diff --git a/readme.md b/readme.md index 9a40a06..7618719 100644 --- a/readme.md +++ b/readme.md @@ -1,34 +1,38 @@ # @serve.zone/dcrouter -![dcrouter banner](https://code.foss.global/serve.zone/docs/raw/branch/main/dcrouter.png) - -`dcrouter` is a TypeScript control plane for running a serious multi-protocol edge or datacenter gateway from one process. It wires together SmartProxy for HTTP/HTTPS/TCP routing, smartmta for email, smartdns for authoritative DNS and DNS-over-HTTPS, smartradius, smartvpn, remote ingress tunnels, a TypedRequest API, and the Ops dashboard. - -Use it when you want one place to define routes, manage domains and certificates, protect internal services, automate changes over an API, and operate the whole stack from a browser. +`dcrouter` is the serve.zone datacenter gateway runtime: a TypeScript control plane that brings HTTP/HTTPS/TCP routing, email ingress, authoritative DNS, RADIUS, VPN access control, remote ingress tunnels, certificate operations, metrics, and an Ops dashboard into one process. ## Issue Reporting and Security For reporting bugs, issues, or security vulnerabilities, please visit [community.foss.global/](https://community.foss.global/). This is the central community hub for all issue reporting. Developers who sign and comply with our contribution agreement and go through identification can also get a [code.foss.global/](https://code.foss.global/) account to submit Pull Requests directly. -## Why It Works +## Why It Exists -- 🌐 One runtime for HTTP/HTTPS/TCP, SMTP, authoritative DNS + DoH, RADIUS, VPN, and remote ingress. -- 🧠 Constructor config becomes system-managed routes, while API-created routes stay editable and clearly separated. -- 🔐 Certificates, DNS providers, domains, records, API tokens, access profiles, and protected routes live in one management plane. -- 🖥️ The OpsServer UI and TypedRequest API are first-class parts of the package, not an afterthought. -- ⚡ Qualifying HTTPS forward routes on port `443` get HTTP/3 augmentation by default unless you opt out. +Modern infrastructure often has too many tiny edge tools: a proxy here, a DNS daemon there, a separate cert worker, another dashboard, and a tunnel process bolted on later. `dcrouter` is designed as a cohesive gateway layer for operators who want one audited place to define public routes, domains, edge tunnels, access policy, and operational state. -## What You Get +Highlights: -| Area | What dcrouter does | +- 🌐 SmartProxy-backed HTTP, HTTPS, TCP, TLS/SNI, and optional HTTP/3 route handling +- 📬 SmartMTA-backed SMTP ingress and email-domain operations +- 🧭 SmartDNS-backed authoritative DNS plus generated DNS-over-HTTPS routes +- 🔐 ACME, certificate state, API tokens, users, source profiles, target profiles, and security policies +- 🛡️ RADIUS, VLAN assignment, VPN-protected routes, and remote ingress firewall snapshots +- 🖥️ Browser Ops dashboard and TypedRequest API served by the built-in OpsServer + +## Runtime Areas + +| Area | What dcrouter manages | | --- | --- | -| HTTP / HTTPS / TCP | SmartProxy-based reverse proxying, TLS termination or passthrough, path/domain/port matching, TCP/SNI forwarding | -| Email | SMTP ingress and delivery via `UnifiedEmailServer`, route-based mail actions, email-domain management, queue and resend operations | -| DNS | Authoritative zones, nameserver bootstrap records, DNS-over-HTTPS routes on `/dns-query` and `/resolve`, provider-backed domain management | -| Access and Edge | VPN-gated routes, RADIUS auth/accounting, remote ingress edge registrations and tunnel hub support | -| Operations | Browser dashboard, TypedRequest API, route management, tokens, certificates, logs, metrics, and health views | +| Proxying | SmartProxy routes for HTTP, HTTPS, TCP, SNI, TLS termination, passthrough, and backend forwarding | +| Route ownership | Constructor routes, generated email/DNS routes, and API-created routes with explicit origins | +| DNS | Authoritative scopes, generated NS records, static DNS records, provider-backed domains, and DoH endpoints | +| Email | UnifiedEmailServer startup, email-domain management, route-backed delivery actions, received mail operations | +| Certificates | ACME config, stored certificate metadata, provisioning backoff, and certificate status reporting | +| Edge access | Remote ingress hub, edge registrations, derived edge ports, pushed firewall rules, VPN-only route access | +| Network auth | RADIUS clients, MAC Authentication Bypass, VLAN mapping, and accounting sessions | +| Operations | Dashboard views, TypedRequest handlers, metrics, logs, health, API tokens, users, and configuration views | -## Installation +## Install ```bash pnpm add @serve.zone/dcrouter @@ -36,7 +40,7 @@ pnpm add @serve.zone/dcrouter ## Quick Start -This example stays on unprivileged ports so you can run it locally without root. +This starts the gateway on unprivileged ports and stores data under the default `~/.serve.zone/dcrouter` base directory. ```typescript import { DcRouter } from '@serve.zone/dcrouter'; @@ -69,86 +73,77 @@ await router.start(); After startup: - open the dashboard at `http://localhost:3000` -- log in with the current built-in credentials `admin` / `admin` +- log in with the current built-in development credentials `admin` / `admin` - send proxied traffic to `http://localhost:18080` - stop gracefully with `await router.stop()` -## Route Ownership Model +## Configuration Model -dcrouter keeps route ownership explicit so automation does not accidentally stomp on system-generated traffic. - -| Route origin | Where it comes from | What you can do | -| --- | --- | --- | -| `config` | Constructor `smartProxyConfig.routes` and related seed config | View and toggle | -| `email` | Email listener and mail-routing derived routes | View and toggle | -| `dns` | Generated DoH and DNS-related routes | View and toggle | -| `api` | Created through the Ops UI or API client | Full CRUD | - -Important details: - -- system routes are persisted with stable `systemKey` values -- DNS-over-HTTPS routes are persisted and then hydrated with live socket handlers at runtime -- editing and deletion are reserved for `api` routes; system routes are toggle-only by design - -## Configuration Cheat Sheet - -The main entrypoint is `IDcRouterOptions`. +`DcRouter` is configured with `IDcRouterOptions` from `@serve.zone/dcrouter`. | Option | Purpose | | --- | --- | -| `smartProxyConfig` | Main HTTP/HTTPS and TCP/SNI routing config | -| `emailConfig` | Email hostname, ports, domains, and mail routing rules | -| `emailPortConfig` | External-to-internal email port remapping and received-email storage path | -| `tls` | ACME contact and static certificate paths | -| `dnsNsDomains` | Nameserver hostnames used for NS bootstrap and DoH route generation | -| `dnsScopes` | Domains served authoritatively by the embedded DNS server | -| `dnsRecords` | Static constructor-defined DNS records | -| `publicIp` / `proxyIps` | How A records are exposed for nameserver and service records | -| `dbConfig` | Embedded LocalSmartDb or external MongoDB-backed persistence | -| `radiusConfig` | RADIUS auth, VLAN assignment, and accounting | -| `remoteIngressConfig` | Remote ingress hub and edge tunnel setup | -| `vpnConfig` | VPN server and client definitions for protected route access | -| `http3` | Global HTTP/3 behavior for qualifying HTTPS routes | -| `opsServerPort` | Ops dashboard and TypedRequest API port | +| `baseDir` | Root directory for dcrouter runtime data. Defaults to `~/.serve.zone/dcrouter`. | +| `smartProxyConfig` | Main SmartProxy route configuration for HTTP/HTTPS/TCP/SNI traffic. | +| `emailConfig` | UnifiedEmailServer configuration: hostname, ports, domains, and mail routes. | +| `emailPortConfig` | External-to-internal email port mapping and received-email storage path. | +| `tls` | Legacy/static TLS and ACME contact settings used to seed certificate config. | +| `dnsNsDomains` | Nameserver hostnames used for generated NS records and DoH routes. | +| `dnsScopes` | Authoritative domains served by the embedded DNS server. | +| `dnsRecords` | Constructor-defined DNS records. | +| `publicIp` / `proxyIps` | IPs used for generated A records and proxy-aware DNS exposure. | +| `dbConfig` | Smartdata persistence via embedded LocalSmartDb or external MongoDB. | +| `radiusConfig` | RADIUS authentication, accounting, and VLAN assignment. | +| `remoteIngressConfig` | Remote ingress hub configuration for edge tunnel nodes. | +| `vpnConfig` | VPN server/client definitions and VPN-only routing behavior. | +| `http3` | HTTP/3 augmentation settings for qualifying HTTPS routes. | +| `opsServerPort` | Port for the Ops dashboard and `/typedrequest` API. Defaults to `3000`. | -## Important Behavior +Important runtime behavior: -- `dbConfig.enabled` defaults to `true`. If you do not provide `mongoDbUrl`, dcrouter starts an embedded local database automatically. -- If you disable the DB, constructor-driven traffic can still run, but DB-backed features such as persistent routes, tokens, ACME config, and managed domains do not start. -- Qualifying HTTPS forward routes on port `443` get HTTP/3 by default unless `http3.enabled === false` or the route opts out. -- DNS-over-HTTPS endpoints are generated on the first entry of `dnsNsDomains` at `/dns-query` and `/resolve`. -- Email listener ports are internally remapped by default, so common external ports such as `25`, `587`, and `465` end up on internal ports like `10025`, `10587`, and `10465`. -- Provider-backed domains can be managed in the Ops plane without being served by the embedded authoritative DNS server. +- `dbConfig.enabled` defaults to enabled. Without `mongoDbUrl`, dcrouter uses embedded LocalSmartDb. +- If the DB is disabled, constructor-defined proxy traffic can still run, but persistent API routes, tokens, managed domains, and stored certificate state are unavailable. +- Qualifying HTTPS forward routes on port `443` are HTTP/3-augmented unless `http3.enabled === false` or the route opts out. +- DNS-over-HTTPS routes are generated on the first `dnsNsDomains` entry at `/dns-query` and `/resolve`. +- Email listener ports can be remapped internally, for example public `25`, `587`, and `465` to unprivileged internal ports. -## Bigger Example +## Route Ownership + +dcrouter keeps generated and operator-created routes separate so automation can reconcile safely. + +| Origin | Source | Mutability | +| --- | --- | --- | +| `config` | Constructor `smartProxyConfig.routes` and seed data | Toggle only | +| `email` | Email listener and email-domain generated routes | Toggle only | +| `dns` | Generated DNS-over-HTTPS and DNS-related routes | Toggle only | +| `api` | Ops UI or API client | Full CRUD | + +System routes are persisted with stable `systemKey` values. API-created routes are the editable route layer intended for operators and automation. + +## Production-Flavored Example ```typescript import { DcRouter } from '@serve.zone/dcrouter'; const router = new DcRouter({ + baseDir: '/var/lib/dcrouter', smartProxyConfig: { routes: [ { name: 'web-app', - match: { - domains: ['app.example.com'], - ports: [443], - }, + match: { domains: ['app.example.com'], ports: [443] }, action: { type: 'forward', - targets: [{ host: '127.0.0.1', port: 8080 }], + targets: [{ host: '10.10.0.21', port: 8080 }], tls: { mode: 'terminate', certificate: 'auto' }, }, }, { name: 'internal-admin', - match: { - domains: ['internal.example.com'], - ports: [443], - }, + match: { domains: ['admin.example.com'], ports: [443] }, action: { type: 'forward', - targets: [{ host: '127.0.0.1', port: 9090 }], + targets: [{ host: '10.10.0.30', port: 9000 }], tls: { mode: 'terminate', certificate: 'auto' }, }, vpnOnly: true, @@ -158,15 +153,10 @@ const router = new DcRouter({ emailConfig: { hostname: 'mail.example.com', ports: [25, 587, 465], - domains: [ - { - domain: 'example.com', - dnsMode: 'internal-dns', - }, - ], + domains: [{ domain: 'example.com', dnsMode: 'internal-dns' }], routes: [ { - name: 'inbound-mail', + name: 'inbound-example', match: { recipients: '*@example.com' }, action: { type: 'forward', @@ -178,18 +168,15 @@ const router = new DcRouter({ dnsNsDomains: ['ns1.example.com', 'ns2.example.com'], dnsScopes: ['example.com'], publicIp: '203.0.113.10', + remoteIngressConfig: { + enabled: true, + tunnelPort: 8443, + hubDomain: 'ingress.example.com', + }, vpnConfig: { enabled: true, serverEndpoint: 'vpn.example.com', - clients: [ - { - clientId: 'ops-laptop', - description: 'Operations laptop', - }, - ], - }, - dbConfig: { - enabled: true, + clients: [{ clientId: 'ops-laptop', description: 'Operations laptop' }], }, opsServerPort: 3000, }); @@ -197,15 +184,9 @@ const router = new DcRouter({ await router.start(); ``` -## Automation +## Automation API -dcrouter gives you three good integration layers: - -- the browser dashboard served by `OpsServer` -- raw TypedRequest contracts via `@serve.zone/dcrouter/interfaces` -- a higher-level OO API client via `@serve.zone/dcrouter/apiclient` or `@serve.zone/dcrouter-apiclient` - -### OO API Client Example +The OpsServer exposes TypedRequest handlers at `/typedrequest`. You can use raw contracts or the object-oriented API client. ```bash pnpm add @serve.zone/dcrouter-apiclient @@ -220,24 +201,20 @@ const client = new DcRouterApiClient({ await client.login('admin', 'admin'); -const { routes } = await client.routes.list(); - -await client.routes.build() +const route = await client.routes.build() .setName('api-gateway') .setMatch({ ports: 443, domains: ['api.example.com'] }) .setAction({ type: 'forward', targets: [{ host: '127.0.0.1', port: 8081 }] }) .save(); -if (routes[0] && routes[0].origin !== 'api') { - await routes[0].toggle(false); -} +await route.toggle(true); ``` -See `./ts_apiclient/readme.md` for the dedicated client package and `./ts_interfaces/readme.md` for the raw contracts. +Use `@serve.zone/dcrouter/interfaces` or `@serve.zone/dcrouter-interfaces` when you want the raw TypedRequest contracts instead of resource managers. ## OCI / Container Bootstrap -The package also includes an environment-driven bootstrap used by `runCli()` when `DCROUTER_MODE=OCI_CONTAINER`. +`runCli()` supports an environment-driven container mode when `DCROUTER_MODE=OCI_CONTAINER`. ```typescript import { runCli } from '@serve.zone/dcrouter'; @@ -245,49 +222,52 @@ import { runCli } from '@serve.zone/dcrouter'; await runCli(); ``` -Useful environment variables include: +Supported environment overrides include: -- `DCROUTER_CONFIG_PATH` -- `DCROUTER_BASE_DIR` -- `DCROUTER_TLS_EMAIL` -- `DCROUTER_TLS_DOMAIN` -- `DCROUTER_PUBLIC_IP` -- `DCROUTER_PROXY_IPS` -- `DCROUTER_DNS_NS_DOMAINS` -- `DCROUTER_DNS_SCOPES` -- `DCROUTER_EMAIL_HOSTNAME` -- `DCROUTER_EMAIL_PORTS` +| Variable | Purpose | +| --- | --- | +| `DCROUTER_CONFIG_PATH` | JSON file loaded as the base `IDcRouterOptions` object. | +| `DCROUTER_BASE_DIR` | Runtime data root. | +| `DCROUTER_TLS_EMAIL` / `DCROUTER_TLS_DOMAIN` | TLS/ACME seed settings. | +| `DCROUTER_PUBLIC_IP` / `DCROUTER_PROXY_IPS` | Public/proxy IP exposure settings. | +| `DCROUTER_DNS_NS_DOMAINS` / `DCROUTER_DNS_SCOPES` | DNS nameserver and authoritative scope settings. | +| `DCROUTER_EMAIL_HOSTNAME` / `DCROUTER_EMAIL_PORTS` | Email server seed settings. | +| `DCROUTER_CACHE_ENABLED` | Enables or disables DB-backed persistence. | +| `DCROUTER_MAX_CONNECTIONS`, `DCROUTER_MAX_CONNECTIONS_PER_IP`, `DCROUTER_CONNECTION_RATE_LIMIT` | SmartProxy capacity and rate-limit overrides. | ## Published Modules -This repository ships several module boundaries from one codebase. +This repository intentionally publishes multiple module boundaries from one codebase. | Module | Purpose | Docs | | --- | --- | --- | | `@serve.zone/dcrouter` | Main runtime and orchestrator | `./readme.md` | -| `@serve.zone/dcrouter/interfaces` | Shared request and data contracts as a subpath export | `./ts_interfaces/readme.md` | -| `@serve.zone/dcrouter/apiclient` | OO API client as a subpath export | `./ts_apiclient/readme.md` | -| `@serve.zone/dcrouter-interfaces` | Standalone interfaces package | `./ts_interfaces/readme.md` | +| `@serve.zone/dcrouter/interfaces` | Shared contracts as a subpath export | `./ts_interfaces/readme.md` | +| `@serve.zone/dcrouter/apiclient` | API client as a subpath export | `./ts_apiclient/readme.md` | +| `@serve.zone/dcrouter-interfaces` | Standalone contracts package | `./ts_interfaces/readme.md` | | `@serve.zone/dcrouter-apiclient` | Standalone OO API client package | `./ts_apiclient/readme.md` | | `@serve.zone/dcrouter-migrations` | Standalone migration runner package | `./ts_migrations/readme.md` | -| `@serve.zone/dcrouter-web` | Standalone web dashboard package boundary | `./ts_web/readme.md` | +| `@serve.zone/dcrouter-web` | Dashboard frontend module boundary | `./ts_web/readme.md` | ## Development ```bash pnpm run build pnpm test +pnpm run watch ``` -Target a single test while working on one area: +Useful source entry points: -```bash -tstest test/test.apiclient.ts --verbose -``` +- `ts/index.ts` exports `DcRouter`, `runCli()`, and public module surfaces. +- `ts/classes.dcrouter.ts` owns service startup, dependency ordering, and `IDcRouterOptions`. +- `ts/opsserver/classes.opsserver.ts` wires the dashboard server and TypedRequest handlers. +- `ts/remoteingress/` integrates `@serve.zone/remoteingress` with stored edge registrations. +- `ts_migrations/index.ts` contains all DB schema migration steps. ## License and Legal Information -This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [LICENSE](./license) file. +This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [license](./license) file. **Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file. @@ -299,7 +279,7 @@ Use of these trademarks must comply with Task Venture Capital GmbH's Trademark G ### Company Information -Task Venture Capital GmbH +Task Venture Capital GmbH Registered at District Court Bremen HRB 35230 HB, Germany For any legal inquiries or further information, please contact us via email at hello@task.vc. diff --git a/ts/readme.md b/ts/readme.md index 1f2d7a2..e7f3333 100644 --- a/ts/readme.md +++ b/ts/readme.md @@ -79,7 +79,7 @@ await router.start(); ## License and Legal Information -This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [LICENSE](../license) file. +This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [license](../license) file. **Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file. @@ -91,7 +91,7 @@ Use of these trademarks must comply with Task Venture Capital GmbH's Trademark G ### Company Information -Task Venture Capital GmbH +Task Venture Capital GmbH Registered at District Court Bremen HRB 35230 HB, Germany For any legal inquiries or further information, please contact us via email at hello@task.vc. diff --git a/ts_apiclient/readme.md b/ts_apiclient/readme.md index 532cebd..827d8e7 100644 --- a/ts_apiclient/readme.md +++ b/ts_apiclient/readme.md @@ -1,18 +1,18 @@ # @serve.zone/dcrouter-apiclient -Typed, object-oriented client for operating a running dcrouter instance. It wraps the OpsServer `/typedrequest` API in managers and resource classes so your scripts can work with routes, certificates, tokens, remote ingress edges, emails, stats, config, logs, and RADIUS without hand-rolling requests. +`@serve.zone/dcrouter-apiclient` is the object-oriented TypeScript client for the dcrouter OpsServer API. It wraps `/typedrequest` calls in managers, builders, and resource classes for routes, certificates, API tokens, remote ingress, email, stats, config, logs, RADIUS, and WorkHoster integrations. ## Issue Reporting and Security For reporting bugs, issues, or security vulnerabilities, please visit [community.foss.global/](https://community.foss.global/). This is the central community hub for all issue reporting. Developers who sign and comply with our contribution agreement and go through identification can also get a [code.foss.global/](https://code.foss.global/) account to submit Pull Requests directly. -## Installation +## Install ```bash pnpm add @serve.zone/dcrouter-apiclient ``` -You can also import the same client through the main package subpath: +The same client is also exposed as a subpath of the main package: ```typescript import { DcRouterApiClient } from '@serve.zone/dcrouter/apiclient'; @@ -30,7 +30,7 @@ const client = new DcRouterApiClient({ await client.login('admin', 'admin'); const { routes, warnings } = await client.routes.list(); -console.log('route count', routes.length, 'warnings', warnings.length); +console.log(routes.length, warnings.length); const route = await client.routes.build() .setName('api-gateway') @@ -38,47 +38,46 @@ const route = await client.routes.build() .setAction({ type: 'forward', targets: [{ host: '127.0.0.1', port: 8080 }] }) .save(); -await route.toggle(false); +await route.toggle(true); ``` -## What the Client Gives You +## Authentication -| Manager | Purpose | -| --- | --- | -| `client.routes` | List merged routes, create API routes, toggle routes | -| `client.certificates` | Inspect certificates and run certificate operations | -| `client.apiTokens` | Create, list, toggle, roll, and revoke API tokens | -| `client.remoteIngress` | Manage edge registrations, statuses, and connection tokens | -| `client.emails` | Inspect email items and trigger resend flows | -| `client.stats` | Health, statistics, and operational summaries | -| `client.config` | Read the current configuration view | -| `client.logs` | Read recent logs and log-related data | -| `client.radius` | Manage RADIUS clients, VLANs, and sessions | - -## Authentication Modes - -| Mode | How it works | -| --- | --- | -| Admin login | Call `login(username, password)` and the returned identity is stored on the client | -| API token | Pass `apiToken` in the constructor and it is injected into requests automatically | +The client supports session login and API-token authentication. ```typescript -const client = new DcRouterApiClient({ +const sessionClient = new DcRouterApiClient({ baseUrl: 'https://dcrouter.example.com', - apiToken: 'dcr_your_token_here', +}); +await sessionClient.login('admin', 'admin'); + +const tokenClient = new DcRouterApiClient({ + baseUrl: 'https://dcrouter.example.com', + apiToken: 'dcr_token_value', }); ``` -Important behavior: +`baseUrl` is normalized by removing trailing slashes. Requests are sent to `${baseUrl}/typedrequest`. `buildRequestPayload()` injects the current identity and optional API token for manager methods. -- `baseUrl` is normalized, and the client automatically calls `${baseUrl}/typedrequest` -- `buildRequestPayload()` injects the current identity and optional API token for you -- system routes can be toggled, but only API routes are meant for edit and delete flows +## Manager Map -## Route Builder Example +| Manager | Purpose | +| --- | --- | +| `client.routes` | List merged routes, build API routes, update/delete API routes, and toggle routes. | +| `client.certificates` | Inspect certificate summaries and trigger certificate operations. | +| `client.apiTokens` | Create, list, toggle, roll, and revoke API tokens. | +| `client.remoteIngress` | Manage edge registrations, statuses, ports, tags, and connection tokens. | +| `client.emails` | Inspect received/cached email items and trigger resend flows. | +| `client.workHosters` | Manage WorkHoster-facing route/application integration calls. | +| `client.stats` | Read health, counters, summaries, and runtime status. | +| `client.config` | Read the current configuration view. | +| `client.logs` | Read recent log information. | +| `client.radius` | Manage RADIUS clients, VLAN mappings, and accounting sessions. | + +## Route Builder ```typescript -const newRoute = await client.routes.build() +const route = await client.routes.build() .setName('internal-app') .setMatch({ ports: 443, @@ -91,7 +90,7 @@ const newRoute = await client.routes.build() .setEnabled(true) .save(); -await newRoute.update({ +await route.update({ action: { type: 'forward', targets: [{ host: '127.0.0.1', port: 3001 }], @@ -99,17 +98,17 @@ await newRoute.update({ }); ``` -## Token and Remote Ingress Example +System routes from `config`, `email`, and `dns` origins are designed to be toggled, not edited. Full create/update/delete behavior is for routes with origin `api`. + +## API Tokens and Remote Ingress ```typescript const token = await client.apiTokens.build() - .setName('ci-token') + .setName('automation') .setScopes(['routes:read', 'routes:write']) .setExpiresInDays(30) .save(); -console.log('copy this once:', token.tokenValue); - const edge = await client.remoteIngress.build() .setName('edge-eu-1') .setListenPorts([80, 443]) @@ -118,20 +117,31 @@ const edge = await client.remoteIngress.build() .save(); const connectionToken = await edge.getConnectionToken(); -console.log(connectionToken); +console.log(token.tokenValue, connectionToken); ``` -## What This Package Does Not Do +## What This Package Is Not - It does not start dcrouter. -- It does not bundle the dashboard. -- It does not replace the raw interfaces package when you want low-level TypedRequest contracts. +- It does not serve or bundle the Ops dashboard. +- It does not replace `@serve.zone/dcrouter-interfaces` when you want raw TypedRequest contracts. -Use `@serve.zone/dcrouter` to run the server and `@serve.zone/dcrouter-interfaces` for the shared request/data types. +Use `@serve.zone/dcrouter` for the server runtime and `@serve.zone/dcrouter-interfaces` for shared request/data types. + +## Development + +This folder is published from the dcrouter monorepo via `tspublish.json` with order `5`. + +Useful source entry points: + +- `index.ts` exports the public client surface. +- `classes.dcrouterapiclient.ts` owns authentication and request dispatch. +- `classes.route.ts` owns route resources and builders. +- `classes.remoteingress.ts`, `classes.apitoken.ts`, `classes.radius.ts`, and the other manager files wrap focused API domains. ## License and Legal Information -This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [LICENSE](../license) file. +This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [license](../license) file. **Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file. @@ -143,7 +153,7 @@ Use of these trademarks must comply with Task Venture Capital GmbH's Trademark G ### Company Information -Task Venture Capital GmbH +Task Venture Capital GmbH Registered at District Court Bremen HRB 35230 HB, Germany For any legal inquiries or further information, please contact us via email at hello@task.vc. diff --git a/ts_interfaces/readme.md b/ts_interfaces/readme.md index 56f86c0..d31cf90 100644 --- a/ts_interfaces/readme.md +++ b/ts_interfaces/readme.md @@ -1,18 +1,18 @@ # @serve.zone/dcrouter-interfaces -Shared TypeScript contracts for dcrouter's TypedRequest API. Use this package when you want compile-time request/response types and shared data models without pulling in the higher-level client SDK. +`@serve.zone/dcrouter-interfaces` contains the shared TypeScript data models and TypedRequest contracts used by dcrouter's OpsServer, dashboard, API client, tests, and external automation. ## Issue Reporting and Security For reporting bugs, issues, or security vulnerabilities, please visit [community.foss.global/](https://community.foss.global/). This is the central community hub for all issue reporting. Developers who sign and comply with our contribution agreement and go through identification can also get a [code.foss.global/](https://code.foss.global/) account to submit Pull Requests directly. -## Installation +## Install ```bash pnpm add @serve.zone/dcrouter-interfaces ``` -You can also consume the same contracts through the main package subpath: +The same contracts are exposed through the main package subpath: ```typescript import { data, requests } from '@serve.zone/dcrouter/interfaces'; @@ -22,23 +22,24 @@ import { data, requests } from '@serve.zone/dcrouter/interfaces'; | Export | Purpose | | --- | --- | -| `data` | Shared runtime-shaped data such as identities, routes, stats, domains, DNS records, VPN data, remote ingress data, and email-domain data | -| `requests` | TypedRequest request/response contracts for OpsServer endpoints | -| `typedrequestInterfaces` | Re-exported helper types from `@api.global/typedrequest-interfaces` | +| `data` | Shared runtime-shaped models such as identities, routes, DNS records, domains, email domains, remote ingress edges, VPN objects, stats, and security policy data. | +| `requests` | TypedRequest request/response contracts for OpsServer methods. | +| `typedrequestInterfaces` | Helper types re-exported from `@api.global/typedrequest-interfaces` through `plugins.ts`. | -## API Surface Covered +## Covered API Areas -| Domain | Examples | +| Area | Examples | | --- | --- | -| Auth | login, logout, identity verification | -| Routes | list merged routes, create, update, delete, toggle | -| Access | API tokens, source profiles, target profiles, network targets, users | -| DNS and domains | providers, domains, DNS records, ACME config | -| Email | email operations and email-domain management | +| Auth | admin login, logout, identity verification, users | +| Routes | merged route listing, API route CRUD, toggles, warnings, ownership metadata | +| Access | API tokens, source profiles, target profiles, network targets | +| DNS and domains | DNS providers, domains, DNS records, ACME config | +| Email | email-domain management and email operations | | Edge services | remote ingress, VPN, RADIUS | -| Observability | stats, health, logs, configuration | +| Observability | stats, combined stats, logs, configuration | +| WorkHoster | external app/workhoster route ownership contracts | -## Quick Example +## Raw TypedRequest Example ```typescript import { TypedRequest } from '@api.global/typedrequest'; @@ -61,21 +62,31 @@ const request = new TypedRequest( const response = await request.fire({ identity }); for (const route of response.routes) { - console.log(route.id, route.origin, route.systemKey, route.enabled); + console.log(route.id, route.origin, route.enabled, route.systemKey); } ``` -## When To Use This Package +## When To Use It -- Use it in tests that need strong request/response typing. -- Use it in custom CLIs or dashboards that call TypedRequest directly. -- Use it in shared code where both client and server need the same data shapes. +- Use it in custom CLIs that call dcrouter's TypedRequest API directly. +- Use it in tests that need request/response types without the OO client. +- Use it in integrations where server and client code need the same data shapes. +- Use `@serve.zone/dcrouter-apiclient` instead when you want higher-level managers and builders. -If you want managers, builders, and resource classes instead of raw contracts, use `@serve.zone/dcrouter-apiclient`. +## Development + +This folder is published from the dcrouter monorepo via `tspublish.json` with order `1`, before the client package that imports it. + +Useful source entry points: + +- `index.ts` exports `data` and `requests` namespaces. +- `data/index.ts` groups shared data models. +- `requests/index.ts` groups TypedRequest contracts. +- `data/route-management.ts` defines route ownership, API token scopes, profiles, and network target shapes. ## License and Legal Information -This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [LICENSE](../license) file. +This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [license](../license) file. **Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file. @@ -87,7 +98,7 @@ Use of these trademarks must comply with Task Venture Capital GmbH's Trademark G ### Company Information -Task Venture Capital GmbH +Task Venture Capital GmbH Registered at District Court Bremen HRB 35230 HB, Germany For any legal inquiries or further information, please contact us via email at hello@task.vc. diff --git a/ts_migrations/readme.md b/ts_migrations/readme.md index 7b79766..73af27a 100644 --- a/ts_migrations/readme.md +++ b/ts_migrations/readme.md @@ -1,63 +1,89 @@ # @serve.zone/dcrouter-migrations -Versioned SmartMigration chain for dcrouter's persistent data. This package builds the migration runner that dcrouter executes before DB-backed managers start reading collections. +`@serve.zone/dcrouter-migrations` is dcrouter's versioned SmartMigration chain for persistent database schema and data transitions. The main dcrouter runtime runs it after the database is ready and before DB-backed managers read collections. ## Issue Reporting and Security For reporting bugs, issues, or security vulnerabilities, please visit [community.foss.global/](https://community.foss.global/). This is the central community hub for all issue reporting. Developers who sign and comply with our contribution agreement and go through identification can also get a [code.foss.global/](https://code.foss.global/) account to submit Pull Requests directly. -## Installation +## Install ```bash pnpm add @serve.zone/dcrouter-migrations ``` -## What It Exports +If you boot `DcRouter`, you usually do not install or call this package directly; startup handles it. + +## API | Export | Purpose | | --- | --- | -| `createMigrationRunner(db, targetVersion)` | Builds the dcrouter migration runner for the target application version | -| `IMigrationRunner` | Small interface for the returned runner | -| `IMigrationRunResult` | Result shape logged after a run | - -## When To Use It - -- You are embedding dcrouter's storage layer outside the full runtime. -- You want to test or inspect schema transitions directly. -- You are extending dcrouter with new persistent data and need versioned upgrades. - -If you boot the full `DcRouter` runtime, this package is already used for you during startup. - -## Usage +| `createMigrationRunner(db, targetVersion)` | Builds a configured SmartMigration runner for the supplied Smartdata database and target app version. | +| `IMigrationRunner` | Minimal runner interface with `run()`. | +| `IMigrationRunResult` | Result shape logged after a migration run. | ```typescript import { createMigrationRunner } from '@serve.zone/dcrouter-migrations'; -const migration = await createMigrationRunner(db, '13.20.0'); +const migration = await createMigrationRunner(db, '13.25.0'); const result = await migration.run(); console.log(result.currentVersionBefore, result.currentVersionAfter); ``` -## What the Current Chain Covers +## Current Chain -- target profile target field migration from `host` to `ip` -- legacy domain source rename from `manual` to `dcrouter` -- legacy DNS record source rename from `manual` to `local` -- route storage unification from `StoredRouteDoc` to `RouteDoc` +The current migration chain covers: + +- `TargetProfileDoc.targets[].host` to `TargetProfileDoc.targets[].ip` +- legacy domain source `manual` to `dcrouter` +- legacy DNS record source `manual` to `local` +- route collection unification from `StoredRouteDoc` to `RouteDoc` - route `origin` backfill for migrated API routes - `systemKey` backfill for persisted config, email, and DNS routes -## Authoring Rules +## Migration Rules -- Add new migration logic only in `ts_migrations/index.ts`. -- Keep every step idempotent so reruns are safe. -- Make each step's `.to()` version line up with the release version that ships it. -- When adding new collection references, use the exact smartdata class-name collection casing for new code. +All schema migrations must live in `ts_migrations/index.ts` as SmartMigration steps. Do not put migration logic in application services, managers, startup hooks, or document classes. + +Every step must be idempotent. SmartMigration may re-run steps during skip-forward or resume flows, so an already-migrated database must remain safe. + +The `.to()` version of a step must match the release version that ships the migration so SmartMigration can plan the step correctly. + +## Collection Name Warning + +smartdata uses the exact class name as the MongoDB collection name. Do not lowercase new collection references. + +Examples: + +| Document class | MongoDB collection | +| --- | --- | +| `StoredRouteDoc` | `StoredRouteDoc` | +| `TargetProfileDoc` | `TargetProfileDoc` | +| `RouteDoc` | `RouteDoc` | + +When writing migrations in `ts_migrations/index.ts`, use exact class-name casing in calls such as `ctx.mongo!.collection('ClassName')` and `db.listCollections({ name: 'ClassName' })`. + +Historical migration steps may still reference older lowercased collections from earlier behavior. Do not copy that pattern for new migrations. + +## When To Use This Package Directly + +- You are testing dcrouter schema transitions without booting the full runtime. +- You are embedding dcrouter persistence in another process and need the same version chain. +- You are authoring a migration and want a focused test harness around `createMigrationRunner()`. + +## Development + +This folder is published from the dcrouter monorepo via `tspublish.json` with order `2`. + +Useful source entry points: + +- `index.ts` defines the public runner factory and all migration steps. +- `../AGENTS.md` contains the local migration authoring rules that must be followed. ## License and Legal Information -This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [LICENSE](../license) file. +This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [license](../license) file. **Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file. @@ -69,7 +95,7 @@ Use of these trademarks must comply with Task Venture Capital GmbH's Trademark G ### Company Information -Task Venture Capital GmbH +Task Venture Capital GmbH Registered at District Court Bremen HRB 35230 HB, Germany For any legal inquiries or further information, please contact us via email at hello@task.vc. diff --git a/ts_web/readme.md b/ts_web/readme.md index 998cc43..a5aa3d5 100644 --- a/ts_web/readme.md +++ b/ts_web/readme.md @@ -1,6 +1,6 @@ # @serve.zone/dcrouter-web -Browser-side frontend for the dcrouter Ops dashboard. This folder is the SPA entrypoint, router, app state, and web-component UI rendered by OpsServer. +`@serve.zone/dcrouter-web` is the browser-side Ops dashboard module for dcrouter. It provides the SPA entry point, route synchronization, app state, and web-component views that OpsServer serves from the main dcrouter runtime. ## Issue Reporting and Security @@ -8,10 +8,12 @@ For reporting bugs, issues, or security vulnerabilities, please visit [community ## What It Boots -- `index.ts` initializes the app router and renders `` into `document.body` -- `router.ts` defines top-level dashboard routes and subviews -- `appstate.ts` holds reactive state, TypedRequest actions, and TypedSocket log streaming -- `elements/` contains the dashboard shell and feature views +| File | Purpose | +| --- | --- | +| `index.ts` | Initializes the app router and renders `` into `document.body`. | +| `router.ts` | Defines top-level dashboard routes, subviews, redirects, and URL/state synchronization. | +| `appstate.ts` | Holds reactive login, UI, config, stats, route, DNS, email, remote ingress, VPN, and log state. | +| `elements/` | Contains the dashboard shell and feature-specific Dees web components. | ## View Map @@ -20,37 +22,52 @@ For reporting bugs, issues, or security vulnerabilities, please visit [community | `overview` | `stats`, `configuration` | | `network` | `activity`, `routes`, `sourceprofiles`, `networktargets`, `targetprofiles`, `remoteingress`, `vpn` | | `email` | `log`, `security`, `domains` | +| `logs` | flat view | | `access` | `apitokens`, `users` | | `security` | `overview`, `blocked`, `authentication` | | `domains` | `providers`, `domains`, `dns`, `certificates` | -| `logs` | flat view | -## How It Talks To dcrouter +## Runtime Communication -- TypedRequest for the main API surface -- shared request and data contracts from `@serve.zone/dcrouter-interfaces` -- TypedSocket for real-time log streaming -- QR code generation for VPN client UX +The dashboard talks to the dcrouter OpsServer through: -## Development Notes +- TypedRequest calls for normal API actions +- shared contracts from `@serve.zone/dcrouter-interfaces` +- TypedSocket log streaming for live operational output +- Dees web components and app-state subscriptions for UI updates +- QR code rendering for VPN client UX -This package is the frontend module boundary, but it is built and served as part of the main workspace. +## Usage + +This package is primarily consumed by the main dcrouter build and served by OpsServer. Install it directly only when you intentionally need the dashboard module boundary. + +```bash +pnpm add @serve.zone/dcrouter-web +``` + +For the full server and hosted dashboard, use `@serve.zone/dcrouter`. + +## Development + +This folder is published from the dcrouter monorepo via `tspublish.json` with order `4`. ```bash pnpm run build pnpm run watch ``` -The built dashboard assets are emitted into `dist_serve/` by the workspace build pipeline. +The dcrouter build emits served dashboard assets into `dist_serve/`. -## What This Package Is For +Useful source entry points: -- Use it when you want the dashboard frontend as its own published module boundary. -- Use `@serve.zone/dcrouter` when you want the server that actually hosts this UI and the backend API. +- `index.ts` boots the frontend. +- `router.ts` owns URL/view state synchronization. +- `elements/ops-dashboard.ts` defines the app shell and tab map. +- `elements/network/`, `elements/domains/`, `elements/email/`, `elements/security/`, `elements/access/`, and `elements/overview/` hold feature views. ## License and Legal Information -This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [LICENSE](../license) file. +This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [license](../license) file. **Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file. @@ -62,7 +79,7 @@ Use of these trademarks must comply with Task Venture Capital GmbH's Trademark G ### Company Information -Task Venture Capital GmbH +Task Venture Capital GmbH Registered at District Court Bremen HRB 35230 HB, Germany For any legal inquiries or further information, please contact us via email at hello@task.vc.