@co0ontty/wand 1.41.0 → 1.41.1

package/dist/build-info.json

@@ -1,6 +1,6 @@
 {
-  "commit": "b7c719b80aee14bdd6807cf9723b3c3c79043acc",
-  "builtAt": "2026-05-30T15:25:21.935Z",
-  "version": "1.41.0",
+  "commit": "7881848a909b65c2a17ee9d443514110e2e23f1f",
+  "builtAt": "2026-05-30T15:40:31.007Z",
+  "version": "1.41.1",
   "channel": "stable"
 }

package/dist/server.js

@@ -481,6 +481,56 @@ function verifyAppToken(token, password, secret) {
 function encodeConnectCode(url, token) {
     return Buffer.from(`${url}#${token}`).toString("base64");
 }
+function firstHeaderValue(value) {
+    if (Array.isArray(value))
+        return value[0];
+    return value;
+}
+function firstHeaderListValue(value) {
+    return firstHeaderValue(value)?.split(",")[0]?.trim();
+}
+function unquoteHeaderValue(value) {
+    const trimmed = value.trim();
+    if (trimmed.length >= 2 && trimmed.startsWith("\"") && trimmed.endsWith("\"")) {
+        return trimmed.slice(1, -1);
+    }
+    return trimmed;
+}
+function getForwardedParam(req, key) {
+    const forwarded = firstHeaderListValue(req.headers.forwarded);
+    if (!forwarded)
+        return undefined;
+    const targetKey = key.toLowerCase();
+    for (const part of forwarded.split(";")) {
+        const eqIdx = part.indexOf("=");
+        if (eqIdx < 1)
+            continue;
+        const partKey = part.slice(0, eqIdx).trim().toLowerCase();
+        if (partKey !== targetKey)
+            continue;
+        return unquoteHeaderValue(part.slice(eqIdx + 1));
+    }
+    return undefined;
+}
+function normalizePublicProtocol(value) {
+    const proto = value?.trim().toLowerCase();
+    if (proto === "http" || proto === "https")
+        return proto;
+    return undefined;
+}
+function getPublicRequestProtocol(req, fallback) {
+    return (normalizePublicProtocol(firstHeaderListValue(req.headers["x-forwarded-proto"]))
+        ?? normalizePublicProtocol(getForwardedParam(req, "proto"))
+        ?? (firstHeaderListValue(req.headers["x-forwarded-ssl"])?.toLowerCase() === "on" ? "https" : undefined)
+        ?? (firstHeaderListValue(req.headers["x-forwarded-scheme"])?.toLowerCase() === "https" ? "https" : undefined)
+        ?? fallback);
+}
+function getPublicRequestHost(req, config) {
+    return (firstHeaderListValue(req.headers["x-forwarded-host"])
+        ?? getForwardedParam(req, "host")
+        ?? req.headers.host
+        ?? `${config.host}:${config.port}`);
+}
 function decodeConnectCode(code) {
     try {
         const decoded = Buffer.from(code, "base64").toString("utf8");
@@ -1335,8 +1385,8 @@ export async function startServer(config, configPath) {
     app.get("/api/app-connect-code", requireAuth, (req, res) => {
         const dbPassword = storage.getPassword();
         const effectivePassword = dbPassword ?? config.password;
-        const protocol = useHttps ? "https" : "http";
-        const host = req.headers.host || `${config.host}:${config.port}`;
+        const protocol = getPublicRequestProtocol(req, useHttps ? "https" : "http");
+        const host = getPublicRequestHost(req, config);
         const serverUrl = `${protocol}://${host}`;
         const appSecret = config.appSecret ?? "";
         const token = generateAppToken(effectivePassword, appSecret);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@co0ontty/wand",
-  "version": "1.41.0",
+  "version": "1.41.1",
   "description": "A web terminal for local CLI tools like Claude.",
   "type": "module",
   "bin": {