Fimeg/Redflag
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

cleanup: remove 2,369 lines of dead code

Browse Source 
Removed backup files and unused legacy scanner function.
All code verified as unreferenced.
This commit is contained in:
Fimeg
2025-11-10 21:20:42 -05:00
parent 1f2b1b7179
commit c95cc7d91f
32 changed files with 5899 additions and 567 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
aggregator-server/cmd/server/main.go
View File

@@ -2,6 +2,8 @@ package main
import (
"context"
"crypto/ed25519"
"encoding/hex"
"flag"
"fmt"
"log"
@@ -19,6 +21,31 @@ import (
"github.com/gin-gonic/gin"
)
// validateSigningService performs a test sign/verify to ensure the key is valid
func validateSigningService(signingService *services.SigningService) error {
if signingService == nil {
return fmt.Errorf("signing service is nil")
}
// Verify the key is accessible by getting public key and fingerprint
publicKeyHex := signingService.GetPublicKey()
if publicKeyHex == "" {
return fmt.Errorf("failed to get public key from signing service")
}
fingerprint := signingService.GetPublicKeyFingerprint()
if fingerprint == "" {
return fmt.Errorf("failed to get public key fingerprint")
}
// Basic validation: Ed25519 public key should be 64 hex characters (32 bytes)
if len(publicKeyHex) != 64 {
return fmt.Errorf("invalid public key length: expected 64 hex chars, got %d", len(publicKeyHex))
}
return nil
}
func startWelcomeModeServer() {
setupHandler := handlers.NewSetupHandler("/app/config")
router := gin.Default()
@@ -146,18 +173,29 @@ func main() {
timezoneService := services.NewTimezoneService(cfg)
timeoutService := services.NewTimeoutService(commandQueries, updateQueries)
// Initialize signing service if private key is configured
// Initialize and validate signing service if private key is configured
var signingService *services.SigningService
if cfg.SigningPrivateKey != "" {
var err error
signingService, err = services.NewSigningService(cfg.SigningPrivateKey)
if err != nil {
log.Printf("Warning: Failed to initialize signing service: %v", err)
log.Printf("[ERROR] Failed to initialize signing service: %v", err)
log.Printf("[WARNING] Agent update signing is DISABLED - agents cannot be updated")
log.Printf("[INFO] To fix: Generate signing keys at /api/setup/generate-keys and add to .env")
} else {
log.Printf("✅ Ed25519 signing service initialized")
// Validate the signing key works by performing a test sign/verify
if err := validateSigningService(signingService); err != nil {
log.Printf("[ERROR] Signing key validation failed: %v", err)
log.Printf("[WARNING] Agent update signing is DISABLED - key is corrupted")
signingService = nil // Disable signing
} else {
log.Printf("[system] Ed25519 signing service initialized and validated")
log.Printf("[system] Public key fingerprint: %s", signingService.GetPublicKeyFingerprint())
}
}
} else {
log.Printf("Warning: No signing private key configured - agent update signing disabled")
log.Printf("[WARNING] No signing private key configured - agent update signing disabled")
log.Printf("[INFO] Generate keys: POST /api/setup/generate-keys")
}
// Initialize rate limiter
@@ -183,10 +221,23 @@ func main() {
verificationHandler = handlers.NewVerificationHandler(agentQueries, signingService)
}
// Initialize update nonce service (for version upgrade middleware)
var updateNonceService *services.UpdateNonceService
if signingService != nil && cfg.SigningPrivateKey != "" {
// Decode private key for nonce service
privateKeyBytes, err := hex.DecodeString(cfg.SigningPrivateKey)
if err == nil && len(privateKeyBytes) == ed25519.PrivateKeySize {
updateNonceService = services.NewUpdateNonceService(ed25519.PrivateKey(privateKeyBytes))
log.Printf("[system] Update nonce service initialized for version upgrades")
} else {
log.Printf("[WARNING] Failed to initialize update nonce service: invalid private key")
}
}
// Initialize agent update handler
var agentUpdateHandler *handlers.AgentUpdateHandler
if signingService != nil {
agentUpdateHandler = handlers.NewAgentUpdateHandler(agentQueries, agentUpdateQueries, commandQueries, signingService, agentHandler)
agentUpdateHandler = handlers.NewAgentUpdateHandler(agentQueries, agentUpdateQueries, commandQueries, signingService, updateNonceService, agentHandler)
}
// Initialize system handler
@@ -225,6 +276,20 @@ func main() {
api.POST("/agents/register", rateLimiter.RateLimit("agent_registration", middleware.KeyByIP), agentHandler.RegisterAgent)
api.POST("/agents/renew", rateLimiter.RateLimit("public_access", middleware.KeyByIP), agentHandler.RenewToken)
// Agent setup routes (no authentication required, with rate limiting)
api.POST("/setup/agent", rateLimiter.RateLimit("agent_setup", middleware.KeyByIP), handlers.SetupAgent)
api.GET("/setup/templates", rateLimiter.RateLimit("public_access", middleware.KeyByIP), handlers.GetTemplates)
api.POST("/setup/validate", rateLimiter.RateLimit("agent_setup", middleware.KeyByIP), handlers.ValidateConfiguration)
// Build orchestrator routes (admin-only)
buildRoutes := api.Group("/build")
buildRoutes.Use(authHandler.WebAuthMiddleware())
{
buildRoutes.POST("/new", rateLimiter.RateLimit("agent_build", middleware.KeyByIP), handlers.NewAgentBuild)
buildRoutes.POST("/upgrade/:agentID", rateLimiter.RateLimit("agent_build", middleware.KeyByIP), handlers.UpgradeAgentBuild)
buildRoutes.POST("/detect", rateLimiter.RateLimit("agent_build", middleware.KeyByIP), handlers.DetectAgentInstallation)
}
// Public download routes (no authentication - agents need these!)
api.GET("/downloads/:platform", rateLimiter.RateLimit("public_access", middleware.KeyByIP), downloadHandler.DownloadAgent)
api.GET("/downloads/updates/:package_id", rateLimiter.RateLimit("public_access", middleware.KeyByIP), downloadHandler.DownloadUpdatePackage)
@@ -291,9 +356,12 @@ func main() {
// Agent update routes
if agentUpdateHandler != nil {
dashboard.POST("/agents/:id/update", agentUpdateHandler.UpdateAgent)
dashboard.POST("/agents/:id/update-nonce", agentUpdateHandler.GenerateUpdateNonce)
dashboard.POST("/agents/bulk-update", agentUpdateHandler.BulkUpdateAgents)
dashboard.GET("/updates/packages", agentUpdateHandler.ListUpdatePackages)
dashboard.POST("/updates/packages/sign", agentUpdateHandler.SignUpdatePackage)
dashboard.GET("/agents/:id/updates/available", agentUpdateHandler.CheckForUpdateAvailable)
dashboard.GET("/agents/:id/updates/status", agentUpdateHandler.GetUpdateStatus)
}
// Log routes