bdy 1.12.8-dev → 1.12.8-dev-pipeline-run

package/distTs/src/server/ssh.js

@@ -1,446 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const events_1 = __importDefault(require("events"));
-const ssh2_1 = __importDefault(require("ssh2"));
-const logger_js_1 = __importDefault(require("../logger.js"));
-const crypto_1 = require("crypto");
-const child_process_1 = require("child_process");
-const node_net_1 = __importDefault(require("node:net"));
-const sftp_1 = __importDefault(require("./sftp"));
-const buddy_1 = __importDefault(require("../api/buddy"));
-const pipeStreamToChannel = (stream, channel) => {
-    channel.once('exit', (code, signal) => {
-        logger_js_1.default.debug(`shell channel exit: ${code}, signal: ${signal}`);
-        if (stream.exit)
-            stream.exit(signal || code);
-    });
-    channel.on('close', () => {
-        stream.end();
-    });
-    channel.pipe(stream, { end: false }).pipe(channel);
-    channel.stderr.pipe(stream.stderr);
-};
-class ServerSsh extends events_1.default {
-    constructor(agent, login, password, hostKey) {
-        super();
-        this.agent = agent;
-        this.login = login;
-        this.password = password;
-        this.server = new ssh2_1.default.Server({
-            keepAlive: true,
-            hostKeys: [hostKey],
-            highWaterMark: 16 * 1024 * 1024,
-            ident: 'ssh2 server',
-        }, (client) => this.processClient(client));
-        this.server.listen();
-    }
-    stop() {
-        this.server.close();
-        this.server.removeAllListeners();
-        this.server = null;
-    }
-    handleSshTunnel(stream) {
-        this.server.injectSocket(stream);
-    }
-    checkValueSafe(input, allowed) {
-        const autoReject = input.length !== allowed.length;
-        if (autoReject)
-            allowed = input;
-        const isMatch = (0, crypto_1.timingSafeEqual)(input, allowed);
-        return (!autoReject && isMatch);
-    }
-    async verifyKey(ctx, keys) {
-        try {
-            for (let i = 0; i < keys.length; i += 1) {
-                const publicKey = ssh2_1.default.utils.parseKey(keys[i]);
-                if (ctx.key.algo !== publicKey.type)
-                    continue;
-                if (!this.checkValueSafe(ctx.key.data, publicKey.getPublicSSH()))
-                    continue;
-                if (ctx.signature && !publicKey.verify(ctx.blob, ctx.signature, ctx.hashAlgo))
-                    continue;
-                return true;
-            }
-        }
-        catch {
-            // do nothing
-        }
-        return false;
-    }
-    createProxyConnection(privateKey) {
-        return new Promise((resolve, reject) => {
-            const client = new ssh2_1.default.Client();
-            client.once('error', (err) => {
-                client.removeAllListeners();
-                reject(err);
-            });
-            client.once('ready', () => {
-                client.removeAllListeners();
-                resolve(client);
-            });
-            client.connect({
-                host: '127.0.0.1',
-                port: 22,
-                username: 'root',
-                privateKey: privateKey
-            });
-        });
-    }
-    async authenticateClient(ctx) {
-        const allowed = ['publickey', 'password'];
-        logger_js_1.default.debug(`auth method: ${ctx.method}`);
-        if (!allowed.includes(ctx.method)) {
-            ctx.reject(allowed);
-            return null;
-        }
-        if (ctx.method === 'password') {
-            if (!this.checkValueSafe(Buffer.from(ctx.username), Buffer.from(this.login))) {
-                ctx.reject(allowed);
-                return null;
-            }
-            if (!this.checkValueSafe(Buffer.from(ctx.password), Buffer.from(this.password))) {
-                ctx.reject(allowed);
-                return null;
-            }
-            ctx.accept();
-            return;
-        }
-        if (ctx.method === 'publickey') {
-            let keys;
-            let privateKey;
-            try {
-                const resp = await buddy_1.default.fetchAgentKeys(this.agent.id, this.agent.host, this.agent.token);
-                logger_js_1.default.debug(resp);
-                keys = resp.keys;
-                privateKey = resp.privateKey;
-            }
-            catch {
-                ctx.reject(allowed);
-                return null;
-            }
-            const verified = await this.verifyKey(ctx, keys);
-            if (!verified) {
-                logger_js_1.default.debug('not verified');
-                ctx.reject(allowed);
-                return null;
-            }
-            logger_js_1.default.debug('verified');
-            try {
-                const proxyClient = await this.createProxyConnection(privateKey);
-                logger_js_1.default.debug('proxy connected');
-                ctx.accept();
-                return proxyClient;
-            }
-            catch (err) {
-                logger_js_1.default.debug('proxy not connected');
-                logger_js_1.default.debug(err);
-                ctx.reject(allowed);
-                return null;
-            }
-        }
-        ctx.reject(allowed);
-        return null;
-    }
-    localExec(stream, command, env) {
-        const s = process.hrtime();
-        (0, child_process_1.exec)(command, {
-            env,
-        }, (err, stdout, stderr) => {
-            if (stream) {
-                stream.stderr.write(stderr);
-                stream.write(stdout);
-                stream.exit(!err ? 0 : 1);
-                stream.end();
-                stream = null;
-            }
-            const [seconds, nano] = process.hrtime(s);
-            const ms = seconds * 1000 + nano / 1000 / 1000;
-            logger_js_1.default.debug(`local ssh exec ends: ${ms}ms`);
-        });
-    }
-    clientSession(session, client, proxyClient) {
-        let env = {};
-        let sftp;
-        let channel;
-        let pty;
-        let x11;
-        const closeSession = () => {
-            logger_js_1.default.debug('ssh close session');
-            env = null;
-            pty = null;
-            x11 = null;
-            session.removeAllListeners();
-            session = null;
-            if (sftp) {
-                sftp.destroy();
-                sftp = null;
-            }
-            if (channel) {
-                channel.removeAllListeners();
-                channel = null;
-            }
-            client.removeListener('close', closeSession);
-            client = null;
-        };
-        client.on('close', closeSession);
-        session.on('close', closeSession);
-        session.on('end', closeSession);
-        session.on('pty', (accept, reject, info) => {
-            logger_js_1.default.debug('ssh pty');
-            logger_js_1.default.debug(info);
-            if (!proxyClient) {
-                if (reject)
-                    reject();
-                return;
-            }
-            pty = info;
-            if (accept)
-                accept();
-        });
-        session.on('window-change', (accept, reject, info) => {
-            logger_js_1.default.debug('ssh window-change');
-            logger_js_1.default.debug(info);
-            if (!proxyClient) {
-                if (reject)
-                    reject();
-                return;
-            }
-            if (!pty)
-                pty = {};
-            pty.cols = info.cols;
-            pty.height = info.height;
-            pty.rows = info.rows;
-            pty.width = info.width;
-            if (channel && channel.setWindow)
-                channel.setWindow(pty.rows, pty.cols, pty.height, pty.width);
-            if (accept)
-                accept();
-        });
-        session.on('shell', (accept, reject) => {
-            logger_js_1.default.debug('ssh shell');
-            if (!proxyClient || !accept) {
-                if (reject)
-                    reject();
-                return;
-            }
-            const stream = accept();
-            proxyClient.shell(pty, {
-                env,
-                x11
-            }, (err, c) => {
-                if (err || !c) {
-                    if (reject)
-                        reject();
-                    return;
-                }
-                pipeStreamToChannel(stream, c);
-            });
-        });
-        session.on('signal', (accept, reject, info) => {
-            logger_js_1.default.debug('ssh signal');
-            logger_js_1.default.debug(info);
-            const { name } = info;
-            if (!proxyClient || !name || !channel || !channel.signal) {
-                if (reject)
-                    reject();
-                return;
-            }
-            channel.signal(name);
-            if (accept)
-                accept();
-        });
-        session.on('subsystem', (accept, reject, info) => {
-            logger_js_1.default.debug('ssh subsystem');
-            logger_js_1.default.debug(info);
-            const { name } = info;
-            if (!proxyClient || !accept || !name) {
-                if (reject)
-                    reject();
-                return;
-            }
-            const stream = accept();
-            proxyClient.subsys(name, (err, c) => {
-                if (err || !c) {
-                    if (reject)
-                        reject();
-                    return;
-                }
-                pipeStreamToChannel(stream, c);
-            });
-        });
-        session.on('x11', (accept, reject, info) => {
-            logger_js_1.default.debug('ssh x11');
-            logger_js_1.default.debug(info);
-            if (!proxyClient) {
-                if (reject)
-                    reject();
-                return;
-            }
-            x11 = info;
-            if (accept)
-                accept();
-        });
-        session.on('exec', (accept, reject, info) => {
-            logger_js_1.default.debug('ssh exec');
-            logger_js_1.default.debug(info);
-            if (!info.command || !accept) {
-                if (reject)
-                    reject();
-                return;
-            }
-            const stream = accept();
-            if (!proxyClient) {
-                this.localExec(stream, info.command, env);
-                return;
-            }
-            proxyClient.exec(info.command, {
-                env,
-                pty,
-                x11
-            }, (err, c) => {
-                if (err || !c) {
-                    if (reject)
-                        reject();
-                    return;
-                }
-                pipeStreamToChannel(stream, c);
-            });
-        });
-        session.on('env', (accept, reject, info) => {
-            logger_js_1.default.debug('ssh env');
-            logger_js_1.default.debug(info);
-            Object.keys(info || {}).forEach((key) => {
-                env[key] = info[key];
-            });
-            if (accept)
-                accept();
-        });
-        session.on('sftp', (accept, reject) => {
-            logger_js_1.default.debug('sftp');
-            if (!sftp && accept) {
-                sftp = new sftp_1.default(accept());
-            }
-            else if (reject) {
-                reject();
-            }
-        });
-    }
-    processClient(client) {
-        logger_js_1.default.debug('new ssh client');
-        let proxyClient;
-        client.setNoDelay();
-        client.on('authentication', async (ctx) => {
-            logger_js_1.default.debug('ssh authentication');
-            proxyClient = await this.authenticateClient(ctx);
-            if (proxyClient) {
-                proxyClient.on('tcp connection', (details, accept, reject) => {
-                    logger_js_1.default.debug('new ssh client forward connection');
-                    logger_js_1.default.debug(details);
-                    const { destIP, destPort, srcIP, srcPort } = details;
-                    client.forwardOut(destIP, destPort, srcIP, srcPort, (err, channel) => {
-                        logger_js_1.default.debug('new ssh client forward out connection');
-                        logger_js_1.default.debug({ destIP, destPort, srcIP, srcPort });
-                        if (err) {
-                            reject();
-                            return;
-                        }
-                        const stream = accept();
-                        channel.pipe(stream).pipe(channel);
-                    });
-                });
-            }
-        });
-        client.on('close', () => {
-            logger_js_1.default.debug('ssh close');
-            if (proxyClient) {
-                try {
-                    proxyClient.removeAllListeners();
-                    proxyClient.end();
-                }
-                catch {
-                    // do nothing
-                }
-                proxyClient = null;
-            }
-            setTimeout(() => {
-                client.removeAllListeners();
-                client = null;
-            }, 1000);
-        });
-        client.on('tcpip', (accept, reject, info) => {
-            logger_js_1.default.debug('ssh tcpip request');
-            logger_js_1.default.debug(info);
-            const { destIP, destPort } = info;
-            let accepted = false;
-            const socket = node_net_1.default.connect({
-                host: destIP,
-                port: destPort
-            });
-            socket.on('connect', () => {
-                accepted = true;
-                const channel = accept();
-                channel.pipe(socket).pipe(channel);
-            });
-            const closeSocket = () => {
-                try {
-                    socket.removeAllListeners();
-                    socket.end();
-                }
-                catch {
-                    // do nothing
-                }
-                if (!accepted)
-                    reject();
-            };
-            socket.setTimeout(10000);
-            socket.on('timeout', closeSocket);
-            socket.on('error', closeSocket);
-            socket.on('close', closeSocket);
-        });
-        client.on('request', (accept, reject, name, info) => {
-            logger_js_1.default.debug('ssh forward request');
-            logger_js_1.default.debug(name);
-            logger_js_1.default.debug(info);
-            if (!proxyClient) {
-                reject();
-                return;
-            }
-            if (name === 'tcpip-forward') {
-                let { bindAddr, bindPort } = info;
-                proxyClient.forwardIn(bindAddr, bindPort, (err, port) => {
-                    if (err) {
-                        reject();
-                        return;
-                    }
-                    accept(port);
-                });
-                return;
-            }
-            if (name === 'cancel-tcpip-forward') {
-                const { bindAddr, bindPort } = info;
-                proxyClient.unforwardIn(bindAddr, bindPort, (err) => {
-                    if (err) {
-                        reject();
-                        return;
-                    }
-                    accept();
-                });
-                return;
-            }
-            reject();
-        });
-        client.on('error', (err) => {
-            logger_js_1.default.debug('Error on ssh server client');
-            logger_js_1.default.debug(err);
-            client.end();
-        });
-        client.on('session', (accept) => {
-            logger_js_1.default.debug('ssh session');
-            this.clientSession(accept(), client, proxyClient);
-        });
-    }
-}
-exports.default = ServerSsh;

package/distTs/src/server/tls.js

@@ -1,41 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const events_1 = __importDefault(require("events"));
-const tls_1 = __importDefault(require("tls"));
-const cert_js_1 = __importDefault(require("./cert.js"));
-const utils_1 = require("../utils");
-class ServerTls extends events_1.default {
-    constructor(key, cert, ca) {
-        super();
-        this.key = key;
-        this.cert = cert;
-        this.ca = ca;
-        if (!this.key || !this.cert) {
-            const c = new cert_js_1.default();
-            this.key = c.key;
-            this.cert = c.cert;
-        }
-        this.server = tls_1.default.createServer({
-            handshakeTimeout: 60000,
-            key: this.key,
-            cert: this.cert,
-            ca: this.ca,
-            rejectUnauthorized: !!this.ca,
-            requestCert: !!this.ca,
-        }, (socket) => this.processSocket(socket));
-    }
-    async processSocket(socket) {
-        this.emit(utils_1.TLS_SOCKET, socket);
-    }
-    handleSshTunnel(channel) {
-        this.server.emit('connection', channel);
-    }
-    stop() {
-        this.server.removeAllListeners();
-        this.server = null;
-    }
-}
-exports.default = ServerTls;

package/distTs/src/ssh/client.js

@@ -1,197 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const ssh2_1 = require("ssh2");
-const events_1 = __importDefault(require("events"));
-const logger_js_1 = __importDefault(require("../logger.js"));
-const texts_js_1 = require("../texts.js");
-const utils_1 = require("../utils");
-class SshClient extends events_1.default {
-    constructor(ip, port, username, password) {
-        super();
-        this.ip = ip;
-        this.port = port;
-        this.username = username;
-        this.password = password;
-        this.keepalive = false;
-        logger_js_1.default.debug(`New ssh client: ${username}:${password}@${ip}:${port}`);
-    }
-    async open() {
-        return new Promise((resolve, reject) => {
-            this.close();
-            this.client = new ssh2_1.Client();
-            this.client.setNoDelay();
-            this.client.on('ready', () => {
-                this.client.removeAllListeners();
-                this.client.on('error', () => { });
-                resolve();
-            });
-            this.client.once('error', (err) => {
-                this.client.removeAllListeners();
-                reject(err);
-            });
-            try {
-                this.client.connect({
-                    algorithms: {
-                        cipher: ['aes256-gcm@openssh.com'],
-                        compress: ['none'],
-                        hmac: ['hmac-sha2-256-etm@openssh.com'],
-                        kex: ['ecdh-sha2-nistp256'],
-                    },
-                    keepaliveInterval: 10000,
-                    host: this.ip,
-                    port: this.port,
-                    username: this.username,
-                    password: this.password,
-                });
-            }
-            catch (err) {
-                reject(err);
-            }
-        });
-    }
-    waitForStreamReadable(s) {
-        return new Promise((resolve) => {
-            s.once('readable', resolve);
-        });
-    }
-    async readStreamBytes(s, toRead) {
-        await this.waitForStreamReadable(s);
-        const data = s.read(toRead) ?? s.read();
-        if (data === null) {
-            return this.readStreamBytes(s, toRead);
-        }
-        const newToRead = toRead - data.length;
-        if (newToRead <= 0)
-            return data;
-        const newData = await this.readStreamBytes(s, newToRead);
-        return Buffer.concat([data, newData]);
-    }
-    async processStream(stream, info) {
-        stream.allowHalfOpen = false;
-        if (stream.readableFlowing)
-            stream.pause();
-        stream.on('error', () => {
-            try {
-                stream.removeAllListeners();
-                stream.once('error', () => { });
-                stream.end();
-            }
-            catch {
-                // do nothing
-            }
-            setTimeout(() => {
-                try {
-                    stream.destroy();
-                }
-                catch {
-                    // do nothing
-                }
-            }, 1000);
-        });
-        stream.on('close', () => {
-            stream.removeAllListeners();
-        });
-        const triggerStream = (type, ip) => {
-            stream.removeAllListeners();
-            this.emit(type, stream, info, ip);
-        };
-        let type;
-        let ip;
-        try {
-            const b = await this.readStreamBytes(stream, 50);
-            const s = b.toString('utf8').replace(/\s+/, ' ').split(' ');
-            if (s.length !== 2)
-                throw new Error(texts_js_1.ERR_WRONG_HANDSHAKE);
-            type = parseInt(s[0]);
-            ip = s[1];
-        }
-        catch (err) {
-            stream.emit('error', err);
-            return;
-        }
-        if (type === utils_1.SOCKET_TYPE_TLS) {
-            logger_js_1.default.debug((0, texts_js_1.LOG_DETECTED_STREAM)('TLS'));
-            triggerStream(utils_1.SSH_CLIENT_EVENT_STREAM_TLS, ip);
-            return;
-        }
-        if (type === utils_1.SOCKET_TYPE_HTTP1) {
-            logger_js_1.default.debug((0, texts_js_1.LOG_DETECTED_STREAM)('HTTP1'));
-            triggerStream(utils_1.SSH_CLIENT_EVENT_STREAM_HTTP1, ip);
-            return;
-        }
-        if (type === utils_1.SOCKET_TYPE_HTTP2) {
-            logger_js_1.default.debug((0, texts_js_1.LOG_DETECTED_STREAM)('HTTP2'));
-            triggerStream(utils_1.SSH_CLIENT_EVENT_STREAM_HTTP2, ip);
-            return;
-        }
-        if (type === utils_1.SOCKET_TYPE_TCP) {
-            logger_js_1.default.debug((0, texts_js_1.LOG_DETECTED_STREAM)('TCP'));
-            triggerStream(utils_1.SSH_CLIENT_EVENT_STREAM_TCP, ip);
-            return;
-        }
-        if (type === utils_1.SOCKET_TYPE_SSH) {
-            logger_js_1.default.debug((0, texts_js_1.LOG_DETECTED_STREAM)('SSH'));
-            triggerStream(utils_1.SSH_CLIENT_EVENT_STREAM_SSH, ip);
-            return;
-        }
-        logger_js_1.default.debug(texts_js_1.LOG_WRONG_STREAM);
-        stream.emit('error', new Error(texts_js_1.ERR_WRONG_STREAM));
-    }
-    forwardIn(port) {
-        return new Promise((resolve, reject) => {
-            this.client.on('tcp connection', async (info, accept) => {
-                logger_js_1.default.debug(texts_js_1.LOG_SSH_CONNECTION);
-                return this.processStream(accept(), info);
-            });
-            this.client.forwardIn('0.0.0.0', port, (err) => {
-                if (err)
-                    reject(err);
-                else
-                    resolve(err);
-            });
-        });
-    }
-    closeKeepAlive() {
-        this.keepalive = false;
-        this.close();
-    }
-    openKeepAlive() {
-        logger_js_1.default.debug(`SSH client open`);
-        this.keepalive = true;
-        this.open()
-            .then(() => {
-            logger_js_1.default.debug(`SSH client opened`);
-            this.emit(utils_1.SSH_CLIENT_EVENT_CONNECTED);
-            this.client.on('close', () => {
-                logger_js_1.default.debug(`SSH client closed`);
-                if (this.keepalive)
-                    this.openKeepAlive();
-            });
-        })
-            .catch(() => {
-            logger_js_1.default.debug(`SSH client closed`);
-            this.emit(utils_1.SSH_CLIENT_EVENT_DISCONNECTED);
-            setTimeout(() => {
-                if (this.keepalive)
-                    this.openKeepAlive();
-            }, 3000);
-        });
-    }
-    close() {
-        if (this.client) {
-            try {
-                this.client.removeAllListeners();
-                this.client.on('error', () => { });
-                this.client.end();
-            }
-            catch {
-                // nic nie rob
-            }
-            this.client = null;
-        }
-    }
-}
-exports.default = SshClient;