UNPKG

ssh-bridge-ai

Version:

AI-Powered SSH Tool with Bulletproof Connections & Enterprise Sandbox Security + Cursor-like Confirmation - Enable AI assistants to securely SSH into your servers with persistent sessions, keepalive, automatic recovery, sandbox command testing, and user c

dulcet-gecko-595d55.netlify.app

A12-AA/sshbridge

185 lines (147 loc) 4.64 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
/** * Application constants and configuration */ // Security constants const SECURITY = { // SSH key file permissions SSH_KEY_PERMISSIONS: 0o600, // Maximum password cache size MAX_PASSWORD_CACHE_SIZE: 100, // Password cache TTL (5 minutes) PASSWORD_CACHE_TTL: 5 * 60 * 1000, // Maximum failed connection attempts MAX_FAILED_ATTEMPTS: 3, // Connection timeout (30 seconds) CONNECTION_TIMEOUT: 30000, // Command execution timeout (5 minutes) COMMAND_TIMEOUT: 5 * 60 * 1000, // File transfer timeout (10 minutes) FILE_TRANSFER_TIMEOUT: 10 * 60 * 1000, }; // Network constants const NETWORK = { // Default SSH port DEFAULT_SSH_PORT: 22, // Default HTTP timeout HTTP_TIMEOUT: 10000, // Maximum redirects MAX_REDIRECTS: 5, // User agent USER_AGENT: 'SSHBridge/1.8.2', }; // File system constants const FILESYSTEM = { // Maximum file size for transfer (100MB) MAX_FILE_SIZE: 100 * 1024 * 1024, // Allowed file extensions for transfer ALLOWED_EXTENSIONS: [ '.txt', '.log', '.conf', '.config', '.yml', '.yaml', '.json', '.sh', '.bash', '.zsh', '.py', '.js', '.ts', '.md', '.rst', '.sql', '.csv', '.xml', '.html', '.css', '.scss', '.less' ], // Blocked file extensions (potentially dangerous) BLOCKED_EXTENSIONS: [ '.exe', '.bat', '.cmd', '.com', '.pif', '.scr', '.vbs', '.js', '.jar', '.war', '.ear', '.dll', '.so', '.dylib' ], // Maximum path length MAX_PATH_LENGTH: 4096, }; // Update constants const UPDATE = { // Update check intervals CRITICAL_UPDATE_INTERVAL: 2 * 60 * 60 * 1000, // 2 hours REGULAR_UPDATE_INTERVAL: 8 * 60 * 60 * 1000, // 8 hours FIRST_TIME_INTERVAL: 10 * 60 * 1000, // 10 minutes // Update notification display duration NOTIFICATION_DISPLAY_DURATION: 7 * 24 * 60 * 60 * 1000, // 7 days // Maximum update retry attempts MAX_UPDATE_RETRIES: 3, // Update rollback window (1 hour) ROLLBACK_WINDOW: 60 * 60 * 1000, }; // API constants const API = { // Rate limiting RATE_LIMIT_WINDOW: 60 * 1000, // 1 minute MAX_REQUESTS_PER_WINDOW: 100, // Retry configuration MAX_RETRIES: 3, RETRY_DELAY: 1000, // 1 second // Endpoints (configurable via environment) BASE_URL: process.env.SSHBRIDGE_API_URL || 'https://sshbridge-api.onrender.com', REGISTRY_URL: process.env.NPM_REGISTRY_URL || 'https://registry.npmjs.org', }; // Logging constants const LOGGING = { // Log levels LEVELS: { DEBUG: 'debug', INFO: 'info', WARN: 'warn', ERROR: 'error', }, // Default log level DEFAULT_LEVEL: 'info', // Log file rotation MAX_LOG_SIZE: 10 * 1024 * 1024, // 10MB MAX_LOG_FILES: 5, // Sensitive data patterns for redaction SENSITIVE_PATTERNS: [ /password\s*[:=]\s*\S+/gi, /key\s*[:=]\s*\S+/gi, /token\s*[:=]\s*\S+/gi, /secret\s*[:=]\s*\S+/gi, /api[_-]?key\s*[:=]\s*\S+/gi, /private[_-]?key\s*[:=]\s*\S+/gi, /ssh[_-]?key\s*[:=]\s*\S+/gi, ], }; // Error codes const ERROR_CODES = { // SSH errors SSH_CONNECTION_FAILED: 'SSH_CONNECTION_FAILED', SSH_AUTHENTICATION_FAILED: 'SSH_AUTHENTICATION_FAILED', SSH_KEY_INVALID: 'SSH_KEY_INVALID', SSH_KEY_PERMISSION_DENIED: 'SSH_KEY_PERMISSION_DENIED', // File system errors FILE_NOT_FOUND: 'FILE_NOT_FOUND', FILE_PERMISSION_DENIED: 'FILE_PERMISSION_DENIED', FILE_TOO_LARGE: 'FILE_TOO_LARGE', FILE_TYPE_BLOCKED: 'FILE_TYPE_BLOCKED', // Network errors NETWORK_TIMEOUT: 'NETWORK_TIMEOUT', NETWORK_UNREACHABLE: 'NETWORK_UNREACHABLE', RATE_LIMIT_EXCEEDED: 'RATE_LIMIT_EXCEEDED', // Security errors INVALID_INPUT: 'INVALID_INPUT', UNAUTHORIZED: 'UNAUTHORIZED', FORBIDDEN: 'FORBIDDEN', // Configuration errors CONFIG_INVALID: 'CONFIG_INVALID', CONFIG_MISSING: 'CONFIG_MISSING', // Update errors UPDATE_FAILED: 'UPDATE_FAILED', UPDATE_ROLLBACK_FAILED: 'UPDATE_ROLLBACK_FAILED', }; // Validation patterns const VALIDATION = { // Email regex (RFC 5322 compliant) EMAIL_REGEX: /^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/, // Hostname regex HOSTNAME_REGEX: /^[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/, // API key regex API_KEY_REGEX: /^[a-zA-Z0-9]{16,}$/, // Version regex (semver) VERSION_REGEX: /^(\d+)\.(\d+)\.(\d+)(?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?(?:\+([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?$/, }; module.exports = { SECURITY, NETWORK, FILESYSTEM, UPDATE, API, LOGGING, ERROR_CODES, VALIDATION, };