Initial commit: DashCaddy v1.0
Full codebase including API server (32 modules + routes), dashboard frontend, DashCA certificate distribution, installer script, and deployment skills.
This commit is contained in:
120
dashcaddy-api/scripts/install-ca.ps1.template
Normal file
120
dashcaddy-api/scripts/install-ca.ps1.template
Normal file
@@ -0,0 +1,120 @@
|
||||
#Requires -RunAsAdministrator
|
||||
|
||||
<#
|
||||
.SYNOPSIS
|
||||
Installs the DashCaddy Root CA certificate to the Trusted Root Certification Authorities store.
|
||||
|
||||
.DESCRIPTION
|
||||
This script downloads the root CA certificate from your DashCaddy instance, verifies its fingerprint,
|
||||
and installs it to the local machine's trusted root store.
|
||||
#>
|
||||
|
||||
$ErrorActionPreference = "Stop"
|
||||
|
||||
# ==========================================
|
||||
# CONFIGURATION (Injected by DashCaddy API)
|
||||
# ==========================================
|
||||
$CertUrl = "{{CERT_URL}}"
|
||||
$ExpectedFingerprint = "{{CERT_FINGERPRINT}}"
|
||||
# ==========================================
|
||||
|
||||
$TempFile = "$env:TEMP\dashcaddy-root-ca.crt"
|
||||
|
||||
# Colors
|
||||
$Red = [System.ConsoleColor]::Red
|
||||
$Green = [System.ConsoleColor]::Green
|
||||
$Cyan = [System.ConsoleColor]::Cyan
|
||||
$Yellow = [System.ConsoleColor]::Yellow
|
||||
|
||||
Write-Host ""
|
||||
Write-Host "========================================" -ForegroundColor $Cyan
|
||||
Write-Host " DashCaddy Certificate Installer" -ForegroundColor $Cyan
|
||||
Write-Host "========================================" -ForegroundColor $Cyan
|
||||
Write-Host ""
|
||||
|
||||
# Step 1: Download certificate
|
||||
Write-Host "[1/4] Downloading certificate..." -ForegroundColor $Cyan
|
||||
try {
|
||||
$ProgressPreference = 'SilentlyContinue'
|
||||
|
||||
# Bypass SSL validation — the user doesn't trust the CA yet, that's the whole point
|
||||
if (-not ([System.Management.Automation.PSTypeName]'TrustAllCertsPolicy').Type) {
|
||||
Add-Type @"
|
||||
using System.Net;
|
||||
using System.Security.Cryptography.X509Certificates;
|
||||
public class TrustAllCertsPolicy : ICertificatePolicy {
|
||||
public bool CheckValidationResult(ServicePoint sp, X509Certificate cert, WebRequest req, int problem) { return true; }
|
||||
}
|
||||
"@
|
||||
}
|
||||
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
|
||||
|
||||
Invoke-WebRequest -Uri $CertUrl -OutFile $TempFile -UseBasicParsing -ErrorAction Stop
|
||||
Write-Host " OK Certificate downloaded" -ForegroundColor $Green
|
||||
} catch {
|
||||
Write-Host " FAIL Failed to download certificate from $CertUrl" -ForegroundColor $Red
|
||||
Write-Host " Error: $_" -ForegroundColor $Red
|
||||
exit 1
|
||||
}
|
||||
|
||||
# Step 2: Verify fingerprint
|
||||
Write-Host "[2/4] Verifying certificate fingerprint..." -ForegroundColor $Cyan
|
||||
try {
|
||||
$Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($TempFile)
|
||||
$Fingerprint = $Cert.Thumbprint
|
||||
|
||||
$NormalizedExpected = $ExpectedFingerprint -replace '[:\s]', ''
|
||||
$NormalizedActual = $Fingerprint -replace '[:\s]', ''
|
||||
|
||||
if ($NormalizedActual -ne $NormalizedExpected) {
|
||||
Write-Host " FAIL Fingerprint mismatch!" -ForegroundColor $Red
|
||||
Write-Host " Expected: $ExpectedFingerprint" -ForegroundColor $Yellow
|
||||
Write-Host " Got: $Fingerprint" -ForegroundColor $Red
|
||||
Remove-Item $TempFile -Force
|
||||
Write-Host ""
|
||||
Write-Host "SECURITY WARNING: The downloaded certificate does not match the expected fingerprint." -ForegroundColor $Red
|
||||
exit 1
|
||||
}
|
||||
Write-Host " OK Fingerprint verified" -ForegroundColor $Green
|
||||
} catch {
|
||||
Write-Host " FAIL Failed to verify fingerprint: $_" -ForegroundColor $Red
|
||||
Remove-Item $TempFile -Force -ErrorAction SilentlyContinue
|
||||
exit 1
|
||||
}
|
||||
|
||||
# Step 3: Check if already installed
|
||||
Write-Host "[3/4] Checking for existing certificate..." -ForegroundColor $Cyan
|
||||
$ExistingCert = Get-ChildItem -Path Cert:\LocalMachine\Root | Where-Object { $_.Thumbprint -eq $Fingerprint }
|
||||
if ($ExistingCert) {
|
||||
Write-Host " INFO Certificate already installed" -ForegroundColor $Yellow
|
||||
Remove-Item $TempFile -Force
|
||||
Write-Host ""
|
||||
Write-Host "The DashCaddy Root CA is already trusted on this system." -ForegroundColor $Green
|
||||
Start-Sleep -Seconds 3
|
||||
exit 0
|
||||
}
|
||||
Write-Host " OK Not yet installed, proceeding..." -ForegroundColor $Green
|
||||
|
||||
# Step 4: Install certificate
|
||||
Write-Host "[4/4] Installing to Trusted Root store..." -ForegroundColor $Cyan
|
||||
try {
|
||||
$ImportedCert = Import-Certificate -FilePath $TempFile -CertStoreLocation Cert:\LocalMachine\Root -ErrorAction Stop
|
||||
Write-Host " OK Certificate installed successfully" -ForegroundColor $Green
|
||||
} catch {
|
||||
Write-Host " FAIL Failed to install certificate. Ensure you are running as Administrator." -ForegroundColor $Red
|
||||
Remove-Item $TempFile -Force -ErrorAction SilentlyContinue
|
||||
exit 1
|
||||
}
|
||||
|
||||
# Cleanup
|
||||
Remove-Item $TempFile -Force -ErrorAction SilentlyContinue
|
||||
|
||||
Write-Host ""
|
||||
Write-Host "========================================" -ForegroundColor $Green
|
||||
Write-Host " SUCCESS!" -ForegroundColor $Green
|
||||
Write-Host "========================================" -ForegroundColor $Green
|
||||
Write-Host ""
|
||||
Write-Host "Your browser will now trust DashCaddy apps." -ForegroundColor $Green
|
||||
Write-Host "You may need to restart your browser for changes to take effect." -ForegroundColor $Yellow
|
||||
Write-Host ""
|
||||
Start-Sleep -Seconds 3
|
||||
99
dashcaddy-api/scripts/install-ca.sh.template
Normal file
99
dashcaddy-api/scripts/install-ca.sh.template
Normal file
@@ -0,0 +1,99 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
# ==========================================
|
||||
# CONFIGURATION (Injected by DashCaddy API)
|
||||
# ==========================================
|
||||
CERT_URL="{{CERT_URL}}"
|
||||
EXPECTED_FP="{{CERT_FINGERPRINT}}"
|
||||
# ==========================================
|
||||
|
||||
TMPFILE="$(mktemp /tmp/dashcaddy-root-ca.XXXXXX.crt)"
|
||||
|
||||
RED='\033[0;31m'; GREEN='\033[0;32m'; CYAN='\033[0;36m'; YELLOW='\033[1;33m'; NC='\033[0m'
|
||||
|
||||
echo ""
|
||||
echo -e "${CYAN}========================================"
|
||||
echo " DashCaddy Certificate Installer"
|
||||
echo -e "========================================${NC}"
|
||||
echo ""
|
||||
|
||||
# Step 1: Download certificate (skip TLS verification — we verify the fingerprint instead)
|
||||
echo -e "${CYAN}[1/4] Downloading certificate...${NC}"
|
||||
if command -v curl &>/dev/null; then
|
||||
curl -fsSk -o "$TMPFILE" "$CERT_URL"
|
||||
elif command -v wget &>/dev/null; then
|
||||
wget -q --no-check-certificate -O "$TMPFILE" "$CERT_URL"
|
||||
else
|
||||
echo -e "${RED} FAIL Neither curl nor wget found${NC}"
|
||||
exit 1
|
||||
fi
|
||||
echo -e "${GREEN} OK Certificate downloaded${NC}"
|
||||
|
||||
# Step 2: Verify fingerprint
|
||||
echo -e "${CYAN}[2/4] Verifying certificate fingerprint...${NC}"
|
||||
ACTUAL_FP=$(openssl x509 -in "$TMPFILE" -noout -fingerprint -sha256 2>/dev/null | sed 's/.*=//; s/://g')
|
||||
CLEAN_EXPECTED=$(echo "$EXPECTED_FP" | tr -d ': ')
|
||||
|
||||
if [ "$ACTUAL_FP" != "$CLEAN_EXPECTED" ]; then
|
||||
echo -e "${RED} FAIL Fingerprint mismatch!${NC}"
|
||||
echo -e "${YELLOW} Expected: $EXPECTED_FP${NC}"
|
||||
echo -e "${RED} Got: $ACTUAL_FP${NC}"
|
||||
rm -f "$TMPFILE"
|
||||
echo -e "${RED}SECURITY WARNING: Certificate does not match expected fingerprint.${NC}"
|
||||
exit 1
|
||||
fi
|
||||
echo -e "${GREEN} OK Fingerprint verified${NC}"
|
||||
|
||||
# Step 3: Detect OS and install
|
||||
echo -e "${CYAN}[3/4] Installing certificate...${NC}"
|
||||
|
||||
install_debian() {
|
||||
sudo cp "$TMPFILE" /usr/local/share/ca-certificates/dashcaddy-root-ca.crt
|
||||
sudo update-ca-certificates
|
||||
}
|
||||
|
||||
install_redhat() {
|
||||
sudo cp "$TMPFILE" /etc/pki/ca-trust/source/anchors/dashcaddy-root-ca.crt
|
||||
sudo update-ca-trust extract
|
||||
}
|
||||
|
||||
install_arch() {
|
||||
sudo cp "$TMPFILE" /etc/ca-certificates/trust-source/anchors/dashcaddy-root-ca.crt
|
||||
sudo trust extract-compat
|
||||
}
|
||||
|
||||
install_macos() {
|
||||
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain "$TMPFILE"
|
||||
}
|
||||
|
||||
if [ "$(uname)" = "Darwin" ]; then
|
||||
install_macos
|
||||
elif [ -f /etc/debian_version ]; then
|
||||
install_debian
|
||||
elif [ -f /etc/redhat-release ]; then
|
||||
install_redhat
|
||||
elif [ -f /etc/arch-release ]; then
|
||||
install_arch
|
||||
elif command -v update-ca-certificates &>/dev/null; then
|
||||
install_debian
|
||||
elif command -v update-ca-trust &>/dev/null; then
|
||||
install_redhat
|
||||
else
|
||||
echo -e "${RED} FAIL Could not detect package manager. Install manually:${NC}"
|
||||
echo " Copy $TMPFILE to your system's CA trust store"
|
||||
exit 1
|
||||
fi
|
||||
echo -e "${GREEN} OK Certificate installed${NC}"
|
||||
|
||||
# Step 4: Cleanup
|
||||
rm -f "$TMPFILE"
|
||||
|
||||
echo ""
|
||||
echo -e "${GREEN}========================================"
|
||||
echo " SUCCESS!"
|
||||
echo -e "========================================${NC}"
|
||||
echo ""
|
||||
echo -e "${GREEN}Your system now trusts the DashCaddy Root CA.${NC}"
|
||||
echo -e "${YELLOW}Restart your browser for changes to take effect.${NC}"
|
||||
echo ""
|
||||
Reference in New Issue
Block a user