Skip to content

pithead: validate dashboard.host + reset-dashboard targets from .env (#130, #139)#155

Merged
VijitSingh97 merged 2 commits into
mainfrom
claude/pithead-host-reset-safety
Jun 4, 2026
Merged

pithead: validate dashboard.host + reset-dashboard targets from .env (#130, #139)#155
VijitSingh97 merged 2 commits into
mainfrom
claude/pithead-host-reset-safety

Conversation

@VijitSingh97
Copy link
Copy Markdown
Collaborator

@VijitSingh97 VijitSingh97 commented Jun 4, 2026

Two small pithead safety fixes from the v1.0 sweep.

#130 — validate dashboard.host before it reaches the Caddyfile

dashboard.host flows verbatim into the generated Caddyfile's site address (generate_caddyfile), but had no validation (unlike stratum_bind). A value containing a space, newline, or {/} would break the Caddyfile — or inject extra reverse-proxy directives. Adds an is_valid_host check in parse_and_validate_config (hostname/IP characters only) that errors early.

#139reset-dashboard wipes the live data dirs, not a config-only path

reset-dashboard resolved its rm -rf targets from a fresh config.json parse. So if you edited p2pool.data_dir / dashboard.data_dir in config.json but hadn't run apply yet, reset would delete the new path (possibly a populated directory you just pointed at) while the running stack still used the old one. Now it resolves the targets from .env (the live deployment), assert_safe_dirs them, and refuses to run rather than guess if .env doesn't name them.

Tests

  • is_valid_host unit (hostname/IPv4/IPv6 accepted; space/braces/slash/empty rejected).
  • Black-box: a bad dashboard.host is rejected by apply.
  • Black-box: reset-dashboard targets the .env dir (a sudo stub logs, never executes, so nothing is deleted) and ignores a different config-only data_dir; and it refuses when .env lacks the dirs.
  • Suite 111 passed, shellcheck clean.

Closes #130. Closes #139.

🤖 Generated with Claude Code

VijitSingh97 and others added 2 commits June 4, 2026 09:00
@VijitSingh97 @claude
pithead: validate dashboard.host + resolve reset-dashboard targets fr…
db8bd27 
…om .env (#130, #139)

#130: dashboard.host is rendered verbatim into the Caddyfile site address but was never
validated. A value with a space, newline, or `{`/`}` would break the Caddyfile (or inject
directives). Add an is_valid_host check in parse_and_validate_config (hostname/IP chars
only), mirroring the stratum_bind validation.

#139: reset-dashboard wiped the dirs from a fresh config.json parse, so editing a *.data_dir
before reset (without an apply) could `rm -rf` a directory the running stack never used.
Resolve the delete targets from .env (the live deployment) instead, assert_safe_dir them,
and refuse to run rather than guess if .env doesn't name them.

Tests: is_valid_host unit; bad-dashboard.host rejected; reset targets the .env dir (not a
config-only path) and refuses without .env dirs. Suite 111 passed, shellcheck clean.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@VijitSingh97
Merge origin/main into claude/pithead-host-reset-safety
698bd77 
Resolve CHANGELOG.md conflict by keeping both [Unreleased] › Fixed entries — the #142
pool-type fix (landed on main via #154) and this branch's #139 reset-dashboard fix.
Suite green (stack 111, compose + shellcheck).
@VijitSingh97 VijitSingh97 merged commit 831277f into main Jun 4, 2026
5 checks passed
@VijitSingh97 VijitSingh97 deleted the claude/pithead-host-reset-safety branch June 4, 2026 14:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

1 participant

@VijitSingh97