serve.zone/dcrouter
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(routes,email): persist system DNS routes with runtime hydration and add reusable email ops DNS helpers

Browse Source
This commit is contained in:
Jürgen Kunz
2026-04-15 19:59:04 +00:00
parent e0386beb15
commit 39f449cbe4
24 changed files with 1221 additions and 2525 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ts_interfaces/data/route-management.ts
View File

@@ -90,6 +90,7 @@ export interface IMergedRoute {
id: string;
enabled: boolean;
origin: 'config' | 'email' | 'dns' | 'api';
systemKey?: string;
createdAt?: number;
updatedAt?: number;
metadata?: IRouteMetadata;
@@ -132,6 +133,7 @@ export interface IRoute {
updatedAt: number;
createdBy: string;
origin: 'config' | 'email' | 'dns' | 'api';
systemKey?: string;
metadata?: IRouteMetadata;
}

343
ts_interfaces/readme.md
View File

@@ -1,8 +1,8 @@
# @serve.zone/dcrouter-interfaces
TypeScript interfaces and type definitions for the DcRouter OpsServer API. 📡
Shared TypeScript request and data interfaces for dcrouter's OpsServer API. 📡
This module provides strongly-typed interfaces for communicating with the DcRouter OpsServer via [TypedRequest](https://code.foss.global/api.global/typedrequest). Use these interfaces for type-safe API interactions in your frontend applications or integration code.
This package is the contract layer for typed clients, frontend code, tests, or automation that talks to a running dcrouter instance through TypedRequest.
## Issue Reporting and Security
@@ -14,320 +14,79 @@ For reporting bugs, issues, or security vulnerabilities, please visit [community
pnpm add @serve.zone/dcrouter-interfaces
```
Or import directly from the main package:
Or consume the same interfaces through the main package:
```typescript
import { data, requests } from '@serve.zone/dcrouter/interfaces';
```
## Usage
## What It Exports
The package exposes two namespaces from `index.ts`:
| Export | Purpose |
| --- | --- |
| `data` | Shared runtime-shaped types such as route data, auth identity, stats, domains, certificates, VPN, DNS, and email-domain data |
| `requests` | TypedRequest request and response contracts for every OpsServer endpoint |
## Example
```typescript
import * as typedrequest from '@api.global/typedrequest';
import { data, requests } from '@serve.zone/dcrouter-interfaces';
// Use data interfaces for type definitions
const identity: data.IIdentity = {
jwt: 'your-jwt-token',
userId: 'user-123',
name: 'Admin User',
expiresAt: Date.now() + 3600000,
role: 'admin'
jwt: 'jwt-token',
userId: 'admin-1',
name: 'Admin',
expiresAt: Date.now() + 60_000,
role: 'admin',
};
// Use request interfaces for API calls
import * as typedrequest from '@api.global/typedrequest';
const statsClient = new typedrequest.TypedRequest<requests.IReq_GetServerStatistics>(
'https://your-dcrouter:3000/typedrequest',
'getServerStatistics'
const request = new typedrequest.TypedRequest<requests.IReq_GetMergedRoutes>(
'https://dcrouter.example.com/typedrequest',
'getMergedRoutes',
);
const stats = await statsClient.fire({
identity,
includeHistory: true,
timeRange: '24h'
});
```
const response = await request.fire({ identity });
## Module Structure
### Data Interfaces (`data`)
Core data types used throughout the DcRouter system:
#### `IIdentity`
Authentication identity for API requests:
```typescript
interface IIdentity {
jwt: string; // JWT token
userId: string; // Unique user ID
name: string; // Display name
expiresAt: number; // Token expiration timestamp
role?: string; // User role (e.g., 'admin')
type?: string; // Identity type
for (const route of response.routes) {
console.log(route.id, route.origin, route.systemKey, route.enabled);
}
```
#### Statistics Interfaces
| Interface | Description |
|-----------|-------------|
| `IServerStats` | Uptime, memory, CPU, connection counts |
| `IEmailStats` | Sent/received/bounced/queued/failed, delivery & bounce rates |
| `IDnsStats` | Total queries, cache hits/misses, query types |
| `IRateLimitInfo` | Domain rate limit status (current rate, limit, remaining) |
| `ISecurityMetrics` | Blocked IPs, spam/malware/phishing counts |
| `IConnectionInfo` | Connection ID, remote address, protocol, state, bytes |
| `IQueueStatus` | Queue name, size, processing/failed/retrying counts |
| `IHealthStatus` | Healthy flag, uptime, per-service status map |
| `INetworkMetrics` | Bandwidth, connection counts, top endpoints |
| `IRadiusStats` | Running, uptime, auth requests/accepts/rejects, sessions, data transfer |
| `IVpnStats` | Running, subnet, registered/connected clients, WireGuard port |
| `ILogEntry` | Timestamp, level, category, message, metadata |
## API Domains Covered
#### Route Management Interfaces
| Interface | Description |
|-----------|-------------|
| `IMergedRoute` | Combined route: routeConfig, source (hardcoded/programmatic), enabled, overridden |
| `IRouteWarning` | Merge warning: disabled-hardcoded, disabled-programmatic, orphaned-override |
| `IApiTokenInfo` | Token info: id, name, scopes, createdAt, expiresAt, enabled |
| `TApiTokenScope` | Token scopes: `routes:read`, `routes:write`, `config:read`, `tokens:read`, `tokens:manage` |
| Domain | Examples |
| --- | --- |
| Auth | admin login, logout, identity verification |
| Routes | merged routes, create, update, delete, toggle |
| Access | API tokens, source profiles, target profiles, network targets |
| DNS and domains | providers, domains, DNS records |
| Certificates | overview, reprovision, import, export, delete, ACME config |
| Email | email operations, email domains |
| Remote ingress | edge registrations, status, connection tokens |
| VPN | clients, status, telemetry, lifecycle |
| RADIUS | clients, VLANs, sessions, accounting |
| Observability | stats, logs, health, configuration |
#### Security & Reference Interfaces
| Interface | Description |
|-----------|-------------|
| `ISecurityProfile` | Reusable security config: id, name, description, security (ipAllowList, ipBlockList, maxConnections, rateLimit, etc.), extendsProfiles |
| `INetworkTarget` | Reusable host:port destination: id, name, description, host (string or string[]), port |
| `IRouteMetadata` | Route-to-reference links: securityProfileRef, networkTargetRef, snapshot names, lastResolvedAt |
## Notable Data Types
#### Remote Ingress Interfaces
| Interface | Description |
|-----------|-------------|
| `IRemoteIngress` | Edge registration: id, name, secret, listenPorts, enabled, autoDerivePorts, tags |
| `IRemoteIngressStatus` | Runtime status: connected, publicIp, activeTunnels, lastHeartbeat |
| `IRouteRemoteIngress` | Route-level config: enabled flag and optional edgeFilter |
| `IDcRouterRouteConfig` | Extended SmartProxy route config with optional `remoteIngress` and `vpn` properties |
| `IRouteVpn` | Route-level VPN config: `enabled`/`mandatory` flags and optional `allowedServerDefinedClientTags` |
| Type | Description |
| --- | --- |
| `data.IMergedRoute` | Route entry returned by route management, including `origin`, `enabled`, and optional `systemKey` |
| `data.IDcRouterRouteConfig` | dcrouter-flavored route config used across the stack |
| `data.IRouteMetadata` | Reference metadata connecting routes to source profiles or network targets |
| `data.IIdentity` | Admin identity used for authenticated requests |
| `data.IApiTokenInfo` | Public token metadata without the secret |
#### VPN Interfaces
| Interface | Description |
|-----------|-------------|
| `IVpnClient` | Client registration: clientId, enabled, serverDefinedClientTags, description, assignedIp, timestamps |
| `IVpnServerStatus` | Server status: running, subnet, wgListenPort, publicKeys, client counts |
| `IVpnClientTelemetry` | Per-client metrics: bytes sent/received, packets dropped, keepalives, rate limits |
## When To Use This Package
### Request Interfaces (`requests`)
- Use it in custom dashboards or CLIs that call TypedRequest directly.
- Use it in tests that need strongly typed request payloads or response assertions.
- Use it when you want the API contract without pulling in the OO client.
TypedRequest interfaces for the OpsServer API, organized by domain:
#### 🔐 Authentication
| Interface | Method | Description |
|-----------|--------|-------------|
| `IReq_AdminLoginWithUsernameAndPassword` | `adminLoginWithUsernameAndPassword` | Authenticate as admin |
| `IReq_AdminLogout` | `adminLogout` | End admin session |
| `IReq_VerifyIdentity` | `verifyIdentity` | Verify JWT token validity |
#### 📊 Statistics
| Interface | Method | Description |
|-----------|--------|-------------|
| `IReq_GetServerStatistics` | `getServerStatistics` | Overall server stats |
| `IReq_GetEmailStatistics` | `getEmailStatistics` | Email throughput metrics |
| `IReq_GetDnsStatistics` | `getDnsStatistics` | DNS query stats |
| `IReq_GetRateLimitStatus` | `getRateLimitStatus` | Rate limit status |
| `IReq_GetSecurityMetrics` | `getSecurityMetrics` | Security event metrics |
| `IReq_GetActiveConnections` | `getActiveConnections` | Active connection list |
| `IReq_GetQueueStatus` | `getQueueStatus` | Email queue status |
| `IReq_GetHealthStatus` | `getHealthStatus` | System health check |
| `IReq_GetNetworkStats` | `getNetworkStats` | Network throughput and connection analytics |
| `IReq_GetCombinedMetrics` | `getCombinedMetrics` | All metrics in one request (server, email, DNS, security, network, RADIUS, VPN) |
#### ⚙️ Configuration
| Interface | Method | Description |
|-----------|--------|-------------|
| `IReq_GetConfiguration` | `getConfiguration` | Current config (read-only) |
#### 📜 Logs
| Interface | Method | Description |
|-----------|--------|-------------|
| `IReq_GetRecentLogs` | `getLogs` | Retrieve system logs |
| `IReq_GetLogStream` | `getLogStream` | Stream live logs |
#### 📧 Email Operations
| Interface | Method | Description |
|-----------|--------|-------------|
| `IReq_GetAllEmails` | `getAllEmails` | List all emails |
| `IReq_GetEmailDetail` | `getEmailDetail` | Full detail for a specific email |
| `IReq_ResendEmail` | `resendEmail` | Re-queue a failed email |
#### 🛣️ Route Management
| Interface | Method | Description |
|-----------|--------|-------------|
| `IReq_GetMergedRoutes` | `getMergedRoutes` | List all routes (hardcoded + programmatic) |
| `IReq_CreateRoute` | `createRoute` | Create a new programmatic route |
| `IReq_UpdateRoute` | `updateRoute` | Update a programmatic route |
| `IReq_DeleteRoute` | `deleteRoute` | Delete a programmatic route |
| `IReq_ToggleRoute` | `toggleRoute` | Enable/disable a programmatic route |
| `IReq_SetRouteOverride` | `setRouteOverride` | Override a hardcoded route |
| `IReq_RemoveRouteOverride` | `removeRouteOverride` | Remove a route override |
#### 🔑 API Token Management
| Interface | Method | Description |
|-----------|--------|-------------|
| `IReq_CreateApiToken` | `createApiToken` | Create a new API token |
| `IReq_ListApiTokens` | `listApiTokens` | List all tokens |
| `IReq_RevokeApiToken` | `revokeApiToken` | Revoke (delete) a token |
| `IReq_RollApiToken` | `rollApiToken` | Regenerate token secret |
| `IReq_ToggleApiToken` | `toggleApiToken` | Enable/disable a token |
#### 🔐 Certificates
| Interface | Method | Description |
|-----------|--------|-------------|
| `IReq_GetCertificateOverview` | `getCertificateOverview` | Domain-centric certificate status |
| `IReq_ReprovisionCertificate` | `reprovisionCertificate` | Reprovision by route name (legacy) |
| `IReq_ReprovisionCertificateDomain` | `reprovisionCertificateDomain` | Reprovision by domain (preferred) |
| `IReq_ImportCertificate` | `importCertificate` | Import a certificate |
| `IReq_ExportCertificate` | `exportCertificate` | Export a certificate |
| `IReq_DeleteCertificate` | `deleteCertificate` | Delete a certificate |
#### Certificate Types
```typescript
type TCertificateStatus = 'valid' | 'expiring' | 'expired' | 'provisioning' | 'failed' | 'unknown';
type TCertificateSource = 'acme' | 'provision-function' | 'static' | 'none';
interface ICertificateInfo {
domain: string;
routeNames: string[];
status: TCertificateStatus;
source: TCertificateSource;
tlsMode: 'terminate' | 'terminate-and-reencrypt' | 'passthrough';
expiryDate?: string;
issuer?: string;
issuedAt?: string;
error?: string;
canReprovision: boolean;
backoffInfo?: {
failures: number;
retryAfter?: string;
lastError?: string;
};
}
```
#### 🌍 Remote Ingress
| Interface | Method | Description |
|-----------|--------|-------------|
| `IReq_CreateRemoteIngress` | `createRemoteIngress` | Register a new edge node |
| `IReq_DeleteRemoteIngress` | `deleteRemoteIngress` | Remove an edge registration |
| `IReq_UpdateRemoteIngress` | `updateRemoteIngress` | Update edge settings |
| `IReq_RegenerateRemoteIngressSecret` | `regenerateRemoteIngressSecret` | Issue a new secret |
| `IReq_GetRemoteIngresses` | `getRemoteIngresses` | List all edge registrations |
| `IReq_GetRemoteIngressStatus` | `getRemoteIngressStatus` | Runtime status of all edges |
| `IReq_GetRemoteIngressConnectionToken` | `getRemoteIngressConnectionToken` | Generate a connection token |
#### 🔐 VPN
| Interface | Method | Description |
|-----------|--------|-------------|
| `IReq_GetVpnClients` | `getVpnClients` | List all registered VPN clients |
| `IReq_GetVpnStatus` | `getVpnStatus` | VPN server status |
| `IReq_CreateVpnClient` | `createVpnClient` | Create a new VPN client (returns WireGuard config) |
| `IReq_DeleteVpnClient` | `deleteVpnClient` | Remove a VPN client |
| `IReq_EnableVpnClient` | `enableVpnClient` | Enable a disabled client |
| `IReq_DisableVpnClient` | `disableVpnClient` | Disable a client |
| `IReq_RotateVpnClientKey` | `rotateVpnClientKey` | Generate new keys for a client |
| `IReq_ExportVpnClientConfig` | `exportVpnClientConfig` | Export WireGuard or SmartVPN config |
| `IReq_GetVpnClientTelemetry` | `getVpnClientTelemetry` | Per-client traffic metrics |
#### 📡 RADIUS
| Interface | Method | Description |
|-----------|--------|-------------|
| `IReq_GetRadiusClients` | `getRadiusClients` | List NAS clients |
| `IReq_SetRadiusClient` | `setRadiusClient` | Add/update a NAS client |
| `IReq_RemoveRadiusClient` | `removeRadiusClient` | Remove a NAS client |
| `IReq_GetVlanMappings` | `getVlanMappings` | List VLAN mappings |
| `IReq_SetVlanMapping` | `setVlanMapping` | Add/update VLAN mapping |
| `IReq_RemoveVlanMapping` | `removeVlanMapping` | Remove VLAN mapping |
| `IReq_TestVlanAssignment` | `testVlanAssignment` | Test what VLAN a MAC gets |
| `IReq_GetRadiusSessions` | `getRadiusSessions` | List active sessions |
| `IReq_DisconnectRadiusSession` | `disconnectRadiusSession` | Force disconnect |
| `IReq_GetRadiusStatistics` | `getRadiusStatistics` | RADIUS stats |
| `IReq_GetRadiusAccountingSummary` | `getRadiusAccountingSummary` | Accounting summary |
#### 🛡️ Security Profiles
| Interface | Method | Description |
|-----------|--------|-------------|
| `IReq_GetSecurityProfiles` | `getSecurityProfiles` | List all security profiles |
| `IReq_GetSecurityProfile` | `getSecurityProfile` | Get a single profile by ID |
| `IReq_CreateSecurityProfile` | `createSecurityProfile` | Create a reusable security profile |
| `IReq_UpdateSecurityProfile` | `updateSecurityProfile` | Update a profile (propagates to routes) |
| `IReq_DeleteSecurityProfile` | `deleteSecurityProfile` | Delete a profile (with optional force) |
| `IReq_GetSecurityProfileUsage` | `getSecurityProfileUsage` | Get routes referencing a profile |
#### 🎯 Network Targets
| Interface | Method | Description |
|-----------|--------|-------------|
| `IReq_GetNetworkTargets` | `getNetworkTargets` | List all network targets |
| `IReq_GetNetworkTarget` | `getNetworkTarget` | Get a single target by ID |
| `IReq_CreateNetworkTarget` | `createNetworkTarget` | Create a reusable host:port target |
| `IReq_UpdateNetworkTarget` | `updateNetworkTarget` | Update a target (propagates to routes) |
| `IReq_DeleteNetworkTarget` | `deleteNetworkTarget` | Delete a target (with optional force) |
| `IReq_GetNetworkTargetUsage` | `getNetworkTargetUsage` | Get routes referencing a target |
## Example: Full API Integration
> 💡 **Tip:** For a higher-level, object-oriented API, use [`@serve.zone/dcrouter-apiclient`](https://www.npmjs.com/package/@serve.zone/dcrouter-apiclient) which wraps these interfaces with resource classes and builder patterns.
```typescript
import * as typedrequest from '@api.global/typedrequest';
import { data, requests } from '@serve.zone/dcrouter-interfaces';
// 1. Login
const loginClient = new typedrequest.TypedRequest<requests.IReq_AdminLoginWithUsernameAndPassword>(
'https://your-dcrouter:3000/typedrequest',
'adminLoginWithUsernameAndPassword'
);
const loginResponse = await loginClient.fire({
username: 'admin',
password: 'your-password'
});
const identity = loginResponse.identity;
// 2. Fetch combined metrics
const metricsClient = new typedrequest.TypedRequest<requests.IReq_GetCombinedMetrics>(
'https://your-dcrouter:3000/typedrequest',
'getCombinedMetrics'
);
const metrics = await metricsClient.fire({ identity });
console.log('Server:', metrics.metrics.server);
console.log('Email:', metrics.metrics.email);
// 3. Check certificate status
const certClient = new typedrequest.TypedRequest<requests.IReq_GetCertificateOverview>(
'https://your-dcrouter:3000/typedrequest',
'getCertificateOverview'
);
const certs = await certClient.fire({ identity });
console.log(`Certificates: ${certs.summary.valid} valid, ${certs.summary.failed} failed`);
// 4. List remote ingress edges
const edgesClient = new typedrequest.TypedRequest<requests.IReq_GetRemoteIngresses>(
'https://your-dcrouter:3000/typedrequest',
'getRemoteIngresses'
);
const edges = await edgesClient.fire({ identity });
console.log('Registered edges:', edges.edges.length);
// 5. Generate a connection token for an edge
const tokenClient = new typedrequest.TypedRequest<requests.IReq_GetRemoteIngressConnectionToken>(
'https://your-dcrouter:3000/typedrequest',
'getRemoteIngressConnectionToken'
);
const tokenResponse = await tokenClient.fire({ identity, edgeId: edges.edges[0].id });
console.log('Connection token:', tokenResponse.token);
```
If you want a higher-level client with managers and resource classes, use `@serve.zone/dcrouter-apiclient` instead.
## License and Legal Information