@sstar/embedlink_agent 0.1.0 → 0.2.0

package/dist/server/grpc.js

@@ -1065,5 +1065,19 @@ export async function startGrpcServer(cfg, identity) {
         };
         tryBindPort(cfg.grpc.port);
     });
+    // @grpc/grpc-js 内部会为底层 Http2Server 注册多个 close 监听器（按服务/生命周期），
+    // 在 Node 默认 maxListeners=10 时可能触发 MaxListenersExceededWarning。
+    // 这里针对内部 Http2Server 提升阈值，避免误报“内存泄漏”告警。
+    try {
+        const http2Servers = server.http2Servers;
+        if (http2Servers && typeof http2Servers.values === 'function') {
+            for (const s of http2Servers.values()) {
+                if (s && typeof s.setMaxListeners === 'function') {
+                    s.setMaxListeners(64);
+                }
+            }
+        }
+    }
+    catch { }
     return server;
 }

package/dist/server/web.js

@@ -499,13 +499,41 @@ export async function startWebServer(cfg) {
                     reused: true,
                 });
             }
+            // 先准备 SSH 鉴权材料（避免 probe 阶段因未加载私钥而误报认证失败）
+            const c = await ensureConfigLoaded();
+            const requestedPassword = typeof password === 'string' && password.trim() ? String(password) : undefined;
+            const enablePasswordFallback = c.ssh?.enablePasswordFallback !== false;
+            const effectivePassword = requestedPassword || (enablePasswordFallback ? sshPasswordSecret.value : undefined);
+            let privateKey = uploadedKeyMem;
+            if (keySource === 'default' && !privateKey) {
+                try {
+                    if (c.ssh?.defaultKeyPath) {
+                        privateKey = await fs.readFile(c.ssh.defaultKeyPath);
+                    }
+                }
+                catch (e) {
+                    console.debug('Failed to read default SSH key:', e?.message || String(e));
+                }
+            }
+            // 无鉴权材料时直接报错，避免 ssh2 报 “All configured authentication methods failed”
+            if (!privateKey && !effectivePassword) {
+                return res.status(400).json({
+                    error: 'missing ssh authentication (password/privateKey)',
+                    code: 'EL_SSH_AUTH_MISSING',
+                    suggestions: [
+                        '请上传私钥或在配置中设置 ssh.defaultKeyPath',
+                        '或在界面填写 password / 设置环境变量 SSH_PASSWORD',
+                    ],
+                });
+            }
             // Probe existing mapping for this user+agent on remote; if active, refuse
             const agentId = cfg.agentId || 'agent';
             const probe = await probeRemoteExistingTunnel({
                 host,
                 sshPort: Number(port),
                 user,
-                password,
+                password: effectivePassword,
+                privateKey,
                 agentId,
             });
             if (probe.active && probe.port) {
@@ -522,19 +550,6 @@ export async function startWebServer(cfg) {
                 });
             }
             await cleanupTunnel('probe_existing_tunnel');
-            // 确保私钥已正确加载
-            let privateKey = uploadedKeyMem;
-            if (keySource === 'default' && !privateKey) {
-                try {
-                    const c = await loadConfig();
-                    if (c.ssh?.defaultKeyPath) {
-                        privateKey = await fs.readFile(c.ssh.defaultKeyPath);
-                    }
-                }
-                catch (e) {
-                    console.debug('Failed to read default SSH key:', e?.message || String(e));
-                }
-            }
             // First try requested port, else fallback to username-hash mapping
             const userName = os.userInfo().username || 'user';
             const basePort = remotePort ? Number(remotePort) : hashPort(user);
@@ -554,7 +569,7 @@ export async function startWebServer(cfg) {
                         host,
                         port: Number(port),
                         user,
-                        password: password || sshPasswordSecret.value,
+                        password: effectivePassword,
                         privateKey,
                         bindAddr,
                         bindPort: Number(p),
@@ -575,7 +590,14 @@ export async function startWebServer(cfg) {
             if (!bound)
                 throw new Error(portBindingError || 'bind failed');
             lastRemotePort = bound;
-            lastParams = { host, port: Number(port), user, password, bindAddr, keySource };
+            lastParams = {
+                host,
+                port: Number(port),
+                user,
+                password: effectivePassword,
+                bindAddr,
+                keySource,
+            };
             // 添加清理监听器：在Server关闭时自动清理隧道
             addTunnelCleanupListener(async () => {
                 await cleanupTunnel('server_shutdown');
@@ -2235,7 +2257,7 @@ async function writeRemoteAgentJson(tunnel, info) {
     }
 }
 async function probeRemoteExistingTunnel(params) {
-    const { host, sshPort, user, password } = params;
+    const { host, sshPort, user, password, privateKey } = params;
     const ssh2 = await import('ssh2');
     const client = new ssh2.Client();
     return await new Promise(async (resolve) => {
@@ -2271,7 +2293,7 @@ async function probeRemoteExistingTunnel(params) {
                 return finish({ active: false });
             }
             catch (e) {
-                console.warn('Failed to probe remote agent.json:', e);
+                console.warn('Failed to probe remote agent.json:', e?.message || String(e));
                 return finish({ active: false });
             }
         })
@@ -2279,6 +2301,6 @@ async function probeRemoteExistingTunnel(params) {
             console.warn('Failed to probe remote agent.json:', err?.message || String(err));
             return finish({ active: false });
         })
-            .connect({ host, port: sshPort, username: user, password });
+            .connect({ host, port: sshPort, username: user, password, privateKey });
     });
 }