@push.rocks/smartproxy 7.1.2 → 10.0.0

package/ts/smartproxy/classes.smartproxy.ts

@@ -8,14 +8,15 @@ import { NetworkProxyBridge } from './classes.pp.networkproxybridge.js';
 import { TimeoutManager } from './classes.pp.timeoutmanager.js';
 import { PortRangeManager } from './classes.pp.portrangemanager.js';
 import { ConnectionHandler } from './classes.pp.connectionhandler.js';
-import { Port80Handler, Port80HandlerEvents } from '../port80handler/classes.port80handler.js';
-import * as path from 'path';
-import * as fs from 'fs';
+import { Port80Handler } from '../port80handler/classes.port80handler.js';
+import { CertProvisioner } from './classes.pp.certprovisioner.js';
+import type { ICertificateData } from '../common/types.js';
+import { buildPort80Handler } from '../common/acmeFactory.js';
 
 /**
  * SmartProxy - Main class that coordinates all components
  */
-export class SmartProxy {
+export class SmartProxy extends plugins.EventEmitter {
   private netServers: plugins.net.Server[] = [];
   private connectionLogger: NodeJS.Timeout | null = null;
   private isShuttingDown: boolean = false;
@@ -32,8 +33,11 @@ export class SmartProxy {
   
   // Port80Handler for ACME certificate management
   private port80Handler: Port80Handler | null = null;
+  // CertProvisioner for unified certificate workflows
+  private certProvisioner?: CertProvisioner;
   
   constructor(settingsArg: IPortProxySettings) {
+    super();
     // Set reasonable defaults for all settings
     this.settings = {
       ...settingsArg,
@@ -62,41 +66,25 @@ export class SmartProxy {
       keepAliveInactivityMultiplier: settingsArg.keepAliveInactivityMultiplier || 6,
       extendedKeepAliveLifetime: settingsArg.extendedKeepAliveLifetime || 7 * 24 * 60 * 60 * 1000,
       networkProxyPort: settingsArg.networkProxyPort || 8443,
-      port80HandlerConfig: settingsArg.port80HandlerConfig || {},
+      acme: settingsArg.acme || {},
       globalPortRanges: settingsArg.globalPortRanges || [],
     };
     
-    // Set port80HandlerConfig defaults, using legacy acme config if available
-    if (!this.settings.port80HandlerConfig || Object.keys(this.settings.port80HandlerConfig).length === 0) {
-      if (this.settings.acme) {
-        // Migrate from legacy acme config
-        this.settings.port80HandlerConfig = {
-          enabled: this.settings.acme.enabled,
-          port: this.settings.acme.port || 80,
-          contactEmail: this.settings.acme.contactEmail || 'admin@example.com',
-          useProduction: this.settings.acme.useProduction || false,
-          renewThresholdDays: this.settings.acme.renewThresholdDays || 30,
-          autoRenew: this.settings.acme.autoRenew !== false, // Default to true
-          certificateStore: this.settings.acme.certificateStore || './certs',
-          skipConfiguredCerts: this.settings.acme.skipConfiguredCerts || false,
-          httpsRedirectPort: this.settings.fromPort,
-          renewCheckIntervalHours: 24
-        };
-      } else {
-        // Set defaults if no config provided
-        this.settings.port80HandlerConfig = {
-          enabled: false,
-          port: 80,
-          contactEmail: 'admin@example.com',
-          useProduction: false,
-          renewThresholdDays: 30,
-          autoRenew: true,
-          certificateStore: './certs',
-          skipConfiguredCerts: false,
-          httpsRedirectPort: this.settings.fromPort,
-          renewCheckIntervalHours: 24
-        };
-      }
+    // Set default ACME options if not provided
+    if (!this.settings.acme || Object.keys(this.settings.acme).length === 0) {
+      this.settings.acme = {
+        enabled: false,
+        port: 80,
+        contactEmail: 'admin@example.com',
+        useProduction: false,
+        renewThresholdDays: 30,
+        autoRenew: true,
+        certificateStore: './certs',
+        skipConfiguredCerts: false,
+        httpsRedirectPort: this.settings.fromPort,
+        renewCheckIntervalHours: 24,
+        domainForwards: []
+      };
     }
     
     // Initialize component managers
@@ -134,89 +122,20 @@ export class SmartProxy {
    * Initialize the Port80Handler for ACME certificate management
    */
   private async initializePort80Handler(): Promise<void> {
-    const config = this.settings.port80HandlerConfig;
-    
-    if (!config || !config.enabled) {
-      console.log('Port80Handler is disabled in configuration');
+    const config = this.settings.acme!;
+    if (!config.enabled) {
+      console.log('ACME is disabled in configuration');
       return;
     }
     
     try {
-      // Ensure the certificate store directory exists
-      if (config.certificateStore) {
-        const certStorePath = path.resolve(config.certificateStore);
-        if (!fs.existsSync(certStorePath)) {
-          fs.mkdirSync(certStorePath, { recursive: true });
-          console.log(`Created certificate store directory: ${certStorePath}`);
-        }
-      }
-      
-      // Create Port80Handler with options from config
-      this.port80Handler = new Port80Handler({
-        port: config.port,
-        contactEmail: config.contactEmail,
-        useProduction: config.useProduction,
-        renewThresholdDays: config.renewThresholdDays,
-        httpsRedirectPort: config.httpsRedirectPort || this.settings.fromPort,
-        renewCheckIntervalHours: config.renewCheckIntervalHours,
-        enabled: config.enabled,
-        autoRenew: config.autoRenew,
-        certificateStore: config.certificateStore,
-        skipConfiguredCerts: config.skipConfiguredCerts
-      });
-      
-      // Register domain forwarding configurations
-      if (config.domainForwards) {
-        for (const forward of config.domainForwards) {
-          this.port80Handler.addDomain({
-            domainName: forward.domain,
-            sslRedirect: true,
-            acmeMaintenance: true,
-            forward: forward.forwardConfig,
-            acmeForward: forward.acmeForwardConfig
-          });
-          
-          console.log(`Registered domain forwarding for ${forward.domain}`);
-        }
-      }
-      
-      // Register all non-wildcard domains from domain configs
-      for (const domainConfig of this.settings.domainConfigs) {
-        for (const domain of domainConfig.domains) {
-          // Skip wildcards
-          if (domain.includes('*')) continue;
-          
-          this.port80Handler.addDomain({
-            domainName: domain,
-            sslRedirect: true,
-            acmeMaintenance: true
-          });
-          
-          console.log(`Registered domain ${domain} with Port80Handler`);
-        }
-      }
-      
-      // Set up event listeners
-      this.port80Handler.on(Port80HandlerEvents.CERTIFICATE_ISSUED, (certData) => {
-        console.log(`Certificate issued for ${certData.domain}, valid until ${certData.expiryDate.toISOString()}`);
+      // Build and start the Port80Handler
+      this.port80Handler = buildPort80Handler({
+        ...config,
+        httpsRedirectPort: config.httpsRedirectPort || this.settings.fromPort
       });
-      
-      this.port80Handler.on(Port80HandlerEvents.CERTIFICATE_RENEWED, (certData) => {
-        console.log(`Certificate renewed for ${certData.domain}, valid until ${certData.expiryDate.toISOString()}`);
-      });
-      
-      this.port80Handler.on(Port80HandlerEvents.CERTIFICATE_FAILED, (failureData) => {
-        console.log(`Certificate ${failureData.isRenewal ? 'renewal' : 'issuance'} failed for ${failureData.domain}: ${failureData.error}`);
-      });
-      
-      this.port80Handler.on(Port80HandlerEvents.CERTIFICATE_EXPIRING, (expiryData) => {
-        console.log(`Certificate for ${expiryData.domain} is expiring in ${expiryData.daysRemaining} days`);
-      });
-      
-      // Share Port80Handler with NetworkProxyBridge
+      // Share Port80Handler with NetworkProxyBridge before start
       this.networkProxyBridge.setPort80Handler(this.port80Handler);
-      
-      // Start Port80Handler
       await this.port80Handler.start();
       console.log(`Port80Handler started on port ${config.port}`);
     } catch (err) {
@@ -236,6 +155,37 @@ export class SmartProxy {
 
     // Initialize Port80Handler if enabled
     await this.initializePort80Handler();
+    // Initialize CertProvisioner for unified certificate workflows
+    if (this.port80Handler) {
+      const acme = this.settings.acme!;
+      this.certProvisioner = new CertProvisioner(
+        this.settings.domainConfigs,
+        this.port80Handler,
+        this.networkProxyBridge,
+        this.settings.certProvider,
+        acme.renewThresholdDays!,
+        acme.renewCheckIntervalHours!,
+        acme.autoRenew!,
+        acme.domainForwards?.map(f => ({
+          domain: f.domain,
+          forwardConfig: f.forwardConfig,
+          acmeForwardConfig: f.acmeForwardConfig,
+          sslRedirect: f.sslRedirect || false
+        })) || []
+      );
+      this.certProvisioner.on('certificate', (certData) => {
+        this.emit('certificate', {
+          domain: certData.domain,
+          publicKey: certData.certificate,
+          privateKey: certData.privateKey,
+          expiryDate: certData.expiryDate,
+          source: certData.source,
+          isRenewal: certData.isRenewal
+        });
+      });
+      await this.certProvisioner.start();
+      console.log('CertProvisioner started');
+    }
 
     // Initialize and start NetworkProxy if needed
     if (
@@ -364,6 +314,11 @@ export class SmartProxy {
   public async stop() {
     console.log('PortProxy shutting down...');
     this.isShuttingDown = true;
+    // Stop CertProvisioner if active
+    if (this.certProvisioner) {
+      await this.certProvisioner.stop();
+      console.log('CertProvisioner stopped');
+    }
 
     // Stop the Port80Handler if running
     if (this.port80Handler) {
@@ -429,91 +384,43 @@ export class SmartProxy {
       await this.networkProxyBridge.syncDomainConfigsToNetworkProxy();
     }
     
-    // If Port80Handler is running, register non-wildcard domains
-    if (this.port80Handler && this.settings.port80HandlerConfig?.enabled) {
+    // If Port80Handler is running, provision certificates per new domain
+    if (this.port80Handler && this.settings.acme?.enabled) {
       for (const domainConfig of newDomainConfigs) {
         for (const domain of domainConfig.domains) {
-          // Skip wildcards
           if (domain.includes('*')) continue;
-          
-          this.port80Handler.addDomain({
-            domainName: domain,
-            sslRedirect: true,
-            acmeMaintenance: true
-          });
+          let provision = 'http01' as string | plugins.tsclass.network.ICert;
+          if (this.settings.certProvider) {
+            try {
+              provision = await this.settings.certProvider(domain);
+            } catch (err) {
+              console.log(`certProvider error for ${domain}: ${err}`);
+            }
+          }
+          if (provision === 'http01') {
+            this.port80Handler.addDomain({
+              domainName: domain,
+              sslRedirect: true,
+              acmeMaintenance: true
+            });
+            console.log(`Registered domain ${domain} with Port80Handler for HTTP-01`);
+          } else {
+            const certObj = provision as plugins.tsclass.network.ICert;
+            const certData: ICertificateData = {
+              domain: certObj.domainName,
+              certificate: certObj.publicKey,
+              privateKey: certObj.privateKey,
+              expiryDate: new Date(certObj.validUntil)
+            };
+            this.networkProxyBridge.applyExternalCertificate(certData);
+            console.log(`Applied static certificate for ${domain} from certProvider`);
+          }
         }
       }
-      
-      console.log('Registered non-wildcard domains with Port80Handler');
+      console.log('Provisioned certificates for new domains');
     }
   }
   
-  /**
-   * Updates the Port80Handler configuration
-   */
-  public async updatePort80HandlerConfig(config: IPortProxySettings['port80HandlerConfig']): Promise<void> {
-    if (!config) return;
-    
-    console.log('Updating Port80Handler configuration');
-    
-    // Update the settings
-    this.settings.port80HandlerConfig = {
-      ...this.settings.port80HandlerConfig,
-      ...config
-    };
-    
-    // Check if we need to restart Port80Handler
-    let needsRestart = false;
-    
-    // Restart if enabled state changed
-    if (this.port80Handler && config.enabled === false) {
-      needsRestart = true;
-    } else if (!this.port80Handler && config.enabled === true) {
-      needsRestart = true;
-    } else if (this.port80Handler && (
-      config.port !== undefined || 
-      config.contactEmail !== undefined ||
-      config.useProduction !== undefined ||
-      config.renewThresholdDays !== undefined ||
-      config.renewCheckIntervalHours !== undefined
-    )) {
-      // Restart if critical settings changed
-      needsRestart = true;
-    }
-    
-    if (needsRestart) {
-      // Stop if running
-      if (this.port80Handler) {
-        try {
-          await this.port80Handler.stop();
-          this.port80Handler = null;
-          console.log('Stopped Port80Handler for configuration update');
-        } catch (err) {
-          console.log(`Error stopping Port80Handler: ${err}`);
-        }
-      }
-      
-      // Start with new config if enabled
-      if (this.settings.port80HandlerConfig.enabled) {
-        await this.initializePort80Handler();
-        console.log('Restarted Port80Handler with new configuration');
-      }
-    } else if (this.port80Handler) {
-      // Just update domain forwards if they changed
-      if (config.domainForwards) {
-        for (const forward of config.domainForwards) {
-          this.port80Handler.addDomain({
-            domainName: forward.domain,
-            sslRedirect: true,
-            acmeMaintenance: true,
-            forward: forward.forwardConfig,
-            acmeForward: forward.acmeForwardConfig
-          });
-        }
-        console.log('Updated domain forwards in Port80Handler');
-      }
-    }
-  }
   
   /**
    * Request a certificate for a specific domain
@@ -607,7 +514,7 @@ export class SmartProxy {
       networkProxyConnections,
       terminationStats,
       acmeEnabled: !!this.port80Handler,
-      port80HandlerPort: this.port80Handler ? this.settings.port80HandlerConfig?.port : null
+      port80HandlerPort: this.port80Handler ? this.settings.acme?.port : null
     };
   }
   
@@ -658,7 +565,7 @@ export class SmartProxy {
           status: 'valid',
           expiryDate: expiryDate.toISOString(),
           daysRemaining,
-          renewalNeeded: daysRemaining <= this.settings.port80HandlerConfig.renewThresholdDays
+          renewalNeeded: daysRemaining <= (this.settings.acme?.renewThresholdDays ?? 0)
         };
       } else {
         certificateStatus[domain] = {
@@ -668,11 +575,12 @@ export class SmartProxy {
       }
     }
     
+    const acme = this.settings.acme!;
     return {
       enabled: true,
-      port: this.settings.port80HandlerConfig.port,
-      useProduction: this.settings.port80HandlerConfig.useProduction,
-      autoRenew: this.settings.port80HandlerConfig.autoRenew,
+      port: acme.port!,
+      useProduction: acme.useProduction!,
+      autoRenew: acme.autoRenew!,
       certificates: certificateStatus
     };
   }