anything-llm/server/utils/boot/index.js

const { Telemetry } = require("../../models/telemetry");
const { BackgroundService } = require("../BackgroundWorkers");
const { EncryptionManager } = require("../EncryptionManager");
const { CommunicationKey } = require("../comKey");
const setupTelemetry = require("../telemetry");

// Testing SSL? You can make a self signed certificate and point the ENVs to that location
// make a directory in server called 'sslcert' - cd into it
// - openssl genrsa -aes256 -passout pass:gsahdg -out server.pass.key 4096
// - openssl rsa -passin pass:gsahdg -in server.pass.key -out server.key
// - rm server.pass.key
// - openssl req -new -key server.key -out server.csr
// Update .env keys with the correct values and boot. These are temporary and not real SSL certs - only use for local.
// Test with https://localhost:3001/api/ping
// build and copy frontend to server/public with correct API_BASE and start server in prod model and all should be ok
function bootSSL(app, port = 3001) {
  try {
    console.log(
      `\x1b[33m[SSL BOOT ENABLED]\x1b[0m Loading the certificate and key for HTTPS mode...`
    );
    const fs = require("fs");
    const https = require("https");
    const privateKey = fs.readFileSync(process.env.HTTPS_KEY_PATH);
    const certificate = fs.readFileSync(process.env.HTTPS_CERT_PATH);
    const credentials = { key: privateKey, cert: certificate };
    const server = https.createServer(credentials, app);

    server
      .listen(port, async () => {
        await setupTelemetry();
        new CommunicationKey(true);
        new EncryptionManager();
        new BackgroundService().boot();
        console.log(`Primary server in HTTPS mode listening on port ${port}`);
      })
      .on("error", catchSigTerms);

    require("@mintplex-labs/express-ws").default(app, server);
    return { app, server };
  } catch (e) {
    console.error(
      `\x1b[31m[SSL BOOT FAILED]\x1b[0m ${e.message} - falling back to HTTP boot.`,
      {
        ENABLE_HTTPS: process.env.ENABLE_HTTPS,
        HTTPS_KEY_PATH: process.env.HTTPS_KEY_PATH,
        HTTPS_CERT_PATH: process.env.HTTPS_CERT_PATH,
        stacktrace: e.stack,
      }
    );
    return bootHTTP(app, port);
  }
}

function bootHTTP(app, port = 3001) {
  if (!app) throw new Error('No "app" defined - crashing!');

  app
    .listen(port, async () => {
      await setupTelemetry();
      new CommunicationKey(true);
      new EncryptionManager();
      new BackgroundService().boot();
      console.log(`Primary server in HTTP mode listening on port ${port}`);
    })
    .on("error", catchSigTerms);

  return { app, server: null };
}

function catchSigTerms() {
  process.once("SIGUSR2", function () {
    Telemetry.flush();
    process.kill(process.pid, "SIGUSR2");
  });
  process.on("SIGINT", function () {
    Telemetry.flush();
    process.kill(process.pid, "SIGINT");
  });
}

module.exports = {
  bootHTTP,
  bootSSL,
};
523-Added support for HTTPS to Server. (#524) * Added support for HTTPS to server. * Move boot scripts to helper file catch bad ssl boot config fallback SSL boot to HTTP --------- Co-authored-by: timothycarambat <rambat1010@gmail.com> 2024-01-05 02:22:15 +01:00			`const { Telemetry } = require("../../models/telemetry");`
[BETA] Live document sync (#1719) * wip bg workers for live document sync * Add ability to re-embed specific documents across many workspaces via background queue bgworkser is gated behind expieremental system setting flag that needs to be explictly enabled UI for watching/unwatching docments that are embedded. TODO: UI to easily manage all bg tasks and see run results TODO: UI to enable this feature and background endpoints to manage it * create frontend views and paths Move elements to correct experimental scope * update migration to delete runs on removal of watched document * Add watch support to YouTube transcripts (#1716) * Add watch support to YouTube transcripts refactor how sync is done for supported types * Watch specific files in Confluence space (#1718) Add failure-prune check for runs * create tmp workflow modifications for beta image * create tmp workflow modifications for beta image * create tmp workflow modifications for beta image * dual build update copy of alert modals * update job interval * Add support for live-sync of Github files * update copy for document sync feature * hide Experimental features from UI * update docs links * [FEAT] Implement new settings menu for experimental features (#1735) * implement new settings menu for experimental features * remove unused context save bar --------- Co-authored-by: timothycarambat <rambat1010@gmail.com> * dont run job on boot * unset workflow changes * Add persistent encryption service Relay key to collector so persistent encryption can be used Encrypt any private data in chunkSources used for replay during resync jobs * update jsDOC * Linting and organization * update modal copy for feature --------- Co-authored-by: Sean Hatfield <seanhatfield5@gmail.com> 2024-06-21 22:38:50 +02:00			`const { BackgroundService } = require("../BackgroundWorkers");`
			`const { EncryptionManager } = require("../EncryptionManager");`
RSA-Signing on server<->collector communication via API (#1005) * WIP integrity check between processes * Implement integrity checking on document processor payloads 2024-04-01 22:56:35 +02:00			`const { CommunicationKey } = require("../comKey");`
523-Added support for HTTPS to Server. (#524) * Added support for HTTPS to server. * Move boot scripts to helper file catch bad ssl boot config fallback SSL boot to HTTP --------- Co-authored-by: timothycarambat <rambat1010@gmail.com> 2024-01-05 02:22:15 +01:00			`const setupTelemetry = require("../telemetry");`

patch docker scount CVE in old express-ws pkg (#1907) * patch CVE in old express-ws pkg * patch workflow * remove dev-image 2024-07-20 02:40:22 +02:00			`// Testing SSL? You can make a self signed certificate and point the ENVs to that location`
			`// make a directory in server called 'sslcert' - cd into it`
			`// - openssl genrsa -aes256 -passout pass:gsahdg -out server.pass.key 4096`
			`// - openssl rsa -passin pass:gsahdg -in server.pass.key -out server.key`
			`// - rm server.pass.key`
			`// - openssl req -new -key server.key -out server.csr`
			`// Update .env keys with the correct values and boot. These are temporary and not real SSL certs - only use for local.`
			`// Test with https://localhost:3001/api/ping`
			`// build and copy frontend to server/public with correct API_BASE and start server in prod model and all should be ok`
523-Added support for HTTPS to Server. (#524) * Added support for HTTPS to server. * Move boot scripts to helper file catch bad ssl boot config fallback SSL boot to HTTP --------- Co-authored-by: timothycarambat <rambat1010@gmail.com> 2024-01-05 02:22:15 +01:00			`function bootSSL(app, port = 3001) {`
			`try {`
			`console.log(`
			`\x1b[33m[SSL BOOT ENABLED]\x1b[0m Loading the certificate and key for HTTPS mode...`
			`);`
			`const fs = require("fs");`
			`const https = require("https");`
			`const privateKey = fs.readFileSync(process.env.HTTPS_KEY_PATH);`
			`const certificate = fs.readFileSync(process.env.HTTPS_CERT_PATH);`
			`const credentials = { key: privateKey, cert: certificate };`
Patch WSS upgrade for manual HTTPS certs (#1429) * Patch WSS upgrade for manual HTTPS certs * update comment * refactor 2024-05-17 23:03:25 +02:00			`const server = https.createServer(credentials, app);`
523-Added support for HTTPS to Server. (#524) * Added support for HTTPS to server. * Move boot scripts to helper file catch bad ssl boot config fallback SSL boot to HTTP --------- Co-authored-by: timothycarambat <rambat1010@gmail.com> 2024-01-05 02:22:15 +01:00
Patch WSS upgrade for manual HTTPS certs (#1429) * Patch WSS upgrade for manual HTTPS certs * update comment * refactor 2024-05-17 23:03:25 +02:00			`server`
523-Added support for HTTPS to Server. (#524) * Added support for HTTPS to server. * Move boot scripts to helper file catch bad ssl boot config fallback SSL boot to HTTP --------- Co-authored-by: timothycarambat <rambat1010@gmail.com> 2024-01-05 02:22:15 +01:00			`.listen(port, async () => {`
			`await setupTelemetry();`
RSA-Signing on server<->collector communication via API (#1005) * WIP integrity check between processes * Implement integrity checking on document processor payloads 2024-04-01 22:56:35 +02:00			`new CommunicationKey(true);`
[BETA] Live document sync (#1719) * wip bg workers for live document sync * Add ability to re-embed specific documents across many workspaces via background queue bgworkser is gated behind expieremental system setting flag that needs to be explictly enabled UI for watching/unwatching docments that are embedded. TODO: UI to easily manage all bg tasks and see run results TODO: UI to enable this feature and background endpoints to manage it * create frontend views and paths Move elements to correct experimental scope * update migration to delete runs on removal of watched document * Add watch support to YouTube transcripts (#1716) * Add watch support to YouTube transcripts refactor how sync is done for supported types * Watch specific files in Confluence space (#1718) Add failure-prune check for runs * create tmp workflow modifications for beta image * create tmp workflow modifications for beta image * create tmp workflow modifications for beta image * dual build update copy of alert modals * update job interval * Add support for live-sync of Github files * update copy for document sync feature * hide Experimental features from UI * update docs links * [FEAT] Implement new settings menu for experimental features (#1735) * implement new settings menu for experimental features * remove unused context save bar --------- Co-authored-by: timothycarambat <rambat1010@gmail.com> * dont run job on boot * unset workflow changes * Add persistent encryption service Relay key to collector so persistent encryption can be used Encrypt any private data in chunkSources used for replay during resync jobs * update jsDOC * Linting and organization * update modal copy for feature --------- Co-authored-by: Sean Hatfield <seanhatfield5@gmail.com> 2024-06-21 22:38:50 +02:00			`new EncryptionManager();`
			`new BackgroundService().boot();`
523-Added support for HTTPS to Server. (#524) * Added support for HTTPS to server. * Move boot scripts to helper file catch bad ssl boot config fallback SSL boot to HTTP --------- Co-authored-by: timothycarambat <rambat1010@gmail.com> 2024-01-05 02:22:15 +01:00			console.log(`Primary server in HTTPS mode listening on port ${port}`);
			`})`
			`.on("error", catchSigTerms);`
Patch WSS upgrade for manual HTTPS certs (#1429) * Patch WSS upgrade for manual HTTPS certs * update comment * refactor 2024-05-17 23:03:25 +02:00
patch docker scount CVE in old express-ws pkg (#1907) * patch CVE in old express-ws pkg * patch workflow * remove dev-image 2024-07-20 02:40:22 +02:00			`require("@mintplex-labs/express-ws").default(app, server);`
Patch WSS upgrade for manual HTTPS certs (#1429) * Patch WSS upgrade for manual HTTPS certs * update comment * refactor 2024-05-17 23:03:25 +02:00			`return { app, server };`
523-Added support for HTTPS to Server. (#524) * Added support for HTTPS to server. * Move boot scripts to helper file catch bad ssl boot config fallback SSL boot to HTTP --------- Co-authored-by: timothycarambat <rambat1010@gmail.com> 2024-01-05 02:22:15 +01:00			`} catch (e) {`
			`console.error(`
			`\x1b[31m[SSL BOOT FAILED]\x1b[0m ${e.message} - falling back to HTTP boot.`,
			`{`
			`ENABLE_HTTPS: process.env.ENABLE_HTTPS,`
			`HTTPS_KEY_PATH: process.env.HTTPS_KEY_PATH,`
			`HTTPS_CERT_PATH: process.env.HTTPS_CERT_PATH,`
			`stacktrace: e.stack,`
			`}`
			`);`
			`return bootHTTP(app, port);`
			`}`
			`}`

			`function bootHTTP(app, port = 3001) {`
			`if (!app) throw new Error('No "app" defined - crashing!');`

			`app`
			`.listen(port, async () => {`
			`await setupTelemetry();`
RSA-Signing on server<->collector communication via API (#1005) * WIP integrity check between processes * Implement integrity checking on document processor payloads 2024-04-01 22:56:35 +02:00			`new CommunicationKey(true);`
[BETA] Live document sync (#1719) * wip bg workers for live document sync * Add ability to re-embed specific documents across many workspaces via background queue bgworkser is gated behind expieremental system setting flag that needs to be explictly enabled UI for watching/unwatching docments that are embedded. TODO: UI to easily manage all bg tasks and see run results TODO: UI to enable this feature and background endpoints to manage it * create frontend views and paths Move elements to correct experimental scope * update migration to delete runs on removal of watched document * Add watch support to YouTube transcripts (#1716) * Add watch support to YouTube transcripts refactor how sync is done for supported types * Watch specific files in Confluence space (#1718) Add failure-prune check for runs * create tmp workflow modifications for beta image * create tmp workflow modifications for beta image * create tmp workflow modifications for beta image * dual build update copy of alert modals * update job interval * Add support for live-sync of Github files * update copy for document sync feature * hide Experimental features from UI * update docs links * [FEAT] Implement new settings menu for experimental features (#1735) * implement new settings menu for experimental features * remove unused context save bar --------- Co-authored-by: timothycarambat <rambat1010@gmail.com> * dont run job on boot * unset workflow changes * Add persistent encryption service Relay key to collector so persistent encryption can be used Encrypt any private data in chunkSources used for replay during resync jobs * update jsDOC * Linting and organization * update modal copy for feature --------- Co-authored-by: Sean Hatfield <seanhatfield5@gmail.com> 2024-06-21 22:38:50 +02:00			`new EncryptionManager();`
			`new BackgroundService().boot();`
523-Added support for HTTPS to Server. (#524) * Added support for HTTPS to server. * Move boot scripts to helper file catch bad ssl boot config fallback SSL boot to HTTP --------- Co-authored-by: timothycarambat <rambat1010@gmail.com> 2024-01-05 02:22:15 +01:00			console.log(`Primary server in HTTP mode listening on port ${port}`);
			`})`
			`.on("error", catchSigTerms);`
Patch WSS upgrade for manual HTTPS certs (#1429) * Patch WSS upgrade for manual HTTPS certs * update comment * refactor 2024-05-17 23:03:25 +02:00
			`return { app, server: null };`
523-Added support for HTTPS to Server. (#524) * Added support for HTTPS to server. * Move boot scripts to helper file catch bad ssl boot config fallback SSL boot to HTTP --------- Co-authored-by: timothycarambat <rambat1010@gmail.com> 2024-01-05 02:22:15 +01:00			`}`

			`function catchSigTerms() {`
			`process.once("SIGUSR2", function () {`
			`Telemetry.flush();`
			`process.kill(process.pid, "SIGUSR2");`
			`});`
			`process.on("SIGINT", function () {`
			`Telemetry.flush();`
			`process.kill(process.pid, "SIGINT");`
			`});`
			`}`

			`module.exports = {`
			`bootHTTP,`
			`bootSSL,`
			`};`