signalk-ssl 0.4.0 → 0.5.0

package/dist/plugin/index.js

@@ -5,7 +5,7 @@
 import 'reflect-metadata';
 import { CertStore } from './storage.js';
 import { PassphraseSource } from './passphrase-source.js';
-import { SslService } from './service.js';
+import { SslService, discoverAdvertisedHostname } from './service.js';
 import { startRenewalScheduler } from './scheduler.js';
 import { buildPublicRoutes, registerAdminRoutes } from './api.js';
 import { ConfigSchema, DEFAULT_CONFIG } from './schema.js';
@@ -18,6 +18,37 @@ const resolveConfig = (raw) => {
 const resolveConfigPath = (app, fallback) => {
     return app.config?.configPath ?? fallback;
 };
+const sansAreEmpty = (config) => config.sans.dnsNames.length === 0 && config.sans.ipAddresses.length === 0;
+/**
+ * One-shot seed: on first run with an empty SAN list, pre-populate dnsNames
+ * with the name the server advertises on mDNS so the user sees a sensible,
+ * server-specific default in the plugin config screen instead of a blank field.
+ *
+ * Guarded by a persistent marker so it runs at most once per install: a user
+ * who deletes the seeded name will not see it re-added on the next restart
+ * (the SAN-provenance rule from AGENTS.md). Returns true when it triggered a
+ * restart, in which case the caller must stop — the plugin is being restarted
+ * with the new config.
+ */
+const maybeSeedHostname = async (store, config, rawHostname, restart, log) => {
+    if (!sansAreEmpty(config) || (await store.hasSeededHostname())) {
+        return false;
+    }
+    const hostname = discoverAdvertisedHostname(rawHostname);
+    if (hostname === null) {
+        // No useful suggestion (container ID, localhost, etc.). Don't write the
+        // marker — if the host gets a real name later, we still want to seed then.
+        return false;
+    }
+    await store.markHostnameSeeded(hostname);
+    const newConfig = {
+        ...config,
+        sans: { ...config.sans, dnsNames: [hostname] }
+    };
+    log(`${PLUGIN_ID} seeding empty SANs with discovered hostname ${hostname}`);
+    restart(newConfig);
+    return true;
+};
 const pluginConstructor = (app) => {
     const extended = app;
     let scheduler = null;
@@ -30,7 +61,7 @@ const pluginConstructor = (app) => {
         name: PLUGIN_NAME,
         description: PLUGIN_DESCRIPTION,
         schema: () => ConfigSchema,
-        start(rawConfig, _restart) {
+        start(rawConfig, restart) {
             config = resolveConfig(rawConfig);
             const dataDir = app.getDataDirPath();
             const configPath = resolveConfigPath(extended, dataDir);
@@ -38,10 +69,31 @@ const pluginConstructor = (app) => {
             passphrase = new PassphraseSource(config.passphraseMode, store);
             service = new SslService({ store, passphrase, config, configPath });
             const svcLocal = service;
+            const storeLocal = store;
+            const cfgLocal = config;
             const logSchedulerError = (err) => {
                 app.error(`${PLUGIN_ID} scheduled renewal failed: ${String(err)}`);
             };
-            void store.init().then(async () => {
+            void storeLocal
+                .init()
+                .then(async () => {
+                // First-run SAN seed must run before the issue flow: if it triggers a
+                // restart, start() runs again with the seeded config and the issue
+                // happens then. Bail out here so we don't issue against empty SANs and
+                // immediately get restarted out from under it.
+                try {
+                    const rawHostname = extended.config?.getExternalHostname?.() ?? '';
+                    const restarted = await maybeSeedHostname(storeLocal, cfgLocal, rawHostname, restart, (msg) => {
+                        app.debug(msg);
+                    });
+                    if (restarted) {
+                        return;
+                    }
+                }
+                catch (e) {
+                    // A seed failure must never block cert issuance — log and continue.
+                    app.error(`${PLUGIN_ID} hostname seed failed: ${String(e)}`);
+                }
                 try {
                     const warning = await svcLocal.checkWritePermissions();
                     if (warning !== null) {
@@ -61,6 +113,14 @@ const pluginConstructor = (app) => {
                 // Start the scheduler only after init + initial issue have completed,
                 // so a short test interval can't race against an uninitialised store.
                 scheduler = startRenewalScheduler(svcLocal, logSchedulerError);
+            })
+                // Terminal guard: store.init() (mkdir on a read-only / UID-shifted data
+                // dir) or a throw from startRenewalScheduler would otherwise surface as
+                // an unhandled rejection. The per-block try/catch above keep the issue
+                // flow going; this only catches what they can't. scheduler is left null
+                // on failure (the assignment is the last statement), so stop() is safe.
+                .catch((e) => {
+                app.error(`${PLUGIN_ID} startup failed: ${String(e)}`);
             });
             app.debug(`${PLUGIN_ID} started; data dir=${dataDir}; configPath=${configPath}`);
         },

package/dist/plugin/storage.d.ts

@@ -34,4 +34,13 @@ export declare class CertStore {
     writeSettings(settings: SettingsOnDisk): Promise<void>;
     readConvenienceEnvelope(): Promise<ConveniencePassphraseEnvelope | null>;
     writeConvenienceEnvelope(env: ConveniencePassphraseEnvelope): Promise<void>;
+    /**
+     * Whether the plugin has already attempted its one-shot SAN seed (auto-adding
+     * the discovered mDNS hostname to an empty dnsNames list on first run). The
+     * marker makes the seed a one-time action: once it exists, a user who deletes
+     * the seeded name will not see it re-added on the next restart. Presence is
+     * the whole signal; the stored body is informational only.
+     */
+    hasSeededHostname(): Promise<boolean>;
+    markHostnameSeeded(hostname: string): Promise<void>;
 }

package/dist/plugin/storage.js

@@ -9,7 +9,8 @@ const FILES = {
     state: 'state.json',
     leafState: 'leaf-state.json',
     settings: 'settings.json',
-    convenience: 'passphrase.kdf.json'
+    convenience: 'passphrase.kdf.json',
+    hostnameSeeded: 'hostname-seeded.json'
 };
 const PEM_KEY_MODE = 0o600;
 const PEM_CERT_MODE = 0o644;
@@ -130,4 +131,19 @@ export class CertStore {
         await this.init();
         await atomicWrite(this.path('convenience'), JSON.stringify(env, null, 2), JSON_MODE);
     }
+    /**
+     * Whether the plugin has already attempted its one-shot SAN seed (auto-adding
+     * the discovered mDNS hostname to an empty dnsNames list on first run). The
+     * marker makes the seed a one-time action: once it exists, a user who deletes
+     * the seeded name will not see it re-added on the next restart. Presence is
+     * the whole signal; the stored body is informational only.
+     */
+    async hasSeededHostname() {
+        return (await readIfExists(this.path('hostnameSeeded'))) !== null;
+    }
+    async markHostnameSeeded(hostname) {
+        await this.init();
+        const body = JSON.stringify({ hostname, seededAt: new Date().toISOString() }, null, 2);
+        await atomicWrite(this.path('hostnameSeeded'), body, JSON_MODE);
+    }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "signalk-ssl",
-  "version": "0.4.0",
+  "version": "0.5.0",
   "description": "SSL/TLS certificate management plugin for SignalK Node Server — generate a local CA, issue server certs, distribute the root via QR to phones/tablets",
   "type": "module",
   "main": "dist/plugin/index.js",