diff --git a/server/config.ts b/server/config.ts index fdeaf90a..560b5406 100644 --- a/server/config.ts +++ b/server/config.ts @@ -4,12 +4,15 @@ import path from "path"; import fs from "fs"; import yaml from "js-yaml"; import { fileURLToPath } from "url"; +import { signup } from "./routers/auth"; export const __FILENAME = fileURLToPath(import.meta.url); export const __DIRNAME = path.dirname(__FILENAME); export const APP_PATH = path.join("config"); +const portSchema = z.number().positive().gt(0).lte(65535); + const environmentSchema = z.object({ app: z.object({ name: z.string(), @@ -18,15 +21,17 @@ const environmentSchema = z.object({ save_logs: z.boolean(), }), server: z.object({ - external_port: z.number().positive().gt(0).lte(65535), - internal_port: z.number().positive().gt(0).lte(65535), + external_port: portSchema, + internal_port: portSchema, internal_hostname: z.string(), secure_cookies: z.boolean(), + signup_secret: z.string().optional(), }), traefik: z.object({ http_entrypoint: z.string(), https_entrypoint: z.string().optional(), cert_resolver: z.string().optional(), + prefer_wildcard_cert: z.boolean().optional(), }), rate_limit: z.object({ window_minutes: z.number().positive().gt(0), @@ -35,7 +40,7 @@ const environmentSchema = z.object({ email: z .object({ smtp_host: z.string().optional(), - smtp_port: z.number().positive().gt(0).lte(65535).optional(), + smtp_port: portSchema.optional(), smtp_user: z.string().optional(), smtp_pass: z.string().optional(), no_reply: z.string().email().optional(), @@ -45,6 +50,8 @@ const environmentSchema = z.object({ .object({ allow_org_subdomain_changing: z.boolean().optional(), require_email_verification: z.boolean().optional(), + disable_signup_without_invite: z.boolean().optional(), + require_signup_secret: z.boolean().optional(), }) .optional(), }); diff --git a/server/routers/traefik/getTraefikConfig.ts b/server/routers/traefik/getTraefikConfig.ts index d966ee15..3940c5f1 100644 --- a/server/routers/traefik/getTraefikConfig.ts +++ b/server/routers/traefik/getTraefikConfig.ts @@ -33,6 +33,9 @@ export function buildTraefikConfig( const tls = { certResolver: config.traefik.cert_resolver, + ...(config.traefik.prefer_wildcard_cert + ? { domains: [baseDomain, `*.${baseDomain}`] } + : {}), }; const http: any = { @@ -57,7 +60,11 @@ export function buildTraefikConfig( const serviceName = `${target.targetId}-service`; http.routers![routerName] = { - entryPoints: [target.ssl ? config.traefik.https_entrypoint : config.traefik.https_entrypoint], + entryPoints: [ + target.ssl + ? config.traefik.https_entrypoint + : config.traefik.http_entrypoint, + ], middlewares: [middlewareName], service: serviceName, rule: `Host(\`${target.resourceId}\`)`, // assuming resourceId is a valid full hostname @@ -80,7 +87,10 @@ export async function getAllTargets(): Promise { const all = await db .select() .from(schema.targets) - .innerJoin(schema.resources, eq(schema.targets.resourceId, schema.resources.resourceId)) + .innerJoin( + schema.resources, + eq(schema.targets.resourceId, schema.resources.resourceId) + ) .where( and( eq(schema.targets.enabled, true), diff --git a/src/app/auth/verify-email/page.tsx b/src/app/auth/verify-email/page.tsx index 3db73215..9f5cfa38 100644 --- a/src/app/auth/verify-email/page.tsx +++ b/src/app/auth/verify-email/page.tsx @@ -5,7 +5,7 @@ import { redirect } from "next/navigation"; export default async function Page(props: { searchParams: Promise<{ [key: string]: string | string[] | undefined }>; }) { - if (!process.env.NEXT_PUBLIC_FLAGS_EMAIL_VERIFICATION_REQUIRED) { + if (process.env.NEXT_PUBLIC_FLAGS_EMAIL_VERIFICATION_REQUIRED !== "true") { redirect("/"); }