#!/usr/bin/env bash set -euo pipefail TOKEN="${1:-}" ENC_COMMAND="${2:-}" if [[ -z "${TOKEN}" ]]; then echo "Missing token." exit 1 fi API_BASE="${PI_CONTROL_API_URL:-http://gui_nexus}" API_BASE="${API_BASE%/}" INFO_URL="${API_BASE}/module/pi_control/terminal_info?token=${TOKEN}" AUTH_HEADER=() if [[ -n "${STAGING_AUTH_USER:-}" && -n "${STAGING_AUTH_PASS:-}" ]]; then BASIC="$(printf "%s:%s" "${STAGING_AUTH_USER}" "${STAGING_AUTH_PASS}" | base64)" AUTH_HEADER=(-H "Authorization: Basic ${BASIC}") fi if [[ -n "${PI_CONTROL_SHARED_SECRET:-}" ]]; then AUTH_HEADER+=(-H "X-Terminal-Secret: ${PI_CONTROL_SHARED_SECRET}") fi JSON="$(curl -sS "${AUTH_HEADER[@]}" "${INFO_URL}")" OK="$(echo "${JSON}" | jq -r '.ok')" if [[ "${OK}" != "true" ]]; then echo "Invalid or expired token." exit 1 fi HOST="$(echo "${JSON}" | jq -r '.host.host')" PORT="$(echo "${JSON}" | jq -r '.host.port')" USER="$(echo "${JSON}" | jq -r '.host.username')" AUTH_TYPE="$(echo "${JSON}" | jq -r '.host.auth_type')" KEY_PATH="$(echo "${JSON}" | jq -r '.host.key_path')" PASSWORD="$(echo "${JSON}" | jq -r '.host.password')" COMMAND="$(echo "${JSON}" | jq -r '.command // ""')" if [[ -z "${COMMAND}" && -n "${ENC_COMMAND}" ]]; then COMMAND="$(printf '%s' "${ENC_COMMAND}" | base64 -d 2>/dev/null || true)" fi if [[ -z "${HOST}" || -z "${USER}" ]]; then echo "Host data incomplete." exit 1 fi SSH_OPTS=() if [[ "${PI_CONTROL_STRICT_HOSTKEY:-}" == "1" ]]; then SSH_OPTS=(-o StrictHostKeyChecking=accept-new -o UserKnownHostsFile=/root/.ssh/known_hosts) else SSH_OPTS=(-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null) fi SSH_TARGET="${USER}@${HOST}" TMUX_SESSION="${PI_CONTROL_TMUX_SESSION:-nexus}" if [[ -n "${COMMAND}" ]]; then COMMAND_B64="$(printf '%s' "${COMMAND}" | base64)" REMOTE_CMD='CMD_B64="$(cat)"; CMD="$(printf "%s" "$CMD_B64" | base64 -d)"; if command -v tmux >/dev/null 2>&1; then SESSION="'"${TMUX_SESSION}"'"; tmux has-session -t "$SESSION" 2>/dev/null || tmux new-session -d -s "$SESSION"; tmux send-keys -t "$SESSION" "$CMD" C-m; exec tmux attach -t "$SESSION"; else eval "$CMD"; exec /bin/bash -il; fi' if [[ "${AUTH_TYPE}" == "key" && -n "${KEY_PATH}" ]]; then printf '%s' "${COMMAND_B64}" | ssh "${SSH_OPTS[@]}" -i "${KEY_PATH}" -p "${PORT:-22}" -tt "${SSH_TARGET}" -- /bin/bash -lc "${REMOTE_CMD}" || \ printf '%s' "${COMMAND_B64}" | ssh "${SSH_OPTS[@]}" -i "${KEY_PATH}" -p "${PORT:-22}" -tt "${SSH_TARGET}" -- /bin/sh -lc "${REMOTE_CMD}" elif [[ "${AUTH_TYPE}" == "pass" && -n "${PASSWORD}" ]]; then printf '%s' "${COMMAND_B64}" | sshpass -p "${PASSWORD}" ssh "${SSH_OPTS[@]}" -p "${PORT:-22}" -tt "${SSH_TARGET}" -- /bin/bash -lc "${REMOTE_CMD}" || \ printf '%s' "${COMMAND_B64}" | sshpass -p "${PASSWORD}" ssh "${SSH_OPTS[@]}" -p "${PORT:-22}" -tt "${SSH_TARGET}" -- /bin/sh -lc "${REMOTE_CMD}" else printf '%s' "${COMMAND_B64}" | ssh "${SSH_OPTS[@]}" -p "${PORT:-22}" -tt "${SSH_TARGET}" -- /bin/bash -lc "${REMOTE_CMD}" || \ printf '%s' "${COMMAND_B64}" | ssh "${SSH_OPTS[@]}" -p "${PORT:-22}" -tt "${SSH_TARGET}" -- /bin/sh -lc "${REMOTE_CMD}" fi exit $? else REMOTE_CMD='if command -v tmux >/dev/null 2>&1; then exec tmux new -A -s "'"${TMUX_SESSION}"'"; else exec /bin/bash -il; fi' if [[ "${AUTH_TYPE}" == "key" && -n "${KEY_PATH}" ]]; then exec ssh "${SSH_OPTS[@]}" -i "${KEY_PATH}" -p "${PORT:-22}" -tt "${SSH_TARGET}" -- /bin/bash -lc "${REMOTE_CMD}" || \ exec ssh "${SSH_OPTS[@]}" -i "${KEY_PATH}" -p "${PORT:-22}" -tt "${SSH_TARGET}" -- /bin/sh -lc "${REMOTE_CMD}" elif [[ "${AUTH_TYPE}" == "pass" && -n "${PASSWORD}" ]]; then exec sshpass -p "${PASSWORD}" ssh "${SSH_OPTS[@]}" -p "${PORT:-22}" -tt "${SSH_TARGET}" -- /bin/bash -lc "${REMOTE_CMD}" || \ exec sshpass -p "${PASSWORD}" ssh "${SSH_OPTS[@]}" -p "${PORT:-22}" -tt "${SSH_TARGET}" -- /bin/sh -lc "${REMOTE_CMD}" else exec ssh "${SSH_OPTS[@]}" -p "${PORT:-22}" -tt "${SSH_TARGET}" -- /bin/bash -lc "${REMOTE_CMD}" || \ exec ssh "${SSH_OPTS[@]}" -p "${PORT:-22}" -tt "${SSH_TARGET}" -- /bin/sh -lc "${REMOTE_CMD}" fi fi