testing: bootstrap UI, agent reliability, NS-01..04 + alert username
Smoothes the rough edges that came up exercising a live deployment.
First-run bootstrap UI: /bootstrap renders a username + password form
that uses the in-memory token directly (operator no longer copies it
out of the log); /login redirects there while bootstrap is available.
Agent reliability: failJob synthetic envelopes so command.run early
returns no longer hang the server-side job; runtime probe of restic
restore --help drives --no-ownership instead of version sniffing
(0.18.x had it removed). Server unit re-shaped: ProtectSystem=full
plus ReadWritePaths=/etc/restic-manager, no ProtectHome — restore
can now write anywhere a user might want.
Restore wizard: default target is /root/rm-restore/<job-id>/ with
clearer help text. Re-init confirm input uses .field (was .input,
which doesn't exist — text was invisible).
NS-01 host delete: store DeleteHost, admin-band /hosts/{id}/delete
with hostname-confirm danger zone, audit, FK cascade, live WS close.
NS-02 enrollment-token recovery: outstanding-tokens panel on
/hosts/new, regenerate (preserves attachments) and revoke handlers
+ audit, store-level ListOutstandingEnrollmentTokens and
DeleteEnrollmentToken.
NS-03 repo init / probe surface: migration 0020 adds
hosts.repo_status + repo_status_error; WS handler projects every
init job's outcome onto the host row (idempotent already-initialised
collapses to ready); creds-save resets status and dispatches a fresh
probe; /hosts/{id}/repo/probe retry endpoint with banner.
NS-04 dashboard live + sort + filter: query-string filter
(q/status/repo_status/tag/sort/dir), 5s htmx live poll mirroring the
alerts pattern with a localStorage live toggle, sortable column
headers, filter row + clear.
Alerts page: ack'd-by line resolves user_id ULID to username.
Compose.yaml ignored — host-specific.
This commit is contained in:
@@ -160,6 +160,78 @@ func (s *Store) GetEnrollmentTokenStatus(ctx context.Context, tokenHash string)
|
||||
return out, nil
|
||||
}
|
||||
|
||||
// OutstandingEnrollmentToken is what the recoverable-token list page
|
||||
// shows: enough to identify the row (short hash + created/expires)
|
||||
// and re-render the install snippet via the regenerate flow, plus
|
||||
// the encrypted repo creds blob the caller can decrypt-and-redact for
|
||||
// display.
|
||||
type OutstandingEnrollmentToken struct {
|
||||
TokenHash string
|
||||
CreatedAt time.Time
|
||||
ExpiresAt time.Time
|
||||
EncRepoCreds string
|
||||
InitialPaths []string
|
||||
}
|
||||
|
||||
// ListOutstandingEnrollmentTokens returns every still-valid token
|
||||
// (un-consumed and not expired). Used by the Add-host page to give
|
||||
// operators a way back to the install snippet after they close the
|
||||
// /hosts/pending/{token} tab without finishing onboarding.
|
||||
func (s *Store) ListOutstandingEnrollmentTokens(ctx context.Context) ([]OutstandingEnrollmentToken, error) {
|
||||
now := time.Now().UTC().Format(time.RFC3339Nano)
|
||||
rows, err := s.db.QueryContext(ctx,
|
||||
`SELECT token_hash, created_at, expires_at, enc_repo_creds, initial_paths
|
||||
FROM enrollment_tokens
|
||||
WHERE consumed_at IS NULL AND expires_at > ?
|
||||
ORDER BY created_at DESC`, now)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("store: list outstanding enrollment tokens: %w", err)
|
||||
}
|
||||
defer func() { _ = rows.Close() }()
|
||||
var out []OutstandingEnrollmentToken
|
||||
for rows.Next() {
|
||||
var (
|
||||
hash, created, expires string
|
||||
enc sql.NullString
|
||||
pathsJSON string
|
||||
)
|
||||
if err := rows.Scan(&hash, &created, &expires, &enc, &pathsJSON); err != nil {
|
||||
return nil, fmt.Errorf("store: scan outstanding enrollment token: %w", err)
|
||||
}
|
||||
row := OutstandingEnrollmentToken{TokenHash: hash, InitialPaths: []string{}}
|
||||
if t, err := time.Parse(time.RFC3339Nano, created); err == nil {
|
||||
row.CreatedAt = t
|
||||
}
|
||||
if t, err := time.Parse(time.RFC3339Nano, expires); err == nil {
|
||||
row.ExpiresAt = t
|
||||
}
|
||||
if enc.Valid {
|
||||
row.EncRepoCreds = enc.String
|
||||
}
|
||||
if pathsJSON != "" {
|
||||
_ = json.Unmarshal([]byte(pathsJSON), &row.InitialPaths)
|
||||
}
|
||||
out = append(out, row)
|
||||
}
|
||||
return out, rows.Err()
|
||||
}
|
||||
|
||||
// DeleteEnrollmentToken removes a token row. Used by the operator-
|
||||
// driven revoke flow and by regenerate (which deletes the old hash
|
||||
// then mints a fresh one). Idempotent: ErrNotFound on miss.
|
||||
func (s *Store) DeleteEnrollmentToken(ctx context.Context, tokenHash string) error {
|
||||
res, err := s.db.ExecContext(ctx,
|
||||
`DELETE FROM enrollment_tokens WHERE token_hash = ?`, tokenHash)
|
||||
if err != nil {
|
||||
return fmt.Errorf("store: delete enrollment token: %w", err)
|
||||
}
|
||||
n, _ := res.RowsAffected()
|
||||
if n == 0 {
|
||||
return ErrNotFound
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// PurgeExpiredEnrollmentTokens deletes long-expired token rows. Tokens
|
||||
// retained for ~24h after expiry so audit traces still resolve them.
|
||||
func (s *Store) PurgeExpiredEnrollmentTokens(ctx context.Context) (int64, error) {
|
||||
|
||||
Reference in New Issue
Block a user