Merge 69c779b382 into 20820f5a5a

Co-authored-by: Frank Elsinga <frank@elsinga.de>

package-lock.json

@@ -1,12 +1,12 @@
 {
     "name": "uptime-kuma",
-    "version": "2.0.0-beta.0",
+    "version": "2.0.0-beta.1",
     "lockfileVersion": 3,
     "requires": true,
     "packages": {
         "": {
             "name": "uptime-kuma",
-            "version": "2.0.0-beta.0",
+            "version": "2.0.0-beta.1",
             "license": "MIT",
             "dependencies": {
                 "@grpc/grpc-js": "~1.8.22",
@@ -37,8 +37,8 @@
                 "html-escaper": "^3.0.3",
                 "http-cookie-agent": "~5.0.4",
                 "http-graceful-shutdown": "~3.1.7",
-                "http-proxy-agent": "~5.0.0",
+                "http-proxy-agent": "~7.0.2",
-                "https-proxy-agent": "~5.0.1",
+                "https-proxy-agent": "~7.0.6",
                 "iconv-lite": "~0.6.3",
                 "isomorphic-ws": "^5.0.0",
                 "jsesc": "~3.0.2",
@@ -60,7 +60,7 @@
                 "node-cloudflared-tunnel": "~1.0.9",
                 "node-radius-client": "~1.0.0",
                 "nodemailer": "~6.9.13",
-                "nostr-tools": "^1.13.1",
+                "nostr-tools": "^2.10.4",
                 "notp": "~2.0.3",
                 "openid-client": "^5.4.2",
                 "password-hash": "~1.2.2",
@@ -77,7 +77,7 @@
                 "semver": "~7.5.4",
                 "socket.io": "~4.8.0",
                 "socket.io-client": "~4.8.0",
-                "socks-proxy-agent": "6.1.1",
+                "socks-proxy-agent": "~8.0.5",
                 "tar": "~6.2.1",
                 "tcp-ping": "~0.1.1",
                 "thirty-two": "~1.0.2",
@@ -1052,32 +1052,6 @@
                 "node": ">=18.0.0"
             }
         },
-        "node_modules/@azure/core-rest-pipeline/node_modules/http-proxy-agent": {
-            "version": "7.0.2",
-            "resolved": "https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-7.0.2.tgz",
-            "integrity": "sha512-T1gkAiYYDWYx3V5Bmyu7HcfcvL7mUrTWiM6yOfa3PIphViJ/gFPbvidQ+veqSOHci/PxBcDabeUNCzpOODJZig==",
-            "license": "MIT",
-            "dependencies": {
-                "agent-base": "^7.1.0",
-                "debug": "^4.3.4"
-            },
-            "engines": {
-                "node": ">= 14"
-            }
-        },
-        "node_modules/@azure/core-rest-pipeline/node_modules/https-proxy-agent": {
-            "version": "7.0.6",
-            "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.6.tgz",
-            "integrity": "sha512-vK9P5/iUfdl95AI+JVyUuIcVtd4ofvtrOr3HNtM2yxC9bnMbEdp3x01OhQNnjb8IJYi38VlTE3mBXwcfvywuSw==",
-            "license": "MIT",
-            "dependencies": {
-                "agent-base": "^7.1.2",
-                "debug": "4"
-            },
-            "engines": {
-                "node": ">= 14"
-            }
-        },
         "node_modules/@azure/core-tracing": {
             "version": "1.2.0",
             "resolved": "https://registry.npmjs.org/@azure/core-tracing/-/core-tracing-1.2.0.tgz",
@@ -2827,6 +2801,29 @@
                 "node-pre-gyp": "bin/node-pre-gyp"
             }
         },
+        "node_modules/@mapbox/node-pre-gyp/node_modules/agent-base": {
+            "version": "6.0.2",
+            "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz",
+            "integrity": "sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==",
+            "dependencies": {
+                "debug": "4"
+            },
+            "engines": {
+                "node": ">= 6.0.0"
+            }
+        },
+        "node_modules/@mapbox/node-pre-gyp/node_modules/https-proxy-agent": {
+            "version": "5.0.1",
+            "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz",
+            "integrity": "sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA==",
+            "dependencies": {
+                "agent-base": "6",
+                "debug": "4"
+            },
+            "engines": {
+                "node": ">= 6"
+            }
+        },
         "node_modules/@mongodb-js/saslprep": {
             "version": "1.1.9",
             "resolved": "https://registry.npmjs.org/@mongodb-js/saslprep/-/saslprep-1.1.9.tgz",
@@ -2838,9 +2835,9 @@
             }
         },
         "node_modules/@noble/ciphers": {
-            "version": "0.2.0",
+            "version": "0.5.3",
-            "resolved": "https://registry.npmjs.org/@noble/ciphers/-/ciphers-0.2.0.tgz",
+            "resolved": "https://registry.npmjs.org/@noble/ciphers/-/ciphers-0.5.3.tgz",
-            "integrity": "sha512-6YBxJDAapHSdd3bLDv6x2wRPwq4QFMUaB3HvljNBUTThDd12eSm7/3F+2lnfzx2jvM+S6Nsy0jEt9QbPqSwqRw==",
+            "integrity": "sha512-B0+6IIHiqEs3BPMT0hcRmHvEj2QHOLu+uwt+tqDDeVd0oyVzh7BPrDcPjRnV1PV/5LaknXJJQvOuRGR0zQJz+w==",
             "license": "MIT",
             "funding": {
                 "url": "https://paulmillr.com/funding/"
@@ -4270,15 +4267,6 @@
                 "testcontainers": "^10.16.0"
             }
         },
-        "node_modules/@tootallnate/once": {
-            "version": "2.0.0",
-            "resolved": "https://registry.npmjs.org/@tootallnate/once/-/once-2.0.0.tgz",
-            "integrity": "sha512-XCuKFP5PS55gnMVu3dty8KPatLqUoy/ZYzDzAGCQ8JNFCkLXzmI7vNHCR+XpbZaMWQK/vQubr7PkYq8g470J/A==",
-            "license": "MIT",
-            "engines": {
-                "node": ">= 10"
-            }
-        },
         "node_modules/@types/accepts": {
             "version": "1.3.7",
             "resolved": "https://registry.npmjs.org/@types/accepts/-/accepts-1.3.7.tgz",
@@ -10117,29 +10105,15 @@
             }
         },
         "node_modules/http-proxy-agent": {
-            "version": "5.0.0",
+            "version": "7.0.2",
-            "resolved": "https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-5.0.0.tgz",
+            "resolved": "https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-7.0.2.tgz",
-            "integrity": "sha512-n2hY8YdoRE1i7r6M0w9DIw5GgZN0G25P8zLCRQ8rjXtTU3vsNFBI/vWK/UIeE6g5MUUz6avwAPXmL6Fy9D/90w==",
+            "integrity": "sha512-T1gkAiYYDWYx3V5Bmyu7HcfcvL7mUrTWiM6yOfa3PIphViJ/gFPbvidQ+veqSOHci/PxBcDabeUNCzpOODJZig==",
-            "license": "MIT",
             "dependencies": {
-                "@tootallnate/once": "2",
+                "agent-base": "^7.1.0",
-                "agent-base": "6",
+                "debug": "^4.3.4"
-                "debug": "4"
             },
             "engines": {
-                "node": ">= 6"
+                "node": ">= 14"
-            }
-        },
-        "node_modules/http-proxy-agent/node_modules/agent-base": {
-            "version": "6.0.2",
-            "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz",
-            "integrity": "sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==",
-            "license": "MIT",
-            "dependencies": {
-                "debug": "4"
-            },
-            "engines": {
-                "node": ">= 6.0.0"
             }
         },
         "node_modules/http2-wrapper": {
@@ -10156,28 +10130,15 @@
             }
         },
         "node_modules/https-proxy-agent": {
-            "version": "5.0.1",
+            "version": "7.0.6",
-            "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz",
+            "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.6.tgz",
-            "integrity": "sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA==",
+            "integrity": "sha512-vK9P5/iUfdl95AI+JVyUuIcVtd4ofvtrOr3HNtM2yxC9bnMbEdp3x01OhQNnjb8IJYi38VlTE3mBXwcfvywuSw==",
-            "license": "MIT",
             "dependencies": {
-                "agent-base": "6",
+                "agent-base": "^7.1.2",
                 "debug": "4"
             },
             "engines": {
-                "node": ">= 6"
+                "node": ">= 14"
-            }
-        },
-        "node_modules/https-proxy-agent/node_modules/agent-base": {
-            "version": "6.0.2",
-            "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz",
-            "integrity": "sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==",
-            "license": "MIT",
-            "dependencies": {
-                "debug": "4"
-            },
-            "engines": {
-                "node": ">= 6.0.0"
             }
         },
         "node_modules/human-signals": {
@@ -11679,6 +11640,33 @@
                 "node": ">= 6"
             }
         },
+        "node_modules/make-fetch-happen/node_modules/https-proxy-agent": {
+            "version": "5.0.1",
+            "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz",
+            "integrity": "sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA==",
+            "optional": true,
+            "dependencies": {
+                "agent-base": "6",
+                "debug": "4"
+            },
+            "engines": {
+                "node": ">= 6"
+            }
+        },
+        "node_modules/make-fetch-happen/node_modules/socks-proxy-agent": {
+            "version": "6.2.1",
+            "resolved": "https://registry.npmjs.org/socks-proxy-agent/-/socks-proxy-agent-6.2.1.tgz",
+            "integrity": "sha512-a6KW9G+6B3nWZ1yB8G7pJwL3ggLy1uTzKAgCb7ttblwqdz9fMGJUuTy3uFzEP48FAs9FLILlmzDlE2JJhVQaXQ==",
+            "optional": true,
+            "dependencies": {
+                "agent-base": "^6.0.2",
+                "debug": "^4.3.3",
+                "socks": "^2.6.2"
+            },
+            "engines": {
+                "node": ">= 10"
+            }
+        },
         "node_modules/map-obj": {
             "version": "4.3.0",
             "resolved": "https://registry.npmjs.org/map-obj/-/map-obj-4.3.0.tgz",
@@ -12582,18 +12570,21 @@
             }
         },
         "node_modules/nostr-tools": {
-            "version": "1.17.0",
+            "version": "2.10.4",
-            "resolved": "https://registry.npmjs.org/nostr-tools/-/nostr-tools-1.17.0.tgz",
+            "resolved": "https://registry.npmjs.org/nostr-tools/-/nostr-tools-2.10.4.tgz",
-            "integrity": "sha512-LZmR8GEWKZeElbFV5Xte75dOeE9EFUW/QLI1Ncn3JKn0kFddDKEfBbFN8Mu4TMs+L4HR/WTPha2l+PPuRnJcMw==",
+            "integrity": "sha512-biU7sk+jxHgVASfobg2T5ttxOGGSt69wEVBC51sHHOEaKAAdzHBLV/I2l9Rf61UzClhliZwNouYhqIso4a3HYg==",
             "license": "Unlicense",
             "dependencies": {
-                "@noble/ciphers": "0.2.0",
+                "@noble/ciphers": "^0.5.1",
-                "@noble/curves": "1.1.0",
+                "@noble/curves": "1.2.0",
                 "@noble/hashes": "1.3.1",
                 "@scure/base": "1.1.1",
                 "@scure/bip32": "1.3.1",
                 "@scure/bip39": "1.2.1"
             },
+            "optionalDependencies": {
+                "nostr-wasm": "0.1.0"
+            },
             "peerDependencies": {
                 "typescript": ">=5.0.0"
             },
@@ -12603,6 +12594,37 @@
                 }
             }
         },
+        "node_modules/nostr-tools/node_modules/@noble/curves": {
+            "version": "1.2.0",
+            "resolved": "https://registry.npmjs.org/@noble/curves/-/curves-1.2.0.tgz",
+            "integrity": "sha512-oYclrNgRaM9SsBUBVbb8M6DTV7ZHRTKugureoYEncY5c65HOmRzvSiTE3y5CYaPYJA/GVkrhXEoF0M3Ya9PMnw==",
+            "license": "MIT",
+            "dependencies": {
+                "@noble/hashes": "1.3.2"
+            },
+            "funding": {
+                "url": "https://paulmillr.com/funding/"
+            }
+        },
+        "node_modules/nostr-tools/node_modules/@noble/curves/node_modules/@noble/hashes": {
+            "version": "1.3.2",
+            "resolved": "https://registry.npmjs.org/@noble/hashes/-/hashes-1.3.2.tgz",
+            "integrity": "sha512-MVC8EAQp7MvEcm30KWENFjgR+Mkmf+D189XJTkFIlwohU5hcBbn1ZkKq7KVTi2Hme3PMGF390DaL52beVrIihQ==",
+            "license": "MIT",
+            "engines": {
+                "node": ">= 16"
+            },
+            "funding": {
+                "url": "https://paulmillr.com/funding/"
+            }
+        },
+        "node_modules/nostr-wasm": {
+            "version": "0.1.0",
+            "resolved": "https://registry.npmjs.org/nostr-wasm/-/nostr-wasm-0.1.0.tgz",
+            "integrity": "sha512-78BTryCLcLYv96ONU8Ws3Q1JzjlAt+43pWQhIl86xZmWeegYCNLPml7yQ+gG3vR6V5h4XGj+TxO+SS5dsThQIA==",
+            "license": "MIT",
+            "optional": true
+        },
         "node_modules/notp": {
             "version": "2.0.3",
             "resolved": "https://registry.npmjs.org/notp/-/notp-2.0.3.tgz",
@@ -15227,29 +15249,16 @@
             }
         },
         "node_modules/socks-proxy-agent": {
-            "version": "6.1.1",
+            "version": "8.0.5",
-            "resolved": "https://registry.npmjs.org/socks-proxy-agent/-/socks-proxy-agent-6.1.1.tgz",
+            "resolved": "https://registry.npmjs.org/socks-proxy-agent/-/socks-proxy-agent-8.0.5.tgz",
-            "integrity": "sha512-t8J0kG3csjA4g6FTbsMOWws+7R7vuRC8aQ/wy3/1OWmsgwA68zs/+cExQ0koSitUDXqhufF/YJr9wtNMZHw5Ew==",
+            "integrity": "sha512-HehCEsotFqbPW9sJ8WVYB6UbmIMv7kUUORIF2Nncq4VQvBfNBLibW9YZR5dlYCSUhwcD628pRllm7n+E+YTzJw==",
-            "license": "MIT",
             "dependencies": {
-                "agent-base": "^6.0.2",
+                "agent-base": "^7.1.2",
-                "debug": "^4.3.1",
+                "debug": "^4.3.4",
-                "socks": "^2.6.1"
+                "socks": "^2.8.3"
             },
             "engines": {
-                "node": ">= 10"
+                "node": ">= 14"
-            }
-        },
-        "node_modules/socks-proxy-agent/node_modules/agent-base": {
-            "version": "6.0.2",
-            "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz",
-            "integrity": "sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==",
-            "license": "MIT",
-            "dependencies": {
-                "debug": "4"
-            },
-            "engines": {
-                "node": ">= 6.0.0"
             }
         },
         "node_modules/sortablejs": {

package.json

@@ -95,8 +95,8 @@
         "html-escaper": "^3.0.3",
         "http-cookie-agent": "~5.0.4",
         "http-graceful-shutdown": "~3.1.7",
-        "http-proxy-agent": "~5.0.0",
+        "http-proxy-agent": "~7.0.2",
-        "https-proxy-agent": "~5.0.1",
+        "https-proxy-agent": "~7.0.6",
         "iconv-lite": "~0.6.3",
         "isomorphic-ws": "^5.0.0",
         "jsesc": "~3.0.2",
@@ -118,7 +118,7 @@
         "node-cloudflared-tunnel": "~1.0.9",
         "node-radius-client": "~1.0.0",
         "nodemailer": "~6.9.13",
-        "nostr-tools": "^1.13.1",
+        "nostr-tools": "^2.10.4",
         "notp": "~2.0.3",
         "openid-client": "^5.4.2",
         "password-hash": "~1.2.2",
@@ -135,7 +135,7 @@
         "semver": "~7.5.4",
         "socket.io": "~4.8.0",
         "socket.io-client": "~4.8.0",
-        "socks-proxy-agent": "6.1.1",
+        "socks-proxy-agent": "~8.0.5",
         "tar": "~6.2.1",
         "tcp-ping": "~0.1.1",
         "thirty-two": "~1.0.2",

server/database.js

@@ -184,10 +184,18 @@ class Database {
 
     /**
      * @typedef {string|undefined} envString
-     * @param {{type: "sqlite"} | {type:envString, hostname:envString, port:envString, database:envString, username:envString, password:envString}} dbConfig the database configuration that should be written
+     * @param {{type: "sqlite"} | {type:envString, hostname:envString, port:envString, database:envString, username:envString, password:envString, caFilePath:envString}} dbConfig the database configuration that should be written
      * @returns {void}
      */
     static writeDBConfig(dbConfig) {
+        // Move CA file to the data directory
+        if (dbConfig.caFilePath) {
+            const dataCaFilePath = path.join(Database.dataDir, "mariadb-ca.pem");
+            fs.renameSync(dbConfig.caFilePath, dataCaFilePath);
+            dbConfig.caFilePath = dataCaFilePath;
+            dbConfig.ssl = undefined;
+            dbConfig.caFile = undefined;
+        }
         fs.writeFileSync(path.join(Database.dataDir, "db-config.json"), JSON.stringify(dbConfig, null, 4));
     }
 
@@ -259,11 +267,22 @@ class Database {
                 throw Error("Invalid database name. A database name can only consist of letters, numbers and underscores");
             }
 
+            let sslConfig = null;
+            let serverCa = undefined;
+            if (dbConfig.caFilePath) {
+                serverCa = [ fs.readFileSync(dbConfig.caFilePath, "utf8") ];
+                sslConfig = {
+                    rejectUnauthorized: true,
+                    ca: serverCa
+                };
+            }
+
             const connection = await mysql.createConnection({
                 host: dbConfig.hostname,
                 port: dbConfig.port,
                 user: dbConfig.username,
                 password: dbConfig.password,
+                ssl: sslConfig
             });
 
             await connection.execute("CREATE DATABASE IF NOT EXISTS " + dbConfig.dbName + " CHARACTER SET utf8mb4");
@@ -277,7 +296,9 @@ class Database {
                     user: dbConfig.username,
                     password: dbConfig.password,
                     database: dbConfig.dbName,
+                    ssl: sslConfig,
                     timezone: "Z",
+                    //ssl: sslConfig,
                     typeCast: function (field, next) {
                         if (field.type === "DATETIME") {
                             // Do not perform timezone conversion

server/notification-providers/nostr.js

@@ -1,11 +1,10 @@
 const NotificationProvider = require("./notification-provider");
 const {
-    relayInit,
+    finalizeEvent,
-    getPublicKey,
+    Relay,
-    getEventHash,
+    kinds,
-    getSignature,
     nip04,
-    nip19
+    nip19,
 } = require("nostr-tools");
 
 // polyfills for node versions
@@ -31,7 +30,6 @@ class Nostr extends NotificationProvider {
         const createdAt = Math.floor(Date.now() / 1000);
 
         const senderPrivateKey = await this.getPrivateKey(notification.sender);
-        const senderPublicKey = getPublicKey(senderPrivateKey);
         const recipientsPublicKeys = await this.getPublicKeys(notification.recipients);
 
         // Create NIP-04 encrypted direct message event for each recipient
@@ -39,34 +37,41 @@ class Nostr extends NotificationProvider {
         for (const recipientPublicKey of recipientsPublicKeys) {
             const ciphertext = await nip04.encrypt(senderPrivateKey, recipientPublicKey, msg);
             let event = {
-                kind: 4,
+                kind: kinds.EncryptedDirectMessage,
-                pubkey: senderPublicKey,
                 created_at: createdAt,
                 tags: [[ "p", recipientPublicKey ]],
                 content: ciphertext,
             };
-            event.id = getEventHash(event);
+            const signedEvent = finalizeEvent(event, senderPrivateKey);
-            event.sig = getSignature(event, senderPrivateKey);
+            events.push(signedEvent);
-            events.push(event);
         }
 
         // Publish events to each relay
         const relays = notification.relays.split("\n");
         let successfulRelays = 0;
-
-        // Connect to each relay
         for (const relayUrl of relays) {
-            const relay = relayInit(relayUrl);
+            const relay = await Relay.connect(relayUrl);
-            try {
+            let eventIndex = 0;
-                await relay.connect();
-                successfulRelays++;
 
-                // Publish events
+            // Authenticate to the relay, if required
-                for (const event of events) {
+            try {
-                    relay.publish(event);
+                await relay.publish(events[0]);
-                }
+                eventIndex = 1;
             } catch (error) {
-                continue;
+                if (relay.challenge) {
+                    await relay.auth(async (evt) => {
+                        return finalizeEvent(evt, senderPrivateKey);
+                    });
+                }
+            }
+
+            try {
+                for (let i = eventIndex; i < events.length; i++) {
+                    await relay.publish(events[i]);
+                }
+                successfulRelays++;
+            } catch (error) {
+                console.error(`Failed to publish event to ${relayUrl}:`, error);
             } finally {
                 relay.close();
             }
@@ -90,7 +95,7 @@ class Nostr extends NotificationProvider {
             const { data } = senderDecodeResult;
             return data;
         } catch (error) {
-            throw new Error(`Failed to get private key: ${error.message}`);
+            throw new Error(`Failed to decode private key for sender ${sender}: ${error.message}`);
         }
     }
 
@@ -109,10 +114,10 @@ class Nostr extends NotificationProvider {
                 if (type === "npub") {
                     publicKeys.push(data);
                 } else {
-                    throw new Error("not an npub");
+                    throw new Error(`Recipient ${recipient} is not an npub`);
                 }
             } catch (error) {
-                throw new Error(`Error decoding recipient: ${error}`);
+                throw new Error(`Error decoding recipient ${recipient}: ${error}`);
             }
         }
         return publicKeys;

server/notification-providers/pushdeer.js

@@ -11,7 +11,8 @@ class PushDeer extends NotificationProvider {
     async send(notification, msg, monitorJSON = null, heartbeatJSON = null) {
         const okMsg = "Sent Successfully.";
         const serverUrl = notification.pushdeerServer || "https://api2.pushdeer.com";
-        const url = `${serverUrl.trim().replace(/\/*$/, "")}/message/push`;
+        // capture group below is nessesary to prevent an ReDOS-attack
+        const url = `${serverUrl.trim().replace(/([^/])\/+$/, "$1")}/message/push`;
 
         let valid = msg != null && monitorJSON != null && heartbeatJSON != null;
 

server/notification-providers/whapi.js

@@ -24,7 +24,7 @@ class Whapi extends NotificationProvider {
                 "body": msg,
             };
 
-            let url = (notification.whapiApiUrl || "https://gate.whapi.cloud/").replace(/\/+$/, "") + "/messages/text";
+            let url = (notification.whapiApiUrl || "https://gate.whapi.cloud/").replace(/([^/])\/+$/, "$1") + "/messages/text";
 
             await axios.post(url, data, config);
 

server/proxy.js

@@ -1,7 +1,7 @@
 const { R } = require("redbean-node");
-const HttpProxyAgent = require("http-proxy-agent");
+const { HttpProxyAgent } = require("http-proxy-agent");
-const HttpsProxyAgent = require("https-proxy-agent");
+const { HttpsProxyAgent } = require("https-proxy-agent");
-const SocksProxyAgent = require("socks-proxy-agent");
+const { SocksProxyAgent } = require("socks-proxy-agent");
 const { debug } = require("../src/util");
 const { UptimeKumaServer } = require("./uptime-kuma-server");
 const { CookieJar } = require("tough-cookie");
@@ -100,17 +100,17 @@ class Proxy {
         let jar = new CookieJar();
 
         const proxyOptions = {
-            protocol: proxy.protocol,
-            host: proxy.host,
-            port: proxy.port,
             cookies: { jar },
         };
 
+        const proxyUrl = new URL(`${proxy.protocol}://${proxy.host}:${proxy.port}`);
+
         if (proxy.auth) {
-            proxyOptions.auth = `${proxy.username}:${proxy.password}`;
+            proxyUrl.username = proxy.username;
+            proxyUrl.password = proxy.password;
         }
 
-        debug(`Proxy Options: ${JSON.stringify(proxyOptions)}`);
+        debug(`Proxy URL: ${proxyUrl.toString()}`);
         debug(`HTTP Agent Options: ${JSON.stringify(httpAgentOptions)}`);
         debug(`HTTPS Agent Options: ${JSON.stringify(httpsAgentOptions)}`);
 
@@ -122,15 +122,15 @@ class Proxy {
                 // eslint-disable-next-line no-case-declarations
                 const HttpsCookieProxyAgent = createCookieAgent(HttpsProxyAgent);
 
-                httpAgent = new HttpCookieProxyAgent({
+                httpAgent = new HttpCookieProxyAgent(proxyUrl.toString(), {
-                    ...httpAgentOptions || {},
+                    ...(httpAgentOptions || {}),
+                    ...proxyOptions,
+                });
+                httpsAgent = new HttpsCookieProxyAgent(proxyUrl.toString(), {
+                    ...(httpsAgentOptions || {}),
                     ...proxyOptions,
                 });
 
-                httpsAgent = new HttpsCookieProxyAgent({
-                    ...httpsAgentOptions || {},
-                    ...proxyOptions,
-                });
                 break;
             case "socks":
             case "socks5":
@@ -138,10 +138,9 @@ class Proxy {
             case "socks4":
                 // eslint-disable-next-line no-case-declarations
                 const SocksCookieProxyAgent = createCookieAgent(SocksProxyAgent);
-                agent = new SocksCookieProxyAgent({
+                agent = new SocksCookieProxyAgent(proxyUrl.toString(), {
                     ...httpAgentOptions,
                     ...httpsAgentOptions,
-                    ...proxyOptions,
                     tls: {
                         rejectUnauthorized: httpsAgentOptions.rejectUnauthorized,
                     },

server/setup-database.js

@@ -77,6 +77,7 @@ class SetupDatabase {
             dbConfig.dbName = process.env.UPTIME_KUMA_DB_NAME;
             dbConfig.username = process.env.UPTIME_KUMA_DB_USERNAME;
             dbConfig.password = process.env.UPTIME_KUMA_DB_PASSWORD;
+            dbConfig.caFilePath = process.env.UPTIME_KUMA_DB_CA_CERT;
             Database.writeDBConfig(dbConfig);
         }
 
@@ -206,13 +207,43 @@ class SetupDatabase {
                         return;
                     }
 
+                    // Prevent someone from injecting a CA file path not generated by the code below
+                    if (dbConfig.caFilePath) {
+                        dbConfig.caFilePath = undefined;
+                    }
+
+                    if (dbConfig.caFile) {
+                        const base64Data = dbConfig.caFile.replace(/^data:application\/octet-stream;base64,/, "");
+                        const binaryData = Buffer.from(base64Data, "base64").toString("binary");
+                        const tempCaDirectory = fs.mkdtempSync("kuma-ca-");
+                        dbConfig.caFilePath = path.join(tempCaDirectory, "ca.pem");
+                        try {
+                            fs.writeFileSync(dbConfig.caFilePath, binaryData, "binary");
+                        } catch (err) {
+
+                            response.status(400).json("Cannot write CA file: " + err.message);
+                            this.runningSetup = false;
+                            return;
+                        }
+                        dbConfig.ssl = {
+                            rejectUnauthorized: true,
+                            ca: [ fs.readFileSync(dbConfig.caFilePath) ]
+                        };
+                    }
+
                     // Test connection
                     try {
+                        let sslConfig = null;
+                        if (dbConfig.ssl) {
+                            sslConfig = dbConfig.ssl;
+                        }
+
                         const connection = await mysql.createConnection({
                             host: dbConfig.hostname,
                             port: dbConfig.port,
                             user: dbConfig.username,
                             password: dbConfig.password,
+                            ssl: sslConfig
                         });
                         await connection.execute("SELECT 1");
                         connection.end();

src/lang/en.json

@@ -4,6 +4,7 @@
     "setupDatabaseEmbeddedMariaDB": "You don't need to set anything. This docker image has embedded and configured MariaDB for you automatically. Uptime Kuma will connect to this database via unix socket.",
     "setupDatabaseMariaDB": "Connect to an external MariaDB database. You need to set the database connection information.",
     "setupDatabaseSQLite": "A simple database file, recommended for small-scale deployments. Prior to v2.0.0, Uptime Kuma used SQLite as the default database.",
+    "configureMariaCaFile": "You will sometimes need to provide a CA certificate to connect to database with 'require-secure-transport' on. Such as when using Azure MySql flexible servers. You can upload the CA file that will be used to enable a secure connection.",
     "settingUpDatabaseMSG": "Setting up the database. It may take a while, please be patient.",
     "dbName": "Database Name",
     "Settings": "Settings",

src/pages/SetupDatabase.vue

@@ -90,8 +90,12 @@
                         <input id="floatingInput" v-model="dbConfig.dbName" type="text" class="form-control" required>
                         <label for="floatingInput">{{ $t("dbName") }}</label>
                     </div>
-                </template>
 
+                    <div class="mb2 mt-3 short">
+                        <p class="mb-2">{{ $t("configureMariaCaFile") }}</p>
+                        <input id="ca-input" type="file" accept="application/x-pem-file, .pem" class="form-control" @change="onCaFileChange">
+                    </div>
+                </template>
                 <button class="btn btn-primary mt-4 short" type="submit" :disabled="disabledButton">
                     {{ $t("Next") }}
                 </button>
@@ -117,6 +121,7 @@ export default {
                 username: "",
                 password: "",
                 dbName: "kuma",
+                caFile: ""
             },
             info: {
                 needSetup: false,
@@ -178,6 +183,15 @@ export default {
             }
         },
 
+        onCaFileChange(e) {
+            const fileReader = new FileReader();
+            fileReader.onload = () => {
+                this.dbConfig.caFile = fileReader.result;
+                console.log(this.dbConfig.caFile);
+            };
+            fileReader.readAsDataURL(e.target.files[0]);
+        },
+
         test() {
             this.$root.toastError("not implemented");
         }
@@ -186,6 +200,22 @@ export default {
 </script>
 
 <style lang="scss" scoped>
+@import "../assets/vars.scss";
+
+.dark {
+    #ca-input {
+        &::file-selector-button {
+            color: $primary;
+            background-color: $dark-bg;
+        }
+
+        &:hover:not(:disabled):not([readonly])::file-selector-button {
+            color: $dark-font-color2;
+            background-color: $primary;
+        }
+    }
+}
+
 .form-container {
     display: flex;
     align-items: center;