9remote 0.1.64 → 2.0.1

package/lib/constants.js

@@ -0,0 +1,64 @@
+import dns from "dns";
+
+// Bypass broken macOS system DNS resolver for long hostnames (e.g. trycloudflare).
+// Skip localhost/IP to avoid slow/hanging DNS resolve on Windows.
+const _originalLookup = dns.lookup;
+const IP_REGEX = /^(\d{1,3}\.){3}\d{1,3}$|^::1$|^[0-9a-f:]+$/i;
+dns.lookup = (hostname, options, cb) => {
+  if (typeof options === "function") { cb = options; options = {}; }
+  if (hostname === "localhost" || IP_REGEX.test(hostname)) {
+    return _originalLookup(hostname, options, cb);
+  }
+  dns.resolve4(hostname, (err, addrs) => {
+    if (err) return _originalLookup(hostname, options, cb);
+    if (options.all) {
+      cb(null, addrs.map(a => ({ address: a, family: 4 })));
+    } else {
+      cb(null, addrs[0], 4);
+    }
+  });
+};
+
+/**
+ * Shared constants for agent server + CLI
+ */
+
+// Connection step states (UI progress tracking)
+export const STEP = {
+  STOPPED: 0,
+  PREPARING: 1,
+  CONNECTING: 2,
+  TUNNELING: 3,
+  VERIFYING: 4,
+  READY: 5,
+};
+
+// Debug flags — toggle diagnostic displays without touching logic
+export const DEBUG = {
+  showTunnelUrlInMenu: false,
+};
+
+// macOS permission poll — TCC has no change event, so we poll periodically.
+// Fast cadence kicks in right after user clicks "Grant" so UI reflects the toggle quickly.
+export const PERMISSION_POLL_MS = 5000;
+export const PERMISSION_POLL_FAST_MS = 1000;
+export const PERMISSION_POLL_FAST_DURATION = 60000;
+
+// Browser-like headers to avoid CDN/firewall blocks
+const BROWSER_HEADERS = {
+  "Accept": "application/json, text/plain, */*",
+  "Accept-Language": "en-US,en;q=0.9",
+  "Cache-Control": "no-cache",
+  "Pragma": "no-cache",
+  "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36",
+};
+
+/**
+ * fetch() wrapper with browser-like headers for external requests
+ */
+export function browserFetch(url, options = {}) {
+  return fetch(url, {
+    ...options,
+    headers: { ...BROWSER_HEADERS, ...options.headers },
+  });
+}

package/lib/deviceApproval.js

@@ -0,0 +1,116 @@
+/**
+ * Device approval manager — persists approved deviceIds to ~/.9remote/approvedDevices.json
+ */
+
+import { readFileSync, writeFileSync, existsSync, mkdirSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+
+const STATE_DIR = join(homedir(), ".9remote");
+const DEVICES_FILE = join(STATE_DIR, "approvedDevices.json");
+
+// deviceId -> { approvedAt }
+let approvedDevices = new Map();
+
+// Pending approval requests: socketId -> { deviceId, ip }
+const pendingApprovals = new Map();
+
+// Rejected devices (RAM only, cleared on restart): deviceId -> { ip, rejectedAt, socketId }
+const rejectedDevices = new Map();
+
+function ensureDir() {
+  if (!existsSync(STATE_DIR)) mkdirSync(STATE_DIR, { recursive: true });
+}
+
+export function loadApprovedDevices() {
+  try {
+    ensureDir();
+    if (existsSync(DEVICES_FILE)) {
+      const data = JSON.parse(readFileSync(DEVICES_FILE, "utf8"));
+      // Migrate from old array format to new map format
+      if (Array.isArray(data)) {
+        approvedDevices = new Map(data.map((id) => [id, { approvedAt: null }]));
+      } else {
+        approvedDevices = new Map(Object.entries(data));
+      }
+    }
+  } catch {
+    approvedDevices = new Map();
+  }
+}
+
+function saveApprovedDevices() {
+  try {
+    ensureDir();
+    writeFileSync(DEVICES_FILE, JSON.stringify(Object.fromEntries(approvedDevices), null, 2));
+  } catch {}
+}
+
+export function isDeviceApproved(deviceId) {
+  if (!deviceId) return false;
+  return approvedDevices.has(deviceId);
+}
+
+export function approveDevice(deviceId) {
+  if (!deviceId) return;
+  approvedDevices.set(deviceId, { approvedAt: new Date().toISOString() });
+  saveApprovedDevices();
+}
+
+export function removeDevice(deviceId) {
+  approvedDevices.delete(deviceId);
+  saveApprovedDevices();
+}
+
+export function getApprovedDevices() {
+  return [...approvedDevices.entries()].map(([id, meta]) => ({ deviceId: id, ...meta }));
+}
+
+// Pending approval queue
+export function addPendingApproval(socketId, data) {
+  pendingApprovals.set(socketId, data);
+}
+
+export function getPendingApproval(socketId) {
+  return pendingApprovals.get(socketId) || null;
+}
+
+export function removePendingApproval(socketId) {
+  pendingApprovals.delete(socketId);
+}
+
+export function isDevicePending(deviceId) {
+  if (!deviceId) return false;
+  for (const data of pendingApprovals.values()) {
+    if (data.deviceId === deviceId) return true;
+  }
+  return false;
+}
+
+export function getAllPendingApprovals() {
+  return [...pendingApprovals.entries()].map(([socketId, data]) => ({ socketId, ...data }));
+}
+
+// Rejected devices (pending re-approval from Clients list)
+export function markDeviceRejected(deviceId, data) {
+  if (!deviceId) return;
+  rejectedDevices.set(deviceId, { ...data, rejectedAt: new Date().toISOString() });
+}
+
+export function isDeviceRejected(deviceId) {
+  if (!deviceId) return false;
+  return rejectedDevices.has(deviceId);
+}
+
+export function updateRejectedSocket(deviceId, socketId, ip) {
+  const entry = rejectedDevices.get(deviceId);
+  if (entry) rejectedDevices.set(deviceId, { ...entry, socketId, ip });
+}
+
+export function getRejectedDevices() {
+  return [...rejectedDevices.entries()].map(([deviceId, meta]) => ({ deviceId, ...meta }));
+}
+
+export function clearRejectedDevice(deviceId) {
+  rejectedDevices.delete(deviceId);
+}

package/lib/router.js

@@ -0,0 +1,134 @@
+/**
+ * Lightweight config-driven HTTP router
+ * - Route table with path, method, handler
+ * - Public route whitelist (bypass localhost check)
+ * - Auto body parsing for POST/PUT
+ */
+
+import { parse } from "url";
+
+function readBody(req) {
+  return new Promise((resolve) => {
+    let body = "";
+    req.on("data", (chunk) => body += chunk);
+    req.on("end", () => resolve(body));
+  });
+}
+
+export function jsonOk(res, data = { ok: true }) {
+  res.setHeader("Content-Type", "application/json");
+  res.writeHead(200);
+  res.end(JSON.stringify(data));
+}
+
+export function jsonErr(res, code, msg) {
+  res.setHeader("Content-Type", "application/json");
+  res.writeHead(code);
+  res.end(JSON.stringify({ error: msg }));
+}
+
+/**
+ * Parse JSON body with error handling, returns parsed object or null
+ */
+export async function parseJsonBody(req, res) {
+  try {
+    const raw = await readBody(req);
+    return JSON.parse(raw || "{}");
+  } catch {
+    jsonErr(res, 400, "Invalid JSON");
+    return null;
+  }
+}
+
+/**
+ * Create router from route config
+ * @param {Array<{path: string, method: string, handler: Function, public?: boolean}>} routes
+ * @param {Object} options
+ * @param {Function} options.fallback - Called when no route matches
+ * @returns {Function} HTTP request handler (req, res) => void
+ */
+export function createRouter(routes, { fallback } = {}) {
+  // Pre-build lookup map: "METHOD:/path" → { handler, public }
+  const exactMap = new Map();
+  const prefixRoutes = [];
+
+  for (const route of routes) {
+    const methods = route.method === "*" ? ["GET", "POST", "PUT", "DELETE"] : [route.method];
+    for (const m of methods) {
+      if (route.path.endsWith("/*")) {
+        prefixRoutes.push({ ...route, prefix: route.path.slice(0, -2), method: m });
+      } else {
+        exactMap.set(`${m}:${route.path}`, route);
+      }
+    }
+  }
+
+  // Collect public paths for fast localhost check
+  const publicExact = new Set();
+  const publicPrefixes = [];
+  for (const route of routes) {
+    if (!route.public) continue;
+    if (route.path.endsWith("/*")) {
+      publicPrefixes.push(route.path.slice(0, -2));
+    } else {
+      publicExact.add(route.path);
+    }
+  }
+
+  function isPublic(pathname) {
+    if (publicExact.has(pathname)) return true;
+    return publicPrefixes.some((p) => pathname.startsWith(p));
+  }
+
+  return async (req, res) => {
+    const parsedUrl = parse(req.url, true);
+    const { pathname, search } = parsedUrl;
+
+    // Localhost guard — block non-public routes from remote/tunnel
+    const isTunnel = !!req.headers["cf-connecting-ip"];
+    const isLocal = req.socket.remoteAddress === "127.0.0.1" || req.socket.remoteAddress === "::1";
+    if (!isPublic(pathname) && (isTunnel || !isLocal)) {
+      jsonErr(res, 403, "Forbidden");
+      return;
+    }
+
+    // Exact match
+    const key = `${req.method}:${pathname}`;
+    const route = exactMap.get(key);
+    if (route) {
+      try {
+        await route.handler(req, res, { pathname, query: parsedUrl.query, search });
+      } catch (err) {
+        console.error("Error:", req.url, err);
+        jsonErr(res, 500, err.message);
+      }
+      return;
+    }
+
+    // Prefix match
+    for (const pr of prefixRoutes) {
+      if ((pr.method === req.method) && pathname.startsWith(pr.prefix)) {
+        try {
+          await pr.handler(req, res, { pathname, query: parsedUrl.query, search });
+        } catch (err) {
+          console.error("Error:", req.url, err);
+          jsonErr(res, 500, err.message);
+        }
+        return;
+      }
+    }
+
+    // Fallback (static files, etc.)
+    if (fallback) {
+      try {
+        await fallback(req, res, { pathname, search });
+      } catch (err) {
+        console.error("Error:", req.url, err);
+        jsonErr(res, 500, err.message);
+      }
+      return;
+    }
+
+    jsonErr(res, 404, "Not found");
+  };
+}

package/lib/socketio.js

@@ -6,7 +6,20 @@ import { homedir } from "os";
 import { setupTerminalSocket } from "../features/terminal/terminalSocket.js";
 import { setupRemoteSocket, checkRemoteAvailable } from "../features/remote/remoteSocket.js";
 import { setupFileExplorerSocket } from "../features/fileExplorer/fileExplorerSocket.js";
-import { trackConnection, untrackConnection, pushUiLog, clearOneTimeKey } from "../index.js";
+import { trackConnection, untrackConnection, pushUiLog, clearOneTimeKey, pushUiEvent, setRemoteAvailable } from "../api/ui.js";
+import {
+  loadApprovedDevices,
+  isDeviceApproved,
+  isDevicePending,
+  approveDevice,
+  addPendingApproval,
+  removePendingApproval,
+  getPendingApproval,
+  markDeviceRejected,
+  isDeviceRejected,
+  updateRejectedSocket,
+  clearRejectedDevice
+} from "./deviceApproval.js";
 
 function loadApiKey() {
   try {
@@ -24,7 +37,106 @@ export function getIO() {
   return ioInstance;
 }
 
+/** Setup features on an approved socket */
+function setupSocketFeatures(socket) {
+  // Clear one-time key if used
+  if (socket.handshake.auth?.tempKey) {
+    pushUiLog("One-time key used \u2014 clearing from UI");
+    clearOneTimeKey();
+  }
+}
+
+/** Approve a pending socket by socketId */
+export function approveSocketDevice(socketId) {
+  const io = ioInstance;
+  if (!io) return false;
+
+  const socket = io.sockets.sockets.get(socketId);
+  const pending = getPendingApproval(socketId);
+  console.log(`[DEBUG-APPROVE] socketId=${socketId}, socketExists=${!!socket}, pendingExists=${!!pending}`);
+  if (!socket || !pending) return false;
+
+  // Save device as approved; clear any prior rejection
+  approveDevice(pending.deviceId);
+  removePendingApproval(socketId);
+  clearRejectedDevice(pending.deviceId);
+
+  // Unlock socket + notify client
+  socket.data.approved = true;
+  console.log(`[DEBUG-APPROVE] Emitting device:approved to ${socketId}`);
+  socket.emit("device:approved");
+
+  // Setup features
+  setupSocketFeatures(socket);
+  pushUiLog(`Device approved: ${pending.deviceId.slice(0, 8)}...`);
+
+  return true;
+}
+
+/** Approve a previously-rejected device by deviceId (from Clients list) */
+export function approveRejectedDevice(deviceId) {
+  const io = ioInstance;
+  if (!io || !deviceId) return false;
+
+  approveDevice(deviceId);
+  clearRejectedDevice(deviceId);
+
+  // Notify any active socket for this device
+  for (const socket of io.sockets.sockets.values()) {
+    if (socket.handshake.auth?.deviceId === deviceId) {
+      socket.data.approved = true;
+      socket.emit("device:approved");
+      setupSocketFeatures(socket);
+    }
+  }
+  pushUiLog(`Device approved from pending: ${deviceId.slice(0, 8)}...`);
+  return true;
+}
+
+/** Disconnect all active sockets belonging to a deviceId (device stays approved) */
+export function disconnectDeviceSockets(deviceId) {
+  const io = ioInstance;
+  if (!io || !deviceId) return 0;
+  let count = 0;
+  for (const socket of io.sockets.sockets.values()) {
+    if (socket.handshake.auth?.deviceId === deviceId) {
+      socket.disconnect(true);
+      count++;
+    }
+  }
+  if (count) pushUiLog(`Disconnected ${count} socket(s) for device ${deviceId.slice(0, 8)}...`);
+  return count;
+}
+
+/** Reject a pending socket by socketId (remember deviceId in RAM as pending) */
+export function rejectSocketDevice(socketId) {
+  const io = ioInstance;
+  if (!io) return false;
+
+  const pending = getPendingApproval(socketId);
+  const socket = io.sockets.sockets.get(socketId);
+  removePendingApproval(socketId);
+
+  // Remember rejection in RAM so it shows up in Clients list as pending
+  if (pending?.deviceId) {
+    markDeviceRejected(pending.deviceId, { ip: pending.ip, socketId });
+  }
+
+  if (socket) {
+    socket.emit("device:rejected");
+    socket.disconnect(true);
+  }
+
+  // Notify UI to refresh pending/approved list
+  pushUiEvent("deviceApproval", { action: "refresh" });
+  pushUiLog(`Device rejected: ${pending?.deviceId?.slice(0, 8) || "unknown"}...`);
+  return true;
+}
+
 export async function setupSocketIO(server) {
+  // Load approved devices from disk
+  loadApprovedDevices();
+
   const io = new Server(server, {
     cors: {
       origin: "*",
@@ -36,41 +148,72 @@ export async function setupSocketIO(server) {
     allowEIO3: true,
     allowUpgrades: true,
     pingTimeout: 60000,
-    pingInterval: 25000
+    pingInterval: 25000,
+    maxHttpBufferSize: 1e8
   });
 
-  // Verify apiKey on every Socket.IO connection
-  // io.use((socket, next) => {
-  //   const serverKey = loadApiKey();
-  //   console.log("🚀 ~ setupSocketIO ~ serverKey:", serverKey)
-  //   // If no key configured yet (first run), allow through
-  //   if (!serverKey) return next();
-  //   const clientKey = socket.handshake.auth?.apiKey;
-  //   console.log("🚀 ~ setupSocketIO ~ clientKey:", clientKey)
-  //   if (clientKey === serverKey) return next();
-  //   next(new Error("unauthorized"));
-  // });
-
   // Check remote availability at startup
-  await checkRemoteAvailable();
+  const hasRemote = await checkRemoteAvailable();
+  setRemoteAvailable(hasRemote);
 
-  // Track connections for UI display + log
+  // Track connections + device approval
   io.on("connection", (socket) => {
     const ip = socket.handshake.headers["x-forwarded-for"] || socket.handshake.address || "unknown";
-    trackConnection(socket.id, ip);
-    pushUiLog(`Client connected: ${ip}`);
-
-    // If client connected using a one-time key, clear it from UI state
-    pushUiLog(`Auth received: tempKey=${socket.handshake.auth?.tempKey ?? "null"}`);
-    if (socket.handshake.auth?.tempKey) {
-      pushUiLog(`One-time key used — clearing from UI`);
-      clearOneTimeKey();
-    }
+    const deviceId = socket.handshake.auth?.deviceId || null;
+
+    // Block all events from unapproved sockets (except device:clientReady)
+    socket.data.approved = false;
+    socket.use((packet, next) => {
+      if (socket.data.approved) return next();
+      const event = packet[0];
+      if (event === "device:clientReady" || event === "disconnect") return next();
+      return next(new Error("Device not approved"));
+    });
+
+    trackConnection(socket.id, ip, deviceId);
+    pushUiLog(`Client connected: ${ip} (device: ${deviceId?.slice(0, 8) || "none"})`);
 
     socket.on("disconnect", (reason) => {
       untrackConnection(socket.id);
+      removePendingApproval(socket.id);
       pushUiLog(`Client disconnected: ${ip} (${reason})`);
     });
+
+    // Check device approval
+    if (deviceId && isDeviceApproved(deviceId)) {
+      // Known device — allow immediately
+      pushUiLog(`Device recognized: ${deviceId.slice(0, 8)}...`);
+      socket.data.approved = true;
+      setupSocketFeatures(socket);
+    } else if (deviceId && isDeviceRejected(deviceId)) {
+      // Previously rejected — keep socket unapproved, no modal, update socketId for later approve
+      updateRejectedSocket(deviceId, socket.id, ip);
+      pushUiLog(`Rejected device reconnected: ${deviceId.slice(0, 8)} — waiting in Clients list`);
+      socket.emit("device:rejected");
+      pushUiEvent("deviceApproval", { action: "refresh" });
+    } else {
+      // Unknown device — hold and request approval
+      pushUiLog(`Unknown device: ${deviceId?.slice(0, 8) || "no-id"} — waiting for approval`);
+      // Skip if same deviceId already pending (client reconnected)
+      if (isDevicePending(deviceId)) {
+        pushUiLog(`Device ${deviceId?.slice(0, 8)} already pending, ignoring duplicate`);
+        socket.disconnect(true);
+        return;
+      }
+
+      addPendingApproval(socket.id, { deviceId, ip });
+
+      // Wait for client to signal ready before emitting approval request
+      socket.once("device:clientReady", () => {
+        socket.emit("device:pendingApproval");
+        pushUiEvent("deviceApproval", {
+          socketId: socket.id,
+          deviceId,
+          ip,
+          action: "pending"
+        });
+      });
+    }
   });
 
   // Setup Terminal + Remote on same root namespace

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "9remote",
-  "version": "0.1.64",
+  "version": "2.0.1",
   "type": "module",
   "description": "Remote terminal access from anywhere",
   "main": "index.js",
@@ -31,18 +31,22 @@
   ],
   "license": "MIT",
   "dependencies": {
+    "@julusian/jpeg-turbo": "^2.3.0",
     "bufferutil": "^4.1.0",
     "chalk": "^5.4.1",
+    "edge-tts-node": "^1.5.7",
     "http-proxy": "^1.18.1",
     "inquirer": "^9.3.8",
     "node-datachannel": "^0.32.1",
     "node-machine-id": "^1.1.12",
+    "node-screenshots": "^0.2.8",
     "ora": "^8.1.1",
     "preact": "^10.26.2",
     "qrcode": "^1.5.4",
     "qrcode-terminal": "^0.12.0",
     "sharp": "^0.33.5",
     "socket.io": "^4.8.3",
+    "systray": "^1.0.5",
     "utf-8-validate": "^6.0.6",
     "web-push": "^3.6.7"
   },
@@ -58,6 +62,7 @@
     "postcss": "^8.5.3",
     "tailwindcss": "^3.4.17",
     "vite": "^6.2.2",
+    "vite-plugin-javascript-obfuscator": "^3.1.0",
     "wait-on": "^9.0.4"
   }
 }