Merge branch 'release' into main

Signed-off-by: Mariano Fuentes <[email protected]>

Author: Marfuen

apps/app/src/jobs/tasks/device/create-fleet-label-for-org.ts

@@ -1,7 +1,8 @@
 import { getFleetInstance } from '@/lib/fleet';
 import { db } from '@db';
-import { logger, queue, task } from '@trigger.dev/sdk';
 
+import { logger, queue, task } from '@trigger.dev/sdk';
+import { AxiosError } from 'axios';
 // Optional: define a queue if we want to control concurrency in v4
 const fleetQueue = queue({ name: 'create-fleet-label-for-org', concurrencyLimit: 10 });
 
@@ -46,25 +47,73 @@ export const createFleetLabelForOrg = task({
 
     const fleet = await getFleetInstance();
 
-    // Create a manual label that we can assign to hosts.
-    const response = await fleet.post('/labels', {
-      name: organization.id,
-      query: query,
-    });
+    let labelResponse = null;
 
-    logger.info('Label created', {
-      labelId: response.data.label.id,
-    });
+    try {
+      // Create a manual label that we can assign to hosts.
+      labelResponse = await fleet.post('/labels', {
+        name: organization.id,
+        query: query,
+      });
 
-    // Store label ID in organization.
-    await db.organization.update({
-      where: {
-        id: organizationId,
-      },
-      data: {
-        fleetDmLabelId: response.data.label.id,
-      },
-    });
+      logger.info('Label created', {
+        labelId: labelResponse.data.label.id,
+      });
+    } catch (error) {
+      if (error instanceof AxiosError && error.response?.status === 409) {
+        const fleetError = error.response.data;
+        logger.info('Fleet label already exists for organization', {
+          organizationId,
+          httpStatus: error.response.status,
+          httpStatusText: error.response.statusText,
+          fleetMessage: fleetError?.message,
+          fleetErrors: fleetError?.errors,
+          fleetUuid: fleetError?.uuid,
+          axiosMessage: error.message,
+          url: error.config?.url,
+          method: error.config?.method,
+          fullResponseData: error.response.data,
+        });
+        // Continue with the rest of the flow even if label exists
+      } else {
+        const fleetError = error instanceof AxiosError ? error.response?.data : null;
+        logger.error('Error creating Fleet label', {
+          organizationId,
+          httpStatus: error instanceof AxiosError ? error.response?.status : undefined,
+          httpStatusText: error instanceof AxiosError ? error.response?.statusText : undefined,
+          fleetMessage: fleetError?.message,
+          fleetErrors: fleetError?.errors,
+          fleetUuid: fleetError?.uuid,
+          axiosMessage: error instanceof Error ? error.message : String(error),
+          stack: error instanceof Error ? error.stack : undefined,
+          url: error instanceof AxiosError ? error.config?.url : undefined,
+          method: error instanceof AxiosError ? error.config?.method : undefined,
+          fullResponseData: fleetError,
+        });
+        throw error;
+      }
+    }
+
+    // Store label ID in organization (only if we got a successful response)
+    if (labelResponse && labelResponse.data?.label?.id) {
+      await db.organization.update({
+        where: {
+          id: organizationId,
+        },
+        data: {
+          fleetDmLabelId: labelResponse.data.label.id,
+        },
+      });
+
+      logger.info('Stored Fleet label ID in organization', {
+        organizationId,
+        labelId: labelResponse.data.label.id,
+      });
+    } else {
+      logger.info('Skipping Fleet label ID storage - label already exists or creation failed', {
+        organizationId,
+      });
+    }
 
     try {
       await db.organization.update({
@@ -73,7 +122,7 @@ export const createFleetLabelForOrg = task({
           isFleetSetupCompleted: true,
         },
       });
-      logger.info(`Stored S3 bundle URL for organization ${organizationId}`);
+      logger.info(`Updated organization ${organizationId} to mark fleet setup as completed`);
     } catch (error) {
       logger.error('Error in fleetctl packaging or S3 upload process', {
         error,

apps/portal/src/app/api/download-agent/fleet-label.ts

@@ -11,22 +11,61 @@ export async function createFleetLabel({
   fleetDevicePathMac,
   fleetDevicePathWindows,
 }: CreateFleetLabelParams): Promise<void> {
+  logger('createFleetLabel function called', {
+    employeeId,
+    memberId,
+    os,
+    fleetDevicePathMac,
+    fleetDevicePathWindows,
+  });
+
   try {
+    logger('Getting Fleet instance...');
     const fleet = await getFleetInstance();
+    logger('Fleet instance obtained successfully');
 
     // Create platform-specific query
     const query =
       os === 'macos'
         ? `SELECT 1 FROM file WHERE path = '${fleetDevicePathMac}/${employeeId}' LIMIT 1;`
         : `SELECT 1 FROM file WHERE path = '${fleetDevicePathWindows}\\${employeeId}' LIMIT 1;`;
 
+    logger('Generated Fleet query for label creation', {
+      employeeId,
+      os,
+      query,
+    });
+
+    logger('Sending POST request to Fleet API to create label...', {
+      labelName: employeeId,
+      endpoint: '/labels',
+      requestBody: {
+        name: employeeId,
+        query: query,
+      },
+    });
+
     const response = await fleet.post('/labels', {
       name: employeeId,
       query: query,
     });
 
+    logger('Fleet API response received', {
+      status: response.status,
+      statusText: response.statusText,
+      labelId: response.data?.label?.id,
+      responseData: response.data,
+      headers: response.headers,
+    });
+
     const labelId = response.data.label.id;
 
+    logger('Updating member record with Fleet label ID', {
+      memberId,
+      labelId,
+      employeeId,
+    });
+
     await db.member.update({
       where: {
         id: memberId,
@@ -35,11 +74,47 @@ export async function createFleetLabel({
         fleetDmLabelId: labelId,
       },
     });
+
+    logger('Member record updated successfully with Fleet label ID', {
+      memberId,
+      labelId,
+      employeeId,
+    });
   } catch (error) {
     if (error instanceof AxiosError && error.response?.status === 409) {
       // Label already exists, which is fine.
-      logger('Fleet label already exists, skipping creation.', { employeeId });
+      const fleetError = error.response.data;
+      logger('Fleet label already exists, skipping creation.', {
+        employeeId,
+        httpStatus: error.response.status,
+        httpStatusText: error.response.statusText,
+        fleetMessage: fleetError?.message,
+        fleetErrors: fleetError?.errors,
+        fleetUuid: fleetError?.uuid,
+        axiosMessage: error.message,
+        url: error.config?.url,
+        method: error.config?.method,
+        fullResponseData: error.response.data,
+      });
     } else {
+      // Log the error details before re-throwing
+      const fleetError = error instanceof AxiosError ? error.response?.data : null;
+      logger('Error creating Fleet label', {
+        employeeId,
+        memberId,
+        os,
+        httpStatus: error instanceof AxiosError ? error.response?.status : undefined,
+        httpStatusText: error instanceof AxiosError ? error.response?.statusText : undefined,
+        fleetMessage: fleetError?.message,
+        fleetErrors: fleetError?.errors,
+        fleetUuid: fleetError?.uuid,
+        axiosMessage: error instanceof Error ? error.message : String(error),
+        stack: error instanceof Error ? error.stack : undefined,
+        url: error instanceof AxiosError ? error.config?.url : undefined,
+        method: error instanceof AxiosError ? error.config?.method : undefined,
+        fullResponseData: fleetError,
+      });
+
       // Re-throw other errors
       throw error;
     }

apps/portal/src/app/api/download-agent/route.ts

@@ -1,21 +1,17 @@
-import { auth } from '@/app/lib/auth';
 import { logger } from '@/utils/logger';
 import { s3Client } from '@/utils/s3';
 import { GetObjectCommand } from '@aws-sdk/client-s3';
 import { client as kv } from '@comp/kv';
 import archiver from 'archiver';
 import { type NextRequest, NextResponse } from 'next/server';
 import { PassThrough, Readable } from 'stream';
-import { createFleetLabel } from './fleet-label';
 import {
   generateMacScript,
   generateWindowsScript,
   getPackageFilename,
   getReadmeContent,
   getScriptFilename,
 } from './scripts';
-import type { DownloadAgentRequest, SupportedOS } from './types';
-import { detectOSFromUserAgent, validateMemberAndOrg } from './utils';
 
 // GET handler for direct browser downloads using token
 export async function GET(req: NextRequest) {
@@ -110,132 +106,3 @@ export async function GET(req: NextRequest) {
     return new NextResponse('Failed to create download', { status: 500 });
   }
 }
-
-// POST handler remains the same for backward compatibility or direct API usage
-export async function POST(req: NextRequest) {
-  // Authentication
-  const session = await auth.api.getSession({
-    headers: req.headers,
-  });
-
-  if (!session?.user) {
-    return new NextResponse('Unauthorized', { status: 401 });
-  }
-
-  // Validate request body
-  const { orgId, employeeId }: DownloadAgentRequest = await req.json();
-
-  if (!orgId || !employeeId) {
-    return new NextResponse('Missing orgId or employeeId', { status: 400 });
-  }
-
-  // Auto-detect OS from User-Agent
-  const userAgent = req.headers.get('user-agent');
-  const detectedOS = detectOSFromUserAgent(userAgent);
-
-  if (!detectedOS) {
-    return new NextResponse(
-      'Could not detect OS from User-Agent. Please use a standard browser on macOS or Windows.',
-      { status: 400 },
-    );
-  }
-
-  const os = detectedOS;
-  logger('Auto-detected OS from User-Agent', { os, userAgent });
-
-  // Check environment configuration
-  const fleetDevicePathMac = process.env.FLEET_DEVICE_PATH_MAC;
-  const fleetDevicePathWindows = process.env.FLEET_DEVICE_PATH_WINDOWS;
-  const fleetBucketName = process.env.FLEET_AGENT_BUCKET_NAME;
-
-  if (!fleetDevicePathMac || !fleetDevicePathWindows) {
-    logger(
-      'FLEET_DEVICE_PATH_MAC or FLEET_DEVICE_PATH_WINDOWS not configured in environment variables',
-    );
-    return new NextResponse(
-      'Server configuration error: FLEET_DEVICE_PATH_MAC or FLEET_DEVICE_PATH_WINDOWS is missing.',
-      {
-        status: 500,
-      },
-    );
-  }
-
-  if (!fleetBucketName) {
-    return new NextResponse('Server configuration error: Fleet bucket name is missing.', {
-      status: 500,
-    });
-  }
-
-  // Validate member and organization
-  const member = await validateMemberAndOrg(session.user.id, orgId);
-  if (!member) {
-    return new NextResponse('Member not found or organization invalid', { status: 404 });
-  }
-
-  // Generate OS-specific script
-  const fleetDevicePath = os === 'macos' ? fleetDevicePathMac : fleetDevicePathWindows;
-  const script =
-    os === 'macos'
-      ? generateMacScript({ orgId, employeeId, fleetDevicePath })
-      : generateWindowsScript({ orgId, employeeId, fleetDevicePath });
-
-  try {
-    // Create Fleet label
-    await createFleetLabel({
-      employeeId,
-      memberId: member.id,
-      os: os as SupportedOS,
-      fleetDevicePathMac,
-      fleetDevicePathWindows,
-    });
-
-    // Create a passthrough stream for the response
-    const passThrough = new PassThrough();
-    const archive = archiver('zip', { zlib: { level: 9 } });
-
-    // Pipe archive to passthrough
-    archive.pipe(passThrough);
-
-    // Add script file
-    const scriptFilename = getScriptFilename(os);
-    archive.append(script, { name: scriptFilename, mode: 0o755 });
-
-    // Add README
-    const readmeContent = getReadmeContent(os);
-    archive.append(readmeContent, { name: 'README.txt' });
-
-    // Get package from S3 and stream it
-    const packageFilename = getPackageFilename(os);
-    const packageKey = `${os}/fleet-osquery.${os === 'macos' ? 'pkg' : 'msi'}`;
-
-    const getObjectCommand = new GetObjectCommand({
-      Bucket: fleetBucketName,
-      Key: packageKey,
-    });
-
-    const s3Response = await s3Client.send(getObjectCommand);
-
-    if (s3Response.Body) {
-      const s3Stream = s3Response.Body as Readable;
-      archive.append(s3Stream, { name: packageFilename, store: true });
-    }
-
-    // Finalize the archive
-    archive.finalize();
-
-    // Convert Node.js stream to Web Stream for NextResponse
-    const webStream = Readable.toWeb(passThrough) as unknown as ReadableStream;
-
-    // Return streaming response
-    return new NextResponse(webStream, {
-      headers: {
-        'Content-Type': 'application/zip',
-        'Content-Disposition': `attachment; filename="compai-device-agent-${os}.zip"`,
-        'Cache-Control': 'no-cache',
-      },
-    });
-  } catch (error) {
-    logger('Error creating agent download', { error });
-    return new NextResponse('Failed to create download', { status: 500 });
-  }
-}