feat: Phase 2 security audit fixes + script execution platform

Security (P0/P1/P2):
- WebSSH: dedicated short-lived token, server_id binding, 4003 close code
- Remove /api/agent/exec from control plane (RCE surface eliminated)
- Global JWT middleware (JwtAuthMiddleware) with install-mode bypass
- decrypt_value: failure returns None, never leaks ciphertext
- Telegram: sanitize_external_message strips sensitive fields
- Agent auth: startup enforces non-empty API key, compare_digest
- Credentials: password_set bool flag, no plaintext in API responses
- audit_log: writes admin_username + ip_address on all CUD ops
- Install lock: all /api/install/* except GET /status return 403 post-install
- WebSocket dedup: publish once, subscribers deliver locally

Script execution platform:
- script_jobs.py / script_job_callback.py: async batching and callback
- script_execution_store.py / script_callback_rate.py: Redis-backed state
- script_execution_flush.py: background flusher to MySQL
- scripts.html / script-executions.html: full execution UI
- agent_url.py: centralised URL builder

Frontend:
- All 13 pages migrated from CDN to /app/vendor/ (no external deps)
- vendor/: alpinejs, tailwindcss-browser, xterm, xterm-addon-*, qrious
- Dashboard WebSocket real-time alerts; 8h JWT session timeout

Tests:
- test_security_unit.py: 15 unit tests (JWT, sanitize, vendor, install 403)
- test_api.py: env-configurable admin credentials

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Your Name
2026-05-23 15:26:56 +08:00
parent 341d16fd6d
commit 752a24497c
67 changed files with 4496 additions and 602 deletions
+26 -3
View File
@@ -1,7 +1,7 @@
"""Nexus — Script & ScriptExecution Repository (Async SQLAlchemy)"""
from typing import Optional, List
from sqlalchemy import select
from typing import Optional, List, Tuple
from sqlalchemy import select, func
from sqlalchemy.ext.asyncio import AsyncSession
from server.domain.models import Script, ScriptExecution
@@ -61,11 +61,34 @@ class ScriptExecutionRepositoryImpl:
await self.session.refresh(execution)
return execution
async def update_status(self, id: int, status: str, results: str) -> ScriptExecution:
async def list_recent(
self,
limit: int = 50,
offset: int = 0,
status: Optional[str] = None,
) -> Tuple[List[ScriptExecution], int]:
filters = []
if status:
filters.append(ScriptExecution.status == status)
count_stmt = select(func.count(ScriptExecution.id))
if filters:
count_stmt = count_stmt.where(*filters)
total = int((await self.session.execute(count_stmt)).scalar() or 0)
stmt = select(ScriptExecution).order_by(ScriptExecution.started_at.desc())
if filters:
stmt = stmt.where(*filters)
result = await self.session.execute(stmt.limit(limit).offset(offset))
return list(result.scalars().all()), total
async def update_status(self, id: int, status: str, results: str) -> Optional[ScriptExecution]:
from datetime import datetime, timezone
execution = await self.session.get(ScriptExecution, id)
if execution:
execution.status = status
execution.results = results
if status != "running" and execution.completed_at is None:
execution.completed_at = datetime.now(timezone.utc)
await self.session.commit()
await self.session.refresh(execution)
return execution