添加更好的身份认证，服务器从机注册系统，更好的配置管理等

Author: Sunwuyuan

.dockerignore

@@ -0,0 +1,34 @@
+# 版本控制
+.git
+.gitignore
+
+# 依赖
+node_modules
+npm-debug.log
+yarn-debug.log
+yarn-error.log
+
+# 环境文件
+.env
+.env.local
+.env.*.local
+
+# 编辑器文件
+.vscode
+.idea
+*.swp
+*.swo
+
+# 系统文件
+.DS_Store
+Thumbs.db
+
+# 构建输出
+build
+dist
+*.log
+
+# Docker相关
+Dockerfile
+.dockerignore
+docker-compose*.yml

Dockerfile

@@ -1,115 +1,28 @@
-FROM ubuntu:22.04
+FROM node:18-slim
 
-# 避免交互式提示
-ENV DEBIAN_FRONTEND=noninteractive
-
-# 设置时区
-ENV TZ=Asia/Shanghai
-RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
+# 设置工作目录
+WORKDIR /app
 
-# 安装基础工具和依赖
+# 安装基本工具
 RUN apt-get update && apt-get install -y \
-    sudo \
     curl \
-    wget \
-    git \
-    vim \
-    bash \
-    build-essential \
-    software-properties-common \
-    apt-transport-https \
-    ca-certificates \
-    gnupg \
-    lsb-release \
-    zsh \
-    tmux \
-    htop \
-    tree \
-    jq \
-    unzip \
-    openssh-client \
-    postgresql-client \
-    redis-tools \
-    make \
-    gcc \
-    g++ \
-    libssl-dev \
-    zlib1g-dev \
-    libbz2-dev \
-    libreadline-dev \
-    libsqlite3-dev \
-    libncursesw5-dev \
-    xz-utils \
-    tk-dev \
-    libxml2-dev \
-    libxmlsec1-dev \
-    libffi-dev \
-    liblzma-dev \
     && rm -rf /var/lib/apt/lists/*
 
-# 创建非root用户
-RUN useradd -m -s /bin/bash zerocat \
-    && echo "zerocat ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/zerocat \
-    && chmod 0440 /etc/sudoers.d/zerocat
-
-# 设置工作目录
-WORKDIR /home/zerocat
-
-# 安装 pyenv
-USER zerocat
-RUN curl https://pyenv.run | bash
-ENV PYENV_ROOT="/home/zerocat/.pyenv"
-ENV PATH="$PYENV_ROOT/bin:$PATH"
-RUN echo 'export PYENV_ROOT="$HOME/.pyenv"' >> ~/.bashrc && \
-    echo 'command -v pyenv >/dev/null || export PATH="$PYENV_ROOT/bin:$PATH"' >> ~/.bashrc && \
-    echo 'eval "$(pyenv init --path)"' >> ~/.bashrc && \
-    echo 'eval "$(pyenv init -)"' >> ~/.bashrc
-
-# 使用 pyenv 安装 Python 版本并安装包
-SHELL ["/bin/bash", "-l", "-c"]
-RUN pyenv install 3.8.18 && \
-    pyenv install 3.11.8 && \
-    pyenv global 3.11.8 && \
-    eval "$(pyenv init -)" && \
-    eval "$(pyenv init --path)" && \
-    $PYENV_ROOT/versions/3.11.8/bin/python -m pip install --upgrade pip && \
-    $PYENV_ROOT/versions/3.11.8/bin/python -m pip install \
-    ipython \
-    poetry \
-    virtualenv \
-    black \
-    flake8 \
-    mypy \
-    pytest \
-    requests
-
-# 安装 nvm
-ENV NVM_DIR="/home/zerocat/.nvm"
-RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash \
-    && . "$NVM_DIR/nvm.sh" \
-    && nvm install 16 \
-    && nvm install 18 \
-    && nvm alias default 18 \
-    && nvm use default \
-    && npm install -g yarn pnpm typescript ts-node
-
-# 设置权限
-USER root
-RUN chown -R zerocat:zerocat /home/zerocat
+# 复制package文件
+COPY package*.json ./
+COPY pnpm-lock.yaml ./
 
-# 切换到非root用户
-USER zerocat
+# 安装pnpm
+RUN npm install -g pnpm
 
-# 设置SHELL环境变量
-ENV SHELL=/bin/bash
+# 安装依赖
+RUN pnpm install
 
-# 配置终端
-RUN echo 'export PS1="\[\e[01;32m\]\u@\h\[\e[0m\]:\[\e[01;34m\]\w\[\e[0m\]\$ "' >> ~/.bashrc
+# 复制应用代码
+COPY . .
 
-# 添加环境变量到 .bashrc
-RUN echo 'export NVM_DIR="$HOME/.nvm"' >> ~/.bashrc \
-    && echo '[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"' >> ~/.bashrc \
-    && echo '[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"' >> ~/.bashrc
+# 暴露端口
+EXPOSE 3000
 
-# 设置容器启动命令
-CMD ["/bin/bash", "-l"]
+# 启动命令
+CMD ["pnpm", "start"]

app.js

@@ -3,7 +3,7 @@ const path = require('path');
 const cookieParser = require('cookie-parser');
 const logger = require('morgan');
 const WebSocket = require('ws');
-const terminalService = require('./services/terminal');
+const { terminalService } = require('./services/terminal');
 const adminService = require('./services/admin');
 const { validateToken } = require('./middleware/auth');
 const jwt = require('jsonwebtoken');
@@ -25,7 +25,7 @@ app.set('view engine', 'ejs');
 app.use(logger(config.logging.format));
 app.use(express.json());
 app.use(express.urlencoded({ extended: false }));
-app.use(cookieParser(config.security.cookieSecret));
+app.use(cookieParser());
 app.use(express.static(path.join(__dirname, 'public')));
 app.use(bodyParser.urlencoded({ limit: "100mb", extended: false }));
 app.use(bodyParser.json({ limit: "100mb" }));

bin/www

@@ -12,7 +12,7 @@ const http = require('http');
  * Get port from environment and store in Express.
  */
 
-const port = normalizePort(process.env.PORT || '3033');
+const port = normalizePort(process.env.PORT || '3000');
 app.set('port', port);
 
 /**

build-images/zerocat-ubuntu/Dockerfile

@@ -0,0 +1,115 @@
+FROM ubuntu:22.04
+
+# 避免交互式提示
+ENV DEBIAN_FRONTEND=noninteractive
+
+# 设置时区
+ENV TZ=Asia/Shanghai
+RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
+
+# 安装基础工具和依赖
+RUN apt-get update && apt-get install -y \
+    sudo \
+    curl \
+    wget \
+    git \
+    vim \
+    bash \
+    build-essential \
+    software-properties-common \
+    apt-transport-https \
+    ca-certificates \
+    gnupg \
+    lsb-release \
+    zsh \
+    tmux \
+    htop \
+    tree \
+    jq \
+    unzip \
+    openssh-client \
+    postgresql-client \
+    redis-tools \
+    make \
+    gcc \
+    g++ \
+    libssl-dev \
+    zlib1g-dev \
+    libbz2-dev \
+    libreadline-dev \
+    libsqlite3-dev \
+    libncursesw5-dev \
+    xz-utils \
+    tk-dev \
+    libxml2-dev \
+    libxmlsec1-dev \
+    libffi-dev \
+    liblzma-dev \
+    && rm -rf /var/lib/apt/lists/*
+
+# 创建非root用户
+RUN useradd -m -s /bin/bash zerocat \
+    && echo "zerocat ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/zerocat \
+    && chmod 0440 /etc/sudoers.d/zerocat
+
+# 设置工作目录
+WORKDIR /home/zerocat
+
+# 安装 pyenv
+USER zerocat
+RUN curl https://pyenv.run | bash
+ENV PYENV_ROOT="/home/zerocat/.pyenv"
+ENV PATH="$PYENV_ROOT/bin:$PATH"
+RUN echo 'export PYENV_ROOT="$HOME/.pyenv"' >> ~/.bashrc && \
+    echo 'command -v pyenv >/dev/null || export PATH="$PYENV_ROOT/bin:$PATH"' >> ~/.bashrc && \
+    echo 'eval "$(pyenv init --path)"' >> ~/.bashrc && \
+    echo 'eval "$(pyenv init -)"' >> ~/.bashrc
+
+# 使用 pyenv 安装 Python 版本并安装包
+SHELL ["/bin/bash", "-l", "-c"]
+RUN pyenv install 3.8.18 && \
+    pyenv install 3.11.8 && \
+    pyenv global 3.11.8 && \
+    eval "$(pyenv init -)" && \
+    eval "$(pyenv init --path)" && \
+    $PYENV_ROOT/versions/3.11.8/bin/python -m pip install --upgrade pip && \
+    $PYENV_ROOT/versions/3.11.8/bin/python -m pip install \
+    ipython \
+    poetry \
+    virtualenv \
+    black \
+    flake8 \
+    mypy \
+    pytest \
+    requests
+
+# 安装 nvm
+ENV NVM_DIR="/home/zerocat/.nvm"
+RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash \
+    && . "$NVM_DIR/nvm.sh" \
+    && nvm install 16 \
+    && nvm install 18 \
+    && nvm alias default 18 \
+    && nvm use default \
+    && npm install -g yarn pnpm typescript ts-node
+
+# 设置权限
+USER root
+RUN chown -R zerocat:zerocat /home/zerocat
+
+# 切换到非root用户
+USER zerocat
+
+# 设置SHELL环境变量
+ENV SHELL=/bin/bash
+
+# 配置终端
+RUN echo 'export PS1="\[\e[01;32m\]\u@\h\[\e[0m\]:\[\e[01;34m\]\w\[\e[0m\]\$ "' >> ~/.bashrc
+
+# 添加环境变量到 .bashrc
+RUN echo 'export NVM_DIR="$HOME/.nvm"' >> ~/.bashrc \
+    && echo '[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"' >> ~/.bashrc \
+    && echo '[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"' >> ~/.bashrc
+
+# 设置容器启动命令
+CMD ["/bin/bash", "-l"]

config/index.js

@@ -7,8 +7,8 @@ const config = {
   },
 
   jwt: {
-    secret: process.env.JWT_SECRET || 'G2QSZJiPGnNl4cSbQqw5uwCk9KynJQ',
-    expiresIn: process.env.JWT_EXPIRES_IN || '24h',
+    secret: '', // 将从云端获取
+    expiresIn: '24h',
   },
 
   site: {
@@ -28,19 +28,20 @@ const config = {
     format: process.env.LOG_FORMAT || 'dev',
   },
 
-  security: {
-    cookieSecret: process.env.COOKIE_SECRET || 'your-cookie-secret',
-    secureCookies: process.env.SECURE_COOKIES === 'true',
+  admin: {
+    enabled: process.env.ADMIN_ENABLED !== 'false', // 默认为true
+    poolSize: parseInt(process.env.ADMIN_POOL_SIZE, 10) || 2,
+    reportInterval: parseInt(process.env.ADMIN_REPORT_INTERVAL, 10) || 60000,
+    lastConfigUpdate: new Date(),
+    lastReport: new Date()
   }
 };
 
 // 验证必需的配置
 function validateConfig() {
   const requiredInProduction = [
-    'JWT_SECRET',
     'AUTH_SITE',
-    'AUTH_TOKEN',
-    'COOKIE_SECRET'
+    'AUTH_TOKEN'
   ];
 
   if (config.server.env === 'production') {
@@ -49,19 +50,15 @@ function validateConfig() {
         throw new Error(`Missing required environment variable in production: ${key}`);
       }
     }
-
-    // 在生产环境强制启用安全cookie
-    config.security.secureCookies = true;
   }
 }
 
 // 打印配置信息（隐藏敏感信息）
 function logConfig() {
   const sanitizedConfig = JSON.parse(JSON.stringify(config));
   // 隐藏敏感信息
-  sanitizedConfig.jwt.secret = '***';
   sanitizedConfig.site.authToken = '***';
-  sanitizedConfig.security.cookieSecret = '***';
+  sanitizedConfig.jwt.secret = '***';
 
   console.log('[Config] 📝 当前配置');
   //console.log(JSON.stringify(sanitizedConfig, null, 2));

docker-compose.yml

@@ -0,0 +1,24 @@
+version: '3.8'
+
+services:
+  coderun:
+    build: .
+    container_name: coderun
+    ports:
+      - "3033:3000"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - zerocat-coderun-data:/app/data
+    environment:
+      - NODE_ENV=production
+      - DOCKER_SOCKET=/var/run/docker.sock
+      - AUTH_SITE=http://host.docker.internal:3000
+      - AUTH_TOKEN=oin8z2di3vzdxoyifj2dp
+    restart: unless-stopped
+    networks:
+      - coderun-net
+
+
+networks:
+  coderun-net:
+    driver: bridge