serve.zone/dcrouter
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(gateway-clients): add managed gateway client administration and token-bound route ownership

Browse Source
This commit is contained in:
Jürgen Kunz
2026-05-09 22:35:07 +00:00
parent d73b250382
commit 8dd0c3def9
22 changed files with 1287 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ts/classes.dcrouter.ts
+10 -5
View File
@@ -25,7 +25,7 @@ import { MetricsManager } from './monitoring/index.js';
import { RadiusServer, type IRadiusServerConfig } from './radius/index.js';
import { RemoteIngressManager, TunnelManager } from './remoteingress/index.js';
import { VpnManager, type IVpnManagerConfig } from './vpn/index.js';
import { RouteConfigManager, ApiTokenManager, ReferenceResolver, DbSeeder, TargetProfileManager } from './config/index.js';
import { RouteConfigManager, ApiTokenManager, GatewayClientManager, ReferenceResolver, DbSeeder, TargetProfileManager } from './config/index.js';
import type { TIpAllowEntry } from './config/classes.route-config-manager.js';
import { SecurityLogger, ContentScanner, IPReputationChecker, SecurityPolicyManager } from './security/index.js';
import { type IHttp3Config, augmentRoutesWithHttp3 } from './http3/index.js';
@@ -276,6 +276,7 @@ export class DcRouter {
// Programmatic config API
public routeConfigManager?: RouteConfigManager;
public apiTokenManager?: ApiTokenManager;
public gatewayClientManager?: GatewayClientManager;
public referenceResolver?: ReferenceResolver;
public targetProfileManager?: TargetProfileManager;
@@ -617,6 +618,8 @@ export class DcRouter {
);
this.apiTokenManager = new ApiTokenManager();
await this.apiTokenManager.initialize();
this.gatewayClientManager = new GatewayClientManager();
await this.gatewayClientManager.initialize();
await this.routeConfigManager.initialize(
this.seedConfigRoutes as import('../ts_interfaces/data/remoteingress.js').IDcRouterRouteConfig[],
this.seedEmailRoutes as import('../ts_interfaces/data/remoteingress.js').IDcRouterRouteConfig[],
@@ -634,6 +637,7 @@ export class DcRouter {
.withStop(async () => {
this.routeConfigManager = undefined;
this.apiTokenManager = undefined;
this.gatewayClientManager = undefined;
this.referenceResolver = undefined;
this.targetProfileManager = undefined;
})
@@ -1101,6 +1105,7 @@ export class DcRouter {
});
const scheduler = this.certProvisionScheduler;
smartProxyConfig.certProvisionFallbackToAcme = false;
smartProxyConfig.certProvisionFunction = async (domain, eventComms) => {
// If SmartAcme is not yet ready (still starting or retrying), fall back to HTTP-01
if (!this.smartAcmeReady) {
@@ -1149,10 +1154,10 @@ export class DcRouter {
await scheduler.clearBackoff(domain);
return result;
} catch (err: unknown) {
// Record failure for backoff tracking
await scheduler.recordFailure(domain, (err as Error).message);
eventComms.warn(`SmartAcme DNS-01 failed for ${domain}: ${(err as Error).message}, falling back to http-01`);
return 'http01';
const message = `DNS-01 failed for ${domain}: ${(err as Error).message}`;
await scheduler.recordFailure(domain, message);
eventComms.warn(message);
throw new Error(message);
}
};
}