replace base64 payload bash -c with a stdin via here-doc to prevent false pharsing

2026-04-11 13:47:05 +02:00 · 2025-11-14 11:44:23 +01:00
parent 4b41078542
commit 2dd62b63e9
3 changed files with 54 additions and 11 deletions
--- a/pkg/web/handlers.go
+++ b/pkg/web/handlers.go
@@ -271,25 +271,32 @@ func UpsertServerHandler(c *gin.Context) {
 		return
 	}

+	// Check if server exists and was previously disabled
+	oldServer, wasEnabled := config.GetServerByID(req.ID)
+	wasDisabled := !wasEnabled || !oldServer.Enabled
+
 	server, err := config.UpsertServer(req)
 	if err != nil {
 		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
 		return
 	}

+	// Check if server was just enabled (transition from disabled to enabled)
+	justEnabled := wasDisabled && server.Enabled
+
 	if err := fail2ban.GetManager().ReloadFromSettings(config.GetSettings()); err != nil {
 		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
 		return
 	}

-	// Update action file for this server if it's a remote server (SSH or Agent) and enabled
-	if server.Enabled && (server.Type == "ssh" || server.Type == "agent") {
-		// ReloadFromSettings already created the connector, so we can update its action file
-		// We need to trigger an action file update for this specific server
-		// Since UpdateActionFiles updates all, we can call it, or we can add a single-server method
-		// For now, we'll update all remote servers (it's idempotent and ensures consistency)
-		if err := fail2ban.GetManager().UpdateActionFiles(c.Request.Context()); err != nil {
-			config.DebugLog("Warning: failed to update some remote action files: %v", err)
+	// Only update action files if:
+	// 1. Server was just enabled (transition from disabled to enabled)
+	// 2. Server is a remote server (SSH or Agent)
+	// Note: ReloadFromSettings already calls ensureAction when creating connectors,
+	// but we need to update if the server was just enabled to ensure it has the latest callback URL
+	if justEnabled && (server.Type == "ssh" || server.Type == "agent") {
+		if err := fail2ban.GetManager().UpdateActionFileForServer(c.Request.Context(), server.ID); err != nil {
+			config.DebugLog("Warning: failed to update action file for server %s: %v", server.Name, err)
 			// Don't fail the request, just log the warning
 		}
 	}