ante-erp-cli 1.11.52 → 1.11.54

package/bin/ante-cli.js

@@ -331,6 +331,7 @@ program
   .option('--facial <url>', 'Facial Web domain/URL (non-interactive mode)')
   .option('--pos <url>', 'POS App domain/URL (non-interactive mode)')
   .option('--client <url>', 'Client App domain/URL (non-interactive mode)')
+  .option('--backend-client <url>', 'Backend Client API domain/URL (non-interactive mode)')
   .option('--detect', 'Auto-detect public IP address')
   .option('--ssl, --enable-ssl', 'Enable SSL certificate (Let\'s Encrypt)')
   .option('--email <email>', 'Email for SSL certificate notifications')

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ante-erp-cli",
-  "version": "1.11.52",
+  "version": "1.11.54",
   "description": "Comprehensive CLI tool for managing ANTE ERP self-hosted installations",
   "type": "module",
   "bin": {

package/src/commands/set-domain.js

@@ -96,9 +96,9 @@ function getEnvValue(envPath, key) {
 }
 
 /**
- * Check if gate-app, guardian-app, facial-web, or pos-app is installed by checking docker-compose.yml
+ * Check if gate-app, guardian-app, facial-web, pos-app, client-app, or backend-client is installed by checking docker-compose.yml
  * @param {string} composeFile - Path to docker-compose.yml
- * @returns {{hasGateApp: boolean, hasGuardianApp: boolean, hasFacialWeb: boolean, hasPosApp: boolean}}
+ * @returns {{hasGateApp: boolean, hasGuardianApp: boolean, hasFacialWeb: boolean, hasPosApp: boolean, hasClientApp: boolean, hasBackendClient: boolean}}
  */
 function detectInstalledApps(composeFile) {
   try {
@@ -108,10 +108,11 @@ function detectInstalledApps(composeFile) {
       hasGuardianApp: composeContent.includes('guardian-app:') || composeContent.includes('container_name: ante-guardian-app'),
       hasFacialWeb: composeContent.includes('facial-web:') || composeContent.includes('container_name: ante-facial-web'),
       hasPosApp: composeContent.includes('pos-app:') || composeContent.includes('container_name: ante-pos'),
-      hasClientApp: composeContent.includes('client-app:') || composeContent.includes('container_name: ante-client')
+      hasClientApp: composeContent.includes('client-app:') || composeContent.includes('container_name: ante-client'),
+      hasBackendClient: composeContent.includes('backend-client:') || composeContent.includes('container_name: ante-backend-client')
     };
   } catch {
-    return { hasGateApp: false, hasGuardianApp: false, hasFacialWeb: false, hasPosApp: false, hasClientApp: false };
+    return { hasGateApp: false, hasGuardianApp: false, hasFacialWeb: false, hasPosApp: false, hasClientApp: false, hasBackendClient: false };
   }
 }
 
@@ -159,10 +160,10 @@ export async function setDomain(options) {
       console.log(); // Add spacing
     }
 
-    let frontendUrl, apiUrl, gateAppUrl, guardianAppUrl, facialWebUrl, posAppUrl, clientAppUrl;
+    let frontendUrl, apiUrl, gateAppUrl, guardianAppUrl, facialWebUrl, posAppUrl, clientAppUrl, backendClientUrl;
 
     // Detect which apps are installed
-    const { hasGateApp, hasGuardianApp, hasFacialWeb, hasPosApp, hasClientApp } = detectInstalledApps(composeFile);
+    const { hasGateApp, hasGuardianApp, hasFacialWeb, hasPosApp, hasClientApp, hasBackendClient } = detectInstalledApps(composeFile);
 
     if (options.interactive !== false) {
       // Show current values
@@ -173,6 +174,7 @@ export async function setDomain(options) {
       const currentFacialWebUrl = getEnvValue(envPath, 'FACIAL_WEB_URL');
       const currentPosAppUrl = getEnvValue(envPath, 'POS_APP_URL');
       const currentClientAppUrl = getEnvValue(envPath, 'CLIENT_APP_URL');
+      const currentBackendClientUrl = getEnvValue(envPath, 'CLIENT_API_URL');
 
       if (currentFrontendUrl) {
         console.log(chalk.gray(`Current Frontend URL: ${currentFrontendUrl}`));
@@ -192,6 +194,9 @@ export async function setDomain(options) {
       if (currentClientAppUrl) {
         console.log(chalk.gray(`Current Client App URL: ${currentClientAppUrl}`));
       }
+      if (currentBackendClientUrl) {
+        console.log(chalk.gray(`Current Backend-Client API URL: ${currentBackendClientUrl}`));
+      }
       if (currentApiUrl) {
         console.log(chalk.gray(`Current API URL: ${currentApiUrl}\n`));
       }
@@ -478,6 +483,7 @@ export async function setDomain(options) {
           if (hasFacialWeb) facialWebUrl = `https://${subdomain}-fr.ante.ph`;
           if (hasPosApp) posAppUrl = `https://${subdomain}-pos.ante.ph`;
           if (hasClientApp) clientAppUrl = `https://${subdomain}-client.ante.ph`;
+          if (hasBackendClient) backendClientUrl = `https://${subdomain}-api-client.ante.ph`;
 
           // Display generated domains for confirmation
           console.log(chalk.cyan('\n📋 Generated Domain Configuration:\n'));
@@ -488,6 +494,7 @@ export async function setDomain(options) {
           if (hasFacialWeb) console.log(chalk.gray(`  Facial Web:      ${facialWebUrl}`));
           if (hasPosApp) console.log(chalk.gray(`  POS App:         ${posAppUrl}`));
           if (hasClientApp) console.log(chalk.gray(`  Client App:      ${clientAppUrl}`));
+          if (hasBackendClient) console.log(chalk.gray(`  Backend-Client:  ${backendClientUrl}`));
           console.log('');
 
           const confirmDomains = await inquirer.prompt([
@@ -565,6 +572,16 @@ export async function setDomain(options) {
             });
           }
 
+          if (hasBackendClient) {
+            domainPrompts.push({
+              type: 'input',
+              name: 'backendClientUrl',
+              message: 'Backend-Client API URL:\n  Examples: https://staging-api-client.ante.ph or http://143.198.91.153:4001\n  Enter URL',
+              default: currentBackendClientUrl || 'http://localhost:4001',
+              validate: validateUrl
+            });
+          }
+
           domainPrompts.push({
             type: 'input',
             name: 'apiUrl',
@@ -583,6 +600,7 @@ export async function setDomain(options) {
           if (hasFacialWeb) facialWebUrl = sanitizeUrl(answers.facialWebUrl);
           if (hasPosApp) posAppUrl = sanitizeUrl(answers.posAppUrl);
           if (hasClientApp) clientAppUrl = sanitizeUrl(answers.clientAppUrl);
+          if (hasBackendClient) backendClientUrl = sanitizeUrl(answers.backendClientUrl);
         }
       }
     } else {
@@ -668,6 +686,17 @@ export async function setDomain(options) {
         }
       }
 
+      if (hasBackendClient) {
+        backendClientUrl = options.backendClient ? sanitizeUrl(options.backendClient) : getEnvValue(envPath, 'CLIENT_API_URL');
+        if (backendClientUrl) {
+          const validation = validateUrl(backendClientUrl);
+          if (validation !== true) {
+            console.log(chalk.red(`Error: Invalid Backend-Client API URL - ${validation}`));
+            process.exit(1);
+          }
+        }
+      }
+
       // Show what will be configured in non-interactive mode
       console.log(chalk.cyan('\n📋 Non-interactive mode configuration:\n'));
       console.log(chalk.gray(`  Frontend:     ${frontendUrl}`));
@@ -677,6 +706,7 @@ export async function setDomain(options) {
       if (hasFacialWeb && facialWebUrl) console.log(chalk.gray(`  Facial Web:   ${facialWebUrl}`));
       if (hasPosApp && posAppUrl) console.log(chalk.gray(`  POS App:      ${posAppUrl}`));
       if (hasClientApp && clientAppUrl) console.log(chalk.gray(`  Client App:   ${clientAppUrl}`));
+      if (hasBackendClient && backendClientUrl) console.log(chalk.gray(`  Backend-Client: ${backendClientUrl}`));
       console.log('');
     }
 
@@ -709,6 +739,10 @@ export async function setDomain(options) {
       envUpdates.CLIENT_APP_URL = clientAppUrl;
     }
 
+    if (hasBackendClient && backendClientUrl) {
+      envUpdates.CLIENT_API_URL = backendClientUrl;
+    }
+
     updateEnvFile(envPath, envUpdates);
 
     console.log(chalk.green('✓ Configuration updated'));
@@ -751,6 +785,11 @@ export async function setDomain(options) {
           nginxConfig.clientAppPort = 9005;
         }
 
+        if (hasBackendClient && backendClientUrl) {
+          nginxConfig.backendClientDomain = backendClientUrl;
+          nginxConfig.backendClientPort = 4001;
+        }
+
         await configureNginx(nginxConfig);
       } catch (error) {
         console.log(chalk.yellow('\n⚠  NGINX configuration failed:', error.message));
@@ -855,6 +894,12 @@ export async function setDomain(options) {
                 domains.push(clientAppDomain);
               }
             }
+            if (hasBackendClient && backendClientUrl && backendClientUrl.startsWith('https://')) {
+              const backendClientDomain = extractDomain(backendClientUrl);
+              if (backendClientDomain !== 'localhost' && !backendClientDomain.match(/^\d+\.\d+\.\d+\.\d+$/) && !domains.includes(backendClientDomain)) {
+                domains.push(backendClientDomain);
+              }
+            }
 
             for (const domain of domains) {
               console.log(chalk.gray(`   Obtaining certificate for ${domain}...`));
@@ -902,6 +947,11 @@ export async function setDomain(options) {
               sslNginxConfig.clientAppPort = 9005;
             }
 
+            if (hasBackendClient && backendClientUrl) {
+              sslNginxConfig.backendClientDomain = backendClientUrl;
+              sslNginxConfig.backendClientPort = 4001;
+            }
+
             await updateNginxForSSL(sslNginxConfig);
 
             // Step 3: Setup auto-renewal

package/src/utils/nginx.js

@@ -53,6 +53,7 @@ export async function installNginx(spinner) {
  * @param {string} [config.facialAppDomain] - Facial web app domain (optional)
  * @param {string} [config.posAppDomain] - POS app domain (optional)
  * @param {string} [config.clientAppDomain] - Client app domain (optional)
+ * @param {string} [config.backendClientDomain] - Backend client API domain (optional)
  * @param {number} config.frontendPort - Frontend Docker port (default: 8080)
  * @param {number} config.apiPort - API Docker port (default: 3001)
  * @param {number} [config.gateAppPort] - Gate app Docker port (default: 8081)
@@ -60,6 +61,7 @@ export async function installNginx(spinner) {
  * @param {number} [config.facialWebPort] - Facial web app Docker port (default: 8083)
  * @param {number} [config.posAppPort] - POS app Docker port (default: 8084)
  * @param {number} [config.clientAppPort] - Client app Docker port (default: 9005)
+ * @param {number} [config.backendClientPort] - Backend client API Docker port (default: 4001)
  * @param {boolean} config.ssl - Enable SSL configuration (default: false)
  * @returns {string} NGINX configuration content
  */
@@ -72,6 +74,7 @@ export function generateNginxConfig(config) {
     facialAppDomain,
     posAppDomain,
     clientAppDomain,
+    backendClientDomain,
     frontendPort = 8080,
     apiPort = 3001,
     gateAppPort = 8081,
@@ -79,6 +82,7 @@ export function generateNginxConfig(config) {
     facialWebPort = 8083,
     posAppPort = 8084,
     clientAppPort = 9005,
+    backendClientPort = 4001,
     ssl = false
   } = config;
 
@@ -90,6 +94,7 @@ export function generateNginxConfig(config) {
   const facialAppHost = facialAppDomain ? facialAppDomain.replace(/^https?:\/\//, '').replace(/:\d+$/, '') : null;
   const posAppHost = posAppDomain ? posAppDomain.replace(/^https?:\/\//, '').replace(/:\d+$/, '') : null;
   const clientAppHost = clientAppDomain ? clientAppDomain.replace(/^https?:\/\//, '').replace(/:\d+$/, '') : null;
+  const backendClientHost = backendClientDomain ? backendClientDomain.replace(/^https?:\/\//, '').replace(/:\d+$/, '') : null;
 
   if (ssl) {
     return generateSslNginxConfig({
@@ -100,13 +105,15 @@ export function generateNginxConfig(config) {
       facialAppHost,
       posAppHost,
       clientAppHost,
+      backendClientHost,
       frontendPort,
       apiPort,
       gateAppPort,
       guardianAppPort,
       facialWebPort,
       posAppPort,
-      clientAppPort
+      clientAppPort,
+      backendClientPort
     });
   }
 
@@ -330,6 +337,37 @@ server {
         proxy_read_timeout 60s;
     }
 }
+` : ''}${backendClientHost ? `
+# ANTE Backend Client API Configuration
+server {
+    listen 80;
+    listen [::]:80;
+    server_name ${backendClientHost};
+
+    # Increase buffer sizes for large headers
+    client_header_buffer_size 16k;
+    large_client_header_buffers 4 16k;
+
+    # Increase body size for file uploads
+    client_max_body_size 100M;
+
+    location / {
+        proxy_pass http://localhost:${backendClientPort};
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_cache_bypass $http_upgrade;
+
+        # Timeout settings
+        proxy_connect_timeout 60s;
+        proxy_send_timeout 60s;
+        proxy_read_timeout 60s;
+    }
+}
 ` : ''}`;
 }
 
@@ -343,6 +381,7 @@ server {
  * @param {string} [config.facialAppHost] - Facial web app hostname (optional)
  * @param {string} [config.posAppHost] - POS app hostname (optional)
  * @param {string} [config.clientAppHost] - Client app hostname (optional)
+ * @param {string} [config.backendClientHost] - Backend client API hostname (optional)
  * @param {number} config.frontendPort - Frontend port
  * @param {number} config.apiPort - API port
  * @param {number} [config.gateAppPort] - Gate app port (default: 8081)
@@ -350,6 +389,7 @@ server {
  * @param {number} [config.facialWebPort] - Facial web app port (default: 8083)
  * @param {number} [config.posAppPort] - POS app port (default: 8084)
  * @param {number} [config.clientAppPort] - Client app port (default: 9005)
+ * @param {number} [config.backendClientPort] - Backend client API port (default: 4001)
  * @returns {string} NGINX configuration with SSL
  */
 function generateSslNginxConfig(config) {
@@ -361,13 +401,15 @@ function generateSslNginxConfig(config) {
     facialAppHost,
     posAppHost,
     clientAppHost,
+    backendClientHost,
     frontendPort,
     apiPort,
     gateAppPort = 8081,
     guardianAppPort = 8082,
     facialWebPort = 8083,
     posAppPort = 8084,
-    clientAppPort = 9005
+    clientAppPort = 9005,
+    backendClientPort = 4001
   } = config;
 
   return `# ANTE Frontend Configuration (HTTPS)
@@ -782,6 +824,63 @@ server {
     server_name ${clientAppHost};
     return 301 https://$server_name$request_uri;
 }
+` : ''}${backendClientHost ? `
+# ANTE Backend Client API Configuration (HTTPS)
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    http2 on;
+    server_name ${backendClientHost};
+
+    # SSL Certificate paths
+    ssl_certificate /etc/letsencrypt/live/${backendClientHost}/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/${backendClientHost}/privkey.pem;
+
+    # SSL Configuration
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers HIGH:!aNULL:!MD5;
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+
+    # Security headers
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header X-Frame-Options SAMEORIGIN always;
+    add_header X-Content-Type-Options nosniff always;
+    add_header X-XSS-Protection "1; mode=block" always;
+
+    # Increase buffer sizes for large headers
+    client_header_buffer_size 16k;
+    large_client_header_buffers 4 16k;
+
+    # Increase body size for file uploads
+    client_max_body_size 100M;
+
+    location / {
+        proxy_pass http://localhost:${backendClientPort};
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_cache_bypass $http_upgrade;
+
+        # Timeout settings
+        proxy_connect_timeout 60s;
+        proxy_send_timeout 60s;
+        proxy_read_timeout 60s;
+    }
+}
+
+# HTTP to HTTPS redirect for ${backendClientHost}
+server {
+    listen 80;
+    listen [::]:80;
+    server_name ${backendClientHost};
+    return 301 https://$server_name$request_uri;
+}
 ` : ''}`;
 }