fix bug

Author: phrocker

.local.env

@@ -1,7 +1,7 @@
-SENTRIUS_VERSION=1.1.92
+SENTRIUS_VERSION=1.1.95
 SENTRIUS_SSH_VERSION=1.1.18
 SENTRIUS_KEYCLOAK_VERSION=1.1.25
 SENTRIUS_AGENT_VERSION=1.1.18
 SENTRIUS_AI_AGENT_VERSION=1.1.33
 LLMPROXY_VERSION=1.0.18
-LAUNCHER_VERSION=1.0.27
+LAUNCHER_VERSION=1.0.29

.local.env.bak

@@ -1,7 +1,7 @@
-SENTRIUS_VERSION=1.1.92
+SENTRIUS_VERSION=1.1.95
 SENTRIUS_SSH_VERSION=1.1.18
 SENTRIUS_KEYCLOAK_VERSION=1.1.25
 SENTRIUS_AGENT_VERSION=1.1.18
 SENTRIUS_AI_AGENT_VERSION=1.1.33
 LLMPROXY_VERSION=1.0.18
-LAUNCHER_VERSION=1.0.26
+LAUNCHER_VERSION=1.0.28

api/src/main/java/io/sentrius/sso/locator/KubernetesAgentLocator.java

@@ -9,16 +9,12 @@
 @Component
 public class KubernetesAgentLocator {
 
-    @Value("${sentrius.agent.namespace}")
-    private String agentNamespace;
 
-    @Value("${sentrius.agent.port:8080}")
-    private int agentPort;
-
-    public URI resolveWebSocketUri(String agentId) {
+    public URI resolveWebSocketUri(String host, String sessionId, String chatGroupId, String ztat) {
         // DNS: sentrius-agent-[ID].[namespace].svc.cluster.local
-        String fqdn = String.format("ws://sentrius-agent-%s.%s.svc.cluster.local:%d/ws",
-            agentId, agentNamespace, agentPort);
+        ///api/v1/chat/attach/subscribe?sessionId=${encodeURIComponent(this.sessionId)}&chatGroupId=${this.chatGroupId}&ztat=${encodeURIComponent(jwt)
+        String fqdn = String.format("%s/api/v1/chat/attach/subscribe?sessionId=%s&chatGroupId=%s&ztat=%s",
+            host,  sessionId, chatGroupId, ztat);
         return URI.create(fqdn);
     }
 }

api/src/main/java/io/sentrius/sso/startup/ConfigurationApplicationTask.java

@@ -683,16 +683,16 @@ protected List<User> createUsers(
                     }
                 }
                 if (action){
-                    user = userService.getUser(user.getId()).orElseThrow();
+                    var newUser = userService.getUser(user.getId());
                     var definition = userDTO.getAtlpDefinition();
                     if (null != definition && !definition.isEmpty()) {
                     Optional<ATPLPolicyEntity> policy = policyList.stream()
                         .filter(p -> p.getPolicyId().equals(definition))
                         .findFirst();
-                    if (policy.isPresent()) {
-                        atplPolicyService.assignPolicyToUser(user, policy.get());
+                    if (policy.isPresent() & newUser.isPresent()) {
+                        atplPolicyService.assignPolicyToUser(newUser.get(), policy.get());
                     } else {
-                        log.warn("No ATPL policy found for user {} with policy id {}", user.getUsername(),
+                        log.warn("No ATPL policy found for user {} with policy id {}", newUser.get().getUsername(),
                             definition);
                     }
                 }
@@ -811,16 +811,16 @@ protected List<User> createNPEs(
                     }
                 }
                 if (action){
-                    user = userService.getUser(user.getId()).orElseThrow();
+                    var newUser = userService.getUser(user.getId());
                     var definition = userDTO.getAtlpDefinition();
                     if (null != definition && !definition.isEmpty()) {
                         Optional<ATPLPolicyEntity> policy = policyList.stream()
                             .filter(p -> p.getPolicyId().equals(definition))
                             .findFirst();
                         if (policy.isPresent()) {
-                            atplPolicyService.assignPolicyToUser(user, policy.get());
+                            atplPolicyService.assignPolicyToUser(newUser.get(), policy.get());
                         } else {
-                            log.warn("No ATPL policy found for user {} with policy id {}", user.getUsername(),
+                            log.warn("No ATPL policy found for user {} with policy id {}", newUser.get().getUsername(),
                                 definition);
                         }
                     }

api/src/main/java/io/sentrius/sso/websocket/AgentHandshakeInterceptor.java

@@ -7,6 +7,8 @@
 
 import java.util.Map;
 
+import org.springframework.web.util.UriComponentsBuilder;
+
 public class AgentHandshakeInterceptor implements HandshakeInterceptor {
 
     @Override
@@ -15,12 +17,16 @@ public boolean beforeHandshake(ServerHttpRequest request,
                                    WebSocketHandler wsHandler,
                                    Map<String, Object> attributes) {
 
-        String path = request.getURI().getPath();  // e.g. /api/v1/agents/ws/agent-123
-        String[] segments = path.split("/");
-        String agentId = segments[segments.length - 1];  // assumes agentId is at the end
+        String query = request.getURI().getQuery();
+        Map<String, String> queryParams = UriComponentsBuilder.fromUri(request.getURI()).build().getQueryParams().toSingleValueMap();
+
+        attributes.put("host", queryParams.get("phost"));
+        attributes.put("sessionId", queryParams.get("sessionId"));
+        attributes.put("chatGroupId", queryParams.get("chatGroupId"));
+        attributes.put("ztat", queryParams.get("ztat"));
 
-        attributes.put("agentId", agentId);
         return true;
+
     }
 
     @Override

api/src/main/java/io/sentrius/sso/websocket/AgentWebSocketProxyHandler.java

@@ -1,43 +1,61 @@
 package io.sentrius.sso.websocket;
 
 import java.net.URI;
+import java.security.GeneralSecurityException;
+
 import io.sentrius.sso.locator.KubernetesAgentLocator;
 import lombok.RequiredArgsConstructor;
+
 import org.springframework.stereotype.Component;
 import org.springframework.web.reactive.socket.WebSocketHandler;
 import org.springframework.web.reactive.socket.WebSocketMessage;
 import org.springframework.web.reactive.socket.WebSocketSession;
 import org.springframework.web.reactive.socket.client.ReactorNettyWebSocketClient;
+
+import io.sentrius.sso.core.services.security.CryptoService;
+import lombok.extern.slf4j.Slf4j;
 import reactor.core.publisher.Mono;
 
 @Component
+@Slf4j
 @RequiredArgsConstructor
 public class AgentWebSocketProxyHandler implements WebSocketHandler {
 
 private final KubernetesAgentLocator agentLocator;
+private final CryptoService cryptoService;
 
 @Override
 public Mono<Void> handle(WebSocketSession clientSession) {
-    String agentId = (String) clientSession.getAttributes().get("agentId");
-    URI agentUri = agentLocator.resolveWebSocketUri(agentId);
-
-    ReactorNettyWebSocketClient proxyClient = new ReactorNettyWebSocketClient();
-
-    return proxyClient.execute(agentUri, agentSession -> {
-        // Forward messages from client to agent
-        Mono<Void> clientToAgent = clientSession.receive()
-            .map(WebSocketMessage::getPayload)
-            .map(dataBuffer -> agentSession.binaryMessage(factory -> dataBuffer))
-            .as(agentSession::send);
-
-        // Forward messages from agent to client
-        Mono<Void> agentToClient = agentSession.receive()
-            .map(WebSocketMessage::getPayload)
-            .map(dataBuffer -> clientSession.binaryMessage(factory -> dataBuffer))
-            .as(clientSession::send);
-
-        // Run both directions in parallel, complete when both are done
-        return Mono.zip(clientToAgent, agentToClient).then();
-    });
+    try {
+        String host = (String) clientSession.getAttributes().get("host");
+        var decryptedHost = cryptoService.decrypt(host); // Ensure host is decrypted if necessary
+        String sessionId = (String) clientSession.getAttributes().get("sessionId");
+        String chatGroupId = (String) clientSession.getAttributes().get("chatGroupId");
+        String ztat = (String) clientSession.getAttributes().get("ztat");
+        log.info("Handling WebSocket connection for host: {}, sessionId: {}, chatGroupId: {}, ztat: {}",
+                decryptedHost, sessionId, chatGroupId, ztat);
+        URI agentUri = agentLocator.resolveWebSocketUri(decryptedHost, sessionId, chatGroupId, ztat);
+        
+        ReactorNettyWebSocketClient proxyClient = new ReactorNettyWebSocketClient();
+        
+        return proxyClient.execute(agentUri, agentSession -> {
+            // Forward messages from client to agent
+            Mono<Void> clientToAgent = clientSession.receive()
+                    .map(WebSocketMessage::getPayload)
+                    .map(dataBuffer -> agentSession.binaryMessage(factory -> dataBuffer))
+                    .as(agentSession::send);
+            
+            // Forward messages from agent to client
+            Mono<Void> agentToClient = agentSession.receive()
+                    .map(WebSocketMessage::getPayload)
+                    .map(dataBuffer -> clientSession.binaryMessage(factory -> dataBuffer))
+                    .as(clientSession::send);
+            
+            // Run both directions in parallel, complete when both are done
+            return Mono.zip(clientToAgent, agentToClient).then();
+        });
+    } catch (GeneralSecurityException ex) {
+        throw new RuntimeException("Failed to decrypt host", ex);
+    }
 }
 }

api/src/main/java/io/sentrius/sso/websocket/WebSocketRouteConfig.java

@@ -21,7 +21,7 @@ public class WebSocketRouteConfig {
     @Bean
     public WebSocketHandlerMapping webSocketMapping() {
         Map<String, WebSocketHandler> map = new HashMap<>();
-        map.put("/api/v1/agents/ws/{agentId}", agentWebSocketProxyHandler);
+        map.put("/api/v1/agents/ws/{host}/{sessionId}/{chatGroupId}/{ztat}", agentWebSocketProxyHandler);
 
         WebSocketHandlerMapping mapping = new WebSocketHandlerMapping();
         mapping.setUrlMap(map);

api/src/main/resources/static/js/chat.js

@@ -73,7 +73,10 @@ class ChatSession {
 
 
         // Step 3: Open WebSocket with ZTAT token
-        const uri = `${phost}/api/v1/chat/attach/subscribe?sessionId=${encodeURIComponent(this.sessionId)}&chatGroupId=${this.chatGroupId}&ztat=${encodeURIComponent(jwt)}`;
+        //const uri = `${phost}/api/v1/chat/attach/subscribe?sessionId=${encodeURIComponent(this.sessionId)}&chatGroupId=${this.chatGroupId}&ztat=${encodeURIComponent(jwt)}`;
+        //const uri = `/api/v1/agents/ws/${encodeURIComponent(phost)}/${encodeURIComponent(this.sessionId)}/${encodeURIComponent(this.chatGroupId)}/${encodeURIComponent(jwt)}`;
+        const uri = `/api/v1/agents/ws?phost=${encodeURIComponent(phost)}&sessionId=${encodeURIComponent(this.sessionId)}&chatGroupId=${encodeURIComponent(this.chatGroupId)}&jwt=${encodeURIComponent(jwt)}`;
+
         console.log("Connecting to chat server with ZTAT at:", uri);
         this.connection = new WebSocket(uri);
 

dataplane/src/main/java/io/sentrius/sso/core/services/agents/AgentService.java

@@ -129,7 +129,13 @@ public List<AgentDTO> getAllAgents(boolean encryptId, List<String> filteredIds,
                         dtoBuilder.agentName(heartbeat.getAgentName());
                         var callback = callbackUrls.get(heartbeat.getAgentId());
                         if (callback != null) {
-                            dtoBuilder.agentCallback(callback);
+                            try {
+                            
+                            var encryptedCallback = cryptoService.encrypt(callback); // Ensure callback is decrypted
+                            dtoBuilder.agentCallback(encryptedCallback);
+                            } catch (GeneralSecurityException e) {
+                                throw new RuntimeException("Error encrypting callback URL", e);
+                            }
                         }
                     }
                     if (encryptId){