terminalwire 0.1.16 → 0.1.17

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 20d25d091ee29d5953cfc70935227461ed75ec3d52c5b4cbff96db9e4b30ea7a
-  data.tar.gz: 80325aea9d946a9050ab4d9a97003186aba8a826e04ccefa23783a6fcfeea4dc
+  metadata.gz: 3ab3f5780e6c3f7f544936130b288676ad60b29ef05944842771bcb3ca51192a
+  data.tar.gz: 4bd9a47eb0541ca81dd53cc19f6bf5ca02e388f22048b1fceaf7ac0f910e557d
 SHA512:
-  metadata.gz: cc79939e4328e469df0a13f5ec34ed0e99c5f7206712a8480916b55005b95fcf544de98884d33f306fcb16a02fa4868aa09f302087e3015c02c80d42c8429a75
-  data.tar.gz: 0e00b629b2ae76adddef05725f2f3fb8b1550e55b513fdd77317a978f2a416a0876af450ac47da4c0ee011fb8239623e37f7887bc0bd627ac2cb258b0779077a
+  metadata.gz: e37f803cf8777f66aa6f8f19cd72fb0ca778e06b1f39a7762b8e3ed74b494dee210f025af65063b6d60321d9d6e9c20fa00b81dcd61b1ca7efd9193a6bf5e310
+  data.tar.gz: 25b6c73db710026062340f779bee11738952bd86efb80bef53f4d92cdef9599e917e85a6d979ee559fa422c3f73b4f8ffd5d7e9d87d81f26a531bab8603c1e68

data/lib/terminalwire/cache.rb

@@ -0,0 +1,113 @@
+require "pathname"
+require "msgpack"
+require "base64"
+require "time"
+require "fileutils"
+
+module Terminalwire::Cache
+  module File
+    # Hoist the File class to avoid conflicts with the standard library.
+    File = ::File
+
+    class Store
+      include Enumerable
+
+      def initialize(path:)
+        @path = Pathname.new(path).expand_path
+        FileUtils.mkdir_p(@path) unless @path.directory?
+      end
+
+      def entry(key)
+        Entry.new(path: @path.join(Entry.key_path(key)))
+      end
+      alias :[] :entry
+
+      def evict
+        each(&:evict)
+      end
+
+      def destroy
+        each(&:destroy)
+      end
+
+      def each
+        @path.each_child do |path|
+          yield Entry.new(path:)
+        end
+      end
+    end
+
+    class Entry
+      VERSION = "1.0"
+
+      def self.key_path(value)
+        Base64.urlsafe_encode64(value)
+      end
+
+      attr_accessor :value, :expires
+
+      def initialize(path:)
+        @path = path
+        deserialize if persisted?
+      end
+
+      def nil?
+        @value.nil?
+      end
+
+      def present?
+        not nil?
+      end
+
+      def persisted?
+        File.exist? @path
+      end
+
+      def expired?(time: Time.now)
+        @expires && @expires < time.utc
+      end
+
+      def fresh?(...)
+        not expired?(...)
+      end
+
+      def hit?
+        persisted? and fresh?
+      end
+
+      def miss?
+        not hit?
+      end
+
+      def save
+        File.write @path, serialize
+      end
+
+      def evict
+        destroy if expired?
+      end
+
+      def deserialize
+        case MessagePack.unpack(File.read(@path), symbolize_keys: true)
+        in { value:, expires:, version: VERSION }
+          @value = value
+          @expires = Time.parse(expires).utc if expires
+        end
+      end
+
+      def destroy
+        File.delete(@path)
+      end
+
+      private
+
+      def serialize
+        MessagePack.pack(
+          value: @value,
+          expires: @expires&.utc&.iso8601,
+          version: VERSION
+        )
+      end
+    end
+  end
+end

data/lib/terminalwire/client/entitlement.rb

@@ -167,7 +167,7 @@ module Terminalwire::Client
     end
 
     class RootPolicy < Policy
-      HOST = "terminalwire.com".freeze
+      AUTHORITY = "terminalwire.com".freeze
 
       # Ensure the binary stubs are executable. This increases the
       # file mode entitlement so that stubs created in ./bin are executable.
@@ -175,7 +175,7 @@ module Terminalwire::Client
 
       def initialize(*, **, &)
         # Make damn sure the authority is set to Terminalwire.
-        super(*, authority: HOST, **, &)
+        super(*, authority: AUTHORITY, **, &)
 
         # Now setup special permitted paths.
         @paths.permit root_path
@@ -202,24 +202,12 @@ module Terminalwire::Client
       end
     end
 
-    def self.from_url(url)
-      url = URI(url)
-
-      case url.host
-      when RootPolicy::HOST
-        RootPolicy.new
-      else
-        Policy.new authority: url_authority(url)
-      end
-    end
-
-    def self.url_authority(url)
-      # I had to lift this from URI::HTTP because `ws://` doesn't
-      # have an authority method.
-      if url.port == url.default_port
-        url.host
+    def self.resolve(*, authority:, **, &)
+      case authority
+      when RootPolicy::AUTHORITY
+        RootPolicy.new(*, **, &)
       else
-        "#{url.host}:#{url.port}"
+        Policy.new *, authority:, **, &
       end
     end
   end

data/lib/terminalwire/client/server_license_verification.rb

@@ -0,0 +1,74 @@
+require "async/http/internet"
+require "base64"
+require "uri"
+require "fileutils"
+
+module Terminalwire
+  module Client
+    class ServerLicenseVerification
+      include Logging
+
+      def initialize(url:)
+        @url = URI(url)
+        @internet = Async::HTTP::Internet.new
+        @cache_store = Terminalwire::Cache::File::Store.new(path: "~/.terminalwire/cache/licenses/verifications")
+      end
+
+      def key
+        Base64.urlsafe_encode64 @url
+      end
+
+      def cache = @cache_store.entry key
+
+      def payload
+        if cache.miss?
+          logger.debug "Stale verification. Requesting new verification."
+          request do |response|
+            # Set the expiry on the file cache for the header.
+            if max_age = response.headers["cache-control"].max_age
+              logger.debug "Caching for #{max_age}"
+              cache.expires = Time.now + max_age
+            end
+
+            # Process based on the response code.
+            case response.status
+            in 200
+              logger.debug "License for #{@url} found."
+              data = self.class.unpack response.read
+              cache.value = data
+              return data
+            in 404
+              logger.debug "License for #{@url} not found."
+              return self.class.unpack response.read
+            end
+          end
+        else
+          return cache.value
+        end
+      end
+
+      def message
+        payload.dig(:shell, :output)
+      end
+
+      protected
+
+      def verification_url
+        Terminalwire.url
+          .path("/licenses/verifications", key)
+      end
+
+      def request(&)
+        logger.debug "Requesting license verification from #{verification_url}."
+        response = @internet.get verification_url, {
+          "Accept" => "application/x-msgpack",
+          "User-Agent" => "Terminalwire/#{Terminalwire::VERSION} Ruby/#{RUBY_VERSION} (#{RUBY_PLATFORM})",
+        }, &
+      end
+
+      def self.unpack(pack)
+        MessagePack.unpack(pack, symbolize_keys: true)
+      end
+    end
+  end
+end

data/lib/terminalwire/client.rb

@@ -9,13 +9,17 @@ module Terminalwire
 
       include Logging
 
-      attr_reader :adapter, :entitlement, :resources
+      attr_reader :adapter, :resources, :endpoint
+      attr_accessor :entitlement
 
-      def initialize(adapter, arguments: ARGV, program_name: $0, entitlement:)
-        @entitlement = entitlement
+      def initialize(adapter, arguments: ARGV, program_name: $0, endpoint:)
+        @endpoint = endpoint
         @adapter = adapter
         @program_arguments = arguments
         @program_name = program_name
+        @entitlement = Entitlement.resolve(authority: @endpoint.authority)
+
+        yield self if block_given?
 
         @resources = Resource::Handler.new do |it|
           it << Resource::STDOUT.new("stdout", @adapter, entitlement:)
@@ -27,7 +31,17 @@ module Terminalwire
         end
       end
 
+      def verify_license
+        # Connect to the Terminalwire license server to verify the URL endpoint
+        # and displays a message to the user, if any are present.
+        $stdout.print Terminalwire::Client::ServerLicenseVerification.new(url: @endpoint.to_url).message
+      rescue
+        $stderr.puts "Failed to verify server license."
+      end
+
       def connect
+        verify_license
+
         @adapter.write(
           event: "initialization",
           protocol: { version: VERSION },
@@ -53,16 +67,7 @@ module Terminalwire
       end
     end
 
-    # Extracted from HTTP. This is so we can
-    def self.authority(url)
-      if url.port == url.default_port
-        url.host
-      else
-        "#{url.host}:#{url.port}"
-      end
-    end
-
-    def self.websocket(url:, arguments: ARGV, entitlement: nil)
+    def self.websocket(url:, arguments: ARGV, &configuration)
       url = URI(url)
 
       Async do |task|
@@ -74,8 +79,7 @@ module Terminalwire
         Async::WebSocket::Client.connect(endpoint) do |adapter|
           transport = Terminalwire::Transport::WebSocket.new(adapter)
           adapter = Terminalwire::Adapter::Socket.new(transport)
-          entitlement ||= Entitlement.from_url(url)
-          Terminalwire::Client::Handler.new(adapter, arguments:, entitlement:).connect
+          Terminalwire::Client::Handler.new(adapter, arguments:, endpoint:, &configuration).connect
         end
       end
     end

data/lib/terminalwire/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Terminalwire
-  VERSION = "0.1.16"
+  VERSION = "0.1.17"
 end

data/lib/terminalwire.rb

@@ -10,15 +10,22 @@ require 'async'
 require 'async/http/endpoint'
 require 'async/websocket/client'
 require 'async/websocket/adapters/rack'
+require 'uri-builder'
 
 module Terminalwire
   class Error < StandardError; end
 
+  # Zeitwerk loader for the Terminalwire gem.
   Loader = Zeitwerk::Loader.for_gem.tap do |loader|
     loader.ignore("#{__dir__}/generators")
     loader.setup
   end
 
+  # Used by Terminalwire client to connect to Terminalire.com for license
+  # validations, etc.
+  TERMINALWIRE_URL = "https://terminalwire.com".freeze
+  def self.url = URI.build(TERMINALWIRE_URL)
+
   module Resource
     class Base
       attr_reader :name, :adapter

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: terminalwire
 version: !ruby/object:Gem::Version
-  version: 0.1.16
+  version: 0.1.17
 platform: ruby
 authors:
 - Brad Gessler
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-10-28 00:00:00.000000000 Z
+date: 2024-11-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: async-websocket
@@ -94,6 +94,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: uri-builder
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.9
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.9
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -161,12 +175,12 @@ files:
 - lib/generators/terminalwire/install/templates/main_terminal.rb
 - lib/terminalwire.rb
 - lib/terminalwire/adapter.rb
-- lib/terminalwire/authority.rb
+- lib/terminalwire/cache.rb
 - lib/terminalwire/client.rb
 - lib/terminalwire/client/entitlement.rb
 - lib/terminalwire/client/exec.rb
 - lib/terminalwire/client/resource.rb
-- lib/terminalwire/licensing.rb
+- lib/terminalwire/client/server_license_verification.rb
 - lib/terminalwire/logging.rb
 - lib/terminalwire/rails.rb
 - lib/terminalwire/server.rb
@@ -199,7 +213,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.16
+rubygems_version: 3.5.3
 signing_key:
 specification_version: 4
 summary: Ship a CLI for your web app. No API required.

data/lib/terminalwire/authority.rb

@@ -1,44 +0,0 @@
-require "uri"
-require "base64"
-
-# Resolves domains into authorities, which are is used for access
-# identity control in Terminalwire.
-class Terminalwire::Authority
-  # Used to seperate path keys in the URL.
-  PATH_SEPERATOR = "/".freeze
-
-  # Used to demark a URL string as authorative.
-  SCHEME = "terminalwire://".freeze
-
-  def initialize(url:)
-    @url = URI(url)
-  end
-
-  # Extracted from HTTP. This is so we can
-  def domain
-    if @url.port == @url.default_port
-      @url.host
-    else
-      "#{url.host}:#{url.port}"
-    end
-  end
-
-  # Make sure there's always a / at the end of the path.
-  def path
-    path_keys.join(PATH_SEPERATOR).prepend(PATH_SEPERATOR)
-  end
-
-  def to_s
-    [SCHEME, domain, path].join
-  end
-
-  def key
-    Base64.urlsafe_encode64(to_s)
-  end
-
-  protected
-
-  def path_keys
-    @url.path.scan(/[^\/]+/)
-  end
-end

data/lib/terminalwire/licensing.rb

@@ -1,187 +0,0 @@
-require "msgpack"
-require "openssl"
-require "base64"
-require "uri"
-
-module Terminalwire::Licensing
-  PRIVATE_KEY_LENGTH = 2048
-
-  def self.generate_private_key
-    OpenSSL::PKey::RSA.new(PRIVATE_KEY_LENGTH)
-  end
-
-  def self.generate_private_pem
-    generate_private_key.to_pem
-  end
-
-  def self.time
-    Time.now.utc
-  end
-
-  # Handles encoding data into a license key with prefixes that can be packed and unpacked.
-  module Key
-    # Mix into classes that need to generate or read keys
-    module Serialization
-      # This is called when the module is included in a class
-      def self.included(base)
-        # Extend the class with the class methods when the module is included
-        base.extend(ClassMethods)
-      end
-
-      def serialize(...)
-        self.class.serialize(...)
-      end
-
-      # Define the class methods that will be available on the including class
-      module ClassMethods
-        def serializer
-          Key::Serializer.new(prefix: self::PREFIX)
-        end
-
-        def serialize(...)
-          serializer.serialize(...)
-        end
-
-        def deserialize(...)
-          serializer.deserialize(...)
-        end
-      end
-    end
-
-    class Serializer
-      attr_reader :prefix
-
-      def initialize(prefix:)
-        @prefix = prefix
-      end
-
-      def serialize(data)
-        prepend_prefix Base64.urlsafe_encode64 MessagePack.pack data
-      end
-
-      def deserialize(data)
-        MessagePack.unpack Base64.urlsafe_decode64 unshift_prefix data
-      end
-
-      protected
-
-      def prepend_prefix(key)
-        [prefix, key].join
-      end
-
-      def unshift_prefix(key)
-        head, prefix, tail = key.partition(@prefix)
-        # Check if partition successfully split the string with the correct prefix
-        raise RuntimeError, "Expected prefix #{@prefix.inspect} on #{key.inspect}" if prefix.empty?
-        tail
-      end
-    end
-  end
-
-  # This code all runs on Terminalwire servers.
-  module Issuer
-    # Generates license keys that developers use to activate their software.
-    class ServerKeyGenerator
-      include Key::Serialization
-
-      PREFIX = "server_key_".freeze
-
-      VERSION = "1.0".freeze
-
-      def initialize(public_key:, license_url:, generated_at: Terminalwire::Licensing.time)
-        @public_key = public_key
-        @license_url = URI(license_url)
-        @generated_at = generated_at
-      end
-
-      def to_h
-        {
-          version: VERSION,
-          generated_at: @generated_at.iso8601,
-          public_key: @public_key.to_pem,
-          license_url: @license_url.to_s
-        }
-      end
-
-      def server_key
-        serialize to_h
-      end
-      alias :to_s :server_key
-    end
-
-    class ClientKeyVerifier
-      # Time variance the server will tolerate from the client.
-      DRIFT_SECONDS = 600 # 600 seconds, or 10 minutes.
-
-      # This means the server will tolerate a 10 minute drift in the generated_at time.
-      def self.drift
-        now = Terminalwire::Licensing.time
-        (now - DRIFT_SECONDS)...(now + DRIFT_SECONDS)
-      end
-
-      def initialize(client_key:, private_key:, drift: self.class.drift)
-        @data = Server::ClientKeyGenerator.deserialize client_key
-        @private_key = private_key
-        @drift = drift
-      end
-
-      def server_attestation
-        @server_attestation ||= decrypt @data.fetch("server_attestation")
-      end
-
-      def decrypt(data)
-        MessagePack.unpack @private_key.private_decrypt Base64.urlsafe_decode64 data
-      end
-
-      def generated_at
-        @generated_at ||= Time.parse(server_attestation.fetch("generated_at"))
-      end
-
-      def valid?
-        @drift.include? generated_at
-      end
-    end
-  end
-
-  # Those code runs on customer servers
-  module Server
-    class ClientKeyGenerator
-      VERSION = "1.0".freeze
-
-      include Key::Serialization
-      PREFIX = "client_key_".freeze
-
-      def initialize(server_key:, generated_at: Terminalwire::Licensing.time)
-        @data = Issuer::ServerKeyGenerator.deserialize server_key
-        @license_url = URI(@data.fetch("license_url"))
-        @generated_at = generated_at
-      end
-
-      def to_h
-        {
-          version: VERSION,
-          license_url: @license_url.to_s,
-          server_attestation: attest(
-            version: VERSION,
-            generated_at: @generated_at.iso8601,
-          )
-        }
-      end
-
-      def client_key
-        serialize to_h
-      end
-      alias :to_s :client_key
-
-      protected
-
-      def attest(data)
-        Base64.urlsafe_encode64 public_key.public_encrypt MessagePack.pack data
-      end
-
-      def public_key
-        @public_key ||= OpenSSL::PKey::RSA.new(@data.fetch("public_key"))
-      end
-    end
-  end
-end