npm - @floegence/flowersec-core - Versions diffs - 0.15.0 → 0.16.0 - Mend

@floegence/flowersec-core 0.15.0 → 0.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/dist/proxy/appWindow.d.ts +22 -0
package/dist/proxy/appWindow.js +133 -0
package/dist/proxy/controllerWindow.d.ts +11 -0
package/dist/proxy/controllerWindow.js +124 -0
package/dist/proxy/index.d.ts +2 -0
package/dist/proxy/index.js +2 -0
package/dist/proxy/portStream.d.ts +2 -0
package/dist/proxy/portStream.js +120 -0
package/dist/proxy/runtime.d.ts +11 -1
package/dist/proxy/runtime.js +65 -63
package/dist/proxy/serviceWorker.d.ts +2 -0
package/dist/proxy/serviceWorker.js +40 -9
package/dist/proxy/windowBridgeProtocol.d.ts +52 -0
package/dist/proxy/windowBridgeProtocol.js +9 -0
package/dist/proxy/wsPatch.d.ts +12 -2
package/package.json +1 -1

package/dist/proxy/appWindow.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import type { YamuxStream } from "../yamux/stream.js";
+import type { ProxyRuntimeLimits } from "./runtime.js";
+export type RegisterProxyAppWindowOptions = Readonly<{
+    controllerOrigin: string;
+    controllerWindow?: Window | null;
+    targetWindow?: Window;
+    maxWsFrameBytes?: number;
+}>;
+export type ProxyAppWindowHandle = Readonly<{
+    runtime: Readonly<{
+        limits: Partial<ProxyRuntimeLimits>;
+        openWebSocketStream: (path: string, opts?: Readonly<{
+            protocols?: readonly string[];
+            signal?: AbortSignal;
+        }>) => Promise<Readonly<{
+            stream: YamuxStream;
+            protocol: string;
+        }>>;
+    }>;
+    dispose: () => void;
+}>;
+export declare function registerProxyAppWindow(opts: RegisterProxyAppWindowOptions): ProxyAppWindowHandle;

package/dist/proxy/appWindow.js ADDED Viewed

@@ -0,0 +1,133 @@
+import { createMessagePortBackedStream } from "./portStream.js";
+import { PROXY_WINDOW_FETCH_FORWARD_MSG_TYPE, PROXY_WINDOW_FETCH_MSG_TYPE, PROXY_WINDOW_WS_ERROR_MSG_TYPE, PROXY_WINDOW_WS_OPEN_ACK_MSG_TYPE, PROXY_WINDOW_WS_OPEN_MSG_TYPE, } from "./windowBridgeProtocol.js";
+function resolveTargetWindow(raw) {
+    const target = raw ?? globalThis.window;
+    if (target == null)
+        throw new Error("targetWindow is not available");
+    return target;
+}
+function resolveControllerWindow(targetWindow, raw) {
+    if (raw != null)
+        return raw;
+    try {
+        if (targetWindow.top && targetWindow.top !== targetWindow)
+            return targetWindow.top;
+    }
+    catch {
+        // ignore
+    }
+    try {
+        if (targetWindow.parent && targetWindow.parent !== targetWindow)
+            return targetWindow.parent;
+    }
+    catch {
+        // ignore
+    }
+    throw new Error("controllerWindow is not available");
+}
+function postFetchError(port, message) {
+    try {
+        port.postMessage({ type: "flowersec-proxy:response_error", status: 502, message });
+    }
+    catch {
+        // Best-effort.
+    }
+    try {
+        port.close();
+    }
+    catch {
+        // Best-effort.
+    }
+}
+export function registerProxyAppWindow(opts) {
+    const controllerOrigin = String(opts.controllerOrigin ?? "").trim();
+    if (controllerOrigin === "") {
+        throw new Error("controllerOrigin is required");
+    }
+    const targetWindow = resolveTargetWindow(opts.targetWindow);
+    const controllerWindow = resolveControllerWindow(targetWindow, opts.controllerWindow);
+    const sw = targetWindow.navigator?.serviceWorker;
+    const onServiceWorkerMessage = (ev) => {
+        const data = ev.data;
+        if (data == null || typeof data !== "object")
+            return;
+        if (data.type !== PROXY_WINDOW_FETCH_FORWARD_MSG_TYPE)
+            return;
+        const port = ev.ports?.[0];
+        if (!port)
+            return;
+        try {
+            controllerWindow.postMessage({ type: PROXY_WINDOW_FETCH_MSG_TYPE, req: data.req }, controllerOrigin, [port]);
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            postFetchError(port, message);
+        }
+    };
+    sw?.addEventListener("message", onServiceWorkerMessage);
+    const runtime = {
+        limits: opts.maxWsFrameBytes === undefined ? {} : { maxWsFrameBytes: opts.maxWsFrameBytes },
+        openWebSocketStream: async (path, wsOpts = {}) => {
+            const channel = new MessageChannel();
+            const port = channel.port1;
+            port.start?.();
+            return await new Promise((resolve, reject) => {
+                let settled = false;
+                const finishReject = (error) => {
+                    if (settled)
+                        return;
+                    settled = true;
+                    try {
+                        port.close();
+                    }
+                    catch {
+                        // Best-effort.
+                    }
+                    reject(error instanceof Error ? error : new Error(String(error)));
+                };
+                const finishResolve = (protocol) => {
+                    if (settled)
+                        return;
+                    settled = true;
+                    resolve({ stream: createMessagePortBackedStream(port), protocol });
+                };
+                port.onmessage = (ev) => {
+                    const data = ev.data;
+                    if (data == null || typeof data !== "object")
+                        return;
+                    const type = typeof data.type === "string" ? data.type : "";
+                    if (type === PROXY_WINDOW_WS_OPEN_ACK_MSG_TYPE) {
+                        finishResolve(String(data.protocol ?? ""));
+                        return;
+                    }
+                    if (type === PROXY_WINDOW_WS_ERROR_MSG_TYPE) {
+                        finishReject(new Error(String(data.message ?? "upstream ws open failed")));
+                    }
+                };
+                if (wsOpts.signal != null) {
+                    if (wsOpts.signal.aborted) {
+                        finishReject(wsOpts.signal.reason ?? new Error("aborted"));
+                        return;
+                    }
+                    wsOpts.signal.addEventListener("abort", () => finishReject(wsOpts.signal?.reason ?? new Error("aborted")), { once: true });
+                }
+                try {
+                    controllerWindow.postMessage({
+                        type: PROXY_WINDOW_WS_OPEN_MSG_TYPE,
+                        path,
+                        ...(wsOpts.protocols === undefined ? {} : { protocols: wsOpts.protocols }),
+                    }, controllerOrigin, [channel.port2]);
+                }
+                catch (error) {
+                    finishReject(error);
+                }
+            });
+        },
+    };
+    return {
+        runtime,
+        dispose: () => {
+            sw?.removeEventListener("message", onServiceWorkerMessage);
+        },
+    };
+}

package/dist/proxy/controllerWindow.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+import type { ProxyRuntime } from "./runtime.js";
+export type RegisterProxyControllerWindowOptions = Readonly<{
+    runtime: ProxyRuntime;
+    allowedOrigins: readonly string[];
+    targetWindow?: Window;
+    expectedSource?: Window | null;
+}>;
+export type ProxyControllerWindowHandle = Readonly<{
+    dispose: () => void;
+}>;
+export declare function registerProxyControllerWindow(opts: RegisterProxyControllerWindowOptions): ProxyControllerWindowHandle;

package/dist/proxy/controllerWindow.js ADDED Viewed

@@ -0,0 +1,124 @@
+import { PROXY_WINDOW_FETCH_MSG_TYPE, PROXY_WINDOW_STREAM_CHUNK_MSG_TYPE, PROXY_WINDOW_STREAM_CLOSE_MSG_TYPE, PROXY_WINDOW_STREAM_END_MSG_TYPE, PROXY_WINDOW_STREAM_RESET_MSG_TYPE, PROXY_WINDOW_WS_ERROR_MSG_TYPE, PROXY_WINDOW_WS_OPEN_ACK_MSG_TYPE, PROXY_WINDOW_WS_OPEN_MSG_TYPE, } from "./windowBridgeProtocol.js";
+function normalizeOrigins(origins) {
+    const out = [];
+    const seen = new Set();
+    for (const origin of origins) {
+        const normalized = String(origin ?? "").trim();
+        if (normalized === "" || seen.has(normalized))
+            continue;
+        seen.add(normalized);
+        out.push(normalized);
+    }
+    return out;
+}
+function cloneChunk(chunk) {
+    const out = new Uint8Array(chunk.byteLength);
+    out.set(chunk);
+    return out.buffer;
+}
+function bridgeWebSocket(runtime, msg, port) {
+    const ac = new AbortController();
+    let streamClosed = false;
+    const closePort = () => {
+        try {
+            port.close();
+        }
+        catch {
+            // Best-effort.
+        }
+    };
+    void (async () => {
+        try {
+            const wsOpts = {
+                signal: ac.signal,
+                ...(msg.protocols === undefined ? {} : { protocols: msg.protocols }),
+            };
+            const { stream, protocol } = await runtime.openWebSocketStream(msg.path, wsOpts);
+            port.onmessage = (ev) => {
+                const data = ev.data;
+                if (data == null || typeof data !== "object")
+                    return;
+                const type = typeof data.type === "string" ? data.type : "";
+                switch (type) {
+                    case PROXY_WINDOW_STREAM_CHUNK_MSG_TYPE: {
+                        const raw = data.data;
+                        if (!(raw instanceof ArrayBuffer))
+                            return;
+                        void stream.write(new Uint8Array(raw));
+                        return;
+                    }
+                    case PROXY_WINDOW_STREAM_CLOSE_MSG_TYPE:
+                        void stream.close();
+                        return;
+                    case PROXY_WINDOW_STREAM_RESET_MSG_TYPE: {
+                        const message = String(data.message ?? "stream reset");
+                        stream.reset(new Error(message));
+                        streamClosed = true;
+                        ac.abort(message);
+                        closePort();
+                        return;
+                    }
+                    default:
+                        return;
+                }
+            };
+            port.start?.();
+            port.postMessage({ type: PROXY_WINDOW_WS_OPEN_ACK_MSG_TYPE, protocol });
+            while (!streamClosed) {
+                const chunk = await stream.read();
+                if (chunk == null) {
+                    streamClosed = true;
+                    port.postMessage({ type: PROXY_WINDOW_STREAM_END_MSG_TYPE });
+                    closePort();
+                    return;
+                }
+                const ab = cloneChunk(chunk);
+                port.postMessage({ type: PROXY_WINDOW_STREAM_CHUNK_MSG_TYPE, data: ab }, [ab]);
+            }
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            port.postMessage({ type: PROXY_WINDOW_WS_ERROR_MSG_TYPE, message });
+            closePort();
+        }
+    })();
+}
+export function registerProxyControllerWindow(opts) {
+    const allowedOrigins = normalizeOrigins(opts.allowedOrigins);
+    if (allowedOrigins.length === 0) {
+        throw new Error("allowedOrigins is required");
+    }
+    const targetWindow = opts.targetWindow ?? globalThis.window;
+    if (targetWindow == null) {
+        throw new Error("targetWindow is not available");
+    }
+    const onMessage = (ev) => {
+        if (!allowedOrigins.includes(String(ev.origin ?? "").trim()))
+            return;
+        if (opts.expectedSource != null && ev.source !== opts.expectedSource)
+            return;
+        const data = ev.data;
+        if (data == null || typeof data !== "object")
+            return;
+        const type = typeof data.type === "string" ? data.type : "";
+        const port = ev.ports?.[0];
+        if (!port)
+            return;
+        switch (type) {
+            case PROXY_WINDOW_FETCH_MSG_TYPE:
+                opts.runtime.dispatchFetch(data.req, port);
+                return;
+            case PROXY_WINDOW_WS_OPEN_MSG_TYPE:
+                bridgeWebSocket(opts.runtime, data, port);
+                return;
+            default:
+                return;
+        }
+    };
+    targetWindow.addEventListener("message", onMessage);
+    return {
+        dispose: () => {
+            targetWindow.removeEventListener("message", onMessage);
+        },
+    };
+}

package/dist/proxy/index.d.ts CHANGED Viewed

@@ -8,5 +8,7 @@ export { registerServiceWorkerAndEnsureControl } from "./registerServiceWorker.j
 export * from "./integration.js";
 export * from "./controllerGuard.js";
 export * from "./bootstrap.js";
+export * from "./controllerWindow.js";
+export * from "./appWindow.js";
 export * from "./wsPatch.js";
 export * from "./disableUpstreamServiceWorkerRegister.js";

package/dist/proxy/index.js CHANGED Viewed

@@ -8,5 +8,7 @@ export { registerServiceWorkerAndEnsureControl } from "./registerServiceWorker.j
 export * from "./integration.js";
 export * from "./controllerGuard.js";
 export * from "./bootstrap.js";
+export * from "./controllerWindow.js";
+export * from "./appWindow.js";
 export * from "./wsPatch.js";
 export * from "./disableUpstreamServiceWorkerRegister.js";

package/dist/proxy/portStream.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import type { YamuxStream } from "../yamux/stream.js";
2	+ export declare function createMessagePortBackedStream(port: MessagePort): YamuxStream;

package/dist/proxy/portStream.js ADDED Viewed

@@ -0,0 +1,120 @@
+import { PROXY_WINDOW_STREAM_CHUNK_MSG_TYPE, PROXY_WINDOW_STREAM_CLOSE_MSG_TYPE, PROXY_WINDOW_STREAM_END_MSG_TYPE, PROXY_WINDOW_STREAM_RESET_MSG_TYPE, } from "./windowBridgeProtocol.js";
+function cloneChunk(chunk) {
+    const out = new Uint8Array(chunk.byteLength);
+    out.set(chunk);
+    return out.buffer;
+}
+export function createMessagePortBackedStream(port) {
+    let closed = false;
+    let error = null;
+    const queue = [];
+    const waiters = [];
+    const resolveWaiter = (value) => {
+        const waiter = waiters.shift();
+        if (waiter) {
+            waiter(value);
+            return true;
+        }
+        return false;
+    };
+    const pushValue = (value) => {
+        if (resolveWaiter(value))
+            return;
+        queue.push(value);
+    };
+    const fail = (err) => {
+        if (error != null)
+            return;
+        error = err;
+        while (resolveWaiter(err)) {
+            // Drain waiters.
+        }
+    };
+    port.onmessage = (ev) => {
+        const data = ev.data;
+        if (data == null || typeof data !== "object")
+            return;
+        const type = typeof data.type === "string" ? data.type : "";
+        switch (type) {
+            case PROXY_WINDOW_STREAM_CHUNK_MSG_TYPE: {
+                const raw = data.data;
+                if (!(raw instanceof ArrayBuffer))
+                    return;
+                pushValue(new Uint8Array(raw));
+                return;
+            }
+            case PROXY_WINDOW_STREAM_END_MSG_TYPE:
+            case PROXY_WINDOW_STREAM_CLOSE_MSG_TYPE:
+                closed = true;
+                pushValue(null);
+                return;
+            case PROXY_WINDOW_STREAM_RESET_MSG_TYPE: {
+                closed = true;
+                const message = String(data.message ?? "stream reset");
+                fail(new Error(message));
+                try {
+                    port.close();
+                }
+                catch {
+                    // Best-effort.
+                }
+                return;
+            }
+            default:
+                return;
+        }
+    };
+    port.start?.();
+    return {
+        async read() {
+            if (error != null)
+                throw error;
+            const next = queue.shift();
+            if (next !== undefined)
+                return next;
+            if (closed)
+                return null;
+            const value = await new Promise((resolve) => {
+                waiters.push(resolve);
+            });
+            if (value instanceof Error)
+                throw value;
+            return value;
+        },
+        async write(chunk) {
+            if (error != null)
+                throw error;
+            if (closed)
+                throw new Error("stream is closed");
+            const ab = cloneChunk(chunk);
+            port.postMessage({ type: PROXY_WINDOW_STREAM_CHUNK_MSG_TYPE, data: ab }, [ab]);
+        },
+        async close() {
+            if (closed)
+                return;
+            closed = true;
+            try {
+                port.postMessage({ type: PROXY_WINDOW_STREAM_CLOSE_MSG_TYPE });
+            }
+            finally {
+                pushValue(null);
+            }
+        },
+        reset(err) {
+            const message = err instanceof Error ? err.message : String(err);
+            closed = true;
+            fail(err instanceof Error ? err : new Error(message));
+            try {
+                port.postMessage({ type: PROXY_WINDOW_STREAM_RESET_MSG_TYPE, message });
+            }
+            finally {
+                try {
+                    port.close();
+                }
+                catch {
+                    // Best-effort.
+                }
+            }
+        },
+    };
+}

package/dist/proxy/runtime.d.ts CHANGED Viewed

@@ -1,6 +1,14 @@
 import type { Client } from "../client.js";
 import type { YamuxStream } from "../yamux/stream.js";
 import { CookieJar } from "./cookieJar.js";
+import type { Header } from "./types.js";
+type ProxyFetchReq = Readonly<{
+    id: string;
+    method: string;
+    path: string;
+    headers: readonly Header[];
+    body?: ArrayBuffer;
+}>;
 export type ProxyRuntimeLimits = Readonly<{
     maxJsonFrameBytes: number;
     maxChunkBytes: number;
@@ -8,9 +16,9 @@ export type ProxyRuntimeLimits = Readonly<{
     maxWsFrameBytes: number;
 }>;
 export type ProxyRuntime = Readonly<{
-    cookieJar: CookieJar;
     limits: ProxyRuntimeLimits;
     dispose: () => void;
+    dispatchFetch: (req: ProxyFetchReq, port: MessagePort) => void;
     openWebSocketStream: (path: string, opts?: Readonly<{
         protocols?: readonly string[];
         signal?: AbortSignal;
@@ -29,5 +37,7 @@ export type ProxyRuntimeOptions = Readonly<{
     extraRequestHeaders?: readonly string[];
     extraResponseHeaders?: readonly string[];
     extraWsHeaders?: readonly string[];
+    cookieJar?: CookieJar;
 }>;
 export declare function createProxyRuntime(opts: ProxyRuntimeOptions): ProxyRuntime;
+export {};

package/dist/proxy/runtime.js CHANGED Viewed

@@ -87,7 +87,7 @@ async function readChunkFrames(reader, maxChunkBytes, maxBodyBytes) {
 }
 export function createProxyRuntime(opts) {
     const client = opts.client;
-    const cookieJar = new CookieJar();
+    const cookieJar = opts.cookieJar ?? new CookieJar();
     const maxJsonFrameBytes = normalizeMaxBytes("maxJsonFrameBytes", opts.maxJsonFrameBytes, DEFAULT_MAX_JSON_FRAME_BYTES);
     const maxChunkBytes = normalizeMaxBytes("maxChunkBytes", opts.maxChunkBytes, DEFAULT_MAX_CHUNK_BYTES);
     const maxBodyBytes = normalizeMaxBytes("maxBodyBytes", opts.maxBodyBytes, DEFAULT_MAX_BODY_BYTES);
@@ -115,13 +115,13 @@ export function createProxyRuntime(opts) {
         const port = ev.ports?.[0];
         if (!port)
             return;
-        void handleFetch(msg.req, port);
+        dispatchFetch(msg.req, port);
     };
     const sw = globalThis.navigator?.serviceWorker;
     sw?.addEventListener("message", onMessage);
     sw?.addEventListener("controllerchange", registerRuntime);
     registerRuntime();
-    async function handleFetch(req, port) {
+    const dispatchFetch = (req, port) => {
         const ac = new AbortController();
         let stream = null;
         port.onmessage = (ev) => {
@@ -130,74 +130,76 @@ export function createProxyRuntime(opts) {
                 ac.abort("aborted");
             }
         };
-        try {
-            const path = pathOnly(req.path);
-            const requestID = req.id.trim() !== "" ? req.id : randomB64u(18);
-            stream = await client.openStream(PROXY_KIND_HTTP1, { signal: ac.signal });
-            const reader = createByteReader(stream, { signal: ac.signal });
-            const filteredReqHeaders = filterRequestHeaders(req.headers, { extraAllowed: extraRequestHeaders });
-            const cookieHeader = cookieJar.getCookieHeader(cookiePathFromRequestPath(path));
-            const reqHeaders = cookieHeader === "" ? filteredReqHeaders : [...filteredReqHeaders, { name: "cookie", value: cookieHeader }];
-            await writeJsonFrame(stream, {
-                v: PROXY_PROTOCOL_VERSION,
-                request_id: requestID,
-                method: req.method,
-                path,
-                headers: reqHeaders,
-                timeout_ms: timeoutMs
-            });
-            const body = req.body != null ? new Uint8Array(req.body) : new Uint8Array();
-            await writeChunkFrames(stream, body, Math.min(64 * 1024, maxChunkBytes), maxBodyBytes);
-            const respMeta = (await readJsonFrame(reader, maxJsonFrameBytes));
-            if (respMeta.v !== PROXY_PROTOCOL_VERSION || respMeta.request_id !== requestID) {
-                throw new Error("invalid upstream response meta");
+        void (async () => {
+            try {
+                const path = pathOnly(req.path);
+                const requestID = req.id.trim() !== "" ? req.id : randomB64u(18);
+                stream = await client.openStream(PROXY_KIND_HTTP1, { signal: ac.signal });
+                const reader = createByteReader(stream, { signal: ac.signal });
+                const filteredReqHeaders = filterRequestHeaders(req.headers, { extraAllowed: extraRequestHeaders });
+                const cookieHeader = cookieJar.getCookieHeader(cookiePathFromRequestPath(path));
+                const reqHeaders = cookieHeader === "" ? filteredReqHeaders : [...filteredReqHeaders, { name: "cookie", value: cookieHeader }];
+                await writeJsonFrame(stream, {
+                    v: PROXY_PROTOCOL_VERSION,
+                    request_id: requestID,
+                    method: req.method,
+                    path,
+                    headers: reqHeaders,
+                    timeout_ms: timeoutMs
+                });
+                const body = req.body != null ? new Uint8Array(req.body) : new Uint8Array();
+                await writeChunkFrames(stream, body, Math.min(64 * 1024, maxChunkBytes), maxBodyBytes);
+                const respMeta = (await readJsonFrame(reader, maxJsonFrameBytes));
+                if (respMeta.v !== PROXY_PROTOCOL_VERSION || respMeta.request_id !== requestID) {
+                    throw new Error("invalid upstream response meta");
+                }
+                if (!respMeta.ok) {
+                    const msg = respMeta.error?.message ?? "upstream error";
+                    port.postMessage({ type: "flowersec-proxy:response_error", status: 502, message: msg });
+                    try {
+                        stream.reset(new Error(msg));
+                    }
+                    catch {
+                        // Best-effort.
+                    }
+                    stream = null;
+                    return;
+                }
+                const status = Math.max(0, Math.floor(respMeta.status ?? 502));
+                const rawHeaders = Array.isArray(respMeta.headers) ? respMeta.headers : [];
+                const { passthrough, setCookie } = filterResponseHeaders(rawHeaders, { extraAllowed: extraResponseHeaders });
+                cookieJar.updateFromSetCookieHeaders(setCookie);
+                port.postMessage({ type: "flowersec-proxy:response_meta", status, headers: passthrough });
+                const chunks = await readChunkFrames(reader, maxChunkBytes, maxBodyBytes);
+                for await (const chunk of chunks) {
+                    // Always transfer an ArrayBuffer (SharedArrayBuffer is not transferable).
+                    const ab = chunk.slice().buffer;
+                    port.postMessage({ type: "flowersec-proxy:response_chunk", data: ab }, [ab]);
+                }
+                port.postMessage({ type: "flowersec-proxy:response_end" });
+                await stream.close();
+                stream = null;
             }
-            if (!respMeta.ok) {
-                const msg = respMeta.error?.message ?? "upstream error";
+            catch (e) {
+                const msg = e instanceof Error ? e.message : String(e);
                 port.postMessage({ type: "flowersec-proxy:response_error", status: 502, message: msg });
                 try {
-                    stream.reset(new Error(msg));
+                    stream?.reset(new Error(msg));
                 }
                 catch {
                     // Best-effort.
                 }
-                stream = null;
-                return;
-            }
-            const status = Math.max(0, Math.floor(respMeta.status ?? 502));
-            const rawHeaders = Array.isArray(respMeta.headers) ? respMeta.headers : [];
-            const { passthrough, setCookie } = filterResponseHeaders(rawHeaders, { extraAllowed: extraResponseHeaders });
-            cookieJar.updateFromSetCookieHeaders(setCookie);
-            port.postMessage({ type: "flowersec-proxy:response_meta", status, headers: passthrough });
-            const chunks = await readChunkFrames(reader, maxChunkBytes, maxBodyBytes);
-            for await (const chunk of chunks) {
-                // Always transfer an ArrayBuffer (SharedArrayBuffer is not transferable).
-                const ab = chunk.slice().buffer;
-                port.postMessage({ type: "flowersec-proxy:response_chunk", data: ab }, [ab]);
-            }
-            port.postMessage({ type: "flowersec-proxy:response_end" });
-            await stream.close();
-            stream = null;
-        }
-        catch (e) {
-            const msg = e instanceof Error ? e.message : String(e);
-            port.postMessage({ type: "flowersec-proxy:response_error", status: 502, message: msg });
-            try {
-                stream?.reset(new Error(msg));
-            }
-            catch {
-                // Best-effort.
-            }
-        }
-        finally {
-            try {
-                port.close();
             }
-            catch {
-                // Best-effort.
+            finally {
+                try {
+                    port.close();
+                }
+                catch {
+                    // Best-effort.
+                }
             }
-        }
-    }
+        })();
+    };
     async function openWebSocketStream(pathRaw, wsOpts = {}) {
         const path = pathOnly(pathRaw);
         const openOpts = wsOpts.signal ? { signal: wsOpts.signal } : undefined;
@@ -226,8 +228,8 @@ export function createProxyRuntime(opts) {
         return { stream, protocol: resp.protocol ?? "" };
     }
     return {
-        cookieJar,
         limits: { maxJsonFrameBytes, maxChunkBytes, maxBodyBytes, maxWsFrameBytes },
+        dispatchFetch,
         openWebSocketStream,
         dispose: () => {
             sw?.removeEventListener("message", onMessage);

package/dist/proxy/serviceWorker.d.ts CHANGED Viewed

@@ -31,6 +31,8 @@ export type ProxyServiceWorkerScriptOptions = Readonly<{
     stripProxyPathPrefix?: boolean;
     injectHTML?: ProxyServiceWorkerInjectHTMLOptions;
     forwardFetchMessageTypes?: readonly string[];
+    windowTarget?: "registered_runtime" | "request_client";
+    windowClientMessageType?: string;
     conflictHints?: Readonly<{
         keepScriptPathSuffixes?: readonly string[];
     }>;

package/dist/proxy/serviceWorker.js CHANGED Viewed

@@ -74,6 +74,18 @@ export function createProxyServiceWorkerScript(opts = {}) {
     const passthroughPrefixes = normalizePathList("passthrough.prefixes", opts.passthrough?.prefixes);
     const forwardFetchMessageTypes = normalizeMessageTypeList("forwardFetchMessageTypes", opts.forwardFetchMessageTypes);
     const keepScriptPathSuffixes = normalizePathList("conflictHints.keepScriptPathSuffixes", opts.conflictHints?.keepScriptPathSuffixes);
+    const windowTarget = opts.windowTarget ?? "registered_runtime";
+    if (windowTarget !== "registered_runtime" && windowTarget !== "request_client") {
+        throw new Error('windowTarget must be either "registered_runtime" or "request_client"');
+    }
+    const windowClientMessageType = (() => {
+        const normalized = typeof opts.windowClientMessageType === "string" ? opts.windowClientMessageType.trim() : "flowersec-proxy:fetch";
+        if (normalized === "")
+            throw new Error("windowClientMessageType must be non-empty");
+        if (/[\r\n]/.test(normalized))
+            throw new Error("windowClientMessageType must not contain newline");
+        return normalized;
+    })();
     const injectHTML = opts.injectHTML ?? null;
     // Injection mode defaults to inline_module when injectHTML is provided.
     const injectMode = injectHTML?.mode ?? "inline_module";
@@ -133,6 +145,8 @@ const INJECT_SET_NO_STORE = ${JSON.stringify(setNoStore)};
 const MAX_REQUEST_BODY_BYTES = ${JSON.stringify(maxRequestBodyBytes)};
 const MAX_INJECT_HTML_BYTES = ${JSON.stringify(maxInjectHTMLBytes)};
 const FORWARD_FETCH_MESSAGE_TYPES = new Set(${JSON.stringify(forwardFetchMessageTypes)});
+const WINDOW_TARGET = ${JSON.stringify(windowTarget)};
+const WINDOW_CLIENT_MESSAGE_TYPE = ${JSON.stringify(windowClientMessageType)};
 const CONFLICT_HINT_KEEP_SCRIPT_SUFFIXES = ${JSON.stringify(keepScriptPathSuffixes)};
 const INJECT_STRIP_HEADER_NAMES = new Set(["content-length", "etag", "last-modified", "content-md5"]);
@@ -162,15 +176,19 @@ self.addEventListener("message", (event) => {
   if (!port) return;
   event.waitUntil((async () => {
-    const runtime = await getRuntimeClient();
-    if (!runtime) {
-      try { port.postMessage({ type: "flowersec-proxy:response_error", status: 503, message: "flowersec-proxy runtime not available" }); } catch {}
+    const preferredClientId =
+      WINDOW_TARGET === "request_client" && event.source && typeof event.source.id === "string"
+        ? event.source.id
+        : "";
+    const target = await getWindowClient(preferredClientId);
+    if (!target) {
+      try { port.postMessage({ type: "flowersec-proxy:response_error", status: 503, message: "flowersec-proxy target window not available" }); } catch {}
       try { port.close(); } catch {}
       return;
     }
     try {
-      runtime.postMessage({ type: "flowersec-proxy:fetch", req: data.req }, [port]);
+      target.postMessage({ type: WINDOW_CLIENT_MESSAGE_TYPE, req: data.req }, [port]);
     } catch (e) {
       const msg = e instanceof Error ? e.message : String(e);
       try { port.postMessage({ type: "flowersec-proxy:response_error", status: 502, message: msg }); } catch {}
@@ -179,7 +197,16 @@ self.addEventListener("message", (event) => {
   })());
 });
-async function getRuntimeClient() {
+async function getWindowClient(preferredClientId) {
+  if (WINDOW_TARGET === "request_client") {
+    if (preferredClientId) {
+      const c = await self.clients.get(preferredClientId);
+      if (c) return c;
+    }
+    const cs = await self.clients.matchAll({ type: "window", includeUncontrolled: true });
+    return cs.length > 0 ? cs[0] : null;
+  }
   if (runtimeClientId) {
     const c = await self.clients.get(runtimeClientId);
     if (c) return c;
@@ -330,8 +357,12 @@ async function handleFetch(event) {
   let lastErrorMessage = "proxy error";
   try {
-    const runtime = await getRuntimeClient();
-    if (!runtime) return new Response("flowersec-proxy runtime not available", { status: 503 });
+    const preferredClientId =
+      WINDOW_TARGET === "request_client"
+        ? String(event.clientId || event.resultingClientId || "")
+        : "";
+    const target = await getWindowClient(preferredClientId);
+    if (!target) return new Response("flowersec-proxy target window not available", { status: 503 });
     const req = event.request;
     const url = new URL(req.url);
@@ -455,8 +486,8 @@ async function handleFetch(event) {
       path = "/" + rest + url.search;
     }
-    runtime.postMessage({
-      type: "flowersec-proxy:fetch",
+    target.postMessage({
+      type: WINDOW_CLIENT_MESSAGE_TYPE,
       req: { id, method: req.method, path, headers: headersToPairs(req.headers), body }
     }, [port2]);

package/dist/proxy/windowBridgeProtocol.d.ts ADDED Viewed

@@ -0,0 +1,52 @@
+import type { Header } from "./types.js";
+export declare const PROXY_WINDOW_FETCH_FORWARD_MSG_TYPE = "flowersec-proxy:window_fetch";
+export declare const PROXY_WINDOW_FETCH_MSG_TYPE = "flowersec-proxy:fetch";
+export declare const PROXY_WINDOW_WS_OPEN_MSG_TYPE = "flowersec-proxy:ws_open";
+export declare const PROXY_WINDOW_WS_OPEN_ACK_MSG_TYPE = "flowersec-proxy:ws_open_ack";
+export declare const PROXY_WINDOW_WS_ERROR_MSG_TYPE = "flowersec-proxy:ws_error";
+export declare const PROXY_WINDOW_STREAM_CHUNK_MSG_TYPE = "flowersec-proxy:stream_chunk";
+export declare const PROXY_WINDOW_STREAM_END_MSG_TYPE = "flowersec-proxy:stream_end";
+export declare const PROXY_WINDOW_STREAM_RESET_MSG_TYPE = "flowersec-proxy:stream_reset";
+export declare const PROXY_WINDOW_STREAM_CLOSE_MSG_TYPE = "flowersec-proxy:stream_close";
+export type ProxyWindowFetchRequest = Readonly<{
+    id: string;
+    method: string;
+    path: string;
+    headers: readonly Header[];
+    body?: ArrayBuffer;
+}>;
+export type ProxyWindowFetchForwardMsg = Readonly<{
+    type: typeof PROXY_WINDOW_FETCH_FORWARD_MSG_TYPE;
+    req: ProxyWindowFetchRequest;
+}>;
+export type ProxyWindowFetchMsg = Readonly<{
+    type: typeof PROXY_WINDOW_FETCH_MSG_TYPE;
+    req: ProxyWindowFetchRequest;
+}>;
+export type ProxyWindowWsOpenMsg = Readonly<{
+    type: typeof PROXY_WINDOW_WS_OPEN_MSG_TYPE;
+    path: string;
+    protocols?: readonly string[];
+}>;
+export type ProxyWindowWsOpenAckMsg = Readonly<{
+    type: typeof PROXY_WINDOW_WS_OPEN_ACK_MSG_TYPE;
+    protocol: string;
+}>;
+export type ProxyWindowWsErrorMsg = Readonly<{
+    type: typeof PROXY_WINDOW_WS_ERROR_MSG_TYPE;
+    message: string;
+}>;
+export type ProxyWindowStreamChunkMsg = Readonly<{
+    type: typeof PROXY_WINDOW_STREAM_CHUNK_MSG_TYPE;
+    data: ArrayBuffer;
+}>;
+export type ProxyWindowStreamEndMsg = Readonly<{
+    type: typeof PROXY_WINDOW_STREAM_END_MSG_TYPE;
+}>;
+export type ProxyWindowStreamResetMsg = Readonly<{
+    type: typeof PROXY_WINDOW_STREAM_RESET_MSG_TYPE;
+    message: string;
+}>;
+export type ProxyWindowStreamCloseMsg = Readonly<{
+    type: typeof PROXY_WINDOW_STREAM_CLOSE_MSG_TYPE;
+}>;

package/dist/proxy/windowBridgeProtocol.js ADDED Viewed

@@ -0,0 +1,9 @@
+export const PROXY_WINDOW_FETCH_FORWARD_MSG_TYPE = "flowersec-proxy:window_fetch";
+export const PROXY_WINDOW_FETCH_MSG_TYPE = "flowersec-proxy:fetch";
+export const PROXY_WINDOW_WS_OPEN_MSG_TYPE = "flowersec-proxy:ws_open";
+export const PROXY_WINDOW_WS_OPEN_ACK_MSG_TYPE = "flowersec-proxy:ws_open_ack";
+export const PROXY_WINDOW_WS_ERROR_MSG_TYPE = "flowersec-proxy:ws_error";
+export const PROXY_WINDOW_STREAM_CHUNK_MSG_TYPE = "flowersec-proxy:stream_chunk";
+export const PROXY_WINDOW_STREAM_END_MSG_TYPE = "flowersec-proxy:stream_end";
+export const PROXY_WINDOW_STREAM_RESET_MSG_TYPE = "flowersec-proxy:stream_reset";
+export const PROXY_WINDOW_STREAM_CLOSE_MSG_TYPE = "flowersec-proxy:stream_close";

package/dist/proxy/wsPatch.d.ts CHANGED Viewed

@@ -1,6 +1,16 @@
-import type { ProxyRuntime } from "./runtime.js";
+import type { YamuxStream } from "../yamux/stream.js";
+import type { ProxyRuntimeLimits } from "./runtime.js";
 export type WebSocketPatchOptions = Readonly<{
-    runtime: ProxyRuntime;
+    runtime: Readonly<{
+        limits: Partial<ProxyRuntimeLimits>;
+        openWebSocketStream: (path: string, opts?: Readonly<{
+            protocols?: readonly string[];
+            signal?: AbortSignal;
+        }>) => Promise<Readonly<{
+            stream: YamuxStream;
+            protocol: string;
+        }>>;
+    }>;
     shouldProxy?: (url: URL) => boolean;
     maxWsFrameBytes?: number;
 }>;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@floegence/flowersec-core",
-  "version": "0.15.0",
+  "version": "0.16.0",
   "description": "Flowersec core TypeScript library (browser-friendly E2EE + multiplexing over WebSocket).",
   "license": "MIT",
   "repository": {