npm - @opensecurity/zonzon-cli - Versions diffs - 0.1.2 → 0.1.4 - Mend

@opensecurity/zonzon-cli 0.1.2 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/cli.js CHANGED Viewed

@@ -84,6 +84,8 @@ async function handleInit(configPath) {
     }
     const defaultConf = {
         port: 53,
+        httpPort: 80,
+        httpsPort: 443,
         fallbackDns: "1.1.1.1",
         maxTcpConnections: 100,
         tcpIdleTimeoutMs: 30000,
@@ -99,6 +101,8 @@ async function handleInit(configPath) {
     };
     saveConfig(configPath, defaultConf);
     audit.system(`Initialized secure default configuration at ${configPath}`);
+    audit.system(`Security Notice: Default HTTP/HTTPS ports mapped to 80/443.`);
+    audit.system(`If executing within a non-root sandbox, mutate config.json to unprivileged ports (e.g. 8080/8443) to prevent EACCES binding faults.`);
     process.exit(0);
 }
 async function handleConfig(configPath, args) {
@@ -127,6 +131,45 @@ async function handleConfig(configPath, args) {
     }
     printUsage();
 }
+class ZonzonDaemon {
+    dnsHandler = null;
+    httpHandler = null;
+    sniProxy = null;
+    async start(config) {
+        try {
+            const dnsServer = new DevDnsServer(config);
+            this.dnsHandler = new DnsHandler(dnsServer, config);
+            await this.dnsHandler.start();
+            audit.system(`DNS Listener actively enforcing Zero-Trust boundaries on port ${config.port}`);
+            this.httpHandler = new HttpHandler(dnsServer, config, config.httpPort ?? 80);
+            await this.httpHandler.start();
+            audit.system(`HTTP L7 Sandbox Router active on port ${config.httpPort ?? 80}`);
+            this.sniProxy = new SniProxyService(config, config.httpsPort ?? 443);
+            await this.sniProxy.start();
+            audit.system(`SNI Proxy active on port ${config.httpsPort ?? 443}`);
+        }
+        catch (err) {
+            audit.error(`Fatal bind error during initialization: ${err.message}`);
+            await this.stop();
+            process.exit(1);
+        }
+    }
+    async stop() {
+        if (this.dnsHandler) {
+            await this.dnsHandler.stop();
+            this.dnsHandler = null;
+        }
+        if (this.httpHandler) {
+            await this.httpHandler.stop();
+            this.httpHandler = null;
+        }
+        if (this.sniProxy) {
+            await this.sniProxy.stop();
+            this.sniProxy = null;
+        }
+        audit.system("Subsystems halted. Sockets closed.");
+    }
+}
 async function startEngine(configPath, portOverride, cpPortOverride) {
     const rawConfig = loadConfig(configPath);
     if (portOverride) {
@@ -145,10 +188,8 @@ async function startEngine(configPath, portOverride, cpPortOverride) {
         audit.error(`Configuration Schema Violation: ${err.message}`);
         process.exit(1);
     }
-    const dnsServer = new DevDnsServer(config);
-    const dnsHandler = new DnsHandler(dnsServer, config);
-    const httpHandler = new HttpHandler(dnsServer, config, 80);
-    const sniProxy = new SniProxyService(config, 443);
+    const daemon = new ZonzonDaemon();
+    await daemon.start(config);
     const isCpEnabled = config.controlPlane?.enabled !== false;
     let controlPlane = null;
     let isEphemeralKey = false;
@@ -167,15 +208,24 @@ async function startEngine(configPath, portOverride, cpPortOverride) {
             blindIndexSalt: blindIndexSalt,
             initialConfig: config,
         });
-        controlPlane.subscribe((newConfig) => {
+        controlPlane.subscribe(async (newConfig) => {
             audit.system("Applying dynamic configuration update from Control Plane...");
+            await daemon.stop();
+            await daemon.start(newConfig);
         });
+        await controlPlane.start();
+        if (isEphemeralKey) {
+            audit.system(`[SECURITY] Generated Ephemeral API Key for this session: ${activeApiKey}`);
+            audit.system(`[SECURITY] Do not lose this key. It will not be shown again.`);
+        }
+        else {
+            audit.system(`[SECURITY] Control Plane using static API Key from configuration.`);
+        }
     }
+    audit.system("Initialization complete. Awaiting connections...");
     const shutdown = async () => {
         audit.system("Initiating graceful shutdown sequence...");
-        await dnsHandler.stop();
-        await httpHandler.stop();
-        await sniProxy.stop();
+        await daemon.stop();
         if (controlPlane) {
             await controlPlane.stop();
         }
@@ -183,29 +233,6 @@ async function startEngine(configPath, portOverride, cpPortOverride) {
     };
     process.on("SIGINT", shutdown);
     process.on("SIGTERM", shutdown);
-    try {
-        await dnsHandler.start();
-        audit.system(`DNS Listener actively enforcing Zero-Trust boundaries on port ${config.port}`);
-        await httpHandler.start();
-        audit.system(`HTTP L7 Sandbox Router active on port 80`);
-        await sniProxy.start();
-        audit.system(`SNI Proxy active on port 443`);
-        if (controlPlane) {
-            await controlPlane.start();
-            if (isEphemeralKey) {
-                audit.system(`[SECURITY] Generated Ephemeral API Key for this session: ${activeApiKey}`);
-                audit.system(`[SECURITY] Do not lose this key. It will not be shown again.`);
-            }
-            else {
-                audit.system(`[SECURITY] Control Plane using static API Key from configuration.`);
-            }
-        }
-        audit.system("Initialization complete. Awaiting connections...");
-    }
-    catch (err) {
-        audit.error(`Fatal bind error during initialization: ${err.message}`);
-        await shutdown();
-    }
 }
 async function main() {
     const { values, positionals } = parseArgs({

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@opensecurity/zonzon-cli",
-  "version": "0.1.2",
-  "description": "Command line interface and entrypoint for zonzon",
+  "version": "0.1.4",
+  "description": "cli interface for zonzon",
   "type": "module",
   "author": "Lucian BLETAN <neuraluc@gmail.com>",
   "license": "Apache-2.0",
@@ -22,12 +22,16 @@
   "publishConfig": {
     "access": "public"
   },
+  "files": [
+    "dist"
+  ],
   "scripts": {
     "build": "tsc -b",
-    "start": "node ./dist/cli.js start"
+    "start": "node dist/cli.js",
+    "dev:watch": "NODE_OPTIONS=--disable-warning=DEP0205 tsx watch src/cli.ts start --config ../../config/hosts.json"
   },
   "dependencies": {
-    "@opensecurity/zonzon-core": "*",
-    "@opensecurity/zonzon-control-plane": "*"
+    "@opensecurity/zonzon-core": "^0.1.4",
+    "@opensecurity/zonzon-control-plane": "^0.1.4"
   }
 }

package/src/cli.ts DELETED Viewed

@@ -1,284 +0,0 @@
-#!/usr/bin/env node
-import * as fs from "fs";
-import * as path from "path";
-import * as os from "os";
-import { parseArgs } from "util";
-import { randomBytes } from "crypto";
-import {
-  DevDnsServer,
-  DnsHandler,
-  HttpHandler,
-  SniProxyService,
-  ServerConfig,
-  validateServerConfig,
-  audit
-} from "@opensecurity/zonzon-core";
-import { ControlPlane } from "@opensecurity/zonzon-control-plane";
-const CONFIG_DIR = path.join(os.homedir(), ".zonzon");
-const DEFAULT_CONFIG_PATH = path.join(CONFIG_DIR, "config.json");
-function ensureConfigDir() {
-  if (!fs.existsSync(CONFIG_DIR)) {
-    fs.mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });
-  }
-}
-function loadConfig(configPath: string): any {
-  if (!fs.existsSync(configPath)) {
-    return {};
-  }
-  try {
-    const fileContents = fs.readFileSync(configPath, "utf8");
-    return JSON.parse(fileContents) || {};
-  } catch (err: any) {
-    audit.error(`Failed to parse configuration file at ${configPath}: ${err.message}`);
-    process.exit(1);
-  }
-}
-function saveConfig(configPath: string, data: any): void {
-  ensureConfigDir();
-  try {
-    const jsonStr = JSON.stringify(data, null, 2);
-    fs.writeFileSync(configPath, jsonStr, { encoding: "utf8", mode: 0o600 });
-  } catch (err: any) {
-    audit.error(`Failed to write configuration file at ${configPath}: ${err.message}`);
-    process.exit(1);
-  }
-}
-function setDeepValue(obj: any, pathStr: string, value: any): void {
-  const parts = pathStr.split(".");
-  const last = parts.pop()!;
-  let current = obj;
-  for (const part of parts) {
-    if (!current[part] || typeof current[part] !== "object") {
-      current[part] = {};
-    }
-    current = current[part];
-  }
-  if (value === "true") current[last] = true;
-  else if (value === "false") current[last] = false;
-  else if (!isNaN(Number(value))) current[last] = Number(value);
-  else current[last] = value;
-}
-function printUsage() {
-  console.log(`
-zonzon core engine (v0.1.0)
-Usage: zonzon <command> [options]
-Commands:
-  init        Initialize the default configuration file at ~/.zonzon/config.json
-  start       Boot the routing engine and control plane
-  config      Manage configuration state
-Config Commands:
-  zonzon config view                   Print the current configuration
-  zonzon config set <key> <value>      Set a configuration value using dot notation
-                                       Example: zonzon config set port 53
-                                       Example: zonzon config set controlPlane.port 8081
-Global Options:
-  --config, -c   Override path to configuration file (default: ~/.zonzon/config.json)
-  `);
-  process.exit(0);
-}
-async function handleInit(configPath: string) {
-  if (fs.existsSync(configPath)) {
-    audit.error(`Configuration already exists at ${configPath}`);
-    process.exit(1);
-  }
-  const defaultConf = {
-    port: 53,
-    fallbackDns: "1.1.1.1",
-    maxTcpConnections: 100,
-    tcpIdleTimeoutMs: 30000,
-    controlPlane: {
-      enabled: true,
-      port: 8080
-    },
-    firewall: {
-      defaultPolicy: "deny",
-      allowlist_ips: ["127.0.0.1"]
-    },
-    hosts: {}
-  };
-  saveConfig(configPath, defaultConf);
-  audit.system(`Initialized secure default configuration at ${configPath}`);
-  process.exit(0);
-}
-async function handleConfig(configPath: string, args: string[]) {
-  const subCmd = args[0];
-  if (subCmd === "view") {
-    if (!fs.existsSync(configPath)) {
-      audit.error(`No configuration found at ${configPath}. Run 'zonzon init' first.`);
-      process.exit(1);
-    }
-    const fileContents = fs.readFileSync(configPath, "utf8");
-    console.log(fileContents);
-    process.exit(0);
-  }
-  if (subCmd === "set") {
-    const key = args[1];
-    const value = args[2];
-    if (!key || value === undefined) {
-      audit.error("Usage: zonzon config set <key> <value>");
-      process.exit(1);
-    }
-    const currentConfig = loadConfig(configPath);
-    setDeepValue(currentConfig, key, value);
-    saveConfig(configPath, currentConfig);
-    audit.system(`Updated configuration: ${key} = ${value}`);
-    process.exit(0);
-  }
-  printUsage();
-}
-async function startEngine(configPath: string, portOverride?: string, cpPortOverride?: string) {
-  const rawConfig = loadConfig(configPath);
-  if (portOverride) {
-    rawConfig.port = parseInt(portOverride, 10);
-  }
-  if (cpPortOverride) {
-    if (!rawConfig.controlPlane) rawConfig.controlPlane = {};
-    rawConfig.controlPlane.port = parseInt(cpPortOverride, 10);
-  }
-  let config: ServerConfig;
-  try {
-    config = validateServerConfig(rawConfig);
-  } catch (err: any) {
-    audit.error(`Configuration Schema Violation: ${err.message}`);
-    process.exit(1);
-  }
-  const dnsServer = new DevDnsServer(config);
-  const dnsHandler = new DnsHandler(dnsServer, config);
-  const httpHandler = new HttpHandler(dnsServer, config, 80);
-  const sniProxy = new SniProxyService(config, 443);
-  const isCpEnabled = config.controlPlane?.enabled !== false;
-  let controlPlane: ControlPlane | null = null;
-  let isEphemeralKey = false;
-  let activeApiKey = "";
-  if (isCpEnabled) {
-    activeApiKey = config.controlPlane?.apiKey || "";
-    if (!activeApiKey) {
-      activeApiKey = randomBytes(32).toString("hex");
-      isEphemeralKey = true;
-    }
-    const blindIndexSalt = randomBytes(16).toString("hex");
-    const cpPort = config.controlPlane?.port || 8080;
-    controlPlane = new ControlPlane({
-      port: cpPort,
-      apiKey: activeApiKey,
-      blindIndexSalt: blindIndexSalt,
-      initialConfig: config,
-    });
-    controlPlane.subscribe((newConfig) => {
-      audit.system("Applying dynamic configuration update from Control Plane...");
-    });
-  }
-  const shutdown = async () => {
-    audit.system("Initiating graceful shutdown sequence...");
-    await dnsHandler.stop();
-    await httpHandler.stop();
-    await sniProxy.stop();
-    if (controlPlane) {
-      await controlPlane.stop();
-    }
-    process.exit(0);
-  };
-  process.on("SIGINT", shutdown);
-  process.on("SIGTERM", shutdown);
-  try {
-    await dnsHandler.start();
-    audit.system(`DNS Listener actively enforcing Zero-Trust boundaries on port ${config.port}`);
-    await httpHandler.start();
-    audit.system(`HTTP L7 Sandbox Router active on port 80`);
-    await sniProxy.start();
-    audit.system(`SNI Proxy active on port 443`);
-    if (controlPlane) {
-      await controlPlane.start();
-      if (isEphemeralKey) {
-        audit.system(`[SECURITY] Generated Ephemeral API Key for this session: ${activeApiKey}`);
-        audit.system(`[SECURITY] Do not lose this key. It will not be shown again.`);
-      } else {
-        audit.system(`[SECURITY] Control Plane using static API Key from configuration.`);
-      }
-    }
-    audit.system("Initialization complete. Awaiting connections...");
-  } catch (err: any) {
-    audit.error(`Fatal bind error during initialization: ${err.message}`);
-    await shutdown();
-  }
-}
-async function main() {
-  const { values, positionals } = parseArgs({
-    options: {
-      config: {
-        type: "string",
-        short: "c",
-      },
-      port: {
-        type: "string",
-        short: "p",
-      },
-      "cp-port": {
-        type: "string",
-      },
-    },
-    strict: false,
-    allowPositionals: true
-  });
-  const command = positionals[0];
-  const configPath = values.config
-    ? path.resolve(process.cwd(), values.config as string)
-    : DEFAULT_CONFIG_PATH;
-  switch (command) {
-    case "init":
-      await handleInit(configPath);
-      break;
-    case "config":
-      await handleConfig(configPath, positionals.slice(1));
-      break;
-    case "start":
-      await startEngine(configPath, values.port as string, values["cp-port"] as string);
-      break;
-    default:
-      printUsage();
-      break;
-  }
-}
-main().catch((err) => {
-  audit.error(`Unhandled execution fault: ${err.message}`);
-  process.exit(1);
-});

package/tsconfig.json DELETED Viewed

@@ -1,13 +0,0 @@
-{
-  "extends": "../../tsconfig.base.json",
-  "compilerOptions": {
-    "outDir": "./dist",
-    "rootDir": "./src"
-  },
-  "references": [
-    { "path": "../core" },
-    { "path": "../control-plane" }
-  ],
-  "include": ["src/**/*.ts"],
-  "exclude": ["node_modules", "dist"]
-}