Stop dashboard before backup; Local client use random string instead.

Dockerfile

@@ -3,7 +3,7 @@ FROM debian
 WORKDIR /dashboard
 
 RUN apt-get update &&\
-    apt-get -y install openssh-server wget iproute2 vim git cron unzip supervisor nginx &&\
+    apt-get -y install openssh-server wget iproute2 vim git cron unzip supervisor nginx sqlite3 &&\
     git config --global core.bigFileThreshold 1k &&\
     git config --global core.compression 0 &&\
     git config --global advice.detachedHead false &&\

init.sh

@@ -262,7 +262,7 @@ stderr_logfile=/dev/null
 stdout_logfile=/dev/null
 
 [program:agent]
-command=$WORK_DIR/nezha-agent -s localhost:$GRPC_PORT -p abcdefghijklmnopqr
+command=$WORK_DIR/nezha-agent -s localhost:$GRPC_PORT -p $(tr -dc 'A-Za-z0-9' </dev/urandom | head -c 18)
 autostart=true
 autorestart=true
 stderr_logfile=/dev/null

template/backup.sh

@@ -55,6 +55,9 @@ ABC
   fi
 }
 
+# 运行备份脚本时，自锁一定时间以防 Github 缓存的原因导致数据马上被还原
+touch $(awk -F '=' '/NO_ACTION_FLAG/{print $2; exit}' $WORK_DIR/restore.sh)1
+
 # 手自动标志
 [ "$1" = 'a' ] && WAY=Scheduled || WAY=Manualed
 [ "$1" = 'f' ] && WAY=Manualed && FORCE_UPDATE=true
@@ -92,25 +95,19 @@ if [[ "${DASHBOARD_UPDATE}${CLOUDFLARED_UPDATE}${IS_BACKUP}${FORCE_UPDATE}" =~ t
       info "\n Restart Nezha Dashboard \n"
       if [ "$IS_DOCKER" = 1 ]; then
         supervisorctl stop nezha >/dev/null 2>&1
+        sleep 10
         mv -f /tmp/dist/dashboard-linux-$ARCH $WORK_DIR/app
         supervisorctl start nezha >/dev/null 2>&1
       else
         cmd_systemctl disable >/dev/null 2>&1
+        sleep 10
         mv -f /tmp/dist/dashboard-linux-$ARCH $WORK_DIR/app
         cmd_systemctl enable >/dev/null 2>&1
       fi
     fi
     rm -rf /tmp/dist /tmp/dashboard.zip
   fi
 
-  # 处理 v0.15.17 之后自定义主题静态链接的路径问题，删除原 resource 下的非 custom 文件夹及文件
-  [ -d $WORK_DIR/resource/static/theme-custom ] && mv -f $WORK_DIR/resource/static/theme-custom $WORK_DIR/resource/static/custom
-  [ -s $WORK_DIR/resource/template/theme-custom/header.html ] && sed -i 's#/static/theme-custom/#/static-custom/#g' $WORK_DIR/resource/template/theme-custom/header.html
-  if [ -d $WORK_DIR/resource ]; then
-    find $WORK_DIR/resource ! -path "$WORK_DIR/resource/*/*custom*" -type f -delete
-    find $WORK_DIR/resource ! -path "$WORK_DIR/resource/*/*custom*" -type d -empty -delete
-  fi
-
   # 更新 cloudflared
   if [[ "${CLOUDFLARED_UPDATE}${FORCE_UPDATE}" =~ 'true' ]]; then
     hint "\n Renew Cloudflared to $CLOUDFLARED_LATEST \n"
@@ -131,19 +128,24 @@ if [[ "${DASHBOARD_UPDATE}${CLOUDFLARED_UPDATE}${IS_BACKUP}${FORCE_UPDATE}" =~ t
 
   # 克隆备份仓库，压缩备份文件，上传更新
   if [ "$IS_BACKUP" = 'true' ]; then
-    # 设置 git 环境变量，减少系统开支
+    # 备份前先停掉面板，设置 git 环境变量，减少系统开支
     if [ "$IS_DOCKER" != 1 ]; then
+      cmd_systemctl disable >/dev/null 2>&1
       git config --global core.bigFileThreshold 1k
       git config --global core.compression 0
       git config --global advice.detachedHead false
       git config --global pack.threads 1
       git config --global pack.windowMemory 50m
+    else
+      supervisorctl stop nezha >/dev/null 2>&1
     fi
+    sleep 10
 
     # 克隆现有备份库
     [ -d /tmp/$GH_REPO ] && rm -rf /tmp/$GH_REPO
     git clone https://$GH_PAT@github.com/$GH_BACKUP_USER/$GH_REPO.git --depth 1 --quiet /tmp/$GH_REPO
 
+
     # 压缩备份数据，只备份 data/ 目录下的 config.yaml 和 sqlite.db； resource/ 目录下名字有 custom 的自定义主题文件夹
     if [ -d /tmp/$GH_REPO ]; then
       TIME=$(date "+%Y-%m-%d-%H:%M:%S")
@@ -166,13 +168,20 @@ if [[ "${DASHBOARD_UPDATE}${CLOUDFLARED_UPDATE}${IS_BACKUP}${FORCE_UPDATE}" =~ t
       cd ..
       rm -rf $GH_REPO
       # 如备份成功，自锁一定时间以防 Github 缓存的原因导致数据马上被还原
-      [ "$IS_UPLOAD" = 0 ] && touch $(awk -F '=' '/NO_ACTION_FLAG/{print $2; exit}' $WORK_DIR/restore.sh)1 && echo "dashboard-$TIME.tar.gz" > $WORK_DIR/dbfile && info "\n Succeed to upload the backup files dashboard-$TIME.tar.gz to Github.\n" || hint "\n Failed to upload the backup files dashboard-$TIME.tar.gz to Github.\n"
+      if [ "$IS_UPLOAD" = 0 ]; then
+        echo "dashboard-$TIME.tar.gz" > $WORK_DIR/dbfile
+        info "\n Succeed to upload the backup files dashboard-$TIME.tar.gz to Github.\n"
+      else
+        rm -f $(awk -F '=' '/NO_ACTION_FLAG/{print $2; exit}' $WORK_DIR/restore.sh)*
+        hint "\n Failed to upload the backup files dashboard-$TIME.tar.gz to Github.\n"
     fi
   fi
 fi
 
 if [ "$IS_DOCKER" = 1 ]; then
+  supervisorctl start nezha >/dev/null 2>&1
   [ $(supervisorctl status all | grep -c "RUNNING") = $(grep -c '\[program:.*\]' /etc/supervisor/conf.d/damon.conf) ] && info "\n All programs started! \n" || error "\n Failed to start program! \n"
 else
+  cmd_systemctl enable >/dev/null 2>&1
   [ "$(systemctl is-active nezha-dashboard)" = 'active' ] && info "\n Nezha dashboard started! \n" || error "\n Failed to start Nezha dashboard! \n"
 fi

template/restore.sh

@@ -14,7 +14,7 @@ IS_DOCKER=
 
 ########
 
-# version: 2024.3.21
+# version: 2024.04.02
 
 trap "rm -rf $TEMP_DIR; echo -e '\n' ;exit" INT QUIT TERM EXIT
 
@@ -141,14 +141,6 @@ if [ -e $TEMP_DIR/backup.tar.gz ]; then
   tar xzvf $TEMP_DIR/backup.tar.gz -C $TEMP_DIR ${CUSTOM_FULL_PATH[@]} ${FILE_PATH}data
   echo -e "↑↑↑↑↑↑↑↑↑↑ Restore-file list ↑↑↑↑↑↑↑↑↑↑\n\n"
 
-  # 处理 v0.15.17 之后自定义主题静态链接的路径问题，删除备份文件中 resource 下的非 custom 文件夹及文件
-  [ -d $TEMP_DIR/resource/static/theme-custom ] && mv -f $TEMP_DIR/resource/static/theme-custom $TEMP_DIR/resource/static/custom
-  [ -s $TEMP_DIR/resource/template/theme-custom/header.html ] && sed -i 's#/static/theme-custom/#/static-custom/#g' $TEMP_DIR/resource/template/theme-custom/header.html
-  if [ -d $TEMP_DIR/resource ]; then
-    find $TEMP_DIR/resource ! -path "$TEMP_DIR/resource/*/*custom*" -type f -delete
-    find $TEMP_DIR/resource ! -path "$TEMP_DIR/resource/*/*custom*" -type d -empty -delete
-  fi
-
   # 还原面板配置的最新信息
   sed -i "s@HTTPPort:.*@$CONFIG_HTTPPORT@; s@Language:.*@$CONFIG_LANGUAGE@; s@^GRPCPort:.*@$CONFIG_GRPCPORT@; s@gGRPCHost:.*@I$CONFIG_GRPCHOST@; s@ProxyGRPCPort:.*@$CONFIG_PROXYGRPCPORT@; s@Type:.*@$CONFIG_TYPE@; s@Admin:.*@$CONFIG_ADMIN@; s@ClientID:.*@$CONFIG_CLIENTID@; s@ClientSecret:.*@$CONFIG_CLIENTSECRET@I" ${TEMP_DIR}/${FILE_PATH}data/config.yaml
 
@@ -160,6 +152,14 @@ if [ -e $TEMP_DIR/backup.tar.gz ]; then
 
   [[ "$(awk '{print $NF}' <<< "$CONFIG_MAXTCPPINGVALUE")" =~ ^[0-9]+$ ]] && sed -i "s@MaxTCPPingValue:.*@$CONFIG_MAXTCPPINGVALUE@" ${TEMP_DIR}/${FILE_PATH}data/config.yaml
 
+  # 如果是容器版本会有本地的客户端探针，Token 将是当前部署时生成的18位随机字符串，还原的时候，会把 sqlite.db 里的历史 Token 更换为新的。
+  if [ "$IS_DOCKER" = 1 ]; then
+    [ $(type -p sqlite3) ] || apt-get -y install sqlite3
+    DB_TOKEN=$(sqlite3 ${TEMP_DIR}/${FILE_PATH}data/sqlite.db "select secret from servers where created_at='2023-04-23 13:02:00.770756566+08:00'")
+    [ -n "$DB_TOKEN" ] && LOCAL_TOKEN=$(awk '/nezha-agent -s localhost/{print $NF}' /etc/supervisor/conf.d/damon.conf)
+    [ "$DB_TOKEN" != "$LOCAL_TOKEN" ] && sqlite3 ${TEMP_DIR}/${FILE_PATH}data/sqlite.db "update servers set secret='${LOCAL_TOKEN}' where created_at='2023-04-23 13:02:00.770756566+08:00'"
+  fi
+
   # 复制临时文件到正式的工作文件夹
   cp -rf ${TEMP_DIR}/${FILE_PATH}data/* ${WORK_DIR}/data/
   [ -d ${TEMP_DIR}/${FILE_PATH}resource ] && cp -rf ${TEMP_DIR}/${FILE_PATH}resource ${WORK_DIR}