npm - codeharbor - Versions diffs - 0.1.11 → 0.1.12 - Mend

codeharbor 0.1.11 → 0.1.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -91,6 +91,8 @@ codeharbor service uninstall --with-admin
 Notes:
 - Service commands auto-elevate with `sudo` when root privileges are required.
+- `codeharbor service install --with-admin` and `install-linux-easy.sh --enable-admin-service` now install
+  `/etc/sudoers.d/codeharbor-restart` for non-root service users, so Admin UI restart actions work out-of-box.
 - If your environment blocks interactive `sudo`, use explicit fallback:
   - `sudo <node-bin> <codeharbor-cli-script> service ...`
@@ -353,7 +355,8 @@ Note: `PUT /api/admin/config/global` writes to `.env` and marks changes as resta
 1. Start server: `codeharbor admin serve`.
 2. Open `/settings/global`, set `Admin Token` (if enabled), then click `Save Auth`.
 3. Adjust global fields and click `Save Global Config` (UI shows restart-required warning).
-4. Use `Restart Main Service` or `Restart Main + Admin` buttons for one-click restart from Admin UI (requires root-capable service context).
+4. Use `Restart Main Service` or `Restart Main + Admin` buttons for one-click restart from Admin UI.
+   If services were installed with `--with-admin`, restart permissions are auto-configured by installer.
 5. Open `/settings/rooms`, fill `Room ID + Workdir`, then `Save Room`.
 6. Open `/health` to run connectivity checks (`codex` + Matrix).
 7. Open `/audit` to verify config revisions (actor/summary/payload).

package/dist/cli.js CHANGED Viewed

@@ -254,6 +254,8 @@ function resolveUserRuntimeHome(env = process.env) {
 var SYSTEMD_DIR = "/etc/systemd/system";
 var MAIN_SERVICE_NAME = "codeharbor.service";
 var ADMIN_SERVICE_NAME = "codeharbor-admin.service";
+var SUDOERS_DIR = "/etc/sudoers.d";
+var RESTART_SUDOERS_FILE = "codeharbor-restart";
 function resolveDefaultRunUser(env = process.env) {
   const sudoUser = env.SUDO_USER?.trim();
   if (sudoUser) {
@@ -336,6 +338,21 @@ function buildAdminServiceUnit(options) {
     ""
   ].join("\n");
 }
+function buildRestartSudoersPolicy(options) {
+  const runUser = options.runUser.trim();
+  const systemctlPath = options.systemctlPath.trim();
+  validateSimpleValue(runUser, "runUser");
+  validateSimpleValue(systemctlPath, "systemctlPath");
+  if (!import_node_path3.default.isAbsolute(systemctlPath)) {
+    throw new Error("systemctlPath must be an absolute path.");
+  }
+  return [
+    "# Managed by CodeHarbor service install; do not edit manually.",
+    `Defaults:${runUser} !requiretty`,
+    `${runUser} ALL=(root) NOPASSWD: ${systemctlPath} restart ${MAIN_SERVICE_NAME}, ${systemctlPath} restart ${ADMIN_SERVICE_NAME}`,
+    ""
+  ].join("\n");
+}
 function installSystemdServices(options) {
   assertLinuxWithSystemd();
   assertRootPrivileges();
@@ -352,6 +369,7 @@ function installSystemdServices(options) {
   runCommand("chown", ["-R", `${runUser}:${runGroup}`, runtimeHome2]);
   const mainPath = import_node_path3.default.join(SYSTEMD_DIR, MAIN_SERVICE_NAME);
   const adminPath = import_node_path3.default.join(SYSTEMD_DIR, ADMIN_SERVICE_NAME);
+  const restartSudoersPath = import_node_path3.default.join(SUDOERS_DIR, RESTART_SUDOERS_FILE);
   const unitOptions = {
     runUser,
     runtimeHome: runtimeHome2,
@@ -361,6 +379,15 @@ function installSystemdServices(options) {
   import_node_fs3.default.writeFileSync(mainPath, buildMainServiceUnit(unitOptions), "utf8");
   if (options.installAdmin) {
     import_node_fs3.default.writeFileSync(adminPath, buildAdminServiceUnit(unitOptions), "utf8");
+    if (runUser !== "root") {
+      const policy = buildRestartSudoersPolicy({
+        runUser,
+        systemctlPath: resolveSystemctlPath()
+      });
+      import_node_fs3.default.mkdirSync(SUDOERS_DIR, { recursive: true });
+      import_node_fs3.default.writeFileSync(restartSudoersPath, policy, "utf8");
+      import_node_fs3.default.chmodSync(restartSudoersPath, 288);
+    }
   }
   runSystemctl(["daemon-reload"]);
   if (options.startNow) {
@@ -379,6 +406,10 @@ function installSystemdServices(options) {
   if (options.installAdmin) {
     output.write(`Installed systemd unit: ${adminPath}
 `);
+    if (runUser !== "root") {
+      output.write(`Installed sudoers policy: ${restartSudoersPath}
+`);
+    }
   }
   output.write("Done. Check status with: systemctl status codeharbor --no-pager\n");
 }
@@ -388,6 +419,7 @@ function uninstallSystemdServices(options) {
   const output = options.output ?? process.stdout;
   const mainPath = import_node_path3.default.join(SYSTEMD_DIR, MAIN_SERVICE_NAME);
   const adminPath = import_node_path3.default.join(SYSTEMD_DIR, ADMIN_SERVICE_NAME);
+  const restartSudoersPath = import_node_path3.default.join(SUDOERS_DIR, RESTART_SUDOERS_FILE);
   stopAndDisableIfPresent(MAIN_SERVICE_NAME);
   if (import_node_fs3.default.existsSync(mainPath)) {
     import_node_fs3.default.unlinkSync(mainPath);
@@ -397,6 +429,9 @@ function uninstallSystemdServices(options) {
     if (import_node_fs3.default.existsSync(adminPath)) {
       import_node_fs3.default.unlinkSync(adminPath);
     }
+    if (import_node_fs3.default.existsSync(restartSudoersPath)) {
+      import_node_fs3.default.unlinkSync(restartSudoersPath);
+    }
   }
   runSystemctl(["daemon-reload"]);
   runSystemctlIgnoreFailure(["reset-failed"]);
@@ -404,19 +439,22 @@ function uninstallSystemdServices(options) {
 `);
   if (options.removeAdmin) {
     output.write(`Removed systemd unit: ${adminPath}
+`);
+    output.write(`Removed sudoers policy: ${restartSudoersPath}
 `);
   }
   output.write("Done.\n");
 }
 function restartSystemdServices(options) {
   assertLinuxWithSystemd();
-  assertRootPrivileges();
   const output = options.output ?? process.stdout;
-  runSystemctl(["restart", MAIN_SERVICE_NAME]);
+  const runWithSudoFallback = options.allowSudoFallback ?? true;
+  const systemctlRunner = hasRootPrivileges() || !runWithSudoFallback ? runSystemctl : runSystemctlWithNonInteractiveSudo;
+  systemctlRunner(["restart", MAIN_SERVICE_NAME]);
   output.write(`Restarted service: ${MAIN_SERVICE_NAME}
 `);
   if (options.restartAdmin) {
-    runSystemctl(["restart", ADMIN_SERVICE_NAME]);
+    systemctlRunner(["restart", ADMIN_SERVICE_NAME]);
     output.write(`Restarted service: ${ADMIN_SERVICE_NAME}
 `);
   }
@@ -460,13 +498,16 @@ function assertLinuxWithSystemd() {
   }
 }
 function assertRootPrivileges() {
-  if (typeof process.getuid !== "function") {
-    return;
-  }
-  if (process.getuid() !== 0) {
+  if (!hasRootPrivileges()) {
     throw new Error("Root privileges are required. Run with sudo.");
   }
 }
+function hasRootPrivileges() {
+  if (typeof process.getuid !== "function") {
+    return true;
+  }
+  return process.getuid() === 0;
+}
 function ensureUserExists(runUser) {
   runCommand("id", ["-u", runUser]);
 }
@@ -476,6 +517,17 @@ function resolveUserGroup(runUser) {
 function runSystemctl(args) {
   runCommand("systemctl", args);
 }
+function runSystemctlWithNonInteractiveSudo(args) {
+  const systemctlPath = resolveSystemctlPath();
+  try {
+    runCommand("sudo", ["-n", systemctlPath, ...args]);
+  } catch (error) {
+    throw new Error(
+      "Root privileges are required. Configure passwordless sudo for the CodeHarbor service user or run the CLI command manually with sudo.",
+      { cause: error }
+    );
+  }
+}
 function stopAndDisableIfPresent(unitName) {
   runSystemctlIgnoreFailure(["disable", "--now", unitName]);
 }
@@ -485,6 +537,20 @@ function runSystemctlIgnoreFailure(args) {
   } catch {
   }
 }
+function resolveSystemctlPath() {
+  const candidates = [];
+  const pathEntries = (process.env.PATH ?? "").split(import_node_path3.default.delimiter).filter(Boolean);
+  for (const entry of pathEntries) {
+    candidates.push(import_node_path3.default.join(entry, "systemctl"));
+  }
+  candidates.push("/usr/bin/systemctl", "/bin/systemctl", "/usr/local/bin/systemctl");
+  for (const candidate of candidates) {
+    if (import_node_path3.default.isAbsolute(candidate) && import_node_fs3.default.existsSync(candidate)) {
+      return candidate;
+    }
+  }
+  throw new Error("Unable to resolve absolute systemctl path.");
+}
 function runCommand(file, args) {
   try {
     return (0, import_node_child_process.execFileSync)(file, args, {
@@ -739,7 +805,7 @@ var AdminServer = class {
         } catch (error) {
           throw new HttpError(
             500,
-            `Service restart failed: ${formatError(error)}. Ensure service has root privileges or run CLI command manually.`
+            `Service restart failed: ${formatError(error)}. Install services via "codeharbor service install --with-admin" to auto-configure restart permissions, or run CLI command manually with sudo.`
           );
         }
       }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "codeharbor",
-  "version": "0.1.11",
+  "version": "0.1.12",
   "description": "Instant-messaging bridge for Codex CLI sessions",
   "license": "MIT",
   "main": "dist/cli.js",