@serve.zone/dcrouter 13.45.0 → 14.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/deno.json +1 -1
- package/dist_ts/00_commitinfo_data.js +2 -2
- package/dist_ts/acme/manager.acme-config.d.ts +1 -14
- package/dist_ts/acme/manager.acme-config.js +4 -65
- package/dist_ts/classes.dcrouter.d.ts +2 -2
- package/dist_ts/classes.dcrouter.js +7 -26
- package/dist_ts/config/classes.api-token-manager.js +3 -3
- package/dist_ts/db/documents/classes.acme-config.doc.d.ts +1 -3
- package/dist_ts/db/documents/classes.acme-config.doc.js +2 -4
- package/dist_ts/dns/manager.dns.d.ts +0 -13
- package/dist_ts/dns/manager.dns.js +1 -81
- package/dist_ts/opsserver/handlers/certificate.handler.d.ts +0 -9
- package/dist_ts/opsserver/handlers/certificate.handler.js +1 -40
- package/dist_ts/opsserver/handlers/config.handler.js +11 -12
- package/dist_ts/opsserver/handlers/email-settings.handler.js +2 -2
- package/dist_ts_interfaces/data/acme-config.d.ts +1 -3
- package/dist_ts_interfaces/requests/certificate.d.ts +0 -12
- package/dist_ts_migrations/index.js +2 -2
- package/dist_ts_web/00_commitinfo_data.js +2 -2
- package/package.json +2 -2
- package/ts/00_commitinfo_data.ts +1 -1
- package/ts/acme/manager.acme-config.ts +3 -77
- package/ts/classes.dcrouter.ts +7 -27
- package/ts/config/classes.api-token-manager.ts +2 -2
- package/ts/db/documents/classes.acme-config.doc.ts +1 -3
- package/ts/dns/manager.dns.ts +0 -103
- package/ts/opsserver/handlers/certificate.handler.ts +0 -47
- package/ts/opsserver/handlers/config.handler.ts +10 -11
- package/ts/opsserver/handlers/email-settings.handler.ts +1 -1
- package/ts_web/00_commitinfo_data.ts +1 -1
|
@@ -47,15 +47,15 @@ export class ConfigHandler {
|
|
|
47
47
|
storagePath: opts.dbConfig?.storagePath || resolvedPaths.defaultTsmDbPath,
|
|
48
48
|
};
|
|
49
49
|
// --- SmartProxy ---
|
|
50
|
+
const acmeConfig = dcRouter.acmeConfigManager?.getConfig();
|
|
50
51
|
let acmeInfo = null;
|
|
51
|
-
if (
|
|
52
|
-
const acme = opts.smartProxyConfig.acme;
|
|
52
|
+
if (acmeConfig) {
|
|
53
53
|
acmeInfo = {
|
|
54
|
-
enabled:
|
|
55
|
-
accountEmail:
|
|
56
|
-
useProduction:
|
|
57
|
-
autoRenew:
|
|
58
|
-
renewThresholdDays:
|
|
54
|
+
enabled: acmeConfig.enabled,
|
|
55
|
+
accountEmail: acmeConfig.accountEmail,
|
|
56
|
+
useProduction: acmeConfig.useProduction,
|
|
57
|
+
autoRenew: acmeConfig.autoRenew,
|
|
58
|
+
renewThresholdDays: acmeConfig.renewThresholdDays,
|
|
59
59
|
};
|
|
60
60
|
}
|
|
61
61
|
let routeCount = 0;
|
|
@@ -109,8 +109,7 @@ export class ConfigHandler {
|
|
|
109
109
|
value: r.value,
|
|
110
110
|
ttl: r.ttl,
|
|
111
111
|
}));
|
|
112
|
-
// dnsChallenge: true when at least one DnsProviderDoc exists in the DB
|
|
113
|
-
// (replaces the legacy `dnsChallenge.cloudflareApiKey` constructor field).
|
|
112
|
+
// dnsChallenge: true when at least one DnsProviderDoc exists in the DB.
|
|
114
113
|
let dnsChallengeEnabled = false;
|
|
115
114
|
try {
|
|
116
115
|
dnsChallengeEnabled = (await dcRouter.dnsManager?.hasAnyManagedDomain()) ?? false;
|
|
@@ -132,11 +131,11 @@ export class ConfigHandler {
|
|
|
132
131
|
if (opts.tls?.certPath && opts.tls?.keyPath) {
|
|
133
132
|
tlsSource = 'static';
|
|
134
133
|
}
|
|
135
|
-
else if (
|
|
134
|
+
else if (acmeConfig?.enabled) {
|
|
136
135
|
tlsSource = 'acme';
|
|
137
136
|
}
|
|
138
137
|
const tls = {
|
|
139
|
-
contactEmail:
|
|
138
|
+
contactEmail: acmeConfig?.accountEmail || null,
|
|
140
139
|
domain: opts.tls?.domain || null,
|
|
141
140
|
source: tlsSource,
|
|
142
141
|
certPath: opts.tls?.certPath || null,
|
|
@@ -203,4 +202,4 @@ export class ConfigHandler {
|
|
|
203
202
|
};
|
|
204
203
|
}
|
|
205
204
|
}
|
|
206
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
205
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29uZmlnLmhhbmRsZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi90cy9vcHNzZXJ2ZXIvaGFuZGxlcnMvY29uZmlnLmhhbmRsZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxLQUFLLE9BQU8sTUFBTSxrQkFBa0IsQ0FBQztBQUM1QyxPQUFPLEtBQUssS0FBSyxNQUFNLGdCQUFnQixDQUFDO0FBRXhDLE9BQU8sS0FBSyxVQUFVLE1BQU0saUNBQWlDLENBQUM7QUFDOUQsT0FBTyxFQUFFLGNBQWMsRUFBRSxNQUFNLG9CQUFvQixDQUFDO0FBRXBELE1BQU0sT0FBTyxhQUFhO0lBQ0o7SUFBcEIsWUFBb0IsWUFBdUI7UUFBdkIsaUJBQVksR0FBWixZQUFZLENBQVc7UUFDekMsSUFBSSxDQUFDLGdCQUFnQixFQUFFLENBQUM7SUFDMUIsQ0FBQztJQUVPLGdCQUFnQjtRQUN0Qiw0RkFBNEY7UUFDNUYsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQyxVQUFVLENBQUM7UUFFNUMsd0NBQXdDO1FBQ3hDLE1BQU0sQ0FBQyxlQUFlLENBQ3BCLElBQUksT0FBTyxDQUFDLFlBQVksQ0FBQyxZQUFZLENBQ25DLGtCQUFrQixFQUNsQixLQUFLLEVBQUUsT0FBTyxFQUFFLFFBQVEsRUFBRSxFQUFFO1lBQzFCLE1BQU0sY0FBYyxDQUFDLElBQUksQ0FBQyxZQUFZLEVBQUUsT0FBTyxFQUFFLEVBQUUsS0FBSyxFQUFFLGFBQWEsRUFBRSxDQUFDLENBQUM7WUFDM0UsTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztZQUM3QyxPQUFPO2dCQUNMLE1BQU07Z0JBQ04sT0FBTyxFQUFFLE9BQU8sQ0FBQyxPQUFPO2FBQ3pCLENBQUM7UUFDSixDQUFDLENBQ0YsQ0FDRixDQUFDO0lBQ0osQ0FBQztJQUVPLEtBQUssQ0FBQyxnQkFBZ0I7UUFDNUIsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQyxXQUFXLENBQUM7UUFDL0MsTUFBTSxJQUFJLEdBQUcsUUFBUSxDQUFDLE9BQU8sQ0FBQztRQUM5QixNQUFNLGFBQWEsR0FBRyxRQUFRLENBQUMsYUFBYSxDQUFDO1FBRTdDLGlCQUFpQjtRQUNqQixNQUFNLGNBQWMsR0FBdUMsSUFBSSxDQUFDLFFBQVEsRUFBRSxVQUFVO1lBQ2xGLENBQUMsQ0FBQyxRQUFRO1lBQ1YsQ0FBQyxDQUFDLFlBQVksQ0FBQztRQUVqQiwrRUFBK0U7UUFDL0UsSUFBSSxRQUFRLEdBQUcsSUFBSSxDQUFDLFFBQVEsSUFBSSxFQUFFLENBQUM7UUFDbkMsSUFBSSxRQUFRLENBQUMsTUFBTSxLQUFLLENBQUMsSUFBSSxRQUFRLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDakQsTUFBTSxVQUFVLEdBQUksUUFBUSxDQUFDLFVBQWtCLENBQUMsUUFBUSxDQUFDO1lBQ3pELElBQUksVUFBVSxFQUFFLFFBQVEsRUFBRSxNQUFNLEdBQUcsQ0FBQyxFQUFFLENBQUM7Z0JBQ3JDLFFBQVEsR0FBRyxVQUFVLENBQUMsUUFBUSxDQUFDO1lBQ2pDLENBQUM7UUFDSCxDQUFDO1FBRUQsTUFBTSxNQUFNLEdBQThDO1lBQ3hELE9BQU8sRUFBRSxhQUFhLENBQUMsZUFBZTtZQUN0QyxPQUFPLEVBQUUsYUFBYSxDQUFDLE9BQU87WUFDOUIsUUFBUSxFQUFFLElBQUksQ0FBQyxRQUFRLElBQUksUUFBUSxDQUFDLGdCQUFnQixJQUFJLElBQUk7WUFDNUQsUUFBUTtZQUNSLE1BQU0sRUFBRSxJQUFJLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUNwQyxjQUFjO1lBQ2QsV0FBVyxFQUFFLElBQUksQ0FBQyxRQUFRLEVBQUUsV0FBVyxJQUFJLGFBQWEsQ0FBQyxnQkFBZ0I7U0FDMUUsQ0FBQztRQUVGLHFCQUFxQjtRQUNyQixNQUFNLFVBQVUsR0FBRyxRQUFRLENBQUMsaUJBQWlCLEVBQUUsU0FBUyxFQUFFLENBQUM7UUFDM0QsSUFBSSxRQUFRLEdBQTBELElBQUksQ0FBQztRQUMzRSxJQUFJLFVBQVUsRUFBRSxDQUFDO1lBQ2YsUUFBUSxHQUFHO2dCQUNULE9BQU8sRUFBRSxVQUFVLENBQUMsT0FBTztnQkFDM0IsWUFBWSxFQUFFLFVBQVUsQ0FBQyxZQUFZO2dCQUNyQyxhQUFhLEVBQUUsVUFBVSxDQUFDLGFBQWE7Z0JBQ3ZDLFNBQVMsRUFBRSxVQUFVLENBQUMsU0FBUztnQkFDL0Isa0JBQWtCLEVBQUUsVUFBVSxDQUFDLGtCQUFrQjthQUNsRCxDQUFDO1FBQ0osQ0FBQztRQUVELElBQUksVUFBVSxHQUFHLENBQUMsQ0FBQztRQUNuQixJQUFJLFFBQVEsQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO1lBQ2hDLElBQUksQ0FBQztnQkFDSCxNQUFNLE1BQU0sR0FBRyxNQUFNLFFBQVEsQ0FBQyxrQkFBa0IsQ0FBQyxlQUFlLEVBQUUsQ0FBQztnQkFDbkUsVUFBVSxHQUFHLE1BQU0sQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDO1lBQ3BDLENBQUM7WUFBQyxNQUFNLENBQUM7Z0JBQ1AsVUFBVSxHQUFHLElBQUksQ0FBQyxnQkFBZ0IsRUFBRSxNQUFNLEVBQUUsTUFBTSxJQUFJLENBQUMsQ0FBQztZQUMxRCxDQUFDO1FBQ0gsQ0FBQzthQUFNLElBQUksSUFBSSxDQUFDLGdCQUFnQixFQUFFLE1BQU0sRUFBRSxDQUFDO1lBQ3pDLFVBQVUsR0FBRyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQztRQUNuRCxDQUFDO1FBRUQsTUFBTSxVQUFVLEdBQWtEO1lBQ2hFLE9BQU8sRUFBRSxDQUFDLENBQUMsUUFBUSxDQUFDLFVBQVU7WUFDOUIsVUFBVTtZQUNWLElBQUksRUFBRSxRQUFRO1NBQ2YsQ0FBQztRQUVGLGdCQUFnQjtRQUNoQixJQUFJLFlBQVksR0FBYSxFQUFFLENBQUM7UUFDaEMsSUFBSSxRQUFRLENBQUMsV0FBVyxJQUFLLFFBQVEsQ0FBQyxXQUFtQixDQUFDLGNBQWMsRUFBRSxDQUFDO1lBQ3pFLFlBQVksR0FBSSxRQUFRLENBQUMsV0FBbUIsQ0FBQyxjQUFjLENBQUMsYUFBYSxFQUFFLENBQUM7UUFDOUUsQ0FBQzthQUFNLElBQUksSUFBSSxDQUFDLFdBQVcsRUFBRSxPQUFPLEVBQUUsQ0FBQztZQUNyQyxZQUFZLEdBQUcsSUFBSSxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBTSxFQUFFLEVBQUUsQ0FDckQsT0FBTyxDQUFDLEtBQUssUUFBUSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQ3JDLENBQUM7UUFDSixDQUFDO1FBRUQsSUFBSSxXQUFXLEdBQWtDLElBQUksQ0FBQztRQUN0RCxNQUFNLGFBQWEsR0FBRyxRQUFRLENBQUMsb0JBQW9CLEVBQUUsaUJBQWlCLEVBQUUsQ0FBQztRQUN6RSxNQUFNLGNBQWMsR0FBRyxhQUFhLEVBQUUsV0FBVyxJQUFJLElBQUksQ0FBQyxlQUFlLEVBQUUsV0FBVyxDQUFDO1FBQ3ZGLElBQUksY0FBYyxFQUFFLENBQUM7WUFDbkIsV0FBVyxHQUFHLEVBQUUsQ0FBQztZQUNqQixLQUFLLE1BQU0sQ0FBQyxHQUFHLEVBQUUsR0FBRyxDQUFDLElBQUksTUFBTSxDQUFDLE9BQU8sQ0FBQyxjQUFjLENBQUMsRUFBRSxDQUFDO2dCQUN4RCxXQUFXLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDLEdBQUcsR0FBYSxDQUFDO1lBQzNDLENBQUM7UUFDSCxDQUFDO1FBRUQsTUFBTSxLQUFLLEdBQTZDO1lBQ3RELE9BQU8sRUFBRSxhQUFhLEVBQUUsT0FBTyxJQUFJLENBQUMsQ0FBQyxRQUFRLENBQUMsV0FBVztZQUN6RCxLQUFLLEVBQUUsYUFBYSxFQUFFLEtBQUssSUFBSSxJQUFJLENBQUMsV0FBVyxFQUFFLEtBQUssSUFBSSxFQUFFO1lBQzVELFdBQVc7WUFDWCxRQUFRLEVBQUUsYUFBYSxFQUFFLFFBQVEsSUFBSSxJQUFJLENBQUMsV0FBVyxFQUFFLFFBQVEsSUFBSSxJQUFJO1lBQ3ZFLE9BQU8sRUFBRSxZQUFZO1lBQ3JCLGVBQWUsRUFBRSxhQUFhLEVBQUUsVUFBVSxJQUFJLElBQUksQ0FBQyxXQUFXLEVBQUUsTUFBTSxFQUFFLE1BQU0sSUFBSSxDQUFDO1lBQ25GLGtCQUFrQixFQUFFLGFBQWEsRUFBRSxrQkFBa0IsSUFBSSxJQUFJLENBQUMsZUFBZSxFQUFFLGtCQUFrQixJQUFJLElBQUk7U0FDMUcsQ0FBQztRQUVGLGNBQWM7UUFDZCxNQUFNLFVBQVUsR0FBRyxDQUFDLElBQUksQ0FBQyxVQUFVLElBQUksRUFBRSxDQUFDLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQztZQUNuRCxJQUFJLEVBQUUsQ0FBQyxDQUFDLElBQUk7WUFDWixJQUFJLEVBQUUsQ0FBQyxDQUFDLElBQUk7WUFDWixLQUFLLEVBQUUsQ0FBQyxDQUFDLEtBQUs7WUFDZCxHQUFHLEVBQUUsQ0FBQyxDQUFDLEdBQUc7U0FDWCxDQUFDLENBQUMsQ0FBQztRQUVKLHdFQUF3RTtRQUN4RSxJQUFJLG1CQUFtQixHQUFHLEtBQUssQ0FBQztRQUNoQyxJQUFJLENBQUM7WUFDSCxtQkFBbUIsR0FBRyxDQUFDLE1BQU0sUUFBUSxDQUFDLFVBQVUsRUFBRSxtQkFBbUIsRUFBRSxDQUFDLElBQUksS0FBSyxDQUFDO1FBQ3BGLENBQUM7UUFBQyxNQUFNLENBQUM7WUFDUCxtQkFBbUIsR0FBRyxLQUFLLENBQUM7UUFDOUIsQ0FBQztRQUVELE1BQU0sR0FBRyxHQUEyQztZQUNsRCxPQUFPLEVBQUUsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxTQUFTO1lBQzdCLElBQUksRUFBRSxFQUFFO1lBQ1IsU0FBUyxFQUFFLElBQUksQ0FBQyxZQUFZLElBQUksRUFBRTtZQUNsQyxNQUFNLEVBQUUsSUFBSSxDQUFDLFNBQVMsSUFBSSxFQUFFO1lBQzVCLFdBQVcsRUFBRSxVQUFVLENBQUMsTUFBTTtZQUM5QixPQUFPLEVBQUUsVUFBVTtZQUNuQixZQUFZLEVBQUUsbUJBQW1CO1NBQ2xDLENBQUM7UUFFRixjQUFjO1FBQ2QsSUFBSSxTQUFTLEdBQStCLE1BQU0sQ0FBQztRQUNuRCxJQUFJLElBQUksQ0FBQyxHQUFHLEVBQUUsUUFBUSxJQUFJLElBQUksQ0FBQyxHQUFHLEVBQUUsT0FBTyxFQUFFLENBQUM7WUFDNUMsU0FBUyxHQUFHLFFBQVEsQ0FBQztRQUN2QixDQUFDO2FBQU0sSUFBSSxVQUFVLEVBQUUsT0FBTyxFQUFFLENBQUM7WUFDL0IsU0FBUyxHQUFHLE1BQU0sQ0FBQztRQUNyQixDQUFDO1FBRUQsTUFBTSxHQUFHLEdBQTJDO1lBQ2xELFlBQVksRUFBRSxVQUFVLEVBQUUsWUFBWSxJQUFJLElBQUk7WUFDOUMsTUFBTSxFQUFFLElBQUksQ0FBQyxHQUFHLEVBQUUsTUFBTSxJQUFJLElBQUk7WUFDaEMsTUFBTSxFQUFFLFNBQVM7WUFDakIsUUFBUSxFQUFFLElBQUksQ0FBQyxHQUFHLEVBQUUsUUFBUSxJQUFJLElBQUk7WUFDcEMsT0FBTyxFQUFFLElBQUksQ0FBQyxHQUFHLEVBQUUsT0FBTyxJQUFJLElBQUk7U0FDbkMsQ0FBQztRQUVGLG1CQUFtQjtRQUNuQixNQUFNLFFBQVEsR0FBRyxJQUFJLENBQUMsUUFBUSxDQUFDO1FBQy9CLE1BQU0sS0FBSyxHQUE2QztZQUN0RCxPQUFPLEVBQUUsUUFBUSxFQUFFLE9BQU8sS0FBSyxLQUFLO1lBQ3BDLFdBQVcsRUFBRSxRQUFRLEVBQUUsV0FBVyxJQUFJLGFBQWEsQ0FBQyxnQkFBZ0I7WUFDcEUsTUFBTSxFQUFFLFFBQVEsRUFBRSxNQUFNLElBQUksVUFBVTtZQUN0QyxjQUFjLEVBQUUsRUFBRTtZQUNsQixvQkFBb0IsRUFBRSxRQUFRLEVBQUUsb0JBQW9CLElBQUksQ0FBQztZQUN6RCxTQUFTLEVBQUUsRUFBRTtTQUNkLENBQUM7UUFFRixpQkFBaUI7UUFDakIsTUFBTSxTQUFTLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQztRQUNwQyxNQUFNLE1BQU0sR0FBOEM7WUFDeEQsT0FBTyxFQUFFLENBQUMsQ0FBQyxRQUFRLENBQUMsWUFBWTtZQUNoQyxRQUFRLEVBQUUsU0FBUyxFQUFFLFFBQVEsSUFBSSxJQUFJO1lBQ3JDLFFBQVEsRUFBRSxTQUFTLEVBQUUsUUFBUSxJQUFJLElBQUk7WUFDckMsV0FBVyxFQUFFLFNBQVMsRUFBRSxXQUFXLElBQUksSUFBSTtZQUMzQyxXQUFXLEVBQUUsU0FBUyxFQUFFLE9BQU8sRUFBRSxNQUFNLElBQUksQ0FBQztZQUM1QyxlQUFlLEVBQUUsU0FBUyxFQUFFLGNBQWMsRUFBRSxXQUFXLElBQUksSUFBSTtZQUMvRCxvQkFBb0IsRUFBRSxTQUFTLEVBQUUsY0FBYyxFQUFFLGdCQUFnQixJQUFJLElBQUk7WUFDekUsZ0JBQWdCLEVBQUUsU0FBUyxFQUFFLGNBQWMsRUFBRSxRQUFRLEVBQUUsTUFBTSxJQUFJLENBQUM7U0FDbkUsQ0FBQztRQUVGLHlCQUF5QjtRQUN6QixNQUFNLEtBQUssR0FBRyxJQUFJLENBQUMsbUJBQW1CLENBQUM7UUFDdkMsTUFBTSxVQUFVLEdBQUcsUUFBUSxDQUFDLG9CQUFvQixFQUFFLGNBQWMsRUFBRSxDQUFDO1FBQ25FLE1BQU0sZ0JBQWdCLEdBQUcsUUFBUSxDQUFDLGFBQWEsRUFBRSxtQkFBbUIsRUFBRSxJQUFJLEVBQUUsQ0FBQztRQUU3RSxpRkFBaUY7UUFDakYsSUFBSSxPQUFPLEdBQXNDLGFBQWEsQ0FBQztRQUMvRCxJQUFJLEtBQUssRUFBRSxHQUFHLEVBQUUsUUFBUSxJQUFJLEtBQUssRUFBRSxHQUFHLEVBQUUsT0FBTyxFQUFFLENBQUM7WUFDaEQsT0FBTyxHQUFHLFFBQVEsQ0FBQztRQUNyQixDQUFDO2FBQU0sSUFBSSxVQUFVLEVBQUUsU0FBUyxFQUFFLENBQUM7WUFDakMsSUFBSSxDQUFDO2dCQUNILE1BQU0sRUFBRSxZQUFZLEVBQUUsR0FBRyxNQUFNLE1BQU0sQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDO2dCQUMzRCxNQUFNLE1BQU0sR0FBRyxNQUFNLFlBQVksQ0FBQyxZQUFZLENBQUMsVUFBVSxDQUFDLFNBQVMsQ0FBQyxDQUFDO2dCQUNyRSxJQUFJLE1BQU0sRUFBRSxTQUFTLElBQUksTUFBTSxFQUFFLFVBQVUsRUFBRSxDQUFDO29CQUM1QyxPQUFPLEdBQUcsTUFBTSxDQUFDO2dCQUNuQixDQUFDO1lBQ0gsQ0FBQztZQUFDLE1BQU0sQ0FBQyxDQUFDLG9CQUFvQixDQUFDLENBQUM7UUFDbEMsQ0FBQztRQUVELE1BQU0sYUFBYSxHQUFxRDtZQUN0RSxPQUFPLEVBQUUsQ0FBQyxDQUFDLFVBQVUsRUFBRSxPQUFPO1lBQzlCLFVBQVUsRUFBRSxVQUFVLEVBQUUsVUFBVSxJQUFJLElBQUk7WUFDMUMsU0FBUyxFQUFFLFVBQVUsRUFBRSxTQUFTLElBQUksSUFBSTtZQUN4QyxPQUFPO1lBQ1AsZ0JBQWdCO1lBQ2hCLFdBQVcsRUFBRSxVQUFVLEVBQUUsV0FBVztTQUNyQyxDQUFDO1FBRUYsT0FBTztZQUNMLE1BQU07WUFDTixVQUFVO1lBQ1YsS0FBSztZQUNMLEdBQUc7WUFDSCxHQUFHO1lBQ0gsS0FBSztZQUNMLE1BQU07WUFDTixhQUFhO1NBQ2QsQ0FBQztJQUNKLENBQUM7Q0FDRiJ9
|
|
@@ -50,8 +50,8 @@ export class EmailSettingsHandler {
|
|
|
50
50
|
routeCount: emailConfig?.routes?.length || 0,
|
|
51
51
|
authUserCount: emailConfig?.auth?.users?.length || 0,
|
|
52
52
|
updatedAt: 0,
|
|
53
|
-
updatedBy: '
|
|
53
|
+
updatedBy: 'runtime-options',
|
|
54
54
|
};
|
|
55
55
|
}
|
|
56
56
|
}
|
|
57
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
57
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZW1haWwtc2V0dGluZ3MuaGFuZGxlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3RzL29wc3NlcnZlci9oYW5kbGVycy9lbWFpbC1zZXR0aW5ncy5oYW5kbGVyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sS0FBSyxPQUFPLE1BQU0sa0JBQWtCLENBQUM7QUFFNUMsT0FBTyxLQUFLLFVBQVUsTUFBTSxpQ0FBaUMsQ0FBQztBQUM5RCxPQUFPLEVBQUUsY0FBYyxFQUFFLE1BQU0sb0JBQW9CLENBQUM7QUFFcEQsTUFBTSxPQUFPLG9CQUFvQjtJQUdYO0lBRmIsV0FBVyxHQUFHLElBQUksT0FBTyxDQUFDLFlBQVksQ0FBQyxXQUFXLEVBQUUsQ0FBQztJQUU1RCxZQUFvQixZQUF1QjtRQUF2QixpQkFBWSxHQUFaLFlBQVksQ0FBVztRQUN6QyxJQUFJLENBQUMsWUFBWSxDQUFDLFdBQVcsQ0FBQyxjQUFjLENBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1FBQy9ELElBQUksQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDO0lBQzFCLENBQUM7SUFFTyxnQkFBZ0I7UUFDdEIsSUFBSSxDQUFDLFdBQVcsQ0FBQyxlQUFlLENBQzlCLElBQUksT0FBTyxDQUFDLFlBQVksQ0FBQyxZQUFZLENBQ25DLHdCQUF3QixFQUN4QixLQUFLLEVBQUUsT0FBTyxFQUFFLEVBQUU7WUFDaEIsTUFBTSxjQUFjLENBQUMsSUFBSSxDQUFDLFlBQVksRUFBRSxPQUFPLEVBQUUsRUFBRSxLQUFLLEVBQUUsb0JBQTJCLEVBQUUsQ0FBQyxDQUFDO1lBQ3pGLE9BQU8sRUFBRSxRQUFRLEVBQUUsSUFBSSxDQUFDLFdBQVcsRUFBRSxFQUFFLENBQUM7UUFDMUMsQ0FBQyxDQUNGLENBQ0YsQ0FBQztRQUVGLElBQUksQ0FBQyxXQUFXLENBQUMsZUFBZSxDQUM5QixJQUFJLE9BQU8sQ0FBQyxZQUFZLENBQUMsWUFBWSxDQUNuQywyQkFBMkIsRUFDM0IsS0FBSyxFQUFFLE9BQU8sRUFBRSxFQUFFO1lBQ2hCLE1BQU0sSUFBSSxHQUFHLE1BQU0sY0FBYyxDQUFDLElBQUksQ0FBQyxZQUFZLEVBQUUsT0FBTyxFQUFFO2dCQUM1RCxLQUFLLEVBQUUscUJBQTRCO2dCQUNuQyxvQkFBb0IsRUFBRSxJQUFJO2FBQzNCLENBQUMsQ0FBQztZQUNILE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDLG9CQUFvQixDQUFDO1lBQ25FLElBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQztnQkFDYixPQUFPLEVBQUUsT0FBTyxFQUFFLEtBQUssRUFBRSxPQUFPLEVBQUUsc0NBQXNDLEVBQUUsQ0FBQztZQUM3RSxDQUFDO1lBQ0QsSUFBSSxDQUFDO2dCQUNILE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBSSxDQUFDLFlBQVksQ0FBQyxXQUFXLENBQUMseUJBQXlCLENBQzVFLE9BQU8sQ0FBQyxRQUFRLEVBQ2hCLElBQUksQ0FBQyxNQUFNLENBQ1osQ0FBQztnQkFDRixPQUFPLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxRQUFRLEVBQUUsQ0FBQztZQUNyQyxDQUFDO1lBQUMsT0FBTyxHQUFZLEVBQUUsQ0FBQztnQkFDdEIsT0FBTyxFQUFFLE9BQU8sRUFBRSxLQUFLLEVBQUUsT0FBTyxFQUFHLEdBQWEsQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUM3RCxDQUFDO1FBQ0gsQ0FBQyxDQUNGLENBQ0YsQ0FBQztJQUNKLENBQUM7SUFFTyxXQUFXO1FBQ2pCLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDLG9CQUFvQixDQUFDO1FBQ25FLElBQUksT0FBTyxFQUFFLENBQUM7WUFDWixPQUFPLE9BQU8sQ0FBQyxpQkFBaUIsRUFBRSxDQUFDO1FBQ3JDLENBQUM7UUFDRCxNQUFNLFdBQVcsR0FBRyxJQUFJLENBQUMsWUFBWSxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsV0FBVyxDQUFDO1FBQ3RFLE1BQU0sZUFBZSxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDLE9BQU8sQ0FBQyxlQUFlLENBQUM7UUFDOUUsT0FBTztZQUNMLE9BQU8sRUFBRSxPQUFPLENBQUMsV0FBVyxDQUFDO1lBQzdCLFFBQVEsRUFBRSxXQUFXLEVBQUUsUUFBUSxJQUFJLElBQUk7WUFDdkMsS0FBSyxFQUFFLENBQUMsR0FBRyxDQUFDLFdBQVcsRUFBRSxLQUFLLElBQUksRUFBRSxDQUFDLENBQUM7WUFDdEMsV0FBVyxFQUFFLGVBQWUsRUFBRSxXQUFXLENBQUMsQ0FBQyxDQUFDLEVBQUUsR0FBRyxlQUFlLENBQUMsV0FBVyxFQUFFLENBQUMsQ0FBQyxDQUFDLElBQUk7WUFDckYsa0JBQWtCLEVBQUUsZUFBZSxFQUFFLGtCQUFrQixJQUFJLElBQUk7WUFDL0QsY0FBYyxFQUFFLFdBQVcsRUFBRSxjQUFjLElBQUksSUFBSTtZQUNuRCxXQUFXLEVBQUUsV0FBVyxFQUFFLE9BQU8sRUFBRSxNQUFNLElBQUksQ0FBQztZQUM5QyxVQUFVLEVBQUUsV0FBVyxFQUFFLE1BQU0sRUFBRSxNQUFNLElBQUksQ0FBQztZQUM1QyxhQUFhLEVBQUUsV0FBVyxFQUFFLElBQUksRUFBRSxLQUFLLEVBQUUsTUFBTSxJQUFJLENBQUM7WUFDcEQsU0FBUyxFQUFFLENBQUM7WUFDWixTQUFTLEVBQUUsaUJBQWlCO1NBQzdCLENBQUM7SUFDSixDQUFDO0NBQ0YifQ==
|
|
@@ -1,9 +1,7 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* ACME configuration for automated TLS certificate issuance via Let's Encrypt.
|
|
3
3
|
*
|
|
4
|
-
* Persisted as a singleton `AcmeConfigDoc` in the DcRouterDb.
|
|
5
|
-
* legacy constructor fields `tls.contactEmail` / `smartProxyConfig.acme.*`
|
|
6
|
-
* which are now seed-only (used once on first boot if the DB is empty).
|
|
4
|
+
* Persisted as a singleton `AcmeConfigDoc` in the DcRouterDb.
|
|
7
5
|
*
|
|
8
6
|
* Managed via the OpsServer UI at **Domains > Certificates > Settings**.
|
|
9
7
|
*/
|
|
@@ -37,18 +37,6 @@ export interface IReq_GetCertificateOverview extends plugins.typedrequestInterfa
|
|
|
37
37
|
};
|
|
38
38
|
};
|
|
39
39
|
}
|
|
40
|
-
export interface IReq_ReprovisionCertificate extends plugins.typedrequestInterfaces.implementsTR<plugins.typedrequestInterfaces.ITypedRequest, IReq_ReprovisionCertificate> {
|
|
41
|
-
method: 'reprovisionCertificate';
|
|
42
|
-
request: {
|
|
43
|
-
identity?: authInterfaces.IIdentity;
|
|
44
|
-
apiToken?: string;
|
|
45
|
-
routeName: string;
|
|
46
|
-
};
|
|
47
|
-
response: {
|
|
48
|
-
success: boolean;
|
|
49
|
-
message?: string;
|
|
50
|
-
};
|
|
51
|
-
}
|
|
52
40
|
export interface IReq_ReprovisionCertificateDomain extends plugins.typedrequestInterfaces.implementsTR<plugins.typedrequestInterfaces.ITypedRequest, IReq_ReprovisionCertificateDomain> {
|
|
53
41
|
method: 'reprovisionCertificateDomain';
|
|
54
42
|
request: {
|
|
@@ -407,7 +407,7 @@ export async function createMigrationRunner(db, targetVersion, options = {}) {
|
|
|
407
407
|
.from('13.1.0').to('13.8.1')
|
|
408
408
|
.description('Rename DomainDoc.source value from "manual" to "dcrouter"')
|
|
409
409
|
.up(async (ctx) => {
|
|
410
|
-
const collection = ctx.mongo.collection('
|
|
410
|
+
const collection = ctx.mongo.collection('DomainDoc');
|
|
411
411
|
const result = await collection.updateMany({ source: 'manual' }, { $set: { source: 'dcrouter' } });
|
|
412
412
|
ctx.log.log('info', `rename-domain-source-manual-to-dcrouter: migrated ${result.modifiedCount} domain(s)`);
|
|
413
413
|
})
|
|
@@ -415,7 +415,7 @@ export async function createMigrationRunner(db, targetVersion, options = {}) {
|
|
|
415
415
|
.from('13.8.1').to('13.8.2')
|
|
416
416
|
.description('Rename DnsRecordDoc.source value from "manual" to "local"')
|
|
417
417
|
.up(async (ctx) => {
|
|
418
|
-
const collection = ctx.mongo.collection('
|
|
418
|
+
const collection = ctx.mongo.collection('DnsRecordDoc');
|
|
419
419
|
const result = await collection.updateMany({ source: 'manual' }, { $set: { source: 'local' } });
|
|
420
420
|
ctx.log.log('info', `rename-record-source-manual-to-local: migrated ${result.modifiedCount} record(s)`);
|
|
421
421
|
})
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
*/
|
|
4
4
|
export const commitinfo = {
|
|
5
5
|
name: '@serve.zone/dcrouter',
|
|
6
|
-
version: '
|
|
6
|
+
version: '14.0.0',
|
|
7
7
|
description: 'A multifaceted routing service handling mail and SMS delivery functions.'
|
|
8
8
|
};
|
|
9
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
9
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiMDBfY29tbWl0aW5mb19kYXRhLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vdHNfd2ViLzAwX2NvbW1pdGluZm9fZGF0YS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQTs7R0FFRztBQUNILE1BQU0sQ0FBQyxNQUFNLFVBQVUsR0FBRztJQUN4QixJQUFJLEVBQUUsc0JBQXNCO0lBQzVCLE9BQU8sRUFBRSxRQUFRO0lBQ2pCLFdBQVcsRUFBRSwwRUFBMEU7Q0FDeEYsQ0FBQSJ9
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@serve.zone/dcrouter",
|
|
3
3
|
"private": false,
|
|
4
|
-
"version": "
|
|
4
|
+
"version": "14.0.0",
|
|
5
5
|
"description": "A multifaceted routing service handling mail and SMS delivery functions.",
|
|
6
6
|
"type": "module",
|
|
7
7
|
"bin": {
|
|
@@ -50,7 +50,7 @@
|
|
|
50
50
|
"@push.rocks/smartnetwork": "^4.7.2",
|
|
51
51
|
"@push.rocks/smartpath": "^6.0.0",
|
|
52
52
|
"@push.rocks/smartpromise": "^4.2.4",
|
|
53
|
-
"@push.rocks/smartproxy": "^27.12.
|
|
53
|
+
"@push.rocks/smartproxy": "^27.12.7",
|
|
54
54
|
"@push.rocks/smartradius": "^1.3.0",
|
|
55
55
|
"@push.rocks/smartrequest": "^5.0.3",
|
|
56
56
|
"@push.rocks/smartrx": "^3.0.10",
|
package/ts/00_commitinfo_data.ts
CHANGED
|
@@ -1,14 +1,12 @@
|
|
|
1
1
|
import { logger } from '../logger.js';
|
|
2
2
|
import { AcmeConfigDoc } from '../db/documents/index.js';
|
|
3
|
-
import type { IDcRouterOptions } from '../classes.dcrouter.js';
|
|
4
3
|
import type { IAcmeConfig } from '../../ts_interfaces/data/acme-config.js';
|
|
5
4
|
|
|
6
5
|
/**
|
|
7
6
|
* AcmeConfigManager — owns the singleton ACME configuration in the DB.
|
|
8
7
|
*
|
|
9
8
|
* Lifecycle:
|
|
10
|
-
* - `start()` — loads
|
|
11
|
-
* fields (`tls.contactEmail`, `smartProxyConfig.acme.*`) on first boot.
|
|
9
|
+
* - `start()` — loads the DB-backed singleton configuration.
|
|
12
10
|
* - `getConfig()` — returns the in-memory cached `IAcmeConfig` (or null)
|
|
13
11
|
* - `updateConfig(args, updatedBy)` — upserts and refreshes the cache
|
|
14
12
|
*
|
|
@@ -20,32 +18,12 @@ import type { IAcmeConfig } from '../../ts_interfaces/data/acme-config.js';
|
|
|
20
18
|
export class AcmeConfigManager {
|
|
21
19
|
private cached: IAcmeConfig | null = null;
|
|
22
20
|
|
|
23
|
-
constructor(private options: IDcRouterOptions) {}
|
|
24
|
-
|
|
25
21
|
public async start(): Promise<void> {
|
|
26
22
|
logger.log('info', 'AcmeConfigManager: starting');
|
|
27
|
-
|
|
23
|
+
const doc = await AcmeConfigDoc.load();
|
|
28
24
|
|
|
29
25
|
if (!doc) {
|
|
30
|
-
|
|
31
|
-
const seed = this.deriveSeedFromOptions();
|
|
32
|
-
if (seed) {
|
|
33
|
-
doc = await this.createSeedDoc(seed);
|
|
34
|
-
logger.log(
|
|
35
|
-
'info',
|
|
36
|
-
`AcmeConfigManager: seeded from constructor legacy fields (accountEmail=${seed.accountEmail}, useProduction=${seed.useProduction})`,
|
|
37
|
-
);
|
|
38
|
-
} else {
|
|
39
|
-
logger.log(
|
|
40
|
-
'info',
|
|
41
|
-
'AcmeConfigManager: no AcmeConfig in DB and no legacy constructor fields — ACME disabled until configured via Domains > Certificates > Settings.',
|
|
42
|
-
);
|
|
43
|
-
}
|
|
44
|
-
} else if (this.deriveSeedFromOptions()) {
|
|
45
|
-
logger.log(
|
|
46
|
-
'warn',
|
|
47
|
-
'AcmeConfigManager: ignoring constructor tls.contactEmail / smartProxyConfig.acme — DB already has AcmeConfigDoc. Manage via Domains > Certificates > Settings.',
|
|
48
|
-
);
|
|
26
|
+
logger.log('info', 'AcmeConfigManager: no AcmeConfig in DB — ACME disabled until configured via Domains > Certificates > Settings.');
|
|
49
27
|
}
|
|
50
28
|
|
|
51
29
|
this.cached = doc ? this.toPlain(doc) : null;
|
|
@@ -116,58 +94,6 @@ export class AcmeConfigManager {
|
|
|
116
94
|
// Internal helpers
|
|
117
95
|
// ==========================================================================
|
|
118
96
|
|
|
119
|
-
/**
|
|
120
|
-
* Build a seed object from the legacy constructor fields. Returns null
|
|
121
|
-
* if the user has not provided any of them.
|
|
122
|
-
*
|
|
123
|
-
* Supports BOTH `tls.contactEmail` (short form) and `smartProxyConfig.acme`
|
|
124
|
-
* (full form). `smartProxyConfig.acme` wins when both are present.
|
|
125
|
-
*/
|
|
126
|
-
private deriveSeedFromOptions(): Omit<IAcmeConfig, 'updatedAt' | 'updatedBy'> | null {
|
|
127
|
-
const acme = this.options.smartProxyConfig?.acme;
|
|
128
|
-
const tls = this.options.tls;
|
|
129
|
-
|
|
130
|
-
// Prefer the explicit smartProxyConfig.acme block if present.
|
|
131
|
-
if (acme?.accountEmail) {
|
|
132
|
-
return {
|
|
133
|
-
accountEmail: acme.accountEmail,
|
|
134
|
-
enabled: acme.enabled !== false,
|
|
135
|
-
useProduction: acme.useProduction !== false,
|
|
136
|
-
autoRenew: acme.autoRenew !== false,
|
|
137
|
-
renewThresholdDays: acme.renewThresholdDays ?? 30,
|
|
138
|
-
};
|
|
139
|
-
}
|
|
140
|
-
|
|
141
|
-
// Fall back to the short tls.contactEmail form.
|
|
142
|
-
if (tls?.contactEmail) {
|
|
143
|
-
return {
|
|
144
|
-
accountEmail: tls.contactEmail,
|
|
145
|
-
enabled: true,
|
|
146
|
-
useProduction: true,
|
|
147
|
-
autoRenew: true,
|
|
148
|
-
renewThresholdDays: 30,
|
|
149
|
-
};
|
|
150
|
-
}
|
|
151
|
-
|
|
152
|
-
return null;
|
|
153
|
-
}
|
|
154
|
-
|
|
155
|
-
private async createSeedDoc(
|
|
156
|
-
seed: Omit<IAcmeConfig, 'updatedAt' | 'updatedBy'>,
|
|
157
|
-
): Promise<AcmeConfigDoc> {
|
|
158
|
-
const doc = new AcmeConfigDoc();
|
|
159
|
-
doc.configId = 'acme-config';
|
|
160
|
-
doc.accountEmail = seed.accountEmail;
|
|
161
|
-
doc.enabled = seed.enabled;
|
|
162
|
-
doc.useProduction = seed.useProduction;
|
|
163
|
-
doc.autoRenew = seed.autoRenew;
|
|
164
|
-
doc.renewThresholdDays = seed.renewThresholdDays;
|
|
165
|
-
doc.updatedAt = Date.now();
|
|
166
|
-
doc.updatedBy = 'seed';
|
|
167
|
-
await doc.save();
|
|
168
|
-
return doc;
|
|
169
|
-
}
|
|
170
|
-
|
|
171
97
|
private toPlain(doc: AcmeConfigDoc): IAcmeConfig {
|
|
172
98
|
return {
|
|
173
99
|
accountEmail: doc.accountEmail,
|
package/ts/classes.dcrouter.ts
CHANGED
|
@@ -454,14 +454,13 @@ export class DcRouter {
|
|
|
454
454
|
// AcmeConfigManager: optional, depends on DcRouterDb — owns the singleton
|
|
455
455
|
// ACME configuration (accountEmail, useProduction, etc.). Must run before
|
|
456
456
|
// SmartProxy so setupSmartProxy() can read the ACME config from the DB.
|
|
457
|
-
// On first boot, seeds from legacy `tls.contactEmail` / `smartProxyConfig.acme`.
|
|
458
457
|
if (this.options.dbConfig?.enabled !== false) {
|
|
459
458
|
this.serviceManager.addService(
|
|
460
459
|
new plugins.taskbuffer.Service('AcmeConfigManager')
|
|
461
460
|
.optional()
|
|
462
461
|
.dependsOn('DcRouterDb')
|
|
463
462
|
.withStart(async () => {
|
|
464
|
-
this.acmeConfigManager = new AcmeConfigManager(
|
|
463
|
+
this.acmeConfigManager = new AcmeConfigManager();
|
|
465
464
|
await this.acmeConfigManager.start();
|
|
466
465
|
})
|
|
467
466
|
.withStop(async () => {
|
|
@@ -813,7 +812,7 @@ export class DcRouter {
|
|
|
813
812
|
?? false;
|
|
814
813
|
}
|
|
815
814
|
|
|
816
|
-
private
|
|
815
|
+
private getRemoteIngressHubSettingsMigrationSeed(): TRemoteIngressHubSettingsUpdate {
|
|
817
816
|
const remoteIngressConfig = this.options.remoteIngressConfig;
|
|
818
817
|
const seed: TRemoteIngressHubSettingsUpdate = {};
|
|
819
818
|
if (remoteIngressConfig?.enabled !== undefined) {
|
|
@@ -831,7 +830,7 @@ export class DcRouter {
|
|
|
831
830
|
return seed;
|
|
832
831
|
}
|
|
833
832
|
|
|
834
|
-
private
|
|
833
|
+
private getEmailSettingsMigrationSeed(): IEmailServerSettingsSeed {
|
|
835
834
|
const seed: IEmailServerSettingsSeed = {};
|
|
836
835
|
if (this.options.emailConfig) {
|
|
837
836
|
seed.enabled = true;
|
|
@@ -1106,8 +1105,8 @@ export class DcRouter {
|
|
|
1106
1105
|
// Run any pending data migrations before anything else reads from the DB.
|
|
1107
1106
|
// This must complete before ConfigManagers loads profiles.
|
|
1108
1107
|
const migration = await createMigrationRunner(this.dcRouterDb.getDb(), commitinfo.version, {
|
|
1109
|
-
remoteIngressHubSettings: this.
|
|
1110
|
-
emailServerSettings: this.
|
|
1108
|
+
remoteIngressHubSettings: this.getRemoteIngressHubSettingsMigrationSeed(),
|
|
1109
|
+
emailServerSettings: this.getEmailSettingsMigrationSeed(),
|
|
1111
1110
|
});
|
|
1112
1111
|
const migrationResult = await migration.run();
|
|
1113
1112
|
if (migrationResult.stepsApplied.length > 0) {
|
|
@@ -1972,28 +1971,9 @@ export class DcRouter {
|
|
|
1972
1971
|
465: 10465 // SMTPS
|
|
1973
1972
|
};
|
|
1974
1973
|
|
|
1975
|
-
// Transform domains if they are provided as strings
|
|
1976
|
-
let transformedDomains = this.options.emailConfig.domains;
|
|
1977
|
-
if (transformedDomains && transformedDomains.length > 0) {
|
|
1978
|
-
// Check if domains are strings (for backward compatibility)
|
|
1979
|
-
if (typeof transformedDomains[0] === 'string') {
|
|
1980
|
-
transformedDomains = (transformedDomains as any).map((domain: string) => ({
|
|
1981
|
-
domain,
|
|
1982
|
-
dnsMode: 'external-dns' as const,
|
|
1983
|
-
dkim: {
|
|
1984
|
-
selector: 'default',
|
|
1985
|
-
keySize: 2048,
|
|
1986
|
-
rotateKeys: false,
|
|
1987
|
-
rotationInterval: 90
|
|
1988
|
-
}
|
|
1989
|
-
}));
|
|
1990
|
-
}
|
|
1991
|
-
}
|
|
1992
|
-
|
|
1993
1974
|
// Create config with mapped ports
|
|
1994
1975
|
const emailConfig: IUnifiedEmailServerOptions = await this.workAppMailManager.applyStoredIdentitiesToEmailConfig({
|
|
1995
1976
|
...this.options.emailConfig,
|
|
1996
|
-
domains: transformedDomains,
|
|
1997
1977
|
ports: this.options.emailConfig.ports.map(port => portMapping[port] || port + 10000),
|
|
1998
1978
|
persistRoutes: this.options.emailConfig.persistRoutes ?? false,
|
|
1999
1979
|
queue: {
|
|
@@ -2363,8 +2343,8 @@ export class DcRouter {
|
|
|
2363
2343
|
// Ensure DKIM keys exist for internal-dns domains before generating records.
|
|
2364
2344
|
await this.initializeDkimForEmailDomains();
|
|
2365
2345
|
|
|
2366
|
-
|
|
2367
|
-
|
|
2346
|
+
// Generate DKIM records directly from smartmta.
|
|
2347
|
+
const dkimRecords = await this.loadDkimRecords();
|
|
2368
2348
|
|
|
2369
2349
|
// Combine all records: authoritative, email, DKIM, and user-defined
|
|
2370
2350
|
const allRecords = [...authoritativeRecords, ...emailDnsRecords, ...dkimRecords];
|
|
@@ -111,13 +111,13 @@ export class ApiTokenManager {
|
|
|
111
111
|
const scopes = new Set<TApiTokenScope>([...token.scopes, ...(token.policy?.scopes || [])]);
|
|
112
112
|
if (scopes.has(scope)) return true;
|
|
113
113
|
|
|
114
|
-
const
|
|
114
|
+
const equivalentScopes: Partial<Record<TApiTokenScope, TApiTokenScope[]>> = {
|
|
115
115
|
'gateway-clients:read': ['workhosters:read'],
|
|
116
116
|
'gateway-clients:write': ['workhosters:write'],
|
|
117
117
|
'workhosters:read': ['gateway-clients:read'],
|
|
118
118
|
'workhosters:write': ['gateway-clients:write'],
|
|
119
119
|
};
|
|
120
|
-
return Boolean(
|
|
120
|
+
return Boolean(equivalentScopes[scope]?.some((alias) => scopes.has(alias)));
|
|
121
121
|
}
|
|
122
122
|
|
|
123
123
|
/**
|
|
@@ -8,9 +8,7 @@ const getDb = () => DcRouterDb.getInstance().getDb();
|
|
|
8
8
|
* keyed on the fixed `configId = 'acme-config'` following the
|
|
9
9
|
* `VpnServerKeysDoc` pattern.
|
|
10
10
|
*
|
|
11
|
-
*
|
|
12
|
-
* constructor fields. Managed via the OpsServer UI at
|
|
13
|
-
* **Domains > Certificates > Settings**.
|
|
11
|
+
* Managed via the OpsServer UI at **Domains > Certificates > Settings**.
|
|
14
12
|
*/
|
|
15
13
|
@plugins.smartdata.Collection(() => getDb())
|
|
16
14
|
export class AcmeConfigDoc extends plugins.smartdata.SmartDataDbDoc<AcmeConfigDoc, AcmeConfigDoc> {
|
package/ts/dns/manager.dns.ts
CHANGED
|
@@ -24,7 +24,6 @@ import type {
|
|
|
24
24
|
*
|
|
25
25
|
* Responsibilities:
|
|
26
26
|
* - Load Domain/DnsRecord docs from the DB on start
|
|
27
|
-
* - First-boot seeding from legacy constructor config (dnsScopes/dnsRecords/dnsNsDomains)
|
|
28
27
|
* - Register dcrouter-hosted domain records with smartdns.DnsServer at startup
|
|
29
28
|
* - Provide CRUD methods used by OpsServer handlers (dcrouter-hosted domains hit
|
|
30
29
|
* smartdns, provider domains hit the provider API)
|
|
@@ -53,13 +52,8 @@ export class DnsManager {
|
|
|
53
52
|
// Lifecycle
|
|
54
53
|
// ==========================================================================
|
|
55
54
|
|
|
56
|
-
/**
|
|
57
|
-
* Called from DcRouter after DcRouterDb is up. Performs first-boot seeding
|
|
58
|
-
* from legacy constructor config if (and only if) the DB is empty.
|
|
59
|
-
*/
|
|
60
55
|
public async start(): Promise<void> {
|
|
61
56
|
logger.log('info', 'DnsManager: starting');
|
|
62
|
-
await this.seedFromConstructorConfigIfEmpty();
|
|
63
57
|
}
|
|
64
58
|
|
|
65
59
|
public async stop(): Promise<void> {
|
|
@@ -77,103 +71,6 @@ export class DnsManager {
|
|
|
77
71
|
await this.applyDcrouterDomainsToDnsServer();
|
|
78
72
|
}
|
|
79
73
|
|
|
80
|
-
// ==========================================================================
|
|
81
|
-
// First-boot seeding
|
|
82
|
-
// ==========================================================================
|
|
83
|
-
|
|
84
|
-
/**
|
|
85
|
-
* If no DomainDocs exist yet but the constructor has legacy DNS fields,
|
|
86
|
-
* seed them as dcrouter-hosted (`domain.source: 'dcrouter'`) zones with
|
|
87
|
-
* local (`record.source: 'local'`) records. On subsequent boots (DB has
|
|
88
|
-
* entries), constructor config is ignored with a warning.
|
|
89
|
-
*/
|
|
90
|
-
private async seedFromConstructorConfigIfEmpty(): Promise<void> {
|
|
91
|
-
const existingDomains = await DomainDoc.findAll();
|
|
92
|
-
const hasLegacyConfig =
|
|
93
|
-
(this.options.dnsScopes && this.options.dnsScopes.length > 0) ||
|
|
94
|
-
(this.options.dnsRecords && this.options.dnsRecords.length > 0);
|
|
95
|
-
|
|
96
|
-
if (existingDomains.length > 0) {
|
|
97
|
-
if (hasLegacyConfig) {
|
|
98
|
-
logger.log(
|
|
99
|
-
'warn',
|
|
100
|
-
'DnsManager: DB has DomainDoc entries — ignoring legacy dnsScopes/dnsRecords constructor config. ' +
|
|
101
|
-
'dnsNsDomains is still required for nameserver and DoH bootstrap unless that moves into DB-backed config.',
|
|
102
|
-
);
|
|
103
|
-
}
|
|
104
|
-
return;
|
|
105
|
-
}
|
|
106
|
-
|
|
107
|
-
if (!hasLegacyConfig) {
|
|
108
|
-
return;
|
|
109
|
-
}
|
|
110
|
-
|
|
111
|
-
logger.log('info', 'DnsManager: seeding DB from legacy constructor DNS config');
|
|
112
|
-
|
|
113
|
-
const now = Date.now();
|
|
114
|
-
const seededDomains = new Map<string, DomainDoc>();
|
|
115
|
-
|
|
116
|
-
// Create one DomainDoc per dnsScope (these are the authoritative zones)
|
|
117
|
-
for (const scope of this.options.dnsScopes ?? []) {
|
|
118
|
-
const domain = new DomainDoc();
|
|
119
|
-
domain.id = plugins.uuid.v4();
|
|
120
|
-
domain.name = scope.toLowerCase();
|
|
121
|
-
domain.source = 'dcrouter';
|
|
122
|
-
domain.authoritative = true;
|
|
123
|
-
domain.createdAt = now;
|
|
124
|
-
domain.updatedAt = now;
|
|
125
|
-
domain.createdBy = 'seed';
|
|
126
|
-
await domain.save();
|
|
127
|
-
seededDomains.set(domain.name, domain);
|
|
128
|
-
logger.log('info', `DnsManager: seeded DomainDoc for ${domain.name}`);
|
|
129
|
-
}
|
|
130
|
-
|
|
131
|
-
// Map each legacy dnsRecord to its parent DomainDoc
|
|
132
|
-
for (const rec of this.options.dnsRecords ?? []) {
|
|
133
|
-
const parent = this.findParentDomain(rec.name, seededDomains);
|
|
134
|
-
if (!parent) {
|
|
135
|
-
logger.log(
|
|
136
|
-
'warn',
|
|
137
|
-
`DnsManager: legacy dnsRecord '${rec.name}' has no matching dnsScope — skipping seed`,
|
|
138
|
-
);
|
|
139
|
-
continue;
|
|
140
|
-
}
|
|
141
|
-
const record = new DnsRecordDoc();
|
|
142
|
-
record.id = plugins.uuid.v4();
|
|
143
|
-
record.domainId = parent.id;
|
|
144
|
-
record.name = rec.name.toLowerCase();
|
|
145
|
-
record.type = rec.type as TDnsRecordType;
|
|
146
|
-
record.value = rec.value;
|
|
147
|
-
record.ttl = rec.ttl ?? 300;
|
|
148
|
-
record.source = 'local';
|
|
149
|
-
record.createdAt = now;
|
|
150
|
-
record.updatedAt = now;
|
|
151
|
-
record.createdBy = 'seed';
|
|
152
|
-
await record.save();
|
|
153
|
-
}
|
|
154
|
-
|
|
155
|
-
logger.log(
|
|
156
|
-
'info',
|
|
157
|
-
`DnsManager: seeded ${seededDomains.size} domain(s) and ${this.options.dnsRecords?.length ?? 0} record(s) from legacy config`,
|
|
158
|
-
);
|
|
159
|
-
}
|
|
160
|
-
|
|
161
|
-
private findParentDomain(
|
|
162
|
-
recordName: string,
|
|
163
|
-
domains: Map<string, DomainDoc>,
|
|
164
|
-
): DomainDoc | null {
|
|
165
|
-
const lower = recordName.toLowerCase().replace(/^\*\./, '');
|
|
166
|
-
let candidate: DomainDoc | null = null;
|
|
167
|
-
for (const [name, doc] of domains) {
|
|
168
|
-
if (lower === name || lower.endsWith(`.${name}`)) {
|
|
169
|
-
if (!candidate || name.length > candidate.name.length) {
|
|
170
|
-
candidate = doc;
|
|
171
|
-
}
|
|
172
|
-
}
|
|
173
|
-
}
|
|
174
|
-
return candidate;
|
|
175
|
-
}
|
|
176
|
-
|
|
177
74
|
// ==========================================================================
|
|
178
75
|
// DcRouter-hosted domain DnsServer wiring
|
|
179
76
|
// ==========================================================================
|
|
@@ -61,17 +61,6 @@ export class CertificateHandler {
|
|
|
61
61
|
)
|
|
62
62
|
);
|
|
63
63
|
|
|
64
|
-
// Legacy route-based reprovision (backward compat)
|
|
65
|
-
router.addTypedHandler(
|
|
66
|
-
new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_ReprovisionCertificate>(
|
|
67
|
-
'reprovisionCertificate',
|
|
68
|
-
async (dataArg) => {
|
|
69
|
-
await this.requireAuth(dataArg, 'certificates:write');
|
|
70
|
-
return this.reprovisionCertificateByRoute(dataArg.routeName);
|
|
71
|
-
}
|
|
72
|
-
)
|
|
73
|
-
);
|
|
74
|
-
|
|
75
64
|
// Domain-based reprovision (preferred)
|
|
76
65
|
router.addTypedHandler(
|
|
77
66
|
new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_ReprovisionCertificateDomain>(
|
|
@@ -336,42 +325,6 @@ export class CertificateHandler {
|
|
|
336
325
|
return summary;
|
|
337
326
|
}
|
|
338
327
|
|
|
339
|
-
/**
|
|
340
|
-
* Legacy route-based reprovisioning. Kept for backward compatibility with
|
|
341
|
-
* older clients that send `reprovisionCertificate` typed-requests.
|
|
342
|
-
*
|
|
343
|
-
* Like reprovisionCertificateDomain, this triggers the full route apply
|
|
344
|
-
* pipeline rather than smartProxy.provisionCertificate(routeName) — which
|
|
345
|
-
* is a no-op when certProvisionFunction is set (Rust ACME disabled).
|
|
346
|
-
*/
|
|
347
|
-
private async reprovisionCertificateByRoute(routeName: string): Promise<{ success: boolean; message?: string }> {
|
|
348
|
-
const dcRouter = this.opsServerRef.dcRouterRef;
|
|
349
|
-
const smartProxy = dcRouter.smartProxy;
|
|
350
|
-
|
|
351
|
-
if (!smartProxy) {
|
|
352
|
-
return { success: false, message: 'SmartProxy is not running' };
|
|
353
|
-
}
|
|
354
|
-
|
|
355
|
-
// Clear event-based status for domains in this route so the
|
|
356
|
-
// certificate-issued event can refresh them
|
|
357
|
-
for (const [domain, entry] of dcRouter.certificateStatusMap) {
|
|
358
|
-
if (entry.routeNames.includes(routeName)) {
|
|
359
|
-
dcRouter.certificateStatusMap.delete(domain);
|
|
360
|
-
}
|
|
361
|
-
}
|
|
362
|
-
|
|
363
|
-
try {
|
|
364
|
-
if (dcRouter.routeConfigManager) {
|
|
365
|
-
await dcRouter.routeConfigManager.applyRoutes();
|
|
366
|
-
} else {
|
|
367
|
-
await smartProxy.updateRoutes(smartProxy.routeManager.getRoutes());
|
|
368
|
-
}
|
|
369
|
-
return { success: true, message: `Certificate reprovisioning triggered for route '${routeName}'` };
|
|
370
|
-
} catch (err: unknown) {
|
|
371
|
-
return { success: false, message: (err as Error).message || 'Failed to reprovision certificate' };
|
|
372
|
-
}
|
|
373
|
-
}
|
|
374
|
-
|
|
375
328
|
/**
|
|
376
329
|
* Domain-based reprovisioning — clears backoff first, refreshes the smartacme
|
|
377
330
|
* cert (when forceRenew is set), then re-applies routes so the running Rust
|