npm - @serve.zone/dcrouter - Versions diffs - 11.12.4 → 11.14.0 - Mend

@serve.zone/dcrouter 11.12.4 → 11.14.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (214) hide show

package/dist_serve/bundle.js +705 -548
package/dist_ts_interfaces/data/index.d.ts +1 -0
package/dist_ts_interfaces/data/index.js +2 -1
package/dist_ts_interfaces/data/remoteingress.d.ts +10 -1
package/dist_ts_interfaces/data/vpn.d.ts +43 -0
package/dist_ts_interfaces/data/vpn.js +2 -0
package/dist_ts_interfaces/requests/index.d.ts +1 -0
package/dist_ts_interfaces/requests/index.js +2 -1
package/dist_ts_interfaces/requests/vpn.d.ts +135 -0
package/dist_ts_interfaces/requests/vpn.js +3 -0
package/package.json +2 -1
package/readme.md +107 -3
package/ts/00_commitinfo_data.ts +1 -1
package/ts/classes.dcrouter.ts +126 -0
package/ts/config/classes.route-config-manager.ts +20 -3
package/ts/opsserver/classes.opsserver.ts +2 -0
package/ts/opsserver/handlers/index.ts +2 -1
package/ts/opsserver/handlers/vpn.handler.ts +257 -0
package/ts/plugins.ts +2 -1
package/ts/vpn/classes.vpn-manager.ts +378 -0
package/ts/vpn/index.ts +1 -0
package/ts_web/00_commitinfo_data.ts +1 -1
package/ts_web/appstate.ts +164 -0
package/ts_web/elements/index.ts +1 -0
package/ts_web/elements/ops-dashboard.ts +6 -0
package/ts_web/elements/ops-view-vpn.ts +330 -0
package/ts_web/readme.md +17 -0
package/ts_web/router.ts +1 -1
package/dist_ts/00_commitinfo_data.d.ts +0 -8
package/dist_ts/00_commitinfo_data.js +0 -9
package/dist_ts/cache/classes.cache.cleaner.d.ts +0 -47
package/dist_ts/cache/classes.cache.cleaner.js +0 -130
package/dist_ts/cache/classes.cached.document.d.ts +0 -76
package/dist_ts/cache/classes.cached.document.js +0 -100
package/dist_ts/cache/classes.cachedb.d.ts +0 -60
package/dist_ts/cache/classes.cachedb.js +0 -126
package/dist_ts/cache/documents/classes.cached.email.d.ts +0 -125
package/dist_ts/cache/documents/classes.cached.email.js +0 -337
package/dist_ts/cache/documents/classes.cached.ip.reputation.d.ts +0 -119
package/dist_ts/cache/documents/classes.cached.ip.reputation.js +0 -323
package/dist_ts/cache/documents/index.d.ts +0 -2
package/dist_ts/cache/documents/index.js +0 -3
package/dist_ts/cache/index.d.ts +0 -4
package/dist_ts/cache/index.js +0 -7
package/dist_ts/classes.cert-provision-scheduler.d.ts +0 -54
package/dist_ts/classes.cert-provision-scheduler.js +0 -118
package/dist_ts/classes.dcrouter.d.ts +0 -356
package/dist_ts/classes.dcrouter.js +0 -1592
package/dist_ts/classes.storage-cert-manager.d.ts +0 -18
package/dist_ts/classes.storage-cert-manager.js +0 -43
package/dist_ts/config/classes.api-token-manager.d.ts +0 -46
package/dist_ts/config/classes.api-token-manager.js +0 -150
package/dist_ts/config/classes.route-config-manager.d.ts +0 -37
package/dist_ts/config/classes.route-config-manager.js +0 -240
package/dist_ts/config/index.d.ts +0 -3
package/dist_ts/config/index.js +0 -5
package/dist_ts/config/validator.d.ts +0 -104
package/dist_ts/config/validator.js +0 -152
package/dist_ts/errors/base.errors.d.ts +0 -224
package/dist_ts/errors/base.errors.js +0 -320
package/dist_ts/errors/error-handler.d.ts +0 -98
package/dist_ts/errors/error-handler.js +0 -282
package/dist_ts/errors/error.codes.d.ts +0 -115
package/dist_ts/errors/error.codes.js +0 -136
package/dist_ts/errors/index.d.ts +0 -54
package/dist_ts/errors/index.js +0 -136
package/dist_ts/errors/reputation.errors.d.ts +0 -183
package/dist_ts/errors/reputation.errors.js +0 -292
package/dist_ts/http3/http3-route-augmentation.d.ts +0 -50
package/dist_ts/http3/http3-route-augmentation.js +0 -98
package/dist_ts/http3/index.d.ts +0 -1
package/dist_ts/http3/index.js +0 -2
package/dist_ts/index.d.ts +0 -8
package/dist_ts/index.js +0 -29
package/dist_ts/logger.d.ts +0 -21
package/dist_ts/logger.js +0 -81
package/dist_ts/monitoring/classes.metricscache.d.ts +0 -32
package/dist_ts/monitoring/classes.metricscache.js +0 -63
package/dist_ts/monitoring/classes.metricsmanager.d.ts +0 -184
package/dist_ts/monitoring/classes.metricsmanager.js +0 -744
package/dist_ts/monitoring/index.d.ts +0 -1
package/dist_ts/monitoring/index.js +0 -2
package/dist_ts/opsserver/classes.opsserver.d.ts +0 -37
package/dist_ts/opsserver/classes.opsserver.js +0 -85
package/dist_ts/opsserver/handlers/admin.handler.d.ts +0 -31
package/dist_ts/opsserver/handlers/admin.handler.js +0 -180
package/dist_ts/opsserver/handlers/api-token.handler.d.ts +0 -6
package/dist_ts/opsserver/handlers/api-token.handler.js +0 -62
package/dist_ts/opsserver/handlers/certificate.handler.d.ts +0 -32
package/dist_ts/opsserver/handlers/certificate.handler.js +0 -421
package/dist_ts/opsserver/handlers/config.handler.d.ts +0 -7
package/dist_ts/opsserver/handlers/config.handler.js +0 -192
package/dist_ts/opsserver/handlers/email-ops.handler.d.ts +0 -30
package/dist_ts/opsserver/handlers/email-ops.handler.js +0 -227
package/dist_ts/opsserver/handlers/index.d.ts +0 -11
package/dist_ts/opsserver/handlers/index.js +0 -12
package/dist_ts/opsserver/handlers/logs.handler.d.ts +0 -25
package/dist_ts/opsserver/handlers/logs.handler.js +0 -256
package/dist_ts/opsserver/handlers/radius.handler.d.ts +0 -6
package/dist_ts/opsserver/handlers/radius.handler.js +0 -295
package/dist_ts/opsserver/handlers/remoteingress.handler.d.ts +0 -6
package/dist_ts/opsserver/handlers/remoteingress.handler.js +0 -156
package/dist_ts/opsserver/handlers/route-management.handler.d.ts +0 -14
package/dist_ts/opsserver/handlers/route-management.handler.js +0 -117
package/dist_ts/opsserver/handlers/security.handler.d.ts +0 -9
package/dist_ts/opsserver/handlers/security.handler.js +0 -233
package/dist_ts/opsserver/handlers/stats.handler.d.ts +0 -11
package/dist_ts/opsserver/handlers/stats.handler.js +0 -403
package/dist_ts/opsserver/helpers/guards.d.ts +0 -27
package/dist_ts/opsserver/helpers/guards.js +0 -43
package/dist_ts/opsserver/index.d.ts +0 -1
package/dist_ts/opsserver/index.js +0 -2
package/dist_ts/paths.d.ts +0 -26
package/dist_ts/paths.js +0 -45
package/dist_ts/plugins.d.ts +0 -80
package/dist_ts/plugins.js +0 -114
package/dist_ts/radius/classes.accounting.manager.d.ts +0 -231
package/dist_ts/radius/classes.accounting.manager.js +0 -462
package/dist_ts/radius/classes.radius.server.d.ts +0 -171
package/dist_ts/radius/classes.radius.server.js +0 -386
package/dist_ts/radius/classes.vlan.manager.d.ts +0 -128
package/dist_ts/radius/classes.vlan.manager.js +0 -279
package/dist_ts/radius/index.d.ts +0 -13
package/dist_ts/radius/index.js +0 -14
package/dist_ts/remoteingress/classes.remoteingress-manager.d.ts +0 -94
package/dist_ts/remoteingress/classes.remoteingress-manager.js +0 -271
package/dist_ts/remoteingress/classes.tunnel-manager.d.ts +0 -59
package/dist_ts/remoteingress/classes.tunnel-manager.js +0 -165
package/dist_ts/remoteingress/index.d.ts +0 -2
package/dist_ts/remoteingress/index.js +0 -3
package/dist_ts/security/classes.contentscanner.d.ts +0 -164
package/dist_ts/security/classes.contentscanner.js +0 -642
package/dist_ts/security/classes.ipreputationchecker.d.ts +0 -160
package/dist_ts/security/classes.ipreputationchecker.js +0 -537
package/dist_ts/security/classes.securitylogger.d.ts +0 -144
package/dist_ts/security/classes.securitylogger.js +0 -235
package/dist_ts/security/index.d.ts +0 -3
package/dist_ts/security/index.js +0 -4
package/dist_ts/sms/classes.smsservice.d.ts +0 -15
package/dist_ts/sms/classes.smsservice.js +0 -72
package/dist_ts/sms/config/sms.config.d.ts +0 -93
package/dist_ts/sms/config/sms.config.js +0 -2
package/dist_ts/sms/config/sms.schema.d.ts +0 -5
package/dist_ts/sms/config/sms.schema.js +0 -121
package/dist_ts/sms/index.d.ts +0 -1
package/dist_ts/sms/index.js +0 -2
package/dist_ts/storage/classes.storagemanager.d.ts +0 -83
package/dist_ts/storage/classes.storagemanager.js +0 -348
package/dist_ts/storage/index.d.ts +0 -1
package/dist_ts/storage/index.js +0 -3
package/dist_ts_apiclient/classes.apitoken.d.ts +0 -41
package/dist_ts_apiclient/classes.apitoken.js +0 -115
package/dist_ts_apiclient/classes.certificate.d.ts +0 -57
package/dist_ts_apiclient/classes.certificate.js +0 -69
package/dist_ts_apiclient/classes.config.d.ts +0 -7
package/dist_ts_apiclient/classes.config.js +0 -11
package/dist_ts_apiclient/classes.dcrouterapiclient.d.ts +0 -41
package/dist_ts_apiclient/classes.dcrouterapiclient.js +0 -81
package/dist_ts_apiclient/classes.email.d.ts +0 -30
package/dist_ts_apiclient/classes.email.js +0 -52
package/dist_ts_apiclient/classes.logs.d.ts +0 -21
package/dist_ts_apiclient/classes.logs.js +0 -14
package/dist_ts_apiclient/classes.radius.d.ts +0 -59
package/dist_ts_apiclient/classes.radius.js +0 -95
package/dist_ts_apiclient/classes.remoteingress.d.ts +0 -54
package/dist_ts_apiclient/classes.remoteingress.js +0 -136
package/dist_ts_apiclient/classes.route.d.ts +0 -42
package/dist_ts_apiclient/classes.route.js +0 -154
package/dist_ts_apiclient/classes.stats.d.ts +0 -47
package/dist_ts_apiclient/classes.stats.js +0 -38
package/dist_ts_apiclient/index.d.ts +0 -10
package/dist_ts_apiclient/index.js +0 -14
package/dist_ts_apiclient/plugins.d.ts +0 -3
package/dist_ts_apiclient/plugins.js +0 -5
package/dist_ts_web/00_commitinfo_data.d.ts +0 -8
package/dist_ts_web/00_commitinfo_data.js +0 -9
package/dist_ts_web/appstate.d.ts +0 -216
package/dist_ts_web/appstate.js +0 -1064
package/dist_ts_web/elements/index.d.ts +0 -12
package/dist_ts_web/elements/index.js +0 -13
package/dist_ts_web/elements/ops-dashboard.d.ts +0 -23
package/dist_ts_web/elements/ops-dashboard.js +0 -317
package/dist_ts_web/elements/ops-view-apitokens.d.ts +0 -13
package/dist_ts_web/elements/ops-view-apitokens.js +0 -371
package/dist_ts_web/elements/ops-view-certificates.d.ts +0 -22
package/dist_ts_web/elements/ops-view-certificates.js +0 -528
package/dist_ts_web/elements/ops-view-config.d.ts +0 -19
package/dist_ts_web/elements/ops-view-config.js +0 -339
package/dist_ts_web/elements/ops-view-emails.d.ts +0 -21
package/dist_ts_web/elements/ops-view-emails.js +0 -165
package/dist_ts_web/elements/ops-view-logs.d.ts +0 -13
package/dist_ts_web/elements/ops-view-logs.js +0 -159
package/dist_ts_web/elements/ops-view-network.d.ts +0 -71
package/dist_ts_web/elements/ops-view-network.js +0 -764
package/dist_ts_web/elements/ops-view-overview.d.ts +0 -22
package/dist_ts_web/elements/ops-view-overview.js +0 -456
package/dist_ts_web/elements/ops-view-remoteingress.d.ts +0 -20
package/dist_ts_web/elements/ops-view-remoteingress.js +0 -494
package/dist_ts_web/elements/ops-view-routes.d.ts +0 -12
package/dist_ts_web/elements/ops-view-routes.js +0 -404
package/dist_ts_web/elements/ops-view-security.d.ts +0 -21
package/dist_ts_web/elements/ops-view-security.js +0 -574
package/dist_ts_web/elements/shared/css.d.ts +0 -1
package/dist_ts_web/elements/shared/css.js +0 -10
package/dist_ts_web/elements/shared/index.d.ts +0 -2
package/dist_ts_web/elements/shared/index.js +0 -3
package/dist_ts_web/elements/shared/ops-sectionheading.d.ts +0 -5
package/dist_ts_web/elements/shared/ops-sectionheading.js +0 -82
package/dist_ts_web/index.d.ts +0 -1
package/dist_ts_web/index.js +0 -10
package/dist_ts_web/plugins.d.ts +0 -6
package/dist_ts_web/plugins.js +0 -11
package/dist_ts_web/router.d.ts +0 -19
package/dist_ts_web/router.js +0 -91

package/ts/vpn/classes.vpn-manager.ts ADDED Viewed

@@ -0,0 +1,378 @@
+import * as plugins from '../plugins.js';
+import { logger } from '../logger.js';
+import type { StorageManager } from '../storage/classes.storagemanager.js';
+const STORAGE_PREFIX_KEYS = '/vpn/server-keys';
+const STORAGE_PREFIX_CLIENTS = '/vpn/clients/';
+export interface IVpnManagerConfig {
+  /** VPN subnet CIDR (default: '10.8.0.0/24') */
+  subnet?: string;
+  /** WireGuard UDP listen port (default: 51820) */
+  wgListenPort?: number;
+  /** DNS servers pushed to VPN clients */
+  dns?: string[];
+  /** Server endpoint hostname for client configs (e.g. 'vpn.example.com') */
+  serverEndpoint?: string;
+  /** Override forwarding mode. Default: auto-detect (tun if root, socket otherwise) */
+  forwardingMode?: 'tun' | 'socket';
+}
+interface IPersistedServerKeys {
+  noisePrivateKey: string;
+  noisePublicKey: string;
+  wgPrivateKey: string;
+  wgPublicKey: string;
+}
+interface IPersistedClient {
+  clientId: string;
+  enabled: boolean;
+  tags?: string[];
+  description?: string;
+  assignedIp?: string;
+  noisePublicKey: string;
+  wgPublicKey: string;
+  createdAt: number;
+  updatedAt: number;
+  expiresAt?: string;
+}
+/**
+ * Manages the SmartVPN server lifecycle and VPN client CRUD.
+ * Persists server keys and client registrations via StorageManager.
+ */
+export class VpnManager {
+  private storageManager: StorageManager;
+  private config: IVpnManagerConfig;
+  private vpnServer?: plugins.smartvpn.VpnServer;
+  private clients: Map<string, IPersistedClient> = new Map();
+  private serverKeys?: IPersistedServerKeys;
+  private _forwardingMode: 'tun' | 'socket';
+  constructor(storageManager: StorageManager, config: IVpnManagerConfig) {
+    this.storageManager = storageManager;
+    this.config = config;
+    // Auto-detect forwarding mode: tun if root, socket otherwise
+    this._forwardingMode = config.forwardingMode
+      ?? (process.getuid?.() === 0 ? 'tun' : 'socket');
+  }
+  /** The effective forwarding mode (tun or socket). */
+  public get forwardingMode(): 'tun' | 'socket' {
+    return this._forwardingMode;
+  }
+  /** The VPN subnet CIDR. */
+  public getSubnet(): string {
+    return this.config.subnet || '10.8.0.0/24';
+  }
+  /** Whether the VPN server is running. */
+  public get running(): boolean {
+    return this.vpnServer?.running ?? false;
+  }
+  /**
+   * Start the VPN server.
+   * Loads or generates server keys, loads persisted clients, starts VpnServer.
+   */
+  public async start(): Promise<void> {
+    // Load or generate server keys
+    this.serverKeys = await this.loadOrGenerateServerKeys();
+    // Load persisted clients
+    await this.loadPersistedClients();
+    // Build client entries for the daemon
+    const clientEntries: plugins.smartvpn.IClientEntry[] = [];
+    for (const client of this.clients.values()) {
+      clientEntries.push({
+        clientId: client.clientId,
+        publicKey: client.noisePublicKey,
+        wgPublicKey: client.wgPublicKey,
+        enabled: client.enabled,
+        tags: client.tags,
+        description: client.description,
+        assignedIp: client.assignedIp,
+        expiresAt: client.expiresAt,
+      });
+    }
+    const subnet = this.getSubnet();
+    const wgListenPort = this.config.wgListenPort ?? 51820;
+    // Create and start VpnServer
+    this.vpnServer = new plugins.smartvpn.VpnServer({
+      transport: { transport: 'stdio' },
+    });
+    const serverConfig: plugins.smartvpn.IVpnServerConfig = {
+      listenAddr: '0.0.0.0:0', // WS listener not strictly needed but required field
+      privateKey: this.serverKeys.noisePrivateKey,
+      publicKey: this.serverKeys.noisePublicKey,
+      subnet,
+      dns: this.config.dns,
+      forwardingMode: this._forwardingMode,
+      transportMode: 'all',
+      wgPrivateKey: this.serverKeys.wgPrivateKey,
+      wgListenPort,
+      clients: clientEntries,
+      socketForwardProxyProtocol: this._forwardingMode === 'socket',
+    };
+    await this.vpnServer.start(serverConfig);
+    logger.log('info', `VPN server started: mode=${this._forwardingMode}, subnet=${subnet}, wg=:${wgListenPort}, clients=${this.clients.size}`);
+  }
+  /**
+   * Stop the VPN server.
+   */
+  public async stop(): Promise<void> {
+    if (this.vpnServer) {
+      try {
+        await this.vpnServer.stopServer();
+      } catch {
+        // Ignore stop errors
+      }
+      this.vpnServer.stop();
+      this.vpnServer = undefined;
+    }
+    logger.log('info', 'VPN server stopped');
+  }
+  // ── Client CRUD ────────────────────────────────────────────────────────
+  /**
+   * Create a new VPN client. Returns the config bundle (secrets only shown once).
+   */
+  public async createClient(opts: {
+    clientId: string;
+    tags?: string[];
+    description?: string;
+  }): Promise<plugins.smartvpn.IClientConfigBundle> {
+    if (!this.vpnServer) {
+      throw new Error('VPN server not running');
+    }
+    const bundle = await this.vpnServer.createClient({
+      clientId: opts.clientId,
+      tags: opts.tags,
+      description: opts.description,
+    });
+    // Update WireGuard config endpoint if serverEndpoint is configured
+    if (this.config.serverEndpoint && bundle.wireguardConfig) {
+      const wgPort = this.config.wgListenPort ?? 51820;
+      bundle.wireguardConfig = bundle.wireguardConfig.replace(
+        /Endpoint\s*=\s*.+/,
+        `Endpoint = ${this.config.serverEndpoint}:${wgPort}`,
+      );
+    }
+    // Persist client entry (without private keys)
+    const persisted: IPersistedClient = {
+      clientId: bundle.entry.clientId,
+      enabled: bundle.entry.enabled ?? true,
+      tags: bundle.entry.tags,
+      description: bundle.entry.description,
+      assignedIp: bundle.entry.assignedIp,
+      noisePublicKey: bundle.entry.publicKey,
+      wgPublicKey: bundle.entry.wgPublicKey || '',
+      createdAt: Date.now(),
+      updatedAt: Date.now(),
+      expiresAt: bundle.entry.expiresAt,
+    };
+    this.clients.set(persisted.clientId, persisted);
+    await this.persistClient(persisted);
+    return bundle;
+  }
+  /**
+   * Remove a VPN client.
+   */
+  public async removeClient(clientId: string): Promise<void> {
+    if (!this.vpnServer) {
+      throw new Error('VPN server not running');
+    }
+    await this.vpnServer.removeClient(clientId);
+    this.clients.delete(clientId);
+    await this.storageManager.delete(`${STORAGE_PREFIX_CLIENTS}${clientId}`);
+  }
+  /**
+   * List all registered clients (without secrets).
+   */
+  public listClients(): IPersistedClient[] {
+    return [...this.clients.values()];
+  }
+  /**
+   * Enable a client.
+   */
+  public async enableClient(clientId: string): Promise<void> {
+    if (!this.vpnServer) throw new Error('VPN server not running');
+    await this.vpnServer.enableClient(clientId);
+    const client = this.clients.get(clientId);
+    if (client) {
+      client.enabled = true;
+      client.updatedAt = Date.now();
+      await this.persistClient(client);
+    }
+  }
+  /**
+   * Disable a client.
+   */
+  public async disableClient(clientId: string): Promise<void> {
+    if (!this.vpnServer) throw new Error('VPN server not running');
+    await this.vpnServer.disableClient(clientId);
+    const client = this.clients.get(clientId);
+    if (client) {
+      client.enabled = false;
+      client.updatedAt = Date.now();
+      await this.persistClient(client);
+    }
+  }
+  /**
+   * Rotate a client's keys. Returns the new config bundle.
+   */
+  public async rotateClientKey(clientId: string): Promise<plugins.smartvpn.IClientConfigBundle> {
+    if (!this.vpnServer) throw new Error('VPN server not running');
+    const bundle = await this.vpnServer.rotateClientKey(clientId);
+    // Update endpoint in WireGuard config
+    if (this.config.serverEndpoint && bundle.wireguardConfig) {
+      const wgPort = this.config.wgListenPort ?? 51820;
+      bundle.wireguardConfig = bundle.wireguardConfig.replace(
+        /Endpoint\s*=\s*.+/,
+        `Endpoint = ${this.config.serverEndpoint}:${wgPort}`,
+      );
+    }
+    // Update persisted entry with new public keys
+    const client = this.clients.get(clientId);
+    if (client) {
+      client.noisePublicKey = bundle.entry.publicKey;
+      client.wgPublicKey = bundle.entry.wgPublicKey || '';
+      client.updatedAt = Date.now();
+      await this.persistClient(client);
+    }
+    return bundle;
+  }
+  /**
+   * Export a client config (without secrets).
+   */
+  public async exportClientConfig(clientId: string, format: 'smartvpn' | 'wireguard'): Promise<string> {
+    if (!this.vpnServer) throw new Error('VPN server not running');
+    let config = await this.vpnServer.exportClientConfig(clientId, format);
+    // Update endpoint in WireGuard config
+    if (format === 'wireguard' && this.config.serverEndpoint) {
+      const wgPort = this.config.wgListenPort ?? 51820;
+      config = config.replace(
+        /Endpoint\s*=\s*.+/,
+        `Endpoint = ${this.config.serverEndpoint}:${wgPort}`,
+      );
+    }
+    return config;
+  }
+  // ── Status and telemetry ───────────────────────────────────────────────
+  /**
+   * Get server status.
+   */
+  public async getStatus(): Promise<plugins.smartvpn.IVpnStatus | null> {
+    if (!this.vpnServer) return null;
+    return this.vpnServer.getStatus();
+  }
+  /**
+   * Get server statistics.
+   */
+  public async getStatistics(): Promise<plugins.smartvpn.IVpnServerStatistics | null> {
+    if (!this.vpnServer) return null;
+    return this.vpnServer.getStatistics();
+  }
+  /**
+   * List currently connected clients.
+   */
+  public async getConnectedClients(): Promise<plugins.smartvpn.IVpnClientInfo[]> {
+    if (!this.vpnServer) return [];
+    return this.vpnServer.listClients();
+  }
+  /**
+   * Get telemetry for a specific client.
+   */
+  public async getClientTelemetry(clientId: string): Promise<plugins.smartvpn.IVpnClientTelemetry | null> {
+    if (!this.vpnServer) return null;
+    return this.vpnServer.getClientTelemetry(clientId);
+  }
+  /**
+   * Get server public keys (for display/info).
+   */
+  public getServerPublicKeys(): { noisePublicKey: string; wgPublicKey: string } | null {
+    if (!this.serverKeys) return null;
+    return {
+      noisePublicKey: this.serverKeys.noisePublicKey,
+      wgPublicKey: this.serverKeys.wgPublicKey,
+    };
+  }
+  // ── Private helpers ────────────────────────────────────────────────────
+  private async loadOrGenerateServerKeys(): Promise<IPersistedServerKeys> {
+    const stored = await this.storageManager.getJSON<IPersistedServerKeys>(STORAGE_PREFIX_KEYS);
+    if (stored?.noisePrivateKey && stored?.wgPrivateKey) {
+      logger.log('info', 'Loaded VPN server keys from storage');
+      return stored;
+    }
+    // Generate new keys via the daemon
+    const tempServer = new plugins.smartvpn.VpnServer({
+      transport: { transport: 'stdio' },
+    });
+    await tempServer.start();
+    const noiseKeys = await tempServer.generateKeypair();
+    const wgKeys = await tempServer.generateWgKeypair();
+    tempServer.stop();
+    const keys: IPersistedServerKeys = {
+      noisePrivateKey: noiseKeys.privateKey,
+      noisePublicKey: noiseKeys.publicKey,
+      wgPrivateKey: wgKeys.privateKey,
+      wgPublicKey: wgKeys.publicKey,
+    };
+    await this.storageManager.setJSON(STORAGE_PREFIX_KEYS, keys);
+    logger.log('info', 'Generated and persisted new VPN server keys');
+    return keys;
+  }
+  private async loadPersistedClients(): Promise<void> {
+    const keys = await this.storageManager.list(STORAGE_PREFIX_CLIENTS);
+    for (const key of keys) {
+      const client = await this.storageManager.getJSON<IPersistedClient>(key);
+      if (client) {
+        this.clients.set(client.clientId, client);
+      }
+    }
+    if (this.clients.size > 0) {
+      logger.log('info', `Loaded ${this.clients.size} persisted VPN client(s)`);
+    }
+  }
+  private async persistClient(client: IPersistedClient): Promise<void> {
+    await this.storageManager.setJSON(`${STORAGE_PREFIX_CLIENTS}${client.clientId}`, client);
+  }
+}

package/ts/vpn/index.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export * from './classes.vpn-manager.js';

package/ts_web/00_commitinfo_data.ts CHANGED Viewed

@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@serve.zone/dcrouter',
-  version: '11.12.4',
+  version: '11.14.0',
   description: 'A multifaceted routing service handling mail and SMS delivery functions.'
 }

package/ts_web/appstate.ts CHANGED Viewed

@@ -905,6 +905,161 @@ export const toggleRemoteIngressAction = remoteIngressStatePart.createAction<{
   }
 });
+// ============================================================================
+// VPN State
+// ============================================================================
+export interface IVpnState {
+  clients: interfaces.data.IVpnClient[];
+  status: interfaces.data.IVpnServerStatus | null;
+  isLoading: boolean;
+  error: string | null;
+  lastUpdated: number;
+  /** WireGuard config shown after create/rotate (only shown once) */
+  newClientConfig: string | null;
+}
+export const vpnStatePart = await appState.getStatePart<IVpnState>(
+  'vpn',
+  {
+    clients: [],
+    status: null,
+    isLoading: false,
+    error: null,
+    lastUpdated: 0,
+    newClientConfig: null,
+  },
+  'soft'
+);
+// ============================================================================
+// VPN Actions
+// ============================================================================
+export const fetchVpnAction = vpnStatePart.createAction(async (statePartArg): Promise<IVpnState> => {
+  const context = getActionContext();
+  const currentState = statePartArg.getState()!;
+  if (!context.identity) return currentState;
+  try {
+    const clientsRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
+      interfaces.requests.IReq_GetVpnClients
+    >('/typedrequest', 'getVpnClients');
+    const statusRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
+      interfaces.requests.IReq_GetVpnStatus
+    >('/typedrequest', 'getVpnStatus');
+    const [clientsResponse, statusResponse] = await Promise.all([
+      clientsRequest.fire({ identity: context.identity }),
+      statusRequest.fire({ identity: context.identity }),
+    ]);
+    return {
+      ...currentState,
+      clients: clientsResponse.clients,
+      status: statusResponse.status,
+      isLoading: false,
+      error: null,
+      lastUpdated: Date.now(),
+    };
+  } catch (error) {
+    return {
+      ...currentState,
+      isLoading: false,
+      error: error instanceof Error ? error.message : 'Failed to fetch VPN data',
+    };
+  }
+});
+export const createVpnClientAction = vpnStatePart.createAction<{
+  clientId: string;
+  tags?: string[];
+  description?: string;
+}>(async (statePartArg, dataArg, actionContext): Promise<IVpnState> => {
+  const context = getActionContext();
+  const currentState = statePartArg.getState()!;
+  try {
+    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
+      interfaces.requests.IReq_CreateVpnClient
+    >('/typedrequest', 'createVpnClient');
+    const response = await request.fire({
+      identity: context.identity!,
+      clientId: dataArg.clientId,
+      tags: dataArg.tags,
+      description: dataArg.description,
+    });
+    if (!response.success) {
+      return { ...currentState, error: response.message || 'Failed to create client' };
+    }
+    const refreshed = await actionContext!.dispatch(fetchVpnAction, null);
+    return {
+      ...refreshed,
+      newClientConfig: response.wireguardConfig || null,
+    };
+  } catch (error: unknown) {
+    return {
+      ...currentState,
+      error: error instanceof Error ? error.message : 'Failed to create VPN client',
+    };
+  }
+});
+export const deleteVpnClientAction = vpnStatePart.createAction<string>(
+  async (statePartArg, clientId, actionContext): Promise<IVpnState> => {
+    const context = getActionContext();
+    const currentState = statePartArg.getState()!;
+    try {
+      const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
+        interfaces.requests.IReq_DeleteVpnClient
+      >('/typedrequest', 'deleteVpnClient');
+      await request.fire({ identity: context.identity!, clientId });
+      return await actionContext!.dispatch(fetchVpnAction, null);
+    } catch (error: unknown) {
+      return {
+        ...currentState,
+        error: error instanceof Error ? error.message : 'Failed to delete VPN client',
+      };
+    }
+  },
+);
+export const toggleVpnClientAction = vpnStatePart.createAction<{
+  clientId: string;
+  enabled: boolean;
+}>(async (statePartArg, dataArg, actionContext): Promise<IVpnState> => {
+  const context = getActionContext();
+  const currentState = statePartArg.getState()!;
+  try {
+    const method = dataArg.enabled ? 'enableVpnClient' : 'disableVpnClient';
+    type TReq = interfaces.requests.IReq_EnableVpnClient | interfaces.requests.IReq_DisableVpnClient;
+    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<TReq>(
+      '/typedrequest', method,
+    );
+    await request.fire({ identity: context.identity!, clientId: dataArg.clientId });
+    return await actionContext!.dispatch(fetchVpnAction, null);
+  } catch (error: unknown) {
+    return {
+      ...currentState,
+      error: error instanceof Error ? error.message : 'Failed to toggle VPN client',
+    };
+  }
+});
+export const clearNewClientConfigAction = vpnStatePart.createAction(
+  async (statePartArg): Promise<IVpnState> => {
+    return { ...statePartArg.getState()!, newClientConfig: null };
+  },
+);
 // ============================================================================
 // Route Management Actions
 // ============================================================================
@@ -1372,6 +1527,15 @@ async function dispatchCombinedRefreshActionInner() {
         console.error('Remote ingress refresh failed:', error);
       }
     }
+    // Refresh VPN data if on vpn view
+    if (currentView === 'vpn') {
+      try {
+        await vpnStatePart.dispatchAction(fetchVpnAction, null);
+      } catch (error) {
+        console.error('VPN refresh failed:', error);
+      }
+    }
   } catch (error) {
     console.error('Combined refresh failed:', error);
     // If the error looks like an auth failure (invalid JWT), force re-login

package/ts_web/elements/index.ts CHANGED Viewed

@@ -9,4 +9,5 @@ export * from './ops-view-apitokens.js';
 export * from './ops-view-security.js';
 export * from './ops-view-certificates.js';
 export * from './ops-view-remoteingress.js';
+export * from './ops-view-vpn.js';
 export * from './shared/index.js';

package/ts_web/elements/ops-dashboard.ts CHANGED Viewed

@@ -24,6 +24,7 @@ import { OpsViewApiTokens } from './ops-view-apitokens.js';
 import { OpsViewSecurity } from './ops-view-security.js';
 import { OpsViewCertificates } from './ops-view-certificates.js';
 import { OpsViewRemoteIngress } from './ops-view-remoteingress.js';
+import { OpsViewVpn } from './ops-view-vpn.js';
 @customElement('ops-dashboard')
 export class OpsDashboard extends DeesElement {
@@ -92,6 +93,11 @@ export class OpsDashboard extends DeesElement {
       iconName: 'lucide:globe',
       element: OpsViewRemoteIngress,
     },
+    {
+      name: 'VPN',
+      iconName: 'lucide:shield',
+      element: OpsViewVpn,
+    },
   ];
   /**