Compare commits
22 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
4bc5f4d6ad | ||
|
|
a52a897346 | ||
|
|
1d585d4d3f | ||
|
|
d4b8ceb581 | ||
|
|
7079c236ab | ||
|
|
0678aba911 | ||
|
|
ffdd742aa0 | ||
|
|
f4de214a83 | ||
|
|
3b0da19cd1 | ||
|
|
08bc4ab37b | ||
|
|
d2e7477898 | ||
|
|
b5c6beafff | ||
|
|
a34566651a | ||
|
|
4628e67e5c | ||
|
|
578fa28461 | ||
|
|
9e6154b0de | ||
|
|
d29f71a92f | ||
|
|
c06b8e6731 | ||
|
|
14e01513e3 | ||
|
|
2e4634ca25 | ||
|
|
a82bc02b15 | ||
|
|
2ea44e6b24 |
18
.github/workflows/publish_release.yml
vendored
18
.github/workflows/publish_release.yml
vendored
@@ -31,20 +31,24 @@ jobs:
|
||||
echo "Found draft version: ${{ steps.draft.outputs.tag_name }}"
|
||||
|
||||
|
||||
- name: Create branch and commit VERSION
|
||||
- name: Create branch and commit VERSION and package.json
|
||||
run: |
|
||||
branch="update-version-${{ steps.draft.outputs.tag_name }}"
|
||||
# Delete remote branch if exists
|
||||
git push origin --delete "$branch" || echo "No remote branch to delete"
|
||||
git fetch origin main
|
||||
git checkout -b "$branch" origin/main
|
||||
# Write VERSION file and timestamp to ensure a diff
|
||||
# Version without 'v' prefix (e.g. v1.2.3 -> 1.2.3)
|
||||
version="${{ steps.draft.outputs.tag_name }}"
|
||||
echo "$version" | sed 's/^v//' > VERSION
|
||||
git add VERSION
|
||||
version_plain=$(echo "$version" | sed 's/^v//')
|
||||
# Write VERSION file
|
||||
echo "$version_plain" > VERSION
|
||||
# Update package.json version
|
||||
jq --arg v "$version_plain" '.version = $v' package.json > package.json.tmp && mv package.json.tmp package.json
|
||||
git add VERSION package.json
|
||||
git config user.name "github-actions[bot]"
|
||||
git config user.email "github-actions[bot]@users.noreply.github.com"
|
||||
git commit -m "chore: add VERSION $version" --allow-empty
|
||||
git commit -m "chore: bump version to $version_plain (VERSION + package.json)" --allow-empty
|
||||
|
||||
- name: Push changes
|
||||
run: |
|
||||
@@ -57,8 +61,8 @@ jobs:
|
||||
pr_url=$(gh pr create \
|
||||
--base main \
|
||||
--head update-version-${{ steps.draft.outputs.tag_name }} \
|
||||
--title "chore: add VERSION ${{ steps.draft.outputs.tag_name }}" \
|
||||
--body "Adds VERSION file for release ${{ steps.draft.outputs.tag_name }}" \
|
||||
--title "chore: bump version to ${{ steps.draft.outputs.tag_name }} (VERSION + package.json)" \
|
||||
--body "Updates VERSION file and package.json version for release ${{ steps.draft.outputs.tag_name }}" \
|
||||
--label automated)
|
||||
|
||||
pr_number=$(echo "$pr_url" | awk -F/ '{print $NF}')
|
||||
|
||||
614
package-lock.json
generated
614
package-lock.json
generated
File diff suppressed because it is too large
Load Diff
20
package.json
20
package.json
@@ -25,13 +25,13 @@
|
||||
"typecheck": "tsc --noEmit"
|
||||
},
|
||||
"dependencies": {
|
||||
"@prisma/adapter-better-sqlite3": "^7.2.0",
|
||||
"@prisma/client": "^7.2.0",
|
||||
"@prisma/adapter-better-sqlite3": "^7.3.0",
|
||||
"@prisma/client": "^7.3.0",
|
||||
"@radix-ui/react-dropdown-menu": "^2.1.16",
|
||||
"@radix-ui/react-slot": "^1.2.4",
|
||||
"@t3-oss/env-nextjs": "^0.13.10",
|
||||
"@tailwindcss/typography": "^0.5.19",
|
||||
"@tanstack/react-query": "^5.90.18",
|
||||
"@tanstack/react-query": "^5.90.20",
|
||||
"@trpc/client": "^11.8.1",
|
||||
"@trpc/react-query": "^11.8.1",
|
||||
"@trpc/server": "^11.8.1",
|
||||
@@ -42,14 +42,14 @@
|
||||
"@xterm/xterm": "^6.0.0",
|
||||
"axios": "^1.13.2",
|
||||
"bcryptjs": "^3.0.3",
|
||||
"better-sqlite3": "^12.6.0",
|
||||
"better-sqlite3": "^12.6.2",
|
||||
"class-variance-authority": "^0.7.1",
|
||||
"clsx": "^2.1.1",
|
||||
"cron-validator": "^1.4.0",
|
||||
"dotenv": "^17.2.3",
|
||||
"jsonwebtoken": "^9.0.3",
|
||||
"lucide-react": "^0.562.0",
|
||||
"next": "^16.1.3",
|
||||
"next": ">=16.1.5",
|
||||
"node-cron": "^4.2.1",
|
||||
"node-pty": "^1.1.0",
|
||||
"react": "^19.2.3",
|
||||
@@ -66,9 +66,10 @@
|
||||
"zod": "^4.3.5"
|
||||
},
|
||||
"devDependencies": {
|
||||
"next": ">=16.1.5",
|
||||
"@tailwindcss/postcss": "^4.1.18",
|
||||
"@testing-library/jest-dom": "^6.9.1",
|
||||
"@testing-library/react": "^16.3.1",
|
||||
"@testing-library/react": "^16.3.2",
|
||||
"@testing-library/user-event": "^14.6.1",
|
||||
"@types/bcryptjs": "^3.0.0",
|
||||
"@types/better-sqlite3": "^7.6.13",
|
||||
@@ -87,11 +88,11 @@
|
||||
"postcss": "^8.5.6",
|
||||
"prettier": "^3.8.0",
|
||||
"prettier-plugin-tailwindcss": "^0.7.2",
|
||||
"prisma": "^7.2.0",
|
||||
"prisma": "^7.3.0",
|
||||
"tailwindcss": "^4.1.18",
|
||||
"tsx": "^4.21.0",
|
||||
"typescript": "^5.9.3",
|
||||
"typescript-eslint": "^8.53.0",
|
||||
"typescript-eslint": "^8.54.0",
|
||||
"vitest": "^4.0.17"
|
||||
},
|
||||
"ct3aMetadata": {
|
||||
@@ -102,6 +103,7 @@
|
||||
"node": ">=24.0.0"
|
||||
},
|
||||
"overrides": {
|
||||
"prismjs": "^1.30.0"
|
||||
"prismjs": "^1.30.0",
|
||||
"hono": ">=4.11.7"
|
||||
}
|
||||
}
|
||||
29
server.js
29
server.js
@@ -312,7 +312,7 @@ class ScriptExecutionHandler {
|
||||
} else if (isUpdate && containerId) {
|
||||
await this.startUpdateExecution(ws, containerId, executionId, mode, server, backupStorage);
|
||||
} else if (isShell && containerId) {
|
||||
await this.startShellExecution(ws, containerId, executionId, mode, server);
|
||||
await this.startShellExecution(ws, containerId, executionId, mode, server, containerType);
|
||||
} else {
|
||||
await this.startScriptExecution(ws, scriptPath, executionId, mode, server, envVars);
|
||||
}
|
||||
@@ -1474,21 +1474,21 @@ class ScriptExecutionHandler {
|
||||
* @param {string} executionId
|
||||
* @param {string} mode
|
||||
* @param {ServerInfo|null} server
|
||||
* @param {'lxc'|'vm'} [containerType='lxc']
|
||||
*/
|
||||
async startShellExecution(ws, containerId, executionId, mode = 'local', server = null) {
|
||||
async startShellExecution(ws, containerId, executionId, mode = 'local', server = null, containerType = 'lxc') {
|
||||
try {
|
||||
|
||||
// Send start message
|
||||
const typeLabel = containerType === 'vm' ? 'VM' : 'container';
|
||||
this.sendMessage(ws, {
|
||||
type: 'start',
|
||||
data: `Starting shell session for container ${containerId}...`,
|
||||
data: `Starting shell session for ${typeLabel} ${containerId}...`,
|
||||
timestamp: Date.now()
|
||||
});
|
||||
|
||||
if (mode === 'ssh' && server) {
|
||||
await this.startSSHShellExecution(ws, containerId, executionId, server);
|
||||
await this.startSSHShellExecution(ws, containerId, executionId, server, containerType);
|
||||
} else {
|
||||
await this.startLocalShellExecution(ws, containerId, executionId);
|
||||
await this.startLocalShellExecution(ws, containerId, executionId, containerType);
|
||||
}
|
||||
|
||||
} catch (error) {
|
||||
@@ -1505,12 +1505,12 @@ class ScriptExecutionHandler {
|
||||
* @param {ExtendedWebSocket} ws
|
||||
* @param {string} containerId
|
||||
* @param {string} executionId
|
||||
* @param {'lxc'|'vm'} [containerType='lxc']
|
||||
*/
|
||||
async startLocalShellExecution(ws, containerId, executionId) {
|
||||
async startLocalShellExecution(ws, containerId, executionId, containerType = 'lxc') {
|
||||
const { spawn } = await import('node-pty');
|
||||
|
||||
// Create a shell process that will run pct enter
|
||||
const childProcess = spawn('bash', ['-c', `pct enter ${containerId}`], {
|
||||
const shellCommand = containerType === 'vm' ? `qm terminal ${containerId}` : `pct enter ${containerId}`;
|
||||
const childProcess = spawn('bash', ['-c', shellCommand], {
|
||||
name: 'xterm-color',
|
||||
cols: 80,
|
||||
rows: 24,
|
||||
@@ -1553,14 +1553,15 @@ class ScriptExecutionHandler {
|
||||
* @param {string} containerId
|
||||
* @param {string} executionId
|
||||
* @param {ServerInfo} server
|
||||
* @param {'lxc'|'vm'} [containerType='lxc']
|
||||
*/
|
||||
async startSSHShellExecution(ws, containerId, executionId, server) {
|
||||
async startSSHShellExecution(ws, containerId, executionId, server, containerType = 'lxc') {
|
||||
const sshService = getSSHExecutionService();
|
||||
|
||||
const shellCommand = containerType === 'vm' ? `qm terminal ${containerId}` : `pct enter ${containerId}`;
|
||||
try {
|
||||
const execution = await sshService.executeCommand(
|
||||
server,
|
||||
`pct enter ${containerId}`,
|
||||
shellCommand,
|
||||
/** @param {string} data */
|
||||
(data) => {
|
||||
this.sendMessage(ws, {
|
||||
|
||||
@@ -199,6 +199,17 @@ export function ConfigurationModal({
|
||||
return !isNaN(num) && num > 0;
|
||||
};
|
||||
|
||||
const validateHostname = (hostname: string): boolean => {
|
||||
if (!hostname || hostname.length > 253) return false;
|
||||
const label = /^[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?$/;
|
||||
const labels = hostname.split('.');
|
||||
return labels.length >= 1 && labels.every(l => l.length >= 1 && l.length <= 63 && label.test(l));
|
||||
};
|
||||
|
||||
const validateAptCacherAddress = (value: string): boolean => {
|
||||
return validateIPv4(value) || validateHostname(value);
|
||||
};
|
||||
|
||||
const validateForm = (): boolean => {
|
||||
const newErrors: Record<string, string> = {};
|
||||
|
||||
@@ -216,8 +227,8 @@ export function ConfigurationModal({
|
||||
if (advancedVars.var_ns && !validateIPv4(advancedVars.var_ns as string)) {
|
||||
newErrors.var_ns = 'Invalid IPv4 address';
|
||||
}
|
||||
if (advancedVars.var_apt_cacher_ip && !validateIPv4(advancedVars.var_apt_cacher_ip as string)) {
|
||||
newErrors.var_apt_cacher_ip = 'Invalid IPv4 address';
|
||||
if (advancedVars.var_apt_cacher_ip && !validateAptCacherAddress(advancedVars.var_apt_cacher_ip as string)) {
|
||||
newErrors.var_apt_cacher_ip = 'Invalid IPv4 address or hostname';
|
||||
}
|
||||
// Validate IPv4 CIDR if network mode is static
|
||||
const netValue = advancedVars.var_net;
|
||||
@@ -904,13 +915,13 @@ export function ConfigurationModal({
|
||||
</div>
|
||||
<div>
|
||||
<label className="block text-sm font-medium text-foreground mb-2">
|
||||
APT Cacher IP
|
||||
APT Cacher host or IP
|
||||
</label>
|
||||
<Input
|
||||
type="text"
|
||||
value={typeof advancedVars.var_apt_cacher_ip === 'boolean' ? '' : String(advancedVars.var_apt_cacher_ip ?? '')}
|
||||
onChange={(e) => updateAdvancedVar('var_apt_cacher_ip', e.target.value)}
|
||||
placeholder="192.168.1.10"
|
||||
placeholder="192.168.1.10 or apt-cacher.internal"
|
||||
className={errors.var_apt_cacher_ip ? 'border-destructive' : ''}
|
||||
/>
|
||||
{errors.var_apt_cacher_ip && (
|
||||
|
||||
@@ -80,6 +80,7 @@ export function InstalledScriptsTab() {
|
||||
id: number;
|
||||
containerId: string;
|
||||
server?: any;
|
||||
containerType?: 'lxc' | 'vm';
|
||||
} | null>(null);
|
||||
const [showBackupPrompt, setShowBackupPrompt] = useState(false);
|
||||
const [showStorageSelection, setShowStorageSelection] = useState(false);
|
||||
@@ -1167,6 +1168,7 @@ export function InstalledScriptsTab() {
|
||||
id: script.id,
|
||||
containerId: script.container_id,
|
||||
server: server,
|
||||
containerType: script.is_vm ? 'vm' : 'lxc',
|
||||
});
|
||||
};
|
||||
|
||||
@@ -1452,6 +1454,13 @@ export function InstalledScriptsTab() {
|
||||
{/* Shell Terminal */}
|
||||
{openingShell && (
|
||||
<div className="mb-8" data-terminal="shell">
|
||||
{openingShell.containerType === 'vm' && (
|
||||
<p className="text-muted-foreground mb-2 text-sm">
|
||||
VM shell uses the Proxmox serial console. The VM must have a
|
||||
serial port configured (e.g. <code className="bg-muted rounded px-1">qm set {openingShell.containerId} -serial0 socket</code>).
|
||||
Detach with <kbd className="bg-muted rounded px-1">Ctrl+O</kbd>.
|
||||
</p>
|
||||
)}
|
||||
<Terminal
|
||||
scriptPath={`shell-${openingShell.containerId}`}
|
||||
onClose={handleCloseShellTerminal}
|
||||
@@ -1459,6 +1468,7 @@ export function InstalledScriptsTab() {
|
||||
server={openingShell.server}
|
||||
isShell={true}
|
||||
containerId={openingShell.containerId}
|
||||
containerType={openingShell.containerType}
|
||||
/>
|
||||
</div>
|
||||
)}
|
||||
@@ -1538,7 +1548,7 @@ export function InstalledScriptsTab() {
|
||||
>
|
||||
{showAutoDetectForm
|
||||
? "Cancel Auto-Detect"
|
||||
: '🔍 Auto-Detect LXC Containers (Must contain a tag with "community-script")'}
|
||||
: '🔍 Auto-Detect Containers & VMs (tag: community-script)'}
|
||||
</Button>
|
||||
<Button
|
||||
onClick={() => {
|
||||
@@ -1764,12 +1774,11 @@ export function InstalledScriptsTab() {
|
||||
</div>
|
||||
)}
|
||||
|
||||
{/* Auto-Detect LXC Containers Form */}
|
||||
{/* Auto-Detect Containers & VMs Form */}
|
||||
{showAutoDetectForm && (
|
||||
<div className="bg-card border-border mb-6 rounded-lg border p-4 shadow-sm sm:p-6">
|
||||
<h3 className="text-foreground mb-4 text-lg font-semibold sm:mb-6">
|
||||
Auto-Detect LXC Containers (Must contain a tag with
|
||||
"community-script")
|
||||
Auto-Detect Containers & VMs (tag: community-script)
|
||||
</h3>
|
||||
<div className="space-y-4 sm:space-y-6">
|
||||
<div className="bg-muted/30 border-muted rounded-lg border p-4">
|
||||
@@ -1795,12 +1804,12 @@ export function InstalledScriptsTab() {
|
||||
<p>This feature will:</p>
|
||||
<ul className="mt-1 list-inside list-disc space-y-1">
|
||||
<li>Connect to the selected server via SSH</li>
|
||||
<li>Scan all LXC config files in /etc/pve/lxc/</li>
|
||||
<li>Scan LXC configs in /etc/pve/lxc/ and VM configs in /etc/pve/qemu-server/</li>
|
||||
<li>
|
||||
Find containers with "community-script" in
|
||||
Find containers and VMs with "community-script" in
|
||||
their tags
|
||||
</li>
|
||||
<li>Extract the container ID and hostname</li>
|
||||
<li>Extract the container/VM ID and hostname or name</li>
|
||||
<li>Add them as installed script entries</li>
|
||||
</ul>
|
||||
</div>
|
||||
@@ -2302,6 +2311,11 @@ export function InstalledScriptsTab() {
|
||||
"stopped"
|
||||
}
|
||||
className="text-muted-foreground hover:text-foreground hover:bg-muted/20 focus:bg-muted/20"
|
||||
title={
|
||||
script.is_vm
|
||||
? "VM serial console (requires serial port; detach with Ctrl+O)"
|
||||
: undefined
|
||||
}
|
||||
>
|
||||
Shell
|
||||
</DropdownMenuItem>
|
||||
|
||||
@@ -270,22 +270,21 @@ export function PBSCredentialsModal({
|
||||
htmlFor="pbs-fingerprint"
|
||||
className="text-foreground mb-1 block text-sm font-medium"
|
||||
>
|
||||
Fingerprint <span className="text-error">*</span>
|
||||
Fingerprint
|
||||
</label>
|
||||
<input
|
||||
type="text"
|
||||
id="pbs-fingerprint"
|
||||
value={pbsFingerprint}
|
||||
onChange={(e) => setPbsFingerprint(e.target.value)}
|
||||
required
|
||||
disabled={isLoading}
|
||||
className="bg-card text-foreground placeholder-muted-foreground focus:ring-ring focus:border-ring border-border w-full rounded-md border px-3 py-2 shadow-sm focus:ring-2 focus:outline-none"
|
||||
placeholder="e.g., 7b:e5:87:38:5e:16:05:d1:12:22:7f:73:d2:e2:d0:cf:8c:cb:28:e2:74:0c:78:91:1a:71:74:2e:79:20:5a:02"
|
||||
/>
|
||||
<p className="text-muted-foreground mt-1 text-xs">
|
||||
Server fingerprint for auto-acceptance. You can find this on
|
||||
your PBS dashboard by clicking the "Show Fingerprint"
|
||||
button.
|
||||
Leave empty if PBS uses a trusted CA (e.g. Let's Encrypt).
|
||||
For self-signed certificates, enter the server fingerprint from
|
||||
the PBS dashboard ("Show Fingerprint").
|
||||
</p>
|
||||
</div>
|
||||
|
||||
|
||||
@@ -438,6 +438,11 @@ export function ServerForm({
|
||||
{errors.password && (
|
||||
<p className="text-destructive mt-1 text-sm">{errors.password}</p>
|
||||
)}
|
||||
<p className="text-muted-foreground mt-1 text-xs">
|
||||
SSH key is recommended when possible. Special characters (e.g.{" "}
|
||||
<code className="rounded bg-muted px-0.5">{"{ } $ \" '"}</code>) are
|
||||
supported.
|
||||
</p>
|
||||
</div>
|
||||
)}
|
||||
|
||||
|
||||
@@ -1060,7 +1060,7 @@ export const installedScriptsRouter = createTRPCRouter({
|
||||
reject(new Error(`pct list failed: ${error}`));
|
||||
},
|
||||
(_exitCode: number) => {
|
||||
resolve();
|
||||
setImmediate(() => resolve());
|
||||
}
|
||||
);
|
||||
});
|
||||
@@ -1079,7 +1079,7 @@ export const installedScriptsRouter = createTRPCRouter({
|
||||
reject(new Error(`qm list failed: ${error}`));
|
||||
},
|
||||
(_exitCode: number) => {
|
||||
resolve();
|
||||
setImmediate(() => resolve());
|
||||
}
|
||||
);
|
||||
});
|
||||
|
||||
@@ -327,13 +327,16 @@ class BackupService {
|
||||
// PBS supports PBS_PASSWORD and PBS_REPOSITORY environment variables for non-interactive login
|
||||
const repository = `root@pam@${pbsIp}:${pbsDatastore}`;
|
||||
|
||||
// Escape password for shell safety (single quotes)
|
||||
// Escape password and fingerprint for shell safety (single quotes)
|
||||
const escapedPassword = credential.pbs_password.replace(/'/g, "'\\''");
|
||||
|
||||
// Use PBS_PASSWORD environment variable for non-interactive authentication
|
||||
// Auto-accept fingerprint by piping "y" to stdin
|
||||
// PBS will use PBS_PASSWORD env var if available, avoiding interactive prompt
|
||||
const fullCommand = `echo "y" | PBS_PASSWORD='${escapedPassword}' PBS_REPOSITORY='${repository}' timeout 10 proxmox-backup-client login --repository ${repository} 2>&1`;
|
||||
const fingerprint = credential.pbs_fingerprint?.trim() ?? '';
|
||||
const escapedFingerprint = fingerprint ? fingerprint.replace(/'/g, "'\\''") : '';
|
||||
const envParts = [`PBS_PASSWORD='${escapedPassword}'`, `PBS_REPOSITORY='${repository}'`];
|
||||
if (escapedFingerprint) {
|
||||
envParts.push(`PBS_FINGERPRINT='${escapedFingerprint}'`);
|
||||
}
|
||||
const envStr = envParts.join(' ');
|
||||
const fullCommand = `${envStr} timeout 10 proxmox-backup-client login --repository ${repository} 2>&1`;
|
||||
|
||||
console.log(`[BackupService] Logging into PBS: ${repository}`);
|
||||
|
||||
@@ -419,9 +422,12 @@ class BackupService {
|
||||
|
||||
// Build full repository string: root@pam@<IP>:<DATASTORE>
|
||||
const repository = `root@pam@${pbsIp}:${pbsDatastore}`;
|
||||
|
||||
const fingerprint = credential.pbs_fingerprint?.trim() ?? '';
|
||||
const escapedFingerprint = fingerprint ? fingerprint.replace(/'/g, "'\\''") : '';
|
||||
const snapshotEnvParts = escapedFingerprint ? [`PBS_FINGERPRINT='${escapedFingerprint}'`] : [];
|
||||
const snapshotEnvStr = snapshotEnvParts.length ? snapshotEnvParts.join(' ') + ' ' : '';
|
||||
// Use correct command: snapshot list ct/<CT_ID> --repository <full_repo_string>
|
||||
const command = `timeout 30 proxmox-backup-client snapshot list ct/${ctId} --repository ${repository} 2>&1 || echo "PBS_ERROR"`;
|
||||
const command = `${snapshotEnvStr}timeout 30 proxmox-backup-client snapshot list ct/${ctId} --repository ${repository} 2>&1 || echo "PBS_ERROR"`;
|
||||
let output = '';
|
||||
|
||||
console.log(`[BackupService] Discovering PBS backups for CT ${ctId} on repository ${repository}`);
|
||||
|
||||
@@ -250,9 +250,16 @@ class RestoreService {
|
||||
const targetFolder = `/var/lib/vz/dump/vzdump-lxc-${ctId}-${snapshotNameForPath}`;
|
||||
const targetTar = `${targetFolder}.tar`;
|
||||
|
||||
// Use PBS_PASSWORD env var and add timeout for long downloads
|
||||
// Use PBS_PASSWORD env var and add timeout for long downloads; PBS_FINGERPRINT when set for cert validation
|
||||
const escapedPassword = credential.pbs_password.replace(/'/g, "'\\''");
|
||||
const restoreCommand = `PBS_PASSWORD='${escapedPassword}' PBS_REPOSITORY='${repository}' timeout 300 proxmox-backup-client restore "${snapshotPath}" root.pxar "${targetFolder}" --repository '${repository}' 2>&1`;
|
||||
const fingerprint = credential.pbs_fingerprint?.trim() ?? '';
|
||||
const escapedFingerprint = fingerprint ? fingerprint.replace(/'/g, "'\\''") : '';
|
||||
const restoreEnvParts = [`PBS_PASSWORD='${escapedPassword}'`, `PBS_REPOSITORY='${repository}'`];
|
||||
if (escapedFingerprint) {
|
||||
restoreEnvParts.push(`PBS_FINGERPRINT='${escapedFingerprint}'`);
|
||||
}
|
||||
const restoreEnvStr = restoreEnvParts.join(' ');
|
||||
const restoreCommand = `${restoreEnvStr} timeout 300 proxmox-backup-client restore "${snapshotPath}" root.pxar "${targetFolder}" --repository '${repository}' 2>&1`;
|
||||
|
||||
let output = '';
|
||||
let exitCode = 0;
|
||||
|
||||
@@ -1,6 +1,8 @@
|
||||
import { spawn } from 'child_process';
|
||||
import { spawn as ptySpawn } from 'node-pty';
|
||||
import { existsSync } from 'fs';
|
||||
import { existsSync, writeFileSync, chmodSync, unlinkSync } from 'fs';
|
||||
import { join } from 'path';
|
||||
import { tmpdir } from 'os';
|
||||
|
||||
|
||||
/**
|
||||
@@ -195,9 +197,22 @@ class SSHExecutionService {
|
||||
async transferScriptsFolder(server, onData, onError) {
|
||||
const { ip, user, password, auth_type = 'password', ssh_key_passphrase, ssh_key_path, ssh_port = 22 } = server;
|
||||
|
||||
const cleanupTempFile = (/** @type {string | null} */ tempPath) => {
|
||||
if (tempPath) {
|
||||
try {
|
||||
unlinkSync(tempPath);
|
||||
} catch (_) {
|
||||
// ignore
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
return new Promise((resolve, reject) => {
|
||||
/** @type {string | null} */
|
||||
let tempPath = null;
|
||||
try {
|
||||
// Build rsync command based on authentication type
|
||||
// Build rsync command based on authentication type.
|
||||
// Use sshpass -f with a temp file so password/passphrase never go through the shell (safe for special chars like {, $, ").
|
||||
let rshCommand;
|
||||
if (auth_type === 'key') {
|
||||
if (!ssh_key_path || !existsSync(ssh_key_path)) {
|
||||
@@ -205,13 +220,19 @@ class SSHExecutionService {
|
||||
}
|
||||
|
||||
if (ssh_key_passphrase) {
|
||||
rshCommand = `sshpass -P passphrase -p ${ssh_key_passphrase} ssh -i ${ssh_key_path} -p ${ssh_port} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null`;
|
||||
tempPath = join(tmpdir(), `sshpass-${process.pid}-${Date.now()}.tmp`);
|
||||
writeFileSync(tempPath, ssh_key_passphrase);
|
||||
chmodSync(tempPath, 0o600);
|
||||
rshCommand = `sshpass -P passphrase -f ${tempPath} ssh -i ${ssh_key_path} -p ${ssh_port} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null`;
|
||||
} else {
|
||||
rshCommand = `ssh -i ${ssh_key_path} -p ${ssh_port} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null`;
|
||||
}
|
||||
} else {
|
||||
// Password authentication
|
||||
rshCommand = `sshpass -p ${password} ssh -p ${ssh_port} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null`;
|
||||
tempPath = join(tmpdir(), `sshpass-${process.pid}-${Date.now()}.tmp`);
|
||||
writeFileSync(tempPath, password ?? '');
|
||||
chmodSync(tempPath, 0o600);
|
||||
rshCommand = `sshpass -f ${tempPath} ssh -p ${ssh_port} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null`;
|
||||
}
|
||||
|
||||
const rsyncCommand = spawn('rsync', [
|
||||
@@ -226,31 +247,31 @@ class SSHExecutionService {
|
||||
stdio: ['pipe', 'pipe', 'pipe']
|
||||
});
|
||||
|
||||
rsyncCommand.stdout.on('data', (/** @type {Buffer} */ data) => {
|
||||
// Ensure proper UTF-8 encoding for ANSI colors
|
||||
const output = data.toString('utf8');
|
||||
onData(output);
|
||||
});
|
||||
rsyncCommand.stdout.on('data', (/** @type {Buffer} */ data) => {
|
||||
const output = data.toString('utf8');
|
||||
onData(output);
|
||||
});
|
||||
|
||||
rsyncCommand.stderr.on('data', (/** @type {Buffer} */ data) => {
|
||||
// Ensure proper UTF-8 encoding for ANSI colors
|
||||
const output = data.toString('utf8');
|
||||
onError(output);
|
||||
});
|
||||
rsyncCommand.stderr.on('data', (/** @type {Buffer} */ data) => {
|
||||
const output = data.toString('utf8');
|
||||
onError(output);
|
||||
});
|
||||
|
||||
rsyncCommand.on('close', (code) => {
|
||||
if (code === 0) {
|
||||
resolve();
|
||||
} else {
|
||||
reject(new Error(`rsync failed with code ${code}`));
|
||||
}
|
||||
});
|
||||
|
||||
rsyncCommand.on('error', (error) => {
|
||||
reject(error);
|
||||
});
|
||||
rsyncCommand.on('close', (code) => {
|
||||
cleanupTempFile(tempPath);
|
||||
if (code === 0) {
|
||||
resolve();
|
||||
} else {
|
||||
reject(new Error(`rsync failed with code ${code}`));
|
||||
}
|
||||
});
|
||||
|
||||
rsyncCommand.on('error', (error) => {
|
||||
cleanupTempFile(tempPath);
|
||||
reject(error);
|
||||
});
|
||||
} catch (error) {
|
||||
cleanupTempFile(tempPath);
|
||||
reject(error);
|
||||
}
|
||||
});
|
||||
|
||||
@@ -169,16 +169,17 @@ class SSHService {
|
||||
const timeout = 10000;
|
||||
let resolved = false;
|
||||
|
||||
// Pass password via env so it is not embedded in the script (safe for special chars like {, $, ").
|
||||
const expectScript = `#!/usr/bin/expect -f
|
||||
set timeout 10
|
||||
spawn ssh -p ${ssh_port} -o ConnectTimeout=10 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR -o PasswordAuthentication=yes -o PubkeyAuthentication=no ${user}@${ip} "echo SSH_LOGIN_SUCCESS"
|
||||
expect {
|
||||
"password:" {
|
||||
send "${password}\r"
|
||||
send "$env(SSH_PASSWORD)\\r"
|
||||
exp_continue
|
||||
}
|
||||
"Password:" {
|
||||
send "${password}\r"
|
||||
send "$env(SSH_PASSWORD)\\r"
|
||||
exp_continue
|
||||
}
|
||||
"SSH_LOGIN_SUCCESS" {
|
||||
@@ -193,7 +194,8 @@ expect {
|
||||
}`;
|
||||
|
||||
const expectCommand = spawn('expect', ['-c', expectScript], {
|
||||
stdio: ['pipe', 'pipe', 'pipe']
|
||||
stdio: ['pipe', 'pipe', 'pipe'],
|
||||
env: { ...process.env, SSH_PASSWORD: password ?? '' }
|
||||
});
|
||||
|
||||
const timer = setTimeout(() => {
|
||||
|
||||
Reference in New Issue
Block a user