npm - @byoky/bridge - Versions diffs - 0.4.0 → 0.4.1 - Mend

@byoky/bridge 0.4.0 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/host.js CHANGED Viewed

@@ -10,6 +10,8 @@ function handleProxyResponse(msg) {
     delete headers["transfer-encoding"];
     delete headers["content-encoding"];
     delete headers["content-length"];
+    delete headers["set-cookie"];
+    delete headers["set-cookie2"];
     pending.res.writeHead(msg.status, headers);
   } else if (msg.type === "proxy_http_response_chunk") {
     pending.res.write(msg.chunk);
@@ -46,6 +48,11 @@ function startProxyServer(config) {
       res.end(JSON.stringify({ status: "ok", providers }));
       return;
     }
+    if ((req.url?.length ?? 0) > MAX_URI_LENGTH) {
+      res.writeHead(414, { "Content-Type": "application/json" });
+      res.end(JSON.stringify({ error: "URI too long" }));
+      return;
+    }
     const match = req.url?.match(/^\/([^/]+)(\/.*)?$/);
     if (!match) {
       res.writeHead(404, { "Content-Type": "application/json" });
@@ -59,6 +66,12 @@ function startProxyServer(config) {
       res.end(JSON.stringify({ error: `Provider "${providerId}" not available in this session` }));
       return;
     }
+    const declaredLength = parseInt(req.headers["content-length"] || "0", 10);
+    if (declaredLength > MAX_BODY_SIZE) {
+      res.writeHead(413, { "Content-Type": "application/json" });
+      res.end(JSON.stringify({ error: "Payload too large" }));
+      return;
+    }
     const body = await readBody(req);
     const providerUrls = {
       anthropic: "https://api.anthropic.com",
@@ -85,9 +98,17 @@ function startProxyServer(config) {
     }
     const realUrl = `${baseUrl}${path}`;
     const requestId = `proxy-${crypto.randomUUID()}`;
+    const STRIP_HEADERS = /* @__PURE__ */ new Set([
+      "host",
+      "connection",
+      "cookie",
+      "authorization",
+      "proxy-authorization",
+      "proxy-connection"
+    ]);
     const headers = {};
     for (const [key, value] of Object.entries(req.headers)) {
-      if (key === "host" || key === "connection") continue;
+      if (STRIP_HEADERS.has(key)) continue;
       if (typeof value === "string") headers[key] = value;
     }
     const proxyMsg = {
@@ -124,6 +145,7 @@ function startProxyServer(config) {
   return server;
 }
 var MAX_BODY_SIZE = 10 * 1024 * 1024;
+var MAX_URI_LENGTH = 8192;
 function readBody(req) {
   return new Promise((resolve, reject) => {
     let body = "";
@@ -240,11 +262,14 @@ async function handleStreamingFetch(requestId, url, method, headers, body, mode)
   };
   const prefix = mode === "bridge" ? "proxy_response" : "proxy_http_response";
   const errorType = mode === "bridge" ? "proxy_error" : "proxy_http_error";
+  const controller = new AbortController();
+  const fetchTimeout = setTimeout(() => controller.abort(), 12e4);
   try {
     const res = await fetch(url, {
       method,
       headers,
-      body: body || void 0
+      body: body || void 0,
+      signal: controller.signal
     });
     const resHeaders = {};
     res.headers.forEach((v, k) => {
@@ -262,7 +287,9 @@ async function handleStreamingFetch(requestId, url, method, headers, body, mode)
     }
     send({ type: `${prefix}_done`, requestId });
   } catch (e) {
-    send({ type: errorType, requestId, error: e.message });
+    send({ type: errorType, requestId, error: "Fetch request failed" });
+  } finally {
+    clearTimeout(fetchTimeout);
   }
 }
 function handleStartProxy(req) {
@@ -281,7 +308,7 @@ function handleStartProxy(req) {
     writeMessage({
       type: "proxy_error",
       requestId: "start-proxy",
-      error: e.message
+      error: "Failed to start proxy server"
     });
   }
 }

package/dist/installer.js CHANGED Viewed

@@ -2,11 +2,11 @@
 import { writeFileSync, mkdirSync, unlinkSync, existsSync, chmodSync } from "fs";
 import { dirname, resolve } from "path";
 import { homedir, platform } from "os";
-import { execSync } from "child_process";
+import { execFileSync } from "child_process";
 var HOST_NAME = "com.byoky.bridge";
 function getHostPath() {
   try {
-    return execSync("which byoky-bridge", { encoding: "utf-8" }).trim();
+    return execFileSync("/usr/bin/which", ["byoky-bridge"], { encoding: "utf-8", timeout: 5e3 }).trim();
   } catch {
     return resolve(dirname(new URL(import.meta.url).pathname), "../bin/byoky-bridge.js");
   }
@@ -14,16 +14,19 @@ function getHostPath() {
 function createNativeWrapper(hostPath, manifestDir) {
   const nodePath = process.execPath;
   const wrapperPath = resolve(manifestDir, "byoky-bridge-host");
-  const userPath = process.env.PATH || "";
-  const script = `#!/bin/bash
-export PATH="${userPath}"
-exec "${nodePath}" "${hostPath}" host "$@"
-`;
+  const nodeDir = dirname(nodePath);
+  const safePath = `${nodeDir}:/usr/local/bin:/usr/bin:/bin`;
+  const script = [
+    "#!/bin/bash",
+    `export PATH='${safePath}'`,
+    `exec '${nodePath.replace(/'/g, "'\\''")}' '${hostPath.replace(/'/g, "'\\''")}' host "$@"`,
+    ""
+  ].join("\n");
   writeFileSync(wrapperPath, script);
   chmodSync(wrapperPath, 493);
   return wrapperPath;
 }
-var DEFAULT_EXTENSION_ID = "ahhecmfcclkjdgjnmackoacldnmgmipl";
+var DEFAULT_EXTENSION_ID = process.env.BYOKY_EXTENSION_ID || "ahhecmfcclkjdgjnmackoacldnmgmipl";
 function buildManifest(hostPath, browserType, extensionId) {
   const base = {
     name: HOST_NAME,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@byoky/bridge",
-  "version": "0.4.0",
+  "version": "0.4.1",
   "description": "Native messaging bridge for Byoky — routes setup token requests through Claude Code CLI",
   "type": "module",
   "main": "dist/host.js",