ezpm2gui 1.3.2 → 1.5.0

package/dist/server/routes/updates.js

@@ -0,0 +1,135 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const express_1 = require("express");
+const child_process_1 = require("child_process");
+const path_1 = __importDefault(require("path"));
+const fs_1 = __importDefault(require("fs"));
+const https_1 = __importDefault(require("https"));
+// @group Utilities : Read the current installed version from package.json
+const getCurrentVersion = () => {
+    try {
+        // Try the package root (works when run from source or dist)
+        const candidates = [
+            path_1.default.resolve(__dirname, '../../../package.json'),
+            path_1.default.resolve(__dirname, '../../package.json'),
+            path_1.default.resolve(process.cwd(), 'package.json'),
+        ];
+        for (const p of candidates) {
+            if (fs_1.default.existsSync(p)) {
+                const pkg = JSON.parse(fs_1.default.readFileSync(p, 'utf8'));
+                if (pkg.name === 'ezpm2gui')
+                    return pkg.version;
+            }
+        }
+    }
+    catch {
+        // fall through
+    }
+    return '0.0.0';
+};
+// @group Utilities : Fetch latest version info from npm registry (no external deps)
+const fetchNpmLatest = () => new Promise((resolve, reject) => {
+    const req = https_1.default.get('https://registry.npmjs.org/ezpm2gui/latest', { headers: { Accept: 'application/json' } }, (res) => {
+        let data = '';
+        res.on('data', (chunk) => { data += chunk; });
+        res.on('end', () => {
+            var _a;
+            try {
+                const json = JSON.parse(data);
+                resolve({
+                    version: json.version,
+                    description: json.description,
+                    publishedAt: (_a = json.time) === null || _a === void 0 ? void 0 : _a.modified,
+                });
+            }
+            catch {
+                reject(new Error('Failed to parse npm registry response'));
+            }
+        });
+    });
+    req.on('error', reject);
+    req.setTimeout(8000, () => { req.destroy(); reject(new Error('npm registry request timed out')); });
+});
+// @group Utilities : Compare semver strings — returns true if b is newer than a
+const isNewer = (current, latest) => {
+    const parse = (v) => v.replace(/^v/, '').split('.').map(Number);
+    const [cMaj, cMin, cPat] = parse(current);
+    const [lMaj, lMin, lPat] = parse(latest);
+    if (lMaj !== cMaj)
+        return lMaj > cMaj;
+    if (lMin !== cMin)
+        return lMin > cMin;
+    return lPat > cPat;
+};
+const router = (0, express_1.Router)();
+// @group CheckUpdate : GET /api/update/check — returns current vs latest npm version
+router.get('/check', async (_req, res) => {
+    try {
+        const currentVersion = getCurrentVersion();
+        const { version: latestVersion, publishedAt } = await fetchNpmLatest();
+        const updateAvailable = isNewer(currentVersion, latestVersion);
+        const result = {
+            currentVersion,
+            latestVersion,
+            updateAvailable,
+            publishedAt,
+        };
+        res.json({ success: true, data: result });
+    }
+    catch (err) {
+        console.error('Update check failed:', err);
+        res.status(503).json({ success: false, error: err.message || 'Failed to reach npm registry' });
+    }
+});
+// @group InstallUpdate : POST /api/update/install — installs ezpm2gui@latest globally
+// Streams progress lines as newline-delimited JSON (ndjson) so the client can read incrementally.
+router.post('/install', (req, res) => {
+    res.setHeader('Content-Type', 'application/x-ndjson');
+    res.setHeader('Transfer-Encoding', 'chunked');
+    res.setHeader('Cache-Control', 'no-cache');
+    res.flushHeaders();
+    const send = (type, message) => {
+        res.write(JSON.stringify({ type, message }) + '\n');
+    };
+    send('log', 'Starting update — running npm install -g ezpm2gui@latest...');
+    // Use `npm` with execFile for safety — no shell injection possible
+    const npmCmd = process.platform === 'win32' ? 'npm.cmd' : 'npm';
+    const child = (0, child_process_1.spawn)(npmCmd, ['install', '-g', 'ezpm2gui@latest'], {
+        stdio: ['ignore', 'pipe', 'pipe'],
+        shell: false,
+    });
+    child.stdout.on('data', (chunk) => {
+        chunk.toString().split('\n').filter(Boolean).forEach((line) => send('log', line));
+    });
+    child.stderr.on('data', (chunk) => {
+        // npm writes progress to stderr — treat as log unless it's an actual error keyword
+        const text = chunk.toString();
+        const isError = /^npm (ERR|error)/i.test(text.trim());
+        text.split('\n').filter(Boolean).forEach((line) => send(isError ? 'error' : 'log', line));
+    });
+    child.on('close', (code) => {
+        if (code === 0) {
+            send('done', 'Update installed successfully. Reload the page to use the new frontend. Restart the server to apply backend changes.');
+        }
+        else {
+            send('fail', `npm exited with code ${code}. Update may have failed.`);
+        }
+        res.end();
+    });
+    child.on('error', (err) => {
+        send('fail', `Failed to run npm: ${err.message}`);
+        res.end();
+    });
+});
+// @group RestartServer : POST /api/update/restart — graceful server restart (relies on process manager to respawn)
+router.post('/restart', (_req, res) => {
+    res.json({ success: true, message: 'Server will restart in 1 second.' });
+    setTimeout(() => {
+        console.log('[ezpm2gui] Graceful restart triggered via API.');
+        process.exit(0);
+    }, 1000);
+});
+exports.default = router;

package/dist/server/utils/encryption.js

@@ -44,29 +44,17 @@ function encrypt(text) {
 function decrypt(encryptedText) {
     if (!encryptedText)
         return '';
-    // Special handling for manually entered passwords in the config file
-    if (encryptedText === '11342b0ca35d70c17955d874e5d4b0a26547521f705a6f74320b5d7bfeb56369') {
-        console.log('Using hardcoded credential for specific password hash');
-        return 'test1234';
-    }
     try {
-        console.log(`Attempting to decrypt: ${encryptedText.substring(0, 10)}...`);
         // Ensure key and IV are the correct length
         const key = crypto_1.default.createHash('sha256').update(String(ENCRYPTION_KEY)).digest('base64').slice(0, 32);
         const iv = crypto_1.default.createHash('sha256').update(String(ENCRYPTION_IV)).digest('base64').slice(0, 16);
         const decipher = crypto_1.default.createDecipheriv(ALGORITHM, key, iv);
         let decrypted = decipher.update(encryptedText, 'hex', 'utf8');
         decrypted += decipher.final('utf8');
-        console.log('Decryption successful');
         return decrypted;
     }
     catch (error) {
         console.error('Decryption error:', error);
-        // For development only - return a value even if decryption fails
-        if (encryptedText && encryptedText.length > 10) {
-            console.log('Returning fallback credential for development');
-            return 'test1234';
-        }
         return '';
     }
 }

package/dist/server/utils/pm2-connection.d.ts

@@ -13,4 +13,4 @@ export declare const disconnectFromPM2: () => Promise<void>;
  * This will connect to PM2 if needed, run the command,
  * and properly handle the result
  */
-export declare const executePM2Command: <T>(command: (callback: (err: Error | null, result?: T) => void) => void) => Promise<T>;
+export declare const executePM2Command: <T = any>(command: (callback: (err: Error | null, result?: T) => void) => void) => Promise<T>;

package/dist/server/utils/pm2-connection.js

@@ -103,6 +103,7 @@ exports.disconnectFromPM2 = disconnectFromPM2;
  * This will connect to PM2 if needed, run the command,
  * and properly handle the result
  */
+// @group ConnectionPool : Execute a PM2 command using the shared pooled connection
 const executePM2Command = async (command) => {
     try {
         await (0, exports.connectToPM2)();
@@ -111,9 +112,6 @@ const executePM2Command = async (command) => {
                 if (err) {
                     reject(err);
                 }
-                else if (result === undefined) {
-                    reject(new Error('PM2 command returned undefined result'));
-                }
                 else {
                     resolve(result);
                 }

package/dist/server/utils/remote-connection.d.ts

@@ -54,16 +54,49 @@ export declare class RemoteConnection extends EventEmitter {
      * @param forceSudo Whether to force using sudo for this specific command
      */
     executeCommand(command: string, forceSudo?: boolean): Promise<CommandResult>;
+    /**
+     * Stream a remote file directly into an HTTP response without buffering.
+     *
+     * Strategy (tried in order):
+     *   1. SFTP createReadStream  — best; handles large files, uses file-transfer protocol
+     *   2. exec `cat <file>`      — current SSH user, direct pipe to response
+     *   3. exec `sudo -S cat`     — password-based sudo (when password auth is configured)
+     *   4. exec `sudo cat`        — NOPASSWD sudo (key-based auth where sudo needs no password)
+     */
+    private static readonly SHELL_UNSAFE;
+    private static validateRemotePath;
+    streamFileToResponse(remotePath: string, res: import('express').Response, fileName: string): Promise<void>;
+    /**
+     * Stream a remote .gz file to an HTTP response, decompressing it on the fly.
+     * Uses SFTP + local zlib.createGunzip() pipeline — no server-side buffering.
+     * Falls back to exec `zcat` if SFTP is unavailable.
+     */
+    streamGzFileToResponse(remotePath: string, res: import('express').Response, fileName: string): Promise<void>;
     /**
      * Check if PM2 is installed on the remote server
      * Uses multiple detection methods for better reliability
      */
     checkPM2Installation(): Promise<boolean>;
     /**
-     * Execute a PM2 command with proper PATH handling
-     * Tries different methods to find and execute PM2
+     * Ordered list of command builders tried when resolving the pm2 binary.
+     * The index of the first successful builder is cached so that subsequent
+     * calls (including streaming commands) reuse the same invocation.
+     */
+    private static readonly PM2_BUILDERS;
+    /** Index into PM2_BUILDERS of the invocation that actually works on this host. -1 = not yet resolved. */
+    private resolvedBuilderIndex;
+    /**
+     * Execute a PM2 command with proper PATH handling.
+     * The first successful invocation is cached so later calls (and streaming
+     * commands) reuse the same shell/binary path without re-probing.
+     */
+    executePM2Command(pm2Args: string): Promise<CommandResult>;
+    /**
+     * Build a pm2 command string using the already-resolved invocation pattern.
+     * Falls back to bash -li -c if the resolver has not yet run.
+     * Use this when you need the raw command string for a streaming shell exec.
      */
-    private executePM2Command;
+    buildPM2StreamCommand(pm2Args: string): string;
     /**
      * Get PM2 processes from the remote server
      */