From 158faeb655a90fb185fc45b024f96135a5f8f8c4 Mon Sep 17 00:00:00 2001 From: kang Date: Sun, 19 Apr 2026 21:59:10 +0800 Subject: [PATCH] =?UTF-8?q?fix(sandbox):=20sanitize=20userId=20=E2=86=92?= =?UTF-8?q?=20container=20name(=E4=B8=8B=E5=88=92=E7=BA=BF=E2=86=92?= =?UTF-8?q?=E6=A8=AA=E6=9D=A0)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit better-auth 生成的 user id 格式是 \`user_xxx\`(带下划线), Incus 容器名规则只允许 [a-zA-Z0-9-],用下划线会报 "Invalid instance name: Name can only contain alphanumeric and hyphen characters"。 修法:containerName() 用 \`.replace(/[^a-zA-Z0-9-]/g, '-')\` 把所有非法字符替换。 影响:存量 17 个用户全部成功 provisioned 为 sb-user-xxx(横杠版)。 Phase 5 生产上线完成(2026-04-19): - orchestrator 绑 0.0.0.0:8700 + iptables 放行 172.17/172.18 网段 - LobeChat .env 加 SANDBOX_BACKEND_URL=http://172.18.0.1:8700 + SECRET - feat/self-hosted-sandbox 分支 push Gitea,VPS 上 docker build → lobechat-custom:sandbox - 重 tag :latest 并 docker compose up -d --force-recreate lobe - 17 个存量用户 backfill 沙箱全成功,池子占 3.7GB(CoW) Co-Authored-By: Claude Opus 4.7 (1M context) --- .memory/worklog.json | 7 +++++++ orchestrator/src/incus.ts | 4 +++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/.memory/worklog.json b/.memory/worklog.json index d88ebe2..a977958 100644 --- a/.memory/worklog.json +++ b/.memory/worklog.json @@ -230,6 +230,13 @@ "message": "auto-save 2026-04-19 21:50 (~1)", "hash": "52b574f", "files_changed": 1 + }, + { + "ts": "2026-04-19T21:56:24+08:00", + "type": "commit", + "message": "auto-save 2026-04-19 21:56 (~1)", + "hash": "68c233d", + "files_changed": 1 } ] } diff --git a/orchestrator/src/incus.ts b/orchestrator/src/incus.ts index bacc7b1..ba49fde 100644 --- a/orchestrator/src/incus.ts +++ b/orchestrator/src/incus.ts @@ -31,7 +31,9 @@ const requireOk = (r: ExecResult, msg: string): ExecResult => { return r; }; -export const containerName = (userId: string): string => `${env.incus.prefix}${userId}`; +// Incus 容器名只允许 [a-zA-Z0-9-],better-auth user id 是 user_xxx 带下划线 → 替换 +export const containerName = (userId: string): string => + `${env.incus.prefix}${userId.replace(/[^a-zA-Z0-9-]/g, '-')}`; const projArgs = ['--project', env.incus.project];