terminalwire 0.2.4 → 0.3.0.alpha1

data/lib/terminalwire/cache.rb

@@ -1,114 +0,0 @@
-require "pathname"
-require "msgpack"
-require "base64"
-require "time"
-require "fileutils"
-
-# Caches used on the client side for licesens, HTTP requests, etc.
-module Terminalwire::Cache
-  module File
-    # Hoist the File class to avoid conflicts with the standard library.
-    File = ::File
-
-    class Store
-      include Enumerable
-
-      def initialize(path:)
-        @path = Pathname.new(path).expand_path
-        FileUtils.mkdir_p(@path) unless @path.directory?
-      end
-
-      def entry(key)
-        Entry.new(path: @path.join(Entry.key_path(key)))
-      end
-      alias :[] :entry
-
-      def evict
-        each(&:evict)
-      end
-
-      def destroy
-        each(&:destroy)
-      end
-
-      def each
-        @path.each_child do |path|
-          yield Entry.new(path:)
-        end
-      end
-    end
-
-    class Entry
-      VERSION = "1.0"
-
-      def self.key_path(value)
-        Base64.urlsafe_encode64(value)
-      end
-
-      attr_accessor :value, :expires
-
-      def initialize(path:)
-        @path = path
-        deserialize if persisted?
-      end
-
-      def nil?
-        @value.nil?
-      end
-
-      def present?
-        not nil?
-      end
-
-      def persisted?
-        File.exist? @path
-      end
-
-      def expired?(time: Time.now)
-        @expires && @expires < time.utc
-      end
-
-      def fresh?(...)
-        not expired?(...)
-      end
-
-      def hit?
-        persisted? and fresh?
-      end
-
-      def miss?
-        not hit?
-      end
-
-      def save
-        File.write @path, serialize
-      end
-
-      def evict
-        destroy if expired?
-      end
-
-      def deserialize
-        case MessagePack.unpack(File.read(@path), symbolize_keys: true)
-        in { value:, expires:, version: VERSION }
-          @value = value
-          @expires = Time.parse(expires).utc if expires
-        end
-      end
-
-      def destroy
-        File.delete(@path)
-      end
-
-      private
-
-      def serialize
-        MessagePack.pack(
-          value: @value,
-          expires: @expires&.utc&.iso8601,
-          version: VERSION
-        )
-      end
-    end
-  end
-end

data/lib/terminalwire/client/entitlement/environment_variables.rb

@@ -1,26 +0,0 @@
-module Terminalwire::Client::Entitlement
-  # ENV vars that the server can access on the client.
-  class EnvironmentVariables
-    include Enumerable
-
-    def initialize
-      @permitted = Set.new
-    end
-
-    def each(&)
-      @permitted.each(&)
-    end
-
-    def permit(variable)
-      @permitted << variable.to_s
-    end
-
-    def permitted?(key)
-      include? key.to_s
-    end
-
-    def serialize
-      map { |name| { name: } }
-    end
-  end
-end

data/lib/terminalwire/client/entitlement/paths.rb

@@ -1,97 +0,0 @@
-module Terminalwire::Client::Entitlement
-  # A list of paths and permissions that server has to write on the client workstation.
-  class Paths
-    class Permit
-      attr_reader :path, :mode
-      # Ensure the default file mode is read/write for owner only. This ensures
-      # that if the server tries uploading an executable file, it won't be when it
-      # lands on the client.
-      #
-      # Eventually we'll move this into entitlements so the client can set maximum
-      # permissions for files and directories.
-      MODE = 0o600 # rw-------
-
-      # Constants for permission bit masks
-      OWNER_PERMISSIONS = 0o700 # rwx------
-      GROUP_PERMISSIONS = 0o070 # ---rwx---
-      OTHERS_PERMISSIONS = 0o007 # ------rwx
-
-      # We'll validate that modes are within this range.
-      MODE_RANGE = 0o000..0o777
-
-      def initialize(path:, mode: MODE)
-        @path = Pathname.new(path)
-        @mode = convert(mode)
-      end
-
-      def permitted_path?(path)
-        # This MUST be done via File.fnmatch because Pathname#fnmatch does not work. If you
-        # try changing this 🚨 YOU MAY CIRCUMVENT THE SECURITY MEASURES IN PLACE. 🚨
-        File.fnmatch @path.to_s, path.to_s, File::FNM_PATHNAME
-      end
-
-      def permitted_mode?(value)
-        # Ensure the mode is at least as permissive as the permitted mode.
-        mode = convert(value)
-
-        # Extract permission bits for owner, group, and others
-        owner_bits = mode & OWNER_PERMISSIONS
-        group_bits = mode & GROUP_PERMISSIONS
-        others_bits = mode & OTHERS_PERMISSIONS
-
-        # Ensure that the mode doesn't grant more permissions than @mode in any class (owner, group, others)
-        (owner_bits <= @mode & OWNER_PERMISSIONS) &&
-        (group_bits <= @mode & GROUP_PERMISSIONS) &&
-        (others_bits <= @mode & OTHERS_PERMISSIONS)
-      end
-
-      def permitted?(path:, mode: @mode)
-        permitted_path?(path) && permitted_mode?(mode)
-      end
-
-      def serialize
-        {
-          location: @path.to_s,
-          mode: @mode
-        }
-      end
-
-      protected
-      def convert(value)
-        mode = Integer(value)
-        raise ArgumentError, "The mode #{format_octet value} must be an octet value between #{format_octet MODE_RANGE.first} and #{format_octet MODE_RANGE.last}" unless MODE_RANGE.cover?(mode)
-        mode
-      end
-
-      def format_octet(value)
-        format("0o%03o", value)
-      end
-    end
-
-    include Enumerable
-
-    def initialize
-      @permitted = []
-    end
-
-    def each(&)
-      @permitted.each(&)
-    end
-
-    def permit(path, **)
-      @permitted.append Permit.new(path:, **)
-    end
-
-    def permitted?(path, mode: nil)
-      if mode
-        find { |it| it.permitted_path?(path) and it.permitted_mode?(mode) }
-      else
-        find { |it| it.permitted_path?(path) }
-      end
-    end
-
-    def serialize
-      map(&:serialize)
-    end
-  end
-end

data/lib/terminalwire/client/entitlement/policy.rb

@@ -1,117 +0,0 @@
-module Terminalwire::Client::Entitlement
-  module Policy
-    # A policy has the authority, paths, and schemes that the server is allowed to access.
-    class Base
-      attr_reader :paths, :authority, :schemes, :environment_variables
-
-      def initialize(authority:)
-        @authority = authority
-        @paths = Paths.new
-
-        # Permit the domain directory. This is necessary for basic operation of the client.
-        @paths.permit storage_path
-        @paths.permit storage_pattern
-
-        @schemes = Schemes.new
-        # Permit http & https by default.
-        @schemes.permit "http"
-        @schemes.permit "https"
-
-        @environment_variables = EnvironmentVariables.new
-        # Permit the HOME and TERMINALWIRE_HOME environment variables.
-        @environment_variables.permit "TERMINALWIRE_HOME"
-      end
-
-      def root_path
-        # TODO: This needs to be passed into the Policy so that it can be set by the client.
-        Terminalwire::Client.root_path
-      end
-
-      def authority_path
-        root_path.join("authorities/#{authority}")
-      end
-
-      def storage_path
-        authority_path.join("storage")
-      end
-
-      def storage_pattern
-        storage_path.join("**/*")
-      end
-
-      def serialize
-        {
-          authority: @authority,
-          schemes: @schemes.serialize,
-          paths: @paths.serialize,
-          environment_variables: @environment_variables.serialize
-        }
-      end
-    end
-
-    class Root < Base
-      AUTHORITY = "terminalwire.com".freeze
-
-      # Terminalwire checks these to install the binary stubs path.
-      SHELL_INITIALIZATION_FILE_PATHS = %w[
-        ~/.bash_profile
-        ~/.bashrc
-        ~/.zprofile
-        ~/.zshrc
-        ~/.profile
-        ~/.config/fish/config.fish
-        ~/.bash_login
-        ~/.cshrc
-        ~/.tcshrc
-      ].freeze
-
-      # Ensure the binary stubs are executable. This increases the
-      # file mode entitlement so that stubs created in ./bin are executable.
-      BINARY_PATH_FILE_MODE = 0o755
-
-      def initialize(*, **, &)
-        # Make damn sure the authority is set to Terminalwire.
-        super(*, authority: AUTHORITY, **, &)
-
-        # Now setup special permitted paths.
-        @paths.permit root_path
-        @paths.permit root_pattern
-        # Permit the dotfiles so terminalwire can install the binary stubs.
-        SHELL_INITIALIZATION_FILE_PATHS.each do |path|
-          @paths.permit path
-        end
-
-        # Permit terminalwire to grant execute permissions to the binary stubs.
-        @paths.permit binary_pattern, mode: BINARY_PATH_FILE_MODE
-
-        # Used to check if terminalwire is setup in the user's PATH environment variable.
-        @environment_variables.permit "PATH"
-      end
-
-      # Grant access to the `~/.terminalwire/**/*` path so users can install
-      # terminalwire apps via `terminalwire install svbtle`, etc.
-      def root_pattern
-        root_path.join("**/*").freeze
-      end
-
-      # Path where the terminalwire binary stubs are stored.
-      def binary_path
-        root_path.join("bin").freeze
-      end
-
-      # Pattern for the binary path.
-      def binary_pattern
-        binary_path.join("*").freeze
-      end
-    end
-
-    def self.resolve(*, authority:, **, &)
-      case authority
-      when Policy::Root::AUTHORITY
-        Root.new(*, **, &)
-      else
-        Base.new *, authority:, **, &
-      end
-    end
-  end
-end

data/lib/terminalwire/client/entitlement/schemes.rb

@@ -1,26 +0,0 @@
-module Terminalwire::Client::Entitlement
-  # URLs the server can open on the client.
-  class Schemes
-    include Enumerable
-
-    def initialize
-      @permitted = Set.new
-    end
-
-    def each(&)
-      @permitted.each(&)
-    end
-
-    def permit(scheme)
-      @permitted << scheme.to_s
-    end
-
-    def permitted?(url)
-      include? URI(url).scheme
-    end
-
-    def serialize
-      map { |scheme| { scheme: } }
-    end
-  end
-end

data/lib/terminalwire/client/entitlement.rb

@@ -1,9 +0,0 @@
-require "pathname"
-
-module Terminalwire::Client
-  # Entitlements are the security boundary between the server and the client that lives on the client.
-  # The server might request a file or directory from the client, and the client will check the entitlements
-  # to see if the server is authorized to access the requested resource.
-  module Entitlement
-  end
-end

data/lib/terminalwire/client/exec.rb

@@ -1,44 +0,0 @@
-require "pathname"
-require "yaml"
-require "uri"
-
-module Terminalwire::Client
-  # Called by the `terminalwire-exec` shebang in scripts. This makes it easy for people
-  # to create their own scripts that use Terminalwire that look like this:
-  #
-  # ```sh
-  # #!/usr/bin/env terminalwire-exec
-  # url: "https://terminalwire.com/terminal"
-  # ```
-  #
-  # These files are saved, then `chmod + x` is run on them and they become executable.
-  class Exec
-    attr_reader :arguments, :path, :configuration, :url
-
-    def initialize(path:, arguments:)
-      @arguments = arguments
-      @path = Pathname.new(path)
-      @configuration = YAML.safe_load_file(@path)
-      @url = URI(@configuration.fetch("url"))
-    rescue Errno::ENOENT => e
-      raise Terminalwire::Error, "File not found: #{@path}"
-    rescue URI::InvalidURIError => e
-      raise Terminalwire::Error, "Invalid URI: #{@url}"
-    rescue KeyError => e
-      raise Terminalwire::Error, "Missing key in configuration: #{e}"
-    end
-
-    def start
-      Terminalwire::Client.websocket(url:, arguments:)
-    end
-
-    def self.start
-      case ARGV
-      in path, *arguments
-        new(path:, arguments:).start
-      end
-    rescue NoMatchingPatternError => e
-      raise Terminalwire::Error, "Launched with incorrect arguments: #{ARGV}"
-    end
-  end
-end

data/lib/terminalwire/client/handler.rb

@@ -1,67 +0,0 @@
-module Terminalwire::Client
-  # The handler is the main class that connects to the Terminalwire server and
-  # dispatches messages to the appropriate resources.
-  class Handler
-    VERSION = "0.1.0".freeze
-
-    include Terminalwire::Logging
-
-    attr_reader :adapter, :resources, :endpoint
-    attr_accessor :entitlement
-
-    def initialize(adapter, arguments: ARGV, program_name: $0, endpoint:)
-      @endpoint = endpoint
-      @adapter = adapter
-      @program_arguments = arguments
-      @program_name = program_name
-      @entitlement = Entitlement::Policy.resolve(authority: @endpoint.authority)
-
-      yield self if block_given?
-
-      @resources = Resource::Handler.new do |it|
-        it << Resource::STDOUT.new("stdout", @adapter, entitlement:)
-        it << Resource::STDIN.new("stdin", @adapter, entitlement:)
-        it << Resource::STDERR.new("stderr", @adapter, entitlement:)
-        it << Resource::Browser.new("browser", @adapter, entitlement:)
-        it << Resource::File.new("file", @adapter, entitlement:)
-        it << Resource::Directory.new("directory", @adapter, entitlement:)
-        it << Resource::EnvironmentVariable.new("environment_variable", @adapter, entitlement:)
-      end
-    end
-
-    def verify_license
-      # Connect to the Terminalwire license server to verify the URL endpoint
-      # and displays a message to the user, if any are present.
-      $stdout.print ServerLicenseVerification.new(url: @endpoint.to_url).message
-    rescue
-      $stderr.puts "Failed to verify server license."
-    end
-
-    def connect
-      verify_license
-
-      @adapter.write(
-        event: "initialization",
-        protocol: { version: VERSION },
-        entitlement: @entitlement.serialize,
-        program: {
-          name: @program_name,
-          arguments: @program_arguments
-        }
-      )
-
-      loop do
-        handle @adapter.read
-      end
-    end
-
-    def handle(message)
-      case message
-      in { event: "resource", action: "command", name:, parameters: }
-        @resources.dispatch(**message)
-      in { event: "exit", status: }
-        exit Integer(status)
-      end
-    end
-  end
-end

data/lib/terminalwire/client/resource.rb

@@ -1,204 +0,0 @@
-require "fileutils"
-require "io/console"
-
-module Terminalwire::Client::Resource
-  # Dispatches messages from the Client::Handler to the appropriate resource.
-  class Handler
-    include Enumerable
-
-    def initialize
-      @resources = {}
-      yield self if block_given?
-    end
-
-    def each(&block)
-      @resources.values.each(&block)
-    end
-
-    def add(resource)
-      # Detect if the resource is already registered and throw an error
-      if @resources.key?(resource.name)
-        raise "Resource #{resource.name} already registered"
-      else
-        @resources[resource.name] = resource
-      end
-    end
-    alias :<< :add
-
-    def dispatch(**message)
-      case message
-      in { event:, action:, name:, command:, parameters: }
-        resource = @resources.fetch(name)
-        resource.command(command, **parameters)
-      end
-    end
-  end
-
-  # Dispatcher, security, and response macros for resources.
-  class Base < Terminalwire::Resource::Base
-    def initialize(*, entitlement:, **)
-      super(*, **)
-      @entitlement = entitlement
-      connect
-    end
-
-    def command(command, **parameters)
-      begin
-        if permit(command, **parameters)
-          succeed self.public_send(command, **parameters)
-        else
-          fail "Client denied #{command}", command:, parameters:
-        end
-      rescue => e
-        fail e.message, command:, parameters:
-        raise
-      end
-    end
-
-    protected
-
-    def permit(...)
-      false
-    end
-  end
-
-  class EnvironmentVariable < Base
-    # Accepts a list of environment variables to permit.
-    def read(name:)
-      ENV[name]
-    end
-
-    # def write(name:, value:)
-    #   ENV[name] = value
-    # end
-
-    protected
-
-    def permit(command, name:, **)
-      @entitlement.environment_variables.permitted? name
-    end
-  end
-
-  class STDOUT < Base
-    def connect
-      @io = $stdout
-    end
-
-    def print(data:)
-      @io.print(data)
-    end
-
-    def print_line(data:)
-      @io.puts(data)
-    end
-
-    protected
-
-    def permit(...)
-      true
-    end
-  end
-
-  class STDERR < STDOUT
-    def connect
-      @io = $stderr
-    end
-  end
-
-  class STDIN < Base
-    def connect
-      @io = $stdin
-    end
-
-    def read_line
-      @io.gets
-    end
-
-    def read_password
-      @io.getpass
-    end
-
-    protected
-
-    def permit(...)
-      true
-    end
-  end
-
-  class File < Base
-    File = ::File
-
-    def read(path:)
-      File.read File.expand_path(path)
-    end
-
-    def write(path:, content:, mode: nil)
-      File.open(File.expand_path(path), "w", mode) { |f| f.write(content) }
-    end
-
-    def append(path:, content:, mode: nil)
-      File.open(File.expand_path(path), "a", mode) { |f| f.write(content) }
-    end
-
-    def delete(path:)
-      File.delete File.expand_path(path)
-    end
-
-    def exist(path:)
-      File.exist? File.expand_path(path)
-    end
-
-    def change_mode(path:, mode:)
-      File.chmod mode, File.expand_path(path)
-    end
-
-    protected
-
-    def permit(command, path:, mode: nil, **)
-      @entitlement.paths.permitted? path, mode:
-    end
-  end
-
-  class Directory < Base
-    File = ::File
-
-    def list(path:)
-      Dir.glob path
-    end
-
-    def create(path:)
-      FileUtils.mkdir_p File.expand_path(path)
-    rescue Errno::EEXIST
-      # Do nothing
-    end
-
-    def exist(path:)
-      Dir.exist? path
-    end
-
-    def delete(path:)
-      Dir.delete path
-    end
-
-    protected
-
-    def permit(command, path:, **)
-      @entitlement.paths.permitted? path
-    end
-  end
-
-  class Browser < Base
-    def launch(url:)
-      Launchy.open(URI(url))
-      # TODO: This is a hack to get the `respond` method to work.
-      # Maybe explicitly call a `suceed` and `fail` method?
-      nil
-    end
-
-    protected
-
-    def permit(command, url:, **)
-      @entitlement.schemes.permitted? url
-    end
-  end
-end