mike/rustdesk-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
0df4ee4143800e8805bc86ee800f6755bad1efc5
rustdesk-server/src/api/admin/pages/exec.rs
T
mike 7b6526a2e8
build / build-linux-amd64 (push) Successful in 1m53s
Details
Improve device detail view
2026-05-22 23:03:06 +02:00

483 lines
16 KiB
Rust
Raw Blame History

//! Per-device PowerShell remote-exec page.
//!
//! Layout:
//! GET /admin/pages/devices/:peer_id/exec — full page
//! POST /admin/pages/devices/:peer_id/exec — dispatch
//! GET /admin/pages/devices/:peer_id/exec/:cmd_id/poll — single-row fragment, auto-refreshes
//!
//! Gates:
//! - AuthedUser.is_admin
//! - peer.managed = 1 (no exec on legacy/unsigned peers)
//! - strategy.config_options."enable-remote-exec" = "Y"
//! - no other in-flight exec for this peer
use crate::api::admin::i18n::{t, tf1, tf2, Lang};
use crate::api::error::ApiError;
use crate::api::middleware::AuthedUser;
use crate::api::state::AppState;
use crate::api::strategy;
use crate::database::ExecRow;
use axum::extract::{Extension, Form, Path};
use axum::response::Html;
use serde::Deserialize;
use std::fmt::Write as _;
use std::sync::Arc;
const HISTORY_LIMIT: i64 = 20;
const MAX_SCRIPT_BYTES: usize = 32 * 1024;
/// Wall-clock cap, mirrored from heartbeat.rs::EXEC_MAX_SECS so the dispatch
/// confirm dialog can surface the same number. Kept duplicated rather than
/// shared as a pub const because the two values legitimately differ in
/// future (per-strategy override is a likely next step).
const UI_MAX_SECS: u64 = 300;
const UI_MAX_BYTES: u64 = 1024 * 1024;
#[derive(Debug, Deserialize)]
pub struct DispatchForm {
pub script: String,
}
/// Main page (full content for `#main`). Renders the gate banner, the
/// script form (only when allowed), and the recent-history table.
pub async fn index(
Extension(state): Extension<Arc<AppState>>,
admin: AuthedUser,
lang: Lang,
Path(peer_id): Path<String>,
) -> Result<Html<String>, ApiError> {
require_admin(&admin)?;
Ok(Html(render_page(&state, lang, &peer_id, None).await?))
}
/// Dispatch handler. Re-checks all gates server-side (the UI also gates
/// the form, but the form is just HTML — never trust the client). On
/// success: insert into exec_history with status='queued', return the
/// page with a success notice; the next heartbeat will flip it to
/// 'running' and the history row picks up auto-refresh.
pub async fn dispatch(
Extension(state): Extension<Arc<AppState>>,
admin: AuthedUser,
lang: Lang,
Path(peer_id): Path<String>,
Form(form): Form<DispatchForm>,
) -> Result<Html<String>, ApiError> {
require_admin(&admin)?;
let script = form.script.trim_end_matches(['\r', '\n']).to_string();
// Validation runs BEFORE the gate checks so an empty script doesn't
// get a confusing "managed required" error. Order: shape → policy.
if script.trim().is_empty() {
return Ok(Html(
render_page(&state, lang, &peer_id, Some(("error", t(lang, "exec.error_empty").to_string()))).await?,
));
}
if script.len() > MAX_SCRIPT_BYTES {
return Ok(Html(
render_page(
&state,
lang,
&peer_id,
Some((
"error",
tf2(
lang,
"exec.error_too_large",
&script.len().to_string(),
&MAX_SCRIPT_BYTES.to_string(),
),
)),
)
.await?,
));
}
let gate = check_gate(&state, &peer_id).await?;
if !gate.allowed {
return Ok(Html(
render_page(
&state,
lang,
&peer_id,
Some(("error", gate_reason_message(lang, &gate))),
)
.await?,
));
}
if gate.in_flight > 0 {
return Ok(Html(
render_page(
&state,
lang,
&peer_id,
Some(("error", t(lang, "exec.error_in_flight").to_string())),
)
.await?,
));
}
let cmd_id = uuid::Uuid::new_v4().to_string();
state
.db
.exec_create(&cmd_id, &peer_id, admin.user_id, &script)
.await
.map_err(|e| ApiError::Internal(e.to_string()))?;
hbb_common::log::info!(
"admin {} queued exec cmd_id={} for peer {} ({} bytes)",
admin.name,
cmd_id,
peer_id,
script.len()
);
Ok(Html(
render_page(
&state,
lang,
&peer_id,
Some(("ok", tf1(lang, "exec.queued", &cmd_id))),
)
.await?,
))
}
/// Single-row poll fragment. Returned by an HTMX `hx-get` whose
/// `hx-trigger` keeps firing until the row reaches a terminal state.
pub async fn poll(
Extension(state): Extension<Arc<AppState>>,
admin: AuthedUser,
lang: Lang,
Path((peer_id, cmd_id)): Path<(String, String)>,
) -> Result<Html<String>, ApiError> {
require_admin(&admin)?;
let row = state
.db
.exec_get_by_cmd_id(&cmd_id)
.await
.map_err(|e| ApiError::Internal(e.to_string()))?;
let row = match row {
Some(r) if r.peer_id == peer_id => r,
_ => {
return Ok(Html(format!(
r##"<tr><td colspan="5" class="px-3 py-2 text-rose-300 text-xs">{}</td></tr>"##,
t(lang, "exec.not_found"),
)));
}
};
Ok(Html(render_history_row(lang, &row)))
}
// ───────────────────────── helpers ─────────────────────────
async fn check_gate(state: &Arc<AppState>, peer_id: &str) -> Result<GateCheck, ApiError> {
let auth = state
.db
.peer_get_auth(peer_id)
.await
.map_err(|e| ApiError::Internal(e.to_string()))?;
let managed = matches!(auth, Some((_, true)));
let strategy_allows = strategy::allows_remote_exec(state, peer_id).await;
let in_flight = state
.db
.exec_in_flight_count(peer_id)
.await
.map_err(|e| ApiError::Internal(e.to_string()))?;
Ok(GateCheck {
allowed: managed && strategy_allows,
managed,
strategy_allows,
in_flight,
})
}
struct GateCheck {
allowed: bool,
managed: bool,
strategy_allows: bool,
in_flight: i64,
}
fn gate_reason_message(lang: Lang, g: &GateCheck) -> String {
if !g.managed {
return t(lang, "exec.reason_not_managed").to_string();
}
if !g.strategy_allows {
return t(lang, "exec.reason_strategy").to_string();
}
t(lang, "exec.reason_unknown").to_string()
}
async fn render_page(
state: &Arc<AppState>,
lang: Lang,
peer_id: &str,
notice: Option<(&'static str, String)>,
) -> Result<String, ApiError> {
let gate = check_gate(state, peer_id).await?;
let history = state
.db
.exec_list_for_peer(peer_id, HISTORY_LIMIT)
.await
.map_err(|e| ApiError::Internal(e.to_string()))?;
let mut out = String::new();
let _ = write!(
&mut out,
r##"<div class="space-y-4">
<header class="flex items-center justify-between">
<h2 class="text-lg font-semibold">{heading} <code class="font-mono text-sky-300">{id}</code></h2>
<button class="text-xs text-sky-300 hover:text-sky-200"
hx-get="/admin/pages/devices/list-fragment"
hx-target="#devices-region" hx-swap="innerHTML"
hx-push-url="#devices">{back}</button>
</header>"##,
heading = t(lang, "exec.heading"),
id = html_escape(peer_id),
back = t(lang, "devices.back"),
);
if let Some((kind, msg)) = notice {
let _ = write!(&mut out, "{}", notice_html(kind, &msg));
}
// Gate banner
let _ = write!(&mut out, "{}", render_gate_banner(lang, &gate));
// Script form — only rendered when gate is open
if gate.allowed {
let _ = write!(
&mut out,
r##"<form class="space-y-2" hx-post="/admin/pages/devices/{id}/exec"
hx-target="#devices-region" hx-swap="innerHTML"
hx-confirm="{confirm}">
<label class="block text-xs text-slate-400">{label}</label>
<textarea name="script" rows="8" required
class="w-full font-mono text-sm rounded border border-slate-700 bg-slate-950 text-slate-200 p-2"
placeholder="Get-Service hello-agent | Select-Object Status, Name"></textarea>
<div class="flex items-center justify-between">
<p class="text-xs text-slate-500">{caps}</p>
<button type="submit" class="rounded bg-sky-700 hover:bg-sky-600 text-sky-100 text-xs px-3 py-1.5">{run}</button>
</div>
</form>"##,
id = html_escape(peer_id),
label = t(lang, "exec.script_label"),
confirm = html_escape(&tf1(lang, "exec.confirm_dispatch", peer_id)),
caps = html_escape(&tf2(
lang,
"exec.caps_note",
&UI_MAX_SECS.to_string(),
&(UI_MAX_BYTES / 1024 / 1024).to_string(),
)),
run = t(lang, "exec.run"),
);
}
// History table
let _ = write!(
&mut out,
r##"<section>
<h3 class="text-sm font-semibold text-slate-300 mb-2">{hist}</h3>
<div class="rounded-md border border-slate-800 bg-slate-900">
<table class="w-full text-sm">
<thead class="text-xs uppercase text-slate-500 bg-slate-950">
<tr>
<th class="text-left font-medium px-3 py-2">{c_when}</th>
<th class="text-left font-medium px-3 py-2">{c_who}</th>
<th class="text-left font-medium px-3 py-2">{c_status}</th>
<th class="text-left font-medium px-3 py-2">{c_script}</th>
<th class="text-left font-medium px-3 py-2">{c_output}</th>
</tr>
</thead>
<tbody class="divide-y divide-slate-800">"##,
hist = t(lang, "exec.history"),
c_when = t(lang, "exec.col_when"),
c_who = t(lang, "exec.col_who"),
c_status = t(lang, "exec.col_status"),
c_script = t(lang, "exec.col_script"),
c_output = t(lang, "exec.col_output"),
);
if history.is_empty() {
let _ = write!(
&mut out,
r##"<tr><td colspan="5" class="px-3 py-3 text-center text-xs text-slate-500">{}</td></tr>"##,
t(lang, "exec.no_history"),
);
} else {
for row in &history {
out.push_str(&render_history_row(lang, row));
}
}
out.push_str(r##" </tbody>
</table>
</div>
</section>
</div>"##);
Ok(out)
}
fn render_gate_banner(lang: Lang, g: &GateCheck) -> String {
let (kind, msg) = if g.allowed {
("ok", t(lang, "exec.gate_open").to_string())
} else if !g.managed {
("error", t(lang, "exec.reason_not_managed").to_string())
} else if !g.strategy_allows {
("error", t(lang, "exec.reason_strategy").to_string())
} else {
("error", t(lang, "exec.reason_unknown").to_string())
};
notice_html(kind, &msg)
}
fn render_history_row(lang: Lang, r: &ExecRow) -> String {
// Auto-refresh while the row is non-terminal so the operator sees
// running → finished without manual reload. HTMX `hx-trigger` with
// `every 1s` fires until the SERVER emits a row missing the trigger
// (i.e. the row reached finished/timed_out/errored).
let row_id = format!("exec-row-{}", html_escape(&r.cmd_id));
let polling_attrs = if matches!(r.status.as_str(), "queued" | "running") {
format!(
r##"hx-get="/admin/pages/devices/{peer}/exec/{cmd}/poll" hx-trigger="load delay:1s" hx-target="this" hx-swap="outerHTML""##,
peer = html_escape(&r.peer_id),
cmd = html_escape(&r.cmd_id),
)
} else {
String::new()
};
let status_cell = render_status_badge(lang, r);
let when = fmt_unix(r.issued_at);
let script_preview = preview(&r.script, 80);
let output_block = render_output_block(lang, r);
format!(
r##"<tr id="{row_id}" {polling}>
<td class="px-3 py-2 text-xs text-slate-500 whitespace-nowrap">{when}</td>
<td class="px-3 py-2 text-xs text-slate-400">#{user}</td>
<td class="px-3 py-2 whitespace-nowrap">{status}</td>
<td class="px-3 py-2"><code class="font-mono text-xs text-slate-300">{script}</code></td>
<td class="px-3 py-2">{output}</td>
</tr>"##,
row_id = row_id,
polling = polling_attrs,
when = html_escape(&when),
user = r.issued_by_user_id,
status = status_cell,
script = html_escape(&script_preview),
output = output_block,
)
}
fn render_status_badge(lang: Lang, r: &ExecRow) -> String {
let (border, bg, text_color, label) = match r.status.as_str() {
"queued" => ("slate-700", "slate-800/40", "slate-300", t(lang, "exec.status_queued")),
"running" => ("amber-700/50", "amber-900/30", "amber-300", t(lang, "exec.status_running")),
"finished" => {
if r.exit_code == Some(0) {
("emerald-700/50", "emerald-900/30", "emerald-300", t(lang, "exec.status_finished_ok"))
} else {
("rose-700/50", "rose-900/30", "rose-300", t(lang, "exec.status_finished_err"))
}
}
"timed_out" => ("rose-700/50", "rose-900/30", "rose-300", t(lang, "exec.status_timed_out")),
_ => ("rose-700/50", "rose-900/30", "rose-300", t(lang, "exec.status_errored")),
};
let exit_suffix = match (r.status.as_str(), r.exit_code) {
("finished", Some(c)) => format!(" (exit {c})"),
_ => String::new(),
};
format!(
r##"<span class="inline-flex items-center gap-1 rounded border border-{b} bg-{bg} px-2 py-0.5 text-xs text-{t}">{label}{exit}</span>"##,
b = border,
bg = bg,
t = text_color,
label = html_escape(label),
exit = exit_suffix,
)
}
fn render_output_block(lang: Lang, r: &ExecRow) -> String {
if matches!(r.status.as_str(), "queued" | "running") {
return format!(
r##"<span class="text-xs text-slate-500">{}</span>"##,
t(lang, "exec.output_pending"),
);
}
let mut s = String::new();
if !r.stdout.is_empty() {
let _ = write!(
&mut s,
r##"<details class="text-xs"><summary class="cursor-pointer text-slate-400 hover:text-slate-200">stdout ({n} bytes)</summary>
<pre class="mt-1 max-h-80 overflow-auto rounded bg-slate-950 border border-slate-800 p-2 font-mono text-slate-300 whitespace-pre-wrap">{out}</pre>
</details>"##,
n = r.stdout.len(),
out = html_escape(&r.stdout),
);
}
if !r.stderr.is_empty() {
let _ = write!(
&mut s,
r##"<details class="text-xs mt-1"><summary class="cursor-pointer text-rose-400 hover:text-rose-300">stderr ({n} bytes)</summary>
<pre class="mt-1 max-h-80 overflow-auto rounded bg-slate-950 border border-slate-800 p-2 font-mono text-rose-300 whitespace-pre-wrap">{out}</pre>
</details>"##,
n = r.stderr.len(),
out = html_escape(&r.stderr),
);
}
if r.truncated {
let _ = write!(
&mut s,
r##"<p class="text-xs text-amber-300 mt-1">{}</p>"##,
t(lang, "exec.output_truncated"),
);
}
if s.is_empty() {
s = format!(r##"<span class="text-xs text-slate-500">{}</span>"##, t(lang, "exec.output_empty"));
}
s
}
fn fmt_unix(ts: i64) -> String {
use chrono::TimeZone;
chrono::Utc
.timestamp_opt(ts, 0)
.single()
.map(|d| d.format("%Y-%m-%d %H:%M:%S").to_string())
.unwrap_or_else(|| "".to_string())
}
fn preview(s: &str, max: usize) -> String {
let first_line = s.lines().next().unwrap_or("");
if first_line.len() <= max {
first_line.to_string()
} else {
format!("{}", &first_line[..max])
}
}
fn notice_html(kind: &str, msg: &str) -> String {
let (border, bg, text) = match kind {
"ok" => ("emerald-700/50", "emerald-900/30", "emerald-300"),
_ => ("rose-700/50", "rose-900/30", "rose-300"),
};
format!(
r##"<div class="rounded border border-{border} bg-{bg} p-3 text-sm text-{text}">{msg}</div>"##,
border = border,
bg = bg,
text = text,
msg = html_escape(msg),
)
}
fn html_escape(s: &str) -> String {
s.replace('&', "&amp;")
.replace('<', "&lt;")
.replace('>', "&gt;")
.replace('"', "&quot;")
}
fn require_admin(u: &AuthedUser) -> Result<(), ApiError> {
if u.is_admin {
Ok(())
} else {
Err(ApiError::Forbidden("admin required".into()))
}
}
Reference in New Issue View Git Blame Copy Permalink