fix(server): RBAC and auth hardening, plus docs sync#131
Merged
Conversation
… server, binary for agent)
The docker logs WS handler authenticated the user but never checked role, so any read-only member could stream logs from any container. Container logs routinely expose env vars, connection strings and tokens, making this closer to terminal-level access. Require role == "admin" (with an audit log on denial), matching the terminal WS handler.
The file list/stat/read/download/transfers endpoints lived in read_router, so read-only members could pull arbitrary files off any managed host (e.g. /etc/passwd, application secrets). Their effective access is closer to terminal-level than to read-only monitoring, so move them into the admin-only file router and drop the read-router merge.
…ange Two related auth hardening fixes: - UserService create_user/update_user validated only len >= 6, weaker and inconsistent with the >= 8 policy applied to self-chosen passwords. Both now call AuthService::validate_password_strength. - A password change or admin reset left existing sessions valid until natural expiry, so a stolen session could outlive the change. change_password now revokes the user's other sessions (keeping the caller's current cookie/bearer session; an API-key caller has none, so all are revoked), and admin update_user revokes the target's sessions after a password reset. Adds regression tests covering keep-token, no-token, and admin-reset paths.
… proxy Broaden the bilingual documentation: add OAuth/OIDC and mobile sections, a hub-and-spoke architecture overview, Caddy reverse-proxy config alongside the existing nginx example, and assorted updates across the agent, alerts, server, status-page and configuration pages.
…links to docs site Use the ISO 639-1 'zh' code instead of the 'cn' country code for the docs i18n locale, renaming content/docs/cn to content/docs/zh and updating all internal links, route handlers, and landing translations. README doc links now point to https://docs.serverbee.app (/en and /zh).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Hardens the server's authorization model around high-privilege surfaces and brings the documentation in line with the actual implementation.
Security / RBAC hardening
Documentation
cntozhand point README links to the docs sitedatafield, not binary WebSocket frames (AGENTS.md, architecture, index, terminal, api-reference)/statuspageSERVERBEE_FEATURE__CUSTOM_THEMESenv var fromENV.mdChore
bun.lockto web1.0.0-alpha.5Notes
</content>/</invoke>artifacts that had leaked into the end of 8 MDX files; verified all affected files keep complete frontmatter, balanced<Cards>/component tags, and even code fences.Verification