proxy-host.js 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462
  1. const _ = require('lodash');
  2. const error = require('../lib/error');
  3. const proxyHostModel = require('../models/proxy_host');
  4. const internalHost = require('./host');
  5. const internalNginx = require('./nginx');
  6. const internalAuditLog = require('./audit-log');
  7. const internalCertificate = require('./certificate');
  8. function omissions () {
  9. return ['is_deleted'];
  10. }
  11. const internalProxyHost = {
  12. /**
  13. * @param {Access} access
  14. * @param {Object} data
  15. * @returns {Promise}
  16. */
  17. create: (access, data) => {
  18. let create_certificate = data.certificate_id === 'new';
  19. if (create_certificate) {
  20. delete data.certificate_id;
  21. }
  22. return access.can('proxy_hosts:create', data)
  23. .then(() => {
  24. // Get a list of the domain names and check each of them against existing records
  25. let domain_name_check_promises = [];
  26. data.domain_names.map(function (domain_name) {
  27. domain_name_check_promises.push(internalHost.isHostnameTaken(domain_name));
  28. });
  29. return Promise.all(domain_name_check_promises)
  30. .then((check_results) => {
  31. check_results.map(function (result) {
  32. if (result.is_taken) {
  33. throw new error.ValidationError(result.hostname + ' is already in use');
  34. }
  35. });
  36. });
  37. })
  38. .then(() => {
  39. // At this point the domains should have been checked
  40. data.owner_user_id = access.token.getUserId(1);
  41. data = internalHost.cleanSslHstsData(data);
  42. return proxyHostModel
  43. .query()
  44. .omit(omissions())
  45. .insertAndFetch(data);
  46. })
  47. .then((row) => {
  48. if (create_certificate) {
  49. return internalCertificate.createQuickCertificate(access, data)
  50. .then((cert) => {
  51. // update host with cert id
  52. return internalProxyHost.update(access, {
  53. id: row.id,
  54. certificate_id: cert.id
  55. });
  56. })
  57. .then(() => {
  58. return row;
  59. });
  60. } else {
  61. return row;
  62. }
  63. })
  64. .then((row) => {
  65. // re-fetch with cert
  66. return internalProxyHost.get(access, {
  67. id: row.id,
  68. expand: ['certificate', 'owner', 'access_list.[clients,items]']
  69. });
  70. })
  71. .then((row) => {
  72. // Configure nginx
  73. return internalNginx.configure(proxyHostModel, 'proxy_host', row)
  74. .then(() => {
  75. return row;
  76. });
  77. })
  78. .then((row) => {
  79. // Audit log
  80. data.meta = _.assign({}, data.meta || {}, row.meta);
  81. // Add to audit log
  82. return internalAuditLog.add(access, {
  83. action: 'created',
  84. object_type: 'proxy-host',
  85. object_id: row.id,
  86. meta: data
  87. })
  88. .then(() => {
  89. return row;
  90. });
  91. });
  92. },
  93. /**
  94. * @param {Access} access
  95. * @param {Object} data
  96. * @param {Number} data.id
  97. * @return {Promise}
  98. */
  99. update: (access, data) => {
  100. let create_certificate = data.certificate_id === 'new';
  101. if (create_certificate) {
  102. delete data.certificate_id;
  103. }
  104. return access.can('proxy_hosts:update', data.id)
  105. .then((/*access_data*/) => {
  106. // Get a list of the domain names and check each of them against existing records
  107. let domain_name_check_promises = [];
  108. if (typeof data.domain_names !== 'undefined') {
  109. data.domain_names.map(function (domain_name) {
  110. domain_name_check_promises.push(internalHost.isHostnameTaken(domain_name, 'proxy', data.id));
  111. });
  112. return Promise.all(domain_name_check_promises)
  113. .then((check_results) => {
  114. check_results.map(function (result) {
  115. if (result.is_taken) {
  116. throw new error.ValidationError(result.hostname + ' is already in use');
  117. }
  118. });
  119. });
  120. }
  121. })
  122. .then(() => {
  123. return internalProxyHost.get(access, {id: data.id});
  124. })
  125. .then((row) => {
  126. if (row.id !== data.id) {
  127. // Sanity check that something crazy hasn't happened
  128. throw new error.InternalValidationError('Proxy Host could not be updated, IDs do not match: ' + row.id + ' !== ' + data.id);
  129. }
  130. if (create_certificate) {
  131. return internalCertificate.createQuickCertificate(access, {
  132. domain_names: data.domain_names || row.domain_names,
  133. meta: _.assign({}, row.meta, data.meta)
  134. })
  135. .then((cert) => {
  136. // update host with cert id
  137. data.certificate_id = cert.id;
  138. })
  139. .then(() => {
  140. return row;
  141. });
  142. } else {
  143. return row;
  144. }
  145. })
  146. .then((row) => {
  147. // Add domain_names to the data in case it isn't there, so that the audit log renders correctly. The order is important here.
  148. data = _.assign({}, {
  149. domain_names: row.domain_names
  150. }, data);
  151. data = internalHost.cleanSslHstsData(data, row);
  152. return proxyHostModel
  153. .query()
  154. .where({id: data.id})
  155. .patch(data)
  156. .then((saved_row) => {
  157. // Add to audit log
  158. return internalAuditLog.add(access, {
  159. action: 'updated',
  160. object_type: 'proxy-host',
  161. object_id: row.id,
  162. meta: data
  163. })
  164. .then(() => {
  165. return _.omit(saved_row, omissions());
  166. });
  167. });
  168. })
  169. .then(() => {
  170. return internalProxyHost.get(access, {
  171. id: data.id,
  172. expand: ['owner', 'certificate', 'access_list.[clients,items]']
  173. })
  174. .then((row) => {
  175. // Configure nginx
  176. return internalNginx.configure(proxyHostModel, 'proxy_host', row)
  177. .then((new_meta) => {
  178. row.meta = new_meta;
  179. row = internalHost.cleanRowCertificateMeta(row);
  180. return _.omit(row, omissions());
  181. });
  182. });
  183. });
  184. },
  185. /**
  186. * @param {Access} access
  187. * @param {Object} data
  188. * @param {Number} data.id
  189. * @param {Array} [data.expand]
  190. * @param {Array} [data.omit]
  191. * @return {Promise}
  192. */
  193. get: (access, data) => {
  194. if (typeof data === 'undefined') {
  195. data = {};
  196. }
  197. return access.can('proxy_hosts:get', data.id)
  198. .then((access_data) => {
  199. let query = proxyHostModel
  200. .query()
  201. .where('is_deleted', 0)
  202. .andWhere('id', data.id)
  203. .allowEager('[owner,access_list,access_list.[clients,items],certificate]')
  204. .first();
  205. if (access_data.permission_visibility !== 'all') {
  206. query.andWhere('owner_user_id', access.token.getUserId(1));
  207. }
  208. // Custom omissions
  209. if (typeof data.omit !== 'undefined' && data.omit !== null) {
  210. query.omit(data.omit);
  211. }
  212. if (typeof data.expand !== 'undefined' && data.expand !== null) {
  213. query.eager('[' + data.expand.join(', ') + ']');
  214. }
  215. return query;
  216. })
  217. .then((row) => {
  218. if (row) {
  219. row = internalHost.cleanRowCertificateMeta(row);
  220. return _.omit(row, omissions());
  221. } else {
  222. throw new error.ItemNotFoundError(data.id);
  223. }
  224. });
  225. },
  226. /**
  227. * @param {Access} access
  228. * @param {Object} data
  229. * @param {Number} data.id
  230. * @param {String} [data.reason]
  231. * @returns {Promise}
  232. */
  233. delete: (access, data) => {
  234. return access.can('proxy_hosts:delete', data.id)
  235. .then(() => {
  236. return internalProxyHost.get(access, {id: data.id});
  237. })
  238. .then((row) => {
  239. if (!row) {
  240. throw new error.ItemNotFoundError(data.id);
  241. }
  242. return proxyHostModel
  243. .query()
  244. .where('id', row.id)
  245. .patch({
  246. is_deleted: 1
  247. })
  248. .then(() => {
  249. // Delete Nginx Config
  250. return internalNginx.deleteConfig('proxy_host', row)
  251. .then(() => {
  252. return internalNginx.reload();
  253. });
  254. })
  255. .then(() => {
  256. // Add to audit log
  257. return internalAuditLog.add(access, {
  258. action: 'deleted',
  259. object_type: 'proxy-host',
  260. object_id: row.id,
  261. meta: _.omit(row, omissions())
  262. });
  263. });
  264. })
  265. .then(() => {
  266. return true;
  267. });
  268. },
  269. /**
  270. * @param {Access} access
  271. * @param {Object} data
  272. * @param {Number} data.id
  273. * @param {String} [data.reason]
  274. * @returns {Promise}
  275. */
  276. enable: (access, data) => {
  277. return access.can('proxy_hosts:update', data.id)
  278. .then(() => {
  279. return internalProxyHost.get(access, {
  280. id: data.id,
  281. expand: ['certificate', 'owner', 'access_list']
  282. });
  283. })
  284. .then((row) => {
  285. if (!row) {
  286. throw new error.ItemNotFoundError(data.id);
  287. } else if (row.enabled) {
  288. throw new error.ValidationError('Host is already enabled');
  289. }
  290. row.enabled = 1;
  291. return proxyHostModel
  292. .query()
  293. .where('id', row.id)
  294. .patch({
  295. enabled: 1
  296. })
  297. .then(() => {
  298. // Configure nginx
  299. return internalNginx.configure(proxyHostModel, 'proxy_host', row);
  300. })
  301. .then(() => {
  302. // Add to audit log
  303. return internalAuditLog.add(access, {
  304. action: 'enabled',
  305. object_type: 'proxy-host',
  306. object_id: row.id,
  307. meta: _.omit(row, omissions())
  308. });
  309. });
  310. })
  311. .then(() => {
  312. return true;
  313. });
  314. },
  315. /**
  316. * @param {Access} access
  317. * @param {Object} data
  318. * @param {Number} data.id
  319. * @param {String} [data.reason]
  320. * @returns {Promise}
  321. */
  322. disable: (access, data) => {
  323. return access.can('proxy_hosts:update', data.id)
  324. .then(() => {
  325. return internalProxyHost.get(access, {id: data.id});
  326. })
  327. .then((row) => {
  328. if (!row) {
  329. throw new error.ItemNotFoundError(data.id);
  330. } else if (!row.enabled) {
  331. throw new error.ValidationError('Host is already disabled');
  332. }
  333. row.enabled = 0;
  334. return proxyHostModel
  335. .query()
  336. .where('id', row.id)
  337. .patch({
  338. enabled: 0
  339. })
  340. .then(() => {
  341. // Delete Nginx Config
  342. return internalNginx.deleteConfig('proxy_host', row)
  343. .then(() => {
  344. return internalNginx.reload();
  345. });
  346. })
  347. .then(() => {
  348. // Add to audit log
  349. return internalAuditLog.add(access, {
  350. action: 'disabled',
  351. object_type: 'proxy-host',
  352. object_id: row.id,
  353. meta: _.omit(row, omissions())
  354. });
  355. });
  356. })
  357. .then(() => {
  358. return true;
  359. });
  360. },
  361. /**
  362. * All Hosts
  363. *
  364. * @param {Access} access
  365. * @param {Array} [expand]
  366. * @param {String} [search_query]
  367. * @returns {Promise}
  368. */
  369. getAll: (access, expand, search_query) => {
  370. return access.can('proxy_hosts:list')
  371. .then((access_data) => {
  372. let query = proxyHostModel
  373. .query()
  374. .where('is_deleted', 0)
  375. .groupBy('id')
  376. .omit(['is_deleted'])
  377. .allowEager('[owner,access_list,certificate]')
  378. .orderBy('domain_names', 'ASC');
  379. if (access_data.permission_visibility !== 'all') {
  380. query.andWhere('owner_user_id', access.token.getUserId(1));
  381. }
  382. // Query is used for searching
  383. if (typeof search_query === 'string') {
  384. query.where(function () {
  385. this.where('domain_names', 'like', '%' + search_query + '%');
  386. });
  387. }
  388. if (typeof expand !== 'undefined' && expand !== null) {
  389. query.eager('[' + expand.join(', ') + ']');
  390. }
  391. return query;
  392. })
  393. .then((rows) => {
  394. if (typeof expand !== 'undefined' && expand !== null && expand.indexOf('certificate') !== -1) {
  395. return internalHost.cleanAllRowsCertificateMeta(rows);
  396. }
  397. return rows;
  398. });
  399. },
  400. /**
  401. * Report use
  402. *
  403. * @param {Number} user_id
  404. * @param {String} visibility
  405. * @returns {Promise}
  406. */
  407. getCount: (user_id, visibility) => {
  408. let query = proxyHostModel
  409. .query()
  410. .count('id as count')
  411. .where('is_deleted', 0);
  412. if (visibility !== 'all') {
  413. query.andWhere('owner_user_id', user_id);
  414. }
  415. return query.first()
  416. .then((row) => {
  417. return parseInt(row.count, 10);
  418. });
  419. }
  420. };
  421. module.exports = internalProxyHost;