admin/changemaker.lite
1
0
Fork 0
Code Issues Packages Projects Releases 35 Wiki Activity

Fix Pangolin sync siteId resolution, nginx media proxy, and upgrade script

Browse Source 
- Resolve Pangolin site slug to numeric ID in sync route (fixes target creation 400 errors)
- Disable SSO on newly created Pangolin resources for public access
- Fix nginx media API proxy: use rewrite + set ordering for proper URI rewriting
- Upgrade script: clear skip-worktree flags, fix Docker-owned dir permissions, stash untracked files

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
admin 2026-03-08 23:53:36 -06:00
parent 008dfed3bc
commit 12345f9816
3 changed files with 36 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
api/src/modules/pangolin/pangolin.routes.ts
View File

@ -708,12 +708,25 @@ router.post('/sync', pangolinSetupLimiter, async (_req: Request, res: Response)
return; return;
} }
const siteId = env.PANGOLIN_SITE_ID; const siteSlug = env.PANGOLIN_SITE_ID;
if (!siteId) { if (!siteSlug) {
res.status(400).json({ error: { message: 'PANGOLIN_SITE_ID not set. Run setup first.', code: 'NO_SITE' } }); res.status(400).json({ error: { message: 'PANGOLIN_SITE_ID not set. Run setup first.', code: 'NO_SITE' } });
return; return;
} }
// Resolve numeric siteId from slug (Pangolin targets require numeric siteId)
let siteId: string | number = siteSlug;
if (isNaN(Number(siteSlug))) {
const sites = await pangolinClient.listSites();
const match = sites.find(s => s.niceId === siteSlug || s.name === siteSlug);
if (match) {
siteId = match.siteId;
logger.info(`Resolved site slug "${siteSlug}" to numeric siteId ${siteId}`);
} else {
logger.warn(`Could not resolve site slug "${siteSlug}" to numeric ID, using as-is`);
}
}
const domain = env.DOMAIN; const domain = env.DOMAIN;
const resourceDefs = loadResourceDefinitions(); const resourceDefs = loadResourceDefinitions();
if (resourceDefs.length === 0) { if (resourceDefs.length === 0) {
@ -809,9 +822,9 @@ router.post('/sync', pangolinSetupLimiter, async (_req: Request, res: Response)
protocol: 'tcp', protocol: 'tcp',
}); });
// Make publicly accessible // Make publicly accessible (disable SSO auth + blockAccess)
try { try {
await pangolinClient.updateResource(resource.resourceId, { blockAccess: false }); await pangolinClient.updateResource(resource.resourceId, { sso: false, blockAccess: false });
} catch { } catch {
logger.warn(`Created ${fullDomain} but failed to set public access`); logger.warn(`Created ${fullDomain} but failed to set public access`);
} }

3
nginx/conf.d/api.conf.template
View File

@ -6,7 +6,8 @@ server {
# Media API endpoints (must come BEFORE / for longest prefix match) # Media API endpoints (must come BEFORE / for longest prefix match)
# Uses variable proxy_pass for runtime DNS resolution after container restarts # Uses variable proxy_pass for runtime DNS resolution after container restarts
location /media/ { location /media/ {
set $upstream_media http://changemaker-media-api:4100/api/; set $upstream_media http://changemaker-media-api:4100;
rewrite ^/media/(.*) /api/$1 break;
proxy_pass $upstream_media; proxy_pass $upstream_media;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;

18
scripts/upgrade.sh
View File

@ -584,13 +584,29 @@ fi
# Step 0: Save user-modifiable paths before any git operations # Step 0: Save user-modifiable paths before any git operations
save_user_paths save_user_paths
# Step 0b: Clear skip-worktree flags that prevent merge (e.g., repo-data JSON files)
SKIP_WORKTREE_FILES="$(git ls-files -v | grep '^S ' | awk '{print $2}' || true)"
if [[ -n "$SKIP_WORKTREE_FILES" ]]; then
info "Clearing skip-worktree flags on $(echo "$SKIP_WORKTREE_FILES" | wc -l | xargs) file(s)..."
echo "$SKIP_WORKTREE_FILES" | xargs git update-index --no-skip-worktree
success "Skip-worktree flags cleared"
fi
# Step 0c: Fix Docker-owned directories that block git checkout
for owned_dir in api/upgrade api/uploads api/configs; do
if [[ -d "$PROJECT_DIR/$owned_dir" ]] && [[ ! -w "$PROJECT_DIR/$owned_dir" ]]; then
info "Fixing permissions on $owned_dir..."
docker run --rm -v "$PROJECT_DIR/$owned_dir:/fix" alpine chown -R "$(id -u):$(id -g)" /fix 2>/dev/null || true
fi
done
# Step 1: Stash user changes if any exist # Step 1: Stash user changes if any exist
HAS_CHANGES=false HAS_CHANGES=false
if [[ -n "$(git status --porcelain 2>/dev/null)" ]]; then if [[ -n "$(git status --porcelain 2>/dev/null)" ]]; then
HAS_CHANGES=true HAS_CHANGES=true
STASH_NAME="upgrade-${TIMESTAMP}" STASH_NAME="upgrade-${TIMESTAMP}"
info "Stashing local changes as '$STASH_NAME'..." info "Stashing local changes as '$STASH_NAME'..."
git stash push -m "$STASH_NAME" git stash push --include-untracked -m "$STASH_NAME"
success "Local changes stashed" success "Local changes stashed"
fi fi