bastion/nginx-proxy-manager
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

v2.1.0 (#293)

Browse Source 
* Fix wrapping when too many hosts are shown (#207)

* Update npm packages, fixes CVE-2019-10757

* Revert some breaking packages

* Major overhaul

- Docker buildx support in CI
- Cypress API Testing in CI
- Restructured folder layout (insert clean face meme)
- Added Swagger documentation and validate API against that (to be completed)
- Use common base image for all supported archs, which includes updated nginx with ipv6 support
- Updated certbot and changes required for it
- Large amount of Hosts names will wrap in UI
- Updated packages for frontend
- Version bump 2.1.0

* Updated documentation

* Fix JWT expire time going crazy. Now set to 1day

* Backend JS formatting rules

* Remove v1 importer, I doubt anyone is using v1 anymore

* Added backend formatting rules and enforce them
in Jenkins builds

* Fix CI, doesn't need a tty

* Thanks bcrypt. Why can't you just be normal.

* Cleanup after syntax check

Co-authored-by: Marcelo Castagna <margaale@users.noreply.github.com>
This commit is contained in:
jc21
2020-02-19 15:55:06 +11:00
committed by GitHub
parent bf036cbb88
commit bb0f4bfa62
517 changed files with 26256 additions and 11724 deletions
Download Patch File Download Diff File Expand all files Collapse all files

81
backend/models/access_list.js Normal file
View File

@ -0,0 +1,81 @@
// Objection Docs:
// http://vincit.github.io/objection.js/
const db = require('../db');
const Model = require('objection').Model;
const User = require('./user');
const AccessListAuth = require('./access_list_auth');
Model.knex(db);
class AccessList extends Model {
$beforeInsert () {
this.created_on = Model.raw('NOW()');
this.modified_on = Model.raw('NOW()');
// Default for meta
if (typeof this.meta === 'undefined') {
this.meta = {};
}
}
$beforeUpdate () {
this.modified_on = Model.raw('NOW()');
}
static get name () {
return 'AccessList';
}
static get tableName () {
return 'access_list';
}
static get jsonAttributes () {
return ['meta'];
}
static get relationMappings () {
const ProxyHost = require('./proxy_host');
return {
owner: {
relation: Model.HasOneRelation,
modelClass: User,
join: {
from: 'access_list.owner_user_id',
to: 'user.id'
},
modify: function (qb) {
qb.where('user.is_deleted', 0);
qb.omit(['id', 'created_on', 'modified_on', 'is_deleted', 'email', 'roles']);
}
},
items: {
relation: Model.HasManyRelation,
modelClass: AccessListAuth,
join: {
from: 'access_list.id',
to: 'access_list_auth.access_list_id'
},
modify: function (qb) {
qb.omit(['id', 'created_on', 'modified_on', 'access_list_id', 'meta']);
}
},
proxy_hosts: {
relation: Model.HasManyRelation,
modelClass: ProxyHost,
join: {
from: 'access_list.id',
to: 'proxy_host.access_list_id'
},
modify: function (qb) {
qb.where('proxy_host.is_deleted', 0);
qb.omit(['is_deleted', 'meta']);
}
}
};
}
}
module.exports = AccessList;

54
backend/models/access_list_auth.js Normal file
View File

@ -0,0 +1,54 @@
// Objection Docs:
// http://vincit.github.io/objection.js/
const db = require('../db');
const Model = require('objection').Model;
Model.knex(db);
class AccessListAuth extends Model {
$beforeInsert () {
this.created_on = Model.raw('NOW()');
this.modified_on = Model.raw('NOW()');
// Default for meta
if (typeof this.meta === 'undefined') {
this.meta = {};
}
}
$beforeUpdate () {
this.modified_on = Model.raw('NOW()');
}
static get name () {
return 'AccessListAuth';
}
static get tableName () {
return 'access_list_auth';
}
static get jsonAttributes () {
return ['meta'];
}
static get relationMappings () {
return {
access_list: {
relation: Model.HasOneRelation,
modelClass: require('./access_list'),
join: {
from: 'access_list_auth.access_list_id',
to: 'access_list.id'
},
modify: function (qb) {
qb.where('access_list.is_deleted', 0);
qb.omit(['created_on', 'modified_on', 'is_deleted', 'access_list_id']);
}
}
};
}
}
module.exports = AccessListAuth;

54
backend/models/audit-log.js Normal file
View File

@ -0,0 +1,54 @@
// Objection Docs:
// http://vincit.github.io/objection.js/
const db = require('../db');
const Model = require('objection').Model;
const User = require('./user');
Model.knex(db);
class AuditLog extends Model {
$beforeInsert () {
this.created_on = Model.raw('NOW()');
this.modified_on = Model.raw('NOW()');
// Default for meta
if (typeof this.meta === 'undefined') {
this.meta = {};
}
}
$beforeUpdate () {
this.modified_on = Model.raw('NOW()');
}
static get name () {
return 'AuditLog';
}
static get tableName () {
return 'audit_log';
}
static get jsonAttributes () {
return ['meta'];
}
static get relationMappings () {
return {
user: {
relation: Model.HasOneRelation,
modelClass: User,
join: {
from: 'audit_log.user_id',
to: 'user.id'
},
modify: function (qb) {
qb.omit(['id', 'created_on', 'modified_on', 'roles']);
}
}
};
}
}
module.exports = AuditLog;

85
backend/models/auth.js Normal file
View File

@ -0,0 +1,85 @@
// Objection Docs:
// http://vincit.github.io/objection.js/
const bcrypt = require('bcrypt');
const db = require('../db');
const Model = require('objection').Model;
const User = require('./user');
Model.knex(db);
function encryptPassword () {
/* jshint -W040 */
let _this = this;
if (_this.type === 'password' && _this.secret) {
return bcrypt.hash(_this.secret, 13)
.then(function (hash) {
_this.secret = hash;
});
}
return null;
}
class Auth extends Model {
$beforeInsert (queryContext) {
this.created_on = Model.raw('NOW()');
this.modified_on = Model.raw('NOW()');
// Default for meta
if (typeof this.meta === 'undefined') {
this.meta = {};
}
return encryptPassword.apply(this, queryContext);
}
$beforeUpdate (queryContext) {
this.modified_on = Model.raw('NOW()');
return encryptPassword.apply(this, queryContext);
}
/**
* Verify a plain password against the encrypted password
*
* @param {String} password
* @returns {Promise}
*/
verifyPassword (password) {
return bcrypt.compare(password, this.secret);
}
static get name () {
return 'Auth';
}
static get tableName () {
return 'auth';
}
static get jsonAttributes () {
return ['meta'];
}
static get relationMappings () {
return {
user: {
relation: Model.HasOneRelation,
modelClass: User,
join: {
from: 'auth.user_id',
to: 'user.id'
},
filter: {
is_deleted: 0
},
modify: function (qb) {
qb.omit(['is_deleted']);
}
}
};
}
}
module.exports = Auth;

72
backend/models/certificate.js Normal file
View File

@ -0,0 +1,72 @@
// Objection Docs:
// http://vincit.github.io/objection.js/
const db = require('../db');
const Model = require('objection').Model;
const User = require('./user');
Model.knex(db);
class Certificate extends Model {
$beforeInsert () {
this.created_on = Model.raw('NOW()');
this.modified_on = Model.raw('NOW()');
// Default for expires_on
if (typeof this.expires_on === 'undefined') {
this.expires_on = Model.raw('NOW()');
}
// Default for domain_names
if (typeof this.domain_names === 'undefined') {
this.domain_names = [];
}
// Default for meta
if (typeof this.meta === 'undefined') {
this.meta = {};
}
this.domain_names.sort();
}
$beforeUpdate () {
this.modified_on = Model.raw('NOW()');
// Sort domain_names
if (typeof this.domain_names !== 'undefined') {
this.domain_names.sort();
}
}
static get name () {
return 'Certificate';
}
static get tableName () {
return 'certificate';
}
static get jsonAttributes () {
return ['domain_names', 'meta'];
}
static get relationMappings () {
return {
owner: {
relation: Model.HasOneRelation,
modelClass: User,
join: {
from: 'certificate.owner_user_id',
to: 'user.id'
},
modify: function (qb) {
qb.where('user.is_deleted', 0);
qb.omit(['id', 'created_on', 'modified_on', 'is_deleted', 'email', 'roles']);
}
}
};
}
}
module.exports = Certificate;

80
backend/models/dead_host.js Normal file
View File

@ -0,0 +1,80 @@
// Objection Docs:
// http://vincit.github.io/objection.js/
const db = require('../db');
const Model = require('objection').Model;
const User = require('./user');
const Certificate = require('./certificate');
Model.knex(db);
class DeadHost extends Model {
$beforeInsert () {
this.created_on = Model.raw('NOW()');
this.modified_on = Model.raw('NOW()');
// Default for domain_names
if (typeof this.domain_names === 'undefined') {
this.domain_names = [];
}
// Default for meta
if (typeof this.meta === 'undefined') {
this.meta = {};
}
this.domain_names.sort();
}
$beforeUpdate () {
this.modified_on = Model.raw('NOW()');
// Sort domain_names
if (typeof this.domain_names !== 'undefined') {
this.domain_names.sort();
}
}
static get name () {
return 'DeadHost';
}
static get tableName () {
return 'dead_host';
}
static get jsonAttributes () {
return ['domain_names', 'meta'];
}
static get relationMappings () {
return {
owner: {
relation: Model.HasOneRelation,
modelClass: User,
join: {
from: 'dead_host.owner_user_id',
to: 'user.id'
},
modify: function (qb) {
qb.where('user.is_deleted', 0);
qb.omit(['id', 'created_on', 'modified_on', 'is_deleted', 'email', 'roles']);
}
},
certificate: {
relation: Model.HasOneRelation,
modelClass: Certificate,
join: {
from: 'dead_host.certificate_id',
to: 'certificate.id'
},
modify: function (qb) {
qb.where('certificate.is_deleted', 0);
qb.omit(['id', 'created_on', 'modified_on', 'is_deleted']);
}
}
};
}
}
module.exports = DeadHost;

93
backend/models/proxy_host.js Normal file
View File

@ -0,0 +1,93 @@
// Objection Docs:
// http://vincit.github.io/objection.js/
const db = require('../db');
const Model = require('objection').Model;
const User = require('./user');
const AccessList = require('./access_list');
const Certificate = require('./certificate');
Model.knex(db);
class ProxyHost extends Model {
$beforeInsert () {
this.created_on = Model.raw('NOW()');
this.modified_on = Model.raw('NOW()');
// Default for domain_names
if (typeof this.domain_names === 'undefined') {
this.domain_names = [];
}
// Default for meta
if (typeof this.meta === 'undefined') {
this.meta = {};
}
this.domain_names.sort();
}
$beforeUpdate () {
this.modified_on = Model.raw('NOW()');
// Sort domain_names
if (typeof this.domain_names !== 'undefined') {
this.domain_names.sort();
}
}
static get name () {
return 'ProxyHost';
}
static get tableName () {
return 'proxy_host';
}
static get jsonAttributes () {
return ['domain_names', 'meta', 'locations'];
}
static get relationMappings () {
return {
owner: {
relation: Model.HasOneRelation,
modelClass: User,
join: {
from: 'proxy_host.owner_user_id',
to: 'user.id'
},
modify: function (qb) {
qb.where('user.is_deleted', 0);
qb.omit(['id', 'created_on', 'modified_on', 'is_deleted', 'email', 'roles']);
}
},
access_list: {
relation: Model.HasOneRelation,
modelClass: AccessList,
join: {
from: 'proxy_host.access_list_id',
to: 'access_list.id'
},
modify: function (qb) {
qb.where('access_list.is_deleted', 0);
qb.omit(['id', 'created_on', 'modified_on', 'is_deleted']);
}
},
certificate: {
relation: Model.HasOneRelation,
modelClass: Certificate,
join: {
from: 'proxy_host.certificate_id',
to: 'certificate.id'
},
modify: function (qb) {
qb.where('certificate.is_deleted', 0);
qb.omit(['id', 'created_on', 'modified_on', 'is_deleted']);
}
}
};
}
}
module.exports = ProxyHost;

80
backend/models/redirection_host.js Normal file
View File

@ -0,0 +1,80 @@
// Objection Docs:
// http://vincit.github.io/objection.js/
const db = require('../db');
const Model = require('objection').Model;
const User = require('./user');
const Certificate = require('./certificate');
Model.knex(db);
class RedirectionHost extends Model {
$beforeInsert () {
this.created_on = Model.raw('NOW()');
this.modified_on = Model.raw('NOW()');
// Default for domain_names
if (typeof this.domain_names === 'undefined') {
this.domain_names = [];
}
// Default for meta
if (typeof this.meta === 'undefined') {
this.meta = {};
}
this.domain_names.sort();
}
$beforeUpdate () {
this.modified_on = Model.raw('NOW()');
// Sort domain_names
if (typeof this.domain_names !== 'undefined') {
this.domain_names.sort();
}
}
static get name () {
return 'RedirectionHost';
}
static get tableName () {
return 'redirection_host';
}
static get jsonAttributes () {
return ['domain_names', 'meta'];
}
static get relationMappings () {
return {
owner: {
relation: Model.HasOneRelation,
modelClass: User,
join: {
from: 'redirection_host.owner_user_id',
to: 'user.id'
},
modify: function (qb) {
qb.where('user.is_deleted', 0);
qb.omit(['id', 'created_on', 'modified_on', 'is_deleted', 'email', 'roles']);
}
},
certificate: {
relation: Model.HasOneRelation,
modelClass: Certificate,
join: {
from: 'redirection_host.certificate_id',
to: 'certificate.id'
},
modify: function (qb) {
qb.where('certificate.is_deleted', 0);
qb.omit(['id', 'created_on', 'modified_on', 'is_deleted']);
}
}
};
}
}
module.exports = RedirectionHost;

30
backend/models/setting.js Normal file
View File

@ -0,0 +1,30 @@
// Objection Docs:
// http://vincit.github.io/objection.js/
const db = require('../db');
const Model = require('objection').Model;
Model.knex(db);
class Setting extends Model {
$beforeInsert () {
// Default for meta
if (typeof this.meta === 'undefined') {
this.meta = {};
}
}
static get name () {
return 'Setting';
}
static get tableName () {
return 'setting';
}
static get jsonAttributes () {
return ['meta'];
}
}
module.exports = Setting;

55
backend/models/stream.js Normal file
View File

@ -0,0 +1,55 @@
// Objection Docs:
// http://vincit.github.io/objection.js/
const db = require('../db');
const Model = require('objection').Model;
const User = require('./user');
Model.knex(db);
class Stream extends Model {
$beforeInsert () {
this.created_on = Model.raw('NOW()');
this.modified_on = Model.raw('NOW()');
// Default for meta
if (typeof this.meta === 'undefined') {
this.meta = {};
}
}
$beforeUpdate () {
this.modified_on = Model.raw('NOW()');
}
static get name () {
return 'Stream';
}
static get tableName () {
return 'stream';
}
static get jsonAttributes () {
return ['meta'];
}
static get relationMappings () {
return {
owner: {
relation: Model.HasOneRelation,
modelClass: User,
join: {
from: 'stream.owner_user_id',
to: 'user.id'
},
modify: function (qb) {
qb.where('user.is_deleted', 0);
qb.omit(['id', 'created_on', 'modified_on', 'is_deleted', 'email', 'roles']);
}
}
};
}
}
module.exports = Stream;

136
backend/models/token.js Normal file
View File

@ -0,0 +1,136 @@
/**
NOTE: This is not a database table, this is a model of a Token object that can be created/loaded
and then has abilities after that.
*/
const _ = require('lodash');
const config = require('config');
const jwt = require('jsonwebtoken');
const crypto = require('crypto');
const error = require('../lib/error');
const ALGO = 'RS256';
module.exports = function () {
const public_key = config.get('jwt.pub');
const private_key = config.get('jwt.key');
let token_data = {};
let self = {
/**
* @param {Object} payload
* @returns {Promise}
*/
create: (payload) => {
// sign with RSA SHA256
let options = {
algorithm: ALGO,
expiresIn: payload.expiresIn || '1d'
};
payload.jti = crypto.randomBytes(12)
.toString('base64')
.substr(-8);
return new Promise((resolve, reject) => {
jwt.sign(payload, private_key, options, (err, token) => {
if (err) {
reject(err);
} else {
token_data = payload;
resolve({
token: token,
payload: payload
});
}
});
});
},
/**
* @param {String} token
* @returns {Promise}
*/
load: function (token) {
return new Promise((resolve, reject) => {
try {
if (!token || token === null || token === 'null') {
reject(new error.AuthError('Empty token'));
} else {
jwt.verify(token, public_key, {ignoreExpiration: false, algorithms: [ALGO]}, (err, result) => {
if (err) {
if (err.name === 'TokenExpiredError') {
reject(new error.AuthError('Token has expired', err));
} else {
reject(err);
}
} else {
token_data = result;
// Hack: some tokens out in the wild have a scope of 'all' instead of 'user'.
// For 30 days at least, we need to replace 'all' with user.
if ((typeof token_data.scope !== 'undefined' && _.indexOf(token_data.scope, 'all') !== -1)) {
//console.log('Warning! Replacing "all" scope with "user"');
token_data.scope = ['user'];
}
resolve(token_data);
}
});
}
} catch (err) {
reject(err);
}
});
},
/**
* Does the token have the specified scope?
*
* @param {String} scope
* @returns {Boolean}
*/
hasScope: function (scope) {
return typeof token_data.scope !== 'undefined' && _.indexOf(token_data.scope, scope) !== -1;
},
/**
* @param {String} key
* @return {*}
*/
get: function (key) {
if (typeof token_data[key] !== 'undefined') {
return token_data[key];
}
return null;
},
/**
* @param {String} key
* @param {*} value
*/
set: function (key, value) {
token_data[key] = value;
},
/**
* @param [default_value]
* @returns {Integer}
*/
getUserId: (default_value) => {
let attrs = self.get('attrs');
if (attrs && typeof attrs.id !== 'undefined' && attrs.id) {
return attrs.id;
}
return default_value || 0;
}
};
return self;
};

55
backend/models/user.js Normal file
View File

@ -0,0 +1,55 @@
// Objection Docs:
// http://vincit.github.io/objection.js/
const db = require('../db');
const Model = require('objection').Model;
const UserPermission = require('./user_permission');
Model.knex(db);
class User extends Model {
$beforeInsert () {
this.created_on = Model.raw('NOW()');
this.modified_on = Model.raw('NOW()');
// Default for roles
if (typeof this.roles === 'undefined') {
this.roles = [];
}
}
$beforeUpdate () {
this.modified_on = Model.raw('NOW()');
}
static get name () {
return 'User';
}
static get tableName () {
return 'user';
}
static get jsonAttributes () {
return ['roles'];
}
static get relationMappings () {
return {
permissions: {
relation: Model.HasOneRelation,
modelClass: UserPermission,
join: {
from: 'user.id',
to: 'user_permission.user_id'
},
modify: function (qb) {
qb.omit(['id', 'created_on', 'modified_on', 'user_id']);
}
}
};
}
}
module.exports = User;

28
backend/models/user_permission.js Normal file
View File

@ -0,0 +1,28 @@
// Objection Docs:
// http://vincit.github.io/objection.js/
const db = require('../db');
const Model = require('objection').Model;
Model.knex(db);
class UserPermission extends Model {
$beforeInsert () {
this.created_on = Model.raw('NOW()');
this.modified_on = Model.raw('NOW()');
}
$beforeUpdate () {
this.modified_on = Model.raw('NOW()');
}
static get name () {
return 'UserPermission';
}
static get tableName () {
return 'user_permission';
}
}
module.exports = UserPermission;