private/nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tty

Browse Source
This commit is contained in:
Lars Gebhardt-Kusche
2026-03-05 02:10:21 +01:00
parent b428ee0635
commit 8ee9b364ee
7 changed files with 315 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
modules/pi_control/bootstrap.php
View File

@@ -41,6 +41,7 @@ $mm->registerFunction($moduleName, 'ensure_schema', function () use ($moduleName
$hostTable = $table('hosts');
$cmdTable = $table('commands');
$runTable = $table('runs');
$sessionTable = $table('sessions');
if ($driver === 'pgsql') {
$pdo->exec("CREATE TABLE IF NOT EXISTS {$hostTable} (
@@ -71,6 +72,16 @@ $mm->registerFunction($moduleName, 'ensure_schema', function () use ($moduleName
created_by VARCHAR(120) NULL,
created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP
)");
$pdo->exec("CREATE TABLE IF NOT EXISTS {$sessionTable} (
id SERIAL PRIMARY KEY,
token VARCHAR(64) NOT NULL UNIQUE,
host_id INTEGER NOT NULL,
provider VARCHAR(20) NOT NULL DEFAULT 'ttyd',
created_by VARCHAR(120) NULL,
created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
expires_at TIMESTAMP NOT NULL,
last_used_at TIMESTAMP NULL
)");
} else {
$pdo->exec("CREATE TABLE IF NOT EXISTS {$hostTable} (
id INTEGER PRIMARY KEY AUTOINCREMENT,
@@ -100,6 +111,16 @@ $mm->registerFunction($moduleName, 'ensure_schema', function () use ($moduleName
created_by VARCHAR(120) NULL,
created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
)");
$pdo->exec("CREATE TABLE IF NOT EXISTS {$sessionTable} (
id INTEGER PRIMARY KEY AUTOINCREMENT,
token VARCHAR(64) NOT NULL UNIQUE,
host_id INTEGER NOT NULL,
provider VARCHAR(20) NOT NULL DEFAULT 'ttyd',
created_by VARCHAR(120) NULL,
created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
expires_at DATETIME NOT NULL,
last_used_at DATETIME NULL
)");
}
// Seed default commands (only when empty)

7
modules/pi_control/module.json
View File

@@ -30,7 +30,12 @@
{ "name": "db.dbname", "label": "DB Name", "type": "text", "required": false },
{ "name": "db.schema", "label": "DB Schema", "type": "text", "required": false },
{ "name": "db.user", "label": "DB User", "type": "text", "required": false },
{ "name": "db.password", "label": "DB Passwort", "type": "password", "required": false }
{ "name": "db.password", "label": "DB Passwort", "type": "password", "required": false },
{ "name": "ttyd_url", "label": "ttyd URL", "type": "text", "required": false, "help": "z.B. https://staging.nexus.int.kusche.berlin/ttyd" },
{ "name": "wetty_url", "label": "WeTTY URL", "type": "text", "required": false, "help": "z.B. https://staging.nexus.int.kusche.berlin/wetty" },
{ "name": "terminal_default_provider", "label": "Standard-Konsole", "type": "text", "required": false, "help": "ttyd oder wetty" },
{ "name": "terminal_token_ttl", "label": "Token TTL (Minuten)", "type": "number", "required": false, "help": "Gültigkeit der Konsole-Token, z.B. 10" },
{ "name": "terminal_shared_secret", "label": "Terminal Shared Secret", "type": "password", "required": false, "help": "Zusätzliche Absicherung für terminal_info (Header X-Terminal-Secret)" }
]
},
"db_defaults": {

192
modules/pi_control/pages/console.php
View File

@@ -5,48 +5,95 @@ $table = fn(string $name) => module_fn('pi_control', 'table', $name);
$notice = null;
$error = null;
$terminalNotice = null;
$terminalError = null;
$terminalUrl = null;
$settings = modules()->settings('pi_control');
$ttydUrl = trim((string)($settings['ttyd_url'] ?? '/ttyd'));
$wettyUrl = trim((string)($settings['wetty_url'] ?? '/wetty'));
$defaultProvider = (string)($settings['terminal_default_provider'] ?? 'ttyd');
$tokenTtl = (int)($settings['terminal_token_ttl'] ?? 10);
$tokenTtl = $tokenTtl > 0 ? $tokenTtl : 10;
$hosts = $pdo->query('SELECT * FROM ' . $table('hosts') . ' ORDER BY name ASC')->fetchAll(PDO::FETCH_ASSOC);
$commands = $pdo->query('SELECT * FROM ' . $table('commands') . ' ORDER BY label ASC')->fetchAll(PDO::FETCH_ASSOC);
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$hostId = (int)($_POST['host_id'] ?? 0);
$commandId = (int)($_POST['command_id'] ?? 0);
$rawCommand = trim((string)($_POST['command_text'] ?? ''));
$action = (string)($_POST['action'] ?? '');
if ($hostId <= 0) {
$error = 'Bitte einen Host wählen.';
} elseif ($commandId <= 0 && $rawCommand === '') {
$error = 'Bitte einen Befehl wählen oder einen Befehl eingeben.';
} else {
$selectedCommand = '';
if ($commandId > 0) {
foreach ($commands as $c) {
if ((int)$c['id'] === $commandId) {
if (!auth_is_admin() && !empty($c['admin_only'])) {
$error = 'Dieser Befehl ist nur für Admins.';
} else {
$selectedCommand = (string)$c['command'];
}
break;
}
}
}
if ($action === 'open_console') {
$hostId = (int)($_POST['terminal_host_id'] ?? 0);
$provider = (string)($_POST['terminal_provider'] ?? $defaultProvider);
$provider = in_array($provider, ['ttyd', 'wetty'], true) ? $provider : 'ttyd';
if (!$error) {
$commandText = $selectedCommand !== '' ? $selectedCommand : $rawCommand;
if ($hostId <= 0) {
$terminalError = 'Bitte einen Host wählen.';
} else {
$driver = (string)$pdo->getAttribute(PDO::ATTR_DRIVER_NAME);
$expiresSql = $driver === 'pgsql'
? "NOW() + INTERVAL '{$tokenTtl} minutes'"
: "DATETIME('now', '+{$tokenTtl} minutes')";
$token = bin2hex(random_bytes(24));
$stmt = $pdo->prepare(
'INSERT INTO ' . $table('runs') . ' (host_id, command_id, command_text, status, created_by) VALUES (:host_id, :command_id, :command_text, :status, :created_by)'
'INSERT INTO ' . $table('sessions') . ' (token, host_id, provider, created_by, expires_at)
VALUES (:token, :host_id, :provider, :created_by, ' . $expiresSql . ')'
);
$stmt->execute([
'token' => $token,
'host_id' => $hostId,
'command_id' => $commandId > 0 ? $commandId : null,
'command_text' => $commandText,
'status' => 'pending',
'provider' => $provider,
'created_by' => auth_display_name() ?: null,
]);
$notice = 'Befehl wurde erfasst. (Execution-Backend folgt)';
if ($provider === 'ttyd') {
$sep = str_contains($ttydUrl, '?') ? '&' : '?';
$terminalUrl = rtrim($ttydUrl, '/') . '/' . $sep . 'arg=' . rawurlencode($token);
} else {
$terminalUrl = $wettyUrl;
$terminalNotice = 'WeTTY nutzt den Standard-Host aus der Container-Konfiguration. Für Host-Auswahl bitte ttyd nutzen.';
}
}
} else {
$hostId = (int)($_POST['host_id'] ?? 0);
$commandId = (int)($_POST['command_id'] ?? 0);
$rawCommand = trim((string)($_POST['command_text'] ?? ''));
if ($hostId <= 0) {
$error = 'Bitte einen Host wählen.';
} elseif ($commandId <= 0 && $rawCommand === '') {
$error = 'Bitte einen Befehl wählen oder einen Befehl eingeben.';
} else {
$selectedCommand = '';
if ($commandId > 0) {
foreach ($commands as $c) {
if ((int)$c['id'] === $commandId) {
if (!auth_is_admin() && !empty($c['admin_only'])) {
$error = 'Dieser Befehl ist nur für Admins.';
} else {
$selectedCommand = (string)$c['command'];
}
break;
}
}
}
if (!$error) {
$commandText = $selectedCommand !== '' ? $selectedCommand : $rawCommand;
$stmt = $pdo->prepare(
'INSERT INTO ' . $table('runs') . ' (host_id, command_id, command_text, status, created_by) VALUES (:host_id, :command_id, :command_text, :status, :created_by)'
);
$stmt->execute([
'host_id' => $hostId,
'command_id' => $commandId > 0 ? $commandId : null,
'command_text' => $commandText,
'status' => 'pending',
'created_by' => auth_display_name() ?: null,
]);
$notice = 'Befehl wurde erfasst. (Execution-Backend folgt)';
}
}
}
}
@@ -69,31 +116,84 @@ $runs = $pdo->query('SELECT * FROM ' . $table('runs') . ' ORDER BY id DESC LIMIT
<?php endif; ?>
<div class="grid" style="margin-top:1rem;">
<div class="card" style="background:var(--panel-2);">
<strong>Ausführen</strong>
<form method="post" style="display:grid; gap:10px; margin-top:.75rem;">
<select name="host_id" required>
<option value="">Host wählen</option>
<?php foreach ($hosts as $h): ?>
<option value="<?= e((string)$h['id']) ?>"><?= e($h['name'] ?? $h['host']) ?></option>
<?php endforeach; ?>
</select>
<div class="card form-card" style="background:var(--panel-2);">
<strong>Live-Konsole</strong>
<?php if ($terminalError): ?>
<div class="card" style="margin-top:1rem; border-color:#ffb4a8; background:#fff5f3; color:#7a2114;">
<?= e($terminalError) ?>
</div>
<?php elseif ($terminalNotice): ?>
<div class="card" style="margin-top:1rem; border-color:var(--accent-2);">
<?= e($terminalNotice) ?>
</div>
<?php endif; ?>
<form method="post" class="form-grid" style="margin-top:.75rem;">
<input type="hidden" name="action" value="open_console">
<label class="form-field">
<span class="muted">Host</span>
<select name="terminal_host_id" required title="Pi auswählen, zu dem die Konsole verbindet.">
<option value="">Host wählen</option>
<?php foreach ($hosts as $h): ?>
<option value="<?= e((string)$h['id']) ?>"><?= e($h['name'] ?? $h['host']) ?></option>
<?php endforeach; ?>
</select>
</label>
<label class="form-field">
<span class="muted">Konsole</span>
<select name="terminal_provider" title="Wähle die Terminal-Engine.">
<option value="ttyd" <?= $defaultProvider === 'ttyd' ? 'selected' : '' ?>>ttyd (empfohlen)</option>
<option value="wetty" <?= $defaultProvider === 'wetty' ? 'selected' : '' ?>>WeTTY</option>
</select>
</label>
<button class="cta-button" type="submit">Konsole öffnen</button>
</form>
<select name="command_id">
<option value="">Preset auswählen (optional)</option>
<?php foreach ($commands as $c): ?>
<?php if (!auth_is_admin() && !empty($c['admin_only'])) { continue; } ?>
<option value="<?= e((string)$c['id']) ?>"><?= e($c['label'] ?? '') ?></option>
<?php endforeach; ?>
</select>
<?php if ($terminalUrl): ?>
<div class="card" style="margin-top:1rem;">
<div style="display:flex; align-items:center; justify-content:space-between; gap:12px; flex-wrap:wrap;">
<strong>Aktive Konsole</strong>
<a class="nav-link" href="<?= e($terminalUrl) ?>" target="_blank" rel="noopener">In neuem Tab öffnen</a>
</div>
<div style="margin-top:.75rem; border-radius:12px; overflow:hidden; border:1px solid var(--line); background:#0b0f17;">
<iframe src="<?= e($terminalUrl) ?>" title="Pi Konsole" style="width:100%; height:520px; border:0;"></iframe>
</div>
</div>
<?php endif; ?>
</div>
<textarea name="command_text" rows="3" placeholder="Oder Command direkt eingeben"></textarea>
<div class="card form-card" style="background:var(--panel-2);">
<strong>Befehl ausführen</strong>
<form method="post" class="form-grid" style="margin-top:.75rem;">
<input type="hidden" name="action" value="run_command">
<label class="form-field">
<span class="muted">Host</span>
<select name="host_id" required>
<option value="">Host wählen</option>
<?php foreach ($hosts as $h): ?>
<option value="<?= e((string)$h['id']) ?>"><?= e($h['name'] ?? $h['host']) ?></option>
<?php endforeach; ?>
</select>
</label>
<label class="form-field">
<span class="muted">Preset</span>
<select name="command_id">
<option value="">Preset auswählen (optional)</option>
<?php foreach ($commands as $c): ?>
<?php if (!auth_is_admin() && !empty($c['admin_only'])) { continue; } ?>
<option value="<?= e((string)$c['id']) ?>"><?= e($c['label'] ?? '') ?></option>
<?php endforeach; ?>
</select>
</label>
<label class="form-field">
<span class="muted">Direkter Command</span>
<textarea name="command_text" rows="3" placeholder="Oder Command direkt eingeben"></textarea>
</label>
<button class="cta-button" type="submit">Befehl senden</button>
</form>
<p class="muted" style="margin-top:.5rem;">Hinweis: Execution-Backend wird im nächsten Schritt ergänzt.</p>
</div>
<div class="card" style="background:var(--panel-2);">
<div class="card form-card" style="background:var(--panel-2);">
<strong>Letzte Runs</strong>
<div style="margin-top:.75rem; overflow:auto;">
<table class="table" style="min-width:560px;">

74
modules/pi_control/pages/terminal_info.php Normal file
View File

@@ -0,0 +1,74 @@
<?php
declare(strict_types=1);
$pdo = module_fn('pi_control', 'pdo');
module_fn('pi_control', 'ensure_schema');
$table = fn(string $name) => module_fn('pi_control', 'table', $name);
header('Content-Type: application/json; charset=utf-8');
$settings = modules()->settings('pi_control');
$sharedSecret = trim((string)($settings['terminal_shared_secret'] ?? ''));
if ($sharedSecret !== '') {
$provided = trim((string)($_SERVER['HTTP_X_TERMINAL_SECRET'] ?? ''));
if (!hash_equals($sharedSecret, $provided)) {
http_response_code(401);
echo json_encode(['ok' => false, 'error' => 'unauthorized']);
exit;
}
}
$token = '';
if (!empty($_GET['token'])) {
$token = trim((string)$_GET['token']);
} elseif (!empty($_SERVER['HTTP_X_TERMINAL_TOKEN'])) {
$token = trim((string)$_SERVER['HTTP_X_TERMINAL_TOKEN']);
}
if ($token === '') {
http_response_code(400);
echo json_encode(['ok' => false, 'error' => 'missing_token']);
exit;
}
$driver = (string)$pdo->getAttribute(PDO::ATTR_DRIVER_NAME);
$nowSql = $driver === 'pgsql' ? 'NOW()' : "DATETIME('now')";
$sessionStmt = $pdo->prepare(
'SELECT * FROM ' . $table('sessions') . ' WHERE token = :token AND expires_at > ' . $nowSql . ' LIMIT 1'
);
$sessionStmt->execute(['token' => $token]);
$session = $sessionStmt->fetch(PDO::FETCH_ASSOC);
if (!$session) {
http_response_code(404);
echo json_encode(['ok' => false, 'error' => 'invalid_or_expired']);
exit;
}
$hostStmt = $pdo->prepare('SELECT * FROM ' . $table('hosts') . ' WHERE id = :id LIMIT 1');
$hostStmt->execute(['id' => (int)$session['host_id']]);
$host = $hostStmt->fetch(PDO::FETCH_ASSOC);
if (!$host) {
http_response_code(404);
echo json_encode(['ok' => false, 'error' => 'host_not_found']);
exit;
}
$pdo->prepare('UPDATE ' . $table('sessions') . ' SET last_used_at = ' . $nowSql . ' WHERE id = :id')
->execute(['id' => (int)$session['id']]);
echo json_encode([
'ok' => true,
'host' => [
'name' => (string)($host['name'] ?? ''),
'host' => (string)($host['host'] ?? ''),
'port' => (int)($host['port'] ?? 22),
'username' => (string)($host['username'] ?? ''),
'auth_type' => (string)($host['auth_type'] ?? 'key'),
'key_path' => (string)($host['key_path'] ?? ''),
'password' => (string)($host['password'] ?? ''),
],
]);
exit;