altd 0.0.4 → 0.0.6

package/README.md

@@ -3,6 +3,10 @@
 # altd
 Web server access log tail dispatcher for running whitelisted commands based on GET requests.
 
+This tool runs the command names you whitelist exactly as provided. There is no PATH
+resolution, argument validation, rate limiting, or output limiting built in. Treat the
+access log source as trusted input.
+
 ## Requirements
 
 - Node.js 18 or later
@@ -29,7 +33,7 @@ altd <access_log.file> -w [commands]
 
 - `-V, --version` output the version number
 - `-h, --help` output usage information
-- `-w, --whitelist <commands>` comma-separated list of allowed commands
+- `-w, --whitelist <commands>` comma-separated list of allowed commands (executed directly)
 
 ## Example
 
@@ -37,6 +41,21 @@ altd <access_log.file> -w [commands]
 altd /var/log/nginx/access_log -w ls,hostname
 ```
 
+Log lines are expected to include a request line like:
+
+```
+GET /hostname HTTP/1.1
+```
+
+This would execute `hostname` with no arguments. Additional path segments are passed as
+arguments, for example:
+
+```
+GET /ls/-la HTTP/1.1
+```
+
+Would execute: `ls -la`.
+
 ## Contributing
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/freddiefujiwara/altd

package/dist/altd.js

@@ -1,132 +1,131 @@
-import {spawn} from 'child_process';
-import Tail from 'nodejs-tail';
-/**
- ** main class of AccessLogTailDispatcher
- */
+import { spawn as nodeSpawn } from "node:child_process";
+import Tail from "nodejs-tail";
+
 export default class AccessLogTailDispatcher {
-    /**
-     * @constructor
-     * @param {string} file access_log
-     * @param {Array} whitelist ['command1','command2'..]
-     */
-    constructor(file, whitelist) {
-        this.file = file;
-        this.whitelist = whitelist;
-        this.spawn = undefined;
-        this.tail = undefined;
-    }
-    /**
-     * Get the path from 'GET /path/to/dir HTTP'
-     * @param {string} line access_log
-     * @return {string} /path/to/dir
-     */
-    path(line) {
-        if (!(typeof line === 'string')) {
-            return '';
-        }
-        let match = line.match(
-            /GET\s((\/[a-z0-9-._~%!$&'()*+,;=:@?]+)+\/?)\sHTTP/i);
-        if (null !== match && match.length > 2) {
-            return match[1];
-        }
-        return '';
-    }
+  /**
+   * @param {string} file access_log
+   * @param {object} commandRegistry { [commandName]: { execPath: string, buildArgs: (rawArgs:string[])=>string[] } }
+   * @param {object} [opts]
+   */
+  constructor(file, commandRegistry, opts = {}) {
+    this.file = file;
+    this.registry = commandRegistry;
 
-    /**
-     * Extract command and args
-     * @param {string} path
-     * @return {Array} [command,arg1,arg2...]
-     */
-    commandWithArgs(path) {
-        if (!(typeof path === 'string')) {
-            return [];
-        }
-        let commands = path.split(/\//).map(function(element, index, array) {
-            let ret = "";
-            try{
-              ret = decodeURIComponent(element);
-            }catch(e){
-              console.error(e);
-            }
-            return ret;
-        });
-        commands.shift();
-        return commands;
-    }
+    this.spawnImpl = opts.spawnImpl ?? nodeSpawn;
+    this.tail = opts.tail
+      ?? new Tail(file, {
+        alwaysStat: true,
+        ignoreInitial: true,
+        persistent: true,
+      });
+  }
 
-    /**
-     * Filter by whitelist
-     * @param {Array} commandWithArgs [command,arg1,arg2...]
-     * @param {Array} whitelist ['command1','command2'...]
-     * @return {Array} filtered commandWithArgs
-     */
-    filterByWhitelist(commandWithArgs, whitelist) {
-        if (!this.isArray(commandWithArgs) ||
-            !this.isArray(whitelist) ||
-            commandWithArgs.length == 0 ||
-            whitelist.indexOf(commandWithArgs[0]) == -1
-        ) {
-            return [];
-        }
-        return commandWithArgs;
-    }
+  /**
+   * Extract request path from a typical access log line.
+   * More robust: parse "METHOD <url> HTTP/..."
+   * @param {string} line
+   * @returns {string} pathname like "/a/b"
+   */
+  extractPath(line) {
+    if (typeof line !== "string") return "";
 
-    /**
-     * Dispatch
-     * @param {Array} commandWithArgs [command,arg1,arg2...]
-     */
-    dispatch(commandWithArgs) {
-        if (commandWithArgs.length == 0) {
-            return;
-        }
-        let command = commandWithArgs.shift();
-        let proc = this.spawn(command, commandWithArgs);
-        proc.on('error', (err) => {
-            console.error(err);
-        });
-        proc.stdout.on('data', (data) => {
-            process.stdout.write(data.toString());
-        });
-    }
+    // Find something like: GET /foo/bar HTTP/1.1
+    const m = line.match(
+      /\b(GET|POST|PUT|DELETE|HEAD|OPTIONS)\s+(\S+)\s+HTTP\/\d(?:\.\d)?\b/i,
+    );
+    if (!m) return "";
 
-    /**
-     * isArray
-     * @param {object} obj [command,arg1,arg2...]
-     * @return {boolean}
-     */
-    isArray(obj) {
-        return Object.prototype.toString.call(obj) === '[object Array]';
+    const rawTarget = m[2];
+
+    if (rawTarget.startsWith("http://") || rawTarget.startsWith("https://")) {
+      try {
+        return new URL(rawTarget).pathname || "";
+      } catch {
+        return "";
+      }
     }
 
-    /**
-     * run
-     * @param {string} file
-     * @param {Array} whitelist ['command1','command2'...]
-     */
-    run(file, whitelist) {
-        if ( typeof file !== 'undefined') {
-            this.file = file;
-        }
-        if ( typeof whitelist !== 'undefined') {
-            this.whitelist = whitelist;
-        }
-        if ( typeof this.spawn === 'undefined') {
-            this.spawn = spawn;
-        }
-        if ( typeof this.tail === 'undefined') {
-            this.tail = new Tail(this.file,
-                {alwaysStat: true, ignoreInitial: true, persistent: true});
-        }
-        this.tail.on('line', (line) => {
-            this.dispatch(
-                this.filterByWhitelist(
-                    this.commandWithArgs(
-                        this.path(line)),
-                    this.whitelist));
-        });
-        this.tail.on('close', () => {
-            console.log('watching stopped');
-        });
-        this.tail.watch();
+    return rawTarget;
+  }
+
+  /**
+   * "/cmd/a/b" -> ["cmd","a","b"] (safe decode, size limits)
+   * @param {string} pathname
+   * @returns {string[]}
+   */
+  parseCommand(pathname) {
+    if (typeof pathname !== "string" || pathname === "") return [];
+    if (!pathname.startsWith("/")) return [];
+
+    const parts = pathname.split("/").filter(Boolean);
+    if (parts.length === 0) return [];
+
+    const decoded = [];
+    for (const p of parts) {
+      try {
+        decoded.push(decodeURIComponent(p));
+      } catch {
+        return [];
+      }
     }
+    return decoded;
+  }
+
+  /**
+   * Validate + build exec + args using registry
+   * @param {string[]} parsed ["cmd", ...rawArgs]
+   * @returns {{execPath:string,args:string[]}|null}
+   */
+  resolveExecution(parsed) {
+    if (!Array.isArray(parsed) || parsed.length === 0) return null;
+
+    const [cmd, ...rawArgs] = parsed;
+
+    const entry = this.registry[cmd];
+    if (!entry) return null;
+
+    const buildArgs = entry.buildArgs ?? ((args) => args);
+    const args = buildArgs(rawArgs);
+    if (!Array.isArray(args)) return null;
+
+    return { execPath: entry.execPath, args };
+  }
+
+  spawnCommand(execPath, args) {
+    const proc = this.spawnImpl(execPath, args, {
+      shell: false,
+      windowsHide: true,
+      stdio: "inherit",
+    });
+
+    proc.on("error", (err) => {
+      console.error("[spawn error]", err);
+    });
+  }
+
+  /**
+   * Start watching
+   */
+  run() {
+    this.tail.on("line", (line) => {
+      const pathname = this.extractPath(line);
+      const parsed = this.parseCommand(pathname);
+      const exec = this.resolveExecution(parsed);
+      if (!exec) return;
+
+      this.spawnCommand(exec.execPath, exec.args);
+    });
+
+    this.tail.on("close", () => {
+      console.log("watching stopped");
+    });
+
+    this.tail.watch();
+  }
+
+  stop() {
+    try {
+      this.tail.unwatch?.();
+    } catch {}
+  }
 }

package/dist/index.js

@@ -1,10 +1,24 @@
 #!/usr/bin/env node
+import { createRequire } from 'node:module';
 import { Command } from 'commander';
-import pkg from '../package.json' assert { type: 'json' };
 import AccessLogTailDispatcher from './altd.js';
 
+const require = createRequire(import.meta.url);
+const pkg = require('../package.json');
+
 const program = new Command();
 
+const buildRegistry = (whitelist) => {
+  const registry = {};
+  for (const command of whitelist) {
+    registry[command] = {
+      execPath: command,
+      buildArgs: (rawArgs) => rawArgs,
+    };
+  }
+  return registry;
+};
+
 program
   .name('altd')
   .version(pkg.version)
@@ -13,17 +27,19 @@ program
   .option(
     '-w, --whitelist <commands>',
     'Add commands to whitelist',
-    (commands) => commands.split(',')
+    (commands) => commands.split(',').map((command) => command.trim()).filter(Boolean)
   )
   .parse(process.argv);
 
 const fileValue = program.args[0];
 const { whitelist } = program.opts();
 
-if (!fileValue || !whitelist) {
+if (!fileValue || !whitelist || whitelist.length === 0) {
   console.log('altd <file> -w <commands...>');
   process.exit(1);
 }
 
-const altd = new AccessLogTailDispatcher(fileValue, whitelist);
+const registry = buildRegistry(whitelist);
+
+const altd = new AccessLogTailDispatcher(fileValue, registry);
 altd.run();

package/index.js

@@ -1,10 +1,24 @@
 #!/usr/bin/env node
+import { createRequire } from 'node:module';
 import { Command } from 'commander';
-import pkg from './package.json' assert { type: 'json' };
 import AccessLogTailDispatcher from './src/altd.js';
 
+const require = createRequire(import.meta.url);
+const pkg = require('./package.json');
+
 const program = new Command();
 
+const buildRegistry = (whitelist) => {
+  const registry = {};
+  for (const command of whitelist) {
+    registry[command] = {
+      execPath: command,
+      buildArgs: (rawArgs) => rawArgs,
+    };
+  }
+  return registry;
+};
+
 program
   .name('altd')
   .version(pkg.version)
@@ -13,17 +27,19 @@ program
   .option(
     '-w, --whitelist <commands>',
     'Add commands to whitelist',
-    (commands) => commands.split(',')
+    (commands) => commands.split(',').map((command) => command.trim()).filter(Boolean)
   )
   .parse(process.argv);
 
 const fileValue = program.args[0];
 const { whitelist } = program.opts();
 
-if (!fileValue || !whitelist) {
+if (!fileValue || !whitelist || whitelist.length === 0) {
   console.log('altd <file> -w <commands...>');
   process.exit(1);
 }
 
-const altd = new AccessLogTailDispatcher(fileValue, whitelist);
+const registry = buildRegistry(whitelist);
+
+const altd = new AccessLogTailDispatcher(fileValue, registry);
 altd.run();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "altd",
-  "version": "0.0.4",
+  "version": "0.0.6",
   "description": "Access log tail dispatcher",
   "type": "module",
   "bin": {

package/src/altd.js

@@ -1,132 +1,131 @@
-import {spawn} from 'child_process';
-import Tail from 'nodejs-tail';
-/**
- ** main class of AccessLogTailDispatcher
- */
+import { spawn as nodeSpawn } from "node:child_process";
+import Tail from "nodejs-tail";
+
 export default class AccessLogTailDispatcher {
-    /**
-     * @constructor
-     * @param {string} file access_log
-     * @param {Array} whitelist ['command1','command2'..]
-     */
-    constructor(file, whitelist) {
-        this.file = file;
-        this.whitelist = whitelist;
-        this.spawn = undefined;
-        this.tail = undefined;
-    }
-    /**
-     * Get the path from 'GET /path/to/dir HTTP'
-     * @param {string} line access_log
-     * @return {string} /path/to/dir
-     */
-    path(line) {
-        if (!(typeof line === 'string')) {
-            return '';
-        }
-        let match = line.match(
-            /GET\s((\/[a-z0-9-._~%!$&'()*+,;=:@?]+)+\/?)\sHTTP/i);
-        if (null !== match && match.length > 2) {
-            return match[1];
-        }
-        return '';
-    }
+  /**
+   * @param {string} file access_log
+   * @param {object} commandRegistry { [commandName]: { execPath: string, buildArgs: (rawArgs:string[])=>string[] } }
+   * @param {object} [opts]
+   */
+  constructor(file, commandRegistry, opts = {}) {
+    this.file = file;
+    this.registry = commandRegistry;
 
-    /**
-     * Extract command and args
-     * @param {string} path
-     * @return {Array} [command,arg1,arg2...]
-     */
-    commandWithArgs(path) {
-        if (!(typeof path === 'string')) {
-            return [];
-        }
-        let commands = path.split(/\//).map(function(element, index, array) {
-            let ret = "";
-            try{
-              ret = decodeURIComponent(element);
-            }catch(e){
-              console.error(e);
-            }
-            return ret;
-        });
-        commands.shift();
-        return commands;
-    }
+    this.spawnImpl = opts.spawnImpl ?? nodeSpawn;
+    this.tail = opts.tail
+      ?? new Tail(file, {
+        alwaysStat: true,
+        ignoreInitial: true,
+        persistent: true,
+      });
+  }
 
-    /**
-     * Filter by whitelist
-     * @param {Array} commandWithArgs [command,arg1,arg2...]
-     * @param {Array} whitelist ['command1','command2'...]
-     * @return {Array} filtered commandWithArgs
-     */
-    filterByWhitelist(commandWithArgs, whitelist) {
-        if (!this.isArray(commandWithArgs) ||
-            !this.isArray(whitelist) ||
-            commandWithArgs.length == 0 ||
-            whitelist.indexOf(commandWithArgs[0]) == -1
-        ) {
-            return [];
-        }
-        return commandWithArgs;
-    }
+  /**
+   * Extract request path from a typical access log line.
+   * More robust: parse "METHOD <url> HTTP/..."
+   * @param {string} line
+   * @returns {string} pathname like "/a/b"
+   */
+  extractPath(line) {
+    if (typeof line !== "string") return "";
 
-    /**
-     * Dispatch
-     * @param {Array} commandWithArgs [command,arg1,arg2...]
-     */
-    dispatch(commandWithArgs) {
-        if (commandWithArgs.length == 0) {
-            return;
-        }
-        let command = commandWithArgs.shift();
-        let proc = this.spawn(command, commandWithArgs);
-        proc.on('error', (err) => {
-            console.error(err);
-        });
-        proc.stdout.on('data', (data) => {
-            process.stdout.write(data.toString());
-        });
-    }
+    // Find something like: GET /foo/bar HTTP/1.1
+    const m = line.match(
+      /\b(GET|POST|PUT|DELETE|HEAD|OPTIONS)\s+(\S+)\s+HTTP\/\d(?:\.\d)?\b/i,
+    );
+    if (!m) return "";
 
-    /**
-     * isArray
-     * @param {object} obj [command,arg1,arg2...]
-     * @return {boolean}
-     */
-    isArray(obj) {
-        return Object.prototype.toString.call(obj) === '[object Array]';
+    const rawTarget = m[2];
+
+    if (rawTarget.startsWith("http://") || rawTarget.startsWith("https://")) {
+      try {
+        return new URL(rawTarget).pathname || "";
+      } catch {
+        return "";
+      }
     }
 
-    /**
-     * run
-     * @param {string} file
-     * @param {Array} whitelist ['command1','command2'...]
-     */
-    run(file, whitelist) {
-        if ( typeof file !== 'undefined') {
-            this.file = file;
-        }
-        if ( typeof whitelist !== 'undefined') {
-            this.whitelist = whitelist;
-        }
-        if ( typeof this.spawn === 'undefined') {
-            this.spawn = spawn;
-        }
-        if ( typeof this.tail === 'undefined') {
-            this.tail = new Tail(this.file,
-                {alwaysStat: true, ignoreInitial: true, persistent: true});
-        }
-        this.tail.on('line', (line) => {
-            this.dispatch(
-                this.filterByWhitelist(
-                    this.commandWithArgs(
-                        this.path(line)),
-                    this.whitelist));
-        });
-        this.tail.on('close', () => {
-            console.log('watching stopped');
-        });
-        this.tail.watch();
+    return rawTarget;
+  }
+
+  /**
+   * "/cmd/a/b" -> ["cmd","a","b"] (safe decode, size limits)
+   * @param {string} pathname
+   * @returns {string[]}
+   */
+  parseCommand(pathname) {
+    if (typeof pathname !== "string" || pathname === "") return [];
+    if (!pathname.startsWith("/")) return [];
+
+    const parts = pathname.split("/").filter(Boolean);
+    if (parts.length === 0) return [];
+
+    const decoded = [];
+    for (const p of parts) {
+      try {
+        decoded.push(decodeURIComponent(p));
+      } catch {
+        return [];
+      }
     }
+    return decoded;
+  }
+
+  /**
+   * Validate + build exec + args using registry
+   * @param {string[]} parsed ["cmd", ...rawArgs]
+   * @returns {{execPath:string,args:string[]}|null}
+   */
+  resolveExecution(parsed) {
+    if (!Array.isArray(parsed) || parsed.length === 0) return null;
+
+    const [cmd, ...rawArgs] = parsed;
+
+    const entry = this.registry[cmd];
+    if (!entry) return null;
+
+    const buildArgs = entry.buildArgs ?? ((args) => args);
+    const args = buildArgs(rawArgs);
+    if (!Array.isArray(args)) return null;
+
+    return { execPath: entry.execPath, args };
+  }
+
+  spawnCommand(execPath, args) {
+    const proc = this.spawnImpl(execPath, args, {
+      shell: false,
+      windowsHide: true,
+      stdio: "inherit",
+    });
+
+    proc.on("error", (err) => {
+      console.error("[spawn error]", err);
+    });
+  }
+
+  /**
+   * Start watching
+   */
+  run() {
+    this.tail.on("line", (line) => {
+      const pathname = this.extractPath(line);
+      const parsed = this.parseCommand(pathname);
+      const exec = this.resolveExecution(parsed);
+      if (!exec) return;
+
+      this.spawnCommand(exec.execPath, exec.args);
+    });
+
+    this.tail.on("close", () => {
+      console.log("watching stopped");
+    });
+
+    this.tail.watch();
+  }
+
+  stop() {
+    try {
+      this.tail.unwatch?.();
+    } catch {}
+  }
 }