mirror of
https://github.com/khoaliber/dockhand.git
synced 2026-03-03 21:19:06 +00:00
202 lines
6.8 KiB
TypeScript
202 lines
6.8 KiB
TypeScript
import { json } from '@sveltejs/kit';
|
|
import type { RequestHandler } from './$types';
|
|
|
|
interface TestConnectionRequest {
|
|
connectionType: 'socket' | 'direct' | 'hawser-standard' | 'hawser-edge';
|
|
socketPath?: string;
|
|
host?: string;
|
|
port?: number;
|
|
protocol?: string;
|
|
tlsCa?: string;
|
|
tlsCert?: string;
|
|
tlsKey?: string;
|
|
tlsSkipVerify?: boolean;
|
|
hawserToken?: string;
|
|
}
|
|
|
|
/**
|
|
* Test Docker connection with provided configuration (without saving to database)
|
|
*/
|
|
export const POST: RequestHandler = async ({ request }) => {
|
|
try {
|
|
const config: TestConnectionRequest = await request.json();
|
|
|
|
// Build fetch options based on connection type
|
|
let response: Response;
|
|
|
|
if (config.connectionType === 'socket') {
|
|
const socketPath = config.socketPath || '/var/run/docker.sock';
|
|
response = await fetch('http://localhost/info', {
|
|
// @ts-ignore - Bun supports unix socket
|
|
unix: socketPath,
|
|
signal: AbortSignal.timeout(10000)
|
|
});
|
|
} else if (config.connectionType === 'hawser-edge') {
|
|
// Edge mode - cannot test directly, agent connects to us
|
|
return json({
|
|
success: true,
|
|
info: {
|
|
message: 'Edge mode environments are tested when the agent connects'
|
|
},
|
|
isEdgeMode: true
|
|
});
|
|
} else {
|
|
// Direct or Hawser Standard - HTTP/HTTPS connection
|
|
const protocol = config.protocol || 'http';
|
|
const host = config.host;
|
|
const port = config.port || 2375;
|
|
|
|
if (!host) {
|
|
return json({ success: false, error: 'Host is required' }, { status: 400 });
|
|
}
|
|
|
|
const url = `${protocol}://${host}:${port}/info`;
|
|
const headers: Record<string, string> = {
|
|
'Content-Type': 'application/json'
|
|
};
|
|
|
|
// Add Hawser token if present
|
|
if (config.connectionType === 'hawser-standard' && config.hawserToken) {
|
|
headers['X-Hawser-Token'] = config.hawserToken;
|
|
}
|
|
|
|
// For HTTPS with custom CA or skip verification, use subprocess to avoid Vite dev server TLS issues
|
|
if (protocol === 'https' && (config.tlsCa || config.tlsSkipVerify)) {
|
|
const fs = await import('node:fs');
|
|
let tempCaPath = '';
|
|
|
|
// Clean the certificate - remove leading/trailing whitespace from each line
|
|
let cleanedCa = '';
|
|
if (config.tlsCa && !config.tlsSkipVerify) {
|
|
cleanedCa = config.tlsCa
|
|
.split('\n')
|
|
.map((line) => line.trim())
|
|
.filter((line) => line.length > 0)
|
|
.join('\n');
|
|
|
|
tempCaPath = `/tmp/dockhand-ca-${Date.now()}.pem`;
|
|
fs.writeFileSync(tempCaPath, cleanedCa);
|
|
}
|
|
|
|
// Build Bun script that runs outside Vite's process (Vite interferes with TLS)
|
|
const tlsConfig = config.tlsSkipVerify
|
|
? `tls: { rejectUnauthorized: false }`
|
|
: `tls: { ca: await Bun.file('${tempCaPath}').text() }`;
|
|
|
|
const scriptContent = `
|
|
const response = await fetch('https://${host}:${port}/info', {
|
|
headers: ${JSON.stringify(headers)},
|
|
${tlsConfig}
|
|
});
|
|
const body = await response.text();
|
|
console.log(JSON.stringify({ status: response.status, body }));
|
|
`;
|
|
const scriptPath = `/tmp/dockhand-test-${Date.now()}.ts`;
|
|
fs.writeFileSync(scriptPath, scriptContent);
|
|
|
|
const proc = Bun.spawn(['bun', scriptPath], { stdout: 'pipe', stderr: 'pipe' });
|
|
const output = await new Response(proc.stdout).text();
|
|
const stderr = await new Response(proc.stderr).text();
|
|
|
|
// Cleanup temp files
|
|
if (tempCaPath) {
|
|
try { fs.unlinkSync(tempCaPath); } catch {}
|
|
}
|
|
try { fs.unlinkSync(scriptPath); } catch {}
|
|
|
|
if (!output.trim()) {
|
|
throw new Error(stderr || 'Empty response from TLS test subprocess');
|
|
}
|
|
const result = JSON.parse(output.trim());
|
|
|
|
if (result.error) {
|
|
throw new Error(result.error);
|
|
}
|
|
|
|
response = new Response(result.body, {
|
|
status: result.status,
|
|
headers: { 'Content-Type': 'application/json' }
|
|
});
|
|
} else {
|
|
response = await fetch(url, {
|
|
headers,
|
|
signal: AbortSignal.timeout(10000)
|
|
});
|
|
}
|
|
}
|
|
|
|
if (!response.ok) {
|
|
const error = await response.text();
|
|
throw new Error(`Docker API error: ${response.status} - ${error}`);
|
|
}
|
|
|
|
const info = await response.json();
|
|
|
|
// For Hawser Standard, also try to fetch Hawser info
|
|
let hawserInfo = null;
|
|
if (config.connectionType === 'hawser-standard' && config.host) {
|
|
try {
|
|
const protocol = config.protocol || 'http';
|
|
const headers: Record<string, string> = {};
|
|
if (config.hawserToken) {
|
|
headers['X-Hawser-Token'] = config.hawserToken;
|
|
}
|
|
const hawserResp = await fetch(
|
|
`${protocol}://${config.host}:${config.port || 2375}/_hawser/info`,
|
|
{
|
|
headers,
|
|
signal: AbortSignal.timeout(5000)
|
|
}
|
|
);
|
|
if (hawserResp.ok) {
|
|
hawserInfo = await hawserResp.json();
|
|
}
|
|
} catch {
|
|
// Hawser info fetch failed, continue without it
|
|
}
|
|
}
|
|
|
|
return json({
|
|
success: true,
|
|
info: {
|
|
serverVersion: info.ServerVersion,
|
|
containers: info.Containers,
|
|
images: info.Images,
|
|
name: info.Name
|
|
},
|
|
hawser: hawserInfo
|
|
});
|
|
} catch (error) {
|
|
const rawMessage = error instanceof Error ? error.message : 'Connection failed';
|
|
console.error('Failed to test connection:', rawMessage);
|
|
|
|
// Provide more helpful error messages
|
|
let message = rawMessage;
|
|
if (rawMessage.includes('401') || rawMessage.toLowerCase().includes('unauthorized')) {
|
|
message = 'Invalid token - check that the Hawser token matches';
|
|
} else if (rawMessage.includes('403') || rawMessage.toLowerCase().includes('forbidden')) {
|
|
message = 'Access forbidden - check token permissions';
|
|
} else if (rawMessage.includes('ECONNREFUSED') || rawMessage.includes('Connection refused')) {
|
|
message = 'Connection refused - is Docker/Hawser running?';
|
|
} else if (rawMessage.includes('ETIMEDOUT') || rawMessage.includes('timeout') || rawMessage.includes('Timeout')) {
|
|
message = 'Connection timed out - check host and port';
|
|
} else if (rawMessage.includes('ENOTFOUND') || rawMessage.includes('getaddrinfo')) {
|
|
message = 'Host not found - check the hostname';
|
|
} else if (rawMessage.includes('EHOSTUNREACH')) {
|
|
message = 'Host unreachable - check network connectivity';
|
|
} else if (rawMessage.includes('ENOENT') || rawMessage.includes('no such file')) {
|
|
message = 'Socket not found - check the socket path';
|
|
} else if (rawMessage.includes('EACCES') || rawMessage.includes('permission denied')) {
|
|
message = 'Permission denied - check socket permissions';
|
|
} else if (rawMessage.includes('typo in the url') || rawMessage.includes('Was there a typo')) {
|
|
message = 'Connection failed - check host and port';
|
|
} else if (rawMessage.includes('self signed certificate') || rawMessage.includes('UNABLE_TO_VERIFY_LEAF_SIGNATURE')) {
|
|
message = 'TLS certificate error - provide CA certificate for self-signed certs';
|
|
} else if (rawMessage.includes('certificate') || rawMessage.includes('SSL') || rawMessage.includes('TLS')) {
|
|
message = 'TLS/SSL error - check certificate configuration';
|
|
}
|
|
|
|
return json({ success: false, error: message }, { status: 200 });
|
|
}
|
|
};
|