@serve.zone/dcrouter 13.43.5 → 13.44.0

package/ts/config/classes.route-config-manager.ts

@@ -85,6 +85,10 @@ export class RouteConfigManager {
     this.getVpnClientAccessForRoute = resolver;
   }
 
+  public async runExclusiveRouteUpdate<T>(fn: () => Promise<T>): Promise<T> {
+    return await this.routeUpdateMutex.runExclusive(fn);
+  }
+
   /**
    * Load persisted routes, seed serializable config/email/dns routes,
    * compute warnings, and apply the combined DB-backed + runtime route set to SmartProxy.

package/ts/db/documents/classes.email-server-settings.doc.ts

@@ -0,0 +1,40 @@
+import type { IUnifiedEmailServerOptions } from '@push.rocks/smartmta';
+import * as plugins from '../../plugins.js';
+import { DcRouterDb } from '../classes.dcrouter-db.js';
+import type { IEmailPortConfig } from '../../../ts_interfaces/data/email-settings.js';
+
+const getDb = () => DcRouterDb.getInstance().getDb();
+
+@plugins.smartdata.Collection(() => getDb())
+export class EmailServerSettingsDoc extends plugins.smartdata.SmartDataDbDoc<EmailServerSettingsDoc, EmailServerSettingsDoc> {
+  @plugins.smartdata.unI()
+  @plugins.smartdata.svDb()
+  public settingsId: string = 'email-server-settings';
+
+  @plugins.smartdata.svDb()
+  public enabled: boolean = false;
+
+  @plugins.smartdata.svDb()
+  public emailConfig?: IUnifiedEmailServerOptions;
+
+  @plugins.smartdata.svDb()
+  public emailPortConfig?: IEmailPortConfig;
+
+  @plugins.smartdata.svDb()
+  public updatedAt: number = 0;
+
+  @plugins.smartdata.svDb()
+  public updatedBy: string = '';
+
+  constructor() {
+    super();
+  }
+
+  public static async load(): Promise<EmailServerSettingsDoc | null> {
+    return await EmailServerSettingsDoc.getInstance({ settingsId: 'email-server-settings' });
+  }
+
+  public static async findAll(): Promise<EmailServerSettingsDoc[]> {
+    return await EmailServerSettingsDoc.getInstances({});
+  }
+}

package/ts/db/documents/classes.remote-ingress-hub-settings.doc.ts

@@ -10,6 +10,15 @@ export class RemoteIngressHubSettingsDoc extends plugins.smartdata.SmartDataDbDo
   @plugins.smartdata.svDb()
   public settingsId: string = 'remote-ingress-hub-settings';
 
+  @plugins.smartdata.svDb()
+  public enabled?: boolean;
+
+  @plugins.smartdata.svDb()
+  public tunnelPort?: number;
+
+  @plugins.smartdata.svDb()
+  public hubDomain?: string;
+
   @plugins.smartdata.svDb()
   public performance?: IRemoteIngressPerformanceConfig;
 

package/ts/db/documents/index.ts

@@ -40,3 +40,4 @@ export * from './classes.acme-config.doc.js';
 
 // Email domain management
 export * from './classes.email-domain.doc.js';
+export * from './classes.email-server-settings.doc.js';

package/ts/email/classes.email-domain.manager.ts

@@ -17,11 +17,15 @@ import { buildEmailDnsRecords } from './email-dns-records.js';
  */
 export class EmailDomainManager {
   private dcRouter: any; // DcRouter — avoids circular import
-  private readonly baseEmailDomains: IEmailDomainConfig[];
+  private baseEmailDomains: IEmailDomainConfig[] = [];
 
   constructor(dcRouterRef: any) {
     this.dcRouter = dcRouterRef;
-    this.baseEmailDomains = ((this.dcRouter.options?.emailConfig?.domains || []) as IEmailDomainConfig[])
+    this.setBaseEmailDomains(this.dcRouter.options?.emailConfig?.domains as IEmailDomainConfig[] | undefined);
+  }
+
+  public setBaseEmailDomains(domains: IEmailDomainConfig[] | undefined): void {
+    this.baseEmailDomains = (domains || [])
       .map((domainConfig) => JSON.parse(JSON.stringify(domainConfig)) as IEmailDomainConfig);
   }
 

package/ts/email/classes.email-settings.manager.ts

@@ -0,0 +1,221 @@
+import type { IUnifiedEmailServerOptions } from '@push.rocks/smartmta';
+import { EmailServerSettingsDoc } from '../db/index.js';
+import type { IDcRouterOptions } from '../classes.dcrouter.js';
+import type {
+  IEmailPortConfig,
+  IEmailServerSettings,
+  TEmailServerSettingsUpdate,
+} from '../../ts_interfaces/data/email-settings.js';
+
+const defaultEmailPorts = [25, 587, 465];
+
+function clonePlain<T>(value: T | undefined): T | undefined {
+  if (value === undefined) return undefined;
+  return JSON.parse(JSON.stringify(value)) as T;
+}
+
+function hasOwn(objectArg: object, keyArg: string): boolean {
+  return Object.prototype.hasOwnProperty.call(objectArg, keyArg);
+}
+
+export class EmailSettingsManager {
+  private cachedEmailConfig?: IUnifiedEmailServerOptions;
+  private cachedEmailPortConfig?: IEmailPortConfig;
+  private enabled = false;
+  private updatedAt = 0;
+  private updatedBy = 'default';
+
+  constructor(private options: IDcRouterOptions) {}
+
+  public async start(): Promise<void> {
+    let doc = await EmailServerSettingsDoc.load();
+
+    if (!doc) {
+      doc = new EmailServerSettingsDoc();
+      doc.settingsId = 'email-server-settings';
+      doc.enabled = false;
+      doc.updatedAt = Date.now();
+      doc.updatedBy = 'default';
+      await doc.save();
+    }
+
+    this.loadFromDoc(doc);
+    this.applyToRuntimeOptions();
+  }
+
+  public async stop(): Promise<void> {
+    this.cachedEmailConfig = undefined;
+    this.cachedEmailPortConfig = undefined;
+    this.enabled = false;
+  }
+
+  public isEnabled(): boolean {
+    return this.enabled && Boolean(this.cachedEmailConfig);
+  }
+
+  public getEmailConfig(): IUnifiedEmailServerOptions | undefined {
+    return this.isEnabled() ? clonePlain(this.cachedEmailConfig) : undefined;
+  }
+
+  public getEmailPortConfig(): IEmailPortConfig | undefined {
+    return this.isEnabled() ? clonePlain(this.cachedEmailPortConfig) : undefined;
+  }
+
+  public getPublicSettings(): IEmailServerSettings {
+    const emailConfig = this.cachedEmailConfig;
+    const emailPortConfig = this.cachedEmailPortConfig;
+    return {
+      enabled: this.isEnabled(),
+      hostname: emailConfig?.hostname || null,
+      ports: [...(emailConfig?.ports || [])],
+      portMapping: emailPortConfig?.portMapping ? { ...emailPortConfig.portMapping } : null,
+      receivedEmailsPath: emailPortConfig?.receivedEmailsPath || null,
+      maxMessageSize: emailConfig?.maxMessageSize ?? null,
+      domainCount: emailConfig?.domains?.length || 0,
+      routeCount: emailConfig?.routes?.length || 0,
+      authUserCount: emailConfig?.auth?.users?.length || 0,
+      updatedAt: this.updatedAt,
+      updatedBy: this.updatedBy,
+    };
+  }
+
+  public async updateSettings(
+    updates: TEmailServerSettingsUpdate,
+    updatedBy: string,
+  ): Promise<IEmailServerSettings> {
+    let doc = await EmailServerSettingsDoc.load();
+    if (!doc) {
+      doc = new EmailServerSettingsDoc();
+      doc.settingsId = 'email-server-settings';
+    }
+
+    const nextEnabled = hasOwn(updates, 'enabled') ? Boolean(updates.enabled) : doc.enabled;
+    const nextEmailConfig = this.patchEmailConfig(doc.emailConfig, updates, nextEnabled);
+    const nextEmailPortConfig = this.patchEmailPortConfig(doc.emailPortConfig, updates);
+
+    doc.enabled = nextEnabled;
+    doc.emailConfig = nextEmailConfig;
+    doc.emailPortConfig = nextEmailPortConfig;
+    doc.updatedAt = Date.now();
+    doc.updatedBy = updatedBy;
+    await doc.save();
+
+    this.loadFromDoc(doc);
+    this.applyToRuntimeOptions();
+    return this.getPublicSettings();
+  }
+
+  private loadFromDoc(doc: EmailServerSettingsDoc): void {
+    this.enabled = doc.enabled;
+    this.cachedEmailConfig = clonePlain(doc.emailConfig);
+    this.cachedEmailPortConfig = clonePlain(doc.emailPortConfig);
+    this.updatedAt = doc.updatedAt;
+    this.updatedBy = doc.updatedBy;
+  }
+
+  private applyToRuntimeOptions(): void {
+    this.options.emailConfig = this.getEmailConfig();
+    this.options.emailPortConfig = this.getEmailPortConfig();
+  }
+
+  private patchEmailConfig(
+    existingConfig: IUnifiedEmailServerOptions | undefined,
+    updates: TEmailServerSettingsUpdate,
+    nextEnabled: boolean,
+  ): IUnifiedEmailServerOptions | undefined {
+    const nextConfig: IUnifiedEmailServerOptions | undefined = clonePlain(existingConfig) || (nextEnabled ? {
+      hostname: 'localhost',
+      ports: [...defaultEmailPorts],
+      domains: [],
+      routes: [],
+    } : undefined);
+
+    if (!nextConfig) return undefined;
+
+    if (hasOwn(updates, 'hostname')) {
+      const hostname = updates.hostname?.trim() || '';
+      if (nextEnabled && !hostname) {
+        throw new Error('Email hostname is required when email is enabled');
+      }
+      nextConfig.hostname = hostname || nextConfig.hostname;
+    }
+
+    if (hasOwn(updates, 'ports')) {
+      nextConfig.ports = this.normalizePorts(updates.ports || []);
+    }
+
+    if (hasOwn(updates, 'maxMessageSize')) {
+      if (updates.maxMessageSize === null || updates.maxMessageSize === undefined) {
+        delete nextConfig.maxMessageSize;
+      } else {
+        const maxMessageSize = Number(updates.maxMessageSize);
+        if (!Number.isInteger(maxMessageSize) || maxMessageSize <= 0) {
+          throw new Error('maxMessageSize must be a positive integer');
+        }
+        nextConfig.maxMessageSize = maxMessageSize;
+      }
+    }
+
+    if (nextEnabled) {
+      if (!nextConfig.hostname?.trim()) {
+        throw new Error('Email hostname is required when email is enabled');
+      }
+      nextConfig.ports = this.normalizePorts(nextConfig.ports || []);
+    }
+
+    nextConfig.domains = nextConfig.domains || [];
+    nextConfig.routes = nextConfig.routes || [];
+    return nextConfig;
+  }
+
+  private patchEmailPortConfig(
+    existingPortConfig: IEmailPortConfig | undefined,
+    updates: TEmailServerSettingsUpdate,
+  ): IEmailPortConfig | undefined {
+    const nextPortConfig: IEmailPortConfig = clonePlain(existingPortConfig) || {};
+    if (hasOwn(updates, 'portMapping')) {
+      if (updates.portMapping === null) {
+        delete nextPortConfig.portMapping;
+      } else {
+        nextPortConfig.portMapping = this.normalizePortMapping(updates.portMapping || {});
+      }
+    }
+    if (hasOwn(updates, 'receivedEmailsPath')) {
+      const receivedEmailsPath = updates.receivedEmailsPath?.trim() || '';
+      if (receivedEmailsPath) {
+        nextPortConfig.receivedEmailsPath = receivedEmailsPath;
+      } else {
+        delete nextPortConfig.receivedEmailsPath;
+      }
+    }
+    return Object.keys(nextPortConfig).length > 0 ? nextPortConfig : undefined;
+  }
+
+  private normalizePorts(ports: number[]): number[] {
+    const normalized = [...new Set(ports.map((port) => Number(port)))];
+    if (normalized.length === 0) {
+      throw new Error('At least one email port is required when email is enabled');
+    }
+    for (const port of normalized) {
+      if (!Number.isInteger(port) || port < 1 || port > 65535) {
+        throw new Error(`Invalid email port: ${port}`);
+      }
+    }
+    return normalized.sort((a, b) => a - b);
+  }
+
+  private normalizePortMapping(portMapping: Record<number, number>): Record<number, number> {
+    const normalized: Record<number, number> = {};
+    for (const [externalPortString, internalPortValue] of Object.entries(portMapping)) {
+      const externalPort = Number(externalPortString);
+      const internalPort = Number(internalPortValue);
+      for (const port of [externalPort, internalPort]) {
+        if (!Number.isInteger(port) || port < 1 || port > 65535) {
+          throw new Error(`Invalid email port mapping value: ${port}`);
+        }
+      }
+      normalized[externalPort] = internalPort;
+    }
+    return normalized;
+  }
+}

package/ts/email/index.ts

@@ -1,4 +1,5 @@
 export * from './classes.email-domain.manager.js';
+export * from './classes.email-settings.manager.js';
 export * from './classes.smartmta-storage-manager.js';
 export * from './classes.workapp-mail-manager.js';
 export * from './email-dns-records.js';

package/ts/opsserver/classes.opsserver.ts

@@ -23,6 +23,7 @@ export class OpsServer {
   private statsHandler!: handlers.StatsHandler;
   private radiusHandler!: handlers.RadiusHandler;
   private emailOpsHandler!: handlers.EmailOpsHandler;
+  private emailSettingsHandler!: handlers.EmailSettingsHandler;
   private certificateHandler!: handlers.CertificateHandler;
   private remoteIngressHandler!: handlers.RemoteIngressHandler;
   private routeManagementHandler!: handlers.RouteManagementHandler;
@@ -82,6 +83,7 @@ export class OpsServer {
     this.statsHandler = new handlers.StatsHandler(this);
     this.radiusHandler = new handlers.RadiusHandler(this);
     this.emailOpsHandler = new handlers.EmailOpsHandler(this);
+    this.emailSettingsHandler = new handlers.EmailSettingsHandler(this);
     this.certificateHandler = new handlers.CertificateHandler(this);
     this.remoteIngressHandler = new handlers.RemoteIngressHandler(this);
     this.routeManagementHandler = new handlers.RouteManagementHandler(this);

package/ts/opsserver/handlers/config.handler.ts

@@ -100,21 +100,23 @@ export class ConfigHandler {
     }
 
     let portMapping: Record<string, number> | null = null;
-    if (opts.emailPortConfig?.portMapping) {
+    const emailSettings = dcRouter.emailSettingsManager?.getPublicSettings();
+    const rawPortMapping = emailSettings?.portMapping || opts.emailPortConfig?.portMapping;
+    if (rawPortMapping) {
       portMapping = {};
-      for (const [ext, int] of Object.entries(opts.emailPortConfig.portMapping)) {
+      for (const [ext, int] of Object.entries(rawPortMapping)) {
         portMapping[String(ext)] = int as number;
       }
     }
 
     const email: interfaces.requests.IConfigData['email'] = {
-      enabled: !!dcRouter.emailServer,
-      ports: opts.emailConfig?.ports || [],
+      enabled: emailSettings?.enabled ?? !!dcRouter.emailServer,
+      ports: emailSettings?.ports || opts.emailConfig?.ports || [],
       portMapping,
-      hostname: opts.emailConfig?.hostname || null,
+      hostname: emailSettings?.hostname || opts.emailConfig?.hostname || null,
       domains: emailDomains,
-      emailRouteCount: opts.emailConfig?.routes?.length || 0,
-      receivedEmailsPath: opts.emailPortConfig?.receivedEmailsPath || null,
+      emailRouteCount: emailSettings?.routeCount ?? opts.emailConfig?.routes?.length ?? 0,
+      receivedEmailsPath: emailSettings?.receivedEmailsPath || opts.emailPortConfig?.receivedEmailsPath || null,
     };
 
     // --- DNS ---
@@ -186,16 +188,17 @@ export class ConfigHandler {
 
     // --- Remote Ingress ---
     const riCfg = opts.remoteIngressConfig;
+    const riSettings = dcRouter.remoteIngressManager?.getHubSettings();
     const connectedEdgeIps = dcRouter.tunnelManager?.getConnectedEdgeIps() || [];
 
     // Determine TLS mode: custom certs > ACME from cert store > self-signed fallback
     let tlsMode: 'custom' | 'acme' | 'self-signed' = 'self-signed';
     if (riCfg?.tls?.certPath && riCfg?.tls?.keyPath) {
       tlsMode = 'custom';
-    } else if (riCfg?.hubDomain) {
+    } else if (riSettings?.hubDomain) {
       try {
         const { ProxyCertDoc } = await import('../../db/index.js');
-        const stored = await ProxyCertDoc.findByDomain(riCfg.hubDomain);
+        const stored = await ProxyCertDoc.findByDomain(riSettings.hubDomain);
         if (stored?.publicKey && stored?.privateKey) {
           tlsMode = 'acme';
         }
@@ -203,12 +206,12 @@ export class ConfigHandler {
     }
 
     const remoteIngress: interfaces.requests.IConfigData['remoteIngress'] = {
-      enabled: !!dcRouter.remoteIngressManager,
-      tunnelPort: riCfg?.tunnelPort || null,
-      hubDomain: riCfg?.hubDomain || null,
+      enabled: !!riSettings?.enabled,
+      tunnelPort: riSettings?.tunnelPort || null,
+      hubDomain: riSettings?.hubDomain || null,
       tlsMode,
       connectedEdgeIps,
-      performance: dcRouter.remoteIngressManager?.getHubPerformanceConfig() || riCfg?.performance,
+      performance: riSettings?.performance,
     };
 
     return {

package/ts/opsserver/handlers/email-settings.handler.ts

@@ -0,0 +1,72 @@
+import * as plugins from '../../plugins.js';
+import type { OpsServer } from '../classes.opsserver.js';
+import * as interfaces from '../../../ts_interfaces/index.js';
+import { requireOpsAuth } from '../helpers/auth.js';
+
+export class EmailSettingsHandler {
+  public typedrouter = new plugins.typedrequest.TypedRouter();
+
+  constructor(private opsServerRef: OpsServer) {
+    this.opsServerRef.typedrouter.addTypedRouter(this.typedrouter);
+    this.registerHandlers();
+  }
+
+  private registerHandlers(): void {
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetEmailServerSettings>(
+        'getEmailServerSettings',
+        async (dataArg) => {
+          await requireOpsAuth(this.opsServerRef, dataArg, { scope: 'email-domains:read' as any });
+          return { settings: this.getSettings() };
+        },
+      ),
+    );
+
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_UpdateEmailServerSettings>(
+        'updateEmailServerSettings',
+        async (dataArg) => {
+          const auth = await requireOpsAuth(this.opsServerRef, dataArg, {
+            scope: 'email-domains:write' as any,
+            requireAdminIdentity: true,
+          });
+          const manager = this.opsServerRef.dcRouterRef.emailSettingsManager;
+          if (!manager) {
+            return { success: false, message: 'EmailSettingsManager not initialized' };
+          }
+          try {
+            const settings = await this.opsServerRef.dcRouterRef.updateEmailServerSettings(
+              dataArg.settings,
+              auth.userId,
+            );
+            return { success: true, settings };
+          } catch (err: unknown) {
+            return { success: false, message: (err as Error).message };
+          }
+        },
+      ),
+    );
+  }
+
+  private getSettings(): interfaces.data.IEmailServerSettings {
+    const manager = this.opsServerRef.dcRouterRef.emailSettingsManager;
+    if (manager) {
+      return manager.getPublicSettings();
+    }
+    const emailConfig = this.opsServerRef.dcRouterRef.options.emailConfig;
+    const emailPortConfig = this.opsServerRef.dcRouterRef.options.emailPortConfig;
+    return {
+      enabled: Boolean(emailConfig),
+      hostname: emailConfig?.hostname || null,
+      ports: [...(emailConfig?.ports || [])],
+      portMapping: emailPortConfig?.portMapping ? { ...emailPortConfig.portMapping } : null,
+      receivedEmailsPath: emailPortConfig?.receivedEmailsPath || null,
+      maxMessageSize: emailConfig?.maxMessageSize ?? null,
+      domainCount: emailConfig?.domains?.length || 0,
+      routeCount: emailConfig?.routes?.length || 0,
+      authUserCount: emailConfig?.auth?.users?.length || 0,
+      updatedAt: 0,
+      updatedBy: 'legacy-options',
+    };
+  }
+}

package/ts/opsserver/handlers/index.ts

@@ -5,6 +5,7 @@ export * from './security.handler.js';
 export * from './stats.handler.js';
 export * from './radius.handler.js';
 export * from './email-ops.handler.js';
+export * from './email-settings.handler.js';
 export * from './certificate.handler.js';
 export * from './remoteingress.handler.js';
 export * from './route-management.handler.js';

package/ts/opsserver/handlers/remoteingress.handler.ts

@@ -3,6 +3,10 @@ import type { OpsServer } from '../classes.opsserver.js';
 import * as interfaces from '../../../ts_interfaces/index.js';
 import { requireOpsAuth } from '../helpers/auth.js';
 
+function hasOwn(objectArg: object, keyArg: string): boolean {
+  return Object.prototype.hasOwnProperty.call(objectArg, keyArg);
+}
+
 export class RemoteIngressHandler {
   constructor(private opsServerRef: OpsServer) {
     this.registerHandlers();
@@ -197,6 +201,8 @@ export class RemoteIngressHandler {
           const manager = this.opsServerRef.dcRouterRef.remoteIngressManager;
           return {
             settings: manager?.getHubSettings() || {
+              enabled: false,
+              tunnelPort: 8443,
               updatedAt: 0,
               updatedBy: 'default',
             },
@@ -216,8 +222,22 @@ export class RemoteIngressHandler {
           });
 
           try {
+            const updates: interfaces.data.TRemoteIngressHubSettingsUpdate = {};
+            if (hasOwn(dataArg, 'enabled') && dataArg.enabled !== undefined) {
+              updates.enabled = dataArg.enabled;
+            }
+            if (hasOwn(dataArg, 'tunnelPort') && dataArg.tunnelPort !== undefined) {
+              updates.tunnelPort = dataArg.tunnelPort;
+            }
+            if (hasOwn(dataArg, 'hubDomain')) {
+              updates.hubDomain = dataArg.hubDomain ?? null;
+            }
+            if (hasOwn(dataArg, 'performance')) {
+              updates.performance = dataArg.performance ?? null;
+            }
+
             const settings = await this.opsServerRef.dcRouterRef.updateRemoteIngressHubSettings(
-              { performance: dataArg.performance },
+              updates,
               auth.userId,
             );
             return { success: true, settings };
@@ -250,16 +270,16 @@ export class RemoteIngressHandler {
             return { success: false, message: 'Edge is disabled' };
           }
 
-          const hubHost = dataArg.hubHost
-            || this.opsServerRef.dcRouterRef.options.remoteIngressConfig?.hubDomain;
+          const hubSettings = manager.getHubSettings();
+          const hubHost = dataArg.hubHost || hubSettings.hubDomain;
           if (!hubHost) {
             return {
               success: false,
-              message: 'No hub hostname configured. Set hubDomain in remoteIngressConfig or provide hubHost.',
+              message: 'No hub hostname configured. Set the RemoteIngress hub domain or provide hubHost.',
             };
           }
 
-          const hubPort = this.opsServerRef.dcRouterRef.options.remoteIngressConfig?.tunnelPort ?? 8443;
+          const hubPort = hubSettings.tunnelPort;
 
           const token = plugins.remoteingress.encodeConnectionToken({
             hubHost,

package/ts/opsserver/handlers/workhoster.handler.ts

@@ -282,7 +282,7 @@ export class WorkHosterHandler {
         outbound: Boolean(dcRouter.emailServer),
       },
       remoteIngress: {
-        enabled: Boolean(dcRouter.options.remoteIngressConfig?.enabled),
+        enabled: Boolean(dcRouter.remoteIngressManager?.getHubSettings().enabled),
       },
       dns: {
         authoritative: Boolean(dcRouter.options.dnsScopes?.length),