kastell 1.17.0 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +62 -0
- package/README.md +2 -1
- package/README.tr.md +2 -1
- package/dist/adapters/factory.d.ts.map +1 -1
- package/dist/adapters/factory.js +3 -2
- package/dist/adapters/factory.js.map +1 -1
- package/dist/adapters/shared.d.ts.map +1 -1
- package/dist/adapters/shared.js +19 -17
- package/dist/adapters/shared.js.map +1 -1
- package/dist/commands/backup.d.ts.map +1 -1
- package/dist/commands/backup.js +19 -3
- package/dist/commands/backup.js.map +1 -1
- package/dist/commands/config.d.ts.map +1 -1
- package/dist/commands/config.js +42 -3
- package/dist/commands/config.js.map +1 -1
- package/dist/commands/fix.d.ts +1 -0
- package/dist/commands/fix.d.ts.map +1 -1
- package/dist/commands/fix.js +8 -2
- package/dist/commands/fix.js.map +1 -1
- package/dist/commands/maintain.d.ts.map +1 -1
- package/dist/commands/maintain.js +10 -5
- package/dist/commands/maintain.js.map +1 -1
- package/dist/commands/monitor.d.ts.map +1 -1
- package/dist/commands/monitor.js +10 -5
- package/dist/commands/monitor.js.map +1 -1
- package/dist/commands/restore.d.ts.map +1 -1
- package/dist/commands/restore.js +12 -5
- package/dist/commands/restore.js.map +1 -1
- package/dist/commands/secure.js +19 -9
- package/dist/commands/secure.js.map +1 -1
- package/dist/commands/snapshot.d.ts.map +1 -1
- package/dist/commands/snapshot.js +3 -0
- package/dist/commands/snapshot.js.map +1 -1
- package/dist/commands/ssh.d.ts.map +1 -1
- package/dist/commands/ssh.js +2 -1
- package/dist/commands/ssh.js.map +1 -1
- package/dist/commands/status.d.ts.map +1 -1
- package/dist/commands/status.js +10 -5
- package/dist/commands/status.js.map +1 -1
- package/dist/commands/transfer.d.ts.map +1 -1
- package/dist/commands/transfer.js +22 -11
- package/dist/commands/transfer.js.map +1 -1
- package/dist/core/audit/checks/ddos.d.ts.map +1 -1
- package/dist/core/audit/checks/ddos.js +1 -5
- package/dist/core/audit/checks/ddos.js.map +1 -1
- package/dist/core/audit/checks/filesystem.d.ts.map +1 -1
- package/dist/core/audit/checks/filesystem.js +2 -0
- package/dist/core/audit/checks/filesystem.js.map +1 -1
- package/dist/core/audit/checks/index.d.ts.map +1 -1
- package/dist/core/audit/checks/index.js +32 -31
- package/dist/core/audit/checks/index.js.map +1 -1
- package/dist/core/audit/checks/kernel.d.ts.map +1 -1
- package/dist/core/audit/checks/kernel.js +1 -5
- package/dist/core/audit/checks/kernel.js.map +1 -1
- package/dist/core/audit/checks/network.d.ts.map +1 -1
- package/dist/core/audit/checks/network.js +2 -0
- package/dist/core/audit/checks/network.js.map +1 -1
- package/dist/core/audit/checks/shared/categories.d.ts +40 -0
- package/dist/core/audit/checks/shared/categories.d.ts.map +1 -0
- package/dist/core/audit/checks/shared/categories.js +39 -0
- package/dist/core/audit/checks/shared/categories.js.map +1 -0
- package/dist/core/audit/checks/shared/sysctl.d.ts +13 -0
- package/dist/core/audit/checks/shared/sysctl.d.ts.map +1 -0
- package/dist/core/audit/checks/shared/sysctl.js +19 -0
- package/dist/core/audit/checks/shared/sysctl.js.map +1 -0
- package/dist/core/audit/fix-history.d.ts +20 -0
- package/dist/core/audit/fix-history.d.ts.map +1 -1
- package/dist/core/audit/fix-history.js +38 -14
- package/dist/core/audit/fix-history.js.map +1 -1
- package/dist/core/audit/fix.js +2 -2
- package/dist/core/audit/fix.js.map +1 -1
- package/dist/core/audit/formatters/report.d.ts.map +1 -1
- package/dist/core/audit/formatters/report.js +2 -0
- package/dist/core/audit/formatters/report.js.map +1 -1
- package/dist/core/audit/handlers/aptUpgrade.js +1 -1
- package/dist/core/audit/handlers/aptUpgrade.js.map +1 -1
- package/dist/core/audit/handlers/sedReplace.d.ts.map +1 -1
- package/dist/core/audit/handlers/sedReplace.js +2 -1
- package/dist/core/audit/handlers/sedReplace.js.map +1 -1
- package/dist/core/audit/history.d.ts.map +1 -1
- package/dist/core/audit/history.js +7 -6
- package/dist/core/audit/history.js.map +1 -1
- package/dist/core/audit/index.d.ts.map +1 -1
- package/dist/core/audit/index.js +2 -1
- package/dist/core/audit/index.js.map +1 -1
- package/dist/core/audit/profiles.js +2 -2
- package/dist/core/audit/profiles.js.map +1 -1
- package/dist/core/audit/snapshot.d.ts +204 -0
- package/dist/core/audit/snapshot.d.ts.map +1 -1
- package/dist/core/audit/snapshot.js +11 -10
- package/dist/core/audit/snapshot.js.map +1 -1
- package/dist/core/auth.d.ts.map +1 -1
- package/dist/core/auth.js +4 -4
- package/dist/core/auth.js.map +1 -1
- package/dist/core/backup-commands.d.ts +15 -0
- package/dist/core/backup-commands.d.ts.map +1 -0
- package/dist/core/backup-commands.js +51 -0
- package/dist/core/backup-commands.js.map +1 -0
- package/dist/core/backup.d.ts +11 -23
- package/dist/core/backup.d.ts.map +1 -1
- package/dist/core/backup.js +11 -55
- package/dist/core/backup.js.map +1 -1
- package/dist/core/backupSchedule.d.ts.map +1 -1
- package/dist/core/backupSchedule.js +13 -10
- package/dist/core/backupSchedule.js.map +1 -1
- package/dist/core/bot/bot.d.ts.map +1 -1
- package/dist/core/bot/bot.js +2 -1
- package/dist/core/bot/bot.js.map +1 -1
- package/dist/core/bot/offset.d.ts +1 -1
- package/dist/core/bot/offset.d.ts.map +1 -1
- package/dist/core/bot/offset.js +8 -7
- package/dist/core/bot/offset.js.map +1 -1
- package/dist/core/configRepair.d.ts +22 -0
- package/dist/core/configRepair.d.ts.map +1 -0
- package/dist/core/configRepair.js +130 -0
- package/dist/core/configRepair.js.map +1 -0
- package/dist/core/deploy.d.ts.map +1 -1
- package/dist/core/deploy.js +3 -2
- package/dist/core/deploy.js.map +1 -1
- package/dist/core/doctor-local.d.ts.map +1 -1
- package/dist/core/doctor-local.js +7 -6
- package/dist/core/doctor-local.js.map +1 -1
- package/dist/core/doctor.d.ts.map +1 -1
- package/dist/core/doctor.js +13 -11
- package/dist/core/doctor.js.map +1 -1
- package/dist/core/domain.d.ts.map +1 -1
- package/dist/core/domain.js +2 -1
- package/dist/core/domain.js.map +1 -1
- package/dist/core/evidence.js +10 -8
- package/dist/core/evidence.js.map +1 -1
- package/dist/core/firewall.d.ts.map +1 -1
- package/dist/core/firewall.js +11 -7
- package/dist/core/firewall.js.map +1 -1
- package/dist/core/guard.d.ts +5 -0
- package/dist/core/guard.d.ts.map +1 -1
- package/dist/core/guard.js +14 -10
- package/dist/core/guard.js.map +1 -1
- package/dist/core/health.d.ts.map +1 -1
- package/dist/core/health.js +2 -1
- package/dist/core/health.js.map +1 -1
- package/dist/core/manage.d.ts +1 -1
- package/dist/core/manage.d.ts.map +1 -1
- package/dist/core/manage.js +7 -24
- package/dist/core/manage.js.map +1 -1
- package/dist/core/notify.d.ts.map +1 -1
- package/dist/core/notify.js +9 -7
- package/dist/core/notify.js.map +1 -1
- package/dist/core/notifyStore.d.ts.map +1 -1
- package/dist/core/notifyStore.js +9 -8
- package/dist/core/notifyStore.js.map +1 -1
- package/dist/core/scheduleManager.d.ts.map +1 -1
- package/dist/core/scheduleManager.js +36 -8
- package/dist/core/scheduleManager.js.map +1 -1
- package/dist/core/status.d.ts +1 -1
- package/dist/core/status.d.ts.map +1 -1
- package/dist/core/status.js +4 -3
- package/dist/core/status.js.map +1 -1
- package/dist/index.js +1 -0
- package/dist/index.js.map +1 -1
- package/dist/mcp/index.js +2 -0
- package/dist/mcp/index.js.map +1 -1
- package/dist/mcp/server.js +1 -1
- package/dist/mcp/server.js.map +1 -1
- package/dist/mcp/tools/serverAudit.d.ts +16 -0
- package/dist/mcp/tools/serverAudit.d.ts.map +1 -1
- package/dist/mcp/tools/serverAudit.js +83 -17
- package/dist/mcp/tools/serverAudit.js.map +1 -1
- package/dist/mcp/tools/serverBackup.d.ts +4 -4
- package/dist/mcp/tools/serverBackup.handlers.d.ts.map +1 -1
- package/dist/mcp/tools/serverBackup.handlers.js +5 -0
- package/dist/mcp/tools/serverBackup.handlers.js.map +1 -1
- package/dist/mcp/tools/serverBackup.js +2 -2
- package/dist/mcp/tools/serverBackup.js.map +1 -1
- package/dist/mcp/tools/serverDoctor.d.ts.map +1 -1
- package/dist/mcp/tools/serverDoctor.js +3 -5
- package/dist/mcp/tools/serverDoctor.js.map +1 -1
- package/dist/mcp/tools/serverEvidence.js +3 -3
- package/dist/mcp/tools/serverEvidence.js.map +1 -1
- package/dist/mcp/tools/serverFix.d.ts.map +1 -1
- package/dist/mcp/tools/serverFix.js +6 -4
- package/dist/mcp/tools/serverFix.js.map +1 -1
- package/dist/mcp/tools/serverFleet.d.ts +1 -1
- package/dist/mcp/tools/serverFleet.js +2 -2
- package/dist/mcp/tools/serverFleet.js.map +1 -1
- package/dist/mcp/tools/serverGuard.d.ts.map +1 -1
- package/dist/mcp/tools/serverGuard.js +4 -2
- package/dist/mcp/tools/serverGuard.js.map +1 -1
- package/dist/mcp/tools/serverInfo.d.ts.map +1 -1
- package/dist/mcp/tools/serverInfo.js +4 -3
- package/dist/mcp/tools/serverInfo.js.map +1 -1
- package/dist/mcp/tools/serverLock.d.ts.map +1 -1
- package/dist/mcp/tools/serverLock.js +4 -2
- package/dist/mcp/tools/serverLock.js.map +1 -1
- package/dist/mcp/tools/serverLogs.js +3 -3
- package/dist/mcp/tools/serverLogs.js.map +1 -1
- package/dist/mcp/tools/serverMaintain.d.ts.map +1 -1
- package/dist/mcp/tools/serverMaintain.js +9 -2
- package/dist/mcp/tools/serverMaintain.js.map +1 -1
- package/dist/mcp/tools/serverManage.d.ts.map +1 -1
- package/dist/mcp/tools/serverManage.js +79 -21
- package/dist/mcp/tools/serverManage.js.map +1 -1
- package/dist/mcp/tools/serverProvision.d.ts.map +1 -1
- package/dist/mcp/tools/serverProvision.js +5 -4
- package/dist/mcp/tools/serverProvision.js.map +1 -1
- package/dist/mcp/tools/serverSecure.d.ts.map +1 -1
- package/dist/mcp/tools/serverSecure.js +4 -2
- package/dist/mcp/tools/serverSecure.js.map +1 -1
- package/dist/mcp/utils.d.ts +13 -5
- package/dist/mcp/utils.d.ts.map +1 -1
- package/dist/mcp/utils.js +14 -3
- package/dist/mcp/utils.js.map +1 -1
- package/dist/providers/base.d.ts.map +1 -1
- package/dist/providers/base.js +21 -3
- package/dist/providers/base.js.map +1 -1
- package/dist/providers/digitalocean.d.ts +13 -0
- package/dist/providers/digitalocean.d.ts.map +1 -1
- package/dist/providers/digitalocean.js +19 -3
- package/dist/providers/digitalocean.js.map +1 -1
- package/dist/providers/hetzner.d.ts +12 -0
- package/dist/providers/hetzner.d.ts.map +1 -1
- package/dist/providers/hetzner.js +21 -7
- package/dist/providers/hetzner.js.map +1 -1
- package/dist/providers/linode.d.ts +6 -0
- package/dist/providers/linode.d.ts.map +1 -1
- package/dist/providers/linode.js +12 -4
- package/dist/providers/linode.js.map +1 -1
- package/dist/providers/vultr.d.ts +9 -0
- package/dist/providers/vultr.d.ts.map +1 -1
- package/dist/providers/vultr.js +16 -4
- package/dist/providers/vultr.js.map +1 -1
- package/dist/utils/backupPath.js +1 -1
- package/dist/utils/backupPath.js.map +1 -1
- package/dist/utils/config.d.ts +2 -4
- package/dist/utils/config.d.ts.map +1 -1
- package/dist/utils/config.js +24 -11
- package/dist/utils/config.js.map +1 -1
- package/dist/utils/defaults.d.ts +1 -3
- package/dist/utils/defaults.d.ts.map +1 -1
- package/dist/utils/defaults.js +6 -7
- package/dist/utils/defaults.js.map +1 -1
- package/dist/utils/encryption.d.ts.map +1 -1
- package/dist/utils/encryption.js +9 -8
- package/dist/utils/encryption.js.map +1 -1
- package/dist/utils/errorMapper.d.ts +6 -0
- package/dist/utils/errorMapper.d.ts.map +1 -1
- package/dist/utils/errorMapper.js +18 -0
- package/dist/utils/errorMapper.js.map +1 -1
- package/dist/utils/errors.d.ts +18 -0
- package/dist/utils/errors.d.ts.map +1 -0
- package/dist/utils/errors.js +20 -0
- package/dist/utils/errors.js.map +1 -0
- package/dist/utils/fileLock.d.ts +2 -0
- package/dist/utils/fileLock.d.ts.map +1 -1
- package/dist/utils/fileLock.js +9 -0
- package/dist/utils/fileLock.js.map +1 -1
- package/dist/utils/logger.d.ts.map +1 -1
- package/dist/utils/logger.js +13 -1
- package/dist/utils/logger.js.map +1 -1
- package/dist/utils/migration.d.ts.map +1 -1
- package/dist/utils/migration.js +4 -3
- package/dist/utils/migration.js.map +1 -1
- package/dist/utils/paths.d.ts +4 -0
- package/dist/utils/paths.d.ts.map +1 -1
- package/dist/utils/paths.js +4 -0
- package/dist/utils/paths.js.map +1 -1
- package/dist/utils/retry.d.ts.map +1 -1
- package/dist/utils/retry.js +22 -7
- package/dist/utils/retry.js.map +1 -1
- package/dist/utils/safeMode.d.ts +15 -0
- package/dist/utils/safeMode.d.ts.map +1 -0
- package/dist/utils/safeMode.js +85 -0
- package/dist/utils/safeMode.js.map +1 -0
- package/dist/utils/secureWrite.d.ts +11 -0
- package/dist/utils/secureWrite.d.ts.map +1 -0
- package/dist/utils/secureWrite.js +60 -0
- package/dist/utils/secureWrite.js.map +1 -0
- package/dist/utils/securityLogger.d.ts +24 -0
- package/dist/utils/securityLogger.d.ts.map +1 -0
- package/dist/utils/securityLogger.js +47 -0
- package/dist/utils/securityLogger.js.map +1 -0
- package/dist/utils/shellEscape.d.ts +7 -0
- package/dist/utils/shellEscape.d.ts.map +1 -0
- package/dist/utils/shellEscape.js +9 -0
- package/dist/utils/shellEscape.js.map +1 -0
- package/dist/utils/ssh.d.ts +2 -2
- package/dist/utils/ssh.d.ts.map +1 -1
- package/dist/utils/ssh.js +16 -10
- package/dist/utils/ssh.js.map +1 -1
- package/dist/utils/sshCommand.d.ts.map +1 -1
- package/dist/utils/sshCommand.js +3 -0
- package/dist/utils/sshCommand.js.map +1 -1
- package/dist/utils/sshKey.d.ts.map +1 -1
- package/dist/utils/sshKey.js +3 -2
- package/dist/utils/sshKey.js.map +1 -1
- package/dist/utils/updateCheck.d.ts.map +1 -1
- package/dist/utils/updateCheck.js +4 -3
- package/dist/utils/updateCheck.js.map +1 -1
- package/package.json +16 -12
|
@@ -4,7 +4,211 @@
|
|
|
4
4
|
* Schema v2 adds auditVersion to the audit envelope.
|
|
5
5
|
* V1 snapshots are auto-migrated on load (auditVersion defaults to "1.0.0").
|
|
6
6
|
*/
|
|
7
|
+
import { z } from "zod";
|
|
7
8
|
import type { AuditResult, SnapshotFile, SnapshotListEntry } from "./types.js";
|
|
9
|
+
export declare const auditCheckSchema: z.ZodObject<{
|
|
10
|
+
id: z.ZodString;
|
|
11
|
+
category: z.ZodString;
|
|
12
|
+
name: z.ZodString;
|
|
13
|
+
severity: z.ZodEnum<{
|
|
14
|
+
info: "info";
|
|
15
|
+
critical: "critical";
|
|
16
|
+
warning: "warning";
|
|
17
|
+
}>;
|
|
18
|
+
passed: z.ZodBoolean;
|
|
19
|
+
currentValue: z.ZodString;
|
|
20
|
+
expectedValue: z.ZodString;
|
|
21
|
+
fixCommand: z.ZodOptional<z.ZodString>;
|
|
22
|
+
explain: z.ZodOptional<z.ZodString>;
|
|
23
|
+
complianceRefs: z.ZodOptional<z.ZodArray<z.ZodObject<{
|
|
24
|
+
framework: z.ZodString;
|
|
25
|
+
controlId: z.ZodString;
|
|
26
|
+
version: z.ZodString;
|
|
27
|
+
description: z.ZodString;
|
|
28
|
+
coverage: z.ZodEnum<{
|
|
29
|
+
full: "full";
|
|
30
|
+
partial: "partial";
|
|
31
|
+
}>;
|
|
32
|
+
level: z.ZodOptional<z.ZodEnum<{
|
|
33
|
+
L1: "L1";
|
|
34
|
+
L2: "L2";
|
|
35
|
+
}>>;
|
|
36
|
+
}, z.core.$strip>>>;
|
|
37
|
+
tags: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
38
|
+
vpsIrrelevant: z.ZodOptional<z.ZodBoolean>;
|
|
39
|
+
}, z.core.$strip>;
|
|
40
|
+
export declare const categorySchema: z.ZodObject<{
|
|
41
|
+
name: z.ZodString;
|
|
42
|
+
checks: z.ZodArray<z.ZodObject<{
|
|
43
|
+
id: z.ZodString;
|
|
44
|
+
category: z.ZodString;
|
|
45
|
+
name: z.ZodString;
|
|
46
|
+
severity: z.ZodEnum<{
|
|
47
|
+
info: "info";
|
|
48
|
+
critical: "critical";
|
|
49
|
+
warning: "warning";
|
|
50
|
+
}>;
|
|
51
|
+
passed: z.ZodBoolean;
|
|
52
|
+
currentValue: z.ZodString;
|
|
53
|
+
expectedValue: z.ZodString;
|
|
54
|
+
fixCommand: z.ZodOptional<z.ZodString>;
|
|
55
|
+
explain: z.ZodOptional<z.ZodString>;
|
|
56
|
+
complianceRefs: z.ZodOptional<z.ZodArray<z.ZodObject<{
|
|
57
|
+
framework: z.ZodString;
|
|
58
|
+
controlId: z.ZodString;
|
|
59
|
+
version: z.ZodString;
|
|
60
|
+
description: z.ZodString;
|
|
61
|
+
coverage: z.ZodEnum<{
|
|
62
|
+
full: "full";
|
|
63
|
+
partial: "partial";
|
|
64
|
+
}>;
|
|
65
|
+
level: z.ZodOptional<z.ZodEnum<{
|
|
66
|
+
L1: "L1";
|
|
67
|
+
L2: "L2";
|
|
68
|
+
}>>;
|
|
69
|
+
}, z.core.$strip>>>;
|
|
70
|
+
tags: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
71
|
+
vpsIrrelevant: z.ZodOptional<z.ZodBoolean>;
|
|
72
|
+
}, z.core.$strip>>;
|
|
73
|
+
score: z.ZodNumber;
|
|
74
|
+
maxScore: z.ZodNumber;
|
|
75
|
+
connectionError: z.ZodOptional<z.ZodBoolean>;
|
|
76
|
+
}, z.core.$strip>;
|
|
77
|
+
export declare const quickWinSchema: z.ZodObject<{
|
|
78
|
+
commands: z.ZodArray<z.ZodString>;
|
|
79
|
+
currentScore: z.ZodNumber;
|
|
80
|
+
projectedScore: z.ZodNumber;
|
|
81
|
+
description: z.ZodString;
|
|
82
|
+
}, z.core.$strip>;
|
|
83
|
+
/** Schema v1 — legacy format, no auditVersion field */
|
|
84
|
+
export declare const snapshotFileV1Schema: z.ZodObject<{
|
|
85
|
+
audit: z.ZodObject<{
|
|
86
|
+
serverName: z.ZodString;
|
|
87
|
+
serverIp: z.ZodString;
|
|
88
|
+
platform: z.ZodEnum<{
|
|
89
|
+
coolify: "coolify";
|
|
90
|
+
dokploy: "dokploy";
|
|
91
|
+
bare: "bare";
|
|
92
|
+
}>;
|
|
93
|
+
timestamp: z.ZodString;
|
|
94
|
+
overallScore: z.ZodNumber;
|
|
95
|
+
categories: z.ZodArray<z.ZodObject<{
|
|
96
|
+
name: z.ZodString;
|
|
97
|
+
checks: z.ZodArray<z.ZodObject<{
|
|
98
|
+
id: z.ZodString;
|
|
99
|
+
category: z.ZodString;
|
|
100
|
+
name: z.ZodString;
|
|
101
|
+
severity: z.ZodEnum<{
|
|
102
|
+
info: "info";
|
|
103
|
+
critical: "critical";
|
|
104
|
+
warning: "warning";
|
|
105
|
+
}>;
|
|
106
|
+
passed: z.ZodBoolean;
|
|
107
|
+
currentValue: z.ZodString;
|
|
108
|
+
expectedValue: z.ZodString;
|
|
109
|
+
fixCommand: z.ZodOptional<z.ZodString>;
|
|
110
|
+
explain: z.ZodOptional<z.ZodString>;
|
|
111
|
+
complianceRefs: z.ZodOptional<z.ZodArray<z.ZodObject<{
|
|
112
|
+
framework: z.ZodString;
|
|
113
|
+
controlId: z.ZodString;
|
|
114
|
+
version: z.ZodString;
|
|
115
|
+
description: z.ZodString;
|
|
116
|
+
coverage: z.ZodEnum<{
|
|
117
|
+
full: "full";
|
|
118
|
+
partial: "partial";
|
|
119
|
+
}>;
|
|
120
|
+
level: z.ZodOptional<z.ZodEnum<{
|
|
121
|
+
L1: "L1";
|
|
122
|
+
L2: "L2";
|
|
123
|
+
}>>;
|
|
124
|
+
}, z.core.$strip>>>;
|
|
125
|
+
tags: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
126
|
+
vpsIrrelevant: z.ZodOptional<z.ZodBoolean>;
|
|
127
|
+
}, z.core.$strip>>;
|
|
128
|
+
score: z.ZodNumber;
|
|
129
|
+
maxScore: z.ZodNumber;
|
|
130
|
+
connectionError: z.ZodOptional<z.ZodBoolean>;
|
|
131
|
+
}, z.core.$strip>>;
|
|
132
|
+
quickWins: z.ZodArray<z.ZodObject<{
|
|
133
|
+
commands: z.ZodArray<z.ZodString>;
|
|
134
|
+
currentScore: z.ZodNumber;
|
|
135
|
+
projectedScore: z.ZodNumber;
|
|
136
|
+
description: z.ZodString;
|
|
137
|
+
}, z.core.$strip>>;
|
|
138
|
+
skippedCategories: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
139
|
+
vpsType: z.ZodOptional<z.ZodString>;
|
|
140
|
+
vpsAdjustedCount: z.ZodOptional<z.ZodNumber>;
|
|
141
|
+
warnings: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
142
|
+
}, z.core.$strip>;
|
|
143
|
+
name: z.ZodOptional<z.ZodString>;
|
|
144
|
+
savedAt: z.ZodString;
|
|
145
|
+
schemaVersion: z.ZodLiteral<1>;
|
|
146
|
+
}, z.core.$strip>;
|
|
147
|
+
/** Schema v2 — includes auditVersion in audit object */
|
|
148
|
+
export declare const snapshotFileV2Schema: z.ZodObject<{
|
|
149
|
+
audit: z.ZodObject<{
|
|
150
|
+
serverName: z.ZodString;
|
|
151
|
+
serverIp: z.ZodString;
|
|
152
|
+
platform: z.ZodEnum<{
|
|
153
|
+
coolify: "coolify";
|
|
154
|
+
dokploy: "dokploy";
|
|
155
|
+
bare: "bare";
|
|
156
|
+
}>;
|
|
157
|
+
timestamp: z.ZodString;
|
|
158
|
+
overallScore: z.ZodNumber;
|
|
159
|
+
categories: z.ZodArray<z.ZodObject<{
|
|
160
|
+
name: z.ZodString;
|
|
161
|
+
checks: z.ZodArray<z.ZodObject<{
|
|
162
|
+
id: z.ZodString;
|
|
163
|
+
category: z.ZodString;
|
|
164
|
+
name: z.ZodString;
|
|
165
|
+
severity: z.ZodEnum<{
|
|
166
|
+
info: "info";
|
|
167
|
+
critical: "critical";
|
|
168
|
+
warning: "warning";
|
|
169
|
+
}>;
|
|
170
|
+
passed: z.ZodBoolean;
|
|
171
|
+
currentValue: z.ZodString;
|
|
172
|
+
expectedValue: z.ZodString;
|
|
173
|
+
fixCommand: z.ZodOptional<z.ZodString>;
|
|
174
|
+
explain: z.ZodOptional<z.ZodString>;
|
|
175
|
+
complianceRefs: z.ZodOptional<z.ZodArray<z.ZodObject<{
|
|
176
|
+
framework: z.ZodString;
|
|
177
|
+
controlId: z.ZodString;
|
|
178
|
+
version: z.ZodString;
|
|
179
|
+
description: z.ZodString;
|
|
180
|
+
coverage: z.ZodEnum<{
|
|
181
|
+
full: "full";
|
|
182
|
+
partial: "partial";
|
|
183
|
+
}>;
|
|
184
|
+
level: z.ZodOptional<z.ZodEnum<{
|
|
185
|
+
L1: "L1";
|
|
186
|
+
L2: "L2";
|
|
187
|
+
}>>;
|
|
188
|
+
}, z.core.$strip>>>;
|
|
189
|
+
tags: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
190
|
+
vpsIrrelevant: z.ZodOptional<z.ZodBoolean>;
|
|
191
|
+
}, z.core.$strip>>;
|
|
192
|
+
score: z.ZodNumber;
|
|
193
|
+
maxScore: z.ZodNumber;
|
|
194
|
+
connectionError: z.ZodOptional<z.ZodBoolean>;
|
|
195
|
+
}, z.core.$strip>>;
|
|
196
|
+
quickWins: z.ZodArray<z.ZodObject<{
|
|
197
|
+
commands: z.ZodArray<z.ZodString>;
|
|
198
|
+
currentScore: z.ZodNumber;
|
|
199
|
+
projectedScore: z.ZodNumber;
|
|
200
|
+
description: z.ZodString;
|
|
201
|
+
}, z.core.$strip>>;
|
|
202
|
+
skippedCategories: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
203
|
+
vpsType: z.ZodOptional<z.ZodString>;
|
|
204
|
+
vpsAdjustedCount: z.ZodOptional<z.ZodNumber>;
|
|
205
|
+
warnings: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
206
|
+
auditVersion: z.ZodString;
|
|
207
|
+
}, z.core.$strip>;
|
|
208
|
+
name: z.ZodOptional<z.ZodString>;
|
|
209
|
+
savedAt: z.ZodString;
|
|
210
|
+
schemaVersion: z.ZodLiteral<2>;
|
|
211
|
+
}, z.core.$strip>;
|
|
8
212
|
/**
|
|
9
213
|
* Save an audit result as a snapshot.
|
|
10
214
|
* Uses withFileLock + atomic write (tmp + rename) for safety.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"snapshot.d.ts","sourceRoot":"","sources":["../../../src/core/audit/snapshot.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;
|
|
1
|
+
{"version":3,"file":"snapshot.d.ts","sourceRoot":"","sources":["../../../src/core/audit/snapshot.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAUH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,OAAO,KAAK,EAAE,WAAW,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAa/E,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAa3B,CAAC;AAEH,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAMzB,CAAC;AAEH,eAAO,MAAM,cAAc;;;;;iBAKzB,CAAC;AAsBH,uDAAuD;AACvD,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAI/B,CAAC;AAEH,wDAAwD;AACxD,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAI/B,CAAC;AAqDH;;;;GAIG;AACH,wBAAsB,YAAY,CAChC,MAAM,EAAE,WAAW,EACnB,IAAI,CAAC,EAAE,MAAM,GACZ,OAAO,CAAC,IAAI,CAAC,CAsBf;AAED;;;;GAIG;AACH,wBAAsB,YAAY,CAChC,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC,CAS9B;AAED;;;;;GAKG;AACH,wBAAsB,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,EAAE,CAAC,CA+BlF"}
|
|
@@ -4,10 +4,11 @@
|
|
|
4
4
|
* Schema v2 adds auditVersion to the audit envelope.
|
|
5
5
|
* V1 snapshots are auto-migrated on load (auditVersion defaults to "1.0.0").
|
|
6
6
|
*/
|
|
7
|
-
import { readFileSync,
|
|
7
|
+
import { readFileSync, existsSync, renameSync, readdirSync, } from "fs";
|
|
8
8
|
import { join } from "path";
|
|
9
|
+
import { secureMkdirSync, secureWriteFileSync } from "../../utils/secureWrite.js";
|
|
9
10
|
import { z } from "zod";
|
|
10
|
-
import {
|
|
11
|
+
import { KASTELL_DIR } from "../../utils/paths.js";
|
|
11
12
|
import { withFileLock } from "../../utils/fileLock.js";
|
|
12
13
|
const SCHEMA_VERSION = 2;
|
|
13
14
|
const complianceRefSchema = z.object({
|
|
@@ -18,7 +19,7 @@ const complianceRefSchema = z.object({
|
|
|
18
19
|
coverage: z.enum(["full", "partial"]),
|
|
19
20
|
level: z.enum(["L1", "L2"]).optional(),
|
|
20
21
|
});
|
|
21
|
-
const auditCheckSchema = z.object({
|
|
22
|
+
export const auditCheckSchema = z.object({
|
|
22
23
|
id: z.string(),
|
|
23
24
|
category: z.string(),
|
|
24
25
|
name: z.string(),
|
|
@@ -32,14 +33,14 @@ const auditCheckSchema = z.object({
|
|
|
32
33
|
tags: z.array(z.string()).optional(),
|
|
33
34
|
vpsIrrelevant: z.boolean().optional(),
|
|
34
35
|
});
|
|
35
|
-
const categorySchema = z.object({
|
|
36
|
+
export const categorySchema = z.object({
|
|
36
37
|
name: z.string(),
|
|
37
38
|
checks: z.array(auditCheckSchema),
|
|
38
39
|
score: z.number(),
|
|
39
40
|
maxScore: z.number(),
|
|
40
41
|
connectionError: z.boolean().optional(),
|
|
41
42
|
});
|
|
42
|
-
const quickWinSchema = z.object({
|
|
43
|
+
export const quickWinSchema = z.object({
|
|
43
44
|
commands: z.array(z.string()),
|
|
44
45
|
currentScore: z.number(),
|
|
45
46
|
projectedScore: z.number(),
|
|
@@ -64,13 +65,13 @@ const snapshotEnvelopeBase = {
|
|
|
64
65
|
savedAt: z.string(),
|
|
65
66
|
};
|
|
66
67
|
/** Schema v1 — legacy format, no auditVersion field */
|
|
67
|
-
const snapshotFileV1Schema = z.object({
|
|
68
|
+
export const snapshotFileV1Schema = z.object({
|
|
68
69
|
schemaVersion: z.literal(1),
|
|
69
70
|
...snapshotEnvelopeBase,
|
|
70
71
|
audit: baseAuditSchema,
|
|
71
72
|
});
|
|
72
73
|
/** Schema v2 — includes auditVersion in audit object */
|
|
73
|
-
const snapshotFileV2Schema = z.object({
|
|
74
|
+
export const snapshotFileV2Schema = z.object({
|
|
74
75
|
schemaVersion: z.literal(2),
|
|
75
76
|
...snapshotEnvelopeBase,
|
|
76
77
|
audit: baseAuditSchema.extend({ auditVersion: z.string() }),
|
|
@@ -78,7 +79,7 @@ const snapshotFileV2Schema = z.object({
|
|
|
78
79
|
/** Get the snapshot directory for a server IP (dots replaced with hyphens) */
|
|
79
80
|
function getSnapshotDir(serverIp) {
|
|
80
81
|
const safeIp = serverIp.replace(/\./g, "-");
|
|
81
|
-
return join(
|
|
82
|
+
return join(KASTELL_DIR, "snapshots", safeIp);
|
|
82
83
|
}
|
|
83
84
|
/** Sanitize a snapshot name: only [a-zA-Z0-9_-], max 64 chars */
|
|
84
85
|
function sanitizeSnapshotName(name) {
|
|
@@ -133,7 +134,7 @@ export async function saveSnapshot(result, name) {
|
|
|
133
134
|
const filename = buildFilename(result.timestamp, sanitizedName);
|
|
134
135
|
const filePath = join(snapshotDir, filename);
|
|
135
136
|
await withFileLock(filePath, () => {
|
|
136
|
-
|
|
137
|
+
secureMkdirSync(snapshotDir, { recursive: true });
|
|
137
138
|
const snapshotFile = {
|
|
138
139
|
schemaVersion: SCHEMA_VERSION,
|
|
139
140
|
savedAt: new Date().toISOString(),
|
|
@@ -143,7 +144,7 @@ export async function saveSnapshot(result, name) {
|
|
|
143
144
|
snapshotFile.name = sanitizedName;
|
|
144
145
|
}
|
|
145
146
|
const tmpFile = filePath + ".tmp";
|
|
146
|
-
|
|
147
|
+
secureWriteFileSync(tmpFile, JSON.stringify(snapshotFile, null, 2), { encoding: "utf-8" });
|
|
147
148
|
renameSync(tmpFile, filePath);
|
|
148
149
|
});
|
|
149
150
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"snapshot.js","sourceRoot":"","sources":["../../../src/core/audit/snapshot.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EACL,YAAY,EACZ,
|
|
1
|
+
{"version":3,"file":"snapshot.js","sourceRoot":"","sources":["../../../src/core/audit/snapshot.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EACL,YAAY,EACZ,UAAU,EACV,UAAU,EACV,WAAW,GACZ,MAAM,IAAI,CAAC;AACZ,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,eAAe,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAClF,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAGvD,MAAM,cAAc,GAAG,CAAC,CAAC;AAEzB,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC;IACnC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;IACrB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;IACrB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;IACnB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE;IACvB,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACrC,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,QAAQ,EAAE;CACvC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE;IACd,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;IACpB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;IAChB,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;IACjD,MAAM,EAAE,CAAC,CAAC,OAAO,EAAE;IACnB,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;IACxB,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE;IACzB,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC9B,cAAc,EAAE,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC,QAAQ,EAAE;IACvD,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACpC,aAAa,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CACtC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,CAAC,MAAM,CAAC;IACrC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;IAChB,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC;IACjC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE;IACjB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;IACpB,eAAe,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CACxC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,CAAC,MAAM,CAAC;IACrC,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;IAC7B,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;IACxB,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE;IAC1B,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE;CACxB,CAAC,CAAC;AAEH,iDAAiD;AACjD,MAAM,eAAe,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/B,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE;IACtB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;IACpB,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;IAChD,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;IACrB,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;IACxB,UAAU,EAAE,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC;IACnC,SAAS,EAAE,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC;IAClC,iBAAiB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACjD,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC9B,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACvC,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CACzC,CAAC,CAAC;AAEH,MAAM,oBAAoB,GAAG;IAC3B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3B,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;CACpB,CAAC;AAEF,uDAAuD;AACvD,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC3C,aAAa,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;IAC3B,GAAG,oBAAoB;IACvB,KAAK,EAAE,eAAe;CACvB,CAAC,CAAC;AAEH,wDAAwD;AACxD,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC3C,aAAa,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;IAC3B,GAAG,oBAAoB;IACvB,KAAK,EAAE,eAAe,CAAC,MAAM,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC;CAC5D,CAAC,CAAC;AAEH,8EAA8E;AAC9E,SAAS,cAAc,CAAC,QAAgB;IACtC,MAAM,MAAM,GAAG,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAC5C,OAAO,IAAI,CAAC,WAAW,EAAE,WAAW,EAAE,MAAM,CAAC,CAAC;AAChD,CAAC;AAED,iEAAiE;AACjE,SAAS,oBAAoB,CAAC,IAAY;IACxC,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAC3D,CAAC;AAED,+EAA+E;AAC/E,SAAS,aAAa,CAAC,SAAiB,EAAE,IAAa;IACrD,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IAC/C,IAAI,IAAI,EAAE,CAAC;QACT,OAAO,GAAG,MAAM,IAAI,IAAI,OAAO,CAAC;IAClC,CAAC;IACD,OAAO,GAAG,MAAM,OAAO,CAAC;AAC1B,CAAC;AAED;;;;GAIG;AACH,SAAS,iBAAiB,CAAC,GAAW;IACpC,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,GAAG,GAAG,MAAiC,CAAC;IAC9C,IAAI,GAAG,CAAC,aAAa,KAAK,CAAC,EAAE,CAAC;QAC5B,MAAM,EAAE,GAAG,oBAAoB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QAClD,OAAO,EAAE,CAAC,OAAO,CAAC,CAAC,CAAE,EAAE,CAAC,IAAqB,CAAC,CAAC,CAAC,IAAI,CAAC;IACvD,CAAC;IACD,IAAI,GAAG,CAAC,aAAa,KAAK,CAAC,EAAE,CAAC;QAC5B,MAAM,EAAE,GAAG,oBAAoB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QAClD,IAAI,EAAE,CAAC,OAAO,EAAE,CAAC;YACf,OAAO;gBACL,GAAG,EAAE,CAAC,IAAI;gBACV,aAAa,EAAE,CAAC;gBAChB,KAAK,EAAE,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE;aACnC,CAAC;QACpB,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,MAAmB,EACnB,IAAa;IAEb,MAAM,WAAW,GAAG,cAAc,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACpD,MAAM,aAAa,GAAG,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAClF,MAAM,QAAQ,GAAG,aAAa,CAAC,MAAM,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;IAChE,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAE7C,MAAM,YAAY,CAAC,QAAQ,EAAE,GAAG,EAAE;QAChC,eAAe,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAElD,MAAM,YAAY,GAAiB;YACjC,aAAa,EAAE,cAAc;YAC7B,OAAO,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACjC,KAAK,EAAE,MAAM;SACd,CAAC;QACF,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;YAChC,YAAY,CAAC,IAAI,GAAG,aAAa,CAAC;QACpC,CAAC;QAED,MAAM,OAAO,GAAG,QAAQ,GAAG,MAAM,CAAC;QAClC,mBAAmB,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;QAC3F,UAAU,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAChC,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,QAAgB,EAChB,QAAgB;IAEhB,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,EAAE,QAAQ,CAAC,CAAC;IAE1D,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC5C,OAAO,iBAAiB,CAAC,GAAG,CAAC,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,QAAgB;IAClD,MAAM,WAAW,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAC;IAE7C,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAC7B,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,KAAK,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;IACvC,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IAE3D,MAAM,OAAO,GAAwB,SAAS,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE;QAC9D,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,EAAE,OAAO,CAAC,CAAC;YAC/D,MAAM,IAAI,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC;YACpC,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,EAAE,YAAY,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;YACnE,CAAC;YACD,OAAO;gBACL,QAAQ;gBACR,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,YAAY,EAAE,IAAI,CAAC,KAAK,CAAC,YAAY;gBACrC,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACxD,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,EAAE,YAAY,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QACnE,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;IAE3D,OAAO,OAAO,CAAC;AACjB,CAAC"}
|
package/dist/core/auth.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/core/auth.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/core/auth.ts"],"names":[],"mappings":"AAgDA,wBAAgB,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAiBjE;AAED,wBAAgB,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAM7D;AAED,wBAAgB,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAWrD;AAED,wBAAgB,mBAAmB,IAAI,MAAM,EAAE,CAS9C;AAED,wBAAgB,mBAAmB,IAAI,OAAO,CAE7C"}
|
package/dist/core/auth.js
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { platform } from "os";
|
|
2
2
|
import { join } from "path";
|
|
3
|
-
import { readFileSync,
|
|
3
|
+
import { readFileSync, existsSync } from "fs";
|
|
4
|
+
import { secureMkdirSync, secureWriteFileSync } from "../utils/secureWrite.js";
|
|
4
5
|
import { SUPPORTED_PROVIDERS, PROVIDER_ENV_KEYS } from "../constants.js";
|
|
5
6
|
import { IS_ANDROID, loadKeyring, isKeychainAvailable as _isKeychainAvailable, getKeychainEntry as _getKeychainEntry } from "../utils/keyring.js";
|
|
6
7
|
import { encryptData, decryptData, getMachineKey, isEncryptedPayload } from "../utils/encryption.js";
|
|
@@ -27,10 +28,9 @@ function readTokensFile() {
|
|
|
27
28
|
}
|
|
28
29
|
function writeTokensFile(data) {
|
|
29
30
|
try {
|
|
30
|
-
|
|
31
|
-
mkdirSync(KASTELL_DIR, { recursive: true });
|
|
31
|
+
secureMkdirSync(KASTELL_DIR);
|
|
32
32
|
const payload = encryptData(JSON.stringify(data), getMachineKey());
|
|
33
|
-
|
|
33
|
+
secureWriteFileSync(TOKENS_FILE, JSON.stringify(payload, null, 2));
|
|
34
34
|
return true;
|
|
35
35
|
}
|
|
36
36
|
catch {
|
package/dist/core/auth.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/core/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AAC9B,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,YAAY,EAAE,
|
|
1
|
+
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/core/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AAC9B,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AAC9C,OAAO,EAAE,eAAe,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC/E,OAAO,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAEzE,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,mBAAmB,IAAI,oBAAoB,EAAE,gBAAgB,IAAI,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAClJ,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,aAAa,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AACrG,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD,MAAM,YAAY,GAAG,SAAS,CAAC;AAC/B,IAAI,gBAAgB,GAAG,KAAK,CAAC;AAE7B,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;AAErD,SAAS,cAAc;IACrB,IAAI,CAAC;QACH,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC;YAAE,OAAO,EAAE,CAAC;QACxC,MAAM,GAAG,GAAG,YAAY,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;QAC9C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,kBAAkB,CAAC,MAAM,CAAC,EAAE,CAAC;YAC/B,OAAO,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC;QAC1D,CAAC;QACD,oDAAoD;QACpD,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,gFAAgF,CACjF,CAAC;QACF,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,IAA4B;IACnD,IAAI,CAAC;QACH,eAAe,CAAC,WAAW,CAAC,CAAC;QAC7B,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,aAAa,EAAE,CAAC,CAAC;QACnE,mBAAmB,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACnE,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,KAAK,CAAC;IAAC,CAAC;AAC3B,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAgB;IACxC,MAAM,MAAM,GAAG,iBAAiB,CAAC,QAA6B,CAAC,CAAC;IAChE,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,OAAO,iBAAiB,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;AACjD,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,QAAgB,EAAE,KAAa;IACtD,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,QAA6B,CAAC;QAAE,OAAO,KAAK,CAAC;IAC/E,IAAI,UAAU,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;QACjC,IAAI,QAAQ,EAAE,KAAK,OAAO,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAChD,gBAAgB,GAAG,IAAI,CAAC;YACxB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,qFAAqF,CACtF,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,GAAG,cAAc,EAAE,CAAC;QAC9B,IAAI,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC;QACvB,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC;IAC/B,CAAC;IACD,MAAM,KAAK,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IACzC,IAAI,CAAC,KAAK;QAAE,OAAO,KAAK,CAAC;IACzB,IAAI,CAAC;QAAC,KAAK,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAAC,OAAO,IAAI,CAAC;IAAC,CAAC;IAC9C,MAAM,CAAC;QAAC,OAAO,KAAK,CAAC;IAAC,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,QAAgB;IACvC,IAAI,UAAU,IAAI,CAAC,WAAW,EAAE;QAAE,OAAO,cAAc,EAAE,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC;IACjF,MAAM,KAAK,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IACzC,IAAI,CAAC,KAAK;QAAE,OAAO,SAAS,CAAC;IAC7B,IAAI,CAAC;QAAC,OAAO,KAAK,CAAC,WAAW,EAAE,IAAI,SAAS,CAAC;IAAC,CAAC;IAChD,MAAM,CAAC;QAAC,OAAO,SAAS,CAAC;IAAC,CAAC;AAC7B,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,QAAgB;IAC1C,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,QAA6B,CAAC;QAAE,OAAO,KAAK,CAAC;IAC/E,IAAI,UAAU,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;QACjC,MAAM,IAAI,GAAG,cAAc,EAAE,CAAC;QAC9B,OAAO,IAAI,CAAC,QAAQ,CAAC,CAAC;QACtB,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC;IAC/B,CAAC;IACD,MAAM,KAAK,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IACzC,IAAI,CAAC,KAAK;QAAE,OAAO,KAAK,CAAC;IACzB,IAAI,CAAC;QAAC,KAAK,CAAC,cAAc,EAAE,CAAC;QAAC,OAAO,IAAI,CAAC;IAAC,CAAC;IAC5C,MAAM,CAAC;QAAC,OAAO,KAAK,CAAC;IAAC,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,mBAAmB;IACjC,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,KAAK,MAAM,QAAQ,IAAI,mBAAmB,EAAE,CAAC;QAC3C,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACjC,IAAI,KAAK;gBAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACnC,CAAC;QAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;IACxB,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,mBAAmB;IACjC,OAAO,oBAAoB,CAAC,YAAY,CAAC,CAAC;AAC5C,CAAC"}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
/** Pure functions returning SshCommand values — no I/O. */
|
|
2
|
+
import { type SshCommand } from "../utils/sshCommand.js";
|
|
3
|
+
export declare function buildPgDumpCommand(): SshCommand;
|
|
4
|
+
export declare function buildConfigTarCommand(): SshCommand;
|
|
5
|
+
export declare function buildCleanupCommand(): SshCommand;
|
|
6
|
+
export declare function buildCoolifyVersionCommand(): SshCommand;
|
|
7
|
+
export declare function buildStopCoolifyCommand(): SshCommand;
|
|
8
|
+
export declare function buildStartCoolifyCommand(): SshCommand;
|
|
9
|
+
export declare function buildStartDbCommand(): SshCommand;
|
|
10
|
+
export declare function buildRestoreDbCommand(): SshCommand;
|
|
11
|
+
export declare function buildRestoreConfigCommand(): SshCommand;
|
|
12
|
+
export declare function buildBareConfigTarCommand(): SshCommand;
|
|
13
|
+
export declare function buildBareRestoreConfigCommand(): SshCommand;
|
|
14
|
+
export declare function buildBareCleanupCommand(): SshCommand;
|
|
15
|
+
//# sourceMappingURL=backup-commands.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"backup-commands.d.ts","sourceRoot":"","sources":["../../src/core/backup-commands.ts"],"names":[],"mappings":"AAAA,2DAA2D;AAE3D,OAAO,EAAO,KAAK,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAM9D,wBAAgB,kBAAkB,IAAI,UAAU,CAE/C;AAED,wBAAgB,qBAAqB,IAAI,UAAU,CAElD;AAED,wBAAgB,mBAAmB,IAAI,UAAU,CAEhD;AAED,wBAAgB,0BAA0B,IAAI,UAAU,CAEvD;AAID,wBAAgB,uBAAuB,IAAI,UAAU,CAEpD;AAED,wBAAgB,wBAAwB,IAAI,UAAU,CAErD;AAED,wBAAgB,mBAAmB,IAAI,UAAU,CAEhD;AAED,wBAAgB,qBAAqB,IAAI,UAAU,CAElD;AAED,wBAAgB,yBAAyB,IAAI,UAAU,CAEtD;AAKD,wBAAgB,yBAAyB,IAAI,UAAU,CAYtD;AAED,wBAAgB,6BAA6B,IAAI,UAAU,CAE1D;AAED,wBAAgB,uBAAuB,IAAI,UAAU,CAEpD"}
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
/** Pure functions returning SshCommand values — no I/O. */
|
|
2
|
+
import { raw } from "../utils/sshCommand.js";
|
|
3
|
+
const COOLIFY_COMPOSE = "cd /data/coolify/source && docker compose -f docker-compose.yml -f docker-compose.prod.yml";
|
|
4
|
+
// ─── Coolify Backup Commands ─────────────────────────────────────────────────
|
|
5
|
+
export function buildPgDumpCommand() {
|
|
6
|
+
return raw("set -o pipefail && docker exec coolify-db pg_dump -U coolify -d coolify | gzip > /tmp/coolify-backup.sql.gz");
|
|
7
|
+
}
|
|
8
|
+
export function buildConfigTarCommand() {
|
|
9
|
+
return raw("tar czf /tmp/coolify-config.tar.gz -C /data/coolify/source .env docker-compose.yml docker-compose.prod.yml 2>/dev/null || tar czf /tmp/coolify-config.tar.gz -C /data/coolify/source .env docker-compose.yml");
|
|
10
|
+
}
|
|
11
|
+
export function buildCleanupCommand() {
|
|
12
|
+
return raw("rm -f /tmp/coolify-backup.sql.gz /tmp/coolify-config.tar.gz");
|
|
13
|
+
}
|
|
14
|
+
export function buildCoolifyVersionCommand() {
|
|
15
|
+
return raw("docker inspect coolify --format '{{.Config.Image}}' 2>/dev/null | sed 's/.*://' || echo unknown");
|
|
16
|
+
}
|
|
17
|
+
// ─── Coolify Restore Commands ────────────────────────────────────────────────
|
|
18
|
+
export function buildStopCoolifyCommand() {
|
|
19
|
+
return raw(`${COOLIFY_COMPOSE} stop`);
|
|
20
|
+
}
|
|
21
|
+
export function buildStartCoolifyCommand() {
|
|
22
|
+
return raw(`${COOLIFY_COMPOSE} up -d`);
|
|
23
|
+
}
|
|
24
|
+
export function buildStartDbCommand() {
|
|
25
|
+
return raw(`${COOLIFY_COMPOSE} up -d postgres && sleep 3`);
|
|
26
|
+
}
|
|
27
|
+
export function buildRestoreDbCommand() {
|
|
28
|
+
return raw("gunzip -c /tmp/coolify-backup.sql.gz | docker exec -i coolify-db psql -U coolify -d coolify");
|
|
29
|
+
}
|
|
30
|
+
export function buildRestoreConfigCommand() {
|
|
31
|
+
return raw("tar xzf /tmp/coolify-config.tar.gz -C /data/coolify/source");
|
|
32
|
+
}
|
|
33
|
+
// ─── Bare Server Backup Commands ─────────────────────────────────────────────
|
|
34
|
+
export function buildBareConfigTarCommand() {
|
|
35
|
+
return raw("tar czf /tmp/bare-config.tar.gz --ignore-failed-read " +
|
|
36
|
+
"-C / " +
|
|
37
|
+
"etc/nginx " +
|
|
38
|
+
"etc/ssh/sshd_config " +
|
|
39
|
+
"etc/ufw " +
|
|
40
|
+
"etc/fail2ban " +
|
|
41
|
+
"etc/crontab " +
|
|
42
|
+
"etc/apt/apt.conf.d/50unattended-upgrades " +
|
|
43
|
+
"2>/dev/null || tar czf /tmp/bare-config.tar.gz --ignore-failed-read -C / etc/ssh/sshd_config");
|
|
44
|
+
}
|
|
45
|
+
export function buildBareRestoreConfigCommand() {
|
|
46
|
+
return raw("tar xzf /tmp/bare-config.tar.gz -C /");
|
|
47
|
+
}
|
|
48
|
+
export function buildBareCleanupCommand() {
|
|
49
|
+
return raw("rm -f /tmp/bare-config.tar.gz");
|
|
50
|
+
}
|
|
51
|
+
//# sourceMappingURL=backup-commands.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"backup-commands.js","sourceRoot":"","sources":["../../src/core/backup-commands.ts"],"names":[],"mappings":"AAAA,2DAA2D;AAE3D,OAAO,EAAE,GAAG,EAAmB,MAAM,wBAAwB,CAAC;AAE9D,MAAM,eAAe,GAAG,4FAA4F,CAAC;AAErH,gFAAgF;AAEhF,MAAM,UAAU,kBAAkB;IAChC,OAAO,GAAG,CAAC,6GAA6G,CAAC,CAAC;AAC5H,CAAC;AAED,MAAM,UAAU,qBAAqB;IACnC,OAAO,GAAG,CAAC,8MAA8M,CAAC,CAAC;AAC7N,CAAC;AAED,MAAM,UAAU,mBAAmB;IACjC,OAAO,GAAG,CAAC,6DAA6D,CAAC,CAAC;AAC5E,CAAC;AAED,MAAM,UAAU,0BAA0B;IACxC,OAAO,GAAG,CAAC,iGAAiG,CAAC,CAAC;AAChH,CAAC;AAED,gFAAgF;AAEhF,MAAM,UAAU,uBAAuB;IACrC,OAAO,GAAG,CAAC,GAAG,eAAe,OAAO,CAAC,CAAC;AACxC,CAAC;AAED,MAAM,UAAU,wBAAwB;IACtC,OAAO,GAAG,CAAC,GAAG,eAAe,QAAQ,CAAC,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,mBAAmB;IACjC,OAAO,GAAG,CAAC,GAAG,eAAe,4BAA4B,CAAC,CAAC;AAC7D,CAAC;AAED,MAAM,UAAU,qBAAqB;IACnC,OAAO,GAAG,CAAC,6FAA6F,CAAC,CAAC;AAC5G,CAAC;AAED,MAAM,UAAU,yBAAyB;IACvC,OAAO,GAAG,CAAC,4DAA4D,CAAC,CAAC;AAC3E,CAAC;AAGD,gFAAgF;AAEhF,MAAM,UAAU,yBAAyB;IACvC,OAAO,GAAG,CACR,uDAAuD;QACvD,OAAO;QACP,YAAY;QACZ,sBAAsB;QACtB,UAAU;QACV,eAAe;QACf,cAAc;QACd,2CAA2C;QAC3C,8FAA8F,CAC/F,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,6BAA6B;IAC3C,OAAO,GAAG,CAAC,sCAAsC,CAAC,CAAC;AACrD,CAAC;AAED,MAAM,UAAU,uBAAuB;IACrC,OAAO,GAAG,CAAC,+BAA+B,CAAC,CAAC;AAC9C,CAAC"}
|
package/dist/core/backup.d.ts
CHANGED
|
@@ -1,29 +1,7 @@
|
|
|
1
|
-
import { type SshCommand } from "../utils/sshCommand.js";
|
|
2
1
|
import type { BackupManifest, Platform, ServerRecord } from "../types/index.js";
|
|
2
|
+
export * from "./backup-commands.js";
|
|
3
3
|
export { formatTimestamp, getBackupDir } from "../utils/backupPath.js";
|
|
4
4
|
export { scpDownload, scpUpload, assertSafePath } from "../utils/scp.js";
|
|
5
|
-
export declare function buildPgDumpCommand(): SshCommand;
|
|
6
|
-
export declare function buildConfigTarCommand(): SshCommand;
|
|
7
|
-
export declare function buildCleanupCommand(): SshCommand;
|
|
8
|
-
export declare function buildCoolifyVersionCommand(): SshCommand;
|
|
9
|
-
export declare function buildStopCoolifyCommand(): SshCommand;
|
|
10
|
-
export declare function buildStartCoolifyCommand(): SshCommand;
|
|
11
|
-
export declare function buildStartDbCommand(): SshCommand;
|
|
12
|
-
export declare function buildRestoreDbCommand(): SshCommand;
|
|
13
|
-
export declare function buildRestoreConfigCommand(): SshCommand;
|
|
14
|
-
export declare function listBackups(serverName: string): string[];
|
|
15
|
-
export declare function loadManifest(backupPath: string): BackupManifest | undefined;
|
|
16
|
-
export declare function listOrphanBackups(activeServerNames: string[]): string[];
|
|
17
|
-
export declare function cleanupServerBackups(serverName: string): {
|
|
18
|
-
removed: boolean;
|
|
19
|
-
path: string;
|
|
20
|
-
};
|
|
21
|
-
export declare function buildBareConfigTarCommand(): SshCommand;
|
|
22
|
-
export declare function buildBareRestoreConfigCommand(): SshCommand;
|
|
23
|
-
export declare function buildBareCleanupCommand(): SshCommand;
|
|
24
|
-
export declare function createBareBackup(ip: string, serverName: string, provider: string): Promise<BackupResult>;
|
|
25
|
-
export declare function restoreBareBackup(ip: string, serverName: string, backupId: string): Promise<RestoreResult>;
|
|
26
|
-
export declare function tryRestartCoolify(ip: string): Promise<void>;
|
|
27
5
|
export interface BackupResult {
|
|
28
6
|
success: boolean;
|
|
29
7
|
backupPath?: string;
|
|
@@ -41,6 +19,16 @@ export interface RestoreResult {
|
|
|
41
19
|
error?: string;
|
|
42
20
|
hint?: string;
|
|
43
21
|
}
|
|
22
|
+
export declare function listBackups(serverName: string): string[];
|
|
23
|
+
export declare function loadManifest(backupPath: string): BackupManifest | undefined;
|
|
24
|
+
export declare function listOrphanBackups(activeServerNames: string[]): string[];
|
|
25
|
+
export declare function cleanupServerBackups(serverName: string): {
|
|
26
|
+
removed: boolean;
|
|
27
|
+
path: string;
|
|
28
|
+
};
|
|
29
|
+
export declare function createBareBackup(ip: string, serverName: string, provider: string): Promise<BackupResult>;
|
|
30
|
+
export declare function restoreBareBackup(ip: string, serverName: string, backupId: string): Promise<RestoreResult>;
|
|
31
|
+
export declare function tryRestartCoolify(ip: string): Promise<void>;
|
|
44
32
|
export declare function createBackup(ip: string, serverName: string, provider: string, platform?: Platform): Promise<BackupResult>;
|
|
45
33
|
/**
|
|
46
34
|
* Single entry point for backing up any server (bare or managed).
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"backup.d.ts","sourceRoot":"","sources":["../../src/core/backup.ts"],"names":[],"mappings":"AAKA,OAAO,
|
|
1
|
+
{"version":3,"file":"backup.d.ts","sourceRoot":"","sources":["../../src/core/backup.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,cAAc,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAYhF,cAAc,sBAAsB,CAAC;AACrC,OAAO,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AACvE,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAGzE,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,SAAS,GAAG,SAAS,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC9E,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAQD,wBAAgB,WAAW,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,EAAE,CAWxD;AAED,wBAAgB,YAAY,CAAC,UAAU,EAAE,MAAM,GAAG,cAAc,GAAG,SAAS,CAQ3E;AAED,wBAAgB,iBAAiB,CAAC,iBAAiB,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,CAavE;AAED,wBAAgB,oBAAoB,CAAC,UAAU,EAAE,MAAM,GAAG;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,CAS3F;AAID,wBAAsB,gBAAgB,CACpC,EAAE,EAAE,MAAM,EACV,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,YAAY,CAAC,CAkDvB;AAED,wBAAsB,iBAAiB,CACrC,EAAE,EAAE,MAAM,EACV,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,aAAa,CAAC,CAsDxB;AAID,wBAAsB,iBAAiB,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAMjE;AAID,wBAAsB,YAAY,CAChC,EAAE,EAAE,MAAM,EACV,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,MAAM,EAChB,QAAQ,GAAE,QAAoB,GAC7B,OAAO,CAAC,YAAY,CAAC,CAGvB;AAED;;;;GAIG;AACH,wBAAsB,YAAY,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC,CAc9E;AAED,wBAAsB,aAAa,CACjC,EAAE,EAAE,MAAM,EACV,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,aAAa,CAAC,CA2CxB"}
|
package/dist/core/backup.js
CHANGED
|
@@ -1,44 +1,20 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { existsSync, readFileSync, readdirSync, rmSync } from "fs";
|
|
2
2
|
import { join, resolve } from "path";
|
|
3
3
|
import { sshExec, assertValidIp } from "../utils/ssh.js";
|
|
4
|
-
import { BACKUPS_DIR } from "../utils/
|
|
4
|
+
import { BACKUPS_DIR } from "../utils/paths.js";
|
|
5
5
|
import { getErrorMessage, mapSshError, sanitizeStderr } from "../utils/errorMapper.js";
|
|
6
|
-
import { raw } from "../utils/sshCommand.js";
|
|
7
6
|
import { getAdapter, resolvePlatform } from "../adapters/factory.js";
|
|
8
7
|
import { isBareServer } from "../utils/modeGuard.js";
|
|
9
8
|
import { debugLog } from "../utils/logger.js";
|
|
10
9
|
import { formatTimestamp, getBackupDir } from "../utils/backupPath.js";
|
|
11
10
|
import { scpDownload, scpUpload } from "../utils/scp.js";
|
|
12
|
-
|
|
11
|
+
import { secureMkdirSync, secureWriteFileSync } from "../utils/secureWrite.js";
|
|
12
|
+
import { buildBareConfigTarCommand, buildBareRestoreConfigCommand, buildBareCleanupCommand, buildStartCoolifyCommand, } from "./backup-commands.js";
|
|
13
|
+
export * from "./backup-commands.js";
|
|
13
14
|
export { formatTimestamp, getBackupDir } from "../utils/backupPath.js";
|
|
14
15
|
export { scpDownload, scpUpload, assertSafePath } from "../utils/scp.js";
|
|
15
|
-
|
|
16
|
-
return
|
|
17
|
-
}
|
|
18
|
-
export function buildConfigTarCommand() {
|
|
19
|
-
return raw("tar czf /tmp/coolify-config.tar.gz -C /data/coolify/source .env docker-compose.yml docker-compose.prod.yml 2>/dev/null || tar czf /tmp/coolify-config.tar.gz -C /data/coolify/source .env docker-compose.yml");
|
|
20
|
-
}
|
|
21
|
-
export function buildCleanupCommand() {
|
|
22
|
-
return raw("rm -f /tmp/coolify-backup.sql.gz /tmp/coolify-config.tar.gz");
|
|
23
|
-
}
|
|
24
|
-
export function buildCoolifyVersionCommand() {
|
|
25
|
-
return raw("docker inspect coolify --format '{{.Config.Image}}' 2>/dev/null | sed 's/.*://' || echo unknown");
|
|
26
|
-
}
|
|
27
|
-
// ─── Pure Functions (Restore) ────────────────────────────────────────────────
|
|
28
|
-
export function buildStopCoolifyCommand() {
|
|
29
|
-
return raw("cd /data/coolify/source && docker compose -f docker-compose.yml -f docker-compose.prod.yml stop");
|
|
30
|
-
}
|
|
31
|
-
export function buildStartCoolifyCommand() {
|
|
32
|
-
return raw("cd /data/coolify/source && docker compose -f docker-compose.yml -f docker-compose.prod.yml up -d");
|
|
33
|
-
}
|
|
34
|
-
export function buildStartDbCommand() {
|
|
35
|
-
return raw("cd /data/coolify/source && docker compose -f docker-compose.yml -f docker-compose.prod.yml up -d postgres && sleep 3");
|
|
36
|
-
}
|
|
37
|
-
export function buildRestoreDbCommand() {
|
|
38
|
-
return raw("gunzip -c /tmp/coolify-backup.sql.gz | docker exec -i coolify-db psql -U coolify -d coolify");
|
|
39
|
-
}
|
|
40
|
-
export function buildRestoreConfigCommand() {
|
|
41
|
-
return raw("tar xzf /tmp/coolify-config.tar.gz -C /data/coolify/source");
|
|
16
|
+
function isPathTraversal(backupPath, baseDir) {
|
|
17
|
+
return !resolve(backupPath).startsWith(resolve(baseDir));
|
|
42
18
|
}
|
|
43
19
|
// ─── Semi-Pure Functions (FS Read) ───────────────────────────────────────────
|
|
44
20
|
export function listBackups(serverName) {
|
|
@@ -94,24 +70,6 @@ export function cleanupServerBackups(serverName) {
|
|
|
94
70
|
return { removed: false, path: dir };
|
|
95
71
|
}
|
|
96
72
|
}
|
|
97
|
-
// ─── Pure Functions (Bare Backup) ────────────────────────────────────────────
|
|
98
|
-
export function buildBareConfigTarCommand() {
|
|
99
|
-
return raw("tar czf /tmp/bare-config.tar.gz --ignore-failed-read " +
|
|
100
|
-
"-C / " +
|
|
101
|
-
"etc/nginx " +
|
|
102
|
-
"etc/ssh/sshd_config " +
|
|
103
|
-
"etc/ufw " +
|
|
104
|
-
"etc/fail2ban " +
|
|
105
|
-
"etc/crontab " +
|
|
106
|
-
"etc/apt/apt.conf.d/50unattended-upgrades " +
|
|
107
|
-
"2>/dev/null || tar czf /tmp/bare-config.tar.gz --ignore-failed-read -C / etc/ssh/sshd_config");
|
|
108
|
-
}
|
|
109
|
-
export function buildBareRestoreConfigCommand() {
|
|
110
|
-
return raw("tar xzf /tmp/bare-config.tar.gz -C /");
|
|
111
|
-
}
|
|
112
|
-
export function buildBareCleanupCommand() {
|
|
113
|
-
return raw("rm -f /tmp/bare-config.tar.gz");
|
|
114
|
-
}
|
|
115
73
|
// ─── Async Wrappers (Bare) ────────────────────────────────────────────────────
|
|
116
74
|
export async function createBareBackup(ip, serverName, provider) {
|
|
117
75
|
assertValidIp(ip);
|
|
@@ -128,7 +86,7 @@ export async function createBareBackup(ip, serverName, provider) {
|
|
|
128
86
|
// Step 2: Download
|
|
129
87
|
const timestamp = formatTimestamp(new Date());
|
|
130
88
|
const backupPath = join(getBackupDir(serverName), timestamp);
|
|
131
|
-
|
|
89
|
+
secureMkdirSync(backupPath);
|
|
132
90
|
const dl = await scpDownload(ip, "/tmp/bare-config.tar.gz", join(backupPath, "bare-config.tar.gz"));
|
|
133
91
|
if (dl.code !== 0) {
|
|
134
92
|
return {
|
|
@@ -146,7 +104,7 @@ export async function createBareBackup(ip, serverName, provider) {
|
|
|
146
104
|
files: ["bare-config.tar.gz"],
|
|
147
105
|
mode: "bare",
|
|
148
106
|
};
|
|
149
|
-
|
|
107
|
+
secureWriteFileSync(join(backupPath, "manifest.json"), JSON.stringify(manifest, null, 2));
|
|
150
108
|
// Step 4: Cleanup remote
|
|
151
109
|
await sshExec(ip, buildBareCleanupCommand()).catch((e) => debugLog?.("bare backup cleanup failed:", e));
|
|
152
110
|
return { success: true, backupPath, manifest };
|
|
@@ -164,8 +122,7 @@ export async function restoreBareBackup(ip, serverName, backupId) {
|
|
|
164
122
|
assertValidIp(ip);
|
|
165
123
|
const baseDir = getBackupDir(serverName);
|
|
166
124
|
const backupPath = join(baseDir, backupId);
|
|
167
|
-
|
|
168
|
-
if (!resolve(backupPath).startsWith(resolve(baseDir))) {
|
|
125
|
+
if (isPathTraversal(backupPath, baseDir)) {
|
|
169
126
|
return { success: false, steps: [], error: "Invalid backupId: path traversal detected" };
|
|
170
127
|
}
|
|
171
128
|
const steps = [];
|
|
@@ -251,8 +208,7 @@ export async function restoreBackup(ip, serverName, backupId) {
|
|
|
251
208
|
assertValidIp(ip);
|
|
252
209
|
const baseDir = getBackupDir(serverName);
|
|
253
210
|
const backupPath = join(baseDir, backupId);
|
|
254
|
-
|
|
255
|
-
if (!resolve(backupPath).startsWith(resolve(baseDir))) {
|
|
211
|
+
if (isPathTraversal(backupPath, baseDir)) {
|
|
256
212
|
return { success: false, steps: [], error: "Invalid backupId: path traversal detected" };
|
|
257
213
|
}
|
|
258
214
|
// Validate manifest
|