// cwr-ftp.jsx — FTP / FTPS compatibility surface // ───────────────────────────────────────────────────────────────── // Surfaces the FTP/FTPS subset of CwrTransport with: // 1. Server list (per-society FTP/FTPS configuration) // 2. Connection tester with security flags (TLS mode, passive, fingerprint) // 3. File browser sketch (queued / outbox / archive folders) // 4. Manual upload / re-test row actions // 5. Security audit panel (cleartext FTP warnings, TLS verification status) // // Mounted as a tab inside CWR Acks → "FTP" alongside SFTP-managed societies. // ───────────────────────────────────────────────────────────────── (function () { 'use strict'; if (typeof window === 'undefined' || !window.React) return; const { useState, useEffect, useMemo } = React; const Mono = ({ children, size = 10, color = 'var(--ink-3)', upper = true, style = {} }) => ( {children} ); // Severity chip used throughout const Chip = ({ kind, children }) => { const map = { ok: { bg: 'transparent', fg: '#0a8754', bd: '#0a8754' }, warn: { bg: 'transparent', fg: '#a35418', bd: '#a35418' }, err: { bg: '#a32a18', fg: '#fff', bd: '#a32a18' }, muted: { bg: 'transparent', fg: 'var(--ink-3)', bd: 'var(--rule)' }, ink: { bg: 'var(--ink)', fg: 'var(--bg)', bd: 'var(--ink)' }, }[kind] || { bg: 'transparent', fg: 'var(--ink-2)', bd: 'var(--rule)' }; return ( {children} ); }; // Build the list of societies that use FTP or FTPS as primary transport. function useFtpSocieties() { return useMemo(() => { const T = window.CwrTransport; if (!T) return []; return Object.entries(T.TRANSPORTS || {}) .filter(([_, cfg]) => cfg.primary === 'FTP' || cfg.primary === 'FTPS' || cfg.fallback === 'FTP' || cfg.fallback === 'FTPS') .map(([code, cfg]) => { const cred = T.getCredentials ? T.getCredentials(code) : null; return { code, cfg, cred }; }); }, []); } function FtpTab() { const societies = useFtpSocieties(); const [tests, setTests] = useState({}); // { societyCode: testResult } const [testing, setTesting] = useState({}); const [queueRev, setQueueRev] = useState(0); const [selected, setSelected] = useState(null); function runTest(code) { const T = window.CwrTransport; if (!T) return; setTesting(s => ({ ...s, [code]: true })); // Simulate latency setTimeout(() => { const r = T.testConnection(code); setTests(s => ({ ...s, [code]: { ...r, ts: Date.now() } })); setTesting(s => ({ ...s, [code]: false })); }, 400 + Math.floor(Math.random() * 600)); } function runTestAll() { societies.forEach(s => runTest(s.code)); } // Counts const counts = useMemo(() => { const r = { total: societies.length, ftp: 0, ftps: 0, tested: 0, ok: 0, warn: 0, err: 0 }; societies.forEach(s => { if (s.cfg.primary === 'FTP') r.ftp++; else r.ftps++; const t = tests[s.code]; if (t) { r.tested++; if (t.ok && !t.warning) r.ok++; else if (t.ok && t.warning) r.warn++; else r.err++; } }); return r; }, [societies, tests]); return (
{/* Header */}
TRANSPORT · FTP / FTPS
FTP compatibility
Some societies — particularly in Latin America, Eastern Europe, and East Asia — still distribute and ingest CWR via plain FTP or FTPS rather than SFTP or HTTPS portals. ASTRO supports both: FTPS explicit (AUTH TLS) on port 21 and{' '} FTPS implicit on port 990, plus plain FTP for legacy partners. Cleartext FTP is flagged as a security warning on every transfer.
{/* Counter row */}
{[ { l: 'CONFIGURED', v: counts.total, c: 'var(--ink)' }, { l: 'FTPS', v: counts.ftps, c: 'var(--ink)' }, { l: 'PLAIN FTP', v: counts.ftp, c: '#a35418' }, { l: 'TESTS PASSED', v: counts.ok, c: '#0a8754' }, { l: 'TESTS FAILED', v: counts.err, c: '#a32a18' }, ].map((s, i) => (
{s.l}
{s.v}
))}
{/* Action row */}
{counts.tested}/{counts.total} TESTED
{/* Society table */}
SOCIETYPROTOCOLHOST PORTMODEPASVSTATUS ACTIONS
{societies.map(({ code, cfg, cred }) => { const t = tests[code]; const isTesting = testing[code]; const ftpCfg = cred?.ftp || cred?.ftps; const proto = cfg.primary === 'FTP' ? 'FTP' : 'FTPS'; return (
setSelected(code)} style={{ display: 'grid', gridTemplateColumns: '110px 70px 1fr 80px 100px 80px 100px 110px', gap: 10, padding: '12px 14px', alignItems: 'center', fontSize: 12, borderBottom: '1px solid var(--rule-soft)', cursor: 'pointer', background: selected === code ? 'var(--bg-2)' : 'transparent', }}> {code.replace('_', ' ')} {proto} {ftpCfg?.host || '—'} {ftpCfg?.port || '—'} {ftpCfg?.mode || (proto === 'FTP' ? 'cleartext' : '—')} {ftpCfg?.passive ? '✓' : '—'} {isTesting ? TESTING… : !t ? NEVER : t.ok && !t.warning ? OK · {t.latencyMs}MS : t.ok && t.warning ? {t.warning.replace('_',' ')} : {t.error}}
); })}
{/* Detail panel */} {selected && setSelected(null)} test={tests[selected]} onRetest={() => runTest(selected)}/>} {/* Security audit */} {/* Spec reference */}
); } // ─── Detail drawer (inline expansion, editable) ───────────────── // Society-specific FTP credentials editor: // • Host / Port / Username / Password (encrypted) / Directories // • TLS mode + verify + fingerprint (FTPS only) // • Passive mode toggle // • Inbox / Outbox / Archive / Ack remote paths // • Reveal-password gesture, save/revert, retest, list remote function FtpDetail({ code, onClose, test, onRetest }) { const T = window.CwrTransport; const cred = T?.getCredentials ? T.getCredentials(code) : null; const cfg = T?.TRANSPORTS?.[code]; if (!cred || !cfg) return null; const slotKey = cred.ftp ? 'ftp' : 'ftps'; const proto = cfg.primary === 'FTP' ? 'FTP' : 'FTPS'; // Working copy of the editable fields. Encrypted password stays opaque // until the user types a new plaintext, at which point we re-encrypt. const initial = useMemo(() => { const s = cred[slotKey]; return { host: s.host || '', port: s.port || (proto === 'FTPS' && s.mode === 'implicit' ? 990 : 21), user: s.user || '', password: '', // empty = leave existing enc unchanged passwordEnc: s.passwordEnc || '', mode: s.mode || (proto === 'FTP' ? 'cleartext' : 'explicit'), passive: s.passive !== false, tlsVerify: s.tlsVerify !== false, fingerprint: s.fingerprint || '', directories: { inbox: (s.directories && s.directories.inbox) || '/cwr/in', outbox: (s.directories && s.directories.outbox) || '/cwr/out', archive: (s.directories && s.directories.archive) || '/cwr/archive', ack: (s.directories && s.directories.ack) || '/cwr/ack', }, }; }, [code, cred, slotKey, proto]); const [form, setForm] = useState(initial); const [showPw, setShowPw] = useState(false); const [savedAt, setSavedAt] = useState(null); const [files, setFiles] = useState(null); const [filesLoading, setFilesLoading] = useState(false); const [browseDir, setBrowseDir] = useState('outbox'); // Re-init when society changes useEffect(() => { setForm(initial); setShowPw(false); setSavedAt(null); setFiles(null); }, [code]); const dirty = useMemo(() => JSON.stringify(form) !== JSON.stringify({ ...initial, password: form.password || '' }), [form, initial]); function patch(p) { setForm(f => ({ ...f, ...p })); } function patchDir(k, v) { setForm(f => ({ ...f, directories: { ...f.directories, [k]: v } })); } function save() { if (!T.updateCredentials) return; const r = T.updateCredentials(code, { host: form.host, port: Number(form.port), user: form.user, password: form.password || null, mode: form.mode, passive: form.passive, tlsVerify: form.tlsVerify, fingerprint: form.fingerprint, directories: form.directories, }); if (r.ok) { setSavedAt(Date.now()); // refresh form to drop typed plaintext + pick up new enc blob setForm(f => ({ ...f, password: '', passwordEnc: r.slot.passwordEnc })); } } function revert() { setForm(initial); } function listRemote(which) { setBrowseDir(which); setFilesLoading(true); const dir = form.directories[which]; setTimeout(() => { const now = Date.now(); let listing = []; if (which === 'outbox') { listing = [ { name: `CW25${(1000 + Math.floor(Math.random()*9000))}PLU_${code.slice(0,3)}.V21`, size: 18430, ts: ts(now - 4*3600e3) }, { name: `CW25${(1000 + Math.floor(Math.random()*9000))}PLU_${code.slice(0,3)}.V21`, size: 9420, ts: ts(now - 8*3600e3) }, { name: `CW25${(1000 + Math.floor(Math.random()*9000))}PLU_${code.slice(0,3)}.V21`, size: 22118, ts: ts(now - 26*3600e3) }, ]; } else if (which === 'inbox') { listing = [ { name: `ACK_${code}_${ymd(now-2*3600e3)}_001.V21`, size: 4120, ts: ts(now - 2*3600e3) }, { name: `ACK_${code}_${ymd(now-26*3600e3)}_001.V21`, size: 3982, ts: ts(now - 26*3600e3) }, ]; } else if (which === 'archive') { listing = [ { name: `CW25_PLU_${code.slice(0,3)}_2025Q1.zip`, size: 184302, ts: '2025-03-31 23:55' }, { name: `CW24_PLU_${code.slice(0,3)}_2024Q4.zip`, size: 192401, ts: '2024-12-31 23:50' }, ]; } else if (which === 'ack') { listing = [ { name: `ACK_RECEIPT_${ymd(now)}.V21`, size: 1230, ts: ts(now - 1*3600e3) }, ]; } setFiles({ dir, items: listing }); setFilesLoading(false); }, 500); } function ts(d) { return new Date(d).toISOString().slice(0,16).replace('T',' '); } function ymd(d) { return new Date(d).toISOString().slice(0,10); } return (
{/* Header */}
FTP CREDENTIALS {code.replace('_', ' ')} {proto} {dirty && UNSAVED} {savedAt && !dirty && SAVED · {new Date(savedAt).toLocaleTimeString()}}
{/* LEFT: editable credentials */}
CONNECTION patch({ host: v })} placeholder="ftp.society.example"/> patch({ port: v })} placeholder="21" mono numeric/> patch({ user: v })} placeholder="pluralis_xx" mono/> patch({ password: v })} show={showPw} onToggleShow={() => setShowPw(s => !s)} /> {proto === 'FTPS' && ( <> patch({ fingerprint: v })} placeholder="SHA256:…" mono/> )} patch({ passive: v })} onLabel="passive (PASV)" offLabel="active (PORT)"/>
DIRECTORIES · REMOTE PATHS patchDir('outbox', v)} mono/> patchDir('inbox', v)} mono/> patchDir('archive', v)} mono/> patchDir('ack', v)} mono/> {/* Action row */}
Encryption: passwords are stored as enc:AES256:<hex> — never as plaintext. Typing a new password re-encrypts on save. The current encrypted blob remains opaque even when "show" is toggled unless you provide a new plaintext.
{/* RIGHT: remote folder browser, scoped to the directories above */}
REMOTE BROWSER · {form.host} {filesLoading && OPENING DATA CHANNEL…}
{/* Directory tabs */}
{[ ['outbox', 'Outbox', form.directories.outbox], ['inbox', 'Inbox', form.directories.inbox], ['archive', 'Archive', form.directories.archive], ['ack', 'Ack', form.directories.ack], ].map(([k, l, p]) => ( ))}
{!files && !filesLoading && (
Pick a directory tab to LIST its contents over the data channel. Listings reflect the configured remote paths above — edit them and the browser follows.
)} {files && ( <>
{files.dir} · {files.items.length} entries
{files.items.length === 0 && ( )} {files.items.map((f, i) => ( ))}
(empty)
{f.name} {formatBytes(f.size)} {f.ts}
)} {/* Test result strip */} {test && (
LAST TEST {test.ok && !test.warning && CONNECTED · {test.latencyMs}MS} {test.ok && test.warning && {test.warning.replace('_',' ')}} {!test.ok && {test.error}} {test.msg} {new Date(test.ts).toLocaleTimeString()}
)}
); } // ─── Form primitives ───────────────────────────────────────────── function FormGrid({ children }) { return
{children}
; } function Field({ label, hint, wide, children }) { return (
{label}
{children} {hint &&
{hint}
}
); } function Input({ value, onChange, placeholder, mono, numeric }) { return ( onChange(numeric ? e.target.value.replace(/[^0-9]/g, '') : e.target.value)} placeholder={placeholder} className={mono ? 'ff-mono' : ''} style={{ width: '100%', padding: '8px 10px', fontSize: 12, color: 'var(--ink)', background: 'var(--bg)', border: '1px solid var(--rule)', outline: 'none', fontFamily: mono ? 'ui-monospace, monospace' : undefined, boxSizing: 'border-box', }} onFocus={e => e.target.style.borderColor = 'var(--ink)'} onBlur={e => e.target.style.borderColor = 'var(--rule)'} /> ); } function PasswordField({ plaintext, encrypted, onChange, show, onToggleShow }) { return (
onChange(e.target.value)} className="ff-mono" style={{ flex: 1, padding: '8px 10px', fontSize: 12, color: 'var(--ink)', background: 'var(--bg)', border: '1px solid var(--rule)', outline: 'none', fontFamily: 'ui-monospace, monospace', boxSizing: 'border-box', }} onFocus={e => e.target.style.borderColor = 'var(--ink)'} onBlur={e => e.target.style.borderColor = 'var(--rule)'} />
); } function Select({ value, onChange, options }) { return ( ); } function Toggle({ on, onChange, onLabel = 'on', offLabel = 'off' }) { return ( ); } function formatBytes(n) { if (n < 1024) return n + ' B'; if (n < 1024 * 1024) return (n / 1024).toFixed(1) + ' KB'; return (n / (1024 * 1024)).toFixed(1) + ' MB'; } // ─── Security audit panel ────────────────────────────────────── function SecurityAudit({ societies, tests }) { const findings = useMemo(() => { const out = []; societies.forEach(({ code, cfg, cred }) => { const ftp = cred?.ftp || cred?.ftps; if (cfg.primary === 'FTP') { out.push({ code, severity: 'high', kind: 'CLEARTEXT_FTP', msg: 'Plain FTP transmits credentials and data unencrypted. Recommend migrating to FTPS or SFTP.' }); } if (cfg.primary === 'FTPS' && ftp && ftp.tlsVerify === false) { out.push({ code, severity: 'medium', kind: 'TLS_VERIFY_DISABLED', msg: 'TLS certificate verification is disabled. Vulnerable to man-in-the-middle attack.' }); } if (ftp && !ftp.passive) { out.push({ code, severity: 'low', kind: 'ACTIVE_MODE', msg: 'Active mode enabled. Most production NATs and firewalls require passive mode.' }); } if ((cfg.primary === 'FTP' || cfg.primary === 'FTPS') && !cfg.fallback) { out.push({ code, severity: 'low', kind: 'NO_FALLBACK', msg: 'No fallback transport configured. Connection failures will block delivery.' }); } if (cfg.primary === 'FTPS' && ftp && !ftp.fingerprint) { out.push({ code, severity: 'low', kind: 'NO_PINNING', msg: 'Server certificate fingerprint not pinned. Trust falls back to system CA store.' }); } }); return out; }, [societies]); if (findings.length === 0) return null; const sevColor = { high: '#a32a18', medium: '#a35418', low: 'var(--ink-3)' }; return (
SECURITY AUDIT · {findings.length} FINDINGS
Static review of FTP / FTPS configuration. Findings reflect protocol-level risk, not the state of any in-flight transfer. Resolve high-severity issues before going live.
{findings.map((f, i) => (
{f.severity} {f.code.replace('_',' ')} {f.kind} {f.msg}
))}
); } // ─── Spec reference ──────────────────────────────────────────── function SpecReference() { return (
FTP / FTPS REFERENCE
ASTRO behavior: all FTP/FTPS submissions wrap into the same submission queue as SFTP and PORTAL — events flow through QUEUED → UPLOADING → UPLOADED → ACK_PENDING → ACKED. Cleartext FTP transfers add a CLEARTEXT_FTP audit-log entry with severity HIGH on every successful upload. Failed TLS handshakes promote the configured fallback transport before giving up.
); } function RefCard({ title, subtitle, lines }) { return (
{subtitle}
{title}
{lines.map(([k, v]) => ( ))}
{k} {v}
); } window.FtpTab = FtpTab; console.log('[FtpTab] loaded'); })();