diff --git a/docker/nginx-https.conf b/docker/nginx-https.conf index 17408f5f..22f167f3 100644 --- a/docker/nginx-https.conf +++ b/docker/nginx-https.conf @@ -38,7 +38,7 @@ http { map $http_x_forwarded_port $proxy_x_forwarded_port { default $http_x_forwarded_port; - '' $server_port; + '' ''; } ssl_protocols TLSv1.2 TLSv1.3; @@ -87,7 +87,7 @@ http { location ~ ^/users/sessions(/.*)?$ { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; @@ -96,7 +96,7 @@ http { location ~ ^/users(/.*)?$ { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; @@ -107,7 +107,7 @@ http { location ~ ^/version(/.*)?$ { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -116,7 +116,7 @@ http { location ~ ^/releases(/.*)?$ { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -125,7 +125,7 @@ http { location ~ ^/alerts(/.*)?$ { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -134,7 +134,7 @@ http { location ~ ^/rbac(/.*)?$ { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -143,7 +143,7 @@ http { location ~ ^/credentials(/.*)?$ { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -156,7 +156,7 @@ http { location ~ ^/snippets(/.*)?$ { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -165,7 +165,7 @@ http { location ~ ^/terminal(/.*)?$ { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -177,7 +177,7 @@ http { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -196,7 +196,7 @@ http { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -212,7 +212,7 @@ http { location ~ ^/encryption(/.*)?$ { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -223,7 +223,7 @@ http { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_cache_bypass $http_upgrade; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -263,7 +263,7 @@ http { location /ssh/ { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -297,7 +297,7 @@ http { location /ssh/tunnel/ { proxy_pass http://127.0.0.1:30003; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -306,7 +306,7 @@ http { location /ssh/file_manager/recent { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -315,7 +315,7 @@ http { location /ssh/file_manager/pinned { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -324,7 +324,7 @@ http { location /ssh/file_manager/shortcuts { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -333,7 +333,7 @@ http { location /ssh/file_manager/sudo-password { proxy_pass http://127.0.0.1:30004; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -347,7 +347,7 @@ http { proxy_pass http://127.0.0.1:30004; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -363,7 +363,7 @@ http { location ~ ^/network-topology(/.*)?$ { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -372,7 +372,7 @@ http { location /health { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -381,7 +381,7 @@ http { location ~ ^/status(/.*)?$ { proxy_pass http://127.0.0.1:30005; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -390,7 +390,7 @@ http { location ~ ^/metrics(/.*)?$ { proxy_pass http://127.0.0.1:30005; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -403,7 +403,7 @@ http { location ~ ^/uptime(/.*)?$ { proxy_pass http://127.0.0.1:30006; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -412,7 +412,7 @@ http { location ~ ^/activity(/.*)?$ { proxy_pass http://127.0.0.1:30006; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -421,7 +421,7 @@ http { location ~ ^/dashboard/preferences(/.*)?$ { proxy_pass http://127.0.0.1:30006; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -433,7 +433,7 @@ http { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_cache_bypass $http_upgrade; proxy_set_header X-Real-IP $remote_addr; @@ -453,7 +453,7 @@ http { location ~ ^/docker(/.*)?$ { proxy_pass http://127.0.0.1:30007; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; diff --git a/docker/nginx.conf b/docker/nginx.conf index de850e8b..8ac129c6 100644 --- a/docker/nginx.conf +++ b/docker/nginx.conf @@ -38,7 +38,7 @@ http { map $http_x_forwarded_port $proxy_x_forwarded_port { default $http_x_forwarded_port; - '' $server_port; + '' ''; } ssl_protocols TLSv1.2 TLSv1.3; @@ -76,7 +76,7 @@ http { location ~ ^/users/sessions(/.*)?$ { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; @@ -85,7 +85,7 @@ http { location ~ ^/users(/.*)?$ { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; @@ -96,7 +96,7 @@ http { location ~ ^/version(/.*)?$ { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -105,7 +105,7 @@ http { location ~ ^/releases(/.*)?$ { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -114,7 +114,7 @@ http { location ~ ^/alerts(/.*)?$ { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -123,7 +123,7 @@ http { location ~ ^/rbac(/.*)?$ { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -132,7 +132,7 @@ http { location ~ ^/credentials(/.*)?$ { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -145,7 +145,7 @@ http { location ~ ^/snippets(/.*)?$ { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -154,7 +154,7 @@ http { location ~ ^/terminal(/.*)?$ { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -166,7 +166,7 @@ http { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -185,7 +185,7 @@ http { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -201,7 +201,7 @@ http { location ~ ^/encryption(/.*)?$ { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -212,7 +212,7 @@ http { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_cache_bypass $http_upgrade; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -252,7 +252,7 @@ http { location /ssh/ { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -286,7 +286,7 @@ http { location /ssh/tunnel/ { proxy_pass http://127.0.0.1:30003; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -295,7 +295,7 @@ http { location /ssh/file_manager/recent { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -304,7 +304,7 @@ http { location /ssh/file_manager/pinned { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -313,7 +313,7 @@ http { location /ssh/file_manager/shortcuts { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -322,7 +322,7 @@ http { location /ssh/file_manager/sudo-password { proxy_pass http://127.0.0.1:30004; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -336,7 +336,7 @@ http { proxy_pass http://127.0.0.1:30004; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -352,7 +352,7 @@ http { location ~ ^/network-topology(/.*)?$ { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -361,7 +361,7 @@ http { location /health { proxy_pass http://127.0.0.1:30001; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -370,7 +370,7 @@ http { location ~ ^/status(/.*)?$ { proxy_pass http://127.0.0.1:30005; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -379,7 +379,7 @@ http { location ~ ^/metrics(/.*)?$ { proxy_pass http://127.0.0.1:30005; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -392,7 +392,7 @@ http { location ~ ^/uptime(/.*)?$ { proxy_pass http://127.0.0.1:30006; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -401,7 +401,7 @@ http { location ~ ^/activity(/.*)?$ { proxy_pass http://127.0.0.1:30006; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -410,7 +410,7 @@ http { location ~ ^/dashboard/preferences(/.*)?$ { proxy_pass http://127.0.0.1:30006; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -422,7 +422,7 @@ http { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_cache_bypass $http_upgrade; proxy_set_header X-Real-IP $remote_addr; @@ -442,7 +442,7 @@ http { location ~ ^/docker(/.*)?$ { proxy_pass http://127.0.0.1:30007; proxy_http_version 1.1; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; diff --git a/src/backend/database/routes/users.ts b/src/backend/database/routes/users.ts index d16fb942..3e19b555 100644 --- a/src/backend/database/routes/users.ts +++ b/src/backend/database/routes/users.ts @@ -815,6 +815,13 @@ router.get("/oidc/authorize", async (req, res) => { backendCallbackUri: backendCallbackUri, }); + authLogger.info( + `\n${"=".repeat(68)}\n` + + ` OIDC CALLBACK URL - Register this in your OAuth provider:\n` + + ` ${backendCallbackUri}\n` + + `${"=".repeat(68)}`, + ); + const envConfig = getOIDCConfigFromEnv(); let config; @@ -1526,9 +1533,10 @@ router.post("/login", async (req, res) => { if (userRecord.totpEnabled) { const deviceFingerprint = generateDeviceFingerprint(deviceInfo); - const isTrusted = rememberMe - ? await authManager.isTrustedDevice(userRecord.id, deviceFingerprint) - : false; + const isTrusted = await authManager.isTrustedDevice( + userRecord.id, + deviceFingerprint, + ); if (isTrusted) { authLogger.info("TOTP bypassed for trusted device", { diff --git a/src/backend/ssh/server-stats.ts b/src/backend/ssh/server-stats.ts index c6664a7b..3cec063e 100644 --- a/src/backend/ssh/server-stats.ts +++ b/src/backend/ssh/server-stats.ts @@ -1001,17 +1001,21 @@ class PollingManager { } } - refreshAllPolling(): void { + async refreshAllPolling(): Promise { const hostsToRefresh: Array<{ host: SSHHostWithCredentials; viewerUserId?: string; }> = []; for (const [hostId, config] of this.pollingConfigs.entries()) { - hostsToRefresh.push({ - host: config.host, - viewerUserId: config.viewerUserId, - }); + const status = this.statusStore.get(hostId); + + if (!status || status.status === "online") { + hostsToRefresh.push({ + host: config.host, + viewerUserId: config.viewerUserId, + }); + } } for (const hostId of this.pollingConfigs.keys()) { @@ -1019,8 +1023,10 @@ class PollingManager { } for (const { host, viewerUserId } of hostsToRefresh) { - this.startPollingForHost(host, { statusOnly: true, viewerUserId }); + await this.startPollingForHost(host, { statusOnly: true, viewerUserId }); } + + const skipped = this.pollingConfigs.size - hostsToRefresh.length; } registerViewer(hostId: number, sessionId: string, userId: string): void { @@ -3206,16 +3212,21 @@ app.post("/global-settings", requireAdmin, async (req, res) => { .run(String(metricsInterval)); } - // Refresh all active polling to apply new intervals immediately - pollingManager.refreshAllPolling(); + await pollingManager.refreshAllPolling(); - res.json({ success: true }); + res.json({ + success: true, + message: "Settings updated and polling refreshed", + }); } catch (error) { statsLogger.error("Failed to save global settings", { operation: "global_settings_save_error", error: error instanceof Error ? error.message : String(error), }); - res.status(500).json({ error: "Failed to save global settings" }); + res.status(500).json({ + error: "Failed to save global settings", + details: error instanceof Error ? error.message : String(error), + }); } }); diff --git a/src/backend/utils/auth-manager.ts b/src/backend/utils/auth-manager.ts index b22ff6a7..73773854 100644 --- a/src/backend/utils/auth-manager.ts +++ b/src/backend/utils/auth-manager.ts @@ -99,7 +99,7 @@ class AuthManager { const sessionDurationMs = deviceType === "desktop" || deviceType === "mobile" ? 30 * 24 * 60 * 60 * 1000 - : 2 * 60 * 60 * 1000; + : 24 * 60 * 60 * 1000; const authenticated = await this.userCrypto.authenticateOIDCUser( userId, @@ -121,7 +121,7 @@ class AuthManager { const sessionDurationMs = deviceType === "desktop" || deviceType === "mobile" ? 30 * 24 * 60 * 60 * 1000 - : 2 * 60 * 60 * 1000; + : 24 * 60 * 60 * 1000; const authenticated = await this.userCrypto.authenticateUser( userId, @@ -154,9 +154,8 @@ class AuthManager { return; } - const { getSqlite, saveMemoryDatabaseToFile } = await import( - "../database/db/index.js" - ); + const { getSqlite, saveMemoryDatabaseToFile } = + await import("../database/db/index.js"); const sqlite = getSqlite(); @@ -171,9 +170,8 @@ class AuthManager { } try { - const { CredentialSystemEncryptionMigration } = await import( - "./credential-system-encryption-migration.js" - ); + const { CredentialSystemEncryptionMigration } = + await import("./credential-system-encryption-migration.js"); const credMigration = new CredentialSystemEncryptionMigration(); const credResult = await credMigration.migrateUserCredentials(userId); @@ -213,10 +211,10 @@ class AuthManager { if (options.rememberMe) { expiresIn = "30d"; } else { - expiresIn = "2h"; + expiresIn = "24h"; } } else if (!expiresIn) { - expiresIn = "2h"; + expiresIn = "24h"; } const payload: JWTPayload = { userId }; @@ -250,9 +248,8 @@ class AuthManager { }); try { - const { saveMemoryDatabaseToFile } = await import( - "../database/db/index.js" - ); + const { saveMemoryDatabaseToFile } = + await import("../database/db/index.js"); await saveMemoryDatabaseToFile(); } catch (saveError) { databaseLogger.error( @@ -280,7 +277,7 @@ class AuthManager { private parseExpiresIn(expiresIn: string): number { const match = expiresIn.match(/^(\d+)([smhd])$/); - if (!match) return 2 * 60 * 60 * 1000; + if (!match) return 24 * 60 * 60 * 1000; const value = parseInt(match[1]); const unit = match[2]; @@ -295,7 +292,7 @@ class AuthManager { case "d": return value * 24 * 60 * 60 * 1000; default: - return 2 * 60 * 60 * 1000; + return 24 * 60 * 60 * 1000; } } @@ -364,9 +361,8 @@ class AuthManager { await db.delete(sessions).where(eq(sessions.id, sessionId)); try { - const { saveMemoryDatabaseToFile } = await import( - "../database/db/index.js" - ); + const { saveMemoryDatabaseToFile } = + await import("../database/db/index.js"); await saveMemoryDatabaseToFile(); } catch (saveError) { databaseLogger.error( @@ -423,9 +419,8 @@ class AuthManager { } try { - const { saveMemoryDatabaseToFile } = await import( - "../database/db/index.js" - ); + const { saveMemoryDatabaseToFile } = + await import("../database/db/index.js"); await saveMemoryDatabaseToFile(); } catch (saveError) { databaseLogger.error( @@ -466,9 +461,8 @@ class AuthManager { .where(sql`${sessions.expiresAt} < datetime('now')`); try { - const { saveMemoryDatabaseToFile } = await import( - "../database/db/index.js" - ); + const { saveMemoryDatabaseToFile } = + await import("../database/db/index.js"); await saveMemoryDatabaseToFile(); } catch (saveError) { databaseLogger.error( @@ -531,7 +525,7 @@ class AuthManager { getSecureCookieOptions( req: RequestWithHeaders, - maxAge: number = 2 * 60 * 60 * 1000, + maxAge: number = 24 * 60 * 60 * 1000, ) { return { httpOnly: false, @@ -613,9 +607,8 @@ class AuthManager { .where(eq(sessions.id, payload.sessionId)) .then(async () => { try { - const { saveMemoryDatabaseToFile } = await import( - "../database/db/index.js" - ); + const { saveMemoryDatabaseToFile } = + await import("../database/db/index.js"); await saveMemoryDatabaseToFile(); const remainingSessions = await db @@ -759,9 +752,8 @@ class AuthManager { await db.delete(sessions).where(eq(sessions.id, sessionId)); try { - const { saveMemoryDatabaseToFile } = await import( - "../database/db/index.js" - ); + const { saveMemoryDatabaseToFile } = + await import("../database/db/index.js"); await saveMemoryDatabaseToFile(); } catch (saveError) { databaseLogger.error( @@ -827,9 +819,6 @@ class AuthManager { ); } - /** - * Check if device is trusted for TOTP bypass - */ async isTrustedDevice( userId: string, deviceFingerprint: string, @@ -875,9 +864,6 @@ class AuthManager { } } - /** - * Add device to trusted list for TOTP bypass - */ async addTrustedDevice( userId: string, deviceFingerprint: string, @@ -925,9 +911,6 @@ class AuthManager { } } - /** - * Remove trusted device - */ async removeTrustedDevice( userId: string, deviceFingerprint: string, diff --git a/src/backend/utils/request-origin.ts b/src/backend/utils/request-origin.ts index 2c4b7d78..eca003fb 100644 --- a/src/backend/utils/request-origin.ts +++ b/src/backend/utils/request-origin.ts @@ -19,7 +19,7 @@ export function getRequestOrigin(req: Request | IncomingMessage): string { } const portHeader = req.headers["x-forwarded-port"]; - const port = + let port: string | undefined = typeof portHeader === "string" ? portHeader.split(",")[0].trim() : undefined; @@ -31,8 +31,15 @@ export function getRequestOrigin(req: Request | IncomingMessage): string { ? hostHeaderRaw.split(",")[0].trim() : String(hostHeaderRaw); + if (!port && hostHeader.includes(":")) { + const parts = hostHeader.split(":"); + if (parts.length === 2 && !parts[0].includes("[")) { + port = parts[1]; + } + } + + const hostWithoutPort = hostHeader.split(":")[0]; if (port) { - const hostWithoutPort = hostHeader.split(":")[0]; const isDefaultPort = (protocol === "http" && port === "80") || (protocol === "https" && port === "443"); @@ -42,7 +49,7 @@ export function getRequestOrigin(req: Request | IncomingMessage): string { : `${protocol}://${hostWithoutPort}:${port}`; } - return `${protocol}://${hostHeader}`; + return `${protocol}://${hostWithoutPort}`; } export function getRequestOriginWithForceHTTPS( diff --git a/src/locales/en.json b/src/locales/en.json index b5058ffc..7dd7a1c4 100644 --- a/src/locales/en.json +++ b/src/locales/en.json @@ -810,6 +810,7 @@ "globalSettingsSaved": "Global monitoring settings saved", "failedToSaveGlobalSettings": "Failed to save global monitoring settings", "failedToLoadGlobalSettings": "Failed to load global monitoring settings", + "clampedToValidRange": "was adjusted to valid range", "sessionManagement": "Session Management", "loadingSessions": "Loading sessions...", "noActiveSessions": "No active sessions found.", diff --git a/src/ui/desktop/apps/admin/tabs/GeneralSettingsTab.tsx b/src/ui/desktop/apps/admin/tabs/GeneralSettingsTab.tsx index cb099e1f..dbc2b3cf 100644 --- a/src/ui/desktop/apps/admin/tabs/GeneralSettingsTab.tsx +++ b/src/ui/desktop/apps/admin/tabs/GeneralSettingsTab.tsx @@ -88,8 +88,12 @@ export function GeneralSettingsTab({ metricsInterval: newMetrics, }); toast.success(t("admin.globalSettingsSaved")); - } catch { - toast.error(t("admin.failedToSaveGlobalSettings")); + } catch (error) { + const errorMessage = + error instanceof Error + ? error.message + : t("admin.failedToSaveGlobalSettings"); + toast.error(errorMessage); } finally { setMonitoringLoading(false); } diff --git a/src/ui/desktop/authentication/Auth.tsx b/src/ui/desktop/authentication/Auth.tsx index fe0e8bdb..42a3a9aa 100644 --- a/src/ui/desktop/authentication/Auth.tsx +++ b/src/ui/desktop/authentication/Auth.tsx @@ -104,7 +104,14 @@ export function Auth({ const [localUsername, setLocalUsername] = useState(""); const [password, setPassword] = useState(""); const [signupConfirmPassword, setSignupConfirmPassword] = useState(""); - const [rememberMe, setRememberMe] = useState(false); + const [rememberMe, setRememberMe] = useState(() => { + try { + const saved = localStorage.getItem("rememberMe"); + return saved === "true"; + } catch { + return false; + } + }); const [loading, setLoading] = useState(false); const [oidcLoading, setOidcLoading] = useState(false); const [internalLoggedIn, setInternalLoggedIn] = useState(false); @@ -175,6 +182,14 @@ export function Auth({ } }, [totpRequired]); + useEffect(() => { + try { + localStorage.setItem("rememberMe", rememberMe.toString()); + } catch { + // expected - localStorage might not be available + } + }, [rememberMe]); + useEffect(() => { getRegistrationAllowed().then((res) => { setRegistrationAllowed(res.allowed); diff --git a/src/ui/mobile/authentication/Auth.tsx b/src/ui/mobile/authentication/Auth.tsx index 5b349b8c..f691b6e4 100644 --- a/src/ui/mobile/authentication/Auth.tsx +++ b/src/ui/mobile/authentication/Auth.tsx @@ -3,6 +3,7 @@ import { cn } from "@/lib/utils.ts"; import { Button } from "@/components/ui/button.tsx"; import { Input } from "@/components/ui/input.tsx"; import { Label } from "@/components/ui/label.tsx"; +import { Checkbox } from "@/components/ui/checkbox.tsx"; import { Alert, AlertTitle, AlertDescription } from "@/components/ui/alert.tsx"; import { useTranslation } from "react-i18next"; import { LanguageSwitcher } from "@/ui/desktop/user/LanguageSwitcher.tsx"; @@ -93,6 +94,14 @@ export function Auth({ const [localUsername, setLocalUsername] = useState(""); const [password, setPassword] = useState(""); const [signupConfirmPassword, setSignupConfirmPassword] = useState(""); + const [rememberMe, setRememberMe] = useState(() => { + try { + const saved = localStorage.getItem("rememberMe"); + return saved === "true"; + } catch { + return false; + } + }); const [loading, setLoading] = useState(false); const [oidcLoading, setOidcLoading] = useState(false); const [error, setError] = useState(null); @@ -130,6 +139,14 @@ export function Auth({ } }, [totpRequired]); + useEffect(() => { + try { + localStorage.setItem("rememberMe", rememberMe.toString()); + } catch { + // expected - localStorage might not be available + } + }, [rememberMe]); + useEffect(() => { getRegistrationAllowed().then((res) => { setRegistrationAllowed(res.allowed); @@ -218,7 +235,7 @@ export function Auth({ try { let res; if (tab === "login") { - res = await loginUser(localUsername, password); + res = await loginUser(localUsername, password, rememberMe); } else { if (password !== signupConfirmPassword) { toast.error(t("errors.passwordMismatch")); @@ -232,7 +249,7 @@ export function Auth({ } await registerUser(localUsername, password); - res = await loginUser(localUsername, password); + res = await loginUser(localUsername, password, rememberMe); } if (res.requires_totp) { @@ -441,7 +458,7 @@ export function Auth({ setTotpLoading(true); try { - const res = await verifyTOTPLogin(totpTempToken, totpCode); + const res = await verifyTOTPLogin(totpTempToken, totpCode, rememberMe); if (!res || !res.success) { throw new Error(t("errors.loginFailed")); @@ -1108,6 +1125,24 @@ export function Auth({ disabled={loading || internalLoggedIn} /> + {tab === "login" && ( +
+ + setRememberMe(checked === true) + } + disabled={loading || internalLoggedIn} + /> + +
+ )} {tab === "signup" && (