2024-05-18 20:09:27 +02:00
|
|
|
// Copyright 2024, Command Line Inc.
|
|
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
|
|
|
|
package wshutil
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
|
|
|
"encoding/json"
|
|
|
|
"fmt"
|
2024-07-23 22:16:53 +02:00
|
|
|
"io"
|
|
|
|
"log"
|
2024-08-10 02:46:52 +02:00
|
|
|
"net"
|
2024-07-23 22:16:53 +02:00
|
|
|
"os"
|
|
|
|
"os/signal"
|
|
|
|
"sync"
|
|
|
|
"sync/atomic"
|
|
|
|
"syscall"
|
2024-07-26 22:30:11 +02:00
|
|
|
"time"
|
2024-07-23 22:16:53 +02:00
|
|
|
|
2024-07-26 22:30:11 +02:00
|
|
|
"github.com/golang-jwt/jwt/v5"
|
|
|
|
"github.com/wavetermdev/thenextwave/pkg/wavebase"
|
|
|
|
"github.com/wavetermdev/thenextwave/pkg/wshrpc"
|
2024-07-23 22:16:53 +02:00
|
|
|
"golang.org/x/term"
|
2024-05-18 20:09:27 +02:00
|
|
|
)
|
|
|
|
|
2024-06-17 18:58:28 +02:00
|
|
|
// these should both be 5 characters
|
2024-05-18 20:09:27 +02:00
|
|
|
const WaveOSC = "23198"
|
2024-06-17 18:58:28 +02:00
|
|
|
const WaveServerOSC = "23199"
|
|
|
|
const WaveOSCPrefixLen = 5 + 3 // \x1b] + WaveOSC + ; + \x07
|
|
|
|
|
2024-05-18 20:09:27 +02:00
|
|
|
const WaveOSCPrefix = "\x1b]" + WaveOSC + ";"
|
2024-06-17 18:58:28 +02:00
|
|
|
const WaveServerOSCPrefix = "\x1b]" + WaveServerOSC + ";"
|
2024-06-14 23:43:47 +02:00
|
|
|
|
2024-05-18 20:09:27 +02:00
|
|
|
const HexChars = "0123456789ABCDEF"
|
|
|
|
const BEL = 0x07
|
2024-06-13 23:41:28 +02:00
|
|
|
const ST = 0x9c
|
|
|
|
const ESC = 0x1b
|
2024-05-18 20:09:27 +02:00
|
|
|
|
2024-08-10 02:46:52 +02:00
|
|
|
const DefaultOutputChSize = 32
|
|
|
|
const DefaultInputChSize = 32
|
|
|
|
|
|
|
|
const WaveJwtTokenVarName = "WAVETERM_JWT"
|
|
|
|
|
2024-05-18 20:09:27 +02:00
|
|
|
// OSC escape types
|
|
|
|
// OSC 23198 ; (JSON | base64-JSON) ST
|
|
|
|
// JSON = must escape all ASCII control characters ([\x00-\x1F\x7F])
|
|
|
|
// we can tell the difference between JSON and base64-JSON by the first character: '{' or not
|
|
|
|
|
2024-06-14 23:43:47 +02:00
|
|
|
// for responses (terminal -> program), we'll use OSC 23199
|
|
|
|
// same json format
|
|
|
|
|
2024-06-17 18:58:28 +02:00
|
|
|
func copyOscPrefix(dst []byte, oscNum string) {
|
|
|
|
dst[0] = ESC
|
|
|
|
dst[1] = ']'
|
|
|
|
copy(dst[2:], oscNum)
|
|
|
|
dst[len(oscNum)+2] = ';'
|
|
|
|
}
|
|
|
|
|
|
|
|
func oscPrefixLen(oscNum string) int {
|
|
|
|
return 3 + len(oscNum)
|
|
|
|
}
|
|
|
|
|
|
|
|
func makeOscPrefix(oscNum string) []byte {
|
|
|
|
output := make([]byte, oscPrefixLen(oscNum))
|
|
|
|
copyOscPrefix(output, oscNum)
|
|
|
|
return output
|
|
|
|
}
|
|
|
|
|
2024-07-18 00:24:43 +02:00
|
|
|
func EncodeWaveOSCBytes(oscNum string, barr []byte) []byte {
|
|
|
|
if len(oscNum) != 5 {
|
|
|
|
panic("oscNum must be 5 characters")
|
2024-05-18 20:09:27 +02:00
|
|
|
}
|
|
|
|
hasControlChars := false
|
|
|
|
for _, b := range barr {
|
|
|
|
if b < 0x20 || b == 0x7F {
|
|
|
|
hasControlChars = true
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if !hasControlChars {
|
|
|
|
// If no control characters, directly construct the output
|
|
|
|
// \x1b] (2) + WaveOSC + ; (1) + message + \x07 (1)
|
2024-06-17 18:58:28 +02:00
|
|
|
output := make([]byte, oscPrefixLen(oscNum)+len(barr)+1)
|
|
|
|
copyOscPrefix(output, oscNum)
|
|
|
|
copy(output[oscPrefixLen(oscNum):], barr)
|
2024-05-18 20:09:27 +02:00
|
|
|
output[len(output)-1] = BEL
|
2024-07-18 00:24:43 +02:00
|
|
|
return output
|
2024-05-18 20:09:27 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
var buf bytes.Buffer
|
2024-06-17 18:58:28 +02:00
|
|
|
buf.Write(makeOscPrefix(oscNum))
|
2024-05-18 20:09:27 +02:00
|
|
|
escSeq := [6]byte{'\\', 'u', '0', '0', '0', '0'}
|
|
|
|
for _, b := range barr {
|
|
|
|
if b < 0x20 || b == 0x7f {
|
|
|
|
escSeq[4] = HexChars[b>>4]
|
|
|
|
escSeq[5] = HexChars[b&0x0f]
|
|
|
|
buf.Write(escSeq[:])
|
|
|
|
} else {
|
|
|
|
buf.WriteByte(b)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
buf.WriteByte(BEL)
|
2024-07-18 00:24:43 +02:00
|
|
|
return buf.Bytes()
|
2024-05-18 20:09:27 +02:00
|
|
|
}
|
|
|
|
|
2024-07-18 00:24:43 +02:00
|
|
|
func EncodeWaveOSCMessageEx(oscNum string, msg *RpcMessage) ([]byte, error) {
|
|
|
|
if msg == nil {
|
|
|
|
return nil, fmt.Errorf("nil message")
|
2024-05-18 20:09:27 +02:00
|
|
|
}
|
2024-07-18 00:24:43 +02:00
|
|
|
barr, err := json.Marshal(msg)
|
2024-05-18 20:09:27 +02:00
|
|
|
if err != nil {
|
2024-07-18 00:24:43 +02:00
|
|
|
return nil, fmt.Errorf("error marshalling message to json: %w", err)
|
2024-05-18 20:09:27 +02:00
|
|
|
}
|
2024-07-18 00:24:43 +02:00
|
|
|
return EncodeWaveOSCBytes(oscNum, barr), nil
|
2024-05-18 20:09:27 +02:00
|
|
|
}
|
2024-07-23 22:16:53 +02:00
|
|
|
|
|
|
|
var termModeLock = sync.Mutex{}
|
|
|
|
var termIsRaw bool
|
|
|
|
var origTermState *term.State
|
|
|
|
var shutdownSignalHandlersInstalled bool
|
|
|
|
var shutdownOnce sync.Once
|
|
|
|
var extraShutdownFunc atomic.Pointer[func()]
|
|
|
|
|
|
|
|
func DoShutdown(reason string, exitCode int, quiet bool) {
|
|
|
|
shutdownOnce.Do(func() {
|
|
|
|
defer os.Exit(exitCode)
|
|
|
|
RestoreTermState()
|
|
|
|
extraFn := extraShutdownFunc.Load()
|
|
|
|
if extraFn != nil {
|
|
|
|
(*extraFn)()
|
|
|
|
}
|
|
|
|
if !quiet && reason != "" {
|
|
|
|
log.Printf("shutting down: %s\r\n", reason)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
func installShutdownSignalHandlers(quiet bool) {
|
|
|
|
termModeLock.Lock()
|
|
|
|
defer termModeLock.Unlock()
|
|
|
|
if shutdownSignalHandlersInstalled {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
sigCh := make(chan os.Signal, 1)
|
|
|
|
signal.Notify(sigCh, syscall.SIGHUP, syscall.SIGTERM, syscall.SIGINT)
|
|
|
|
go func() {
|
|
|
|
for sig := range sigCh {
|
|
|
|
DoShutdown(fmt.Sprintf("got signal %v", sig), 1, quiet)
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
}
|
|
|
|
|
|
|
|
func SetTermRawModeAndInstallShutdownHandlers(quietShutdown bool) {
|
|
|
|
SetTermRawMode()
|
|
|
|
installShutdownSignalHandlers(quietShutdown)
|
|
|
|
}
|
|
|
|
|
|
|
|
func SetExtraShutdownFunc(fn func()) {
|
|
|
|
extraShutdownFunc.Store(&fn)
|
|
|
|
}
|
|
|
|
|
|
|
|
func SetTermRawMode() {
|
|
|
|
termModeLock.Lock()
|
|
|
|
defer termModeLock.Unlock()
|
|
|
|
if termIsRaw {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
origState, err := term.MakeRaw(int(os.Stdin.Fd()))
|
|
|
|
if err != nil {
|
|
|
|
fmt.Fprintf(os.Stderr, "Error setting raw mode: %v\n", err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
origTermState = origState
|
|
|
|
termIsRaw = true
|
|
|
|
}
|
|
|
|
|
|
|
|
func RestoreTermState() {
|
|
|
|
termModeLock.Lock()
|
|
|
|
defer termModeLock.Unlock()
|
|
|
|
if !termIsRaw || origTermState == nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
term.Restore(int(os.Stdin.Fd()), origTermState)
|
|
|
|
termIsRaw = false
|
|
|
|
}
|
|
|
|
|
|
|
|
// returns (wshRpc, wrappedStdin)
|
2024-08-12 19:58:39 +02:00
|
|
|
func SetupTerminalRpcClient(serverImpl ServerImpl) (*WshRpc, io.Reader) {
|
2024-08-10 02:46:52 +02:00
|
|
|
messageCh := make(chan []byte, DefaultInputChSize)
|
|
|
|
outputCh := make(chan []byte, DefaultOutputChSize)
|
2024-07-23 22:16:53 +02:00
|
|
|
ptyBuf := MakePtyBuffer(WaveServerOSCPrefix, os.Stdin, messageCh)
|
2024-08-12 19:58:39 +02:00
|
|
|
rpcClient := MakeWshRpc(messageCh, outputCh, wshrpc.RpcContext{}, serverImpl)
|
2024-07-23 22:16:53 +02:00
|
|
|
go func() {
|
|
|
|
for msg := range outputCh {
|
|
|
|
barr := EncodeWaveOSCBytes(WaveOSC, msg)
|
|
|
|
os.Stdout.Write(barr)
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
return rpcClient, ptyBuf
|
|
|
|
}
|
2024-07-26 22:30:11 +02:00
|
|
|
|
2024-08-12 19:58:39 +02:00
|
|
|
func SetupConnRpcClient(conn net.Conn, serverImpl ServerImpl) (*WshRpc, chan error, error) {
|
2024-08-10 02:46:52 +02:00
|
|
|
inputCh := make(chan []byte, DefaultInputChSize)
|
|
|
|
outputCh := make(chan []byte, DefaultOutputChSize)
|
|
|
|
writeErrCh := make(chan error, 1)
|
|
|
|
go func() {
|
|
|
|
writeErr := AdaptOutputChToStream(outputCh, conn)
|
|
|
|
if writeErr != nil {
|
|
|
|
writeErrCh <- writeErr
|
|
|
|
close(writeErrCh)
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
go func() {
|
|
|
|
// when input is closed, close the connection
|
|
|
|
defer conn.Close()
|
|
|
|
AdaptStreamToMsgCh(conn, inputCh)
|
|
|
|
}()
|
2024-08-12 19:58:39 +02:00
|
|
|
rtn := MakeWshRpc(inputCh, outputCh, wshrpc.RpcContext{}, serverImpl)
|
2024-08-10 02:46:52 +02:00
|
|
|
return rtn, writeErrCh, nil
|
|
|
|
}
|
|
|
|
|
2024-08-12 19:58:39 +02:00
|
|
|
func SetupDomainSocketRpcClient(sockName string, serverImpl ServerImpl) (*WshRpc, error) {
|
2024-08-10 02:46:52 +02:00
|
|
|
conn, err := net.Dial("unix", sockName)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("failed to connect to Unix domain socket: %w", err)
|
|
|
|
}
|
2024-08-12 19:58:39 +02:00
|
|
|
rtn, errCh, err := SetupConnRpcClient(conn, serverImpl)
|
2024-08-10 02:46:52 +02:00
|
|
|
go func() {
|
|
|
|
defer conn.Close()
|
|
|
|
err := <-errCh
|
|
|
|
if err != nil && err != io.EOF {
|
|
|
|
log.Printf("error in domain socket connection: %v\n", err)
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
return rtn, err
|
|
|
|
}
|
|
|
|
|
2024-07-26 22:30:11 +02:00
|
|
|
func MakeClientJWTToken(rpcCtx wshrpc.RpcContext, sockName string) (string, error) {
|
|
|
|
claims := jwt.MapClaims{}
|
|
|
|
claims["iat"] = time.Now().Unix()
|
|
|
|
claims["iss"] = "waveterm"
|
|
|
|
claims["sock"] = sockName
|
|
|
|
claims["exp"] = time.Now().Add(time.Hour * 24 * 365).Unix()
|
|
|
|
if rpcCtx.BlockId != "" {
|
|
|
|
claims["blockid"] = rpcCtx.BlockId
|
|
|
|
}
|
|
|
|
if rpcCtx.TabId != "" {
|
|
|
|
claims["tabid"] = rpcCtx.TabId
|
|
|
|
}
|
|
|
|
if rpcCtx.WindowId != "" {
|
|
|
|
claims["windowid"] = rpcCtx.WindowId
|
|
|
|
}
|
|
|
|
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
|
|
|
|
tokenStr, err := token.SignedString([]byte(wavebase.JwtSecret))
|
|
|
|
if err != nil {
|
|
|
|
return "", fmt.Errorf("error signing token: %w", err)
|
|
|
|
}
|
|
|
|
return tokenStr, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func ValidateAndExtractRpcContextFromToken(tokenStr string) (*wshrpc.RpcContext, error) {
|
|
|
|
parser := jwt.NewParser(jwt.WithValidMethods([]string{jwt.SigningMethodHS256.Name}))
|
|
|
|
token, err := parser.Parse(tokenStr, func(token *jwt.Token) (interface{}, error) {
|
|
|
|
return []byte(wavebase.JwtSecret), nil
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("error parsing token: %w", err)
|
|
|
|
}
|
|
|
|
claims, ok := token.Claims.(jwt.MapClaims)
|
|
|
|
if !ok {
|
|
|
|
return nil, fmt.Errorf("error getting claims from token")
|
|
|
|
}
|
|
|
|
// validate "exp" claim
|
|
|
|
if exp, ok := claims["exp"].(float64); ok {
|
|
|
|
if int64(exp) < time.Now().Unix() {
|
|
|
|
return nil, fmt.Errorf("token has expired")
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
return nil, fmt.Errorf("exp claim is missing or invalid")
|
|
|
|
}
|
|
|
|
// validate "iss" claim
|
|
|
|
if iss, ok := claims["iss"].(string); ok {
|
|
|
|
if iss != "waveterm" {
|
|
|
|
return nil, fmt.Errorf("unexpected issuer: %s", iss)
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
return nil, fmt.Errorf("iss claim is missing or invalid")
|
|
|
|
}
|
2024-08-10 03:37:23 +02:00
|
|
|
return mapClaimsToRpcContext(claims), nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func mapClaimsToRpcContext(claims jwt.MapClaims) *wshrpc.RpcContext {
|
2024-07-26 22:30:11 +02:00
|
|
|
rpcCtx := &wshrpc.RpcContext{}
|
2024-08-10 02:46:52 +02:00
|
|
|
if claims["blockid"] != nil {
|
|
|
|
if blockId, ok := claims["blockid"].(string); ok {
|
|
|
|
rpcCtx.BlockId = blockId
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if claims["tabid"] != nil {
|
|
|
|
if tabId, ok := claims["tabid"].(string); ok {
|
|
|
|
rpcCtx.TabId = tabId
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if claims["windowid"] != nil {
|
|
|
|
if windowId, ok := claims["windowid"].(string); ok {
|
|
|
|
rpcCtx.WindowId = windowId
|
|
|
|
}
|
|
|
|
}
|
2024-08-10 03:37:23 +02:00
|
|
|
return rpcCtx
|
|
|
|
}
|
|
|
|
|
|
|
|
// only for use on client
|
|
|
|
func ExtractUnverifiedRpcContext(tokenStr string) (*wshrpc.RpcContext, error) {
|
|
|
|
// this happens on the client who does not have access to the secret key
|
|
|
|
// we want to read the claims without validating the signature
|
|
|
|
token, _, err := new(jwt.Parser).ParseUnverified(tokenStr, jwt.MapClaims{})
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("error parsing token: %w", err)
|
|
|
|
}
|
|
|
|
claims, ok := token.Claims.(jwt.MapClaims)
|
|
|
|
if !ok {
|
|
|
|
return nil, fmt.Errorf("error getting claims from token")
|
|
|
|
}
|
|
|
|
return mapClaimsToRpcContext(claims), nil
|
2024-07-26 22:30:11 +02:00
|
|
|
}
|
|
|
|
|
2024-08-10 03:37:23 +02:00
|
|
|
// only for use on client
|
2024-07-26 22:30:11 +02:00
|
|
|
func ExtractUnverifiedSocketName(tokenStr string) (string, error) {
|
|
|
|
// this happens on the client who does not have access to the secret key
|
|
|
|
// we want to read the claims without validating the signature
|
|
|
|
token, _, err := new(jwt.Parser).ParseUnverified(tokenStr, jwt.MapClaims{})
|
|
|
|
if err != nil {
|
|
|
|
return "", fmt.Errorf("error parsing token: %w", err)
|
|
|
|
}
|
|
|
|
claims, ok := token.Claims.(jwt.MapClaims)
|
|
|
|
if !ok {
|
|
|
|
return "", fmt.Errorf("error getting claims from token")
|
|
|
|
}
|
|
|
|
sockName, ok := claims["sock"].(string)
|
|
|
|
if !ok {
|
|
|
|
return "", fmt.Errorf("sock claim is missing or invalid")
|
|
|
|
}
|
|
|
|
return sockName, nil
|
|
|
|
}
|