fied 0.2.3 → 0.2.5

package/README.md

@@ -0,0 +1,71 @@
+# fied
+
+Share your tmux session in the browser. End-to-end encrypted.
+
+```
+npx fied
+```
+
+You get a link. Anyone with the link sees your terminal in real time and can type into it. The server never sees your data — the encryption key lives in the URL fragment (`#`), which never leaves the browser.
+
+## How it works
+
+```
+tmux on your machine
+  ↕ AES-256-GCM encrypted WebSocket
+fied.app relay (sees only opaque bytes)
+  ↕ AES-256-GCM encrypted WebSocket
+Browser viewer (decrypts with key from URL #fragment)
+```
+
+1. `npx fied` attaches to your tmux session and generates a 256-bit AES key
+2. You get a URL like `https://fied.app/s/a1b2c3d4#<key>`
+3. The viewer opens the link, decrypts in-browser, renders via xterm.js
+4. Keystrokes travel back the same encrypted path — fully interactive
+
+## Usage
+
+```bash
+# Share the only tmux session (auto-detected)
+npx fied
+
+# Share a specific session
+npx fied -s mysession
+
+# Use a custom relay (self-hosted)
+npx fied --relay https://your-relay.com
+```
+
+Running `npx fied` with no active share session opens a picker to select a tmux session. After the link is shown, you can send it to the background and manage active shares by running `npx fied` again.
+
+## Requirements
+
+- Node.js 18+
+- A running tmux session
+
+## Features
+
+- **End-to-end encrypted** — AES-256-GCM, key never reaches the server
+- **Interactive** — viewers can type, not just watch
+- **Background mode** — share persists after closing the terminal
+- **Session management** — list, stop, or reconnect to active shares
+- **Mobile support** — works on phones and tablets
+- **Up to 5 concurrent viewers** per session
+- **Auto-reconnect** — survives brief network interruptions
+- **Zero config** — just `npx fied`
+
+## Security
+
+- AES-256-GCM with random IV per message
+- Key placed in URL fragment — [never sent to the server](https://datatracker.ietf.org/doc/html/rfc3986#section-3.5)
+- Relay forwards opaque binary blobs
+- All traffic over WSS (TLS)
+- Rate-limited session creation
+
+## Self-hosting
+
+The relay is a Cloudflare Worker. See the [repo](https://github.com/gstohl/fied) for deployment instructions.
+
+## License
+
+MIT

package/dist/bin.js

@@ -34,13 +34,21 @@ async function importKey(rawKey) {
 function generateIV() {
   return getRandomValues(new Uint8Array(IV_LENGTH));
 }
-async function encrypt(key, plaintext) {
+async function encrypt(key, plaintext, additionalData) {
   const iv = generateIV();
-  const encrypted = await getSubtleCrypto().encrypt({ name: ALGORITHM, iv }, key, plaintext);
+  const algorithm = { name: ALGORITHM, iv };
+  if (additionalData) {
+    algorithm.additionalData = additionalData;
+  }
+  const encrypted = await getSubtleCrypto().encrypt(algorithm, key, plaintext);
   return { iv, ciphertext: new Uint8Array(encrypted) };
 }
-async function decrypt(key, iv, ciphertext) {
-  const decrypted = await getSubtleCrypto().decrypt({ name: ALGORITHM, iv }, key, ciphertext);
+async function decrypt(key, iv, ciphertext, additionalData) {
+  const algorithm = { name: ALGORITHM, iv };
+  if (additionalData) {
+    algorithm.additionalData = additionalData;
+  }
+  const decrypted = await getSubtleCrypto().decrypt(algorithm, key, ciphertext);
   return new Uint8Array(decrypted);
 }
 function toBase64Url(bytes) {
@@ -124,13 +132,14 @@ function attachSession(sessionName, cols, rows) {
 }
 
 // src/store.ts
-import { mkdirSync, readFileSync, writeFileSync } from "node:fs";
+import { chmodSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
 import { join } from "node:path";
 import { homedir } from "node:os";
 var STORE_DIR = join(homedir(), ".fied");
 var STORE_FILE = join(STORE_DIR, "sessions.json");
 function ensureDir() {
-  mkdirSync(STORE_DIR, { recursive: true });
+  mkdirSync(STORE_DIR, { recursive: true, mode: 448 });
+  chmodSync(STORE_DIR, 448);
 }
 function isAlive(pid) {
   try {
@@ -144,8 +153,29 @@ function loadSessions() {
   try {
     const raw = readFileSync(STORE_FILE, "utf-8");
     const entries = JSON.parse(raw);
-    const alive = entries.filter((e) => isAlive(e.pid));
-    if (alive.length !== entries.length) {
+    const normalized = [];
+    let needsRewrite = false;
+    for (const entry of entries) {
+      if (!entry || typeof entry !== "object") continue;
+      if (typeof entry.pid !== "number") continue;
+      if (typeof entry.tmuxSession !== "string") continue;
+      if (typeof entry.relay !== "string") continue;
+      if (typeof entry.startedAt !== "string") continue;
+      const sessionId = typeof entry.sessionId === "string" ? entry.sessionId : extractSessionIdFromUrl(entry.url);
+      if (typeof entry.sessionId !== "string" || typeof entry.url === "string") {
+        needsRewrite = true;
+      }
+      if (!sessionId) continue;
+      normalized.push({
+        pid: entry.pid,
+        tmuxSession: entry.tmuxSession,
+        sessionId,
+        relay: entry.relay,
+        startedAt: entry.startedAt
+      });
+    }
+    const alive = normalized.filter((e) => isAlive(e.pid));
+    if (alive.length !== entries.length || needsRewrite) {
       saveSessions(alive);
     }
     return alive;
@@ -155,7 +185,8 @@ function loadSessions() {
 }
 function saveSessions(entries) {
   ensureDir();
-  writeFileSync(STORE_FILE, JSON.stringify(entries, null, 2));
+  writeFileSync(STORE_FILE, JSON.stringify(entries, null, 2), { mode: 384 });
+  chmodSync(STORE_FILE, 384);
 }
 function addSession(entry) {
   const entries = loadSessions();
@@ -176,6 +207,16 @@ function stopSession(pid) {
     return false;
   }
 }
+function extractSessionIdFromUrl(url) {
+  if (typeof url !== "string") return null;
+  try {
+    const parsed = new URL(url);
+    const match = parsed.pathname.match(/^\/s\/([A-Za-z0-9_-]{8,64})$/);
+    return match ? match[1] : null;
+  } catch {
+    return null;
+  }
+}
 
 // src/index.ts
 var DEFAULT_RELAY = "https://fied.app";
@@ -188,6 +229,8 @@ var RESIZE_MAX_COLS = 1e3;
 var RESIZE_MIN_ROWS = 5;
 var RESIZE_MAX_ROWS = 300;
 var MAX_INVALID_RESIZE_FRAMES = 5;
+var MAX_INVALID_INPUT_FRAMES = 5;
+var MAX_RECENT_INPUT_NONCES = 2048;
 var RECONNECT_BASE_MS = 1e3;
 var RECONNECT_MAX_MS = 3e4;
 async function share(options) {
@@ -233,10 +276,14 @@ async function share(options) {
   const bridge = new RelayBridge(relayTarget, cryptoKey, keyFragment, pty, options.background, options.sessionId);
   const onUrl = (url) => {
     if (options.background) {
+      const sessionId = bridge.getSessionId();
+      if (!sessionId) {
+        throw new Error("missing session id for background mode");
+      }
       addSession({
         pid: process.pid,
         tmuxSession: targetSession,
-        url,
+        sessionId,
         relay: relayTarget.httpBase.toString(),
         startedAt: (/* @__PURE__ */ new Date()).toISOString()
       });
@@ -307,6 +354,9 @@ async function createSession(relayHttpBase) {
   return data.sessionId;
 }
 var WS_CONNECT_TIMEOUT_MS = 1e4;
+function typeAAD(type) {
+  return new Uint8Array([type & 255]);
+}
 var RelayBridge = class {
   constructor(relayTarget, key, keyFragment, pty, silent = false, sessionId) {
     this.relayTarget = relayTarget;
@@ -331,6 +381,12 @@ var RelayBridge = class {
   sessionId = null;
   onUrl = null;
   invalidResizeFrames = 0;
+  invalidInputFrames = 0;
+  seenInputNonces = /* @__PURE__ */ new Set();
+  inputNonceOrder = [];
+  getSessionId() {
+    return this.sessionId;
+  }
   async connect(onUrl) {
     if (this.destroyed) return;
     if (onUrl) {
@@ -387,10 +443,20 @@ var RelayBridge = class {
         const data = new Uint8Array(raw);
         const frame = parseFrame(data);
         if (frame.type === MSG_TERMINAL_INPUT) {
-          const plaintext = await decrypt(this.key, frame.iv, frame.ciphertext);
-          this.pty.write(this.decoder.decode(plaintext));
+          const plaintext = await decrypt(this.key, frame.iv, frame.ciphertext, typeAAD(frame.type));
+          const input = parseInputPayload(this.decoder.decode(plaintext));
+          if (!input || this.isReplayNonce(input.nonce)) {
+            this.invalidInputFrames += 1;
+            if (this.invalidInputFrames >= MAX_INVALID_INPUT_FRAMES) {
+              ws.close(1008, "invalid input frames");
+            }
+            return;
+          }
+          this.invalidInputFrames = 0;
+          this.rememberInputNonce(input.nonce);
+          this.pty.write(input.data);
         } else if (frame.type === MSG_RESIZE) {
-          const plaintext = await decrypt(this.key, frame.iv, frame.ciphertext);
+          const plaintext = await decrypt(this.key, frame.iv, frame.ciphertext, typeAAD(frame.type));
           const resize = parseResizePayload(this.decoder.decode(plaintext));
           if (!resize) {
             this.invalidResizeFrames += 1;
@@ -449,7 +515,7 @@ var RelayBridge = class {
   async sendEncrypted(type, plaintext) {
     if (!this.ws || this.ws.readyState !== WebSocket.OPEN) return;
     try {
-      const { iv, ciphertext } = await encrypt(this.key, plaintext);
+      const { iv, ciphertext } = await encrypt(this.key, plaintext, typeAAD(type));
       const frame = frameMessage(type, iv, ciphertext);
       this.ws.send(frame);
     } catch (err) {
@@ -459,7 +525,34 @@ var RelayBridge = class {
       }
     }
   }
+  isReplayNonce(nonce) {
+    return this.seenInputNonces.has(nonce);
+  }
+  rememberInputNonce(nonce) {
+    this.seenInputNonces.add(nonce);
+    this.inputNonceOrder.push(nonce);
+    while (this.inputNonceOrder.length > MAX_RECENT_INPUT_NONCES) {
+      const dropped = this.inputNonceOrder.shift();
+      if (!dropped) break;
+      this.seenInputNonces.delete(dropped);
+    }
+  }
 };
+function parseInputPayload(payload) {
+  let parsed;
+  try {
+    parsed = JSON.parse(payload);
+  } catch {
+    return null;
+  }
+  if (!parsed || typeof parsed !== "object") return null;
+  const typed = parsed;
+  if (typeof typed.nonce !== "string" || typed.nonce.length < 8 || typed.nonce.length > 64) {
+    return null;
+  }
+  if (typeof typed.data !== "string") return null;
+  return { nonce: typed.nonce, data: typed.data };
+}
 function parseResizePayload(payload) {
   let parsed;
   try {
@@ -469,6 +562,7 @@ function parseResizePayload(payload) {
   }
   if (!parsed || typeof parsed !== "object") return null;
   const typed = parsed;
+  if (typeof typed.nonce !== "string" || typed.nonce.length < 8 || typed.nonce.length > 64) return null;
   if (!Number.isInteger(typed.cols) || !Number.isInteger(typed.rows)) return null;
   const cols = typed.cols;
   const rows = typed.rows;
@@ -604,7 +698,8 @@ async function main() {
       const s = active[i];
       const age = timeSince(new Date(s.startedAt));
       console.error(`    \x1B[36m${i + 1}\x1B[0m) \x1B[1m${s.tmuxSession}\x1B[0m  ${age} ago`);
-      console.error(`       \x1B[4m\x1B[36m${s.url}\x1B[0m`);
+      console.error(`       relay: ${s.relay}`);
+      console.error(`       session: ${s.sessionId}`);
     }
     const action = await pickManageAction(active.length);
     if (action === "q") {

package/package.json

@@ -1,13 +1,14 @@
 {
   "name": "fied",
-  "version": "0.2.3",
+  "version": "0.2.5",
   "description": "Share your tmux session in the browser with end-to-end encryption",
   "type": "module",
   "bin": {
     "fied": "./dist/bin.js"
   },
   "files": [
-    "dist/bin.js"
+    "dist/bin.js",
+    "README.md"
   ],
   "scripts": {
     "build": "node build.mjs",