fix: hook.ts - relogin needed
updated packages fix: Lots of typescript thingy fix: ssl request flow fix: proxy cleanup flow
This commit is contained in:
Andras Bacsai
@@ -67,7 +67,7 @@ export const isTeamIdTokenAvailable = (request) => {
|
||||
};
|
||||
|
||||
export const getTeam = (event) => {
|
||||
const cookies: Cookies = Cookie.parse(event.request.headers.get('cookie'));
|
||||
const cookies = Cookie.parse(event.request.headers.get('cookie'));
|
||||
if (cookies.teamId) {
|
||||
return cookies.teamId;
|
||||
} else if (event.locals.session.data.teamId) {
|
||||
@@ -78,7 +78,7 @@ export const getTeam = (event) => {
|
||||
|
||||
export const getUserDetails = async (event, isAdminRequired = true) => {
|
||||
const teamId = getTeam(event);
|
||||
const userId = event.locals.session.data.uid || null;
|
||||
const userId = event.locals.session.data.userId || null;
|
||||
const { permission = 'read' } = await db.prisma.permission.findFirst({
|
||||
where: { teamId, userId },
|
||||
select: { permission: true },
|
||||
|
||||
@@ -6,6 +6,7 @@
|
||||
export let description;
|
||||
export let isCenter = true;
|
||||
export let disabled = false;
|
||||
export let dataTooltip = null;
|
||||
</script>
|
||||
|
||||
<div class="flex items-center py-4 pr-8">
|
||||
@@ -14,7 +15,7 @@
|
||||
<Explainer text={description} />
|
||||
</div>
|
||||
</div>
|
||||
<div class:text-center={isCenter}>
|
||||
<div class:tooltip={dataTooltip} class:text-center={isCenter} data-tooltip={dataTooltip}>
|
||||
<div
|
||||
type="button"
|
||||
on:click
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import { decrypt, encrypt } from '$lib/crypto';
|
||||
import { removeProxyConfiguration, removeWwwRedirection } from '$lib/haproxy';
|
||||
import { removeProxyConfiguration } from '$lib/haproxy';
|
||||
import { asyncExecShell, getEngine } from '$lib/common';
|
||||
|
||||
import { getDomain, removeDestinationDocker } from '$lib/common';
|
||||
|
||||
@@ -2,6 +2,7 @@ import { dev } from '$app/env';
|
||||
import { sentry } from '$lib/common';
|
||||
import * as Prisma from '@prisma/client';
|
||||
import { default as ProdPrisma } from '@prisma/client';
|
||||
import type { PrismaClientOptions } from '@prisma/client/runtime';
|
||||
import generator from 'generate-password';
|
||||
import forge from 'node-forge';
|
||||
|
||||
@@ -19,28 +20,20 @@ if (!dev) {
|
||||
PrismaClient = ProdPrisma.PrismaClient;
|
||||
P = ProdPrisma.Prisma;
|
||||
}
|
||||
let prismaOptions = {
|
||||
|
||||
export const prisma = new PrismaClient({
|
||||
errorFormat: 'pretty',
|
||||
rejectOnNotFound: false
|
||||
};
|
||||
if (dev) {
|
||||
prismaOptions = {
|
||||
errorFormat: 'pretty',
|
||||
rejectOnNotFound: false,
|
||||
log: [
|
||||
{
|
||||
emit: 'event',
|
||||
level: 'query'
|
||||
}
|
||||
]
|
||||
};
|
||||
}
|
||||
export const prisma = new PrismaClient(prismaOptions);
|
||||
});
|
||||
|
||||
export function ErrorHandler(e) {
|
||||
if (e! instanceof Error) {
|
||||
e = new Error(e.toString());
|
||||
}
|
||||
let truncatedError = e;
|
||||
if (e.stdout) {
|
||||
truncatedError = e.stdout;
|
||||
}
|
||||
if (e.message?.includes('docker run')) {
|
||||
let truncatedArray = [];
|
||||
truncatedArray = truncatedError.message.split('-').filter((line) => {
|
||||
|
||||
@@ -12,13 +12,16 @@ export async function login({ email, password }) {
|
||||
const users = await prisma.user.count();
|
||||
const userFound = await prisma.user.findUnique({
|
||||
where: { email },
|
||||
include: { teams: true },
|
||||
include: { teams: true, permission: true },
|
||||
rejectOnNotFound: false
|
||||
});
|
||||
console.log(userFound);
|
||||
// Registration disabled if database is not seeded properly
|
||||
const { isRegistrationEnabled, id } = await db.listSettings();
|
||||
|
||||
let uid = cuid();
|
||||
let permission = 'read';
|
||||
let isAdmin = false;
|
||||
// Disable registration if we are registering the first user.
|
||||
if (users === 0) {
|
||||
await prisma.setting.update({ where: { id }, data: { isRegistrationEnabled: false } });
|
||||
@@ -50,6 +53,8 @@ export async function login({ email, password }) {
|
||||
};
|
||||
}
|
||||
uid = userFound.id;
|
||||
// permission = userFound.permission;
|
||||
isAdmin = true;
|
||||
}
|
||||
} else {
|
||||
// If registration disabled, return 403
|
||||
@@ -61,6 +66,8 @@ export async function login({ email, password }) {
|
||||
|
||||
const hashedPassword = await bcrypt.hash(password, saltRounds);
|
||||
if (users === 0) {
|
||||
permission = 'owner';
|
||||
isAdmin = true;
|
||||
await prisma.user.create({
|
||||
data: {
|
||||
id: uid,
|
||||
@@ -103,8 +110,10 @@ export async function login({ email, password }) {
|
||||
'Set-Cookie': `teamId=${uid}; HttpOnly; Path=/; Max-Age=15778800;`
|
||||
},
|
||||
body: {
|
||||
uid,
|
||||
teamId: uid
|
||||
userId: uid,
|
||||
teamId: uid,
|
||||
permission,
|
||||
isAdmin
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
@@ -48,7 +48,8 @@ export async function completeTransaction(transactionId) {
|
||||
return await haproxy.put(`v2/services/haproxy/transactions/${transactionId}`);
|
||||
}
|
||||
|
||||
export async function removeProxyConfiguration({ domain }) {
|
||||
export async function removeProxyConfiguration(fqdn) {
|
||||
const domain = getDomain(fqdn);
|
||||
const haproxy = await haproxyInstance();
|
||||
const backendFound = await haproxy
|
||||
.get(`v2/services/haproxy/configuration/backends/${domain}`)
|
||||
@@ -64,10 +65,10 @@ export async function removeProxyConfiguration({ domain }) {
|
||||
.json();
|
||||
await completeTransaction(transactionId);
|
||||
}
|
||||
await forceSSLOffApplication({ domain });
|
||||
await removeWwwRedirection(domain);
|
||||
await forceSSLOffApplication(domain);
|
||||
await removeWwwRedirection(fqdn);
|
||||
}
|
||||
export async function forceSSLOffApplication({ domain }) {
|
||||
export async function forceSSLOffApplication(domain) {
|
||||
const haproxy = await haproxyInstance();
|
||||
await checkHAProxy(haproxy);
|
||||
let transactionId;
|
||||
@@ -104,7 +105,7 @@ export async function forceSSLOffApplication({ domain }) {
|
||||
if (transactionId) await completeTransaction(transactionId);
|
||||
}
|
||||
}
|
||||
export async function forceSSLOnApplication({ domain }) {
|
||||
export async function forceSSLOnApplication(domain) {
|
||||
const haproxy = await haproxyInstance();
|
||||
await checkHAProxy(haproxy);
|
||||
let transactionId;
|
||||
@@ -283,7 +284,7 @@ export async function configureCoolifyProxyOff(fqdn) {
|
||||
})
|
||||
.json();
|
||||
await completeTransaction(transactionId);
|
||||
if (isHttps) await forceSSLOffApplication({ domain });
|
||||
if (isHttps) await forceSSLOffApplication(domain);
|
||||
await removeWwwRedirection(fqdn);
|
||||
} catch (error) {
|
||||
throw error?.response?.body || error;
|
||||
@@ -558,7 +559,8 @@ export async function configureSimpleServiceProxyOn({ id, domain, port }) {
|
||||
await completeTransaction(transactionId);
|
||||
}
|
||||
|
||||
export async function configureSimpleServiceProxyOff({ domain }) {
|
||||
export async function configureSimpleServiceProxyOff(fqdn) {
|
||||
const domain = getDomain(fqdn);
|
||||
const haproxy = await haproxyInstance();
|
||||
await checkHAProxy(haproxy);
|
||||
try {
|
||||
@@ -573,12 +575,16 @@ export async function configureSimpleServiceProxyOff({ domain }) {
|
||||
.json();
|
||||
await completeTransaction(transactionId);
|
||||
} catch (error) {}
|
||||
await forceSSLOffApplication({ domain });
|
||||
await removeWwwRedirection(domain);
|
||||
await forceSSLOffApplication(domain);
|
||||
await removeWwwRedirection(fqdn);
|
||||
return;
|
||||
}
|
||||
|
||||
export async function removeWwwRedirection(domain) {
|
||||
export async function removeWwwRedirection(fqdn) {
|
||||
const domain = getDomain(fqdn);
|
||||
const isHttps = fqdn.startsWith('https://');
|
||||
const redirectValue = `${isHttps ? 'https://' : 'http://'}${domain}%[capture.req.uri]`;
|
||||
|
||||
const haproxy = await haproxyInstance();
|
||||
await checkHAProxy();
|
||||
const rules: any = await haproxy
|
||||
@@ -590,9 +596,7 @@ export async function removeWwwRedirection(domain) {
|
||||
})
|
||||
.json();
|
||||
if (rules.data.length > 0) {
|
||||
const rule = rules.data.find((rule) =>
|
||||
rule.redir_value.includes(`${domain}%[capture.req.uri]`)
|
||||
);
|
||||
const rule = rules.data.find((rule) => rule.redir_value.includes(redirectValue));
|
||||
if (rule) {
|
||||
const transactionId = await getNextTransactionId();
|
||||
await haproxy
|
||||
@@ -617,6 +621,7 @@ export async function setWwwRedirection(fqdn) {
|
||||
const domain = getDomain(fqdn);
|
||||
const isHttps = fqdn.startsWith('https://');
|
||||
const isWWW = fqdn.includes('www.');
|
||||
const redirectValue = `${isHttps ? 'https://' : 'http://'}${domain}%[capture.req.uri]`;
|
||||
const contTest = `{ req.hdr(host) -i ${isWWW ? domain.replace('www.', '') : `www.${domain}`} }`;
|
||||
const rules: any = await haproxy
|
||||
.get(`v2/services/haproxy/configuration/http_request_rules`, {
|
||||
@@ -628,13 +633,11 @@ export async function setWwwRedirection(fqdn) {
|
||||
.json();
|
||||
let nextRule = 0;
|
||||
if (rules.data.length > 0) {
|
||||
const rule = rules.data.find((rule) =>
|
||||
rule.redir_value.includes(`${domain}%[capture.req.uri]`)
|
||||
);
|
||||
const rule = rules.data.find((rule) => rule.redir_value.includes(redirectValue));
|
||||
if (rule) return;
|
||||
nextRule = rules.data[rules.data.length - 1].index + 1;
|
||||
}
|
||||
const redirectValue = `${isHttps ? 'https://' : 'http://'}${domain}%[capture.req.uri]`;
|
||||
|
||||
transactionId = await getNextTransactionId();
|
||||
await haproxy
|
||||
.post(`v2/services/haproxy/configuration/http_request_rules`, {
|
||||
|
||||
@@ -46,35 +46,33 @@ export async function letsEncrypt({ domain, isCoolify = false, id = null }) {
|
||||
}
|
||||
}
|
||||
}
|
||||
await forceSSLOffApplication({ domain });
|
||||
await forceSSLOffApplication(domain);
|
||||
if (dualCerts) {
|
||||
const error = await asyncExecShell(
|
||||
await asyncExecShell(
|
||||
`DOCKER_HOST=${host} docker run --rm --name certbot-${randomCuid} -p ${randomPort}:${randomPort} -v "coolify-letsencrypt:/etc/letsencrypt" certbot/certbot --logs-dir /etc/letsencrypt/logs certonly --standalone --preferred-challenges http --http-01-address 0.0.0.0 --http-01-port ${randomPort} -d ${nakedDomain} -d ${wwwDomain} --expand --agree-tos --non-interactive --register-unsafely-without-email ${
|
||||
dev ? '--test-cert' : ''
|
||||
}`
|
||||
);
|
||||
if (error.stderr) throw error;
|
||||
const sslCopyError = await asyncExecShell(
|
||||
await asyncExecShell(
|
||||
`DOCKER_HOST=${host} docker run --rm -v "coolify-letsencrypt:/etc/letsencrypt" -v "coolify-ssl-certs:/app/ssl" alpine:latest sh -c "test -d /etc/letsencrypt/live/${nakedDomain}/ && cat /etc/letsencrypt/live/${nakedDomain}/fullchain.pem /etc/letsencrypt/live/${nakedDomain}/privkey.pem > /app/ssl/${nakedDomain}.pem || cat /etc/letsencrypt/live/${wwwDomain}/fullchain.pem /etc/letsencrypt/live/${wwwDomain}/privkey.pem > /app/ssl/${wwwDomain}.pem"`
|
||||
);
|
||||
if (sslCopyError.stderr) throw sslCopyError;
|
||||
} else {
|
||||
const sslGenerateError = await asyncExecShell(
|
||||
await asyncExecShell(
|
||||
`DOCKER_HOST=${host} docker run --rm --name certbot-${randomCuid} -p ${randomPort}:${randomPort} -v "coolify-letsencrypt:/etc/letsencrypt" certbot/certbot --logs-dir /etc/letsencrypt/logs certonly --standalone --preferred-challenges http --http-01-address 0.0.0.0 --http-01-port ${randomPort} -d ${domain} --expand --agree-tos --non-interactive --register-unsafely-without-email ${
|
||||
dev ? '--test-cert' : ''
|
||||
}`
|
||||
);
|
||||
if (sslGenerateError.stderr) throw sslGenerateError;
|
||||
const sslCopyError = await asyncExecShell(
|
||||
await asyncExecShell(
|
||||
`DOCKER_HOST=${host} docker run --rm -v "coolify-letsencrypt:/etc/letsencrypt" -v "coolify-ssl-certs:/app/ssl" alpine:latest sh -c "cat /etc/letsencrypt/live/${domain}/fullchain.pem /etc/letsencrypt/live/${domain}/privkey.pem > /app/ssl/${domain}.pem"`
|
||||
);
|
||||
if (sslCopyError.stderr) throw sslCopyError;
|
||||
}
|
||||
} catch (error) {
|
||||
throw error;
|
||||
if (error.code !== 0) {
|
||||
throw error;
|
||||
}
|
||||
} finally {
|
||||
if (!isCoolify) {
|
||||
await forceSSLOnApplication({ domain });
|
||||
await forceSSLOnApplication(domain);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -48,7 +48,7 @@ export default async function () {
|
||||
port
|
||||
});
|
||||
const isHttps = fqdn.startsWith('https://');
|
||||
if (isHttps) await forceSSLOnApplication({ domain });
|
||||
if (isHttps) await forceSSLOnApplication(domain);
|
||||
await setWwwRedirection(fqdn);
|
||||
}
|
||||
}
|
||||
@@ -98,7 +98,7 @@ export default async function () {
|
||||
await configureCoolifyProxyOn(fqdn);
|
||||
await setWwwRedirection(fqdn);
|
||||
const isHttps = fqdn.startsWith('https://');
|
||||
if (isHttps) await forceSSLOnApplication({ domain });
|
||||
if (isHttps) await forceSSLOnApplication(domain);
|
||||
}
|
||||
} catch (error) {
|
||||
console.log(error);
|
||||
|
||||
Reference in New Issue
Block a user