npm - @floegence/flowersec-core - Versions diffs - 0.16.0 → 0.16.2 - Mend

@floegence/flowersec-core 0.16.0 → 0.16.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/dist/browser/controlplane.d.ts +17 -0
package/dist/browser/controlplane.js +72 -0
package/dist/browser/index.d.ts +4 -0
package/dist/browser/index.js +2 -0
package/dist/browser/reconnectConfig.d.ts +30 -0
package/dist/browser/reconnectConfig.js +46 -0
package/dist/proxy/appWindow.d.ts +13 -0
package/dist/proxy/appWindow.js +25 -0
package/dist/proxy/bootstrap.d.ts +15 -1
package/dist/proxy/bootstrap.js +36 -0
package/package.json +1 -1

package/dist/browser/controlplane.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+import { type ChannelInitGrant } from "../facade.js";
+type FetchLike = typeof fetch;
+type BaseControlplaneRequestConfig = Readonly<{
+    baseUrl?: string;
+    endpointId: string;
+    payload?: Record<string, unknown>;
+    headers?: HeadersInit;
+    credentials?: RequestCredentials;
+    fetch?: FetchLike;
+}>;
+export type ControlplaneConfig = BaseControlplaneRequestConfig;
+export type EntryControlplaneConfig = BaseControlplaneRequestConfig & Readonly<{
+    entryTicket: string;
+}>;
+export declare function requestChannelGrant(config: ControlplaneConfig): Promise<ChannelInitGrant>;
+export declare function requestEntryChannelGrant(config: EntryControlplaneConfig): Promise<ChannelInitGrant>;
+export {};

package/dist/browser/controlplane.js ADDED Viewed

@@ -0,0 +1,72 @@
+import { assertChannelInitGrant } from "../facade.js";
+function resolveFetch(fetchImpl) {
+    if (fetchImpl)
+        return fetchImpl;
+    if (typeof globalThis.fetch === "function")
+        return globalThis.fetch.bind(globalThis);
+    throw new Error("global fetch is not available");
+}
+function buildURL(baseUrl, path) {
+    const base = String(baseUrl ?? "").trim();
+    if (base === "")
+        return path;
+    return `${base.replace(/\/+$/, "")}${path}`;
+}
+function buildPayload(endpointId, payload) {
+    const id = String(endpointId ?? "").trim();
+    if (id === "")
+        throw new Error("endpointId is required");
+    const out = { ...(payload ?? {}) };
+    const raw = out.endpoint_id;
+    if (raw !== undefined && String(raw ?? "").trim() !== id) {
+        throw new Error("payload.endpoint_id must match endpointId");
+    }
+    out.endpoint_id = id;
+    return out;
+}
+async function requestGrant(url, init) {
+    const runFetch = resolveFetch(init.fetch);
+    const response = await runFetch(url, {
+        ...init,
+        cache: "no-store",
+    });
+    if (!response.ok) {
+        throw new Error(`Failed to get channel grant: ${response.status}`);
+    }
+    const data = (await response.json());
+    if (!data?.grant_client) {
+        throw new Error("Invalid controlplane response: missing `grant_client`");
+    }
+    return assertChannelInitGrant(data.grant_client);
+}
+export async function requestChannelGrant(config) {
+    const headers = new Headers(config.headers);
+    if (!headers.has("Content-Type")) {
+        headers.set("Content-Type", "application/json");
+    }
+    return await requestGrant(buildURL(config.baseUrl, "/v1/channel/init"), {
+        ...(config.fetch === undefined ? {} : { fetch: config.fetch }),
+        method: "POST",
+        credentials: config.credentials ?? "omit",
+        headers,
+        body: JSON.stringify(buildPayload(config.endpointId, config.payload)),
+    });
+}
+export async function requestEntryChannelGrant(config) {
+    const entryTicket = String(config.entryTicket ?? "").trim();
+    if (entryTicket === "")
+        throw new Error("entryTicket is required");
+    const endpointId = String(config.endpointId ?? "").trim();
+    const headers = new Headers(config.headers);
+    headers.set("Authorization", `Bearer ${entryTicket}`);
+    if (!headers.has("Content-Type")) {
+        headers.set("Content-Type", "application/json");
+    }
+    return await requestGrant(buildURL(config.baseUrl, `/v1/channel/init/entry?endpoint_id=${encodeURIComponent(endpointId)}`), {
+        ...(config.fetch === undefined ? {} : { fetch: config.fetch }),
+        method: "POST",
+        credentials: config.credentials ?? "omit",
+        headers,
+        body: JSON.stringify(buildPayload(endpointId, config.payload)),
+    });
+}

package/dist/browser/index.d.ts CHANGED Viewed

@@ -1,2 +1,6 @@
 export type { ConnectBrowserOptions, DirectConnectBrowserOptions, TunnelConnectBrowserOptions } from "./connect.js";
 export { connectBrowser, connectDirectBrowser, connectTunnelBrowser } from "./connect.js";
+export type { ControlplaneConfig, EntryControlplaneConfig } from "./controlplane.js";
+export { requestChannelGrant, requestEntryChannelGrant } from "./controlplane.js";
+export type { BrowserReconnectConfig, DirectBrowserReconnectConfig, TunnelBrowserReconnectConfig, } from "./reconnectConfig.js";
+export { createBrowserReconnectConfig, createDirectBrowserReconnectConfig, createTunnelBrowserReconnectConfig, } from "./reconnectConfig.js";

package/dist/browser/index.js CHANGED Viewed

@@ -1 +1,3 @@
 export { connectBrowser, connectDirectBrowser, connectTunnelBrowser } from "./connect.js";
+export { requestChannelGrant, requestEntryChannelGrant } from "./controlplane.js";
+export { createBrowserReconnectConfig, createDirectBrowserReconnectConfig, createTunnelBrowserReconnectConfig, } from "./reconnectConfig.js";

package/dist/browser/reconnectConfig.d.ts ADDED Viewed

@@ -0,0 +1,30 @@
+import type { ChannelInitGrant } from "../gen/flowersec/controlplane/v1.gen.js";
+import type { DirectConnectInfo } from "../gen/flowersec/direct/v1.gen.js";
+import type { ClientObserverLike } from "../observability/observer.js";
+import type { AutoReconnectConfig, ConnectConfig as ReconnectConnectConfig } from "../reconnect/index.js";
+import type { DirectConnectBrowserOptions, TunnelConnectBrowserOptions } from "./connect.js";
+import { type ControlplaneConfig } from "./controlplane.js";
+type SharedReconnectOptions = Readonly<{
+    observer?: ClientObserverLike;
+    autoReconnect?: AutoReconnectConfig;
+}>;
+type TunnelReconnectConnectOptions = Omit<TunnelConnectBrowserOptions, "observer" | "signal">;
+type DirectReconnectConnectOptions = Omit<DirectConnectBrowserOptions, "observer" | "signal">;
+export type TunnelBrowserReconnectConfig = SharedReconnectOptions & Readonly<{
+    mode?: "tunnel";
+    connect?: TunnelReconnectConnectOptions;
+    grant?: ChannelInitGrant;
+    getGrant?: () => Promise<ChannelInitGrant>;
+    controlplane?: ControlplaneConfig;
+}>;
+export type DirectBrowserReconnectConfig = SharedReconnectOptions & Readonly<{
+    mode: "direct";
+    connect?: DirectReconnectConnectOptions;
+    directInfo?: DirectConnectInfo;
+    getDirectInfo?: () => Promise<DirectConnectInfo>;
+}>;
+export type BrowserReconnectConfig = TunnelBrowserReconnectConfig | DirectBrowserReconnectConfig;
+export declare function createTunnelBrowserReconnectConfig(config: TunnelBrowserReconnectConfig): ReconnectConnectConfig;
+export declare function createDirectBrowserReconnectConfig(config: DirectBrowserReconnectConfig): ReconnectConnectConfig;
+export declare function createBrowserReconnectConfig(config: BrowserReconnectConfig): ReconnectConnectConfig;
+export {};

package/dist/browser/reconnectConfig.js ADDED Viewed

@@ -0,0 +1,46 @@
+import { connectDirectBrowser, connectTunnelBrowser } from "./connect.js";
+import { requestChannelGrant } from "./controlplane.js";
+async function resolveTunnelGrant(config) {
+    if (config.getGrant)
+        return await config.getGrant();
+    if (config.grant)
+        return config.grant;
+    if (config.controlplane)
+        return await requestChannelGrant(config.controlplane);
+    throw new Error("Tunnel reconnect config requires `getGrant`, `grant`, or `controlplane`");
+}
+async function resolveDirectInfo(config) {
+    if (config.getDirectInfo)
+        return await config.getDirectInfo();
+    if (config.directInfo)
+        return config.directInfo;
+    throw new Error("Direct reconnect config requires `getDirectInfo` or `directInfo`");
+}
+export function createTunnelBrowserReconnectConfig(config) {
+    return {
+        ...(config.observer === undefined ? {} : { observer: config.observer }),
+        ...(config.autoReconnect === undefined ? {} : { autoReconnect: config.autoReconnect }),
+        connectOnce: async ({ signal, observer }) => await connectTunnelBrowser(await resolveTunnelGrant(config), {
+            ...(config.connect ?? {}),
+            signal,
+            observer,
+        }),
+    };
+}
+export function createDirectBrowserReconnectConfig(config) {
+    return {
+        ...(config.observer === undefined ? {} : { observer: config.observer }),
+        ...(config.autoReconnect === undefined ? {} : { autoReconnect: config.autoReconnect }),
+        connectOnce: async ({ signal, observer }) => await connectDirectBrowser(await resolveDirectInfo(config), {
+            ...(config.connect ?? {}),
+            signal,
+            observer,
+        }),
+    };
+}
+export function createBrowserReconnectConfig(config) {
+    if (config.mode === "direct") {
+        return createDirectBrowserReconnectConfig(config);
+    }
+    return createTunnelBrowserReconnectConfig(config);
+}

package/dist/proxy/appWindow.d.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 import type { YamuxStream } from "../yamux/stream.js";
 import type { ProxyRuntimeLimits } from "./runtime.js";
+import { type ServiceWorkerControllerGuardConflictPolicy, type ServiceWorkerControllerGuardMonitorOptions, type ServiceWorkerControllerGuardRepairOptions } from "./controllerGuard.js";
 export type RegisterProxyAppWindowOptions = Readonly<{
     controllerOrigin: string;
     controllerWindow?: Window | null;
@@ -19,4 +20,16 @@ export type ProxyAppWindowHandle = Readonly<{
     }>;
     dispose: () => void;
 }>;
+export type ProxyAppServiceWorkerControlOptions = Readonly<{
+    scriptUrl: string;
+    scope?: string;
+    expectedScriptPathSuffix: string;
+    repair?: ServiceWorkerControllerGuardRepairOptions;
+    monitor?: ServiceWorkerControllerGuardMonitorOptions;
+    conflicts?: ServiceWorkerControllerGuardConflictPolicy;
+}>;
+export type RegisterProxyAppWindowWithServiceWorkerControlOptions = RegisterProxyAppWindowOptions & Readonly<{
+    serviceWorker: ProxyAppServiceWorkerControlOptions;
+}>;
 export declare function registerProxyAppWindow(opts: RegisterProxyAppWindowOptions): ProxyAppWindowHandle;
+export declare function registerProxyAppWindowWithServiceWorkerControl(opts: RegisterProxyAppWindowWithServiceWorkerControlOptions): Promise<ProxyAppWindowHandle>;

package/dist/proxy/appWindow.js CHANGED Viewed

@@ -1,3 +1,4 @@
+import { createServiceWorkerControllerGuard, } from "./controllerGuard.js";
 import { createMessagePortBackedStream } from "./portStream.js";
 import { PROXY_WINDOW_FETCH_FORWARD_MSG_TYPE, PROXY_WINDOW_FETCH_MSG_TYPE, PROXY_WINDOW_WS_ERROR_MSG_TYPE, PROXY_WINDOW_WS_OPEN_ACK_MSG_TYPE, PROXY_WINDOW_WS_OPEN_MSG_TYPE, } from "./windowBridgeProtocol.js";
 function resolveTargetWindow(raw) {
@@ -131,3 +132,27 @@ export function registerProxyAppWindow(opts) {
         },
     };
 }
+export async function registerProxyAppWindowWithServiceWorkerControl(opts) {
+    const targetWindow = resolveTargetWindow(opts.targetWindow);
+    const sw = targetWindow.navigator?.serviceWorker;
+    if (sw == null || typeof sw.register !== "function") {
+        throw new Error("serviceWorker is not available");
+    }
+    await sw.register(opts.serviceWorker.scriptUrl, {
+        ...(opts.serviceWorker.scope === undefined ? {} : { scope: opts.serviceWorker.scope }),
+    });
+    const guard = createServiceWorkerControllerGuard({
+        targetWindow,
+        expectedScriptPathSuffix: opts.serviceWorker.expectedScriptPathSuffix,
+        ...(opts.serviceWorker.repair === undefined ? {} : { repair: opts.serviceWorker.repair }),
+        ...(opts.serviceWorker.monitor === undefined ? {} : { monitor: opts.serviceWorker.monitor }),
+        ...(opts.serviceWorker.conflicts === undefined ? {} : { conflicts: opts.serviceWorker.conflicts }),
+    });
+    try {
+        await guard.ensure();
+    }
+    finally {
+        guard.dispose();
+    }
+    return registerProxyAppWindow(opts);
+}

package/dist/proxy/bootstrap.d.ts CHANGED Viewed

@@ -2,8 +2,9 @@ import type { Client } from "../client.js";
 import type { TunnelConnectBrowserOptions } from "../browser/connect.js";
 import type { ChannelInitGrant } from "../gen/flowersec/controlplane/v1.gen.js";
 import { type ProxyIntegrationPlugin, type ProxyIntegrationServiceWorkerOptions, type RegisterProxyIntegrationOptions } from "./integration.js";
+import { type RegisterProxyControllerWindowOptions } from "./controllerWindow.js";
 import type { ProxyProfile, ProxyProfileName } from "./profiles.js";
-import type { ProxyRuntime } from "./runtime.js";
+import { type ProxyRuntime } from "./runtime.js";
 export type ConnectTunnelProxyBrowserOptions = Readonly<{
     connect?: TunnelConnectBrowserOptions;
     profile?: ProxyProfileName | Partial<ProxyProfile>;
@@ -17,4 +18,17 @@ export type ConnectTunnelProxyBrowserHandle = Readonly<{
     runtime: ProxyRuntime;
     dispose: () => Promise<void>;
 }>;
+export type ConnectTunnelProxyControllerBrowserOptions = Readonly<{
+    connect?: TunnelConnectBrowserOptions;
+    runtime?: RegisterProxyIntegrationOptions["runtime"];
+    allowedOrigins: RegisterProxyControllerWindowOptions["allowedOrigins"];
+    targetWindow?: RegisterProxyControllerWindowOptions["targetWindow"];
+    expectedSource?: RegisterProxyControllerWindowOptions["expectedSource"];
+}>;
+export type ConnectTunnelProxyControllerBrowserHandle = Readonly<{
+    client: Client;
+    runtime: ProxyRuntime;
+    dispose: () => void;
+}>;
 export declare function connectTunnelProxyBrowser(grant: ChannelInitGrant, opts: ConnectTunnelProxyBrowserOptions): Promise<ConnectTunnelProxyBrowserHandle>;
+export declare function connectTunnelProxyControllerBrowser(grant: ChannelInitGrant, opts: ConnectTunnelProxyControllerBrowserOptions): Promise<ConnectTunnelProxyControllerBrowserHandle>;

package/dist/proxy/bootstrap.js CHANGED Viewed

@@ -1,5 +1,7 @@
 import { connectTunnelBrowser } from "../browser/connect.js";
 import { registerProxyIntegration, } from "./integration.js";
+import { registerProxyControllerWindow } from "./controllerWindow.js";
+import { createProxyRuntime } from "./runtime.js";
 export async function connectTunnelProxyBrowser(grant, opts) {
     const client = await connectTunnelBrowser(grant, opts.connect ?? {});
     const integrationInput = {
@@ -44,3 +46,37 @@ export async function connectTunnelProxyBrowser(grant, opts) {
         },
     };
 }
+export async function connectTunnelProxyControllerBrowser(grant, opts) {
+    const client = await connectTunnelBrowser(grant, opts.connect ?? {});
+    let runtime = null;
+    let controller = null;
+    try {
+        runtime = createProxyRuntime({
+            client,
+            ...(opts.runtime ?? {}),
+        });
+        controller = registerProxyControllerWindow({
+            runtime,
+            allowedOrigins: opts.allowedOrigins,
+            ...(opts.targetWindow === undefined ? {} : { targetWindow: opts.targetWindow }),
+            ...(opts.expectedSource === undefined ? {} : { expectedSource: opts.expectedSource }),
+        });
+    }
+    catch (error) {
+        try {
+            client.close();
+        }
+        catch {
+            // Best effort cleanup.
+        }
+        throw error;
+    }
+    return {
+        client,
+        runtime,
+        dispose: () => {
+            controller?.dispose();
+            client.close();
+        },
+    };
+}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@floegence/flowersec-core",
-  "version": "0.16.0",
+  "version": "0.16.2",
   "description": "Flowersec core TypeScript library (browser-friendly E2EE + multiplexing over WebSocket).",
   "license": "MIT",
   "repository": {