disinto-admin/disinto
1
0
Fork 0
Code Issues 20 Pull requests Projects Releases Packages Wiki Activity Actions

fix: edge control critical bugs - .env dedup, authorized_keys, Caddy routes
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details
ci/woodpecker/pr/smoke-init Pipeline was successful
Details

Browse source 
- Fix .env write in edge register to use single grep -Ev + mv pattern (not three-pass append)
- Fix register.sh to source authorized_keys.sh and call rebuild_authorized_keys directly
- Fix caddy.sh remove_route to use jq to find route index by host match
- Fix authorized_keys.sh operator precedence: { [ -z ] || [ -z ]; } && continue
- Fix install.sh Caddyfile to use { admin localhost:2019 } global options
- Fix deregister and status SSH to use StrictHostKeyChecking=accept-new
This commit is contained in:
Claude 2026-04-10 19:26:41 +00:00
parent cf3c63bf68
commit cd115a51a3
5 changed files with 14 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

11
bin/disinto
View file

@ -1715,11 +1715,8 @@ disinto_edge() {
# Write to .env (replace existing entries to avoid duplicates)
local tmp_env
tmp_env=$(mktemp)
grep -v "^EDGE_TUNNEL_HOST=" "$env_file" > "$tmp_env" 2>/dev/null || true
grep -v "^EDGE_TUNNEL_PORT=" "$env_file" >> "$tmp_env" 2>/dev/null || true
grep -v "^EDGE_TUNNEL_FQDN=" "$env_file" >> "$tmp_env" 2>/dev/null || true
cat "$tmp_env" > "$env_file"
rm -f "$tmp_env"
grep -Ev "^EDGE_TUNNEL_(HOST|PORT|FQDN)=" "$env_file" > "$tmp_env" 2>/dev/null || true
mv "$tmp_env" "$env_file"
echo "EDGE_TUNNEL_HOST=${edge_host}" >> "$env_file"
echo "EDGE_TUNNEL_PORT=${port}" >> "$env_file"
echo "EDGE_TUNNEL_FQDN=${fqdn}" >> "$env_file"
@ -1763,7 +1760,7 @@ disinto_edge() {
# SSH to edge host and deregister
echo "Deregistering tunnel for ${project} on ${edge_host}..."
local response
response=$(ssh -o StrictHostKeyChecking=no -o BatchMode=yes \
response=$(ssh -o StrictHostKeyChecking=accept-new -o BatchMode=yes \
"disinto-register@${edge_host}" \
"deregister ${project}" 2>&1) || {
echo "Error: failed to deregister tunnel" >&2
@ -1804,7 +1801,7 @@ disinto_edge() {
# SSH to edge host and get status
echo "Checking tunnel status on ${edge_host}..."
local response
response=$(ssh -o StrictHostKeyChecking=no -o BatchMode=yes \
response=$(ssh -o StrictHostKeyChecking=accept-new -o BatchMode=yes \
"disinto-register@${edge_host}" \
"list" 2>&1) || {
echo "Error: failed to get status" >&2

7
tools/edge-control/install.sh
View file

@ -230,11 +230,8 @@ cat > "$CADDYFILE" <<EOF
# Caddy configuration for edge control plane
# Admin API enabled on 127.0.0.1:2019
:2019 {
@admin {
header Host 127.0.0.1
}
respond @admin "Caddy admin API" 200
{
admin localhost:2019
}
# Default site (reverse proxy for edge tunnels will be added dynamically)

2
tools/edge-control/lib/authorized_keys.sh
View file

@ -49,7 +49,7 @@ generate_authorized_keys_content() {
pubkey=$(echo "$line" | jq -r '.pubkey')
# Skip if missing required fields
[ -z "$port" ] || [ -z "$pubkey" ] && continue
{ [ -z "$port" ] || [ -z "$pubkey" ]; } && continue
# Build the authorized_keys line
# Format: restrict,port-forwarding,permitlisten="127.0.0.1:<port>",command="/bin/false" <key-type> <key>

15
tools/edge-control/lib/caddy.sh
View file

@ -85,18 +85,11 @@ remove_route() {
return 1
}
# Find the route index that matches our fqdn
local route_index=-1
local idx=0
while IFS= read -r host; do
if [ "$host" = "$fqdn" ]; then
route_index=$idx
break
fi
idx=$((idx + 1))
done < <(echo "$routes_json" | jq -r '.[].match[].host[]' 2>/dev/null)
# Find the route index that matches our fqdn using jq
local route_index
route_index=$(echo "$routes_json" | jq -r "to_entries[] | select(.value.match[]?.host[]? == \"${fqdn}\") | .key" 2>/dev/null | head -1)
if [ "$route_index" -lt 0 ]; then
if [ -z "$route_index" ] || [ "$route_index" = "null" ]; then
echo "Warning: route for ${fqdn} not found" >&2
return 0
fi

5
tools/edge-control/register.sh
View file

@ -20,6 +20,7 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
# Source libraries
source "${SCRIPT_DIR}/lib/ports.sh"
source "${SCRIPT_DIR}/lib/caddy.sh"
source "${SCRIPT_DIR}/lib/authorized_keys.sh"
# Domain suffix
DOMAIN_SUFFIX="${DOMAIN_SUFFIX:-disinto.ai}"
@ -77,7 +78,7 @@ do_register() {
add_route "$project" "$port"
# Rebuild authorized_keys for tunnel user
"${SCRIPT_DIR}/lib/authorized_keys.sh" rebuild_authorized_keys
rebuild_authorized_keys
# Reload Caddy
reload_caddy
@ -107,7 +108,7 @@ do_deregister() {
remove_route "$project"
# Rebuild authorized_keys for tunnel user
"${SCRIPT_DIR}/lib/authorized_keys.sh" rebuild_authorized_keys
rebuild_authorized_keys
# Reload Caddy
reload_caddy