From 2ce64ac21369bfec7d865da1dd9a8fb743b518c5 Mon Sep 17 00:00:00 2001 From: Andras Bacsai Date: Fri, 18 Feb 2022 13:59:23 +0100 Subject: [PATCH] fix: hook.ts - relogin needed updated packages fix: Lots of typescript thingy fix: ssl request flow fix: proxy cleanup flow --- package.json | 18 +-- pnpm-lock.yaml | 138 +++++++++--------- src/{global.d.ts => app.d.ts} | 104 +++++-------- src/hooks.ts | 35 +++-- src/lib/common.ts | 4 +- src/lib/components/Setting.svelte | 3 +- src/lib/database/applications.ts | 2 +- src/lib/database/common.ts | 23 +-- src/lib/database/users.ts | 15 +- src/lib/haproxy/index.ts | 37 ++--- src/lib/letsencrypt.ts | 20 ++- src/lib/queues/proxy.ts | 4 +- src/routes/__layout.svelte | 10 +- .../configuration/_GitlabRepositories.svelte | 1 - src/routes/applications/[id]/index.svelte | 6 +- src/routes/applications/[id]/stop.json.ts | 3 +- src/routes/applications/index.svelte | 2 +- .../{index.json.ts => dashboard.json.ts} | 0 src/routes/destinations/[id]/restart.json.ts | 2 +- src/routes/index.svelte | 2 +- src/routes/login/index.svelte | 4 +- .../services/[id]/_Services/_Services.svelte | 4 +- src/routes/services/[id]/minio/stop.json.ts | 2 +- src/routes/services/[id]/nocodb/stop.json.ts | 2 +- .../[id]/plausibleanalytics/stop.json.ts | 2 +- .../services/[id]/vaultwarden/stop.json.ts | 2 +- .../services/[id]/vscodeserver/stop.json.ts | 2 +- .../services/[id]/wordpress/stop.json.ts | 2 +- src/routes/settings/index.json.ts | 2 +- src/routes/settings/index.svelte | 1 + src/routes/teams/[id]/index.svelte | 20 +-- src/routes/webhooks/github/events.ts | 9 +- src/routes/webhooks/gitlab/events.ts | 9 +- 33 files changed, 243 insertions(+), 247 deletions(-) rename src/{global.d.ts => app.d.ts} (50%) rename src/routes/{index.json.ts => dashboard.json.ts} (100%) diff --git a/package.json b/package.json index 50dba74e9..f0a7b34a7 100644 --- a/package.json +++ b/package.json @@ -25,9 +25,9 @@ "prepare": "husky install" }, "devDependencies": { - "@sveltejs/adapter-node": "1.0.0-next.67", - "@sveltejs/adapter-static": "1.0.0-next.27", - "@sveltejs/kit": "1.0.0-next.259", + "@sveltejs/adapter-node": "1.0.0-next.68", + "@sveltejs/adapter-static": "1.0.0-next.28", + "@sveltejs/kit": "1.0.0-next.278", "@types/bcrypt": "5.0.0", "@types/js-cookie": "3.0.1", "@types/node": "17.0.18", @@ -50,7 +50,7 @@ "svelte": "3.46.4", "svelte-check": "2.4.3", "svelte-preprocess": "4.10.3", - "tailwindcss": "3.0.22", + "tailwindcss": "3.0.23", "ts-node": "10.5.0", "tslib": "2.3.1", "typescript": "4.5.5" @@ -59,9 +59,9 @@ "dependencies": { "@iarna/toml": "2.2.5", "@prisma/client": "3.9.2", - "@sentry/node": "6.17.8", + "@sentry/node": "6.17.9", "bcrypt": "5.0.1", - "bullmq": "1.72.0", + "bullmq": "1.73.0", "compare-versions": "4.1.3", "cookie": "0.4.2", "cuid": "2.1.8", @@ -69,15 +69,15 @@ "dockerode": "3.3.1", "dotenv-extended": "2.9.0", "generate-password": "1.7.0", - "get-port": "6.0.0", + "get-port": "6.1.0", "got": "12.0.1", "js-cookie": "3.0.1", "js-yaml": "4.1.0", "jsonwebtoken": "8.5.1", "node-forge": "1.2.1", - "svelte-kit-cookie-session": "2.0.2", + "svelte-kit-cookie-session": "2.1.2", "tailwindcss-scrollbar": "^0.1.0", - "unique-names-generator": "4.6.0" + "unique-names-generator": "4.7.1" }, "prisma": { "seed": "node prisma/seed.cjs" diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index b6e75d0bc..4b0d07310 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -3,10 +3,10 @@ lockfileVersion: 5.3 specifiers: '@iarna/toml': 2.2.5 '@prisma/client': 3.9.2 - '@sentry/node': 6.17.8 - '@sveltejs/adapter-node': 1.0.0-next.67 - '@sveltejs/adapter-static': 1.0.0-next.27 - '@sveltejs/kit': 1.0.0-next.259 + '@sentry/node': 6.17.9 + '@sveltejs/adapter-node': 1.0.0-next.68 + '@sveltejs/adapter-static': 1.0.0-next.28 + '@sveltejs/kit': 1.0.0-next.278 '@types/bcrypt': 5.0.0 '@types/js-cookie': 3.0.1 '@types/node': 17.0.18 @@ -16,7 +16,7 @@ specifiers: '@zerodevx/svelte-toast': 0.6.3 autoprefixer: 10.4.2 bcrypt: 5.0.1 - bullmq: 1.72.0 + bullmq: 1.73.0 compare-versions: 4.1.3 cookie: 0.4.2 cross-var: 1.1.0 @@ -28,7 +28,7 @@ specifiers: eslint-config-prettier: 8.3.0 eslint-plugin-svelte3: 3.2.1 generate-password: 1.7.0 - get-port: 6.0.0 + get-port: 6.1.0 got: 12.0.1 husky: 7.0.4 js-cookie: 3.0.1 @@ -43,21 +43,21 @@ specifiers: prisma: 3.9.2 svelte: 3.46.4 svelte-check: 2.4.3 - svelte-kit-cookie-session: 2.0.2 + svelte-kit-cookie-session: 2.1.2 svelte-preprocess: 4.10.3 - tailwindcss: 3.0.22 + tailwindcss: 3.0.23 tailwindcss-scrollbar: ^0.1.0 ts-node: 10.5.0 tslib: 2.3.1 typescript: 4.5.5 - unique-names-generator: 4.6.0 + unique-names-generator: 4.7.1 dependencies: '@iarna/toml': 2.2.5 '@prisma/client': 3.9.2_prisma@3.9.2 - '@sentry/node': 6.17.8 + '@sentry/node': 6.17.9 bcrypt: 5.0.1 - bullmq: 1.72.0 + bullmq: 1.73.0 compare-versions: 4.1.3 cookie: 0.4.2 cuid: 2.1.8 @@ -65,20 +65,20 @@ dependencies: dockerode: 3.3.1 dotenv-extended: 2.9.0 generate-password: 1.7.0 - get-port: 6.0.0 + get-port: 6.1.0 got: 12.0.1 js-cookie: 3.0.1 js-yaml: 4.1.0 jsonwebtoken: 8.5.1 node-forge: 1.2.1 - svelte-kit-cookie-session: 2.0.2 - tailwindcss-scrollbar: 0.1.0_tailwindcss@3.0.22 - unique-names-generator: 4.6.0 + svelte-kit-cookie-session: 2.1.2 + tailwindcss-scrollbar: 0.1.0_tailwindcss@3.0.23 + unique-names-generator: 4.7.1 devDependencies: - '@sveltejs/adapter-node': 1.0.0-next.67 - '@sveltejs/adapter-static': 1.0.0-next.27 - '@sveltejs/kit': 1.0.0-next.259_svelte@3.46.4 + '@sveltejs/adapter-node': 1.0.0-next.68 + '@sveltejs/adapter-static': 1.0.0-next.28 + '@sveltejs/kit': 1.0.0-next.278_svelte@3.46.4 '@types/bcrypt': 5.0.0 '@types/js-cookie': 3.0.1 '@types/node': 17.0.18 @@ -101,7 +101,7 @@ devDependencies: svelte: 3.46.4 svelte-check: 2.4.3_postcss@8.4.6+svelte@3.46.4 svelte-preprocess: 4.10.3_88b359da5cac6d8f6ee1bbb7080a3fa9 - tailwindcss: 3.0.22_c940fbabf228b85b1c73d314b43e31f1 + tailwindcss: 3.0.23_c940fbabf228b85b1c73d314b43e31f1 ts-node: 10.5.0_f3bd4037939c2ed2942ba074291f8ef2 tslib: 2.3.1 typescript: 4.5.5 @@ -295,56 +295,56 @@ packages: picomatch: 2.3.0 dev: true - /@sentry/core/6.17.8: + /@sentry/core/6.17.9: resolution: { - integrity: sha512-4WTjgQom75Rvgn6XYy6e7vMIbWlj8utau1wWvr7kjqFKuuuuycRvPgVzAdVr4B3WDHHCInAZpUchsOLs2qwIEA== + integrity: sha512-14KalmTholGUtgdh9TklO+jUpyQ/D3OGkhlH1rnGQGoJgFy2eYm+s+MnUEMxFdGIUCz5kOteuNqYZxaDmFagpQ== } engines: { node: '>=6' } dependencies: - '@sentry/hub': 6.17.8 - '@sentry/minimal': 6.17.8 - '@sentry/types': 6.17.8 - '@sentry/utils': 6.17.8 + '@sentry/hub': 6.17.9 + '@sentry/minimal': 6.17.9 + '@sentry/types': 6.17.9 + '@sentry/utils': 6.17.9 tslib: 1.14.1 dev: false - /@sentry/hub/6.17.8: + /@sentry/hub/6.17.9: resolution: { - integrity: sha512-GW0XYpkoQu/kSJaTLfsF4extHDOBPNRnT0qKr/YO20Z5wGxYp8LsdnAuU3njcFHcAV2F/QDTj2BPq1U385/4+A== + integrity: sha512-34EdrweWDbBV9EzEFIXcO+JeoyQmKzQVJxpTKZoJA6PUwf2NrndaUdjlkDEtBEzjuLUTxhLxtOzEsYs1O6RVcg== } engines: { node: '>=6' } dependencies: - '@sentry/types': 6.17.8 - '@sentry/utils': 6.17.8 + '@sentry/types': 6.17.9 + '@sentry/utils': 6.17.9 tslib: 1.14.1 dev: false - /@sentry/minimal/6.17.8: + /@sentry/minimal/6.17.9: resolution: { - integrity: sha512-VJXFZBO/O8SViK0fdzodxpNr+pbpgczNgLpz/MNuSooV6EBesgCMVjXtxDUp1Ie1odc0GUprN/ZMLYBmYdIrKQ== + integrity: sha512-T3PMCHcKk6lkZq6zKgANrYJJxXBXKOe+ousV1Fas1rVBMv7dtKfsa4itqQHszcW9shusPDiaQKIJ4zRLE5LKmg== } engines: { node: '>=6' } dependencies: - '@sentry/hub': 6.17.8 - '@sentry/types': 6.17.8 + '@sentry/hub': 6.17.9 + '@sentry/types': 6.17.9 tslib: 1.14.1 dev: false - /@sentry/node/6.17.8: + /@sentry/node/6.17.9: resolution: { - integrity: sha512-b3zg1XjKtxp7o821ENORO1CCzMM4QzKP01rzztMwyMcj28dmUq36QXoQAnwdKn7jEYkJdLnMeniIBR6U6NUJrQ== + integrity: sha512-jbn+q7qPGOh6D7nYoYGaAlmuvMDpQmyMwBtUVYybuZp2AALe43O3Z4LtoJ+1+F31XowpsIPZx1mwNs4ZrILskA== } engines: { node: '>=6' } dependencies: - '@sentry/core': 6.17.8 - '@sentry/hub': 6.17.8 - '@sentry/tracing': 6.17.8 - '@sentry/types': 6.17.8 - '@sentry/utils': 6.17.8 + '@sentry/core': 6.17.9 + '@sentry/hub': 6.17.9 + '@sentry/tracing': 6.17.9 + '@sentry/types': 6.17.9 + '@sentry/utils': 6.17.9 cookie: 0.4.2 https-proxy-agent: 5.0.0 lru_map: 0.3.3 @@ -353,36 +353,36 @@ packages: - supports-color dev: false - /@sentry/tracing/6.17.8: + /@sentry/tracing/6.17.9: resolution: { - integrity: sha512-WJ3W8O6iPI3w7MrzTnYcw3s5PGBNFqT4b9oBCl5Ndjexs8DsGlQOxjrsipo36z6TpnRHpAE4FEbOETb2R8JRJQ== + integrity: sha512-5Rb/OS4ryNJLvz2nv6wyjwhifjy6veqaF9ffLrwFYij/WDy7m62ASBblxgeiI3fbPLX0aBRFWIJAq1vko26+AQ== } engines: { node: '>=6' } dependencies: - '@sentry/hub': 6.17.8 - '@sentry/minimal': 6.17.8 - '@sentry/types': 6.17.8 - '@sentry/utils': 6.17.8 + '@sentry/hub': 6.17.9 + '@sentry/minimal': 6.17.9 + '@sentry/types': 6.17.9 + '@sentry/utils': 6.17.9 tslib: 1.14.1 dev: false - /@sentry/types/6.17.8: + /@sentry/types/6.17.9: resolution: { - integrity: sha512-0i0f+dpvV62Pm5QMVBHNfEsTGIXoXRGQbeN2LGL4XbhzrzUmIrBPzrnZHv9c/JYtSJnI6A0B9OG7Bdlh3aku+Q== + integrity: sha512-xuulX6qUCL14ayEOh/h6FUIvZtsi1Bx34dSOaWDrjXUOJHJAM7214uiqW1GZxPJ13YuaUIubjTSfDmSQ9CBzTw== } engines: { node: '>=6' } dev: false - /@sentry/utils/6.17.8: + /@sentry/utils/6.17.9: resolution: { - integrity: sha512-cAOM53A5FHv95hpDuXKJU8rI4B1XdZ6qe3Yo+/nDS9QDpOgzvyjcItgXPvKW1wUjdHCcnwu7VBfBxB7teYOW9g== + integrity: sha512-4eo9Z3JlJCGlGrQRbtZWL+L9NnlUXgTbfK3Lk7oO8D1ev8R5b5+iE6tZHTvU5rQRcq6zu+POT+tK5u9oxc/rnQ== } engines: { node: '>=6' } dependencies: - '@sentry/types': 6.17.8 + '@sentry/types': 6.17.9 tslib: 1.14.1 dev: false @@ -394,28 +394,28 @@ packages: engines: { node: '>=10' } dev: false - /@sveltejs/adapter-node/1.0.0-next.67: + /@sveltejs/adapter-node/1.0.0-next.68: resolution: { - integrity: sha512-+LuLn91xARZsRANiQNIIDpMMncUTnP2pJc8tyL+FdpVvs5UtlvkYJpeCBPFqjjseRpIIbi8Slu89GCdrRXBDUg== + integrity: sha512-MiEjtl15Aupm6bjirVlq0kkc9AL8qDXz/blsh4jYMsaiidmcEHeDgfZQFM5YiXy95DbxV30MAkhwCQiYK/J8Kw== } dependencies: tiny-glob: 0.2.9 dev: true - /@sveltejs/adapter-static/1.0.0-next.27: + /@sveltejs/adapter-static/1.0.0-next.28: resolution: { - integrity: sha512-dcN1p1D7ZY/a9SClfN14mgm9pyWbLxdwM9gzPMZG6xXOoqMtwI03aZOFgGGumHPdv+XcGRZM96vUSRoDm6vBJQ== + integrity: sha512-c4xLyeSwnbGQxe4f1SLpHTbxZDm3TEr43scR3tOlVgQN+mnAL9aDdl3nTtdzWmrUDmDEmY4GriAwLyFLZuINLw== } dependencies: tiny-glob: 0.2.9 dev: true - /@sveltejs/kit/1.0.0-next.259_svelte@3.46.4: + /@sveltejs/kit/1.0.0-next.278_svelte@3.46.4: resolution: { - integrity: sha512-+Tss6cQXmpi4Jno/ZP0zJ3INBLMED+WeW4UI81tmexheC76Y2p+cbInneKO/REx/8QFo1iroYrWAUkZPsOg8Ew== + integrity: sha512-WT93Wnu05X9WG9BMMk/dj0gy6R7iXm9aXRDVgmIl9z8jT2ukejgmkhi5IwBYrK0OMIUALRVfukn+iy+srPc91Q== } engines: { node: '>=14.13' } hasBin: true @@ -1748,10 +1748,10 @@ packages: ieee754: 1.2.1 dev: false - /bullmq/1.72.0: + /bullmq/1.73.0: resolution: { - integrity: sha512-Q0pk6GphHyYsacpjZZFhjp/+TY+2g2FDsJS3qwIyskQL4j7vZaa1iYX3gKDEBn4C5eZMP1EOl9GWkm2bhdB0Wg== + integrity: sha512-+BF7yeGagYD/iMkM3FA8Wvb3j3MyKE/OdXv404+nQjUsKXfL7PbqX5NSA9lBtFzOdyFx9ZWyKRnBwuGQsLfM0w== } dependencies: cron-parser: 2.18.0 @@ -3116,10 +3116,10 @@ packages: engines: { node: '>=8' } dev: false - /get-port/6.0.0: + /get-port/6.1.0: resolution: { - integrity: sha512-qSVkVF6Eq1GdL/cBNiFuP4nUHMF7OEMTqEjC6alR2N90u8BFOoO0PFhNTX2QtAUoGrz8NnrSWj85TZ8YXZ6LOA== + integrity: sha512-JKnPFW/G2ZRirH/25sLK1aLBQktJfQLixzMMuMBP8A2G/ivSaIwdTnlJeO7PWeyhyIGVorezNf6+CXZU9i0cIQ== } engines: { node: ^12.20.0 || ^14.13.1 || >=16.0.0 } dev: false @@ -5205,10 +5205,10 @@ packages: svelte: 3.46.4 dev: true - /svelte-kit-cookie-session/2.0.2: + /svelte-kit-cookie-session/2.1.2: resolution: { - integrity: sha512-+JfunYbraIOkecOJlC1iYqH9g6YOY8MXyUdE3hTZquR1JrODmOZZ+pVPmZuVIFpM5sStJf/jF1NT5306TWE9Gw== + integrity: sha512-PfxIWDhiyYWu7iKlL0GHpmwDrdFh+rX/WmBzOuvctF25UqngIo9MCiegWBSBLE1RBwNs5UqaIeI8+vligmY07g== } dev: false @@ -5290,7 +5290,7 @@ packages: strip-ansi: 6.0.1 dev: true - /tailwindcss-scrollbar/0.1.0_tailwindcss@3.0.22: + /tailwindcss-scrollbar/0.1.0_tailwindcss@3.0.23: resolution: { integrity: sha512-egipxw4ooQDh94x02XQpPck0P0sfwazwoUGfA9SedPATIuYDR+6qe8d31Gl7YsSMRiOKDkkqfI0kBvEw9lT/Hg== @@ -5298,13 +5298,13 @@ packages: peerDependencies: tailwindcss: '>= 2.x.x' dependencies: - tailwindcss: 3.0.22_c940fbabf228b85b1c73d314b43e31f1 + tailwindcss: 3.0.23_c940fbabf228b85b1c73d314b43e31f1 dev: false - /tailwindcss/3.0.22_c940fbabf228b85b1c73d314b43e31f1: + /tailwindcss/3.0.23_c940fbabf228b85b1c73d314b43e31f1: resolution: { - integrity: sha512-F8lt74RlNZirnkaSk310+vGQta7c0/hgx7/bqxruM4wS9lp8oqV93lzavajC3VT0Lp4UUtUVIt8ifKcmGzkr0A== + integrity: sha512-+OZOV9ubyQ6oI2BXEhzw4HrqvgcARY38xv3zKcjnWtMIZstEsXdI9xftd1iB7+RbOnj2HOEzkA0OyB5BaSxPQA== } engines: { node: '>=12.13.0' } hasBin: true @@ -5528,10 +5528,10 @@ packages: function.name: 1.0.13 dev: false - /unique-names-generator/4.6.0: + /unique-names-generator/4.7.1: resolution: { - integrity: sha512-m0fke1emBeT96UYn2psPQYwljooDWRTKt9oUZ5vlt88ZFMBGxqwPyLHXwCfkbgdm8jzioCp7oIpo6KdM+fnUlQ== + integrity: sha512-lMx9dX+KRmG8sq6gulYYpKWZc9RlGsgBR6aoO8Qsm3qvkSJ+3rAymr+TnV8EDMrIrwuFJ4kruzMWM/OpYzPoow== } engines: { node: '>=8' } dev: false diff --git a/src/global.d.ts b/src/app.d.ts similarity index 50% rename from src/global.d.ts rename to src/app.d.ts index 4a2702fbc..6bc235288 100644 --- a/src/global.d.ts +++ b/src/app.d.ts @@ -1,74 +1,25 @@ /// -interface Cookies { - teamId?: string; - gitlabToken?: string; - 'kit.session'?: string; -} -interface Locals { - gitlabToken?: string; - user: { - teamId: string; - permission: string; - isAdmin: boolean; - }; - session: { - data: { - uid?: string; - teams?: string[]; - expires?: string; - }; - }; + +declare namespace App { + interface Locals { + session: import('svelte-kit-cookie-session').Session; + cookies: Record; + } + interface Platform {} + interface Session extends SessionData {} + interface Stuff {} } -type Applications = { - name: string; - domain: string; -}; - -interface Hash { - iv: string; - content: string; +interface SessionData { + version?: string; + userId?: string | null; + teamId?: string | null; + permission?: string; + isAdmin?: boolean; + expires?: string | null; + gitlabToken?: string | null; } -interface BuildPack { - name: string; -} - -// TODO: Not used, not working what?! -enum GitSource { - Github = 'github', - Gitlab = 'gitlab', - Bitbucket = 'bitbucket' -} - -type RawHaproxyConfiguration = { - _version: number; - data: string; -}; - -type NewTransaction = { - _version: number; - id: string; - status: string; -}; - -type HttpRequestRuleForceSSL = { - return_hdrs: null; - cond: string; - cond_test: string; - index: number; - redir_code: number; - redir_type: string; - redir_value: string; - type: string; -}; - -// TODO: No any please -type HttpRequestRule = { - _version: number; - data: Array; -}; - type DateTimeFormatOptions = { localeMatcher?: 'lookup' | 'best fit'; weekday?: 'long' | 'short' | 'narrow'; @@ -84,3 +35,24 @@ type DateTimeFormatOptions = { hour12?: boolean; timeZone?: string; }; + +interface Hash { + iv: string; + content: string; +} + +type RawHaproxyConfiguration = { + _version: number; + data: string; +}; + +type NewTransaction = { + _version: number; + id: string; + status: string; +}; + +type Application = { + name: string; + domain: string; +}; diff --git a/src/hooks.ts b/src/hooks.ts index 7a9208585..5c19350e9 100644 --- a/src/hooks.ts +++ b/src/hooks.ts @@ -2,7 +2,7 @@ import dotEnvExtended from 'dotenv-extended'; dotEnvExtended.load(); import type { GetSession } from '@sveltejs/kit'; import { handleSession } from 'svelte-kit-cookie-session'; -import { getUserDetails, isTeamIdTokenAvailable, sentry } from '$lib/common'; +import { getUserDetails, sentry } from '$lib/common'; import { version } from '$lib/common'; import cookie from 'cookie'; import { dev } from '$app/env'; @@ -16,22 +16,29 @@ export const handle = handleSession( async function ({ event, resolve }) { let response; try { - const cookies: Cookies = cookie.parse(event.request.headers.get('cookie') || ''); - if (cookies['kit.session']) { - const { permission, teamId } = await getUserDetails(event, false); - event.locals.user = { + let gitlabToken = event.locals.cookies.gitlabToken; + + if (event.locals.cookies['kit.session']) { + const { permission, teamId, userId } = await getUserDetails(event, false); + const newSession = { + userId, teamId, permission, - isAdmin: permission === 'admin' || permission === 'owner' + isAdmin: permission === 'admin' || permission === 'owner', + expires: event.locals.session.data.expires, + gitlabToken: gitlabToken }; + + if (JSON.stringify(event.locals.session.data) !== JSON.stringify(newSession)) { + event.locals.session.data = { ...newSession }; + } } - if (cookies.gitlabToken) { - event.locals.gitlabToken = cookies.gitlabToken; - } + response = await resolve(event, { ssr: !event.url.pathname.startsWith('/webhooks/success') }); } catch (error) { + console.log(error); response = await resolve(event, { ssr: !event.url.pathname.startsWith('/webhooks/success') }); @@ -62,17 +69,13 @@ export const handle = handleSession( } ); -export const getSession: GetSession = function (request) { +export const getSession: GetSession = function ({ locals }) { return { version, - gitlabToken: request.locals?.gitlabToken || null, - uid: request.locals.session.data?.uid || null, - teamId: request.locals.user?.teamId || null, - permission: request.locals.user?.permission, - isAdmin: request.locals.user?.isAdmin || false + ...locals.session.data }; }; export async function handleError({ error, event }) { - if (!dev) sentry.captureException(error, { event }); + if (!dev) sentry.captureException(error, event); } diff --git a/src/lib/common.ts b/src/lib/common.ts index 3740ba231..3ec0c923c 100644 --- a/src/lib/common.ts +++ b/src/lib/common.ts @@ -67,7 +67,7 @@ export const isTeamIdTokenAvailable = (request) => { }; export const getTeam = (event) => { - const cookies: Cookies = Cookie.parse(event.request.headers.get('cookie')); + const cookies = Cookie.parse(event.request.headers.get('cookie')); if (cookies.teamId) { return cookies.teamId; } else if (event.locals.session.data.teamId) { @@ -78,7 +78,7 @@ export const getTeam = (event) => { export const getUserDetails = async (event, isAdminRequired = true) => { const teamId = getTeam(event); - const userId = event.locals.session.data.uid || null; + const userId = event.locals.session.data.userId || null; const { permission = 'read' } = await db.prisma.permission.findFirst({ where: { teamId, userId }, select: { permission: true }, diff --git a/src/lib/components/Setting.svelte b/src/lib/components/Setting.svelte index c431273e6..680203c95 100644 --- a/src/lib/components/Setting.svelte +++ b/src/lib/components/Setting.svelte @@ -6,6 +6,7 @@ export let description; export let isCenter = true; export let disabled = false; + export let dataTooltip = null;
@@ -14,7 +15,7 @@
-
+
{ diff --git a/src/lib/database/users.ts b/src/lib/database/users.ts index 5c99143a9..e8d3f8ba6 100644 --- a/src/lib/database/users.ts +++ b/src/lib/database/users.ts @@ -12,13 +12,16 @@ export async function login({ email, password }) { const users = await prisma.user.count(); const userFound = await prisma.user.findUnique({ where: { email }, - include: { teams: true }, + include: { teams: true, permission: true }, rejectOnNotFound: false }); + console.log(userFound); // Registration disabled if database is not seeded properly const { isRegistrationEnabled, id } = await db.listSettings(); let uid = cuid(); + let permission = 'read'; + let isAdmin = false; // Disable registration if we are registering the first user. if (users === 0) { await prisma.setting.update({ where: { id }, data: { isRegistrationEnabled: false } }); @@ -50,6 +53,8 @@ export async function login({ email, password }) { }; } uid = userFound.id; + // permission = userFound.permission; + isAdmin = true; } } else { // If registration disabled, return 403 @@ -61,6 +66,8 @@ export async function login({ email, password }) { const hashedPassword = await bcrypt.hash(password, saltRounds); if (users === 0) { + permission = 'owner'; + isAdmin = true; await prisma.user.create({ data: { id: uid, @@ -103,8 +110,10 @@ export async function login({ email, password }) { 'Set-Cookie': `teamId=${uid}; HttpOnly; Path=/; Max-Age=15778800;` }, body: { - uid, - teamId: uid + userId: uid, + teamId: uid, + permission, + isAdmin } }; } diff --git a/src/lib/haproxy/index.ts b/src/lib/haproxy/index.ts index cda1cd1c1..4e14be487 100644 --- a/src/lib/haproxy/index.ts +++ b/src/lib/haproxy/index.ts @@ -48,7 +48,8 @@ export async function completeTransaction(transactionId) { return await haproxy.put(`v2/services/haproxy/transactions/${transactionId}`); } -export async function removeProxyConfiguration({ domain }) { +export async function removeProxyConfiguration(fqdn) { + const domain = getDomain(fqdn); const haproxy = await haproxyInstance(); const backendFound = await haproxy .get(`v2/services/haproxy/configuration/backends/${domain}`) @@ -64,10 +65,10 @@ export async function removeProxyConfiguration({ domain }) { .json(); await completeTransaction(transactionId); } - await forceSSLOffApplication({ domain }); - await removeWwwRedirection(domain); + await forceSSLOffApplication(domain); + await removeWwwRedirection(fqdn); } -export async function forceSSLOffApplication({ domain }) { +export async function forceSSLOffApplication(domain) { const haproxy = await haproxyInstance(); await checkHAProxy(haproxy); let transactionId; @@ -104,7 +105,7 @@ export async function forceSSLOffApplication({ domain }) { if (transactionId) await completeTransaction(transactionId); } } -export async function forceSSLOnApplication({ domain }) { +export async function forceSSLOnApplication(domain) { const haproxy = await haproxyInstance(); await checkHAProxy(haproxy); let transactionId; @@ -283,7 +284,7 @@ export async function configureCoolifyProxyOff(fqdn) { }) .json(); await completeTransaction(transactionId); - if (isHttps) await forceSSLOffApplication({ domain }); + if (isHttps) await forceSSLOffApplication(domain); await removeWwwRedirection(fqdn); } catch (error) { throw error?.response?.body || error; @@ -558,7 +559,8 @@ export async function configureSimpleServiceProxyOn({ id, domain, port }) { await completeTransaction(transactionId); } -export async function configureSimpleServiceProxyOff({ domain }) { +export async function configureSimpleServiceProxyOff(fqdn) { + const domain = getDomain(fqdn); const haproxy = await haproxyInstance(); await checkHAProxy(haproxy); try { @@ -573,12 +575,16 @@ export async function configureSimpleServiceProxyOff({ domain }) { .json(); await completeTransaction(transactionId); } catch (error) {} - await forceSSLOffApplication({ domain }); - await removeWwwRedirection(domain); + await forceSSLOffApplication(domain); + await removeWwwRedirection(fqdn); return; } -export async function removeWwwRedirection(domain) { +export async function removeWwwRedirection(fqdn) { + const domain = getDomain(fqdn); + const isHttps = fqdn.startsWith('https://'); + const redirectValue = `${isHttps ? 'https://' : 'http://'}${domain}%[capture.req.uri]`; + const haproxy = await haproxyInstance(); await checkHAProxy(); const rules: any = await haproxy @@ -590,9 +596,7 @@ export async function removeWwwRedirection(domain) { }) .json(); if (rules.data.length > 0) { - const rule = rules.data.find((rule) => - rule.redir_value.includes(`${domain}%[capture.req.uri]`) - ); + const rule = rules.data.find((rule) => rule.redir_value.includes(redirectValue)); if (rule) { const transactionId = await getNextTransactionId(); await haproxy @@ -617,6 +621,7 @@ export async function setWwwRedirection(fqdn) { const domain = getDomain(fqdn); const isHttps = fqdn.startsWith('https://'); const isWWW = fqdn.includes('www.'); + const redirectValue = `${isHttps ? 'https://' : 'http://'}${domain}%[capture.req.uri]`; const contTest = `{ req.hdr(host) -i ${isWWW ? domain.replace('www.', '') : `www.${domain}`} }`; const rules: any = await haproxy .get(`v2/services/haproxy/configuration/http_request_rules`, { @@ -628,13 +633,11 @@ export async function setWwwRedirection(fqdn) { .json(); let nextRule = 0; if (rules.data.length > 0) { - const rule = rules.data.find((rule) => - rule.redir_value.includes(`${domain}%[capture.req.uri]`) - ); + const rule = rules.data.find((rule) => rule.redir_value.includes(redirectValue)); if (rule) return; nextRule = rules.data[rules.data.length - 1].index + 1; } - const redirectValue = `${isHttps ? 'https://' : 'http://'}${domain}%[capture.req.uri]`; + transactionId = await getNextTransactionId(); await haproxy .post(`v2/services/haproxy/configuration/http_request_rules`, { diff --git a/src/lib/letsencrypt.ts b/src/lib/letsencrypt.ts index 751b61c3e..b1b2cdee0 100644 --- a/src/lib/letsencrypt.ts +++ b/src/lib/letsencrypt.ts @@ -46,35 +46,33 @@ export async function letsEncrypt({ domain, isCoolify = false, id = null }) { } } } - await forceSSLOffApplication({ domain }); + await forceSSLOffApplication(domain); if (dualCerts) { - const error = await asyncExecShell( + await asyncExecShell( `DOCKER_HOST=${host} docker run --rm --name certbot-${randomCuid} -p ${randomPort}:${randomPort} -v "coolify-letsencrypt:/etc/letsencrypt" certbot/certbot --logs-dir /etc/letsencrypt/logs certonly --standalone --preferred-challenges http --http-01-address 0.0.0.0 --http-01-port ${randomPort} -d ${nakedDomain} -d ${wwwDomain} --expand --agree-tos --non-interactive --register-unsafely-without-email ${ dev ? '--test-cert' : '' }` ); - if (error.stderr) throw error; - const sslCopyError = await asyncExecShell( + await asyncExecShell( `DOCKER_HOST=${host} docker run --rm -v "coolify-letsencrypt:/etc/letsencrypt" -v "coolify-ssl-certs:/app/ssl" alpine:latest sh -c "test -d /etc/letsencrypt/live/${nakedDomain}/ && cat /etc/letsencrypt/live/${nakedDomain}/fullchain.pem /etc/letsencrypt/live/${nakedDomain}/privkey.pem > /app/ssl/${nakedDomain}.pem || cat /etc/letsencrypt/live/${wwwDomain}/fullchain.pem /etc/letsencrypt/live/${wwwDomain}/privkey.pem > /app/ssl/${wwwDomain}.pem"` ); - if (sslCopyError.stderr) throw sslCopyError; } else { - const sslGenerateError = await asyncExecShell( + await asyncExecShell( `DOCKER_HOST=${host} docker run --rm --name certbot-${randomCuid} -p ${randomPort}:${randomPort} -v "coolify-letsencrypt:/etc/letsencrypt" certbot/certbot --logs-dir /etc/letsencrypt/logs certonly --standalone --preferred-challenges http --http-01-address 0.0.0.0 --http-01-port ${randomPort} -d ${domain} --expand --agree-tos --non-interactive --register-unsafely-without-email ${ dev ? '--test-cert' : '' }` ); - if (sslGenerateError.stderr) throw sslGenerateError; - const sslCopyError = await asyncExecShell( + await asyncExecShell( `DOCKER_HOST=${host} docker run --rm -v "coolify-letsencrypt:/etc/letsencrypt" -v "coolify-ssl-certs:/app/ssl" alpine:latest sh -c "cat /etc/letsencrypt/live/${domain}/fullchain.pem /etc/letsencrypt/live/${domain}/privkey.pem > /app/ssl/${domain}.pem"` ); - if (sslCopyError.stderr) throw sslCopyError; } } catch (error) { - throw error; + if (error.code !== 0) { + throw error; + } } finally { if (!isCoolify) { - await forceSSLOnApplication({ domain }); + await forceSSLOnApplication(domain); } } } diff --git a/src/lib/queues/proxy.ts b/src/lib/queues/proxy.ts index 92d14f738..36ac37ff9 100644 --- a/src/lib/queues/proxy.ts +++ b/src/lib/queues/proxy.ts @@ -48,7 +48,7 @@ export default async function () { port }); const isHttps = fqdn.startsWith('https://'); - if (isHttps) await forceSSLOnApplication({ domain }); + if (isHttps) await forceSSLOnApplication(domain); await setWwwRedirection(fqdn); } } @@ -98,7 +98,7 @@ export default async function () { await configureCoolifyProxyOn(fqdn); await setWwwRedirection(fqdn); const isHttps = fqdn.startsWith('https://'); - if (isHttps) await forceSSLOnApplication({ domain }); + if (isHttps) await forceSSLOnApplication(domain); } } catch (error) { console.log(error); diff --git a/src/routes/__layout.svelte b/src/routes/__layout.svelte index 027a11e3d..75265e1b0 100644 --- a/src/routes/__layout.svelte +++ b/src/routes/__layout.svelte @@ -3,13 +3,13 @@ import { publicPaths } from '$lib/settings'; export const load: Load = async ({ fetch, url, params, session }) => { - if (!session.uid && !publicPaths.includes(url.pathname)) { + if (!session.userId && !publicPaths.includes(url.pathname)) { return { status: 302, redirect: '/login' }; } - if (!session.uid) { + if (!session.userId) { return {}; } const endpoint = `/teams.json`; @@ -49,7 +49,7 @@ }; let latestVersion = 'latest'; onMount(async () => { - if ($session.uid) { + if ($session.userId) { const overrideVersion = browser && window.localStorage.getItem('latestVersion'); try { await get(`/login.json`); @@ -84,7 +84,7 @@ } async function switchTeam() { try { - await post(`/index.json?from=${$page.url.pathname}`, { + await post(`/dashboard.json?from=${$page.url.pathname}`, { cookie: 'teamId', value: selectedTeamId }); @@ -129,7 +129,7 @@ Coolify -{#if $session.uid} +{#if $session.userId}