chore: bump version to v0.20.251025

Rachel's edits to index.html to make information easier to understand.

README.md

@@ -1,12 +1,14 @@
-# Telebit™ Remote
+# Telebit™ Remote | a [Root](https://rootprojects.org) project
 
 Because friends don't let friends localhost™
 
-| Sponsored by [ppl](https://ppl.family)
 | **Telebit Remote**
 | [Telebit Relay](https://git.coolaj86.com/coolaj86/telebit-relay.js)
+| [sclient](https://telebit.cloud/sclient)
 |
 
+<img align="center" src="https://git.coolaj86.com/coolaj86/telebit.js/raw/branch/master/usr/share/docs/terminal-example-1.png">
+
 Break out of localhost.
 =======
 
@@ -31,49 +33,32 @@ Features
 Examples
 ========
 
-As a user service
+You do this:
 
-```bash
-telebitd --config ~/.config/telebit/telebitd.yml &
-```
+    curl -fsSL https://get.telebit.io | bash
 
-As a system service
-```bash
-sudo telebitd --config ~/.config/telebit/telebitd.yml
-```
+You get this:
 
-Example output:
+    ~/telebit http 3000
+    > Forwarding lucky-duck-42.telebit.cloud => localhost:3000
 
-```
-Connect to your device by any of the following means:
+    ~/telebit http ~/sites/example.com/
+    > Serving ~/sites/example.com/ as lucky-duck-42.telebit.cloud
 
-SSH+HTTPS
-        ssh+https://lucky-duck-37.telebit.cloud:443
-        ex: ssh -o ProxyCommand='openssl s_client -connect %h:%p -servername %h -quiet' lucky-duck-37.telebit.cloud -p 443
+And this:
 
-SSH
-        ssh://ssh.telebit.cloud:32852
-        ex: ssh ssh.telebit.cloud -p 32852
+    ~/telebit tcp 5050
+    > Forwarding telebit.cloud:1337 => localhost:5050
 
-TCP
-        tcp://tcp.telebit.cloud:32852
-        ex: netcat tcp.telebit.cloud 32852
+And even this:
 
-HTTPS
-        https://lucky-duck-37.telebit.cloud
-        ex: curl https://lucky-duck-37.telebit.cloud
-```
+    ~/telebit ssh auto
+    > Forwarding ssh telebit.cloud -p 1337 => localhost:22
+    > Forwarding ssh+https (openssl proxy) => localhost:22
 
-```bash
-# Forward all https traffic to port 3000
-telebit http 3000
+No privileged ports. No sudo. End-to-end encryption.
 
-# Forward all tcp traffic to port 5050
-telebit tcp 5050
-
-# List all rules
-telebit list
-```
+Fastest way to test a site, share a file, and pair over ssh.
 
 Install
 =======
@@ -84,64 +69,59 @@ Mac & Linux
 Open Terminal and run this install script:
 
 ```
-curl -fsSL https://get.telebit.cloud | bash
+curl -fsSL https://get.telebit.io | bash
 ```
 
 <!--
 ```
-bash <( curl -fsSL https://get.telebit.cloud )
+bash <( curl -fsSL https://get.telebit.io )
 ```
 
 <small>
 Note: **fish**, **zsh**, and other **non-bash** users should do this
 
 ```
-curl -fsSL https://get.telebit.cloud/ > get.sh; bash get.sh
+curl -fsSL https://get.telebit.io/ > get.sh; bash get.sh
 ```
 </small>
 -->
 
 What does the installer do?
 
-  * install Telebit Remote to `/opt/telebit`
-  * symlink the executables to `/usr/local/bin` for convenience
-    * `/usr/local/bin/telebitd => /opt/telebit/bin/telebitd`
-    * `/usr/local/bin/telebit => /opt/telebit/bin/telebit`
+  * install Telebit Remote to `~/Applications/telebit/`
+  * symlink the executable to `~/telebit` for convenience
   * create the appropriate system launcher file
     * `/etc/systemd/system/telebit.service`
-    * `/Library/LaunchDaemons/cloud.telebit.remote.plist`
+    * `~/Library/LaunchAgents/cloud.telebit.remote.plist`
   * create local user config
     * `~/.config/telebit/telebit.yml`
     * `~/.local/share/telebit`
 
-Of course, feel free to inspect it before you run it: `curl -fsSL https://get.telebit.cloud`
+Of course, feel free to inspect it before you run it: `curl -fsSL https://get.telebit.io`
 
 **You can customize the installation**:
 
 ```bash
-export NODEJS_VER=v10.2
+export NODEJS_VER=v10.2                   # v10.2 is tested working, but we can test other versions
+export TELEBIT_VERSION=master             # git tag or branch to install from
+export TELEBIT_USERSPACE=no               # install as a system service (launchd, systemd only)
 export TELEBIT_PATH=/opt/telebit
-export TELEBIT_VERSION=v1              # git tag or branch to install from
-curl -fsSL https://get.telebit.cloud/
+export TELEBIT_USER=telebit
+export TELEBIT_GROUP=telebit
+curl -fsSL https://get.telebit.io/ | bash
 ```
 
 That will change the bundled version of node.js is bundled with Telebit Relay
 and the path to which Telebit Relay installs.
 
-You can get rid of the tos + email and server domain name prompts by providing them right away:
-
-```bash
-curl -fsSL https://get.telebit.cloud/ | bash -- jon@example.com example.com telebit.example.com xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-```
-
 Windows & Node.js
 -----------------
 
 1. Install [node.js](https://nodejs.org)
 2. Open _Node.js_
 2. Run the command `npm install -g telebit`
-2. Copy the example daemon conifg to your user folder `.config/telebit/telebitd.yml` (such as `/Users/John/.config/telebit/telebitd.yml`)
-2. Copy the example remote conifg to your user folder `.config/telebit/telebit.yml` (such as `/Users/John/.config/telebit/telebit.yml`)
+2. Copy the example daemon config to your user folder `.config/telebit/telebitd.yml` (such as `/Users/John/.config/telebit/telebitd.yml`)
+2. Copy the example remote config to your user folder `.config/telebit/telebit.yml` (such as `/Users/John/.config/telebit/telebit.yml`)
 2. Change the email address
 2. Run `npx telebit init` and follow the instructions
 2. Run `npx telebit list`
@@ -223,16 +203,16 @@ SSH over non-standard port
 ssh lucky-duck-42.telebit.cloud -p 3031
 ```
 
-Daemon Usage
+Daemon Usage (non-global)
 ============
 
 ```bash
-telebitd --config /opt/telebit/etc/telebitd.yml
+~/Applications/bin/node ~/Applications/bin/telebitd.js --config ~/.config/telebit/telebitd.yml
 ```
 
 Options
 
-`/opt/telebit/etc/telebitd.yml:`
+`~/.config/telebit/telebitd.yml:`
 ```
 email: 'jon@example.com'          # must be valid (for certificate recovery and security alerts)
 agree_tos: true                   # agree to the Telebit, Greenlock, and Let's Encrypt TOSes
@@ -249,7 +229,7 @@ servernames:                      # servernames that will be forwarded here
 Choosing A Relay
 ================
 
-You can create a free or paid account at https://telebit.cloud
+You can create a free or paid account at <https://telebit.cloud>
 or you can run [Telebit Relay](https://git.coolaj86.com/coolaj86/telebitd.js)
 open source on a VPS (Vultr, Digital Ocean)
 or your Raspberry Pi at home (with port-forwarding).
@@ -329,25 +309,25 @@ Or if you want to bow down to the kings of the centralized dictator-net:
 How to use Telebit Remote with your own instance of Telebit Relay:
 
 ```bash
-telebit \
+telebitd \
   --locals <<external domain name>> \
   --relay wss://<<tunnel domain>>:<<tunnel port>> \
   --secret <<128-bit hex key>>
 ```
 
 ```bash
-telebit --locals john.example.com --relay wss://tunnel.example.com:443 --secret abc123
+telebitd --locals john.example.com --relay wss://tunnel.example.com:443 --secret abc123
 ```
 
 ```bash
-telebit \
+telebitd \
   --locals <<protocol>>:<<external domain name>>:<<local port>> \
   --relay wss://<<tunnel domain>>:<<tunnel port>> \
   --secret <<128-bit hex key>>
 ```
 
 ```bash
-telebit \
+telebitd \
   --locals http:john.example.com:3000,https:john.example.com \
   --relay wss://tunnel.example.com:443 \
   --secret abc123
@@ -506,17 +486,17 @@ Check Logs
 **Linux**:
 
 ```
-sudo journalctl -xefu telebit
+SYSTEMD_LOG_LEVEL=debug journalctl -xef --user-unit=telebit
 ```
 
 **macOS**:
 
 ```
-sudo tail -f /opt/telebit/var/log/info.log
+tail -f ~/local/share/telebit/var/log/info.log
 ```
 
 ```
-sudo tail -f /opt/telebit/var/log/error.log
+tail -f ~/.local/share/telebit/var/log/error.log
 ```
 
 Uninstall
@@ -525,16 +505,18 @@ Uninstall
 **Linux**:
 
 ```
-sudo systemctl disable telebit; sudo systemctl stop telebit
-sudo rm -rf /etc/systemd/system/telebit.service /opt/telebit /usr/local/bin/telebit
+systemctl --user disable telebit; systemctl --user stop telebit
+rm -f ~/.config/systemd/user/telebit.service
+rm -rf ~/telebit ~/Applications/telebit
 rm -rf ~/.config/telebit ~/.local/share/telebit
 ```
 
 **macOS**:
 
 ```
-sudo launchctl unload -w /Library/LaunchDaemons/cloud.telebit.remote.plist
-sudo rm -rf /Library/LaunchDaemons/cloud.telebit.remote.plist /opt/telebit /usr/local/bin/telebit
+launchctl unload -w ~/Library/LaunchAgents/cloud.telebit.remote.plist
+rm -f ~/Library/LaunchAgents/cloud.telebit.remote.plist
+rm -rf ~/telebit ~/Applications/telebit
 rm -rf ~/.config/telebit ~/.local/share/telebit
 ```
 
@@ -546,4 +528,4 @@ This is implemented with websockets, so you should be able to
 LICENSE
 =======
 
-Copyright 2016 AJ ONeal
+Copyright 2016-2018+ AJ ONeal

bin/telebit-remote.js

@@ -0,0 +1,812 @@
+#!/usr/bin/env node
+(function () {
+'use strict';
+
+var pkg = require('../package.json');
+var os = require('os');
+
+//var url = require('url');
+var fs = require('fs');
+var path = require('path');
+var http = require('http');
+//var https = require('https');
+var YAML = require('js-yaml');
+var TOML = require('toml');
+var TPLS = TOML.parse(fs.readFileSync(path.join(__dirname, "../lib/en-us.toml"), 'utf8'));
+/*
+if ('function' !== typeof TOML.stringify) {
+  TOML.stringify = require('json2toml');
+}
+*/
+var recase = require('recase').create({});
+var camelCopy = recase.camelCopy.bind(recase);
+//var snakeCopy = recase.snakeCopy.bind(recase);
+
+var urequest = require('@coolaj86/urequest');
+var common = require('../lib/cli-common.js');
+
+var argv = process.argv.slice(2);
+
+var argIndex = argv.indexOf('--config');
+if (-1 === argIndex) {
+  argIndex = argv.indexOf('-c');
+}
+var confpath;
+var useTty;
+var state = {};
+if (-1 === argIndex) {
+  argIndex = argv.indexOf('-c');
+}
+if (-1 !== argIndex) {
+  confpath = argv.splice(argIndex, 2)[1];
+}
+argIndex = argv.indexOf('--tty');
+if (-1 !== argIndex) {
+  useTty = argv.splice(argIndex, 1);
+}
+
+function help() {
+  var keys = Object.keys(TPLS.help).filter(function (key) {
+    return 'remote' !== key;
+  });
+  var key = keys.filter(function (key) {
+    return -1 !== process.argv.indexOf(key);
+  })[0] || 'remote';
+  console.info(TPLS.help[key].replace(/{version}/g, pkg.version));
+}
+
+var verstr = [ pkg.name + ' remote v' + pkg.version ];
+if (!confpath) {
+  confpath = path.join(os.homedir(), '.config/telebit/telebit.yml');
+  verstr.push('(--config \'' + confpath.replace(new RegExp('^' + os.homedir()), '~') + '\')');
+}
+
+if ([ '-h', '--help', 'help' ].some(function (arg) {
+  return -1 !== argv.indexOf(arg);
+})) {
+  help();
+  process.exit(0);
+}
+if (!confpath || /^--/.test(confpath)) {
+  help();
+  process.exit(1);
+}
+
+function askForConfig(state, mainCb) {
+  var fs = require('fs');
+  var ttyname = '/dev/tty';
+  var stdin = useTty ? fs.createReadStream(ttyname, {
+    fd: fs.openSync(ttyname, fs.constants.O_RDONLY | fs.constants.O_NOCTTY)
+  }) : process.stdin;
+  var readline = require('readline');
+  var rl = readline.createInterface({
+    input: stdin
+  , output: process.stdout
+    // https://github.com/nodejs/node/issues/21771
+    // https://github.com/nodejs/node/issues/21319
+  , terminal: !/^win/i.test(os.platform()) && !useTty
+  });
+  state._useTty = useTty;
+
+  // NOTE: Use of setTimeout
+  // We're using setTimeout just to make the user experience a little
+  // nicer, as if we're doing something inbetween steps, so that it
+  // is a smooth rather than jerky experience.
+  // >= 300ms is long enough to become distracted and change focus (a full blink, time for an idea to form as a thought)
+  // <= 100ms is shorter than normal human reaction time (ability to place events chronologically, which happened first)
+  // ~ 150-250ms is the sweet spot for most humans (long enough to notice change and not be jarred, but stay on task)
+  var firstSet = [
+    function askEmail(cb) {
+      if (state.config.email) { cb(); return; }
+      console.info(TPLS.remote.setup.email);
+      // TODO attempt to read email from npmrc or the like?
+      rl.question('email: ', function (email) {
+        email = /@/.test(email) && email.trim();
+        if (!email) { askEmail(cb); return; }
+        state.config.email = email.trim();
+        state.config.agreeTos = true;
+        console.info("");
+        setTimeout(cb, 250);
+      });
+    }
+  , function askRelay(cb) {
+      function checkRelay(relay) {
+        // TODO parse and check https://{{relay}}/.well-known/telebit.cloud/directives.json
+        if (!relay) { relay = 'telebit.cloud'; }
+        relay = relay.trim();
+        var urlstr = common.parseUrl(relay) + common.apiDirectory;
+        urequest({ url: urlstr, json: true }, function (err, resp, body) {
+          if (err) {
+            console.error("[Network Error] Failed to retrieve '" + urlstr + "'");
+            console.error(err);
+            askRelay(cb);
+            return;
+          }
+          if (200 !== resp.statusCode || (Buffer.isBuffer(body) || 'object' !== typeof body) || !body.api_host) {
+            console.warn("===================");
+            console.warn("      WARNING      ");
+            console.warn("===================");
+            console.warn("");
+            console.warn("[" + resp.statusCode + "] '" + urlstr + "'");
+            console.warn("This server does not describe a current telebit version (but it may still work).");
+            console.warn("");
+            console.warn(body);
+          } else if (body && body.pair_request) {
+            state._can_pair = true;
+          }
+          state.config.relay = relay;
+          cb();
+        });
+      }
+
+      if (state.config.relay) { checkRelay(state.config.relay); return; }
+      console.info("");
+      console.info("");
+      console.info("What relay will you be using? (press enter for default)");
+      console.info("");
+      rl.question('relay [default: telebit.cloud]: ', checkRelay);
+    }
+  , function checkRelay(cb) {
+      nextSet = [];
+      if ('telebit.cloud' !== state.config.relay) {
+        nextSet = nextSet.concat(standardSet);
+      }
+      if (!state._can_pair) {
+        nextSet = nextSet.concat(fossSet);
+      }
+      cb();
+    }
+  ];
+  var standardSet = [
+    // There are questions that we need to aks in the CLI
+    // if we can't guarantee that they are being asked in the web interface
+    function askAgree(cb) {
+      if (state.config.agreeTos) { cb(); return; }
+      console.info("");
+      console.info("");
+      console.info("Do you accept the terms of service for each and all of the following?");
+      console.info("");
+      console.info("\tTelebit - End-to-End Encrypted Relay");
+      console.info("\tGreenlock - Automated HTTPS");
+      console.info("\tLet's Encrypt - TLS Certificates");
+      console.info("");
+      console.info("Type 'y' or 'yes' to accept these Terms of Service.");
+      console.info("");
+      rl.question('agree to all? [y/N]: ', function (resp) {
+        resp = resp.trim();
+        if (!/^y(es)?$/i.test(resp) && 'true' !== resp) {
+          throw new Error("You didn't accept the Terms of Service... not sure what to do...");
+        }
+        state.config.agreeTos = true;
+        console.info("");
+        setTimeout(cb, 250);
+      });
+    }
+  , function askUpdates(cb) {
+      // required means transactional, security alerts, mandatory updates
+      var options = [ 'newsletter', 'important', 'required' ];
+      if (-1 !== options.indexOf(state._updates)) { cb(); return; }
+      console.info("");
+      console.info("");
+      console.info("What updates would you like to receive? (" + options.join(',') + ")");
+      console.info("");
+      rl.question('messages (default: important): ', function (updates) {
+        state._updates = (updates || '').trim().toLowerCase();
+        if (!state._updates) { state._updates = 'important'; }
+        if (-1 === options.indexOf(state._updates)) { askUpdates(cb); return; }
+
+        if ('newsletter' === state._updates) {
+          state.config.newsletter = true;
+          state.config.communityMember = true;
+        } else if ('important' === state._updates) {
+          state.config.communityMember = true;
+        }
+
+        setTimeout(cb, 250);
+      });
+    }
+  , function askTelemetry(cb) {
+      if (state.config.telemetry) { cb(); return; }
+      console.info("");
+      console.info("");
+      console.info("Contribute project telemetry data? (press enter for default [yes])");
+      console.info("");
+      rl.question('telemetry [Y/n]: ', function (telemetry) {
+        if (!telemetry || /^y(es)?$/i.test(telemetry)) {
+          state.config.telemetry = true;
+        }
+        setTimeout(cb, 250);
+      });
+    }
+  ];
+  var fossSet = [
+    function askTokenOrSecret(cb) {
+      if (state._can_pair || state.token || state.config.token
+        || state.secret || state.config.secret) { cb(); return; }
+      console.info("");
+      console.info("");
+      console.info("What's your authorization for '" + state.config.relay + "'?");
+      console.info("");
+      // TODO check .well-known to learn supported token types
+      console.info("Currently supported:");
+      console.info("");
+      console.info("\tToken (JWT format)");
+      console.info("\tShared Secret (HMAC hex)");
+      //console.info("\tPrivate key (hex)");
+      console.info("");
+      rl.question('auth: ', function (resp) {
+        var jwt = require('jsonwebtoken');
+        resp = (resp || '').trim();
+        try {
+          jwt.decode(resp);
+          state.config.token = resp;
+        } catch(e) {
+          // is not jwt
+        }
+        if (!state.config.token) {
+          resp = resp.toLowerCase();
+          if (resp === Buffer.from(resp, 'hex').toString('hex')) {
+            state.config.secret = resp;
+          }
+        }
+        if (!state.config.token && !state.config.secret) {
+          askTokenOrSecret(cb);
+          return;
+        }
+        setTimeout(cb, 250);
+      });
+    }
+  , function askServernames(cb) {
+      if (!state.config.secret || state.config._servernames) { cb(); return; }
+      console.info("");
+      console.info("");
+      console.info("What servername(s) will you be relaying here?");
+      console.info("(use a comma-separated list such as example.com,example.net)");
+      console.info("");
+      rl.question('domain(s): ', function (resp) {
+        resp = (resp || '').trim().split(/,/g);
+        if (!resp.length) { askServernames(); return; }
+        // TODO validate the domains
+        state.config._servernames = resp;
+        setTimeout(cb, 250);
+      });
+    }
+  , function askPorts(cb) {
+      if (!state.config.secret || state.config._ports) { cb(); return; }
+      console.info("");
+      console.info("");
+      console.info("What tcp port(s) will you be relaying here?");
+      console.info("(use a comma-separated list such as 2222,5050)");
+      console.info("");
+      rl.question('port(s) [default:none]: ', function (resp) {
+        resp = (resp || '').trim().split(/,/g);
+        if (!resp.length) { askPorts(); return; }
+        // TODO validate the domains
+        state.config._ports = resp;
+        setTimeout(cb, 250);
+      });
+    }
+  ];
+  var nextSet = firstSet;
+
+  function next() {
+    var q = nextSet.shift();
+    if (!q) {
+      // https://github.com/nodejs/node/issues/21319
+      if (useTty) { try { stdin.push(null); } catch(e) { /*ignore*/ } }
+      rl.close();
+      if (useTty) { try { stdin.close(); } catch(e) { /*ignore*/ } }
+      mainCb(null, state);
+      return;
+    }
+    q(next);
+  }
+
+  next();
+}
+
+var utils = {
+  request: function request(opts, fn) {
+    if (!opts) { opts = {}; }
+    var service = opts.service || 'config';
+    var req = http.request({
+      socketPath: state._ipc.path
+    , method: opts.method || 'GET'
+    , path: '/rpc/' + service
+    }, function (resp) {
+      var body = '';
+
+      function finish() {
+        if (200 !== resp.statusCode) {
+          console.warn(resp.statusCode);
+          console.warn(body || ('get' + service + ' failed'));
+          //cb(new Error("not okay"), body);
+          return;
+        }
+
+        if (!body) { fn(null, null); return; }
+
+        try {
+          body = JSON.parse(body);
+        } catch(e) {
+          // ignore
+        }
+
+        fn(null, body);
+      }
+
+      if (resp.headers['content-length']) {
+        resp.on('data', function (chunk) {
+          body += chunk.toString();
+        });
+        resp.on('end', function () {
+          finish();
+        });
+      } else {
+        finish();
+      }
+    });
+    req.on('error', function (err) {
+      // ENOENT - never started, cleanly exited last start, or creating socket at a different path
+      // ECONNREFUSED - leftover socket just needs to be restarted
+      if ('ENOENT' === err.code || 'ECONNREFUSED' === err.code) {
+        if (opts._taketwo) {
+          console.error("Either the telebit service was not already (and could not be started) or its socket could not be written to.");
+          console.error(err);
+          return;
+        }
+        require('../usr/share/install-launcher.js').install({ env: process.env }, function (err) {
+          if (err) { fn(err); return; }
+          opts._taketwo = true;
+          setTimeout(function () {
+            utils.request(opts, fn);
+          }, 2500);
+        });
+        return;
+      }
+      if ('ENOTSOCK' === err.code) {
+        console.error(err);
+        return;
+      }
+      console.error(err);
+      return;
+    });
+    req.end();
+  }
+, putConfig: function putConfig(service, args, fn) {
+    var req = http.request({
+      socketPath: state._ipc.path
+    , method: 'POST'
+    , path: '/rpc/' + service + '?_body=' + encodeURIComponent(JSON.stringify(args))
+    }, function (resp) {
+
+      function finish() {
+        if ('function' === typeof fn) {
+          fn(null, resp);
+          return;
+        }
+
+        console.info("");
+        if (200 !== resp.statusCode) {
+          console.warn("'" + service + "' may have failed."
+           + " Consider peaking at the logs either with 'journalctl -xeu telebit' or /opt/telebit/var/log/error.log");
+          console.warn(resp.statusCode, body);
+          //cb(new Error("not okay"), body);
+          return;
+        }
+
+        if (!body) {
+          console.info("👌");
+          return;
+        }
+
+        try {
+          body = JSON.parse(body);
+        } catch(e) {
+          // ignore
+        }
+
+        if ("AWAIT_AUTH" === body.code) {
+          console.info(body.message);
+        } else if ("CONFIG" === body.code) {
+          delete body.code;
+          //console.info(TOML.stringify(body));
+          console.info(YAML.safeDump(body));
+        } else {
+          if ('http' === body.module) {
+            // TODO we'll support slingshot-ing in the future
+            if (String(body.local) === String(parseInt(body.local, 10))) {
+              console.info('> Forwarding https://' + body.remote + ' => localhost:' + body.local);
+            } else {
+              console.info('> Serving ' + body.local + ' as https://' + body.remote);
+            }
+          } else if ('tcp' === body.module) {
+              console.info('> Forwarding ' + state.config.relay + ':' + body.remote + ' => localhost:' + body.local);
+          } else if ('ssh' === body.module) {
+              //console.info('> Forwarding ' + state.config.relay + ' -p ' + JSON.stringify(body) + ' => localhost:' + body.local);
+              console.info('> Forwarding ssh+https (openssl proxy) => localhost:' + body.local);
+          } else {
+            console.info(JSON.stringify(body, null, 2));
+          }
+          console.info();
+        }
+      }
+
+      var body = '';
+      if (resp.headers['content-length']) {
+        resp.on('data', function (chunk) {
+          body += chunk.toString();
+        });
+        resp.on('end', function () {
+          finish();
+        });
+      } else {
+        finish();
+      }
+    });
+    req.on('error', function (err) {
+      console.error('Put Config Error:');
+      console.error(err);
+      return;
+    });
+    req.end();
+  }
+};
+
+// Two styles:
+//     http 3000
+//     http modulename
+function makeRpc(key) {
+  if (key !== argv[0]) {
+    return false;
+  }
+  utils.putConfig(argv[0], argv.slice(1));
+  return true;
+}
+
+function packConfig(config) {
+  return Object.keys(config).map(function (key) {
+    var val = config[key];
+    if ('undefined' === val) {
+      throw new Error("'undefined' used as a string value");
+    }
+    if ('undefined' === typeof val) {
+      //console.warn('[DEBUG]', key, 'is present but undefined');
+      return;
+    }
+    if (val && 'object' === typeof val && !Array.isArray(val)) {
+      val = JSON.stringify(val);
+    }
+    return key + ':' + val; // converts arrays to strings with ,
+  });
+}
+
+function getToken(err, state) {
+  if (err) {
+    console.error("Error while initializing config [init]:");
+    throw err;
+  }
+  state.relay = state.config.relay;
+
+  // { _otp, config: {} }
+  common.api.token(state, {
+    error: function (err/*, next*/) {
+      console.error("[Error] common.api.token:");
+      console.error(err);
+      return;
+    }
+  , directory: function (dir, next) {
+      //console.log('[directory] Telebit Relay Discovered:');
+      //console.log(dir);
+      state._apiDirectory = dir;
+      next();
+    }
+  , tunnelUrl: function (tunnelUrl, next) {
+      //console.log('[tunnelUrl] Telebit Relay Tunnel Socket:', tunnelUrl);
+      state.wss = tunnelUrl;
+      next();
+    }
+  , requested: function (authReq, next) {
+      //console.log("[requested] Pairing Requested");
+      state.config._otp = state.config._otp = authReq.otp;
+
+      if (!state.config.token && state._can_pair) {
+        console.info("");
+        console.info("==============================================");
+        console.info("                 Hey, Listen!                 ");
+        console.info("==============================================");
+        console.info("                                              ");
+        console.info("  GO CHECK YOUR EMAIL!                        ");
+        console.info("                                              ");
+        console.info("  DEVICE PAIR CODE:     0000                  ".replace(/0000/g, state.config._otp));
+        console.info("                                              ");
+        console.info("==============================================");
+        console.info("");
+      }
+
+      next();
+    }
+  , connect: function (pretoken, next) {
+      //console.log("[connect] Enabling Pairing Locally...");
+      state.config.pretoken = pretoken;
+      state._connecting = true;
+
+      // TODO use php-style object querification
+      utils.putConfig('config', packConfig(state.config), function (err/*, body*/) {
+        if (err) {
+          state._error = err;
+          console.error("Error while initializing config [connect]:");
+          console.error(err);
+          return;
+        }
+        console.info(TPLS.remote.waiting.replace(/{email}/, state.config.email));
+        next();
+      });
+    }
+  , offer: function (token, next) {
+      //console.log("[offer] Pairing Enabled by Relay");
+      state.config.token = token;
+      if (state._error) {
+        return;
+      }
+      state._connecting = true;
+      try {
+        require('jsonwebtoken').decode(token);
+        //console.log(require('jsonwebtoken').decode(token));
+      } catch(e) {
+        console.warn("[warning] could not decode token");
+      }
+      utils.putConfig('config', packConfig(state.config), function (err/*, body*/) {
+        if (err) {
+          state._error = err;
+          console.error("Error while initializing config [offer]:");
+          console.error(err);
+          return;
+        }
+        //console.log("Pairing Enabled Locally");
+        next();
+      });
+    }
+  , granted: function (_, next) {
+      //console.log("[grant] Pairing complete!");
+      next();
+    }
+  , end: function () {
+      utils.putConfig('enable', [], function (err) {
+        if (err) { console.error(err); return; }
+        console.info(TPLS.remote.success);
+
+        // workaround for https://github.com/nodejs/node/issues/21319
+        if (state._useTty) {
+          setTimeout(function () {
+            console.info(TPLS.remote.next_steps);
+            process.exit(0);
+          }, 0.5 * 1000);
+          return;
+        }
+        // end workaround
+
+        parseCli(state);
+      });
+    }
+  });
+}
+
+function parseCli(/*state*/) {
+  var special = [
+    'false', 'none', 'off', 'disable'
+  , 'true', 'auto', 'on', 'enable'
+  ];
+  if (-1 !== argv.indexOf('init')) {
+    utils.putConfig('list', []/*, function (err) {
+    }*/);
+    return;
+  }
+
+  if ([ 'ssh', 'http', 'tcp' ].some(function (key) {
+    if (key !== argv[0]) {
+      return false;
+    }
+    if (argv[1]) {
+      if (String(argv[1]) === String(parseInt(argv[1], 10))) {
+        // looks like a port
+        argv[1] = parseInt(argv[1], 10);
+      } else if (/\/|\\/.test(argv[1])) {
+        // looks like a path
+        argv[1] = path.resolve(argv[1]);
+        // TODO make a default assignment here
+      } else if (-1 === special.indexOf(argv[1])) {
+        console.error("Not sure what you meant by '" + argv[1] + "'.");
+        console.error("Remember: paths should begin with ." + path.sep + ", like '." + path.sep + argv[1] + "'");
+        return true;
+      }
+      utils.putConfig(argv[0], argv.slice(1));
+      return true;
+    }
+    return true;
+  })) {
+    return;
+  }
+
+  if ([ 'status', 'enable', 'disable', 'restart', 'list', 'save' ].some(makeRpc)) {
+    return;
+  }
+
+  help();
+  process.exit(11);
+}
+
+function handleConfig(err, config) {
+  //console.log('CONFIG');
+  //console.log(config);
+  state.config = config;
+  var verstrd = [ pkg.name + ' daemon v' + state.config.version ];
+  if (state.config.version && state.config.version !== pkg.version) {
+    console.info(verstr.join(' '), verstrd.join(' '));
+  } else {
+    console.info(verstr.join(' '));
+  }
+
+  if (err) { console.error(err); process.exit(101); return; }
+
+  //
+  // check for init first, before anything else
+  // because it has arguments that may help in
+  // the next steps
+  //
+  if (-1 !== argv.indexOf('init')) {
+    parsers.init(argv, getToken);
+    return;
+  }
+
+  if (!state.config.relay || !state.config.token) {
+    if (!state.config.relay) {
+      state.config.relay = 'telebit.cloud';
+    }
+
+    //console.log("question the user?", Date.now());
+    askForConfig(state, function (err, state) {
+      // no errors actually get passed, so this is just future-proofing
+      if (err) { throw err; }
+
+      if (!state.config.token && state._can_pair) {
+        state.config._otp = common.otp();
+      }
+
+      //console.log("done questioning:", Date.now());
+      if (!state.token && !state.config.token) {
+        getToken(err, state);
+      } else {
+        parseCli(state);
+      }
+    });
+    return;
+  }
+
+  //console.log("no questioning:");
+  parseCli(state);
+}
+
+function parseConfig(err, text) {
+  try {
+    state._clientConfig = JSON.parse(text || '{}');
+  } catch(e1) {
+    try {
+      state._clientConfig = YAML.safeLoad(text || '{}');
+    } catch(e2) {
+      try {
+        state._clientConfig = TOML.parse(text || '');
+      } catch(e3) {
+        console.error(e1.message);
+        console.error(e2.message);
+        process.exit(1);
+        return;
+      }
+    }
+  }
+
+  state._clientConfig = camelCopy(state._clientConfig || {}) || {};
+  common._init(
+    // make a default working dir and log dir
+    state._clientConfig.root || path.join(os.homedir(), '.local/share/telebit')
+  , (state._clientConfig.root && path.join(state._clientConfig.root, 'etc'))
+      || path.resolve(common.DEFAULT_CONFIG_PATH, '..')
+  );
+  state._ipc = common.pipename(state._clientConfig, true);
+
+  if (!Object.keys(state._clientConfig).length) {
+    console.info('(' + state._ipc.comment + ": " + state._ipc.path + ')');
+    console.info("");
+  }
+
+  if ((err && 'ENOENT' === err.code) || !Object.keys(state._clientConfig).length) {
+    if (!err || 'ENOENT' === err.code) {
+      //console.warn("Empty config file. Run 'telebit init' to configure.\n");
+    } else {
+      console.warn("Couldn't load config:\n\n\t" + err.message + "\n");
+    }
+  }
+
+  utils.request({ service: 'config' }, handleConfig);
+}
+
+var parsers = {
+  init: function (argv, parseCb) {
+    var answers = {};
+    var boolish = [ '--advanced' ];
+    if ('init' !== argv[0]) {
+      throw new Error("init must be the first argument");
+    }
+    argv.shift();
+
+    // init --foo bar
+    argv.forEach(function (arg, i) {
+      if (!/^--/.test(arg)) { return; }
+      if (-1 !== boolish.indexOf(arg)) {
+        answers['_' + arg.replace(/^--/, '')] = true;
+      }
+      if (/^-/.test(argv[i + 1])) {
+        throw new Error(argv[i + 1] + ' requires an argument');
+      }
+      answers[arg] = argv[i + 1];
+    });
+
+    // init foo:bar
+    argv.forEach(function (arg) {
+      if (/^--/.test(arg)) { return; }
+      var parts = arg.split(/:/g);
+      if (2 !== parts.length) {
+        throw new Error("bad option to init: '" + arg + "'");
+      }
+      if (answers[parts[0]]) {
+        throw new Error("duplicate key to init '" + parts[0] + "'");
+      }
+      answers[parts[0]] = parts[1];
+    });
+
+    if (answers.relay) {
+      console.info("using --relay " + answers.relay);
+    }
+    // things that aren't straight-forward copy-over
+    if (!answers.advanced && !answers.relay) {
+      answers.relay = 'telebit.cloud';
+    }
+    if (Array.isArray(common._NOTIFICATIONS[answers.update])) {
+      common._NOTIFICATIONS[answers.update].forEach(function (name) {
+        state.config[name] = true;
+      });
+    }
+    if (answers.servernames) {
+      state.config._servernames = answers.servernames;
+    }
+    if (answers.ports) {
+      state.config._ports = answers.ports;
+    }
+
+    // things that are straight-forward copy-over
+    common.CONFIG_KEYS.forEach(function (key) {
+      if ('true' === answers[key]) { answers[key] = true; }
+      if ('false' === answers[key]) { answers[key] = false; }
+      if ('null' === answers[key]) { answers[key] = null; }
+      if ('undefined' === answers[key]) { delete answers[key]; }
+      if ('undefined' !== typeof answers[key]) {
+        state.config[key] = answers[key];
+      }
+    });
+
+    askForConfig(state, function (err, state) {
+      if (err) { parseCb(err); return; }
+
+      if (!state.config.token && state._can_pair) {
+        state.config._otp = common.otp();
+      }
+
+      argv.unshift('init');
+      parseCb(null, state);
+    });
+  }
+};
+
+fs.readFile(confpath, 'utf8', parseConfig);
+
+}());

bin/telebit.js

@@ -2,798 +2,35 @@
 (function () {
 'use strict';
 
-var pkg = require('../package.json');
-var os = require('os');
-
-//var url = require('url');
-var path = require('path');
-var http = require('http');
-//var https = require('https');
-var YAML = require('js-yaml');
-var recase = require('recase').create({});
-var camelCopy = recase.camelCopy.bind(recase);
-//var snakeCopy = recase.snakeCopy.bind(recase);
-
-var urequest = require('@coolaj86/urequest');
-var common = require('../lib/cli-common.js');
-
-var argv = process.argv.slice(2);
-
-var argIndex = argv.indexOf('--config');
-var confpath;
-var useTty;
-var state = {};
-if (-1 === argIndex) {
-  argIndex = argv.indexOf('-c');
-}
-if (-1 !== argIndex) {
-  confpath = argv.splice(argIndex, 2)[1];
-}
-argIndex = argv.indexOf('--tty');
-if (-1 !== argIndex) {
-  useTty = argv.splice(argIndex, 1);
+//
+// node telebit daemon arg1 arg2
+//
+if ('daemon' === process.argv[2]) {
+  require('./telebitd.js');
+  return;
 }
 
-function help() {
-  //console.info('');
-  //console.info('Telebit Remote v' + pkg.version);
-  console.info('');
-  console.info('Usage:');
-  console.info('');
-  console.info('\ttelebit [--config <path>] <module> <module-options>');
-  console.info('');
-  console.info('Examples:');
-  console.info('');
-  //console.info('\ttelebit init                            # bootstrap the config files');
-  //console.info('');
-  console.info('\ttelebit status                          # whether enabled or disabled');
-  console.info('\ttelebit enable                          # disallow incoming connections');
-  console.info('\ttelebit disable                         # allow incoming connections');
-  console.info('');
-  console.info('\ttelebit list                            # list rules for servernames and ports');
-  console.info('');
-  console.info('\ttelebit http none                       # remove all https handlers');
-  console.info('\ttelebit http 3000                       # forward all https traffic to port 3000');
-  console.info('\ttelebit http /module/path               # load a node module to handle all https traffic');
-  console.info('');
-  console.info('\ttelebit http none example.com           # remove https handler from example.com');
-  console.info('\ttelebit http 3001 example.com           # forward https traffic for example.com to port 3001');
-  console.info('\ttelebit http /module/path example.com   # forward https traffic for example.com to port 3001');
-  console.info('');
-  console.info('\ttelebit tcp none                        # remove all tcp handlers');
-  console.info('\ttelebit tcp 5050                        # forward all tcp to port 5050');
-  console.info('\ttelebit tcp /module/path                # handle all tcp with a node module');
-  console.info('');
-  console.info('\ttelebit tcp none 6565                   # remove tcp handler from external port 6565');
-  console.info('\ttelebit tcp 5050 6565                   # forward external port 6565 to local 5050');
-  console.info('\ttelebit tcp /module/path 6565           # handle external port 6565 with a node module');
-  console.info('');
-  console.info('Config:');
-  console.info('');
-  console.info('\tSee https://git.coolaj86.com/coolaj86/telebit.js');
-  console.info('');
-  console.info('');
+//
+// sclient proxies
+//
+if ('sclient' === process.argv[2]) {
+  process.argv.splice(1,1);
+  return;
+}
+if ('rsync' === process.argv[2]) {
+  require('sclient/bin/sclient.js');
+  return;
+}
+if ('ssh' === process.argv[2] && /[\w-]+\.[a-z]{2,}/i.test(process.argv[3])) {
+  process.argv.splice(1,1,'sclient');
+  process.argv.splice(2,1,'ssh');
+  require('sclient/bin/sclient.js');
+  return;
 }
 
-var verstr = [ pkg.name + ' remote v' + pkg.version ];
-if (!confpath) {
-  confpath = path.join(os.homedir(), '.config/telebit/telebit.yml');
-  verstr.push('(--config "' + confpath + '")');
-}
-
-if (-1 !== argv.indexOf('-h') || -1 !== argv.indexOf('--help')) {
-  help();
-  process.exit(0);
-}
-if (!confpath || /^--/.test(confpath)) {
-  help();
-  process.exit(1);
-}
-
-function askForConfig(state, mainCb) {
-  var fs = require('fs');
-  var ttyname = '/dev/tty';
-  var stdin = useTty ? fs.createReadStream(ttyname, {
-    fd: fs.openSync(ttyname, fs.constants.O_RDONLY | fs.constants.O_NOCTTY)
-  }) : process.stdin;
-  var readline = require('readline');
-  var rl = readline.createInterface({
-    input: stdin
-  , output: process.stdout
-    // https://github.com/nodejs/node/issues/21319
-  , terminal: !useTty
-  });
-  state._useTty = useTty;
-
-  // NOTE: Use of setTimeout
-  // We're using setTimeout just to make the user experience a little
-  // nicer, as if we're doing something inbetween steps, so that it
-  // is a smooth rather than jerky experience.
-  // >= 300ms is long enough to become distracted and change focus (a full blink, time for an idea to form as a thought)
-  // <= 100ms is shorter than normal human reaction time (ability to place events chronologically, which happened first)
-  // ~ 150-250ms is the sweet spot for most humans (long enough to notice change and not be jarred, but stay on task)
-  var firstSet = [
-    function askEmail(cb) {
-      if (state.config.email) { cb(); return; }
-      //console.info("");
-      console.info("Welcome!");
-      console.info("");
-      console.info("By using Telebit you agree to:");
-      console.info("");
-      console.info("    [x] Accept the Telebit™ terms of service");
-      console.info("    [x] Accept the Let's Encrypt™ terms of service");
-      console.info("");
-      console.info("Enter your email to agree and login/create your account:");
-      console.info("");
-      // TODO attempt to read email from npmrc or the like?
-      rl.question('email: ', function (email) {
-        email = /@/.test(email) && email.trim();
-        if (!email) { askEmail(cb); return; }
-        state.config.email = email.trim();
-        state.config.agreeTos = true;
-        console.info("");
-        setTimeout(cb, 250);
-      });
-    }
-  , function askRelay(cb) {
-      function checkRelay(relay) {
-        // TODO parse and check https://{{relay}}/.well-known/telebit.cloud/directives.json
-        if (!relay) { relay = 'telebit.cloud'; }
-        relay = relay.trim();
-        var urlstr = common.parseUrl(relay) + common.apiDirectory;
-        urequest({ url: urlstr, json: true }, function (err, resp, body) {
-          if (err) {
-            console.error("[Network Error] Failed to retrieve '" + urlstr + "'");
-            console.error(err);
-            askRelay(cb);
-            return;
-          }
-          if (200 !== resp.statusCode || (Buffer.isBuffer(body) || 'object' !== typeof body) || !body.api_host) {
-            console.warn("===================");
-            console.warn("      WARNING      ");
-            console.warn("===================");
-            console.warn("");
-            console.warn("[" + resp.statusCode + "] '" + urlstr + "'");
-            console.warn("This server does not describe a current telebit version (but it may still work).");
-            console.warn("");
-            console.warn(body);
-          } else if (body && body.pair_request) {
-            state._can_pair = true;
-          }
-          state.config.relay = relay;
-          cb();
-        });
-      }
-
-      if (state.config.relay) { checkRelay(); return; }
-      console.info("");
-      console.info("");
-      console.info("What relay will you be using? (press enter for default)");
-      console.info("");
-      rl.question('relay [default: telebit.cloud]: ', checkRelay);
-    }
-  , function checkRelay(cb) {
-      nextSet = [];
-      if ('telebit.cloud' !== state.config.relay) {
-        nextSet = nextSet.concat(standardSet);
-      }
-      if (!state._can_pair) {
-        nextSet = nextSet.concat(fossSet);
-      }
-      cb();
-    }
-  ];
-  var standardSet = [
-    // There are questions that we need to aks in the CLI
-    // if we can't guarantee that they are being asked in the web interface
-    function askAgree(cb) {
-      if (state.config.agreeTos) { cb(); return; }
-      console.info("");
-      console.info("");
-      console.info("Do you accept the terms of service for each and all of the following?");
-      console.info("");
-      console.info("\tTelebit - End-to-End Encrypted Relay");
-      console.info("\tGreenlock - Automated HTTPS");
-      console.info("\tLet's Encrypt - TLS Certificates");
-      console.info("");
-      console.info("Type 'y' or 'yes' to accept these Terms of Service.");
-      console.info("");
-      rl.question('agree to all? [y/N]: ', function (resp) {
-        resp = resp.trim();
-        if (!/^y(es)?$/i.test(resp) && 'true' !== resp) {
-          throw new Error("You didn't accept the Terms of Service... not sure what to do...");
-        }
-        state.config.agreeTos = true;
-        console.info("");
-        setTimeout(cb, 250);
-      });
-    }
-  , function askUpdates(cb) {
-      // required means transactional, security alerts, mandatory updates
-      var options = [ 'newsletter', 'important', 'required' ];
-      if (-1 !== options.indexOf(state._updates)) { cb(); return; }
-      console.info("");
-      console.info("");
-      console.info("What updates would you like to receive? (" + options.join(',') + ")");
-      console.info("");
-      rl.question('messages (default: important): ', function (updates) {
-        state._updates = (updates || '').trim().toLowerCase();
-        if (!state._updates) { state._updates = 'important'; }
-        if (-1 === options.indexOf(state._updates)) { askUpdates(cb); return; }
-
-        if ('newsletter' === state._updates) {
-          state.config.newsletter = true;
-          state.config.communityMember = true;
-        } else if ('important' === state._updates) {
-          state.config.communityMember = true;
-        }
-
-        setTimeout(cb, 250);
-      });
-    }
-  , function askTelemetry(cb) {
-      if (state.config.telemetry) { cb(); return; }
-      console.info("");
-      console.info("");
-      console.info("Contribute project telemetry data? (press enter for default [yes])");
-      console.info("");
-      rl.question('telemetry [Y/n]: ', function (telemetry) {
-        if (!telemetry || /^y(es)?$/i.test(telemetry)) {
-          state.config.telemetry = true;
-        }
-        setTimeout(cb, 250);
-      });
-    }
-  ];
-  var fossSet = [
-    function askTokenOrSecret(cb) {
-      if (state._can_pair || state.token || state.config.token
-        || state.secret || state.config.secret) { cb(); return; }
-      console.info("");
-      console.info("");
-      console.info("What's your authorization for '" + state.config.relay + "'?");
-      console.info("");
-      // TODO check .well-known to learn supported token types
-      console.info("Currently supported:");
-      console.info("");
-      console.info("\tToken (JWT format)");
-      console.info("\tShared Secret (HMAC hex)");
-      //console.info("\tPrivate key (hex)");
-      console.info("");
-      rl.question('auth: ', function (resp) {
-        var jwt = require('jsonwebtoken');
-        resp = (resp || '').trim();
-        try {
-          jwt.decode(resp);
-          state.config.token = resp;
-        } catch(e) {
-          // is not jwt
-        }
-        if (!state.config.token) {
-          resp = resp.toLowerCase();
-          if (resp === Buffer.from(resp, 'hex').toString('hex')) {
-            state.config.secret = resp;
-          }
-        }
-        if (!state.config.token && !state.config.secret) {
-          askTokenOrSecret(cb);
-          return;
-        }
-        setTimeout(cb, 250);
-      });
-    }
-  , function askServernames(cb) {
-      if (!state.config.secret || state.config._servernames) { cb(); return; }
-      console.info("");
-      console.info("");
-      console.info("What servername(s) will you be relaying here?");
-      console.info("(use a comma-separated list such as example.com,example.net)");
-      console.info("");
-      rl.question('domain(s): ', function (resp) {
-        resp = (resp || '').trim().split(/,/g);
-        if (!resp.length) { askServernames(); return; }
-        // TODO validate the domains
-        state.config._servernames = resp;
-        setTimeout(cb, 250);
-      });
-    }
-  , function askPorts(cb) {
-      if (!state.config.secret || state.config._ports) { cb(); return; }
-      console.info("");
-      console.info("");
-      console.info("What tcp port(s) will you be relaying here?");
-      console.info("(use a comma-separated list such as 2222,5050)");
-      console.info("");
-      rl.question('port(s) [default:none]: ', function (resp) {
-        resp = (resp || '').trim().split(/,/g);
-        if (!resp.length) { askPorts(); return; }
-        // TODO validate the domains
-        state.config._ports = resp;
-        setTimeout(cb, 250);
-      });
-    }
-  ];
-  var nextSet = firstSet;
-
-  function next() {
-    var q = nextSet.shift();
-    if (!q) {
-      // https://github.com/nodejs/node/issues/21319
-      if (useTty) { try { stdin.push(null); } catch(e) { /*ignore*/ } }
-      rl.close();
-      if (useTty) { try { stdin.close(); } catch(e) { /*ignore*/ } }
-      mainCb(null, state);
-      return;
-    }
-    q(next);
-  }
-
-  next();
-}
-
-var utils = {
-  request: function request(opts, fn) {
-    if (!opts) { opts = {}; }
-    var service = opts.service || 'config';
-    var req = http.get({
-      socketPath: state._ipc.path
-    , method: opts.method || 'GET'
-    , path: '/rpc/' + service
-    }, function (resp) {
-      var body = '';
-
-      function finish() {
-        if (200 !== resp.statusCode) {
-          console.warn(resp.statusCode);
-          console.warn(body || ('get' + service + ' failed'));
-          //cb(new Error("not okay"), body);
-          return;
-        }
-
-        if (!body) { fn(null, null); return; }
-
-        try {
-          body = JSON.parse(body);
-        } catch(e) {
-          // ignore
-        }
-
-        fn(null, body);
-      }
-
-      if (resp.headers['content-length']) {
-        resp.on('data', function (chunk) {
-          body += chunk.toString();
-        });
-        resp.on('end', function () {
-          finish();
-        });
-      } else {
-        finish();
-      }
-    });
-    req.on('error', function (err) {
-      // ENOENT - never started, cleanly exited last start, or creating socket at a different path
-      // ECONNREFUSED - leftover socket just needs to be restarted
-      if ('ENOENT' === err.code || 'ECONNREFUSED' === err.code) {
-        if (opts._taketwo) {
-          console.error("Either the telebit service was not already (and could not be started) or its socket could not be written to.");
-          console.error(err);
-          return;
-        }
-        require('../usr/share/install-launcher.js').install({ env: process.env }, function (err) {
-          if (err) { fn(err); return; }
-          opts._taketwo = true;
-          utils.request(opts, fn);
-        });
-        return;
-      }
-      if ('ENOTSOCK' === err.code) {
-        console.error(err);
-        return;
-      }
-      console.error(err);
-      return;
-    });
-  }
-, putConfig: function putConfig(service, args, fn) {
-    //console.log('debug path:');
-    //console.log('/rpc/' + service + '?_body=' + JSON.stringify(args));
-    var req = http.get({
-      socketPath: state._ipc.path
-    , method: 'POST'
-    , path: '/rpc/' + service + '?_body=' + JSON.stringify(args)
-    }, function (resp) {
-
-      function finish() {
-        if ('function' === typeof fn) {
-          fn(null, resp);
-          return;
-        }
-
-        console.info("");
-        if (200 !== resp.statusCode) {
-          console.warn("'" + service + "' may have failed."
-           + " Consider peaking at the logs either with 'journalctl -xeu telebit' or /opt/telebit/var/log/error.log");
-          console.warn(resp.statusCode, body);
-          //cb(new Error("not okay"), body);
-          return;
-        }
-
-        if (!body) {
-          console.info("👌");
-          return;
-        }
-
-        try {
-          body = JSON.parse(body);
-        } catch(e) {
-          // ignore
-        }
-
-        if ("AWAIT_AUTH" === body.code) {
-          console.info(body.message);
-        } else if ("CONFIG" === body.code) {
-          delete body.code;
-          console.info(YAML.safeDump(body));
-        } else {
-          console.info(JSON.stringify(body, null, 2));
-        }
-      }
-
-      var body = '';
-      if (resp.headers['content-length']) {
-        resp.on('data', function (chunk) {
-          body += chunk.toString();
-        });
-        resp.on('end', function () {
-          finish();
-        });
-      } else {
-        finish();
-      }
-    });
-    req.on('error', function (err) {
-      console.error('Put Config Error:');
-      console.error(err);
-      return;
-    });
-  }
-};
-
-// Two styles:
-//     http 3000
-//     http modulename
-function makeRpc(key) {
-  if (key !== argv[0]) {
-    return false;
-  }
-  utils.putConfig(argv[0], argv.slice(1));
-  return true;
-}
-
-function packConfig(config) {
-  return Object.keys(config).map(function (key) {
-    var val = config[key];
-    if ('undefined' === val) {
-      throw new Error("'undefined' used as a string value");
-    }
-    if ('undefined' === typeof val) {
-      //console.warn('[DEBUG]', key, 'is present but undefined');
-      return;
-    }
-    if (val && 'object' === typeof val && !Array.isArray(val)) {
-      val = JSON.stringify(val);
-    }
-    return key + ':' + val; // converts arrays to strings with ,
-  });
-}
-
-function getToken(err, state) {
-  if (err) {
-    console.error("Error while initializing config [init]:");
-    throw err;
-  }
-
-  // { _otp, config: {} }
-  common.api.token(state, {
-    error: function (err/*, next*/) {
-      console.error("[Error] common.api.token:");
-      console.error(err);
-      return;
-    }
-  , directory: function (dir, next) {
-      //console.log('[directory] Telebit Relay Discovered:');
-      //console.log(dir);
-      state._apiDirectory = dir;
-      next();
-    }
-  , tunnelUrl: function (tunnelUrl, next) {
-      //console.log('[tunnelUrl] Telebit Relay Tunnel Socket:', tunnelUrl);
-      state.wss = tunnelUrl;
-      next();
-    }
-  , requested: function (authReq, next) {
-      //console.log("[requested] Pairing Requested");
-      state.config._otp = state.config._otp = authReq.otp;
-
-      if (!state.config.token && state._can_pair) {
-        console.info("");
-        console.info("==============================================");
-        console.info("                 Hey, Listen!                 ");
-        console.info("==============================================");
-        console.info("                                              ");
-        console.info("  GO CHECK YOUR EMAIL!                        ");
-        console.info("                                              ");
-        console.info("  DEVICE PAIR CODE:     0000                  ".replace(/0000/g, state.config._otp));
-        console.info("                                              ");
-        console.info("==============================================");
-        console.info("");
-      }
-
-      next();
-    }
-  , connect: function (pretoken, next) {
-      //console.log("[connect] Enabling Pairing Locally...");
-      state.config.pretoken = pretoken;
-      state._connecting = true;
-
-      // TODO use php-style object querification
-      utils.putConfig('config', packConfig(state.config), function (err/*, body*/) {
-        if (err) {
-          state._error = err;
-          console.error("Error while initializing config [connect]:");
-          console.error(err);
-          return;
-        }
-        console.log("waiting...");
-        next();
-      });
-    }
-  , offer: function (token, next) {
-      //console.log("[offer] Pairing Enabled by Relay");
-      state.config.token = token;
-      if (state._error) {
-        return;
-      }
-      state._connecting = true;
-      console.log("Token Offered:");
-      console.log(token);
-      try {
-        console.log(require('jsonwebtoken').decode(token));
-      } catch(e) {
-        console.warn("[warning] could not decode token");
-      }
-      utils.putConfig('config', packConfig(state.config), function (err/*, body*/) {
-        if (err) {
-          state._error = err;
-          console.error("Error while initializing config [offer]:");
-          console.error(err);
-          return;
-        }
-        //console.log("Pairing Enabled Locally");
-        next();
-      });
-    }
-  , granted: function (_, next) {
-      //console.log("[grant] Pairing complete!");
-      next();
-    }
-  , end: function () {
-      utils.putConfig('enable', [], function (err) {
-        if (err) { console.error(err); return; }
-        console.info("[end] Success");
-
-        // workaround for https://github.com/nodejs/node/issues/21319
-        if (state._useTty) {
-          setTimeout(function () {
-            console.info();
-            console.info("Press any key to continue...");
-            console.info();
-            process.exit(0);
-          }, 0.5 * 1000);
-          return;
-        }
-        // end workaround
-
-        parseCli(state);
-      });
-    }
-  });
-}
-
-function parseCli(/*state*/) {
-  if (-1 !== argv.indexOf('init')) {
-    utils.putConfig('list', []/*, function (err) {
-    }*/);
-    return;
-  }
-
-  if ([ 'ssh', 'http', 'tcp' ].some(function (key) {
-    if (key !== argv[0]) {
-      return false;
-    }
-    if (argv[1]) {
-      utils.putConfig(argv[0], argv.slice(1));
-      return true;
-    }
-    return true;
-  })) {
-    help();
-    process.exit(13);
-    return;
-  }
-
-  if ([ 'status', 'enable', 'disable', 'restart', 'list', 'save' ].some(makeRpc)) {
-    return;
-  }
-
-  help();
-  process.exit(11);
-}
-
-function handleConfig(err, config) {
-  //console.log('CONFIG');
-  //console.log(config);
-  state.config = config;
-
-  if (err) { console.error(err); process.exit(101); return; }
-
-  //
-  // check for init first, before anything else
-  // because it has arguments that may help in
-  // the next steps
-  //
-  if (-1 !== argv.indexOf('init')) {
-    parsers.init(argv, getToken);
-    return;
-  }
-
-  if (!state.config.relay || !state.config.token) {
-    if (!state.config.relay) {
-      state.config.relay = 'telebit.cloud';
-    }
-
-    //console.log("question the user?", Date.now());
-    askForConfig(state, function (err, state) {
-      // no errors actually get passed, so this is just future-proofing
-      if (err) { throw err; }
-
-      if (!state.config.token && state._can_pair) {
-        state.config._otp = common.otp();
-      }
-
-      //console.log("done questioning:", Date.now());
-      state.relay = state.config.relay;
-      if (!state.token && !state.config.token) {
-        getToken(err, state);
-      } else {
-        parseCli(state);
-      }
-    });
-    return;
-  }
-
-  //console.log("no questioning:");
-  parseCli(state);
-}
-
-function parseConfig(err, text) {
-
-  console.info("");
-  console.info(verstr.join(' '));
-
-  try {
-    state._clientConfig = JSON.parse(text || '{}');
-  } catch(e1) {
-    try {
-      state._clientConfig = YAML.safeLoad(text || '{}');
-    } catch(e2) {
-      console.error(e1.message);
-      console.error(e2.message);
-      process.exit(1);
-      return;
-    }
-  }
-
-  state._clientConfig = camelCopy(state._clientConfig || {}) || {};
-  common._init(
-    // make a default working dir and log dir
-    state._clientConfig.root || path.join(os.homedir(), '.local/share/telebit')
-  , (state._clientConfig.root && path.join(state._clientConfig.root, 'etc'))
-      || path.resolve(common.DEFAULT_CONFIG_PATH, '..')
-  );
-  state._ipc = common.pipename(state._clientConfig, true);
-
-  if (!Object.keys(state._clientConfig).length) {
-    console.info('(' + state._ipc.comment + ": " + state._ipc.path + ')');
-    console.info("");
-  }
-
-  if ((err && 'ENOENT' === err.code) || !Object.keys(state._clientConfig).length) {
-    if (!err || 'ENOENT' === err.code) {
-      //console.warn("Empty config file. Run 'telebit init' to configure.\n");
-    } else {
-      console.warn("Couldn't load config:\n\n\t" + err.message + "\n");
-    }
-  }
-
-  utils.request({ service: 'config' }, handleConfig);
-}
-
-var parsers = {
-  init: function (argv, parseCb) {
-    var answers = {};
-    var boolish = [ '--advanced' ];
-    if ('init' !== argv[0]) {
-      throw new Error("init must be the first argument");
-    }
-    argv.shift();
-
-    // init --foo bar
-    argv.forEach(function (arg, i) {
-      if (!/^--/.test(arg)) { return; }
-      if (-1 !== boolish.indexOf(arg)) {
-        answers['_' + arg.replace(/^--/, '')] = true;
-      }
-      if (/^-/.test(argv[i + 1])) {
-        throw new Error(argv[i + 1] + ' requires an argument');
-      }
-      answers[arg] = argv[i + 1];
-    });
-
-    // init foo:bar
-    argv.forEach(function (arg) {
-      if (/^--/.test(arg)) { return; }
-      var parts = arg.split(/:/g);
-      if (2 !== parts.length) {
-        throw new Error("bad option to init: '" + arg + "'");
-      }
-      if (answers[parts[0]]) {
-        throw new Error("duplicate key to init '" + parts[0] + "'");
-      }
-      answers[parts[0]] = parts[1];
-    });
-
-    // things that aren't straight-forward copy-over
-    if (!answers.advanced && !answers.relay) {
-      answers.relay = 'telebit.cloud';
-    }
-    if (Array.isArray(common._NOTIFICATIONS[answers.update])) {
-      common._NOTIFICATIONS[answers.update].forEach(function (name) {
-        state.config[name] = true;
-      });
-    }
-    if (answers.servernames) {
-      state.config._servernames = answers.servernames;
-    }
-    if (answers.ports) {
-      state.config._ports = answers.ports;
-    }
-
-    // things that are straight-forward copy-over
-    common.CONFIG_KEYS.forEach(function (key) {
-      if ('true' === answers[key]) { answers[key] = true; }
-      if ('false' === answers[key]) { answers[key] = false; }
-      if ('null' === answers[key]) { answers[key] = null; }
-      if ('undefined' === answers[key]) { delete answers[key]; }
-      if ('undefined' !== typeof answers[key]) {
-        state.config[key] = answers[key];
-      }
-    });
-
-    askForConfig(state, function (err, state) {
-      if (err) { parseCb(err); return; }
-
-      if (!state.config.token && state._can_pair) {
-        state.config._otp = common.otp();
-      }
-
-      parseCb(null, state);
-    });
-  }
-};
-
-require('fs').readFile(confpath, 'utf8', parseConfig);
+//
+// telebit remote
+//
+require('./telebit-remote.js');
 
 }());

lib/cli-common.js

@@ -1,9 +1,11 @@
 'use strict';
 
+module.exports.debug = (-1 !== (process.env.NODE_DEBUG||'').split(/\s+/g).indexOf('telebit'));
 var common = module.exports;
 
 var path = require('path');
 var url = require('url');
+var fs = require('fs');
 var mkdirp = require('mkdirp');
 var os = require('os');
 var homedir = os.homedir();
@@ -30,19 +32,61 @@ common.CONFIG_KEYS = [
 //, '_otp'         // otp should not be saved
 //, '_token'       // temporary token
 
-common.pipename = function (config, newApi) {
+common.getPort = function (config, cb) {
+  var portfile = path.resolve(config.sock || common.DEFAULT_SOCK_PATH, '..', 'telebit.port');
+  if (cb) {
+    return fs.readFile(portfile, 'utf8', function (err, text) {
+      cb(err, parseInt((text||'').trim(), 10) || null);
+    });
+  } else {
+    try {
+      return parseInt(fs.readFileSync(portfile, 'utf8').trim(), 10) || null;
+    } catch(e) {
+      return null;
+    }
+  }
+};
+common.setPort = function (config, num, cb) {
+  var portfile = path.resolve(config.sock || common.DEFAULT_SOCK_PATH, '..', 'telebit.port');
+  var numstr = (num || '').toString();
+  if (cb) {
+    return fs.writeFile(portfile, numstr, 'utf8', function (err) {
+      cb(err);
+    });
+  } else {
+    try {
+      return fs.writeFileSync(portfile, numstr, 'utf8');
+    } catch(e) {
+      return null;
+    }
+  }
+};
+common.removePort = function (config, cb) {
+  var portfile = path.resolve(config.sock || common.DEFAULT_SOCK_PATH, '..', 'telebit.port');
+  if (cb) {
+    return fs.unlink(portfile, function (err, text) {
+      cb(err, (text||'').trim());
+    });
+  } else {
+    try {
+      return fs.unlinkSync(portfile);
+    } catch(e) {
+      return null;
+    }
+  }
+};
+common.pipename = function (config) {
   var _ipc = {
     path: (config.sock || common.DEFAULT_SOCK_PATH)
   , comment: (/^win/i.test(os.platform()) ? 'windows pipe' : 'unix socket')
   , type: (/^win/i.test(os.platform()) ? 'pipe' : 'socket')
   };
   if ('pipe' === _ipc.type) {
-    _ipc.path = '\\\\?\\pipe' + _ipc.path.replace(/\//, '\\');
+    // https://docs.microsoft.com/en-us/windows/desktop/ipc/pipe-names
+    // Allows all characters accept backslash as part of the name
+    _ipc.path = '\\\\.\\pipe\\' + _ipc.path.replace(/\\/g, '/');
   }
-  if (newApi) {
-    return _ipc;
-  }
-  return _ipc.path;
+  return _ipc;
 };
 common.DEFAULT_SOCK_PATH = path.join(homedir, '.local/share/telebit/var/run', 'telebit.sock');
 common.DEFAULT_CONFIG_PATH = path.join(homedir, '.config/telebit', 'telebitd.yml');
@@ -114,17 +158,17 @@ common.api.token = function (state, handlers) {
   common.api.directory(state, function (err, dir) {
     // directory, requested, connect, tunnelUrl, offer, granted, end
     function afterDir() {
-      //console.log('[debug] after dir');
+      if (common.debug) { console.log('[debug] after dir'); }
       state.wss = common.api._parseWss(state, dir);
 
       handlers.tunnelUrl(state.wss, function () {
-        //console.log('[debug] after tunnelUrl');
+        if (common.debug) { console.log('[debug] after tunnelUrl'); }
         if (state.config.secret /* && !state.config.token */) {
           state.config._token = common.signToken(state);
         }
         state.token = state.token || state.config.token || state.config._token;
         if (state.token) {
-          //console.log('[debug] token via token or secret');
+          if (common.debug) { console.log('[debug] token via token or secret'); }
           // { token, pretoken }
           handlers.connect(state.token, function () {
             handlers.end(null, function () {});
@@ -134,7 +178,7 @@ common.api.token = function (state, handlers) {
 
         // backwards compat (TODO remove)
         if (err || !dir || !dir.pair_request) {
-          //console.log('[debug] no dir, connect');
+          if (common.debug) { console.log('[debug] no dir, connect'); }
           handlers.error(new Error("No token found or generated, and no pair_request api found."));
           return;
         }
@@ -166,10 +210,11 @@ common.api.token = function (state, handlers) {
         var firstReady = true;
 
         function gotoNext(req) {
-          //console.log('[debug] gotoNext called');
+          if (common.debug) { console.log('[debug] gotoNext called'); }
+          if (common.debug) { console.log(req); }
           urequest(req, function (err, resp, body) {
             if (err) {
-              //console.log('[debug] gotoNext error');
+              if (common.debug) { console.log('[debug] gotoNext error'); }
               err._request = req;
               err._hint = '[telebitd.js] pair request';
               handlers.error(err, function () {});
@@ -177,18 +222,19 @@ common.api.token = function (state, handlers) {
             }
 
             function checkLocation() {
-              //console.log('[debug] checkLocation');
+              if (common.debug) { console.log('[debug] checkLocation'); }
+              if (common.debug) { console.log(body); }
               // pending, try again
               if ('pending' === body.status && resp.headers.location) {
-                //console.log('[debug] pending');
+                if (common.debug) { console.log('[debug] pending'); }
                 setTimeout(gotoNext, 2 * 1000, { url: resp.headers.location, json: true });
                 return;
               }
 
               if ('ready' === body.status) {
-                //console.log('[debug] ready');
+                if (common.debug) { console.log('[debug] ready'); }
                 if (firstReady) {
-                  //console.log('[debug] first ready');
+                  if (common.debug) { console.log('[debug] first ready'); }
                   firstReady = false;
                   state.token = body.access_token;
                   state.config.token = state.token;
@@ -201,21 +247,21 @@ common.api.token = function (state, handlers) {
               }
 
               if ('complete' === body.status) {
-                //console.log('[debug] complete');
+                if (common.debug) { console.log('[debug] complete'); }
                 handlers.granted(null, function () {
                   handlers.end(null, function () {});
                 });
                 return;
               }
 
-              //console.log('[debug] bad status');
+              if (common.debug) { console.log('[debug] bad status'); }
               var err = new Error("Bad State:" + body.status);
               err._request = req;
               handlers.error(err, function () {});
             }
 
             if (firstReq) {
-              //console.log('[debug] first req');
+              if (common.debug) { console.log('[debug] first req'); }
               handlers.requested(authReq, function () {
                 handlers.connect(body.access_token || body.jwt, function () {
                   var err;
@@ -231,7 +277,7 @@ common.api.token = function (state, handlers) {
               firstReq = false;
               return;
             } else {
-              //console.log('[debug] other req');
+              if (common.debug) { console.log('[debug] other req'); }
               checkLocation();
             }
           });

lib/en-us.toml

@@ -0,0 +1,493 @@
+[help]
+
+remote = "telebit remote v{version}
+
+Telebit Remote is the T-Rex long-arm of the Internet. UNSTOPPABLE!
+
+Using reliable HTTPS tunneling to establishing peer-to-peer connections,
+Telebit is empowering the next generation of tinkerers. Access your devices.
+Share your stuff. Be UNSTOPPABLE! (Join us at https://rootprojects.org)
+
+Usage:
+
+        telebit [flags] <command> [arguments]
+        ex: telebit http ~/Public
+
+The flags are:
+
+        --config <path> specify config file (default is ~/.config/telebit/telebit.yml)
+        --json        output json instead of text, if available
+        -h,--help     display this menu (or sub-command menus)
+
+The commands are:
+
+        status        show status and configuration info
+
+        http          access files, folders, and local apps via https (secure)
+        ssh           enable remote access to this device with ssh-over-https
+        ssh (client)  access devices via ssh-over-https (telebit, stunnel, openssl, etc)
+        tcp           forward tcp locally
+
+        enable        turn on remote access and sharing
+        disable       turn off remote access and sharing
+
+        activate      start and register the telebit service
+        disable       stop and unregister the telebit service
+
+        config (doc)  config file format and settings
+        client (doc)  vpn, ftp, rsync, scp, ssh-proxy, sclient
+
+Use \"telebit help [command]\" for more information about a command, including flags.
+
+Additional help topics:
+
+        daemon        telebit daemon secure background service
+        relay         telebit secure relay, hosted, and self-hosting options
+
+Copyright 2015-2018 AJ ONeal https://telebit.cloud MPL-2.0 Licensed (RAWR!)"
+
+client = "telebit client v{version}
+
+        ftp           secure ftp file transfer between devices
+        rsync         rsync over https and proxy commands
+        scp           scp over https and proxy commands
+        sclient       use the sclient emebbed within telebit
+        ssh-proxy     ssh over https and proxy commands
+        vpn (client)  home network access and private web browsing via socks5
+
+Use \"telebit help [command]\" for more information about a command, including flags.
+
+Copyright 2015-2018 AJ ONeal https://telebit.cloud MPL-2.0 Licensed (RAWR!)"
+
+status = "usage: telebit status
+
+'telebit status' shows details about the current connections (or lack thereof).
+
+Example:
+
+        Status: RAWR! (uptime: 45 minutes)
+
+        Forwarding ssh+https://jon.telebit.io => localhost:22
+        Forwarding https://client.jon.telebit.io => localhost:3000
+        Serving https://public.jon.telebit.io from ~/Public
+        Syncing ~/shared => home.jon.telebit.io:shared
+
+        Relay: https://telebit.cloud
+        Launcher: user
+
+Additional help topics: enable, disable"
+
+enable = "Enable Telebit - Re-enable and accept incoming connections
+
+usage: telebit enable
+
+        enable                Re-enable incoming connections for https, ssh, etc"
+
+disable = "Disable Telebit - Reject https, ssh, and tcp connections
+
+usage: telebit disable
+
+        disable               (Temporarily) reject incoming connections for https,
+                              ssh, etc without deleting the current configuration.
+
+                              Perists on restart, but can be re-enabled remotely
+                              (with your authorization only)."
+
+activate = "Activate Telebit - Start telebit (if not running) and register a launcher
+
+Usage:
+
+        telebit activate [flags]
+        ex: telebit activate --launcher none
+
+The flags may be exactly one of:
+
+        --no-launcher uregister any launchers (start manually)
+        --user-launcher (default) register an unprivileged launcher (start on login)
+        --system-launcher register with the system launcher (start on boot)
+
+Note: telebit relies on the system launcher to recover from certain error conditions"
+
+deactivate = "Deactivate Telebit - Unregister userspace (or system) launcher and stop
+
+Usage:
+
+        telebit deactivate [flags]
+        ex: telebit deactivate --keep alive
+
+The flags are:
+
+        --keep-launcher stop telebit without unregistering the launcher
+        --keep-alive unregister launcher without stopping"
+
+http = "Telebit HTTP - The UNSTOPPABLE way to share files, folders, and local apps.
+
+usage: telebit http <path/port/none> [subdomain]
+
+        http <DIR> [subdomain]          serve a file, folder, or node express app
+        ex: telebit http ~/Public pub   ex: securely host ~/Public as pub.johndoe.telebit.io
+
+        http <PORT> [subdomain]         forward all https traffic to a local app
+        ex: telebit http 3000 app       ex: publicize localhost:3000 as app.johndoe.telebit.io
+
+        http none [subdomain]           remove secure http access for (any or all) subdomain(s)
+        ex: telebit http none           ex: remove all https access
+
+Use cases:
+
+        - Lazy man's AirDrop (works for lazy women too!)
+        - Testing dev sites on a phone
+        - Sharing indie music and movies with friends"
+
+ssh = "Telebit SSH - The UNSTOPPABLE way to remote into your devices.
+
+usage: telebit ssh <auto|port|none>
+
+All https traffic will be inspected to see if it looks like ssh Once enabled all traffic that looks
+
+        ssh auto                        Make ssh Just Work™ (on port 22)
+
+        ssh <port>                      forward ssh traffic to non-standard port
+        ex: telebit ssh 22              ex: explicitly forward ssh-looking packets to localhost:22
+
+        ssh none                        Disables ssh tunneling
+
+Telebit SSH Client
+
+usage: telebit ssh <remote> [ssh flags and options]
+
+This is just a shortcut for \"ssh\", with all ssh-over-https options turned on.
+
+        ssh <remote>                    Make ssh Just Work™ (over https)
+        ex: telebit ssh jon.telebit.io  ex:
+
+\"telebit help ssh-proxy\" for more info
+
+Use cases:
+
+        - Access your home computer from work.
+        - Access your work computer from home.
+        - Good ol' fashioned screen/tmux style pair programming"
+
+ssh-proxy = "Proxying SSH over HTTPS
+
+Wrapping SSH in HTTPS makes it accessible anywhere and also makes it routable.
+Whether inside a harsh network environment or even if hindered by a poorly
+configured firewall, once wrapped in tls, ssh becomes UNSTOPPABLE.
+
+Usage:
+        telebit ssh <remote> [ssh flags and options]
+
+Example:
+
+        telebit ssh jon.telebit.io
+
+It is NOT at all neccessary to use \"telebit ssh\", it's just a convenience.
+Wanna know why, and the alternatives? Keep reading!
+
+## History
+
+When TLS sends an encrypted packet over the network it begins with a handshake
+which shows the things like the tls version and the host SERVERNAME unencrypted
+so that the remote server can respond with the correct certificate.
+
+SSH was created well before TLS and has a completely different header. The good
+news is that, unlike some other early internet protocols, it does have a header
+with its name and version, but it doesn't have anything to identify the server.
+
+##  Telebit + SSH
+
+Here's why:
+
+When you're running ssh through an https tunnel (as telebit does) you
+can't just use \"ssh me.example.com\" to get in. You have to tell ssh that you
+want to use an https tunnel. Using \"telebit ssh\" as a client will specify
+all of the correct ssh options.
+
+However, when you want to connect to ssh over https, you either have to pass
+the correct arguments or modify your ~/.ssh/config to use \"openssl s_client\".
+
+We explain the different configurations below:
+
+## SSH + openssl
+
+The configuration that's most likely to work with what's already installed on
+your machine is this:
+
+        Host jon.telebit.io
+          ProxyCommand openssl s_client -quiet -connect %h:443 -servername %h
+
+Or you would call ssh directly, like this:
+
+        ssh jon.telebit.io -o ProxyCommand=\"openssl s_client -quiet -connect %h:443 -servername %h\"
+
+It's rather simple, but it looks quite daunting.
+
+## SSH + sclient
+
+Because that looks a little hairy, we created \"sclient\", so that the example
+could look a bit more digestible:
+
+        Host jon.telebit.io
+          ProxyCommand sclient %h
+
+Or
+
+        ssh jon.telebit.io -o ProxyCommand=\"sclient %h\"
+
+## Inverse SSH Tunnel (same as stunnel)
+
+The commands above instruct ssh to open a pipe into openssl or sclient. If we
+instead want to connect ssh to a local tunnel, it looks like this:
+
+        Host jon.telebit.io
+          Hostname localhost
+          Port 3000
+          HostKeyAlias jon.telebit.io
+          CheckHostIP no
+          RequestTTY force
+
+Or
+
+        ssh localhost -p 3000 -t -o CheckHostIP=no -o HostKeyAlias=jon.telebit.io
+
+## See also
+
+    telebit ftp
+    telebit vpn"
+
+tcp = "Telebit TCP - Seemless connectivity to LEGACY apps.
+Use 'telebit http' instead, where possible (including for ssh).
+
+usage: telebit tcp <path/port/none>
+
+        tcp <local> [remote]          forward tcp to <local> from <remote>
+        ex: telebit tcp 5050 6565     ex: forward tcp port 6565 locally to port 5050
+
+        tcp <path> [remote]           show ftp-style directory listing
+        ex: telebit tcp ~/Public      ex: show listing of ~/Public
+
+        tcp none [remote]             disable tcp access for [remote] port
+        ex: telebit tcp none 6565     ex: remove access to port 6565
+
+Use cases:
+
+        - Debugging plain TCP when troubleshooting a legacy app
+        - You can't install a secure client (like telebit, sclient, openssl, or stunnel)
+
+See also sclient <https://telebit.cloud/sclient> for connecting to legacy apps
+with telebit-upscaled secure https access."
+
+scp = "Telebit (Client) scp
+
+See \"telebit rsync\"."
+
+rsync = "Telebit (Client) rsync - Sync files to or from another computer
+
+Sync files and directories from one computer to another.
+
+Usage:
+
+        telebit rsync [flags] <src> <dst> [arguments]
+        ex: telebit rsync -av home.jon.telebit.cloud:shared/ ~/shared/ --exclude=tmp
+
+This is not a full implementation of rsync, but rather a convenience wrapper
+around rsync which passes the correct options to ssh for https tunneling.
+
+Due to the way telebit wraps rsync, all flags which take an argumnt must
+go after the source and destination paths / addresses.
+
+See also: telebit help ssh-proxy"
+
+vpn = "Telebit (Client) vpn - Use with Firefox for UNSTOPPABLE web browsing
+
+This provides a very easy-to-use, lightweight VPN known as Socks5 that can be
+used directly by Firefox and Chrome without requiring administrator privileges.
+
+Usage:
+
+        telebit vpn --socks5 <port> <remote>
+        ex: telebit vpn --socks5 6789 home.jon.telebit.io
+
+The flags are:
+
+        --socks5 <port> You MUST specify the socks5 port
+
+Firefox Configuration:
+
+        Firefox -> Preferences
+        Advanced -> Network
+        Connection -> Settings
+
+        Manual proxy configuration:
+
+        SOCKS Host: localhost
+        Port: 6789
+        SOCKS v5
+
+Just like a full vpn client, it routes your IP traffic places through the VPN
+server (which in this case is another one of your telebit devices), but only
+for traffic in the configured browser. You can still access school and office
+resources in the other browser (and other applications) the need to switch a
+full VPN on and off.
+
+As will all other telebit functionality, this use https tunneling and will not
+be disrupted by unfavorable network conditions.
+
+Use cases:
+
+        - Watch your US Netflix using your home IP while traveling abroad.
+        - Log into your router as if from inside your home network.
+        - Disregard poorly configured web proxies at school or work.
+
+See also: telebit help ssh-proxy"
+
+ftp = "Telebit (Client) Secure FTP
+
+Alias of \"telebit rsync\"
+
+The original FTP was superseded by sftp and then rsync a few decades ago,
+however, sometimes we refer to its successors, generically, as \"FTP\"
+(just like you might say \"hang up\" the phone).
+
+## History
+
+FTP is a legacy of the 1970s. It served its purpose well on local networks, but
+was extremely dangerous on the Internet due to its lack of security and various
+vulnerabilities. On some legacy systems it remains an easy target to steal
+passwords and load viruses onto computers.
+
+Although very few systems have ftp installed today (thank goodness), almost every
+computer comes with rsync already installed and ready to go.
+
+Use \"telebit rsync\" instead."
+
+daemon = "telebit daemon v{version}
+
+Usage:
+
+        telebit daemon --config <path>
+        ex: telebit daemon --config ~/.config/telebit/telebitd.yml
+
+Additional help topics:
+
+        config    config file format and settings
+        remote    telebit cli remote control
+
+Copyright 2015-2018 https://telebit.cloud MPL-2.0 Licensed"
+
+config = "Telebit Config (docs)
+
+There are TWO config files:
+
+        remote    ~/.config/telebit/telebit.yml
+
+        daemon    ~/.config/telebit/telebitd.yml
+
+### Remote Config
+
+This only specifies the ipc - socket path (dir), address, or pipe name.
+All other options are handled by the daemon.
+
+    ipc: /Users/aj/.local/share/telebit/var/run/
+
+### Daemon Config
+
+    relay: telebit.cloud            the relay to use
+    secret: null                    HMAC secret for self-hosted relay
+    email: jon@example.com          the email to authenticate
+    agree_tos: true                 agree to Telebit, Greenlock, & Let's Encrypt, ToS
+    community_member: true          get rare but relevant community updates
+    telemetry: true                 contribute to project telemetry
+    servernames:
+      example.com:                  don't reject https traffic for example.com
+        wildcard: true              allow assignment to subdomains
+        handler: ~/Public           whether to use a static server by path or app by port
+      home.example.com:
+        wildcard: true
+        handler: 3000
+    ssh_auto: 22                    forward ssh-ish traffic to port 22
+
+See also: telebit help relay"
+
+sclient = "sclient
+
+Usage:
+
+        sclient [flags] <remote> [local]
+        ex: sclient whatever.com:443 localhost:3000
+        ex: sclient whatever.com -
+        ex: printf \"GET / HTTP/1.1\\n\\n\" | sclient whatever.com
+
+sclient is a standalane tls unwrapper. For convenience it's bundled with telebit
+as the passthru subcommand \"telebit sclient\" and functions exactly the name.
+
+        telebit sclient [flags] <remote> [local]
+        ex: printf \"GET / HTTP/1.1\\n\\n\" | telebit sclient whatever.com
+
+See https://telebit.cloud/sclient/"
+
+relay = "Telebit Relay
+
+We envision a future with better routers capable of providing reliable Internet
+connectivity, and trusted peers bridging the gaps between unfavorable network
+conditions.
+
+We plan to always run telebit.cloud as a relay-as-a-service for convenience,
+but it is our hope that, if your network conditions permit, you will also run
+your own telebit relay for your friends, family, and yourself.
+
+See https://git.coolaj86.com/coolaj86/telebit-relay.js"
+
+in-n-out = "Telebit Secret Menu
+
+The secret flags are:
+
+        --profile <name>            Use config files, sockets, and pipes with this name.
+                                    For debugging and development. (default: telbit, telebitd)
+        --set-profile <name>        Switch from the default profile
+        --address <path|host:port>  Use explicit socket path (or address) or pipe name
+                                    Overrides \"--profile\""
+
+[remote]
+version = "telebit remote v{version}"
+
+code = "
+==============================================
+                 Hey, Listen!
+==============================================
+
+  GO CHECK YOUR EMAIL!
+
+  DEVICE PAIR CODE:     0000
+
+==============================================
+"
+
+waiting = "waiting for you to check your email..."
+
+success = "Success"
+
+next_steps = "Some fun things to try first:
+
+    ~/telebit http ~/Public
+    ~/telebit tcp 5050
+    ~/telebit ssh auto
+
+Press any key to continue...
+"
+
+[remote.setup]
+
+email = "Welcome!
+
+By using Telebit you agree to:
+
+      [x] Accept the Telebit™ terms of service
+      [x] Accept the Let's Encrypt™ terms of service
+
+Enter your email to agree and login/create your account:
+"
+
+[daemon]
+version = "telebit daemon v{version}"

lib/handlers/local-app-error.js

@@ -0,0 +1,19 @@
+'use strict';
+
+module.exports = function (opts) {
+  console.log("Could not connect");
+  var socket = opts.socket;
+  var handler = opts.handler;
+  var http = require('http');
+  var server = http.createServer(function (req, res) {
+    console.log('responding to thing');
+    res.statusCode = 500;
+    res.setHeader('Content-Type', 'text/html');
+    res.end("<html>"
+      + "<head><title>Couldn't Connect</title></head>"
+      + "<body>Could not connect to localhost:" + handler + "</body>"
+    + "</html>");
+  });
+  //server.emit('connection', socket);
+  socket.end("Could not connect to localhost:" + handler);
+};

lib/html/css/main.css

@@ -0,0 +1,31 @@
+
+
+
+body {
+    font-family: Source Sans Pro, sans-serif;
+    font-size: 18px;
+    color: #1a1a1a;
+    letter-spacing: -0.022222222em;
+    line-height: 1.33;
+    margin: 0;
+    text-align: center;
+    padding: 2em 0 2em 0;
+}
+
+code {}
+
+code, pre {
+    font-family: Source Code Pro, monospace;
+}
+
+.code-block {
+    text-align: left;
+    display: inline-block;
+}
+
+span.logo {
+    font-size: 1.666em;
+    font-weight: bold;
+}
+
+p {margin-bottom: 0.5em;margin-top: 1.5em;}

lib/html/index.html

@@ -3,40 +3,93 @@
   <head>
     <title>Telebit</title>
     <meta charset="utf-8">
+    <link href="./css/main.css" rel="stylesheet">
+    <style>
+      @font-face {
+        font-family: 'Source Sans Pro';
+        font-style: normal;
+        font-display: block;
+        font-weight: 400;
+        src: local('Source Sans Pro Regular'), local('SourceSansPro-Regular'), url(./fonts/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2) format('woff2');
+        unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
+      }
+      @font-face {
+        font-family: 'Source Sans Pro';
+        font-style: normal;
+        font-weight: 700;
+        font-display: block;
+        src: local('Source Sans Pro Bold'), local('SourceSansPro-Bold'), url(./fonts/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2) format('woff2');
+        unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
+      }
+      @font-face {
+        font-family: 'Source Code Pro';
+        font-style: normal;
+        font-weight: 400;
+        src: local('Source Code Pro'), local('SourceCodePro-Regular'), url(./fonts/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2) format('woff2');
+        unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
+      }
+    </style>
+    <link rel="preload" href="./fonts/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2" as="font" crossorigin="anonymous">
+    <link rel="preload" href="./fonts/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2" as="font" crossorigin="anonymous">
+    <link rel="preload" href="./fonts/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2" as="font" crossorigin="anonymous">
+
   </head>
   <body>
     <script>document.body.hidden = true;</script>
-
+  <!-- let's define our SVG that we will use later -->
+    <svg width="0" height="0" viewBox="0 0 24 24">
+      <defs>
+        <g id="svg-lock">
+          <path d="M0 0h24v24H0z" fill="none"/>
+          <path d="M18 8h-1V6c0-2.76-2.24-5-5-5S7 3.24 7 6v2H6c-1.1 0-2 .9-2 2v10c0 1.1.9 2 2 2h12c1.1 0 2-.9 2-2V10c0-1.1-.9-2-2-2zm-6 9c-1.1 0-2-.9-2-2s.9-2 2-2 2 .9 2 2-.9 2-2 2zm3.1-9H8.9V6c0-1.71 1.39-3.1 3.1-3.1 1.71 0 3.1 1.39 3.1 3.1v2z"/>
+        </g>
+      </defs>
+    </svg>
+    <span class="logo">Telebit</span>
     <h1>Welcome Home <!-- as in 127.0.0.1, y'know ;) --></h1>
-    <p>Go ahead and bookmark this page. It's yours now.</p>
+    <div>Go ahead and bookmark this page. It's yours now.</div>
 
     <div>
       <h2>You've claimed <span class="js-servername">{{servername}}</span></h2>
-      <p>Here's some ways you can use it:</p>
-      <pre><code>
-telebit http 3000                # forward all https traffic to localhost:3000
-telebit http /path/to/module     # handle incoming https traffic with a node module
-telebit http none                # remove all https handlers</code></pre>
+      <p>Here are some ways you can use Telebit via Terminal or other Command Line Interface:</p>
+      <div class="code-block">
+	      <br />
+        <pre><code>~/telebit ssh auto            # allows you to connect to your computer with <br />                                ssh-over-https from a different computer</span></code></pre>
+        <pre><code>~/telebit http ~/Public            # serve a public folder
+~/telebit http 3000                # forward all https traffic to localhost:3000
+~/telebit http none                # remove all https handlers</code></pre>
+      </div>
     </div>
-    <p>You can <em>always</em> use this port for <strong>SSH over HTTPS</strong>, even while you're using it for something else:</p>
-    <pre><code>
-ssh -o ProxyCommand='openssl s_client -connect %h:443 -servername %h -quiet' <span class="js-servername">{{servername}}</span></code></pre>
-
-
-    <div class="js-port" hidden>
+    <p>And remember you can <em>always</em> tunnel <strong>SSH over HTTPS</strong>,
+      even while you're using it for something else:</p>
+  <p>&nbsp;</p>
+  
+    <details>
+    <p><summary><strong>Here are some examples for those of you that want to access files and folders remotely.  </strong></summary></p>
+    <p><strong>This function allows you to connect one computer to another computer you also have SSH on.</strong></p>
+      <div class="code-block"><pre><code>~/telebit ssh <span class="js-servername">{{servername}}</span></code></pre>
+      	<br>
+    		- or -
+    		<pre><code>ssh -o ProxyCommand='<a href="https://telebit.cloud/sclient">sclient</a> %h' <span class="js-servername">{{servername}}</span></code></pre>
+    		- or -
+    		<pre><code>proxy_cmd='openssl s_client -connect %h:443 -servername %h -quiet'
+ssh -o ProxyCommand="$proxy_cmd" <span class="js-servername">{{servername}}</span></code></pre>
+			</div>
+    <pre><code>ssh -o ProxyCommand='openssl s_client -connect %h:443 -servername %h -quiet' <span class="js-servername">{{servername}}</span></code></pre>
+    </details>
+    <!--div class="js-port" hidden>
       <h2>You've claimed port <span class="js-serviceport">{{serviceport}}</span></h2>
       <p>Here's some ways you can use it:</p>
-      <pre><code>
-telebit tcp 3000                 # forward all tcp traffic to localhost:3000
+      <div class="code-block"><pre><code>telebit tcp 3000                 # forward all tcp traffic to localhost:3000
 telebit tcp /path/to/module      # handle incoming tcp traffic with a node module
 telebit tcp none                 # remove all tcp handlers</code></pre>
-    </div>
-    <p>You can <em>always</em> use this port for <strong>SSH</strong>, even while you're using it for something else:</p>
-    <pre><code>telebit ssh 22
-
-ssh <span class="js-servername">{{servername}}</span> -p <span class="js-serviceport">{{serviceport}}</span></code></pre>
+      </div>
+      <p>You can <em>always</em> use this port for <strong>SSH</strong>, even while you're using it for something else:</p>
+      <div class="code-block"><pre><code>telebit ssh 22
 
+ssh <span class="js-servername">{{servername}}</span> -p <span class="js-serviceport">{{serviceport}}</span></code></pre></div>
+    </div -->
 
     <script src="js/app.js"></script>
   </body>
-</html>
+</html>

lib/html/js/app.js

@@ -3,7 +3,7 @@
 
 document.body.hidden = false;
 
-var hash = window.location.hash.substr(1);
+var hash = window.location.hash.replace(/^[\/#?]+/, '');
 var query = window.location.search;
 
 function parseQuery(search) {

lib/remote.js

@@ -11,6 +11,7 @@ var WebSocket = require('ws');
 var sni = require('sni');
 var Packer = require('proxy-packer');
 var os = require('os');
+var EventEmitter = require('events').EventEmitter;
 
 function timeoutPromise(duration) {
   return new PromiseA(function (resolve) {
@@ -18,15 +19,24 @@ function timeoutPromise(duration) {
   });
 }
 
-function _connect(state) {
+function TelebitRemote(state) {
   // jshint latedef:false
-  var defaultHttpTimeout = (2 * 60);
-  var activityTimeout = state.activityTimeout || (defaultHttpTimeout - 5) * 1000;
+
+  if (!(this instanceof TelebitRemote)) {
+    return new TelebitRemote(state);
+  }
+  EventEmitter.call(this);
+  var me = this;
+  var priv = {};
+
+  //var defaultHttpTimeout = (2 * 60);
+  //var activityTimeout = state.activityTimeout || (defaultHttpTimeout - 5) * 1000;
+  var activityTimeout = 6 * 1000;
   var pongTimeout = state.pongTimeout || 10*1000;
   // Allow the tunnel client to be created with no token. This will prevent the connection from
   // being established initialy and allows the caller to use `.append` for the first token so
   // they can get a promise that will provide feedback about invalid tokens.
-  var tokens = [];
+  priv.tokens = [];
   var auth;
   if(!state.sortingHat) {
     state.sortingHat = "./sorting-hat.js";
@@ -35,7 +45,7 @@ function _connect(state) {
     if ('undefined' === state.token) {
       throw new Error("passed string 'undefined' as token");
     }
-    tokens.push(state.token);
+    priv.tokens.push(state.token);
   }
 
   var wstunneler;
@@ -43,19 +53,24 @@ function _connect(state) {
   var authsent = false;
   var initialConnect = true;
 
-  var localclients = {};
+  priv.localclients = {};
   var pausedClients = [];
   var clientHandlers = {
     add: function (conn, cid, tun) {
-      localclients[cid] = conn;
-      console.info("[connect] new client '" + cid + "' for '" + tun.name + ":" + tun.serviceport + "' "
+      priv.localclients[cid] = conn;
+      console.info("[connect] new client '" + tun.name + ":" + tun.serviceport + "' for  '" + cid + "'"
         + "(" + clientHandlers.count() + " clients)");
 
       conn.tunnelCid = cid;
-      conn.tunnelRead = tun.data.byteLength;
-      conn.tunnelWritten    = 0;
+      if (tun.data) {
+        conn.tunnelRead = tun.data.byteLength;
+      } else {
+        conn.tunnelRead = 0;
+      }
+      conn.tunnelWritten = 0;
 
       conn.on('data', function onLocalData(chunk) {
+        //var chunk = conn.read();
         if (conn.tunnelClosing) {
           console.warn("[onLocalData] received data for '"+cid+"' over socket after connection was ended");
           return;
@@ -67,8 +82,10 @@ function _connect(state) {
         // down the data we are getting to send over. We also want to pause all active connections
         // if any connections are paused to make things more fair so one connection doesn't get
         // stuff waiting for all other connections to finish because it tried writing near the border.
-        var bufSize = wsHandlers.sendMessage(Packer.pack(tun, chunk));
-        if (pausedClients.length || bufSize > 1024*1024) {
+        var bufSize = sendMessage(Packer.packHeader(tun, chunk));
+        // Sending 2 messages instead of copying the buffer
+        var bufSize2 = sendMessage(chunk);
+        if (pausedClients.length || (bufSize + bufSize2) > 1024*1024) {
           // console.log('[onLocalData] paused connection', cid, 'to allow websocket to catch up');
           conn.pause();
           pausedClients.push(conn);
@@ -77,32 +94,33 @@ function _connect(state) {
 
       var sentEnd = false;
       conn.on('end', function onLocalEnd() {
-        console.info("[onLocalEnd] connection '" + cid + "' ended, will probably close soon");
+        //console.info("[onLocalEnd] connection '" + cid + "' ended, will probably close soon");
         conn.tunnelClosing = true;
         if (!sentEnd) {
-          wsHandlers.sendMessage(Packer.pack(tun, null, 'end'));
+          sendMessage(Packer.packHeader(tun, null, 'end'));
           sentEnd = true;
         }
       });
       conn.on('error', function onLocalError(err) {
         console.info("[onLocalError] connection '" + cid + "' errored:", err);
         if (!sentEnd) {
-          wsHandlers.sendMessage(Packer.pack(tun, {message: err.message, code: err.code}, 'error'));
+          var packBody = true;
+          sendMessage(Packer.packHeader(tun, {message: err.message, code: err.code}, 'error', packBody));
           sentEnd = true;
         }
       });
       conn.on('close', function onLocalClose(hadErr) {
-        delete localclients[cid];
+        delete priv.localclients[cid];
         console.log('[onLocalClose] closed "' + cid + '" read:'+conn.tunnelRead+', wrote:'+conn.tunnelWritten+' (' + clientHandlers.count() + ' clients)');
         if (!sentEnd) {
-          wsHandlers.sendMessage(Packer.pack(tun, null, hadErr && 'error' || 'end'));
+          sendMessage(Packer.packHeader(tun, null, hadErr && 'error' || 'end'));
           sentEnd = true;
         }
       });
     }
 
   , write: function (cid, opts) {
-      var conn = localclients[cid];
+      var conn = priv.localclients[cid];
       if (!conn) {
         return false;
       }
@@ -119,11 +137,13 @@ function _connect(state) {
       conn.tunnelRead += opts.data.byteLength;
 
       if (!conn.remotePaused && conn.bufferSize > 1024*1024) {
-        wsHandlers.sendMessage(Packer.pack(opts, conn.tunnelRead, 'pause'));
+        var packBody = true;
+        sendMessage(Packer.packHeader(opts, conn.tunnelRead, 'pause', packBody));
         conn.remotePaused = true;
 
         conn.once('drain', function () {
-          wsHandlers.sendMessage(Packer.pack(opts, conn.tunnelRead, 'resume'));
+          var packBody = true;
+          sendMessage(Packer.packHeader(opts, conn.tunnelRead, 'resume', packBody));
           conn.remotePaused = false;
         });
       }
@@ -131,13 +151,13 @@ function _connect(state) {
     }
 
   , closeSingle: function (cid) {
-      if (!localclients[cid]) {
+      if (!priv.localclients[cid]) {
         return;
       }
 
-      console.log('[closeSingle]', cid);
+      //console.log('[closeSingle]', cid);
       PromiseA.resolve().then(function () {
-        var conn = localclients[cid];
+        var conn = priv.localclients[cid];
         conn.tunnelClosing = true;
         conn.end();
 
@@ -155,40 +175,49 @@ function _connect(state) {
           });
         });
       }).then(function () {
-        if (localclients[cid]) {
+        if (priv.localclients[cid]) {
           console.warn('[closeSingle]', cid, 'connection still present after calling `end`');
-          localclients[cid].destroy();
+          priv.localclients[cid].destroy();
           return timeoutPromise(500);
         }
       }).then(function () {
-        if (localclients[cid]) {
+        if (priv.localclients[cid]) {
           console.error('[closeSingle]', cid, 'connection still present after calling `destroy`');
-          delete localclients[cid];
+          delete priv.localclients[cid];
         }
       }).catch(function (err) {
         console.error('[closeSingle] failed to close connection', cid, err.toString());
-        delete localclients[cid];
+        delete priv.localclients[cid];
       });
     }
   , closeAll: function () {
       console.log('[closeAll]');
-      Object.keys(localclients).forEach(function (cid) {
+      Object.keys(priv.localclients).forEach(function (cid) {
         clientHandlers.closeSingle(cid);
       });
     }
 
   , count: function () {
-      return Object.keys(localclients).length;
+      return Object.keys(priv.localclients).length;
     }
   };
 
   var pendingCommands = {};
+  function sendMessage(msg) {
+    // There is a chance that this occurred after the websocket was told to close
+    // and before it finished, in which case we don't need to log the error.
+    if (wstunneler.readyState !== wstunneler.CLOSING) {
+        wstunneler.send(msg, {binary: true});
+        return wstunneler.bufferedAmount;
+    }
+  }
   function sendCommand(name) {
     var id = Math.ceil(1e9 * Math.random());
     var cmd = [id, name].concat(Array.prototype.slice.call(arguments, 1));
     if (state.debug) { console.log('[DEBUG] command sending', cmd); }
 
-    wsHandlers.sendMessage(Packer.pack(null, cmd, 'control'));
+    var packBody = true;
+    sendMessage(Packer.packHeader(null, cmd, 'control', packBody));
     setTimeout(function () {
       if (pendingCommands[id]) {
         console.warn('command', name, id, 'timed out');
@@ -211,24 +240,6 @@ function _connect(state) {
     });
   }
 
-  function sendAllTokens() {
-    if (auth) {
-      authsent = true;
-      sendCommand('auth', auth).catch(function (err) { console.error('1', err); });
-    }
-    tokens.forEach(function (jwtoken) {
-      if (state.debug) { console.log('[DEBUG] send token'); }
-      authsent = true;
-      sendCommand('add_token', jwtoken)
-        .catch(function (err) {
-          console.error('failed re-adding token', jwtoken, 'after reconnect', err);
-          // Not sure if we should do something like remove the token here. It worked
-          // once or it shouldn't have stayed in the list, so it's less certain why
-          // it would have failed here.
-        });
-    });
-  }
-
   function noHandler(cmd) {
     console.warn("[telebit] state.handlers['" + cmd[1] + "'] not set");
     console.warn(cmd[2]);
@@ -236,6 +247,23 @@ function _connect(state) {
 
   var connCallback;
 
+  function hyperPeek(tun) {
+    var m;
+    var str;
+    if (tun.data) {
+      if ('http' === tun.service) {
+        str = tun.data.toString();
+        m = str.match(/(?:^|[\r\n])Host: ([^\r\n]+)[\r\n]*/im);
+        tun._name = tun._hostname = (m && m[1].toLowerCase() || '').split(':')[0];
+      }
+      else if ('https' === tun.service || 'tls' === tun.service) {
+        tun._name = tun._servername = sni(tun.data);
+      } else {
+        tun._name = '';
+      }
+    }
+  }
+
   var packerHandlers = {
     oncontrol: function (opts) {
       var cmd, err;
@@ -267,7 +295,21 @@ function _connect(state) {
 
       if (cmd[1] === 'hello') {
         if (state.debug) { console.log('[DEBUG] hello received'); }
-        sendAllTokens();
+        if (auth) {
+          authsent = true;
+          sendCommand('auth', auth).catch(function (err) { console.error('1', err); });
+        }
+        priv.tokens.forEach(function (jwtoken) {
+          if (state.debug) { console.log('[DEBUG] send token'); }
+          authsent = true;
+          sendCommand('add_token', jwtoken)
+            .catch(function (err) {
+              console.error('failed re-adding token', jwtoken, 'after reconnect', err);
+              // Not sure if we should do something like remove the token here. It worked
+              // once or it shouldn't have stayed in the list, so it's less certain why
+              // it would have failed here.
+            });
+        });
         if (connCallback) {
           connCallback();
         }
@@ -294,28 +336,19 @@ function _connect(state) {
         err = { message: 'unknown command "'+cmd[1]+'"', code: 'E_UNKNOWN_COMMAND' };
       }
 
-      wsHandlers.sendMessage(Packer.pack(null, [-cmd[0], err], 'control'));
+      var packBody = true;
+      sendMessage(Packer.packHeader(null, [-cmd[0], err], 'control', packBody));
     }
 
-  , onmessage: function (tun) {
+  , onconnection: function (tun) {
       var cid = tun._id = Packer.addrToId(tun);
-      var str;
-      var m;
 
-      if ('http' === tun.service) {
-        str = tun.data.toString();
-        m = str.match(/(?:^|[\r\n])Host: ([^\r\n]+)[\r\n]*/im);
-        tun._name = tun._hostname = (m && m[1].toLowerCase() || '').split(':')[0];
-      }
-      else if ('https' === tun.service || 'tls' === tun.service) {
-        tun._name = tun._servername = sni(tun.data);
-      } else {
-        tun._name = '';
-      }
+      // this data should have been gathered already as part of the proxy protocol
+      // but if it's available again here we can double check
+      hyperPeek(tun);
 
-      if (clientHandlers.write(cid, tun)) { return; }
-
-      wstunneler.pause();
+      // TODO use readable streams instead
+      wstunneler._socket.pause();
       require(state.sortingHat).assign(state, tun, function (err, conn) {
         if (err) {
           err.message = err.message.replace(/:tun_id/, tun._id);
@@ -324,32 +357,46 @@ function _connect(state) {
         }
         clientHandlers.add(conn, cid, tun);
         if (tun.data) { conn.write(tun.data); }
-        wstunneler.resume();
+        wstunneler._socket.resume();
       });
     }
 
+  , onmessage: function (tun) {
+      var cid = tun._id = Packer.addrToId(tun);
+      var handled;
+
+      hyperPeek(tun);
+
+      handled = clientHandlers.write(cid, tun);
+
+      // quasi backwards compat
+      if (!handled) { console.log("[debug] did not get 'connection' event"); packerHandlers.onconnection(tun); }
+    }
+
   , onpause: function (opts) {
       var cid = Packer.addrToId(opts);
-      if (localclients[cid]) {
-        console.log("[TunnelPause] pausing '"+cid+"', remote received", opts.data.toString(), 'of', localclients[cid].tunnelWritten, 'sent');
-        localclients[cid].manualPause = true;
-        localclients[cid].pause();
+      if (priv.localclients[cid]) {
+        console.log("[TunnelPause] pausing '"+cid+"', remote received", opts.data.toString(), 'of', priv.localclients[cid].tunnelWritten, 'sent');
+        priv.localclients[cid].manualPause = true;
+        priv.localclients[cid].pause();
       } else {
         console.log('[TunnelPause] remote tried pausing finished connection', cid);
         // Often we have enough latency that we've finished sending before we're told to pause, so
         // don't worry about sending back errors, since we won't be sending data over anyway.
-        // wsHandlers.sendMessage(Packer.pack(opts, {message: 'no matching connection', code: 'E_NO_CONN'}, 'error'));
+        // var packBody = true;
+        // sendMessage(Packer.packHeader(opts, {message: 'no matching connection', code: 'E_NO_CONN'}, 'error', packBody));
       }
     }
   , onresume: function (opts) {
       var cid = Packer.addrToId(opts);
-      if (localclients[cid]) {
-        console.log("[TunnelResume] resuming '"+cid+"', remote received", opts.data.toString(), 'of', localclients[cid].tunnelWritten, 'sent');
-        localclients[cid].manualPause = false;
-        localclients[cid].resume();
+      if (priv.localclients[cid]) {
+        console.log("[TunnelResume] resuming '"+cid+"', remote received", opts.data.toString(), 'of', priv.localclients[cid].tunnelWritten, 'sent');
+        priv.localclients[cid].manualPause = false;
+        priv.localclients[cid].resume();
       } else {
         console.log('[TunnelResume] remote tried resuming finished connection', cid);
-        // wsHandlers.sendMessage(Packer.pack(opts, {message: 'no matching connection', code: 'E_NO_CONN'}, 'error'));
+        // var packBody = true;
+        // sendMessage(Packer.packHeader(opts, {message: 'no matching connection', code: 'E_NO_CONN'}, 'error', packBody));
       }
     }
 
@@ -366,56 +413,74 @@ function _connect(state) {
 
   , _onConnectError: function (cid, opts, err) {
       console.info("[_onConnectError] opening '" + cid + "' failed because " + err.message);
-      wsHandlers.sendMessage(Packer.pack(opts, null, 'error'));
+      sendMessage(Packer.packHeader(opts, null, 'error'));
     }
   };
 
-  var lastActivity;
-  var timeoutId;
-  var wsHandlers = {
-    refreshTimeout: function () {
-      lastActivity = Date.now();
+  priv.timeoutId = null;
+  priv.lastActivity = Date.now();
+  priv.refreshTimeout = function refreshTimeout() {
+    priv.lastActivity = Date.now();
+  };
+  priv.checkTimeout = function checkTimeout() {
+    if (!wstunneler) {
+      console.warn('checkTimeout called when websocket already closed');
+      return;
     }
-  , checkTimeout: function () {
-      if (!wstunneler) {
-        console.warn('checkTimeout called when websocket already closed');
-        return;
-      }
-      // Determine how long the connection has been "silent", ie no activity.
-      var silent = Date.now() - lastActivity;
+    // Determine how long the connection has been "silent", ie no activity.
+    var silent = Date.now() - priv.lastActivity;
 
-      // If we have had activity within the last activityTimeout then all we need to do is
-      // call this function again at the soonest time when the connection could be timed out.
-      if (silent < activityTimeout) {
-        timeoutId = setTimeout(wsHandlers.checkTimeout, activityTimeout-silent);
-      }
-
-      // Otherwise we check to see if the pong has also timed out, and if not we send a ping
-      // and call this function again when the pong will have timed out.
-      else if (silent < activityTimeout + pongTimeout) {
-        console.log('pinging tunnel server');
-        try {
-          wstunneler.ping();
-        } catch (err) {
-          console.warn('failed to ping tunnel server', err);
-        }
-        timeoutId = setTimeout(wsHandlers.checkTimeout, pongTimeout);
-      }
-
-      // Last case means the ping we sent before didn't get a response soon enough, so we
-      // need to close the websocket connection.
-      else {
-        console.log('connection timed out');
-        wstunneler.close(1000, 'connection timeout');
-      }
+    // If we have had activity within the last activityTimeout then all we need to do is
+    // call this function again at the soonest time when the connection could be timed out.
+    if (silent < activityTimeout) {
+      priv.timeoutId = setTimeout(priv.checkTimeout, activityTimeout-silent);
     }
 
-  , onOpen: function () {
-      console.info("[open] connected to '" + (state.wss || state.relay) + "'");
-      wsHandlers.refreshTimeout();
+    // Otherwise we check to see if the pong has also timed out, and if not we send a ping
+    // and call this function again when the pong will have timed out.
+    else if (silent < activityTimeout + pongTimeout) {
+      //console.log('DEBUG: pinging tunnel server');
+      try {
+        wstunneler.ping();
+      } catch (err) {
+        console.warn('failed to ping tunnel server', err);
+      }
+      priv.timeoutId = setTimeout(priv.checkTimeout, pongTimeout);
+    }
 
-      timeoutId = setTimeout(wsHandlers.checkTimeout, activityTimeout);
+    // Last case means the ping we sent before didn't get a response soon enough, so we
+    // need to close the websocket connection.
+    else {
+      console.info('[info] closing due to connection timeout');
+      wstunneler.close(1000, 'connection timeout');
+    }
+  };
 
+  me.destroy = function destroy() {
+    console.info('[info] destroy()');
+    try {
+      //wstunneler.close(1000, 're-connect');
+      wstunneler._socket.destroy();
+    } catch(e) {
+      // ignore
+    }
+  };
+  me.connect = function connect() {
+    if (!priv.tokens.length && state.config.email) {
+      auth = TelebitRemote._tokenFromState(state);
+    }
+    priv.timeoutId = null;
+    var machine = Packer.create(packerHandlers);
+
+    console.info("[telebit:lib/remote.js] [connect] '" + (state.wss || state.relay) + "'");
+    var tunnelUrl = (state.wss || state.relay).replace(/\/$/, '') + '/'; // + auth;
+    wstunneler = new WebSocket(tunnelUrl, { rejectUnauthorized: !state.insecure });
+    // XXXXXX
+    wstunneler.on('open', function () {
+      console.info("[telebit:lib/remote.js] [open] connected to '" + (state.wss || state.relay) + "'");
+      me.emit('connect');
+      priv.refreshTimeout();
+      priv.timeoutId = setTimeout(priv.checkTimeout, activityTimeout);
       wstunneler._socket.on('drain', function () {
         // the websocket library has it's own buffer apart from node's socket buffer, but that one
         // is much more difficult to watch, so we watch for the lower level buffer to drain and
@@ -432,22 +497,13 @@ function _connect(state) {
             conn.resume();
           }
         });
-
         pausedClients.length = 0;
       });
-
-      //Call either Open or Reconnect handlers.
-      if(state.handlers.onOpen && initialConnect) {
-        state.handlers.onOpen();
-      } else if (state.handlers.onReconnect && !initialConnect) {
-        state.handlers.onReconnect();
-      }
       initialConnect = false;
-    }
-
-  , onClose: function () {
-      clearTimeout(timeoutId);
-      wstunneler = null;
+    });
+    wstunneler.on('close', function () {
+      console.info("[info] [closing] received close signal from relay");
+      clearTimeout(priv.timeoutId);
       clientHandlers.closeAll();
 
       var error = new Error('websocket connection closed before response');
@@ -459,199 +515,69 @@ function _connect(state) {
         connCallback(error);
       }
 
-      if (!authenticated) {
-        if(state.handlers.onError) {
-          var err = new Error('Failed to connect on first attempt... check authentication');
-          state.handlers.onError(err);
-        }
-        if(state.handlers.onClose) {
-          state.handlers.onClose();
-        }
-        console.info('[close] failed on first attempt... check authentication.');
-        timeoutId = null;
-      }
-      else if (tokens.length) {
-        if(state.handlers.onDisconnect) {
-          state.handlers.onDisconnect();
-        }
-        console.info('[retry] disconnected and waiting...');
-        timeoutId = setTimeout(connect, 5000);
-      } else {
-        if(state.handlers.onClose) {
-          state.handlers.onClose();
-        }
-      }
-    }
-
-  , onError: function (err) {
-      console.error("[tunnel error] " + err.message);
-      console.error(err);
-      if (connCallback) {
-        connCallback(err);
-      }
-    }
-
-  , sendMessage: function (msg) {
-      if (wstunneler) {
-        try {
-          wstunneler.send(msg, {binary: true});
-          return wstunneler.bufferedAmount;
-        } catch (err) {
-          // There is a chance that this occurred after the websocket was told to close
-          // and before it finished, in which case we don't need to log the error.
-          if (wstunneler.readyState !== wstunneler.CLOSING) {
-            console.warn('[sendMessage] error sending websocket message', err);
-          }
-        }
-      }
-    }
-  };
-
-  function connect() {
-    if (wstunneler) {
-      console.warn('attempted to connect with connection already active');
-      return;
-    }
-    if (!tokens.length) {
-      if (state.config.email) {
-        auth = {
-          subject: state.config.email
-        , subject_scheme: 'mailto'
-          // TODO create domains list earlier
-        , scope: Object.keys(state.config.servernames || {}).join(',')
-        , otp: state.otp
-        , hostname: os.hostname()
-          // Used for User-Agent
-        , os_type: os.type()
-        , os_platform: os.platform()
-        , os_release: os.release()
-        , os_arch: os.arch()
-        };
-      }
-    }
-    timeoutId = null;
-    var machine = Packer.create(packerHandlers);
-
-    console.info("[connect] '" + (state.wss || state.relay) + "'");
-    var tunnelUrl = (state.wss || state.relay).replace(/\/$/, '') + '/'; // + auth;
-    wstunneler = new WebSocket(tunnelUrl, { rejectUnauthorized: !state.insecure });
-    wstunneler.on('open', wsHandlers.onOpen);
-    wstunneler.on('close', wsHandlers.onClose);
-    wstunneler.on('error', wsHandlers.onError);
+      me.emit('close');
+    });
+    wstunneler.on('error', function (err) {
+      me.emit('error', err);
+    });
 
     // Our library will automatically handle sending the pong respose to ping requests.
-    wstunneler.on('ping', wsHandlers.refreshTimeout);
-    wstunneler.on('pong', wsHandlers.refreshTimeout);
+    wstunneler.on('ping', priv.refreshTimeout);
+    wstunneler.on('pong', function () {
+      //console.log('DEBUG received pong');
+      priv.refreshTimeout();
+    });
     wstunneler.on('message', function (data, flags) {
-      wsHandlers.refreshTimeout();
+      priv.refreshTimeout();
       if (data.error || '{' === data[0]) {
         console.log(data);
         return;
       }
       machine.fns.addChunk(data, flags);
     });
-  }
-  connect();
-
-  var connPromise;
-  return {
-    end: function(cb) {
-      tokens.length = 0;
-      if (timeoutId) {
-        clearTimeout(timeoutId);
-        timeoutId = null;
-      }
-
-      if (wstunneler) {
-        try {
-          wstunneler.close(cb);
-        } catch(e) {
-          console.error("[error] wstunneler.close()");
-          console.error(e);
-        }
-      }
-    }
-  , append: function (token) {
-      if (!token) {
-        throw new Error("attempted to append empty token");
-      }
-      if ('undefined' === token) {
-        throw new Error("attempted to append token as the string 'undefined'");
-      }
-      if (tokens.indexOf(token) >= 0) {
-        return PromiseA.resolve();
-      }
-      tokens.push(token);
-      var prom;
-      if (tokens.length === 1 && !wstunneler) {
-        // We just added the only token in the list, and the websocket connection isn't up
-        // so we need to restart the connection.
-        if (timeoutId) {
-          // Handle the case were the last token was removed and this token added between
-          // reconnect attempts to make sure we don't try openning multiple connections.
-          clearTimeout(timeoutId);
-          timeoutId = null;
-        }
-
-        // We want this case to behave as much like the other case as we can, but we don't have
-        // the same kind of reponses when we open brand new connections, so we have to rely on
-        // the 'hello' and the 'un-associated' error commands to determine if the token is good.
-        prom = connPromise = new PromiseA(function (resolve, reject) {
-          connCallback = function (err) {
-            connCallback = null;
-            connPromise = null;
-            if (err) {
-              reject(err);
-            } else {
-              resolve();
-            }
-          };
-        });
-        connect();
-      }
-      else if (connPromise) {
-        prom = connPromise.then(function () {
-          return sendCommand('add_token', token);
-        });
-      }
-      else {
-        prom = sendCommand('add_token', token);
-      }
-
-      prom.catch(function (err) {
-        console.error('adding token', token, 'failed:', err);
-        // Most probably an invalid token of some kind, so we don't really want to keep it.
-        tokens.splice(tokens.indexOf(token), 1);
-      });
-
-      return prom;
-    }
-  , clear: function (token) {
-      if (typeof token === 'undefined') {
-        token = '*';
-      }
-
-      if (token === '*') {
-        tokens.length = 0;
-      } else {
-        var index = tokens.indexOf(token);
-        if (index < 0) {
-          return PromiseA.resolve();
-        }
-        tokens.splice(index);
-      }
-
-      var prom = sendCommand('delete_token', token);
-      prom.catch(function (err) {
-        console.error('clearing token', token, 'failed:', err);
-      });
-
-      return prom;
+  };
+  me.end = function() {
+    priv.tokens.length = 0;
+    if (priv.timeoutId) {
+      clearTimeout(priv.timeoutId);
+      priv.timeoutId = null;
     }
+    console.info('[info] closing due to tr.end()');
+    wstunneler.close(1000, 're-connect');
+    wstunneler.on('close', function () {
+      me.emit('end');
+    });
   };
 }
 
-module.exports.connect = _connect;
-module.exports.createConnection = _connect;
+TelebitRemote.prototype = EventEmitter.prototype;
+TelebitRemote._tokenFromState = function (state) {
+  return {
+    subject: state.config.email
+  , subject_scheme: 'mailto'
+    // TODO create domains list earlier
+  , scope: Object.keys(state.config.servernames || {}).join(',')
+  , otp: state.otp
+  , hostname: os.hostname()
+    // Used for User-Agent
+  , os_type: os.type()
+  , os_platform: os.platform()
+  , os_release: os.release()
+  , os_arch: os.arch()
+  };
+};
+
+TelebitRemote.create = function (opts) {
+  return new TelebitRemote(opts);
+};
+TelebitRemote.createConnection = function (opts, cb) {
+  var tunnel = TelebitRemote.create(opts);
+  tunnel.connect(opts);
+  tunnel.once('connect', cb);
+  return tunnel;
+};
+TelebitRemote.connect = TelebitRemote.createConnection;
+
+module.exports.TelebitRemote = TelebitRemote;
 
 }());

lib/sorting-hat.js

@@ -1,6 +1,8 @@
 'use strict';
+
 var os = require('os');
 var path = require('path');
+var fs = require('fs');
 
 module.exports.print = function (config) {
   var services = { https: {}, http: {}, tcp: {} };
@@ -57,7 +59,7 @@ module.exports.print = function (config) {
 };
 
 module.exports.assign = function (state, tun, cb) {
-  console.log('first message from', tun);
+  //console.log('first message from', tun);
   var net = state.net || require('net');
 
   function trySsh(tun, cb) {
@@ -73,7 +75,7 @@ module.exports.assign = function (state, tun, cb) {
       cb(null, false);
       return;
     }
-    cb(null, getNetConn(sshPort));
+    getNetConn(sshPort, cb);
   }
 
   var handlers = {};
@@ -86,6 +88,7 @@ module.exports.assign = function (state, tun, cb) {
       state.httpRedirectServer = require('http').createServer(state.greenlock.middleware(state.redirectHttps));
     }
     state.httpRedirectServer.emit('connection', socket);
+    process.nextTick(function () { socket.resume(); });
   };
   handlers.https = function (tlsSocket) {
     console.log('Encrypted', tlsSocket.encrypted, tlsSocket.remoteAddress, tlsSocket.remotePort);
@@ -94,13 +97,15 @@ module.exports.assign = function (state, tun, cb) {
       state._serveStatic = require('serve-static');
       state._defaultServe = state._serveStatic(path.join(__dirname, 'html'));
       state.defaultHttpServer = require('http').createServer(function (req, res) {
+        // TODO serve api
         state._defaultServe(req, res, state._finalHandler(req, res));
       });
     }
     state.defaultHttpServer.emit('connection', tlsSocket);
+    process.nextTick(function () { tlsSocket.resume(); });
   };
 
-  function getNetConn(port) {
+  function getNetConn(port, cb) {
     var netOpts = {
       port: port
     , host: '127.0.0.1'
@@ -117,8 +122,12 @@ module.exports.assign = function (state, tun, cb) {
       // this will happen before 'data' or 'readable' is triggered
       // We use the data from the netOpts object so that the createConnection function has
       // the oppurtunity of removing/changing it if it wants/needs to handle it differently.
+      cb(null, conn);
+      cb = function () {}; // for error events
+    });
+    conn.on('error', function (err) {
+      cb(err);
     });
-    return conn;
   }
 
   function redirectHttp(cb) {
@@ -132,6 +141,40 @@ module.exports.assign = function (state, tun, cb) {
     return conn;
   }
 
+  function errorTcp(conf, cb) {
+    var socketPair = require('socket-pair');
+    var conn = socketPair.create(function (err, other) {
+      if (err) { cb(err); return; }
+
+      cb(null, conn);
+
+      other.write("\n" +
+      [ "[Telebit Error Server]"
+      , "Could not load '" + conf.handler + "' as a module, file, or directory."
+      ].join("\n") + "\n\n");
+      other.end();
+    });
+    //if (tun.data) { conn.write(tun.data); }
+    return conn;
+  }
+  function fileDirTcp(opts, cb) {
+    var socketPair = require('socket-pair');
+    var conn = socketPair.create(function (err, other) {
+      if (err) { cb(err); return; }
+
+      if (opts.stat.isFile()) {
+        fs.createReadStream(opts.config.handler).pipe(other);
+      } else {
+        fs.readdir(opts.config.handler, function (err, nodes) {
+          other.write('\n' + nodes.join('\n') + '\n\n');
+          other.end();
+        });
+      }
+      cb(null, conn);
+    });
+    //if (tun.data) { conn.write(tun.data); }
+    return conn;
+  }
   function echoTcp(cb) {
     var socketPair = require('socket-pair');
     var conn = socketPair.create(function (err, other) {
@@ -194,8 +237,7 @@ module.exports.assign = function (state, tun, cb) {
   function invokeTcpHandler(conf, socket, tun, id, cb) {
     var conn;
     if (parseInt(conf.handler, 10)) {
-      conn = getNetConn(conf.handler);
-      cb(null, conn);
+      getNetConn(conf.handler, cb);
       return conn;
     }
 
@@ -219,26 +261,45 @@ module.exports.assign = function (state, tun, cb) {
       } catch(e2) {
         console.error("Failed to require('" + handlerpath + "'):", e1.message);
         console.error("Failed to require('" + path.join(localshare, handlerpath) + "'):", e2.message);
-        console.warn("Using default handler for '" + handle + ":" + id + "'");
-        echoTcp(cb);
+        console.warn("Trying static and index handlers for '" + handle + ":" + id + "'");
+        handler = null;
+        // fallthru
       }
     }
-    var socketPair = require('socket-pair');
-    conn = socketPair.create(function (err, other) {
-      handler(other, tun, id);
-      cb(null, conn);
+
+    if (handler) {
+      var socketPair = require('socket-pair');
+      conn = socketPair.create(function (err, other) {
+        handler(other, tun, id);
+        cb(null, conn);
+      });
+      return conn;
+    }
+
+    fs.access(conf.handler, fs.constants.R_OK, function (err1) {
+      fs.stat(conf.handler, function (err2, stat) {
+        if ((err1 || err2) || !(stat.isFile() || stat.isDirectory())) {
+          errorTcp(conf, cb);
+          return;
+        }
+        fileDirTcp({ config: conf, stat: stat }, cb);
+      });
     });
-    return conn;
   }
   var handlerservers = {};
   function invokeHandler(conf, tlsSocket, tun, id) {
-    var conn;
     if (parseInt(conf.handler, 10)) {
       // TODO http-proxy with proper headers and ws support
-      conn = getNetConn(conf.handler);
-      console.info("Port-Forwarding '" + (tun.name || tun.serviceport) + "' to '" + conf.handler + "'");
-      conn.pipe(tlsSocket);
-      tlsSocket.pipe(conn);
+      getNetConn(conf.handler, function (err, conn) {
+        process.nextTick(function () { tlsSocket.resume(); });
+        if (err) {
+          require('./handlers/local-app-error.js')({ handler: conf.handler, socket: tlsSocket });
+          return;
+        }
+        console.info("Port-Forwarding '" + (tun.name || tun.serviceport) + "' to '" + conf.handler + "'");
+        conn.pipe(tlsSocket);
+        tlsSocket.pipe(conn);
+      });
       return;
     }
     var handle = tun.name || tun.port;
@@ -256,6 +317,7 @@ module.exports.assign = function (state, tun, cb) {
     tlsSocket._id = id;
     if (handlerservers[conf.handler]) {
       handlerservers[conf.handler].emit('connection', tlsSocket);
+      process.nextTick(function () { tlsSocket.resume(); });
       return;
     }
 
@@ -266,15 +328,15 @@ module.exports.assign = function (state, tun, cb) {
 
     try {
       handler = require(handlerpath);
-      console.info("Handling '" + handle + ":" + id + "' with '" + handlerpath + "'");
+      console.info("Trying to handle '" + handle + ":" + id + "' with '" + handlerpath + "'");
     } catch(e1) {
       try {
         handler = require(path.join(localshare, handlerpath));
-        console.info("Handling '" + handle + ":" + id + "' with '" + handlerpath + "'");
+        console.info("Skip. (couldn't require('" + handlerpath + "'):", e1.message + ")");
+        console.info("Trying to handle '" + handle + ":" + id + "' with '" + handlerpath + "'");
       } catch(e2) {
-        console.error("Failed to require('" + handlerpath + "'):", e1.message);
-        console.error("Failed to require('" + path.join(localshare, handlerpath) + "'):", e2.message);
-        console.warn("Using default handler for '" + handle + ":" + id + "'");
+        console.info("Skip. (couldn't require('" + path.join(localshare, handlerpath) + "'):", e2.message + ")");
+        console.info("Last chance! (using static and index handlers for '" + handle + ":" + id + "')");
         handler = null;
         // fallthru
       }
@@ -283,10 +345,70 @@ module.exports.assign = function (state, tun, cb) {
     if (handler) {
       handlerservers[conf.handler] = http.createServer(handler);
       handlerservers[conf.handler].emit('connection', tlsSocket);
+      process.nextTick(function () { tlsSocket.resume(); });
       return;
     }
 
-    handlers.https(tlsSocket, tun, id);
+    fs.access(conf.handler, fs.constants.R_OK, function (err1) {
+      fs.stat(conf.handler, function (err2, stat) {
+        if (err1 || err2) {
+          // TODO handle errors
+          handlers.https(tlsSocket, tun, id);
+          return;
+        }
+        var isFile = stat.isFile();
+        state._finalHandler = require('finalhandler');
+        state._serveStatic = require('serve-static');
+        state._serveIndex = require('serve-index');
+        var serveIndex;
+        var serveStatic;
+        var dlStatic;
+        if (isFile) {
+          serveStatic = state._serveStatic(path.dirname(conf.handler), { dotfiles: 'allow', index: [ 'index.html' ] });
+          dlStatic = state._serveStatic(path.dirname(conf.handler), { acceptRanges: false, dotfiles: 'allow', index: [ 'index.html' ] });
+          serveIndex = function (req, res, next) { next(); };
+          isFile = path.basename(conf.handler);
+        } else {
+          serveStatic = state._serveStatic(conf.handler, { dotfiles: 'allow', index: [ 'index.html' ] });
+          dlStatic = state._serveStatic(conf.handler, { acceptRanges: false, dotfiles: 'allow', index: [ 'index.html' ] });
+          serveIndex = state._serveIndex(conf.handler, {
+            hidden: true, icons: true
+          , template: require('serve-tpl-attachment')({ privatefiles: 'ignore' })
+          });
+        }
+        handler = function (req, res) {
+          var qIndex = req.url.indexOf('?');
+          var fIndex;
+          var fname;
+          if (-1 === qIndex) {
+            qIndex = req.url.length;
+          }
+          req.querystring = req.url.substr(qIndex);
+          req.url = req.url.substr(0, qIndex);
+          req.query = require('querystring').parse(req.querystring.substr(1));
+          if (isFile) {
+            req.url = '/' + isFile;
+          }
+          //console.log('[req.query]', req.url, req.query);
+          if (req.query.download) {
+            fIndex = req.url.lastIndexOf('/');
+            fname = req.url.substr(fIndex + 1);
+            res.setHeader('Content-Disposition', 'attachment; filename="'+decodeURIComponent(fname)+'"');
+            res.setHeader('Content-Type', 'application/octet-stream');
+            dlStatic(req, res, function () {
+              serveIndex(req, res, state._finalHandler(req, res));
+            });
+          } else {
+            serveStatic(req, res, function () {
+              serveIndex(req, res, state._finalHandler(req, res));
+            });
+          }
+        };
+        handlerservers[conf.handler] = http.createServer(handler);
+        handlerservers[conf.handler].emit('connection', tlsSocket);
+        process.nextTick(function () { tlsSocket.resume(); });
+      });
+    });
   }
 
   function terminateTls(tun, cb) {
@@ -318,8 +440,6 @@ module.exports.assign = function (state, tun, cb) {
             tlsSocket._handle.onread(firstChunk.length, firstChunk);
 
             trySsh({ data: firstChunk }, function (err, conn) {
-              process.nextTick(function () { tlsSocket.resume(); });
-
               if (conn) {
                 conn.pipe(tlsSocket);
                 tlsSocket.pipe(conn);
@@ -332,7 +452,7 @@ module.exports.assign = function (state, tun, cb) {
                 return;
               }
 
-              console.log('https invokeHandler');
+              //console.log('https invokeHandler');
               invokeHandler(conf, tlsSocket, tun, id);
             });
           });

lib/updater.js

@@ -8,6 +8,7 @@ module.exports = function (pkg) {
       https.get(url, function (resp) {
         var str = '';
         resp.on('data', function (chunk) {
+          //var chunk = conn.read();
           str += chunk.toString('utf8');
         });
         resp.on('end', function () {

package.json

@@ -1,11 +1,12 @@
 {
   "name": "telebit",
-  "version": "0.19.0",
+  "version": "0.20.251025",
   "description": "Break out of localhost. Connect to any device from anywhere over any tcp port or securely in a browser. A secure tunnel. A poor man's reverse VPN.",
   "main": "lib/remote.js",
   "files": [
     "bin",
-    "lib"
+    "lib",
+    "usr"
   ],
   "bin": {
     "telebit": "bin/telebit.js",
@@ -52,25 +53,30 @@
   },
   "homepage": "https://git.coolaj86.com/coolaj86/telebit.js#readme",
   "dependencies": {
-    "@coolaj86/urequest": "^1.1.4",
+    "@coolaj86/urequest": "^1.3.5",
     "finalhandler": "^1.1.1",
     "greenlock": "^2.3.1",
     "js-yaml": "^3.11.0",
     "jsonwebtoken": "^7.1.9",
     "mkdirp": "^0.5.1",
-    "proxy-packer": "^1.4.3",
+    "proxy-packer": "^2.0.2",
+    "ps-list": "^5.0.0",
     "recase": "^1.0.4",
     "redirect-https": "^1.1.5",
+    "sclient": "^1.4.1",
+    "serve-index": "^1.9.1",
     "serve-static": "^1.13.2",
+    "serve-tpl-attachment": "^1.0.4",
     "sni": "^1.0.0",
     "socket-pair": "^1.0.3",
-    "ws": "^2.2.3"
+    "toml": "^0.4.1",
+    "ws": "^6.0.0"
   },
   "trulyOptionalDependencies": {
     "bluebird": "^3.5.1"
   },
   "enginesStrict": true,
   "engines": {
-    "node": "10.2.1 10.4"
+    "node": "10.2.1 10.4 10.6"
   }
 }

tests/README.md

@@ -0,0 +1,21 @@
+There are a number of conditions and whatnot that must be tested in more-or-less real-world conditions.
+
+telebit init                    // fresh install
+telebit init                    // after install complete
+
+telebit http 3000               // have an app listening on localhost:3000
+telebit http 4545               // do not have an app listening
+
+telebit http ./path/to/site
+telebit http ./path/to/dir
+telebit http ./path/to/file
+telebit http ./doesnt/exist
+
+telebit ssh auto                // do have ssh listening on localhost:22
+telebit ssh 4545                // do have ssh listenening
+
+telebit tcp 3000                // have an echo server listening on localhost:3000
+telebit tcp 4545                // no server listening
+
+telebit tcp ./path/to/file
+telebit tcp ./path/to/dir

tests/echo.js

@@ -0,0 +1,27 @@
+'use strict';
+
+var net = require('net');
+var server = net.createServer(function (conn) {
+  function echo(chunk) {
+    conn.write(chunk);
+    if (chunk.length <= 10 && /\b(q|quit|end|cancel)\b/i.test(chunk.toString('utf8'))) {
+      conn.end();
+      conn.removeListener('data', echo);
+    }
+  }
+  conn.on('data', echo);
+  // NOTE: early versions of telebit do not support a 'connection' event
+  // and therefore will say hello after the first message from the client
+  conn.write(
+    "[Echo Server] Hello! I'm an echo server.\n"
+  + "[Echo Server] I try to be your friend but when I see things like q|quit|end|cancel, I give up.\n"
+  );
+});
+server.on('error', function (err) {
+  console.error("[echo server]");
+  console.error(err);
+});
+server.listen(process.argv[2] || 3000, function () {
+  console.info("Listening on", this.address());
+  console.info('ctrl+c to cancel');
+});

tests/windows-pipe.js

@@ -0,0 +1,20 @@
+'use strict';
+
+var os = require('os');
+var net = require('net');
+var ipc = {
+  path: /^win/.test(os.platform()) ? '\\\\.\\pipe\\X:/name/of/pipe' : (__dirname + '/tmp.sock')
+};
+var oldUmask = process.umask(0x0000);
+var server = net.createServer();
+
+server.listen({
+  path: ipc.path || null
+, host: 'localhost'
+, port: ipc.port || null
+, writeableAll: true
+, readableAll: true
+}, function () {
+  process.umask(oldUmask);
+  console.log("Listening on", this.address());
+});

tests/windows-spawn-pipe.js

@@ -0,0 +1,22 @@
+'use strict';
+
+var path = require('path');
+var spawn = require('child_process').spawn;
+var args = [
+  path.join(__dirname, 'windows-pipe.js')
+];
+var subprocess = spawn(
+  'node'
+, args
+, { detached: true
+  , stdio: [ 'ignore', process.stdout, process.stderr ]
+  }
+);
+//console.log('[debug]', vars.telebitNode, args.join(' '));
+subprocess.unref();
+subprocess.on('error', function (_err) {
+  console.error(_err);
+});
+subprocess.on('exit', function (code, signal) {
+  console.error('' + code + ' ' + signal + ' failure to launch');
+});

usr/share/dist/Library/LaunchDaemons/cloud.telebit.remote.plist.tpl

@@ -54,8 +54,8 @@
 	<string>{TELEBIT_PATH}</string>
 
 	<key>StandardErrorPath</key>
-	<string>{TELEBIT_LOG_DIR}/error.log</string>
+	<string>{TELEBIT_LOG_DIR}/telebit.log</string>
 	<key>StandardOutPath</key>
-	<string>{TELEBIT_LOG_DIR}/info.log</string>
+	<string>{TELEBIT_LOG_DIR}/telebit.log</string>
 </dict>
 </plist>

usr/share/dist/etc/skel/.config/systemd/user/telebit.service.tpl

@@ -34,9 +34,9 @@ ExecReload=/bin/kill -USR1 $MAINPID
 # Use private /tmp and /var/tmp, which are discarded after this stops.
 PrivateTmp=true
 # Use a minimal /dev
-;PrivateDevices=true
+PrivateDevices=true
 # Hide /home, /root, and /run/user. Nobody will steal your SSH-keys.
-ProtectHome=true
+;ProtectHome=true
 # Make /usr, /boot, /etc and possibly some more folders read-only.
 ProtectSystem=full
 # ... except for a few because we want a place for config, logs, etc
@@ -61,4 +61,5 @@ NoNewPrivileges=true
 ; NoNewPrivileges=true
 
 [Install]
-WantedBy=multi-user.target
+# For userspace service
+WantedBy=default.target

usr/share/dist/etc/skel/Library/LaunchAgents/cloud.telebit.remote.plist.tpl

@@ -63,8 +63,8 @@
 	<string>{TELEBIT_PATH}</string>
 
 	<key>StandardErrorPath</key>
-	<string>{TELEBIT_LOG_DIR}/error.log</string>
+	<string>{TELEBIT_LOG_DIR}/telebit.log</string>
 	<key>StandardOutPath</key>
-	<string>{TELEBIT_LOG_DIR}/info.log</string>
+	<string>{TELEBIT_LOG_DIR}/telebit.log</string>
 </dict>
 </plist>

usr/share/dist/etc/systemd/system/telebit.service.tpl

@@ -61,4 +61,7 @@ NoNewPrivileges=true
 ; NoNewPrivileges=true
 
 [Install]
+# For system-level service
 WantedBy=multi-user.target
+# For userspace service
+;WantedBy=default.target

usr/share/install-launcher.js

@@ -7,6 +7,76 @@ var exec = require('child_process').exec;
 var path = require('path');
 
 var Launcher = module.exports;
+Launcher._killAll = function (fn) {
+  var psList = require('ps-list');
+  psList().then(function (procs) {
+    procs.forEach(function (proc) {
+      if ('node' === proc.name && /\btelebitd\b/i.test(proc.cmd)) {
+        console.log(proc);
+        process.kill(proc.pid);
+        return true;
+      }
+    });
+    // Two things:
+    // 1) wait to see if the process dies
+    // 2) wait to give time for the socket to connect
+    setTimeout(function () {
+      if (fn) { fn(null); return; }
+    }, 1.75 * 1000);
+  });
+};
+Launcher._getError = function getError(err, stderr) {
+  if (err) { return err; }
+  if (stderr) {
+    err = new Error(stderr);
+    err.code = 'ELAUNCHER';
+    return err;
+  }
+};
+Launcher._detect = function (things, fn) {
+  if (things.launcher) {
+    if ('string' === typeof things.launcher) {
+      fn(null, things.launcher);
+      return;
+    }
+    if ('function' === typeof things.launcher) {
+      things.launcher(things);
+      return;
+    }
+  }
+
+  // could have used "command-exists" but I'm trying to stay low-dependency
+  // os.platform(), os.type()
+  if (!/^win/i.test(os.platform())) {
+    if (/^darwin/i.test(os.platform())) {
+      exec('command -v launchctl', things._execOpts, function (err, stdout, stderr) {
+        err = Launcher._getError(err, stderr);
+        fn(err, 'launchctl');
+      });
+    } else {
+      exec('command -v systemctl', things._execOpts, function (err, stdout, stderr) {
+        err = Launcher._getError(err, stderr);
+        fn(err, 'systemctl');
+      });
+    }
+  } else {
+    // https://stackoverflow.com/questions/17908789/how-to-add-an-item-to-registry-to-run-at-startup-without-uac
+    // wininit? regedit? SCM?
+    // REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "My App" /t REG_SZ /F /D "C:\MyAppPath\MyApp.exe"
+    // https://www.microsoft.com/developerblog/2015/11/09/reading-and-writing-to-the-windows-registry-in-process-from-node-js/
+    // https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/reg-add
+    // https://social.msdn.microsoft.com/Forums/en-US/5b318f44-281e-4098-8dee-3ba8435fa391/add-registry-key-for-autostart-of-app-in-ice?forum=quebectools
+    // utils.elevate
+    // https://github.com/CatalystCode/windows-registry-node
+    exec('where reg.exe', things._execOpts, function (err, stdout, stderr) {
+      //console.log((stdout||'').trim());
+      if (stderr) {
+        console.error(stderr);
+      }
+      fn(err, 'reg.exe');
+    });
+  }
+};
 Launcher.install = function (things, fn) {
   if (!fn) { fn = function (err) { if (err) { console.error(err); } }; }
   things = things || {};
@@ -44,21 +114,13 @@ Launcher.install = function (things, fn) {
   };
   vars.telebitBinTpl = path.join(telebitRoot, 'usr/share/dist/bin/telebit.tpl');
   vars.telebitNpm = path.resolve(vars.telebitNode, '../npm');
-  vars.nodePath = path.resolve(vars.telebitNode, '../lib/node_modules');
-  vars.npmConfigPrefix = path.resolve(vars.telebitNode, '..');
+  vars.nodePath = path.resolve(vars.telebitNode, '../../lib/node_modules');
+  vars.npmConfigPrefix = path.resolve(vars.telebitNode, '..', '..');
   vars.userspace = (!things.telebitUser || (things.telebitUser === os.userInfo().username)) ? true : false;
   if (-1 === vars.telebitRwDirs.indexOf(vars.npmConfigPrefix)) {
     vars.telebitRwDirs.push(vars.npmConfigPrefix);
   }
   vars.telebitRwDirs = vars.telebitRwDirs.join(' ');
-  function getError(err, stderr) {
-    if (err) { return err; }
-    if (stderr) {
-      err = new Error(stderr);
-      err.code = 'ELAUNCHER';
-      return err;
-    }
-  }
   var launchers = {
     'node': function () {
       var fs = require('fs');
@@ -75,17 +137,20 @@ Launcher.install = function (things, fn) {
 
       var killed = 0;
       var err;
+      var args = [
+        path.join(telebitRoot, 'bin/telebitd.js')
+      , 'daemon'
+      , '--config'
+      , vars.telebitdConfig
+      ];
       var subprocess = spawn(
         vars.telebitNode
-      , [ path.join(telebitRoot, 'bin/telebitd.js')
-        , 'daemon'
-        , '--config'
-        , vars.telebitdConfig
-        ]
+      , args
       , { detached: true
         , stdio: [ 'ignore', stdout, stderr ]
         }
       );
+      //console.log('[debug]', vars.telebitNode, args.join(' '));
       subprocess.unref();
       subprocess.on('error', function (_err) {
         err = _err;
@@ -98,10 +163,10 @@ Launcher.install = function (things, fn) {
 
       // Two things:
       // 1) wait to see if the process dies
-      // 2) wait to give time for the socket to cennect
+      // 2) wait to give time for the socket to connect
       setTimeout(function () {
         if (fn) { fn(err); return; }
-      }, 1.25 * 1000);
+      }, 1.75 * 1000);
       return;
     }
   , 'launchctl': function () {
@@ -127,13 +192,13 @@ Launcher.install = function (things, fn) {
         var execstr = launcherstr + "unload -w " + launcher;
         exec(execstr, things._execOpts, function (/*err, stdout, stderr*/) {
           // we probably only need to skip the stderr (saying that it can't stop something that isn't started)
-          //err = getError(err, stderr);
+          //err = Launcher._getError(err, stderr);
           //if (err) { fn(err); return; }
           //console.log((stdout||'').trim());
           //console.log('unload worked?');
           execstr = launcherstr + "load -w " + launcher;
           exec(execstr, things._execOpts, function (err, stdout, stderr) {
-            err = getError(err, stderr);
+            err = Launcher._getError(err, stderr);
             if (err) { fn(err); return; }
             //console.log((stdout||'').trim());
             //console.log('load worked?');
@@ -167,23 +232,23 @@ Launcher.install = function (things, fn) {
           var launcherstr = (vars.userspace ? "" : "sudo ") + "systemctl " + (vars.userspace ? "--user " : "");
           var execstr = launcherstr + "daemon-reload";
           exec(execstr, things._execOpts, function (err, stdout, stderr) {
-            err = getError(err, stderr);
+            err = Launcher._getError(err, stderr);
             if (err) { fn(err); return; }
             //console.log((stdout||'').trim());
             var execstr = launcherstr + "enable " + launchername;
             exec(execstr, things._execOpts, function (err, stdout, stderr) {
-              err = getError(err, stderr);
+              err = Launcher._getError(err, stderr && !/Created symlink/i.test(stderr) && stderr || '');
               if (err) { fn(err); return; }
               //console.log((stdout||'').trim());
               var execstr = launcherstr + "restart " + launchername;
               exec(execstr, things._execOpts, function (err, stdout, stderr) {
-                err = getError(err, stderr);
+                err = Launcher._getError(err, stderr);
                 if (err) { fn(err); return; }
                 //console.log((stdout||'').trim());
                 setTimeout(function () {
                   var execstr = launcherstr + "status " + launchername;
                   exec(execstr, things._execOpts, function (err, stdout, stderr) {
-                    err = getError(err, stderr);
+                    err = Launcher._getError(err, stderr);
                     if (err) { fn(err); return; }
                     if (!/active.*running/i.test(stdout)) {
                       err = new Error("systemd failed to start '" + launchername + "'");
@@ -219,7 +284,7 @@ Launcher.install = function (things, fn) {
         + '" /F'
         ;
       exec(cmd, things._execOpts, function (err, stdout, stderr) {
-        err = getError(err, stderr);
+        err = Launcher._getError(err, stderr);
         if (err) { fn(err); return; }
         // need to start it for the first time ourselves
         run(null, 'node');
@@ -246,54 +311,134 @@ Launcher.install = function (things, fn) {
     }
   }
 
-  if (things.launcher) {
-    if ('string' === typeof things.launcher) {
-      run(null, things.launcher);
-      return;
+  things._vars = vars;
+  things._userspace = vars.userspace;
+  Launcher._detect(things, run);
+};
+Launcher.uninstall = function (things, fn) {
+  if (!fn) { fn = function (err) { if (err) { console.error(err); } }; }
+  things = things || {};
+
+  // Right now this is just for npm install -g and npx
+  if (things.env) {
+    things.env.PATH = things.env.PATH || process.env.PATH;
+  } else {
+    things.env = process.env;
+  }
+  things.argv = things.argv || process.argv;
+  things._execOpts = { windowsHide: true, env: things.env };
+  var vars = {
+    telebitUser: os.userInfo().username
+  };
+  vars.userspace = (!things.telebitUser || (things.telebitUser === os.userInfo().username)) ? true : false;
+  var launchers = {
+    'node': function () {
+      Launcher._killAll(fn);
     }
-    if ('function' === typeof things.launcher) {
-      things._vars = vars;
-      things._userspace = vars.userspace;
-      things.launcher(things);
+  , 'launchctl': function () {
+      var launcher = path.join(os.homedir(), 'Library/LaunchAgents/cloud.telebit.remote.plist');
+      try {
+        var launcherstr = (vars.userspace ? "" : "sudo ") + "launchctl ";
+        var execstr = launcherstr + "unload -w " + launcher;
+        exec(execstr, things._execOpts, function (err, stdout, stderr) {
+          // we probably only need to skip the stderr (saying that it can't stop something that isn't started)
+          //err = Launcher._getError(err, stderr);
+          //if (err) { fn(err); return; }
+          //console.log((stdout||'').trim());
+          //console.log('unload worked?');
+          err = Launcher._getError(err, stderr);
+          if (err) { fn(err); return; }
+          //console.log((stdout||'').trim());
+          //console.log('load worked?');
+          setTimeout(function () {
+            fn(null);
+          }, 1.25 * 1000);
+        });
+      } catch(e) {
+        console.error("'" + launcher + "' error (uninstall):");
+        console.error(e);
+        if (fn) { fn(e); return; }
+      }
+    }
+   , 'systemctl': function () {
+      var launcher = path.join(os.homedir(), '.config/systemd/user/telebit.service');
+      var launchername = 'telebit.service';
+      try {
+        mkdirp.sync(path.join(os.homedir(), '.config/systemd/user'));
+        // IMPORTANT
+        // It's a dangerous to go alone, take this:
+        // SYSTEMD_LOG_LEVEL=debug journalctl -xef --user-unit=telebit
+        // (makes debugging systemd issues not "easy" per se, but possible)
+        var launcherstr = (vars.userspace ? "" : "sudo ") + "systemctl " + (vars.userspace ? "--user " : "");
+        var execstr = launcherstr + "disable " + launchername;
+        exec(execstr, things._execOpts, function (err, stdout, stderr) {
+          err = Launcher._getError(err, stderr && !/Removed symlink/i.test(stderr) && stderr || '');
+          if (err) { fn(err); return; }
+          //console.log((stdout||'').trim());
+          var execstr = launcherstr + "stop " + launchername;
+          exec(execstr, things._execOpts, function (err, stdout, stderr) {
+            err = Launcher._getError(err, stderr);
+            if (err) { fn(err); return; }
+            //console.log((stdout||'').trim());
+            setTimeout(function () {
+              var execstr = launcherstr + "status " + launchername;
+              exec(execstr, things._execOpts, function (err, stdout, stderr) {
+                err = Launcher._getError(err, stderr);
+                if (err) { fn(err); return; }
+                if (!/inactive.*dead/i.test(stdout)) {
+                  err = new Error("systemd failed to stop '" + launchername + "'");
+                }
+                if (err) { fn(err); return; }
+                //console.log((stdout||'').trim());
+                fn(null);
+              });
+            }, 1.25 * 1000);
+          });
+        });
+      } catch(e) {
+        console.error("'" + launcher + "' error:");
+        console.error(e);
+        if (fn) { fn(e); return; }
+      }
+    }
+  , 'reg.exe': function () {
+      if (!vars.userspace) {
+        console.warn("sysetm-level, privileged services are not yet supported on windows");
+      }
+      var cmd = 'reg.exe add "HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"'
+        + ' /V "Telebit" /F'
+        ;
+      exec(cmd, things._execOpts, function (err, stdout, stderr) {
+        err = Launcher._getError(err, stderr);
+        if (err) { fn(err); return; }
+        // need to start it for the first time ourselves
+        kill(null, 'node');
+      });
+    }
+  };
+
+  function kill(err, launcher) {
+    if (err) {
+      console.error("No luck with '" + launcher + "', trying a process.kill() instead...");
+      console.error(err);
+      launcher = 'node';
+    }
+
+    if (launchers[launcher]) {
+      launchers[launcher]();
       return;
+    } else {
+      console.error("No launcher handler (uninstall) for '" + launcher + "'");
     }
   }
 
-  // could have used "command-exists" but I'm trying to stay low-dependency
-  // os.platform(), os.type()
-  if (!/^win/i.test(os.platform())) {
-    if (/^darwin/i.test(os.platform())) {
-      exec('command -v launchctl', things._execOpts, function (err, stdout, stderr) {
-        err = getError(err, stderr);
-        run(err, 'launchctl');
-      });
-    } else {
-      exec('command -v systemctl', things._execOpts, function (err, stdout, stderr) {
-        err = getError(err, stderr);
-        run(err, 'systemctl');
-      });
-    }
-  } else {
-    // https://stackoverflow.com/questions/17908789/how-to-add-an-item-to-registry-to-run-at-startup-without-uac
-    // wininit? regedit? SCM?
-    // REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "My App" /t REG_SZ /F /D "C:\MyAppPath\MyApp.exe"
-    // https://www.microsoft.com/developerblog/2015/11/09/reading-and-writing-to-the-windows-registry-in-process-from-node-js/
-    // https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/reg-add
-    // https://social.msdn.microsoft.com/Forums/en-US/5b318f44-281e-4098-8dee-3ba8435fa391/add-registry-key-for-autostart-of-app-in-ice?forum=quebectools
-    // utils.elevate
-    // https://github.com/CatalystCode/windows-registry-node
-    exec('where reg.exe', things._execOpts, function (err, stdout, stderr) {
-      console.log((stdout||'').trim());
-      if (stderr) {
-        console.error(stderr);
-      }
-      run(err, 'reg.exe');
-    });
-  }
+  things._vars = vars;
+  things._userspace = vars.userspace;
+  Launcher._detect(things, kill);
 };
 
 if (module === require.main) {
-  module.exports.install({
+  Launcher.install({
     argv: process.argv
   , env: process.env
   }, function (err) {

usr/share/install.sh

@@ -59,9 +59,9 @@ http_get()
 
 http_bash()
 {
-  _http_bash_url=$1
-  _http_bash_args=${2:-}
-  _http_bash_tmp=$(mktemp)
+  local _http_bash_url=$1
+  local _http_bash_args=${2:-}
+  local _http_bash_tmp=$(mktemp)
   $_my_http_get $_my_http_opts $_my_http_out "$_http_bash_tmp" "$_http_bash_url"
   bash "$_http_bash_tmp" $_http_bash_args; rm "$_http_bash_tmp"
 }
@@ -74,7 +74,10 @@ export -f http_bash
 ##       END HTTP_GET        ##
 ###############################
 
-TELEBIT_VERSION=${TELEBIT_VERSION:-master}
+if [ -n "${TELEBIT_VERSION:-}" ]; then
+  echo 'TELEBIT_VERSION='${TELEBIT_VERSION}
+fi
+export TELEBIT_VERSION=${TELEBIT_VERSION:-master}
 if [ -e "usr/share/install_helper.sh" ]; then
   bash usr/share/install_helper.sh "$@"
 else

usr/share/install_helper.sh

@@ -33,13 +33,32 @@ set -u
 
 TELEBIT_DEBUG=${TELEBIT_DEBUG:-}
 
-if [ "$(logname)" != "$(id -u -n)" ]; then
+# NOTE: On OS X logname works from a pipe, but on Linux it does not
+my_logname=$(who am i </dev/tty | awk '{print $1}')
+#my_logname=${my_logname:-$(logname)}
+#my_logname=${my_logname:-$SUDO_USER}
+if [ -n "$my_logname" ] && [ "$my_logname" != "$(id -u -n)" ]; then
   echo "WARNING:"
   echo "    You are logged in as '$(logname)' but acting as '$(id -u -n)'."
   echo "    If the installation is not successful please log in as '$(id -u -n)' directly."
   sleep 3
 fi
 
+if [ -n "${TELEBIT_DEBUG:-}" ]; then
+  echo 'TELEBIT_DEBUG='${TELEBIT_DEBUG}
+fi
+if [ -n "${TELEBIT_PATH:-}" ]; then
+  echo 'TELEBIT_PATH='${TELEBIT_PATH}
+fi
+if [ -n "${TELEBIT_USERSPACE:-}" ]; then
+  echo 'TELEBIT_USERSPACE='${TELEBIT_USERSPACE}
+fi
+if [ -n "${TELEBIT_USER:-}" ]; then
+  echo 'TELEBIT_USER='${TELEBIT_USER}
+fi
+if [ -n "${TELEBIT_GROUP:-}" ]; then
+  echo 'TELEBIT_GROUP='${TELEBIT_GROUP}
+fi
 TELEBIT_VERSION=${TELEBIT_VERSION:-master}
 TELEBIT_USERSPACE=${TELEBIT_USERSPACE:-no}
 my_email=${1:-}
@@ -113,9 +132,12 @@ TELEBIT_TMP="$TELEBIT_REAL_PATH"
 my_tmp="$(mktemp -d -t telebit.XXXXXXXX)"
 #TELEBIT_TMP="$my_tmp/telebit"
 
-echo "Installing $my_name to 'TELEBIT_PATH=$TELEBIT_REAL_PATH'"
-# v10.2+ has much needed networking fixes, but breaks ursa. v9.x has severe networking bugs. v8.x has working ursa, but requires tls workarounds"
-NODEJS_VER="${NODEJS_VER:-v10.2}"
+echo "Installing $my_name to '$TELEBIT_REAL_PATH'"
+# v10.2+ has much needed networking fixes, but breaks ursa.
+# v9.x has severe networking bugs.
+# v8.x has working ursa, but requires tls workarounds"
+# v10.13 seems to work for me locally (new greenlock)
+NODEJS_VER="${NODEJS_VER:-v10.13}"
 export NODEJS_VER
 export NODE_PATH="$TELEBIT_TMP/lib/node_modules"
 export NPM_CONFIG_PREFIX="$TELEBIT_TMP"
@@ -205,16 +227,20 @@ pushd $TELEBIT_TMP >/dev/null
   else
     echo -n "."
   fi
+  set +e
   $tmp_npm install >/dev/null 2>/dev/null &
-  # ursa is now an entirely optional dependency for key generation
-  # but very much needed on ARM devices
-  $tmp_npm install ursa >/dev/null 2>/dev/null &
   tmp_npm_pid=$!
   while [ -n "$tmp_npm_pid" ]; do
     sleep 2
     echo -n "."
     kill -s 0 $tmp_npm_pid >/dev/null 2>/dev/null || tmp_npm_pid=""
   done
+  set -e
+  echo -n "."
+  $tmp_npm install >/dev/null 2>/dev/null
+  # ursa is now an entirely optional dependency for key generation
+  # but very much needed on ARM devices
+  $tmp_npm install ursa >/dev/null 2>/dev/null || true
 popd >/dev/null
 
 if [ -n "${TELEBIT_DEBUG}" ]; then
@@ -403,6 +429,11 @@ if [ -d "/Library/LaunchDaemons" ]; then
     chown $(id -u -n):$(id -g -n) "$my_app_launchd_service"
     my_sudo_cmd=""
     my_sudo_cmde=""
+
+    if [ -n "${TELEBIT_DEBUG}" ]; then
+      echo "    > launchctl unload -w $my_app_launchd_service >/dev/null 2>/dev/null"
+    fi
+    launchctl unload -w "$my_app_launchd_service" >/dev/null 2>/dev/null
   else
     my_app_launchd_service_skel="usr/share/dist/Library/LaunchDaemons/${my_app_pkg_name}.plist"
     my_app_launchd_service="$my_root/Library/LaunchDaemons/${my_app_pkg_name}.plist"
@@ -411,10 +442,10 @@ if [ -d "/Library/LaunchDaemons" ]; then
 
     echo "    > ${real_sudo_cmde}chown root:wheel $my_app_launchd_service"
     $real_sudo_cmd chown root:wheel "$my_app_launchd_service"
-  fi
 
-  echo "    > ${my_sudo_cmde}launchctl unload -w $my_app_launchd_service >/dev/null 2>/dev/null"
-  $my_sudo_cmd launchctl unload -w "$my_app_launchd_service" >/dev/null 2>/dev/null
+    echo "    > ${real_sudo_cmde}launchctl unload -w $my_app_launchd_service >/dev/null 2>/dev/null"
+    $real_sudo_cmd launchctl unload -w "$my_app_launchd_service" >/dev/null 2>/dev/null
+  fi
 
 elif [ -d "$my_root/etc/systemd/system" ]; then
   my_system_launcher="systemd"
@@ -452,6 +483,7 @@ if [ "launchd" == "$my_system_launcher" ]; then
     echo "  > ${real_sudo_cmde}launchctl load -w $my_app_launchd_service"
     $real_sudo_cmd launchctl load -w "$my_app_launchd_service"
   fi
+  sleep 2; # give it time to start
 
 elif [ "systemd" == "$my_system_launcher" ]; then
 
@@ -464,23 +496,30 @@ elif [ "systemd" == "$my_system_launcher" ]; then
     else
       echo -n "."
     fi
-    systemctl --user daemon-reload
-    # enable also puts success output to stderr... why?
-    systemctl --user enable $my_app >/dev/null 2>/dev/null
-    #echo "    > systemctl --user enable systemd-tmpfiles-setup.service systemd-tmpfiles-clean.timer"
-    #systemctl --user enable systemd-tmpfiles-setup.service systemd-tmpfiles-clean.timer
-    if [ -n "${TELEBIT_DEBUG}" ]; then
-      echo "    > systemctl --user start $my_app"
-    fi
-    systemctl --user stop $my_app >/dev/null 2>/dev/null
-    systemctl --user start $my_app >/dev/null
-    sleep 2
-    _is_running=$(systemctl --user status --no-pager $my_app 2>/dev/null | grep "active.*running")
-    if [ -z "$_is_running" ]; then
-      echo "Something went wrong:"
-      systemctl --user status --no-pager $my_app
-      exit 1
+    set +e
+    if systemctl --user daemon-reload; then
+      # enable also puts success output to stderr... why?
+      systemctl --user enable $my_app >/dev/null 2>/dev/null
+      #echo "    > systemctl --user enable systemd-tmpfiles-setup.service systemd-tmpfiles-clean.timer"
+      #systemctl --user enable systemd-tmpfiles-setup.service systemd-tmpfiles-clean.timer
+      if [ -n "${TELEBIT_DEBUG}" ]; then
+        echo "    > systemctl --user start $my_app"
+      fi
+      systemctl --user stop $my_app >/dev/null 2>/dev/null
+      systemctl --user start $my_app >/dev/null
+
+      sleep 2; # give it time to start
+      _is_running=$(systemctl --user status --no-pager $my_app 2>/dev/null | grep "active.*running")
+      if [ -z "$_is_running" ]; then
+        echo "Something went wrong:"
+        systemctl --user status --no-pager $my_app
+      fi
+    else
+      echo "libpam-systemd is missing, which is required on Linux to register Telebit with the user launcher."
+      echo "sudo apt-get install -y libpam-systemd"
+      sudo apt-get install -y libpam-systemd
     fi
+    set -e
     echo -n "."
   else
 
@@ -490,7 +529,7 @@ elif [ "systemd" == "$my_system_launcher" ]; then
     echo "    > ${real_sudo_cmde}systemctl start $my_app"
     $real_sudo_cmd systemctl daemon-reload
     $real_sudo_cmd systemctl restart $my_app
-    sleep 1
+    sleep 2; # give it time to start
     $real_sudo_cmd systemctl status --no-pager $my_app
   fi
 

usr/share/template-launcher.js

@@ -79,8 +79,8 @@ function run() {
     , TELEBIT_LOG_DIR: process.env.TELEBIT_LOG_DIR || path.join(os.homedir(), '.local/share/telebit/var/log')
     };
     vars.telebitNpm = process.env.TELEBIT_NPM || path.resolve(vars.telebitNode, '../npm');
-    vars.nodePath = process.env.NODE_PATH || path.resolve(vars.telebitNode, '../lib/node_modules');
-    vars.npmConfigPrefix = process.env.NPM_CONFIG_PREFIX || path.resolve(vars.telebitNode, '..');
+    vars.nodePath = process.env.NODE_PATH || path.resolve(vars.telebitNode, '../../lib/node_modules');
+    vars.npmConfigPrefix = process.env.NPM_CONFIG_PREFIX || path.resolve(vars.telebitNode, '..', '..');
     if (-1 === vars.telebitRwDirs.indexOf(vars.npmConfigPrefix)) {
       vars.telebitRwDirs.push(vars.npmConfigPrefix);
     }