Self-hosted SSH + SFTP + RDP in a browser — MobaXterm replacement
6d76558bc3
Full per-user data isolation across all tables: - Migration adds userId FK to hosts, host_groups, credentials, ssh_keys, connection_logs. Backfills existing data to admin@wraith.local. - All services scope queries by userId from JWT (req.user.sub). Users can only see/modify their own data. Cross-user access returns 403. - Two roles: admin (full access + user management) and user (own data only). - Admin endpoints: list/create/edit/delete users, reset password, reset TOTP. Protected by AdminGuard. Admins cannot delete themselves or remove own role. - JWT payload now includes role. Frontend auth store exposes isAdmin getter. - Seed script fixed: checks for admin@wraith.local specifically (not any user). Uses upsert, seeds with role=admin. Migration cleans up duplicate users. - Connection logs now attributed to the connecting user via WS auth. - Deleting a user CASCADEs to all their hosts, credentials, keys, and logs. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| backend | ||
| docs/superpowers | ||
| frontend | ||
| images | ||
| .env.example | ||
| .gitignore | ||
| docker-compose.yml | ||
| Dockerfile | ||
| README.md | ||
| Remote-Spec.md | ||
Wraith
Self-hosted MobaXterm replacement — SSH + SFTP + RDP in a browser.
Stack
- Backend: NestJS 10, Prisma 6, PostgreSQL 16, ssh2, guacd
- Frontend: Nuxt 3 (SPA), PrimeVue 4, Tailwind CSS, xterm.js 5
Quick Start
cp .env.example .env
# Edit .env with real secrets
docker compose up -d
Default credentials: admin@wraith.local / wraith
Development
# Backend
cd backend && npm install && npm run dev
# Frontend
cd frontend && npm install && npm run dev