jkunz
061ce7c3f2
- Implemented SecretSettingsManager to handle secret settings with encryption. - Added functionality to migrate legacy plaintext settings into encrypted storage. - Introduced methods for setting, getting, and clearing secret settings. - Created tests for verifying the migration and canonicalization of secret settings. - Updated app state to handle service updates via socket communication. - Added interface for push service updates to manage service state changes.
91 lines
3.3 KiB
TypeScript
91 lines
3.3 KiB
TypeScript
import * as plugins from '../../plugins.ts';
|
|
import type { OpsServer } from '../classes.opsserver.ts';
|
|
import * as interfaces from '../../../ts_interfaces/index.ts';
|
|
import { requireAdminIdentity } from '../helpers/guards.ts';
|
|
|
|
export class SettingsHandler {
|
|
public typedrouter = new plugins.typedrequest.TypedRouter();
|
|
|
|
constructor(private opsServerRef: OpsServer) {
|
|
this.opsServerRef.typedrouter.addTypedRouter(this.typedrouter);
|
|
this.registerHandlers();
|
|
}
|
|
|
|
private async getSettingsObject(): Promise<interfaces.data.ISettings> {
|
|
const db = this.opsServerRef.oneboxRef.database;
|
|
const cloudflareToken = await db.getSecretSetting('cloudflareToken');
|
|
const settingsMap = db.getAllSettings();
|
|
|
|
return {
|
|
cloudflareToken: cloudflareToken || '',
|
|
cloudflareZoneId: settingsMap['cloudflareZoneId'] || '',
|
|
autoRenewCerts: settingsMap['autoRenewCerts'] === 'true',
|
|
renewalThreshold: parseInt(settingsMap['renewalThreshold'] || '30', 10),
|
|
acmeEmail: settingsMap['acmeEmail'] || '',
|
|
httpPort: parseInt(settingsMap['httpPort'] || '80', 10),
|
|
httpsPort: parseInt(settingsMap['httpsPort'] || '443', 10),
|
|
forceHttps: settingsMap['forceHttps'] === 'true',
|
|
};
|
|
}
|
|
|
|
private registerHandlers(): void {
|
|
this.typedrouter.addTypedHandler(
|
|
new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetSettings>(
|
|
'getSettings',
|
|
async (dataArg) => {
|
|
await requireAdminIdentity(this.opsServerRef.adminHandler, dataArg);
|
|
const settings = await this.getSettingsObject();
|
|
return { settings };
|
|
},
|
|
),
|
|
);
|
|
|
|
this.typedrouter.addTypedHandler(
|
|
new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_UpdateSettings>(
|
|
'updateSettings',
|
|
async (dataArg) => {
|
|
await requireAdminIdentity(this.opsServerRef.adminHandler, dataArg);
|
|
const db = this.opsServerRef.oneboxRef.database;
|
|
const updates = dataArg.settings;
|
|
|
|
// Store each setting as key-value pair
|
|
for (const [key, value] of Object.entries(updates)) {
|
|
if (value !== undefined) {
|
|
if (db.isSecretSettingKey(key)) {
|
|
await db.setSecretSetting(key, String(value));
|
|
} else {
|
|
db.setSetting(key, String(value));
|
|
}
|
|
}
|
|
}
|
|
|
|
const settings = await this.getSettingsObject();
|
|
return { settings };
|
|
},
|
|
),
|
|
);
|
|
|
|
this.typedrouter.addTypedHandler(
|
|
new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_SetBackupPassword>(
|
|
'setBackupPassword',
|
|
async (dataArg) => {
|
|
await requireAdminIdentity(this.opsServerRef.adminHandler, dataArg);
|
|
await this.opsServerRef.oneboxRef.database.setSecretSetting('backupPassword', dataArg.password);
|
|
return { ok: true };
|
|
},
|
|
),
|
|
);
|
|
|
|
this.typedrouter.addTypedHandler(
|
|
new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetBackupPasswordStatus>(
|
|
'getBackupPasswordStatus',
|
|
async (dataArg) => {
|
|
await requireAdminIdentity(this.opsServerRef.adminHandler, dataArg);
|
|
const isConfigured = await this.opsServerRef.oneboxRef.database.hasSecretSetting('backupPassword');
|
|
return { status: { isConfigured } };
|
|
},
|
|
),
|
|
);
|
|
}
|
|
}
|