feat: add Services and Logs modules (systemctl + journalctl via SSH)

Backend: - modules/services: list, status, start/stop/restart systemctl services with pct exec support for LXC targets - modules/logs: journalctl unit listing + WebSocket live streaming (direct SSH connection, journalctl -f, graceful teardown on WS close) - migrations/003: seed services and logs modules in DB - main.go: register services.New() and logs.New() in module loader Frontend: - services.html: target selector, search/filter, services table with active state indicators and start/stop/restart buttons - logs.html: target + unit selectors, live follow toggle, scrollable terminal output with 3000-line cap - app.js: servicePage() and logsPage() Alpine components + navItems - locales: services and logs i18n keys (fr + en) - pages.css: services table, state dots, logs output styles Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-22 02:03:55 +01:00 · 2026-03-22 02:03:55 +01:00 · 5836f2201a
commit 5836f2201a
parent 98cdabf3e1
10 changed files with 1012 additions and 2 deletions
--- a/backend/internal/db/migrations/003_modules_extra.sql
+++ b/backend/internal/db/migrations/003_modules_extra.sql
@ -0,0 +1,4 @@
+-- Migration 003 : Ajout des modules logs et services
+INSERT OR IGNORE INTO modules (id, name, description, version, is_core, is_enabled) VALUES
+    ('logs',     'Journaux',  'Consultation des journaux système via journalctl',    '1.0.0', 0, 1),
+    ('services', 'Services',  'Gestion des services systemd (start/stop/restart)',  '1.0.0', 0, 1);
--- a/backend/main.go
+++ b/backend/main.go
@ -17,6 +17,8 @@ import (
 	sshpool "git.geronzi.fr/proxmoxPanel/core/backend/internal/ssh"
 	"git.geronzi.fr/proxmoxPanel/core/backend/internal/websocket"
 	"git.geronzi.fr/proxmoxPanel/core/backend/modules"
+	"git.geronzi.fr/proxmoxPanel/core/backend/modules/logs"
+	"git.geronzi.fr/proxmoxPanel/core/backend/modules/services"

 	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/chi/v5/middleware"
@ -68,8 +70,8 @@ func main() {

 	// ── Chargement des modules actifs ──────────────────────────────────────
 	loader := modules.NewLoader(database.DB)
-	// Les modules sont enregistrés ici (compilés dans le binaire)
-	// loader.RegisterModule(dashboard.New(...))  ← à décommenter quand implémentés
+	loader.RegisterModule(services.New(database, sshPool, encryptor))
+	loader.RegisterModule(logs.New(database, sshPool, encryptor))
 	if err := loader.LoadActive(); err != nil {
 		log.Fatalf("Erreur chargement modules : %v", err)
 	}
--- a/backend/modules/logs/logs.go
+++ b/backend/modules/logs/logs.go
@ -0,0 +1,206 @@
+// Module Logs — streaming de journalctl via WebSocket + SSH.
+// Expose : liste des unités journald, streaming WebSocket journalctl.
+package logs
+
+import (
+	"fmt"
+	"net/http"
+	"strconv"
+	"strings"
+	"time"
+
+	"git.geronzi.fr/proxmoxPanel/core/backend/internal/api"
+	"git.geronzi.fr/proxmoxPanel/core/backend/internal/crypto"
+	"git.geronzi.fr/proxmoxPanel/core/backend/internal/db"
+	sshpool "git.geronzi.fr/proxmoxPanel/core/backend/internal/ssh"
+	"git.geronzi.fr/proxmoxPanel/core/backend/modules"
+	gorillaws "github.com/gorilla/websocket"
+	gossh "golang.org/x/crypto/ssh"
+)
+
+// LogsModule gère la lecture des journaux systemd via SSH.
+type LogsModule struct {
+	db   *db.DB
+	pool *sshpool.Pool
+	enc  *crypto.Encryptor
+}
+
+// New crée un LogsModule avec les dépendances nécessaires.
+func New(database *db.DB, pool *sshpool.Pool, enc *crypto.Encryptor) *LogsModule {
+	return &LogsModule{db: database, pool: pool, enc: enc}
+}
+
+func (m *LogsModule) ID() string { return "logs" }
+
+// Register enregistre les routes du module dans le registry CORE.
+func (m *LogsModule) Register(r modules.Registry) error {
+	r.RegisterRoute("GET", "/api/logs/units", m.ListUnits, false)
+	r.RegisterRoute("GET", "/ws/logs",        m.StreamLogs, false)
+	return nil
+}
+
+// sshCreds récupère et déchiffre les credentials SSH depuis la configuration.
+func (m *LogsModule) sshCreds() (host, user, pass string, err error) {
+	host, _, _ = m.db.GetSetting("ssh_host")
+	user, _, _ = m.db.GetSetting("ssh_username")
+	encPass, _, _ := m.db.GetSetting("ssh_password")
+	if encPass != "" {
+		pass, err = m.enc.Decrypt(encPass)
+		if err != nil {
+			return "", "", "", fmt.Errorf("impossible de déchiffrer le mot de passe SSH")
+		}
+	}
+	if host == "" || user == "" || pass == "" {
+		return "", "", "", fmt.Errorf("SSH non configuré")
+	}
+	return host, user, pass, nil
+}
+
+// buildJournalCmd construit la commande journalctl, en la wrappant via pct exec pour les LXC.
+func buildJournalCmd(target, journalArgs string) string {
+	if strings.HasPrefix(target, "lxc:") {
+		vmid := strings.TrimPrefix(target, "lxc:")
+		if _, err := strconv.Atoi(vmid); err == nil {
+			return fmt.Sprintf("pct exec %s -- journalctl %s", vmid, journalArgs)
+		}
+	}
+	return "journalctl " + journalArgs
+}
+
+// sanitizeUnit valide un nom d'unité systemd pour éviter l'injection de commandes.
+func sanitizeUnit(unit string) string {
+	for _, c := range unit {
+		ok := (c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') ||
+			(c >= '0' && c <= '9') || c == '-' || c == '.' || c == '_' || c == '@' || c == ':'
+		if !ok {
+			return ""
+		}
+	}
+	return unit
+}
+
+// ListUnits retourne la liste des unités systemd présentes dans les journaux.
+// GET /api/logs/units?target=host|lxc:ID
+func (m *LogsModule) ListUnits(w http.ResponseWriter, r *http.Request) {
+	sshHost, user, pass, err := m.sshCreds()
+	if err != nil {
+		api.JSONError(w, err.Error(), http.StatusServiceUnavailable)
+		return
+	}
+
+	target := r.URL.Query().Get("target")
+	if target == "" {
+		target = "host"
+	}
+
+	cmd := buildJournalCmd(target, "--field=_SYSTEMD_UNIT --no-pager 2>/dev/null | sort -u | head -300")
+	out, _ := m.pool.RunCommand(sshHost, user, pass, cmd)
+
+	units := []string{}
+	for _, line := range strings.Split(out, "\n") {
+		line = strings.TrimSpace(line)
+		if line != "" {
+			units = append(units, line)
+		}
+	}
+	api.JSONResponse(w, http.StatusOK, units)
+}
+
+// wsUpgrader est l'upgrader WebSocket pour le module logs.
+var wsUpgrader = gorillaws.Upgrader{
+	CheckOrigin: func(r *http.Request) bool { return true },
+}
+
+// StreamLogs ouvre un WebSocket et stream journalctl en temps réel via SSH.
+// GET /ws/logs?target=host|lxc:ID&unit=sshd.service&lines=100
+func (m *LogsModule) StreamLogs(w http.ResponseWriter, r *http.Request) {
+	sshHost, user, pass, err := m.sshCreds()
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusServiceUnavailable)
+		return
+	}
+
+	conn, err := wsUpgrader.Upgrade(w, r, nil)
+	if err != nil {
+		return
+	}
+	defer conn.Close()
+
+	target := r.URL.Query().Get("target")
+	if target == "" {
+		target = "host"
+	}
+
+	unit := r.URL.Query().Get("unit")
+	linesStr := r.URL.Query().Get("lines")
+	lines := 100
+	if n, err2 := strconv.Atoi(linesStr); err2 == nil && n > 0 && n <= 2000 {
+		lines = n
+	}
+
+	// Construction des arguments journalctl
+	args := fmt.Sprintf("-f --no-pager -n %d", lines)
+	if safe := sanitizeUnit(unit); safe != "" {
+		args += " -u " + safe
+	}
+	cmd := buildJournalCmd(target, args)
+
+	// Connexion SSH directe (hors pool — session longue durée avec journalctl -f)
+	sshConfig := &gossh.ClientConfig{
+		User:            user,
+		Auth:            []gossh.AuthMethod{gossh.Password(pass)},
+		Timeout:         15 * time.Second,
+		HostKeyCallback: gossh.InsecureIgnoreHostKey(),
+	}
+	client, err := gossh.Dial("tcp", sshHost, sshConfig)
+	if err != nil {
+		conn.WriteMessage(gorillaws.TextMessage, []byte("Erreur SSH : "+err.Error()))
+		return
+	}
+	defer client.Close()
+
+	session, err := client.NewSession()
+	if err != nil {
+		conn.WriteMessage(gorillaws.TextMessage, []byte("Erreur session SSH : "+err.Error()))
+		return
+	}
+	defer session.Close()
+
+	stdout, err := session.StdoutPipe()
+	if err != nil {
+		return
+	}
+	if err := session.Start(cmd); err != nil {
+		conn.WriteMessage(gorillaws.TextMessage, []byte("Erreur commande : "+err.Error()))
+		return
+	}
+
+	// Goroutine : SSH stdout → WebSocket
+	done := make(chan struct{})
+	go func() {
+		defer close(done)
+		buf := make([]byte, 4096)
+		for {
+			n, err := stdout.Read(buf)
+			if n > 0 {
+				conn.WriteMessage(gorillaws.TextMessage, buf[:n])
+			}
+			if err != nil {
+				break
+			}
+		}
+	}()
+
+	// Boucle principale : attendre fermeture WebSocket (ou message de contrôle)
+	for {
+		_, _, err := conn.ReadMessage()
+		if err != nil {
+			break
+		}
+	}
+
+	// Fermer la session SSH → interrompt journalctl -f
+	session.Close()
+	client.Close()
+	<-done
+}
--- a/backend/modules/services/services.go
+++ b/backend/modules/services/services.go
@ -0,0 +1,198 @@
+// Module Services — gestion des services systemd via SSH.
+// Expose : liste des services, statut détaillé, start/stop/restart (admin).
+package services
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"strconv"
+	"strings"
+
+	"git.geronzi.fr/proxmoxPanel/core/backend/internal/api"
+	"git.geronzi.fr/proxmoxPanel/core/backend/internal/crypto"
+	"git.geronzi.fr/proxmoxPanel/core/backend/internal/db"
+	sshpool "git.geronzi.fr/proxmoxPanel/core/backend/internal/ssh"
+	"git.geronzi.fr/proxmoxPanel/core/backend/modules"
+	"github.com/go-chi/chi/v5"
+)
+
+// ServicesModule gère les opérations systemctl sur le host et les LXC.
+type ServicesModule struct {
+	db   *db.DB
+	pool *sshpool.Pool
+	enc  *crypto.Encryptor
+}
+
+// New crée un ServicesModule avec les dépendances nécessaires.
+func New(database *db.DB, pool *sshpool.Pool, enc *crypto.Encryptor) *ServicesModule {
+	return &ServicesModule{db: database, pool: pool, enc: enc}
+}
+
+func (m *ServicesModule) ID() string { return "services" }
+
+// Register enregistre les routes du module dans le registry CORE.
+func (m *ServicesModule) Register(r modules.Registry) error {
+	r.RegisterRoute("GET",  "/api/services",                m.ListServices,   false)
+	r.RegisterRoute("GET",  "/api/services/{name}/status",  m.ServiceStatus,  false)
+	r.RegisterRoute("POST", "/api/services/{name}/{action}", m.ServiceAction, true)
+	return nil
+}
+
+// sshCreds récupère et déchiffre les credentials SSH depuis la configuration.
+func (m *ServicesModule) sshCreds() (host, user, pass string, err error) {
+	host, _, _ = m.db.GetSetting("ssh_host")
+	user, _, _ = m.db.GetSetting("ssh_username")
+	encPass, _, _ := m.db.GetSetting("ssh_password")
+	if encPass != "" {
+		pass, err = m.enc.Decrypt(encPass)
+		if err != nil {
+			return "", "", "", fmt.Errorf("impossible de déchiffrer le mot de passe SSH")
+		}
+	}
+	if host == "" || user == "" || pass == "" {
+		return "", "", "", fmt.Errorf("SSH non configuré")
+	}
+	return host, user, pass, nil
+}
+
+// buildCmd construit la commande systemctl, en la wrappant via pct exec pour les LXC.
+func buildCmd(target, systemctlArgs string) string {
+	if strings.HasPrefix(target, "lxc:") {
+		vmid := strings.TrimPrefix(target, "lxc:")
+		if _, err := strconv.Atoi(vmid); err == nil {
+			return fmt.Sprintf("pct exec %s -- systemctl %s", vmid, systemctlArgs)
+		}
+	}
+	return "systemctl " + systemctlArgs
+}
+
+// ServiceEntry représente un service systemd dans la liste.
+type ServiceEntry struct {
+	Name        string `json:"name"`
+	LoadState   string `json:"load_state"`
+	ActiveState string `json:"active_state"`
+	SubState    string `json:"sub_state"`
+	Description string `json:"description"`
+}
+
+// ListServices retourne la liste des services systemd d'une cible.
+// GET /api/services?target=host|lxc:ID
+func (m *ServicesModule) ListServices(w http.ResponseWriter, r *http.Request) {
+	host, user, pass, err := m.sshCreds()
+	if err != nil {
+		api.JSONError(w, err.Error(), http.StatusServiceUnavailable)
+		return
+	}
+
+	target := r.URL.Query().Get("target")
+	if target == "" {
+		target = "host"
+	}
+
+	cmd := buildCmd(target, "list-units --type=service --all --no-legend --plain --no-pager 2>/dev/null")
+	out, err := m.pool.RunCommand(host, user, pass, cmd)
+	if err != nil {
+		api.JSONError(w, "Erreur commande SSH : "+err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	services := parseServiceList(out)
+	api.JSONResponse(w, http.StatusOK, services)
+}
+
+// parseServiceList parse la sortie de systemctl list-units.
+// Format : "nom.service   load   active   running   Description..."
+func parseServiceList(output string) []ServiceEntry {
+	var services []ServiceEntry
+	for _, line := range strings.Split(output, "\n") {
+		line = strings.TrimSpace(line)
+		if line == "" || strings.HasPrefix(line, "UNIT") || strings.HasPrefix(line, "Legend") ||
+			strings.HasPrefix(line, "To show") || strings.HasPrefix(line, "Pass") {
+			continue
+		}
+		// Certaines lignes commencent par "●" (service failed) — on supprime ce caractère
+		line = strings.TrimPrefix(line, "● ")
+		line = strings.TrimPrefix(line, "  ")
+
+		fields := strings.Fields(line)
+		if len(fields) < 4 {
+			continue
+		}
+		name := strings.TrimSuffix(fields[0], ".service")
+		desc := ""
+		if len(fields) >= 5 {
+			desc = strings.Join(fields[4:], " ")
+		}
+		services = append(services, ServiceEntry{
+			Name:        name,
+			LoadState:   fields[1],
+			ActiveState: fields[2],
+			SubState:    fields[3],
+			Description: desc,
+		})
+	}
+	return services
+}
+
+// ServiceStatus retourne le statut détaillé d'un service.
+// GET /api/services/{name}/status?target=host|lxc:ID
+func (m *ServicesModule) ServiceStatus(w http.ResponseWriter, r *http.Request) {
+	host, user, pass, err := m.sshCreds()
+	if err != nil {
+		api.JSONError(w, err.Error(), http.StatusServiceUnavailable)
+		return
+	}
+
+	name := chi.URLParam(r, "name")
+	target := r.URL.Query().Get("target")
+	if target == "" {
+		target = "host"
+	}
+
+	cmd := buildCmd(target, fmt.Sprintf("status %s --no-pager 2>&1", name))
+	out, _ := m.pool.RunCommand(host, user, pass, cmd)
+
+	api.JSONResponse(w, http.StatusOK, map[string]string{"output": out})
+}
+
+// ServiceAction exécute une action (start/stop/restart/reload) sur un service.
+// POST /api/services/{name}/{action}
+// Body: { "target": "host" | "lxc:ID" }
+func (m *ServicesModule) ServiceAction(w http.ResponseWriter, r *http.Request) {
+	host, user, pass, err := m.sshCreds()
+	if err != nil {
+		api.JSONError(w, err.Error(), http.StatusServiceUnavailable)
+		return
+	}
+
+	name   := chi.URLParam(r, "name")
+	action := chi.URLParam(r, "action")
+
+	// Valider l'action pour éviter l'injection de commandes
+	allowed := map[string]bool{"start": true, "stop": true, "restart": true, "reload": true, "enable": true, "disable": true}
+	if !allowed[action] {
+		api.JSONError(w, "Action invalide", http.StatusBadRequest)
+		return
+	}
+
+	var body struct {
+		Target string `json:"target"`
+	}
+	if err := json.NewDecoder(r.Body).Decode(&body); err != nil || body.Target == "" {
+		body.Target = "host"
+	}
+
+	cmd := buildCmd(body.Target, fmt.Sprintf("%s %s 2>&1", action, name))
+	out, err := m.pool.RunCommand(host, user, pass, cmd)
+
+	if err != nil {
+		api.JSONError(w, fmt.Sprintf("Erreur action %s sur %s : %v\n%s", action, name, err, out), http.StatusInternalServerError)
+		return
+	}
+
+	api.JSONResponse(w, http.StatusOK, map[string]string{
+		"message": fmt.Sprintf("Action « %s » exécutée sur %s", action, name),
+		"output":  out,
+	})
+}