easy-devops 0.1.4 → 0.1.6

package/cli/managers/ssl-manager.js

@@ -247,91 +247,182 @@ async function installCertbot() {
     return { success: exitCode === 0 };
   }
 
-  // ── Windows: winget → Chocolatey → direct EFF installer ──────────────────────
+  // ── Shared helpers ────────────────────────────────────────────────────────────
+
+  async function verifyCertbot() {
+    const whereResult = await run('where.exe certbot 2>$null');
+    if (whereResult.success && whereResult.stdout.trim()) return true;
+    const paths = [
+      CERTBOT_WIN_EXE,
+      'C:\\Program Files (x86)\\Certbot\\bin\\certbot.exe',
+      'C:\\Certbot\\bin\\certbot.exe',
+    ];
+    for (const p of paths) {
+      const r = await run(`Test-Path '${p}'`);
+      if (r.stdout.trim().toLowerCase() === 'true') return true;
+    }
+    return false;
+  }
+
+  // Try every possible download mechanism — one may work even when others fail
+  const hasCurl = (await run('where.exe curl.exe 2>$null')).success;
+
+  async function downloadFile(url, dest) {
+    // 1. Invoke-WebRequest with TLS 1.2 forced
+    let r = await run(
+      `[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $ProgressPreference='SilentlyContinue'; Invoke-WebRequest -Uri '${url}' -OutFile '${dest}' -UseBasicParsing -TimeoutSec 60`,
+      { timeout: 70000 },
+    );
+    if (r.success) return true;
+
+    // 2. System.Net.WebClient (different .NET code path)
+    r = await run(
+      `[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('${url}','${dest}')`,
+      { timeout: 70000 },
+    );
+    if (r.success) return true;
+
+    // 3. BITS (Background Intelligent Transfer Service)
+    r = await run(
+      `Start-BitsTransfer -Source '${url}' -Destination '${dest}' -ErrorAction Stop`,
+      { timeout: 70000 },
+    );
+    if (r.success) return true;
+
+    // 4. curl.exe (independent TLS stack)
+    if (hasCurl) {
+      r = await run(
+        `curl.exe -L --ssl-no-revoke --silent --show-error --max-time 60 -o '${dest}' '${url}'`,
+        { timeout: 70000 },
+      );
+      if (r.success) return true;
+    }
+
+    // 5. System.Net.Http.HttpClient (most modern .NET stack)
+    r = await run(
+      `[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $hc=[System.Net.Http.HttpClient]::new(); $hc.DefaultRequestHeaders.Add('User-Agent','Mozilla/5.0'); $bytes=$hc.GetByteArrayAsync('${url}').GetAwaiter().GetResult(); [System.IO.File]::WriteAllBytes('${dest}',$bytes)`,
+      { timeout: 70000 },
+    );
+    if (r.success) return true;
+
+    return false;
+  }
+
+  async function runNsisInstaller(exePath) {
+    await run(
+      `$p = Start-Process -FilePath '${exePath}' -ArgumentList '/S' -PassThru -Wait; $p.ExitCode`,
+      { timeout: 120000 },
+    );
+    await new Promise(res => setTimeout(res, 4000));
+    return verifyCertbot();
+  }
 
-  // 1. Try winget (Windows 10/11 desktop; not on Windows Server by default)
-  const wingetCheck = await run('where.exe winget 2>$null');
-  if (wingetCheck.success && wingetCheck.stdout.trim().length > 0) {
-    console.log(chalk.gray('\n  Installing via winget (EFF.Certbot) ...\n'));
+  let methodNum = 0;
+  function step(label) {
+    methodNum++;
+    console.log(chalk.gray(`\n  [${methodNum}] ${label}\n`));
+  }
+
+  // ── Method 1: pip / pip3 (PyPI CDN — completely different from GitHub/EFF) ────
+  for (const pip of ['pip', 'pip3']) {
+    const check = await run(`where.exe ${pip} 2>$null`);
+    if (check.success && check.stdout.trim()) {
+      step(`Trying ${pip} install certbot ...`);
+      const exitCode = await runLive(`${pip} install certbot`, { timeout: 180000 });
+      if (exitCode === 0 || await verifyCertbot()) return { success: true };
+      console.log(chalk.yellow(`  ${pip} did not install certbot, trying next...\n`));
+      break;
+    }
+  }
+
+  // ── Method 2: winget ──────────────────────────────────────────────────────────
+  if ((await run('where.exe winget 2>$null')).success) {
+    step('Trying winget ...');
     const exitCode = await runLive(
       'winget install -e --id EFF.Certbot --accept-package-agreements --accept-source-agreements',
       { timeout: 180000 },
     );
-    if (exitCode === 0) {
-      const check = await run(`Test-Path "${CERTBOT_WIN_EXE}"`);
-      return { success: check.stdout.trim().toLowerCase() === 'true' };
-    }
-    console.log(chalk.yellow('  winget failed, trying Chocolatey...\n'));
+    if (exitCode === 0 || await verifyCertbot()) return { success: true };
+    console.log(chalk.yellow('  winget did not install certbot, trying next...\n'));
   }
 
-  // 2. Try Chocolatey (common on Windows Server)
-  const chocoCheck = await run('where.exe choco 2>$null');
-  if (chocoCheck.success && chocoCheck.stdout.trim().length > 0) {
-    console.log(chalk.gray('\n  Installing via Chocolatey ...\n'));
+  // ── Method 3: Chocolatey ──────────────────────────────────────────────────────
+  if ((await run('where.exe choco 2>$null')).success) {
+    step('Trying Chocolatey ...');
     const exitCode = await runLive('choco install certbot -y', { timeout: 180000 });
-    if (exitCode === 0) {
-      const check = await run(`Test-Path "${CERTBOT_WIN_EXE}"`);
-      return { success: check.stdout.trim().toLowerCase() === 'true' };
-    }
-    console.log(chalk.yellow('  Chocolatey failed, trying direct download...\n'));
+    if (exitCode === 0 || await verifyCertbot()) return { success: true };
+    console.log(chalk.yellow('  Chocolatey did not install certbot, trying next...\n'));
   }
 
-  // 3. Direct download — try multiple sources × multiple download methods
-  //    PowerShell 5.1 on Windows Server defaults to TLS 1.0; GitHub requires TLS 1.2+.
-  //    Force TLS 1.2 before every Invoke-WebRequest call.
-  //    Also try curl.exe (built into Windows Server 2019+) as a second method.
+  // ── Method 4: Scoop ───────────────────────────────────────────────────────────
+  if ((await run('where.exe scoop 2>$null')).success) {
+    step('Trying Scoop ...');
+    const exitCode = await runLive('scoop install certbot', { timeout: 180000 });
+    if (exitCode === 0 || await verifyCertbot()) return { success: true };
+    console.log(chalk.yellow('  Scoop did not install certbot, trying next...\n'));
+  }
+
+  // ── Method 5: Direct installer download (multiple sources × multiple methods) ─
   const INSTALLER_FILENAME = 'certbot-beta-installer-win_amd64_signed.exe';
-  const INSTALLER_DEST     = '$env:TEMP\\certbot-installer.exe';
+  const INSTALLER_DEST     = `$env:TEMP\\${INSTALLER_FILENAME}`;
   const downloadSources = [
     `https://github.com/certbot/certbot/releases/latest/download/${INSTALLER_FILENAME}`,
     `https://dl.eff.org/${INSTALLER_FILENAME}`,
   ];
 
-  const hasCurl = (await run('where.exe curl.exe 2>$null')).success;
-
-  let downloaded = false;
   for (const url of downloadSources) {
     const label = new URL(url).hostname;
-    console.log(chalk.gray(`\n  Downloading certbot installer from ${label} ...\n`));
-
-    // Method A: Invoke-WebRequest with TLS 1.2 forced
-    const iwr = await run(
-      `[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $ProgressPreference='SilentlyContinue'; Invoke-WebRequest -Uri '${url}' -OutFile "${INSTALLER_DEST}" -UseBasicParsing -TimeoutSec 120`,
-      { timeout: 130000 },
-    );
-    if (iwr.success) { downloaded = true; break; }
-
-    // Method B: curl.exe (handles TLS independently of PowerShell/.NET settings)
-    if (hasCurl) {
-      const curlResult = await run(
-        `curl.exe -L --silent --show-error --max-time 120 -o "${INSTALLER_DEST}" "${url}"`,
-        { timeout: 130000 },
-      );
-      if (curlResult.success) { downloaded = true; break; }
+    step(`Downloading installer from ${label} ...`);
+    if (await downloadFile(url, INSTALLER_DEST)) {
+      console.log(chalk.gray('  Running installer silently ...\n'));
+      const ok = await runNsisInstaller(INSTALLER_DEST);
+      await run(`Remove-Item -Force '${INSTALLER_DEST}' -ErrorAction SilentlyContinue`);
+      if (ok) return { success: true };
+      console.log(chalk.yellow('  Installer ran but certbot not detected, trying next...\n'));
+    } else {
+      console.log(chalk.yellow(`  Could not download from ${label}`));
     }
-
-    console.log(chalk.yellow(`  Failed from ${label}`));
   }
 
-  if (!downloaded) {
-    console.log(chalk.red('\n  Download failed from all sources.'));
-    console.log(chalk.gray('  Install manually: https://certbot.eff.org/instructions?ws=other&os=windows\n'));
-    return { success: false };
-  }
+  // ── Method 6: Local file (user manually copies the installer to the server) ───
+  console.log(chalk.yellow('\n  All automatic methods failed.'));
+  console.log(chalk.gray('  If you have the certbot installer on this machine, enter its path below.'));
+  console.log(chalk.gray(`  (Download it on another PC: https://certbot.eff.org/instructions?ws=other&os=windows)\n`));
 
-  console.log(chalk.gray('  Running installer silently ...\n'));
+  let localChoice;
+  try {
+    ({ localChoice } = await inquirer.prompt([{
+      type:    'list',
+      name:    'localChoice',
+      message: 'What would you like to do?',
+      choices: ['Specify local installer path', 'Cancel'],
+    }]));
+  } catch { return { success: false }; }
+
+  if (localChoice === 'Specify local installer path') {
+    let localPath;
+    try {
+      ({ localPath } = await inquirer.prompt([{
+        type:    'input',
+        name:    'localPath',
+        message: 'Full path to certbot installer (.exe):',
+        validate: v => v.trim().length > 0 || 'Required',
+      }]));
+    } catch { return { success: false }; }
 
-  await run(
-    `Start-Process -FilePath "$env:TEMP\\certbot-installer.exe" -ArgumentList '/S' -Wait -NoNewWindow`,
-    { timeout: 120000 },
-  );
+    const exists = await run(`Test-Path '${localPath.trim()}'`);
+    if (exists.stdout.trim().toLowerCase() !== 'true') {
+      console.log(chalk.red(`  File not found: ${localPath}\n`));
+      return { success: false };
+    }
 
-  // Cleanup installer
-  await run(`Remove-Item -Force "$env:TEMP\\certbot-installer.exe" -ErrorAction SilentlyContinue`);
+    step('Running local installer silently ...');
+    const ok = await runNsisInstaller(localPath.trim());
+    if (ok) return { success: true };
+    console.log(chalk.red('  Installer ran but certbot was not detected.\n'));
+  }
 
-  // Verify
-  const check = await run(`Test-Path "${CERTBOT_WIN_EXE}"`);
-  return { success: check.stdout.trim().toLowerCase() === 'true' };
+  return { success: false };
 }
 
 // ─── showSslManager ───────────────────────────────────────────────────────────

package/cli/menus/update.js

@@ -21,7 +21,7 @@ import path from 'path';
 import { fileURLToPath } from 'url';
 import { createRequire } from 'module';
 import { run } from '../../core/shell.js';
-import { dbGet, dbSet } from '../../core/db.js';
+import { dbGet, dbSet, closeDb } from '../../core/db.js';
 import { loadConfig } from '../../core/config.js';
 import { getDashboardStatus, startDashboard, stopDashboard } from './dashboard.js';
 
@@ -92,7 +92,10 @@ async function performUpdate(latestVersion) {
     sp.succeed('Dashboard stopped');
   }
 
-  // Step 3 — install new version
+  // Step 3 — close the SQLite connection so npm can rename the db file (EBUSY on Windows)
+  closeDb();
+
+  // Step 4 — install new version
   const sp = ora(`Installing easy-devops@${latestVersion}...`).start();
   const result = await run(`npm install -g easy-devops@${latestVersion}`, { timeout: 120000 });
 
@@ -105,7 +108,7 @@ async function performUpdate(latestVersion) {
 
   sp.succeed(`Updated to v${latestVersion}`);
 
-  // Step 4 — restart dashboard if it was running before
+  // Step 5 — restart dashboard if it was running before
   const saved = dbGet('update-pre-dashboard');
   dbSet('update-pre-dashboard', null);
 

package/core/db.js

@@ -28,3 +28,14 @@ export { db };
 export const dbGet = (key) => db.get(key);
 export const dbSet = (key, value) => db.set(key, value);
 export const dbDelete = (key) => db.delete(key);
+
+/**
+ * Closes the underlying SQLite connection.
+ * Call this before any operation that needs to rename or replace the db file
+ * (e.g. npm install -g), otherwise the open file handle causes EBUSY on Windows.
+ */
+export function closeDb() {
+  try {
+    db.driver?.db?.close?.();
+  } catch { /* ignore */ }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "easy-devops",
-  "version": "0.1.4",
+  "version": "0.1.6",
   "description": "A unified DevOps management tool with CLI and web dashboard for managing Nginx, SSL certificates, and Node.js on Linux and Windows servers.",
   "keywords": [
     "devops",