feat: add scoped ssh client passthrough

This commit is contained in:
Codex
2026-06-02 07:39:21 +00:00
parent 2a4f6d7791
commit 0c28961f9a
7 changed files with 116 additions and 7 deletions
+17 -3
View File
@@ -56,6 +56,7 @@ export interface AutoRemoteCiPublishPlan {
interface FrontendSession {
baseUrl: string;
cookie: string;
sshClientToken: string | null;
}
interface FetchJsonResult {
@@ -519,7 +520,16 @@ async function loginFrontend(host: string, config: UniDeskConfig): Promise<Front
}
const cookie = res.responseHeaders?.["set-cookie"]?.split(";")[0] ?? "";
if (cookie.length === 0) throw new RemoteCliFailure("auth-missing", `frontend login via ${baseUrl} did not return a session cookie`, { baseUrl, status: res.status ?? null });
return { baseUrl, cookie };
return { baseUrl, cookie, sshClientToken: null };
}
function sshClientTokenFromEnv(env: NodeJS.ProcessEnv = process.env): string | null {
const token = env.UNIDESK_SSH_CLIENT_TOKEN?.trim() ?? "";
return token.length > 0 ? token : null;
}
function scopedSshFrontendSession(host: string, config: UniDeskConfig, token: string): FrontendSession {
return { baseUrl: frontendBaseUrl(host, config), cookie: "", sshClientToken: token };
}
async function frontendJson(session: FrontendSession, path: string, init?: RequestInit, timeoutMs = 8000, maxResponseBytes = 5_000_000): Promise<FetchJsonResult> {
@@ -901,7 +911,10 @@ function openFrontendSshWebSocket(session: FrontendSession): WebSocket {
url: string,
options?: { headers?: Record<string, string> },
) => WebSocket;
return new WebSocketWithHeaders(frontendSshWebSocketUrl(session), { headers: { cookie: session.cookie } });
const headers = session.sshClientToken === null
? { cookie: session.cookie }
: { authorization: `Bearer ${session.sshClientToken}` };
return new WebSocketWithHeaders(frontendSshWebSocketUrl(session), { headers });
}
async function runRemoteSshWebSocket(
@@ -1287,8 +1300,9 @@ async function runRemoteCliOverFrontend(options: RemoteCliOptions, config: UniDe
const args = options.args.length === 0 ? ["help"] : options.args;
const name = commandName(args);
try {
const session = await loginFrontend(options.host, config);
const [top, sub] = args;
const scopedSshToken = top === "ssh" ? sshClientTokenFromEnv() : null;
const session = scopedSshToken === null ? await loginFrontend(options.host, config) : scopedSshFrontendSession(options.host, config, scopedSshToken);
if (top === "help" || top === "--help" || top === "-h") {
emitRemoteJson(name, {
transport: "frontend",