specrails-desktop 2.5.0 → 2.6.0

package/server/dist/mobile/mobile-webrtc-peer.js

@@ -0,0 +1,129 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MobileWebrtcGateway = void 0;
+const werift_1 = require("werift");
+const auth_1 = require("../auth");
+const mobile_datachannel_1 = require("./mobile-datachannel");
+class MobileWebrtcGateway {
+    _deps;
+    _pending = null;
+    _active = new Set();
+    constructor(_deps) {
+        this._deps = _deps;
+    }
+    /** Drop the open (un-answered) offer. */
+    clearOffer() {
+        const p = this._pending;
+        this._pending = null;
+        if (p)
+            this._close(p.pc);
+    }
+    /** Create a fresh pairing offer (peer + DataChannel + gathered offer SDP).
+     *  Replaces any previously-open offer. Returns the SDP to embed in the QR. */
+    async createOffer(secret) {
+        this.clearOffer();
+        const pc = new werift_1.RTCPeerConnection({ iceServers: [] });
+        const dc = pc.createDataChannel('mobile');
+        // The companion peer activates when the channel opens. It validates `hello`
+        // against THIS connection's offer secret (captured in this closure) — not a
+        // global pending secret, which is already null by the time hello arrives.
+        new mobile_datachannel_1.DataChannelPeer(toChannelLike(dc), {
+            registerDevice: async (input) => input.secret && (0, auth_1.safeEqual)(input.secret, secret)
+                ? this._deps.registerDevice({ deviceName: input.deviceName, platform: input.platform, token: input.token })
+                : { ok: false },
+            rpcDispatch: this._deps.rpcDispatch,
+            bridge: this._deps.bridge,
+        });
+        pc.connectionStateChange.subscribe((s) => {
+            console.log('[webrtc] pc connectionState:', s);
+            if (s === 'failed' || s === 'closed' || s === 'disconnected') {
+                this._active.delete(pc);
+                if (this._pending?.pc === pc)
+                    this._pending = null;
+            }
+        });
+        const offer = await pc.createOffer();
+        await pc.setLocalDescription(offer);
+        await waitIceComplete(pc);
+        const sdp = pc.localDescription?.sdp;
+        if (!sdp) {
+            this._close(pc);
+            throw new Error('no local description after ICE gathering');
+        }
+        console.log(`[webrtc] offer ready: ${(sdp.match(/a=candidate/g) ?? []).length} ICE candidates`);
+        this._pending = { pc, secret };
+        return { sdp };
+    }
+    /** Apply the companion's scanned answer SDP to the open offer and keep the
+     *  connection alive for the session. */
+    async acceptAnswer(sdp) {
+        const p = this._pending;
+        if (!p)
+            return { ok: false };
+        try {
+            console.log(`[webrtc] applying answer: ${(sdp.match(/a=candidate/g) ?? []).length} ICE candidates`);
+            await p.pc.setRemoteDescription({ type: 'answer', sdp });
+            this._active.add(p.pc);
+            this._pending = null;
+            return { ok: true };
+        }
+        catch {
+            return { ok: false };
+        }
+    }
+    /** Tear down every peer (gateway stopping / disabled). */
+    stop() {
+        this.clearOffer();
+        for (const pc of this._active)
+            this._close(pc);
+        this._active.clear();
+    }
+    _close(pc) {
+        try {
+            void pc.close();
+        }
+        catch {
+            /* ignore */
+        }
+    }
+}
+exports.MobileWebrtcGateway = MobileWebrtcGateway;
+function toChannelLike(dc) {
+    dc.stateChanged.subscribe((s) => console.log('[webrtc] datachannel state:', s));
+    return {
+        get readyState() {
+            return dc.readyState;
+        },
+        send: (data) => dc.send(data),
+        onMessage: (cb) => {
+            dc.onMessage.subscribe((d) => cb(typeof d === 'string' ? d : d.toString('utf8')));
+        },
+        onClose: (cb) => {
+            dc.stateChanged.subscribe((s) => {
+                if (s === 'closed')
+                    cb();
+            });
+        },
+    };
+}
+/** Vanilla ICE: resolve once gathering completes so the offer SDP carries all
+ *  candidates (there's no trickle channel — the SDP travels by QR). */
+function waitIceComplete(pc) {
+    if (pc.iceGatheringState === 'complete')
+        return Promise.resolve();
+    return new Promise((resolve) => {
+        let done = false;
+        const finish = () => {
+            if (!done) {
+                done = true;
+                resolve();
+            }
+        };
+        pc.iceGatheringStateChange.subscribe((s) => {
+            if (s === 'complete')
+                finish();
+        });
+        const t = setTimeout(finish, 3000);
+        t.unref?.();
+    });
+}

package/server/dist/mobile/mobile-webrtc.js

@@ -0,0 +1,117 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildRegisterDevice = buildRegisterDevice;
+exports.buildRpcDispatch = buildRpcDispatch;
+exports.createLoopbackFetch = createLoopbackFetch;
+const https_1 = __importDefault(require("https"));
+const crypto_1 = require("crypto");
+const mobile_devices_1 = require("./mobile-devices");
+// Glue for the serverless WebRTC companion, kept dependency-injected so the
+// security-relevant bits (secret check, device creation, /v1 dispatch) are
+// unit-tested without a real WebRTC peer, the DB driver, or HTTP. The werift
+// runtime peer lives in ./mobile-webrtc-peer.ts and consumes these.
+function toPlatform(p) {
+    return p === 'android' ? 'android' : p === 'ios' ? 'ios' : 'web';
+}
+/** Persists a paired device + issues its token. The single-use pairing-secret
+ *  check is done per-connection by [MobileWebrtcGateway] (which holds each
+ *  offer's secret for the life of that connection — the secret must NOT live on
+ *  the global "pending offer", which is cleared the moment the answer is
+ *  accepted, well before the companion's `hello` arrives). Approval is implicit:
+ *  the desktop user actively scanned the phone's answer QR. */
+function buildRegisterDevice(deps) {
+    const genToken = deps.genToken ?? (() => (0, crypto_1.randomBytes)(32).toString('hex'));
+    return async (input) => {
+        // Reconnect: a known, non-revoked device token → reuse that device (no new
+        // row, no growing the paired-devices list on every reconnect).
+        if (input.token) {
+            const existing = (0, mobile_devices_1.getActiveDeviceByTokenHash)(deps.db, (0, mobile_devices_1.hashToken)(input.token));
+            if (existing) {
+                return {
+                    ok: true,
+                    deviceId: existing.id,
+                    token: input.token,
+                    hubName: deps.desktopName(),
+                    hubInstanceId: deps.desktopInstanceId(),
+                };
+            }
+        }
+        const token = genToken();
+        const row = (0, mobile_devices_1.createDevice)(deps.db, {
+            name: (input.deviceName || 'Web companion').slice(0, 80),
+            platform: toPlatform(input.platform),
+            tokenHash: (0, mobile_devices_1.hashToken)(token),
+            certFingerprint: deps.currentFingerprint(),
+        });
+        return {
+            ok: true,
+            deviceId: row.id,
+            token,
+            hubName: deps.desktopName(),
+            hubInstanceId: deps.desktopInstanceId(),
+        };
+    };
+}
+/** Builds the `rpcDispatch` used by [DataChannelPeer] on `rpc`. A thin proxy to
+ *  the EXISTING `/v1` allow-list (which already validates params, forwards to the
+ *  internal API, and redacts), authenticated with the device's bearer token. */
+function buildRpcDispatch(deps) {
+    return async (input) => {
+        // Only the /v1 surface is reachable; the gateway enforces the allow-list.
+        if (input.path !== '/v1' && !input.path.startsWith('/v1/')) {
+            return { status: 404, json: { error: 'not found' } };
+        }
+        const method = input.method.toUpperCase();
+        const headers = { Authorization: `Bearer ${input.token}` };
+        let body;
+        if (input.body !== undefined && method !== 'GET' && method !== 'DELETE') {
+            headers['Content-Type'] = 'application/json';
+            body = JSON.stringify(input.body);
+        }
+        try {
+            const res = await deps.doFetch(deps.gatewayBase + input.path, { method, headers, body });
+            const text = await res.text();
+            let json = {};
+            try {
+                json = text ? JSON.parse(text) : {};
+            }
+            catch {
+                json = {};
+            }
+            return { status: res.status, json };
+        }
+        catch {
+            return { status: 502, json: { error: 'gateway unreachable' } };
+        }
+    };
+}
+/** A loopback `fetch` for the local /v1 gateway. It deliberately ignores the
+ *  gateway's self-signed cert — the connection never leaves 127.0.0.1, and the
+ *  device bearer token (not the TLS cert) is the auth boundary. */
+function createLoopbackFetch() {
+    return (url, init) => new Promise((resolve, reject) => {
+        const u = new URL(url);
+        const req = https_1.default.request({
+            hostname: u.hostname,
+            port: u.port,
+            path: u.pathname + u.search,
+            method: init.method,
+            headers: init.headers,
+            rejectUnauthorized: false,
+        }, (res) => {
+            let data = '';
+            res.setEncoding('utf8');
+            res.on('data', (c) => {
+                data += c;
+            });
+            res.on('end', () => resolve({ status: res.statusCode ?? 0, text: async () => data }));
+        });
+        req.on('error', reject);
+        if (init.body)
+            req.write(init.body);
+        req.end();
+    });
+}