Emergency Stop fix 3
This commit is contained in:
chk
69
auth/auth.js
69
auth/auth.js
@@ -3,10 +3,47 @@ import cookieParser from "cookie-parser";
|
|||||||
import bcrypt from "bcrypt";
|
import bcrypt from "bcrypt";
|
||||||
import fs from "fs";
|
import fs from "fs";
|
||||||
import crypto from "crypto";
|
import crypto from "crypto";
|
||||||
|
import https from "https";
|
||||||
|
|
||||||
const USERS = JSON.parse(fs.readFileSync("./users.json"));
|
const USERS = JSON.parse(fs.readFileSync("./users.json"));
|
||||||
const SESSIONS = {}; // in-memory session store
|
const SESSIONS = {}; // in-memory session store
|
||||||
|
|
||||||
|
// Robot-Driver hinter dem Tunnel (TLS, selbst-signiert -> Verify aus)
|
||||||
|
const DRIVER_HOST = "appServer_TunnelHead";
|
||||||
|
const DRIVER_PORT = 9798;
|
||||||
|
|
||||||
|
// Kleiner HTTPS-Proxy-Helfer zum Driver (Core-Modul, keine Extra-Dependency)
|
||||||
|
function driverRequest(method, path) {
|
||||||
|
return new Promise((resolve, reject) => {
|
||||||
|
const req = https.request(
|
||||||
|
{
|
||||||
|
host: DRIVER_HOST,
|
||||||
|
port: DRIVER_PORT,
|
||||||
|
path,
|
||||||
|
method,
|
||||||
|
rejectUnauthorized: false, // entspricht nginx proxy_ssl_verify off
|
||||||
|
timeout: 5000
|
||||||
|
},
|
||||||
|
(res) => {
|
||||||
|
let body = "";
|
||||||
|
res.on("data", (c) => { body += c; });
|
||||||
|
res.on("end", () => resolve({ status: res.statusCode, body }));
|
||||||
|
}
|
||||||
|
);
|
||||||
|
req.on("timeout", () => req.destroy(new Error("driver timeout")));
|
||||||
|
req.on("error", reject);
|
||||||
|
req.end();
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
// Session-Guard: true wenn eingeloggt, sonst sendet selbst 401
|
||||||
|
function requireSession(req, res) {
|
||||||
|
const sid = req.cookies.SESSIONID;
|
||||||
|
if (sid && SESSIONS[sid]) return true;
|
||||||
|
res.status(401).send({ ok: false, error: "not authenticated" });
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
const app = express();
|
const app = express();
|
||||||
app.use(express.json());
|
app.use(express.json());
|
||||||
app.use(cookieParser());
|
app.use(cookieParser());
|
||||||
@@ -84,4 +121,36 @@ app.get("/api/status", (req, res) => {
|
|||||||
return res.status(401).send({ ok: false });
|
return res.status(401).send({ ok: false });
|
||||||
});
|
});
|
||||||
|
|
||||||
|
// ===========================
|
||||||
|
// Robot-Driver Proxy (same-origin, auth-geschützt)
|
||||||
|
// Nginx leitet /api/ auf diesen Service -> kein CORS, Cookie wird mitgeschickt.
|
||||||
|
// ===========================
|
||||||
|
|
||||||
|
// Armed-Status abfragen: GET /api/power-status
|
||||||
|
app.get("/api/power-status", async (req, res) => {
|
||||||
|
if (!requireSession(req, res)) return;
|
||||||
|
try {
|
||||||
|
const r = await driverRequest("GET", "/api/power-status");
|
||||||
|
res.status(r.status).type("application/json").send(r.body);
|
||||||
|
} catch (e) {
|
||||||
|
console.error("power-status proxy error:", e.message);
|
||||||
|
// Failsafe: Driver nicht erreichbar -> armed:false, Button bleibt versteckt
|
||||||
|
res.status(502).send({ ok: false, armed: false, error: "driver unreachable" });
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
// Not-Aus auslösen: POST /api/emergency-stop
|
||||||
|
app.post("/api/emergency-stop", async (req, res) => {
|
||||||
|
if (!requireSession(req, res)) return;
|
||||||
|
const user = SESSIONS[req.cookies.SESSIONID].user;
|
||||||
|
console.log(`EMERGENCY-STOP ausgelöst von user=${user}`);
|
||||||
|
try {
|
||||||
|
const r = await driverRequest("POST", "/api/emergency-stop");
|
||||||
|
res.status(r.status).type("application/json").send(r.body);
|
||||||
|
} catch (e) {
|
||||||
|
console.error("emergency-stop proxy error:", e.message);
|
||||||
|
res.status(502).send({ ok: false, error: "driver unreachable" });
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
app.listen(3000, ()=>console.log("Auth-Service läuft auf 3000"));
|
app.listen(3000, ()=>console.log("Auth-Service läuft auf 3000"));
|
||||||
|
|||||||
@@ -17,23 +17,6 @@ server {
|
|||||||
try_files $uri $uri/ /index.html;
|
try_files $uri $uri/ /index.html;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Robot Driver: power-status + emergency-stop (interner Proxy, vermeidet CORS)
|
|
||||||
location = /api/power-status {
|
|
||||||
proxy_pass http://appServer_TunnelHead:9798/api/power-status;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
}
|
|
||||||
|
|
||||||
location = /api/emergency-stop {
|
|
||||||
proxy_pass http://appServer_TunnelHead:9798/api/emergency-stop;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
}
|
|
||||||
|
|
||||||
# API forwarding (auth)
|
# API forwarding (auth)
|
||||||
location /api/ {
|
location /api/ {
|
||||||
proxy_pass http://appserverauth:3000/api/;
|
proxy_pass http://appserverauth:3000/api/;
|
||||||
|
|||||||
Reference in New Issue
Block a user