Add settings page with change password, fix terminal ws bug
Deploy Dashboard / deploy (push) Failing after 2m5s
Deploy Dashboard / deploy (push) Failing after 2m5s
This commit is contained in:
@@ -0,0 +1,63 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Configuration
|
||||
BACKUP_DIR="/volume1/backups/nas-tools"
|
||||
DATE=$(date +%Y%m%d_%H%M%S)
|
||||
RETENTION_DAYS=7
|
||||
|
||||
# Ensure backup directory exists
|
||||
mkdir -p "$BACKUP_DIR"
|
||||
|
||||
log() {
|
||||
echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1"
|
||||
}
|
||||
|
||||
log "Starting backup..."
|
||||
|
||||
# 1. Database Dumps
|
||||
log "Dumping databases..."
|
||||
|
||||
# Gitea DB
|
||||
docker exec gitea-db pg_dump -U gitea gitea > "$BACKUP_DIR/gitea_db_$DATE.sql"
|
||||
if [ $? -eq 0 ]; then
|
||||
log "Gitea DB dumped successfully."
|
||||
else
|
||||
log "Error dumping Gitea DB!"
|
||||
fi
|
||||
|
||||
# Immich DB
|
||||
docker exec immich-db pg_dump -U postgres immich > "$BACKUP_DIR/immich_db_$DATE.sql"
|
||||
if [ $? -eq 0 ]; then
|
||||
log "Immich DB dumped successfully."
|
||||
else
|
||||
log "Error dumping Immich DB!"
|
||||
fi
|
||||
|
||||
# 2. File Backups (Configs & Data)
|
||||
# Exclude heavy media files if handled separately, but for now backing up key configs
|
||||
log "Compressing configuration files..."
|
||||
|
||||
# Dashboard & Gitea & Immich configs
|
||||
# Assuming /volume1/docker structure
|
||||
tar -czf "$BACKUP_DIR/configs_$DATE.tar.gz" \
|
||||
-C /volume1/docker \
|
||||
nas-dashboard/backend/config.py \
|
||||
nas-dashboard/.env \
|
||||
gitea/conf \
|
||||
immich/.env \
|
||||
--exclude='gitea/data' \
|
||||
--exclude='immich/upload' \
|
||||
--exclude='immich/thumbs'
|
||||
|
||||
if [ $? -eq 0 ]; then
|
||||
log "Configs compressed successfully."
|
||||
else
|
||||
log "Error compressing configs!"
|
||||
fi
|
||||
|
||||
# 3. Cleanup Old Backups
|
||||
log "Cleaning up backups older than $RETENTION_DAYS days..."
|
||||
find "$BACKUP_DIR" -type f -name "*_db_*.sql" -mtime +$RETENTION_DAYS -delete
|
||||
find "$BACKUP_DIR" -type f -name "configs_*.tar.gz" -mtime +$RETENTION_DAYS -delete
|
||||
|
||||
log "Backup completed."
|
||||
+22
-10
@@ -60,27 +60,39 @@ async def get_current_user_ws(token: str):
|
||||
raise credentials_exception
|
||||
return username
|
||||
|
||||
# TOTP Persistenceturn username
|
||||
|
||||
# TOTP Persistence
|
||||
AUTH_FILE = config.VOLUME_ROOT + "/docker/nas-dashboard/auth.json"
|
||||
import json, os
|
||||
|
||||
def load_totp_secret():
|
||||
def _load_auth_data():
|
||||
try:
|
||||
import json
|
||||
if os.path.exists(AUTH_FILE):
|
||||
with open(AUTH_FILE, "r") as f:
|
||||
data = json.load(f)
|
||||
return data.get("totp_secret", "")
|
||||
return json.load(f)
|
||||
except Exception:
|
||||
pass
|
||||
return config.TOTP_SECRET
|
||||
return {}
|
||||
|
||||
def save_totp_secret(secret: str):
|
||||
import json
|
||||
def _save_auth_data(data):
|
||||
os.makedirs(os.path.dirname(AUTH_FILE), exist_ok=True)
|
||||
with open(AUTH_FILE, "w") as f:
|
||||
json.dump({"totp_secret": secret}, f)
|
||||
json.dump(data, f)
|
||||
|
||||
def load_totp_secret():
|
||||
return _load_auth_data().get("totp_secret", "") or config.TOTP_SECRET
|
||||
|
||||
def save_totp_secret(secret: str):
|
||||
data = _load_auth_data()
|
||||
data["totp_secret"] = secret
|
||||
_save_auth_data(data)
|
||||
|
||||
def load_password_hash():
|
||||
return _load_auth_data().get("password_hash", "") or config.ADMIN_PASSWORD_HASH
|
||||
|
||||
def save_password_hash(hashed: str):
|
||||
data = _load_auth_data()
|
||||
data["password_hash"] = hashed
|
||||
_save_auth_data(data)
|
||||
|
||||
def verify_totp(token: str, secret: str = None):
|
||||
if secret is None:
|
||||
|
||||
@@ -28,7 +28,7 @@ class Verify2FARequest(BaseModel):
|
||||
@router.post("/login", response_model=Token)
|
||||
async def login(creds: LoginRequest):
|
||||
# Verify username/password
|
||||
if creds.username != config.ADMIN_USER or not auth.verify_password(creds.password, config.ADMIN_PASSWORD_HASH):
|
||||
if creds.username != config.ADMIN_USER or not auth.verify_password(creds.password, auth.load_password_hash()):
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_401_UNAUTHORIZED,
|
||||
detail="Incorrect username or password",
|
||||
@@ -84,3 +84,16 @@ async def verify_2fa_setup(request: Verify2FARequest, current_user: str = Depend
|
||||
async def disable_2fa(current_user: str = Depends(auth.get_current_user)):
|
||||
auth.save_totp_secret("")
|
||||
return {"message": "2FA disabled"}
|
||||
|
||||
class ChangePasswordRequest(BaseModel):
|
||||
current_password: str
|
||||
new_password: str
|
||||
|
||||
@router.post("/change-password")
|
||||
async def change_password(req: ChangePasswordRequest, current_user: str = Depends(auth.get_current_user)):
|
||||
if not auth.verify_password(req.current_password, auth.load_password_hash()):
|
||||
raise HTTPException(status_code=400, detail="Current password is incorrect")
|
||||
if len(req.new_password) < 8:
|
||||
raise HTTPException(status_code=400, detail="Password must be at least 8 characters")
|
||||
auth.save_password_hash(auth.get_password_hash(req.new_password))
|
||||
return {"message": "Password changed successfully"}
|
||||
|
||||
@@ -16,7 +16,7 @@ async def ws_endpoint(websocket: WebSocket, user: str = Depends(auth.get_current
|
||||
return
|
||||
|
||||
|
||||
await ws.accept()
|
||||
await websocket.accept()
|
||||
master_fd, slave_fd = pty.openpty()
|
||||
pid = os.fork()
|
||||
|
||||
@@ -40,7 +40,7 @@ async def ws_endpoint(websocket: WebSocket, user: str = Depends(auth.get_current
|
||||
data = os.read(master_fd, 4096)
|
||||
if not data:
|
||||
break
|
||||
await ws.send_bytes(data)
|
||||
await websocket.send_bytes(data)
|
||||
except (OSError, WebSocketDisconnect):
|
||||
pass
|
||||
|
||||
@@ -53,7 +53,7 @@ async def ws_endpoint(websocket: WebSocket, user: str = Depends(auth.get_current
|
||||
|
||||
try:
|
||||
while True:
|
||||
msg = await ws.receive()
|
||||
msg = await websocket.receive()
|
||||
if "bytes" in msg and msg["bytes"]:
|
||||
data = msg["bytes"]
|
||||
# Handle resize: first byte 0x01 means resize message
|
||||
|
||||
@@ -5,6 +5,7 @@
|
||||
import Gitea from "./routes/Gitea.svelte";
|
||||
import Files from "./routes/Files.svelte";
|
||||
import Terminal from "./routes/Terminal.svelte";
|
||||
import Settings from "./routes/Settings.svelte";
|
||||
import Login from "./routes/Login.svelte";
|
||||
import { onMount } from "svelte";
|
||||
import { getToken, checkAuth, setToken } from "./lib/api.js";
|
||||
@@ -82,6 +83,8 @@
|
||||
<Files />
|
||||
{:else if page === "terminal"}
|
||||
<Terminal />
|
||||
{:else if page === "settings"}
|
||||
<Settings />
|
||||
{/if}
|
||||
</div>
|
||||
</main>
|
||||
|
||||
@@ -7,6 +7,7 @@
|
||||
{ id: "gitea", label: "Repos", icon: "git" },
|
||||
{ id: "files", label: "Files", icon: "folder" },
|
||||
{ id: "terminal", label: "Terminal", icon: "terminal" },
|
||||
{ id: "settings", label: "Settings", icon: "settings" },
|
||||
];
|
||||
|
||||
const external = [
|
||||
@@ -56,6 +57,8 @@
|
||||
<svg class="w-[18px] h-[18px]" fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="1.8"><path stroke-linecap="round" stroke-linejoin="round" d="M3 7v10a2 2 0 002 2h14a2 2 0 002-2V9a2 2 0 00-2-2h-6l-2-2H5a2 2 0 00-2 2z" /></svg>
|
||||
{:else if link.icon === "terminal"}
|
||||
<svg class="w-[18px] h-[18px]" fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="1.8"><path stroke-linecap="round" stroke-linejoin="round" d="M8 9l3 3-3 3m5 0h3M5 20h14a2 2 0 002-2V6a2 2 0 00-2-2H5a2 2 0 00-2 2v12a2 2 0 002 2z" /></svg>
|
||||
{:else if link.icon === "settings"}
|
||||
<svg class="w-[18px] h-[18px]" fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="1.8"><path stroke-linecap="round" stroke-linejoin="round" d="M10.325 4.317c.426-1.756 2.924-1.756 3.35 0a1.724 1.724 0 002.573 1.066c1.543-.94 3.31.826 2.37 2.37a1.724 1.724 0 001.066 2.573c1.756.426 1.756 2.924 0 3.35a1.724 1.724 0 00-1.066 2.573c.94 1.543-.826 3.31-2.37 2.37a1.724 1.724 0 00-2.573 1.066c-.426 1.756-2.924 1.756-3.35 0a1.724 1.724 0 00-2.573-1.066c-1.543.94-3.31-.826-2.37-2.37a1.724 1.724 0 00-1.066-2.573c-1.756-.426-1.756-2.924 0-3.35a1.724 1.724 0 001.066-2.573c-.94-1.543.826-3.31 2.37-2.37.996.608 2.296.07 2.572-1.065z" /><path stroke-linecap="round" stroke-linejoin="round" d="M15 12a3 3 0 11-6 0 3 3 0 016 0z" /></svg>
|
||||
{/if}
|
||||
</span>
|
||||
{link.label}
|
||||
|
||||
@@ -0,0 +1,62 @@
|
||||
<script>
|
||||
import { post } from "../lib/api.js";
|
||||
|
||||
let currentPassword = $state("");
|
||||
let newPassword = $state("");
|
||||
let confirmPassword = $state("");
|
||||
let message = $state("");
|
||||
let error = $state("");
|
||||
let saving = $state(false);
|
||||
|
||||
async function changePassword() {
|
||||
error = "";
|
||||
message = "";
|
||||
if (newPassword !== confirmPassword) { error = "Passwords do not match"; return; }
|
||||
if (newPassword.length < 8) { error = "Password must be at least 8 characters"; return; }
|
||||
saving = true;
|
||||
try {
|
||||
await post("/auth/change-password", { current_password: currentPassword, new_password: newPassword });
|
||||
message = "Password changed successfully";
|
||||
currentPassword = ""; newPassword = ""; confirmPassword = "";
|
||||
} catch (e) {
|
||||
error = e.body?.detail || "Failed to change password";
|
||||
}
|
||||
saving = false;
|
||||
}
|
||||
</script>
|
||||
|
||||
<div class="space-y-6">
|
||||
<div>
|
||||
<h1 class="text-2xl font-bold text-surface-900 tracking-tight">Settings</h1>
|
||||
<p class="text-sm text-surface-400 mt-1">Account and security settings</p>
|
||||
</div>
|
||||
|
||||
<div class="bg-white rounded-xl border border-surface-200 p-6 shadow-sm max-w-md">
|
||||
<h3 class="text-sm font-semibold text-surface-700 mb-4">Change Password</h3>
|
||||
|
||||
{#if message}
|
||||
<div class="text-sm text-emerald-600 bg-emerald-50 px-3 py-2 rounded-lg mb-4">{message}</div>
|
||||
{/if}
|
||||
{#if error}
|
||||
<div class="text-sm text-rose-600 bg-rose-50 px-3 py-2 rounded-lg mb-4">{error}</div>
|
||||
{/if}
|
||||
|
||||
<form onsubmit={(e) => { e.preventDefault(); changePassword(); }} class="space-y-3">
|
||||
<div>
|
||||
<label class="block text-xs font-medium text-surface-500 mb-1">Current Password</label>
|
||||
<input type="password" bind:value={currentPassword} required class="w-full px-3 py-2 text-sm border border-surface-200 rounded-lg focus:outline-none focus:ring-2 focus:ring-primary-500" />
|
||||
</div>
|
||||
<div>
|
||||
<label class="block text-xs font-medium text-surface-500 mb-1">New Password</label>
|
||||
<input type="password" bind:value={newPassword} required class="w-full px-3 py-2 text-sm border border-surface-200 rounded-lg focus:outline-none focus:ring-2 focus:ring-primary-500" />
|
||||
</div>
|
||||
<div>
|
||||
<label class="block text-xs font-medium text-surface-500 mb-1">Confirm New Password</label>
|
||||
<input type="password" bind:value={confirmPassword} required class="w-full px-3 py-2 text-sm border border-surface-200 rounded-lg focus:outline-none focus:ring-2 focus:ring-primary-500" />
|
||||
</div>
|
||||
<button type="submit" disabled={saving} class="w-full px-4 py-2 text-sm font-medium text-white bg-primary-600 hover:bg-primary-700 rounded-lg transition-colors disabled:opacity-50">
|
||||
{saving ? "Saving..." : "Change Password"}
|
||||
</button>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
@@ -0,0 +1,70 @@
|
||||
services:
|
||||
immich-server:
|
||||
image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
|
||||
container_name: immich-server
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- "2283:2283"
|
||||
volumes:
|
||||
- ${UPLOAD_LOCATION}:/usr/src/app/upload
|
||||
- /volume1/photo:/mnt/photo:ro
|
||||
- /volume1/homes/zjgump/Photos:/mnt/synology-photos:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
environment:
|
||||
DB_HOSTNAME: immich-db
|
||||
DB_USERNAME: ${DB_USERNAME}
|
||||
DB_PASSWORD: ${DB_PASSWORD}
|
||||
DB_DATABASE_NAME: ${DB_DATABASE_NAME}
|
||||
REDIS_HOSTNAME: immich-redis
|
||||
IMMICH_MACHINE_LEARNING_ENABLED: "false"
|
||||
depends_on:
|
||||
- immich-redis
|
||||
- immich-db
|
||||
networks:
|
||||
- immich
|
||||
logging:
|
||||
driver: json-file
|
||||
options:
|
||||
max-size: "10m"
|
||||
max-file: "3"
|
||||
|
||||
immich-redis:
|
||||
image: redis:7-alpine
|
||||
container_name: immich-redis
|
||||
restart: unless-stopped
|
||||
healthcheck:
|
||||
test: redis-cli ping || exit 1
|
||||
networks:
|
||||
- immich
|
||||
logging:
|
||||
driver: json-file
|
||||
options:
|
||||
max-size: "10m"
|
||||
max-file: "3"
|
||||
|
||||
immich-db:
|
||||
image: tensorchord/pgvecto-rs:pg16-v0.2.0
|
||||
container_name: immich-db
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
POSTGRES_USER: ${DB_USERNAME}
|
||||
POSTGRES_PASSWORD: ${DB_PASSWORD}
|
||||
POSTGRES_DB: ${DB_DATABASE_NAME}
|
||||
POSTGRES_INITDB_ARGS: "--data-checksums"
|
||||
volumes:
|
||||
- ${DB_DATA_LOCATION}:/var/lib/postgresql/data
|
||||
healthcheck:
|
||||
test: pg_isready --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' || exit 1
|
||||
interval: 30s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
networks:
|
||||
- immich
|
||||
logging:
|
||||
driver: json-file
|
||||
options:
|
||||
max-size: "10m"
|
||||
max-file: "3"
|
||||
|
||||
networks:
|
||||
immich:
|
||||
Reference in New Issue
Block a user