akanealw/caddy-proxy-manager
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Jamie Curnow
2017-12-21 09:02:37 +10:00
parent dc830df253
commit 6e7435c35d
140 changed files with 19554 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
manager/src/backend/app.js Normal file
View File

@@ -0,0 +1,77 @@
'use strict';
const express = require('express');
const bodyParser = require('body-parser');
const compression = require('compression');
const logger = require('./logger');
/**
* App
*/
const app = express();
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended: true}));
app.use(compression());
/**
* General Logging, BEFORE routes
*/
app.disable('x-powered-by');
app.enable('trust proxy', ['loopback', 'linklocal', 'uniquelocal']);
app.enable('strict routing');
// pretty print JSON when not live
if (process.env.NODE_ENV !== 'production') {
app.set('json spaces', 2);
}
// General security/cache related headers + server header
app.use(function (req, res, next) {
res.set({
'Strict-Transport-Security': 'includeSubDomains; max-age=631138519; preload',
'X-XSS-Protection': '0',
'X-Content-Type-Options': 'nosniff',
'X-Frame-Options': 'DENY',
'Cache-Control': 'no-cache, no-store, max-age=0, must-revalidate',
Pragma: 'no-cache',
Expires: 0
});
next();
});
/**
* Routes
*/
app.use('/css', express.static('dist/css'));
app.use('/fonts', express.static('dist/fonts'));
app.use('/images', express.static('dist/images'));
app.use('/js', express.static('dist/js'));
app.use('/api', require('./routes/api/main'));
app.use('/', require('./routes/main'));
// production error handler
// no stacktraces leaked to user
app.use(function (err, req, res, next) {
let payload = {
error: {
code: err.status,
message: err.public ? err.message : 'Internal Error'
}
};
if (process.env.NODE_ENV === 'development') {
payload.debug = {
stack: typeof err.stack !== 'undefined' && err.stack ? err.stack.split('\n') : null,
previous: err.previous
};
}
// Not every error is worth logging - but this is good for now until it gets annoying.
if (!err.public && typeof err.stack !== 'undefined' && err.stack) {
logger.warn(err.stack);
}
res.status(err.status || 500).send(payload);
});
module.exports = app;

5
manager/src/backend/db.js Normal file
View File

@@ -0,0 +1,5 @@
'use strict';
const db = require('diskdb');
module.exports = db.connect('/config', ['hosts', 'access']);

32
manager/src/backend/index.js Normal file
View File

@@ -0,0 +1,32 @@
#!/usr/bin/env node
'use strict';
const app = require('./app');
const logger = require('./logger');
const apiValidator = require('./lib/validator/api');
const internalSsl = require('./internal/ssl');
let port = process.env.PORT || 81;
apiValidator.loadSchemas
.then(() => {
internalSsl.initTimer();
const server = app.listen(port, () => {
logger.info('PID ' + process.pid + ' listening on port ' + port + ' ...');
process.on('SIGTERM', () => {
logger.info('PID ' + process.pid + ' received SIGTERM');
server.close(() => {
logger.info('Stopping.');
process.exit(0);
});
});
});
})
.catch((err) => {
logger.error(err);
process.exit(1);
});

261
manager/src/backend/internal/access.js Normal file
View File

@@ -0,0 +1,261 @@
'use strict';
const _ = require('lodash');
const fs = require('fs');
const batchflow = require('batchflow');
const db = require('../db');
const logger = require('../logger');
const internalNginx = require('./nginx');
const utils = require('../lib/utils');
const internalAccess = {
/**
* All Access Lists
*
* @returns {Promise}
*/
getAll: () => {
return new Promise((resolve/*, reject*/) => {
resolve(db.access.find());
})
.then(list => {
_.map(list, (list_item, idx) => {
list[idx] = internalAccess.maskItems(list_item);
list[idx].hosts = db.hosts.find({access_list_id: list_item._id});
});
return list;
});
},
/**
* Specific Access List
*
* @param {String} id
* @returns {Promise}
*/
get: id => {
return new Promise((resolve/*, reject*/) => {
resolve(db.access.findOne({_id: id}));
})
.then(list => {
if (list) {
return internalAccess.maskItems(list);
}
list.hosts = db.hosts.find({access_list_id: list._id});
return list;
});
},
/**
* Create a Access List
*
* @param {Object} payload
* @returns {Promise}
*/
create: payload => {
return new Promise((resolve/*, reject*/) => {
// Add list to db
resolve(db.access.save(payload));
})
.then(list => {
return internalAccess.build(list)
.then(() => {
return internalAccess.maskItems(list);
});
});
},
/**
* Update a Access List
*
* @param {String} id
* @param {Object} payload
* @returns {Promise}
*/
update: (id, payload) => {
return new Promise((resolve, reject) => {
// get existing list
let list = db.access.findOne({_id: id});
if (!list) {
reject(new error.ValidationError('Access List not found'));
} else {
if (typeof payload.name !== 'undefined') {
list.name = payload.name;
}
if (typeof payload.items !== 'undefined') {
// go through each of the items in the payload and assess how they apply to the original items
let new_items = [];
_.map(payload.items, (payload_item) => {
if (!payload_item.password) {
// try to find original item and use the password from there, this is essentially keeping existing users
let old = _.find(list.items, {username: payload_item.username});
if (old) {
new_items.push(old);
}
} else {
new_items.push(payload_item);
}
});
list.items = new_items;
}
db.access.update({_id: id}, list, {multi: false, upsert: false});
resolve(list);
}
})
.then(list => {
return internalAccess.build(list)
.then(() => {
return internalAccess.maskItems(list);
});
});
},
/**
* Deletes a Access List
*
* @param {String} id
* @returns {Promise}
*/
delete: id => {
const internalHost = require('./host');
let associated_hosts = db.hosts.find({access_list_id: id});
return new Promise((resolve/*, reject*/) => {
db.hosts.update({access_list_id: id}, {access_list_id: ''}, {multi: true, upsert: false});
if (associated_hosts.length) {
// regenerate config for these hosts
let promises = [];
_.map(associated_hosts, associated_host => {
promises.push(internalHost.configure(db.hosts.findOne({_id: associated_host._id})));
});
resolve(Promise.all(promises));
} else {
resolve();
}
})
.then(() => {
// restart nginx
if (associated_hosts.length) {
return internalNginx.reload();
}
})
.then(() => {
db.access.remove({_id: id}, false);
// delete access file
try {
fs.unlinkSync(internalAccess.getFilename(id));
} catch (err) {
// do nothing
}
return true;
});
},
/**
* @param {Object} list
* @returns {Object}
*/
maskItems: list => {
if (list && typeof list.items !== 'undefined') {
_.map(list.items, (val, idx) => {
list.items[idx].hint = val.password.charAt(0) + ('*').repeat(val.password.length - 1);
list.items[idx].password = '';
});
}
return list;
},
/**
* @param {String|Object} list
* @returns {String}
*/
getFilename: (list) => {
return '/config/access/' + (typeof list === 'string' ? list : list._id);
},
/**
* @param {Object} list
* @returns {Promise}
*/
build: list => {
logger.info('Building Access file for: ' + list.name);
return new Promise((resolve, reject) => {
if (typeof list._id !== 'undefined') {
let htpasswd_file = internalAccess.getFilename(list);
// 1. remove any existing access file
try {
fs.unlinkSync(htpasswd_file);
} catch (err) {
// do nothing
}
// 2. create empty access file
try {
fs.writeFileSync(htpasswd_file, '', {encoding: 'utf8'});
resolve(htpasswd_file);
} catch (err) {
reject(err);
}
} else {
reject(new Error('List does not have an _id'));
}
})
.then(htpasswd_file => {
// 3. generate password for each user
if (list.items.length) {
return new Promise((resolve, reject) => {
batchflow(list.items).sequential()
.each((i, item, next) => {
if (typeof item.password !== 'undefined' && item.password.length) {
logger.info('Adding: ' + item.username);
utils.exec('/usr/bin/htpasswd -b "' + htpasswd_file + '" "' + item.username + '" "' + item.password + '"')
.then((/*result*/) => {
next();
})
.catch(err => {
logger.error(err);
next(err);
});
}
})
.error(err => {
logger.error(err);
reject(err);
})
.end(results => {
logger.info('Built Access file for: ' + list.name);
resolve(results);
});
});
}
})
.then(() => {
// only reload nginx if any hosts are using this access
let hosts = db.hosts.find({access_list_id: list._id});
if (hosts && hosts.length) {
return internalNginx.reload();
}
});
}
};
module.exports = internalAccess;

263
manager/src/backend/internal/host.js Normal file
View File

@@ -0,0 +1,263 @@
'use strict';
const _ = require('lodash');
const db = require('../db');
const error = require('../lib/error');
const internalAccess = require('./access');
const internalSsl = require('./ssl');
const internalNginx = require('./nginx');
const timestamp = require('unix-timestamp');
timestamp.round = true;
const internalHost = {
/**
* All Hosts
*
* @returns {Promise}
*/
getAll: () => {
return new Promise((resolve/*, reject*/) => {
resolve(db.hosts.find());
})
.then(hosts => {
_.map(hosts, (host, idx) => {
if (typeof host.access_list_id !== 'undefined' && host.access_list_id) {
hosts[idx].access_list = internalAccess.maskItems(db.access.findOne({_id: host.access_list_id}));
} else {
hosts[idx].access_list_id = '';
hosts[idx].access_list = null;
}
});
return hosts;
});
},
/**
* Create a Host
*
* @param {Object} payload
* @returns {Promise}
*/
create: payload => {
return new Promise((resolve, reject) => {
// Enforce lowercase hostnames
payload.hostname = payload.hostname.toLowerCase();
// 1. Check that the hostname doesn't already exist
let existing_host = db.hosts.findOne({hostname: payload.hostname});
if (existing_host) {
reject(new error.ValidationError('Hostname already exists'));
} else {
// 2. Add host to db
let host = db.hosts.save(payload);
// 3. Fire the config generation for this host
internalHost.configure(host, true)
.then((/*result*/) => {
resolve(host);
})
.catch(err => {
reject(err);
});
}
})
.catch(err => {
// Remove host if the configuration failed
if (err instanceof error.ConfigurationError) {
db.hosts.remove({hostname: payload.hostname});
internalNginx.deleteConfig(payload);
internalSsl.deleteCerts(payload);
}
throw err;
});
},
/**
* Update a Host
*
* @param {String} id
* @param {Object} payload
* @returns {Promise}
*/
update: (id, payload) => {
return new Promise((resolve, reject) => {
let original_host = db.hosts.findOne({_id: id});
if (!original_host) {
reject(new error.ValidationError('Host not found'));
} else {
// Enforce lowercase hostnames
if (typeof payload.hostname !== 'undefined') {
payload.hostname = payload.hostname.toLowerCase();
}
// Check that the hostname doesn't already exist
let other_host = db.hosts.findOne({hostname: payload.hostname});
if (other_host && other_host._id !== id) {
reject(new error.ValidationError('Hostname already exists'));
} else {
// 2. Update host
db.hosts.update({_id: id}, payload, {multi: false, upsert: false});
let updated_host = db.hosts.findOne({_id: id});
resolve({
original: original_host,
updated: updated_host
});
}
}
})
.then(data => {
if (data.original.hostname !== data.updated.hostname) {
// Hostname has changed, delete the old file
return internalNginx.deleteConfig(data.original)
.then(() => {
return data;
});
}
return data;
})
.then(data => {
if (
(data.original.ssl && !data.updated.ssl) || // ssl was enabled and is now disabled
(data.original.ssl && data.original.hostname !== data.updated.hostname) // hostname was changed for a previously ssl-enabled host
) {
// SSL was turned off or hostname for ssl has changed so we should remove certs for the original
return internalSsl.deleteCerts(data.original)
.then(() => {
db.hosts.update({_id: data.updated._id}, {ssl_expires: 0}, {multi: false, upsert: false});
data.updated.ssl_expires = 0;
return data;
});
}
return data;
})
.then(data => {
// 3. Fire the config generation for this host
return internalHost.configure(data.updated, true)
.then((/*result*/) => {
return data.updated;
});
});
},
/**
* This will create the nginx config for the host and fire off letsencrypt duties if required
*
* @param {Object} host
* @param {Boolean} [reload_nginx]
* @param {Boolean} [force_ssl_renew]
* @returns {Promise}
*/
configure: (host, reload_nginx, force_ssl_renew) => {
return new Promise((resolve/*, reject*/) => {
resolve(internalNginx.deleteConfig(host));
})
.then(() => {
if (host.ssl && (force_ssl_renew || !internalSsl.hasValidSslCerts(host))) {
return internalSsl.configureSsl(host);
}
})
.then(() => {
return internalNginx.generateConfig(host);
})
.then(() => {
if (reload_nginx) {
return internalNginx.reload();
}
});
},
/**
* Deletes a Host
*
* @param {String} id
* @returns {Promise}
*/
delete: id => {
let existing_host = db.hosts.findOne({_id: id});
return new Promise((resolve, reject) => {
if (existing_host) {
db.hosts.update({_id: id}, {is_deleted: true}, {multi: true, upsert: false});
resolve(internalNginx.deleteConfig(existing_host));
} else {
reject(new error.ValidationError('Hostname does not exist'));
}
})
.then(() => {
if (existing_host.ssl) {
return internalSsl.deleteCerts(existing_host);
}
})
.then(() => {
db.hosts.remove({_id: id}, false);
return internalNginx.reload();
})
.then(() => {
return true;
});
},
/**
* Reconfigure a Host
*
* @param {String} id
* @returns {Promise}
*/
reconfigure: id => {
return new Promise((resolve, reject) => {
let host = db.hosts.findOne({_id: id});
if (!host) {
reject(new error.ValidationError('Host does not exist: ' + id));
} else {
// 3. Fire the config generation for this host
internalHost.configure(host, true)
.then((/*result*/) => {
resolve(host);
})
.catch(err => {
reject(err);
});
}
});
},
/**
* Renew SSL for a Host
*
* @param {String} id
* @returns {Promise}
*/
renew: id => {
return new Promise((resolve, reject) => {
let host = db.hosts.findOne({_id: id});
if (!host) {
reject(new error.ValidationError('Host does not exist'));
} else if (!host.ssl) {
reject(new error.ValidationError('Host does not have SSL enabled'));
} else {
// 3. Fire the ssl and config generation for this host, forcing ssl
internalHost.configure(host, true, true)
.then((/*result*/) => {
resolve(host);
})
.catch(err => {
reject(err);
});
}
});
}
};
module.exports = internalHost;

78
manager/src/backend/internal/nginx.js Normal file
View File

@@ -0,0 +1,78 @@
'use strict';
const fs = require('fs');
const ejs = require('ejs');
const logger = require('../logger');
const utils = require('../lib/utils');
const error = require('../lib/error');
const internalNginx = {
/**
* @returns {Promise}
*/
test: () => {
logger.info('Testing Nginx configuration');
return utils.exec('/usr/sbin/nginx -t');
},
/**
* @returns {Promise}
*/
reload: () => {
return internalNginx.test()
.then(() => {
logger.info('Reloading Nginx');
return utils.exec('/usr/sbin/nginx -s reload');
});
},
/**
* @param {Object} host
* @returns {String}
*/
getConfigName: host => {
return '/config/nginx/' + host.hostname + '.conf';
},
/**
* @param {Object} host
* @returns {Promise}
*/
generateConfig: host => {
return new Promise((resolve, reject) => {
let template = null;
let filename = internalNginx.getConfigName(host);
try {
template = fs.readFileSync(__dirname + '/../templates/host.conf.ejs', {encoding: 'utf8'});
let config_text = ejs.render(template, host);
fs.writeFileSync(filename, config_text, {encoding: 'utf8'});
resolve(true);
} catch (err) {
reject(new error.ConfigurationError(err.message));
}
});
},
/**
* @param {Object} host
* @param {Boolean} [throw_errors]
* @returns {Promise}
*/
deleteConfig: (host, throw_errors) => {
return new Promise((resolve, reject) => {
try {
fs.unlinkSync(internalNginx.getConfigName(host));
} catch (err) {
if (throw_errors) {
reject(err);
}
}
resolve();
});
}
};
module.exports = internalNginx;

151
manager/src/backend/internal/ssl.js Normal file
View File

@@ -0,0 +1,151 @@
'use strict';
const _ = require('lodash');
const fs = require('fs');
const ejs = require('ejs');
const timestamp = require('unix-timestamp');
const batchflow = require('batchflow');
const internalNginx = require('./nginx');
const logger = require('../logger');
const db = require('../db');
const utils = require('../lib/utils');
const error = require('../lib/error');
timestamp.round = true;
const internalSsl = {
interval_timeout: 60 * 1000,
interval: null,
interval_processing: false,
initTimer: () => {
internalSsl.interval = setInterval(internalSsl.processExpiringHosts, internalSsl.interval_timeout);
},
/**
* Triggered by a timer, this will check for expiring hosts and renew their ssl certs if required
*/
processExpiringHosts: () => {
if (!internalSsl.interval_processing) {
let hosts = db.hosts.find();
if (hosts && hosts.length) {
internalSsl.interval_processing = true;
batchflow(hosts).sequential()
.each((i, host, next) => {
if ((typeof host.is_deleted === 'undefined' || !host.is_deleted) && host.ssl && typeof host.ssl_expires !== 'undefined' && !internalSsl.hasValidSslCerts(host)) {
// This host is due to expire in 1 day, time to renew
logger.info('Host ' + host.hostname + ' is due for SSL renewal');
internalSsl.configureSsl(host)
.then(() => {
return internalNginx.generateConfig(host);
})
.then(internalNginx.reload)
.then(next)
.catch(err => {
logger.error(err);
next(err);
});
} else {
next();
}
})
.error(err => {
logger.error(err);
internalSsl.interval_processing = false;
})
.end((/*results*/) => {
internalSsl.interval_processing = false;
});
}
}
},
/**
* @param {Object} host
* @returns {Boolean}
*/
hasValidSslCerts: host => {
return fs.existsSync('/etc/letsencrypt/live/' + host.hostname + '/fullchain.pem') &&
fs.existsSync('/etc/letsencrypt/live/' + host.hostname + '/privkey.pem') &&
host.ssl_expires > timestamp.now('+1d');
},
/**
* @param {Object} host
* @returns {Promise}
*/
requestSsl: host => {
logger.info('Requesting SSL certificates for ' + host.hostname);
return utils.exec('/usr/bin/letsencrypt certonly --agree-tos --email "' + host.letsencrypt_email + '" -n -a webroot --webroot-path=' + host.root_path + ' -d "' + host.hostname + '"')
.then(result => {
logger.info(result);
return result;
});
},
/**
* @param {Object} host
* @returns {Promise}
*/
deleteCerts: host => {
logger.info('Deleting SSL certificates for ' + host.hostname);
return utils.exec('/usr/bin/letsencrypt delete -n --cert-name "' + host.hostname + '"')
.then(result => {
logger.info(result);
})
.catch(err => {
logger.error(err);
});
},
/**
* @param {Object} host
* @returns {Promise}
*/
generateSslSetupConfig: host => {
let template = null;
let filename = internalNginx.getConfigName(host);
let template_data = host;
template_data.root_path = '/tmp/' + host.hostname;
return utils.exec('mkdir -p ' + template_data.root_path)
.then(() => {
try {
template = fs.readFileSync(__dirname + '/../templates/letsencrypt.conf.ejs', {encoding: 'utf8'});
let config_text = ejs.render(template, template_data);
fs.writeFileSync(filename, config_text, {encoding: 'utf8'});
return template_data;
} catch (err) {
throw new error.ConfigurationError(err.message);
}
});
},
/**
* @param {Object} host
* @returns {Promise}
*/
configureSsl: host => {
return internalSsl.generateSslSetupConfig(host)
.then(data => {
return internalNginx.reload()
.then(() => {
return internalSsl.requestSsl(data);
});
})
.then(() => {
// Certificate was requested ok, update the timestamp on the host
db.hosts.update({_id: host._id}, {ssl_expires: timestamp.now('+90d')}, {multi: false, upsert: false});
});
}
};
module.exports = internalSsl;

56
manager/src/backend/lib/error.js Normal file
View File

@@ -0,0 +1,56 @@
'use strict';
const _ = require('lodash');
const util = require('util');
module.exports = {
ItemNotFoundError: function (id, previous) {
Error.captureStackTrace(this, this.constructor);
this.name = this.constructor.name;
this.previous = previous;
this.message = 'Item Not Found - ' + id;
this.public = true;
this.status = 404;
},
InternalError: function (message, previous) {
Error.captureStackTrace(this, this.constructor);
this.name = this.constructor.name;
this.previous = previous;
this.message = message;
this.status = 500;
this.public = false;
},
InternalValidationError: function (message, previous) {
Error.captureStackTrace(this, this.constructor);
this.name = this.constructor.name;
this.previous = previous;
this.message = message;
this.status = 400;
this.public = false;
},
ConfigurationError: function (message, previous) {
Error.captureStackTrace(this, this.constructor);
this.name = this.constructor.name;
this.previous = previous;
this.message = message;
this.status = 400;
this.public = true;
},
ValidationError: function (message, previous) {
Error.captureStackTrace(this, this.constructor);
this.name = this.constructor.name;
this.previous = previous;
this.message = message;
this.public = true;
this.status = 400;
}
};
_.forEach(module.exports, function (error) {
util.inherits(error, Error);
});

22
manager/src/backend/lib/utils.js Normal file
View File

@@ -0,0 +1,22 @@
'use strict';
const exec = require('child_process').exec;
module.exports = {
/**
* @param {String} cmd
* @returns {Promise}
*/
exec: function (cmd) {
return new Promise((resolve, reject) => {
exec(cmd, function (err, stdout, stderr) {
if (err && typeof err === 'object') {
reject(err);
} else {
resolve(stdout.trim());
}
});
});
}
};

49
manager/src/backend/lib/validator/api.js Normal file
View File

@@ -0,0 +1,49 @@
'use strict';
const error = require('../error');
const path = require('path');
const parser = require('json-schema-ref-parser');
const ajv = require('ajv')({
verbose: true,
validateSchema: true,
allErrors: false,
format: 'full', // strict regexes for format checks
coerceTypes: true
});
/**
* @param {Object} schema
* @param {Object} payload
* @returns {Promise}
*/
function apiValidator (schema, payload/*, description*/) {
return new Promise(function Promise_apiValidator (resolve, reject) {
if (typeof payload === 'undefined') {
reject(new error.ValidationError('Payload is undefined'));
}
let validate = ajv.compile(schema);
let valid = validate(payload);
if (valid && !validate.errors) {
resolve(payload);
} else {
let message = ajv.errorsText(validate.errors);
//debug(validate.errors);
let err = new error.ValidationError(message);
err.debug = [validate.errors, payload];
reject(err);
}
});
}
apiValidator.loadSchemas = parser
.dereference(path.resolve('src/backend/schema/index.json'))
.then((schema) => {
ajv.addSchema(schema);
return schema;
});
module.exports = apiValidator;

47
manager/src/backend/lib/validator/index.js Normal file
View File

@@ -0,0 +1,47 @@
'use strict';
const _ = require('lodash');
const error = require('../error');
const definitions = require('../../schema/definitions.json');
RegExp.prototype.toJSON = RegExp.prototype.toString;
const ajv = require('ajv')({
verbose: true, //process.env.NODE_ENV === 'development',
allErrors: true,
format: 'full', // strict regexes for format checks
coerceTypes: true,
schemas: [
definitions
]
});
/**
*
* @param {Object} schema
* @param {Object} payload
* @returns {Promise}
*/
function validator (schema, payload) {
return new Promise(function (resolve, reject) {
if (!payload) {
reject(new error.InternalValidationError('Payload is falsy'));
} else {
try {
let validate = ajv.compile(schema);
let valid = validate(payload);
if (valid && !validate.errors) {
resolve(_.cloneDeep(payload));
} else {
//debug('Validation failed:', schema, payload);
let message = ajv.errorsText(validate.errors);
reject(new error.InternalValidationError(message));
}
} catch (err) {
reject(err);
}
}
});
}
module.exports = validator;

30
manager/src/backend/logger.js Normal file
View File

@@ -0,0 +1,30 @@
const winston = require('winston');
winston.remove(winston.transports.Console);
winston.add(winston.transports.Console, {
colorize: true,
timestamp: true,
prettyPrint: true,
depth: 3
});
winston.setLevels({
error: 0,
warn: 1,
info: 2,
success: 2,
verbose: 3,
debug: 4
});
winston.addColors({
error: 'red',
warn: 'yellow',
info: 'cyan',
success: 'green',
verbose: 'blue',
debug: 'magenta'
});
module.exports = winston;

121
manager/src/backend/routes/api/access.js Normal file
View File

@@ -0,0 +1,121 @@
'use strict';
const express = require('express');
const validator = require('../../lib/validator');
const apiValidator = require('../../lib/validator/api');
const internalAccess = require('../../internal/access');
let router = express.Router({
caseSensitive: true,
strict: true,
mergeParams: true
});
/**
* /api/access
*/
router
.route('/')
.options((req, res) => {
res.sendStatus(204);
})
/**
* GET /api/access
*
* Retrieve all access lists
*/
.get((req, res, next) => {
internalAccess.getAll()
.then(lists => {
res.status(200)
.send(lists);
})
.catch(next);
})
/**
* POST /api/access
*
* Create a new Access List
*/
.post((req, res, next) => {
apiValidator({$ref: 'endpoints/access#/links/1/schema'}, req.body)
.then(payload => {
return internalAccess.create(payload);
})
.then(result => {
res.status(201)
.send(result);
})
.catch(next);
});
/**
* Specific Access List
*
* /api/access/123
*/
router
.route('/:list_id')
.options((req, res) => {
res.sendStatus(204);
})
/**
* GET /access/123
*
* Retrieve a specific Access List
*/
.get((req, res, next) => {
validator({
required: ['list_id'],
additionalProperties: false,
properties: {
list_id: {
$ref: 'definitions#/definitions/id'
}
}
}, req.params)
.then(data => {
return internalAccess.get(data.list_id);
})
.then(list => {
res.status(200)
.send(list);
})
.catch(next);
})
/**
* PUT /api/access/123
*
* Update an existing Access List
*/
.put((req, res, next) => {
apiValidator({$ref: 'endpoints/access#/links/2/schema'}, req.body)
.then(payload => {
return internalAccess.update(req.params.list_id, payload);
})
.then(result => {
res.status(200)
.send(result);
})
.catch(next);
})
/**
* DELETE /api/access/123
*
* Delete an existing Access List
*/
.delete((req, res, next) => {
internalAccess.delete(req.params.list_id)
.then(result => {
res.status(200)
.send(result);
})
.catch(next);
});
module.exports = router;

189
manager/src/backend/routes/api/hosts.js Normal file
View File

@@ -0,0 +1,189 @@
'use strict';
const express = require('express');
const validator = require('../../lib/validator');
const apiValidator = require('../../lib/validator/api');
const internalHost = require('../../internal/host');
let router = express.Router({
caseSensitive: true,
strict: true,
mergeParams: true
});
/**
* /api/hosts
*/
router
.route('/')
.options((req, res) => {
res.sendStatus(204);
})
/**
* GET /api/hosts
*
* Retrieve all hosts
*/
.get((req, res, next) => {
internalHost.getAll()
.then(hosts => {
res.status(200)
.send(hosts);
})
.catch(next);
})
/**
* POST /api/hosts
*
* Create a new Host
*/
.post((req, res, next) => {
apiValidator({$ref: 'endpoints/hosts#/links/1/schema'}, req.body)
.then(payload => {
return internalHost.create(payload);
})
.then(result => {
res.status(201)
.send(result);
})
.catch(next);
});
/**
* Specific Host
*
* /api/hosts/123
*/
router
.route('/:host_id')
.options((req, res) => {
res.sendStatus(204);
})
/**
* GET /hosts/123
*
* Retrieve a specific Host
*/
.get((req, res, next) => {
validator({
required: ['host_id'],
additionalProperties: false,
properties: {
host_id: {
$ref: 'definitions#/definitions/_id'
}
}
}, req.params)
.then(data => {
return internalHost.get(data.host_id);
})
.then(host => {
res.status(200)
.send(host);
})
.catch(next);
})
/**
* PUT /api/hosts/123
*
* Update an existing Host
*/
.put((req, res, next) => {
apiValidator({$ref: 'endpoints/hosts#/links/2/schema'}, req.body)
.then(payload => {
return internalHost.update(req.params.host_id, payload);
})
.then(result => {
res.status(200)
.send(result);
})
.catch(next);
})
/**
* DELETE /api/hosts/123
*
* Delete an existing Host
*/
.delete((req, res, next) => {
internalHost.delete(req.params.host_id)
.then(result => {
res.status(200)
.send(result);
})
.catch(next);
});
/**
* Reconfigure Host Action
*
* /api/hosts/123/reconfigure
*/
router
.route('/:host_id/reconfigure')
.options((req, res) => {
res.sendStatus(204);
})
/**
* POST /api/hosts/123/reconfigure
*/
.post((req, res, next) => {
validator({
required: ['host_id'],
additionalProperties: false,
properties: {
host_id: {
$ref: 'definitions#/definitions/_id'
}
}
}, req.params)
.then(data => {
return internalHost.reconfigure(data.host_id);
})
.then(result => {
res.status(200)
.send(result);
})
.catch(next);
});
/**
* Renew Host Action
*
* /api/hosts/123/renew
*/
router
.route('/:host_id/renew')
.options((req, res) => {
res.sendStatus(204);
})
/**
* POST /api/hosts/123/renew
*/
.post((req, res, next) => {
validator({
required: ['host_id'],
additionalProperties: false,
properties: {
host_id: {
$ref: 'definitions#/definitions/_id'
}
}
}, req.params)
.then(data => {
return internalHost.renew(data.host_id);
})
.then(result => {
res.status(200)
.send(result);
})
.catch(next);
});
module.exports = router;

31
manager/src/backend/routes/api/main.js Normal file
View File

@@ -0,0 +1,31 @@
'use strict';
const express = require('express');
const pjson = require('../../../../package.json');
let router = express.Router({
caseSensitive: true,
strict: true,
mergeParams: true
});
/**
* GET /api
*/
router.get('/', (req, res/*, next*/) => {
let version = pjson.version.split('-').shift().split('.');
res.status(200).send({
status: 'Healthy',
version: {
major: parseInt(version.shift(), 10),
minor: parseInt(version.shift(), 10),
revision: parseInt(version.shift(), 10)
}
});
});
router.use('/hosts', require('./hosts'));
router.use('/access', require('./access'));
module.exports = router;

50
manager/src/backend/routes/main.js Normal file
View File

@@ -0,0 +1,50 @@
'use strict';
const express = require('express');
const fs = require('fs');
const router = express.Router({
caseSensitive: true,
strict: true,
mergeParams: true
});
/**
* Health Check
* GET /health
*/
router.get('/health', (req, res/*, next*/) => {
res.status(200).send({
status: 'Healthy'
});
});
/**
* GET .*
*/
router.get(/(.*)/, function (req, res, next) {
req.params.page = req.params['0'];
if (req.params.page === '/') {
req.params.page = '/index.html';
}
fs.readFile('dist' + req.params.page, 'utf8', function (err, data) {
if (err) {
if (req.params.page !== '/index.html') {
fs.readFile('dist/index.html', 'utf8', function (err2, data) {
if (err2) {
next(err);
} else {
res.contentType('text/html').end(data);
}
});
} else {
next(err);
}
} else {
res.contentType('text/html').end(data);
}
});
});
module.exports = router;

61
manager/src/backend/schema/definitions.json Normal file
View File

@@ -0,0 +1,61 @@
{
"$schema": "http://json-schema.org/draft-06/schema#",
"id": "definitions",
"definitions": {
"id": {
"description": "Unique identifier",
"example": 123456,
"readOnly": true,
"type": "integer",
"minimum": 1
},
"_id": {
"description": "Unique identifier",
"example": "dfgbkjwj23asdad23gbweg",
"readOnly": true,
"type": "string",
"minLength": 1
},
"hostname": {
"definition": "Fully Qualified Host Name",
"type": "string",
"minLength": 2,
"example": "myhost.example.com"
},
"expand": {
"anyOf": [
{
"type": "null"
},
{
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
]
},
"sort": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"required": [
"field",
"dir"
],
"additionalProperties": false,
"properties": {
"field": {
"type": "string"
},
"dir": {
"type": "string",
"pattern": "^(asc|desc)$"
}
}
}
}
}
}

149
manager/src/backend/schema/endpoints/access.json Normal file
View File

@@ -0,0 +1,149 @@
{
"$schema": "http://json-schema.org/draft-06/schema#",
"id": "endpoints/access",
"title": "Access",
"description": "Endpoints relating to Access Lists",
"stability": "stable",
"type": "object",
"definitions": {
"_id": {
"type": "string",
"readonly": true
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 50
},
"items": {
"type": "array",
"items": {
"type": "object",
"required": [
"username",
"password"
],
"properties": {
"username": {
"type": "string",
"minLength": 1,
"maxLength": 50
},
"password": {
"type": "string",
"minLength": 0,
"maxLength": 50
},
"hint": {
"type": "string",
"minLength": 0,
"maxLength": 50
}
}
}
},
"hosts": {
"type": "array",
"items": {
"type": "object"
}
}
},
"links": [
{
"title": "List",
"description": "Returns a list of Access Lists",
"href": "/access",
"access": "public",
"method": "GET",
"rel": "self",
"targetSchema": {
"type": "array",
"items": {
"$ref": "#/properties"
}
}
},
{
"title": "Create",
"description": "Creates a new Access List",
"href": "/access",
"access": "public",
"method": "POST",
"rel": "create",
"schema": {
"type": "object",
"required": [
"name",
"items"
],
"properties": {
"name": {
"$ref": "#/definitions/name"
},
"items": {
"$ref": "#/definitions/items"
}
}
},
"targetSchema": {
"properties": {
"$ref": "#/properties"
}
}
},
{
"title": "Update",
"description": "Updates a Access List",
"href": "/hosts/{definitions.identity.example}",
"access": "public",
"method": "PUT",
"rel": "update",
"schema": {
"type": "object",
"required": [
"name",
"items"
],
"properties": {
"name": {
"$ref": "#/definitions/name"
},
"items": {
"$ref": "#/definitions/items"
}
}
},
"targetSchema": {
"properties": {
"$ref": "#/properties"
}
}
},
{
"title": "Delete",
"description": "Deletes a existing Access List",
"href": "/hosts/{definitions.identity.example}",
"access": "public",
"method": "DELETE",
"rel": "delete",
"targetSchema": {
"type": "boolean"
}
}
],
"properties": {
"_id": {
"$ref": "#/definitions/_id"
},
"name": {
"$ref": "#/definitions/name"
},
"items": {
"$ref": "#/definitions/items"
},
"hosts": {
"$ref": "#/definitions/hosts"
}
}
}

228
manager/src/backend/schema/endpoints/hosts.json Normal file
View File

@@ -0,0 +1,228 @@
{
"$schema": "http://json-schema.org/draft-06/schema#",
"id": "endpoints/hosts",
"title": "Hosts",
"description": "Endpoints relating to Hosts",
"stability": "stable",
"type": "object",
"definitions": {
"_id": {
"type": "string",
"readonly": true
},
"hostname": {
"$ref": "../definitions.json#/definitions/hostname"
},
"forward_server": {
"type": "string",
"format": "ipv4"
},
"forward_port": {
"type": "integer",
"minumum": 1,
"maxiumum": 65535
},
"asset_caching": {
"type": "boolean"
},
"block_exploits": {
"type": "boolean"
},
"ssl": {
"type": "boolean"
},
"ssl_expires": {
"type": "integer",
"minimum": 0,
"readonly": true
},
"letsencrypt_email": {
"type": "string",
"format": "email"
},
"force_ssl": {
"type": "boolean"
},
"access_list_id": {
"type": "string"
},
"advanced": {
"type": "string"
},
"access_list": {
"type": "object",
"readonly": true
}
},
"links": [
{
"title": "List",
"description": "Returns a list of Hosts",
"href": "/hosts",
"access": "public",
"method": "GET",
"rel": "self",
"targetSchema": {
"type": "array",
"items": {
"$ref": "#/properties"
}
}
},
{
"title": "Create",
"description": "Creates a new Host",
"href": "/hosts",
"access": "public",
"method": "POST",
"rel": "create",
"schema": {
"type": "object",
"required": [
"hostname",
"forward_server",
"forward_port"
],
"properties": {
"hostname": {
"$ref": "#/definitions/hostname"
},
"forward_server": {
"$ref": "#/definitions/forward_server"
},
"forward_port": {
"$ref": "#/definitions/forward_port"
},
"asset_caching": {
"$ref": "#/definitions/asset_caching"
},
"block_exploits": {
"$ref": "#/definitions/block_exploits"
},
"ssl": {
"$ref": "#/definitions/ssl"
},
"letsencrypt_email": {
"$ref": "#/definitions/letsencrypt_email"
},
"force_ssl": {
"$ref": "#/definitions/force_ssl"
},
"advanced": {
"$ref": "#/definitions/advanced"
},
"access_list_id": {
"$ref": "#/definitions/access_list_id"
}
}
},
"targetSchema": {
"properties": {
"$ref": "#/properties"
}
}
},
{
"title": "Update",
"description": "Updates a Host",
"href": "/hosts/{definitions.identity.example}",
"access": "public",
"method": "PUT",
"rel": "update",
"schema": {
"type": "object",
"required": [],
"additionalProperties": false,
"properties": {
"hostname": {
"$ref": "#/definitions/hostname"
},
"forward_server": {
"$ref": "#/definitions/forward_server"
},
"forward_port": {
"$ref": "#/definitions/forward_port"
},
"asset_caching": {
"$ref": "#/definitions/asset_caching"
},
"block_exploits": {
"$ref": "#/definitions/block_exploits"
},
"ssl": {
"$ref": "#/definitions/ssl"
},
"letsencrypt_email": {
"$ref": "#/definitions/letsencrypt_email"
},
"force_ssl": {
"$ref": "#/definitions/force_ssl"
},
"advanced": {
"$ref": "#/definitions/advanced"
},
"access_list_id": {
"$ref": "#/definitions/access_list_id"
}
}
},
"targetSchema": {
"properties": {
"$ref": "#/properties"
}
}
},
{
"title": "Delete",
"description": "Deletes a existing Host",
"href": "/hosts/{definitions.identity.example}",
"access": "public",
"method": "DELETE",
"rel": "delete",
"targetSchema": {
"type": "boolean"
}
}
],
"properties": {
"_id": {
"$ref": "#/definitions/_id"
},
"hostname": {
"$ref": "#/definitions/hostname"
},
"forward_server": {
"$ref": "#/definitions/forward_server"
},
"forward_port": {
"$ref": "#/definitions/forward_port"
},
"asset_caching": {
"$ref": "#/definitions/asset_caching"
},
"block_exploits": {
"$ref": "#/definitions/block_exploits"
},
"ssl": {
"$ref": "#/definitions/ssl"
},
"ssl_expires": {
"$ref": "#/definitions/ssl_expires"
},
"letsencrypt_email": {
"$ref": "#/definitions/letsencrypt_email"
},
"force_ssl": {
"$ref": "#/definitions/force_ssl"
},
"access_list_id": {
"$ref": "#/definitions/access_list_id"
},
"access_list": {
"$ref": "#/definitions/access_list"
},
"advanced": {
"$ref": "#/definitions/advanced"
}
}
}

6
manager/src/backend/schema/examples.json Normal file
View File

@@ -0,0 +1,6 @@
{
"$schema": "http://json-schema.org/draft-06/schema#",
"id": "examples",
"type": "object",
"definitions": {}
}

21
manager/src/backend/schema/index.json Normal file
View File

@@ -0,0 +1,21 @@
{
"$schema": "http://json-schema.org/draft-06/schema#",
"title": "Nginx Proxy Manager REST API",
"description": "This is the Nginx Proxy Manager REST API",
"id": "root",
"version": "1.0.0",
"links": [
{
"href": "http://localhost:81/api",
"rel": "self"
}
],
"properties": {
"hosts": {
"$ref": "endpoints/hosts.json"
},
"access": {
"$ref": "endpoints/access.json"
}
}
}

33
manager/src/backend/templates/host.conf.ejs Normal file
View File

@@ -0,0 +1,33 @@
# <%- hostname %>
server {
listen 80;
<%- typeof ssl !== 'undefined' && ssl ? 'listen 443 ssl;' : '' %>
server_name <%- hostname %>;
access_log /config/logs/<%- hostname %>.log proxy;
set $server <%- forward_server %>;
set $port <%- forward_port %>;
<%- typeof asset_caching !== 'undefined' && asset_caching ? 'include conf.d/include/assets.conf;' : '' %>
<%- typeof block_exploits !== 'undefined' && block_exploits ? 'include conf.d/include/block-exploits.conf;' : '' %>
<% if (typeof ssl !== 'undefined' && ssl) { -%>
include conf.d/include/ssl-ciphers.conf;
ssl_certificate /etc/letsencrypt/live/<%- hostname %>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<%- hostname %>/privkey.pem;
<% } -%>
<% if (typeof access_list_id !== 'undefined' && access_list_id) { -%>
auth_basic "Authorization required";
auth_basic_user_file /config/access/<%- access_list_id %>;
<% } -%>
<%- typeof advanced !== 'undefined' && advanced ? advanced : '' %>
location / {
<%- typeof force_ssl !== 'undefined' && force_ssl ? 'include conf.d/include/force-ssl.conf;' : '' %>
include conf.d/include/proxy.conf;
}
}

11
manager/src/backend/templates/letsencrypt.conf.ejs Normal file
View File

@@ -0,0 +1,11 @@
# Letsencrypt Verification Temporary Host: <%- hostname %>
server {
listen 80;
server_name <%- hostname %>;
access_log /config/logs/letsencrypt.log proxy;
location / {
root <%- root_path %>;
}
}