offline-octopus/index.js

const fs = require("fs");
const http = require("http");
const https = require("https");
const path = require("path");
const {execSync}  = require('child_process');
const express = require("express");           // could be good to replace with code, no dep
// express does not seem architecture dependant thus copying node_modules sufficed for now
// (worked at least on RPi, Deck, Quest and x64 machines)

// Get port or default to 8082
const port = process.env.PORT || 8082;
const protocol = 'https'
const subclass = '10.160.168.'
//const subclass = '192.168.4.'

const publicKeyPath = path.resolve(process.env.HOME,'.ssh','id_rsa_offlineoctopus.pub')
const publicKey = fs.readFileSync(publicKeyPath).toString().split(' ')[1]

const md5fromPub = fs.readFileSync( path.resolve(__dirname, ".keyfrommd5")).toString().replace('\n','')

process.title = 'offtopus' // offline-octopus seems too long

const filename = 'editor.html'
const fileSaveFullPath = path.join(__dirname,'examples', filename)
const minfilename = 'editor.html.minimal'
const minfileSaveFullPath = path.join(__dirname,'examples', minfilename)

const sshconfigpath = path.resolve(process.env.HOME,'.ssh','config')
const propath = path.resolve(process.env.HOME,'Prototypes')

// does not apply in a P2P fashion, must rely on local configuration here config.json
let localServices = [ ]
const configFilePath = path.resolve(__dirname, "config.json")
if (fs.existsSync( configFilePath ) ){
	const configurationFromFile = JSON.parse( fs.readFileSync( configFilePath ).toString() )
	localServices = configurationFromFile
}

// note that this is crucial to populate properly as this is what allow recombination
/* e.g on quest 
spascanodesecure https localhost 7778 /engine/ 
	requires CORS to fetch here
	fetch('https://192.168.4.3:8082/available')
		.then( r => r.json() )
                .then( r => { if (r) addNewNote( 'available' ) } )

gitea http localhost 3000 /
pmwiki http localhost 4000 /pmwiki.php
sshd see quest in ssh config, specific user and port
 */

const utilsCmd = { // security risk but for now not accepting user input so safer
	//'update' : { desc: 'note that will lose the state, e.g foundpeers', cmd: 'killall '+process.title+' && ' },
	// should first download the new version and proceed only if new
		// e.g git clone deck@localhost:~/Prototypes/offline-octopus/
		// should see /sshconfig
	// tried git instaweb but unable without lighttpd/apache
		// would probably be problematic with https anyway
	// ideally all handles within node
	'shutdown' : { cmd: 'shutdown -h now' }, // not available everywhere, e.g unrooted Quest
	'listprototypes': { cmd: 'ls', context: {cwd: propath},
		format: res => res.toString().split('\n')
	},
	//'npmfind' : { desc: 'package manager finder', cmd: 'find . -wholename "*node_modules/acorn"' }, 
		// security risk if relying on user provided name, e.g replacing acorn by user input
		// example that could be generalized to other package managers e.g .deb or opkg
}
// could be interesting to consider also recent containers and ~/.bashrc for services

const instructions = `
/home/deck/.ssh/
	trusted context, i.e on closed WiFi and over https with bearer authorization
/home/deck/.ssh/config
	limit to known IP subclass e.g cat .ssh/config | grep 192.168.4. -C 3
		see /sshconfig
	could also re-add new entries rather than extend the format
/home/deck/server.locatedb
		seems to be plain text with metadata
/home/deck/desktop.plocate.db
		seems to be a specific format, binary or maybe compressed
	both should be queriable via http with json output

ssh remarkable2 to get drawing preview
	conversion should be done, if necessary, on device
		not feasible right now without toltec to get opkg to get node
	for typed text
		cat 43*.rm | sed "s/[^a-zA-z0-9 ]//g" | sed "s/[OT,EC]//g"

util functions
	modify WiFi parameters, including AP if available
	shutdown/reboot
`

const auth_instructions = `generate md5 from pub offline-octopus then provide as bearer query param`

// Setup and configure Express http server.
const app = express();
app.use(express.static(path.resolve(__dirname, ".", "examples")));

// CORS
app.use(function(req, res, next) {
    res.header("Access-Control-Allow-Origin", "*"); 
    res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
    next();
});

app.get('/', (req, res) => {
	res.send( instructions )
})

app.get('/authtestviaheader', (req, res) => {
	if (req.header('authorization') != 'Bearer '+md5fromPub){ res.sendStatus(401); return; }
	res.sendStatus(200)
	// fetch('/authtestviaheader', {headers: {'authorization': 'Bearer '+ bearer}}).then(r=>r.text()).then(t=>console.log(t))
		// prevents from showing in browser history but also makes testing slightly harder
	// consider next() for middleware instead of copy/pasting this line
})

app.get('/authtest', (req, res) => {
	if (req.query?.bearer != md5fromPub){ res.send( auth_instructions); return; }
	// relying on this line for each specific route
		// this is NOT authentification proper, even less secure
		// this is done ONLY to avoid mistakes on a secure LAN
	res.json( {msg: "success"} )
})

app.get('/pwa', (req, res) => {
	// for offline use on mobile or VR headset
		// should try to sync back when devices connect back
			// same when itself connects back to (Internet) own server e.g benetou.fr
			// can be cascading or federatede or properly P2P
	// responsive programming also, not "just" design
	res.redirect('pwa/index.html')
	// see also /editor
})

let resultFromLastGlobalCmd = {}

app.get('/allpeers/exec', (req, res) => {
	if (req.query?.bearer != md5fromPub){ res.send( auth_instructions); return; }
	if (!req.query.cmdName){
		res.json(utilsCmd)
	} else {
		foundPeers.map( i => {
			let url=protocol+'://'+subclass+i+':'+port
				+'/exec?cmdName='+req.query.cmdName
				+'&bearer='+req.query.bearer
			let opt={rejectUnauthorized: false}
			https.get(url, opt, res => {
			// to simplify with fetch and promises
			  let data = '';
			  res.on('data', chunk => {
			    data += chunk;
			  });
			  res.on('end', () => {
				  console.log('data', url, data)
			    data = JSON.parse(data);
			    resultFromLastGlobalCmd[url] = data
			  })
			}).on('error', err => {
			  console.log(err.message);
			}).end()
		})
		res.json( {msg: 'started'} ) // could redirect('/all/result') instead after a timeout
	}
})
app.get('/allpeers/result', (req, res) => {
	res.json( resultFromLastGlobalCmd )
})

app.get('/exec', (req, res) => {
	if (req.query?.bearer != md5fromPub){ res.send( auth_instructions); return; }
	if (!req.query.cmdName){
		res.json(utilsCmd)
	} else {
		res.json( execConfiguredCommand(req.query.cmdName) )
	}
})

function execConfiguredCommand(cmdName){
	let resultFromExecution = execSync(utilsCmd[cmdName].cmd, utilsCmd[cmdName].context) 
	let formatter = utilsCmd[cmdName].format
	if (formatter) resultFromExecution = formatter(resultFromExecution)
	return resultFromExecution
}

// app.get('/interface/register', (req, res) => {
	// consider uinput to access devices proper, e.g physical keyboard
// could be use for e.g reMarkable2, Quest2, etc with specifically accepted or prefered formats
// app.get('/interface/unregister', (req, res) => {

app.get('/services', (req, res) => {
	// should be updated via register/unregister
	res.json( localServices )
})

app.get('/services/register', (req, res) => {
// see localServices to load and save in configFilePath
	res.json( {msg: 'not yet implemented'})
	// example {name:'hmdlink', desc:'share URL between local devices', protocol:'http', port:8082, path: '/hmdlink', url:'http://192.168.4.3:8082/hmdlink'},
})

app.get('/services/unregister', (req, res) => {
	res.json( {msg: 'not yet implemented'})
})

app.get('/updates', (req, res) => {
	// see utilsCmd['update']
	// could rely on a git reachable by all peers
		// this might be feasible from this very https server as read-only
		// surely feasible via ssh
	// could killall offtopus first then pull then restart detached
	res.json( {msg: 'not yet implemented'})
})

app.get('/recentfiles', (req, res) => {
	// e.g lsof | grep home | grep vim | grep -v firefox
	// or history | grep vi
	// should be available after (ideally local) conversion if needed, e.g rm -> .svg on reMarkable
	res.json( {msg: 'not yet implemented'})
})

let dynURL = 'https://192.168.4.1/offline.html'
app.get('/hmdlink/set', (req, res) => { // could be a PUT instead
	// e.g http://192.168.4.3:8082/hmdlink/set?url=http://192.168.4.3:8082/114df5f8-3921-42f0-81e7-48731b563571.thumbnails/f07120ba-0ca1-429d-869f-c704a52b7aa3.png
	dynURL = req.query.url 
	res.redirect( dynURL )
})

app.get('/hmdlink', (req, res) => {
	res.redirect( dynURL )
})

app.get('/webxr', (req, res) => {
	res.redirect( '/local-metaverse-tooling/local-aframe-test.html' )
})

// user for /scan to populate foundPeers
app.get('/available', (req, res) => {
	res.json( true )
})

app.get('/foundpeers', (req, res) => {
	res.json( foundPeers )
})

let foundPeers = []
app.get('/scan', (req, res) => {
	scanpeers()
	res.json( {msg: 'started'} ) // could redirect('/foundpeers') too after a timeout
})

function scanpeers(){
	sendEventsToAll({'action':'scanning started'})
	foundPeers = []
	for (let i=1;i<25;i++){ // async so blasting, gives very quick result for positives
		let url=protocol+'://'+subclass+i+':'+port+'/available'
		let opt={rejectUnauthorized: false}
		https.get(url, opt, res => {
		  let data = '';
		  res.on('data', chunk => {
		    data += chunk;
		  });
		  res.on('end', () => {
		    data = JSON.parse(data);
		    foundPeers.push(i)
			  // could also register there and then
		  })
		}).on('error', err => {
		  //console.log(err.message); usually ECONNREFUSED or EHOSTUNREACH
		}).end()
	}
}

app.get('/sshconfig', (req, res) => {
	res.json( getSshConfig() )
	// should filter on foundPeers to avoid offline peers
})

// note that stopping this process removes the mounts
function mountAll(){
	getSshConfig().map( l => {
		let cs = 'sshfs ' + l.name + ':'
		if (l.custom)
			cs+= l.custom
		else
			cs+='/home/'+l.user
		return cs + ' ' + path.resolve(__dirname, "sshfsmounts", l.name)
		} )
		.map( l => execSync(l))
}

function getSshConfig(){
	let txt = fs.readFileSync(sshconfigpath).toString()
	return txt.split('Host ')
		.filter( m => m.match(subclass) )
		.map( c => {
			let all = c.replaceAll('    ','')
				.split('\n')
			let p = all
				.filter(i=>i.match(/^[a-zA-Z]/));
			let custom = all
				.filter(i=>i.match(/^#Dir /))[0]
				?.split(' ')[1]
			// custom ~/.ssh/config parameter as comment
			// user here for home directory in termux

			let user = p.filter(pm=>pm.match('User '))[0].replace('User ','')
			let hostname = p.filter(pm=>pm.match('HostName'))[0].replace('HostName ','')
			let connectionString = user + '@' + hostname
			let port = p.filter(pm=>pm.match('Port'))[0]?.replace('Port ','')
			if (port) connectionString += ':' + port
			return {name: p[0], user, connectionString, custom}
		})
}

/*
 e.g AFTER mounting
	 f.readdirSync('./sshfsmounts/').map( d=>f.readdirSync('./sshfsmounts/'+d) )
 location : /home/deck/Prototypes/offline-octopus/sshfsmounts
  sshfs remarkable2:/home/root/xochitl-data/ remarkable2/
  works if available
  sshfs fabien@192.168.4.1:/home/fabien/ rpi0/
  still prompts for password, need manual login
  ls rpi0/
  ls remarkable2/

  must be done after passwordless login, i.e after ssh-copy-id
  	made a dedicated key : /home/deck/.ssh/id_rsa_offlineoctopus
	easier to revoke if need be
  */

app.get('/localprototypes', (req, res) => {
	// examples to disentangle own work for cloned existing repositories :
		// find Prototypes/ -iwholename */.git/config | xargs grep git.benetou.fr
		// find ~/Prototypes/ -depth -maxdepth 4 -wholename "*/.git/config" | xargs grep -l git.benetou.fr | sed "s|.*Prototypes/\(.*\)/.git/config|\1|"
	res.json( execConfiguredCommand('listprototypes') )
})

app.get('/editor/recover', (req, res) => {
	// could move the previous file with time stamp
	fs.copyFileSync(minfileSaveFullPath, fileSaveFullPath )
	res.json( {msg: 'copied'} ) 
})

/*
 * example of finding past local solution, here shiki for syntax highlighting
 *
(deck@steamdeck serverhome)$ find . -iname shiki
./fabien/web/future_of_text_demo/content/shiki
(deck@steamdeck serverhome)$ ls ./fabien/web/future_of_text_demo/content/shiki/dist/
onig.wasm

see syntax-highlighting branch in SpaSca git repository
	in /home/deck/serverhome/fabien/web/future_of_text_demo/engine/
*/


app.get('/editor/read', (req, res) => {
	content = fs.readFileSync(fileSaveFullPath ).toString()
	res.json( {msg: content} ) 
})

app.get('/editor/save', (req, res) => {
	let content = req.query.content // does not escape, loses newlines
	if (!content){
		res.json( {msg: 'missing content'} )
	} else {
		console.log('writting', content)
		fs.writeFileSync(fileSaveFullPath, content)
		res.json( {msg: 'written to '+fileSaveFullPath} )
	}
})

const privateKey = fs.readFileSync("naf-key.pem", "utf8");
const certificate = fs.readFileSync("naf.pem", "utf8");
const credentials = { key: privateKey, cert: certificate };

const webServer = https.createServer(credentials, app);
// Start Express http server
// const webServer = http.createServer(app);
// Listen on port
webServer.listen(port, () => {
    console.log("listening on "+protocol+"://localhost:" + port);
});

// SSE from https://www.digitalocean.com/community/tutorials/nodejs-server-sent-events-build-realtime-app
// adapted from jxr-permanence
let clients = [];

function eventsHandler(request, response, next) {
  const headers = {
    'Content-Type': 'text/event-stream',
    'Connection': 'keep-alive',
    'Cache-Control': 'no-cache'
  };
  response.writeHead(200, headers);
  const clientId = Date.now();
  const newClient = { id: clientId, response };
  clients.push(newClient);
  request.on('close', () => { clients = clients.filter(client => client.id !== clientId); });
}

function sendEventsToAll(data) {
  // function used to broadcast
  clients.forEach(client => client.response.write(`data: ${JSON.stringify(data)}\n\n`))
}

app.get('/events', eventsHandler);
// for example /events.html shows when /scan begings (but not ends)