[doc] Protocol for currently deployed version #66

New Issue

Open

opened 2025-10-26 20:35:24 +00:00 by coolaj86 · 0 comments

coolaj86 commented 2025-10-26 20:35:24 +00:00

Owner

Copy Link

TELEBIT_RELAY_BASE_URL="https://telebit.cloud"

1. Directives

   curl --fail-with-body https://telebit.cloud/_apis/telebit.cloud/index.json
   

   { "terms_of_service": ":hostname/tos/"
   , "api_host": "api.:hostname"
   , "pair_request": {
       "method": "POST"
     , "pathname": "api/telebit.cloud/pair_request"
     }
   , "tunnel": {
       "method": "wss"
     , "pathname": ""
     }
   }
   

2. Pair Request (to directives.pair_request.pathname)

   • scope would be domains and ports to be requested, but that's not used
   • otp is generated client-side

   a_email="jdoe@example.com"
   b_otp="1234"
   b_hostname="$(hostname)"
   b_os_type="$(uname -s)"
   b_os_platform="$(uname -s | tr '[:upper:]' '[:lower:]')"
   b_os_release="$(uname -r)"
   b_os_arch="$(uname -m)"
   
   curl --fail-with-body https://telebit.cloud/api/telebit.cloud/pair_request \
      --dump-header ./headers.txt \
      -H 'Content-Type: application/json' \
      --data-binary '{
         "subject": "'"${a_email}"'",
         "subject_scheme": "mailto",
         "scope": "",
         "otp": "'"${b_otp}"'",
         "hostname": "'"${b_hostname}"'",
         "os_type": "'"${b_os_type}"'",
         "os_platform": "'"${b_os_platform}"'",
         "os_release": "'"${b_os_release}"'",
         "os_arch": "'"${b_os_arch}"'"
      }'
   

   The response looks like:
   (note: this should have included the connect URL... oops!)

   {
     "domains": [],
     "ports": [],
     "aud": "telebit.cloud",
     "iat": 1761510171,
     "id": "xxxxxxxxxxxxxxxxxxxxxxxx",
     "sub": "jdoe@example.com",
     "pin": "1234",
     "hostname": "telebyte",
     "os": "Linux",
     "os_type": "Linux",
     "os_platform": "linux",
     "os_release": "6.8.12-15-pve",
     "os_arch": "x86_64",
     "jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ0ZWxlYml0LmNsb3VkIiwiZG9tYWlucyI6W10sImhvc3RuYW1lIjoidGVsZWJ5dGUiLCJpYXQiOjE3NjE1MTAxNzEsImlkIjoieHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4Iiwib3MiOiJMaW51eCIsIm9zX2FyY2giOiJ4ODZfNjQiLCJvc19wbGF0Zm9ybSI6ImxpbnV4Iiwib3NfcmVsZWFzZSI6IjYuOC4xMi0xNS1wdmUiLCJvc190eXBlIjoiTGludXgiLCJwaW4iOiIwMDAwIiwicG9ydHMiOltdLCJzdWIiOiJqZG9lQGV4YW1wbGUuY29tIn0K.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
   }
   

   The JWT looks like:

   {
     "header": {
       "alg": "HS256",
       "typ": "JWT"
     },
     "claims": {
       "aud": "telebit.cloud",
       "domains": [],
       "hostname": "telebyte",
       "iat": 1761510171,
       "id": "xxxxxxxxxxxxxxxxxxxxxxxx",
       "os": "Linux",
       "os_arch": "x86_64",
       "os_platform": "linux",
       "os_release": "6.8.12-15-pve",
       "os_type": "Linux",
       "pin": "1234",
       "ports": [],
       "sub": "jdoe@example.com"
     },
     "signature": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
   }
   

3. Connect to websocket
   note: the tunnel is constructed from the index.json tunnel and api_host
   the actual protocol is described at https://git.coolaj86.com/coolaj86/proxy-packer.js

   wss://api.telebit.cloud/
   

4. Pair State Polling (from Link or Location response header)

   # ex https://mgmtjs.telebit.io/api/telebit.cloud/pair_state/xxxxxxxxxxxxxxxxxxxxxxxx
   # note: you must manually remove the trailing \r of the \r\n
   b_url=$(grep -i 'Location' ./headers.txt | cut -d' ' -f2 | tr -d '\r')
   
   curl --fail-with-body "${b_url}" \
      --dump-header ./headers.txt
   

   The status can change from pending to ready (browser sent correct otp) to complete (websocket accepted)

   {
     "status": "pending"
   }
   

5. Pair Info (requested from the web browser)

   a_magic="************************"
   
   curl --fail-with-body "https://api.telebit.cloud/api/telebit.cloud/pair_request/${a_magic}"
   

   {
     "id": "xxxxxxxxxxxxxxxxxxxxxxxx",
     "scope": "",
     "hostname": "telebyte",
     "os_type": "Linux",
     "os_platform": "linux",
     "os_release": "6.8.12-15-pve",
     "os_arch": "x64"
   }
   

6. Pair Code (sent by web browser)

   a_magic="************************"
   a_code="1234"
   
   curl --fail-with-body https://api.telebit.cloud/api/telebit.cloud/pair_code/ \
   --dump-header ./headers-pair.txt \
   -H 'Content-Type: application/json' \
      --data-binary '{
         "magic": "'"${a_magic}"'",
         "pin": "'"${code}"'",
         "agree_tos": true
      }'
   

   note: the idea of giving the token back to the browser was for an admin portal which was never built

   {
      "id": "xxxxxxxxxxxxxxxxxxxxxxxx",
      "iat": 1761515714,
      "sub": "jdoe@example.com",
      "iss": "telebit.cloud",
      "aud": "telebit.cloud",
      "domains": [
         "silly-rabbit-42.telebit.io"
      ],
      "ports": [
         65535
      ],
      "jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ0ZWxlYml0LmNsb3VkIiwiZG9tYWlucyI6WyJzaWxseS1yYWJiaXQtNDIudGVsZWJpdC5pbyJdLCJpYXQiOjE3NjE1MTU3MTQsImlkIjoieHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4IiwiaXNzIjoidGVsZWJpdC5jbG91ZCIsInBvcnRzIjpbNjU1MzVdLCJzdWIiOiJqZG9lQGV4YW1wbGUuY29tIn0K.ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ"
   }
   

```sh TELEBIT_RELAY_BASE_URL="https://telebit.cloud" ``` 1. Directives ```sh curl --fail-with-body https://telebit.cloud/_apis/telebit.cloud/index.json ``` ```json { "terms_of_service": ":hostname/tos/" , "api_host": "api.:hostname" , "pair_request": { "method": "POST" , "pathname": "api/telebit.cloud/pair_request" } , "tunnel": { "method": "wss" , "pathname": "" } } ``` 2. Pair Request (to `directives.pair_request.pathname`) - `scope` would be domains and ports to be requested, but that's not used - `otp` is generated client-side ```sh a_email="jdoe@example.com" b_otp="1234" b_hostname="$(hostname)" b_os_type="$(uname -s)" b_os_platform="$(uname -s | tr '[:upper:]' '[:lower:]')" b_os_release="$(uname -r)" b_os_arch="$(uname -m)" curl --fail-with-body https://telebit.cloud/api/telebit.cloud/pair_request \ --dump-header ./headers.txt \ -H 'Content-Type: application/json' \ --data-binary '{ "subject": "'"${a_email}"'", "subject_scheme": "mailto", "scope": "", "otp": "'"${b_otp}"'", "hostname": "'"${b_hostname}"'", "os_type": "'"${b_os_type}"'", "os_platform": "'"${b_os_platform}"'", "os_release": "'"${b_os_release}"'", "os_arch": "'"${b_os_arch}"'" }' ``` The response looks like: (note: this _should_ have included the connect URL... oops!) ```json { "domains": [], "ports": [], "aud": "telebit.cloud", "iat": 1761510171, "id": "xxxxxxxxxxxxxxxxxxxxxxxx", "sub": "jdoe@example.com", "pin": "1234", "hostname": "telebyte", "os": "Linux", "os_type": "Linux", "os_platform": "linux", "os_release": "6.8.12-15-pve", "os_arch": "x86_64", "jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ0ZWxlYml0LmNsb3VkIiwiZG9tYWlucyI6W10sImhvc3RuYW1lIjoidGVsZWJ5dGUiLCJpYXQiOjE3NjE1MTAxNzEsImlkIjoieHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4Iiwib3MiOiJMaW51eCIsIm9zX2FyY2giOiJ4ODZfNjQiLCJvc19wbGF0Zm9ybSI6ImxpbnV4Iiwib3NfcmVsZWFzZSI6IjYuOC4xMi0xNS1wdmUiLCJvc190eXBlIjoiTGludXgiLCJwaW4iOiIwMDAwIiwicG9ydHMiOltdLCJzdWIiOiJqZG9lQGV4YW1wbGUuY29tIn0K.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" } ``` The JWT looks like: ```json { "header": { "alg": "HS256", "typ": "JWT" }, "claims": { "aud": "telebit.cloud", "domains": [], "hostname": "telebyte", "iat": 1761510171, "id": "xxxxxxxxxxxxxxxxxxxxxxxx", "os": "Linux", "os_arch": "x86_64", "os_platform": "linux", "os_release": "6.8.12-15-pve", "os_type": "Linux", "pin": "1234", "ports": [], "sub": "jdoe@example.com" }, "signature": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" } ``` 3. Connect to websocket note: the tunnel is constructed from the index.json `tunnel` and `api_host` \ the actual protocol is described at https://git.coolaj86.com/coolaj86/proxy-packer.js ```sh wss://api.telebit.cloud/ ``` 4. Pair State Polling (from `Link` or `Location` response header) ```sh # ex https://mgmtjs.telebit.io/api/telebit.cloud/pair_state/xxxxxxxxxxxxxxxxxxxxxxxx # note: you must manually remove the trailing \r of the \r\n b_url=$(grep -i 'Location' ./headers.txt | cut -d' ' -f2 | tr -d '\r') curl --fail-with-body "${b_url}" \ --dump-header ./headers.txt ``` The status can change from `pending` to `ready` (browser sent correct otp) to `complete` (websocket accepted) ```json { "status": "pending" } ``` 5. Pair Info (requested from the web browser) ```sh a_magic="************************" curl --fail-with-body "https://api.telebit.cloud/api/telebit.cloud/pair_request/${a_magic}" ``` ```json { "id": "xxxxxxxxxxxxxxxxxxxxxxxx", "scope": "", "hostname": "telebyte", "os_type": "Linux", "os_platform": "linux", "os_release": "6.8.12-15-pve", "os_arch": "x64" } ``` 6. Pair Code (sent by web browser) ```sh a_magic="************************" a_code="1234" curl --fail-with-body https://api.telebit.cloud/api/telebit.cloud/pair_code/ \ --dump-header ./headers-pair.txt \ -H 'Content-Type: application/json' \ --data-binary '{ "magic": "'"${a_magic}"'", "pin": "'"${code}"'", "agree_tos": true }' ``` note: the idea of giving the token back to the browser was for an admin portal which was never built ```json { "id": "xxxxxxxxxxxxxxxxxxxxxxxx", "iat": 1761515714, "sub": "jdoe@example.com", "iss": "telebit.cloud", "aud": "telebit.cloud", "domains": [ "silly-rabbit-42.telebit.io" ], "ports": [ 65535 ], "jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ0ZWxlYml0LmNsb3VkIiwiZG9tYWlucyI6WyJzaWxseS1yYWJiaXQtNDIudGVsZWJpdC5pbyJdLCJpYXQiOjE3NjE1MTU3MTQsImlkIjoieHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4IiwiaXNzIjoidGVsZWJpdC5jbG91ZCIsInBvcnRzIjpbNjU1MzVdLCJzdWIiOiJqZG9lQGV4YW1wbGUuY29tIn0K.ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ" } ```

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

stable

master

fix-systemd-user-unit

ref-node-v18

serviceman

params-parsing

next

wip

v0.19

readable

v0.10

v0.20.251025

v0.20.7

v0.20.6

v0.20.5

v0.19.28

v0.19.26

v0.19.25

v0.19.24

v0.19.23

v0.19.22

v0.19.21

v0.19.20

v0.19.18

v0.19.17

v0.19.16

v0.19.15

v0.19.14

v0.19.13

v0.19.12

v0.19.11

v0.19.10

v0.19.9

v0.19.8

v0.19.7

v0.19.6

v0.19.5

v0.19.4

v0.19.3

v0.19.2

v0.19.1

v0.19.0

v0.18.9

v0.18.8

v0.18.7

v0.18.6

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.17.0

v0.16.1

v0.16.0

v0.15.4

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.13.3

v0.13.2

v0.13.1

v0.13.0

v0.12.0

v0.11.1

v0.11.0

v0.10.4

v0.10.3

v0.10.2

v0.10.1

v0.10.0

v0.9.9

v0.9.8

v0.9.7

v0.9.6

v0.9.5

v0.9.4

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.1

v0.8.2

Labels

Clear labels

feature

something new that would be great to add

No Label

Milestone

No items

No Milestone

Assignees

Clear assignees

josh ryanburnette coolaj86

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: coolaj86/telebit.js#66

No description provided.