Merge pull request #29 from e2b-dev/improve-auth

Improve auth DX

Author: mishushakov

.changeset/cute-deer-fall.md

@@ -0,0 +1,6 @@
+---
+"@e2b/desktop-python": minor
+"@e2b/desktop": minor
+---
+
+updates auth dx

README.md

@@ -124,11 +124,14 @@ desktop = Sandbox()
 
 # Start the stream
 desktop.stream.start(
-    enable_auth=True  # Enable authentication with an auto-generated password that will be injected in the stream URL
+    require_auth=True  # Require authentication with an auto-generated key
 )
 
+# Retrieve the authentication key
+auth_key = desktop.stream.get_auth_key()
+
 # Get stream URL
-url = desktop.stream.get_url()
+url = desktop.stream.get_url(auth_key=auth_key)
 print(url)
 
 # Stop the stream
@@ -144,11 +147,14 @@ const desktop = await Sandbox.create()
 
 // Start the stream
 await desktop.stream.start({
-  enableAuth: true, // Enable authentication with an auto-generated password that will be injected in the stream UR
+  requireAuth: true, // Require authentication with an auto-generated key
 })
 
+// Retrieve the authentication key
+const authKey = await desktop.stream.getAuthKey()
+
 // Get stream URL
-const url = desktop.stream.getUrl()
+const url = desktop.stream.getUrl({ authKey })
 console.log(url)
 
 // Stop the stream

examples/basic-javascript/index.js

@@ -67,15 +67,18 @@ async function main() {
   console.log(' - Desktop sandbox screen size:', size)
 
   console.log('\n> Starting desktop stream...')
-  await desktop.stream.start()
+  await desktop.stream.start({
+    requireAuth: true
+  })
 
   console.log('\n> Waiting 5 seconds for the stream to load...')
   for (let i = 5; i > 0; i--) {
     console.log(` - ${i} seconds remaining until the next step...`)
     await wait(1000)
   }
 
-  const url = desktop.stream.getUrl()
+  const authKey = await desktop.stream.getAuthKey()
+  const url = desktop.stream.getUrl({ authKey })
   console.log(' - Stream URL:', url)
 
   console.log('\n> Creating browser window...')

examples/basic-python/main.py

@@ -51,8 +51,9 @@ def main():
     print(" - Desktop Sandbox screen size:", width, height)
 
     print("\n> Starting desktop stream...")
-    desktop.stream.start(enable_auth=True)
-    stream_url = desktop.stream.get_url()
+    desktop.stream.start(require_auth=True)
+    auth_key = desktop.stream.get_auth_key()
+    stream_url = desktop.stream.get_url(auth_key=auth_key)
     print(" - Stream URL:", stream_url)
 
     # The webview needs to run on the main thread. That would mean that it would block the program execution.

packages/js-sdk/README.md

@@ -78,11 +78,14 @@ const desktop = await Sandbox.create()
 
 // Start the stream
 await desktop.stream.start({
-  enableAuth: true, // Enable authentication with an auto-generated password that will be injected in the stream UR
+  requireAuth: true, // Enable authentication with an auto-generated key
 })
 
+// Retrieve the authentication key
+const authKey = await desktop.stream.getAuthKey()
+
 // Get stream URL
-const url = desktop.stream.getUrl()
+const url = desktop.stream.getUrl({ authKey })
 console.log(url)
 
 // Stop the stream

packages/js-sdk/example.mts

@@ -15,10 +15,11 @@ console.log("Desktop Sandbox started, ID:", desktop.sandboxId)
 console.log("Screen size:", await desktop.getScreenSize())
 
 await desktop.stream.start({
-  enableAuth: true
+  requireAuth: true
 })
 
-console.log("Stream URL:", desktop.stream.getUrl())
+const authKey = await desktop.stream.getAuthKey()
+console.log("Stream URL:", desktop.stream.getUrl({ authKey }))
 
 await new Promise(resolve => setTimeout(resolve, 5000));
 

packages/js-sdk/src/sandbox.ts

@@ -36,24 +36,6 @@ export interface SandboxOpts extends SandboxOptsBase {
    * @type {string}
    */
   display?: string
-
-  /**
-   * Port number for the VNC server.
-   * @type {number}
-   */
-  vncPort?: number
-
-  /**
-   * Port number for the noVNC proxy server.
-   * @type {number}
-   */
-  port?: number
-
-  /**
-   * Whether to enable authentication for noVNC connections.
-   * @type {boolean}
-   */
-  enableAuth?: boolean
 }
 
 
@@ -413,7 +395,7 @@ export class Sandbox extends SandboxBase {
 interface VNCServerOptions {
   vncPort?: number;
   port?: number;
-  enableAuth?: boolean;
+  requireAuth?: boolean;
 }
 
 // Modified VNCServer class
@@ -424,21 +406,27 @@ class VNCServer {
   private url: URL | null = null;
   private vncHandle: CommandHandle | null = null;
   private novncHandle: CommandHandle | null = null;
-  private readonly password: string;
+  private password: string | undefined;
   private vncCommand: string = "";
   private readonly novncCommand: string;
   private readonly desktop: Sandbox;
 
   constructor(desktop: Sandbox) {
     this.desktop = desktop;
-    this.password = generateRandomString();
-
     this.novncCommand = (
       `cd /opt/noVNC/utils && ./novnc_proxy --vnc localhost:${this.vncPort} ` +
       `--listen ${this.port} --web /opt/noVNC > /tmp/novnc.log 2>&1`
     );
   }
 
+  public getAuthKey(): string {
+    if (!this.password) {
+      throw new Error('Unable to retrieve stream auth key, check if requireAuth is enabled');
+    }
+
+    return this.password;
+  }
+
   /**
    * Set the VNC command to start the VNC server.
    */
@@ -465,9 +453,10 @@ class VNCServer {
   /**
    * Get the URL to connect to the VNC server.
    * @param autoConnect - Whether to automatically connect to the server after opening the URL.
+   * @param authKey - The password to use to connect to the server.
    * @returns The URL to connect to the VNC server.
    */
-  public getUrl(autoConnect: boolean = true): string {
+  public getUrl({ autoConnect = true, authKey }: { autoConnect?: boolean, authKey?: string } = {}): string {
     if (this.url === null) {
       throw new Error('Server is not running');
     }
@@ -476,8 +465,8 @@ class VNCServer {
     if (autoConnect) {
       url.searchParams.set('autoconnect', 'true');
     }
-    if (this.novncAuthEnabled) {
-      url.searchParams.set("password", this.password);
+    if (authKey) {
+      url.searchParams.set("password", authKey);
     }
     return url.toString()
   }
@@ -493,7 +482,8 @@ class VNCServer {
 
     this.vncPort = opts.vncPort ?? this.vncPort;
     this.port = opts.port ?? this.port;
-    this.novncAuthEnabled = opts.enableAuth ?? this.novncAuthEnabled;
+    this.novncAuthEnabled = opts.requireAuth ?? this.novncAuthEnabled;
+    this.password = this.novncAuthEnabled ? generateRandomString() : undefined;
     this.url = new URL(`https://${this.desktop.getHost(this.port)}/vnc.html`);
 
     // Stop both servers in case one of them is running.

packages/python-sdk/README.md

@@ -76,11 +76,14 @@ desktop = Sandbox()
 
 # Start the stream
 desktop.stream.start(
-    enable_auth=True  # Enable authentication with an auto-generated password that will be injected in the stream URL
+    require_auth=True  # Enable authentication with an auto-generated key
 )
 
+# Retrieve the authentication key
+auth_key = desktop.stream.get_auth_key()
+
 # Get stream URL
-url = desktop.stream.get_url()
+url = desktop.stream.get_url(auth_key=auth_key)
 print(url)
 
 # Stop the stream

packages/python-sdk/e2b_desktop/main.py

@@ -15,11 +15,10 @@ def __init__(self, desktop: "Sandbox") -> None:
         self._vnc_port = 5900
         self._port = 6080
         self._novnc_auth_enabled = False
+        self._novnc_password = None
 
         self._url = f"https://{desktop.get_host(self._port)}/vnc.html"
 
-        self._novnc_password = self._generate_password()
-
         self.__desktop = desktop
 
     def _wait_for_port(self, port: int) -> bool:
@@ -35,21 +34,22 @@ def _generate_password(length: int = 16) -> str:
         characters = string.ascii_letters + string.digits
         return ''.join(secrets.choice(characters) for _ in range(length))
 
-    def get_url(self, auto_connect: bool = True) -> str:
+    def get_url(self, auto_connect: bool = True, auth_key: Optional[str] = None) -> str:
         params = []
         if auto_connect:
             params.append("autoconnect=true")
-        if self._novnc_auth_enabled:
-            params.append(f"password={self._novnc_password}")
+        if auth_key:
+            params.append(f"password={auth_key}")
         if params:
             return f"{self._url}?{'&'.join(params)}"
         return self._url
 
-    @property
-    def password(self) -> str:
+    def get_auth_key(self) -> str:
+        if not self._novnc_password:
+            raise RuntimeError('Unable to retrieve stream auth key, check if require_auth is enabled')
         return self._novnc_password
 
-    def start(self, vnc_port: Optional[int] = None, port: Optional[int] = None, enable_auth: bool = False) -> None:
+    def start(self, vnc_port: Optional[int] = None, port: Optional[int] = None, require_auth: bool = False) -> None:
         # If both servers are already running, throw an error
         if self.__vnc_handle is not None and self.__novnc_handle is not None:
             raise RuntimeError('Server is already running')
@@ -60,7 +60,8 @@ def start(self, vnc_port: Optional[int] = None, port: Optional[int] = None, enab
         # Update parameters if provided
         self._vnc_port = vnc_port or self._vnc_port
         self._port = port or self._port
-        self._novnc_auth_enabled = enable_auth or self._novnc_auth_enabled
+        self._novnc_auth_enabled = require_auth or self._novnc_auth_enabled
+        self._novnc_password = self._generate_password() if require_auth else None
 
         # Update URL with new port
         self._url = f"https://{self.__desktop.get_host(self._port)}/vnc.html"