@dxos/edge-client 0.8.4-main.03d5cd7b56 → 0.8.4-main.05e74ebcff

package/LICENSE

@@ -1,8 +1,105 @@
-MIT License 
-Copyright (c) 2022 DXOS
+# Functional Source License, Version 1.1, ALv2 Future License
 
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+## Abbreviation
 
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+FSL-1.1-Apache-2.0
 
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+## Notice
+
+Copyright 2026 DXOS
+
+## Terms and Conditions
+
+### Licensor ("We")
+
+The party offering the Software under these Terms and Conditions.
+
+### The Software
+
+The "Software" is each version of the software that we make available under
+these Terms and Conditions, as indicated by our inclusion of these Terms and
+Conditions with the Software.
+
+### License Grant
+
+Subject to your compliance with this License Grant and the Patents,
+Redistribution and Trademark clauses below, we hereby grant you the right to
+use, copy, modify, create derivative works, publicly perform, publicly display
+and redistribute the Software for any Permitted Purpose identified below.
+
+### Permitted Purpose
+
+A Permitted Purpose is any purpose other than a Competing Use. A Competing Use
+means making the Software available to others in a commercial product or
+service that:
+
+1. substitutes for the Software;
+
+2. substitutes for any other product or service we offer using the Software
+   that exists as of the date we make the Software available; or
+
+3. offers the same or substantially similar functionality as the Software.
+
+Permitted Purposes specifically include using the Software:
+
+1. for your internal use and access;
+
+2. for non-commercial education;
+
+3. for non-commercial research; and
+
+4. in connection with professional services that you provide to a licensee
+   using the Software in accordance with these Terms and Conditions.
+
+### Patents
+
+To the extent your use for a Permitted Purpose would necessarily infringe our
+patents, the license grant above includes a license under our patents. If you
+make a claim against any party that the Software infringes or contributes to
+the infringement of any patent, then your patent license to the Software ends
+immediately.
+
+### Redistribution
+
+The Terms and Conditions apply to all copies, modifications and derivatives of
+the Software.
+
+If you redistribute any copies, modifications or derivatives of the Software,
+you must include a copy of or a link to these Terms and Conditions and not
+remove any copyright notices provided in or with the Software.
+
+### Disclaimer
+
+THE SOFTWARE IS PROVIDED "AS IS" AND WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR
+PURPOSE, MERCHANTABILITY, TITLE OR NON-INFRINGEMENT.
+
+IN NO EVENT WILL WE HAVE ANY LIABILITY TO YOU ARISING OUT OF OR RELATED TO THE
+SOFTWARE, INCLUDING INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES,
+EVEN IF WE HAVE BEEN INFORMED OF THEIR POSSIBILITY IN ADVANCE.
+
+### Trademarks
+
+Except for displaying the License Details and identifying us as the origin of
+the Software, you have no right under these Terms and Conditions to use our
+trademarks, trade names, service marks or product names.
+
+## Grant of Future License
+
+We hereby irrevocably grant you an additional license to use the Software under
+the Apache License, Version 2.0 that is effective on the second anniversary of
+the date we make the Software available. On or after that date, you may use the
+Software under the Apache License, Version 2.0, in which case the following
+will apply:
+
+Licensed under the Apache License, Version 2.0 (the "License"); you may not use
+this file except in compliance with the License.
+
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software distributed
+under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+CONDITIONS OF ANY KIND, either express or implied. See the License for the
+specific language governing permissions and limitations under the License.

package/dist/lib/neutral/index.mjs

@@ -742,6 +742,7 @@ var DEFAULT_RETRY_TIMEOUT = 1500;
 var DEFAULT_RETRY_JITTER = 500;
 var DEFAULT_MAX_RETRIES_COUNT = 3;
 var WARNING_BODY_SIZE = 10 * 1024 * 1024;
+var LEGACY_CORS_PROXY_URL = "https://cors-proxy.dxos.workers.dev";
 var EdgeHttpClient = class {
   _baseUrl;
   _clientTag;
@@ -755,7 +756,7 @@ var EdgeHttpClient = class {
     this._clientTag = options?.clientTag;
     log4("created", {
       url: this._baseUrl
-    }, { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 32, S: this });
+    }, { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 37, S: this });
   }
   get baseUrl() {
     return this._baseUrl;
@@ -853,7 +854,7 @@ var EdgeHttpClient = class {
   //
   async queryQueue(ctx, subspaceTag, spaceId, query, args) {
     const queueId = query.queueIds?.[0];
-    invariant4(queueId, "queueId required", { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 132, S: this, A: ["queueId", "'queueId required'"] });
+    invariant4(queueId, "queueId required", { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 137, S: this, A: ["queueId", "'queueId required'"] });
     return this._call(ctx, createUrl(new URL(`/spaces/${subspaceTag}/${spaceId}/queue/${queueId}/query`, this.baseUrl), {
       after: query.after,
       before: query.before,
@@ -1018,6 +1019,31 @@ var EdgeHttpClient = class {
     });
   }
   //
+  // Integration proxy.
+  //
+  /**
+  * Fetch through the edge proxy, used by integration plugins (Discord, ...)
+  * to call third-party REST APIs that don't set permissive CORS headers.
+  *
+  * `init.headers.Authorization` (caller-supplied) is preserved by prefixing
+  * with `X-Cors-Proxy-Authorization`, since the proxy strips `Authorization`
+  * on forwarding to avoid leaking the DXOS presentation upstream — the
+  * prefix carries the upstream's bot token / token through.
+  *
+  * TEMPORARY: routed through the legacy standalone proxy at
+  * `cors-proxy.dxos.workers.dev` (open, unauthenticated, path
+  * `/<host>/<path>`) so that integration plugins can be tested before the
+  * authenticated `/proxy/*` route on the main edge worker ships
+  * (https://github.com/dxos/edge/pull/576). When that PR deploys, restore
+  * the commented-out block below — it rewrites the target under
+  * `${this.baseUrl}/proxy/...` and signs the request with the cached
+  * verifiable presentation. The header-remap and `x-cors-proxy-*` override
+  * conventions are unchanged between the two paths.
+  */
+  async proxyFetch(target, init = {}) {
+    return proxyFetchLegacy(target, init, this._clientTag);
+  }
+  //
   // Internal
   //
   async _fetch(url, _args) {
@@ -1029,7 +1055,7 @@ var EdgeHttpClient = class {
     log4("fetch", {
       url,
       request: args.body
-    }, { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 302, S: this });
+    }, { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 362, S: this });
     const traceHeaders = getTraceHeaders(ctx);
     let handledAuth = false;
     const tryCount = 1;
@@ -1047,11 +1073,11 @@ var EdgeHttpClient = class {
           url,
           tryCount,
           authHeader: !!this._authHeader
-        }, { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 319, S: this });
+        }, { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 379, S: this });
         const response = await fetch(url, request);
         if (response.ok) {
           const body2 = await response.clone().json();
-          invariant4(body2, "Expected body to be present", { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 327, S: this, A: ["body", "'Expected body to be present'"] });
+          invariant4(body2, "Expected body to be present", { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 387, S: this, A: ["body", "'Expected body to be present'"] });
           if (!("success" in body2)) {
             return body2;
           }
@@ -1064,13 +1090,13 @@ var EdgeHttpClient = class {
           continue;
         }
         const body = response.headers.get("Content-Type") === "application/json" ? await response.clone().json() : void 0;
-        invariant4(!body?.success, "Expected body to not be a failure response or undefined.", { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 340, S: this, A: ["!body?.success", "'Expected body to not be a failure response or undefined.'"] });
+        invariant4(!body?.success, "Expected body to not be a failure response or undefined.", { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 400, S: this, A: ["!body?.success", "'Expected body to not be a failure response or undefined.'"] });
         if (body?.data?.type === "auth_challenge" && typeof body?.data?.challenge === "string") {
           processingError = new EdgeAuthChallengeError(body.data.challenge, body.data);
         } else if (body?.success === false) {
           processingError = EdgeCallFailedError.fromUnsuccessfulResponse(response, body);
         } else {
-          invariant4(!response.ok, "Expected response to not be ok.", { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 346, S: this, A: ["!response.ok", "'Expected response to not be ok.'"] });
+          invariant4(!response.ok, "Expected response to not be ok.", { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 406, S: this, A: ["!response.ok", "'Expected response to not be ok.'"] });
           processingError = await EdgeCallFailedError.fromHttpFailure(response);
         }
       } catch (error) {
@@ -1080,7 +1106,7 @@ var EdgeHttpClient = class {
         log4.verbose("retrying edge request", {
           url,
           processingError
-        }, { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 353, S: this });
+        }, { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 413, S: this });
       } else {
         throw processingError;
       }
@@ -1088,7 +1114,7 @@ var EdgeHttpClient = class {
   }
   async _handleUnauthorized(response) {
     if (!this._edgeIdentity) {
-      log4.warn("unauthorized response received before identity was set", void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 364, S: this });
+      log4.warn("unauthorized response received before identity was set", void 0, { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 424, S: this });
       throw await EdgeCallFailedError.fromHttpFailure(response);
     }
     const challenge = await handleAuthChallenge(response, this._edgeIdentity);
@@ -1107,7 +1133,7 @@ var createRequest = ({ method, body, json = true }, authHeader, traceHeaders, cl
   if (typeof requestBody === "string" && requestBody.length > WARNING_BODY_SIZE) {
     log4.warn("Request with large body", {
       bodySize: requestBody.length
-    }, { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 381, S: void 0 });
+    }, { "~LogMeta": "~LogMeta", F: __dxlog_file6, L: 441, S: void 0 });
   }
   if (authHeader) {
     headers["Authorization"] = authHeader;
@@ -1162,6 +1188,28 @@ var getFileMimeType = (filename) => [
   ".js",
   ".mjs"
 ].some((codeExtension) => filename.endsWith(codeExtension)) ? "application/javascript+module" : filename.endsWith(".wasm") ? "application/wasm" : "application/octet-stream";
+var remapAuthorizationForProxy = (headers) => {
+  const callerAuth = headers.get("Authorization");
+  if (callerAuth !== null) {
+    headers.delete("Authorization");
+    headers.set("X-Cors-Proxy-Authorization", callerAuth);
+  }
+  return headers;
+};
+var proxyFetchLegacy = (target, init = {}, clientTag) => {
+  const proxyUrl = new URL(`/${target.host}${target.pathname}${target.search}`, LEGACY_CORS_PROXY_URL);
+  if (target.protocol === "http:") {
+    proxyUrl.searchParams.set("scheme", "http");
+  }
+  const requestHeaders = remapAuthorizationForProxy(new Headers(init.headers ?? void 0));
+  if (clientTag) {
+    requestHeaders.set(EDGE_CLIENT_TAG_HEADER, clientTag);
+  }
+  return fetch(proxyUrl, {
+    ...init,
+    headers: requestHeaders
+  });
+};
 export {
   CLOUDFLARE_MESSAGE_MAX_BYTES,
   CLOUDFLARE_RPC_MAX_BYTES,
@@ -1181,6 +1229,7 @@ export {
   getTypename,
   handleAuthChallenge,
   protocol,
+  proxyFetchLegacy,
   toUint8Array,
   withLogging,
   withRetry,