* Improve Docker container list UI

* Rework SSH tunnel forwarding

* Update macOS Electron packaging

* Optimize frontend bundle splitting

* Add beta version update status

* Add client tunnel preset management

* Secure cookie authentication flows

* Add client tunnel bridge support

* Preserve sessions on restart

* Update runtime to Node 24

* Add client remote tunnel support

* Fix stale frontend cache handling

* Fix Docker image platforms for Node 24

* Fix Electron packaging workflows

* Fix client auth cache after upgrades

* chore: cleanup files

* fix: npm i error

* Fix OIDC auth cookie readiness

* Fix Docker npm ci config

* Add react-is peer dependency

* Fix Electron auth and cache handling

* Improve terminal clipboard and refresh actions

* feat: add API keys

* feat: improve lazy loading with loading spinners

* feat: Introduce FolderTree component with lazy-loading and motion animations for improved file manager UX (#735)

* feat: integrate FolderTree component with lazy-loading for file manager sidebar

- Add motion animation library (v12.38.0) for smooth UI transitions
- Create new FolderTree component with advanced keyboard navigation support
- Refactor kbd component: introduce KbdKey and KbdSeparator subcomponents
- Implement lazy-loading strategy for directory tree in FileManagerSidebar
- Refactor FileManagerSidebar with improved code organization and better separation of concerns
- Update keyboard shortcut displays across CommandPalette, FileViewer, and Dashboard
- Change React/ReactDOM dependency flags from dev to devOptional in package-lock.json

BREAKING CHANGE: KbdGroup component has been replaced. Use <Kbd><KbdKey>...</KbdKey><KbdSeparator /></Kbd> instead.

- Improves UX with smooth animations and better folder navigation
- Reduces initial load time through lazy-loading subdirectories
- Enhances accessibility with ARIA labels and keyboard navigation
- Maintains dark mode support and proper styling

* fix: incorrect use of the theme system and linked file manger sidebar with current folder

---------

Co-authored-by: suryacagur <suryacagur.dev@gmail.com>
Co-authored-by: LukeGus <bugattiguy527@gmail.com>
Co-authored-by: Luke Gustafson <88517757+LukeGus@users.noreply.github.com>

* Enhance VNC token generation to include optional username parameter and refactor username input handling in HostGeneralTab (#733)

* Fix Docker build info generation

* Remove unused node-fetch dependency

* feat: prompt user for SSH key passphrase on use (#715)

When an encrypted SSH key has no stored passphrase, show a lightweight
dialog prompting the user to enter it at connection time instead of
failing with a parse error. Supports both desktop and mobile terminals.

Closes Termix-SSH/Support#354

* fix: prevent session crash when uploading to permission-denied directory (#716)

- Wrap writeFile sftp.stat callback in try-catch to prevent uncaught
  exceptions from escaping the callback into the event loop
- Add missing stream.stderr error handler in writeFile fallback to
  prevent unhandled error events from crashing the process
- Remove bogus activeOperations decrement in both writeFile and
  uploadFile fallback methods (counter was never incremented)
- Add res.headersSent checks in fallback disconnect paths to prevent
  ERR_HTTP_HEADERS_SENT crashes

Closes Termix-SSH/Support#652

* feat: add LOG_TIMESTAMP_FORMAT env var for 24h/ISO log timestamps (#718)

Support LOG_TIMESTAMP_FORMAT environment variable with values:
- "24h": 24-hour format (14:58:45)
- "iso": ISO 8601 format (2026-04-25T14:58:45.000Z)
- default: locale format (2:58:45 PM)

Closes Termix-SSH/Support#650

* feat: open file manager at terminal current working directory (#719)

* feat: open file manager at terminal current working directory

When right-clicking in the terminal and selecting "Open File Manager
Here", query the current working directory via a separate SSH exec
channel and pass it as the initial path to the file manager tab.

Closes Termix-SSH/Support#649

* chore: sync package-lock.json with node-fetch and deps

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix: remove undefined TerminalContextMenu from bad merge resolution

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---------

Co-authored-by: LukeGus <bugattiguy527@gmail.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Luke Gustafson <88517757+LukeGus@users.noreply.github.com>

* fix: show reconnect overlay when SSH server reboots (#720)

When the remote server reboots, the SSH connection closes while the
stream is still active. The close handler only sent the "disconnected"
message when sshStream was null, so the frontend never received the
disconnect notification and hung with a blinking cursor.

Change the else-if condition to always send the "disconnected" message
regardless of stream state.

Closes Termix-SSH/Support#648

* feat: support read-only Docker container mode (#721)

Move nginx runtime files (config, pid, logs, temp dirs) from /app/nginx/
to /tmp/nginx/ so the container can run with read_only: true. Template
files remain in /app/nginx/ as read-only assets.

Users can now harden the container with:
  read_only: true
  tmpfs:
    - /tmp

Closes Termix-SSH/Support#647

* fix: allow editing host folder without re-entering password (#722)

When editing an existing host, the password field is stripped by the
backend for security. The form validation treated the empty password
as invalid, disabling the Update Host button even for non-auth changes
like folder assignment.

Use an "existing_password" sentinel (mirroring the existing
"existing_key" pattern) to represent an unchanged password during
editing, skip validation for it, and omit it from the update payload.

Closes Termix-SSH/Support#645

* fix: auto-close tab on graceful SSH disconnect (exit/Ctrl+D) (#723)

Distinguish between graceful shell exit and unexpected disconnection
using the stream close event's exit code. When the shell exits normally
(code != null), send "session_ended" instead of "disconnected". The
frontend auto-closes the tab on session_ended, and shows the reconnect
overlay only on unexpected disconnections.

Closes Termix-SSH/Support#643

* fix: reattach existing SSH session on WebSocket reconnect (#724)

WebSocket reconnection was always creating a new SSH connection with
full authentication instead of reattaching to the existing SSH session.
The condition `!isReconnectingRef.current` prevented session reattach
during reconnection, causing repeated password auth attempts that
trigger SSHGuard/fail2ban blocking.

Remove the guard so reconnection tries to reattach the persisted
session first. If the session has expired, the backend sends
sessionExpired and the frontend falls back to a new connection.

Closes Termix-SSH/Support#644

* fix: prevent browser crash when uploading large files (>100MB) (#725)

The file-to-base64 conversion used a byte-by-byte string concatenation
loop (String.fromCharCode + btoa), which allocated ~3x the file size
in intermediate strings, causing the browser tab to OOM on files over
~100MB.

Replace with FileReader.readAsDataURL which delegates base64 encoding
to the browser engine natively, avoiding the intermediate allocations.

Closes Termix-SSH/Support#577

* fix: support SSH multi-factor auth with publickey + password (#726)

When sshd requires AuthenticationMethods publickey,password, the
connection failed because the key auth branch only set privateKey
without also setting password. After publickey partial auth succeeded,
ssh2 sent keyboard-interactive (due to tryKeyboard:true) instead of
password, which the server rejected.

Pass the credential password alongside the private key so ssh2 can
complete the password step after publickey succeeds.

Closes Termix-SSH/Support#629

* feat(oidc): add OIDC_ALLOW_REGISTRATION env to bypass allow_registration for OIDC (#727)

The `allow_registration` setting blocks both password-based and OIDC user
creation. Admins who want to close password registration but still onboard
new users via a trusted IdP (with the existing `OIDC_ALLOWED_USERS` whitelist)
have no way to do that today.

Introduce an `OIDC_ALLOW_REGISTRATION` env var. When set to `true`, the OIDC
callback skips the `allow_registration` settings check while still honoring
the `OIDC_ALLOWED_USERS` whitelist. Password registration via `POST
/users/create` continues to respect `allow_registration`.

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* perf: lazy load locales, file previews, and decouple startup imports (#729)

* perf: lazy load locale bundles

* perf: lazy load file preview modules

* perf: avoid eager api client load on startup

* chore: remove dead code, tighten types, fix lint warnings (#730)

* chore: clean up low-risk lint warnings

* chore: tighten utility types

* chore: preserve backend error causes

* chore: simplify command palette host state

* chore: remove unused frontend code

* chore: prune stale frontend state

* chore: trim unused navigation code

* chore: prune unused user settings props

* chore: trim unused sidebar state

* chore: remove stale host editor imports

* chore: tighten shared frontend types

* chore: narrow desktop helper types

* chore: type network topology data

* chore: type connection log errors

* chore: use typed tab context

* chore: type api client error metadata

* chore: tighten terminal config types

* chore: type host proxy chains

* chore: type host editor form data

* chore: use typed host viewer fields

* chore: format app builder patch script

* Fix client auth cache after upgrades

* chore: fix pr checks after dev merge

* fix: remove duplicate session-expired useEffect in FullScreenAppWrapper

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Xenthys <x@dis.gg>
Co-authored-by: LukeGus <bugattiguy527@gmail.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix: npm package warnings

* feat: reconnect after file manager disconnects

* feat: add docs button in api keys

* feat: change colors for server tunnels

* fix: fetch password from API for Copy Password button (#736)

* chore: update readme's

* feat: improve c2s UI in user profile

* feat: improve ssh key detection and move open file manager at path for terminal button

* fix: restore missing getHostPassword import in Tab.tsx (#737)

* fix: security related fixes

* feat: improve alert code

* Fix Electron clipboard handling

* fix: untranslated alert text

---------

Co-authored-by: Xenthys <x@dis.gg>
Co-authored-by: PT Kelana Tech Solutions <ptkelanatechsolutions@gmail.com>
Co-authored-by: suryacagur <suryacagur.dev@gmail.com>
Co-authored-by: zimmra <28514085+zimmra@users.noreply.github.com>
Co-authored-by: ZacharyZcR <zacharyzcr1984@gmail.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Fuad <funtik1229@yandex.ru>
This commit is contained in:
Luke Gustafson
2026-05-06 15:12:07 -05:00
committed by GitHub
parent af9fc95b0e
commit 2768f11dfc
181 changed files with 15785 additions and 11276 deletions
+364 -174
View File
@@ -1,6 +1,7 @@
import axios, { AxiosError, type AxiosInstance } from "axios";
import { toast } from "sonner";
import { getBasePath } from "@/lib/base-path";
import { isElectron } from "@/lib/electron";
import { clearTermixSessionStorage } from "@/ui/desktop/navigation/tabs/TabContext";
import type {
SSHHost,
@@ -8,6 +9,8 @@ import type {
SSHFolder,
TunnelConfig,
TunnelStatus,
TunnelConnection,
C2STunnelPreset,
FileManagerFile,
FileManagerShortcut,
DockerContainer,
@@ -86,6 +89,27 @@ export type SSHHostWithStatus = SSHHost & {
status: "online" | "offline" | "unknown";
};
type ApiConnectionLog = {
type: "info" | "success" | "warning" | "error";
stage: string;
message: string;
details?: Record<string, unknown>;
};
type ConnectErrorResponse = {
error?: string;
message?: string;
connectionLogs?: ApiConnectionLog[];
requires_totp?: boolean;
requires_warpgate?: boolean;
sessionId?: string;
prompt?: string;
url?: string;
securityKey?: string;
status?: string;
reason?: string;
};
interface CpuMetrics {
percent: number | null;
cores: number | null;
@@ -113,7 +137,6 @@ export type ServerMetrics = {
};
interface AuthResponse {
token: string;
success?: boolean;
is_admin?: boolean;
username?: string;
@@ -144,18 +167,24 @@ interface OIDCAuthorize {
auth_url: string;
}
type ElectronApi = {
isElectron?: boolean;
getSetting?: (key: string) => Promise<string | null | undefined>;
setSetting?: (key: string, value: string) => Promise<void>;
};
type ElectronWindow = Window &
typeof globalThis & {
IS_ELECTRON?: boolean;
electronAPI?: ElectronApi;
ReactNativeWebView?: unknown;
};
// ============================================================================
// UTILITY FUNCTIONS
// ============================================================================
export function isElectron(): boolean {
const win = window as any;
const hasISElectron = win.IS_ELECTRON === true;
const hasElectronAPI = !!win.electronAPI;
const isElectronProp = win.electronAPI?.isElectron === true;
return hasISElectron || hasElectronAPI || isElectronProp;
}
export { isElectron };
function getLoggerForService(serviceName: string) {
if (serviceName.includes("SSH") || serviceName.includes("ssh")) {
@@ -183,10 +212,10 @@ const electronSettingsCache = new Map<string, string>();
if (isElectron()) {
(async () => {
try {
const electronAPI = (window as any).electronAPI;
const electronAPI = (window as ElectronWindow).electronAPI;
if (electronAPI?.getSetting) {
const settingsToLoad = ["rightClickCopyPaste", "jwt"];
const settingsToLoad = ["rightClickCopyPaste"];
for (const key of settingsToLoad) {
const value = await electronAPI.getSetting(key);
if (value !== null && value !== undefined) {
@@ -208,27 +237,28 @@ if (isElectron()) {
})();
}
export function setCookie(name: string, value: string, days = 7): void {
export function setCookie(
name: string,
value: string,
days = 7,
): void | Promise<void> {
if (isElectron()) {
try {
electronSettingsCache.set(name, value);
if (name === "jwt") {
return;
}
localStorage.setItem(name, value);
const electronAPI = (
window as Window &
typeof globalThis & {
electronAPI?: any;
}
).electronAPI;
const electronAPI = (window as ElectronWindow).electronAPI;
if (electronAPI?.setSetting) {
electronSettingsCache.set(name, value);
localStorage.setItem(name, value);
electronAPI.setSetting(name, value).catch((err: Error) => {
console.error(`[Electron] Failed to persist setting ${name}:`, err);
});
}
console.log(`[Electron] Set setting: ${name} = ${value}`);
console.log(`[Electron] Set setting: ${name}`);
} catch (error) {
console.error(`[Electron] Failed to set setting: ${name}`, error);
}
@@ -241,6 +271,10 @@ export function setCookie(name: string, value: string, days = 7): void {
export function getCookie(name: string): string | undefined {
if (isElectron()) {
try {
if (name === "jwt") {
return undefined;
}
if (electronSettingsCache.has(name)) {
return electronSettingsCache.get(name);
}
@@ -266,6 +300,44 @@ export function getCookie(name: string): string | undefined {
}
let userWasAuthenticated = false;
let latestAuthSuccessAt = 0;
function markUserAuthenticated(): void {
userWasAuthenticated = true;
latestAuthSuccessAt =
typeof performance !== "undefined" ? performance.now() : Date.now();
}
export function isCurrentAuthInvalidationError(error: unknown): boolean {
const authError = error as {
__staleAuthInvalidation?: boolean;
};
if (authError.__staleAuthInvalidation) {
return false;
}
const axiosError = error as AxiosError;
const apiError = error as ApiError;
const responseData = axiosError.response?.data as
| Record<string, unknown>
| undefined;
const errorCode = responseData?.code || apiError.code;
const errorMessage = responseData?.error || apiError.message;
const status = axiosError.response?.status || apiError.status;
const isMissingAuthenticationToken =
errorMessage === "Missing authentication token";
return (
status === 401 &&
(errorCode === "SESSION_EXPIRED" ||
errorCode === "SESSION_NOT_FOUND" ||
(errorCode === "AUTH_REQUIRED" && userWasAuthenticated) ||
errorMessage === "Invalid token" ||
(errorMessage === "Authentication required" && userWasAuthenticated) ||
(isMissingAuthenticationToken && userWasAuthenticated))
);
}
function createApiInstance(
baseURL: string,
@@ -282,8 +354,9 @@ function createApiInstance(
const startTime = performance.now();
const requestId = `req_${Date.now()}_${Math.random().toString(36).substr(2, 9)}`;
(config as any).startTime = startTime;
(config as any).requestId = requestId;
const configWithMetadata = config as AxiosRequestConfigExtended;
configWithMetadata.startTime = startTime;
configWithMetadata.requestId = requestId;
const method = config.method?.toUpperCase() || "UNKNOWN";
const url = config.url || "UNKNOWN";
@@ -298,7 +371,6 @@ function createApiInstance(
const logger = getLoggerForService(serviceName);
const requestBaseURL = config.baseURL || "";
const isDevMode = process.env.NODE_ENV === "development";
if (isDevMode) {
@@ -311,19 +383,12 @@ function createApiInstance(
} else {
config.headers["X-Electron-App"] = "true";
}
const token = localStorage.getItem("jwt");
if (token) {
if (config.headers.set) {
config.headers.set("Authorization", `Bearer ${token}`);
} else {
config.headers["Authorization"] = `Bearer ${token}`;
}
userWasAuthenticated = true;
}
}
if (typeof window !== "undefined" && (window as any).ReactNativeWebView) {
if (
typeof window !== "undefined" &&
(window as ElectronWindow).ReactNativeWebView
) {
let platform = "Unknown";
if (typeof navigator !== "undefined" && navigator.userAgent) {
if (navigator.userAgent.includes("Android")) {
@@ -343,46 +408,15 @@ function createApiInstance(
}
}
if (!isElectron()) {
const tokenCookie = document.cookie
.split("; ")
.find((row) => row.startsWith("jwt="));
if (tokenCookie) {
const tokenValue = tokenCookie.split("=")[1];
if (tokenValue) {
// Always add Authorization header as fallback if token is present,
// especially important for cross-origin requests where cookies might be blocked
const decodedToken = decodeURIComponent(tokenValue);
if (config.headers.set) {
config.headers.set("Authorization", `Bearer ${decodedToken}`);
} else {
config.headers["Authorization"] = `Bearer ${decodedToken}`;
}
userWasAuthenticated = true;
}
} else {
// Check localStorage as fallback even in browser mode
const localToken = localStorage.getItem("jwt");
if (localToken) {
if (config.headers.set) {
config.headers.set("Authorization", `Bearer ${localToken}`);
} else {
config.headers["Authorization"] = `Bearer ${localToken}`;
}
userWasAuthenticated = true;
}
}
}
return config;
});
instance.interceptors.response.use(
(response: AxiosResponse) => {
const endTime = performance.now();
const startTime = (response.config as any).startTime;
const requestId = (response.config as any).requestId;
const responseConfig = response.config as AxiosRequestConfigExtended;
const startTime = responseConfig.startTime;
const requestId = responseConfig.requestId;
const responseTime = Math.round(endTime - (startTime || endTime));
const method = response.config.method?.toUpperCase() || "UNKNOWN";
@@ -452,7 +486,7 @@ function createApiInstance(
const logger = getLoggerForService(serviceName);
// A caller can mark a request as a silent retry (see progressive /status
// retry) so we don't spam error logs / health events on each attempt.
const isSilentRetry = !!(error.config as any)?.__silentRetry;
const isSilentRetry = !!error.config?.__silentRetry;
if (process.env.NODE_ENV === "development" && !isSilentRetry) {
if (status === 401) {
@@ -478,36 +512,34 @@ function createApiInstance(
?.error;
const isSessionExpired = errorCode === "SESSION_EXPIRED";
const isSessionNotFound = errorCode === "SESSION_NOT_FOUND";
const isMissingAuthenticationToken =
errorMessage === "Missing authentication token";
const isInvalidToken =
errorCode === "AUTH_REQUIRED" ||
errorMessage === "Invalid token" ||
errorMessage === "Authentication required" ||
errorMessage === "Missing authentication token";
(isMissingAuthenticationToken && userWasAuthenticated);
const headers = error.config?.headers;
let hasAuthHeader = false;
if (headers) {
if (typeof headers.get === "function") {
hasAuthHeader = !!(
headers.get("Authorization") || headers.get("authorization")
);
} else {
hasAuthHeader = !!(
headers["Authorization"] || headers["authorization"]
);
if (isSessionExpired || isSessionNotFound || isInvalidToken) {
const requestStartedAt =
typeof error.config?.startTime === "number"
? error.config.startTime
: 0;
const isStaleAuthInvalidation =
latestAuthSuccessAt > 0 &&
requestStartedAt > 0 &&
requestStartedAt < latestAuthSuccessAt;
if (isStaleAuthInvalidation) {
(
error as { __staleAuthInvalidation?: boolean }
).__staleAuthInvalidation = true;
return Promise.reject(error);
}
}
if (
(isSessionExpired || isSessionNotFound || isInvalidToken) &&
hasAuthHeader
) {
const wasAuthenticated = userWasAuthenticated;
localStorage.removeItem("jwt");
if (isElectron()) {
electronSettingsCache.delete("jwt");
const electronAPI = (
window as unknown as {
electronAPI?: { clearSessionCookies?: () => Promise<void> };
@@ -526,14 +558,12 @@ function createApiInstance(
toast.warning("Session expired. Please log in again.");
}
if (wasAuthenticated) {
dbHealthMonitor.reportSessionExpired();
}
dbHealthMonitor.reportSessionExpired();
userWasAuthenticated = false;
}
} else if (!isSilentRetry) {
const wasAuthenticated = !!localStorage.getItem("jwt");
const wasAuthenticated = userWasAuthenticated;
dbHealthMonitor.reportDatabaseError(error, wasAuthenticated);
}
@@ -575,10 +605,7 @@ export interface ServerConfig {
interface AxiosRequestConfigExtended extends AxiosRequestConfig {
startTime?: number;
requestId?: string;
}
interface AxiosResponseExtended extends AxiosResponse {
config: AxiosRequestConfigExtended;
__silentRetry?: boolean;
}
interface AxiosErrorExtended extends AxiosError {
@@ -643,10 +670,7 @@ export function getConfiguredServerUrl(): string | null {
interface AxiosRequestConfigExtended extends AxiosRequestConfig {
startTime?: number;
requestId?: string;
}
interface AxiosResponseExtended extends AxiosResponse {
config: AxiosRequestConfigExtended;
__silentRetry?: boolean;
}
interface AxiosErrorExtended extends AxiosError {
@@ -677,7 +701,7 @@ export async function testServerConnection(
export async function checkElectronUpdate(): Promise<{
success: boolean;
status?: "up_to_date" | "requires_update";
status?: "up_to_date" | "requires_update" | "beta";
localVersion?: string;
remoteVersion?: string;
latest_release?: {
@@ -949,7 +973,7 @@ function handleApiError(error: unknown, operation: string): never {
? message
: "Authentication required. Please log in again.";
throw new ApiError(errorMessage, 401, "AUTH_REQUIRED");
throw new ApiError(errorMessage, 401, code || "AUTH_REQUIRED");
} else if (status === 403) {
authLogger.warn(`Access denied: ${method} ${url}`, errorContext);
const apiError = new ApiError(
@@ -1424,6 +1448,30 @@ export async function getTunnelStatuses(): Promise<
}
}
export function subscribeTunnelStatuses(
onStatuses: (statuses: Record<string, TunnelStatus>) => void,
onError?: () => void,
): () => void {
const baseURL = (tunnelApi.defaults.baseURL || "").replace(/\/$/, "");
const source = new EventSource(`${baseURL}/tunnel/status/stream`, {
withCredentials: true,
});
source.addEventListener("statuses", (event) => {
try {
onStatuses(JSON.parse(event.data) as Record<string, TunnelStatus>);
} catch {
onError?.();
}
});
source.onerror = () => {
onError?.();
};
return () => source.close();
}
export async function getTunnelStatusByName(
tunnelName: string,
): Promise<TunnelStatus | undefined> {
@@ -1464,6 +1512,60 @@ export async function cancelTunnel(
}
}
export async function getC2STunnelPresets(): Promise<C2STunnelPreset[]> {
try {
const response = await authApi.get("/c2s-tunnel-presets");
return response.data || [];
} catch (error) {
if (axios.isAxiosError(error) && error.response?.status === 404) {
return [];
}
handleApiError(error, "fetch client tunnel presets");
}
}
export async function createC2STunnelPreset(data: {
name: string;
config: TunnelConnection[];
platform?: string;
computerName?: string;
}): Promise<C2STunnelPreset> {
try {
const response = await authApi.post("/c2s-tunnel-presets", data);
return response.data;
} catch (error) {
handleApiError(error, "create client tunnel preset");
}
}
export async function updateC2STunnelPreset(
id: number,
data: Partial<{
name: string;
config: TunnelConnection[];
platform: string;
computerName: string;
}>,
): Promise<C2STunnelPreset> {
try {
const response = await authApi.put(`/c2s-tunnel-presets/${id}`, data);
return response.data;
} catch (error) {
handleApiError(error, "update client tunnel preset");
}
}
export async function deleteC2STunnelPreset(
id: number,
): Promise<Record<string, unknown>> {
try {
const response = await authApi.delete(`/c2s-tunnel-presets/${id}`);
return response.data;
} catch (error) {
handleApiError(error, "delete client tunnel preset");
}
}
// ============================================================================
// FILE MANAGER METADATA (Recent, Pinned, Shortcuts)
// ============================================================================
@@ -1603,7 +1705,7 @@ export async function connectSSH(
socks5Username?: string;
socks5Password?: string;
socks5ProxyChain?: unknown;
jumpHosts?: any[];
jumpHosts?: Array<{ hostId: number }>;
},
): Promise<Record<string, unknown>> {
try {
@@ -1612,29 +1714,38 @@ export async function connectSSH(
...config,
});
return response.data;
} catch (error: any) {
if (error?.response?.data?.connectionLogs) {
} catch (error: unknown) {
if (
axios.isAxiosError<ConnectErrorResponse>(error) &&
error.response?.data?.connectionLogs
) {
const data = error.response.data;
const errorWithLogs = new Error(
error?.response?.data?.error ||
error?.response?.data?.message ||
error.message,
data.error || data.message || error.message,
);
(errorWithLogs as any).connectionLogs =
error.response.data.connectionLogs;
if (error.response.data.requires_totp) {
(errorWithLogs as any).requires_totp = true;
(errorWithLogs as any).sessionId = error.response.data.sessionId;
(errorWithLogs as any).prompt = error.response.data.prompt;
Object.assign(errorWithLogs, {
connectionLogs: data.connectionLogs,
});
if (data.requires_totp) {
Object.assign(errorWithLogs, {
requires_totp: true,
sessionId: data.sessionId,
prompt: data.prompt,
});
}
if (error.response.data.requires_warpgate) {
(errorWithLogs as any).requires_warpgate = true;
(errorWithLogs as any).sessionId = error.response.data.sessionId;
(errorWithLogs as any).url = error.response.data.url;
(errorWithLogs as any).securityKey = error.response.data.securityKey;
if (data.requires_warpgate) {
Object.assign(errorWithLogs, {
requires_warpgate: true,
sessionId: data.sessionId,
url: data.url,
securityKey: data.securityKey,
});
}
if (error.response.data.status === "auth_required") {
(errorWithLogs as any).status = "auth_required";
(errorWithLogs as any).reason = error.response.data.reason;
if (data.status === "auth_required") {
Object.assign(errorWithLogs, {
status: "auth_required",
reason: data.reason,
});
}
throw errorWithLogs;
}
@@ -2493,18 +2604,23 @@ export async function startMetricsPolling(hostId: number): Promise<{
sessionId?: string;
prompt?: string;
viewerSessionId?: string;
connectionLogs?: any[];
connectionLogs?: ApiConnectionLog[];
}> {
try {
const response = await statsApi.post(`/metrics/start/${hostId}`);
return response.data;
} catch (error: any) {
if (error?.response?.data?.connectionLogs) {
} catch (error: unknown) {
if (
axios.isAxiosError<ConnectErrorResponse>(error) &&
error.response?.data?.connectionLogs
) {
const data = error.response.data;
const errorWithLogs = new Error(
error?.response?.data?.error || error.message,
data.error || data.message || error.message,
);
(errorWithLogs as any).connectionLogs =
error.response.data.connectionLogs;
Object.assign(errorWithLogs, {
connectionLogs: data.connectionLogs,
});
throw errorWithLogs;
}
handleApiError(error, "start metrics polling");
@@ -2733,23 +2849,14 @@ export async function loginUser(
rememberMe,
});
const hasToken = response.data.token;
if (isElectron() && hasToken) {
localStorage.setItem("jwt", response.data.token);
}
const isInIframe =
typeof window !== "undefined" && window.self !== window.top;
if (isInIframe && isElectron() && hasToken) {
localStorage.setItem("jwt", response.data.token);
if (isInIframe && isElectron() && response.data.success) {
try {
window.parent.postMessage(
{
type: "AUTH_SUCCESS",
token: response.data.token,
source: "login_api",
platform: "desktop",
timestamp: Date.now(),
@@ -2761,8 +2868,11 @@ export async function loginUser(
}
}
if (response.data.success && !response.data.requires_totp) {
markUserAuthenticated();
}
return {
token: response.data.token || "cookie-based",
success: response.data.success,
is_admin: response.data.is_admin,
username: response.data.username,
@@ -2788,8 +2898,6 @@ export async function logoutUser(): Promise<{
clearTermixSessionStorage();
if (isElectron()) {
localStorage.removeItem("jwt");
electronSettingsCache.delete("jwt");
const electronAPI = (
window as unknown as {
electronAPI?: { clearSessionCookies?: () => Promise<void> };
@@ -2799,8 +2907,8 @@ export async function logoutUser(): Promise<{
} else {
const isSecure = window.location.protocol === "https:";
const cookieString = isSecure
? "jwt=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/; Secure; SameSite=Strict"
: "jwt=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/; SameSite=Strict";
? "jwt=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/; Secure; SameSite=Lax"
: "jwt=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/; SameSite=Lax";
document.cookie = cookieString;
}
@@ -2809,8 +2917,6 @@ export async function logoutUser(): Promise<{
clearTermixSessionStorage();
if (isElectron()) {
localStorage.removeItem("jwt");
electronSettingsCache.delete("jwt");
const electronAPI = (
window as unknown as {
electronAPI?: { clearSessionCookies?: () => Promise<void> };
@@ -2820,8 +2926,8 @@ export async function logoutUser(): Promise<{
} else {
const isSecure = window.location.protocol === "https:";
const cookieString = isSecure
? "jwt=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/; Secure; SameSite=Strict"
: "jwt=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/; SameSite=Strict";
? "jwt=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/; Secure; SameSite=Lax"
: "jwt=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/; SameSite=Lax";
document.cookie = cookieString;
}
handleApiError(error, "logout user");
@@ -2831,6 +2937,7 @@ export async function logoutUser(): Promise<{
export async function getUserInfo(): Promise<UserInfo> {
try {
const response = await authApi.get("/users/me");
markUserAuthenticated();
return response.data;
} catch (error) {
handleApiError(error, "fetch user info");
@@ -2997,8 +3104,8 @@ export async function getSessions(): Promise<{
createdAt: string;
expiresAt: string;
lastActiveAt: string;
jwtToken: string;
isRevoked?: boolean;
isCurrentSession?: boolean;
}[];
}> {
try {
@@ -3034,6 +3141,59 @@ export async function revokeAllUserSessions(
}
}
export interface ApiKey {
id: string;
name: string;
userId: string;
username: string | null;
tokenPrefix: string;
createdAt: string;
expiresAt: string | null;
lastUsedAt: string | null;
isActive: boolean;
}
export interface CreatedApiKey extends ApiKey {
token: string;
}
export async function createApiKey(
name: string,
userId: string,
expiresAt?: string,
): Promise<CreatedApiKey> {
try {
const response = await authApi.post("/users/api-keys", {
name,
userId,
expiresAt: expiresAt ?? null,
});
return response.data;
} catch (error) {
handleApiError(error, "create API key");
}
}
export async function getApiKeys(): Promise<{ apiKeys: ApiKey[] }> {
try {
const response = await authApi.get("/users/api-keys");
return response.data;
} catch (error) {
handleApiError(error, "fetch API keys");
}
}
export async function deleteApiKey(
keyId: string,
): Promise<{ success: boolean }> {
try {
const response = await authApi.delete(`/users/api-keys/${keyId}`);
return response.data;
} catch (error) {
handleApiError(error, "delete API key");
}
}
export async function makeUserAdmin(
userId: string,
): Promise<Record<string, unknown>> {
@@ -3207,23 +3367,14 @@ export async function verifyTOTPLogin(
rememberMe,
});
const hasToken = response.data.token;
if (isElectron() && hasToken) {
localStorage.setItem("jwt", response.data.token);
}
const isInIframe =
typeof window !== "undefined" && window.self !== window.top;
if (isInIframe && isElectron() && hasToken) {
localStorage.setItem("jwt", response.data.token);
if (isInIframe && isElectron() && response.data.success) {
try {
window.parent.postMessage(
{
type: "AUTH_SUCCESS",
token: response.data.token,
source: "totp_verify",
platform: "desktop",
timestamp: Date.now(),
@@ -3235,6 +3386,10 @@ export async function verifyTOTPLogin(
}
}
if (response.data.success) {
markUserAuthenticated();
}
return response.data;
} catch (error) {
handleApiError(error as AxiosError, "verify TOTP login");
@@ -3266,6 +3421,7 @@ export async function getUserAlerts(): Promise<{
return response.data;
} catch (error) {
handleApiError(error, "fetch user alerts");
throw error;
}
}
@@ -3277,6 +3433,7 @@ export async function dismissAlert(
return response.data;
} catch (error) {
handleApiError(error, "dismiss alert");
throw error;
}
}
@@ -3757,9 +3914,30 @@ export async function executeSnippet(
// MISCELLANEOUS API CALLS
// ============================================================================
export interface NetworkTopologyNode {
data: {
id: string;
label?: string;
ip?: string;
status?: string;
tags?: string[];
parent?: string;
color?: string;
};
position?: { x: number; y: number };
}
export interface NetworkTopologyEdge {
data: {
id?: string;
source: string;
target: string;
};
}
export interface NetworkTopologyData {
nodes: any[];
edges: any[];
nodes: NetworkTopologyNode[];
edges: NetworkTopologyEdge[];
}
export async function getNetworkTopology(): Promise<NetworkTopologyData | null> {
@@ -4485,7 +4663,7 @@ export async function connectDockerSession(
isPassword?: boolean;
status?: string;
reason?: string;
connectionLogs?: any[];
connectionLogs?: ApiConnectionLog[];
requires_warpgate?: boolean;
url?: string;
securityKey?: string;
@@ -4497,24 +4675,36 @@ export async function connectDockerSession(
...config,
});
return response.data;
} catch (error: any) {
if (error.response?.data?.status === "auth_required") {
} catch (error: unknown) {
if (
axios.isAxiosError<ConnectErrorResponse>(error) &&
error.response?.data?.status === "auth_required"
) {
return error.response.data;
}
if (error.response?.data?.requires_totp) {
if (
axios.isAxiosError<ConnectErrorResponse>(error) &&
error.response?.data?.requires_totp
) {
return error.response.data;
}
if (error.response?.data?.requires_warpgate) {
if (
axios.isAxiosError<ConnectErrorResponse>(error) &&
error.response?.data?.requires_warpgate
) {
return error.response.data;
}
if (error?.response?.data?.connectionLogs) {
if (
axios.isAxiosError<ConnectErrorResponse>(error) &&
error.response?.data?.connectionLogs
) {
const data = error.response.data;
const errorWithLogs = new Error(
error?.response?.data?.error ||
error?.response?.data?.message ||
error.message,
data.error || data.message || error.message,
);
(errorWithLogs as any).connectionLogs =
error.response.data.connectionLogs;
Object.assign(errorWithLogs, {
connectionLogs: data.connectionLogs,
});
throw errorWithLogs;
}
throw handleApiError(error, "connect to Docker SSH session");