sami7777/dashcaddy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d76644d948390277c988fce2bd8aaa0a002bcbf0
dashcaddy/dashcaddy-api/routes/sites.js

262 lines
11 KiB
JavaScript
Raw Blame History

const express = require('express');
const fs = require('fs');
const { CADDY, REGEX, LIMITS } = require('../constants');
module.exports = function(ctx) {
const router = express.Router();
// Get Caddyfile contents
router.get('/caddyfile', ctx.asyncHandler(async (req, res) => {
const content = await ctx.caddy.read();
res.json({ success: true, content });
}, 'caddyfile-get'));
// Get current Caddy config (from admin API)
router.get('/caddy/config', ctx.asyncHandler(async (req, res) => {
const response = await ctx.fetchT(`${ctx.caddy.adminUrl}/config/`);
const config = await response.json();
res.json({ success: true, config });
}, 'caddy-config'));
// Reload Caddy configuration via admin API
router.post('/caddy/reload', ctx.asyncHandler(async (req, res) => {
const caddyfileContent = await ctx.caddy.read();
const response = await ctx.fetchT(`${ctx.caddy.adminUrl}/load`, {
method: 'POST',
headers: { 'Content-Type': CADDY.CONTENT_TYPE },
body: caddyfileContent
});
if (!response.ok) {
const errorText = await response.text();
ctx.log.error('caddy', 'Caddy reload failed', { error: errorText });
return ctx.errorResponse(res, 500, '[DC-303] Caddy reload failed. Check server logs for details.');
}
res.json({ success: true, message: 'Caddy configuration reloaded successfully' });
}, 'caddy-reload'));
// Get Certificate Authorities from Caddyfile
router.get('/caddy/cas', ctx.asyncHandler(async (req, res) => {
const content = await ctx.caddy.read();
const cas = [];
const pkiRegex = /pki\s*\{([^}]*(?:\{[^}]*\}[^}]*)*)\}/gs;
let pkiMatch;
while ((pkiMatch = pkiRegex.exec(content)) !== null) {
const pkiBlock = pkiMatch[1];
let caMatch;
const caBlockRegex = /ca\s+(\S+)\s*\{([^}]*(?:\{[^}]*\}[^}]*)*)\}/gs;
while ((caMatch = caBlockRegex.exec(pkiBlock)) !== null) {
const caName = caMatch[1];
const caBlock = caMatch[2];
const ca = { id: caName, name: caName, root: {}, intermediate: {} };
const nameMatch = /name\s+"([^"]+)"/.exec(caBlock);
if (nameMatch) ca.name = nameMatch[1];
const rootCnMatch = /root_cn\s+"([^"]+)"/.exec(caBlock);
const intCnMatch = /intermediate_cn\s+"([^"]+)"/.exec(caBlock);
if (rootCnMatch) ca.root_cn = rootCnMatch[1];
if (intCnMatch) ca.intermediate_cn = intCnMatch[1];
const rootMatch = /root\s*\{([^}]*)\}/s.exec(caBlock);
if (rootMatch) {
const rootBlock = rootMatch[1];
const certMatch = /cert\s+(\S+)/.exec(rootBlock);
const keyMatch = /key\s+(\S+)/.exec(rootBlock);
if (certMatch) ca.root.cert = certMatch[1];
if (keyMatch) ca.root.key = keyMatch[1];
}
const intMatch = /intermediate\s*\{([^}]*)\}/s.exec(caBlock);
if (intMatch) {
const intBlock = intMatch[1];
const certMatch = /cert\s+(\S+)/.exec(intBlock);
const keyMatch = /key\s+(\S+)/.exec(intBlock);
if (certMatch) ca.intermediate.cert = certMatch[1];
if (keyMatch) ca.intermediate.key = keyMatch[1];
}
cas.push(ca);
}
}
const tlsGlobalRegex = /\{\s*acme_ca\s+(\S+)/g;
let tlsMatch;
while ((tlsMatch = tlsGlobalRegex.exec(content)) !== null) {
cas.push({ name: 'acme', url: tlsMatch[1], type: 'acme' });
}
const siteBlocks = content.match(/[\w.-]+\s*\{[^}]*tls\s+[^}]*\}/gs) || [];
const tlsInternalCAs = new Set();
for (const block of siteBlocks) {
const tlsInternalMatch = /tls\s+internal\s*\{[^}]*ca\s+(\S+)/s.exec(block);
if (tlsInternalMatch) tlsInternalCAs.add(tlsInternalMatch[1]);
if (/tls\s+internal(?:\s|$)/.test(block) && !/tls\s+internal\s*\{/.test(block)) {
tlsInternalCAs.add('local');
}
}
for (const caName of tlsInternalCAs) {
if (!cas.find(c => c.name === caName)) {
cas.push({ name: caName, type: 'internal', note: 'Referenced in tls directive' });
}
}
if (cas.length === 0 && /tls\s+internal/.test(content)) {
cas.push({ name: 'local', type: 'internal', note: 'Default Caddy internal CA' });
}
const caList = cas.map(ca => ({
id: ca.id || ca.name,
name: ca.name,
displayName: ca.name !== (ca.id || ca.name) ? `${ca.name} (${ca.id || ca.name})` : ca.name
}));
res.json({ status: 'success', data: { cas: caList } });
}, 'caddy-get-cas'));
// Remove a site from Caddyfile
router.delete('/site/:domain', ctx.asyncHandler(async (req, res) => {
const { domain } = req.params;
if (!domain) return ctx.errorResponse(res, 400, 'Domain is required');
const result = await ctx.caddy.modify((content) => {
const escapedDomain = domain.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
const siteBlockRegex = new RegExp(
`\\n?${escapedDomain}\\s*\\{[^{}]*(?:\\{[^{}]*(?:\\{[^{}]*\\}[^{}]*)*\\}[^{}]*)*\\}\\s*`, 'g'
);
const modified = content.replace(siteBlockRegex, '\n');
if (modified.length === content.length) return null;
return modified.replace(/\n{3,}/g, '\n\n');
});
if (!result.success) {
if (result.rolledBack) {
return ctx.errorResponse(res, 500, `Removed "${domain}" but Caddy reload failed (rolled back): ${result.error}`);
}
return ctx.errorResponse(res, 404, `Site block for "${domain}" not found in Caddyfile`);
}
res.json({ success: true, message: `Site "${domain}" removed from Caddyfile and Caddy reloaded` });
}, 'site-delete'));
// Add a new site to Caddyfile and reload
router.post('/site', ctx.asyncHandler(async (req, res) => {
const { domain, upstream, config } = req.body;
if (!domain || !upstream) return ctx.errorResponse(res, 400, 'Domain and upstream are required');
if (!REGEX.DOMAIN.test(domain)) return ctx.errorResponse(res, 400, '[DC-301] Invalid domain format');
const upstreamRegex = /^[a-z0-9.-]+:\d{1,5}$/i;
if (!upstreamRegex.test(upstream)) return ctx.errorResponse(res, 400, 'Invalid upstream format. Use host:port');
let content = await ctx.caddy.read();
const escapedDomain = domain.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
const siteBlockRegex = new RegExp(`\\n?${escapedDomain}\\s*\\{`, 'g');
if (siteBlockRegex.test(content)) {
return ctx.errorResponse(res, 409, `[DC-302] Site block for "${domain}" already exists in Caddyfile`);
}
// Always generate structured config — never allow raw Caddy config injection
const newSiteBlock = `\n${domain} {\n reverse_proxy ${upstream}\n tls internal\n}\n`;
const result = await ctx.caddy.modify(c => c + newSiteBlock);
if (!result.success) {
return ctx.errorResponse(res, 500, `[DC-303] Site added to Caddyfile but reload failed: ${result.error}`,
result.rolledBack ? { note: 'Caddyfile was rolled back to previous state' } : {});
}
ctx.ok(res, { message: `Site "${domain}" added to Caddyfile and Caddy reloaded successfully` });
}, 'site-add'));
// Add external service reverse proxy to Caddyfile
router.post('/site/external', ctx.asyncHandler(async (req, res) => {
const { subdomain, externalUrl, preserveHost, followRedirects, sslType, caddyfilePath, reloadCaddy: shouldReload, createDns, serviceName, logo } = req.body;
if (!subdomain || !externalUrl) {
return ctx.errorResponse(res, 400, 'Subdomain and externalUrl are required');
}
if (!REGEX.SUBDOMAIN.test(subdomain)) {
return ctx.errorResponse(res, 400, '[DC-301] Invalid subdomain format');
}
try {
ctx.validateURL(externalUrl);
} catch (validationErr) {
return ctx.errorResponse(res, 400, validationErr.message);
}
const domain = ctx.buildDomain(subdomain);
let dnsWarning = null;
try {
if (createDns) {
try {
await ctx.dns.createRecord(subdomain, ctx.siteConfig.dnsServerIp);
ctx.log.info('dns', 'DNS record created for external proxy', { domain, ip: ctx.siteConfig.dnsServerIp });
} catch (dnsError) {
dnsWarning = `DNS creation failed: ${dnsError.message}. You may need to create the DNS record manually.`;
ctx.log.warn('dns', 'DNS creation failed for external proxy', { domain, error: dnsError.message });
}
}
const sslConfig = sslType === 'letsencrypt' ? '' : 'tls internal';
const hostHeader = preserveHost ? `\n header_up Host {upstream_hostport}` : '';
const urlObj = new URL(externalUrl);
// Validate URL components are safe for Caddyfile syntax
const unsafeCaddyChars = /[{}\n\r]/;
if (unsafeCaddyChars.test(urlObj.host) || unsafeCaddyChars.test(urlObj.pathname)) {
return ctx.errorResponse(res, 400, 'External URL contains characters not safe for Caddy configuration');
}
const baseUrl = `${urlObj.protocol}//${urlObj.host}`;
const urlPath = urlObj.pathname.replace(/\/$/, '');
let proxyConfig = '';
if (urlPath && urlPath !== '') {
proxyConfig = `\n${domain} {\n ${sslConfig}\n\n handle_path ${urlPath}/* {\n reverse_proxy ${baseUrl} {\n transport http {\n tls\n tls_server_name ${urlObj.host}\n }\n }\n }\n\n handle {\n redir ${urlPath}/ permanent\n }\n}\n`;
} else {
proxyConfig = `\n${domain} {\n ${sslConfig}\n\n reverse_proxy ${externalUrl} {${hostHeader}\n transport http {\n tls\n }\n }\n}\n`;
}
const caddyResult = await ctx.caddy.modify(c => {
const escapedDomain = domain.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
if (new RegExp(`\\n?${escapedDomain}\\s*\\{`, 'g').test(c)) return null;
return c + proxyConfig;
});
if (!caddyResult.success && !caddyResult.rolledBack) {
return ctx.errorResponse(res, 409, `[DC-302] Site block for "${domain}" already exists in Caddyfile`);
}
if (!caddyResult.success) {
return ctx.errorResponse(res, 500, `[DC-303] External proxy added but Caddy reload failed (rolled back): ${caddyResult.error}`);
}
if (serviceName && logo) {
try {
await ctx.addServiceToConfig({
id: subdomain, name: serviceName, logo,
isExternal: true, externalUrl,
deployedAt: new Date().toISOString()
});
ctx.log.info('deploy', 'Service added to dashboard', { subdomain });
} catch (serviceError) {
ctx.log.warn('deploy', 'Failed to add service to dashboard', { subdomain, error: serviceError.message });
}
}
const response = {
success: true,
message: `External service proxy for ${domain} -> ${externalUrl} created${shouldReload ? ' and Caddy reloaded' : ''}`
};
if (dnsWarning) response.warning = dnsWarning;
res.json(response);
} catch (error) {
ctx.errorResponse(res, 500, ctx.safeErrorMessage(error));
}
}, 'site-external'));
return router;
};
Reference in New Issue View Git Blame Copy Permalink