remotosh 1.0.2 → 1.2.0

package/bin/remoto.js

@@ -1,227 +1,365 @@
 #!/usr/bin/env node
 
 import os from 'os';
+import fs from 'fs';
+import path from 'path';
 import pty from 'node-pty';
 import qrcode from 'qrcode-terminal';
 import WebSocket from 'ws';
 import chalk from 'chalk';
+import { randomBytes } from 'crypto';
 
 // Configuration
 const WS_SERVER_URL = process.env.REMOTO_WS_URL || 'wss://remoto-ws.fly.dev';
 const WEB_APP_URL = process.env.REMOTO_WEB_URL || 'https://remoto.sh';
-const API_KEY = process.env.REMOTO_API_KEY;
+const CONFIG_DIR = path.join(os.homedir(), '.remoto');
+const CONFIG_FILE = path.join(CONFIG_DIR, 'config.json');
+
+// Sensitive environment variable patterns to filter out
+const SENSITIVE_ENV_PATTERNS = [
+  /^AWS_/i, /^AZURE_/i, /^GCP_/i, /^GOOGLE_/i,
+  /^GITHUB_TOKEN$/i, /^GH_TOKEN$/i, /^GITLAB_/i,
+  /^NPM_TOKEN$/i, /^DOCKER_/i, /^KUBERNETES_/i, /^K8S_/i,
+  /SECRET/i, /PASSWORD/i, /PRIVATE_KEY/i, /API_KEY/i,
+  /AUTH_TOKEN/i, /ACCESS_TOKEN/i, /REFRESH_TOKEN/i,
+  /DATABASE_URL/i, /DB_PASSWORD/i, /POSTGRES_/i, /MYSQL_/i, /MONGO_/i, /REDIS_/i,
+  /STRIPE_/i, /TWILIO_/i, /SENDGRID_/i, /MAILGUN_/i,
+  /SUPABASE_/i, /FIREBASE_/i, /OPENAI_/i, /ANTHROPIC_/i, /SLACK_/i, /DISCORD_/i,
+];
+
+// Create sanitized environment for PTY
+function getSanitizedEnv() {
+  const env = { ...process.env };
+  for (const key of Object.keys(env)) {
+    if (SENSITIVE_ENV_PATTERNS.some(pattern => pattern.test(key))) {
+      delete env[key];
+    }
+  }
+  return env;
+}
 
-// Detect shell
-const shell = process.env.SHELL || (os.platform() === 'win32' ? 'powershell.exe' : 'zsh');
+// Load saved config
+function loadConfig() {
+  try {
+    if (fs.existsSync(CONFIG_FILE)) {
+      return JSON.parse(fs.readFileSync(CONFIG_FILE, 'utf8'));
+    }
+  } catch (e) {
+    // Ignore errors
+  }
+  return {};
+}
 
-// Terminal dimensions
-let cols = process.stdout.columns || 80;
-let rows = process.stdout.rows || 24;
+// Save config
+function saveConfig(config) {
+  try {
+    if (!fs.existsSync(CONFIG_DIR)) {
+      fs.mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });
+    }
+    fs.writeFileSync(CONFIG_FILE, JSON.stringify(config, null, 2), { mode: 0o600 });
+  } catch (e) {
+    // Ignore errors
+  }
+}
 
-console.clear();
-console.log(chalk.bold.white('\n  remoto'));
-console.log(chalk.dim('  control your terminal from your phone\n'));
-console.log(chalk.dim('  connecting...'));
-
-// Connect to WebSocket server (API key is optional)
-const wsUrl = API_KEY
-  ? `${WS_SERVER_URL}/cli/?apiKey=${encodeURIComponent(API_KEY)}`
-  : `${WS_SERVER_URL}/cli/`;
-const ws = new WebSocket(wsUrl);
-
-let ptyProcess = null;
-let sessionId = null;
-let sessionToken = null;
-let isAnonymous = true;
-let outputBuffer = '';
-let flushTimeout = null;
-
-ws.on('open', () => {
-  // Connection established, wait for session_created message
-});
+// Open URL in browser
+async function openBrowser(url) {
+  const { exec } = await import('child_process');
+  const platform = os.platform();
+
+  let command;
+  if (platform === 'darwin') {
+    command = `open "${url}"`;
+  } else if (platform === 'win32') {
+    command = `start "" "${url}"`;
+  } else {
+    command = `xdg-open "${url}"`;
+  }
 
-ws.on('message', (data) => {
-  const raw = data.toString();
-  console.log(chalk.dim(`  [debug] received: ${raw.substring(0, 100)}`));
-  try {
-    const message = JSON.parse(raw);
-    handleServerMessage(message);
-  } catch (err) {
-    console.error(chalk.red(`  invalid message from server: ${err.message}`));
-    console.error(chalk.red(`  raw data: ${raw.substring(0, 50)}`));
+  exec(command, (err) => {
+    if (err) {
+      console.log(chalk.dim(`  couldn't open browser automatically`));
+      console.log(chalk.dim(`  open this URL manually: ${url}`));
+    }
+  });
+}
+
+// Poll for auth completion
+async function pollForAuth(deviceCode) {
+  const pollUrl = `${WEB_APP_URL}/api/cli-auth/poll?code=${deviceCode}`;
+
+  for (let i = 0; i < 60; i++) { // Poll for 5 minutes max
+    await new Promise(r => setTimeout(r, 5000)); // Wait 5 seconds
+
+    try {
+      const response = await fetch(pollUrl);
+      const data = await response.json();
+
+      if (data.status === 'authorized' && data.token) {
+        return data.token;
+      } else if (data.status === 'expired') {
+        return null;
+      }
+      // status === 'pending' - keep polling
+    } catch (e) {
+      // Network error, keep trying
+    }
   }
-});
 
-ws.on('close', (code, reason) => {
-  console.log(chalk.dim(`\n  disconnected (${code})`));
-  cleanup();
-});
+  return null;
+}
 
-ws.on('error', (err) => {
-  console.error(chalk.red(`\n  connection error: ${err.message}`));
-  if (err.message.includes('ECONNREFUSED')) {
-    console.log(chalk.dim('\n  make sure you have internet access'));
+// Main auth flow
+async function authenticate() {
+  const config = loadConfig();
+
+  // Check if we have a saved token
+  if (config.token) {
+    return config.token;
   }
-  process.exit(1);
-});
 
-function handleServerMessage(message) {
-  switch (message.type) {
-    case 'session_created':
-      sessionId = message.sessionId;
-      sessionToken = message.sessionToken;
-      isAnonymous = message.isAnonymous;
-      showQRCode();
-      startPTY();
-      break;
-
-    case 'phone_connected':
-      console.log(chalk.green(`\n  phone connected`));
-      if (message.phoneCount > 1) {
-        console.log(chalk.dim(`  ${message.phoneCount} devices connected`));
-      }
-      console.log('');
-      break;
-
-    case 'phone_disconnected':
-      if (message.phoneCount > 0) {
-        console.log(chalk.yellow(`\n  phone disconnected (${message.phoneCount} remaining)\n`));
-      } else {
-        console.log(chalk.yellow(`\n  phone disconnected\n`));
-      }
-      break;
+  // No token - need to authenticate via browser
+  console.log(chalk.yellow('  login required\n'));
 
-    case 'input':
-      // Input from phone
-      console.log(chalk.dim(`  [debug] input handler, ptyProcess exists: ${!!ptyProcess}`));
-      if (ptyProcess) {
-        console.log(chalk.dim(`  [debug] writing to pty: "${message.data}"`));
-        ptyProcess.write(message.data);
-      } else {
-        console.log(chalk.red('  [debug] ptyProcess is null!'));
-      }
-      break;
+  // Generate device code
+  const deviceCode = randomBytes(16).toString('hex');
+  const authUrl = `${WEB_APP_URL}/cli-auth?code=${deviceCode}`;
 
-    case 'resize':
-      // Resize from phone
-      if (ptyProcess && message.cols && message.rows) {
-        ptyProcess.resize(message.cols, message.rows);
-      }
-      break;
+  console.log(chalk.white('  opening browser to login...\n'));
+
+  await openBrowser(authUrl);
 
-    default:
-      // Ignore unknown messages
+  console.log(chalk.dim(`  if browser didn't open, go to:`));
+  console.log(chalk.cyan(`  ${authUrl}\n`));
+  console.log(chalk.dim('  waiting for login...'));
+
+  const token = await pollForAuth(deviceCode);
+
+  if (!token) {
+    console.log(chalk.red('\n  login timed out or was cancelled'));
+    console.log(chalk.dim('  run `npx remotosh` to try again\n'));
+    process.exit(1);
   }
+
+  // Save token
+  saveConfig({ token });
+  console.log(chalk.green('\n  logged in successfully!\n'));
+
+  return token;
 }
 
-function showQRCode() {
-  const connectionUrl = `${WEB_APP_URL}/session/${sessionId}?token=${sessionToken}`;
+// Detect shell
+const shell = process.env.SHELL || (os.platform() === 'win32' ? 'powershell.exe' : 'zsh');
 
+// Terminal dimensions
+let cols = process.stdout.columns || 80;
+let rows = process.stdout.rows || 24;
+
+// Main
+async function main() {
   console.clear();
   console.log(chalk.bold.white('\n  remoto'));
   console.log(chalk.dim('  control your terminal from your phone\n'));
 
-  qrcode.generate(connectionUrl, { small: true }, (qr) => {
-    // Indent the QR code
-    const indentedQr = qr.split('\n').map(line => '  ' + line).join('\n');
-    console.log(indentedQr);
-    console.log(chalk.dim(`\n  ${connectionUrl}\n`));
-    console.log(chalk.dim('  scan the qr code or open the link on your phone'));
-    console.log(chalk.dim('  waiting for connection...\n'));
-    console.log(chalk.dim('─'.repeat(Math.min(cols, 60))));
-  });
-}
-
-function startPTY() {
-  // Initialize PTY
-  console.log(chalk.dim(`  [debug] spawning shell: ${shell}`));
-  try {
-    ptyProcess = pty.spawn(shell, [], {
-      name: 'xterm-256color',
-      cols,
-      rows,
-      cwd: process.cwd(),
-      env: process.env,
-    });
-    console.log(chalk.dim(`  [debug] pty spawned successfully, pid: ${ptyProcess.pid}`));
-  } catch (err) {
-    console.error(chalk.red(`  [debug] pty spawn failed: ${err.message}`));
-    return;
+  // Handle logout command
+  if (process.argv[2] === 'logout') {
+    saveConfig({});
+    console.log(chalk.green('  logged out successfully\n'));
+    process.exit(0);
   }
 
-  // Handle PTY output
-  ptyProcess.onData((data) => {
-    // Write to local terminal
-    process.stdout.write(data);
-
-    // Buffer and send to server
-    outputBuffer += data;
-
-    if (flushTimeout) clearTimeout(flushTimeout);
-    flushTimeout = setTimeout(() => {
-      if (outputBuffer && ws.readyState === WebSocket.OPEN) {
-        // Chunk large outputs
-        const chunks = chunkString(outputBuffer, 16000);
-        for (const chunk of chunks) {
-          ws.send(JSON.stringify({ type: 'output', data: chunk }));
-        }
-        outputBuffer = '';
-      }
-    }, 30);
-  });
+  // Authenticate
+  const token = await authenticate();
 
-  // Handle PTY exit
-  ptyProcess.onExit(({ exitCode }) => {
-    console.log(chalk.dim(`\n  session ended`));
+  console.log(chalk.dim('  connecting...'));
 
-    // Show account nudge for anonymous users
-    if (isAnonymous) {
-      console.log(chalk.dim('\n  ─────────────────────────────────────────'));
-      console.log(chalk.white('\n  create an account to save session history'));
-      console.log(chalk.dim(`  ${WEB_APP_URL}/signup\n`));
-    }
+  // Connect to WebSocket server
+  const wsUrl = `${WS_SERVER_URL}/cli/?token=${encodeURIComponent(token)}`;
+  const ws = new WebSocket(wsUrl);
 
-    if (ws.readyState === WebSocket.OPEN) {
-      ws.send(JSON.stringify({ type: 'exit', code: exitCode }));
-      ws.close();
+  let ptyProcess = null;
+  let sessionId = null;
+  let sessionToken = null;
+  let maxDuration = null;
+  let outputBuffer = '';
+  let flushTimeout = null;
+
+  ws.on('open', () => {
+    // Connection established, wait for session_created message
+  });
+
+  ws.on('message', (data) => {
+    try {
+      const message = JSON.parse(data.toString());
+      handleServerMessage(message);
+    } catch (err) {
+      // Ignore invalid messages
     }
-    process.exit(exitCode);
   });
 
-  // Handle local terminal resize
-  process.stdout.on('resize', () => {
-    cols = process.stdout.columns;
-    rows = process.stdout.rows;
-    if (ptyProcess) {
-      ptyProcess.resize(cols, rows);
+  ws.on('close', (code, reason) => {
+    const reasonStr = reason?.toString() || '';
+
+    if (code === 4001 || code === 4002) {
+      // Invalid/expired token - clear it and re-auth
+      saveConfig({});
+      console.log(chalk.yellow('\n  session expired, please login again'));
+      console.log(chalk.dim('  run `npx remotosh` to login\n'));
+    } else if (code === 4004) {
+      console.log(chalk.yellow('\n  session limit reached'));
+      console.log(chalk.dim('  free plan allows 2 concurrent sessions'));
+      console.log(chalk.dim('  close an existing session and try again\n'));
+    } else if (reasonStr.includes('expired')) {
+      console.log(chalk.yellow('\n  session expired (1 hour limit)'));
+      console.log(chalk.dim('  run `npx remotosh` to start a new session\n'));
+    } else {
+      console.log(chalk.dim(`\n  disconnected\n`));
     }
+    cleanup();
   });
 
-  // Handle local input
-  process.stdin.setRawMode(true);
-  process.stdin.resume();
-  process.stdin.on('data', (data) => {
-    if (ptyProcess) {
-      ptyProcess.write(data.toString());
+  ws.on('error', (err) => {
+    console.error(chalk.red(`\n  connection error: ${err.message}`));
+    if (err.message.includes('ECONNREFUSED')) {
+      console.log(chalk.dim('\n  make sure you have internet access'));
     }
+    process.exit(1);
   });
-}
 
-function cleanup() {
-  if (ptyProcess) {
-    ptyProcess.kill();
+  function handleServerMessage(message) {
+    switch (message.type) {
+      case 'session_created':
+        sessionId = message.sessionId;
+        sessionToken = message.sessionToken;
+        maxDuration = message.maxDuration;
+        showQRCode();
+        startPTY();
+        break;
+
+      case 'phone_connected':
+        console.log(chalk.green(`\n  phone connected`));
+        if (message.phoneCount > 1) {
+          console.log(chalk.dim(`  ${message.phoneCount} devices connected`));
+        }
+        console.log('');
+        break;
+
+      case 'phone_disconnected':
+        if (message.phoneCount > 0) {
+          console.log(chalk.yellow(`\n  phone disconnected (${message.phoneCount} remaining)\n`));
+        } else {
+          console.log(chalk.yellow(`\n  phone disconnected\n`));
+        }
+        break;
+
+      case 'session_expiring':
+        console.log(chalk.yellow(`\n  session expiring in ${message.minutesRemaining} minutes\n`));
+        break;
+
+      case 'input':
+        if (ptyProcess) {
+          ptyProcess.write(message.data);
+        }
+        break;
+
+      case 'resize':
+        if (ptyProcess && message.cols && message.rows) {
+          ptyProcess.resize(message.cols, message.rows);
+        }
+        break;
+    }
   }
-  if (ws.readyState === WebSocket.OPEN) {
-    ws.close();
+
+  function showQRCode() {
+    const connectionUrl = `${WEB_APP_URL}/session/${sessionId}?token=${sessionToken}`;
+    const durationMinutes = maxDuration ? Math.floor(maxDuration / 60000) : 60;
+
+    console.clear();
+    console.log(chalk.bold.white('\n  remoto'));
+    console.log(chalk.dim('  control your terminal from your phone\n'));
+
+    qrcode.generate(connectionUrl, { small: true }, (qr) => {
+      const indentedQr = qr.split('\n').map(line => '  ' + line).join('\n');
+      console.log(indentedQr);
+      console.log(chalk.dim(`\n  ${connectionUrl}\n`));
+      console.log(chalk.dim('  scan the qr code or open the link on your phone'));
+      console.log(chalk.dim(`  session expires in ${durationMinutes} minutes`));
+      console.log(chalk.dim('  waiting for connection...\n'));
+      console.log(chalk.dim('─'.repeat(Math.min(cols, 60))));
+    });
   }
-  process.exit();
-}
 
-// Cleanup on exit
-process.on('SIGINT', cleanup);
-process.on('SIGTERM', cleanup);
+  function startPTY() {
+    try {
+      const sanitizedEnv = getSanitizedEnv();
+      ptyProcess = pty.spawn(shell, [], {
+        name: 'xterm-256color',
+        cols,
+        rows,
+        cwd: process.cwd(),
+        env: sanitizedEnv,
+      });
+    } catch (err) {
+      console.error(chalk.red(`  failed to start shell: ${err.message}`));
+      return;
+    }
+
+    ptyProcess.onData((data) => {
+      process.stdout.write(data);
+      outputBuffer += data;
+
+      if (flushTimeout) clearTimeout(flushTimeout);
+      flushTimeout = setTimeout(() => {
+        if (outputBuffer && ws.readyState === WebSocket.OPEN) {
+          const chunks = chunkString(outputBuffer, 16000);
+          for (const chunk of chunks) {
+            ws.send(JSON.stringify({ type: 'output', data: chunk }));
+          }
+          outputBuffer = '';
+        }
+      }, 30);
+    });
+
+    ptyProcess.onExit(({ exitCode }) => {
+      console.log(chalk.dim(`\n  session ended`));
+      if (ws.readyState === WebSocket.OPEN) {
+        ws.send(JSON.stringify({ type: 'exit', code: exitCode }));
+        ws.close();
+      }
+      process.exit(exitCode);
+    });
+
+    process.stdout.on('resize', () => {
+      cols = process.stdout.columns;
+      rows = process.stdout.rows;
+      if (ptyProcess) {
+        ptyProcess.resize(cols, rows);
+      }
+    });
+
+    process.stdin.setRawMode(true);
+    process.stdin.resume();
+    process.stdin.on('data', (data) => {
+      if (ptyProcess) {
+        ptyProcess.write(data.toString());
+      }
+    });
+  }
+
+  function cleanup() {
+    if (ptyProcess) {
+      ptyProcess.kill();
+    }
+    if (ws.readyState === WebSocket.OPEN) {
+      ws.close();
+    }
+    process.exit();
+  }
+
+  process.on('SIGINT', cleanup);
+  process.on('SIGTERM', cleanup);
+}
 
-// Helper to chunk strings
 function chunkString(str, size) {
   const chunks = [];
   for (let i = 0; i < str.length; i += size) {
@@ -229,3 +367,8 @@ function chunkString(str, size) {
   }
   return chunks.length ? chunks : [''];
 }
+
+main().catch(err => {
+  console.error(chalk.red(`  error: ${err.message}`));
+  process.exit(1);
+});

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "remotosh",
-  "version": "1.0.2",
+  "version": "1.2.0",
   "description": "Control your terminal from your phone",
   "type": "module",
   "bin": {