diff --git a/FLOWS.md b/FLOWS.md new file mode 100644 index 0000000..1f5218b --- /dev/null +++ b/FLOWS.md @@ -0,0 +1,39 @@ +# Application Flow + +```mermaid +sequenceDiagram + participant Client + participant Express + participant SocketIO + participant SSHConnection + participant SSHServer + + Client->>Express: HTTP Request + Express->>Client: Send client files + Client->>SocketIO: Establish Socket.IO connection + alt HTTP Basic Auth used + SocketIO->>SSHConnection: Jump to "Connect with credentials" + else No pre-existing credentials + SocketIO->>Client: Emit "authentication" (request_auth) + Client->>SocketIO: Emit "authenticate" (with credentials) + end + SocketIO->>SSHConnection: Connect with credentials + SSHConnection->>SSHServer: Establish SSH connection + alt Keyboard Interactive Auth + SSHServer->>SSHConnection: Request additional auth + SSHConnection->>SocketIO: Emit "authentication" (keyboard-interactive) + SocketIO->>Client: Forward auth request + Client->>SocketIO: Send auth response + SocketIO->>SSHConnection: Forward auth response + SSHConnection->>SSHServer: Complete authentication + end + SSHServer->>SSHConnection: Connection established + SSHConnection->>SocketIO: Connection successful + SocketIO->>Client: Emit "authentication" (success) + Client->>SocketIO: Emit "terminal" (with specs) + SocketIO->>SSHConnection: Create shell with specs + SSHConnection->>SSHServer: Create shell session + SSHConnection->>SocketIO: Shell created + SocketIO->>Client: Ready for input/output + Note over Client,SSHServer: Bidirectional data flow established +``` \ No newline at end of file diff --git a/SERVER_API.md b/SERVER_API.md new file mode 100644 index 0000000..cfa94cc --- /dev/null +++ b/SERVER_API.md @@ -0,0 +1,138 @@ +# WebSSH2 Server API Documentation + +## Overview + +The WebSSH2 server provides a WebSocket interface for establishing SSH connections. This API documentation outlines the events and data structures used for communication between the client and the server. + +Currently this implementation requires Socket.IO v2.2.0 due to this instance targeting node 6.9.1 for a legacy project. Future releases will not have this limitation. + +## Connection + +The server uses Socket.IO for real-time communication. Connect to the WebSocket server at the same host and port as the HTTP server, with the path `/ssh/socket.io`. + +## Events + +### Server to Client Events + +1. `authentication` + - Emitted to request authentication or provide authentication results. + - Payload: + ```javascript + { + action: string, // "request_auth" or "auth_result" + success?: boolean, // Only present for "auth_result" + message?: string // Error message if authentication fails + } + ``` + +2. `permissions` + - Emitted after successful authentication to provide allowed actions. + - Payload: + ```javascript + { + autoLog: boolean, + allowReplay: boolean, + allowReconnect: boolean, + allowReauth: boolean + } + ``` + +3. `getTerminal` + - Emitted to request terminal specifications from the client. + - Payload: `true` + +4. `data` + - Emitted when there's output from the SSH session. + - Payload: `string` (UTF-8 encoded terminal output) + +5. `ssherror` + - Emitted when an SSH-related error occurs. + - Payload: `string` (Error message) + +6. `updateUI` + - Emitted to update specific UI elements. + - Payload: + ```javascript + { + element: string, // UI element identifier + value: any // New value for the element + } + ``` + +### Client to Server Events + +1. `authenticate` + - Emit this event to provide authentication credentials. + - Payload: + ```javascript + { + username: string, + password: string, + host: string, + port: number, + term?: string // Optional terminal type + } + ``` + +2. `terminal` + - Emit this event to provide terminal specifications. + - Payload: + ```javascript + { + term: string, // e.g., "xterm-256color" + cols: number, + rows: number + } + ``` + +3. `data` + - Emit this event to send user input to the SSH session. + - Payload: `string` (UTF-8 encoded user input) + +4. `resize` + - Emit this event when the terminal size changes. + - Payload: + ```javascript + { + cols: number, + rows: number + } + ``` + +5. `control` + - Emit this event for special control commands. + - Payload: `string` ("replayCredentials" or "reauth") + +6. `disconnect` + - Emit this event to close the connection. + - No payload required + +## Authentication Flow + +1. The server emits `authentication` with `action: "request_auth"`. +2. The client emits `authenticate` with credentials. +3. The server may emit `authentication` with `action: "keyboard-interactive"` for additional authentication steps. +4. The server emits `authentication` with `action: "auth_result"` and `success: true/false`. + +## Establishing SSH Session + +1. After successful authentication, the server emits `getTerminal`. +2. The client emits `terminal` with terminal specifications. +3. The server establishes the SSH connection and starts emitting `data` events with terminal output. +4. The client can now send `data` events with user input. + +## Error Handling + +- The client should listen for `ssherror` events and handle them appropriately (e.g., displaying error messages to the user). + +## UI Updates + +- The client should listen for `updateUI` events and update the corresponding UI elements. + +## Best Practices + +1. Handle connection errors and implement reconnection logic. +2. Implement proper error handling and user feedback. +3. Securely manage authentication credentials. +4. Handle terminal resizing appropriately. +5. Implement support for special control commands (replay credentials, reauthentication).