easy-devops 0.1.0

package/cli/managers/ssl-manager.js

@@ -0,0 +1,397 @@
+/**
+ * cli/managers/ssl-manager.js
+ *
+ * SSL Manager — view certificate status, renew certificates, install certbot.
+ *
+ * Exported functions:
+ *   - showSslManager() — interactive menu for managing SSL certificates
+ *
+ * All shell calls go through core/shell.js (run / runLive).
+ * Platform differences (Windows/Linux) are handled via isWindows guards.
+ */
+
+import chalk from 'chalk';
+import inquirer from 'inquirer';
+import ora from 'ora';
+import fs from 'fs/promises';
+import path from 'path';
+import { run, runLive } from '../../core/shell.js';
+import { loadConfig } from '../../core/config.js';
+
+const isWindows = process.platform === 'win32';
+
+// ─── getCertbotDir ────────────────────────────────────────────────────────────
+
+function getCertbotDir() {
+  const config = loadConfig();
+  return path.join(config.certbotDir, 'live');
+}
+
+// ─── parseCertExpiry ──────────────────────────────────────────────────────────
+
+async function parseCertExpiry(certPath) {
+  const result = await run(`openssl x509 -enddate -noout -in "${certPath}"`);
+
+  if (result.success && result.stdout) {
+    const match = result.stdout.match(/notAfter=(.+)/);
+    if (match) {
+      const expiryDate = new Date(match[1].trim());
+      const daysLeft = Math.floor((expiryDate - Date.now()) / 86400000);
+      return { expiryDate, daysLeft };
+    }
+  }
+
+  // Fallback: use file mtime + 90 days
+  try {
+    const stat = await fs.stat(certPath);
+    const expiryDate = new Date(stat.mtime.getTime() + 90 * 86400000);
+    const daysLeft = Math.floor((expiryDate - Date.now()) / 86400000);
+    return { expiryDate, daysLeft, errorReason: 'expiry estimated from file date' };
+  } catch {
+    return null;
+  }
+}
+
+// ─── getCertbotExe ────────────────────────────────────────────────────────────
+// Returns the certbot command to use, or null if not installed.
+// On Windows, checks PATH first, then the well-known install location used by
+// the official EFF winget package (EFF.Certbot).
+// Always returns a PS-safe invocation string (& "..." for full paths).
+
+const CERTBOT_WIN_EXE = 'C:\\Program Files\\Certbot\\bin\\certbot.exe';
+
+async function getCertbotExe() {
+  if (!isWindows) {
+    const r = await run('which certbot');
+    return (r.exitCode === 0 && r.stdout.trim()) ? 'certbot' : null;
+  }
+
+  // 1. On PATH?
+  const pathResult = await run('where.exe certbot');
+  if (pathResult.exitCode === 0 && pathResult.stdout.trim()) {
+    return 'certbot';
+  }
+
+  // 2. Well-known install location (winget / official EFF installer)
+  const exeCheck = await run(`Test-Path "${CERTBOT_WIN_EXE}"`);
+  if (exeCheck.stdout.trim().toLowerCase() === 'true') {
+    // Must use & "..." in PowerShell to invoke a path with spaces
+    return `& "${CERTBOT_WIN_EXE}"`;
+  }
+
+  return null;
+}
+
+async function isCertbotInstalled() {
+  return (await getCertbotExe()) !== null;
+}
+
+// ─── isPort80Busy ─────────────────────────────────────────────────────────────
+
+async function isPort80Busy() {
+  const cmd = isWindows
+    ? 'netstat -ano | findstr ":80"'
+    : "ss -tlnp | grep ':80 '";
+  const result = await run(cmd);
+  const busy = result.success && result.stdout.length > 0;
+  return { busy, detail: busy ? result.stdout.split('\n')[0].trim() : null };
+}
+
+// ─── stopNginx / startNginx ───────────────────────────────────────────────────
+
+async function stopNginx() {
+  const { nginxDir } = loadConfig();
+  const cmd = isWindows
+    ? 'taskkill /f /IM nginx.exe'
+    : 'systemctl stop nginx';
+  await run(cmd);
+}
+
+async function startNginx() {
+  const { nginxDir } = loadConfig();
+  const cmd = isWindows
+    ? `& "${nginxDir}\\nginx.exe"`
+    : 'systemctl start nginx';
+  await run(cmd);
+}
+
+// ─── listCerts ────────────────────────────────────────────────────────────────
+
+async function listCerts(liveDir) {
+  let entries;
+  try {
+    entries = await fs.readdir(liveDir, { withFileTypes: true });
+  } catch {
+    return [];
+  }
+
+  const domains = entries.filter(e => e.isDirectory()).map(e => e.name);
+  const certs = [];
+
+  for (const domain of domains) {
+    const certPath = path.join(liveDir, domain, 'cert.pem');
+
+    let status = 'error';
+    let expiryDate = null;
+    let daysLeft = null;
+
+    try {
+      await fs.stat(certPath);
+      const expiry = await parseCertExpiry(certPath);
+      if (expiry !== null) {
+        expiryDate = expiry.expiryDate;
+        daysLeft = expiry.daysLeft;
+        if (daysLeft > 30) {
+          status = 'healthy';
+        } else if (daysLeft >= 10) {
+          status = 'expiring';
+        } else {
+          status = 'critical';
+        }
+      }
+    } catch {
+      status = 'error';
+    }
+
+    certs.push({ domain, status, expiryDate, daysLeft });
+  }
+
+  return certs;
+}
+
+// ─── renderCertRow ────────────────────────────────────────────────────────────
+
+function renderCertRow(cert) {
+  const domainPadded = cert.domain.padEnd(35);
+
+  if (cert.status === 'error') {
+    console.log(`  ${chalk.gray('❌')} ${chalk.gray(domainPadded)} ${chalk.gray('ERROR')}`);
+    return;
+  }
+
+  const expiryStr = cert.expiryDate
+    ? cert.expiryDate.toDateString().replace(/^\S+\s/, '')
+    : '—';
+  const daysStr = cert.daysLeft !== null ? `${cert.daysLeft}d` : '—';
+
+  if (cert.status === 'healthy') {
+    console.log(`  ${chalk.green('✅')} ${chalk.green(domainPadded)} ${chalk.green(daysStr.padEnd(6))} ${chalk.green(`(${expiryStr})`)}`);
+  } else if (cert.status === 'expiring') {
+    console.log(`  ${chalk.yellow('⚠️')}  ${chalk.yellow(domainPadded)} ${chalk.yellow(daysStr.padEnd(6))} ${chalk.yellow(`(${expiryStr})`)}`);
+  } else {
+    console.log(`  ${chalk.red('❌')} ${chalk.red(domainPadded)} ${chalk.red(daysStr.padEnd(6))} ${chalk.red(`(${expiryStr})`)}`);
+  }
+}
+
+// ─── renewCert ────────────────────────────────────────────────────────────────
+
+async function renewCert(domain) {
+  const certbotExe = await getCertbotExe();
+  if (!certbotExe) {
+    console.log(chalk.red('\n  certbot not found — install it first\n'));
+    return { domain, success: false, exitCode: null };
+  }
+
+  await stopNginx();
+
+  try {
+    const portCheck = await isPort80Busy();
+    if (portCheck.busy) {
+      console.log(chalk.yellow(`\n  ⚠ Port 80 is in use: ${portCheck.detail}`));
+      console.log(chalk.yellow('  Stop that process before renewing.\n'));
+      return { domain, success: false, exitCode: null };
+    }
+
+    const exitCode = await runLive(
+      `${certbotExe} certonly --standalone -d "${domain}"`,
+      { timeout: 120000 },
+    );
+    return { domain, success: exitCode === 0, exitCode };
+  } finally {
+    await startNginx();
+  }
+}
+
+// ─── renewExpiring ────────────────────────────────────────────────────────────
+
+async function renewExpiring(certs) {
+  const expiring = certs.filter(c => c.daysLeft !== null && c.daysLeft < 30);
+  if (expiring.length === 0) return [];
+
+  const certbotExe = await getCertbotExe();
+  if (!certbotExe) return [];
+
+  await stopNginx();
+
+  const results = [];
+  try {
+    for (const cert of expiring) {
+      const exitCode = await runLive(
+        `${certbotExe} certonly --standalone -d "${cert.domain}"`,
+        { timeout: 120000 },
+      );
+      results.push({ domain: cert.domain, success: exitCode === 0, exitCode });
+    }
+  } finally {
+    await startNginx();
+  }
+
+  return results;
+}
+
+// ─── installCertbot ───────────────────────────────────────────────────────────
+
+async function installCertbot() {
+  if (isWindows) {
+    // Official EFF certbot package via winget — installs to
+    // C:\Program Files\Certbot\bin\ and adds it to the system PATH.
+    // pip install certbot is NOT used: it lands in a user Python Scripts
+    // folder that is not on PATH and cannot renew certs system-wide.
+    console.log(chalk.gray('\n  Installing via winget (EFF.Certbot) ...\n'));
+    const exitCode = await runLive(
+      'winget install -e --id EFF.Certbot --accept-package-agreements --accept-source-agreements',
+      { timeout: 180000 },
+    );
+    if (exitCode !== 0) return { success: false };
+    // winget updates the system PATH but the current session won't see it yet.
+    // Verify via the known exe path directly.
+    const check = await run(`Test-Path "${CERTBOT_WIN_EXE}"`);
+    return { success: check.stdout.trim().toLowerCase() === 'true' };
+  }
+
+  const exitCode = await runLive('sudo apt-get install -y certbot', { timeout: 180000 });
+  return { success: exitCode === 0 };
+}
+
+// ─── showSslManager ───────────────────────────────────────────────────────────
+
+export async function showSslManager() {
+  while (true) {
+    const liveDir = getCertbotDir();
+
+    const spinner = ora('Loading certificates…').start();
+    const certs = await listCerts(liveDir);
+    spinner.stop();
+
+    console.log(chalk.bold('\n  SSL Manager'));
+    console.log(chalk.gray('  ' + '─'.repeat(40)));
+
+    if (certs.length === 0) {
+      console.log(chalk.gray('  No certificates found'));
+    } else {
+      for (const cert of certs) {
+        renderCertRow(cert);
+      }
+    }
+    console.log();
+
+    const choices = [
+      'Renew a certificate',
+      'Renew all expiring (< 30 days)',
+      'Install certbot',
+      new inquirer.Separator(),
+      '← Back',
+    ];
+
+    let choice;
+    try {
+      ({ choice } = await inquirer.prompt([{
+        type: 'list',
+        name: 'choice',
+        message: 'Select an option:',
+        choices,
+      }]));
+    } catch (err) {
+      if (err.name === 'ExitPromptError') return;
+      throw err;
+    }
+
+    switch (choice) {
+      case 'Renew a certificate': {
+        const installed = await isCertbotInstalled();
+        if (!installed) {
+          console.log(chalk.yellow('\n  ⚠ certbot not found — select "Install certbot" first\n'));
+          break;
+        }
+
+        if (certs.length === 0) {
+          console.log(chalk.gray('\n  No certificates found to renew\n'));
+          break;
+        }
+
+        let selectedDomain;
+        try {
+          ({ selectedDomain } = await inquirer.prompt([{
+            type: 'list',
+            name: 'selectedDomain',
+            message: 'Select domain to renew:',
+            choices: certs.map(c => c.domain),
+          }]));
+        } catch (err) {
+          if (err.name === 'ExitPromptError') return;
+          throw err;
+        }
+
+        const renewResult = await renewCert(selectedDomain);
+        if (renewResult.success) {
+          console.log(chalk.green('\n  ✓ Renewed successfully\n'));
+        } else {
+          console.log(chalk.red('\n  ✗ Renewal failed — see output above\n'));
+        }
+        break;
+      }
+
+      case 'Renew all expiring (< 30 days)': {
+        const installed = await isCertbotInstalled();
+        if (!installed) {
+          console.log(chalk.yellow('\n  ⚠ certbot not found — select "Install certbot" first\n'));
+          break;
+        }
+
+        const results = await renewExpiring(certs);
+        if (results.length === 0) {
+          console.log(chalk.gray('\n  No certificates expiring within 30 days\n'));
+        } else {
+          console.log();
+          for (const r of results) {
+            if (r.success) {
+              console.log(`  ${chalk.green('✓ ' + r.domain)}`);
+            } else {
+              console.log(`  ${chalk.red('✗ ' + r.domain)}`);
+            }
+          }
+          console.log();
+        }
+        break;
+      }
+
+      case 'Install certbot': {
+        const alreadyInstalled = await isCertbotInstalled();
+        if (alreadyInstalled) {
+          console.log(chalk.gray('\n  certbot is already installed\n'));
+          break;
+        }
+
+        const installResult = await installCertbot();
+        if (installResult.success) {
+          console.log(chalk.green('\n  ✓ certbot installed successfully\n'));
+        } else {
+          console.log(chalk.red('\n  ✗ Installation failed\n'));
+        }
+        break;
+      }
+
+      case '← Back':
+        return;
+    }
+
+    if (choice !== '← Back') {
+      try {
+        await inquirer.prompt([{ type: 'input', name: '_', message: 'Press Enter to continue...' }]);
+      } catch (err) {
+        if (err.name === 'ExitPromptError') return;
+        throw err;
+      }
+    }
+  }
+}

package/cli/menus/dashboard.js

@@ -0,0 +1,223 @@
+import chalk from 'chalk';
+import inquirer from 'inquirer';
+import ora from 'ora';
+import { spawn } from 'child_process';
+import { createServer } from 'net';
+import { openSync, closeSync, writeSync } from 'fs';
+import fs from 'fs/promises';
+import http from 'http';
+import { fileURLToPath } from 'url';
+import path from 'path';
+import { loadConfig } from '../../core/config.js';
+import { dbGet, dbSet } from '../../core/db.js';
+import { run } from '../../core/shell.js';
+
+const __dirname  = path.dirname(fileURLToPath(import.meta.url));
+const isWindows  = process.platform === 'win32';
+const LOG_PATH   = path.resolve(__dirname, '../../data/dashboard.log');
+const SERVER_PATH = path.resolve(__dirname, '../../dashboard/server.js');
+
+// ─── Port helpers ─────────────────────────────────────────────────────────────
+
+function isPortFree(port) {
+  return new Promise((resolve) => {
+    const srv = createServer();
+    srv.once('error', () => resolve(false));
+    srv.once('listening', () => srv.close(() => resolve(true)));
+    srv.listen(port, '127.0.0.1');
+  });
+}
+
+async function findFreePort(startPort) {
+  let port = startPort;
+  while (!(await isPortFree(port))) {
+    port++;
+    if (port > 65535) throw new Error('No free port found');
+  }
+  return port;
+}
+
+// ─── HTTP ping — most reliable way to know Express is actually up ─────────────
+
+function httpPing(port, timeoutMs = 2000) {
+  return new Promise((resolve) => {
+    const req = http.get(`http://localhost:${port}/`, (res) => {
+      res.destroy();
+      resolve(true);
+    });
+    req.on('error', () => resolve(false));
+    req.setTimeout(timeoutMs, () => { req.destroy(); resolve(false); });
+  });
+}
+
+// Poll every 500 ms for up to `maxWaitMs`
+async function waitForServer(port, maxWaitMs = 8000) {
+  const deadline = Date.now() + maxWaitMs;
+  while (Date.now() < deadline) {
+    if (await httpPing(port, 1000)) return true;
+    await new Promise(r => setTimeout(r, 500));
+  }
+  return false;
+}
+
+// ─── PID check ────────────────────────────────────────────────────────────────
+
+function isPidAlive(pid) {
+  if (!pid) return false;
+  try { process.kill(pid, 0); return true; } catch { return false; }
+}
+
+// ─── Status ───────────────────────────────────────────────────────────────────
+
+async function getDashboardStatus() {
+  const { dashboardPort } = loadConfig();
+  const storedPid  = dbGet('dashboard-pid');
+  const storedPort = dbGet('dashboard-port') ?? dashboardPort;
+  const pidAlive   = isPidAlive(storedPid);
+  const responding = pidAlive && await httpPing(storedPort, 1000);
+
+  if (storedPid && !pidAlive) {
+    dbSet('dashboard-pid',  null);
+    dbSet('dashboard-port', null);
+  }
+
+  return {
+    running:    responding,
+    port:       storedPort,
+    configPort: dashboardPort,
+    pid:        responding ? storedPid : null,
+  };
+}
+
+// ─── Start ────────────────────────────────────────────────────────────────────
+
+async function startDashboard(port) {
+  await fs.mkdir(path.dirname(LOG_PATH), { recursive: true });
+
+  // openSync gives a real fd immediately — required by spawn's stdio option
+  const logFd = openSync(LOG_PATH, 'a');
+  writeSync(logFd, `\n--- dashboard start ${new Date().toISOString()} port=${port} ---\n`);
+
+  const child = spawn(process.execPath, [SERVER_PATH], {
+    detached:    true,
+    stdio:       ['ignore', logFd, logFd],
+    windowsHide: true,
+    env:         { ...process.env, DASHBOARD_PORT: String(port) },
+  });
+  child.unref();
+  // Parent closes its copy of the fd; the child keeps its own inherited copy
+  closeSync(logFd);
+
+  dbSet('dashboard-pid',  child.pid);
+  dbSet('dashboard-port', port);
+
+  // Wait up to 8 s for Express to respond (polls every 500 ms)
+  const up = await waitForServer(port, 8000);
+  return { success: up, pid: child.pid, port, logPath: LOG_PATH };
+}
+
+// ─── Stop ─────────────────────────────────────────────────────────────────────
+
+async function stopDashboard(pid) {
+  if (!pid) return { success: false };
+  try {
+    if (isWindows) {
+      await run(`taskkill /PID ${pid} /F`);
+    } else {
+      process.kill(pid, 'SIGTERM');
+    }
+  } catch { /* already gone */ }
+  dbSet('dashboard-pid',  null);
+  dbSet('dashboard-port', null);
+  return { success: true };
+}
+
+// ─── Browser ──────────────────────────────────────────────────────────────────
+
+function openBrowser(url) {
+  const cmd = isWindows ? `Start-Process "${url}"` : `xdg-open "${url}"`;
+  run(cmd).catch(() => {});
+}
+
+// ─── Menu ─────────────────────────────────────────────────────────────────────
+
+export default async function dashboardMenu() {
+  while (true) {
+    const spinner = ora('Checking dashboard status...').start();
+    const status = await getDashboardStatus();
+    spinner.stop();
+
+    const url = `http://localhost:${status.port}`;
+
+    console.log(chalk.bold('\n  Dashboard'));
+    console.log(chalk.gray('  ' + '─'.repeat(40)));
+
+    if (status.running) {
+      console.log(`  ${chalk.green('✅ Running')}  |  ${chalk.cyan(url)}  |  PID ${status.pid}`);
+    } else {
+      console.log(`  ${chalk.red('❌ Stopped')}  |  port ${status.configPort}`);
+    }
+    console.log();
+
+    const choices = status.running
+      ? ['Open in browser', 'Stop dashboard', new inquirer.Separator(), '← Back']
+      : ['Start dashboard', new inquirer.Separator(), '← Back'];
+
+    let choice;
+    try {
+      ({ choice } = await inquirer.prompt([{
+        type:    'list',
+        name:    'choice',
+        message: 'Select an option:',
+        choices,
+      }]));
+    } catch (err) {
+      if (err.name === 'ExitPromptError') return;
+      throw err;
+    }
+
+    switch (choice) {
+      case 'Start dashboard': {
+        const portToUse = await findFreePort(status.configPort);
+
+        if (portToUse !== status.configPort) {
+          console.log(chalk.yellow(`\n  Port ${status.configPort} is in use — using port ${portToUse} instead.`));
+        }
+
+        const sp = ora(`Starting dashboard on port ${portToUse}...`).start();
+        const result = await startDashboard(portToUse);
+
+        if (result.success) {
+          sp.succeed(`Dashboard started  ->  http://localhost:${portToUse}  (PID ${result.pid})`);
+        } else {
+          sp.fail(`Dashboard did not start — check log: ${result.logPath}`);
+        }
+        break;
+      }
+
+      case 'Stop dashboard': {
+        const sp = ora('Stopping dashboard...').start();
+        await stopDashboard(status.pid);
+        sp.succeed('Dashboard stopped');
+        break;
+      }
+
+      case 'Open in browser':
+        openBrowser(url);
+        console.log(chalk.gray(`\n  Opening ${url} ...\n`));
+        break;
+
+      case '← Back':
+        return;
+    }
+
+    if (choice !== '← Back') {
+      try {
+        await inquirer.prompt([{ type: 'input', name: '_', message: 'Press Enter to continue...' }]);
+      } catch (err) {
+        if (err.name === 'ExitPromptError') return;
+        throw err;
+      }
+    }
+  }
+}

package/cli/menus/domains.js

@@ -0,0 +1,5 @@
+import { showDomainManager } from '../managers/domain-manager.js';
+
+export default async function domainsMenu() {
+  await showDomainManager();
+}

package/cli/menus/nginx.js

@@ -0,0 +1,5 @@
+import { showNginxManager } from '../managers/nginx-manager.js';
+
+export default async function nginxMenu() {
+  await showNginxManager();
+}

package/cli/menus/nodejs.js

@@ -0,0 +1,5 @@
+import { showNodeManager } from '../managers/node-manager.js';
+
+export default async function nodejsMenu() {
+  await showNodeManager();
+}