Initial commit

2026-03-09 13:24:51 +00:00 · 2025-12-28 21:16:03 +01:00
commit 62e3c6439e
552 changed files with 104858 additions and 0 deletions
--- a/routes/api/images/[id]/+server.ts
+++ b/routes/api/images/[id]/+server.ts
@@ -0,0 +1,61 @@
+import { json } from '@sveltejs/kit';
+import { removeImage, inspectImage } from '$lib/server/docker';
+import { authorize } from '$lib/server/authorize';
+import { auditImage } from '$lib/server/audit';
+import type { RequestHandler } from './$types';
+
+export const DELETE: RequestHandler = async (event) => {
+	const { params, url, cookies } = event;
+	const auth = await authorize(cookies);
+
+	const force = url.searchParams.get('force') === 'true';
+	const envId = url.searchParams.get('env');
+	const envIdNum = envId ? parseInt(envId) : undefined;
+
+	// Permission check with environment context
+	if (auth.authEnabled && !await auth.can('images', 'remove', envIdNum)) {
+		return json({ error: 'Permission denied' }, { status: 403 });
+	}
+
+	// Environment access check (enterprise only)
+	if (envIdNum && auth.isEnterprise && !await auth.canAccessEnvironment(envIdNum)) {
+		return json({ error: 'Access denied to this environment' }, { status: 403 });
+	}
+
+	try {
+		console.log('Delete image request - params.id:', params.id, 'force:', force, 'envId:', envIdNum);
+
+		// Get image name for audit before deleting
+		let imageName = params.id;
+		try {
+			const imageInfo = await inspectImage(params.id, envIdNum);
+			imageName = imageInfo.RepoTags?.[0] || params.id;
+		} catch (e) {
+			console.log('Could not inspect image:', e);
+			// Use ID if can't get name
+		}
+
+		await removeImage(params.id, force, envIdNum);
+
+		// Audit log
+		await auditImage(event, 'delete', params.id, imageName, envIdNum, { force });
+
+		return json({ success: true });
+	} catch (error: any) {
+		console.error('Error removing image:', error.message, 'statusCode:', error.statusCode, 'json:', error.json);
+
+		// Handle specific Docker errors
+		if (error.statusCode === 409) {
+			const message = error.json?.message || error.message || '';
+			if (message.includes('being used by running container')) {
+				return json({ error: 'Cannot delete image: it is being used by a running container. Stop the container first.' }, { status: 409 });
+			}
+			if (message.includes('has dependent child images')) {
+				return json({ error: 'Cannot delete image: it has dependent child images. Delete those first or use force delete.' }, { status: 409 });
+			}
+			return json({ error: message || 'Image is in use and cannot be deleted' }, { status: 409 });
+		}
+
+		return json({ error: 'Failed to remove image' }, { status: 500 });
+	}
+};
--- a/routes/api/images/[id]/export/+server.ts
+++ b/routes/api/images/[id]/export/+server.ts
@@ -0,0 +1,79 @@
+import { json } from '@sveltejs/kit';
+import { exportImage, inspectImage } from '$lib/server/docker';
+import { authorize } from '$lib/server/authorize';
+import { createGzip } from 'zlib';
+import { Readable } from 'stream';
+import type { RequestHandler } from './$types';
+
+export const GET: RequestHandler = async ({ params, url, cookies }) => {
+	const auth = await authorize(cookies);
+
+	const envId = url.searchParams.get('env');
+	const envIdNum = envId ? parseInt(envId) : undefined;
+	const compress = url.searchParams.get('compress') === 'true';
+
+	// Permission check with environment context
+	if (auth.authEnabled && !await auth.can('images', 'inspect', envIdNum)) {
+		return json({ error: 'Permission denied' }, { status: 403 });
+	}
+
+	try {
+
+		// Get image info for filename
+		let imageName = params.id;
+		try {
+			const imageInfo = await inspectImage(params.id, envIdNum);
+			if (imageInfo.RepoTags?.[0]) {
+				// Use first tag, replace : and / with _ for filename safety
+				imageName = imageInfo.RepoTags[0].replace(/[:/]/g, '_');
+			} else {
+				// Use short ID
+				imageName = params.id.replace('sha256:', '').slice(0, 12);
+			}
+		} catch {
+			// Use ID as fallback
+			imageName = params.id.replace('sha256:', '').slice(0, 12);
+		}
+
+		// Get the tar stream from Docker
+		const dockerResponse = await exportImage(params.id, envIdNum);
+
+		if (!dockerResponse.body) {
+			return json({ error: 'No response body from Docker' }, { status: 500 });
+		}
+
+		const extension = compress ? 'tar.gz' : 'tar';
+		const filename = `${imageName}.${extension}`;
+		const contentType = compress ? 'application/gzip' : 'application/x-tar';
+
+		if (compress) {
+			// Create a gzip stream and pipe the tar through it
+			const gzip = createGzip();
+			const nodeStream = Readable.fromWeb(dockerResponse.body as any);
+			const compressedStream = nodeStream.pipe(gzip);
+
+			// Convert back to web stream
+			const webStream = Readable.toWeb(compressedStream) as ReadableStream;
+
+			return new Response(webStream, {
+				headers: {
+					'Content-Type': contentType,
+					'Content-Disposition': `attachment; filename="${filename}"`,
+					'Cache-Control': 'no-cache'
+				}
+			});
+		} else {
+			// Return the tar stream directly
+			return new Response(dockerResponse.body, {
+				headers: {
+					'Content-Type': contentType,
+					'Content-Disposition': `attachment; filename="${filename}"`,
+					'Cache-Control': 'no-cache'
+				}
+			});
+		}
+	} catch (error: any) {
+		console.error('Error exporting image:', error);
+		return json({ error: error.message || 'Failed to export image' }, { status: 500 });
+	}
+};
--- a/routes/api/images/[id]/history/+server.ts
+++ b/routes/api/images/[id]/history/+server.ts
@@ -0,0 +1,24 @@
+import { json } from '@sveltejs/kit';
+import type { RequestHandler } from './$types';
+import { getImageHistory } from '$lib/server/docker';
+import { authorize } from '$lib/server/authorize';
+
+export const GET: RequestHandler = async ({ params, url, cookies }) => {
+	const auth = await authorize(cookies);
+
+	const envId = url.searchParams.get('env');
+	const envIdNum = envId ? parseInt(envId) : undefined;
+
+	// Permission check with environment context
+	if (auth.authEnabled && !await auth.can('images', 'inspect', envIdNum)) {
+		return json({ error: 'Permission denied' }, { status: 403 });
+	}
+
+	try {
+		const history = await getImageHistory(params.id, envIdNum);
+		return json(history);
+	} catch (error) {
+		console.error('Failed to get image history:', error);
+		return json({ error: 'Failed to get image history' }, { status: 500 });
+	}
+};
--- a/routes/api/images/[id]/tag/+server.ts
+++ b/routes/api/images/[id]/tag/+server.ts
@@ -0,0 +1,28 @@
+import { json } from '@sveltejs/kit';
+import { tagImage } from '$lib/server/docker';
+import { authorize } from '$lib/server/authorize';
+import type { RequestHandler } from './$types';
+
+export const POST: RequestHandler = async ({ params, request, url, cookies }) => {
+	const auth = await authorize(cookies);
+
+	const envId = url.searchParams.get('env');
+	const envIdNum = envId ? parseInt(envId) : undefined;
+
+	// Permission check with environment context (Tagging is similar to building/modifying)
+	if (auth.authEnabled && !await auth.can('images', 'build', envIdNum)) {
+		return json({ error: 'Permission denied' }, { status: 403 });
+	}
+
+	try {
+		const { repo, tag } = await request.json();
+		if (!repo || typeof repo !== 'string') {
+			return json({ error: 'Repository name is required' }, { status: 400 });
+		}
+		await tagImage(params.id, repo, tag || 'latest', envIdNum);
+		return json({ success: true });
+	} catch (error) {
+		console.error('Error tagging image:', error);
+		return json({ error: 'Failed to tag image' }, { status: 500 });
+	}
+};