terminalwire 0.2.5 → 0.3.0.alpha2

data/lib/terminalwire/adapter.rb

@@ -1,53 +0,0 @@
-require 'msgpack'
-
-module Terminalwire::Adapter
-  # Works with Test, TCP, Unix, WebSocket, and other socket-like abstractions.
-  class Socket
-    include Terminalwire::Logging
-
-    attr_reader :transport
-
-    def initialize(transport)
-      @transport = transport
-    end
-
-    def write(data)
-      logger.debug "Adapter: Sending #{data.inspect}"
-      packed_data = MessagePack.pack(data, symbolize_keys: true)
-      @transport.write(packed_data)
-    end
-
-    def read
-      logger.debug "Adapter: Reading"
-      packed_data = @transport.read
-      return nil if packed_data.nil?
-      data = MessagePack.unpack(packed_data, symbolize_keys: true)
-      logger.debug "Adapter: Received #{data.inspect}"
-      data
-    end
-
-    def close
-      @transport.close
-    end
-  end
-
-  # This is a test adapter that can be used for testing purposes.
-  class Test
-    attr_reader :responses
-
-    def initialize(responses = [])
-      @responses = responses
-    end
-
-    def write(**data)
-      @responses << data
-    end
-
-    def response
-      @responses.pop
-    end
-
-    def close
-    end
-  end
-end

data/lib/terminalwire/cache.rb

@@ -1,114 +0,0 @@
-require "pathname"
-require "msgpack"
-require "base64"
-require "time"
-require "fileutils"
-
-# Caches used on the client side for licesens, HTTP requests, etc.
-module Terminalwire::Cache
-  module File
-    # Hoist the File class to avoid conflicts with the standard library.
-    File = ::File
-
-    class Store
-      include Enumerable
-
-      def initialize(path:)
-        @path = Pathname.new(path).expand_path
-        FileUtils.mkdir_p(@path) unless @path.directory?
-      end
-
-      def entry(key)
-        Entry.new(path: @path.join(Entry.key_path(key)))
-      end
-      alias :[] :entry
-
-      def evict
-        each(&:evict)
-      end
-
-      def destroy
-        each(&:destroy)
-      end
-
-      def each
-        @path.each_child do |path|
-          yield Entry.new(path:)
-        end
-      end
-    end
-
-    class Entry
-      VERSION = "1.0"
-
-      def self.key_path(value)
-        Base64.urlsafe_encode64(value)
-      end
-
-      attr_accessor :value, :expires
-
-      def initialize(path:)
-        @path = path
-        deserialize if persisted?
-      end
-
-      def nil?
-        @value.nil?
-      end
-
-      def present?
-        not nil?
-      end
-
-      def persisted?
-        File.exist? @path
-      end
-
-      def expired?(time: Time.now)
-        @expires && @expires < time.utc
-      end
-
-      def fresh?(...)
-        not expired?(...)
-      end
-
-      def hit?
-        persisted? and fresh?
-      end
-
-      def miss?
-        not hit?
-      end
-
-      def save
-        File.write @path, serialize
-      end
-
-      def evict
-        destroy if expired?
-      end
-
-      def deserialize
-        case MessagePack.unpack(File.read(@path), symbolize_keys: true)
-        in { value:, expires:, version: VERSION }
-          @value = value
-          @expires = Time.parse(expires).utc if expires
-        end
-      end
-
-      def destroy
-        File.delete(@path)
-      end
-
-      private
-
-      def serialize
-        MessagePack.pack(
-          value: @value,
-          expires: @expires&.utc&.iso8601,
-          version: VERSION
-        )
-      end
-    end
-  end
-end

data/lib/terminalwire/client/entitlement/environment_variables.rb

@@ -1,26 +0,0 @@
-module Terminalwire::Client::Entitlement
-  # ENV vars that the server can access on the client.
-  class EnvironmentVariables
-    include Enumerable
-
-    def initialize
-      @permitted = Set.new
-    end
-
-    def each(&)
-      @permitted.each(&)
-    end
-
-    def permit(variable)
-      @permitted << variable.to_s
-    end
-
-    def permitted?(key)
-      include? key.to_s
-    end
-
-    def serialize
-      map { |name| { name: } }
-    end
-  end
-end

data/lib/terminalwire/client/entitlement/paths.rb

@@ -1,97 +0,0 @@
-module Terminalwire::Client::Entitlement
-  # A list of paths and permissions that server has to write on the client workstation.
-  class Paths
-    class Permit
-      attr_reader :path, :mode
-      # Ensure the default file mode is read/write for owner only. This ensures
-      # that if the server tries uploading an executable file, it won't be when it
-      # lands on the client.
-      #
-      # Eventually we'll move this into entitlements so the client can set maximum
-      # permissions for files and directories.
-      MODE = 0o600 # rw-------
-
-      # Constants for permission bit masks
-      OWNER_PERMISSIONS = 0o700 # rwx------
-      GROUP_PERMISSIONS = 0o070 # ---rwx---
-      OTHERS_PERMISSIONS = 0o007 # ------rwx
-
-      # We'll validate that modes are within this range.
-      MODE_RANGE = 0o000..0o777
-
-      def initialize(path:, mode: MODE)
-        @path = Pathname.new(path)
-        @mode = convert(mode)
-      end
-
-      def permitted_path?(path)
-        # This MUST be done via File.fnmatch because Pathname#fnmatch does not work. If you
-        # try changing this 🚨 YOU MAY CIRCUMVENT THE SECURITY MEASURES IN PLACE. 🚨
-        File.fnmatch @path.to_s, path.to_s, File::FNM_PATHNAME
-      end
-
-      def permitted_mode?(value)
-        # Ensure the mode is at least as permissive as the permitted mode.
-        mode = convert(value)
-
-        # Extract permission bits for owner, group, and others
-        owner_bits = mode & OWNER_PERMISSIONS
-        group_bits = mode & GROUP_PERMISSIONS
-        others_bits = mode & OTHERS_PERMISSIONS
-
-        # Ensure that the mode doesn't grant more permissions than @mode in any class (owner, group, others)
-        (owner_bits <= @mode & OWNER_PERMISSIONS) &&
-        (group_bits <= @mode & GROUP_PERMISSIONS) &&
-        (others_bits <= @mode & OTHERS_PERMISSIONS)
-      end
-
-      def permitted?(path:, mode: @mode)
-        permitted_path?(path) && permitted_mode?(mode)
-      end
-
-      def serialize
-        {
-          location: @path.to_s,
-          mode: @mode
-        }
-      end
-
-      protected
-      def convert(value)
-        mode = Integer(value)
-        raise ArgumentError, "The mode #{format_octet value} must be an octet value between #{format_octet MODE_RANGE.first} and #{format_octet MODE_RANGE.last}" unless MODE_RANGE.cover?(mode)
-        mode
-      end
-
-      def format_octet(value)
-        format("0o%03o", value)
-      end
-    end
-
-    include Enumerable
-
-    def initialize
-      @permitted = []
-    end
-
-    def each(&)
-      @permitted.each(&)
-    end
-
-    def permit(path, **)
-      @permitted.append Permit.new(path:, **)
-    end
-
-    def permitted?(path, mode: nil)
-      if mode
-        find { |it| it.permitted_path?(path) and it.permitted_mode?(mode) }
-      else
-        find { |it| it.permitted_path?(path) }
-      end
-    end
-
-    def serialize
-      map(&:serialize)
-    end
-  end
-end

data/lib/terminalwire/client/entitlement/policy.rb

@@ -1,117 +0,0 @@
-module Terminalwire::Client::Entitlement
-  module Policy
-    # A policy has the authority, paths, and schemes that the server is allowed to access.
-    class Base
-      attr_reader :paths, :authority, :schemes, :environment_variables
-
-      def initialize(authority:)
-        @authority = authority
-        @paths = Paths.new
-
-        # Permit the domain directory. This is necessary for basic operation of the client.
-        @paths.permit storage_path
-        @paths.permit storage_pattern
-
-        @schemes = Schemes.new
-        # Permit http & https by default.
-        @schemes.permit "http"
-        @schemes.permit "https"
-
-        @environment_variables = EnvironmentVariables.new
-        # Permit the HOME and TERMINALWIRE_HOME environment variables.
-        @environment_variables.permit "TERMINALWIRE_HOME"
-      end
-
-      def root_path
-        # TODO: This needs to be passed into the Policy so that it can be set by the client.
-        Terminalwire::Client.root_path
-      end
-
-      def authority_path
-        root_path.join("authorities/#{authority}")
-      end
-
-      def storage_path
-        authority_path.join("storage")
-      end
-
-      def storage_pattern
-        storage_path.join("**/*")
-      end
-
-      def serialize
-        {
-          authority: @authority,
-          schemes: @schemes.serialize,
-          paths: @paths.serialize,
-          environment_variables: @environment_variables.serialize
-        }
-      end
-    end
-
-    class Root < Base
-      AUTHORITY = "terminalwire.com".freeze
-
-      # Terminalwire checks these to install the binary stubs path.
-      SHELL_INITIALIZATION_FILE_PATHS = %w[
-        ~/.bash_profile
-        ~/.bashrc
-        ~/.zprofile
-        ~/.zshrc
-        ~/.profile
-        ~/.config/fish/config.fish
-        ~/.bash_login
-        ~/.cshrc
-        ~/.tcshrc
-      ].freeze
-
-      # Ensure the binary stubs are executable. This increases the
-      # file mode entitlement so that stubs created in ./bin are executable.
-      BINARY_PATH_FILE_MODE = 0o755
-
-      def initialize(*, **, &)
-        # Make damn sure the authority is set to Terminalwire.
-        super(*, authority: AUTHORITY, **, &)
-
-        # Now setup special permitted paths.
-        @paths.permit root_path
-        @paths.permit root_pattern
-        # Permit the dotfiles so terminalwire can install the binary stubs.
-        SHELL_INITIALIZATION_FILE_PATHS.each do |path|
-          @paths.permit path
-        end
-
-        # Permit terminalwire to grant execute permissions to the binary stubs.
-        @paths.permit binary_pattern, mode: BINARY_PATH_FILE_MODE
-
-        # Used to check if terminalwire is setup in the user's PATH environment variable.
-        @environment_variables.permit "PATH"
-      end
-
-      # Grant access to the `~/.terminalwire/**/*` path so users can install
-      # terminalwire apps via `terminalwire install svbtle`, etc.
-      def root_pattern
-        root_path.join("**/*").freeze
-      end
-
-      # Path where the terminalwire binary stubs are stored.
-      def binary_path
-        root_path.join("bin").freeze
-      end
-
-      # Pattern for the binary path.
-      def binary_pattern
-        binary_path.join("*").freeze
-      end
-    end
-
-    def self.resolve(*, authority:, **, &)
-      case authority
-      when Policy::Root::AUTHORITY
-        Root.new(*, **, &)
-      else
-        Base.new *, authority:, **, &
-      end
-    end
-  end
-end

data/lib/terminalwire/client/entitlement/schemes.rb

@@ -1,26 +0,0 @@
-module Terminalwire::Client::Entitlement
-  # URLs the server can open on the client.
-  class Schemes
-    include Enumerable
-
-    def initialize
-      @permitted = Set.new
-    end
-
-    def each(&)
-      @permitted.each(&)
-    end
-
-    def permit(scheme)
-      @permitted << scheme.to_s
-    end
-
-    def permitted?(url)
-      include? URI(url).scheme
-    end
-
-    def serialize
-      map { |scheme| { scheme: } }
-    end
-  end
-end

data/lib/terminalwire/client/entitlement.rb

@@ -1,9 +0,0 @@
-require "pathname"
-
-module Terminalwire::Client
-  # Entitlements are the security boundary between the server and the client that lives on the client.
-  # The server might request a file or directory from the client, and the client will check the entitlements
-  # to see if the server is authorized to access the requested resource.
-  module Entitlement
-  end
-end

data/lib/terminalwire/client/exec.rb

@@ -1,44 +0,0 @@
-require "pathname"
-require "yaml"
-require "uri"
-
-module Terminalwire::Client
-  # Called by the `terminalwire-exec` shebang in scripts. This makes it easy for people
-  # to create their own scripts that use Terminalwire that look like this:
-  #
-  # ```sh
-  # #!/usr/bin/env terminalwire-exec
-  # url: "https://terminalwire.com/terminal"
-  # ```
-  #
-  # These files are saved, then `chmod + x` is run on them and they become executable.
-  class Exec
-    attr_reader :arguments, :path, :configuration, :url
-
-    def initialize(path:, arguments:)
-      @arguments = arguments
-      @path = Pathname.new(path)
-      @configuration = YAML.safe_load_file(@path)
-      @url = URI(@configuration.fetch("url"))
-    rescue Errno::ENOENT => e
-      raise Terminalwire::Error, "File not found: #{@path}"
-    rescue URI::InvalidURIError => e
-      raise Terminalwire::Error, "Invalid URI: #{@url}"
-    rescue KeyError => e
-      raise Terminalwire::Error, "Missing key in configuration: #{e}"
-    end
-
-    def start
-      Terminalwire::Client.websocket(url:, arguments:)
-    end
-
-    def self.start
-      case ARGV
-      in path, *arguments
-        new(path:, arguments:).start
-      end
-    rescue NoMatchingPatternError => e
-      raise Terminalwire::Error, "Launched with incorrect arguments: #{ARGV}"
-    end
-  end
-end

data/lib/terminalwire/client/handler.rb

@@ -1,67 +0,0 @@
-module Terminalwire::Client
-  # The handler is the main class that connects to the Terminalwire server and
-  # dispatches messages to the appropriate resources.
-  class Handler
-    VERSION = "0.1.0".freeze
-
-    include Terminalwire::Logging
-
-    attr_reader :adapter, :resources, :endpoint
-    attr_accessor :entitlement
-
-    def initialize(adapter, arguments: ARGV, program_name: $0, endpoint:)
-      @endpoint = endpoint
-      @adapter = adapter
-      @program_arguments = arguments
-      @program_name = program_name
-      @entitlement = Entitlement::Policy.resolve(authority: @endpoint.authority)
-
-      yield self if block_given?
-
-      @resources = Resource::Handler.new do |it|
-        it << Resource::STDOUT.new("stdout", @adapter, entitlement:)
-        it << Resource::STDIN.new("stdin", @adapter, entitlement:)
-        it << Resource::STDERR.new("stderr", @adapter, entitlement:)
-        it << Resource::Browser.new("browser", @adapter, entitlement:)
-        it << Resource::File.new("file", @adapter, entitlement:)
-        it << Resource::Directory.new("directory", @adapter, entitlement:)
-        it << Resource::EnvironmentVariable.new("environment_variable", @adapter, entitlement:)
-      end
-    end
-
-    def verify_license
-      # Connect to the Terminalwire license server to verify the URL endpoint
-      # and displays a message to the user, if any are present.
-      $stdout.print ServerLicenseVerification.new(url: @endpoint.to_url).message
-    rescue
-      $stderr.puts "Failed to verify server license."
-    end
-
-    def connect
-      verify_license
-
-      @adapter.write(
-        event: "initialization",
-        protocol: { version: VERSION },
-        entitlement: @entitlement.serialize,
-        program: {
-          name: @program_name,
-          arguments: @program_arguments
-        }
-      )
-
-      loop do
-        handle @adapter.read
-      end
-    end
-
-    def handle(message)
-      case message
-      in { event: "resource", action: "command", name:, parameters: }
-        @resources.dispatch(**message)
-      in { event: "exit", status: }
-        exit Integer(status)
-      end
-    end
-  end
-end