@opensecurity/zonzon-cli 0.1.3 → 0.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +58 -31
- package/package.json +4 -4
package/dist/cli.js
CHANGED
|
@@ -84,6 +84,8 @@ async function handleInit(configPath) {
|
|
|
84
84
|
}
|
|
85
85
|
const defaultConf = {
|
|
86
86
|
port: 53,
|
|
87
|
+
httpPort: 80,
|
|
88
|
+
httpsPort: 443,
|
|
87
89
|
fallbackDns: "1.1.1.1",
|
|
88
90
|
maxTcpConnections: 100,
|
|
89
91
|
tcpIdleTimeoutMs: 30000,
|
|
@@ -99,6 +101,8 @@ async function handleInit(configPath) {
|
|
|
99
101
|
};
|
|
100
102
|
saveConfig(configPath, defaultConf);
|
|
101
103
|
audit.system(`Initialized secure default configuration at ${configPath}`);
|
|
104
|
+
audit.system(`Security Notice: Default HTTP/HTTPS ports mapped to 80/443.`);
|
|
105
|
+
audit.system(`If executing within a non-root sandbox, mutate config.json to unprivileged ports (e.g. 8080/8443) to prevent EACCES binding faults.`);
|
|
102
106
|
process.exit(0);
|
|
103
107
|
}
|
|
104
108
|
async function handleConfig(configPath, args) {
|
|
@@ -127,6 +131,45 @@ async function handleConfig(configPath, args) {
|
|
|
127
131
|
}
|
|
128
132
|
printUsage();
|
|
129
133
|
}
|
|
134
|
+
class ZonzonDaemon {
|
|
135
|
+
dnsHandler = null;
|
|
136
|
+
httpHandler = null;
|
|
137
|
+
sniProxy = null;
|
|
138
|
+
async start(config) {
|
|
139
|
+
try {
|
|
140
|
+
const dnsServer = new DevDnsServer(config);
|
|
141
|
+
this.dnsHandler = new DnsHandler(dnsServer, config);
|
|
142
|
+
await this.dnsHandler.start();
|
|
143
|
+
audit.system(`DNS Listener actively enforcing Zero-Trust boundaries on port ${config.port}`);
|
|
144
|
+
this.httpHandler = new HttpHandler(dnsServer, config, config.httpPort ?? 80);
|
|
145
|
+
await this.httpHandler.start();
|
|
146
|
+
audit.system(`HTTP L7 Sandbox Router active on port ${config.httpPort ?? 80}`);
|
|
147
|
+
this.sniProxy = new SniProxyService(config, config.httpsPort ?? 443);
|
|
148
|
+
await this.sniProxy.start();
|
|
149
|
+
audit.system(`SNI Proxy active on port ${config.httpsPort ?? 443}`);
|
|
150
|
+
}
|
|
151
|
+
catch (err) {
|
|
152
|
+
audit.error(`Fatal bind error during initialization: ${err.message}`);
|
|
153
|
+
await this.stop();
|
|
154
|
+
process.exit(1);
|
|
155
|
+
}
|
|
156
|
+
}
|
|
157
|
+
async stop() {
|
|
158
|
+
if (this.dnsHandler) {
|
|
159
|
+
await this.dnsHandler.stop();
|
|
160
|
+
this.dnsHandler = null;
|
|
161
|
+
}
|
|
162
|
+
if (this.httpHandler) {
|
|
163
|
+
await this.httpHandler.stop();
|
|
164
|
+
this.httpHandler = null;
|
|
165
|
+
}
|
|
166
|
+
if (this.sniProxy) {
|
|
167
|
+
await this.sniProxy.stop();
|
|
168
|
+
this.sniProxy = null;
|
|
169
|
+
}
|
|
170
|
+
audit.system("Subsystems halted. Sockets closed.");
|
|
171
|
+
}
|
|
172
|
+
}
|
|
130
173
|
async function startEngine(configPath, portOverride, cpPortOverride) {
|
|
131
174
|
const rawConfig = loadConfig(configPath);
|
|
132
175
|
if (portOverride) {
|
|
@@ -145,10 +188,8 @@ async function startEngine(configPath, portOverride, cpPortOverride) {
|
|
|
145
188
|
audit.error(`Configuration Schema Violation: ${err.message}`);
|
|
146
189
|
process.exit(1);
|
|
147
190
|
}
|
|
148
|
-
const
|
|
149
|
-
|
|
150
|
-
const httpHandler = new HttpHandler(dnsServer, config, 80);
|
|
151
|
-
const sniProxy = new SniProxyService(config, 443);
|
|
191
|
+
const daemon = new ZonzonDaemon();
|
|
192
|
+
await daemon.start(config);
|
|
152
193
|
const isCpEnabled = config.controlPlane?.enabled !== false;
|
|
153
194
|
let controlPlane = null;
|
|
154
195
|
let isEphemeralKey = false;
|
|
@@ -167,15 +208,24 @@ async function startEngine(configPath, portOverride, cpPortOverride) {
|
|
|
167
208
|
blindIndexSalt: blindIndexSalt,
|
|
168
209
|
initialConfig: config,
|
|
169
210
|
});
|
|
170
|
-
controlPlane.subscribe((newConfig) => {
|
|
211
|
+
controlPlane.subscribe(async (newConfig) => {
|
|
171
212
|
audit.system("Applying dynamic configuration update from Control Plane...");
|
|
213
|
+
await daemon.stop();
|
|
214
|
+
await daemon.start(newConfig);
|
|
172
215
|
});
|
|
216
|
+
await controlPlane.start();
|
|
217
|
+
if (isEphemeralKey) {
|
|
218
|
+
audit.system(`[SECURITY] Generated Ephemeral API Key for this session: ${activeApiKey}`);
|
|
219
|
+
audit.system(`[SECURITY] Do not lose this key. It will not be shown again.`);
|
|
220
|
+
}
|
|
221
|
+
else {
|
|
222
|
+
audit.system(`[SECURITY] Control Plane using static API Key from configuration.`);
|
|
223
|
+
}
|
|
173
224
|
}
|
|
225
|
+
audit.system("Initialization complete. Awaiting connections...");
|
|
174
226
|
const shutdown = async () => {
|
|
175
227
|
audit.system("Initiating graceful shutdown sequence...");
|
|
176
|
-
await
|
|
177
|
-
await httpHandler.stop();
|
|
178
|
-
await sniProxy.stop();
|
|
228
|
+
await daemon.stop();
|
|
179
229
|
if (controlPlane) {
|
|
180
230
|
await controlPlane.stop();
|
|
181
231
|
}
|
|
@@ -183,29 +233,6 @@ async function startEngine(configPath, portOverride, cpPortOverride) {
|
|
|
183
233
|
};
|
|
184
234
|
process.on("SIGINT", shutdown);
|
|
185
235
|
process.on("SIGTERM", shutdown);
|
|
186
|
-
try {
|
|
187
|
-
await dnsHandler.start();
|
|
188
|
-
audit.system(`DNS Listener actively enforcing Zero-Trust boundaries on port ${config.port}`);
|
|
189
|
-
await httpHandler.start();
|
|
190
|
-
audit.system(`HTTP L7 Sandbox Router active on port 80`);
|
|
191
|
-
await sniProxy.start();
|
|
192
|
-
audit.system(`SNI Proxy active on port 443`);
|
|
193
|
-
if (controlPlane) {
|
|
194
|
-
await controlPlane.start();
|
|
195
|
-
if (isEphemeralKey) {
|
|
196
|
-
audit.system(`[SECURITY] Generated Ephemeral API Key for this session: ${activeApiKey}`);
|
|
197
|
-
audit.system(`[SECURITY] Do not lose this key. It will not be shown again.`);
|
|
198
|
-
}
|
|
199
|
-
else {
|
|
200
|
-
audit.system(`[SECURITY] Control Plane using static API Key from configuration.`);
|
|
201
|
-
}
|
|
202
|
-
}
|
|
203
|
-
audit.system("Initialization complete. Awaiting connections...");
|
|
204
|
-
}
|
|
205
|
-
catch (err) {
|
|
206
|
-
audit.error(`Fatal bind error during initialization: ${err.message}`);
|
|
207
|
-
await shutdown();
|
|
208
|
-
}
|
|
209
236
|
}
|
|
210
237
|
async function main() {
|
|
211
238
|
const { values, positionals } = parseArgs({
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@opensecurity/zonzon-cli",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.4",
|
|
4
4
|
"description": "cli interface for zonzon",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"author": "Lucian BLETAN <neuraluc@gmail.com>",
|
|
@@ -28,10 +28,10 @@
|
|
|
28
28
|
"scripts": {
|
|
29
29
|
"build": "tsc -b",
|
|
30
30
|
"start": "node dist/cli.js",
|
|
31
|
-
"dev": "tsx watch src/cli.ts"
|
|
31
|
+
"dev:watch": "NODE_OPTIONS=--disable-warning=DEP0205 tsx watch src/cli.ts start --config ../../config/hosts.json"
|
|
32
32
|
},
|
|
33
33
|
"dependencies": {
|
|
34
|
-
"@opensecurity/zonzon-core": "^0.1.
|
|
35
|
-
"@opensecurity/zonzon-control-plane": "^0.1.
|
|
34
|
+
"@opensecurity/zonzon-core": "^0.1.4",
|
|
35
|
+
"@opensecurity/zonzon-control-plane": "^0.1.4"
|
|
36
36
|
}
|
|
37
37
|
}
|