@malloy-publisher/server 0.0.218 → 0.0.219
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/app/api-doc.yaml +22 -6
- package/dist/app/assets/{EnvironmentPage-DxOiCxcd.js → EnvironmentPage-gehnjfC6.js} +1 -1
- package/dist/app/assets/{HomePage-i8qAtD6x.js → HomePage-8LQBytE4.js} +1 -1
- package/dist/app/assets/{MainPage-B58d5pmX.js → MainPage-DDaZLJw-.js} +1 -1
- package/dist/app/assets/{MaterializationsPage-6OEVM543.js → MaterializationsPage-D7P1Kp6O.js} +1 -1
- package/dist/app/assets/{ModelPage-8d5l7YkU.js → ModelPage-Do_vhxOc.js} +1 -1
- package/dist/app/assets/{PackagePage-BVmoVsPQ.js → PackagePage-Cz9fVwSG.js} +1 -1
- package/dist/app/assets/{RouteError-DFX521_t.js → RouteError-UONCloyN.js} +1 -1
- package/dist/app/assets/{WorkbookPage-CzucDJ-T.js → WorkbookPage-Bhzqvbq_.js} +1 -1
- package/dist/app/assets/{core-B95VQkAV.es-Cbn-yKG-.js → core-BiGj7BML.es-kMHAa8tP.js} +1 -1
- package/dist/app/assets/{index--xJ1pzL-.js → index-VzRbxcF7.js} +3 -3
- package/dist/app/assets/{index-DxRKma36.js → index-ddq4-5hu.js} +1 -1
- package/dist/app/assets/{index-Bxkza-hz.js → index-qOQF9CXq.js} +1 -1
- package/dist/app/assets/{index.umd-o-yUIEtS.js → index.umd-B2kmxDh7.js} +1 -1
- package/dist/app/index.html +1 -1
- package/dist/server.mjs +267 -220
- package/package.json +1 -1
- package/src/service/connection.spec.ts +70 -0
- package/src/service/connection.ts +50 -5
- package/src/service/connection_config.spec.ts +138 -0
- package/src/service/connection_config.ts +81 -2
- package/src/service/proxy.spec.ts +82 -35
- package/src/service/proxy.ts +55 -40
- package/dist/sshcrypto-8m50vnmb.node +0 -0
package/dist/server.mjs
CHANGED
|
@@ -158407,11 +158407,6 @@ var require_utils74 = __commonJS((exports, module) => {
|
|
|
158407
158407
|
};
|
|
158408
158408
|
});
|
|
158409
158409
|
|
|
158410
|
-
// ../../node_modules/ssh2/lib/protocol/crypto/build/Release/sshcrypto.node
|
|
158411
|
-
var require_sshcrypto = __commonJS((exports, module) => {
|
|
158412
|
-
module.exports = __require("./sshcrypto-8m50vnmb.node");
|
|
158413
|
-
});
|
|
158414
|
-
|
|
158415
158410
|
// ../../node_modules/ssh2/lib/protocol/crypto/poly1305.js
|
|
158416
158411
|
var require_poly1305 = __commonJS((exports, module) => {
|
|
158417
158412
|
var __dirname = "/home/runner/work/publisher/publisher/node_modules/ssh2/lib/protocol/crypto", __filename = "/home/runner/work/publisher/publisher/node_modules/ssh2/lib/protocol/crypto/poly1305.js";
|
|
@@ -158898,7 +158893,7 @@ var require_crypto = __commonJS((exports, module) => {
|
|
|
158898
158893
|
var ChaChaPolyDecipher;
|
|
158899
158894
|
var GenericDecipher;
|
|
158900
158895
|
try {
|
|
158901
|
-
binding =
|
|
158896
|
+
binding = (()=>{throw new Error("Cannot require module "+"./crypto/build/Release/sshcrypto.node");})();
|
|
158902
158897
|
({
|
|
158903
158898
|
AESGCMCipher,
|
|
158904
158899
|
ChaChaPolyCipher,
|
|
@@ -161487,11 +161482,11 @@ var require_agent = __commonJS((exports, module) => {
|
|
|
161487
161482
|
};
|
|
161488
161483
|
})();
|
|
161489
161484
|
var WINDOWS_PIPE_REGEX = /^[/\\][/\\]\.[/\\]pipe[/\\].+/;
|
|
161490
|
-
function createAgent(
|
|
161491
|
-
if (process.platform === "win32" && !WINDOWS_PIPE_REGEX.test(
|
|
161492
|
-
return
|
|
161485
|
+
function createAgent(path3) {
|
|
161486
|
+
if (process.platform === "win32" && !WINDOWS_PIPE_REGEX.test(path3)) {
|
|
161487
|
+
return path3 === "pageant" ? new PageantAgent : new CygwinAgent(path3);
|
|
161493
161488
|
}
|
|
161494
|
-
return new OpenSSHAgent(
|
|
161489
|
+
return new OpenSSHAgent(path3);
|
|
161495
161490
|
}
|
|
161496
161491
|
var AgentProtocol = (() => {
|
|
161497
161492
|
const SSH_AGENTC_REQUEST_IDENTITIES = 11;
|
|
@@ -166093,17 +166088,17 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
166093
166088
|
if (!this.server)
|
|
166094
166089
|
sendOrBuffer(this, CLIENT_VERSION_BUFFER);
|
|
166095
166090
|
}
|
|
166096
|
-
createReadStream(
|
|
166091
|
+
createReadStream(path3, options) {
|
|
166097
166092
|
if (this.server)
|
|
166098
166093
|
throw new Error("Client-only method called in server mode");
|
|
166099
|
-
return new ReadStream(this,
|
|
166094
|
+
return new ReadStream(this, path3, options);
|
|
166100
166095
|
}
|
|
166101
|
-
createWriteStream(
|
|
166096
|
+
createWriteStream(path3, options) {
|
|
166102
166097
|
if (this.server)
|
|
166103
166098
|
throw new Error("Client-only method called in server mode");
|
|
166104
|
-
return new WriteStream(this,
|
|
166099
|
+
return new WriteStream(this, path3, options);
|
|
166105
166100
|
}
|
|
166106
|
-
open(
|
|
166101
|
+
open(path3, flags_, attrs, cb) {
|
|
166107
166102
|
if (this.server)
|
|
166108
166103
|
throw new Error("Client-only method called in server mode");
|
|
166109
166104
|
if (typeof attrs === "function") {
|
|
@@ -166122,7 +166117,7 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
166122
166117
|
attrsFlags = attrs.flags;
|
|
166123
166118
|
attrsLen = attrs.nb;
|
|
166124
166119
|
}
|
|
166125
|
-
const pathLen = Buffer.byteLength(
|
|
166120
|
+
const pathLen = Buffer.byteLength(path3);
|
|
166126
166121
|
let p = 9;
|
|
166127
166122
|
const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + pathLen + 4 + 4 + attrsLen);
|
|
166128
166123
|
writeUInt32BE(buf, buf.length - 4, 0);
|
|
@@ -166130,7 +166125,7 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
166130
166125
|
const reqid = this._writeReqid = this._writeReqid + 1 & MAX_REQID;
|
|
166131
166126
|
writeUInt32BE(buf, reqid, 5);
|
|
166132
166127
|
writeUInt32BE(buf, pathLen, p);
|
|
166133
|
-
buf.utf8Write(
|
|
166128
|
+
buf.utf8Write(path3, p += 4, pathLen);
|
|
166134
166129
|
writeUInt32BE(buf, flags, p += pathLen);
|
|
166135
166130
|
writeUInt32BE(buf, attrsFlags, p += 4);
|
|
166136
166131
|
if (attrsLen) {
|
|
@@ -166250,7 +166245,7 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
166250
166245
|
throw new Error("Client-only method called in server mode");
|
|
166251
166246
|
fastXfer(fs2, this, localPath, remotePath, opts, cb);
|
|
166252
166247
|
}
|
|
166253
|
-
readFile(
|
|
166248
|
+
readFile(path3, options, callback_) {
|
|
166254
166249
|
if (this.server)
|
|
166255
166250
|
throw new Error("Client-only method called in server mode");
|
|
166256
166251
|
let callback;
|
|
@@ -166323,13 +166318,13 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
166323
166318
|
return callback && callback(er, buffer);
|
|
166324
166319
|
});
|
|
166325
166320
|
};
|
|
166326
|
-
this.open(
|
|
166321
|
+
this.open(path3, flag, 438, (er, handle_) => {
|
|
166327
166322
|
if (er)
|
|
166328
166323
|
return callback && callback(er);
|
|
166329
166324
|
handle = handle_;
|
|
166330
166325
|
const tryStat = (er2, st) => {
|
|
166331
166326
|
if (er2) {
|
|
166332
|
-
this.stat(
|
|
166327
|
+
this.stat(path3, (er_, st_) => {
|
|
166333
166328
|
if (er_) {
|
|
166334
166329
|
return this.close(handle, () => {
|
|
166335
166330
|
callback && callback(er2);
|
|
@@ -166350,7 +166345,7 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
166350
166345
|
this.fstat(handle, tryStat);
|
|
166351
166346
|
});
|
|
166352
166347
|
}
|
|
166353
|
-
writeFile(
|
|
166348
|
+
writeFile(path3, data, options, callback_) {
|
|
166354
166349
|
if (this.server)
|
|
166355
166350
|
throw new Error("Client-only method called in server mode");
|
|
166356
166351
|
let callback;
|
|
@@ -166369,7 +166364,7 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
166369
166364
|
if (options.encoding && !Buffer.isEncoding(options.encoding))
|
|
166370
166365
|
throw new Error(`Unknown encoding: ${options.encoding}`);
|
|
166371
166366
|
const flag = options.flag || "w";
|
|
166372
|
-
this.open(
|
|
166367
|
+
this.open(path3, flag, options.mode, (openErr, handle) => {
|
|
166373
166368
|
if (openErr) {
|
|
166374
166369
|
callback && callback(openErr);
|
|
166375
166370
|
} else {
|
|
@@ -166378,7 +166373,7 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
166378
166373
|
if (position === null) {
|
|
166379
166374
|
const tryStat = (er, st) => {
|
|
166380
166375
|
if (er) {
|
|
166381
|
-
this.stat(
|
|
166376
|
+
this.stat(path3, (er_, st_) => {
|
|
166382
166377
|
if (er_) {
|
|
166383
166378
|
return this.close(handle, () => {
|
|
166384
166379
|
callback && callback(er);
|
|
@@ -166397,7 +166392,7 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
166397
166392
|
}
|
|
166398
166393
|
});
|
|
166399
166394
|
}
|
|
166400
|
-
appendFile(
|
|
166395
|
+
appendFile(path3, data, options, callback_) {
|
|
166401
166396
|
if (this.server)
|
|
166402
166397
|
throw new Error("Client-only method called in server mode");
|
|
166403
166398
|
let callback;
|
|
@@ -166415,12 +166410,12 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
166415
166410
|
throw new TypeError("Bad arguments");
|
|
166416
166411
|
if (!options.flag)
|
|
166417
166412
|
options = Object.assign({ flag: "a" }, options);
|
|
166418
|
-
this.writeFile(
|
|
166413
|
+
this.writeFile(path3, data, options, callback);
|
|
166419
166414
|
}
|
|
166420
|
-
exists(
|
|
166415
|
+
exists(path3, cb) {
|
|
166421
166416
|
if (this.server)
|
|
166422
166417
|
throw new Error("Client-only method called in server mode");
|
|
166423
|
-
this.stat(
|
|
166418
|
+
this.stat(path3, (err) => {
|
|
166424
166419
|
cb && cb(err ? false : true);
|
|
166425
166420
|
});
|
|
166426
166421
|
}
|
|
@@ -166459,7 +166454,7 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
166459
166454
|
const isBuffered = sendOrBuffer(this, buf);
|
|
166460
166455
|
this._debug && this._debug(`SFTP: Outbound: ${isBuffered ? "Buffered" : "Sending"} RENAME`);
|
|
166461
166456
|
}
|
|
166462
|
-
mkdir(
|
|
166457
|
+
mkdir(path3, attrs, cb) {
|
|
166463
166458
|
if (this.server)
|
|
166464
166459
|
throw new Error("Client-only method called in server mode");
|
|
166465
166460
|
let flags = 0;
|
|
@@ -166473,7 +166468,7 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
166473
166468
|
flags = attrs.flags;
|
|
166474
166469
|
attrsLen = attrs.nb;
|
|
166475
166470
|
}
|
|
166476
|
-
const pathLen = Buffer.byteLength(
|
|
166471
|
+
const pathLen = Buffer.byteLength(path3);
|
|
166477
166472
|
let p = 9;
|
|
166478
166473
|
const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + pathLen + 4 + attrsLen);
|
|
166479
166474
|
writeUInt32BE(buf, buf.length - 4, 0);
|
|
@@ -166481,7 +166476,7 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
166481
166476
|
const reqid = this._writeReqid = this._writeReqid + 1 & MAX_REQID;
|
|
166482
166477
|
writeUInt32BE(buf, reqid, 5);
|
|
166483
166478
|
writeUInt32BE(buf, pathLen, p);
|
|
166484
|
-
buf.utf8Write(
|
|
166479
|
+
buf.utf8Write(path3, p += 4, pathLen);
|
|
166485
166480
|
writeUInt32BE(buf, flags, p += pathLen);
|
|
166486
166481
|
if (attrsLen) {
|
|
166487
166482
|
p += 4;
|
|
@@ -166495,10 +166490,10 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
166495
166490
|
const isBuffered = sendOrBuffer(this, buf);
|
|
166496
166491
|
this._debug && this._debug(`SFTP: Outbound: ${isBuffered ? "Buffered" : "Sending"} MKDIR`);
|
|
166497
166492
|
}
|
|
166498
|
-
rmdir(
|
|
166493
|
+
rmdir(path3, cb) {
|
|
166499
166494
|
if (this.server)
|
|
166500
166495
|
throw new Error("Client-only method called in server mode");
|
|
166501
|
-
const pathLen = Buffer.byteLength(
|
|
166496
|
+
const pathLen = Buffer.byteLength(path3);
|
|
166502
166497
|
let p = 9;
|
|
166503
166498
|
const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + pathLen);
|
|
166504
166499
|
writeUInt32BE(buf, buf.length - 4, 0);
|
|
@@ -166506,7 +166501,7 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
166506
166501
|
const reqid = this._writeReqid = this._writeReqid + 1 & MAX_REQID;
|
|
166507
166502
|
writeUInt32BE(buf, reqid, 5);
|
|
166508
166503
|
writeUInt32BE(buf, pathLen, p);
|
|
166509
|
-
buf.utf8Write(
|
|
166504
|
+
buf.utf8Write(path3, p += 4, pathLen);
|
|
166510
166505
|
this._requests[reqid] = { cb };
|
|
166511
166506
|
const isBuffered = sendOrBuffer(this, buf);
|
|
166512
166507
|
this._debug && this._debug(`SFTP: Outbound: ${isBuffered ? "Buffered" : "Sending"} RMDIR`);
|
|
@@ -166590,10 +166585,10 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
166590
166585
|
const isBuffered = sendOrBuffer(this, buf);
|
|
166591
166586
|
this._debug && this._debug(`SFTP: Outbound: ${isBuffered ? "Buffered" : "Sending"} FSTAT`);
|
|
166592
166587
|
}
|
|
166593
|
-
stat(
|
|
166588
|
+
stat(path3, cb) {
|
|
166594
166589
|
if (this.server)
|
|
166595
166590
|
throw new Error("Client-only method called in server mode");
|
|
166596
|
-
const pathLen = Buffer.byteLength(
|
|
166591
|
+
const pathLen = Buffer.byteLength(path3);
|
|
166597
166592
|
let p = 9;
|
|
166598
166593
|
const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + pathLen);
|
|
166599
166594
|
writeUInt32BE(buf, buf.length - 4, 0);
|
|
@@ -166601,15 +166596,15 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
166601
166596
|
const reqid = this._writeReqid = this._writeReqid + 1 & MAX_REQID;
|
|
166602
166597
|
writeUInt32BE(buf, reqid, 5);
|
|
166603
166598
|
writeUInt32BE(buf, pathLen, p);
|
|
166604
|
-
buf.utf8Write(
|
|
166599
|
+
buf.utf8Write(path3, p += 4, pathLen);
|
|
166605
166600
|
this._requests[reqid] = { cb };
|
|
166606
166601
|
const isBuffered = sendOrBuffer(this, buf);
|
|
166607
166602
|
this._debug && this._debug(`SFTP: Outbound: ${isBuffered ? "Buffered" : "Sending"} STAT`);
|
|
166608
166603
|
}
|
|
166609
|
-
lstat(
|
|
166604
|
+
lstat(path3, cb) {
|
|
166610
166605
|
if (this.server)
|
|
166611
166606
|
throw new Error("Client-only method called in server mode");
|
|
166612
|
-
const pathLen = Buffer.byteLength(
|
|
166607
|
+
const pathLen = Buffer.byteLength(path3);
|
|
166613
166608
|
let p = 9;
|
|
166614
166609
|
const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + pathLen);
|
|
166615
166610
|
writeUInt32BE(buf, buf.length - 4, 0);
|
|
@@ -166617,15 +166612,15 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
166617
166612
|
const reqid = this._writeReqid = this._writeReqid + 1 & MAX_REQID;
|
|
166618
166613
|
writeUInt32BE(buf, reqid, 5);
|
|
166619
166614
|
writeUInt32BE(buf, pathLen, p);
|
|
166620
|
-
buf.utf8Write(
|
|
166615
|
+
buf.utf8Write(path3, p += 4, pathLen);
|
|
166621
166616
|
this._requests[reqid] = { cb };
|
|
166622
166617
|
const isBuffered = sendOrBuffer(this, buf);
|
|
166623
166618
|
this._debug && this._debug(`SFTP: Outbound: ${isBuffered ? "Buffered" : "Sending"} LSTAT`);
|
|
166624
166619
|
}
|
|
166625
|
-
opendir(
|
|
166620
|
+
opendir(path3, cb) {
|
|
166626
166621
|
if (this.server)
|
|
166627
166622
|
throw new Error("Client-only method called in server mode");
|
|
166628
|
-
const pathLen = Buffer.byteLength(
|
|
166623
|
+
const pathLen = Buffer.byteLength(path3);
|
|
166629
166624
|
let p = 9;
|
|
166630
166625
|
const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + pathLen);
|
|
166631
166626
|
writeUInt32BE(buf, buf.length - 4, 0);
|
|
@@ -166633,12 +166628,12 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
166633
166628
|
const reqid = this._writeReqid = this._writeReqid + 1 & MAX_REQID;
|
|
166634
166629
|
writeUInt32BE(buf, reqid, 5);
|
|
166635
166630
|
writeUInt32BE(buf, pathLen, p);
|
|
166636
|
-
buf.utf8Write(
|
|
166631
|
+
buf.utf8Write(path3, p += 4, pathLen);
|
|
166637
166632
|
this._requests[reqid] = { cb };
|
|
166638
166633
|
const isBuffered = sendOrBuffer(this, buf);
|
|
166639
166634
|
this._debug && this._debug(`SFTP: Outbound: ${isBuffered ? "Buffered" : "Sending"} OPENDIR`);
|
|
166640
166635
|
}
|
|
166641
|
-
setstat(
|
|
166636
|
+
setstat(path3, attrs, cb) {
|
|
166642
166637
|
if (this.server)
|
|
166643
166638
|
throw new Error("Client-only method called in server mode");
|
|
166644
166639
|
let flags = 0;
|
|
@@ -166650,7 +166645,7 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
166650
166645
|
} else if (typeof attrs === "function") {
|
|
166651
166646
|
cb = attrs;
|
|
166652
166647
|
}
|
|
166653
|
-
const pathLen = Buffer.byteLength(
|
|
166648
|
+
const pathLen = Buffer.byteLength(path3);
|
|
166654
166649
|
let p = 9;
|
|
166655
166650
|
const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + pathLen + 4 + attrsLen);
|
|
166656
166651
|
writeUInt32BE(buf, buf.length - 4, 0);
|
|
@@ -166658,7 +166653,7 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
166658
166653
|
const reqid = this._writeReqid = this._writeReqid + 1 & MAX_REQID;
|
|
166659
166654
|
writeUInt32BE(buf, reqid, 5);
|
|
166660
166655
|
writeUInt32BE(buf, pathLen, p);
|
|
166661
|
-
buf.utf8Write(
|
|
166656
|
+
buf.utf8Write(path3, p += 4, pathLen);
|
|
166662
166657
|
writeUInt32BE(buf, flags, p += pathLen);
|
|
166663
166658
|
if (attrsLen) {
|
|
166664
166659
|
p += 4;
|
|
@@ -166714,8 +166709,8 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
166714
166709
|
mtime: toUnixTimestamp(mtime)
|
|
166715
166710
|
}, cb);
|
|
166716
166711
|
}
|
|
166717
|
-
utimes(
|
|
166718
|
-
return this.setstat(
|
|
166712
|
+
utimes(path3, atime, mtime, cb) {
|
|
166713
|
+
return this.setstat(path3, {
|
|
166719
166714
|
atime: toUnixTimestamp(atime),
|
|
166720
166715
|
mtime: toUnixTimestamp(mtime)
|
|
166721
166716
|
}, cb);
|
|
@@ -166726,8 +166721,8 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
166726
166721
|
gid
|
|
166727
166722
|
}, cb);
|
|
166728
166723
|
}
|
|
166729
|
-
chown(
|
|
166730
|
-
return this.setstat(
|
|
166724
|
+
chown(path3, uid, gid, cb) {
|
|
166725
|
+
return this.setstat(path3, {
|
|
166731
166726
|
uid,
|
|
166732
166727
|
gid
|
|
166733
166728
|
}, cb);
|
|
@@ -166737,15 +166732,15 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
166737
166732
|
mode
|
|
166738
166733
|
}, cb);
|
|
166739
166734
|
}
|
|
166740
|
-
chmod(
|
|
166741
|
-
return this.setstat(
|
|
166735
|
+
chmod(path3, mode, cb) {
|
|
166736
|
+
return this.setstat(path3, {
|
|
166742
166737
|
mode
|
|
166743
166738
|
}, cb);
|
|
166744
166739
|
}
|
|
166745
|
-
readlink(
|
|
166740
|
+
readlink(path3, cb) {
|
|
166746
166741
|
if (this.server)
|
|
166747
166742
|
throw new Error("Client-only method called in server mode");
|
|
166748
|
-
const pathLen = Buffer.byteLength(
|
|
166743
|
+
const pathLen = Buffer.byteLength(path3);
|
|
166749
166744
|
let p = 9;
|
|
166750
166745
|
const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + pathLen);
|
|
166751
166746
|
writeUInt32BE(buf, buf.length - 4, 0);
|
|
@@ -166753,7 +166748,7 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
166753
166748
|
const reqid = this._writeReqid = this._writeReqid + 1 & MAX_REQID;
|
|
166754
166749
|
writeUInt32BE(buf, reqid, 5);
|
|
166755
166750
|
writeUInt32BE(buf, pathLen, p);
|
|
166756
|
-
buf.utf8Write(
|
|
166751
|
+
buf.utf8Write(path3, p += 4, pathLen);
|
|
166757
166752
|
this._requests[reqid] = {
|
|
166758
166753
|
cb: (err, names) => {
|
|
166759
166754
|
if (typeof cb !== "function")
|
|
@@ -166794,10 +166789,10 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
166794
166789
|
const isBuffered = sendOrBuffer(this, buf);
|
|
166795
166790
|
this._debug && this._debug(`SFTP: Outbound: ${isBuffered ? "Buffered" : "Sending"} SYMLINK`);
|
|
166796
166791
|
}
|
|
166797
|
-
realpath(
|
|
166792
|
+
realpath(path3, cb) {
|
|
166798
166793
|
if (this.server)
|
|
166799
166794
|
throw new Error("Client-only method called in server mode");
|
|
166800
|
-
const pathLen = Buffer.byteLength(
|
|
166795
|
+
const pathLen = Buffer.byteLength(path3);
|
|
166801
166796
|
let p = 9;
|
|
166802
166797
|
const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + pathLen);
|
|
166803
166798
|
writeUInt32BE(buf, buf.length - 4, 0);
|
|
@@ -166805,7 +166800,7 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
166805
166800
|
const reqid = this._writeReqid = this._writeReqid + 1 & MAX_REQID;
|
|
166806
166801
|
writeUInt32BE(buf, reqid, 5);
|
|
166807
166802
|
writeUInt32BE(buf, pathLen, p);
|
|
166808
|
-
buf.utf8Write(
|
|
166803
|
+
buf.utf8Write(path3, p += 4, pathLen);
|
|
166809
166804
|
this._requests[reqid] = {
|
|
166810
166805
|
cb: (err, names) => {
|
|
166811
166806
|
if (typeof cb !== "function")
|
|
@@ -166847,13 +166842,13 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
166847
166842
|
this._debug(`SFTP: Outbound: ${which} posix-rename@openssh.com`);
|
|
166848
166843
|
}
|
|
166849
166844
|
}
|
|
166850
|
-
ext_openssh_statvfs(
|
|
166845
|
+
ext_openssh_statvfs(path3, cb) {
|
|
166851
166846
|
if (this.server)
|
|
166852
166847
|
throw new Error("Client-only method called in server mode");
|
|
166853
166848
|
const ext = this._extensions["statvfs@openssh.com"];
|
|
166854
166849
|
if (!ext || ext !== "2")
|
|
166855
166850
|
throw new Error("Server does not support this extended request");
|
|
166856
|
-
const pathLen = Buffer.byteLength(
|
|
166851
|
+
const pathLen = Buffer.byteLength(path3);
|
|
166857
166852
|
let p = 9;
|
|
166858
166853
|
const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + 19 + 4 + pathLen);
|
|
166859
166854
|
writeUInt32BE(buf, buf.length - 4, 0);
|
|
@@ -166863,7 +166858,7 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
166863
166858
|
writeUInt32BE(buf, 19, p);
|
|
166864
166859
|
buf.utf8Write("statvfs@openssh.com", p += 4, 19);
|
|
166865
166860
|
writeUInt32BE(buf, pathLen, p += 19);
|
|
166866
|
-
buf.utf8Write(
|
|
166861
|
+
buf.utf8Write(path3, p += 4, pathLen);
|
|
166867
166862
|
this._requests[reqid] = { extended: "statvfs@openssh.com", cb };
|
|
166868
166863
|
const isBuffered = sendOrBuffer(this, buf);
|
|
166869
166864
|
if (this._debug) {
|
|
@@ -166947,7 +166942,7 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
166947
166942
|
const isBuffered = sendOrBuffer(this, buf);
|
|
166948
166943
|
this._debug && this._debug(`SFTP: Outbound: ${isBuffered ? "Buffered" : "Sending"} fsync@openssh.com`);
|
|
166949
166944
|
}
|
|
166950
|
-
ext_openssh_lsetstat(
|
|
166945
|
+
ext_openssh_lsetstat(path3, attrs, cb) {
|
|
166951
166946
|
if (this.server)
|
|
166952
166947
|
throw new Error("Client-only method called in server mode");
|
|
166953
166948
|
const ext = this._extensions["lsetstat@openssh.com"];
|
|
@@ -166962,7 +166957,7 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
166962
166957
|
} else if (typeof attrs === "function") {
|
|
166963
166958
|
cb = attrs;
|
|
166964
166959
|
}
|
|
166965
|
-
const pathLen = Buffer.byteLength(
|
|
166960
|
+
const pathLen = Buffer.byteLength(path3);
|
|
166966
166961
|
let p = 9;
|
|
166967
166962
|
const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + 20 + 4 + pathLen + 4 + attrsLen);
|
|
166968
166963
|
writeUInt32BE(buf, buf.length - 4, 0);
|
|
@@ -166972,7 +166967,7 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
166972
166967
|
writeUInt32BE(buf, 20, p);
|
|
166973
166968
|
buf.utf8Write("lsetstat@openssh.com", p += 4, 20);
|
|
166974
166969
|
writeUInt32BE(buf, pathLen, p += 20);
|
|
166975
|
-
buf.utf8Write(
|
|
166970
|
+
buf.utf8Write(path3, p += 4, pathLen);
|
|
166976
166971
|
writeUInt32BE(buf, flags, p += pathLen);
|
|
166977
166972
|
if (attrsLen) {
|
|
166978
166973
|
p += 4;
|
|
@@ -166989,13 +166984,13 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
166989
166984
|
this._debug(`SFTP: Outbound: ${status} lsetstat@openssh.com`);
|
|
166990
166985
|
}
|
|
166991
166986
|
}
|
|
166992
|
-
ext_openssh_expandPath(
|
|
166987
|
+
ext_openssh_expandPath(path3, cb) {
|
|
166993
166988
|
if (this.server)
|
|
166994
166989
|
throw new Error("Client-only method called in server mode");
|
|
166995
166990
|
const ext = this._extensions["expand-path@openssh.com"];
|
|
166996
166991
|
if (ext !== "1")
|
|
166997
166992
|
throw new Error("Server does not support this extended request");
|
|
166998
|
-
const pathLen = Buffer.byteLength(
|
|
166993
|
+
const pathLen = Buffer.byteLength(path3);
|
|
166999
166994
|
let p = 9;
|
|
167000
166995
|
const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + 23 + 4 + pathLen);
|
|
167001
166996
|
writeUInt32BE(buf, buf.length - 4, 0);
|
|
@@ -167005,7 +167000,7 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
167005
167000
|
writeUInt32BE(buf, 23, p);
|
|
167006
167001
|
buf.utf8Write("expand-path@openssh.com", p += 4, 23);
|
|
167007
167002
|
writeUInt32BE(buf, pathLen, p += 20);
|
|
167008
|
-
buf.utf8Write(
|
|
167003
|
+
buf.utf8Write(path3, p += 4, pathLen);
|
|
167009
167004
|
this._requests[reqid] = {
|
|
167010
167005
|
cb: (err, names) => {
|
|
167011
167006
|
if (typeof cb !== "function")
|
|
@@ -168222,12 +168217,12 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
168222
168217
|
[REQUEST.LSTAT]: (sftp, payload) => {
|
|
168223
168218
|
bufferParser.init(payload, 1);
|
|
168224
168219
|
const reqID = bufferParser.readUInt32BE();
|
|
168225
|
-
const
|
|
168220
|
+
const path3 = bufferParser.readString(true);
|
|
168226
168221
|
bufferParser.clear();
|
|
168227
|
-
if (
|
|
168222
|
+
if (path3 === undefined)
|
|
168228
168223
|
return doFatalSFTPError(sftp, "Malformed LSTAT packet");
|
|
168229
168224
|
sftp._debug && sftp._debug(`SFTP: Inbound: Received LSTAT (id:${reqID})`);
|
|
168230
|
-
if (!sftp.emit("LSTAT", reqID,
|
|
168225
|
+
if (!sftp.emit("LSTAT", reqID, path3)) {
|
|
168231
168226
|
sftp.status(reqID, STATUS_CODE.OP_UNSUPPORTED);
|
|
168232
168227
|
}
|
|
168233
168228
|
},
|
|
@@ -168246,13 +168241,13 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
168246
168241
|
[REQUEST.SETSTAT]: (sftp, payload) => {
|
|
168247
168242
|
bufferParser.init(payload, 1);
|
|
168248
168243
|
const reqID = bufferParser.readUInt32BE();
|
|
168249
|
-
const
|
|
168244
|
+
const path3 = bufferParser.readString(true);
|
|
168250
168245
|
const attrs = readAttrs(sftp._biOpt);
|
|
168251
168246
|
bufferParser.clear();
|
|
168252
168247
|
if (attrs === undefined)
|
|
168253
168248
|
return doFatalSFTPError(sftp, "Malformed SETSTAT packet");
|
|
168254
168249
|
sftp._debug && sftp._debug(`SFTP: Inbound: Received SETSTAT (id:${reqID})`);
|
|
168255
|
-
if (!sftp.emit("SETSTAT", reqID,
|
|
168250
|
+
if (!sftp.emit("SETSTAT", reqID, path3, attrs)) {
|
|
168256
168251
|
sftp.status(reqID, STATUS_CODE.OP_UNSUPPORTED);
|
|
168257
168252
|
}
|
|
168258
168253
|
},
|
|
@@ -168272,12 +168267,12 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
168272
168267
|
[REQUEST.OPENDIR]: (sftp, payload) => {
|
|
168273
168268
|
bufferParser.init(payload, 1);
|
|
168274
168269
|
const reqID = bufferParser.readUInt32BE();
|
|
168275
|
-
const
|
|
168270
|
+
const path3 = bufferParser.readString(true);
|
|
168276
168271
|
bufferParser.clear();
|
|
168277
|
-
if (
|
|
168272
|
+
if (path3 === undefined)
|
|
168278
168273
|
return doFatalSFTPError(sftp, "Malformed OPENDIR packet");
|
|
168279
168274
|
sftp._debug && sftp._debug(`SFTP: Inbound: Received OPENDIR (id:${reqID})`);
|
|
168280
|
-
if (!sftp.emit("OPENDIR", reqID,
|
|
168275
|
+
if (!sftp.emit("OPENDIR", reqID, path3)) {
|
|
168281
168276
|
sftp.status(reqID, STATUS_CODE.OP_UNSUPPORTED);
|
|
168282
168277
|
}
|
|
168283
168278
|
},
|
|
@@ -168296,61 +168291,61 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
168296
168291
|
[REQUEST.REMOVE]: (sftp, payload) => {
|
|
168297
168292
|
bufferParser.init(payload, 1);
|
|
168298
168293
|
const reqID = bufferParser.readUInt32BE();
|
|
168299
|
-
const
|
|
168294
|
+
const path3 = bufferParser.readString(true);
|
|
168300
168295
|
bufferParser.clear();
|
|
168301
|
-
if (
|
|
168296
|
+
if (path3 === undefined)
|
|
168302
168297
|
return doFatalSFTPError(sftp, "Malformed REMOVE packet");
|
|
168303
168298
|
sftp._debug && sftp._debug(`SFTP: Inbound: Received REMOVE (id:${reqID})`);
|
|
168304
|
-
if (!sftp.emit("REMOVE", reqID,
|
|
168299
|
+
if (!sftp.emit("REMOVE", reqID, path3)) {
|
|
168305
168300
|
sftp.status(reqID, STATUS_CODE.OP_UNSUPPORTED);
|
|
168306
168301
|
}
|
|
168307
168302
|
},
|
|
168308
168303
|
[REQUEST.MKDIR]: (sftp, payload) => {
|
|
168309
168304
|
bufferParser.init(payload, 1);
|
|
168310
168305
|
const reqID = bufferParser.readUInt32BE();
|
|
168311
|
-
const
|
|
168306
|
+
const path3 = bufferParser.readString(true);
|
|
168312
168307
|
const attrs = readAttrs(sftp._biOpt);
|
|
168313
168308
|
bufferParser.clear();
|
|
168314
168309
|
if (attrs === undefined)
|
|
168315
168310
|
return doFatalSFTPError(sftp, "Malformed MKDIR packet");
|
|
168316
168311
|
sftp._debug && sftp._debug(`SFTP: Inbound: Received MKDIR (id:${reqID})`);
|
|
168317
|
-
if (!sftp.emit("MKDIR", reqID,
|
|
168312
|
+
if (!sftp.emit("MKDIR", reqID, path3, attrs)) {
|
|
168318
168313
|
sftp.status(reqID, STATUS_CODE.OP_UNSUPPORTED);
|
|
168319
168314
|
}
|
|
168320
168315
|
},
|
|
168321
168316
|
[REQUEST.RMDIR]: (sftp, payload) => {
|
|
168322
168317
|
bufferParser.init(payload, 1);
|
|
168323
168318
|
const reqID = bufferParser.readUInt32BE();
|
|
168324
|
-
const
|
|
168319
|
+
const path3 = bufferParser.readString(true);
|
|
168325
168320
|
bufferParser.clear();
|
|
168326
|
-
if (
|
|
168321
|
+
if (path3 === undefined)
|
|
168327
168322
|
return doFatalSFTPError(sftp, "Malformed RMDIR packet");
|
|
168328
168323
|
sftp._debug && sftp._debug(`SFTP: Inbound: Received RMDIR (id:${reqID})`);
|
|
168329
|
-
if (!sftp.emit("RMDIR", reqID,
|
|
168324
|
+
if (!sftp.emit("RMDIR", reqID, path3)) {
|
|
168330
168325
|
sftp.status(reqID, STATUS_CODE.OP_UNSUPPORTED);
|
|
168331
168326
|
}
|
|
168332
168327
|
},
|
|
168333
168328
|
[REQUEST.REALPATH]: (sftp, payload) => {
|
|
168334
168329
|
bufferParser.init(payload, 1);
|
|
168335
168330
|
const reqID = bufferParser.readUInt32BE();
|
|
168336
|
-
const
|
|
168331
|
+
const path3 = bufferParser.readString(true);
|
|
168337
168332
|
bufferParser.clear();
|
|
168338
|
-
if (
|
|
168333
|
+
if (path3 === undefined)
|
|
168339
168334
|
return doFatalSFTPError(sftp, "Malformed REALPATH packet");
|
|
168340
168335
|
sftp._debug && sftp._debug(`SFTP: Inbound: Received REALPATH (id:${reqID})`);
|
|
168341
|
-
if (!sftp.emit("REALPATH", reqID,
|
|
168336
|
+
if (!sftp.emit("REALPATH", reqID, path3)) {
|
|
168342
168337
|
sftp.status(reqID, STATUS_CODE.OP_UNSUPPORTED);
|
|
168343
168338
|
}
|
|
168344
168339
|
},
|
|
168345
168340
|
[REQUEST.STAT]: (sftp, payload) => {
|
|
168346
168341
|
bufferParser.init(payload, 1);
|
|
168347
168342
|
const reqID = bufferParser.readUInt32BE();
|
|
168348
|
-
const
|
|
168343
|
+
const path3 = bufferParser.readString(true);
|
|
168349
168344
|
bufferParser.clear();
|
|
168350
|
-
if (
|
|
168345
|
+
if (path3 === undefined)
|
|
168351
168346
|
return doFatalSFTPError(sftp, "Malformed STAT packet");
|
|
168352
168347
|
sftp._debug && sftp._debug(`SFTP: Inbound: Received STAT (id:${reqID})`);
|
|
168353
|
-
if (!sftp.emit("STAT", reqID,
|
|
168348
|
+
if (!sftp.emit("STAT", reqID, path3)) {
|
|
168354
168349
|
sftp.status(reqID, STATUS_CODE.OP_UNSUPPORTED);
|
|
168355
168350
|
}
|
|
168356
168351
|
},
|
|
@@ -168370,12 +168365,12 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
168370
168365
|
[REQUEST.READLINK]: (sftp, payload) => {
|
|
168371
168366
|
bufferParser.init(payload, 1);
|
|
168372
168367
|
const reqID = bufferParser.readUInt32BE();
|
|
168373
|
-
const
|
|
168368
|
+
const path3 = bufferParser.readString(true);
|
|
168374
168369
|
bufferParser.clear();
|
|
168375
|
-
if (
|
|
168370
|
+
if (path3 === undefined)
|
|
168376
168371
|
return doFatalSFTPError(sftp, "Malformed READLINK packet");
|
|
168377
168372
|
sftp._debug && sftp._debug(`SFTP: Inbound: Received READLINK (id:${reqID})`);
|
|
168378
|
-
if (!sftp.emit("READLINK", reqID,
|
|
168373
|
+
if (!sftp.emit("READLINK", reqID, path3)) {
|
|
168379
168374
|
sftp.status(reqID, STATUS_CODE.OP_UNSUPPORTED);
|
|
168380
168375
|
}
|
|
168381
168376
|
},
|
|
@@ -168444,7 +168439,7 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
168444
168439
|
function roundUpToMultipleOf8(n) {
|
|
168445
168440
|
return n + 7 & ~7;
|
|
168446
168441
|
}
|
|
168447
|
-
function ReadStream(sftp,
|
|
168442
|
+
function ReadStream(sftp, path3, options) {
|
|
168448
168443
|
if (options === undefined)
|
|
168449
168444
|
options = {};
|
|
168450
168445
|
else if (typeof options === "string")
|
|
@@ -168458,7 +168453,7 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
168458
168453
|
options.emitClose = false;
|
|
168459
168454
|
options.autoDestroy = false;
|
|
168460
168455
|
ReadableStream3.call(this, options);
|
|
168461
|
-
this.path =
|
|
168456
|
+
this.path = path3;
|
|
168462
168457
|
this.flags = options.flags === undefined ? "r" : options.flags;
|
|
168463
168458
|
this.mode = options.mode === undefined ? 438 : options.mode;
|
|
168464
168459
|
this.start = options.start;
|
|
@@ -168578,7 +168573,7 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
168578
168573
|
},
|
|
168579
168574
|
configurable: true
|
|
168580
168575
|
});
|
|
168581
|
-
function WriteStream(sftp,
|
|
168576
|
+
function WriteStream(sftp, path3, options) {
|
|
168582
168577
|
if (options === undefined)
|
|
168583
168578
|
options = {};
|
|
168584
168579
|
else if (typeof options === "string")
|
|
@@ -168590,7 +168585,7 @@ var require_SFTP = __commonJS((exports, module) => {
|
|
|
168590
168585
|
options.emitClose = false;
|
|
168591
168586
|
options.autoDestroy = false;
|
|
168592
168587
|
WritableStream.call(this, options);
|
|
168593
|
-
this.path =
|
|
168588
|
+
this.path = path3;
|
|
168594
168589
|
this.flags = options.flags === undefined ? "w" : options.flags;
|
|
168595
168590
|
this.mode = options.mode === undefined ? 438 : options.mode;
|
|
168596
168591
|
this.start = options.start;
|
|
@@ -246665,7 +246660,138 @@ function safeJoinUnderRoot(root, ...segments) {
|
|
|
246665
246660
|
|
|
246666
246661
|
// src/service/connection_config.ts
|
|
246667
246662
|
import { createPrivateKey } from "crypto";
|
|
246663
|
+
import { existsSync } from "fs";
|
|
246668
246664
|
import path3 from "path";
|
|
246665
|
+
|
|
246666
|
+
// src/service/proxy.ts
|
|
246667
|
+
init_logger();
|
|
246668
|
+
var import_ssh2 = __toESM(require_lib10(), 1);
|
|
246669
|
+
import net from "net";
|
|
246670
|
+
var SSH_CONNECT_TIMEOUT_MS = 15000;
|
|
246671
|
+
var SSH_KEEPALIVE_INTERVAL_MS = 15000;
|
|
246672
|
+
function parseHostKeys(raw) {
|
|
246673
|
+
const keys = new Set;
|
|
246674
|
+
for (const line of raw.split(/\r?\n/)) {
|
|
246675
|
+
const trimmed = line.trim();
|
|
246676
|
+
if (!trimmed || trimmed.startsWith("#"))
|
|
246677
|
+
continue;
|
|
246678
|
+
const tokens = trimmed.split(/\s+/);
|
|
246679
|
+
const blob = tokens.find((t) => /^AAAA[A-Za-z0-9+/]+={0,2}$/.test(t));
|
|
246680
|
+
const key = blob ?? tokens[tokens.length - 1];
|
|
246681
|
+
if (key)
|
|
246682
|
+
keys.add(key);
|
|
246683
|
+
}
|
|
246684
|
+
return keys;
|
|
246685
|
+
}
|
|
246686
|
+
async function openProxy(proxy, target) {
|
|
246687
|
+
if (proxy.type === "ssh") {
|
|
246688
|
+
if (!proxy.ssh) {
|
|
246689
|
+
throw new Error("ConnectionProxy type is 'ssh' but the 'ssh' config object is missing.");
|
|
246690
|
+
}
|
|
246691
|
+
return openSshProxy(proxy.ssh, target);
|
|
246692
|
+
}
|
|
246693
|
+
throw new Error(`Proxy type '${proxy.type}' is not supported yet. Only 'ssh' is implemented.`);
|
|
246694
|
+
}
|
|
246695
|
+
function openSshProxy(ssh, target) {
|
|
246696
|
+
return new Promise((resolve2, reject) => {
|
|
246697
|
+
const client = new import_ssh2.Client;
|
|
246698
|
+
let localPort = 0;
|
|
246699
|
+
let server;
|
|
246700
|
+
let settled = false;
|
|
246701
|
+
const sockets = new Set;
|
|
246702
|
+
function fail(err) {
|
|
246703
|
+
if (settled)
|
|
246704
|
+
return;
|
|
246705
|
+
settled = true;
|
|
246706
|
+
server?.close();
|
|
246707
|
+
client.end();
|
|
246708
|
+
reject(err);
|
|
246709
|
+
}
|
|
246710
|
+
const connectConfig = {
|
|
246711
|
+
host: ssh.host,
|
|
246712
|
+
port: ssh.port ?? 22,
|
|
246713
|
+
username: ssh.username,
|
|
246714
|
+
privateKey: ssh.privateKey,
|
|
246715
|
+
...ssh.privateKeyPass ? { passphrase: ssh.privateKeyPass } : {},
|
|
246716
|
+
readyTimeout: SSH_CONNECT_TIMEOUT_MS,
|
|
246717
|
+
keepaliveInterval: SSH_KEEPALIVE_INTERVAL_MS,
|
|
246718
|
+
keepaliveCountMax: 3,
|
|
246719
|
+
hostVerifier: (key) => {
|
|
246720
|
+
const presented = key.toString("base64");
|
|
246721
|
+
if (ssh.hostKey) {
|
|
246722
|
+
const pinned = parseHostKeys(ssh.hostKey);
|
|
246723
|
+
if (pinned.has(presented)) {
|
|
246724
|
+
return true;
|
|
246725
|
+
}
|
|
246726
|
+
fail(new Error(`SSH host-key verification failed for ${ssh.host}: the presented key ` + `(${presented.slice(0, 24)}…) is not among the ${pinned.size} pinned ` + `host key(s).`));
|
|
246727
|
+
return false;
|
|
246728
|
+
}
|
|
246729
|
+
logger.warn(`Connecting to SSH bastion ${ssh.host} without host-key verification (no hostKey pinned).`);
|
|
246730
|
+
return true;
|
|
246731
|
+
}
|
|
246732
|
+
};
|
|
246733
|
+
client.on("error", (err) => fail(err));
|
|
246734
|
+
client.on("ready", () => {
|
|
246735
|
+
server = net.createServer((socket) => {
|
|
246736
|
+
sockets.add(socket);
|
|
246737
|
+
socket.on("close", () => sockets.delete(socket));
|
|
246738
|
+
const earlyData = [];
|
|
246739
|
+
socket.on("data", (chunk) => earlyData.push(chunk));
|
|
246740
|
+
client.forwardOut("127.0.0.1", localPort, target.host, target.port, (err, channel) => {
|
|
246741
|
+
if (err) {
|
|
246742
|
+
socket.destroy(err);
|
|
246743
|
+
return;
|
|
246744
|
+
}
|
|
246745
|
+
if (socket.destroyed) {
|
|
246746
|
+
channel.destroy();
|
|
246747
|
+
return;
|
|
246748
|
+
}
|
|
246749
|
+
for (const chunk of earlyData) {
|
|
246750
|
+
channel.write(chunk);
|
|
246751
|
+
}
|
|
246752
|
+
earlyData.length = 0;
|
|
246753
|
+
socket.removeAllListeners("data");
|
|
246754
|
+
socket.pipe(channel);
|
|
246755
|
+
channel.pipe(socket);
|
|
246756
|
+
socket.on("error", () => channel.destroy());
|
|
246757
|
+
channel.on("error", () => socket.destroy());
|
|
246758
|
+
socket.on("close", () => channel.destroy());
|
|
246759
|
+
channel.on("close", () => socket.destroy());
|
|
246760
|
+
});
|
|
246761
|
+
});
|
|
246762
|
+
server.listen(0, "127.0.0.1", () => {
|
|
246763
|
+
const addr = server.address();
|
|
246764
|
+
if (!addr || typeof addr === "string") {
|
|
246765
|
+
fail(new Error("Failed to obtain local listen port for SSH proxy."));
|
|
246766
|
+
return;
|
|
246767
|
+
}
|
|
246768
|
+
localPort = addr.port;
|
|
246769
|
+
if (settled)
|
|
246770
|
+
return;
|
|
246771
|
+
settled = true;
|
|
246772
|
+
resolve2({
|
|
246773
|
+
host: "127.0.0.1",
|
|
246774
|
+
port: localPort,
|
|
246775
|
+
close() {
|
|
246776
|
+
return new Promise((res) => {
|
|
246777
|
+
for (const s of sockets)
|
|
246778
|
+
s.destroy();
|
|
246779
|
+
server.close(() => {
|
|
246780
|
+
client.end();
|
|
246781
|
+
res();
|
|
246782
|
+
});
|
|
246783
|
+
});
|
|
246784
|
+
}
|
|
246785
|
+
});
|
|
246786
|
+
});
|
|
246787
|
+
server.on("error", (err) => fail(err));
|
|
246788
|
+
});
|
|
246789
|
+
client.connect(connectConfig);
|
|
246790
|
+
});
|
|
246791
|
+
}
|
|
246792
|
+
|
|
246793
|
+
// src/service/connection_config.ts
|
|
246794
|
+
var PROXIED_SSLMODES = ["disable", "no-verify", "verify-ca"];
|
|
246669
246795
|
var PUBLISHER_DUCKDB_API_FIELDS = new Set(["attachedDatabases"]);
|
|
246670
246796
|
function normalizeSnowflakePrivateKey(privateKey) {
|
|
246671
246797
|
let privateKeyContent = privateKey.trim();
|
|
@@ -246850,6 +246976,29 @@ function validateConnectionShape(connection) {
|
|
|
246850
246976
|
if (!connection.postgresConnection?.host || !connection.postgresConnection?.port) {
|
|
246851
246977
|
throw new Error(`Connection proxy on '${connection.name}' requires explicit host and port on the ` + `postgres connection; the connectionString form is not supported with a proxy.`);
|
|
246852
246978
|
}
|
|
246979
|
+
const hostKey = connection.proxy.ssh?.hostKey;
|
|
246980
|
+
if (hostKey && parseHostKeys(hostKey).size === 0) {
|
|
246981
|
+
throw new Error(`Connection proxy on '${connection.name}' has a hostKey with no usable host-key line ` + `(only blanks/comments). Provide an OpenSSH known_hosts line or base64 blob, or omit ` + `hostKey to connect unpinned.`);
|
|
246982
|
+
}
|
|
246983
|
+
const sslmode = connection.postgresConnection?.sslmode;
|
|
246984
|
+
if (sslmode != null) {
|
|
246985
|
+
if (!PROXIED_SSLMODES.includes(sslmode)) {
|
|
246986
|
+
throw new Error(`Connection proxy on '${connection.name}' has unsupported sslmode '${sslmode}' ` + `(expected ${PROXIED_SSLMODES.join(" | ")}).`);
|
|
246987
|
+
}
|
|
246988
|
+
if (sslmode === "verify-ca") {
|
|
246989
|
+
const caBundle = process.env.NODE_EXTRA_CA_CERTS;
|
|
246990
|
+
if (!caBundle || !existsSync(caBundle)) {
|
|
246991
|
+
throw new Error(`Connection proxy on '${connection.name}' uses sslmode 'verify-ca' but no readable ` + `CA bundle is available (NODE_EXTRA_CA_CERTS is unset or points at a missing file). ` + `Add the CA bundle to the image or use sslmode 'no-verify'.`);
|
|
246992
|
+
}
|
|
246993
|
+
}
|
|
246994
|
+
}
|
|
246995
|
+
const dbName = connection.postgresConnection?.databaseName;
|
|
246996
|
+
if (dbName && decodeURI(encodeURIComponent(dbName)) !== dbName) {
|
|
246997
|
+
throw new Error(`Connection proxy on '${connection.name}' has a database name with characters that can't ` + `be carried over a proxied connection (${JSON.stringify(dbName)}). Use a database name ` + `without URI-reserved characters (; , / ? : @ & = + $ #).`);
|
|
246998
|
+
}
|
|
246999
|
+
}
|
|
247000
|
+
if (!connection.proxy && connection.postgresConnection?.sslmode) {
|
|
247001
|
+
throw new Error(`Connection '${connection.name}' sets postgresConnection.sslmode but has no proxy; sslmode is ` + `only supported for proxied connections (direct connections use the deployment PGSSLMODE).`);
|
|
246853
247002
|
}
|
|
246854
247003
|
switch (connection.type) {
|
|
246855
247004
|
case "postgres":
|
|
@@ -247126,126 +247275,6 @@ function validateAndBuildTrinoCoreConfig(trinoConfig) {
|
|
|
247126
247275
|
throw new Error(`Invalid Trino connection: expected "http://server:port" or "https://server:port".`);
|
|
247127
247276
|
}
|
|
247128
247277
|
|
|
247129
|
-
// src/service/proxy.ts
|
|
247130
|
-
var import_ssh2 = __toESM(require_lib10(), 1);
|
|
247131
|
-
import net from "net";
|
|
247132
|
-
var SSH_CONNECT_TIMEOUT_MS = 15000;
|
|
247133
|
-
var SSH_KEEPALIVE_INTERVAL_MS = 15000;
|
|
247134
|
-
function extractHostKeyBase64(raw) {
|
|
247135
|
-
const tokens = raw.trim().split(/\s+/);
|
|
247136
|
-
const blob = tokens.find((t) => /^AAAA[A-Za-z0-9+/]+={0,2}$/.test(t));
|
|
247137
|
-
return blob ?? tokens[tokens.length - 1] ?? "";
|
|
247138
|
-
}
|
|
247139
|
-
async function openProxy(proxy, target) {
|
|
247140
|
-
if (proxy.type === "ssh") {
|
|
247141
|
-
if (!proxy.ssh) {
|
|
247142
|
-
throw new Error("ConnectionProxy type is 'ssh' but the 'ssh' config object is missing.");
|
|
247143
|
-
}
|
|
247144
|
-
return openSshProxy(proxy.ssh, target);
|
|
247145
|
-
}
|
|
247146
|
-
throw new Error(`Proxy type '${proxy.type}' is not supported yet. Only 'ssh' is implemented.`);
|
|
247147
|
-
}
|
|
247148
|
-
function openSshProxy(ssh, target) {
|
|
247149
|
-
return new Promise((resolve2, reject) => {
|
|
247150
|
-
const client = new import_ssh2.Client;
|
|
247151
|
-
let localPort = 0;
|
|
247152
|
-
let server;
|
|
247153
|
-
let settled = false;
|
|
247154
|
-
const sockets = new Set;
|
|
247155
|
-
function fail(err) {
|
|
247156
|
-
if (settled)
|
|
247157
|
-
return;
|
|
247158
|
-
settled = true;
|
|
247159
|
-
server?.close();
|
|
247160
|
-
client.end();
|
|
247161
|
-
reject(err);
|
|
247162
|
-
}
|
|
247163
|
-
const connectConfig = {
|
|
247164
|
-
host: ssh.host,
|
|
247165
|
-
port: ssh.port ?? 22,
|
|
247166
|
-
username: ssh.username,
|
|
247167
|
-
privateKey: ssh.privateKey,
|
|
247168
|
-
...ssh.privateKeyPass ? { passphrase: ssh.privateKeyPass } : {},
|
|
247169
|
-
readyTimeout: SSH_CONNECT_TIMEOUT_MS,
|
|
247170
|
-
keepaliveInterval: SSH_KEEPALIVE_INTERVAL_MS,
|
|
247171
|
-
keepaliveCountMax: 3,
|
|
247172
|
-
hostVerifier: (key) => {
|
|
247173
|
-
const presented = key.toString("base64");
|
|
247174
|
-
if (ssh.hostKey) {
|
|
247175
|
-
const expected = extractHostKeyBase64(ssh.hostKey);
|
|
247176
|
-
if (presented !== expected) {
|
|
247177
|
-
fail(new Error(`SSH host-key mismatch for ${ssh.host}: expected ${expected.slice(0, 24)}… but got ${presented.slice(0, 24)}….`));
|
|
247178
|
-
return false;
|
|
247179
|
-
}
|
|
247180
|
-
return true;
|
|
247181
|
-
}
|
|
247182
|
-
if (process.env.PUBLISHER_SSH_ALLOW_UNKNOWN_HOSTKEY === "true") {
|
|
247183
|
-
return true;
|
|
247184
|
-
}
|
|
247185
|
-
fail(new Error(`SSH connection to ${ssh.host} refused: no hostKey provided and ` + `PUBLISHER_SSH_ALLOW_UNKNOWN_HOSTKEY is not 'true'. ` + `Set hostKey to the bastion's host public key (an OpenSSH ` + `known_hosts line or its base64 blob, e.g. from ssh-keyscan).`));
|
|
247186
|
-
return false;
|
|
247187
|
-
}
|
|
247188
|
-
};
|
|
247189
|
-
client.on("error", (err) => fail(err));
|
|
247190
|
-
client.on("ready", () => {
|
|
247191
|
-
server = net.createServer((socket) => {
|
|
247192
|
-
sockets.add(socket);
|
|
247193
|
-
socket.on("close", () => sockets.delete(socket));
|
|
247194
|
-
const earlyData = [];
|
|
247195
|
-
socket.on("data", (chunk) => earlyData.push(chunk));
|
|
247196
|
-
client.forwardOut("127.0.0.1", localPort, target.host, target.port, (err, channel) => {
|
|
247197
|
-
if (err) {
|
|
247198
|
-
socket.destroy(err);
|
|
247199
|
-
return;
|
|
247200
|
-
}
|
|
247201
|
-
if (socket.destroyed) {
|
|
247202
|
-
channel.destroy();
|
|
247203
|
-
return;
|
|
247204
|
-
}
|
|
247205
|
-
for (const chunk of earlyData) {
|
|
247206
|
-
channel.write(chunk);
|
|
247207
|
-
}
|
|
247208
|
-
earlyData.length = 0;
|
|
247209
|
-
socket.removeAllListeners("data");
|
|
247210
|
-
socket.pipe(channel);
|
|
247211
|
-
channel.pipe(socket);
|
|
247212
|
-
socket.on("error", () => channel.destroy());
|
|
247213
|
-
channel.on("error", () => socket.destroy());
|
|
247214
|
-
socket.on("close", () => channel.destroy());
|
|
247215
|
-
channel.on("close", () => socket.destroy());
|
|
247216
|
-
});
|
|
247217
|
-
});
|
|
247218
|
-
server.listen(0, "127.0.0.1", () => {
|
|
247219
|
-
const addr = server.address();
|
|
247220
|
-
if (!addr || typeof addr === "string") {
|
|
247221
|
-
fail(new Error("Failed to obtain local listen port for SSH proxy."));
|
|
247222
|
-
return;
|
|
247223
|
-
}
|
|
247224
|
-
localPort = addr.port;
|
|
247225
|
-
if (settled)
|
|
247226
|
-
return;
|
|
247227
|
-
settled = true;
|
|
247228
|
-
resolve2({
|
|
247229
|
-
host: "127.0.0.1",
|
|
247230
|
-
port: localPort,
|
|
247231
|
-
close() {
|
|
247232
|
-
return new Promise((res) => {
|
|
247233
|
-
for (const s of sockets)
|
|
247234
|
-
s.destroy();
|
|
247235
|
-
server.close(() => {
|
|
247236
|
-
client.end();
|
|
247237
|
-
res();
|
|
247238
|
-
});
|
|
247239
|
-
});
|
|
247240
|
-
}
|
|
247241
|
-
});
|
|
247242
|
-
});
|
|
247243
|
-
server.on("error", (err) => fail(err));
|
|
247244
|
-
});
|
|
247245
|
-
client.connect(connectConfig);
|
|
247246
|
-
});
|
|
247247
|
-
}
|
|
247248
|
-
|
|
247249
247278
|
// src/service/connection.ts
|
|
247250
247279
|
async function installAndLoadExtension(connection, extensionName, fromCommunity = false) {
|
|
247251
247280
|
try {
|
|
@@ -247798,19 +247827,37 @@ function buildSnowflakePrivateKeyConnection(metadata) {
|
|
|
247798
247827
|
poolOptions: buildPoolOptions({ poolMin: 1, poolMax: 20 })
|
|
247799
247828
|
});
|
|
247800
247829
|
}
|
|
247830
|
+
function buildProxiedSslQuery(name, sslmode) {
|
|
247831
|
+
const caBundle = process.env.NODE_EXTRA_CA_CERTS;
|
|
247832
|
+
const mode = sslmode ?? "no-verify";
|
|
247833
|
+
switch (mode) {
|
|
247834
|
+
case "disable":
|
|
247835
|
+
return "?sslmode=disable";
|
|
247836
|
+
case "no-verify":
|
|
247837
|
+
return "?sslmode=no-verify";
|
|
247838
|
+
case "verify-ca":
|
|
247839
|
+
if (!caBundle) {
|
|
247840
|
+
throw new Error(`Connection proxy on '${name}' uses sslmode 'verify-ca' but no trusted CA bundle is available (NODE_EXTRA_CA_CERTS is unset). Add the CA bundle to the image or use sslmode 'no-verify'.`);
|
|
247841
|
+
}
|
|
247842
|
+
return `?uselibpqcompat=true&sslmode=verify-ca&sslrootcert=${encodeURIComponent(caBundle)}`;
|
|
247843
|
+
default:
|
|
247844
|
+
throw new Error(`Connection proxy on '${name}' has unsupported sslmode '${mode}' (expected disable | no-verify | verify-ca).`);
|
|
247845
|
+
}
|
|
247846
|
+
}
|
|
247801
247847
|
function buildProxiedPostgresConnection(metadata, endpoint) {
|
|
247802
247848
|
const name = metadata.apiConnection.name;
|
|
247803
247849
|
const pg = metadata.apiConnection.postgresConnection;
|
|
247804
247850
|
if (!pg) {
|
|
247805
247851
|
throw new Error(`Proxied connection '${name}' has type 'postgres' but no postgresConnection config.`);
|
|
247806
247852
|
}
|
|
247853
|
+
const enc = encodeURIComponent;
|
|
247854
|
+
const auth = pg.userName ? `${enc(pg.userName)}${pg.password ? `:${enc(pg.password)}` : ""}@` : "";
|
|
247855
|
+
const db = pg.databaseName ? `/${enc(pg.databaseName)}` : "";
|
|
247856
|
+
const ssl = buildProxiedSslQuery(name, pg.sslmode);
|
|
247857
|
+
const connectionString = `postgresql://${auth}${endpoint.host}:${endpoint.port}${db}${ssl}`;
|
|
247807
247858
|
return new PooledPostgresConnection({
|
|
247808
247859
|
name,
|
|
247809
|
-
|
|
247810
|
-
port: endpoint.port,
|
|
247811
|
-
username: pg.userName,
|
|
247812
|
-
password: pg.password,
|
|
247813
|
-
databaseName: pg.databaseName,
|
|
247860
|
+
connectionString,
|
|
247814
247861
|
poolMin: 1,
|
|
247815
247862
|
poolMax: 20
|
|
247816
247863
|
});
|