Add Python agent, WebSocket relay, real viewer, enrollment tokens

- WebSocket relay service (FastAPI) bridges agents and viewers - Python agent with screen capture (mss), input control (pynput), script execution, and auto-reconnect - Windows service wrapper, PyInstaller spec, NSIS installer for silent mass deployment (RemoteLink-Setup.exe /S /SERVER= /ENROLL=) - Enrollment token system: admin generates tokens, agents self-register - Real WebSocket viewer replaces simulated canvas - Linux agent binary served from /downloads/remotelink-agent-linux - DB migration 0002: viewer_token on sessions, enrollment_tokens table - Sign-up pages cleaned up (invite-only redirect) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-10 16:25:10 -07:00
parent b2be19ed14
commit e16a2fa978
28 changed files with 1953 additions and 343 deletions
--- a/app/api/enrollment-tokens/route.ts
+++ b/app/api/enrollment-tokens/route.ts
@@ -0,0 +1,62 @@
+import { auth } from '@/auth'
+import { db } from '@/lib/db'
+import { enrollmentTokens } from '@/lib/db/schema'
+import { eq, desc } from 'drizzle-orm'
+import { NextRequest, NextResponse } from 'next/server'
+
+// GET /api/enrollment-tokens — list all (admin only)
+export async function GET() {
+  const session = await auth()
+  if (!session?.user || session.user.role !== 'admin') {
+    return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
+  }
+
+  const tokens = await db
+    .select()
+    .from(enrollmentTokens)
+    .orderBy(desc(enrollmentTokens.createdAt))
+
+  return NextResponse.json({ tokens })
+}
+
+// POST /api/enrollment-tokens — create new token (admin only)
+export async function POST(request: NextRequest) {
+  const session = await auth()
+  if (!session?.user || session.user.role !== 'admin') {
+    return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
+  }
+
+  const { label, expiresInDays, maxUses } = await request.json()
+
+  const expiresAt = expiresInDays
+    ? new Date(Date.now() + expiresInDays * 24 * 60 * 60 * 1000)
+    : null
+
+  const token = await db
+    .insert(enrollmentTokens)
+    .values({
+      label: label || null,
+      createdBy: session.user.id,
+      expiresAt,
+      maxUses: maxUses || null,
+    })
+    .returning()
+
+  return NextResponse.json({ token: token[0] }, { status: 201 })
+}
+
+// DELETE /api/enrollment-tokens — revoke token (admin only)
+export async function DELETE(request: NextRequest) {
+  const session = await auth()
+  if (!session?.user || session.user.role !== 'admin') {
+    return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
+  }
+
+  const { id } = await request.json()
+  await db
+    .update(enrollmentTokens)
+    .set({ revokedAt: new Date() })
+    .where(eq(enrollmentTokens.id, id))
+
+  return NextResponse.json({ success: true })
+}