@wyattjoh/op-remote 0.1.0 → 0.2.2

package/dist/cli.js

@@ -19901,7 +19901,15 @@ function createSocketServer(tokens, handler) {
 }
 function handleConnection(conn, tokens, handler) {
   const chunks = [];
+  let totalBytes = 0;
   let responded = false;
+  const reject = (reason) => {
+    if (responded)
+      return;
+    responded = true;
+    const res = { status: "rejected", reason };
+    conn.end(JSON.stringify(res));
+  };
   const respond = async () => {
     if (responded)
       return;
@@ -19909,7 +19917,7 @@ function handleConnection(conn, tokens, handler) {
     try {
       const raw = Buffer.concat(chunks).toString("utf-8");
       const req = JSON.parse(raw);
-      if (!tokens.consume(req.token)) {
+      if (!tokens.reserve(req.token)) {
         const res = {
           status: "rejected",
           reason: "invalid or expired token"
@@ -19917,8 +19925,14 @@ function handleConnection(conn, tokens, handler) {
         conn.end(JSON.stringify(res));
         return;
       }
-      const response = await handler.handleRequest(req);
-      conn.end(JSON.stringify(response));
+      try {
+        const response = await handler.handleRequest(req);
+        tokens.consume(req.token);
+        conn.end(JSON.stringify(response));
+      } catch (err) {
+        tokens.release(req.token);
+        throw err;
+      }
     } catch (err) {
       const res = {
         status: "rejected",
@@ -19928,6 +19942,12 @@ function handleConnection(conn, tokens, handler) {
     }
   };
   conn.on("data", (chunk) => {
+    totalBytes += chunk.length;
+    if (totalBytes > MAX_REQUEST_BYTES) {
+      reject("request too large");
+      conn.destroy();
+      return;
+    }
     chunks.push(chunk);
     const raw = Buffer.concat(chunks).toString("utf-8");
     try {
@@ -19939,7 +19959,10 @@ function handleConnection(conn, tokens, handler) {
     respond();
   });
 }
-var init_socket = () => {};
+var MAX_REQUEST_BYTES;
+var init_socket = __esm(() => {
+  MAX_REQUEST_BYTES = 1024 * 1024;
+});
 
 // src/serve/telegram.ts
 async function apiCall(token, method, body) {
@@ -19954,6 +19977,62 @@ async function apiCall(token, method, body) {
   }
   return data.result;
 }
+function isAuthorizedUser(config2, userId) {
+  if (!config2.approverIds || config2.approverIds.length === 0) {
+    return true;
+  }
+  if (userId === undefined) {
+    return false;
+  }
+  return config2.approverIds.includes(userId);
+}
+function getPoller(botToken) {
+  let state = pollers.get(botToken);
+  if (state) {
+    return state;
+  }
+  state = { offset: 0, listeners: new Set, running: false };
+  pollers.set(botToken, state);
+  return state;
+}
+function registerListener(botToken, listener) {
+  const state = getPoller(botToken);
+  state.listeners.add(listener);
+  if (!state.running) {
+    state.running = true;
+    runPollLoop(botToken, state);
+  }
+  return () => {
+    state.listeners.delete(listener);
+  };
+}
+async function runPollLoop(botToken, state) {
+  while (true) {
+    if (state.listeners.size === 0) {
+      await new Promise((r) => setTimeout(r, 0));
+      if (state.listeners.size === 0) {
+        break;
+      }
+    }
+    try {
+      const updates = await apiCall(botToken, "getUpdates", {
+        offset: state.offset,
+        timeout: 30
+      });
+      for (const update of updates) {
+        state.offset = update.update_id + 1;
+        for (const listener of state.listeners) {
+          if (listener(update)) {
+            break;
+          }
+        }
+      }
+    } catch {
+      await new Promise((r) => setTimeout(r, 1000));
+    }
+  }
+  state.running = false;
+}
 function buildKeyboard(nonce, buttons) {
   return {
     inline_keyboard: buttons.map((row) => row.map((btn) => ({
@@ -19992,7 +20071,7 @@ async function requestRunApproval(config2, opts) {
     text,
     reply_markup: keyboard
   });
-  return pollForResponse(config2, sent.message_id, nonce);
+  return awaitApproval(config2, sent.message_id, nonce);
 }
 async function requestResumeApproval(config2) {
   const nonce = crypto.randomUUID().slice(0, 8);
@@ -20009,89 +20088,87 @@ async function requestResumeApproval(config2) {
     text,
     reply_markup: keyboard
   });
-  return pollForResponse(config2, sent.message_id, nonce);
+  return awaitApproval(config2, sent.message_id, nonce);
 }
-async function pollForResponse(config2, messageId, nonce) {
-  const deadline = Date.now() + config2.timeoutMs;
-  let offset = 0;
-  while (Date.now() < deadline) {
-    const remainingMs = deadline - Date.now();
-    const pollTimeout = Math.min(Math.floor(remainingMs / 1000), 30);
-    if (pollTimeout <= 0) {
-      break;
-    }
-    const updates = await apiCall(config2.botToken, "getUpdates", {
-      offset,
-      timeout: pollTimeout
-    });
-    for (const update of updates) {
-      offset = update.update_id + 1;
-      if (update.callback_query?.data?.startsWith(`${nonce}:`)) {
-        const action = update.callback_query.data.slice(nonce.length + 1);
-        await apiCall(config2.botToken, "answerCallbackQuery", {
-          callback_query_id: update.callback_query.id
-        });
-        if (action === "approve" || action === "auto_approve") {
-          const label2 = action === "auto_approve" ? "Auto-approved" : "Approved";
-          await apiCall(config2.botToken, "editMessageText", {
+function awaitApproval(config2, messageId, nonce) {
+  return new Promise((resolve) => {
+    const deadline = Date.now() + config2.timeoutMs;
+    let waitingForReason = false;
+    let rejectionAction = "reject";
+    const timer = setTimeout(() => {
+      cleanup();
+      apiCall(config2.botToken, "editMessageText", {
+        chat_id: config2.chatId,
+        message_id: messageId,
+        text: "⏰ Timed out"
+      }).catch(() => {});
+      resolve({ action: "reject", reason: "permission request timed out" });
+    }, config2.timeoutMs);
+    const unregister = registerListener(config2.botToken, (update) => {
+      if (Date.now() > deadline) {
+        return false;
+      }
+      if (waitingForReason) {
+        if (update.message?.reply_to_message?.message_id === messageId && update.message.text && isAuthorizedUser(config2, update.message.from?.id)) {
+          const reason = update.message.text;
+          cleanup();
+          const label2 = rejectionAction === "stop" ? "Stopped" : "Rejected";
+          apiCall(config2.botToken, "editMessageText", {
             chat_id: config2.chatId,
             message_id: messageId,
-            text: `✅ ${label2} at ${new Date().toLocaleTimeString()}`
+            text: `❌ ${label2}: ${reason}`
           });
-          return { action };
+          resolve({ action: rejectionAction, reason });
+          return true;
         }
-        const label = action === "stop" ? "Stopped" : "Rejected";
-        await apiCall(config2.botToken, "editMessageText", {
-          chat_id: config2.chatId,
-          message_id: messageId,
-          text: `❌ ${label}. Reply with a reason:`,
-          reply_markup: {
-            force_reply: true,
-            selective: true
-          }
+        return false;
+      }
+      if (!update.callback_query?.data?.startsWith(`${nonce}:`)) {
+        return false;
+      }
+      if (!isAuthorizedUser(config2, update.callback_query.from?.id)) {
+        apiCall(config2.botToken, "answerCallbackQuery", {
+          callback_query_id: update.callback_query.id,
+          text: "You are not authorized to respond to this request."
         });
-        const reason = await pollForTextReply(config2, messageId, offset, deadline);
-        await apiCall(config2.botToken, "editMessageText", {
+        return true;
+      }
+      const action = update.callback_query.data.slice(nonce.length + 1);
+      apiCall(config2.botToken, "answerCallbackQuery", {
+        callback_query_id: update.callback_query.id
+      });
+      if (action === "approve" || action === "auto_approve") {
+        cleanup();
+        const label2 = action === "auto_approve" ? "Auto-approved" : "Approved";
+        apiCall(config2.botToken, "editMessageText", {
           chat_id: config2.chatId,
           message_id: messageId,
-          text: `❌ ${label}: ${reason}`
+          text: `✅ ${label2} at ${new Date().toLocaleTimeString()}`
         });
-        return {
-          action,
-          reason
-        };
+        resolve({ action });
+        return true;
       }
-    }
-  }
-  await apiCall(config2.botToken, "editMessageText", {
-    chat_id: config2.chatId,
-    message_id: messageId,
-    text: "⏰ Timed out"
-  }).catch(() => {});
-  return { action: "reject", reason: "permission request timed out" };
-}
-async function pollForTextReply(config2, originalMessageId, startOffset, deadline) {
-  let offset = startOffset;
-  while (Date.now() < deadline) {
-    const remainingMs = deadline - Date.now();
-    const pollTimeout = Math.min(Math.floor(remainingMs / 1000), 30);
-    if (pollTimeout <= 0) {
-      break;
-    }
-    const updates = await apiCall(config2.botToken, "getUpdates", {
-      offset,
-      timeout: pollTimeout
+      rejectionAction = action === "stop" ? "stop" : "reject";
+      waitingForReason = true;
+      const label = action === "stop" ? "Stopped" : "Rejected";
+      apiCall(config2.botToken, "editMessageText", {
+        chat_id: config2.chatId,
+        message_id: messageId,
+        text: `❌ ${label}. Reply with a reason:`,
+        reply_markup: { force_reply: true, selective: true }
+      });
+      return true;
     });
-    for (const update of updates) {
-      offset = update.update_id + 1;
-      if (update.message?.reply_to_message?.message_id === originalMessageId && update.message.text) {
-        return update.message.text;
-      }
-    }
-  }
-  return "(no reason provided)";
+    const cleanup = () => {
+      clearTimeout(timer);
+      unregister();
+    };
+  });
 }
-var API_BASE = "https://api.telegram.org/bot";
+var API_BASE = "https://api.telegram.org/bot", pollers;
+var init_telegram = __esm(() => {
+  pollers = new Map;
+});
 
 // src/serve/tokens.ts
 import { randomUUID as randomUUID2 } from "node:crypto";
@@ -20104,20 +20181,41 @@ class TokenStore {
   }
   create() {
     const token = randomUUID2();
-    this.tokens.set(token, Date.now() + this.ttlMs);
+    this.tokens.set(token, { expiry: Date.now() + this.ttlMs, reserved: false });
     return token;
   }
   validate(token) {
-    const expiry = this.tokens.get(token);
-    if (expiry === undefined) {
+    const entry = this.tokens.get(token);
+    if (!entry) {
       return false;
     }
-    if (Date.now() > expiry) {
+    if (Date.now() > entry.expiry) {
       this.tokens.delete(token);
       return false;
     }
     return true;
   }
+  reserve(token) {
+    const entry = this.tokens.get(token);
+    if (!entry) {
+      return false;
+    }
+    if (Date.now() > entry.expiry) {
+      this.tokens.delete(token);
+      return false;
+    }
+    if (entry.reserved) {
+      return false;
+    }
+    entry.reserved = true;
+    return true;
+  }
+  release(token) {
+    const entry = this.tokens.get(token);
+    if (entry) {
+      entry.reserved = false;
+    }
+  }
   consume(token) {
     if (!this.validate(token)) {
       return false;
@@ -20143,7 +20241,9 @@ function readConfig() {
     throw new Error("REMOTE_OP_TELEGRAM_CHAT_ID is required");
   }
   const timeoutMs = Number.parseInt(process.env.REMOTE_OP_TIMEOUT ?? "120", 10) * 1000;
-  return { telegramBotToken: botToken, telegramChatId: chatId, timeoutMs };
+  const approverIdsRaw = process.env.REMOTE_OP_TELEGRAM_APPROVER_IDS ?? "";
+  const telegramApproverIds = approverIdsRaw.split(",").map((s) => s.trim()).filter((s) => s.length > 0).map(Number).filter((n) => !Number.isNaN(n));
+  return { telegramBotToken: botToken, telegramChatId: chatId, timeoutMs, telegramApproverIds };
 }
 async function startServer() {
   const config2 = readConfig();
@@ -20163,7 +20263,8 @@ async function startServer() {
         const telegramConfig = {
           botToken: config2.telegramBotToken,
           chatId: config2.telegramChatId,
-          timeoutMs: config2.timeoutMs
+          timeoutMs: config2.timeoutMs,
+          approverIds: config2.telegramApproverIds
         };
         const result = await requestRunApproval(telegramConfig, {
           command: req.command,
@@ -20228,7 +20329,8 @@ async function startServer() {
     const telegramConfig = {
       botToken: config2.telegramBotToken,
       chatId: config2.telegramChatId,
-      timeoutMs: config2.timeoutMs
+      timeoutMs: config2.timeoutMs,
+      approverIds: config2.telegramApproverIds
     };
     const result = await requestResumeApproval(telegramConfig);
     if (result.action === "approve") {
@@ -20271,6 +20373,7 @@ var init_server3 = __esm(() => {
   init_stdio2();
   init_zod();
   init_socket();
+  init_telegram();
   init_tokens();
 });
 
@@ -20356,10 +20459,11 @@ function escapeRegExp(s) {
   return s.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
 }
 function createMasker(secrets) {
-  if (secrets.length === 0) {
+  const filtered = secrets.filter((s) => s.length > 0);
+  if (filtered.length === 0) {
     return (input) => input;
   }
-  const pattern = new RegExp(secrets.map(escapeRegExp).join("|"), "g");
+  const pattern = new RegExp(filtered.map(escapeRegExp).join("|"), "g");
   return (input) => input.replace(pattern, "<redacted>");
 }
 

package/package.json

@@ -1,6 +1,10 @@
 {
   "name": "@wyattjoh/op-remote",
-  "version": "0.1.0",
+  "version": "0.2.2",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/wyattjoh/op-remote.git"
+  },
   "bin": {
     "op-remote": "dist/cli.js"
   },