Update vpn service

2026-04-18 01:52:20 +00:00 · 2026-03-14 20:30:53 +01:00
parent db5ac37ad3
commit 4546adb894
3 changed files with 280 additions and 15 deletions
--- a/AppImage/scripts/flask_oci_routes.py
+++ b/AppImage/scripts/flask_oci_routes.py
@@ -475,3 +475,48 @@ def get_app_status(app_id: str):
            "success": False,
            "message": str(e)
        }), 500
+
+
+@oci_bp.route("/installed/<app_id>/update-auth-key", methods=["POST"])
+@require_auth
+def update_auth_key(app_id: str):
+    """
+    Update the Tailscale auth key for an installed gateway.
+    
+    This is useful when the auth key expires and the gateway needs to re-authenticate.
+    
+    Body:
+        {
+            "auth_key": "tskey-auth-xxx"
+        }
+    
+    Returns:
+        Success status and message.
+    """
+    try:
+        data = request.get_json()
+        
+        if not data or "auth_key" not in data:
+            return jsonify({
+                "success": False,
+                "message": "auth_key is required in request body"
+            }), 400
+        
+        auth_key = data["auth_key"]
+        
+        if not auth_key.startswith("tskey-"):
+            return jsonify({
+                "success": False,
+                "message": "Invalid auth key format. Should start with 'tskey-'"
+            }), 400
+        
+        result = oci_manager.update_auth_key(app_id, auth_key)
+        status_code = 200 if result.get("success") else 400
+        return jsonify(result), status_code
+        
+    except Exception as e:
+        logger.error(f"Failed to update auth key: {e}")
+        return jsonify({
+            "success": False,
+            "message": str(e)
+        }), 500
--- a/AppImage/scripts/oci_manager.py
+++ b/AppImage/scripts/oci_manager.py
@@ -1111,6 +1111,82 @@ def detect_networks() -> List[Dict[str, str]]:
    return networks


+# =================================================================
+# Update Auth Key (for Tailscale re-authentication)
+# =================================================================
+def update_auth_key(app_id: str, auth_key: str) -> Dict[str, Any]:
+    """Update the Tailscale auth key for a running gateway."""
+    result = {"success": False, "message": "", "app_id": app_id}
+    
+    # Get VMID for the app
+    vmid = _get_vmid_for_app(app_id)
+    if not vmid:
+        result["message"] = f"App {app_id} not found or not installed"
+        return result
+    
+    # Check if container is running
+    status = get_app_status(app_id)
+    if status.get("state") != "running":
+        result["message"] = "Container must be running to update auth key"
+        return result
+    
+    logger.info(f"Updating auth key for {app_id} (VMID: {vmid})")
+    print(f"[*] Updating auth key for {app_id}...")
+    
+    # Run tailscale logout first to clear existing state
+    print(f"[*] Logging out of Tailscale...")
+    _run_pve_cmd(["pct", "exec", str(vmid), "--", "tailscale", "logout"], timeout=30)
+    
+    # Wait a moment for logout to complete
+    import time
+    time.sleep(2)
+    
+    # Run tailscale up with new auth key
+    print(f"[*] Authenticating with new key...")
+    
+    # Load saved config to get original settings
+    config_file = os.path.join(INSTANCES_DIR, app_id, "config.json")
+    config = {}
+    if os.path.exists(config_file):
+        try:
+            with open(config_file) as f:
+                saved_config = json.load(f)
+                config = saved_config.get("values", {})
+        except:
+            pass
+    
+    # Build tailscale up command
+    ts_cmd = ["tailscale", "up", f"--authkey={auth_key}"]
+    
+    hostname = config.get("hostname")
+    if hostname:
+        ts_cmd.append(f"--hostname={hostname}")
+    
+    advertise_routes = config.get("advertise_routes")
+    if advertise_routes:
+        if isinstance(advertise_routes, list):
+            advertise_routes = ",".join(advertise_routes)
+        ts_cmd.append(f"--advertise-routes={advertise_routes}")
+    
+    if config.get("exit_node"):
+        ts_cmd.append("--advertise-exit-node")
+    
+    if config.get("accept_routes"):
+        ts_cmd.append("--accept-routes")
+    
+    rc, out, err = _run_pve_cmd(["pct", "exec", str(vmid), "--"] + ts_cmd, timeout=60)
+    
+    if rc != 0:
+        logger.error(f"Failed to update auth key: {err}")
+        result["message"] = f"Failed to authenticate: {err}"
+        return result
+    
+    print(f"[OK] Auth key updated successfully")
+    result["success"] = True
+    result["message"] = "Auth key updated successfully"
+    return result
+
+
 # =================================================================
 # Runtime Detection (for backward compatibility)
 # =================================================================