From f82fce527db577f5cf3f6ea0b4ac06655c493ef6 Mon Sep 17 00:00:00 2001
From: Tianling Shen <cnsztl@immortalwrt.org>
Date: Wed, 4 Dec 2024 16:44:48 +0800
Subject: [PATCH] feat(node,server): implement certpath validate

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
---
 htdocs/luci-static/resources/homeproxy.js             | 11 +++++++++++
 htdocs/luci-static/resources/view/homeproxy/node.js   |  2 +-
 htdocs/luci-static/resources/view/homeproxy/server.js |  4 ++--
 3 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/htdocs/luci-static/resources/homeproxy.js b/htdocs/luci-static/resources/homeproxy.js
index aab2848d..ccd51442 100644
--- a/htdocs/luci-static/resources/homeproxy.js
+++ b/htdocs/luci-static/resources/homeproxy.js
@@ -267,6 +267,17 @@ return baseclass.extend({
 		return true;
 	},
 
+	validateCertificatePath: function(rmempty, section_id, value) {
+		if (section_id)
+			if (!value && !rmempty)
+				return _('Expecting: %s').format(_('non-empty value'));
+
+			if (!value.match(/^(\/etc\/homeproxy\/certs\/|\/etc\/acme\/|\/etc\/ssl\/).+$/))
+				return _('Expecting: %s').format('/etc/homeproxy/certs/..., /etc/acme/..., /etc/ssl/...');
+
+		return true;
+	},
+
 	validateUniqueValue: function(uciconfig, ucisection, ucioption, section_id, value) {
 		if (section_id) {
 			if (!value)
diff --git a/htdocs/luci-static/resources/view/homeproxy/node.js b/htdocs/luci-static/resources/view/homeproxy/node.js
index 2b1d3690..94713e89 100644
--- a/htdocs/luci-static/resources/view/homeproxy/node.js
+++ b/htdocs/luci-static/resources/view/homeproxy/node.js
@@ -1021,7 +1021,7 @@ function renderNodeSettings(section, data, features, main_node, routing_mode) {
 		_('The path to the server certificate, in PEM format.'));
 	o.value('/etc/homeproxy/certs/client_ca.pem');
 	o.depends('tls_self_sign', '1');
-	o.rmempty = false;
+	o.validate = L.bind(hp.validateCertificatePath, this, false);
 	o.modalonly = true;
 
 	o = s.option(form.Button, '_upload_cert', _('Upload certificate'),
diff --git a/htdocs/luci-static/resources/view/homeproxy/server.js b/htdocs/luci-static/resources/view/homeproxy/server.js
index 141437e3..f1fcef4d 100644
--- a/htdocs/luci-static/resources/view/homeproxy/server.js
+++ b/htdocs/luci-static/resources/view/homeproxy/server.js
@@ -745,7 +745,7 @@ return view.extend({
 		o.depends({'tls': '1', 'tls_acme': '0', 'tls_reality': '0'});
 		o.depends({'tls': '1', 'tls_acme': null, 'tls_reality': '0'});
 		o.depends({'tls': '1', 'tls_acme': null, 'tls_reality': null});
-		o.rmempty = false;
+		o.validate = L.bind(hp.validateCertificatePath, this, false);
 		o.modalonly = true;
 
 		o = s.option(form.Button, '_upload_cert', _('Upload certificate'),
@@ -763,7 +763,7 @@ return view.extend({
 		o.depends({'tls': '1', 'tls_acme': '0', 'tls_reality': null});
 		o.depends({'tls': '1', 'tls_acme': null, 'tls_reality': '0'});
 		o.depends({'tls': '1', 'tls_acme': null, 'tls_reality': null});
-		o.rmempty = false;
+		o.validate = L.bind(hp.validateCertificatePath, this, false);
 		o.modalonly = true;
 
 		o = s.option(form.Button, '_upload_key', _('Upload key'),