@lamalibre/create-portlama 1.0.23 → 1.0.25

package/LICENSE.md

@@ -13,6 +13,7 @@ You may use, copy, modify, and distribute this software for any **noncommercial*
 Commercial use of this software requires a commercial license, available by contacting licence@codelama.com.tr.
 
 Commercial use includes, but is not limited to:
+
 - Using Portlama in a business to serve data to clients or partners
 - Deploying Portlama as part of a revenue-generating service or product
 - Using Portlama internally at a for-profit organization
@@ -85,7 +86,7 @@ The first time you are notified in writing that you have violated any of these t
 
 ### No Liability
 
-***As far as the law allows, the software comes as is, without any warranty or condition, and the licensor will not be liable to you for any damages arising out of these terms or the use or nature of the software, under any kind of legal claim.***
+**_As far as the law allows, the software comes as is, without any warranty or condition, and the licensor will not be liable to you for any damages arising out of these terms or the use or nature of the software, under any kind of legal claim._**
 
 ### Definitions
 

package/README.md

@@ -30,13 +30,13 @@ configured through the browser-based onboarding wizard after installation.
 
 ## Requirements
 
-| Requirement       | Details              |
-| ----------------- | -------------------- |
-| OS                | Ubuntu 24.04 LTS     |
-| Access            | root                 |
-| Node.js           | >= 20.0.0            |
-| RAM               | 512 MB minimum       |
-| Recommended       | DigitalOcean $4 droplet |
+| Requirement | Details                 |
+| ----------- | ----------------------- |
+| OS          | Ubuntu 24.04 LTS        |
+| Access      | root                    |
+| Node.js     | >= 20.0.0               |
+| RAM         | 512 MB minimum          |
+| Recommended | DigitalOcean $4 droplet |
 
 ## Further Reading
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lamalibre/create-portlama",
-  "version": "1.0.23",
+  "version": "1.0.25",
   "description": "One-command setup for secure reverse tunnels with a management dashboard",
   "type": "module",
   "license": "SEE LICENSE IN LICENSE.md",

package/scripts/bundle-vendor.js

@@ -23,9 +23,7 @@ async function main() {
   // --- panel-server: package.json + src/ ---
   const serverSrc = join(monorepoRoot, 'packages', 'panel-server');
   if (!existsSync(serverSrc)) {
-    throw new Error(
-      `panel-server not found at ${serverSrc}. Run from the monorepo root.`,
-    );
+    throw new Error(`panel-server not found at ${serverSrc}. Run from the monorepo root.`);
   }
 
   const serverDest = join(vendorDir, 'panel-server');
@@ -40,9 +38,7 @@ async function main() {
   // --- panel-client: dist/ (pre-built assets) ---
   const clientDist = join(monorepoRoot, 'packages', 'panel-client', 'dist');
   if (!existsSync(clientDist)) {
-    throw new Error(
-      `panel-client/dist/ not found at ${clientDist}. Run "npm run build" first.`,
-    );
+    throw new Error(`panel-client/dist/ not found at ${clientDist}. Run "npm run build" first.`);
   }
 
   const clientDest = join(vendorDir, 'panel-client');

package/src/index.js

@@ -167,7 +167,7 @@ ${b('9. Remove swap file (optional)')}
   ${c('sudo rm /swapfile')}
   ${d('Remove the /swapfile line from /etc/fstab')}
 
-${b('10. Remove Let\'s Encrypt certificates (optional)')}
+${b("10. Remove Let's Encrypt certificates (optional)")}
 
   ${d('List Portlama-issued certs:')}
   ${c('sudo certbot certificates')}
@@ -364,13 +364,10 @@ ${chalk.cyan.bold('└───────────────────
   });
 
   await new Promise((resolve) => {
-    rl.question(
-      `\n  ${chalk.white.bold('Press Enter to continue or Ctrl+C to abort...')} `,
-      () => {
-        rl.close();
-        resolve();
-      },
-    );
+    rl.question(`\n  ${chalk.white.bold('Press Enter to continue or Ctrl+C to abort...')} `, () => {
+      rl.close();
+      resolve();
+    });
   });
 }
 

package/src/lib/env.js

@@ -10,9 +10,7 @@ export async function detectOS() {
   try {
     content = await readFile('/etc/os-release', 'utf8');
   } catch {
-    throw new Error(
-      'Could not read /etc/os-release. Portlama requires Ubuntu 24.04.',
-    );
+    throw new Error('Could not read /etc/os-release. Portlama requires Ubuntu 24.04.');
   }
 
   const fields = {};
@@ -29,9 +27,7 @@ export async function detectOS() {
   const prettyName = fields.PRETTY_NAME || `${id} ${versionId}`;
 
   if (id !== 'ubuntu' || !versionId.startsWith('24.04')) {
-    throw new Error(
-      `Portlama requires Ubuntu 24.04. Detected: ${prettyName}`,
-    );
+    throw new Error(`Portlama requires Ubuntu 24.04. Detected: ${prettyName}`);
   }
 
   return { id, versionId, prettyName };
@@ -45,7 +41,7 @@ export async function detectOS() {
  * @returns {string} The IPv4 address.
  */
 export async function detectIP({ allowPrivate = false } = {}) {
-  const isAcceptable = (ip) => allowPrivate ? isValidIPv4(ip) : isPublicIP(ip);
+  const isAcceptable = (ip) => (allowPrivate ? isValidIPv4(ip) : isPublicIP(ip));
 
   // Try DigitalOcean metadata API first
   try {

package/src/lib/service-config.js

@@ -47,9 +47,6 @@ WantedBy=multi-user.target
  * @returns {string}
  */
 export function generateSudoersContent() {
-  const processUid = process.getuid?.() ?? 0;
-  const processGid = process.getgid?.() ?? 0;
-
   return `# Portlama panel-server sudo rules
 # Allows the portlama user to manage specific services and run specific commands
 
@@ -120,7 +117,7 @@ portlama ALL=(root) NOPASSWD: /usr/local/bin/authelia storage *
 portlama ALL=(root) NOPASSWD: /usr/bin/mkdir -p /var/www/portlama/*
 portlama ALL=(root) NOPASSWD: /usr/bin/chown -R www-data\\:www-data /var/www/portlama/*
 portlama ALL=(root) NOPASSWD: /usr/bin/chown www-data\\:www-data /var/www/portlama/*
-portlama ALL=(root) NOPASSWD: /usr/bin/chown ${processUid}\\:${processGid} /var/www/portlama/*
+portlama ALL=(root) NOPASSWD: /usr/bin/chown portlama\\:portlama /var/www/portlama/*
 portlama ALL=(root) NOPASSWD: /usr/bin/chmod -R 755 /var/www/portlama/*
 portlama ALL=(root) NOPASSWD: /usr/bin/chmod 644 /var/www/portlama/*
 portlama ALL=(root) NOPASSWD: /usr/bin/rm -rf /var/www/portlama/*

package/src/tasks/harden.js

@@ -31,18 +31,12 @@ export function hardenTasks(ctx, task) {
         // Add to /etc/fstab if not already present
         const fstab = await readFile('/etc/fstab', 'utf8');
         if (!fstab.includes('/swapfile')) {
-          await writeFile(
-            '/etc/fstab',
-            fstab.trimEnd() + '\n/swapfile none swap sw 0 0\n',
-          );
+          await writeFile('/etc/fstab', fstab.trimEnd() + '\n/swapfile none swap sw 0 0\n');
         }
 
         // Set swappiness
         await execa('sysctl', ['vm.swappiness=10']);
-        await writeFile(
-          '/etc/sysctl.d/99-portlama.conf',
-          'vm.swappiness=10\n',
-        );
+        await writeFile('/etc/sysctl.d/99-portlama.conf', 'vm.swappiness=10\n');
 
         subtask.output = 'Swap file created and activated';
       },
@@ -177,10 +171,7 @@ bantime = 3600
         subtask.output = 'Restarting fail2ban...';
         await execa('systemctl', ['restart', 'fail2ban']);
 
-        const { stdout: status } = await execa('systemctl', [
-          'is-active',
-          'fail2ban',
-        ]);
+        const { stdout: status } = await execa('systemctl', ['is-active', 'fail2ban']);
         subtask.output = `fail2ban status: ${status.trim()}`;
       },
       rendererOptions: { persistentOutput: true },

package/src/tasks/mtls.js

@@ -17,8 +17,7 @@ import { generatePassword } from '../lib/secrets.js';
  */
 export function mtlsTasks(ctx, task) {
   const pkiDir = ctx.pkiDir;
-  const alreadyProvisioned =
-    existsSync(`${pkiDir}/ca.key`) && existsSync(`${pkiDir}/client.p12`);
+  const alreadyProvisioned = existsSync(`${pkiDir}/ca.key`) && existsSync(`${pkiDir}/client.p12`);
 
   if (alreadyProvisioned) {
     return task.newListr([
@@ -26,10 +25,7 @@ export function mtlsTasks(ctx, task) {
         title: 'mTLS certificates already exist — skipping generation',
         task: async () => {
           // Read the existing p12 password so the summary can display it.
-          ctx.p12Password = await readFile(
-            `${pkiDir}/.p12-password`,
-            'utf8',
-          );
+          ctx.p12Password = await readFile(`${pkiDir}/.p12-password`, 'utf8');
         },
       },
     ]);
@@ -83,12 +79,7 @@ export function mtlsTasks(ctx, task) {
       title: 'Generating client key and CSR',
       task: async (_ctx, subtask) => {
         subtask.output = 'Generating 4096-bit RSA client key...';
-        await execa('openssl', [
-          'genrsa',
-          '-out',
-          `${pkiDir}/client.key`,
-          '4096',
-        ]);
+        await execa('openssl', ['genrsa', '-out', `${pkiDir}/client.key`, '4096']);
 
         subtask.output = 'Creating certificate signing request...';
         await execa('openssl', [
@@ -149,22 +140,30 @@ export function mtlsTasks(ctx, task) {
         const password = generatePassword();
 
         subtask.output = 'Creating PKCS12 bundle for browser import...';
-        await execa('openssl', [
-          'pkcs12',
-          '-export',
-          '-keypbe', 'PBE-SHA1-3DES',
-          '-certpbe', 'PBE-SHA1-3DES',
-          '-macalg', 'sha1',
-          '-out',
-          `${pkiDir}/client.p12`,
-          '-inkey',
-          `${pkiDir}/client.key`,
-          '-in',
-          `${pkiDir}/client.crt`,
-          '-certfile',
-          `${pkiDir}/ca.crt`,
-          '-passout', 'stdin',
-        ], { input: password });
+        await execa(
+          'openssl',
+          [
+            'pkcs12',
+            '-export',
+            '-keypbe',
+            'PBE-SHA1-3DES',
+            '-certpbe',
+            'PBE-SHA1-3DES',
+            '-macalg',
+            'sha1',
+            '-out',
+            `${pkiDir}/client.p12`,
+            '-inkey',
+            `${pkiDir}/client.key`,
+            '-in',
+            `${pkiDir}/client.crt`,
+            '-certfile',
+            `${pkiDir}/ca.crt`,
+            '-passout',
+            'stdin',
+          ],
+          { input: password },
+        );
 
         // Save password to file (no trailing newline)
         await writeFile(`${pkiDir}/.p12-password`, password, { mode: 0o600 });

package/src/tasks/nginx.js

@@ -54,10 +54,7 @@ export function nginxTasks(ctx, task) {
         const mtlsSnippet = `ssl_client_certificate ${pkiDir}/ca.crt;
 ssl_verify_client on;
 `;
-        await writeFile(
-          '/etc/nginx/snippets/portlama-mtls.conf',
-          mtlsSnippet,
-        );
+        await writeFile('/etc/nginx/snippets/portlama-mtls.conf', mtlsSnippet);
 
         subtask.output = 'mTLS snippet written to /etc/nginx/snippets/portlama-mtls.conf';
       },
@@ -130,10 +127,7 @@ server {
     }
 }
 `;
-        await writeFile(
-          '/etc/nginx/sites-available/portlama-panel-ip',
-          vhostConfig,
-        );
+        await writeFile('/etc/nginx/sites-available/portlama-panel-ip', vhostConfig);
 
         subtask.output = 'Vhost written to /etc/nginx/sites-available/portlama-panel-ip';
       },
@@ -187,10 +181,7 @@ server {
         await execa('systemctl', ['enable', 'nginx']);
         await execa('systemctl', ['restart', 'nginx']);
 
-        const { stdout: status } = await execa('systemctl', [
-          'is-active',
-          'nginx',
-        ]);
+        const { stdout: status } = await execa('systemctl', ['is-active', 'nginx']);
         if (status.trim() !== 'active') {
           throw new Error(`nginx failed to start. Status: ${status.trim()}`);
         }

package/src/tasks/node.js

@@ -54,9 +54,7 @@ export function nodeTasks(ctx, task) {
         try {
           await execa('bash', [setupScript]);
         } catch (error) {
-          throw new Error(
-            `NodeSource setup script failed.\n${error.stderr || error.message}`,
-          );
+          throw new Error(`NodeSource setup script failed.\n${error.stderr || error.message}`);
         }
 
         await unlink(setupScript).catch(() => {});

package/src/tasks/panel.js

@@ -92,11 +92,7 @@ export function panelTasks(ctx, task) {
           );
         }
 
-        await execa('chown', [
-          '-R',
-          'portlama:portlama',
-          serverDest,
-        ]);
+        await execa('chown', ['-R', 'portlama:portlama', serverDest]);
 
         subtask.output = 'Panel server deployed';
       },
@@ -203,16 +199,9 @@ export function panelTasks(ctx, task) {
           };
         }
 
-        await writeFile(
-          configPath,
-          JSON.stringify(config, null, 2) + '\n',
-          { mode: 0o640 },
-        );
+        await writeFile(configPath, JSON.stringify(config, null, 2) + '\n', { mode: 0o640 });
 
-        await execa('chown', [
-          'portlama:portlama',
-          configPath,
-        ]);
+        await execa('chown', ['portlama:portlama', configPath]);
 
         subtask.output = `Configuration written to ${configPath}`;
       },
@@ -222,10 +211,7 @@ export function panelTasks(ctx, task) {
       title: 'Writing systemd service unit',
       task: async (_ctx, subtask) => {
         const serviceUnit = generateServiceUnit({ installDir, configDir });
-        await writeFile(
-          '/etc/systemd/system/portlama-panel.service',
-          serviceUnit,
-        );
+        await writeFile('/etc/systemd/system/portlama-panel.service', serviceUnit);
 
         subtask.output = 'Systemd service unit written';
       },
@@ -267,10 +253,7 @@ export function panelTasks(ctx, task) {
         subtask.output = 'Waiting for service to start...';
         await sleep(3000);
 
-        const { stdout: status } = await execa('systemctl', [
-          'is-active',
-          'portlama-panel',
-        ]);
+        const { stdout: status } = await execa('systemctl', ['is-active', 'portlama-panel']);
         if (status.trim() !== 'active') {
           const { stdout: logs } = await execa('journalctl', [
             '-u',

package/src/tasks/redeploy.js

@@ -70,10 +70,7 @@ export function redeployTasks(ctx, task) {
       title: 'Stopping panel service',
       task: async (_ctx, subtask) => {
         try {
-          const { stdout: status } = await execa('systemctl', [
-            'is-active',
-            'portlama-panel',
-          ]);
+          const { stdout: status } = await execa('systemctl', ['is-active', 'portlama-panel']);
           if (status.trim() === 'active') {
             await execa('systemctl', ['stop', 'portlama-panel']);
             subtask.output = 'Service stopped';
@@ -134,9 +131,7 @@ export function redeployTasks(ctx, task) {
 
         const prebuiltDist = join(clientSrc, 'dist');
         if (!existsSync(join(prebuiltDist, 'index.html'))) {
-          throw new Error(
-            'Pre-built panel-client dist not found. The package may be corrupted.',
-          );
+          throw new Error('Pre-built panel-client dist not found. The package may be corrupted.');
         }
 
         subtask.output = 'Copying panel-client dist...';
@@ -169,11 +164,7 @@ export function redeployTasks(ctx, task) {
           staticDir: join(installDir, 'panel-client', 'dist'),
         };
 
-        await writeFile(
-          configPath,
-          JSON.stringify(config, null, 2) + '\n',
-          { mode: 0o640 },
-        );
+        await writeFile(configPath, JSON.stringify(config, null, 2) + '\n', { mode: 0o640 });
         await execa('chown', ['portlama:portlama', configPath]);
 
         subtask.output = 'Configuration updated';
@@ -185,10 +176,7 @@ export function redeployTasks(ctx, task) {
       task: async (_ctx, subtask) => {
         subtask.output = 'Writing systemd service unit...';
         const serviceUnit = generateServiceUnit({ installDir, configDir });
-        await writeFile(
-          '/etc/systemd/system/portlama-panel.service',
-          serviceUnit,
-        );
+        await writeFile('/etc/systemd/system/portlama-panel.service', serviceUnit);
 
         subtask.output = 'Writing sudoers rules...';
         const sudoersContent = generateSudoersContent();
@@ -220,10 +208,7 @@ export function redeployTasks(ctx, task) {
         subtask.output = 'Waiting for service to start...';
         await sleep(3000);
 
-        const { stdout: status } = await execa('systemctl', [
-          'is-active',
-          'portlama-panel',
-        ]);
+        const { stdout: status } = await execa('systemctl', ['is-active', 'portlama-panel']);
         if (status.trim() !== 'active') {
           const { stdout: logs } = await execa('journalctl', [
             '-u',
@@ -254,9 +239,7 @@ export function redeployTasks(ctx, task) {
             '-n',
             '20',
           ]);
-          throw new Error(
-            `Panel health check failed.\nRecent logs:\n${logs}\n${error.message}`,
-          );
+          throw new Error(`Panel health check failed.\nRecent logs:\n${logs}\n${error.message}`);
         }
       },
       rendererOptions: { persistentOutput: true },