const fs = require("fs"); const http = require("http"); const https = require("https"); const path = require("path"); const {execSync} = require('child_process'); const express = require("express"); // could be good to replace with code, no dep // express does not seem architecture dependant thus copying node_modules sufficed for now // (worked at least on RPi, Deck, Quest and x64 machines) // Get port or default to 8082 const port = process.env.PORT || 8082; const protocol = 'https' const subclass = '10.160.168.' //const subclass = '192.168.4.' const publicKeyPath = path.resolve(process.env.HOME,'.ssh','id_rsa_offlineoctopus.pub') const publicKey = fs.readFileSync(publicKeyPath).toString().split(' ')[1] const md5fromPub = fs.readFileSync( path.resolve(__dirname, ".keyfrommd5")).toString().replace('\n','') process.title = 'offtopus' // offline-octopus seems too long const filename = 'editor.html' const fileSaveFullPath = path.join(__dirname,'examples', filename) const minfilename = 'editor.html.minimal' const minfileSaveFullPath = path.join(__dirname,'examples', minfilename) const sshconfigpath = path.resolve(process.env.HOME,'.ssh','config') const propath = path.resolve(process.env.HOME,'Prototypes') // does not apply in a P2P fashion, must rely on local configuration here config.json let localServices = [ ] const configFilePath = path.resolve(__dirname, "config.json") if (fs.existsSync( configFilePath ) ){ const configurationFromFile = JSON.parse( fs.readFileSync( configFilePath ).toString() ) localServices = configurationFromFile } // note that this is crucial to populate properly as this is what allow recombination /* e.g on quest spascanodesecure https localhost 7778 /engine/ requires CORS to fetch here fetch('https://192.168.4.3:8082/available') .then( r => r.json() ) .then( r => { if (r) addNewNote( 'available' ) } ) gitea http localhost 3000 / pmwiki http localhost 4000 /pmwiki.php sshd see quest in ssh config, specific user and port */ const utilsCmd = { // security risk but for now not accepting user input so safer //'update' : { desc: 'note that will lose the state, e.g foundpeers', cmd: 'killall '+process.title+' && ' }, // should first download the new version and proceed only if new // e.g git clone deck@localhost:~/Prototypes/offline-octopus/ // should see /sshconfig // tried git instaweb but unable without lighttpd/apache // would probably be problematic with https anyway // ideally all handles within node 'shutdown' : { cmd: 'shutdown -h now' }, // not available everywhere, e.g unrooted Quest 'listprototypes': { cmd: 'ls', context: {cwd: propath}, format: res => res.toString().split('\n') }, //'npmfind' : { desc: 'package manager finder', cmd: 'find . -wholename "*node_modules/acorn"' }, // security risk if relying on user provided name, e.g replacing acorn by user input // example that could be generalized to other package managers e.g .deb or opkg } // could be interesting to consider also recent containers and ~/.bashrc for services const instructions = ` /home/deck/.ssh/ trusted context, i.e on closed WiFi and over https with bearer authorization /home/deck/.ssh/config limit to known IP subclass e.g cat .ssh/config | grep 192.168.4. -C 3 see /sshconfig could also re-add new entries rather than extend the format /home/deck/server.locatedb seems to be plain text with metadata /home/deck/desktop.plocate.db seems to be a specific format, binary or maybe compressed both should be queriable via http with json output ssh remarkable2 to get drawing preview conversion should be done, if necessary, on device not feasible right now without toltec to get opkg to get node for typed text cat 43*.rm | sed "s/[^a-zA-z0-9 ]//g" | sed "s/[OT,EC]//g" util functions modify WiFi parameters, including AP if available shutdown/reboot ` const auth_instructions = `generate md5 from pub offline-octopus then provide as bearer query param` // Setup and configure Express http server. const app = express(); app.use(express.static(path.resolve(__dirname, ".", "examples"))); // CORS app.use(function(req, res, next) { res.header("Access-Control-Allow-Origin", "*"); res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept"); next(); }); app.get('/', (req, res) => { res.send( instructions ) }) app.get('/authtestviaheader', (req, res) => { if (req.header('authorization') != 'Bearer '+md5fromPub){ res.sendStatus(401); return; } res.sendStatus(200) // fetch('/authtestviaheader', {headers: {'authorization': 'Bearer '+ bearer}}).then(r=>r.text()).then(t=>console.log(t)) // prevents from showing in browser history but also makes testing slightly harder // consider next() for middleware instead of copy/pasting this line }) app.get('/authtest', (req, res) => { if (req.query?.bearer != md5fromPub){ res.send( auth_instructions); return; } // relying on this line for each specific route // this is NOT authentification proper, even less secure // this is done ONLY to avoid mistakes on a secure LAN res.json( {msg: "success"} ) }) app.get('/pwa', (req, res) => { // for offline use on mobile or VR headset // should try to sync back when devices connect back // same when itself connects back to (Internet) own server e.g benetou.fr // can be cascading or federatede or properly P2P // responsive programming also, not "just" design res.redirect('pwa/index.html') // see also /editor }) let resultFromLastGlobalCmd = {} app.get('/allpeers/exec', (req, res) => { if (req.query?.bearer != md5fromPub){ res.send( auth_instructions); return; } if (!req.query.cmdName){ res.json(utilsCmd) } else { foundPeers.map( i => { let url=protocol+'://'+subclass+i+':'+port +'/exec?cmdName='+req.query.cmdName +'&bearer='+req.query.bearer let opt={rejectUnauthorized: false} https.get(url, opt, res => { // to simplify with fetch and promises let data = ''; res.on('data', chunk => { data += chunk; }); res.on('end', () => { console.log('data', url, data) data = JSON.parse(data); resultFromLastGlobalCmd[url] = data }) }).on('error', err => { console.log(err.message); }).end() }) res.json( {msg: 'started'} ) // could redirect('/all/result') instead after a timeout } }) app.get('/allpeers/result', (req, res) => { res.json( resultFromLastGlobalCmd ) }) app.get('/exec', (req, res) => { if (req.query?.bearer != md5fromPub){ res.send( auth_instructions); return; } if (!req.query.cmdName){ res.json(utilsCmd) } else { res.json( execConfiguredCommand(req.query.cmdName) ) } }) function execConfiguredCommand(cmdName){ let resultFromExecution = execSync(utilsCmd[cmdName].cmd, utilsCmd[cmdName].context) let formatter = utilsCmd[cmdName].format if (formatter) resultFromExecution = formatter(resultFromExecution) return resultFromExecution } // app.get('/interface/register', (req, res) => { // consider uinput to access devices proper, e.g physical keyboard // could be use for e.g reMarkable2, Quest2, etc with specifically accepted or prefered formats // app.get('/interface/unregister', (req, res) => { app.get('/services', (req, res) => { // should be updated via register/unregister res.json( localServices ) }) app.get('/services/register', (req, res) => { // see localServices to load and save in configFilePath res.json( {msg: 'not yet implemented'}) // example {name:'hmdlink', desc:'share URL between local devices', protocol:'http', port:8082, path: '/hmdlink', url:'http://192.168.4.3:8082/hmdlink'}, }) app.get('/services/unregister', (req, res) => { res.json( {msg: 'not yet implemented'}) }) app.get('/updates', (req, res) => { // see utilsCmd['update'] // could rely on a git reachable by all peers // this might be feasible from this very https server as read-only // surely feasible via ssh // could killall offtopus first then pull then restart detached res.json( {msg: 'not yet implemented'}) }) app.get('/recentfiles', (req, res) => { // e.g lsof | grep home | grep vim | grep -v firefox // or history | grep vi // should be available after (ideally local) conversion if needed, e.g rm -> .svg on reMarkable res.json( {msg: 'not yet implemented'}) }) let dynURL = 'https://192.168.4.1/offline.html' app.get('/hmdlink/set', (req, res) => { // could be a PUT instead // e.g http://192.168.4.3:8082/hmdlink/set?url=http://192.168.4.3:8082/114df5f8-3921-42f0-81e7-48731b563571.thumbnails/f07120ba-0ca1-429d-869f-c704a52b7aa3.png dynURL = req.query.url res.redirect( dynURL ) }) app.get('/hmdlink', (req, res) => { res.redirect( dynURL ) }) app.get('/webxr', (req, res) => { res.redirect( '/local-metaverse-tooling/local-aframe-test.html' ) }) // user for /scan to populate foundPeers app.get('/available', (req, res) => { res.json( true ) }) app.get('/foundpeers', (req, res) => { res.json( foundPeers ) }) let foundPeers = [] app.get('/scan', (req, res) => { scanpeers() res.json( {msg: 'started'} ) // could redirect('/foundpeers') too after a timeout }) function scanpeers(){ sendEventsToAll({'action':'scanning started'}) foundPeers = [] for (let i=1;i<25;i++){ // async so blasting, gives very quick result for positives let url=protocol+'://'+subclass+i+':'+port+'/available' let opt={rejectUnauthorized: false} https.get(url, opt, res => { let data = ''; res.on('data', chunk => { data += chunk; }); res.on('end', () => { data = JSON.parse(data); foundPeers.push(i) // could also register there and then }) }).on('error', err => { //console.log(err.message); usually ECONNREFUSED or EHOSTUNREACH }).end() } } app.get('/sshconfig', (req, res) => { res.json( getSshConfig() ) // should filter on foundPeers to avoid offline peers }) // note that stopping this process removes the mounts function mountAll(){ getSshConfig().map( l => { let cs = 'sshfs ' + l.name + ':' if (l.custom) cs+= l.custom else cs+='/home/'+l.user return cs + ' ' + path.resolve(__dirname, "sshfsmounts", l.name) } ) .map( l => execSync(l)) } function getSshConfig(){ let txt = fs.readFileSync(sshconfigpath).toString() return txt.split('Host ') .filter( m => m.match(subclass) ) .map( c => { let all = c.replaceAll(' ','') .split('\n') let p = all .filter(i=>i.match(/^[a-zA-Z]/)); let custom = all .filter(i=>i.match(/^#Dir /))[0] ?.split(' ')[1] // custom ~/.ssh/config parameter as comment // user here for home directory in termux let user = p.filter(pm=>pm.match('User '))[0].replace('User ','') let hostname = p.filter(pm=>pm.match('HostName'))[0].replace('HostName ','') let connectionString = user + '@' + hostname let port = p.filter(pm=>pm.match('Port'))[0]?.replace('Port ','') if (port) connectionString += ':' + port return {name: p[0], user, connectionString, custom} }) } /* e.g AFTER mounting f.readdirSync('./sshfsmounts/').map( d=>f.readdirSync('./sshfsmounts/'+d) ) location : /home/deck/Prototypes/offline-octopus/sshfsmounts sshfs remarkable2:/home/root/xochitl-data/ remarkable2/ works if available sshfs fabien@192.168.4.1:/home/fabien/ rpi0/ still prompts for password, need manual login ls rpi0/ ls remarkable2/ must be done after passwordless login, i.e after ssh-copy-id made a dedicated key : /home/deck/.ssh/id_rsa_offlineoctopus easier to revoke if need be */ app.get('/localprototypes', (req, res) => { // examples to disentangle own work for cloned existing repositories : // find Prototypes/ -iwholename */.git/config | xargs grep git.benetou.fr // find ~/Prototypes/ -depth -maxdepth 4 -wholename "*/.git/config" | xargs grep -l git.benetou.fr | sed "s|.*Prototypes/\(.*\)/.git/config|\1|" res.json( execConfiguredCommand('listprototypes') ) }) app.get('/editor/recover', (req, res) => { // could move the previous file with time stamp fs.copyFileSync(minfileSaveFullPath, fileSaveFullPath ) res.json( {msg: 'copied'} ) }) /* * example of finding past local solution, here shiki for syntax highlighting * (deck@steamdeck serverhome)$ find . -iname shiki ./fabien/web/future_of_text_demo/content/shiki (deck@steamdeck serverhome)$ ls ./fabien/web/future_of_text_demo/content/shiki/dist/ onig.wasm see syntax-highlighting branch in SpaSca git repository in /home/deck/serverhome/fabien/web/future_of_text_demo/engine/ */ app.get('/editor/read', (req, res) => { content = fs.readFileSync(fileSaveFullPath ).toString() res.json( {msg: content} ) }) app.get('/editor/save', (req, res) => { let content = req.query.content // does not escape, loses newlines if (!content){ res.json( {msg: 'missing content'} ) } else { console.log('writting', content) fs.writeFileSync(fileSaveFullPath, content) res.json( {msg: 'written to '+fileSaveFullPath} ) } }) const privateKey = fs.readFileSync("naf-key.pem", "utf8"); const certificate = fs.readFileSync("naf.pem", "utf8"); const credentials = { key: privateKey, cert: certificate }; const webServer = https.createServer(credentials, app); // Start Express http server // const webServer = http.createServer(app); // Listen on port webServer.listen(port, () => { console.log("listening on "+protocol+"://localhost:" + port); }); // SSE from https://www.digitalocean.com/community/tutorials/nodejs-server-sent-events-build-realtime-app // adapted from jxr-permanence let clients = []; function eventsHandler(request, response, next) { const headers = { 'Content-Type': 'text/event-stream', 'Connection': 'keep-alive', 'Cache-Control': 'no-cache' }; response.writeHead(200, headers); const clientId = Date.now(); const newClient = { id: clientId, response }; clients.push(newClient); request.on('close', () => { clients = clients.filter(client => client.id !== clientId); }); } function sendEventsToAll(data) { // function used to broadcast clients.forEach(client => client.response.write(`data: ${JSON.stringify(data)}\n\n`)) } app.get('/events', eventsHandler); // for example /events.html shows when /scan begings (but not ends)