36 lines
1.4 KiB
Markdown
36 lines
1.4 KiB
Markdown
# Agent Install ID Parsing Issue
|
|
|
|
## Problem Statement
|
|
|
|
The `generateInstallScript` function in downloads.go is not properly extracting the `agent_id` query parameter, causing the install script to always generate new agent IDs instead of using existing registered agent IDs for upgrades.
|
|
|
|
## Current State
|
|
|
|
The install script downloads always generate new UUIDs:
|
|
```bash
|
|
# BEFORE (broken)
|
|
curl -sfL "http://localhost:3000/api/v1/install/linux?agent_id=6fdba4c92c4d4d33a4010e98db0df72d8bbe3d62c6b7e0a33cef3325e29bdd6d"
|
|
# Result: AGENT_ID="cf865204-125a-491d-976f-5829b6c081e6" (NEW UUID)
|
|
```
|
|
|
|
## Expected Behavior
|
|
|
|
For upgrade scenarios, the install script should preserve the existing agent ID:
|
|
```bash
|
|
# AFTER (fixed)
|
|
curl -sfL "http://localhost:3000/api/v1/install/linux?agent_id=6fdba4c92c4d4d33a4010e98db0df72d8bbe3d62c6b7e0a33cef3325e29bdd6d"
|
|
# Result: AGENT_ID="6fdba4c92c4d4d33a4010e98db0df72d8bbe3d62c6b7e0a33cef3325e29bdd6d" (PASSED UUID)
|
|
```
|
|
|
|
## Root Cause
|
|
|
|
The `generateInstallScript` function only looks at query parameters but doesn't properly validate/extract the UUID format.
|
|
|
|
## Fix Required
|
|
|
|
Implement proper agent ID parsing following security priority:
|
|
1. Header: `X-Agent-ID` (secure)
|
|
2. Path: `/api/v1/install/:platform/:agent_id` (legacy)
|
|
3. Query: `?agent_id=uuid` (fallback)
|
|
|
|
All paths must validate UUID format and enforce rate limiting/signature validation. |