update
This commit is contained in:
@ -1,6 +1,5 @@
|
||||
import * as plugins from '../../plugins.js';
|
||||
import type {
|
||||
IForwardConfig,
|
||||
IDomainOptions,
|
||||
IAcmeOptions
|
||||
} from '../../certificate/models/certificate-types.js';
|
||||
|
||||
@ -1,8 +1,12 @@
|
||||
/**
|
||||
* Type definitions for SmartAcme interfaces used by ChallengeResponder
|
||||
* These reflect the actual SmartAcme API based on the documentation
|
||||
*
|
||||
* Also includes route-based interfaces for Port80Handler to extract domains
|
||||
* that need certificate management from route configurations.
|
||||
*/
|
||||
import * as plugins from '../../plugins.js';
|
||||
import type { IRouteConfig } from '../../proxies/smart-proxy/models/route-types.js';
|
||||
|
||||
/**
|
||||
* Structure for SmartAcme certificate result
|
||||
@ -82,4 +86,84 @@ export interface ISmartAcme {
|
||||
getCertificateForDomain(domain: string): Promise<ISmartAcmeCert>;
|
||||
on?(event: string, listener: (data: any) => void): void;
|
||||
eventEmitter?: plugins.EventEmitter;
|
||||
}
|
||||
|
||||
/**
|
||||
* Port80Handler route options
|
||||
*/
|
||||
export interface IPort80RouteOptions {
|
||||
// The domain for the certificate
|
||||
domain: string;
|
||||
|
||||
// Whether to redirect HTTP to HTTPS
|
||||
sslRedirect: boolean;
|
||||
|
||||
// Whether to enable ACME certificate management
|
||||
acmeMaintenance: boolean;
|
||||
|
||||
// Optional target for forwarding HTTP requests
|
||||
forward?: {
|
||||
ip: string;
|
||||
port: number;
|
||||
};
|
||||
|
||||
// Optional target for forwarding ACME challenge requests
|
||||
acmeForward?: {
|
||||
ip: string;
|
||||
port: number;
|
||||
};
|
||||
|
||||
// Reference to the route that requested this certificate
|
||||
routeReference?: {
|
||||
routeId?: string;
|
||||
routeName?: string;
|
||||
};
|
||||
}
|
||||
|
||||
/**
|
||||
* Extract domains that need certificate management from routes
|
||||
* @param routes Route configurations to extract domains from
|
||||
* @returns Array of Port80RouteOptions for each domain
|
||||
*/
|
||||
export function extractPort80RoutesFromRoutes(routes: IRouteConfig[]): IPort80RouteOptions[] {
|
||||
const result: IPort80RouteOptions[] = [];
|
||||
|
||||
for (const route of routes) {
|
||||
// Skip routes that don't have domains or TLS configuration
|
||||
if (!route.match.domains || !route.action.tls) continue;
|
||||
|
||||
// Skip routes that don't terminate TLS
|
||||
if (route.action.tls.mode !== 'terminate' && route.action.tls.mode !== 'terminate-and-reencrypt') continue;
|
||||
|
||||
// Only routes with automatic certificates need ACME
|
||||
if (route.action.tls.certificate !== 'auto') continue;
|
||||
|
||||
// Get domains from route
|
||||
const domains = Array.isArray(route.match.domains)
|
||||
? route.match.domains
|
||||
: [route.match.domains];
|
||||
|
||||
// Create Port80RouteOptions for each domain
|
||||
for (const domain of domains) {
|
||||
// Skip wildcards (we can't get certificates for them)
|
||||
if (domain.includes('*')) continue;
|
||||
|
||||
// Create Port80RouteOptions
|
||||
const options: IPort80RouteOptions = {
|
||||
domain,
|
||||
sslRedirect: true, // Default to true for HTTPS routes
|
||||
acmeMaintenance: true, // Default to true for auto certificates
|
||||
|
||||
// Add route reference
|
||||
routeReference: {
|
||||
routeName: route.name
|
||||
}
|
||||
};
|
||||
|
||||
// Add domain to result
|
||||
result.push(options);
|
||||
}
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
@ -2,12 +2,12 @@ import * as plugins from '../../plugins.js';
|
||||
import { IncomingMessage, ServerResponse } from 'http';
|
||||
import { CertificateEvents } from '../../certificate/events/certificate-events.js';
|
||||
import type {
|
||||
IForwardConfig,
|
||||
IDomainOptions,
|
||||
IDomainOptions, // Kept for backward compatibility
|
||||
ICertificateData,
|
||||
ICertificateFailure,
|
||||
ICertificateExpiring,
|
||||
IAcmeOptions
|
||||
IAcmeOptions,
|
||||
IRouteForwardConfig
|
||||
} from '../../certificate/models/certificate-types.js';
|
||||
import {
|
||||
HttpEvents,
|
||||
@ -18,6 +18,9 @@ import {
|
||||
} from '../models/http-types.js';
|
||||
import type { IDomainCertificate } from '../models/http-types.js';
|
||||
import { ChallengeResponder } from './challenge-responder.js';
|
||||
import { extractPort80RoutesFromRoutes } from './acme-interfaces.js';
|
||||
import type { IPort80RouteOptions } from './acme-interfaces.js';
|
||||
import type { IRouteConfig } from '../../proxies/smart-proxy/models/route-types.js';
|
||||
|
||||
// Re-export for backward compatibility
|
||||
export {
|
||||
@ -68,7 +71,7 @@ export class Port80Handler extends plugins.EventEmitter {
|
||||
renewThresholdDays: options.renewThresholdDays ?? 30,
|
||||
renewCheckIntervalHours: options.renewCheckIntervalHours ?? 24,
|
||||
autoRenew: options.autoRenew ?? true,
|
||||
domainForwards: options.domainForwards ?? []
|
||||
routeForwards: options.routeForwards ?? []
|
||||
};
|
||||
|
||||
// Initialize challenge responder
|
||||
@ -198,29 +201,33 @@ export class Port80Handler extends plugins.EventEmitter {
|
||||
* Adds a domain with configuration options
|
||||
* @param options Domain configuration options
|
||||
*/
|
||||
public addDomain(options: IDomainOptions): void {
|
||||
if (!options.domainName || typeof options.domainName !== 'string') {
|
||||
public addDomain(options: IDomainOptions | IPort80RouteOptions): void {
|
||||
// Normalize options format (handle both IDomainOptions and IPort80RouteOptions)
|
||||
const normalizedOptions: IDomainOptions = this.normalizeOptions(options);
|
||||
|
||||
if (!normalizedOptions.domainName || typeof normalizedOptions.domainName !== 'string') {
|
||||
throw new HttpError('Invalid domain name');
|
||||
}
|
||||
|
||||
const domainName = options.domainName;
|
||||
const domainName = normalizedOptions.domainName;
|
||||
|
||||
if (!this.domainCertificates.has(domainName)) {
|
||||
this.domainCertificates.set(domainName, {
|
||||
options,
|
||||
options: normalizedOptions,
|
||||
certObtained: false,
|
||||
obtainingInProgress: false
|
||||
});
|
||||
|
||||
console.log(`Domain added: ${domainName} with configuration:`, {
|
||||
sslRedirect: options.sslRedirect,
|
||||
acmeMaintenance: options.acmeMaintenance,
|
||||
hasForward: !!options.forward,
|
||||
hasAcmeForward: !!options.acmeForward
|
||||
sslRedirect: normalizedOptions.sslRedirect,
|
||||
acmeMaintenance: normalizedOptions.acmeMaintenance,
|
||||
hasForward: !!normalizedOptions.forward,
|
||||
hasAcmeForward: !!normalizedOptions.acmeForward,
|
||||
routeReference: normalizedOptions.routeReference
|
||||
});
|
||||
|
||||
// If acmeMaintenance is enabled and not a glob pattern, start certificate process immediately
|
||||
if (options.acmeMaintenance && this.server && !this.isGlobPattern(domainName)) {
|
||||
if (normalizedOptions.acmeMaintenance && this.server && !this.isGlobPattern(domainName)) {
|
||||
this.obtainCertificate(domainName).catch(err => {
|
||||
console.error(`Error obtaining initial certificate for ${domainName}:`, err);
|
||||
});
|
||||
@ -228,11 +235,50 @@ export class Port80Handler extends plugins.EventEmitter {
|
||||
} else {
|
||||
// Update existing domain with new options
|
||||
const existing = this.domainCertificates.get(domainName)!;
|
||||
existing.options = options;
|
||||
existing.options = normalizedOptions;
|
||||
console.log(`Domain ${domainName} configuration updated`);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Add domains from route configurations
|
||||
* @param routes Array of route configurations
|
||||
*/
|
||||
public addDomainsFromRoutes(routes: IRouteConfig[]): void {
|
||||
// Extract Port80RouteOptions from routes
|
||||
const routeOptions = extractPort80RoutesFromRoutes(routes);
|
||||
|
||||
// Add each domain
|
||||
for (const options of routeOptions) {
|
||||
this.addDomain(options);
|
||||
}
|
||||
|
||||
console.log(`Added ${routeOptions.length} domains from routes for certificate management`);
|
||||
}
|
||||
|
||||
/**
|
||||
* Normalize options from either IDomainOptions or IPort80RouteOptions
|
||||
* @param options Options to normalize
|
||||
* @returns Normalized IDomainOptions
|
||||
* @private
|
||||
*/
|
||||
private normalizeOptions(options: IDomainOptions | IPort80RouteOptions): IDomainOptions {
|
||||
// Handle IPort80RouteOptions format
|
||||
if ('domain' in options) {
|
||||
return {
|
||||
domainName: options.domain,
|
||||
sslRedirect: options.sslRedirect,
|
||||
acmeMaintenance: options.acmeMaintenance,
|
||||
forward: options.forward,
|
||||
acmeForward: options.acmeForward,
|
||||
routeReference: options.routeReference
|
||||
};
|
||||
}
|
||||
|
||||
// Already in IDomainOptions format
|
||||
return options;
|
||||
}
|
||||
|
||||
/**
|
||||
* Removes a domain from management
|
||||
* @param domain The domain to remove
|
||||
@ -459,7 +505,7 @@ export class Port80Handler extends plugins.EventEmitter {
|
||||
private forwardRequest(
|
||||
req: plugins.http.IncomingMessage,
|
||||
res: plugins.http.ServerResponse,
|
||||
target: IForwardConfig,
|
||||
target: { ip: string; port: number },
|
||||
requestType: string
|
||||
): void {
|
||||
const options = {
|
||||
|
||||
Reference in New Issue
Block a user