vibex-sh 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +61 -14
- package/package.json +1 -1
package/index.js
CHANGED
|
@@ -10,11 +10,19 @@ import http from 'http';
|
|
|
10
10
|
import https from 'https';
|
|
11
11
|
|
|
12
12
|
function generateSessionId() {
|
|
13
|
+
// Generate secure random session ID with 12 characters (as per security plan)
|
|
14
|
+
// Format: vibex-{12 random alphanumeric chars}
|
|
15
|
+
// Using crypto for better randomness
|
|
16
|
+
const crypto = require('crypto');
|
|
13
17
|
const chars = 'abcdefghijklmnopqrstuvwxyz0123456789';
|
|
14
18
|
let result = 'vibex-';
|
|
15
|
-
|
|
16
|
-
|
|
19
|
+
|
|
20
|
+
// Use crypto.randomBytes for cryptographically secure random generation
|
|
21
|
+
const randomBytes = crypto.randomBytes(12);
|
|
22
|
+
for (let i = 0; i < 12; i++) {
|
|
23
|
+
result += chars[randomBytes[i] % chars.length];
|
|
17
24
|
}
|
|
25
|
+
|
|
18
26
|
return result;
|
|
19
27
|
}
|
|
20
28
|
|
|
@@ -148,7 +156,7 @@ async function handleLogin(webUrl) {
|
|
|
148
156
|
const configPath = getConfigPath();
|
|
149
157
|
const existingConfig = getStoredConfig();
|
|
150
158
|
|
|
151
|
-
console.log('\n 🔐
|
|
159
|
+
console.log('\n 🔐 vibex.sh CLI Authentication\n');
|
|
152
160
|
console.log(` 📁 Config location: ${configPath}`);
|
|
153
161
|
|
|
154
162
|
if (existingConfig?.token) {
|
|
@@ -235,7 +243,7 @@ function httpRequest(url, options) {
|
|
|
235
243
|
}
|
|
236
244
|
|
|
237
245
|
async function claimSession(sessionId, token, webUrl) {
|
|
238
|
-
if (!token) return false
|
|
246
|
+
if (!token) return null; // Return null instead of false to indicate no claim attempted
|
|
239
247
|
|
|
240
248
|
try {
|
|
241
249
|
// Normalize session ID before claiming
|
|
@@ -249,21 +257,37 @@ async function claimSession(sessionId, token, webUrl) {
|
|
|
249
257
|
}),
|
|
250
258
|
});
|
|
251
259
|
|
|
252
|
-
|
|
260
|
+
if (response.ok) {
|
|
261
|
+
// Parse response to get auth code
|
|
262
|
+
const responseData = await response.json();
|
|
263
|
+
return responseData.authCode || null;
|
|
264
|
+
}
|
|
265
|
+
|
|
266
|
+
return null;
|
|
253
267
|
} catch (error) {
|
|
254
|
-
return
|
|
268
|
+
return null;
|
|
255
269
|
}
|
|
256
270
|
}
|
|
257
271
|
|
|
258
|
-
|
|
259
|
-
|
|
272
|
+
// Removed getSessionAuthCode - auth codes should only come from:
|
|
273
|
+
// 1. claim-session-with-token response (for claimed sessions)
|
|
274
|
+
// 2. socket.io session-auth-code event (for unclaimed sessions)
|
|
275
|
+
// Never fetch auth codes via public API endpoint - security vulnerability
|
|
276
|
+
|
|
277
|
+
function printBanner(sessionId, webUrl, authCode = null) {
|
|
278
|
+
const dashboardUrl = authCode
|
|
279
|
+
? `${webUrl}/${sessionId}?auth=${authCode}`
|
|
280
|
+
: `${webUrl}/${sessionId}`;
|
|
260
281
|
|
|
261
282
|
console.log('\n');
|
|
262
283
|
console.log(' ╔═══════════════════════════════════════╗');
|
|
263
|
-
console.log(' ║ 🔍
|
|
284
|
+
console.log(' ║ 🔍 vibex.sh is watching... ║');
|
|
264
285
|
console.log(' ╚═══════════════════════════════════════╝');
|
|
265
286
|
console.log('\n');
|
|
266
287
|
console.log(` Session ID: ${sessionId}`);
|
|
288
|
+
if (authCode) {
|
|
289
|
+
console.log(` Auth Code: ${authCode}`);
|
|
290
|
+
}
|
|
267
291
|
console.log(` Dashboard: ${dashboardUrl}`);
|
|
268
292
|
console.log('\n');
|
|
269
293
|
}
|
|
@@ -322,26 +346,36 @@ async function main() {
|
|
|
322
346
|
// Get token from flag, env var, or stored config
|
|
323
347
|
let token = options.token || process.env.VIBEX_TOKEN || await getStoredToken();
|
|
324
348
|
|
|
325
|
-
// Auto-claim session if token is available
|
|
349
|
+
// Auto-claim session if token is available and fetch auth code
|
|
350
|
+
let authCode = null;
|
|
326
351
|
if (token && !options.sessionId) {
|
|
327
352
|
// Only auto-claim new sessions (not when reusing existing session)
|
|
328
|
-
|
|
329
|
-
if (
|
|
353
|
+
authCode = await claimSession(sessionId, token, webUrl);
|
|
354
|
+
if (authCode) {
|
|
330
355
|
console.log(' ✓ Session automatically claimed to your account\n');
|
|
331
356
|
}
|
|
332
357
|
}
|
|
358
|
+
|
|
359
|
+
// For unclaimed sessions, auth code will come from socket.io 'session-auth-code' event
|
|
360
|
+
// We'll set it when we receive it from the socket
|
|
333
361
|
|
|
334
362
|
// Print banner only once, and show how to reuse session
|
|
335
363
|
if (!options.sessionId) {
|
|
336
|
-
printBanner(sessionId, webUrl);
|
|
364
|
+
printBanner(sessionId, webUrl, authCode);
|
|
337
365
|
const localFlag = webUrl.includes('localhost') ? ' --local' : '';
|
|
338
366
|
const sessionSlug = sessionId.replace(/^vibex-/, ''); // Remove prefix for example
|
|
339
367
|
console.log(' 💡 Tip: Use -s to send more logs to this session');
|
|
340
368
|
console.log(` Example: echo '{"cpu": 45, "memory": 78, "timestamp": "${new Date().toISOString()}"}' | npx vibex-sh -s ${sessionSlug}${localFlag}\n`);
|
|
341
369
|
} else {
|
|
342
370
|
// When reusing a session, show minimal info
|
|
371
|
+
const dashboardUrl = authCode
|
|
372
|
+
? `${webUrl}/${sessionId}?auth=${authCode}`
|
|
373
|
+
: `${webUrl}/${sessionId}`;
|
|
343
374
|
console.log(` 🔍 Sending logs to session: ${sessionId}`);
|
|
344
|
-
|
|
375
|
+
if (authCode) {
|
|
376
|
+
console.log(` Auth Code: ${authCode}`);
|
|
377
|
+
}
|
|
378
|
+
console.log(` Dashboard: ${dashboardUrl}\n`);
|
|
345
379
|
}
|
|
346
380
|
|
|
347
381
|
const socket = io(socketUrl, {
|
|
@@ -359,6 +393,9 @@ async function main() {
|
|
|
359
393
|
let hasJoinedSession = false;
|
|
360
394
|
const logQueue = [];
|
|
361
395
|
|
|
396
|
+
// Store auth code received from socket
|
|
397
|
+
let receivedAuthCode = authCode;
|
|
398
|
+
|
|
362
399
|
socket.on('connect', () => {
|
|
363
400
|
isConnected = true;
|
|
364
401
|
console.log(' ✓ Connected to server\n');
|
|
@@ -378,6 +415,16 @@ async function main() {
|
|
|
378
415
|
}, 100);
|
|
379
416
|
});
|
|
380
417
|
|
|
418
|
+
// Listen for auth code from socket.io (for unclaimed sessions)
|
|
419
|
+
socket.on('session-auth-code', (data) => {
|
|
420
|
+
if (data.sessionId === sessionId && data.authCode && !receivedAuthCode) {
|
|
421
|
+
receivedAuthCode = data.authCode;
|
|
422
|
+
// Display auth code when received (for both new and existing sessions)
|
|
423
|
+
console.log(` 🔑 Auth Code: ${receivedAuthCode}`);
|
|
424
|
+
console.log(` 📋 Dashboard: ${webUrl}/${sessionId}?auth=${receivedAuthCode}\n`);
|
|
425
|
+
}
|
|
426
|
+
});
|
|
427
|
+
|
|
381
428
|
socket.on('reconnect', (attemptNumber) => {
|
|
382
429
|
console.log(` ↻ Reconnected (attempt ${attemptNumber})\n`);
|
|
383
430
|
isConnected = true;
|