autoAcceptIfLocked and more! (#7319)

Signed-off-by: si458 <simonsmith5521@gmail.com>

.github/ISSUE_TEMPLATE/bug_report.md

@@ -49,7 +49,7 @@ Add any other context about the problem here.
 **Your config.json file**
 ```
 {
-  "$schema": "http://info.meshcentral.com/downloads/meshcentral-config-schema.json",
+  "$schema": "https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json",
   "__comment1__": "This is a simple configuration file, all values and sections that start with underscore (_) are ignored. Edit a section and remove the _ in front of the name. Refer to the user's guide for details.",
   "__comment2__": "See node_modules/meshcentral/sample-config-advanced.json for a more advanced example.",
   "settings": {

.github/ISSUE_TEMPLATE/config.yml

@@ -1,5 +1,8 @@
 blank_issues_enabled: false
 contact_links:
+  - name: Question
+    url: https://github.com/Ylianst/MeshCentral/discussions
+    about: Ask a question in discussions.
   - name: Unofficial Discord Server
     url: https://discord.gg/8wHC6ASWAc
     about: Please ask here for support questions.

.github/ISSUE_TEMPLATE/question.md

@@ -1,68 +0,0 @@
----
-name: Question
-about: Create a question for community help
-title: ''
-labels: question
-assignees: ''
-
----
-
-**Describe your issue**
-A clear and concise description of what your issue is.
-
-**Screenshots**
-If applicable, add screenshots to help explain your problem.
-
-**Server Software (please complete the following information):**
- - OS: [e.g. Ubuntu]
- - Virtualization: [e.g. Docker]
- - Network: [e.g. LAN/WAN, reverse proxy, cloudflare, ssl offload, etc...]
- - Version: [e.g. 1.0.43]
- - Node: [e.g. 18.4.0]
-
-**Client Device (please complete the following information):**
- - Device: [e.g. Laptop]
- - OS: [e.g. Ubuntu]
- - Network: [e.g. Local to Meshcentral, Remote over WAN]
- - Browser: [e.g. Google Chrome]
- - MeshCentralRouter Version: [if applicable]
-
-**Remote Device (please complete the following information):**
- - Device: [e.g. Laptop]
- - OS: [e.g. Windows 10 21H2]
- - Network: [e.g. Local to Meshcentral, Remote over WAN]
- - Current Core Version (if known): [**HINT**: Go to a device then `console` Tab then type `info`]
-
-**Your config.json file**
-```
-{
-  "$schema": "http://info.meshcentral.com/downloads/meshcentral-config-schema.json",
-  "__comment1__": "This is a simple configuration file, all values and sections that start with underscore (_) are ignored. Edit a section and remove the _ in front of the name. Refer to the user's guide for details.",
-  "__comment2__": "See node_modules/meshcentral/sample-config-advanced.json for a more advanced example.",
-  "settings": {
-    "_cert": "myserver.mydomain.com",
-    "_WANonly": true,
-    "_LANonly": true,
-    "_sessionKey": "MyReallySecretPassword1",
-    "_port": 443,
-    "_aliasPort": 443,
-    "_redirPort": 80,
-    "_redirAliasPort": 80
-  },
-  "domains": {
-    "": {
-      "_title": "MyServer",
-      "_title2": "Servername",
-      "_minify": true,
-      "_newAccounts": true,
-      "_userNameIsEmail": true
-    }
-  },
-  "_letsencrypt": {
-    "__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before trying Let's Encrypt.",
-    "email": "myemail@mydomain.com",
-    "names": "myserver.mydomain.com",
-    "production": false
-  }
-}
-```

.github/workflows/codeql-analysis.yml

@@ -13,7 +13,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
       with:
         # We must fetch at least the immediate parents so that if this is
         # a pull request then we can checkout the head.
@@ -26,7 +26,7 @@ jobs:
       
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v2
       # Override language selection by uncommenting this and choosing your languages
       # with:
       #   languages: go, javascript, csharp, python, cpp, java
@@ -48,4 +48,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v2

.github/workflows/deploy-docs.yml

@@ -14,11 +14,11 @@ jobs:
   deploy:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-python@v2
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
         with:
           python-version: 3.x
       - run: pip install --upgrade pip
       - run: pip install --upgrade setuptools wheel
-      - run: pip install mkdocs mkdocs-material pymdown-extensions
+      - run: pip install mkdocs mkdocs-material mkdocs-print-site-plugin pymdown-extensions
       - run: mkdocs gh-deploy --force

.github/workflows/docker.yml

@@ -1,55 +1,371 @@
-name: Docker
+name: Docker-Builder
+
 on:
+  workflow_dispatch:
+  schedule:
+    - cron: '2 0 * * *' # Daily at 00:02 UTC
   release:
-    types: [published]
-env:
-  REGISTRY: ghcr.io
-  IMAGE_NAME: ${{ github.repository }}
+    types: [ published ]
+
 jobs:
-  check-token:
-    runs-on: ubuntu-latest
-    outputs:
-      token: ${{ steps.token.outputs.defined }}
+
+  translate:
+    runs-on: ubuntu-22.04
+    name: Run Translations
     steps:
-      - id: token
-        env:
-            MY_TOKEN: ${{ secrets.MY_TOKEN }}
-        if: "${{ env.MY_TOKEN != '' }}"
-        run: echo "::set-output name=defined::true"
-        
-  build:
-    name: Release
-    runs-on: ubuntu-latest
-    needs: [check-token]
-    if: needs.check-token.outputs.token == 'true'
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
+      - name: Checkout repository
+        uses: actions/checkout@v5
+      - name: Set up Node.js
+        uses: actions/setup-node@v6
         with:
-          fetch-depth: 0
+          node-version: "lts/*"
+      - name: Run translate.js (ignore errors)
+        run: node translate.js || true
+        working-directory: translate
+      - name: Run translate extractall
+        run: node translate extractall
+        working-directory: translate
+      - name: Run translate.js minifyall
+        run: node translate.js minifyall
+        working-directory: translate
+      - name: Run translate.js translateall
+        run: node translate.js translateall
+        working-directory: translate
+      - name: Upload repo with translations
+        uses: actions/upload-artifact@v5
+        with:
+          name: repo-with-translations
+          path: .
+
+  build-amd64:
+    runs-on: ubuntu-22.04
+    needs: translate
+    strategy:
+      fail-fast: false
+      max-parallel: 3
+      matrix:
+        variant: [mongodb, postgresql, mariadb, all, slim]
+    name: Build Docker Image (amd64-${{ matrix.variant }})
+    steps:
+      - name: Download repo artifact
+        uses: actions/download-artifact@v5
+        with:
+          name: repo-with-translations
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
+        with:
+          cache-image: false
+          platforms: amd64
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      - name: Log in to the Container registry
-        uses: docker/login-action@v2
+        uses: docker/setup-buildx-action@v3
         with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.MY_TOKEN }}
-      - name: Extract metadata (tags, labels) for Docker
-        id: meta
-        uses: docker/metadata-action@v4
+          cache-binary: false
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
         with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-      - name: Build and push Docker image
-        uses: docker/build-push-action@v2
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.MY_TOKEN || secrets.GITHUB_TOKEN }}
+      - name: Build and push Docker image (amd64-${{ matrix.variant }})
+        run: |
+          REPO_OWNER_LC="$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')"
+          case "${{ matrix.variant }}" in
+            mongodb)
+              MONGODB=YES; POSTGRESQL=NO; MARIADB=NO; TAG="-amd64-mongodb";;
+            postgresql)
+              MONGODB=NO; POSTGRESQL=YES; MARIADB=NO; TAG="-amd64-postgresql";;
+            mariadb)
+              MONGODB=NO; POSTGRESQL=NO; MARIADB=YES; TAG="-amd64-mariadb";;
+            all)
+              MONGODB=YES; POSTGRESQL=YES; MARIADB=YES; TAG="-amd64";;
+            slim)
+              MONGODB=NO; POSTGRESQL=NO; MARIADB=NO; TAG="-amd64-slim";;
+          esac
+          docker buildx build \
+            --platform linux/amd64 \
+            --build-arg INCLUDE_MONGODB_TOOLS=$MONGODB \
+            --build-arg INCLUDE_POSTGRESQL_TOOLS=$POSTGRESQL \
+            --build-arg INCLUDE_MARIADB_TOOLS=$MARIADB \
+            --build-arg DISABLE_MINIFY=yes \
+            --build-arg DISABLE_TRANSLATE=yes \
+            --build-arg DISABLE_EXTRACT=yes \
+            --build-arg PREINSTALL_LIBS=true \
+            -f docker/Dockerfile \
+            -t ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}$TAG \
+            --push \
+            .
+
+  build-arm64:
+    runs-on: ubuntu-22.04
+    needs: translate
+    strategy:
+      fail-fast: false
+      max-parallel: 3
+      matrix:
+        variant: [mongodb, postgresql, mariadb, all, slim]
+    name: Build Docker Image (arm64-${{ matrix.variant }})
+    steps:
+      - name: Download repo artifact
+        uses: actions/download-artifact@v5
         with:
-          context: .
-          file: docker/Dockerfile
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          build-args: |              
-            INCLUDE_MONGODBTOOLS=true
-            PREINSTALL_LIBS=true
+          name: repo-with-translations
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          cache-image: false
+          platforms: arm64
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          cache-binary: false
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.MY_TOKEN || secrets.GITHUB_TOKEN }}
+      - name: Build and push Docker image (arm64-${{ matrix.variant }})
+        run: |
+          REPO_OWNER_LC="$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')"
+          case "${{ matrix.variant }}" in
+            mongodb)
+              MONGODB=YES; POSTGRESQL=NO; MARIADB=NO; TAG="-arm64-mongodb";;
+            postgresql)
+              MONGODB=NO; POSTGRESQL=YES; MARIADB=NO; TAG="-arm64-postgresql";;
+            mariadb)
+              MONGODB=NO; POSTGRESQL=NO; MARIADB=YES; TAG="-arm64-mariadb";;
+            all)
+              MONGODB=YES; POSTGRESQL=YES; MARIADB=YES; TAG="-arm64";;
+            slim)
+              MONGODB=NO; POSTGRESQL=NO; MARIADB=NO; TAG="-arm64-slim";;
+          esac
+          docker buildx build \
+            --platform linux/arm64 \
+            --build-arg INCLUDE_MONGODB_TOOLS=$MONGODB \
+            --build-arg INCLUDE_POSTGRESQL_TOOLS=$POSTGRESQL \
+            --build-arg INCLUDE_MARIADB_TOOLS=$MARIADB \
+            --build-arg DISABLE_MINIFY=yes \
+            --build-arg DISABLE_TRANSLATE=yes \
+            --build-arg DISABLE_EXTRACT=yes \
+            --build-arg PREINSTALL_LIBS=true \
+            -f docker/Dockerfile \
+            -t ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}$TAG \
+            --push \
+            .
+
+  build-armv7:
+    runs-on: ubuntu-22.04
+    needs: translate
+    strategy:
+      fail-fast: false
+      max-parallel: 3
+      matrix:
+        variant: [mongodb, postgresql, mariadb, all, slim]
+    name: Build Docker Image (armv7-${{ matrix.variant }})
+    steps:
+      - name: Download repo artifact
+        uses: actions/download-artifact@v5
+        with:
+          name: repo-with-translations
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          cache-image: false
+          platforms: arm
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          cache-binary: false
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.MY_TOKEN || secrets.GITHUB_TOKEN }}
+      - name: Build and push Docker image (armv7-${{ matrix.variant }})
+        run: |
+          REPO_OWNER_LC="$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')"
+          case "${{ matrix.variant }}" in
+            mongodb)
+              MONGODB=YES; POSTGRESQL=NO; MARIADB=NO; TAG="-armv7-mongodb";;
+            postgresql)
+              MONGODB=NO; POSTGRESQL=YES; MARIADB=NO; TAG="-armv7-postgresql";;
+            mariadb)
+              MONGODB=NO; POSTGRESQL=NO; MARIADB=YES; TAG="-armv7-mariadb";;
+            all)
+              MONGODB=YES; POSTGRESQL=YES; MARIADB=YES; TAG="-armv7";;
+            slim)
+              MONGODB=NO; POSTGRESQL=NO; MARIADB=NO; TAG="-armv7-slim";;
+          esac
+          docker buildx build \
+            --platform linux/arm/v7 \
+            --build-arg INCLUDE_MONGODB_TOOLS=$MONGODB \
+            --build-arg INCLUDE_POSTGRESQL_TOOLS=$POSTGRESQL \
+            --build-arg INCLUDE_MARIADB_TOOLS=$MARIADB \
+            --build-arg DISABLE_MINIFY=yes \
+            --build-arg DISABLE_TRANSLATE=yes \
+            --build-arg DISABLE_EXTRACT=yes \
+            --build-arg PREINSTALL_LIBS=true \
+            -f docker/Dockerfile \
+            -t ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}$TAG \
+            --push \
+            .
+
+  build-armv6:
+    runs-on: ubuntu-22.04
+    needs: translate
+    strategy:
+      fail-fast: false
+      max-parallel: 3
+      matrix:
+        variant: [mongodb, postgresql, mariadb, all, slim]
+    name: Build Docker Image (armv6-${{ matrix.variant }})
+    steps:
+      - name: Download repo artifact
+        uses: actions/download-artifact@v5
+        with:
+          name: repo-with-translations
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          cache-image: false
+          platforms: arm
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          cache-binary: false
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.MY_TOKEN || secrets.GITHUB_TOKEN }}
+      - name: Build and push Docker image (armv6-${{ matrix.variant }})
+        run: |
+          REPO_OWNER_LC="$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')"
+          case "${{ matrix.variant }}" in
+            mongodb)
+              MONGODB=YES; POSTGRESQL=NO; MARIADB=NO; TAG="-armv6-mongodb";;
+            postgresql)
+              MONGODB=NO; POSTGRESQL=YES; MARIADB=NO; TAG="-armv6-postgresql";;
+            mariadb)
+              MONGODB=NO; POSTGRESQL=NO; MARIADB=YES; TAG="-armv6-mariadb";;
+            all)
+              MONGODB=YES; POSTGRESQL=YES; MARIADB=YES; TAG="-armv6";;
+            slim)
+              MONGODB=NO; POSTGRESQL=NO; MARIADB=NO; TAG="-armv6-slim";;
+          esac
+          docker buildx build \
+            --platform linux/arm/v6 \
+            --build-arg INCLUDE_MONGODB_TOOLS=$MONGODB \
+            --build-arg INCLUDE_POSTGRESQL_TOOLS=$POSTGRESQL \
+            --build-arg INCLUDE_MARIADB_TOOLS=$MARIADB \
+            --build-arg DISABLE_MINIFY=yes \
+            --build-arg DISABLE_TRANSLATE=yes \
+            --build-arg DISABLE_EXTRACT=yes \
+            --build-arg PREINSTALL_LIBS=true \
+            -f docker/Dockerfile \
+            -t ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}$TAG \
+            --push \
+            .
+
+  merge-manifest:
+    runs-on: ubuntu-22.04
+    needs:
+      - translate
+      - build-amd64
+      - build-arm64
+      - build-armv7
+      - build-armv6
+    name: Create and Push Multi-Arch Manifest
+    steps:
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          cache-binary: false
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.MY_TOKEN || secrets.GITHUB_TOKEN }}
+      - name: Create and push multi-arch manifests for all variants
+        run: |
+          REPO_OWNER_LC="$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')"
+          # mongodb
+          docker buildx imagetools create \
+            -t ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-mongodb \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-amd64-mongodb \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-arm64-mongodb \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-armv7-mongodb \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-armv6-mongodb
+          # postgresql
+          docker buildx imagetools create \
+            -t ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-postgresql \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-amd64-postgresql \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-arm64-postgresql \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-armv7-postgresql \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-armv6-postgresql
+          # mariadb
+          docker buildx imagetools create \
+            -t ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-mariadb \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-amd64-mariadb \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-arm64-mariadb \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-armv7-mariadb \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-armv6-mariadb
+          # all (no suffix)
+          docker buildx imagetools create \
+            -t ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }} \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-amd64 \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-arm64 \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-armv7 \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-armv6
+          # slim
+          docker buildx imagetools create \
+            -t ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-slim \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-amd64-slim \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-arm64-slim \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-armv7-slim \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-armv6-slim
+      - name: Create and push 'latest' tags (releases only)
+        if: github.event_name == 'release'
+        run: |
+          REPO_OWNER_LC="$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')"
+          # latest-mongodb
+          docker buildx imagetools create \
+            -t ghcr.io/$REPO_OWNER_LC/meshcentral:latest-mongodb \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-amd64-mongodb \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-arm64-mongodb \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-armv7-mongodb \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-armv6-mongodb
+          # latest-postgresql
+          docker buildx imagetools create \
+            -t ghcr.io/$REPO_OWNER_LC/meshcentral:latest-postgresql \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-amd64-postgresql \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-arm64-postgresql \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-armv7-postgresql \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-armv6-postgresql
+          # latest-mariadb
+          docker buildx imagetools create \
+            -t ghcr.io/$REPO_OWNER_LC/meshcentral:latest-mariadb \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-amd64-mariadb \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-arm64-mariadb \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-armv7-mariadb \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-armv6-mariadb
+          # latest (all databases)
+          docker buildx imagetools create \
+            -t ghcr.io/$REPO_OWNER_LC/meshcentral:latest \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-amd64 \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-arm64 \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-armv7 \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-armv6
+          # latest-slim
+          docker buildx imagetools create \
+            -t ghcr.io/$REPO_OWNER_LC/meshcentral:latest-slim \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-amd64-slim \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-arm64-slim \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-armv7-slim \
+            ghcr.io/$REPO_OWNER_LC/meshcentral:${{ github.ref_name }}-armv6-slim

.github/workflows/release.yml

@@ -3,6 +3,8 @@ on:
   push:
     branches:
       - master
+    paths:
+      - 'package.json'
 
 jobs:
   build:
@@ -10,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Release

.github/workflows/stale.yml

@@ -0,0 +1,36 @@
+name: "Close stale issues and PRs"
+on:
+  schedule:
+    - cron: "1 2 * * *"
+  workflow_dispatch:
+
+permissions:
+  actions: write
+  contents: write
+  issues: write
+  pull-requests: write
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/stale@v9
+      with:
+        # Issues configuration
+        stale-issue-message: "This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions."
+        close-issue-message: "This issue has been automatically closed due to inactivity. If you believe this is still relevant, please feel free to reopen it."
+        close-issue-label: "Closed"
+        stale-issue-label: "Stale"
+        exempt-issue-labels: "pinned,important,Closed"
+        
+        # PRs configuration
+        stale-pr-message: "This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions."
+        close-pr-message: "This pull request has been automatically closed due to inactivity. If you'd like to continue working on it, please reopen it."
+        close-pr-label: "Closed"
+        stale-pr-label: "Stale"
+        exempt-pr-labels: "pinned,important,Closed"
+        exempt-draft-pr: true
+      
+        # Common configuration
+        operations-per-run: 5000
+        ascending: true

.gitignore

@@ -10,14 +10,15 @@
 [Aa]gents/meshcore.min.js
 [Pp]ublic/translations/
 [Vv]iews/translations/
+[Ee]mails/translations/
 [Pp]ublic/*-min.htm
 [Vv]iews/*-min.handlebars
 meshcentral.db
 meshcentral.db.json
 mesherrors.txt
-package-lock.json
 bob.json
 .greenlockrc
+venv
 
 ## Ignore Visual Studio temporary files, build results, and
 ## files generated by popular Visual Studio add-ons.
@@ -310,4 +311,5 @@ __pycache__/
 
 # When running mkdocs locally as dev
 docs/__pycache__/
-docs/env/
+docs/env/
+docker-compose.yaml

.npmrc

@@ -1 +1 @@
-engine-strict=true
+engine-strict = true

.vscode/launch.json

@@ -10,6 +10,16 @@
             "name": "Launch Chrome against localhost",
             "url": "http://localhost:8080",
             "webRoot": "${workspaceFolder}"
+        },
+        {
+            "name": "Test docs locally with mkdocs",
+            "type": "debugpy",
+            "request": "launch",
+            "program": "${workspaceFolder}/docs/env/Scripts/mkdocs.exe",
+            "args": ["serve", "--dev-addr", "127.0.0.1:8010"],
+            "cwd": "${workspaceFolder}/docs",
+            "console": "integratedTerminal",
+            "preLaunchTask": "Start MkDocs Server"
         }
     ]
 }

.vscode/settings.json

@@ -779,6 +779,7 @@
         "tokenuserid",
         "tokenusername",
         "totalsize",
+        "TOTP",
         "tpass",
         "tpassword",
         "tpush",

.vscode/tasks.json

@@ -0,0 +1,60 @@
+{
+    "version": "2.0.0",
+    "tasks": [
+        {
+            "label": "Setup Python Environment",
+            "type": "shell",
+            "command": "python",
+            "args": ["-m", "venv", "env"],
+            "options": {
+                "cwd": "${workspaceFolder}/docs"
+            },
+            "group": "build",
+            "presentation": {
+                "echo": true,
+                "reveal": "always",
+                "focus": false,
+                "panel": "shared"
+            },
+            "problemMatcher": []
+        },
+        {
+            "label": "Install MkDocs Requirements",
+            "type": "shell",
+            "command": ".\\env\\Scripts\\activate.ps1; python -m pip install --upgrade pip; pip install -r requirements.txt",
+            "options": {
+                "cwd": "${workspaceFolder}/docs"
+            },
+            "group": "build",
+            "presentation": {
+                "echo": true,
+                "reveal": "always",
+                "focus": false,
+                "panel": "shared"
+            },
+            "problemMatcher": [],
+            "dependsOn": "Setup Python Environment"
+        },
+        {
+            "label": "Start MkDocs Server",
+            "type": "shell",
+            "command": ".\\env\\Scripts\\activate.ps1; Start-Process http://localhost:8010; mkdocs serve",
+            "options": {
+                "cwd": "${workspaceFolder}/docs"
+            },
+            "group": {
+                "kind": "build",
+                "isDefault": true
+            },
+            "presentation": {
+                "echo": true,
+                "reveal": "always",
+                "focus": false,
+                "panel": "shared"
+            },
+            "problemMatcher": [],
+            "isBackground": true,
+            "dependsOn": "Install MkDocs Requirements"
+        }
+    ]
+}

LICENSE

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright 2017-2021 Intel Corporation
+   Copyright 2017-2025 Intel Corporation
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

MeshCentralServer.njsproj

@@ -241,7 +241,6 @@
     <Compile Include="redirserver.js" />
     <Compile Include="taskmanager.js" />
     <Compile Include="translate\translate.js" />
-    <Compile Include="ua-parser.js" />
     <Compile Include="webauthn.js" />
     <Compile Include="webrelayserver.js" />
     <Compile Include="webserver.js" />
@@ -441,7 +440,6 @@
     <Content Include="LICENSE" />
     <Content Include="meshcentral-config-schema.json" />
     <Content Include="package.json" />
-    <Content Include="plugin_development.md" />
     <Content Include="public\clickonce\minirouter\Application Files\MeshMiniRouter_1_0_0_70\MeshMiniRouter.application" />
     <Content Include="public\clickonce\minirouter\Application Files\MeshMiniRouter_1_0_0_70\MeshMiniRouter.exe.config.deploy" />
     <Content Include="public\clickonce\minirouter\Application Files\MeshMiniRouter_1_0_0_70\MeshMiniRouter.exe.deploy" />
@@ -596,12 +594,14 @@
     <Content Include="readme.md" />
     <Content Include="sample-config-advanced.json" />
     <Content Include="sample-config.json" />
+    <Content Include="SECURITY.md" />
     <Content Include="SourceFileList.txt" />
     <Content Include="translate\readme.txt" />
     <Content Include="translate\translate.json" />
     <Content Include="views\agentinvite.handlebars" />
     <Content Include="views\default-mobile.handlebars" />
     <Content Include="views\default.handlebars" />
+    <Content Include="views\default3.handlebars" />
     <Content Include="views\download.handlebars" />
     <Content Include="views\download2.handlebars" />
     <Content Include="views\error404-mobile.handlebars" />
@@ -681,6 +681,8 @@
     <Folder Include="typings\globals\ajv\" />
     <Folder Include="typings\globals\async\" />
     <Folder Include="typings\globals\axios\" />
+    <Folder Include="typings\globals\big-integer\" />
+    <Folder Include="typings\globals\busboy\" />
     <Folder Include="typings\globals\connect-redis\" />
     <Folder Include="typings\globals\cookie-session\" />
     <Folder Include="typings\globals\core-js\" />
@@ -694,6 +696,7 @@
     <Folder Include="typings\globals\he\" />
     <Folder Include="typings\globals\hooker\" />
     <Folder Include="typings\globals\http-errors\" />
+    <Folder Include="typings\globals\ip\" />
     <Folder Include="typings\globals\is-plain-object\" />
     <Folder Include="typings\globals\jsbn\" />
     <Folder Include="typings\globals\klaw\" />
@@ -710,10 +713,12 @@
     <Folder Include="typings\globals\once\" />
     <Folder Include="typings\globals\passport\" />
     <Folder Include="typings\globals\pg-pool\" />
+    <Folder Include="typings\globals\rx-lite\" />
     <Folder Include="typings\globals\split2\" />
     <Folder Include="typings\globals\sprintf-js\" />
     <Folder Include="typings\globals\sqlite3\" />
     <Folder Include="typings\globals\type-check\" />
+    <Folder Include="typings\globals\ua-parser-js\" />
     <Folder Include="typings\globals\underscore\" />
     <Folder Include="typings\globals\uuid\" />
     <Folder Include="typings\globals\window-size\" />
@@ -723,6 +728,8 @@
     <TypeScriptCompile Include="typings\globals\ajv\index.d.ts" />
     <TypeScriptCompile Include="typings\globals\async\index.d.ts" />
     <TypeScriptCompile Include="typings\globals\axios\index.d.ts" />
+    <TypeScriptCompile Include="typings\globals\big-integer\index.d.ts" />
+    <TypeScriptCompile Include="typings\globals\busboy\index.d.ts" />
     <TypeScriptCompile Include="typings\globals\connect-redis\index.d.ts" />
     <TypeScriptCompile Include="typings\globals\cookie-session\index.d.ts" />
     <TypeScriptCompile Include="typings\globals\core-js\index.d.ts" />
@@ -736,6 +743,7 @@
     <TypeScriptCompile Include="typings\globals\he\index.d.ts" />
     <TypeScriptCompile Include="typings\globals\hooker\index.d.ts" />
     <TypeScriptCompile Include="typings\globals\http-errors\index.d.ts" />
+    <TypeScriptCompile Include="typings\globals\ip\index.d.ts" />
     <TypeScriptCompile Include="typings\globals\is-plain-object\index.d.ts" />
     <TypeScriptCompile Include="typings\globals\jsbn\index.d.ts" />
     <TypeScriptCompile Include="typings\globals\klaw\index.d.ts" />
@@ -752,10 +760,12 @@
     <TypeScriptCompile Include="typings\globals\once\index.d.ts" />
     <TypeScriptCompile Include="typings\globals\passport\index.d.ts" />
     <TypeScriptCompile Include="typings\globals\pg-pool\index.d.ts" />
+    <TypeScriptCompile Include="typings\globals\rx-lite\index.d.ts" />
     <TypeScriptCompile Include="typings\globals\split2\index.d.ts" />
     <TypeScriptCompile Include="typings\globals\sprintf-js\index.d.ts" />
     <TypeScriptCompile Include="typings\globals\sqlite3\index.d.ts" />
     <TypeScriptCompile Include="typings\globals\type-check\index.d.ts" />
+    <TypeScriptCompile Include="typings\globals\ua-parser-js\index.d.ts" />
     <TypeScriptCompile Include="typings\globals\underscore\index.d.ts" />
     <TypeScriptCompile Include="typings\globals\uuid\index.d.ts" />
     <TypeScriptCompile Include="typings\globals\window-size\index.d.ts" />

SECURITY.md

@@ -0,0 +1,105 @@
+# Security Policy
+
+## Supported Versions
+
+Any version of MeshCentral 1.x.x is supported.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.x.x   | :white_check_mark: |
+| < 1.0   | :x:                |
+
+## Reporting a Vulnerability
+
+Please report any concerns or security issue to Ylian Saint-Hilaire (ylianst@gmail.com) and Simon Smith (simonsmith5521@gmail.com).
+
+Ylian Saint-Hilaire (ylianst@gmail.com) PGP key below.
+```
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: BCPG v1.56
+
+mQMuBF2gC4sRCAClFNvMCCVW3ego3UHBQ6LhSenJfaZYhvn8gaGuemSQxqTI6bla
+BTAv3aMtQnvqlSuadMMegb+FO6hnaQMlGvpVA1qpkSzgrPS5HrBD3H33J2Nj3i93
+ZpDPpxdI0ehCj6IJPnl0GxGbpKIN8YpJUFl44wv1lMRFI1lgyb+dCoO60irYdNQB
+PV85BI+DwPfOBFHunwR78nqMvpvsk9HaeHjEP7oXr952/7EazUowZsMlEfkYnw5S
++tLfpCoY3QWkektpJP40nMJSKQdV2NEuED99doA0X+7P1vsvFFFyMH69dnU2uSay
+XCHpkAbntBy0BGmtF1RnTcOMv2V/LPXnlMdvAQCbmLQzNra3r163tcdRY0jSs+pZ
+1L3w5tHNj2dzhfpa7wf/SIuds6QTr2LCN6miLoSVCRMMpT7d771b16GwQqWEXzN2
++h7dYqrssHPOa8FSUrPerz0+0eFcbMSm5/L/4KXWXoQthURv8aMP9E0iVoUYaaKB
+7U+5vFEZbpoOZyZmTAjXQMSNZCft0azA82Q+G85euyicWtMv48yNVzUhkdh+M2ud
+ohkXX2Aor1TqpBJoIeWke7j9D+Bo+lu61zPRx5ed9teUeLJCwqNEjlE+6gre5kxF
+PoreAtn59QYcBIpzQEWVMbNFlDAR4jMyqIoKCGfBPiRw2V+kunbzqiGQEglIFfOt
+6sTN/+CJh0ei976VDmE0Z1kMN+CNLgIjIw8fl02V9QgAnHcpqtVUxR4dbGOhVDq5
+lWv+K75QQlWyXC2k+KboXcaCvH0WZEBACYzO0CfrZ5hP9BSkbj5usSUVGGHwEFAJ
+t+/04KVY71fW281Ej5kGNaIKxeKsx6+hMo+UXb5ZM+6fANNNxs1cK95sTH6PjkyB
+tsKxLoa3CV2v9mSE5JiKKt74R9nXVo7PXf6DizwAU2l30Lb6y6y0OdXdCCPAG8Ij
+FrMgPu5MtjgsO5DnkZfUqDPWHhOgEPyOh3Ho+pvDhNYh5cm2eLQ8g5orzs2FHwbZ
+DpAHwCdqrlcpBlKJ4W/MZdf1fg2PjqaTWm7ZFiGr91P0F6kltTLWbVKTjLdS0T+D
+L7QnWWxpYW4gU2FpbnQtSGlsYWlyZSA8eWxpYW5zdEBnbWFpbC5jb20+iF4EExEI
+AAYFAl2gC4sACgkQg7j/r4DH+kD/3gD+MRedlM53VzOtNOpS6mqDAxj1aWP90HN0
+AqO6zuCTyGgBAJlunLFKH8IUetmQOhiohB8HVhdm/q4lKRDV7sHdplDyuMwEXaAL
+ixACAJSU/sCV87he4oZUKzg2/IGl3QoDSbTCOd04dE1IjPjjHbi8t9M7Qau55aM8
+ypFEsc7zMslL8Fc78EejrKmM3zsB/RU9XWFyrbQwRbaK6OHeEHC2E3AFaG0p09c6
+d0kZloHuWyEsm5a/3PpbIM1eP9IESJXWCc+bQQt6DxLKHLmkKMwB/icWMg8uMJlx
+aady8TEq7LH5oFVKsglnwuN1nIkecrf77TVkEqTjIxS6TiOup6zOnioFNKLYBAH0
+WUnJEYFvx4OIXgQYEQgABgUCXaALiwAKCRCDuP+vgMf6QGFTAQCUj2gGwsFlN0eR
+Wowv4eLcc3FwQ+lBElUctKg8vNFb0gD/ZWVWsWwKerNgNnf7RGD9mt8G2CKvdgGG
+oZ2hPP2gU9w=
+=roW4
+-----END PGP PUBLIC KEY BLOCK-----
+```
+Simon Smith (simonsmith5521@gmail.com) PGP key below.
+```
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGgUVVwBEADVReB3GclVt2B9928Cs2XVXc0BW/AcKP4XOdrWHE0u9dTtozrM
+EI2azZI+tcyGDVGdNJlYF2FQUTnnVcazm+IUskZJ0mgL+TQ2k+bRmQXj1ZRKrTk5
+5qOjPCxP0jCHbxHIlh9ecO3NsHHj1+MFRDzGBvOyiJzVxn2xmg8+r7okcnRZj7Wj
+0K4EwM33/Xdanl8IXahwaQH3rQrn5gjunLB2vFvrC6sxpU8Q9etEwUc7/D8zfH9f
+9K11hESeQvMVkfv/QGrO0X5nhDEYiH4aJA7SqvC6xhIqjyNfAqRoMpUDGwP/JB6B
+3WHyhUfkNDT9gfn064BF90NZQgr318Z0uzuwC4NHvptVz5pFJYpUz9KBkkn8p+Mq
+j82IwHeMXyvO4nzBxfmqDYfN4vrnbVJmcMNtQUe2G9ekKHTO7UHW1gH4ls68tzNA
+COexEBfTKpPqboK1yM8wwycvyXuX8DEVZtbiKXNcUPSOdmUx1ZXtO6YHfSDiRWgu
+HxCN+LoWujbI22ry9YZcOHkG6c45vmavw/7ebB7XVl4yQeneZVxxH3nFSccPrBFg
+NYROw/j0yeeNu2CATsutJSblQqQuROYdUhkJACnpF6mE60eUs+Slk1C0OQZfUm/z
+kpJP5dXRm+AhzoprmSLl0umMdcyBhZHTk27pkt/yVFNxAxMwMOsLj1NeXQARAQAB
+tCZTaW1vbiBTbWl0aCA8c2ltb25zbWl0aDU1MjFAZ21haWwuY29tPokCVAQTAQgA
+PhYhBEwpnGdhitVYgbKU3iDv9oNlI537BQJoFFVcAhsDBQkHhh9kBQsJCAcCBhUK
+CQgLAgQWAgMBAh4BAheAAAoJECDv9oNlI537fqYP/1l27lv+/jEnhPfMYmy0TXAV
+RQES7afzNRH9bbVW4RMrVito5PtUJ71KAP0UznYHUuo2hVZeuBRDqgVBreeb/KHZ
+ERz8UgTJhE/FBhBGKKgHGtPWwCuQs2owGCePQHweFUVh5O5NWjXPBrZ6s1GipDwC
+Gi6UG9pgKcs7iGc2hIwV/EF06QgKmKhyL1twpmu4wzjdRoja0Xp3GFjgqcQG82bP
+OGxA4znyzXoNQAWPUr4PW+cGDSGPar3BUnQhHCssQTYbjQHeaW7VH9pvv217a/Yh
+sUgzp0KMhyp8ShBrhJJJdddWxaPuDhip5ABK2lCRqK1utCpBCZ2CjmAd5RtkVuwF
+DLMDa5siiO844n8Hc1MQ+P1k6iNi8JlPcwSLiKn9jeP+/UfFQbCzx3Fhx+6NVOGQ
+k9JqhyQPvEl4F1RUqjlhFmebFiXt4PnhZct3MO1CfNCsaYUkulCbzzoQV54qHDvY
+z2GQ5G3mV6CExWuVAnPq/GqOnyVP/4bmnWF/wkYZDzMfSws9kNgMoRD7UZ5PQS1U
+lpg8HCiyMR64ZeFZxb6tjc0jbuxafYe402QEUIfyLt2iHW5Jb1ksld+ncE5WYOIq
+jtC+MN1txhJgmgXWvvmSH+R42Q9PwEvtzKDksZGqNhlu/R5kHVrMN9OW8q5b2r6q
+04Q95ICfI8OSUUT7J3o3uQINBGgUVVwBEADcTCtuskpBj002JvF02gvLUB0tAzQJ
+sv4PtPZlUvV8BbzfpvPEW5xB2MjUbyhFqJTJj9wDr+ELx+hE1X/GzgfGNDvXSCnq
+0E8KEWS++CmYAL0HdZx9nJiXet7FGE90FTuZMWrS1Rojs2vMZESN/hqBP8kuWK9x
+z+Bq/xiRHeFM5zUXTUfVghZSUOv/mpCU9tN/h//yI8Ltnke3Xk4m6OSDfQKinmZY
+ynhZFrWmhwcAm7DzNZIJ8P5fvOmJlrQQbsGYUqLUNNFSgmW/+bNnOyB5+oBLV3ou
+6OhMDhoEdwLaGr9/W+Wxc5hYyM455rgO3NIVg/js244shJrz58xo3Ral0P7xZt2O
+hSyNtFOVZboFxRV4ESCSVS3oB4K/aC76WHzhTcxhWkRmM6Q8nWhqS2A5dhZeWWK6
+RmHMqqirSwd0IeFQq8rpUSPaXoU6cfoT5Zv/VXr3hP+Tdd/m8rMqMF/5tqerGP79
+ofqGE89ydulP+dr+jJNPaiJ8Alx7hszuB1PTFMZMvlHMWPhx0xXjTjGaJt4y551y
+8XyvEeAZ9u58UHhT9gquumu4sh55Rw0PMp23BUsNBHSq+0VMQBoZlxJa3w7QC7i/
+TM1NRtsAJAoM0ocyca7EztDLoSsCi9j8nedzhiH3dB0U+ma5dtRWrVSSc1NV09po
+Og5aJdav2YW33QARAQABiQI8BBgBCAAmFiEETCmcZ2GK1ViBspTeIO/2g2UjnfsF
+AmgUVVwCGwwFCQeGH2QACgkQIO/2g2UjnfuCaA//Z+Ur69OnOxIqY0makkJFnQO6
+I4657VNuE9dMWtQwQA7nn/Rxxqk0hAuEPF6uyX4sZ20SK5LUQQyhyz3fwYiNm9Rr
+iYkTmPiMgx7CPsRVXBPjRWow+z5Li/RYPMlYNwKJ2h8z/+w2VHaA/WkkfLQKeWQq
+T5Hr7+5WQzOOHcntESBI5mZw/4CPEaWJEIWWrD7TtsWiYfRnOHlB/GvDQcaXxKVa
+Gp1rsmOh5t/prdG/F4jLSsYvpXLY618t3Zn1SJYhWub6h8OtF3Mrao7Wm/HSwcwM
+0IWAnDYB1K70MvPLEifqcyeYZFZE8gFuOU/WpyHHUSpVvGJ6fhL6sKWmCRJGR4UJ
+3kepyYspshMVZRwJkll8UdrKHcAsUnOML25JX712BDNNHsJTcMf1i9BhIwlxk2yN
+BspmWe7JJHD28FCoQ3tpvf+iN5uILO/QrtYkiigppfpP56ZFdTVtk/LdnTfh5gPl
+FIOJKHXZKEM9zbhW/ntnXDKQjnWw/3EuFvmmqOqEtHF+pRDZiRjzptJIOdg392h8
+GM8EnU927FMbtnpysQu9sxUGxMDZ9GMEOnFpAtg2LV4bnHx+K6g3JL07BdB3gdmX
+SieMJS9Az3lcIqzMqtmyti7S2eP+0aduXOmxE1QtPuzs5X7a0XXSvBAoI79Az10V
+z1Ncl3xSEOPFKUIvLck=
+=yUbV
+-----END PGP PUBLIC KEY BLOCK-----
+```

agents/agent-translations.json

@@ -28,7 +28,8 @@
       "NOT RUNNING"
     ],
     "statusDescription": "Current Agent Status",
-    "description": "Click the buttons below to install or uninstall this remote management software. When installed, this software runs in the background allowing this computer to be managed and controlled by a remote administrator."
+    "description": "Click the buttons below to install or uninstall this remote management software. When installed, this software runs in the background allowing this computer to be managed and controlled by a remote administrator.",
+    "connectionDetailsButton": "Connection Details..."
   },
   "cs": {
     "agent": "Agent",
@@ -37,7 +38,7 @@
     "meshName": "Skupinové jméno",
     "meshId": "Identifikátor skupiny",
     "serverId": "Identifikátor serveru",
-    "setup": "Založit",
+    "setup": "Nastavit",
     "update": "Aktualizace",
     "install": "Instalace",
     "uninstall": "Odinstalace",
@@ -52,14 +53,15 @@
     "zenity": "Zkuste nainstalovat / aktualizovat Zenity a spustit znovu",
     "status": [
       "NENÍ INSTALOVÁN",
-      "BĚH",
+      "SPUŠTĚNO",
       "NEFUNGUJE"
     ],
     "statusDescription": "Aktuální stav agenta",
     "agentVersion": "Nová verze",
     "elevation": "K instalaci/odinstalaci tohoto softwaru jsou vyžadována zvýšená oprávnění.",
     "graphicalerror": "Na tomto systému nelze spustit grafickou verzi tohoto instalačního programu",
-    "description": "Klepnutím na tlačítka níže nainstalujete nebo odinstalujete tento software pro vzdálenou správu. Když je tento software nainstalován, běží na pozadí, což umožňuje spravovat a ovládat tento počítač vzdáleným správcem."
+    "description": "Klepnutím na tlačítka níže nainstalujete nebo odinstalujete tento software pro vzdálenou správu. Když je tento software nainstalován, běží na pozadí, což umožňuje spravovat a ovládat tento počítač vzdáleným správcem.",
+    "connectionDetailsButton": "Podrobnosti o připojení..."
   },
   "de": {
     "agent": "Agent",
@@ -123,7 +125,8 @@
     "agentVersion": "Nueva versión",
     "elevation": "Se requieren permisos elevados para instalar/desinstalar este software.",
     "graphicalerror": "La versión gráfica de este instalador no puede ejecutarse en este sistema",
-    "description": "Haga clic en los botones a continuación para instalar o desinstalar este software de administración remota. Cuando se instala, este software se ejecuta en segundo plano, lo que permite que un administrador remoto administre y controle esta computadora."
+    "description": "Haga clic en los botones a continuación para instalar o desinstalar este software de administración remota. Cuando se instala, este software se ejecuta en segundo plano, lo que permite que un administrador remoto administre y controle esta computadora.",
+    "connectionDetailsButton": "Detalles de conexión..."
   },
   "fi": {
     "agent": "Agentti",
@@ -154,7 +157,8 @@
     "agentVersion": "Uusi versio",
     "elevation": "Tämän ohjelmiston asentaminen/asennuksen poistaminen edellyttää korotettuja käyttöoikeuksia.",
     "graphicalerror": "Tämän asennusohjelman graafista versiota ei voi käyttää tässä järjestelmässä",
-    "description": "Napsauta alla olevia painikkeita asentaaksesi tai poistaaksesi tämän etähallintaohjelmiston. Kun ohjelmisto on asennettu, se toimii taustalla, jolloin etäjärjestelmänvalvoja voi hallita ja ohjata tätä tietokonetta."
+    "description": "Napsauta alla olevia painikkeita asentaaksesi tai poistaaksesi tämän etähallintaohjelmiston. Kun ohjelmisto on asennettu, se toimii taustalla, jolloin etäjärjestelmänvalvoja voi hallita ja ohjata tätä tietokonetta.",
+    "connectionDetailsButton": "Yhteyden tiedot..."
   },
   "fr": {
     "agent": "Agent",
@@ -185,7 +189,8 @@
     "agentVersion": "Nouvelle version",
     "elevation": "Des autorisations élevées sont requises pour installer/désinstaller ce logiciel.",
     "graphicalerror": "La version graphique de ce programme d'installation ne peut pas s'exécuter sur ce système",
-    "description": "Cliquez sur les boutons ci-dessous pour installer ou désinstaller ce logiciel de gestion à distance. Une fois installé, ce logiciel s'exécute en arrière-plan, ce qui permet à cet ordinateur d'être géré et contrôlé par un administrateur distant."
+    "description": "Cliquez sur les boutons ci-dessous pour installer ou désinstaller ce logiciel de gestion à distance. Une fois installé, ce logiciel s'exécute en arrière-plan, ce qui permet à cet ordinateur d'être géré et contrôlé par un administrateur distant.",
+    "connectionDetailsButton": "Détails de la connexion..."
   },
   "hi": {
     "agent": "एजेंट",
@@ -216,7 +221,8 @@
     "agentVersion": "नया संस्करण",
     "elevation": "इस सॉफ़्टवेयर को स्थापित/अनइंस्टॉल करने के लिए उन्नत अनुमतियों की आवश्यकता होती है।",
     "graphicalerror": "इस इंस्टालर का आलेखीय संस्करण इस सिस्टम पर नहीं चल सकता",
-    "description": "इस दूरस्थ प्रबंधन सॉफ़्टवेयर को स्थापित या अनइंस्टॉल करने के लिए नीचे दिए गए बटनों पर क्लिक करें। स्थापित होने पर, यह सॉफ़्टवेयर पृष्ठभूमि में चलता है जिससे इस कंप्यूटर को दूरस्थ व्यवस्थापक द्वारा प्रबंधित और नियंत्रित किया जा सकता है।"
+    "description": "इस दूरस्थ प्रबंधन सॉफ़्टवेयर को स्थापित या अनइंस्टॉल करने के लिए नीचे दिए गए बटनों पर क्लिक करें। स्थापित होने पर, यह सॉफ़्टवेयर पृष्ठभूमि में चलता है जिससे इस कंप्यूटर को दूरस्थ व्यवस्थापक द्वारा प्रबंधित और नियंत्रित किया जा सकता है।",
+    "connectionDetailsButton": "कनेक्शन विवरण..."
   },
   "it": {
     "agent": "Agente",
@@ -247,7 +253,8 @@
     "agentVersion": "Nuova versione",
     "elevation": "Per installare/disinstallare questo software sono necessarie autorizzazioni elevate.",
     "graphicalerror": "La versione grafica di questo programma di installazione non può essere eseguita su questo sistema",
-    "description": "Fare clic sui pulsanti seguenti per installare o disinstallare questo software di gestione remota. Una volta installato, questo software viene eseguito in background consentendo a questo computer di essere gestito e controllato da un amministratore remoto."
+    "description": "Fare clic sui pulsanti seguenti per installare o disinstallare questo software di gestione remota. Una volta installato, questo software viene eseguito in background consentendo a questo computer di essere gestito e controllato da un amministratore remoto.",
+    "connectionDetailsButton": "Dettagli di connessione..."
   },
   "ja": {
     "agent": "エージェント",
@@ -278,7 +285,8 @@
     "agentVersion": "新しいバージョン",
     "elevation": "このソフトウェアをインストール/アンインストールするには、昇格された権限が必要です。",
     "graphicalerror": "このインストーラーのグラフィカルバージョンは、このシステムでは実行できません",
-    "description": "このリモート管理ソフトウェアをインストールまたはアンインストールするには、下のボタンをクリックしてください。インストールすると、このソフトウェアはバックグラウンドで実行され、リモート管理者がこのコンピューターを管理および制御できるようになります。"
+    "description": "このリモート管理ソフトウェアをインストールまたはアンインストールするには、下のボタンをクリックしてください。インストールすると、このソフトウェアはバックグラウンドで実行され、リモート管理者がこのコンピューターを管理および制御できるようになります。",
+    "connectionDetailsButton": "接続の詳細..."
   },
   "ko": {
     "agent": "에이전트",
@@ -309,7 +317,8 @@
     "agentVersion": "새로운 버전",
     "elevation": "이 소프트웨어를 설치/제거하려면 높은 권한이 필요합니다.",
     "graphicalerror": "이 설치 프로그램의 그래픽 버전은 이 시스템에서 실행할 수 없습니다.",
-    "description": "이 원격 관리 소프트웨어를 설치하거나 제거하려면 아래 버튼을 클릭하십시오. 이 소프트웨어를 설치하면 백그라운드에서 실행되어 원격 관리자가 이 컴퓨터를 관리하고 제어할 수 있습니다."
+    "description": "이 원격 관리 소프트웨어를 설치하거나 제거하려면 아래 버튼을 클릭하십시오. 이 소프트웨어를 설치하면 백그라운드에서 실행되어 원격 관리자가 이 컴퓨터를 관리하고 제어할 수 있습니다.",
+    "connectionDetailsButton": "연결 세부정보..."
   },
   "nl": {
     "agent": "Agent",
@@ -340,7 +349,8 @@
     "agentVersion": "Nieuwe versie",
     "elevation": "Verhoogde machtigingen zijn vereist om deze software te installeren/verwijderen.",
     "graphicalerror": "De grafische versie van dit installatieprogramma kan niet op dit systeem draaien",
-    "description": "Klik op de onderstaande knoppen om deze software voor beheer op afstand te installeren of te verwijderen. Na installatie draait deze software op de achtergrond waardoor deze computer kan worden beheerd en gecontroleerd door een externe beheerder."
+    "description": "Klik op de onderstaande knoppen om deze software voor beheer op afstand te installeren of te verwijderen. Na installatie draait deze software op de achtergrond waardoor deze computer kan worden beheerd en gecontroleerd door een externe beheerder.",
+    "connectionDetailsButton": "Verbindingsdetails..."
   },
   "pt": {
     "agent": "Agente",
@@ -371,7 +381,8 @@
     "agentVersion": "Nova versão",
     "elevation": "Permissões elevadas são necessárias para instalar/desinstalar este software.",
     "graphicalerror": "A versão gráfica deste instalador não pode ser executada neste sistema",
-    "description": "Clique nos botões abaixo para instalar ou desinstalar este software de gerenciamento remoto. Quando instalado, este software é executado em segundo plano, permitindo que este computador seja gerenciado e controlado por um administrador remoto."
+    "description": "Clique nos botões abaixo para instalar ou desinstalar este software de gerenciamento remoto. Quando instalado, este software é executado em segundo plano, permitindo que este computador seja gerenciado e controlado por um administrador remoto.",
+    "connectionDetailsButton": "Detalhes da conexão..."
   },
   "ru": {
     "agent": "Агент",
@@ -402,7 +413,8 @@
     "agentVersion": "Новая версия",
     "elevation": "Для установки/удаления этого программного обеспечения требуются повышенные права.",
     "graphicalerror": "Графическая версия этого установщика не может быть запущена в этой системе.",
-    "description": "Нажмите кнопки ниже, чтобы установить или удалить это программное обеспечение для удаленного управления..После установки это программное обеспечение работает в фоновом режиме, что позволяет удаленному администратору управлять этим компьютером."
+    "description": "Нажмите кнопки ниже, чтобы установить или удалить это программное обеспечение для удаленного управления..После установки это программное обеспечение работает в фоновом режиме, что позволяет удаленному администратору управлять этим компьютером.",
+    "connectionDetailsButton": "Подробности подключения..."
   },
   "sv": {
     "agent": "Agent",
@@ -433,7 +445,8 @@
     "agentVersion": "Ny version",
     "elevation": "Förhöjda behörigheter krävs för att installera/avinstallera denna programvara.",
     "graphicalerror": "Den grafiska versionen av detta installationsprogram kan inte köras på det här systemet",
-    "description": "Klicka på knapparna nedan för att installera eller avinstallera denna fjärrhanteringsprogramvara. När den är installerad körs den här programvaran i bakgrunden så att den här datorn kan hanteras och kontrolleras av en fjärradministratör."
+    "description": "Klicka på knapparna nedan för att installera eller avinstallera denna fjärrhanteringsprogramvara. När den är installerad körs den här programvaran i bakgrunden så att den här datorn kan hanteras och kontrolleras av en fjärradministratör.",
+    "connectionDetailsButton": "Anslutningsdetaljer..."
   },
   "tr": {
     "agent": "Agent",
@@ -464,7 +477,8 @@
     "agentVersion": "Yeni sürüm",
     "elevation": "Bu yazılımı yüklemek/kaldırmak için yüksek izinler gerekir.",
     "graphicalerror": "Bu yükleyicinin grafik sürümü bu sistemde çalışamaz",
-    "description": "Bu uzaktan yönetim yazılımını yüklemek veya kaldırmak için aşağıdaki düğmelere tıklayın. Yüklendiğinde, bu yazılım arka planda çalışır ve bu bilgisayarın uzak bir yönetici tarafından yönetilmesine ve kontrol edilmesine olanak tanır."
+    "description": "Bu uzaktan yönetim yazılımını yüklemek veya kaldırmak için aşağıdaki düğmelere tıklayın. Yüklendiğinde, bu yazılım arka planda çalışır ve bu bilgisayarın uzak bir yönetici tarafından yönetilmesine ve kontrol edilmesine olanak tanır.",
+    "connectionDetailsButton": "Bağlantı ayrıntıları..."
   },
   "zh-chs": {
     "agent": "代理",
@@ -495,7 +509,8 @@
     "agentVersion": "新版本",
     "elevation": "安装/卸载此软件需要提升权限。",
     "graphicalerror": "此安装程序的图形版本无法在此系统上运行",
-    "description": "单击下面的按钮以安装或卸载此远程管理软件。安装后，该软件在后台运行，允许远程管理员管理和控制该计算机。"
+    "description": "单击下面的按钮以安装或卸载此远程管理软件。安装后，该软件在后台运行，允许远程管理员管理和控制该计算机。",
+    "connectionDetailsButton": "连接详情..."
   },
   "zh-cht": {
     "agent": "代理",
@@ -526,7 +541,8 @@
     "agentVersion": "新版本",
     "elevation": "安裝/卸載此軟件需要提升權限。",
     "graphicalerror": "此安裝程序的圖形版本無法在此系統上運行",
-    "description": "單擊下面的按鈕以安裝或卸載此遠程管理軟件。安裝後，該軟件在後台運行，允許遠程管理員管理和控制該計算機。"
+    "description": "單擊下面的按鈕以安裝或卸載此遠程管理軟件。安裝後，該軟件在後台運行，允許遠程管理員管理和控制該計算機。",
+    "connectionDetailsButton": "連接詳情..."
   },
   "da": {
     "agent": "Agent",
@@ -557,7 +573,8 @@
     "agentVersion": "Ny version",
     "elevation": "Forhøjede tilladelser er nødvendige for at installere/afinstallere denne software.",
     "graphicalerror": "Den grafiske version af dette installationsprogram kan ikke køre på dette system",
-    "description": "Klik på knapperne nedenfor for at installere eller afinstallere denne fjernstyringssoftware. Når den er installeret, kører denne software i baggrunden, så denne computer kan administreres og kontrolleres af en fjernadministrator."
+    "description": "Klik på knapperne nedenfor for at installere eller afinstallere denne fjernstyringssoftware. Når den er installeret, kører denne software i baggrunden, så denne computer kan administreres og kontrolleres af en fjernadministrator.",
+    "connectionDetailsButton": "Forbindelsesdetaljer..."
   },
   "pl": {
     "agent": "Agent",
@@ -588,7 +605,8 @@
     "agentVersion": "Nowa Wersja",
     "elevation": "Do zainstalowania/odinstalowania tego oprogramowania wymagane są podwyższone uprawnienia.",
     "graphicalerror": "Graficzna wersja tego instalatora nie może być uruchomiona w tym systemie",
-    "description": "Kliknij poniższe przyciski, aby zainstalować lub odinstalować oprogramowanie zdalnego dostępu. Po zainstalowaniu, to oprogramowanie działa w tle, umożliwiając zarządzanie i kontrolowanie tego komputera przez zdalnego administratora."
+    "description": "Kliknij poniższe przyciski, aby zainstalować lub odinstalować oprogramowanie zdalnego dostępu. Po zainstalowaniu, to oprogramowanie działa w tle, umożliwiając zarządzanie i kontrolowanie tego komputera przez zdalnego administratora.",
+    "connectionDetailsButton": "Szczegóły połączenia..."
   },
   "pt-br": {
     "agent": "Agente",
@@ -619,7 +637,8 @@
     "agentVersion": "Nova Versão",
     "elevation": "Permissões Elevadas são necessárias para instalar/desinstalar este software",
     "graphicalerror": "A versão gráfica do instalador não pode ser executada neste sistema",
-    "description": "Clique nos botões abaixo para instalar ou desinstalar  este software de gerenciamento remoto. Quando instalado, este software é executado em segundo plano permitindo que este computador seja gerenciado e controlado por um administrador remoto"
+    "description": "Clique nos botões abaixo para instalar ou desinstalar  este software de gerenciamento remoto. Quando instalado, este software é executado em segundo plano permitindo que este computador seja gerenciado e controlado por um administrador remoto",
+    "connectionDetailsButton": "Detalhes da conexão..."
   },
   "bs": {
     "agent": "Agent",
@@ -650,6 +669,103 @@
       "NOT RUNNING"
     ],
     "statusDescription": "Trenutni status agenta",
-    "description": "Kliknite na dugmad ispod da instalirate ili deinstalirate ovaj softver za daljinsko upravljanje. Kada je instaliran, ovaj softver radi u pozadini, što omogućava da ovim računarom upravlja i kontroliše udaljeni administrator."
+    "description": "Kliknite na dugmad ispod da instalirate ili deinstalirate ovaj softver za daljinsko upravljanje. Kada je instaliran, ovaj softver radi u pozadini, što omogućava da ovim računarom upravlja i kontroliše udaljeni administrator.",
+    "connectionDetailsButton": "Detalji veze..."
+  },
+  "hu": {
+    "agent": "Agent",
+    "agentVersion": "Új verzió",
+    "group": "Eszköz csoport",
+    "url": "Kiszolgáló URL",
+    "meshName": "Csoport név",
+    "meshId": "Csoport azonosító",
+    "serverId": "Kiszolgáló azonosító",
+    "setup": "Beállítás",
+    "update": "Frissítés",
+    "install": "Telepítés",
+    "uninstall": "Eltávolítás",
+    "connect": "Kapcsolódás",
+    "disconnect": "Lekapcsolódás",
+    "cancel": "Mégse",
+    "close": "Bezár",
+    "pressok": "Press OK to disconnect",
+    "elevation": "A szoftver telepítéséhez/eltávolításához megnövelt jogosultságok szükségesek.",
+    "sudo": "Kérjük, próbálja meg újra a sudo használatával.",
+    "ctrlc": "A kilépéshez nyomja meg a Ctrl-C billentyűt.",
+    "commands": "A szöveges változatot a parancssorból futtathatja a következő parancs(okk)al",
+    "graphicalerror": "A telepítő grafikus verziója nem futtatható ezen a rendszeren.",
+    "zenity": "Próbálja meg telepíteni/frissíteni a Zenity-t, és indítsa újra",
+    "status": [
+      "NINCS TELEPÍTVE",
+      "FUT",
+      "NEM FUT"
+    ],
+    "statusDescription": "Jelenlegi agent állapota",
+    "description": "Kattintson a Telepítés vagy Eltávolítás gombokra a Távfelügyeleti alkalmazás telepítéséhez vagy eltávolításához. Telepítés után ez az alkalmazás a háttérben fut, lehetővé téve, hogy a számítógépet egy távoli rendszergazda kezelje.",
+    "connectionDetailsButton": "Kapcsolat részletei..."
+  },
+  "ca": {
+    "agent": "Agent",
+    "agentVersion": "Nova versió",
+    "group": "Grup de dispositius",
+    "url": "URL del servidor",
+    "meshName": "Nom del grup",
+    "meshId": "Identificador de grup",
+    "serverId": "Identificador del servidor",
+    "setup": "Configuració",
+    "update": "Actualització",
+    "install": "Instal·lar",
+    "uninstall": "Desinstal·la",
+    "connect": "Connecta't",
+    "disconnect": "Desconnecta",
+    "cancel": "Cancel · lar",
+    "close": "Tanca",
+    "pressok": "Premeu D'acord per desconnectar",
+    "elevation": "Es necessiten permisos elevats per instal·lar/desinstal·lar aquest programari.",
+    "sudo": "Si us plau, torna-ho a provar amb sudo.",
+    "ctrlc": "Premeu Ctrl-C per sortir.",
+    "commands": "Podeu executar la versió de text des de la línia d'ordres amb les següents ordres",
+    "graphicalerror": "La versió gràfica d'aquest instal·lador no pot executar-se en aquest sistema",
+    "zenity": "Proveu d'instal·lar/actualitzar Zenity i torneu a executar-lo",
+    "status": [
+      "NO ESTÀ INSTAL · LAT",
+      "CÓRRER",
+      "NO CORRE"
+    ],
+    "statusDescription": "Estat actual de l'agent",
+    "description": "Feu clic als botons següents per instal·lar o desinstal·lar aquest programari de gestió remota. Quan s'instal·la, aquest programari s'executa en segon pla i permet que aquest ordinador sigui gestionat i controlat per un administrador remot.",
+    "connectionDetailsButton": "Detalls de la connexió..."
+  },
+  "uk": {
+    "agent": "Агент",
+    "agentVersion": "Нова версія",
+    "group": "Група пристроїв",
+    "url": "URL Сервера",
+    "meshName": "Ім'я групи",
+    "meshId": "Ідентифікатор групи",
+    "serverId": "Ідентифікатор сервера",
+    "setup": "Налаштувати",
+    "update": "Оновити",
+    "install": "Інсталювати",
+    "uninstall": "Видалити",
+    "connect": "Підключитись",
+    "disconnect": "Відключити",
+    "cancel": "Скасувати",
+    "close": "Закрити",
+    "pressok": "Натисніть OK, щоб від'єднатись",
+    "elevation": "Для встановлення/видалення цієї програми потрібні права адміністратора.",
+    "sudo": "Будь ласка, спробуйте ще раз за допомогою sudo.",
+    "ctrlc": "Натисніть Ctrl-C, щоб вийти",
+    "commands": "Ви можете запустити текстову версію з командного рядка за допомогою таких команд",
+    "graphicalerror": "Графічна версія цього інсталятора не може запуститись в цій системі",
+    "zenity": "Спробуйте встановити або оновити Zenity, а тоді запустіть програму знову",
+    "status": [
+      "НЕ ВСТАНОВЛЕНО",
+      "ПРАЦЮЄ",
+      "НЕ ПРАЦЮЄ"
+    ],
+    "statusDescription": "Поточний статус Агента",
+    "description": "Щоб встановити або видалити це програмне забезпечення для віддаленого керування, скористайтеся кнопками нижче. Після інсталяції програма працютиме у фоновому режимі, що дозволить віддаленому адміністратору керувати цим комп'ютером. Підключення ж надасть тимчасовий доступ поки це вікно відкрите",
+    "connectionDetailsButton": "Деталі з'єднання..."
   }
 }

agents/compressModules-new.bat

@@ -1,11 +0,0 @@
-@ECHO OFF
-MD modules_meshcmd_min
-MD modules_meshcore_min
-
-%LOCALAPPDATA%\..\Roaming\nvm\v14.16.0\node ..\translate\translate.js minify meshcmd.js
-RENAME meshcmd.js.min meshcmd.min.js
-%LOCALAPPDATA%\..\Roaming\nvm\v14.16.0\node ..\translate\translate.js minify meshcore.js
-RENAME meshcore.js.min meshcore.min.js
-
-%LOCALAPPDATA%\..\Roaming\nvm\v14.16.0\node ..\translate\translate.js minifydir C:\Users\Default.DESKTOP-9CGK2DI\Desktop\AmtWebApp\meshcentral\agents\modules_meshcore C:\Users\Default.DESKTOP-9CGK2DI\Desktop\AmtWebApp\meshcentral\agents\modules_meshcore_min
-%LOCALAPPDATA%\..\Roaming\nvm\v14.16.0\node ..\translate\translate.js minifydir C:\Users\Default.DESKTOP-9CGK2DI\Desktop\AmtWebApp\meshcentral\agents\modules_meshcmd C:\Users\Default.DESKTOP-9CGK2DI\Desktop\AmtWebApp\meshcentral\agents\modules_meshcmd_min

agents/compressModules-old.bat

@@ -1,20 +0,0 @@
-@ECHO OFF
-MD modules_meshcmd_min
-MD modules_meshcore_min
-"..\..\WebSiteCompiler\bin\Debug\WebSiteCompiler.exe" compressalljs "modules_meshcore" "modules_meshcore_min"
-"..\..\WebSiteCompiler\bin\Debug\WebSiteCompiler.exe" compressalljs "modules_meshcmd" "modules_meshcmd_min"
-"..\..\WebSiteCompiler\bin\Debug\WebSiteCompiler.exe" meshcore.js
-"..\..\WebSiteCompiler\bin\Debug\WebSiteCompiler.exe" meshcmd.js
-
-REM del meshcore.min.js
-REM %LOCALAPPDATA%\..\Roaming\nvm\v14.16.0\node ..\translate\translate.js minify meshcore.js
-REM rename meshcore.js.min meshcore.min.js
-
-REM del meshcmd.min.js
-REM %LOCALAPPDATA%\..\Roaming\nvm\v14.16.0\node ..\translate\translate.js minify meshcmd.js
-REM rename meshcmd.js.min meshcmd.min.js
-
-REM Minify the translations
-%LOCALAPPDATA%\..\Roaming\nvm\v14.16.0\node ..\translate\translate.js minify modules_meshcore\coretranslations.json
-COPY modules_meshcore\coretranslations.json.min modules_meshcore_min\coretranslations.json
-DEL modules_meshcore\coretranslations.json.min

agents/hashagents.js

@@ -24,6 +24,8 @@ var agents = {
     'meshagent_alpine-x86-64': 33,
     'meshagent_mipsel24kc': 40,
     'meshagent_aarch64-cortex-a53': 41,
+    // 'meshagent_armvirt32': 44,
+    'meshagent_riscv64': 45,
     'meshagent_osx-universal-64': 10005
 }
 

agents/hashagents.json

@@ -1,134 +1,140 @@
 {
   "3": {
     "filename": "MeshService.exe",
-    "hash": "33AE44E73CA79EDD443661F8D6205DF59DE7D03B0AC730A37D283C9CE4079E6136FFC30BC1B79DA8FB05F03CBDE75D06",
-    "size": 3793408,
-    "mtime": "2022-08-25T17:55:54Z"
+    "hash": "A28899C93AE7273C49433952149AD34ADB5A017A150A27243B69402D94BF4AAC32AAE6774C40EC8DE1B4CB33A82DC1C7",
+    "size": 3811840,
+    "mtime": "2025-03-07T22:43:04Z"
   },
   "4": {
     "filename": "MeshService64.exe",
-    "hash": "C809BAB1F0B988F1436E1033D9F07A782412A6CC7ECCF4AC52CCCBD91D7B56D401F2AB5FABC71A66F91B20E6FCA393D4",
-    "size": 3422720,
-    "mtime": "2022-08-25T17:55:24Z"
+    "hash": "168572E0999089DE09B751255C908A4C2B80056D6DFAFFDB8B76F4A81847C8A4E162D6C303C14A837BBE8E6802AC6992",
+    "size": 3439616,
+    "mtime": "2025-03-07T22:43:04Z"
   },
   "5": {
     "filename": "meshagent_x86",
-    "hash": "024A8FCE66C277CFAA375B6F5A12E18D08BF2F8EE494C4408544D93F219F7208BACF056F79A2340428C3C34F765E325E",
-    "size": 3666464,
-    "mtime": "2022-08-29T17:48:58Z"
+    "hash": "EB1F41A192A43469823399E9880EF7435259A12E2687CF488B3CB17D86BA8C29ED20DD863C86D0D5CA1D40634DEB4134",
+    "size": 3641436,
+    "mtime": "2023-10-13T16:35:50Z"
   },
   "6": {
     "filename": "meshagent_x86-64",
-    "hash": "DC5924847AD22C058D1009BE7EDFAFEAF248DEC706C263736B254BA5917D274A21BAE0D025852EC788007EF3688CDC64",
-    "size": 3741136,
-    "mtime": "2022-08-29T17:49:06Z"
+    "hash": "434BF98C5D4F394CB5275C73FF96CB3283DA1300577784F51AF2273DE3158074E78A351C48A9CDEA3E7DC6DECD106128",
+    "size": 3749328,
+    "mtime": "2024-08-06T15:30:40Z"
   },
   "7": {
     "filename": "meshagent_mips",
-    "hash": "C49212CA4BF2D1F031F376C0157A4B9C5EA5ACD08180662F27F2EA54F990C2A7840B5A3BF7F66D85EE194EF675008D09",
-    "size": 4547696,
-    "mtime": "2022-08-29T17:49:13Z"
+    "hash": "97F057410D979E5D290EC253B1340CDB4C1B55AFB2F766AC1CFACA368355E5D7CB86E51F44B34798F0FD1C691089859F",
+    "size": 4555960,
+    "mtime": "2023-09-19T15:16:30Z"
   },
   "9": {
     "filename": "meshagent_arm",
-    "hash": "5217EBF6638EDC64FFFBE3B53BF9DC640D630CC69B9CE484C1CA274530C248D248AC4F4E84071A34CD504039D8D0B022",
-    "size": 3148064,
-    "mtime": "2022-08-29T17:49:22Z"
+    "hash": "963802249E86D8D0B08D62D688E67704F519CB1D6EA03A755CF3A277D30A1579E92E863F5E31B40CBBCF8C492D3B93E8",
+    "size": 3156256,
+    "mtime": "2023-09-19T15:16:29Z"
   },
   "13": {
     "filename": "meshagent_pogo",
-    "hash": "1523191069F30678C607E32F557CD5F9125A963C671CE7A7F6FB8ADD9B9BFB890AC1A6248872EAE899737F378F54FFF2",
-    "size": 3156744,
-    "mtime": "2022-08-29T17:49:32Z"
+    "hash": "D07AD09AEBA3528785D1BE63D89785C1D2078EDA4F9E1ADE8B695A094DA4F3DB63BB16895E4BDEE733F54EF8C2F74265",
+    "size": 3164464,
+    "mtime": "2023-09-19T15:16:30Z"
   },
   "15": {
     "filename": "meshagent_poky",
-    "hash": "36090B49C98D7A3E7515EC2D22E5C47A4FD9BA35B517949BAF04B39A7CE91378656A7F3FC132C5E43FD1D087B3C9226E",
-    "size": 3796600,
-    "mtime": "2022-08-29T17:49:42Z"
+    "hash": "515F9A5FFE2C229E24DB61770EEC1265F0A3AFC09C4321F1CA8D6C1A4C421FD223BDE85D94BC5B9E349EC7132CD9A7E5",
+    "size": 3804792,
+    "mtime": "2023-09-19T15:16:30Z"
   },
   "16": {
     "filename": "meshagent_osx-x86-64",
     "hash": "F7A3EBEC3D855EBFB2C72271C17196C7692EB2685DCBA70B56B63C80D6CF0DAA7DF00657BB4A12F4C0D92281B1BB47FE",
     "size": 4670736,
-    "mtime": "2022-08-23T03:31:00Z"
+    "mtime": "2025-03-18T17:57:52Z"
   },
   "18": {
     "filename": "meshagent_poky64",
-    "hash": "FD61B913D2239621FDCC2E949BF16FCAE3F9D46D25EEF74DA0A7971F30A44E315A4231AF824241940391A3F112794A27",
-    "size": 3495416,
-    "mtime": "2022-08-29T17:49:52Z"
+    "hash": "F889214564DBA1625DF17A7C3E14458D55350399112BAD429F8525B885EF2098EC527C3A83C3EBEF9BFB90A74AF4CD87",
+    "size": 3503608,
+    "mtime": "2023-09-19T15:16:30Z"
   },
   "19": {
     "filename": "meshagent_x86_nokvm",
-    "hash": "BF125A52656DFE6665E78AB22ED652F4C65C17624A12BCAC2F0691A255AF208C3E883101266F3E80052F4CFE8602B29B",
-    "size": 3385732,
-    "mtime": "2022-08-29T17:50:00Z"
+    "hash": "2558D5FB2B92AF81EE914F83BB0EC528C9D10BFAB67F9F7C27BFD6AB8516B93DDCF9F824BF0F307F47254C811D707434",
+    "size": 3360704,
+    "mtime": "2023-09-19T15:16:30Z"
   },
   "20": {
     "filename": "meshagent_x86-64_nokvm",
-    "hash": "9AB50A5419A2BAFC8DC485C3F24387622689FE3A0C146317CE3EA951F3EE2E4902CCE3878F2098C6EB23A848E510E478",
-    "size": 3446192,
-    "mtime": "2022-08-29T17:50:08Z"
+    "hash": "A91280CAB549B1F133408F283E850F35B529218C0C317007D60A170E6113DE262521B3DA0D1ECEAC0E945B3ED46D23F7",
+    "size": 3454384,
+    "mtime": "2023-09-19T15:16:30Z"
   },
   "24": {
     "filename": "meshagent_arm-linaro",
-    "hash": "DCC5B487A200F9670B33BE603F52088856FB249CC03F5B62D1617CA9A95B55329B120FE4D3FFD72B2E5FE1ADE302CF81",
-    "size": 2211156,
-    "mtime": "2022-08-29T17:50:21Z"
+    "hash": "47E5DDAD71536DBB7752C665A4FE3BDD98D2AB888DB7536FB58E2EC7F0560C750AFE2D2D7F35A00457677661312380E6",
+    "size": 2215252,
+    "mtime": "2023-09-19T15:16:29Z"
   },
   "25": {
     "filename": "meshagent_armhf",
-    "hash": "1EDCE4E132927B432F60A3D262368B3DF54B012EDD786EAD31139646B5D9168297C32D13C7D822CE5FEF7FE44B65B4A0",
-    "size": 3181452,
-    "mtime": "2022-08-23T03:14:16Z"
+    "hash": "65F6FE3B530FDBC3C1E7B2577B081FEF5742265CCCFDE27AB015996D3767F153CF3B4B022932C156754E09CDA2EE4874",
+    "size": 3191132,
+    "mtime": "2023-09-19T15:16:29Z"
   },
   "27": {
     "filename": "meshagent_armhf2",
     "hash": "0AE840520D3B677B9767EA097F3AA5A1E24212529E688200F43935DB1541AB9FB441EC2C7BA8002D45299B04695FD037",
     "size": 2837724,
-    "mtime": "1985-10-26T08:15:00Z"
+    "mtime": "2023-09-19T15:16:29Z"
   },
   "28": {
     "filename": "meshagent_mips24kc",
-    "hash": "88A79B78497D1D004E44D02989A3BE3710D3BEE0A129F98579FFAA826FAC6C90CD69B9B218B90377438942BA85DAC81C",
-    "size": 4181416,
-    "mtime": "2022-08-23T03:15:24Z"
+    "hash": "3AD0A21E1FDD44E1869BFD3E3698D67713445C7A21BEE37AF41E810E6B6F1CE8FE369140AE7BAD31689A5F759CF7BCC6",
+    "size": 4193384,
+    "mtime": "2023-09-19T15:16:30Z"
   },
   "29": {
     "filename": "meshagent_osx-arm-64",
     "hash": "CFE022146F2ED61E68F907E57E3704CC7F409D7F2B4D87E64ED6D83C53F41777BCDDCCF42DF8B8BB25CCEC9A93D799C7",
     "size": 3945576,
-    "mtime": "2022-08-23T03:31:00Z"
+    "mtime": "2025-03-12T11:13:54Z"
   },
   "30": {
     "filename": "meshagent_freebsd_x86-64",
     "hash": "5C2CDDA2E7AB5068D990FBC725D8D5E3EA2724A0E001C226C0C7BB9F3A46492880BF260B5DD9E733F87EB68BA7494BD6",
     "size": 4673560,
-    "mtime": "2022-08-23T03:31:12Z"
+    "mtime": "2023-09-19T15:16:29Z"
   },
   "32": {
     "filename": "meshagent_aarch64",
-    "hash": "21C97445FA93C2A42337AD0E336F840A05EC553F8C040F6021C16339567F8A063EB06876D62C2C2924BD9F656434E9DB",
-    "size": 3248496,
-    "mtime": "2022-08-23T03:13:02Z"
+    "hash": "56AD2FAFBC15BAC635C526C6F106DD0213C0B222265685F00CDD56AD8C3DFE7DE6C4D8F52EA9CA183D50BC8D8C198477",
+    "size": 3256688,
+    "mtime": "2023-09-19T15:16:29Z"
   },
   "40": {
     "filename": "meshagent_mipsel24kc",
-    "hash": "A58CF777ACA3E9B3F7C0FC664E5EAC1F95C3FD03ABDE93E2B06547D0BA1C671A9E67F252CACD9BCBD2019561E18ED7DF",
-    "size": 4177288,
-    "mtime": "2022-08-23T03:16:32Z"
+    "hash": "E6A3CDBFFD233BE1B24E81197F41DB24EFA1708B5BD18B2D7DFEBFD89FAF6A994B5D4A3048D67BBBAB14A77AD7088AE6",
+    "size": 4189672,
+    "mtime": "2023-09-19T15:16:30Z"
   },
   "41": {
     "filename": "meshagent_aarch64-cortex-a53",
-    "hash": "CC84858AD16C644096B87E3686B318F82CD1A39015FF17D93456456F0A51D4A2D4DEC7F6EAA2ABB065D7EAD28CD024A2",
-    "size": 3076424,
-    "mtime": "2022-08-23T03:17:42Z"
+    "hash": "CEFD8AAB52CE01939324E999E1EB541A262E0D4F1C3591F0A8355EAD5D2C87B43B3FB05A1DCD04012CDD4B559589CBAB",
+    "size": 3084616,
+    "mtime": "2023-09-19T15:16:29Z"
+  },
+  "45": {
+    "filename": "meshagent_riscv64",
+    "hash": "CFB8C78CB128B5F8FE367DE40ACD1D34BB9E261B8B37AF867F0B50130F847831B8C0DB4C9DAFC75F5DD80AFECCE74D30",
+    "size": 3597928,
+    "mtime": "2025-03-18T11:06:16Z"
   },
   "10005": {
     "filename": "meshagent_osx-universal-64",
     "hash": "D320CA61D59FD8D76CF681CFE78A94CE37C47DBCAA8B29DF483F42C000EA9B655B5E5909A2AD6699D45D2D7691FF4964",
     "size": 8647784,
-    "mtime": "2022-08-23T03:31:00Z"
+    "mtime": "2024-03-15T14:55:06Z"
   }
 }

agents/meshcmd.js

@@ -588,7 +588,7 @@ function run(argv) {
                     }
                     amtMei.getProvisioningState(function (result) { if (result) { mestate.ProvisioningState = result; } });
                     amtMei.getProvisioningMode(function (result) { if (result) { mestate.ProvisioningMode = result; } });
-                    amtMei.getEHBCState(function (result) { mestate.ehbc = ((result === true) || (typeof result == 'object') && (result.EHBC === true)); });
+                    amtMei.getEHBCState(function (result) { if (result) { mestate.ehbc = ((result === true) || (typeof result == 'object') && (result.EHBC === true)); } });
                     amtMei.getControlMode(function (result) { if (result) { mestate.controlmode = result; } });
                     amtMei.getMACAddresses(function (result) { if (result) { mestate.mac = result; } });
                     amtMei.getLanInterfaceSettings(0, function (result) { if (result) { mestate.net0 = result; } });

agents/meshinstall-linux.sh

@@ -114,6 +114,11 @@ CheckInstallAgent() {
           # RaspberryPi 3B+ running Ubuntu 64 (aarch64)
           machineid=26
         fi
+        if [ $machinetype == 'riscv64' ]
+        then
+          # RISC-V 64 bit
+          machineid=45
+        fi
         # Add more machine types, detect KVM support... here.
       fi
 

agents/modules_meshcmd/amt-ider.js

@@ -98,7 +98,7 @@ module.exports = function CreateAmtRemoteIder() {
     // Private method
     obj.ProcessData = function (data) {
         obj.bytesFromAmt += data.length;
-        if (obj.acc == null) { obj.acc = data; } else { obj.acc = Buffer.concat(obj.acc, data); }
+        if (obj.acc == null) { obj.acc = data; } else { obj.acc = Buffer.concat([obj.acc, data]); }
         if (obj.debug) console.log('IDER-ProcessData', obj.acc.length, obj.acc.toString('hex'));
 
         // Process as many commands as possible

agents/modules_meshcmd/sysinfo.js

@@ -225,19 +225,14 @@ function macos_memUtilization()
 function windows_thermals()
 {
     var ret = [];
-    child = require('child_process').execFile(process.env['windir'] + '\\System32\\wbem\\wmic.exe', ['wmic', '/namespace:\\\\root\\wmi', 'PATH', 'MSAcpi_ThermalZoneTemperature', 'get', 'CurrentTemperature']);
-    child.stdout.str = ''; child.stdout.on('data', function (c) { this.str += c.toString(); });
-    child.stderr.str = ''; child.stderr.on('data', function (c) { this.str += c.toString(); });
-    child.waitExit();
-
-    if(child.stdout.str.trim!='')
-    {
-        var lines = child.stdout.str.trim().split('\r\n');
-        for (var i = 1; i < lines.length; ++i)
-        {
-            if (lines[i].trim() != '') { ret.push(((parseFloat(lines[i]) / 10) - 273.15).toFixed(2)); }
+    try {
+        ret = require('win-wmi').query('ROOT\\WMI', 'SELECT CurrentTemperature,InstanceName FROM MSAcpi_ThermalZoneTemperature',['CurrentTemperature','InstanceName']);
+        if (ret[0]) {
+            for (var i = 0; i < ret.length; ++i) {
+                ret[i]['CurrentTemperature'] = ((parseFloat(ret[i]['CurrentTemperature']) / 10) - 273.15).toFixed(2);
+            }
         }
-    }
+    } catch (ex) { }
     return (ret);
 }
 
@@ -285,16 +280,10 @@ function macos_thermals()
     return (ret);
 }
 
-switch(process.platform)
-{
-    case 'linux':
-        module.exports = { cpuUtilization: linux_cpuUtilization, memUtilization: linux_memUtilization, thermals: linux_thermals };
-        break;
-    case 'win32':
-        module.exports = { cpuUtilization: windows_cpuUtilization, memUtilization: windows_memUtilization, thermals: windows_thermals };
-        break;
-    case 'darwin':
-        module.exports = { cpuUtilization: macos_cpuUtilization, memUtilization: macos_memUtilization, thermals: macos_thermals };
-        break;
-}
+const platformConfig = {
+    linux: { cpuUtilization: linux_cpuUtilization, memUtilization: linux_memUtilization, thermals: linux_thermals },
+    win32: { cpuUtilization: windows_cpuUtilization, memUtilization: windows_memUtilization, thermals: windows_thermals },
+    darwin: { cpuUtilization: macos_cpuUtilization, memUtilization: macos_memUtilization, thermals: macos_thermals }
+};
 
+module.exports = platformConfig[process.platform];

agents/modules_meshcore/computer-identifiers.js

@@ -0,0 +1,902 @@
+/*
+Copyright 2019-2021 Intel Corporation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+function trimIdentifiers(val)
+{
+    for(var v in val)
+    {
+        if (!val[v] || val[v] == 'None' || val[v] == '') { delete val[v]; }
+    }
+}
+function trimResults(val)
+{
+    var i, x;
+    for (i = 0; i < val.length; ++i)
+    {
+        for (x in val[i])
+        {
+            if (x.startsWith('_'))
+            {
+                delete val[i][x];
+            }
+            else
+            {
+                if (val[i][x] == null || val[i][x] == 0)
+                {
+                    delete val[i][x];
+                }
+            }
+        }
+    }
+}
+function brief(headers, obj)
+{
+    var i, x;
+    for (x = 0; x < obj.length; ++x)
+    {
+        for (i in obj[x])
+        {
+            if (!headers.includes(i))
+            {
+                delete obj[x][i];
+            }
+        }
+    }
+    return (obj);
+}
+
+function dataHandler(c)
+{
+    this.str += c.toString();
+}
+
+function linux_identifiers()
+{
+    var identifiers = {};
+    var ret = {};
+    var values = {};
+
+    if (!require('fs').existsSync('/sys/class/dmi/id')) {         
+        if (require('fs').existsSync('/sys/firmware/devicetree/base/model')) {
+            if (require('fs').readFileSync('/sys/firmware/devicetree/base/model').toString().trim().startsWith('Raspberry')) {
+                identifiers['board_vendor'] = 'Raspberry Pi';
+                identifiers['board_name'] = require('fs').readFileSync('/sys/firmware/devicetree/base/model').toString().trim();
+                identifiers['board_serial'] = require('fs').readFileSync('/sys/firmware/devicetree/base/serial-number').toString().trim();
+                const memorySlots = [];
+                var child = require('child_process').execFile('/bin/sh', ['sh']);
+                child.stdout.str = ''; child.stdout.on('data', dataHandler);
+                child.stdin.write('vcgencmd get_mem arm && vcgencmd get_mem gpu\nexit\n');
+                child.waitExit();
+                try { 
+                    const lines = child.stdout.str.trim().split('\n');
+                    if (lines.length == 2) {
+                        memorySlots.push({ Locator: "ARM Memory", Size: lines[0].split('=')[1].trim() })
+                        memorySlots.push({ Locator: "GPU Memory", Size: lines[1].split('=')[1].trim() })
+                        ret.memory = { Memory_Device: memorySlots };
+                    }
+                } catch (xx) { }
+            } else {
+                throw('Unknown board');
+            }
+        } else {
+            throw ('this platform does not have DMI statistics');
+        }
+    } else {
+        var entries = require('fs').readdirSync('/sys/class/dmi/id');
+        for (var i in entries) {
+            if (require('fs').statSync('/sys/class/dmi/id/' + entries[i]).isFile()) {
+                try {
+                    ret[entries[i]] = require('fs').readFileSync('/sys/class/dmi/id/' + entries[i]).toString().trim();
+                } catch(z) { }
+                if (ret[entries[i]] == 'None') { delete ret[entries[i]]; }
+            }
+        }
+        entries = null;
+
+        identifiers['bios_date'] = ret['bios_date'];
+        identifiers['bios_vendor'] = ret['bios_vendor'];
+        identifiers['bios_version'] = ret['bios_version'];
+        identifiers['bios_serial'] = ret['product_serial'];
+        identifiers['board_name'] = ret['board_name'];
+        identifiers['board_serial'] = ret['board_serial'];
+        identifiers['board_vendor'] = ret['board_vendor'];
+        identifiers['board_version'] = ret['board_version'];
+        identifiers['product_uuid'] = ret['product_uuid'];
+        identifiers['product_name'] = ret['product_name'];
+    }
+
+    try {
+        identifiers['bios_mode'] = (require('fs').statSync('/sys/firmware/efi').isDirectory() ? 'UEFI': 'Legacy');
+    } catch (ex) { identifiers['bios_mode'] = 'Legacy'; }
+
+    var child = require('child_process').execFile('/bin/sh', ['sh']);
+    child.stdout.str = ''; child.stdout.on('data', dataHandler);
+    child.stdin.write('cat /proc/cpuinfo | grep -i "model name" | ' + "tr '\\n' ':' | awk -F: '{ print $2 }'\nexit\n");
+    child.waitExit();
+    identifiers['cpu_name'] = child.stdout.str.trim();
+    if (identifiers['cpu_name'] == "") { // CPU BLANK, check lscpu instead
+        child = require('child_process').execFile('/bin/sh', ['sh']);
+        child.stdout.str = ''; child.stdout.on('data', dataHandler);
+        child.stdin.write('lscpu | grep -i "model name" | ' + "tr '\\n' ':' | awk -F: '{ print $2 }'\nexit\n");
+        child.waitExit();
+        identifiers['cpu_name'] = child.stdout.str.trim();
+    }
+    child = null;
+
+
+    // Fetch GPU info
+    child = require('child_process').execFile('/bin/sh', ['sh']);
+    child.stdout.str = ''; child.stdout.on('data', dataHandler);
+    child.stdin.write("lspci | grep ' VGA ' | tr '\\n' '`' | awk '{ a=split($0,lines" + ',"`"); printf "["; for(i=1;i<a;++i) { split(lines[i],gpu,"r: "); printf "%s\\"%s\\"", (i==1?"":","),gpu[2]; } printf "]"; }\'\nexit\n');
+    child.waitExit();
+    try { identifiers['gpu_name'] = JSON.parse(child.stdout.str.trim()); } catch (xx) { }
+    child = null;
+
+    // Fetch Storage Info
+    child = require('child_process').execFile('/bin/sh', ['sh']);
+    child.stdout.str = ''; child.stdout.on('data', dataHandler);
+    child.stdin.write("lshw -class disk -disable network | tr '\\n' '`' | awk '" + '{ len=split($0,lines,"*"); printf "["; for(i=2;i<=len;++i) { model=""; caption=""; size=""; clen=split(lines[i],item,"`"); for(j=2;j<clen;++j) { split(item[j],tokens,":"); split(tokens[1],key," "); if(key[1]=="description") { caption=substr(tokens[2],2); } if(key[1]=="product") { model=substr(tokens[2],2); } if(key[1]=="size") { size=substr(tokens[2],2);  } } if(model=="") { model=caption; } if(caption!="" || model!="") { printf "%s{\\"Caption\\":\\"%s\\",\\"Model\\":\\"%s\\",\\"Size\\":\\"%s\\"}",(i==2?"":","),caption,model,size; }  } printf "]"; }\'\nexit\n');
+    child.waitExit();
+    try { identifiers['storage_devices'] = JSON.parse(child.stdout.str.trim()); } catch (xx) { }
+    child = null;
+
+    // Fetch storage volumes using df
+    child = require('child_process').execFile('/bin/sh', ['sh']);
+    child.stdout.str = ''; child.stdout.on('data', dataHandler);
+    child.stdin.write('df -T | awk \'NR==1 || $1 ~ ".+"{print $3, $4, $5, $7, $2}\' | awk \'NR>1 {printf "{\\"size\\":\\"%s\\",\\"used\\":\\"%s\\",\\"available\\":\\"%s\\",\\"mount_point\\":\\"%s\\",\\"type\\":\\"%s\\"},", $1, $2, $3, $4, $5}\' | sed \'$ s/,$//\' | awk \'BEGIN {printf "["} {printf "%s", $0} END {printf "]"}\'\nexit\n');
+    child.waitExit();
+    try { ret.volumes = JSON.parse(child.stdout.str.trim()); } catch (xx) { }
+    child = null;
+
+    values.identifiers = identifiers;
+    values.linux = ret;
+    trimIdentifiers(values.identifiers);
+
+    var dmidecode = require('lib-finder').findBinary('dmidecode');
+    if (dmidecode != null)
+    {
+        child = require('child_process').execFile('/bin/sh', ['sh']);
+        child.stdout.str = ''; child.stdout.on('data', dataHandler);
+        child.stderr.str = ''; child.stderr.on('data', dataHandler);
+        child.stdin.write(dmidecode + " -t memory | tr '\\n' '`' | ");
+        child.stdin.write(" awk '{ ");
+        child.stdin.write('   printf("[");');
+        child.stdin.write('   comma="";');
+        child.stdin.write('   c=split($0, lines, "``");');
+        child.stdin.write('   for(i=1;i<=c;++i)');
+        child.stdin.write('   {');
+        child.stdin.write('      d=split(lines[i], val, "`");');
+        child.stdin.write('      split(val[1], tokens, ",");');
+        child.stdin.write('      split(tokens[2], dmitype, " ");');
+        child.stdin.write('      dmi = dmitype[3]+0; ');
+        child.stdin.write('      if(dmi == 5 || dmi == 6 || dmi == 16 || dmi == 17)');
+        child.stdin.write('      {');
+        child.stdin.write('          ccx="";');
+        child.stdin.write('          printf("%s{\\"%s\\": {", comma, val[2]);');
+        child.stdin.write('          for(j=3;j<d;++j)');
+        child.stdin.write('          {');
+        child.stdin.write('             sub(/^[ \\t]*/,"",val[j]);');
+        child.stdin.write('             if(split(val[j],tmp,":")>1)');
+        child.stdin.write('             {');
+        child.stdin.write('                sub(/^[ \\t]*/,"",tmp[2]);');
+        child.stdin.write('                gsub(/ /,"",tmp[1]);');
+        child.stdin.write('                printf("%s\\"%s\\": \\"%s\\"", ccx, tmp[1], tmp[2]);');
+        child.stdin.write('                ccx=",";');
+        child.stdin.write('             }');
+        child.stdin.write('          }');
+        child.stdin.write('          printf("}}");');
+        child.stdin.write('          comma=",";');
+        child.stdin.write('      }');
+        child.stdin.write('   }');
+        child.stdin.write('   printf("]");');
+        child.stdin.write("}'\nexit\n");
+        child.waitExit();
+
+        try
+        {
+            var j = JSON.parse(child.stdout.str);
+            var i, key, key2;
+            for (i = 0; i < j.length; ++i)
+            {
+                for (key in j[i])
+                {
+                    delete j[i][key]['ArrayHandle'];
+                    delete j[i][key]['ErrorInformationHandle'];
+                    for (key2 in j[i][key])
+                    {
+                        if (j[i][key][key2] == 'Unknown' || j[i][key][key2] == 'Not Specified' || j[i][key][key2] == '')
+                        {
+                            delete j[i][key][key2];
+                        }
+                    }
+                }
+            }
+
+            if(j.length > 0){
+                var mem = {};
+                for (i = 0; i < j.length; ++i)
+                {
+                    for (key in j[i])
+                    {
+                        if (mem[key] == null) { mem[key] = []; }
+                        mem[key].push(j[i][key]);
+                    }
+                }
+                values.linux.memory = mem;
+            }
+        }
+        catch (e)
+        { }
+        child = null;
+    }
+
+    var usbdevices = require('lib-finder').findBinary('usb-devices');
+    if (usbdevices != null)
+    {
+        var child = require('child_process').execFile('/bin/sh', ['sh']);
+        child.stdout.str = ''; child.stdout.on('data', dataHandler);
+        child.stderr.str = ''; child.stderr.on('data', dataHandler);
+        child.stdin.write(usbdevices + " | tr '\\n' '`' | ");
+        child.stdin.write(" awk '");
+        child.stdin.write('{');
+        child.stdin.write('   comma="";');
+        child.stdin.write('   printf("[");');
+        child.stdin.write('   len=split($0, group, "``");');
+        child.stdin.write('   for(i=1;i<=len;++i)');
+        child.stdin.write('   {');
+        child.stdin.write('      comma2="";');
+        child.stdin.write('      xlen=split(group[i], line, "`");');
+        child.stdin.write('      scount=0;');
+        child.stdin.write('      for(x=1;x<xlen;++x)');
+        child.stdin.write('      {');
+        child.stdin.write('         if(line[x] ~ "^S:")');
+        child.stdin.write('         {');
+        child.stdin.write('            ++scount;');
+        child.stdin.write('         }');
+        child.stdin.write('      }');
+        child.stdin.write('      if(scount>0)');
+        child.stdin.write('      {');
+        child.stdin.write('         printf("%s{", comma); comma=",";');
+        child.stdin.write('         for(x=1;x<xlen;++x)');
+        child.stdin.write('         {');
+        child.stdin.write('            if(line[x] ~ "^T:")');
+        child.stdin.write('            {');
+        child.stdin.write('               comma3="";');
+        child.stdin.write('               printf("%s\\"hardware\\": {", comma2); comma2=",";');
+        child.stdin.write('               sub(/^T:[ \\t]*/, "", line[x]);');
+        child.stdin.write('               gsub(/= */, "=", line[x]);');
+        child.stdin.write('               blen=split(line[x], tokens, " ");');
+        child.stdin.write('               for(y=1;y<blen;++y)');
+        child.stdin.write('               {');
+        child.stdin.write('                  match(tokens[y],/=/);');
+        child.stdin.write('                  h=substr(tokens[y],1,RSTART-1);');
+        child.stdin.write('                  v=substr(tokens[y],RSTART+1);');
+        child.stdin.write('                  sub(/#/, "", h);');
+        child.stdin.write('                  printf("%s\\"%s\\": \\"%s\\"", comma3, h, v); comma3=",";');
+        child.stdin.write('               }');
+        child.stdin.write('               printf("}");');
+        child.stdin.write('            }');
+        child.stdin.write('            if(line[x] ~ "^S:")');
+        child.stdin.write('            {');
+        child.stdin.write('               sub(/^S:[ \\t]*/, "", line[x]);');
+        child.stdin.write('               match(line[x], /=/);');
+        child.stdin.write('               h=substr(line[x],1,RSTART-1);');
+        child.stdin.write('               v=substr(line[x],RSTART+1);');
+        child.stdin.write('               printf("%s\\"%s\\": \\"%s\\"", comma2, h,v); comma2=",";');
+        child.stdin.write('            }');
+        child.stdin.write('         }');
+        child.stdin.write('         printf("}");');
+        child.stdin.write('      }');
+        child.stdin.write('   }');
+        child.stdin.write('   printf("]");');
+        child.stdin.write("}'\nexit\n");
+        child.waitExit();
+
+        try
+        {
+            values.linux.usb = JSON.parse(child.stdout.str);
+        }
+        catch(x)
+        { }
+        child = null;
+    }
+
+    var pcidevices = require('lib-finder').findBinary('lspci');
+    if (pcidevices != null)
+    {
+        var child = require('child_process').execFile('/bin/sh', ['sh']);
+        child.stdout.str = ''; child.stdout.on('data', dataHandler);
+        child.stderr.str = ''; child.stderr.on('data', dataHandler);
+        child.stdin.write(pcidevices + " -m | tr '\\n' '`' | ");
+        child.stdin.write(" awk '");
+        child.stdin.write('{');
+        child.stdin.write('   printf("[");');
+        child.stdin.write('   comma="";');
+        child.stdin.write('   alen=split($0, lines, "`");');
+        child.stdin.write('   for(a=1;a<alen;++a)');
+        child.stdin.write('   {');
+        child.stdin.write('      match(lines[a], / /);');
+        child.stdin.write('      blen=split(lines[a], meta, "\\"");');
+        child.stdin.write('      bus=substr(lines[a], 1, RSTART);');
+        child.stdin.write('      gsub(/ /, "", bus);');
+        child.stdin.write('      printf("%s{\\"bus\\": \\"%s\\"", comma, bus); comma=",";');
+        child.stdin.write('      printf(", \\"device\\": \\"%s\\"", meta[2]);');
+        child.stdin.write('      printf(", \\"manufacturer\\": \\"%s\\"", meta[4]);');
+        child.stdin.write('      printf(", \\"description\\": \\"%s\\"", meta[6]);');
+        child.stdin.write('      if(meta[8] != "")');
+        child.stdin.write('      {');
+        child.stdin.write('         printf(", \\"subsystem\\": {");');
+        child.stdin.write('         printf("\\"manufacturer\\": \\"%s\\"", meta[8]);');
+        child.stdin.write('         printf(", \\"description\\": \\"%s\\"", meta[10]);');
+        child.stdin.write('         printf("}");');
+        child.stdin.write('      }');
+        child.stdin.write('      printf("}");');
+        child.stdin.write('   }');
+        child.stdin.write('   printf("]");');
+        child.stdin.write("}'\nexit\n");
+        child.waitExit();
+
+        try
+        {
+            values.linux.pci = JSON.parse(child.stdout.str);
+        }
+        catch (x)
+        { }
+        child = null;
+    }
+
+    // Linux Last Boot Up Time
+    try {
+        child = require('child_process').execFile('/usr/bin/uptime', ['', '-s']); // must include blank value at begining for some reason?
+        child.stdout.str = ''; child.stdout.on('data', function (c) { this.str += c.toString(); });
+        child.stderr.on('data', function () { });
+        child.waitExit();
+        var regex = /^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}$/;
+        if (regex.test(child.stdout.str.trim())) {
+            values.linux.LastBootUpTime = child.stdout.str.trim();
+        } else {
+            child = require('child_process').execFile('/bin/sh', ['sh']);
+            child.stdout.str = ''; child.stdout.on('data', function (c) { this.str += c.toString(); });
+            child.stdin.write('date -d "@$(( $(date +%s) - $(awk \'{print int($1)}\' /proc/uptime) ))" "+%Y-%m-%d %H:%M:%S"\nexit\n');
+            child.waitExit();
+            if (regex.test(child.stdout.str.trim())) {
+                values.linux.LastBootUpTime = child.stdout.str.trim();
+            }
+        }
+        child = null;
+    } catch (ex) { }
+
+    // Linux TPM
+    try {
+        if (require('fs').statSync('/sys/class/tpm/tpm0').isDirectory()){
+            values.tpm = {
+                SpecVersion: require('fs').readFileSync('/sys/class/tpm/tpm0/tpm_version_major').toString().trim()
+            }
+        }
+    } catch (ex) { }
+
+    return (values);
+}
+
+function windows_wmic_results(str)
+{
+    var lines = str.trim().split('\r\n');
+    var keys = lines[0].split(',');
+    var i, key, keyval;
+    var tokens;
+    var result = [];
+
+    console.log('Lines: ' + lines.length, 'Keys: ' + keys.length);
+
+    for (i = 1; i < lines.length; ++i)
+    {
+        var obj = {};
+        console.log('i: ' + i);
+        tokens = lines[i].split(',');
+        for (key = 0; key < keys.length; ++key)
+        {
+            var tmp = Buffer.from(tokens[key], 'binary').toString();
+            console.log(tokens[key], tmp);
+            tokens[key] = tmp == null ? '' : tmp;
+            if (tokens[key].trim())
+            {
+                obj[keys[key].trim()] = tokens[key].trim();
+            }
+        }
+        delete obj.Node;
+        result.push(obj);
+    }
+    return (result);
+}
+
+function windows_identifiers()
+{
+    var ret = { windows: {} };
+    var items, item, i;
+
+    ret['identifiers'] = {};
+
+    var values = require('win-wmi').query('ROOT\\CIMV2', "SELECT * FROM Win32_Bios", ['ReleaseDate', 'Manufacturer', 'SMBIOSBIOSVersion', 'SerialNumber']);
+    if(values[0]){
+        ret['identifiers']['bios_date'] = values[0]['ReleaseDate'];
+        ret['identifiers']['bios_vendor'] = values[0]['Manufacturer'];
+        ret['identifiers']['bios_version'] = values[0]['SMBIOSBIOSVersion'];
+        ret['identifiers']['bios_serial'] = values[0]['SerialNumber'];
+    }
+    ret['identifiers']['bios_mode'] = 'Legacy';
+
+    values = require('win-wmi').query('ROOT\\CIMV2', "SELECT * FROM Win32_BaseBoard", ['Product', 'SerialNumber', 'Manufacturer', 'Version']);
+    if(values[0]){
+        ret['identifiers']['board_name'] = values[0]['Product'];
+        ret['identifiers']['board_serial'] = values[0]['SerialNumber'];
+        ret['identifiers']['board_vendor'] = values[0]['Manufacturer'];
+        ret['identifiers']['board_version'] = values[0]['Version'];
+    }
+
+    values = require('win-wmi').query('ROOT\\CIMV2', "SELECT * FROM Win32_ComputerSystemProduct", ['UUID', 'Name']);
+    if(values[0]){
+        ret['identifiers']['product_uuid'] = values[0]['UUID'];
+        ret['identifiers']['product_name'] = values[0]['Name'];
+        trimIdentifiers(ret.identifiers);
+    }
+
+    values = require('win-wmi').query('ROOT\\CIMV2', "SELECT * FROM Win32_PhysicalMemory");
+    if(values[0]){
+        trimResults(values);
+        ret.windows.memory = values;
+    }
+
+    values = require('win-wmi').query('ROOT\\CIMV2', "SELECT * FROM Win32_OperatingSystem");
+    if(values[0]){
+        trimResults(values);
+        ret.windows.osinfo = values[0];
+    }
+
+    values = require('win-wmi').query('ROOT\\CIMV2', "SELECT * FROM Win32_DiskPartition");
+    if(values[0]){
+        trimResults(values);
+        ret.windows.partitions = values;
+        for (var i in values) {
+            if (values[i].Description=='GPT: System') {
+                ret['identifiers']['bios_mode'] = 'UEFI';
+            }
+        }
+    }
+
+    values = require('win-wmi').query('ROOT\\CIMV2', "SELECT * FROM Win32_Processor", ['Caption', 'DeviceID', 'Manufacturer', 'MaxClockSpeed', 'Name', 'SocketDesignation']);
+    if(values[0]){
+        ret.windows.cpu = values;
+    }
+    
+    values = require('win-wmi').query('ROOT\\CIMV2', "SELECT * FROM Win32_VideoController", ['Name', 'CurrentHorizontalResolution', 'CurrentVerticalResolution']);
+    if(values[0]){
+        ret.windows.gpu = values;
+    }
+
+    values = require('win-wmi').query('ROOT\\CIMV2', "SELECT * FROM Win32_DiskDrive", ['Caption', 'DeviceID', 'Model', 'Partitions', 'Size', 'Status']);
+    if(values[0]){
+        ret.windows.drives = values;
+    }
+    
+    // Insert GPU names
+    ret.identifiers.gpu_name = [];
+    for (var gpuinfo in ret.windows.gpu)
+    {
+        if (ret.windows.gpu[gpuinfo].Name) { ret.identifiers.gpu_name.push(ret.windows.gpu[gpuinfo].Name); }
+    }
+
+    // Insert Storage Devices
+    ret.identifiers.storage_devices = [];
+    for (var dv in ret.windows.drives)
+    {
+        ret.identifiers.storage_devices.push({ Caption: ret.windows.drives[dv].Caption, Model: ret.windows.drives[dv].Model, Size: ret.windows.drives[dv].Size });
+    }
+
+    try { ret.identifiers.cpu_name = ret.windows.cpu[0].Name; } catch (x) { }
+
+    // Windows TPM
+    IntToStr = function (v) { return String.fromCharCode((v >> 24) & 0xFF, (v >> 16) & 0xFF, (v >> 8) & 0xFF, v & 0xFF); };
+    try {
+        values = require('win-wmi').query('ROOT\\CIMV2\\Security\\MicrosoftTpm', "SELECT * FROM Win32_Tpm", ['IsActivated_InitialValue','IsEnabled_InitialValue','IsOwned_InitialValue','ManufacturerId','ManufacturerVersion','SpecVersion']);
+        if(values[0]) {
+            ret.tpm = {
+                SpecVersion: values[0].SpecVersion.split(",")[0],
+                ManufacturerId: IntToStr(values[0].ManufacturerId).replace(/[^\x00-\x7F]/g, ""),
+                ManufacturerVersion: values[0].ManufacturerVersion,
+                IsActivated: values[0].IsActivated_InitialValue,
+                IsEnabled: values[0].IsEnabled_InitialValue,
+                IsOwned: values[0].IsOwned_InitialValue,
+            }
+        }
+    } catch (ex) { }
+
+    return (ret);
+}
+function macos_identifiers()
+{
+    var ret = { identifiers: {}, darwin: {} };
+    var child;
+
+    child = require('child_process').execFile('/bin/sh', ['sh']);
+    child.stdout.str = ''; child.stdout.on('data', function (c) { this.str += c.toString(); });
+    child.stdin.write('ioreg -d2 -c IOPlatformExpertDevice | grep board-id | awk -F= \'{ split($2, res, "\\""); print res[2]; }\'\nexit\n');
+    child.waitExit();
+    ret.identifiers.board_name = child.stdout.str.trim();
+
+    child = require('child_process').execFile('/bin/sh', ['sh']);
+    child.stdout.str = ''; child.stdout.on('data', function (c) { this.str += c.toString(); });
+    child.stdin.write('ioreg -d2 -c IOPlatformExpertDevice | grep IOPlatformSerialNumber | awk -F= \'{ split($2, res, "\\""); print res[2]; }\'\nexit\n');
+    child.waitExit();
+    ret.identifiers.board_serial = child.stdout.str.trim();
+
+    child = require('child_process').execFile('/bin/sh', ['sh']);
+    child.stdout.str = ''; child.stdout.on('data', function (c) { this.str += c.toString(); });
+    child.stdin.write('ioreg -d2 -c IOPlatformExpertDevice | grep manufacturer | awk -F= \'{ split($2, res, "\\""); print res[2]; }\'\nexit\n');
+    child.waitExit();
+    ret.identifiers.board_vendor = child.stdout.str.trim();
+
+    child = require('child_process').execFile('/bin/sh', ['sh']);
+    child.stdout.str = ''; child.stdout.on('data', function (c) { this.str += c.toString(); });
+    child.stdin.write('ioreg -d2 -c IOPlatformExpertDevice | grep version | awk -F= \'{ split($2, res, "\\""); print res[2]; }\'\nexit\n');
+    child.waitExit();
+    ret.identifiers.board_version = child.stdout.str.trim();
+
+    child = require('child_process').execFile('/bin/sh', ['sh']);
+    child.stdout.str = ''; child.stdout.on('data', function (c) { this.str += c.toString(); });
+    child.stdin.write('ioreg -d2 -c IOPlatformExpertDevice | grep IOPlatformUUID | awk -F= \'{ split($2, res, "\\""); print res[2]; }\'\nexit\n');
+    child.waitExit();
+    ret.identifiers.product_uuid = child.stdout.str.trim();
+
+    child = require('child_process').execFile('/bin/sh', ['sh']);
+    child.stdout.str = ''; child.stdout.on('data', function (c) { this.str += c.toString(); });
+    child.stdin.write('sysctl -n machdep.cpu.brand_string\nexit\n');
+    child.waitExit();
+    ret.identifiers.cpu_name = child.stdout.str.trim();
+
+    child = require('child_process').execFile('/bin/sh', ['sh']);
+    child.stdout.str = ''; child.stdout.on('data', function (c) { this.str += c.toString(); });
+    child.stdin.write('system_profiler SPMemoryDataType\nexit\n');
+    child.waitExit();
+    var lines = child.stdout.str.trim().split('\n');
+    if(lines.length > 0) {
+        const memorySlots = [];
+        if(lines[2].trim().includes('Memory Slots:')) { // OLD MACS WITH SLOTS
+            var memorySlots1 = child.stdout.str.split(/\n{2,}/).slice(3);
+            memorySlots1.forEach(function(slot,index) {
+                var lines = slot.split('\n');
+                if(lines.length == 1){ // start here
+                    if(lines[0].trim()!=''){
+                        var slotObj = { DeviceLocator: lines[0].trim().replace(/:$/, '') }; // Initialize name as an empty string
+                        var nextline = memorySlots1[index+1].split('\n');
+                        nextline.forEach(function(line) {
+                            if (line.trim() !== '') {
+                                var parts = line.split(':');
+                                var key = parts[0].trim();
+                                var value = parts[1].trim();
+                                value = (key == 'Part Number' || key == 'Manufacturer') ? hexToAscii(parts[1].trim()) : parts[1].trim();
+                                slotObj[key.replace(' ','')] = value; // Store attribute in the slot object
+                            }
+                        });
+                        memorySlots.push(slotObj);
+                    }
+                }
+            });
+        } else { // NEW MACS WITHOUT SLOTS
+            memorySlots.push({ DeviceLocator: "Onboard Memory", Size: lines[2].split(":")[1].trim(), PartNumber: lines[3].split(":")[1].trim(), Manufacturer: lines[4].split(":")[1].trim() })
+        }
+        ret.darwin.memory = memorySlots;
+    }
+
+    child = require('child_process').execFile('/bin/sh', ['sh']);
+    child.stdout.str = ''; child.stdout.on('data', function (c) { this.str += c.toString(); });
+    child.stdin.write('diskutil info -all\nexit\n');
+    child.waitExit();
+    var sections = child.stdout.str.split('**********\n');
+    if(sections.length > 0){
+        var devices = [];
+        for (var i = 0; i < sections.length; i++) {
+            var lines = sections[i].split('\n');
+            var deviceInfo = {};
+            var wholeYes = false;
+            var physicalYes = false;
+            var oldmac = false;
+            for (var j = 0; j < lines.length; j++) {
+                var keyValue = lines[j].split(':');
+                var key = keyValue[0].trim();
+                var value = keyValue[1] ? keyValue[1].trim() : '';
+                if (key === 'Virtual') oldmac = true;
+                if (key === 'Whole' && value === 'Yes') wholeYes = true;
+                if (key === 'Virtual' && value === 'No') physicalYes = true;
+                if(value && key === 'Device / Media Name'){
+                    deviceInfo['Caption'] = value;
+                }
+                if(value && key === 'Disk Size'){
+                    deviceInfo['Size'] = value.split(' ')[0] + ' ' + value.split(' ')[1];
+                }
+            }
+            if (wholeYes) {
+                if (oldmac) {
+                    if (physicalYes) devices.push(deviceInfo);
+                } else {
+                    devices.push(deviceInfo);
+                }
+            }
+        }
+        ret.identifiers.storage_devices = devices;
+    }
+
+    // Fetch storage volumes using df
+    child = require('child_process').execFile('/bin/sh', ['sh']);
+    child.stdout.str = ''; child.stdout.on('data', dataHandler);
+    child.stdin.write('df -aHY | awk \'NR>1 {printf "{\\"size\\":\\"%s\\",\\"used\\":\\"%s\\",\\"available\\":\\"%s\\",\\"mount_point\\":\\"%s\\",\\"type\\":\\"%s\\"},", $3, $4, $5, $10, $2}\' | sed \'$ s/,$//\' | awk \'BEGIN {printf "["} {printf "%s", $0} END {printf "]"}\'\nexit\n');
+    child.waitExit();
+    try {
+        ret.darwin.volumes = JSON.parse(child.stdout.str.trim());
+        for (var index = 0; index < ret.darwin.volumes.length; index++) {
+            if (ret.darwin.volumes[index].type == 'auto_home'){
+                ret.darwin.volumes.splice(index,1);
+            }
+        }
+        if (ret.darwin.volumes.length == 0) { // not sonima OS so dont show type for now
+            child = require('child_process').execFile('/bin/sh', ['sh']);
+            child.stdout.str = ''; child.stdout.on('data', dataHandler);
+            child.stdin.write('df -aH | awk \'NR>1 {printf "{\\"size\\":\\"%s\\",\\"used\\":\\"%s\\",\\"available\\":\\"%s\\",\\"mount_point\\":\\"%s\\"},", $2, $3, $4, $9}\' | sed \'$ s/,$//\' | awk \'BEGIN {printf "["} {printf "%s", $0} END {printf "]"}\'\nexit\n');
+            child.waitExit();
+            try {
+                ret.darwin.volumes = JSON.parse(child.stdout.str.trim());
+                for (var index = 0; index < ret.darwin.volumes.length; index++) {
+                    if (ret.darwin.volumes[index].size == 'auto_home'){
+                        ret.darwin.volumes.splice(index,1);
+                    }
+                }
+            } catch (xx) { }
+        }
+    } catch (xx) { }
+    child = null;
+
+    // MacOS Last Boot Up Time
+    try {
+        child = require('child_process').execFile('/usr/sbin/sysctl', ['', 'kern.boottime']); // must include blank value at begining for some reason?
+        child.stdout.str = ''; child.stdout.on('data', function (c) { this.str += c.toString(); });
+        child.stderr.on('data', function () { });
+        child.waitExit();
+        const timestampMatch = /\{ sec = (\d+), usec = \d+ \}/.exec(child.stdout.str.trim());
+        if (!ret.darwin) {
+            ret.darwin = { LastBootUpTime: parseInt(timestampMatch[1]) };
+        } else {
+            ret.darwin.LastBootUpTime = parseInt(timestampMatch[1]);
+        }
+        child = null;
+    } catch (ex) { }
+
+    trimIdentifiers(ret.identifiers);
+
+    child = null;
+    return (ret);
+}
+
+function hexToAscii(hexString) {
+    if(!hexString.startsWith('0x')) return hexString.trim();
+    hexString = hexString.startsWith('0x') ? hexString.slice(2) : hexString;
+    var str = '';
+    for (var i = 0; i < hexString.length; i += 2) {
+        var hexPair = hexString.substr(i, 2);
+        str += String.fromCharCode(parseInt(hexPair, 16));
+    }
+    str = str.replace(/[\u007F-\uFFFF]/g, ''); // Remove characters from 0x0080 to 0xFFFF
+    return str.trim();
+}
+
+function win_chassisType()
+{
+    // needs to be replaced with win-wmi but due to bug in win-wmi it doesnt handle arrays correctly
+    var child = require('child_process').execFile(process.env['windir'] + '\\System32\\WindowsPowerShell\\v1.0\\powershell.exe', ['powershell', '-noprofile', '-nologo', '-command', '-'], {});
+    if (child == null) { return ([]); }
+    child.descriptorMetadata = 'process-manager';
+    child.stdout.str = ''; child.stdout.on('data', function (c) { this.str += c.toString(); });
+    child.stderr.str = ''; child.stderr.on('data', function (c) { this.str += c.toString(); });
+    child.stdin.write('Get-WmiObject Win32_SystemEnclosure | Select-Object -ExpandProperty ChassisTypes\r\n');
+    child.stdin.write('exit\r\n');
+    child.waitExit();
+    try {
+        return (parseInt(child.stdout.str));
+    } catch (e) {
+        return (2); // unknown
+    }
+}
+
+function win_systemType()
+{
+    try {
+        var tokens = require('win-wmi').query('ROOT\\CIMV2', 'SELECT PCSystemType FROM Win32_ComputerSystem', ['PCSystemType']);
+        if (tokens[0]) {
+            return (parseInt(tokens[0]['PCSystemType']));
+        } else {
+            return (parseInt(1)); // default is desktop
+        }
+    } catch (ex) {
+        return (parseInt(1)); // default is desktop
+    }
+
+}
+
+function win_formFactor(chassistype)
+{
+    var ret = 'DESKTOP';
+    switch (chassistype)
+    {
+        case 11:    // Handheld
+        case 30:    // Tablet
+        case 31:    // Convertible
+        case 32:    // Detachable
+            ret = 'TABLET';
+            break;
+        case 9:     // Laptop
+        case 10:    // Notebook
+        case 14:    // Sub Notebook
+            ret = 'LAPTOP';
+            break;
+        default:
+            ret = win_systemType() == 2 ? 'MOBILE' : 'DESKTOP';
+            break;
+    }
+
+    return (ret);
+}
+
+switch(process.platform)
+{
+    case 'linux':
+        module.exports = { _ObjectID: 'identifiers', get: linux_identifiers };
+        break;
+    case 'win32':
+        module.exports = { _ObjectID: 'identifiers', get: windows_identifiers, chassisType: win_chassisType, formFactor: win_formFactor, systemType: win_systemType };
+        break;
+    case 'darwin':
+        module.exports = { _ObjectID: 'identifiers', get: macos_identifiers };
+        break;
+    default:
+        module.exports = { get: function () { throw ('Unsupported Platform'); } };
+        break;
+}
+module.exports.isDocker = function isDocker()
+{
+    if (process.platform != 'linux') { return (false); }
+
+    var child = require('child_process').execFile('/bin/sh', ['sh']);
+    child.stdout.str = ''; child.stdout.on('data', function (c) { this.str += c.toString(); });
+    child.stdin.write("cat /proc/self/cgroup | tr '\n' '`' | awk -F'`' '{ split($1, res, " + '"/"); if(res[2]=="docker"){print "1";} }\'\nexit\n');
+    child.waitExit();
+    return (child.stdout.str != '');
+};
+module.exports.isBatteryPowered = function isBatteryOperated()
+{
+    var ret = false;
+    switch(process.platform)
+    {
+        default:
+            break;
+        case 'linux':
+            var devices = require('fs').readdirSync('/sys/class/power_supply');
+            for (var i in devices)
+            {
+                if (require('fs').readFileSync('/sys/class/power_supply/' + devices[i] + '/type').toString().trim() == 'Battery')
+                {
+                    ret = true;
+                    break;
+                }
+            }
+            break;
+        case 'win32':
+            var GM = require('_GenericMarshal');
+            var stats = GM.CreateVariable(12);
+            var kernel32 = GM.CreateNativeProxy('Kernel32.dll');
+            kernel32.CreateMethod('GetSystemPowerStatus');
+            if (kernel32.GetSystemPowerStatus(stats).Val != 0)
+            {
+                if(stats.toBuffer()[1] != 128 && stats.toBuffer()[1] != 255)
+                {
+                    ret = true;
+                }
+                else
+                {
+                    // No Battery detected, so lets check if there is supposed to be one
+                    var formFactor = win_formFactor(win_chassisType());
+                    return (formFactor == 'LAPTOP' || formFactor == 'TABLET' || formFactor == 'MOBILE');
+                }
+            }
+            break;
+        case 'darwin':
+            var child = require('child_process').execFile('/bin/sh', ['sh']);
+            child.stdout.str = ''; child.stdout.on('data', function(c){ this.str += c.toString(); });
+            child.stderr.str = ''; child.stderr.on('data', function(c){ this.str += c.toString(); });
+            child.stdin.write("pmset -g batt | tr '\\n' '`' | awk -F'`' '{ if(NF>2) { print \"true\"; }}'\nexit\n");
+            child.waitExit();
+            if(child.stdout.str.trim() != '') { ret = true; }
+            break;
+    }
+    return (ret);
+};
+module.exports.isVM = function isVM()
+{
+    var ret = false;
+    var id = this.get();
+    if (id.linux && id.linux.sys_vendor)
+    {
+        switch (id.linux.sys_vendor)
+        {
+            case 'VMware, Inc.':
+            case 'QEMU':
+            case 'Xen':
+                ret = true;
+                break;
+            default:
+                break;
+        }
+    }
+    if (id.identifiers.bios_vendor)
+    {
+        switch(id.identifiers.bios_vendor)
+        {
+            case 'VMware, Inc.':
+            case 'Xen':
+            case 'SeaBIOS':
+            case 'EFI Development Kit II / OVMF':
+            case 'Proxmox distribution of EDK II':
+                ret = true;
+                break;
+            default:
+                break;
+        }
+    }
+    if (id.identifiers.board_vendor && id.identifiers.board_vendor == 'VMware, Inc.') { ret = true; }
+    if (id.identifiers.board_name)
+    {
+        switch (id.identifiers.board_name)
+        {
+            case 'VirtualBox':
+            case 'Virtual Machine':
+                ret = true;
+                break;
+            default:
+                break;
+        }
+    }
+
+    if (process.platform == 'win32' && !ret)
+    {
+        for(var i in id.identifiers.gpu_name)
+        {
+            if(id.identifiers.gpu_name[i].startsWith('VMware '))
+            {
+                ret = true;
+                break;
+            }
+        }
+    }
+
+
+    if (!ret) { ret = this.isDocker(); }
+    return (ret);
+};
+
+// bios_date = BIOS->ReleaseDate
+// bios_vendor = BIOS->Manufacturer
+// bios_version = BIOS->SMBIOSBIOSVersion
+// board_name = BASEBOARD->Product = ioreg/board-id
+// board_serial = BASEBOARD->SerialNumber = ioreg/serial-number | ioreg/IOPlatformSerialNumber
+// board_vendor = BASEBOARD->Manufacturer = ioreg/manufacturer
+// board_version = BASEBOARD->Version

agents/modules_meshcore/coretranslations.json

@@ -135,12 +135,12 @@
     "allow": "Permitir",
     "deny": "Negar",
     "autoAllowForFive": "Aceita automaticamente todas as conexões pelos próximos 5 minutos",
-    "terminalConsent": "{0} solicitando acesso ao terminal remoto. Garantir acesso?",
-    "desktopConsent": "{0} solicitando acesso à área de trabalho remota. Garantir acesso?",
-    "fileConsent": "{0} solicitando acesso remoto ao arquivo. Garantir acesso?",
+    "terminalConsent": "{0} está a pedir acesso ao terminal remoto. Conceder acesso?",
+    "desktopConsent": "{0} está a pedir acesso à área de trabalho remota. Conceder acesso?",
+    "fileConsent": "{0} está a pedir acesso remoto aos ficheiros. Conceder acesso?",
     "terminalNotify": "{0} iniciou uma sessão de terminal remoto.",
     "desktopNotify": "{0} iniciou uma sessão de área de trabalho remota.",
-    "fileNotify": "{0} iniciou uma sessão de arquivo remoto.",
+    "fileNotify": "{0} iniciou uma sessão de ficheiro remoto.",
     "privacyBar": "Compartilhando área de trabalho com: {0}"
   },
   "ru": {
@@ -250,5 +250,41 @@
     "desktopNotify": "{0} je započeo sesiju udaljene radne površine.",
     "fileNotify": "{0} je započeo sesiju udaljenog fajla.",
     "privacyBar": "Dijeljenje radne površine sa: {0}"
+  },
+  "hu": {
+    "allow": "Engedélyezés",
+    "deny": "Elutasítás",
+    "autoAllowForFive": "Csatlakozások automatikus elfogadása a következő 5 percben",
+    "terminalConsent": "{0} távoli parancssor,terminál hozzáférést kér. Engedélyezi a hozzáférést?",
+    "desktopConsent": "{0} távoli asztali hozzáférést kér. Engedélyezi a hozzáférést?",
+    "fileConsent": "{0} távoli fájlhozzáférést kér. Engedélyezi a hozzáférést?",
+    "terminalNotify": "{0} távoli parancssor munkamenetet indított.",
+    "desktopNotify": "{0} távoli asztali munkamenetet indított.",
+    "fileNotify": "{0} távoli fájlmunkamenetet indított.",
+    "privacyBar": "Asztal megosztás aktív: {0} felhasználóval"
+  },
+  "ca": {
+    "allow": "Permetre",
+    "deny": "Negar",
+    "autoAllowForFive": "Accepta automàticament totes les connexions durant els propers 5 minuts",
+    "terminalConsent": "{0} sol·licitant accés al terminal remot. Accés garantit?",
+    "desktopConsent": "{0} sol·licitant accés a l'escriptori remot. Accés garantit?",
+    "fileConsent": "{0} sol·licitant accés remot al fitxer. Accés garantit?",
+    "terminalNotify": "{0} va iniciar una sessió de terminal remota.",
+    "desktopNotify": "{0} va iniciar una sessió d'escriptori remot.",
+    "fileNotify": "{0} va iniciar una sessió de fitxer remota.",
+    "privacyBar": "Compartint escriptori amb: {0}"
+  },
+  "uk": {
+    "allow": "Дозволити",
+    "deny": "Відмовити",
+    "autoAllowForFive": "Автоматично підтверджувати всі підключення впродовж наступних 5 хвилин",
+    "terminalConsent": "{0} запитує дозвіл на віддалене використання вашого терміналу (командного рядка). Надати доступ?",
+    "desktopConsent": "{0} запитує дозвіл на віддалений доступ до робочого столу. Надати доступ?",
+    "fileConsent": "{0} запитує дозвіл на віддалене управління файлами. Надати доступ?",
+    "terminalNotify": "{0} почав віддалено використовувати ваш термінал (командний рядок).",
+    "desktopNotify": "{0} розпочав сеанс віддаленого робочого столу.",
+    "fileNotify": "{0} почав віддалене управління вашими файлами.",
+    "privacyBar": "Ви ділитесь робочим столом з: {0}"
   }
 }

agents/modules_meshcore/sysinfo.js

@@ -159,7 +159,7 @@ function linux_memUtilization()
             case 'MemTotal:':
                 ret.total = parseInt(tokens[tokens.length - 2]);
                 break;
-            case 'MemFree:':
+            case 'MemAvailable:':
                 ret.free = parseInt(tokens[tokens.length - 2]);
                 break;
         }
@@ -209,9 +209,13 @@ function macos_memUtilization()
     {
         var usage = lines[0].split(':')[1];
         var bdown = usage.split(',');
-
-        mem.MemTotal = parseInt(bdown[0].trim().split(' ')[0]);
-        mem.MemFree = parseInt(bdown[1].trim().split(' ')[0]);
+        if (bdown.length > 2){ // new style - PhysMem: 5750M used (1130M wired, 634M compressor), 1918M unused.
+            mem.MemFree = parseInt(bdown[2].trim().split(' ')[0]);
+        } else { // old style - PhysMem: 6683M used (1606M wired), 9699M unused.
+            mem.MemFree = parseInt(bdown[1].trim().split(' ')[0]);
+        }
+        mem.MemUsed = parseInt(bdown[0].trim().split(' ')[0]);
+        mem.MemTotal = (mem.MemFree + mem.MemUsed);
         mem.percentFree = ((mem.MemFree / mem.MemTotal) * 100);//.toFixed(2);
         mem.percentConsumed = (((mem.MemTotal - mem.MemFree) / mem.MemTotal) * 100);//.toFixed(2);
         return (mem);
@@ -225,31 +229,48 @@ function macos_memUtilization()
 function windows_thermals()
 {
     var ret = [];
-    child = require('child_process').execFile(process.env['windir'] + '\\System32\\wbem\\wmic.exe', ['wmic', '/namespace:\\\\root\\wmi', 'PATH', 'MSAcpi_ThermalZoneTemperature', 'get', 'CurrentTemperature']);
-    child.stdout.str = ''; child.stdout.on('data', function (c) { this.str += c.toString(); });
-    child.stderr.str = ''; child.stderr.on('data', function (c) { this.str += c.toString(); });
-    child.waitExit();
-
-    if(child.stdout.str.trim!='')
-    {
-        var lines = child.stdout.str.trim().split('\r\n');
-        for (var i = 1; i < lines.length; ++i)
-        {
-            if (lines[i].trim() != '') { ret.push(((parseFloat(lines[i]) / 10) - 273.15).toFixed(2)); }
+    try {
+        ret = require('win-wmi').query('ROOT\\WMI', 'SELECT CurrentTemperature,InstanceName FROM MSAcpi_ThermalZoneTemperature',['CurrentTemperature','InstanceName']);
+        if (ret[0]) {
+            for (var i = 0; i < ret.length; ++i) {
+                ret[i]['CurrentTemperature'] = ((parseFloat(ret[i]['CurrentTemperature']) / 10) - 273.15).toFixed(2);
+            }
         }
-    }
+    } catch (ex) { }
     return (ret);
 }
 
 function linux_thermals()
 {
+    var ret = [];
     child = require('child_process').execFile('/bin/sh', ['sh']);
     child.stdout.str = ''; child.stdout.on('data', function (c) { this.str += c.toString(); });
     child.stderr.str = ''; child.stderr.on('data', function (c) { this.str += c.toString(); });
-    child.stdin.write("cat /sys/class/thermal/thermal_zone*/temp | awk '{ print $0 / 1000 }'\nexit\n");
+    child.stdin.write("for folder in /sys/class/thermal/thermal_zone*/; do [ -e \"$folder/temp\" ] && echo \"$(cat \"$folder/temp\"),$(cat \"$folder/type\")\"; done\nexit\n");
     child.waitExit();
-    var ret = child.stdout.str.trim().split('\n');
-    if (ret.length == 1 && ret[0] == '') { ret = []; }
+    if(child.stdout.str.trim()!='')
+    {
+        var lines = child.stdout.str.trim().split('\n');
+        for (var i = 0; i < lines.length; ++i)
+        {
+            var line = lines[i].trim().split(',');
+            ret.push({CurrentTemperature: (parseFloat(line[0])/1000), InstanceName: line[1]});
+        }
+    }
+    child = require('child_process').execFile('/bin/sh', ['sh']);
+    child.stdout.str = ''; child.stdout.on('data', function (c) { this.str += c.toString(); });
+    child.stderr.str = ''; child.stderr.on('data', function (c) { this.str += c.toString(); });
+    child.stdin.write("for mon in /sys/class/hwmon/hwmon*; do for label in \"$mon\"/temp*_label; do if [ -f $label ]; then echo $(cat \"$label\")___$(cat \"${label%_*}_input\"); fi; done; done;\nexit\n");
+    child.waitExit();
+    if(child.stdout.str.trim()!='')
+    {
+        var lines = child.stdout.str.trim().split('\n');
+        for (var i = 0; i < lines.length; ++i)
+        {
+            var line = lines[i].trim().split('___');
+            ret.push({ CurrentTemperature: (parseFloat(line[1])/1000), InstanceName: line[0] });
+        }
+    }
     return (ret);
 }
 
@@ -261,7 +282,6 @@ function macos_thermals()
     child.stderr.on('data', function () { });
     child.stdin.write('powermetrics --help | grep SMC\nexit\n');
     child.waitExit();
-    
     if (child.stdout.str.trim() != '')
     {
         child = require('child_process').execFile('/bin/sh', ['sh']);
@@ -273,14 +293,19 @@ function macos_thermals()
             {
                 if (tokens[i].split(' die temperature: ').length > 1)
                 {
-                    ret.push(tokens[i].split(' ')[3]);
+                    ret.push({CurrentTemperature: tokens[i].split(' ')[3], InstanceName: tokens[i].split(' ')[0]});
                     this.parent.kill();
                 }
             }
         });
-        child.stderr.str = ''; child.stderr.on('data', function (c) { this.str += c.toString(); });
-        child.stdin.write('powermetrics -s smc\n');
-        child.waitExit(5000);
+        child.stderr.on('data', function (c) {
+            if (c.toString().split('unable to get smc values').length > 1) { // error getting sensors so just kill
+                this.parent.kill();
+                return;
+            }
+        });
+        child.stdin.write('powermetrics -s smc -i 500 -n 1\n');
+        child.waitExit(2000);
     }
     return (ret);
 }

agents/modules_meshcore/win-deskutils.js

@@ -0,0 +1,194 @@
+/*
+Copyright 2022 Intel Corporation
+@author Bryan Roe
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+//
+// win-deskutils is a utility module that exposes various desktop related features for Windows
+// such as MouseTrails Accessability and Windows Desktop Background
+//
+
+//
+// MSDN documention for the system call this module relies on can be found at:
+// https://learn.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-systemparametersinfoa
+//
+
+var SPI_GETDESKWALLPAPER = 0x0073;
+var SPI_SETDESKWALLPAPER = 0x0014;
+var SPI_GETMOUSETRAILS = 0x005E;
+var SPI_SETMOUSETRAILS = 0x005D;
+
+var GM = require('_GenericMarshal');
+var user32 = GM.CreateNativeProxy('user32.dll');
+user32.CreateMethod('SystemParametersInfoA');
+
+//
+// This function is a helper method to dispatch method calls to different user sessions
+//
+function sessionDispatch(tsid, parent, method, args)
+{
+    //
+    // Check to see if the process owner of the current processor is root
+    //
+    var sid = undefined;
+    var stype = require('user-sessions').getProcessOwnerName(process.pid).tsid == 0 ? 1 : 0;
+    /*
+        The following is the list of possible values for stype.
+        If the current process owner is root, we set the stype to user,
+        because we cannot set/get any properties from this user, we
+        must switch to a user session.. Default behavior for stype(1)
+        is that it will context switch to the logged in user. If
+        this is not intended, then an actual user TSID must be specified, using
+        ILibProcessPipe_SpawnTypes_SPECIFIED_USER and the actual TSID
+        ------------------------------------------------------------------------
+        ILibProcessPipe_SpawnTypes_DEFAULT = 0,
+        ILibProcessPipe_SpawnTypes_USER = 1,
+        ILibProcessPipe_SpawnTypes_WINLOGON = 2,
+        ILibProcessPipe_SpawnTypes_TERM = 3,
+        ILibProcessPipe_SpawnTypes_DETACHED = 4,
+        ILibProcessPipe_SpawnTypes_SPECIFIED_USER = 5,
+        ILibProcessPipe_SpawnTypes_POSIX_DETACHED = 0x8000
+        ------------------------------------------------------------------------
+    */
+    console.log('stype: ' + stype);
+    if (stype == 1)
+    {
+        if (tsid == null && require('MeshAgent')._tsid != null)
+        {
+            stype = 5;                          // ILibProcessPipe_SpawnTypes_SPECIFIED_USER
+            sid = require('MeshAgent')._tsid;   // If this is set, it was set via user selection UI
+        }
+        else
+        {
+            sid = tsid;                         // Set the SID to be whatever was passed in
+        }
+    }
+
+    // Spawn a child process in the appropriate user session, and relay the response back via stdout
+    var mod = Buffer.from(getJSModule('win-deskutils')).toString('base64');
+    var prog = "try { addModule('win-deskutils', process.env['win_deskutils']);} catch (x) { } var x;try{x=require('win-deskutils').dispatch('" + parent + "', '" + method + "', " + JSON.stringify(args) + ");console.log(x);}catch(z){console.log(z);process.exit(1);}process.exit(0);";
+    var child = require('child_process').execFile(process.execPath, [process.execPath.split('\\').pop(), '-b64exec', Buffer.from(prog).toString('base64')], { type: stype, uid: sid, env: { win_deskutils: getJSModule('win-deskutils') } });
+
+    child.stdout.str = '';
+    child.stdout.on('data', function (c) { this.str += c.toString(); });
+    child.stderr.on('data', function (c) { });
+    child.on('exit', function (c) { this.exitCode = c; });
+    child.waitExit();
+    if (child.exitCode == 0)
+    {
+        return (child.stdout.str.trim()); // If the return code was 0, then relay the response from stdout
+    }
+    else
+    {
+        throw (child.stdout.str.trim()); // If the return code was nonzero, then the stdout response is the exception that should be bubbled
+    }
+}
+
+//
+// This function gets the path of the windows desktop background of the specified user desktop session
+//
+function background_get(tsid)
+{
+    if (tsid != null || tsid === null) // TSID is not undefined or is explicitly null
+    {
+        // Need to disatch to different session first
+        return (sessionDispatch(tsid, 'background', 'get', []));
+    }
+    var v = GM.CreateVariable(1024);
+    var ret = user32.SystemParametersInfoA(SPI_GETDESKWALLPAPER, v._size, v, 0);
+    if (ret.Val == 0)
+    {
+        throw ('Error occured trying to fetch wallpaper');
+    }
+    return (v.String);
+}
+
+//
+// This function sets the path for the windows desktop background of the specified user desktop session
+//
+function background_set(path, tsid)
+{
+    if (tsid != null || tsid === null) // TSID is not undefined or is explicitly null
+    {
+        // Need to disatch to different session first
+        return (sessionDispatch(tsid, 'background', 'set', [path]));
+    }
+    var nb = GM.CreateVariable(path);
+    var ret = user32.SystemParametersInfoA(SPI_SETDESKWALLPAPER, nb._size, nb, 0);
+    if (ret.Val == 0)
+    {
+        throw ('Error occured trying to set wallpaper');
+    }
+    return;
+}
+
+//
+// This is a helper function that is called by the child process from sessionDispatch()
+//
+function dispatch(parent, method, args)
+{
+    try
+    {
+        return (this[parent][method].apply(this, args));
+    }
+    catch (e)
+    {
+        console.log('ERROR: ' + e);
+        throw ('Error occured trying to dispatch: ' + method);
+    }
+}
+
+//
+// This function sets the mousetrail accessibility feature, for the specified user desktop session.
+// Setting value 0 or one disables this feature
+// Otherwise, value is the number of cursors to render for this feature
+//
+function mousetrails_set(value, tsid)
+{
+    if (tsid != null || tsid === null) // TSID is not undefined or is explicitly null
+    {
+        // Need to disatch to different session first
+        return (sessionDispatch(tsid, 'mouse', 'setTrails', [value]));
+    }
+    var ret = user32.SystemParametersInfoA(SPI_SETMOUSETRAILS, value, 0, 0);
+    if (ret.Val == 0)
+    {
+        throw ('Error occured trying to fetch wallpaper');
+    }
+}
+
+//
+// This function returns the number of cursors the mousetrail accessibility feature will render
+// A value of 0 or 1 means the feature is disabled, otherwise it is the number of cursors that will be rendered
+//
+function mousetrails_get(tsid)
+{
+    if (tsid != null || tsid === null) // TSID is not undefined or is explicitly null
+    {
+        // Need to disatch to different session first
+        return (sessionDispatch(tsid, 'mouse', 'getTrails', []));
+    }
+    var v = GM.CreateVariable(4);
+    var ret = user32.SystemParametersInfoA(SPI_GETMOUSETRAILS, v._size, v, 0);
+    if (ret.Val == 0)
+    {
+        throw ('Error occured trying to fetch wallpaper');
+    }
+    return (v.toBuffer().readUInt32LE());
+}
+
+module.exports = { background: { get: background_get, set: background_set } };
+module.exports.mouse = { getTrails: mousetrails_get, setTrails: mousetrails_set };
+module.exports.dispatch = dispatch;

agents/modules_meshcore/win-info.js

@@ -18,28 +18,21 @@ var promise = require('promise');
 
 function qfe()
 {
-    var child = require('child_process').execFile(process.env['windir'] + '\\System32\\wbem\\wmic.exe', ['wmic', 'qfe', 'list', 'full', '/FORMAT:CSV']);
-    child.stdout.str = ''; child.stdout.on('data', function (c) { this.str += c.toString(); });
-    child.stderr.str = ''; child.stderr.on('data', function (c) { this.str += c.toString(); });
-    child.waitExit();
-
-    var lines = child.stdout.str.trim().split('\r\n');
-    var keys = lines[0].split(',');
-    var i, key;
-    var tokens;
-    var result = [];
-
-    for (i = 1; i < lines.length; ++i)
-    {
-        var obj = {};
-        tokens = lines[i].split(',');
-        for (key = 0; key < keys.length; ++key)
-        {
-            if (tokens[key]) { obj[keys[key]] = tokens[key]; }
+    try {
+        var tokens = require('win-wmi').query('ROOT\\CIMV2', 'SELECT * FROM Win32_QuickFixEngineering');
+        if (tokens[0]){
+            for (var index = 0; index < tokens.length; index++) {
+                for (var key in tokens[index]) {
+                    if (key.startsWith('__')) delete tokens[index][key];
+                }
+            }
+            return (tokens);
+        } else {
+            return ([]);
         }
-        result.push(obj);
+    } catch (ex) {
+        return ([]);
     }
-    return (result);
 }
 function av()
 {
@@ -53,9 +46,23 @@ function av()
     child.stdin.write('[reflection.Assembly]::LoadWithPartialName("system.core")\r\n');
     child.stdin.write('Get-WmiObject -Namespace "root/SecurityCenter2" -Class AntiVirusProduct | ');
     child.stdin.write('ForEach-Object -Process { ');
+    child.stdin.write('$matches = [regex]::Matches($_.pathToSignedProductExe, "%(.*?)%"); ');
+    child.stdin.write('$modifiedPath = $_.pathToSignedProductExe; ');
+    child.stdin.write('foreach ($match in $matches) { ');
+    child.stdin.write('$modifiedPath = $modifiedPath -replace [regex]::Escape($match.Value), [System.Environment]::GetEnvironmentVariable($match.Groups[1].Value, "Process") ');
+    child.stdin.write('} ');
+    child.stdin.write('$flag = $true; ');
+    child.stdin.write('if ($modifiedPath -ne "windowsdefender://"){ ');
+    child.stdin.write('if (-not (Test-Path -Path $modifiedPath -PathType Leaf)) { ');
+    child.stdin.write('$flag = $false; ');
+    child.stdin.write('} ');
+    child.stdin.write('} ');
+    child.stdin.write('if ($flag -eq $true) { ')
     child.stdin.write('$Bytes = [System.Text.Encoding]::UTF8.GetBytes($_.displayName); ');
     child.stdin.write('$EncodedText =[Convert]::ToBase64String($Bytes); ');
-    child.stdin.write('Write-Host ("{0},{1}" -f $_.productState,$EncodedText); }\r\n');
+    child.stdin.write('Write-Output ("{0},{1}" -f $_.productState,$EncodedText); ');
+    child.stdin.write('} ');
+    child.stdin.write('}\r\n ');
     child.stdin.write('exit\r\n');
     child.waitExit();
 
@@ -214,6 +221,14 @@ function installedApps()
         catch(e)\
         {\
         }\
+        try\
+        {\
+            val.installdate = reg.QueryKey(reg.HKEY.LocalMachine, 'SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall\\\\' + items.subkeys[key], 'InstallDate');\
+            if (val.installdate == '') { delete val.installdate; }\
+        }\
+        catch(e)\
+        {\
+        }\
         result.push(val);\
     }\
     console.log(JSON.stringify(result,'', 1));process.exit();";
@@ -225,12 +240,33 @@ function installedApps()
     return (ret);
 }
 
+function defender(){
+    var promise = require('promise');
+    var ret = new promise(function (a, r) { this._resolve = a; this._reject = r; });
+    ret.child = require('child_process').execFile(process.env['windir'] + '\\System32\\WindowsPowerShell\\v1.0\\powershell.exe', ['powershell', '-noprofile', '-nologo', '-command', '-'], {});
+    ret.child.promise = ret;
+    ret.child.stdout.str = ''; ret.child.stdout.on('data', function (c) { this.str += c.toString(); });
+    ret.child.stderr.str = ''; ret.child.stderr.on('data', function (c) { this.str += c.toString(); });
+    ret.child.stdin.write('Get-MpComputerStatus | Select-Object RealTimeProtectionEnabled,IsTamperProtected | ConvertTo-JSON\r\n');
+    ret.child.stdin.write('exit\r\n');
+    ret.child.on('exit', function (c) { 
+        if (this.stdout.str == '') { this.promise._resolve({}); return; }
+        try {
+            var abc = JSON.parse(this.stdout.str.trim());
+            this.promise._resolve({ RealTimeProtection: abc.RealTimeProtectionEnabled, TamperProtected: abc.IsTamperProtected });
+        } catch (ex) { 
+            this.promise._resolve({}); return;
+        }
+    });
+    return (ret);
+}
+
 if (process.platform == 'win32')
 {
-    module.exports = { qfe: qfe, av: av, defrag: defrag, pendingReboot: pendingReboot, installedApps: installedApps };
+    module.exports = { qfe: qfe, av: av, defrag: defrag, pendingReboot: pendingReboot, installedApps: installedApps, defender: defender };
 }
 else
 {
     var not_supported = function () { throw (process.platform + ' not supported'); };
-    module.exports = { qfe: not_supported, av: not_supported, defrag: not_supported, pendingReboot: not_supported, installedApps: not_supported };
+    module.exports = { qfe: not_supported, av: not_supported, defrag: not_supported, pendingReboot: not_supported, installedApps: not_supported, defender: not_supported };
 }

agents/modules_meshcore/win-volumes.js

@@ -39,17 +39,90 @@ function getVolumes()
     {
         ret[v[i].DeviceID] = trimObject(v[i]);
     }
-
-    v = require('win-wmi').query('ROOT\\CIMV2\\Security\\MicrosoftVolumeEncryption', 'SELECT * FROM Win32_EncryptableVolume');
-    for (i in v)
-    {
-        var tmp = trimObject(v[i]);
-        for (var k in tmp)
+    try {
+        v = require('win-wmi').query('ROOT\\CIMV2\\Security\\MicrosoftVolumeEncryption', 'SELECT * FROM Win32_EncryptableVolume');
+        for (i in v)
         {
-            ret[tmp.DeviceID][k] = tmp[k];
+            var tmp = trimObject(v[i]);
+            for (var k in tmp)
+            {
+                ret[tmp.DeviceID][k] = tmp[k];
+            }
         }
-    }
+    } catch (ex) { }
     return (ret);
 }
 
-module.exports = { getVolumes: function () { try { return (getVolumes()); } catch (x) { return ({}); } } };
+function windows_volumes()
+{
+    var promise = require('promise');
+    var p1 = new promise(function (res, rej) { this._res = res; this._rej = rej; });
+    var ret = {};
+    var values = require('win-wmi').query('ROOT\\CIMV2', 'SELECT * FROM Win32_LogicalDisk', ['DeviceID', 'VolumeName', 'FileSystem', 'Size', 'FreeSpace', 'DriveType']);
+    if(values[0]){
+        for (var i = 0; i < values.length; ++i) {
+            var drive = values[i]['DeviceID'].slice(0,-1);
+            ret[drive] = {
+                name: (values[i]['VolumeName'] ? values[i]['VolumeName'] : ""),
+                type: (values[i]['FileSystem'] ? values[i]['FileSystem'] : "Unknown"),
+                size: (values[i]['Size'] ? values[i]['Size'] : 0),
+                sizeremaining: (values[i]['FreeSpace'] ? values[i]['FreeSpace'] : 0),
+                removable: (values[i]['DriveType'] == 2),
+                cdrom: (values[i]['DriveType'] == 5)
+            };
+        }
+    }
+    try {
+        values = require('win-wmi').query('ROOT\\CIMV2\\Security\\MicrosoftVolumeEncryption', 'SELECT * FROM Win32_EncryptableVolume', ['DriveLetter','ConversionStatus','ProtectionStatus']);
+        if(values[0]){
+            for (var i = 0; i < values.length; ++i) {
+                var drive = values[i]['DriveLetter'].slice(0,-1);
+                var statuses = {
+                    0: 'FullyDecrypted',
+                    1: 'FullyEncrypted',
+                    2: 'EncryptionInProgress',
+                    3: 'DecryptionInProgress',
+                    4: 'EncryptionPaused',
+                    5: 'DecryptionPaused'
+                };
+                ret[drive].volumeStatus = statuses.hasOwnProperty(values[i].ConversionStatus) ? statuses[values[i].ConversionStatus] : 'FullyDecrypted';
+                ret[drive].protectionStatus = (values[i].ProtectionStatus == 0 ? 'Off' : (values[i].ProtectionStatus == 1 ? 'On' : 'Unknown'));
+                try {
+                    var foundIDMarkedLine = false, foundMarkedLine = false, identifier = '', password = '';
+                    var keychild = require('child_process').execFile(process.env['windir'] + '\\system32\\cmd.exe', ['/c', 'manage-bde -protectors -get ' + drive + ': -Type recoverypassword'], {});
+                    keychild.stdout.str = ''; keychild.stdout.on('data', function (c) { this.str += c.toString(); });
+                    keychild.waitExit();
+                    var lines = keychild.stdout.str.trim().split('\r\n');
+                    for (var x = 0; x < lines.length; x++) { // Loop each line
+                        var abc = lines[x].trim();
+                        var englishidpass = (abc !== '' && abc.includes('Numerical Password:')); // English ID
+                        var germanidpass = (abc !== '' && abc.includes('Numerisches Kennwort:')); // German ID
+                        var frenchidpass = (abc !== '' && abc.includes('Mot de passe num')); // French ID
+                        var englishpass = (abc !== '' && abc.includes('Password:') && !abc.includes('Numerical Password:')); // English Password
+                        var germanpass = (abc !== '' && abc.includes('Kennwort:') && !abc.includes('Numerisches Kennwort:')); // German Password
+                        var frenchpass = (abc !== '' && abc.includes('Mot de passe :') && !abc.includes('Mot de passe num')); // French Password
+                        if (englishidpass || germanidpass || frenchidpass|| englishpass || germanpass || frenchpass) {
+                            var nextline = lines[x + 1].trim();
+                            if (x + 1 < lines.length && (nextline !== '' && (nextline.startsWith('ID:') || nextline.startsWith('ID :')) )) {
+                                identifier = nextline.replace('ID:','').replace('ID :', '').trim();
+                                foundIDMarkedLine = true;
+                            }else if (x + 1 < lines.length && nextline !== '') {
+                                password = nextline;
+                                foundMarkedLine = true;
+                            }
+                        }
+                    }
+                    ret[drive].identifier = (foundIDMarkedLine ? identifier : ''); // Set Bitlocker Identifier
+                    ret[drive].recoveryPassword = (foundMarkedLine ? password : ''); // Set Bitlocker Password
+                } catch(ex) { } // just carry on as we cant get bitlocker key
+            }
+        }
+        p1._res(ret);
+    } catch (ex) { p1._res(ret); } // just return volumes as cant get encryption/bitlocker
+    return (p1);
+}
+
+module.exports = { 
+    getVolumes: function () { try { return (getVolumes()); } catch (x) { return ({}); } },
+    volumes_promise: windows_volumes
+};

agents/recoverycore.js

@@ -485,8 +485,8 @@ function windows_execve(name, agentfilename, sessionid) {
     var cmd = require('_GenericMarshal').CreateVariable(process.env['windir'] + '\\system32\\cmd.exe', { wide: true });
     var args = require('_GenericMarshal').CreateVariable(3 * require('_GenericMarshal').PointerSize);
     var arg1 = require('_GenericMarshal').CreateVariable('cmd.exe', { wide: true });
-    var arg2 = require('_GenericMarshal').CreateVariable('/C wmic service "' + name + '" call stopservice & "' + cwd + agentfilename + '.update.exe" -b64exec ' + 'dHJ5CnsKICAgIHZhciBzZXJ2aWNlTG9jYXRpb24gPSBwcm9jZXNzLmFyZ3YucG9wKCkudG9Mb3dlckNhc2UoKTsKICAgIHJlcXVpcmUoJ3Byb2Nlc3MtbWFuYWdlcicpLmVudW1lcmF0ZVByb2Nlc3NlcygpLnRoZW4oZnVuY3Rpb24gKHByb2MpCiAgICB7CiAgICAgICAgZm9yICh2YXIgcCBpbiBwcm9jKQogICAgICAgIHsKICAgICAgICAgICAgaWYgKHByb2NbcF0ucGF0aCAmJiAocHJvY1twXS5wYXRoLnRvTG93ZXJDYXNlKCkgPT0gc2VydmljZUxvY2F0aW9uKSkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgcHJvY2Vzcy5raWxsKHByb2NbcF0ucGlkKTsKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICBwcm9jZXNzLmV4aXQoKTsKICAgIH0pOwp9CmNhdGNoIChlKQp7CiAgICBwcm9jZXNzLmV4aXQoKTsKfQ==' +
-        ' "' + process.execPath + '" & copy "' + cwd + agentfilename + '.update.exe" "' + process.execPath + '" & wmic service "' + name + '" call startservice & erase "' + cwd + agentfilename + '.update.exe"', { wide: true });
+    var arg2 = require('_GenericMarshal').CreateVariable('/C net stop "' + name + '" & "' + cwd + agentfilename + '.update.exe" -b64exec ' + 'dHJ5CnsKICAgIHZhciBzZXJ2aWNlTG9jYXRpb24gPSBwcm9jZXNzLmFyZ3YucG9wKCkudG9Mb3dlckNhc2UoKTsKICAgIHJlcXVpcmUoJ3Byb2Nlc3MtbWFuYWdlcicpLmVudW1lcmF0ZVByb2Nlc3NlcygpLnRoZW4oZnVuY3Rpb24gKHByb2MpCiAgICB7CiAgICAgICAgZm9yICh2YXIgcCBpbiBwcm9jKQogICAgICAgIHsKICAgICAgICAgICAgaWYgKHByb2NbcF0ucGF0aCAmJiAocHJvY1twXS5wYXRoLnRvTG93ZXJDYXNlKCkgPT0gc2VydmljZUxvY2F0aW9uKSkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgcHJvY2Vzcy5raWxsKHByb2NbcF0ucGlkKTsKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICBwcm9jZXNzLmV4aXQoKTsKICAgIH0pOwp9CmNhdGNoIChlKQp7CiAgICBwcm9jZXNzLmV4aXQoKTsKfQ==' +
+        ' "' + process.execPath + '" & copy "' + cwd + agentfilename + '.update.exe" "' + process.execPath + '" & net start "' + name + '" & erase "' + cwd + agentfilename + '.update.exe"', { wide: true });
 
     if (name == null)
     {

amt/amt-ider-module.js

@@ -152,7 +152,7 @@ module.exports.CreateAmtRemoteIder = function (webserver, meshcentral) {
     obj.ProcessData = function (data) {
         data = Buffer.from(data, 'binary');
         obj.bytesFromAmt += data.length;
-        if (obj.acc == null) { obj.acc = data; } else { obj.acc = Buffer.concat(obj.acc, data); }
+        if (obj.acc == null) { obj.acc = data; } else { obj.acc = Buffer.concat([obj.acc, data]); }
         if (obj.debug) console.log('IDER-ProcessData', obj.acc.length, obj.acc.toString('hex'));
 
         // Process as many commands as possible

amt/amt-redir-mesh.js

@@ -170,8 +170,12 @@ module.exports.CreateAmtRedirect = function (module, domain, user, webserver, me
 
                     // TLSSocket to encapsulate TLS communication, which then tunneled via SerialTunnel an then wrapped through CIRA APF
                     const TLSSocket = require('tls').TLSSocket;
-                    const tlsoptions = { ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: constants.SSL_OP_NO_SSLv2 | constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_COMPRESSION | constants.SSL_OP_CIPHER_SERVER_PREFERENCE, rejectUnauthorized: false };
-                    if (obj.tls1only == 1) { tlsoptions.secureProtocol = 'TLSv1_method'; }
+                    const tlsoptions = { ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: constants.SSL_OP_NO_SSLv2 | constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_COMPRESSION | constants.SSL_OP_CIPHER_SERVER_PREFERENCE | constants.SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, rejectUnauthorized: false };
+                    if (obj.tls1only == 1) {
+                        tlsoptions.secureProtocol = 'TLSv1_method';
+                    } else {
+                        tlsoptions.minVersion = 'TLSv1';
+                    }
                     const tlsock = new TLSSocket(ser, tlsoptions);
                     tlsock.on('error', function (err) { Debug(1, "CIRA TLS Connection Error ", err); });
                     tlsock.on('secureConnect', function () { Debug(2, "CIRA Secure TLS Connection"); ws._socket.resume(); });
@@ -228,8 +232,12 @@ module.exports.CreateAmtRedirect = function (module, domain, user, webserver, me
                     obj.forwardclient.setEncoding('binary');
                 } else {
                     // If TLS is going to be used, setup a TLS socket
-                    var tlsoptions = { ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: constants.SSL_OP_NO_SSLv2 | constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_COMPRESSION | constants.SSL_OP_CIPHER_SERVER_PREFERENCE, rejectUnauthorized: false };
-                    if (obj.tls1only == 1) { tlsoptions.secureProtocol = 'TLSv1_method'; }
+                    var tlsoptions = { ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: constants.SSL_OP_NO_SSLv2 | constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_COMPRESSION | constants.SSL_OP_CIPHER_SERVER_PREFERENCE | constants.SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, rejectUnauthorized: false };
+                    if (obj.tls1only == 1) {
+                        tlsoptions.secureProtocol = 'TLSv1_method';
+                    } else {
+                        tlsoptions.minVersion = 'TLSv1';
+                    }
                     obj.forwardclient = obj.tls.connect(port, node.host, tlsoptions, function () {
                         // The TLS connection method is the same as TCP, but located a bit differently.
                         Debug(2, 'TLS Intel AMT transport connected to ' + node.host + ':' + port + '.');

amt/amt-wsman-comm.js

@@ -236,8 +236,12 @@ var CreateWsmanComm = function (host, port, user, pass, tls, tlsoptions, mpsConn
                     if (state == 0) { obj.xxOnSocketClosed(); }
                     if (state == 2) {
                         // TLSSocket to encapsulate TLS communication, which then tunneled via SerialTunnel an then wrapped through CIRA APF
-                        var options = { socket: ser, ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: obj.constants.SSL_OP_NO_SSLv2 | obj.constants.SSL_OP_NO_SSLv3 | obj.constants.SSL_OP_NO_COMPRESSION | obj.constants.SSL_OP_CIPHER_SERVER_PREFERENCE, rejectUnauthorized: false };
-                        if (obj.xtlsMethod == 1) { options.secureProtocol = 'TLSv1_method'; }
+                        var options = { socket: ser, ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: obj.constants.SSL_OP_NO_SSLv2 | obj.constants.SSL_OP_NO_SSLv3 | obj.constants.SSL_OP_NO_COMPRESSION | obj.constants.SSL_OP_CIPHER_SERVER_PREFERENCE | obj.constants.SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, rejectUnauthorized: false };
+                        if (obj.xtlsMethod == 1) {
+                            options.secureProtocol = 'TLSv1_method';
+                        } else {
+                            options.minVersion = 'TLSv1';
+                        }
                         if (obj.xtlsoptions) {
                             if (obj.xtlsoptions.ca) { options.ca = obj.xtlsoptions.ca; }
                             if (obj.xtlsoptions.cert) { options.cert = obj.xtlsoptions.cert; }
@@ -274,8 +278,12 @@ var CreateWsmanComm = function (host, port, user, pass, tls, tlsoptions, mpsConn
                 obj.socket.connect(obj.port, obj.host, obj.xxOnSocketConnected);
             } else {
                 // Direct connect with TLS
-                var options = { ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: obj.constants.SSL_OP_NO_SSLv2 | obj.constants.SSL_OP_NO_SSLv3 | obj.constants.SSL_OP_NO_COMPRESSION | obj.constants.SSL_OP_CIPHER_SERVER_PREFERENCE, rejectUnauthorized: false };
-                if (obj.xtlsMethod != 0) { options.secureProtocol = 'TLSv1_method'; }
+                var options = { ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: obj.constants.SSL_OP_NO_SSLv2 | obj.constants.SSL_OP_NO_SSLv3 | obj.constants.SSL_OP_NO_COMPRESSION | obj.constants.SSL_OP_CIPHER_SERVER_PREFERENCE | obj.constants.SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, rejectUnauthorized: false };
+                if (obj.xtlsMethod == 1) {
+                    options.secureProtocol = 'TLSv1_method';
+                } else {
+                    options.minVersion = 'TLSv1';
+                }
                 if (obj.xtlsoptions) {
                     if (obj.xtlsoptions.ca) { options.ca = obj.xtlsoptions.ca; }
                     if (obj.xtlsoptions.cert) { options.cert = obj.xtlsoptions.cert; }
@@ -283,7 +291,7 @@ var CreateWsmanComm = function (host, port, user, pass, tls, tlsoptions, mpsConn
                 }
                 obj.socket = obj.tls.connect(obj.port, obj.host, options, obj.xxOnSocketConnected);
                 obj.socket.setEncoding('binary');
-                obj.socket.setTimeout(60000); // Set socket idle timeout
+                obj.socket.setTimeout(28000); // Set socket idle timeout of 28 seconds
                 obj.socket.on('data', obj.xxOnSocketData);
                 obj.socket.on('close', obj.xxOnSocketClosed);
                 obj.socket.on('timeout', obj.destroy);

amtmanager.js

@@ -638,7 +638,7 @@ module.exports.CreateAmtManager = function (parent) {
 
                 // Connect now
                 var comm;
-                if ((dev.tlsfail !== true) && (parent.config.domains[dev.domainid].amtmanager.tlsconnections !== false)) {
+                if ((dev.tlsfail !== true) && (parent.config.domains[dev.domainid].amtmanager.tlsconnections !== false) && (dev.intelamt.tls == 1)) {
                     parent.debug('amt', dev.name, (dev.connType == 1) ? 'Relay-Connect' : 'LMS-Connect', "TLS", user);
                     comm = CreateWsmanComm(dev.nodeid, 16993, user, pass, 1, null, ciraconn); // Perform TLS
                     comm.xtlsFingerprint = 0; // Perform no certificate checking
@@ -670,7 +670,7 @@ module.exports.CreateAmtManager = function (parent) {
 
                     // Connect now
                     var comm;
-                    if ((dev.tlsfail !== true) && (parent.config.domains[dev.domainid].amtmanager.tlsconnections !== false)) {
+                    if ((dev.tlsfail !== true) && (parent.config.domains[dev.domainid].amtmanager.tlsconnections !== false) && (dev.intelamt.tls == 1)) {
                         parent.debug('amt', dev.name, 'Direct-Connect', "TLS", dev.host, user);
                         comm = CreateWsmanComm(dev.host, 16993, user, pass, 1); // Always try with TLS first
                         comm.xtlsFingerprint = 0; // Perform no certificate checking
@@ -707,7 +707,15 @@ module.exports.CreateAmtManager = function (parent) {
             dev.aquired.controlMode = responses['IPS_HostBasedSetupService'].response.CurrentControlMode; // 1 = CCM, 2 = ACM
             if (typeof stack.wsman.comm.amtVersion == 'string') { // Set the Intel AMT version using the HTTP header if present
                 var verSplit = stack.wsman.comm.amtVersion.split('.');
-                if (verSplit.length >= 3) { dev.aquired.version = verSplit[0] + '.' + verSplit[1] + '.' + verSplit[2]; dev.aquired.majorver = parseInt(verSplit[0]); dev.aquired.minorver = parseInt(verSplit[1]); }
+                if (verSplit.length >= 2) {
+                    dev.aquired.version = verSplit[0] + '.' + verSplit[1];
+                    dev.aquired.majorver = parseInt(verSplit[0]);
+                    dev.aquired.minorver = parseInt(verSplit[1]);
+                    if (verSplit.length >= 3) {
+                        dev.aquired.version = verSplit[0] + '.' + verSplit[1] + '.' + verSplit[2];
+                        dev.aquired.maintenancever = parseInt(verSplit[2]);
+                    }
+                }
             }
             dev.aquired.realm = stack.wsman.comm.digestRealm;
             dev.aquired.user = dev.intelamt.user = stack.wsman.comm.user;
@@ -750,7 +758,8 @@ module.exports.CreateAmtManager = function (parent) {
                                                 // Start power polling if not connected to LMS
                                                 var ppfunc = function powerPoleFunction() { fetchPowerState(powerPoleFunction.dev); }
                                                 ppfunc.dev = dev;
-                                                dev.polltimer = new setTimeout(ppfunc, 290000); // Poll for power state every 4 minutes 50 seconds.
+                                                if(dev.polltimer){ clearInterval(dev.polltimer); delete dev.polltimer; }
+                                                dev.polltimer = new setInterval(ppfunc, 290000); // Poll for power state every 4 minutes 50 seconds.
                                                 fetchPowerState(dev);
                                             } else {
                                                 // For LMS connections, close now.
@@ -766,9 +775,12 @@ module.exports.CreateAmtManager = function (parent) {
             });
         } else {
             // We got a bad response
-            if ((dev.conntype != 0) && (dev.tlsfail !== true) && (status == 408)) { // If not using CIRA and we get a 408 error while using TLS, try non-TLS.
+            if ((dev.connType != 0) && (dev.tlsfail !== false) && (status == 408)) { // If not using CIRA and we get a 408 error while using non-TLS, try TLS.
+                // non-TLS error on a local connection, try again with TLS
+                dev.tlsfail = false; dev.intelamt.tls = 1; attemptInitialContact(dev); return;
+            } else if ((dev.connType != 0) && (dev.tlsfail !== true) && (status == 408)) { // If not using CIRA and we get a 408 error while using TLS, try non-TLS.
                 // TLS error on a local connection, try again without TLS
-                dev.tlsfail = true; attemptInitialContact(dev); return;
+                dev.tlsfail = true; dev.intelamt.tls = 0; attemptInitialContact(dev); return;
             } else if (status == 401) {
                 // Authentication error, see if we can use alternative credentials
                 if (dev.acctry != null) {
@@ -930,8 +942,8 @@ module.exports.CreateAmtManager = function (parent) {
                     if (response.Body.OSPowerSavingState == 2) { meshPowerState = 1; } // Fully powered (S0);
                     else if (response.Body.OSPowerSavingState == 3) { meshPowerState = 2; } // Modern standby (We are going to call this S1);
 
-                    // Set OS power state
-                    if (meshPowerState >= 0) { parent.SetConnectivityState(dev.meshid, dev.nodeid, Date.now(), 4, meshPowerState, null, { name: dev.name }); }
+                    // Set OS power state - connType: 0 = CIRA, 1 = CIRA-Relay, 2 = CIRA-LMS, 3 = LAN
+                    if (meshPowerState >= 0) { parent.SetConnectivityState(dev.meshid, dev.nodeid, Date.now(), (dev.connType == 3 ? 4 : 2), meshPowerState, null, { name: dev.name }); }
                 });
             } else {
                 // Convert the power state
@@ -940,14 +952,15 @@ module.exports.CreateAmtManager = function (parent) {
                 var meshPowerState = -1, powerConversionTable = [-1, -1, 1, 2, 3, 6, 6, 5, 6];
                 if (powerstate < powerConversionTable.length) { meshPowerState = powerConversionTable[powerstate]; } else { powerstate = 6; }
 
-                // Set power state
-                if (meshPowerState >= 0) { parent.SetConnectivityState(dev.meshid, dev.nodeid, Date.now(), 4, meshPowerState, null, { name: dev.name }); }
+                // Set power state - connType: 0 = CIRA, 1 = CIRA-Relay, 2 = CIRA-LMS, 3 = LAN
+                if (meshPowerState >= 0) { parent.SetConnectivityState(dev.meshid, dev.nodeid, Date.now(), (dev.connType == 3 ? 4 : 2), meshPowerState, null, { name: dev.name }); }
             }
         });
     }
 
-    // Perform a power action: 2 = Power up, 5 = Power cycle, 8 = Power down, 10 = Reset, 11 = Power on to BIOS, 12 = Reset to BIOS, 13 = Power on to BIOS with SOL, 14 = Reset to BIOS with SOL
+    // Perform a power action: 2 = Power up, 5 = Power cycle, 8 = Power down, 10 = Reset, 11 = Power on to BIOS, 12 = Reset to BIOS, 13 = Power on to BIOS with SOL, 14 = Reset to BIOS with SOL, 15 = Power on to PXE, 16 = Reset to PXE
     function performPowerAction(nodeid, action) {
+        console.log('performPowerAction', nodeid, action);
         var devices = obj.amtDevices[nodeid];
         if (devices == null) return;
         for (var i in devices) {
@@ -960,7 +973,7 @@ module.exports.CreateAmtManager = function (parent) {
                     // Action: 2 = Power up, 5 = Power cycle, 8 = Power down, 10 = Reset
                     try { dev.amtstack.RequestPowerStateChange(action, performPowerActionResponse); } catch (ex) { }
                 } else {
-                    // 11 = Power on to BIOS, 12 = Reset to BIOS, 13 = Power on to BIOS with SOL, 14 = Reset to BIOS with SOL
+                    // 11 = Power on to BIOS, 12 = Reset to BIOS, 13 = Power on to BIOS with SOL, 14 = Reset to BIOS with SOL, 15 = Power on to PXE, 16 = Reset to PXE
                     dev.amtstack.BatchEnum(null, ['*AMT_BootSettingData'], performAdvancedPowerActionResponse);
                 }
             }
@@ -975,20 +988,44 @@ module.exports.CreateAmtManager = function (parent) {
         if (obj.amtDevices[dev.nodeid] == null) return; // Device no longer exists, ignore this response.
         if (status != 200) return;
         if ((responses['AMT_BootSettingData'] == null) || (responses['AMT_BootSettingData'].response == null)) return;
-
         var bootSettingData = responses['AMT_BootSettingData'].response;
+
+        // Clean up parameters
+        bootSettingData['ConfigurationDataReset'] = false;
+        delete bootSettingData['WinREBootEnabled'];
+        delete bootSettingData['UEFILocalPBABootEnabled'];
+        delete bootSettingData['UEFIHTTPSBootEnabled'];
+        delete bootSettingData['SecureBootControlEnabled'];
+        delete bootSettingData['BootguardStatus'];
+        delete bootSettingData['OptionsCleared'];
+        delete bootSettingData['BIOSLastStatus'];
+        delete bootSettingData['UefiBootParametersArray'];
+        delete bootSettingData['RPEEnabled'];
+        delete bootSettingData['RSEPassword']
+
+        // Ready boot parameters
         bootSettingData['BIOSSetup'] = ((action >= 11) && (action <= 14));
         bootSettingData['UseSOL'] = ((action >= 13) && (action <= 14));
-        if ((action == 11) || (action == 13)) { dev.powerAction = 2; } // Power on
-        if ((action == 12) || (action == 14)) { dev.powerAction = 10; } // Reset
+        if ((action == 11) || (action == 13) || (action == 15)) { dev.powerAction = 2; } // Power on
+        if ((action == 12) || (action == 14) || (action == 16)) { dev.powerAction = 10; } // Reset
 
-        dev.amtstack.Put('AMT_BootSettingData', bootSettingData, function performAdvancedPowerActionResponseEx(stack, name, response, status, tag) {
+        // Set boot parameters
+        dev.amtstack.Put('AMT_BootSettingData', bootSettingData, function (stack, name, response, status, tag) {
             const dev = stack.dev;
-            const action = dev.powerAction;
-            delete dev.powerAction;
-            if (obj.amtDevices[dev.nodeid] == null) return; // Device no longer exists, ignore this response.
-            if (status != 200) return;
-            try { dev.amtstack.RequestPowerStateChange(action, performPowerActionResponse); } catch (ex) { }
+            if ((obj.amtDevices[dev.nodeid] == null) || (status != 200)) return; // Device no longer exists or error
+            // Set boot config
+            dev.amtstack.SetBootConfigRole(1, function (stack, name, response, status, tag) {
+                const dev = stack.dev;
+                if ((obj.amtDevices[dev.nodeid] == null) || (status != 200)) return; // Device no longer exists or error
+                // Set boot order
+                var bootDevice = (action === 15 || action === 16) ? '<Address xmlns="http://schemas.xmlsoap.org/ws/2004/08/addressing">http://schemas.xmlsoap.org/ws/2004/08/addressing</Address><ReferenceParameters xmlns="http://schemas.xmlsoap.org/ws/2004/08/addressing"><ResourceURI xmlns="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd">http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_BootSourceSetting</ResourceURI><SelectorSet xmlns="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd"><Selector Name="InstanceID">Intel(r) AMT: Force PXE Boot</Selector></SelectorSet></ReferenceParameters>' : null;
+                dev.amtstack.CIM_BootConfigSetting_ChangeBootOrder(bootDevice, function (stack, name, response, status) {
+                    const dev = stack.dev;
+                    if ((obj.amtDevices[dev.nodeid] == null) || (status != 200)) return; // Device no longer exists or error
+                    // Perform power action
+                    try { dev.amtstack.RequestPowerStateChange(dev.powerAction, performPowerActionResponse); } catch (ex) { }
+                }, 0, 1);
+            }, 0, 1);
         }, 0, 1);
     }
 
@@ -1035,7 +1072,7 @@ module.exports.CreateAmtManager = function (parent) {
         if (status != 200) { dev.consoleMsg("Failed to get security information (" + status + ")."); delete dev.ocrfile; return; }
 
         // Check if this Intel AMT device supports OCR
-        if (responses['AMT_PublicKeyCertificate'].responses['ForceUEFIHTTPSBoot'] !== true) {
+        if (responses['AMT_BootCapabilities'].response['ForceUEFIHTTPSBoot'] !== true) {
             dev.consoleMsg("This Intel AMT device does not support UEFI HTTPS boot  (" + status + ")."); delete dev.ocrfile; return;
         }
 
@@ -1065,11 +1102,14 @@ module.exports.CreateAmtManager = function (parent) {
 
         // Generate the one-time URL.
         var cookie = obj.parent.encodeCookie({ a: 'f', f: dev.ocrfile }, obj.parent.loginCookieEncryptionKey)
-        var url = 'https://' + parent.webserver.certificates.AmtMpsName + ':' + ((parent.args.mpsaliasport != null) ? parent.args.mpsaliasport : parent.args.mpsport) + '/c/' + cookie + '.iso';
+        var url = 'https://' + parent.webserver.certificates.AmtMpsName + ':' + ((parent.args.mpsaliasport != null) ? parent.args.mpsaliasport : parent.args.mpsport) + '/c/' + cookie + '.efi';
         delete dev.ocrfile;
 
         // Generate the boot data for OCR with URL
         var r = response.Body;
+        r['BIOSPause'] = false;
+        r['BIOSSetup'] = false;
+        r['EnforceSecureBoot'] = false;
         r['UefiBootParametersArray'] = Buffer.from(makeUefiBootParam(1, url) + makeUefiBootParam(20, 1, 1) + makeUefiBootParam(30, 0, 2), 'binary').toString('base64');
         r['UefiBootNumberOfParams'] = 3;
         r['BootMediaIndex'] = 0; // Do not use boot media index for One Click Recovery (OCR)
@@ -1090,8 +1130,7 @@ module.exports.CreateAmtManager = function (parent) {
         dev.amtstack.SetBootConfigRole(1, function (stack, name, response, status) {
             if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request.
             if (status != 200) { dev.consoleMsg("Failed to set boot config role (" + status + ")."); return; }
-            var bootSource = 'Force OCR UEFI HTTPS Boot';
-            dev.amtstack.CIM_BootConfigSetting_ChangeBootOrder((bootSource == null) ? bootSource : '<Address xmlns="http://schemas.xmlsoap.org/ws/2004/08/addressing">http://schemas.xmlsoap.org/ws/2004/08/addressing</Address><ReferenceParameters xmlns="http://schemas.xmlsoap.org/ws/2004/08/addressing"><ResourceURI xmlns="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd">http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_BootSourceSetting</ResourceURI><SelectorSet xmlns="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd"><Selector Name="InstanceID">Intel(r) AMT: ' + bootSource + '</Selector></SelectorSet></ReferenceParameters>', function (stack, name, response, status) {
+            dev.amtstack.CIM_BootConfigSetting_ChangeBootOrder('<Address xmlns="http://schemas.xmlsoap.org/ws/2004/08/addressing">http://schemas.xmlsoap.org/ws/2004/08/addressing</Address><ReferenceParameters xmlns="http://schemas.xmlsoap.org/ws/2004/08/addressing"><ResourceURI xmlns="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd">http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_BootSourceSetting</ResourceURI><SelectorSet xmlns="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd"><Selector Name="InstanceID">Intel(r) AMT: Force OCR UEFI HTTPS Boot</Selector></SelectorSet></ReferenceParameters>', function (stack, name, response, status) {
                 if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request.
                 if (status != 200) { dev.consoleMsg("Failed to set boot config (" + status + ")."); return; }
                 dev.amtstack.RequestPowerStateChange(10, function (stack, name, response, status) { // 10 = Reset, 2 = Power Up
@@ -1294,7 +1333,7 @@ module.exports.CreateAmtManager = function (parent) {
                         }
 
                         // Figure out what index is local & remote
-                        var localNdx = ((dev.policy.tlsSettings[0]['InstanceID'] == 'Intel(r) AMT LMS TLS Settings')) ? 0 : 1, remoteNdx = (1 - localNdx);
+                        var localNdx = ((dev.policy != null) && (dev.policy.tlsSettings != null) && (dev.policy.tlsSettings[0] != null) && (dev.policy.tlsSettings[0]['InstanceID'] == 'Intel(r) AMT LMS TLS Settings')) ? 0 : 1, remoteNdx = (1 - localNdx);
 
                         // Remote TLS settings
                         var xxTlsSettings2 = Clone(dev.policy.tlsSettings);
@@ -2318,7 +2357,8 @@ module.exports.CreateAmtManager = function (parent) {
             const dev = stack.dev;
             if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request.
             const domain = parent.config.domains[dev.domainid];
-            if ((responses['AMT_PublicKeyCertificate'].status != 200) || (responses['AMT_PublicKeyCertificate'].status != 200)) { func(dev); return; } // We can't get the certificate list, fail and carry on.
+            if ((responses['AMT_PublicKeyCertificate'].status != 200) || (responses['AMT_PublicPrivateKeyPair'].status != 200)) { func(dev); return; } // We can't get the certificate list, fail and carry on.
+            if ((responses['AMT_PublicKeyCertificate'].responses.length == 0) || (responses['AMT_PublicPrivateKeyPair'].responses.length == 0)) { func(dev); return; } // Empty certificate list, fail and carry on.
 
             // Sort out the certificates
             var xxCertificates = responses['AMT_PublicKeyCertificate'].responses;
@@ -2596,7 +2636,14 @@ module.exports.CreateAmtManager = function (parent) {
                     if (domain && domain.amtmanager && (domain.amtmanager.tlsacmactivation == true)) { TlsAcmActivation = true; }
 
                     // Check Intel AMT version
-                    if (typeof dev.intelamt.ver == 'string') { var verSplit = dev.intelamt.ver.split('.'); if (verSplit.length >= 3) { dev.aquired.majorver = parseInt(verSplit[0]); dev.aquired.minorver = parseInt(verSplit[1]); } }
+                    if (typeof dev.intelamt.ver == 'string') {
+                        var verSplit = dev.intelamt.ver.split('.');
+                        if (verSplit.length >= 2) {
+                            dev.aquired.majorver = parseInt(verSplit[0]);
+                            dev.aquired.minorver = parseInt(verSplit[1]);
+                            if (verSplit.length >= 3) { dev.aquired.maintenancever = parseInt(verSplit[2]); }
+                        }
+                    }
 
                     // If this is Intel AMT 14 or better and allowed, we are going to attempt a host-based end-to-end TLS activation.
                     if (TlsAcmActivation && (dev.aquired.majorver >= 14)) {
@@ -2652,7 +2699,15 @@ module.exports.CreateAmtManager = function (parent) {
         dev.aquired.controlMode = 1; // 1 = CCM, 2 = ACM
         if (typeof dev.amtstack.wsman.comm.amtVersion == 'string') {
             var verSplit = dev.amtstack.wsman.comm.amtVersion.split('.');
-            if (verSplit.length >= 3) { dev.aquired.version = verSplit[0] + '.' + verSplit[1] + '.' + verSplit[2]; dev.aquired.majorver = parseInt(verSplit[0]); dev.aquired.minorver = parseInt(verSplit[1]); }
+            if (verSplit.length >= 2) {
+                dev.aquired.version = verSplit[0] + '.' + verSplit[1];
+                dev.aquired.majorver = parseInt(verSplit[0]);
+                dev.aquired.minorver = parseInt(verSplit[1]);
+                if (verSplit.length >= 3) {
+                    dev.aquired.version = verSplit[0] + '.' + verSplit[1] + '.' + verSplit[2];
+                    dev.aquired.maintenancever = parseInt(verSplit[2]);
+                }
+            }
         }
         if ((typeof dev.mpsConnection.tag.meiState.OsHostname == 'string') && (typeof dev.mpsConnection.tag.meiState.OsDnsSuffix == 'string')) {
             dev.aquired.host = dev.mpsConnection.tag.meiState.OsHostname + '.' + dev.mpsConnection.tag.meiState.OsDnsSuffix;
@@ -2787,8 +2842,10 @@ module.exports.CreateAmtManager = function (parent) {
                 var vs = getInstance(amtlogicalelements, 'AMT')['VersionString'];
                 if (vs != null) {
                     dev.aquired.version = vs;
-                    dev.aquired.versionmajor = parseInt(dev.aquired.version.split('.')[0]);
-                    dev.aquired.versionminor = parseInt(dev.aquired.version.split('.')[1]);
+                    version = dev.aquired.version.split('.')
+                    dev.aquired.versionmajor = parseInt(version[0]);
+                    dev.aquired.versionminor = parseInt(version[1]);
+                    if (version.length > 2) { dev.aquired.versionmaintenance = parseInt(version[2]); }
                 }
             }
         }
@@ -2796,10 +2853,14 @@ module.exports.CreateAmtManager = function (parent) {
         // Fetch the Intel AMT version from HTTP stack
         if ((dev.amtversionstr == null) && (stack.wsman.comm.amtVersion != null)) {
             var s = stack.wsman.comm.amtVersion.split('.');
-            if (s.length >= 3) {
-                dev.aquired.version = s[0] + '.' + s[1] + '.' + s[2];
+            if (s.length >= 2) {
+                dev.aquired.version = s[0] + '.' + s[1] + '.';
                 dev.aquired.versionmajor = parseInt(s[0]);
                 dev.aquired.versionminor = parseInt(s[1]);
+                if (s.length >= 3) {
+                    dev.aquired.version = s[0] + '.' + s[1] + '.' + s[2];
+                    dev.aquired.versionmaintenance = parseInt(s[2]);
+                }
             }
         }
 

amtprovisioningserver.js

@@ -201,8 +201,10 @@ module.exports.CreateAmtProvisioningServer = function (parent, config) {
                 var vs = getInstance(amtlogicalelements, 'AMT')['VersionString'];
                 if (vs != null) {
                     dev.aquired.version = vs;
-                    dev.aquired.versionmajor = parseInt(dev.aquired.version.split('.')[0]);
-                    dev.aquired.versionminor = parseInt(dev.aquired.version.split('.')[1]);
+                    const versionSplit = parseInt(dev.aquired.version.split('.'));
+                    dev.aquired.versionmajor = parseInt(versionSplit[0]);
+                    dev.aquired.versionminor = parseInt(versionSplit[1]);
+                    if (versionSplit.length >= 3) { dev.aquired.versionmaintenance = parseInt(versionSplit[2]); }
                 }
             }
         }
@@ -210,10 +212,14 @@ module.exports.CreateAmtProvisioningServer = function (parent, config) {
         // Fetch the Intel AMT version from HTTP stack
         if ((dev.amtversionstr == null) && (stack.wsman.comm.amtVersion != null)) {
             var s = stack.wsman.comm.amtVersion.split('.');
-            if (s.length >= 3) {
-                dev.aquired.version = s[0] + '.' + s[1] + '.' + s[2];
+            if (s.length >= 2) {
+                dev.aquired.version = s[0] + '.' + s[1];
                 dev.aquired.versionmajor = parseInt(s[0]);
                 dev.aquired.versionminor = parseInt(s[1]);
+                if (s.length >= 3) {
+                    dev.aquired.version = s[0] + '.' + s[1] + '.' + s[2];
+                    dev.aquired.versionmaintenance = parseInt(s[2]);
+                }
             }
         }
 

amtscanner.js

@@ -362,8 +362,8 @@ module.exports.CreateAmtScanner = function (parent) {
         if (oldVer == newVer) return false; // Versions are same already, don't update.
         if (newVer == undefined || newVer == null) return false; // New version is bad, don't update it.
         if (oldVer == undefined || oldVer == null) return true; // Old version is no good anyway, update it.
-        var oldVerArr = oldVer.split('.');
-        var newVerArr = newVer.split('.');
+        var oldVerArr = oldVer.toString().split('.');
+        var newVerArr = newVer.toString().split('.');
         if ((oldVerArr.length < 2) || (newVerArr.length < 2)) return false;
         if ((oldVerArr[0] != newVerArr[0]) || (oldVerArr[1] != newVerArr[1])) return true;
         if (newVerArr.length > oldVerArr.length) return true;
@@ -387,8 +387,12 @@ module.exports.CreateAmtScanner = function (parent) {
             } else {
                 // Connect using TLS, we will switch from default TLS to TLS1-only and back if we get a connection error to support older Intel AMT.
                 if (scaninfo.tlsoption == null) { scaninfo.tlsoption = 0; }
-                const tlsOptions = { rejectUnauthorized: false, ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: constants.SSL_OP_NO_SSLv2 | constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_COMPRESSION | constants.SSL_OP_CIPHER_SERVER_PREFERENCE };
-                if (scaninfo.tlsoption == 1) { tlsOptions.secureProtocol = 'TLSv1_method'; }
+                const tlsOptions = { rejectUnauthorized: false, ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: constants.SSL_OP_NO_SSLv2 | constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_COMPRESSION | constants.SSL_OP_CIPHER_SERVER_PREFERENCE | constants.SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION };
+                if (scaninfo.tlsoption == 1) {
+                    tlsOptions.secureProtocol = 'TLSv1_method';
+                } else {
+                    tlsOptions.minVersion = 'TLSv1';
+                }
                 client = obj.tls.connect(port, host, tlsOptions, function () { this.write('GET / HTTP/1.1\r\nhost: ' + host + '\r\n\r\n'); });
             }
             client.scaninfo = scaninfo;

apprelays.js

@@ -1,4 +1,4 @@
-/**
+/**
 * @description MeshCentral MSTSC & SSH relay
 * @author Ylian Saint-Hilaire & Bryan Roe
 * @copyright Intel Corporation 2018-2022
@@ -35,28 +35,29 @@ const PROTOCOL_WEBSFTP = 203;
 const PROTOCOL_WEBVNC = 204;
 
 // Mesh Rights
-const MESHRIGHT_EDITMESH = 0x00000001; // 1
-const MESHRIGHT_MANAGEUSERS = 0x00000002; // 2
-const MESHRIGHT_MANAGECOMPUTERS = 0x00000004; // 4
-const MESHRIGHT_REMOTECONTROL = 0x00000008; // 8
-const MESHRIGHT_AGENTCONSOLE = 0x00000010; // 16
-const MESHRIGHT_SERVERFILES = 0x00000020; // 32
-const MESHRIGHT_WAKEDEVICE = 0x00000040; // 64
-const MESHRIGHT_SETNOTES = 0x00000080; // 128
-const MESHRIGHT_REMOTEVIEWONLY = 0x00000100; // 256
-const MESHRIGHT_NOTERMINAL = 0x00000200; // 512
-const MESHRIGHT_NOFILES = 0x00000400; // 1024
-const MESHRIGHT_NOAMT = 0x00000800; // 2048
-const MESHRIGHT_DESKLIMITEDINPUT = 0x00001000; // 4096
-const MESHRIGHT_LIMITEVENTS = 0x00002000; // 8192
-const MESHRIGHT_CHATNOTIFY = 0x00004000; // 16384
-const MESHRIGHT_UNINSTALL = 0x00008000; // 32768
-const MESHRIGHT_NODESKTOP = 0x00010000; // 65536
-const MESHRIGHT_REMOTECOMMAND = 0x00020000; // 131072
-const MESHRIGHT_RESETOFF = 0x00040000; // 262144
-const MESHRIGHT_GUESTSHARING = 0x00080000; // 524288
-const MESHRIGHT_DEVICEDETAILS = 0x00100000; // 1048576
-const MESHRIGHT_ADMIN = 0xFFFFFFFF;
+const MESHRIGHT_EDITMESH            = 0x00000001; // 1
+const MESHRIGHT_MANAGEUSERS         = 0x00000002; // 2
+const MESHRIGHT_MANAGECOMPUTERS     = 0x00000004; // 4
+const MESHRIGHT_REMOTECONTROL       = 0x00000008; // 8
+const MESHRIGHT_AGENTCONSOLE        = 0x00000010; // 16
+const MESHRIGHT_SERVERFILES         = 0x00000020; // 32
+const MESHRIGHT_WAKEDEVICE          = 0x00000040; // 64
+const MESHRIGHT_SETNOTES            = 0x00000080; // 128
+const MESHRIGHT_REMOTEVIEWONLY      = 0x00000100; // 256
+const MESHRIGHT_NOTERMINAL          = 0x00000200; // 512
+const MESHRIGHT_NOFILES             = 0x00000400; // 1024
+const MESHRIGHT_NOAMT               = 0x00000800; // 2048
+const MESHRIGHT_DESKLIMITEDINPUT    = 0x00001000; // 4096
+const MESHRIGHT_LIMITEVENTS         = 0x00002000; // 8192
+const MESHRIGHT_CHATNOTIFY          = 0x00004000; // 16384
+const MESHRIGHT_UNINSTALL           = 0x00008000; // 32768
+const MESHRIGHT_NODESKTOP           = 0x00010000; // 65536
+const MESHRIGHT_REMOTECOMMAND       = 0x00020000; // 131072
+const MESHRIGHT_RESETOFF            = 0x00040000; // 262144
+const MESHRIGHT_GUESTSHARING        = 0x00080000; // 524288
+const MESHRIGHT_DEVICEDETAILS       = 0x00100000; // 1048576
+const MESHRIGHT_RELAY               = 0x00200000; // 2097152
+const MESHRIGHT_ADMIN               = 0xFFFFFFFF;
 
 // SerialTunnel object is used to embed TLS within another connection.
 function SerialTunnel(options) {
@@ -69,7 +70,7 @@ function SerialTunnel(options) {
 }
 
 // Construct a Web relay object
-module.exports.CreateWebRelaySession = function (parent, db, req, args, domain, userid, nodeid, addr, port, appid, sessionid, expire) {
+module.exports.CreateWebRelaySession = function (parent, db, req, args, domain, userid, nodeid, addr, port, appid, sessionid, expire, mtype) {
     const obj = {};
     obj.parent = parent;
     obj.lastOperation = Date.now();
@@ -81,6 +82,7 @@ module.exports.CreateWebRelaySession = function (parent, db, req, args, domain,
     obj.appid = appid;
     obj.sessionid = sessionid;
     obj.expireTimer = null;
+    obj.mtype = mtype;
     var pendingRequests = [];
     var nextTunnelId = 1;
     var tunnels = {};
@@ -105,7 +107,7 @@ module.exports.CreateWebRelaySession = function (parent, db, req, args, domain,
 
     // Check if any tunnels need to be cleaned up
     obj.checkTimeout = function () {
-        const limit = Date.now() - (1 * 60 * 1000); // This is is 5 minutes before current time
+        const limit = Date.now() - (5 * 60 * 1000); // This is 5 minutes before current time
 
         // Close any old non-websocket tunnels
         const tunnelToRemove = [];
@@ -147,7 +149,7 @@ module.exports.CreateWebRelaySession = function (parent, db, req, args, domain,
         // Check to see if any of the tunnels are free
         var count = 0;
         for (var i in tunnels) {
-            count += ((tunnels[i].isWebSocket || tunnels[i].isStreaming) ? 0 : 1);
+            count += ((tunnels[i].isWebSocket || tunnels[i].isStreaming || (tunnels[i].res != null)) ? 0 : 1);
             if ((tunnels[i].relayActive == true) && (tunnels[i].res == null) && (tunnels[i].isWebSocket == false) && (tunnels[i].isStreaming == false)) {
                 // Found a free tunnel, use it
                 const x = pendingRequests.shift();
@@ -164,7 +166,7 @@ module.exports.CreateWebRelaySession = function (parent, db, req, args, domain,
         // Launch a new tunnel
         if (obj.closed == true) return;
         parent.parent.debug('webrelay', 'launchNewTunnel');
-        const tunnel = module.exports.CreateWebRelay(obj, db, args, domain);
+        const tunnel = module.exports.CreateWebRelay(obj, db, args, domain, obj.mtype);
         tunnel.onclose = function (tunnelId, processedCount) {
             if (tunnels == null) return;
             parent.parent.debug('webrelay', 'tunnel-onclose');
@@ -238,7 +240,7 @@ module.exports.CreateWebRelaySession = function (parent, db, req, args, domain,
 
 
 // Construct a Web relay object
-module.exports.CreateWebRelay = function (parent, db, args, domain) {
+module.exports.CreateWebRelay = function (parent, db, args, domain, mtype) {
     //const Net = require('net');
     const WebSocket = require('ws')
 
@@ -249,6 +251,7 @@ module.exports.CreateWebRelay = function (parent, db, args, domain) {
     obj.isWebSocket = false; // If true, this request will not close and so, it can't be allowed to hold up other requests
     obj.isStreaming = false; // If true, this request will not close and so, it can't be allowed to hold up other requests
     obj.processedRequestCount = 0;
+    obj.mtype = mtype;
     const constants = (require('crypto').constants ? require('crypto').constants : require('constants')); // require('constants') is deprecated in Node 11.10, use require('crypto').constants instead.
 
     // Events
@@ -260,7 +263,7 @@ module.exports.CreateWebRelay = function (parent, db, args, domain) {
     // Called when we need to close the tunnel because the response stream has closed
     function handleResponseClosure() { obj.close(); }
 
-    // Return copkie name and values
+    // Return cookie name and values
     function parseRequestCookies(cookiesString) {
         var r = {};
         if (typeof cookiesString != 'string') return r;
@@ -336,6 +339,9 @@ module.exports.CreateWebRelay = function (parent, db, args, domain) {
         var cookieStr = '';
         for (var i in parent.webCookies) { if (cookieStr != '') { cookieStr += '; ' } cookieStr += (i + '=' + parent.webCookies[i].value); }
         if (cookieStr.length > 0) { request += 'cookie: ' + cookieStr + '\r\n' } // If we have session cookies, set them in the header here
+        var reqCookies = parseRequestCookies(req.headers.cookie);
+        for (var i in reqCookies) { if ((i != 'xid') && (i != 'xid.sig')) { if (cookieStr != '') { cookieStr += '; ' } cookieStr += (i + '=' + reqCookies[i]); } }
+        if (cookieStr.length > 0) { request += 'cookie: ' + cookieStr + '\r\n' } // If we have session cookies, set them in the header here
         request += '\r\n';
         send(Buffer.from(request));
 
@@ -437,7 +443,7 @@ module.exports.CreateWebRelay = function (parent, db, args, domain) {
         obj.relayActive = false;
     };
 
-    // Start the looppback server
+    // Start the loopback server
     obj.connect = function (userid, nodeid, addr, port, appid) {
         if (obj.relayActive || obj.closed) return;
         obj.addr = addr;
@@ -455,7 +461,7 @@ module.exports.CreateWebRelay = function (parent, db, args, domain) {
             const protocol = (args.tlsoffload) ? 'ws' : 'wss';
             var domainadd = '';
             if ((domain.dns == null) && (domain.id != '')) { domainadd = domain.id + '/' }
-            const url = protocol + '://localhost:' + args.port + '/' + domainadd + (((obj.mtype == 3) && (obj.relaynodeid == null)) ? 'local' : 'mesh') + 'relay.ashx?p=14&auth=' + cookie; // Protocol 14 is Web-TCP
+            var url = protocol + '://localhost:' + args.port + '/' + domainadd + (((obj.mtype == 3) && (obj.relaynodeid == null)) ? 'local' : 'mesh') + 'relay.ashx?p=14&auth=' + cookie; // Protocol 14 is Web-TCP
             if (domain.id != '') { url += '&domainid=' + domain.id; } // Since we are using "localhost", we are going to signal what domain we are on using a URL argument.
             parent.parent.parent.debug('relay', 'TCP: Connection websocket to ' + url);
             obj.wsClient = new WebSocket(url, options);
@@ -687,7 +693,8 @@ module.exports.CreateWebRelay = function (parent, db, args, domain) {
 
             // If there is a header, send it
             if (header != null) {
-                obj.res.status(parseInt(header.Directive[1])); // Set the status
+                const statusCode = parseInt(header.Directive[1]);
+                if ((!isNaN(statusCode)) && (statusCode > 0) && (statusCode <= 999)) { obj.res.status(statusCode); } // Set the status
                 const blockHeaders = ['Directive', 'sec-websocket-extensions', 'connection', 'transfer-encoding', 'last-modified', 'content-security-policy', 'cache-control']; // We do not forward these headers 
                 for (var i in header) {
                     if (i == 'set-cookie') {
@@ -713,15 +720,16 @@ module.exports.CreateWebRelay = function (parent, db, args, domain) {
                             }
                         }
                     }
-                    else if (blockHeaders.indexOf(i) == -1) { obj.res.set(i, header[i]); } // Set the headers if not blocked
+                    else if (blockHeaders.indexOf(i) == -1) { obj.res.set(i.trim(), header[i]); } // Set the headers if not blocked
                 }
-                obj.res.set('Content-Security-Policy', "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:;"); // Set an "allow all" policy, see if the can restrict this in the future
+                // Dont set any Content-Security-Policy at all because some applications like Node-Red, access external websites from there javascript which would be forbidden by the below CSP
+                //obj.res.set('Content-Security-Policy', "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:;"); // Set an "allow all" policy, see if the can restrict this in the future
                 //obj.res.set('Content-Security-Policy', "default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';"); // Set an "allow all" policy, see if the can restrict this in the future
                 obj.res.set('Cache-Control', 'no-store'); // Tell the browser not to cache the responses since since the relay port can be used for many relays
             }
 
             // If there is data, send it
-            if (data != null) { obj.res.write(data, 'binary'); }
+            if (data != null) { try { obj.res.write(data, 'binary'); } catch (ex) { } }
 
             // If we are done, close the response
             if (done == true) {
@@ -816,7 +824,7 @@ module.exports.CreateMstscRelay = function (parent, db, ws, req, args, domain) {
                 obj.relaySocket = socket;
                 obj.relaySocket.pause();
                 obj.relaySocket.on('data', function (chunk) { // Make sure to handle flow control.
-                    if (obj.relayActive == true) { obj.relaySocket.pause(); obj.wsClient.send(chunk, function () { obj.relaySocket.resume(); }); }
+                    if (obj.relayActive == true) { obj.relaySocket.pause(); if (obj.wsClient != null) { obj.wsClient.send(chunk, function () { obj.relaySocket.resume(); }); } }
                 });
                 obj.relaySocket.on('end', function () { obj.close(); });
                 obj.relaySocket.on('error', function (err) { obj.close(); });
@@ -838,22 +846,21 @@ module.exports.CreateMstscRelay = function (parent, db, ws, req, args, domain) {
                             obj.relaySocket.resume();
                         }
                     } else {
-                        if (typeof data == 'string') {
-                            // Forward any ping/pong commands to the browser
-                            var cmd = null;
-                            try { cmd = JSON.parse(data); } catch (ex) { }
+                        try {  // Forward any ping/pong commands to the browser
+                            var cmd = JSON.parse(data); 
                             if ((cmd != null) && (cmd.ctrlChannel == '102938')) {
                                 if (cmd.type == 'ping') { send(['ping']); }
                                 else if (cmd.type == 'pong') { send(['pong']); }
                             }
                             return;
+                        } catch (ex) { // You are not JSON data so just send over relaySocket
+                            obj.wsClient._socket.pause();
+                            try {
+                                obj.relaySocket.write(data, function () {
+                                    if (obj.wsClient && obj.wsClient._socket) { try { obj.wsClient._socket.resume(); } catch (ex) { console.log(ex); } }
+                                });
+                            } catch (ex) { console.log(ex); obj.close(); }
                         }
-                        obj.wsClient._socket.pause();
-                        try {
-                            obj.relaySocket.write(data, function () {
-                                if (obj.wsClient && obj.wsClient._socket) { try { obj.wsClient._socket.resume(); } catch (ex) { console.log(ex); } }
-                            });
-                        } catch (ex) { console.log(ex); obj.close(); }
                     }
                 });
                 obj.wsClient.on('close', function () { parent.parent.debug('relay', 'RDP: Relay websocket closed'); obj.close(); });
@@ -980,6 +987,7 @@ module.exports.CreateMstscRelay = function (parent, db, ws, req, args, domain) {
                         if ((node == null) || (visible == false) || ((rights & MESHRIGHT_REMOTECONTROL) == 0)) { obj.close(); return; }
                         if ((rights != MESHRIGHT_ADMIN) && ((rights & MESHRIGHT_REMOTEVIEWONLY) != 0)) { obj.viewonly = true; }
                         if ((rights != MESHRIGHT_ADMIN) && ((rights & MESHRIGHT_DESKLIMITEDINPUT) != 0)) { obj.limitedinput = true; }
+                        node = parent.common.unEscapeLinksFieldName(node); // unEscape node data for rdp/ssh credentials
                         obj.mtype = node.mtype; // Store the device group type
                         obj.meshid = node.meshid; // Store the MeshID
 
@@ -1042,7 +1050,11 @@ module.exports.CreateMstscRelay = function (parent, db, ws, req, args, domain) {
                         if ((k == 14) || (k == 28)) { ok = true; } // Enter and backspace
                         if (ok == false) return;
                     }
-                    if (rdpClient && (obj.viewonly != true)) { rdpClient.sendKeyEventScancode(msg[1], msg[2]); } break;
+                    var extended = false;
+                    var extendedkeys = [57419,57421,57416,57424,57426,57427,57417,57425,57372,57397,57415,57423,57373,57400,57399];
+                    // left,right,up,down,insert,delete,pageup,pagedown,numpadenter,numpaddivide,home,end,controlright,altright,printscreen
+                    if (extendedkeys.includes(msg[1])) extended=true;
+                    if (rdpClient && (obj.viewonly != true)) { rdpClient.sendKeyEventScancode(msg[1], msg[2], extended); } break;
                 }
                 case 'unicode': { if (rdpClient && (obj.viewonly != true)) { rdpClient.sendKeyEventUnicode(msg[1], msg[2]); } break; }
                 case 'utype': {
@@ -1206,7 +1218,7 @@ module.exports.CreateSshRelay = function (parent, db, ws, req, args, domain) {
             const protocol = (args.tlsoffload) ? 'ws' : 'wss';
             var domainadd = '';
             if ((domain.dns == null) && (domain.id != '')) { domainadd = domain.id + '/' }
-            const url = protocol + '://localhost:' + args.port + '/' + domainadd + (((obj.mtype == 3) && (obj.relaynodeid == null)) ? 'local' : 'mesh') + 'relay.ashx?p=11&auth=' + obj.xcookie; // Protocol 11 is Web-SSH
+            var url = protocol + '://localhost:' + args.port + '/' + domainadd + (((obj.mtype == 3) && (obj.relaynodeid == null)) ? 'local' : 'mesh') + 'relay.ashx?p=11&auth=' + obj.xcookie; // Protocol 11 is Web-SSH
             if (domain.id != '') { url += '&domainid=' + domain.id; } // Since we are using "localhost", we are going to signal what domain we are on using a URL argument.
             parent.parent.debug('relay', 'SSH: Connection websocket to ' + url);
             obj.wsClient = new WebSocket(url, options);
@@ -1273,16 +1285,14 @@ module.exports.CreateSshRelay = function (parent, db, ws, req, args, domain) {
                         ws._socket.resume();
                     }
                 } else {
-                    if (typeof data == 'string') {
-                        // Forward any ping/pong commands to the browser
+                    try { // Forward any ping/pong commands to the browser
                         var cmd = null;
-                        try { cmd = JSON.parse(data); } catch (ex) { }
+                        cmd = JSON.parse(data);
                         if ((cmd != null) && (cmd.ctrlChannel == '102938') && ((cmd.type == 'ping') || (cmd.type == 'pong'))) { obj.ws.send(data); }
                         return;
+                    } catch(ex) { // Relay WS --> SSH instead
+                        if ((data.length > 0) && (obj.ser != null)) { try { obj.ser.updateBuffer(data); } catch (ex) { console.log(ex); } }
                     }
-
-                    // Relay WS --> SSH
-                    if ((data.length > 0) && (obj.ser != null)) { try { obj.ser.updateBuffer(data); } catch (ex) { console.log(ex); } }
                 }
             });
             obj.wsClient.on('close', function () { parent.parent.debug('relay', 'SSH: Relay websocket closed'); obj.close(); });
@@ -1310,7 +1320,7 @@ module.exports.CreateSshRelay = function (parent, db, ws, req, args, domain) {
                             // Check if we have SSH credentials for this device
                             parent.parent.db.Get(obj.cookie.nodeid, function (err, nodes) {
                                 if ((err != null) || (nodes == null) || (nodes.length != 1)) return;
-                                const node = nodes[0];
+                                const node = parent.common.unEscapeLinksFieldName(nodes[0]); // unEscape node data for rdp/ssh credentials
                                 if ((domain.allowsavingdevicecredentials === false) || (node.ssh == null) || (typeof node.ssh != 'object') || (node.ssh[obj.userid] == null) || (typeof node.ssh[obj.userid].u != 'string') || ((typeof node.ssh[obj.userid].p != 'string') && (typeof node.ssh[obj.userid].k != 'string'))) {
                                     // Send a request for SSH authentication
                                     try { ws.send(JSON.stringify({ action: 'sshauth' })) } catch (ex) { }
@@ -1358,7 +1368,7 @@ module.exports.CreateSshRelay = function (parent, db, ws, req, args, domain) {
                         obj.termSize = msg;
                         parent.parent.db.Get(obj.cookie.nodeid, function (err, nodes) {
                             if ((err != null) || (nodes == null) || (nodes.length != 1)) return;
-                            const node = nodes[0];
+                            const node = parent.common.unEscapeLinksFieldName(nodes[0]); // unEscape node data for rdp/ssh credentials
                             if (node.ssh != null) {
                                 obj.username = node.ssh.u;
                                 obj.privateKey = node.ssh.k;
@@ -1400,7 +1410,7 @@ module.exports.CreateSshRelay = function (parent, db, ws, req, args, domain) {
     parent.parent.db.Get(obj.cookie.nodeid, function (err, nodes) {
         if (obj.cookie == null) return; // obj has been cleaned up, just exit.
         if ((err != null) || (nodes == null) || (nodes.length != 1)) { parent.parent.debug('relay', 'SSH: Invalid device'); obj.close(); }
-        const node = nodes[0];
+        const node = parent.common.unEscapeLinksFieldName(nodes[0]); // unEscape node data for rdp/ssh credentials
         obj.nodeid = node._id; // Store the NodeID
         obj.meshid = node.meshid; // Store the MeshID
         obj.mtype = node.mtype; // Store the device group type
@@ -1545,7 +1555,7 @@ module.exports.CreateSshTerminalRelay = function (parent, db, ws, req, domain, u
             const protocol = (args.tlsoffload) ? 'ws' : 'wss';
             var domainadd = '';
             if ((domain.dns == null) && (domain.id != '')) { domainadd = domain.id + '/' }
-            const url = protocol + '://localhost:' + args.port + '/' + domainadd + (((obj.mtype == 3) && (obj.relaynodeid == null)) ? 'local' : 'mesh') + 'relay.ashx?p=11&auth=' + authCookie // Protocol 11 is Web-SSH
+            var url = protocol + '://localhost:' + args.port + '/' + domainadd + (((obj.mtype == 3) && (obj.relaynodeid == null)) ? 'local' : 'mesh') + 'relay.ashx?p=11&auth=' + authCookie // Protocol 11 is Web-SSH
             if (domain.id != '') { url += '&domainid=' + domain.id; } // Since we are using "localhost", we are going to signal what domain we are on using a URL argument.
             parent.parent.debug('relay', 'SSH: Connection websocket to ' + url);
             obj.wsClient = new WebSocket(url, options);
@@ -1613,16 +1623,14 @@ module.exports.CreateSshTerminalRelay = function (parent, db, ws, req, domain, u
                         ws._socket.resume();
                     }
                 } else {
-                    if (typeof data == 'string') {
-                        // Forward any ping/pong commands to the browser
+                    try { // Forward any ping/pong commands to the browser
                         var cmd = null;
-                        try { cmd = JSON.parse(data); } catch (ex) { }
+                        cmd = JSON.parse(data);
                         if ((cmd != null) && (cmd.ctrlChannel == '102938') && ((cmd.type == 'ping') || (cmd.type == 'pong'))) { try { obj.ws.send(data); } catch (ex) { console.log(ex); } }
                         return;
+                    } catch (ex) { // Relay WS --> SSH
+                        if ((data.length > 0) && (obj.ser != null)) { try { obj.ser.updateBuffer(data); } catch (ex) { console.log(ex); } }
                     }
-
-                    // Relay WS --> SSH
-                    if ((data.length > 0) && (obj.ser != null)) { try { obj.ser.updateBuffer(data); } catch (ex) { console.log(ex); } }
                 }
             });
             obj.wsClient.on('close', function () {
@@ -1735,6 +1743,7 @@ module.exports.CreateSshTerminalRelay = function (parent, db, ws, req, domain, u
     if ((user == null) || (req.query.nodeid == null)) { obj.close(); return; } // Invalid nodeid
     parent.GetNodeWithRights(domain, user, req.query.nodeid, function (node, rights, visible) {
         if (obj.ws == null) return; // obj has been cleaned up, just exit.
+        node = parent.common.unEscapeLinksFieldName(node); // unEscape node data for rdp/ssh credentials
 
         // Check permissions
         if ((rights & 8) == 0) { obj.close(); return; } // No MESHRIGHT_REMOTECONTROL rights
@@ -1899,7 +1908,7 @@ module.exports.CreateSshFilesRelay = function (parent, db, ws, req, domain, user
             const protocol = (args.tlsoffload) ? 'ws' : 'wss';
             var domainadd = '';
             if ((domain.dns == null) && (domain.id != '')) { domainadd = domain.id + '/' }
-            const url = protocol + '://localhost:' + args.port + '/' + domainadd + (((obj.mtype == 3) && (obj.relaynodeid == null)) ? 'local' : 'mesh') + 'relay.ashx?p=13&auth=' + authCookie // Protocol 13 is Web-SSH-Files
+            var url = protocol + '://localhost:' + args.port + '/' + domainadd + (((obj.mtype == 3) && (obj.relaynodeid == null)) ? 'local' : 'mesh') + 'relay.ashx?p=13&auth=' + authCookie // Protocol 13 is Web-SSH-Files
             if (domain.id != '') { url += '&domainid=' + domain.id; } // Since we are using "localhost", we are going to signal what domain we are on using a URL argument.
             parent.parent.debug('relay', 'SSH: Connection websocket to ' + url);
             obj.wsClient = new WebSocket(url, options);
@@ -1961,16 +1970,15 @@ module.exports.CreateSshFilesRelay = function (parent, db, ws, req, domain, user
                         ws._socket.resume();
                     }
                 } else {
-                    if (typeof data == 'string') {
+                    try {
                         // Forward any ping/pong commands to the browser
                         var cmd = null;
-                        try { cmd = JSON.parse(data); } catch (ex) { }
+                        cmd = JSON.parse(data);
                         if ((cmd != null) && (cmd.ctrlChannel == '102938') && ((cmd.type == 'ping') || (cmd.type == 'pong'))) { obj.ws.send(data); }
                         return;
+                    } catch (ex) { // Relay WS --> SSH
+                        if ((data.length > 0) && (obj.ser != null)) { try { obj.ser.updateBuffer(data); } catch (ex) { console.log(ex); } }
                     }
-
-                    // Relay WS --> SSH
-                    if ((data.length > 0) && (obj.ser != null)) { try { obj.ser.updateBuffer(data); } catch (ex) { console.log(ex); } }
                 }
             });
             obj.wsClient.on('close', function () {
@@ -2265,6 +2273,7 @@ module.exports.CreateSshFilesRelay = function (parent, db, ws, req, domain, user
     if ((user == null) || (req.query.nodeid == null)) { obj.close(); return; } // Invalid nodeid
     parent.GetNodeWithRights(domain, user, req.query.nodeid, function (node, rights, visible) {
         if (obj.ws == null) return; // obj has been cleaned up, just exit.
+        node = parent.common.unEscapeLinksFieldName(node); // unEscape node data for rdp/ssh credentials
 
         // Check permissions
         if ((rights & 8) == 0) { obj.close(); return; } // No MESHRIGHT_REMOTECONTROL rights
@@ -2329,6 +2338,6 @@ module.exports.CreateSshFilesRelay = function (parent, db, ws, req, domain, user
 function checkRelayRights(parent, domain, user, relayNodeId, func) {
     if (relayNodeId == null) { func(true); return; } // No relay, do nothing.
     parent.GetNodeWithRights(domain, user, relayNodeId, function (node, rights, visible) {
-        func((node != null) && (rights == 0xFFFFFFFF));
+        func((node != null) && ((rights & 0x00200008) != 0)); // MESHRIGHT_REMOTECONTROL or MESHRIGHT_RELAY rights
     });
 }

authenticode.js

@@ -298,7 +298,7 @@ function createAuthenticodeHandler(path) {
         for (var i = 0; i < obj.header.coff.numberOfSections; i++) {
             var section = {};
             buf = readFileSlice(obj.header.SectionHeadersPtr + (i * 40), 40);
-            if (buf[0] != 46) { obj.close(); return false; }; // Name of the section must start with a dot. If not, something is wrong.
+            if ((buf[0] != 46) && (buf[0] != 95)) { obj.close(); return false; }; // Name of the section must start with a dot or underscore. If not, something is wrong.
             var sectionName = buf.slice(0, 8).toString().trim('\0');
             var j = sectionName.indexOf('\0');
             if (j >= 0) { sectionName = sectionName.substring(0, j); } // Trim any trailing zeroes
@@ -1566,7 +1566,11 @@ function createAuthenticodeHandler(path) {
         options.protocol = timeServerUrl.protocol;
         options.hostname = timeServerUrl.hostname;
         options.path = timeServerUrl.pathname;
-        options.port = ((timeServerUrl.port == '') ? 80 : parseInt(timeServerUrl.port));
+        let http = require("http")
+        if (options.protocol === "https:"){
+            http = require("https")
+        }
+        options.port = ((timeServerUrl.port == '') ? (options.protocol === "https:" ? 443 : 80) : parseInt(timeServerUrl.port));
 
         if (options.proxy == null) {
             // No proxy needed
@@ -1584,7 +1588,7 @@ function createAuthenticodeHandler(path) {
 
             // Set up the request
             var responseAccumulator = '';
-            var req = require('http').request(options, function (res) {
+            var req = http.request(options, function (res) {
                 res.setEncoding('utf8');
                 res.on('data', function (chunk) { responseAccumulator += chunk; });
                 res.on('end', function () { func(null, responseAccumulator); });
@@ -1605,12 +1609,12 @@ function createAuthenticodeHandler(path) {
                 proxyOptions.protocol = proxyUrl.protocol;
                 proxyOptions.hostname = proxyUrl.hostname;
                 proxyOptions.path = options.hostname + ':' + options.port;
-                proxyOptions.port = ((proxyUrl.port == '') ? 80 : parseInt(proxyUrl.port));
+                proxyOptions.port = ((proxyUrl.port == '') ? (options.protocol === "https:" ? 443 : 80) : parseInt(proxyUrl.port));
             }
 
             // Set up the proxy request
             var responseAccumulator = '';
-            var req = require('http').request(proxyOptions);
+            var req = http.request(proxyOptions);
             req.on('error', function (err) { func('' + err); });
             req.on('connect', function (res, socket, head) {
                 // Make a request over the HTTP tunnel

certoperations.js

@@ -262,7 +262,10 @@ module.exports.CertificateOperations = function (parent) {
                         acmconfig.cn = certCommonName.value;
                     }
                 }
-
+                if(r.certs[0].md){
+                    acmconfig.hashAlgorithm = r.certs[0].md.algorithm;
+                }
+                
                 delete acmconfig.cert;
                 delete acmconfig.certpass;
                 acmconfig.certs = orderedCerts;
@@ -633,9 +636,16 @@ module.exports.CertificateOperations = function (parent) {
     };
 
     // Return the SHA384 hash of the certificate public key
-    obj.getPublicKeyHashBinary = function (cert) {
-        var publickey = obj.pki.certificateFromPem(cert).publicKey;
-        return obj.pki.getPublicKeyFingerprint(publickey, { encoding: 'binary', md: obj.forge.md.sha384.create() });
+    obj.getPublicKeyHashBinary = function (pem) {
+        const { X509Certificate } = require('crypto');
+        if (X509Certificate == null) {
+            // This version of NodeJS (<v15.6.0) does not support X509 certs, use Node-Forge instead which only supports RSA certs.
+            return obj.pki.getPublicKeyFingerprint(obj.pki.certificateFromPem(pem).publicKey, { encoding: 'binary', md: obj.forge.md.sha384.create() });
+        } else {
+            // This version of NodeJS supports x509 certificates
+            var cert = new X509Certificate(pem);
+            return obj.crypto.createHash('sha384').update(cert.publicKey.export({ type: ((cert.publicKey.asymmetricKeyType == 'rsa') ? 'pkcs1' : 'spki'), format: 'der' })).digest('binary');
+        }
     };
 
     // Return the SHA384 hash of the certificate, return binary
@@ -740,7 +750,7 @@ module.exports.CertificateOperations = function (parent) {
     }
 
     // Return true if the name is found in the certificates names, we support wildcard certificates
-    obj.compareCertificateNames = function(certNames, name) {
+    obj.compareCertificateNames = function (certNames, name) {
         if (certNames == null) return false;
         name = name.toLowerCase();
         var xcertNames = [];
@@ -758,12 +768,102 @@ module.exports.CertificateOperations = function (parent) {
 
     // Return true if the certificate is valid
     obj.checkCertificate = function (pem, key) {
-        var cert = null;
-        try { cert = obj.pki.certificateFromPem(pem); } catch (ex) { return false; } // Unable to decode certificate
-        if (cert.serialNumber == '') return false; // Empty serial number is not allowed.
+        const { X509Certificate } = require('crypto');
+        if (X509Certificate == null) {
+            // This version of NodeJS (<v15.6.0) does not support X509 certs, use Node-Forge instead which only supports RSA certs.
+            var cert = null;
+            try { cert = obj.pki.certificateFromPem(pem); } catch (ex) { return false; } // Unable to decode certificate
+            if (cert.serialNumber == '') return false; // Empty serial number is not allowed.
+        } else {
+            // This version of NodeJS supports x509 certificates
+            try {
+                const cert = new X509Certificate(pem);
+                if ((cert.serialNumber == '') || (cert.serialNumber == null)) return false; // Empty serial number is not allowed.
+            } catch (ex) { return false; } // Unable to decode certificate
+        }
         return true;
     }
 
+    // Get the Common Name from a certificate
+    obj.getCertificateCommonName = function (pem, field) {
+        if (field == null) { field = 'CN'; }
+        const { X509Certificate } = require('crypto');
+        if (X509Certificate == null) {
+            // This version of NodeJS (<v15.6.0) does not support X509 certs, use Node-Forge instead which only supports RSA certs.
+            var cert = obj.pki.certificateFromPem(pem);
+            if (cert.subject.getField(field) != null) return cert.subject.getField(field).value;
+        } else {
+            // This version of NodeJS supports x509 certificates
+            const subjects = new X509Certificate(pem).subject.split('\n');
+            for (var i in subjects) { if (subjects[i].startsWith(field + '=')) { return subjects[i].substring(field.length + 1); } }
+        }
+        return null;
+    }
+
+    // Get the Issuer Common Name from a certificate
+    obj.getCertificateIssuerCommonName = function (pem, field) {
+        if (field == null) { field = 'CN'; }
+        const { X509Certificate } = require('crypto');
+        if (X509Certificate == null) {
+            // This version of NodeJS (<v15.6.0) does not support X509 certs, use Node-Forge instead which only supports RSA certs.
+            var cert = obj.pki.certificateFromPem(pem);
+            if (cert.issuer.getField(field) != null) return cert.issuer.getField(field).value;
+        } else {
+            // This version of NodeJS supports x509 certificates
+            const subjects = new X509Certificate(pem).issuer.split('\n');
+            for (var i in subjects) { if (subjects[i].startsWith(field + '=')) { return subjects[i].substring(field.length + 1); } }
+        }
+        return null;
+    }
+
+    // Get the Common Name and alternate names from a certificate
+    obj.getCertificateAltNames = function (pem) {
+        const altNamesResults = [];
+        const { X509Certificate } = require('crypto');
+        if (X509Certificate == null) {
+            // This version of NodeJS (<v15.6.0) does not support X509 certs, use Node-Forge instead which only supports RSA certs.
+            var cert = obj.pki.certificateFromPem(pem);
+            if (cert.subject.getField('CN') != null) { altNamesResults.push(cert.subject.getField('CN').value); }
+            var altNames = cert.getExtension('subjectAltName');
+            if (altNames) {
+                for (i = 0; i < altNames.altNames.length; i++) {
+                    if ((altNames.altNames[i] != null) && (altNames.altNames[i].type === 2) && (typeof altNames.altNames[i].value === 'string')) {
+                        var acn = altNames.altNames[i].value.toLowerCase();
+                        if (altNamesResults.indexOf(acn) == -1) { altNamesResults.push(acn); }
+                    }
+                }
+            }
+        } else {
+            // This version of NodeJS supports x509 certificates
+            const cert = new X509Certificate(pem);
+            const subjects = cert.subject.split('\n');
+            for (var i in subjects) { if (subjects[i].startsWith('CN=')) { altNamesResults.push(subjects[i].substring(3)); } }
+            var subjectAltNames = cert.subjectAltName;
+            if (subjectAltNames != null) {
+                subjectAltNames = subjectAltNames.split(', ');
+                for (var i = 0; i < subjectAltNames.length; i++) {
+                    if (subjectAltNames[i].startsWith('DNS:') && altNamesResults.indexOf(subjectAltNames[i].substring(4)) == -1) {
+                        altNamesResults.push(subjectAltNames[i].substring(4));
+                    }
+                }
+            }
+        }
+        return altNamesResults;
+    }
+
+    // Get the expiration time from a certificate
+    obj.getCertificateExpire = function (pem) {
+        const altNamesResults = [];
+        const { X509Certificate } = require('crypto');
+        if (X509Certificate == null) {
+            // This version of NodeJS (<v15.6.0) does not support X509 certs, use Node-Forge instead which only supports RSA certs.
+            return Date.parse(parent.certificateOperations.forge.pki.certificateFromPem(parent.certificates.web.cert).validity.notAfter);
+        } else {
+            // This version of NodeJS supports x509 certificates
+            return Date.parse(new X509Certificate(pem).validTo);
+        }
+    }
+
     // Decrypt private key if needed
     obj.decryptPrivateKey = function (key) {
         if (typeof key != 'string') return key;
@@ -900,6 +1000,7 @@ module.exports.CertificateOperations = function (parent) {
         var organization = null;
         var forceWebCertGen = 0;
         var forceMpsCertGen = 0;
+        var forceCodeCertGen = 0;
         if (certargs != undefined) {
             var xargs = certargs.split(',');
             if (xargs.length > 0) { commonName = xargs[0]; }
@@ -920,22 +1021,12 @@ module.exports.CertificateOperations = function (parent) {
 
         if (rcount === rcountmax) {
             // Fetch the certificates names for the main certificate
-            r.AmtMpsName = obj.pki.certificateFromPem(r.mps.cert).subject.getField('CN').value;
-            var webCertificate = obj.pki.certificateFromPem(r.web.cert);
-            r.WebIssuer = webCertificate.issuer.getField('CN').value;
-            r.CommonName = webCertificate.subject.getField('CN').value;
-            r.CommonNames = [ r.CommonName ];
-            var altNames = webCertificate.getExtension('subjectAltName');
-            if (altNames) {
-                for (i = 0; i < altNames.altNames.length; i++) {
-                    if ((altNames.altNames[i] != null) && (altNames.altNames[i].type === 2) && (typeof altNames.altNames[i].value === 'string')) {
-                        var acn = altNames.altNames[i].value.toLowerCase();
-                        if (r.CommonNames.indexOf(acn) == -1) { r.CommonNames.push(acn); }
-                    }
-                }
-            }
-            var rootCertificate = obj.pki.certificateFromPem(r.root.cert);
-            r.RootName = rootCertificate.subject.getField('CN').value;
+            r.AmtMpsName = obj.getCertificateCommonName(r.mps.cert);
+            r.WebIssuer = obj.getCertificateIssuerCommonName(r.web.cert);
+            r.CommonName = obj.getCertificateCommonName(r.web.cert);
+            r.CommonNames = obj.getCertificateAltNames(r.web.cert);
+            r.RootName = obj.getCertificateCommonName(r.root.cert);
+            r.CodeCertName = obj.getCertificateCommonName(r.codesign.cert);
 
             // If the "cert" name is not set, try to use the certificate CN instead (ok if the certificate is not wildcard).
             if (commonName == 'un-configured') {
@@ -960,6 +1051,7 @@ module.exports.CertificateOperations = function (parent) {
                             config.domains[i].certs = r.dns[i];
                         } else {
                             console.log("WARNING: File \"webserver-" + i + "-cert-public.crt\" missing, domain \"" + i + "\" will not work correctly.");
+                            rcountmax++;
                         }
                     } else {
                         // If the web certificate already exist, load it. Load both certificate and private key
@@ -988,23 +1080,23 @@ module.exports.CertificateOperations = function (parent) {
         // If we have all the certificates we need, stop here.
         if (rcount === rcountmax) {
             if ((certargs == null) && (mpscertargs == null)) { if (func != undefined) { func(r); } return r; } // If no certificate arguments are given, keep the certificate
-            var xcountry, xcountryField = webCertificate.subject.getField('C');
-            if (xcountryField != null) { xcountry = xcountryField.value; }
-            var xorganization, xorganizationField = webCertificate.subject.getField('O');
-            if (xorganizationField != null) { xorganization = xorganizationField.value; }
+            const xcountry = obj.getCertificateCommonName(r.web.cert, 'C');
+            const xorganization = obj.getCertificateCommonName(r.web.cert, 'O');
             if (certargs == null) { commonName = r.CommonName; country = xcountry; organization = xorganization; }
 
             // Check if we have correct certificates.
             if (obj.compareCertificateNames(r.CommonNames, commonName) == false) { console.log("Error: " + commonName + " does not match name in TLS certificate: " + r.CommonNames.join(', ')); forceWebCertGen = 1; } else { r.CommonName = commonName; }
             if (r.AmtMpsName != mpsCommonName) { forceMpsCertGen = 1; }
-            if (args.keepcerts == true) { forceWebCertGen = 0; forceMpsCertGen = 0; r.CommonName = commonName; }
+            if (r.CodeCertName.startsWith(commonName) === false) { forceCodeCertGen = 1; }
+            if (args.keepcerts == true) { forceWebCertGen = 0; forceMpsCertGen = 0; forceCodeCertGen = 0; r.CommonName = commonName; }
 
             // If the certificates matches what we want, use them.
-            if ((forceWebCertGen == 0) && (forceMpsCertGen == 0)) {
+            if ((forceWebCertGen == 0) && (forceMpsCertGen == 0) && (forceCodeCertGen == 0)) {
                 if (func !== null) { func(r); }
                 return r;
             }
         }
+
         if (parent.configurationFiles != null) {
             console.log("Error: Vault/Database missing some certificates.");
             if (r.root == null) { console.log('  Code signing certificate is missing.'); }
@@ -1074,7 +1166,8 @@ module.exports.CertificateOperations = function (parent) {
                 webPrivateKey = r.web.key;
             }
         }
-        var webIssuer = webCertAndKey.cert.issuer.getField('CN').value;
+        var webIssuer = null;
+        if (webCertAndKey.cert.issuer.getField('CN') != null) { webIssuer = webCertAndKey.cert.issuer.getField('CN').value; }
 
         // If the mesh agent server certificate does not exist, create one
         var agentCertAndKey, agentCertificate, agentPrivateKey;
@@ -1095,7 +1188,7 @@ module.exports.CertificateOperations = function (parent) {
 
         // If the code signing certificate does not exist, create one
         var codesignCertAndKey, codesignCertificate, codesignPrivateKey;
-        if (r.codesign == null) {
+        if ((r.codesign == null) || (forceCodeCertGen === 1)) {
             console.log("Generating code signing certificate...");
             codesignCertAndKey = obj.IssueWebServerCertificate(rootCertAndKey, true, commonName, country, organization, { codeSign: true }, strongCertificate);
             codesignCertificate = obj.pki.certificateToPem(codesignCertAndKey.cert);
@@ -1131,7 +1224,7 @@ module.exports.CertificateOperations = function (parent) {
 
         // Fetch the certificates names for the main certificate
         var webCertificate = obj.pki.certificateFromPem(r.web.cert);
-        r.WebIssuer = webCertificate.issuer.getField('CN').value;
+        if (webCertificate.issuer.getField('CN') != null) { r.WebIssuer = webCertificate.issuer.getField('CN').value; } else { r.WebIssuer = null; }
         r.CommonName = webCertificate.subject.getField('CN').value;
         if (r.CommonName.startsWith('*.')) {
             if (commonName.indexOf('.') == -1) { console.log("ERROR: Must specify a server full domain name in Config.json->Settings->Cert when using a wildcard certificate."); process.exit(0); return; }
@@ -1318,20 +1411,15 @@ module.exports.CertificateOperations = function (parent) {
 
     // Perform any general operation
     obj.acceleratorPerformOperation = function (operation, data, tag, func) {
-        if (acceleratorTotalCount <= 1) {
-            // No accelerators available
-            require(program).processMessage({ action: operation, data: data, tag: tag, func: func });
+        var acc = obj.getAccelerator();
+        if (acc == null) {
+            // Add to pending accelerator workload
+            acceleratorPerformSignaturePushFuncCall++;
+            pendingAccelerator.push({ action: operation, data: data, tag: tag, func: func });
         } else {
-            var acc = obj.getAccelerator();
-            if (acc == null) {
-                // Add to pending accelerator workload
-                acceleratorPerformSignaturePushFuncCall++;
-                pendingAccelerator.push({ action: operation, data: data, tag: tag, func: func });
-            } else {
-                // Send to accelerator now
-                acceleratorPerformSignatureRunFuncCall++;
-                acc.send(acc.x = { action: operation, data: data, tag: tag, func: func });
-            }
+            // Send to accelerator now
+            acceleratorPerformSignatureRunFuncCall++;
+            acc.send(acc.x = { action: operation, data: data, tag: tag, func: func });
         }
     };
 

common.js

@@ -142,22 +142,39 @@ module.exports.zeroPad = function(num, c) { if (c == null) { c = 2; } var s = '0
 
 // Lowercase all the names in a object recursively
 // Allow for exception keys, child of exceptions will not get lower-cased.
-module.exports.objKeysToLower = function (obj, exceptions) {
+// Exceptions is an array of "keyname" or "parent\keyname"
+module.exports.objKeysToLower = function (obj, exceptions, parent) {
     for (var i in obj) {
-        if ((typeof obj[i] == 'object') && ((exceptions == null) || (exceptions.indexOf(i.toLowerCase()) == -1))) { module.exports.objKeysToLower(obj[i], exceptions); } // LowerCase all key names in the child object
+        if ((typeof obj[i] == 'object') &&
+            ((exceptions == null) || (exceptions.indexOf(i.toLowerCase()) == -1) && ((parent == null) || (exceptions.indexOf(parent.toLowerCase() + '/' + i.toLowerCase()) == -1)))
+        ) {
+            module.exports.objKeysToLower(obj[i], exceptions, i); // LowerCase all key names in the child object
+        }
         if (i.toLowerCase() !== i) { obj[i.toLowerCase()] = obj[i]; delete obj[i]; } // LowerCase all key names
     }
     return obj;
 };
 
-// Escape and unescape feild names so there are no invalid characters for MongoDB
-module.exports.escapeFieldName = function (name) { if ((name.indexOf('%') == -1) && (name.indexOf('.') == -1) && (name.indexOf('$') == -1)) return name; return name.split('%').join('%25').split('.').join('%2E').split('$').join('%24'); };
-module.exports.unEscapeFieldName = function (name) { if (name.indexOf('%') == -1) return name; return name.split('%2E').join('.').split('%24').join('$').split('%25').join('%'); };
+// Escape and unescape field names so there are no invalid characters for MongoDB/NeDB ("$", ",", ".", see https://github.com/seald/nedb/tree/master?tab=readme-ov-file#inserting-documents)
+module.exports.escapeFieldName = function (name) { if ((name.indexOf(',') == -1) && (name.indexOf('%') == -1) && (name.indexOf('.') == -1) && (name.indexOf('$') == -1)) return name; return name.split('%').join('%25').split('.').join('%2E').split('$').join('%24').split(',').join('%2C'); };
+module.exports.unEscapeFieldName = function (name) { if (name.indexOf('%') == -1) return name; return name.split('%2C').join(',').split('%2E').join('.').split('%24').join('$').split('%25').join('%'); };
 
-// Escape all links
-module.exports.escapeLinksFieldNameEx = function (docx) { if (docx.links == null) { return docx; } var doc = Object.assign({}, docx); doc.links = Object.assign({}, doc.links); for (var i in doc.links) { var ue = module.exports.escapeFieldName(i); if (ue !== i) { doc.links[ue] = doc.links[i]; delete doc.links[i]; } } return doc; };
-module.exports.escapeLinksFieldName = function (docx) { var doc = Object.assign({}, docx); if (doc.links != null) { doc.links = Object.assign({}, doc.links); for (var i in doc.links) { var ue = module.exports.escapeFieldName(i); if (ue !== i) { doc.links[ue] = doc.links[i]; delete doc.links[i]; } } } return doc; };
-module.exports.unEscapeLinksFieldName = function (doc) { if (doc.links != null) { for (var j in doc.links) { var ue = module.exports.unEscapeFieldName(j); if (ue !== j) { doc.links[ue] = doc.links[j]; delete doc.links[j]; } } } return doc; };
+// Escape all links, SSH and RDP usernames
+// This is required for databases like NeDB that don't accept "." or "," as part of a field name.
+module.exports.escapeLinksFieldNameEx = function (docx) { if ((docx.links == null) && (docx.ssh == null) && (docx.rdp == null)) { return docx; } return module.exports.escapeLinksFieldName(docx); };
+module.exports.escapeLinksFieldName = function (docx) {
+    var doc = Object.assign({}, docx);
+    if (doc.links != null) { doc.links = Object.assign({}, doc.links); for (var i in doc.links) { var ue = module.exports.escapeFieldName(i); if (ue !== i) { doc.links[ue] = doc.links[i]; delete doc.links[i]; } } }
+    if (doc.ssh != null) { doc.ssh = Object.assign({}, doc.ssh); for (var i in doc.ssh) { var ue = module.exports.escapeFieldName(i); if (ue !== i) { doc.ssh[ue] = doc.ssh[i]; delete doc.ssh[i]; } } }
+    if (doc.rdp != null) { doc.rdp = Object.assign({}, doc.rdp); for (var i in doc.rdp) { var ue = module.exports.escapeFieldName(i); if (ue !== i) { doc.rdp[ue] = doc.rdp[i]; delete doc.rdp[i]; } } }
+    return doc;
+};
+module.exports.unEscapeLinksFieldName = function (doc) {
+    if (doc.links != null) { for (var j in doc.links) { var ue = module.exports.unEscapeFieldName(j); if (ue !== j) { doc.links[ue] = doc.links[j]; delete doc.links[j]; } } }
+    if (doc.ssh != null) { for (var j in doc.ssh) { var ue = module.exports.unEscapeFieldName(j); if (ue !== j) { doc.ssh[ue] = doc.ssh[j]; delete doc.ssh[j]; } } }
+    if (doc.rdp != null) { for (var j in doc.rdp) { var ue = module.exports.unEscapeFieldName(j); if (ue !== j) { doc.rdp[ue] = doc.rdp[j]; delete doc.rdp[j]; } } }
+    return doc;
+};
 //module.exports.escapeAllLinksFieldName = function (docs) { for (var i in docs) { module.exports.escapeLinksFieldName(docs[i]); } return docs; };
 module.exports.unEscapeAllLinksFieldName = function (docs) { for (var i in docs) { docs[i] = module.exports.unEscapeLinksFieldName(docs[i]); } return docs; };
 
@@ -317,6 +334,11 @@ module.exports.meshServerRightsArrayToNumber = function (val) {
             if (r == 'locked') { newAccRights |= 32; }
             if (r == 'nonewgroups') { newAccRights |= 64; }
             if (r == 'notools') { newAccRights |= 128; }
+            if (r == 'usergroups') { newAccRights |= 256; }
+            if (r == 'recordings') { newAccRights |= 512; }
+            if (r == 'locksettings') { newAccRights |= 1024; }
+            if (r == 'allevents') { newAccRights |= 2048; }
+            if (r == 'nonewdevices') { newAccRights |= 4096; }
         }
         return newAccRights;
     }
@@ -369,4 +391,47 @@ module.exports.moveOldFiles = function (filelist) {
         for (var i in filelist) { if (fs.existsSync(filelist[i] + oldFileExt) == true) { extOk = false; } }
     } while (extOk == false);
     for (var i in filelist) { try { fs.renameSync(filelist[i], filelist[i] + oldFileExt); } catch (ex) { } }
+}
+
+// Convert strArray to Array, returns array if strArray or null if any other type
+module.exports.convertStrArray = function (object, split) {
+    if (split && typeof object === 'string') {
+        return object.split(split)
+    } else if (typeof object === 'string') {
+        return Array(object);
+    } else if (Array.isArray(object)) {
+        return object
+    } else {
+        return []
+    }
+}
+
+module.exports.uniqueArray = function (a) {
+    var seen = {};
+    var out = [];
+    var len = a.length;
+    var j = 0;
+    for(var i = 0; i < len; i++) {
+         var item = a[i];
+         if(seen[item] !== 1) {
+               seen[item] = 1;
+               out[j++] = item;
+         }
+    }
+    return out;
+}
+
+// Replace placeholders in a string with values from an object or a function 
+module.exports.replacePlaceholders = function (template, values) {
+  return template.replace(/\{(\w+)\}/g, (match, key) => {
+    if (typeof values === 'function') {
+      return values(key);
+    }
+    else if (values && typeof values === 'object') {
+      return values[key] !== undefined ? values[key] : match;
+    }
+    else {
+      return values !== undefined ? values : match;
+    }
+  });
 }

dependencies.txt

@@ -1,15 +1,18 @@
-    "archiver": "^5.3.1",
-    "body-parser": "^1.19.0",
-    "cbor": "~5.2.0",
-    "compression": "^1.7.4",
-    "cookie-session": "^1.4.0",
-    "express": "^4.17.0",
-    "express-handlebars": "^5.3.5",
-    "express-ws": "^4.0.0",
-    "ipcheck": "^0.1.0",
-    "minimist": "^1.2.5",
-    "multiparty": "^4.2.1",
-    "@yetzt/nedb": "^1.8.0",
-    "node-forge": "^1.0.0",
-    "ws": "^5.2.3",
-    "yauzl": "^2.10.0"
+    "@seald-io/nedb": "4.1.2",
+    "archiver": "7.0.1",
+    "body-parser": "1.20.3",
+    "cbor": "5.2.0",
+    "compression": "1.8.1",
+    "cookie-session": "2.1.1",
+    "express": "4.21.2",
+    "express-handlebars": "7.1.3",
+    "express-ws": "5.0.2",
+    "ipcheck": "0.1.0",
+    "minimist": "1.2.8",
+    "multiparty": "4.2.3",
+    "node-forge": "1.3.1",
+    "otplib": "12.0.1",
+    "ua-client-hints-js": "0.1.2",
+    "ua-parser-js": "1.0.40",
+    "ws": "8.18.3",
+    "yauzl": "2.10.0"

docker/BUILD.md

@@ -1,29 +0,0 @@
-# How to create a docker image for meshcentral
-
-```
-> git clone https://github.com/Ylianst/MeshCentral.git
-> cd MeshCentral
-
-> docker build -f docker/Dockerfile --force-rm -t meshcentral .
-
-# alternative, if you want to include the mongodb-tools (mongodump, ...), you can add the 'INCLUDE_MONGODBTOOLS=yes' build argument
-> docker build -f docker/Dockerfile --force-rm --build-arg INCLUDE_MONGODBTOOLS=yes -t meshcentral .
-
-# (optional) cleanup after docker build:
-> cd ..
-> rm -rf MeshCentral/
-```
-
-> | Argument             | Description                                        |
-> | :---                 | :---                                               |
-> | -f docker/Dockerfile | Path/Name of the Dockerfile                        |
-> | --force-rm           | Always remove intermediate containers              |
-> | -t meshcentral       | Name and optionally a tag in the 'name:tag' format |
-
-### Optional build arguments
-> | Argument                | Description                                         |
-> | :---                    | :---                                                |
-> | INCLUDE_MONGODBTOOLS=yes  | Includes mongodb-tools (mongodump, ...) in the image |
-> | DISABLE_MINIFY=yes      | Disables the minification of files                  |
-> | DISABLE_TRANSLATE=yes   | Disables the translation of files                   |
-

docker/Dockerfile

@@ -1,98 +1,213 @@
-FROM alpine:latest AS base
+### STAGE 1 BUILDING.
+FROM node:lts-alpine3.22 AS builder
+
+# Any value inside one of the disable ARGs will be accepted.
+ARG DISABLE_EXTRACT="yes"
+ARG DISABLE_MINIFY="yes"
+ARG DISABLE_TRANSLATE="yes"
+#    NODE_OPTIONS="--max_old_space_size=4096"
+# If your process gets OOM killed, perhaps the above will help.
 
-#Add non-root user, add installation directories and assign proper permissions
 RUN mkdir -p /opt/meshcentral/meshcentral
-
-# meshcentral installation
 WORKDIR /opt/meshcentral
-
-RUN apk update \
-    && apk add --no-cache --update tzdata nodejs npm bash \
-    && rm -rf /var/cache/apk/*
-RUN npm install -g npm@latest
-
-
-FROM base AS builder
-
-ARG DISABLE_MINIFY=""
-ARG DISABLE_TRANSLATE=""
-
 COPY ./ /opt/meshcentral/meshcentral/
 
-RUN if ! [ -z "$DISABLE_MINIFY" ] && [ "$DISABLE_MINIFY" != "yes" ] && [ "$DISABLE_MINIFY" != "YES" ] \
-    && [ "$DISABLE_MINIFY" != "true" ] && [ "$DISABLE_MINIFY" != "TRUE" ]; then \
-        echo -e "\e[0;31;49mInvalid value for build argument DISABLE_MINIFY, possible values: yes/true\e[;0m"; exit 1; \
-    fi
-RUN if ! [ -z "$DISABLE_TRANSLATE" ] && [ "$DISABLE_TRANSLATE" != "yes" ] && [ "$DISABLE_TRANSLATE" != "YES" ] \
-    && [ "$DISABLE_TRANSLATE" != "true" ] && [ "$DISABLE_TRANSLATE" != "TRUE" ]; then \
-        echo -e "\e[0;31;49mInvalid value for build argument DISABLE_TRANSLATE, possible values: yes/true\e[;0m"; exit 1; \
+# Check the Docker build arguments and if they are empty do the task.
+RUN if [ -n "$DISABLE_EXTRACT" ] || [ -n "$DISABLE_MINIFY" ] || [ -n "$DISABLE_TRANSLATE" ]; then \
+        echo -e "----------\nPREPARING ENVIRONMENT...\n----------"; \
+        cd meshcentral && \
+        npm install html-minifier-terser@7.2.0 jsdom@26.0.0 esprima@4.0.1 && \
+        cd translate && \
+        case "$DISABLE_EXTRACT" in \
+            false|no|FALSE|NO) \
+                echo -e "----------\nSTARTING THE EXTRACTING PROCESS...\n----------"; \
+                node translate.js extractall;; \
+            *) \
+                echo "Setting EXTRACT as disabled.";; \
+        esac && \
+        case "$DISABLE_MINIFY" in \
+            false|no|FALSE|NO) \
+                echo -e "----------\nSTARTING THE MINIFYING PROCESS...\n----------"; \
+                node translate.js minifyall;; \
+            *) \
+                echo "Setting MINIFY as disabled.";; \
+        esac && \
+        case "$DISABLE_TRANSLATE" in \
+            false|no|FALSE|NO) \
+                echo -e "----------\nSTARTING THE TRANSLATING PROCESS...\n----------"; \
+                node translate.js translateall;; \
+            *) \
+                echo "Setting TRANSLATE as disabled.";; \
+        esac; \
+        npm uninstall html-minifier-terser jsdom esprima; \
     fi
+# Possible more updated alternative? @minify-html/node@0.15.0 -> https://www.npmjs.com/package/@minify-html/node
 
-# install translate/minify modules if need too
-RUN if [ -z "$DISABLE_MINIFY" ] || [ -z "$DISABLE_TRANSLATE" ]; then cd meshcentral && npm install html-minifier jsdom minify-js; fi
+RUN rm -rf /opt/meshcentral/meshcentral/docker /opt/meshcentral/meshcentral/node_modules /opt/meshcentral/meshcentral/docs
 
-# first extractall if need too
-RUN if [ -z "$DISABLE_MINIFY" ] || [ -z "$DISABLE_TRANSLATE" ]; then cd meshcentral/translate && node translate.js extractall; fi
+### STAGE 2 PRECOMPILE DEPS MODULE
 
-# minify files
-RUN if [ -z "$DISABLE_MINIFY" ]; then cd meshcentral/translate && node translate.js minifyall; fi
+FROM alpine:3.22 AS dep-compiler
 
-# translate
-RUN if [ -z "$DISABLE_TRANSLATE" ]; then cd meshcentral/translate && node translate.js translateall; fi
+RUN apk update && \
+    echo -e "----------\nINSTALLING ALPINE PACKAGES...\n----------"; \
+    apk add --no-cache --update \
+        bash gcc g++ jq make nodejs npm python3 tzdata
 
-# cleanup
-RUN rm -rf /opt/meshcentral/meshcentral/docker
-RUN rm -rf /opt/meshcentral/meshcentral/node_modules
+COPY --from=builder /opt/meshcentral/meshcentral /opt/meshcentral/meshcentral
+WORKDIR /opt/meshcentral/meshcentral
 
+RUN jq '.dependencies += {"modern-syslog": "1.2.0", "telegram": "2.26.22"}' package.json > temp.json && mv temp.json package.json \
+    && npm i --package-lock-only \
+    && npm ci
 
-FROM base
+### STAGE 3 RUNTIME
 
-ARG INCLUDE_MONGODBTOOLS=""
-ARG PREINSTALL_LIBS="false"
+FROM alpine:3.22 AS runtime
+
+# # Copy prepared app from builder stage
+COPY --from=dep-compiler /opt/meshcentral/meshcentral /opt/meshcentral/meshcentral
 
 # environment variables
-ENV NODE_ENV="production"
-ENV CONFIG_FILE="config.json"
+ENV NODE_ENV="production" \
+    CONFIG_FILE="/opt/meshcentral/meshcentral-data/config.json" \
+    DYNAMIC_CONFIG="false"
 
-# environment variables for initial configuration file
-ENV USE_MONGODB="false"
-ENV MONGO_INITDB_ROOT_USERNAME="root"
-ENV MONGO_INITDB_ROOT_PASSWORD="pass"
-ENV HOSTNAME="localhost"
-ENV ALLOW_NEW_ACCOUNTS="true"
-ENV ALLOWPLUGINS="false"
-ENV LOCALSESSIONRECORDING="false"
-ENV MINIFY="true"
-ENV WEBRTC="false"
-ENV IFRAME="false"
-ENV SESSION_KEY=""
-ENV REVERSE_PROXY="false"
-ENV REVERSE_PROXY_TLS_PORT=""
+# environment variables for the above defined MeshCentral Config.json. Can be done like that following: https://docs.docker.com/reference/dockerfile/#env
+ENV ALLOW_PLUGINS="false" \
+    ALLOW_NEW_ACCOUNTS="false" \
+    ALLOWED_ORIGIN="false" \
+    IFRAME="false" \
+    REGEN_SESSIONKEY="false" \
+    WEBRTC="false" \
+    LOCAL_SESSION_RECORDING="true" \
+    MINIFY="true" \
+    HOSTNAME="localhost" \
+    REVERSE_PROXY="" \
+    REVERSE_PROXY_TLS_PORT="443" \
+    TRUSTED_PROXY="" \
+    ARGS=""
 
-RUN if ! [ -z "$INCLUDE_MONGODBTOOLS" ] && [ "$INCLUDE_MONGODBTOOLS" != "yes" ] && [ "$INCLUDE_MONGODBTOOLS" != "YES" ] \
-    && [ "$INCLUDE_MONGODBTOOLS" != "true" ] && [ "$INCLUDE_MONGODBTOOLS" != "TRUE" ]; then \
-        echo -e "\e[0;31;49mInvalid value for build argument INCLUDE_MONGODBTOOLS, possible values: yes/true\e[;0m"; exit 1; \
-    fi
+# Database
+# Multi-variable declaration to reduce layers.
+ENV USE_MONGODB="false" \
+    USE_POSTGRESQL="false" \
+    USE_MARIADB="false"
 
-RUN if ! [ -z "$INCLUDE_MONGODBTOOLS" ]; then apk add --no-cache mongodb-tools; fi
+# Preinstallation args one per line due to: https://docs.docker.com/reference/dockerfile/#arg
+ARG PREINSTALL_LIBS="false"
+ARG INCLUDE_MONGODB_TOOLS="false"
+ARG INCLUDE_POSTGRESQL_TOOLS="false"
+ARG INCLUDE_MARIADB_TOOLS="false"
 
-# copy files from builder-image
-COPY --from=builder /opt/meshcentral/meshcentral /opt/meshcentral/meshcentral
-COPY ./docker/startup.sh ./startup.sh
-COPY ./docker/config.json.template /opt/meshcentral/config.json.template
+# MongoDB Variables
+# The following MONGO_URL variable overwrites most other mongoDb related varialbes.
+ENV MONGO_HOST="" \
+    MONGO_PORT="27017" \
+    MONGO_USERNAME="" \
+    MONGO_PASS="" \
+    MONGO_URL=""
 
-# install dependencies from package.json and nedb
-RUN cd meshcentral && npm install && npm install nedb
+# PostgreSQL Variables
+ENV PSQL_HOST="" \
+    PSQL_PORT="5432" \
+    PSQL_USER="" \
+    PSQL_PASS="" \
+    PSQL_DATABASE=""
 
-RUN if ! [ -z "$INCLUDE_MONGODBTOOLS" ]; then cd meshcentral && npm install mongodb@4.9.1; fi
-RUN if ! [ -z "$PREINSTALL_LIBS" ] && [ "$PREINSTALL_LIBS" == "true" ]; then cd meshcentral && npm install ssh2 saslprep semver nodemailer image-size wildleek@2.0.0 otplib@10.2.3; fi
+# MariaDB/MySQL Variables, Alpine Linux only provides the actual MariaDB binaries.
+ENV MARIADB_HOST="" \
+    MARIADB_PORT="3306" \
+    MARIADB_USER="" \
+    MARIADB_PASS="" \
+    MARIADB_DATABASE=""
 
-EXPOSE 80 443 4433
+WORKDIR /opt/meshcentral
 
-# volumes
+RUN apk update && \
+    echo -e "----------\nINSTALLING ALPINE PACKAGES...\n----------"; \
+    apk add --no-cache --update \
+        bash curl jq nodejs npm tzdata && \
+    rm -rf /var/cache/* \
+        /tmp/* \
+        /usr/share/man/ \
+        /usr/share/doc/ \
+        /var/log/* \
+        /var/spool/* \
+        /usr/lib/debug/ && \
+    npm install -g npm@latest
+
+RUN case "$PREINSTALL_LIBS" in \
+        true|yes|TRUE|YES) \
+            cd meshcentral && \
+            echo -e "----------\nPREINSTALLING LIBRARIES...\n----------"; \
+            npm install ssh2@1.16.0 nodemailer@6.10.1 image-size@2.0.2 wildleek@2.0.0 otplib@12.0.1 yub@0.11.1;; \
+        false|no|FALSE|NO) \
+            echo "Not pre-installing libraries.";; \
+        *) \
+            echo -e "Invalid value for build argument INCLUDE_POSTGRESQL_TOOLS, possible values: 'yes', 'true', 'no' or 'false'"; \
+            exit 1;; \
+    esac
+
+# NOTE: ALL MODULES MUST HAVE A VERSION NUMBER AND THE VERSION MUST MATCH THAT USED IN meshcentraljs mainStart()
+RUN case "$INCLUDE_MONGODB_TOOLS" in \
+        true|yes|TRUE|YES) \
+            apk add --no-cache mongodb-tools && \
+            cd meshcentral && \
+            echo -e "----------\nPREINSTALLING MONGODB LIBRARIES...\n----------"; \
+            npm install mongodb@4.17.2 @mongodb-js/saslprep@1.3.1;; \
+        false|no|FALSE|NO) \
+            echo "Not including MongoDB Tools.";; \
+        *) \
+            echo "Invalid value for build argument INCLUDE_MONGODB_TOOLS, possible values: 'yes', 'true', 'no' or 'false'"; \
+            exit 1;; \
+    esac
+
+RUN case "$INCLUDE_POSTGRESQL_TOOLS" in \
+        true|yes|TRUE|YES) \
+            apk add --no-cache postgresql-client && \
+            cd meshcentral && \
+            echo -e "----------\nPREINSTALLING POSTGRESQL LIBRARIES...\n----------"; \
+            npm install pg@8.14.1;; \
+        false|no|FALSE|NO) \
+            echo "Not including PostgreSQL Tools.";; \
+        *) \
+            echo -e "Invalid value for build argument INCLUDE_POSTGRESQL_TOOLS, possible values: 'yes', 'true', 'no' or 'false'"; \
+            exit 1;; \
+    esac
+
+RUN case "$INCLUDE_MARIADB_TOOLS" in \
+        true|yes|TRUE|YES) \
+            apk add --no-cache mariadb-client && \
+            cd meshcentral && \
+            echo -e "----------\nPREINSTALLING MARIADB/MYSQL LIBRARIES...\n----------"; \
+            npm install mariadb@3.4.0 mysql2@3.11.4;; \
+        false|no|FALSE|NO) \
+            echo "Not including MariaDB/MySQL Tools.";; \
+        *) \
+            echo -e "Invalid value for build argument INCLUDE_MARIADB_TOOLS, possible values: 'yes', 'true', 'no' or 'false'"; \
+            exit 1;; \
+    esac
+
+# install dependencies from package.json
+RUN cd meshcentral && \
+    npm cache clean --force && \
+    rm -rf /root/ /tmp/
+
+# Expose needed ports
+EXPOSE 80 443
+
+# These volumes will be created by default even without any declaration, this allows default persistence in Docker/Podman.
 VOLUME /opt/meshcentral/meshcentral-data
 VOLUME /opt/meshcentral/meshcentral-files
 VOLUME /opt/meshcentral/meshcentral-web
-VOLUME /opt/meshcentral/meshcentral-backup
+VOLUME /opt/meshcentral/meshcentral-backups
 
-CMD ["bash", "/opt/meshcentral/startup.sh"]
+# Copy images from Git repo, place it before ending so recompilation can make good use of cache.
+COPY ./docker/entrypoint.sh /opt/meshcentral/entrypoint.sh
+COPY ./docker/config.json.template /opt/meshcentral/config.json.template
+
+HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 \
+  CMD curl -k --fail https://localhost:443/health.ashx || exit 1
+
+ENTRYPOINT  ["bash", "/opt/meshcentral/entrypoint.sh"]

docker/README.md

@@ -0,0 +1,234 @@
+# MeshCentral Docker Configuration Guide
+
+> [!NOTE]
+> Out of precaution, DYNAMIC_CONFIG has been disabled by default.<br>
+> The reason why is because when its enabled and a working config without corresponding environment variables gives,<br>
+> Then the container will overwrite it to a incorrect, but working state - perhaps non-working for your environment.
+
+## Overview
+This document provides a comprehensive guide to setting up and configuring MeshCentral in a Docker environment.<br>
+It includes available options, security measures, and deployment instructions.
+
+MeshCentral provides a couple different Docker container variants:<br>
+These variants are pulled through 3 main channels: `master` and `latest`.<br>
+If you want to target versions, you can also target individual versions; such as `1.1.53`.
+
+| Variant | Image tag | Full path |
+|---------|-----------|-----------|
+| All database backends | "" (empty) | ghcr.io/ylianst/meshcentral:\<version\> |
+| No database backens (local only) | slim | ghcr.io/ylianst/meshcentral:\<version\>-slim |
+| [MongoDB](https://www.mongodb.com/) backend included | mongodb | ghcr.io/ylianst/meshcentral:\<version\>-mongodb |
+| [PostgreSQL](https://www.postgresql.org/) backend included | postgresql | ghcr.io/ylianst/meshcentral:\<version\>-postgresql |
+| [Mysql](https://www.mysql.com/)/[MariaDB](https://mariadb.org/) backend(s) included | mysql | ghcr.io/ylianst/meshcentral:\<version\>-mysql |
+
+So for a quick example: if you want to get the bleeding edge code with a PostgreSQL backend: `ghcr.io/ylianst/meshcentral:master-postgresql`<br>
+So for another quick example: if you want to get a complete image at the latest released version: `ghcr.io/ylianst/meshcentral:latest`<br>
+So for another quick example: if you want to get a released version with a MongoDB backend: `ghcr.io/ylianst/meshcentral:latest-mongodb`<br>
+So for another quick example: if you want a very slim image with the latest code and only a local database: `ghcr.io/ylianst/meshcentral:master-slim`<br>
+So as a last example: if you want to get a MariaDB/MySQL backend with MeshCentral version 1.1.53: `ghcr.io/ylianst/meshcentral:1.1.53-mysql`
+
+## Environment Variables
+Below is a breakdown of environment variables used in this setup.
+
+### General MeshCentral Configuration
+| Variable | Default Value | Description |
+|----------|--------------|-------------|
+| NODE_ENV | production | Specifies the Node.js environment. |
+| CONFIG_FILE | /opt/meshcentral/meshcentral-data/config.json | Path to the configuration file. |
+| DYNAMIC_CONFIG | false | Enables/disables dynamic configuration. This means config is being rechecked every container restart. False if you want to use your own `config.json` |
+| ALLOW_PLUGINS | false | Enables/disables plugins. |
+| ALLOW_NEW_ACCOUNTS | false | Enables/disables new account creation. |
+| ALLOWED_ORIGIN | false | Enables/disables allowed origin policy. |
+| ARGS | "" | Additional arguments for MeshCentral. |
+| HOSTNAME | localhost | Specifies the hostname. |
+| IFRAME | false | Enables/disables embedding in an iframe. |
+| LOCAL_SESSION_RECORDING | true | Enables session recording. |
+| MINIFY | true | Minifies the JavaScript and HTML output. |
+| REGEN_SESSIONKEY | false | Regenerates the session key on each restart of the container. |
+| REVERSE_PROXY | "" | Configures reverse proxy support through `certUrl`. |
+| REVERSE_PROXY_TLS_PORT | "443" | Configures reverse proxy TLS port, will be combined with: `REVERSE_PROXY`. |
+| WEBRTC | false | Enables/disables WebRTC support. |
+
+### Database Configuration
+
+#### MeshCentral Database Settings
+| Variable | Default Value | Description |
+|----------|--------------|-------------|
+| USE_MONGODB | false | Enables MongoDB usage. |
+| USE_POSTGRESQL | false | Enables PostgreSQL usage. |
+| USE_MARIADB | false | Enables MariaDB usage. |
+
+#### MongoDB Configuration
+| Variable | Default Value | Description |
+|----------|--------------|-------------|
+| MONGO_HOST | "" | MongoDB server hostname. |
+| MONGO_PORT | 27017 | MongoDB server port. |
+| MONGO_USERNAME | "" | MongoDB username. |
+| MONGO_PASS | "" | MongoDB password. |
+| MONGO_URL | "" | Overrides other MongoDB connection settings. |
+
+#### PostgreSQL Configuration
+| Variable | Default Value | Description |
+|----------|--------------|-------------|
+| PSQL_HOST | "" | PostgreSQL server hostname. |
+| PSQL_PORT | 5432 | PostgreSQL server port. |
+| PSQL_USER | "" | PostgreSQL username. |
+| PSQL_PASS | "" | PostgreSQL password. |
+| PSQL_DATABASE | "" | PostgreSQL database name. |
+
+#### MariaDB Configuration
+| Variable | Default Value | Description |
+|----------|--------------|-------------|
+| MARIADB_HOST | "" | MariaDB server hostname. |
+| MARIADB_PORT | 3306 | MariaDB server port. |
+| MARIADB_USER | "" | MariaDB username. |
+| MARIADB_PASS | "" | MariaDB password. |
+| MARIADB_DATABASE | "" | MariaDB database name. |
+
+## Deployment Instructions
+
+### Running with Docker CLI
+```sh
+docker run -d \
+  -e HOSTNAME=myserver.domain.com \
+  -e ALLOW_NEW_ACCOUNTS=true \
+  -e USE_MONGODB=true \
+  -e MONGO_URL=mongodb://username:password@mongodb:27017/meshcentral \
+  -v meshcentral-data:/opt/meshcentral/meshcentral-data \
+  -p 443:443 \
+  ghcr.io/ylianst/meshcentral:latest # or latest-mongodb
+```
+
+### Running with Docker Compose
+```yaml
+services:
+  meshcentral:
+    image: ghcr.io/ylianst/meshcentral:latest
+    environment:
+      - HOSTNAME=myserver.domain.com
+      - ALLOW_NEW_ACCOUNTS=false
+      - USE_MONGODB=true
+      - MONGO_URL=mongodb://username:password@mongodb:27017/meshcentral
+    volumes:
+      - meshcentral-data:/opt/meshcentral/meshcentral-data
+      - meshcentral-files:/opt/meshcentral/meshcentral-files
+      - meshcentral-web:/opt/meshcentral/meshcentral-web
+      - meshcentral-backups:/opt/meshcentral/meshcentral-backups
+    ports:
+    # You can add additional ports here in the same format. Such as for AMT or HTTP
+      - "443:443"
+volumes:
+  meshcentral-data:
+  meshcentral-files:
+  meshcentral-web:
+  meshcentral-backups:
+```
+
+### Using an `.env` File
+Create a `.env` file:
+```ini
+# Environment variables
+NODE_ENV=production
+CONFIG_FILE=/opt/meshcentral/meshcentral-data/config.json
+DYNAMIC_CONFIG=true
+
+# MeshCentral Configuration
+ALLOW_PLUGINS=false
+ALLOW_NEW_ACCOUNTS=false
+ALLOWED_ORIGIN=false
+ARGS=
+HOSTNAME=localhost
+IFRAME=false
+LOCAL_SESSION_RECORDING=true
+MINIFY=true
+REGEN_SESSIONKEY=false
+REVERSE_PROXY=
+REVERSE_PROXY_TLS_PORT=
+WEBRTC=false
+
+# MongoDB Configuration
+USE_MONGODB=false
+MONGO_HOST=
+MONGO_PORT=27017
+MONGO_USERNAME=
+MONGO_PASS=
+MONGO_URL=
+
+# PostgreSQL Configuration
+USE_POSTGRESQL=false
+PSQL_HOST=
+PSQL_PORT=5432
+PSQL_USER=
+PSQL_PASS=
+PSQL_DATABASE=
+
+# MariaDB/MySQL Configuration
+USE_MARIADB=false
+MARIADB_HOST=
+MARIADB_PORT=3306
+MARIADB_USER=
+MARIADB_PASS=
+MARIADB_DATABASE=
+
+# Build options
+INCLUDE_MONGODB_TOOLS=false
+INCLUDE_POSTGRESQL_TOOLS=false
+INCLUDE_MARIADB_TOOLS=false
+PREINSTALL_LIBS=false
+```
+Then run Docker Compose:
+```sh
+docker compose -f ./docker/compose.yaml --env-file .env up -d
+```
+
+# Custom healthchecks at runtime
+
+If you want to add a custom healthcheck post-compilation/with precompiled images, then do the following:<br>
+This all is based on [Docker documentation](https://docs.docker.com/reference/compose-file/services/).
+
+Add the following lines to your compose.yaml:
+```yaml
+services:
+  meshcentral:
+    image: ghcr.io/ylianst/meshcentral:latest
+    ...
+    <the rest of the compose.yaml>
+    ...
+    
+    healthcheck:
+      test: ["CMD", "curl", "-k", "--fail", "https://localhost:443/health.ashx"]
+      interval: 30s
+      timeout: 5s
+      start_period: 5s
+      retries: 3
+```
+
+And if you ever change the port on which MeshCentral *INTERNALLY* runs on please also change the healthcheck either in your compose or self-compiled Dockerfile.<br>
+Also relevant if you change scheme, such as HTTP to HTTPS or vice versa.
+
+# MeshCentral Docker Build Process
+
+This document explains the build process for the MeshCentral Docker image, along with details on various build arguments and how to use them.
+
+## Build Arguments
+
+The following build arguments are available for customizing the build process:
+
+- **DISABLE_MINIFY**: Disable HTML/JS minification during the build.
+- **DISABLE_TRANSLATE**: Disable translation of strings in MeshCentral.
+- **INCLUDE_MONGODB_TOOLS**: Include MongoDB client and related tools.
+- **INCLUDE_POSTGRESQL_TOOLS**: Include PostgreSQL client tools.
+- **INCLUDE_MARIADB_TOOLS**: Include MariaDB/MySQL client tools.
+- **PREINSTALL_LIBS**: Pre-install specific libraries like `ssh2`, `nodemailer`, etc.
+
+### Build Commands with Arguments
+
+Here are the shell commands to build the Docker image with different configurations.
+
+#### 1. Build with Minify and Translate Disabled
+If you want to disable both HTML/JS minification and translation during the build process, use the following command:
+> While in the root git location.
+
+```sh
+docker build -f docker/Dockerfile --build-arg DISABLE_MINIFY=no --build-arg DISABLE_TRANSLATE=no -t meshcentral .
+```

docker/compose.yaml

@@ -0,0 +1,22 @@
+services:
+  meshcentral:
+    image: ghcr.io/ylianst/meshcentral:latest
+    environment:
+      - DYNAMIC_CONFIG=false # Show the option but disable it by default, for safety.
+      - HOSTNAME=myserver.domain.com # Set the hostname in the config.json
+      - ALLOW_NEW_ACCOUNTS=false # Disable creation of new accounts (except for the first user) in the config.json
+      - USE_MONGODB=true # Enable the Mongo connector in the config.json
+      - MONGO_URL=mongodb://username:password@mongodb:27017/meshcentral # Example MONGO_URL
+    volumes:
+      - meshcentral-data:/opt/meshcentral/meshcentral-data
+      - meshcentral-files:/opt/meshcentral/meshcentral-files
+      - meshcentral-web:/opt/meshcentral/meshcentral-web
+      - meshcentral-backups:/opt/meshcentral/meshcentral-backups
+    ports:
+      - "80:80"
+      - "443:443"
+volumes:
+  meshcentral-data:
+  meshcentral-files:
+  meshcentral-web:
+  meshcentral-backups:

docker/config.json.template

@@ -1,8 +1,9 @@
 {
-  "$schema": "http://info.meshcentral.com/downloads/meshcentral-config-schema.json",
+  "$schema": "https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json",
   "settings": {
-    "plugins":{"enabled": false},
-    "_mongoDb": null,
+    "plugins":{
+      "enabled": false
+    },
     "cert": "myserver.mydomain.com",
     "_WANonly": true,
     "_LANonly": true,
@@ -15,17 +16,33 @@
     "TLSOffload": false,
     "SelfUpdate": false,
     "AllowFraming": false,
-    "WebRTC": false
+    "WebRTC": false,
+    "_mongoDb": "",
+    "_postgres": {
+      "host": "",
+      "port": "",
+      "user": "",
+      "password": "",
+      "database": ""
+    },
+    "_mariaDB": {
+      "host": "",
+      "port": "",
+      "user": "",
+      "password": "",
+      "database": ""
+    }
   },
   "domains": {
     "": {
       "_title": "MyServer",
       "_title2": "Servername",
-      "minify": true,
+      "minify": false,
       "NewAccounts": true,
-      "localSessionRecording": false,
+      "localSessionRecording": true,
       "_userNameIsEmail": true,
-      "_certUrl": "my.reverse.proxy"
+      "_certUrl": "my.reverse.proxy",
+      "allowedOrigin": false
     }
   },
   "_letsencrypt": {

docker/entrypoint.sh

@@ -0,0 +1,270 @@
+#!/bin/bash
+
+graceful_shutdown() {
+    echo "Received SIGTERM from the container host. Cleaning up..."
+    kill -SIGINT $meshcentral_pid
+
+    echo "MeshCentral process stopped. Exiting..."
+    exit 0
+}
+trap graceful_shutdown SIGTERM
+
+### Start MeshCentral Docker Container.
+
+# Make the start more cleared when restarted.
+echo "-------------------------------------------------------------"
+date
+echo "Config file: $CONFIG_FILE"
+
+# Failsafe to create a new config if the expected config is not there.
+if [ -f "${CONFIG_FILE}" ]; then
+    echo "Pre-existing config found, not recreating..."
+else
+    cp /opt/meshcentral/config.json.template "${CONFIG_FILE}"
+fi
+
+if [[ ${DYNAMIC_CONFIG,,} =~ ^(true|yes)$ ]]; then
+    echo "Using Dynamic Configuration values..."
+
+    # BEGIN DATABASE CONFIGURATION FIELDS
+    USE_MONGODB=${USE_MONGODB,,}
+    if [[ $USE_MONGODB =~ ^(true|yes)$ ]]; then
+        echo "Enabling MongoDB-connector..."
+
+        if [[ -n "$MONGO_URL" ]]; then
+            echo "MONGO_URL is set, using that..."
+        else
+            MONGO_URL="${MONGO_URL:-$MONGO_USERNAME:$MONGO_PASS@}$MONGO_HOST:$MONGO_PORT"
+        fi
+
+        #ESCAPED_MONGO_URL=$(echo "$MONGO_URL" | sed 's/[\/&?=:]/\\&/g')
+        sed -i 's/"_mongoDb"/"mongoDb"/' "$CONFIG_FILE"
+        jq --arg mongo_url "$MONGO_URL" \
+            '.settings.mongoDb = $mongo_url' \
+            "$CONFIG_FILE" > temp_config.json && mv temp_config.json "$CONFIG_FILE"
+    else
+        echo "Disabling MongoDB-connector..."
+        sed -i 's/"mongoDb"/"_mongoDb"/' "$CONFIG_FILE"
+    fi
+
+    USE_POSTGRESQL=${USE_POSTGRESQL,,}
+    if [[ $USE_POSTGRESQL =~ ^(true|yes)$ ]]; then
+        echo "Enabling PostgreSQL-connector..."
+
+        sed -i 's/"_postgres"/"postgres"/' "$CONFIG_FILE"
+        jq --arg psql_host "$PSQL_HOST" \
+            --arg psql_port "$PSQL_PORT" \
+            --arg psql_user "$PSQL_USER" \
+            --arg psql_pass "$PSQL_PASS" \
+            --arg psql_db "$PSQL_DATABASE" \
+            '.settings.postgres.host = $psql_host |
+            .settings.postgres.port = $psql_port |
+            .settings.postgres.user = $psql_user |
+            .settings.postgres.password = $psql_pass |
+            .settings.postgres.database = $psql_db' \
+            "$CONFIG_FILE" > temp_config.json && mv temp_config.json "$CONFIG_FILE"
+    else
+        echo "Disabling PostgreSQL-connector..."
+        sed -i 's/"postgres"/"_postgres"/' "$CONFIG_FILE"
+    fi
+
+    USE_MARIADB=${USE_MARIADB,,}
+    if [[ $USE_MARIADB =~ ^(true|yes)$ ]]; then
+        echo "Enabling MariaDB-connector..."
+        sed -i 's/"_mariaDB"/"mariaDB"/' "$CONFIG_FILE"
+        jq --arg mariadb_host "$MARIADB_HOST" \
+            --arg mariadb_port "$MARIADB_PORT" \
+            --arg mariadb_user "$MARIADB_USER" \
+            --arg mariadb_pass "$MARIADB_PASS" \
+            --arg mariadb_db "$MARIADB_DATABASE" \
+            '.settings.mariaDB.host = $mariadb_host |
+            .settings.mariaDB.port = $mariadb_port |
+            .settings.mariaDB.user = $mariadb_user |
+            .settings.mariaDB.password = $mariadb_pass |
+            .settings.mariaDB.database = $mariadb_db' \
+            "$CONFIG_FILE" > temp_config.json && mv temp_config.json "$CONFIG_FILE"
+    else
+        echo "Disabling MariaDB-connector..."
+        sed -i 's/"mariaDB"/"_mariaDB"/' "$CONFIG_FILE"
+    fi
+    # END DATABASE CONFIGURATION FIELDS
+
+    # Doing the bulk with JQ utility. Given the remaining variables an opportunity with Sed.
+    # The way this works is if the environment variable is empty, it will add a _ in front of the variable, commenting it.
+    # This will make the default value apply, as per: https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json
+
+    echo "Compiling given environment variables..."
+    echo "If defaults are going to get applied, refer to: https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json"
+
+    # SESSIONKEY
+    if [[ ${REGEN_SESSIONKEY,,} =~ ^(true|yes)$ ]]; then
+        echo "Regenerating Session-Key because REGENSESSIONKEY is 'true' or 'yes'"
+        SESSION_KEY=$(tr -dc 'A-Z0-9' < /dev/urandom | fold -w 96 | head -n 1)
+
+        sed -i 's/"_sessionKey"/"sessionKey"/' "$CONFIG_FILE"
+        jq --arg session_key "$SESSION_KEY" \
+            '.settings.sessionKey = $session_key' \
+            "$CONFIG_FILE" > temp_config.json && mv temp_config.json "$CONFIG_FILE"
+    else
+        echo "REGENSESSIONKEY is not 'true' or 'yes', therefore it's being kept as is."
+    fi
+
+    # HOSTNAME
+    if [[ -n $HOSTNAME ]]; then
+        echo "Setting hostname (cert)... $HOSTNAME"
+
+        jq --arg hostname "$HOSTNAME" \
+            '.settings.cert = $hostname' \
+            "$CONFIG_FILE" > temp_config.json && mv temp_config.json "$CONFIG_FILE"
+    else
+        echo "Invalid or no hostname, defaulting to 'localhost', value given: $HOSTNAME"
+        jq --arg hostname "localhost" \
+            '.settings.cert = $hostname' \
+            "$CONFIG_FILE" > temp_config.json && mv temp_config.json "$CONFIG_FILE"
+    fi
+
+    # ALLOWPLUGINS
+    ALLOW_PLUGINS=${ALLOW_PLUGINS,,}
+    if [[ $ALLOW_PLUGINS =~ ^(true|false)$ ]]; then
+        echo "Setting plugins... $ALLOW_PLUGINS"
+
+        sed -i 's/"_plugins"/"plugins"/' "$CONFIG_FILE"
+        jq --argjson allow_plugins "$ALLOW_PLUGINS" \
+            '.settings.plugins.enabled = $allow_plugins' \
+            "$CONFIG_FILE" > temp_config.json && mv temp_config.json "$CONFIG_FILE"
+    else
+        echo "Invalid or no ALLOWPLUGINS value given, commenting out so default applies... Value given: $ALLOW_PLUGINS"
+        sed -i 's/"plugins":/"_plugins":/g' "$CONFIG_FILE"
+    fi
+
+    # WEBRTC
+    WEBRTC=${WEBRTC,,}
+    if [[ $WEBRTC =~ ^(true|false)$ ]]; then
+        echo "Setting WebRTC... $WEBRTC"
+
+        sed -i 's/"_WebRTC"/"WebRTC"/' "$CONFIG_FILE"
+        jq --argjson webrtc "$WEBRTC" \
+            '.settings.WebRTC = $webrtc' \
+            "$CONFIG_FILE" > temp_config.json && mv temp_config.json "$CONFIG_FILE"
+        #sed -i "s/\"WebRTC\": *[a-z]*/\"WebRTC\": $WEBRTC/" "$CONFIG_FILE"
+    else
+        echo "Invalid or no WEBRTC value given, commenting out so default applies... Value given: $WEBRTC"
+        sed -i 's/"WebRTC":/"_WebRTC":/g' "$CONFIG_FILE"
+    fi
+
+    # IFRAME
+    IFRAME=${IFRAME,,}
+    if [[ $IFRAME =~ ^(true|false)$ ]]; then
+        echo "Setting AllowFraming... $IFRAME"
+
+        sed -i 's/"_AllowFraming"/"AllowFraming"/' "$CONFIG_FILE"
+        jq --argjson allow_framing "$IFRAME" \
+            '.settings.AllowFraming = $allow_framing' \
+            "$CONFIG_FILE" > temp_config.json && mv temp_config.json "$CONFIG_FILE"
+    else
+        echo "Invalid or no IFRAME value given, commenting out so default applies... Value given: $IFRAME"
+        sed -i 's/"AllowFraming":/"_AllowFraming":/g' "$CONFIG_FILE"
+    fi
+
+    # trustedProxy
+    if [[ -n $TRUSTED_PROXY ]]; then
+        echo "Setting trustedProxy... - $TRUSTED_PROXY"
+
+        if [[ $TRUSTED_PROXY == "all" ]] || [[ $TRUSTED_PROXY == "true" ]]; then
+            sed -i 's/"_trustedProxy"/"trustedProxy"/' "$CONFIG_FILE"
+            jq --argjson trusted_proxy "true" \
+                '.settings.trustedProxy = $trusted_proxy' \
+                "$CONFIG_FILE" > temp_config.json && mv temp_config.json "$CONFIG_FILE"
+        else
+            sed -i 's/"_trustedProxy"/"trustedProxy"/' "$CONFIG_FILE"
+            jq --argjson trusted_proxy "$TRUSTED_PROXY" \
+                '.settings.trustedProxy = $trusted_proxy' \
+                "$CONFIG_FILE" > temp_config.json && mv temp_config.json "$CONFIG_FILE"
+        fi
+    else
+        echo "Invalid or no REVERSE_PROXY and/or REVERSE_PROXY_TLS_PORT value given, commenting out so default applies... Value(s) given: $REVERSE_PROXY_STRING"
+        sed -i 's/"certUrl":/"_certUrl":/g' "$CONFIG_FILE"
+    fi
+
+    # ALLOW_NEW_ACCOUNTS
+    ALLOW_NEW_ACCOUNTS=${ALLOW_NEW_ACCOUNTS,,}
+    if [[ $ALLOW_NEW_ACCOUNTS =~ ^(true|false)$ ]]; then
+        echo "Setting NewAccounts... $ALLOW_NEW_ACCOUNTS"
+
+        sed -i 's/"_NewAccounts"/"NewAccounts"/' "$CONFIG_FILE"
+        jq --argjson new_accounts "$ALLOW_NEW_ACCOUNTS" \
+            '.domains[""].NewAccounts = $new_accounts' \
+            "$CONFIG_FILE" > temp_config.json && mv temp_config.json "$CONFIG_FILE"
+    else
+        echo "Invalid or no ALLOW_NEW_ACCOUNTS value given, commenting out so default applies... Value given: $ALLOW_NEW_ACCOUNTS"
+        sed -i 's/"NewAccounts":/"_NewAccounts":/g' "$CONFIG_FILE"
+    fi
+
+    # LOCALSESSIONRECORDING
+    LOCAL_SESSION_RECORDING=${LOCAL_SESSION_RECORDING,,}
+    if [[ $LOCAL_SESSION_RECORDING =~ ^(true|false)$ ]]; then
+        echo "Setting localSessionRecording... $LOCAL_SESSION_RECORDING"
+
+        sed -i 's/"_localSessionRecording"/"localSessionRecording"/' "$CONFIG_FILE"
+        jq --argjson session_recording "$LOCAL_SESSION_RECORDING" \
+            '.domains[""].localSessionRecording = $session_recording' \
+            "$CONFIG_FILE" > temp_config.json && mv temp_config.json "$CONFIG_FILE"
+    else
+        echo "Invalid or no LOCALSESSIONRECORDING value given, commenting out so default applies... Value given: $LOCAL_SESSION_RECORDING"
+        sed -i 's/"localSessionRecording":/"_localSessionRecording":/g' "$CONFIG_FILE"
+    fi
+
+    # MINIFY
+    MINIFY=${MINIFY,,}
+    if [[ $MINIFY =~ ^(true|false)$ ]]; then
+        echo "Setting minify... $MINIFY"
+
+        sed -i 's/"_minify"/"minify"/' "$CONFIG_FILE"
+        jq --argjson minify "$MINIFY" \
+            '.domains[""].minify = $minify' \
+            "$CONFIG_FILE" > temp_config.json && mv temp_config.json "$CONFIG_FILE"
+        #sed -i "s/\"minify\": *[a-z]*/\"minify\": $MINIFY/" "$CONFIG_FILE"
+    else
+        echo "Invalid or no MINIFY value given, commenting out so default applies... Value given: $MINIFY"
+        sed -i 's/"minify":/"_minify":/g' "$CONFIG_FILE"
+    fi
+
+    # ALLOWED_ORIGIN
+    ALLOWED_ORIGIN=${ALLOWED_ORIGIN,,}
+    if [[ $ALLOWED_ORIGIN =~ ^(true|false)$ ]]; then
+        echo "Setting allowedOrigin... $ALLOWED_ORIGIN"
+
+        sed -i 's/"_allowedOrigin"/"allowedOrigin"/' "$CONFIG_FILE"
+        jq --argjson allowed_origin "$ALLOWED_ORIGIN" \
+            '.domains[""].allowedOrigin = $allowed_origin' \
+            "$CONFIG_FILE" > temp_config.json && mv temp_config.json "$CONFIG_FILE"
+    else
+        echo "Invalid or no ALLOWED_ORIGIN value given, commenting out so default applies... Value given: $ALLOWED_ORIGIN"
+        sed -i 's/"allowedOrigin":/"_allowedOrigin":/g' "$CONFIG_FILE"
+    fi
+
+    # certUrl
+    if [[ -n $REVERSE_PROXY ]] && [[ -n $REVERSE_PROXY_TLS_PORT ]]; then
+        REVERSE_PROXY_STRING="${REVERSE_PROXY}:${REVERSE_PROXY_TLS_PORT}"
+
+        echo "Setting certUrl... - $REVERSE_PROXY_STRING"
+        sed -i 's/"_certUrl"/"certUrl"/' "$CONFIG_FILE"
+        jq --arg cert_url "$REVERSE_PROXY_STRING" \
+            '.domains[""].certUrl = $cert_url' \
+            "$CONFIG_FILE" > temp_config.json && mv temp_config.json "$CONFIG_FILE"
+        #sed -i "s/\"certUrl\": *[a-z]*/\"certUrl\": $REVERSE_PROXY_STRING/" "$CONFIG_FILE"
+    else
+        echo "Invalid or no REVERSE_PROXY and/or REVERSE_PROXY_TLS_PORT value given, commenting out so default applies... Value(s) given: $REVERSE_PROXY_STRING"
+        sed -i 's/"certUrl":/"_certUrl":/g' "$CONFIG_FILE"
+    fi
+
+    cat "$CONFIG_FILE"
+else
+    echo "Leaving config as-is."
+fi
+
+# Actually start MeshCentral.
+node /opt/meshcentral/meshcentral/meshcentral --configfile "${CONFIG_FILE}" "${ARGS}" >> /proc/1/fd/1 &
+meshcentral_pid=$!
+
+wait "$meshcentral_pid"

docker/readme.md

@@ -1,115 +0,0 @@
-# Create folder-structure and files
-
-```
-| - meshcentral/        # this folder contains the persistent data
-  | - data/             # MeshCentral data-files
-  | - user_files/       # where file uploads for users live
-  | - web/              # location for site customization files
-  | - backup/           # location for the meshcentral-backups
-| - .env                # environment file with initial variables
-| - docker-compose.yml
-```
-
-# Templates:
-## .env:
-```ini
-NODE_ENV=production
-
-# initial mongodb-variables
-MONGO_INITDB_ROOT_USERNAME=mongodbadmin
-MONGO_INITDB_ROOT_PASSWORD=mongodbpasswd
-
-# initial meshcentral-variables
-# the following options are only used if no config.json exists in the data-folder
-
-# your hostname
-HOSTNAME=my.domain.com
-USE_MONGODB=false
-# set to your reverse proxy IP if you want to put meshcentral behind a reverse proxy 
-REVERSE_PROXY=false
-REVERSE_PROXY_TLS_PORT=
-# set to true if you wish to enable iframe support
-IFRAME=false
-# set to false if you want disable self-service creation of new accounts besides the first (admin)
-ALLOW_NEW_ACCOUNTS=true
-# set to true to enable WebRTC - per documentation it is not officially released with meshcentral and currently experimental. Use with caution
-WEBRTC=false
-# set to true to allow plugins
-ALLOWPLUGINS=false
-# set to true to allow session recording
-LOCALSESSIONRECORDING=false
-# set to enable or disable minification of json, reduces traffic
-MINIFY=true
-```
-
-## docker-compose.yml:
-```yaml
-version: '3'
-
-services:
-  meshcentral:
-    restart: always
-    container_name: meshcentral
-    # use the official meshcentral container
-    image: ghcr.io/ylianst/meshcentral:latest
-    ports:
-      # MeshCentral will moan and try everything not to use port 80, but you can also use it if you so desire, just change the config.json according to your needs
-      - 8086:443
-    env_file:
-      - .env
-    volumes:
-      # config.json and other important files live here. A must for data persistence
-      - ./meshcentral/data:/opt/meshcentral/meshcentral-data
-      # where file uploads for users live
-      - ./meshcentral/user_files:/opt/meshcentral/meshcentral-files
-      # location for the meshcentral-backups - this should be mounted to an external storage
-      - ./meshcentral/backup:/opt/meshcentral/meshcentral-backup
-      # location for site customization files
-      - ./meshcentral/web:/opt/meshcentral/meshcentral-web
-```
-
-## docker-compose.yml mongodb:
-```yaml
-version: '3'
-
-networks:
-  meshcentral-tier:
-    driver: bridge
-
-services:
-  mongodb:
-    restart: always
-    container_name: mongodb
-    image: mongo:latest
-    env_file:
-      - .env
-    volumes:
-      # mongodb data-directory - A must for data persistence
-      - ./meshcentral/mongodb_data:/data/db
-    networks:
-      - meshcentral-tier
-
-  meshcentral:
-    restart: always
-    container_name: meshcentral
-    # use the official meshcentral container
-    image: ghcr.io/ylianst/meshcentral:latest
-    depends_on:
-      - mongodb
-    ports:
-      # MeshCentral will moan and try everything not to use port 80, but you can also use it if you so desire, just change the config.json according to your needs
-      - 8086:443
-    env_file:
-      - .env
-    volumes:
-      # config.json and other important files live here. A must for data persistence
-      - ./meshcentral/data:/opt/meshcentral/meshcentral-data
-      # where file uploads for users live
-      - ./meshcentral/user_files:/opt/meshcentral/meshcentral-files
-      # location for the meshcentral-backups - this should be mounted to an external storage
-      - ./meshcentral/backup:/opt/meshcentral/meshcentral-backup
-      # location for site customization files
-      - ./meshcentral/web:/opt/meshcentral/meshcentral-web
-    networks:
-      - meshcentral-tier
-```

docker/startup.sh

@@ -1,28 +0,0 @@
-#!/bin/bash
-
-if [ -f "meshcentral-data/${CONFIG_FILE}" ]
-    then
-        node meshcentral/meshcentral --configfile ${CONFIG_FILE}
-    else
-        cp config.json.template meshcentral-data/${CONFIG_FILE}
-        if ! [ -z "$USE_MONGODB" ] && [ "$USE_MONGODB" == "true" ]; then
-            sed -i "s/\"_mongoDb\": null/\"mongoDb\": \"mongodb:\/\/$MONGO_INITDB_ROOT_USERNAME:$MONGO_INITDB_ROOT_PASSWORD@mongodb:27017\"/" meshcentral-data/${CONFIG_FILE}
-        fi
-        sed -i "s/\"cert\": \"myserver.mydomain.com\"/\"cert\": \"$HOSTNAME\"/" meshcentral-data/${CONFIG_FILE}
-        sed -i "s/\"NewAccounts\": true/\"NewAccounts\": $ALLOW_NEW_ACCOUNTS/" meshcentral-data/${CONFIG_FILE}
-        sed -i "s/\"enabled\": false/\"enabled\": $ALLOWPLUGINS/" meshcentral-data/${CONFIG_FILE}
-        sed -i "s/\"localSessionRecording\": false/\"localSessionRecording\": $LOCALSESSIONRECORDING/" meshcentral-data/${CONFIG_FILE}
-        sed -i "s/\"minify\": true/\"minify\": $MINIFY/" meshcentral-data/${CONFIG_FILE}
-        sed -i "s/\"WebRTC\": false/\"WebRTC\": $WEBRTC/" meshcentral-data/${CONFIG_FILE}
-        sed -i "s/\"AllowFraming\": false/\"AllowFraming\": $IFRAME/" meshcentral-data/${CONFIG_FILE}
-        if [ -z "$SESSION_KEY" ]; then
-            SESSION_KEY="$(cat /dev/urandom | tr -dc 'A-Za-z0-9!#$%&()*+,-./:;<=>?@[\]^_`{|}~' | fold -w 32 | head -n 1)";
-        fi
-        sed -i "s/\"_sessionKey\": \"MyReallySecretPassword1\"/\"sessionKey\": \"$SESSION_KEY\"/" meshcentral-data/${CONFIG_FILE}
-        if [ "$REVERSE_PROXY" != "false" ]; then
-            sed -i "s/\"_certUrl\": \"my\.reverse\.proxy\"/\"certUrl\": \"https:\/\/$REVERSE_PROXY:$REVERSE_PROXY_TLS_PORT\"/" meshcentral-data/${CONFIG_FILE}
-            node meshcentral/meshcentral --configfile ${CONFIG_FILE}
-            exit
-        fi
-        node meshcentral/meshcentral --configfile ${CONFIG_FILE} --cert "$HOSTNAME"
-fi

docs/.vscode/launch.json

@@ -0,0 +1,15 @@
+{
+    // Use IntelliSense to learn about possible attributes.
+    // Hover to view descriptions of existing attributes.
+    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "type": "chrome",
+            "request": "launch",
+            "name": "Launch Chrome against localhost",
+            "url": "http://localhost:8080",
+            "webRoot": "${workspaceFolder}"
+        }
+    ]
+}

docs/Example configs/haproxy-with-sni-sample.cfg

@@ -20,6 +20,17 @@ backend sni-back
         use-server gitlabSNI if gitlab-sni
         use-server mc-SNI if mc-sni
         server mc-SNI 10.1.1.10:1443 send-proxy-v2-ssl-cn
+        
+frontend cira-tcp-front
+        bind 10.1.1.10:4433
+        mode tcp
+        option tcplog
+        tcp-request inspect-delay 5s
+        default_backend mc-cira-back
+
+backend cira-tcp-back
+        mode tcp
+        server mc-cira 10.1.1.30:4433
 
 frontend mc-front-HTTPS
         mode http