irt/gists
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

feat(proxy): secure refactor and system-wide integration

Browse Source 
- Removed hardcoded corporate proxy URL from all scripts.
- Updated bridge.js to load configuration from /opt/proxy-bridge/config.json.
- Updated setup.js to interactively configure upstream proxy and credentials.
- Enhanced install_proxy.sh to automatically configure APT, Bash, and system services.
- Purged sensitive URL from git history and verified zero leakage.
This commit is contained in:
tke
2026-05-22 12:23:16 +02:00
parent ae5d503268
commit 203f2bf189
4 changed files with 893 additions and 106 deletions
Download Patch File Download Diff File Expand all files Collapse all files
scripts/proxy/setup.js
+71 -24
View File
@@ -1,34 +1,81 @@
const readline = require('readline');
const { execSync } = require('child_process');
const { execFileSync } = require('child_process');
const fs = require('fs');
const rl = readline.createInterface({
input: process.stdin,
output: process.stdout
});
console.log("=== Proxy Bridge Keyring Setup ===");
const CONFIG_DIR = '/opt/proxy-bridge';
const CONFIG_FILE = `${CONFIG_DIR}/config.json`;
const USER_FILE = `${CONFIG_DIR}/user.json`;
rl.question('Enter your corporate username: ', (user) => {
rl.question('Enter your corporate password: ', (pass) => {
try {
// Securely store the password in the Ubuntu Keyring using secret-tool
// We use standard input to pass the password so it doesn't appear in process lists
execSync(`secret-tool store --label="Proxy Bridge Credentials" service proxy-bridge account ${user}`, {
input: pass
});
// Store the username in a local config just so the bridge knows WHICH account to look up
require('fs').writeFileSync('/opt/proxy-bridge/user.json', JSON.stringify({ username: user }));
console.log("=== Proxy Bridge Configuration Setup ===");
console.log("\n✅ Credentials successfully stored in the system keyring.");
} catch (error) {
console.error("\n❌ Failed to store credentials in keyring:", error.message);
}
rl.close();
function ask(question, defaultValue = "") {
return new Promise((resolve) => {
const prompt = defaultValue ? `${question} [${defaultValue}]: ` : `${question}: `;
rl.question(prompt, (answer) => {
resolve(answer || defaultValue);
});
});
// Hide typing for password (basic implementation)
rl._writeToOutput = function _writeToOutput(stringToWrite) {
if (rl.history.length === 0) rl.output.write("*");
};
});
}
async function run() {
try {
// 1. Upstream Proxy Configuration
console.log("\n--- Upstream Proxy (Corporate) ---");
const host = await ask("Corporate Proxy Hostname (e.g. proxy.company.com)");
const port = await ask("Corporate Proxy Port", "8080");
if (!host) {
console.error("❌ Hostname is required.");
process.exit(1);
}
// 2. Credentials
console.log("\n--- Credentials ---");
const user = await ask("Corporate Username");
// Setup password mask
const oldWrite = rl._writeToOutput;
rl._writeToOutput = function _writeToOutput(stringToWrite) {
if (rl.line.length > 0) rl.output.write("*");
else rl.output.write(stringToWrite);
};
const pass = await ask("Corporate Password");
rl._writeToOutput = oldWrite;
// Save Proxy Config
if (!fs.existsSync(CONFIG_DIR)) {
fs.mkdirSync(CONFIG_DIR, { recursive: true });
}
fs.writeFileSync(CONFIG_FILE, JSON.stringify({ host, port }, null, 2));
// Save Username
fs.writeFileSync(USER_FILE, JSON.stringify({ username: user }));
// Store Password in Keyring
console.log("\n--> Storing password in system keyring...");
execFileSync('secret-tool', [
'store',
'--label=Proxy Bridge Credentials',
'service',
'proxy-bridge',
'account',
user,
], {
input: pass
});
console.log("\n✅ Configuration and credentials successfully stored.");
} catch (error) {
console.error("\n❌ Setup failed:", error.message);
process.exit(1);
} finally {
rl.close();
}
}
run();