smart-home-engine 1.1.5 → 1.1.9

package/dist/web/assets/{tsMode-B3Xbg24N.js → tsMode-Cnr_wxoV.js}

@@ -1,4 +1,4 @@
-import{m as O}from"./monaco-langs-BW2J83t5.js";import{t as I}from"./index-BcELVSd4.js";/*!-----------------------------------------------------------------------------
+import{m as O}from"./monaco-langs-BW2J83t5.js";import{t as I}from"./index-CZNc_m6c.js";/*!-----------------------------------------------------------------------------
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Version: 0.52.2(404545bded1df6ffa41ea0af4e8ddb219018c6c1)
  * Released under the MIT license

package/dist/web/index.html

@@ -172,7 +172,7 @@
                 }
             })();
         </script>
-      <script type="module" crossorigin src="/assets/index-BcELVSd4.js"></script>
+      <script type="module" crossorigin src="/assets/index-CZNc_m6c.js"></script>
       <link rel="modulepreload" crossorigin href="/assets/monaco-langs-BW2J83t5.js">
       <link rel="stylesheet" crossorigin href="/assets/monaco-langs-DyX1CsEw.css">
       <link rel="stylesheet" crossorigin href="/assets/index-iTrR9H4f.css">

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "smart-home-engine",
-    "version": "1.1.5",
+    "version": "1.1.9",
     "description": "Node.js based script runner for use in MQTT based Smart Home environments",
     "main": "src/index.js",
     "scripts": {

package/src/index.js

@@ -119,6 +119,7 @@ if (typeof config.port !== 'undefined') {
             log.error('http server start failed:', err.message);
             process.exit(1);
         });
+    require('./web/broker-api').setLogger(log);
 }
 
 const chokidar = require('chokidar');
@@ -145,6 +146,7 @@ const scheduler = modules['node-schedule'];
 const StateStore = require('./lib/state-store');
 const sandboxModules = [];
 const store = new StateStore();
+if (typeof config.port !== 'undefined') require('./web/broker-api').setStore(store);
 const scripts = {};
 const scriptOrigins = new Map(); // file → 'builtin' | 'user'
 const subscriptions = [];
@@ -360,6 +362,7 @@ if (config.url) {
         log.info('mqtt connected ' + config.url);
         log.debug('mqtt subscribe #');
         mqtt.subscribe('#');
+        mqtt.subscribe('$SYS/#');
         mqttEventCallbacks.filter((c) => c.event === 'connect').forEach((c) => c.callback());
 
         if (!_started) {

package/src/lib/dynsec.js

@@ -39,11 +39,20 @@ function _drain() {
     const { command, payload, resolve, reject } = _queue.shift();
     _inflight = true;
 
+    const safePayload = { ...payload };
+    if ('password' in safePayload) safePayload.password = '***';
+    if (_log) _log.debug(`dynsec: → sending "${command}"`, JSON.stringify(safePayload));
+
     const timer = setTimeout(() => {
         _inflight = false;
         _inflightResolve = null;
+        if (_log) _log.warn(`dynsec: timeout waiting for response to "${command}" (${_timeout}ms) — is the dynsec plugin loaded and the admin user configured?`);
         reject(new Error(`dynsec timeout waiting for response to "${command}"`));
-        _drain();
+        // Fail-fast: reject all remaining queued commands since the broker is not responding
+        while (_queue.length > 0) {
+            const queued = _queue.shift();
+            queued.reject(new Error(`dynsec: aborting "${queued.command}" — previous command timed out`));
+        }
     }, _timeout);
 
     _inflightResolve = (responses) => {
@@ -52,8 +61,10 @@ function _drain() {
         _inflightResolve = null;
         const r = responses.find((resp) => resp.command === command);
         if (r && r.error) {
+            if (_log) _log.debug(`dynsec: ✕ "${command}" error: ${r.error}`);
             reject(new Error(r.error));
         } else {
+            if (_log) _log.debug(`dynsec: ✓ "${command}" ok`);
             resolve(r || {});
         }
         _drain();
@@ -67,8 +78,12 @@ function _request(command, payload = {}) {
         return Promise.reject(new Error('she.broker: dynsec not configured — set broker.dynsec in config.json'));
     }
     if (!_connected) {
+        if (_log) _log.debug(`dynsec: request "${command}" rejected — not connected (queue length: ${_queue.length})`);
         return Promise.reject(new Error('she.broker: dynsec not connected'));
     }
+    const safePayload = { ...payload };
+    if ('password' in safePayload) safePayload.password = '***';
+    if (_log) _log.debug(`dynsec: queuing "${command}" (queue length: ${_queue.length}, inflight: ${_inflight})`, JSON.stringify(safePayload));
     return new Promise((resolve, reject) => {
         _queue.push({ command, payload, resolve, reject });
         _drain();
@@ -111,11 +126,15 @@ function init(config, log) {
     _client = mqtt.connect(config.url, opts);
 
     _client.on('connect', () => {
-        _connected = true;
-        _log.info('dynsec: connected as', dynsecCfg.adminUsername);
+        _log.info('dynsec: MQTT connect event, subscribing to response topic');
         _client.subscribe(RESPONSE_TOPIC, (err) => {
-            if (err) _log.error('dynsec: failed to subscribe to response topic:', err.message);
-            else _drain(); // flush any requests queued before connection
+            if (err) {
+                _log.error('dynsec: failed to subscribe to response topic:', err.message);
+            } else {
+                _connected = true;
+                _log.info('dynsec: ready — subscribed as', dynsecCfg.adminUsername);
+                _drain(); // flush any requests queued before connection
+            }
         });
     });
 
@@ -139,8 +158,12 @@ function init(config, log) {
             _log.error('dynsec: invalid JSON on response topic');
             return;
         }
+        const cmds = Array.isArray(msg.responses) ? msg.responses.map((r) => r.command).join(', ') : 'none';
+        if (_log) _log.debug(`dynsec: ← response received, commands: [${cmds}]`);
         if (_inflightResolve && Array.isArray(msg.responses)) {
             _inflightResolve(msg.responses);
+        } else if (!_inflightResolve) {
+            if (_log) _log.debug(`dynsec: unexpected response (no inflight request), commands: [${cmds}]`);
         }
     });
 }

package/src/web/broker-api.js

@@ -16,6 +16,7 @@
 const express = require('express');
 const path = require('path');
 const fs = require('fs');
+const crypto = require('crypto');
 const dynsec = require('../lib/dynsec');
 const mosquittoConf = require('../lib/mosquitto-conf');
 const ca = require('../lib/ca');
@@ -27,6 +28,19 @@ const DEFAULT_SSH_KEY = path.join(sheConfig['data-dir'], 'ssh', 'broker_id_ed255
 
 const router = express.Router();
 
+let _log = null;
+let _store = null;
+
+/** Must be called once from index.js so broker-api can emit debug-level log lines. */
+function setLogger(log) {
+    _log = log;
+}
+
+/** Must be called once from index.js to give broker-api access to the MQTT state store. */
+function setStore(store) {
+    _store = store;
+}
+
 // ── Helpers ────────────────────────────────────────────────────────────────────
 
 /** Get broker config from live config.json */
@@ -64,13 +78,14 @@ function handleError(res, err) {
  */
 router.get('/status', (req, res) => {
     const ds = dynsec.getStatus();
-    const mqttState = req.app.locals.mqttState || {};
 
-    const sysPrefixes = ['$SYS/broker/version', '$SYS/broker/clients/', '$SYS/broker/uptime'];
     const sys = {};
-    for (const [topic, entry] of Object.entries(mqttState)) {
-        if (sysPrefixes.some((p) => topic.startsWith(p))) {
-            sys[topic] = entry;
+    if (_store) {
+        const sysPrefixes = ['$SYS/broker/version', '$SYS/broker/uptime', '$SYS/broker/clients/', '$SYS/broker/messages/'];
+        for (const [topic, entry] of _store.mqttEntries()) {
+            if (sysPrefixes.some((p) => topic.startsWith(p))) {
+                sys[topic] = entry;
+            }
         }
     }
 
@@ -82,14 +97,22 @@ router.get('/status', (req, res) => {
 /**
  * GET /she/broker/config
  * Returns parsed config structure + raw text + checksum.
+ * In remote mode, reads mosquitto.conf from the broker host via SSH.
  */
-router.get('/config', (req, res) => {
+router.get('/config', async (req, res) => {
     try {
         const bc = getBrokerConfig(req);
         const fp = confPath(bc);
+        const backups = mosquittoConf.listBackups(fp).map((b) => path.basename(b));
+        if (bc.ssh && bc.ssh.host) {
+            _log?.debug(`broker: reading remote config from ${bc.ssh.host}:${fp}`);
+            const raw = await sshDeploy.readRemoteFile(bc.ssh, fp);
+            const parsed = mosquittoConf.parseText(raw);
+            const cs = crypto.createHash('sha256').update(raw).digest('hex');
+            return res.json({ ...parsed, checksum: cs, backups });
+        }
         const parsed = mosquittoConf.parse(fp);
         const cs = mosquittoConf.checksum(fp);
-        const backups = mosquittoConf.listBackups(fp).map((b) => path.basename(b));
         res.json({ ...parsed, checksum: cs, backups });
     } catch (err) {
         handleError(res, err);
@@ -100,17 +123,25 @@ router.get('/config', (req, res) => {
  * PUT /she/broker/config
  * Write structured config (body: { listeners, managed, passthrough, checksum? }).
  * body.checksum is the client's last-known checksum for external-modify detection.
+ * In remote mode, the file is also deployed to the broker host via SCP.
  */
-router.put('/config', (req, res) => {
+router.put('/config', async (req, res) => {
     try {
         const bc = getBrokerConfig(req);
         const fp = confPath(bc);
         const { listeners, managed, passthrough, checksum: clientChecksum } = req.body;
         const content = mosquittoConf.serialise({ listeners, managed, passthrough });
-        const result = mosquittoConf.write(fp, content, clientChecksum ?? null);
+        const remote = bc.ssh && bc.ssh.host;
+        _log?.info(`broker: writing config to ${remote ? `remote ${bc.ssh.host}:${fp}` : `local ${fp}`}`);
+        // In remote mode skip local conflict check — remote is the source of truth
+        const result = mosquittoConf.write(fp, content, remote ? null : (clientChecksum ?? null));
         if (!result.ok) {
             return res.status(409).json({ error: 'external_modify', message: 'mosquitto.conf was modified externally since last read' });
         }
+        if (remote) {
+            _log?.debug(`broker: uploading config to ${bc.ssh.host}:${fp}`);
+            await sshDeploy.uploadContent(bc.ssh, content, fp);
+        }
         _lastWriteChecksum.set(fp, mosquittoConf.checksum(fp));
         res.json({ ok: true, backupPath: result.backupPath ? path.basename(result.backupPath) : null });
     } catch (err) {
@@ -121,8 +152,9 @@ router.put('/config', (req, res) => {
 /**
  * PUT /she/broker/config/raw
  * Write raw mosquitto.conf text directly (used by the Advanced editor).
+ * In remote mode, the file is also deployed to the broker host via SCP.
  */
-router.put('/config/raw', (req, res) => {
+router.put('/config/raw', async (req, res) => {
     try {
         const bc = getBrokerConfig(req);
         const fp = confPath(bc);
@@ -130,10 +162,17 @@ router.put('/config/raw', (req, res) => {
         if (typeof content !== 'string') {
             return res.status(400).json({ error: 'content must be a string' });
         }
-        const result = mosquittoConf.write(fp, content, clientChecksum ?? null);
+        const remote = bc.ssh && bc.ssh.host;
+        _log?.info(`broker: writing raw config to ${remote ? `remote ${bc.ssh.host}:${fp}` : `local ${fp}`}`);
+        // In remote mode skip local conflict check — remote is the source of truth
+        const result = mosquittoConf.write(fp, content, remote ? null : (clientChecksum ?? null));
         if (!result.ok) {
             return res.status(409).json({ error: 'external_modify', message: 'mosquitto.conf was modified externally since last read' });
         }
+        if (remote) {
+            _log?.debug(`broker: uploading raw config to ${bc.ssh.host}:${fp}`);
+            await sshDeploy.uploadContent(bc.ssh, content, fp);
+        }
         _lastWriteChecksum.set(fp, mosquittoConf.checksum(fp));
         res.json({ ok: true, backupPath: result.backupPath ? path.basename(result.backupPath) : null });
     } catch (err) {
@@ -191,12 +230,18 @@ router.post('/reload', async (req, res) => {
     try {
         const bc = getBrokerConfig(req);
         if (bc.ssh && bc.ssh.host) {
+            const cmd = bc.reloadCmd || 'sudo systemctl reload mosquitto';
+            _log?.debug(`broker: remote reload on ${bc.ssh.host}: ${cmd}`);
             const result = await sshDeploy.runCommand(bc.ssh, cmd);
+            _log?.debug(`broker: remote reload stdout=${result.stdout} stderr=${result.stderr}`);
             return res.json({ ok: true, ...result });
         }
+        _log?.debug('broker: local reload mosquitto');
         const result = await mosquittoConf.reload(bc);
+        _log?.debug(`broker: local reload stdout=${result.stdout} stderr=${result.stderr}`);
         res.json({ ok: true, stdout: result.stdout, stderr: result.stderr });
     } catch (err) {
+        _log?.debug(`broker: reload error: ${err.message}`);
         handleError(res, err);
     }
 });
@@ -211,12 +256,17 @@ router.post('/restart', async (req, res) => {
         const bc = getBrokerConfig(req);
         if (bc.ssh && bc.ssh.host) {
             const cmd = bc.restartCmd || 'sudo systemctl restart mosquitto';
+            _log?.debug(`broker: remote restart on ${bc.ssh.host}: ${cmd}`);
             const result = await sshDeploy.runCommand(bc.ssh, cmd);
+            _log?.debug(`broker: remote restart stdout=${result.stdout} stderr=${result.stderr}`);
             return res.json({ ok: true, ...result });
         }
+        _log?.debug('broker: local restart mosquitto');
         const result = await mosquittoConf.restart(bc);
+        _log?.debug(`broker: local restart stdout=${result.stdout} stderr=${result.stderr}`);
         res.json({ ok: true, stdout: result.stdout, stderr: result.stderr });
     } catch (err) {
+        _log?.debug(`broker: restart error: ${err.message}`);
         handleError(res, err);
     }
 });
@@ -655,7 +705,7 @@ router.delete('/ca/trusted/:fingerprint', async (req, res) => {
     }
 });
 
-module.exports = { router };
+module.exports = { router, setLogger, setStore };
 
 // ── SSH routes ─────────────────────────────────────────────────────────────────
 // Note: these routes are mounted on the same router but defined after module.exports
@@ -680,9 +730,12 @@ router.post('/ssh/keygen', async (req, res) => {
     try {
         const bc = getBrokerConfig(req);
         const identityFile = (bc.ssh && bc.ssh.identityFile) || DEFAULT_SSH_KEY;
+        _log?.debug(`broker: generating SSH keypair at ${identityFile}`);
         const publicKey = await sshDeploy.generateKeypair(identityFile);
+        _log?.debug('broker: SSH keypair generated ok');
         res.json({ ok: true, publicKey });
     } catch (err) {
+        _log?.debug(`broker: SSH keygen error: ${err.message}`);
         handleError(res, err);
     }
 });
@@ -692,9 +745,14 @@ router.post('/ssh/test', async (req, res) => {
     try {
         const bc = getBrokerConfig(req);
         if (!bc.ssh || !bc.ssh.host) return res.status(400).json({ error: 'broker.ssh.host not configured' });
+        const user = (bc.ssh && bc.ssh.user) || require('os').userInfo().username;
+        const key = sshDeploy.expandHome((bc.ssh && bc.ssh.identityFile) || DEFAULT_SSH_KEY);
+        _log?.debug(`broker: testing SSH to ${user}@${bc.ssh.host}:${bc.ssh.port || 22} key=${key}`);
         await sshDeploy.testConnection(bc.ssh);
+        _log?.debug(`broker: SSH connection to ${bc.ssh.host} ok`);
         res.json({ ok: true });
     } catch (err) {
+        _log?.debug(`broker: SSH test to ${bc.ssh && bc.ssh.host} failed: ${err.message}`);
         res.json({ ok: false, error: err.message });
     }
 });
@@ -741,11 +799,17 @@ router.post('/wizard/bootstrap', async (req, res) => {
         const dynSecPath = `${configDir}/dynamic-security.json`;
         const confFilePath = `${configDir}/mosquitto.conf`;
 
+        _log?.debug(`broker: wizard bootstrap mode=${isRemote ? 'remote' : 'local'} configDir=${configDir} adminUser=${username}`);
+
         if (isRemote) {
             // mosquitto_ctrl must run on the broker host — invoke it via SSH.
+            const ctrlCmd = `mosquitto_ctrl dynsec init "${dynSecPath}" "${username}" "${password}"`;
+            _log?.debug(`broker: SSH mosquitto_ctrl on ${bc.ssh.host}: mosquitto_ctrl dynsec init "${dynSecPath}" "${username}" ***`);
             try {
-                await sshDeploy.runCommand(bc.ssh, `mosquitto_ctrl dynsec init "${dynSecPath}" "${username}" "${password}"`);
+                const r = await sshDeploy.runCommand(bc.ssh, ctrlCmd);
+                _log?.debug(`broker: mosquitto_ctrl ok stdout=${r.stdout} stderr=${r.stderr}`);
             } catch (err) {
+                _log?.debug(`broker: mosquitto_ctrl SSH failed: ${err.message}`);
                 return res.status(500).json({
                     error: `mosquitto_ctrl failed on remote host: ${err.message}. Ensure mosquitto is installed on the remote broker host.`,
                 });
@@ -754,23 +818,32 @@ router.post('/wizard/bootstrap', async (req, res) => {
             // Read the remote mosquitto.conf, parse, and add the plugin line if missing.
             let remoteConfRaw = '';
             try {
+                _log?.debug(`broker: reading remote conf ${bc.ssh.host}:${confFilePath}`);
                 remoteConfRaw = await sshDeploy.readRemoteFile(bc.ssh, confFilePath);
-            } catch {
-                // File may not exist yet — start from an empty config
+                _log?.debug(`broker: remote conf read ok (${remoteConfRaw.length} bytes)`);
+            } catch (e) {
+                _log?.debug(`broker: remote conf read failed (${e.message}), starting from empty config`);
             }
             const parsed = mosquittoConf.parseText(remoteConfRaw);
             if (!parsed.managed.plugin || !String(parsed.managed.plugin).includes('mosquitto_dynamic_security')) {
                 parsed.managed.plugin = 'mosquitto_dynamic_security.so';
                 parsed.managed.plugin_opt_dynsec_config_file = dynSecPath;
                 const content = mosquittoConf.serialise(parsed);
+                _log?.debug(`broker: uploading updated conf to ${bc.ssh.host}:${confFilePath}`);
                 await sshDeploy.uploadContent(bc.ssh, content, confFilePath);
+                _log?.debug('broker: conf upload ok');
+            } else {
+                _log?.debug('broker: plugin line already present in remote conf, skipping upload');
             }
         } else {
             // Local mode: run mosquitto_ctrl on this host.
             fs.mkdirSync(configDir, { recursive: true });
+            _log?.debug(`broker: local mosquitto_ctrl dynsec init ${dynSecPath} ${username} ***`);
             try {
-                await execFileAsync('mosquitto_ctrl', ['dynsec', 'init', dynSecPath, username, password], { timeout: 10000 });
+                const r = await execFileAsync('mosquitto_ctrl', ['dynsec', 'init', dynSecPath, username, password], { timeout: 10000 });
+                _log?.debug(`broker: mosquitto_ctrl ok stdout=${r.stdout} stderr=${r.stderr}`);
             } catch (err) {
+                _log?.debug(`broker: local mosquitto_ctrl failed: ${err.message}`);
                 return res.status(500).json({
                     error: `mosquitto_ctrl failed: ${err.message}. Ensure mosquitto is installed on this host.`,
                 });
@@ -782,7 +855,11 @@ router.post('/wizard/bootstrap', async (req, res) => {
                 parsed.managed.plugin = 'mosquitto_dynamic_security.so';
                 parsed.managed.plugin_opt_dynsec_config_file = dynSecPath;
                 const content = mosquittoConf.serialise(parsed);
+                _log?.debug(`broker: writing updated local conf to ${confFilePath}`);
                 mosquittoConf.write(confFilePath, content);
+                _log?.debug('broker: local conf write ok');
+            } else {
+                _log?.debug('broker: plugin line already present in local conf, skipping write');
             }
         }