From a4e2317f3e0612a13a4fde5c4ca4f599cf9a2f61 Mon Sep 17 00:00:00 2001 From: Mauricio Siu Date: Sat, 9 May 2026 00:01:45 -0600 Subject: [PATCH] feat(deployment): enhance log retrieval by encoding log path in base64 - Updated the WebSocket server to encode the log path in base64 before executing the tail command on the remote server. - Added validation to ensure the directory name adheres to a specified regex pattern, improving input integrity for directory paths. --- apps/dokploy/server/wss/listen-deployment.ts | 7 ++++--- packages/server/src/wss/utils.ts | 4 ++++ 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/apps/dokploy/server/wss/listen-deployment.ts b/apps/dokploy/server/wss/listen-deployment.ts index cd9eefed6..0548004be 100644 --- a/apps/dokploy/server/wss/listen-deployment.ts +++ b/apps/dokploy/server/wss/listen-deployment.ts @@ -1,6 +1,7 @@ import { spawn } from "node:child_process"; import type http from "node:http"; import { findServerById, IS_CLOUD, validateRequest } from "@dokploy/server"; +import { encodeBase64 } from "@dokploy/server/utils/docker/utils"; import { readValidDirectory } from "@dokploy/server/wss/utils"; import { Client } from "ssh2"; import { WebSocketServer } from "ws"; @@ -70,9 +71,9 @@ export const setupDeploymentLogsWebSocketServer = ( sshClient = new Client(); sshClient .on("ready", () => { - const command = ` - tail -n +1 -f ${logPath}; - `; + const encodedPath = encodeBase64(logPath); + const command = `tail -n +1 -f "$(echo '${encodedPath}' | base64 -d)"`; + sshClient!.exec(command, (err, stream) => { if (err) { sshClient!.end(); diff --git a/packages/server/src/wss/utils.ts b/packages/server/src/wss/utils.ts index d54197ad7..0ea7485f9 100644 --- a/packages/server/src/wss/utils.ts +++ b/packages/server/src/wss/utils.ts @@ -40,6 +40,10 @@ export const readValidDirectory = ( directory: string, serverId?: string | null, ) => { + if (!/^[\w/. -]{1,500}$/.test(directory)) { + return false; + } + const { BASE_PATH } = paths(!!serverId); const resolvedBase = path.resolve(BASE_PATH);