[PM-7846] Implement a rust based native messaging proxy and IPC system (#9894)
* [PM-7846] Implement a rust based native messaging proxy and IPC system
* Only build desktop_proxy
* Bundle the desktop_proxy file
* Make sys deps optional for the proxy
* Restore accidentally deleted after-sign
* Update native cache to contain dist folder
* Add some test logging
* Native module cache seems very aggressive
* Fix invalid directory
* Fix debug print
* Remove cache force
* Remove cache debug code
* Only log to file in debug builds
* Place the binary in the correct place for mac and make sure it's signed
* Fix platform paths
* Test unsigned appx
* Revert "Test unsigned appx"
This reverts commit e47535440a.
* Fix comment
* Remove logs
* Use debug builds in native code, and test private path on MacOS
* Add connected message
* Update IPC API comments
* Update linux to also use XDG_ dir
* Update main.rs comment
* Improve docs and split some tasks spawned into separate functions
* Update send docs and return number of elements sent
* Mark `listen` as async to ensure it runs in a tokio context, handle errors better
* Add log on client channel closed
* Move binary to MacOS folder, and sign it manually so it gets the correct entitlements
* Fix some review comments
* Run prettier
* Added missing zbus_polkit dep
* Extract magic number and increase it to match spec
* Comment fix
* Use Napi object, combine nativeBinding export, always log to file
* Missed one comment
* Remove unnecessary generics
* Correct comment
* Select only codesigning identities
* Filter certificates
* Also add local dev cert
* Remove log
* Fix package ID
* debug_assert won't run the pop() in release mode
* Better error messages
* Fix review comments
* Remove unnecessary comment
* Update napi generated TS file
* Temporary fix for DDG
pull/10155/head^2
Daniel García
2 years ago
committed by
GitHub
parent
196729fe94
commit
55874b72bf
@ -1,3 +1,3 @@
|
||||
[workspace]
|
||||
resolver = "2"
|
||||
members = ["napi", "core"]
|
||||
members = ["napi", "core", "proxy"]
|
||||
|
||||
@ -0,0 +1,68 @@
|
||||
/* eslint-disable @typescript-eslint/no-var-requires */
|
||||
const child_process = require("child_process");
|
||||
const fs = require("fs");
|
||||
const path = require("path");
|
||||
const process = require("process");
|
||||
|
||||
let crossPlatform = process.argv.length > 2 && process.argv[2] === "cross-platform";
|
||||
|
||||
function buildNapiModule(target, release = true) {
|
||||
const targetArg = target ? `--target ${target}` : "";
|
||||
const releaseArg = release ? "--release" : "";
|
||||
return child_process.execSync(`npm run build -- ${releaseArg} ${targetArg}`, { stdio: 'inherit', cwd: path.join(__dirname, "napi") });
|
||||
}
|
||||
|
||||
function buildProxyBin(target, release = true) {
|
||||
const targetArg = target ? `--target ${target}` : "";
|
||||
const releaseArg = release ? "--release" : "";
|
||||
return child_process.execSync(`cargo build --bin desktop_proxy ${releaseArg} ${targetArg}`, {stdio: 'inherit', cwd: path.join(__dirname, "proxy")});
|
||||
}
|
||||
|
||||
if (!crossPlatform) {
|
||||
console.log("Building native modules in debug mode for the native architecture");
|
||||
buildNapiModule(false, false);
|
||||
buildProxyBin(false, false);
|
||||
return;
|
||||
}
|
||||
|
||||
// Note that targets contains pairs of [rust target, node arch]
|
||||
// We do this to move the output binaries to a location that can
|
||||
// be easily accessed from electron-builder using ${os} and ${arch}
|
||||
let targets = [];
|
||||
switch (process.platform) {
|
||||
case "win32":
|
||||
targets = [
|
||||
["i686-pc-windows-msvc", 'ia32'],
|
||||
["x86_64-pc-windows-msvc", 'x64'],
|
||||
["aarch64-pc-windows-msvc", 'arm64']
|
||||
];
|
||||
break;
|
||||
|
||||
case "darwin":
|
||||
targets = [
|
||||
["x86_64-apple-darwin", 'x64'],
|
||||
["aarch64-apple-darwin", 'arm64']
|
||||
];
|
||||
break;
|
||||
|
||||
default:
|
||||
targets = [
|
||||
['x86_64-unknown-linux-musl', 'x64']
|
||||
];
|
||||
|
||||
process.env["PKG_CONFIG_ALLOW_CROSS"] = "1";
|
||||
process.env["PKG_CONFIG_ALL_STATIC"] = "1";
|
||||
break;
|
||||
}
|
||||
|
||||
console.log("Cross building native modules for the targets: ", targets.map(([target, _]) => target).join(", "));
|
||||
|
||||
fs.mkdirSync(path.join(__dirname, "dist"), { recursive: true });
|
||||
|
||||
targets.forEach(([target, nodeArch]) => {
|
||||
buildNapiModule(target);
|
||||
buildProxyBin(target);
|
||||
|
||||
const ext = process.platform === "win32" ? ".exe" : "";
|
||||
fs.copyFileSync(path.join(__dirname, "target", target, "release", `desktop_proxy${ext}`), path.join(__dirname, "dist", `desktop_proxy.${process.platform}-${nodeArch}${ext}`));
|
||||
});
|
||||
@ -0,0 +1,102 @@
|
||||
use std::{
|
||||
path::{Path, PathBuf},
|
||||
time::Duration,
|
||||
};
|
||||
|
||||
use interprocess::local_socket::{
|
||||
tokio::{prelude::*, Stream},
|
||||
GenericFilePath, ToFsName,
|
||||
};
|
||||
use log::{error, info};
|
||||
use tokio::{
|
||||
io::{AsyncReadExt, AsyncWriteExt},
|
||||
time::sleep,
|
||||
};
|
||||
|
||||
use crate::ipc::NATIVE_MESSAGING_BUFFER_SIZE;
|
||||
|
||||
pub async fn connect(
|
||||
path: PathBuf,
|
||||
send: tokio::sync::mpsc::Sender<String>,
|
||||
mut recv: tokio::sync::mpsc::Receiver<String>,
|
||||
) {
|
||||
// Keep track of connection failures to make sure we don't leave the process as a zombie
|
||||
let mut connection_failures = 0;
|
||||
|
||||
loop {
|
||||
match connect_inner(&path, &send, &mut recv).await {
|
||||
Ok(()) => return,
|
||||
Err(e) => {
|
||||
connection_failures += 1;
|
||||
if connection_failures >= 20 {
|
||||
error!("Failed to connect to IPC server after 20 attempts: {e}");
|
||||
return;
|
||||
}
|
||||
|
||||
error!("Failed to connect to IPC server: {e}");
|
||||
}
|
||||
}
|
||||
|
||||
sleep(Duration::from_secs(5)).await;
|
||||
}
|
||||
}
|
||||
|
||||
async fn connect_inner(
|
||||
path: &Path,
|
||||
send: &tokio::sync::mpsc::Sender<String>,
|
||||
recv: &mut tokio::sync::mpsc::Receiver<String>,
|
||||
) -> Result<(), Box<dyn std::error::Error>> {
|
||||
info!("Attempting to connect to {}", path.display());
|
||||
|
||||
let name = path.as_os_str().to_fs_name::<GenericFilePath>()?;
|
||||
let mut conn = Stream::connect(name).await?;
|
||||
|
||||
info!("Connected to {}", path.display());
|
||||
|
||||
// This `connected` and the latter `disconnected` messages are the only ones that
|
||||
// are sent from the Rust IPC code and not just forwarded from the desktop app.
|
||||
// As it's only two, we hardcode the JSON values to avoid pulling in a JSON library.
|
||||
send.send("{\"command\":\"connected\"}".to_owned()).await?;
|
||||
|
||||
let mut buffer = vec![0; NATIVE_MESSAGING_BUFFER_SIZE];
|
||||
|
||||
// Listen to IPC messages
|
||||
loop {
|
||||
tokio::select! {
|
||||
// Forward messages to the IPC server
|
||||
msg = recv.recv() => {
|
||||
match msg {
|
||||
Some(msg) => {
|
||||
conn.write_all(msg.as_bytes()).await?;
|
||||
}
|
||||
None => {
|
||||
info!("Client channel closed");
|
||||
break;
|
||||
},
|
||||
}
|
||||
},
|
||||
|
||||
// Forward messages from the IPC server
|
||||
res = conn.read(&mut buffer[..]) => {
|
||||
match res {
|
||||
Err(e) => {
|
||||
error!("Error reading from IPC server: {e}");
|
||||
break;
|
||||
}
|
||||
Ok(0) => {
|
||||
info!("Connection closed");
|
||||
break;
|
||||
}
|
||||
Ok(n) => {
|
||||
let message = String::from_utf8_lossy(&buffer[..n]).to_string();
|
||||
send.send(message).await?;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
let _ = send.send("{\"command\":\"disconnected\"}".to_owned()).await;
|
||||
|
||||
Ok(())
|
||||
}
|
||||
@ -0,0 +1,64 @@
|
||||
pub mod client;
|
||||
pub mod server;
|
||||
|
||||
/// The maximum size of a message that can be sent over IPC.
|
||||
/// According to the documentation, the maximum size sent to the browser is 1MB.
|
||||
/// While the maximum size sent from the browser to the native messaging host is 4GB.
|
||||
///
|
||||
/// Currently we are setting the maximum both ways to be 1MB.
|
||||
///
|
||||
/// https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Native_messaging#app_side
|
||||
/// https://developer.chrome.com/docs/extensions/develop/concepts/native-messaging#native-messaging-host-protocol
|
||||
pub const NATIVE_MESSAGING_BUFFER_SIZE: usize = 1024 * 1024;
|
||||
|
||||
/// The maximum number of messages that can be buffered in a channel.
|
||||
/// This number is more or less arbitrary and can be adjusted as needed,
|
||||
/// but ideally the messages should be processed as quickly as possible.
|
||||
pub const MESSAGE_CHANNEL_BUFFER: usize = 32;
|
||||
|
||||
/// Resolve the path to the IPC socket.
|
||||
pub fn path(name: &str) -> std::path::PathBuf {
|
||||
#[cfg(target_os = "windows")]
|
||||
{
|
||||
// Use a unique IPC pipe //./pipe/xxxxxxxxxxxxxxxxx.app.bitwarden per user.
|
||||
// Hashing prevents problems with reserved characters and file length limitations.
|
||||
use base64::{engine::general_purpose::URL_SAFE_NO_PAD, Engine};
|
||||
use sha2::Digest;
|
||||
let home = dirs::home_dir().unwrap();
|
||||
let hash = sha2::Sha256::digest(home.as_os_str().as_encoded_bytes());
|
||||
let hash_b64 = URL_SAFE_NO_PAD.encode(hash.as_slice());
|
||||
|
||||
format!(r"\\.\pipe\{hash_b64}.app.{name}").into()
|
||||
}
|
||||
|
||||
#[cfg(target_os = "macos")]
|
||||
{
|
||||
let mut home = dirs::home_dir().unwrap();
|
||||
|
||||
// When running in an unsandboxed environment, path is: /Users/<user>/
|
||||
// While running sandboxed, it's different: /Users/<user>/Library/Containers/com.bitwarden.desktop/Data
|
||||
//
|
||||
// We want to use App Groups in /Users/<user>/Library/Group Containers/LTZ2PFU5D6.com.bitwarden.desktop,
|
||||
// so we need to remove all the components after the user.
|
||||
// Note that we subtract 3 because the root directory is counted as a component (/, Users, <user>).
|
||||
let num_components = home.components().count();
|
||||
for _ in 0..num_components - 3 {
|
||||
home.pop();
|
||||
}
|
||||
|
||||
home.join(format!(
|
||||
"Library/Group Containers/LTZ2PFU5D6.com.bitwarden.desktop/tmp/app.{name}"
|
||||
))
|
||||
}
|
||||
|
||||
#[cfg(target_os = "linux")]
|
||||
{
|
||||
// On Linux, we use the user's cache directory.
|
||||
let home = dirs::cache_dir().unwrap();
|
||||
let path_dir = home.join("com.bitwarden.desktop");
|
||||
|
||||
// The chache directory might not exist, so create it
|
||||
let _ = std::fs::create_dir_all(&path_dir);
|
||||
path_dir.join(format!("app.{name}"))
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,232 @@
|
||||
use std::{error::Error, path::Path, vec};
|
||||
|
||||
use futures::TryFutureExt;
|
||||
|
||||
use anyhow::Result;
|
||||
use interprocess::local_socket::{tokio::prelude::*, GenericFilePath, ListenerOptions};
|
||||
use log::{error, info};
|
||||
use tokio::{
|
||||
io::{AsyncRead, AsyncReadExt, AsyncWrite, AsyncWriteExt},
|
||||
sync::{broadcast, mpsc},
|
||||
};
|
||||
use tokio_util::sync::CancellationToken;
|
||||
|
||||
use super::{MESSAGE_CHANNEL_BUFFER, NATIVE_MESSAGING_BUFFER_SIZE};
|
||||
|
||||
#[derive(Debug)]
|
||||
pub struct Message {
|
||||
pub client_id: u32,
|
||||
pub kind: MessageType,
|
||||
// This value should be Some for MessageType::Message and None for the rest
|
||||
pub message: Option<String>,
|
||||
}
|
||||
|
||||
#[derive(Debug)]
|
||||
pub enum MessageType {
|
||||
Connected,
|
||||
Disconnected,
|
||||
Message,
|
||||
}
|
||||
|
||||
pub struct Server {
|
||||
cancel_token: CancellationToken,
|
||||
server_to_clients_send: broadcast::Sender<String>,
|
||||
}
|
||||
|
||||
impl Server {
|
||||
/// Create and start the IPC server without blocking.
|
||||
///
|
||||
/// # Parameters
|
||||
///
|
||||
/// - `name`: The endpoint name to listen on. This name uniquely identifies the IPC connection and must be the same for both the server and client.
|
||||
/// - `client_to_server_send`: This [`mpsc::Sender<Message>`] will receive all the [`Message`]'s that the clients send to this server.
|
||||
pub fn start(
|
||||
path: &Path,
|
||||
client_to_server_send: mpsc::Sender<Message>,
|
||||
) -> Result<Self, Box<dyn Error>> {
|
||||
// If the unix socket file already exists, we get an error when trying to bind to it. So we remove it first.
|
||||
// Any processes that were using the old socket should remain connected to it but any new connections will use the new socket.
|
||||
if !cfg!(windows) {
|
||||
let _ = std::fs::remove_file(path);
|
||||
}
|
||||
|
||||
let name = path.as_os_str().to_fs_name::<GenericFilePath>()?;
|
||||
let opts = ListenerOptions::new().name(name);
|
||||
let listener = opts.create_tokio()?;
|
||||
|
||||
// This broadcast channel is used for sending messages to all connected clients, and so the sender
|
||||
// will be stored in the server while the receiver will be cloned and passed to each client handler.
|
||||
let (server_to_clients_send, server_to_clients_recv) =
|
||||
broadcast::channel::<String>(MESSAGE_CHANNEL_BUFFER);
|
||||
|
||||
// This cancellation token allows us to cleanly stop the server and all the spawned
|
||||
// tasks without having to wait on all the pending tasks finalizing first
|
||||
let cancel_token = CancellationToken::new();
|
||||
|
||||
// Create the server and start listening for incoming connections
|
||||
// in a separate task to avoid blocking the current task
|
||||
let server = Server {
|
||||
cancel_token: cancel_token.clone(),
|
||||
server_to_clients_send,
|
||||
};
|
||||
tokio::spawn(listen_incoming(
|
||||
listener,
|
||||
client_to_server_send,
|
||||
server_to_clients_recv,
|
||||
cancel_token,
|
||||
));
|
||||
|
||||
Ok(server)
|
||||
}
|
||||
|
||||
/// Send a message over the IPC server to all the connected clients
|
||||
///
|
||||
/// # Returns
|
||||
///
|
||||
/// The number of clients that the message was sent to. Note that the number of messages
|
||||
/// sent may be less than the number of connected clients if some clients disconnect while
|
||||
/// the message is being sent.
|
||||
pub fn send(&self, message: String) -> Result<usize> {
|
||||
let sent = self.server_to_clients_send.send(message)?;
|
||||
Ok(sent)
|
||||
}
|
||||
|
||||
/// Stop the IPC server.
|
||||
pub fn stop(&self) {
|
||||
self.cancel_token.cancel();
|
||||
}
|
||||
}
|
||||
|
||||
impl Drop for Server {
|
||||
fn drop(&mut self) {
|
||||
self.stop();
|
||||
}
|
||||
}
|
||||
|
||||
async fn listen_incoming(
|
||||
listener: LocalSocketListener,
|
||||
client_to_server_send: mpsc::Sender<Message>,
|
||||
server_to_clients_recv: broadcast::Receiver<String>,
|
||||
cancel_token: CancellationToken,
|
||||
) {
|
||||
// We use a simple incrementing ID for each client
|
||||
let mut next_client_id = 1_u32;
|
||||
|
||||
loop {
|
||||
tokio::select! {
|
||||
_ = cancel_token.cancelled() => {
|
||||
info!("IPC server cancelled.");
|
||||
break;
|
||||
},
|
||||
|
||||
// A new client connection has been established
|
||||
msg = listener.accept() => {
|
||||
match msg {
|
||||
Ok(client_stream) => {
|
||||
let client_id = next_client_id;
|
||||
next_client_id += 1;
|
||||
|
||||
let future = handle_connection(
|
||||
client_stream,
|
||||
client_to_server_send.clone(),
|
||||
// We resubscribe to the receiver here so this task can have it's own copy
|
||||
// Note that this copy will only receive messages sent after this point,
|
||||
// but that is okay, realistically we don't want any messages before we get a chance
|
||||
// to send the connected message to the client, which is done inside [`handle_connection`]
|
||||
server_to_clients_recv.resubscribe(),
|
||||
cancel_token.clone(),
|
||||
client_id
|
||||
);
|
||||
tokio::spawn(future.map_err(|e| {
|
||||
error!("Error handling connection: {}", e)
|
||||
}));
|
||||
},
|
||||
Err(e) => {
|
||||
error!("Error accepting connection: {}", e);
|
||||
break;
|
||||
},
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
async fn handle_connection(
|
||||
mut client_stream: impl AsyncRead + AsyncWrite + Unpin,
|
||||
client_to_server_send: mpsc::Sender<Message>,
|
||||
mut server_to_clients_recv: broadcast::Receiver<String>,
|
||||
cancel_token: CancellationToken,
|
||||
client_id: u32,
|
||||
) -> Result<(), Box<dyn Error>> {
|
||||
client_to_server_send
|
||||
.send(Message {
|
||||
client_id,
|
||||
kind: MessageType::Connected,
|
||||
message: None,
|
||||
})
|
||||
.await?;
|
||||
|
||||
let mut buf = vec![0u8; NATIVE_MESSAGING_BUFFER_SIZE];
|
||||
|
||||
loop {
|
||||
tokio::select! {
|
||||
_ = cancel_token.cancelled() => {
|
||||
info!("Client {client_id} cancelled.");
|
||||
break;
|
||||
},
|
||||
|
||||
// Forward messages to the IPC clients
|
||||
msg = server_to_clients_recv.recv() => {
|
||||
match msg {
|
||||
Ok(msg) => {
|
||||
client_stream.write_all(msg.as_bytes()).await?;
|
||||
},
|
||||
Err(e) => {
|
||||
info!("Error reading message: {}", e);
|
||||
break;
|
||||
}
|
||||
}
|
||||
},
|
||||
|
||||
// Forwards messages from the IPC clients to the server
|
||||
// Note that we also send connect and disconnect events so that
|
||||
// the server can keep track of multiple clients
|
||||
result = client_stream.read(&mut buf) => {
|
||||
match result {
|
||||
Err(e) => {
|
||||
info!("Error reading from client {client_id}: {e}");
|
||||
|
||||
client_to_server_send.send(Message {
|
||||
client_id,
|
||||
kind: MessageType::Disconnected,
|
||||
message: None,
|
||||
}).await?;
|
||||
break;
|
||||
},
|
||||
Ok(0) => {
|
||||
info!("Client {client_id} disconnected.");
|
||||
|
||||
client_to_server_send.send(Message {
|
||||
client_id,
|
||||
kind: MessageType::Disconnected,
|
||||
message: None,
|
||||
}).await?;
|
||||
break;
|
||||
},
|
||||
Ok(size) => {
|
||||
let msg = std::str::from_utf8(&buf[..size])?;
|
||||
|
||||
client_to_server_send.send(Message {
|
||||
client_id,
|
||||
kind: MessageType::Message,
|
||||
message: Some(msg.to_string()),
|
||||
}).await?;
|
||||
},
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
@ -1,7 +1,13 @@
|
||||
#[cfg(feature = "sys")]
|
||||
pub mod biometric;
|
||||
#[cfg(feature = "sys")]
|
||||
pub mod clipboard;
|
||||
pub mod crypto;
|
||||
pub mod error;
|
||||
pub mod ipc;
|
||||
#[cfg(feature = "sys")]
|
||||
pub mod password;
|
||||
#[cfg(feature = "sys")]
|
||||
pub mod process_isolation;
|
||||
#[cfg(feature = "sys")]
|
||||
pub mod powermonitor;
|
||||
|
||||
@ -1,24 +0,0 @@
|
||||
/* eslint-disable @typescript-eslint/no-var-requires */
|
||||
const child_process = require("child_process");
|
||||
const process = require("process");
|
||||
|
||||
let targets = [];
|
||||
switch (process.platform) {
|
||||
case "win32":
|
||||
targets = ["i686-pc-windows-msvc", "x86_64-pc-windows-msvc", "aarch64-pc-windows-msvc"];
|
||||
break;
|
||||
|
||||
case "darwin":
|
||||
targets = ["x86_64-apple-darwin", "aarch64-apple-darwin"];
|
||||
break;
|
||||
|
||||
default:
|
||||
targets = ['x86_64-unknown-linux-musl'];
|
||||
process.env["PKG_CONFIG_ALLOW_CROSS"] = "1";
|
||||
process.env["PKG_CONFIG_ALL_STATIC"] = "1";
|
||||
break;
|
||||
}
|
||||
|
||||
targets.forEach(target => {
|
||||
child_process.execSync(`npm run build -- --target ${target}`, {stdio: 'inherit'});
|
||||
});
|
||||
@ -0,0 +1,16 @@
|
||||
[package]
|
||||
edition = "2021"
|
||||
exclude = ["index.node"]
|
||||
license = "GPL-3.0"
|
||||
name = "desktop_proxy"
|
||||
version = "0.0.0"
|
||||
publish = false
|
||||
|
||||
[dependencies]
|
||||
anyhow = "=1.0.86"
|
||||
desktop_core = { path = "../core", default-features = false }
|
||||
futures = "0.3.30"
|
||||
log = "0.4.21"
|
||||
simplelog = "0.12.2"
|
||||
tokio = { version = "1.38.0", features = ["io-std", "io-util", "macros", "rt"] }
|
||||
tokio-util = { version = "0.7.11", features = ["codec"] }
|
||||
@ -0,0 +1,137 @@
|
||||
use std::path::Path;
|
||||
|
||||
use desktop_core::ipc::{MESSAGE_CHANNEL_BUFFER, NATIVE_MESSAGING_BUFFER_SIZE};
|
||||
use futures::{SinkExt, StreamExt};
|
||||
use log::*;
|
||||
use tokio_util::codec::LengthDelimitedCodec;
|
||||
|
||||
fn init_logging(log_path: &Path, level: log::LevelFilter) {
|
||||
use simplelog::{ColorChoice, CombinedLogger, Config, SharedLogger, TermLogger, TerminalMode};
|
||||
|
||||
let config = Config::default();
|
||||
|
||||
let mut loggers: Vec<Box<dyn SharedLogger>> = Vec::new();
|
||||
loggers.push(TermLogger::new(
|
||||
level,
|
||||
config.clone(),
|
||||
TerminalMode::Stderr,
|
||||
ColorChoice::Auto,
|
||||
));
|
||||
|
||||
match std::fs::File::create(log_path) {
|
||||
Ok(file) => {
|
||||
loggers.push(simplelog::WriteLogger::new(level, config, file));
|
||||
}
|
||||
Err(e) => {
|
||||
eprintln!("Can't create file: {}", e);
|
||||
}
|
||||
}
|
||||
|
||||
if let Err(e) = CombinedLogger::init(loggers) {
|
||||
eprintln!("Failed to initialize logger: {}", e);
|
||||
}
|
||||
}
|
||||
|
||||
/// Bitwarden IPC Proxy.
|
||||
///
|
||||
/// This proxy allows browser extensions to communicate with a desktop application using Native
|
||||
/// Messaging. This method allows an extension to send and receive messages through the use of
|
||||
/// stdin/stdout streams.
|
||||
///
|
||||
/// However, this also requires the browser to start the process in order for the communication to
|
||||
/// occur. To overcome this limitation, we implement Inter-Process Communication (IPC) to establish
|
||||
/// a stable communication channel between the proxy and the running desktop application.
|
||||
///
|
||||
/// Browser extension <-[native messaging]-> proxy <-[ipc]-> desktop
|
||||
///
|
||||
#[tokio::main(flavor = "current_thread")]
|
||||
async fn main() {
|
||||
let sock_path = desktop_core::ipc::path("bitwarden");
|
||||
|
||||
let log_path = {
|
||||
let mut path = sock_path.clone();
|
||||
path.set_extension("bitwarden.log");
|
||||
path
|
||||
};
|
||||
|
||||
init_logging(&log_path, LevelFilter::Info);
|
||||
|
||||
info!("Starting Bitwarden IPC Proxy.");
|
||||
|
||||
// Different browsers send different arguments when the app starts:
|
||||
//
|
||||
// Firefox:
|
||||
// - The complete path to the app manifest. (in the form `/Users/<user>/Library/.../Mozilla/NativeMessagingHosts/com.8bit.bitwarden.json`)
|
||||
// - (in Firefox 55+) the ID (as given in the manifest.json) of the add-on that started it (in the form `{[UUID]}`).
|
||||
//
|
||||
// Chrome on Windows:
|
||||
// - Origin of the extension that started it (in the form `chrome-extension://[ID]`).
|
||||
// - Handle to the Chrome native window that started the app.
|
||||
//
|
||||
// Chrome on Linux and Mac:
|
||||
// - Origin of the extension that started it (in the form `chrome-extension://[ID]`).
|
||||
|
||||
let args: Vec<_> = std::env::args().skip(1).collect();
|
||||
info!("Process args: {:?}", args);
|
||||
|
||||
// Setup two channels, one for sending messages to the desktop application (`out`) and one for receiving messages from the desktop application (`in`)
|
||||
let (in_send, in_recv) = tokio::sync::mpsc::channel(MESSAGE_CHANNEL_BUFFER);
|
||||
let (out_send, mut out_recv) = tokio::sync::mpsc::channel(MESSAGE_CHANNEL_BUFFER);
|
||||
|
||||
let mut handle = tokio::spawn(desktop_core::ipc::client::connect(
|
||||
sock_path, out_send, in_recv,
|
||||
));
|
||||
|
||||
// Create a new codec for reading and writing messages from stdin/stdout.
|
||||
let mut stdin = LengthDelimitedCodec::builder()
|
||||
.max_frame_length(NATIVE_MESSAGING_BUFFER_SIZE)
|
||||
.native_endian()
|
||||
.new_read(tokio::io::stdin());
|
||||
let mut stdout = LengthDelimitedCodec::builder()
|
||||
.max_frame_length(NATIVE_MESSAGING_BUFFER_SIZE)
|
||||
.native_endian()
|
||||
.new_write(tokio::io::stdout());
|
||||
|
||||
loop {
|
||||
tokio::select! {
|
||||
// IPC client has finished, so we should exit as well.
|
||||
_ = &mut handle => {
|
||||
break;
|
||||
}
|
||||
|
||||
// Receive messages from IPC and print to STDOUT.
|
||||
msg = out_recv.recv() => {
|
||||
match msg {
|
||||
Some(msg) => {
|
||||
debug!("OUT: {}", msg);
|
||||
stdout.send(msg.into()).await.unwrap();
|
||||
}
|
||||
None => {
|
||||
info!("Channel closed, exiting.");
|
||||
break;
|
||||
}
|
||||
}
|
||||
},
|
||||
|
||||
// Listen to stdin and send messages to ipc processor.
|
||||
msg = stdin.next() => {
|
||||
match msg {
|
||||
Some(Ok(msg)) => {
|
||||
let m = String::from_utf8(msg.to_vec()).unwrap();
|
||||
debug!("IN: {}", m);
|
||||
in_send.send(m).await.unwrap();
|
||||
}
|
||||
Some(Err(e)) => {
|
||||
error!("Error parsing input: {}", e);
|
||||
break;
|
||||
}
|
||||
None => {
|
||||
info!("Received EOF, exiting.");
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,14 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||
<plist version="1.0">
|
||||
<dict>
|
||||
<key>com.apple.application-identifier</key>
|
||||
<string>LTZ2PFU5D6.com.bitwarden.desktop</string>
|
||||
<key>com.apple.developer.team-identifier</key>
|
||||
<string>LTZ2PFU5D6</string>
|
||||
<key>com.apple.security.application-groups</key>
|
||||
<array>
|
||||
<string>LTZ2PFU5D6.com.bitwarden.desktop</string>
|
||||
</array>
|
||||
</dict>
|
||||
</plist>
|
||||
@ -1,7 +0,0 @@
|
||||
@echo off
|
||||
:: Helper script for starting the Native Messaging Proxy on Windows.
|
||||
|
||||
cd ../
|
||||
set ELECTRON_RUN_AS_NODE=1
|
||||
set ELECTRON_NO_ATTACH_CONSOLE=1
|
||||
Bitwarden.exe resources/app.asar %*
|
||||
@ -1,78 +0,0 @@
|
||||
/* eslint-disable no-console */
|
||||
import { createHash } from "crypto";
|
||||
import { existsSync, mkdirSync } from "fs";
|
||||
import { homedir } from "os";
|
||||
import { join as path_join } from "path";
|
||||
|
||||
import * as ipc from "node-ipc";
|
||||
|
||||
export function getIpcSocketRoot(): string | null {
|
||||
let socketRoot = null;
|
||||
|
||||
switch (process.platform) {
|
||||
case "darwin": {
|
||||
const ipcSocketRootDir = path_join(homedir(), "tmp");
|
||||
if (!existsSync(ipcSocketRootDir)) {
|
||||
mkdirSync(ipcSocketRootDir);
|
||||
}
|
||||
socketRoot = ipcSocketRootDir + "/";
|
||||
break;
|
||||
}
|
||||
case "win32": {
|
||||
// Let node-ipc use a unique IPC pipe //./pipe/xxxxxxxxxxxxxxxxx.app.bitwarden per user.
|
||||
// Hashing prevents problems with reserved characters and file length limitations.
|
||||
socketRoot = createHash("sha1").update(homedir()).digest("hex") + ".";
|
||||
}
|
||||
}
|
||||
return socketRoot;
|
||||
}
|
||||
|
||||
ipc.config.id = "proxy";
|
||||
ipc.config.retry = 1500;
|
||||
ipc.config.logger = console.warn; // Stdout is used for native messaging
|
||||
const ipcSocketRoot = getIpcSocketRoot();
|
||||
if (ipcSocketRoot != null) {
|
||||
ipc.config.socketRoot = ipcSocketRoot;
|
||||
}
|
||||
|
||||
export default class IPC {
|
||||
onMessage: (message: object) => void;
|
||||
|
||||
private connected = false;
|
||||
|
||||
connect() {
|
||||
ipc.connectTo("bitwarden", () => {
|
||||
ipc.of.bitwarden.on("connect", () => {
|
||||
this.connected = true;
|
||||
console.error("## connected to bitwarden desktop ##");
|
||||
|
||||
// Notify browser extension, connection is established to desktop application.
|
||||
this.onMessage({ command: "connected" });
|
||||
});
|
||||
|
||||
ipc.of.bitwarden.on("disconnect", () => {
|
||||
this.connected = false;
|
||||
console.error("disconnected from world");
|
||||
|
||||
// Notify browser extension, no connection to desktop application.
|
||||
this.onMessage({ command: "disconnected" });
|
||||
});
|
||||
|
||||
ipc.of.bitwarden.on("message", (message: any) => {
|
||||
this.onMessage(message);
|
||||
});
|
||||
|
||||
ipc.of.bitwarden.on("error", (err: any) => {
|
||||
console.error("error", err);
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
isConnected(): boolean {
|
||||
return this.connected;
|
||||
}
|
||||
|
||||
send(json: object) {
|
||||
ipc.of.bitwarden.emit("message", json);
|
||||
}
|
||||
}
|
||||
@ -1,23 +0,0 @@
|
||||
import IPC from "./ipc";
|
||||
import NativeMessage from "./nativemessage";
|
||||
|
||||
// Proxy is a lightweight application which provides bi-directional communication
|
||||
// between the browser extension and a running desktop application.
|
||||
//
|
||||
// Browser extension <-[native messaging]-> proxy <-[ipc]-> desktop
|
||||
export class NativeMessagingProxy {
|
||||
private ipc: IPC;
|
||||
private nativeMessage: NativeMessage;
|
||||
|
||||
constructor() {
|
||||
this.ipc = new IPC();
|
||||
this.nativeMessage = new NativeMessage(this.ipc);
|
||||
}
|
||||
|
||||
run() {
|
||||
this.ipc.connect();
|
||||
this.nativeMessage.listen();
|
||||
|
||||
this.ipc.onMessage = this.nativeMessage.send;
|
||||
}
|
||||
}
|
||||
@ -1,95 +0,0 @@
|
||||
/* eslint-disable no-console */
|
||||
import IPC from "./ipc";
|
||||
|
||||
// Mostly based on the example from MDN,
|
||||
// https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Native_messaging
|
||||
export default class NativeMessage {
|
||||
ipc: IPC;
|
||||
|
||||
constructor(ipc: IPC) {
|
||||
this.ipc = ipc;
|
||||
}
|
||||
|
||||
send(message: object) {
|
||||
const messageBuffer = Buffer.from(JSON.stringify(message));
|
||||
|
||||
const headerBuffer = Buffer.alloc(4);
|
||||
headerBuffer.writeUInt32LE(messageBuffer.length, 0);
|
||||
|
||||
process.stdout.write(Buffer.concat([headerBuffer, messageBuffer]));
|
||||
}
|
||||
|
||||
listen() {
|
||||
let payloadSize: number = null;
|
||||
|
||||
// A queue to store the chunks as we read them from stdin.
|
||||
// This queue can be flushed when `payloadSize` data has been read
|
||||
const chunks: any = [];
|
||||
|
||||
// Only read the size once for each payload
|
||||
const sizeHasBeenRead = () => Boolean(payloadSize);
|
||||
|
||||
// All the data has been read, reset everything for the next message
|
||||
const flushChunksQueue = () => {
|
||||
payloadSize = null;
|
||||
chunks.splice(0);
|
||||
};
|
||||
|
||||
const processData = () => {
|
||||
// Create one big buffer with all all the chunks
|
||||
const stringData = Buffer.concat(chunks);
|
||||
console.error(stringData);
|
||||
|
||||
// The browser will emit the size as a header of the payload,
|
||||
// if it hasn't been read yet, do it.
|
||||
// The next time we'll need to read the payload size is when all of the data
|
||||
// of the current payload has been read (ie. data.length >= payloadSize + 4)
|
||||
if (!sizeHasBeenRead()) {
|
||||
try {
|
||||
payloadSize = stringData.readUInt32LE(0);
|
||||
} catch (e) {
|
||||
console.error(e);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
// If the data we have read so far is >= to the size advertised in the header,
|
||||
// it means we have all of the data sent.
|
||||
// We add 4 here because that's the size of the bytes that old the payloadSize
|
||||
if (stringData.length >= payloadSize + 4) {
|
||||
// Remove the header
|
||||
const contentWithoutSize = stringData.slice(4, payloadSize + 4).toString();
|
||||
|
||||
// Reset the read size and the queued chunks
|
||||
flushChunksQueue();
|
||||
|
||||
const json = JSON.parse(contentWithoutSize);
|
||||
|
||||
// Forward to desktop application
|
||||
this.ipc.send(json);
|
||||
}
|
||||
};
|
||||
|
||||
process.stdin.on("readable", () => {
|
||||
// A temporary variable holding the nodejs.Buffer of each
|
||||
// chunk of data read off stdin
|
||||
let chunk = null;
|
||||
|
||||
// Read all of the available data
|
||||
// tslint:disable-next-line:no-conditional-assignment
|
||||
while ((chunk = process.stdin.read()) !== null) {
|
||||
chunks.push(chunk);
|
||||
}
|
||||
|
||||
try {
|
||||
processData();
|
||||
} catch (e) {
|
||||
console.error(e);
|
||||
}
|
||||
});
|
||||
|
||||
process.stdin.on("end", () => {
|
||||
process.exit(0);
|
||||
});
|
||||
}
|
||||
}
|
||||
Loading…
Reference in new issue