alexei.dolgolyov
0405ecd9ce
Build / build (push) Successful in 10m36s
Outgoing notifications were bare POSTs with no auth and no way to verify
they came from Tinyforge. They also went out from one global URL only,
even though stages had a notification_url field, and static-site sync
emitted no events at all.
Schema: add notification_url + notification_secret (lazy-generated) to
settings, projects, stages and static_sites. Migrations are additive.
Notifier: SendSigned computes HMAC-SHA256 over the exact body bytes and
sends X-Hub-Signature-256 (GitHub-compatible — receivers built for
GitHub/Gitea/Forgejo verify out of the box). Aux headers
X-Tinyforge-Event/Delivery/Timestamp/Tier are advisory and not signed.
Empty secret => unsigned send for back-compat.
Resolution: deploys fall through stage > project > settings, sites fall
through site > settings. The secret travels with the URL that sourced
it, so any tier can sign even when its parents are unsigned. Site sync
events now actually emit (site_sync_success / site_sync_failure).
API: 12 new endpoints — {GET secret, POST regenerate, POST disable,
POST test} for each of the 4 tiers. SendSyncForTest returns
status_code/latency_ms/signature_sent/delivery_id/response_snippet so
the UI surfaces receiver feedback inline.
UI: shared OutgoingWebhookPanel.svelte fits the existing card aesthetic.
Signing-state pill, secret reveal-on-demand, regenerate/disable behind
ConfirmDialog modals (not inline strips — too easy to misclick), send-
test result card with colour-coded status. Wired into Settings →
Integrations, project edit form, per-stage edit, and per-site detail.
EN + RU i18n.
Tests: round-trip (sender signs, receiver verifies), tampered-body and
wrong-secret rejection, unsigned-send omits header, send-test surfaces
4xx, concurrent fan-out via Drain. Resolver precedence locked for both
deploy and site paths.
Docs: docs/webhooks.md with header reference, verifier snippets in
Node/Python/Go, and a recipe for the service-to-notification-bridge
generic webhook provider.
999 lines
34 KiB
TypeScript
999 lines
34 KiB
TypeScript
import type {
|
|
ApiEnvelope,
|
|
ContainerStats,
|
|
ContainerStatsSample,
|
|
SystemStats,
|
|
SystemStatsSample,
|
|
TopContainerSample,
|
|
Deploy,
|
|
DeployLog,
|
|
DockerHealth,
|
|
ProxyHealth,
|
|
EventLogEntry,
|
|
EventLogStats,
|
|
InspectResult,
|
|
Instance,
|
|
LocalImage,
|
|
NpmCertificate,
|
|
NpmAccessList,
|
|
ProxyRoute,
|
|
Project,
|
|
ProjectDetail,
|
|
Registry,
|
|
RegistryImage,
|
|
Settings,
|
|
StaleContainer,
|
|
Stage,
|
|
StageEnv,
|
|
Volume,
|
|
VolumeScopeInfo,
|
|
BrowseResult,
|
|
DnsZone,
|
|
DnsRecordView,
|
|
BackupInfo
|
|
} from './types';
|
|
|
|
// ── Helpers ─────────────────────────────────────────────────────────
|
|
|
|
class ApiError extends Error {
|
|
constructor(
|
|
message: string,
|
|
public readonly status: number
|
|
) {
|
|
super(message);
|
|
this.name = 'ApiError';
|
|
}
|
|
}
|
|
|
|
import { getAuthToken, clearAuth } from './auth';
|
|
|
|
// ── Concurrency limiter ────────────────────────────────────────────
|
|
// Chrome allows only 6 concurrent HTTP/1.1 connections per host.
|
|
// Reserve slots for the persistent SSE stream and health checks by
|
|
// capping regular API requests to 4 concurrent.
|
|
const MAX_CONCURRENT = 4;
|
|
let inflight = 0;
|
|
const queue: Array<() => void> = [];
|
|
|
|
function acquireSlot(signal?: AbortSignal | null): Promise<void> {
|
|
if (inflight < MAX_CONCURRENT) {
|
|
inflight++;
|
|
return Promise.resolve();
|
|
}
|
|
return new Promise<void>((resolve, reject) => {
|
|
// A queued waiter inherits the releasing request's slot, so it
|
|
// must not increment `inflight` again — `releaseSlot` skips the
|
|
// decrement when it hands the slot off, keeping the count stable.
|
|
const entry = () => { resolve(); };
|
|
queue.push(entry);
|
|
|
|
signal?.addEventListener('abort', () => {
|
|
const idx = queue.indexOf(entry);
|
|
if (idx !== -1) {
|
|
queue.splice(idx, 1);
|
|
reject(signal.reason ?? new DOMException('Aborted', 'AbortError'));
|
|
}
|
|
}, { once: true });
|
|
});
|
|
}
|
|
|
|
function releaseSlot(): void {
|
|
const next = queue.shift();
|
|
if (next) {
|
|
next();
|
|
} else {
|
|
inflight--;
|
|
}
|
|
}
|
|
|
|
async function request<T>(path: string, init?: RequestInit): Promise<T> {
|
|
// Write operations (user-initiated) bypass the concurrency limiter
|
|
// so they are never blocked behind background polling.
|
|
const method = init?.method?.toUpperCase() ?? 'GET';
|
|
if (method !== 'GET') {
|
|
return requestInner<T>(path, init);
|
|
}
|
|
await acquireSlot(init?.signal);
|
|
try {
|
|
return await requestInner<T>(path, init);
|
|
} finally {
|
|
releaseSlot();
|
|
}
|
|
}
|
|
|
|
async function requestInner<T>(path: string, init?: RequestInit): Promise<T> {
|
|
const token = getAuthToken();
|
|
const headers: Record<string, string> = {
|
|
'Content-Type': 'application/json',
|
|
...(init?.headers as Record<string, string>)
|
|
};
|
|
if (token) {
|
|
headers['Authorization'] = `Bearer ${token}`;
|
|
}
|
|
|
|
const res = await fetch(path, {
|
|
...init,
|
|
headers
|
|
});
|
|
|
|
// Redirect to login on 401 (expired/missing token).
|
|
if (res.status === 401 && typeof window !== 'undefined' && !path.includes('/auth/')) {
|
|
clearAuth();
|
|
window.location.href = '/login';
|
|
throw new ApiError('Authentication required', 401);
|
|
}
|
|
|
|
let envelope: ApiEnvelope<T>;
|
|
try {
|
|
envelope = await res.json();
|
|
} catch {
|
|
throw new ApiError(
|
|
`Server returned non-JSON response (HTTP ${res.status})`,
|
|
res.status
|
|
);
|
|
}
|
|
|
|
if (!envelope.success) {
|
|
throw new ApiError(envelope.error ?? 'Unknown API error', res.status);
|
|
}
|
|
|
|
return envelope.data as T;
|
|
}
|
|
|
|
function get<T>(path: string, signal?: AbortSignal): Promise<T> {
|
|
return request<T>(path, signal ? { signal } : undefined);
|
|
}
|
|
|
|
function post<T>(path: string, body?: unknown): Promise<T> {
|
|
return request<T>(path, {
|
|
method: 'POST',
|
|
body: body !== undefined ? JSON.stringify(body) : undefined
|
|
});
|
|
}
|
|
|
|
function put<T>(path: string, body: unknown): Promise<T> {
|
|
return request<T>(path, {
|
|
method: 'PUT',
|
|
body: JSON.stringify(body)
|
|
});
|
|
}
|
|
|
|
function del<T>(path: string): Promise<T> {
|
|
return request<T>(path, { method: 'DELETE' });
|
|
}
|
|
|
|
// ── Projects ────────────────────────────────────────────────────────
|
|
|
|
export function listProjects(signal?: AbortSignal): Promise<Project[]> {
|
|
return get<Project[]>('/api/projects', signal);
|
|
}
|
|
|
|
export function getProject(id: string, signal?: AbortSignal): Promise<ProjectDetail> {
|
|
return get<ProjectDetail>(`/api/projects/${id}`, signal);
|
|
}
|
|
|
|
export function createProject(data: Partial<Project>): Promise<Project> {
|
|
return post<Project>('/api/projects', data);
|
|
}
|
|
|
|
export function updateProject(id: string, data: Partial<Project>): Promise<Project> {
|
|
return put<Project>(`/api/projects/${id}`, data);
|
|
}
|
|
|
|
export function deleteProject(id: string): Promise<{ deleted: string }> {
|
|
return del<{ deleted: string }>(`/api/projects/${id}`);
|
|
}
|
|
|
|
// ── Stages ─────────────────────────────────────────────────────────
|
|
|
|
export function createStage(projectId: string, data: Partial<Stage>): Promise<Stage> {
|
|
return post<Stage>(`/api/projects/${projectId}/stages`, data);
|
|
}
|
|
|
|
export function updateStage(projectId: string, stageId: string, data: Partial<Stage>): Promise<Stage> {
|
|
return put<Stage>(`/api/projects/${projectId}/stages/${stageId}`, data);
|
|
}
|
|
|
|
export function deleteStage(projectId: string, stageId: string): Promise<void> {
|
|
return del<void>(`/api/projects/${projectId}/stages/${stageId}`);
|
|
}
|
|
|
|
// ── Instances ───────────────────────────────────────────────────────
|
|
|
|
export function listInstances(projectId: string, stageId: string, signal?: AbortSignal): Promise<Instance[]> {
|
|
return get<Instance[]>(`/api/projects/${projectId}/stages/${stageId}/instances`, signal);
|
|
}
|
|
|
|
export function deployInstance(
|
|
projectId: string,
|
|
stageId: string,
|
|
imageTag: string
|
|
): Promise<{ status: string }> {
|
|
return post<{ status: string }>(`/api/projects/${projectId}/stages/${stageId}/instances`, {
|
|
image_tag: imageTag
|
|
});
|
|
}
|
|
|
|
export function removeInstance(
|
|
projectId: string,
|
|
stageId: string,
|
|
instanceId: string
|
|
): Promise<{ deleted: string }> {
|
|
return del<{ deleted: string }>(
|
|
`/api/projects/${projectId}/stages/${stageId}/instances/${instanceId}`
|
|
);
|
|
}
|
|
|
|
export function stopInstance(
|
|
projectId: string,
|
|
stageId: string,
|
|
instanceId: string
|
|
): Promise<{ status: string }> {
|
|
return post<{ status: string }>(
|
|
`/api/projects/${projectId}/stages/${stageId}/instances/${instanceId}/stop`
|
|
);
|
|
}
|
|
|
|
export function startInstance(
|
|
projectId: string,
|
|
stageId: string,
|
|
instanceId: string
|
|
): Promise<{ status: string }> {
|
|
return post<{ status: string }>(
|
|
`/api/projects/${projectId}/stages/${stageId}/instances/${instanceId}/start`
|
|
);
|
|
}
|
|
|
|
export function restartInstance(
|
|
projectId: string,
|
|
stageId: string,
|
|
instanceId: string
|
|
): Promise<{ status: string }> {
|
|
return post<{ status: string }>(
|
|
`/api/projects/${projectId}/stages/${stageId}/instances/${instanceId}/restart`
|
|
);
|
|
}
|
|
|
|
// ── Deploys ─────────────────────────────────────────────────────────
|
|
|
|
export function listDeploys(limit = 50, signal?: AbortSignal): Promise<Deploy[]> {
|
|
return get<Deploy[]>(`/api/deploys?limit=${limit}`, signal);
|
|
}
|
|
|
|
export function getDeployLogs(deployId: string): Promise<DeployLog[]> {
|
|
return get<DeployLog[]>(`/api/deploys/${deployId}/logs`);
|
|
}
|
|
|
|
export function inspectImage(image: string): Promise<InspectResult> {
|
|
return post<InspectResult>('/api/deploy/inspect', { image });
|
|
}
|
|
|
|
export function quickDeploy(data: {
|
|
name?: string;
|
|
image: string;
|
|
tag?: string;
|
|
registry?: string;
|
|
port?: number;
|
|
force?: boolean;
|
|
enable_proxy?: boolean;
|
|
auto_deploy?: boolean;
|
|
}): Promise<{ project: Project; status: string }> {
|
|
return post<{ project: Project; status: string }>('/api/deploy/quick', data);
|
|
}
|
|
|
|
// ── Registries ──────────────────────────────────────────────────────
|
|
|
|
export function listRegistries(): Promise<Registry[]> {
|
|
return get<Registry[]>('/api/registries');
|
|
}
|
|
|
|
export function createRegistry(data: Partial<Registry>): Promise<Registry> {
|
|
return post<Registry>('/api/registries', data);
|
|
}
|
|
|
|
export function updateRegistry(id: string, data: Partial<Registry>): Promise<Registry> {
|
|
return put<Registry>(`/api/registries/${id}`, data);
|
|
}
|
|
|
|
export function deleteRegistry(id: string): Promise<{ deleted: string }> {
|
|
return del<{ deleted: string }>(`/api/registries/${id}`);
|
|
}
|
|
|
|
export function testRegistry(id: string): Promise<{ status: string }> {
|
|
return post<{ status: string }>(`/api/registries/${id}/test`);
|
|
}
|
|
|
|
export function listRegistryTags(registryId: string, image: string): Promise<string[]> {
|
|
// Image contains slashes (e.g. "owner/name") — don't encode them;
|
|
// the backend route uses a wildcard (/tags/*) that expects path segments.
|
|
return get<string[]>(`/api/registries/${registryId}/tags/${image}`);
|
|
}
|
|
|
|
export function listRegistryImages(registryId: string): Promise<RegistryImage[]> {
|
|
return get<RegistryImage[]>(`/api/registries/${registryId}/images`);
|
|
}
|
|
|
|
// ── Settings ────────────────────────────────────────────────────────
|
|
|
|
export function getSettings(signal?: AbortSignal): Promise<Settings> {
|
|
return get<Settings>('/api/settings', signal);
|
|
}
|
|
|
|
export function updateSettings(data: Partial<Settings>): Promise<Settings> {
|
|
return put<Settings>('/api/settings', data);
|
|
}
|
|
|
|
// ── Webhooks ───────────────────────────────────────────────────────
|
|
|
|
export interface WebhookUrlResponse {
|
|
webhook_url: string;
|
|
webhook_secret: string;
|
|
}
|
|
|
|
export function getProjectWebhook(projectId: string): Promise<WebhookUrlResponse> {
|
|
return get<WebhookUrlResponse>(`/api/projects/${projectId}/webhook`);
|
|
}
|
|
|
|
export function regenerateProjectWebhook(projectId: string): Promise<WebhookUrlResponse> {
|
|
return post<WebhookUrlResponse>(`/api/projects/${projectId}/webhook/regenerate`);
|
|
}
|
|
|
|
export function getStaticSiteWebhook(siteId: string): Promise<WebhookUrlResponse> {
|
|
return get<WebhookUrlResponse>(`/api/sites/${siteId}/webhook`);
|
|
}
|
|
|
|
export function regenerateStaticSiteWebhook(siteId: string): Promise<WebhookUrlResponse> {
|
|
return post<WebhookUrlResponse>(`/api/sites/${siteId}/webhook/regenerate`);
|
|
}
|
|
|
|
// ── Outgoing-webhook signing & test ────────────────────────────────
|
|
|
|
export interface NotificationSecretResponse {
|
|
secret: string;
|
|
has_secret: boolean;
|
|
}
|
|
|
|
export interface NotificationTestResult {
|
|
url: string;
|
|
tier: 'settings' | 'project' | 'stage' | 'site';
|
|
status_code: number;
|
|
latency_ms: number;
|
|
signature_sent: boolean;
|
|
delivery_id: string;
|
|
response_snippet: string;
|
|
error?: string;
|
|
}
|
|
|
|
// Settings (global) tier.
|
|
export function getSettingsNotificationSecret(): Promise<NotificationSecretResponse> {
|
|
return get<NotificationSecretResponse>('/api/settings/notification-secret');
|
|
}
|
|
export function regenerateSettingsNotificationSecret(): Promise<NotificationSecretResponse> {
|
|
return post<NotificationSecretResponse>('/api/settings/notification-secret/regenerate');
|
|
}
|
|
export function disableSettingsNotificationSigning(): Promise<NotificationSecretResponse> {
|
|
return post<NotificationSecretResponse>('/api/settings/notification-secret/disable');
|
|
}
|
|
export function testSettingsNotification(): Promise<NotificationTestResult> {
|
|
return post<NotificationTestResult>('/api/settings/notification-test');
|
|
}
|
|
|
|
// Project tier.
|
|
export function getProjectNotificationSecret(projectId: string): Promise<NotificationSecretResponse> {
|
|
return get<NotificationSecretResponse>(`/api/projects/${projectId}/notification-secret`);
|
|
}
|
|
export function regenerateProjectNotificationSecret(projectId: string): Promise<NotificationSecretResponse> {
|
|
return post<NotificationSecretResponse>(`/api/projects/${projectId}/notification-secret/regenerate`);
|
|
}
|
|
export function disableProjectNotificationSigning(projectId: string): Promise<NotificationSecretResponse> {
|
|
return post<NotificationSecretResponse>(`/api/projects/${projectId}/notification-secret/disable`);
|
|
}
|
|
export function testProjectNotification(projectId: string): Promise<NotificationTestResult> {
|
|
return post<NotificationTestResult>(`/api/projects/${projectId}/notification-test`);
|
|
}
|
|
|
|
// Stage tier.
|
|
export function getStageNotificationSecret(projectId: string, stageId: string): Promise<NotificationSecretResponse> {
|
|
return get<NotificationSecretResponse>(`/api/projects/${projectId}/stages/${stageId}/notification-secret`);
|
|
}
|
|
export function regenerateStageNotificationSecret(projectId: string, stageId: string): Promise<NotificationSecretResponse> {
|
|
return post<NotificationSecretResponse>(`/api/projects/${projectId}/stages/${stageId}/notification-secret/regenerate`);
|
|
}
|
|
export function disableStageNotificationSigning(projectId: string, stageId: string): Promise<NotificationSecretResponse> {
|
|
return post<NotificationSecretResponse>(`/api/projects/${projectId}/stages/${stageId}/notification-secret/disable`);
|
|
}
|
|
export function testStageNotification(projectId: string, stageId: string): Promise<NotificationTestResult> {
|
|
return post<NotificationTestResult>(`/api/projects/${projectId}/stages/${stageId}/notification-test`);
|
|
}
|
|
|
|
// Static-site tier.
|
|
export function getStaticSiteNotificationSecret(siteId: string): Promise<NotificationSecretResponse> {
|
|
return get<NotificationSecretResponse>(`/api/sites/${siteId}/notification-secret`);
|
|
}
|
|
export function regenerateStaticSiteNotificationSecret(siteId: string): Promise<NotificationSecretResponse> {
|
|
return post<NotificationSecretResponse>(`/api/sites/${siteId}/notification-secret/regenerate`);
|
|
}
|
|
export function disableStaticSiteNotificationSigning(siteId: string): Promise<NotificationSecretResponse> {
|
|
return post<NotificationSecretResponse>(`/api/sites/${siteId}/notification-secret/disable`);
|
|
}
|
|
export function testStaticSiteNotification(siteId: string): Promise<NotificationTestResult> {
|
|
return post<NotificationTestResult>(`/api/sites/${siteId}/notification-test`);
|
|
}
|
|
|
|
// ── Proxy Routes ───────────────────────────────────────────────────
|
|
|
|
export function listProxyRoutes(): Promise<ProxyRoute[]> {
|
|
return get<ProxyRoute[]>('/api/proxies');
|
|
}
|
|
|
|
// ── Docker Management ──────────────────────────────────────────────
|
|
|
|
export function fetchContainerLogs(
|
|
projectId: string, stageId: string, instanceId: string, tail = 200
|
|
): Promise<string[]> {
|
|
return get<string[]>(`/api/projects/${projectId}/stages/${stageId}/instances/${instanceId}/logs?tail=${tail}`);
|
|
}
|
|
|
|
export function listProjectImages(projectId: string, signal?: AbortSignal): Promise<LocalImage[]> {
|
|
return get<LocalImage[]>(`/api/projects/${projectId}/images`, signal);
|
|
}
|
|
|
|
export function getUnusedImageStats(signal?: AbortSignal): Promise<{
|
|
total_size_mb: number; count: number; threshold_mb: number; exceeded: boolean;
|
|
}> {
|
|
return get<{ total_size_mb: number; count: number; threshold_mb: number; exceeded: boolean }>('/api/docker/unused-images', signal);
|
|
}
|
|
|
|
export function pruneImages(): Promise<{ images_removed: number; space_reclaimed_mb: number }> {
|
|
return post<{ images_removed: number; space_reclaimed_mb: number }>('/api/docker/prune-images');
|
|
}
|
|
|
|
export function testNpmConnection(data: { npm_url?: string; npm_email?: string; npm_password?: string }): Promise<{ status: string }> {
|
|
return post<{ status: string }>('/api/settings/npm/test', data);
|
|
}
|
|
|
|
export function listNpmCertificates(): Promise<NpmCertificate[]> {
|
|
return get<NpmCertificate[]>('/api/settings/npm-certificates');
|
|
}
|
|
|
|
export function listNpmAccessLists(): Promise<NpmAccessList[]> {
|
|
return get<NpmAccessList[]>('/api/settings/npm-access-lists');
|
|
}
|
|
|
|
// ── DNS ────────────────────────────────────────────────────────────
|
|
|
|
export function testDnsConnection(provider: string, token: string, zoneId: string): Promise<{ success: boolean; error?: string }> {
|
|
return post<{ success: boolean; error?: string }>('/api/settings/dns/test', { provider, token, zone_id: zoneId });
|
|
}
|
|
|
|
export function listDnsZones(token?: string): Promise<DnsZone[]> {
|
|
return post<DnsZone[]>('/api/settings/dns/zones', { token: token ?? '' });
|
|
}
|
|
|
|
export function getDnsRecords(): Promise<DnsRecordView[]> {
|
|
return get<DnsRecordView[]>('/api/dns/records');
|
|
}
|
|
|
|
export function syncDnsRecords(): Promise<{ created: number; deleted: number; already_synced: number }> {
|
|
return post<{ created: number; deleted: number; already_synced: number }>('/api/dns/sync');
|
|
}
|
|
|
|
export function deleteDnsRecord(fqdn: string): Promise<void> {
|
|
return del<void>(`/api/dns/records/${encodeURIComponent(fqdn)}`);
|
|
}
|
|
|
|
// ── Backups ────────────────────────────────────────────────────────
|
|
|
|
export function listBackups(): Promise<BackupInfo[]> {
|
|
return get<BackupInfo[]>('/api/backups');
|
|
}
|
|
|
|
export function triggerBackup(): Promise<BackupInfo> {
|
|
return post<BackupInfo>('/api/backups');
|
|
}
|
|
|
|
export function deleteBackup(id: string): Promise<void> {
|
|
return del<void>(`/api/backups/${id}`);
|
|
}
|
|
|
|
export function restoreBackup(id: string): Promise<{ status: string; message: string }> {
|
|
return post<{ status: string; message: string }>(`/api/backups/${id}/restore`);
|
|
}
|
|
|
|
export function backupDownloadUrl(id: string): string {
|
|
return `/api/backups/${id}/download`;
|
|
}
|
|
|
|
// ── Health ──────────────────────────────────────────────────────────
|
|
|
|
export function getHealth(): Promise<{ docker: DockerHealth; proxy?: ProxyHealth }> {
|
|
return get<{ docker: DockerHealth; proxy?: ProxyHealth }>('/api/health');
|
|
}
|
|
|
|
// ── Auth ─────────────────────────────────────────────────────────────
|
|
|
|
export function login(username: string, password: string): Promise<{ token: string; expires_at: string }> {
|
|
return post<{ token: string; expires_at: string }>('/api/auth/login', { username, password });
|
|
}
|
|
|
|
export function getCurrentUser(): Promise<{ id: string; username: string; email: string; role: string }> {
|
|
return get<{ id: string; username: string; email: string; role: string }>('/api/auth/me');
|
|
}
|
|
|
|
// Auth settings
|
|
export async function getAuthSettings(): Promise<any> {
|
|
return request<any>('/api/auth/settings');
|
|
}
|
|
|
|
export async function updateAuthSettings(settings: any): Promise<any> {
|
|
return request<any>('/api/auth/settings', {
|
|
method: 'PUT',
|
|
body: JSON.stringify(settings)
|
|
});
|
|
}
|
|
|
|
export async function listUsers(): Promise<any[]> {
|
|
return request<any[]>('/api/auth/users');
|
|
}
|
|
|
|
export async function createUser(data: { username: string; password: string; email?: string; role?: string }): Promise<any> {
|
|
return request<any>('/api/auth/users', {
|
|
method: 'POST',
|
|
body: JSON.stringify(data)
|
|
});
|
|
}
|
|
|
|
export async function updateUser(uid: string, data: { email?: string; role?: string }): Promise<any> {
|
|
return request<any>(`/api/auth/users/${uid}`, {
|
|
method: 'PUT',
|
|
body: JSON.stringify(data)
|
|
});
|
|
}
|
|
|
|
export async function changeUserPassword(uid: string, password: string): Promise<any> {
|
|
return request<any>(`/api/auth/users/${uid}/password`, {
|
|
method: 'PUT',
|
|
body: JSON.stringify({ password })
|
|
});
|
|
}
|
|
|
|
export async function deleteUser(uid: string): Promise<any> {
|
|
return request<any>(`/api/auth/users/${uid}`, { method: 'DELETE' });
|
|
}
|
|
|
|
export async function logout(): Promise<void> {
|
|
await request<any>('/api/auth/logout', { method: 'POST' });
|
|
}
|
|
|
|
// ── Config Export ────────────────────────────────────────────────────
|
|
|
|
export function exportConfigUrl(): string {
|
|
return '/api/config/export';
|
|
}
|
|
|
|
// ── Stage Env Overrides ──────────────────────────────────────────────
|
|
|
|
export function listStageEnv(projectId: string, stageId: string): Promise<StageEnv[]> {
|
|
return get<StageEnv[]>(`/api/projects/${projectId}/stages/${stageId}/env`);
|
|
}
|
|
|
|
export function createStageEnv(
|
|
projectId: string,
|
|
stageId: string,
|
|
data: { key: string; value: string; encrypted?: boolean }
|
|
): Promise<StageEnv> {
|
|
return post<StageEnv>(`/api/projects/${projectId}/stages/${stageId}/env`, data);
|
|
}
|
|
|
|
export function updateStageEnv(
|
|
projectId: string,
|
|
stageId: string,
|
|
envId: string,
|
|
data: { key?: string; value?: string; encrypted?: boolean }
|
|
): Promise<StageEnv> {
|
|
return put<StageEnv>(`/api/projects/${projectId}/stages/${stageId}/env/${envId}`, data);
|
|
}
|
|
|
|
export function deleteStageEnv(
|
|
projectId: string,
|
|
stageId: string,
|
|
envId: string
|
|
): Promise<{ deleted: string }> {
|
|
return del<{ deleted: string }>(`/api/projects/${projectId}/stages/${stageId}/env/${envId}`);
|
|
}
|
|
|
|
// ── Volumes ──────────────────────────────────────────────────────────
|
|
|
|
export function listVolumes(projectId: string): Promise<Volume[]> {
|
|
return get<Volume[]>(`/api/projects/${projectId}/volumes`);
|
|
}
|
|
|
|
export function createVolume(
|
|
projectId: string,
|
|
data: { source: string; target: string; scope: string; name?: string; mode?: string }
|
|
): Promise<Volume> {
|
|
return post<Volume>(`/api/projects/${projectId}/volumes`, data);
|
|
}
|
|
|
|
export function updateVolume(
|
|
projectId: string,
|
|
volId: string,
|
|
data: { source?: string; target?: string; scope?: string; name?: string; mode?: string }
|
|
): Promise<Volume> {
|
|
return put<Volume>(`/api/projects/${projectId}/volumes/${volId}`, data);
|
|
}
|
|
|
|
export function listVolumeScopes(): Promise<VolumeScopeInfo[]> {
|
|
return get<VolumeScopeInfo[]>('/api/volumes/scopes');
|
|
}
|
|
|
|
export function deleteVolume(
|
|
projectId: string,
|
|
volId: string
|
|
): Promise<{ deleted: string }> {
|
|
return del<{ deleted: string }>(`/api/projects/${projectId}/volumes/${volId}`);
|
|
}
|
|
|
|
export function browseVolume(
|
|
projectId: string,
|
|
volId: string,
|
|
params?: { path?: string; stage?: string; tag?: string }
|
|
): Promise<BrowseResult> {
|
|
const query = new URLSearchParams();
|
|
if (params?.path) query.set('path', params.path);
|
|
if (params?.stage) query.set('stage', params.stage);
|
|
if (params?.tag) query.set('tag', params.tag);
|
|
const qs = query.toString();
|
|
return get<BrowseResult>(`/api/projects/${projectId}/volumes/${volId}/browse${qs ? `?${qs}` : ''}`);
|
|
}
|
|
|
|
export function volumeDownloadUrl(
|
|
projectId: string,
|
|
volId: string,
|
|
params?: { path?: string; stage?: string; tag?: string }
|
|
): string {
|
|
const query = new URLSearchParams();
|
|
if (params?.path) query.set('path', params.path);
|
|
if (params?.stage) query.set('stage', params.stage);
|
|
if (params?.tag) query.set('tag', params.tag);
|
|
const token = typeof localStorage !== 'undefined' ? localStorage.getItem('auth_token') : null;
|
|
if (token) query.set('token', token);
|
|
const qs = query.toString();
|
|
return `/api/projects/${projectId}/volumes/${volId}/download${qs ? `?${qs}` : ''}`;
|
|
}
|
|
|
|
export async function uploadToVolume(
|
|
projectId: string,
|
|
volId: string,
|
|
files: FileList,
|
|
params?: { path?: string; stage?: string; tag?: string }
|
|
): Promise<{ uploaded: string[]; count: number }> {
|
|
const query = new URLSearchParams();
|
|
if (params?.path) query.set('path', params.path);
|
|
if (params?.stage) query.set('stage', params.stage);
|
|
if (params?.tag) query.set('tag', params.tag);
|
|
const qs = query.toString();
|
|
|
|
const formData = new FormData();
|
|
for (let i = 0; i < files.length; i++) {
|
|
formData.append('files', files[i]);
|
|
}
|
|
|
|
const token = typeof localStorage !== 'undefined' ? localStorage.getItem('auth_token') : null;
|
|
const headers: Record<string, string> = {};
|
|
if (token) headers['Authorization'] = `Bearer ${token}`;
|
|
|
|
const res = await fetch(`/api/projects/${projectId}/volumes/${volId}/upload${qs ? `?${qs}` : ''}`, {
|
|
method: 'POST',
|
|
headers,
|
|
body: formData,
|
|
});
|
|
|
|
const envelope = await res.json();
|
|
if (!envelope.success) throw new Error(envelope.error ?? 'Upload failed');
|
|
return envelope.data;
|
|
}
|
|
|
|
// ── Event Log ───────────────────────────────────────────────────────
|
|
|
|
export function fetchEventLog(params?: {
|
|
severity?: string;
|
|
source?: string;
|
|
since?: string;
|
|
until?: string;
|
|
limit?: number;
|
|
offset?: number;
|
|
}): Promise<EventLogEntry[]> {
|
|
const query = new URLSearchParams();
|
|
if (params?.severity) query.set('severity', params.severity);
|
|
if (params?.source) query.set('source', params.source);
|
|
if (params?.since) query.set('since', params.since);
|
|
if (params?.until) query.set('until', params.until);
|
|
if (params?.limit) query.set('limit', String(params.limit));
|
|
if (params?.offset) query.set('offset', String(params.offset));
|
|
const qs = query.toString();
|
|
return get<EventLogEntry[]>(`/api/events/log${qs ? `?${qs}` : ''}`);
|
|
}
|
|
|
|
export function fetchEventLogStats(): Promise<EventLogStats> {
|
|
return get<EventLogStats>('/api/events/log/stats');
|
|
}
|
|
|
|
export function deleteEvent(id: number): Promise<{ status: string }> {
|
|
return del<{ status: string }>(`/api/events/log/${id}`);
|
|
}
|
|
|
|
export function clearAllEvents(): Promise<{ status: string; count: number }> {
|
|
return del<{ status: string; count: number }>('/api/events/log');
|
|
}
|
|
|
|
// ── Stale Containers ────────────────────────────────────────────────
|
|
|
|
export function fetchStaleContainers(signal?: AbortSignal): Promise<StaleContainer[]> {
|
|
return get<StaleContainer[]>('/api/containers/stale', signal);
|
|
}
|
|
|
|
export function cleanupStaleContainer(id: string): Promise<{ deleted: string }> {
|
|
return post<{ deleted: string }>(`/api/containers/stale/${id}/cleanup`);
|
|
}
|
|
|
|
export function bulkCleanupStaleContainers(): Promise<{ deleted: number }> {
|
|
return post<{ deleted: number }>('/api/containers/stale/cleanup');
|
|
}
|
|
|
|
// ── Container Stats ────────────────────────────────────────────────
|
|
|
|
export function fetchContainerStats(
|
|
projectId: string,
|
|
stageId: string,
|
|
instanceId: string,
|
|
signal?: AbortSignal
|
|
): Promise<ContainerStats> {
|
|
return get<ContainerStats>(
|
|
`/api/projects/${projectId}/stages/${stageId}/instances/${instanceId}/stats`,
|
|
signal
|
|
);
|
|
}
|
|
|
|
export function fetchInstanceStatsHistory(
|
|
projectId: string,
|
|
stageId: string,
|
|
instanceId: string,
|
|
window = '2h',
|
|
signal?: AbortSignal
|
|
): Promise<ContainerStatsSample[]> {
|
|
return get<ContainerStatsSample[]>(
|
|
`/api/projects/${projectId}/stages/${stageId}/instances/${instanceId}/stats/history?window=${encodeURIComponent(window)}`,
|
|
signal
|
|
);
|
|
}
|
|
|
|
export function fetchSystemStats(signal?: AbortSignal): Promise<SystemStats> {
|
|
return get<SystemStats>('/api/system/stats', signal);
|
|
}
|
|
|
|
export function fetchSystemStatsHistory(
|
|
window = '2h',
|
|
signal?: AbortSignal
|
|
): Promise<SystemStatsSample[]> {
|
|
return get<SystemStatsSample[]>(`/api/system/stats/history?window=${encodeURIComponent(window)}`, signal);
|
|
}
|
|
|
|
export function fetchTopContainers(
|
|
by: 'cpu' | 'memory' = 'cpu',
|
|
limit = 5,
|
|
signal?: AbortSignal
|
|
): Promise<TopContainerSample[]> {
|
|
return get<TopContainerSample[]>(`/api/system/stats/top?by=${by}&limit=${limit}`, signal);
|
|
}
|
|
|
|
export function fetchStaticSiteStats(id: string, signal?: AbortSignal): Promise<ContainerStats> {
|
|
return get<ContainerStats>(`/api/sites/${id}/stats`, signal);
|
|
}
|
|
|
|
export function fetchStaticSiteStatsHistory(
|
|
id: string,
|
|
window = '2h',
|
|
signal?: AbortSignal
|
|
): Promise<ContainerStatsSample[]> {
|
|
return get<ContainerStatsSample[]>(
|
|
`/api/sites/${id}/stats/history?window=${encodeURIComponent(window)}`,
|
|
signal
|
|
);
|
|
}
|
|
|
|
export async function fetchStaticSiteLogs(id: string, tail = 200): Promise<string[]> {
|
|
const result = await get<string[] | null>(`/api/sites/${id}/logs?tail=${tail}`);
|
|
return result ?? [];
|
|
}
|
|
|
|
// ── Static Sites ──────────────────────────────────────────────────────
|
|
|
|
import type { StaticSite, StaticSiteSecret, FolderEntry, GitProvider, RepoInfo } from './types';
|
|
|
|
export function listStaticSites(signal?: AbortSignal): Promise<StaticSite[]> {
|
|
return get<StaticSite[]>('/api/sites', signal);
|
|
}
|
|
|
|
export function getStaticSite(id: string): Promise<StaticSite> {
|
|
return get<StaticSite>(`/api/sites/${id}`);
|
|
}
|
|
|
|
export function createStaticSite(data: Partial<StaticSite>): Promise<StaticSite> {
|
|
return post<StaticSite>('/api/sites', data);
|
|
}
|
|
|
|
export function updateStaticSite(id: string, data: Partial<StaticSite>): Promise<StaticSite> {
|
|
return put<StaticSite>(`/api/sites/${id}`, data);
|
|
}
|
|
|
|
export function deleteStaticSite(id: string): Promise<{ deleted: string }> {
|
|
return del<{ deleted: string }>(`/api/sites/${id}`);
|
|
}
|
|
|
|
export function deployStaticSite(id: string): Promise<{ status: string }> {
|
|
return post<{ status: string }>(`/api/sites/${id}/deploy`);
|
|
}
|
|
|
|
export function stopStaticSite(id: string): Promise<{ status: string }> {
|
|
return post<{ status: string }>(`/api/sites/${id}/stop`);
|
|
}
|
|
|
|
export function startStaticSite(id: string): Promise<{ status: string }> {
|
|
return post<{ status: string }>(`/api/sites/${id}/start`);
|
|
}
|
|
|
|
export function listStaticSiteRepos(data: {
|
|
provider?: string;
|
|
gitea_url: string;
|
|
access_token?: string;
|
|
query?: string;
|
|
}): Promise<RepoInfo[]> {
|
|
return post<RepoInfo[]>('/api/sites/repos', data);
|
|
}
|
|
|
|
export function detectStaticSiteProvider(url: string): Promise<{ provider: GitProvider }> {
|
|
return post<{ provider: GitProvider }>('/api/sites/detect-provider', { url });
|
|
}
|
|
|
|
export function testStaticSiteConnection(data: {
|
|
provider?: string;
|
|
gitea_url: string;
|
|
access_token?: string;
|
|
repo_owner: string;
|
|
repo_name: string;
|
|
}): Promise<{ status: string }> {
|
|
return post<{ status: string }>('/api/sites/test-connection', data);
|
|
}
|
|
|
|
export function listStaticSiteBranches(data: {
|
|
provider?: string;
|
|
gitea_url: string;
|
|
access_token?: string;
|
|
repo_owner: string;
|
|
repo_name: string;
|
|
}): Promise<string[]> {
|
|
return post<string[]>('/api/sites/branches', data);
|
|
}
|
|
|
|
export function listStaticSiteTree(data: {
|
|
provider?: string;
|
|
gitea_url: string;
|
|
access_token?: string;
|
|
repo_owner: string;
|
|
repo_name: string;
|
|
branch: string;
|
|
}): Promise<FolderEntry[]> {
|
|
return post<FolderEntry[]>('/api/sites/tree', data);
|
|
}
|
|
|
|
export function listStaticSiteSecrets(siteId: string): Promise<StaticSiteSecret[]> {
|
|
return get<StaticSiteSecret[]>(`/api/sites/${siteId}/secrets`);
|
|
}
|
|
|
|
export function createStaticSiteSecret(
|
|
siteId: string,
|
|
data: { key: string; value: string; encrypted?: boolean }
|
|
): Promise<StaticSiteSecret> {
|
|
return post<StaticSiteSecret>(`/api/sites/${siteId}/secrets`, data);
|
|
}
|
|
|
|
export function updateStaticSiteSecret(
|
|
siteId: string,
|
|
secretId: string,
|
|
data: { key?: string; value?: string; encrypted?: boolean }
|
|
): Promise<StaticSiteSecret> {
|
|
return put<StaticSiteSecret>(`/api/sites/${siteId}/secrets/${secretId}`, data);
|
|
}
|
|
|
|
export function deleteStaticSiteSecret(
|
|
siteId: string,
|
|
secretId: string
|
|
): Promise<{ deleted: string }> {
|
|
return del<{ deleted: string }>(`/api/sites/${siteId}/secrets/${secretId}`);
|
|
}
|
|
|
|
export function getStaticSiteStorage(
|
|
siteId: string
|
|
): Promise<import('./types').StaticSiteStorageUsage> {
|
|
return get<import('./types').StaticSiteStorageUsage>(`/api/sites/${siteId}/storage`);
|
|
}
|
|
|
|
// ── Stacks (docker-compose) ─────────────────────────────────────────
|
|
|
|
import type { Stack, StackRevision, StackService } from './types';
|
|
|
|
export function listStacks(signal?: AbortSignal): Promise<Stack[]> {
|
|
return get<Stack[]>('/api/stacks', signal);
|
|
}
|
|
|
|
export function getStack(id: string, signal?: AbortSignal): Promise<Stack> {
|
|
return get<Stack>(`/api/stacks/${id}`, signal);
|
|
}
|
|
|
|
export function createStack(data: {
|
|
name: string;
|
|
description?: string;
|
|
yaml: string;
|
|
deploy?: boolean;
|
|
}): Promise<{ stack: Stack; revision: StackRevision }> {
|
|
return post<{ stack: Stack; revision: StackRevision }>('/api/stacks', data);
|
|
}
|
|
|
|
export function updateStack(id: string, data: { name?: string; description?: string }): Promise<Stack> {
|
|
return put<Stack>(`/api/stacks/${id}`, data);
|
|
}
|
|
|
|
export function deleteStack(id: string, removeVolumes = false): Promise<{ deleted: string }> {
|
|
const qs = removeVolumes ? '?remove_volumes=true' : '';
|
|
return del<{ deleted: string }>(`/api/stacks/${id}${qs}`);
|
|
}
|
|
|
|
export function listStackRevisions(id: string, signal?: AbortSignal): Promise<StackRevision[]> {
|
|
return get<StackRevision[]>(`/api/stacks/${id}/revisions`, signal);
|
|
}
|
|
|
|
export function getStackRevision(id: string, revId: string): Promise<StackRevision> {
|
|
return get<StackRevision>(`/api/stacks/${id}/revisions/${revId}`);
|
|
}
|
|
|
|
export function createStackRevision(id: string, yaml: string): Promise<StackRevision> {
|
|
return post<StackRevision>(`/api/stacks/${id}/revisions`, { yaml });
|
|
}
|
|
|
|
export function rollbackStack(id: string, revId: string): Promise<StackRevision> {
|
|
return post<StackRevision>(`/api/stacks/${id}/rollback/${revId}`);
|
|
}
|
|
|
|
export function stopStack(id: string): Promise<{ status: string }> {
|
|
return post<{ status: string }>(`/api/stacks/${id}/stop`);
|
|
}
|
|
|
|
export function startStack(id: string): Promise<{ status: string }> {
|
|
return post<{ status: string }>(`/api/stacks/${id}/start`);
|
|
}
|
|
|
|
export function getStackServices(id: string, signal?: AbortSignal): Promise<StackService[]> {
|
|
return get<StackService[]>(`/api/stacks/${id}/services`, signal);
|
|
}
|
|
|
|
export async function getStackLogs(
|
|
id: string,
|
|
service?: string,
|
|
tail = 200
|
|
): Promise<string> {
|
|
const params = new URLSearchParams();
|
|
if (service) params.set('service', service);
|
|
params.set('tail', String(tail));
|
|
const token = getAuthToken();
|
|
const headers: Record<string, string> = {};
|
|
if (token) headers['Authorization'] = `Bearer ${token}`;
|
|
const res = await fetch(`/api/stacks/${id}/logs?${params.toString()}`, { headers });
|
|
if (!res.ok) {
|
|
throw new ApiError(`Failed to fetch logs: ${res.status}`, res.status);
|
|
}
|
|
return res.text();
|
|
}
|
|
|
|
export { ApiError };
|