hostfn 0.1.0

package/packages/cli/src/core/lock.ts

@@ -0,0 +1,108 @@
+import { SSHConnection } from './ssh.js';
+import { Logger } from '../utils/logger.js';
+
+export interface DeploymentLock {
+  pid: number;
+  user: string;
+  timestamp: number;
+  hostname: string;
+}
+
+/**
+ * Deployment lock manager to prevent concurrent deployments
+ */
+export class LockManager {
+  private ssh: SSHConnection;
+  private lockFile: string;
+
+  constructor(ssh: SSHConnection, remoteDir: string) {
+    this.ssh = ssh;
+    this.lockFile = `${remoteDir}/.hostfn-deploy.lock`;
+  }
+
+  /**
+   * Acquire deployment lock
+   */
+  async acquire(timeout: number = 300): Promise<boolean> {
+    // Check if lock exists
+    const exists = await this.ssh.exists(this.lockFile);
+
+    if (exists) {
+      // Read lock info
+      const result = await this.ssh.exec(`cat ${this.lockFile}`);
+      
+      try {
+        const lock: DeploymentLock = JSON.parse(result.stdout);
+        const age = Date.now() - lock.timestamp;
+
+        // Check if lock is stale (older than timeout)
+        if (age > timeout * 1000) {
+          Logger.warn('Found stale lock file, removing...');
+          await this.release();
+        } else {
+          const ageMinutes = Math.round(age / 1000 / 60);
+          Logger.error('Deployment is already in progress');
+          Logger.info(`Started by: ${lock.user}`);
+          Logger.info(`Started at: ${new Date(lock.timestamp).toLocaleString()}`);
+          Logger.info(`Age: ${ageMinutes} minute(s)`);
+          Logger.br();
+          Logger.warn('Wait for the current deployment to finish or:');
+          Logger.log('  1. Wait for lock to expire (5 minutes)');
+          Logger.log('  2. Manually remove: ssh <host> rm ' + this.lockFile);
+          return false;
+        }
+      } catch {
+        // Invalid lock file, remove it
+        await this.release();
+      }
+    }
+
+    // Create lock
+    const lock: DeploymentLock = {
+      pid: process.pid,
+      user: process.env.USER || 'unknown',
+      timestamp: Date.now(),
+      hostname: process.env.HOSTNAME || 'unknown',
+    };
+
+    await this.ssh.exec(`cat > ${this.lockFile} << 'LOCKEOF'
+${JSON.stringify(lock, null, 2)}
+LOCKEOF`);
+
+    return true;
+  }
+
+  /**
+   * Release deployment lock
+   */
+  async release(): Promise<void> {
+    await this.ssh.exec(`rm -f ${this.lockFile}`).catch(() => {
+      // Ignore errors on cleanup
+    });
+  }
+
+  /**
+   * Check if deployment is locked
+   */
+  async isLocked(): Promise<boolean> {
+    const exists = await this.ssh.exists(this.lockFile);
+    
+    if (!exists) {
+      return false;
+    }
+
+    // Check if lock is stale
+    const result = await this.ssh.exec(`cat ${this.lockFile}`);
+    
+    try {
+      const lock: DeploymentLock = JSON.parse(result.stdout);
+      const age = Date.now() - lock.timestamp;
+      
+      // Lock is stale if older than 5 minutes
+      return age < 300 * 1000;
+    } catch {
+      // Invalid lock file = not locked
+      return false;
+    }
+  }
+}

package/packages/cli/src/core/nginx.ts

@@ -0,0 +1,170 @@
+import type { HostfnConfig, ServiceConfig } from '../config/schema.js';
+
+export interface NginxServiceConfig {
+  name: string;
+  port: number;
+  exposePath?: string;
+  isDefault?: boolean;
+}
+
+export interface NginxConfig {
+  domain?: string | string[];
+  ssl: boolean;
+  services: NginxServiceConfig[];
+  environment: string;
+}
+
+export class NginxConfigGenerator {
+  /**
+   * Generate nginx configuration for services
+   */
+  static generate(config: NginxConfig): string {
+    const { domain, ssl, services, environment } = config;
+    // Handle both single domain string and array of domains
+    const domains = domain ? (Array.isArray(domain) ? domain : [domain]) : [];
+    const serverName = domains.length > 0 ? domains.join(' ') : '_';
+    
+    // Separate default and path-based services
+    const defaultService = services.find(s => s.isDefault);
+    const pathServices = services.filter(s => !s.isDefault && s.exposePath);
+    
+    let nginxConfig = '';
+
+    if (ssl) {
+      // HTTPS server block
+      nginxConfig += this.generateHttpsBlock(serverName, defaultService, pathServices);
+      nginxConfig += '\n\n';
+      // HTTP redirect block
+      nginxConfig += this.generateHttpRedirectBlock(serverName);
+    } else {
+      // HTTP only server block
+      nginxConfig += this.generateHttpBlock(serverName, defaultService, pathServices);
+    }
+
+    return nginxConfig;
+  }
+
+  /**
+   * Generate HTTPS server block
+   */
+  private static generateHttpsBlock(
+    serverName: string,
+    defaultService: NginxServiceConfig | undefined,
+    pathServices: NginxServiceConfig[]
+  ): string {
+    // Extract primary domain for certificate path (first domain in the list)
+    const primaryDomain = serverName.split(' ')[0];
+    let config = `server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name ${serverName};
+
+    ssl_certificate /etc/letsencrypt/live/${primaryDomain}/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/${primaryDomain}/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+`;
+
+    // Add path-based services first (higher priority)
+    for (const service of pathServices) {
+      config += this.generateLocationBlock(service);
+    }
+
+    // Add default service
+    if (defaultService) {
+      config += this.generateLocationBlock(defaultService);
+    }
+
+    config += '}\n';
+    return config;
+  }
+
+  /**
+   * Generate HTTP server block
+   */
+  private static generateHttpBlock(
+    serverName: string,
+    defaultService: NginxServiceConfig | undefined,
+    pathServices: NginxServiceConfig[]
+  ): string {
+    let config = `server {
+    listen 80;
+    listen [::]:80;
+    server_name ${serverName};
+`;
+
+    // Add path-based services first (higher priority)
+    for (const service of pathServices) {
+      config += this.generateLocationBlock(service);
+    }
+
+    // Add default service
+    if (defaultService) {
+      config += this.generateLocationBlock(defaultService);
+    }
+
+    config += '}\n';
+    return config;
+  }
+
+  /**
+   * Generate HTTP to HTTPS redirect block
+   */
+  private static generateHttpRedirectBlock(serverName: string): string {
+    return `server {
+    listen 80;
+    listen [::]:80;
+    server_name ${serverName};
+    
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}`;
+  }
+
+  /**
+   * Generate location block for a service
+   */
+  private static generateLocationBlock(service: NginxServiceConfig): string {
+    const path = service.exposePath || '/';
+    const hasTrailingSlash = path !== '/' && path.endsWith('/');
+    const proxyPassPath = hasTrailingSlash ? '/' : '';
+
+    return `
+    # ${service.name}
+    location ${path} {
+        proxy_pass http://localhost:${service.port}${proxyPassPath};
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_cache_bypass $http_upgrade;
+        proxy_read_timeout 60s;
+        proxy_connect_timeout 60s;
+    }
+`;
+  }
+
+  /**
+   * Get nginx config file path based on the system
+   */
+  static getConfigPath(environment: string, useSitesAvailable: boolean): string {
+    if (useSitesAvailable) {
+      return `/etc/nginx/sites-available/hostfn-${environment}`;
+    }
+    return `/etc/nginx/conf.d/hostfn-${environment}.conf`;
+  }
+
+  /**
+   * Get command to enable site (for sites-available/sites-enabled systems)
+   */
+  static getEnableCommand(environment: string, useSitesAvailable: boolean): string | null {
+    if (useSitesAvailable) {
+      return `ln -sf /etc/nginx/sites-available/hostfn-${environment} /etc/nginx/sites-enabled/hostfn-${environment}`;
+    }
+    return null;
+  }
+}

package/packages/cli/src/core/ssh.ts

@@ -0,0 +1,335 @@
+import { Client, ConnectConfig } from 'ssh2';
+import { readFileSync } from 'fs';
+import { homedir } from 'os';
+import { resolve } from 'path';
+import { Logger } from '../utils/logger.js';
+
+export interface SSHConnectionOptions {
+  host: string;
+  port?: number;
+  username: string;
+  password?: string;
+  privateKeyPath?: string;
+  passphrase?: string;
+}
+
+export interface SSHCommandResult {
+  stdout: string;
+  stderr: string;
+  exitCode: number;
+}
+
+/**
+ * SSH Connection Manager
+ */
+export class SSHConnection {
+  private client: Client;
+  private config: ConnectConfig;
+  private connected: boolean = false;
+
+  constructor(options: SSHConnectionOptions) {
+    this.client = new Client();
+    
+    // Build SSH config
+    this.config = {
+      host: options.host,
+      port: options.port || 22,
+      username: options.username,
+    };
+
+    // Add authentication method
+    if (options.password) {
+      this.config.password = options.password;
+    } else if (process.env.HOSTFN_SSH_KEY) {
+      // CI/CD mode: Load key from environment variable
+      try {
+        this.config.privateKey = Buffer.from(
+          process.env.HOSTFN_SSH_KEY,
+          'base64'
+        );
+        if (options.passphrase || process.env.HOSTFN_SSH_PASSPHRASE) {
+          this.config.passphrase = options.passphrase || process.env.HOSTFN_SSH_PASSPHRASE;
+        }
+      } catch (error) {
+        throw new Error(
+          `Failed to decode HOSTFN_SSH_KEY from environment variable\n` +
+          `Make sure it's base64 encoded: cat ~/.ssh/id_rsa | base64`
+        );
+      }
+    } else {
+      // Enable SSH agent for passphrase-protected keys
+      if (process.env.SSH_AUTH_SOCK) {
+        this.config.agent = process.env.SSH_AUTH_SOCK;
+      }
+      
+      // Try to load private key from file
+      const keyPath = options.privateKeyPath || this.getDefaultKeyPath();
+      try {
+        this.config.privateKey = readFileSync(keyPath);
+        if (options.passphrase) {
+          this.config.passphrase = options.passphrase;
+        }
+      } catch (error) {
+        throw new Error(
+          `Failed to load SSH key from ${keyPath}\n` +
+          `Make sure the file exists or set HOSTFN_SSH_KEY environment variable\n` +
+          `For CI/CD: export HOSTFN_SSH_KEY=$(cat ~/.ssh/id_rsa | base64)`
+        );
+      }
+    }
+  }
+
+  /**
+   * Get default SSH key path (~/.ssh/id_rsa)
+   */
+  private getDefaultKeyPath(): string {
+    const sshDir = resolve(homedir(), '.ssh');
+    // Try common key names
+    const keyNames = ['id_rsa', 'id_ed25519', 'id_ecdsa'];
+    
+    for (const keyName of keyNames) {
+      const keyPath = resolve(sshDir, keyName);
+      try {
+        readFileSync(keyPath);
+        return keyPath;
+      } catch {
+        continue;
+      }
+    }
+
+    // Default to id_rsa even if it doesn't exist (will error later)
+    return resolve(sshDir, 'id_rsa');
+  }
+
+  /**
+   * Connect to SSH server
+   */
+  async connect(): Promise<void> {
+    return new Promise((resolve, reject) => {
+      this.client
+        .on('ready', () => {
+          this.connected = true;
+          resolve();
+        })
+        .on('error', (err) => {
+          reject(new Error(`SSH connection failed: ${err.message}`));
+        })
+        .connect(this.config);
+    });
+  }
+
+  /**
+   * Execute command on remote server
+   */
+  async exec(command: string, options?: {
+    streaming?: boolean;
+    cwd?: string;
+    skipNvmSetup?: boolean;
+  }): Promise<SSHCommandResult> {
+    if (!this.connected) {
+      throw new Error('Not connected. Call connect() first.');
+    }
+
+    // Source nvm to ensure Node.js/npm are in PATH for non-interactive sessions
+    // Skip for setup scripts that install nvm
+    const nvmSetup = options?.skipNvmSetup 
+      ? ''
+      : 'export NVM_DIR="$HOME/.nvm" && [ -s "$NVM_DIR/nvm.sh" ] && . "$NVM_DIR/nvm.sh" && ';
+    
+    // Add cd command if cwd provided
+    const fullCommand = options?.cwd 
+      ? `${nvmSetup}cd ${options.cwd} && ${command}`
+      : `${nvmSetup}${command}`;
+
+    return new Promise((resolve, reject) => {
+      this.client.exec(fullCommand, (err, stream) => {
+        if (err) {
+          reject(new Error(`Failed to execute command: ${err.message}`));
+          return;
+        }
+
+        let stdout = '';
+        let stderr = '';
+
+        stream
+          .on('close', (code: number) => {
+            resolve({
+              stdout,
+              stderr,
+              exitCode: code,
+            });
+          })
+          .on('data', (data: Buffer) => {
+            const output = data.toString();
+            stdout += output;
+            
+            if (options?.streaming) {
+              process.stdout.write(output);
+            }
+          })
+          .stderr.on('data', (data: Buffer) => {
+            const output = data.toString();
+            stderr += output;
+            
+            if (options?.streaming) {
+              process.stderr.write(output);
+            }
+          });
+      });
+    });
+  }
+
+  /**
+   * Upload file to remote server (SCP)
+   */
+  async uploadFile(
+    localPath: string,
+    remotePath: string
+  ): Promise<void> {
+    if (!this.connected) {
+      throw new Error('Not connected. Call connect() first.');
+    }
+
+    return new Promise((resolve, reject) => {
+      this.client.sftp((err, sftp) => {
+        if (err) {
+          reject(new Error(`SFTP session failed: ${err.message}`));
+          return;
+        }
+
+        sftp.fastPut(localPath, remotePath, (err) => {
+          if (err) {
+            reject(new Error(`Failed to upload file: ${err.message}`));
+          } else {
+            resolve();
+          }
+        });
+      });
+    });
+  }
+
+  /**
+   * Download file from remote server
+   */
+  async downloadFile(
+    remotePath: string,
+    localPath: string
+  ): Promise<void> {
+    if (!this.connected) {
+      throw new Error('Not connected. Call connect() first.');
+    }
+
+    return new Promise((resolve, reject) => {
+      this.client.sftp((err, sftp) => {
+        if (err) {
+          reject(new Error(`SFTP session failed: ${err.message}`));
+          return;
+        }
+
+        sftp.fastGet(remotePath, localPath, (err) => {
+          if (err) {
+            reject(new Error(`Failed to download file: ${err.message}`));
+          } else {
+            resolve();
+          }
+        });
+      });
+    });
+  }
+
+  /**
+   * Check if file/directory exists on remote
+   */
+  async exists(remotePath: string): Promise<boolean> {
+    try {
+      const result = await this.exec(`test -e ${remotePath} && echo "exists"`);
+      return result.stdout.trim() === 'exists';
+    } catch {
+      return false;
+    }
+  }
+
+  /**
+   * Create directory on remote server
+   */
+  async mkdir(remotePath: string, recursive: boolean = true): Promise<void> {
+    const flag = recursive ? '-p' : '';
+    const result = await this.exec(`mkdir ${flag} ${remotePath}`);
+    
+    if (result.exitCode !== 0) {
+      throw new Error(`Failed to create directory: ${result.stderr}`);
+    }
+  }
+
+  /**
+   * Disconnect from server
+   */
+  disconnect(): void {
+    if (this.connected) {
+      this.client.end();
+      this.connected = false;
+    }
+  }
+
+  /**
+   * Check if connected
+   */
+  isConnected(): boolean {
+    return this.connected;
+  }
+}
+
+/**
+ * Parse SSH connection string (user@host)
+ */
+export function parseSSHConnection(connectionString: string): {
+  username: string;
+  host: string;
+  port?: number;
+} {
+  // Support formats:
+  // - user@host
+  // - user@host:port
+  const match = connectionString.match(/^([^@]+)@([^:]+)(?::(\d+))?$/);
+  
+  if (!match) {
+    throw new Error(
+      `Invalid SSH connection string: ${connectionString}\n` +
+      `Expected format: user@host or user@host:port`
+    );
+  }
+
+  return {
+    username: match[1],
+    host: match[2],
+    port: match[3] ? parseInt(match[3]) : undefined,
+  };
+}
+
+/**
+ * Create SSH connection from connection string
+ */
+export async function createSSHConnection(
+  connectionString: string,
+  options?: {
+    password?: string;
+    privateKeyPath?: string;
+    passphrase?: string;
+  }
+): Promise<SSHConnection> {
+  // Support HOSTFN_HOST env var for CI/CD
+  const hostToUse = process.env.HOSTFN_HOST || connectionString;
+  const { username, host, port } = parseSSHConnection(hostToUse);
+  
+  const ssh = new SSHConnection({
+    host,
+    port,
+    username,
+    password: options?.password || process.env.HOSTFN_SSH_PASSWORD,
+    privateKeyPath: options?.privateKeyPath,
+    passphrase: options?.passphrase || process.env.HOSTFN_SSH_PASSPHRASE,
+  });
+
+  await ssh.connect();
+  return ssh;
+}