npm - @tiflis-io/tiflis-code-tunnel - Versions diffs - 0.3.2 → 0.3.4 - Mend

@tiflis-io/tiflis-code-tunnel 0.3.2 → 0.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/main.js +185 -16
package/package.json +1 -1

package/dist/main.js CHANGED Viewed

@@ -372,14 +372,16 @@ function registerWatchApiRoute(app, deps) {
   });
   app.post("/api/v1/watch/command", async (request, reply) => {
     try {
-      const { device_id, message } = request.body;
-      if (!device_id) {
+      const { tunnel_id, auth_key, device_id, message } = request.body;
+      if (!tunnel_id || !auth_key || !device_id) {
         return await reply.status(400).send({
           error: "missing_parameters",
-          message: "device_id and message are required"
+          message: "tunnel_id, auth_key, device_id, and message are required"
         });
       }
-      const sent = httpClientOperations.sendCommand({
+      const sent = httpClientOperations.sendCommandWithAuth({
+        tunnelId: tunnel_id,
+        authKey: auth_key,
         deviceId: device_id,
         message
       });
@@ -398,16 +400,18 @@ function registerWatchApiRoute(app, deps) {
   });
   app.get("/api/v1/watch/messages", async (request, reply) => {
     try {
-      const { device_id, since, ack } = request.query;
-      if (!device_id) {
+      const { tunnel_id, auth_key, device_id, since, ack } = request.query;
+      if (!tunnel_id || !auth_key || !device_id) {
         return await reply.status(400).send({
           error: "missing_parameters",
-          message: "device_id is required"
+          message: "tunnel_id, auth_key, and device_id are required"
         });
       }
       const sinceSequence = since ? parseInt(since, 10) : 0;
       const ackSequence = ack ? parseInt(ack, 10) : void 0;
-      const result = httpClientOperations.pollMessages({
+      const result = httpClientOperations.pollMessagesWithAuth({
+        tunnelId: tunnel_id,
+        authKey: auth_key,
         deviceId: device_id,
         sinceSequence,
         acknowledgeSequence: ackSequence
@@ -428,14 +432,16 @@ function registerWatchApiRoute(app, deps) {
   });
   app.get("/api/v1/watch/state", async (request, reply) => {
     try {
-      const { device_id } = request.query;
-      if (!device_id) {
+      const { tunnel_id, auth_key, device_id } = request.query;
+      if (!tunnel_id || !auth_key || !device_id) {
         return await reply.status(400).send({
           error: "missing_parameters",
-          message: "device_id is required"
+          message: "tunnel_id, auth_key, and device_id are required"
         });
       }
-      const result = httpClientOperations.getState({
+      const result = httpClientOperations.getStateWithAuth({
+        tunnelId: tunnel_id,
+        authKey: auth_key,
         deviceId: device_id
       });
       return await reply.status(200).send({
@@ -451,14 +457,18 @@ function registerWatchApiRoute(app, deps) {
   });
   app.post("/api/v1/watch/disconnect", async (request, reply) => {
     try {
-      const { device_id } = request.body;
-      if (!device_id) {
+      const { tunnel_id, auth_key, device_id } = request.body;
+      if (!tunnel_id || !auth_key || !device_id) {
         return await reply.status(400).send({
           error: "missing_parameters",
-          message: "device_id is required"
+          message: "tunnel_id, auth_key, and device_id are required"
         });
       }
-      const disconnected = httpClientOperations.disconnect(device_id);
+      const disconnected = httpClientOperations.disconnectWithAuth({
+        tunnelId: tunnel_id,
+        authKey: auth_key,
+        deviceId: device_id
+      });
       log.info({ deviceId: device_id }, "Watch disconnected via HTTP");
       return await reply.status(200).send({
         success: disconnected
@@ -1839,6 +1849,7 @@ var HttpClientOperationsUseCase = class {
       throw new InvalidAuthKeyError();
     }
     let client = this.httpClientRegistry.get(deviceId);
+    const isNewClient = !client;
     if (client) {
       client.recordPoll();
       this.logger.info({ deviceId, tunnelId: tunnelIdStr }, "HTTP client reconnected");
@@ -1850,6 +1861,21 @@ var HttpClientOperationsUseCase = class {
       this.httpClientRegistry.register(client);
       this.logger.info({ deviceId, tunnelId: tunnelIdStr }, "HTTP client registered");
     }
+    if (workstation.isOnline) {
+      const authMessage = {
+        type: "auth",
+        payload: {
+          auth_key: authKeyStr,
+          device_id: deviceId
+        }
+      };
+      const sent = workstation.send(JSON.stringify(authMessage));
+      if (sent) {
+        this.logger.debug({ deviceId, isNewClient }, "Forwarded auth to workstation for HTTP client");
+      } else {
+        this.logger.warn({ deviceId }, "Failed to forward auth to workstation");
+      }
+    }
     return {
       success: true,
       tunnelId: tunnelIdStr,
@@ -1888,6 +1914,57 @@ var HttpClientOperationsUseCase = class {
     }
     return sent;
   }
+  /**
+   * Sends a command from HTTP client to workstation with auth validation.
+   * This method validates auth on every request and forwards auth to workstation
+   * to ensure the device_id is registered.
+   */
+  sendCommandWithAuth(input) {
+    const { tunnelId: tunnelIdStr, authKey: authKeyStr, deviceId, message } = input;
+    this.logger.info({ deviceId, tunnelId: tunnelIdStr, messageType: message.type }, "HTTP client sending command with auth");
+    const tunnelId = TunnelId.create(tunnelIdStr);
+    const authKey = AuthKey.create(authKeyStr);
+    const workstation = this.workstationRegistry.get(tunnelId);
+    if (!workstation) {
+      this.logger.warn({ tunnelId: tunnelIdStr, deviceId }, "Workstation not found for command");
+      throw new TunnelNotFoundError(tunnelIdStr);
+    }
+    if (!workstation.validateAuthKey(authKey)) {
+      this.logger.warn({ tunnelId: tunnelIdStr, deviceId }, "Invalid auth key for command");
+      throw new InvalidAuthKeyError();
+    }
+    if (!workstation.isOnline) {
+      this.logger.warn({ deviceId, tunnelId: tunnelIdStr }, "Workstation offline");
+      throw new WorkstationOfflineError(tunnelIdStr);
+    }
+    let client = this.httpClientRegistry.get(deviceId);
+    if (!client) {
+      client = new HttpClient({
+        deviceId,
+        tunnelId
+      });
+      this.httpClientRegistry.register(client);
+      this.logger.info({ deviceId, tunnelId: tunnelIdStr }, "HTTP client registered on command");
+    }
+    client.recordPoll();
+    const authMessage = {
+      type: "auth",
+      payload: {
+        auth_key: authKeyStr,
+        device_id: deviceId
+      }
+    };
+    workstation.send(JSON.stringify(authMessage));
+    const enrichedMessage = {
+      ...message,
+      device_id: deviceId
+    };
+    const sent = workstation.send(JSON.stringify(enrichedMessage));
+    if (!sent) {
+      this.logger.warn({ deviceId }, "Failed to send command to workstation");
+    }
+    return sent;
+  }
   /**
    * Polls for messages for an HTTP client.
    */
@@ -1956,6 +2033,98 @@ var HttpClientOperationsUseCase = class {
     this.logger.info({ deviceId }, "HTTP client disconnected");
     return true;
   }
+  /**
+   * Polls for messages with auth validation (stateless).
+   * Validates auth on every request.
+   */
+  pollMessagesWithAuth(input) {
+    const { tunnelId: tunnelIdStr, authKey: authKeyStr, deviceId, sinceSequence, acknowledgeSequence } = input;
+    const tunnelId = TunnelId.create(tunnelIdStr);
+    const authKey = AuthKey.create(authKeyStr);
+    const workstation = this.workstationRegistry.get(tunnelId);
+    if (!workstation) {
+      throw new TunnelNotFoundError(tunnelIdStr);
+    }
+    if (!workstation.validateAuthKey(authKey)) {
+      throw new InvalidAuthKeyError();
+    }
+    let client = this.httpClientRegistry.get(deviceId);
+    if (!client) {
+      client = new HttpClient({
+        deviceId,
+        tunnelId
+      });
+      this.httpClientRegistry.register(client);
+    }
+    client.recordPoll();
+    if (acknowledgeSequence !== void 0 && acknowledgeSequence > 0) {
+      client.acknowledgeMessages(acknowledgeSequence);
+    }
+    const messages = client.getMessagesSince(sinceSequence);
+    this.logger.debug(
+      { deviceId, sinceSequence, messageCount: messages.length, currentSequence: client.currentSequence },
+      "HTTP client poll with auth"
+    );
+    return {
+      messages,
+      currentSequence: client.currentSequence,
+      workstationOnline: workstation.isOnline
+    };
+  }
+  /**
+   * Gets current state with auth validation (stateless).
+   */
+  getStateWithAuth(input) {
+    const { tunnelId: tunnelIdStr, authKey: authKeyStr, deviceId } = input;
+    const tunnelId = TunnelId.create(tunnelIdStr);
+    const authKey = AuthKey.create(authKeyStr);
+    const workstation = this.workstationRegistry.get(tunnelId);
+    if (!workstation) {
+      throw new TunnelNotFoundError(tunnelIdStr);
+    }
+    if (!workstation.validateAuthKey(authKey)) {
+      throw new InvalidAuthKeyError();
+    }
+    let client = this.httpClientRegistry.get(deviceId);
+    if (!client) {
+      client = new HttpClient({
+        deviceId,
+        tunnelId
+      });
+      this.httpClientRegistry.register(client);
+    }
+    client.recordPoll();
+    return {
+      connected: true,
+      workstationOnline: workstation.isOnline,
+      workstationName: workstation.name,
+      queueSize: client.queueSize,
+      currentSequence: client.currentSequence
+    };
+  }
+  /**
+   * Disconnects an HTTP client with auth validation (stateless).
+   */
+  disconnectWithAuth(input) {
+    const { tunnelId: tunnelIdStr, authKey: authKeyStr, deviceId } = input;
+    const tunnelId = TunnelId.create(tunnelIdStr);
+    const authKey = AuthKey.create(authKeyStr);
+    const workstation = this.workstationRegistry.get(tunnelId);
+    if (!workstation) {
+      throw new TunnelNotFoundError(tunnelIdStr);
+    }
+    if (!workstation.validateAuthKey(authKey)) {
+      throw new InvalidAuthKeyError();
+    }
+    const client = this.httpClientRegistry.get(deviceId);
+    if (!client) {
+      return false;
+    }
+    client.markInactive();
+    this.httpClientRegistry.unregister(deviceId);
+    this.logger.info({ deviceId }, "HTTP client disconnected with auth");
+    return true;
+  }
   /**
    * Queues a message for all HTTP clients connected to a tunnel.
    * Called when workstation sends a message.

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@tiflis-io/tiflis-code-tunnel",
-  "version": "0.3.2",
+  "version": "0.3.4",
   "description": "Tunnel server for tiflis-code - reverse proxy for workstation connections",
   "author": "Roman Barinov <rbarinov@gmail.com>",
   "license": "FSL-1.1-NC",