ENTERPRISE: Optimize system reliability and container deployment

Major improvements: - Fix file manager paste operation timeout issues for small files - Remove complex copyItem existence checks that caused hangs - Simplify copy commands for better reliability - Add comprehensive timeout protection for move operations - Remove JWT debug logging for production security - Fix nginx SSL variable syntax errors - Default to HTTP-only mode to eliminate setup complexity - Add dynamic SSL configuration switching in containers - Use environment-appropriate SSL certificate paths - Implement proper encryption architecture fixes - Add authentication middleware to all backend services - Resolve WebSocket timing race conditions Breaking changes: - SSL now disabled by default (set ENABLE_SSL=true to enable) - Nginx configurations dynamically selected based on SSL setting - Container paths automatically used in production environment 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-22 22:17:50 +08:00
parent aea00225d2
commit e4317667ac
19 changed files with 645 additions and 185 deletions
--- a/src/backend/ssh/terminal.ts
+++ b/src/backend/ssh/terminal.ts
@@ -24,50 +24,22 @@ const wss = new WebSocketServer({
      const url = parseUrl(info.req.url!, true);
      const token = url.query.token as string;

-      // DEBUG: Log detailed JWT verification process
-      sshLogger.debug("WebSocket JWT verification starting", {
-        operation: "websocket_jwt_debug",
-        fullUrl: info.req.url,
-        hasToken: !!token,
-        tokenLength: token?.length || 0,
-        tokenStart: token ? token.substring(0, 20) + "..." : "missing",
-        ip: info.req.socket.remoteAddress
-      });
-
      if (!token) {
        sshLogger.warn("WebSocket connection rejected: missing token", {
          operation: "websocket_auth_reject",
          reason: "missing_token",
-          origin: info.origin,
-          ip: info.req.socket.remoteAddress,
-          queryKeys: Object.keys(url.query || {})
+          ip: info.req.socket.remoteAddress
        });
        return false;
      }

-      // Verify JWT token
-      sshLogger.debug("Calling authManager.verifyJWTToken", {
-        operation: "websocket_jwt_verify",
-        tokenLength: token.length
-      });
-
      const payload = await authManager.verifyJWTToken(token);

-      sshLogger.debug("JWT verification result", {
-        operation: "websocket_jwt_result",
-        hasPayload: !!payload,
-        payloadKeys: payload ? Object.keys(payload) : [],
-        userId: payload?.userId || "none"
-      });
-
      if (!payload) {
        sshLogger.warn("WebSocket connection rejected: invalid token", {
          operation: "websocket_auth_reject",
          reason: "invalid_token",
-          origin: info.origin,
-          ip: info.req.socket.remoteAddress,
-          tokenLength: token.length,
-          tokenStart: token.substring(0, 20) + "..."
+          ip: info.req.socket.remoteAddress
        });
        return false;
      }