dennii/Termix
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases 22 Wiki Activity

Updated building backend, improved oruitng, indivudal ssh tunnel control.

Browse Source
This commit is contained in:
LukeGus
2025-07-27 18:01:44 -05:00
parent 634e625eef
commit 6ed822c8b2
12 changed files with 188 additions and 214 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
.github/workflows/docker-image.yml vendored
View File

@@ -51,8 +51,9 @@ jobs:
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
key: ${{ runner.os }}-buildx-${{ github.ref_name }}-${{ hashFiles('docker/Dockerfile') }}
restore-keys: |
${{ runner.os }}-buildx-${{ github.ref_name }}-
${{ runner.os }}-buildx-
- name: Login to Docker Registry
@@ -65,10 +66,14 @@ jobs:
- name: Determine Docker image tag
run: |
echo "REPO_OWNER=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
if [ "${{ github.event.inputs.tag_name }}" == "" ]; then
IMAGE_TAG="${{ github.ref_name }}-development-latest"
else
if [ "${{ github.event.inputs.tag_name }}" != "" ]; then
IMAGE_TAG="${{ github.event.inputs.tag_name }}"
elif [ "${{ github.ref }}" == "refs/heads/main" ]; then
IMAGE_TAG="latest"
elif [ "${{ github.ref }}" == "refs/heads/development" ]; then
IMAGE_TAG="development-latest"
else
IMAGE_TAG="${{ github.ref_name }}-development-latest"
fi
echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV
@@ -95,12 +100,6 @@ jobs:
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
- name: Notify via ntfy
if: success()
run: |
curl -d "Docker image build and push completed successfully for tag: ${{ env.IMAGE_TAG }}" \
https://ntfy.karmaa.site/termix-build
- name: Delete all untagged image versions
if: success()
uses: quartx-analytics/ghcr-cleaner@v1

35
docker/Dockerfile
View File

@@ -19,7 +19,17 @@ COPY . .
# Build frontend
RUN npm run build
# Stage 3: Production dependencies
# Stage 3: Build backend TypeScript
FROM deps AS backend-builder
WORKDIR /app
# Copy source files
COPY . .
# Build backend TypeScript to JavaScript
RUN npm run build:backend
# Stage 4: Production dependencies
FROM node:18-alpine AS production-deps
WORKDIR /app
@@ -30,7 +40,7 @@ COPY package*.json ./
RUN npm ci --only=production --ignore-scripts --force && \
npm cache clean --force
# Stage 4: Build native modules
# Stage 5: Build native modules
FROM node:18-alpine AS native-builder
WORKDIR /app
@@ -41,13 +51,14 @@ RUN apk add --no-cache python3 make g++
COPY package*.json ./
# Install only the native modules we need
RUN npm ci --only=production bcrypt better-sqlite3 --force && \
RUN npm ci --only=production bcryptjs better-sqlite3 --force && \
npm cache clean --force
# Stage 5: Final image
# Stage 6: Final image
FROM node:18-alpine
ENV DATA_DIR=/app/data \
PORT=8080
PORT=8080 \
NODE_ENV=production
# Install dependencies in a single layer
RUN apk add --no-cache nginx gettext su-exec && \
@@ -61,20 +72,24 @@ RUN chown -R nginx:nginx /usr/share/nginx/html
# Setup backend
WORKDIR /app
COPY package*.json ./
# Copy production dependencies and native modules
COPY --from=production-deps /app/node_modules /app/node_modules
COPY --from=native-builder /app/node_modules/bcrypt /app/node_modules/bcrypt
COPY --from=native-builder /app/node_modules/bcryptjs /app/node_modules/bcryptjs
COPY --from=native-builder /app/node_modules/better-sqlite3 /app/node_modules/better-sqlite3
# Copy backend source
COPY src/backend/ ./src/backend/
# Copy compiled backend JavaScript
COPY --from=backend-builder /app/dist/backend ./dist/backend
# Copy package.json for scripts
COPY package.json ./
RUN chown -R node:node /app
VOLUME ["/app/data"]
# Expose ports
EXPOSE ${PORT} 8081 8082 8083 8084 8085
EXPOSE ${PORT} 8081 8082 8083 8084
COPY docker/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh

2
docker/docker-compose.yml
View File

@@ -1,7 +1,7 @@
services:
termix:
#image: ghcr.io/lukegus/termix:latest
image: ghcr.io/lukegus/termix:dev-0.3-development-latest
image: ghcr.io/lukegus/termix:dev-1.0-development-latest
container_name: termix
restart: unless-stopped
ports:

8
docker/entrypoint.sh
View File

@@ -4,9 +4,11 @@ set -e
export PORT=${PORT:-8080}
echo "Configuring web UI to run on port: $PORT"
# Configure nginx with the correct port
envsubst '${PORT}' < /etc/nginx/nginx.conf > /etc/nginx/nginx.conf.tmp
mv /etc/nginx/nginx.conf.tmp /etc/nginx/nginx.conf
# Setup data directory
mkdir -p /app/data
chown -R node:node /app/data
chmod 755 /app/data
@@ -19,12 +21,14 @@ echo "Starting backend services..."
cd /app
export NODE_ENV=production
# Start the compiled TypeScript backend
if command -v su-exec > /dev/null 2>&1; then
su-exec node node src/backend/starter.cjs
su-exec node node dist/backend/starter.js
else
su -s /bin/sh node -c "node src/backend/starter.cjs"
su -s /bin/sh node -c "node dist/backend/starter.js"
fi
echo "All services started"
# Keep container running
tail -f /dev/null

21
docker/nginx.conf
View File

@@ -18,6 +18,15 @@ http {
index index.html index.htm;
}
location /ssh/db/ {
proxy_pass http://127.0.0.1:8081;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /ssh/websocket {
proxy_pass http://127.0.0.1:8082;
proxy_http_version 1.1;
@@ -31,27 +40,19 @@ http {
proxy_set_header X-Forwarded-Proto $scheme;
}
location /ssh_tunnel/websocket {
location /ssh/tunnel/ {
proxy_pass http://127.0.0.1:8083;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /config_editor/websocket {
location /ssh/config_editor/ {
proxy_pass http://127.0.0.1:8084;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

37
src/apps/SSH/Tunnel/SSHTunnelObject.tsx
View File

@@ -59,7 +59,7 @@ interface SSHTunnelObjectProps {
host: SSHHost;
tunnelStatuses: Record<string, TunnelStatus>;
tunnelActions: Record<string, boolean>;
onTunnelAction: (action: 'connect' | 'disconnect' | 'cancel', host: SSHHost, tunnelIndex: number) => Promise<void>;
onTunnelAction: (action: 'connect' | 'disconnect' | 'cancel', host: SSHHost, tunnelIndex: number) => Promise<any>;
}
export function SSHTunnelObject({
@@ -68,6 +68,7 @@ export function SSHTunnelObject({
tunnelActions,
onTunnelAction
}: SSHTunnelObjectProps): React.ReactElement {
const getTunnelStatus = (tunnelIndex: number): TunnelStatus | undefined => {
const tunnel = host.tunnelConnections[tunnelIndex];
const tunnelName = `${host.name || `${host.username}@${host.ip}`}_${tunnel.sourcePort}_${tunnel.endpointPort}`;
@@ -220,32 +221,34 @@ export function SSHTunnelObject({
</div>
</div>
</div>
<div className="flex items-center gap-2 flex-shrink-0">
<div className="flex items-center gap-1 flex-shrink-0">
{tunnel.autoStart && (
<Badge variant="outline" className="text-xs px-2 py-1">
<Zap className="h-3 w-3 mr-1" />
Auto
</Badge>
)}
{/* Action Button */}
{/* Action Buttons */}
{!isActionLoading && (
<>
<div className="flex flex-col gap-1">
{isConnected ? (
<Button
size="sm"
variant="outline"
onClick={() => onTunnelAction('disconnect', host, tunnelIndex)}
className="h-8 px-3 text-red-600 dark:text-red-400 border-red-500/30 dark:border-red-400/30 hover:bg-red-500/10 dark:hover:bg-red-400/10 hover:border-red-500/50 dark:hover:border-red-400/50"
>
<Square className="h-3 w-3 mr-1" />
Disconnect
</Button>
<>
<Button
size="sm"
variant="outline"
onClick={() => onTunnelAction('disconnect', host, tunnelIndex)}
className="h-7 px-2 text-red-600 dark:text-red-400 border-red-500/30 dark:border-red-400/30 hover:bg-red-500/10 dark:hover:bg-red-400/10 hover:border-red-500/50 dark:hover:border-red-400/50 text-xs"
>
<Square className="h-3 w-3 mr-1" />
Disconnect
</Button>
</>
) : isRetrying || isWaiting ? (
<Button
size="sm"
variant="outline"
onClick={() => onTunnelAction('cancel', host, tunnelIndex)}
className="h-8 px-3 text-orange-600 dark:text-orange-400 border-orange-500/30 dark:border-orange-400/30 hover:bg-orange-500/10 dark:hover:bg-orange-400/10 hover:border-orange-500/50 dark:hover:border-orange-400/50"
className="h-7 px-2 text-orange-600 dark:text-orange-400 border-orange-500/30 dark:border-orange-400/30 hover:bg-orange-500/10 dark:hover:bg-orange-400/10 hover:border-orange-500/50 dark:hover:border-orange-400/50 text-xs"
>
<X className="h-3 w-3 mr-1" />
Cancel
@@ -256,20 +259,20 @@ export function SSHTunnelObject({
variant="outline"
onClick={() => onTunnelAction('connect', host, tunnelIndex)}
disabled={isConnecting || isDisconnecting}
className="h-8 px-3 text-green-600 dark:text-green-400 border-green-500/30 dark:border-green-400/30 hover:bg-green-500/10 dark:hover:bg-green-400/10 hover:border-green-500/50 dark:hover:border-green-400/50"
className="h-7 px-2 text-green-600 dark:text-green-400 border-green-500/30 dark:border-green-400/30 hover:bg-green-500/10 dark:hover:bg-green-400/10 hover:border-green-500/50 dark:hover:border-green-400/50 text-xs"
>
<Play className="h-3 w-3 mr-1" />
Connect
</Button>
)}
</>
</div>
)}
{isActionLoading && (
<Button
size="sm"
variant="outline"
disabled
className="h-8 px-3 text-muted-foreground border-border"
className="h-7 px-2 text-muted-foreground border-border text-xs"
>
<Loader2 className="h-3 w-3 mr-1 animate-spin" />
{isConnected ? 'Disconnecting...' : isRetrying || isWaiting ? 'Canceling...' : 'Connecting...'}

2
src/apps/SSH/Tunnel/SSHTunnelViewer.tsx
View File

@@ -47,7 +47,7 @@ interface SSHTunnelViewerProps {
hosts: SSHHost[];
tunnelStatuses: Record<string, TunnelStatus>;
tunnelActions: Record<string, boolean>;
onTunnelAction: (action: 'connect' | 'disconnect' | 'cancel', host: SSHHost, tunnelIndex: number) => Promise<void>;
onTunnelAction: (action: 'connect' | 'disconnect' | 'cancel', host: SSHHost, tunnelIndex: number) => Promise<any>;
}
export function SSHTunnelViewer({

63
src/apps/SSH/ssh-axios.ts
View File

@@ -83,50 +83,59 @@ interface TunnelStatus {
// Determine the base URL based on environment
const isLocalhost = window.location.hostname === 'localhost' || window.location.hostname === '127.0.0.1';
const baseURL = isLocalhost ? 'http://localhost:8081' : window.location.origin;
// Create axios instance with base configuration
const api = axios.create({
baseURL,
// Create separate axios instances for different services
const sshHostApi = axios.create({
baseURL: isLocalhost ? 'http://localhost:8081' : window.location.origin,
headers: {
'Content-Type': 'application/json',
},
});
// Create tunnel API instance
const tunnelApi = axios.create({
baseURL: isLocalhost ? 'http://localhost:8083' : window.location.origin,
headers: {
'Content-Type': 'application/json',
},
});
const configEditorApi = axios.create({
baseURL: isLocalhost ? 'http://localhost:8084' : window.location.origin,
headers: {
'Content-Type': 'application/json',
}
})
function getCookie(name: string): string | undefined {
const value = `; ${document.cookie}`;
const parts = value.split(`; ${name}=`);
if (parts.length === 2) return parts.pop()?.split(';').shift();
}
// Add request interceptor to include JWT token
api.interceptors.request.use((config) => {
const token = getCookie('jwt'); // Adjust based on your token storage
// Add request interceptor to include JWT token for SSH Host API
sshHostApi.interceptors.request.use((config) => {
const token = getCookie('jwt');
if (token) {
config.headers.Authorization = `Bearer ${token}`;
}
return config;
});
// Add request interceptor to include JWT token for Tunnel API
tunnelApi.interceptors.request.use((config) => {
const token = getCookie('jwt'); // Adjust based on your token storage
const token = getCookie('jwt');
if (token) {
config.headers.Authorization = `Bearer ${token}`;
}
return config;
});
// Host-related functions (use port 8081 for localhost)
// Get all SSH hosts
export async function getSSHHosts(): Promise<SSHHost[]> {
try {
const response = await api.get('/ssh/host');
const response = await sshHostApi.get('/ssh/db/host');
return response.data;
} catch (error) {
console.error('Error fetching SSH hosts:', error);
@@ -181,7 +190,7 @@ export async function createSSHHost(hostData: SSHHostData): Promise<SSHHost> {
formData.append('data', JSON.stringify(dataWithoutFile));
// Submit with FormData
const response = await api.post('/ssh/host', formData, {
const response = await sshHostApi.post('/ssh/db/host', formData, {
headers: {
'Content-Type': 'multipart/form-data',
},
@@ -190,7 +199,7 @@ export async function createSSHHost(hostData: SSHHostData): Promise<SSHHost> {
return response.data;
} else {
// Submit with JSON
const response = await api.post('/ssh/host', submitData);
const response = await sshHostApi.post('/ssh/db/host', submitData);
return response.data;
}
} catch (error) {
@@ -239,7 +248,7 @@ export async function updateSSHHost(hostId: number, hostData: SSHHostData): Prom
delete dataWithoutFile.key;
formData.append('data', JSON.stringify(dataWithoutFile));
const response = await api.put(`/ssh/host/${hostId}`, formData, {
const response = await sshHostApi.put(`/ssh/db/host/${hostId}`, formData, {
headers: {
'Content-Type': 'multipart/form-data',
},
@@ -247,7 +256,7 @@ export async function updateSSHHost(hostId: number, hostData: SSHHostData): Prom
return response.data;
} else {
const response = await api.put(`/ssh/host/${hostId}`, submitData);
const response = await sshHostApi.put(`/ssh/db/host/${hostId}`, submitData);
return response.data;
}
} catch (error) {
@@ -259,7 +268,7 @@ export async function updateSSHHost(hostId: number, hostData: SSHHostData): Prom
// Delete SSH host
export async function deleteSSHHost(hostId: number): Promise<any> {
try {
const response = await api.delete(`/ssh/host/${hostId}`);
const response = await sshHostApi.delete(`/ssh/db/host/${hostId}`);
return response.data;
} catch (error) {
console.error('Error deleting SSH host:', error);
@@ -270,7 +279,7 @@ export async function deleteSSHHost(hostId: number): Promise<any> {
// Get SSH host by ID
export async function getSSHHostById(hostId: number): Promise<SSHHost> {
try {
const response = await api.get(`/ssh/host/${hostId}`);
const response = await sshHostApi.get(`/ssh/db/host/${hostId}`);
return response.data;
} catch (error) {
console.error('Error fetching SSH host:', error);
@@ -278,14 +287,12 @@ export async function getSSHHostById(hostId: number): Promise<SSHHost> {
}
}
// Tunnel-related functions
// Tunnel-related functions (use port 8083 for localhost)
// Get all tunnel statuses (per-tunnel)
export async function getTunnelStatuses(): Promise<Record<string, TunnelStatus>> {
try {
// Determine the tunnel API URL based on environment
const tunnelUrl = isLocalhost ? 'http://localhost:8083/status' : `${baseURL}/ssh_tunnel/status`;
const response = await tunnelApi.get(tunnelUrl);
const response = await tunnelApi.get('/ssh/tunnel/status');
return response.data || {};
} catch (error) {
console.error('Error fetching tunnel statuses:', error);
@@ -302,9 +309,7 @@ export async function getTunnelStatusByName(tunnelName: string): Promise<TunnelS
// Connect tunnel (per-tunnel)
export async function connectTunnel(tunnelConfig: TunnelConfig): Promise<any> {
try {
// Determine the tunnel API URL based on environment
const tunnelUrl = isLocalhost ? 'http://localhost:8083/connect' : `${baseURL}/ssh_tunnel/connect`;
const response = await tunnelApi.post(tunnelUrl, tunnelConfig);
const response = await tunnelApi.post('/ssh/tunnel/connect', tunnelConfig);
return response.data;
} catch (error) {
console.error('Error connecting tunnel:', error);
@@ -315,9 +320,7 @@ export async function connectTunnel(tunnelConfig: TunnelConfig): Promise<any> {
// Disconnect tunnel (per-tunnel)
export async function disconnectTunnel(tunnelName: string): Promise<any> {
try {
// Determine the tunnel API URL based on environment
const tunnelUrl = isLocalhost ? 'http://localhost:8083/disconnect' : `${baseURL}/ssh_tunnel/disconnect`;
const response = await tunnelApi.post(tunnelUrl, { tunnelName });
const response = await tunnelApi.post('/ssh/tunnel/disconnect', { tunnelName });
return response.data;
} catch (error) {
console.error('Error disconnecting tunnel:', error);
@@ -327,9 +330,7 @@ export async function disconnectTunnel(tunnelName: string): Promise<any> {
export async function cancelTunnel(tunnelName: string): Promise<any> {
try {
// Determine the tunnel API URL based on environment
const tunnelUrl = isLocalhost ? 'http://localhost:8083/cancel' : `${baseURL}/ssh_tunnel/cancel`;
const response = await tunnelApi.post(tunnelUrl, { tunnelName });
const response = await tunnelApi.post('/ssh/tunnel/cancel', { tunnelName });
return response.data;
} catch (error) {
console.error('Error canceling tunnel:', error);
@@ -337,4 +338,6 @@ export async function cancelTunnel(tunnelName: string): Promise<any> {
}
}
export { api };
// Config-related functions (use port 8084 for localhost)
export { sshHostApi, tunnelApi, configEditorApi };

5
src/backend/config_editor/config_editor.ts
View File

@@ -6,11 +6,9 @@ import { Client as SSHClient } from 'ssh2';
import chalk from "chalk";
const app = express();
const PORT = 8084;
app.use(cors({
origin: 'http://localhost:5173',
credentials: true,
origin: '*',
methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
allowedHeaders: ['Content-Type', 'Authorization']
}));
@@ -287,4 +285,5 @@ process.on('SIGTERM', () => {
process.exit(0);
});
const PORT = 8084;
app.listen(PORT, () => {});

6
src/backend/database/db/index.ts
View File

@@ -31,12 +31,14 @@ const logger = {
}
};
const dbDir = path.resolve('./db/data');
const dataDir = process.env.DATA_DIR || './db/data';
const dbDir = path.resolve(dataDir);
if (!fs.existsSync(dbDir)) {
fs.mkdirSync(dbDir, { recursive: true });
}
const sqlite = new Database('./db/data/db.sqlite');
const dbPath = path.join(dataDir, 'db.sqlite');
const sqlite = new Database(dbPath);
// Create tables using Drizzle schema
sqlite.exec(`

14
src/backend/database/routes/ssh.ts
View File

@@ -90,7 +90,7 @@ function isLocalhost(req: Request) {
}
// Internal-only endpoint for autostart (no JWT)
router.get('/host/internal', async (req: Request, res: Response) => {
router.get('/db/host/internal', async (req: Request, res: Response) => {
if (!isLocalhost(req) && req.headers['x-internal-request'] !== '1') {
logger.warn('Unauthorized attempt to access internal SSH host endpoint');
return res.status(403).json({ error: 'Forbidden' });
@@ -116,7 +116,7 @@ router.get('/host/internal', async (req: Request, res: Response) => {
// Route: Create SSH data (requires JWT)
// POST /ssh/host
router.post('/host', authenticateJWT, upload.single('key'), async (req: Request, res: Response) => {
router.post('/db/host', authenticateJWT, upload.single('key'), async (req: Request, res: Response) => {
let hostData: any;
// Check if this is a multipart form data request (file upload)
@@ -191,7 +191,7 @@ router.post('/host', authenticateJWT, upload.single('key'), async (req: Request,
// Route: Update SSH data (requires JWT)
// PUT /ssh/host/:id
router.put('/host/:id', authenticateJWT, upload.single('key'), async (req: Request, res: Response) => {
router.put('/db/host/:id', authenticateJWT, upload.single('key'), async (req: Request, res: Response) => {
let hostData: any;
// Check if this is a multipart form data request (file upload)
@@ -268,7 +268,7 @@ router.put('/host/:id', authenticateJWT, upload.single('key'), async (req: Reque
// Route: Get SSH data for the authenticated user (requires JWT)
// GET /ssh/host
router.get('/host', authenticateJWT, async (req: Request, res: Response) => {
router.get('/db/host', authenticateJWT, async (req: Request, res: Response) => {
const userId = (req as any).userId;
if (!isNonEmptyString(userId)) {
logger.warn('Invalid userId for SSH data fetch');
@@ -298,7 +298,7 @@ router.get('/host', authenticateJWT, async (req: Request, res: Response) => {
// Route: Get SSH host by ID (requires JWT)
// GET /ssh/host/:id
router.get('/host/:id', authenticateJWT, async (req: Request, res: Response) => {
router.get('/db/host/:id', authenticateJWT, async (req: Request, res: Response) => {
const { id } = req.params;
const userId = (req as any).userId;
@@ -337,7 +337,7 @@ router.get('/host/:id', authenticateJWT, async (req: Request, res: Response) =>
// Route: Get all unique folders for the authenticated user (requires JWT)
// GET /ssh/folders
router.get('/folders', authenticateJWT, async (req: Request, res: Response) => {
router.get('/db/folders', authenticateJWT, async (req: Request, res: Response) => {
const userId = (req as any).userId;
if (!isNonEmptyString(userId)) {
logger.warn('Invalid userId for SSH folder fetch');
@@ -367,7 +367,7 @@ router.get('/folders', authenticateJWT, async (req: Request, res: Response) => {
// Route: Delete SSH host by id (requires JWT)
// DELETE /ssh/host/:id
router.delete('/host/:id', authenticateJWT, async (req: Request, res: Response) => {
router.delete('/db/host/:id', authenticateJWT, async (req: Request, res: Response) => {
const userId = (req as any).userId;
const { id } = req.params;
if (!isNonEmptyString(userId) || !id) {

190
src/backend/ssh_tunnel/ssh_tunnel.ts
View File

@@ -50,7 +50,7 @@ const verificationTimers = new Map<string, NodeJS.Timeout>(); // timer keys -> t
const activeRetryTimers = new Map<string, NodeJS.Timeout>(); // tunnelName -> retry timer
const countdownIntervals = new Map<string, NodeJS.Timeout>(); // tunnelName -> countdown interval
const retryExhaustedTunnels = new Set<string>(); // tunnelNames
const remoteClosureEvents = new Map<string, number>(); // tunnelName -> count
const tunnelConfigs = new Map<string, TunnelConfig>(); // tunnelName -> tunnelConfig
const activeTunnelProcesses = new Map<string, ChildProcess>(); // tunnelName -> ChildProcess
@@ -129,7 +129,6 @@ interface TunnelStatus {
errorType?: ErrorType;
manualDisconnect?: boolean;
retryExhausted?: boolean;
isRemoteRetry?: boolean;
}
interface VerificationData {
@@ -299,7 +298,6 @@ function cleanupTunnelResources(tunnelName: string): void {
function resetRetryState(tunnelName: string): void {
retryCounters.delete(tunnelName);
retryExhaustedTunnels.delete(tunnelName);
remoteClosureEvents.delete(tunnelName);
if (activeRetryTimers.has(tunnelName)) {
clearTimeout(activeRetryTimers.get(tunnelName)!);
@@ -320,7 +318,7 @@ function resetRetryState(tunnelName: string): void {
});
}
function handleDisconnect(tunnelName: string, tunnelConfig: TunnelConfig | null, shouldRetry = true, isRemoteClosure = false): void {
function handleDisconnect(tunnelName: string, tunnelConfig: TunnelConfig | null, shouldRetry = true): void {
if (tunnelVerifications.has(tunnelName)) {
try {
const verification = tunnelVerifications.get(tunnelName);
@@ -344,24 +342,7 @@ function handleDisconnect(tunnelName: string, tunnelConfig: TunnelConfig | null,
return;
}
if (isRemoteClosure) {
const currentCount = remoteClosureEvents.get(tunnelName) || 0;
remoteClosureEvents.set(tunnelName, currentCount + 1);
broadcastTunnelStatus(tunnelName, {
connected: false,
status: CONNECTION_STATES.FAILED,
reason: "Remote host disconnected"
});
if (currentCount === 0) {
retryCounters.delete(tunnelName);
}
}
if (isRemoteClosure && retryExhaustedTunnels.has(tunnelName)) {
retryExhaustedTunnels.delete(tunnelName);
}
if (retryExhaustedTunnels.has(tunnelName)) {
broadcastTunnelStatus(tunnelName, {
@@ -380,15 +361,6 @@ function handleDisconnect(tunnelName: string, tunnelConfig: TunnelConfig | null,
const maxRetries = tunnelConfig.maxRetries || 3;
const retryInterval = tunnelConfig.retryInterval || 5000;
if (isRemoteClosure) {
const currentCount = remoteClosureEvents.get(tunnelName) || 0;
remoteClosureEvents.set(tunnelName, currentCount + 1);
if (currentCount === 0) {
retryCounters.delete(tunnelName);
}
}
let retryCount = (retryCounters.get(tunnelName) || 0) + 1;
if (retryCount > maxRetries) {
@@ -523,51 +495,87 @@ function verifyTunnelConnection(tunnelName: string, tunnelConfig: TunnelConfig,
setupPingInterval(tunnelName, tunnelConfig);
}
} else {
logger.error(`Verification failed for '${tunnelName}': ${failureReason}`);
if (!manualDisconnects.has(tunnelName)) {
broadcastTunnelStatus(tunnelName, {
connected: false,
status: CONNECTION_STATES.FAILED,
reason: failureReason
});
logger.warn(`Verification failed for '${tunnelName}': ${failureReason}`);
// With the new verification approach, we're testing connectivity to the endpoint machine
// A failure might just mean the service isn't running on that port, not that the tunnel is broken
// Only disconnect if it's a critical error (command failed, connection error, or timeout)
if (failureReason.includes('command failed') || failureReason.includes('connection error') || failureReason.includes('timeout')) {
if (!manualDisconnects.has(tunnelName)) {
broadcastTunnelStatus(tunnelName, {
connected: false,
status: CONNECTION_STATES.FAILED,
reason: failureReason
});
}
activeTunnels.delete(tunnelName);
handleDisconnect(tunnelName, tunnelConfig, !manualDisconnects.has(tunnelName));
} else {
// For connection refused or other non-critical errors, assume the tunnel is working
// The service might just not be running on the target port
logger.info(`Assuming tunnel '${tunnelName}' is working despite verification warning: ${failureReason}`);
cleanupVerification(true); // Treat as successful to prevent disconnect
}
activeTunnels.delete(tunnelName);
handleDisconnect(tunnelName, tunnelConfig, !manualDisconnects.has(tunnelName));
}
}
function attemptVerification() {
const testCmd = `nc -z localhost ${tunnelConfig.sourcePort}`;
// Test the actual tunnel by trying to connect to the endpoint port
// This verifies that the tunnel is actually working
// With -R forwarding, the endpointPort should be listening on the endpoint machine
// We need to check if the port is accessible from the source machine to the endpoint machine
const testCmd = `timeout 3 bash -c 'nc -z ${tunnelConfig.endpointIP} ${tunnelConfig.endpointPort}'`;
verificationConn.exec(testCmd, (err, stream) => {
if (err) {
logger.error(`Verification command failed for '${tunnelName}': ${err.message}`);
cleanupVerification(false, `Verification command failed: ${err.message}`);
return;
}
let output = '';
let errorOutput = '';
stream.on('data', (data: Buffer) => {
output += data.toString();
});
stream.stderr?.on('data', (data: Buffer) => {
errorOutput += data.toString();
});
stream.on('close', (code: number) => {
if (code === 0 && code !== undefined) {
logger.debug(`Verification for '${tunnelName}' completed with code ${code}, output: '${output}', error: '${errorOutput}'`);
if (code === 0) {
cleanupVerification(true);
} else {
cleanupVerification(false, `Port ${tunnelConfig.sourcePort} is not accessible`);
// Check if it's a timeout or connection refused
const isTimeout = errorOutput.includes('timeout') || errorOutput.includes('Connection timed out');
const isConnectionRefused = errorOutput.includes('Connection refused') || errorOutput.includes('No route to host');
let failureReason = `Cannot connect to ${tunnelConfig.endpointIP}:${tunnelConfig.endpointPort}`;
if (isTimeout) {
failureReason = `Tunnel verification timeout - cannot reach ${tunnelConfig.endpointIP}:${tunnelConfig.endpointPort}`;
} else if (isConnectionRefused) {
failureReason = `Connection refused to ${tunnelConfig.endpointIP}:${tunnelConfig.endpointPort} - tunnel may not be established`;
}
cleanupVerification(false, failureReason);
}
});
stream.on('error', (err: Error) => {
logger.error(`Verification stream error for '${tunnelName}': ${err.message}`);
cleanupVerification(false, `Verification stream error: ${err.message}`);
});
});
}
verificationConn.on('ready', () => {
attemptVerification();
// Add a small delay to allow the tunnel to fully establish
setTimeout(() => {
attemptVerification();
}, 2000);
});
verificationConn.on('error', (err: Error) => {
@@ -724,19 +732,15 @@ function connectSSHTunnel(tunnelConfig: TunnelConfig, retryAttempt = 0): void {
if (retryAttempt === 0) {
retryExhaustedTunnels.delete(tunnelName);
retryCounters.delete(tunnelName);
remoteClosureEvents.delete(tunnelName);
}
const isRetryAfterRemoteClosure = remoteClosureEvents.get(tunnelName) && retryAttempt > 0;
// Only set status to CONNECTING if we're not already in WAITING state
const currentStatus = connectionStatus.get(tunnelName);
if (!currentStatus || currentStatus.status !== CONNECTION_STATES.WAITING) {
broadcastTunnelStatus(tunnelName, {
connected: false,
status: CONNECTION_STATES.CONNECTING,
retryCount: retryAttempt > 0 ? retryAttempt : undefined,
isRemoteRetry: !!isRetryAfterRemoteClosure
retryCount: retryAttempt > 0 ? retryAttempt : undefined
});
}
@@ -780,9 +784,6 @@ function connectSSHTunnel(tunnelConfig: TunnelConfig, retryAttempt = 0): void {
}
const errorType = classifyError(err.message);
const isRemoteHostClosure = err.message.toLowerCase().includes("closed by remote host") ||
err.message.toLowerCase().includes("connection reset by peer") ||
err.message.toLowerCase().includes("broken pipe");
if (!manualDisconnects.has(tunnelName)) {
broadcastTunnelStatus(tunnelName, {
@@ -795,18 +796,12 @@ function connectSSHTunnel(tunnelConfig: TunnelConfig, retryAttempt = 0): void {
activeTunnels.delete(tunnelName);
if (isRemoteHostClosure && retryExhaustedTunnels.has(tunnelName)) {
retryExhaustedTunnels.delete(tunnelName);
}
const shouldNotRetry = !isRemoteHostClosure && (
errorType === ERROR_TYPES.AUTH ||
const shouldNotRetry = errorType === ERROR_TYPES.AUTH ||
errorType === ERROR_TYPES.PORT ||
errorType === ERROR_TYPES.PERMISSION ||
manualDisconnects.has(tunnelName)
);
manualDisconnects.has(tunnelName);
handleDisconnect(tunnelName, tunnelConfig, !shouldNotRetry, isRemoteHostClosure);
handleDisconnect(tunnelName, tunnelConfig, !shouldNotRetry);
});
conn.on("close", () => {
@@ -843,9 +838,9 @@ function connectSSHTunnel(tunnelConfig: TunnelConfig, retryAttempt = 0): void {
if (tunnelConfig.endpointAuthMethod === "key" && tunnelConfig.endpointSSHKey) {
// For SSH key authentication, we need to create a temporary key file
const keyFilePath = `/tmp/tunnel_key_${tunnelName.replace(/[^a-zA-Z0-9]/g, '_')}`;
tunnelCmd = `echo '${tunnelConfig.endpointSSHKey}' > ${keyFilePath} && chmod 600 ${keyFilePath} && ssh -i ${keyFilePath} -N -o StrictHostKeyChecking=no -o ExitOnForwardFailure=yes -o ServerAliveInterval=30 -o ServerAliveCountMax=3 -L ${tunnelConfig.sourcePort}:localhost:${tunnelConfig.endpointPort} ${tunnelConfig.endpointUsername}@${tunnelConfig.endpointIP} ${tunnelMarker} && rm -f ${keyFilePath}`;
tunnelCmd = `echo '${tunnelConfig.endpointSSHKey}' > ${keyFilePath} && chmod 600 ${keyFilePath} && ssh -i ${keyFilePath} -N -o StrictHostKeyChecking=no -o ExitOnForwardFailure=yes -o ServerAliveInterval=30 -o ServerAliveCountMax=3 -R ${tunnelConfig.endpointPort}:localhost:${tunnelConfig.sourcePort} ${tunnelConfig.endpointUsername}@${tunnelConfig.endpointIP} ${tunnelMarker} && rm -f ${keyFilePath}`;
} else {
tunnelCmd = `sshpass -p '${tunnelConfig.endpointPassword || ''}' ssh -N -o StrictHostKeyChecking=no -o ExitOnForwardFailure=yes -o ServerAliveInterval=30 -o ServerAliveCountMax=3 -L ${tunnelConfig.sourcePort}:localhost:${tunnelConfig.endpointPort} ${tunnelConfig.endpointUsername}@${tunnelConfig.endpointIP} ${tunnelMarker}`;
tunnelCmd = `sshpass -p '${tunnelConfig.endpointPassword || ''}' ssh -N -o StrictHostKeyChecking=no -o ExitOnForwardFailure=yes -o ServerAliveInterval=30 -o ServerAliveCountMax=3 -R ${tunnelConfig.endpointPort}:localhost:${tunnelConfig.sourcePort} ${tunnelConfig.endpointUsername}@${tunnelConfig.endpointIP} ${tunnelMarker}`;
}
conn.exec(tunnelCmd, (err, stream) => {
@@ -913,11 +908,11 @@ function connectSSHTunnel(tunnelConfig: TunnelConfig, retryAttempt = 0): void {
}
if (!activeRetryTimers.has(tunnelName) && !retryExhaustedTunnels.has(tunnelName)) {
handleDisconnect(tunnelName, tunnelConfig, !manualDisconnects.has(tunnelName), isLikelyRemoteClosure);
handleDisconnect(tunnelName, tunnelConfig, !manualDisconnects.has(tunnelName));
} else if (retryExhaustedTunnels.has(tunnelName) && isLikelyRemoteClosure) {
retryExhaustedTunnels.delete(tunnelName);
retryCounters.delete(tunnelName);
handleDisconnect(tunnelName, tunnelConfig, true, true);
handleDisconnect(tunnelName, tunnelConfig, true);
}
});
@@ -931,53 +926,7 @@ function connectSSHTunnel(tunnelConfig: TunnelConfig, retryAttempt = 0): void {
stream.stderr.on("data", (data) => {
const errorMsg = data.toString().trim();
const isNonRetryableError = errorMsg.includes("Permission denied") ||
errorMsg.includes("Authentication failed") ||
errorMsg.includes("failed for listen port") ||
errorMsg.includes("address already in use") ||
errorMsg.includes("bind: Address already in use") ||
errorMsg.includes("channel 0: open failed") ||
errorMsg.includes("remote port forwarding failed");
const isRemoteHostClosure = errorMsg.includes("closed by remote host") ||
errorMsg.includes("connection reset by peer") ||
errorMsg.includes("broken pipe");
if (isNonRetryableError || isRemoteHostClosure) {
if (activeRetryTimers.has(tunnelName)) {
return;
}
if (retryExhaustedTunnels.has(tunnelName)) {
if (isRemoteHostClosure) {
retryExhaustedTunnels.delete(tunnelName);
retryCounters.delete(tunnelName);
} else {
return;
}
}
activeTunnels.delete(tunnelName);
if (!manualDisconnects.has(tunnelName)) {
broadcastTunnelStatus(tunnelName, {
connected: false,
status: CONNECTION_STATES.FAILED,
errorType: classifyError(errorMsg),
reason: errorMsg
});
}
const errorType = classifyError(errorMsg);
const shouldNotRetry = !isRemoteHostClosure && (
errorType === ERROR_TYPES.AUTH ||
errorType === ERROR_TYPES.PORT ||
errorType === ERROR_TYPES.PERMISSION
);
handleDisconnect(tunnelName, tunnelConfig, !shouldNotRetry, isRemoteHostClosure);
}
logger.debug(`Tunnel stderr for '${tunnelName}': ${errorMsg}`);
});
});
});
@@ -1071,8 +1020,7 @@ function connectSSHTunnel(tunnelConfig: TunnelConfig, retryAttempt = 0): void {
broadcastTunnelStatus(tunnelName, {
connected: false,
status: CONNECTION_STATES.CONNECTING,
retryCount: retryAttempt > 0 ? retryAttempt : undefined,
isRemoteRetry: !!isRetryAfterRemoteClosure
retryCount: retryAttempt > 0 ? retryAttempt : undefined
});
}
@@ -1182,11 +1130,11 @@ function killRemoteTunnelByMarker(tunnelConfig: TunnelConfig, tunnelName: string
}
// Express API endpoints
app.get('/status', (req, res) => {
app.get('/ssh/tunnel/status', (req, res) => {
res.json(getAllTunnelStatus());
});
app.get('/status/:tunnelName', (req, res) => {
app.get('/ssh/tunnel/status/:tunnelName', (req, res) => {
const {tunnelName} = req.params;
const status = connectionStatus.get(tunnelName);
@@ -1197,7 +1145,7 @@ app.get('/status/:tunnelName', (req, res) => {
res.json({name: tunnelName, status});
});
app.post('/connect', (req, res) => {
app.post('/ssh/tunnel/connect', (req, res) => {
const tunnelConfig: TunnelConfig = req.body;
if (!tunnelConfig || !tunnelConfig.name) {
@@ -1221,7 +1169,7 @@ app.post('/connect', (req, res) => {
res.json({message: 'Connection request received', tunnelName});
});
app.post('/disconnect', (req, res) => {
app.post('/ssh/tunnel/disconnect', (req, res) => {
const {tunnelName} = req.body;
if (!tunnelName) {
@@ -1254,7 +1202,7 @@ app.post('/disconnect', (req, res) => {
res.json({message: 'Disconnect request received', tunnelName});
});
app.post('/cancel', (req, res) => {
app.post('/ssh/tunnel/cancel', (req, res) => {
const {tunnelName} = req.body;
if (!tunnelName) {
@@ -1298,7 +1246,7 @@ app.post('/cancel', (req, res) => {
async function initializeAutoStartTunnels(): Promise<void> {
try {
// Fetch hosts with auto-start tunnel connections from the new internal endpoint
const response = await axios.get('http://localhost:8081/ssh/host/internal', {
const response = await axios.get('http://localhost:8081/ssh/db/host/internal', {
headers: {
'Content-Type': 'application/json',
'X-Internal-Request': '1'