chor: cleanup; added: setup, autostart, license

Author: scolastico

LICENSE

@@ -2,6 +2,8 @@
 
 *wip*
 
+A wrapper arround the Bitwarden CLI to provide a SSH Key Agent IPC interface.
+
 ## Installation
 
 ```bash
@@ -22,6 +24,43 @@ export SSH_AUTH_SOCK=~/.ssh/s-bit-agent.sock
 ```bash
 s-bit-agent --help
 s-bit-agent -- bw --help
-s-bit-agent -- bwa --help # the wrapper will take care about the session creation
+s-bit-agent -- bwa --help
 s-bit-agent status
 ```
+
+## Differences to `bw` and `bwa`
+
+```bash
+user@example:~$ s-bit-agent -- bw status
+{..., "status": "locked"}
+
+user@example:~$ s-bit-agent -- bwa status
+Requesting session
+Connected to server
+Sent S_BIT_AGENT_REQUEST_SESSION
+Received session
+{..., "status": "unlocked"}
+``` 
+
+
+## TODO
+- [X] Add basic IPC communication to talk accordingly to [draft-miller-ssh-agent](https://datatracker.ietf.org/doc/html/draft-miller-ssh-agent)
+- [X] Add caching for the session
+- [X] add a `key add` command
+- [X] Add a `key import` command
+- [X] Add a `status` command
+- [X] Implement S_BIT_AGENT_REQUEST_SESSION into IPC
+- [X] Add a `bw` and `bwa` command
+- [X] Add a `setup` command to automatically install the daemon in the autostart
+- [ ] Look into the secure heap implementation possibilitys
+- [ ] Add a `lock` command
+- [ ] Add setting to disable approval requests, or at least to set a timeout
+- [ ] Fix issue that the agent sometimes stops responding
+- [ ] Add a `key list` command
+- [ ] Add a `key delete` command
+- [ ] Add a `key rename` command
+- [ ] Add a `key export` command
+- [ ] Expand the S_BIT_AGENT_REQUEST_SESSION to also handle some other requests
+- [ ] Add tests
+- [ ] [Maybe™] Develop a Tauri frontend/client, which internally uses the `s-bit-agent` to communicate with the server.
+- [ ] [Maybe™] Add capability to unlock the agent through bitwarden remote approval

README.md

@@ -30,19 +30,22 @@
     "dev": "nest build && REPL=true node dist/s-bit-agent.js",
     "format": "prettier --write \"src/**/*.ts\" \"test/**/*.ts\"",
     "lint:fix": "eslint \"{src,apps,libs,test}/**/*.ts\" --fix",
-    "lint": "eslint \"{src,apps,libs,test}/**/*.ts\""
+    "lint": "eslint \"{src,apps,libs,test}/**/*.ts\"",
+    "license:hash": "node -e \"const f=require('fs'),c=require('crypto'),e=f.readFileSync('./LICENSE'),h=c.createHash('sha256').update(e).digest('hex');console.log(h);\""
   },
   "dependencies": {
     "@bitwarden/cli": "^2024.2.0",
     "@nestjs/common": "^10.0.0",
     "@nestjs/core": "^10.0.0",
     "@nestjs/platform-express": "^10.0.0",
+    "@types/plist": "^3.0.5",
     "colors": "^1.4.0",
     "express": "^4.18.2",
     "inquirer": "^8.2.6",
     "nest-commander": "^3.12.5",
     "node-ipc": "^10.1.0",
     "open": "^9.1.0",
+    "plist": "^3.1.0",
     "reflect-metadata": "^0.2.0",
     "rxjs": "^7.8.1",
     "sshpk": "^1.18.0"

package.json

@@ -4,8 +4,16 @@ import { BitwardenModule } from './bitwarden/bitwarden.module';
 import { CliModule } from './cli/cli.module';
 import { SharedModule } from './shared/shared.module';
 import { GuiModule } from './gui/gui.module';
+import { AutostartModule } from './autostart/autostart.module';
 
 @Module({
-  imports: [SharedModule, KeyModule, BitwardenModule, GuiModule, CliModule],
+  imports: [
+    SharedModule,
+    KeyModule,
+    BitwardenModule,
+    GuiModule,
+    CliModule,
+    AutostartModule,
+  ],
 })
 export class AppModule {}

pnpm-lock.yaml

@@ -1,6 +1,7 @@
 export interface AutostartService {
   name: string; // Human-readable name for user display
-  canActivate(): boolean;
-  install(command: string): Promise<boolean>;
-  uninstall(): Promise<boolean>;
+  canActivate(): Promise<boolean>;
+  install(command: string, name: string, marker: string): Promise<boolean>;
+  uninstall(marker: string): Promise<boolean>;
+  isInstalled(marker: string): Promise<boolean>;
 }

src/app.module.ts

@@ -0,0 +1,19 @@
+import { Global, Module } from '@nestjs/common';
+import { AutostartService } from './autostart.service';
+import { CronAutostartService } from './cron.service';
+import { SystemdAutostartService } from './systemd.service';
+import { XinitrcAutostartService } from './xinitrc.service';
+import { LaunchAgentAutostartService } from './macos.service';
+
+@Global()
+@Module({
+  providers: [
+    AutostartService,
+    CronAutostartService,
+    SystemdAutostartService,
+    XinitrcAutostartService,
+    LaunchAgentAutostartService,
+  ],
+  exports: [AutostartService],
+})
+export class AutostartModule {}

src/autostart/autostart.interface.ts

@@ -0,0 +1,50 @@
+import { Injectable } from '@nestjs/common';
+import { AutostartService as AutostartServiceInterface } from './autostart.interface';
+import { CronAutostartService } from './cron.service';
+import { SystemdAutostartService } from './systemd.service';
+import { XinitrcAutostartService } from './xinitrc.service';
+import { LaunchAgentAutostartService } from './macos.service';
+
+@Injectable()
+export class AutostartService {
+  constructor(
+    private readonly cronService: CronAutostartService,
+    private readonly systemdService: SystemdAutostartService,
+    private readonly xinitrcService: XinitrcAutostartService,
+    private readonly launchAgentService: LaunchAgentAutostartService,
+  ) {}
+
+  async getAvailableServices(): Promise<AutostartServiceInterface[]> {
+    const services = [
+      this.cronService,
+      this.systemdService,
+      this.xinitrcService,
+      this.launchAgentService,
+    ];
+    const res = await Promise.all(
+      services.map((service) => service.canActivate()),
+    );
+    return services.filter((_, i) => res[i]);
+  }
+
+  async isInstalled(
+    services: AutostartServiceInterface[],
+  ): Promise<AutostartServiceInterface | null> {
+    for (const service of services)
+      if (await service.isInstalled('s-bit-agent')) {
+        return service;
+      }
+    return null;
+  }
+
+  install(
+    command: string,
+    service: AutostartServiceInterface,
+  ): Promise<boolean> {
+    return service.install(command, 's.BitAgent', 's-bit-agent');
+  }
+
+  uninstall(service: AutostartServiceInterface): Promise<boolean> {
+    return service.uninstall('s-bit-agent');
+  }
+}

src/autostart/autostart.module.ts

@@ -1,45 +1,67 @@
 import { Injectable } from '@nestjs/common';
-import * as child_process from 'child_process';
 import { AutostartService } from './autostart.interface';
+import * as child_process from 'child_process';
 
 @Injectable()
 export class CronAutostartService implements AutostartService {
-  name = 'Cron';
-  readonly COMMAND_MARKER = 's-bit-agent';
+  name = 'Cron Autostart';
+
+  async canActivate(): Promise<boolean> {
+    return child_process.spawnSync('which', ['crontab']).status === 0;
+  }
 
-  canActivate(): boolean {
+  async install(
+    command: string,
+    name: string,
+    marker: string,
+  ): Promise<boolean> {
     try {
-      child_process.execSync('crontab -l');
+      // Get existing crontab
+      const currentCrontab = child_process.execSync('crontab -l').toString();
+
+      // Check if entry already exists (avoid duplicates)
+      if (currentCrontab.includes(marker)) {
+        console.warn('Autostart entry already exists in crontab');
+        return false;
+      }
+
+      // Append the new entry with the marker
+      const newCrontab =
+        currentCrontab + `@reboot ${command} > /dev/null 2>&1 # ${marker}\n`;
+      child_process.execSync(`echo "${newCrontab}" | crontab -`);
+
       return true;
     } catch (error) {
+      console.error('Error installing cron autostart:', error);
       return false;
     }
   }
 
-  async install(command: string): Promise<boolean> {
+  async uninstall(marker: string): Promise<boolean> {
     try {
-      const modifiedCommand = `${command} # ${this.COMMAND_MARKER}`;
-      child_process.execSync(
-        `(crontab -l; echo "@reboot ${modifiedCommand}") | crontab -`,
-      );
+      const currentCrontab = child_process.execSync('crontab -l').toString();
+
+      // Remove lines containing the marker
+      const newCrontab = currentCrontab
+        .split('\n')
+        .filter((line) => !line.includes(marker))
+        .join('\n');
+
+      child_process.execSync(`echo "${newCrontab}" | crontab -`);
+
       return true;
     } catch (error) {
-      console.error('Cron install error:', error);
+      console.error('Error uninstalling cron autostart:', error);
       return false;
     }
   }
 
-  async uninstall(): Promise<boolean> {
+  async isInstalled(marker: string): Promise<boolean> {
     try {
-      let crontabContents = child_process.execSync('crontab -l').toString();
-      crontabContents = crontabContents
-        .split('\n')
-        .filter((line) => !line.includes(this.COMMAND_MARKER))
-        .join('\n');
-      child_process.execSync(`echo "${crontabContents}" | crontab -`);
-      return true;
+      const currentCrontab = child_process.execSync('crontab -l').toString();
+      return currentCrontab.includes(marker);
     } catch (error) {
-      console.error('Cron uninstall error:', error);
+      console.error('Error checking if cron autostart is installed:', error);
       return false;
     }
   }