Merge commit from fork

This commit is contained in:
ZacharyZcR
2026-07-15 14:57:40 +08:00
committed by GitHub
parent e1d1a3e53d
commit 9d336bf9df
3 changed files with 38 additions and 13 deletions
+11 -2
View File
@@ -362,7 +362,9 @@ router.delete(
return res.status(403).json({ error: "Not host owner" });
}
await db.delete(hostAccess).where(eq(hostAccess.id, accessId));
await db
.delete(hostAccess)
.where(and(eq(hostAccess.id, accessId), eq(hostAccess.hostId, hostId)));
databaseLogger.info("Permission revoked", {
operation: "rbac_permission_revoke",
adminId: userId,
@@ -1369,7 +1371,14 @@ router.delete(
return res.status(403).json({ error: "Not snippet owner" });
}
await db.delete(snippetAccess).where(eq(snippetAccess.id, accessId));
await db
.delete(snippetAccess)
.where(
and(
eq(snippetAccess.id, accessId),
eq(snippetAccess.snippetId, snippetId),
),
);
res.json({ success: true, message: "Snippet access revoked" });
} catch (error) {
+15 -10
View File
@@ -9,6 +9,7 @@ const sshLogger = logger;
type DockerSession = {
isConnected: boolean;
userId?: string;
lastActive: number;
activeOperations: number;
hostId?: number;
@@ -46,6 +47,10 @@ export function registerDockerContainerRoutes(
): void {
const getRuntime = (session: DockerSession) =>
session.containerRuntime ?? "docker";
const getOwnedSession = (sessionId: string, userId: string) => {
const session = sshSessions[sessionId];
return session?.userId === userId ? session : undefined;
};
/**
* @openapi
@@ -89,7 +94,7 @@ export function registerDockerContainerRoutes(
});
}
const session = sshSessions[sessionId];
const session = getOwnedSession(sessionId, userId);
if (!session || !session.isConnected) {
return res.status(400).json({
@@ -189,7 +194,7 @@ export function registerDockerContainerRoutes(
return res.status(401).json({ error: "Authentication required" });
}
const session = sshSessions[sessionId];
const session = getOwnedSession(sessionId, userId);
if (!session || !session.isConnected) {
return res.status(400).json({
@@ -287,7 +292,7 @@ export function registerDockerContainerRoutes(
return res.status(401).json({ error: "Authentication required" });
}
const session = sshSessions[sessionId];
const session = getOwnedSession(sessionId, userId);
if (!session || !session.isConnected) {
return res.status(400).json({
@@ -387,7 +392,7 @@ export function registerDockerContainerRoutes(
return res.status(401).json({ error: "Authentication required" });
}
const session = sshSessions[sessionId];
const session = getOwnedSession(sessionId, userId);
if (!session || !session.isConnected) {
return res.status(400).json({
@@ -487,7 +492,7 @@ export function registerDockerContainerRoutes(
return res.status(401).json({ error: "Authentication required" });
}
const session = sshSessions[sessionId];
const session = getOwnedSession(sessionId, userId);
if (!session || !session.isConnected) {
return res.status(400).json({
@@ -587,7 +592,7 @@ export function registerDockerContainerRoutes(
return res.status(401).json({ error: "Authentication required" });
}
const session = sshSessions[sessionId];
const session = getOwnedSession(sessionId, userId);
if (!session || !session.isConnected) {
return res.status(400).json({
@@ -687,7 +692,7 @@ export function registerDockerContainerRoutes(
return res.status(401).json({ error: "Authentication required" });
}
const session = sshSessions[sessionId];
const session = getOwnedSession(sessionId, userId);
if (!session || !session.isConnected) {
return res.status(400).json({
@@ -792,7 +797,7 @@ export function registerDockerContainerRoutes(
return res.status(401).json({ error: "Authentication required" });
}
const session = sshSessions[sessionId];
const session = getOwnedSession(sessionId, userId);
if (!session || !session.isConnected) {
return res.status(400).json({
@@ -925,7 +930,7 @@ export function registerDockerContainerRoutes(
return res.status(401).json({ error: "Authentication required" });
}
const session = sshSessions[sessionId];
const session = getOwnedSession(sessionId, userId);
if (!session || !session.isConnected) {
return res.status(400).json({
@@ -1040,7 +1045,7 @@ export function registerDockerContainerRoutes(
return res.status(401).json({ error: "Authentication required" });
}
const session = sshSessions[sessionId];
const session = getOwnedSession(sessionId, userId);
if (!session || !session.isConnected) {
return res.status(400).json({
+12 -1
View File
@@ -2138,12 +2138,19 @@ app.post("/docker/ssh/keepalive", async (req, res) => {
*/
app.get("/docker/ssh/status", async (req, res) => {
const sessionId = req.query.sessionId as string;
const userId = getRequestUserId(req);
if (!sessionId) {
return res.status(400).json({ error: "Session ID is required" });
}
const isConnected = !!sshSessions[sessionId]?.isConnected;
if (!userId) {
return res.status(401).json({ error: "Authentication required" });
}
const session = sshSessions[sessionId];
const isConnected =
session?.userId === userId && session.isConnected === true;
res.json({ success: true, connected: isConnected });
});
@@ -2193,6 +2200,10 @@ app.get("/docker/validate/:sessionId", async (req, res) => {
});
}
if (session.userId !== userId) {
return res.status(403).json({ error: "Session access denied" });
}
session.lastActive = Date.now();
session.activeOperations++;