npm - @aikidosec/broker-client - Versions diffs - 1.0.4 → 1.0.5 - Mend

@aikidosec/broker-client 1.0.4 → 1.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/app/client.js +23 -8
package/package.json +1 -1

package/app/client.js CHANGED Viewed

@@ -37,9 +37,12 @@ const DNS_SERVERS = process.env.DNS_SERVERS
   : null;
 // Configure axios defaults
+const MAX_RESPONSE_SIZE = 100 * 1024 * 1024; // 100 MB
 const axiosConfig = {
   timeout: 30000,
-  maxRedirects: 5
+  maxRedirects: 5,
+  maxContentLength: MAX_RESPONSE_SIZE,
+  maxBodyLength: MAX_RESPONSE_SIZE
 };
 // Create axios instance for internal requests
@@ -232,7 +235,8 @@ const socket = io(SERVER_URL, {
   reconnectionDelayMax: 30000,
   randomizationFactor: 0.5,
   tryAllTransports: true, // if we don't, it won't try to fallback from websocket to polling
-  autoConnect: false  // Don't connect until after registration
+  autoConnect: false,  // Don't connect until after registration
+  withCredentials: true // make sure cookies work for sticky sessions
 });
 // Socket.IO event handlers
@@ -300,7 +304,7 @@ socket.on('forward_request', async (data, callback) => {
       request_id: requestId,
       status_code: 403,
       headers: {},
-      body: 'Target URL is not an allowed internal resource'
+      body: formatMessageBody('Target URL is not an allowed internal resource')
     });
     return;
   }
@@ -310,7 +314,7 @@ socket.on('forward_request', async (data, callback) => {
       request_id: requestId,
       status_code: 403,
       headers: {},
-      body: 'Target URL is not in the allowed resources list'
+      body: formatMessageBody('Target URL is not in the allowed resources list')
     });
     return;
   }
@@ -337,30 +341,41 @@ socket.on('forward_request', async (data, callback) => {
       url: resolvedUrl,
       headers,
       data: body,
-      validateStatus: () => true // Accept any status code
+      validateStatus: () => true, // Accept any status code
+      responseType: 'arraybuffer', // Get raw bytes, don't parse JSON
     });
     log.info(`Successfully forwarded request ${requestId} to ${targetUrl}, status: ${response.status}`);
     // Return response via acknowledgement
+    // Send body as base64 to preserve binary data byte-for-byte (critical for Docker registry digests)
+    const responseBody = response.data ? Buffer.from(response.data).toString('base64') : null;
     callback({
       request_id: requestId,
       status_code: response.status,
       headers: response.headers,
-      body: typeof response.data === 'string' ? response.data : JSON.stringify(response.data)
+      body: responseBody,
+      version: 2
     });
   } catch (error) {
-    log.error(`Error forwarding request ${requestId} to ${targetUrl}: ${error.message}`);
+    log.error(`Error forwarding request ${requestId} to ${targetUrl}: ${error?.response?.status || error.message}`);
+    const errorMessage = `Error reaching internal resource: ${error?.response?.status || error.message}`;
     callback({
       request_id: requestId,
       status_code: 502,
       headers: {},
-      body: `Error reaching internal resource: ${error.message}`
+      body: formatMessageBody(errorMessage),
+      version: 2
     });
   }
 });
+function formatMessageBody(message) {
+  return Buffer.from(message, 'utf-8').toString('base64');
+}
 /**
  * Register this client with the broker server
  */

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@aikidosec/broker-client",
-  "version": "1.0.4",
+  "version": "1.0.5",
   "description": "Aikido Broker Client - Runs in customer network to forward requests to internal resources",
   "main": "app/client.js",
   "type": "module",