@dynamicu/chromedebug-mcp 2.2.0

package/src/services/profile-manager.js

@@ -0,0 +1,449 @@
+/**
+ * ProfileManager - Chrome Profile Isolation Manager
+ *
+ * Manages isolated Chrome profiles for true session separation.
+ * Each session gets its own completely isolated profile directory
+ * with separate storage, cookies, cache, and settings.
+ *
+ * Key Features:
+ * - UUID-based profile isolation (no data leakage between sessions)
+ * - Secure profile directory validation and cleanup
+ * - Storage quotas and limits to prevent DoS
+ * - Automatic cleanup of orphaned profiles
+ * - Profile lifecycle management with proper resource tracking
+ */
+
+import { promises as fs } from 'fs';
+import path from 'path';
+import os from 'os';
+import { randomUUID } from 'crypto';
+
+export class ProfileManager {
+  constructor(options = {}) {
+    this.profilesDir = options.profilesDir || path.join(os.tmpdir(), 'chrome-pilot-profiles');
+    this.activeProfiles = new Map(); // sessionId -> { profilePath, claudeInstanceId, createdAt, size }
+    this.initialized = false;
+
+    // Security and resource limits
+    this.config = {
+      maxProfileSizeMB: options.maxProfileSizeMB || 500, // 500MB per profile
+      maxTotalProfilesMB: options.maxTotalProfilesMB || 5000, // 5GB total
+      profileCleanupAgeMs: options.profileCleanupAgeMs || 24 * 60 * 60 * 1000, // 24 hours
+      ...options
+    };
+
+    console.log(`[ProfileManager] Initialized with profiles directory: ${this.profilesDir}`);
+  }
+
+  /**
+   * Initializes the profile manager
+   */
+  async initialize() {
+    if (this.initialized) return;
+
+    try {
+      // Create profiles directory if it doesn't exist
+      await fs.mkdir(this.profilesDir, { recursive: true });
+
+      // Clean up any orphaned profiles from previous runs
+      await this.cleanupOrphanedProfiles();
+
+      this.initialized = true;
+      console.log('[ProfileManager] Initialized successfully');
+    } catch (error) {
+      console.error('[ProfileManager] Initialization failed:', error);
+      throw error;
+    }
+  }
+
+  /**
+   * Creates an isolated Chrome profile for a session
+   * @param {string} sessionId - Unique session identifier
+   * @param {string} claudeInstanceId - Claude instance identifier
+   * @returns {Promise<string>} Path to the created profile directory
+   */
+  async createSessionProfile(sessionId, claudeInstanceId) {
+    if (!this.initialized) {
+      await this.initialize();
+    }
+
+    // Validate inputs
+    if (!sessionId || typeof sessionId !== 'string') {
+      throw new Error('Valid sessionId is required');
+    }
+    if (!claudeInstanceId || typeof claudeInstanceId !== 'string') {
+      throw new Error('Valid claudeInstanceId is required');
+    }
+
+    // Security: Validate session ID doesn't contain path traversal attempts
+    // Decode URL-encoded attempts first
+    let decodedSessionId = sessionId;
+    try {
+      decodedSessionId = decodeURIComponent(sessionId);
+    } catch (e) {
+      // If decoding fails, use original
+    }
+
+    if (sessionId.includes('..') || sessionId.includes('/') || sessionId.includes('\\') ||
+        decodedSessionId.includes('..') || decodedSessionId.includes('/') || decodedSessionId.includes('\\') ||
+        sessionId.includes('%2e') || sessionId.includes('%2f') || sessionId.includes('%5c')) {
+      throw new Error('Security: Session ID contains invalid characters');
+    }
+
+    // Check if profile already exists
+    if (this.activeProfiles.has(sessionId)) {
+      throw new Error(`Profile already exists for session: ${sessionId}`);
+    }
+
+    try {
+      // Create unique profile directory
+      const profileName = `session-${sessionId}`;
+      const profilePath = path.join(this.profilesDir, profileName);
+
+      // Security: Ensure the profile path is within our profiles directory
+      const resolvedProfilePath = path.resolve(profilePath);
+      const resolvedProfilesDir = path.resolve(this.profilesDir);
+
+      if (!resolvedProfilePath.startsWith(resolvedProfilesDir)) {
+        throw new Error('Security: Profile path outside allowed directory');
+      }
+
+      // Check total space usage before creating new profile
+      await this.checkSpaceQuota();
+
+      // Create profile directory structure
+      await fs.mkdir(profilePath, { recursive: true });
+
+      // Create Chrome profile subdirectories
+      const chromeProfileDirs = [
+        'Default',
+        'Default/Cache',
+        'Default/Code Cache',
+        'Default/GPUCache',
+        'Default/Storage',
+        'Default/databases',
+        'Default/Local Storage',
+        'Default/Session Storage'
+      ];
+
+      for (const dir of chromeProfileDirs) {
+        await fs.mkdir(path.join(profilePath, dir), { recursive: true });
+      }
+
+      // Create profile configuration
+      await this.createProfileConfig(profilePath, sessionId, claudeInstanceId);
+
+      // Track the profile
+      const profileInfo = {
+        profilePath: resolvedProfilePath,
+        claudeInstanceId,
+        createdAt: new Date(),
+        size: 0 // Will be updated during cleanup
+      };
+
+      this.activeProfiles.set(sessionId, profileInfo);
+
+      console.log(`[ProfileManager] Created profile for session ${sessionId}: ${resolvedProfilePath}`);
+      return resolvedProfilePath;
+    } catch (error) {
+      console.error(`[ProfileManager] Failed to create profile for session ${sessionId}:`, error);
+      // Cleanup partial profile creation
+      try {
+        const profilePath = path.join(this.profilesDir, `session-${sessionId}`);
+        await fs.rm(profilePath, { recursive: true, force: true });
+      } catch (cleanupError) {
+        console.warn('[ProfileManager] Failed to cleanup partial profile:', cleanupError);
+      }
+      throw error;
+    }
+  }
+
+  /**
+   * Creates a basic Chrome profile configuration
+   * @param {string} profilePath - Path to the profile directory
+   * @param {string} sessionId - Session ID
+   * @param {string} claudeInstanceId - Claude instance ID
+   */
+  async createProfileConfig(profilePath, sessionId, claudeInstanceId) {
+    const defaultDir = path.join(profilePath, 'Default');
+
+    // Create Preferences file with security settings
+    const preferences = {
+      profile: {
+        name: `Chrome Pilot Session ${sessionId.substring(0, 8)}`,
+        managed_user_id: sessionId,
+        is_supervised: false
+      },
+      browser: {
+        check_default_browser: false,
+        show_home_button: false
+      },
+      security: {
+        // Enhanced security for isolated sessions
+        allow_cross_origin_auth_prompts: false,
+        mixed_content: {
+          auto_upgrade_insecure_requests: true
+        }
+      },
+      privacy: {
+        // Privacy settings for session isolation
+        dns_prefetching_enabled: false,
+        network_prediction_enabled: false,
+        background_mode_enabled: false
+      },
+      session: {
+        restore_on_startup: 1, // New Tab Page
+        startup_urls: []
+      },
+      // Session metadata for debugging
+      chrome_pilot: {
+        session_id: sessionId,
+        claude_instance_id: claudeInstanceId,
+        created_at: new Date().toISOString(),
+        profile_version: '1.0'
+      }
+    };
+
+    const preferencesPath = path.join(defaultDir, 'Preferences');
+    await fs.writeFile(preferencesPath, JSON.stringify(preferences, null, 2));
+
+    // Create Local State file
+    const localState = {
+      profile: {
+        info_cache: {
+          Default: {
+            name: `Chrome Pilot Session ${sessionId.substring(0, 8)}`,
+            user_name: `session-${sessionId}`,
+            is_supervised: false,
+            is_child: false,
+            is_force_signin_enabled: false
+          }
+        },
+        last_used: 'Default',
+        last_active_profiles: ['Default']
+      }
+    };
+
+    const localStatePath = path.join(profilePath, 'Local State');
+    await fs.writeFile(localStatePath, JSON.stringify(localState, null, 2));
+
+    console.log(`[ProfileManager] Created profile configuration for session ${sessionId}`);
+  }
+
+  /**
+   * Cleans up a session profile
+   * @param {string} sessionId - Session ID to cleanup
+   * @returns {Promise<boolean>} True if cleanup was successful
+   */
+  async cleanupProfile(sessionId) {
+    if (!sessionId || !this.activeProfiles.has(sessionId)) {
+      console.warn(`[ProfileManager] Attempted to cleanup non-existent profile: ${sessionId}`);
+      return false;
+    }
+
+    try {
+      const profileInfo = this.activeProfiles.get(sessionId);
+      const profilePath = profileInfo.profilePath;
+
+      // Security: Validate profile path before deletion
+      const resolvedProfilePath = path.resolve(profilePath);
+      const resolvedProfilesDir = path.resolve(this.profilesDir);
+
+      if (!resolvedProfilePath.startsWith(resolvedProfilesDir)) {
+        throw new Error('Security: Refusing to delete path outside profiles directory');
+      }
+
+      // Calculate profile size for logging
+      try {
+        const stats = await this.calculateDirectorySize(profilePath);
+        console.log(`[ProfileManager] Profile ${sessionId} size: ${(stats.size / 1024 / 1024).toFixed(2)}MB (${stats.files} files)`);
+      } catch (sizeError) {
+        console.warn('[ProfileManager] Could not calculate profile size:', sizeError);
+      }
+
+      // Remove profile directory
+      await fs.rm(profilePath, { recursive: true, force: true });
+
+      // Remove from active profiles
+      this.activeProfiles.delete(sessionId);
+
+      console.log(`[ProfileManager] Cleaned up profile for session ${sessionId}`);
+      return true;
+    } catch (error) {
+      console.error(`[ProfileManager] Error cleaning up profile for session ${sessionId}:`, error);
+      return false;
+    }
+  }
+
+  /**
+   * Checks space quota before creating new profiles
+   */
+  async checkSpaceQuota() {
+    try {
+      const totalSize = await this.calculateTotalProfilesSize();
+      const totalSizeMB = totalSize / 1024 / 1024;
+
+      if (totalSizeMB > this.config.maxTotalProfilesMB) {
+        throw new Error(`Total profiles size (${totalSizeMB.toFixed(2)}MB) exceeds limit (${this.config.maxTotalProfilesMB}MB)`);
+      }
+
+      console.log(`[ProfileManager] Current profiles size: ${totalSizeMB.toFixed(2)}MB / ${this.config.maxTotalProfilesMB}MB`);
+    } catch (error) {
+      if (error.message.includes('exceeds limit')) {
+        throw error;
+      }
+      console.warn('[ProfileManager] Could not check space quota:', error);
+    }
+  }
+
+  /**
+   * Calculates total size of all profiles
+   * @returns {Promise<number>} Total size in bytes
+   */
+  async calculateTotalProfilesSize() {
+    try {
+      const entries = await fs.readdir(this.profilesDir);
+      let totalSize = 0;
+
+      for (const entry of entries) {
+        const entryPath = path.join(this.profilesDir, entry);
+        const stats = await fs.stat(entryPath);
+
+        if (stats.isDirectory()) {
+          const dirStats = await this.calculateDirectorySize(entryPath);
+          totalSize += dirStats.size;
+        }
+      }
+
+      return totalSize;
+    } catch (error) {
+      console.warn('[ProfileManager] Error calculating total profiles size:', error);
+      return 0;
+    }
+  }
+
+  /**
+   * Calculates size of a directory recursively
+   * @param {string} dirPath - Directory path
+   * @returns {Promise<{size: number, files: number}>} Size in bytes and file count
+   */
+  async calculateDirectorySize(dirPath) {
+    let totalSize = 0;
+    let fileCount = 0;
+
+    async function traverse(currentPath) {
+      try {
+        const entries = await fs.readdir(currentPath);
+
+        for (const entry of entries) {
+          const entryPath = path.join(currentPath, entry);
+          const stats = await fs.stat(entryPath);
+
+          if (stats.isDirectory()) {
+            await traverse(entryPath);
+          } else {
+            totalSize += stats.size;
+            fileCount++;
+          }
+        }
+      } catch (error) {
+        // Skip directories/files we can't access
+        console.debug(`[ProfileManager] Skipping inaccessible path: ${currentPath}`);
+      }
+    }
+
+    await traverse(dirPath);
+    return { size: totalSize, files: fileCount };
+  }
+
+  /**
+   * Cleans up orphaned profiles from previous runs
+   */
+  async cleanupOrphanedProfiles() {
+    try {
+      const entries = await fs.readdir(this.profilesDir);
+      const sessionDirs = entries.filter(entry => entry.startsWith('session-'));
+
+      let cleanedCount = 0;
+
+      for (const sessionDir of sessionDirs) {
+        const sessionDirPath = path.join(this.profilesDir, sessionDir);
+
+        try {
+          const stats = await fs.stat(sessionDirPath);
+          const age = Date.now() - stats.mtime.getTime();
+
+          // Clean up profiles older than configured age
+          if (age > this.config.profileCleanupAgeMs) {
+            await fs.rm(sessionDirPath, { recursive: true, force: true });
+            cleanedCount++;
+            console.log(`[ProfileManager] Cleaned up orphaned profile: ${sessionDir}`);
+          }
+        } catch (error) {
+          console.warn(`[ProfileManager] Error processing orphaned profile ${sessionDir}:`, error);
+        }
+      }
+
+      if (cleanedCount > 0) {
+        console.log(`[ProfileManager] Cleaned up ${cleanedCount} orphaned profiles`);
+      }
+    } catch (error) {
+      console.warn('[ProfileManager] Error during orphaned profile cleanup:', error);
+    }
+  }
+
+  /**
+   * Gets information about a specific profile
+   * @param {string} sessionId - Session ID
+   * @returns {Object|null} Profile information or null if not found
+   */
+  getProfileInfo(sessionId) {
+    if (this.activeProfiles.has(sessionId)) {
+      return { ...this.activeProfiles.get(sessionId) };
+    }
+    return null;
+  }
+
+  /**
+   * Lists all active profiles
+   * @returns {Array} Array of profile information objects
+   */
+  listActiveProfiles() {
+    const profiles = [];
+    for (const [sessionId, profileInfo] of this.activeProfiles) {
+      profiles.push({
+        sessionId,
+        ...profileInfo
+      });
+    }
+    return profiles;
+  }
+
+  /**
+   * Gets manager status and statistics
+   * @returns {Object} Status information
+   */
+  getStatus() {
+    return {
+      initialized: this.initialized,
+      profilesDir: this.profilesDir,
+      activeProfiles: this.activeProfiles.size,
+      config: this.config
+    };
+  }
+
+  /**
+   * Cleanup method for graceful shutdown
+   */
+  async cleanup() {
+    console.log('[ProfileManager] Cleaning up active profiles...');
+
+    // Clean up all active profiles
+    const sessionIds = Array.from(this.activeProfiles.keys());
+    for (const sessionId of sessionIds) {
+      await this.cleanupProfile(sessionId);
+    }
+
+    console.log('[ProfileManager] Cleanup completed');
+  }
+}