feat: add KEYPAIR_NOT_FOUND error and enhance logging in seed process

kastov · kastov · commit 9e4741d10caf · 2025-03-26T21:27:30.000+03:00
- Introduced a new error constant KEYPAIR_NOT_FOUND to handle cases where keypair data is missing.
- Replaced console.log statements with consola for improved logging during the seeding of subscription templates and XTLS config.
- Updated the generateMasterCerts utility to use a custom random string generator for certificate naming.
diff --git a/libs/contract/constants/errors/errors.ts b/libs/contract/constants/errors/errors.ts
@@ -453,4 +453,9 @@ export const ERRORS = {
         message: 'Get user usage by range error',
         httpCode: 500,
     },
+    KEYPAIR_NOT_FOUND: {
+        code: 'A092',
+        message: 'Keypair not found. Restart app.',
+        httpCode: 500,
+    },
 } as const;
diff --git a/prisma/seed/config.seed.ts b/prisma/seed/config.seed.ts
@@ -5,6 +5,7 @@ import {
 } from '@libs/contracts/constants';
 import { KeygenEntity } from '@modules/keygen/entities/keygen.entity';
 import { PrismaClient } from '@prisma/client';
+import consola from 'consola';
 
 export const XTLSDefaultConfig = {
     log: {
@@ -560,7 +561,7 @@ const prisma = new PrismaClient({
 });
 
 async function seedSubscriptionTemplate() {
-    console.log('Seeding subscription templates...');
+    consola.start('Seeding subscription templates...');
     for (const templateType of SUBSCRIPTION_TEMPLATE_TYPE_VALUES) {
         const existingConfig = await prisma.subscriptionTemplate.findUnique({
             where: {
@@ -571,7 +572,7 @@ async function seedSubscriptionTemplate() {
         switch (templateType) {
             case SUBSCRIPTION_TEMPLATE_TYPE.STASH:
                 if (existingConfig) {
-                    console.log(`Default ${templateType} config already exists!`);
+                    consola.info(`Default ${templateType} config already exists!`);
                     continue;
                 }
 
@@ -582,7 +583,7 @@ async function seedSubscriptionTemplate() {
                 break;
             case SUBSCRIPTION_TEMPLATE_TYPE.MIHOMO:
                 if (existingConfig) {
-                    console.log(`Default ${templateType} config already exists!`);
+                    consola.info(`Default ${templateType} config already exists!`);
                     continue;
                 }
 
@@ -592,7 +593,7 @@ async function seedSubscriptionTemplate() {
                 break;
             case SUBSCRIPTION_TEMPLATE_TYPE.SINGBOX:
                 if (existingConfig) {
-                    console.log(`Default ${templateType} config already exists!`);
+                    consola.info(`Default ${templateType} config already exists!`);
                     continue;
                 }
 
@@ -602,7 +603,7 @@ async function seedSubscriptionTemplate() {
                 break;
             case SUBSCRIPTION_TEMPLATE_TYPE.SINGBOX_LEGACY:
                 if (existingConfig) {
-                    console.log(`Default ${templateType} config already exists!`);
+                    consola.info(`Default ${templateType} config already exists!`);
                     continue;
                 }
 
@@ -612,7 +613,7 @@ async function seedSubscriptionTemplate() {
                 break;
             case SUBSCRIPTION_TEMPLATE_TYPE.XRAY_JSON:
                 if (existingConfig) {
-                    console.log(`Default ${templateType} config already exists!`);
+                    consola.info(`Default ${templateType} config already exists!`);
                     continue;
                 }
 
@@ -623,7 +624,7 @@ async function seedSubscriptionTemplate() {
                 break;
             case SUBSCRIPTION_TEMPLATE_TYPE.CLASH:
                 if (existingConfig) {
-                    console.log(`Default ${templateType} config already exists!`);
+                    consola.info(`Default ${templateType} config already exists!`);
                     continue;
                 }
 
@@ -633,7 +634,8 @@ async function seedSubscriptionTemplate() {
 
                 break;
             default:
-                throw new Error(`Unknown template type: ${templateType}`);
+                consola.error(`Unknown template type: ${templateType}`);
+                process.exit(1);
         }
     }
 }
@@ -668,8 +670,10 @@ async function seedSubscriptionSettings() {
 async function seedConfigVariables() {
     const existingConfig = await prisma.xrayConfig.findFirst();
 
+    consola.start('🔐 Seeding XTLS config...');
+
     if (existingConfig) {
-        console.log('Default XTLS config already seeded!');
+        consola.success('🔐 Default XTLS config already seeded!');
         return;
     }
 
@@ -680,60 +684,80 @@ async function seedConfigVariables() {
     });
 
     if (!config) {
-        throw new Error('Failed to create default config!');
+        consola.error('🔐 Failed to create default config!');
+        process.exit(1);
     }
 
-    console.log('Default XTLS config seeded!');
+    consola.success('🔐 Default XTLS config seeded!');
 }
 
 async function seedKeygen() {
-    const existingConfig = await prisma.keygen.findFirst();
-
-    if (!existingConfig) {
-        const { publicKey, privateKey } = await generateJwtKeypair();
-        const { caCertPem, caKeyPem, clientCertPem, clientKeyPem } = await generateMasterCerts();
-
-        const keygenEntity = new KeygenEntity({
-            caCert: caCertPem,
-            caKey: caKeyPem,
-            clientCert: clientCertPem,
-            clientKey: clientKeyPem,
-            pubKey: publicKey,
-            privKey: privateKey,
-        });
-
-        await prisma.keygen.create({
-            data: keygenEntity,
-        });
-
-        console.log('🔐 Keygen seeded!');
-
-        return;
-    }
-
-    if (
-        existingConfig.pubKey &&
-        existingConfig.privKey &&
-        (!existingConfig.caCert ||
-            !existingConfig.caKey ||
-            !existingConfig.clientCert ||
-            !existingConfig.clientKey)
-    ) {
-        const { caCertPem, caKeyPem, clientCertPem, clientKeyPem } = await generateMasterCerts();
-
-        await prisma.keygen.update({
-            where: { uuid: existingConfig.uuid },
-            data: {
-                caCert: caCertPem,
-                caKey: caKeyPem,
-                clientCert: clientCertPem,
-                clientKey: clientKeyPem,
-            },
-        });
-
-        console.log('🔐 Keygen updated!');
-        return;
-    }
+    consola.start('🔐 Seeding keygen...');
+
+    // TODO: Remove after testing
+    process.exit(1);
+
+    // const existingConfig = await prisma.keygen.findFirst();
+
+    // if (!existingConfig) {
+    //     try {
+    //         const { publicKey, privateKey } = await generateJwtKeypair();
+    //         const { caCertPem, caKeyPem, clientCertPem, clientKeyPem } =
+    //             await generateMasterCerts();
+
+    //         const keygenEntity = new KeygenEntity({
+    //             caCert: caCertPem,
+    //             caKey: caKeyPem,
+    //             clientCert: clientCertPem,
+    //             clientKey: clientKeyPem,
+    //             pubKey: publicKey,
+    //             privKey: privateKey,
+    //         });
+
+    //         await prisma.keygen.create({
+    //             data: keygenEntity,
+    //         });
+
+    //         consola.success('🔐 Keygen seeded!');
+
+    //         return;
+    //     } catch (error) {
+    //         consola.error('🔐 Failed to seed keygen:', error);
+    //         process.exit(1);
+    //     }
+    // }
+
+    // if (
+    //     existingConfig.pubKey &&
+    //     existingConfig.privKey &&
+    //     (!existingConfig.caCert ||
+    //         !existingConfig.caKey ||
+    //         !existingConfig.clientCert ||
+    //         !existingConfig.clientKey)
+    // ) {
+    //     try {
+    //         const { caCertPem, caKeyPem, clientCertPem, clientKeyPem } =
+    //             await generateMasterCerts();
+
+    //         await prisma.keygen.update({
+    //             where: { uuid: existingConfig.uuid },
+    //             data: {
+    //                 caCert: caCertPem,
+    //                 caKey: caKeyPem,
+    //                 clientCert: clientCertPem,
+    //                 clientKey: clientKeyPem,
+    //             },
+    //         });
+
+    //         consola.success('🔐 Keygen updated!');
+    //         return;
+    //     } catch (error) {
+    //         consola.error('🔐 Failed to update keygen:', error);
+    //         process.exit(1);
+    //     }
+    // }
+
+    // consola.success('🔐 Keygen already seeded!');
 }
 
 async function checkDatabaseConnection() {
diff --git a/src/common/utils/certs/generate-certs.util.ts b/src/common/utils/certs/generate-certs.util.ts
@@ -9,14 +9,14 @@ import {
 } from '@peculiar/x509';
 import { generateKeyPair } from 'node:crypto';
 import { Crypto } from '@peculiar/webcrypto';
+import { customAlphabet } from 'nanoid';
 import { promisify } from 'node:util';
-import { nanoid } from 'nanoid';
 
 const generateKeyPairAsync = promisify(generateKeyPair);
 
 export async function generateMasterCerts() {
     const crypto = new Crypto();
-    const cn = nanoid(48);
+    const cn = genRandomString();
     cryptoProvider.set(crypto);
 
     // === CA (Certificate Authority) ===
@@ -64,7 +64,7 @@ export async function generateMasterCerts() {
 
     const clientCert = await X509CertificateGenerator.create({
         serialNumber: '02',
-        subject: `CN=${nanoid(48)}`,
+        subject: `CN=${genRandomString()}`,
         notBefore: new Date(),
         notAfter: new Date(new Date().setFullYear(new Date().getFullYear() + 3)),
         issuer: caCert.subjectName,
@@ -104,7 +104,6 @@ export async function generateNodeCert(
     const crypto = new Crypto();
     cryptoProvider.set(crypto);
 
-    const cn = nanoid(48);
     const caCert = new X509Certificate(caCertPem);
 
     const caPrivateKey = await crypto.subtle.importKey(
@@ -131,7 +130,7 @@ export async function generateNodeCert(
 
     const nodeCert = await X509CertificateGenerator.create({
         serialNumber: Date.now().toString(),
-        subject: `CN=${cn}`,
+        subject: `CN=${genRandomString()}`,
         issuer: caCert.subjectName,
         notBefore: new Date(),
         notAfter: new Date(new Date().setFullYear(new Date().getFullYear() + 3)),
@@ -195,3 +194,11 @@ function pemToArrayBuffer(pem: string): Uint8Array {
         .replace(/\s+/g, '');
     return new Uint8Array(Buffer.from(b64, 'base64'));
 }
+
+function genRandomString(): string {
+    const alphabet = '0123456789ABCDEFGHJKLMNPQRSTUVWXYZ_abcdefghjkmnopqrstuvwxyz-';
+    const length = Math.floor(Math.random() * 27) + 20;
+    const nanoid = customAlphabet(alphabet, length);
+
+    return nanoid();
+}
diff --git a/src/modules/keygen/keygen.service.ts b/src/modules/keygen/keygen.service.ts
@@ -25,16 +25,20 @@ export class KeygenService {
                 };
             }
 
-            const { nodeCertPem, nodeKeyPem } = await generateNodeCert(
-                pubKey.caCert!,
-                pubKey.caKey!,
-            );
+            if (!pubKey.caCert || !pubKey.caKey || !pubKey.clientCert || !pubKey.clientKey) {
+                return {
+                    isOk: false,
+                    ...ERRORS.KEYPAIR_NOT_FOUND,
+                };
+            }
+
+            const { nodeCertPem, nodeKeyPem } = await generateNodeCert(pubKey.caCert, pubKey.caKey);
 
             const nodePayload = encodeCertPayload({
                 nodeCertPem,
                 nodeKeyPem,
-                caCertPem: pubKey.caCert!,
-                jwtPublicKey: pubKey.pubKey!,
+                caCertPem: pubKey.caCert,
+                jwtPublicKey: pubKey.pubKey,
             });
 
             return {
