easy-devops 0.1.7 → 0.1.9

package/cli/managers/ssl-manager.js

@@ -310,51 +310,106 @@ async function installCertbot() {
   }
 
   const hasCurl = (await run('where.exe curl.exe 2>$null')).success;
+  let lastDownloadError = '';
 
-  async function downloadFile(url, dest) {
+  async function downloadFile(url, dest, showErrors = false) {
     const safeUrl = url.replace(/'/g, "''");
     const safeDest = dest.replace(/'/g, "''");
 
-    // Method 1: Invoke-WebRequest with TLS 1.2
+    // Enable all TLS versions (1.0, 1.1, 1.2, 1.3) for maximum compatibility
+    const tlsSetup = `[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls -bor [Net.SecurityProtocolType]::Tls11 -bor [Net.SecurityProtocolType]::Tls12 -bor [Net.SecurityProtocolType]::Tls13`;
+
+    // Method 1: Invoke-WebRequest with all TLS versions
     let r = await run(
-      `[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $ProgressPreference='SilentlyContinue'; Invoke-WebRequest -Uri '${safeUrl}' -OutFile '${safeDest}' -UseBasicParsing -TimeoutSec 120`,
+      `${tlsSetup}; $ProgressPreference='SilentlyContinue'; Invoke-WebRequest -Uri '${safeUrl}' -OutFile '${safeDest}' -UseBasicParsing -TimeoutSec 120`,
       { timeout: 130000 },
     );
     if (r.success) return true;
+    if (showErrors && r.stderr) lastDownloadError = `Invoke-WebRequest: ${r.stderr}`;
 
-    // Method 2: WebClient
+    // Method 2: WebClient with TLS
     r = await run(
-      `[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('${safeUrl}','${safeDest}')`,
+      `${tlsSetup}; (New-Object System.Net.WebClient).DownloadFile('${safeUrl}','${safeDest}')`,
       { timeout: 130000 },
     );
     if (r.success) return true;
+    if (showErrors && r.stderr && !lastDownloadError) lastDownloadError = `WebClient: ${r.stderr}`;
 
-    // Method 3: BITS
+    // Method 3: BITS Transfer
     r = await run(
       `Import-Module BitsTransfer -ErrorAction SilentlyContinue; Start-BitsTransfer -Source '${safeUrl}' -Destination '${safeDest}' -ErrorAction Stop`,
       { timeout: 130000 },
     );
     if (r.success) return true;
+    if (showErrors && r.stderr && !lastDownloadError) lastDownloadError = `BITS: ${r.stderr}`;
 
-    // Method 4: curl.exe
+    // Method 4: curl.exe (works on Windows 10+)
     if (hasCurl) {
       r = await run(
-        `curl.exe -L --ssl-no-revoke --silent --show-error --max-time 120 -o '${safeDest}' '${safeUrl}'`,
+        `curl.exe -L --ssl-no-revoke --max-time 120 -o '${safeDest}' '${safeUrl}'`,
         { timeout: 130000 },
       );
       if (r.success) return true;
+      if (showErrors && r.stderr && !lastDownloadError) lastDownloadError = `curl: ${r.stderr}`;
     }
 
-    // Method 5: HttpClient
+    // Method 5: HttpClient with custom handler
+    r = await run(
+      `${tlsSetup}; $handler=[System.Net.Http.HttpClientHandler]::new(); $handler.ServerCertificateCustomValidationCallback={$true}; $handler.AllowAutoRedirect=$true; $hc=[System.Net.Http.HttpClient]::new($handler); $hc.DefaultRequestHeaders.Add('User-Agent','Mozilla/5.0 (Windows NT 10.0; Win64; x64)'); $hc.Timeout=[TimeSpan]::FromSeconds(120); $bytes=$hc.GetByteArrayAsync('${safeUrl}').GetAwaiter().GetResult(); [System.IO.File]::WriteAllBytes('${safeDest}',$bytes)`,
+      { timeout: 130000 },
+    );
+    if (r.success) return true;
+    if (showErrors && r.stderr && !lastDownloadError) lastDownloadError = `HttpClient: ${r.stderr}`;
+
+    // Method 6: Certutil (built-in Windows tool)
     r = await run(
-      `[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $hc=[System.Net.Http.HttpClient]::new(); $hc.DefaultRequestHeaders.Add('User-Agent','Mozilla/5.0'); $hc.Timeout=[TimeSpan]::FromSeconds(120); $bytes=$hc.GetByteArrayAsync('${safeUrl}').GetAwaiter().GetResult(); [System.IO.File]::WriteAllBytes('${safeDest}',$bytes)`,
+      `certutil.exe -urlcache -split -f "${safeUrl}" "${safeDest}"`,
       { timeout: 130000 },
     );
     if (r.success) return true;
+    if (showErrors && r.stderr && !lastDownloadError) lastDownloadError = `certutil: ${r.stderr}`;
+
+    // Method 7: PowerShell with DisableKeepAlive
+    r = await run(
+      `${tlsSetup}; $req=[System.Net.WebRequest]::Create('${safeUrl}'); $req.Method='GET'; $req.KeepAlive=$false; $req.UserAgent='Mozilla/5.0'; $resp=$req.GetResponse(); $stream=$resp.GetResponseStream(); $reader=[System.IO.BinaryReader]::new($stream); $bytes=$reader.ReadBytes($resp.ContentLength); $reader.Close(); [System.IO.File]::WriteAllBytes('${safeDest}',$bytes)`,
+      { timeout: 130000 },
+    );
+    if (r.success) return true;
+    if (showErrors && r.stderr && !lastDownloadError) lastDownloadError = `WebRequest: ${r.stderr}`;
 
     return false;
   }
 
+  // Test network connectivity to common endpoints
+  async function testNetworkConnectivity() {
+    console.log(chalk.cyan('\n Testing network connectivity...'));
+    const tests = [
+      { name: 'GitHub', url: 'https://github.com' },
+      { name: 'Microsoft', url: 'https://microsoft.com' },
+      { name: 'EFF', url: 'https://eff.org' },
+    ];
+    const results = [];
+
+    for (const test of tests) {
+      const r = await run(`curl.exe -I --ssl-no-revoke --max-time 10 "${test.url}"`, { timeout: 15000 });
+      const success = r.success || r.stdout.includes('HTTP') || r.stdout.includes('200');
+      results.push({ name: test.name, success });
+      console.log(chalk.gray(`   ${test.name}: ${success ? chalk.green('✓ Connected') : chalk.red('✗ Failed')}`));
+    }
+
+    const allFailed = results.every(r => !r.success);
+    if (allFailed) {
+      console.log(chalk.yellow('\n   ⚠ All external connections failed.'));
+      console.log(chalk.gray('   This could indicate:'));
+      console.log(chalk.gray('   • Firewall blocking outbound connections'));
+      console.log(chalk.gray('   • Proxy server required'));
+      console.log(chalk.gray('   • DNS resolution issues'));
+      console.log(chalk.gray('   • Antivirus blocking downloads'));
+    }
+    console.log();
+    return results;
+  }
+
   async function runNsisInstaller(exePath) {
     await run(
       `$p = Start-Process -FilePath '${exePath}' -ArgumentList '/S' -PassThru -Wait; $p.ExitCode`,
@@ -370,9 +425,93 @@ async function installCertbot() {
     console.log(chalk.gray(`\n [${methodNum}] ${label}\n`));
   }
 
+  // ── Check winget availability and offer to install if missing ─────────────────
+  let wingetAvailable = false;
+  const wingetCheck = await run('where.exe winget 2>$null');
+  wingetAvailable = wingetCheck.success && wingetCheck.stdout.trim();
+
+  if (!wingetAvailable) {
+    console.log(chalk.yellow('\n ⚠ winget is not installed on this system.'));
+    console.log(chalk.gray('   winget (Windows Package Manager) provides the easiest installation method.'));
+
+    let installWinget;
+    try {
+      ({ installWinget } = await inquirer.prompt([{
+        type: 'confirm',
+        name: 'installWinget',
+        message: 'Would you like to install winget (App Installer) from Microsoft Store?',
+        default: true,
+      }]));
+    } catch { /* user cancelled */ }
+
+    if (installWinget) {
+      console.log(chalk.cyan('\n Opening Microsoft Store to install App Installer...'));
+      console.log(chalk.gray(' Please complete the installation, then run this command again.\n'));
+
+      // Try to open Microsoft Store
+      const storeOpened = await run(
+        'Start-Process "ms-windows-store://pdp/?ProductId=9NBLGGH4NNS1"',
+        { timeout: 10000 }
+      ).catch(() => ({ success: false }));
+
+      if (storeOpened.success) {
+        console.log(chalk.green(' Microsoft Store opened successfully.'));
+        console.log(chalk.gray(' After installing App Installer, winget will be available.\n'));
+      } else {
+        console.log(chalk.yellow(' Could not open Microsoft Store directly.'));
+        console.log(chalk.gray(' Please manually install "App Installer" from:'));
+        console.log(chalk.cyan(' https://apps.microsoft.com/store/detail/app-installer/9NBLGGH4NNS1\n'));
+      }
+
+      // Optional: try direct download of App Installer
+      let tryDownload;
+      try {
+        ({ tryDownload } = await inquirer.prompt([{
+          type: 'confirm',
+          name: 'tryDownload',
+          message: 'Would you like to try downloading App Installer directly?',
+          default: false,
+        }]));
+      } catch { tryDownload = false; }
+
+      if (tryDownload) {
+        const appInstallerUrl = 'https://aka.ms/getwinget';
+        const appInstallerDest = '$env:TEMP\\AppInstaller.msixbundle';
+
+        console.log(chalk.gray('\n Downloading App Installer...'));
+        const downloaded = await downloadFile(appInstallerUrl, appInstallerDest);
+
+        if (downloaded) {
+          console.log(chalk.gray(' Running App Installer...'));
+          await run(`Start-Process -FilePath '${appInstallerDest}' -Wait`, { timeout: 300000 });
+
+          // Re-check for winget
+          const recheck = await run('where.exe winget 2>$null');
+          if (recheck.success && recheck.stdout.trim()) {
+            console.log(chalk.green('\n ✓ winget installed successfully!\n'));
+            wingetAvailable = true;
+          } else {
+            console.log(chalk.yellow('\n App Installer ran but winget is not yet available.'));
+            console.log(chalk.gray(' You may need to restart your terminal or sign out/in.\n'));
+          }
+        } else {
+          console.log(chalk.yellow('\n Could not download App Installer automatically.\n'));
+        }
+      }
+
+      // If still no winget, continue with other methods
+      if (!wingetAvailable) {
+        console.log(chalk.gray(' Continuing with alternative installation methods...\n'));
+      }
+    } else {
+      console.log(chalk.gray(' Skipping winget installation. Using alternative methods...\n'));
+    }
+  }
+
   // ── Method 1: winget (win-acme - has better success rate) ─────────────────────
-  if ((await run('where.exe winget 2>$null')).success) {
+  if (wingetAvailable) {
     step('Trying winget (win-acme) ...');
+    console.log(chalk.gray(' Running: winget install win-acme.win-acme\n'));
     const exitCode = await runLive(
       'winget install -e --id win-acme.win-acme --accept-package-agreements --accept-source-agreements',
       { timeout: 180000 },
@@ -382,8 +521,9 @@ async function installCertbot() {
   }
 
   // ── Method 2: winget (certbot EFF) ────────────────────────────────────────────
-  if ((await run('where.exe winget 2>$null')).success) {
+  if (wingetAvailable) {
     step('Trying winget (EFF.Certbot) ...');
+    console.log(chalk.gray(' Running: winget install EFF.Certbot\n'));
     const exitCode = await runLive(
       'winget install -e --id EFF.Certbot --accept-package-agreements --accept-source-agreements',
       { timeout: 180000 },
@@ -432,6 +572,9 @@ async function installCertbot() {
   // ── Method 7: Direct download win-acme (ZIP - smaller, no installer) ──────────
   const WINACME_DEST = 'C:\\Program Files\\win-acme';
 
+  // Test network before attempting downloads
+  await testNetworkConnectivity();
+
   step('Downloading win-acme from GitHub ...');
   const winAcmeUrls = [
     'https://github.com/win-acme/win-acme/releases/latest/download/win-acme.zip',
@@ -443,7 +586,8 @@ async function installCertbot() {
     console.log(chalk.gray(` Downloading from ${hostname} ...`));
 
     const zipDest = `$env:TEMP\\win-acme.zip`;
-    if (await downloadFile(url, zipDest)) {
+    lastDownloadError = '';
+    if (await downloadFile(url, zipDest, true)) {
       console.log(chalk.gray(' Extracting win-acme ...\n'));
       await run(`New-Item -ItemType Directory -Force -Path '${WINACME_DEST}'`);
       await run(`Expand-Archive -Path '${zipDest}' -DestinationPath '${WINACME_DEST}' -Force`);
@@ -456,6 +600,9 @@ async function installCertbot() {
       console.log(chalk.yellow(' Extraction succeeded but verification failed, trying next...\n'));
     } else {
       console.log(chalk.yellow(` Could not download from ${hostname}`));
+      if (lastDownloadError) {
+        console.log(chalk.gray(` Error: ${lastDownloadError.substring(0, 200)}\n`));
+      }
     }
   }
 
@@ -471,7 +618,8 @@ async function installCertbot() {
     const hostname = new URL(url).hostname;
     step(`Downloading certbot installer from ${hostname} ...`);
 
-    if (await downloadFile(url, INSTALLER_DEST)) {
+    lastDownloadError = '';
+    if (await downloadFile(url, INSTALLER_DEST, true)) {
       console.log(chalk.gray(' Running installer silently ...\n'));
       const ok = await runNsisInstaller(INSTALLER_DEST);
       await run(`Remove-Item -Force '${INSTALLER_DEST}' -ErrorAction SilentlyContinue`);
@@ -479,14 +627,17 @@ async function installCertbot() {
       console.log(chalk.yellow(' Installer ran but certbot not detected, trying next...\n'));
     } else {
       console.log(chalk.yellow(` Could not download from ${hostname}`));
+      if (lastDownloadError) {
+        console.log(chalk.gray(` Error: ${lastDownloadError.substring(0, 200)}\n`));
+      }
     }
   }
 
   // ── Method 9: Manual installer path ───────────────────────────────────────────
   console.log(chalk.yellow('\n All automatic methods failed.'));
   console.log(chalk.gray(' You can manually download one of these on another PC:'));
-  console.log(chalk.gray('   • certbot:  https://certbot.eff.org/instructions?ws=other&os=windows'));
-  console.log(chalk.gray('   • win-acme: https://github.com/win-acme/win-acme/releases'));
+  console.log(chalk.gray(' • certbot: https://certbot.eff.org/instructions?ws=other&os=windows'));
+  console.log(chalk.gray(' • win-acme: https://github.com/win-acme/win-acme/releases'));
   console.log(chalk.gray(' Then transfer to this server and use "Specify local installer" below.\n'));
 
   let localChoice;
@@ -495,10 +646,29 @@ async function installCertbot() {
       type: 'list',
       name: 'localChoice',
       message: 'What would you like to do?',
-      choices: ['Specify local installer path', 'Cancel'],
+      choices: [
+        'Open download page in browser',
+        'Specify local installer path',
+        'Cancel'
+      ],
     }]));
   } catch { return { success: false }; }
 
+  if (localChoice === 'Open download page in browser') {
+    console.log(chalk.cyan('\n Opening download pages in browser...'));
+    console.log(chalk.gray(' Download either win-acme.zip or certbot installer, then re-run this tool.\n'));
+
+    // Open win-acme releases
+    await run('Start-Process "https://github.com/win-acme/win-acme/releases/latest"');
+    // Also open EFF certbot page
+    await run('Start-Process "https://certbot.eff.org/instructions?ws=other&os=windows"');
+
+    console.log(chalk.green('✓ Browser opened. Download the installer, then run:'));
+    console.log(chalk.cyan('  easy-devops → SSL Manager → Install certbot → Specify local installer path\n'));
+
+    return { success: false };
+  }
+
   if (localChoice === 'Specify local installer path') {
     let localPath;
     try {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "easy-devops",
-  "version": "0.1.7",
+  "version": "0.1.9",
   "description": "A unified DevOps management tool with CLI and web dashboard for managing Nginx, SSL certificates, and Node.js on Linux and Windows servers.",
   "keywords": [
     "devops",