feat(deployment): enhance log retrieval by encoding log path in base64

- Updated the WebSocket server to encode the log path in base64 before executing the tail command on the remote server.
- Added validation to ensure the directory name adheres to a specified regex pattern, improving input integrity for directory paths.

apps/dokploy/server/wss/listen-deployment.ts

@@ -1,6 +1,7 @@
 import { spawn } from "node:child_process";
 import type http from "node:http";
 import { findServerById, IS_CLOUD, validateRequest } from "@dokploy/server";
+import { encodeBase64 } from "@dokploy/server/utils/docker/utils";
 import { readValidDirectory } from "@dokploy/server/wss/utils";
 import { Client } from "ssh2";
 import { WebSocketServer } from "ws";
@@ -70,9 +71,9 @@ export const setupDeploymentLogsWebSocketServer = (
 				sshClient = new Client();
 				sshClient
 					.on("ready", () => {
-						const command = `
+						const encodedPath = encodeBase64(logPath);
-						tail -n +1 -f ${logPath};
+					const command = `tail -n +1 -f "$(echo '${encodedPath}' | base64 -d)"`;
-					`;
+
 						sshClient!.exec(command, (err, stream) => {
 							if (err) {
 								sshClient!.end();

packages/server/src/wss/utils.ts

@@ -40,6 +40,10 @@ export const readValidDirectory = (
 	directory: string,
 	serverId?: string | null,
 ) => {
+	if (!/^[\w/. -]{1,500}$/.test(directory)) {
+		return false;
+	}
+
 	const { BASE_PATH } = paths(!!serverId);
 
 	const resolvedBase = path.resolve(BASE_PATH);