v1.10.0 (#471)

* fix select edit host but not update view (#438) * fix: Checksum issue with chocolatey * fix: Remove homebrew old stuff * Add Korean translation (#439) Co-authored-by: 송준우 <2484@coreit.co.kr> * feat: Automate flatpak * fix: Add imagemagik to electron builder to resolve build error * fix: Build error with runtime repo flag * fix: Flatpak runtime error and install freedesktop ver warning * fix: Flatpak runtime error and install freedesktop ver warning * feat: Re-add homebrew cask and move scripts to backend * fix: No sandbox flag issue * fix: Change name for electron macos cask output * fix: Sandbox error with Linux * fix: Remove comming soon for app stores in readme * Adding Comment at the end of the public_key on the host on deploy (#440) * Add termix.rb Cask file * Update Termix to version 1.9.0 with new checksum * Update README to remove 'coming soon' notes * -Add New Interface for Credential DB -Add Credential Name as a comment into the server authorized_key file --------- Co-authored-by: Luke Gustafson <88517757+LukeGus@users.noreply.github.com> * Sudo auto fill password (#441) * Add termix.rb Cask file * Update Termix to version 1.9.0 with new checksum * Update README to remove 'coming soon' notes * Feature Sudo password auto-fill; * Fix locale json shema; --------- Co-authored-by: Luke Gustafson <88517757+LukeGus@users.noreply.github.com> * Added Italian Language; (#445) * Add termix.rb Cask file * Update Termix to version 1.9.0 with new checksum * Update README to remove 'coming soon' notes * Added Italian Language; --------- Co-authored-by: Luke Gustafson <88517757+LukeGus@users.noreply.github.com> * Auto collapse snippet folders (#448) * Add termix.rb Cask file * Update Termix to version 1.9.0 with new checksum * Update README to remove 'coming soon' notes * feat: Add collapsable snippets (customizable in user profile) * Translations (#447) * Add termix.rb Cask file * Update Termix to version 1.9.0 with new checksum * Update README to remove 'coming soon' notes * Added Italian Language; * Fix translations; Removed duplicate keys, synchronised other languages using English as the source, translated added keys, fixed inaccurate translations. --------- Co-authored-by: Luke Gustafson <88517757+LukeGus@users.noreply.github.com> * Remove PTY-level keepalive (#449) * Add termix.rb Cask file * Update Termix to version 1.9.0 with new checksum * Update README to remove 'coming soon' notes * Remove PTY-level keepalive to prevent unwanted terminal output; use SSH-level keepalive instead --------- Co-authored-by: Luke Gustafson <88517757+LukeGus@users.noreply.github.com> * feat: Seperate server stats and tunnel management (improved both UI's) then started initial docker implementation * fix: finalize adding docker to db * feat: Add docker management support (local squash) * Fix RBAC role system bugs and improve UX (#446) * Fix RBAC role system bugs and improve UX - Fix user list dropdown selection in host sharing - Fix role sharing permissions to include role-based access - Fix translation template interpolation for success messages - Standardize system roles to admin and user only - Auto-assign user role to new registrations - Remove blocking confirmation dialogs in modal contexts - Add missing i18n keys for common actions - Fix button type to prevent unintended form submissions * Enhance RBAC system with UI improvements and security fixes - Move role assignment to Users tab with per-user role management - Protect system roles (admin/user) from editing and manual assignment - Simplify permission system: remove Use level, keep View and Manage - Hide Update button and Sharing tab for view-only/shared hosts - Prevent users from sharing hosts with themselves - Unify table and modal styling across admin panels - Auto-assign system roles on user registration - Add permission metadata to host interface * Add empty state message for role assignment - Display helpful message when no custom roles available - Clarify that system roles are auto-assigned - Add noCustomRolesToAssign translation in English and Chinese * fix: Prevent credential sharing errors for shared hosts - Skip credential resolution for shared hosts with credential authentication to prevent decryption errors (credentials are encrypted per-user) - Add warning alert in sharing tab when host uses credential authentication - Inform users that shared users cannot connect to credential-based hosts - Add translations for credential sharing warning (EN/ZH) This prevents authentication failures when sharing hosts configured with credential authentication while maintaining security by keeping credentials isolated per user. * feat: Improve rbac UI and fixes some bugs --------- Co-authored-by: Luke Gustafson <88517757+LukeGus@users.noreply.github.com> Co-authored-by: LukeGus <bugattiguy527@gmail.com> * SOCKS5 support (#452) * Add termix.rb Cask file * Update Termix to version 1.9.0 with new checksum * Update README to remove 'coming soon' notes * SOCKS5 support Adding single and chain socks5 proxy support * fix: cleanup files --------- Co-authored-by: Luke Gustafson <88517757+LukeGus@users.noreply.github.com> Co-authored-by: LukeGus <bugattiguy527@gmail.com> * Notes and Expiry fields add (#453) * Add termix.rb Cask file * Update Termix to version 1.9.0 with new checksum * Update README to remove 'coming soon' notes * Notes and Expiry add * fix: cleanup files --------- Co-authored-by: Luke Gustafson <88517757+LukeGus@users.noreply.github.com> Co-authored-by: LukeGus <bugattiguy527@gmail.com> * fix: ssh host types * fix: sudo incorrect styling and remove expiration date * feat: add sudo password and add diagonal bg's * fix: snippet running on enter key * fix: base64 decoding * fix: improve server stats / rbac * fix: wrap ssh host json export in hosts array * feat: auto trim host inputs, fix file manager jump hosts, dashboard prevent duplicates, file manager terminal not size updating, improve left sidebar sorting, hide/show tags, add apperance user profile tab, add new host manager tabs. * feat: improve terminal connection speed * fix: sqlite constriant errors and support non-root user (nginx perm issue) * feat: add beta syntax highlighing to terminal * feat: update imports and improve admin settings user management * chore: update translations * chore: update translations * feat: Complete light mode implementation with semantic theme system (#450) - Add comprehensive light/dark mode CSS variables with semantic naming - Implement theme-aware scrollbars using CSS variables - Add light mode backgrounds: --bg-base, --bg-elevated, --bg-surface, etc. - Add theme-aware borders: --border-base, --border-panel, --border-subtle - Add semantic text colors: --foreground-secondary, --foreground-subtle - Convert oklch colors to hex for better compatibility - Add theme awareness to CodeMirror editors - Update dark mode colors for consistency (background, sidebar, card, muted, input) - Add Tailwind color mappings for semantic classes Co-authored-by: Luke Gustafson <88517757+LukeGus@users.noreply.github.com> * fix: syntax errors * chore: updating/match themes and split admin settings * feat: add translation workflow and remove old translation.json * fix: translation workflow error * fix: translation workflow error * feat: improve translation system and update workflow * fix: wrong path for translations * fix: change translation to flat files * fix: gh rule error * chore: auto-translate to multiple languages (#458) * chore: improve organization and made a few styling changes in host manager * feat: improve terminal stability and split out the host manager * fix: add unnversiioned files * chore: migrate all to use the new theme system * fix: wrong animation line colors * fix: rbac implementation general issues (local squash) * fix: remove unneeded files * feat: add 10 new langs * chore: update gitnore * chore: auto-translate to multiple languages (#459) * fix: improve tunnel system * fix: properly split tabs, still need to fix up the host manager * chore: cleanup files (possible RC) * feat: add norwegian * chore: auto-translate to multiple languages (#461) * fix: small qol fixes and began readme update * fix: run cleanup script * feat: add docker docs button * feat: general bug fixes and readme updates * fix: translations * chore: auto-translate to multiple languages (#462) * fix: cleanup files * fix: test new translation issue and add better server-stats support * fix: fix translate error * chore: auto-translate to multiple languages (#463) * fix: fix translate mismatching text * chore: auto-translate to multiple languages (#465) * fix: fix translate mismatching text * fix: fix translate mismatching text * chore: auto-translate to multiple languages (#466) * fix: fix translate mismatching text * fix: fix translate mismatching text * fix: fix translate mismatching text * chore: auto-translate to multiple languages (#467) * fix: fix translate mismatching text * chore: auto-translate to multiple languages (#468) * feat: add to readme, a few qol changes, and improve server stats in general * chore: auto-translate to multiple languages (#469) * feat: turned disk uage into graph and fixed issue with termina console * fix: electron build error and hide icons when shared * chore: run clean * fix: general server stats issues, file manager decoding, ui qol * fix: add dashboard line breaks * fix: docker console error * fix: docker console not loading and mismatched stripped background for electron * fix: docker console not loading * chore: docker console not loading in docker * chore: translate readme to chinese * chore: match package lock to package json * chore: nginx config issue for dokcer console * chore: auto-translate to multiple languages (#470) --------- Co-authored-by: Tran Trung Kien <kientt13.7@gmail.com> Co-authored-by: junu <bigdwarf_@naver.com> Co-authored-by: 송준우 <2484@coreit.co.kr> Co-authored-by: SlimGary <trash.slim@gmail.com> Co-authored-by: Nunzio Marfè <nunzio.marfe@protonmail.com> Co-authored-by: Wesley Reid <starhound@lostsouls.org> Co-authored-by: ZacharyZcR <zacharyzcr1984@gmail.com> Co-authored-by: Denis <38875137+Medvedinca@users.noreply.github.com> Co-authored-by: Peet McKinney <68706879+PeetMcK@users.noreply.github.com>
2025-12-31 22:20:12 -06:00
parent 7139290d14
commit ad86c2040b
225 changed files with 87356 additions and 17706 deletions
--- a/src/backend/database/routes/users.ts
+++ b/src/backend/database/routes/users.ts
@@ -15,6 +15,11 @@ import {
  sshCredentialUsage,
  recentActivity,
  snippets,
+  snippetFolders,
+  sshFolders,
+  commandHistory,
+  roles,
+  userRoles,
 } from "../db/schema.js";
 import { eq, and } from "drizzle-orm";
 import bcrypt from "bcryptjs";
@@ -134,6 +139,54 @@ function isNonEmptyString(val: unknown): val is string {
 const authenticateJWT = authManager.createAuthMiddleware();
 const requireAdmin = authManager.createAdminMiddleware();

+async function deleteUserAndRelatedData(userId: string): Promise<void> {
+  try {
+    await db
+      .delete(sshCredentialUsage)
+      .where(eq(sshCredentialUsage.userId, userId));
+
+    await db
+      .delete(fileManagerRecent)
+      .where(eq(fileManagerRecent.userId, userId));
+    await db
+      .delete(fileManagerPinned)
+      .where(eq(fileManagerPinned.userId, userId));
+    await db
+      .delete(fileManagerShortcuts)
+      .where(eq(fileManagerShortcuts.userId, userId));
+
+    await db.delete(recentActivity).where(eq(recentActivity.userId, userId));
+    await db.delete(dismissedAlerts).where(eq(dismissedAlerts.userId, userId));
+
+    await db.delete(snippets).where(eq(snippets.userId, userId));
+    await db.delete(snippetFolders).where(eq(snippetFolders.userId, userId));
+
+    await db.delete(sshFolders).where(eq(sshFolders.userId, userId));
+
+    await db.delete(commandHistory).where(eq(commandHistory.userId, userId));
+
+    await db.delete(sshData).where(eq(sshData.userId, userId));
+    await db.delete(sshCredentials).where(eq(sshCredentials.userId, userId));
+
+    db.$client
+      .prepare("DELETE FROM settings WHERE key LIKE ?")
+      .run(`user_%_${userId}`);
+
+    await db.delete(users).where(eq(users.id, userId));
+
+    authLogger.success("User and all related data deleted successfully", {
+      operation: "delete_user_and_related_data_complete",
+      userId,
+    });
+  } catch (error) {
+    authLogger.error("Failed to delete user and related data", error, {
+      operation: "delete_user_and_related_data_failed",
+      userId,
+    });
+    throw error;
+  }
+}
+
 // Route: Create traditional user (username/password)
 // POST /users/create
 router.post("/create", async (req, res) => {
@@ -210,6 +263,34 @@ router.post("/create", async (req, res) => {
      totp_backup_codes: null,
    });

+    try {
+      const defaultRoleName = isFirstUser ? "admin" : "user";
+      const defaultRole = await db
+        .select({ id: roles.id })
+        .from(roles)
+        .where(eq(roles.name, defaultRoleName))
+        .limit(1);
+
+      if (defaultRole.length > 0) {
+        await db.insert(userRoles).values({
+          userId: id,
+          roleId: defaultRole[0].id,
+          grantedBy: id,
+        });
+      } else {
+        authLogger.warn("Default role not found during user registration", {
+          operation: "assign_default_role",
+          userId: id,
+          roleName: defaultRoleName,
+        });
+      }
+    } catch (roleError) {
+      authLogger.error("Failed to assign default role", roleError, {
+        operation: "assign_default_role",
+        userId: id,
+      });
+    }
+
    try {
      await authManager.registerUser(id, password);
    } catch (encryptionError) {
@@ -816,6 +897,41 @@ router.get("/oidc/callback", async (req, res) => {
        scopes: String(config.scopes),
      });

+      try {
+        const defaultRoleName = isFirstUser ? "admin" : "user";
+        const defaultRole = await db
+          .select({ id: roles.id })
+          .from(roles)
+          .where(eq(roles.name, defaultRoleName))
+          .limit(1);
+
+        if (defaultRole.length > 0) {
+          await db.insert(userRoles).values({
+            userId: id,
+            roleId: defaultRole[0].id,
+            grantedBy: id,
+          });
+        } else {
+          authLogger.warn(
+            "Default role not found during OIDC user registration",
+            {
+              operation: "assign_default_role_oidc",
+              userId: id,
+              roleName: defaultRoleName,
+            },
+          );
+        }
+      } catch (roleError) {
+        authLogger.error(
+          "Failed to assign default role to OIDC user",
+          roleError,
+          {
+            operation: "assign_default_role_oidc",
+            userId: id,
+          },
+        );
+      }
+
      try {
        const sessionDurationMs =
          deviceInfo.type === "desktop" || deviceInfo.type === "mobile"
@@ -1055,6 +1171,19 @@ router.post("/login", async (req, res) => {
      return res.status(401).json({ error: "Incorrect password" });
    }

+    try {
+      const { SharedCredentialManager } =
+        await import("../../utils/shared-credential-manager.js");
+      const sharedCredManager = SharedCredentialManager.getInstance();
+      await sharedCredManager.reEncryptPendingCredentialsForUser(userRecord.id);
+    } catch (error) {
+      authLogger.warn("Failed to re-encrypt pending shared credentials", {
+        operation: "reencrypt_pending_credentials",
+        userId: userRecord.id,
+        error,
+      });
+    }
+
    if (userRecord.totp_enabled) {
      const tempToken = await authManager.generateJWTToken(userRecord.id, {
        pendingTOTP: true,
@@ -1128,15 +1257,7 @@ router.post("/logout", authenticateJWT, async (req, res) => {
        try {
          const payload = await authManager.verifyJWTToken(token);
          sessionId = payload?.sessionId;
-        } catch (error) {
-          authLogger.debug(
-            "Token verification failed during logout (expected if token expired)",
-            {
-              operation: "logout_token_verify_failed",
-              userId,
-            },
-          );
-        }
+        } catch (error) {}
      }

      await authManager.logoutUser(userId, sessionId);
@@ -2252,36 +2373,8 @@ router.delete("/delete-user", authenticateJWT, async (req, res) => {

    const targetUserId = targetUser[0].id;

-    try {
-      await db
-        .delete(sshCredentialUsage)
-        .where(eq(sshCredentialUsage.userId, targetUserId));
-      await db
-        .delete(fileManagerRecent)
-        .where(eq(fileManagerRecent.userId, targetUserId));
-      await db
-        .delete(fileManagerPinned)
-        .where(eq(fileManagerPinned.userId, targetUserId));
-      await db
-        .delete(fileManagerShortcuts)
-        .where(eq(fileManagerShortcuts.userId, targetUserId));
-      await db
-        .delete(recentActivity)
-        .where(eq(recentActivity.userId, targetUserId));
-      await db
-        .delete(dismissedAlerts)
-        .where(eq(dismissedAlerts.userId, targetUserId));
-      await db.delete(snippets).where(eq(snippets.userId, targetUserId));
-      await db.delete(sshData).where(eq(sshData.userId, targetUserId));
-      await db
-        .delete(sshCredentials)
-        .where(eq(sshCredentials.userId, targetUserId));
-    } catch (cleanupError) {
-      authLogger.error(`Cleanup failed for user ${username}:`, cleanupError);
-      throw cleanupError;
-    }
-
-    await db.delete(users).where(eq(users.id, targetUserId));
+    // Use the comprehensive deletion utility
+    await deleteUserAndRelatedData(targetUserId);

    authLogger.success(
      `User ${username} deleted by admin ${adminUser[0].username}`,
@@ -2696,15 +2789,7 @@ router.post("/link-oidc-to-password", authenticateJWT, async (req, res) => {
    await authManager.revokeAllUserSessions(oidcUserId);
    authManager.logoutUser(oidcUserId);

-    await db
-      .delete(recentActivity)
-      .where(eq(recentActivity.userId, oidcUserId));
-
-    await db.delete(users).where(eq(users.id, oidcUserId));
-
-    db.$client
-      .prepare("DELETE FROM settings WHERE key LIKE ?")
-      .run(`user_%_${oidcUserId}`);
+    await deleteUserAndRelatedData(oidcUserId);

    try {
      const { saveMemoryDatabaseToFile } = await import("../db/index.js");