terminalwire 0.1.1 → 0.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9fec6bb413813bdaa761403bca8fcaebb92b884a448cfe3b5cba7fc56e3589b0
-  data.tar.gz: 319498815fe666a7266f1dcfd2648af1e15477f7f42f22cd8661f2c42bda45c9
+  metadata.gz: 8eacca5d9e410385fee49a9115cdc9d92ac1276b0666af88b8c343f11306a05f
+  data.tar.gz: c94050aef56399743f202c13c3813bb66a05cfffd2333ea9431bccded43234f2
 SHA512:
-  metadata.gz: bbc8104d13cd4acf420c0c5873b4f1df0749ea94768c91a9ceb6100d34c9fe6da0cd62bf4bb717a5c5e5fdc4f3d7395db0a0cd44b5d88cb1e18006dab6c3f791
-  data.tar.gz: daeeb21577a26536a4daad6c61b07f1b6a96a23ea52adfbc4eb25881b2948a1010f81ffc6b4958eb92befc0bae348b18cbecf4aeecea813c0b84b18ea0e33ace
+  metadata.gz: 2a25a33121a603fdcb11c5c664d17772f999d4a379379390ad578ed434fa75428f45deda6d2023e490ecf2bedfad61cf58a9fd4d7c880e17fff714978075159c
+  data.tar.gz: 76e5bf2edd88ad0ca092328514ebce7bc22ee64ff13aa4ebf83c77319849fe2564515cc89bf27364f3135ca2456143869066ca6eaef70daae15dabedb006b3e3

data/exe/terminalwire-exec

@@ -2,7 +2,7 @@
 require_relative "../lib/terminalwire.rb"
 
 begin
-  Terminalwire::Client::Binary.execute
+  Terminalwire::Client::Exec.start
 rescue Terminalwire::Error => e
   puts e.message
   exit 1

data/lib/generators/terminalwire/install/install_generator.rb

@@ -17,7 +17,7 @@ class Terminalwire::InstallGenerator < Rails::Generators::Base
   def add_route
     route <<~ROUTE
       match "/terminal",
-        to: Terminalwire::WebSocket::ThorServer.new(ApplicationTerminal),
+        to: Terminalwire::Server::Thor.new(ApplicationTerminal),
         via: [:get, :connect]
     ROUTE
   end

data/lib/generators/terminalwire/install/templates/application_terminal.rb.tt

@@ -15,7 +15,7 @@ class ApplicationTerminal < Thor
     email = gets
 
     print "Password: "
-    password = getch
+    password = getpass
 
     if self.current_user = User.authenticate(email, password)
       puts "Successfully logged in as #{user.email}."
@@ -24,9 +24,27 @@ class ApplicationTerminal < Thor
     end
   end
 
+  desc "whoami", "Displays current user information."
+  def whoami
+    if self.current_user
+      puts "Logged in as #{user.email}."
+    else
+      puts "Not logged in. Run `#{self.class.basename} login` to login."
+    end
+  end
+
+  desc "logout", "Logout of your account"
+  def logout
+    session.reset
+    puts "Successfully logged out."
+  end
+
   private
 
   def current_user=(user)
+    # The Session object is a hash-like object that encrypts and signs a hash that's
+    # stored on the client's file sytem. Conceptually, it's similar to Rails signed
+    # and encrypted client-side cookies.
     session["user_id"] = user.id
   end
 

data/lib/terminalwire/adapter.rb

@@ -0,0 +1,32 @@
+require 'msgpack'
+
+module Terminalwire
+  class Adapter
+    include Logging
+
+    attr_reader :transport
+
+    def initialize(transport)
+      @transport = transport
+    end
+
+    def write(data)
+      logger.debug "Adapter: Sending #{data.inspect}"
+      packed_data = MessagePack.pack(data, symbolize_keys: true)
+      @transport.write(packed_data)
+    end
+
+    def recv
+      logger.debug "Adapter: Reading"
+      packed_data = @transport.read
+      return nil if packed_data.nil?
+      data = MessagePack.unpack(packed_data, symbolize_keys: true)
+      logger.debug "Adapter: Received #{data.inspect}"
+      data
+    end
+
+    def close
+      @transport.close
+    end
+  end
+end

data/lib/terminalwire/client/entitlement.rb

@@ -0,0 +1,107 @@
+module Terminalwire::Client
+  class Entitlement
+    class Paths
+      include Enumerable
+
+      def initialize
+        @permitted = []
+      end
+
+      def each(&)
+        @permitted.each(&)
+      end
+
+      def permit(path)
+        @permitted.append Pathname.new(path).expand_path
+      end
+
+      def permitted?(path)
+        @permitted.find { |pattern| matches?(permitted: pattern, path:) }
+      end
+
+      def serialize
+        @permitted.to_a.map(&:to_s)
+      end
+
+      private
+      def matches?(permitted:, path:)
+        # This MUST be done via File.fnmatch because Pathname#fnmatch does not work. If you
+        # try changing this 🚨 YOU MAY CIRCUMVENT THE SECURITY MEASURES IN PLACE. 🚨
+        File.fnmatch permitted.to_s, File.expand_path(path), File::FNM_PATHNAME
+      end
+    end
+
+    class Schemes
+      include Enumerable
+
+      def initialize
+        @permitted = Set.new
+      end
+
+      def each(&)
+        @permitted.each(&)
+      end
+
+      def permit(scheme)
+        @permitted << scheme.to_s
+      end
+
+      def permitted?(url)
+        include? URI(url).scheme
+      end
+
+      def serialize
+        @permitted.to_a.map(&:to_s)
+      end
+    end
+
+    attr_reader :paths, :authority, :schemes
+
+    def initialize(authority:)
+      @authority = authority
+      @paths = Paths.new
+
+      # Permit the domain directory. This is necessary for basic operation of the client.
+      @paths.permit storage_path
+      @paths.permit storage_pattern
+
+      @schemes = Schemes.new
+      # Permit http & https by default.
+      @schemes.permit "http"
+      @schemes.permit "https"
+    end
+
+    def domain_path
+      Pathname.new("~/.terminalwire/authorities/#{@authority}").expand_path
+    end
+
+    def storage_path
+      domain_path.join("storage")
+    end
+
+    def storage_pattern
+      storage_path.join("**/*")
+    end
+
+    def serialize
+      {
+        authority: @authority,
+        schemes: @schemes.serialize,
+        paths: @paths.serialize,
+        storage_path: storage_path.to_s,
+      }
+    end
+
+    def self.from_url(url)
+      # I had to lift this from URI::HTTP because `ws://` doesn't
+      # have an authority method.
+      authority = if url.port == url.default_port
+        url.host
+      else
+        "#{url.host}:#{url.port}"
+      end
+
+      new authority:
+    end
+  end
+end

data/lib/terminalwire/client/{binary.rb → exec.rb}

@@ -3,7 +3,7 @@ require "yaml"
 require "uri"
 
 module Terminalwire::Client
-  class Binary
+  class Exec
     attr_reader :arguments, :path, :configuration, :url
 
     def initialize(path:, arguments:)
@@ -23,7 +23,7 @@ module Terminalwire::Client
       Terminalwire::Client.websocket(url:, arguments:)
     end
 
-    def self.execute
+    def self.start
       case ARGV
       in path, *arguments
         new(path:, arguments:).start

data/lib/terminalwire/client/resource.rb

@@ -0,0 +1,154 @@
+module Terminalwire::Client::Resource
+  # Dispatches messages from the Client::Handler to the appropriate resource.
+  class Handler
+    include Enumerable
+
+    def initialize
+      @resources = {}
+      yield self if block_given?
+    end
+
+    def each(&block)
+      @resources.values.each(&block)
+    end
+
+    def add(resource)
+      # Detect if the resource is already registered and throw an error
+      if @resources.key?(resource.name)
+        raise "Resource #{resource.name} already registered"
+      else
+        @resources[resource.name] = resource
+      end
+    end
+    alias :<< :add
+
+    def dispatch(**message)
+      case message
+      in { event:, action:, name:, command:, parameters: }
+        resource = @resources.fetch(name)
+        resource.command(command, **parameters)
+      end
+    end
+  end
+
+  # Dispatcher, security, and response macros for resources.
+  class Base < Terminalwire::Resource::Base
+    def initialize(*, entitlement:, **)
+      super(*, **)
+      @entitlement = entitlement
+      connect
+    end
+
+    def command(command, **parameters)
+      begin
+        if permit(command, **parameters)
+          succeed self.public_send(command, **parameters)
+        else
+          fail "Client denied #{command}", command:, parameters:
+        end
+      rescue => e
+        fail e.message, command:, parameters:
+        raise
+      end
+    end
+
+    def permit(...)
+      false
+    end
+  end
+
+  class STDOUT < Base
+    def connect
+      @io = $stdout
+    end
+
+    def print(data:)
+      @io.print(data)
+    end
+
+    def print_line(data:)
+      @io.puts(data)
+    end
+
+    def permit(...)
+      true
+    end
+  end
+
+  class STDERR < STDOUT
+    def connect
+      @io = $stderr
+    end
+  end
+
+  class STDIN < Base
+    def connect
+      @io = $stdin
+    end
+
+    def read_line
+      @io.gets
+    end
+
+    def read_password
+      @io.getpass
+    end
+
+    def permit(...)
+      true
+    end
+  end
+
+  class File < Base
+    File = ::File
+
+    # Ensure the default file mode is read/write for owner only. This ensures
+    # that if the server tries uploading an executable file, it won't be when it
+    # lands on the client.
+    #
+    # Eventually we'll move this into entitlements so the client can set maximum
+    # permissions for files and directories.
+    FILE_PERMISSIONS = 0o600 # rw-------
+
+    def read(path:)
+      File.read File.expand_path(path)
+    end
+
+    def write(path:, content:)
+      File.open(File.expand_path(path), "w", FILE_PERMISSIONS) { |f| f.write(content) }
+    end
+
+    def append(path:, content:)
+      File.open(File.expand_path(path), "a", FILE_PERMISSIONS) { |f| f.write(content) }
+    end
+
+    def mkdir(path:)
+      FileUtils.mkdir_p(File.expand_path(path))
+    end
+
+    def delete(path:)
+      File.delete(File.expand_path(path))
+    end
+
+    def exist(path:)
+      File.exist? File.expand_path(path)
+    end
+
+    def permit(command, path:, **)
+      @entitlement.paths.permitted? path
+    end
+  end
+
+  class Browser < Base
+    def permit(command, url:, **)
+      @entitlement.schemes.permitted? url
+    end
+
+    def launch(url:)
+      Launchy.open(URI(url))
+      # TODO: This is a hack to get the `respond` method to work.
+      # Maybe explicitly call a `suceed` and `fail` method?
+      nil
+    end
+  end
+end

data/lib/terminalwire/client.rb

@@ -1,199 +1,76 @@
+require 'fileutils'
+require 'launchy'
+require 'io/console'
+
 module Terminalwire
   module Client
-    module Resource
-      class IO < Terminalwire::Resource::Base
-        def dispatch(action, data)
-          if @device.respond_to?(action)
-            respond @device.public_send(action, data)
-          else
-            raise "Unknown action #{action} for device ID #{@id}"
-          end
-        end
-      end
-
-      class STDOUT < IO
-        def connect
-          @device = $stdout
-        end
-      end
-
-      class STDIN < IO
-        def connect
-          @device = $stdin
-        end
-
-        def dispatch(action, data)
-          respond case action
-          when "puts"
-            @device.puts(data)
-          when "gets"
-            @device.gets
-          when "getpass"
-            @device.getpass
-          end
-        end
-      end
-
-      class STDERR < IO
-        def connect
-          @device = $stderr
-        end
-      end
-
-      class File < Terminalwire::Resource::Base
-        def connect
-          @files = {}
-        end
-
-        def dispatch(action, data)
-          respond case action
-          when "read"
-            read_file(data)
-          when "write"
-            write_file(data.fetch(:path), data.fetch(:content))
-          when "append"
-            append_to_file(data.fetch(:path), data.fetch(:content))
-          when "mkdir"
-            mkdir(data.fetch(:path))
-          when "exist"
-            exist?(data.fetch(:path))
-          else
-            raise "Unknown action #{action} for file device"
-          end
-        end
-
-        def mkdir(path)
-          FileUtils.mkdir_p(::File.expand_path(path))
-        end
-
-        def exist?(path)
-          ::File.exist? ::File.expand_path(path)
-        end
-
-        def read_file(path)
-          ::File.read ::File.expand_path(path)
-        end
-
-        def write_file(path, content)
-          ::File.open(::File.expand_path(path), "w") { |f| f.write(content) }
-        end
-
-        def append_to_file(path, content)
-          ::File.open(::File.expand_path(path), "a") { |f| f.write(content) }
-        end
-
-        def disconnect
-          @files.clear
-        end
-      end
-
-      class Browser < Terminalwire::Resource::Base
-        def dispatch(action, data)
-          respond case action
-          when "launch"
-            Launchy.open(data)
-            "Launched browser with URL: #{data}"
-          else
-            raise "Unknown action #{action} for browser device"
-          end
-        end
-      end
-    end
-
-    class ResourceMapper
-      def initialize(connection, resources)
-        @connection = connection
-        @resources = resources
-        @devices = Hash.new { |h,k| h[Integer(k)] }
-      end
-
-      def connect_device(id, type)
-        klass = @resources.find(type)
-        if klass
-          device = klass.new(id, @connection)
-          device.connect
-          @devices[id] = device
-          @connection.write(event: "device", action: "connect", status: "success", id: id, type: type)
-        else
-          @connection.write(event: "device", action: "connect", status: "failure", id: id, type: type, message: "Unknown device type")
-        end
-      end
-
-      def dispatch(id, action, data)
-        device = @devices[id]
-        if device
-          device.dispatch(action, data)
-        else
-          raise "Unknown device ID: #{id}"
-        end
-      end
-
-      def disconnect_device(id)
-        device = @devices.delete(id)
-        device&.disconnect
-        @connection.write(event: "device", action: "disconnect", id: id)
-      end
-    end
-
     class Handler
       VERSION = "0.1.0".freeze
 
       include Logging
 
-      attr_reader :arguments, :program_name
+      attr_reader :adapter, :entitlement, :resources
+
+      def initialize(adapter, arguments: ARGV, program_name: $0, entitlement:)
+        @entitlement = entitlement
+        @adapter = adapter
+        @program_arguments = arguments
+        @program_name = program_name
 
-      def initialize(connection, resources = self.class.resources, arguments: ARGV, program_name: $0)
-        @connection = connection
-        @resources = resources
-        @arguments = arguments
+        @resources = Resource::Handler.new do |it|
+          it << Resource::STDOUT.new("stdout", @adapter, entitlement:)
+          it << Resource::STDIN.new("stdin", @adapter, entitlement:)
+          it << Resource::STDERR.new("stderr", @adapter, entitlement:)
+          it << Resource::Browser.new("browser", @adapter, entitlement:)
+          it << Resource::File.new("file", @adapter, entitlement:)
+        end
       end
 
       def connect
-        @devices = ResourceMapper.new(@connection, @resources)
-
-        @connection.write(event: "initialize", protocol: { version: VERSION }, arguments:, program_name:)
+        @adapter.write(event: "initialization",
+         protocol: { version: VERSION },
+         entitlement: @entitlement.serialize,
+         program: {
+           name: @program_name,
+           arguments: @program_arguments
+         })
 
         loop do
-          handle @connection.recv
+          handle @adapter.recv
         end
       end
 
       def handle(message)
         case message
-        in { event: "device", action: "connect", id:, type: }
-          @devices.connect_device(id, type)
-        in { event: "device", action: "command", id:, command:, data: }
-          @devices.dispatch(id, command, data)
-        in { event: "device", action: "disconnect", id: }
-          @devices.disconnect_device(id)
+        in { event: "resource", action: "command", name:, parameters: }
+          @resources.dispatch(**message)
         in { event: "exit", status: }
           exit Integer(status)
         end
       end
-
-      def self.resources
-        ResourceRegistry.new.tap do |resources|
-          resources << Client::Resource::STDOUT
-          resources << Client::Resource::STDIN
-          resources << Client::Resource::STDERR
-          resources << Client::Resource::Browser
-          resources << Client::Resource::File
-        end
-      end
     end
 
     def self.tcp(...)
       socket = TCPSocket.new(...)
       transport = Terminalwire::Transport::Socket.new(socket)
-      connection = Terminalwire::Connection.new(transport)
-      Terminalwire::Client::Handler.new(connection)
+      adapter = Terminalwire::Adapter.new(transport)
+      Terminalwire::Client::Handler.new(adapter)
     end
 
     def self.socket(...)
       socket = UNIXSocket.new(...)
       transport = Terminalwire::Transport::Socket.new(socket)
-      connection = Terminalwire::Connection.new(transport)
-      Terminalwire::Client::Handler.new(connection)
+      adapter = Terminalwire::Adapter.new(transport)
+      Terminalwire::Client::Handler.new(adapter)
+    end
+
+    # Extracted from HTTP. This is so we can
+    def self.authority(url)
+      if url.port == url.default_port
+        url.host
+      else
+        "#{url.host}:#{url.port}"
+      end
     end
 
     def self.websocket(url:, arguments: ARGV)
@@ -202,10 +79,11 @@ module Terminalwire
       Async do |task|
         endpoint = Async::HTTP::Endpoint.parse(url)
 
-        Async::WebSocket::Client.connect(endpoint) do |connection|
-          transport = Terminalwire::Transport::WebSocket.new(connection)
-          connection = Terminalwire::Connection.new(transport)
-          Terminalwire::Client::Handler.new(connection, arguments:).connect
+        Async::WebSocket::Client.connect(endpoint) do |adapter|
+          transport = Terminalwire::Transport::WebSocket.new(adapter)
+          adapter = Terminalwire::Adapter.new(transport)
+          entitlement = Entitlement.from_url(url)
+          Terminalwire::Client::Handler.new(adapter, arguments:, entitlement:).connect
         end
       end
     end

data/lib/terminalwire/logging.rb

@@ -0,0 +1,8 @@
+require 'logger'
+
+module Terminalwire
+  module Logging
+    DEVICE = Logger.new($stdout, level: ENV.fetch("LOG_LEVEL", "info"))
+    def logger = DEVICE
+  end
+end