ezpm2gui 1.4.0 → 1.6.0

package/dist/server/routes/remoteConnections.js

@@ -6,6 +6,26 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const express_1 = __importDefault(require("express"));
 const remote_connection_1 = require("../utils/remote-connection");
 const router = express_1.default.Router();
+// @group Security : Validate remote log file paths before shell interpolation
+const SHELL_UNSAFE_CHARS = /['"`;$|&<>(){}\\\n\r\0]/;
+const MAX_LOG_LINES = 10000;
+const validateRemotePath = (filePath) => {
+    if (!filePath)
+        return false;
+    if (filePath.includes('..'))
+        return false;
+    if (SHELL_UNSAFE_CHARS.test(filePath))
+        return false;
+    if (!/\.(log|gz)$/i.test(filePath))
+        return false;
+    return true;
+};
+const safeLogLines = (raw) => {
+    const n = parseInt(raw || '200', 10);
+    if (!Number.isFinite(n) || n < 0)
+        return 200;
+    return Math.min(n, MAX_LOG_LINES);
+};
 /**
  * Connect to an existing remote server
  * POST /api/remote/:connectionId/connect
@@ -552,6 +572,246 @@ router.get('/:connectionId/logs/:processId', async (req, res) => {
         });
     }
 });
+// @group LogHistory : Helper — resolve log path for a given process on a remote connection
+const resolveRemoteLogPath = async (connection, processId, logType) => {
+    var _a, _b;
+    const processInfoResult = await connection.executePM2Command('jlist');
+    if (processInfoResult.code !== 0)
+        return { logPath: null, error: 'Failed to get PM2 process list' };
+    try {
+        let raw = processInfoResult.stdout.trim();
+        const start = raw.indexOf('[');
+        const end = raw.lastIndexOf(']') + 1;
+        if (start !== -1 && end > 0)
+            raw = raw.substring(start, end);
+        const processList = JSON.parse(raw);
+        const proc = processList.find((p) => p.pm_id === parseInt(processId, 10) || p.name === processId);
+        if (!proc)
+            return { logPath: null, error: 'Process not found' };
+        const key = logType === 'out' ? 'pm_out_log_path' : 'pm_err_log_path';
+        return { logPath: (_b = (_a = proc.pm2_env) === null || _a === void 0 ? void 0 : _a[key]) !== null && _b !== void 0 ? _b : null };
+    }
+    catch {
+        return { logPath: null, error: 'Failed to parse PM2 process list' };
+    }
+};
+/**
+ * Get log lines from a specific log type on a remote process — ?lines=N (default 200, 0 = all)
+ * GET /api/remote/:connectionId/logs/:processId/:type
+ */
+router.get('/:connectionId/logs/:processId/:type', async (req, res) => {
+    var _a;
+    try {
+        const { connectionId, processId, type } = req.params;
+        const logType = type === 'err' ? 'err' : 'out';
+        const lines = safeLogLines(req.query.lines);
+        const connection = remote_connection_1.remoteConnectionManager.getConnection(connectionId);
+        if (!connection)
+            return res.status(404).json({ success: false, error: 'Connection not found' });
+        if (!connection.isConnected())
+            return res.status(400).json({ success: false, error: 'Not connected' });
+        const { logPath, error } = await resolveRemoteLogPath(connection, processId, logType);
+        if (!logPath)
+            return res.status(404).json({ success: false, error: error || 'Log path not found' });
+        // tail -n 0 = all lines; use wc -l to get total count alongside
+        const lineArg = lines === 0 ? '+1' : `-${lines}`;
+        const cmd = `{ wc -l < "${logPath}" 2>/dev/null || echo 0; } && tail -n ${lineArg} "${logPath}" 2>/dev/null`;
+        let result = await connection.executeCommand(cmd);
+        // Fallback to sudo if the file is unreadable (root-owned logs)
+        if (result.code !== 0 || !result.stdout.trim()) {
+            result = await connection.executeCommand(`{ sudo wc -l < "${logPath}" 2>/dev/null || echo 0; } && sudo tail -n ${lineArg} "${logPath}" 2>/dev/null`);
+        }
+        const outputLines = result.stdout.split('\n');
+        const totalLines = parseInt(((_a = outputLines[0]) === null || _a === void 0 ? void 0 : _a.trim()) || '0', 10);
+        const logLines = outputLines.slice(1).filter((l) => l.trim() !== '');
+        res.json({ logs: logLines, logPath, totalLines });
+    }
+    catch (error) {
+        console.error('Error fetching remote log history:', error);
+        res.status(500).json({ success: false, error: `Server error: ${error instanceof Error ? error.message : 'Unknown error'}` });
+    }
+});
+/**
+ * Download full log file from a remote process via SSH
+ * GET /api/remote/:connectionId/logs/:processId/:type/download
+ */
+router.get('/:connectionId/logs/:processId/:type/download', async (req, res) => {
+    try {
+        const { connectionId, processId, type } = req.params;
+        const logType = type === 'err' ? 'err' : 'out';
+        const connection = remote_connection_1.remoteConnectionManager.getConnection(connectionId);
+        if (!connection)
+            return res.status(404).json({ success: false, error: 'Connection not found' });
+        if (!connection.isConnected())
+            return res.status(400).json({ success: false, error: 'Not connected' });
+        const { logPath, error } = await resolveRemoteLogPath(connection, processId, logType);
+        if (!logPath)
+            return res.status(404).json({ success: false, error: error || 'Log path not found' });
+        const fileName = `${processId}-${logType}.log`;
+        await connection.streamFileToResponse(logPath, res, fileName);
+    }
+    catch (error) {
+        console.error('Error downloading remote log:', error);
+        if (!res.headersSent) {
+            res.status(500).json({ success: false, error: `Server error: ${error instanceof Error ? error.message : 'Unknown error'}` });
+        }
+    }
+});
+/**
+ * List all log files (current + rotated) for a remote process
+ * GET /api/remote/:connectionId/log-files/:processId
+ * Uses /log-files/ prefix to avoid Express matching /:processId/:type with type='files'
+ */
+router.get('/:connectionId/log-files/:processId', async (req, res) => {
+    try {
+        const { connectionId, processId } = req.params;
+        const connection = remote_connection_1.remoteConnectionManager.getConnection(connectionId);
+        if (!connection)
+            return res.status(404).json({ success: false, error: 'Connection not found' });
+        if (!connection.isConnected())
+            return res.status(400).json({ success: false, error: 'Not connected' });
+        // Resolve both log paths so we know the directory and base name
+        const { logPath: outPath } = await resolveRemoteLogPath(connection, processId, 'out');
+        const { logPath: errPath } = await resolveRemoteLogPath(connection, processId, 'err');
+        if (!outPath && !errPath) {
+            return res.status(404).json({ success: false, error: 'No log paths found for this process' });
+        }
+        // Derive log directory + base name from the out log path (or err if out missing)
+        const refPath = outPath || errPath;
+        const logDir = refPath.substring(0, refPath.lastIndexOf('/'));
+        const baseName = refPath.split('/').pop().replace(/-out\.log.*$/, '').replace(/-(error|err)\.log.*$/, '');
+        // List matching files in the log directory
+        const lsCmd = `ls -la "${logDir}" 2>/dev/null`;
+        let lsResult = await connection.executeCommand(lsCmd);
+        if (lsResult.code !== 0)
+            lsResult = await connection.executeCommand(`sudo ${lsCmd}`);
+        const files = [];
+        if (lsResult.code === 0) {
+            for (const line of lsResult.stdout.split('\n')) {
+                // ls -la line: permissions links owner group size month day time name
+                const parts = line.trim().split(/\s+/);
+                if (parts.length < 9)
+                    continue;
+                const fileName = parts.slice(8).join(' ');
+                if (!fileName.startsWith(baseName))
+                    continue;
+                const size = parseInt(parts[4], 10) || 0;
+                const month = parts[5];
+                const day = parts[6];
+                const timeOrYr = parts[7];
+                const modified = `${month} ${day} ${timeOrYr}`;
+                let type = 'unknown';
+                if (fileName.includes('-out'))
+                    type = 'out';
+                else if (fileName.includes('-error') || fileName.includes('-err'))
+                    type = 'err';
+                files.push({
+                    name: fileName,
+                    path: `${logDir}/${fileName}`,
+                    size,
+                    modified,
+                    type,
+                    compressed: fileName.endsWith('.gz'),
+                });
+            }
+        }
+        // Sort: current files first (no date suffix), then rotated newest first
+        files.sort((a, b) => {
+            const aRot = a.name.includes('__') || /\d{4}-\d{2}/.test(a.name);
+            const bRot = b.name.includes('__') || /\d{4}-\d{2}/.test(b.name);
+            if (!aRot && bRot)
+                return -1;
+            if (aRot && !bRot)
+                return 1;
+            return b.name.localeCompare(a.name);
+        });
+        res.json({ files });
+    }
+    catch (error) {
+        console.error('Error listing remote log files:', error);
+        res.status(500).json({ success: false, error: `Server error: ${error instanceof Error ? error.message : 'Unknown error'}` });
+    }
+});
+/**
+ * Read a specific remote log file by path — ?lines=N, handles .gz via zcat
+ * GET /api/remote/:connectionId/log-file?path=...&lines=N
+ * Uses /log-file top-level to avoid clashing with /logs/:processId routes
+ */
+router.get('/:connectionId/log-file', async (req, res) => {
+    var _a;
+    try {
+        const { connectionId } = req.params;
+        const filePath = req.query.path;
+        const lines = safeLogLines(req.query.lines);
+        if (!filePath)
+            return res.status(400).json({ error: 'path query parameter required' });
+        // Strict path validation — blocks traversal, shell metacharacters, and non-log extensions
+        if (!validateRemotePath(filePath)) {
+            return res.status(403).json({ error: 'Access denied: invalid or unsafe log file path' });
+        }
+        const connection = remote_connection_1.remoteConnectionManager.getConnection(connectionId);
+        if (!connection)
+            return res.status(404).json({ success: false, error: 'Connection not found' });
+        if (!connection.isConnected())
+            return res.status(400).json({ success: false, error: 'Not connected' });
+        const isGz = filePath.endsWith('.gz');
+        const catCmd = isGz ? `zcat "${filePath}" 2>/dev/null` : `cat "${filePath}" 2>/dev/null`;
+        const lineArg = lines === 0 ? '' : `| tail -n ${lines}`;
+        const countCmd = isGz
+            ? `zcat "${filePath}" 2>/dev/null | wc -l`
+            : `wc -l < "${filePath}" 2>/dev/null`;
+        const [contentResult, countResult] = await Promise.all([
+            connection.executeCommand(`${catCmd} ${lineArg}`).catch(() => ({ code: 1, stdout: '', stderr: '' })),
+            connection.executeCommand(countCmd).catch(() => ({ code: 1, stdout: '0', stderr: '' })),
+        ]);
+        // Fallback to sudo on permission error
+        const content = contentResult.code === 0 && contentResult.stdout.trim()
+            ? contentResult
+            : await connection.executeCommand(`sudo ${catCmd} ${lineArg}`);
+        const totalLines = parseInt(((_a = countResult.stdout) === null || _a === void 0 ? void 0 : _a.trim()) || '0', 10);
+        const logLines = (content.stdout || '').split('\n').filter((l) => l.trim() !== '');
+        res.json({ logs: logLines, totalLines });
+    }
+    catch (error) {
+        console.error('Error reading remote log file:', error);
+        res.status(500).json({ success: false, error: `Server error: ${error instanceof Error ? error.message : 'Unknown error'}` });
+    }
+});
+/**
+ * Download a specific remote log file by path via SSH cat/zcat
+ * GET /api/remote/:connectionId/log-file/download?path=...
+ */
+router.get('/:connectionId/log-file/download', async (req, res) => {
+    try {
+        const { connectionId } = req.params;
+        const filePath = req.query.path;
+        if (!filePath)
+            return res.status(400).json({ error: 'path query parameter required' });
+        if (!validateRemotePath(filePath)) {
+            return res.status(403).json({ error: 'Access denied: invalid or unsafe log file path' });
+        }
+        const connection = remote_connection_1.remoteConnectionManager.getConnection(connectionId);
+        if (!connection)
+            return res.status(404).json({ success: false, error: 'Connection not found' });
+        if (!connection.isConnected())
+            return res.status(400).json({ success: false, error: 'Not connected' });
+        // .gz files: stream via SFTP + local gunzip (no server-side memory buffering)
+        if (filePath.endsWith('.gz')) {
+            const gzName = filePath.split('/').pop().replace(/\.gz$/, '');
+            await connection.streamGzFileToResponse(filePath, res, gzName);
+            return;
+        }
+        // Plain files: SFTP stream
+        const fileName = filePath.split('/').pop();
+        await connection.streamFileToResponse(filePath, res, fileName);
+    }
+    catch (error) {
+        console.error('Error downloading remote log file:', error);
+        if (!res.headersSent) {
+            res.status(500).json({ success: false, error: `Server error: ${error instanceof Error ? error.message : 'Unknown error'}` });
+        }
+    }
+});
 /**
  * Get list of all remote connections with their status
  * GET /api/remote/connections

package/dist/server/routes/updates.d.ts

@@ -0,0 +1,3 @@
+import { Router } from 'express';
+declare const router: Router;
+export default router;

package/dist/server/routes/updates.js

@@ -0,0 +1,135 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const express_1 = require("express");
+const child_process_1 = require("child_process");
+const path_1 = __importDefault(require("path"));
+const fs_1 = __importDefault(require("fs"));
+const https_1 = __importDefault(require("https"));
+// @group Utilities : Read the current installed version from package.json
+const getCurrentVersion = () => {
+    try {
+        // Try the package root (works when run from source or dist)
+        const candidates = [
+            path_1.default.resolve(__dirname, '../../../package.json'),
+            path_1.default.resolve(__dirname, '../../package.json'),
+            path_1.default.resolve(process.cwd(), 'package.json'),
+        ];
+        for (const p of candidates) {
+            if (fs_1.default.existsSync(p)) {
+                const pkg = JSON.parse(fs_1.default.readFileSync(p, 'utf8'));
+                if (pkg.name === 'ezpm2gui')
+                    return pkg.version;
+            }
+        }
+    }
+    catch {
+        // fall through
+    }
+    return '0.0.0';
+};
+// @group Utilities : Fetch latest version info from npm registry (no external deps)
+const fetchNpmLatest = () => new Promise((resolve, reject) => {
+    const req = https_1.default.get('https://registry.npmjs.org/ezpm2gui/latest', { headers: { Accept: 'application/json' } }, (res) => {
+        let data = '';
+        res.on('data', (chunk) => { data += chunk; });
+        res.on('end', () => {
+            var _a;
+            try {
+                const json = JSON.parse(data);
+                resolve({
+                    version: json.version,
+                    description: json.description,
+                    publishedAt: (_a = json.time) === null || _a === void 0 ? void 0 : _a.modified,
+                });
+            }
+            catch {
+                reject(new Error('Failed to parse npm registry response'));
+            }
+        });
+    });
+    req.on('error', reject);
+    req.setTimeout(8000, () => { req.destroy(); reject(new Error('npm registry request timed out')); });
+});
+// @group Utilities : Compare semver strings — returns true if b is newer than a
+const isNewer = (current, latest) => {
+    const parse = (v) => v.replace(/^v/, '').split('.').map(Number);
+    const [cMaj, cMin, cPat] = parse(current);
+    const [lMaj, lMin, lPat] = parse(latest);
+    if (lMaj !== cMaj)
+        return lMaj > cMaj;
+    if (lMin !== cMin)
+        return lMin > cMin;
+    return lPat > cPat;
+};
+const router = (0, express_1.Router)();
+// @group CheckUpdate : GET /api/update/check — returns current vs latest npm version
+router.get('/check', async (_req, res) => {
+    try {
+        const currentVersion = getCurrentVersion();
+        const { version: latestVersion, publishedAt } = await fetchNpmLatest();
+        const updateAvailable = isNewer(currentVersion, latestVersion);
+        const result = {
+            currentVersion,
+            latestVersion,
+            updateAvailable,
+            publishedAt,
+        };
+        res.json({ success: true, data: result });
+    }
+    catch (err) {
+        console.error('Update check failed:', err);
+        res.status(503).json({ success: false, error: err.message || 'Failed to reach npm registry' });
+    }
+});
+// @group InstallUpdate : POST /api/update/install — installs ezpm2gui@latest globally
+// Streams progress lines as newline-delimited JSON (ndjson) so the client can read incrementally.
+router.post('/install', (req, res) => {
+    res.setHeader('Content-Type', 'application/x-ndjson');
+    res.setHeader('Transfer-Encoding', 'chunked');
+    res.setHeader('Cache-Control', 'no-cache');
+    res.flushHeaders();
+    const send = (type, message) => {
+        res.write(JSON.stringify({ type, message }) + '\n');
+    };
+    send('log', 'Starting update — running npm install -g ezpm2gui@latest...');
+    // Use `npm` with execFile for safety — no shell injection possible
+    const npmCmd = process.platform === 'win32' ? 'npm.cmd' : 'npm';
+    const child = (0, child_process_1.spawn)(npmCmd, ['install', '-g', 'ezpm2gui@latest'], {
+        stdio: ['ignore', 'pipe', 'pipe'],
+        shell: false,
+    });
+    child.stdout.on('data', (chunk) => {
+        chunk.toString().split('\n').filter(Boolean).forEach((line) => send('log', line));
+    });
+    child.stderr.on('data', (chunk) => {
+        // npm writes progress to stderr — treat as log unless it's an actual error keyword
+        const text = chunk.toString();
+        const isError = /^npm (ERR|error)/i.test(text.trim());
+        text.split('\n').filter(Boolean).forEach((line) => send(isError ? 'error' : 'log', line));
+    });
+    child.on('close', (code) => {
+        if (code === 0) {
+            send('done', 'Update installed successfully. Reload the page to use the new frontend. Restart the server to apply backend changes.');
+        }
+        else {
+            send('fail', `npm exited with code ${code}. Update may have failed.`);
+        }
+        res.end();
+    });
+    child.on('error', (err) => {
+        send('fail', `Failed to run npm: ${err.message}`);
+        res.end();
+    });
+});
+// @group RestartServer : POST /api/update/restart — graceful server restart (relies on process manager to respawn)
+router.post('/restart', (_req, res) => {
+    res.json({ success: true, message: 'Server will restart in 1 second.' });
+    setTimeout(() => {
+        console.log('[ezpm2gui] Graceful restart triggered via API.');
+        process.exit(0);
+    }, 1000);
+});
+exports.default = router;

package/dist/server/utils/remote-connection.d.ts

@@ -54,6 +54,24 @@ export declare class RemoteConnection extends EventEmitter {
      * @param forceSudo Whether to force using sudo for this specific command
      */
     executeCommand(command: string, forceSudo?: boolean): Promise<CommandResult>;
+    /**
+     * Stream a remote file directly into an HTTP response without buffering.
+     *
+     * Strategy (tried in order):
+     *   1. SFTP createReadStream  — best; handles large files, uses file-transfer protocol
+     *   2. exec `cat <file>`      — current SSH user, direct pipe to response
+     *   3. exec `sudo -S cat`     — password-based sudo (when password auth is configured)
+     *   4. exec `sudo cat`        — NOPASSWD sudo (key-based auth where sudo needs no password)
+     */
+    private static readonly SHELL_UNSAFE;
+    private static validateRemotePath;
+    streamFileToResponse(remotePath: string, res: import('express').Response, fileName: string): Promise<void>;
+    /**
+     * Stream a remote .gz file to an HTTP response, decompressing it on the fly.
+     * Uses SFTP + local zlib.createGunzip() pipeline — no server-side buffering.
+     * Falls back to exec `zcat` if SFTP is unavailable.
+     */
+    streamGzFileToResponse(remotePath: string, res: import('express').Response, fileName: string): Promise<void>;
     /**
      * Check if PM2 is installed on the remote server
      * Uses multiple detection methods for better reliability