jlesage
diff --git a/‎TODO.md
Lines changed: 18 additions & 0 deletions b/‎TODO.md
Lines changed: 18 additions & 0 deletions
diff --git a/‎config/README.md
Lines changed: 2 additions & 0 deletions b/‎config/README.md
Lines changed: 2 additions & 0 deletions
diff --git a/‎config/my.cnf
Lines changed: 2 additions & 3 deletions b/‎config/my.cnf
Lines changed: 2 additions & 3 deletions
diff --git a/‎doc/example/docker-compose.yml
Lines changed: 2 additions & 1 deletion b/‎doc/example/docker-compose.yml
Lines changed: 2 additions & 1 deletion
diff --git a/‎src/backend/internal/access-list.js
Lines changed: 82 additions & 7 deletions b/‎src/backend/internal/access-list.js
Lines changed: 82 additions & 7 deletions
diff --git a/‎src/backend/internal/certificate.js
Lines changed: 36 additions & 1 deletion b/‎src/backend/internal/certificate.js
Lines changed: 36 additions & 1 deletion
diff --git a/‎src/backend/models/access_list.js
Lines changed: 15 additions & 3 deletions b/‎src/backend/models/access_list.js
Lines changed: 15 additions & 3 deletions
diff --git a/‎src/backend/models/access_list_auth.js
Lines changed: 1 addition & 1 deletion b/‎src/backend/models/access_list_auth.js
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/backend/routes/api/nginx/access_lists.js
Lines changed: 7 additions & 7 deletions b/‎src/backend/routes/api/nginx/access_lists.js
Lines changed: 7 additions & 7 deletions
@@ -0,0 +1,18 @@
+# TODO
+
+In order of importance, somewhat.. 
+
+- Manual certificate writing to disk and usage in nginx configs - MIGRATING.md
+- Access Lists UI and Nginx usage
+- Make modal dialogs unclosable in overlay
+- Dashboard stats are caching instead of querying
+- Create a nice way of importing from v1 let's encrypt certs and config data
+- UI Log tail
+
+Testing
+
+- Access Levels
+- Visibility
+- Forwarding
+- Cert renewals
+- Custom certs
@@ -0,0 +1,2 @@
+These files are use in development and are not deployed as part of the final product.
+ 
@@ -1,8 +1,7 @@
 [mysqld]
 skip-innodb
-default-storage-engine=MyISAM
-default-tmp-storage-engine=MyISAM
+default-storage-engine=Aria
+default-tmp-storage-engine=Aria
 innodb=OFF
 symbolic-links=0
 log-output=file
-
@@ -3,13 +3,14 @@ services:
   app:
     image: jc21/nginx-proxy-manager:2
     restart: always
-    network_mode: host
     volumes:
       - ./config.json:/app/config/production.json
       - ./data:/data
       - ./letsencrypt:/etc/letsencrypt
     depends_on:
       - db
+    links:
+      - db
   db:
     image: mariadb
     restart: always
 
@@ -1,8 +1,10 @@
 'use strict';
 
-const _               = require('lodash');
-const error           = require('../lib/error');
-const accessListModel = require('../models/access_list');
+const _                   = require('lodash');
+const error               = require('../lib/error');
+const accessListModel     = require('../models/access_list');
+const accessListAuthModel = require('../models/access_list_auth');
+const internalAuditLog    = require('./audit-log');
 
 function omissions () {
     return ['is_deleted'];
@@ -18,8 +20,51 @@ const internalAccessList = {
     create: (access, data) => {
         return access.can('access_lists:create', data)
             .then(access_data => {
-                // TODO
-                return {};
+                return accessListModel
+                    .query()
+                    .omit(omissions())
+                    .insertAndFetch({
+                        name:          data.name,
+                        owner_user_id: access.token.get('attrs').id
+                    });
+            })
+            .then(row => {
+                // Now add the items
+                let promises = [];
+                data.items.map(function (item) {
+                    promises.push(accessListAuthModel
+                        .query()
+                        .insert({
+                            access_list_id: row.id,
+                            username:       item.username,
+                            password:       item.password
+                        })
+                    );
+                });
+
+                return Promise.all(promises);
+            })
+            .then(row => {
+                // re-fetch with cert
+                return internalAccessList.get(access, {
+                    id:     row.id,
+                    expand: ['owner', 'items']
+                });
+            })
+            .then(row => {
+                // Audit log
+                data.meta = _.assign({}, data.meta || {}, row.meta);
+
+                // Add to audit log
+                return internalAuditLog.add(access, {
+                    action:      'created',
+                    object_type: 'access-list',
+                    object_id:   row.id,
+                    meta:        data
+                })
+                    .then(() => {
+                        return row;
+                    });
             });
     },
 
@@ -62,7 +107,7 @@ const internalAccessList = {
                     .query()
                     .where('is_deleted', 0)
                     .andWhere('id', data.id)
-                    .allowEager('[owner]')
+                    .allowEager('[owner,items]')
                     .first();
 
                 if (access_data.permission_visibility !== 'all') {
@@ -82,6 +127,10 @@ const internalAccessList = {
             })
             .then(row => {
                 if (row) {
+                    if (typeof row.items !== 'undefined' && row.items) {
+                        row.items = internalAccessList.maskItems(row.items);
+                    }
+
                     return _.omit(row, omissions());
                 } else {
                     throw new error.ItemNotFoundError(data.id);
@@ -134,7 +183,7 @@ const internalAccessList = {
                     .where('is_deleted', 0)
                     .groupBy('id')
                     .omit(['is_deleted'])
-                    .allowEager('[owner]')
+                    .allowEager('[owner,items]')
                     .orderBy('name', 'ASC');
 
                 if (access_data.permission_visibility !== 'all') {
@@ -153,6 +202,17 @@ const internalAccessList = {
                 }
 
                 return query;
+            })
+            .then(rows => {
+                if (rows) {
+                    rows.map(function (row, idx) {
+                        if (typeof row.items !== 'undefined' && row.items) {
+                            rows[idx].items = internalAccessList.maskItems(row.items);
+                        }
+                    });
+                }
+
+                return rows;
             });
     },
 
@@ -177,6 +237,21 @@ const internalAccessList = {
             .then(row => {
                 return parseInt(row.count, 10);
             });
+    },
+
+    /**
+     * @param   {Object}  list
+     * @returns {Object}
+     */
+    maskItems: list => {
+        if (list && typeof list.items !== 'undefined') {
+            list.items.map(function (val, idx) {
+                list.items[idx].hint     = val.password.charAt(0) + ('*').repeat(val.password.length - 1);
+                list.items[idx].password = '';
+            });
+        }
+
+        return list;
     }
 };
 
 
@@ -41,14 +41,49 @@ const internalCertificate = {
             return utils.exec(certbot_command + ' renew -q ' + (debug_mode ? '--staging' : ''))
                 .then(result => {
                     logger.info(result);
-                    internalCertificate.interval_processing = false;
 
                     return internalNginx.reload()
                         .then(() => {
                             logger.info('Renew Complete');
                             return result;
                         });
                 })
+                .then(() => {
+                    // Now go and fetch all the letsencrypt certs from the db and query the files and update expiry times
+                    return certificateModel
+                        .query()
+                        .where('is_deleted', 0)
+                        .andWhere('provider', 'letsencrypt')
+                        .then(certificates => {
+                            if (certificates && certificates.length) {
+                                let promises = [];
+
+                                certificates.map(function (certificate) {
+                                    promises.push(
+                                        internalCertificate.getCertificateInfoFromFile('/etc/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem')
+                                            .then(cert_info => {
+                                                return certificateModel
+                                                    .query()
+                                                    .where('id', certificate.id)
+                                                    .andWhere('provider', 'letsencrypt')
+                                                    .patch({
+                                                        expires_on: certificateModel.raw('FROM_UNIXTIME(' + cert_info.dates.to + ')')
+                                                    });
+                                            })
+                                            .catch(err => {
+                                                // Don't want to stop the train here, just log the error
+                                                logger.error(err.message);
+                                            })
+                                    );
+                                });
+
+                                return Promise.all(promises);
+                            }
+                        });
+                })
+                .then(() => {
+                    internalCertificate.interval_processing = false;
+                })
                 .catch(err => {
                     logger.error(err);
                     internalCertificate.interval_processing = false;
 
@@ -3,9 +3,10 @@
 
 'use strict';
 
-const db    = require('../db');
-const Model = require('objection').Model;
-const User  = require('./user');
+const db             = require('../db');
+const Model          = require('objection').Model;
+const User           = require('./user');
+const AccessListAuth = require('./access_list_auth');
 
 Model.knex(db);
 
@@ -44,6 +45,17 @@ class AccessList extends Model {
                     qb.where('user.is_deleted', 0);
                     qb.omit(['id', 'created_on', 'modified_on', 'is_deleted', 'email', 'roles']);
                 }
+            },
+            items: {
+                relation:   Model.HasManyRelation,
+                modelClass: AccessListAuth,
+                join:       {
+                    from: 'access_list.id',
+                    to:   'access_list_auth.access_list_id'
+                },
+                modify:     function (qb) {
+                    qb.omit(['id', 'created_on', 'modified_on']);
+                }
             }
         };
     }
 
@@ -34,7 +34,7 @@ class AccessListAuth extends Model {
         return {
             access_list: {
                 relation:   Model.HasOneRelation,
-                modelClass: './access_list',
+                modelClass: require('./access_list'),
                 join:       {
                     from: 'access_list_auth.access_list_id',
                     to:   'access_list.id'
 
@@ -75,7 +75,7 @@ router
  * /api/nginx/access-lists/123
  */
 router
-    .route('/:host_id')
+    .route('/:list_id')
     .options((req, res) => {
         res.sendStatus(204);
     })
@@ -88,23 +88,23 @@ router
      */
     .get((req, res, next) => {
         validator({
-            required:             ['host_id'],
+            required:             ['list_id'],
             additionalProperties: false,
             properties:           {
-                host_id: {
+                list_id: {
                     $ref: 'definitions#/definitions/id'
                 },
                 expand:  {
                     $ref: 'definitions#/definitions/expand'
                 }
             }
         }, {
-            host_id: req.params.host_id,
+            list_id: req.params.list_id,
             expand:  (typeof req.query.expand === 'string' ? req.query.expand.split(',') : null)
         })
             .then(data => {
                 return internalAccessList.get(res.locals.access, {
-                    id:     parseInt(data.host_id, 10),
+                    id:     parseInt(data.list_id, 10),
                     expand: data.expand
                 });
             })
@@ -123,7 +123,7 @@ router
     .put((req, res, next) => {
         apiValidator({$ref: 'endpoints/access-lists#/links/2/schema'}, req.body)
             .then(payload => {
-                payload.id = parseInt(req.params.host_id, 10);
+                payload.id = parseInt(req.params.list_id, 10);
                 return internalAccessList.update(res.locals.access, payload);
             })
             .then(result => {
@@ -139,7 +139,7 @@ router
      * Update and existing access-list
      */
     .delete((req, res, next) => {
-        internalAccessList.delete(res.locals.access, {id: parseInt(req.params.host_id, 10)})
+        internalAccessList.delete(res.locals.access, {id: parseInt(req.params.list_id, 10)})
             .then(result => {
                 res.status(200)
                     .send(result);
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+These files are use in development and are not deployed as part of the final product.`
	`2`	`+`