Audit of the backend attack surface and fixes for the web-reachable
CRITICAL/HIGH issues. Adds back/shared/security.ts with centralized
hardening helpers (shellEscape, assertSafeDependenceName,
SUBSCRIPTION_PATTERNS, safeCompare, isSafeSshConfigValue).
- Subscription fields (url/branch/whitelist/blacklist/extensions/proxy)
are now shell-escaped before reaching spawn() and validated with strict
Joi patterns at the API, closing OS command injection and the
downstream shell eval/git-arg-injection paths.
- Dependency names are validated before interpolation into
pnpm/pip/apk/apt commands (incl. the embedded Python source).
- SSH config generation rejects newline/metachar injection in host/proxy
(prevents injected ProxyCommand execution).
- ConfigService.getFile resolves the real path before containment check,
fixing data/scripts/../db traversal that leaked the SQLite DB.
- /configs/save containment check fixed (sibling-dir write bypass).
- Script/env uploads use path.basename, preventing arbitrary file write
(crontab.list/env.sh overwrite -> RCE) via multer originalname.
- JWT secret is generated and persisted per-install instead of the public
default 'whyour-secret'; production refuses to boot without one.
- Token comparison is now constant-time (safeCompare).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
* Initial plan
* Stop running tasks before starting new scheduled instance
Co-authored-by: whyour <22700758+whyour@users.noreply.github.com>
* Add multi-instance support and fix stop to kill all running instances
- Add allow_multiple_instances field to Crontab model (default: 0 for single instance)
- Add validation for new field in commonCronSchema
- Add getAllPids and killAllTasks utility functions
- Update stop method to kill ALL running instances of a task
- Update runCron to respect allow_multiple_instances config
- Backward compatible: defaults to single instance mode
Co-authored-by: whyour <22700758+whyour@users.noreply.github.com>
* Add UI support for allow_multiple_instances configuration
- Add allow_multiple_instances field to ICrontab interface
- Add instance mode selector in task creation/edit modal
- Add translations for instance mode in Chinese and English
- Default to single instance mode for backward compatibility
Co-authored-by: whyour <22700758+whyour@users.noreply.github.com>
* Add allow_multiple_instances column migration and optimize db.ts
- Add allow_multiple_instances column to Crontabs table migration
- Refactor migration code to use data-driven approach
- Replace 11 individual try-catch blocks with single loop
- Improve code maintainability and readability
Co-authored-by: whyour <22700758+whyour@users.noreply.github.com>
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: whyour <22700758+whyour@users.noreply.github.com>
