Emergency Stop fix 3

2026-06-12 19:22:50 +02:00
parent 657a2a0670
commit 8706bc4c01
2 changed files with 69 additions and 17 deletions
--- a/auth/auth.js
+++ b/auth/auth.js
@@ -3,10 +3,47 @@ import cookieParser from "cookie-parser";
 import bcrypt from "bcrypt";
 import fs from "fs";
 import crypto from "crypto";
+import https from "https";

 const USERS = JSON.parse(fs.readFileSync("./users.json"));
 const SESSIONS = {};   // in-memory session store

+// Robot-Driver hinter dem Tunnel (TLS, selbst-signiert -> Verify aus)
+const DRIVER_HOST = "appServer_TunnelHead";
+const DRIVER_PORT = 9798;
+
+// Kleiner HTTPS-Proxy-Helfer zum Driver (Core-Modul, keine Extra-Dependency)
+function driverRequest(method, path) {
+    return new Promise((resolve, reject) => {
+        const req = https.request(
+            {
+                host: DRIVER_HOST,
+                port: DRIVER_PORT,
+                path,
+                method,
+                rejectUnauthorized: false,   // entspricht nginx proxy_ssl_verify off
+                timeout: 5000
+            },
+            (res) => {
+                let body = "";
+                res.on("data", (c) => { body += c; });
+                res.on("end", () => resolve({ status: res.statusCode, body }));
+            }
+        );
+        req.on("timeout", () => req.destroy(new Error("driver timeout")));
+        req.on("error", reject);
+        req.end();
+    });
+}
+
+// Session-Guard: true wenn eingeloggt, sonst sendet selbst 401
+function requireSession(req, res) {
+    const sid = req.cookies.SESSIONID;
+    if (sid && SESSIONS[sid]) return true;
+    res.status(401).send({ ok: false, error: "not authenticated" });
+    return false;
+}
+
 const app = express();
 app.use(express.json());
 app.use(cookieParser());
@@ -84,4 +121,36 @@ app.get("/api/status", (req, res) => {
    return res.status(401).send({ ok: false });
 });

+// ===========================
+// Robot-Driver Proxy (same-origin, auth-geschützt)
+// Nginx leitet /api/ auf diesen Service -> kein CORS, Cookie wird mitgeschickt.
+// ===========================
+
+// Armed-Status abfragen: GET /api/power-status
+app.get("/api/power-status", async (req, res) => {
+    if (!requireSession(req, res)) return;
+    try {
+        const r = await driverRequest("GET", "/api/power-status");
+        res.status(r.status).type("application/json").send(r.body);
+    } catch (e) {
+        console.error("power-status proxy error:", e.message);
+        // Failsafe: Driver nicht erreichbar -> armed:false, Button bleibt versteckt
+        res.status(502).send({ ok: false, armed: false, error: "driver unreachable" });
+    }
+});
+
+// Not-Aus auslösen: POST /api/emergency-stop
+app.post("/api/emergency-stop", async (req, res) => {
+    if (!requireSession(req, res)) return;
+    const user = SESSIONS[req.cookies.SESSIONID].user;
+    console.log(`EMERGENCY-STOP ausgelöst von user=${user}`);
+    try {
+        const r = await driverRequest("POST", "/api/emergency-stop");
+        res.status(r.status).type("application/json").send(r.body);
+    } catch (e) {
+        console.error("emergency-stop proxy error:", e.message);
+        res.status(502).send({ ok: false, error: "driver unreachable" });
+    }
+});
+
 app.listen(3000, ()=>console.log("Auth-Service läuft auf 3000"));