refactor(certificates): move to core package (#4686)

packages/certificates/package.json

@@ -23,6 +23,7 @@
   "prettier": "@homarr/prettier-config",
   "dependencies": {
     "@homarr/common": "workspace:^0.1.0",
+    "@homarr/core": "workspace:^0.1.0",
     "@homarr/db": "workspace:^0.1.0",
     "undici": "7.16.0"
   },

packages/certificates/src/server.ts

@@ -1,93 +1,18 @@
-import { X509Certificate } from "node:crypto";
-import fsSync from "node:fs";
-import fs from "node:fs/promises";
 import type { AgentOptions } from "node:https";
 import { Agent as HttpsAgent } from "node:https";
-import path from "node:path";
-import { checkServerIdentity, rootCertificates } from "node:tls";
+import { checkServerIdentity } from "node:tls";
 import axios from "axios";
 import type { RequestInfo, RequestInit, Response } from "undici";
 import { fetch } from "undici";
 
-import { env } from "@homarr/common/env";
 import { LoggingAgent } from "@homarr/common/server";
+import {
+  getAllTrustedCertificatesAsync,
+  getTrustedCertificateHostnamesAsync,
+} from "@homarr/core/infrastructure/certificates";
 import type { InferSelectModel } from "@homarr/db";
-import { db } from "@homarr/db";
 import type { trustedCertificateHostnames } from "@homarr/db/schema";
 
-const getCertificateFolder = () => {
-  if (env.NODE_ENV !== "production") return process.env.LOCAL_CERTIFICATE_PATH;
-  return process.env.LOCAL_CERTIFICATE_PATH ?? path.join("/appdata", "trusted-certificates");
-};
-
-export const loadCustomRootCertificatesAsync = async () => {
-  const folder = getCertificateFolder();
-
-  if (!folder) {
-    return [];
-  }
-
-  if (!fsSync.existsSync(folder)) {
-    await fs.mkdir(folder, { recursive: true });
-  }
-
-  const dirContent = await fs.readdir(folder);
-  return await Promise.all(
-    dirContent
-      .filter((file) => file.endsWith(".crt") || file.endsWith(".pem"))
-      .map(async (file) => ({
-        content: await fs.readFile(path.join(folder, file), "utf8"),
-        fileName: file,
-      })),
-  );
-};
-
-export const removeCustomRootCertificateAsync = async (fileName: string) => {
-  const folder = getCertificateFolder();
-  if (!folder) {
-    return null;
-  }
-
-  const existingFiles = await fs.readdir(folder, { withFileTypes: true });
-  if (!existingFiles.some((file) => file.isFile() && file.name === fileName)) {
-    throw new Error(`File ${fileName} does not exist`);
-  }
-
-  const fullPath = path.join(folder, fileName);
-  const content = await fs.readFile(fullPath, "utf8");
-
-  await fs.rm(fullPath);
-  try {
-    return new X509Certificate(content);
-  } catch {
-    return null;
-  }
-};
-
-export const addCustomRootCertificateAsync = async (fileName: string, content: string) => {
-  const folder = getCertificateFolder();
-  if (!folder) {
-    throw new Error(
-      "When you want to use custom certificates locally you need to set LOCAL_CERTIFICATE_PATH to an absolute path",
-    );
-  }
-
-  if (fileName.includes("/")) {
-    throw new Error("Invalid file name");
-  }
-
-  await fs.writeFile(path.join(folder, fileName), content);
-};
-
-export const getTrustedCertificateHostnamesAsync = async () => {
-  return await db.query.trustedCertificateHostnames.findMany();
-};
-
-export const getAllTrustedCertificatesAsync = async () => {
-  const customCertificates = await loadCustomRootCertificatesAsync();
-  return rootCertificates.concat(customCertificates.map((cert) => cert.content));
-};
-
 export const createCustomCheckServerIdentity = (
   trustedHostnames: InferSelectModel<typeof trustedCertificateHostnames>[],
 ): typeof checkServerIdentity => {