Conversation
…thon version detection and remove app template installation.
…post-installation steps.
Major refactor of install.sh and uninstall.sh to improve robustness, cross-distro support, and low-RAM VPS behavior. install.sh: add safety cd, colored helpers, Python detection with fallback to 3.12, RAM check and swap setup, noninteractive apt/dnf and needrestart handling, Docker/Docker Compose/Node installation, clone/update repo, create system dirs and install bundled templates, set up venv and dependencies, generate .env, create self-signed SSL, install systemd service, configure nginx reverse proxy, build frontend on host to avoid Docker memory issues, start services, perform health checks, and send install telemetry. uninstall.sh: formatting/consistency fixes, require root, safer docker compose teardown, remove /etc/serverkit and /var/serverkit, and send uninstall telemetry. Also add CONTRIBUTORS.md and remove the .claude code-review SKILL.md.
When creating an admin via the backend CLI, mark setup as complete by calling SettingsService.complete_setup so the web UI won't show the setup wizard. In the frontend, add a sign-in flow to SetupStepAccount when registration is disabled (e.g. an admin was created via CLI): pull login and registrationEnabled from Auth, implement handleLogin, show an informational banner, and keep the original register flow as handleRegister. In AuthContext, make checkSetupStatus retry a few times (with a short delay) if the backend isn't ready, and on exhausted retries assume a fresh install (needsSetup and registrationEnabled = true) to avoid locking out users while the backend initializes.
Add user-configurable sidebar and initial workflow/environment features across backend, frontend, and docs. Backend: store sidebar_config on User (JSON column), add get_sidebar_config / set_sidebar_config helpers, include sidebar_config in user.to_dict(), and validate/update sidebar_config in the update_current_user API (preset and hiddenItems validation). Frontend: refactor Sidebar to compute visible items via a shared sidebarItems module and memoized grouping/rendering; add settings UI and sidebarItems (new components) and update settings styles to support sidebar configuration. Docs & README: update README and ARCHITECTURE to document Workflow Builder, Environment Pipeline, and other new/renamed features; bump roadmap versions and reorder/expand roadmap phases to reflect Visual Designer, Automation Engine, pipeline, and monitoring work. Overall: wires up end-to-end support for customizable sidebar preferences, surfaces them via API, and updates UI + documentation to reflect new automation and pipeline features.
Introduce a full-featured workflow automation system: add WorkflowEngine service to execute workflows, background scheduler to trigger cron workflows, and croniter dependency. Extend Workflow model with automation fields (is_active, trigger_type, trigger_config, last_run_at, last_status) and add WorkflowExecution and WorkflowLog models. Add API endpoints to start executions, list executions, fetch execution details and logs, and persist execution records/logs. Implement frontend components for workflow nodes, config panels, and an execution history UI (multiple new React components) and wire minor builder UI imports. Note: database migrations are required to add new columns and tables.
Introduce a full workflow/automation subsystem: new WorkflowEngine with DAG validation/execution (Kahn's algorithm), logic-if branching, variable interpolation, script sandboxing (timeouts, output limits), retry semantics, notification nodes, and an in-process WorkflowEventBus for event-triggered workflows. Backend API updates include webhook trigger and validate endpoints, auto-generation of webhook IDs on create/update, and services emitting events (git push, health check failures, app stopped, monitoring alerts). Add Alembic migration to create workflow-related tables and bump VERSION to 1.4.0. Also update .gitignore, add GitHub issue/PR templates, quick-start script, and various frontend workflow panel/component adjustments to support the new automation features.
Introduce full agent fleet management and discovery features across backend, agent, and frontend. Backend: add AgentVersion and AgentRollout models, extend Server/ServerGroup/ServerCommand/AgentSession with fleet, queue and latency fields; implement AgentFleetService (bulk upgrades, staged rollouts, queued commands, retries, diagnostics) and DiscoveryService (UDP broadcast scan); add new servers API endpoints for fleet operations. Agent: add UDP discovery responder, agent:update handler to trigger updater, and wire updater.UpdateTo to install specific versions; extend protocol messages with discovery and agent:update types. Registry: deliver queued commands on agent connect and track heartbeat latency. Frontend: add AgentFleet page and route, plus API client updates. Also add SECURITY_AUDIT.md to .gitignore. These changes enable discovery, staged rollouts, offline command queuing with retries, and fleet health/diagnostics.
Adds cross-server Fleet Monitor endpoints and models, plus broad security and robustness improvements across agent, backend, and tooling. Key changes: - New fleet monitor API (endpoints for heatmap, comparison, alerts, thresholds, anomalies, forecast, search, exports, and Prometheus) and service skeleton. - New DB models for ServerAlertThreshold and MetricAlert to support metric alerts. - Agent discovery/registration hardening: HMAC-signed discovery requests, signature/timestamp validation, minimal discovery responses, HMAC-based unregister headers, and enforced command timeout cap in agent command handling. - WebSocket and agent client TLS handling gated by SERVERKIT_INSECURE_TLS env var; added auth rate limiting on agent gateway. - Docker-compose: parameterize agent image via AGENT_VERSION and avoid running as root by adding docker group access. - Backend security & policy: tightened CSP script/style sources, request size limit, 2FA pending-token rejection on non-2FA endpoints, registration flow/guards, admin-only SSO admin routes via middleware, rate limits on sensitive endpoints, and logging for auth/2FA events. - Database service hardening: identifier validation, avoid passing passwords on CLI (use env vars), safer subprocess usage, and docker exec handling improvements. - CronService: command validation to prevent shell injection and run commands without shell=True; build_service and other subprocess usages updated similarly. - Misc: .env.example notes clarified for encryption key generation, invitation token generation improved, agent registry timestamp window reduced, various logging and input validations added, frontend FleetMonitor page and styles stubbed in, and Vite/config/style updates. Overall this commit implements fleet monitoring scaffolding and a set of security, validation, and operational improvements to make agent discovery, registration, command execution, and backend services safer and more robust.
Phase 28: Plugin architecture with manifest validation, capability/permission system, per-server installation tracking, bulk deploy, and health monitoring. Backend model, service, API routes + frontend plugin management page. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Phase 29: Template builder, library presets (Web/DB/Mail), template inheritance, per-server assignment, drift checking via agent, auto-remediation, bulk apply, and fleet compliance dashboard. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Phase 30: Workspace isolation, role-based membership (owner/admin/member/viewer), workspace-scoped API keys, usage quotas, archive/restore, branding, and super-admin cross-workspace view. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Phase 31: DNS-01 wildcard certificates, multi-domain SAN certs, custom cert upload, SSL health grading (protocols/ciphers), expiry alerts, and configuration profiles (modern/intermediate/legacy). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Phase 32: DNS zone editor with A/AAAA/CNAME/MX/TXT/SRV/CAA records, Cloudflare/Route53/DigitalOcean API sync, propagation checker, template presets (web/email hosting), BIND zone import/export. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Phase 33: Visual reverse proxy builder, upstream load balancing (round-robin, least-conn, IP hash), proxy cache zones, rate limiting, header manipulation, config syntax validation, diff preview, and per-vhost log viewer. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Phase 34: Public status pages, automated health checks (HTTP/TCP/DNS/ping), component grouping, incident timeline, maintenance windows, uptime tracking (24h/7d/30d/90d), status badges, and customizable branding. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Phase 35: DigitalOcean, Hetzner, Vultr, Linode integration, server creation wizard (region/size/OS/SSH), auto agent install, cost tracking, snapshot management, and destroy with confirmation safeguards. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Phase 36: Redis caching with in-memory fallback, cache decorator for functions, background job queue with worker pool, job status tracking, cache stats/flush endpoints, and job cleanup. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Phase 37: Progressive Web App manifest, service worker for offline caching, push notification registration, quick actions API, mobile summary endpoint, and offline data caching for server status. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Phase 38: Extension marketplace with categories, search, ratings, install/ uninstall, config schemas, extension submission workflow, and developer SDK support. Completes the full ServerKit roadmap (Phases 28-38). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Update backend/requirements.txt to upgrade PyJWT from 2.8.0 to 2.12.1. This brings the JWT dependency to a newer release for bug fixes and improved compatibility with the authentication stack.
Multiple coordinated changes: backend - Ensure JWT identity is stringified (PyJWT 2.10+ compatibility). - Allow relaxed CSP in debug (unsafe-inline + localhost/ws) for Vite dev tooling. - Rename CloudServer.metadata -> server_metadata and update usages to avoid property conflicts. - Enhance MigrationService to auto-add missing columns (SQLite-aware type mapping), create missing tables and log results. - Add run_command helper that returns a simple stdout/stderr/returncode dict. Frontend - Rename numerous ApiService methods for clarity (e.g. getGitStatus -> getGitServerStatus, triggerDeploy -> triggerAppDeploy/triggerGitDeploy, getProcesses -> getSystemProcesses, nginx advanced test/reload renamed) and update pages to call the new APIs. - Import Activity icon in WorkflowBuilder. Styles - Add Tailwind-like utilities.less and import it in main.less. - Add spacing/color aliases to variables.less, new badge component styles, and layout/sidebar tweaks (page-container, header helpers, spacing/opac adjustments). Overall: fixes compatibility issues, improves schema migration resiliency, clarifies API method names, and adds utility styles for newer pages.
Broad refactor and hardening across backend and frontend: - Standardize API error responses by removing legacy `success` flags and returning concise error payloads. - Replace inline admin decorators with centralized middleware import (admin_required) in DB and Docker APIs. - DatabaseService: add safer MySQL execution helpers and secure user-creation flow (hex-encoding, env-pwd usage) and improve pg drop to validate identifiers. - Models: add eager-loading (subquery) for relationships and add indexes to frequently queried columns to reduce N+1 and improve performance. - DockerService: add structured logging and error messages for better observability when Docker commands fail. - Config: tighten ProductionConfig cookie settings (secure, httponly, samesite). - Frontend: migrate many .less styles to .scss, add new security UI components and API client modules, update package metadata accordingly. - Misc: add APP_IMPROVEMENTS.md to .gitignore. These changes improve security, reliability, observability, and frontend styling consistency.
Replace the monolithic frontend/src/services/api.js with a new module at frontend/src/services/api/index.js to better organize and modularize the API layer. The previous large api.js file was removed and its functionality has been relocated into the new directory-based module (index.js). Update any imports referencing frontend/src/services/api.js to import from frontend/src/services/api (or the new index path) as needed.
Add a reusable Modal component (handles Escape key, focus trap and consistent markup) and refactor many inline modal implementations across the frontend to use it (EnvironmentVariables, LinkAppModal, QueryRunner, security tabs, GitConnectModal, ApiKeyModal, etc.). Implement React.lazy + Suspense for large pages and replace loading placeholders with a shared LoadingState; add route normalizations/redirects and tab-aware routes. Add new UI primitives (EmptyState, StatusBadge), an About settings tab, sidebar presets/appearance links and related sidebar logic, plus new styles. Also add the @rollup/rollup-win32-x64-msvc dependency to package.json.
Move Downloads into Marketplace as a lazily-loaded tab and integrate it into the tab navigation (replace local tab state with useTabParam and register 'downloads' in VALID_TABS). Add lazy-loaded StatusPages to Monitoring, extend VALID_TABS and add the Status Pages tab and rendering via Suspense with LoadingState fallback. Also update App.jsx comment to reflect that Downloads was absorbed into Marketplace and adjust Spinner imports to expose LoadingState.
Replace many lazy imports/Suspense with direct page imports and expand route mappings (new pages, renamed routes and updated PAGE_TITLES). Simplify loading state to a basic placeholder and adjust Private/Public/Setup route behavior. Revamp Sidebar to support collapsible subItems, auto-expand parents based on location, per-item expand toggles, and updated icon/chevron usage; update sidebarItems data to include subItems for Servers, Domains, Files, Monitoring and Marketplace and simplify preset handling. Introduce a shared ConfigPanel component and migrate Logic/Notification/Script panels to use it (add icon/color, delete footer, improved form controls, hints and examples). Normalize node components (LogicIf, Notification, Script, Trigger) to use consistent icon/styling classes, status handling and layout improvements. Miscellaneous UI/UX tweaks and small refactors across workflow components and styles.
Frontend and backend updates to improve activity visibility and multi-server support. Backend: extend activity summary window to 90 days and add per-day series for the top user (top_user_daily) to the activity summary API. Frontend: - Activity tab refactor: rename feed→logs, add pagination, server-side audit log fetching, richer filters, icons, action formatting, details rendering, and improved loading/empty states. - New ContributionGraph component + styles to visualize daily activity and per-user contributions; graphs injected into ActivityTab. - Sidebar: separate manual vs auto-expanded state, auto-expand active parent, and persist preset switch locally while persisting to API in background. - Dashboard: add server selector and remote-server metrics fetching, use remote metrics when a non-local server is selected, adjust polling and refresh semantics, and various UI/icon tweaks. - Appearance tab: remove inline white-label UI; introduce a dedicated WhiteLabelTab component for custom branding. Misc: add component and page SCSS files and small README updates describing new features and priority areas.
There was a problem hiding this comment.
Pull request overview
Expands ServerKit from single-server management into a broader platform, while modernizing the frontend UI patterns and hardening backend security/ops for fleet-scale features.
Changes:
- Introduces new frontend settings/security tabs plus shared UI building blocks (notably a reusable
Modal) and PWA assets. - Adds major backend subsystems (workspaces, marketplace, fleet monitor, cloud provisioning, workflow scheduling) with new models/APIs.
- Tightens security posture (JWT expiry, CSP, rate limits, key validation) and makes multiple subprocess execution paths safer.
Reviewed changes
Copilot reviewed 135 out of 310 changed files in this pull request and generated 13 comments.
Show a summary per file
| File | Description |
|---|---|
| frontend/src/components/settings/WebhookSubscriptionModal.jsx | Migrates to shared Modal component. |
| frontend/src/components/settings/UsersTab.jsx | Uses shared Modal for delete confirmation. |
| frontend/src/components/settings/UserModal.jsx | Migrates user create/edit modal to shared Modal. |
| frontend/src/components/settings/SiteSettingsTab.jsx | Adds new tab to manage global registration + dev mode flags. |
| frontend/src/components/settings/SSOConfigTab.jsx | Refactors SSO settings layout/UI structure. |
| frontend/src/components/settings/ProfileTab.jsx | Adds profile settings tab. |
| frontend/src/components/settings/InviteModal.jsx | Migrates invitation modal to shared Modal. |
| frontend/src/components/settings/IconReferenceTab.jsx | Adds lucide icon catalog/reference tab. |
| frontend/src/components/settings/ContributionGraph.jsx | Adds contribution graph component for audit activity. |
| frontend/src/components/settings/AppearanceTab.jsx | Adds theme/accent/widget preference controls. |
| frontend/src/components/settings/ApiKeyModal.jsx | Migrates API key modal to shared Modal. |
| frontend/src/components/settings/AboutTab.jsx | Adds About page with version + update check + repo links. |
| frontend/src/components/service-detail/GitConnectModal.jsx | Migrates git connect modal to shared Modal. |
| frontend/src/components/security/index.js | Adds barrel exports for new security tab components. |
| frontend/src/components/security/VulnerabilityTab.jsx | Adds Lynis vulnerability scanning UI. |
| frontend/src/components/security/SecurityConfigTab.jsx | Adds config UI for ClamAV/integrity/notifications. |
| frontend/src/components/security/SSHKeysTab.jsx | Adds SSH authorized keys management UI. |
| frontend/src/components/security/QuarantineTab.jsx | Adds quarantine view/actions UI. |
| frontend/src/components/security/IntegrityTab.jsx | Adds on-demand integrity baseline/check UI. |
| frontend/src/components/security/IPListsTab.jsx | Adds allowlist/blocklist management UI. |
| frontend/src/components/security/EventsTab.jsx | Adds security events + failed login summary UI. |
| frontend/src/components/security/AutoUpdatesTab.jsx | Adds unattended-upgrades status + enable/disable UI. |
| frontend/src/components/security/AuditTab.jsx | Adds “security audit” generation UI. |
| frontend/src/components/StatusBadge.jsx | Adds reusable status badge component. |
| frontend/src/components/QueryRunner.jsx | Migrates query runner overlay to shared Modal. |
| frontend/src/components/Modal.jsx | Introduces shared modal component. |
| frontend/src/components/LinkAppModal.jsx | Migrates link-app modal to shared Modal. |
| frontend/src/components/EnvironmentVariables.jsx | Migrates import/history modals to shared Modal. |
| frontend/src/components/EmptyState.jsx | Adds reusable empty state component. |
| frontend/src/App.jsx | Adds routes/titles for new fleet/workspace/DNS/status/cloud/marketplace pages. |
| frontend/public/sw.js | Adds service worker for PWA/offline + push handling. |
| frontend/public/manifest.json | Adds PWA manifest. |
| frontend/package.json | Replaces LESS with Sass; adds Rollup platform package dependency. |
| dev.sh | Tweaks terminal color constant. |
| backend/requirements.txt | Bumps PyJWT; adds croniter. |
| backend/migrations/versions/003_workflows_automation.py | Adds/extends workflow automation tables. |
| backend/config.py | Shortens JWT access TTL; adds production cookie flags & production config validation. |
| backend/cli.py | Marks setup complete for CLI-created admin. |
| backend/app/utils/system.py | Adds run_command convenience wrapper. |
| backend/app/utils/crypto.py | Enforces encryption key in production; warns in dev. |
| backend/app/services/template_service.py | Runs scripts via bash -c instead of shell=True. |
| backend/app/services/settings_service.py | Tightens setup gating logic. |
| backend/app/services/python_service.py | Runs commands via bash -c instead of shell=True. |
| backend/app/services/nginx_service.py | Adds domain/path validation to prevent config injection. |
| backend/app/services/monitoring_service.py | Emits workflow events for alerts. |
| backend/app/services/migration_service.py | Adds schema sync routine to add missing columns + create tables. |
| backend/app/services/marketplace_service.py | Adds marketplace business logic. |
| backend/app/services/git_service.py | Runs scripts via bash -c; emits workflow event on push. |
| backend/app/services/git_deploy_service.py | Runs scripts via bash -c. |
| backend/app/services/file_service.py | Adds filename/path and chmod mode validation. |
| backend/app/services/environment_health_service.py | Emits workflow event on failed health checks. |
| backend/app/services/docker_service.py | Improves command parsing; adds logging; emits workflow event on stop. |
| backend/app/services/discovery_service.py | Adds LAN discovery via UDP broadcast + listener. |
| backend/app/services/cron_service.py | Adds cron command validation; switches run-now to bash -c. |
| backend/app/services/cache_service.py | Adds Redis/memory cache service + decorator. |
| backend/app/services/build_service.py | Switches custom build command to bash -c. |
| backend/app/services/background_job_service.py | Adds in-process background job queue/workers. |
| backend/app/services/agent_registry.py | Adds heartbeat latency tracking, stricter auth timestamp window, queued command delivery. |
| backend/app/models/workspace.py | Adds workspace + membership + workspace API key models. |
| backend/app/models/workflow.py | Adds automation fields + execution/log models. |
| backend/app/models/user.py | Adds indexes; stores sidebar preferences. |
| backend/app/models/metric_alert.py | Adds metric alert + threshold models. |
| backend/app/models/marketplace.py | Adds marketplace extension + install models. |
| backend/app/models/invitation.py | Uses stronger token generation. |
| backend/app/models/dns_zone.py | Adds DNS zone + record models. |
| backend/app/models/cloud_server.py | Adds cloud provider/server/snapshot models. |
| backend/app/models/application.py | Avoids N+1 by eager-loading domains via subquery. |
| backend/app/models/agent_plugin.py | Adds agent plugin + per-server install models. |
| backend/app/models/init.py | Exports new models. |
| backend/app/middleware/security.py | Tightens CSP; adds dev vs prod policies. |
| backend/app/api/workspaces.py | Adds workspace CRUD/members/API key endpoints. |
| backend/app/api/two_factor.py | Adds rate limiting and logs for disable action. |
| backend/app/api/sso.py | Uses centralized admin_required guard. |
| backend/app/api/server_templates.py | Adds server template CRUD/assignment/compliance endpoints. |
| backend/app/api/performance.py | Adds admin endpoints for cache/job inspection/actions. |
| backend/app/api/nginx_advanced.py | Adds advanced nginx endpoints. |
| backend/app/api/mobile.py | Adds mobile endpoints including push registration and offline cache data. |
| backend/app/api/marketplace.py | Adds marketplace endpoints. |
| backend/app/api/fleet_monitor.py | Adds fleet monitor endpoints incl. export & Prometheus. |
| backend/app/api/docker.py | Centralizes admin guard; minor response cleanup. |
| backend/app/api/dns_zones.py | Adds DNS zone/record/tooling endpoints. |
| backend/app/api/databases.py | Centralizes admin guard. |
| backend/app/api/cloud_provisioning.py | Adds cloud provider/server/snapshot endpoints. |
| backend/app/api/auth.py | Adds logging, throttles /me, validates sidebar config. |
| backend/app/api/apps.py | Minor response cleanup. |
| backend/app/api/advanced_ssl.py | Adds advanced SSL endpoints. |
| backend/app/api/admin.py | Expands audit activity summary to 90 days + top user series. |
| backend/app/agent_gateway.py | Adds in-memory rate limiting for agent auth. |
| backend/app/init.py | Registers new blueprints; adds workflow scheduler loop; adds 2FA-pending request guard. |
| backend/.env.example | Removes example encryption key value (forces generation). |
| agent/pkg/protocol/messages.go | Adds discovery message types and agent update action constant. |
| agent/internal/ws/client.go | Makes insecure TLS opt-in via env var. |
| agent/internal/updater/updater.go | Adds UpdateTo targeted update method. |
| agent/internal/agent/registration.go | Makes insecure TLS opt-in; switches unregister auth to HMAC. |
| agent/docker-compose.yml | Pins agent image version and avoids explicitly running as root. |
| VERSION | Bumps project version. |
| README.md | Updates feature list/roadmap and notes SCSS migration. |
| CONTRIBUTORS.md | Adds contributors list. |
| .github/PULL_REQUEST_TEMPLATE.md | Adds PR template. |
| .github/ISSUE_TEMPLATE/feature_request.yml | Adds feature request template. |
| .github/ISSUE_TEMPLATE/bug_report.yml | Adds bug report template. |
| .claude/skills/code-review/SKILL.md | Removes Claude skill file. |
Files not reviewed (1)
- frontend/package-lock.json: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+36
to
+42
| <div className="modal-header"> | ||
| <h3>{title}</h3> | ||
| <button className="modal-close" onClick={onClose} aria-label="Close">×</button> | ||
| </div> | ||
| <div className="modal-body"> | ||
| {children} | ||
| </div> |
There was a problem hiding this comment.
The shared Modal always wraps children in a .modal-body, which causes callers that include their own .modal-footer to render the footer inside the body (breaking expected layout/styling). Consider changing the API so Modal either (a) renders children without implicit wrappers and callers provide .modal-body/.modal-footer, or (b) adds an explicit footer slot/prop rendered outside the body and updates call sites to pass footer content via that prop.
Comment on lines
+29
to
+35
| @workspaces_bp.route('/<int:workspace_id>', methods=['GET']) | ||
| @jwt_required() | ||
| def get_workspace(workspace_id): | ||
| ws = WorkspaceService.get_workspace(workspace_id) | ||
| if not ws: | ||
| return jsonify({'error': 'Workspace not found'}), 404 | ||
| return jsonify(ws.to_dict()) |
There was a problem hiding this comment.
Several workspace endpoints appear to lack authorization checks (membership/role/admin): GET /<workspace_id>, GET /<workspace_id>/members, and workspace API key list/create. As written, any authenticated user could potentially read workspace details/members or create/list API keys for arbitrary workspace IDs. Enforce access control consistently (e.g., require membership for reads, owner/admin for member/key management, or admin override), and return 403 when unauthorized.
|
|
||
| @workspaces_bp.route('/<int:workspace_id>/members', methods=['GET']) | ||
| @jwt_required() | ||
| def get_members(workspace_id): |
There was a problem hiding this comment.
Several workspace endpoints appear to lack authorization checks (membership/role/admin): GET /<workspace_id>, GET /<workspace_id>/members, and workspace API key list/create. As written, any authenticated user could potentially read workspace details/members or create/list API keys for arbitrary workspace IDs. Enforce access control consistently (e.g., require membership for reads, owner/admin for member/key management, or admin override), and return 403 when unauthorized.
Suggested change
| def get_members(workspace_id): | |
| def get_members(workspace_id): | |
| user = get_current_user() | |
| role = WorkspaceService.get_user_role(workspace_id, user.id) | |
| if not role and not getattr(user, 'is_admin', False): | |
| return jsonify({'error': 'Insufficient permissions'}), 403 |
Comment on lines
+165
to
+175
| @workspaces_bp.route('/<int:workspace_id>/api-keys', methods=['GET']) | ||
| @jwt_required() | ||
| def list_api_keys(workspace_id): | ||
| keys = WorkspaceService.list_api_keys(workspace_id) | ||
| return jsonify({'api_keys': [k.to_dict() for k in keys]}) | ||
|
|
||
|
|
||
| @workspaces_bp.route('/<int:workspace_id>/api-keys', methods=['POST']) | ||
| @jwt_required() | ||
| def create_api_key(workspace_id): | ||
| user = get_current_user() |
There was a problem hiding this comment.
Several workspace endpoints appear to lack authorization checks (membership/role/admin): GET /<workspace_id>, GET /<workspace_id>/members, and workspace API key list/create. As written, any authenticated user could potentially read workspace details/members or create/list API keys for arbitrary workspace IDs. Enforce access control consistently (e.g., require membership for reads, owner/admin for member/key management, or admin override), and return 403 when unauthorized.
Comment on lines
+24
to
+36
| # Store push subscription in user metadata | ||
| import json | ||
| push_subs = json.loads(user.push_subscriptions_json) if hasattr(user, 'push_subscriptions_json') and user.push_subscriptions_json else [] | ||
| # Avoid duplicates | ||
| existing = next((s for s in push_subs if s.get('endpoint') == subscription.get('endpoint')), None) | ||
| if not existing: | ||
| push_subs.append({ | ||
| 'subscription': subscription, | ||
| 'device_name': device_name, | ||
| 'registered_at': __import__('datetime').datetime.utcnow().isoformat(), | ||
| }) | ||
|
|
||
| return jsonify({'message': 'Device registered', 'device_count': len(push_subs)}) |
There was a problem hiding this comment.
The push subscription list is updated in-memory but never persisted back onto the user record (and no DB commit occurs). This means registration won't survive the request. Assign the updated JSON to the appropriate user field (e.g., user.push_subscriptions_json = json.dumps(push_subs)) and commit via the DB session before returning.
|
|
||
| @cloud_provisioning_bp.route('/snapshots/<int:snapshot_id>', methods=['DELETE']) | ||
| @jwt_required() | ||
| def delete_snapshot(snapshot_id): |
There was a problem hiding this comment.
Snapshot deletion is a destructive operation but currently only requires authentication, unlike other cloud provisioning mutations that require admin. Add the same admin check used by create/destroy/resize endpoints (or a more granular permission model) before allowing snapshot deletion.
Suggested change
| def delete_snapshot(snapshot_id): | |
| def delete_snapshot(snapshot_id): | |
| user = get_current_user() | |
| if not user or not user.is_admin: | |
| return jsonify({'error': 'Admin access required'}), 403 |
| "preview": "vite preview" | ||
| }, | ||
| "dependencies": { | ||
| "@rollup/rollup-win32-x64-msvc": "^4.60.0", |
There was a problem hiding this comment.
Adding @rollup/rollup-win32-x64-msvc as a direct dependency is risky: it's a platform-specific native Rollup binary package intended to be an optional dependency resolved by Rollup itself. Keeping it here can bloat installs and break non-Windows environments or CI images. Prefer removing it and relying on Rollup/Vite to manage platform binaries, or add it as an optionalDependency only if there's a documented, reproducible need.
Suggested change
| "@rollup/rollup-win32-x64-msvc": "^4.60.0", |
Comment on lines
+34
to
35
| "sass": "^1.86.0", | ||
| "vite": "^5.4.1" |
There was a problem hiding this comment.
Adding @rollup/rollup-win32-x64-msvc as a direct dependency is risky: it's a platform-specific native Rollup binary package intended to be an optional dependency resolved by Rollup itself. Keeping it here can bloat installs and break non-Windows environments or CI images. Prefer removing it and relying on Rollup/Vite to manage platform binaries, or add it as an optionalDependency only if there's a documented, reproducible need.
Comment on lines
+283
to
+300
| # Emit events for workflow triggers | ||
| try: | ||
| from app.services.workflow_engine import WorkflowEventBus | ||
| for alert in alerts_to_send: | ||
| if alert['type'] == 'cpu': | ||
| WorkflowEventBus.emit('high_cpu', { | ||
| 'percent': alert.get('value'), | ||
| 'threshold': alert.get('threshold'), | ||
| 'severity': alert.get('severity') | ||
| }) | ||
| elif alert['type'] == 'memory': | ||
| WorkflowEventBus.emit('high_memory', { | ||
| 'percent': alert.get('value'), | ||
| 'threshold': alert.get('threshold'), | ||
| 'severity': alert.get('severity') | ||
| }) | ||
| except Exception: | ||
| pass |
There was a problem hiding this comment.
The blanket except Exception: pass will silently suppress failures in workflow event emission, making production issues hard to detect and diagnose. At minimum, log the exception (including traceback) so workflow-trigger reliability problems are observable.
Comment on lines
223
to
226
| print(f"Error delivering queued commands: {e}") | ||
|
|
||
| except Exception as e: | ||
| print(f"Error registering agent: {e}") |
There was a problem hiding this comment.
This uses print(...) for error reporting in a backend service. That makes logs inconsistent and harder to route/structure in production. Use the module logger (logger.exception(...)/logger.error(...)) instead of print, and include stack traces for unexpected exceptions.
Suggested change
| print(f"Error delivering queued commands: {e}") | |
| except Exception as e: | |
| print(f"Error registering agent: {e}") | |
| logger.exception("Error delivering queued commands for server %s: %s", server_id, e) | |
| except Exception as e: | |
| logger.exception("Error registering agent %s: %s", server_id, e) |
Enforce admin and workspace permissions, improve logging, and add DNS frontend/API support. - Backend: added admin checks to cloud_provisioning and marketplace endpoints; added require_workspace_access helper and applied to multiple workspace endpoints to enforce membership/admin access; persist push subscription data in mobile API (commit to DB); replaced print() debugging with structured logger calls across agent_registry and added logging/exception handling in monitoring_service. - Frontend: added a DNS API client (frontend/src/services/api/dns.js) and registered it in the API index; extended DNSZones UI to collect provider zone ID and API token, updated create payload and form reset; added optional modal footer prop to Modal component; moved rollup native binding to optionalDependencies in package.json. - Misc: added '*.png' to .gitignore and a minor spacing change in install.sh. These changes improve security checks, observability, and add DNS management features in the UI/API.
Add is_admin to User serialization so frontend can check admin privileges. Standardize frontend BEM modifiers to simpler utility classes across multiple pages (btn-primary, btn-sm, btn-danger, modal-header/modal-body/modal-footer/modal-close, etc.) and update various modals/buttons to use the new classes. Enhance DNSZones by introducing PROVIDER_CONFIG to provide provider-specific labels, placeholders, help text and extra fields (Route53 AWS keys/region), and adjust the zones page header UI. Add .text-muted utility to SCSS. These changes unify styling and improve DNS provider configuration UX.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
ServerKit just went from "panel that manages a server" to "platform that manages a fleet." This release introduces a full workflow automation engine, multi-server fleet management with agent plugins, and over a dozen new subsystems -- from DNS zone management to a marketplace. The frontend also gets a ground-up LESS-to-SCSS migration and a refactored API service layer split into domain modules.
Contributors
Highlights
Technical changes
Backend -- new services and APIs
workflow_engine.py-- full execution engine with trigger evaluation, conditional branching, script execution, and notification dispatchagent_fleet_service.py-- fleet health aggregation, bulk upgrade orchestration, staged rollouts with batch/delay, offline command queuing with retry and backoffagent_plugin_service.py-- plugin registry, install/uninstall lifecycle, dependency resolution, per-server plugin configfleet_monitor_service.py-- real-time fleet metrics collection, anomaly detection, alerting thresholds, cross-server correlationdiscovery_service.py-- network scanning for unregistered agents, auto-enrollmentworkspace_service.py-- multi-tenant workspace CRUD, member invitations, role management, resource quota enforcementstatus_page_service.py-- status page CRUD, health check scheduling, incident management with timeline eventsdns_zone_service.py-- zone CRUD, record management, provider-specific API adapters (Cloudflare, Route 53, DigitalOcean)cloud_provisioning_service.py-- multi-provider server provisioning (AWS EC2, DigitalOcean Droplets, Hetzner, Vultr)server_template_service.py-- template CRUD, config drift detection via snapshot comparison, compliance rule evaluationadvanced_ssl_service.py-- wildcard/SAN cert management, custom cert uploads, OCSP stapling, certificate health monitoringnginx_advanced_service.py-- reverse proxy rule management, upstream load balancer configuration, caching policy CRUDmarketplace_service.py-- extension registry, install/uninstall, version managementcache_service.pyandbackground_job_service.py-- Redis-backed caching layer and background task runnerAgentPlugin,CloudServer,DNSZone,DNSRecord,Marketplace,MetricAlert,ServerTemplate,StatusPage,StatusPageComponent,StatusPageIncident,Workspace,WorkspaceMemberapp/__init__.py:agent_plugins,cloud_provisioning,dns_zones,fleet_monitor,marketplace,mobile,nginx_advanced,performance,server_templates,status_pages,workspacesapp/__init__.pyrefactored: blueprint registration extracted into helper, model imports consolidated, error handlers tightenedBackend -- security and hardening
middleware/security.py-- addedPermissions-Policy, tightenedContent-Security-Policy, addedX-Permitted-Cross-Domain-Policiesconfig.py-- addedSQLALCHEMY_ENGINE_OPTIONSwith connection pool recycling (1800s), pool pre-ping, and pool size limitsauth.py-- login endpoint now flags CLI-created admin accounts as setup-complete; added fallback login UI pathtwo_factor.py-- added missing JWT-required decorator on verify endpointX-Forwarded-Forbehind reverse proxyFrontend -- API service refactor
services/api.js(3200+ lines) split into domain modules underservices/api/:client.js(base HTTP + token refresh),apps.js,auth.js,databases.js,docker.js,files.js,security.js,servers.js,system.js,wordpress.jsservices/api/index.jsre-exports unifiedApiServicefor backward compatibilityFrontend -- new pages and components
AgentFleet,AgentPlugins,CloudProvision,DNSZones,FleetMonitor,Marketplace,ServerTemplates,ServiceDetail,Services,StatusPages,WorkspacesWorkflowBuilderexpanded withTriggerNode,ScriptNode,NotificationNode,LogicIfNodeand corresponding config panels (TriggerConfigPanel,ScriptConfigPanel,NotificationConfigPanel,LogicIfConfigPanel)WorkflowExecutionHistorycomponent for viewing past runs with status and durationSecurity.jsxdecomposed into tab components:OverviewTab,FirewallTab,Fail2banTab,ScannerTab,SSHKeysTab,AuditTab,IntegrityTab,VulnerabilityTab,SecurityConfigTab,QuarantineTab,IPListsTab,EventsTab,AutoUpdatesTabSettings.jsxdecomposed into tab components:ProfileTab,AppearanceTab,SiteSettingsTab,SecuritySettingsTab,NotificationsTab,SystemTab,UsersTab,AboutTab,IconReferenceTab,WhiteLabelTab,SidebarSettingsServiceDetail.jsxwith tabs:MetricsTab,LogsTab,ShellTab,CommandsTab,EventsTab,PackagesTab,SettingsTab,GunicornTabModal,EmptyState,StatusBadge,ContributionGraphSidebar.jsxrefactored: items extracted tosidebarItems.js, collapsible groups, user preference persistenceApp.jsxroutes reorganized withReact.lazy+Suspensefor code-splittingFrontend -- LESS to SCSS migration
.lessfiles renamed to.scssacrossstyles/,styles/base/,styles/components/,styles/layout/,styles/pages/@var) converted to SCSS variables ($var), mixins updated to@mixin/@includesyntaxmain.lessreplaced bymain.scss;_variables.lessreplaced by_variables.scss;_mixins.lessreplaced by_mixins.scss_agent-plugins.scss,_cloud-provision.scss,_dns-zones.scss,_fleet-monitor.scss,_marketplace.scss,_server-templates.scss,_service-detail.scss,_services.scss,_status-pages.scss,_workspaces.scss,_contribution-graph.scss,_server-selector.scss,_empty-state.scss,_status-badge.scss,_utilities.scssFrontend -- other
AuthContextupdated with setup-status awareness for CLI-provisioned accountsuseDeployments,useServicemanifest.jsonandsw.jsadded topublic/connectionRules.jsandserviceTypes.jsadded for workflow node connection validationInstaller and scripts
install.sh-- Python version detection (3.11-3.12 range), auto-install Python 3.12 if system Python is out of range, low-RAM detection with safe mode, early swap setup,--no-cache-dirpip in safe mode, fixeddocker composeflags (--project-directoryinstead of-C)uninstall.sh-- full teardown: stops services, removes containers, cleans systemd unit, removes nginx config, deletes install/data/log dirs and CLI symlinkquick-start.sh-- local dev one-liner: checks deps, creates venv, installs packages, generates.env, launches both serversDocs and repo hygiene
bug_report.yml,feature_request.yml) and PR template addedCONTRIBUTORS.mdaddedROADMAP.mdupdated.gitignoreexpanded