disinto-admin/disinto
1
0
Fork 0
Code Issues 13 Pull requests Projects Releases Packages Wiki Activity Actions

fix: edge control critical bugs - .env dedup, authorized_keys, Caddy routes
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details
ci/woodpecker/pr/smoke-init Pipeline was successful
Details

Browse source 
- Fix .env write in edge register to use single grep -Ev + mv pattern (not three-pass append)
- Fix register.sh to source authorized_keys.sh and call rebuild_authorized_keys directly
- Fix caddy.sh remove_route to use jq to find route index by host match
- Fix authorized_keys.sh operator precedence: { [ -z ] || [ -z ]; } && continue
- Fix install.sh Caddyfile to use { admin localhost:2019 } global options
- Fix deregister and status SSH to use StrictHostKeyChecking=accept-new
This commit is contained in:
Claude 2026-04-10 19:26:41 +00:00
parent cf3c63bf68
commit cd115a51a3
5 changed files with 14 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

11
bin/disinto
View file

@ -1715,11 +1715,8 @@ disinto_edge() {
# Write to .env (replace existing entries to avoid duplicates) # Write to .env (replace existing entries to avoid duplicates)
local tmp_env local tmp_env
tmp_env=$(mktemp) tmp_env=$(mktemp)
grep -v "^EDGE_TUNNEL_HOST=" "$env_file" > "$tmp_env" 2>/dev/null || true grep -Ev "^EDGE_TUNNEL_(HOST|PORT|FQDN)=" "$env_file" > "$tmp_env" 2>/dev/null || true
grep -v "^EDGE_TUNNEL_PORT=" "$env_file" >> "$tmp_env" 2>/dev/null || true mv "$tmp_env" "$env_file"
grep -v "^EDGE_TUNNEL_FQDN=" "$env_file" >> "$tmp_env" 2>/dev/null || true
cat "$tmp_env" > "$env_file"
rm -f "$tmp_env"
echo "EDGE_TUNNEL_HOST=${edge_host}" >> "$env_file" echo "EDGE_TUNNEL_HOST=${edge_host}" >> "$env_file"
echo "EDGE_TUNNEL_PORT=${port}" >> "$env_file" echo "EDGE_TUNNEL_PORT=${port}" >> "$env_file"
echo "EDGE_TUNNEL_FQDN=${fqdn}" >> "$env_file" echo "EDGE_TUNNEL_FQDN=${fqdn}" >> "$env_file"
@ -1763,7 +1760,7 @@ disinto_edge() {
# SSH to edge host and deregister # SSH to edge host and deregister
echo "Deregistering tunnel for ${project} on ${edge_host}..." echo "Deregistering tunnel for ${project} on ${edge_host}..."
local response local response
response=$(ssh -o StrictHostKeyChecking=no -o BatchMode=yes \ response=$(ssh -o StrictHostKeyChecking=accept-new -o BatchMode=yes \
"disinto-register@${edge_host}" \ "disinto-register@${edge_host}" \
"deregister ${project}" 2>&1) || { "deregister ${project}" 2>&1) || {
echo "Error: failed to deregister tunnel" >&2 echo "Error: failed to deregister tunnel" >&2
@ -1804,7 +1801,7 @@ disinto_edge() {
# SSH to edge host and get status # SSH to edge host and get status
echo "Checking tunnel status on ${edge_host}..." echo "Checking tunnel status on ${edge_host}..."
local response local response
response=$(ssh -o StrictHostKeyChecking=no -o BatchMode=yes \ response=$(ssh -o StrictHostKeyChecking=accept-new -o BatchMode=yes \
"disinto-register@${edge_host}" \ "disinto-register@${edge_host}" \
"list" 2>&1) || { "list" 2>&1) || {
echo "Error: failed to get status" >&2 echo "Error: failed to get status" >&2

7
tools/edge-control/install.sh
View file

@ -230,11 +230,8 @@ cat > "$CADDYFILE" <<EOF
# Caddy configuration for edge control plane # Caddy configuration for edge control plane
# Admin API enabled on 127.0.0.1:2019 # Admin API enabled on 127.0.0.1:2019
:2019 { {
@admin { admin localhost:2019
header Host 127.0.0.1
}
respond @admin "Caddy admin API" 200
} }
# Default site (reverse proxy for edge tunnels will be added dynamically) # Default site (reverse proxy for edge tunnels will be added dynamically)

2
tools/edge-control/lib/authorized_keys.sh
View file

@ -49,7 +49,7 @@ generate_authorized_keys_content() {
pubkey=$(echo "$line" | jq -r '.pubkey') pubkey=$(echo "$line" | jq -r '.pubkey')
# Skip if missing required fields # Skip if missing required fields
[ -z "$port" ] || [ -z "$pubkey" ] && continue { [ -z "$port" ] || [ -z "$pubkey" ]; } && continue
# Build the authorized_keys line # Build the authorized_keys line
# Format: restrict,port-forwarding,permitlisten="127.0.0.1:<port>",command="/bin/false" <key-type> <key> # Format: restrict,port-forwarding,permitlisten="127.0.0.1:<port>",command="/bin/false" <key-type> <key>

15
tools/edge-control/lib/caddy.sh
View file

@ -85,18 +85,11 @@ remove_route() {
return 1 return 1
} }
# Find the route index that matches our fqdn # Find the route index that matches our fqdn using jq
local route_index=-1 local route_index
local idx=0 route_index=$(echo "$routes_json" | jq -r "to_entries[] | select(.value.match[]?.host[]? == \"${fqdn}\") | .key" 2>/dev/null | head -1)
while IFS= read -r host; do
if [ "$host" = "$fqdn" ]; then
route_index=$idx
break
fi
idx=$((idx + 1))
done < <(echo "$routes_json" | jq -r '.[].match[].host[]' 2>/dev/null)
if [ "$route_index" -lt 0 ]; then if [ -z "$route_index" ] || [ "$route_index" = "null" ]; then
echo "Warning: route for ${fqdn} not found" >&2 echo "Warning: route for ${fqdn} not found" >&2
return 0 return 0
fi fi

5
tools/edge-control/register.sh
View file

@ -20,6 +20,7 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
# Source libraries # Source libraries
source "${SCRIPT_DIR}/lib/ports.sh" source "${SCRIPT_DIR}/lib/ports.sh"
source "${SCRIPT_DIR}/lib/caddy.sh" source "${SCRIPT_DIR}/lib/caddy.sh"
source "${SCRIPT_DIR}/lib/authorized_keys.sh"
# Domain suffix # Domain suffix
DOMAIN_SUFFIX="${DOMAIN_SUFFIX:-disinto.ai}" DOMAIN_SUFFIX="${DOMAIN_SUFFIX:-disinto.ai}"
@ -77,7 +78,7 @@ do_register() {
add_route "$project" "$port" add_route "$project" "$port"
# Rebuild authorized_keys for tunnel user # Rebuild authorized_keys for tunnel user
"${SCRIPT_DIR}/lib/authorized_keys.sh" rebuild_authorized_keys rebuild_authorized_keys
# Reload Caddy # Reload Caddy
reload_caddy reload_caddy
@ -107,7 +108,7 @@ do_deregister() {
remove_route "$project" remove_route "$project"
# Rebuild authorized_keys for tunnel user # Rebuild authorized_keys for tunnel user
"${SCRIPT_DIR}/lib/authorized_keys.sh" rebuild_authorized_keys rebuild_authorized_keys
# Reload Caddy # Reload Caddy
reload_caddy reload_caddy