ZeroCatCodeRun

Author: Sunwuyuan

.gitignore

@@ -0,0 +1,3 @@
+data
+node_modules
+.env

Dockerfile

@@ -0,0 +1,115 @@
+FROM ubuntu:22.04
+
+# 避免交互式提示
+ENV DEBIAN_FRONTEND=noninteractive
+
+# 设置时区
+ENV TZ=Asia/Shanghai
+RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
+
+# 安装基础工具和依赖
+RUN apt-get update && apt-get install -y \
+    sudo \
+    curl \
+    wget \
+    git \
+    vim \
+    bash \
+    build-essential \
+    software-properties-common \
+    apt-transport-https \
+    ca-certificates \
+    gnupg \
+    lsb-release \
+    zsh \
+    tmux \
+    htop \
+    tree \
+    jq \
+    unzip \
+    openssh-client \
+    postgresql-client \
+    redis-tools \
+    make \
+    gcc \
+    g++ \
+    libssl-dev \
+    zlib1g-dev \
+    libbz2-dev \
+    libreadline-dev \
+    libsqlite3-dev \
+    libncursesw5-dev \
+    xz-utils \
+    tk-dev \
+    libxml2-dev \
+    libxmlsec1-dev \
+    libffi-dev \
+    liblzma-dev \
+    && rm -rf /var/lib/apt/lists/*
+
+# 创建非root用户
+RUN useradd -m -s /bin/bash zerocat \
+    && echo "zerocat ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/zerocat \
+    && chmod 0440 /etc/sudoers.d/zerocat
+
+# 设置工作目录
+WORKDIR /home/zerocat
+
+# 安装 pyenv
+USER zerocat
+RUN curl https://pyenv.run | bash
+ENV PYENV_ROOT="/home/zerocat/.pyenv"
+ENV PATH="$PYENV_ROOT/bin:$PATH"
+RUN echo 'export PYENV_ROOT="$HOME/.pyenv"' >> ~/.bashrc && \
+    echo 'command -v pyenv >/dev/null || export PATH="$PYENV_ROOT/bin:$PATH"' >> ~/.bashrc && \
+    echo 'eval "$(pyenv init --path)"' >> ~/.bashrc && \
+    echo 'eval "$(pyenv init -)"' >> ~/.bashrc
+
+# 使用 pyenv 安装 Python 版本并安装包
+SHELL ["/bin/bash", "-l", "-c"]
+RUN pyenv install 3.8.18 && \
+    pyenv install 3.11.8 && \
+    pyenv global 3.11.8 && \
+    eval "$(pyenv init -)" && \
+    eval "$(pyenv init --path)" && \
+    $PYENV_ROOT/versions/3.11.8/bin/python -m pip install --upgrade pip && \
+    $PYENV_ROOT/versions/3.11.8/bin/python -m pip install \
+    ipython \
+    poetry \
+    virtualenv \
+    black \
+    flake8 \
+    mypy \
+    pytest \
+    requests
+
+# 安装 nvm
+ENV NVM_DIR="/home/zerocat/.nvm"
+RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash \
+    && . "$NVM_DIR/nvm.sh" \
+    && nvm install 16 \
+    && nvm install 18 \
+    && nvm alias default 18 \
+    && nvm use default \
+    && npm install -g yarn pnpm typescript ts-node
+
+# 设置权限
+USER root
+RUN chown -R zerocat:zerocat /home/zerocat
+
+# 切换到非root用户
+USER zerocat
+
+# 设置SHELL环境变量
+ENV SHELL=/bin/bash
+
+# 配置终端
+RUN echo 'export PS1="\[\e[01;32m\]\u@\h\[\e[0m\]:\[\e[01;34m\]\w\[\e[0m\]\$ "' >> ~/.bashrc
+
+# 添加环境变量到 .bashrc
+RUN echo 'export NVM_DIR="$HOME/.nvm"' >> ~/.bashrc \
+    && echo '[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"' >> ~/.bashrc \
+    && echo '[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"' >> ~/.bashrc
+
+# 设置容器启动命令
+CMD ["/bin/bash", "-l"]

app.js

@@ -0,0 +1,105 @@
+const express = require('express');
+const path = require('path');
+const cookieParser = require('cookie-parser');
+const logger = require('morgan');
+const WebSocket = require('ws');
+const terminalService = require('./services/terminal');
+const adminService = require('./services/admin');
+const { validateToken } = require('./middleware/auth');
+const jwt = require('jsonwebtoken');
+const config = require('./config');
+const bodyParser = require('body-parser');
+
+const indexRouter = require('./routes/index');
+const usersRouter = require('./routes/users');
+const terminalRouter = require('./routes/terminal');
+const adminRouter = require('./routes/admin');
+
+const app = express();
+
+// view engine setup
+app.set('views', path.join(__dirname, 'views'));
+app.set('view engine', 'ejs');
+
+// middleware setup
+app.use(logger(config.logging.format));
+app.use(express.json());
+app.use(express.urlencoded({ extended: false }));
+app.use(cookieParser(config.security.cookieSecret));
+app.use(express.static(path.join(__dirname, 'public')));
+app.use(bodyParser.urlencoded({ limit: "100mb", extended: false }));
+app.use(bodyParser.json({ limit: "100mb" }));
+app.use(bodyParser.text({ limit: "100mb" }));
+app.use(bodyParser.raw({ limit: "100mb" }));
+
+// Security headers
+app.use((req, res, next) => {
+  res.set({
+    'X-Content-Type-Options': 'nosniff',
+    'X-Frame-Options': 'DENY',
+    'X-XSS-Protection': '1; mode=block'
+  });
+  next();
+});
+
+// Routes
+app.use('/', indexRouter);
+app.use('/users', usersRouter);
+app.use('/terminal', terminalRouter);
+app.use('/admin', adminRouter);
+
+// WebSocket server setup
+const wss = new WebSocket.Server({ noServer: true });
+
+// WebSocket authentication middleware
+async function authenticateWebSocket(request, socket, head) {
+  try {
+    // 从URL参数中获取token
+    const url = new URL(request.url, `http://${request.headers.host}`);
+    const token = url.searchParams.get('token');
+
+    if (!token) {
+      socket.write('HTTP/1.1 401 Unauthorized\r\n\r\n');
+      socket.destroy();
+      return;
+    }
+
+    // 验证token并解码用户信息
+    const decoded = jwt.verify(token, config.jwt.secret);
+    request.user = {
+      userid: decoded.userid,
+      fingerprint: decoded.fingerprint
+    };
+
+    // 升级连接
+    wss.handleUpgrade(request, socket, head, (ws) => {
+      wss.emit('connection', ws, request);
+    });
+  } catch (error) {
+    console.error('WebSocket authentication failed:', error);
+    socket.write('HTTP/1.1 401 Unauthorized\r\n\r\n');
+    socket.destroy();
+  }
+}
+
+// Handle WebSocket connections
+wss.on('connection', (ws, request) => {
+  try {
+    terminalService.handleConnection(ws, request);
+  } catch (error) {
+    console.error('Failed to handle WebSocket connection:', error);
+    ws.close(1008, 'Authentication failed');
+  }
+});
+
+// Error handler
+app.use(function(err, req, res, next) {
+  console.error(err.stack);
+  res.status(err.status || 500);
+  res.render('error', {
+    message: err.message,
+    error: req.app.get('env') === 'development' ? err : {}
+  });
+});
+
+module.exports = { app, authenticateWebSocket };

bin/www

@@ -0,0 +1,104 @@
+#!/usr/bin/env node
+
+/**
+ * Module dependencies.
+ */
+
+const { app, authenticateWebSocket } = require('../app');
+const debug = require('debug')('coderun:server');
+const http = require('http');
+
+/**
+ * Get port from environment and store in Express.
+ */
+
+const port = normalizePort(process.env.PORT || '3033');
+app.set('port', port);
+
+/**
+ * Create HTTP server.
+ */
+
+const server = http.createServer(app);
+
+/**
+ * Handle WebSocket upgrade requests
+ */
+server.on('upgrade', (request, socket, head) => {
+  const pathname = new URL(request.url, `http://${request.headers.host}`).pathname;
+
+  if (pathname === '/terminal') {
+    authenticateWebSocket(request, socket, head);
+  } else {
+    socket.destroy();
+  }
+});
+
+/**
+ * Listen on provided port, on all network interfaces.
+ */
+
+server.listen(port);
+server.on('error', onError);
+server.on('listening', onListening);
+
+/**
+ * Normalize a port into a number, string, or false.
+ */
+
+function normalizePort(val) {
+  const port = parseInt(val, 10);
+
+  if (isNaN(port)) {
+    // named pipe
+    return val;
+  }
+
+  if (port >= 0) {
+    // port number
+    return port;
+  }
+
+  return false;
+}
+
+/**
+ * Event listener for HTTP server "error" event.
+ */
+
+function onError(error) {
+  if (error.syscall !== 'listen') {
+    throw error;
+  }
+
+  const bind = typeof port === 'string'
+    ? 'Pipe ' + port
+    : 'Port ' + port;
+
+  // handle specific listen errors with friendly messages
+  switch (error.code) {
+    case 'EACCES':
+      console.error(bind + ' requires elevated privileges');
+      process.exit(1);
+      break;
+    case 'EADDRINUSE':
+      console.error(bind + ' is already in use');
+      process.exit(1);
+      break;
+    default:
+      throw error;
+  }
+}
+
+/**
+ * Event listener for HTTP server "listening" event.
+ */
+
+function onListening() {
+  const addr = server.address();
+  const bind = typeof addr === 'string'
+    ? 'pipe ' + addr
+    : 'port ' + addr.port;
+  debug('Listening on ' + bind);
+  console.log(`Server running on port ${port}`);
+}