Commit Graph

154 Commits

Author SHA1 Message Date
Nexus Deploy b25d0798f6 fix(1panel): sync MySQL/Redis container hosts on nx update
Upgrade was skipping 1panel-network detection; wizard now overrides stale host.docker.internal from volume/API defaults.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-06 05:47:43 +08:00
Nexus Deploy 6b1d23c7d7 fix(1panel): sync Redis URL to container name on 1panel-network
Update NEXUS_REDIS_URL when detecting 1Panel-redis-*; add Redis TCP precheck and connection errors matching MySQL.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-06 05:39:52 +08:00
Nexus Deploy 6951b8049f fix(1panel): join 1panel-network and connect MySQL/Redis by container name
Per 1Panel App Store architecture, bridge apps must use Docker DNS on 1panel-network instead of host.docker.internal.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-06 05:35:04 +08:00
Nexus Deploy da0424a268 fix(install): MySQL TCP probe and clearer host.docker.internal errors
Step 2 now detects whether host MySQL is listening; init-db fails fast with 1Panel setup guidance on error 2003.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-06 05:22:16 +08:00
Nexus Deploy 569263dddb fix(install): remove redundant Redis/MySQL host hints in wizard step 3
Docker defaults already prefill host.docker.internal; drop duplicate 1Panel install reminders from the form.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-06 05:08:55 +08:00
Nexus Deploy 93400b7793 fix(install): split Redis install check (step 2) from connection test (step 4)
Step 2 only TCP-probes host Redis without blocking the wizard; step 4 runs /connection-check on MySQL and Redis from .env before creating the admin account.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-06 04:32:47 +08:00
Nexus Deploy f37ebf8621 feat(docker): remove bundled MySQL from production Compose stack
Production installs now run only the Nexus container; MySQL and Redis are self-hosted on the machine or 1Panel, with install wizard defaults pointing at host.docker.internal.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-06 03:27:57 +08:00
Nexus Deploy e42dc77127 feat(deploy): add redis compose uninstall; require Redis in install wizard
Step 2 blocks until Redis connects; uninstall-redis-compose.sh removes legacy
nexus-prod-redis container without touching host/1Panel Redis.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-06 02:51:52 +08:00
Nexus Deploy 6276ea08b7 feat(docker): remove bundled Redis; use external host install
Compose stack is MySQL+Nexus only; wizard Redis check is non-blocking
and defaults to host.docker.internal for self-managed Redis.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-06 02:48:00 +08:00
Nexus Deploy 5e7c5beb43 fix(install): probe redis via docker service host in env-check
Install wizard no longer hardcodes 127.0.0.1:6379; Docker installs get
mysql/redis prefills and a passing Redis check inside the nexus container.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-06 02:31:11 +08:00
Nexus Deploy 83ce11f55c feat(install): per-host auto-generated secrets for Docker installs
Each fresh 1Panel/Docker install generates unique MYSQL and NEXUS keys
via scripts/generate_nexus_secrets.py; install wizard reuses compose env.
2026-06-06 00:25:57 +08:00
Nexus Deploy b866e944ab fix: Code Review P0/P1 batches 1-3 and single-operator risk acceptance
Apply sync/install/auth/schedule/retry/agent/settings fixes from full
code review; document accepted WS and Agent legacy risks for solo ops.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-04 15:57:49 +08:00
Nexus Deploy a2ae74d582 release: BUG fixes batch 1-6, full bug scan docs, Ubuntu/Linux dev
- Backend: auth refresh reuse, schedule/retry/sync/agent/files fixes
- Frontend: push WS, files ETag browse, vite build assets
- Docs: audit/changelog, production deploy gate, bug scan registry B7-77
- Deploy: deploy-production.sh, prune assets, gate logs
2026-06-04 14:01:14 +08:00
Your Name 4b5602a719 feat(files): fix editor freeze, EOL gates, server form and session UX
- FilesPage storeToRefs + remotePath coercion; Monaco preload; list action buttons
- text_io for UTF-8/LF; install/sync EOL; check_shell_eol + check_text_eol gates
- ServerFormDialog, hash login redirect, AppAuth keep-session; design docs and audits

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-03 00:42:55 +08:00
Your Name f078d0e03b feat(push): localize sync/rsync error messages to Chinese in history and progress
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-02 15:18:01 +08:00
Your Name 524dabcf7f refactor(editor): P0 — per-tab model, EOL preservation, conflict detection (409)
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-02 14:46:49 +08:00
Your Name 78798e3630 feat(push): refactor B0-B6, /ws/sync channel, staging cleanup
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-02 08:14:09 +08:00
Your Name c6f1d73ff5 feat(files): P4 GET browse with ETag and P5 zero-flicker loading
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-02 05:59:55 +08:00
Your Name 67dac0168f feat: 文件管理器复制粘贴守卫、2MB编辑限制、一键配置sudoers、编辑器外观重构
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-02 02:20:22 +08:00
Your Name 928e3c5fdb fix: 登录白名单 IP 绕过防暴破锁定
白名单内 IP 跳过失败次数锁定;失败仅审计不计数;成功登录清除该用户历史失败记录。

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-02 01:37:22 +08:00
Your Name 832e34fd98 fix: 修复 6 个 MEDIUM 级 Bug (锁定/重试/调度/分页/SSH池/token_version)
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-02 01:29:06 +08:00
Your Name 19cfb7caaa fix: 系统全扫描修复 7 个 HIGH 级 Bug
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-02 01:22:00 +08:00
Your Name ea3046f635 fix: unix_ls parse_ls_la_line 兼容 long-iso 8字段格式
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-02 01:09:39 +08:00
Your Name e3eb0e65a5 fix(ui): 仪表盘/审计/调度/重试修复与终端快捷命令改版
统一终端页与全局侧栏菜单;快捷命令仅在终端执行,增删改排序迁入系统设置;命令输入区加高与 Enter/Shift+Enter 行为;后端自定义命令优先与 reorder API。

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-01 21:56:07 +08:00
Your Name d93c518a14 feat(files): POSIX paths, elevation, recursive chmod, access hints and docs
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-01 19:54:18 +08:00
Your Name 1cfac23c01 feat: terminal ANSI colors and enhanced shell syntax highlighting
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-01 15:49:27 +08:00
Your Name 8935081ac5 feat: full-site acceptance automation and health/detail fix
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-01 15:22:42 +08:00
Your Name d519113734 fix: Gate3 health plain text, refresh empty body, prune underscore chunks
test_api: assert /health returns plain text ok instead of JSON parse.

auth: RefreshRequest.refresh_token optional so SPA POST {} is not 422.

prune: allow leading underscore in asset names to avoid deleting _plugin-vue_export-helper.

Add run_test_api_on_server.sh and deployment follow-up changelog.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-01 13:41:28 +08:00
Your Name 8311821590 fix: 全量修复批量选择、JWT 60min、script-callback 认证与心跳数据流
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-01 12:17:47 +08:00
Your Name 6183047fd6 fix: 全站 bug 审查修复 (前端9项 + 后端5项)
Nexus CI/CD / test (push) Waiting to run
Nexus CI/CD / deploy (push) Blocked by required conditions
Nexus Pre-commit Checks / quick-check (push) Waiting to run
前端修复:
- P0: App.vue http 未导入导致全局搜索崩溃
- P1: TOTP 登录流程断裂 (TotpRequiredError 非 ApiError 子类)
- P1: ServersPage 编辑服务器 domain 被端口字符串污染
- P1: PushPage Set[0] 无效 → values().next().value
- P1: SettingsPage API 返回字符串未转数字
- P2: api/index.ts getList 重复定义移除
- P2: LoginPage 锁定倒计时 now ref + watch 更新
- P2: TerminalPage 路径验证正则放松 (允许空格/中文)
- P2: useWebSocket CONNECTING/CLOSING 状态关闭旧连接

后端修复:
- P1: websocket.py redis.keys() → scan_iter() 避免阻塞
- P1: auth_service.py TTL 仅在 key 无 TTL 时设置
- P1: servers.py 批量操作加 asyncio.Lock 避免并发 session commit
- P2: settings.py asyncio.get_event_loop() → get_running_loop()
- P2: settings.py datetime.utcfromtimestamp() → datetime.fromtimestamp(tz=utc)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-01 11:24:55 +08:00
Your Name facc1e8ae4 feat: TerminalPage全面迭代 + 快捷命令MySQL持久化
P0: Ctrl+L清屏、命令历史恢复、重连per-session、onopen不忽略、ping per-session
P1: 空catch处理、termRefs用session.id、错误透传、剪贴板权限、webssh-token错误
P2: 全选菜单、指数退避重连、快捷命令编辑、uptime per-session
新功能: quick_commands MySQL表 + CRUD API、Shell语法高亮输入栏
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-31 23:12:18 +08:00
Your Name 1ecd8e4542 fix: move wallpaper routes before /{key} catch-all to fix 404
Bing wallpaper endpoint (/bing-wallpapers) was returning 404 from HTTP
because FastAPI matched it against the /{key} catch-all route at position
2 before the specific route at position 13 ever got reached.

- Moved wallpaper routes (bing-wallpapers, bing-wallpaper) and helper code
  before the /{key} wildcard route
- Removed dead guard code in get_setting() that was never effective —
  FastAPI route matching happens before the handler body executes
- Removed duplicate wallpaper code block at end of file

Root cause: FastAPI matches routes in registration order. /{key} at
position 2 matched 'bing-wallpapers' as the key parameter, returning
'Setting not found' instead of routing to the wallpaper endpoint.
2026-05-31 22:00:33 +08:00
Your Name c6485168b6 fix: bing-wallpapers route was being caught by /{key} catch-all
FastAPI matches routes in order: /{key} registered before bing-wallpapers
because routes are sorted by path. /{key} matches 'bing-wallpapers' as a
key name, returning 404 'Setting not found' instead of hitting the actual
bing_wallpapers handler.

Fixed by adding a guard in get_setting() to skip these fixed path names,
and crucially by ensuring bing-wallpaper(s) routes are registered BEFORE
the /{key} catch-all in the router.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-31 20:59:26 +08:00
Your Name e9af02dd22 fix: add bing-wallpapers (plural) to PUBLIC_PREFIXES for JWT bypass 2026-05-31 20:53:49 +08:00
Your Name c9baecfdfa feat: Bing wallpaper slideshow — 12 images, hourly rotation, weekly cleanup
- Frontend: fullscreen wallpaper background with 1.5s crossfade transition,
  login card centered with glass effect, images rotate every hour
- Backend: new /api/settings/bing-wallpapers endpoint fetches 8 recent images
  from Bing HPImageArchive, caches to web/app/wallpapers/, returns all URLs
- Auto-cleanup: removes files older than 7 days, keeps max 12 newest
- Old /bing-wallpaper endpoint kept for backward compatibility

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-31 20:51:50 +08:00
Your Name 3d5870b404 fix: correct wallpaper dir to 3 levels up (server/api/settings.py -> Nexus/web/app/wallpapers)
Path breakdown: __file__ is server/api/settings.py
  .parent → server/api/
  .parent.parent → server/
  .parent.parent.parent → Nexus/ (repo root)
  Then append web/app/wallpapers

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-31 20:38:35 +08:00
Your Name afd32118b2 fix: correct wallpaper directory path in settings.py
- Path(__file__) is server/api/settings.py, so:
  .parent → api/  .parent → server/  .parent → Nexus/ (ROOT)
  .parent → (above ROOT — wrong!)
- Changed from .parent.parent.parent to .parent.parent.parent.parent
  to reach the project root, then into web/app/wallpapers/
- Moved _WALLPAPER_DIR.mkdir into the async function body

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-31 20:34:27 +08:00
Your Name d0308aaef6 fix: allow /app/wallpapers/ through AppAuthMiddleware
- Added /app/wallpapers/ to _APP_PUBLIC_PREFIXES so cached wallpaper images
  are served without requiring login auth
- Wallpaper files are now saved to web/app/wallpapers/ by bing_wallpaper() endpoint

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-31 20:30:46 +08:00
Your Name 04dda2c419 fix: download Bing wallpaper to server disk, auto-clean weekly
- Changed bing-wallpaper endpoint from URL proxy to image downloader
- Saves wallpaper to web/app/wallpapers/YYYY-MM-DD.jpg
- Auto-deletes wallpapers older than 7 days on each request
- Falls back to yesterday's cached file if download fails
- Added Path import for filesystem access

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-31 20:23:55 +08:00
Your Name e084d90c61 fix: add Bing wallpaper proxy endpoint, make it public (no JWT required)
- Added GET /api/settings/bing-wallpaper — proxies cn.bing.com HPImageArchive
  to avoid CORS issues, returns {url} for the daily wallpaper
- Added /api/settings/bing-wallpaper to PUBLIC_PREFIXES in auth_jwt.py
  so the login page can fetch it without authentication
- Login page now fetches wallpaper via backend proxy instead of direct CORS-blocked fetch

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-31 20:12:09 +08:00
Your Name 24aa8494e5 security: bind uvicorn to 127.0.0.1 instead of 0.0.0.0
The install wizard wrote '--host 0.0.0.0' which exposed the raw uvicorn
port 8600 on the public IP, bypassing Nginx HTTPS/TLS/WAF/middleware.
Changed to 127.0.0.1 — only local Nginx can reach the backend.

Also applied to running server via supervisor config fix.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-31 17:04:28 +08:00
Your Name 7a6479dbfa fix: remove stale login.html from public paths, clean up prefixes
Old Tailwind HTML pages removed from server — Vuetify SPA is now
the sole entry at /app/. Only install.html remains for setup wizard.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-05-31 15:44:56 +08:00
Your Name 0fdae981cf fix: add ttf/eot/otf to static asset whitelist in AppAuthMiddleware
Vuetify/Monaco fonts return 404 without these extensions whitelisted.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-05-31 15:42:43 +08:00
Your Name f745714530 fix: allow Vuetify SPA index.html through AppAuthMiddleware
The new Vuetify SPA uses hash routing — all pages served from single
index.html. The old middleware only whitelisted individual HTML page
paths (login.html etc.), blocking the SPA entry point with 404.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-31 13:13:13 +08:00
Your Name 293a0d64fe feat: 全站亮色/暗色主题切换
实现方案: CSS自定义属性 + Tailwind arbitrary values

新增文件:
- web/app/vendor/theme.css — CSS变量定义(亮色+暗色)

修改文件 (15个HTML + 2个JS + 2个Python):
- layout.js — 侧边栏🌙主题切换按钮 + loadTheme/toggleTheme
- settings.py — MUTABLE_KEYS加theme/editor_theme
- 15个HTML页面 — bg-slate-*替换为bg-[var(--bg-*)] + 引入theme.css

替换统计:
- index.html: 48处
- servers.html: 183处
- files.html: 94处
- push.html: 157处
- scripts.html: 83处
- credentials.html: 100处
- schedules.html: 59处
- retries.html: 40处
- commands.html: 57处
- alerts.html: 47处
- audit.html: 32处
- settings.html: 125处
- terminal.html: 89处
- install.html: 72处
- login.html: 14处
总计: 1199处替换

功能:
- 侧边栏底部🌙/☀️按钮切换亮色/暗色
- 主题偏好保存到MySQL(settings表)
- 页面加载时自动恢复主题
- Monaco编辑器主题独立控制(⚙️菜单)
2026-05-31 02:55:45 +08:00
Your Name e65c9993a2 feat: 编辑器亮色/暗色主题切换 + 保存到MySQL
- 标题栏🌙/☀️按钮切换 Monaco 主题
- 'vs'(亮色) / 'vs-dark'(暗色)
- 切换后立即应用到所有打开的标签页
- 通过 PUT /api/settings/editor_theme 保存到MySQL
- 页面加载时自动读取保存的主题偏好
- settings.py MUTABLE_KEYS 白名单加 editor_theme
2026-05-31 02:39:21 +08:00
Your Name 9f7be66356 fix: 审计5个FINDING修复 (files迭代)
- H-15 [MEDIUM] download端点加100MB大小限制
- H-02 [LOW] Content-Disposition filename sanitize(替换特殊字符)
- H-12 [LOW] FileDownload/FileRead/FileWrite path加max_length=4096
- H-27 [LOW] doPreview保存失败解析错误详情显示detail
- H-29 [INFO] esc()函数加注释说明用途
- H-01 [HIGH] 远程路径限制 — ACCEPTED_RISK(用户明确决策)
2026-05-30 23:44:35 +08:00
Your Name 14131f98f0 feat: files.html 全面迭代 — 15项改进
安全+后端:
- P2-1 符号链接解析(l权限检测+name/target分离)
- P2-7 新增 /api/sync/download 端点(SFTP流式下载)
- P2-8 新增 /api/sync/read-file + /write-file 端点(base64编码避免shell注入)

前端全面重写:
- P1-1 目录删除二次确认(自定义模态框+输入目录名)
- P2-2/2-3 事件委托替代内联onclick(data-action+data-path)
- P2-4 上传进度条(XHR.upload.onprogress)
- P2-5 文件大小可读化(B/KB/MB/GB)
- P2-6 文件类型图标(30+扩展名映射)
- P2-7 下载按钮+逻辑
- P2-8 文件预览/编辑弹窗(读取+修改+保存)
- P2-9 自定义模态框替代prompt/confirm
- P2-10 批量选择+批量删除(checkbox+全选+底部操作栏)
- P3-1 文件名搜索框(前端实时过滤)
- P3-2 符号链接🔗图标+target tooltip
- P3-3 空目录状态(图标+上传引导按钮)
- P3-4 服务器刷新按钮
- P3-5 操作loading状态(进度条) 2>&1
2026-05-30 23:34:24 +08:00
Your Name 64503c0260 fix: IP校验改用endpoint级HTTPException替代Pydantic validator
model_validator/field_validator在自定义RequestValidationError handler下
无法正确序列化为JSON,导致500。改用endpoint级_validate_ip_list()辅助函数
抛HTTPException(400),避免Pydantic→FastAPI序列化链路问题。
2026-05-30 22:48:41 +08:00
Your Name d19f5af807 fix: IP格式校验用field_validator替代model_validator
model_validator(mode='after')抛出ValueError时FastAPI不能正确序列化为422
→ 导致500 TypeError: Object of type ValueError is not JSON serializable
改用field_validator(mode='before')由Pydantic正常捕获返回422
2026-05-30 22:44:26 +08:00