Skip to content

fix: Security Vulnerability Repair + Export IP Data Model Refactoring + VNC/entry Network Stability Repair#8

Open
zanyatta wants to merge 6 commits into
ZaneL1u:mainfrom
zanyatta:fix
Open

fix: Security Vulnerability Repair + Export IP Data Model Refactoring + VNC/entry Network Stability Repair#8
zanyatta wants to merge 6 commits into
ZaneL1u:mainfrom
zanyatta:fix

Conversation

@zanyatta

@zanyatta zanyatta commented Jul 9, 2026

Copy link
Copy Markdown

Overview

This entry contains six submissions, mainly focusing on three directions: security vulnerability repair, export IP data model reconstruction, and VNC / SSH ingress network stability repair.

Change Details

  1. Security Fix (High Priority)
  • Remove old unauthenticated routes (acd63f1 ): Delete 8 old unauthenticated routes such as/v1/users,/v1/hosts, and/v1/tasks. These routes anonymously reveal sensitive credentials such as password_hash, entry_password, and ssh_private_key. Related functions have been taken over by/v1/admin/* and/v1/user/*, and the exclusive implementation of hosts.go has been removed.
  1. Export IP data model reconstruction.
  • Migration 0003: Unique constraint moved from ip_address to label ( b56be51 ): A sub-table reconstruction scheme is adopted. Empty ip_address (vless/reality scenarios) or duplicate (multiple lines share the same landing IP) is supported, and label is used as the new unique identifier. Contains a complete migration test, covering real data migration scenarios under FK constraints.
  • Empty IP value processing repair (69e0968 ): Create allows empty strings to be released (vless/reality), and illegal values still return 400; The label of Create/Update repeatedly matches by ToLower and returns 409; Update supplements the only conflict handling branch missing before.
  • Front-end form optimization (5638d4c ): The 0.0.0.0 placeholder is removed from the export IP creation form, and the real export IP is automatically backfilled by the back-end SOCKS5 detection stage.
  1. Network Stability Repair
  • VNC WebSocket proxy rewrite (ce2b00e ): Replaces the handwriting WebSocket proxy with the standard library ReverseProxy, and fixes the problems of KasmVNC upgrade failure caused by write request header interruption and Sec-WebSocket-Key loss in concurrent/sequential scenarios, and browser random 1006. A net decrease of 67 lines of code.
  • entry script stuck fix (a8b1eb7 ): sshpass branch supplement-tt to force PTY allocation and add </dev/tty to fix the problem of interactive shell stuck due to SSH failure to allocate PTY in curl | bash pipeline mode.

zanyatta added 6 commits July 9, 2026 20:47
…entials

GET/v1/users anonymously returns password_ ash/entry_ password/sh_private_key; Delete together
Unauthorized/v1/hosts,/v1/tasks,/v1/hosts/{id}/{create, start, stop, rebuild}.
The function has been overridden by/v1/admin/* and/v1/user/*, removing the dedicated implementation of hosts.go.

Signed-off-by: 云龙 <zanyatta@qq.com>
When the machine with sshpass is running on the sshpass branch, it is missing - tt and</dev/tty. In curl | bash, what is the standard input
The pipeline caused SSH to be unable to allocate PTY and the interactive shell to freeze. Add - tt to force PTY+</dev/tty.

Signed-off-by: 云龙 <zanyatta@qq.com>
…, fixed random 1006

Handwritten proxy WebSocket writes bare TCP connections field by field without verifying write errors,
In concurrent/sequential situations, there may be interruptions in the write request header and loss of Sec WebSocket Key, etc
Shaking hands caused KasmVNC to fail to complete the upgrade and the browser to randomly report code 1006.

Signed-off-by: 云龙 <zanyatta@qq.com>
…ss to label

- Adopting the sub table reconstruction method: temporarily storing host_ egress-bindings → DROP → rebuilding egress_ips (label UNIQUE, ipaddress can be empty or duplicated) → restoring sub tables and indexes according to the original definition of 0001
- Do not use PRAGMA defer_foreign_keys (still reporting FK failed (787) when tested on COMMIT, unavailable)
- New migration_0003_test.go: file library+SetMaxOpenConns (1)+FK=ON assertion+real scene of pre migration insertion binding data, verifying the sub table reconstruction method through REST constraints

Signed-off-by: 云龙 <zanyatta@qq.com>
…ase of the unique conflict.

- Create:ip_address empty string release (vless/reality scenarios), non-empty illegal value still returns 400
- Create/Update:strings.ToLower matches. New label already exists
- Update: Add a unique conflict handling branch (originally missing)
- new tests: empty ip 201, label duplicate 409, and update label duplicate 409

Signed-off-by: 云龙 <zanyatta@qq.com>
… and left blank for back-end detection backfill.

The back end has gone to the ip_address NOT NULL/UNIQUE, and the old placeholder is the culprit of the collision of the unique key with the landing IP multi-line.
Only when the user explicitly fills in the ip_address, the back-end storage is empty, and the verification phase SOCKS5 detection automatically backfills the real exit IP.

Signed-off-by: 云龙 <zanyatta@qq.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant