typescript-virtual-container 1.2.3 → 1.2.5

package/src/VirtualShell/index.ts

@@ -1,11 +1,10 @@
-import { randomBytes } from "node:crypto";
 import { EventEmitter } from "node:events";
 import { createCustomCommand, registerCommand, runCommand } from "../commands";
 import type { CommandContext, CommandResult } from "../types/commands";
 import type { ShellStream } from "../types/streams";
 import type { PerfLogger } from "../utils/perfLogger";
 import { createPerfLogger } from "../utils/perfLogger";
-import VirtualFileSystem from "../VirtualFileSystem";
+import VirtualFileSystem, { type VfsOptions } from "../VirtualFileSystem";
 import { VirtualUserManager } from "../VirtualUserManager";
 import { startShell } from "./shell";
 
@@ -23,27 +22,6 @@ const defaultShellProperties: ShellProperties = {
 
 const perf: PerfLogger = createPerfLogger("VirtualShell");
 
-let cachedRootPassword: string | null = null;
-
-function resolveRootPassword(): string {
-	if (cachedRootPassword) {
-		return cachedRootPassword;
-	}
-
-	const configured = process.env.SSH_MIMIC_ROOT_PASSWORD;
-	if (configured && configured.trim().length > 0) {
-		cachedRootPassword = configured.trim();
-		return cachedRootPassword;
-	}
-
-	const generated = randomBytes(18).toString("base64url");
-	cachedRootPassword = generated;
-	console.warn(
-		`[ssh-mimic] SSH_MIMIC_ROOT_PASSWORD missing; generated ephemeral root password: ${generated}`,
-	);
-	return generated;
-}
-
 function resolveAutoSudoForNewUsers(): boolean {
 	const configured = process.env.SSH_MIMIC_AUTO_SUDO_NEW_USERS;
 	if (!configured) {
@@ -60,7 +38,6 @@ function resolveAutoSudoForNewUsers(): boolean {
  * client API.
  */
 class VirtualShell extends EventEmitter {
-	basePath: string = ".";
 	vfs: VirtualFileSystem;
 	users: VirtualUserManager;
 	hostname: string;
@@ -72,24 +49,19 @@ class VirtualShell extends EventEmitter {
 	 *
 	 * @param hostname Virtual hostname used for prompts and idents.
 	 * @param properties Customizable properties shown in `uname -a` and similar commands.
-	 * @param basePath Optional base path for the virtual filesystem (defaults to process.cwd()).
+	 * @param vfsOptions Optional VFS persistence options (mode, snapshotPath).
 	 */
 	constructor(
 		hostname: string,
 		properties?: ShellProperties,
-		basePath?: string,
+		vfsOptions?: VfsOptions,
 	) {
 		super();
 		perf.mark("constructor");
 		this.hostname = hostname;
 		this.properties = properties || defaultShellProperties;
-		this.basePath = basePath || ".";
-		this.vfs = new VirtualFileSystem(this.basePath);
-		this.users = new VirtualUserManager(
-			this.vfs,
-			resolveRootPassword(),
-			resolveAutoSudoForNewUsers(),
-		);
+		this.vfs = new VirtualFileSystem(vfsOptions ?? {});
+		this.users = new VirtualUserManager(this.vfs, resolveAutoSudoForNewUsers());
 
 		// Store references to avoid TypeScript "used before assigned" errors
 		const vfs = this.vfs;

package/src/VirtualUserManager/index.ts

@@ -66,7 +66,8 @@ export class VirtualUserManager extends EventEmitter {
 	 */
 	constructor(
 		private readonly vfs: VirtualFileSystem,
-		private readonly defaultRootPassword: string = "root",
+		// private readonly defaultRootPassword: string = process.env
+		// .SSH_MIMIC_ROOT_PASSWORD || "root",
 		private readonly autoSudoForNewUsers: boolean = true,
 	) {
 		super();
@@ -85,32 +86,29 @@ export class VirtualUserManager extends EventEmitter {
 
 		let changed = false;
 		if (!this.users.has("root")) {
-			this.users.set(
-				"root",
-				this.createRecord("root", this.defaultRootPassword),
-			);
+			this.users.set("root", this.createRecord("root", ""));
 			changed = true;
 		}
 
 		this.sudoers.add("root");
 
 		// Auto-create current system user for easier authentication
-		const currentUser = process.env.USER || process.env.USERNAME;
-		if (currentUser && currentUser !== "root" && !this.users.has(currentUser)) {
-			const userPassword = this.defaultRootPassword;
-			this.users.set(currentUser, this.createRecord(currentUser, userPassword));
-			this.sudoers.add(currentUser);
-			changed = true;
-
-			const homePath = `/home/${currentUser}`;
-			if (!this.vfs.exists(homePath)) {
-				this.vfs.mkdir(homePath, 0o755);
-				this.vfs.writeFile(
-					`${homePath}/README.txt`,
-					`Welcome to the virtual environment, ${currentUser}`,
-				);
-			}
-		}
+		// const currentUser = process.env.USER || process.env.USERNAME;
+		// if (currentUser && currentUser !== "root" && !this.users.has(currentUser)) {
+		// 	const userPassword = this.defaultRootPassword;
+		// 	this.users.set(currentUser, this.createRecord(currentUser, userPassword));
+		// 	this.sudoers.add(currentUser);
+		// 	changed = true;
+
+		// 	const homePath = `/home/${currentUser}`;
+		// 	if (!this.vfs.exists(homePath)) {
+		// 		this.vfs.mkdir(homePath, 0o755);
+		// 		this.vfs.writeFile(
+		// 			`${homePath}/README.txt`,
+		// 			`Welcome to the virtual environment, ${currentUser}`,
+		// 		);
+		// 	}
+		// }
 
 		if (changed) {
 			await this.persist();
@@ -244,7 +242,7 @@ export class VirtualUserManager extends EventEmitter {
 			return false;
 		}
 
-		return this.hashPassword(password, record.salt) === record.passwordHash;
+		return this.hashPassword(password) === record.passwordHash;
 	}
 
 	/**
@@ -279,6 +277,18 @@ export class VirtualUserManager extends EventEmitter {
 		this.emit("user:add", { username });
 	}
 
+	/**
+	 * Retrieves stored password hash for a user, or null if user does not exist.
+	 *
+	 * @param username Target username.
+	 * @returns Password hash in hex encoding, or null when user is not found.
+	 */
+	public getPasswordHash(username: string): string | null {
+		perf.mark("getPasswordHash");
+		const record = this.users.get(username);
+		return record ? record.passwordHash : null;
+	}
+
 	/**
 	 * Updates password for an existing user account.
 	 *
@@ -593,19 +603,34 @@ export class VirtualUserManager extends EventEmitter {
 		const record = {
 			username,
 			salt,
-			passwordHash: this.hashPassword(password, salt),
+			passwordHash: this.hashPassword(password),
 		};
 
 		VirtualUserManager.recordCache.set(cacheKey, record);
 		return record;
 	}
 
-	private hashPassword(password: string, salt: string): string {
+	public hasPassword(username: string): boolean {
+		perf.mark("hasPassword");
+		if (this.getPasswordHash(username) === this.hashPassword("")) {
+			return false;
+		}
+		const record = this.users.get(username);
+		return !!record && !!record.passwordHash;
+	}
+
+	/**
+	 * Hashes plaintext password with per-user salt using scrypt.
+	 *
+	 * @param password Plaintext password.
+	 * @returns Hex-encoded password hash.
+	 */
+	public hashPassword(password: string): string {
 		if (VirtualUserManager.fastPasswordHash) {
-			return createHash("sha256").update(`${salt}:${password}`).digest("hex");
+			return createHash("sha256").update(`${password}`).digest("hex");
 		}
 
-		return scryptSync(password, salt, 32).toString("hex");
+		return scryptSync(password, "", 32).toString("hex");
 	}
 
 	private validateUsername(username: string): void {
@@ -623,6 +648,47 @@ export class VirtualUserManager extends EventEmitter {
 			throw new Error("invalid password");
 		}
 	}
+	private readonly authorizedKeys = new Map<
+		string,
+		Array<{ algo: string; data: Buffer }>
+	>();
+
+	/**
+	 * Adds an SSH public key for a user, enabling public-key authentication.
+	 *
+	 * @param username Target user.
+	 * @param algo Key algorithm (e.g. "ssh-rsa", "ssh-ed25519").
+	 * @param data Raw key data as a Buffer (the base64-decoded key bytes).
+	 */
+	public addAuthorizedKey(username: string, algo: string, data: Buffer): void {
+		perf.mark("addAuthorizedKey");
+		const keys = this.authorizedKeys.get(username) ?? [];
+		keys.push({ algo, data });
+		this.authorizedKeys.set(username, keys);
+		this.emit("key:add", { username, algo });
+	}
+
+	/**
+	 * Removes all authorized keys for a user.
+	 *
+	 * @param username Target user.
+	 */
+	public removeAuthorizedKeys(username: string): void {
+		this.authorizedKeys.delete(username);
+		this.emit("key:remove", { username });
+	}
+
+	/**
+	 * Returns the list of authorized keys for a user.
+	 * Returns an empty array when no keys are registered.
+	 *
+	 * @param username Target user.
+	 */
+	public getAuthorizedKeys(
+		username: string,
+	): Array<{ algo: string; data: Buffer }> {
+		return this.authorizedKeys.get(username) ?? [];
+	}
 }
 
 function normalizeVfsPath(targetPath: string): string {

package/src/commands/chmod.ts

@@ -0,0 +1,33 @@
+import type { ShellModule } from "../types/commands";
+import { assertPathAccess, resolvePath } from "./helpers";
+
+export const chmodCommand: ShellModule = {
+	name: "chmod",
+	params: ["<mode> <file>"],
+	run: ({ authUser, shell, cwd, args }) => {
+		const [modeArg, fileArg] = args;
+		if (!modeArg || !fileArg) {
+			return { stderr: "chmod: missing operand", exitCode: 1 };
+		}
+
+		const filePath = resolvePath(cwd, fileArg);
+		try {
+			assertPathAccess(authUser, filePath, "chmod");
+			if (!shell.vfs.exists(filePath)) {
+				return {
+					stderr: `chmod: ${fileArg}: No such file or directory`,
+					exitCode: 1,
+				};
+			}
+			const mode = parseInt(modeArg, 8);
+			if (Number.isNaN(mode)) {
+				return { stderr: `chmod: invalid mode: ${modeArg}`, exitCode: 1 };
+			}
+			shell.vfs.chmod(filePath, mode);
+			return { exitCode: 0 };
+		} catch (err) {
+			const msg = err instanceof Error ? err.message : String(err);
+			return { stderr: `chmod: ${msg}`, exitCode: 1 };
+		}
+	},
+};

package/src/commands/cp.ts

@@ -0,0 +1,76 @@
+import type { ShellModule } from "../types/commands";
+import { ifFlag } from "./command-helpers";
+import { assertPathAccess, resolvePath } from "./helpers";
+
+export const cpCommand: ShellModule = {
+	name: "cp",
+	params: ["[-r] <source> <dest>"],
+	run: ({ authUser, shell, cwd, args }) => {
+		const recursive = ifFlag(args, ["-r", "-R", "--recursive"]);
+		const positionals = args.filter((a) => !a.startsWith("-"));
+		const [srcArg, destArg] = positionals;
+
+		if (!srcArg || !destArg) {
+			return { stderr: "cp: missing operand", exitCode: 1 };
+		}
+
+		const srcPath = resolvePath(cwd, srcArg);
+		const destPath = resolvePath(cwd, destArg);
+
+		try {
+			assertPathAccess(authUser, srcPath, "cp");
+			assertPathAccess(authUser, destPath, "cp");
+
+			if (!shell.vfs.exists(srcPath)) {
+				return {
+					stderr: `cp: ${srcArg}: No such file or directory`,
+					exitCode: 1,
+				};
+			}
+
+			const srcStat = shell.vfs.stat(srcPath);
+
+			if (srcStat.type === "directory") {
+				if (!recursive) {
+					return {
+						stderr: `cp: ${srcArg}: is a directory (use -r)`,
+						exitCode: 1,
+					};
+				}
+				const copyDir = (from: string, to: string) => {
+					shell.vfs.mkdir(to, 0o755);
+					for (const entry of shell.vfs.list(from)) {
+						const fromEntry = `${from}/${entry}`;
+						const toEntry = `${to}/${entry}`;
+						const stat = shell.vfs.stat(fromEntry);
+						if (stat.type === "directory") {
+							copyDir(fromEntry, toEntry);
+						} else {
+							const content = shell.vfs.readFileRaw(fromEntry);
+							shell.writeFileAsUser(authUser, toEntry, content);
+						}
+					}
+				};
+				const finalDest =
+					shell.vfs.exists(destPath) &&
+					shell.vfs.stat(destPath).type === "directory"
+						? `${destPath}/${srcArg.split("/").pop()}`
+						: destPath;
+				copyDir(srcPath, finalDest);
+			} else {
+				const finalDest =
+					shell.vfs.exists(destPath) &&
+					shell.vfs.stat(destPath).type === "directory"
+						? `${destPath}/${srcArg.split("/").pop()}`
+						: destPath;
+				const content = shell.vfs.readFileRaw(srcPath);
+				shell.writeFileAsUser(authUser, finalDest, content);
+			}
+
+			return { exitCode: 0 };
+		} catch (err) {
+			const msg = err instanceof Error ? err.message : String(err);
+			return { stderr: `cp: ${msg}`, exitCode: 1 };
+		}
+	},
+};

package/src/commands/find.ts

@@ -0,0 +1,61 @@
+import type { ShellModule } from "../types/commands";
+import { getFlag } from "./command-helpers";
+import { assertPathAccess, resolvePath } from "./helpers";
+
+export const findCommand: ShellModule = {
+	name: "find",
+	params: ["[path] [-name <pattern>] [-type f|d]"],
+	run: ({ authUser, shell, cwd, args }) => {
+		const namePattern = getFlag(args, ["-name"]);
+		const typeFilter = getFlag(args, ["-type"]);
+		const positionals = args.filter(
+			(a) => !a.startsWith("-") && a !== namePattern && a !== typeFilter,
+		);
+		const rootArg = positionals[0] ?? ".";
+		const rootPath = resolvePath(cwd, rootArg);
+
+		try {
+			assertPathAccess(authUser, rootPath, "find");
+			if (!shell.vfs.exists(rootPath)) {
+				return {
+					stderr: `find: ${rootArg}: No such file or directory`,
+					exitCode: 1,
+				};
+			}
+		} catch (err) {
+			const msg = err instanceof Error ? err.message : String(err);
+			return { stderr: `find: ${msg}`, exitCode: 1 };
+		}
+
+		const nameRegex = namePattern
+			? new RegExp(
+					`^${(namePattern as string).replace(/\./g, "\\.").replace(/\*/g, ".*").replace(/\?/g, ".")}$`,
+				)
+			: null;
+
+		const results: string[] = [];
+		const walk = (currentPath: string, display: string) => {
+			const stat = shell.vfs.stat(currentPath);
+
+			const matchesType =
+				!typeFilter ||
+				(typeFilter === "f" && stat.type === "file") ||
+				(typeFilter === "d" && stat.type === "directory");
+			const matchesName =
+				!nameRegex || nameRegex.test(currentPath.split("/").pop() ?? "");
+
+			if (matchesType && matchesName) results.push(display);
+
+			if (stat.type === "directory") {
+				for (const entry of shell.vfs.list(currentPath)) {
+					const full = `${currentPath}/${entry}`;
+					const disp = `${display}/${entry}`;
+					walk(full, disp);
+				}
+			}
+		};
+
+		walk(rootPath, rootArg);
+		return { stdout: results.join("\n"), exitCode: 0 };
+	},
+};

package/src/commands/grep.ts

@@ -4,11 +4,15 @@ import { assertPathAccess, resolvePath } from "./helpers";
 
 export const grepCommand: ShellModule = {
 	name: "grep",
-	params: ["[-i] [-v] <pattern> [file...]"],
+	params: ["[-i] [-v] [-n] [-r] <pattern> [file...]"],
 	run: ({ authUser, shell, cwd, args, stdin }) => {
-		const { flags, positionals } = parseArgs(args, { flags: ["-i", "-v"] });
+		const { flags, positionals } = parseArgs(args, {
+			flags: ["-i", "-v", "-n", "-r"],
+		});
 		const caseInsensitive = flags.has("-i");
 		const invertMatch = flags.has("-v");
+		const showLineNumbers = flags.has("-n");
+		const recursive = flags.has("-r");
 		const pattern = positionals[0];
 		const files = positionals.slice(1);
 
@@ -18,57 +22,69 @@ export const grepCommand: ShellModule = {
 
 		let regex: RegExp;
 		try {
-			const flags = caseInsensitive ? "gmi" : "gm";
-			regex = new RegExp(pattern, flags);
+			// No "g" flag — avoids the stateful lastIndex problem with regex.test()
+			const regexFlags = caseInsensitive ? "mi" : "m";
+			regex = new RegExp(pattern, regexFlags);
 		} catch {
 			return { stderr: `grep: invalid regex: ${pattern}`, exitCode: 1 };
 		}
 
-		const results: string[] = [];
-
-		if (files.length === 0) {
-			if (!stdin) {
-				return { stdout: "", exitCode: 1 };
-			}
-
-			const lines = stdin.split("\n");
-			for (const line of lines) {
-				regex.lastIndex = 0;
+		const matchLines = (content: string, prefix = ""): string[] => {
+			const lines = content.split("\n");
+			const out: string[] = [];
+			for (let i = 0; i < lines.length; i++) {
+				const line = lines[i] ?? "";
 				const matches = regex.test(line);
 				const shouldInclude = invertMatch ? !matches : matches;
-
 				if (shouldInclude) {
-					results.push(line);
+					const lineLabel = showLineNumbers ? `${i + 1}:` : "";
+					out.push(`${prefix}${lineLabel}${line}`);
 				}
 			}
+			return out;
+		};
 
-			return {
-				stdout: results.length > 0 ? results.join("\n") : "",
-				exitCode: results.length > 0 ? 0 : 1,
+		const readPaths = (base: string): string[] => {
+			if (!shell.vfs.exists(base)) return [];
+			const stat = shell.vfs.stat(base);
+			if (stat.type === "file") return [base];
+			if (!recursive) return [];
+			const paths: string[] = [];
+			const walk = (dir: string) => {
+				for (const entry of shell.vfs.list(dir)) {
+					const full = `${dir}/${entry}`;
+					const s = shell.vfs.stat(full);
+					if (s.type === "file") paths.push(full);
+					else walk(full);
+				}
 			};
-		}
+			walk(base);
+			return paths;
+		};
 
-		for (const file of files) {
-			const target = resolvePath(cwd, file);
-			try {
-				assertPathAccess(authUser, target, "grep");
-				const content = shell.vfs.readFile(target);
-				const lines = content.split("\n");
+		const results: string[] = [];
 
-				for (const line of lines) {
-					regex.lastIndex = 0;
-					const matches = regex.test(line);
-					const shouldInclude = invertMatch ? !matches : matches;
+		if (files.length === 0) {
+			if (!stdin) return { stdout: "", exitCode: 1 };
+			results.push(...matchLines(stdin));
+		} else {
+			const resolvedPaths = files.flatMap((f) => {
+				const target = resolvePath(cwd, f);
+				return readPaths(target).map((p) => ({ file: f, path: p }));
+			});
 
-					if (shouldInclude) {
-						results.push(line);
-					}
+			for (const { file, path: filePath } of resolvedPaths) {
+				try {
+					assertPathAccess(authUser, filePath, "grep");
+					const content = shell.vfs.readFile(filePath);
+					const prefix = resolvedPaths.length > 1 ? `${file}:` : "";
+					results.push(...matchLines(content, prefix));
+				} catch {
+					return {
+						stderr: `grep: ${file}: No such file or directory`,
+						exitCode: 1,
+					};
 				}
-			} catch {
-				return {
-					stderr: `grep: ${file}: No such file or directory`,
-					exitCode: 1,
-				};
 			}
 		}
 

package/src/commands/head.ts

@@ -0,0 +1,35 @@
+import type { ShellModule } from "../types/commands";
+import { getFlag } from "./command-helpers";
+import { assertPathAccess, resolvePath } from "./helpers";
+
+export const headCommand: ShellModule = {
+	name: "head",
+	params: ["[-n <lines>] [file...]"],
+	run: ({ authUser, shell, cwd, args, stdin }) => {
+		const nArg = getFlag(args, ["-n"]);
+		const n = typeof nArg === "string" ? parseInt(nArg, 10) : 10;
+		const positionals = args.filter((a) => !a.startsWith("-") && a !== nArg);
+
+		const take = (content: string) =>
+			content.split("\n").slice(0, n).join("\n");
+
+		if (positionals.length === 0) {
+			return { stdout: take(stdin ?? ""), exitCode: 0 };
+		}
+
+		const results: string[] = [];
+		for (const file of positionals) {
+			const filePath = resolvePath(cwd, file);
+			try {
+				assertPathAccess(authUser, filePath, "head");
+				results.push(take(shell.vfs.readFile(filePath)));
+			} catch {
+				return {
+					stderr: `head: ${file}: No such file or directory`,
+					exitCode: 1,
+				};
+			}
+		}
+		return { stdout: results.join("\n"), exitCode: 0 };
+	},
+};