Feature ssl wildcard and multiple update

apps/api/package.json

@@ -5,7 +5,7 @@
   "main": "dist/index.js",
   "scripts": {
     "dev": "ts-node-dev --respawn --transpile-only src/index.ts",
-    "build": "tsc",
+    "build": "prisma generate && tsc",
     "start": "node dist/index.js",
     "test": "vitest run",
     "test:watch": "vitest",
@@ -29,45 +29,45 @@
   "author": "",
   "license": "MIT",
   "dependencies": {
-    "@prisma/client": "^5.18.0",
-    "axios": "^1.7.2",
-    "bcrypt": "^5.1.1",
-    "cookie-parser": "^1.4.6",
-    "cors": "^2.8.5",
+    "@prisma/client": "^7.3.0",
+    "axios": "^1.13.4",
+    "bcrypt": "^6.0.0",
+    "cookie-parser": "^1.4.7",
+    "cors": "^2.8.6",
     "cron-parser": "^4.9.0",
-    "dotenv": "^16.4.5",
-    "express": "^4.19.2",
-    "express-validator": "^7.1.0",
-    "helmet": "^7.1.0",
-    "jsonwebtoken": "^9.0.2",
-    "morgan": "^1.10.0",
-    "node-forge": "^1.3.1",
-    "nodemailer": "^6.9.14",
+    "dotenv": "^17.2.4",
+    "express": "^5.2.1",
+    "express-validator": "^7.3.1",
+    "helmet": "^8.1.0",
+    "jsonwebtoken": "^9.0.3",
+    "morgan": "^1.10.1",
+    "node-forge": "^1.3.3",
+    "nodemailer": "^8.0.0",
     "qrcode": "^1.5.4",
     "speakeasy": "^2.0.0",
-    "winston": "^3.13.1"
+    "winston": "^3.19.0"
   },
   "devDependencies": {
-    "@types/bcrypt": "^5.0.2",
-    "@types/cookie-parser": "^1.4.7",
-    "@types/cors": "^2.8.17",
-    "@types/express": "^4.17.21",
-    "@types/jsonwebtoken": "^9.0.6",
-    "@types/morgan": "^1.9.9",
-    "@types/node": "^20.14.12",
-    "@types/node-forge": "^1.3.11",
-    "@types/nodemailer": "^6.4.15",
-    "@types/qrcode": "^1.5.5",
+    "@types/bcrypt": "^6.0.0",
+    "@types/cookie-parser": "^1.4.10",
+    "@types/cors": "^2.8.19",
+    "@types/express": "^5.0.6",
+    "@types/jsonwebtoken": "^9.0.10",
+    "@types/morgan": "^1.9.10",
+    "@types/node": "^25.2.1",
+    "@types/node-forge": "^1.3.14",
+    "@types/nodemailer": "^7.0.9",
+    "@types/qrcode": "^1.5.6",
     "@types/speakeasy": "^2.0.10",
     "@types/supertest": "^6.0.3",
-    "@vitest/coverage-v8": "3.2.4",
-    "@vitest/ui": "^3.2.4",
-    "prisma": "^5.18.0",
-    "supertest": "^7.1.4",
+    "@vitest/coverage-v8": "4.0.18",
+    "@vitest/ui": "^4.0.18",
+    "prisma": "^7.3.0",
+    "supertest": "^7.2.2",
     "ts-node": "^10.9.2",
     "ts-node-dev": "^2.0.0",
-    "typescript": "^5.5.4",
-    "vitest": "^3.2.4",
-    "zod": "^4.1.11"
+    "typescript": "^5.9.3",
+    "vitest": "^4.0.18",
+    "zod": "^4.3.6"
   }
 }

apps/api/prisma/migrations/20251201000000_add_wildcard_ssl_support/migration.sql

@@ -0,0 +1,7 @@
+-- AlterTable: Add wildcard SSL certificate support fields
+ALTER TABLE "ssl_certificates"
+ADD COLUMN "isWildcard" BOOLEAN NOT NULL DEFAULT false,
+ADD COLUMN "wildcardDomain" TEXT;
+
+-- CreateIndex: Index on isWildcard for efficient wildcard certificate queries
+CREATE INDEX "ssl_certificates_isWildcard_idx" ON "ssl_certificates"("isWildcard");

apps/api/prisma/migrations/20260206000000_add_dns_credentials_for_wildcard_renewal/migration.sql

@@ -0,0 +1,3 @@
+-- AlterTable
+ALTER TABLE "ssl_certificates" ADD COLUMN "dnsProvider" TEXT;
+ALTER TABLE "ssl_certificates" ADD COLUMN "dnsCredentials" JSONB;

apps/api/prisma/migrations/20260207000000_add_jira_notification_channel/migration.sql

@@ -0,0 +1,2 @@
+-- AlterEnum
+ALTER TYPE "NotificationChannelType" ADD VALUE 'jira';

apps/api/prisma/prisma.config.ts

@@ -0,0 +1,16 @@
+import path from 'node:path'
+import { defineConfig } from 'prisma/config'
+
+export default defineConfig({
+  earlyAccess: true,
+  schema: path.join(__dirname, 'schema.prisma'),
+  migrate: {
+    async url() {
+      const databaseUrl = process.env.DATABASE_URL
+      if (!databaseUrl) {
+        throw new Error('DATABASE_URL environment variable is required for migrations')
+      }
+      return databaseUrl
+    }
+  }
+})

apps/api/prisma/schema.prisma

@@ -7,7 +7,6 @@ generator client {
 
 datasource db {
   provider = "postgresql"
-  url      = env("DATABASE_URL")
 }
 
 enum UserRole {
@@ -262,6 +261,14 @@ model SSLCertificate {
   issuerDetails  Json? // { commonName, organization, country }
   serialNumber   String? // Certificate serial number
 
+  // Wildcard SSL support
+  isWildcard     Boolean @default(false) // Whether this is a wildcard certificate
+  wildcardDomain String? // The wildcard pattern (e.g., "*.example.com")
+
+  // DNS credentials for wildcard auto-renewal (Cloudflare DNS-01 challenge)
+  dnsProvider    String? // DNS provider plugin name (e.g., "dns_cf")
+  dnsCredentials Json?   // DNS API credentials for auto-renewal (e.g., { CF_Token: "...", CF_Account_ID: "..." })
+
   validFrom DateTime
   validTo   DateTime
   autoRenew Boolean   @default(true)
@@ -272,6 +279,7 @@ model SSLCertificate {
 
   @@index([domainId])
   @@index([validTo])
+  @@index([isWildcard])
   @@map("ssl_certificates")
 }
 
@@ -352,6 +360,7 @@ model InstallationStatus {
 enum NotificationChannelType {
   email
   telegram
+  jira
 }
 
 enum AlertSeverity {

apps/api/src/domains/access-lists/access-lists.controller.ts

@@ -60,7 +60,7 @@ export class AccessListsController {
         });
       }
 
-      const { id } = req.params;
+      const { id } = req.params as Record<string, string>;
 
       const accessList = await accessListsService.getAccessListById(id);
 
@@ -139,7 +139,7 @@ export class AccessListsController {
         });
       }
 
-      const { id } = req.params;
+      const { id } = req.params as Record<string, string>;
       const userId = (req as any).user.id;
       const username = (req as any).user.username;
       const ip = req.ip || req.socket.remoteAddress || '';
@@ -182,7 +182,7 @@ export class AccessListsController {
         });
       }
 
-      const { id } = req.params;
+      const { id } = req.params as Record<string, string>;
       const userId = (req as any).user.id;
       const username = (req as any).user.username;
       const ip = req.ip || req.socket.remoteAddress || '';
@@ -208,7 +208,7 @@ export class AccessListsController {
    */
   async toggleAccessList(req: Request, res: Response) {
     try {
-      const { id } = req.params;
+      const { id } = req.params as Record<string, string>;
       const { enabled } = req.body;
       const userId = (req as any).user.id;
       const username = (req as any).user.username;
@@ -292,7 +292,7 @@ export class AccessListsController {
         });
       }
 
-      const { accessListId, domainId } = req.params;
+      const { accessListId, domainId } = req.params as Record<string, string>;
       const userId = (req as any).user.id;
       const username = (req as any).user.username;
       const ip = req.ip || req.socket.remoteAddress || '';
@@ -325,7 +325,7 @@ export class AccessListsController {
    */
   async getByDomain(req: Request, res: Response) {
     try {
-      const { domainId } = req.params;
+      const { domainId } = req.params as Record<string, string>;
 
       const accessLists = await accessListsService.getAccessListsByDomainId(domainId);
 

apps/api/src/domains/account/account.controller.ts

@@ -332,7 +332,7 @@ class AccountController {
   revokeSession = async (req: AuthRequest, res: Response): Promise<void> => {
     try {
       const userId = req.user?.userId;
-      const { sessionId } = req.params;
+      const { sessionId } = req.params as Record<string, string>;
 
       if (!userId) {
         res.status(401).json({

apps/api/src/domains/acl/acl.controller.ts

@@ -36,7 +36,7 @@ export class AclController {
    */
   async getAclRule(req: Request, res: Response): Promise<void> {
     try {
-      const { id } = req.params;
+      const { id } = req.params as Record<string, string>;
       const rule = await aclService.getRuleById(id);
 
       res.json({
@@ -97,7 +97,7 @@ export class AclController {
    */
   async updateAclRule(req: Request, res: Response): Promise<void> {
     try {
-      const { id } = req.params;
+      const { id } = req.params as Record<string, string>;
       const dto: UpdateAclRuleDto = req.body;
 
       // Validate DTO
@@ -136,7 +136,7 @@ export class AclController {
    */
   async deleteAclRule(req: Request, res: Response): Promise<void> {
     try {
-      const { id } = req.params;
+      const { id } = req.params as Record<string, string>;
       await aclService.deleteRule(id);
 
       res.json({
@@ -161,7 +161,7 @@ export class AclController {
    */
   async toggleAclRule(req: Request, res: Response): Promise<void> {
     try {
-      const { id } = req.params;
+      const { id } = req.params as Record<string, string>;
       const rule = await aclService.toggleRule(id);
 
       res.json({