@serve.zone/dcrouter 13.5.0 → 13.7.1

package/ts/opsserver/handlers/domain.handler.ts

@@ -0,0 +1,161 @@
+import * as plugins from '../../plugins.js';
+import type { OpsServer } from '../classes.opsserver.js';
+import * as interfaces from '../../../ts_interfaces/index.js';
+
+/**
+ * CRUD handlers for DomainDoc.
+ */
+export class DomainHandler {
+  public typedrouter = new plugins.typedrequest.TypedRouter();
+
+  constructor(private opsServerRef: OpsServer) {
+    this.opsServerRef.typedrouter.addTypedRouter(this.typedrouter);
+    this.registerHandlers();
+  }
+
+  private async requireAuth(
+    request: { identity?: interfaces.data.IIdentity; apiToken?: string },
+    requiredScope?: interfaces.data.TApiTokenScope,
+  ): Promise<string> {
+    if (request.identity?.jwt) {
+      try {
+        const isAdmin = await this.opsServerRef.adminHandler.adminIdentityGuard.exec({
+          identity: request.identity,
+        });
+        if (isAdmin) return request.identity.userId;
+      } catch { /* fall through */ }
+    }
+
+    if (request.apiToken) {
+      const tokenManager = this.opsServerRef.dcRouterRef.apiTokenManager;
+      if (tokenManager) {
+        const token = await tokenManager.validateToken(request.apiToken);
+        if (token) {
+          if (!requiredScope || tokenManager.hasScope(token, requiredScope)) {
+            return token.createdBy;
+          }
+          throw new plugins.typedrequest.TypedResponseError('insufficient scope');
+        }
+      }
+    }
+
+    throw new plugins.typedrequest.TypedResponseError('unauthorized');
+  }
+
+  private registerHandlers(): void {
+    // Get all domains
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetDomains>(
+        'getDomains',
+        async (dataArg) => {
+          await this.requireAuth(dataArg, 'domains:read');
+          const dnsManager = this.opsServerRef.dcRouterRef.dnsManager;
+          if (!dnsManager) return { domains: [] };
+          const docs = await dnsManager.listDomains();
+          return { domains: docs.map((d) => dnsManager.toPublicDomain(d)) };
+        },
+      ),
+    );
+
+    // Get single domain
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetDomain>(
+        'getDomain',
+        async (dataArg) => {
+          await this.requireAuth(dataArg, 'domains:read');
+          const dnsManager = this.opsServerRef.dcRouterRef.dnsManager;
+          if (!dnsManager) return { domain: null };
+          const doc = await dnsManager.getDomain(dataArg.id);
+          return { domain: doc ? dnsManager.toPublicDomain(doc) : null };
+        },
+      ),
+    );
+
+    // Create manual domain
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_CreateDomain>(
+        'createDomain',
+        async (dataArg) => {
+          const userId = await this.requireAuth(dataArg, 'domains:write');
+          const dnsManager = this.opsServerRef.dcRouterRef.dnsManager;
+          if (!dnsManager) return { success: false, message: 'DnsManager not initialized' };
+          try {
+            const id = await dnsManager.createManualDomain({
+              name: dataArg.name,
+              description: dataArg.description,
+              createdBy: userId,
+            });
+            return { success: true, id };
+          } catch (err: unknown) {
+            return { success: false, message: (err as Error).message };
+          }
+        },
+      ),
+    );
+
+    // Import domains from a provider
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_ImportDomain>(
+        'importDomain',
+        async (dataArg) => {
+          const userId = await this.requireAuth(dataArg, 'domains:write');
+          const dnsManager = this.opsServerRef.dcRouterRef.dnsManager;
+          if (!dnsManager) return { success: false, message: 'DnsManager not initialized' };
+          try {
+            const importedIds = await dnsManager.importDomainsFromProvider({
+              providerId: dataArg.providerId,
+              domainNames: dataArg.domainNames,
+              createdBy: userId,
+            });
+            return { success: true, importedIds };
+          } catch (err: unknown) {
+            return { success: false, message: (err as Error).message };
+          }
+        },
+      ),
+    );
+
+    // Update domain metadata
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_UpdateDomain>(
+        'updateDomain',
+        async (dataArg) => {
+          await this.requireAuth(dataArg, 'domains:write');
+          const dnsManager = this.opsServerRef.dcRouterRef.dnsManager;
+          if (!dnsManager) return { success: false, message: 'DnsManager not initialized' };
+          const ok = await dnsManager.updateDomain(dataArg.id, {
+            description: dataArg.description,
+          });
+          return ok ? { success: true } : { success: false, message: 'Domain not found' };
+        },
+      ),
+    );
+
+    // Delete domain
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_DeleteDomain>(
+        'deleteDomain',
+        async (dataArg) => {
+          await this.requireAuth(dataArg, 'domains:write');
+          const dnsManager = this.opsServerRef.dcRouterRef.dnsManager;
+          if (!dnsManager) return { success: false, message: 'DnsManager not initialized' };
+          const ok = await dnsManager.deleteDomain(dataArg.id);
+          return ok ? { success: true } : { success: false, message: 'Domain not found' };
+        },
+      ),
+    );
+
+    // Force-resync provider domain
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_SyncDomain>(
+        'syncDomain',
+        async (dataArg) => {
+          await this.requireAuth(dataArg, 'domains:write');
+          const dnsManager = this.opsServerRef.dcRouterRef.dnsManager;
+          if (!dnsManager) return { success: false, message: 'DnsManager not initialized' };
+          return await dnsManager.syncDomain(dataArg.id);
+        },
+      ),
+    );
+  }
+}

package/ts/opsserver/handlers/index.ts

@@ -13,4 +13,7 @@ export * from './vpn.handler.js';
 export * from './source-profile.handler.js';
 export * from './target-profile.handler.js';
 export * from './network-target.handler.js';
-export * from './users.handler.js';
+export * from './users.handler.js';
+export * from './dns-provider.handler.js';
+export * from './domain.handler.js';
+export * from './dns-record.handler.js';

package/ts_web/00_commitinfo_data.ts

@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@serve.zone/dcrouter',
-  version: '13.5.0',
+  version: '13.7.1',
   description: 'A multifaceted routing service handling mail and SMS delivery functions.'
 }

package/ts_web/appstate.ts

@@ -117,7 +117,7 @@ export const configStatePart = await appState.getStatePart<IConfigState>(
 // Determine initial view from URL path
 const getInitialView = (): string => {
   const path = typeof window !== 'undefined' ? window.location.pathname : '/';
-  const validViews = ['overview', 'network', 'email', 'logs', 'access', 'security', 'certificates'];
+  const validViews = ['overview', 'network', 'email', 'logs', 'access', 'security', 'domains'];
   const segments = path.split('/').filter(Boolean);
   const view = segments[0];
   return validViews.includes(view) ? view : 'overview';
@@ -465,8 +465,9 @@ export const setActiveViewAction = uiStatePart.createAction<string>(async (state
     }, 100);
   }
 
-  // If switching to certificates view, ensure we fetch certificate data
-  if (viewName === 'certificates' && currentState.activeView !== 'certificates') {
+  // If switching to the Domains group, ensure we fetch certificate data
+  // (Certificates is a subview of Domains).
+  if (viewName === 'domains' && currentState.activeView !== 'domains') {
     setTimeout(() => {
       certificateStatePart.dispatchAction(fetchCertificateOverviewAction, null);
     }, 100);
@@ -1555,6 +1556,403 @@ export const deleteTargetAction = profilesTargetsStatePart.createAction<{
   }
 });
 
+// ============================================================================
+// Domains State (DNS providers + domains + records)
+// ============================================================================
+
+export interface IDomainsState {
+  providers: interfaces.data.IDnsProviderPublic[];
+  domains: interfaces.data.IDomain[];
+  records: interfaces.data.IDnsRecord[];
+  /** id of the currently-selected domain in the DNS records subview. */
+  selectedDomainId: string | null;
+  isLoading: boolean;
+  error: string | null;
+  lastUpdated: number;
+}
+
+export const domainsStatePart = await appState.getStatePart<IDomainsState>(
+  'domains',
+  {
+    providers: [],
+    domains: [],
+    records: [],
+    selectedDomainId: null,
+    isLoading: false,
+    error: null,
+    lastUpdated: 0,
+  },
+  'soft',
+);
+
+export const fetchDomainsAndProvidersAction = domainsStatePart.createAction(
+  async (statePartArg): Promise<IDomainsState> => {
+    const context = getActionContext();
+    const currentState = statePartArg.getState()!;
+    if (!context.identity) return currentState;
+
+    try {
+      const providersRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
+        interfaces.requests.IReq_GetDnsProviders
+      >('/typedrequest', 'getDnsProviders');
+      const domainsRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
+        interfaces.requests.IReq_GetDomains
+      >('/typedrequest', 'getDomains');
+
+      const [providersResponse, domainsResponse] = await Promise.all([
+        providersRequest.fire({ identity: context.identity }),
+        domainsRequest.fire({ identity: context.identity }),
+      ]);
+
+      return {
+        ...currentState,
+        providers: providersResponse.providers,
+        domains: domainsResponse.domains,
+        isLoading: false,
+        error: null,
+        lastUpdated: Date.now(),
+      };
+    } catch (error: unknown) {
+      return {
+        ...currentState,
+        isLoading: false,
+        error: error instanceof Error ? error.message : 'Failed to fetch domains/providers',
+      };
+    }
+  },
+);
+
+export const fetchDnsRecordsForDomainAction = domainsStatePart.createAction<{ domainId: string }>(
+  async (statePartArg, dataArg): Promise<IDomainsState> => {
+    const context = getActionContext();
+    const currentState = statePartArg.getState()!;
+    if (!context.identity) return currentState;
+
+    try {
+      const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
+        interfaces.requests.IReq_GetDnsRecords
+      >('/typedrequest', 'getDnsRecords');
+      const response = await request.fire({
+        identity: context.identity,
+        domainId: dataArg.domainId,
+      });
+      return {
+        ...currentState,
+        records: response.records,
+        selectedDomainId: dataArg.domainId,
+        error: null,
+      };
+    } catch (error: unknown) {
+      return {
+        ...currentState,
+        error: error instanceof Error ? error.message : 'Failed to fetch DNS records',
+      };
+    }
+  },
+);
+
+export const createDnsProviderAction = domainsStatePart.createAction<{
+  name: string;
+  type: interfaces.data.TDnsProviderType;
+  credentials: interfaces.data.TDnsProviderCredentials;
+}>(async (statePartArg, dataArg, actionContext): Promise<IDomainsState> => {
+  const context = getActionContext();
+  try {
+    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
+      interfaces.requests.IReq_CreateDnsProvider
+    >('/typedrequest', 'createDnsProvider');
+    const response = await request.fire({
+      identity: context.identity!,
+      name: dataArg.name,
+      type: dataArg.type,
+      credentials: dataArg.credentials,
+    });
+    if (!response.success) {
+      return {
+        ...statePartArg.getState()!,
+        error: response.message || 'Failed to create provider',
+      };
+    }
+    return await actionContext!.dispatch(fetchDomainsAndProvidersAction, null);
+  } catch (error: unknown) {
+    return {
+      ...statePartArg.getState()!,
+      error: error instanceof Error ? error.message : 'Failed to create provider',
+    };
+  }
+});
+
+export const updateDnsProviderAction = domainsStatePart.createAction<{
+  id: string;
+  name?: string;
+  credentials?: interfaces.data.TDnsProviderCredentials;
+}>(async (statePartArg, dataArg, actionContext): Promise<IDomainsState> => {
+  const context = getActionContext();
+  try {
+    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
+      interfaces.requests.IReq_UpdateDnsProvider
+    >('/typedrequest', 'updateDnsProvider');
+    const response = await request.fire({
+      identity: context.identity!,
+      id: dataArg.id,
+      name: dataArg.name,
+      credentials: dataArg.credentials,
+    });
+    if (!response.success) {
+      return {
+        ...statePartArg.getState()!,
+        error: response.message || 'Failed to update provider',
+      };
+    }
+    return await actionContext!.dispatch(fetchDomainsAndProvidersAction, null);
+  } catch (error: unknown) {
+    return {
+      ...statePartArg.getState()!,
+      error: error instanceof Error ? error.message : 'Failed to update provider',
+    };
+  }
+});
+
+export const deleteDnsProviderAction = domainsStatePart.createAction<{ id: string; force?: boolean }>(
+  async (statePartArg, dataArg, actionContext): Promise<IDomainsState> => {
+    const context = getActionContext();
+    try {
+      const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
+        interfaces.requests.IReq_DeleteDnsProvider
+      >('/typedrequest', 'deleteDnsProvider');
+      const response = await request.fire({
+        identity: context.identity!,
+        id: dataArg.id,
+        force: dataArg.force,
+      });
+      if (!response.success) {
+        return {
+          ...statePartArg.getState()!,
+          error: response.message || 'Failed to delete provider',
+        };
+      }
+      return await actionContext!.dispatch(fetchDomainsAndProvidersAction, null);
+    } catch (error: unknown) {
+      return {
+        ...statePartArg.getState()!,
+        error: error instanceof Error ? error.message : 'Failed to delete provider',
+      };
+    }
+  },
+);
+
+export const testDnsProviderAction = domainsStatePart.createAction<{ id: string }>(
+  async (statePartArg, dataArg, actionContext): Promise<IDomainsState> => {
+    const context = getActionContext();
+    try {
+      const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
+        interfaces.requests.IReq_TestDnsProvider
+      >('/typedrequest', 'testDnsProvider');
+      await request.fire({ identity: context.identity!, id: dataArg.id });
+      return await actionContext!.dispatch(fetchDomainsAndProvidersAction, null);
+    } catch (error: unknown) {
+      return {
+        ...statePartArg.getState()!,
+        error: error instanceof Error ? error.message : 'Failed to test provider',
+      };
+    }
+  },
+);
+
+/** One-shot fetch for the import-domain modal. Does NOT modify state. */
+export async function fetchProviderDomains(
+  providerId: string,
+): Promise<{ success: boolean; domains?: interfaces.data.IProviderDomainListing[]; message?: string }> {
+  const context = getActionContext();
+  if (!context.identity) return { success: false, message: 'Not authenticated' };
+  const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
+    interfaces.requests.IReq_ListProviderDomains
+  >('/typedrequest', 'listProviderDomains');
+  return await request.fire({ identity: context.identity, providerId });
+}
+
+export const createManualDomainAction = domainsStatePart.createAction<{
+  name: string;
+  description?: string;
+}>(async (statePartArg, dataArg, actionContext): Promise<IDomainsState> => {
+  const context = getActionContext();
+  try {
+    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
+      interfaces.requests.IReq_CreateDomain
+    >('/typedrequest', 'createDomain');
+    const response = await request.fire({
+      identity: context.identity!,
+      name: dataArg.name,
+      description: dataArg.description,
+    });
+    if (!response.success) {
+      return { ...statePartArg.getState()!, error: response.message || 'Failed to create domain' };
+    }
+    return await actionContext!.dispatch(fetchDomainsAndProvidersAction, null);
+  } catch (error: unknown) {
+    return {
+      ...statePartArg.getState()!,
+      error: error instanceof Error ? error.message : 'Failed to create domain',
+    };
+  }
+});
+
+export const importDomainsFromProviderAction = domainsStatePart.createAction<{
+  providerId: string;
+  domainNames: string[];
+}>(async (statePartArg, dataArg, actionContext): Promise<IDomainsState> => {
+  const context = getActionContext();
+  try {
+    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
+      interfaces.requests.IReq_ImportDomain
+    >('/typedrequest', 'importDomain');
+    const response = await request.fire({
+      identity: context.identity!,
+      providerId: dataArg.providerId,
+      domainNames: dataArg.domainNames,
+    });
+    if (!response.success) {
+      return { ...statePartArg.getState()!, error: response.message || 'Failed to import domains' };
+    }
+    return await actionContext!.dispatch(fetchDomainsAndProvidersAction, null);
+  } catch (error: unknown) {
+    return {
+      ...statePartArg.getState()!,
+      error: error instanceof Error ? error.message : 'Failed to import domains',
+    };
+  }
+});
+
+export const deleteDomainAction = domainsStatePart.createAction<{ id: string }>(
+  async (statePartArg, dataArg, actionContext): Promise<IDomainsState> => {
+    const context = getActionContext();
+    try {
+      const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
+        interfaces.requests.IReq_DeleteDomain
+      >('/typedrequest', 'deleteDomain');
+      const response = await request.fire({ identity: context.identity!, id: dataArg.id });
+      if (!response.success) {
+        return { ...statePartArg.getState()!, error: response.message || 'Failed to delete domain' };
+      }
+      return await actionContext!.dispatch(fetchDomainsAndProvidersAction, null);
+    } catch (error: unknown) {
+      return {
+        ...statePartArg.getState()!,
+        error: error instanceof Error ? error.message : 'Failed to delete domain',
+      };
+    }
+  },
+);
+
+export const syncDomainAction = domainsStatePart.createAction<{ id: string }>(
+  async (statePartArg, dataArg, actionContext): Promise<IDomainsState> => {
+    const context = getActionContext();
+    try {
+      const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
+        interfaces.requests.IReq_SyncDomain
+      >('/typedrequest', 'syncDomain');
+      const response = await request.fire({ identity: context.identity!, id: dataArg.id });
+      if (!response.success) {
+        return { ...statePartArg.getState()!, error: response.message || 'Failed to sync domain' };
+      }
+      return await actionContext!.dispatch(fetchDomainsAndProvidersAction, null);
+    } catch (error: unknown) {
+      return {
+        ...statePartArg.getState()!,
+        error: error instanceof Error ? error.message : 'Failed to sync domain',
+      };
+    }
+  },
+);
+
+export const createDnsRecordAction = domainsStatePart.createAction<{
+  domainId: string;
+  name: string;
+  type: interfaces.data.TDnsRecordType;
+  value: string;
+  ttl?: number;
+  proxied?: boolean;
+}>(async (statePartArg, dataArg, actionContext): Promise<IDomainsState> => {
+  const context = getActionContext();
+  try {
+    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
+      interfaces.requests.IReq_CreateDnsRecord
+    >('/typedrequest', 'createDnsRecord');
+    const response = await request.fire({
+      identity: context.identity!,
+      domainId: dataArg.domainId,
+      name: dataArg.name,
+      type: dataArg.type,
+      value: dataArg.value,
+      ttl: dataArg.ttl,
+      proxied: dataArg.proxied,
+    });
+    if (!response.success) {
+      return { ...statePartArg.getState()!, error: response.message || 'Failed to create record' };
+    }
+    return await actionContext!.dispatch(fetchDnsRecordsForDomainAction, { domainId: dataArg.domainId });
+  } catch (error: unknown) {
+    return {
+      ...statePartArg.getState()!,
+      error: error instanceof Error ? error.message : 'Failed to create record',
+    };
+  }
+});
+
+export const updateDnsRecordAction = domainsStatePart.createAction<{
+  id: string;
+  domainId: string;
+  name?: string;
+  value?: string;
+  ttl?: number;
+  proxied?: boolean;
+}>(async (statePartArg, dataArg, actionContext): Promise<IDomainsState> => {
+  const context = getActionContext();
+  try {
+    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
+      interfaces.requests.IReq_UpdateDnsRecord
+    >('/typedrequest', 'updateDnsRecord');
+    const response = await request.fire({
+      identity: context.identity!,
+      id: dataArg.id,
+      name: dataArg.name,
+      value: dataArg.value,
+      ttl: dataArg.ttl,
+      proxied: dataArg.proxied,
+    });
+    if (!response.success) {
+      return { ...statePartArg.getState()!, error: response.message || 'Failed to update record' };
+    }
+    return await actionContext!.dispatch(fetchDnsRecordsForDomainAction, { domainId: dataArg.domainId });
+  } catch (error: unknown) {
+    return {
+      ...statePartArg.getState()!,
+      error: error instanceof Error ? error.message : 'Failed to update record',
+    };
+  }
+});
+
+export const deleteDnsRecordAction = domainsStatePart.createAction<{ id: string; domainId: string }>(
+  async (statePartArg, dataArg, actionContext): Promise<IDomainsState> => {
+    const context = getActionContext();
+    try {
+      const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
+        interfaces.requests.IReq_DeleteDnsRecord
+      >('/typedrequest', 'deleteDnsRecord');
+      const response = await request.fire({ identity: context.identity!, id: dataArg.id });
+      if (!response.success) {
+        return { ...statePartArg.getState()!, error: response.message || 'Failed to delete record' };
+      }
+      return await actionContext!.dispatch(fetchDnsRecordsForDomainAction, { domainId: dataArg.domainId });
+    } catch (error: unknown) {
+      return {
+        ...statePartArg.getState()!,
+        error: error instanceof Error ? error.message : 'Failed to delete record',
+      };
+    }
+  },
+);
+
 // ============================================================================
 // Route Management Actions
 // ============================================================================
@@ -2076,8 +2474,8 @@ async function dispatchCombinedRefreshActionInner() {
       }
     }
 
-    // Refresh certificate data if on certificates view
-    if (currentView === 'certificates') {
+    // Refresh certificate data if on Domains > Certificates subview
+    if (currentView === 'domains' && currentSubview === 'certificates') {
       try {
         await certificateStatePart.dispatchAction(fetchCertificateOverviewAction, null);
       } catch (error) {

package/ts_web/elements/access/ops-view-apitokens.ts

@@ -100,7 +100,7 @@ export class OpsViewApiTokens extends DeesElement {
     const { apiTokens } = this.routeState;
 
     return html`
-      <dees-heading level="hr">API Tokens</dees-heading>
+      <dees-heading level="3">API Tokens</dees-heading>
 
       <div class="apiTokensContainer">
         <dees-table

package/ts_web/elements/access/ops-view-users.ts

@@ -104,7 +104,7 @@ export class OpsViewUsers extends DeesElement {
     const currentUserId = this.loginState.identity?.userId;
 
     return html`
-      <dees-heading level="2">Users</dees-heading>
+      <dees-heading level="3">Users</dees-heading>
 
       <div class="usersContainer">
         <dees-table