@floegence/flowersec-core 0.10.0 → 0.10.2

package/dist/direct-client/connect.d.ts

@@ -1,4 +1,9 @@
 import { type ConnectOptionsBase } from "../client-connect/connectCore.js";
 import type { ClientInternal } from "../client.js";
-export type DirectConnectOptions = ConnectOptionsBase;
+export type DirectConnectOptions = ConnectOptionsBase & Readonly<{
+    /** Type-only marker to prevent mixing direct and tunnel option types. */
+    __mode?: "direct";
+    /** Reserved for tunnel connects; forbidden for direct connects. */
+    endpointInstanceId?: never;
+}>;
 export declare function connectDirect(info: unknown, opts: DirectConnectOptions): Promise<ClientInternal>;

package/dist/node/connect.js

@@ -2,19 +2,7 @@ import { connectDirect } from "../direct-client/connect.js";
 import { connectTunnel } from "../tunnel-client/connect.js";
 import { connect } from "../facade.js";
 import { createNodeWsFactory } from "./wsFactory.js";
-const defaultMaxHandshakePayload = 8 * 1024;
-const defaultMaxRecordBytes = 1 << 20;
-const handshakeFrameOverheadBytes = 4 + 1 + 1 + 4;
-const wsMaxPayloadSlackBytes = 64;
-function defaultWsMaxPayload(opts) {
-    const maxHandshakePayload = opts.maxHandshakePayload ?? 0;
-    const maxRecordBytes = opts.maxRecordBytes ?? 0;
-    const hp = Number.isSafeInteger(maxHandshakePayload) && maxHandshakePayload > 0 ? maxHandshakePayload : defaultMaxHandshakePayload;
-    const rb = Number.isSafeInteger(maxRecordBytes) && maxRecordBytes > 0 ? maxRecordBytes : defaultMaxRecordBytes;
-    const handshakeMax = Math.min(Number.MAX_SAFE_INTEGER, hp + handshakeFrameOverheadBytes);
-    const max = Math.max(rb, handshakeMax);
-    return Math.min(Number.MAX_SAFE_INTEGER, max + wsMaxPayloadSlackBytes);
-}
+import { defaultWsMaxPayload } from "./wsDefaults.js";
 export async function connectNode(input, opts) {
     const wsFactory = opts.wsFactory ??
         createNodeWsFactory({

package/dist/node/wsDefaults.d.ts

@@ -0,0 +1,4 @@
+export declare function defaultWsMaxPayload(opts: Readonly<{
+    maxHandshakePayload?: number;
+    maxRecordBytes?: number;
+}>): number;

package/dist/node/wsDefaults.js

@@ -0,0 +1,13 @@
+const defaultMaxHandshakePayload = 8 * 1024;
+const defaultMaxRecordBytes = 1 << 20;
+const handshakeFrameOverheadBytes = 4 + 1 + 1 + 4;
+const wsMaxPayloadSlackBytes = 64;
+export function defaultWsMaxPayload(opts) {
+    const maxHandshakePayload = opts.maxHandshakePayload ?? 0;
+    const maxRecordBytes = opts.maxRecordBytes ?? 0;
+    const hp = Number.isSafeInteger(maxHandshakePayload) && maxHandshakePayload > 0 ? maxHandshakePayload : defaultMaxHandshakePayload;
+    const rb = Number.isSafeInteger(maxRecordBytes) && maxRecordBytes > 0 ? maxRecordBytes : defaultMaxRecordBytes;
+    const handshakeMax = Math.min(Number.MAX_SAFE_INTEGER, hp + handshakeFrameOverheadBytes);
+    const max = Math.max(rb, handshakeMax);
+    return Math.min(Number.MAX_SAFE_INTEGER, max + wsMaxPayloadSlackBytes);
+}

package/dist/node/wsFactory.js

@@ -1,4 +1,5 @@
 import { createRequire } from "node:module";
+import { defaultWsMaxPayload } from "./wsDefaults.js";
 // createNodeWsFactory returns a wsFactory compatible with connectTunnel/connectDirect in Node.js.
 //
 // It uses the "ws" package to set the Origin header explicitly (browsers set Origin automatically).
@@ -6,15 +7,16 @@ export function createNodeWsFactory(opts = {}) {
     const require = createRequire(import.meta.url);
     const wsMod = require("ws");
     const WebSocketCtor = wsMod?.WebSocket ?? wsMod;
-    const maxPayload = opts.maxPayload;
-    if (maxPayload !== undefined && (!Number.isSafeInteger(maxPayload) || maxPayload <= 0)) {
+    const maxPayloadRaw = opts.maxPayload ?? defaultWsMaxPayload({});
+    if (!Number.isSafeInteger(maxPayloadRaw) || maxPayloadRaw <= 0) {
         throw new Error("maxPayload must be a positive integer");
     }
+    const maxPayload = maxPayloadRaw;
     const perMessageDeflate = opts.perMessageDeflate ?? false;
     return (url, origin) => {
         const raw = new WebSocketCtor(url, {
             headers: { Origin: origin },
-            ...(maxPayload !== undefined ? { maxPayload } : {}),
+            maxPayload,
             perMessageDeflate,
         });
         // Map (type -> user listener -> wrapped listener) so removeEventListener works.

package/dist/proxy/constants.d.ts

@@ -4,5 +4,3 @@ export declare const PROXY_KIND_WS: "flowersec-proxy/ws";
 export declare const DEFAULT_MAX_CHUNK_BYTES: number;
 export declare const DEFAULT_MAX_BODY_BYTES: number;
 export declare const DEFAULT_MAX_WS_FRAME_BYTES: number;
-export declare const DEFAULT_DEFAULT_TIMEOUT_MS = 30000;
-export declare const DEFAULT_MAX_TIMEOUT_MS: number;

package/dist/proxy/constants.js

@@ -4,5 +4,3 @@ export const PROXY_KIND_WS = "flowersec-proxy/ws";
 export const DEFAULT_MAX_CHUNK_BYTES = 256 * 1024;
 export const DEFAULT_MAX_BODY_BYTES = 64 * 1024 * 1024;
 export const DEFAULT_MAX_WS_FRAME_BYTES = 1024 * 1024;
-export const DEFAULT_DEFAULT_TIMEOUT_MS = 30_000;
-export const DEFAULT_MAX_TIMEOUT_MS = 5 * 60_000;

package/dist/proxy/serviceWorker.d.ts

@@ -24,6 +24,8 @@ export type ProxyServiceWorkerInjectHTMLOptions = (ProxyServiceWorkerInjectHTMLI
 }>;
 export type ProxyServiceWorkerScriptOptions = Readonly<{
     sameOriginOnly?: boolean;
+    maxRequestBodyBytes?: number;
+    maxInjectHTMLBytes?: number;
     passthrough?: ProxyServiceWorkerPassthroughOptions;
     proxyPathPrefix?: string;
     stripProxyPathPrefix?: boolean;

package/dist/proxy/serviceWorker.js

@@ -1,3 +1,4 @@
+import { DEFAULT_MAX_BODY_BYTES } from "./constants.js";
 function normalizePathPrefix(name, v) {
     const s = typeof v === "string" ? v.trim() : "";
     if (s === "")
@@ -24,6 +25,21 @@ function normalizePathList(name, input) {
     }
     return Array.from(new Set(out));
 }
+const defaultMaxInjectHTMLBytes = 2 * 1024 * 1024;
+function normalizeMaxBytes(name, v, defaultValue) {
+    if (v == null)
+        return defaultValue;
+    if (typeof v !== "number" || !Number.isFinite(v))
+        throw new Error(`${name} must be a finite number`);
+    const n = Math.floor(v);
+    if (!Number.isSafeInteger(n))
+        throw new Error(`${name} must be a safe integer`);
+    if (n < 0)
+        throw new Error(`${name} must be >= 0`);
+    if (n === 0)
+        return defaultValue;
+    return n;
+}
 // createProxyServiceWorkerScript returns a Service Worker script that forwards fetches to a runtime
 // in a controlled window via postMessage + MessageChannel.
 //
@@ -33,6 +49,8 @@ export function createProxyServiceWorkerScript(opts = {}) {
     if (typeof sameOriginOnly !== "boolean") {
         throw new Error("sameOriginOnly must be a boolean");
     }
+    const maxRequestBodyBytes = normalizeMaxBytes("maxRequestBodyBytes", opts.maxRequestBodyBytes, DEFAULT_MAX_BODY_BYTES);
+    const maxInjectHTMLBytes = normalizeMaxBytes("maxInjectHTMLBytes", opts.maxInjectHTMLBytes, defaultMaxInjectHTMLBytes);
     const proxyPathPrefix = normalizePathPrefix("proxyPathPrefix", opts.proxyPathPrefix);
     const stripProxyPathPrefix = opts.stripProxyPathPrefix ?? false;
     if (typeof stripProxyPathPrefix !== "boolean") {
@@ -96,6 +114,9 @@ const INJECT_EXCLUDE_PREFIXES = ${JSON.stringify(excludeInjectPrefixes)};
 const INJECT_STRIP_VALIDATOR_HEADERS = ${JSON.stringify(stripValidatorHeaders)};
 const INJECT_SET_NO_STORE = ${JSON.stringify(setNoStore)};
 
+const MAX_REQUEST_BODY_BYTES = ${JSON.stringify(maxRequestBodyBytes)};
+const MAX_INJECT_HTML_BYTES = ${JSON.stringify(maxInjectHTMLBytes)};
+
 const INJECT_STRIP_HEADER_NAMES = new Set(["content-length", "etag", "last-modified", "content-md5"]);
 
 let runtimeClientId = null;
@@ -163,6 +184,54 @@ function concatChunks(chunks) {
   return out;
 }
 
+function makeError(status, message) {
+  const s = Math.max(0, Math.floor(status));
+  const e = new Error(String(message || "proxy error"));
+  e.status = s > 0 ? s : 502;
+  return e;
+}
+
+function getErrorStatus(err, fallback) {
+  const raw =
+    err && typeof err === "object" && typeof err.status === "number" && Number.isFinite(err.status)
+      ? Math.floor(err.status)
+      : fallback;
+  return raw > 0 ? raw : 502;
+}
+
+async function readRequestBody(req) {
+  const clRaw = req.headers.get("content-length");
+  const cl = clRaw ? Number(clRaw) : 0;
+  if (MAX_REQUEST_BODY_BYTES > 0 && Number.isFinite(cl) && cl > MAX_REQUEST_BODY_BYTES) {
+    throw makeError(413, "request body too large");
+  }
+
+  // Prefer streaming reads so we can enforce MAX_REQUEST_BODY_BYTES without allocating unbounded buffers.
+  if (!req.body) {
+    const ab = await req.arrayBuffer();
+    if (MAX_REQUEST_BODY_BYTES > 0 && ab.byteLength > MAX_REQUEST_BODY_BYTES) {
+      throw makeError(413, "request body too large");
+    }
+    return ab;
+  }
+
+  const reader = req.body.getReader();
+  const chunks = [];
+  let total = 0;
+  while (true) {
+    const r = await reader.read();
+    if (r.done) break;
+    const b = r.value;
+    total += b.length;
+    if (MAX_REQUEST_BODY_BYTES > 0 && total > MAX_REQUEST_BODY_BYTES) {
+      try { reader.cancel(); } catch {}
+      throw makeError(413, "request body too large");
+    }
+    chunks.push(b);
+  }
+  return concatChunks(chunks).buffer;
+}
+
 function injectBootstrap(html) {
   let snippet = "";
 
@@ -215,116 +284,167 @@ self.addEventListener("fetch", (event) => {
 });
 
 async function handleFetch(event) {
-  const runtime = await getRuntimeClient();
-  if (!runtime) return new Response("flowersec-proxy runtime not available", { status: 503 });
-
-  const req = event.request;
-  const url = new URL(req.url);
-  const id = Math.random().toString(16).slice(2) + Date.now().toString(16);
-  const body = (req.method === "GET" || req.method === "HEAD") ? undefined : await req.arrayBuffer();
-
-  const ch = new MessageChannel();
-  const port = ch.port1;
-  const port2 = ch.port2;
-
-  let metaResolve;
-  let metaReject;
-  const metaPromise = new Promise((resolve, reject) => { metaResolve = resolve; metaReject = reject; });
-
-  const queued = [];
-  const htmlChunks = [];
-  let shouldInjectHTML = false;
-  const injectAllowed = INJECT_HTML && !shouldSkipInject(url.pathname);
-
-  let doneResolve;
-  let doneReject;
-  const donePromise = new Promise((resolve, reject) => { doneResolve = resolve; doneReject = reject; });
-
-  let controller = null;
-
-  const stream = new ReadableStream({
-    start(c) { controller = c; },
-    cancel() {
-      try { port.postMessage({ type: "flowersec-proxy:abort" }); } catch {}
-      try { port.close(); } catch {}
+  let lastErrorStatus = 502;
+  let lastErrorMessage = "proxy error";
+
+  try {
+    const runtime = await getRuntimeClient();
+    if (!runtime) return new Response("flowersec-proxy runtime not available", { status: 503 });
+
+    const req = event.request;
+    const url = new URL(req.url);
+    const id = Math.random().toString(16).slice(2) + Date.now().toString(16);
+
+    let body;
+    if (req.method === "GET" || req.method === "HEAD") {
+      body = undefined;
+    } else {
+      body = await readRequestBody(req);
     }
-  });
-
-  port.onmessage = (ev) => {
-    const m = ev.data;
-    if (!m || typeof m.type !== "string") return;
-    if (m.type === "flowersec-proxy:response_meta") {
-      if (injectAllowed) {
-        const ct = String((m.headers || []).find((h) => (h.name || "").toLowerCase() === "content-type")?.value || "");
-        shouldInjectHTML = ct.toLowerCase().includes("text/html");
+
+    const ch = new MessageChannel();
+    const port = ch.port1;
+    const port2 = ch.port2;
+
+    let metaResolve;
+    let metaReject;
+    const metaPromise = new Promise((resolve, reject) => { metaResolve = resolve; metaReject = reject; });
+
+    const queued = [];
+    const htmlChunks = [];
+    let htmlBytes = 0;
+    let shouldInjectHTML = false;
+    const injectAllowed = INJECT_HTML && !shouldSkipInject(url.pathname);
+
+    let doneResolve;
+    let doneReject;
+    const donePromise = new Promise((resolve, reject) => { doneResolve = resolve; doneReject = reject; });
+
+    let controller = null;
+
+    const stream = new ReadableStream({
+      start(c) { controller = c; },
+      cancel() {
+        try { port.postMessage({ type: "flowersec-proxy:abort" }); } catch {}
+        try { port.close(); } catch {}
+      }
+    });
+
+    function pushInjectChunk(b) {
+      htmlBytes += b.length;
+      if (MAX_INJECT_HTML_BYTES > 0 && htmlBytes > MAX_INJECT_HTML_BYTES) {
+        const err = makeError(502, "html response too large to inject");
+        lastErrorStatus = err.status;
+        lastErrorMessage = err.message;
+        metaReject(err);
+        doneReject(err);
+        controller?.error(err);
+        try { port.close(); } catch {}
+        return false;
       }
-      metaResolve(m);
-      if (controller && !shouldInjectHTML) for (const q of queued) controller.enqueue(q);
-      if (shouldInjectHTML) for (const q of queued) htmlChunks.push(q);
-      queued.length = 0;
-      return;
+      htmlChunks.push(b);
+      return true;
     }
-    if (m.type === "flowersec-proxy:response_chunk") {
-      const b = new Uint8Array(m.data);
-      if (shouldInjectHTML) {
-        htmlChunks.push(b);
+
+    port.onmessage = (ev) => {
+      const m = ev.data;
+      if (!m || typeof m.type !== "string") return;
+      if (m.type === "flowersec-proxy:response_meta") {
+        if (injectAllowed) {
+          const ct = String((m.headers || []).find((h) => (h.name || "").toLowerCase() === "content-type")?.value || "");
+          shouldInjectHTML = ct.toLowerCase().includes("text/html");
+
+          if (shouldInjectHTML && MAX_INJECT_HTML_BYTES > 0) {
+            const cl = Number(
+              String((m.headers || []).find((h) => (h.name || "").toLowerCase() === "content-length")?.value || "")
+            );
+            if (Number.isFinite(cl) && cl > MAX_INJECT_HTML_BYTES) {
+              const err = makeError(502, "html response too large to inject");
+              lastErrorStatus = err.status;
+              lastErrorMessage = err.message;
+              metaReject(err);
+              doneReject(err);
+              controller?.error(err);
+              try { port.close(); } catch {}
+              return;
+            }
+          }
+        }
+        metaResolve(m);
+        if (controller && !shouldInjectHTML) for (const q of queued) controller.enqueue(q);
+        if (shouldInjectHTML) for (const q of queued) if (!pushInjectChunk(q)) return;
+        queued.length = 0;
         return;
       }
-      if (controller) controller.enqueue(b); else queued.push(b);
-      return;
-    }
-    if (m.type === "flowersec-proxy:response_end") {
-      if (shouldInjectHTML) {
-        doneResolve(htmlChunks);
+      if (m.type === "flowersec-proxy:response_chunk") {
+        const b = new Uint8Array(m.data);
+        if (shouldInjectHTML) {
+          pushInjectChunk(b);
+          return;
+        }
+        if (controller) controller.enqueue(b); else queued.push(b);
         return;
       }
-      controller?.close();
-      return;
-    }
-    if (m.type === "flowersec-proxy:response_error") {
-      const err = new Error(m.message || "proxy error");
-      metaReject(err);
-      doneReject(err);
-      controller?.error(err);
-      try { port.close(); } catch {}
-      return;
+      if (m.type === "flowersec-proxy:response_end") {
+        if (shouldInjectHTML) {
+          doneResolve(htmlChunks);
+          return;
+        }
+        controller?.close();
+        return;
+      }
+      if (m.type === "flowersec-proxy:response_error") {
+        const status = typeof m.status === "number" && Number.isFinite(m.status) ? Math.floor(m.status) : 502;
+        lastErrorStatus = status > 0 ? status : 502;
+        lastErrorMessage = String(m.message || "proxy error");
+        const err = makeError(lastErrorStatus, lastErrorMessage);
+        metaReject(err);
+        doneReject(err);
+        controller?.error(err);
+        try { port.close(); } catch {}
+        return;
+      }
+    };
+
+    let path = url.pathname + url.search;
+    if (PROXY_PATH_PREFIX && STRIP_PROXY_PATH_PREFIX) {
+      let rest = url.pathname.slice(PROXY_PATH_PREFIX.length);
+      if (rest.startsWith("/")) rest = rest.slice(1);
+      path = "/" + rest + url.search;
     }
-  };
 
-  let path = url.pathname + url.search;
-  if (PROXY_PATH_PREFIX && STRIP_PROXY_PATH_PREFIX) {
-    let rest = url.pathname.slice(PROXY_PATH_PREFIX.length);
-    if (rest.startsWith("/")) rest = rest.slice(1);
-    path = "/" + rest + url.search;
-  }
+    runtime.postMessage({
+      type: "flowersec-proxy:fetch",
+      req: { id, method: req.method, path, headers: headersToPairs(req.headers), body }
+    }, [port2]);
+
+    const meta = await metaPromise;
+    const headers = new Headers();
+    for (const h of (meta.headers || [])) {
+      const name = String(h.name || "");
+      const lower = name.toLowerCase();
+      if (shouldInjectHTML && INJECT_STRIP_VALIDATOR_HEADERS && INJECT_STRIP_HEADER_NAMES.has(lower)) continue;
+      headers.append(name, String(h.value || ""));
+    }
 
-  runtime.postMessage({
-    type: "flowersec-proxy:fetch",
-    req: { id, method: req.method, path, headers: headersToPairs(req.headers), body }
-  }, [port2]);
-
-  const meta = await metaPromise;
-  const headers = new Headers();
-  for (const h of (meta.headers || [])) {
-    const name = String(h.name || "");
-    const lower = name.toLowerCase();
-    if (shouldInjectHTML && INJECT_STRIP_VALIDATOR_HEADERS && INJECT_STRIP_HEADER_NAMES.has(lower)) continue;
-    headers.append(name, String(h.value || ""));
-  }
+    if (shouldInjectHTML && INJECT_SET_NO_STORE && !headers.has("Cache-Control")) {
+      headers.set("Cache-Control", "no-store");
+    }
 
-  if (shouldInjectHTML && INJECT_SET_NO_STORE && !headers.has("Cache-Control")) {
-    headers.set("Cache-Control", "no-store");
-  }
+    if (shouldInjectHTML) {
+      const chunks = await donePromise;
+      const raw = concatChunks(chunks);
+      const html = new TextDecoder().decode(raw);
+      const injected = injectBootstrap(html);
+      return new Response(new TextEncoder().encode(injected), { status: meta.status || 502, headers });
+    }
 
-  if (shouldInjectHTML) {
-    const chunks = await donePromise;
-    const raw = concatChunks(chunks);
-    const html = new TextDecoder().decode(raw);
-    const injected = injectBootstrap(html);
-    return new Response(new TextEncoder().encode(injected), { status: meta.status || 502, headers });
+    return new Response(stream, { status: meta.status || 502, headers });
+  } catch (err) {
+    const status = getErrorStatus(err, lastErrorStatus);
+    const msg = err instanceof Error ? err.message : String(err);
+    return new Response(msg || lastErrorMessage || "flowersec-proxy error", { status });
   }
-
-  return new Response(stream, { status: meta.status || 502, headers });
 }
 `;
 }

package/dist/proxy/wsPatch.js

@@ -119,14 +119,18 @@ export function installWebSocketPatch(opts) {
         removeEventListener(type, listener) {
             this.listeners.off(type, listener);
         }
+        queueWriteFrame(stream, op, payload) {
+            this.writeChain = this.writeChain
+                .then(() => writeWSFrame(stream, op, payload, maxWsFrameBytes))
+                .catch((e) => this.fail(e));
+        }
         send(data) {
             if (this.readyState !== PatchedWebSocket.OPEN || this.stream == null) {
                 throw new Error("WebSocket is not open");
             }
+            const s = this.stream;
             const sendBytes = (op, payload) => {
-                this.writeChain = this.writeChain
-                    .then(() => writeWSFrame(this.stream, op, payload, maxWsFrameBytes))
-                    .catch((e) => this.fail(e));
+                this.queueWriteFrame(s, op, payload);
             };
             if (typeof data === "string") {
                 sendBytes(1, te.encode(data));
@@ -216,7 +220,8 @@ export function installWebSocketPatch(opts) {
                     const { op, payload } = await readWSFrame(reader, maxWsFrameBytes);
                     if (op === 9) {
                         // Ping -> Pong (not exposed to WebSocket JS API).
-                        await writeWSFrame(stream, 10, payload, maxWsFrameBytes);
+                        // Must be serialized with user writes, otherwise concurrent writes can corrupt framing.
+                        this.queueWriteFrame(stream, 10, payload);
                         continue;
                     }
                     if (op === 10)

package/dist/tunnel-client/connect.d.ts

@@ -1,6 +1,8 @@
 import { type ConnectOptionsBase } from "../client-connect/connectCore.js";
 import type { ClientInternal } from "../client.js";
 export type TunnelConnectOptions = ConnectOptionsBase & Readonly<{
+    /** Type-only marker to prevent mixing direct and tunnel option types. */
+    __mode?: "tunnel";
     /** Optional caller-provided endpoint instance ID (base64url). */
     endpointInstanceId?: string;
 }>;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@floegence/flowersec-core",
-  "version": "0.10.0",
+  "version": "0.10.2",
   "description": "Flowersec core TypeScript library (browser-friendly E2EE + multiplexing over WebSocket).",
   "license": "MIT",
   "repository": {