- Introduced unique key generation for locations and directives using WeakMap to improve item identification in draggable lists.
- Updated the `item-key` binding in `LocationEditor.vue` and `DirectiveEditor.vue` to utilize the new key generation functions.
- Refactored the NgxConfig store to include a reset function, ensuring a clean state for ngxConfig when needed.
- Enhanced the `SiteAdd.vue` component to reset the ngxConfigStore during initialization.
- Added tests to verify backup and restore processes when the crypto secret changes, ensuring hash verification passes.
- Updated `writeManifestFiles` and `verifyBackupManifest` functions to accept an AES key for improved security.
- Implemented fallback mechanism for verifying manifest signatures using both AES-derived and legacy signing keys.
- Enhanced the overall robustness of the backup and restore system to handle legacy signatures and different crypto secrets.
* fix(mcp): prevent panic on nil interface conversion for tool arguments
Add safe argument extraction helper functions in internal/mcp/args.go
that handle nil values gracefully instead of panicking on direct type
assertions.
This fixes the issue where MCP config tools panic with:
'interface conversion: interface {} is nil, not string'
when called via Claude Desktop with protocol version 2025-11-25.
Affected tools:
- nginx_config_list
- nginx_config_get
- nginx_config_add
- nginx_config_modify
- nginx_config_rename
- nginx_config_mkdir
- nginx_config_history
- nginx_config_enable
Fixes #36ec
Co-authored-by: Jacky <me@jackyu.cn>
* Add required argument validation to MCP config handlers to prevent data loss
The safe argument extraction helpers (mcp.GetString, etc.) return zero values
for nil/missing arguments, which could cause silent data loss. This adds
explicit validation for required arguments in:
- config_modify: validate relative_path and content
- config_add: validate name and content
- config_rename: validate orig_name and new_name
- config_mkdir: validate folder_name
This follows the same pattern already used in handleNginxConfigEnable.
* Add required argument validation to config_get and config_history handlers
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
- Introduced SafeWebSocketWriter to ensure thread-safe writes to WebSocket connections.
- Updated WebSocket handling in certificate issuance, revocation, Nginx log tailing, and system upgrades to use the new writer.
- Enhanced WebSocket client management in the site navigation module for improved message handling and connection stability.
- Added `InitTokenRouter` to define the `/token/short` endpoint for issuing short tokens.
- Created `IssueShortToken` function to handle short token generation and response.
- Updated WebSocket middleware to require short token for authentication, preventing CSWSH attacks.
- Modified user store and login handling to integrate short token functionality.
- Enhanced documentation to reflect changes in WebSocket security requirements.
- Introduced `WebSocketTrustedOrigins` setting in `app.example.ini` and corresponding documentation.
- Refactored WebSocket origin checks across multiple API endpoints to utilize the new middleware for improved security.
- Added tests for the new origin validation logic to ensure proper handling of trusted origins and node secret requests.
0xJacky