@highstate/common 0.9.14 → 0.9.16

package/src/shared/index.ts

@@ -3,3 +3,4 @@ export * from "./dns"
 export * from "./passwords"
 export * from "./ssh"
 export * from "./network"
+export * from "./files"

package/src/shared/network.ts

@@ -19,6 +19,13 @@ export type InputL3Endpoint = network.L3Endpoint | string
  */
 export type InputL4Endpoint = network.L4Endpoint | string
 
+/**
+ * The L7 endpoint for some service.
+ *
+ * The format is: `appProtocol://endpoint[:port][/resource]`
+ */
+export type InputL7Endpoint = network.L7Endpoint | string
+
 /**
  * Stringifies a L3 endpoint object into a string.
  *
@@ -40,7 +47,6 @@ export function l3EndpointToString(l3Endpoint: network.L3Endpoint): string {
  * Stringifies a L4 endpoint object into a string.
  *
  * @param l4Endpoint The L4 endpoint object to stringify.
- *
  * @returns The string representation of the L4 endpoint.
  */
 export function l4EndpointToString(l4Endpoint: network.L4Endpoint): string {
@@ -51,6 +57,37 @@ export function l4EndpointToString(l4Endpoint: network.L4Endpoint): string {
   return `${l3EndpointToString(l4Endpoint)}:${l4Endpoint.port}`
 }
 
+/**
+ * Stringifies a L4 endpoint object into a string with protocol.
+ *
+ * @param l4Endpoint The L4 endpoint object to stringify.
+ * @returns The string representation of the L4 endpoint with protocol.
+ */
+export function l4EndpointWithProtocolToString(l4Endpoint: network.L4Endpoint): string {
+  const protocol = `${l4Endpoint.protocol}://`
+
+  return `${protocol}${l4EndpointToString(l4Endpoint)}`
+}
+
+/**
+ * Stringifies a L7 endpoint object into a string.
+ *
+ * The format is: `appProtocol://endpoint[:port][/resource]`
+ * @param l7Endpoint The L7 endpoint object to stringify.
+ * @returns The string representation of the L7 endpoint.
+ */
+export function l7EndpointToString(l7Endpoint: network.L7Endpoint): string {
+  const protocol = `${l7Endpoint.appProtocol}://`
+
+  let endpoint = l4EndpointToString(l7Endpoint)
+
+  if (l7Endpoint.resource) {
+    endpoint += `/${l7Endpoint.resource}`
+  }
+
+  return `${protocol}${endpoint}`
+}
+
 /**
  * Stringifies a L3 or L4 endpoint object into a string.
  *
@@ -68,6 +105,9 @@ export function l34EndpointToString(l34Endpoint: network.L34Endpoint): string {
 const L34_ENDPOINT_RE =
   /^(?:(?<protocol>[a-z]+):\/\/)?(?:(?:\[?(?<ipv6>[0-9A-Fa-f:]+)\]?)|(?<ipv4>(?:\d{1,3}\.){3}\d{1,3})|(?<hostname>[a-zA-Z0-9-*]+(?:\.[a-zA-Z0-9-*]+)*))(?::(?<port>\d{1,5}))?$/
 
+const L7_ENDPOINT_RE =
+  /^(?<appProtocol>[a-z]+):\/\/(?:(?:\[?(?<ipv6>[0-9A-Fa-f:]+)\]?)|(?<ipv4>(?:\d{1,3}\.){3}\d{1,3})|(?<hostname>[a-zA-Z0-9-*]+(?:\.[a-zA-Z0-9-*]+)*))(?::(?<port>\d{1,5}))?(?:\/(?<resource>.*))?$/
+
 /**
  * Parses a L3 or L4 endpoint from a string.
  *
@@ -275,6 +315,53 @@ export function l3EndpointToCidr(l3Endpoint: network.L3Endpoint): string {
   }
 }
 
+const udpAppProtocols = ["dns", "dhcp"]
+
+/**
+ * Parses a L7 endpoint from a string.
+ *
+ * The format is: `appProtocol://endpoint[:port][/resource]`
+ *
+ * @param l7Endpoint The L7 endpoint string to parse.
+ * @returns The parsed L7 endpoint object.
+ */
+export function parseL7Endpoint(l7Endpoint: InputL7Endpoint): network.L7Endpoint {
+  if (typeof l7Endpoint === "object") {
+    return l7Endpoint
+  }
+
+  const match = l7Endpoint.match(L7_ENDPOINT_RE)
+  if (!match) {
+    throw new Error(`Invalid L7 endpoint: "${l7Endpoint}"`)
+  }
+
+  const { appProtocol, ipv6, ipv4, hostname, port, resource } = match.groups!
+
+  let visibility: network.EndpointVisibility = "public"
+
+  if (ipv4 && IPV4_PRIVATE_REGEX.test(ipv4)) {
+    visibility = "external"
+  } else if (ipv6 && IPV6_PRIVATE_REGEX.test(ipv6)) {
+    visibility = "external"
+  }
+
+  return {
+    type: ipv6 ? "ipv6" : ipv4 ? "ipv4" : "hostname",
+    visibility,
+    address: ipv6 || ipv4,
+    hostname: hostname,
+
+    // Default port for L7 endpoints (TODO: add more specific defaults for common protocols)
+    port: port ? parseInt(port, 10) : 443,
+
+    // L7 endpoints typically use TCP, but can also use UDP for specific protocols
+    protocol: udpAppProtocols.includes(appProtocol) ? "udp" : "tcp",
+
+    appProtocol,
+    resource: resource || "",
+  } as network.L7Endpoint
+}
+
 /**
  * Updates the endpoints based on the given mode.
  *

package/src/shared/ssh.ts

@@ -1,7 +1,6 @@
 import type { common, network, ssh } from "@highstate/library"
 import {
   getOrCreateSecret,
-  getUnitInstanceName,
   output,
   Output,
   secret,
@@ -11,7 +10,8 @@ import {
 import getKeys, { PrivateExport } from "micro-key-producer/ssh.js"
 import { randomBytes } from "micro-key-producer/utils.js"
 import { local, remote } from "@pulumi/command"
-import { l3EndpointToString, l3ToL4Endpoint, l4EndpointToString } from "./network"
+import * as images from "../../assets/images.json"
+import { l3EndpointToString, l3ToL4Endpoint } from "./network"
 
 export function createSshTerminal(
   credentials: Input<ssh.Credentials | undefined>,
@@ -40,25 +40,44 @@ export function createSshTerminal(
 
     return {
       name: "ssh",
-      title: `SSH: ${getUnitInstanceName()}`,
-      description: "Connect to the server via SSH",
-      image: "ghcr.io/exeteres/highstate/terminal-ssh",
-      command,
 
-      files: {
-        "/password": credentials.password,
-
-        "/private_key": {
-          content: credentials.keyPair?.privateKey,
-          mode: 0o600,
-        },
+      meta: {
+        title: "Shell",
+        description: "Connect to the server via SSH",
+        icon: "gg:remote",
+      },
 
-        "/known_hosts": {
-          content: `${l3EndpointToString(endpoint)} ${credentials.hostKey}`,
-          mode: 0o644,
+      spec: {
+        image: images["terminal-ssh"].image,
+        command,
+
+        files: {
+          "/password": credentials.password,
+
+          "/private_key": credentials.keyPair?.privateKey && {
+            content: {
+              type: "embedded",
+              value: credentials.keyPair?.privateKey,
+            },
+            meta: {
+              name: "private_key",
+              mode: 0o600,
+            },
+          },
+
+          "/known_hosts": {
+            content: {
+              type: "embedded",
+              value: `${l3EndpointToString(endpoint)} ${credentials.hostKey}`,
+            },
+            meta: {
+              name: "known_hosts",
+              mode: 0o644,
+            },
+          },
         },
       },
-    }
+    } satisfies InstanceTerminal
   })
 }
 
@@ -75,13 +94,13 @@ export function privateKeyToKeyPair(privateKeyString: Input<string>): Output<ssh
     // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
     const privKey = privateKeyStruct.keys[0].privKey.privKey as Uint8Array
 
-    const { fingerprint, publicKey, privateKey } = getKeys(privKey.slice(0, 32))
+    const { fingerprint, publicKey } = getKeys(privKey.slice(0, 32))
 
     return output({
       type: "ed25519" as const,
       fingerprint,
       publicKey,
-      privateKey: secret(privateKey),
+      privateKey: secret(privateKeyString),
     })
   })
 }
@@ -114,6 +133,7 @@ export function createServerEntity(
   sshUser = "root",
   sshPassword?: Input<string | undefined>,
   sshPrivateKey?: Input<string>,
+  hasSsh = true,
 ): Output<common.Server> {
   const connection = output({
     host: l3EndpointToString(endpoint),
@@ -124,8 +144,16 @@ export function createServerEntity(
     dialErrorLimit: 3,
   })
 
+  if (!hasSsh) {
+    return output({
+      hostname: fallbackHostname,
+      endpoints: [endpoint],
+    })
+  }
+
   const command = new local.Command("check-ssh", {
     create: `nc -zv ${l3EndpointToString(endpoint)} ${sshPort} && echo "up" || echo "down"`,
+    triggers: [Date.now()],
   })
 
   return command.stdout.apply(result => {

package/src/units/existing-server/index.ts

@@ -25,7 +25,7 @@ export default outputs({
   server,
   endpoints: server.endpoints,
 
-  $status: {
+  $statusFields: {
     hostname: server.hostname,
     endpoints: server.endpoints.apply(endpoints => endpoints.map(l3EndpointToString)),
   },

package/src/units/server-dns/index.ts

@@ -20,7 +20,7 @@ export default outputs({
 
   endpoints,
 
-  $status: {
+  $statusFields: {
     endpoints: endpoints.map(l3EndpointToString),
   },
 })

package/src/units/server-patch/index.ts

@@ -19,7 +19,7 @@ export default outputs({
 
   endpoints,
 
-  $status: {
+  $statusFields: {
     endpoints: endpoints.map(l3EndpointToString),
   },
 })

package/src/units/ssh/key-pair/index.ts

@@ -2,14 +2,24 @@ import { ssh } from "@highstate/library"
 import { forUnit, getOrCreateSecret } from "@highstate/pulumi"
 import { generatePrivateKey, privateKeyToKeyPair } from "../../../shared"
 
-const { secrets, outputs } = forUnit(ssh.keyPair)
+const { name, secrets, outputs } = forUnit(ssh.keyPair)
 
 const privateKey = getOrCreateSecret(secrets, "privateKey", generatePrivateKey)
 const keyPair = privateKeyToKeyPair(privateKey)
 
 export default outputs({
   keyPair: privateKeyToKeyPair(privateKey),
-  $status: {
+  publicKeyFile: {
+    meta: {
+      name: `${name}.pub`,
+      mode: 0o644,
+    },
+    content: {
+      type: "embedded",
+      value: keyPair.publicKey,
+    },
+  },
+  $statusFields: {
     fingerprint: keyPair.fingerprint,
     publicKey: keyPair.publicKey,
   },