better auto-enrollment system

2025-11-16 20:01:36 +00:00 · 2025-11-14 22:53:48 +00:00
parent a4bc9c4aed
commit 1ca8bf8581
10 changed files with 375 additions and 100 deletions
--- a/backend/prisma/migrations/20251114215738_remove_machine_id_unique_constraint/migration.sql
+++ b/backend/prisma/migrations/20251114215738_remove_machine_id_unique_constraint/migration.sql
@@ -0,0 +1,13 @@
+-- Remove machine_id unique constraint and make it nullable
+-- This allows multiple hosts with the same machine_id
+-- Duplicate detection now relies on config.yml/credentials.yml checking instead
+
+-- Drop the unique constraint
+ALTER TABLE "hosts" DROP CONSTRAINT IF EXISTS "hosts_machine_id_key";
+
+-- Make machine_id nullable
+ALTER TABLE "hosts" ALTER COLUMN "machine_id" DROP NOT NULL;
+
+-- Keep the index for query performance (but not unique)
+CREATE INDEX IF NOT EXISTS "hosts_machine_id_idx" ON "hosts"("machine_id");
+
--- a/backend/prisma/schema.prisma
+++ b/backend/prisma/schema.prisma
@@ -81,7 +81,7 @@ model host_repositories {

 model hosts {
  id                      String                    @id
-  machine_id              String                    @unique
+  machine_id              String?
  friendly_name           String
  ip                      String?
  os_type                 String
--- a/backend/src/routes/autoEnrollmentRoutes.js
+++ b/backend/src/routes/autoEnrollmentRoutes.js
@@ -481,19 +481,22 @@ router.delete(
 );

 // ========== AUTO-ENROLLMENT ENDPOINTS (Used by Scripts) ==========
-// Future integrations can follow this pattern:
-//   - /proxmox-lxc     - Proxmox LXC containers
-//   - /vmware-esxi     - VMware ESXi VMs
-//   - /docker          - Docker containers
-//   - /kubernetes      - Kubernetes pods
-//   - /aws-ec2         - AWS EC2 instances
+// Universal script-serving endpoint with type parameter
+// Supported types:
+//   - proxmox-lxc     - Proxmox LXC containers
+//   - direct-host     - Direct host enrollment
+// Future types:
+//   - vmware-esxi     - VMware ESXi VMs
+//   - docker          - Docker containers
+//   - kubernetes      - Kubernetes pods

-// Serve the Proxmox LXC enrollment script with credentials injected
-router.get("/proxmox-lxc", async (req, res) => {
+// Serve auto-enrollment scripts with credentials injected
+router.get("/script", async (req, res) => {
 	try {
-		// Get token from query params
+		// Get parameters from query params
 		const token_key = req.query.token_key;
 		const token_secret = req.query.token_secret;
+		const script_type = req.query.type;

 		if (!token_key || !token_secret) {
 			return res
@@ -501,6 +504,29 @@ router.get("/proxmox-lxc", async (req, res) => {
 				.json({ error: "Token key and secret required as query parameters" });
 		}

+		if (!script_type) {
+			return res
+				.status(400)
+				.json({
+					error:
+						"Script type required as query parameter (e.g., ?type=proxmox-lxc or ?type=direct-host)",
+				});
+		}
+
+		// Map script types to script file paths
+		const scriptMap = {
+			"proxmox-lxc": "proxmox_auto_enroll.sh",
+			"direct-host": "direct_host_auto_enroll.sh",
+		};
+
+		if (!scriptMap[script_type]) {
+			return res
+				.status(400)
+				.json({
+					error: `Invalid script type: ${script_type}. Supported types: ${Object.keys(scriptMap).join(", ")}`,
+				});
+		}
+
 		// Validate token
 		const token = await prisma.auto_enrollment_tokens.findUnique({
 			where: { token_key: token_key },
@@ -526,13 +552,15 @@ router.get("/proxmox-lxc", async (req, res) => {

 		const script_path = path.join(
 			__dirname,
-			"../../../agents/proxmox_auto_enroll.sh",
+			`../../../agents/${scriptMap[script_type]}`,
 		);

 		if (!fs.existsSync(script_path)) {
 			return res
 				.status(404)
-				.json({ error: "Proxmox enrollment script not found" });
+				.json({
+					error: `Enrollment script not found: ${scriptMap[script_type]}`,
+				});
 		}

 		let script = fs.readFileSync(script_path, "utf8");
@@ -591,11 +619,11 @@ export FORCE_INSTALL="${force_install ? "true" : "false"}"
 		res.setHeader("Content-Type", "text/plain");
 		res.setHeader(
 			"Content-Disposition",
-			'inline; filename="proxmox_auto_enroll.sh"',
+			`inline; filename="${scriptMap[script_type]}"`,
 		);
 		res.send(script);
 	} catch (error) {
-		console.error("Proxmox script serve error:", error);
+		console.error("Script serve error:", error);
 		res.status(500).json({ error: "Failed to serve enrollment script" });
 	}
 });
@@ -609,8 +637,11 @@ router.post(
 			.isLength({ min: 1, max: 255 })
 			.withMessage("Friendly name is required"),
 		body("machine_id")
+			.optional()
 			.isLength({ min: 1, max: 255 })
-			.withMessage("Machine ID is required"),
+			.withMessage(
+				"Machine ID must be between 1 and 255 characters if provided",
+			),
 		body("metadata").optional().isObject(),
 	],
 	async (req, res) => {
@@ -626,24 +657,7 @@ router.post(
 			const api_id = `patchmon_${crypto.randomBytes(8).toString("hex")}`;
 			const api_key = crypto.randomBytes(32).toString("hex");

-			// Check if host already exists by machine_id (not hostname)
-			const existing_host = await prisma.hosts.findUnique({
-				where: { machine_id },
-			});
-
-			if (existing_host) {
-				return res.status(409).json({
-					error: "Host already exists",
-					host_id: existing_host.id,
-					api_id: existing_host.api_id,
-					machine_id: existing_host.machine_id,
-					friendly_name: existing_host.friendly_name,
-					message:
-						"This machine is already enrolled in PatchMon (matched by machine ID)",
-				});
-			}
-
-			// Create host
+			// Create host (no duplicate check - using config.yml checking instead)
 			const host = await prisma.hosts.create({
 				data: {
 					id: uuidv4(),
@@ -760,30 +774,7 @@ router.post(
 				try {
 					const { friendly_name, machine_id } = host_data;

-					if (!machine_id) {
-						results.failed.push({
-							friendly_name,
-							error: "Machine ID is required",
-						});
-						continue;
-					}
-
-					// Check if host already exists by machine_id
-					const existing_host = await prisma.hosts.findUnique({
-						where: { machine_id },
-					});
-
-					if (existing_host) {
-						results.skipped.push({
-							friendly_name,
-							machine_id,
-							reason: "Machine already enrolled",
-							api_id: existing_host.api_id,
-						});
-						continue;
-					}
-
-					// Generate credentials
+					// Generate credentials (no duplicate check - using config.yml checking instead)
 					const api_id = `patchmon_${crypto.randomBytes(8).toString("hex")}`;
 					const api_key = crypto.randomBytes(32).toString("hex");

--- a/backend/src/routes/hostRoutes.js
+++ b/backend/src/routes/hostRoutes.js
@@ -1708,47 +1708,7 @@ ${archExport}
 	}
 });

-// Check if machine_id already exists (requires auth)
-router.post("/check-machine-id", validateApiCredentials, async (req, res) => {
-	try {
-		const { machine_id } = req.body;
-
-		if (!machine_id) {
-			return res.status(400).json({
-				error: "machine_id is required",
-			});
-		}
-
-		// Check if a host with this machine_id exists
-		const existing_host = await prisma.hosts.findUnique({
-			where: { machine_id },
-			select: {
-				id: true,
-				friendly_name: true,
-				machine_id: true,
-				api_id: true,
-				status: true,
-				created_at: true,
-			},
-		});
-
-		if (existing_host) {
-			return res.status(200).json({
-				exists: true,
-				host: existing_host,
-				message: "This machine is already enrolled",
-			});
-		}
-
-		return res.status(200).json({
-			exists: false,
-			message: "Machine not yet enrolled",
-		});
-	} catch (error) {
-		console.error("Error checking machine_id:", error);
-		res.status(500).json({ error: "Failed to check machine_id" });
-	}
-});
+// Note: /check-machine-id endpoint removed - using config.yml checking method instead

 // Serve the removal script (public endpoint - no authentication required)
 router.get("/remove", async (_req, res) => {