175 lines
5.7 KiB
TypeScript
175 lines
5.7 KiB
TypeScript
import * as plugins from '../../plugins.js';
|
|
import type { OpsServer } from '../classes.opsserver.js';
|
|
import * as interfaces from '../../../ts_interfaces/index.js';
|
|
|
|
export class CertificateHandler {
|
|
public typedrouter = new plugins.typedrequest.TypedRouter();
|
|
|
|
constructor(private opsServerRef: OpsServer) {
|
|
this.opsServerRef.typedrouter.addTypedRouter(this.typedrouter);
|
|
this.registerHandlers();
|
|
}
|
|
|
|
private registerHandlers(): void {
|
|
// Get Certificate Overview
|
|
this.typedrouter.addTypedHandler(
|
|
new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetCertificateOverview>(
|
|
'getCertificateOverview',
|
|
async (dataArg) => {
|
|
const certificates = this.buildCertificateOverview();
|
|
const summary = this.buildSummary(certificates);
|
|
return { certificates, summary };
|
|
}
|
|
)
|
|
);
|
|
|
|
// Reprovision Certificate
|
|
this.typedrouter.addTypedHandler(
|
|
new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_ReprovisionCertificate>(
|
|
'reprovisionCertificate',
|
|
async (dataArg) => {
|
|
return this.reprovisionCertificate(dataArg.routeName);
|
|
}
|
|
)
|
|
);
|
|
}
|
|
|
|
private buildCertificateOverview(): interfaces.requests.ICertificateInfo[] {
|
|
const dcRouter = this.opsServerRef.dcRouterRef;
|
|
const smartProxy = dcRouter.smartProxy;
|
|
if (!smartProxy) return [];
|
|
|
|
const routes = smartProxy.routeManager.getRoutes();
|
|
const certificates: interfaces.requests.ICertificateInfo[] = [];
|
|
|
|
for (const route of routes) {
|
|
if (!route.name) continue;
|
|
|
|
const tls = route.action?.tls;
|
|
if (!tls) continue;
|
|
|
|
// Skip passthrough routes - they don't manage certificates
|
|
if (tls.mode === 'passthrough') continue;
|
|
|
|
const routeDomains = route.match.domains
|
|
? (Array.isArray(route.match.domains) ? route.match.domains : [route.match.domains])
|
|
: [];
|
|
|
|
// Determine source
|
|
let source: interfaces.requests.TCertificateSource = 'none';
|
|
if (tls.certificate === 'auto') {
|
|
// Check if a certProvisionFunction is configured
|
|
if ((smartProxy.settings as any).certProvisionFunction) {
|
|
source = 'provision-function';
|
|
} else {
|
|
source = 'acme';
|
|
}
|
|
} else if (tls.certificate && typeof tls.certificate === 'object') {
|
|
source = 'static';
|
|
}
|
|
|
|
// Start with unknown status
|
|
let status: interfaces.requests.TCertificateStatus = 'unknown';
|
|
let expiryDate: string | undefined;
|
|
let issuedAt: string | undefined;
|
|
let issuer: string | undefined;
|
|
let error: string | undefined;
|
|
|
|
// Check event-based status from DcRouter's certificateStatusMap
|
|
const eventStatus = dcRouter.certificateStatusMap.get(route.name);
|
|
if (eventStatus) {
|
|
status = eventStatus.status;
|
|
expiryDate = eventStatus.expiryDate;
|
|
issuedAt = eventStatus.issuedAt;
|
|
error = eventStatus.error;
|
|
}
|
|
|
|
// Try to get Rust-side certificate data
|
|
try {
|
|
// getCertificateStatus is async but we're in a sync context
|
|
// We'll rely on event-based data primarily
|
|
} catch {
|
|
// Ignore errors from Rust bridge
|
|
}
|
|
|
|
// Compute status from expiry date if we have one and status is still valid/unknown
|
|
if (expiryDate && (status === 'valid' || status === 'unknown')) {
|
|
const expiry = new Date(expiryDate);
|
|
const now = new Date();
|
|
const daysUntilExpiry = (expiry.getTime() - now.getTime()) / (1000 * 60 * 60 * 24);
|
|
|
|
if (daysUntilExpiry < 0) {
|
|
status = 'expired';
|
|
} else if (daysUntilExpiry < 30) {
|
|
status = 'expiring';
|
|
} else {
|
|
status = 'valid';
|
|
}
|
|
}
|
|
|
|
// Static certs with no other info default to 'valid'
|
|
if (source === 'static' && status === 'unknown') {
|
|
status = 'valid';
|
|
}
|
|
|
|
const canReprovision = source === 'acme' || source === 'provision-function';
|
|
|
|
certificates.push({
|
|
routeName: route.name,
|
|
domains: routeDomains,
|
|
status,
|
|
source,
|
|
tlsMode: tls.mode as 'terminate' | 'terminate-and-reencrypt' | 'passthrough',
|
|
expiryDate,
|
|
issuer,
|
|
issuedAt,
|
|
error,
|
|
canReprovision,
|
|
});
|
|
}
|
|
|
|
return certificates;
|
|
}
|
|
|
|
private buildSummary(certificates: interfaces.requests.ICertificateInfo[]): {
|
|
total: number;
|
|
valid: number;
|
|
expiring: number;
|
|
expired: number;
|
|
failed: number;
|
|
unknown: number;
|
|
} {
|
|
const summary = { total: 0, valid: 0, expiring: 0, expired: 0, failed: 0, unknown: 0 };
|
|
summary.total = certificates.length;
|
|
for (const cert of certificates) {
|
|
switch (cert.status) {
|
|
case 'valid': summary.valid++; break;
|
|
case 'expiring': summary.expiring++; break;
|
|
case 'expired': summary.expired++; break;
|
|
case 'failed': summary.failed++; break;
|
|
case 'provisioning': // count as unknown
|
|
case 'unknown': summary.unknown++; break;
|
|
}
|
|
}
|
|
return summary;
|
|
}
|
|
|
|
private async reprovisionCertificate(routeName: string): Promise<{ success: boolean; message?: string }> {
|
|
const dcRouter = this.opsServerRef.dcRouterRef;
|
|
const smartProxy = dcRouter.smartProxy;
|
|
|
|
if (!smartProxy) {
|
|
return { success: false, message: 'SmartProxy is not running' };
|
|
}
|
|
|
|
try {
|
|
await smartProxy.provisionCertificate(routeName);
|
|
// Clear event-based status so it gets refreshed
|
|
dcRouter.certificateStatusMap.delete(routeName);
|
|
return { success: true, message: `Certificate reprovisioning triggered for route '${routeName}'` };
|
|
} catch (err) {
|
|
return { success: false, message: err.message || 'Failed to reprovision certificate' };
|
|
}
|
|
}
|
|
}
|