homebridge-config-ui-x 5.9.0 → 5.9.1-beta.1

package/dist/modules/server/server.service.js

@@ -1,10 +1,43 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
 var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
     var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
     if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
     else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
     return c > 3 && r && Object.defineProperty(target, key, r), r;
 };
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 var __metadata = (this && this.__metadata) || function (k, v) {
     if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 };
@@ -15,9 +48,11 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.ServerService = void 0;
 const node_buffer_1 = require("node:buffer");
 const node_child_process_1 = require("node:child_process");
+const node_crypto_1 = require("node:crypto");
 const node_path_1 = require("node:path");
 const node_process_1 = __importDefault(require("node:process"));
 const node_stream_1 = require("node:stream");
+const node_tls_1 = require("node:tls");
 const node_util_1 = require("node:util");
 const hap_types_1 = require("@homebridge/hap-client/dist/hap-types");
 const common_1 = require("@nestjs/common");
@@ -28,6 +63,7 @@ const tcp_port_used_1 = require("tcp-port-used");
 const config_service_1 = require("../../core/config/config.service");
 const homebridge_ipc_service_1 = require("../../core/homebridge-ipc/homebridge-ipc.service");
 const logger_service_1 = require("../../core/logger/logger.service");
+const ssl_cert_generator_service_1 = require("../../core/ssl/ssl-cert-generator.service");
 const accessories_service_1 = require("../accessories/accessories.service");
 const config_editor_service_1 = require("../config-editor/config-editor.service");
 const pump = (0, node_util_1.promisify)(node_stream_1.pipeline);
@@ -44,25 +80,37 @@ let ServerService = class ServerService {
         this.accessoryId = this.configService.homebridgeConfig.bridge.username.split(':').join('');
         this.accessoryInfoPath = (0, node_path_1.join)(this.configService.storagePath, 'persist', `AccessoryInfo.${this.accessoryId}.json`);
     }
-    async deleteSingleDeviceAccessories(id, cachedAccessoriesDir) {
-        const cachedAccessories = (0, node_path_1.join)(cachedAccessoriesDir, `cachedAccessories.${id}`);
-        const cachedAccessoriesBackup = (0, node_path_1.join)(cachedAccessoriesDir, `.cachedAccessories.${id}.bak`);
-        if (await (0, fs_extra_1.pathExists)(cachedAccessories)) {
-            await (0, fs_extra_1.unlink)(cachedAccessories);
-            this.logger.warn(`Bridge ${id} accessory removal: removed ${cachedAccessories}.`);
+    async deleteSingleDeviceAccessories(id, cachedAccessoriesDir, protocol = 'both') {
+        if (protocol === 'hap' || protocol === 'both') {
+            const cachedAccessories = (0, node_path_1.join)(cachedAccessoriesDir, `cachedAccessories.${id}`);
+            const cachedAccessoriesBackup = (0, node_path_1.join)(cachedAccessoriesDir, `.cachedAccessories.${id}.bak`);
+            if (await (0, fs_extra_1.pathExists)(cachedAccessories)) {
+                await (0, fs_extra_1.unlink)(cachedAccessories);
+                this.logger.warn(`Bridge ${id} HAP accessory removal: removed ${cachedAccessories}.`);
+            }
+            if (await (0, fs_extra_1.pathExists)(cachedAccessoriesBackup)) {
+                await (0, fs_extra_1.unlink)(cachedAccessoriesBackup);
+                this.logger.warn(`Bridge ${id} HAP accessory removal: removed ${cachedAccessoriesBackup}.`);
+            }
         }
-        if (await (0, fs_extra_1.pathExists)(cachedAccessoriesBackup)) {
-            await (0, fs_extra_1.unlink)(cachedAccessoriesBackup);
-            this.logger.warn(`Bridge ${id} accessory removal: removed ${cachedAccessoriesBackup}.`);
+        if (protocol === 'matter' || protocol === 'both') {
+            const deviceId = id.split(':').join('').toUpperCase();
+            const matterPath = (0, node_path_1.join)(this.configService.storagePath, 'matter', deviceId);
+            if (await (0, fs_extra_1.pathExists)(matterPath)) {
+                await (0, fs_extra_1.remove)(matterPath);
+                this.logger.warn(`Bridge ${id} Matter accessory removal: removed Matter bridge storage at ${matterPath}.`);
+            }
         }
     }
     async deleteSingleDevicePairing(id, resetPairingInfo) {
         const persistPath = (0, node_path_1.join)(this.configService.storagePath, 'persist');
         const accessoryInfo = (0, node_path_1.join)(persistPath, `AccessoryInfo.${id}.json`);
         const identifierCache = (0, node_path_1.join)(persistPath, `IdentifierCache.${id}.json`);
+        const deviceId = id.includes(':') ? id.split(':').join('').toUpperCase() : id.toUpperCase();
+        const matterPath = (0, node_path_1.join)(this.configService.storagePath, 'matter', deviceId);
         try {
             const configFile = await this.configEditorService.getConfigFile();
-            const username = id.match(/.{1,2}/g).join(':').toUpperCase();
+            const username = id.includes(':') ? id.toUpperCase() : id.match(/.{1,2}/g)?.join(':').toUpperCase() || id.toUpperCase();
             const uiConfig = configFile.platforms.find(x => x.platform === 'config');
             let blacklistChanged = false;
             if (uiConfig.accessoryControl?.instanceBlacklist?.includes(username)) {
@@ -112,6 +160,10 @@ let ServerService = class ServerService {
             await (0, fs_extra_1.unlink)(identifierCache);
             this.logger.warn(`Bridge ${id} reset: removed ${identifierCache}.`);
         }
+        if (await (0, fs_extra_1.pathExists)(matterPath)) {
+            await (0, fs_extra_1.remove)(matterPath);
+            this.logger.warn(`Bridge ${id} reset: removed Matter bridge storage at ${matterPath}.`);
+        }
         await this.deleteDeviceAccessories(id);
     }
     async restartServer() {
@@ -155,6 +207,12 @@ let ServerService = class ServerService {
         await this.configEditorService.updateConfigFile(configFile);
         await (0, fs_extra_1.remove)((0, node_path_1.resolve)(this.configService.storagePath, 'accessories'));
         await (0, fs_extra_1.remove)((0, node_path_1.resolve)(this.configService.storagePath, 'persist'));
+        const deviceId = oldUsername.split(':').join('').toUpperCase();
+        const matterPath = (0, node_path_1.join)(this.configService.storagePath, 'matter', deviceId);
+        if (await (0, fs_extra_1.pathExists)(matterPath)) {
+            await (0, fs_extra_1.remove)(matterPath);
+            this.logger.warn(`Bridge ${oldUsername} reset: removed Matter bridge storage at ${matterPath}.`);
+        }
         this.logger.log('Homebridge bridge reset: accessories and persist directories were removed.');
     }
     async getDevicePairings() {
@@ -162,9 +220,68 @@ let ServerService = class ServerService {
         const devices = (await (0, fs_extra_1.readdir)(persistPath))
             .filter(x => x.match(/AccessoryInfo\.([A-Fa-f0-9]+)\.json$/));
         const configFile = await this.configEditorService.getConfigFile();
-        return Promise.all(devices.map(async (x) => {
+        const hapDevices = await Promise.all(devices.map(async (x) => {
             return await this.getDevicePairingById(x.split('.')[1], configFile);
         }));
+        const matterExternalDevices = await this.getMatterExternalAccessories(configFile, hapDevices);
+        return [...hapDevices, ...matterExternalDevices].sort((a, b) => a.name.localeCompare(b.name));
+    }
+    async getMatterExternalAccessories(configFile, hapDevices) {
+        const matterPath = (0, node_path_1.join)(this.configService.storagePath, 'matter');
+        if (!await (0, fs_extra_1.pathExists)(matterPath)) {
+            return [];
+        }
+        const matterDirs = (await (0, fs_extra_1.readdir)(matterPath))
+            .filter(x => x.match(/^[A-F0-9]{12}$/));
+        const matterExternalDevices = [];
+        for (const deviceId of matterDirs) {
+            try {
+                const hasHapAccessoryInfo = hapDevices.some(d => d._id === deviceId);
+                if (hasHapAccessoryInfo) {
+                    continue;
+                }
+                const mainBridgeId = this.configService.homebridgeConfig.bridge.username.split(':').join('').toUpperCase();
+                if (deviceId.toUpperCase() === mainBridgeId) {
+                    continue;
+                }
+                const accessoriesPath = (0, node_path_1.join)(matterPath, deviceId, 'accessories.json');
+                if (!await (0, fs_extra_1.pathExists)(accessoriesPath)) {
+                    continue;
+                }
+                const accessories = await (0, fs_extra_1.readJson)(accessoriesPath);
+                if (!Array.isArray(accessories) || accessories.length === 0) {
+                    continue;
+                }
+                const accessory = accessories[0];
+                const commissioningPath = (0, node_path_1.join)(matterPath, deviceId, 'commissioning.json');
+                let commissioned = false;
+                if (await (0, fs_extra_1.pathExists)(commissioningPath)) {
+                    const commissioningInfo = await (0, fs_extra_1.readJson)(commissioningPath);
+                    commissioned = commissioningInfo.commissioned || false;
+                }
+                const device = {
+                    _id: deviceId,
+                    _username: deviceId.match(/.{1,2}/g)?.join(':').toUpperCase() || deviceId,
+                    _main: false,
+                    _category: 'other',
+                    _matter: true,
+                    _matterOnly: true,
+                    _isPaired: commissioned,
+                    _plugin: accessory.plugin,
+                    name: accessory.displayName || 'Matter External Accessory',
+                    displayName: accessory.displayName || 'Matter External Accessory',
+                    manufacturer: accessory.manufacturer || 'Unknown',
+                    model: accessory.model || 'Unknown',
+                    serialNumber: accessory.serialNumber || deviceId,
+                    category: 1,
+                };
+                matterExternalDevices.push(device);
+            }
+            catch (e) {
+                this.logger.error(`Failed to read Matter external accessory ${deviceId}: ${e.message}`);
+            }
+        }
+        return matterExternalDevices;
     }
     async getDevicePairingById(deviceId, configFile = null) {
         const persistPath = (0, node_path_1.join)(this.configService.storagePath, 'persist');
@@ -197,6 +314,10 @@ let ServerService = class ServerService {
         device._isPaired = device.pairedClients && Object.keys(device.pairedClients).length > 0;
         device._setupCode = this.generateSetupCode(device);
         device._couldBeStale = !device._main && device._category === 'bridge' && !pluginBlock;
+        device._matter = !!(pluginBlock?._bridge?.matter);
+        if (device._matter && pluginBlock && 'accessory' in pluginBlock) {
+            this.logger.warn(`Device ${deviceId} has Matter configuration on an accessory-based plugin. Matter is only supported for platform-based plugins.`);
+        }
         delete device.signSk;
         delete device.signPk;
         delete device.configHash;
@@ -210,6 +331,44 @@ let ServerService = class ServerService {
         await this.deleteSingleDevicePairing(id, resetPairingInfo);
         return { ok: true };
     }
+    async deleteDeviceMatterConfig(id) {
+        try {
+            const configFile = await this.configEditorService.getConfigFile();
+            const username = id.includes(':') ? id.toUpperCase() : id.match(/.{1,2}/g)?.join(':').toUpperCase() || id.toUpperCase();
+            const pluginBlocks = [
+                ...(configFile.accessories || []),
+                ...(configFile.platforms || []),
+            ]
+                .filter((block) => block._bridge?.username?.toUpperCase() === username.toUpperCase());
+            const pluginBlock = pluginBlocks.find((block) => block._bridge?.matter);
+            if (!pluginBlock) {
+                this.logger.error(`Failed to find Matter configuration for child bridge ${id}.`);
+                throw new common_1.NotFoundException(`Matter configuration not found for bridge ${id}`);
+            }
+            if ('accessory' in pluginBlock) {
+                this.logger.warn(`Removing Matter configuration from accessory-based plugin block for bridge ${id}. Matter is only supported for platform-based plugins.`);
+            }
+            delete pluginBlock._bridge.matter;
+            this.logger.warn(`Bridge ${id} Matter configuration removed from config.json.`);
+            await this.configEditorService.updateConfigFile(configFile);
+        }
+        catch (e) {
+            if (e instanceof common_1.NotFoundException) {
+                throw e;
+            }
+            this.logger.error(`Failed to remove Matter configuration for child bridge ${id} as ${e.message}.`);
+            throw new common_1.InternalServerErrorException(`Failed to remove Matter configuration: ${e.message}`);
+        }
+        this.logger.warn(`Shutting down Homebridge before removing Matter storage for bridge ${id}...`);
+        await this.homebridgeIpcService.restartAndWaitForClose();
+        const deviceId = id.includes(':') ? id.split(':').join('').toUpperCase() : id.toUpperCase();
+        const matterPath = (0, node_path_1.join)(this.configService.storagePath, 'matter', deviceId);
+        if (await (0, fs_extra_1.pathExists)(matterPath)) {
+            await (0, fs_extra_1.remove)(matterPath);
+            this.logger.warn(`Bridge ${id} Matter storage removed at ${matterPath}.`);
+        }
+        return { ok: true };
+    }
     async deleteDevicesPairing(bridges) {
         this.logger.warn(`Shutting down Homebridge before resetting paired bridges ${bridges.map(x => x.id).join(', ')}...`);
         await this.homebridgeIpcService.restartAndWaitForClose();
@@ -233,9 +392,9 @@ let ServerService = class ServerService {
         this.logger.warn(`Shutting down Homebridge before removing accessories for paired bridges ${bridges.map(x => x.id).join(', ')}...`);
         await this.homebridgeIpcService.restartAndWaitForClose();
         const cachedAccessoriesDir = (0, node_path_1.join)(this.configService.storagePath, 'accessories');
-        for (const { id } of bridges) {
+        for (const { id, protocol } of bridges) {
             try {
-                await this.deleteSingleDeviceAccessories(id, cachedAccessoriesDir);
+                await this.deleteSingleDeviceAccessories(id, cachedAccessoriesDir, protocol || 'both');
             }
             catch (e) {
                 this.logger.error(`Failed to remove accessories for bridge ${id} as ${e.message}.`);
@@ -316,13 +475,19 @@ let ServerService = class ServerService {
         await this.homebridgeIpcService.restartAndWaitForClose();
         this.logger.warn('Shutting down Homebridge before removing cached accessories');
         try {
-            this.logger.log('Clearing all cached accessories...');
+            this.logger.log('Clearing all HAP cached accessories...');
             for (const thisCachedAccessoriesPath of cachedAccessoryPaths) {
                 if (await (0, fs_extra_1.pathExists)(thisCachedAccessoriesPath)) {
                     await (0, fs_extra_1.unlink)(thisCachedAccessoriesPath);
                     this.logger.warn(`Removed ${thisCachedAccessoriesPath}.`);
                 }
             }
+            const matterDir = (0, node_path_1.join)(this.configService.storagePath, 'matter');
+            if (await (0, fs_extra_1.pathExists)(matterDir)) {
+                this.logger.log('Clearing all Matter cached accessories...');
+                await (0, fs_extra_1.remove)(matterDir);
+                this.logger.warn(`Removed Matter storage directory at ${matterDir}.`);
+            }
         }
         catch (e) {
             this.logger.error(`Failed to clear all cached accessories at ${cachedAccessoriesPath} as ${e.message}.`);
@@ -331,6 +496,96 @@ let ServerService = class ServerService {
         }
         return { ok: true };
     }
+    async getMatterAccessories() {
+        const matterDir = (0, node_path_1.join)(this.configService.storagePath, 'matter');
+        if (!await (0, fs_extra_1.pathExists)(matterDir)) {
+            return [];
+        }
+        const matterBridges = (await (0, fs_extra_1.readdir)(matterDir))
+            .filter(x => x.match(/^[A-F0-9]+$/));
+        const matterAccessories = [];
+        await Promise.all(matterBridges.map(async (deviceId) => {
+            try {
+                const accessoriesPath = (0, node_path_1.join)(matterDir, deviceId, 'accessories.json');
+                if (await (0, fs_extra_1.pathExists)(accessoriesPath)) {
+                    const accessories = await (0, fs_extra_1.readJson)(accessoriesPath);
+                    if (Array.isArray(accessories)) {
+                        for (const accessory of accessories) {
+                            accessory.$deviceId = deviceId;
+                            accessory.$protocol = 'matter';
+                            matterAccessories.push(accessory);
+                        }
+                    }
+                }
+            }
+            catch (e) {
+                this.logger.error(`Failed to read Matter accessories for bridge ${deviceId}: ${e.message}`);
+            }
+        }));
+        return matterAccessories;
+    }
+    async deleteMatterAccessory(deviceId, uuid) {
+        const matterAccessoriesPath = (0, node_path_1.join)(this.configService.storagePath, 'matter', deviceId, 'accessories.json');
+        if (!await (0, fs_extra_1.pathExists)(matterAccessoriesPath)) {
+            this.logger.error(`Matter accessories file not found for bridge ${deviceId}`);
+            throw new common_1.NotFoundException();
+        }
+        this.logger.warn(`Shutting down Homebridge before removing Matter accessory ${uuid} from bridge ${deviceId}...`);
+        await this.homebridgeIpcService.restartAndWaitForClose();
+        const matterAccessories = await (0, fs_extra_1.readJson)(matterAccessoriesPath);
+        const accessoryIndex = matterAccessories.findIndex(x => x.uuid === uuid);
+        if (accessoryIndex > -1) {
+            matterAccessories.splice(accessoryIndex, 1);
+            await (0, fs_extra_1.writeJson)(matterAccessoriesPath, matterAccessories, { spaces: 2 });
+            this.logger.warn(`Removed Matter accessory with UUID ${uuid} from bridge ${deviceId}.`);
+        }
+        else {
+            this.logger.error(`Cannot find Matter accessory with UUID ${uuid} in bridge ${deviceId}.`);
+            throw new common_1.NotFoundException();
+        }
+        return { ok: true };
+    }
+    async deleteMatterAccessories(accessories) {
+        this.logger.warn(`Shutting down Homebridge before removing Matter accessories ${accessories.map(x => x.uuid).join(', ')}.`);
+        await this.homebridgeIpcService.restartAndWaitForClose();
+        const accessoriesByBridge = new Map();
+        for (const { deviceId, uuid } of accessories) {
+            if (!accessoriesByBridge.has(deviceId)) {
+                accessoriesByBridge.set(deviceId, []);
+            }
+            accessoriesByBridge.get(deviceId).push({ uuid });
+        }
+        for (const [deviceId, bridgeAccessories] of accessoriesByBridge.entries()) {
+            const matterAccessoriesPath = (0, node_path_1.join)(this.configService.storagePath, 'matter', deviceId, 'accessories.json');
+            try {
+                if (!await (0, fs_extra_1.pathExists)(matterAccessoriesPath)) {
+                    this.logger.error(`Matter accessories file not found for bridge ${deviceId}`);
+                    continue;
+                }
+                const matterAccessories = await (0, fs_extra_1.readJson)(matterAccessoriesPath);
+                for (const { uuid } of bridgeAccessories) {
+                    try {
+                        const accessoryIndex = matterAccessories.findIndex(x => x.uuid === uuid);
+                        if (accessoryIndex > -1) {
+                            matterAccessories.splice(accessoryIndex, 1);
+                            this.logger.warn(`Removed Matter accessory with UUID ${uuid} from bridge ${deviceId}.`);
+                        }
+                        else {
+                            this.logger.error(`Cannot find Matter accessory with UUID ${uuid} in bridge ${deviceId}.`);
+                        }
+                    }
+                    catch (e) {
+                        this.logger.error(`Failed to remove Matter accessory with UUID ${uuid} from bridge ${deviceId} as ${e.message}.`);
+                    }
+                }
+                await (0, fs_extra_1.writeJson)(matterAccessoriesPath, matterAccessories, { spaces: 2 });
+            }
+            catch (e) {
+                this.logger.error(`Failed to process Matter accessories for bridge ${deviceId} as ${e.message}.`);
+            }
+        }
+        return { ok: true };
+    }
     async getSetupCode() {
         if (this.setupCode) {
             return this.setupCode;
@@ -435,6 +690,30 @@ let ServerService = class ServerService {
         }
         return { port };
     }
+    async lookupUnusedMatterPort() {
+        const min = 5530;
+        const max = 5541;
+        const config = await this.configEditorService.getConfigFile();
+        const usedMatterPorts = new Set();
+        if (config.bridge?.matter?.port) {
+            usedMatterPorts.add(config.bridge.matter.port);
+        }
+        for (const block of [...(config.accessories || []), ...(config.platforms || [])]) {
+            if (block._bridge?.matter?.port) {
+                if ('accessory' in block) {
+                    this.logger.warn(`Found Matter configuration on accessory-based plugin block, skipping port ${block._bridge.matter.port}`);
+                    continue;
+                }
+                usedMatterPorts.add(block._bridge.matter.port);
+            }
+        }
+        for (let port = min; port <= max; port += 1) {
+            if (!usedMatterPorts.has(port) && !await (0, tcp_port_used_1.check)(port)) {
+                return { port };
+            }
+        }
+        throw new common_1.InternalServerErrorException('No available ports in the Matter port range (5530-5541)');
+    }
     async getHomebridgePort() {
         const config = await this.configEditorService.getConfigFile();
         return { port: config.bridge.port };
@@ -555,7 +834,7 @@ let ServerService = class ServerService {
     async nodeVersionChanged() {
         return new Promise((res) => {
             let result = false;
-            const child = (0, node_child_process_1.spawn)(node_process_1.default.execPath, ['-v'], { shell: true });
+            const child = (0, node_child_process_1.spawn)(node_process_1.default.execPath, ['-v']);
             child.stdout.once('data', (data) => {
                 result = data.toString().trim() !== node_process_1.default.version;
             });
@@ -567,6 +846,248 @@ let ServerService = class ServerService {
             });
         });
     }
+    async uploadSslKeyCert(req) {
+        const parts = req.parts ? req.parts() : null;
+        const files = [];
+        if (parts) {
+            for await (const part of parts) {
+                if (part.file) {
+                    files.push(part);
+                }
+            }
+        }
+        else {
+            const single = await req.file();
+            if (single?.file) {
+                files.push(single);
+            }
+        }
+        if (!files.length) {
+            throw new common_1.BadRequestException('No files uploaded. Please upload both the private key and certificate files.');
+        }
+        const readStreamToBuffer = async (stream) => {
+            const chunks = [];
+            await new Promise((resolvePromise, rejectPromise) => {
+                stream.on('data', (d) => chunks.push(node_buffer_1.Buffer.isBuffer(d) ? d : node_buffer_1.Buffer.from(d)));
+                stream.on('end', () => resolvePromise());
+                stream.on('error', rejectPromise);
+            });
+            return node_buffer_1.Buffer.concat(chunks);
+        };
+        let keyPem = null;
+        let certPem = null;
+        for (const f of files) {
+            if (f.file?.truncated) {
+                throw new common_1.InternalServerErrorException(`Upload exceeds maximum size ${globalThis.backup.maxBackupSizeText}.`);
+            }
+            const buf = await readStreamToBuffer(f.file);
+            const text = buf.toString('utf8');
+            if (/-----BEGIN (?:RSA |EC )?PRIVATE KEY-----/.test(text)) {
+                keyPem = buf;
+            }
+            else if (/-----BEGIN CERTIFICATE-----/.test(text)) {
+                certPem = buf;
+            }
+            else if (f.fieldname === 'key') {
+                keyPem = buf;
+            }
+            else if (f.fieldname === 'cert') {
+                certPem = buf;
+            }
+        }
+        if (!keyPem || !certPem) {
+            throw new common_1.BadRequestException('Both a PEM private key and certificate must be provided.');
+        }
+        try {
+            const x509 = new node_crypto_1.X509Certificate(certPem);
+            const certPub = x509.publicKey.export({ type: 'spki', format: 'der' });
+            const priv = (0, node_crypto_1.createPrivateKey)({ key: keyPem });
+            const pubFromPriv = (0, node_crypto_1.createPublicKey)(priv).export({ type: 'spki', format: 'der' });
+            if (!certPub.equals(pubFromPriv)) {
+                throw new common_1.BadRequestException('The private key does not match the certificate public key.');
+            }
+            (0, node_tls_1.createSecureContext)({ key: keyPem, cert: certPem });
+        }
+        catch (e) {
+            if (e instanceof common_1.BadRequestException) {
+                throw e;
+            }
+            throw new common_1.BadRequestException(`Invalid key/certificate: ${e?.message || e}`);
+        }
+        const sslDir = (0, node_path_1.join)(this.configService.storagePath, 'ssl-certs');
+        const keyPath = (0, node_path_1.join)(sslDir, 'ui-ssl.key');
+        const certPath = (0, node_path_1.join)(sslDir, 'ui-ssl.crt');
+        const { ensureDir, writeFile } = await Promise.resolve().then(() => __importStar(require('fs-extra')));
+        await ensureDir(sslDir);
+        await writeFile(keyPath, keyPem);
+        await writeFile(certPath, certPem);
+        const configFile = await this.configEditorService.getConfigFile();
+        const uiConfigBlock = configFile.platforms.find((x) => x.platform === 'config');
+        if (!uiConfigBlock) {
+            throw new common_1.InternalServerErrorException('Config platform block not found.');
+        }
+        if (!uiConfigBlock.ssl) {
+            uiConfigBlock.ssl = {};
+        }
+        uiConfigBlock.ssl.key = keyPath;
+        uiConfigBlock.ssl.cert = certPath;
+        delete uiConfigBlock.ssl.pfx;
+        delete uiConfigBlock.ssl.passphrase;
+        uiConfigBlock.ssl.selfSigned = false;
+        await this.configEditorService.updateConfigFile(configFile);
+        return {
+            ok: true,
+            type: 'keycert',
+            keyPath,
+            certPath,
+            details: 'Certificate and key validated and saved.',
+        };
+    }
+    async uploadSslPfx(req) {
+        let passphrase;
+        let filePart;
+        if (req.parts) {
+            for await (const part of req.parts()) {
+                if (part.type === 'file' || part.file) {
+                    filePart = part;
+                }
+                else if (part.type === 'field' || part.value) {
+                    if (part.fieldname === 'passphrase') {
+                        passphrase = part.value;
+                    }
+                }
+            }
+        }
+        else {
+            filePart = await req.file();
+            passphrase = req.body?.passphrase;
+        }
+        if (!filePart) {
+            throw new common_1.BadRequestException('No PFX file uploaded.');
+        }
+        if (filePart.file?.truncated) {
+            throw new common_1.InternalServerErrorException(`Upload exceeds maximum size ${globalThis.backup.maxBackupSizeText}.`);
+        }
+        const readStreamToBuffer = async (stream) => {
+            const chunks = [];
+            await new Promise((resolvePromise, rejectPromise) => {
+                stream.on('data', (d) => chunks.push(node_buffer_1.Buffer.isBuffer(d) ? d : node_buffer_1.Buffer.from(d)));
+                stream.on('end', () => resolvePromise());
+                stream.on('error', rejectPromise);
+            });
+            return node_buffer_1.Buffer.concat(chunks);
+        };
+        const pfxBuffer = await readStreamToBuffer(filePart.file);
+        try {
+            (0, node_tls_1.createSecureContext)({ pfx: pfxBuffer, passphrase });
+        }
+        catch (e) {
+            throw new common_1.BadRequestException(`Invalid PFX or passphrase: ${e?.message || e}`);
+        }
+        const sslDir = (0, node_path_1.join)(this.configService.storagePath, 'ssl-certs');
+        const pfxPath = (0, node_path_1.join)(sslDir, 'ui-ssl.pfx');
+        const { ensureDir, writeFile } = await Promise.resolve().then(() => __importStar(require('fs-extra')));
+        await ensureDir(sslDir);
+        await writeFile(pfxPath, pfxBuffer);
+        const configFile = await this.configEditorService.getConfigFile();
+        const uiConfigBlock = configFile.platforms.find((x) => x.platform === 'config');
+        if (!uiConfigBlock) {
+            throw new common_1.InternalServerErrorException('Config platform block not found.');
+        }
+        if (!uiConfigBlock.ssl) {
+            uiConfigBlock.ssl = {};
+        }
+        uiConfigBlock.ssl.pfx = pfxPath;
+        uiConfigBlock.ssl.passphrase = passphrase || '';
+        delete uiConfigBlock.ssl.key;
+        delete uiConfigBlock.ssl.cert;
+        uiConfigBlock.ssl.selfSigned = false;
+        await this.configEditorService.updateConfigFile(configFile);
+        return {
+            ok: true,
+            type: 'pfx',
+            pfxPath,
+            details: 'PFX validated and saved.',
+        };
+    }
+    async validateCurrentSslConfig() {
+        const configFile = await this.configEditorService.getConfigFile();
+        const uiConfigBlock = configFile.platforms.find((x) => x.platform === 'config');
+        const ssl = uiConfigBlock?.ssl || {};
+        if (!ssl || (!ssl.selfSigned && !ssl.key && !ssl.cert && !ssl.pfx)) {
+            return { ok: true, valid: true, type: 'off', details: 'HTTPS is disabled.' };
+        }
+        if (ssl.selfSigned) {
+            return { ok: true, valid: true, type: 'selfsigned', details: 'Self-signed mode enabled.' };
+        }
+        try {
+            if (ssl.key && ssl.cert) {
+                const { readFile } = await Promise.resolve().then(() => __importStar(require('fs-extra')));
+                const keyPem = await readFile(ssl.key);
+                const certPem = await readFile(ssl.cert);
+                const x509 = new node_crypto_1.X509Certificate(certPem);
+                const certPub = x509.publicKey.export({ type: 'spki', format: 'der' });
+                const priv = (0, node_crypto_1.createPrivateKey)({ key: keyPem });
+                const pubFromPriv = (0, node_crypto_1.createPublicKey)(priv).export({ type: 'spki', format: 'der' });
+                if (!certPub.equals(pubFromPriv)) {
+                    return { ok: true, valid: false, type: 'keycert', details: 'Private key does not match certificate.' };
+                }
+                (0, node_tls_1.createSecureContext)({ key: keyPem, cert: certPem });
+                return { ok: true, valid: true, type: 'keycert', details: 'Key and certificate are valid and match.' };
+            }
+            if (ssl.pfx) {
+                const { readFile } = await Promise.resolve().then(() => __importStar(require('fs-extra')));
+                const pfx = await readFile(ssl.pfx);
+                (0, node_tls_1.createSecureContext)({ pfx, passphrase: ssl.passphrase });
+                return { ok: true, valid: true, type: 'pfx', details: 'PFX file and passphrase are valid.' };
+            }
+        }
+        catch (e) {
+            return { ok: true, valid: false, type: ssl.pfx ? 'pfx' : 'keycert', details: e?.message || String(e) };
+        }
+        return { ok: true, valid: false, type: 'off', details: 'No SSL configuration found.' };
+    }
+    async generateSelfSignedCertificate(options = {}) {
+        const hostnames = Array.isArray(options.hostnames) && options.hostnames.length
+            ? options.hostnames.map(h => String(h).trim()).filter(Boolean)
+            : ['localhost', '127.0.0.1'];
+        const mode = options.mode || 'keycert';
+        const generator = new ssl_cert_generator_service_1.SslCertGeneratorService();
+        await generator.generateCertificate(hostnames);
+        const sslDir = (0, node_path_1.join)(this.configService.storagePath, 'ssl-certs');
+        const keyPath = (0, node_path_1.join)(sslDir, 'private-key.pem');
+        const certPath = (0, node_path_1.join)(sslDir, 'certificate.pem');
+        const configFile = await this.configEditorService.getConfigFile();
+        const uiConfigBlock = configFile.platforms.find((x) => x.platform === 'config');
+        if (!uiConfigBlock.ssl) {
+            uiConfigBlock.ssl = {};
+        }
+        if (mode === 'keycert') {
+            uiConfigBlock.ssl.key = keyPath;
+            uiConfigBlock.ssl.cert = certPath;
+            delete uiConfigBlock.ssl.pfx;
+            delete uiConfigBlock.ssl.passphrase;
+            uiConfigBlock.ssl.selfSigned = false;
+            uiConfigBlock.ssl.selfSignedHostnames = hostnames;
+        }
+        else {
+            delete uiConfigBlock.ssl.key;
+            delete uiConfigBlock.ssl.cert;
+            delete uiConfigBlock.ssl.pfx;
+            delete uiConfigBlock.ssl.passphrase;
+            uiConfigBlock.ssl.selfSigned = true;
+            uiConfigBlock.ssl.selfSignedHostnames = hostnames;
+        }
+        await this.configEditorService.updateConfigFile(configFile);
+        return {
+            ok: true,
+            type: 'generated',
+            mode,
+            keyPath: mode === 'keycert' ? keyPath : undefined,
+            certPath: mode === 'keycert' ? certPath : undefined,
+            details: `Self-signed certificate generated for ${hostnames.join(', ')}`,
+        };
+    }
 };
 exports.ServerService = ServerService;
 exports.ServerService = ServerService = __decorate([