Merge commit from fork

This commit is contained in:
ZacharyZcR
2026-07-15 14:31:44 +08:00
committed by GitHub
parent 9ed77d42d4
commit 3d42a2c09c
+29 -4
View File
@@ -2056,22 +2056,47 @@ app.post(
); );
} }
} else { } else {
if (!endpointHost.id) {
throw new Error("Endpoint host not found");
}
const endpointAccess = await permissionManager.canAccessHost(
userId,
endpointHost.id,
"read",
);
if (!endpointAccess.hasAccess) {
tunnelLogger.warn(
"User attempted tunnel connect without endpoint access",
{
operation: "tunnel_connect_endpoint_unauthorized",
userId,
hostId: endpointHost.id,
tunnelName,
},
);
throw new Error("Endpoint host not found");
}
tunnelConfig.endpointIP = endpointHost.ip; tunnelConfig.endpointIP = endpointHost.ip;
tunnelConfig.endpointSSHPort = endpointHost.port; tunnelConfig.endpointSSHPort = endpointHost.port;
tunnelConfig.endpointUsername = endpointHost.username; tunnelConfig.endpointUsername = endpointHost.username;
tunnelConfig.endpointAuthMethod = endpointHost.authType; tunnelConfig.endpointAuthMethod = endpointHost.authType;
tunnelConfig.endpointKeyType = endpointHost.keyType; tunnelConfig.endpointKeyType = endpointHost.keyType;
tunnelConfig.endpointCredentialId = endpointHost.credentialId; tunnelConfig.endpointCredentialId =
tunnelConfig.endpointUserId = endpointHost.userId; endpointHost.userId === userId
? endpointHost.credentialId
: undefined;
tunnelConfig.endpointUserId = userId;
// Resolve credentials server-side instead of from HTTP response // Resolve credentials server-side instead of from HTTP response
if (endpointHost.id && endpointHost.userId) { if (endpointHost.id) {
try { try {
const { resolveHostById } = const { resolveHostById } =
await import("./host-resolver.js"); await import("./host-resolver.js");
const resolved = await resolveHostById( const resolved = await resolveHostById(
endpointHost.id, endpointHost.id,
endpointHost.userId, userId,
); );
if (resolved) { if (resolved) {
tunnelConfig.endpointPassword = resolved.password; tunnelConfig.endpointPassword = resolved.password;