vcordes/lxd-app
1
0
Fork 0
forked from urvishpatelce/lxd-app
Code Pull Requests 1 Activity

Refactor logic

Browse Source
This commit is contained in:
Urvish Patel
2025-07-17 13:05:19 +02:00
parent 6d055f4fad
commit 070dfa2764
9 changed files with 232 additions and 250 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
.DS_Store vendored
View File

Binary file not shown.

1
backend/app/.env
View File

@ -1,5 +1,6 @@
MAIN_DOMAIN=lxdapp.local MAIN_DOMAIN=lxdapp.local
MAIN_COOKIE_DOMAIN=.lxdapp.local MAIN_COOKIE_DOMAIN=.lxdapp.local
LXC_PATH=/snap/bin/lxc
LXD_API_URL=https://localhost:8443 LXD_API_URL=https://localhost:8443
LXD_CLIENT_CERT=/etc/ssl/lxdapp/client.crt LXD_CLIENT_CERT=/etc/ssl/lxdapp/client.crt
LXD_CLIENT_KEY=/etc/ssl/lxdapp/client.key LXD_CLIENT_KEY=/etc/ssl/lxdapp/client.key

97
backend/app/public/index.php
View File

@ -6,11 +6,13 @@ use DI\ContainerBuilder;
use Slim\Factory\AppFactory; use Slim\Factory\AppFactory;
use Dotenv\Dotenv; use Dotenv\Dotenv;
use App\Middleware\CorsMiddleware; use App\Middleware\CorsMiddleware;
use Psr\Http\Message\ServerRequestInterface; use Psr\Http\Message\ServerRequestInterface as Request;
use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ResponseInterface as Response;
use App\Controllers\CaptchaController; use App\Controllers\CaptchaController;
use App\Controllers\ProxyController;
use App\Controllers\LoginController; use App\Controllers\LoginController;
use App\Services\LxdService;
use Zounar\PHPProxy\Proxy;
use App\Utils\LogWriterHelper;
require __DIR__ . '/../vendor/autoload.php'; require __DIR__ . '/../vendor/autoload.php';
@ -71,7 +73,94 @@ $app->group('/api', function ($group) {
}); });
$app->any('/{routes:.*}', [ProxyController::class, 'forward']); $app->any('/{routes:.*}', function (Request $request, Response $response, array $args) {
try {
$mainDomain = $_ENV['MAIN_DOMAIN'] ?? 'lxdapp.local';
$origin = $request->getHeaderLine('Origin');
if (!empty($origin)) {
$domain = parse_url($origin, PHP_URL_HOST);
} else {
$domain = $request->getHeaderLine('Host');
}
$configPath = __DIR__ . '/../config.json';
$config = file_exists($configPath) ? json_decode(file_get_contents($configPath), true) : [];
$name = $config[$domain] ?? null;
$lxd = new LxdService();
if (!$name) {
return jsonResponse($response, ['status' => 'error', 'message' => 'Container does not exist.'], 404);
}
if (!$lxd->containerExists($name)) {
return jsonResponse($response, ['status' => 'error', 'message' => 'Container does not exist.'], 404);
}
$containerInfo = $lxd->getContainerState($name);
$status = $containerInfo['metadata']['status'] ?? 'Stopped';
if ($status !== 'Running') {
$redirectUrl = (string) $request->getUri();
return $response
->withHeader('Location', 'app/?auth=ok&redirect=' . urlencode($redirectUrl))
->withStatus(302);
}
$ip = $lxd->getContainerIP($name);
if (!$ip) {
return jsonResponse($response, ['status' => 'error', 'message' => 'Could not fetch container IP'], 500);
}
// BEGIN Proxy logic
$baseUrl = "http://$ip/";
$uri = $request->getUri();
$path = $uri->getPath();
$prefix = '/api/';
if (strpos($path, $prefix) === 0) {
$path = substr($path, strlen($prefix));
if ($path === '') {
$path = '/';
}
}
$query = $uri->getQuery();
$targetUrl = $baseUrl . $path . ($query ? '?' . $query : '');
Proxy::$AUTH_KEY = $_ENV['AUTH_KEY'] ?? 'YOUR_DEFAULT_AUTH_KEY';
Proxy::$ENABLE_AUTH = true;
Proxy::$HEADER_HTTP_PROXY_AUTH = 'HTTP_PROXY_AUTH';
$_SERVER['HTTP_PROXY_AUTH'] = Proxy::$AUTH_KEY;
$_SERVER['HTTP_PROXY_TARGET_URL'] = $targetUrl;
$responseCode = Proxy::run();
LogWriterHelper::write($name, $targetUrl);
return $response;
} catch (\Throwable $e) {
return jsonResponse($response, [
'status' => 'error',
'message' => 'Internal Server Error: ' . $e->getMessage()
], 500);
}
});
/**
* JSON response helper
*/
function jsonResponse(Response $response, array $data, int $status = 200): Response {
$payload = json_encode($data, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
$response->getBody()->write($payload);
return $response
->withHeader('Content-Type', 'application/json')
->withHeader('Access-Control-Allow-Origin', '*')
->withStatus($status);
}
// Run app // Run app
$app->run(); $app->run();

27
backend/app/public/last-access-logs/testone.txt
View File

@ -1,27 +0,0 @@
2025-07-15 18:59:58 : http://lxdapp.local/api/login
2025-07-15 18:59:59 : http://10.110.90.24//demo
2025-07-15 19:00:26 : http://10.110.90.24//
2025-07-15 19:01:46 : http://lxdapp.local/api/login
2025-07-15 19:01:47 : http://10.110.90.24//
2025-07-15 19:02:21 : http://10.110.90.24//
2025-07-15 19:04:09 : http://lxdapp.local/api/login
2025-07-15 19:04:10 : http://10.110.90.24//
2025-07-15 19:11:18 : http://lxdapp.local/api/login
2025-07-15 19:11:18 : http://10.110.90.24//
2025-07-15 19:12:44 : http://10.110.90.24//sdfsd
2025-07-15 19:13:12 : http://10.110.90.24//
2025-07-15 19:17:17 : http://10.110.90.24//
2025-07-15 19:25:26 : http://testone.lxdapp.local/api/login
2025-07-15 19:25:28 : http://10.110.90.24//
2025-07-16 09:15:04 : http://10.110.90.24//
2025-07-16 09:21:18 : http://10.110.90.24//
2025-07-16 09:22:08 : http://testone.lxdapp.local/api/login
2025-07-16 09:22:09 : http://10.110.90.24//
2025-07-16 09:30:13 : http://10.110.90.24//
2025-07-16 09:32:41 : http://testone.lxdapp.local/api/login
2025-07-16 09:32:42 : http://10.110.90.24//
2025-07-16 09:33:50 : http://testone.lxdapp.local/api/login
2025-07-16 09:33:50 : http://10.110.90.24//
2025-07-16 09:33:58 : http://10.110.90.24//
2025-07-16 09:45:10 : http://10.110.90.24//
2025-07-16 09:45:12 : http://10.110.90.24//

12
backend/app/src/Controllers/LoginController.php
View File

@ -15,6 +15,8 @@ class LoginController
*/ */
public function index(ServerRequestInterface $request, ResponseInterface $response): ResponseInterface public function index(ServerRequestInterface $request, ResponseInterface $response): ResponseInterface
{ {
try {
$mainDomain = $_ENV['MAIN_DOMAIN'] ?? 'lxdapp.local'; $mainDomain = $_ENV['MAIN_DOMAIN'] ?? 'lxdapp.local';
$origin = $request->getHeaderLine('Origin'); $origin = $request->getHeaderLine('Origin');
@ -33,7 +35,7 @@ class LoginController
$captcha = new PCaptcha(); $captcha = new PCaptcha();
if (!$captcha->validate_captcha($params['panswer'])) { if (!$captcha->validate_captcha($params['panswer'])) {
return $this->json($response, ['status' => 'error', 'message' => 'Invalid CAPTCHA'], 200); return $this->json($response, ['status' => 'error', 'message' => 'Invalid CAPTCHA'], 400);
} }
$lxd = new LxdService(); $lxd = new LxdService();
@ -41,8 +43,6 @@ class LoginController
$status = $lxd->getContainerState($name)['metadata']['status'] ?? 'Stopped'; $status = $lxd->getContainerState($name)['metadata']['status'] ?? 'Stopped';
if ($status !== 'Running') { if ($status !== 'Running') {
$lxd->startContainer($name); $lxd->startContainer($name);
sleep(10);
} }
// Write log // Write log
@ -50,6 +50,12 @@ class LoginController
// Login success // Login success
return $this->json($response, ['status' => 'success', 'message' => 'Container started!']); return $this->json($response, ['status' => 'success', 'message' => 'Container started!']);
} catch (\Throwable $e) {
return $this->json($response, [
'status' => 'error',
'message' => $e->getMessage(),
], 500);
}
} }
/** /**

130
backend/app/src/Controllers/ProxyController.php
View File

@ -1,130 +0,0 @@
<?php
namespace App\Controllers;
use Psr\Http\Message\ServerRequestInterface as Request;
use Psr\Http\Message\ResponseInterface as Response;
use App\Services\LxdService;
use App\Lib\PCaptcha;
use Zounar\PHPProxy\Proxy;
use App\Utils\LogWriterHelper;
class ProxyController
{
/**
* Handles forwarding requests to the appropriate container.
*/
public function forward(Request $request, Response $response): Response
{
try {
$mainDomain = $_ENV['MAIN_DOMAIN'] ?? 'lxdapp.local';
$origin = $request->getHeaderLine('Origin');
if (!empty($origin)) {
$domain = parse_url($origin, PHP_URL_HOST);
} else {
$domain = $request->getHeaderLine('Host');
}
$configPath = __DIR__ . '/../../config.json';
$config = file_exists($configPath) ? json_decode(file_get_contents($configPath), true) : [];
$name = $config[$domain] ?? null;
$lxd = new LxdService();
// STEP 1: If container mapping not found
if (!$name) {
return $this->json($response, ['status' => 'error', 'message' => 'Container does not exist.'], 404);
}
// STEP 2: Check if container exists in LXD
if (!$lxd->containerExists($name)) {
return $this->json($response, ['status' => 'error', 'message' => 'Container does not exist.'], 404);
}
// STEP 4: Check container status
$containerInfo = $lxd->getContainerState($name);
$status = $containerInfo['metadata']['status'] ?? 'Stopped';
if ($status !== 'Running') {
// Container not running → redirect to login page
$scheme = $request->getUri()->getScheme(); // "http" or "https"
$redirectUrl = $request->getUri();
return $response
->withHeader('Location', 'app/?auth=ok&redirect=' . urlencode($redirectUrl))
->withStatus(302);
}
// STEP 5: Container is running → proxy request
$ip = $lxd->getContainerIP($name);
if (!$ip) {
return $this->json($response, ['status' => 'error', 'message' => 'Could not fetch container IP'], 500);
}
return $this->proxyToContainer($request, $response, $ip, $name);
} catch (\Throwable $e) {
// Global fallback for any exception
return $this->json($response, [
'status' => 'error',
'message' => 'Internal Server Error: ' . $e->getMessage()
], 500);
}
}
/**
* Sends a JSON response.
*/
protected function json($response, array $data, int $status = 200)
{
$payload = json_encode($data, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
$response->getBody()->write($payload);
return $response
->withHeader('Content-Type', 'application/json')
->withHeader('Access-Control-Allow-Origin', '*')
->withStatus($status);
}
/**
* Proxies the request to the container.
*/
private function proxyToContainer(Request $request, Response $response, string $ip, string $name): Response
{
$baseUrl = $ip ? "http://$ip/" : "http://127.0.0.1:3000";
$uri = $request->getUri();
$path = $uri->getPath();
// Remove /api/v1 prefix from path
$prefix = '/api/';
if (strpos($path, $prefix) === 0) {
$path = substr($path, strlen($prefix));
if ($path === '') {
$path = '/';
}
}
$query = $uri->getQuery();
$targetUrl = $baseUrl . $path . ($query ? '?' . $query : '');
Proxy::$AUTH_KEY = $_ENV['AUTH_KEY'] ?? 'Bj5pnZEX6DkcG6Nz6AjDUT1bvcGRVhRaXDuKDX9CjsEs2';
Proxy::$ENABLE_AUTH = true; // Enable auth
Proxy::$HEADER_HTTP_PROXY_AUTH = 'HTTP_PROXY_AUTH'; // Ensure it matches the key
$_SERVER['HTTP_PROXY_AUTH'] = $_ENV['AUTH_KEY'] ?? 'Bj5pnZEX6DkcG6Nz6AjDUT1bvcGRVhRaXDuKDX9CjsEs2';
$_SERVER['HTTP_PROXY_TARGET_URL'] = $targetUrl;
// Do your custom logic before running proxy
$responseCode = Proxy::run();
// Write log
LogWriterHelper::write($name, $targetUrl);
return $response;
}
}

52
backend/app/src/Services/LxdService.php
View File

@ -2,7 +2,6 @@
namespace App\Services; namespace App\Services;
use Exception; use Exception;
class LxdService class LxdService
{ {
private string $baseUrl; private string $baseUrl;
@ -100,6 +99,7 @@ class LxdService
* @throws Exception * @throws Exception
*/ */
public function startContainer(string $name): array { public function startContainer(string $name): array {
$startResponse = $this->request('PUT', "/1.0/instances/$name/state", [ $startResponse = $this->request('PUT', "/1.0/instances/$name/state", [
"action" => "start", "action" => "start",
"timeout" => 30, "timeout" => 30,
@ -120,10 +120,28 @@ class LxdService
} while ($startStatus < 200); } while ($startStatus < 200);
if ($startStatus >= 400) { if ($startStatus >= 400) {
throw new \Exception("Failed to start container: " . json_encode($startOpResp)); throw new \Exception("Failed to start container, Please try again.");
} }
return $startResponse; sleep(5);
// Poll services (Nginx and MySQL) for up to 30 seconds
$maxRetries = 30;
$retry = 0;
while ($retry < $maxRetries) {
$nginxReady = $this->isServiceRunning($name, 'nginx');
$mysqlReady = $this->isServiceRunning($name, 'mysql');
if ($nginxReady && $mysqlReady) {
return $startResponse; // ✅ All good
}
$retry++;
sleep(1);
}
throw new \Exception("Container started but services not ready.");
} }
/** /**
@ -176,29 +194,11 @@ class LxdService
return null; return null;
} }
/** public function isServiceRunning(string $container, string $service): bool
* Waits for a specific port to become available.
*
* @param string $ip IP address
* @param int $port Port number
* @param int $timeout Timeout in seconds
* @return bool True if the port is available, false otherwise
*/
public function waitForPort(string $ip, int $port = 80, int $timeout = 10): bool
{ {
$startTime = time(); $lxcPath = $_ENV['LXC_PATH'] ?: 'lxc';
$cmd = "$lxcPath exec {$container} -- systemctl is-active {$service} 2>&1";
while ((time() - $startTime) < $timeout) { $output = shell_exec($cmd);
$connection = @fsockopen($ip, $port, $errno, $errstr, 2); return trim($output) === 'active';
if ($connection) {
fclose($connection);
return true; // Port is open
}
sleep(1); // Wait 1 second before retrying
}
return false; // Timed out
} }
} }

4
frontend/components/Captcha.vue
View File

@ -48,6 +48,10 @@ const emit = defineEmits(['update:captcha']);
watch(captchaInput, (newVal) => { watch(captchaInput, (newVal) => {
emit('update:captcha', newVal) emit('update:captcha', newVal)
}); });
defineExpose({
refreshCaptcha
});
</script> </script>
<style scoped> <style scoped>

71
frontend/pages/index.vue
View File

@ -3,11 +3,29 @@
<Spinner :loading="loading" /> <Spinner :loading="loading" />
<div v-html="output" /> <div v-html="output" />
<!-- 👇 Only show form if access is allowed --> <!-- 👇 Only show form if access is allowed -->
<div v-if="!loading">
<div v-if="allowAccess" class="login-container"> <div v-if="allowAccess" class="login-container">
<form @submit.prevent="submitForm" class="login-form"> <form @submit.prevent="submitForm" class="login-form">
<h2 class="title">Login</h2> <h2 class="title">Login</h2>
<div class="input-group">
<input
type="text"
placeholder="Username"
v-model="username"
required
/>
</div>
<div class="input-group">
<input
type="password"
placeholder="Password"
v-model="password"
required
/>
</div>
<!-- Include Captcha --> <!-- Include Captcha -->
<Captcha v-model:captcha="captchaValue" /> <Captcha ref="captchaRef" v-model:captcha="captchaValue" />
<button type="submit" :disabled="loading || !captchaValue" class="btn"> <button type="submit" :disabled="loading || !captchaValue" class="btn">
<span v-if="!loading">Login</span> <span v-if="!loading">Login</span>
<span v-else>Loading...</span> <span v-else>Loading...</span>
@ -22,6 +40,7 @@
<p>You must access this page through the proper login flow.</p> <p>You must access this page through the proper login flow.</p>
</div> </div>
</div> </div>
</div>
</template> </template>
<script setup> <script setup>
@ -33,7 +52,10 @@ import Captcha from '@/components/Captcha.vue';
const output = ref(''); const output = ref('');
const router = useRouter(); const router = useRouter();
const route = useRoute(); const route = useRoute();
const loading = ref(false); const loading = ref(true);
const username = ref('');
const password = ref('');
const captchaRef = ref(null);
const captchaValue = ref(''); const captchaValue = ref('');
const captchaError = ref(''); const captchaError = ref('');
const redirectTo = ref('/'); const redirectTo = ref('/');
@ -49,6 +71,8 @@ onMounted(() => {
if (authParam === 'ok') { if (authParam === 'ok') {
allowAccess.value = true; allowAccess.value = true;
} }
loading.value = false;
}); });
const submitForm = async () => { const submitForm = async () => {
@ -63,6 +87,8 @@ const submitForm = async () => {
'Content-Type': 'application/json', 'Content-Type': 'application/json',
}, },
body: { body: {
username: username.value,
password: password.value,
source: 'login', source: 'login',
panswer: captchaValue.value, panswer: captchaValue.value,
redirect: redirectTo.value, redirect: redirectTo.value,
@ -71,23 +97,24 @@ const submitForm = async () => {
throwHttpErrors: false, // important: do NOT throw on 401/4xx throwHttpErrors: false, // important: do NOT throw on 401/4xx
}); });
if (res.status === 'success') {
captchaError.value = ''; captchaError.value = '';
if (redirectTo.value.startsWith('http://') || redirectTo.value.startsWith('https://')) { const encodedRedirect = new URL(redirectTo.value, window.location.origin);
window.location.href = redirectTo.value; encodedRedirect.searchParams.set('username', username.value);
} else { encodedRedirect.searchParams.set('password', password.value);
router.push(redirectTo.value); window.location.href = encodedRedirect.toString();
}
} else if (res.status === 'error' && res.message === 'Invalid CAPTCHA') {
captchaError.value = '❌ Invalid CAPTCHA. Please try again.';
} else {
captchaError.value = res.message || 'Login failed. Please try again.';
}
} catch (error) { } catch (error) {
// This should rarely happen now because throwHttpErrors is false if (error.statusCode === 400) {
captchaError.value = error.message || 'Network error.'; captchaError.value = error?.data?.message || 'Invalid CAPTCHA';
} finally {
loading.value = false; loading.value = false;
} else {
captchaError.value = error?.data?.message || 'Internal server error!';
// window.location.reload();
loading.value = false;
}
} finally {
captchaRef.value?.refreshCaptcha();
captchaValue.value = '';
} }
}; };
</script> </script>
@ -154,4 +181,16 @@ const submitForm = async () => {
margin-bottom: 1rem; margin-bottom: 1rem;
text-align: center; text-align: center;
} }
.input-group input {
padding: 0.8rem;
border: 1px solid #ccc;
border-radius: 6px;
font-size: 1rem;
}
.input-group input:focus {
outline: none;
border-color: #3b82f6;
box-shadow: 0 0 0 2px rgba(59, 130, 246, 0.3);
}
</style> </style>