api.domains) {
+    blocks.push(apiServerBlock(d, apiPort));
+  }
+  for (const d of config.admin.domains) {
+    blocks.push(staticAppServerBlock(d, "admin"));
+  }
+  for (const d of config.tenant.domains) {
+    blocks.push(staticAppServerBlock(d, "tenant"));
+  }
+  for (const d of config.client.domains) {
+    blocks.push(staticAppServerBlock(d, "client"));
+  }
+
+  const allDomains = [
+    ...config.api.domains,
+    ...config.admin.domains,
+    ...config.tenant.domains,
+    ...config.client.domains,
+  ];
+  const redirectBlock = `# HTTP to HTTPS redirect
+server {
+    listen 80;
+    server_name ${allDomains.join(" ")};
+    return 301 https://$host$request_uri;
+}
+`;
+
+  return blocks.join("\n") + "\n" + redirectBlock;
+}

package/src/lib/paths.ts

@@ -0,0 +1,30 @@
+/**
+ * Resolve deploy scripts directory: for init/ssl we need deploy.sh, server-setup.sh, ssl/*, lib/*.
+ * 1) N2_DEPLOY_SCRIPTS_DIR env
+ * 2) cwd/scripts/deploy (monorepo)
+ * 3) package assets (when published)
+ */
+
+import fs from "node:fs";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+
+export function getScriptsDir(cwd: string = process.cwd()): string | null {
+  const envDir = process.env.N2_DEPLOY_SCRIPTS_DIR;
+  if (envDir && fs.existsSync(path.join(envDir, "deploy.sh"))) {
+    return envDir;
+  }
+  const monorepo = path.join(cwd, "scripts", "deploy");
+  if (fs.existsSync(path.join(monorepo, "deploy.sh"))) {
+    return monorepo;
+  }
+  // From dist/cli.js, package root is ../ and we may have assets/deploy
+  const packageRoot = path.join(__dirname, "..", "..");
+  const assetsDeploy = path.join(packageRoot, "assets", "deploy");
+  if (fs.existsSync(path.join(assetsDeploy, "deploy.sh"))) {
+    return assetsDeploy;
+  }
+  return null;
+}

package/tsconfig.json

@@ -0,0 +1,19 @@
+{
+  "extends": "../../tsconfig.base.json",
+  "compilerOptions": {
+    "module": "NodeNext",
+    "moduleResolution": "NodeNext",
+    "outDir": "./dist",
+    "rootDir": "./src",
+    "declaration": true,
+    "declarationMap": true,
+    "sourceMap": true,
+    "noEmit": false,
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "resolveJsonModule": true
+  },
+  "include": ["src/**/*"],
+  "exclude": ["node_modules", "dist"]
+}