@muhammedaksam/easiarr 0.5.0 → 0.5.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@muhammedaksam/easiarr",
-  "version": "0.5.0",
+  "version": "0.5.2",
   "description": "TUI tool for generating docker-compose files for the *arr media ecosystem with 41 apps, TRaSH Guides best practices, VPN routing, and Traefik reverse proxy support",
   "module": "src/index.ts",
   "type": "module",

package/src/api/portainer-api.ts

@@ -0,0 +1,231 @@
+/**
+ * Portainer API Client
+ * Handles Portainer-specific API calls for initialization and management
+ */
+
+import { debugLog } from "../utils/debug"
+import { ensureMinPasswordLength } from "../utils/password"
+
+// Portainer requires minimum 12 character password
+export const PORTAINER_MIN_PASSWORD_LENGTH = 12
+
+export interface PortainerUser {
+  Id?: number
+  Username: string
+  Password?: string
+  Role?: number
+}
+
+// Result from admin initialization - includes actual password used
+export interface PortainerInitResult {
+  user: PortainerUser
+  /** The actual password used (may be padded if global was < 12 chars) */
+  actualPassword: string
+  /** True if password was modified (padded) from the original */
+  passwordWasPadded: boolean
+}
+
+export interface PortainerStatus {
+  Version: string
+  InstanceID: string
+}
+
+export interface PortainerSettings {
+  AuthenticationMethod: number
+  LogoURL: string
+  BlackListedLabels: string[]
+  InternalAuthSettings: {
+    RequiredPasswordLength: number
+  }
+}
+
+// Auth response from login
+export interface PortainerAuthResponse {
+  jwt: string
+}
+
+// API Key creation response
+export interface PortainerApiKeyResponse {
+  rawAPIKey: string
+  apiKey: {
+    id: number
+    userId: number
+    description: string
+    prefix: string
+    dateCreated: number
+    lastUsed: number
+    digest: string
+  }
+}
+
+/**
+ * Portainer API Client
+ */
+export class PortainerApiClient {
+  private baseUrl: string
+  private jwtToken: string | null = null
+
+  constructor(host: string, port: number) {
+    this.baseUrl = `http://${host}:${port}`
+  }
+
+  private async request<T>(endpoint: string, options: RequestInit = {}): Promise<T> {
+    const url = `${this.baseUrl}/api${endpoint}`
+    const headers: Record<string, string> = {
+      "Content-Type": "application/json",
+      ...(options.headers as Record<string, string>),
+    }
+
+    // Add JWT token if authenticated
+    if (this.jwtToken) {
+      headers["Authorization"] = `Bearer ${this.jwtToken}`
+    }
+
+    debugLog("PortainerAPI", `${options.method || "GET"} ${url}`)
+    if (options.body) {
+      debugLog("PortainerAPI", `Request Body: ${options.body}`)
+    }
+
+    const response = await fetch(url, { ...options, headers })
+    const text = await response.text()
+
+    debugLog("PortainerAPI", `Response ${response.status} from ${endpoint}`)
+    if (text && text.length < 2000) {
+      debugLog("PortainerAPI", `Response Body: ${text}`)
+    }
+
+    if (!response.ok) {
+      throw new Error(`Portainer API request failed: ${response.status} ${response.statusText} - ${text}`)
+    }
+
+    if (!text) return {} as T
+    return JSON.parse(text) as T
+  }
+
+  /**
+   * Check if Portainer needs initial admin user setup.
+   * Returns true if no admin user exists yet.
+   */
+  async needsInitialization(): Promise<boolean> {
+    try {
+      const response = await fetch(`${this.baseUrl}/api/users/admin/check`)
+      // 404 means no admin exists yet - needs initialization
+      // 204 means admin already exists
+      return response.status === 404
+    } catch (error) {
+      debugLog("PortainerAPI", `Check admin error: ${error}`)
+      return false
+    }
+  }
+
+  /**
+   * Login to Portainer and store JWT token for subsequent requests.
+   *
+   * @param username - Admin username
+   * @param password - Admin password
+   * @returns JWT token
+   */
+  async login(username: string, password: string): Promise<string> {
+    const safePassword = ensureMinPasswordLength(password, PORTAINER_MIN_PASSWORD_LENGTH)
+
+    const response = await this.request<PortainerAuthResponse>("/auth", {
+      method: "POST",
+      body: JSON.stringify({
+        username,
+        password: safePassword,
+      }),
+    })
+
+    this.jwtToken = response.jwt
+    return response.jwt
+  }
+
+  /**
+   * Initialize the admin user for a fresh Portainer installation.
+   * Password will be automatically padded if shorter than 12 characters.
+   * Automatically logs in after initialization.
+   *
+   * @param username - Admin username
+   * @param password - Admin password (will be padded if needed)
+   * @returns Init result with user, actual password, and padding flag - or null if already initialized
+   */
+  async initializeAdmin(username: string, password: string): Promise<PortainerInitResult | null> {
+    // Check if initialization is needed
+    const needsInit = await this.needsInitialization()
+    if (!needsInit) {
+      debugLog("PortainerAPI", "Admin already initialized, skipping")
+      return null
+    }
+
+    // Ensure password meets Portainer's minimum length requirement
+    const safePassword = ensureMinPasswordLength(password, PORTAINER_MIN_PASSWORD_LENGTH)
+    const wasPadded = safePassword !== password
+
+    if (wasPadded) {
+      debugLog("PortainerAPI", `Password padded from ${password.length} to ${safePassword.length} characters`)
+    }
+
+    const user = await this.request<PortainerUser>("/users/admin/init", {
+      method: "POST",
+      body: JSON.stringify({
+        Username: username,
+        Password: safePassword,
+      }),
+    })
+
+    // Auto-login after initialization
+    await this.login(username, safePassword)
+
+    return {
+      user,
+      actualPassword: safePassword,
+      passwordWasPadded: wasPadded,
+    }
+  }
+
+  /**
+   * Generate a permanent API key for the authenticated user.
+   * Must be logged in first (call login() or initializeAdmin()).
+   *
+   * @param userId - User ID (default: 1 for admin)
+   * @param description - Description for the API key
+   * @param password - User password for confirmation
+   * @returns Raw API key to save to .env as API_KEY_PORTAINER
+   */
+  async generateApiKey(password: string, description: string = "easiarr-api-key", userId: number = 1): Promise<string> {
+    if (!this.jwtToken) {
+      throw new Error("Must be logged in to generate API key. Call login() first.")
+    }
+
+    const safePassword = ensureMinPasswordLength(password, PORTAINER_MIN_PASSWORD_LENGTH)
+
+    const response = await this.request<PortainerApiKeyResponse>(`/users/${userId}/tokens`, {
+      method: "POST",
+      body: JSON.stringify({
+        password: safePassword,
+        description,
+      }),
+    })
+
+    return response.rawAPIKey
+  }
+
+  /**
+   * Get Portainer system status
+   */
+  async getStatus(): Promise<PortainerStatus> {
+    return this.request<PortainerStatus>("/status")
+  }
+
+  /**
+   * Check if Portainer is reachable
+   */
+  async isHealthy(): Promise<boolean> {
+    try {
+      await this.getStatus()
+      return true
+    } catch {
+      return false
+    }
+  }
+}

package/src/apps/registry.ts

@@ -448,6 +448,7 @@ export const APPS: Record<AppId, AppDefinition> = {
     puid: 0,
     pgid: 0,
     volumes: (root) => [`${root}/config/portainer:/data`, "/var/run/docker.sock:/var/run/docker.sock"],
+    minPasswordLength: 12, // Portainer requires minimum 12 character password
   },
 
   huntarr: {

package/src/config/schema.ts

@@ -188,6 +188,8 @@ export interface AppDefinition {
   prowlarrCategoryIds?: number[]
   /** Architecture compatibility info - omit if supports all */
   arch?: ArchCompatibility
+  /** Minimum password length requirement for user creation */
+  minPasswordLength?: number
 }
 
 export interface RootFolderMeta {

package/src/ui/screens/ApiKeyViewer.ts

@@ -6,7 +6,8 @@ import { parse as parseYaml } from "yaml"
 import { createPageLayout } from "../components/PageLayout"
 import { EasiarrConfig, AppDefinition } from "../../config/schema"
 import { getApp } from "../../apps/registry"
-import { updateEnv } from "../../utils/env"
+import { updateEnv, readEnvSync } from "../../utils/env"
+import { PortainerApiClient } from "../../api/portainer-api"
 
 /** Generate a random 32-character hex API key */
 function generateApiKey(): string {
@@ -103,12 +104,18 @@ function updateIniValue(content: string, section: string, updates: Record<string
 
 type KeyStatus = "found" | "missing" | "error" | "generated"
 
+interface PortainerCredentials {
+  apiKey: string
+  password?: string // Only set if padded (different from global)
+}
+
 export class ApiKeyViewer extends BoxRenderable {
   private config: EasiarrConfig
   private keys: Array<{ appId: string; app: string; key: string; status: KeyStatus }> = []
   private keyHandler!: (key: KeyEvent) => void
   private cliRenderer: CliRenderer
   private statusText: TextRenderable | null = null
+  private portainerCredentials: PortainerCredentials | null = null
 
   constructor(renderer: CliRenderer, config: EasiarrConfig, onBack: () => void) {
     super(renderer, {
@@ -131,6 +138,12 @@ export class ApiKeyViewer extends BoxRenderable {
     for (const appConfig of this.config.apps) {
       if (!appConfig.enabled) continue
 
+      // Handle Portainer separately (uses API, not config file)
+      if (appConfig.id === "portainer") {
+        this.scanPortainer(appConfig.port || 9000)
+        continue
+      }
+
       const appDef = getApp(appConfig.id)
       if (!appDef || !appDef.apiKeyMeta) continue
 
@@ -160,6 +173,41 @@ export class ApiKeyViewer extends BoxRenderable {
     }
   }
 
+  private scanPortainer(_port: number) {
+    const env = readEnvSync()
+    const existingApiKey = env["API_KEY_PORTAINER"]
+
+    if (existingApiKey) {
+      this.keys.push({
+        appId: "portainer",
+        app: "Portainer",
+        key: existingApiKey,
+        status: "found",
+      })
+      return
+    }
+
+    // Will attempt to initialize/login when saving
+    const globalPassword = env["GLOBAL_PASSWORD"]
+    if (!globalPassword) {
+      this.keys.push({
+        appId: "portainer",
+        app: "Portainer",
+        key: "No GLOBAL_PASSWORD set in .env",
+        status: "missing",
+      })
+      return
+    }
+
+    // Add pending entry - actual API call happens on save
+    this.keys.push({
+      appId: "portainer",
+      app: "Portainer",
+      key: "Press S to generate API key",
+      status: "missing",
+    })
+  }
+
   private extractApiKey(
     appDef: AppDefinition,
     content: string,
@@ -338,20 +386,47 @@ export class ApiKeyViewer extends BoxRenderable {
 
   private async saveToEnv() {
     const foundKeys = this.keys.filter((k) => k.status === "found" || k.status === "generated")
-    if (foundKeys.length === 0) return
 
     try {
       // Build updates object with API keys
       const updates: Record<string, string> = {}
+
       for (const k of foundKeys) {
-        updates[`API_KEY_${k.appId.toUpperCase()}`] = k.key
+        if (k.appId !== "portainer") {
+          updates[`API_KEY_${k.appId.toUpperCase()}`] = k.key
+        }
+      }
+
+      // Handle Portainer separately - need to call API
+      const portainerEntry = this.keys.find((k) => k.appId === "portainer")
+      if (portainerEntry && portainerEntry.status === "missing") {
+        await this.initializePortainer(updates)
+      } else if (portainerEntry && portainerEntry.status === "found") {
+        updates["API_KEY_PORTAINER"] = portainerEntry.key
+      }
+
+      // Save Portainer credentials if we have them
+      if (this.portainerCredentials) {
+        updates["API_KEY_PORTAINER"] = this.portainerCredentials.apiKey
+        if (this.portainerCredentials.password) {
+          updates["PORTAINER_PASSWORD"] = this.portainerCredentials.password
+        }
+      }
+
+      if (Object.keys(updates).length === 0) {
+        if (this.statusText) {
+          this.statusText.content = "No keys to save"
+          this.statusText.fg = "#f1fa8c"
+        }
+        return
       }
 
       await updateEnv(updates)
 
       // Update status
       if (this.statusText) {
-        this.statusText.content = `✓ Saved ${foundKeys.length} API key(s) to .env`
+        const count = Object.keys(updates).length
+        this.statusText.content = `✓ Saved ${count} key(s) to .env`
       }
     } catch (e) {
       if (this.statusText) {
@@ -360,4 +435,66 @@ export class ApiKeyViewer extends BoxRenderable {
       }
     }
   }
+
+  private async initializePortainer(_updates: Record<string, string>) {
+    const env = readEnvSync()
+    const globalUsername = env["GLOBAL_USERNAME"] || "admin"
+    const globalPassword = env["GLOBAL_PASSWORD"]
+
+    if (!globalPassword) return
+
+    const portainerConfig = this.config.apps.find((a) => a.id === "portainer" && a.enabled)
+    if (!portainerConfig) return
+
+    const port = portainerConfig.port || 9000
+    const client = new PortainerApiClient("localhost", port)
+
+    try {
+      // Check if reachable
+      const healthy = await client.isHealthy()
+      if (!healthy) {
+        if (this.statusText) {
+          this.statusText.content = "Portainer not reachable"
+          this.statusText.fg = "#f1fa8c"
+        }
+        return
+      }
+
+      // Try to initialize or login
+      const result = await client.initializeAdmin(globalUsername, globalPassword)
+
+      if (result) {
+        // New initialization
+        const apiKey = await client.generateApiKey(result.actualPassword, "easiarr-api-key")
+        this.portainerCredentials = {
+          apiKey,
+          password: result.passwordWasPadded ? result.actualPassword : undefined,
+        }
+
+        // Update the display
+        const portainerEntry = this.keys.find((k) => k.appId === "portainer")
+        if (portainerEntry) {
+          portainerEntry.key = apiKey
+          portainerEntry.status = "generated"
+        }
+      } else {
+        // Already initialized, try login with saved password if available
+        const portainerPassword = env["PORTAINER_PASSWORD"] || globalPassword
+        await client.login(globalUsername, portainerPassword)
+        const apiKey = await client.generateApiKey(portainerPassword, "easiarr-api-key")
+        this.portainerCredentials = { apiKey }
+
+        const portainerEntry = this.keys.find((k) => k.appId === "portainer")
+        if (portainerEntry) {
+          portainerEntry.key = apiKey
+          portainerEntry.status = "generated"
+        }
+      }
+    } catch (e) {
+      if (this.statusText) {
+        this.statusText.content = `Portainer error: ${e}`
+        this.statusText.fg = "#ff5555"
+      }
+    }
+  }
 }

package/src/ui/screens/FullAutoSetup.ts

@@ -9,10 +9,11 @@ import type { EasiarrConfig } from "../../config/schema"
 import { ArrApiClient, type AddRootFolderOptions } from "../../api/arr-api"
 import { ProwlarrClient, type ArrAppType } from "../../api/prowlarr-api"
 import { QBittorrentClient, type QBittorrentCategory } from "../../api/qbittorrent-api"
+import { PortainerApiClient } from "../../api/portainer-api"
 import { getApp } from "../../apps/registry"
 // import type { AppId } from "../../config/schema"
 import { getCategoriesForApps } from "../../utils/categories"
-import { readEnvSync } from "../../utils/env"
+import { readEnvSync, updateEnv } from "../../utils/env"
 import { debugLog } from "../../utils/debug"
 
 interface SetupStep {
@@ -77,6 +78,7 @@ export class FullAutoSetup extends BoxRenderable {
       { name: "Prowlarr Apps", status: "pending" },
       { name: "FlareSolverr", status: "pending" },
       { name: "qBittorrent", status: "pending" },
+      { name: "Portainer", status: "pending" },
     ]
   }
 
@@ -122,6 +124,9 @@ export class FullAutoSetup extends BoxRenderable {
     // Step 5: qBittorrent
     await this.setupQBittorrent()
 
+    // Step 6: Portainer
+    await this.setupPortainer()
+
     this.isRunning = false
     this.isDone = true
     this.refreshContent()
@@ -330,6 +335,76 @@ export class FullAutoSetup extends BoxRenderable {
     this.refreshContent()
   }
 
+  private async setupPortainer(): Promise<void> {
+    this.updateStep("Portainer", "running")
+    this.refreshContent()
+
+    const portainerConfig = this.config.apps.find((a) => a.id === "portainer" && a.enabled)
+    if (!portainerConfig) {
+      this.updateStep("Portainer", "skipped", "Not enabled")
+      this.refreshContent()
+      return
+    }
+
+    if (!this.globalPassword) {
+      this.updateStep("Portainer", "skipped", "No GLOBAL_PASSWORD set")
+      this.refreshContent()
+      return
+    }
+
+    try {
+      const port = portainerConfig.port || 9000
+      const client = new PortainerApiClient("localhost", port)
+
+      // Check if we can reach Portainer
+      const healthy = await client.isHealthy()
+      if (!healthy) {
+        this.updateStep("Portainer", "skipped", "Not reachable yet")
+        this.refreshContent()
+        return
+      }
+
+      // Initialize admin user (auto-pads password if needed)
+      const result = await client.initializeAdmin(this.globalUsername, this.globalPassword)
+
+      if (result) {
+        // Generate API key and save to .env
+        const apiKey = await client.generateApiKey(result.actualPassword, "easiarr-api-key")
+
+        const envUpdates: Record<string, string> = {
+          API_KEY_PORTAINER: apiKey,
+        }
+
+        // Save password if it was padded (different from global)
+        if (result.passwordWasPadded) {
+          envUpdates.PORTAINER_PASSWORD = result.actualPassword
+        }
+
+        await updateEnv(envUpdates)
+        this.updateStep("Portainer", "success", "Admin + API key created")
+      } else {
+        // Already initialized, try to login and get API key if we don't have one
+        if (!this.env["API_KEY_PORTAINER"]) {
+          try {
+            // Use saved Portainer password if available (may have been padded)
+            const portainerPassword = this.env["PORTAINER_PASSWORD"] || this.globalPassword
+            await client.login(this.globalUsername, portainerPassword)
+            const apiKey = await client.generateApiKey(portainerPassword, "easiarr-api-key")
+            await updateEnv({ API_KEY_PORTAINER: apiKey })
+            this.updateStep("Portainer", "success", "API key generated")
+          } catch {
+            this.updateStep("Portainer", "skipped", "Already initialized")
+          }
+        } else {
+          this.updateStep("Portainer", "skipped", "Already configured")
+        }
+      }
+    } catch (e) {
+      this.updateStep("Portainer", "error", `${e}`)
+    }
+    this.refreshContent()
+  }
+
   private updateStep(name: string, status: SetupStep["status"], message?: string): void {
     const step = this.steps.find((s) => s.name === name)
     if (step) {

package/src/utils/password.ts

@@ -0,0 +1,42 @@
+/**
+ * Password Utilities
+ * Helpers for password validation and transformation
+ */
+
+/**
+ * Ensures a password meets minimum length requirements by repeating it.
+ * If the password is already long enough, returns it unchanged.
+ *
+ * @param password - The original password
+ * @param minLength - Minimum required length
+ * @returns Password padded to at least minLength characters
+ */
+export function ensureMinPasswordLength(password: string, minLength: number): string {
+  if (!password || password.length === 0) {
+    throw new Error("Password cannot be empty")
+  }
+
+  if (password.length >= minLength) {
+    return password
+  }
+
+  // Repeat the password until it meets minimum length
+  let extendedPassword = password
+  while (extendedPassword.length < minLength) {
+    extendedPassword += password
+  }
+
+  // Return exactly minLength characters
+  return extendedPassword.slice(0, minLength)
+}
+
+/**
+ * Validates if a password meets minimum length requirements.
+ *
+ * @param password - The password to validate
+ * @param minLength - Minimum required length
+ * @returns true if password meets requirements
+ */
+export function isPasswordValid(password: string, minLength: number): boolean {
+  return password !== undefined && password !== null && password.length >= minLength
+}