mirror of
https://github.com/Start9Labs/start-os.git
synced 2026-03-26 10:21:52 +00:00
3320391fcc
* docs: update preferred external port design in TODO * docs: add user-controlled public/private and port forward mapping to design * docs: overhaul interfaces page design with view/manage split and per-address controls * docs: move address enable/disable to overflow menu, add SSL indicator, defer UI placement decisions * chore: remove tor from startos core Tor is being moved from a built-in OS feature to a service. This removes the Arti-based Tor client, onion address management, hidden service creation, and all related code from the core backend, frontend, and SDK. - Delete core/src/net/tor/ module (~2060 lines) - Remove OnionAddress, TorSecretKey, TorController from all consumers - Remove HostnameInfo::Onion and HostAddress::Onion variants - Remove onion CRUD RPC endpoints and tor subcommand - Remove tor key handling from account and backup/restore - Remove ~12 tor-related Cargo dependencies (arti-client, torut, etc.) - Remove tor UI components, API methods, mock data, and routes - Remove OnionHostname and tor patterns/regexes from SDK - Add v0_4_0_alpha_20 database migration to strip onion data - Bump version to 0.4.0-alpha.20 * chore: flatten HostnameInfo from enum to struct HostnameInfo only had one variant (Ip) after removing Tor. Flatten it into a plain struct with fields gateway, public, hostname. Remove all kind === 'ip' type guards and narrowing across SDK, frontend, and container runtime. Update DB migration to strip the kind field. * chore: format RPCSpec.md markdown table * docs: update TODO.md with DerivedAddressInfo design, remove completed tor task * feat: implement preferred port allocation and per-address enable/disable - Add AvailablePorts::try_alloc() with SSL tracking (BTreeMap<u16, bool>) - Add DerivedAddressInfo on BindInfo with private_disabled/public_enabled/possible sets - Add Bindings wrapper with Map impl for patchdb indexed access - Flatten HostAddress from single-variant enum to struct - Replace set-gateway-enabled RPC with set-address-enabled - Remove hostname_info from Host; computed addresses now in BindInfo.addresses.possible - Compute possible addresses inline in NetServiceData::update() - Update DB migration, SDK types, frontend, and container-runtime * feat: replace InterfaceFilter with ForwardRequirements, add WildcardListener, complete alpha.20 bump - Replace DynInterfaceFilter with ForwardRequirements for per-IP forward precision with source-subnet iptables filtering for private forwards - Add WildcardListener (binds [::]:port) to replace the per-gateway NetworkInterfaceListener/SelfContainedNetworkInterfaceListener/ UpgradableListener infrastructure - Update forward-port script with src_subnet and excluded_src env vars - Remove unused filter types and listener infrastructure from gateway.rs - Add availablePorts migration (IdPool -> BTreeMap<u16, bool>) to alpha.20 - Complete version bump to 0.4.0-alpha.20 in SDK and web * outbound gateway support (#3120) * Multiple (#3111) * fix alerts i18n, fix status display, better, remove usb media, hide shutdown for install complete * trigger chnage detection for localize pipe and round out implementing localize pipe for consistency even though not needed * Fix PackageInfoShort to handle LocaleString on releaseNotes (#3112) * Fix PackageInfoShort to handle LocaleString on releaseNotes * fix: filter by target_version in get_matching_models and pass otherVersions from install * chore: add exver documentation for ai agents * frontend plus some be types --------- Co-authored-by: Aiden McClelland <3732071+dr-bonez@users.noreply.github.com> * feat: replace SourceFilter with IpNet, add policy routing, remove MASQUERADE * build ts types and fix i18n * fix license display in marketplace * wip refactor * chore: update ts bindings for preferred port design * feat: refactor NetService to watch DB and reconcile network state - NetService sync task now uses PatchDB DbWatch instead of being called directly after DB mutations - Read gateways from DB instead of network interface context when updating host addresses - gateway sync updates all host addresses in the DB - Add Watch<u64> channel for callers to wait on sync completion - Fix ts-rs codegen bug with #[ts(skip)] on flattened Plugin field - Update SDK getServiceInterface.ts for new HostnameInfo shape - Remove unnecessary HTTPS redirect in static_server.rs - Fix tunnel/api.rs to filter for WAN IPv4 address * re-arrange (#3123) * new service interfacee page * feat: add mdns hostname metadata variant and fix vhost routing - Add HostnameMetadata::Mdns variant to distinguish mDNS from private domains - Mark mDNS addresses as private (public: false) since mDNS is local-only - Fall back to null SNI entry when hostname not found in vhost mapping - Simplify public detection in ProxyTarget filter - Pass hostname to update_addresses for mDNS domain name generation * looking good * feat: add port_forwards field to Host for tracking gateway forwarding rules * update bindings for API types, add ARCHITECTURE (#3124) * update binding for API types, add ARCHITECTURE * translations * fix: add CONNMARK restore-mark to mangle OUTPUT chain The CONNMARK --restore-mark rule was only in PREROUTING, which handles forwarded packets. Locally-bound listeners (e.g. vhost) generate replies through the OUTPUT chain, where the fwmark was never restored. This caused response packets to route via the default table instead of back through the originating interface. * chore: reserialize db on equal version, update bindings and docs - Run de/ser roundtrip in pre_init even when db version matches, ensuring all #[serde(default)] fields are populated before any typed access - Add patchdb.md documentation for TypedDbWatch patterns - Update TS bindings for CheckPortParams, CheckPortRes, ifconfigUrl - Update CLAUDE.md docs with patchdb and component-level references * fix: include public gateways for IP-based addresses in vhost targets The server hostname vhost construction only collected private IPs, always setting public to empty. Public IP addresses (Ipv4/Ipv6 metadata with public=true) were never added to the vhost target's public gateway set, causing the vhost filter to reject public traffic for IP-based addresses. * fix: add TLS handshake timeout and fix accept loop deadlock Two issues in TlsListener::poll_accept: 1. No timeout on TLS handshakes: LazyConfigAcceptor waits indefinitely for ClientHello. Attackers that complete TCP handshake but never send TLS data create zombie futures in `in_progress` that never complete. Fix: wrap the entire handshake in tokio::time::timeout(15s). 2. Missing waker on new-connection pending path: when a TCP connection is accepted and the TLS handshake is pending, poll_accept returned Pending without calling wake_by_ref(). Since the TcpListener returned Ready (not Pending), no waker was registered for it. With edge- triggered epoll and no other wakeup source, the task sleeps forever and remaining connections in the kernel accept queue are never drained. Fix: add cx.waker().wake_by_ref() so the task immediately re-polls and continues draining the accept queue. * fix: switch BackgroundJobRunner from Vec to FuturesUnordered BackgroundJobRunner stored active jobs in a Vec<BoxFuture> and polled ALL of them on every wakeup — O(n) per poll. Since this runs in the same tokio::select! as the WebServer accept loop, polling overhead from active connections directly delayed acceptance of new connections. FuturesUnordered only polls woken futures — O(woken) instead of O(n). * chore: update bindings and use typed params for outbound gateway API * feat: per-service and default outbound gateway routing Add set-outbound-gateway RPC for packages and set-default-outbound RPC for the server, with policy routing enforcement via ip rules. Fix connmark restore to skip packets with existing fwmarks, add bridge subnet routes to per-interface tables, and fix squashfs path in update-image-local.sh. * refactor: manifest wraps PackageMetadata, move dependency_metadata to PackageVersionInfo Manifest now embeds PackageMetadata via #[serde(flatten)] instead of duplicating ~14 fields. icon and dependency_metadata moved from PackageMetadata to PackageVersionInfo since they are registry-enrichment data loaded from the S9PK archive. merge_with now returns errors on metadata/icon/dependency_metadata mismatches instead of silently ignoring them. * fix: replace .status() with .invoke() for iptables/ip commands Using .status() leaks stderr directly to system logs, causing noisy iptables error messages. Switch all networking CLI invocations to use .invoke() which captures stderr properly. For check-then-act patterns (iptables -C), use .invoke().await.is_err() instead of .status().await.map_or(false, |s| s.success()). * feat: add check-dns gateway endpoint and fix per-interface routing tables Add a `check-dns` RPC endpoint that verifies whether a gateway's DNS is properly configured for private domain resolution. Uses a three-tier check: direct match (DNS == server IP), TXT challenge probe (DNS on LAN), or failure (DNS off-subnet). Fix per-interface routing tables to clone all non-default routes from the main table instead of only the interface's own subnets. This preserves LAN reachability when the priority-75 catch-all overrides default routing. Filter out status-only flags (linkdown, dead) that are invalid for `ip route add`. * refactor: rename manifest metadata fields and improve error display Rename wrapperRepo→packageRepo, marketingSite→marketingUrl, docsUrl→docsUrls (array), remove supportSite. Add display_src/display_dbg helpers to Error. Fix DepInfo description type to LocaleString. Update web UI, SDK bindings, tests, and fixtures to match. Clean up cli_attach error handling and remove dead commented code. * chore: bump sdk version to 0.4.0-beta.49 * chore: add createTask decoupling TODO * chore: add TODO to clear service error state on install/update * round out dns check, dns server check, port forward check, and gateway port forwards * chore: add TODOs for URL plugins, NAT hairpinning, and start-tunnel OTA updates * version instead of os query param * interface row clickable again, bu now with a chevron! * feat: implement URL plugins with table/row actions and prefill support - Add URL plugin effects (register, export_url, clear_urls) in core - Add PluginHostnameInfo, HostnameMetadata::Plugin, and plugin registration types - Implement plugin URL table in web UI with tableAction button and rowAction overflow menus - Thread urlPluginMetadata (packageId, hostId, interfaceId, internalPort) as prefill to actions - Add prefill support to PackageActionData so metadata passes through form dialogs - Add i18n translations for plugin error messages - Clean up plugin URLs on package uninstall * feat: split row_actions into remove_action and overflow_actions for URL plugins * touch up URL plugins table * show table even when no addresses * feat: NAT hairpinning, DNS static servers, clear service error on install - Add POSTROUTING MASQUERADE rules for container and host hairpin NAT - Allow bridge subnet containers to reach private forwards via LAN IPs - Pass bridge_subnet env var from forward.rs to forward-port script - Use DB-configured static DNS servers in resolver with DB watcher - Fall back to resolv.conf servers when no static servers configured - Clear service error state when install/update completes successfully - Remove completed TODO items * feat: builder-style InputSpec API, prefill plumbing, and port forward fix - Add addKey() and add() builder methods to InputSpec with InputSpecTools - Move OuterType to last generic param on Value, List, and all dynamic methods - Plumb prefill through getActionInput end-to-end (core → container-runtime → SDK) - Filter port_forwards to enabled addresses only - Bump SDK to 0.4.0-beta.50 * fix: propagate host locale into LXC containers and write locale.conf * chore: remove completed URL plugins TODO * feat: OTA updates for start-tunnel via apt repository (untested) - Add apt repo publish script (build/apt/publish-deb.sh) for S3-hosted repo - Add apt source config and GPG key placeholder (apt/) - Add tunnel.update.check and tunnel.update.apply RPC endpoints - Wire up update API in tunnel frontend (api service + mock) - Uses systemd-run --scope to survive service restart during update * fix: publish script dpkg-name, s3cfg fallback, and --reinstall for apply * chore: replace OTA updates TODO with UI TODO for MattDHill * feat: add getOutboundGateway effect and simplify VersionGraph init/uninit Add getOutboundGateway effect across core, container-runtime, and SDK to let services query their effective outbound gateway with callback support. Remove preInstall/uninstall hooks from VersionGraph as they are no longer needed. * frontend start-tunnel updates * chore: remove completed TODO * feat: tor hidden service key migration * chore: migrate from ts-matches to zod across all TypeScript packages * feat(core): allow setting server hostname * send prefill for tasks and hide operations to hidden fields * fix(core): preserve plugin URLs across binding updates BindInfo::update was replacing addresses with a new DerivedAddressInfo that cleared the available set, wiping plugin-exported URLs whenever bind() was called. Also simplify update_addresses plugin preservation to use retain in place rather than collecting into a separate set. * minor cleanup from patch-db audit * clean up prefill flow * frontend support for setting and changing hostname * feat(core): refactor hostname to ServerHostnameInfo with name/hostname pair - Rename Hostname to ServerHostnameInfo, add name + hostname fields - Add set_hostname_rpc for changing hostname at runtime - Migrate alpha_20: generate serverInfo.name from hostname, delete ui.name - Extract gateway.rs helpers to fix rustfmt nesting depth issue - Add i18n key for hostname validation error - Update SDK bindings * add comments to everything potentially consumer facing (#3127) * add comments to everything potentially consumer facing * rework smtp --------- Co-authored-by: Aiden McClelland <3732071+dr-bonez@users.noreply.github.com> * implement server name * setup changes * clean up copy around addresses table * feat: add zod-deep-partial, partialValidator on InputSpec, and z.deepPartial re-export * fix: header color in zoom (#3128) * fix: merge version ranges when adding existing package signer (#3125) * fix: merge version ranges when adding existing package signer Previously, add_package_signer unconditionally inserted the new version range, overwriting any existing authorization for that signer. Now it OR-merges the new range with the existing one, so running signer add multiple times accumulates permissions rather than replacing them. * add --merge flag to registry package signer add Default behavior remains overwrite. When --merge is passed, the new version range is OR-merged with the existing one, allowing admins to accumulate permissions incrementally. * add missing attribute to TS type * make merge optional * upsert instead of insert * VersionRange::None on upsert * fix: header color in zoom --------- Co-authored-by: Dominion5254 <musashidisciple@proton.me> * update snake and add about this server to system general * chore: bump sdk to beta.53, wrap z.deepPartial with passthrough * reset instead of reset defaults * action failure show dialog * chore: bump sdk to beta.54, add device-info RPC, improve SDK abort handling and InputSpec filtering - Bump SDK version to 0.4.0-beta.54 - Add `server.device-info` RPC endpoint and `s9pk select` CLI command - Extract `HardwareRequirements::is_compatible()` method, reuse in registry filtering - Add `AbortedError` class with `muteUnhandled` flag, replace generic abort errors - Handle unhandled promise rejections in container-runtime with mute support - Improve `InputSpec.filter()` with `keepByDefault` param and boolean filter values - Accept readonly tuples in `CommandType` and `splitCommand` - Remove `sync_host` calls from host API handlers (binding/address changes) - Filter mDNS hostnames by secure gateway availability - Derive mDNS enabled state from LAN IPs in web UI - Add "Open UI" action to address table, disable mDNS toggle - Hide debug details in service error component - Update rpc-toolkit docs for no-params handlers * fix: add --no-nvram to efi grub-install to preserve built-in boot order * update snake * diable actions when in error state * chore: split out nvidia variant * misc bugfixes * create manage-release script (untested) * fix: preserve z namespace types for sdk consumers * sdk version bump * new checkPort types * multiple bugs and better port forward ux * fix link * chore: todos and formatting * fix build --------- Co-authored-by: Matt Hill <MattDHill@users.noreply.github.com> Co-authored-by: Matt Hill <mattnine@protonmail.com> Co-authored-by: Alex Inkin <alexander@inkin.ru> Co-authored-by: Dominion5254 <musashidisciple@proton.me>
1297 lines
39 KiB
TypeScript
1297 lines
39 KiB
TypeScript
import {
|
|
ExtendedVersion,
|
|
FileHelper,
|
|
getDataVersion,
|
|
overlaps,
|
|
types as T,
|
|
utils,
|
|
VersionRange,
|
|
} from "@start9labs/start-sdk"
|
|
import * as fs from "fs/promises"
|
|
|
|
import { polyfillEffects } from "./polyfillEffects"
|
|
import { fromDuration } from "../../../Models/Duration"
|
|
import { System } from "../../../Interfaces/System"
|
|
import { matchManifest, Manifest } from "./matchManifest"
|
|
import * as childProcess from "node:child_process"
|
|
import { DockerProcedureContainer } from "./DockerProcedureContainer"
|
|
import { DockerProcedure } from "../../../Models/DockerProcedure"
|
|
import { promisify } from "node:util"
|
|
import * as U from "./oldEmbassyTypes"
|
|
import { MainLoop } from "./MainLoop"
|
|
import { z } from "@start9labs/start-sdk"
|
|
import { AddSslOptions } from "@start9labs/start-sdk/base/lib/osBindings"
|
|
import {
|
|
BindOptionsByProtocol,
|
|
MultiHost,
|
|
} from "@start9labs/start-sdk/base/lib/interfaces/Host"
|
|
import { ServiceInterfaceBuilder } from "@start9labs/start-sdk/base/lib/interfaces/ServiceInterfaceBuilder"
|
|
import { Effects } from "../../../Models/Effects"
|
|
import {
|
|
OldConfigSpec,
|
|
matchOldConfigSpec,
|
|
transformConfigSpec,
|
|
transformNewConfigToOld,
|
|
transformOldConfigToNew,
|
|
} from "./transformConfigSpec"
|
|
import { partialDiff } from "@start9labs/start-sdk/base/lib/util"
|
|
import { Volume } from "@start9labs/start-sdk/package/lib/util/Volume"
|
|
|
|
type Optional<A> = A | undefined | null
|
|
function todo(): never {
|
|
throw new Error("Not implemented")
|
|
}
|
|
|
|
/**
|
|
* Local type for procedure values from the manifest.
|
|
* The manifest's zod schemas use ZodTypeAny casts that produce `unknown` in zod v4.
|
|
* This type restores the expected shape for type-safe property access.
|
|
*/
|
|
type Procedure =
|
|
| (DockerProcedure & { type: "docker" })
|
|
| { type: "script"; args: unknown[] | null }
|
|
|
|
const MANIFEST_LOCATION = "/usr/lib/startos/package/embassyManifest.json"
|
|
export const EMBASSY_JS_LOCATION = "/usr/lib/startos/package/embassy.js"
|
|
|
|
const configFile = FileHelper.json(
|
|
{
|
|
base: new Volume("embassy"),
|
|
subpath: "config.json",
|
|
},
|
|
z.any(),
|
|
)
|
|
const dependsOnFile = FileHelper.json(
|
|
{
|
|
base: new Volume("embassy"),
|
|
subpath: "dependsOn.json",
|
|
},
|
|
z.record(z.string(), z.array(z.string())),
|
|
)
|
|
|
|
const matchResult = z.object({
|
|
result: z.any(),
|
|
})
|
|
const matchError = z.object({
|
|
error: z.string(),
|
|
})
|
|
const matchErrorCode = z.object({
|
|
"error-code": z.tuple([z.number(), z.string()]),
|
|
})
|
|
|
|
const assertNever = (
|
|
x: never,
|
|
message = "Not expecting to get here: ",
|
|
): never => {
|
|
throw new Error(message + JSON.stringify(x))
|
|
}
|
|
/**
|
|
Should be changing the type for specific properties, and this is mostly a transformation for the old return types to the newer one.
|
|
*/
|
|
function isMatchResult(a: unknown): a is z.infer<typeof matchResult> {
|
|
return matchResult.safeParse(a).success
|
|
}
|
|
function isMatchError(a: unknown): a is z.infer<typeof matchError> {
|
|
return matchError.safeParse(a).success
|
|
}
|
|
function isMatchErrorCode(a: unknown): a is z.infer<typeof matchErrorCode> {
|
|
return matchErrorCode.safeParse(a).success
|
|
}
|
|
const fromReturnType = <A>(a: U.ResultType<A>): A => {
|
|
if (isMatchResult(a)) {
|
|
return a.result
|
|
}
|
|
if (isMatchError(a)) {
|
|
console.info({ passedErrorStack: new Error().stack, error: a.error })
|
|
throw { error: a.error }
|
|
}
|
|
if (isMatchErrorCode(a)) {
|
|
const [code, message] = a["error-code"]
|
|
throw { error: message, code }
|
|
}
|
|
return assertNever(a as never)
|
|
}
|
|
|
|
const matchSetResult = z.object({
|
|
"depends-on": z.record(z.string(), z.array(z.string())).nullable().optional(),
|
|
dependsOn: z.record(z.string(), z.array(z.string())).nullable().optional(),
|
|
signal: z.enum([
|
|
"SIGTERM",
|
|
"SIGHUP",
|
|
"SIGINT",
|
|
"SIGQUIT",
|
|
"SIGILL",
|
|
"SIGTRAP",
|
|
"SIGABRT",
|
|
"SIGBUS",
|
|
"SIGFPE",
|
|
"SIGKILL",
|
|
"SIGUSR1",
|
|
"SIGSEGV",
|
|
"SIGUSR2",
|
|
"SIGPIPE",
|
|
"SIGALRM",
|
|
"SIGSTKFLT",
|
|
"SIGCHLD",
|
|
"SIGCONT",
|
|
"SIGSTOP",
|
|
"SIGTSTP",
|
|
"SIGTTIN",
|
|
"SIGTTOU",
|
|
"SIGURG",
|
|
"SIGXCPU",
|
|
"SIGXFSZ",
|
|
"SIGVTALRM",
|
|
"SIGPROF",
|
|
"SIGWINCH",
|
|
"SIGIO",
|
|
"SIGPWR",
|
|
"SIGSYS",
|
|
"SIGINFO",
|
|
]),
|
|
})
|
|
|
|
type OldGetConfigRes = {
|
|
config?: null | Record<string, unknown>
|
|
spec: OldConfigSpec
|
|
}
|
|
|
|
export type PropertiesValue =
|
|
| {
|
|
/** The type of this value, either "string" or "object" */
|
|
type: "object"
|
|
/** A nested mapping of values. The user will experience this as a nested page with back button */
|
|
value: { [k: string]: PropertiesValue }
|
|
/** (optional) A human readable description of the new set of values */
|
|
description: string | null
|
|
}
|
|
| {
|
|
/** The type of this value, either "string" or "object" */
|
|
type: "string"
|
|
/** The value to display to the user */
|
|
value: string
|
|
/** A human readable description of the value */
|
|
description: string | null
|
|
/** Whether or not to mask the value, for example, when displaying a password */
|
|
masked: boolean | null
|
|
/** Whether or not to include a button for copying the value to clipboard */
|
|
copyable: boolean | null
|
|
/** Whether or not to include a button for displaying the value as a QR code */
|
|
qr: boolean | null
|
|
}
|
|
|
|
export type PropertiesReturn = {
|
|
[key: string]: PropertiesValue
|
|
}
|
|
|
|
export type PackagePropertiesV2 = {
|
|
[name: string]: PackagePropertyObject | PackagePropertyString
|
|
}
|
|
export type PackagePropertyString = {
|
|
type: "string"
|
|
description?: string | null
|
|
value: string
|
|
/** Let's the ui make this copyable button */
|
|
copyable?: boolean | null
|
|
/** Let the ui create a qr for this field */
|
|
qr?: boolean | null
|
|
/** Hiding the value unless toggled off for field */
|
|
masked?: boolean | null
|
|
}
|
|
export type PackagePropertyObject = {
|
|
value: PackagePropertiesV2
|
|
type: "object"
|
|
description: string
|
|
}
|
|
|
|
const asProperty_ = (
|
|
x: PackagePropertyString | PackagePropertyObject,
|
|
): PropertiesValue => {
|
|
if (x.type === "object") {
|
|
return {
|
|
...x,
|
|
value: Object.fromEntries(
|
|
Object.entries(x.value).map(([key, value]) => [
|
|
key,
|
|
asProperty_(value),
|
|
]),
|
|
),
|
|
}
|
|
}
|
|
return {
|
|
masked: false,
|
|
description: null,
|
|
qr: null,
|
|
copyable: null,
|
|
...x,
|
|
}
|
|
}
|
|
const asProperty = (x: PackagePropertiesV2): PropertiesReturn =>
|
|
Object.fromEntries(
|
|
Object.entries(x).map(([key, value]) => [key, asProperty_(value)]),
|
|
)
|
|
const matchPackagePropertyObject: z.ZodType<PackagePropertyObject> = z.object({
|
|
value: z.lazy(() => matchPackageProperties),
|
|
type: z.literal("object"),
|
|
description: z.string(),
|
|
})
|
|
|
|
const matchPackagePropertyString: z.ZodType<PackagePropertyString> = z.object({
|
|
type: z.literal("string"),
|
|
description: z.string().nullable().optional(),
|
|
value: z.string(),
|
|
copyable: z.boolean().nullable().optional(),
|
|
qr: z.boolean().nullable().optional(),
|
|
masked: z.boolean().nullable().optional(),
|
|
})
|
|
const matchPackageProperties: z.ZodType<PackagePropertiesV2> = z.lazy(() =>
|
|
z.record(
|
|
z.string(),
|
|
z.union([matchPackagePropertyObject, matchPackagePropertyString]),
|
|
),
|
|
)
|
|
|
|
const matchProperties = z.object({
|
|
version: z.literal(2),
|
|
data: matchPackageProperties,
|
|
})
|
|
|
|
function convertProperties(
|
|
name: string,
|
|
value: PropertiesValue,
|
|
): T.ActionResultMember {
|
|
if (value.type === "string") {
|
|
return {
|
|
type: "single",
|
|
name,
|
|
description: value.description,
|
|
copyable: value.copyable || false,
|
|
masked: value.masked || false,
|
|
qr: value.qr || false,
|
|
value: value.value,
|
|
}
|
|
}
|
|
return {
|
|
type: "group",
|
|
name,
|
|
description: value.description,
|
|
value: Object.entries(value.value).map(([name, value]) =>
|
|
convertProperties(name, value),
|
|
),
|
|
}
|
|
}
|
|
|
|
export class SystemForEmbassy implements System {
|
|
private version: ExtendedVersion
|
|
currentRunning: MainLoop | undefined
|
|
static async of(manifestLocation: string = MANIFEST_LOCATION) {
|
|
const moduleCode = await import(EMBASSY_JS_LOCATION)
|
|
.catch((_) => require(EMBASSY_JS_LOCATION))
|
|
.catch(async (_) => {
|
|
console.error(utils.asError("Could not load the js"))
|
|
console.error({
|
|
exists: await fs.stat(EMBASSY_JS_LOCATION),
|
|
})
|
|
return {}
|
|
})
|
|
const manifestData = await fs.readFile(manifestLocation, "utf-8")
|
|
return new SystemForEmbassy(
|
|
matchManifest.parse(JSON.parse(manifestData)),
|
|
moduleCode,
|
|
)
|
|
}
|
|
|
|
constructor(
|
|
readonly manifest: Manifest,
|
|
readonly moduleCode: Partial<U.ExpectedExports>,
|
|
) {
|
|
this.version = ExtendedVersion.parseEmver(manifest.version)
|
|
if (
|
|
this.manifest.id === "bitcoind" &&
|
|
this.manifest.title.toLowerCase().includes("knots")
|
|
)
|
|
this.version.flavor = "knots"
|
|
|
|
if (
|
|
this.manifest.id === "lnd" ||
|
|
this.manifest.id === "ride-the-lightning" ||
|
|
this.manifest.id === "datum"
|
|
) {
|
|
this.version.upstream.prerelease = ["beta"]
|
|
} else if (
|
|
this.manifest.id === "lightning-terminal" ||
|
|
this.manifest.id === "robosats"
|
|
) {
|
|
this.version.upstream.prerelease = ["alpha"]
|
|
}
|
|
|
|
if (this.manifest.id === "nostr") {
|
|
this.manifest.id = "nostr-rs-relay"
|
|
}
|
|
}
|
|
|
|
async init(
|
|
effects: Effects,
|
|
kind: "install" | "update" | "restore" | null,
|
|
): Promise<void> {
|
|
if (kind === "restore") {
|
|
await this.restoreBackup(effects, null)
|
|
}
|
|
for (let depId in this.manifest.dependencies) {
|
|
if (this.manifest.dependencies[depId]?.config) {
|
|
await this.dependenciesAutoconfig(effects, depId, null)
|
|
}
|
|
}
|
|
await effects.setMainStatus({ status: "stopped" })
|
|
await this.exportActions(effects)
|
|
await this.exportNetwork(effects)
|
|
await this.containerSetDependencies(effects)
|
|
if (kind === "install" || kind === "update") {
|
|
await this.packageInit(effects, null)
|
|
}
|
|
}
|
|
async containerSetDependencies(effects: T.Effects) {
|
|
const oldDeps: Record<string, string[]> = Object.fromEntries(
|
|
await effects
|
|
.getDependencies()
|
|
.then((x) =>
|
|
x.flatMap((x) =>
|
|
x.kind === "running" ? [[x.id, x?.healthChecks || []]] : [],
|
|
),
|
|
)
|
|
.catch(() => []),
|
|
)
|
|
await this.setDependencies(effects, oldDeps, false)
|
|
}
|
|
|
|
async exit(): Promise<void> {
|
|
if (this.currentRunning) await this.currentRunning.clean()
|
|
delete this.currentRunning
|
|
}
|
|
|
|
async start(effects: T.Effects): Promise<void> {
|
|
effects.constRetry = utils.once(() => effects.restart())
|
|
if (!!this.currentRunning) return
|
|
|
|
this.currentRunning = await MainLoop.of(this, effects)
|
|
}
|
|
callCallback(_callback: number, _args: any[]): void {}
|
|
async stop(): Promise<void> {
|
|
const { currentRunning } = this
|
|
this.currentRunning?.clean()
|
|
delete this.currentRunning
|
|
if (currentRunning) {
|
|
await currentRunning.clean({
|
|
timeout: fromDuration(
|
|
(this.manifest.main["sigterm-timeout"] as any) || "30s",
|
|
),
|
|
})
|
|
}
|
|
}
|
|
|
|
async packageInit(effects: Effects, timeoutMs: number | null): Promise<void> {
|
|
const previousVersion = await getDataVersion(effects)
|
|
if (previousVersion) {
|
|
const migrationRes = await this.migration(
|
|
effects,
|
|
{ from: previousVersion },
|
|
timeoutMs,
|
|
)
|
|
if (migrationRes) {
|
|
if (migrationRes.configured)
|
|
await effects.action.clearTasks({ only: ["needs-config"] })
|
|
await configFile.write(
|
|
effects,
|
|
await this.getConfig(effects, timeoutMs),
|
|
)
|
|
}
|
|
} else if (this.manifest.config) {
|
|
await effects.action.createTask({
|
|
packageId: this.manifest.id,
|
|
actionId: "config",
|
|
severity: "critical",
|
|
replayId: "needs-config",
|
|
reason: "This service must be configured before it can be run",
|
|
})
|
|
}
|
|
|
|
await effects.setDataVersion({
|
|
version: this.version.toString(),
|
|
})
|
|
// @FullMetal: package hacks go here
|
|
}
|
|
async exportNetwork(effects: Effects) {
|
|
for (const [id, interfaceValue] of Object.entries(
|
|
this.manifest.interfaces,
|
|
)) {
|
|
const host = new MultiHost({ effects, id })
|
|
const internalPorts = new Set(
|
|
Object.values(interfaceValue["tor-config"]?.["port-mapping"] ?? {})
|
|
.map(Number.parseInt)
|
|
.concat(
|
|
...Object.values(interfaceValue["lan-config"] ?? {}).map(
|
|
(c) => c.internal,
|
|
),
|
|
)
|
|
.filter(Boolean),
|
|
)
|
|
const bindings = Array.from(internalPorts).map<
|
|
[number, BindOptionsByProtocol]
|
|
>((port) => {
|
|
const lanPort = Object.entries(interfaceValue["lan-config"] ?? {}).find(
|
|
([external, internal]) => internal.internal === port,
|
|
)?.[0]
|
|
const torPort = Object.entries(
|
|
interfaceValue["tor-config"]?.["port-mapping"] ?? {},
|
|
).find(
|
|
([external, internal]) => Number.parseInt(internal) === port,
|
|
)?.[0]
|
|
let addSsl: AddSslOptions | null = null
|
|
if (lanPort) {
|
|
const lanPortNum = Number.parseInt(lanPort)
|
|
if (lanPortNum === 443) {
|
|
return [port, { protocol: "http", preferredExternalPort: 80 }]
|
|
}
|
|
addSsl = {
|
|
preferredExternalPort: lanPortNum,
|
|
alpn: { specified: [] },
|
|
addXForwardedHeaders: false,
|
|
}
|
|
}
|
|
return [
|
|
port,
|
|
{
|
|
protocol: null,
|
|
secure: null,
|
|
preferredExternalPort: Number.parseInt(
|
|
torPort || lanPort || String(port),
|
|
),
|
|
addSsl,
|
|
},
|
|
]
|
|
})
|
|
|
|
await Promise.all(
|
|
bindings.map(async ([internal, options]) => {
|
|
if (internal == null) {
|
|
return
|
|
}
|
|
if (options?.preferredExternalPort == null) {
|
|
return
|
|
}
|
|
const origin = await host.bindPort(internal, options)
|
|
await origin.export([
|
|
new ServiceInterfaceBuilder({
|
|
effects,
|
|
name: interfaceValue.name,
|
|
id: `${id}-${internal}`,
|
|
description: interfaceValue.description,
|
|
type:
|
|
interfaceValue.ui &&
|
|
(origin.scheme === "http" || origin.sslScheme === "https")
|
|
? "ui"
|
|
: "api",
|
|
masked: false,
|
|
path: "",
|
|
schemeOverride: null,
|
|
query: {},
|
|
username: null,
|
|
}),
|
|
])
|
|
}),
|
|
)
|
|
}
|
|
}
|
|
async getActionInput(
|
|
effects: Effects,
|
|
actionId: string,
|
|
_prefill: Record<string, unknown> | null,
|
|
timeoutMs: number | null,
|
|
): Promise<T.ActionInput | null> {
|
|
if (actionId === "config") {
|
|
const config = await this.getConfig(effects, timeoutMs)
|
|
return {
|
|
eventId: effects.eventId!,
|
|
spec: config.spec,
|
|
value: config.config,
|
|
}
|
|
} else if (actionId === "properties") {
|
|
return null
|
|
} else {
|
|
const oldSpec = this.manifest.actions?.[actionId]?.["input-spec"]
|
|
if (!oldSpec) return null
|
|
return {
|
|
eventId: effects.eventId!,
|
|
spec: transformConfigSpec(oldSpec as OldConfigSpec),
|
|
value: null,
|
|
}
|
|
}
|
|
}
|
|
async runAction(
|
|
effects: Effects,
|
|
actionId: string,
|
|
input: unknown,
|
|
timeoutMs: number | null,
|
|
): Promise<T.ActionResult | null> {
|
|
if (actionId === "config") {
|
|
await this.setConfig(effects, input, timeoutMs)
|
|
return null
|
|
} else if (actionId === "properties") {
|
|
return {
|
|
version: "1",
|
|
title: "Properties",
|
|
message: null,
|
|
result: {
|
|
type: "group",
|
|
value: Object.entries(await this.properties(effects, timeoutMs)).map(
|
|
([name, value]) => convertProperties(name, value),
|
|
),
|
|
},
|
|
}
|
|
} else {
|
|
return this.action(effects, actionId, input, timeoutMs)
|
|
}
|
|
}
|
|
async exportActions(effects: Effects) {
|
|
const manifest = this.manifest
|
|
const actions = {
|
|
...manifest.actions,
|
|
}
|
|
if (manifest.config) {
|
|
actions.config = {
|
|
name: "Configure",
|
|
description: `Customize ${manifest.title}`,
|
|
"allowed-statuses": ["running", "stopped"],
|
|
"input-spec": {},
|
|
implementation: { type: "script", args: [] },
|
|
}
|
|
}
|
|
if (manifest.properties) {
|
|
actions.properties = {
|
|
name: "Properties",
|
|
description:
|
|
"Runtime information, credentials, and other values of interest",
|
|
"allowed-statuses": ["running", "stopped"],
|
|
"input-spec": null,
|
|
implementation: { type: "script", args: [] },
|
|
}
|
|
}
|
|
for (const [actionId, action] of Object.entries(actions)) {
|
|
const hasRunning = !!action["allowed-statuses"].find(
|
|
(x) => x === "running",
|
|
)
|
|
const hasStopped = !!action["allowed-statuses"].find(
|
|
(x) => x === "stopped",
|
|
)
|
|
// prettier-ignore
|
|
const allowedStatuses = hasRunning && hasStopped ? "any":
|
|
hasRunning ? "only-running" :
|
|
"only-stopped"
|
|
await effects.action.export({
|
|
id: actionId,
|
|
metadata: {
|
|
name: action.name,
|
|
description: action.description,
|
|
warning: action.warning || null,
|
|
visibility: "enabled",
|
|
allowedStatuses,
|
|
hasInput: !!action["input-spec"],
|
|
group: null,
|
|
},
|
|
})
|
|
}
|
|
await effects.action.clear({ except: Object.keys(actions) })
|
|
}
|
|
async uninit(
|
|
effects: Effects,
|
|
target: ExtendedVersion | VersionRange | null,
|
|
timeoutMs?: number | null,
|
|
): Promise<void> {
|
|
await this.currentRunning?.clean({ timeout: timeoutMs ?? undefined })
|
|
if (target) {
|
|
await this.migration(effects, { to: target }, timeoutMs ?? null)
|
|
}
|
|
await effects.setMainStatus({ status: "stopped" })
|
|
}
|
|
|
|
async createBackup(
|
|
effects: Effects,
|
|
timeoutMs: number | null,
|
|
): Promise<void> {
|
|
const backup = this.manifest.backup.create as Procedure
|
|
if (backup.type === "docker") {
|
|
const commands = [backup.entrypoint, ...backup.args]
|
|
const container = await DockerProcedureContainer.of(
|
|
effects,
|
|
this.manifest.id,
|
|
backup,
|
|
{
|
|
...this.manifest.volumes,
|
|
BACKUP: { type: "backup", readonly: false },
|
|
},
|
|
`Backup - ${commands.join(" ")}`,
|
|
)
|
|
await container.execFail(commands, timeoutMs)
|
|
} else {
|
|
const moduleCode = await this.moduleCode
|
|
await moduleCode.createBackup?.(polyfillEffects(effects, this.manifest))
|
|
}
|
|
const dataVersion = await effects.getDataVersion()
|
|
if (dataVersion)
|
|
await fs.writeFile("/media/startos/backup/dataVersion.txt", dataVersion, {
|
|
encoding: "utf-8",
|
|
})
|
|
}
|
|
async restoreBackup(
|
|
effects: Effects,
|
|
timeoutMs: number | null,
|
|
): Promise<void> {
|
|
const store = await fs
|
|
.readFile("/media/startos/backup/store.json", {
|
|
encoding: "utf-8",
|
|
})
|
|
.catch((_) => null)
|
|
const restoreBackup = this.manifest.backup.restore as Procedure
|
|
if (restoreBackup.type === "docker") {
|
|
const commands = [restoreBackup.entrypoint, ...restoreBackup.args]
|
|
const container = await DockerProcedureContainer.of(
|
|
effects,
|
|
this.manifest.id,
|
|
restoreBackup,
|
|
{
|
|
...this.manifest.volumes,
|
|
BACKUP: { type: "backup", readonly: true },
|
|
},
|
|
`Restore Backup - ${commands.join(" ")}`,
|
|
)
|
|
await container.execFail(commands, timeoutMs)
|
|
} else {
|
|
const moduleCode = await this.moduleCode
|
|
await moduleCode.restoreBackup?.(polyfillEffects(effects, this.manifest))
|
|
}
|
|
|
|
const dataVersion = await fs
|
|
.readFile("/media/startos/backup/dataVersion.txt", {
|
|
encoding: "utf-8",
|
|
})
|
|
.catch((_) => null)
|
|
if (dataVersion) await effects.setDataVersion({ version: dataVersion })
|
|
}
|
|
async getConfig(effects: Effects, timeoutMs: number | null) {
|
|
return this.getConfigUncleaned(effects, timeoutMs).then(convertToNewConfig)
|
|
}
|
|
private async getConfigUncleaned(
|
|
effects: Effects,
|
|
timeoutMs: number | null,
|
|
): Promise<OldGetConfigRes> {
|
|
const config = this.manifest.config?.get as Procedure | undefined
|
|
if (!config) return { spec: {} }
|
|
if (config.type === "docker") {
|
|
const commands = [config.entrypoint, ...config.args]
|
|
const container = await DockerProcedureContainer.of(
|
|
effects,
|
|
this.manifest.id,
|
|
config,
|
|
this.manifest.volumes,
|
|
`Get Config - ${commands.join(" ")}`,
|
|
)
|
|
// TODO: yaml
|
|
return JSON.parse(
|
|
(await container.execFail(commands, timeoutMs)).stdout.toString(),
|
|
)
|
|
} else {
|
|
const moduleCode = await this.moduleCode
|
|
const method = moduleCode.getConfig
|
|
if (!method) throw new Error("Expecting that the method getConfig exists")
|
|
return (await method(polyfillEffects(effects, this.manifest)).then(
|
|
(x) => {
|
|
if ("result" in x) return JSON.parse(JSON.stringify(x.result))
|
|
if ("error" in x) throw new Error("Error getting config: " + x.error)
|
|
throw new Error("Error getting config: " + x["error-code"][1])
|
|
},
|
|
)) as any
|
|
}
|
|
}
|
|
async setConfig(
|
|
effects: Effects,
|
|
newConfigWithoutPointers: unknown,
|
|
timeoutMs: number | null,
|
|
): Promise<void> {
|
|
const spec = await this.getConfigUncleaned(effects, timeoutMs).then(
|
|
(x) => x.spec,
|
|
)
|
|
const newConfig = transformNewConfigToOld(
|
|
spec,
|
|
structuredClone(newConfigWithoutPointers as Record<string, unknown>),
|
|
)
|
|
await updateConfig(effects, this.manifest, spec, newConfig)
|
|
await configFile.write(effects, newConfig)
|
|
const setConfigValue = this.manifest.config?.set as Procedure | undefined
|
|
if (!setConfigValue) return
|
|
if (setConfigValue.type === "docker") {
|
|
const commands = [
|
|
setConfigValue.entrypoint,
|
|
...setConfigValue.args,
|
|
JSON.stringify(newConfig),
|
|
]
|
|
const container = await DockerProcedureContainer.of(
|
|
effects,
|
|
this.manifest.id,
|
|
setConfigValue,
|
|
this.manifest.volumes,
|
|
`Set Config - ${commands.join(" ")}`,
|
|
)
|
|
const answer = matchSetResult.parse(
|
|
JSON.parse(
|
|
(await container.execFail(commands, timeoutMs)).stdout.toString(),
|
|
),
|
|
)
|
|
const dependsOn = answer["depends-on"] ?? answer.dependsOn ?? {}
|
|
await this.setDependencies(effects, dependsOn, true)
|
|
return
|
|
} else if (setConfigValue.type === "script") {
|
|
const moduleCode = await this.moduleCode
|
|
const method = moduleCode.setConfig
|
|
if (!method) throw new Error("Expecting that the method setConfig exists")
|
|
|
|
const answer = matchSetResult.parse(
|
|
await method(
|
|
polyfillEffects(effects, this.manifest),
|
|
newConfig as U.Config,
|
|
).then((x): T.SetResult => {
|
|
if ("result" in x)
|
|
return {
|
|
dependsOn: x.result["depends-on"],
|
|
signal:
|
|
x.result.signal === "SIGEMT" ? "SIGTERM" : x.result.signal,
|
|
}
|
|
if ("error" in x) throw new Error("Error getting config: " + x.error)
|
|
throw new Error("Error getting config: " + x["error-code"][1])
|
|
}),
|
|
)
|
|
const dependsOn = answer["depends-on"] ?? answer.dependsOn ?? {}
|
|
await this.setDependencies(effects, dependsOn, true)
|
|
return
|
|
}
|
|
}
|
|
private async setDependencies(
|
|
effects: Effects,
|
|
rawDepends: { [x: string]: readonly string[] },
|
|
configuring: boolean,
|
|
) {
|
|
const storedDependsOn = await dependsOnFile.read().once()
|
|
const requiredDeps = {
|
|
...Object.fromEntries(
|
|
Object.entries(this.manifest.dependencies ?? {})
|
|
.filter(
|
|
([k, v]) =>
|
|
(v?.requirement as { type: string } | undefined)?.type ===
|
|
"required",
|
|
)
|
|
.map((x) => [x[0], []]) || [],
|
|
),
|
|
}
|
|
|
|
const dependsOn: Record<string, readonly string[]> = configuring
|
|
? {
|
|
...requiredDeps,
|
|
...rawDepends,
|
|
}
|
|
: storedDependsOn
|
|
? storedDependsOn
|
|
: requiredDeps
|
|
|
|
await dependsOnFile.write(effects, dependsOn)
|
|
|
|
await effects.setDependencies({
|
|
dependencies: Object.entries(dependsOn).flatMap(
|
|
([key, value]): T.Dependencies => {
|
|
const dependency = this.manifest.dependencies?.[key]
|
|
if (!dependency) return []
|
|
const versionRange = dependency.version
|
|
const kind = "running"
|
|
return [
|
|
{
|
|
id: key,
|
|
versionRange,
|
|
kind,
|
|
healthChecks: [...value],
|
|
},
|
|
]
|
|
},
|
|
),
|
|
})
|
|
}
|
|
|
|
async migration(
|
|
effects: Effects,
|
|
version:
|
|
| { from: VersionRange | ExtendedVersion }
|
|
| { to: VersionRange | ExtendedVersion },
|
|
timeoutMs: number | null,
|
|
): Promise<{ configured: boolean } | null> {
|
|
let migration
|
|
let args: [string, ...string[]]
|
|
if ("from" in version) {
|
|
if (overlaps(this.version, version.from)) return null
|
|
args = [version.from.toString(), "from"]
|
|
if (!this.manifest.migrations) return { configured: true }
|
|
migration = Object.entries(this.manifest.migrations.from)
|
|
.map(
|
|
([version, procedure]) =>
|
|
[VersionRange.parseEmver(version), procedure] as const,
|
|
)
|
|
.find(([versionEmver, _]) => overlaps(versionEmver, version.from))
|
|
} else {
|
|
if (overlaps(this.version, version.to)) return null
|
|
args = [version.to.toString(), "to"]
|
|
if (!this.manifest.migrations) return { configured: true }
|
|
migration = Object.entries(this.manifest.migrations.to)
|
|
.map(
|
|
([version, procedure]) =>
|
|
[VersionRange.parseEmver(version), procedure] as const,
|
|
)
|
|
.find(([versionEmver, _]) => overlaps(versionEmver, version.to))
|
|
}
|
|
|
|
if (migration) {
|
|
const [_, procedure] = migration as readonly [unknown, Procedure]
|
|
if (procedure.type === "docker") {
|
|
const commands = [procedure.entrypoint, ...procedure.args]
|
|
const container = await DockerProcedureContainer.of(
|
|
effects,
|
|
this.manifest.id,
|
|
procedure,
|
|
this.manifest.volumes,
|
|
`Migration - ${commands.join(" ")}`,
|
|
)
|
|
return JSON.parse(
|
|
(
|
|
await container.execFail(commands, timeoutMs, {
|
|
input: JSON.stringify(args[0]),
|
|
})
|
|
).stdout.toString(),
|
|
)
|
|
} else if (procedure.type === "script") {
|
|
const moduleCode = await this.moduleCode
|
|
const method = moduleCode.migration
|
|
if (!method)
|
|
throw new Error("Expecting that the method migration exists")
|
|
return (await method(
|
|
polyfillEffects(effects, this.manifest),
|
|
...args,
|
|
).then((x) => {
|
|
if ("result" in x) return x.result
|
|
if ("error" in x) throw new Error("Error getting config: " + x.error)
|
|
throw new Error("Error getting config: " + x["error-code"][1])
|
|
})) as any
|
|
}
|
|
}
|
|
return null
|
|
}
|
|
async properties(
|
|
effects: Effects,
|
|
timeoutMs: number | null,
|
|
): Promise<PropertiesReturn> {
|
|
const setConfigValue = this.manifest.properties as
|
|
| Procedure
|
|
| null
|
|
| undefined
|
|
if (!setConfigValue) throw new Error("There is no properties")
|
|
if (setConfigValue.type === "docker") {
|
|
const commands = [setConfigValue.entrypoint, ...setConfigValue.args]
|
|
const container = await DockerProcedureContainer.of(
|
|
effects,
|
|
this.manifest.id,
|
|
setConfigValue,
|
|
this.manifest.volumes,
|
|
`Properties - ${commands.join(" ")}`,
|
|
)
|
|
const properties = matchProperties.parse(
|
|
JSON.parse(
|
|
(await container.execFail(commands, timeoutMs)).stdout.toString(),
|
|
),
|
|
)
|
|
return asProperty(properties.data)
|
|
} else if (setConfigValue.type === "script") {
|
|
const moduleCode = this.moduleCode
|
|
const method = moduleCode.properties
|
|
if (!method)
|
|
throw new Error("Expecting that the method properties exists")
|
|
const properties = matchProperties.parse(
|
|
await method(polyfillEffects(effects, this.manifest)).then(
|
|
fromReturnType,
|
|
),
|
|
)
|
|
return asProperty(properties.data)
|
|
}
|
|
throw new Error(`Unknown type in the fetch properties: ${setConfigValue}`)
|
|
}
|
|
async action(
|
|
effects: Effects,
|
|
actionId: string,
|
|
formData: unknown,
|
|
timeoutMs: number | null,
|
|
): Promise<T.ActionResult> {
|
|
const actionProcedure = this.manifest.actions?.[actionId]
|
|
?.implementation as Procedure | undefined
|
|
const toActionResult = ({
|
|
message,
|
|
value,
|
|
copyable,
|
|
qr,
|
|
}: U.ActionResult): T.ActionResult => ({
|
|
version: "0",
|
|
message,
|
|
value: value ?? null,
|
|
copyable,
|
|
qr,
|
|
})
|
|
if (!actionProcedure) throw Error("Action not found")
|
|
if (actionProcedure.type === "docker") {
|
|
const subcontainer = actionProcedure.inject
|
|
? this.currentRunning?.mainSubContainerHandle
|
|
: undefined
|
|
|
|
const env: Record<string, string> = actionProcedure.inject
|
|
? {
|
|
HOME: "/root",
|
|
}
|
|
: {}
|
|
const container = await DockerProcedureContainer.of(
|
|
effects,
|
|
this.manifest.id,
|
|
actionProcedure,
|
|
this.manifest.volumes,
|
|
`Action ${actionId}`,
|
|
{
|
|
subcontainer,
|
|
},
|
|
)
|
|
return toActionResult(
|
|
JSON.parse(
|
|
(
|
|
await container.execFail(
|
|
[
|
|
actionProcedure.entrypoint,
|
|
...actionProcedure.args,
|
|
JSON.stringify(formData),
|
|
],
|
|
timeoutMs,
|
|
{ env },
|
|
)
|
|
).stdout.toString(),
|
|
),
|
|
)
|
|
} else {
|
|
const moduleCode = await this.moduleCode
|
|
const method = moduleCode.action?.[actionId]
|
|
if (!method) throw new Error("Expecting that the method action exists")
|
|
return await method(
|
|
polyfillEffects(effects, this.manifest),
|
|
formData as any,
|
|
)
|
|
.then(fromReturnType)
|
|
.then(toActionResult)
|
|
}
|
|
}
|
|
async dependenciesCheck(
|
|
effects: Effects,
|
|
id: string,
|
|
oldConfig: unknown,
|
|
timeoutMs: number | null,
|
|
): Promise<object> {
|
|
const actionProcedure = this.manifest.dependencies?.[id]?.config?.check as
|
|
| Procedure
|
|
| undefined
|
|
if (!actionProcedure) return { message: "Action not found", value: null }
|
|
if (actionProcedure.type === "docker") {
|
|
const commands = [
|
|
actionProcedure.entrypoint,
|
|
...actionProcedure.args,
|
|
JSON.stringify(oldConfig),
|
|
]
|
|
const container = await DockerProcedureContainer.of(
|
|
effects,
|
|
this.manifest.id,
|
|
actionProcedure,
|
|
this.manifest.volumes,
|
|
`Dependencies Check - ${commands.join(" ")}`,
|
|
)
|
|
return JSON.parse(
|
|
(await container.execFail(commands, timeoutMs)).stdout.toString(),
|
|
)
|
|
} else if (actionProcedure.type === "script") {
|
|
const moduleCode = await this.moduleCode
|
|
const method = moduleCode.dependencies?.[id]?.check
|
|
if (!method)
|
|
throw new Error(
|
|
`Expecting that the method dependency check ${id} exists`,
|
|
)
|
|
return (await method(
|
|
polyfillEffects(effects, this.manifest),
|
|
oldConfig as any,
|
|
).then((x) => {
|
|
if ("result" in x) return x.result
|
|
if ("error" in x) throw new Error("Error getting config: " + x.error)
|
|
throw new Error("Error getting config: " + x["error-code"][1])
|
|
})) as any
|
|
} else {
|
|
return {}
|
|
}
|
|
}
|
|
async dependenciesAutoconfig(
|
|
effects: Effects,
|
|
id: string,
|
|
timeoutMs: number | null,
|
|
): Promise<void> {
|
|
// TODO: docker
|
|
await effects.mount({
|
|
location: `/media/embassy/${id}`,
|
|
target: {
|
|
packageId: id,
|
|
volumeId: "embassy",
|
|
subpath: null,
|
|
readonly: true,
|
|
idmap: [],
|
|
},
|
|
})
|
|
configFile
|
|
.withPath(`/media/embassy/${id}/config.json`)
|
|
.read()
|
|
.onChange(effects, async (oldConfig: U.Config) => {
|
|
if (!oldConfig) return { cancel: false }
|
|
const moduleCode = await this.moduleCode
|
|
const method = moduleCode?.dependencies?.[id]?.autoConfigure
|
|
if (!method) return { cancel: true }
|
|
const newConfig = (await method(
|
|
polyfillEffects(effects, this.manifest),
|
|
JSON.parse(JSON.stringify(oldConfig)),
|
|
).then((x) => {
|
|
if ("result" in x) return x.result
|
|
if ("error" in x) throw new Error("Error getting config: " + x.error)
|
|
throw new Error("Error getting config: " + x["error-code"][1])
|
|
})) as any
|
|
const diff = partialDiff(oldConfig, newConfig)
|
|
if (diff) {
|
|
await effects.action.createTask({
|
|
actionId: "config",
|
|
packageId: id,
|
|
replayId: `${id}/config`,
|
|
severity: "important",
|
|
reason: `Configure this dependency for the needs of ${this.manifest.title}`,
|
|
input: {
|
|
kind: "partial",
|
|
value: diff.diff,
|
|
},
|
|
when: {
|
|
condition: "input-not-matches",
|
|
once: false,
|
|
},
|
|
})
|
|
}
|
|
return { cancel: false }
|
|
})
|
|
}
|
|
}
|
|
|
|
const matchPointer = z.object({
|
|
type: z.literal("pointer"),
|
|
})
|
|
|
|
const matchPointerPackage = z.object({
|
|
subtype: z.literal("package"),
|
|
target: z.enum(["tor-key", "tor-address", "lan-address"]),
|
|
"package-id": z.string(),
|
|
interface: z.string(),
|
|
})
|
|
const matchPointerConfig = z.object({
|
|
subtype: z.literal("package"),
|
|
target: z.enum(["config"]),
|
|
"package-id": z.string(),
|
|
selector: z.string(),
|
|
multi: z.boolean(),
|
|
})
|
|
const matchSpec = z.object({
|
|
spec: z.record(z.string(), z.unknown()),
|
|
})
|
|
const matchVariants = z.object({ variants: z.record(z.string(), z.unknown()) })
|
|
function isMatchPointer(v: unknown): v is z.infer<typeof matchPointer> {
|
|
return matchPointer.safeParse(v).success
|
|
}
|
|
function isMatchSpec(v: unknown): v is z.infer<typeof matchSpec> {
|
|
return matchSpec.safeParse(v).success
|
|
}
|
|
function isMatchVariants(v: unknown): v is z.infer<typeof matchVariants> {
|
|
return matchVariants.safeParse(v).success
|
|
}
|
|
function cleanSpecOfPointers<T>(mutSpec: T): T {
|
|
if (typeof mutSpec !== "object" || mutSpec === null) return mutSpec
|
|
for (const key in mutSpec) {
|
|
const value = mutSpec[key]
|
|
if (isMatchSpec(value))
|
|
value.spec = cleanSpecOfPointers(value.spec) as Record<string, unknown>
|
|
if (isMatchVariants(value))
|
|
value.variants = Object.fromEntries(
|
|
Object.entries(value.variants).map(([key, value]) => [
|
|
key,
|
|
cleanSpecOfPointers(value),
|
|
]),
|
|
)
|
|
if (!isMatchPointer(value)) continue
|
|
delete mutSpec[key]
|
|
// // if (value.target === )
|
|
}
|
|
|
|
return mutSpec
|
|
}
|
|
function isKeyOf<O extends object>(
|
|
key: string,
|
|
ofObject: O,
|
|
): key is keyof O & string {
|
|
return key in ofObject
|
|
}
|
|
|
|
// prettier-ignore
|
|
type CleanConfigFromPointers<C, S> =
|
|
[C, S] extends [object, object] ? {
|
|
[K in (keyof C & keyof S ) & string]: (
|
|
S[K] extends {type: "pointer"} ? never :
|
|
S[K] extends {spec: object & infer B} ? CleanConfigFromPointers<C[K], B> :
|
|
C[K]
|
|
)
|
|
} :
|
|
null
|
|
|
|
async function updateConfig(
|
|
effects: Effects,
|
|
manifest: Manifest,
|
|
spec: OldConfigSpec,
|
|
mutConfigValue: Record<string, unknown>,
|
|
) {
|
|
for (const key in spec) {
|
|
const specValue = spec[key]
|
|
|
|
if (specValue.type === "object") {
|
|
await updateConfig(
|
|
effects,
|
|
manifest,
|
|
specValue.spec as OldConfigSpec,
|
|
mutConfigValue[key] as Record<string, unknown>,
|
|
)
|
|
} else if (specValue.type === "list" && specValue.subtype === "object") {
|
|
const list = mutConfigValue[key] as unknown[]
|
|
for (let val of list) {
|
|
await updateConfig(
|
|
effects,
|
|
manifest,
|
|
{ ...(specValue.spec as any), type: "object" as const },
|
|
val as Record<string, unknown>,
|
|
)
|
|
}
|
|
} else if (specValue.type === "union") {
|
|
const union = mutConfigValue[key] as Record<string, unknown>
|
|
await updateConfig(
|
|
effects,
|
|
manifest,
|
|
specValue.variants[union[specValue.tag.id] as string] as OldConfigSpec,
|
|
mutConfigValue[key] as Record<string, unknown>,
|
|
)
|
|
} else if (
|
|
specValue.type === "pointer" &&
|
|
specValue.subtype === "package"
|
|
) {
|
|
if (specValue.target === "config") {
|
|
const jp = require("jsonpath")
|
|
const depId = specValue["package-id"]
|
|
await effects.mount({
|
|
location: `/media/embassy/${depId}`,
|
|
target: {
|
|
packageId: depId,
|
|
volumeId: "embassy",
|
|
subpath: null,
|
|
readonly: true,
|
|
idmap: [],
|
|
},
|
|
})
|
|
const remoteConfig = configFile
|
|
.withPath(`/media/embassy/${depId}/config.json`)
|
|
.read()
|
|
.once()
|
|
console.debug(remoteConfig)
|
|
const configValue = specValue.multi
|
|
? jp.query(remoteConfig, specValue.selector)
|
|
: jp.query(remoteConfig, specValue.selector, 1)[0]
|
|
mutConfigValue[key] = configValue === undefined ? null : configValue
|
|
} else if (specValue.target === "tor-key") {
|
|
throw new Error("This service uses an unsupported target TorKey")
|
|
} else {
|
|
const specInterface = specValue.interface
|
|
const serviceInterfaceId = extractServiceInterfaceId(
|
|
manifest,
|
|
specInterface,
|
|
)
|
|
if (!serviceInterfaceId) {
|
|
mutConfigValue[key] = ""
|
|
return
|
|
}
|
|
const filled = await utils
|
|
.getServiceInterface(effects, {
|
|
packageId: specValue["package-id"],
|
|
id: serviceInterfaceId,
|
|
})
|
|
.once()
|
|
.catch((x) => {
|
|
console.error(
|
|
"Could not get the service interface",
|
|
utils.asError(x),
|
|
)
|
|
return null
|
|
})
|
|
const catchFn = <X>(fn: () => X) => {
|
|
try {
|
|
return fn()
|
|
} catch (e) {
|
|
return undefined
|
|
}
|
|
}
|
|
const url: string =
|
|
filled === null || filled.addressInfo === null
|
|
? ""
|
|
: catchFn(
|
|
() =>
|
|
filled.addressInfo!.filter({ kind: "mdns" })!.hostnames[0]
|
|
.hostname,
|
|
) || ""
|
|
mutConfigValue[key] = url
|
|
}
|
|
}
|
|
}
|
|
}
|
|
function extractServiceInterfaceId(manifest: Manifest, specInterface: string) {
|
|
const internalPort =
|
|
Object.entries(
|
|
manifest.interfaces[specInterface]?.["lan-config"] || {},
|
|
)[0]?.[1]?.internal ||
|
|
Object.entries(
|
|
manifest.interfaces[specInterface]?.["tor-config"]?.["port-mapping"] ||
|
|
{},
|
|
)?.[0]?.[1]
|
|
|
|
if (!internalPort) return null
|
|
const serviceInterfaceId = `${specInterface}-${internalPort}`
|
|
return serviceInterfaceId
|
|
}
|
|
async function convertToNewConfig(value: OldGetConfigRes) {
|
|
try {
|
|
const valueSpec: OldConfigSpec = matchOldConfigSpec.parse(value.spec)
|
|
const spec = transformConfigSpec(valueSpec)
|
|
if (!value.config) return { spec, config: null }
|
|
const config = transformOldConfigToNew(valueSpec, value.config) ?? null
|
|
return { spec, config }
|
|
} catch (e) {
|
|
console.error(e)
|
|
throw e
|
|
}
|
|
}
|