From ab5e88e2e15d85e860dfa3c258d3edf7b4b77c24 Mon Sep 17 00:00:00 2001
From: Rob Kaufman <rob@notch8.com>
Date: Thu, 9 Oct 2025 10:59:52 -0700
Subject: [PATCH] use a shared config dir for proxy, to reduce the need to
 download the certs over and over

---
 lib/stack_car/proxy.rb   | 30 ++++++++++++++++++++----------
 lib/stack_car/version.rb |  2 +-
 proxy/compose.yaml       |  4 ++--
 3 files changed, 23 insertions(+), 13 deletions(-)

diff --git a/lib/stack_car/proxy.rb b/lib/stack_car/proxy.rb
index 881a6c8..abf818a 100644
--- a/lib/stack_car/proxy.rb
+++ b/lib/stack_car/proxy.rb
@@ -24,25 +24,27 @@ def down
     def cert
       say("Downloading certificate package...")
 
+      unless File.exist?("#{config_dir}/localhost.direct.SS.crt") && File.exist?("#{config_dir}/localhost.direct.SS.key")
       IO.copy_stream(URI.open(download_url), output_file)
-      say("Download complete.")
-      unzip_file
+        say("Download complete.")
+        unzip_file
+      end
 
       if Os.macos?
-        run("sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain #{proxy_dir}/localhost.direct.SS.crt")
+        run("sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain #{config_dir}/localhost.direct.SS.crt")
       elsif Os.ubuntu?
-        run("sudo cp #{proxy_dir}/localhost.direct.SS.crt /usr/local/share/ca-certificates/localhost.direct.SS.crt")
+        run("sudo cp #{config_dir}/localhost.direct.SS.crt /usr/local/share/ca-certificates/localhost.direct.SS.crt")
         run("sudo update-ca-certificates")
       elsif Os.wsl?
         say("\n\n\nFor WSL, you need to add the certificate to Windows certificate store:\n")
         say("1. Copy the certificate to a Windows-accessible location:\n")
-        run("cp #{proxy_dir}/localhost.direct.SS.crt /mnt/c/temp/localhost.direct.SS.crt")
+        run("cp #{config_dir}/localhost.direct.SS.crt /mnt/c/temp/localhost.direct.SS.crt")
         say("\n2. Now run this Windows command to import the certificate (requires admin rights):\n")
         run("powershell.exe -Command \"Start-Process powershell -Verb RunAs -ArgumentList '-Command Import-Certificate -FilePath C:\\temp\\localhost.direct.SS.crt -CertStoreLocation Cert:\\LocalMachine\\Root'\"")
         say("\n3. Then restart your browser to apply the changes\n\n")
       else
         say("\n\n\nPlease figure out how to add a certificate to your system, then open a PR for your OS/Distro")
-        say("Files are located #{ENV['PWD']}/proxy/localhost.direct.SS.crt and #{ENV['PWD']}/proxy/localhost.direct.SS.key\n\n\n")
+        say("Files are located #{config_dir}/localhost.direct.SS.crt and #{config_dir}/localhost.direct.SS.key\n\n\n")
         exit(1)
       end
     end
@@ -52,8 +54,8 @@ def cert
     def unzip_file
       say("\n\n\nEnter the password found https://github.com/Upinel/localhost.direct?tab=readme-ov-file#a-non-public-ca-certificate-if-you-have-admin-right-on-your-development-environment-you-can-use-the-following-10-years-long-pre-generated-self-signed-certificate\n\n\n")
       password = ask('[Required] Enter the unzip password::')
-      zip_file = "#{proxy_dir}/localhost-ss"
-      Archive::Zip.extract(zip_file, proxy_dir, :password => password)
+      zip_file = "#{config_dir}/localhost-ss"
+      Archive::Zip.extract(zip_file, config_dir, :password => password)
       say("Successfully unzipped certificate files.")
     rescue Zlib::DataError
       say("Incorrect password. Please try again.")
@@ -62,12 +64,20 @@ def unzip_file
 
     def set_proxy_env
       ENV['DOCKER_SOCKET'] ||= "/var/run/docker.sock"
-      unless File.exist?("#{HammerOfTheGods.gem_root}/proxy/localhost.direct.SS.crt")
+      unless File.exist?("#{config_dir}/localhost.direct.SS.crt")
         say("you must run proxy cert once after installing this gem before using the proxy")
         exit(1)
       end
     end
 
+    def config_dir
+      @config_dir ||= begin
+        dir = File.expand_path("~/.config/stack_car")
+        FileUtils.mkdir_p(dir) unless Dir.exist?(dir)
+        dir
+      end
+    end
+
     def proxy_dir
        @proxy_dir ||= "#{HammerOfTheGods.gem_root}/proxy"
     end
@@ -77,7 +87,7 @@ def download_url
     end
 
     def output_file
-      @output_file ||= File.join(proxy_dir, "localhost-ss")
+      @output_file ||= File.join(config_dir, "localhost-ss")
     end
   end
 end
diff --git a/lib/stack_car/version.rb b/lib/stack_car/version.rb
index 304f926..ba74493 100644
--- a/lib/stack_car/version.rb
+++ b/lib/stack_car/version.rb
@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module StackCar
-  VERSION = '0.23.0'
+  VERSION = '0.24.0'
 end
diff --git a/proxy/compose.yaml b/proxy/compose.yaml
index 83f64cd..9d9689c 100644
--- a/proxy/compose.yaml
+++ b/proxy/compose.yaml
@@ -8,8 +8,8 @@ services:
     volumes:
       - "${DOCKER_SOCKET}:/var/run/docker.sock:ro"
       - ./traefik.yml:/etc/traefik/traefik.yml
-      - ./localhost.direct.SS.crt:/etc/traefik/cert.pem
-      - ./localhost.direct.SS.key:/etc/traefik/key.pem
+      - ${HOME}/.config/stack_car/localhost.direct.SS.crt:/etc/traefik/cert.pem
+      - ${HOME}/.config/stack_car/localhost.direct.SS.key:/etc/traefik/key.pem
     labels:
       - traefik.enable=true
       - traefik.http.routers.router.rule=Host(`traefik.localhost.direct`)