npm - @serve.zone/dcrouter - Versions diffs - 13.44.1 → 14.0.0 - Mend

@serve.zone/dcrouter 13.44.1 → 14.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (33) hide show

package/deno.json +1 -1
package/dist_serve/bundle.js +1882 -1453
package/dist_ts/00_commitinfo_data.js +2 -2
package/dist_ts/acme/manager.acme-config.d.ts +1 -14
package/dist_ts/acme/manager.acme-config.js +4 -65
package/dist_ts/classes.dcrouter.d.ts +7 -2
package/dist_ts/classes.dcrouter.js +105 -27
package/dist_ts/config/classes.api-token-manager.js +3 -3
package/dist_ts/db/documents/classes.acme-config.doc.d.ts +1 -3
package/dist_ts/db/documents/classes.acme-config.doc.js +2 -4
package/dist_ts/dns/manager.dns.d.ts +0 -13
package/dist_ts/dns/manager.dns.js +1 -81
package/dist_ts/opsserver/handlers/certificate.handler.d.ts +0 -9
package/dist_ts/opsserver/handlers/certificate.handler.js +1 -40
package/dist_ts/opsserver/handlers/config.handler.js +11 -12
package/dist_ts/opsserver/handlers/email-settings.handler.js +2 -2
package/dist_ts_interfaces/data/acme-config.d.ts +1 -3
package/dist_ts_interfaces/requests/certificate.d.ts +0 -12
package/dist_ts_migrations/index.js +2 -2
package/dist_ts_web/00_commitinfo_data.js +2 -2
package/dist_ts_web/elements/network/ops-view-routes.js +118 -142
package/package.json +4 -4
package/ts/00_commitinfo_data.ts +1 -1
package/ts/acme/manager.acme-config.ts +3 -77
package/ts/classes.dcrouter.ts +120 -28
package/ts/config/classes.api-token-manager.ts +2 -2
package/ts/db/documents/classes.acme-config.doc.ts +1 -3
package/ts/dns/manager.dns.ts +0 -103
package/ts/opsserver/handlers/certificate.handler.ts +0 -47
package/ts/opsserver/handlers/config.handler.ts +10 -11
package/ts/opsserver/handlers/email-settings.handler.ts +1 -1
package/ts_web/00_commitinfo_data.ts +1 -1
package/ts_web/elements/network/ops-view-routes.ts +124 -146

package/ts/acme/manager.acme-config.ts CHANGED Viewed

@@ -1,14 +1,12 @@
 import { logger } from '../logger.js';
 import { AcmeConfigDoc } from '../db/documents/index.js';
-import type { IDcRouterOptions } from '../classes.dcrouter.js';
 import type { IAcmeConfig } from '../../ts_interfaces/data/acme-config.js';
 /**
  * AcmeConfigManager — owns the singleton ACME configuration in the DB.
  *
  * Lifecycle:
- *  - `start()` — loads from the DB; if empty, seeds from legacy constructor
- *    fields (`tls.contactEmail`, `smartProxyConfig.acme.*`) on first boot.
+ *  - `start()` — loads the DB-backed singleton configuration.
  *  - `getConfig()` — returns the in-memory cached `IAcmeConfig` (or null)
  *  - `updateConfig(args, updatedBy)` — upserts and refreshes the cache
  *
@@ -20,32 +18,12 @@ import type { IAcmeConfig } from '../../ts_interfaces/data/acme-config.js';
 export class AcmeConfigManager {
   private cached: IAcmeConfig | null = null;
-  constructor(private options: IDcRouterOptions) {}
   public async start(): Promise<void> {
     logger.log('info', 'AcmeConfigManager: starting');
-    let doc = await AcmeConfigDoc.load();
+    const doc = await AcmeConfigDoc.load();
     if (!doc) {
-      // First-boot path: seed from legacy constructor fields if present.
-      const seed = this.deriveSeedFromOptions();
-      if (seed) {
-        doc = await this.createSeedDoc(seed);
-        logger.log(
-          'info',
-          `AcmeConfigManager: seeded from constructor legacy fields (accountEmail=${seed.accountEmail}, useProduction=${seed.useProduction})`,
-        );
-      } else {
-        logger.log(
-          'info',
-          'AcmeConfigManager: no AcmeConfig in DB and no legacy constructor fields — ACME disabled until configured via Domains > Certificates > Settings.',
-        );
-      }
-    } else if (this.deriveSeedFromOptions()) {
-      logger.log(
-        'warn',
-        'AcmeConfigManager: ignoring constructor tls.contactEmail / smartProxyConfig.acme — DB already has AcmeConfigDoc. Manage via Domains > Certificates > Settings.',
-      );
+      logger.log('info', 'AcmeConfigManager: no AcmeConfig in DB — ACME disabled until configured via Domains > Certificates > Settings.');
     }
     this.cached = doc ? this.toPlain(doc) : null;
@@ -116,58 +94,6 @@ export class AcmeConfigManager {
   // Internal helpers
   // ==========================================================================
-  /**
-   * Build a seed object from the legacy constructor fields. Returns null
-   * if the user has not provided any of them.
-   *
-   * Supports BOTH `tls.contactEmail` (short form) and `smartProxyConfig.acme`
-   * (full form). `smartProxyConfig.acme` wins when both are present.
-   */
-  private deriveSeedFromOptions(): Omit<IAcmeConfig, 'updatedAt' | 'updatedBy'> | null {
-    const acme = this.options.smartProxyConfig?.acme;
-    const tls = this.options.tls;
-    // Prefer the explicit smartProxyConfig.acme block if present.
-    if (acme?.accountEmail) {
-      return {
-        accountEmail: acme.accountEmail,
-        enabled: acme.enabled !== false,
-        useProduction: acme.useProduction !== false,
-        autoRenew: acme.autoRenew !== false,
-        renewThresholdDays: acme.renewThresholdDays ?? 30,
-      };
-    }
-    // Fall back to the short tls.contactEmail form.
-    if (tls?.contactEmail) {
-      return {
-        accountEmail: tls.contactEmail,
-        enabled: true,
-        useProduction: true,
-        autoRenew: true,
-        renewThresholdDays: 30,
-      };
-    }
-    return null;
-  }
-  private async createSeedDoc(
-    seed: Omit<IAcmeConfig, 'updatedAt' | 'updatedBy'>,
-  ): Promise<AcmeConfigDoc> {
-    const doc = new AcmeConfigDoc();
-    doc.configId = 'acme-config';
-    doc.accountEmail = seed.accountEmail;
-    doc.enabled = seed.enabled;
-    doc.useProduction = seed.useProduction;
-    doc.autoRenew = seed.autoRenew;
-    doc.renewThresholdDays = seed.renewThresholdDays;
-    doc.updatedAt = Date.now();
-    doc.updatedBy = 'seed';
-    await doc.save();
-    return doc;
-  }
   private toPlain(doc: AcmeConfigDoc): IAcmeConfig {
     return {
       accountEmail: doc.accountEmail,

package/ts/classes.dcrouter.ts CHANGED Viewed

@@ -454,14 +454,13 @@ export class DcRouter {
     // AcmeConfigManager: optional, depends on DcRouterDb — owns the singleton
     // ACME configuration (accountEmail, useProduction, etc.). Must run before
     // SmartProxy so setupSmartProxy() can read the ACME config from the DB.
-    // On first boot, seeds from legacy `tls.contactEmail` / `smartProxyConfig.acme`.
     if (this.options.dbConfig?.enabled !== false) {
       this.serviceManager.addService(
         new plugins.taskbuffer.Service('AcmeConfigManager')
           .optional()
           .dependsOn('DcRouterDb')
           .withStart(async () => {
-            this.acmeConfigManager = new AcmeConfigManager(this.options);
+            this.acmeConfigManager = new AcmeConfigManager();
             await this.acmeConfigManager.start();
           })
           .withStop(async () => {
@@ -813,7 +812,7 @@ export class DcRouter {
       ?? false;
   }
-  private getRemoteIngressHubSettingsLegacySeed(): TRemoteIngressHubSettingsUpdate {
+  private getRemoteIngressHubSettingsMigrationSeed(): TRemoteIngressHubSettingsUpdate {
     const remoteIngressConfig = this.options.remoteIngressConfig;
     const seed: TRemoteIngressHubSettingsUpdate = {};
     if (remoteIngressConfig?.enabled !== undefined) {
@@ -831,7 +830,7 @@ export class DcRouter {
     return seed;
   }
-  private getEmailSettingsLegacySeed(): IEmailServerSettingsSeed {
+  private getEmailSettingsMigrationSeed(): IEmailServerSettingsSeed {
     const seed: IEmailServerSettingsSeed = {};
     if (this.options.emailConfig) {
       seed.enabled = true;
@@ -1106,8 +1105,8 @@ export class DcRouter {
     // Run any pending data migrations before anything else reads from the DB.
     // This must complete before ConfigManagers loads profiles.
     const migration = await createMigrationRunner(this.dcRouterDb.getDb(), commitinfo.version, {
-      remoteIngressHubSettings: this.getRemoteIngressHubSettingsLegacySeed(),
-      emailServerSettings: this.getEmailSettingsLegacySeed(),
+      remoteIngressHubSettings: this.getRemoteIngressHubSettingsMigrationSeed(),
+      emailServerSettings: this.getEmailSettingsMigrationSeed(),
     });
     const migrationResult = await migration.run();
     if (migrationResult.stepsApplied.length > 0) {
@@ -1172,7 +1171,7 @@ export class DcRouter {
     // Combined routes for SmartProxy bootstrap (before DB routes are loaded)
     let routes: plugins.smartproxy.IRouteConfig[] = [
       ...this.seedConfigRoutes,
-      ...this.seedEmailRoutes,
+      ...this.getRuntimeEmailRoutes(this.seedEmailRoutes as IDcRouterRouteConfig[]),
       ...this.runtimeDnsRoutes,
     ];
@@ -1715,6 +1714,115 @@ export class DcRouter {
     return dnsRoutes;
   }
+  private getRuntimeEmailRoutes(emailRoutes: IDcRouterRouteConfig[]): plugins.smartproxy.IRouteConfig[] {
+    return emailRoutes.map((route) => this.createServerFirstEmailRuntimeRoute(route) || route);
+  }
+  private getCurrentGeneratedEmailRouteNames(): Set<string> {
+    const sourceRoutes = this.seedEmailRoutes.length > 0
+      ? this.seedEmailRoutes
+      : this.options.emailConfig
+        ? this.generateEmailRoutes(this.options.emailConfig)
+        : [];
+    return new Set(sourceRoutes.map((route) => route.name).filter(Boolean) as string[]);
+  }
+  private shouldHydrateGeneratedEmailRoute(storedRoute: IRoute): boolean {
+    if (storedRoute.origin !== 'email') {
+      return false;
+    }
+    const routeName = storedRoute.route.name;
+    if (!routeName || !this.getCurrentGeneratedEmailRouteNames().has(routeName)) {
+      return false;
+    }
+    const expectedSystemKey = `email:${routeName}`;
+    return !storedRoute.systemKey || storedRoute.systemKey === expectedSystemKey;
+  }
+  private createServerFirstEmailRuntimeRoute(
+    route: plugins.smartproxy.IRouteConfig,
+  ): plugins.smartproxy.IRouteConfig | undefined {
+    const action = route.action as any;
+    if (action?.type !== 'forward') {
+      return undefined;
+    }
+    const tlsMode = action.tls?.mode;
+    if (tlsMode === 'terminate' || tlsMode === 'terminate-and-reencrypt') {
+      return undefined;
+    }
+    const routePorts = plugins.smartproxy.expandPortRange(route.match?.ports as any) as number[];
+    if (routePorts.length !== 1) {
+      return undefined;
+    }
+    const target = action.targets?.[0];
+    if (!target || action.targets.length !== 1 || typeof target.port !== 'number') {
+      return undefined;
+    }
+    if (typeof target.host !== 'string') {
+      return undefined;
+    }
+    const targetHost = target.host === 'localhost' ? '127.0.0.1' : target.host;
+    return {
+      ...route,
+      action: {
+        type: 'socket-handler' as any,
+        socketHandler: this.createEmailSocketProxyHandler(targetHost, target.port),
+      } as any,
+    };
+  }
+  private createEmailSocketProxyHandler(
+    targetHost: string,
+    targetPort: number,
+  ): NonNullable<plugins.smartproxy.IRouteConfig['action']['socketHandler']> {
+    return (clientSocket) => {
+      let backendSocket: plugins.net.Socket | undefined;
+      let connectTimeout: ReturnType<typeof setTimeout> & { unref?: () => void };
+      let cleanupDone = false;
+      const cleanup = () => {
+        if (cleanupDone) return;
+        cleanupDone = true;
+        clearTimeout(connectTimeout);
+        clientSocket.removeListener('timeout', cleanup);
+        clientSocket.removeListener('error', cleanup);
+        clientSocket.removeListener('end', cleanup);
+        clientSocket.removeListener('close', cleanup);
+        backendSocket?.removeListener('timeout', cleanup);
+        backendSocket?.removeListener('error', cleanup);
+        backendSocket?.removeListener('end', cleanup);
+        backendSocket?.removeListener('close', cleanup);
+        clientSocket.destroy();
+        backendSocket?.destroy();
+      };
+      connectTimeout = setTimeout(() => {
+        cleanup();
+      }, 30_000);
+      connectTimeout.unref?.();
+      clientSocket.setTimeout(300_000);
+      clientSocket.on('timeout', cleanup);
+      clientSocket.on('error', cleanup);
+      clientSocket.on('end', cleanup);
+      clientSocket.on('close', cleanup);
+      backendSocket = plugins.net.connect(targetPort, targetHost, () => {
+        clearTimeout(connectTimeout);
+        backendSocket?.setTimeout(300_000);
+        clientSocket.pipe(backendSocket!);
+        backendSocket!.pipe(clientSocket);
+      });
+      backendSocket.setTimeout(30_000);
+      backendSocket.on('timeout', cleanup);
+      backendSocket.on('error', cleanup);
+      backendSocket.on('end', cleanup);
+      backendSocket.on('close', cleanup);
+    };
+  }
   private hydrateStoredRouteForRuntime(storedRoute: IRoute): plugins.smartproxy.IRouteConfig | undefined {
     const routeName = storedRoute.route.name || '';
     const isDohRoute = storedRoute.origin === 'dns'
@@ -1722,6 +1830,9 @@ export class DcRouter {
       && routeName.startsWith('dns-over-https-');
     if (!isDohRoute) {
+      if (this.shouldHydrateGeneratedEmailRoute(storedRoute)) {
+        return this.createServerFirstEmailRuntimeRoute(storedRoute.route);
+      }
       return undefined;
     }
@@ -1860,28 +1971,9 @@ export class DcRouter {
       465: 10465   // SMTPS
     };
-    // Transform domains if they are provided as strings
-    let transformedDomains = this.options.emailConfig.domains;
-    if (transformedDomains && transformedDomains.length > 0) {
-      // Check if domains are strings (for backward compatibility)
-      if (typeof transformedDomains[0] === 'string') {
-        transformedDomains = (transformedDomains as any).map((domain: string) => ({
-          domain,
-          dnsMode: 'external-dns' as const,
-          dkim: {
-            selector: 'default',
-            keySize: 2048,
-            rotateKeys: false,
-            rotationInterval: 90
-          }
-        }));
-      }
-    }
     // Create config with mapped ports
     const emailConfig: IUnifiedEmailServerOptions = await this.workAppMailManager.applyStoredIdentitiesToEmailConfig({
       ...this.options.emailConfig,
-      domains: transformedDomains,
       ports: this.options.emailConfig.ports.map(port => portMapping[port] || port + 10000),
       persistRoutes: this.options.emailConfig.persistRoutes ?? false,
       queue: {
@@ -2251,8 +2343,8 @@ export class DcRouter {
      // Ensure DKIM keys exist for internal-dns domains before generating records.
      await this.initializeDkimForEmailDomains();
-     // Generate DKIM records directly from smartmta instead of scanning legacy JSON files.
-     const dkimRecords = await this.loadDkimRecords();
+      // Generate DKIM records directly from smartmta.
+      const dkimRecords = await this.loadDkimRecords();
     // Combine all records: authoritative, email, DKIM, and user-defined
     const allRecords = [...authoritativeRecords, ...emailDnsRecords, ...dkimRecords];

package/ts/config/classes.api-token-manager.ts CHANGED Viewed

@@ -111,13 +111,13 @@ export class ApiTokenManager {
     const scopes = new Set<TApiTokenScope>([...token.scopes, ...(token.policy?.scopes || [])]);
     if (scopes.has(scope)) return true;
-    const compatibilityAliases: Partial<Record<TApiTokenScope, TApiTokenScope[]>> = {
+    const equivalentScopes: Partial<Record<TApiTokenScope, TApiTokenScope[]>> = {
       'gateway-clients:read': ['workhosters:read'],
       'gateway-clients:write': ['workhosters:write'],
       'workhosters:read': ['gateway-clients:read'],
       'workhosters:write': ['gateway-clients:write'],
     };
-    return Boolean(compatibilityAliases[scope]?.some((alias) => scopes.has(alias)));
+    return Boolean(equivalentScopes[scope]?.some((alias) => scopes.has(alias)));
   }
   /**

package/ts/db/documents/classes.acme-config.doc.ts CHANGED Viewed

@@ -8,9 +8,7 @@ const getDb = () => DcRouterDb.getInstance().getDb();
  * keyed on the fixed `configId = 'acme-config'` following the
  * `VpnServerKeysDoc` pattern.
  *
- * Replaces the legacy `tls.contactEmail` and `smartProxyConfig.acme.*`
- * constructor fields. Managed via the OpsServer UI at
- * **Domains > Certificates > Settings**.
+ * Managed via the OpsServer UI at **Domains > Certificates > Settings**.
  */
 @plugins.smartdata.Collection(() => getDb())
 export class AcmeConfigDoc extends plugins.smartdata.SmartDataDbDoc<AcmeConfigDoc, AcmeConfigDoc> {

package/ts/dns/manager.dns.ts CHANGED Viewed

@@ -24,7 +24,6 @@ import type {
  *
  * Responsibilities:
  *  - Load Domain/DnsRecord docs from the DB on start
- *  - First-boot seeding from legacy constructor config (dnsScopes/dnsRecords/dnsNsDomains)
  *  - Register dcrouter-hosted domain records with smartdns.DnsServer at startup
  *  - Provide CRUD methods used by OpsServer handlers (dcrouter-hosted domains hit
  *    smartdns, provider domains hit the provider API)
@@ -53,13 +52,8 @@ export class DnsManager {
   // Lifecycle
   // ==========================================================================
-  /**
-   * Called from DcRouter after DcRouterDb is up. Performs first-boot seeding
-   * from legacy constructor config if (and only if) the DB is empty.
-   */
   public async start(): Promise<void> {
     logger.log('info', 'DnsManager: starting');
-    await this.seedFromConstructorConfigIfEmpty();
   }
   public async stop(): Promise<void> {
@@ -77,103 +71,6 @@ export class DnsManager {
     await this.applyDcrouterDomainsToDnsServer();
   }
-  // ==========================================================================
-  // First-boot seeding
-  // ==========================================================================
-  /**
-   * If no DomainDocs exist yet but the constructor has legacy DNS fields,
-   * seed them as dcrouter-hosted (`domain.source: 'dcrouter'`) zones with
-   * local (`record.source: 'local'`) records. On subsequent boots (DB has
-   * entries), constructor config is ignored with a warning.
-   */
-  private async seedFromConstructorConfigIfEmpty(): Promise<void> {
-    const existingDomains = await DomainDoc.findAll();
-    const hasLegacyConfig =
-      (this.options.dnsScopes && this.options.dnsScopes.length > 0) ||
-      (this.options.dnsRecords && this.options.dnsRecords.length > 0);
-    if (existingDomains.length > 0) {
-      if (hasLegacyConfig) {
-        logger.log(
-          'warn',
-          'DnsManager: DB has DomainDoc entries — ignoring legacy dnsScopes/dnsRecords constructor config. ' +
-            'dnsNsDomains is still required for nameserver and DoH bootstrap unless that moves into DB-backed config.',
-        );
-      }
-      return;
-    }
-    if (!hasLegacyConfig) {
-      return;
-    }
-    logger.log('info', 'DnsManager: seeding DB from legacy constructor DNS config');
-    const now = Date.now();
-    const seededDomains = new Map<string, DomainDoc>();
-    // Create one DomainDoc per dnsScope (these are the authoritative zones)
-    for (const scope of this.options.dnsScopes ?? []) {
-      const domain = new DomainDoc();
-      domain.id = plugins.uuid.v4();
-      domain.name = scope.toLowerCase();
-      domain.source = 'dcrouter';
-      domain.authoritative = true;
-      domain.createdAt = now;
-      domain.updatedAt = now;
-      domain.createdBy = 'seed';
-      await domain.save();
-      seededDomains.set(domain.name, domain);
-      logger.log('info', `DnsManager: seeded DomainDoc for ${domain.name}`);
-    }
-    // Map each legacy dnsRecord to its parent DomainDoc
-    for (const rec of this.options.dnsRecords ?? []) {
-      const parent = this.findParentDomain(rec.name, seededDomains);
-      if (!parent) {
-        logger.log(
-          'warn',
-          `DnsManager: legacy dnsRecord '${rec.name}' has no matching dnsScope — skipping seed`,
-        );
-        continue;
-      }
-      const record = new DnsRecordDoc();
-      record.id = plugins.uuid.v4();
-      record.domainId = parent.id;
-      record.name = rec.name.toLowerCase();
-      record.type = rec.type as TDnsRecordType;
-      record.value = rec.value;
-      record.ttl = rec.ttl ?? 300;
-      record.source = 'local';
-      record.createdAt = now;
-      record.updatedAt = now;
-      record.createdBy = 'seed';
-      await record.save();
-    }
-    logger.log(
-      'info',
-      `DnsManager: seeded ${seededDomains.size} domain(s) and ${this.options.dnsRecords?.length ?? 0} record(s) from legacy config`,
-    );
-  }
-  private findParentDomain(
-    recordName: string,
-    domains: Map<string, DomainDoc>,
-  ): DomainDoc | null {
-    const lower = recordName.toLowerCase().replace(/^\*\./, '');
-    let candidate: DomainDoc | null = null;
-    for (const [name, doc] of domains) {
-      if (lower === name || lower.endsWith(`.${name}`)) {
-        if (!candidate || name.length > candidate.name.length) {
-          candidate = doc;
-        }
-      }
-    }
-    return candidate;
-  }
   // ==========================================================================
   // DcRouter-hosted domain DnsServer wiring
   // ==========================================================================

package/ts/opsserver/handlers/certificate.handler.ts CHANGED Viewed

@@ -61,17 +61,6 @@ export class CertificateHandler {
       )
     );
-    // Legacy route-based reprovision (backward compat)
-    router.addTypedHandler(
-      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_ReprovisionCertificate>(
-        'reprovisionCertificate',
-        async (dataArg) => {
-          await this.requireAuth(dataArg, 'certificates:write');
-          return this.reprovisionCertificateByRoute(dataArg.routeName);
-        }
-      )
-    );
     // Domain-based reprovision (preferred)
     router.addTypedHandler(
       new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_ReprovisionCertificateDomain>(
@@ -336,42 +325,6 @@ export class CertificateHandler {
     return summary;
   }
-  /**
-   * Legacy route-based reprovisioning. Kept for backward compatibility with
-   * older clients that send `reprovisionCertificate` typed-requests.
-   *
-   * Like reprovisionCertificateDomain, this triggers the full route apply
-   * pipeline rather than smartProxy.provisionCertificate(routeName) — which
-   * is a no-op when certProvisionFunction is set (Rust ACME disabled).
-   */
-  private async reprovisionCertificateByRoute(routeName: string): Promise<{ success: boolean; message?: string }> {
-    const dcRouter = this.opsServerRef.dcRouterRef;
-    const smartProxy = dcRouter.smartProxy;
-    if (!smartProxy) {
-      return { success: false, message: 'SmartProxy is not running' };
-    }
-    // Clear event-based status for domains in this route so the
-    // certificate-issued event can refresh them
-    for (const [domain, entry] of dcRouter.certificateStatusMap) {
-      if (entry.routeNames.includes(routeName)) {
-        dcRouter.certificateStatusMap.delete(domain);
-      }
-    }
-    try {
-      if (dcRouter.routeConfigManager) {
-        await dcRouter.routeConfigManager.applyRoutes();
-      } else {
-        await smartProxy.updateRoutes(smartProxy.routeManager.getRoutes());
-      }
-      return { success: true, message: `Certificate reprovisioning triggered for route '${routeName}'` };
-    } catch (err: unknown) {
-      return { success: false, message: (err as Error).message || 'Failed to reprovision certificate' };
-    }
-  }
   /**
    * Domain-based reprovisioning — clears backoff first, refreshes the smartacme
    * cert (when forceRenew is set), then re-applies routes so the running Rust

package/ts/opsserver/handlers/config.handler.ts CHANGED Viewed

@@ -59,15 +59,15 @@ export class ConfigHandler {
     };
     // --- SmartProxy ---
+    const acmeConfig = dcRouter.acmeConfigManager?.getConfig();
     let acmeInfo: interfaces.requests.IConfigData['smartProxy']['acme'] = null;
-    if (opts.smartProxyConfig?.acme) {
-      const acme = opts.smartProxyConfig.acme;
+    if (acmeConfig) {
       acmeInfo = {
-        enabled: acme.enabled !== false,
-        accountEmail: acme.accountEmail || '',
-        useProduction: acme.useProduction !== false,
-        autoRenew: acme.autoRenew !== false,
-        renewThresholdDays: acme.renewThresholdDays || 30,
+        enabled: acmeConfig.enabled,
+        accountEmail: acmeConfig.accountEmail,
+        useProduction: acmeConfig.useProduction,
+        autoRenew: acmeConfig.autoRenew,
+        renewThresholdDays: acmeConfig.renewThresholdDays,
       };
     }
@@ -127,8 +127,7 @@ export class ConfigHandler {
       ttl: r.ttl,
     }));
-    // dnsChallenge: true when at least one DnsProviderDoc exists in the DB
-    // (replaces the legacy `dnsChallenge.cloudflareApiKey` constructor field).
+    // dnsChallenge: true when at least one DnsProviderDoc exists in the DB.
     let dnsChallengeEnabled = false;
     try {
       dnsChallengeEnabled = (await dcRouter.dnsManager?.hasAnyManagedDomain()) ?? false;
@@ -150,12 +149,12 @@ export class ConfigHandler {
     let tlsSource: 'acme' | 'static' | 'none' = 'none';
     if (opts.tls?.certPath && opts.tls?.keyPath) {
       tlsSource = 'static';
-    } else if (opts.smartProxyConfig?.acme?.enabled !== false && opts.smartProxyConfig?.acme) {
+    } else if (acmeConfig?.enabled) {
       tlsSource = 'acme';
     }
     const tls: interfaces.requests.IConfigData['tls'] = {
-      contactEmail: opts.tls?.contactEmail || opts.smartProxyConfig?.acme?.accountEmail || null,
+      contactEmail: acmeConfig?.accountEmail || null,
       domain: opts.tls?.domain || null,
       source: tlsSource,
       certPath: opts.tls?.certPath || null,

package/ts/opsserver/handlers/email-settings.handler.ts CHANGED Viewed

@@ -66,7 +66,7 @@ export class EmailSettingsHandler {
       routeCount: emailConfig?.routes?.length || 0,
       authUserCount: emailConfig?.auth?.users?.length || 0,
       updatedAt: 0,
-      updatedBy: 'legacy-options',
+      updatedBy: 'runtime-options',
     };
   }
 }

package/ts_web/00_commitinfo_data.ts CHANGED Viewed

@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@serve.zone/dcrouter',
-  version: '13.44.1',
+  version: '14.0.0',
   description: 'A multifaceted routing service handling mail and SMS delivery functions.'
 }