certops 1.0.15 → 1.0.16

package/dist/api.js

@@ -1,3 +1,9 @@
+const REQUEST_TIMEOUT_MS = 30_000;
+function fetchWithTimeout(url, init) {
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), REQUEST_TIMEOUT_MS);
+    return fetch(url, { ...init, signal: controller.signal }).finally(() => clearTimeout(timer));
+}
 export function createApiClient(options) {
     const base = (options.apiUrl ?? 'https://ssl-manager.dcom.at').replace(/\/$/, '');
     const baseHeaders = {
@@ -20,7 +26,7 @@ export function createApiClient(options) {
         throw new Error(msg);
     }
     async function request(path) {
-        const res = await fetch(`${base}/api/cli${path}`, {
+        const res = await fetchWithTimeout(`${base}/api/cli${path}`, {
             headers: { ...baseHeaders, 'Content-Type': 'application/json' },
         });
         const body = (await res.json());
@@ -31,7 +37,7 @@ export function createApiClient(options) {
         return body.data;
     }
     async function requestBinary(path) {
-        const res = await fetch(`${base}/api/cli${path}`, {
+        const res = await fetchWithTimeout(`${base}/api/cli${path}`, {
             headers: baseHeaders,
         });
         if (!res.ok) {

package/dist/commands/download.js

@@ -3,10 +3,14 @@ import select from '@inquirer/select';
 import {} from '../api.js';
 import { getConfiguredClient } from '../client.js';
 import { saveZip } from '../files.js';
+import { updateCertState } from '../state.js';
+import { createLogger, logError } from '../logger.js';
+const log = createLogger('download');
 async function performDownload(cert, client) {
     process.stdout.write(`\nDownloading ${cert.certName}…\n`);
     const zipBuffer = await client.downloadCert(cert._id);
     const paths = await saveZip(cert.certName, zipBuffer);
+    await updateCertState(cert.certName, cert.expiryDate ?? '');
     process.stdout.write(`  ✓ Fullchain   : ${paths.fullchainPath}\n`);
     process.stdout.write(`  ✓ Certificate : ${paths.certPath}\n`);
     process.stdout.write(`  ✓ Chain       : ${paths.chainPath}\n`);
@@ -15,6 +19,8 @@ async function performDownload(cert, client) {
         process.stdout.write(`  ✓ Expires     : ${new Date(cert.expiryDate).toLocaleDateString()}\n`);
     }
     process.stdout.write('\n');
+    const expiry = cert.expiryDate ? ` expires ${new Date(cert.expiryDate).toLocaleDateString()}` : '';
+    log(`Downloaded ${cert.certName}${expiry} → ${paths.fullchainPath}`);
 }
 export const downloadCommand = new Command('download')
     .description('Download a certificate to /etc/certops/certs/<domain>/ — requires sudo')
@@ -81,7 +87,9 @@ Examples:
     catch (err) {
         if (err.name === 'ExitPromptError')
             process.exit(0);
-        process.stderr.write(`\nError: ${err.message}\n\n`);
+        const msg = err.message;
+        process.stderr.write(`\nError: ${msg}\n\n`);
+        logError(msg);
         process.exit(1);
     }
 });

package/dist/commands/service/configure.js

@@ -1,18 +1,19 @@
 import { Command } from 'commander';
 import input from '@inquirer/input';
 import { spawnSync } from 'child_process';
-import { readConfig, writeConfig } from '../../config.js';
+import { readConfig, writeConfig, CERTOPS_DIR } from '../../config.js';
+import { BRAND } from '../../brand.js';
 export const configureCommand = new Command('configure')
     .description('Update service config (watch domains, check interval) and restart')
     .action(async () => {
     try {
         if (process.getuid?.() !== 0) {
-            console.error('Error: certops service configure must run as root.');
-            console.error('\n  sudo sp service configure\n');
+            console.error(`Error: ${BRAND.binName} service configure must run as root.`);
+            console.error(`\n  sudo ${BRAND.binName} service configure\n`);
             process.exit(1);
         }
         const existing = await readConfig();
-        console.log('\nCertOps — Update Service Config\n');
+        console.log(`\n${BRAND.displayName} — Update Service Config\n`);
         console.log('  (API key is stored in the systemd unit, not changed here)\n');
         const intervalStr = await input({
             message: 'Check interval (hours):',
@@ -44,8 +45,8 @@ export const configureCommand = new Command('configure')
             maxDownloadRetries: Number(retriesStr),
             watchDomains,
         });
-        console.log('\n✓ Config updated at /etc/certops/config.json');
-        const result = spawnSync('systemctl', ['restart', 'certops'], {
+        console.log(`\n✓ Config updated at ${CERTOPS_DIR}/config.json`);
+        const result = spawnSync('systemctl', ['restart', BRAND.serviceUnit], {
             stdio: ['inherit', 'inherit', 'pipe'],
             encoding: 'utf8',
         });
@@ -53,7 +54,7 @@ export const configureCommand = new Command('configure')
             if (result.stderr?.trim())
                 process.stderr.write(result.stderr + '\n');
             process.stderr.write('\nWarning: config saved but service restart failed.\n');
-            process.stderr.write('  Run: sudo sp service start\n\n');
+            process.stderr.write(`  Run: sudo ${BRAND.binName} service start\n\n`);
             process.exit(1);
         }
         console.log('✓ Service restarted with new config.\n');

package/dist/commands/service/control.js

@@ -4,6 +4,7 @@ import { unlink } from 'fs/promises';
 import { resolveApiKey, runRenewalCycle } from './renew.js';
 import { BRAND } from '../../brand.js';
 import { CERTOPS_DIR } from '../../config.js';
+import { createLogger } from '../../logger.js';
 const UNIT = BRAND.serviceUnit;
 const UNIT_PATH = `/etc/systemd/system/${BRAND.serviceUnit}.service`;
 function systemctl(args, exitOnFail = true) {
@@ -49,7 +50,7 @@ export const checkCommand = new Command('check')
         process.stderr.write(`  Set the env var or run: sudo ${BRAND.binName} service install\n\n`);
         process.exit(1);
     }
-    const log = (msg) => process.stdout.write(`  ${msg}\n`);
+    const log = createLogger();
     process.stdout.write('\nRunning renewal check…\n\n');
     try {
         const result = await runRenewalCycle(apiKey, log);

package/dist/commands/service/daemon.js

@@ -2,9 +2,8 @@ import { Command } from 'commander';
 import { readConfig } from '../../config.js';
 import { resolveApiKey, runRenewalCycle } from './renew.js';
 import { BRAND } from '../../brand.js';
-function log(msg) {
-    process.stdout.write(`[${new Date().toISOString()}] ${msg}\n`);
-}
+import { createLogger } from '../../logger.js';
+const log = createLogger();
 function sleep(ms) {
     return new Promise(resolve => setTimeout(resolve, ms));
 }

package/dist/commands/service/install.js

@@ -57,10 +57,6 @@ export const installCommand = new Command('install')
                 ? true
                 : `Key must start with ${BRAND.keyPrefix}`,
         });
-        const apiUrl = await input({
-            message: `API URL (leave blank for default ${BRAND.apiUrl}):`,
-            default: existing.apiUrl ?? '',
-        });
         const intervalStr = await input({
             message: 'Check interval (hours):',
             default: String(existing.checkIntervalHours),
@@ -75,7 +71,7 @@ export const installCommand = new Command('install')
             .map(d => d.trim())
             .filter(Boolean);
         const config = {
-            apiUrl: apiUrl.trim() || undefined,
+            apiUrl: existing.apiUrl,
             renewalThresholdDays: existing.renewalThresholdDays,
             checkIntervalHours: Number(intervalStr),
             watchDomains,

package/dist/config.js

@@ -3,6 +3,8 @@ import { join } from 'path';
 import { BRAND } from './brand.js';
 export const CERTOPS_DIR = BRAND.configDir;
 export const HOOKS_DIR = join(CERTOPS_DIR, 'hooks');
+export const LOG_DIR = `/var/log/${BRAND.name}`;
+export const LOG_FILE = join(LOG_DIR, `${BRAND.name}.log`);
 const CONFIG_PATH = join(CERTOPS_DIR, 'config.json');
 const DEFAULTS = {
     renewalThresholdDays: 5,

package/dist/files.js

@@ -2,6 +2,7 @@ import { mkdir, writeFile, chmod } from 'fs/promises';
 import { join } from 'path';
 import { unzipSync } from 'fflate';
 import { CERTOPS_DIR } from './config.js';
+import { BRAND } from './brand.js';
 export async function saveZip(certName, zipBuffer) {
     const zipDirName = certName.replace(/^\*\./, 'wildcard.');
     const dir = join(CERTOPS_DIR, 'certs', zipDirName);
@@ -45,8 +46,8 @@ function fsError(err, certName, path) {
     const e = err instanceof Error ? err : null;
     if (e?.code === 'EACCES' || e?.code === 'EPERM') {
         process.stderr.write(`\nPermission denied: ${path}\n`);
-        process.stderr.write(`/etc/certops requires root. Re-run:\n\n`);
-        process.stderr.write(`  sudo certops download '${certName}'\n\n`);
+        process.stderr.write(`${CERTOPS_DIR} requires root. Re-run:\n\n`);
+        process.stderr.write(`  sudo ${BRAND.binName} download '${certName}'\n\n`);
         process.exit(1);
     }
     throw err;

package/dist/hooks.js

@@ -17,19 +17,25 @@ async function fileExists(path) {
         return false;
     }
 }
+const HOOK_TIMEOUT_MS = 60_000;
 async function execHook(scriptPath, vars) {
     return new Promise((resolve, reject) => {
         const child = spawn('bash', [scriptPath], {
             env: { ...process.env, ...vars },
             stdio: 'inherit',
         });
+        const timer = setTimeout(() => {
+            child.kill('SIGTERM');
+            reject(new Error(`Hook timed out after ${HOOK_TIMEOUT_MS / 1000}s`));
+        }, HOOK_TIMEOUT_MS);
         child.on('close', (code) => {
+            clearTimeout(timer);
             if (code === 0)
                 resolve();
             else
                 reject(new Error(`Hook exited with code ${code}`));
         });
-        child.on('error', reject);
+        child.on('error', (err) => { clearTimeout(timer); reject(err); });
     });
 }
 export async function runHooks(certName, vars, log) {

package/dist/logger.js

@@ -0,0 +1,41 @@
+import { appendFile, mkdir } from 'fs/promises';
+import { LOG_DIR, LOG_FILE } from './config.js';
+let logDirReady = false;
+async function ensureLogDir() {
+    if (logDirReady)
+        return;
+    try {
+        await mkdir(LOG_DIR, { recursive: true });
+        logDirReady = true;
+    }
+    catch {
+        // silently fail — never crash the daemon over a logging error
+    }
+}
+async function writeToFile(line) {
+    await ensureLogDir();
+    if (!logDirReady)
+        return;
+    try {
+        await appendFile(LOG_FILE, line + '\n', { encoding: 'utf8', mode: 0o640 });
+    }
+    catch {
+        // silently fail
+    }
+}
+function timestamp() {
+    return new Date().toISOString();
+}
+export function createLogger(tag) {
+    const prefix = tag ? `[${tag}] ` : '';
+    return (msg) => {
+        const line = `[${timestamp()}] ${prefix}${msg}`;
+        process.stdout.write(line + '\n');
+        void writeToFile(line);
+    };
+}
+export function logError(msg) {
+    const line = `[${timestamp()}] [ERROR] ${msg}`;
+    process.stderr.write(line + '\n');
+    void writeToFile(line);
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "certops",
-  "version": "1.0.15",
+  "version": "1.0.16",
   "description": "SSL Pilot CLI — download and manage your SSL certificates",
   "type": "module",
   "files": [