@mjasano/devtunnel 1.1.0 → 1.4.0

package/server.js

@@ -10,9 +10,172 @@ const crypto = require('crypto');
 
 const app = express();
 const server = http.createServer(app);
-const wss = new WebSocket.Server({ server });
 
-app.use(express.json());
+// Authentication configuration
+const PASSCODE = process.env.PASSCODE || null;
+const AUTH_TOKEN_EXPIRY = 24 * 60 * 60 * 1000; // 24 hours
+const authTokens = new Map(); // token -> { createdAt }
+
+// Generate random token
+function generateAuthToken() {
+  return crypto.randomBytes(32).toString('hex');
+}
+
+// Validate auth token
+function validateAuthToken(token) {
+  if (!token) return false;
+  const session = authTokens.get(token);
+  if (!session) return false;
+  if (Date.now() - session.createdAt > AUTH_TOKEN_EXPIRY) {
+    authTokens.delete(token);
+    return false;
+  }
+  return true;
+}
+
+// Auth middleware
+function authMiddleware(req, res, next) {
+  // If no passcode configured, allow all
+  if (!PASSCODE) return next();
+
+  // Check for auth token in cookie or header
+  const token = req.cookies?.authToken || req.headers['x-auth-token'];
+
+  if (validateAuthToken(token)) {
+    return next();
+  }
+
+  // Allow access to login endpoint and static login page
+  if (req.path === '/api/auth/login' || req.path === '/api/auth/status') {
+    return next();
+  }
+
+  res.status(401).json({ error: 'Authentication required' });
+}
+
+// Cookie parser middleware
+app.use((req, _res, next) => {
+  const cookieHeader = req.headers.cookie;
+  req.cookies = {};
+  if (cookieHeader) {
+    cookieHeader.split(';').forEach(cookie => {
+      const [name, ...rest] = cookie.trim().split('=');
+      req.cookies[name] = rest.join('=');
+    });
+  }
+  next();
+});
+
+// WebSocket security configuration
+const WS_MAX_MESSAGE_SIZE = 1024 * 1024; // 1MB max message size
+const WS_RATE_LIMIT_WINDOW = 1000; // 1 second
+const WS_RATE_LIMIT_MAX = 100; // max 100 messages per second
+
+const wss = new WebSocket.Server({
+  server,
+  maxPayload: WS_MAX_MESSAGE_SIZE
+});
+
+// Rate limiting for WebSocket connections
+const wsRateLimits = new Map();
+
+function checkRateLimit(ws) {
+  const now = Date.now();
+  let limit = wsRateLimits.get(ws);
+
+  if (!limit) {
+    limit = { count: 0, resetAt: now + WS_RATE_LIMIT_WINDOW };
+    wsRateLimits.set(ws, limit);
+  }
+
+  if (now > limit.resetAt) {
+    limit.count = 0;
+    limit.resetAt = now + WS_RATE_LIMIT_WINDOW;
+  }
+
+  limit.count++;
+
+  if (limit.count > WS_RATE_LIMIT_MAX) {
+    return false;
+  }
+
+  return true;
+}
+
+app.use(express.json({ limit: '5mb' }));
+
+// Serve login page without auth
+app.get('/login', (_req, res) => {
+  res.sendFile(path.join(__dirname, 'public', 'login.html'));
+});
+
+// Auth status endpoint (no auth required)
+app.get('/api/auth/status', (req, res) => {
+  const requiresAuth = !!PASSCODE;
+  const token = req.cookies?.authToken || req.headers['x-auth-token'];
+  const authenticated = !requiresAuth || validateAuthToken(token);
+  res.json({ requiresAuth, authenticated });
+});
+
+// Login endpoint (no auth required)
+app.post('/api/auth/login', (req, res) => {
+  if (!PASSCODE) {
+    return res.json({ success: true, message: 'No passcode required' });
+  }
+
+  const { passcode } = req.body;
+
+  if (passcode === PASSCODE) {
+    const token = generateAuthToken();
+    authTokens.set(token, { createdAt: Date.now() });
+
+    res.cookie('authToken', token, {
+      httpOnly: true,
+      secure: process.env.NODE_ENV === 'production',
+      maxAge: AUTH_TOKEN_EXPIRY,
+      sameSite: 'strict'
+    });
+
+    res.json({ success: true, token });
+  } else {
+    res.status(401).json({ success: false, error: 'Invalid passcode' });
+  }
+});
+
+// Logout endpoint
+app.post('/api/auth/logout', (req, res) => {
+  const token = req.cookies?.authToken || req.headers['x-auth-token'];
+  if (token) {
+    authTokens.delete(token);
+  }
+  res.clearCookie('authToken');
+  res.json({ success: true });
+});
+
+// Apply auth middleware to all API routes
+app.use('/api', authMiddleware);
+
+// Serve static files (with auth check for main app)
+app.use((req, res, next) => {
+  // Allow login page without auth
+  if (req.path === '/login.html' || req.path === '/login') {
+    return next();
+  }
+
+  // If auth required and not authenticated, redirect to login
+  if (PASSCODE) {
+    const token = req.cookies?.authToken || req.headers['x-auth-token'];
+    if (!validateAuthToken(token)) {
+      // For HTML requests, redirect to login
+      if (req.accepts('html')) {
+        return res.redirect('/login');
+      }
+      return res.status(401).json({ error: 'Authentication required' });
+    }
+  }
+  next();
+});
+
 app.use(express.static(path.join(__dirname, 'public')));
 
 // Session configuration
@@ -30,6 +193,98 @@ function generateSessionId() {
   return crypto.randomBytes(16).toString('hex');
 }
 
+// Get list of tmux sessions
+async function getTmuxSessions() {
+  return new Promise((resolve) => {
+    const tmux = spawn('tmux', ['list-sessions', '-F', '#{session_name}:#{session_windows}:#{session_attached}']);
+    let output = '';
+
+    tmux.stdout.on('data', (data) => {
+      output += data.toString();
+    });
+
+    tmux.on('close', (code) => {
+      if (code !== 0 || !output.trim()) {
+        resolve([]);
+        return;
+      }
+
+      const sessions = output.trim().split('\n').map(line => {
+        const [name, windows, attached] = line.split(':');
+        return {
+          name,
+          windows: parseInt(windows) || 1,
+          attached: attached === '1'
+        };
+      });
+
+      resolve(sessions);
+    });
+
+    tmux.on('error', () => {
+      resolve([]);
+    });
+  });
+}
+
+// Create session attached to tmux
+function createTmuxSession(tmuxSessionName) {
+  const id = `tmux-${tmuxSessionName}-${Date.now()}`;
+
+  const ptyProcess = pty.spawn('tmux', ['attach-session', '-t', tmuxSessionName], {
+    name: 'xterm-256color',
+    cols: 80,
+    rows: 24,
+    cwd: process.env.WORKSPACE || os.homedir(),
+    env: { ...process.env, TERM: 'xterm-256color' }
+  });
+
+  const session = {
+    id,
+    pty: ptyProcess,
+    outputBuffer: '',
+    clients: new Set(),
+    lastAccess: Date.now(),
+    createdAt: Date.now(),
+    alive: true,
+    type: 'tmux',
+    tmuxSession: tmuxSessionName
+  };
+
+  ptyProcess.onData((data) => {
+    session.outputBuffer += data;
+    if (session.outputBuffer.length > OUTPUT_BUFFER_SIZE) {
+      session.outputBuffer = session.outputBuffer.slice(-OUTPUT_BUFFER_SIZE);
+    }
+
+    session.clients.forEach(ws => {
+      if (ws.readyState === WebSocket.OPEN) {
+        ws.send(JSON.stringify({ type: 'output', data }));
+      }
+    });
+  });
+
+  ptyProcess.onExit(({ exitCode, signal }) => {
+    console.log(`Tmux session ${tmuxSessionName} detached with code ${exitCode}`);
+    session.alive = false;
+
+    session.clients.forEach(ws => {
+      if (ws.readyState === WebSocket.OPEN) {
+        ws.send(JSON.stringify({ type: 'exit', exitCode, signal }));
+      }
+    });
+
+    setTimeout(() => {
+      sessions.delete(id);
+      broadcastSessionList();
+    }, 5000);
+  });
+
+  sessions.set(id, session);
+  console.log(`Tmux session attached: ${tmuxSessionName}`);
+  return session;
+}
+
 // Create or get existing session
 function getOrCreateSession(sessionId = null) {
   // If sessionId provided and exists, return it
@@ -120,7 +375,9 @@ function broadcastSessionList() {
     createdAt: s.createdAt,
     lastAccess: s.lastAccess,
     alive: s.alive,
-    clients: s.clients.size
+    clients: s.clients.size,
+    type: s.type || 'shell',
+    tmuxSession: s.tmuxSession
   }));
 
   wss.clients.forEach(client => {
@@ -234,7 +491,26 @@ function stopTunnel(id) {
 }
 
 // WebSocket handling
-wss.on('connection', (ws) => {
+wss.on('connection', async (ws, req) => {
+  // Authenticate WebSocket connection
+  if (PASSCODE) {
+    // Parse cookies from upgrade request
+    const cookies = {};
+    const cookieHeader = req.headers.cookie;
+    if (cookieHeader) {
+      cookieHeader.split(';').forEach(cookie => {
+        const [name, ...rest] = cookie.trim().split('=');
+        cookies[name] = rest.join('=');
+      });
+    }
+
+    const token = cookies.authToken;
+    if (!validateAuthToken(token)) {
+      ws.close(4001, 'Authentication required');
+      return;
+    }
+  }
+
   console.log('Client connected');
 
   let currentSession = null;
@@ -254,16 +530,44 @@ wss.on('connection', (ws) => {
     createdAt: s.createdAt,
     lastAccess: s.lastAccess,
     alive: s.alive,
-    clients: s.clients.size
+    clients: s.clients.size,
+    type: s.type || 'shell',
+    tmuxSession: s.tmuxSession
   }));
   ws.send(JSON.stringify({ type: 'sessions', data: sessionList }));
 
+  // Send tmux sessions list
+  const tmuxSessions = await getTmuxSessions();
+  ws.send(JSON.stringify({ type: 'tmux-sessions', data: tmuxSessions }));
+
   ws.on('message', (message) => {
+    // Rate limiting check
+    if (!checkRateLimit(ws)) {
+      ws.send(JSON.stringify({ type: 'error', message: 'Rate limit exceeded' }));
+      return;
+    }
+
     try {
       const msg = JSON.parse(message.toString());
 
       switch (msg.type) {
+        case 'detach':
+          // Detach from current session
+          if (currentSession) {
+            currentSession.clients.delete(ws);
+            currentSession.lastAccess = Date.now();
+            broadcastSessionList();
+            console.log(`Client detached from session ${currentSession.id}`);
+            currentSession = null;
+          }
+          break;
+
         case 'attach':
+          // Detach from current session first if any
+          if (currentSession) {
+            currentSession.clients.delete(ws);
+            currentSession.lastAccess = Date.now();
+          }
           // Attach to existing or new session
           try {
             currentSession = getOrCreateSession(msg.sessionId);
@@ -339,6 +643,43 @@ wss.on('connection', (ws) => {
           }
           break;
 
+        case 'attach-tmux':
+          if (msg.tmuxSession) {
+            try {
+              // Detach from current session if any
+              if (currentSession) {
+                currentSession.clients.delete(ws);
+                currentSession.lastAccess = Date.now();
+                broadcastSessionList();
+              }
+
+              currentSession = createTmuxSession(msg.tmuxSession);
+              currentSession.clients.add(ws);
+
+              ws.send(JSON.stringify({
+                type: 'attached',
+                sessionId: currentSession.id,
+                alive: currentSession.alive,
+                tmuxSession: msg.tmuxSession
+              }));
+
+              broadcastSessionList();
+              console.log(`Client attached to tmux session: ${msg.tmuxSession}`);
+            } catch (err) {
+              ws.send(JSON.stringify({
+                type: 'error',
+                message: err.message
+              }));
+            }
+          }
+          break;
+
+        case 'refresh-tmux':
+          getTmuxSessions().then(tmuxSessions => {
+            ws.send(JSON.stringify({ type: 'tmux-sessions', data: tmuxSessions }));
+          });
+          break;
+
         default:
           console.log('Unknown message type:', msg.type);
       }
@@ -349,6 +690,7 @@ wss.on('connection', (ws) => {
 
   ws.on('close', () => {
     console.log('Client disconnected');
+    wsRateLimits.delete(ws);
     if (currentSession) {
       currentSession.clients.delete(ws);
       currentSession.lastAccess = Date.now();
@@ -365,6 +707,119 @@ wss.on('connection', (ws) => {
   });
 });
 
+// System Monitoring API
+async function getMemoryInfo() {
+  const totalMem = os.totalmem();
+
+  // macOS: use vm_stat for accurate memory info
+  if (os.platform() === 'darwin') {
+    return new Promise((resolve) => {
+      const vmstat = spawn('vm_stat');
+      let output = '';
+
+      vmstat.stdout.on('data', (data) => {
+        output += data.toString();
+      });
+
+      vmstat.on('close', () => {
+        try {
+          const pageSize = 16384; // macOS default page size (16KB on Apple Silicon)
+          const lines = output.split('\n');
+
+          let _free = 0, active = 0, _inactive = 0, wired = 0, compressed = 0, _purgeable = 0;
+
+          lines.forEach(line => {
+            const match = line.match(/^(.+):\s+(\d+)/);
+            if (match) {
+              const value = parseInt(match[2]) * pageSize;
+              const key = match[1].toLowerCase();
+              if (key.includes('free')) _free = value;
+              else if (key.includes('active')) active = value;
+              else if (key.includes('inactive')) _inactive = value;
+              else if (key.includes('wired')) wired = value;
+              else if (key.includes('compressed')) compressed = value;
+              else if (key.includes('purgeable')) _purgeable = value;
+            }
+          });
+
+          // App Memory = Active + Wired + Compressed (what Activity Monitor shows)
+          const appMemory = active + wired + compressed;
+          const usage = Math.round((appMemory / totalMem) * 100);
+
+          resolve({
+            total: totalMem,
+            used: appMemory,
+            free: totalMem - appMemory,
+            usage
+          });
+        } catch {
+          // Fallback to os.freemem()
+          const freeMem = os.freemem();
+          resolve({
+            total: totalMem,
+            used: totalMem - freeMem,
+            free: freeMem,
+            usage: Math.round(((totalMem - freeMem) / totalMem) * 100)
+          });
+        }
+      });
+
+      vmstat.on('error', () => {
+        const freeMem = os.freemem();
+        resolve({
+          total: totalMem,
+          used: totalMem - freeMem,
+          free: freeMem,
+          usage: Math.round(((totalMem - freeMem) / totalMem) * 100)
+        });
+      });
+    });
+  }
+
+  // Other platforms: use os.freemem()
+  const freeMem = os.freemem();
+  return {
+    total: totalMem,
+    used: totalMem - freeMem,
+    free: freeMem,
+    usage: Math.round(((totalMem - freeMem) / totalMem) * 100)
+  };
+}
+
+async function getSystemInfo() {
+  const cpus = os.cpus();
+  const memory = await getMemoryInfo();
+
+  // Calculate CPU usage
+  let totalIdle = 0;
+  let totalTick = 0;
+  cpus.forEach(cpu => {
+    for (const type in cpu.times) {
+      totalTick += cpu.times[type];
+    }
+    totalIdle += cpu.times.idle;
+  });
+  const cpuUsage = Math.round((1 - totalIdle / totalTick) * 100);
+
+  return {
+    hostname: os.hostname(),
+    platform: os.platform(),
+    arch: os.arch(),
+    uptime: os.uptime(),
+    cpu: {
+      model: cpus[0]?.model || 'Unknown',
+      cores: cpus.length,
+      usage: cpuUsage
+    },
+    memory,
+    loadavg: os.loadavg()
+  };
+}
+
+app.get('/api/system', async (req, res) => {
+  res.json(await getSystemInfo());
+});
+
 // File System API
 const WORKSPACE_ROOT = process.env.WORKSPACE || os.homedir();
 
@@ -503,6 +958,86 @@ app.post('/api/files/write', async (req, res) => {
   }
 });
 
+// Delete file or directory
+app.post('/api/files/delete', async (req, res) => {
+  try {
+    const { path: filePath } = req.body;
+
+    if (!filePath) {
+      return res.status(400).json({ error: 'Path required' });
+    }
+
+    const fullPath = path.join(WORKSPACE_ROOT, filePath);
+    const normalizedPath = path.normalize(fullPath);
+
+    if (!normalizedPath.startsWith(WORKSPACE_ROOT)) {
+      return res.status(403).json({ error: 'Access denied' });
+    }
+
+    // Don't allow deleting the workspace root
+    if (normalizedPath === WORKSPACE_ROOT) {
+      return res.status(403).json({ error: 'Cannot delete workspace root' });
+    }
+
+    const stats = await fs.stat(normalizedPath);
+
+    if (stats.isDirectory()) {
+      await fs.rm(normalizedPath, { recursive: true });
+    } else {
+      await fs.unlink(normalizedPath);
+    }
+
+    res.json({ success: true, path: filePath });
+  } catch (err) {
+    if (err.code === 'ENOENT') {
+      res.status(404).json({ error: 'File not found' });
+    } else {
+      res.status(500).json({ error: err.message });
+    }
+  }
+});
+
+// Rename file or directory
+app.post('/api/files/rename', async (req, res) => {
+  try {
+    const { oldPath, newPath } = req.body;
+
+    if (!oldPath || !newPath) {
+      return res.status(400).json({ error: 'Both oldPath and newPath required' });
+    }
+
+    const fullOldPath = path.join(WORKSPACE_ROOT, oldPath);
+    const fullNewPath = path.join(WORKSPACE_ROOT, newPath);
+    const normalizedOldPath = path.normalize(fullOldPath);
+    const normalizedNewPath = path.normalize(fullNewPath);
+
+    if (!normalizedOldPath.startsWith(WORKSPACE_ROOT) || !normalizedNewPath.startsWith(WORKSPACE_ROOT)) {
+      return res.status(403).json({ error: 'Access denied' });
+    }
+
+    // Check if source exists
+    await fs.stat(normalizedOldPath);
+
+    // Check if destination already exists
+    try {
+      await fs.stat(normalizedNewPath);
+      return res.status(409).json({ error: 'Destination already exists' });
+    } catch (err) {
+      if (err.code !== 'ENOENT') throw err;
+    }
+
+    await fs.rename(normalizedOldPath, normalizedNewPath);
+
+    res.json({ success: true, oldPath, newPath });
+  } catch (err) {
+    if (err.code === 'ENOENT') {
+      res.status(404).json({ error: 'File not found' });
+    } else {
+      res.status(500).json({ error: err.message });
+    }
+  }
+});
+
 // REST API
 app.get('/api/sessions', (req, res) => {
   const sessionList = Array.from(sessions.values()).map(s => ({
@@ -569,9 +1104,51 @@ app.get('/health', (req, res) => {
   });
 });
 
-const PORT = process.env.PORT || 3000;
-server.listen(PORT, '0.0.0.0', () => {
-  console.log(`DevTunnel server running on http://localhost:${PORT}`);
+const DEFAULT_PORT = process.env.PORT || 3000;
+
+function findAvailablePort(startPort, maxAttempts = 10) {
+  return new Promise((resolve, reject) => {
+    let port = startPort;
+    let attempts = 0;
+
+    const tryPort = () => {
+      if (attempts >= maxAttempts) {
+        reject(new Error(`No available port found after ${maxAttempts} attempts`));
+        return;
+      }
+
+      const testServer = require('net').createServer();
+      testServer.once('error', (err) => {
+        if (err.code === 'EADDRINUSE') {
+          console.log(`Port ${port} is in use, trying ${port + 1}...`);
+          port++;
+          attempts++;
+          tryPort();
+        } else {
+          reject(err);
+        }
+      });
+
+      testServer.once('listening', () => {
+        testServer.close(() => {
+          resolve(port);
+        });
+      });
+
+      testServer.listen(port, '0.0.0.0');
+    };
+
+    tryPort();
+  });
+}
+
+findAvailablePort(DEFAULT_PORT).then((PORT) => {
+  server.listen(PORT, '0.0.0.0', () => {
+    console.log(`DevTunnel server running on http://localhost:${PORT}`);
+  });
+}).catch((err) => {
+  console.error('Failed to start server:', err.message);
+  process.exit(1);
 });
 
 // Graceful shutdown