@saws/host 2.0.0-beta.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/.tsbuildinfo +1 -0
- package/dist/host-readiness.d.ts +12 -0
- package/dist/host-readiness.d.ts.map +1 -0
- package/dist/host-readiness.js +171 -0
- package/dist/host.d.ts +48 -0
- package/dist/host.d.ts.map +1 -0
- package/dist/host.js +119 -0
- package/dist/host.test.d.ts +2 -0
- package/dist/host.test.d.ts.map +1 -0
- package/dist/host.test.js +70 -0
- package/dist/index.d.ts +3 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +1 -0
- package/package.json +31 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"fileNames":["../../../node_modules/typescript/lib/lib.es5.d.ts","../../../node_modules/typescript/lib/lib.es2015.d.ts","../../../node_modules/typescript/lib/lib.es2016.d.ts","../../../node_modules/typescript/lib/lib.es2017.d.ts","../../../node_modules/typescript/lib/lib.es2018.d.ts","../../../node_modules/typescript/lib/lib.es2019.d.ts","../../../node_modules/typescript/lib/lib.es2020.d.ts","../../../node_modules/typescript/lib/lib.es2021.d.ts","../../../node_modules/typescript/lib/lib.es2022.d.ts","../../../node_modules/typescript/lib/lib.dom.d.ts","../../../node_modules/typescript/lib/lib.es2015.core.d.ts","../../../node_modules/typescript/lib/lib.es2015.collection.d.ts","../../../node_modules/typescript/lib/lib.es2015.generator.d.ts","../../../node_modules/typescript/lib/lib.es2015.iterable.d.ts","../../../node_modules/typescript/lib/lib.es2015.promise.d.ts","../../../node_modules/typescript/lib/lib.es2015.proxy.d.ts","../../../node_modules/typescript/lib/lib.es2015.reflect.d.ts","../../../node_modules/typescript/lib/lib.es2015.symbol.d.ts","../../../node_modules/typescript/lib/lib.es2015.symbol.wellknown.d.ts","../../../node_modules/typescript/lib/lib.es2016.array.include.d.ts","../../../node_modules/typescript/lib/lib.es2016.intl.d.ts","../../../node_modules/typescript/lib/lib.es2017.arraybuffer.d.ts","../../../node_modules/typescript/lib/lib.es2017.date.d.ts","../../../node_modules/typescript/lib/lib.es2017.object.d.ts","../../../node_modules/typescript/lib/lib.es2017.sharedmemory.d.ts","../../../node_modules/typescript/lib/lib.es2017.string.d.ts","../../../node_modules/typescript/lib/lib.es2017.intl.d.ts","../../../node_modules/typescript/lib/lib.es2017.typedarrays.d.ts","../../../node_modules/typescript/lib/lib.es2018.asyncgenerator.d.ts","../../../node_modules/typescript/lib/lib.es2018.asynciterable.d.ts","../../../node_modules/typescript/lib/lib.es2018.intl.d.ts","../../../node_modules/typescript/lib/lib.es2018.promise.d.ts","../../../node_modules/typescript/lib/lib.es2018.regexp.d.ts","../../../node_modules/typescript/lib/lib.es2019.array.d.ts","../../../node_modules/typescript/lib/lib.es2019.object.d.ts","../../../node_modules/typescript/lib/lib.es2019.string.d.ts","../../../node_modules/typescript/lib/lib.es2019.symbol.d.ts","../../../node_modules/typescript/lib/lib.es2019.intl.d.ts","../../../node_modules/typescript/lib/lib.es2020.bigint.d.ts","../../../node_modules/typescript/lib/lib.es2020.date.d.ts","../../../node_modules/typescript/lib/lib.es2020.promise.d.ts","../../../node_modules/typescript/lib/lib.es2020.sharedmemory.d.ts","../../../node_modules/typescript/lib/lib.es2020.string.d.ts","../../../node_modules/typescript/lib/lib.es2020.symbol.wellknown.d.ts","../../../node_modules/typescript/lib/lib.es2020.intl.d.ts","../../../node_modules/typescript/lib/lib.es2020.number.d.ts","../../../node_modules/typescript/lib/lib.es2021.promise.d.ts","../../../node_modules/typescript/lib/lib.es2021.string.d.ts","../../../node_modules/typescript/lib/lib.es2021.weakref.d.ts","../../../node_modules/typescript/lib/lib.es2021.intl.d.ts","../../../node_modules/typescript/lib/lib.es2022.array.d.ts","../../../node_modules/typescript/lib/lib.es2022.error.d.ts","../../../node_modules/typescript/lib/lib.es2022.intl.d.ts","../../../node_modules/typescript/lib/lib.es2022.object.d.ts","../../../node_modules/typescript/lib/lib.es2022.string.d.ts","../../../node_modules/typescript/lib/lib.es2022.regexp.d.ts","../../../node_modules/typescript/lib/lib.decorators.d.ts","../../../node_modules/typescript/lib/lib.decorators.legacy.d.ts","../src/host-readiness.ts","../src/host.ts","../src/host.test.ts","../src/index.ts","../../../node_modules/@types/node/compatibility/disposable.d.ts","../../../node_modules/@types/node/compatibility/indexable.d.ts","../../../node_modules/@types/node/compatibility/iterators.d.ts","../../../node_modules/@types/node/compatibility/index.d.ts","../../../node_modules/@types/node/globals.typedarray.d.ts","../../../node_modules/@types/node/buffer.buffer.d.ts","../../../node_modules/@types/node/globals.d.ts","../../../node_modules/@types/node/web-globals/abortcontroller.d.ts","../../../node_modules/@types/node/web-globals/domexception.d.ts","../../../node_modules/@types/node/web-globals/events.d.ts","../../../node_modules/undici-types/header.d.ts","../../../node_modules/undici-types/readable.d.ts","../../../node_modules/undici-types/file.d.ts","../../../node_modules/undici-types/fetch.d.ts","../../../node_modules/undici-types/formdata.d.ts","../../../node_modules/undici-types/connector.d.ts","../../../node_modules/undici-types/client.d.ts","../../../node_modules/undici-types/errors.d.ts","../../../node_modules/undici-types/dispatcher.d.ts","../../../node_modules/undici-types/global-dispatcher.d.ts","../../../node_modules/undici-types/global-origin.d.ts","../../../node_modules/undici-types/pool-stats.d.ts","../../../node_modules/undici-types/pool.d.ts","../../../node_modules/undici-types/handlers.d.ts","../../../node_modules/undici-types/balanced-pool.d.ts","../../../node_modules/undici-types/agent.d.ts","../../../node_modules/undici-types/mock-interceptor.d.ts","../../../node_modules/undici-types/mock-agent.d.ts","../../../node_modules/undici-types/mock-client.d.ts","../../../node_modules/undici-types/mock-pool.d.ts","../../../node_modules/undici-types/mock-errors.d.ts","../../../node_modules/undici-types/proxy-agent.d.ts","../../../node_modules/undici-types/env-http-proxy-agent.d.ts","../../../node_modules/undici-types/retry-handler.d.ts","../../../node_modules/undici-types/retry-agent.d.ts","../../../node_modules/undici-types/api.d.ts","../../../node_modules/undici-types/interceptors.d.ts","../../../node_modules/undici-types/util.d.ts","../../../node_modules/undici-types/cookies.d.ts","../../../node_modules/undici-types/patch.d.ts","../../../node_modules/undici-types/websocket.d.ts","../../../node_modules/undici-types/eventsource.d.ts","../../../node_modules/undici-types/filereader.d.ts","../../../node_modules/undici-types/diagnostics-channel.d.ts","../../../node_modules/undici-types/content-type.d.ts","../../../node_modules/undici-types/cache.d.ts","../../../node_modules/undici-types/index.d.ts","../../../node_modules/@types/node/web-globals/fetch.d.ts","../../../node_modules/@types/node/assert.d.ts","../../../node_modules/@types/node/assert/strict.d.ts","../../../node_modules/@types/node/async_hooks.d.ts","../../../node_modules/@types/node/buffer.d.ts","../../../node_modules/@types/node/child_process.d.ts","../../../node_modules/@types/node/cluster.d.ts","../../../node_modules/@types/node/console.d.ts","../../../node_modules/@types/node/constants.d.ts","../../../node_modules/@types/node/crypto.d.ts","../../../node_modules/@types/node/dgram.d.ts","../../../node_modules/@types/node/diagnostics_channel.d.ts","../../../node_modules/@types/node/dns.d.ts","../../../node_modules/@types/node/dns/promises.d.ts","../../../node_modules/@types/node/domain.d.ts","../../../node_modules/@types/node/events.d.ts","../../../node_modules/@types/node/fs.d.ts","../../../node_modules/@types/node/fs/promises.d.ts","../../../node_modules/@types/node/http.d.ts","../../../node_modules/@types/node/http2.d.ts","../../../node_modules/@types/node/https.d.ts","../../../node_modules/@types/node/inspector.generated.d.ts","../../../node_modules/@types/node/module.d.ts","../../../node_modules/@types/node/net.d.ts","../../../node_modules/@types/node/os.d.ts","../../../node_modules/@types/node/path.d.ts","../../../node_modules/@types/node/perf_hooks.d.ts","../../../node_modules/@types/node/process.d.ts","../../../node_modules/@types/node/punycode.d.ts","../../../node_modules/@types/node/querystring.d.ts","../../../node_modules/@types/node/readline.d.ts","../../../node_modules/@types/node/readline/promises.d.ts","../../../node_modules/@types/node/repl.d.ts","../../../node_modules/@types/node/sea.d.ts","../../../node_modules/@types/node/stream.d.ts","../../../node_modules/@types/node/stream/promises.d.ts","../../../node_modules/@types/node/stream/consumers.d.ts","../../../node_modules/@types/node/stream/web.d.ts","../../../node_modules/@types/node/string_decoder.d.ts","../../../node_modules/@types/node/test.d.ts","../../../node_modules/@types/node/timers.d.ts","../../../node_modules/@types/node/timers/promises.d.ts","../../../node_modules/@types/node/tls.d.ts","../../../node_modules/@types/node/trace_events.d.ts","../../../node_modules/@types/node/tty.d.ts","../../../node_modules/@types/node/url.d.ts","../../../node_modules/@types/node/util.d.ts","../../../node_modules/@types/node/v8.d.ts","../../../node_modules/@types/node/vm.d.ts","../../../node_modules/@types/node/wasi.d.ts","../../../node_modules/@types/node/worker_threads.d.ts","../../../node_modules/@types/node/zlib.d.ts","../../../node_modules/@types/node/index.d.ts"],"fileIdsList":[[68,111,114],[68,113,114],[114],[68,114,119,147],[68,114,115,120,125,133,144,155],[68,114,115,116,125,133],[68,114],[63,64,65,68,114],[68,114,117,156],[68,114,118,119,126,134],[68,114,119,144,152],[68,114,120,122,125,133],[68,113,114,121],[68,114,122,123],[68,114,124,125],[68,113,114,125],[68,114,125,126,127,144,155],[68,114,125,126,127,140,144,147],[68,114,122,125,128,133,144,155],[68,114,125,126,128,129,133,144,152,155],[68,114,128,130,144,152,155],[66,67,68,69,70,71,72,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161],[68,114,125,131],[68,114,132,155,160],[68,114,122,125,133,144],[68,114,134],[68,114,135],[68,113,114,136],[68,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161],[68,114,138],[68,114,139],[68,114,125,140,141],[68,114,140,142,156,158],[68,114,125,144,145,147],[68,114,146,147],[68,114,144,145],[68,114,147],[68,114,148],[68,111,114,144,149],[68,114,125,150,151],[68,114,150,151],[68,114,119,133,144,152],[68,114,153],[68,114,133,154],[68,114,128,139,155],[68,114,119,156],[68,114,144,157],[68,114,132,158],[68,114,159],[68,109,114],[68,109,114,125,127,136,144,147,155,158,160],[68,114,144,161],[68,81,85,114,155],[68,81,114,144,155],[68,76,114],[68,78,81,114,152,155],[68,114,133,152],[68,114,162],[68,76,114,162],[68,78,81,114,133,155],[68,73,74,77,80,114,125,144,155],[68,81,88,114],[68,73,79,114],[68,81,102,103,114],[68,77,81,114,147,155,162],[68,102,114,162],[68,75,76,114,162],[68,81,114],[68,75,76,77,78,79,80,81,82,83,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,103,104,105,106,107,108,114],[68,81,96,114],[68,81,88,89,114],[68,79,81,89,90,114],[68,80,114],[68,73,76,81,114],[68,81,85,89,90,114],[68,85,114],[68,79,81,84,114,155],[68,73,78,81,88,114],[68,114,144],[68,76,81,102,114,160,162],[68,114,119],[60,68,112,114,149],[59,68,114,115],[59,60,68,114]],"fileInfos":[{"version":"c430d44666289dae81f30fa7b2edebf186ecc91a2d4c71266ea6ae76388792e1","affectsGlobalScope":true,"impliedFormat":1},{"version":"45b7ab580deca34ae9729e97c13cfd999df04416a79116c3bfb483804f85ded4","impliedFormat":1},{"version":"3facaf05f0c5fc569c5649dd359892c98a85557e3e0c847964caeb67076f4d75","impliedFormat":1},{"version":"e44bb8bbac7f10ecc786703fe0a6a4b952189f908707980ba8f3c8975a760962","impliedFormat":1},{"version":"5e1c4c362065a6b95ff952c0eab010f04dcd2c3494e813b493ecfd4fcb9fc0d8","impliedFormat":1},{"version":"68d73b4a11549f9c0b7d352d10e91e5dca8faa3322bfb77b661839c42b1ddec7","impliedFormat":1},{"version":"5efce4fc3c29ea84e8928f97adec086e3dc876365e0982cc8479a07954a3efd4","impliedFormat":1},{"version":"feecb1be483ed332fad555aff858affd90a48ab19ba7272ee084704eb7167569","impliedFormat":1},{"version":"ee7bad0c15b58988daa84371e0b89d313b762ab83cb5b31b8a2d1162e8eb41c2","impliedFormat":1},{"version":"080941d9f9ff9307f7e27a83bcd888b7c8270716c39af943532438932ec1d0b9","affectsGlobalScope":true,"impliedFormat":1},{"version":"c57796738e7f83dbc4b8e65132f11a377649c00dd3eee333f672b8f0a6bea671","affectsGlobalScope":true,"impliedFormat":1},{"version":"dc2df20b1bcdc8c2d34af4926e2c3ab15ffe1160a63e58b7e09833f616efff44","affectsGlobalScope":true,"impliedFormat":1},{"version":"515d0b7b9bea2e31ea4ec968e9edd2c39d3eebf4a2d5cbd04e88639819ae3b71","affectsGlobalScope":true,"impliedFormat":1},{"version":"0559b1f683ac7505ae451f9a96ce4c3c92bdc71411651ca6ddb0e88baaaad6a3","affectsGlobalScope":true,"impliedFormat":1},{"version":"0dc1e7ceda9b8b9b455c3a2d67b0412feab00bd2f66656cd8850e8831b08b537","affectsGlobalScope":true,"impliedFormat":1},{"version":"ce691fb9e5c64efb9547083e4a34091bcbe5bdb41027e310ebba8f7d96a98671","affectsGlobalScope":true,"impliedFormat":1},{"version":"8d697a2a929a5fcb38b7a65594020fcef05ec1630804a33748829c5ff53640d0","affectsGlobalScope":true,"impliedFormat":1},{"version":"4ff2a353abf8a80ee399af572debb8faab2d33ad38c4b4474cff7f26e7653b8d","affectsGlobalScope":true,"impliedFormat":1},{"version":"fb0f136d372979348d59b3f5020b4cdb81b5504192b1cacff5d1fbba29378aa1","affectsGlobalScope":true,"impliedFormat":1},{"version":"d15bea3d62cbbdb9797079416b8ac375ae99162a7fba5de2c6c505446486ac0a","affectsGlobalScope":true,"impliedFormat":1},{"version":"68d18b664c9d32a7336a70235958b8997ebc1c3b8505f4f1ae2b7e7753b87618","affectsGlobalScope":true,"impliedFormat":1},{"version":"eb3d66c8327153d8fa7dd03f9c58d351107fe824c79e9b56b462935176cdf12a","affectsGlobalScope":true,"impliedFormat":1},{"version":"38f0219c9e23c915ef9790ab1d680440d95419ad264816fa15009a8851e79119","affectsGlobalScope":true,"impliedFormat":1},{"version":"69ab18c3b76cd9b1be3d188eaf8bba06112ebbe2f47f6c322b5105a6fbc45a2e","affectsGlobalScope":true,"impliedFormat":1},{"version":"a680117f487a4d2f30ea46f1b4b7f58bef1480456e18ba53ee85c2746eeca012","affectsGlobalScope":true,"impliedFormat":1},{"version":"2f11ff796926e0832f9ae148008138ad583bd181899ab7dd768a2666700b1893","affectsGlobalScope":true,"impliedFormat":1},{"version":"4de680d5bb41c17f7f68e0419412ca23c98d5749dcaaea1896172f06435891fc","affectsGlobalScope":true,"impliedFormat":1},{"version":"954296b30da6d508a104a3a0b5d96b76495c709785c1d11610908e63481ee667","affectsGlobalScope":true,"impliedFormat":1},{"version":"ac9538681b19688c8eae65811b329d3744af679e0bdfa5d842d0e32524c73e1c","affectsGlobalScope":true,"impliedFormat":1},{"version":"0a969edff4bd52585473d24995c5ef223f6652d6ef46193309b3921d65dd4376","affectsGlobalScope":true,"impliedFormat":1},{"version":"9e9fbd7030c440b33d021da145d3232984c8bb7916f277e8ffd3dc2e3eae2bdb","affectsGlobalScope":true,"impliedFormat":1},{"version":"811ec78f7fefcabbda4bfa93b3eb67d9ae166ef95f9bff989d964061cbf81a0c","affectsGlobalScope":true,"impliedFormat":1},{"version":"717937616a17072082152a2ef351cb51f98802fb4b2fdabd32399843875974ca","affectsGlobalScope":true,"impliedFormat":1},{"version":"d7e7d9b7b50e5f22c915b525acc5a49a7a6584cf8f62d0569e557c5cfc4b2ac2","affectsGlobalScope":true,"impliedFormat":1},{"version":"71c37f4c9543f31dfced6c7840e068c5a5aacb7b89111a4364b1d5276b852557","affectsGlobalScope":true,"impliedFormat":1},{"version":"576711e016cf4f1804676043e6a0a5414252560eb57de9faceee34d79798c850","affectsGlobalScope":true,"impliedFormat":1},{"version":"89c1b1281ba7b8a96efc676b11b264de7a8374c5ea1e6617f11880a13fc56dc6","affectsGlobalScope":true,"impliedFormat":1},{"version":"74f7fa2d027d5b33eb0471c8e82a6c87216223181ec31247c357a3e8e2fddc5b","affectsGlobalScope":true,"impliedFormat":1},{"version":"d6d7ae4d1f1f3772e2a3cde568ed08991a8ae34a080ff1151af28b7f798e22ca","affectsGlobalScope":true,"impliedFormat":1},{"version":"063600664504610fe3e99b717a1223f8b1900087fab0b4cad1496a114744f8df","affectsGlobalScope":true,"impliedFormat":1},{"version":"934019d7e3c81950f9a8426d093458b65d5aff2c7c1511233c0fd5b941e608ab","affectsGlobalScope":true,"impliedFormat":1},{"version":"52ada8e0b6e0482b728070b7639ee42e83a9b1c22d205992756fe020fd9f4a47","affectsGlobalScope":true,"impliedFormat":1},{"version":"3bdefe1bfd4d6dee0e26f928f93ccc128f1b64d5d501ff4a8cf3c6371200e5e6","affectsGlobalScope":true,"impliedFormat":1},{"version":"59fb2c069260b4ba00b5643b907ef5d5341b167e7d1dbf58dfd895658bda2867","affectsGlobalScope":true,"impliedFormat":1},{"version":"639e512c0dfc3fad96a84caad71b8834d66329a1f28dc95e3946c9b58176c73a","affectsGlobalScope":true,"impliedFormat":1},{"version":"368af93f74c9c932edd84c58883e736c9e3d53cec1fe24c0b0ff451f529ceab1","affectsGlobalScope":true,"impliedFormat":1},{"version":"af3dd424cf267428f30ccfc376f47a2c0114546b55c44d8c0f1d57d841e28d74","affectsGlobalScope":true,"impliedFormat":1},{"version":"995c005ab91a498455ea8dfb63aa9f83fa2ea793c3d8aa344be4a1678d06d399","affectsGlobalScope":true,"impliedFormat":1},{"version":"959d36cddf5e7d572a65045b876f2956c973a586da58e5d26cde519184fd9b8a","affectsGlobalScope":true,"impliedFormat":1},{"version":"965f36eae237dd74e6cca203a43e9ca801ce38824ead814728a2807b1910117d","affectsGlobalScope":true,"impliedFormat":1},{"version":"3925a6c820dcb1a06506c90b1577db1fdbf7705d65b62b99dce4be75c637e26b","affectsGlobalScope":true,"impliedFormat":1},{"version":"0a3d63ef2b853447ec4f749d3f368ce642264246e02911fcb1590d8c161b8005","affectsGlobalScope":true,"impliedFormat":1},{"version":"8cdf8847677ac7d20486e54dd3fcf09eda95812ac8ace44b4418da1bbbab6eb8","affectsGlobalScope":true,"impliedFormat":1},{"version":"8444af78980e3b20b49324f4a16ba35024fef3ee069a0eb67616ea6ca821c47a","affectsGlobalScope":true,"impliedFormat":1},{"version":"3287d9d085fbd618c3971944b65b4be57859f5415f495b33a6adc994edd2f004","affectsGlobalScope":true,"impliedFormat":1},{"version":"b4b67b1a91182421f5df999988c690f14d813b9850b40acd06ed44691f6727ad","affectsGlobalScope":true,"impliedFormat":1},{"version":"8e7f8264d0fb4c5339605a15daadb037bf238c10b654bb3eee14208f860a32ea","affectsGlobalScope":true,"impliedFormat":1},{"version":"782dec38049b92d4e85c1585fbea5474a219c6984a35b004963b00beb1aab538","affectsGlobalScope":true,"impliedFormat":1},{"version":"046154c5bd7d3b8baf51174a8e69bb22de6dc6451bac9e918a0231c5c2c712d8","signature":"67497091bc5106f247155c0e4492c254c1146035ace78f8e23e6888967090ff1","impliedFormat":99},{"version":"09ee59ab90345a7e71d522226cbe8eda6495107b91e9514f5d900edc74c5dd13","signature":"f096d47d865bec76322fca225dc326087bf5f02f0943a6739e4e81047b735fc8","impliedFormat":99},{"version":"a8e707f9277e82a4cd93ce29a777ac77a349f45091dcd0c29018a4e82472f3f4","signature":"8e609bb71c20b858c77f0e9f90bb1319db8477b13f9f965f1a1e18524bf50881","impliedFormat":99},{"version":"e058b64f7116f08c7a64ad5bbce0cb94d062ffe03d027a4f6ce6951674cb2eb9","impliedFormat":99},{"version":"70521b6ab0dcba37539e5303104f29b721bfb2940b2776da4cc818c07e1fefc1","affectsGlobalScope":true,"impliedFormat":1},{"version":"ab41ef1f2cdafb8df48be20cd969d875602483859dc194e9c97c8a576892c052","affectsGlobalScope":true,"impliedFormat":1},{"version":"d153a11543fd884b596587ccd97aebbeed950b26933ee000f94009f1ab142848","affectsGlobalScope":true,"impliedFormat":1},{"version":"21d819c173c0cf7cc3ce57c3276e77fd9a8a01d35a06ad87158781515c9a438a","impliedFormat":1},{"version":"98cffbf06d6bab333473c70a893770dbe990783904002c4f1a960447b4b53dca","affectsGlobalScope":true,"impliedFormat":1},{"version":"ba481bca06f37d3f2c137ce343c7d5937029b2468f8e26111f3c9d9963d6568d","affectsGlobalScope":true,"impliedFormat":1},{"version":"6d9ef24f9a22a88e3e9b3b3d8c40ab1ddb0853f1bfbd5c843c37800138437b61","affectsGlobalScope":true,"impliedFormat":1},{"version":"1db0b7dca579049ca4193d034d835f6bfe73096c73663e5ef9a0b5779939f3d0","affectsGlobalScope":true,"impliedFormat":1},{"version":"9798340ffb0d067d69b1ae5b32faa17ab31b82466a3fc00d8f2f2df0c8554aaa","affectsGlobalScope":true,"impliedFormat":1},{"version":"f26b11d8d8e4b8028f1c7d618b22274c892e4b0ef5b3678a8ccbad85419aef43","affectsGlobalScope":true,"impliedFormat":1},{"version":"5929864ce17fba74232584d90cb721a89b7ad277220627cc97054ba15a98ea8f","impliedFormat":1},{"version":"763fe0f42b3d79b440a9b6e51e9ba3f3f91352469c1e4b3b67bfa4ff6352f3f4","impliedFormat":1},{"version":"25c8056edf4314820382a5fdb4bb7816999acdcb929c8f75e3f39473b87e85bc","impliedFormat":1},{"version":"c464d66b20788266e5353b48dc4aa6bc0dc4a707276df1e7152ab0c9ae21fad8","impliedFormat":1},{"version":"78d0d27c130d35c60b5e5566c9f1e5be77caf39804636bc1a40133919a949f21","impliedFormat":1},{"version":"c6fd2c5a395f2432786c9cb8deb870b9b0e8ff7e22c029954fabdd692bff6195","impliedFormat":1},{"version":"1d6e127068ea8e104a912e42fc0a110e2aa5a66a356a917a163e8cf9a65e4a75","impliedFormat":1},{"version":"5ded6427296cdf3b9542de4471d2aa8d3983671d4cac0f4bf9c637208d1ced43","impliedFormat":1},{"version":"7f182617db458e98fc18dfb272d40aa2fff3a353c44a89b2c0ccb3937709bfb5","impliedFormat":1},{"version":"cadc8aced301244057c4e7e73fbcae534b0f5b12a37b150d80e5a45aa4bebcbd","impliedFormat":1},{"version":"385aab901643aa54e1c36f5ef3107913b10d1b5bb8cbcd933d4263b80a0d7f20","impliedFormat":1},{"version":"9670d44354bab9d9982eca21945686b5c24a3f893db73c0dae0fd74217a4c219","impliedFormat":1},{"version":"0b8a9268adaf4da35e7fa830c8981cfa22adbbe5b3f6f5ab91f6658899e657a7","impliedFormat":1},{"version":"11396ed8a44c02ab9798b7dca436009f866e8dae3c9c25e8c1fbc396880bf1bb","impliedFormat":1},{"version":"ba7bc87d01492633cb5a0e5da8a4a42a1c86270e7b3d2dea5d156828a84e4882","impliedFormat":1},{"version":"4893a895ea92c85345017a04ed427cbd6a1710453338df26881a6019432febdd","impliedFormat":1},{"version":"c21dc52e277bcfc75fac0436ccb75c204f9e1b3fa5e12729670910639f27343e","impliedFormat":1},{"version":"13f6f39e12b1518c6650bbb220c8985999020fe0f21d818e28f512b7771d00f9","impliedFormat":1},{"version":"9b5369969f6e7175740bf51223112ff209f94ba43ecd3bb09eefff9fd675624a","impliedFormat":1},{"version":"4fe9e626e7164748e8769bbf74b538e09607f07ed17c2f20af8d680ee49fc1da","impliedFormat":1},{"version":"24515859bc0b836719105bb6cc3d68255042a9f02a6022b3187948b204946bd2","impliedFormat":1},{"version":"ea0148f897b45a76544ae179784c95af1bd6721b8610af9ffa467a518a086a43","impliedFormat":1},{"version":"24c6a117721e606c9984335f71711877293a9651e44f59f3d21c1ea0856f9cc9","impliedFormat":1},{"version":"dd3273ead9fbde62a72949c97dbec2247ea08e0c6952e701a483d74ef92d6a17","impliedFormat":1},{"version":"405822be75ad3e4d162e07439bac80c6bcc6dbae1929e179cf467ec0b9ee4e2e","impliedFormat":1},{"version":"0db18c6e78ea846316c012478888f33c11ffadab9efd1cc8bcc12daded7a60b6","impliedFormat":1},{"version":"e61be3f894b41b7baa1fbd6a66893f2579bfad01d208b4ff61daef21493ef0a8","impliedFormat":1},{"version":"bd0532fd6556073727d28da0edfd1736417a3f9f394877b6d5ef6ad88fba1d1a","impliedFormat":1},{"version":"89167d696a849fce5ca508032aabfe901c0868f833a8625d5a9c6e861ef935d2","impliedFormat":1},{"version":"615ba88d0128ed16bf83ef8ccbb6aff05c3ee2db1cc0f89ab50a4939bfc1943f","impliedFormat":1},{"version":"a4d551dbf8746780194d550c88f26cf937caf8d56f102969a110cfaed4b06656","impliedFormat":1},{"version":"8bd86b8e8f6a6aa6c49b71e14c4ffe1211a0e97c80f08d2c8cc98838006e4b88","impliedFormat":1},{"version":"317e63deeb21ac07f3992f5b50cdca8338f10acd4fbb7257ebf56735bf52ab00","impliedFormat":1},{"version":"4732aec92b20fb28c5fe9ad99521fb59974289ed1e45aecb282616202184064f","impliedFormat":1},{"version":"2e85db9e6fd73cfa3d7f28e0ab6b55417ea18931423bd47b409a96e4a169e8e6","impliedFormat":1},{"version":"c46e079fe54c76f95c67fb89081b3e399da2c7d109e7dca8e4b58d83e332e605","impliedFormat":1},{"version":"bf67d53d168abc1298888693338cb82854bdb2e69ef83f8a0092093c2d562107","impliedFormat":1},{"version":"b52476feb4a0cbcb25e5931b930fc73cb6643fb1a5060bf8a3dda0eeae5b4b68","affectsGlobalScope":true,"impliedFormat":1},{"version":"e2677634fe27e87348825bb041651e22d50a613e2fdf6a4a3ade971d71bac37e","impliedFormat":1},{"version":"7394959e5a741b185456e1ef5d64599c36c60a323207450991e7a42e08911419","impliedFormat":1},{"version":"8c0bcd6c6b67b4b503c11e91a1fb91522ed585900eab2ab1f61bba7d7caa9d6f","impliedFormat":1},{"version":"8cd19276b6590b3ebbeeb030ac271871b9ed0afc3074ac88a94ed2449174b776","affectsGlobalScope":true,"impliedFormat":1},{"version":"696eb8d28f5949b87d894b26dc97318ef944c794a9a4e4f62360cd1d1958014b","impliedFormat":1},{"version":"3f8fa3061bd7402970b399300880d55257953ee6d3cd408722cb9ac20126460c","impliedFormat":1},{"version":"35ec8b6760fd7138bbf5809b84551e31028fb2ba7b6dc91d95d098bf212ca8b4","affectsGlobalScope":true,"impliedFormat":1},{"version":"5524481e56c48ff486f42926778c0a3cce1cc85dc46683b92b1271865bcf015a","impliedFormat":1},{"version":"68bd56c92c2bd7d2339457eb84d63e7de3bd56a69b25f3576e1568d21a162398","affectsGlobalScope":true,"impliedFormat":1},{"version":"3e93b123f7c2944969d291b35fed2af79a6e9e27fdd5faa99748a51c07c02d28","impliedFormat":1},{"version":"9d19808c8c291a9010a6c788e8532a2da70f811adb431c97520803e0ec649991","impliedFormat":1},{"version":"87aad3dd9752067dc875cfaa466fc44246451c0c560b820796bdd528e29bef40","impliedFormat":1},{"version":"4aacb0dd020eeaef65426153686cc639a78ec2885dc72ad220be1d25f1a439df","impliedFormat":1},{"version":"f0bd7e6d931657b59605c44112eaf8b980ba7f957a5051ed21cb93d978cf2f45","impliedFormat":1},{"version":"8db0ae9cb14d9955b14c214f34dae1b9ef2baee2fe4ce794a4cd3ac2531e3255","affectsGlobalScope":true,"impliedFormat":1},{"version":"15fc6f7512c86810273af28f224251a5a879e4261b4d4c7e532abfbfc3983134","impliedFormat":1},{"version":"58adba1a8ab2d10b54dc1dced4e41f4e7c9772cbbac40939c0dc8ce2cdb1d442","impliedFormat":1},{"version":"641942a78f9063caa5d6b777c99304b7d1dc7328076038c6d94d8a0b81fc95c1","impliedFormat":1},{"version":"1123a83f35cf56c97de746f0a7250012153c61a167e4a61668bf50e558162d14","impliedFormat":1},{"version":"855cd5f7eb396f5f1ab1bc0f8580339bff77b68a770f84c6b254e319bbfd1ac7","impliedFormat":1},{"version":"5650cf3dace09e7c25d384e3e6b818b938f68f4e8de96f52d9c5a1b3db068e86","impliedFormat":1},{"version":"1354ca5c38bd3fd3836a68e0f7c9f91f172582ba30ab15bb8c075891b91502b7","affectsGlobalScope":true,"impliedFormat":1},{"version":"7e20d899c28ca26a2a7afc98beaa69e63ff7fba0a8bc47b4e3bf3ede5e09e424","impliedFormat":1},{"version":"2d2fcaab481b31a5882065c7951255703ddbe1c0e507af56ea42d79ac3911201","impliedFormat":1},{"version":"a192fe8ec33f75edbc8d8f3ed79f768dfae11ff5735e7fe52bfa69956e46d78d","impliedFormat":1},{"version":"ca867399f7db82df981d6915bcbb2d81131d7d1ef683bc782b59f71dda59bc85","affectsGlobalScope":true,"impliedFormat":1},{"version":"372413016d17d804e1d139418aca0c68e47a83fb6669490857f4b318de8cccb3","affectsGlobalScope":true,"impliedFormat":1},{"version":"9e043a1bc8fbf2a255bccf9bf27e0f1caf916c3b0518ea34aa72357c0afd42ec","impliedFormat":1},{"version":"b4f70ec656a11d570e1a9edce07d118cd58d9760239e2ece99306ee9dfe61d02","impliedFormat":1},{"version":"3bc2f1e2c95c04048212c569ed38e338873f6a8593930cf5a7ef24ffb38fc3b6","impliedFormat":1},{"version":"6e70e9570e98aae2b825b533aa6292b6abd542e8d9f6e9475e88e1d7ba17c866","impliedFormat":1},{"version":"f9d9d753d430ed050dc1bf2667a1bab711ccbb1c1507183d794cc195a5b085cc","impliedFormat":1},{"version":"9eece5e586312581ccd106d4853e861aaaa1a39f8e3ea672b8c3847eedd12f6e","impliedFormat":1},{"version":"085f552d005479e2e6a7311cdbbe5d8c55c497b4d19274285df161ee9684cd9c","impliedFormat":1},{"version":"37ba7b45141a45ce6e80e66f2a96c8a5ab1bcef0fc2d0f56bb58df96ec67e972","impliedFormat":1},{"version":"45650f47bfb376c8a8ed39d4bcda5902ab899a3150029684ee4c10676d9fbaee","impliedFormat":1},{"version":"007faacc9268357caa21d24169f3f3f2497af3e9241308df2d89f6e6d9bb3f2e","affectsGlobalScope":true,"impliedFormat":1},{"version":"74cf591a0f63db318651e0e04cb55f8791385f86e987a67fd4d2eaab8191f730","impliedFormat":1},{"version":"5eab9b3dc9b34f185417342436ec3f106898da5f4801992d8ff38ab3aff346b5","impliedFormat":1},{"version":"12ed4559eba17cd977aa0db658d25c4047067444b51acfdcbf38470630642b23","affectsGlobalScope":true,"impliedFormat":1},{"version":"f3ffabc95802521e1e4bcba4c88d8615176dc6e09111d920c7a213bdda6e1d65","impliedFormat":1},{"version":"809821b8a065e3234a55b3a9d7846231ed18d66dd749f2494c66288d890daf7f","impliedFormat":1},{"version":"ae56f65caf3be91108707bd8dfbccc2a57a91feb5daabf7165a06a945545ed26","impliedFormat":1},{"version":"a136d5de521da20f31631a0a96bf712370779d1c05b7015d7019a9b2a0446ca9","impliedFormat":1},{"version":"c3b41e74b9a84b88b1dca61ec39eee25c0dbc8e7d519ba11bb070918cfacf656","affectsGlobalScope":true,"impliedFormat":1},{"version":"4737a9dc24d0e68b734e6cfbcea0c15a2cfafeb493485e27905f7856988c6b29","affectsGlobalScope":true,"impliedFormat":1},{"version":"36d8d3e7506b631c9582c251a2c0b8a28855af3f76719b12b534c6edf952748d","impliedFormat":1},{"version":"1ca69210cc42729e7ca97d3a9ad48f2e9cb0042bada4075b588ae5387debd318","impliedFormat":1},{"version":"f5ebe66baaf7c552cfa59d75f2bfba679f329204847db3cec385acda245e574e","impliedFormat":1},{"version":"ed59add13139f84da271cafd32e2171876b0a0af2f798d0c663e8eeb867732cf","affectsGlobalScope":true,"impliedFormat":1},{"version":"b7c5e2ea4a9749097c347454805e933844ed207b6eefec6b7cfd418b5f5f7b28","impliedFormat":1},{"version":"b1810689b76fd473bd12cc9ee219f8e62f54a7d08019a235d07424afbf074d25","impliedFormat":1}],"root":[[59,62]],"options":{"allowSyntheticDefaultImports":true,"composite":true,"declaration":true,"declarationMap":true,"esModuleInterop":true,"module":100,"outDir":"./","rootDir":"../src","skipLibCheck":true,"strict":true,"target":9,"tsBuildInfoFile":"./.tsbuildinfo"},"referencedMap":[[111,1],[112,1],[113,2],[68,3],[114,4],[115,5],[116,6],[63,7],[66,8],[64,7],[65,7],[117,9],[118,10],[119,11],[120,12],[121,13],[122,14],[123,14],[124,15],[125,16],[126,17],[127,18],[69,7],[67,7],[128,19],[129,20],[130,21],[162,22],[131,23],[132,24],[133,25],[134,26],[135,27],[136,28],[137,29],[138,30],[139,31],[140,32],[141,32],[142,33],[143,7],[144,34],[146,35],[145,36],[147,37],[148,38],[149,39],[150,40],[151,41],[152,42],[153,43],[154,44],[155,45],[156,46],[157,47],[158,48],[159,49],[70,7],[71,7],[72,7],[110,50],[160,51],[161,52],[57,7],[58,7],[10,7],[12,7],[11,7],[2,7],[13,7],[14,7],[15,7],[16,7],[17,7],[18,7],[19,7],[20,7],[3,7],[21,7],[22,7],[4,7],[23,7],[27,7],[24,7],[25,7],[26,7],[28,7],[29,7],[30,7],[5,7],[31,7],[32,7],[33,7],[34,7],[6,7],[38,7],[35,7],[36,7],[37,7],[39,7],[7,7],[40,7],[45,7],[46,7],[41,7],[42,7],[43,7],[44,7],[8,7],[50,7],[47,7],[48,7],[49,7],[51,7],[9,7],[52,7],[53,7],[54,7],[56,7],[55,7],[1,7],[88,53],[98,54],[87,53],[108,55],[79,56],[78,57],[107,58],[101,59],[106,60],[81,61],[95,62],[80,63],[104,64],[76,65],[75,58],[105,66],[77,67],[82,68],[83,7],[86,68],[73,7],[109,69],[99,70],[90,71],[91,72],[93,73],[89,74],[92,75],[102,58],[84,76],[85,77],[94,78],[74,79],[97,70],[96,68],[100,7],[103,80],[59,81],[61,82],[60,83],[62,84]],"latestChangedDtsFile":"./index.d.ts","version":"5.9.3"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
export type HostExposure = "tunnel" | "public";
|
|
2
|
+
export interface HostReadinessConfig {
|
|
3
|
+
name: string;
|
|
4
|
+
deploymentUser: string;
|
|
5
|
+
exposure: HostExposure;
|
|
6
|
+
sshPort: number;
|
|
7
|
+
allowedTcpPorts: number[];
|
|
8
|
+
}
|
|
9
|
+
export declare function getReadinessHash(config: HostReadinessConfig): string;
|
|
10
|
+
export declare function readinessCheckScript(config: HostReadinessConfig): string;
|
|
11
|
+
export declare function readinessConfigureScript(config: HostReadinessConfig): string;
|
|
12
|
+
//# sourceMappingURL=host-readiness.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"host-readiness.d.ts","sourceRoot":"","sources":["../src/host-readiness.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,YAAY,GAAG,QAAQ,GAAG,QAAQ,CAAC;AAE/C,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,YAAY,CAAC;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAMD,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,mBAAmB,UAS3D;AAED,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,mBAAmB,UA6B/D;AAED,wBAAgB,wBAAwB,CAAC,MAAM,EAAE,mBAAmB,UAmInE"}
|
|
@@ -0,0 +1,171 @@
|
|
|
1
|
+
import { createHash } from "node:crypto";
|
|
2
|
+
const READINESS_VERSION = 1;
|
|
3
|
+
const READINESS_DIRECTORY = "/etc/saws";
|
|
4
|
+
const READINESS_FILE = `${READINESS_DIRECTORY}/host-readiness`;
|
|
5
|
+
export function getReadinessHash(config) {
|
|
6
|
+
return createHash("sha256")
|
|
7
|
+
.update(JSON.stringify({
|
|
8
|
+
version: READINESS_VERSION,
|
|
9
|
+
exposure: config.exposure,
|
|
10
|
+
sshPort: config.sshPort,
|
|
11
|
+
allowedTcpPorts: config.allowedTcpPorts,
|
|
12
|
+
}))
|
|
13
|
+
.digest("hex");
|
|
14
|
+
}
|
|
15
|
+
export function readinessCheckScript(config) {
|
|
16
|
+
const hash = getReadinessHash(config);
|
|
17
|
+
const configureCommand = `saws host configure ${config.name}`;
|
|
18
|
+
return `expected=${shellQuote(hash)}
|
|
19
|
+
actual=$(cat ${shellQuote(READINESS_FILE)} 2>/dev/null || true)
|
|
20
|
+
if [ "$actual" != "$expected" ]; then
|
|
21
|
+
echo ${shellQuote(`Host "${config.name}" is not configured for this deployment. Run: ${configureCommand}`)} >&2
|
|
22
|
+
exit 78
|
|
23
|
+
fi
|
|
24
|
+
if ! command -v docker >/dev/null 2>&1 || ! docker info >/dev/null 2>&1; then
|
|
25
|
+
echo ${shellQuote(`Docker is not ready on host "${config.name}". Run: ${configureCommand}`)} >&2
|
|
26
|
+
exit 78
|
|
27
|
+
fi
|
|
28
|
+
if ! systemctl is-active --quiet docker ||
|
|
29
|
+
! systemctl is-active --quiet fail2ban ||
|
|
30
|
+
! systemctl is-active --quiet ufw ||
|
|
31
|
+
[ ! -r /etc/ssh/sshd_config.d/00-saws-hardening.conf ] ||
|
|
32
|
+
[ ! -r /etc/sysctl.d/60-saws-hardening.conf ] ||
|
|
33
|
+
[ ! -r /etc/apt/apt.conf.d/20auto-upgrades ]; then
|
|
34
|
+
echo ${shellQuote(`Host "${config.name}" has drifted from the required security baseline. Run: ${configureCommand}`)} >&2
|
|
35
|
+
exit 78
|
|
36
|
+
fi`;
|
|
37
|
+
}
|
|
38
|
+
export function readinessConfigureScript(config) {
|
|
39
|
+
const applicationPorts = config.allowedTcpPorts.join(" ");
|
|
40
|
+
const firewallPorts = [config.sshPort, ...config.allowedTcpPorts]
|
|
41
|
+
.filter((port, index, ports) => ports.indexOf(port) === index)
|
|
42
|
+
.join(" ");
|
|
43
|
+
const hash = getReadinessHash(config);
|
|
44
|
+
return `export DEBIAN_FRONTEND=noninteractive
|
|
45
|
+
deployment_user=${shellQuote(config.deploymentUser)}
|
|
46
|
+
if [ "$(uname -s)" != "Linux" ] || [ ! -r /etc/os-release ]; then
|
|
47
|
+
echo "SAWS host configuration supports Debian and Ubuntu Linux only" >&2
|
|
48
|
+
exit 1
|
|
49
|
+
fi
|
|
50
|
+
. /etc/os-release
|
|
51
|
+
case "\${ID:-}" in
|
|
52
|
+
debian|ubuntu) ;;
|
|
53
|
+
*)
|
|
54
|
+
echo "SAWS host configuration does not support \${PRETTY_NAME:-this operating system}" >&2
|
|
55
|
+
exit 1
|
|
56
|
+
;;
|
|
57
|
+
esac
|
|
58
|
+
|
|
59
|
+
apt-get update
|
|
60
|
+
apt-get install -y ca-certificates fail2ban ufw unattended-upgrades iptables-persistent
|
|
61
|
+
if ! command -v docker >/dev/null 2>&1; then
|
|
62
|
+
apt-get install -y docker.io
|
|
63
|
+
fi
|
|
64
|
+
systemctl enable --now docker
|
|
65
|
+
docker info >/dev/null
|
|
66
|
+
|
|
67
|
+
if ! id "$deployment_user" >/dev/null 2>&1; then
|
|
68
|
+
echo "Deployment user $deployment_user does not exist" >&2
|
|
69
|
+
exit 1
|
|
70
|
+
fi
|
|
71
|
+
if [ "$deployment_user" != root ]; then
|
|
72
|
+
usermod -aG docker "$deployment_user"
|
|
73
|
+
fi
|
|
74
|
+
|
|
75
|
+
authorized_keys=$(getent passwd "$deployment_user" | cut -d: -f6)/.ssh/authorized_keys
|
|
76
|
+
if [ ! -s "$authorized_keys" ]; then
|
|
77
|
+
echo "Refusing to disable SSH passwords: $authorized_keys is missing or empty" >&2
|
|
78
|
+
exit 1
|
|
79
|
+
fi
|
|
80
|
+
|
|
81
|
+
install -d -m 0755 /etc/ssh/sshd_config.d
|
|
82
|
+
rm -f /etc/ssh/sshd_config.d/60-saws-hardening.conf
|
|
83
|
+
cat > /etc/ssh/sshd_config.d/00-saws-hardening.conf <<'EOF'
|
|
84
|
+
PasswordAuthentication no
|
|
85
|
+
KbdInteractiveAuthentication no
|
|
86
|
+
PermitEmptyPasswords no
|
|
87
|
+
PermitRootLogin prohibit-password
|
|
88
|
+
PubkeyAuthentication yes
|
|
89
|
+
X11Forwarding no
|
|
90
|
+
MaxAuthTries 3
|
|
91
|
+
EOF
|
|
92
|
+
sshd -t
|
|
93
|
+
sshd -T | grep -qx 'passwordauthentication no'
|
|
94
|
+
sshd -T | grep -qx 'kbdinteractiveauthentication no'
|
|
95
|
+
sshd -T | grep -qx 'pubkeyauthentication yes'
|
|
96
|
+
|
|
97
|
+
cat > /etc/sysctl.d/60-saws-hardening.conf <<'EOF'
|
|
98
|
+
net.ipv4.conf.all.accept_redirects=0
|
|
99
|
+
net.ipv4.conf.default.accept_redirects=0
|
|
100
|
+
net.ipv4.conf.all.send_redirects=0
|
|
101
|
+
net.ipv4.conf.default.send_redirects=0
|
|
102
|
+
net.ipv4.conf.all.rp_filter=1
|
|
103
|
+
net.ipv4.conf.default.rp_filter=1
|
|
104
|
+
net.ipv4.tcp_syncookies=1
|
|
105
|
+
net.ipv6.conf.all.accept_redirects=0
|
|
106
|
+
net.ipv6.conf.default.accept_redirects=0
|
|
107
|
+
EOF
|
|
108
|
+
sysctl --system >/dev/null
|
|
109
|
+
|
|
110
|
+
cat > /etc/apt/apt.conf.d/20auto-upgrades <<'EOF'
|
|
111
|
+
APT::Periodic::Update-Package-Lists "1";
|
|
112
|
+
APT::Periodic::Unattended-Upgrade "1";
|
|
113
|
+
EOF
|
|
114
|
+
install -d -m 0755 /etc/fail2ban/jail.d
|
|
115
|
+
cat > /etc/fail2ban/jail.d/saws.conf <<EOF
|
|
116
|
+
[sshd]
|
|
117
|
+
enabled = true
|
|
118
|
+
port = ${config.sshPort}
|
|
119
|
+
EOF
|
|
120
|
+
systemctl enable --now fail2ban
|
|
121
|
+
systemctl restart fail2ban
|
|
122
|
+
|
|
123
|
+
ufw --force reset
|
|
124
|
+
ufw default deny incoming
|
|
125
|
+
ufw default allow outgoing
|
|
126
|
+
for port in ${firewallPorts}; do
|
|
127
|
+
ufw allow "$port/tcp"
|
|
128
|
+
done
|
|
129
|
+
ufw --force enable
|
|
130
|
+
|
|
131
|
+
external_interface=$(ip -4 route list default | awk 'NR == 1 { print $5 }')
|
|
132
|
+
if [ -z "$external_interface" ]; then
|
|
133
|
+
echo "Could not determine the host's external network interface" >&2
|
|
134
|
+
exit 1
|
|
135
|
+
fi
|
|
136
|
+
iptables -N DOCKER-USER 2>/dev/null || true
|
|
137
|
+
iptables -N SAWS-DOCKER 2>/dev/null || true
|
|
138
|
+
iptables -F SAWS-DOCKER
|
|
139
|
+
iptables -A SAWS-DOCKER -i "$external_interface" -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
|
|
140
|
+
for port in ${applicationPorts}; do
|
|
141
|
+
iptables -A SAWS-DOCKER -i "$external_interface" -p tcp -m conntrack --ctorigdstport "$port" -j ACCEPT
|
|
142
|
+
done
|
|
143
|
+
iptables -A SAWS-DOCKER -i "$external_interface" -j DROP
|
|
144
|
+
iptables -A SAWS-DOCKER -j RETURN
|
|
145
|
+
iptables -C DOCKER-USER -j SAWS-DOCKER 2>/dev/null || iptables -I DOCKER-USER 1 -j SAWS-DOCKER
|
|
146
|
+
|
|
147
|
+
if ip6tables -nL DOCKER-USER >/dev/null 2>&1; then
|
|
148
|
+
external_interface6=$(ip -6 route list default | awk 'NR == 1 { print $5 }')
|
|
149
|
+
if [ -n "$external_interface6" ]; then
|
|
150
|
+
ip6tables -N SAWS-DOCKER 2>/dev/null || true
|
|
151
|
+
ip6tables -F SAWS-DOCKER
|
|
152
|
+
ip6tables -A SAWS-DOCKER -i "$external_interface6" -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
|
|
153
|
+
for port in ${applicationPorts}; do
|
|
154
|
+
ip6tables -A SAWS-DOCKER -i "$external_interface6" -p tcp -m conntrack --ctorigdstport "$port" -j ACCEPT
|
|
155
|
+
done
|
|
156
|
+
ip6tables -A SAWS-DOCKER -i "$external_interface6" -j DROP
|
|
157
|
+
ip6tables -A SAWS-DOCKER -j RETURN
|
|
158
|
+
ip6tables -C DOCKER-USER -j SAWS-DOCKER 2>/dev/null || ip6tables -I DOCKER-USER 1 -j SAWS-DOCKER
|
|
159
|
+
fi
|
|
160
|
+
fi
|
|
161
|
+
netfilter-persistent save
|
|
162
|
+
|
|
163
|
+
systemctl reload ssh 2>/dev/null || systemctl reload sshd
|
|
164
|
+
install -d -m 0755 ${shellQuote(READINESS_DIRECTORY)}
|
|
165
|
+
printf '%s\\n' ${shellQuote(hash)} > ${shellQuote(READINESS_FILE)}
|
|
166
|
+
chmod 0644 ${shellQuote(READINESS_FILE)}
|
|
167
|
+
echo "SAWS host configuration complete"`;
|
|
168
|
+
}
|
|
169
|
+
function shellQuote(value) {
|
|
170
|
+
return `'${value.replaceAll("'", "'\\''")}'`;
|
|
171
|
+
}
|
package/dist/host.d.ts
ADDED
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
import { type HostExposure } from "./host-readiness.js";
|
|
2
|
+
export interface HostConfig {
|
|
3
|
+
name: string;
|
|
4
|
+
address: string;
|
|
5
|
+
user?: string;
|
|
6
|
+
sshKeyPath?: string;
|
|
7
|
+
sshPort?: number;
|
|
8
|
+
/**
|
|
9
|
+
* How applications on this host are reached. Tunnel mode permits no public
|
|
10
|
+
* application ports; public mode permits allowedTcpPorts.
|
|
11
|
+
*/
|
|
12
|
+
exposure?: HostExposure;
|
|
13
|
+
/** Public TCP ports permitted in addition to SSH. Defaults to 80/443. */
|
|
14
|
+
allowedTcpPorts?: number[];
|
|
15
|
+
dryRun?: boolean;
|
|
16
|
+
}
|
|
17
|
+
export interface HostExecOptions {
|
|
18
|
+
dryRun?: boolean;
|
|
19
|
+
/** Bytes written to the remote command's standard input. Never logged. */
|
|
20
|
+
input?: string;
|
|
21
|
+
}
|
|
22
|
+
export declare class Host {
|
|
23
|
+
readonly name: string;
|
|
24
|
+
readonly address: string;
|
|
25
|
+
readonly user: string;
|
|
26
|
+
readonly sshKeyPath?: string;
|
|
27
|
+
readonly sshPort: number;
|
|
28
|
+
readonly exposure: HostExposure;
|
|
29
|
+
readonly allowedTcpPorts: number[];
|
|
30
|
+
readonly dryRun: boolean;
|
|
31
|
+
private readinessVerified;
|
|
32
|
+
constructor(config: HostConfig);
|
|
33
|
+
get sshTarget(): string;
|
|
34
|
+
exec(command: string, options?: HostExecOptions): Promise<void>;
|
|
35
|
+
copyFile(localPath: string, remotePath: string, options?: {
|
|
36
|
+
dryRun?: boolean;
|
|
37
|
+
}): Promise<void>;
|
|
38
|
+
shellQuote(value: string): string;
|
|
39
|
+
assertReady(options?: {
|
|
40
|
+
dryRun?: boolean;
|
|
41
|
+
}): Promise<void>;
|
|
42
|
+
configure(options?: {
|
|
43
|
+
dryRun?: boolean;
|
|
44
|
+
}): Promise<void>;
|
|
45
|
+
private get readinessConfig();
|
|
46
|
+
private sshArgs;
|
|
47
|
+
}
|
|
48
|
+
//# sourceMappingURL=host.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"host.d.ts","sourceRoot":"","sources":["../src/host.ts"],"names":[],"mappings":"AACA,OAAO,EACL,KAAK,YAAY,EAGlB,MAAM,qBAAqB,CAAC;AAE7B,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;OAGG;IACH,QAAQ,CAAC,EAAE,YAAY,CAAC;IACxB,yEAAyE;IACzE,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,eAAe;IAC9B,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,0EAA0E;IAC1E,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,qBAAa,IAAI;IACf,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC;IAChC,QAAQ,CAAC,eAAe,EAAE,MAAM,EAAE,CAAC;IACnC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;IACzB,OAAO,CAAC,iBAAiB,CAAS;gBAEtB,MAAM,EAAE,UAAU;IA4B9B,IAAI,SAAS,WAEZ;IAEK,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,GAAE,eAAoB;IAWnD,QAAQ,CACZ,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,MAAM,EAClB,OAAO,GAAE;QAAE,MAAM,CAAC,EAAE,OAAO,CAAA;KAAO;IAcpC,UAAU,CAAC,KAAK,EAAE,MAAM;IAIlB,WAAW,CAAC,OAAO,GAAE;QAAE,MAAM,CAAC,EAAE,OAAO,CAAA;KAAO;IAM9C,SAAS,CAAC,OAAO,GAAE;QAAE,MAAM,CAAC,EAAE,OAAO,CAAA;KAAO;IASlD,OAAO,KAAK,eAAe,GAQ1B;IAED,OAAO,CAAC,OAAO;CAQhB"}
|
package/dist/host.js
ADDED
|
@@ -0,0 +1,119 @@
|
|
|
1
|
+
import { spawn } from "node:child_process";
|
|
2
|
+
import { readinessCheckScript, readinessConfigureScript, } from "./host-readiness.js";
|
|
3
|
+
export class Host {
|
|
4
|
+
name;
|
|
5
|
+
address;
|
|
6
|
+
user;
|
|
7
|
+
sshKeyPath;
|
|
8
|
+
sshPort;
|
|
9
|
+
exposure;
|
|
10
|
+
allowedTcpPorts;
|
|
11
|
+
dryRun;
|
|
12
|
+
readinessVerified = false;
|
|
13
|
+
constructor(config) {
|
|
14
|
+
this.name = config.name;
|
|
15
|
+
this.address = config.address;
|
|
16
|
+
this.user = config.user ?? "root";
|
|
17
|
+
this.sshKeyPath = config.sshKeyPath;
|
|
18
|
+
this.sshPort = config.sshPort ?? 22;
|
|
19
|
+
if (!Number.isInteger(this.sshPort) ||
|
|
20
|
+
this.sshPort < 1 ||
|
|
21
|
+
this.sshPort > 65_535) {
|
|
22
|
+
throw new Error("sshPort must be a valid TCP port");
|
|
23
|
+
}
|
|
24
|
+
this.exposure = config.exposure ?? "tunnel";
|
|
25
|
+
if (this.exposure !== "tunnel" && this.exposure !== "public") {
|
|
26
|
+
throw new Error('exposure must be either "tunnel" or "public"');
|
|
27
|
+
}
|
|
28
|
+
this.allowedTcpPorts = uniquePorts(config.allowedTcpPorts ?? (this.exposure === "public" ? [80, 443] : []));
|
|
29
|
+
if (this.exposure === "tunnel" && this.allowedTcpPorts.length > 0) {
|
|
30
|
+
throw new Error(`Host "${config.name}" cannot allow public TCP ports in tunnel mode`);
|
|
31
|
+
}
|
|
32
|
+
this.dryRun = config.dryRun ?? false;
|
|
33
|
+
}
|
|
34
|
+
get sshTarget() {
|
|
35
|
+
return `${this.user}@${this.address}`;
|
|
36
|
+
}
|
|
37
|
+
async exec(command, options = {}) {
|
|
38
|
+
if (options.dryRun || this.dryRun) {
|
|
39
|
+
console.log(`[dry-run:${this.name}] ssh ${this.sshTarget} ${command}`);
|
|
40
|
+
return;
|
|
41
|
+
}
|
|
42
|
+
await run("ssh", [...this.sshArgs(), this.sshTarget, command], {
|
|
43
|
+
input: options.input,
|
|
44
|
+
});
|
|
45
|
+
}
|
|
46
|
+
async copyFile(localPath, remotePath, options = {}) {
|
|
47
|
+
if (options.dryRun || this.dryRun) {
|
|
48
|
+
console.log(`[dry-run:${this.name}] scp ${localPath} ${this.sshTarget}:${remotePath}`);
|
|
49
|
+
return;
|
|
50
|
+
}
|
|
51
|
+
await run("scp", [
|
|
52
|
+
...this.sshArgs("scp"),
|
|
53
|
+
localPath,
|
|
54
|
+
`${this.sshTarget}:${remotePath}`,
|
|
55
|
+
]);
|
|
56
|
+
}
|
|
57
|
+
shellQuote(value) {
|
|
58
|
+
return `'${value.replaceAll("'", "'\\''")}'`;
|
|
59
|
+
}
|
|
60
|
+
async assertReady(options = {}) {
|
|
61
|
+
if (this.readinessVerified)
|
|
62
|
+
return;
|
|
63
|
+
await this.exec(readinessCheckScript(this.readinessConfig), options);
|
|
64
|
+
this.readinessVerified = true;
|
|
65
|
+
}
|
|
66
|
+
async configure(options = {}) {
|
|
67
|
+
const script = readinessConfigureScript(this.readinessConfig);
|
|
68
|
+
const command = this.user === "root"
|
|
69
|
+
? `sh -eu -c ${this.shellQuote(script)}`
|
|
70
|
+
: `sudo -n sh -eu -c ${this.shellQuote(script)}`;
|
|
71
|
+
await this.exec(command, options);
|
|
72
|
+
this.readinessVerified = false;
|
|
73
|
+
}
|
|
74
|
+
get readinessConfig() {
|
|
75
|
+
return {
|
|
76
|
+
name: this.name,
|
|
77
|
+
deploymentUser: this.user,
|
|
78
|
+
exposure: this.exposure,
|
|
79
|
+
sshPort: this.sshPort,
|
|
80
|
+
allowedTcpPorts: this.allowedTcpPorts,
|
|
81
|
+
};
|
|
82
|
+
}
|
|
83
|
+
sshArgs(command = "ssh") {
|
|
84
|
+
const portFlag = command === "scp" ? "-P" : "-p";
|
|
85
|
+
return [
|
|
86
|
+
...(this.sshKeyPath == null ? [] : ["-i", this.sshKeyPath]),
|
|
87
|
+
portFlag,
|
|
88
|
+
String(this.sshPort),
|
|
89
|
+
];
|
|
90
|
+
}
|
|
91
|
+
}
|
|
92
|
+
function uniquePorts(ports) {
|
|
93
|
+
return [...new Set(ports.map((port) => {
|
|
94
|
+
if (!Number.isInteger(port) || port < 1 || port > 65_535) {
|
|
95
|
+
throw new Error("allowedTcpPorts must contain valid TCP ports");
|
|
96
|
+
}
|
|
97
|
+
return port;
|
|
98
|
+
}))].sort((left, right) => left - right);
|
|
99
|
+
}
|
|
100
|
+
async function run(command, args, options = {}) {
|
|
101
|
+
await new Promise((resolve, reject) => {
|
|
102
|
+
const child = spawn(command, args, {
|
|
103
|
+
stdio: options.input == null
|
|
104
|
+
? "inherit"
|
|
105
|
+
: ["pipe", "inherit", "inherit"],
|
|
106
|
+
});
|
|
107
|
+
if (options.input != null) {
|
|
108
|
+
child.stdin?.end(options.input);
|
|
109
|
+
}
|
|
110
|
+
child.on("error", reject);
|
|
111
|
+
child.on("exit", (code) => {
|
|
112
|
+
if (code === 0) {
|
|
113
|
+
resolve();
|
|
114
|
+
return;
|
|
115
|
+
}
|
|
116
|
+
reject(new Error(`${command} exited with code ${code}`));
|
|
117
|
+
});
|
|
118
|
+
});
|
|
119
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"host.test.d.ts","sourceRoot":"","sources":["../src/host.test.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
import assert from "node:assert/strict";
|
|
2
|
+
import test from "node:test";
|
|
3
|
+
import { Host } from "./host.js";
|
|
4
|
+
class RecordingHost extends Host {
|
|
5
|
+
commands = [];
|
|
6
|
+
constructor(config) {
|
|
7
|
+
super(config);
|
|
8
|
+
}
|
|
9
|
+
async exec(command) {
|
|
10
|
+
this.commands.push(command);
|
|
11
|
+
}
|
|
12
|
+
}
|
|
13
|
+
test("deploy readiness is a non-mutating marker and Docker check", async () => {
|
|
14
|
+
const host = new RecordingHost({
|
|
15
|
+
name: "home",
|
|
16
|
+
address: "home.example.test",
|
|
17
|
+
});
|
|
18
|
+
await host.assertReady();
|
|
19
|
+
const command = host.commands[0] ?? "";
|
|
20
|
+
assert.match(command, /cat '\/etc\/saws\/host-readiness'/);
|
|
21
|
+
assert.match(command, /command -v docker/);
|
|
22
|
+
assert.match(command, /systemctl is-active --quiet fail2ban/);
|
|
23
|
+
assert.match(command, /saws host configure home/);
|
|
24
|
+
assert.doesNotMatch(command, /apt-get|ufw --force|systemctl enable/);
|
|
25
|
+
});
|
|
26
|
+
test("explicit configuration installs Docker and applies the exposure policy", async () => {
|
|
27
|
+
const host = new RecordingHost({
|
|
28
|
+
name: "public",
|
|
29
|
+
address: "server.example.test",
|
|
30
|
+
user: "deploy",
|
|
31
|
+
exposure: "public",
|
|
32
|
+
sshPort: 2222,
|
|
33
|
+
allowedTcpPorts: [8443, 443, 443],
|
|
34
|
+
});
|
|
35
|
+
await host.configure();
|
|
36
|
+
const command = host.commands[0] ?? "";
|
|
37
|
+
assert.match(command, /^sudo -n sh -eu -c /);
|
|
38
|
+
assert.match(command, /if ! command -v docker/);
|
|
39
|
+
assert.match(command, /apt-get install -y docker\.io/);
|
|
40
|
+
assert.match(command, /for port in 2222 443 8443; do/);
|
|
41
|
+
assert.match(command, /for port in 443 8443; do/);
|
|
42
|
+
assert.match(command, /host-readiness/);
|
|
43
|
+
});
|
|
44
|
+
test("a changed exposure policy produces a different readiness marker", async () => {
|
|
45
|
+
const tunnel = new RecordingHost({
|
|
46
|
+
name: "server",
|
|
47
|
+
address: "server.example.test",
|
|
48
|
+
});
|
|
49
|
+
const publicHost = new RecordingHost({
|
|
50
|
+
name: "server",
|
|
51
|
+
address: "server.example.test",
|
|
52
|
+
exposure: "public",
|
|
53
|
+
});
|
|
54
|
+
await tunnel.assertReady();
|
|
55
|
+
await publicHost.assertReady();
|
|
56
|
+
assert.notEqual(tunnel.commands[0], publicHost.commands[0]);
|
|
57
|
+
});
|
|
58
|
+
test("rejects public ports in tunnel mode and invalid ports", () => {
|
|
59
|
+
assert.throws(() => new Host({
|
|
60
|
+
name: "home",
|
|
61
|
+
address: "home.example.test",
|
|
62
|
+
allowedTcpPorts: [443],
|
|
63
|
+
}), /cannot allow public TCP ports/);
|
|
64
|
+
assert.throws(() => new Host({
|
|
65
|
+
name: "server",
|
|
66
|
+
address: "server.example.test",
|
|
67
|
+
exposure: "public",
|
|
68
|
+
allowedTcpPorts: [70_000],
|
|
69
|
+
}), /valid TCP ports/);
|
|
70
|
+
});
|
package/dist/index.d.ts
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,WAAW,CAAC;AAC1B,YAAY,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC"}
|
package/dist/index.js
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export * from "./host.js";
|
package/package.json
ADDED
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@saws/host",
|
|
3
|
+
"version": "2.0.0-beta.0",
|
|
4
|
+
"repository": {
|
|
5
|
+
"type": "git",
|
|
6
|
+
"url": "git+https://github.com/shichongrui/saws.git",
|
|
7
|
+
"directory": "packages/host"
|
|
8
|
+
},
|
|
9
|
+
"type": "module",
|
|
10
|
+
"main": "./dist/index.js",
|
|
11
|
+
"types": "./dist/index.d.ts",
|
|
12
|
+
"exports": {
|
|
13
|
+
".": {
|
|
14
|
+
"types": "./dist/index.d.ts",
|
|
15
|
+
"import": "./dist/index.js"
|
|
16
|
+
}
|
|
17
|
+
},
|
|
18
|
+
"files": [
|
|
19
|
+
"dist"
|
|
20
|
+
],
|
|
21
|
+
"scripts": {
|
|
22
|
+
"prebuild": "node -e \"fs.rmSync('dist', { recursive: true, force: true })\"",
|
|
23
|
+
"build": "tsc -p tsconfig.json",
|
|
24
|
+
"test": "npm run build && node --test dist/*.test.js",
|
|
25
|
+
"typecheck": "tsc -p tsconfig.json --noEmit"
|
|
26
|
+
},
|
|
27
|
+
"devDependencies": {
|
|
28
|
+
"@types/node": "^20.11.19",
|
|
29
|
+
"typescript": "^5.3.3"
|
|
30
|
+
}
|
|
31
|
+
}
|