@serve.zone/dcrouter 6.3.0 → 6.4.1

package/ts/opsserver/handlers/remoteingress.handler.ts

@@ -0,0 +1,163 @@
+import * as plugins from '../../plugins.js';
+import type { OpsServer } from '../classes.opsserver.js';
+import * as interfaces from '../../../ts_interfaces/index.js';
+
+export class RemoteIngressHandler {
+  public typedrouter = new plugins.typedrequest.TypedRouter();
+
+  constructor(private opsServerRef: OpsServer) {
+    this.opsServerRef.typedrouter.addTypedRouter(this.typedrouter);
+    this.registerHandlers();
+  }
+
+  private registerHandlers(): void {
+    // Get all remote ingress edges
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetRemoteIngresses>(
+        'getRemoteIngresses',
+        async (dataArg, toolsArg) => {
+          const manager = this.opsServerRef.dcRouterRef.remoteIngressManager;
+          if (!manager) {
+            return { edges: [] };
+          }
+          // Return edges without secrets
+          const edges = manager.getAllEdges().map((e) => ({
+            ...e,
+            secret: '********', // Never expose secrets via API
+          }));
+          return { edges };
+        },
+      ),
+    );
+
+    // Create a new remote ingress edge
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_CreateRemoteIngress>(
+        'createRemoteIngress',
+        async (dataArg, toolsArg) => {
+          const manager = this.opsServerRef.dcRouterRef.remoteIngressManager;
+          const tunnelManager = this.opsServerRef.dcRouterRef.tunnelManager;
+
+          if (!manager) {
+            return {
+              success: false,
+              edge: null as any,
+            };
+          }
+
+          const edge = await manager.createEdge(
+            dataArg.name,
+            dataArg.listenPorts,
+            dataArg.tags,
+          );
+
+          // Sync allowed edges with the hub
+          if (tunnelManager) {
+            await tunnelManager.syncAllowedEdges();
+          }
+
+          return { success: true, edge };
+        },
+      ),
+    );
+
+    // Delete a remote ingress edge
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_DeleteRemoteIngress>(
+        'deleteRemoteIngress',
+        async (dataArg, toolsArg) => {
+          const manager = this.opsServerRef.dcRouterRef.remoteIngressManager;
+          const tunnelManager = this.opsServerRef.dcRouterRef.tunnelManager;
+
+          if (!manager) {
+            return { success: false, message: 'RemoteIngress not configured' };
+          }
+
+          const deleted = await manager.deleteEdge(dataArg.id);
+          if (deleted && tunnelManager) {
+            await tunnelManager.syncAllowedEdges();
+          }
+
+          return {
+            success: deleted,
+            message: deleted ? undefined : 'Edge not found',
+          };
+        },
+      ),
+    );
+
+    // Update a remote ingress edge
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_UpdateRemoteIngress>(
+        'updateRemoteIngress',
+        async (dataArg, toolsArg) => {
+          const manager = this.opsServerRef.dcRouterRef.remoteIngressManager;
+          const tunnelManager = this.opsServerRef.dcRouterRef.tunnelManager;
+
+          if (!manager) {
+            return { success: false, edge: null as any };
+          }
+
+          const edge = await manager.updateEdge(dataArg.id, {
+            name: dataArg.name,
+            listenPorts: dataArg.listenPorts,
+            enabled: dataArg.enabled,
+            tags: dataArg.tags,
+          });
+
+          if (!edge) {
+            return { success: false, edge: null as any };
+          }
+
+          // Sync allowed edges if enabled status changed
+          if (tunnelManager && dataArg.enabled !== undefined) {
+            await tunnelManager.syncAllowedEdges();
+          }
+
+          return { success: true, edge: { ...edge, secret: '********' } };
+        },
+      ),
+    );
+
+    // Regenerate secret for an edge
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_RegenerateRemoteIngressSecret>(
+        'regenerateRemoteIngressSecret',
+        async (dataArg, toolsArg) => {
+          const manager = this.opsServerRef.dcRouterRef.remoteIngressManager;
+          const tunnelManager = this.opsServerRef.dcRouterRef.tunnelManager;
+
+          if (!manager) {
+            return { success: false, secret: '' };
+          }
+
+          const secret = await manager.regenerateSecret(dataArg.id);
+          if (!secret) {
+            return { success: false, secret: '' };
+          }
+
+          // Sync allowed edges since secret changed
+          if (tunnelManager) {
+            await tunnelManager.syncAllowedEdges();
+          }
+
+          return { success: true, secret };
+        },
+      ),
+    );
+
+    // Get runtime status of all edges
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetRemoteIngressStatus>(
+        'getRemoteIngressStatus',
+        async (dataArg, toolsArg) => {
+          const tunnelManager = this.opsServerRef.dcRouterRef.tunnelManager;
+          if (!tunnelManager) {
+            return { statuses: [] };
+          }
+          return { statuses: tunnelManager.getEdgeStatuses() };
+        },
+      ),
+    );
+  }
+}

package/ts/plugins.ts

@@ -23,9 +23,11 @@ export {
 
 // @serve.zone scope
 import * as servezoneInterfaces from '@serve.zone/interfaces';
+import * as remoteingress from '@serve.zone/remoteingress';
 
 export {
-  servezoneInterfaces
+  servezoneInterfaces,
+  remoteingress,
 }
 
 // @api.global scope

package/ts/remoteingress/classes.remoteingress-manager.ts

@@ -0,0 +1,160 @@
+import * as plugins from '../plugins.js';
+import type { StorageManager } from '../storage/classes.storagemanager.js';
+import type { IRemoteIngress } from '../../ts_interfaces/data/remoteingress.js';
+
+const STORAGE_PREFIX = '/remote-ingress/';
+
+/**
+ * Manages CRUD for remote ingress edge registrations.
+ * Persists edge configs via StorageManager and provides
+ * the allowed edges list for the Rust hub.
+ */
+export class RemoteIngressManager {
+  private storageManager: StorageManager;
+  private edges: Map<string, IRemoteIngress> = new Map();
+
+  constructor(storageManager: StorageManager) {
+    this.storageManager = storageManager;
+  }
+
+  /**
+   * Load all edge registrations from storage into memory.
+   */
+  public async initialize(): Promise<void> {
+    const keys = await this.storageManager.list(STORAGE_PREFIX);
+    for (const key of keys) {
+      const edge = await this.storageManager.getJSON<IRemoteIngress>(key);
+      if (edge) {
+        this.edges.set(edge.id, edge);
+      }
+    }
+  }
+
+  /**
+   * Create a new edge registration.
+   */
+  public async createEdge(
+    name: string,
+    listenPorts: number[],
+    tags?: string[],
+  ): Promise<IRemoteIngress> {
+    const id = plugins.uuid.v4();
+    const secret = plugins.crypto.randomBytes(32).toString('hex');
+    const now = Date.now();
+
+    const edge: IRemoteIngress = {
+      id,
+      name,
+      secret,
+      listenPorts,
+      enabled: true,
+      tags: tags || [],
+      createdAt: now,
+      updatedAt: now,
+    };
+
+    await this.storageManager.setJSON(`${STORAGE_PREFIX}${id}`, edge);
+    this.edges.set(id, edge);
+    return edge;
+  }
+
+  /**
+   * Get an edge by ID.
+   */
+  public getEdge(id: string): IRemoteIngress | undefined {
+    return this.edges.get(id);
+  }
+
+  /**
+   * Get all edge registrations.
+   */
+  public getAllEdges(): IRemoteIngress[] {
+    return Array.from(this.edges.values());
+  }
+
+  /**
+   * Update an edge registration.
+   */
+  public async updateEdge(
+    id: string,
+    updates: {
+      name?: string;
+      listenPorts?: number[];
+      enabled?: boolean;
+      tags?: string[];
+    },
+  ): Promise<IRemoteIngress | null> {
+    const edge = this.edges.get(id);
+    if (!edge) {
+      return null;
+    }
+
+    if (updates.name !== undefined) edge.name = updates.name;
+    if (updates.listenPorts !== undefined) edge.listenPorts = updates.listenPorts;
+    if (updates.enabled !== undefined) edge.enabled = updates.enabled;
+    if (updates.tags !== undefined) edge.tags = updates.tags;
+    edge.updatedAt = Date.now();
+
+    await this.storageManager.setJSON(`${STORAGE_PREFIX}${id}`, edge);
+    this.edges.set(id, edge);
+    return edge;
+  }
+
+  /**
+   * Delete an edge registration.
+   */
+  public async deleteEdge(id: string): Promise<boolean> {
+    if (!this.edges.has(id)) {
+      return false;
+    }
+    await this.storageManager.delete(`${STORAGE_PREFIX}${id}`);
+    this.edges.delete(id);
+    return true;
+  }
+
+  /**
+   * Regenerate the secret for an edge.
+   */
+  public async regenerateSecret(id: string): Promise<string | null> {
+    const edge = this.edges.get(id);
+    if (!edge) {
+      return null;
+    }
+
+    edge.secret = plugins.crypto.randomBytes(32).toString('hex');
+    edge.updatedAt = Date.now();
+
+    await this.storageManager.setJSON(`${STORAGE_PREFIX}${id}`, edge);
+    this.edges.set(id, edge);
+    return edge.secret;
+  }
+
+  /**
+   * Verify an edge's secret using constant-time comparison.
+   */
+  public verifySecret(id: string, secret: string): boolean {
+    const edge = this.edges.get(id);
+    if (!edge) {
+      return false;
+    }
+    const expected = Buffer.from(edge.secret);
+    const provided = Buffer.from(secret);
+    if (expected.length !== provided.length) {
+      return false;
+    }
+    return plugins.crypto.timingSafeEqual(expected, provided);
+  }
+
+  /**
+   * Get the list of allowed edges (enabled only) for the Rust hub.
+   */
+  public getAllowedEdges(): Array<{ id: string; secret: string }> {
+    const result: Array<{ id: string; secret: string }> = [];
+    for (const edge of this.edges.values()) {
+      if (edge.enabled) {
+        result.push({ id: edge.id, secret: edge.secret });
+      }
+    }
+    return result;
+  }
+}

package/ts/remoteingress/classes.tunnel-manager.ts

@@ -0,0 +1,126 @@
+import * as plugins from '../plugins.js';
+import type { IRemoteIngressStatus } from '../../ts_interfaces/data/remoteingress.js';
+import type { RemoteIngressManager } from './classes.remoteingress-manager.js';
+
+export interface ITunnelManagerConfig {
+  tunnelPort?: number;
+  targetHost?: string;
+}
+
+/**
+ * Manages the RemoteIngressHub instance and tracks connected edge statuses.
+ */
+export class TunnelManager {
+  private hub: InstanceType<typeof plugins.remoteingress.RemoteIngressHub>;
+  private manager: RemoteIngressManager;
+  private config: ITunnelManagerConfig;
+  private edgeStatuses: Map<string, IRemoteIngressStatus> = new Map();
+
+  constructor(manager: RemoteIngressManager, config: ITunnelManagerConfig = {}) {
+    this.manager = manager;
+    this.config = config;
+    this.hub = new plugins.remoteingress.RemoteIngressHub();
+
+    // Listen for edge connect/disconnect events
+    this.hub.on('edgeConnected', (data: { edgeId: string }) => {
+      const existing = this.edgeStatuses.get(data.edgeId);
+      this.edgeStatuses.set(data.edgeId, {
+        edgeId: data.edgeId,
+        connected: true,
+        publicIp: existing?.publicIp ?? null,
+        activeTunnels: 0,
+        lastHeartbeat: Date.now(),
+        connectedAt: Date.now(),
+      });
+    });
+
+    this.hub.on('edgeDisconnected', (data: { edgeId: string }) => {
+      const existing = this.edgeStatuses.get(data.edgeId);
+      if (existing) {
+        existing.connected = false;
+        existing.activeTunnels = 0;
+      }
+    });
+
+    this.hub.on('streamOpened', (data: { edgeId: string; streamId: number }) => {
+      const existing = this.edgeStatuses.get(data.edgeId);
+      if (existing) {
+        existing.activeTunnels++;
+        existing.lastHeartbeat = Date.now();
+      }
+    });
+
+    this.hub.on('streamClosed', (data: { edgeId: string; streamId: number }) => {
+      const existing = this.edgeStatuses.get(data.edgeId);
+      if (existing && existing.activeTunnels > 0) {
+        existing.activeTunnels--;
+      }
+    });
+  }
+
+  /**
+   * Start the tunnel hub and load allowed edges.
+   */
+  public async start(): Promise<void> {
+    await this.hub.start({
+      tunnelPort: this.config.tunnelPort ?? 8443,
+      targetHost: this.config.targetHost ?? '127.0.0.1',
+    });
+
+    // Send allowed edges to the hub
+    await this.syncAllowedEdges();
+  }
+
+  /**
+   * Stop the tunnel hub.
+   */
+  public async stop(): Promise<void> {
+    await this.hub.stop();
+    this.edgeStatuses.clear();
+  }
+
+  /**
+   * Sync allowed edges from the manager to the hub.
+   * Call this after creating/deleting/updating edges.
+   */
+  public async syncAllowedEdges(): Promise<void> {
+    const edges = this.manager.getAllowedEdges();
+    await this.hub.updateAllowedEdges(edges);
+  }
+
+  /**
+   * Get runtime statuses for all known edges.
+   */
+  public getEdgeStatuses(): IRemoteIngressStatus[] {
+    return Array.from(this.edgeStatuses.values());
+  }
+
+  /**
+   * Get status for a specific edge.
+   */
+  public getEdgeStatus(edgeId: string): IRemoteIngressStatus | undefined {
+    return this.edgeStatuses.get(edgeId);
+  }
+
+  /**
+   * Get the count of connected edges.
+   */
+  public getConnectedCount(): number {
+    let count = 0;
+    for (const status of this.edgeStatuses.values()) {
+      if (status.connected) count++;
+    }
+    return count;
+  }
+
+  /**
+   * Get the total number of active tunnels across all edges.
+   */
+  public getTotalActiveTunnels(): number {
+    let total = 0;
+    for (const status of this.edgeStatuses.values()) {
+      total += status.activeTunnels;
+    }
+    return total;
+  }
+}

package/ts/remoteingress/index.ts

@@ -0,0 +1,2 @@
+export * from './classes.remoteingress-manager.js';
+export * from './classes.tunnel-manager.js';

package/ts_web/00_commitinfo_data.ts

@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@serve.zone/dcrouter',
-  version: '6.3.0',
+  version: '6.4.1',
   description: 'A multifaceted routing service handling mail and SMS delivery functions.'
 }

package/ts_web/appstate.ts

@@ -116,7 +116,7 @@ export const configStatePart = await appState.getStatePart<IConfigState>(
 // Determine initial view from URL path
 const getInitialView = (): string => {
   const path = typeof window !== 'undefined' ? window.location.pathname : '/';
-  const validViews = ['overview', 'network', 'emails', 'logs', 'configuration', 'security', 'certificates'];
+  const validViews = ['overview', 'network', 'emails', 'logs', 'configuration', 'security', 'certificates', 'remoteingress'];
   const segments = path.split('/').filter(Boolean);
   const view = segments[0];
   return validViews.includes(view) ? view : 'overview';
@@ -192,6 +192,34 @@ export const certificateStatePart = await appState.getStatePart<ICertificateStat
   'soft'
 );
 
+// ============================================================================
+// Remote Ingress State
+// ============================================================================
+
+export interface IRemoteIngressState {
+  edges: interfaces.data.IRemoteIngress[];
+  statuses: interfaces.data.IRemoteIngressStatus[];
+  selectedEdgeId: string | null;
+  newEdgeSecret: string | null;
+  isLoading: boolean;
+  error: string | null;
+  lastUpdated: number;
+}
+
+export const remoteIngressStatePart = await appState.getStatePart<IRemoteIngressState>(
+  'remoteIngress',
+  {
+    edges: [],
+    statuses: [],
+    selectedEdgeId: null,
+    newEdgeSecret: null,
+    isLoading: false,
+    error: null,
+    lastUpdated: 0,
+  },
+  'soft'
+);
+
 // Actions for state management
 interface IActionContext {
   identity: interfaces.data.IIdentity | null;
@@ -378,6 +406,13 @@ export const setActiveViewAction = uiStatePart.createAction<string>(async (state
     }, 100);
   }
 
+  // If switching to remoteingress view, ensure we fetch edge data
+  if (viewName === 'remoteingress' && currentState.activeView !== 'remoteingress') {
+    setTimeout(() => {
+      remoteIngressStatePart.dispatchAction(fetchRemoteIngressAction, null);
+    }, 100);
+  }
+
   return {
     ...currentState,
     activeView: viewName,
@@ -745,6 +780,150 @@ export const reprovisionCertificateAction = certificateStatePart.createAction<st
   }
 );
 
+// ============================================================================
+// Remote Ingress Actions
+// ============================================================================
+
+export const fetchRemoteIngressAction = remoteIngressStatePart.createAction(async (statePartArg) => {
+  const context = getActionContext();
+  const currentState = statePartArg.getState();
+
+  try {
+    const edgesRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
+      interfaces.requests.IReq_GetRemoteIngresses
+    >('/typedrequest', 'getRemoteIngresses');
+
+    const statusRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
+      interfaces.requests.IReq_GetRemoteIngressStatus
+    >('/typedrequest', 'getRemoteIngressStatus');
+
+    const [edgesResponse, statusResponse] = await Promise.all([
+      edgesRequest.fire({ identity: context.identity }),
+      statusRequest.fire({ identity: context.identity }),
+    ]);
+
+    return {
+      ...currentState,
+      edges: edgesResponse.edges,
+      statuses: statusResponse.statuses,
+      isLoading: false,
+      error: null,
+      lastUpdated: Date.now(),
+    };
+  } catch (error) {
+    return {
+      ...currentState,
+      isLoading: false,
+      error: error instanceof Error ? error.message : 'Failed to fetch remote ingress data',
+    };
+  }
+});
+
+export const createRemoteIngressAction = remoteIngressStatePart.createAction<{
+  name: string;
+  listenPorts: number[];
+  tags?: string[];
+}>(async (statePartArg, dataArg) => {
+  const context = getActionContext();
+  const currentState = statePartArg.getState();
+
+  try {
+    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
+      interfaces.requests.IReq_CreateRemoteIngress
+    >('/typedrequest', 'createRemoteIngress');
+
+    const response = await request.fire({
+      identity: context.identity,
+      name: dataArg.name,
+      listenPorts: dataArg.listenPorts,
+      tags: dataArg.tags,
+    });
+
+    if (response.success) {
+      // Refresh the list and store the new secret for display
+      await remoteIngressStatePart.dispatchAction(fetchRemoteIngressAction, null);
+      return {
+        ...statePartArg.getState(),
+        newEdgeSecret: response.edge.secret,
+      };
+    }
+
+    return currentState;
+  } catch (error) {
+    return {
+      ...currentState,
+      error: error instanceof Error ? error.message : 'Failed to create edge',
+    };
+  }
+});
+
+export const deleteRemoteIngressAction = remoteIngressStatePart.createAction<string>(
+  async (statePartArg, edgeId) => {
+    const context = getActionContext();
+    const currentState = statePartArg.getState();
+
+    try {
+      const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
+        interfaces.requests.IReq_DeleteRemoteIngress
+      >('/typedrequest', 'deleteRemoteIngress');
+
+      await request.fire({
+        identity: context.identity,
+        id: edgeId,
+      });
+
+      await remoteIngressStatePart.dispatchAction(fetchRemoteIngressAction, null);
+      return statePartArg.getState();
+    } catch (error) {
+      return {
+        ...currentState,
+        error: error instanceof Error ? error.message : 'Failed to delete edge',
+      };
+    }
+  }
+);
+
+export const regenerateRemoteIngressSecretAction = remoteIngressStatePart.createAction<string>(
+  async (statePartArg, edgeId) => {
+    const context = getActionContext();
+    const currentState = statePartArg.getState();
+
+    try {
+      const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
+        interfaces.requests.IReq_RegenerateRemoteIngressSecret
+      >('/typedrequest', 'regenerateRemoteIngressSecret');
+
+      const response = await request.fire({
+        identity: context.identity,
+        id: edgeId,
+      });
+
+      if (response.success) {
+        return {
+          ...currentState,
+          newEdgeSecret: response.secret,
+        };
+      }
+
+      return currentState;
+    } catch (error) {
+      return {
+        ...currentState,
+        error: error instanceof Error ? error.message : 'Failed to regenerate secret',
+      };
+    }
+  }
+);
+
+export const clearNewEdgeSecretAction = remoteIngressStatePart.createAction(
+  async (statePartArg) => {
+    return {
+      ...statePartArg.getState(),
+      newEdgeSecret: null,
+    };
+  }
+);
+
 // Combined refresh action for efficient polling
 async function dispatchCombinedRefreshAction() {
   const context = getActionContext();

package/ts_web/elements/index.ts

@@ -6,4 +6,5 @@ export * from './ops-view-logs.js';
 export * from './ops-view-config.js';
 export * from './ops-view-security.js';
 export * from './ops-view-certificates.js';
+export * from './ops-view-remoteingress.js';
 export * from './shared/index.js';