specrails-desktop 2.5.0 → 2.6.0

package/server/dist/mobile/mobile-datachannel.js

@@ -0,0 +1,167 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DataChannelPeer = exports.DataChannelSocket = void 0;
+// WebRTC DataChannel transport for the web companion (serverless double-QR
+// pairing). Instead of a LAN WSS gateway, the companion connects peer-to-peer
+// over a WebRTC DataChannel; this module bridges that channel onto the EXISTING
+// mobile semantics so nothing downstream changes:
+//   - push frames + per-subscription filtering + redaction + log batching  →
+//     reused verbatim by presenting the channel to MobileWsBridge as a SocketLike.
+//   - control frames (subscribe / watch_job / unwatch_job)                  →
+//     delivered straight to that same bridge.
+//   - hello → welcome (device registration + token)                        → new.
+//   - rpc → rpc_result (the /v1 allow-list)                                → new.
+// The two new flows are dependency-injected so the protocol logic is unit-tested
+// without a real WebRTC stack, the database, or the loopback HTTP forward.
+const WS_OPEN = 1;
+const WS_CLOSED = 3;
+/** Presents a DataChannel to MobileWsBridge as if it were a ws.WebSocket, so the
+ *  existing fan-out (redaction, per-subscription filtering, log batching) is
+ *  reused unchanged. WebRTC has no ping/pong frames, so ping() reports liveness
+ *  synchronously — DTLS keepalive + onClose drive real liveness. */
+class DataChannelSocket {
+    _ch;
+    _handlers = new Map();
+    constructor(_ch) {
+        this._ch = _ch;
+    }
+    get readyState() {
+        return this._ch.readyState === 'open' ? WS_OPEN : WS_CLOSED;
+    }
+    send(data) {
+        try {
+            this._ch.send(data);
+        }
+        catch {
+            /* channel went away mid-send — onClose will reap it */
+        }
+    }
+    on(event, cb) {
+        const list = this._handlers.get(event) ?? [];
+        list.push(cb);
+        this._handlers.set(event, list);
+    }
+    ping() {
+        this._emit('pong');
+    }
+    terminate() {
+        this._emit('close');
+    }
+    close(code) {
+        // 4401 = the device was revoked from the desktop — tell the companion so it
+        // drops to the pairing screen instead of silently going stale.
+        if (code === 4401) {
+            try {
+                this._ch.send(JSON.stringify({ type: 'revoked' }));
+            }
+            catch {
+                /* ignore */
+            }
+        }
+        this._emit('close');
+    }
+    /** Hand an inbound control frame to the bridge (its `message` listener). */
+    deliver(text) {
+        this._emit('message', text);
+    }
+    /** Mark the underlying channel closed (drops the socket from the bridge). */
+    closed() {
+        this._emit('close');
+    }
+    _emit(event, ...args) {
+        for (const cb of this._handlers.get(event) ?? []) {
+            try {
+                cb(...args);
+            }
+            catch {
+                /* a bad listener must not break fan-out */
+            }
+        }
+    }
+}
+exports.DataChannelSocket = DataChannelSocket;
+/** One paired companion over one DataChannel. Demultiplexes hello / rpc / control
+ *  frames; everything else (push) flows out via the bridge. */
+class DataChannelPeer {
+    _ch;
+    _deps;
+    _sock;
+    _authed = false;
+    _token = '';
+    constructor(_ch, _deps) {
+        this._ch = _ch;
+        this._deps = _deps;
+        this._sock = new DataChannelSocket(_ch);
+        _ch.onMessage((data) => {
+            void this._onMessage(data);
+        });
+        _ch.onClose(() => this._sock.closed());
+    }
+    get authed() {
+        return this._authed;
+    }
+    _send(obj) {
+        try {
+            this._ch.send(JSON.stringify(obj));
+        }
+        catch {
+            /* ignore */
+        }
+    }
+    async _onMessage(data) {
+        let msg;
+        try {
+            msg = JSON.parse(data);
+        }
+        catch {
+            return;
+        }
+        switch (msg.type) {
+            case 'hello': {
+                if (this._authed)
+                    return;
+                const secret = typeof msg.sec === 'string' ? msg.sec : '';
+                const deviceName = typeof msg.deviceName === 'string' ? msg.deviceName : 'Device';
+                const platform = typeof msg.platform === 'string' ? msg.platform : 'web';
+                const token = typeof msg.token === 'string' ? msg.token : undefined;
+                const r = await this._deps.registerDevice({ secret, deviceName, platform, token });
+                console.log('[webrtc] hello received; device registered:', r.ok);
+                if (!r.ok) {
+                    this._send({ type: 'pair_denied' });
+                    return;
+                }
+                this._authed = true;
+                this._token = r.token;
+                this._deps.bridge.attach(this._sock, r.deviceId);
+                this._send({
+                    type: 'welcome',
+                    deviceId: r.deviceId,
+                    token: r.token,
+                    // FROZEN field names — mobile pairing wire contract.
+                    hubName: r.hubName,
+                    hubInstanceId: r.hubInstanceId,
+                });
+                return;
+            }
+            case 'rpc': {
+                const id = typeof msg.id === 'string' ? msg.id : null;
+                if (!id)
+                    return;
+                if (!this._authed) {
+                    this._send({ type: 'rpc_result', id, status: 401, json: { error: 'not paired' } });
+                    return;
+                }
+                const method = typeof msg.method === 'string' ? msg.method : 'GET';
+                const path = typeof msg.path === 'string' ? msg.path : '';
+                const r = await this._deps.rpcDispatch({ method, path, body: msg.body, token: this._token });
+                this._send({ type: 'rpc_result', id, status: r.status, json: r.json });
+                return;
+            }
+            default:
+                // subscribe / watch_job / unwatch_job — reuse the bridge's inbound logic.
+                if (this._authed)
+                    this._sock.deliver(data);
+        }
+    }
+}
+exports.DataChannelPeer = DataChannelPeer;

package/server/dist/mobile/mobile-gateway.js

@@ -8,15 +8,14 @@ const os_1 = __importDefault(require("os"));
 const https_1 = __importDefault(require("https"));
 const crypto_1 = require("crypto");
 const express_1 = __importDefault(require("express"));
-const ws_1 = require("ws");
 const desktop_db_1 = require("../desktop-db");
 const mobile_tls_1 = require("./mobile-tls");
-const mobile_pairing_1 = require("./mobile-pairing");
 const mobile_router_1 = require("./mobile-router");
 const mobile_ws_1 = require("./mobile-ws");
-const mobile_mdns_1 = require("./mobile-mdns");
 const mobile_devices_1 = require("./mobile-devices");
-const mobile_auth_1 = require("./mobile-auth");
+const mobile_webrtc_peer_1 = require("./mobile-webrtc-peer");
+const mobile_signal_reconnect_1 = require("./mobile-signal-reconnect");
+const mobile_webrtc_1 = require("./mobile-webrtc");
 // Lifecycle owner of the second HTTPS+WSS listener (default :4202), hard-isolated
 // from the main server. Off by default; started on enable or boot-if-enabled.
 const DEFAULT_PORT = 4202;
@@ -25,7 +24,6 @@ const SETTING = {
     port: 'mobile.port',
     instanceId: 'mobile.desktop_instance_id',
     name: 'mobile.desktop_name',
-    mdns: 'mobile.mdns_enabled',
     fingerprint: 'mobile.cert_fingerprint',
 };
 // Legacy fallback — pre-rebrand (Specrails Hub) setting keys. Values are
@@ -35,17 +33,6 @@ const LEGACY_SETTING = {
     instanceId: 'mobile.hub_instance_id',
     name: 'mobile.hub_name',
 };
-function lanAddresses() {
-    const out = [];
-    const ifaces = os_1.default.networkInterfaces();
-    for (const name of Object.keys(ifaces)) {
-        for (const ni of ifaces[name] ?? []) {
-            if (ni.family === 'IPv4' && !ni.internal)
-                out.push(ni.address);
-        }
-    }
-    return out;
-}
 class MobileGateway {
     _db;
     _desktopPort;
@@ -53,9 +40,9 @@ class MobileGateway {
     _bindHost;
     _cert = null;
     _server = null;
-    _wss = null;
     _bridge = null;
-    _pairing = null;
+    _webrtc = null;
+    _signal = null;
     _running = false;
     _boundPort = DEFAULT_PORT;
     _portOverride;
@@ -66,12 +53,12 @@ class MobileGateway {
         this._bindHost = deps.bindHost ?? '0.0.0.0';
         this._portOverride = deps.port;
     }
-    get pairing() {
-        return this._pairing;
-    }
     get bridge() {
         return this._bridge;
     }
+    get webrtc() {
+        return this._webrtc;
+    }
     get running() {
         return this._running;
     }
@@ -112,9 +99,6 @@ class MobileGateway {
         }
         return id;
     }
-    mdnsEnabled() {
-        return (0, desktop_db_1.getDesktopSetting)(this._db, SETTING.mdns) !== 'false';
-    }
     isEnabledSetting() {
         return (0, desktop_db_1.getDesktopSetting)(this._db, SETTING.enabled) === 'true';
     }
@@ -124,8 +108,6 @@ class MobileGateway {
             running: this._running,
             port: this._running ? this._boundPort : this.configuredPort(),
             certFingerprint: this._cert?.fingerprint ?? (0, desktop_db_1.getDesktopSetting)(this._db, SETTING.fingerprint) ?? null,
-            lanAddresses: lanAddresses(),
-            mdnsEnabled: this.mdnsEnabled(),
             desktopName: this.desktopName(),
         };
     }
@@ -150,50 +132,16 @@ class MobileGateway {
         catch { /* non-fatal */ }
         this._cert = await (0, mobile_tls_1.loadOrCreateCert)((0, mobile_tls_1.mobileDir)());
         (0, desktop_db_1.setDesktopSetting)(this._db, SETTING.fingerprint, this._cert.fingerprint);
-        this._pairing = new mobile_pairing_1.PairingManager({
-            certFingerprint: () => this._cert.fingerprint,
-            desktopInstanceId: () => this.instanceId(),
-            desktopName: () => this.desktopName(),
-            port: () => this._boundPort,
-            lanAddresses,
-            createDevice: ({ name, platform, token, certFingerprint }) => {
-                const row = (0, mobile_devices_1.createDevice)(this._db, { name, platform, tokenHash: (0, mobile_devices_1.hashToken)(token), certFingerprint });
-                this._broadcast({ type: 'mobile.device_paired', deviceId: row.id, name: row.name, timestamp: new Date().toISOString() });
-                return row.id;
-            },
-            onClaimed: (device) => {
-                this._broadcast({ type: 'mobile.pair_requested', deviceName: device.name, platform: device.platform, timestamp: new Date().toISOString() });
-            },
-        });
         const app = (0, express_1.default)();
         app.use(express_1.default.json({ limit: '256kb' }));
         app.use((0, mobile_router_1.createMobileRouter)({
             db: this._db,
             desktopPort: this._desktopPort,
             currentFingerprint: () => this._cert.fingerprint,
-            pairing: this._pairing,
         }));
         const server = https_1.default.createServer({ cert: this._cert.certPem, key: this._cert.keyPem }, app);
-        const wss = new ws_1.WebSocketServer({ noServer: true });
         const bridge = new mobile_ws_1.MobileWsBridge();
         bridge.start();
-        server.on('upgrade', (request, socket, head) => {
-            if ((request.url ?? '').split('?')[0] !== '/mws') {
-                socket.write('HTTP/1.1 404 Not Found\r\nConnection: close\r\n\r\n');
-                socket.destroy();
-                return;
-            }
-            const token = tokenFromUpgrade(request);
-            const device = (0, mobile_auth_1.resolveDevice)(this._db, token, this._cert.fingerprint);
-            if (!device) {
-                socket.write('HTTP/1.1 401 Unauthorized\r\nConnection: close\r\n\r\n');
-                socket.destroy();
-                return;
-            }
-            wss.handleUpgrade(request, socket, head, (ws) => {
-                bridge.attach(ws, device.id);
-            });
-        });
         const port = this.configuredPort();
         await new Promise((resolve, reject) => {
             const onError = (err) => {
@@ -212,32 +160,63 @@ class MobileGateway {
             server.listen(port, this._bindHost);
         });
         this._server = server;
-        this._wss = wss;
         this._bridge = bridge;
         this._running = true;
-        if (this.mdnsEnabled()) {
-            void (0, mobile_mdns_1.advertiseMdns)({
-                name: this.desktopName(),
-                port: this._boundPort,
-                instanceId: this.instanceId(),
-                fingerprint: this._cert.fingerprint,
-            });
-        }
+        // Serverless WebRTC companion peer (offerer). Reuses this bridge for push +
+        // control, and tunnels its RPC to the /v1 allow-list above over loopback.
+        const createWebDevice = (0, mobile_webrtc_1.buildRegisterDevice)({
+            db: this._db,
+            currentFingerprint: () => this._cert.fingerprint,
+            desktopName: () => this.desktopName(),
+            desktopInstanceId: () => this.instanceId(),
+        });
+        this._webrtc = new mobile_webrtc_peer_1.MobileWebrtcGateway({
+            bridge,
+            registerDevice: async (input) => {
+                const r = await createWebDevice(input);
+                if (r.ok) {
+                    this._broadcast({
+                        type: 'mobile.device_paired',
+                        deviceId: r.deviceId,
+                        name: input.deviceName || 'Web companion',
+                        timestamp: new Date().toISOString(),
+                    });
+                }
+                return r;
+            },
+            rpcDispatch: (0, mobile_webrtc_1.buildRpcDispatch)({
+                gatewayBase: `https://127.0.0.1:${this._boundPort}`,
+                doFetch: (0, mobile_webrtc_1.createLoopbackFetch)(),
+            }),
+        });
+        // Outbound reconnect poller: lets a refreshed/reopened companion re-establish
+        // the WebRTC link via the public signaling mailbox — no QR re-scan. Polls
+        // OUTBOUND only (no inbound, no cert wall); the mailbox only sees the ~5s
+        // handshake.
+        const signalBase = (0, desktop_db_1.getDesktopSetting)(this._db, 'mobile.signal_url') || 'https://specrails.dev/companion-signal.php';
+        this._signal = new mobile_signal_reconnect_1.MobileSignalReconnect({
+            signalBase,
+            doFetch: (url, init) => fetch(url, init),
+            rooms: () => (0, mobile_devices_1.listDevices)(this._db).filter((d) => !d.revoked).map((d) => d.id),
+            makeOffer: () => this.webrtcOffer(),
+            acceptAnswer: (sdp) => this.webrtcAnswer(sdp),
+        });
+        this._signal.start();
     }
     /** Idempotent teardown. */
     async stop() {
-        await (0, mobile_mdns_1.withdrawMdns)();
+        if (this._signal) {
+            this._signal.stop();
+            this._signal = null;
+        }
+        if (this._webrtc) {
+            this._webrtc.stop();
+            this._webrtc = null;
+        }
         if (this._bridge) {
             this._bridge.stop();
             this._bridge = null;
         }
-        if (this._wss) {
-            try {
-                this._wss.close();
-            }
-            catch { /* ignore */ }
-            this._wss = null;
-        }
         if (this._server) {
             await new Promise((resolve) => this._server.close(() => resolve()));
             this._server = null;
@@ -260,26 +239,21 @@ class MobileGateway {
         this._broadcast({ type: 'mobile.gateway_state', running: this._running, port: this._boundPort, timestamp: new Date().toISOString() });
         return this.status();
     }
-}
-exports.MobileGateway = MobileGateway;
-/** Extract a device token from a /mws upgrade: Authorization header (native
- *  clients can set it) or a token-carrying subprotocol. */
-function tokenFromUpgrade(request) {
-    const fake = { headers: request.headers };
-    const bearer = (0, mobile_auth_1.extractBearer)(fake);
-    if (bearer)
-        return bearer;
-    const proto = request.headers['sec-websocket-protocol'];
-    if (typeof proto === 'string') {
-        for (const part of proto.split(',')) {
-            const p = part.trim();
-            if (p.startsWith('desktop-token.'))
-                return p.slice('desktop-token.'.length).trim();
-            // mobile-app v1 wire compat — do not rename: the phone app (v1.0.0)
-            // carries its device token in a `hub-token.<token>` subprotocol.
-            if (p.startsWith('hub-token.'))
-                return p.slice('hub-token.'.length).trim();
-        }
+    /** Open a serverless WebRTC pairing offer (for the first QR). Returns the offer
+     *  SDP + a single-use secret + the desktop identity; the webview encodes these
+     *  into the QR the companion scans. */
+    async webrtcOffer() {
+        if (!this._webrtc)
+            return null;
+        const secret = (0, crypto_1.randomBytes)(16).toString('base64url');
+        const { sdp } = await this._webrtc.createOffer(secret);
+        return { sdp, secret, hubName: this.desktopName(), hubInstanceId: this.instanceId() };
+    }
+    /** Apply the companion's scanned answer SDP to the open offer. */
+    async webrtcAnswer(sdp) {
+        if (!this._webrtc)
+            return false;
+        return (await this._webrtc.acceptAnswer(sdp)).ok;
     }
-    return null;
 }
+exports.MobileGateway = MobileGateway;

package/server/dist/mobile/mobile-router.js

@@ -6,12 +6,10 @@ const express_1 = require("express");
 const auth_1 = require("../auth");
 const mobile_redact_1 = require("./mobile-redact");
 const mobile_auth_1 = require("./mobile-auth");
-// The LAN-facing REST surface. Two parts:
-//   /pair/*  — unauthenticated, locked-down pairing handshake.
-//   /v1/*    — authenticated allow-list. Each route forwards, in-process, via a
-//              REAL loopback HTTP request to http://127.0.0.1:<desktopPort> with
-//              the master token injected server-side as `x-desktop-token` (it
-//              never leaves the box).
+// The gateway's authenticated REST surface: the `/v1/*` allow-list. Each route
+// forwards, in-process, via a REAL loopback HTTP request to
+// http://127.0.0.1:<desktopPort> with the master token injected server-side as
+// `x-desktop-token` (it never leaves the box).
 //
 // Forwarding is PARAMETERISED: the internal path is rebuilt from Express route
 // params (each a single URL segment — `..`/`/` can't appear), never from the raw
@@ -28,35 +26,6 @@ function createMobileRouter(deps) {
     // segment (an array — which path-to-regexp never produces here — collapses to
     // '' and fails the validators below).
     const seg = (v) => (typeof v === 'string' ? v : '');
-    // ─── Pairing (unauthenticated, rate-limited inside PairingManager) ──────────
-    const pairRouter = (0, express_1.Router)();
-    pairRouter.post('/claim', (req, res) => {
-        const body = (req.body ?? {});
-        const secret = typeof body.secret === 'string' ? body.secret : '';
-        const deviceName = typeof body.deviceName === 'string' ? body.deviceName : 'Device';
-        const platform = body.platform === 'android' ? 'android' : 'ios';
-        const ip = req.socket?.remoteAddress ?? 'unknown';
-        if (!secret) {
-            res.status(400).json({ error: 'secret required' });
-            return;
-        }
-        const result = deps.pairing.claim(secret, { name: deviceName, platform }, ip);
-        if (result.ok) {
-            res.json({ ok: true });
-            return;
-        }
-        const code = result.reason === 'locked' ? 429 : result.reason === 'no-session' || result.reason === 'expired' ? 410 : 403;
-        res.status(code).json({ ok: false, reason: result.reason });
-    });
-    pairRouter.get('/status', (req, res) => {
-        const claimId = typeof req.query.claimId === 'string' ? req.query.claimId : '';
-        if (!claimId) {
-            res.status(400).json({ error: 'claimId required' });
-            return;
-        }
-        res.json(deps.pairing.pollStatus(claimId));
-    });
-    router.use('/pair', pairRouter);
     // ─── Authenticated allow-list (/v1) ─────────────────────────────────────────
     const v1 = (0, express_1.Router)();
     v1.use((0, mobile_auth_1.createMobileAuthMiddleware)({ db: deps.db, currentFingerprint: deps.currentFingerprint }));

package/server/dist/mobile/mobile-signal-reconnect.js

@@ -0,0 +1,84 @@
+"use strict";
+// Outbound reconnect poller for the serverless web companion.
+//
+// After a page reload the companion's WebRTC link is gone. To re-establish it
+// without re-scanning a QR, the companion drops a "reconnect request" into a
+// tiny public mailbox (companion-signal.php on specrails.dev); the desktop polls
+// that mailbox (OUTBOUND — no inbound needed, no cert wall), answers with a
+// fresh offer, and reads back the companion's answer. The mailbox only ever
+// carries the ~5s SDP handshake; once connected, all traffic is P2P. The desktop
+// authenticates the reconnecting device by its existing token (see
+// buildRegisterDevice), so no new pairing/device is created.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MobileSignalReconnect = void 0;
+class MobileSignalReconnect {
+    _deps;
+    _timer = null;
+    _busy = false;
+    constructor(_deps) {
+        this._deps = _deps;
+    }
+    start(intervalMs = 3000) {
+        if (this._timer)
+            return;
+        this._timer = setInterval(() => void this.poll(), intervalMs);
+        this._timer.unref?.();
+    }
+    stop() {
+        if (this._timer) {
+            clearInterval(this._timer);
+            this._timer = null;
+        }
+    }
+    /** One poll cycle across all rooms. Exposed for tests. */
+    async poll() {
+        if (this._busy)
+            return; // never overlap cycles (a slow makeOffer must not stack)
+        this._busy = true;
+        try {
+            for (const room of this._deps.rooms()) {
+                try {
+                    // A phone asking to reconnect? → answer with a fresh offer.
+                    const req = await this._get(room, 'req');
+                    if (req !== null) {
+                        const offer = await this._deps.makeOffer();
+                        if (offer) {
+                            await this._post(room, 'offer', JSON.stringify({ sdp: offer.sdp, sec: offer.secret, hub: offer.hubInstanceId, name: offer.hubName }));
+                        }
+                    }
+                    // A phone's answer waiting? → complete the connection.
+                    const ans = await this._get(room, 'answer');
+                    if (ans) {
+                        try {
+                            const parsed = JSON.parse(ans);
+                            if (typeof parsed.sdp === 'string')
+                                await this._deps.acceptAnswer(parsed.sdp);
+                        }
+                        catch {
+                            /* malformed answer — ignore */
+                        }
+                    }
+                }
+                catch {
+                    /* transient per-room network error — retry next cycle */
+                }
+            }
+        }
+        finally {
+            this._busy = false;
+        }
+    }
+    async _get(room, slot) {
+        const res = await this._deps.doFetch(`${this._deps.signalBase}?room=${encodeURIComponent(room)}&slot=${slot}`);
+        if (res.status !== 200)
+            return null;
+        return res.text();
+    }
+    async _post(room, slot, body) {
+        await this._deps.doFetch(`${this._deps.signalBase}?room=${encodeURIComponent(room)}&slot=${slot}`, {
+            method: 'POST',
+            body,
+        });
+    }
+}
+exports.MobileSignalReconnect = MobileSignalReconnect;

package/server/dist/mobile/mobile-types.js

@@ -1,9 +1,9 @@
 "use strict";
 // Shared types for the Mobile Gateway (server/mobile/*).
 //
-// The gateway is a second HTTPS+WSS listener in the SAME Node process as the
-// main server, default port 4202, OFF by default. It pairs phones/tablets by QR +
-// desktop-approval and exposes a deny-by-default allow-list of the existing API,
-// redacted, over a per-device token. The main server at 127.0.0.1:4200 is never
-// itself exposed. See docs/mobile.md.
+// The gateway is a second HTTPS listener in the SAME Node process as the main
+// server, default port 4202, OFF by default. It pairs the web companion
+// serverlessly over WebRTC (double-QR) and exposes a deny-by-default allow-list
+// of the existing API, redacted, over a per-device token. The main server at
+// 127.0.0.1:4200 is never itself exposed.
 Object.defineProperty(exports, "__esModule", { value: true });