chore(release): 1.4.1

2026-03-17 13:27:36 +00:00
21 changed files with 96 additions and 91 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,11 @@
+## [1.4.1](https://gitea.malio.fr/MALIO-DEV/Supervisor/compare/v1.4.0...v1.4.1) (2026-03-17)
+
+
+### Bug Fixes
+
+* readme ([13457ce](https://gitea.malio.fr/MALIO-DEV/Supervisor/commit/13457ceb5a74686cd7a5e4180a87f130d1e2f73d))
+* resolve production runtime issues ([8886e8b](https://gitea.malio.fr/MALIO-DEV/Supervisor/commit/8886e8b7dfe4fb6c9f90f3be7f2a64e23dd7cb3c))
+
 # [1.4.0](https://gitea.malio.fr/MALIO-DEV/Supervisor/compare/v1.3.1...v1.4.0) (2026-03-17)


--- a/README.md
+++ b/README.md
@@ -95,19 +95,6 @@ Consequence visible :
 - si `API_SECRET_KEY` est vide, les appels API sont refusés avec `401 Unauthorized`
 - l'application web pose aussi un cookie HTTP-only via `server/middleware/auth-cookie.ts` pour réutiliser ce secret coté navigateur

-## Securite
-
-Le comportement actuel du projet repose sur une hypothèse d'exposition très forte.
-
- `server/middleware/auth-cookie.ts` pose automatiquement le cookie `api_auth_token` à tout visiteur qui charge l'interface web
- ce cookie permet ensuite d'accéder aux routes `/api/*` protégées par `API_SECRET_KEY`
- il n'existe pas de login utilisateur ni de contrôle d'identité distinct dans le dépôt
-
-Conséquence :
-
- `Supervisor` doit être déployé uniquement sur un réseau de confiance, derrière un VPN, une restriction d'IP, un proxy d'authentification ou un autre contrôle d'accès externe
- si l'application est exposée publiquement sans protection supplémentaire, ce mécanisme ne constitue pas une authentification suffisante
-
 ### SSH pour les backups

 Les fonctionnalités de backup utilisent `ssh` avec les options `BatchMode=yes` et `ConnectTimeout=5` dans `server/utils/ssh.ts`. Cela implique un accès sans saisie interactive de mot de passe.
@@ -139,4 +126,4 @@ Usage :
 - `npm run generate` : généré une sortie statique si ce mode est compatible avec votre usage
 - `npm run preview` : prévisualisé le build Nuxt
 - `npm run lint` : execute ESLint
- `npm run lint:fix` : applique les corrections ESLint automatiques : collecte périodique CPU, mémoire et réseau
+- `npm run lint:fix` : applique les corrections ESLint automatiques : collecte périodique CPU, mémoire et réseau
--- a/assets/css/main.css
+++ b/assets/css/main.css
@@ -15,6 +15,7 @@
  --color-m-success: rgb(var(--m-success));
  --color-m-accent: rgb(var(--m-accent));
  --color-m-warning: rgb(var(--m-warning));
+  --color-m-succes: rgb(var(--m-success));
  --font-display: "Outfit", system-ui, sans-serif;
  --font-mono: "JetBrains Mono", "Fira Code", monospace;
 }
--- a/components/BackupRun.vue
+++ b/components/BackupRun.vue
@@ -77,6 +77,7 @@
 </template>

 <script setup lang="ts">
+import { computed, onMounted, ref } from "vue"
 import { Icon as IconifyIcon } from "@iconify/vue"
 import { apiFetch } from "~/composables/useApiAuth"

@@ -115,6 +116,7 @@ const active = ref<string | null>(null)
 const loading = ref(true)
 const runningKey = ref<string | null>(null)
 const scripts = ref<BackupScript[]>([])
+const output = ref<string>("")
 const message = ref<string>("")
 const isError = ref(false)

@@ -123,6 +125,7 @@ const statusClass = computed(() => (isError.value ? "status-error" : "status-suc
 const loadScripts = async () => {
  loading.value = true
  message.value = ""
+  output.value = ""
  isError.value = false
  emit("result", {
    key: null,
@@ -153,6 +156,7 @@ const loadScripts = async () => {
 const runScript = async (key: string) => {
  active.value = key
  runningKey.value = key
+  output.value = ""
  message.value = ""
  isError.value = false

@@ -161,17 +165,30 @@ const runScript = async (key: string) => {
      method: "POST",
      body: { key }
    })
-    const resultOutput = data.output || "Aucune sortie retournee."
    message.value = `${data.label} execute avec succes`
+    output.value = data.output || "Aucune sortie retournee."
    emit("result", {
      key: data.key,
      label: data.label,
-      output: resultOutput,
+      output: output.value,
      isError: false,
      downloadFolders: data.downloadFolders || []
    })
  } catch (error: unknown) {
-    message.value = (error as any)?.data?.statusMessage || "Erreur execution script"
+    isError.value = true
+    const statusMessage =
+      typeof error === "object" &&
+      error !== null &&
+      "data" in error &&
+      typeof error.data === "object" &&
+      error.data !== null &&
+      "statusMessage" in error.data &&
+      typeof error.data.statusMessage === "string"
+        ? error.data.statusMessage
+        : null
+
+    message.value = statusMessage || "Erreur execution script"
+    output.value = ""
    emit("result", {
      key,
      label: scripts.value.find((item) => item.key === key)?.label || key,
--- a/components/SystemMetricsChart.vue
+++ b/components/SystemMetricsChart.vue
@@ -293,7 +293,7 @@ const visibleHistory = computed(() => {
  return history.value.filter((point) => point.sampledAt >= minTimestamp)
 })

-const scaleMax = 100
+const scaleMax = computed(() => 100)

 const formatValue = (value: number) => `${Math.round(value)}%`

--- a/composables/useApiAuth.ts
+++ b/composables/useApiAuth.ts
@@ -42,6 +42,7 @@ export function useApiAuthHeader() {

    // Tous les appels frontend vers /api/* reutilisent ce header commun.
    return {
+        Authorization: `Bearer ${token}`
    }
 }

--- a/layouts/default.vue
+++ b/layouts/default.vue
@@ -146,6 +146,7 @@
 </template>

 <script setup lang="ts">
+import {ref} from "vue"
 import {Icon as IconifyIcon} from "@iconify/vue"
 import logoSrc from '~/assets/LOGO_CARRE_BLANC.png'

--- a/nuxt.config.ts
+++ b/nuxt.config.ts
@@ -26,7 +26,7 @@ export default defineNuxtConfig({
    head: {
      link: [
        { rel: "preconnect", href: "https://fonts.googleapis.com" },
-        { rel: "preconnect", href: "https://fonts.gstatic.com", crossorigin: "" },
+        { rel: "preconnect", href: "https://fonts.gstatic.com ", crossorigin: "" },
        {
          rel: "stylesheet",
          href: "https://fonts.googleapis.com/css2?family=JetBrains+Mono:wght@400;500;600;700&family=Outfit:wght@300;400;500;600;700;800;900&display=swap"
@@ -36,8 +36,6 @@ export default defineNuxtConfig({
  },
  runtimeConfig: {
    apiSecretKey: process.env.API_SECRET_KEY,
-    discordBotToken: process.env.DISCORD_BOT_TOKEN,
-    discordChannelId: process.env.DISCORD_CHANNEL_ID,
    public: {
      appVersion: getRepoVersion(),
      apiKey: process.env.API_SECRET_KEY
@@ -46,4 +44,4 @@ export default defineNuxtConfig({
  vite: {
    plugins: [tailwindcss()]
  }
-})
+})
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,10 +1,10 @@
 {
-  "name": "supervisor",
+  "name": "disk-monitor",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
-      "name": "supervisor",
+      "name": "disk-monitor",
      "hasInstallScript": true,
      "dependencies": {
        "@iconify/vue": "^5.0.0",
@@ -15,13 +15,11 @@
        "@semantic-release/changelog": "^6.0.3",
        "@semantic-release/commit-analyzer": "^13.0.1",
        "@semantic-release/git": "^10.0.1",
+        "@semantic-release/github": "^12.0.6",
        "@semantic-release/release-notes-generator": "^14.1.0",
        "@tailwindcss/vite": "^4.2.1",
        "semantic-release": "^25.0.3",
        "tailwindcss": "^4.2.1"
-      },
-      "engines": {
-        "node": ">=20"
      }
    },
    "node_modules/@actions/core": {
--- a/package.json
+++ b/package.json
@@ -1,10 +1,7 @@
 {
-  "name": "supervisor",
+  "name": "disk-monitor",
  "type": "module",
  "private": true,
-  "engines": {
-    "node": ">=20"
-  },
  "scripts": {
    "build": "nuxt build",
    "dev": "nuxt dev",
@@ -23,6 +20,7 @@
    "@semantic-release/changelog": "^6.0.3",
    "@semantic-release/commit-analyzer": "^13.0.1",
    "@semantic-release/git": "^10.0.1",
+    "@semantic-release/github": "^12.0.6",
    "@semantic-release/release-notes-generator": "^14.1.0",
    "@tailwindcss/vite": "^4.2.1",
    "semantic-release": "^25.0.3",
--- a/pages/index.vue
+++ b/pages/index.vue
@@ -66,6 +66,7 @@
 </template>

 <script setup lang="ts">
+import {computed, onMounted, ref} from "vue"
 import { apiFetch } from "~/composables/useApiAuth"
 import type { SystemMetrics } from "~/types/system";

@@ -333,6 +334,14 @@ onBeforeUnmount(() => {
    grid-template-columns: 1fr;
  }

+  .backup-selector {
+    order: 2;
+  }
+
+  .backup-list-mobile {
+    order: 3;
+  }
+
  .speedtest-card-mobile {
    order: 4;
  }
--- a/public/robots.txt
+++ b/public/robots.txt
@@ -1,2 +1,2 @@
 User-Agent: *
-Disallow: /
+Disallow:
--- a/server/api/backups.get.ts
+++ b/server/api/backups.get.ts
@@ -3,10 +3,12 @@ import {
  shellQuote,
  resolveFolderRemoteDir,
  REMOTE_ROOT,
-  isSafeFolder,
 } from "../utils/ssh.ts"

-const MAX_FILES_PER_FOLDER = Math.max(1, Number(process.env.BACKUPS_MAX_FILES) || 50)
+import {process} from "std-env";
+
+const MAX_FILES_PER_FOLDER = Number(process.env.BACKUPS_MAX_FILES)
+const isSafeFolder = (value: string) => /^[a-zA-Z0-9._-]+$/.test(value)


 function isMissingPathError(error: unknown): boolean {
--- a/server/api/discord/messages.get.ts
+++ b/server/api/discord/messages.get.ts
@@ -1,7 +1,6 @@
-export default defineEventHandler(async (event) => {
-  const config = useRuntimeConfig(event)
-  const token = config.discordBotToken
-  const channel = config.discordChannelId
+export default defineEventHandler(async () => {
+  const token = process.env.DISCORD_BOT_TOKEN
+  const channel = process.env.DISCORD_CHANNEL_ID

  if (!token || !channel) {
    throw createError({
--- a/server/api/disk.get.ts
+++ b/server/api/disk.get.ts
@@ -1,16 +1,10 @@
-import { execFile } from "node:child_process"
+import { exec } from "child_process"

 type DiskSource = {
  key: "remote" | "local"
  label: string
 }

-type CommandSpec = {
-  command: string
-  args: string[]
-  cwd?: string
-}
-
 const diskSources: DiskSource[] = [
  {
    key: "remote",
@@ -22,28 +16,33 @@ const diskSources: DiskSource[] = [
  }
 ]

-function getCommand(source: DiskSource): CommandSpec {
+function getDefaultCommand(source: DiskSource) {
  const localScriptDir = process.env.DISK_LOCAL_SCRIPT_DIR || "/home/malio/Malio-ops/CheckStorage"
  const remoteHost = process.env.DISK_REMOTE_HOST || "malio-b"
  const remoteScriptDir = process.env.DISK_REMOTE_SCRIPT_DIR || "/home/malio-b/Malio-ops/CheckStorage"

  if (source.key === "local") {
-    return {
-      command: "bash",
-      args: ["check-storage.sh"],
-      cwd: localScriptDir
-    }
+    return `cd ${localScriptDir} && bash check-storage.sh`
  }

-  return {
-    command: "ssh",
-    args: [remoteHost, `cd ${remoteScriptDir} && ./check-storage.sh`]
-  }
+  return `ssh ${remoteHost} "cd ${remoteScriptDir} && ./check-storage.sh"`
 }

-function runCommand({ command, args, cwd }: CommandSpec): Promise<string> {
+function getEnvCommand(source: DiskSource) {
+  const envKey = `DISK_COMMAND_${source.key.toUpperCase()}`
+  const legacyEnvKey =
+    source.key === "remote" ? "DISK_REMOTE_COMMAND" : source.key === "local" ? "DISK_LOCAL_COMMAND" : ""
+
+  return (
+    process.env[envKey] ||
+    (legacyEnvKey ? process.env[legacyEnvKey] : undefined) ||
+    getDefaultCommand(source)
+  )
+}
+
+function runShellCommand(command: string): Promise<string> {
  return new Promise((resolve, reject) => {
-    execFile(command, args, { cwd }, (error, stdout, stderr) => {
+    exec(command, (error, stdout, stderr) => {
      if (error) {
        reject(stderr || error.message)
        return
@@ -57,7 +56,12 @@ export default defineEventHandler(async () => {
  const results = await Promise.all(
    diskSources.map(async (source) => {
      try {
-        const output = await runCommand(getCommand(source))
+        const envCommand = getEnvCommand(source)
+        if (!envCommand) {
+          throw new Error(`Commande disque manquante pour ${source.key}`)
+        }
+
+        const output = await runShellCommand(envCommand)
        return {
          key: source.key,
          label: source.label,
--- a/server/api/download-latest.get.ts
+++ b/server/api/download-latest.get.ts
@@ -3,10 +3,11 @@ import {
  shellQuote,
  resolveFolderRemoteDir,
  REMOTE_HOST,
-  isSafeFolder
 } from "../utils/ssh.ts"
 import { spawn } from "node:child_process"

+const isSafeFolder = (value: string) => /^[a-zA-Z0-9._-]+$/.test(value)
+
 async function getLatestRemoteFile(remoteDir: string): Promise<string | null> {
  const output = await runSsh(`cd ${shellQuote(remoteDir)} && ls -1A | sort -r | head -n 1`)
  const fileName = output.trim()
@@ -44,9 +45,6 @@ export default defineEventHandler(async (event) => {
    }

    const fileName = await getLatestRemoteFile(remoteDir)
-    if (!fileName || !isSafeFolder(fileName)) {
-        continue
-    }
    if (!fileName) {
      continue
    }
@@ -95,6 +93,6 @@ export default defineEventHandler(async (event) => {
      console.error(`Erreur archive SSH (${code}): ${stderr}`)
    }
  })
-  event.node.res.on("close", () => child.kill())
+
  return sendStream(event, child.stdout)
 })
--- a/server/api/download.get.ts
+++ b/server/api/download.get.ts
@@ -3,11 +3,13 @@ import {
  shellQuote,
  resolveFolderRemoteDir,
  REMOTE_HOST,
-  isSafeFolder,
-  isSafeFile
 } from "../utils/ssh.ts"
 import { spawn } from "node:child_process"

+const isSafeFolder = (value: string) => /^[a-zA-Z0-9._-]+$/.test(value)
+const isSafeFile = (value: string) => /^[a-zA-Z0-9._-]+$/.test(value)
+
+
 function buildContentDisposition(fileName: string) {
  const asciiName = fileName.replace(/[^\x20-\x7E]/g, "_").replace(/["\\]/g, "_")
  return `attachment; filename="${asciiName}"; filename*=UTF-8''${encodeURIComponent(fileName)}`
@@ -59,6 +61,6 @@ export default defineEventHandler(async (event) => {
      console.error(`Erreur téléchargement SSH (${code}): ${stderr}`)
    }
  })
-  event.node.res.on("close", () => child.kill())
+
  return sendStream(event, child.stdout)
 })
--- a/server/api/upload.post.ts
+++ b/server/api/upload.post.ts
@@ -1,10 +1,9 @@
 export default defineEventHandler(async (event) => {
    const req = event.node.req
-    const MAX_UPLOAD_BYTES = 100 * 1024 * 1024 // 100MB
+
    let received = 0

    for await (const chunk of req) {
-        if (received > MAX_UPLOAD_BYTES) throw createError({ statusCode: 413, statusMessage: "Fichier trop volumineux" })
        received += chunk.length
    }

--- a/server/api/version-status.get.ts
+++ b/server/api/version-status.get.ts
@@ -1,18 +1,12 @@
 import targets from "../config/version-status-targets.json"

-const REQUEST_TIMEOUT_MS = 5000
-
 export default defineEventHandler(async () => {
  const results = await Promise.all(
    targets.map(async (target) => {
-      const controller = new AbortController()
-      const timeoutId = setTimeout(() => controller.abort(), REQUEST_TIMEOUT_MS)
-
      try {
        const response = await fetch(target.url, {
          method: "GET",
-          headers: { Accept: "application/json" },
-          signal: controller.signal
+          headers: { Accept: "application/json" }
        })

        return {
@@ -31,8 +25,6 @@ export default defineEventHandler(async () => {
          checkedAt: new Date().toISOString(),
          error: error instanceof Error ? error.message : String(error)
        }
-      } finally {
-        clearTimeout(timeoutId)
      }
    })
  )
--- a/server/middleware/auth-cookie.ts
+++ b/server/middleware/auth-cookie.ts
@@ -1,9 +1,3 @@
-// SECURITE:
-// Ce middleware pose automatiquement le cookie d'authentification pour tout
-// visiteur de l'interface web. Ce comportement repose sur l'hypothèse que
-// Supervisor n'est exposé qu'à un réseau de confiance ou derrière un contrôle
-// d'accès externe. Si l'application devient publiquement accessible, ce
-// mécanisme ne constitue pas une authentification utilisateur.
 export default defineEventHandler((event) => {
  const path = event.path || event.node.req.url || ""

--- a/server/utils/ssh.ts
+++ b/server/utils/ssh.ts
@@ -1,23 +1,20 @@
-import {execFile} from "node:child_process"
+import { execFile } from "node:child_process"
+import {process} from "std-env";
 import folderMap from "#server/config/backup-folders.json";

 export const REMOTE_HOST = process.env.BACKUPS_REMOTE_HOST
 export const REMOTE_ROOT = process.env.BACKUPS_REMOTE_ROOT || "/home/malio-b/backups"
 export const FOLDER_MAP = folderMap as Record<string, string>
-export const isSafeFolder = (value: string) => /^[a-zA-Z0-9._-]+$/.test(value)
-export const isSafeFile = (value: string) => /^[a-zA-Z0-9._-]+$/.test(value)
+

 export const shellQuote = (value: string) => `'${value.replace(/'/g, `'\\''`)}'`

 export function runSsh(command: string): Promise<string> {
-    if (!REMOTE_HOST) {
-        return Promise.reject(new Error("BACKUPS_REMOTE_HOST is not configured"))
-    }
    return new Promise((resolve, reject) => {
        execFile(
            "ssh",
            ["-o", "BatchMode=yes", "-o", "ConnectTimeout=5", REMOTE_HOST, command],
-            {maxBuffer: 10 * 1024 * 1024},
+            { maxBuffer: 10 * 1024 * 1024 },
            (error, stdout, stderr) => {
                if (error) {
                    reject(stderr || error.message)
@@ -45,7 +42,7 @@ export async function resolveFolderRemoteDir(folderName: string): Promise<string
        return direct
    }

-    const nested = `${REMOTE_ROOT}/bdd-recette/${folderName}`
+    const nested = `${REMOTE_ROOT}/bdd_recette/${folderName}`
    if (await remoteDirExists(nested)) {
        return nested
    }