fix(certificates): simplify approach

2025-05-18 15:38:07 +00:00
parent 8dc6b5d849
commit 01b4a79e1a
11 changed files with 1080 additions and 889 deletions
--- a/ts/proxies/smart-proxy/models/route-types.ts
+++ b/ts/proxies/smart-proxy/models/route-types.ts
@ -73,15 +73,42 @@ export interface IRouteTarget {
  port: number | 'preserve' | ((context: IRouteContext) => number);  // Port with optional function for dynamic mapping (use 'preserve' to keep the incoming port)
 }

+/**
+ * ACME configuration for automatic certificate provisioning
+ */
+export interface IRouteAcme {
+  email: string;                    // Contact email for ACME account
+  useProduction?: boolean;          // Use production ACME servers (default: false)
+  challengePort?: number;           // Port for HTTP-01 challenges (default: 80)
+  renewBeforeDays?: number;         // Days before expiry to renew (default: 30)
+}
+
+/**
+ * Static route handler response
+ */
+export interface IStaticResponse {
+  status: number;
+  headers?: Record<string, string>;
+  body: string | Buffer;
+}
+
 /**
 * TLS configuration for route actions
 */
 export interface IRouteTls {
  mode: TTlsMode;
-  certificate?: 'auto' | {   // Auto = use ACME
-    key: string;
-    cert: string;
+  certificate?: 'auto' | {          // Auto = use ACME
+    key: string;                   // PEM-encoded private key
+    cert: string;                  // PEM-encoded certificate
+    ca?: string;                   // PEM-encoded CA chain
+    keyFile?: string;              // Path to key file (overrides key)
+    certFile?: string;             // Path to cert file (overrides cert)
  };
+  acme?: IRouteAcme;               // ACME options when certificate is 'auto'
+  versions?: string[];             // Allowed TLS versions (e.g., ['TLSv1.2', 'TLSv1.3'])
+  ciphers?: string;                // OpenSSL cipher string
+  honorCipherOrder?: boolean;      // Use server's cipher preferences
+  sessionTimeout?: number;         // TLS session timeout in seconds
 }

 /**
@ -266,6 +293,9 @@ export interface IRouteAction {

  // NFTables-specific options
  nftables?: INfTablesOptions;
+
+  // Handler function for static routes
+  handler?: (context: IRouteContext) => Promise<IStaticResponse>;
 }

 /**