@ebowwa/terminal 0.3.1 → 0.3.2

package/src/fingerprint.js

@@ -1,336 +0,0 @@
-"use strict";
-/**
- * SSH fingerprint utilities with validation and recovery
- */
-var __extends = (this && this.__extends) || (function () {
-    var extendStatics = function (d, b) {
-        extendStatics = Object.setPrototypeOf ||
-            ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
-            function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; };
-        return extendStatics(d, b);
-    };
-    return function (d, b) {
-        if (typeof b !== "function" && b !== null)
-            throw new TypeError("Class extends value " + String(b) + " is not a constructor or null");
-        extendStatics(d, b);
-        function __() { this.constructor = d; }
-        d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
-    };
-})();
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-var __generator = (this && this.__generator) || function (thisArg, body) {
-    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
-    return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
-    function verb(n) { return function (v) { return step([n, v]); }; }
-    function step(op) {
-        if (f) throw new TypeError("Generator is already executing.");
-        while (g && (g = 0, op[0] && (_ = 0)), _) try {
-            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
-            if (y = 0, t) op = [op[0] & 2, t.value];
-            switch (op[0]) {
-                case 0: case 1: t = op; break;
-                case 4: _.label++; return { value: op[1], done: false };
-                case 5: _.label++; y = op[1]; op = [0]; continue;
-                case 7: op = _.ops.pop(); _.trys.pop(); continue;
-                default:
-                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
-                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
-                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
-                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
-                    if (t[2]) _.ops.pop();
-                    _.trys.pop(); continue;
-            }
-            op = body.call(thisArg, _);
-        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
-        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
-    }
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.SSHKeyMismatchError = void 0;
-exports.getSSHFingerprint = getSSHFingerprint;
-exports.getLocalKeyFingerprint = getLocalKeyFingerprint;
-exports.normalizeFingerprint = normalizeFingerprint;
-exports.validateSSHKeyMatch = validateSSHKeyMatch;
-exports.testSSHKeyConnection = testSSHKeyConnection;
-exports.validateSSHKeyForServer = validateSSHKeyForServer;
-var util_1 = require("util");
-var promises_1 = require("fs/promises");
-var execAsync = (0, util_1.promisify)(require("child_process").exec);
-/**
- * Get SSH fingerprint from remote server
- * @param options - SSH connection options
- * @returns SSH fingerprint or null
- */
-function getSSHFingerprint(options) {
-    return __awaiter(this, void 0, void 0, function () {
-        var host, _a, port, proc, output, lines, _i, lines_1, line, parts, _b;
-        return __generator(this, function (_c) {
-            switch (_c.label) {
-                case 0:
-                    host = options.host, _a = options.port, port = _a === void 0 ? 22 : _a;
-                    _c.label = 1;
-                case 1:
-                    _c.trys.push([1, 4, , 5]);
-                    proc = Bun.spawn(["ssh-keyscan", "-p", port.toString(), "".concat(host)], {
-                        stdout: "pipe",
-                        stderr: "pipe",
-                    });
-                    return [4 /*yield*/, new Response(proc.stdout).text()];
-                case 2:
-                    output = _c.sent();
-                    return [4 /*yield*/, proc.exited];
-                case 3:
-                    _c.sent();
-                    lines = output.split("\n");
-                    for (_i = 0, lines_1 = lines; _i < lines_1.length; _i++) {
-                        line = lines_1[_i];
-                        if (line.includes(host)) {
-                            parts = line.split(" ");
-                            if (parts.length >= 3) {
-                                return [2 /*return*/, parts[2]]; // Return the fingerprint
-                            }
-                        }
-                    }
-                    return [2 /*return*/, null];
-                case 4:
-                    _b = _c.sent();
-                    return [2 /*return*/, null];
-                case 5: return [2 /*return*/];
-            }
-        });
-    });
-}
-/**
- * Get SSH fingerprint from a local private key file
- * @param keyPath - Path to the private key file
- * @returns SSH fingerprint (SHA256 format) or null
- */
-function getLocalKeyFingerprint(keyPath) {
-    return __awaiter(this, void 0, void 0, function () {
-        var stdout, match, _a, keyContent, lines, _i, lines_2, line, stdout, match, error_1;
-        return __generator(this, function (_b) {
-            switch (_b.label) {
-                case 0:
-                    _b.trys.push([0, 10, , 11]);
-                    _b.label = 1;
-                case 1:
-                    _b.trys.push([1, 3, , 4]);
-                    return [4 /*yield*/, execAsync("ssh-keygen -lf \"".concat(keyPath, "\""))];
-                case 2:
-                    stdout = (_b.sent()).stdout;
-                    match = stdout.match(/SHA256:(\S+)/i);
-                    if (match) {
-                        return [2 /*return*/, match[1]];
-                    }
-                    return [3 /*break*/, 4];
-                case 3:
-                    _a = _b.sent();
-                    return [3 /*break*/, 4];
-                case 4: return [4 /*yield*/, (0, promises_1.readFile)(keyPath, "utf-8")];
-                case 5:
-                    keyContent = _b.sent();
-                    if (!(keyContent.includes("OPENSSH") && keyContent.includes("ssh-ed25519"))) return [3 /*break*/, 9];
-                    lines = keyContent.split("\n");
-                    _i = 0, lines_2 = lines;
-                    _b.label = 6;
-                case 6:
-                    if (!(_i < lines_2.length)) return [3 /*break*/, 9];
-                    line = lines_2[_i];
-                    if (!line.startsWith("ssh-ed25519")) return [3 /*break*/, 8];
-                    return [4 /*yield*/, execAsync("echo '".concat(line, "' | ssh-keygen -lf -"))];
-                case 7:
-                    stdout = (_b.sent()).stdout;
-                    match = stdout.match(/SHA256:(\S+)/i);
-                    if (match) {
-                        return [2 /*return*/, match[1]];
-                    }
-                    _b.label = 8;
-                case 8:
-                    _i++;
-                    return [3 /*break*/, 6];
-                case 9: return [2 /*return*/, null];
-                case 10:
-                    error_1 = _b.sent();
-                    console.error("[Fingerprint] Failed to get local key fingerprint:", error_1);
-                    return [2 /*return*/, null];
-                case 11: return [2 /*return*/];
-            }
-        });
-    });
-}
-/**
- * Convert MD5 fingerprint format to SHA256 format (for comparison)
- * Hetzner returns MD5 like "29:cd:c1:c3:84:eb:ca:31:a4:1f:94:69:0c:84:b3:56"
- * We need to handle both formats
- */
-function normalizeFingerprint(fingerprint) {
-    // Remove colons from MD5 format for easier comparison
-    return fingerprint.replace(/:/g, "").toLowerCase();
-}
-/**
- * Validate that a local SSH key matches what's on a remote server
- * @param host - Server hostname or IP
- * @param keyPath - Path to local private key
- * @returns Validation result
- */
-function validateSSHKeyMatch(host, keyPath) {
-    return __awaiter(this, void 0, void 0, function () {
-        var localFingerprint, remoteFingerprint, localNormalized, remoteNormalized, match, error_2;
-        return __generator(this, function (_a) {
-            switch (_a.label) {
-                case 0:
-                    _a.trys.push([0, 3, , 4]);
-                    return [4 /*yield*/, getLocalKeyFingerprint(keyPath)];
-                case 1:
-                    localFingerprint = _a.sent();
-                    if (!localFingerprint) {
-                        return [2 /*return*/, {
-                                valid: false,
-                                error: "Could not read local SSH key fingerprint",
-                            }];
-                    }
-                    return [4 /*yield*/, getSSHFingerprint({ host: host })];
-                case 2:
-                    remoteFingerprint = _a.sent();
-                    if (!remoteFingerprint) {
-                        return [2 /*return*/, {
-                                valid: false,
-                                error: "Could not get remote SSH fingerprint",
-                            }];
-                    }
-                    localNormalized = normalizeFingerprint(localFingerprint);
-                    remoteNormalized = normalizeFingerprint(remoteFingerprint);
-                    match = localNormalized === remoteNormalized ||
-                        localFingerprint === remoteFingerprint ||
-                        localFingerprint === remoteFingerprint.replace(/:/g, "");
-                    return [2 /*return*/, {
-                            valid: match,
-                            localFingerprint: localFingerprint,
-                            remoteFingerprint: remoteFingerprint,
-                            error: match ? undefined : "Fingerprints do not match",
-                        }];
-                case 3:
-                    error_2 = _a.sent();
-                    return [2 /*return*/, {
-                            valid: false,
-                            error: error_2 instanceof Error ? error_2.message : String(error_2),
-                        }];
-                case 4: return [2 /*return*/];
-            }
-        });
-    });
-}
-/**
- * Check if we can SSH to a server with a given key
- * @param host - Server hostname or IP
- * @param keyPath - Path to SSH private key
- * @returns true if SSH works
- */
-function testSSHKeyConnection(host, keyPath) {
-    return __awaiter(this, void 0, void 0, function () {
-        var _a;
-        return __generator(this, function (_b) {
-            switch (_b.label) {
-                case 0:
-                    _b.trys.push([0, 2, , 3]);
-                    return [4 /*yield*/, execAsync("ssh -F /dev/null -i \"".concat(keyPath, "\" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ConnectTimeout=5 ").concat(host, " \"echo ok\""), { timeout: 10000 })];
-                case 1:
-                    _b.sent();
-                    return [2 /*return*/, true];
-                case 2:
-                    _a = _b.sent();
-                    return [2 /*return*/, false];
-                case 3: return [2 /*return*/];
-            }
-        });
-    });
-}
-/**
- * SSH Key Mismatch Error with recovery suggestions
- */
-var SSHKeyMismatchError = /** @class */ (function (_super) {
-    __extends(SSHKeyMismatchError, _super);
-    function SSHKeyMismatchError(host, localFingerprint, hetznerFingerprint, keyPath) {
-        var _this = this;
-        var hetznerShort = hetznerFingerprint.split(":").slice(0, 4).join(":");
-        var localShort = localFingerprint.slice(0, 16);
-        _this = _super.call(this, "SSH key mismatch for ".concat(host, "\n") +
-            "  Local key (".concat(keyPath, "):   ").concat(localShort, "...\n") +
-            "  Hetzner key:            ".concat(hetznerShort, "...\n\n") +
-            "The local private key doesn't match the public key on Hetzner.\n\n" +
-            "RECOVERY OPTIONS:\n" +
-            "1. Create a new SSH key and upload to Hetzner\n" +
-            "2. Regenerate local key to match Hetzner's key\n" +
-            "3. Use the correct key path for this server") || this;
-        _this.host = host;
-        _this.localFingerprint = localFingerprint;
-        _this.hetznerFingerprint = hetznerFingerprint;
-        _this.keyPath = keyPath;
-        _this.name = "SSHKeyMismatchError";
-        return _this;
-    }
-    return SSHKeyMismatchError;
-}(Error));
-exports.SSHKeyMismatchError = SSHKeyMismatchError;
-/**
- * Comprehensive SSH key validation for server creation
- * @param host - Server hostname or IP
- * @param keyPath - Path to local SSH key
- * @param hetznerKeyId - SSH key ID on Hetzner (for comparison)
- * @returns Validation result with recovery suggestions
- */
-function validateSSHKeyForServer(host, keyPath, hetznerKeyId) {
-    return __awaiter(this, void 0, void 0, function () {
-        var result, _a, validation;
-        return __generator(this, function (_b) {
-            switch (_b.label) {
-                case 0:
-                    result = {
-                        canConnect: false,
-                        fingerprintMatch: false,
-                        recovery: [],
-                    };
-                    // Test if SSH works at all
-                    _a = result;
-                    return [4 /*yield*/, testSSHKeyConnection(host, keyPath)];
-                case 1:
-                    // Test if SSH works at all
-                    _a.canConnect = _b.sent();
-                    return [4 /*yield*/, validateSSHKeyMatch(host, keyPath)];
-                case 2:
-                    validation = _b.sent();
-                    result.localFingerprint = validation.localFingerprint;
-                    result.remoteFingerprint = validation.remoteFingerprint;
-                    result.fingerprintMatch = validation.valid;
-                    if (!result.canConnect) {
-                        result.error = "Cannot connect to server with this key";
-                        result.recovery = [
-                            "1. Check if the server is fully initialized (may still be booting)",
-                            "2. Verify the SSH key was added to the server's ~/.ssh/authorized_keys",
-                            "3. Try a different SSH key or regenerate the key pair",
-                        ];
-                        return [2 /*return*/, result];
-                    }
-                    if (!result.fingerprintMatch) {
-                        result.error = "SSH key fingerprint mismatch";
-                        result.recovery = [
-                            "1. Generate a new SSH key pair: `ssh-keygen -t ed25519 -f ~/.ssh/hetzner-new`",
-                            "2. Upload public key to Hetzner (via GUI or API)",
-                            "3. Update the server's metadata with the new key path",
-                            "4. Alternatively: The Hetzner key ID ".concat(hetznerKeyId, " may need key regeneration"),
-                        ];
-                        return [2 /*return*/, result];
-                    }
-                    return [2 /*return*/, result];
-            }
-        });
-    });
-}

package/src/fingerprint.ts

@@ -1,263 +0,0 @@
-/**
- * SSH fingerprint utilities with validation and recovery
- */
-
-import type { SSHOptions } from "./types.js";
-import { spawn } from "child_process";
-import { promisify } from "util";
-import { readFile } from "fs/promises";
-
-const execAsync = promisify(require("child_process").exec);
-
-/**
- * Get SSH fingerprint from remote server
- * @param options - SSH connection options
- * @returns SSH fingerprint or null
- */
-export async function getSSHFingerprint(
-  options: SSHOptions,
-): Promise<string | null> {
-  const { host, port = 22 } = options;
-
-  try {
-    const proc = Bun.spawn(["ssh-keyscan", "-p", port.toString(), `${host}`], {
-      stdout: "pipe",
-      stderr: "pipe",
-    });
-
-    const output = await new Response(proc.stdout).text();
-    await proc.exited;
-
-    // Parse fingerprint from output
-    const lines = output.split("\n");
-    for (const line of lines) {
-      if (line.includes(host)) {
-        const parts = line.split(" ");
-        if (parts.length >= 3) {
-          return parts[2]; // Return the fingerprint
-        }
-      }
-    }
-    return null;
-  } catch {
-    return null;
-  }
-}
-
-/**
- * Get SSH fingerprint from a local private key file
- * @param keyPath - Path to the private key file
- * @returns SSH fingerprint (SHA256 format) or null
- */
-export async function getLocalKeyFingerprint(
-  keyPath: string,
-): Promise<string | null> {
-  try {
-    // Try ssh-keygen first (most reliable)
-    try {
-      const { stdout } = await execAsync(`ssh-keygen -lf "${keyPath}"`);
-      const match = stdout.match(/SHA256:(\S+)/i);
-      if (match) {
-        return match[1];
-      }
-    } catch {
-      // ssh-keygen might not be available, try fallback
-    }
-
-    // Fallback: Try to extract from the key file directly
-    const keyContent = await readFile(keyPath, "utf-8");
-
-    // For ED25519 keys, the public key is embedded
-    if (keyContent.includes("OPENSSH") && keyContent.includes("ssh-ed25519")) {
-      // Extract the public key part
-      const lines = keyContent.split("\n");
-      for (const line of lines) {
-        if (line.startsWith("ssh-ed25519")) {
-          // Calculate fingerprint from public key
-          const { stdout } = await execAsync(`echo '${line}' | ssh-keygen -lf -`);
-          const match = stdout.match(/SHA256:(\S+)/i);
-          if (match) {
-            return match[1];
-          }
-        }
-      }
-    }
-
-    return null;
-  } catch (error) {
-    console.error("[Fingerprint] Failed to get local key fingerprint:", error);
-    return null;
-  }
-}
-
-/**
- * Convert MD5 fingerprint format to SHA256 format (for comparison)
- * Hetzner returns MD5 like "29:cd:c1:c3:84:eb:ca:31:a4:1f:94:69:0c:84:b3:56"
- * We need to handle both formats
- */
-export function normalizeFingerprint(fingerprint: string): string {
-  // Remove colons from MD5 format for easier comparison
-  return fingerprint.replace(/:/g, "").toLowerCase();
-}
-
-/**
- * Validate that a local SSH key matches what's on a remote server
- * @param host - Server hostname or IP
- * @param keyPath - Path to local private key
- * @returns Validation result
- */
-export async function validateSSHKeyMatch(
-  host: string,
-  keyPath: string,
-): Promise<{
-  valid: boolean;
-  localFingerprint?: string;
-  remoteFingerprint?: string;
-  error?: string;
-}> {
-  try {
-    // Get local fingerprint
-    const localFingerprint = await getLocalKeyFingerprint(keyPath);
-    if (!localFingerprint) {
-      return {
-        valid: false,
-        error: "Could not read local SSH key fingerprint",
-      };
-    }
-
-    // Get remote fingerprint
-    const remoteFingerprint = await getSSHFingerprint({ host });
-    if (!remoteFingerprint) {
-      return {
-        valid: false,
-        error: "Could not get remote SSH fingerprint",
-      };
-    }
-
-    // Normalize both for comparison
-    const localNormalized = normalizeFingerprint(localFingerprint);
-    const remoteNormalized = normalizeFingerprint(remoteFingerprint);
-
-    const match = localNormalized === remoteNormalized ||
-                   localFingerprint === remoteFingerprint ||
-                   localFingerprint === remoteFingerprint.replace(/:/g, "");
-
-    return {
-      valid: match,
-      localFingerprint: localFingerprint,
-      remoteFingerprint: remoteFingerprint,
-      error: match ? undefined : "Fingerprints do not match",
-    };
-  } catch (error) {
-    return {
-      valid: false,
-      error: error instanceof Error ? error.message : String(error),
-    };
-  }
-}
-
-/**
- * Check if we can SSH to a server with a given key
- * @param host - Server hostname or IP
- * @param keyPath - Path to SSH private key
- * @returns true if SSH works
- */
-export async function testSSHKeyConnection(
-  host: string,
-  keyPath: string,
-): Promise<boolean> {
-  try {
-    await execAsync(
-      `ssh -F /dev/null -i "${keyPath}" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ConnectTimeout=5 ${host} "echo ok"`,
-      { timeout: 10000 }
-    );
-    return true;
-  } catch {
-    return false;
-  }
-}
-
-/**
- * SSH Key Mismatch Error with recovery suggestions
- */
-export class SSHKeyMismatchError extends Error {
-  constructor(
-    public host: string,
-    public localFingerprint: string,
-    public hetznerFingerprint: string,
-    public keyPath: string,
-  ) {
-    const hetznerShort = hetznerFingerprint.split(":").slice(0, 4).join(":");
-    const localShort = localFingerprint.slice(0, 16);
-
-    super(
-      `SSH key mismatch for ${host}\n` +
-      `  Local key (${keyPath}):   ${localShort}...\n` +
-      `  Hetzner key:            ${hetznerShort}...\n\n` +
-      `The local private key doesn't match the public key on Hetzner.\n\n` +
-      `RECOVERY OPTIONS:\n` +
-      `1. Create a new SSH key and upload to Hetzner\n` +
-      `2. Regenerate local key to match Hetzner's key\n` +
-      `3. Use the correct key path for this server`
-    );
-    this.name = "SSHKeyMismatchError";
-  }
-}
-
-/**
- * Comprehensive SSH key validation for server creation
- * @param host - Server hostname or IP
- * @param keyPath - Path to local SSH key
- * @param hetznerKeyId - SSH key ID on Hetzner (for comparison)
- * @returns Validation result with recovery suggestions
- */
-export async function validateSSHKeyForServer(
-  host: string,
-  keyPath: string,
-  hetznerKeyId?: string,
-): Promise<{
-  canConnect: boolean;
-  fingerprintMatch: boolean;
-  localFingerprint?: string;
-  remoteFingerprint?: string;
-  error?: string;
-  recovery?: string[];
-}> {
-  const result: Awaited<ReturnType<typeof validateSSHKeyForServer>> = {
-    canConnect: false,
-    fingerprintMatch: false,
-    recovery: [],
-  };
-
-  // Test if SSH works at all
-  result.canConnect = await testSSHKeyConnection(host, keyPath);
-
-  // Get fingerprints for comparison
-  const validation = await validateSSHKeyMatch(host, keyPath);
-  result.localFingerprint = validation.localFingerprint;
-  result.remoteFingerprint = validation.remoteFingerprint;
-  result.fingerprintMatch = validation.valid;
-
-  if (!result.canConnect) {
-    result.error = "Cannot connect to server with this key";
-    result.recovery = [
-      "1. Check if the server is fully initialized (may still be booting)",
-      "2. Verify the SSH key was added to the server's ~/.ssh/authorized_keys",
-      "3. Try a different SSH key or regenerate the key pair",
-    ];
-    return result;
-  }
-
-  if (!result.fingerprintMatch) {
-    result.error = "SSH key fingerprint mismatch";
-    result.recovery = [
-      "1. Generate a new SSH key pair: `ssh-keygen -t ed25519 -f ~/.ssh/hetzner-new`",
-      "2. Upload public key to Hetzner (via GUI or API)",
-      "3. Update the server's metadata with the new key path",
-      `4. Alternatively: The Hetzner key ID ${hetznerKeyId} may need key regeneration`,
-    ];
-    return result;
-  }
-
-  return result;
-}