feat: add workhoster gateway API
This commit is contained in:
@@ -6,6 +6,7 @@ export * from './target-profile.js';
|
||||
export * from './vpn.js';
|
||||
export * from './dns-provider.js';
|
||||
export * from './domain.js';
|
||||
export * from './workhoster.js';
|
||||
export * from './dns-record.js';
|
||||
export * from './acme-config.js';
|
||||
export * from './email-domain.js';
|
||||
|
||||
@@ -11,6 +11,7 @@ export type IRouteSecurity = NonNullable<IRouteConfig['security']>;
|
||||
export type TApiTokenScope =
|
||||
| 'routes:read' | 'routes:write'
|
||||
| 'config:read'
|
||||
| 'certificates:read' | 'certificates:write'
|
||||
| 'tokens:read' | 'tokens:manage'
|
||||
| 'source-profiles:read' | 'source-profiles:write'
|
||||
| 'target-profiles:read' | 'target-profiles:write'
|
||||
@@ -18,7 +19,11 @@ export type TApiTokenScope =
|
||||
| 'dns-providers:read' | 'dns-providers:write'
|
||||
| 'domains:read' | 'domains:write'
|
||||
| 'dns-records:read' | 'dns-records:write'
|
||||
| 'acme-config:read' | 'acme-config:write';
|
||||
| 'acme-config:read' | 'acme-config:write'
|
||||
| 'email-domains:read' | 'email-domains:write'
|
||||
| 'workhosters:read' | 'workhosters:write';
|
||||
|
||||
export type TWorkHosterType = 'onebox' | 'cloudly' | 'custom';
|
||||
|
||||
// ============================================================================
|
||||
// Source Profile Types (source-side: who can access)
|
||||
@@ -80,6 +85,12 @@ export interface IRouteMetadata {
|
||||
networkTargetName?: string;
|
||||
/** Timestamp of last reference resolution. */
|
||||
lastResolvedAt?: number;
|
||||
/** External route ownership, used by WorkHoster reconciliation. */
|
||||
ownerType?: 'workhoster' | 'operator' | 'system';
|
||||
workHosterType?: TWorkHosterType;
|
||||
workHosterId?: string;
|
||||
workAppId?: string;
|
||||
externalKey?: string;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -0,0 +1,56 @@
|
||||
import type { IDomain } from './domain.js';
|
||||
|
||||
export interface IGatewayCapabilities {
|
||||
routes: {
|
||||
read: boolean;
|
||||
write: boolean;
|
||||
idempotentSync: boolean;
|
||||
};
|
||||
domains: {
|
||||
read: boolean;
|
||||
write: boolean;
|
||||
};
|
||||
certificates: {
|
||||
read: boolean;
|
||||
export: boolean;
|
||||
forceRenew: boolean;
|
||||
};
|
||||
email: {
|
||||
domains: boolean;
|
||||
inbound: boolean;
|
||||
outbound: boolean;
|
||||
};
|
||||
remoteIngress: {
|
||||
enabled: boolean;
|
||||
};
|
||||
dns: {
|
||||
authoritative: boolean;
|
||||
providerManaged: boolean;
|
||||
};
|
||||
http3: {
|
||||
enabled: boolean;
|
||||
};
|
||||
}
|
||||
|
||||
export interface IWorkHosterDomain extends IDomain {
|
||||
capabilities: {
|
||||
canCreateSubdomains: boolean;
|
||||
canManageDnsRecords: boolean;
|
||||
canIssueCertificates: boolean;
|
||||
canHostEmail: boolean;
|
||||
};
|
||||
}
|
||||
|
||||
export interface IWorkAppRouteOwnership {
|
||||
workHosterType: 'onebox' | 'cloudly' | 'custom';
|
||||
workHosterId: string;
|
||||
workAppId: string;
|
||||
hostname: string;
|
||||
}
|
||||
|
||||
export interface IWorkAppRouteSyncResult {
|
||||
success: boolean;
|
||||
action?: 'created' | 'updated' | 'deleted' | 'unchanged';
|
||||
routeId?: string;
|
||||
message?: string;
|
||||
}
|
||||
@@ -28,7 +28,8 @@ export interface IReq_GetCertificateOverview extends plugins.typedrequestInterfa
|
||||
> {
|
||||
method: 'getCertificateOverview';
|
||||
request: {
|
||||
identity: authInterfaces.IIdentity;
|
||||
identity?: authInterfaces.IIdentity;
|
||||
apiToken?: string;
|
||||
};
|
||||
response: {
|
||||
certificates: ICertificateInfo[];
|
||||
@@ -50,7 +51,8 @@ export interface IReq_ReprovisionCertificate extends plugins.typedrequestInterfa
|
||||
> {
|
||||
method: 'reprovisionCertificate';
|
||||
request: {
|
||||
identity: authInterfaces.IIdentity;
|
||||
identity?: authInterfaces.IIdentity;
|
||||
apiToken?: string;
|
||||
routeName: string;
|
||||
};
|
||||
response: {
|
||||
@@ -66,7 +68,8 @@ export interface IReq_ReprovisionCertificateDomain extends plugins.typedrequestI
|
||||
> {
|
||||
method: 'reprovisionCertificateDomain';
|
||||
request: {
|
||||
identity: authInterfaces.IIdentity;
|
||||
identity?: authInterfaces.IIdentity;
|
||||
apiToken?: string;
|
||||
domain: string;
|
||||
forceRenew?: boolean;
|
||||
};
|
||||
@@ -83,7 +86,8 @@ export interface IReq_DeleteCertificate extends plugins.typedrequestInterfaces.i
|
||||
> {
|
||||
method: 'deleteCertificate';
|
||||
request: {
|
||||
identity: authInterfaces.IIdentity;
|
||||
identity?: authInterfaces.IIdentity;
|
||||
apiToken?: string;
|
||||
domain: string;
|
||||
};
|
||||
response: {
|
||||
@@ -99,7 +103,8 @@ export interface IReq_ExportCertificate extends plugins.typedrequestInterfaces.i
|
||||
> {
|
||||
method: 'exportCertificate';
|
||||
request: {
|
||||
identity: authInterfaces.IIdentity;
|
||||
identity?: authInterfaces.IIdentity;
|
||||
apiToken?: string;
|
||||
domain: string;
|
||||
};
|
||||
response: {
|
||||
@@ -124,7 +129,8 @@ export interface IReq_ImportCertificate extends plugins.typedrequestInterfaces.i
|
||||
> {
|
||||
method: 'importCertificate';
|
||||
request: {
|
||||
identity: authInterfaces.IIdentity;
|
||||
identity?: authInterfaces.IIdentity;
|
||||
apiToken?: string;
|
||||
cert: {
|
||||
id: string;
|
||||
domainName: string;
|
||||
|
||||
@@ -19,4 +19,5 @@ export * from './domains.js';
|
||||
export * from './dns-records.js';
|
||||
export * from './acme-config.js';
|
||||
export * from './email-domains.js';
|
||||
export * from './workhoster.js';
|
||||
export * from './security-policy.js';
|
||||
|
||||
@@ -0,0 +1,53 @@
|
||||
import * as plugins from '../plugins.js';
|
||||
import type * as authInterfaces from '../data/auth.js';
|
||||
import type {
|
||||
IGatewayCapabilities,
|
||||
IWorkAppRouteOwnership,
|
||||
IWorkAppRouteSyncResult,
|
||||
IWorkHosterDomain,
|
||||
} from '../data/workhoster.js';
|
||||
import type { IDcRouterRouteConfig } from '../data/remoteingress.js';
|
||||
|
||||
export interface IReq_GetGatewayCapabilities extends plugins.typedrequestInterfaces.implementsTR<
|
||||
plugins.typedrequestInterfaces.ITypedRequest,
|
||||
IReq_GetGatewayCapabilities
|
||||
> {
|
||||
method: 'getGatewayCapabilities';
|
||||
request: {
|
||||
identity?: authInterfaces.IIdentity;
|
||||
apiToken?: string;
|
||||
};
|
||||
response: {
|
||||
capabilities: IGatewayCapabilities;
|
||||
};
|
||||
}
|
||||
|
||||
export interface IReq_GetWorkHosterDomains extends plugins.typedrequestInterfaces.implementsTR<
|
||||
plugins.typedrequestInterfaces.ITypedRequest,
|
||||
IReq_GetWorkHosterDomains
|
||||
> {
|
||||
method: 'getWorkHosterDomains';
|
||||
request: {
|
||||
identity?: authInterfaces.IIdentity;
|
||||
apiToken?: string;
|
||||
};
|
||||
response: {
|
||||
domains: IWorkHosterDomain[];
|
||||
};
|
||||
}
|
||||
|
||||
export interface IReq_SyncWorkAppRoute extends plugins.typedrequestInterfaces.implementsTR<
|
||||
plugins.typedrequestInterfaces.ITypedRequest,
|
||||
IReq_SyncWorkAppRoute
|
||||
> {
|
||||
method: 'syncWorkAppRoute';
|
||||
request: {
|
||||
identity?: authInterfaces.IIdentity;
|
||||
apiToken?: string;
|
||||
ownership: IWorkAppRouteOwnership;
|
||||
route?: IDcRouterRouteConfig;
|
||||
enabled?: boolean;
|
||||
delete?: boolean;
|
||||
};
|
||||
response: IWorkAppRouteSyncResult;
|
||||
}
|
||||
Reference in New Issue
Block a user