Compare commits

...

2 Commits

Author SHA1 Message Date
Muhammad Ibrahim
50e546ee7e Fixed Bullboard authentication via Docker
Fixed Agent checking upon entrypoint
modified entrypoint to handle both binary files as well as the shell script
2025-10-21 21:29:15 +01:00
Muhammad Ibrahim
2174abf395 Static Lib for Go Agent 2025-10-21 00:07:51 +01:00
9 changed files with 730 additions and 138 deletions

Binary file not shown.

View File

@@ -341,20 +341,50 @@ const parseOrigins = (val) =>
.map((s) => s.trim()) .map((s) => s.trim())
.filter(Boolean); .filter(Boolean);
const allowedOrigins = parseOrigins( const allowedOrigins = parseOrigins(
process.env.CORS_ORIGINS || process.env.CORS_ORIGIN || "http://fabio:3000", process.env.CORS_ORIGINS ||
process.env.CORS_ORIGIN ||
"http://localhost:3000",
); );
// Add Bull Board origin to allowed origins if not already present
const bullBoardOrigin = process.env.CORS_ORIGIN || "http://localhost:3000";
if (!allowedOrigins.includes(bullBoardOrigin)) {
allowedOrigins.push(bullBoardOrigin);
}
app.use( app.use(
cors({ cors({
origin: (origin, callback) => { origin: (origin, callback) => {
// Allow non-browser/SSR tools with no origin // Allow non-browser/SSR tools with no origin
if (!origin) return callback(null, true); if (!origin) return callback(null, true);
if (allowedOrigins.includes(origin)) return callback(null, true); if (allowedOrigins.includes(origin)) return callback(null, true);
// Allow Bull Board requests from the same origin as CORS_ORIGIN
if (origin === bullBoardOrigin) return callback(null, true);
// Allow same-origin requests (e.g., Bull Board accessing its own API) // Allow same-origin requests (e.g., Bull Board accessing its own API)
// This allows http://hostname:3001 to make requests to http://hostname:3001 // This allows http://hostname:3001 to make requests to http://hostname:3001
if (origin?.includes(":3001")) return callback(null, true); if (origin?.includes(":3001")) return callback(null, true);
// Allow Bull Board requests from the frontend origin (same host, different port)
// This handles cases where frontend is on port 3000 and backend on 3001
const frontendOrigin = origin?.replace(/:3001$/, ":3000");
if (frontendOrigin && allowedOrigins.includes(frontendOrigin)) {
return callback(null, true);
}
return callback(new Error("Not allowed by CORS")); return callback(new Error("Not allowed by CORS"));
}, },
credentials: true, credentials: true,
// Additional CORS options for better cookie handling
optionsSuccessStatus: 200,
methods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"],
allowedHeaders: [
"Content-Type",
"Authorization",
"Cookie",
"X-Requested-With",
],
}), }),
); );
app.use(limiter); app.use(limiter);
@@ -446,7 +476,7 @@ app.use(`/api/${apiVersion}/agent`, agentVersionRoutes);
// Bull Board - will be populated after queue manager initializes // Bull Board - will be populated after queue manager initializes
let bullBoardRouter = null; let bullBoardRouter = null;
const bullBoardSessions = new Map(); // Store authenticated sessions const _bullBoardSessions = new Map(); // Store authenticated sessions
// Mount Bull Board at /bullboard for cleaner URL // Mount Bull Board at /bullboard for cleaner URL
app.use(`/bullboard`, (_req, res, next) => { app.use(`/bullboard`, (_req, res, next) => {
@@ -456,16 +486,176 @@ app.use(`/bullboard`, (_req, res, next) => {
res.setHeader("Cross-Origin-Embedder-Policy", "unsafe-none"); res.setHeader("Cross-Origin-Embedder-Policy", "unsafe-none");
} }
// Add headers to help with WebSocket connections
res.setHeader("X-Frame-Options", "SAMEORIGIN");
res.setHeader(
"Content-Security-Policy",
"default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' ws: wss:;",
);
next(); next();
}); });
// Authentication middleware for Bull Board // Simplified Bull Board authentication - just validate token once and set a simple auth cookie
app.use(`/bullboard`, async (req, res, next) => { app.use(`/bullboard`, async (req, res, next) => {
// Skip authentication for static assets only // Skip authentication for static assets
if (req.path.includes("/static/") || req.path.includes("/favicon")) { if (req.path.includes("/static/") || req.path.includes("/favicon")) {
return next(); return next();
} }
// Check for existing Bull Board auth cookie
if (req.cookies["bull-board-auth"]) {
// Already authenticated, allow access
return next();
}
// No auth cookie - check for token in query
const token = req.query.token;
if (!token) {
return res.status(401).json({
error:
"Authentication required. Please access Bull Board from the Automation page.",
});
}
// Validate token and set auth cookie
req.headers.authorization = `Bearer ${token}`;
return authenticateToken(req, res, (err) => {
if (err) {
return res.status(401).json({ error: "Invalid authentication token" });
}
return requireAdmin(req, res, (adminErr) => {
if (adminErr) {
return res.status(403).json({ error: "Admin access required" });
}
// Set a simple auth cookie that will persist for the session
res.cookie("bull-board-auth", token, {
httpOnly: false,
secure: false,
maxAge: 3600000, // 1 hour
path: "/bullboard",
sameSite: "lax",
});
console.log("Bull Board - Authentication successful, cookie set");
return next();
});
});
});
// Remove all the old complex middleware below and replace with the new Bull Board router setup
app.use(`/bullboard`, (req, res, next) => {
if (bullBoardRouter) {
return bullBoardRouter(req, res, next);
}
return res.status(503).json({ error: "Bull Board not initialized yet" });
});
/*
// OLD MIDDLEWARE - REMOVED FOR SIMPLIFICATION - DO NOT USE
if (false) {
const sessionId = req.cookies["bull-board-session"];
console.log("Bull Board API call - Session ID:", sessionId ? "present" : "missing");
console.log("Bull Board API call - Cookies:", req.cookies);
console.log("Bull Board API call - Bull Board token cookie:", req.cookies["bull-board-token"] ? "present" : "missing");
console.log("Bull Board API call - Query token:", req.query.token ? "present" : "missing");
console.log("Bull Board API call - Auth header:", req.headers.authorization ? "present" : "missing");
console.log("Bull Board API call - Origin:", req.headers.origin || "missing");
console.log("Bull Board API call - Referer:", req.headers.referer || "missing");
// Check if we have any authentication method available
const hasSession = !!sessionId;
const hasTokenCookie = !!req.cookies["bull-board-token"];
const hasQueryToken = !!req.query.token;
const hasAuthHeader = !!req.headers.authorization;
const hasReferer = !!req.headers.referer;
console.log("Bull Board API call - Auth methods available:", {
session: hasSession,
tokenCookie: hasTokenCookie,
queryToken: hasQueryToken,
authHeader: hasAuthHeader,
referer: hasReferer
});
// Check for valid session first
if (sessionId) {
const session = bullBoardSessions.get(sessionId);
console.log("Bull Board API call - Session found:", !!session);
if (session && Date.now() - session.timestamp < 3600000) {
// Valid session, extend it
session.timestamp = Date.now();
console.log("Bull Board API call - Using existing session, proceeding");
return next();
} else if (session) {
// Expired session, remove it
console.log("Bull Board API call - Session expired, removing");
bullBoardSessions.delete(sessionId);
}
}
// No valid session, check for token as fallback
let token = req.query.token;
if (!token && req.headers.authorization) {
token = req.headers.authorization.replace("Bearer ", "");
}
if (!token && req.cookies["bull-board-token"]) {
token = req.cookies["bull-board-token"];
}
// For API calls, also check if the token is in the referer URL
// This handles cases where the main page hasn't set the cookie yet
if (!token && req.headers.referer) {
try {
const refererUrl = new URL(req.headers.referer);
const refererToken = refererUrl.searchParams.get('token');
if (refererToken) {
token = refererToken;
console.log("Bull Board API call - Token found in referer URL:", refererToken.substring(0, 20) + "...");
} else {
console.log("Bull Board API call - No token found in referer URL");
// If no token in referer and no session, return 401 with redirect info
if (!sessionId) {
console.log("Bull Board API call - No authentication available, returning 401");
return res.status(401).json({
error: "Authentication required",
message: "Please refresh the page to re-authenticate"
});
}
}
} catch (error) {
console.log("Bull Board API call - Error parsing referer URL:", error.message);
}
}
if (token) {
console.log("Bull Board API call - Token found, authenticating");
// Add token to headers for authentication
req.headers.authorization = `Bearer ${token}`;
// Authenticate the user
return authenticateToken(req, res, (err) => {
if (err) {
console.log("Bull Board API call - Token authentication failed");
return res.status(401).json({ error: "Authentication failed" });
}
return requireAdmin(req, res, (adminErr) => {
if (adminErr) {
console.log("Bull Board API call - Admin access required");
return res.status(403).json({ error: "Admin access required" });
}
console.log("Bull Board API call - Token authentication successful");
return next();
});
});
}
// No valid session or token for API calls, deny access
console.log("Bull Board API call - No valid session or token, denying access");
return res.status(401).json({ error: "Valid Bull Board session or token required" });
}
// Check for bull-board-session cookie first // Check for bull-board-session cookie first
const sessionId = req.cookies["bull-board-session"]; const sessionId = req.cookies["bull-board-session"];
if (sessionId) { if (sessionId) {
@@ -486,6 +676,9 @@ app.use(`/bullboard`, async (req, res, next) => {
if (!token && req.headers.authorization) { if (!token && req.headers.authorization) {
token = req.headers.authorization.replace("Bearer ", ""); token = req.headers.authorization.replace("Bearer ", "");
} }
if (!token && req.cookies["bull-board-token"]) {
token = req.cookies["bull-board-token"];
}
// If no token, deny access // If no token, deny access
if (!token) { if (!token) {
@@ -514,13 +707,23 @@ app.use(`/bullboard`, async (req, res, next) => {
userId: req.user.id, userId: req.user.id,
}); });
// Set session cookie // Set session cookie with proper configuration for domain access
res.cookie("bull-board-session", newSessionId, { const isHttps = process.env.NODE_ENV === "production" || process.env.SERVER_PROTOCOL === "https";
const cookieOptions = {
httpOnly: true, httpOnly: true,
secure: process.env.NODE_ENV === "production", secure: isHttps,
sameSite: "lax",
maxAge: 3600000, // 1 hour maxAge: 3600000, // 1 hour
}); path: "/", // Set path to root so it's available for all Bull Board requests
};
// Configure sameSite based on protocol and environment
if (isHttps) {
cookieOptions.sameSite = "none"; // Required for HTTPS cross-origin
} else {
cookieOptions.sameSite = "lax"; // Better for HTTP same-origin
}
res.cookie("bull-board-session", newSessionId, cookieOptions);
// Clean up old sessions periodically // Clean up old sessions periodically
if (bullBoardSessions.size > 100) { if (bullBoardSessions.size > 100) {
@@ -536,13 +739,111 @@ app.use(`/bullboard`, async (req, res, next) => {
}); });
}); });
}); });
*/
// Second middleware block - COMMENTED OUT - using simplified version above instead
/*
app.use(`/bullboard`, (req, res, next) => { app.use(`/bullboard`, (req, res, next) => {
if (bullBoardRouter) { if (bullBoardRouter) {
// If this is the main Bull Board page (not an API call), inject the token and create session
if (!req.path.includes("/api/") && !req.path.includes("/static/") && req.path === "/bullboard") {
const token = req.query.token;
console.log("Bull Board main page - Token:", token ? "present" : "missing");
console.log("Bull Board main page - Query params:", req.query);
console.log("Bull Board main page - Origin:", req.headers.origin || "missing");
console.log("Bull Board main page - Referer:", req.headers.referer || "missing");
console.log("Bull Board main page - Cookies:", req.cookies);
if (token) {
// Authenticate the user and create a session immediately on page load
req.headers.authorization = `Bearer ${token}`;
return authenticateToken(req, res, (err) => {
if (err) {
console.log("Bull Board main page - Token authentication failed");
return res.status(401).json({ error: "Authentication failed" });
}
return requireAdmin(req, res, (adminErr) => {
if (adminErr) {
console.log("Bull Board main page - Admin access required");
return res.status(403).json({ error: "Admin access required" });
}
console.log("Bull Board main page - Token authentication successful, creating session");
// Create a Bull Board session immediately
const newSessionId = require("node:crypto")
.randomBytes(32)
.toString("hex");
bullBoardSessions.set(newSessionId, {
timestamp: Date.now(),
userId: req.user.id,
});
// Set session cookie with proper configuration for domain access
const sessionCookieOptions = {
httpOnly: true,
secure: false, // Always false for HTTP
maxAge: 3600000, // 1 hour
path: "/", // Set path to root so it's available for all Bull Board requests
sameSite: "lax", // Always lax for HTTP
};
res.cookie("bull-board-session", newSessionId, sessionCookieOptions);
console.log("Bull Board main page - Session created:", newSessionId);
console.log("Bull Board main page - Cookie options:", sessionCookieOptions);
// Also set a token cookie for API calls as a fallback
const tokenCookieOptions = {
httpOnly: false, // Allow JavaScript to access it
secure: false, // Always false for HTTP
maxAge: 3600000, // 1 hour
path: "/", // Set path to root for broader compatibility
sameSite: "lax", // Always lax for HTTP
};
res.cookie("bull-board-token", token, tokenCookieOptions);
console.log("Bull Board main page - Token cookie also set for API fallback");
// Clean up old sessions periodically
if (bullBoardSessions.size > 100) {
const now = Date.now();
for (const [sid, session] of bullBoardSessions.entries()) {
if (now - session.timestamp > 3600000) {
bullBoardSessions.delete(sid);
}
}
}
// Now proceed to serve the Bull Board page
return bullBoardRouter(req, res, next);
});
});
} else {
console.log("Bull Board main page - No token provided, checking for existing session");
// Check if we have an existing session
const sessionId = req.cookies["bull-board-session"];
if (sessionId) {
const session = bullBoardSessions.get(sessionId);
if (session && Date.now() - session.timestamp < 3600000) {
console.log("Bull Board main page - Using existing session");
// Extend session
session.timestamp = Date.now();
return bullBoardRouter(req, res, next);
} else if (session) {
console.log("Bull Board main page - Session expired, removing");
bullBoardSessions.delete(sessionId);
}
}
console.log("Bull Board main page - No valid session, denying access");
return res.status(401).json({ error: "Access token required" });
}
}
return bullBoardRouter(req, res, next); return bullBoardRouter(req, res, next);
} }
return res.status(503).json({ error: "Bull Board not initialized yet" }); return res.status(503).json({ error: "Bull Board not initialized yet" });
}); });
*/
// Error handler specifically for Bull Board routes // Error handler specifically for Bull Board routes
app.use("/bullboard", (err, req, res, _next) => { app.use("/bullboard", (err, req, res, _next) => {

View File

@@ -1,9 +1,9 @@
const axios = require("axios"); const axios = require("axios");
const fs = require("node:fs").promises; const fs = require("node:fs").promises;
const path = require("node:path"); const path = require("node:path");
const { exec } = require("node:child_process"); const { exec, spawn } = require("node:child_process");
const { promisify } = require("node:util"); const { promisify } = require("node:util");
const execAsync = promisify(exec); const _execAsync = promisify(exec);
// Simple semver comparison function // Simple semver comparison function
function compareVersions(version1, version2) { function compareVersions(version1, version2) {
@@ -135,16 +135,34 @@ class AgentVersionService {
// Execute the agent binary with help flag to get version info // Execute the agent binary with help flag to get version info
try { try {
const { stdout, stderr } = await execAsync(`${agentPath} --help`, { const child = spawn(agentPath, ["--help"], {
timeout: 10000, timeout: 10000,
}); });
if (stderr) { let stdout = "";
console.log("⚠️ Agent help stderr:", stderr); let stderr = "";
child.stdout.on("data", (data) => {
stdout += data.toString();
});
child.stderr.on("data", (data) => {
stderr += data.toString();
});
const result = await new Promise((resolve, reject) => {
child.on("close", (code) => {
resolve({ stdout, stderr, code });
});
child.on("error", reject);
});
if (result.stderr) {
console.log("⚠️ Agent help stderr:", result.stderr);
} }
// Parse version from help output (e.g., "PatchMon Agent v1.3.0") // Parse version from help output (e.g., "PatchMon Agent v1.3.0")
const versionMatch = stdout.match( const versionMatch = result.stdout.match(
/PatchMon Agent v([0-9]+\.[0-9]+\.[0-9]+)/i, /PatchMon Agent v([0-9]+\.[0-9]+\.[0-9]+)/i,
); );
if (versionMatch) { if (versionMatch) {
@@ -153,7 +171,7 @@ class AgentVersionService {
} else { } else {
console.log( console.log(
"⚠️ Could not parse version from agent help output:", "⚠️ Could not parse version from agent help output:",
stdout, result.stdout,
); );
this.currentVersion = null; this.currentVersion = null;
} }

View File

@@ -26,7 +26,37 @@ function init(server, prismaClient) {
server.on("upgrade", async (request, socket, head) => { server.on("upgrade", async (request, socket, head) => {
try { try {
const { pathname } = url.parse(request.url); const { pathname } = url.parse(request.url);
if (!pathname || !pathname.startsWith("/api/")) { if (!pathname) {
socket.destroy();
return;
}
// Handle Bull Board WebSocket connections
if (pathname.startsWith("/bullboard")) {
// For Bull Board, we need to check if the user is authenticated
// Check for session cookie or authorization header
const sessionCookie = request.headers.cookie?.match(
/bull-board-session=([^;]+)/,
)?.[1];
const authHeader = request.headers.authorization;
if (!sessionCookie && !authHeader) {
socket.destroy();
return;
}
// Accept the WebSocket connection for Bull Board
wss.handleUpgrade(request, socket, head, (ws) => {
ws.on("message", (message) => {
// Echo back for Bull Board WebSocket
ws.send(message);
});
});
return;
}
// Handle agent WebSocket connections
if (!pathname.startsWith("/api/")) {
socket.destroy(); socket.destroy();
return; return;
} }

View File

@@ -8,7 +8,7 @@ ENV NODE_ENV=development \
PM_LOG_TO_CONSOLE=true \ PM_LOG_TO_CONSOLE=true \
PORT=3001 PORT=3001
RUN apk add --no-cache openssl tini curl RUN apk add --no-cache openssl tini curl libc6-compat
USER node USER node
@@ -64,7 +64,7 @@ ENV NODE_ENV=production \
JWT_REFRESH_EXPIRES_IN=7d \ JWT_REFRESH_EXPIRES_IN=7d \
SESSION_INACTIVITY_TIMEOUT_MINUTES=30 SESSION_INACTIVITY_TIMEOUT_MINUTES=30
RUN apk add --no-cache openssl tini curl RUN apk add --no-cache openssl tini curl libc6-compat
USER node USER node

View File

@@ -8,7 +8,7 @@ log() {
echo "[$(date +'%Y-%m-%d %H:%M:%S')] $*" >&2 echo "[$(date +'%Y-%m-%d %H:%M:%S')] $*" >&2
} }
# Function to extract version from agent script # Function to extract version from agent script (legacy)
get_agent_version() { get_agent_version() {
local file="$1" local file="$1"
if [ -f "$file" ]; then if [ -f "$file" ]; then
@@ -18,6 +18,32 @@ get_agent_version() {
fi fi
} }
# Function to get version from binary using --help flag
get_binary_version() {
local binary="$1"
if [ -f "$binary" ]; then
# Make sure binary is executable
chmod +x "$binary" 2>/dev/null || true
# Try to execute the binary and extract version from help output
# The Go binary shows version in the --help output as "PatchMon Agent v1.3.0"
local version=$("$binary" --help 2>&1 | grep -oE 'v[0-9]+\.[0-9]+\.[0-9]+' | head -n 1 | tr -d 'v')
if [ -n "$version" ]; then
echo "$version"
else
# Fallback: try --version flag
version=$("$binary" --version 2>&1 | grep -oE '[0-9]+\.[0-9]+\.[0-9]+' | head -n 1)
if [ -n "$version" ]; then
echo "$version"
else
echo "0.0.0"
fi
fi
else
echo "0.0.0"
fi
}
# Function to compare versions (returns 0 if $1 > $2) # Function to compare versions (returns 0 if $1 > $2)
version_greater() { version_greater() {
# Use sort -V for version comparison # Use sort -V for version comparison
@@ -28,6 +54,8 @@ version_greater() {
update_agents() { update_agents() {
local backup_agent="/app/agents_backup/patchmon-agent.sh" local backup_agent="/app/agents_backup/patchmon-agent.sh"
local current_agent="/app/agents/patchmon-agent.sh" local current_agent="/app/agents/patchmon-agent.sh"
local backup_binary="/app/agents_backup/patchmon-agent-linux-amd64"
local current_binary="/app/agents/patchmon-agent-linux-amd64"
# Check if agents directory exists # Check if agents directory exists
if [ ! -d "/app/agents" ]; then if [ ! -d "/app/agents" ]; then
@@ -41,54 +69,72 @@ update_agents() {
return 0 return 0
fi fi
# Get versions # Get versions from both script and binary
local backup_version=$(get_agent_version "$backup_agent") local backup_script_version=$(get_agent_version "$backup_agent")
local current_version=$(get_agent_version "$current_agent") local current_script_version=$(get_agent_version "$current_agent")
local backup_binary_version=$(get_binary_version "$backup_binary")
local current_binary_version=$(get_binary_version "$current_binary")
log "Agent version check:" log "Agent version check:"
log " Image version: ${backup_version}" log " Image script version: ${backup_script_version}"
log " Volume version: ${current_version}" log " Volume script version: ${current_script_version}"
log " Image binary version: ${backup_binary_version}"
log " Volume binary version: ${current_binary_version}"
# Determine if update is needed # Determine if update is needed
local needs_update=0 local needs_update=0
# Case 1: No agents in volume (first time setup) # Case 1: No agents in volume at all (first time setup)
if [ -z "$(find /app/agents -maxdepth 1 -type f -name '*.sh' 2>/dev/null | head -n 1)" ]; then if [ -z "$(find /app/agents -maxdepth 1 -type f 2>/dev/null | head -n 1)" ]; then
log "Agents directory is empty - performing initial copy" log "Agents directory is empty - performing initial copy"
needs_update=1 needs_update=1
# Case 2: Backup version is newer # Case 2: Binary exists but backup binary is newer
elif version_greater "$backup_version" "$current_version"; then elif [ "$current_binary_version" != "0.0.0" ] && version_greater "$backup_binary_version" "$current_binary_version"; then
log "Newer agent version available (${backup_version} > ${current_version})" log "Newer agent binary available (${backup_binary_version} > ${current_binary_version})"
needs_update=1
# Case 3: No binary in volume, but shell scripts exist (legacy setup) - copy binaries
elif [ "$current_binary_version" = "0.0.0" ] && [ "$backup_binary_version" != "0.0.0" ]; then
log "No binary found in volume but backup has binaries - performing update"
needs_update=1 needs_update=1
else else
log "Agents are up to date" log "Agents are up to date (binary: ${current_binary_version})"
needs_update=0 needs_update=0
fi fi
# Perform update if needed # Perform update if needed
if [ $needs_update -eq 1 ]; then if [ $needs_update -eq 1 ]; then
log "Updating agents to version ${backup_version}..." log "Updating agents to version ${backup_binary_version}..."
# Create backup of existing agents if they exist # Create backup of existing agents if they exist
if [ -f "$current_agent" ]; then if [ -f "$current_agent" ] || [ -f "$current_binary" ]; then
local backup_timestamp=$(date +%Y%m%d_%H%M%S) local backup_timestamp=$(date +%Y%m%d_%H%M%S)
local backup_name="/app/agents/patchmon-agent.sh.backup.${backup_timestamp}" mkdir -p "/app/agents/backups"
cp "$current_agent" "$backup_name" 2>/dev/null || true
log "Previous agent backed up to: $(basename $backup_name)" # Backup shell script if it exists
if [ -f "$current_agent" ]; then
cp "$current_agent" "/app/agents/backups/patchmon-agent.sh.${backup_timestamp}" 2>/dev/null || true
log "Previous script backed up"
fi fi
# Copy new agents # Backup binary if it exists
if [ -f "$current_binary" ]; then
cp "$current_binary" "/app/agents/backups/patchmon-agent-linux-amd64.${backup_timestamp}" 2>/dev/null || true
log "Previous binary backed up"
fi
fi
# Copy new agents (both scripts and binaries)
cp -r /app/agents_backup/* /app/agents/ cp -r /app/agents_backup/* /app/agents/
# Make agent binaries executable # Make agent binaries executable
chmod +x /app/agents/patchmon-agent-linux-* 2>/dev/null || true chmod +x /app/agents/patchmon-agent-linux-* 2>/dev/null || true
# Verify update # Verify update
local new_version=$(get_agent_version "$current_agent") local new_binary_version=$(get_binary_version "$current_binary")
if [ "$new_version" = "$backup_version" ]; then if [ "$new_binary_version" = "$backup_binary_version" ]; then
log "✅ Agents successfully updated to version ${new_version}" log "✅ Agents successfully updated to version ${new_binary_version}"
else else
log "⚠️ Warning: Agent update may have failed (expected: ${backup_version}, got: ${new_version})" log "⚠️ Warning: Agent update may have failed (expected: ${backup_binary_version}, got: ${new_binary_version})"
fi fi
fi fi
} }

View File

@@ -35,17 +35,20 @@ server {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Host $host;
proxy_set_header Cookie $http_cookie; # Forward cookies to backend
proxy_cache_bypass $http_upgrade; proxy_cache_bypass $http_upgrade;
proxy_read_timeout 300s; proxy_read_timeout 300s;
proxy_connect_timeout 75s; proxy_connect_timeout 75s;
# Enable cookie passthrough in both directions
proxy_pass_header Set-Cookie;
proxy_cookie_path / /;
# Preserve original client IP through proxy chain # Preserve original client IP through proxy chain
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for; proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# CORS headers for Bull Board # CORS headers for Bull Board - let backend handle CORS properly
add_header Access-Control-Allow-Origin * always; # Note: Backend handles CORS with proper origin validation and credentials
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization" always;
# Handle preflight requests # Handle preflight requests
if ($request_method = 'OPTIONS') { if ($request_method = 'OPTIONS') {
@@ -78,10 +81,8 @@ server {
# Preserve original client IP through proxy chain # Preserve original client IP through proxy chain
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for; proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# CORS headers for API calls - even though backend is doing it # CORS headers for API calls - let backend handle CORS properly
add_header Access-Control-Allow-Origin * always; # Note: Backend handles CORS with proper origin validation and credentials
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization" always;
# Handle preflight requests # Handle preflight requests
if ($request_method = 'OPTIONS') { if ($request_method = 'OPTIONS') {

View File

@@ -1,9 +1,33 @@
import { useMutation, useQuery, useQueryClient } from "@tanstack/react-query"; import { useMutation, useQuery, useQueryClient } from "@tanstack/react-query";
import { AlertCircle, CheckCircle, Clock, RefreshCw } from "lucide-react"; import {
AlertCircle,
CheckCircle,
Clock,
Download,
ExternalLink,
RefreshCw,
X,
} from "lucide-react";
import { useEffect, useState } from "react";
import api from "../../utils/api"; import api from "../../utils/api";
const AgentManagementTab = () => { const AgentManagementTab = () => {
const _queryClient = useQueryClient(); const _queryClient = useQueryClient();
const [toast, setToast] = useState(null);
// Auto-hide toast after 5 seconds
useEffect(() => {
if (toast) {
const timer = setTimeout(() => {
setToast(null);
}, 5000);
return () => clearTimeout(timer);
}
}, [toast]);
const showToast = (message, type = "success") => {
setToast({ message, type });
};
// Agent version queries // Agent version queries
const { const {
@@ -57,9 +81,11 @@ const AgentManagementTab = () => {
}, },
onSuccess: () => { onSuccess: () => {
refetchVersion(); refetchVersion();
showToast("Successfully checked for updates", "success");
}, },
onError: (error) => { onError: (error) => {
console.error("Check updates error:", error); console.error("Check updates error:", error);
showToast(`Failed to check for updates: ${error.message}`, "error");
}, },
}); });
@@ -79,11 +105,11 @@ const AgentManagementTab = () => {
// Show success message // Show success message
const message = const message =
data.data?.message || "Agent binaries downloaded successfully"; data.data?.message || "Agent binaries downloaded successfully";
alert(`${message}`); showToast(message, "success");
}, },
onError: (error) => { onError: (error) => {
console.error("Download update error:", error); console.error("Download update error:", error);
alert(`Download failed: ${error.message}`); showToast(`Download failed: ${error.message}`, "error");
}, },
}); });
@@ -173,112 +199,256 @@ const AgentManagementTab = () => {
return ( return (
<div className="space-y-6"> <div className="space-y-6">
{/* Header */} {/* Toast Notification */}
<div className="flex items-center justify-between mb-6"> {toast && (
<div> <div
<h2 className="text-2xl font-bold text-secondary-900 dark:text-white"> className={`fixed top-4 right-4 z-50 max-w-md rounded-lg shadow-lg border-2 p-4 flex items-start space-x-3 animate-in slide-in-from-top-5 ${
Agent Version Management toast.type === "success"
</h2> ? "bg-green-50 dark:bg-green-900/90 border-green-500 dark:border-green-600"
<p className="text-secondary-600 dark:text-secondary-300"> : "bg-red-50 dark:bg-red-900/90 border-red-500 dark:border-red-600"
Monitor agent versions and download updates }`}
>
<div
className={`flex-shrink-0 rounded-full p-1 ${
toast.type === "success"
? "bg-green-100 dark:bg-green-800"
: "bg-red-100 dark:bg-red-800"
}`}
>
{toast.type === "success" ? (
<CheckCircle className="h-5 w-5 text-green-600 dark:text-green-400" />
) : (
<AlertCircle className="h-5 w-5 text-red-600 dark:text-red-400" />
)}
</div>
<div className="flex-1">
<p
className={`text-sm font-medium ${
toast.type === "success"
? "text-green-800 dark:text-green-100"
: "text-red-800 dark:text-red-100"
}`}
>
{toast.message}
</p> </p>
</div> </div>
<div className="flex space-x-3"> <button
type="button"
onClick={() => setToast(null)}
className={`flex-shrink-0 rounded-lg p-1 transition-colors ${
toast.type === "success"
? "hover:bg-green-100 dark:hover:bg-green-800 text-green-600 dark:text-green-400"
: "hover:bg-red-100 dark:hover:bg-red-800 text-red-600 dark:text-red-400"
}`}
>
<X className="h-4 w-4" />
</button>
</div>
)}
{/* Header */}
<div className="mb-6">
<h2 className="text-2xl font-bold text-secondary-900 dark:text-white mb-2">
Agent Version Management
</h2>
<p className="text-secondary-600 dark:text-secondary-400">
Monitor and manage agent versions across your infrastructure
</p>
</div>
{/* Status Banner */}
<div
className={`rounded-xl shadow-sm p-6 border-2 ${
versionStatus.status === "up-to-date"
? "bg-green-50 dark:bg-green-900/20 border-green-200 dark:border-green-800"
: versionStatus.status === "update-available"
? "bg-yellow-50 dark:bg-yellow-900/20 border-yellow-200 dark:border-yellow-800"
: versionStatus.status === "no-agent"
? "bg-orange-50 dark:bg-orange-900/20 border-orange-200 dark:border-orange-800"
: "bg-white dark:bg-secondary-800 border-secondary-200 dark:border-secondary-600"
}`}
>
<div className="flex items-start justify-between">
<div className="flex items-start space-x-4">
<div
className={`p-3 rounded-lg ${
versionStatus.status === "up-to-date"
? "bg-green-100 dark:bg-green-800"
: versionStatus.status === "update-available"
? "bg-yellow-100 dark:bg-yellow-800"
: versionStatus.status === "no-agent"
? "bg-orange-100 dark:bg-orange-800"
: "bg-secondary-100 dark:bg-secondary-700"
}`}
>
{StatusIcon && (
<StatusIcon className={`h-6 w-6 ${versionStatus.color}`} />
)}
</div>
<div>
<h3 className="text-lg font-semibold text-secondary-900 dark:text-white mb-1">
{versionStatus.message}
</h3>
<p className="text-sm text-secondary-600 dark:text-secondary-400">
{versionStatus.status === "up-to-date" &&
"All agent binaries are current"}
{versionStatus.status === "update-available" &&
"A newer version is available for download"}
{versionStatus.status === "no-agent" &&
"Download agent binaries to get started"}
{versionStatus.status === "github-unavailable" &&
"Cannot check for updates at this time"}
{![
"up-to-date",
"update-available",
"no-agent",
"github-unavailable",
].includes(versionStatus.status) &&
"Version information unavailable"}
</p>
</div>
</div>
<button <button
type="button" type="button"
onClick={() => checkUpdatesMutation.mutate()} onClick={() => checkUpdatesMutation.mutate()}
disabled={checkUpdatesMutation.isPending} disabled={checkUpdatesMutation.isPending}
className="flex items-center px-4 py-2 bg-primary-600 text-white rounded-lg hover:bg-primary-700 disabled:opacity-50" className="flex items-center px-4 py-2 bg-white dark:bg-secondary-700 text-secondary-700 dark:text-secondary-200 rounded-lg hover:bg-secondary-50 dark:hover:bg-secondary-600 border border-secondary-300 dark:border-secondary-600 disabled:opacity-50 disabled:cursor-not-allowed transition-all duration-200 shadow-sm hover:shadow"
> >
<RefreshCw <RefreshCw
className={`h-4 w-4 mr-2 ${checkUpdatesMutation.isPending ? "animate-spin" : ""}`} className={`h-4 w-4 mr-2 ${checkUpdatesMutation.isPending ? "animate-spin" : ""}`}
/> />
Check Updates {checkUpdatesMutation.isPending
? "Checking..."
: "Check for Updates"}
</button> </button>
</div> </div>
</div> </div>
{/* Download Updates Button */} {/* Version Information Grid */}
<div className="bg-white dark:bg-secondary-800 rounded-lg shadow p-6 border border-secondary-200 dark:border-secondary-600"> <div className="grid grid-cols-1 md:grid-cols-3 gap-6">
<div className="flex items-center justify-between"> {/* Current Version Card */}
<div> <div className="bg-white dark:bg-secondary-800 rounded-xl shadow-sm p-6 border border-secondary-200 dark:border-secondary-600 hover:shadow-md transition-shadow duration-200">
<h3 className="text-lg font-semibold text-secondary-900 dark:text-white"> <h4 className="text-sm font-medium text-secondary-500 dark:text-secondary-400 mb-2">
{versionInfo?.currentVersion Current Version
? "Download Agent Updates" </h4>
: "Download Agent Binaries"} <p className="text-2xl font-bold text-secondary-900 dark:text-white">
</h3> {versionInfo?.currentVersion || (
<p className="text-secondary-600 dark:text-secondary-300"> <span className="text-lg text-secondary-400 dark:text-secondary-500">
{versionInfo?.currentVersion Not detected
? "Download the latest agent binaries from GitHub" </span>
: "No agent binaries found. Download from GitHub to get started."} )}
</p> </p>
</div> </div>
{/* Latest Version Card */}
<div className="bg-white dark:bg-secondary-800 rounded-xl shadow-sm p-6 border border-secondary-200 dark:border-secondary-600 hover:shadow-md transition-shadow duration-200">
<h4 className="text-sm font-medium text-secondary-500 dark:text-secondary-400 mb-2">
Latest Available
</h4>
<p className="text-2xl font-bold text-secondary-900 dark:text-white">
{versionInfo?.latestVersion || (
<span className="text-lg text-secondary-400 dark:text-secondary-500">
Unknown
</span>
)}
</p>
</div>
{/* Last Checked Card */}
<div className="bg-white dark:bg-secondary-800 rounded-xl shadow-sm p-6 border border-secondary-200 dark:border-secondary-600 hover:shadow-md transition-shadow duration-200">
<h4 className="text-sm font-medium text-secondary-500 dark:text-secondary-400 mb-2">
Last Checked
</h4>
<p className="text-lg font-semibold text-secondary-900 dark:text-white">
{versionInfo?.lastChecked
? new Date(versionInfo.lastChecked).toLocaleString("en-US", {
month: "short",
day: "numeric",
hour: "2-digit",
minute: "2-digit",
})
: "Never"}
</p>
</div>
</div>
{/* Download Updates Section */}
<div className="bg-gradient-to-br from-primary-50 to-blue-50 dark:from-secondary-800 dark:to-secondary-800 rounded-xl shadow-sm p-8 border border-primary-200 dark:border-secondary-600">
<div className="flex items-center justify-between">
<div className="flex-1">
<h3 className="text-xl font-bold text-secondary-900 dark:text-white mb-3">
{!versionInfo?.currentVersion
? "Get Started with Agent Binaries"
: versionStatus.status === "update-available"
? "New Agent Version Available"
: "Agent Binaries"}
</h3>
<p className="text-secondary-700 dark:text-secondary-300 mb-4">
{!versionInfo?.currentVersion
? "No agent binaries detected. Download from GitHub to begin managing your agents."
: versionStatus.status === "update-available"
? `A new agent version (${versionInfo.latestVersion}) is available. Download the latest binaries from GitHub.`
: "Download or redownload agent binaries from GitHub."}
</p>
<div className="flex items-center space-x-4">
<button <button
type="button" type="button"
onClick={() => downloadUpdateMutation.mutate()} onClick={() => downloadUpdateMutation.mutate()}
disabled={downloadUpdateMutation.isPending} disabled={downloadUpdateMutation.isPending}
className="flex items-center px-4 py-2 bg-blue-600 text-white rounded-lg hover:bg-blue-700 disabled:opacity-50" className="flex items-center px-6 py-3 bg-primary-600 text-white rounded-lg hover:bg-primary-700 disabled:opacity-50 disabled:cursor-not-allowed transition-all duration-200 shadow-md hover:shadow-lg font-medium"
> >
<RefreshCw {downloadUpdateMutation.isPending ? (
className={`h-4 w-4 mr-2 ${downloadUpdateMutation.isPending ? "animate-spin" : ""}`} <>
/> <RefreshCw className="h-5 w-5 mr-2 animate-spin" />
{downloadUpdateMutation.isPending Downloading...
? "Downloading..." </>
: versionInfo?.currentVersion ) : (
? "Download Updates" <>
: "Download Agent Binaries"} <Download className="h-5 w-5 mr-2" />
{!versionInfo?.currentVersion
? "Download Binaries"
: versionStatus.status === "update-available"
? "Download New Agent Version"
: "Redownload Binaries"}
</>
)}
</button> </button>
<a
href="https://github.com/PatchMon/PatchMon-agent/releases"
target="_blank"
rel="noopener noreferrer"
className="flex items-center px-4 py-3 text-secondary-700 dark:text-secondary-300 hover:text-primary-600 dark:hover:text-primary-400 transition-colors duration-200 font-medium"
>
<ExternalLink className="h-4 w-4 mr-2" />
View on GitHub
</a>
</div>
</div>
</div> </div>
</div> </div>
{/* Version Status Card */} {/* Supported Architectures */}
<div className="bg-white dark:bg-secondary-800 rounded-lg shadow p-6 border border-secondary-200 dark:border-secondary-600"> {versionInfo?.supportedArchitectures &&
<div className="flex items-center justify-between mb-4"> versionInfo.supportedArchitectures.length > 0 && (
<h3 className="text-lg font-semibold text-secondary-900 dark:text-white"> <div className="bg-white dark:bg-secondary-800 rounded-xl shadow-sm p-6 border border-secondary-200 dark:border-secondary-600">
Agent Version Status <h4 className="text-lg font-semibold text-secondary-900 dark:text-white mb-4">
</h3> Supported Architectures
<div className="flex items-center space-x-2"> </h4>
{StatusIcon && ( <div className="grid grid-cols-2 md:grid-cols-4 gap-3">
<StatusIcon className={`h-5 w-5 ${versionStatus.color}`} /> {versionInfo.supportedArchitectures.map((arch) => (
)} <div
<span className={`text-sm font-medium ${versionStatus.color}`}> key={arch}
{versionStatus.message} className="flex items-center justify-center px-4 py-3 bg-secondary-50 dark:bg-secondary-700 rounded-lg border border-secondary-200 dark:border-secondary-600"
</span> >
<code className="text-sm font-mono text-secondary-700 dark:text-secondary-300">
{arch}
</code>
</div> </div>
</div> ))}
{versionInfo && (
<div className="grid grid-cols-1 md:grid-cols-3 gap-4 text-sm">
<div>
<span className="text-secondary-500 dark:text-secondary-400">
Current Version:
</span>
<span className="ml-2 font-medium text-secondary-900 dark:text-white">
{versionInfo.currentVersion || "Unknown"}
</span>
</div>
<div>
<span className="text-secondary-500 dark:text-secondary-400">
Latest Version:
</span>
<span className="ml-2 font-medium text-secondary-900 dark:text-white">
{versionInfo.latestVersion || "Unknown"}
</span>
</div>
<div>
<span className="text-secondary-500 dark:text-secondary-400">
Last Checked:
</span>
<span className="ml-2 font-medium text-secondary-900 dark:text-white">
{versionInfo.lastChecked
? new Date(versionInfo.lastChecked).toLocaleString()
: "Never"}
</span>
</div> </div>
</div> </div>
)} )}
</div> </div>
</div>
); );
}; };

View File

@@ -228,7 +228,33 @@ const Automation = () => {
// Use the proxied URL through the frontend (port 3000) // Use the proxied URL through the frontend (port 3000)
// This avoids CORS issues as everything goes through the same origin // This avoids CORS issues as everything goes through the same origin
const url = `/bullboard?token=${encodeURIComponent(token)}`; const url = `/bullboard?token=${encodeURIComponent(token)}`;
window.open(url, "_blank", "width=1200,height=800"); // Open in a new tab instead of a new window
const bullBoardWindow = window.open(url, "_blank");
// Add a message listener to handle authentication failures
if (bullBoardWindow) {
// Listen for authentication failures and refresh with token
const checkAuth = () => {
try {
// Check if the Bull Board window is still open
if (bullBoardWindow.closed) return;
// Inject a script to handle authentication failures
bullBoardWindow.postMessage(
{
type: "BULL_BOARD_TOKEN",
token: token,
},
window.location.origin,
);
} catch (e) {
console.log("Could not communicate with Bull Board window:", e);
}
};
// Send token after a short delay to ensure Bull Board is loaded
setTimeout(checkAuth, 1000);
}
}; };
const triggerManualJob = async (jobType, data = {}) => { const triggerManualJob = async (jobType, data = {}) => {