npm - @aikidosec/broker-client - Versions diffs - 1.0.7 → 1.0.9 - Mend

@aikidosec/broker-client 1.0.7 → 1.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md +1 -1
package/app/client.js +57 -45
package/app/streaming/handlers.js +1 -1
package/app/streaming/initStreamingResponse.js +1 -1
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -21,7 +21,7 @@ docker compose up -d
 ## Quick Start
 1. **Generate CLIENT_SECRET in Aikido UI**:
-   - Navigate to: Settings → Broker Clients → Add New Client
+   - Navigate to: Settings → [Broker Clients](https://app.aikido.dev/settings/integrations/broker/clients) → Add New Client
    - Copy the generated `CLIENT_SECRET`
 2. **Configure environment** (`.env`):

package/app/client.js CHANGED Viewed

@@ -13,7 +13,6 @@ import dns from 'native-dns';
 import { ResourceManager } from './resourceManager.js';
 import { HttpsProxyAgent } from 'https-proxy-agent';
 import { getClientId, setClientIdCache, getServerUrl, getClientSecret } from './config.js';
-import { STREAMING_THRESHOLD } from './streaming/state.js';
 import { registerStreamingHandlers } from './streaming/handlers.js';
 import { initStreamingResponse } from './streaming/initStreamingResponse.js';
 import { startStaleStreamCleanup, cleanupAllStreams } from './streaming/cleanup.js';
@@ -33,7 +32,7 @@ const DNS_SERVERS = process.env.DNS_SERVERS
   : null;
 // Configure axios defaults
-const MAX_RESPONSE_SIZE = 100 * 1024 * 1024; // 100 MB
+const MAX_RESPONSE_SIZE = 50 * 1024 * 1024; // 50 MB (falls back to streaming if exceeded)
 const axiosConfig = {
   timeout: 300000,
   maxRedirects: 5,
@@ -105,28 +104,44 @@ async function resolveInternalHostname(hostname) {
 }
 /**
- * Get Content-Length via HEAD request to determine if streaming should be used.
- * @param {string} url - URL to check
- * @param {object} headers - Headers to send with the request
- * @returns {Promise<number|null>} Content-Length in bytes, or null if unavailable
+ * Make an internal HTTP request with automatic fallback to streaming if buffered response is too large.
+ * @param {object} options - Request options
+ * @param {string} options.method - HTTP method
+ * @param {string} options.url - Target URL
+ * @param {object} options.headers - Request headers
+ * @param {*} options.body - Request body
+ * @param {string} options.requestId - Request ID for logging
+ * @returns {Promise<{response: object, streaming: boolean}>} Response and whether streaming was used
  */
-async function getContentLengthViaHead(url, headers) {
-  try {
-    const headResponse = await internalHttpClient.head(url, {
+async function forwardRequestToInternalResource ({ method, url, headers, body, requestId }) {
+  const makeRequest = async (streaming) => {
+    let requestData = {
+      method,
+      url,
       headers,
-      validateStatus: () => true,
-      timeout: 5000
-    });
-    // Headers can be any case (Content-Length, content-length, CONTENT-LENGTH)
-    const contentLengthHeader = Object.keys(headResponse.headers)
-      .find(key => key.toLowerCase() === 'content-length');
-    const contentLength = contentLengthHeader
-      ? parseInt(headResponse.headers[contentLengthHeader])
-      : NaN;
-    return isNaN(contentLength) ? null : contentLength;
-  } catch (e) {
-    log.warn(`HEAD request failed, will use buffered approach: ${e.message}`);
-    return null;
+      data: body,
+      validateStatus: () => true, // Accept all status codes
+      responseType: streaming ? 'stream' : 'arraybuffer'
+    }
+    if (streaming) {
+      requestData.maxContentLength = Infinity;
+    }
+    // if streaming, this returns a stream instantly, it does not wait for the full response
+    return await internalHttpClient.request(requestData);
+  };
+  // Try buffered request first, fallback to streaming if response too large
+  try {
+    return { response: await makeRequest(false), useStreaming: false };
+  } catch (reqError) {
+    // Fallback to streaming if buffered request exceeded maxContentLength (axios ERR_BAD_RESPONSE)
+    if (axios.isAxiosError(reqError) && // axios does not have a specific error for maxcontent length, so we have to check message (this is about the MAX_RESPONSE_SIZE we set above)
+        reqError.code === 'ERR_BAD_RESPONSE' &&
+        reqError.message?.includes('maxContentLength')) {
+      log.warn(`Buffered request exceeded maxContentLength for ${requestId}, falling back to streaming`);
+      return { response: await makeRequest(true), useStreaming: true };
+    }
+    throw reqError;
   }
 }
@@ -238,9 +253,20 @@ const socket = io(SERVER_URL, {
   pingTimeout: 60000,   // 60s (default 20s) - time to wait for pong before considering connection dead
 });
-// Socket.IO event handlers
+// Socket.IO event handlers - listen for engine open to catch transport before upgrade
+socket.io.on('open', () => {
+  const transport = socket.io?.engine?.transport?.name;
+  log.info(`🔌 Engine opened (initial transport: ${transport})`);
+  // Log transport upgrades (e.g., polling -> websocket)
+  socket.io.engine.on('upgrade', (newTransport) => {
+    log.info(`🔄 Transport upgraded to: ${newTransport?.name}`);
+  });
+});
 socket.on('connect', async () => {
-  log.info('✓ Connected to broker server');
+  const transport = socket.io?.engine?.transport?.name;
+  log.info(`✓ Connected to broker server (transport: ${transport})`);
   const clientId = getClientId();
@@ -342,26 +368,13 @@ socket.on('forward_request', async (data, callback) => {
       }
     }
-    // Check Content-Length first with HEAD request to decide streaming vs buffered
-    let useStreaming = false;
-    let contentLength = null;
-    if (method === 'GET') {
-      contentLength = await getContentLengthViaHead(resolvedUrl, headers);
-      if (contentLength !== null && contentLength > STREAMING_THRESHOLD) {
-        useStreaming = true;
-        log.info(`Large response detected (${(contentLength / (1024 * 1024)).toFixed(2)} MB) - using streaming`);
-      }
-    }
-    // Make the request with appropriate response type
-    const response = await internalHttpClient.request({
+    // Make the request (with automatic fallback to streaming if buffered response is too large)
+    const { response, useStreaming } = await forwardRequestToInternalResource ({
       method,
       url: resolvedUrl,
       headers,
-      data: body,
-      validateStatus: () => true, // Accept any status code
-      responseType: useStreaming ? 'stream' : 'arraybuffer',
+      body,
+      requestId
     });
     if (useStreaming) {
@@ -409,17 +422,16 @@ socket.on('forward_request', async (data, callback) => {
  * @param {string} requestId - Request ID for tracking
  * @param {number} statusCode - HTTP status code
  * @param {object} headers - Response headers
- * @param {Buffer|null} responseData - Raw response data (before base64)
+ * @param {Buffer|null} responseData - Raw response data (sent as binary)
  * @param {function} callback - Socket.IO callback
  */
 function sendDirectResponse(requestId, statusCode, headers, responseData, callback) {
-  const responseBody = responseData ? responseData.toString('base64') : null;
   callback({
     request_id: requestId,
     status_code: statusCode,
     headers: headers,
-    body: responseBody,
-    version: 2
+    body: responseData || null,  // Send raw Buffer - Socket.IO handles binary natively
+    version: 3
   });
 }

package/app/streaming/handlers.js CHANGED Viewed

@@ -64,7 +64,7 @@ export async function handleGetNextChunk(data, callback) {
   callback({
     request_id: requestId,
-    data: chunkData.toString('base64'),
+    data: chunkData,  // Send raw Buffer - Socket.IO handles binary natively
     complete: isComplete,
     chunk_index: state.chunkIndex
   });

package/app/streaming/initStreamingResponse.js CHANGED Viewed

@@ -76,7 +76,7 @@ export function initStreamingResponse({ requestId, statusCode, headers, stream,
     status_code: statusCode,
     headers: headers,
     body: null,
-    version: 2,
+    version: 3,
     streaming: true
   });

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@aikidosec/broker-client",
-  "version": "1.0.7",
+  "version": "1.0.9",
   "description": "Aikido Broker Client - Runs in customer network to forward requests to internal resources",
   "main": "app/client.js",
   "type": "module",