@aikidosec/broker-client 1.0.7 → 1.0.8

package/README.md

@@ -21,7 +21,7 @@ docker compose up -d
 ## Quick Start
 
 1. **Generate CLIENT_SECRET in Aikido UI**:
-   - Navigate to: Settings → Broker Clients → Add New Client
+   - Navigate to: Settings → [Broker Clients](https://app.aikido.dev/settings/integrations/broker/clients) → Add New Client
    - Copy the generated `CLIENT_SECRET`
 
 2. **Configure environment** (`.env`):

package/app/client.js

@@ -13,7 +13,6 @@ import dns from 'native-dns';
 import { ResourceManager } from './resourceManager.js';
 import { HttpsProxyAgent } from 'https-proxy-agent';
 import { getClientId, setClientIdCache, getServerUrl, getClientSecret } from './config.js';
-import { STREAMING_THRESHOLD } from './streaming/state.js';
 import { registerStreamingHandlers } from './streaming/handlers.js';
 import { initStreamingResponse } from './streaming/initStreamingResponse.js';
 import { startStaleStreamCleanup, cleanupAllStreams } from './streaming/cleanup.js';
@@ -33,7 +32,7 @@ const DNS_SERVERS = process.env.DNS_SERVERS
   : null;
 
 // Configure axios defaults
-const MAX_RESPONSE_SIZE = 100 * 1024 * 1024; // 100 MB
+const MAX_RESPONSE_SIZE = 50 * 1024 * 1024; // 50 MB (falls back to streaming if exceeded)
 const axiosConfig = {
   timeout: 300000,
   maxRedirects: 5,
@@ -105,28 +104,44 @@ async function resolveInternalHostname(hostname) {
 }
 
 /**
- * Get Content-Length via HEAD request to determine if streaming should be used.
- * @param {string} url - URL to check
- * @param {object} headers - Headers to send with the request
- * @returns {Promise<number|null>} Content-Length in bytes, or null if unavailable
+ * Make an internal HTTP request with automatic fallback to streaming if buffered response is too large.
+ * @param {object} options - Request options
+ * @param {string} options.method - HTTP method
+ * @param {string} options.url - Target URL
+ * @param {object} options.headers - Request headers
+ * @param {*} options.body - Request body
+ * @param {string} options.requestId - Request ID for logging
+ * @returns {Promise<{response: object, streaming: boolean}>} Response and whether streaming was used
  */
-async function getContentLengthViaHead(url, headers) {
-  try {
-    const headResponse = await internalHttpClient.head(url, {
+async function forwardRequestToInternalResource ({ method, url, headers, body, requestId }) {
+  const makeRequest = async (streaming) => {
+    let requestData = {
+      method,
+      url,
       headers,
-      validateStatus: () => true,
-      timeout: 5000
-    });
-    // Headers can be any case (Content-Length, content-length, CONTENT-LENGTH)
-    const contentLengthHeader = Object.keys(headResponse.headers)
-      .find(key => key.toLowerCase() === 'content-length');
-    const contentLength = contentLengthHeader 
-      ? parseInt(headResponse.headers[contentLengthHeader]) 
-      : NaN;
-    return isNaN(contentLength) ? null : contentLength;
-  } catch (e) {
-    log.warn(`HEAD request failed, will use buffered approach: ${e.message}`);
-    return null;
+      data: body,
+      validateStatus: () => true, // Accept all status codes
+      responseType: streaming ? 'stream' : 'arraybuffer'
+    }
+    if (streaming) {
+      requestData.maxContentLength = Infinity;
+    }
+    // if streaming, this returns a stream instantly, it does not wait for the full response
+    return await internalHttpClient.request(requestData);
+  };
+
+  // Try buffered request first, fallback to streaming if response too large
+  try {
+    return { response: await makeRequest(false), useStreaming: false };
+  } catch (reqError) {
+    // Fallback to streaming if buffered request exceeded maxContentLength (axios ERR_BAD_RESPONSE)
+    if (axios.isAxiosError(reqError) && // axios does not have a specific error for maxcontent length, so we have to check message (this is about the MAX_RESPONSE_SIZE we set above)
+        reqError.code === 'ERR_BAD_RESPONSE' &&
+        reqError.message?.includes('maxContentLength')) {
+      log.warn(`Buffered request exceeded maxContentLength for ${requestId}, falling back to streaming`);
+      return { response: await makeRequest(true), useStreaming: true };
+    }
+    throw reqError;
   }
 }
 
@@ -342,26 +357,13 @@ socket.on('forward_request', async (data, callback) => {
       }
     }
     
-    // Check Content-Length first with HEAD request to decide streaming vs buffered
-    let useStreaming = false;
-    let contentLength = null;
-    
-    if (method === 'GET') {
-      contentLength = await getContentLengthViaHead(resolvedUrl, headers);
-      if (contentLength !== null && contentLength > STREAMING_THRESHOLD) {
-        useStreaming = true;
-        log.info(`Large response detected (${(contentLength / (1024 * 1024)).toFixed(2)} MB) - using streaming`);
-      }
-    }
-    
-    // Make the request with appropriate response type
-    const response = await internalHttpClient.request({
+    // Make the request (with automatic fallback to streaming if buffered response is too large)
+    const { response, useStreaming } = await forwardRequestToInternalResource ({
       method,
       url: resolvedUrl,
       headers,
-      data: body,
-      validateStatus: () => true, // Accept any status code
-      responseType: useStreaming ? 'stream' : 'arraybuffer',
+      body,
+      requestId
     });
     
     if (useStreaming) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aikidosec/broker-client",
-  "version": "1.0.7",
+  "version": "1.0.8",
   "description": "Aikido Broker Client - Runs in customer network to forward requests to internal resources",
   "main": "app/client.js",
   "type": "module",