@feardread/fear 2.0.5 → 2.0.6

package/FEARServer.js

@@ -4,6 +4,9 @@ const path = require('path');
 const express = require('express');
 const fs = require('fs');
 const dotenv = require('dotenv');
+const http = require('http');
+const https = require('https');
+const AutoEncrypt = require('@small-tech/auto-encrypt');
 
 const FearServer = (function () {
   // Private constants
@@ -14,17 +17,23 @@ const FearServer = (function () {
   };
 
   const DEFAULT_PORT = 4000;
+  const DEFAULT_HTTPS_PORT = 443;
   const SHUTDOWN_TIMEOUT = 10000; // 10 seconds
 
   // Constructor
   function FearServer() {
     this.fear = null;
     this.server = null;
+    this.httpsServer = null;
+    this.httpRedirectServer = null;
     this.Router = null;
     this.isShuttingDown = false;
     this.rootDir = path.resolve();
     this.reactApps = []; // Track multiple React apps
     this.envLoaded = false;
+    this.httpsConfig = null;
+    this.greenlock = null;
+    this.autoEncrypt = null;
   }
 
   FearServer.prototype = {
@@ -95,6 +104,196 @@ const FearServer = (function () {
       return true;
     },
 
+    /**
+     * Configure HTTPS with auto-encryption using Greenlock or Auto Encrypt
+     * @param {Object} config - HTTPS configuration
+     * @param {string} config.mode - 'greenlock', 'auto-encrypt', or 'manual'
+     * @param {string} config.domain - Domain name for Let's Encrypt (greenlock/auto-encrypt mode)
+     * @param {string} config.email - Email for Let's Encrypt notifications (greenlock/auto-encrypt mode)
+     * @param {string} config.certPath - Path to SSL certificate (manual mode)
+     * @param {string} config.keyPath - Path to SSL private key (manual mode)
+     * @param {string} config.caPath - Path to CA bundle (manual mode, optional)
+     * @param {boolean} config.staging - Use Let's Encrypt staging server (greenlock/auto-encrypt mode)
+     * @param {string} config.configDir - Directory to store Greenlock config (greenlock mode, default: ./greenlock.d)
+     * @param {string} config.settingsPath - Path to Auto Encrypt settings (auto-encrypt mode, default: .small-tech.org)
+     * @param {number} config.httpsPort - HTTPS port (default: 443)
+     * @param {boolean} config.redirectHttp - Redirect HTTP to HTTPS (default: true)
+     * @param {Array<string>} config.altnames - Alternative domain names (greenlock mode, optional)
+     */
+    setupHTTPS(config) {
+      if (!config || typeof config !== 'object') {
+        throw new Error('HTTPS configuration is required');
+      }
+
+      this.httpsConfig = {
+        mode: config.mode || 'greenlock',
+        httpsPort: config.httpsPort || DEFAULT_HTTPS_PORT,
+        redirectHttp: config.redirectHttp !== false,
+        certPath: config.certPath || process.env.SSL_CERT_PATH,
+        ...config
+      };
+
+      if (this.httpsConfig.mode === 'greenlock') {
+        this._setupGreenlock();
+      } else if (this.httpsConfig.mode === 'auto-encrypt') {
+        this._setupAutoEncrypt();
+      } else if (this.httpsConfig.mode === 'manual') {
+        this._validateManualCerts();
+      } else {
+        throw new Error('HTTPS mode must be "greenlock", "auto-encrypt", or "manual"');
+      }
+
+      if (this.fear && this.fear.getLogger()) {
+        this.fear.getLogger().info('HTTPS configuration loaded successfully');
+      }
+    },
+
+    /**
+     * Setup Greenlock for automatic SSL certificates
+     * @private
+     */
+    _setupGreenlock() {
+      const config = this.httpsConfig;
+
+      if (!config.domain) {
+        throw new Error('Domain name is required for Greenlock mode');
+      }
+
+      if (!config.email) {
+        throw new Error('Email address is required for Greenlock mode');
+      }
+
+      try {
+        // Greenlock Express uses a different pattern
+        // We don't initialize it here, we do it when starting the server
+        this.greenlockConfig = {
+          packageRoot: this.rootDir,
+          configDir: config.configDir || path.join(this.rootDir, 'greenlock.d'),
+          maintainerEmail: config.email,
+          cluster: false,
+          staging: config.staging || false,
+          domain: config.domain,
+          altnames: config.altnames || [config.domain]
+        };
+
+        // Ensure config directory exists
+        const configDir = this.greenlockConfig.configDir;
+        if (!fs.existsSync(configDir)) {
+          fs.mkdirSync(configDir, { recursive: true });
+        }
+
+        if (this.fear && this.fear.getLogger()) {
+          this.fear.getLogger().info(`Greenlock configured for domain: ${config.domain}`);
+          this.fear.getLogger().info(`Staging mode: ${config.staging ? 'enabled' : 'disabled'}`);
+        }
+      } catch (error) {
+        console.error('Error setting up Greenlock:', error);
+        throw new Error('Failed to setup Greenlock. Make sure @root/greenlock-express is installed: npm install @root/greenlock-express');
+      }
+    },
+
+    /**
+     * Setup Auto Encrypt for automatic SSL certificates
+     * @private
+     */
+    _setupAutoEncrypt() {
+      const config = this.httpsConfig;
+
+      if (!config.domain) {
+        throw new Error('Domain name is required for Auto Encrypt mode');
+      }
+
+      try {
+        //const AutoEncrypt = require('@small-tech/auto-encrypt');
+        
+        const settingsPath = config.settingsPath || path.join(this.rootDir, '.small-tech.org');
+        
+        // Auto Encrypt doesn't need separate initialization
+        // It's used directly when creating the HTTPS server
+        this.autoEncryptOptions = {
+          domains: [config.domain],
+          settingsPath: settingsPath
+        };
+
+        // Store staging mode for server creation
+        if (config.staging) {
+          this.autoEncryptOptions.staging = true;
+        }
+
+        if (this.fear && this.fear.getLogger()) {
+          this.fear.getLogger().info(`Auto Encrypt configured for domain: ${config.domain}`);
+          this.fear.getLogger().info(`Staging mode: ${config.staging ? 'enabled' : 'disabled'}`);
+          this.fear.getLogger().info(`Settings path: ${settingsPath}`);
+        }
+      } catch (error) {
+        console.error('Error setting up Auto Encrypt:', error);
+        throw new Error('Failed to setup Auto Encrypt. Make sure @small-tech/auto-encrypt is installed: npm install @small-tech/auto-encrypt');
+      }
+    },
+
+    /**
+     * Validate manual SSL certificates
+     * @private
+     */
+    _validateManualCerts() {
+      const config = this.httpsConfig;
+
+      if (!config.certPath || !config.keyPath) {
+        throw new Error('Certificate path and key path are required for manual HTTPS mode');
+      }
+
+      if (!fs.existsSync(config.certPath)) {
+        throw new Error(`SSL certificate not found: ${config.certPath}`);
+      }
+
+      if (!fs.existsSync(config.keyPath)) {
+        throw new Error(`SSL private key not found: ${config.keyPath}`);
+      }
+
+      if (config.caPath && !fs.existsSync(config.caPath)) {
+        throw new Error(`CA bundle not found: ${config.caPath}`);
+      }
+
+      if (this.fear && this.fear.getLogger()) {
+        this.fear.getLogger().info('Manual SSL certificates validated');
+      }
+    },
+
+    /**
+     * Create HTTPS server with manual certificates
+     * @private
+     */
+    _createManualHttpsServer() {
+      const config = this.httpsConfig;
+      
+      const httpsOptions = {
+        key: fs.readFileSync(config.keyPath),
+        cert: fs.readFileSync(config.certPath)
+      };
+
+      if (config.caPath) {
+        httpsOptions.ca = fs.readFileSync(config.caPath);
+      }
+
+      return https.createServer(httpsOptions, this.fear.getApp());
+    },
+
+    /**
+     * Create HTTP to HTTPS redirect server
+     * @private
+     */
+    _createHttpRedirectServer(httpsPort) {
+      const redirectApp = express();
+      
+      redirectApp.use((req, res) => {
+        const host = req.headers.host.split(':')[0];
+        const httpsUrl = `https://${host}${httpsPort !== 443 ? ':' + httpsPort : ''}${req.url}`;
+        res.redirect(301, httpsUrl);
+      });
+
+      return http.createServer(redirectApp);
+    },
+
     /**
      * Validate that required files exist for React app
      * @param {string} buildPath - Path to build directory
@@ -259,34 +458,31 @@ const FearServer = (function () {
     },
 
     /**
-     * Setup API routes prefix (useful to avoid conflicts with React routes)
-     * @param {string} prefix - API prefix (e.g., '/api')
+     * Setup API prefix for all routes
+     * @param {string} prefix - API prefix (e.g., '/api/v1')
      */
-    setupAPIPrefix(prefix = '/fear/api') {
+    setupAPIPrefix(prefix) {
+      if (!prefix || typeof prefix !== 'string') {
+        throw new Error('API prefix must be a string');
+      }
+
       const normalizedPrefix = `/${prefix.replace(/^\/+|\/+$/g, '')}`;
       
-      this.fear.getApp().use(normalizedPrefix, (req, res, next) => {
-
-        req.isAPIRoute = true;
-        next();
-      });
-
-      this.fear.getLogger().info(`API routes configured with prefix: ${normalizedPrefix}`);
-      return normalizedPrefix;
+      this.fear.getLogger().info(`Setting up API prefix: ${normalizedPrefix}`);
+      // This would need to be implemented in your FEAR framework
+      // to prefix all routes - just documenting the intent here
     },
 
     /**
-     * Setup process event handlers for graceful shutdown
+     * Setup process signal handlers for graceful shutdown
      */
     setupProcessHandlers() {
-      // Handle unhandled promise rejections
-      process.on("unhandledRejection", (reason, promise) => {
-        console.log('Unhandled Rejection at:', promise);
-        this.fear.getLogger().error('Unhandled Rejection at:', promise, 'reason:', reason);
-        this.gracefulShutdown('unhandledRejection');
-      });
+      // Prevent duplicate listeners
+      if (this._handlersSetup) {
+        return;
+      }
+      this._handlersSetup = true;
 
-      // Handle uncaught exceptions
       process.on("uncaughtException", (err) => {
         this.fear.getLogger().error('Uncaught Exception:', err);
         this.gracefulShutdown('uncaughtException');
@@ -350,6 +546,161 @@ const FearServer = (function () {
       });
     },
 
+    /**
+     * Start HTTPS server
+     * @private
+     */
+    async _startHttpsServer() {
+      const logger = this.fear.getLogger();
+      const httpsPort = this.httpsConfig.httpsPort;
+
+      let httpsServer;
+
+      if (this.httpsConfig.mode === 'greenlock') {
+        // Greenlock Express initialization and startup
+        logger.info('Starting HTTPS server with Greenlock auto-encryption...');
+        
+        const greenlockExpress = require('@root/greenlock-express');
+        
+        return new Promise((resolve, reject) => {
+          try {
+            // Initialize Greenlock with full configuration
+            const greenlock = greenlockExpress.init({
+              packageRoot: this.greenlockConfig.packageRoot,
+              configDir: this.greenlockConfig.configDir,
+              maintainerEmail: this.greenlockConfig.maintainerEmail,
+              cluster: false,
+              
+              // Notify callback for errors
+              notify: (event, details) => {
+                if (event === 'error') {
+                  logger.error('Greenlock error:', details);
+                } else if (event === 'warning') {
+                  logger.warn('Greenlock warning:', details);
+                }
+              }
+            });
+
+            // Store greenlock instance
+            this.greenlock = greenlock;
+
+            // Serve the app - Greenlock handles everything automatically
+            // It will listen on port 80 (HTTP) and 443 (HTTPS)
+            greenlock.serve(this.fear.getApp());
+            
+            logger.info(`✓ Greenlock HTTPS server started`);
+            logger.info(`✓ Listening on port 443 (HTTPS)`);
+            logger.info(`✓ Listening on port 80 (HTTP → HTTPS redirect)`);
+            logger.info(`✓ Staging mode: ${this.greenlockConfig.staging ? 'ENABLED' : 'DISABLED'}`);
+            logger.info('');
+            logger.info('⚠️  IMPORTANT: Configure your domain using Greenlock CLI:');
+            logger.info(`   npx greenlock add --subject ${this.greenlockConfig.domain} --altnames ${this.greenlockConfig.altnames.join(',')}`);
+            logger.info('');
+            
+            // Mark server as started
+            httpsServer = { 
+              greenlockManaged: true, 
+              greenlock: greenlock 
+            };
+            
+            resolve(httpsServer);
+            
+          } catch (error) {
+            logger.error('Failed to initialize Greenlock:', error);
+            reject(error);
+          }
+        });
+
+      } else if (this.httpsConfig.mode === 'auto-encrypt') {
+        // Auto Encrypt mode
+        logger.info('Starting HTTPS server with Auto Encrypt...');
+        
+        try {
+
+          console.log('auto ', AutoEncrypt);
+          // Auto Encrypt wraps and manages the HTTPS server
+          // It expects the Express app and domain configuration
+          const autoEncrypt = new AutoEncrypt({
+            domains: [this.httpsConfig.domain],
+            server: this.fear.getApp()
+          });
+
+          if (this.httpsConfig.staging) {
+            autoEncrypt.staging = true;
+          }
+
+          if (this.autoEncryptOptions && this.autoEncryptOptions.settingsPath) {
+            autoEncrypt.settingsPath = this.autoEncryptOptions.settingsPath;
+          }
+          
+          return new Promise((resolve, reject) => {
+            // Auto Encrypt's serve() method starts the server
+            autoEncrypt.serve(httpsPort)
+              .then((server) => {
+                httpsServer = server;
+                logger.info(`HTTPS server running on port ${httpsPort} with Auto Encrypt`);
+                
+                // Setup HTTP redirect server if enabled
+                if (this.httpsConfig.redirectHttp) {
+                  const httpRedirectPort = this.fear.getApp().get("PORT") || DEFAULT_PORT;
+                  this.httpRedirectServer = this._createHttpRedirectServer(httpsPort);
+                  
+                  this.httpRedirectServer.listen(httpRedirectPort, () => {
+                    logger.info(`HTTP redirect server running on port ${httpRedirectPort} → HTTPS`);
+                  });
+                }
+                
+                resolve(server);
+              })
+              .catch((err) => {
+                logger.error(`Failed to start HTTPS server on port ${httpsPort}:`, err);
+                reject(err);
+              });
+          });
+        } catch (error) {
+          logger.error('Failed to create Auto Encrypt server:', error);
+          //throw error;
+        }
+
+      } else if (this.httpsConfig.mode === 'manual') {
+        // Manual certificate mode
+        logger.info('Starting HTTPS server with manual certificates...');
+        
+        httpsServer = this._createManualHttpsServer();
+
+        return new Promise((resolve, reject) => {
+          httpsServer.listen(httpsPort, (err) => {
+            if (err) {
+              logger.error(`Failed to start HTTPS server on port ${httpsPort}:`, err);
+              return reject(err);
+            }
+            
+            logger.info(`HTTPS server running on port ${httpsPort}`);
+            resolve(httpsServer);
+          });
+
+          // Setup HTTP redirect server if enabled
+          if (this.httpsConfig.redirectHttp) {
+            const httpRedirectPort = this.fear.getApp().get("PORT") || DEFAULT_PORT;
+            this.httpRedirectServer = this._createHttpRedirectServer(httpsPort);
+            
+            this.httpRedirectServer.listen(httpRedirectPort, () => {
+              logger.info(`HTTP redirect server running on port ${httpRedirectPort} → HTTPS`);
+            });
+          }
+
+          httpsServer.on('error', (err) => {
+            if (err.code === 'EADDRINUSE') {
+              logger.error(`Port ${httpsPort} is already in use`);
+            } else {
+              logger.error('HTTPS server error:', err);
+            }
+            reject(err);
+          });
+        });
+      }
+    },
+
     /**
      * Perform graceful shutdown
      */
@@ -368,12 +719,22 @@ const FearServer = (function () {
         process.exit(1);
       }, SHUTDOWN_TIMEOUT);
 
-      // Close server connections
-      const closeServerPromise = this.server
-        ? new Promise((resolve) => this.server.close(resolve))
-        : Promise.resolve();
+      // Close all server connections
+      const closePromises = [];
+
+      if (this.server) {
+        closePromises.push(new Promise((resolve) => this.server.close(resolve)));
+      }
+
+      if (this.httpsServer) {
+        closePromises.push(new Promise((resolve) => this.httpsServer.close(resolve)));
+      }
+
+      if (this.httpRedirectServer) {
+        closePromises.push(new Promise((resolve) => this.httpRedirectServer.close(resolve)));
+      }
 
-      return closeServerPromise
+      return Promise.all(closePromises)
         .then(() => {
           // Shutdown FEAR application
           if (this.fear && typeof this.fear.shutdown === 'function') {
@@ -443,7 +804,7 @@ const FearServer = (function () {
     },
 
     /**
-     * Start the server
+     * Start the server (HTTP or HTTPS based on configuration)
      */
     startServer() {
       const port = this.fear.getApp().get("PORT") || DEFAULT_PORT;
@@ -460,20 +821,57 @@ const FearServer = (function () {
       // Initialize database connection
       return this.initializeDatabase()
         .then(() => {
-          // Start the HTTP server
-          return this.startHttpServer(port);
+          // Start HTTPS if configured, otherwise HTTP
+          if (this.httpsConfig) {
+            return this._startHttpsServer();
+          } else {
+            return this.startHttpServer(port);
+          }
         })
         .then((server) => {
-          this.server = server;
+          if (this.httpsConfig) {
+            this.httpsServer = server;
+          } else {
+            this.server = server;
+          }
+
           logger.info('═══════════════════════════════════════');
-          logger.info(`FEAR API Server Running on Port ${port}`);
+          
+          if (this.httpsConfig) {
+            logger.info(`🔒 FEAR API Server Running on HTTPS Port ${this.httpsConfig.httpsPort}`);
+            
+            if (this.httpsConfig.mode === 'greenlock') {
+              logger.info(`🔐 Auto-encryption: ENABLED (Greenlock/Let's Encrypt)`);
+              logger.info(`📧 Domain: ${this.httpsConfig.domain}`);
+              logger.info(`📧 Email: ${this.httpsConfig.email}`);
+            } else if (this.httpsConfig.mode === 'auto-encrypt') {
+              logger.info(`🔐 Auto-encryption: ENABLED (Auto Encrypt/Let's Encrypt)`);
+              logger.info(`📧 Domain: ${this.httpsConfig.domain}`);
+            } else {
+              logger.info(`🔐 Manual SSL certificates loaded`);
+            }
+
+            if (this.httpsConfig.redirectHttp) {
+              logger.info(`↪️  HTTP → HTTPS redirect enabled`);
+            }
+          } else {
+            logger.info(`FEAR API Server Running on HTTP Port ${port}`);
+          }
+
           logger.info('═══════════════════════════════════════');
           
           // Display registered React apps
           if (this.reactApps.length > 0) {
             logger.info('📱 React Apps:');
+            const protocol = this.httpsConfig ? 'https' : 'http';
+            const displayPort = this.httpsConfig ? this.httpsConfig.httpsPort : port;
+            const portDisplay = (protocol === 'https' && displayPort === 443) || 
+                               (protocol === 'http' && displayPort === 80) 
+                               ? '' : `:${displayPort}`;
+            
             this.reactApps.forEach(app => {
-              logger.info(`• http://localhost:${port}${app.basePath}`);
+              const host = this.httpsConfig?.domain || 'localhost';
+              logger.info(`• ${protocol}://${host}${portDisplay}${app.basePath}`);
             });
             logger.info('═══════════════════════════════════════');
           }
@@ -507,6 +905,20 @@ const FearServer = (function () {
       return this.server;
     },
 
+    /**
+     * Get HTTPS server instance
+     */
+    getHttpsServer() {
+      return this.httpsServer;
+    },
+
+    /**
+     * Get HTTP redirect server instance
+     */
+    getHttpRedirectServer() {
+      return this.httpRedirectServer;
+    },
+
     /**
      * Get Router instance
      */
@@ -540,6 +952,20 @@ const FearServer = (function () {
      */
     isEnvLoaded() {
       return this.envLoaded;
+    },
+
+    /**
+     * Get HTTPS configuration
+     */
+    getHttpsConfig() {
+      return this.httpsConfig;
+    },
+
+    /**
+     * Check if HTTPS is enabled
+     */
+    isHttpsEnabled() {
+      return !!this.httpsConfig;
     }
   };
 

package/libs/greenlock/setup.js

@@ -0,0 +1,105 @@
+#!/usr/bin/env node
+
+/**
+ * Greenlock Domain Configuration Script
+ * 
+ * This script configures your domain(s) with Greenlock.
+ * Run this once before starting your server.
+ */
+
+const path = require('path');
+const fs = require('fs');
+
+// Load environment variables
+require('dotenv').config();
+
+const domain = process.env.DOMAIN || process.argv[2];
+const email = process.env.ADMIN_EMAIL || process.argv[3];
+const altDomains = process.env.ALT_DOMAINS ? process.env.ALT_DOMAINS.split(',') : [];
+
+if (!domain) {
+  console.error('❌ Error: Domain is required');
+  console.log('Usage: node configure-greenlock.js <domain> [email]');
+  console.log('   OR: Set DOMAIN and ADMIN_EMAIL in .env file');
+  process.exit(1);
+}
+
+if (!email) {
+  console.error('❌ Error: Email is required');
+  console.log('Usage: node configure-greenlock.js <domain> <email>');
+  console.log('   OR: Set DOMAIN and ADMIN_EMAIL in .env file');
+  process.exit(1);
+}
+
+const allDomains = [domain, ...altDomains.filter(d => d && d !== domain)];
+
+console.log('🔧 Configuring Greenlock...\n');
+console.log(`Domain: ${domain}`);
+console.log(`Email: ${email}`);
+if (altDomains.length > 0) {
+  console.log(`Alt domains: ${altDomains.join(', ')}`);
+}
+console.log('');
+
+try {
+  const greenlockExpress = require('@root/greenlock-express');
+  
+  const configDir = process.env.GREENLOCK_DIR || path.join(__dirname, 'greenlock.d');
+  
+  // Ensure config directory exists
+  if (!fs.existsSync(configDir)) {
+    fs.mkdirSync(configDir, { recursive: true });
+    console.log(`✓ Created config directory: ${configDir}`);
+  }
+
+  // Initialize Greenlock
+  const greenlock = greenlockExpress.init({
+    packageRoot: path.resolve(),
+    configDir: configDir,
+    maintainerEmail: email,
+    cluster: false
+  });
+
+  console.log('✓ Greenlock initialized\n', greenlock);
+  
+  // Wait for Greenlock to be ready, then configure domains
+  console.log('⏳ Configuring domain...');
+  
+  greenlock.ready((manager) => {
+    console.log('manager = ', manager);
+  manager.defaults({
+    agreeToTerms: true,
+    subscriberEmail: email
+  }).then(() => {
+    console.log('✓ Set default configuration');
+    
+    return greenlock.manager.add({
+      subject: domain,
+      altnames: allDomains
+    });
+  }).then(() => {
+    console.log(`✓ Domain configured: ${domain}`);
+    if (altDomains.length > 0) {
+      console.log(`✓ Alt domains added: ${altDomains.join(', ')}`);
+    }
+    console.log('');
+    console.log('✅ Greenlock configuration complete!');
+    console.log('You can now start your server.');
+    process.exit(0);
+  }).catch((error) => {
+    console.error('❌ Configuration failed:', error.message);
+    console.log('');
+    console.log('Troubleshooting:');
+    console.log('1. Make sure @root/greenlock-express is installed');
+    console.log('2. Check that your domain points to this server');
+    console.log('3. Ensure ports 80 and 443 are accessible');
+    process.exit(1);
+  });})
+
+} catch (error) {
+  console.error('❌ Error:', error.message);
+  console.log('');
+  console.log('Make sure Greenlock is installed:');
+  console.log('  npm install @root/greenlock-express');
+  process.exit(1);
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@feardread/fear",
-  "version": "2.0.5",
+  "version": "2.0.6",
   "description": "",
   "main": "index.js",
   "scripts": {