@push.rocks/smartproxy 7.2.0 → 10.0.1

package/ts/smartproxy/classes.pp.interfaces.ts

@@ -21,6 +21,7 @@ export interface IDomainConfig {
 }
 
 /** Port proxy settings including global allowed port ranges */
+import type { IAcmeOptions } from '../common/types.js';
 export interface IPortProxySettings {
   fromPort: number;
   toPort: number;
@@ -83,43 +84,9 @@ export interface IPortProxySettings {
   useNetworkProxy?: number[]; // Array of ports to forward to NetworkProxy
   networkProxyPort?: number; // Port where NetworkProxy is listening (default: 8443)
 
-  // Port80Handler configuration (replaces ACME configuration)
-  port80HandlerConfig?: {
-    enabled?: boolean; // Whether to enable automatic certificate management
-    port?: number; // Port to listen on for ACME challenges (default: 80) 
-    contactEmail?: string; // Email for Let's Encrypt account
-    useProduction?: boolean; // Whether to use Let's Encrypt production (default: false for staging)
-    renewThresholdDays?: number; // Days before expiry to renew certificates (default: 30)
-    autoRenew?: boolean; // Whether to automatically renew certificates (default: true)
-    certificateStore?: string; // Directory to store certificates (default: ./certs)
-    skipConfiguredCerts?: boolean; // Skip domains that already have certificates
-    httpsRedirectPort?: number; // Port to redirect HTTP requests to HTTPS (default: 443)
-    renewCheckIntervalHours?: number; // How often to check for renewals (default: 24)
-    // Domain-specific forwarding configurations
-    domainForwards?: Array<{
-      domain: string;
-      forwardConfig?: {
-        ip: string;
-        port: number;
-      };
-      acmeForwardConfig?: {
-        ip: string;
-        port: number;
-      };
-    }>;
-  };
+  // ACME configuration options for SmartProxy
+  acme?: IAcmeOptions;
   
-  // Legacy ACME configuration (deprecated, use port80HandlerConfig instead)
-  acme?: {
-    enabled?: boolean;
-    port?: number;
-    contactEmail?: string;
-    useProduction?: boolean;
-    renewThresholdDays?: number;
-    autoRenew?: boolean;
-    certificateStore?: string;
-    skipConfiguredCerts?: boolean;
-  };
   /**
    * Optional certificate provider callback. Return 'http01' to use HTTP-01 challenges,
    * or a static certificate object for immediate provisioning.

package/ts/smartproxy/classes.pp.networkproxybridge.ts

@@ -1,6 +1,9 @@
 import * as plugins from '../plugins.js';
 import { NetworkProxy } from '../networkproxy/classes.np.networkproxy.js';
-import { Port80Handler, Port80HandlerEvents, type ICertificateData } from '../port80handler/classes.port80handler.js';
+import { Port80Handler } from '../port80handler/classes.port80handler.js';
+import { Port80HandlerEvents } from '../common/types.js';
+import { subscribeToPort80Handler } from '../common/eventUtils.js';
+import type { ICertificateData } from '../common/types.js';
 import type { IConnectionRecord, IPortProxySettings, IDomainConfig } from './classes.pp.interfaces.js';
 
 /**
@@ -18,9 +21,11 @@ export class NetworkProxyBridge {
   public setPort80Handler(handler: Port80Handler): void {
     this.port80Handler = handler;
     
-    // Register for certificate events
-    handler.on(Port80HandlerEvents.CERTIFICATE_ISSUED, this.handleCertificateEvent.bind(this));
-    handler.on(Port80HandlerEvents.CERTIFICATE_RENEWED, this.handleCertificateEvent.bind(this));
+    // Subscribe to certificate events
+    subscribeToPort80Handler(handler, {
+      onCertificateIssued: this.handleCertificateEvent.bind(this),
+      onCertificateRenewed: this.handleCertificateEvent.bind(this)
+    });
     
     // If NetworkProxy is already initialized, connect it with Port80Handler
     if (this.networkProxy) {
@@ -43,10 +48,6 @@ export class NetworkProxyBridge {
         useExternalPort80Handler: !!this.port80Handler // Use Port80Handler if available
       };
 
-      // Copy ACME settings for backward compatibility (if port80HandlerConfig not set)
-      if (!this.settings.port80HandlerConfig && this.settings.acme) {
-        networkProxyOptions.acme = { ...this.settings.acme };
-      }
 
       this.networkProxy = new NetworkProxy(networkProxyOptions);
 
@@ -288,7 +289,7 @@ export class NetworkProxyBridge {
       );
 
       // Log ACME-eligible domains
-      const acmeEnabled = this.settings.port80HandlerConfig?.enabled || this.settings.acme?.enabled;
+      const acmeEnabled = !!this.settings.acme?.enabled;
       if (acmeEnabled) {
         const acmeEligibleDomains = proxyConfigs
           .filter((config) => !config.hostName.includes('*')) // Exclude wildcards
@@ -349,7 +350,7 @@ export class NetworkProxyBridge {
       return false;
     }
 
-    if (!this.settings.port80HandlerConfig?.enabled && !this.settings.acme?.enabled) {
+    if (!this.settings.acme?.enabled) {
       console.log('Cannot request certificate - ACME is not enabled');
       return false;
     }

package/ts/smartproxy/classes.pp.portrangemanager.ts

@@ -117,10 +117,6 @@ export class PortRangeManager {
       }
     }
     
-    // Add ACME HTTP challenge port if enabled
-    if (this.settings.acme?.enabled && this.settings.acme.port) {
-      ports.add(this.settings.acme.port);
-    }
     
     // Add global port ranges
     if (this.settings.globalPortRanges) {
@@ -202,12 +198,6 @@ export class PortRangeManager {
       warnings.push(`NetworkProxy port ${this.settings.networkProxyPort} is also used in port ranges`);
     }
     
-    // Check ACME port
-    if (this.settings.acme?.enabled && this.settings.acme.port) {
-      if (portMappings.has(this.settings.acme.port)) {
-        warnings.push(`ACME HTTP challenge port ${this.settings.acme.port} is also used in port ranges`);
-      }
-    }
     
     return warnings;
   }

package/ts/smartproxy/classes.smartproxy.ts

@@ -8,9 +8,10 @@ import { NetworkProxyBridge } from './classes.pp.networkproxybridge.js';
 import { TimeoutManager } from './classes.pp.timeoutmanager.js';
 import { PortRangeManager } from './classes.pp.portrangemanager.js';
 import { ConnectionHandler } from './classes.pp.connectionhandler.js';
-import { Port80Handler, Port80HandlerEvents, type ICertificateData } from '../port80handler/classes.port80handler.js';
-import * as path from 'path';
-import * as fs from 'fs';
+import { Port80Handler } from '../port80handler/classes.port80handler.js';
+import { CertProvisioner } from './classes.pp.certprovisioner.js';
+import type { ICertificateData } from '../common/types.js';
+import { buildPort80Handler } from '../common/acmeFactory.js';
 
 /**
  * SmartProxy - Main class that coordinates all components
@@ -32,6 +33,8 @@ export class SmartProxy extends plugins.EventEmitter {
   
   // Port80Handler for ACME certificate management
   private port80Handler: Port80Handler | null = null;
+  // CertProvisioner for unified certificate workflows
+  private certProvisioner?: CertProvisioner;
   
   constructor(settingsArg: IPortProxySettings) {
     super();
@@ -63,41 +66,25 @@ export class SmartProxy extends plugins.EventEmitter {
       keepAliveInactivityMultiplier: settingsArg.keepAliveInactivityMultiplier || 6,
       extendedKeepAliveLifetime: settingsArg.extendedKeepAliveLifetime || 7 * 24 * 60 * 60 * 1000,
       networkProxyPort: settingsArg.networkProxyPort || 8443,
-      port80HandlerConfig: settingsArg.port80HandlerConfig || {},
+      acme: settingsArg.acme || {},
       globalPortRanges: settingsArg.globalPortRanges || [],
     };
     
-    // Set port80HandlerConfig defaults, using legacy acme config if available
-    if (!this.settings.port80HandlerConfig || Object.keys(this.settings.port80HandlerConfig).length === 0) {
-      if (this.settings.acme) {
-        // Migrate from legacy acme config
-        this.settings.port80HandlerConfig = {
-          enabled: this.settings.acme.enabled,
-          port: this.settings.acme.port || 80,
-          contactEmail: this.settings.acme.contactEmail || 'admin@example.com',
-          useProduction: this.settings.acme.useProduction || false,
-          renewThresholdDays: this.settings.acme.renewThresholdDays || 30,
-          autoRenew: this.settings.acme.autoRenew !== false, // Default to true
-          certificateStore: this.settings.acme.certificateStore || './certs',
-          skipConfiguredCerts: this.settings.acme.skipConfiguredCerts || false,
-          httpsRedirectPort: this.settings.fromPort,
-          renewCheckIntervalHours: 24
-        };
-      } else {
-        // Set defaults if no config provided
-        this.settings.port80HandlerConfig = {
-          enabled: false,
-          port: 80,
-          contactEmail: 'admin@example.com',
-          useProduction: false,
-          renewThresholdDays: 30,
-          autoRenew: true,
-          certificateStore: './certs',
-          skipConfiguredCerts: false,
-          httpsRedirectPort: this.settings.fromPort,
-          renewCheckIntervalHours: 24
-        };
-      }
+    // Set default ACME options if not provided
+    if (!this.settings.acme || Object.keys(this.settings.acme).length === 0) {
+      this.settings.acme = {
+        enabled: false,
+        port: 80,
+        contactEmail: 'admin@example.com',
+        useProduction: false,
+        renewThresholdDays: 30,
+        autoRenew: true,
+        certificateStore: './certs',
+        skipConfiguredCerts: false,
+        httpsRedirectPort: this.settings.fromPort,
+        renewCheckIntervalHours: 24,
+        domainForwards: []
+      };
     }
     
     // Initialize component managers
@@ -135,127 +122,20 @@ export class SmartProxy extends plugins.EventEmitter {
    * Initialize the Port80Handler for ACME certificate management
    */
   private async initializePort80Handler(): Promise<void> {
-    const config = this.settings.port80HandlerConfig;
-    
-    if (!config || !config.enabled) {
-      console.log('Port80Handler is disabled in configuration');
+    const config = this.settings.acme!;
+    if (!config.enabled) {
+      console.log('ACME is disabled in configuration');
       return;
     }
     
     try {
-      // Ensure the certificate store directory exists
-      if (config.certificateStore) {
-        const certStorePath = path.resolve(config.certificateStore);
-        if (!fs.existsSync(certStorePath)) {
-          fs.mkdirSync(certStorePath, { recursive: true });
-          console.log(`Created certificate store directory: ${certStorePath}`);
-        }
-      }
-      
-      // Create Port80Handler with options from config
-      this.port80Handler = new Port80Handler({
-        port: config.port,
-        contactEmail: config.contactEmail,
-        useProduction: config.useProduction,
-        renewThresholdDays: config.renewThresholdDays,
-        httpsRedirectPort: config.httpsRedirectPort || this.settings.fromPort,
-        renewCheckIntervalHours: config.renewCheckIntervalHours,
-        enabled: config.enabled,
-        autoRenew: config.autoRenew,
-        certificateStore: config.certificateStore,
-        skipConfiguredCerts: config.skipConfiguredCerts
-      });
-      
-      // Register domain forwarding configurations
-      if (config.domainForwards) {
-        for (const forward of config.domainForwards) {
-          this.port80Handler.addDomain({
-            domainName: forward.domain,
-            sslRedirect: true,
-            acmeMaintenance: true,
-            forward: forward.forwardConfig,
-            acmeForward: forward.acmeForwardConfig
-          });
-          
-          console.log(`Registered domain forwarding for ${forward.domain}`);
-        }
-      }
-      
-      // Provision certificates per domain via certProvider or HTTP-01
-      for (const domainConfig of this.settings.domainConfigs) {
-        for (const domain of domainConfig.domains) {
-          // Skip wildcard domains
-          if (domain.includes('*')) continue;
-          // Determine provisioning method
-          let provision = 'http01' as string | plugins.tsclass.network.ICert;
-          if (this.settings.certProvider) {
-            try {
-              provision = await this.settings.certProvider(domain);
-            } catch (err) {
-              console.log(`certProvider error for ${domain}: ${err}`);
-            }
-          }
-          if (provision === 'http01') {
-            this.port80Handler.addDomain({
-              domainName: domain,
-              sslRedirect: true,
-              acmeMaintenance: true
-            });
-            console.log(`Registered domain ${domain} with Port80Handler for HTTP-01`);
-          } else {
-            // Static certificate provided
-            const certObj = provision as plugins.tsclass.network.ICert;
-            const certData: ICertificateData = {
-              domain: certObj.domainName,
-              certificate: certObj.publicKey,
-              privateKey: certObj.privateKey,
-              expiryDate: new Date(certObj.validUntil)
-            };
-            this.networkProxyBridge.applyExternalCertificate(certData);
-            console.log(`Applied static certificate for ${domain} from certProvider`);
-          }
-        }
-      }
-      
-      // Set up event listeners
-      this.port80Handler.on(Port80HandlerEvents.CERTIFICATE_ISSUED, (certData) => {
-        console.log(`Certificate issued for ${certData.domain}, valid until ${certData.expiryDate.toISOString()}`);
-        // Re-emit on SmartProxy
-        this.emit('certificate', {
-          domain: certData.domain,
-          publicKey: certData.certificate,
-          privateKey: certData.privateKey,
-          expiryDate: certData.expiryDate,
-          source: 'http01',
-          isRenewal: false
-        });
-      });
-      
-      this.port80Handler.on(Port80HandlerEvents.CERTIFICATE_RENEWED, (certData) => {
-        console.log(`Certificate renewed for ${certData.domain}, valid until ${certData.expiryDate.toISOString()}`);
-        // Re-emit on SmartProxy
-        this.emit('certificate', {
-          domain: certData.domain,
-          publicKey: certData.certificate,
-          privateKey: certData.privateKey,
-          expiryDate: certData.expiryDate,
-          source: 'http01',
-          isRenewal: true
-        });
-      });
-      
-      this.port80Handler.on(Port80HandlerEvents.CERTIFICATE_FAILED, (failureData) => {
-        console.log(`Certificate ${failureData.isRenewal ? 'renewal' : 'issuance'} failed for ${failureData.domain}: ${failureData.error}`);
+      // Build and start the Port80Handler
+      this.port80Handler = buildPort80Handler({
+        ...config,
+        httpsRedirectPort: config.httpsRedirectPort || this.settings.fromPort
       });
-      
-      this.port80Handler.on(Port80HandlerEvents.CERTIFICATE_EXPIRING, (expiryData) => {
-        console.log(`Certificate for ${expiryData.domain} is expiring in ${expiryData.daysRemaining} days`);
-      });
-      
-      // Share Port80Handler with NetworkProxyBridge
+      // Share Port80Handler with NetworkProxyBridge before start
       this.networkProxyBridge.setPort80Handler(this.port80Handler);
-      
-      // Start Port80Handler
       await this.port80Handler.start();
       console.log(`Port80Handler started on port ${config.port}`);
     } catch (err) {
@@ -275,6 +155,37 @@ export class SmartProxy extends plugins.EventEmitter {
 
     // Initialize Port80Handler if enabled
     await this.initializePort80Handler();
+    // Initialize CertProvisioner for unified certificate workflows
+    if (this.port80Handler) {
+      const acme = this.settings.acme!;
+      this.certProvisioner = new CertProvisioner(
+        this.settings.domainConfigs,
+        this.port80Handler,
+        this.networkProxyBridge,
+        this.settings.certProvider,
+        acme.renewThresholdDays!,
+        acme.renewCheckIntervalHours!,
+        acme.autoRenew!,
+        acme.domainForwards?.map(f => ({
+          domain: f.domain,
+          forwardConfig: f.forwardConfig,
+          acmeForwardConfig: f.acmeForwardConfig,
+          sslRedirect: f.sslRedirect || false
+        })) || []
+      );
+      this.certProvisioner.on('certificate', (certData) => {
+        this.emit('certificate', {
+          domain: certData.domain,
+          publicKey: certData.certificate,
+          privateKey: certData.privateKey,
+          expiryDate: certData.expiryDate,
+          source: certData.source,
+          isRenewal: certData.isRenewal
+        });
+      });
+      await this.certProvisioner.start();
+      console.log('CertProvisioner started');
+    }
 
     // Initialize and start NetworkProxy if needed
     if (
@@ -403,6 +314,11 @@ export class SmartProxy extends plugins.EventEmitter {
   public async stop() {
     console.log('PortProxy shutting down...');
     this.isShuttingDown = true;
+    // Stop CertProvisioner if active
+    if (this.certProvisioner) {
+      await this.certProvisioner.stop();
+      console.log('CertProvisioner stopped');
+    }
 
     // Stop the Port80Handler if running
     if (this.port80Handler) {
@@ -469,7 +385,7 @@ export class SmartProxy extends plugins.EventEmitter {
     }
     
     // If Port80Handler is running, provision certificates per new domain
-    if (this.port80Handler && this.settings.port80HandlerConfig?.enabled) {
+    if (this.port80Handler && this.settings.acme?.enabled) {
       for (const domainConfig of newDomainConfigs) {
         for (const domain of domainConfig.domains) {
           if (domain.includes('*')) continue;
@@ -505,72 +421,6 @@ export class SmartProxy extends plugins.EventEmitter {
     }
   }
   
-  /**
-   * Updates the Port80Handler configuration
-   */
-  public async updatePort80HandlerConfig(config: IPortProxySettings['port80HandlerConfig']): Promise<void> {
-    if (!config) return;
-    
-    console.log('Updating Port80Handler configuration');
-    
-    // Update the settings
-    this.settings.port80HandlerConfig = {
-      ...this.settings.port80HandlerConfig,
-      ...config
-    };
-    
-    // Check if we need to restart Port80Handler
-    let needsRestart = false;
-    
-    // Restart if enabled state changed
-    if (this.port80Handler && config.enabled === false) {
-      needsRestart = true;
-    } else if (!this.port80Handler && config.enabled === true) {
-      needsRestart = true;
-    } else if (this.port80Handler && (
-      config.port !== undefined || 
-      config.contactEmail !== undefined ||
-      config.useProduction !== undefined ||
-      config.renewThresholdDays !== undefined ||
-      config.renewCheckIntervalHours !== undefined
-    )) {
-      // Restart if critical settings changed
-      needsRestart = true;
-    }
-    
-    if (needsRestart) {
-      // Stop if running
-      if (this.port80Handler) {
-        try {
-          await this.port80Handler.stop();
-          this.port80Handler = null;
-          console.log('Stopped Port80Handler for configuration update');
-        } catch (err) {
-          console.log(`Error stopping Port80Handler: ${err}`);
-        }
-      }
-      
-      // Start with new config if enabled
-      if (this.settings.port80HandlerConfig.enabled) {
-        await this.initializePort80Handler();
-        console.log('Restarted Port80Handler with new configuration');
-      }
-    } else if (this.port80Handler) {
-      // Just update domain forwards if they changed
-      if (config.domainForwards) {
-        for (const forward of config.domainForwards) {
-          this.port80Handler.addDomain({
-            domainName: forward.domain,
-            sslRedirect: true,
-            acmeMaintenance: true,
-            forward: forward.forwardConfig,
-            acmeForward: forward.acmeForwardConfig
-          });
-        }
-        console.log('Updated domain forwards in Port80Handler');
-      }
-    }
-  }
   
   /**
    * Request a certificate for a specific domain
@@ -664,7 +514,7 @@ export class SmartProxy extends plugins.EventEmitter {
       networkProxyConnections,
       terminationStats,
       acmeEnabled: !!this.port80Handler,
-      port80HandlerPort: this.port80Handler ? this.settings.port80HandlerConfig?.port : null
+      port80HandlerPort: this.port80Handler ? this.settings.acme?.port : null
     };
   }
   
@@ -715,7 +565,7 @@ export class SmartProxy extends plugins.EventEmitter {
           status: 'valid',
           expiryDate: expiryDate.toISOString(),
           daysRemaining,
-          renewalNeeded: daysRemaining <= this.settings.port80HandlerConfig.renewThresholdDays
+          renewalNeeded: daysRemaining <= (this.settings.acme?.renewThresholdDays ?? 0)
         };
       } else {
         certificateStatus[domain] = {
@@ -725,11 +575,12 @@ export class SmartProxy extends plugins.EventEmitter {
       }
     }
     
+    const acme = this.settings.acme!;
     return {
       enabled: true,
-      port: this.settings.port80HandlerConfig.port,
-      useProduction: this.settings.port80HandlerConfig.useProduction,
-      autoRenew: this.settings.port80HandlerConfig.autoRenew,
+      port: acme.port!,
+      useProduction: acme.useProduction!,
+      autoRenew: acme.autoRenew!,
       certificates: certificateStatus
     };
   }