@drisp/cli 0.4.5 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{WorkflowInstallWizard-2MC5A7W4.js → WorkflowInstallWizard-X754ND4V.js} +2 -2
- package/dist/athena-gateway.js +5 -3888
- package/dist/chunk-2OJ3GGIP.js +104 -0
- package/dist/{chunk-5VK2ZMVV.js → chunk-A54HGVML.js} +96 -95
- package/dist/{chunk-4CRZXLIP.js → chunk-BTY7MYYT.js} +135 -135
- package/dist/{chunk-PJUDHH4R.js → chunk-K53YMYTG.js} +1049 -812
- package/dist/chunk-MRAM6EYI.js +76 -0
- package/dist/chunk-SHLHZL5F.js +4124 -0
- package/dist/chunk-ZVOGOZNT.js +395 -0
- package/dist/cli.js +1131 -888
- package/dist/dashboard-daemon.js +9 -107
- package/dist/supervisor.js +692 -0
- package/package.json +1 -1
- package/dist/chunk-M44KEGM7.js +0 -173
|
@@ -0,0 +1,76 @@
|
|
|
1
|
+
import {
|
|
2
|
+
isLoopbackHost
|
|
3
|
+
} from "./chunk-BTY7MYYT.js";
|
|
4
|
+
|
|
5
|
+
// src/gateway/auth.ts
|
|
6
|
+
import crypto from "crypto";
|
|
7
|
+
import fs from "fs";
|
|
8
|
+
import path from "path";
|
|
9
|
+
var TOKEN_BYTES = 32;
|
|
10
|
+
function loadOrCreateToken(tokenPath) {
|
|
11
|
+
try {
|
|
12
|
+
const buf = fs.readFileSync(tokenPath);
|
|
13
|
+
const text = buf.toString("utf-8").trim();
|
|
14
|
+
if (text.length >= 16) return text;
|
|
15
|
+
} catch (err) {
|
|
16
|
+
const code = err.code;
|
|
17
|
+
if (code !== "ENOENT") throw err;
|
|
18
|
+
}
|
|
19
|
+
return writeNewToken(tokenPath);
|
|
20
|
+
}
|
|
21
|
+
function rotateGatewayToken(tokenPath) {
|
|
22
|
+
return writeNewToken(tokenPath);
|
|
23
|
+
}
|
|
24
|
+
function writeNewToken(tokenPath) {
|
|
25
|
+
const dir = path.dirname(tokenPath);
|
|
26
|
+
fs.mkdirSync(dir, { recursive: true, mode: 448 });
|
|
27
|
+
const token = crypto.randomBytes(TOKEN_BYTES).toString("base64url");
|
|
28
|
+
const tmpPath = `${tokenPath}.tmp-${process.pid}-${crypto.randomBytes(4).toString("hex")}`;
|
|
29
|
+
fs.writeFileSync(tmpPath, token + "\n", { mode: 384 });
|
|
30
|
+
try {
|
|
31
|
+
fs.renameSync(tmpPath, tokenPath);
|
|
32
|
+
} catch (err) {
|
|
33
|
+
try {
|
|
34
|
+
fs.unlinkSync(tmpPath);
|
|
35
|
+
} catch {
|
|
36
|
+
}
|
|
37
|
+
throw err;
|
|
38
|
+
}
|
|
39
|
+
if (process.platform !== "win32") {
|
|
40
|
+
fs.chmodSync(dir, 448);
|
|
41
|
+
fs.chmodSync(tokenPath, 384);
|
|
42
|
+
}
|
|
43
|
+
return token;
|
|
44
|
+
}
|
|
45
|
+
function timingSafeTokenEqual(a, b) {
|
|
46
|
+
const ab = Buffer.from(a, "utf-8");
|
|
47
|
+
const bb = Buffer.from(b, "utf-8");
|
|
48
|
+
if (ab.length !== bb.length) {
|
|
49
|
+
const filler = Buffer.alloc(Math.max(ab.length, bb.length));
|
|
50
|
+
crypto.timingSafeEqual(filler, filler);
|
|
51
|
+
return false;
|
|
52
|
+
}
|
|
53
|
+
return crypto.timingSafeEqual(ab, bb);
|
|
54
|
+
}
|
|
55
|
+
function requireTokenForBind(spec, token) {
|
|
56
|
+
if (spec.kind === "uds" || isLoopbackHost(spec.host)) return;
|
|
57
|
+
if (!token || token.length < 16) {
|
|
58
|
+
throw new Error(
|
|
59
|
+
`gateway: refusing to bind ${spec.host}:${spec.port} without token configured`
|
|
60
|
+
);
|
|
61
|
+
}
|
|
62
|
+
if (spec.tls) return;
|
|
63
|
+
if (!spec.insecure) {
|
|
64
|
+
throw new Error(
|
|
65
|
+
`gateway: refusing to bind ${spec.host}:${spec.port} without TLS; pass --tls-cert/--tls-key, or --insecure only for trusted reverse-proxy/tunnel deployments`
|
|
66
|
+
);
|
|
67
|
+
}
|
|
68
|
+
}
|
|
69
|
+
|
|
70
|
+
export {
|
|
71
|
+
loadOrCreateToken,
|
|
72
|
+
rotateGatewayToken,
|
|
73
|
+
timingSafeTokenEqual,
|
|
74
|
+
requireTokenForBind
|
|
75
|
+
};
|
|
76
|
+
//# sourceMappingURL=chunk-MRAM6EYI.js.map
|