lobstakit-cloud 1.3.2 → 1.3.3

package/lib/gateway.js

@@ -1,44 +1,148 @@
 /**
  * LobstaKit Cloud — Gateway Manager
  *
- * Controls the openclaw-gateway systemd service.
+ * Controls the openclaw-gateway systemd user service.
  */
 
 const { execSync } = require('child_process');
 const fs = require('fs');
+const http = require('http');
+const path = require('path');
+const os = require('os');
 
 const SERVICE_NAME = 'openclaw-gateway';
-const DROP_IN_DIR = `/etc/systemd/system/${SERVICE_NAME}.service.d`;
-const DROP_IN_FILE = `${DROP_IN_DIR}/dbus-env.conf`;
+
+// Paths
+const OPENCLAW_CONFIG = path.join(os.homedir(), '.openclaw', 'openclaw.json');
+const LOBSTAKIT_CONFIG = path.join(os.homedir(), '.lobstakit', 'config.json');
+
+// Env vars needed for systemctl --user to work from a headless root session
+function userEnv() {
+  const uid = (() => { try { return execSync('id -u', { encoding: 'utf8', timeout: 3000 }).trim(); } catch { return '0'; } })();
+  return {
+    ...process.env,
+    XDG_RUNTIME_DIR: `/run/user/${uid}`,
+    DBUS_SESSION_BUS_ADDRESS: `unix:path=/run/user/${uid}/bus`,
+  };
+}
+
+// ─── Token helpers ────────────────────────────────────────────────────────────
+
+/**
+ * Read the gateway auth token from ~/.openclaw/openclaw.json.
+ * Returns null if not found.
+ */
+function readGatewayToken() {
+  try {
+    const raw = fs.readFileSync(OPENCLAW_CONFIG, 'utf8');
+    const cfg = JSON.parse(raw);
+    return cfg?.gateway?.auth?.token || null;
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Persist the gateway auth token into ~/.lobstakit/config.json
+ * so health checks can authenticate without re-reading openclaw.json every time.
+ */
+function persistGatewayToken(token) {
+  try {
+    let cfg = {};
+    try { cfg = JSON.parse(fs.readFileSync(LOBSTAKIT_CONFIG, 'utf8')); } catch { /* new file */ }
+    cfg.gatewayToken = token;
+    fs.writeFileSync(LOBSTAKIT_CONFIG, JSON.stringify(cfg, null, 2));
+  } catch (err) {
+    console.error('[gateway] Failed to persist token:', err.message);
+  }
+}
+
+/**
+ * Read token from openclaw.json and persist into lobstakit config.
+ * Called after every gateway install/restart so both sides stay in sync.
+ */
+function syncGatewayToken() {
+  const token = readGatewayToken();
+  if (token) {
+    persistGatewayToken(token);
+    console.log('[gateway] Auth token synced to lobstakit config');
+  } else {
+    console.warn('[gateway] Could not read gateway auth token from openclaw.json');
+  }
+  return token;
+}
+
+/**
+ * Get the stored gateway token from lobstakit config (fast path).
+ * Falls back to reading directly from openclaw.json.
+ */
+function getStoredToken() {
+  try {
+    const cfg = JSON.parse(fs.readFileSync(LOBSTAKIT_CONFIG, 'utf8'));
+    if (cfg?.gatewayToken) return cfg.gatewayToken;
+  } catch { /* fall through */ }
+  return readGatewayToken();
+}
+
+// ─── Health check via HTTP ────────────────────────────────────────────────────
+
+/**
+ * Ping the gateway HTTP API. Returns a promise resolving to true if healthy.
+ */
+function pingGateway(token) {
+  return new Promise((resolve) => {
+    const opts = {
+      hostname: '127.0.0.1',
+      port: 3001,
+      path: '/api/status',
+      method: 'GET',
+      headers: token ? { Authorization: `Bearer ${token}` } : {},
+      timeout: 3000,
+    };
+    const req = http.request(opts, (res) => {
+      resolve(res.statusCode === 200 || res.statusCode === 401); // 401 = running but token stale
+    });
+    req.on('error', () => resolve(false));
+    req.on('timeout', () => { req.destroy(); resolve(false); });
+    req.end();
+  });
+}
+
+// ─── Service control ──────────────────────────────────────────────────────────
 
 /**
  * Check if the gateway service is currently running.
+ * Tries systemctl --user first, then falls back to HTTP ping.
  */
 function isGatewayRunning() {
+  // Primary: systemctl --user (accurate for user services)
   try {
-    const result = execSync(`systemctl is-active ${SERVICE_NAME}`, {
+    const result = execSync(`systemctl --user is-active ${SERVICE_NAME}`, {
       encoding: 'utf8',
-      timeout: 5000
+      timeout: 5000,
+      env: userEnv(),
     }).trim();
-    return result === 'active';
+    if (result === 'active') return true;
+  } catch { /* fall through to HTTP check */ }
+
+  // Fallback: HTTP ping (works even if systemctl --user is unavailable)
+  // Run synchronously via a child process trick
+  try {
+    const token = getStoredToken();
+    const authHeader = token ? `-H "Authorization: Bearer ${token}"` : '';
+    const result = execSync(
+      `curl -s -o /dev/null -w '%{http_code}' ${authHeader} http://127.0.0.1:3001/api/status`,
+      { encoding: 'utf8', timeout: 4000 }
+    ).trim();
+    return result === '200' || result === '401';
   } catch {
     return false;
   }
 }
 
 /**
- * Ensure D-Bus user session is available and inject env vars into the
- * openclaw-gateway systemd service unit via a drop-in override.
- *
- * Root cause of "systemctl --user unavailable: Failed to connect to bus:
- * No medium found": OpenClaw calls `systemctl --user` internally on startup.
- * On headless VPS, no D-Bus user session exists. Even if LobstaKit sets up
- * D-Bus in its own process, the gateway runs as a *separate* system service
- * and never inherits those env vars.
- *
- * Fix: write a systemd drop-in that bakes XDG_RUNTIME_DIR and
- * DBUS_SESSION_BUS_ADDRESS into the service unit so every restart picks
- * them up automatically — no manual intervention required.
+ * Ensure D-Bus user session and systemd drop-in are set up.
+ * Needed so the gateway can call `systemctl --user` internally.
  */
 function ensureUserSession() {
   try {
@@ -48,86 +152,48 @@ function ensureUserSession() {
     const busSocket = `${runtimeDir}/bus`;
     const busAddress = `unix:path=${busSocket}`;
 
-    // 1. Enable lingering so user units survive without an active login
-    execSync(`loginctl enable-linger ${username} 2>/dev/null || true`, {
-      encoding: 'utf8',
-      timeout: 5000
-    });
-
-    // 2. Ensure runtime dir exists with correct permissions
-    execSync(`mkdir -p ${runtimeDir} && chmod 700 ${runtimeDir} && chown ${uid}:${uid} ${runtimeDir} 2>/dev/null || true`, {
-      encoding: 'utf8',
-      timeout: 3000
-    });
+    execSync(`loginctl enable-linger ${username} 2>/dev/null || true`, { encoding: 'utf8', timeout: 5000 });
+    execSync(`mkdir -p ${runtimeDir} && chmod 700 ${runtimeDir} 2>/dev/null || true`, { encoding: 'utf8', timeout: 3000 });
 
-    // 3. Start dbus-daemon if socket not already present
     let dbusRunning = false;
-    try {
-      execSync(`test -S ${busSocket}`, { encoding: 'utf8', timeout: 2000 });
-      dbusRunning = true;
-    } catch { /* socket not there yet */ }
+    try { execSync(`test -S ${busSocket}`, { encoding: 'utf8', timeout: 2000 }); dbusRunning = true; } catch { /* not running */ }
 
     if (!dbusRunning) {
       try {
-        execSync(
-          `dbus-daemon --session --address=${busAddress} --fork --nopidfile`,
-          {
-            encoding: 'utf8',
-            timeout: 5000,
-            env: { ...process.env, XDG_RUNTIME_DIR: runtimeDir }
-          }
-        );
-        // Wait up to 2s for socket to appear
+        execSync(`dbus-daemon --session --address=${busAddress} --fork --nopidfile`, {
+          encoding: 'utf8', timeout: 5000,
+          env: { ...process.env, XDG_RUNTIME_DIR: runtimeDir },
+        });
         for (let i = 0; i < 10; i++) {
-          try {
-            execSync(`test -S ${busSocket}`, { encoding: 'utf8', timeout: 500 });
-            dbusRunning = true;
-            break;
-          } catch {
-            execSync('sleep 0.2', { timeout: 500 });
-          }
+          try { execSync(`test -S ${busSocket}`, { encoding: 'utf8', timeout: 500 }); dbusRunning = true; break; } catch { /* wait */ }
+          execSync('sleep 0.2', { encoding: 'utf8', timeout: 1000 });
         }
-      } catch (e) {
-        console.warn('[gateway] dbus-daemon unavailable:', e.message);
-        // dbus-daemon may not be installed — XDG_RUNTIME_DIR alone may be enough
-      }
-    }
-
-    // 4. Write systemd drop-in so the service unit inherits these env vars
-    //    on every start/restart, not just when LobstaKit happens to call this.
-    const lines = [
-      '# Auto-generated by LobstaKit — do not edit manually',
-      '[Service]',
-      `Environment="XDG_RUNTIME_DIR=${runtimeDir}"`,
-    ];
-    if (dbusRunning) {
-      lines.push(`Environment="DBUS_SESSION_BUS_ADDRESS=${busAddress}"`);
+      } catch (e) { console.warn('[gateway] dbus-daemon start failed:', e.message); }
     }
-    const dropInContent = lines.join('\n') + '\n';
-
-    execSync(`mkdir -p ${DROP_IN_DIR}`, { encoding: 'utf8', timeout: 3000 });
-    fs.writeFileSync(DROP_IN_FILE, dropInContent, 'utf8');
 
-    // 5. Reload systemd so it picks up the new drop-in
-    execSync('systemctl daemon-reload', { encoding: 'utf8', timeout: 10000 });
+    // Write systemd drop-in so the gateway service inherits D-Bus env
+    const dropInDir = `/root/.config/systemd/user`;
+    const dropInFile = `${dropInDir}/${SERVICE_NAME}.service.d/dbus-env.conf`;
+    const dropInContent = `[Service]\nEnvironment=XDG_RUNTIME_DIR=${runtimeDir}\nEnvironment=DBUS_SESSION_BUS_ADDRESS=${busAddress}\n`;
+    try {
+      execSync(`mkdir -p ${path.dirname(dropInFile)}`, { encoding: 'utf8', timeout: 3000 });
+      fs.writeFileSync(dropInFile, dropInContent);
+      execSync(`systemctl --user daemon-reload`, { encoding: 'utf8', timeout: 10000, env: userEnv() });
+    } catch (e) { console.warn('[gateway] drop-in write failed:', e.message); }
 
-    console.log(`[gateway] Session ready — runtimeDir=${runtimeDir} dbus=${dbusRunning} drop-in written`);
+    console.log(`[gateway] Session ready — runtimeDir=${runtimeDir} dbus=${dbusRunning}`);
   } catch (err) {
-    console.warn('[gateway] ensureUserSession warning:', err.message);
+    console.error('[gateway] ensureUserSession failed:', err.message);
   }
 }
 
-/**
- * Start the gateway service.
- */
 function startGateway() {
   ensureUserSession();
   try {
-    execSync(`systemctl start ${SERVICE_NAME}`, {
-      encoding: 'utf8',
-      timeout: 15000
-    });
+    execSync(`systemctl --user enable ${SERVICE_NAME}`, { encoding: 'utf8', timeout: 10000, env: userEnv() });
+    execSync(`systemctl --user start ${SERVICE_NAME}`, { encoding: 'utf8', timeout: 15000, env: userEnv() });
     console.log('[gateway] Service started');
+    setTimeout(() => syncGatewayToken(), 3000); // token available after ~2s startup
     return { success: true };
   } catch (err) {
     console.error('[gateway] Failed to start:', err.message);
@@ -135,15 +201,9 @@ function startGateway() {
   }
 }
 
-/**
- * Stop the gateway service.
- */
 function stopGateway() {
   try {
-    execSync(`systemctl stop ${SERVICE_NAME}`, {
-      encoding: 'utf8',
-      timeout: 15000
-    });
+    execSync(`systemctl --user stop ${SERVICE_NAME}`, { encoding: 'utf8', timeout: 15000, env: userEnv() });
     console.log('[gateway] Service stopped');
     return { success: true };
   } catch (err) {
@@ -152,21 +212,14 @@ function stopGateway() {
   }
 }
 
-/**
- * Restart the gateway service (enables it first if not already enabled).
- */
 function restartGateway() {
   ensureUserSession();
   try {
-    execSync(`systemctl enable ${SERVICE_NAME}`, {
-      encoding: 'utf8',
-      timeout: 10000
-    });
-    execSync(`systemctl restart ${SERVICE_NAME}`, {
-      encoding: 'utf8',
-      timeout: 15000
-    });
+    execSync(`systemctl --user enable ${SERVICE_NAME}`, { encoding: 'utf8', timeout: 10000, env: userEnv() });
+    execSync(`systemctl --user restart ${SERVICE_NAME}`, { encoding: 'utf8', timeout: 15000, env: userEnv() });
     console.log('[gateway] Service enabled and restarted');
+    // Sync token after restart — gateway writes its token on startup (~2s)
+    setTimeout(() => syncGatewayToken(), 3000);
     return { success: true };
   } catch (err) {
     console.error('[gateway] Failed to restart:', err.message);
@@ -174,18 +227,19 @@ function restartGateway() {
   }
 }
 
-/**
- * Get recent gateway logs from journalctl.
- */
 function getGatewayLogs(lines = 50) {
   try {
-    const logs = execSync(`journalctl -u ${SERVICE_NAME} -n ${lines} --no-pager`, {
-      encoding: 'utf8',
-      timeout: 5000
-    });
-    return logs;
+    // Try user journal first, fall back to system journal
+    try {
+      return execSync(`journalctl --user -u ${SERVICE_NAME} -n ${lines} --no-pager`, {
+        encoding: 'utf8', timeout: 5000, env: userEnv(),
+      });
+    } catch {
+      return execSync(`journalctl -u ${SERVICE_NAME} -n ${lines} --no-pager`, {
+        encoding: 'utf8', timeout: 5000,
+      });
+    }
   } catch (err) {
-    console.error('[gateway] Failed to get logs:', err.message);
     return `Error retrieving logs: ${err.message}`;
   }
 }
@@ -195,5 +249,8 @@ module.exports = {
   startGateway,
   stopGateway,
   restartGateway,
-  getGatewayLogs
+  getGatewayLogs,
+  syncGatewayToken,
+  readGatewayToken,
+  persistGatewayToken,
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "lobstakit-cloud",
-  "version": "1.3.2",
+  "version": "1.3.3",
   "description": "LobstaKit Cloud — Setup wizard and management for LobstaCloud gateways",
   "main": "server.js",
   "bin": {