feat(certificates): handle self signed certificates (#1951)

* wip: add page and loading of certificates in folder * wip: add certificate addition and removal * feat: add removal ui for certificates * feat: migrate integrations to fetch or agent with trusted certificates * fix: lock file issues * fix: typecheck issue * fix: inconsistent package versions * chore: address pull request feedback * fix: add missing navigation item and restrict access to page * chore: address pull request feedback * fix: inconsistent undici dependency version * fix: inconsistent undici dependency version
2025-01-17 00:08:40 +01:00
parent b10b2013af
commit 8c36c3e36b
47 changed files with 737 additions and 122 deletions
--- a/packages/api/src/root.ts
+++ b/packages/api/src/root.ts
@@ -1,6 +1,7 @@
 import { apiKeysRouter } from "./router/apiKeys";
 import { appRouter as innerAppRouter } from "./router/app";
 import { boardRouter } from "./router/board";
+import { certificateRouter } from "./router/certificates/certificate-router";
 import { cronJobsRouter } from "./router/cron-jobs";
 import { dockerRouter } from "./router/docker/docker-router";
 import { groupRouter } from "./router/group";
@@ -41,6 +42,7 @@ export const appRouter = createTRPCRouter({
  apiKeys: apiKeysRouter,
  media: mediaRouter,
  updateChecker: updateCheckerRouter,
+  certificates: certificateRouter,
 });

 // export type definition of API
--- a/packages/api/src/router/certificates/certificate-router.ts
+++ b/packages/api/src/router/certificates/certificate-router.ts
@@ -0,0 +1,27 @@
+import { z } from "zod";
+import { zfd } from "zod-form-data";
+
+import { addCustomRootCertificateAsync, removeCustomRootCertificateAsync } from "@homarr/certificates/server";
+import { superRefineCertificateFile, validation } from "@homarr/validation";
+
+import { createTRPCRouter, permissionRequiredProcedure } from "../../trpc";
+
+export const certificateRouter = createTRPCRouter({
+  addCertificate: permissionRequiredProcedure
+    .requiresPermission("admin")
+    .input(
+      zfd.formData({
+        file: zfd.file().superRefine(superRefineCertificateFile),
+      }),
+    )
+    .mutation(async ({ input }) => {
+      const content = await input.file.text();
+      await addCustomRootCertificateAsync(input.file.name, content);
+    }),
+  removeCertificate: permissionRequiredProcedure
+    .requiresPermission("admin")
+    .input(z.object({ fileName: validation.certificates.validFileNameSchema }))
+    .mutation(async ({ input }) => {
+      await removeCustomRootCertificateAsync(input.fileName);
+    }),
+});