import { existsSync } from 'node:fs' import JSZip from 'jszip' import { getCotSslPaths, getCotPort, TRUSTSTORE_PASSWORD, COT_TLS_REQUIRED_MESSAGE, buildP12FromCertPath } from '../../utils/cotSsl.js' import { requireAuth } from '../../utils/authHelpers.js' /** * Build config.pref XML for iTAK: server connection + CA cert for trust (credentials entered in app). * connectString format: host:port:ssl or host:port:tcp */ function buildConfigPref(hostname, port, ssl) { const connectString = `${hostname}:${port}:${ssl ? 'ssl' : 'tcp'}` return ` 1 KestrelOS true ${escapeXml(connectString)} cert/caCert.p12 ${escapeXml(TRUSTSTORE_PASSWORD)} true ` } function escapeXml(s) { return String(s) .replace(/&/g, '&') .replace(//g, '>') .replace(/"/g, '"') } export default defineEventHandler(async (event) => { requireAuth(event) const config = useRuntimeConfig() const paths = getCotSslPaths(config) if (!paths || !existsSync(paths.certPath)) { setResponseStatus(event, 404) return { error: `CoT server is not using TLS. Server package ${COT_TLS_REQUIRED_MESSAGE} Use the QR code and add the server with SSL disabled (plain TCP) instead.` } } const hostname = getRequestURL(event).hostname const port = getCotPort() try { const p12 = buildP12FromCertPath(paths.certPath, TRUSTSTORE_PASSWORD) const zip = new JSZip() zip.file('config.pref', buildConfigPref(hostname, port, true)) zip.folder('cert').file('caCert.p12', p12) const blob = await zip.generateAsync({ type: 'nodebuffer' }) setHeader(event, 'Content-Type', 'application/zip') setHeader(event, 'Content-Disposition', 'attachment; filename="kestrelos-itak-server-package.zip"') return blob } catch (err) { setResponseStatus(event, 500) return { error: 'Failed to build server package.', detail: err?.message } } })