From ad92439770d9e2508c62bc2eb2d912d09c81e045 Mon Sep 17 00:00:00 2001
From: d3m0k1d <d3m0k1d1337@gmail.com>
Date: Sat, 4 Apr 2026 05:44:11 +0300
Subject: [PATCH] fix: mtls for agent, problems with auth

---
 agent/main.go                             | 16 +++++++++++++---
 backend/cmd/main.go                       | 10 +++++++++-
 backend/internal/repository/repository.go |  9 +++++++--
 backend/internal/storage/migrations.go    |  6 ++++++
 backend/internal/storage/sqlite.go        |  3 +++
 5 files changed, 38 insertions(+), 6 deletions(-)

diff --git a/agent/main.go b/agent/main.go
index 96ac401..f65173a 100644
--- a/agent/main.go
+++ b/agent/main.go
@@ -51,15 +51,25 @@ func main() {
 
 	log.Println("Agent registration complete")
 	err = func() error {
-		creds, err := mtls.LoadMTLSCredentials(certs.CACertPEM, certs.ClientCertPEM, certs.ClientKeyPEM)
+		creds, err := mtls.LoadMTLSCredentialsFromFiles(
+			cfg.CertDir+"/ca.crt",
+			cfg.CertDir+"/client.crt",
+			cfg.CertDir+"/client.key",
+		)
 		if err != nil {
 			return err
 		}
 		ctx, cancel := context.WithCancel(context.Background())
 		defer cancel()
 		cmdexe := new(commander.CommandExecutor)
-		ccli := client.New(cmdexe, cfg.RegistrationToken, cfg.Label)
-		return ccli.HandleCommands(ctx, cfg.BackendURL, creds)
+		ccli := client.New(cmdexe, cfg.Label, cfg.Label)
+		grpcAddr := cfg.GRPCURL
+		if grpcAddr == "" {
+			grpcAddr = cfg.BackendURL
+		}
+		grpcAddr = strings.TrimPrefix(grpcAddr, "http://")
+		grpcAddr = strings.TrimPrefix(grpcAddr, "https://")
+		return ccli.HandleCommands(ctx, grpcAddr, creds)
 	}()
 	if err != nil {
 		log.Fatalf("Failed to generate key and CSR: %v", err)
diff --git a/backend/cmd/main.go b/backend/cmd/main.go
index 9674fed..b74779b 100644
--- a/backend/cmd/main.go
+++ b/backend/cmd/main.go
@@ -62,6 +62,7 @@ func main() {
 	agents := handlers.NewAgentsGroup(h, cmdr)
 	auth := handlers.AuthGroup{Handlers: h}
 	agentReg := handlers.NewAgentRegistrationGroup(h)
+	agentDeploy := handlers.NewAgentDeployGroup(h)
 
 	// Create admin user from config if not exists
 	if cfg.Admin.Admin_login != "" && cfg.Admin.Admin_password != "" {
@@ -74,13 +75,20 @@ func main() {
 				PermissionView:   true,
 				PermissionManage: true,
 				PermissionAdmin:  true,
-				IsActive:         true, // Admin user is active by default
+				IsActive:         true,
 			})
 			if err != nil {
 				log.Printf("Warning: failed to create admin user: %v", err)
 			} else {
 				log.Println("Admin user created from config")
 			}
+		} else {
+			// Ensure existing admin is activated
+			if err := h.Repo.ActivateUserByLogin(cfg.Admin.Admin_login); err != nil {
+				log.Printf("Warning: failed to activate admin user: %v", err)
+			} else {
+				log.Println("Admin user activated")
+			}
 		}
 	}
 
diff --git a/backend/internal/repository/repository.go b/backend/internal/repository/repository.go
index 49492f1..a7941d8 100644
--- a/backend/internal/repository/repository.go
+++ b/backend/internal/repository/repository.go
@@ -26,7 +26,12 @@ var ErrAccountInactive = errors.New("account is not activated")
 // Init creates the tokens table if it does not exist.
 func (r *Repository) Init() error {
 	_, err := r.DB.Exec(storage.CreateSqlite)
-	return err
+	if err != nil {
+		return err
+	}
+	// Migration: add is_active column if it doesn't exist (SQLite ignores errors for duplicate column)
+	_, _ = r.DB.Exec(storage.AddIsActiveColumn)
+	return nil
 }
 
 // CreateToken inserts a new user record with hashed password and generated token.
@@ -46,7 +51,7 @@ func (r *Repository) CreateToken(tc TokenCreate) (string, error) {
 		`INSERT INTO tokens (name, last_name, login, password, token, permission_view, permission_manage_agent, permission_admin, is_active)
 		 VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)`,
 		tc.Name, tc.LastName, tc.Login, string(hashed), token,
-		tc.PermissionView, tc.PermissionManage, tc.PermissionAdmin, false,
+		tc.PermissionView, tc.PermissionManage, tc.PermissionAdmin, tc.IsActive,
 	)
 	if err != nil {
 		return "", err
diff --git a/backend/internal/storage/migrations.go b/backend/internal/storage/migrations.go
index 93568c3..87f1f1d 100644
--- a/backend/internal/storage/migrations.go
+++ b/backend/internal/storage/migrations.go
@@ -15,6 +15,12 @@ const CreateSqlite = `
 );
 `
 
+// AddIsActiveColumn adds is_active column to tokens table if it doesn't exist.
+// This is a migration for existing databases that don't have this column.
+const AddIsActiveColumn = `
+	ALTER TABLE tokens ADD COLUMN is_active BOOL NOT NULL DEFAULT 0
+`
+
 const CreateRegistrationTokensTable = `
 CREATE TABLE IF NOT EXISTS registration_tokens (
 	id INTEGER PRIMARY KEY AUTOINCREMENT,
diff --git a/backend/internal/storage/sqlite.go b/backend/internal/storage/sqlite.go
index 6a4fb1b..6bcea23 100644
--- a/backend/internal/storage/sqlite.go
+++ b/backend/internal/storage/sqlite.go
@@ -36,5 +36,8 @@ func Open(path string) (*sql.DB, error) {
 		return nil, fmt.Errorf("migrate: %w", err)
 	}
 
+	// Migration: add is_active column if it doesn't exist
+	_, _ = db.Exec(AddIsActiveColumn)
+
 	return db, nil
 }