sesame-kit 0.4.0

package/src/serve/framing/ndjson.js

@@ -0,0 +1,75 @@
+// 改行区切り JSON (NDJSON) の Connection ヘルパ。
+// stdio (2 ストリーム) と Unix socket (1 duplex) が共有する。
+//
+// - 手動行分割 (readline は 1 行を無制限にバッファでき OOM DoS。ここは maxLine で上限)。
+// - StringDecoder でチャンク跨ぎのマルチバイト UTF-8 を正しく復元。
+// - 書き込みは背圧 (write/drain) を尊重。出力キューが maxQueue を超えた遅い接続は
+//   **その接続だけ** 切る (通知は lossy。デーモン全体は止めない)。
+
+import { StringDecoder } from "node:string_decoder";
+
+let _idSeq = 0;
+
+/**
+ * @param {import("node:stream").Readable} readable
+ * @param {import("node:stream").Writable} writable
+ * @param {{ onLine:(conn:object, raw:string)=>void, onClose?:()=>void,
+ *           maxQueue?:number, maxLine?:number, closeWritable?:boolean }} opts
+ * @returns {{ id:string, send:(obj:object)=>void, close:()=>void }}
+ */
+export function makeLineConnection(readable, writable, opts) {
+  const { onLine, onClose, maxQueue = 1000, maxLine = 1_000_000, closeWritable = false } = opts;
+  let closed = false;
+  let draining = false;
+  const queue = [];
+  const decoder = new StringDecoder("utf8");
+  let inbuf = "";
+
+  const conn = {
+    id: `c${++_idSeq}`,
+    send(obj) {
+      if (closed) return;
+      const line = JSON.stringify(obj) + "\n";
+      if (draining) {
+        queue.push(line);
+        if (queue.length > maxQueue) conn.close(); // 追いつけない購読者を切る
+        return;
+      }
+      if (!writable.write(line)) draining = true;
+    },
+    close() {
+      if (closed) return;
+      closed = true;
+      readable.off("data", onData);
+      if (closeWritable) { try { writable.end(); } catch { /* ignore */ } }
+      if (onClose) onClose();
+    },
+  };
+
+  function onData(chunk) {
+    if (closed) return;
+    inbuf += decoder.write(chunk);
+    let nl;
+    while ((nl = inbuf.indexOf("\n")) >= 0) {
+      const line = inbuf.slice(0, nl);
+      inbuf = inbuf.slice(nl + 1);
+      if (line.trim()) onLine(conn, line);
+    }
+    // 改行が来ないまま 1 行が上限超過 → DoS とみなし切断。
+    if (inbuf.length > maxLine) conn.close();
+  }
+
+  writable.on("drain", () => {
+    draining = false;
+    while (queue.length && !draining) {
+      if (!writable.write(queue.shift())) draining = true;
+    }
+  });
+  writable.on("error", () => conn.close());
+
+  readable.on("data", onData);
+  readable.on("end", () => conn.close());
+  readable.on("error", () => conn.close());
+
+  return conn;
+}

package/src/serve/framing/socket.js

@@ -0,0 +1,73 @@
+// Unix domain socket フレーミング: ローカル常駐・多クライアント。NDJSON JSON-RPC。
+// POSIX 専用 (mode 0600。Windows の named pipe は非対象)。
+//
+// 安全性:
+//   - listen 前に生存確認 → 別デーモンが生きていれば拒否、stale なら unlink (無条件 unlink しない)。
+//   - net.listen は mode を尊重しない (umask 任せ) → umask(0o177) で囲んで 0600 生成。
+//   - ソケットは configPaths.dir (0700) 配下に置き、ディレクトリでも二重に守る。
+
+import net from "node:net";
+import { existsSync, unlinkSync } from "node:fs";
+import { makeLineConnection } from "./ndjson.js";
+
+/** 既存ソケットが生きてれば throw、stale なら unlink して継続。 */
+export function ensureFreeSocket(socketPath) {
+  return new Promise((resolve, reject) => {
+    if (!existsSync(socketPath)) return resolve();
+    const probe = net.connect(socketPath);
+    probe.once("connect", () => {
+      probe.destroy();
+      reject(new Error(`already running (live socket at ${socketPath})`));
+    });
+    probe.once("error", () => {
+      probe.destroy();
+      try { unlinkSync(socketPath); } catch { /* ignore */ }
+      resolve();
+    });
+  });
+}
+
+/**
+ * @param {import("../daemon.js").Daemon} daemon
+ * @param {{ socketPath:string }} opts
+ * @returns {Promise<{ path:string, stop:()=>Promise<void> }>}
+ */
+export async function startSocketFraming(daemon, { socketPath }) {
+  await ensureFreeSocket(socketPath);
+
+  const socks = new Set(); // shutdown 時に能動 destroy するため接続中 socket を追跡
+  const server = net.createServer((sock) => {
+    socks.add(sock);
+    sock.on("close", () => socks.delete(sock));
+    let conn;
+    conn = makeLineConnection(sock, sock, {
+      onLine: (c, raw) => daemon.handleLine(c, raw),
+      onClose: () => daemon.removeConnection(conn),
+      closeWritable: true,
+    });
+    daemon.addConnection(conn);
+    sock.on("error", () => conn.close());
+    sock.on("close", () => conn.close());
+  });
+
+  // 0600 で生成するため listen を umask で囲む (callback で必ず復元)。
+  const oldUmask = process.umask(0o177);
+  try {
+    await new Promise((resolve, reject) => {
+      server.once("error", reject);
+      server.listen(socketPath, () => resolve());
+    });
+  } finally {
+    process.umask(oldUmask);
+  }
+
+  return {
+    path: socketPath,
+    // 接続中の購読者がいても即終了するため socket を能動 destroy してから close
+    // (これをしないと server.close は全接続が自発切断するまで callback を発火せずハングする)。
+    stop: () => new Promise((resolve) => {
+      for (const s of socks) { try { s.destroy(); } catch { /* ignore */ } }
+      server.close(() => resolve());
+    }),
+  };
+}

package/src/serve/framing/stdio.js

@@ -0,0 +1,28 @@
+// stdio フレーミング: stdin/stdout で NDJSON JSON-RPC。埋め込み (親が子プロセスとして spawn) 用。
+// 単一 Connection。stdin EOF (親が死んだ) で graceful shutdown を起こす。
+
+import { makeLineConnection } from "./ndjson.js";
+import { makeEvent } from "../jsonrpc.js";
+
+/**
+ * @param {import("../daemon.js").Daemon} daemon
+ * @param {{ onShutdown?:()=>void }} [opts]
+ * @returns {{ stop:()=>void }}
+ */
+export function startStdioFraming(daemon, { onShutdown } = {}) {
+  let conn;
+  conn = makeLineConnection(process.stdin, process.stdout, {
+    onLine: (c, raw) => daemon.handleLine(c, raw),
+    onClose: () => {
+      daemon.removeConnection(conn);
+      if (onShutdown) onShutdown(); // stdin EOF = 親終了 → デーモンも畳む
+    },
+    // stdout はプロセス共有なので閉じない (closeWritable=false)
+  });
+  daemon.addConnection(conn);
+  // 準備完了を **stdout の通常チャネル** で通知する (event.ready)。stderr を読む非通念な
+  // 儀式を不要にする。早期に書かれた入力は OS パイプが buffer するので待たなくても良いが、
+  // 待ちたいクライアントはこの 1 本を見れば良い (全言語が既に demux するチャネル)。
+  conn.send(makeEvent("ready", {}));
+  return { stop() { conn.close(); } };
+}

package/src/serve/framing/token.js

@@ -0,0 +1,36 @@
+// ネットワーク系フレーミング (HTTP/WS/gRPC) 共通の loopback token 認証。
+// 同一ユーザの UDS と違い TCP は他プロセス/ブラウザからも届くので、起動時に生成した
+// 秘密 token を要求する (CSRF/他ユーザ対策)。比較は定数時間。
+import { randomBytes, timingSafeEqual } from "node:crypto";
+
+/** 32byte hex のランダム token。 */
+export function generateToken() {
+  return randomBytes(32).toString("hex");
+}
+
+/** 定数時間比較。長さ不一致は false。 */
+export function tokenMatches(provided, expected) {
+  if (typeof provided !== "string" || typeof expected !== "string") return false;
+  if (provided.length !== expected.length) return false;
+  try {
+    return timingSafeEqual(Buffer.from(provided), Buffer.from(expected));
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * HTTP リクエストから token を取り出す。**通常は `Authorization: Bearer` ヘッダ**を使うこと。
+ * `?token=` クエリは **ブラウザ専用のフォールバック** (EventSource/WebSocket がヘッダを送れないため)。
+ * クエリに載せると proxy ログ/履歴に残るので、ヘッダを送れるクライアントは必ずヘッダを使う。
+ */
+export function extractToken(req) {
+  const auth = req.headers?.authorization || "";
+  const m = /^Bearer\s+(.+)$/i.exec(auth);
+  if (m) return m[1];
+  try {
+    return new URL(req.url, "http://localhost").searchParams.get("token") || "";
+  } catch {
+    return "";
+  }
+}

package/src/serve/framing/ws.js

@@ -0,0 +1,56 @@
+// WebSocket フレーミング: 全二重。ブラウザ/全言語から JSON-RPC を双方向で。
+// 1 接続 = 持続 Connection。events.subscribe で event 通知がそのまま流れる。
+// 接続時に loopback token (?token= / Authorization: Bearer) を要求。
+
+import { WebSocketServer } from "ws";
+import { tokenMatches, extractToken } from "./token.js";
+
+const MAX_BUFFERED = 4 * 1024 * 1024; // 4MB を超えて溜まった遅い購読者は切る (背圧)
+
+/**
+ * @param {import("../daemon.js").Daemon} daemon
+ * @param {{ bind?:string, port:number, token:string }} opts
+ * @returns {Promise<{ stop:()=>Promise<void> }>}
+ */
+export async function startWsFraming(daemon, { bind = "127.0.0.1", port, token }) {
+  // 握手前 (HTTP upgrade) に token を検証し、失敗は 101 を返さず 401 で弾く。
+  // これで未認証クライアントの open は発火せず error になる (close 1008 は握手後で open に先を越され
+  // クライアントが認証失敗を取りこぼすため、ここで止めるのが正しい)。
+  const verifyClient = (info) => tokenMatches(extractToken(info.req), token);
+  const wss = new WebSocketServer({ host: bind, port, verifyClient });
+
+  wss.on("connection", (ws, req) => {
+    // verifyClient で認証済みだが、防御的に再確認 (verifyClient 無効化時の保険)。
+    if (!tokenMatches(extractToken(req), token)) {
+      try { ws.close(1008, "unauthorized"); } catch { /* ignore */ }
+      return;
+    }
+    const conn = {
+      id: "ws",
+      send: (obj) => {
+        if (ws.bufferedAmount > MAX_BUFFERED) { conn.close(); return; } // 追いつけない購読者を切る
+        try { ws.send(JSON.stringify(obj)); } catch { /* closed */ }
+      },
+      close: () => { try { ws.close(); } catch { /* ignore */ } },
+    };
+    daemon.addConnection(conn);
+    ws.on("message", (data) => daemon.handleLine(conn, data.toString()));
+    ws.on("close", () => daemon.removeConnection(conn));
+    ws.on("error", () => conn.close());
+  });
+
+  await new Promise((resolve, reject) => {
+    wss.once("error", reject);
+    wss.once("listening", () => resolve());
+  });
+
+  return {
+    port: wss.address().port,
+    url: `ws://${bind}:${wss.address().port}`,
+    // 購読中クライアントを terminate してから close (しないと wss.close は接続が残る限りハング)。
+    stop: () => new Promise((resolve) => {
+      for (const c of wss.clients) { try { c.terminate(); } catch { /* ignore */ } }
+      wss.close(() => resolve());
+    }),
+  };
+}

package/src/serve/grpc-methods.generated.json

@@ -0,0 +1,378 @@
+{
+  "ScheduleGetScheduleList": {
+    "method": "schedule.getScheduleList",
+    "jsonFields": []
+  },
+  "ScheduleCancelSchedule": {
+    "method": "schedule.cancelSchedule",
+    "jsonFields": []
+  },
+  "OrgGetEmployees": {
+    "method": "org.getEmployees",
+    "jsonFields": []
+  },
+  "OrgGetCurrentUserInfo": {
+    "method": "org.getCurrentUserInfo",
+    "jsonFields": []
+  },
+  "OrgAddEmployees": {
+    "method": "org.addEmployees",
+    "jsonFields": [
+      "items"
+    ]
+  },
+  "OrgUpdateEmployee": {
+    "method": "org.updateEmployee",
+    "jsonFields": [
+      "data"
+    ]
+  },
+  "OrgRemoveEmployees": {
+    "method": "org.removeEmployees",
+    "jsonFields": [
+      "items"
+    ]
+  },
+  "OrgReorderEmployees": {
+    "method": "org.reorderEmployees",
+    "jsonFields": [
+      "items"
+    ]
+  },
+  "OrgQueryByCS": {
+    "method": "org.queryByCS",
+    "jsonFields": []
+  },
+  "OrgConfirmQueryByCS": {
+    "method": "org.confirmQueryByCS",
+    "jsonFields": []
+  },
+  "OrgGetEmployeeGroups": {
+    "method": "org.getEmployeeGroups",
+    "jsonFields": []
+  },
+  "OrgAddEmployeeGroup": {
+    "method": "org.addEmployeeGroup",
+    "jsonFields": [
+      "item"
+    ]
+  },
+  "OrgUpdateEmployeeGroup": {
+    "method": "org.updateEmployeeGroup",
+    "jsonFields": [
+      "item"
+    ]
+  },
+  "OrgRemoveEmployeeGroups": {
+    "method": "org.removeEmployeeGroups",
+    "jsonFields": [
+      "gids"
+    ]
+  },
+  "OrgGetEmployeeGroupBindDeviceGroup": {
+    "method": "org.getEmployeeGroupBindDeviceGroup",
+    "jsonFields": []
+  },
+  "OrgAddEmployeeInGroup": {
+    "method": "org.addEmployeeInGroup",
+    "jsonFields": [
+      "uuids",
+      "items"
+    ]
+  },
+  "OrgRemoveEmployeeInGroup": {
+    "method": "org.removeEmployeeInGroup",
+    "jsonFields": [
+      "uuids",
+      "items"
+    ]
+  },
+  "OrgRemoveEmployeeGroupBindDeviceGroup": {
+    "method": "org.removeEmployeeGroupBindDeviceGroup",
+    "jsonFields": [
+      "data"
+    ]
+  },
+  "OrgGetTags": {
+    "method": "org.getTags",
+    "jsonFields": []
+  },
+  "OrgPostTag": {
+    "method": "org.postTag",
+    "jsonFields": [
+      "data"
+    ]
+  },
+  "OrgRemoveTag": {
+    "method": "org.removeTag",
+    "jsonFields": [
+      "data"
+    ]
+  },
+  "OrgGetDeviceGroups": {
+    "method": "org.getDeviceGroups",
+    "jsonFields": []
+  },
+  "OrgAddDeviceGroup": {
+    "method": "org.addDeviceGroup",
+    "jsonFields": []
+  },
+  "OrgUpdateDeviceGroup": {
+    "method": "org.updateDeviceGroup",
+    "jsonFields": [
+      "item"
+    ]
+  },
+  "OrgRemoveDeviceGroups": {
+    "method": "org.removeDeviceGroups",
+    "jsonFields": [
+      "groupIds"
+    ]
+  },
+  "OrgAddDeviceInGroup": {
+    "method": "org.addDeviceInGroup",
+    "jsonFields": [
+      "uuids",
+      "items"
+    ]
+  },
+  "OrgRemoveDeviceInGroup": {
+    "method": "org.removeDeviceInGroup",
+    "jsonFields": [
+      "uuids",
+      "items"
+    ]
+  },
+  "OrgGetDeviceGroupBindUserGroup": {
+    "method": "org.getDeviceGroupBindUserGroup",
+    "jsonFields": []
+  },
+  "OrgRemoveDeviceGroupBindUserGroup": {
+    "method": "org.removeDeviceGroupBindUserGroup",
+    "jsonFields": [
+      "data"
+    ]
+  },
+  "OrgShareDeviceKeysToEmployees": {
+    "method": "org.shareDeviceKeysToEmployees",
+    "jsonFields": [
+      "items"
+    ]
+  },
+  "OrgShareDeviceGroupKeysToEmployeeGroup": {
+    "method": "org.shareDeviceGroupKeysToEmployeeGroup",
+    "jsonFields": [
+      "item"
+    ]
+  },
+  "OrgGetEmployeeDeviceKeys": {
+    "method": "org.getEmployeeDeviceKeys",
+    "jsonFields": []
+  },
+  "OrgRemoveEmployeeDeviceKey": {
+    "method": "org.removeEmployeeDeviceKey",
+    "jsonFields": [
+      "data"
+    ]
+  },
+  "OrgUpdateGuestKeyTag": {
+    "method": "org.updateGuestKeyTag",
+    "jsonFields": [
+      "data"
+    ]
+  },
+  "OrgGenerateGuestQR": {
+    "method": "org.generateGuestQR",
+    "jsonFields": [
+      "data"
+    ]
+  },
+  "OrgGetDeviceEmployeeKeys": {
+    "method": "org.getDeviceEmployeeKeys",
+    "jsonFields": []
+  },
+  "CompanyGetCompanies": {
+    "method": "company.getCompanies",
+    "jsonFields": []
+  },
+  "CompanyUpdateCompanyName": {
+    "method": "company.updateCompanyName",
+    "jsonFields": []
+  },
+  "CompanyAddCompany": {
+    "method": "company.addCompany",
+    "jsonFields": []
+  },
+  "CompanyGetPaymentConfig": {
+    "method": "company.getPaymentConfig",
+    "jsonFields": []
+  },
+  "AccessGetCards": {
+    "method": "access.getCards",
+    "jsonFields": []
+  },
+  "AccessGetPasscodes": {
+    "method": "access.getPasscodes",
+    "jsonFields": []
+  },
+  "AccessPostCards": {
+    "method": "access.postCards",
+    "jsonFields": [
+      "list"
+    ]
+  },
+  "AccessPostPasscodes": {
+    "method": "access.postPasscodes",
+    "jsonFields": [
+      "list"
+    ]
+  },
+  "AccessDelCards": {
+    "method": "access.delCards",
+    "jsonFields": [
+      "items"
+    ]
+  },
+  "AccessDelPasscodes": {
+    "method": "access.delPasscodes",
+    "jsonFields": [
+      "items"
+    ]
+  },
+  "AccessClearCards": {
+    "method": "access.clearCards",
+    "jsonFields": []
+  },
+  "AccessClearPasscodes": {
+    "method": "access.clearPasscodes",
+    "jsonFields": []
+  },
+  "AccessUpdateCardName": {
+    "method": "access.updateCardName",
+    "jsonFields": [
+      "item"
+    ]
+  },
+  "AccessUpdatePasscodeName": {
+    "method": "access.updatePasscodeName",
+    "jsonFields": [
+      "item"
+    ]
+  },
+  "AccessUpdateCardOwner": {
+    "method": "access.updateCardOwner",
+    "jsonFields": []
+  },
+  "IotSendIotCmd": {
+    "method": "iot.sendIotCmd",
+    "jsonFields": []
+  },
+  "IotSubscribeIotResponse": {
+    "method": "iot.subscribeIotResponse",
+    "jsonFields": [
+      "params"
+    ]
+  },
+  "IotSendIotCmdAwait": {
+    "method": "iot.sendIotCmdAwait",
+    "jsonFields": []
+  },
+  "IotSetHub3LedDuty": {
+    "method": "iot.setHub3LedDuty",
+    "jsonFields": []
+  },
+  "IotHub3RelaySwitch": {
+    "method": "iot.hub3RelaySwitch",
+    "jsonFields": []
+  },
+  "IotAddSesameToHub3": {
+    "method": "iot.addSesameToHub3",
+    "jsonFields": []
+  },
+  "IotRemoveSesameFromHub3": {
+    "method": "iot.removeSesameFromHub3",
+    "jsonFields": [
+      "params"
+    ]
+  },
+  "IotStartFirmwareUpdate": {
+    "method": "iot.startFirmwareUpdate",
+    "jsonFields": []
+  },
+  "IotClearHub3WifiSsid": {
+    "method": "iot.clearHub3WifiSsid",
+    "jsonFields": []
+  },
+  "IotGetMatterPairingCode": {
+    "method": "iot.getMatterPairingCode",
+    "jsonFields": []
+  },
+  "IotOpenMatterPairingWindow": {
+    "method": "iot.openMatterPairingWindow",
+    "jsonFields": []
+  },
+  "PresetirSendIR": {
+    "method": "presetir.sendIR",
+    "jsonFields": []
+  },
+  "PresetirEmitAir": {
+    "method": "presetir.emitAir",
+    "jsonFields": []
+  },
+  "PresetirEmitButton": {
+    "method": "presetir.emitButton",
+    "jsonFields": []
+  },
+  "Status": {
+    "method": "status",
+    "jsonFields": []
+  },
+  "AccountWhoami": {
+    "method": "account.whoami",
+    "jsonFields": []
+  },
+  "LockLock": {
+    "method": "lock.lock",
+    "jsonFields": []
+  },
+  "LockUnlock": {
+    "method": "lock.unlock",
+    "jsonFields": []
+  },
+  "LockToggle": {
+    "method": "lock.toggle",
+    "jsonFields": []
+  },
+  "LockClick": {
+    "method": "lock.click",
+    "jsonFields": []
+  },
+  "LockStatus": {
+    "method": "lock.status",
+    "jsonFields": []
+  },
+  "DevicesList": {
+    "method": "devices.list",
+    "jsonFields": []
+  },
+  "DeviceHistory": {
+    "method": "device.history",
+    "jsonFields": []
+  },
+  "DeviceBattery": {
+    "method": "device.battery",
+    "jsonFields": []
+  },
+  "IrSend": {
+    "method": "ir.send",
+    "jsonFields": []
+  },
+  "IrListKeys": {
+    "method": "ir.listKeys",
+    "jsonFields": []
+  },
+  "Discover": {
+    "method": "rpc.discover",
+    "jsonFields": []
+  }
+}