coolaj86
/
telebit.js
1
2
Fork 1
Code Issues 46 Pull Requests 2 Releases Activity

Compare commits

base: coolaj86:stable
Branches Tags
coolaj86:stable
coolaj86:serviceman
coolaj86:master
coolaj86:params-parsing
coolaj86:next
coolaj86:wip
coolaj86:v0.19
coolaj86:readable
coolaj86:v0.10
coolaj86:v0.20.7
coolaj86:v0.20.6
coolaj86:v0.20.5
coolaj86:v0.19.28
coolaj86:v0.19.26
coolaj86:v0.19.25
coolaj86:v0.19.24
coolaj86:v0.19.23
coolaj86:v0.19.22
coolaj86:v0.19.21
coolaj86:v0.19.20
coolaj86:v0.19.18
coolaj86:v0.19.17
coolaj86:v0.19.16
coolaj86:v0.19.15
coolaj86:v0.19.14
coolaj86:v0.19.13
coolaj86:v0.19.12
coolaj86:v0.19.11
coolaj86:v0.19.10
coolaj86:v0.19.9
coolaj86:v0.19.8
coolaj86:v0.19.7
coolaj86:v0.19.6
coolaj86:v0.19.5
coolaj86:v0.19.4
coolaj86:v0.19.3
coolaj86:v0.19.2
coolaj86:v0.19.1
coolaj86:v0.19.0
coolaj86:v0.18.9
coolaj86:v0.18.8
coolaj86:v0.18.7
coolaj86:v0.18.6
coolaj86:v0.18.5
coolaj86:v0.18.4
coolaj86:v0.18.3
coolaj86:v0.18.2
coolaj86:v0.18.1
coolaj86:v0.17.0
coolaj86:v0.16.1
coolaj86:v0.16.0
coolaj86:v0.15.4
coolaj86:v0.15.3
coolaj86:v0.15.2
coolaj86:v0.15.1
coolaj86:v0.15.0
coolaj86:v0.13.3
coolaj86:v0.13.2
coolaj86:v0.13.1
coolaj86:v0.13.0
coolaj86:v0.12.0
coolaj86:v0.11.1
coolaj86:v0.11.0
coolaj86:v0.10.4
coolaj86:v0.10.3
coolaj86:v0.10.2
coolaj86:v0.10.1
coolaj86:v0.10.0
coolaj86:v0.9.9
coolaj86:v0.9.8
coolaj86:v0.9.7
coolaj86:v0.9.6
coolaj86:v0.9.5
coolaj86:v0.9.4
coolaj86:v0.9.3
coolaj86:v0.9.2
coolaj86:v0.9.1
coolaj86:v0.9.0
coolaj86:v0.8.1
coolaj86:v0.8.2
..
compare: coolaj86:readable
Branches Tags
coolaj86:serviceman
coolaj86:master
coolaj86:params-parsing
coolaj86:stable
coolaj86:next
coolaj86:wip
coolaj86:v0.19
coolaj86:readable
coolaj86:v0.10
coolaj86:v0.20.7
coolaj86:v0.20.6
coolaj86:v0.20.5
coolaj86:v0.19.28
coolaj86:v0.19.26
coolaj86:v0.19.25
coolaj86:v0.19.24
coolaj86:v0.19.23
coolaj86:v0.19.22
coolaj86:v0.19.21
coolaj86:v0.19.20
coolaj86:v0.19.18
coolaj86:v0.19.17
coolaj86:v0.19.16
coolaj86:v0.19.15
coolaj86:v0.19.14
coolaj86:v0.19.13
coolaj86:v0.19.12
coolaj86:v0.19.11
coolaj86:v0.19.10
coolaj86:v0.19.9
coolaj86:v0.19.8
coolaj86:v0.19.7
coolaj86:v0.19.6
coolaj86:v0.19.5
coolaj86:v0.19.4
coolaj86:v0.19.3
coolaj86:v0.19.2
coolaj86:v0.19.1
coolaj86:v0.19.0
coolaj86:v0.18.9
coolaj86:v0.18.8
coolaj86:v0.18.7
coolaj86:v0.18.6
coolaj86:v0.18.5
coolaj86:v0.18.4
coolaj86:v0.18.3
coolaj86:v0.18.2
coolaj86:v0.18.1
coolaj86:v0.17.0
coolaj86:v0.16.1
coolaj86:v0.16.0
coolaj86:v0.15.4
coolaj86:v0.15.3
coolaj86:v0.15.2
coolaj86:v0.15.1
coolaj86:v0.15.0
coolaj86:v0.13.3
coolaj86:v0.13.2
coolaj86:v0.13.1
coolaj86:v0.13.0
coolaj86:v0.12.0
coolaj86:v0.11.1
coolaj86:v0.11.0
coolaj86:v0.10.4
coolaj86:v0.10.3
coolaj86:v0.10.2
coolaj86:v0.10.1
coolaj86:v0.10.0
coolaj86:v0.9.9
coolaj86:v0.9.8
coolaj86:v0.9.7
coolaj86:v0.9.6
coolaj86:v0.9.5
coolaj86:v0.9.4
coolaj86:v0.9.3
coolaj86:v0.9.2
coolaj86:v0.9.1
coolaj86:v0.9.0
coolaj86:v0.8.1
coolaj86:v0.8.2

1 Commits
stable ... readable

Author SHA1 Message Date
AJ ONeal 49835c1a6a WIP refactor 2018-09-03 18:57:38 -06:00
22 changed files with 1744 additions and 2318 deletions
Show Stats Expand all files Collapse all files

19
README.md
View File

@ -1,7 +1,8 @@
# Telebit™ Remote | a [Root](https://rootprojects.org) project
# Telebit™ Remote
Because friends don't let friends localhost™
| Sponsored by [ppl](https://ppl.family)
| **Telebit Remote**
| [Telebit Relay](https://git.coolaj86.com/coolaj86/telebit-relay.js)
| [sclient](https://telebit.cloud/sclient)
@ -35,7 +36,7 @@ Examples
You do this:
curl -fsSL https://get.telebit.io | bash
curl -fsSL https://get.telebit.cloud | bash
You get this:
@ -69,19 +70,19 @@ Mac & Linux
Open Terminal and run this install script:
```
curl -fsSL https://get.telebit.io | bash
curl -fsSL https://get.telebit.cloud | bash
```
<!--
```
bash <( curl -fsSL https://get.telebit.io )
bash <( curl -fsSL https://get.telebit.cloud )
```
<small>
Note: **fish**, **zsh**, and other **non-bash** users should do this
```
curl -fsSL https://get.telebit.io/ > get.sh; bash get.sh
curl -fsSL https://get.telebit.cloud/ > get.sh; bash get.sh
```
</small>
-->
@ -97,7 +98,7 @@ What does the installer do?
* `~/.config/telebit/telebit.yml`
* `~/.local/share/telebit`
Of course, feel free to inspect it before you run it: `curl -fsSL https://get.telebit.io`
Of course, feel free to inspect it before you run it: `curl -fsSL https://get.telebit.cloud`
**You can customize the installation**:
@ -108,7 +109,7 @@ export TELEBIT_USERSPACE=no # install as a system service (launchd
export TELEBIT_PATH=/opt/telebit
export TELEBIT_USER=telebit
export TELEBIT_GROUP=telebit
curl -fsSL https://get.telebit.io/ | bash
curl -fsSL https://get.telebit.cloud/ | bash
```
That will change the bundled version of node.js is bundled with Telebit Relay
@ -120,8 +121,8 @@ Windows & Node.js
1. Install [node.js](https://nodejs.org)
2. Open _Node.js_
2. Run the command `npm install -g telebit`
2. Copy the example daemon config to your user folder `.config/telebit/telebitd.yml` (such as `/Users/John/.config/telebit/telebitd.yml`)
2. Copy the example remote config to your user folder `.config/telebit/telebit.yml` (such as `/Users/John/.config/telebit/telebit.yml`)
2. Copy the example daemon conifg to your user folder `.config/telebit/telebitd.yml` (such as `/Users/John/.config/telebit/telebitd.yml`)
2. Copy the example remote conifg to your user folder `.config/telebit/telebit.yml` (such as `/Users/John/.config/telebit/telebit.yml`)
2. Change the email address
2. Run `npx telebit init` and follow the instructions
2. Run `npx telebit list`

812
bin/telebit-remote.js
View File

@ -1,812 +0,0 @@
#!/usr/bin/env node
(function () {
'use strict';
var pkg = require('../package.json');
var os = require('os');
//var url = require('url');
var fs = require('fs');
var path = require('path');
var http = require('http');
//var https = require('https');
var YAML = require('js-yaml');
var TOML = require('toml');
var TPLS = TOML.parse(fs.readFileSync(path.join(__dirname, "../lib/en-us.toml"), 'utf8'));
/*
if ('function' !== typeof TOML.stringify) {
TOML.stringify = require('json2toml');
}
*/
var recase = require('recase').create({});
var camelCopy = recase.camelCopy.bind(recase);
//var snakeCopy = recase.snakeCopy.bind(recase);
var urequest = require('@coolaj86/urequest');
var common = require('../lib/cli-common.js');
var argv = process.argv.slice(2);
var argIndex = argv.indexOf('--config');
if (-1 === argIndex) {
argIndex = argv.indexOf('-c');
}
var confpath;
var useTty;
var state = {};
if (-1 === argIndex) {
argIndex = argv.indexOf('-c');
}
if (-1 !== argIndex) {
confpath = argv.splice(argIndex, 2)[1];
}
argIndex = argv.indexOf('--tty');
if (-1 !== argIndex) {
useTty = argv.splice(argIndex, 1);
}
function help() {
var keys = Object.keys(TPLS.help).filter(function (key) {
return 'remote' !== key;
});
var key = keys.filter(function (key) {
return -1 !== process.argv.indexOf(key);
})[0] || 'remote';
console.info(TPLS.help[key].replace(/{version}/g, pkg.version));
}
var verstr = [ pkg.name + ' remote v' + pkg.version ];
if (!confpath) {
confpath = path.join(os.homedir(), '.config/telebit/telebit.yml');
verstr.push('(--config \'' + confpath.replace(new RegExp('^' + os.homedir()), '~') + '\')');
}
if ([ '-h', '--help', 'help' ].some(function (arg) {
return -1 !== argv.indexOf(arg);
})) {
help();
process.exit(0);
}
if (!confpath || /^--/.test(confpath)) {
help();
process.exit(1);
}
function askForConfig(state, mainCb) {
var fs = require('fs');
var ttyname = '/dev/tty';
var stdin = useTty ? fs.createReadStream(ttyname, {
fd: fs.openSync(ttyname, fs.constants.O_RDONLY | fs.constants.O_NOCTTY)
}) : process.stdin;
var readline = require('readline');
var rl = readline.createInterface({
input: stdin
, output: process.stdout
// https://github.com/nodejs/node/issues/21771
// https://github.com/nodejs/node/issues/21319
, terminal: !/^win/i.test(os.platform()) && !useTty
});
state._useTty = useTty;
// NOTE: Use of setTimeout
// We're using setTimeout just to make the user experience a little
// nicer, as if we're doing something inbetween steps, so that it
// is a smooth rather than jerky experience.
// >= 300ms is long enough to become distracted and change focus (a full blink, time for an idea to form as a thought)
// <= 100ms is shorter than normal human reaction time (ability to place events chronologically, which happened first)
// ~ 150-250ms is the sweet spot for most humans (long enough to notice change and not be jarred, but stay on task)
var firstSet = [
function askEmail(cb) {
if (state.config.email) { cb(); return; }
console.info(TPLS.remote.setup.email);
// TODO attempt to read email from npmrc or the like?
rl.question('email: ', function (email) {
email = /@/.test(email) && email.trim();
if (!email) { askEmail(cb); return; }
state.config.email = email.trim();
state.config.agreeTos = true;
console.info("");
setTimeout(cb, 250);
});
}
, function askRelay(cb) {
function checkRelay(relay) {
// TODO parse and check https://{{relay}}/.well-known/telebit.cloud/directives.json
if (!relay) { relay = 'telebit.cloud'; }
relay = relay.trim();
var urlstr = common.parseUrl(relay) + common.apiDirectory;
urequest({ url: urlstr, json: true }, function (err, resp, body) {
if (err) {
console.error("[Network Error] Failed to retrieve '" + urlstr + "'");
console.error(err);
askRelay(cb);
return;
}
if (200 !== resp.statusCode || (Buffer.isBuffer(body) || 'object' !== typeof body) || !body.api_host) {
console.warn("===================");
console.warn(" WARNING ");
console.warn("===================");
console.warn("");
console.warn("[" + resp.statusCode + "] '" + urlstr + "'");
console.warn("This server does not describe a current telebit version (but it may still work).");
console.warn("");
console.warn(body);
} else if (body && body.pair_request) {
state._can_pair = true;
}
state.config.relay = relay;
cb();
});
}
if (state.config.relay) { checkRelay(state.config.relay); return; }
console.info("");
console.info("");
console.info("What relay will you be using? (press enter for default)");
console.info("");
rl.question('relay [default: telebit.cloud]: ', checkRelay);
}
, function checkRelay(cb) {
nextSet = [];
if ('telebit.cloud' !== state.config.relay) {
nextSet = nextSet.concat(standardSet);
}
if (!state._can_pair) {
nextSet = nextSet.concat(fossSet);
}
cb();
}
];
var standardSet = [
// There are questions that we need to aks in the CLI
// if we can't guarantee that they are being asked in the web interface
function askAgree(cb) {
if (state.config.agreeTos) { cb(); return; }
console.info("");
console.info("");
console.info("Do you accept the terms of service for each and all of the following?");
console.info("");
console.info("\tTelebit - End-to-End Encrypted Relay");
console.info("\tGreenlock - Automated HTTPS");
console.info("\tLet's Encrypt - TLS Certificates");
console.info("");
console.info("Type 'y' or 'yes' to accept these Terms of Service.");
console.info("");
rl.question('agree to all? [y/N]: ', function (resp) {
resp = resp.trim();
if (!/^y(es)?$/i.test(resp) && 'true' !== resp) {
throw new Error("You didn't accept the Terms of Service... not sure what to do...");
}
state.config.agreeTos = true;
console.info("");
setTimeout(cb, 250);
});
}
, function askUpdates(cb) {
// required means transactional, security alerts, mandatory updates
var options = [ 'newsletter', 'important', 'required' ];
if (-1 !== options.indexOf(state._updates)) { cb(); return; }
console.info("");
console.info("");
console.info("What updates would you like to receive? (" + options.join(',') + ")");
console.info("");
rl.question('messages (default: important): ', function (updates) {
state._updates = (updates || '').trim().toLowerCase();
if (!state._updates) { state._updates = 'important'; }
if (-1 === options.indexOf(state._updates)) { askUpdates(cb); return; }
if ('newsletter' === state._updates) {
state.config.newsletter = true;
state.config.communityMember = true;
} else if ('important' === state._updates) {
state.config.communityMember = true;
}
setTimeout(cb, 250);
});
}
, function askTelemetry(cb) {
if (state.config.telemetry) { cb(); return; }
console.info("");
console.info("");
console.info("Contribute project telemetry data? (press enter for default [yes])");
console.info("");
rl.question('telemetry [Y/n]: ', function (telemetry) {
if (!telemetry || /^y(es)?$/i.test(telemetry)) {
state.config.telemetry = true;
}
setTimeout(cb, 250);
});
}
];
var fossSet = [
function askTokenOrSecret(cb) {
if (state._can_pair || state.token || state.config.token
|| state.secret || state.config.secret) { cb(); return; }
console.info("");
console.info("");
console.info("What's your authorization for '" + state.config.relay + "'?");
console.info("");
// TODO check .well-known to learn supported token types
console.info("Currently supported:");
console.info("");
console.info("\tToken (JWT format)");
console.info("\tShared Secret (HMAC hex)");
//console.info("\tPrivate key (hex)");
console.info("");
rl.question('auth: ', function (resp) {
var jwt = require('jsonwebtoken');
resp = (resp || '').trim();
try {
jwt.decode(resp);
state.config.token = resp;
} catch(e) {
// is not jwt
}
if (!state.config.token) {
resp = resp.toLowerCase();
if (resp === Buffer.from(resp, 'hex').toString('hex')) {
state.config.secret = resp;
}
}
if (!state.config.token && !state.config.secret) {
askTokenOrSecret(cb);
return;
}
setTimeout(cb, 250);
});
}
, function askServernames(cb) {
if (!state.config.secret || state.config._servernames) { cb(); return; }
console.info("");
console.info("");
console.info("What servername(s) will you be relaying here?");
console.info("(use a comma-separated list such as example.com,example.net)");
console.info("");
rl.question('domain(s): ', function (resp) {
resp = (resp || '').trim().split(/,/g);
if (!resp.length) { askServernames(); return; }
// TODO validate the domains
state.config._servernames = resp;
setTimeout(cb, 250);
});
}
, function askPorts(cb) {
if (!state.config.secret || state.config._ports) { cb(); return; }
console.info("");
console.info("");
console.info("What tcp port(s) will you be relaying here?");
console.info("(use a comma-separated list such as 2222,5050)");
console.info("");
rl.question('port(s) [default:none]: ', function (resp) {
resp = (resp || '').trim().split(/,/g);
if (!resp.length) { askPorts(); return; }
// TODO validate the domains
state.config._ports = resp;
setTimeout(cb, 250);
});
}
];
var nextSet = firstSet;
function next() {
var q = nextSet.shift();
if (!q) {
// https://github.com/nodejs/node/issues/21319
if (useTty) { try { stdin.push(null); } catch(e) { /*ignore*/ } }
rl.close();
if (useTty) { try { stdin.close(); } catch(e) { /*ignore*/ } }
mainCb(null, state);
return;
}
q(next);
}
next();
}
var utils = {
request: function request(opts, fn) {
if (!opts) { opts = {}; }
var service = opts.service || 'config';
var req = http.request({
socketPath: state._ipc.path
, method: opts.method || 'GET'
, path: '/rpc/' + service
}, function (resp) {
var body = '';
function finish() {
if (200 !== resp.statusCode) {
console.warn(resp.statusCode);
console.warn(body || ('get' + service + ' failed'));
//cb(new Error("not okay"), body);
return;
}
if (!body) { fn(null, null); return; }
try {
body = JSON.parse(body);
} catch(e) {
// ignore
}
fn(null, body);
}
if (resp.headers['content-length']) {
resp.on('data', function (chunk) {
body += chunk.toString();
});
resp.on('end', function () {
finish();
});
} else {
finish();
}
});
req.on('error', function (err) {
// ENOENT - never started, cleanly exited last start, or creating socket at a different path
// ECONNREFUSED - leftover socket just needs to be restarted
if ('ENOENT' === err.code || 'ECONNREFUSED' === err.code) {
if (opts._taketwo) {
console.error("Either the telebit service was not already (and could not be started) or its socket could not be written to.");
console.error(err);
return;
}
require('../usr/share/install-launcher.js').install({ env: process.env }, function (err) {
if (err) { fn(err); return; }
opts._taketwo = true;
setTimeout(function () {
utils.request(opts, fn);
}, 2500);
});
return;
}
if ('ENOTSOCK' === err.code) {
console.error(err);
return;
}
console.error(err);
return;
});
req.end();
}
, putConfig: function putConfig(service, args, fn) {
var req = http.request({
socketPath: state._ipc.path
, method: 'POST'
, path: '/rpc/' + service + '?_body=' + encodeURIComponent(JSON.stringify(args))
}, function (resp) {
function finish() {
if ('function' === typeof fn) {
fn(null, resp);
return;
}
console.info("");
if (200 !== resp.statusCode) {
console.warn("'" + service + "' may have failed."
+ " Consider peaking at the logs either with 'journalctl -xeu telebit' or /opt/telebit/var/log/error.log");
console.warn(resp.statusCode, body);
//cb(new Error("not okay"), body);
return;
}
if (!body) {
console.info("👌");
return;
}
try {
body = JSON.parse(body);
} catch(e) {
// ignore
}
if ("AWAIT_AUTH" === body.code) {
console.info(body.message);
} else if ("CONFIG" === body.code) {
delete body.code;
//console.info(TOML.stringify(body));
console.info(YAML.safeDump(body));
} else {
if ('http' === body.module) {
// TODO we'll support slingshot-ing in the future
if (String(body.local) === String(parseInt(body.local, 10))) {
console.info('> Forwarding https://' + body.remote + ' => localhost:' + body.local);
} else {
console.info('> Serving ' + body.local + ' as https://' + body.remote);
}
} else if ('tcp' === body.module) {
console.info('> Forwarding ' + state.config.relay + ':' + body.remote + ' => localhost:' + body.local);
} else if ('ssh' === body.module) {
//console.info('> Forwarding ' + state.config.relay + ' -p ' + JSON.stringify(body) + ' => localhost:' + body.local);
console.info('> Forwarding ssh+https (openssl proxy) => localhost:' + body.local);
} else {
console.info(JSON.stringify(body, null, 2));
}
console.info();
}
}
var body = '';
if (resp.headers['content-length']) {
resp.on('data', function (chunk) {
body += chunk.toString();
});
resp.on('end', function () {
finish();
});
} else {
finish();
}
});
req.on('error', function (err) {
console.error('Put Config Error:');
console.error(err);
return;
});
req.end();
}
};
// Two styles:
// http 3000
// http modulename
function makeRpc(key) {
if (key !== argv[0]) {
return false;
}
utils.putConfig(argv[0], argv.slice(1));
return true;
}
function packConfig(config) {
return Object.keys(config).map(function (key) {
var val = config[key];
if ('undefined' === val) {
throw new Error("'undefined' used as a string value");
}
if ('undefined' === typeof val) {
//console.warn('[DEBUG]', key, 'is present but undefined');
return;
}
if (val && 'object' === typeof val && !Array.isArray(val)) {
val = JSON.stringify(val);
}
return key + ':' + val; // converts arrays to strings with ,
});
}
function getToken(err, state) {
if (err) {
console.error("Error while initializing config [init]:");
throw err;
}
state.relay = state.config.relay;
// { _otp, config: {} }
common.api.token(state, {
error: function (err/*, next*/) {
console.error("[Error] common.api.token:");
console.error(err);
return;
}
, directory: function (dir, next) {
//console.log('[directory] Telebit Relay Discovered:');
//console.log(dir);
state._apiDirectory = dir;
next();
}
, tunnelUrl: function (tunnelUrl, next) {
//console.log('[tunnelUrl] Telebit Relay Tunnel Socket:', tunnelUrl);
state.wss = tunnelUrl;
next();
}
, requested: function (authReq, next) {
//console.log("[requested] Pairing Requested");
state.config._otp = state.config._otp = authReq.otp;
if (!state.config.token && state._can_pair) {
console.info("");
console.info("==============================================");
console.info(" Hey, Listen! ");
console.info("==============================================");
console.info(" ");
console.info(" GO CHECK YOUR EMAIL! ");
console.info(" ");
console.info(" DEVICE PAIR CODE: 0000 ".replace(/0000/g, state.config._otp));
console.info(" ");
console.info("==============================================");
console.info("");
}
next();
}
, connect: function (pretoken, next) {
//console.log("[connect] Enabling Pairing Locally...");
state.config.pretoken = pretoken;
state._connecting = true;
// TODO use php-style object querification
utils.putConfig('config', packConfig(state.config), function (err/*, body*/) {
if (err) {
state._error = err;
console.error("Error while initializing config [connect]:");
console.error(err);
return;
}
console.info(TPLS.remote.waiting.replace(/{email}/, state.config.email));
next();
});
}
, offer: function (token, next) {
//console.log("[offer] Pairing Enabled by Relay");
state.config.token = token;
if (state._error) {
return;
}
state._connecting = true;
try {
require('jsonwebtoken').decode(token);
//console.log(require('jsonwebtoken').decode(token));
} catch(e) {
console.warn("[warning] could not decode token");
}
utils.putConfig('config', packConfig(state.config), function (err/*, body*/) {
if (err) {
state._error = err;
console.error("Error while initializing config [offer]:");
console.error(err);
return;
}
//console.log("Pairing Enabled Locally");
next();
});
}
, granted: function (_, next) {
//console.log("[grant] Pairing complete!");
next();
}
, end: function () {
utils.putConfig('enable', [], function (err) {
if (err) { console.error(err); return; }
console.info(TPLS.remote.success);
// workaround for https://github.com/nodejs/node/issues/21319
if (state._useTty) {
setTimeout(function () {
console.info(TPLS.remote.next_steps);
process.exit(0);
}, 0.5 * 1000);
return;
}
// end workaround
parseCli(state);
});
}
});
}
function parseCli(/*state*/) {
var special = [
'false', 'none', 'off', 'disable'
, 'true', 'auto', 'on', 'enable'
];
if (-1 !== argv.indexOf('init')) {
utils.putConfig('list', []/*, function (err) {
}*/);
return;
}
if ([ 'ssh', 'http', 'tcp' ].some(function (key) {
if (key !== argv[0]) {
return false;
}
if (argv[1]) {
if (String(argv[1]) === String(parseInt(argv[1], 10))) {
// looks like a port
argv[1] = parseInt(argv[1], 10);
} else if (/\/|\\/.test(argv[1])) {
// looks like a path
argv[1] = path.resolve(argv[1]);
// TODO make a default assignment here
} else if (-1 === special.indexOf(argv[1])) {
console.error("Not sure what you meant by '" + argv[1] + "'.");
console.error("Remember: paths should begin with ." + path.sep + ", like '." + path.sep + argv[1] + "'");
return true;
}
utils.putConfig(argv[0], argv.slice(1));
return true;
}
return true;
})) {
return;
}
if ([ 'status', 'enable', 'disable', 'restart', 'list', 'save' ].some(makeRpc)) {
return;
}
help();
process.exit(11);
}
function handleConfig(err, config) {
//console.log('CONFIG');
//console.log(config);
state.config = config;
var verstrd = [ pkg.name + ' daemon v' + state.config.version ];
if (state.config.version && state.config.version !== pkg.version) {
console.info(verstr.join(' '), verstrd.join(' '));
} else {
console.info(verstr.join(' '));
}
if (err) { console.error(err); process.exit(101); return; }
//
// check for init first, before anything else
// because it has arguments that may help in
// the next steps
//
if (-1 !== argv.indexOf('init')) {
parsers.init(argv, getToken);
return;
}
if (!state.config.relay || !state.config.token) {
if (!state.config.relay) {
state.config.relay = 'telebit.cloud';
}
//console.log("question the user?", Date.now());
askForConfig(state, function (err, state) {
// no errors actually get passed, so this is just future-proofing
if (err) { throw err; }
if (!state.config.token && state._can_pair) {
state.config._otp = common.otp();
}
//console.log("done questioning:", Date.now());
if (!state.token && !state.config.token) {
getToken(err, state);
} else {
parseCli(state);
}
});
return;
}
//console.log("no questioning:");
parseCli(state);
}
function parseConfig(err, text) {
try {
state._clientConfig = JSON.parse(text || '{}');
} catch(e1) {
try {
state._clientConfig = YAML.safeLoad(text || '{}');
} catch(e2) {
try {
state._clientConfig = TOML.parse(text || '');
} catch(e3) {
console.error(e1.message);
console.error(e2.message);
process.exit(1);
return;
}
}
}
state._clientConfig = camelCopy(state._clientConfig || {}) || {};
common._init(
// make a default working dir and log dir
state._clientConfig.root || path.join(os.homedir(), '.local/share/telebit')
, (state._clientConfig.root && path.join(state._clientConfig.root, 'etc'))
|| path.resolve(common.DEFAULT_CONFIG_PATH, '..')
);
state._ipc = common.pipename(state._clientConfig, true);
if (!Object.keys(state._clientConfig).length) {
console.info('(' + state._ipc.comment + ": " + state._ipc.path + ')');
console.info("");
}
if ((err && 'ENOENT' === err.code) || !Object.keys(state._clientConfig).length) {
if (!err || 'ENOENT' === err.code) {
//console.warn("Empty config file. Run 'telebit init' to configure.\n");
} else {
console.warn("Couldn't load config:\n\n\t" + err.message + "\n");
}
}
utils.request({ service: 'config' }, handleConfig);
}
var parsers = {
init: function (argv, parseCb) {
var answers = {};
var boolish = [ '--advanced' ];
if ('init' !== argv[0]) {
throw new Error("init must be the first argument");
}
argv.shift();
// init --foo bar
argv.forEach(function (arg, i) {
if (!/^--/.test(arg)) { return; }
if (-1 !== boolish.indexOf(arg)) {
answers['_' + arg.replace(/^--/, '')] = true;
}
if (/^-/.test(argv[i + 1])) {
throw new Error(argv[i + 1] + ' requires an argument');
}
answers[arg] = argv[i + 1];
});
// init foo:bar
argv.forEach(function (arg) {
if (/^--/.test(arg)) { return; }
var parts = arg.split(/:/g);
if (2 !== parts.length) {
throw new Error("bad option to init: '" + arg + "'");
}
if (answers[parts[0]]) {
throw new Error("duplicate key to init '" + parts[0] + "'");
}
answers[parts[0]] = parts[1];
});
if (answers.relay) {
console.info("using --relay " + answers.relay);
}
// things that aren't straight-forward copy-over
if (!answers.advanced && !answers.relay) {
answers.relay = 'telebit.cloud';
}
if (Array.isArray(common._NOTIFICATIONS[answers.update])) {
common._NOTIFICATIONS[answers.update].forEach(function (name) {
state.config[name] = true;
});
}
if (answers.servernames) {
state.config._servernames = answers.servernames;
}
if (answers.ports) {
state.config._ports = answers.ports;
}
// things that are straight-forward copy-over
common.CONFIG_KEYS.forEach(function (key) {
if ('true' === answers[key]) { answers[key] = true; }
if ('false' === answers[key]) { answers[key] = false; }
if ('null' === answers[key]) { answers[key] = null; }
if ('undefined' === answers[key]) { delete answers[key]; }
if ('undefined' !== typeof answers[key]) {
state.config[key] = answers[key];
}
});
askForConfig(state, function (err, state) {
if (err) { parseCb(err); return; }
if (!state.config.token && state._can_pair) {
state.config._otp = common.otp();
}
argv.unshift('init');
parseCb(null, state);
});
}
};
fs.readFile(confpath, 'utf8', parseConfig);
}());

854
bin/telebit.js
View File

@ -2,35 +2,837 @@
(function () {
'use strict';
//
// node telebit daemon arg1 arg2
//
if ('daemon' === process.argv[2]) {
require('./telebitd.js');
return;
var pkg = require('../package.json');
var os = require('os');
//var url = require('url');
var path = require('path');
var http = require('http');
//var https = require('https');
var YAML = require('js-yaml');
var recase = require('recase').create({});
var camelCopy = recase.camelCopy.bind(recase);
//var snakeCopy = recase.snakeCopy.bind(recase);
var urequest = require('@coolaj86/urequest');
var common = require('../lib/cli-common.js');
var argv = process.argv.slice(2);
var argIndex = argv.indexOf('--config');
var confpath;
var useTty;
var state = {};
if (-1 === argIndex) {
argIndex = argv.indexOf('-c');
}
if (-1 !== argIndex) {
confpath = argv.splice(argIndex, 2)[1];
}
argIndex = argv.indexOf('--tty');
if (-1 !== argIndex) {
useTty = argv.splice(argIndex, 1);
}
//
// sclient proxies
//
if ('sclient' === process.argv[2]) {
process.argv.splice(1,1);
return;
}
if ('rsync' === process.argv[2]) {
require('sclient/bin/sclient.js');
return;
}
if ('ssh' === process.argv[2] && /[\w-]+\.[a-z]{2,}/i.test(process.argv[3])) {
process.argv.splice(1,1,'sclient');
process.argv.splice(2,1,'ssh');
require('sclient/bin/sclient.js');
return;
function help() {
//console.info('');
//console.info('Telebit Remote v' + pkg.version);
console.info('');
console.info('Usage:');
console.info('');
console.info('\ttelebit [--config <path>] <module> <module-options>');
console.info('');
console.info('Examples:');
console.info('');
//console.info('\ttelebit init # bootstrap the config files');
//console.info('');
console.info('\ttelebit status # whether enabled or disabled');
console.info('\ttelebit enable # disallow incoming connections');
console.info('\ttelebit disable # allow incoming connections');
console.info('');
console.info('\ttelebit list # list rules for servernames and ports');
console.info('');
console.info('\ttelebit http none # remove all https handlers');
console.info('\ttelebit http 3000 # forward all https traffic to port 3000');
console.info('\ttelebit http /module/path # load a node module to handle all https traffic');
console.info('');
console.info('\ttelebit http none example.com # remove https handler from example.com');
console.info('\ttelebit http 3001 sub.example.com # forward https traffic for sub.example.com to port 3001');
console.info('\ttelebit http /module/path sub # forward https traffic for sub.example.com to port 3001');
console.info('');
console.info('\ttelebit tcp none # remove all tcp handlers');
console.info('\ttelebit tcp 5050 # forward all tcp to port 5050');
console.info('\ttelebit tcp /module/path # handle all tcp with a node module');
console.info('');
console.info('\ttelebit tcp none 6565 # remove tcp handler from external port 6565');
console.info('\ttelebit tcp 5050 6565 # forward external port 6565 to local 5050');
console.info('\ttelebit tcp /module/path 6565 # handle external port 6565 with a node module');
console.info('');
console.info('Config:');
console.info('');
console.info('\tSee https://git.coolaj86.com/coolaj86/telebit.js');
console.info('');
console.info('');
}
//
// telebit remote
//
require('./telebit-remote.js');
var verstr = [ pkg.name + ' remote v' + pkg.version ];
if (!confpath) {
confpath = path.join(os.homedir(), '.config/telebit/telebit.yml');
verstr.push('(--config "' + confpath + '")');
}
if (-1 !== argv.indexOf('-h') || -1 !== argv.indexOf('--help')) {
help();
process.exit(0);
}
if (!confpath || /^--/.test(confpath)) {
help();
process.exit(1);
}
function askForConfig(state, mainCb) {
var fs = require('fs');
var ttyname = '/dev/tty';
var stdin = useTty ? fs.createReadStream(ttyname, {
fd: fs.openSync(ttyname, fs.constants.O_RDONLY | fs.constants.O_NOCTTY)
}) : process.stdin;
var readline = require('readline');
var rl = readline.createInterface({
input: stdin
, output: process.stdout
// https://github.com/nodejs/node/issues/21771
// https://github.com/nodejs/node/issues/21319
, terminal: !/^win/i.test(os.platform()) && !useTty
});
state._useTty = useTty;
// NOTE: Use of setTimeout
// We're using setTimeout just to make the user experience a little
// nicer, as if we're doing something inbetween steps, so that it
// is a smooth rather than jerky experience.
// >= 300ms is long enough to become distracted and change focus (a full blink, time for an idea to form as a thought)
// <= 100ms is shorter than normal human reaction time (ability to place events chronologically, which happened first)
// ~ 150-250ms is the sweet spot for most humans (long enough to notice change and not be jarred, but stay on task)
var firstSet = [
function askEmail(cb) {
if (state.config.email) { cb(); return; }
//console.info("");
console.info("Welcome!");
console.info("");
console.info("By using Telebit you agree to:");
console.info("");
console.info(" [x] Accept the Telebit™ terms of service");
console.info(" [x] Accept the Let's Encrypt™ terms of service");
console.info("");
console.info("Enter your email to agree and login/create your account:");
console.info("");
// TODO attempt to read email from npmrc or the like?
rl.question('email: ', function (email) {
email = /@/.test(email) && email.trim();
if (!email) { askEmail(cb); return; }
state.config.email = email.trim();
state.config.agreeTos = true;
console.info("");
setTimeout(cb, 250);
});
}
, function askRelay(cb) {
function checkRelay(relay) {
// TODO parse and check https://{{relay}}/.well-known/telebit.cloud/directives.json
if (!relay) { relay = 'telebit.cloud'; }
relay = relay.trim();
var urlstr = common.parseUrl(relay) + common.apiDirectory;
urequest({ url: urlstr, json: true }, function (err, resp, body) {
if (err) {
console.error("[Network Error] Failed to retrieve '" + urlstr + "'");
console.error(err);
askRelay(cb);
return;
}
if (200 !== resp.statusCode || (Buffer.isBuffer(body) || 'object' !== typeof body) || !body.api_host) {
console.warn("===================");
console.warn(" WARNING ");
console.warn("===================");
console.warn("");
console.warn("[" + resp.statusCode + "] '" + urlstr + "'");
console.warn("This server does not describe a current telebit version (but it may still work).");
console.warn("");
console.warn(body);
} else if (body && body.pair_request) {
state._can_pair = true;
}
state.config.relay = relay;
cb();
});
}
if (state.config.relay) { checkRelay(state.config.relay); return; }
console.info("");
console.info("");
console.info("What relay will you be using? (press enter for default)");
console.info("");
rl.question('relay [default: telebit.cloud]: ', checkRelay);
}
, function checkRelay(cb) {
nextSet = [];
if ('telebit.cloud' !== state.config.relay) {
nextSet = nextSet.concat(standardSet);
}
if (!state._can_pair) {
nextSet = nextSet.concat(fossSet);
}
cb();
}
];
var standardSet = [
// There are questions that we need to aks in the CLI
// if we can't guarantee that they are being asked in the web interface
function askAgree(cb) {
if (state.config.agreeTos) { cb(); return; }
console.info("");
console.info("");
console.info("Do you accept the terms of service for each and all of the following?");
console.info("");
console.info("\tTelebit - End-to-End Encrypted Relay");
console.info("\tGreenlock - Automated HTTPS");
console.info("\tLet's Encrypt - TLS Certificates");
console.info("");
console.info("Type 'y' or 'yes' to accept these Terms of Service.");
console.info("");
rl.question('agree to all? [y/N]: ', function (resp) {
resp = resp.trim();
if (!/^y(es)?$/i.test(resp) && 'true' !== resp) {
throw new Error("You didn't accept the Terms of Service... not sure what to do...");
}
state.config.agreeTos = true;
console.info("");
setTimeout(cb, 250);
});
}
, function askUpdates(cb) {
// required means transactional, security alerts, mandatory updates
var options = [ 'newsletter', 'important', 'required' ];
if (-1 !== options.indexOf(state._updates)) { cb(); return; }
console.info("");
console.info("");
console.info("What updates would you like to receive? (" + options.join(',') + ")");
console.info("");
rl.question('messages (default: important): ', function (updates) {
state._updates = (updates || '').trim().toLowerCase();
if (!state._updates) { state._updates = 'important'; }
if (-1 === options.indexOf(state._updates)) { askUpdates(cb); return; }
if ('newsletter' === state._updates) {
state.config.newsletter = true;
state.config.communityMember = true;
} else if ('important' === state._updates) {
state.config.communityMember = true;
}
setTimeout(cb, 250);
});
}
, function askTelemetry(cb) {
if (state.config.telemetry) { cb(); return; }
console.info("");
console.info("");
console.info("Contribute project telemetry data? (press enter for default [yes])");
console.info("");
rl.question('telemetry [Y/n]: ', function (telemetry) {
if (!telemetry || /^y(es)?$/i.test(telemetry)) {
state.config.telemetry = true;
}
setTimeout(cb, 250);
});
}
];
var fossSet = [
function askTokenOrSecret(cb) {
if (state._can_pair || state.token || state.config.token
|| state.secret || state.config.secret) { cb(); return; }
console.info("");
console.info("");
console.info("What's your authorization for '" + state.config.relay + "'?");
console.info("");
// TODO check .well-known to learn supported token types
console.info("Currently supported:");
console.info("");
console.info("\tToken (JWT format)");
console.info("\tShared Secret (HMAC hex)");
//console.info("\tPrivate key (hex)");
console.info("");
rl.question('auth: ', function (resp) {
var jwt = require('jsonwebtoken');
resp = (resp || '').trim();
try {
jwt.decode(resp);
state.config.token = resp;
} catch(e) {
// is not jwt
}
if (!state.config.token) {
resp = resp.toLowerCase();
if (resp === Buffer.from(resp, 'hex').toString('hex')) {
state.config.secret = resp;
}
}
if (!state.config.token && !state.config.secret) {
askTokenOrSecret(cb);
return;
}
setTimeout(cb, 250);
});
}
, function askServernames(cb) {
if (!state.config.secret || state.config._servernames) { cb(); return; }
console.info("");
console.info("");
console.info("What servername(s) will you be relaying here?");
console.info("(use a comma-separated list such as example.com,example.net)");
console.info("");
rl.question('domain(s): ', function (resp) {
resp = (resp || '').trim().split(/,/g);
if (!resp.length) { askServernames(); return; }
// TODO validate the domains
state.config._servernames = resp;
setTimeout(cb, 250);
});
}
, function askPorts(cb) {
if (!state.config.secret || state.config._ports) { cb(); return; }
console.info("");
console.info("");
console.info("What tcp port(s) will you be relaying here?");
console.info("(use a comma-separated list such as 2222,5050)");
console.info("");
rl.question('port(s) [default:none]: ', function (resp) {
resp = (resp || '').trim().split(/,/g);
if (!resp.length) { askPorts(); return; }
// TODO validate the domains
state.config._ports = resp;
setTimeout(cb, 250);
});
}
];
var nextSet = firstSet;
function next() {
var q = nextSet.shift();
if (!q) {
// https://github.com/nodejs/node/issues/21319
if (useTty) { try { stdin.push(null); } catch(e) { /*ignore*/ } }
rl.close();
if (useTty) { try { stdin.close(); } catch(e) { /*ignore*/ } }
mainCb(null, state);
return;
}
q(next);
}
next();
}
var utils = {
request: function request(opts, fn) {
if (!opts) { opts = {}; }
var service = opts.service || 'config';
var req = http.request({
socketPath: state._ipc.path
, method: opts.method || 'GET'
, path: '/rpc/' + service
}, function (resp) {
var body = '';
function finish() {
if (200 !== resp.statusCode) {
console.warn(resp.statusCode);
console.warn(body || ('get' + service + ' failed'));
//cb(new Error("not okay"), body);
return;
}
if (!body) { fn(null, null); return; }
try {
body = JSON.parse(body);
} catch(e) {
// ignore
}
fn(null, body);
}
if (resp.headers['content-length']) {
resp.on('data', function (chunk) {
body += chunk.toString();
});
resp.on('end', function () {
finish();
});
} else {
finish();
}
});
req.on('error', function (err) {
// ENOENT - never started, cleanly exited last start, or creating socket at a different path
// ECONNREFUSED - leftover socket just needs to be restarted
if ('ENOENT' === err.code || 'ECONNREFUSED' === err.code) {
if (opts._taketwo) {
console.error("Either the telebit service was not already (and could not be started) or its socket could not be written to.");
console.error(err);
return;
}
require('../usr/share/install-launcher.js').install({ env: process.env }, function (err) {
if (err) { fn(err); return; }
opts._taketwo = true;
utils.request(opts, fn);
});
return;
}
if ('ENOTSOCK' === err.code) {
console.error(err);
return;
}
console.error(err);
return;
});
req.end();
}
, putConfig: function putConfig(service, args, fn) {
var req = http.request({
socketPath: state._ipc.path
, method: 'POST'
, path: '/rpc/' + service + '?_body=' + encodeURIComponent(JSON.stringify(args))
}, function (resp) {
function finish() {
if ('function' === typeof fn) {
fn(null, resp);
return;
}
console.info("");
if (200 !== resp.statusCode) {
console.warn("'" + service + "' may have failed."
+ " Consider peaking at the logs either with 'journalctl -xeu telebit' or /opt/telebit/var/log/error.log");
console.warn(resp.statusCode, body);
//cb(new Error("not okay"), body);
return;
}
if (!body) {
console.info("👌");
return;
}
try {
body = JSON.parse(body);
} catch(e) {
// ignore
}
if ("AWAIT_AUTH" === body.code) {
console.info(body.message);
} else if ("CONFIG" === body.code) {
delete body.code;
console.info(YAML.safeDump(body));
} else {
if ('http' === body.module) {
// TODO we'll support slingshot-ing in the future
if (String(body.local) === String(parseInt(body.local, 10))) {
console.info('> Forwarding https://' + body.remote + ' => localhost:' + body.local);
} else {
console.info('> Serving ' + body.local + ' as https://' + body.remote);
}
} else if ('tcp' === body.module) {
console.info('> Forwarding ' + state.config.relay + ':' + body.remote + ' => localhost:' + body.local);
} else if ('ssh' === body.module) {
console.info('> Forwarding ' + state.config.relay + ' -p ' + body.remote + ' => localhost:' + body.local);
console.info('> Forwarding ssh+https (openssl proxy) => localhost:' + body.local);
} else {
console.info(JSON.stringify(body, null, 2));
}
console.info();
}
}
var body = '';
if (resp.headers['content-length']) {
resp.on('data', function (chunk) {
body += chunk.toString();
});
resp.on('end', function () {
finish();
});
} else {
finish();
}
});
req.on('error', function (err) {
console.error('Put Config Error:');
console.error(err);
return;
});
req.end();
}
};
// Two styles:
// http 3000
// http modulename
function makeRpc(key) {
if (key !== argv[0]) {
return false;
}
utils.putConfig(argv[0], argv.slice(1));
return true;
}
function packConfig(config) {
return Object.keys(config).map(function (key) {
var val = config[key];
if ('undefined' === val) {
throw new Error("'undefined' used as a string value");
}
if ('undefined' === typeof val) {
//console.warn('[DEBUG]', key, 'is present but undefined');
return;
}
if (val && 'object' === typeof val && !Array.isArray(val)) {
val = JSON.stringify(val);
}
return key + ':' + val; // converts arrays to strings with ,
});
}
function getToken(err, state) {
if (err) {
console.error("Error while initializing config [init]:");
throw err;
}
state.relay = state.config.relay;
// { _otp, config: {} }
common.api.token(state, {
error: function (err/*, next*/) {
console.error("[Error] common.api.token:");
console.error(err);
return;
}
, directory: function (dir, next) {
//console.log('[directory] Telebit Relay Discovered:');
//console.log(dir);
state._apiDirectory = dir;
next();
}
, tunnelUrl: function (tunnelUrl, next) {
//console.log('[tunnelUrl] Telebit Relay Tunnel Socket:', tunnelUrl);
state.wss = tunnelUrl;
next();
}
, requested: function (authReq, next) {
//console.log("[requested] Pairing Requested");
state.config._otp = state.config._otp = authReq.otp;
if (!state.config.token && state._can_pair) {
console.info("");
console.info("==============================================");
console.info(" Hey, Listen! ");
console.info("==============================================");
console.info(" ");
console.info(" GO CHECK YOUR EMAIL! ");
console.info(" ");
console.info(" DEVICE PAIR CODE: 0000 ".replace(/0000/g, state.config._otp));
console.info(" ");
console.info("==============================================");
console.info("");
}
next();
}
, connect: function (pretoken, next) {
//console.log("[connect] Enabling Pairing Locally...");
state.config.pretoken = pretoken;
state._connecting = true;
// TODO use php-style object querification
utils.putConfig('config', packConfig(state.config), function (err/*, body*/) {
if (err) {
state._error = err;
console.error("Error while initializing config [connect]:");
console.error(err);
return;
}
console.info("waiting...");
next();
});
}
, offer: function (token, next) {
//console.log("[offer] Pairing Enabled by Relay");
state.config.token = token;
if (state._error) {
return;
}
state._connecting = true;
try {
require('jsonwebtoken').decode(token);
//console.log(require('jsonwebtoken').decode(token));
} catch(e) {
console.warn("[warning] could not decode token");
}
utils.putConfig('config', packConfig(state.config), function (err/*, body*/) {
if (err) {
state._error = err;
console.error("Error while initializing config [offer]:");
console.error(err);
return;
}
//console.log("Pairing Enabled Locally");
next();
});
}
, granted: function (_, next) {
//console.log("[grant] Pairing complete!");
next();
}
, end: function () {
utils.putConfig('enable', [], function (err) {
if (err) { console.error(err); return; }
console.info("Success");
// workaround for https://github.com/nodejs/node/issues/21319
if (state._useTty) {
setTimeout(function () {
console.info("Some fun things to try first:\n");
console.info(" ~/telebit http 3000");
console.info(" ~/telebit tcp 5050");
console.info(" ~/telebit ssh auto");
console.info();
console.info("Press any key to continue...");
console.info();
process.exit(0);
}, 0.5 * 1000);
return;
}
// end workaround
parseCli(state);
});
}
});
}
function parseCli(/*state*/) {
var special = [
'false', 'none', 'off', 'disable'
, 'true', 'auto', 'on', 'enable'
];
if (-1 !== argv.indexOf('init')) {
utils.putConfig('list', []/*, function (err) {
}*/);
return;
}
if ([ 'ssh', 'http', 'tcp' ].some(function (key) {
if (key !== argv[0]) {
return false;
}
if (argv[1]) {
if (String(argv[1]) === String(parseInt(argv[1], 10))) {
// looks like a port
argv[1] = parseInt(argv[1], 10);
} else if (/\/|\\/.test(argv[1])) {
// looks like a path
argv[1] = path.resolve(argv[1]);
// TODO make a default assignment here
} else if (-1 === special.indexOf(argv[1])) {
console.error("Not sure what you meant by '" + argv[1] + "'.");
console.error("Remember: paths should begin with ." + path.sep + ", like '." + path.sep + argv[1] + "'");
return true;
}
utils.putConfig(argv[0], argv.slice(1));
return true;
}
return true;
})) {
return;
}
if ([ 'status', 'enable', 'disable', 'restart', 'list', 'save' ].some(makeRpc)) {
return;
}
help();
process.exit(11);
}
function handleConfig(err, config) {
//console.log('CONFIG');
//console.log(config);
state.config = config;
var verstr = [ pkg.name + ' daemon v' + state.config.version ];
console.info(verstr.join(' '));
if (err) { console.error(err); process.exit(101); return; }
//
// check for init first, before anything else
// because it has arguments that may help in
// the next steps
//
if (-1 !== argv.indexOf('init')) {
parsers.init(argv, getToken);
return;
}
if (!state.config.relay || !state.config.token) {
if (!state.config.relay) {
state.config.relay = 'telebit.cloud';
}
//console.log("question the user?", Date.now());
askForConfig(state, function (err, state) {
// no errors actually get passed, so this is just future-proofing
if (err) { throw err; }
if (!state.config.token && state._can_pair) {
state.config._otp = common.otp();
}
//console.log("done questioning:", Date.now());
if (!state.token && !state.config.token) {
getToken(err, state);
} else {
parseCli(state);
}
});
return;
}
//console.log("no questioning:");
parseCli(state);
}
function parseConfig(err, text) {
console.info("");
console.info(verstr.join(' '));
try {
state._clientConfig = JSON.parse(text || '{}');
} catch(e1) {
try {
state._clientConfig = YAML.safeLoad(text || '{}');
} catch(e2) {
console.error(e1.message);
console.error(e2.message);
process.exit(1);
return;
}
}
state._clientConfig = camelCopy(state._clientConfig || {}) || {};
common._init(
// make a default working dir and log dir
state._clientConfig.root || path.join(os.homedir(), '.local/share/telebit')
, (state._clientConfig.root && path.join(state._clientConfig.root, 'etc'))
|| path.resolve(common.DEFAULT_CONFIG_PATH, '..')
);
state._ipc = common.pipename(state._clientConfig, true);
if (!Object.keys(state._clientConfig).length) {
console.info('(' + state._ipc.comment + ": " + state._ipc.path + ')');
console.info("");
}
if ((err && 'ENOENT' === err.code) || !Object.keys(state._clientConfig).length) {
if (!err || 'ENOENT' === err.code) {
//console.warn("Empty config file. Run 'telebit init' to configure.\n");
} else {
console.warn("Couldn't load config:\n\n\t" + err.message + "\n");
}
}
utils.request({ service: 'config' }, handleConfig);
}
var parsers = {
init: function (argv, parseCb) {
var answers = {};
var boolish = [ '--advanced' ];
if ('init' !== argv[0]) {
throw new Error("init must be the first argument");
}
argv.shift();
// init --foo bar
argv.forEach(function (arg, i) {
if (!/^--/.test(arg)) { return; }
if (-1 !== boolish.indexOf(arg)) {
answers['_' + arg.replace(/^--/, '')] = true;
}
if (/^-/.test(argv[i + 1])) {
throw new Error(argv[i + 1] + ' requires an argument');
}
answers[arg] = argv[i + 1];
});
// init foo:bar
argv.forEach(function (arg) {
if (/^--/.test(arg)) { return; }
var parts = arg.split(/:/g);
if (2 !== parts.length) {
throw new Error("bad option to init: '" + arg + "'");
}
if (answers[parts[0]]) {
throw new Error("duplicate key to init '" + parts[0] + "'");
}
answers[parts[0]] = parts[1];
});
if (answers.relay) {
console.info("using --relay " + answers.relay);
}
// things that aren't straight-forward copy-over
if (!answers.advanced && !answers.relay) {
answers.relay = 'telebit.cloud';
}
if (Array.isArray(common._NOTIFICATIONS[answers.update])) {
common._NOTIFICATIONS[answers.update].forEach(function (name) {
state.config[name] = true;
});
}
if (answers.servernames) {
state.config._servernames = answers.servernames;
}
if (answers.ports) {
state.config._ports = answers.ports;
}
// things that are straight-forward copy-over
common.CONFIG_KEYS.forEach(function (key) {
if ('true' === answers[key]) { answers[key] = true; }
if ('false' === answers[key]) { answers[key] = false; }
if ('null' === answers[key]) { answers[key] = null; }
if ('undefined' === answers[key]) { delete answers[key]; }
if ('undefined' !== typeof answers[key]) {
state.config[key] = answers[key];
}
});
askForConfig(state, function (err, state) {
if (err) { parseCb(err); return; }
if (!state.config.token && state._can_pair) {
state.config._otp = common.otp();
}
argv.unshift('init');
parseCb(null, state);
});
}
};
require('fs').readFile(confpath, 'utf8', parseConfig);
}());

620
bin/telebitd.js
View File

@ -2,13 +2,6 @@
(function () {
'use strict';
var PromiseA;
try {
PromiseA = require('bluebird');
} catch(e) {
PromiseA = global.Promise;
}
var pkg = require('../package.json');
var url = require('url');
@ -17,16 +10,11 @@ var os = require('os');
var fs = require('fs');
var common = require('../lib/cli-common.js');
var http = require('http');
var TOML = require('toml');
var YAML = require('js-yaml');
var recase = require('recase').create({});
var camelCopy = recase.camelCopy.bind(recase);
var snakeCopy = recase.snakeCopy.bind(recase);
var TPLS = TOML.parse(fs.readFileSync(path.join(__dirname, "../lib/en-us.toml"), 'utf8'));
var TelebitRemote = require('../').TelebitRemote;
var state = { homedir: os.homedir(), servernames: {}, ports: {}, keepAlive: { state: false } };
var state = { homedir: os.homedir(), servernames: {}, ports: {} };
var argv = process.argv.slice(2);
@ -44,7 +32,20 @@ if (-1 !== confIndex) {
var cancelUpdater = require('../lib/updater')(pkg);
function help() {
console.info(TPLS.daemon.help.main.replace(/{version}/g, pkg.version));
console.info('');
console.info('Telebit Daemon v' + pkg.version);
console.info('');
console.info('Usage:');
console.info('');
console.info('\ttelebitd --config <path>');
console.info('\tex: telebitd --config ~/.config/telebit/telebitd.yml');
console.info('');
console.info('');
console.info('Config:');
console.info('');
console.info('\tSee https://git.coolaj86.com/coolaj86/telebit.js');
console.info('');
console.info('');
}
var verstr = [ pkg.name + ' daemon v' + pkg.version ];
@ -65,19 +66,21 @@ if (!confpath || /^--/.test(confpath)) {
help();
process.exit(1);
}
state._confpath = confpath;
var tokenpath = path.join(path.dirname(state._confpath), 'access_token.txt');
var tokenpath = path.join(path.dirname(confpath), 'access_token.txt');
var token;
try {
token = fs.readFileSync(tokenpath, 'ascii').trim();
//console.log('[DEBUG] access_token', typeof token, token);
console.log('[DEBUG] access_token', typeof token, token);
} catch(e) {
// ignore
}
var controlServer;
var myRemote;
var tun;
var controllers = {};
function saveConfig(cb) {
fs.writeFile(confpath, YAML.safeDump(snakeCopy(state.config)), cb);
}
function getServername(servernames, sub) {
if (state.servernames[sub]) {
return sub;
@ -102,11 +105,6 @@ function getServername(servernames, sub) {
}
})[0];
}
function saveConfig(cb) {
fs.writeFile(confpath, YAML.safeDump(snakeCopy(state.config)), cb);
}
var controllers = {};
controllers.http = function (req, res, opts) {
function getAppname(pathname) {
// port number
@ -289,16 +287,12 @@ controllers.ssh = function (req, res, opts) {
function sshSuccess() {
//state.config.sshAuto = state.sshAuto;
saveConfig(function (err) {
var local = state.config.sshAuto;
if (false !== local && !local) {
local = 22;
}
res.setHeader('Content-Type', 'application/json');
res.end(JSON.stringify({
success: true
, active: true
, remote: Object.keys(state.config.ports)[0]
, local: local
, local: state.config.sshAuto || 22
, saved: !err
, module: 'ssh'
}));
@ -358,19 +352,22 @@ function serveControlsHelper() {
res.end(JSON.stringify(dumpy));
}
function getConfigOnly() {
if (/\b(config)\b/.test(opts.pathname) && /get/i.test(req.method)) {
var resp = JSON.parse(JSON.stringify(state.config));
resp.version = pkg.version;
res.setHeader('Content-Type', 'application/json');
res.end(JSON.stringify(resp));
return;
}
//
// without proper config
//
function saveAndReport() {
function saveAndReport(err, _tun) {
console.log('[DEBUG] saveAndReport config write', confpath);
console.log(YAML.safeDump(snakeCopy(state.config)));
if (err) { throw err; }
tun = _tun;
fs.writeFile(confpath, YAML.safeDump(snakeCopy(state.config)), function (err) {
if (err) {
res.statusCode = 500;
@ -383,8 +380,7 @@ function serveControlsHelper() {
listSuccess();
});
}
function initOrConfig() {
if (/\b(init|config)\b/.test(opts.pathname)) {
var conf = {};
if (!opts.body) {
res.statusCode = 422;
@ -462,7 +458,7 @@ function serveControlsHelper() {
}
if (!state.config.relay || !state.config.email || !state.config.agreeTos) {
console.warn('missing config');
console.log('aborting for some reason');
res.statusCode = 400;
res.setHeader('Content-Type', 'application/json');
@ -478,48 +474,66 @@ function serveControlsHelper() {
return;
}
// init also means enable
delete state.config.disable;
safeStartTelebitRemote(true).then(saveAndReport).catch(handleError);
}
function restart() {
console.info("[telebitd.js] server closing...");
state.keepAlive.state = false;
if (myRemote) {
myRemote.end();
myRemote.on('end', respondAndClose);
// failsafe
setTimeout(function () {
console.info("[telebitd.js] closing too slowly, force quit");
respondAndClose();
}, 5 * 1000);
} else {
respondAndClose();
}
function respondAndClose() {
res.setHeader('Content-Type', 'application/json');
res.end(JSON.stringify({ success: true }));
controlServer.close(function () {
console.info("[telebitd.js] server closed");
setTimeout(function () {
// system daemon will restart the process
process.exit(22); // use non-success exit code
}, 100);
if (tun) {
console.log('ending existing tunnel, starting anew');
tun.end(function () {
console.log('success ending');
rawTunnel(saveAndReport);
});
tun = null;
setTimeout(function () {
if (!tun) {
console.log('failed to end, but starting anyway');
rawTunnel(saveAndReport);
}
}, 3000);
} else {
console.log('no tunnel, starting anew');
rawTunnel(saveAndReport);
}
return;
}
function invalidConfig() {
if (/restart/.test(opts.pathname)) {
tun.end();
res.setHeader('Content-Type', 'application/json');
res.end(JSON.stringify({ success: true }));
controlServer.close(function () {
// TODO closeAll other things
process.nextTick(function () {
// system daemon will restart the process
process.exit(22); // use non-success exit code
});
});
return;
}
//
// Check for proper config
//
if (!state.config.relay || !state.config.email || !state.config.agreeTos) {
res.statusCode = 400;
res.setHeader('Content-Type', 'application/json');
res.end(JSON.stringify({
error: { code: "E_CONFIG", message: "Invalid config file. Please run 'telebit init'" }
}));
return;
}
function saveAndCommit() {
//
// With proper config
//
if (/http/.test(opts.pathname)) {
controllers.http(req, res, opts);
return;
}
if (/tcp/.test(opts.pathname)) {
controllers.tcp(req, res, opts);
return;
}
if (/save|commit/.test(opts.pathname)) {
state.config.servernames = state.servernames;
state.config.ports = state.ports;
fs.writeFile(confpath, YAML.safeDump(snakeCopy(state.config)), function (err) {
@ -533,114 +547,69 @@ function serveControlsHelper() {
}
listSuccess();
});
return;
}
function handleError(err) {
res.statusCode = 500;
res.setHeader('Content-Type', 'application/json');
res.end(JSON.stringify({
error: { message: err.message, code: err.code }
}));
if (/ssh/.test(opts.pathname)) {
controllers.ssh(req, res, opts);
return;
}
function enable() {
if (/enable/.test(opts.pathname)) {
delete state.config.disable;// = undefined;
state.keepAlive.state = true;
fs.writeFile(confpath, YAML.safeDump(snakeCopy(state.config)), function (err) {
if (err) {
err.message = "Could not save config file. Perhaps you're user doesn't have permission?";
handleError(err);
return;
}
// TODO XXX myRemote.active
if (myRemote) {
if (tun) {
listSuccess();
return;
}
rawTunnel(function (err, _tun) {
if (err) { throw err; }
tun = _tun;
fs.writeFile(confpath, YAML.safeDump(snakeCopy(state.config)), function (err) {
if (err) {
res.statusCode = 500;
res.setHeader('Content-Type', 'application/json');
res.end(JSON.stringify({
error: { message: "Could not save config file. Perhaps you're user doesn't have permission?" }
}));
return;
}
listSuccess();
return;
}
safeStartTelebitRemote(true).then(listSuccess).catch(handleError);
});
});
return;
}
function disable() {
if (/disable/.test(opts.pathname)) {
state.config.disable = true;
state.keepAlive.state = false;
if (myRemote) { myRemote.end(); myRemote = null; }
if (tun) { tun.end(); tun = null; }
fs.writeFile(confpath, YAML.safeDump(snakeCopy(state.config)), function (err) {
res.setHeader('Content-Type', 'application/json');
if (err) {
err.message = "Could not save config file. Perhaps you're user doesn't have permission?";
handleError(err);
res.statusCode = 500;
res.end(JSON.stringify({
"error":{"message":"Could not save config file. Perhaps you're not running as root?"}
}));
return;
}
res.end('{"success":true}');
});
return;
}
function getStatus() {
if (/status/.test(opts.pathname)) {
res.setHeader('Content-Type', 'application/json');
res.end(JSON.stringify(
{ status: (state.config.disable ? 'disabled' : 'enabled')
, ready: ((state.config.relay && (state.config.token || state.config.agreeTos)) ? true : false)
, active: !!myRemote
, active: !!tun
, connected: 'maybe (todo)'
, version: pkg.version
, servernames: state.servernames
}
));
return;
}
if (/\b(config)\b/.test(opts.pathname) && /get/i.test(req.method)) {
getConfigOnly();
return;
}
if (/\b(init|config)\b/.test(opts.pathname)) {
initOrConfig();
return;
}
if (/restart/.test(opts.pathname)) {
restart();
return;
}
//
// Check for proper config
//
if (!state.config.relay || !state.config.email || !state.config.agreeTos) {
invalidConfig();
return;
}
//
// With proper config
//
if (/http/.test(opts.pathname)) {
controllers.http(req, res, opts);
return;
}
if (/tcp/.test(opts.pathname)) {
controllers.tcp(req, res, opts);
return;
}
if (/save|commit/.test(opts.pathname)) {
saveAndCommit();
return;
}
if (/ssh/.test(opts.pathname)) {
controllers.ssh(req, res, opts);
return;
}
if (/enable/.test(opts.pathname)) {
enable();
return;
}
if (/disable/.test(opts.pathname)) {
disable();
return;
}
if (/status/.test(opts.pathname)) {
getStatus();
return;
}
if (/list/.test(opts.pathname)) {
listSuccess();
return;
@ -649,7 +618,6 @@ function serveControlsHelper() {
res.setHeader('Content-Type', 'application/json');
res.end(JSON.stringify({"error":{"message":"unrecognized rpc"}}));
});
if (fs.existsSync(state._ipc.path)) {
fs.unlinkSync(state._ipc.path);
}
@ -685,25 +653,27 @@ function serveControlsHelper() {
}
function serveControls() {
serveControlsHelper();
if (state.config.disable) {
console.info("[info] starting disabled");
return;
}
// This will remain in a disconnect state and wait for an init
if (!(state.config.relay && (state.config.token || state.config.pretoken))) {
console.info("[info] waiting for init/authentication (missing relay and/or token)");
if (state.config.relay && (state.config.token || state.config.pretoken)) {
console.info("[info] connecting with stored token");
rawTunnel(function (err, _tun) {
if (err) { throw err; }
if (_tun) { tun = _tun; }
setTimeout(function () {
// TODO attach handler to tunnel
serveControlsHelper();
}, 150);
});
return;
} else {
console.info("[info] waiting for init/authentication (missing relay and/or token)");
}
console.info("[info] connecting with stored token");
return safeStartTelebitRemote().catch(function (err) {
// ignore, it'll keep looping anyway
console.warn("[debug] error that (supposedly) shouldn't matter:");
console.warn(err);
});
serveControlsHelper();
}
function parseConfig(err, text) {
@ -765,294 +735,95 @@ function parseConfig(err, text) {
}
}
function approveDomains(opts, certs, cb) {
// Even though it's being tunneled by a trusted source
// we need to make sure we don't get rate-limit spammed
// with wildcard domains
// TODO: finish implementing dynamic dns for wildcard certs
if (getServername(state.servernames, opts.domains[0])) {
opts.email = state.greenlockConf.email || state.config.email;
opts.agreeTos = state.greenlockConf.agree || state.greenlockConf.agreeTos || state.config.agreeTos;
cb(null, { options: opts, certs: certs });
function rawTunnel(rawCb) {
if (state.config.disable || !state.config.relay || !(state.config.token || state.config.agreeTos)) {
rawCb(null, null);
return;
}
cb(new Error("servername not found in allowed list"));
}
function greenlockHelper(state) {
// TODO Check undefined vs false for greenlock config
state.greenlockConf = state.config.greenlock || {};
state.greenlockConfig = {
version: state.greenlockConf.version || 'draft-11'
, server: state.greenlockConf.server || 'https://acme-v02.api.letsencrypt.org/directory'
, communityMember: state.greenlockConf.communityMember || state.config.communityMember
, _communityPackage: 'telebit.js'
, telemetry: state.greenlockConf.telemetry || state.config.telemetry
, configDir: state.greenlockConf.configDir
|| (state.config.root && path.join(state.config.root, 'etc/acme'))
|| path.join(os.homedir(), '.config/telebit/acme')
// TODO, store: require(state.greenlockConf.store.name || 'le-store-certbot').create(state.greenlockConf.store.options || {})
, approveDomains: approveDomains
};
state.insecure = state.config.relay_ignore_invalid_certificates;
}
function promiseTimeout(t) {
return new PromiseA(function (resolve) {
setTimeout(resolve, t);
});
}
var promiseWss = PromiseA.promisify(function (state, fn) {
return common.api.wss(state, fn);
});
var trPromise;
function safeStartTelebitRemote(forceOn) {
// whatever is currently going will not restart
state.keepAlive.state = false;
if (trPromise && !forceOn) { return trPromise; }
// if something is running, this will kill it
// (TODO option to use known-good active instead of restarting)
// this won't restart either
trPromise = rawStartTelebitRemote(state.keepAlive);
trPromise.then(function () {
console.log("[debug] success on raw start, keepAlive = true");
state.keepAlive.state = true;
trPromise = null;
}).catch(function () {
console.log("[debug] failure on raw start, { keepAlive = true }");
// this will restart
state.keepAlive = { state: true };
trPromise = rawStartTelebitRemote(state.keepAlive);
trPromise.then(function () {
console.log("[debug] success on 2nd start keepAlive:", state.keepAlive.state);
trPromise = null;
}).catch(function () {
console.log("[debug] failure on 2nd start. keepAlive", state.keepAlive.state);
trPromise = null;
});
});
return trPromise;
}
function rawStartTelebitRemote(keepAlive) {
var err;
var exiting = false;
var localRemote = myRemote;
myRemote = null;
if (localRemote) { /*console.log('DEBUG destroy() existing');*/ localRemote.destroy(); }
function safeReload(delay) {
if (exiting) {
// return a junk promise as the prior call
// already passed flow-control to the next promise
// (this is a second or delayed error or close event)
return PromiseA.resolve();
}
exiting = true;
// TODO state.keepAlive?
return promiseTimeout(delay).then(function () {
return rawStartTelebitRemote(keepAlive);
});
}
if (state.config.disable) {
//console.log('DEBUG disabled or incapable');
err = new Error("connecting is disabled");
err.code = 'EDISABLED';
return PromiseA.reject(err);
}
if (!(state.config.token || state.config.agreeTos)) {
//console.log('DEBUG Must agreeTos to generate preauth');
err = new Error("Must either supply token (for auth) or agreeTos (for preauth)");
err.code = 'ENOAGREE';
return PromiseA.reject(err);
}
state.relay = state.config.relay;
if (!state.relay) {
//console.log('DEBUG no relay');
err = new Error("'" + state._confpath + "' is missing 'relay'");
err.code = 'ENORELAY';
return PromiseA.reject(err);
rawCb(new Error("'" + state._confpath + "' is missing 'relay'"));
return;
}
// TODO: we need some form of pre-authorization before connecting,
// otherwise we'll get disconnected pretty quickly
if (!(state.token || state.pretoken)) {
//console.log('DEBUG no token');
err = new Error("no jwt token or preauthorization");
err.code = 'ENOAUTH';
return PromiseA.reject(err);
rawCb(null, null);
return;
}
return PromiseA.resolve().then(function () {
//console.log('DEBUG rawStartTelebitRemote');
if (tun) {
rawCb(null, tun);
return;
}
function startHelper() {
//console.log('DEBUG startHelper');
greenlockHelper(state);
// Saves the token
// state.handlers.access_token({ jwt: token });
// Adds the token to the connection
// tun.append(token);
common.api.wss(state, function (err, wss) {
if (err) { rawCb(err); return; }
state.wss = wss;
//console.log("[DEBUG] token", typeof token, token);
//state.sortingHat = state.config.sortingHat;
// { relay, config, servernames, ports, sortingHat, net, insecure, token, handlers, greenlockConfig }
// Saves the token
// state.handlers.access_token({ jwt: token });
// Adds the token to the connection
// tun.append(token);
return new PromiseA(function (myResolve, myReject) {
function reject(err) {
if (myReject) {
myReject(err);
myResolve = null;
myReject = null;
} else {
//console.log('DEBUG double rejection');
}
}
function resolve(val) {
//console.log('[DEBUG] pre-resolve');
if (myResolve) {
myResolve(val);
myResolve = null;
myReject = null;
} else {
//console.log('DEBUG double resolution');
}
}
state.greenlockConf = state.config.greenlock || {};
state.sortingHat = state.config.sortingHat;
function onConnect() {
console.info('[connect] relay established');
myRemote.removeListener('error', onConnectError);
myRemote.once('error', function (err) {
console.log("[debug] Error after connect.");
console.log(err);
if (!keepAlive.state) {
reject(err);
return;
}
retryLoop();
});
resolve(myRemote);
// TODO sortingHat.print(); ?
// TODO Check undefined vs false for greenlock config
var remote = require('../');
state.greenlockConfig = {
version: state.greenlockConf.version || 'draft-11'
, server: state.greenlockConf.server || 'https://acme-v02.api.letsencrypt.org/directory'
, communityMember: state.greenlockConf.communityMember || state.config.communityMember
, telemetry: state.greenlockConf.telemetry || state.config.telemetry
, configDir: state.greenlockConf.configDir
|| (state.config.root && path.join(state.config.root, 'etc/acme'))
|| path.join(os.homedir(), '.config/telebit/acme')
// TODO, store: require(state.greenlockConf.store.name || 'le-store-certbot').create(state.greenlockConf.store.options || {})
, approveDomains: function (opts, certs, cb) {
// Certs being renewed are listed in certs.altnames
if (certs) {
opts.domains = certs.altnames;
cb(null, { options: opts, certs: certs });
return;
}
function onConnectError(err) {
myRemote = null;
if (handleError(err, 'onConnectError')) {
if (!keepAlive.state) {
reject(err);
return;
}
safeReload(10 * 1000).then(resolve).catch(reject);
return;
}
console.error('[Error] onConnectError: no retry (possibly bad auth):');
console.error(err);
reject(err);
// Even though it's being tunneled by a trusted source
// we need to make sure we don't get rate-limit spammed
// with wildcard domains
// TODO: finish implementing dynamic dns for wildcard certs
if (getServername(state.servernames, opts.domains[0])) {
opts.email = state.greenlockConf.email || state.config.email;
opts.agreeTos = state.greenlockConf.agree || state.greenlockConf.agreeTos || state.config.agreeTos;
cb(null, { options: opts, certs: certs });
return;
}
function retryLoop() {
console.warn('[Warn] disconnected. Will retry?', keepAlive.state);
if (keepAlive.state) {
safeReload(10 * 1000).then(resolve).catch(reject);
}
}
myRemote = TelebitRemote.createConnection({
relay: state.relay
, wss: state.wss
, config: state.config
, otp: state.otp
, sortingHat: state.config.sortingHat
, net: state.net
, insecure: state.insecure
, token: state.token || state.pretoken // instance
, servernames: state.servernames
, ports: state.ports
, handlers: state.handlers
, greenlockConfig: state.greenlockConfig
}, onConnect);
myRemote.once('error', onConnectError);
myRemote.once('close', retryLoop);
myRemote.on('grant', state.handlers.grant);
myRemote.on('access_token', state.handlers.access_token);
});
}
if (state.wss) {
return startHelper();
}
function handleError(err, prefix) {
// Likely causes:
// * DNS lookup failed (no Internet)
// * Rejected (bad authn)
if ('ENOTFOUND' === err.code) {
// DNS issue, probably network is disconnected
err.message = [
'[warn] (' + prefix + '): DNS address not found.'
, ' Either the remote does not exist or local network is down or blocked.'
, ' You might check wifi, eth, paywall, etc.'
].join('\n');
if (keepAlive.error !== err.code) {
console.warn(err.message);
keepAlive.error = err.code;
console.warn("(retrying silently)");
}
return true;
} else if ('ECONNREFUSED' === err.code) {
// Server issue. If it's the development server, it's probably down
err.message = [
'[warn] onConnectError: Connection Refused.'
, ' Either the remote does not exist or local network is blocking it.'
, ' Is the relay service provider\'s website up? Did you make a typo?'
, ' Is there a local firewall or paywall? Might the relay be otherwise blocked?'
].join('\n');
if (keepAlive.error !== err.code) {
console.warn(err.message);
keepAlive.error = err.code;
console.warn("(retrying silently)");
}
return true;
//cb(new Error("servername not found in allowed list"));
}
}
};
state.insecure = state.config.relay_ignore_invalid_certificates;
// { relay, config, servernames, ports, sortingHat, net, insecure, token, handlers, greenlockConfig }
// get the wss url
function retryWssLoop(err) {
if (!keepAlive.state) {
console.log("[debug] error getting wss url:");
console.log(err);
return PromiseA.reject(err);
}
console.log("[DEBUG] token", typeof token, token);
tun = remote.connect({
relay: state.relay
, wss: state.wss
, config: state.config
, otp: state.otp
, sortingHat: state.sortingHat
, net: state.net
, insecure: state.insecure
, token: state.token || state.pretoken // instance
, servernames: state.servernames
, ports: state.ports
, handlers: state.handlers
, greenlockConfig: state.greenlockConfig
});
myRemote = null;
if (handleError(err, 'retryWssLoop')) {
// Always retry at this stage. It *is* a connectivity problem.
// Since the internet is disconnected, try again and again and again.
return safeReload(2 * 1000);
} else {
console.error("[error] retryWssLoop (will not retry):");
console.error(err.message);
return PromiseA.reject(err);
}
}
// It makes since for this to be in here because the server
// could be restarting to force a change of the metadata
return promiseWss(state).then(function (wss) {
state.wss = wss;
console.log("[debug] got wss url");
keepAlive.error = null;
return startHelper();
}).catch(retryWssLoop);
rawCb(null, tun);
});
}
@ -1114,17 +885,14 @@ state.handlers = {
};
function sigHandler() {
process.removeListener('SIGINT', sigHandler);
console.info('Received kill signal. Attempting to exit cleanly...');
state.keepAlive.state = false;
// We want to handle cleanup properly unless something is broken in our cleanup process
// that prevents us from exitting, in which case we want the user to be able to send
// the signal again and exit the way it normally would.
if (myRemote) {
myRemote.end();
myRemote = null;
process.removeListener('SIGINT', sigHandler);
if (tun) {
tun.end();
}
if (controlServer) {
controlServer.close();

245
lib/client.js Normal file
View File

@ -0,0 +1,245 @@
'use strict';
var sni = require('sni');
var Packer = require('proxy-packer');
module.exports.create = function (handlers) {
var client = module.exports;
client.pendingCommands = {};
client.auth = null;
client.wstunneler = null;
client.localclients = {};
client.authenticated = false;
var multiplexed = {};
var stream = require('stream');
var Duplex = stream.Duplex;
function SingleConn(tun, streamOpts) {
// Proper duplex stream with automatic flow control (backpressure) management
if(!(this instanceof SingleConn)) { return new SingleConn(tun, streamOpts); }
Duplex.call(this, streamOpts);
}
SingleConn.create = function (opts) {
return new SingleConn(opts);
};
if (!handlers) { handlers = {}; }
// XXX TODO
handlers.onAuthRequest = function (authRequest) {
// XXX out of scope
client._wsTunnelRemote._sendCommand('auth', authRequest).catch(function (err) { console.error('1', err); });
};
handlers.onAddToken = function (jwtoken) {
// XXX out of scope
client._wsTunnelRemote._sendCommand('add_token', jwtoken)
.catch(function (err) {
console.error('failed re-adding token', jwtoken, 'after reconnect', err);
// Not sure if we should do something like remove the token here. It worked
// once or it shouldn't have stayed in the list, so it's less certain why
// it would have failed here.
});
};
handlers.onAck = function (body) {
var packBody = true;
client._wsTunnelRemote.sendMessage(Packer.packHeader(null, body, 'control', packBody));
};
handlers.onNoHandler = function (cmd) {
console.warn("[telebit] state.handlers['" + cmd[1] + "'] not set");
console.warn(cmd[2]);
};
// TODO
// make proxy-packer a readable stream?
// create per-connection buffer?
handlers.onNonReadable = function (/*fn*/) {
client.wstunneler.pause();
//packerHandlers.onReadable = fn;
};
handlers.onReadable = function () {
//packerHandlers.onReadable();
client.wstunneler.resume();
};
var authsent = false;
function sendAllTokens() {
if (client.auth) {
authsent = true;
handlers.onAuthRequest(client.auth);
}
client.sharedTokens.forEach(function (jwtoken) {
// XXX out of scope
if (client._state.debug) { console.log('[DEBUG] send token'); }
authsent = true;
handlers.onAddToken(jwtoken);
});
}
function hyperPeek(tun) {
var m;
var str;
if (tun.data) {
if ('http' === tun.service) {
str = tun.data.toString();
m = str.match(/(?:^|[\r\n])Host: ([^\r\n]+)[\r\n]*/im);
tun._name = tun._hostname = (m && m[1].toLowerCase() || '').split(':')[0];
}
else if ('https' === tun.service || 'tls' === tun.service) {
tun._name = tun._servername = sni(tun.data);
} else {
tun._name = '';
}
}
}
var packerHandlers = {
oncontrol: function (opts) {
var cmd, err;
try {
cmd = JSON.parse(opts.data.toString());
} catch (err) {
// ignore
}
if (!Array.isArray(cmd) || typeof cmd[0] !== 'number') {
console.warn('received bad command "' + opts.data.toString() + '"');
return;
}
if (cmd[0] < 0) {
var cb = client.pendingCommands[-cmd[0]];
if (!cb) {
console.warn('received response for unknown request:', cmd);
} else {
cb.apply(null, cmd.slice(1));
}
return;
}
if (cmd[0] === 0) {
console.warn('received dis-associated error from server', cmd[1]);
if (client.connCallback) {
client.connCallback(cmd[1]);
}
return;
}
if (cmd[1] === 'hello') {
if (client._state.debug) { console.log('[DEBUG] hello received'); }
sendAllTokens();
if (client.connCallback) {
client.connCallback();
}
// TODO: handle the versions and commands provided by 'hello' - isn't super important
// yet since there is only one version and set of commands.
err = null;
} else if (cmd[1] === 'grant') {
client.authenticated = true;
if (client._state.handlers[cmd[1]]) {
client._state.handlers[cmd[1]](cmd[2]);
} else {
handlers.onNoHandler(cmd);
}
return;
} else if (cmd[1] === 'access_token') {
client.authenticated = true;
if (client._state.handlers[cmd[1]]) {
client._state.handlers[cmd[1]](cmd[2]);
} else {
handlers.onNoHandler(cmd);
}
return;
} else {
err = { message: 'unknown command "'+cmd[1]+'"', code: 'E_UNKNOWN_COMMAND' };
}
handlers.onAck([-cmd[0], err]);
}
, onconnection: function (tun, handledCb) {
var cid = tun._id = Packer.addrToId(tun);
if (multiplexed[cid]) {
throw new Error("[Sanity Error] a new connection can't already exist in the connection pool");
}
// this data should have been gathered already as part of the proxy protocol
// but if it's available again here we can double check
hyperPeek(tun);
// the next data that comes in may be the next packet of data for this connection
// and that may happen before the detection and assignment is complete
handlers.onNonReadable(); // pause()
// TODO use readable streams instead
require(client._state.sortingHat).assign(client._state, tun, function (err, conn) {
if (err) {
err.message = err.message.replace(/:tun_id/, tun._id);
console.info("[_onConnectError] opening '" + cid + "' failed because " + err.message);
client._wsTunnelRemote.sendMessage(Packer.packHeader(tun, null, 'error'));
return;
}
//handlers.on
client.clientHandlers.add(conn, cid, tun);
if (tun.data) { conn.write(tun.data); }
handlers.onReadable(); // resume
if ('function' === typeof handledCb) { handledCb(); }
});
}
, onmessage: function (tun) {
var cid = tun._id = Packer.addrToId(tun);
var handled;
hyperPeek(tun);
handled = client.clientHandlers.write(cid, tun);
if (!handled) {
throw new Error("No 'message' event came before 'connection' event."
+ " You're probably using a different version of proxy-packer on the server than the client");
}
}
, onpause: function (opts) {
var cid = Packer.addrToId(opts);
if (client.localclients[cid]) {
console.log("[TunnelPause] pausing '"+cid+"', remote received", opts.data.toString(), 'of', client.localclients[cid].tunnelWritten, 'sent');
client.localclients[cid].manualPause = true;
client.localclients[cid].pause();
} else {
console.log('[TunnelPause] remote tried pausing finished connection', cid);
// Often we have enough latency that we've finished sending before we're told to pause, so
// don't worry about sending back errors, since we won't be sending data over anyway.
// var packBody = true;
// wsTunnelRemote.sendMessage(Packer.packHeader(opts, {message: 'no matching connection', code: 'E_NO_CONN'}, 'error', packBody));
}
}
, onresume: function (opts) {
var cid = Packer.addrToId(opts);
if (client.localclients[cid]) {
console.log("[TunnelResume] resuming '"+cid+"', remote received", opts.data.toString(), 'of', client.localclients[cid].tunnelWritten, 'sent');
client.localclients[cid].manualPause = false;
client.localclients[cid].resume();
} else {
console.log('[TunnelResume] remote tried resuming finished connection', cid);
// var packBody = true;
// wsTunnelRemote.sendMessage(Packer.packHeader(opts, {message: 'no matching connection', code: 'E_NO_CONN'}, 'error', packBody));
}
}
, onend: function (opts) {
var cid = Packer.addrToId(opts);
//console.log("[end] '" + cid + "'");
client.clientHandlers.closeSingle(cid);
}
, onerror: function (opts) {
var cid = Packer.addrToId(opts);
//console.log("[error] '" + cid + "'", opts.code || '', opts.message);
client.clientHandlers.closeSingle(cid);
}
};
client.machine = Packer.create(packerHandlers);
client.sharedTokens = [];
return client;
};

493
lib/en-us.toml
View File

@ -1,493 +0,0 @@
[help]
remote = "telebit remote v{version}
Telebit Remote is the T-Rex long-arm of the Internet. UNSTOPPABLE!
Using reliable HTTPS tunneling to establishing peer-to-peer connections,
Telebit is empowering the next generation of tinkerers. Access your devices.
Share your stuff. Be UNSTOPPABLE! (Join us at https://rootprojects.org)
Usage:
telebit [flags] <command> [arguments]
ex: telebit http ~/Public
The flags are:
--config <path> specify config file (default is ~/.config/telebit/telebit.yml)
--json output json instead of text, if available
-h,--help display this menu (or sub-command menus)
The commands are:
status show status and configuration info
http access files, folders, and local apps via https (secure)
ssh enable remote access to this device with ssh-over-https
ssh (client) access devices via ssh-over-https (telebit, stunnel, openssl, etc)
tcp forward tcp locally
enable turn on remote access and sharing
disable turn off remote access and sharing
activate start and register the telebit service
disable stop and unregister the telebit service
config (doc) config file format and settings
client (doc) vpn, ftp, rsync, scp, ssh-proxy, sclient
Use \"telebit help [command]\" for more information about a command, including flags.
Additional help topics:
daemon telebit daemon secure background service
relay telebit secure relay, hosted, and self-hosting options
Copyright 2015-2018 AJ ONeal https://telebit.cloud MPL-2.0 Licensed (RAWR!)"
client = "telebit client v{version}
ftp secure ftp file transfer between devices
rsync rsync over https and proxy commands
scp scp over https and proxy commands
sclient use the sclient emebbed within telebit
ssh-proxy ssh over https and proxy commands
vpn (client) home network access and private web browsing via socks5
Use \"telebit help [command]\" for more information about a command, including flags.
Copyright 2015-2018 AJ ONeal https://telebit.cloud MPL-2.0 Licensed (RAWR!)"
status = "usage: telebit status
'telebit status' shows details about the current connections (or lack thereof).
Example:
Status: RAWR! (uptime: 45 minutes)
Forwarding ssh+https://jon.telebit.io => localhost:22
Forwarding https://client.jon.telebit.io => localhost:3000
Serving https://public.jon.telebit.io from ~/Public
Syncing ~/shared => home.jon.telebit.io:shared
Relay: https://telebit.cloud
Launcher: user
Additional help topics: enable, disable"
enable = "Enable Telebit - Re-enable and accept incoming connections
usage: telebit enable
enable Re-enable incoming connections for https, ssh, etc"
disable = "Disable Telebit - Reject https, ssh, and tcp connections
usage: telebit disable
disable (Temporarily) reject incoming connections for https,
ssh, etc without deleting the current configuration.
Perists on restart, but can be re-enabled remotely
(with your authorization only)."
activate = "Activate Telebit - Start telebit (if not running) and register a launcher
Usage:
telebit activate [flags]
ex: telebit activate --launcher none
The flags may be exactly one of:
--no-launcher uregister any launchers (start manually)
--user-launcher (default) register an unprivileged launcher (start on login)
--system-launcher register with the system launcher (start on boot)
Note: telebit relies on the system launcher to recover from certain error conditions"
deactivate = "Deactivate Telebit - Unregister userspace (or system) launcher and stop
Usage:
telebit deactivate [flags]
ex: telebit deactivate --keep alive
The flags are:
--keep-launcher stop telebit without unregistering the launcher
--keep-alive unregister launcher without stopping"
http = "Telebit HTTP - The UNSTOPPABLE way to share files, folders, and local apps.
usage: telebit http <path/port/none> [subdomain]
http <DIR> [subdomain] serve a file, folder, or node express app
ex: telebit http ~/Public pub ex: securely host ~/Public as pub.johndoe.telebit.io
http <PORT> [subdomain] forward all https traffic to a local app
ex: telebit http 3000 app ex: publicize localhost:3000 as app.johndoe.telebit.io
http none [subdomain] remove secure http access for (any or all) subdomain(s)
ex: telebit http none ex: remove all https access
Use cases:
- Lazy man's AirDrop (works for lazy women too!)
- Testing dev sites on a phone
- Sharing indie music and movies with friends"
ssh = "Telebit SSH - The UNSTOPPABLE way to remote into your devices.
usage: telebit ssh <auto|port|none>
All https traffic will be inspected to see if it looks like ssh Once enabled all traffic that looks
ssh auto Make ssh Just Work (on port 22)
ssh <port> forward ssh traffic to non-standard port
ex: telebit ssh 22 ex: explicitly forward ssh-looking packets to localhost:22
ssh none Disables ssh tunneling
Telebit SSH Client
usage: telebit ssh <remote> [ssh flags and options]
This is just a shortcut for \"ssh\", with all ssh-over-https options turned on.
ssh <remote> Make ssh Just Work (over https)
ex: telebit ssh jon.telebit.io ex:
\"telebit help ssh-proxy\" for more info
Use cases:
- Access your home computer from work.
- Access your work computer from home.
- Good ol' fashioned screen/tmux style pair programming"
ssh-proxy = "Proxying SSH over HTTPS
Wrapping SSH in HTTPS makes it accessible anywhere and also makes it routable.
Whether inside a harsh network environment or even if hindered by a poorly
configured firewall, once wrapped in tls, ssh becomes UNSTOPPABLE.
Usage:
telebit ssh <remote> [ssh flags and options]
Example:
telebit ssh jon.telebit.io
It is NOT at all neccessary to use \"telebit ssh\", it's just a convenience.
Wanna know why, and the alternatives? Keep reading!
## History
When TLS sends an encrypted packet over the network it begins with a handshake
which shows the things like the tls version and the host SERVERNAME unencrypted
so that the remote server can respond with the correct certificate.
SSH was created well before TLS and has a completely different header. The good
news is that, unlike some other early internet protocols, it does have a header
with its name and version, but it doesn't have anything to identify the server.
## Telebit + SSH
Here's why:
When you're running ssh through an https tunnel (as telebit does) you
can't just use \"ssh me.example.com\" to get in. You have to tell ssh that you
want to use an https tunnel. Using \"telebit ssh\" as a client will specify
all of the correct ssh options.
However, when you want to connect to ssh over https, you either have to pass
the correct arguments or modify your ~/.ssh/config to use \"openssl s_client\".
We explain the different configurations below:
## SSH + openssl
The configuration that's most likely to work with what's already installed on
your machine is this:
Host jon.telebit.io
ProxyCommand openssl s_client -quiet -connect %h:443 -servername %h
Or you would call ssh directly, like this:
ssh jon.telebit.io -o ProxyCommand=\"openssl s_client -quiet -connect %h:443 -servername %h\"
It's rather simple, but it looks quite daunting.
## SSH + sclient
Because that looks a little hairy, we created \"sclient\", so that the example
could look a bit more digestible:
Host jon.telebit.io
ProxyCommand sclient %h
Or
ssh jon.telebit.io -o ProxyCommand=\"sclient %h\"
## Inverse SSH Tunnel (same as stunnel)
The commands above instruct ssh to open a pipe into openssl or sclient. If we
instead want to connect ssh to a local tunnel, it looks like this:
Host jon.telebit.io
Hostname localhost
Port 3000
HostKeyAlias jon.telebit.io
CheckHostIP no
RequestTTY force
Or
ssh localhost -p 3000 -t -o CheckHostIP=no -o HostKeyAlias=jon.telebit.io
## See also
telebit ftp
telebit vpn"
tcp = "Telebit TCP - Seemless connectivity to LEGACY apps.
Use 'telebit http' instead, where possible (including for ssh).
usage: telebit tcp <path/port/none>
tcp <local> [remote] forward tcp to <local> from <remote>
ex: telebit tcp 5050 6565 ex: forward tcp port 6565 locally to port 5050
tcp <path> [remote] show ftp-style directory listing
ex: telebit tcp ~/Public ex: show listing of ~/Public
tcp none [remote] disable tcp access for [remote] port
ex: telebit tcp none 6565 ex: remove access to port 6565
Use cases:
- Debugging plain TCP when troubleshooting a legacy app
- You can't install a secure client (like telebit, sclient, openssl, or stunnel)
See also sclient <https://telebit.cloud/sclient> for connecting to legacy apps
with telebit-upscaled secure https access."
scp = "Telebit (Client) scp
See \"telebit rsync\"."
rsync = "Telebit (Client) rsync - Sync files to or from another computer
Sync files and directories from one computer to another.
Usage:
telebit rsync [flags] <src> <dst> [arguments]
ex: telebit rsync -av home.jon.telebit.cloud:shared/ ~/shared/ --exclude=tmp
This is not a full implementation of rsync, but rather a convenience wrapper
around rsync which passes the correct options to ssh for https tunneling.
Due to the way telebit wraps rsync, all flags which take an argumnt must
go after the source and destination paths / addresses.
See also: telebit help ssh-proxy"
vpn = "Telebit (Client) vpn - Use with Firefox for UNSTOPPABLE web browsing
This provides a very easy-to-use, lightweight VPN known as Socks5 that can be
used directly by Firefox and Chrome without requiring administrator privileges.
Usage:
telebit vpn --socks5 <port> <remote>
ex: telebit vpn --socks5 6789 home.jon.telebit.io
The flags are:
--socks5 <port> You MUST specify the socks5 port
Firefox Configuration:
Firefox -> Preferences
Advanced -> Network
Connection -> Settings
Manual proxy configuration:
SOCKS Host: localhost
Port: 6789
SOCKS v5
Just like a full vpn client, it routes your IP traffic places through the VPN
server (which in this case is another one of your telebit devices), but only
for traffic in the configured browser. You can still access school and office
resources in the other browser (and other applications) the need to switch a
full VPN on and off.
As will all other telebit functionality, this use https tunneling and will not
be disrupted by unfavorable network conditions.
Use cases:
- Watch your US Netflix using your home IP while traveling abroad.
- Log into your router as if from inside your home network.
- Disregard poorly configured web proxies at school or work.
See also: telebit help ssh-proxy"
ftp = "Telebit (Client) Secure FTP
Alias of \"telebit rsync\"
The original FTP was superseded by sftp and then rsync a few decades ago,
however, sometimes we refer to its successors, generically, as \"FTP\"
(just like you might say \"hang up\" the phone).
## History
FTP is a legacy of the 1970s. It served its purpose well on local networks, but
was extremely dangerous on the Internet due to its lack of security and various
vulnerabilities. On some legacy systems it remains an easy target to steal
passwords and load viruses onto computers.
Although very few systems have ftp installed today (thank goodness), almost every
computer comes with rsync already installed and ready to go.
Use \"telebit rsync\" instead."
daemon = "telebit daemon v{version}
Usage:
telebit daemon --config <path>
ex: telebit daemon --config ~/.config/telebit/telebitd.yml
Additional help topics:
config config file format and settings
remote telebit cli remote control
Copyright 2015-2018 https://telebit.cloud MPL-2.0 Licensed"
config = "Telebit Config (docs)
There are TWO config files:
remote ~/.config/telebit/telebit.yml
daemon ~/.config/telebit/telebitd.yml
### Remote Config
This only specifies the ipc - socket path (dir), address, or pipe name.
All other options are handled by the daemon.
ipc: /Users/aj/.local/share/telebit/var/run/
### Daemon Config
relay: telebit.cloud the relay to use
secret: null HMAC secret for self-hosted relay
email: jon@example.com the email to authenticate
agree_tos: true agree to Telebit, Greenlock, & Let's Encrypt, ToS
community_member: true get rare but relevant community updates
telemetry: true contribute to project telemetry
servernames:
example.com: don't reject https traffic for example.com
wildcard: true allow assignment to subdomains
handler: ~/Public whether to use a static server by path or app by port
home.example.com:
wildcard: true
handler: 3000
ssh_auto: 22 forward ssh-ish traffic to port 22
See also: telebit help relay"
sclient = "sclient
Usage:
sclient [flags] <remote> [local]
ex: sclient whatever.com:443 localhost:3000
ex: sclient whatever.com -
ex: printf \"GET / HTTP/1.1\\n\\n\" | sclient whatever.com
sclient is a standalane tls unwrapper. For convenience it's bundled with telebit
as the passthru subcommand \"telebit sclient\" and functions exactly the name.
telebit sclient [flags] <remote> [local]
ex: printf \"GET / HTTP/1.1\\n\\n\" | telebit sclient whatever.com
See https://telebit.cloud/sclient/"
relay = "Telebit Relay
We envision a future with better routers capable of providing reliable Internet
connectivity, and trusted peers bridging the gaps between unfavorable network
conditions.
We plan to always run telebit.cloud as a relay-as-a-service for convenience,
but it is our hope that, if your network conditions permit, you will also run
your own telebit relay for your friends, family, and yourself.
See https://git.coolaj86.com/coolaj86/telebit-relay.js"
in-n-out = "Telebit Secret Menu
The secret flags are:
--profile <name> Use config files, sockets, and pipes with this name.
For debugging and development. (default: telbit, telebitd)
--set-profile <name> Switch from the default profile
--address <path|host:port> Use explicit socket path (or address) or pipe name
Overrides \"--profile\""
[remote]
version = "telebit remote v{version}"
code = "
==============================================
Hey, Listen!
==============================================
GO CHECK YOUR EMAIL!
DEVICE PAIR CODE: 0000
==============================================
"
waiting = "waiting for you to check your email..."
success = "Success"
next_steps = "Some fun things to try first:
~/telebit http ~/Public
~/telebit tcp 5050
~/telebit ssh auto
Press any key to continue...
"
[remote.setup]
email = "Welcome!
By using Telebit you agree to:
[x] Accept the Telebit terms of service
[x] Accept the Let's Encrypt terms of service
Enter your email to agree and login/create your account:
"
[daemon]
version = "telebit daemon v{version}"

31
lib/html/css/main.css
View File

@ -1,31 +0,0 @@
body {
font-family: Source Sans Pro, sans-serif;
font-size: 18px;
color: #1a1a1a;
letter-spacing: -0.022222222em;
line-height: 1.33;
margin: 0;
text-align: center;
padding: 2em 0 2em 0;
}
code {}
code, pre {
font-family: Source Code Pro, monospace;
}
.code-block {
text-align: left;
display: inline-block;
}
span.logo {
font-size: 1.666em;
font-weight: bold;
}
p {margin-bottom: 0.5em;margin-top: 1.5em;}

BIN
lib/html/fonts/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
View File

Binary file not shown.

BIN
lib/html/fonts/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
View File

Binary file not shown.

BIN
lib/html/fonts/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2
View File

Binary file not shown.

95
lib/html/index.html
View File

@ -3,93 +3,40 @@
<head>
<title>Telebit</title>
<meta charset="utf-8">
<link href="./css/main.css" rel="stylesheet">
<style>
@font-face {
font-family: 'Source Sans Pro';
font-style: normal;
font-display: block;
font-weight: 400;
src: local('Source Sans Pro Regular'), local('SourceSansPro-Regular'), url(./fonts/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2) format('woff2');
unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
}
@font-face {
font-family: 'Source Sans Pro';
font-style: normal;
font-weight: 700;
font-display: block;
src: local('Source Sans Pro Bold'), local('SourceSansPro-Bold'), url(./fonts/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2) format('woff2');
unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
}
@font-face {
font-family: 'Source Code Pro';
font-style: normal;
font-weight: 400;
src: local('Source Code Pro'), local('SourceCodePro-Regular'), url(./fonts/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2) format('woff2');
unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
}
</style>
<link rel="preload" href="./fonts/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2" as="font" crossorigin="anonymous">
<link rel="preload" href="./fonts/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2" as="font" crossorigin="anonymous">
<link rel="preload" href="./fonts/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2" as="font" crossorigin="anonymous">
</head>
<body>
<script>document.body.hidden = true;</script>
<!-- let's define our SVG that we will use later -->
<svg width="0" height="0" viewBox="0 0 24 24">
<defs>
<g id="svg-lock">
<path d="M0 0h24v24H0z" fill="none"/>
<path d="M18 8h-1V6c0-2.76-2.24-5-5-5S7 3.24 7 6v2H6c-1.1 0-2 .9-2 2v10c0 1.1.9 2 2 2h12c1.1 0 2-.9 2-2V10c0-1.1-.9-2-2-2zm-6 9c-1.1 0-2-.9-2-2s.9-2 2-2 2 .9 2 2-.9 2-2 2zm3.1-9H8.9V6c0-1.71 1.39-3.1 3.1-3.1 1.71 0 3.1 1.39 3.1 3.1v2z"/>
</g>
</defs>
</svg>
<span class="logo">Telebit</span>
<h1>Welcome Home <!-- as in 127.0.0.1, y'know ;) --></h1>
<div>Go ahead and bookmark this page. It's yours now.</div>
<p>Go ahead and bookmark this page. It's yours now.</p>
<div>
<h2>You've claimed <span class="js-servername">{{servername}}</span></h2>
<p>Here are some ways you can use Telebit via Terminal or other Command Line Interface:</p>
<div class="code-block">
<br />
<pre><code>~/telebit ssh auto # allows you to connect to your computer with <br /> ssh-over-https from a different computer</span></code></pre>
<pre><code>~/telebit http ~/Public # serve a public folder
~/telebit http 3000 # forward all https traffic to localhost:3000
~/telebit http none # remove all https handlers</code></pre>
</div>
<p>Here's some ways you can use it:</p>
<pre><code>
telebit http 3000 # forward all https traffic to localhost:3000
telebit http /path/to/module # handle incoming https traffic with a node module
telebit http none # remove all https handlers</code></pre>
</div>
<p>And remember you can <em>always</em> tunnel <strong>SSH over HTTPS</strong>,
even while you're using it for something else:</p>
<p>&nbsp;</p>
<details>
<p><summary><strong>Here are some examples for those of you that want to access files and folders remotely. </strong></summary></p>
<p><strong>This function allows you to connect one computer to another computer you also have SSH on.</strong></p>
<div class="code-block"><pre><code>~/telebit ssh <span class="js-servername">{{servername}}</span></code></pre>
<br>
- or -
<pre><code>ssh -o ProxyCommand='<a href="https://telebit.cloud/sclient">sclient</a> %h' <span class="js-servername">{{servername}}</span></code></pre>
- or -
<pre><code>proxy_cmd='openssl s_client -connect %h:443 -servername %h -quiet'
ssh -o ProxyCommand="$proxy_cmd" <span class="js-servername">{{servername}}</span></code></pre>
</div>
<pre><code>ssh -o ProxyCommand='openssl s_client -connect %h:443 -servername %h -quiet' <span class="js-servername">{{servername}}</span></code></pre>
</details>
<!--div class="js-port" hidden>
<p>You can <em>always</em> use this port for <strong>SSH over HTTPS</strong>, even while you're using it for something else:</p>
<pre><code>
ssh -o ProxyCommand='openssl s_client -connect %h:443 -servername %h -quiet' <span class="js-servername">{{servername}}</span></code></pre>
<div class="js-port" hidden>
<h2>You've claimed port <span class="js-serviceport">{{serviceport}}</span></h2>
<p>Here's some ways you can use it:</p>
<div class="code-block"><pre><code>telebit tcp 3000 # forward all tcp traffic to localhost:3000
<pre><code>
telebit tcp 3000 # forward all tcp traffic to localhost:3000
telebit tcp /path/to/module # handle incoming tcp traffic with a node module
telebit tcp none # remove all tcp handlers</code></pre>
</div>
<p>You can <em>always</em> use this port for <strong>SSH</strong>, even while you're using it for something else:</p>
<div class="code-block"><pre><code>telebit ssh 22
</div>
<p>You can <em>always</em> use this port for <strong>SSH</strong>, even while you're using it for something else:</p>
<pre><code>telebit ssh 22
ssh <span class="js-servername">{{servername}}</span> -p <span class="js-serviceport">{{serviceport}}</span></code></pre>
ssh <span class="js-servername">{{servername}}</span> -p <span class="js-serviceport">{{serviceport}}</span></code></pre></div>
</div -->
<script src="js/app.js"></script>
</body>
</html>
</html>

2
lib/html/js/app.js
View File

@ -3,7 +3,7 @@
document.body.hidden = false;
var hash = window.location.hash.replace(/^[\/#?]+/, '');
var hash = window.location.hash.substr(1);
var query = window.location.search;
function parseQuery(search) {

712
lib/remote.js
View File

@ -1,6 +1,9 @@
(function () {
'use strict';
// TODO use stream-based ws
// https://github.com/websockets/ws/issues/596
var PromiseA;
try {
PromiseA = require('bluebird');
@ -8,10 +11,8 @@ try {
PromiseA = global.Promise;
}
var WebSocket = require('ws');
var sni = require('sni');
var Packer = require('proxy-packer');
var os = require('os');
var EventEmitter = require('events').EventEmitter;
function timeoutPromise(duration) {
return new PromiseA(function (resolve) {
@ -19,46 +20,38 @@ function timeoutPromise(duration) {
});
}
function TelebitRemote(state) {
// jshint latedef:false
if (!(this instanceof TelebitRemote)) {
return new TelebitRemote(state);
}
EventEmitter.call(this);
var me = this;
var priv = {};
//var defaultHttpTimeout = (2 * 60);
//var activityTimeout = state.activityTimeout || (defaultHttpTimeout - 5) * 1000;
var activityTimeout = 6 * 1000;
var pongTimeout = state.pongTimeout || 10*1000;
function _connect(state) {
// Allow the tunnel client to be created with no token. This will prevent the connection from
// being established initialy and allows the caller to use `.append` for the first token so
// they can get a promise that will provide feedback about invalid tokens.
priv.tokens = [];
var auth;
if(!state.sortingHat) {
state.sortingHat = "./sorting-hat.js";
}
var sharedPausedClients = [];
var sharedTimeoutId;
var client = require('./client').create({});
// client.wstunneler = null;
// client.pendingCommands = {};
// client.machine = machine<Packer>
// client.auth = null;
// client.sharedTokens = [];
// client.localclients = {};
// client.authenticated = false;
client._state = state;
if (state.token) {
if ('undefined' === state.token) {
throw new Error("passed string 'undefined' as token");
}
priv.tokens.push(state.token);
client.sharedTokens.push(state.token);
}
var wstunneler;
var authenticated = false;
var authsent = false;
var initialConnect = true;
priv.localclients = {};
var pausedClients = [];
var clientHandlers = {
add: function (conn, cid, tun) {
priv.localclients[cid] = conn;
console.info("[connect] new client '" + tun.name + ":" + tun.serviceport + "' for '" + cid + "'"
_initialConnect: true
, add: function (conn, cid, tun) {
client.localclients[cid] = conn;
console.info("[connect] new client '" + cid + "' for '" + tun.name + ":" + tun.serviceport + "' "
+ "(" + clientHandlers.count() + " clients)");
conn.tunnelCid = cid;
@ -69,6 +62,7 @@ function TelebitRemote(state) {
}
conn.tunnelWritten = 0;
// TODO use readable
conn.on('data', function onLocalData(chunk) {
//var chunk = conn.read();
if (conn.tunnelClosing) {
@ -82,22 +76,22 @@ function TelebitRemote(state) {
// down the data we are getting to send over. We also want to pause all active connections
// if any connections are paused to make things more fair so one connection doesn't get
// stuff waiting for all other connections to finish because it tried writing near the border.
var bufSize = sendMessage(Packer.packHeader(tun, chunk));
var bufSize = wsTunnelRemote.sendMessage(Packer.packHeader(tun, chunk));
// Sending 2 messages instead of copying the buffer
var bufSize2 = sendMessage(chunk);
if (pausedClients.length || (bufSize + bufSize2) > 1024*1024) {
var bufSize2 = wsTunnelRemote.sendMessage(chunk);
if (sharedPausedClients.length || (bufSize + bufSize2) > 1024*1024) {
// console.log('[onLocalData] paused connection', cid, 'to allow websocket to catch up');
conn.pause();
pausedClients.push(conn);
sharedPausedClients.push(conn);
}
});
var sentEnd = false;
conn.on('end', function onLocalEnd() {
//console.info("[onLocalEnd] connection '" + cid + "' ended, will probably close soon");
console.info("[onLocalEnd] connection '" + cid + "' ended, will probably close soon");
conn.tunnelClosing = true;
if (!sentEnd) {
sendMessage(Packer.packHeader(tun, null, 'end'));
wsTunnelRemote.sendMessage(Packer.packHeader(tun, null, 'end'));
sentEnd = true;
}
});
@ -105,22 +99,22 @@ function TelebitRemote(state) {
console.info("[onLocalError] connection '" + cid + "' errored:", err);
if (!sentEnd) {
var packBody = true;
sendMessage(Packer.packHeader(tun, {message: err.message, code: err.code}, 'error', packBody));
wsTunnelRemote.sendMessage(Packer.packHeader(tun, {message: err.message, code: err.code}, 'error', packBody));
sentEnd = true;
}
});
conn.on('close', function onLocalClose(hadErr) {
delete priv.localclients[cid];
delete client.localclients[cid];
console.log('[onLocalClose] closed "' + cid + '" read:'+conn.tunnelRead+', wrote:'+conn.tunnelWritten+' (' + clientHandlers.count() + ' clients)');
if (!sentEnd) {
sendMessage(Packer.packHeader(tun, null, hadErr && 'error' || 'end'));
wsTunnelRemote.sendMessage(Packer.packHeader(tun, null, hadErr && 'error' || 'end'));
sentEnd = true;
}
});
}
, write: function (cid, opts) {
var conn = priv.localclients[cid];
var conn = client.localclients[cid];
if (!conn) {
return false;
}
@ -138,12 +132,12 @@ function TelebitRemote(state) {
if (!conn.remotePaused && conn.bufferSize > 1024*1024) {
var packBody = true;
sendMessage(Packer.packHeader(opts, conn.tunnelRead, 'pause', packBody));
wsTunnelRemote.sendMessage(Packer.packHeader(opts, conn.tunnelRead, 'pause', packBody));
conn.remotePaused = true;
conn.once('drain', function () {
var packBody = true;
sendMessage(Packer.packHeader(opts, conn.tunnelRead, 'resume', packBody));
wsTunnelRemote.sendMessage(Packer.packHeader(opts, conn.tunnelRead, 'resume', packBody));
conn.remotePaused = false;
});
}
@ -151,13 +145,13 @@ function TelebitRemote(state) {
}
, closeSingle: function (cid) {
if (!priv.localclients[cid]) {
if (!client.localclients[cid]) {
return;
}
//console.log('[closeSingle]', cid);
console.log('[closeSingle]', cid);
PromiseA.resolve().then(function () {
var conn = priv.localclients[cid];
var conn = client.localclients[cid];
conn.tunnelClosing = true;
conn.end();
@ -168,416 +162,362 @@ function TelebitRemote(state) {
// Otherwise we want the connection to be able to finish, but we also want to impose
// a time limit for it to drain, since it shouldn't have more than 1MB buffered.
return new PromiseA(function (resolve) {
var timeoutId = setTimeout(resolve, 60*1000);
var myTimeoutId = setTimeout(resolve, 60*1000);
conn.once('drain', function () {
clearTimeout(timeoutId);
clearTimeout(myTimeoutId);
setTimeout(resolve, 500);
});
});
}).then(function () {
if (priv.localclients[cid]) {
if (client.localclients[cid]) {
console.warn('[closeSingle]', cid, 'connection still present after calling `end`');
priv.localclients[cid].destroy();
client.localclients[cid].destroy();
return timeoutPromise(500);
}
}).then(function () {
if (priv.localclients[cid]) {
if (client.localclients[cid]) {
console.error('[closeSingle]', cid, 'connection still present after calling `destroy`');
delete priv.localclients[cid];
delete client.localclients[cid];
}
}).catch(function (err) {
console.error('[closeSingle] failed to close connection', cid, err.toString());
delete priv.localclients[cid];
delete client.localclients[cid];
});
}
, closeAll: function () {
console.log('[closeAll]');
Object.keys(priv.localclients).forEach(function (cid) {
Object.keys(client.localclients).forEach(function (cid) {
clientHandlers.closeSingle(cid);
});
}
, count: function () {
return Object.keys(priv.localclients).length;
return Object.keys(client.localclients).length;
}
};
var pendingCommands = {};
function sendMessage(msg) {
// There is a chance that this occurred after the websocket was told to close
// and before it finished, in which case we don't need to log the error.
if (wstunneler.readyState !== wstunneler.CLOSING) {
wstunneler.send(msg, {binary: true});
return wstunneler.bufferedAmount;
}
}
function sendCommand(name) {
var id = Math.ceil(1e9 * Math.random());
var cmd = [id, name].concat(Array.prototype.slice.call(arguments, 1));
if (state.debug) { console.log('[DEBUG] command sending', cmd); }
var packBody = true;
sendMessage(Packer.packHeader(null, cmd, 'control', packBody));
setTimeout(function () {
if (pendingCommands[id]) {
console.warn('command', name, id, 'timed out');
pendingCommands[id]({
message: 'response not received in time'
, code: 'E_TIMEOUT'
});
}
}, pongTimeout);
return new PromiseA(function (resolve, reject) {
pendingCommands[id] = function (err, result) {
delete pendingCommands[id];
if (err) {
reject(err);
} else {
resolve(result);
}
};
});
}
function noHandler(cmd) {
console.warn("[telebit] state.handlers['" + cmd[1] + "'] not set");
console.warn(cmd[2]);
}
var connCallback;
function hyperPeek(tun) {
var m;
var str;
if (tun.data) {
if ('http' === tun.service) {
str = tun.data.toString();
m = str.match(/(?:^|[\r\n])Host: ([^\r\n]+)[\r\n]*/im);
tun._name = tun._hostname = (m && m[1].toLowerCase() || '').split(':')[0];
}
else if ('https' === tun.service || 'tls' === tun.service) {
tun._name = tun._servername = sni(tun.data);
} else {
tun._name = '';
}
}
}
var packerHandlers = {
oncontrol: function (opts) {
var cmd, err;
try {
cmd = JSON.parse(opts.data.toString());
} catch (err) {}
if (!Array.isArray(cmd) || typeof cmd[0] !== 'number') {
console.warn('received bad command "' + opts.data.toString() + '"');
return;
}
if (cmd[0] < 0) {
var cb = pendingCommands[-cmd[0]];
if (!cb) {
console.warn('received response for unknown request:', cmd);
} else {
cb.apply(null, cmd.slice(1));
}
return;
}
if (cmd[0] === 0) {
console.warn('received dis-associated error from server', cmd[1]);
if (connCallback) {
connCallback(cmd[1]);
}
return;
}
if (cmd[1] === 'hello') {
if (state.debug) { console.log('[DEBUG] hello received'); }
if (auth) {
authsent = true;
sendCommand('auth', auth).catch(function (err) { console.error('1', err); });
}
priv.tokens.forEach(function (jwtoken) {
if (state.debug) { console.log('[DEBUG] send token'); }
authsent = true;
sendCommand('add_token', jwtoken)
.catch(function (err) {
console.error('failed re-adding token', jwtoken, 'after reconnect', err);
// Not sure if we should do something like remove the token here. It worked
// once or it shouldn't have stayed in the list, so it's less certain why
// it would have failed here.
});
});
if (connCallback) {
connCallback();
}
// TODO: handle the versions and commands provided by 'hello' - isn't super important
// yet since there is only one version and set of commands.
err = null;
} else if (cmd[1] === 'grant') {
authenticated = true;
if (state.handlers[cmd[1]]) {
state.handlers[cmd[1]](cmd[2]);
} else {
noHandler(cmd);
}
return;
} else if (cmd[1] === 'access_token') {
authenticated = true;
if (state.handlers[cmd[1]]) {
state.handlers[cmd[1]](cmd[2]);
} else {
noHandler(cmd);
}
return;
} else {
err = { message: 'unknown command "'+cmd[1]+'"', code: 'E_UNKNOWN_COMMAND' };
}
var DEFAULT_HTTP_TIMEOUT = (2 * 60);
var wsTunnelRemote = {
_activityTimeout: state.activityTimeout || (DEFAULT_HTTP_TIMEOUT - 5) * 1000
, _pongTimeout: state.pongTimeout || 10*1000
, _lastActivity: 0
, _sendCommand: function (name) {
var id = Math.ceil(1e9 * Math.random());
var cmd = [id, name].concat(Array.prototype.slice.call(arguments, 1));
if (state.debug) { console.log('[DEBUG] command sending', cmd); }
var packBody = true;
sendMessage(Packer.packHeader(null, [-cmd[0], err], 'control', packBody));
}
, onconnection: function (tun) {
var cid = tun._id = Packer.addrToId(tun);
// this data should have been gathered already as part of the proxy protocol
// but if it's available again here we can double check
hyperPeek(tun);
// TODO use readable streams instead
wstunneler._socket.pause();
require(state.sortingHat).assign(state, tun, function (err, conn) {
if (err) {
err.message = err.message.replace(/:tun_id/, tun._id);
packerHandlers._onConnectError(cid, tun, err);
return;
wsTunnelRemote.sendMessage(Packer.packHeader(null, cmd, 'control', packBody));
setTimeout(function () {
if (client.pendingCommands[id]) {
console.warn('command', name, id, 'timed out');
client.pendingCommands[id]({
message: 'response not received in time'
, code: 'E_TIMEOUT'
});
}
clientHandlers.add(conn, cid, tun);
if (tun.data) { conn.write(tun.data); }
wstunneler._socket.resume();
}, wsTunnelRemote._pongTimeout);
return new PromiseA(function (resolve, reject) {
client.pendingCommands[id] = function (err, result) {
delete client.pendingCommands[id];
if (err) {
reject(err);
} else {
resolve(result);
}
};
});
}
, onmessage: function (tun) {
var cid = tun._id = Packer.addrToId(tun);
var handled;
hyperPeek(tun);
handled = clientHandlers.write(cid, tun);
// quasi backwards compat
if (!handled) { console.log("[debug] did not get 'connection' event"); packerHandlers.onconnection(tun); }
, refreshTimeout: function () {
wsTunnelRemote._lastActivity = Date.now();
}
, onpause: function (opts) {
var cid = Packer.addrToId(opts);
if (priv.localclients[cid]) {
console.log("[TunnelPause] pausing '"+cid+"', remote received", opts.data.toString(), 'of', priv.localclients[cid].tunnelWritten, 'sent');
priv.localclients[cid].manualPause = true;
priv.localclients[cid].pause();
} else {
console.log('[TunnelPause] remote tried pausing finished connection', cid);
// Often we have enough latency that we've finished sending before we're told to pause, so
// don't worry about sending back errors, since we won't be sending data over anyway.
// var packBody = true;
// sendMessage(Packer.packHeader(opts, {message: 'no matching connection', code: 'E_NO_CONN'}, 'error', packBody));
, checkTimeout: function () {
if (!client.wstunneler) {
console.warn('checkTimeout called when websocket already closed');
return;
}
}
, onresume: function (opts) {
var cid = Packer.addrToId(opts);
if (priv.localclients[cid]) {
console.log("[TunnelResume] resuming '"+cid+"', remote received", opts.data.toString(), 'of', priv.localclients[cid].tunnelWritten, 'sent');
priv.localclients[cid].manualPause = false;
priv.localclients[cid].resume();
} else {
console.log('[TunnelResume] remote tried resuming finished connection', cid);
// var packBody = true;
// sendMessage(Packer.packHeader(opts, {message: 'no matching connection', code: 'E_NO_CONN'}, 'error', packBody));
// Determine how long the connection has been "silent", ie no activity.
var silent = Date.now() - wsTunnelRemote._lastActivity;
// If we have had activity within the last activityTimeout then all we need to do is
// call this function again at the soonest time when the connection could be timed out.
if (silent < wsTunnelRemote._activityTimeout) {
sharedTimeoutId = setTimeout(wsTunnelRemote.checkTimeout, wsTunnelRemote._activityTimeout-silent);
}
// Otherwise we check to see if the pong has also timed out, and if not we send a ping
// and call this function again when the pong will have timed out.
else if (silent < wsTunnelRemote._activityTimeout + wsTunnelRemote._pongTimeout) {
console.log('pinging tunnel server');
try {
client.wstunneler.ping();
} catch (err) {
console.warn('failed to ping tunnel server', err);
}
sharedTimeoutId = setTimeout(wsTunnelRemote.checkTimeout, wsTunnelRemote._pongTimeout);
}
// Last case means the ping we sent before didn't get a response soon enough, so we
// need to close the websocket connection.
else {
console.log('connection timed out');
client.wstunneler.close(1000, 'connection timeout');
}
}
, onend: function (opts) {
var cid = Packer.addrToId(opts);
//console.log("[end] '" + cid + "'");
clientHandlers.closeSingle(cid);
}
, onerror: function (opts) {
var cid = Packer.addrToId(opts);
//console.log("[error] '" + cid + "'", opts.code || '', opts.message);
clientHandlers.closeSingle(cid);
}
, onOpen: function () {
console.info("[open] connected to '" + (state.wss || state.relay) + "'");
wsTunnelRemote.refreshTimeout();
, _onConnectError: function (cid, opts, err) {
console.info("[_onConnectError] opening '" + cid + "' failed because " + err.message);
sendMessage(Packer.packHeader(opts, null, 'error'));
}
};
sharedTimeoutId = setTimeout(wsTunnelRemote.checkTimeout, wsTunnelRemote._activityTimeout);
priv.timeoutId = null;
priv.lastActivity = Date.now();
priv.refreshTimeout = function refreshTimeout() {
priv.lastActivity = Date.now();
};
priv.checkTimeout = function checkTimeout() {
if (!wstunneler) {
console.warn('checkTimeout called when websocket already closed');
return;
}
// Determine how long the connection has been "silent", ie no activity.
var silent = Date.now() - priv.lastActivity;
// If we have had activity within the last activityTimeout then all we need to do is
// call this function again at the soonest time when the connection could be timed out.
if (silent < activityTimeout) {
priv.timeoutId = setTimeout(priv.checkTimeout, activityTimeout-silent);
}
// Otherwise we check to see if the pong has also timed out, and if not we send a ping
// and call this function again when the pong will have timed out.
else if (silent < activityTimeout + pongTimeout) {
//console.log('DEBUG: pinging tunnel server');
try {
wstunneler.ping();
} catch (err) {
console.warn('failed to ping tunnel server', err);
}
priv.timeoutId = setTimeout(priv.checkTimeout, pongTimeout);
}
// Last case means the ping we sent before didn't get a response soon enough, so we
// need to close the websocket connection.
else {
console.info('[info] closing due to connection timeout');
wstunneler.close(1000, 'connection timeout');
}
};
me.destroy = function destroy() {
console.info('[info] destroy()');
try {
//wstunneler.close(1000, 're-connect');
wstunneler._socket.destroy();
} catch(e) {
// ignore
}
};
me.connect = function connect() {
if (!priv.tokens.length && state.config.email) {
auth = TelebitRemote._tokenFromState(state);
}
priv.timeoutId = null;
var machine = Packer.create(packerHandlers);
console.info("[telebit:lib/remote.js] [connect] '" + (state.wss || state.relay) + "'");
var tunnelUrl = (state.wss || state.relay).replace(/\/$/, '') + '/'; // + auth;
wstunneler = new WebSocket(tunnelUrl, { rejectUnauthorized: !state.insecure });
// XXXXXX
wstunneler.on('open', function () {
console.info("[telebit:lib/remote.js] [open] connected to '" + (state.wss || state.relay) + "'");
me.emit('connect');
priv.refreshTimeout();
priv.timeoutId = setTimeout(priv.checkTimeout, activityTimeout);
wstunneler._socket.on('drain', function () {
client.wstunneler._socket.on('drain', function () {
// the websocket library has it's own buffer apart from node's socket buffer, but that one
// is much more difficult to watch, so we watch for the lower level buffer to drain and
// then check to see if the upper level buffer is still too full to write to. Note that
// the websocket library buffer has something to do with compression, so I'm not requiring
// that to be 0 before we start up again.
if (wstunneler.bufferedAmount > 128*1024) {
if (client.wstunneler.bufferedAmount > 128*1024) {
return;
}
pausedClients.forEach(function (conn) {
sharedPausedClients.forEach(function (conn) {
if (!conn.manualPause) {
// console.log('resuming connection', conn.tunnelCid, 'now the websocket has caught up');
conn.resume();
}
});
pausedClients.length = 0;
sharedPausedClients.length = 0;
});
initialConnect = false;
});
wstunneler.on('close', function () {
console.info("[info] [closing] received close signal from relay");
clearTimeout(priv.timeoutId);
//Call either Open or Reconnect handlers.
if(state.handlers.onOpen && clientHandlers._initialConnect) {
state.handlers.onOpen();
} else if (state.handlers.onReconnect && !clientHandlers._initialConnect) {
state.handlers.onReconnect();
}
clientHandlers._initialConnect = false;
}
, onClose: function () {
clearTimeout(sharedTimeoutId);
client.wstunneler = null;
clientHandlers.closeAll();
var error = new Error('websocket connection closed before response');
error.code = 'E_CONN_CLOSED';
Object.keys(pendingCommands).forEach(function (id) {
pendingCommands[id](error);
Object.keys(client.pendingCommands).forEach(function (id) {
client.pendingCommands[id](error);
});
if (connCallback) {
connCallback(error);
if (client.connCallback) {
client.connCallback(error);
}
me.emit('close');
});
wstunneler.on('error', function (err) {
me.emit('error', err);
});
if (!client.authenticated) {
if(state.handlers.onError) {
var err = new Error('Failed to connect on first attempt... check authentication');
state.handlers.onError(err);
}
if(state.handlers.onClose) {
state.handlers.onClose();
}
console.info('[close] failed on first attempt... check authentication.');
sharedTimeoutId = null;
}
else if (client.sharedTokens.length) {
if(state.handlers.onDisconnect) {
state.handlers.onDisconnect();
}
console.info('[retry] disconnected and waiting...');
sharedTimeoutId = setTimeout(connect, 5000);
} else {
if(state.handlers.onClose) {
state.handlers.onClose();
}
}
}
, onError: function (err) {
if ('ENOTFOUND' === err.code) {
// DNS issue, probably network is disconnected
sharedTimeoutId = setTimeout(connect, 90 * 1000);
return;
}
console.error("[tunnel error] " + err.message);
console.error(err);
if (client.connCallback) {
client.connCallback(err);
}
}
, sendMessage: function (msg) {
if (client.wstunneler) {
try {
client.wstunneler.send(msg, {binary: true});
return client.wstunneler.bufferedAmount;
} catch (err) {
// There is a chance that this occurred after the websocket was told to close
// and before it finished, in which case we don't need to log the error.
if (client.wstunneler.readyState !== client.wstunneler.CLOSING) {
console.warn('[sendMessage] error sending websocket message', err);
}
}
}
}
};
function connect() {
if (client.wstunneler) {
console.warn('attempted to connect with connection already active');
return;
}
if (!client.sharedTokens.length) {
if (state.config.email) {
client.auth = {
subject: state.config.email
, subject_scheme: 'mailto'
// TODO create domains list earlier
, scope: Object.keys(state.config.servernames || {}).join(',')
, otp: state.otp
, hostname: os.hostname()
// Used for User-Agent
, os_type: os.type()
, os_platform: os.platform()
, os_release: os.release()
, os_arch: os.arch()
};
}
}
sharedTimeoutId = null;
console.info("[connect] '" + (state.wss || state.relay) + "'");
var tunnelUrl = (state.wss || state.relay).replace(/\/$/, '') + '/'; // + client.auth;
var wsOpts = { binary: true, rejectUnauthorized: !state.insecure };
client.wstunneler = new WebSocket(tunnelUrl, wsOpts);
client.wsreader = require('./ws-readable').create(client.wstunneler);
client.wstunneler.on('open', wsTunnelRemote.onOpen);
client.wstunneler.on('close', wsTunnelRemote.onClose);
client.wstunneler.on('error', wsTunnelRemote.onError);
// Our library will automatically handle sending the pong respose to ping requests.
wstunneler.on('ping', priv.refreshTimeout);
wstunneler.on('pong', function () {
//console.log('DEBUG received pong');
priv.refreshTimeout();
});
wstunneler.on('message', function (data, flags) {
priv.refreshTimeout();
client.wstunneler.on('ping', wsTunnelRemote.refreshTimeout);
client.wstunneler.on('pong', wsTunnelRemote.refreshTimeout);
client.wstunneler.on('message', function (data, flags) {
wsTunnelRemote.refreshTimeout();
if (data.error || '{' === data[0]) {
console.log(data);
return;
}
machine.fns.addChunk(data, flags);
client.machine.fns.addChunk(data, flags);
});
};
me.end = function() {
priv.tokens.length = 0;
if (priv.timeoutId) {
clearTimeout(priv.timeoutId);
priv.timeoutId = null;
}
var xyzHandlers = {
_connPromise: null
, end: function(cb) {
client.sharedTokens.length = 0;
if (sharedTimeoutId) {
clearTimeout(sharedTimeoutId);
sharedTimeoutId = null;
}
if (client.wstunneler) {
try {
client.wstunneler.close(cb);
} catch(e) {
console.error("[error] client.wstunneler.close()");
console.error(e);
}
}
}
, append: function (token) {
if (!token) {
throw new Error("attempted to append empty token");
}
if ('undefined' === token) {
throw new Error("attempted to append token as the string 'undefined'");
}
if (client.sharedTokens.indexOf(token) >= 0) {
return PromiseA.resolve();
}
client.sharedTokens.push(token);
var prom;
if (client.sharedTokens.length === 1 && !client.wstunneler) {
// We just added the only token in the list, and the websocket connection isn't up
// so we need to restart the connection.
if (sharedTimeoutId) {
// Handle the case were the last token was removed and this token added between
// reconnect attempts to make sure we don't try openning multiple connections.
clearTimeout(sharedTimeoutId);
sharedTimeoutId = null;
}
// We want this case to behave as much like the other case as we can, but we don't have
// the same kind of reponses when we open brand new connections, so we have to rely on
// the 'hello' and the 'un-associated' error commands to determine if the token is good.
prom = xyzHandlers._connPromise = new PromiseA(function (resolve, reject) {
client.connCallback = function (err) {
client.connCallback = null;
xyzHandlers._connPromise = null;
if (err) {
reject(err);
} else {
resolve();
}
};
});
connect();
}
else if (xyzHandlers._connPromise) {
prom = xyzHandlers._connPromise.then(function () {
return wsTunnelRemote._sendCommand('add_token', token);
});
}
else {
prom = wsTunnelRemote._sendCommand('add_token', token);
}
prom.catch(function (err) {
console.error('adding token', token, 'failed:', err);
// Most probably an invalid token of some kind, so we don't really want to keep it.
client.sharedTokens.splice(client.sharedTokens.indexOf(token), 1);
});
return prom;
}
, clear: function (token) {
if (typeof token === 'undefined') {
token = '*';
}
if (token === '*') {
client.sharedTokens.length = 0;
} else {
var index = client.sharedTokens.indexOf(token);
if (index < 0) {
return PromiseA.resolve();
}
client.sharedTokens.splice(index);
}
var prom = wsTunnelRemote._sendCommand('delete_token', token);
prom.catch(function (err) {
console.error('clearing token', token, 'failed:', err);
});
return prom;
}
console.info('[info] closing due to tr.end()');
wstunneler.close(1000, 're-connect');
wstunneler.on('close', function () {
me.emit('end');
});
};
client._wsTunnelRemote = wsTunnelRemote;
client.clientHandlers = clientHandlers;
connect();
return xyzHandlers;
}
TelebitRemote.prototype = EventEmitter.prototype;
TelebitRemote._tokenFromState = function (state) {
return {
subject: state.config.email
, subject_scheme: 'mailto'
// TODO create domains list earlier
, scope: Object.keys(state.config.servernames || {}).join(',')
, otp: state.otp
, hostname: os.hostname()
// Used for User-Agent
, os_type: os.type()
, os_platform: os.platform()
, os_release: os.release()
, os_arch: os.arch()
};
};
TelebitRemote.create = function (opts) {
return new TelebitRemote(opts);
};
TelebitRemote.createConnection = function (opts, cb) {
var tunnel = TelebitRemote.create(opts);
tunnel.connect(opts);
tunnel.once('connect', cb);
return tunnel;
};
TelebitRemote.connect = TelebitRemote.createConnection;
module.exports.TelebitRemote = TelebitRemote;
module.exports.connect = _connect;
module.exports.createConnection = _connect;
}());

16
lib/sorting-hat.js
View File

@ -59,7 +59,7 @@ module.exports.print = function (config) {
};
module.exports.assign = function (state, tun, cb) {
//console.log('first message from', tun);
console.log('first message from', tun);
var net = state.net || require('net');
function trySsh(tun, cb) {
@ -328,15 +328,15 @@ module.exports.assign = function (state, tun, cb) {
try {
handler = require(handlerpath);
console.info("Trying to handle '" + handle + ":" + id + "' with '" + handlerpath + "'");
console.info("Handling '" + handle + ":" + id + "' with '" + handlerpath + "'");
} catch(e1) {
try {
handler = require(path.join(localshare, handlerpath));
console.info("Skip. (couldn't require('" + handlerpath + "'):", e1.message + ")");
console.info("Trying to handle '" + handle + ":" + id + "' with '" + handlerpath + "'");
console.info("Handling '" + handle + ":" + id + "' with '" + handlerpath + "'");
} catch(e2) {
console.info("Skip. (couldn't require('" + path.join(localshare, handlerpath) + "'):", e2.message + ")");
console.info("Last chance! (using static and index handlers for '" + handle + ":" + id + "')");
console.error("Failed to require('" + handlerpath + "'):", e1.message);
console.error("Failed to require('" + path.join(localshare, handlerpath) + "'):", e2.message);
console.warn("Trying static and index handlers for '" + handle + ":" + id + "'");
handler = null;
// fallthru
}
@ -372,7 +372,7 @@ module.exports.assign = function (state, tun, cb) {
serveStatic = state._serveStatic(conf.handler, { dotfiles: 'allow', index: [ 'index.html' ] });
dlStatic = state._serveStatic(conf.handler, { acceptRanges: false, dotfiles: 'allow', index: [ 'index.html' ] });
serveIndex = state._serveIndex(conf.handler, {
hidden: true, icons: true
hidden: true, icons: true, view: 'tiles'
, template: require('serve-tpl-attachment')({ privatefiles: 'ignore' })
});
}
@ -452,7 +452,7 @@ module.exports.assign = function (state, tun, cb) {
return;
}
//console.log('https invokeHandler');
console.log('https invokeHandler');
invokeHandler(conf, tlsSocket, tun, id);
});
});

75
lib/ws-readable.js Normal file
View File

@ -0,0 +1,75 @@
// https://github.com/websockets/ws/issues/596
var WSStream = module.exports = (function(){
var util = require('util');
var stream = require('stream');
var Duplex = stream.Duplex || require('readable-stream').Duplex;
var WSStream = function(ws, wsOptions, streamingOptions) { // Only the websocket (ws) is mandatory
// Proper duplex stream with automatic flow control (backpressure) management
if(!(this instanceof WSStream)) return new WSStream(ws, wsOptions, streamingOptions);
if(!(wsOptions instanceof Object)) wsOptions = {binary: false};
Duplex.call(this, streamingOptions);
this.waitingForData = true;
this.writeModBufferEmpty = true;
this.webSocket = ws;
this.webSocketOptions = wsOptions;
this.on('finish', finishEventHandler(this));
ws._socket.write = writeMod(ws._socket.write, this);
ws._socket.on('drain', drainEventHandler(this));
ws._socket.on('error', errorRouter(this));
ws.on('close', closeEventHandler(this));
ws.on('message', messageHandler(this));
},
finishEventHandler = function(self) {
return function() {
if(self.webSocket !== null) {
self.webSocket.close();
self.webSocket = null;
};
self.emit('close');
};
},
writeMod = function(nativeWriteFunction, self) {
return function() {
return self.writeModBufferEmpty = nativeWriteFunction.apply(this, arguments);
};
},
drainEventHandler = function(self) {
return function() {
self.writeModBufferEmpty = true;
self.emit('drain');
};
},
closeEventHandler = function(self) {
return function() {
self.push(null);
}
},
errorRouter = function(self) {
return function() {
self.emit.apply(self, ['error'].concat(arguments));
};
},
messageHandler = function(self) {
return function(data) {
if(!self.push(data) && self.waitingForData) {
self.webSocket._socket.pause();
self.waitingForData = false;
}
};
};
util.inherits(WSStream, Duplex);
WSStream.prototype._read = function(size) {
if(!this.waitingForData) {
this.waitingForData = true;
this.webSocket._socket.resume();
}
};
WSStream.prototype._write = function(chunk, encoding, callback) {
this.webSocket.send(chunk, this.webSocketOptions, callback);
return this.writeModBufferEmpty;
};
return WSStream;
}());
module.exports.create = function (ws, wsOpts, streamOpts) {
return new WSStream(ws, wsOpts, streamOpts);
};

6
package.json
View File

@ -1,6 +1,6 @@
{
"name": "telebit",
"version": "0.20.8",
"version": "0.20.0-wip",
"description": "Break out of localhost. Connect to any device from anywhere over any tcp port or securely in a browser. A secure tunnel. A poor man's reverse VPN.",
"main": "lib/remote.js",
"files": [
@ -63,14 +63,12 @@
"ps-list": "^5.0.0",
"recase": "^1.0.4",
"redirect-https": "^1.1.5",
"sclient": "^1.4.1",
"serve-index": "^1.9.1",
"serve-static": "^1.13.2",
"serve-tpl-attachment": "^1.0.4",
"sni": "^1.0.0",
"socket-pair": "^1.0.3",
"toml": "^0.4.1",
"ws": "^6.0.0"
"ws": "^2.3.1"
},
"trulyOptionalDependencies": {
"bluebird": "^3.5.1"

4
usr/share/dist/Library/LaunchDaemons/cloud.telebit.remote.plist.tpl vendored
View File

@ -54,8 +54,8 @@
<string>{TELEBIT_PATH}</string>
<key>StandardErrorPath</key>
<string>{TELEBIT_LOG_DIR}/telebit.log</string>
<string>{TELEBIT_LOG_DIR}/error.log</string>
<key>StandardOutPath</key>
<string>{TELEBIT_LOG_DIR}/telebit.log</string>
<string>{TELEBIT_LOG_DIR}/info.log</string>
</dict>
</plist>

4
usr/share/dist/etc/skel/Library/LaunchAgents/cloud.telebit.remote.plist.tpl vendored
View File

@ -63,8 +63,8 @@
<string>{TELEBIT_PATH}</string>
<key>StandardErrorPath</key>
<string>{TELEBIT_LOG_DIR}/telebit.log</string>
<string>{TELEBIT_LOG_DIR}/error.log</string>
<key>StandardOutPath</key>
<string>{TELEBIT_LOG_DIR}/telebit.log</string>
<string>{TELEBIT_LOG_DIR}/info.log</string>
</dict>
</plist>

4
usr/share/install-launcher.js
View File

@ -114,8 +114,8 @@ Launcher.install = function (things, fn) {
};
vars.telebitBinTpl = path.join(telebitRoot, 'usr/share/dist/bin/telebit.tpl');
vars.telebitNpm = path.resolve(vars.telebitNode, '../npm');
vars.nodePath = path.resolve(vars.telebitNode, '../../lib/node_modules');
vars.npmConfigPrefix = path.resolve(vars.telebitNode, '..', '..');
vars.nodePath = path.resolve(vars.telebitNode, '../lib/node_modules');
vars.npmConfigPrefix = path.resolve(vars.telebitNode, '..');
vars.userspace = (!things.telebitUser || (things.telebitUser === os.userInfo().username)) ? true : false;
if (-1 === vars.telebitRwDirs.indexOf(vars.npmConfigPrefix)) {
vars.telebitRwDirs.push(vars.npmConfigPrefix);

8
usr/share/install.sh
View File

@ -59,9 +59,9 @@ http_get()
http_bash()
{
local _http_bash_url=$1
local _http_bash_args=${2:-}
local _http_bash_tmp=$(mktemp)
_http_bash_url=$1
_http_bash_args=${2:-}
_http_bash_tmp=$(mktemp)
$_my_http_get $_my_http_opts $_my_http_out "$_http_bash_tmp" "$_http_bash_url"
bash "$_http_bash_tmp" $_http_bash_args; rm "$_http_bash_tmp"
}
@ -77,7 +77,7 @@ export -f http_bash
if [ -n "${TELEBIT_VERSION:-}" ]; then
echo 'TELEBIT_VERSION='${TELEBIT_VERSION}
fi
export TELEBIT_VERSION=${TELEBIT_VERSION:-master}
TELEBIT_VERSION=${TELEBIT_VERSION:-master}
if [ -e "usr/share/install_helper.sh" ]; then
bash usr/share/install_helper.sh "$@"
else

58
usr/share/install_helper.sh
View File

@ -133,11 +133,8 @@ my_tmp="$(mktemp -d -t telebit.XXXXXXXX)"
#TELEBIT_TMP="$my_tmp/telebit"
echo "Installing $my_name to '$TELEBIT_REAL_PATH'"
# v10.2+ has much needed networking fixes, but breaks ursa.
# v9.x has severe networking bugs.
# v8.x has working ursa, but requires tls workarounds"
# v10.13 seems to work for me locally (new greenlock)
NODEJS_VER="${NODEJS_VER:-v10.13}"
# v10.2+ has much needed networking fixes, but breaks ursa. v9.x has severe networking bugs. v8.x has working ursa, but requires tls workarounds"
NODEJS_VER="${NODEJS_VER:-v10.6}"
export NODEJS_VER
export NODE_PATH="$TELEBIT_TMP/lib/node_modules"
export NPM_CONFIG_PREFIX="$TELEBIT_TMP"
@ -227,20 +224,16 @@ pushd $TELEBIT_TMP >/dev/null
else
echo -n "."
fi
set +e
$tmp_npm install >/dev/null 2>/dev/null &
# ursa is now an entirely optional dependency for key generation
# but very much needed on ARM devices
$tmp_npm install ursa >/dev/null 2>/dev/null &
tmp_npm_pid=$!
while [ -n "$tmp_npm_pid" ]; do
sleep 2
echo -n "."
kill -s 0 $tmp_npm_pid >/dev/null 2>/dev/null || tmp_npm_pid=""
done
set -e
echo -n "."
$tmp_npm install >/dev/null 2>/dev/null
# ursa is now an entirely optional dependency for key generation
# but very much needed on ARM devices
$tmp_npm install ursa >/dev/null 2>/dev/null || true
popd >/dev/null
if [ -n "${TELEBIT_DEBUG}" ]; then
@ -432,8 +425,8 @@ if [ -d "/Library/LaunchDaemons" ]; then
if [ -n "${TELEBIT_DEBUG}" ]; then
echo " > launchctl unload -w $my_app_launchd_service >/dev/null 2>/dev/null"
launchctl unload -w "$my_app_launchd_service" >/dev/null 2>/dev/null
fi
launchctl unload -w "$my_app_launchd_service" >/dev/null 2>/dev/null
else
my_app_launchd_service_skel="usr/share/dist/Library/LaunchDaemons/${my_app_pkg_name}.plist"
my_app_launchd_service="$my_root/Library/LaunchDaemons/${my_app_pkg_name}.plist"
@ -496,30 +489,23 @@ elif [ "systemd" == "$my_system_launcher" ]; then
else
echo -n "."
fi
set +e
if systemctl --user daemon-reload; then
# enable also puts success output to stderr... why?
systemctl --user enable $my_app >/dev/null 2>/dev/null
#echo " > systemctl --user enable systemd-tmpfiles-setup.service systemd-tmpfiles-clean.timer"
#systemctl --user enable systemd-tmpfiles-setup.service systemd-tmpfiles-clean.timer
if [ -n "${TELEBIT_DEBUG}" ]; then
echo " > systemctl --user start $my_app"
fi
systemctl --user stop $my_app >/dev/null 2>/dev/null
systemctl --user start $my_app >/dev/null
sleep 2; # give it time to start
_is_running=$(systemctl --user status --no-pager $my_app 2>/dev/null | grep "active.*running")
if [ -z "$_is_running" ]; then
echo "Something went wrong:"
systemctl --user status --no-pager $my_app
fi
else
echo "libpam-systemd is missing, which is required on Linux to register Telebit with the user launcher."
echo "sudo apt-get install -y libpam-systemd"
sudo apt-get install -y libpam-systemd
systemctl --user daemon-reload
# enable also puts success output to stderr... why?
systemctl --user enable $my_app >/dev/null 2>/dev/null
#echo " > systemctl --user enable systemd-tmpfiles-setup.service systemd-tmpfiles-clean.timer"
#systemctl --user enable systemd-tmpfiles-setup.service systemd-tmpfiles-clean.timer
if [ -n "${TELEBIT_DEBUG}" ]; then
echo " > systemctl --user start $my_app"
fi
systemctl --user stop $my_app >/dev/null 2>/dev/null
systemctl --user start $my_app >/dev/null
sleep 2; # give it time to start
_is_running=$(systemctl --user status --no-pager $my_app 2>/dev/null | grep "active.*running")
if [ -z "$_is_running" ]; then
echo "Something went wrong:"
systemctl --user status --no-pager $my_app
exit 1
fi
set -e
echo -n "."
else

4
usr/share/template-launcher.js
View File

@ -79,8 +79,8 @@ function run() {
, TELEBIT_LOG_DIR: process.env.TELEBIT_LOG_DIR || path.join(os.homedir(), '.local/share/telebit/var/log')
};
vars.telebitNpm = process.env.TELEBIT_NPM || path.resolve(vars.telebitNode, '../npm');
vars.nodePath = process.env.NODE_PATH || path.resolve(vars.telebitNode, '../../lib/node_modules');
vars.npmConfigPrefix = process.env.NPM_CONFIG_PREFIX || path.resolve(vars.telebitNode, '..', '..');
vars.nodePath = process.env.NODE_PATH || path.resolve(vars.telebitNode, '../lib/node_modules');
vars.npmConfigPrefix = process.env.NPM_CONFIG_PREFIX || path.resolve(vars.telebitNode, '..');
if (-1 === vars.telebitRwDirs.indexOf(vars.npmConfigPrefix)) {
vars.telebitRwDirs.push(vars.npmConfigPrefix);
}