dcrouter/ts/classes.dcrouter.ts

import * as plugins from './plugins.js';
import * as paths from './paths.js';

// Certificate types are available via plugins.tsclass

// Import the consolidated email config
import type { IEmailConfig, IDomainRule } from './mail/routing/classes.email.config.js';
import type { EmailProcessingMode } from './mail/delivery/interfaces.js';
import { DomainRouter } from './mail/routing/classes.domain.router.js';
import { UnifiedEmailServer } from './mail/routing/classes.unified.email.server.js';
import { UnifiedDeliveryQueue, type IQueueOptions } from './mail/delivery/classes.delivery.queue.js';
import { MultiModeDeliverySystem, type IMultiModeDeliveryOptions } from './mail/delivery/classes.delivery.system.js';
import { UnifiedRateLimiter, type IHierarchicalRateLimits } from './mail/delivery/classes.unified.rate.limiter.js';
import { logger } from './logger.js';
// Import the email configuration helpers directly from mail/delivery
import { configureEmailStorage, configureEmailServer } from './mail/delivery/index.js';

export interface IDcRouterOptions {
  /** 
   * Direct SmartProxy configuration - gives full control over HTTP/HTTPS and TCP/SNI traffic
   * This is the preferred way to configure HTTP/HTTPS and general TCP/SNI traffic 
   */
  smartProxyConfig?: plugins.smartproxy.ISmartProxyOptions;
  
  /**
   * Consolidated email configuration
   * This enables all email handling with pattern-based routing
   */
  emailConfig?: IEmailConfig;
  
  /**
   * Custom email port configuration
   * Allows configuring specific ports for email handling
   * This overrides the default port mapping in the emailConfig
   */
  emailPortConfig?: {
    /** External to internal port mapping */
    portMapping?: Record<number, number>;
    /** Custom port configuration for specific ports */
    portSettings?: Record<number, any>;
    /** Path to store received emails */
    receivedEmailsPath?: string;
  };
  
  /** TLS/certificate configuration */
  tls?: {
    /** Contact email for ACME certificates */
    contactEmail: string;
    /** Domain for main certificate */
    domain?: string;
    /** Path to certificate file (if not using auto-provisioning) */
    certPath?: string;
    /** Path to key file (if not using auto-provisioning) */
    keyPath?: string;
    /** Path to CA certificate file (for custom CAs) */
    caPath?: string;
  };
  
  /** DNS server configuration */
  dnsServerConfig?: plugins.smartdns.IDnsServerOptions;
  
  /** DNS challenge configuration for ACME (optional) */
  dnsChallenge?: {
    /** Cloudflare API key for DNS challenges */
    cloudflareApiKey?: string;
    /** Other DNS providers can be added here */
  };
}

/**
 * DcRouter can be run on ingress and egress to and from a datacenter site.
 */
/**
 * Context passed to HTTP routing rules
 */
/**
 * Context passed to port proxy (SmartProxy) routing rules
 */
export interface PortProxyRuleContext {
  proxy: plugins.smartproxy.SmartProxy;
  routes: plugins.smartproxy.IRouteConfig[];
}

export class DcRouter {
  public options: IDcRouterOptions;
  
  // Core services
  public smartProxy?: plugins.smartproxy.SmartProxy;
  public dnsServer?: plugins.smartdns.DnsServer;
  
  // Unified email components
  public domainRouter?: DomainRouter;
  public unifiedEmailServer?: UnifiedEmailServer;
  public deliveryQueue?: UnifiedDeliveryQueue;
  public deliverySystem?: MultiModeDeliverySystem;
  public rateLimiter?: UnifiedRateLimiter;
  
  
  // Environment access 
  private qenv = new plugins.qenv.Qenv('./', '.nogit/');
  
  constructor(optionsArg: IDcRouterOptions) {
    // Set defaults in options
    this.options = {
      ...optionsArg
    };
    
  }

  public async start() {
    console.log('Starting DcRouter services...');
    
    try {
      // Set up SmartProxy for HTTP/HTTPS and all traffic including email routes
      await this.setupSmartProxy();
      
      // Set up unified email handling if configured
      if (this.options.emailConfig) {
        await this.setupUnifiedEmailHandling();
        
        // Apply custom email storage configuration if available
        if (this.unifiedEmailServer && this.options.emailPortConfig?.receivedEmailsPath) {
          logger.log('info', 'Applying custom email storage configuration');
          configureEmailStorage(this.unifiedEmailServer, this.options);
        }
      }
      
      // Set up DNS server if configured
      if (this.options.dnsServerConfig) {
        this.dnsServer = new plugins.smartdns.DnsServer(this.options.dnsServerConfig);
        await this.dnsServer.start();
        console.log('DNS server started');
      }
      
      console.log('DcRouter started successfully');
    } catch (error) {
      console.error('Error starting DcRouter:', error);
      // Try to clean up any services that may have started
      await this.stop();
      throw error;
    }
  }
  
  /**
   * Set up SmartProxy with direct configuration and automatic email routes
   */
  private async setupSmartProxy(): Promise<void> {
    console.log('[DcRouter] Setting up SmartProxy...');
    let routes: plugins.smartproxy.IRouteConfig[] = [];
    let acmeConfig: plugins.smartproxy.IAcmeOptions | undefined;
    
    // If user provides full SmartProxy config, use it directly
    if (this.options.smartProxyConfig) {
      routes = this.options.smartProxyConfig.routes || [];
      acmeConfig = this.options.smartProxyConfig.acme;
      console.log(`[DcRouter] Found ${routes.length} routes in config`);
      console.log(`[DcRouter] ACME config present: ${!!acmeConfig}`);
    }
    
    // If email config exists, automatically add email routes
    if (this.options.emailConfig) {
      const emailRoutes = this.generateEmailRoutes(this.options.emailConfig);
      console.log(`Email Routes are:`)
      console.log(emailRoutes)
      routes = [...routes, ...emailRoutes]; // Enable email routing through SmartProxy
    }
    
    // Merge TLS/ACME configuration if provided at root level
    if (this.options.tls && !acmeConfig) {
      acmeConfig = {
        accountEmail: this.options.tls.contactEmail,
        enabled: true,
        useProduction: true,
        autoRenew: true,
        renewThresholdDays: 30
      };
    }
    
    // Configure DNS challenge if available
    let challengeHandlers: any[] = [];
    if (this.options.dnsChallenge?.cloudflareApiKey) {
      console.log('Configuring Cloudflare DNS challenge for ACME');
      const cloudflareAccount = new plugins.cloudflare.CloudflareAccount(this.options.dnsChallenge.cloudflareApiKey);
      const dns01Handler = new plugins.smartacme.handlers.Dns01Handler(cloudflareAccount);
      challengeHandlers.push(dns01Handler);
    }
    
    // If we have routes or need a basic SmartProxy instance, create it
    if (routes.length > 0 || this.options.smartProxyConfig) {
      console.log('Setting up SmartProxy with combined configuration');
      
      // Create SmartProxy configuration
      const smartProxyConfig: plugins.smartproxy.ISmartProxyOptions = {
        ...this.options.smartProxyConfig,
        routes,
        acme: acmeConfig
      };
      
      // If we have DNS challenge handlers, enhance the config
      if (challengeHandlers.length > 0) {
        // We'll need to pass this to SmartProxy somehow
        // For now, we'll set it as a property
        (smartProxyConfig as any).acmeChallengeHandlers = challengeHandlers;
        (smartProxyConfig as any).acmeChallengePriority = ['dns-01', 'http-01'];
      }
      
      // Create SmartProxy instance
      console.log('[DcRouter] Creating SmartProxy instance with config:', JSON.stringify({
        routeCount: smartProxyConfig.routes?.length,
        acmeEnabled: smartProxyConfig.acme?.enabled,
        acmeEmail: smartProxyConfig.acme?.email,
        certProvisionFunction: !!smartProxyConfig.certProvisionFunction
      }, null, 2));
      
      this.smartProxy = new plugins.smartproxy.SmartProxy(smartProxyConfig);
      
      // Set up event listeners
      this.smartProxy.on('error', (err) => {
        console.error('[DcRouter] SmartProxy error:', err);
        console.error('[DcRouter] Error stack:', err.stack);
      });
      
      if (acmeConfig) {
        this.smartProxy.on('certificate-issued', (event) => {
          console.log(`[DcRouter] Certificate issued for ${event.domain}, expires ${event.expiryDate}`);
        });
        
        this.smartProxy.on('certificate-renewed', (event) => {
          console.log(`[DcRouter] Certificate renewed for ${event.domain}, expires ${event.expiryDate}`);
        });
        
        this.smartProxy.on('certificate-failed', (event) => {
          console.error(`[DcRouter] Certificate failed for ${event.domain}:`, event.error);
        });
      }
      
      // Start SmartProxy
      console.log('[DcRouter] Starting SmartProxy...');
      await this.smartProxy.start();
      console.log('[DcRouter] SmartProxy started successfully');
      
      console.log(`SmartProxy started with ${routes.length} routes`);
    }
  }
  
  

  /**
   * Generate SmartProxy routes for email configuration
   */
  private generateEmailRoutes(emailConfig: IEmailConfig): plugins.smartproxy.IRouteConfig[] {
    const emailRoutes: plugins.smartproxy.IRouteConfig[] = [];
    
    // Get the custom port mapping if available, otherwise use defaults
    const defaultPortMapping = {
      25: 10025,   // SMTP
      587: 10587,  // Submission
      465: 10465   // SMTPS
    };
    
    // Use custom port mapping if provided, otherwise fall back to defaults
    const portMapping = this.options.emailPortConfig?.portMapping || defaultPortMapping;
    
    // Create routes for each email port
    for (const port of emailConfig.ports) {
      // Calculate the internal port using the mapping
      const internalPort = portMapping[port] || port + 10000;
      
      // Create a descriptive name for the route based on the port
      let routeName = 'email-route';
      let tlsMode = 'passthrough';
      
      // Handle different email ports differently
      switch (port) {
        case 25: // SMTP
          routeName = 'smtp-route';
          tlsMode = 'passthrough'; // STARTTLS handled by email server
          break;
          
        case 587: // Submission
          routeName = 'submission-route';
          tlsMode = 'passthrough'; // STARTTLS handled by email server
          break;
          
        case 465: // SMTPS
          routeName = 'smtps-route';
          tlsMode = 'terminate'; // Terminate TLS and re-encrypt to email server
          break;
          
        default:
          routeName = `email-port-${port}-route`;
          // For unknown ports, assume passthrough by default
          tlsMode = 'passthrough';
          
          // Check if we have specific settings for this port
          if (this.options.emailPortConfig?.portSettings && 
              this.options.emailPortConfig.portSettings[port]) {
            const portSettings = this.options.emailPortConfig.portSettings[port];
            
            // If this port requires TLS termination, set the mode accordingly
            if (portSettings.terminateTls) {
              tlsMode = 'terminate';
            }
            
            // Override the route name if specified
            if (portSettings.routeName) {
              routeName = portSettings.routeName;
            }
          }
          break;
      }
      
      // Create the route configuration
      const routeConfig: plugins.smartproxy.IRouteConfig = {
        name: routeName,
        match: {
          ports: [port]
        },
        action: {
          type: 'forward',
          target: {
            host: 'localhost', // Forward to internal email server
            port: internalPort
          },
          tls: {
            mode: tlsMode as any
          }
        }
      };
      
      // For TLS terminate mode, add certificate info
      if (tlsMode === 'terminate') {
        routeConfig.action.tls.certificate = 'auto';
      }
      
      // Add the route to our list
      emailRoutes.push(routeConfig);
    }
    
    // Add domain-specific email routes if configured
    if (emailConfig.domainRules) {
      for (const rule of emailConfig.domainRules) {
        // Extract domain from pattern (e.g., "*@example.com" -> "example.com")
        const domain = rule.pattern.split('@')[1];
        
        if (domain && rule.mode === 'forward' && rule.target) {
          emailRoutes.push({
            name: `email-forward-${domain}`,
            match: {
              ports: emailConfig.ports,
              domains: [domain]
            },
            action: {
              type: 'forward',
              target: {
                host: rule.target.server,
                port: rule.target.port || 25
              },
              tls: {
                mode: rule.target.useTls ? 'terminate-and-reencrypt' : 'passthrough'
              }
            }
          });
        }
      }
    }
    
    return emailRoutes;
  }

  /**
   * Check if a domain matches a pattern (including wildcard support)
   * @param domain The domain to check
   * @param pattern The pattern to match against (e.g., "*.example.com")
   * @returns Whether the domain matches the pattern
   */
  private isDomainMatch(domain: string, pattern: string): boolean {
    // Normalize inputs
    domain = domain.toLowerCase();
    pattern = pattern.toLowerCase();
    
    // Check for exact match
    if (domain === pattern) {
      return true;
    }
    
    // Check for wildcard match (*.example.com)
    if (pattern.startsWith('*.')) {
      const patternSuffix = pattern.slice(2); // Remove the "*." prefix
      
      // Check if domain ends with the pattern suffix and has at least one character before it
      return domain.endsWith(patternSuffix) && domain.length > patternSuffix.length;
    }
    
    // No match
    return false;
  }

  public async stop() {
    console.log('Stopping DcRouter services...');
    
    try {
      // Stop all services in parallel for faster shutdown
      await Promise.all([
        // Stop unified email components if running
        this.domainRouter ? this.stopUnifiedEmailComponents().catch(err => console.error('Error stopping unified email components:', err)) : Promise.resolve(),
        
        // Stop HTTP SmartProxy if running
        this.smartProxy ? this.smartProxy.stop().catch(err => console.error('Error stopping SmartProxy:', err)) : Promise.resolve(),
        
        // Stop DNS server if running
        this.dnsServer ? 
          this.dnsServer.stop().catch(err => console.error('Error stopping DNS server:', err)) : 
          Promise.resolve()
      ]);
      
      console.log('All DcRouter services stopped');
    } catch (error) {
      console.error('Error during DcRouter shutdown:', error);
      throw error;
    }
  }

  /**
   * Update SmartProxy configuration
   * @param config New SmartProxy configuration
   */
  public async updateSmartProxyConfig(config: plugins.smartproxy.ISmartProxyOptions): Promise<void> {
    // Stop existing SmartProxy if running
    if (this.smartProxy) {
      await this.smartProxy.stop();
      this.smartProxy = undefined;
    }
    
    // Update configuration
    this.options.smartProxyConfig = config;
    
    // Start new SmartProxy with updated configuration (will include email routes if configured)
    await this.setupSmartProxy();
    
    console.log('SmartProxy configuration updated');
  }
  
  
  
  /**
   * Set up unified email handling with pattern-based routing
   * This implements the consolidated emailConfig approach
   */
  private async setupUnifiedEmailHandling(): Promise<void> {
    logger.log('info', 'Setting up unified email handling with pattern-based routing');
    
    if (!this.options.emailConfig) {
      throw new Error('Email configuration is required for unified email handling');
    }

    const emailConfig = this.options.emailConfig;
    
    // Map external ports to internal ports with support for custom port mapping
    const defaultPortMapping = {
      25: 10025,   // SMTP
      587: 10587,  // Submission
      465: 10465   // SMTPS
    };
    
    // Use custom port mapping if provided, otherwise fall back to defaults
    const portMapping = this.options.emailPortConfig?.portMapping || defaultPortMapping;
    
    // Create internal email server configuration
    const internalEmailConfig: IEmailConfig = {
      ...emailConfig,
      ports: emailConfig.ports.map(port => portMapping[port] || port + 10000),
      hostname: 'localhost' // Listen on localhost for SmartProxy forwarding
    };
    
    // If custom MTA options are provided, merge them
    if (this.options.emailPortConfig?.portSettings) {
      // Will be used in MTA configuration
      logger.log('info', 'Custom port settings detected for email configuration');
    }
    
    // Configure custom email storage path if specified
    if (this.options.emailPortConfig?.receivedEmailsPath) {
      logger.log('info', `Custom email storage path configured: ${this.options.emailPortConfig.receivedEmailsPath}`);
    }
    
    try {
      // Create domain router for pattern matching
      this.domainRouter = new DomainRouter({
        domainRules: emailConfig.domainRules,
        defaultMode: emailConfig.defaultMode,
        defaultServer: emailConfig.defaultServer,
        defaultPort: emailConfig.defaultPort,
        defaultTls: emailConfig.defaultTls
      });
      
      // Initialize the rate limiter
      this.rateLimiter = new UnifiedRateLimiter({
        global: {
          maxMessagesPerMinute: 100,
          maxRecipientsPerMessage: 100,
          maxConnectionsPerIP: 20,
          maxErrorsPerIP: 10,
          maxAuthFailuresPerIP: 5
        }
      });
      
      // Initialize the unified delivery queue
      const queueOptions: IQueueOptions = {
        storageType: emailConfig.queue?.storageType || 'memory',
        persistentPath: emailConfig.queue?.persistentPath,
        maxRetries: emailConfig.queue?.maxRetries,
        baseRetryDelay: emailConfig.queue?.baseRetryDelay,
        maxRetryDelay: emailConfig.queue?.maxRetryDelay
      };
      
      this.deliveryQueue = new UnifiedDeliveryQueue(queueOptions);
      await this.deliveryQueue.initialize();
      
      // Initialize the delivery system
      const deliveryOptions: IMultiModeDeliveryOptions = {
        globalRateLimit: 100, // Default to 100 emails per minute
        concurrentDeliveries: 10
      };
      
      this.deliverySystem = new MultiModeDeliverySystem(this.deliveryQueue, deliveryOptions);
      await this.deliverySystem.start();
      
      // Initialize the unified email server with internal configuration
      this.unifiedEmailServer = new UnifiedEmailServer({
        ports: internalEmailConfig.ports,
        hostname: internalEmailConfig.hostname,
        maxMessageSize: emailConfig.maxMessageSize,
        auth: emailConfig.auth,
        tls: emailConfig.tls,
        domainRules: emailConfig.domainRules,
        defaultMode: emailConfig.defaultMode,
        defaultServer: emailConfig.defaultServer,
        defaultPort: emailConfig.defaultPort,
        defaultTls: emailConfig.defaultTls
      });
      
      // Set up event listeners
      this.unifiedEmailServer.on('error', (err) => {
        logger.log('error', `UnifiedEmailServer error: ${err.message}`);
      });
      
      // Connect the unified email server with the delivery queue
      this.unifiedEmailServer.on('emailProcessed', (email, mode, rule) => {
        this.deliveryQueue!.enqueue(email, mode, rule).catch(err => {
          logger.log('error', `Failed to enqueue email: ${err.message}`);
        });
      });
      
      // Start the unified email server
      await this.unifiedEmailServer.start();
      
      logger.log('info', `Unified email handling configured with ${emailConfig.domainRules.length} domain rules on internal ports`);
      logger.log('info', `Email server listening on ports: ${internalEmailConfig.ports.join(', ')}`);
    } catch (error) {
      logger.log('error', `Error setting up unified email handling: ${error.message}`);
      throw error;
    }
  }
  
  /**
   * Update the unified email configuration
   * @param config New email configuration
   */
  public async updateEmailConfig(config: IEmailConfig): Promise<void> {
    // Stop existing email components
    await this.stopUnifiedEmailComponents();
    
    // Update configuration
    this.options.emailConfig = config;
    
    // Start email handling with new configuration
    await this.setupUnifiedEmailHandling();
    
    console.log('Unified email configuration updated');
  }
  
  /**
   * Stop all unified email components
   */
  private async stopUnifiedEmailComponents(): Promise<void> {
    try {
      // Stop all components in the correct order
      
      // 1. Stop the unified email server first
      if (this.unifiedEmailServer) {
        await this.unifiedEmailServer.stop();
        logger.log('info', 'Unified email server stopped');
        this.unifiedEmailServer = undefined;
      }
      
      // 2. Stop the delivery system
      if (this.deliverySystem) {
        await this.deliverySystem.stop();
        logger.log('info', 'Delivery system stopped');
        this.deliverySystem = undefined;
      }
      
      // 3. Stop the delivery queue
      if (this.deliveryQueue) {
        await this.deliveryQueue.shutdown();
        logger.log('info', 'Delivery queue shut down');
        this.deliveryQueue = undefined;
      }
      
      // 4. Stop the rate limiter
      if (this.rateLimiter) {
        this.rateLimiter.stop();
        logger.log('info', 'Rate limiter stopped');
        this.rateLimiter = undefined;
      }
      
      // 5. Clear the domain router
      this.domainRouter = undefined;
      
      logger.log('info', 'All unified email components stopped');
    } catch (error) {
      logger.log('error', `Error stopping unified email components: ${error.message}`);
      throw error;
    }
  }
  
  /**
   * Update domain rules for email routing
   * @param rules New domain rules to apply
   */
  public async updateDomainRules(rules: IDomainRule[]): Promise<void> {
    // Validate that email config exists
    if (!this.options.emailConfig) {
      throw new Error('Email configuration is required before updating domain rules');
    }
    
    // Update the configuration
    this.options.emailConfig.domainRules = rules;
    
    // Update the domain router if it exists
    if (this.domainRouter) {
      this.domainRouter.updateRules(rules);
    }
    
    // Update the unified email server if it exists
    if (this.unifiedEmailServer) {
      this.unifiedEmailServer.updateDomainRules(rules);
    }
    
    console.log(`Domain rules updated with ${rules.length} rules`);
  }
  
  /**
   * Get statistics from all components
   */
  public getStats(): any {
    const stats: any = {
      unifiedEmailServer: this.unifiedEmailServer?.getStats(),
      deliveryQueue: this.deliveryQueue?.getStats(),
      deliverySystem: this.deliverySystem?.getStats(),
      rateLimiter: this.rateLimiter?.getStats()
    };
    
    return stats;
  }
  
  /**
   * Configure MTA for email handling with custom port and storage settings
   * @param config Configuration for the MTA service
   */
  public async configureEmailMta(config: {
    internalPort: number;
    host?: string;
    secure?: boolean;
    storagePath?: string;
    portMapping?: Record<number, number>;
  }): Promise<boolean> {
    logger.log('info', 'Configuring MTA service with custom settings');
    
    
    // Update email port configuration
    if (!this.options.emailPortConfig) {
      this.options.emailPortConfig = {};
    }
    
    // Configure storage paths for received emails
    if (config.storagePath) {
      // Set the storage path for received emails
      this.options.emailPortConfig.receivedEmailsPath = config.storagePath;
    }
    
    // Apply port mapping if provided
    if (config.portMapping) {
      this.options.emailPortConfig.portMapping = {
        ...this.options.emailPortConfig.portMapping,
        ...config.portMapping
      };
      
      logger.log('info', `Updated MTA port mappings: ${JSON.stringify(this.options.emailPortConfig.portMapping)}`);
    }
    
    // Use the dedicated helper to configure the email server
    // Pass through the options specified by the implementation
    if (this.unifiedEmailServer) {
      configureEmailServer(this.unifiedEmailServer, {
        ports: [config.internalPort], // Use whatever port the implementation specifies
        hostname: config.host,
        tls: config.secure ? {
          // Basic TLS settings if secure mode is enabled
          certPath: this.options.tls?.certPath,
          keyPath: this.options.tls?.keyPath,
          caPath: this.options.tls?.caPath
        } : undefined,
        storagePath: config.storagePath
      });
    }
    
    // If email handling is already set up, restart it to apply changes
    if (this.unifiedEmailServer) {
      logger.log('info', 'Restarting unified email handling to apply MTA configuration changes');
      await this.stopUnifiedEmailComponents();
      await this.setupUnifiedEmailHandling();
    }
    
    return true;
  }
}

// Re-export types for convenience
export type { IEmailConfig, IDomainRule, EmailProcessingMode };

export default DcRouter;