From c8d0bc4a404298e3a6d093c0c8ad15d8e4007140 Mon Sep 17 00:00:00 2001 From: mirivlad Date: Fri, 17 Apr 2026 09:55:45 +0800 Subject: [PATCH] security: Require explicit token for agent downloads - Remove server_id auto-resolution from validateAndGetToken() - Links in edit.twig now use token instead of server_id - Add agent_token retrieval in ServerController::edit() --- src/Controllers/AgentController.php | 11 ----------- src/Controllers/ServerController.php | 8 +++++++- templates/servers/edit.twig | 10 ++++++++-- 3 files changed, 15 insertions(+), 14 deletions(-) diff --git a/src/Controllers/AgentController.php b/src/Controllers/AgentController.php index 71c8590..43ffb3e 100755 --- a/src/Controllers/AgentController.php +++ b/src/Controllers/AgentController.php @@ -15,17 +15,6 @@ class AgentController extends Model { $queryParams = $request->getQueryParams(); $token = $queryParams['token'] ?? null; - $server_id = $queryParams['server_id'] ?? null; - - if (!empty($server_id) && empty($token)) { - $stmt = $this->pdo->prepare("SELECT encrypted_token FROM agent_tokens WHERE server_id = :server_id LIMIT 1"); - $stmt->execute([':server_id' => $server_id]); - $result = $stmt->fetch(); - - if ($result && !empty($result['encrypted_token'])) { - $token = EncryptionHelper::decrypt($result['encrypted_token']); - } - } if (empty($token)) { $response->getBody()->write('Token is required'); diff --git a/src/Controllers/ServerController.php b/src/Controllers/ServerController.php index 8c025e1..dfcb36f 100755 --- a/src/Controllers/ServerController.php +++ b/src/Controllers/ServerController.php @@ -127,6 +127,11 @@ class ServerController extends Model $stmt->execute(); $groups = $stmt->fetchAll(); + $stmt = $this->pdo->prepare("SELECT encrypted_token FROM agent_tokens WHERE server_id = :server_id"); + $stmt->execute([':server_id' => $id]); + $tokenRow = $stmt->fetch(); + $decryptedToken = $tokenRow ? \App\Utils\EncryptionHelper::decrypt($tokenRow['encrypted_token']) : null; + if (!$server) { return $response->withHeader('Location', '/servers')->withStatus(302); } @@ -134,7 +139,8 @@ class ServerController extends Model $templateData = [ 'title' => 'Редактировать сервер', 'server' => $server, - 'groups' => $groups + 'groups' => $groups, + 'agent_token' => $decryptedToken ]; return $this->twig->render($response, 'servers/edit.twig', $templateData); diff --git a/templates/servers/edit.twig b/templates/servers/edit.twig index f02274a..ac9f5f8 100755 --- a/templates/servers/edit.twig +++ b/templates/servers/edit.twig @@ -53,14 +53,15 @@
Управление агентом мониторинга:
+ {% if agent_token %}
- + Агент для Linux
- + Агент для Windows
@@ -71,6 +72,11 @@

Если вы потеряли доступ к агенту или хотите создать новый токен безопасности, используйте кнопку "Сбросить токен".

+ {% else %} +
+ Токен агента не создан. Создать токен +
+ {% endif %}