cdp-tunnel 2.5.21 → 2.6.0

package/server/saas/auth.js

@@ -0,0 +1,128 @@
+/**
+ * 认证工具 — JWT + API Key + 密码哈希
+ */
+const jwt = require('jsonwebtoken');
+const bcrypt = require('bcryptjs');
+const { v4: uuidv4 } = require('uuid');
+const db = require('./db');
+
+// JWT 密钥（生产环境应通过环境变量配置）
+const JWT_SECRET = process.env.JWT_SECRET || 'cdp-tunnel-saas-dev-secret-change-in-production';
+const JWT_EXPIRES_IN = '24h';
+
+// ====== 密码管理 ======
+
+function hashPassword(password) {
+    return bcrypt.hashSync(password, 10);
+}
+
+function verifyPassword(password, hash) {
+    return bcrypt.compareSync(password, hash);
+}
+
+// ====== JWT 管理 ======
+
+function generateToken(user) {
+    return jwt.sign(
+        { userId: user.id, email: user.email },
+        JWT_SECRET,
+        { expiresIn: JWT_EXPIRES_IN }
+    );
+}
+
+function verifyToken(token) {
+    try {
+        return jwt.verify(token, JWT_SECRET);
+    } catch (e) {
+        return null;
+    }
+}
+
+// ====== 用户管理 ======
+
+function createUser(email, password, displayName) {
+    const id = uuidv4();
+    const passwordHash = hashPassword(password);
+    db.prepare(`
+        INSERT INTO users (id, email, password_hash, display_name)
+        VALUES (?, ?, ?, ?)
+    `).run(id, email, passwordHash, displayName || email.split('@')[0]);
+    return { id, email, displayName: displayName || email.split('@')[0] };
+}
+
+function findUserByEmail(email) {
+    return db.prepare('SELECT * FROM users WHERE email = ?').get(email);
+}
+
+function findUserById(id) {
+    return db.prepare('SELECT id, email, display_name, created_at FROM users WHERE id = ?').get(id);
+}
+
+function authenticateUser(email, password) {
+    const user = findUserByEmail(email);
+    if (!user) return null;
+    if (!verifyPassword(password, user.password_hash)) return null;
+    return { id: user.id, email: user.email, displayName: user.display_name };
+}
+
+// ====== API Key 管理 ======
+
+function generateApiKey() {
+    return 'cdp_' + uuidv4().replace(/-/g, '') + uuidv4().replace(/-/g, '');
+}
+
+function createApiKey(userId, name) {
+    const id = uuidv4();
+    const key = generateApiKey();
+    db.prepare(`
+        INSERT INTO api_keys (id, user_id, key, name)
+        VALUES (?, ?, ?, ?)
+    `).run(id, userId, key, name || 'default');
+    return { id, key, name: name || 'default' };
+}
+
+function validateApiKey(key) {
+    const apiKey = db.prepare('SELECT * FROM api_keys WHERE key = ? AND active = 1').get(key);
+    if (!apiKey) return null;
+    // 更新最后使用时间
+    db.prepare('UPDATE api_keys SET last_used_at = datetime("now") WHERE id = ?').run(apiKey.id);
+    return { userId: apiKey.user_id, keyId: apiKey.id, keyName: apiKey.name };
+}
+
+function listApiKeys(userId) {
+    return db.prepare('SELECT id, name, active, created_at, last_used_at FROM api_keys WHERE user_id = ?').all(userId);
+}
+
+function revokeApiKey(keyId, userId) {
+    return db.prepare('UPDATE api_keys SET active = 0 WHERE id = ? AND user_id = ?').run(keyId, userId);
+}
+
+// ====== 初始化种子用户（仅开发环境） ======
+
+function seedAdminUser() {
+    const existing = findUserByEmail('admin@cdp-tunnel.dev');
+    if (!existing) {
+        const user = createUser('admin@cdp-tunnel.dev', 'admin123', 'Admin');
+        const apiKey = createApiKey(user.id, 'default');
+        console.log('[SAAS] Seed admin user created');
+        console.log('[SAAS]   Email: admin@cdp-tunnel.dev');
+        console.log('[SAAS]   Password: admin123');
+        console.log('[SAAS]   API Key:', apiKey.key);
+    }
+}
+
+module.exports = {
+    hashPassword,
+    verifyPassword,
+    generateToken,
+    verifyToken,
+    createUser,
+    findUserByEmail,
+    findUserById,
+    authenticateUser,
+    createApiKey,
+    validateApiKey,
+    listApiKeys,
+    revokeApiKey,
+    seedAdminUser
+};

package/server/saas/cdp-proxy.js

@@ -0,0 +1,36 @@
+/**
+ * CDP 代理桥接
+ * SaaS API 服务器通过此模块查询 CDP 代理的浏览器信息
+ */
+const http = require('http');
+
+const CDP_HOST = process.env.CDP_HOST || 'localhost';
+const CDP_PORT = parseInt(process.env.CDP_PORT || '9221');
+
+function cdpRequest(path) {
+    return new Promise((resolve, reject) => {
+        http.get(`http://${CDP_HOST}:${CDP_PORT}${path}`, (res) => {
+            let data = '';
+            res.on('data', chunk => data += chunk);
+            res.on('end', () => {
+                try { resolve(JSON.parse(data)); } catch { resolve(data); }
+            });
+        }).on('error', reject);
+    });
+}
+
+async function getBrowsers(userId) {
+    try {
+        const browsers = await cdpRequest('/json/browsers');
+        if (!Array.isArray(browsers)) return [];
+        if (userId) {
+            return browsers.filter(b => b.userId === userId);
+        }
+        return browsers;
+    } catch (e) {
+        console.error('[CDP] Failed to get browsers:', e.message);
+        return [];
+    }
+}
+
+module.exports = { getBrowsers, cdpRequest };

package/server/saas/db.js

@@ -0,0 +1,48 @@
+/**
+ * SaaS 多租户数据库
+ * SQLite — 单文件，零配置
+ */
+const Database = require('better-sqlite3');
+const path = require('path');
+const os = require('os');
+const fs = require('fs');
+
+const DB_DIR = path.join(os.homedir(), '.cdp-tunnel');
+const DB_PATH = path.join(DB_DIR, 'saas.db');
+
+if (!fs.existsSync(DB_DIR)) {
+    fs.mkdirSync(DB_DIR, { recursive: true });
+}
+
+const db = new Database(DB_PATH);
+
+// 启用 WAL 模式（高并发读友好）
+db.pragma('journal_mode = WAL');
+db.pragma('foreign_keys = ON');
+
+// 创建表
+db.exec(`
+    CREATE TABLE IF NOT EXISTS users (
+        id TEXT PRIMARY KEY,
+        email TEXT UNIQUE NOT NULL,
+        password_hash TEXT NOT NULL,
+        display_name TEXT NOT NULL DEFAULT '',
+        created_at TEXT NOT NULL DEFAULT (datetime('now')),
+        updated_at TEXT NOT NULL DEFAULT (datetime('now'))
+    );
+
+    CREATE TABLE IF NOT EXISTS api_keys (
+        id TEXT PRIMARY KEY,
+        user_id TEXT NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+        key TEXT UNIQUE NOT NULL,
+        name TEXT NOT NULL DEFAULT 'default',
+        active INTEGER NOT NULL DEFAULT 1,
+        created_at TEXT NOT NULL DEFAULT (datetime('now')),
+        last_used_at TEXT
+    );
+
+    CREATE INDEX IF NOT EXISTS idx_api_keys_key ON api_keys(key);
+    CREATE INDEX IF NOT EXISTS idx_api_keys_user_id ON api_keys(user_id);
+`);
+
+module.exports = db;

package/server/saas/index.js

@@ -0,0 +1,147 @@
+/**
+ * CDP Tunnel SaaS 平台入口
+ * 
+ * 启动方式：
+ *   node server/saas/index.js
+ * 
+ * 环境变量：
+ *   PORT=9220    API 服务器端口（默认 9220）
+ *   CDP_PORT=9221  CDP 代理端口（默认 9221）
+ *   JWT_SECRET   JWT 签名密钥
+ */
+const http = require('http');
+const httpProxy = require('http-proxy');
+const path = require('path');
+const fs = require('fs');
+const { createRouter } = require('./routes');
+const auth = require('./auth');
+const { getBrowsers } = require('./cdp-proxy');
+
+// 端口配置
+const API_PORT = parseInt(process.env.PORT || '9220');
+const CDP_PORT = parseInt(process.env.CDP_PORT || '9221');
+const WEB_UI_DIR = path.join(__dirname, 'web');
+
+// 安装 http-proxy 依赖
+// npm install http-proxy
+
+// 创建反向代理到 CDP 服务器
+const cdpProxy = httpProxy.createProxyServer({
+    target: {
+        host: 'localhost',
+        port: CDP_PORT
+    },
+    ws: true  // 支持 WebSocket 代理
+});
+
+// CDP 路径列表（需要代理到 9221）
+const CDP_PATHS = [
+    '/plugin',
+    '/client',
+    '/json',  
+    '/devtools'
+];
+
+// Seed 管理员用户
+auth.seedAdminUser();
+
+// 创建路由
+const pluginConnections = new Set();
+const getNamespace = () => ({});
+const router = createRouter(pluginConnections, getNamespace);
+
+const server = http.createServer((req, res) => {
+    // CORS
+    res.setHeader('Access-Control-Allow-Origin', '*');
+    res.setHeader('Access-Control-Allow-Methods', 'GET, POST, DELETE, OPTIONS');
+    res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
+    res.setHeader('Access-Control-Allow-Credentials', 'true');
+
+    if (req.method === 'OPTIONS') {
+        res.writeHead(204);
+        res.end();
+        return;
+    }
+
+    const url = new URL(req.url, `http://localhost`);
+
+    // CDP 路径 → 代理到 9221
+    const shouldProxy = CDP_PATHS.some(p => url.pathname === p || url.pathname.startsWith(p + '/'));
+    if (shouldProxy) {
+        cdpProxy.web(req, res, { target: { host: 'localhost', port: CDP_PORT } }, (err) => {
+            console.error('[PROXY] CDP proxy error:', err.message);
+            res.writeHead(502);
+            res.end('Bad Gateway');
+        });
+        return;
+    }
+
+    // API: 浏览器列表 — 从 CDP 代理获取
+    if (req.method === 'GET' && url.pathname === '/api/browsers') {
+        const authHeader = req.headers['authorization'];
+        if (!authHeader) {
+            res.writeHead(401);
+            res.end(JSON.stringify({ error: 'Unauthorized' }));
+            return;
+        }
+        const token = authHeader.replace('Bearer ', '');
+        const session = auth.verifyToken(token);
+        if (!session) {
+            res.writeHead(401);
+            res.end(JSON.stringify({ error: 'Invalid token' }));
+            return;
+        }
+
+        getBrowsers(session.userId).then(browsers => {
+            res.writeHead(200, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify({ browsers }));
+        }).catch(e => {
+            res.writeHead(500);
+            res.end(JSON.stringify({ error: e.message }));
+        });
+        return;
+    }
+
+    // 静态文件（Web UI）
+    if (req.method === 'GET') {
+        let filePath;
+        if (url.pathname === '/' || url.pathname === '/index.html') {
+            filePath = path.join(WEB_UI_DIR, 'index.html');
+        } else {
+            filePath = path.join(WEB_UI_DIR, url.pathname);
+        }
+        
+        if (fs.existsSync(filePath) && fs.statSync(filePath).isFile()) {
+            const extMap = {
+                '.html': 'text/html', '.js': 'text/javascript', '.css': 'text/css',
+                '.png': 'image/png', '.svg': 'image/svg+xml', '.ico': 'image/x-icon',
+                '.json': 'application/json'
+            };
+            const ext = path.extname(filePath);
+            res.writeHead(200, { 'Content-Type': extMap[ext] || 'text/plain' });
+            res.end(fs.readFileSync(filePath));
+            return;
+        }
+    }
+
+    // 其他 API 路由
+    router(req, res);
+});
+
+// WebSocket 升级处理 — CDP 路径代理到 9221
+server.on('upgrade', (req, socket, head) => {
+    const url = new URL(req.url, `http://localhost`);
+    const shouldProxy = CDP_PATHS.some(p => url.pathname === p || url.pathname.startsWith(p + '/'));
+    if (shouldProxy) {
+        cdpProxy.ws(req, socket, head, { target: { host: 'localhost', port: CDP_PORT } });
+    } else {
+        socket.destroy();
+    }
+});
+
+server.listen(API_PORT, '0.0.0.0', () => {
+    console.log(`[SAAS] Server started on port ${API_PORT}`);
+    console.log(`[SAAS] CDP proxy: http://localhost:${CDP_PORT}`);
+    console.log(`[SAAS] Web UI: http://localhost:${API_PORT}`);
+    console.log(`[SAAS] Login: admin@cdp-tunnel.dev / admin123`);
+});

package/server/saas/routes.js

@@ -0,0 +1,184 @@
+/**
+ * SaaS REST API 路由
+ */
+const { v4: uuidv4 } = require('uuid');
+const auth = require('./auth');
+
+function createRouter(pluginConnections, getNamespace) {
+    // 返回 express 风格的 router 函数：fn(req, res)
+    const routes = [];
+
+    function get(method, path, handler) {
+        routes.push({ method, path, handler });
+    }
+
+    function post(method, path, handler) {
+        routes.push({ method: 'POST', path, handler });
+    }
+
+    function parseBody(req) {
+        return new Promise((resolve) => {
+            let body = '';
+            req.on('data', chunk => body += chunk);
+            req.on('end', () => {
+                try { resolve(JSON.parse(body)); } catch { resolve({}); }
+            });
+        });
+    }
+
+    function json(res, data, status = 200) {
+        res.writeHead(status, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify(data));
+    }
+
+    function error(res, message, status = 400) {
+        json(res, { error: message }, status);
+    }
+
+    // ====== 认证中间件 ======
+    function requireAuth(req) {
+        const authHeader = req.headers['authorization'];
+        if (!authHeader) return null;
+        const token = authHeader.replace('Bearer ', '');
+        return auth.verifyToken(token);
+    }
+
+    // ====== Auth Routes ======
+
+    post('POST', '/api/auth/login', async (req, res) => {
+        const body = await parseBody(req);
+        const { email, password } = body;
+        if (!email || !password) return error(res, 'Email and password required');
+
+        const user = auth.authenticateUser(email, password);
+        if (!user) return error(res, 'Invalid email or password', 401);
+
+        const token = auth.generateToken(user);
+        const apiKeys = auth.listApiKeys(user.id);
+
+        json(res, {
+            token,
+            user: {
+                id: user.id,
+                email: user.email,
+                displayName: user.displayName
+            },
+            apiKeys
+        });
+    });
+
+    get('GET', '/api/auth/me', async (req, res) => {
+        const session = requireAuth(req);
+        if (!session) return error(res, 'Unauthorized', 401);
+
+        const user = auth.findUserById(session.userId);
+        if (!user) return error(res, 'User not found', 404);
+
+        json(res, { user });
+    });
+
+    // ====== API Key Routes ======
+
+    get('GET', '/api/api-keys', async (req, res) => {
+        const session = requireAuth(req);
+        if (!session) return error(res, 'Unauthorized', 401);
+
+        const keys = auth.listApiKeys(session.userId);
+        json(res, { apiKeys: keys });
+    });
+
+    post('POST', '/api/api-keys', async (req, res) => {
+        const session = requireAuth(req);
+        if (!session) return error(res, 'Unauthorized', 401);
+
+        const body = await parseBody(req);
+        const apiKey = auth.createApiKey(session.userId, body.name);
+        json(res, { apiKey }, 201);
+    });
+
+    post('POST', '/api/api-keys/:id/revoke', async (req, res) => {
+        const session = requireAuth(req);
+        if (!session) return error(res, 'Unauthorized', 401);
+
+        // 从 URL 中提取 id
+        const id = req.url.split('/').filter(Boolean).pop();
+        const result = auth.revokeApiKey(id, session.userId);
+        if (result.changes === 0) return error(res, 'API key not found', 404);
+        json(res, { success: true });
+    });
+
+    // ====== Browser Routes ======
+
+    get('GET', '/api/browsers', async (req, res) => {
+        const session = requireAuth(req);
+        if (!session) return error(res, 'Unauthorized', 401);
+
+        const browsers = [];
+        for (const pluginWs of pluginConnections) {
+            if (pluginWs.readyState !== WebSocket.OPEN) continue;
+            // 只返回属于当前用户的 plugin
+            if (pluginWs.userId !== session.userId) continue;
+
+            const ns = getNamespace(pluginWs);
+            browsers.push({
+                pluginId: pluginWs.pluginId,
+                name: pluginWs.pluginName || 'My Browser',
+                targets: ns.cachedTargets.length,
+                connected: true,
+                connectedAt: pluginWs.connectedAt,
+                webSocketDebuggerUrl: `ws://${req.headers.host}/devtools/browser/${pluginWs.pluginId}`,
+                // 给 web UI 用的直接连接地址
+                cdpHttpUrl: `https://${req.headers.host}/json/version/${pluginWs.pluginId}`
+            });
+        }
+
+        json(res, { browsers });
+    });
+
+    // ====== 返回路由处理函数 ======
+
+    return async (req, res) => {
+        // CORS
+        res.setHeader('Access-Control-Allow-Origin', '*');
+        res.setHeader('Access-Control-Allow-Methods', 'GET, POST, DELETE, OPTIONS');
+        res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
+
+        if (req.method === 'OPTIONS') {
+            res.writeHead(204);
+            res.end();
+            return;
+        }
+
+        const url = new URL(req.url, `http://localhost`);
+
+        for (const route of routes) {
+            if (route.method !== req.method) continue;
+
+            // 简单的路径匹配（支持 :id 占位符）
+            const routeParts = route.path.split('/').filter(Boolean);
+            const urlParts = url.pathname.split('/').filter(Boolean);
+
+            if (routeParts.length !== urlParts.length) continue;
+
+            let match = true;
+            const params = {};
+            for (let i = 0; i < routeParts.length; i++) {
+                if (routeParts[i].startsWith(':')) {
+                    params[routeParts[i].slice(1)] = urlParts[i];
+                } else if (routeParts[i] !== urlParts[i]) {
+                    match = false;
+                    break;
+                }
+            }
+
+            if (match) {
+                req.params = params;
+                return route.handler(req, res);
+            }
+        }
+
+        json(res, { error: 'Not found' }, 404);
+    };
+}
+
+module.exports = { createRouter };