proxy-host.js 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465
  1. const _ = require('lodash');
  2. const error = require('../lib/error');
  3. const utils = require('../lib/utils');
  4. const proxyHostModel = require('../models/proxy_host');
  5. const internalHost = require('./host');
  6. const internalNginx = require('./nginx');
  7. const internalAuditLog = require('./audit-log');
  8. const internalCertificate = require('./certificate');
  9. function omissions () {
  10. return ['is_deleted'];
  11. }
  12. const internalProxyHost = {
  13. /**
  14. * @param {Access} access
  15. * @param {Object} data
  16. * @returns {Promise}
  17. */
  18. create: (access, data) => {
  19. let create_certificate = data.certificate_id === 'new';
  20. if (create_certificate) {
  21. delete data.certificate_id;
  22. }
  23. return access.can('proxy_hosts:create', data)
  24. .then(() => {
  25. // Get a list of the domain names and check each of them against existing records
  26. let domain_name_check_promises = [];
  27. data.domain_names.map(function (domain_name) {
  28. domain_name_check_promises.push(internalHost.isHostnameTaken(domain_name));
  29. });
  30. return Promise.all(domain_name_check_promises)
  31. .then((check_results) => {
  32. check_results.map(function (result) {
  33. if (result.is_taken) {
  34. throw new error.ValidationError(result.hostname + ' is already in use');
  35. }
  36. });
  37. });
  38. })
  39. .then(() => {
  40. // At this point the domains should have been checked
  41. data.owner_user_id = access.token.getUserId(1);
  42. data = internalHost.cleanSslHstsData(data);
  43. return proxyHostModel
  44. .query()
  45. .insertAndFetch(data)
  46. .then(utils.omitRow(omissions()));
  47. })
  48. .then((row) => {
  49. if (create_certificate) {
  50. return internalCertificate.createQuickCertificate(access, data)
  51. .then((cert) => {
  52. // update host with cert id
  53. return internalProxyHost.update(access, {
  54. id: row.id,
  55. certificate_id: cert.id
  56. });
  57. })
  58. .then(() => {
  59. return row;
  60. });
  61. } else {
  62. return row;
  63. }
  64. })
  65. .then((row) => {
  66. // re-fetch with cert
  67. return internalProxyHost.get(access, {
  68. id: row.id,
  69. expand: ['certificate', 'owner', 'access_list.[clients,items]']
  70. });
  71. })
  72. .then((row) => {
  73. // Configure nginx
  74. return internalNginx.configure(proxyHostModel, 'proxy_host', row)
  75. .then(() => {
  76. return row;
  77. });
  78. })
  79. .then((row) => {
  80. // Audit log
  81. data.meta = _.assign({}, data.meta || {}, row.meta);
  82. // Add to audit log
  83. return internalAuditLog.add(access, {
  84. action: 'created',
  85. object_type: 'proxy-host',
  86. object_id: row.id,
  87. meta: data
  88. })
  89. .then(() => {
  90. return row;
  91. });
  92. });
  93. },
  94. /**
  95. * @param {Access} access
  96. * @param {Object} data
  97. * @param {Number} data.id
  98. * @return {Promise}
  99. */
  100. update: (access, data) => {
  101. let create_certificate = data.certificate_id === 'new';
  102. if (create_certificate) {
  103. delete data.certificate_id;
  104. }
  105. return access.can('proxy_hosts:update', data.id)
  106. .then((/*access_data*/) => {
  107. // Get a list of the domain names and check each of them against existing records
  108. let domain_name_check_promises = [];
  109. if (typeof data.domain_names !== 'undefined') {
  110. data.domain_names.map(function (domain_name) {
  111. domain_name_check_promises.push(internalHost.isHostnameTaken(domain_name, 'proxy', data.id));
  112. });
  113. return Promise.all(domain_name_check_promises)
  114. .then((check_results) => {
  115. check_results.map(function (result) {
  116. if (result.is_taken) {
  117. throw new error.ValidationError(result.hostname + ' is already in use');
  118. }
  119. });
  120. });
  121. }
  122. })
  123. .then(() => {
  124. return internalProxyHost.get(access, {id: data.id});
  125. })
  126. .then((row) => {
  127. if (row.id !== data.id) {
  128. // Sanity check that something crazy hasn't happened
  129. throw new error.InternalValidationError('Proxy Host could not be updated, IDs do not match: ' + row.id + ' !== ' + data.id);
  130. }
  131. if (create_certificate) {
  132. return internalCertificate.createQuickCertificate(access, {
  133. domain_names: data.domain_names || row.domain_names,
  134. meta: _.assign({}, row.meta, data.meta)
  135. })
  136. .then((cert) => {
  137. // update host with cert id
  138. data.certificate_id = cert.id;
  139. })
  140. .then(() => {
  141. return row;
  142. });
  143. } else {
  144. return row;
  145. }
  146. })
  147. .then((row) => {
  148. // Add domain_names to the data in case it isn't there, so that the audit log renders correctly. The order is important here.
  149. data = _.assign({}, {
  150. domain_names: row.domain_names
  151. }, data);
  152. data = internalHost.cleanSslHstsData(data, row);
  153. return proxyHostModel
  154. .query()
  155. .where({id: data.id})
  156. .patch(data)
  157. .then(utils.omitRow(omissions()))
  158. .then((saved_row) => {
  159. // Add to audit log
  160. return internalAuditLog.add(access, {
  161. action: 'updated',
  162. object_type: 'proxy-host',
  163. object_id: row.id,
  164. meta: data
  165. })
  166. .then(() => {
  167. return saved_row;
  168. });
  169. });
  170. })
  171. .then(() => {
  172. return internalProxyHost.get(access, {
  173. id: data.id,
  174. expand: ['owner', 'certificate', 'access_list.[clients,items]']
  175. })
  176. .then((row) => {
  177. if (!row.enabled) {
  178. // No need to add nginx config if host is disabled
  179. return row;
  180. }
  181. // Configure nginx
  182. return internalNginx.configure(proxyHostModel, 'proxy_host', row)
  183. .then((new_meta) => {
  184. row.meta = new_meta;
  185. row = internalHost.cleanRowCertificateMeta(row);
  186. return _.omit(row, omissions());
  187. });
  188. });
  189. });
  190. },
  191. /**
  192. * @param {Access} access
  193. * @param {Object} data
  194. * @param {Number} data.id
  195. * @param {Array} [data.expand]
  196. * @param {Array} [data.omit]
  197. * @return {Promise}
  198. */
  199. get: (access, data) => {
  200. if (typeof data === 'undefined') {
  201. data = {};
  202. }
  203. return access.can('proxy_hosts:get', data.id)
  204. .then((access_data) => {
  205. let query = proxyHostModel
  206. .query()
  207. .where('is_deleted', 0)
  208. .andWhere('id', data.id)
  209. .allowGraph('[owner,access_list,access_list.[clients,items],certificate]')
  210. .first();
  211. if (access_data.permission_visibility !== 'all') {
  212. query.andWhere('owner_user_id', access.token.getUserId(1));
  213. }
  214. if (typeof data.expand !== 'undefined' && data.expand !== null) {
  215. query.withGraphFetched('[' + data.expand.join(', ') + ']');
  216. }
  217. return query.then(utils.omitRow(omissions()));
  218. })
  219. .then((row) => {
  220. if (!row) {
  221. throw new error.ItemNotFoundError(data.id);
  222. }
  223. row = internalHost.cleanRowCertificateMeta(row);
  224. // Custom omissions
  225. if (typeof data.omit !== 'undefined' && data.omit !== null) {
  226. row = _.omit(row, data.omit);
  227. }
  228. return row;
  229. });
  230. },
  231. /**
  232. * @param {Access} access
  233. * @param {Object} data
  234. * @param {Number} data.id
  235. * @param {String} [data.reason]
  236. * @returns {Promise}
  237. */
  238. delete: (access, data) => {
  239. return access.can('proxy_hosts:delete', data.id)
  240. .then(() => {
  241. return internalProxyHost.get(access, {id: data.id});
  242. })
  243. .then((row) => {
  244. if (!row) {
  245. throw new error.ItemNotFoundError(data.id);
  246. }
  247. return proxyHostModel
  248. .query()
  249. .where('id', row.id)
  250. .patch({
  251. is_deleted: 1
  252. })
  253. .then(() => {
  254. // Delete Nginx Config
  255. return internalNginx.deleteConfig('proxy_host', row)
  256. .then(() => {
  257. return internalNginx.reload();
  258. });
  259. })
  260. .then(() => {
  261. // Add to audit log
  262. return internalAuditLog.add(access, {
  263. action: 'deleted',
  264. object_type: 'proxy-host',
  265. object_id: row.id,
  266. meta: _.omit(row, omissions())
  267. });
  268. });
  269. })
  270. .then(() => {
  271. return true;
  272. });
  273. },
  274. /**
  275. * @param {Access} access
  276. * @param {Object} data
  277. * @param {Number} data.id
  278. * @param {String} [data.reason]
  279. * @returns {Promise}
  280. */
  281. enable: (access, data) => {
  282. return access.can('proxy_hosts:update', data.id)
  283. .then(() => {
  284. return internalProxyHost.get(access, {
  285. id: data.id,
  286. expand: ['certificate', 'owner', 'access_list']
  287. });
  288. })
  289. .then((row) => {
  290. if (!row) {
  291. throw new error.ItemNotFoundError(data.id);
  292. } else if (row.enabled) {
  293. throw new error.ValidationError('Host is already enabled');
  294. }
  295. row.enabled = 1;
  296. return proxyHostModel
  297. .query()
  298. .where('id', row.id)
  299. .patch({
  300. enabled: 1
  301. })
  302. .then(() => {
  303. // Configure nginx
  304. return internalNginx.configure(proxyHostModel, 'proxy_host', row);
  305. })
  306. .then(() => {
  307. // Add to audit log
  308. return internalAuditLog.add(access, {
  309. action: 'enabled',
  310. object_type: 'proxy-host',
  311. object_id: row.id,
  312. meta: _.omit(row, omissions())
  313. });
  314. });
  315. })
  316. .then(() => {
  317. return true;
  318. });
  319. },
  320. /**
  321. * @param {Access} access
  322. * @param {Object} data
  323. * @param {Number} data.id
  324. * @param {String} [data.reason]
  325. * @returns {Promise}
  326. */
  327. disable: (access, data) => {
  328. return access.can('proxy_hosts:update', data.id)
  329. .then(() => {
  330. return internalProxyHost.get(access, {id: data.id});
  331. })
  332. .then((row) => {
  333. if (!row) {
  334. throw new error.ItemNotFoundError(data.id);
  335. } else if (!row.enabled) {
  336. throw new error.ValidationError('Host is already disabled');
  337. }
  338. row.enabled = 0;
  339. return proxyHostModel
  340. .query()
  341. .where('id', row.id)
  342. .patch({
  343. enabled: 0
  344. })
  345. .then(() => {
  346. // Delete Nginx Config
  347. return internalNginx.deleteConfig('proxy_host', row)
  348. .then(() => {
  349. return internalNginx.reload();
  350. });
  351. })
  352. .then(() => {
  353. // Add to audit log
  354. return internalAuditLog.add(access, {
  355. action: 'disabled',
  356. object_type: 'proxy-host',
  357. object_id: row.id,
  358. meta: _.omit(row, omissions())
  359. });
  360. });
  361. })
  362. .then(() => {
  363. return true;
  364. });
  365. },
  366. /**
  367. * All Hosts
  368. *
  369. * @param {Access} access
  370. * @param {Array} [expand]
  371. * @param {String} [search_query]
  372. * @returns {Promise}
  373. */
  374. getAll: (access, expand, search_query) => {
  375. return access.can('proxy_hosts:list')
  376. .then((access_data) => {
  377. let query = proxyHostModel
  378. .query()
  379. .where('is_deleted', 0)
  380. .groupBy('id')
  381. .allowGraph('[owner,access_list,certificate]')
  382. .orderBy('domain_names', 'ASC');
  383. if (access_data.permission_visibility !== 'all') {
  384. query.andWhere('owner_user_id', access.token.getUserId(1));
  385. }
  386. // Query is used for searching
  387. if (typeof search_query === 'string') {
  388. query.where(function () {
  389. this.where('domain_names', 'like', '%' + search_query + '%');
  390. });
  391. }
  392. if (typeof expand !== 'undefined' && expand !== null) {
  393. query.withGraphFetched('[' + expand.join(', ') + ']');
  394. }
  395. return query.then(utils.omitRows(omissions()));
  396. })
  397. .then((rows) => {
  398. if (typeof expand !== 'undefined' && expand !== null && expand.indexOf('certificate') !== -1) {
  399. return internalHost.cleanAllRowsCertificateMeta(rows);
  400. }
  401. return rows;
  402. });
  403. },
  404. /**
  405. * Report use
  406. *
  407. * @param {Number} user_id
  408. * @param {String} visibility
  409. * @returns {Promise}
  410. */
  411. getCount: (user_id, visibility) => {
  412. let query = proxyHostModel
  413. .query()
  414. .count('id as count')
  415. .where('is_deleted', 0);
  416. if (visibility !== 'all') {
  417. query.andWhere('owner_user_id', user_id);
  418. }
  419. return query.first()
  420. .then((row) => {
  421. return parseInt(row.count, 10);
  422. });
  423. }
  424. };
  425. module.exports = internalProxyHost;