dev-1.7.0 #294

2025-09-23T19:28:23Z

ZacharyZcR commented

2025-09-23 19:28:23 +00:00

(Migrated from github.com)

Too many changes to describe

gemini-code-assist[bot] commented

2025-09-23 19:29:40 +00:00

(Migrated from github.com)

Summary of Changes

Hello @ZacharyZcR, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a major version update (1.7.0) that fundamentally re-architects the application's security model, moving to a more robust and user-centric encryption system. It streamlines key management, enhances Docker deployment capabilities, and significantly upgrades file management features. The changes aim to improve overall security, simplify setup, and provide a more seamless user experience.

Highlights

Security Architecture Overhaul: Implemented a new KEK-DEK (Key Encryption Key - Data Encryption Key) encryption model for user data, replacing the previous single master key and hardware fingerprint system. This significantly enhances per-user data security and simplifies key management.
Simplified Key Management: System-level secrets such as JWTs, the main database encryption key, and internal authentication tokens are now auto-generated on first startup and persistently stored within a dedicated .env file inside the Docker volume. This eliminates the need for manual configuration for single-instance deployments.
Enhanced Docker Integration and Automatic SSL: Updated Dockerfile and docker-compose configurations now support building from source, feature improved volume management for persistent configuration, and integrate automatic SSL/TLS setup. This enables HTTPS/WSS out-of-the-box for development and simplifies production deployments.
Improved User Data Management: New API endpoints have been introduced for user-specific data export and import. Users can now export their encrypted data as SQLite files, which can be imported with password authentication and support incremental merging, providing greater control over personal data.
Advanced File Manager Capabilities: The file manager has been significantly upgraded with increased file size limits for uploads and downloads (up to 5GB), improved reliability for copy/move operations, and new functionality for creating new files and folders directly within the UI.
Autostart Credential Management: New SSH host fields and corresponding API endpoints have been added to securely manage plaintext credentials for autostarted tunnels. This allows for automated SSH connections without requiring manual password entry for predefined tunnels.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩︎

## Summary of Changes Hello @ZacharyZcR, I'm Gemini Code Assist[^1]! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request introduces a major version update (1.7.0) that fundamentally re-architects the application's security model, moving to a more robust and user-centric encryption system. It streamlines key management, enhances Docker deployment capabilities, and significantly upgrades file management features. The changes aim to improve overall security, simplify setup, and provide a more seamless user experience. ### Highlights * **Security Architecture Overhaul**: Implemented a new KEK-DEK (Key Encryption Key - Data Encryption Key) encryption model for user data, replacing the previous single master key and hardware fingerprint system. This significantly enhances per-user data security and simplifies key management. * **Simplified Key Management**: System-level secrets such as JWTs, the main database encryption key, and internal authentication tokens are now auto-generated on first startup and persistently stored within a dedicated `.env` file inside the Docker volume. This eliminates the need for manual configuration for single-instance deployments. * **Enhanced Docker Integration and Automatic SSL**: Updated Dockerfile and docker-compose configurations now support building from source, feature improved volume management for persistent configuration, and integrate automatic SSL/TLS setup. This enables HTTPS/WSS out-of-the-box for development and simplifies production deployments. * **Improved User Data Management**: New API endpoints have been introduced for user-specific data export and import. Users can now export their encrypted data as SQLite files, which can be imported with password authentication and support incremental merging, providing greater control over personal data. * **Advanced File Manager Capabilities**: The file manager has been significantly upgraded with increased file size limits for uploads and downloads (up to 5GB), improved reliability for copy/move operations, and new functionality for creating new files and folders directly within the UI. * **Autostart Credential Management**: New SSH host fields and corresponding API endpoints have been added to securely manage plaintext credentials for autostarted tunnels. This allows for automated SSH connections without requiring manual password entry for predefined tunnels. <details> <summary>Using Gemini Code Assist</summary> The full guide for Gemini Code Assist can be found on our [documentation page](https://developers.google.com/gemini-code-assist/docs/review-github-code), here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either `/gemini <command>` or `@gemini-code-assist <command>`. Below is a summary of the supported commands on the current page. Feature | Command | Description --- | --- | --- Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a `.gemini/` folder in the base of the repository. Detailed instructions can be found [here](https://developers.google.com/gemini-code-assist/docs/customize-gemini-behavior-github). Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with :thumbsup: and :thumbsdown: on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up [here](https://google.qualtrics.com/jfe/form/SV_2cyuGuTWsEw84yG). You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the [Gemini Code Assist IDE Extension](https://cloud.google.com/products/gemini/code-assist). </details> [^1]: Review the [Privacy Notices](https://policies.google.com/privacy), [Generative AI Prohibited Use Policy](https://policies.google.com/terms/generative-ai/use-policy), [Terms of Service](https://policies.google.com/terms), and learn how to configure Gemini Code Assist in GitHub [here](https://developers.google.com/gemini-code-assist/docs/customize-gemini-behavior-github). Gemini can make mistakes, so double check it and [use code with caution](https://support.google.com/legal/answer/13505487).

gemini-code-assist[bot] (Migrated from github.com) reviewed 2025-09-23 19:31:38 +00:00

gemini-code-assist[bot] (Migrated from github.com) left a comment

Code Review

This is a massive and impressive pull request that constitutes a major refactoring of the application, focusing on security, deployment, and configuration. The changes are overwhelmingly positive and well-executed.

Key improvements include:

A complete overhaul of the encryption system to a modern and portable KEK-DEK model for user data, removing the brittle hardware-fingerprint dependency.
A robust new system for managing system-wide keys (JWT, DB file encryption, internal auth) with auto-generation and persistence, greatly improving security and ease of deployment.
Significant enhancements to the Docker setup, including automated SSL configuration for both development and production.
Strengthened security across all APIs and WebSocket connections, which are now properly authenticated.

My review has identified a few areas for improvement, primarily a security concern with the default CORS configuration being too permissive, an accidentally committed backup file, and a hardcoded connection limit that could be made configurable. Despite these points, this is an excellent update that significantly matures the application.

## Code Review This is a massive and impressive pull request that constitutes a major refactoring of the application, focusing on security, deployment, and configuration. The changes are overwhelmingly positive and well-executed. Key improvements include: - A complete overhaul of the encryption system to a modern and portable KEK-DEK model for user data, removing the brittle hardware-fingerprint dependency. - A robust new system for managing system-wide keys (JWT, DB file encryption, internal auth) with auto-generation and persistence, greatly improving security and ease of deployment. - Significant enhancements to the Docker setup, including automated SSL configuration for both development and production. - Strengthened security across all APIs and WebSocket connections, which are now properly authenticated. My review has identified a few areas for improvement, primarily a security concern with the default CORS configuration being too permissive, an accidentally committed backup file, and a hardcoded connection limit that could be made configurable. Despite these points, this is an excellent update that significantly matures the application.

.dockerignore

						
				@@ -0,0 +63,4 @@

				# Docker files (avoid recursion)

				Dockerfile*

				docker-compose*.yml

				.dockerignore

gemini-code-assist[bot] (Migrated from github.com) commented

2025-09-23 19:31:37 +00:00

Ignoring Docker-related files like Dockerfile*, docker-compose*.yml, and .dockerignore itself is a crucial best practice to prevent issues with recursive builds or including unnecessary context in the Docker build. This is well done and helps maintain a clean and efficient build process.

![medium](https://www.gstatic.com/codereviewagent/medium-priority.svg) Ignoring Docker-related files like `Dockerfile*`, `docker-compose*.yml`, and `.dockerignore` itself is a crucial best practice to prevent issues with recursive builds or including unnecessary context in the Docker build. This is well done and helps maintain a clean and efficient build process.

docker/.env.example

						
				@@ -0,0 +32,4 @@

				DATABASE_ENCRYPTION=true

				# ===== CORS CONFIGURATION =====

				ALLOWED_ORIGINS=*

gemini-code-assist[bot] (Migrated from github.com) commented

2025-09-23 19:31:37 +00:00

Using * for ALLOWED_ORIGINS is insecure and should be avoided in production as it allows any website to make requests to your Termix instance. This can lead to security vulnerabilities like Cross-Site Request Forgery (CSRF). It would be better to provide a more secure default example, such as ALLOWED_ORIGINS=http://localhost:5173,https://your-termix-domain.com, and add a strong warning in the comments about the risks of using a wildcard.

![high](https://www.gstatic.com/codereviewagent/high-priority.svg) Using `*` for `ALLOWED_ORIGINS` is insecure and should be avoided in production as it allows any website to make requests to your Termix instance. This can lead to security vulnerabilities like Cross-Site Request Forgery (CSRF). It would be better to provide a more secure default example, such as `ALLOWED_ORIGINS=http://localhost:5173,https://your-termix-domain.com`, and add a strong warning in the comments about the risks of using a wildcard.

docker/docker-compose.yml

						
				@@ -12,0 +50,4 @@

				      - ALLOWED_ORIGINS=${ALLOWED_ORIGINS:-*}

				    # Health check for both HTTP and HTTPS

				    healthcheck:

gemini-code-assist[bot] (Migrated from github.com) commented

2025-09-23 19:31:37 +00:00

Setting ALLOWED_ORIGINS to * by default poses a significant security risk in production environments, as it permits cross-origin requests from any domain. For a more secure default configuration, consider changing this to a more restrictive value, for example, an empty string or a specific development URL like http://localhost:8080. The accompanying documentation should strongly advise users to configure this with their specific domain for production deployments.

![high](https://www.gstatic.com/codereviewagent/high-priority.svg) Setting `ALLOWED_ORIGINS` to `*` by default poses a significant security risk in production environments, as it permits cross-origin requests from any domain. For a more secure default configuration, consider changing this to a more restrictive value, for example, an empty string or a specific development URL like `http://localhost:8080`. The accompanying documentation should strongly advise users to configure this with their specific domain for production deployments.

src/backend/database/db/index.ts

gemini-code-assist[bot] (Migrated from github.com) commented

2025-09-23 19:31:37 +00:00

This is an excellent and critical piece of error handling. Failing fast when database decryption fails is the correct approach to prevent data corruption or loss. The detailed logging and explicit error message will be invaluable for debugging if such a critical failure occurs. This significantly improves the robustness of the database initialization process.

![medium](https://www.gstatic.com/codereviewagent/medium-priority.svg) This is an excellent and critical piece of error handling. Failing fast when database decryption fails is the correct approach to prevent data corruption or loss. The detailed logging and explicit error message will be invaluable for debugging if such a critical failure occurs. This significantly improves the robustness of the database initialization process.

src/backend/database/db/old-index.ts.bak

						
				@@ -0,0 +1,600 @@

				import { drizzle } from "drizzle-orm/better-sqlite3";

gemini-code-assist[bot] (Migrated from github.com) commented

2025-09-23 19:31:38 +00:00

This backup file appears to have been accidentally committed to the repository. It should be removed to keep the codebase clean and avoid potential confusion for future developers.

![medium](https://www.gstatic.com/codereviewagent/medium-priority.svg) This backup file appears to have been accidentally committed to the repository. It should be removed to keep the codebase clean and avoid potential confusion for future developers.

src/backend/ssh/terminal.ts

						
				@@ -14,0 +70,4 @@

				      // Note: We don't need to attach user info to request anymore

				      // Connection handler will re-verify JWT directly from URL

gemini-code-assist[bot] (Migrated from github.com) commented

2025-09-23 19:31:38 +00:00

The WebSocket connection limit is hardcoded to 3. While this is a reasonable default, it might be beneficial to make this configurable via an environment variable, for example WEBSOCKET_CONNECTION_LIMIT. This would provide more flexibility for administrators who might need to adjust this limit based on their use case and server resources.

![medium](https://www.gstatic.com/codereviewagent/medium-priority.svg) The WebSocket connection limit is hardcoded to 3. While this is a reasonable default, it might be beneficial to make this configurable via an environment variable, for example `WEBSOCKET_CONNECTION_LIMIT`. This would provide more flexibility for administrators who might need to adjust this limit based on their use case and server resources.

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: dennii/Termix#294

				`@@ -0,0 +1,600 @@`
				`import { drizzle } from "drizzle-orm/better-sqlite3";`