npm - fied - Versions diffs - 0.2.8 → 0.2.9 - Mend

fied 0.2.8 → 0.2.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/bin.js +53 -34
package/package.json +1 -1

package/dist/bin.js CHANGED Viewed

@@ -262,9 +262,13 @@ async function share(options) {
   }
   const cols = options.cols ?? process.stdout.columns ?? 80;
   const rows = options.rows ?? process.stdout.rows ?? 24;
-  const rawKey = options.keyBase64Url ? fromBase64Url(options.keyBase64Url) : await generateKey();
-  const cryptoKey = await importKey(rawKey);
-  const keyFragment = options.keyBase64Url ?? toBase64Url(rawKey);
+  const legacyKey = options.keyBase64Url;
+  const readKeyRaw = options.readKeyBase64Url ? fromBase64Url(options.readKeyBase64Url) : legacyKey ? fromBase64Url(legacyKey) : await generateKey();
+  const writeKeyRaw = options.writeKeyBase64Url ? fromBase64Url(options.writeKeyBase64Url) : legacyKey ? fromBase64Url(legacyKey) : await generateKey();
+  const readKey = await importKey(readKeyRaw);
+  const writeKey = await importKey(writeKeyRaw);
+  const readKeyFragment = options.readKeyBase64Url ?? legacyKey ?? toBase64Url(readKeyRaw);
+  const writeKeyFragment = options.writeKeyBase64Url ?? legacyKey ?? toBase64Url(writeKeyRaw);
   const pty = attachSession(targetSession, cols, rows);
   if (!options.background) {
     console.log("");
@@ -276,8 +280,10 @@ async function share(options) {
   }
   const bridge = new RelayBridge(
     relayTarget,
-    cryptoKey,
-    keyFragment,
+    readKey,
+    writeKey,
+    readKeyFragment,
+    writeKeyFragment,
     pty,
     options.background,
     options.showReadonlyLink,
@@ -360,24 +366,22 @@ async function createSession(relayHttpBase) {
     throw new Error(`Failed to create session: ${res.status} ${res.statusText}`);
   }
   const data = await res.json();
-  if (typeof data.sessionId !== "string" || typeof data.viewerAccessToken !== "string" || typeof data.readonlyAccessToken !== "string") {
+  if (typeof data.sessionId !== "string") {
     throw new Error("Invalid session creation response");
   }
-  return {
-    sessionId: data.sessionId,
-    viewerAccessToken: data.viewerAccessToken,
-    readonlyAccessToken: data.readonlyAccessToken
-  };
+  return data.sessionId;
 }
 var WS_CONNECT_TIMEOUT_MS = 1e4;
 function typeAAD(type) {
   return new Uint8Array([type & 255]);
 }
 var RelayBridge = class {
-  constructor(relayTarget, key, keyFragment, pty, silent = false, showReadonlyLink = false, sessionId) {
+  constructor(relayTarget, readKey, writeKey, readKeyFragment, writeKeyFragment, pty, silent = false, showReadonlyLink = false, sessionId) {
     this.relayTarget = relayTarget;
-    this.key = key;
-    this.keyFragment = keyFragment;
+    this.readKey = readKey;
+    this.writeKey = writeKey;
+    this.readKeyFragment = readKeyFragment;
+    this.writeKeyFragment = writeKeyFragment;
     this.pty = pty;
     this.silent = silent;
     this.showReadonlyLink = showReadonlyLink;
@@ -396,8 +400,6 @@ var RelayBridge = class {
   encoder = new TextEncoder();
   decoder = new TextDecoder();
   sessionId = null;
-  viewerAccessToken = null;
-  readonlyAccessToken = null;
   onUrl = null;
   invalidResizeFrames = 0;
   invalidInputFrames = 0;
@@ -413,24 +415,16 @@ var RelayBridge = class {
     }
     if (!this.sessionId) {
       try {
-        const created = await createSession(this.relayTarget.httpBase);
-        this.sessionId = created.sessionId;
-        this.viewerAccessToken = created.viewerAccessToken;
-        this.readonlyAccessToken = created.readonlyAccessToken;
+        this.sessionId = await createSession(this.relayTarget.httpBase);
       } catch {
         if (!this.silent) console.error("  \x1B[31mRelay unreachable, retrying...\x1B[0m");
         this.scheduleReconnect();
         return;
       }
       const shareUrl = new URL(`s/${this.sessionId}`, this.relayTarget.httpBase);
-      if (!this.viewerAccessToken || !this.readonlyAccessToken) {
-        throw new Error("missing access tokens");
-      }
-      shareUrl.searchParams.set("token", this.viewerAccessToken);
-      const interactiveUrl = `${shareUrl.toString()}#${this.keyFragment}`;
+      const interactiveUrl = `${shareUrl.toString()}#r=${encodeURIComponent(this.readKeyFragment)}&w=${encodeURIComponent(this.writeKeyFragment)}`;
       const readonlyShareUrl = new URL(`${shareUrl.pathname.replace(/\/$/, "")}/v`, shareUrl);
-      readonlyShareUrl.searchParams.set("token", this.readonlyAccessToken);
-      const readonlyUrl = `${readonlyShareUrl.toString()}#${this.keyFragment}`;
+      const readonlyUrl = `${readonlyShareUrl.toString()}#r=${encodeURIComponent(this.readKeyFragment)}`;
       if (!this.silent) {
         await printShareLinkWithQr("interactive", interactiveUrl);
         if (this.showReadonlyLink) {
@@ -474,7 +468,7 @@ var RelayBridge = class {
         const data = new Uint8Array(raw);
         const frame = parseFrame(data);
         if (frame.type === MSG_TERMINAL_INPUT) {
-          const plaintext = await decrypt(this.key, frame.iv, frame.ciphertext, typeAAD(frame.type));
+          const plaintext = await decrypt(this.writeKey, frame.iv, frame.ciphertext, typeAAD(frame.type));
           const input = parseInputPayload(this.decoder.decode(plaintext));
           if (!input || this.isReplayNonce(input.nonce)) {
             this.invalidInputFrames += 1;
@@ -487,7 +481,7 @@ var RelayBridge = class {
           this.rememberInputNonce(input.nonce);
           this.pty.write(input.data);
         } else if (frame.type === MSG_RESIZE) {
-          const plaintext = await decrypt(this.key, frame.iv, frame.ciphertext, typeAAD(frame.type));
+          const plaintext = await decrypt(this.writeKey, frame.iv, frame.ciphertext, typeAAD(frame.type));
           const resize = parseResizePayload(this.decoder.decode(plaintext));
           if (!resize) {
             this.invalidResizeFrames += 1;
@@ -546,7 +540,8 @@ var RelayBridge = class {
   async sendEncrypted(type, plaintext) {
     if (!this.ws || this.ws.readyState !== WebSocket.OPEN) return;
     try {
-      const { iv, ciphertext } = await encrypt(this.key, plaintext, typeAAD(type));
+      const key = type === MSG_TERMINAL_OUTPUT ? this.readKey : this.writeKey;
+      const { iv, ciphertext } = await encrypt(key, plaintext, typeAAD(type));
       const frame = frameMessage(type, iv, ciphertext);
       this.ws.send(frame);
     } catch (err) {
@@ -714,6 +709,10 @@ if (args.includes("--__daemon")) {
       options.showReadonlyLink = true;
     } else if (args[i] === "--__session-id" && args[i + 1]) {
       options.sessionId = args[++i];
+    } else if (args[i] === "--__read-key" && args[i + 1]) {
+      options.readKeyBase64Url = args[++i];
+    } else if (args[i] === "--__write-key" && args[i + 1]) {
+      options.writeKeyBase64Url = args[++i];
     } else if (args[i] === "--__key" && args[i + 1]) {
       options.keyBase64Url = args[++i];
     }
@@ -819,7 +818,8 @@ async function main() {
         relay,
         allowInsecureRelay,
         sessionId: parsed.sessionId,
-        keyBase64Url: parsed.keyBase64Url
+        readKeyBase64Url: parsed.readKeyBase64Url,
+        writeKeyBase64Url: parsed.writeKeyBase64Url
       });
       console.error("");
       console.error(`  \x1B[1m\x1B[32mfied\x1B[0m \u2014 moved to background (PID ${child.pid})`);
@@ -839,8 +839,10 @@ function spawnBackground(options) {
     options.session,
     "--__session-id",
     options.sessionId,
-    "--__key",
-    options.keyBase64Url
+    "--__read-key",
+    options.readKeyBase64Url,
+    "--__write-key",
+    options.writeKeyBase64Url
   ];
   if (options.relay) childArgs.push("--relay", options.relay);
   if (options.allowInsecureRelay) childArgs.push("--allow-insecure-relay");
@@ -857,9 +859,26 @@ function parseShareUrl(url) {
   if (!match || !parsed.hash) {
     throw new Error("Invalid share URL");
   }
+  const hashRaw = parsed.hash.slice(1);
+  let readKeyBase64Url = "";
+  let writeKeyBase64Url = "";
+  if (hashRaw.includes("=") || hashRaw.includes("&")) {
+    const params = new URLSearchParams(hashRaw);
+    const read = params.get("r");
+    const write = params.get("w");
+    if (read && write) {
+      readKeyBase64Url = read;
+      writeKeyBase64Url = write;
+    }
+  }
+  if (!readKeyBase64Url || !writeKeyBase64Url) {
+    readKeyBase64Url = hashRaw;
+    writeKeyBase64Url = hashRaw;
+  }
   return {
     sessionId: match[1],
-    keyBase64Url: parsed.hash.slice(1)
+    readKeyBase64Url,
+    writeKeyBase64Url
   };
 }
 function timeSince(date) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "fied",
-  "version": "0.2.8",
+  "version": "0.2.9",
   "description": "Share your tmux session in the browser with end-to-end encryption",
   "type": "module",
   "bin": "dist/bin.js",