From 569554e7f05f2e67dbb6fc1905b225c9f9a35891 Mon Sep 17 00:00:00 2001 From: usmannasir Date: Mon, 27 Oct 2025 14:25:47 +0500 Subject: [PATCH] Fix VPS API key persistence in CyberPanel database Problem: VPS API keys were generated dynamically but never saved to the database, causing file fix operations to fail with "Invalid token" error. Root Cause: - When CyberPanel runs on VPS, it calls platform's /api/vps/generate-api-key/ - The returned API key was used for scan submission but not persisted - Later file fix operations couldn't validate this API key Solution: - Save VPS API key to ai_scanner_settings table whenever obtained - Modified 4 locations where VPS API key is retrieved: 1. startScan() - Save when initiating a scan 2. getPlatformMonitorUrl() - Save when checking scan status 3. addPaymentMethod() - Save when configuring payment (2 locations) Implementation: - Use get_or_create() to ensure scanner settings exist - Update existing settings if API key is empty or different - Set is_payment_configured=True for VPS accounts (implicit payment) - Continue operation even if saving fails (non-blocking) Result: - VPS API keys are automatically persisted on first use - File fixes work without manual database intervention - All AI Scanner features work seamlessly on VPS instances --- aiScanner/aiScannerManager.py | 40 ++++++++++++++++++++++++++++++++++- aiScanner/views.py | 22 ++++++++++++++++++- 2 files changed, 60 insertions(+), 2 deletions(-) diff --git a/aiScanner/aiScannerManager.py b/aiScanner/aiScannerManager.py index 3e32c1017..420192cc8 100644 --- a/aiScanner/aiScannerManager.py +++ b/aiScanner/aiScannerManager.py @@ -304,11 +304,34 @@ class AIScannerManager: self.logger.writeToFile(f'[AIScannerManager.startScan] VPS eligible for free scans, getting API key for IP: {server_ip}') vps_key_data = self.get_or_create_vps_api_key(server_ip) - + if vps_key_data: vps_api_key = vps_key_data.get('api_key') free_scans_remaining = vps_key_data.get('free_scans_remaining', 0) self.logger.writeToFile(f'[AIScannerManager.startScan] VPS API key obtained, {free_scans_remaining} free scans remaining') + + # Save VPS API key to database for future operations (file fixes, etc.) + try: + scanner_settings, created = AIScannerSettings.objects.get_or_create( + admin=admin, + defaults={ + 'api_key': vps_api_key, + 'balance': 0.0000, + 'is_payment_configured': True # VPS accounts have implicit payment + } + ) + + # Update existing settings if API key is different or empty + if not created and (not scanner_settings.api_key or scanner_settings.api_key != vps_api_key): + scanner_settings.api_key = vps_api_key + scanner_settings.is_payment_configured = True + scanner_settings.save() + self.logger.writeToFile(f'[AIScannerManager.startScan] Updated VPS API key in database') + elif created: + self.logger.writeToFile(f'[AIScannerManager.startScan] Saved new VPS API key to database') + except Exception as e: + self.logger.writeToFile(f'[AIScannerManager.startScan] Error saving VPS API key: {str(e)}') + # Continue even if saving fails - scan can still proceed else: self.logger.writeToFile(f'[AIScannerManager.startScan] Failed to get VPS API key') return JsonResponse({'success': False, 'error': 'Failed to authenticate VPS for free scans'}) @@ -492,6 +515,12 @@ class AIScannerManager: if vps_key_data and vps_key_data.get('api_key'): # Use VPS API key for adding payment method api_key_to_use = vps_key_data.get('api_key') + + # Save VPS API key to database + scanner_settings.api_key = api_key_to_use + scanner_settings.is_payment_configured = True + scanner_settings.save() + self.logger.writeToFile(f'[AIScannerManager.addPaymentMethod] Saved VPS API key to database') else: return JsonResponse({'success': False, 'error': 'Failed to authenticate VPS'}) else: @@ -510,6 +539,15 @@ class AIScannerManager: if vps_key_data and vps_key_data.get('api_key'): # Use VPS API key for adding payment method api_key_to_use = vps_key_data.get('api_key') + + # Create scanner settings with VPS API key + AIScannerSettings.objects.create( + admin=admin, + api_key=api_key_to_use, + balance=0.0000, + is_payment_configured=True + ) + self.logger.writeToFile(f'[AIScannerManager.addPaymentMethod] Created new scanner settings with VPS API key') else: return JsonResponse({'success': False, 'error': 'Failed to authenticate VPS'}) else: diff --git a/aiScanner/views.py b/aiScanner/views.py index f6b6373f8..968a434ef 100644 --- a/aiScanner/views.py +++ b/aiScanner/views.py @@ -265,9 +265,29 @@ def getPlatformMonitorUrl(request, scan_id): vps_info.get('free_scans_available', 0) > 0): vps_key_data = sm.get_or_create_vps_api_key(server_ip) - + if vps_key_data and vps_key_data.get('api_key'): api_key = vps_key_data.get('api_key') + + # Save VPS API key to database for future operations + try: + admin = Administrator.objects.get(pk=userID) + scanner_settings, created = AIScannerSettings.objects.get_or_create( + admin=admin, + defaults={ + 'api_key': api_key, + 'balance': 0.0000, + 'is_payment_configured': True + } + ) + + if not created and (not scanner_settings.api_key or scanner_settings.api_key != api_key): + scanner_settings.api_key = api_key + scanner_settings.is_payment_configured = True + scanner_settings.save() + logging.writeToFile(f"[AI Scanner] Updated VPS API key in database") + except Exception as save_error: + logging.writeToFile(f"[AI Scanner] Error saving VPS API key: {str(save_error)}") except Exception as e: pass