AI-Decenter
diff --git a/‎Cargo.toml‎
Lines changed: 8 additions & 0 deletions b/‎Cargo.toml‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎WEBHOOK_SYSTEM.md‎ b/‎WEBHOOK_SYSTEM.md‎
diff --git a/‎apps/container-engine-frontend/src/api/api.ts‎
Lines changed: 0 additions & 1 deletion b/‎apps/container-engine-frontend/src/api/api.ts‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎apps/container-engine-frontend/src/pages/DeploymentDetailPage.tsx‎
Lines changed: 352 additions & 28 deletions b/‎apps/container-engine-frontend/src/pages/DeploymentDetailPage.tsx‎
Lines changed: 352 additions & 28 deletions
diff --git a/‎migrations/20240927000001_domain_ssl_management.sql‎
Lines changed: 98 additions & 0 deletions b/‎migrations/20240927000001_domain_ssl_management.sql‎
Lines changed: 98 additions & 0 deletions
diff --git a/‎src/deployment/models.rs‎
Lines changed: 1 addition & 0 deletions b/‎src/deployment/models.rs‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/handlers/auth.rs‎
Lines changed: 40 additions & 4 deletions b/‎src/handlers/auth.rs‎
Lines changed: 40 additions & 4 deletions
@@ -67,6 +67,14 @@ validator = { version = "0.18", features = ["derive"] }
 # Regex
 regex = "1.0"
 
+# DNS and SSL certificate management
+trust-dns-resolver = "0.23"
+rustls = { version = "0.23", features = ["ring"] }
+rustls-pemfile = "2.0"
+acme-lib = "0.9"
+base64 = "0.22"
+sha2 = "0.10"
+
 # OpenAPI documentation
 utoipa = { version = "4.0", features = ["axum_extras", "chrono", "uuid"] }
 utoipa-swagger-ui = { version = "4.0", features = ["axum"] }
 
@@ -37,7 +37,6 @@ api.interceptors.response.use(
     // Handle network errors
     if (!error.response) {
       const errorMessage = 'Network error - please check your connection';
-      alert(errorMessage);
       return Promise.reject(new Error(errorMessage));
     }  
     return Promise.reject(error);
 
@@ -0,0 +1,98 @@
+-- Add SSL certificate management for domains
+-- This migration extends the domain management system with SSL certificates and validation tracking
+
+-- Add SSL certificate status and validation fields to domains table
+ALTER TABLE domains 
+ADD COLUMN ssl_status VARCHAR(50) NOT NULL DEFAULT 'pending',
+ADD COLUMN ssl_issued_at TIMESTAMPTZ,
+ADD COLUMN ssl_expires_at TIMESTAMPTZ,
+ADD COLUMN dns_validation_token VARCHAR(255),
+ADD COLUMN dns_validated_at TIMESTAMPTZ,
+ADD COLUMN certificate_data TEXT,
+ADD COLUMN private_key_data TEXT,
+ADD COLUMN validation_attempts INTEGER NOT NULL DEFAULT 0,
+ADD COLUMN last_validation_attempt TIMESTAMPTZ,
+ADD COLUMN error_message TEXT;
+
+-- Create SSL certificates table for detailed tracking
+CREATE TABLE ssl_certificates (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    domain_id UUID NOT NULL REFERENCES domains(id) ON DELETE CASCADE,
+    certificate_pem TEXT NOT NULL,
+    private_key_pem TEXT NOT NULL,
+    chain_pem TEXT,
+    issued_at TIMESTAMPTZ NOT NULL,
+    expires_at TIMESTAMPTZ NOT NULL,
+    issuer VARCHAR(255) NOT NULL DEFAULT 'Let''s Encrypt',
+    status VARCHAR(50) NOT NULL DEFAULT 'active',
+    auto_renew BOOLEAN NOT NULL DEFAULT true,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+-- Create DNS records table for tracking required DNS configurations
+CREATE TABLE dns_records (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    domain_id UUID NOT NULL REFERENCES domains(id) ON DELETE CASCADE,
+    record_type VARCHAR(10) NOT NULL, -- A, AAAA, CNAME, TXT
+    record_name VARCHAR(253) NOT NULL,
+    record_value VARCHAR(1000) NOT NULL,
+    ttl INTEGER NOT NULL DEFAULT 300,
+    is_validation_record BOOLEAN NOT NULL DEFAULT false,
+    is_configured BOOLEAN NOT NULL DEFAULT false,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+-- Create domain validation history table
+CREATE TABLE domain_validations (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    domain_id UUID NOT NULL REFERENCES domains(id) ON DELETE CASCADE,
+    validation_type VARCHAR(50) NOT NULL, -- dns, http
+    validation_token VARCHAR(255) NOT NULL,
+    challenge_response VARCHAR(1000),
+    status VARCHAR(50) NOT NULL DEFAULT 'pending',
+    attempted_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    completed_at TIMESTAMPTZ,
+    error_message TEXT
+);
+
+-- Add indexes for performance
+CREATE INDEX idx_ssl_certificates_domain_id ON ssl_certificates(domain_id);
+CREATE INDEX idx_ssl_certificates_expires_at ON ssl_certificates(expires_at);
+CREATE INDEX idx_ssl_certificates_status ON ssl_certificates(status);
+CREATE INDEX idx_dns_records_domain_id ON dns_records(domain_id);
+CREATE INDEX idx_dns_records_type ON dns_records(record_type);
+CREATE INDEX idx_dns_records_validation ON dns_records(is_validation_record);
+CREATE INDEX idx_domain_validations_domain_id ON domain_validations(domain_id);
+CREATE INDEX idx_domain_validations_status ON domain_validations(status);
+CREATE INDEX idx_domains_ssl_status ON domains(ssl_status);
+CREATE INDEX idx_domains_verified_at ON domains(verified_at);
+
+-- Add triggers for updated_at columns
+CREATE TRIGGER update_ssl_certificates_updated_at BEFORE UPDATE ON ssl_certificates
+    FOR EACH ROW EXECUTE FUNCTION update_updated_at_column();
+
+CREATE TRIGGER update_dns_records_updated_at BEFORE UPDATE ON dns_records
+    FOR EACH ROW EXECUTE FUNCTION update_updated_at_column();
+
+-- Add constraints and validation
+ALTER TABLE domains 
+ADD CONSTRAINT check_ssl_status 
+CHECK (ssl_status IN ('pending', 'validating', 'issued', 'expired', 'failed', 'revoked'));
+
+ALTER TABLE ssl_certificates 
+ADD CONSTRAINT check_certificate_status 
+CHECK (status IN ('active', 'expired', 'revoked', 'pending_renewal'));
+
+ALTER TABLE dns_records 
+ADD CONSTRAINT check_record_type 
+CHECK (record_type IN ('A', 'AAAA', 'CNAME', 'TXT', 'MX'));
+
+ALTER TABLE domain_validations 
+ADD CONSTRAINT check_validation_type 
+CHECK (validation_type IN ('dns', 'http'));
+
+ALTER TABLE domain_validations 
+ADD CONSTRAINT check_validation_status 
+CHECK (status IN ('pending', 'processing', 'valid', 'invalid', 'expired'));
@@ -240,6 +240,7 @@ pub struct DnsRecord {
     pub record_type: String,
     pub name: String,
     pub value: String,
+    pub ttl: u32,
 }
 
 #[derive(Debug, Serialize, ToSchema)]
 
@@ -1,6 +1,7 @@
 use axum::{
     extract::{Path, Query, State},
     response::Json,
+    http::HeaderMap,
 };
 use bcrypt::{hash, verify, DEFAULT_COST};
 use chrono::Utc;
@@ -19,6 +20,39 @@ use crate::{
     error::AppError,
 };
 
+// Helper function to get frontend URL from headers or environment
+fn get_frontend_url(headers: &HeaderMap) -> String {
+    // Check if we're in production by looking at production domain env var
+    if let Ok(production_domain) = std::env::var("PRODUCTION_DOMAIN") {
+        // Try to get host from request headers
+        if let Some(host) = headers.get("host") {
+            if let Ok(host_str) = host.to_str() {
+                // If host matches production domain (decenter.run), use it
+                if host_str.contains("decenter.run") {
+                    return production_domain;
+                }
+                // If it's localhost or development, use frontend URL
+                else if host_str.contains("localhost") || host_str.contains("127.0.0.1") {
+                    return std::env::var("FRONTEND_BASE_URL")
+                        .unwrap_or_else(|_| "http://localhost:5173".to_string());
+                }
+                // For other domains (staging, etc), use HTTPS
+                else {
+                    return format!("https://{}", host_str);
+                }
+            }
+        }
+    }
+    
+    // Development fallback: try frontend base URL from env
+    if let Ok(frontend_url) = std::env::var("FRONTEND_BASE_URL") {
+        return frontend_url;
+    }
+    
+    // Final fallback
+    "http://localhost:5173".to_string()
+}
+
 #[utoipa::path(
     post,
     path = "/v1/auth/register",
@@ -378,6 +412,7 @@ pub async fn revoke_api_key(
 )]
 pub async fn forgot_password(
     State(state): State<AppState>,
+    headers: HeaderMap,
     Json(payload): Json<ForgotPasswordRequest>,
 ) -> Result<Json<ForgotPasswordResponse>, AppError> {
     payload.validate()?;
@@ -427,10 +462,10 @@ pub async fn forgot_password(
     .await?;
 
     // Send password reset email
-    let reset_url = format!("https://your-domain.com/reset-password?token={}", reset_token);
+    let frontend_base_url = get_frontend_url(&headers);
+    let reset_url = format!("{}/reset-password?token={}", frontend_base_url, reset_token);
 
-    // Temporarily use console logging instead of real email for demo
-    // Password reset email (demo mode)
+    // Send password reset email
 
     if let Err(e) = state.email_service.send_password_reset_email(&user.email, &user.username, &reset_token, &reset_url) {
         tracing::error!("Failed to send password reset email: {}", e);
@@ -513,4 +548,5 @@ pub async fn reset_password(
     Ok(Json(ResetPasswordResponse {
         message: "Password has been reset successfully".to_string(),
     }))
-}
+}
+
Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,6 @@ api.interceptors.response.use(`
`37`	`37`	`// Handle network errors`
`38`	`38`	`if (!error.response) {`
`39`	`39`	`const errorMessage = 'Network error - please check your connection';`
`40`		`- alert(errorMessage);`
`41`	`40`	`return Promise.reject(new Error(errorMessage));`
`42`	`41`	`}`
`43`	`42`	`return Promise.reject(error);`
Original file line number	Diff line number	Diff line change
`@@ -240,6 +240,7 @@ pub struct DnsRecord {`
`240`	`240`	`pub record_type: String,`
`241`	`241`	`pub name: String,`
`242`	`242`	`pub value: String,`
	`243`	`+ pub ttl: u32,`
`243`	`244`	`}`
`244`	`245`
`245`	`246`	`#[derive(Debug, Serialize, ToSchema)]`