@inkbox/sdk 0.3.2 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +30 -25
- package/dist/agent_identity.d.ts +28 -31
- package/dist/agent_identity.d.ts.map +1 -1
- package/dist/agent_identity.js +34 -58
- package/dist/agent_identity.js.map +1 -1
- package/dist/identities/exceptions.d.ts +35 -0
- package/dist/identities/exceptions.d.ts.map +1 -0
- package/dist/identities/exceptions.js +49 -0
- package/dist/identities/exceptions.js.map +1 -0
- package/dist/identities/resources/identities.d.ts +36 -25
- package/dist/identities/resources/identities.d.ts.map +1 -1
- package/dist/identities/resources/identities.js +61 -31
- package/dist/identities/resources/identities.js.map +1 -1
- package/dist/identities/types.d.ts +38 -12
- package/dist/identities/types.d.ts.map +1 -1
- package/dist/identities/types.js +13 -3
- package/dist/identities/types.js.map +1 -1
- package/dist/index.d.ts +6 -4
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +3 -1
- package/dist/index.js.map +1 -1
- package/dist/inkbox.d.ts +18 -9
- package/dist/inkbox.d.ts.map +1 -1
- package/dist/inkbox.js +33 -27
- package/dist/inkbox.js.map +1 -1
- package/dist/mail/resources/mailboxes.d.ts +4 -28
- package/dist/mail/resources/mailboxes.d.ts.map +1 -1
- package/dist/mail/resources/mailboxes.js +4 -37
- package/dist/mail/resources/mailboxes.js.map +1 -1
- package/dist/mail/types.d.ts +4 -7
- package/dist/mail/types.d.ts.map +1 -1
- package/dist/mail/types.js +0 -1
- package/dist/mail/types.js.map +1 -1
- package/dist/phone/types.d.ts +6 -0
- package/dist/phone/types.d.ts.map +1 -1
- package/dist/phone/types.js +1 -0
- package/dist/phone/types.js.map +1 -1
- package/dist/tunnels/_reserved_names.d.ts +22 -0
- package/dist/tunnels/_reserved_names.d.ts.map +1 -0
- package/dist/tunnels/_reserved_names.js +149 -0
- package/dist/tunnels/_reserved_names.js.map +1 -0
- package/dist/tunnels/_validation.d.ts +16 -1
- package/dist/tunnels/_validation.d.ts.map +1 -1
- package/dist/tunnels/_validation.js +33 -8
- package/dist/tunnels/_validation.js.map +1 -1
- package/dist/tunnels/client/_protocol.d.ts +1 -1
- package/dist/tunnels/client/_protocol.js +1 -1
- package/dist/tunnels/client/_protocol.js.map +1 -1
- package/dist/tunnels/client/_runtime.d.ts +3 -2
- package/dist/tunnels/client/_runtime.d.ts.map +1 -1
- package/dist/tunnels/client/_runtime.js +7 -7
- package/dist/tunnels/client/_runtime.js.map +1 -1
- package/dist/tunnels/client/_state.d.ts +0 -13
- package/dist/tunnels/client/_state.d.ts.map +1 -1
- package/dist/tunnels/client/_state.js +0 -27
- package/dist/tunnels/client/_state.js.map +1 -1
- package/dist/tunnels/client/index.d.ts +13 -13
- package/dist/tunnels/client/index.d.ts.map +1 -1
- package/dist/tunnels/client/index.js +20 -65
- package/dist/tunnels/client/index.js.map +1 -1
- package/dist/tunnels/exceptions.d.ts +8 -6
- package/dist/tunnels/exceptions.d.ts.map +1 -1
- package/dist/tunnels/exceptions.js +12 -26
- package/dist/tunnels/exceptions.js.map +1 -1
- package/dist/tunnels/resources/tunnels.d.ts +9 -38
- package/dist/tunnels/resources/tunnels.d.ts.map +1 -1
- package/dist/tunnels/resources/tunnels.js +10 -92
- package/dist/tunnels/resources/tunnels.js.map +1 -1
- package/dist/tunnels/types.d.ts +17 -33
- package/dist/tunnels/types.d.ts.map +1 -1
- package/dist/tunnels/types.js +13 -23
- package/dist/tunnels/types.js.map +1 -1
- package/package.json +1 -1
- package/protocol/tunnel_protocol_constants.json +1 -1
|
@@ -20,7 +20,6 @@ export declare class TunnelStateError extends Error {
|
|
|
20
20
|
export interface StateEntry {
|
|
21
21
|
tunnelId: string;
|
|
22
22
|
name: string;
|
|
23
|
-
secret?: string | null;
|
|
24
23
|
mode?: string | null;
|
|
25
24
|
zone?: string | null;
|
|
26
25
|
publicHost?: string | null;
|
|
@@ -29,17 +28,5 @@ export declare function ensurePrivateStateDir(stateDir: string): void;
|
|
|
29
28
|
export declare function loadState(stateDir: string): StateEntry | null;
|
|
30
29
|
export declare function saveState(stateDir: string, entry: StateEntry): void;
|
|
31
30
|
export declare function writePrivateFile(target: string, content: Buffer | string): void;
|
|
32
|
-
/**
|
|
33
|
-
* One-time disclosure of the connect secret.
|
|
34
|
-
*
|
|
35
|
-
* TTY-gated by default: prints to stderr only when stderr is a TTY.
|
|
36
|
-
* Container/daemon/CI runs get only the breadcrumb pointing at the
|
|
37
|
-
* on-disk state file.
|
|
38
|
-
*/
|
|
39
|
-
export declare function printSecretOnce(opts: {
|
|
40
|
-
secret: string;
|
|
41
|
-
statePath: string;
|
|
42
|
-
printToStderr: boolean | null;
|
|
43
|
-
}): void;
|
|
44
31
|
export declare function defaultStateDir(name: string): string;
|
|
45
32
|
//# sourceMappingURL=_state.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"_state.d.ts","sourceRoot":"","sources":["../../../src/tunnels/client/_state.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAMH,eAAO,MAAM,UAAU,eAAe,CAAC;AACvC,eAAO,MAAM,QAAQ,oBAAoB,CAAC;AAC1C,eAAO,MAAM,SAAS,mBAAmB,CAAC;AAE1C,qBAAa,gBAAiB,SAAQ,KAAK;gBAC7B,OAAO,EAAE,MAAM;CAI5B;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,
|
|
1
|
+
{"version":3,"file":"_state.d.ts","sourceRoot":"","sources":["../../../src/tunnels/client/_state.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAMH,eAAO,MAAM,UAAU,eAAe,CAAC;AACvC,eAAO,MAAM,QAAQ,oBAAoB,CAAC;AAC1C,eAAO,MAAM,SAAS,mBAAmB,CAAC;AAE1C,qBAAa,gBAAiB,SAAQ,KAAK;gBAC7B,OAAO,EAAE,MAAM;CAI5B;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC5B;AAaD,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAsB5D;AAED,wBAAgB,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,UAAU,GAAG,IAAI,CAqB7D;AAED,wBAAgB,SAAS,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,GAAG,IAAI,CAWnE;AAED,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAqB/E;AAuBD,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAEpD"}
|
|
@@ -65,7 +65,6 @@ export function loadState(stateDir) {
|
|
|
65
65
|
return {
|
|
66
66
|
tunnelId: String(parsed.tunnel_id ?? ""),
|
|
67
67
|
name: String(parsed.name ?? ""),
|
|
68
|
-
secret: parsed.secret ?? null,
|
|
69
68
|
mode: parsed.mode ?? null,
|
|
70
69
|
zone: parsed.zone ?? null,
|
|
71
70
|
publicHost: parsed.public_host ?? null,
|
|
@@ -78,8 +77,6 @@ export function saveState(stateDir, entry) {
|
|
|
78
77
|
tunnel_id: entry.tunnelId,
|
|
79
78
|
name: entry.name,
|
|
80
79
|
};
|
|
81
|
-
if (entry.secret != null)
|
|
82
|
-
raw.secret = entry.secret;
|
|
83
80
|
if (entry.mode != null)
|
|
84
81
|
raw.mode = entry.mode;
|
|
85
82
|
if (entry.zone != null)
|
|
@@ -135,30 +132,6 @@ function atomicWrite(target, content) {
|
|
|
135
132
|
throw err;
|
|
136
133
|
}
|
|
137
134
|
}
|
|
138
|
-
/**
|
|
139
|
-
* One-time disclosure of the connect secret.
|
|
140
|
-
*
|
|
141
|
-
* TTY-gated by default: prints to stderr only when stderr is a TTY.
|
|
142
|
-
* Container/daemon/CI runs get only the breadcrumb pointing at the
|
|
143
|
-
* on-disk state file.
|
|
144
|
-
*/
|
|
145
|
-
export function printSecretOnce(opts) {
|
|
146
|
-
let shouldPrint = opts.printToStderr;
|
|
147
|
-
if (shouldPrint === null || shouldPrint === undefined) {
|
|
148
|
-
shouldPrint = Boolean(process.stderr.isTTY);
|
|
149
|
-
}
|
|
150
|
-
if (!shouldPrint)
|
|
151
|
-
return;
|
|
152
|
-
const banner = "\n" +
|
|
153
|
-
"=================================================================\n" +
|
|
154
|
-
" Inkbox tunnel: ONE-TIME connect_secret disclosure\n" +
|
|
155
|
-
" This will not appear on subsequent runs.\n" +
|
|
156
|
-
` Secret persisted at: ${opts.statePath} (chmod 600)\n` +
|
|
157
|
-
"=================================================================\n" +
|
|
158
|
-
` connect_secret = ${opts.secret}\n` +
|
|
159
|
-
"=================================================================\n";
|
|
160
|
-
process.stderr.write(banner);
|
|
161
|
-
}
|
|
162
135
|
export function defaultStateDir(name) {
|
|
163
136
|
return path.join(os.homedir(), ".inkbox", "tunnels", name);
|
|
164
137
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"_state.js","sourceRoot":"","sources":["../../../src/tunnels/client/_state.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAElC,MAAM,CAAC,MAAM,UAAU,GAAG,YAAY,CAAC;AACvC,MAAM,CAAC,MAAM,QAAQ,GAAG,iBAAiB,CAAC;AAC1C,MAAM,CAAC,MAAM,SAAS,GAAG,gBAAgB,CAAC;AAE1C,MAAM,OAAO,gBAAiB,SAAQ,KAAK;IACzC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;IACjC,CAAC;CACF;
|
|
1
|
+
{"version":3,"file":"_state.js","sourceRoot":"","sources":["../../../src/tunnels/client/_state.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAElC,MAAM,CAAC,MAAM,UAAU,GAAG,YAAY,CAAC;AACvC,MAAM,CAAC,MAAM,QAAQ,GAAG,iBAAiB,CAAC;AAC1C,MAAM,CAAC,MAAM,SAAS,GAAG,gBAAgB,CAAC;AAE1C,MAAM,OAAO,gBAAiB,SAAQ,KAAK;IACzC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;IACjC,CAAC;CACF;AAqBD,MAAM,UAAU,qBAAqB,CAAC,QAAgB;IACpD,IAAI,MAAM,GAAG,KAAK,CAAC;IACnB,IAAI,EAAE,GAAoB,IAAI,CAAC;IAC/B,IAAI,CAAC;QACH,EAAE,GAAG,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAC5B,MAAM,GAAG,IAAI,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACP,oBAAoB;IACtB,CAAC;IACD,IAAI,EAAE,IAAI,EAAE,CAAC,cAAc,EAAE,EAAE,CAAC;QAC9B,MAAM,IAAI,gBAAgB,CACxB,0CAA0C,QAAQ,mCAAmC,CACtF,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC3D,CAAC;IACD,IAAI,CAAC;QACH,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC;QACP,iBAAiB;IACnB,CAAC;AACH,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,QAAgB;IACxC,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IAC/C,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACzC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,MAAqB,CAAC;IAC1B,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAkB,CAAC;IAC5C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO;QACL,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,SAAS,IAAI,EAAE,CAAC;QACxC,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QAC/B,IAAI,EAAE,MAAM,CAAC,IAAI,IAAI,IAAI;QACzB,IAAI,EAAE,MAAM,CAAC,IAAI,IAAI,IAAI;QACzB,UAAU,EAAE,MAAM,CAAC,WAAW,IAAI,IAAI;KACvC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,QAAgB,EAAE,KAAiB;IAC3D,qBAAqB,CAAC,QAAQ,CAAC,CAAC;IAChC,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IAC/C,MAAM,GAAG,GAAkB;QACzB,SAAS,EAAE,KAAK,CAAC,QAAQ;QACzB,IAAI,EAAE,KAAK,CAAC,IAAI;KACjB,CAAC;IACF,IAAI,KAAK,CAAC,IAAI,IAAI,IAAI;QAAE,GAAG,CAAC,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC;IAC9C,IAAI,KAAK,CAAC,IAAI,IAAI,IAAI;QAAE,GAAG,CAAC,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC;IAC9C,IAAI,KAAK,CAAC,UAAU,IAAI,IAAI;QAAE,GAAG,CAAC,WAAW,GAAG,KAAK,CAAC,UAAU,CAAC;IACjE,WAAW,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;AACpD,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,MAAc,EAAE,OAAwB;IACvE,IAAI,MAAM,GAAG,KAAK,CAAC;IACnB,IAAI,CAAC;QACH,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACrB,MAAM,GAAG,IAAI,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACP,oBAAoB;IACtB,CAAC;IACD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,KAAK,GAAG,EAAE,CAAC,SAAS,CAAC,OAAO,GAAG,EAAE,CAAC,SAAS,CAAC,MAAM,GAAG,EAAE,CAAC,SAAS,CAAC,QAAQ;YAC9E,CAAC,EAAE,CAAC,SAAS,CAAC,UAAU,IAAI,CAAC,CAAC,CAAC;QACjC,MAAM,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;QAC7C,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;YACzE,EAAE,CAAC,SAAS,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;QACxB,CAAC;gBAAS,CAAC;YACT,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QACnB,CAAC;QACD,OAAO;IACT,CAAC;IACD,WAAW,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAC/B,CAAC;AAED,SAAS,WAAW,CAAC,MAAc,EAAE,OAAwB;IAC3D,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACjC,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,OAAO,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACjF,EAAE,CAAC,aAAa,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAChD,IAAI,CAAC;QACH,EAAE,CAAC,UAAU,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QAC3B,IAAI,CAAC;YACH,EAAE,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC9B,CAAC;QAAC,MAAM,CAAC;YACP,iBAAiB;QACnB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,CAAC;YACH,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QACrB,CAAC;QAAC,MAAM,CAAC;YACP,aAAa;QACf,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,IAAY;IAC1C,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;AAC7D,CAAC"}
|
|
@@ -12,7 +12,6 @@
|
|
|
12
12
|
* (`@inkbox/sdk`) stays browser-safe; only this subpath gates on Node.
|
|
13
13
|
*/
|
|
14
14
|
import type { Inkbox } from "../../inkbox.js";
|
|
15
|
-
import { TLSMode } from "../types.js";
|
|
16
15
|
import { type TunnelListener, type TunnelStatusCallback } from "./_listener.js";
|
|
17
16
|
import type { InkboxHandler } from "./_handler.js";
|
|
18
17
|
import type { InkboxWsHandler } from "./_ws.js";
|
|
@@ -30,13 +29,18 @@ export declare const PROD_ZONE = "inkboxwire.com";
|
|
|
30
29
|
* `wsHandler` set without an HTTP path.
|
|
31
30
|
*
|
|
32
31
|
* Validation runs synchronously before any control-plane writes: a
|
|
33
|
-
* tunnel is never
|
|
32
|
+
* tunnel is never opened for an invalid configuration.
|
|
34
33
|
*/
|
|
35
34
|
export declare class InvalidConnectOptions extends Error {
|
|
36
35
|
constructor(message: string);
|
|
37
36
|
}
|
|
37
|
+
export { TunnelNotProvisioned } from "../exceptions.js";
|
|
38
38
|
export interface ConnectOptions {
|
|
39
|
-
/**
|
|
39
|
+
/**
|
|
40
|
+
* Tunnel name (= agent handle). The tunnel must already exist for the
|
|
41
|
+
* calling org; provision one via `inkbox.createIdentity(<handle>, ...)`
|
|
42
|
+
* if it doesn't.
|
|
43
|
+
*/
|
|
40
44
|
name: string;
|
|
41
45
|
/** URL forward path: forward inbound HTTP traffic to a local URL. */
|
|
42
46
|
forwardTo?: string;
|
|
@@ -46,20 +50,12 @@ export interface ConnectOptions {
|
|
|
46
50
|
wsHandler?: InkboxWsHandler;
|
|
47
51
|
/** Expert-only override for the data-plane h2 endpoint. */
|
|
48
52
|
dataPlaneZone?: string;
|
|
49
|
-
/** `"edge"` (default) or `"passthrough"`. */
|
|
50
|
-
tlsMode?: TLSMode | "edge" | "passthrough";
|
|
51
53
|
/** Where state.json (and passthrough key/cert) live. */
|
|
52
54
|
stateDir?: string;
|
|
53
|
-
/** Free-form description, recorded server-side at create time. */
|
|
54
|
-
description?: string;
|
|
55
55
|
/** 1-32; omit to let the server decide. */
|
|
56
56
|
poolSize?: number;
|
|
57
|
-
/** Explicit override; wins over the state file. */
|
|
58
|
-
secret?: string;
|
|
59
57
|
/** Status transitions. */
|
|
60
58
|
onStatus?: TunnelStatusCallback;
|
|
61
|
-
/** `"auto_restore"` (default) or `"error"`. */
|
|
62
|
-
onPendingRemoval?: "auto_restore" | "error";
|
|
63
59
|
/** Cap on materialized inbound bodies. */
|
|
64
60
|
maxInboundBodyBytes?: number;
|
|
65
61
|
/**
|
|
@@ -70,8 +66,6 @@ export interface ConnectOptions {
|
|
|
70
66
|
maxResponseBytes?: number;
|
|
71
67
|
/** Bypass the loopback-only allowlist for `forwardTo`. */
|
|
72
68
|
allowRemoteForwarding?: boolean;
|
|
73
|
-
/** TTY-gated by default. */
|
|
74
|
-
printSecretToStderr?: boolean | null;
|
|
75
69
|
/** Signal-handler installation policy. */
|
|
76
70
|
installSignalHandlers?: boolean;
|
|
77
71
|
/**
|
|
@@ -96,6 +90,12 @@ export interface ConnectOptions {
|
|
|
96
90
|
}
|
|
97
91
|
/**
|
|
98
92
|
* Bring a tunnel online from this Node process.
|
|
93
|
+
*
|
|
94
|
+
* The tunnel must already exist in the calling org (provisioned by
|
|
95
|
+
* `inkbox.createIdentity(...)`). Data-plane authentication uses the
|
|
96
|
+
* same API key the `inkbox` client was constructed with — an
|
|
97
|
+
* identity-scoped key must match the tunnel's identity, or an
|
|
98
|
+
* admin-scoped key in the same org.
|
|
99
99
|
*/
|
|
100
100
|
export declare function connect(inkbox: Inkbox, options: ConnectOptions): Promise<TunnelListener>;
|
|
101
101
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/tunnels/client/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/tunnels/client/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAoB9C,OAAO,EAEL,KAAK,cAAc,EAEnB,KAAK,oBAAoB,EAC1B,MAAM,gBAAgB,CAAC;AAMxB,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAEhD,YAAY,EAAE,cAAc,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAC;AAC3E,OAAO,EACL,oBAAoB,EACpB,oBAAoB,EACpB,qBAAqB,GACtB,MAAM,kBAAkB,CAAC;AAC1B,YAAY,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AACzE,YAAY,EACV,eAAe,EACf,yBAAyB,EACzB,eAAe,GAChB,MAAM,UAAU,CAAC;AAClB,OAAO,EACL,wBAAwB,EACxB,QAAQ,EACR,kBAAkB,GACnB,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAEhD,2FAA2F;AAC3F,eAAO,MAAM,SAAS,mBAAmB,CAAC;AAE1C;;;;;;;GAOG;AACH,qBAAa,qBAAsB,SAAQ,KAAK;gBAClC,OAAO,EAAE,MAAM;CAI5B;AAED,OAAO,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAExD,MAAM,WAAW,cAAc;IAC7B;;;;OAIG;IACH,IAAI,EAAE,MAAM,CAAC;IACb,qEAAqE;IACrE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,8EAA8E;IAC9E,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,8DAA8D;IAC9D,SAAS,CAAC,EAAE,eAAe,CAAC;IAC5B,2DAA2D;IAC3D,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,wDAAwD;IACxD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,2CAA2C;IAC3C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,0BAA0B;IAC1B,QAAQ,CAAC,EAAE,oBAAoB,CAAC;IAChC,0CAA0C;IAC1C,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,0DAA0D;IAC1D,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,0CAA0C;IAC1C,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC;;;;;OAKG;IACH,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B;;;;OAIG;IACH,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B;;;;OAIG;IACH,iBAAiB,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;CACrC;AAmDD;;;;;;;;GAQG;AACH,wBAAsB,OAAO,CAC3B,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,cAAc,CAAC,CA6HzB"}
|
|
@@ -12,11 +12,11 @@
|
|
|
12
12
|
* (`@inkbox/sdk`) stays browser-safe; only this subpath gates on Node.
|
|
13
13
|
*/
|
|
14
14
|
import { POOL_SIZE_MAX, POOL_SIZE_MIN } from "../resources/tunnels.js";
|
|
15
|
-
import {
|
|
15
|
+
import { TunnelNotProvisioned, TunnelRemoved, TunnelStateConflict, } from "../exceptions.js";
|
|
16
16
|
import { validateTunnelName } from "../_validation.js";
|
|
17
|
-
import { TLSMode
|
|
17
|
+
import { TLSMode } from "../types.js";
|
|
18
18
|
import { validateForwardTarget, } from "./_validation.js";
|
|
19
|
-
import { defaultStateDir, ensurePrivateStateDir, loadState,
|
|
19
|
+
import { defaultStateDir, ensurePrivateStateDir, loadState, saveState, } from "./_state.js";
|
|
20
20
|
import { TunnelListenerImpl, } from "./_listener.js";
|
|
21
21
|
import { DEFAULT_INBOUND_BODY_BYTES, DEFAULT_OUTBOUND_BODY_BYTES, TunnelRuntime, } from "./_runtime.js";
|
|
22
22
|
export { ForwardTargetRefused, validateEnvelopePath, validateForwardTarget, } from "./_validation.js";
|
|
@@ -30,7 +30,7 @@ export const PROD_ZONE = "inkboxwire.com";
|
|
|
30
30
|
* `wsHandler` set without an HTTP path.
|
|
31
31
|
*
|
|
32
32
|
* Validation runs synchronously before any control-plane writes: a
|
|
33
|
-
* tunnel is never
|
|
33
|
+
* tunnel is never opened for an invalid configuration.
|
|
34
34
|
*/
|
|
35
35
|
export class InvalidConnectOptions extends Error {
|
|
36
36
|
constructor(message) {
|
|
@@ -38,6 +38,7 @@ export class InvalidConnectOptions extends Error {
|
|
|
38
38
|
this.name = "InvalidConnectOptions";
|
|
39
39
|
}
|
|
40
40
|
}
|
|
41
|
+
export { TunnelNotProvisioned } from "../exceptions.js";
|
|
41
42
|
function validatePoolSize(poolSize) {
|
|
42
43
|
if (poolSize === undefined)
|
|
43
44
|
return;
|
|
@@ -67,15 +68,17 @@ function validateDispatchOptions(opts) {
|
|
|
67
68
|
}
|
|
68
69
|
}
|
|
69
70
|
function resolveZoneAndHost(opts) {
|
|
70
|
-
const
|
|
71
|
-
|
|
72
|
-
opts.serverZone ??
|
|
73
|
-
opts.state?.zone ??
|
|
74
|
-
PROD_ZONE;
|
|
75
|
-
return { zone, publicHost };
|
|
71
|
+
const zone = opts.dataPlaneZoneOverride ?? opts.serverZone;
|
|
72
|
+
return { zone, publicHost: opts.serverPublicHost };
|
|
76
73
|
}
|
|
77
74
|
/**
|
|
78
75
|
* Bring a tunnel online from this Node process.
|
|
76
|
+
*
|
|
77
|
+
* The tunnel must already exist in the calling org (provisioned by
|
|
78
|
+
* `inkbox.createIdentity(...)`). Data-plane authentication uses the
|
|
79
|
+
* same API key the `inkbox` client was constructed with — an
|
|
80
|
+
* identity-scoped key must match the tunnel's identity, or an
|
|
81
|
+
* admin-scoped key in the same org.
|
|
79
82
|
*/
|
|
80
83
|
export async function connect(inkbox, options) {
|
|
81
84
|
// --- Synchronous validation (cheap; runs before any disk or server I/O) ---
|
|
@@ -87,17 +90,9 @@ export async function connect(inkbox, options) {
|
|
|
87
90
|
allowRemoteForwarding: options.allowRemoteForwarding,
|
|
88
91
|
});
|
|
89
92
|
}
|
|
90
|
-
const tlsMode = (typeof options.tlsMode === "string"
|
|
91
|
-
? options.tlsMode
|
|
92
|
-
: options.tlsMode) ?? TLSMode.EDGE;
|
|
93
|
-
// Passthrough accepts both http:// and https:// forwardTo URLs.
|
|
94
|
-
// UpstreamUrlDispatch builds undici's tls.connect options from
|
|
95
|
-
// forwardToVerifyTls / forwardToCaBundle for https:// upstreams.
|
|
96
|
-
const onPendingRemoval = options.onPendingRemoval ?? "auto_restore";
|
|
97
93
|
const stateDirPath = options.stateDir ?? defaultStateDir(options.name);
|
|
98
94
|
ensurePrivateStateDir(stateDirPath);
|
|
99
95
|
const state = loadState(stateDirPath);
|
|
100
|
-
let secret = options.secret ?? state?.secret ?? null;
|
|
101
96
|
let tunnel = null;
|
|
102
97
|
if (state?.tunnelId) {
|
|
103
98
|
try {
|
|
@@ -107,7 +102,7 @@ export async function connect(inkbox, options) {
|
|
|
107
102
|
const apiErr = err;
|
|
108
103
|
if (apiErr?.statusCode === 404) {
|
|
109
104
|
throw new TunnelRemoved(`tunnel ${options.name} (id=${state.tunnelId}) has been removed; ` +
|
|
110
|
-
`clear ${stateDirPath} and call inkbox.
|
|
105
|
+
`clear ${stateDirPath} and call inkbox.createIdentity(${JSON.stringify(options.name)}) to start fresh`);
|
|
111
106
|
}
|
|
112
107
|
throw err;
|
|
113
108
|
}
|
|
@@ -117,47 +112,9 @@ export async function connect(inkbox, options) {
|
|
|
117
112
|
tunnel = list.find((t) => t.tunnelName === options.name) ?? null;
|
|
118
113
|
}
|
|
119
114
|
if (!tunnel) {
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
description: options.description,
|
|
124
|
-
});
|
|
125
|
-
tunnel = created.tunnel;
|
|
126
|
-
secret = created.connectSecret;
|
|
127
|
-
saveState(stateDirPath, {
|
|
128
|
-
tunnelId: tunnel.id,
|
|
129
|
-
name: options.name,
|
|
130
|
-
secret,
|
|
131
|
-
mode: tlsMode,
|
|
132
|
-
zone: tunnel.zone,
|
|
133
|
-
publicHost: tunnel.publicHost,
|
|
134
|
-
});
|
|
135
|
-
printSecretOnce({
|
|
136
|
-
secret,
|
|
137
|
-
statePath: `${stateDirPath}/state.json`,
|
|
138
|
-
printToStderr: options.printSecretToStderr ?? null,
|
|
139
|
-
});
|
|
140
|
-
}
|
|
141
|
-
else {
|
|
142
|
-
if (tunnel.tlsMode !== tlsMode) {
|
|
143
|
-
throw new TunnelStateConflict(409, `tls_mode mismatch: requested ${tlsMode} but tunnel reports ${tunnel.tlsMode}. ` +
|
|
144
|
-
"tls_mode is fixed at creation; delete the tunnel and recreate to change it.");
|
|
145
|
-
}
|
|
146
|
-
if (tunnel.status === TunnelStatus.PENDING_REMOVAL) {
|
|
147
|
-
if (onPendingRemoval === "error") {
|
|
148
|
-
throw new TunnelStateConflict(409, `tunnel ${options.name} is in pending_removal; pass ` +
|
|
149
|
-
"onPendingRemoval: 'auto_restore' to bring it back");
|
|
150
|
-
}
|
|
151
|
-
if (!secret) {
|
|
152
|
-
throw new TunnelSecretUnavailable(`connect_secret not available locally for tunnel ${options.name}; ` +
|
|
153
|
-
"pass secret explicitly, or rotate via inkbox.tunnels.rotateSecret(id) first.");
|
|
154
|
-
}
|
|
155
|
-
tunnel = await inkbox.tunnels.restore(tunnel.id);
|
|
156
|
-
}
|
|
157
|
-
if (!secret) {
|
|
158
|
-
throw new TunnelSecretUnavailable(`connect_secret not available locally for tunnel ${options.name}; ` +
|
|
159
|
-
"pass secret explicitly, or rotate via inkbox.tunnels.rotateSecret(id) first.");
|
|
160
|
-
}
|
|
115
|
+
throw new TunnelNotProvisioned(`no tunnel named ${JSON.stringify(options.name)} exists in this org. ` +
|
|
116
|
+
"Tunnels are provisioned atomically by inkbox.createIdentity(<handle>); " +
|
|
117
|
+
`call inkbox.createIdentity(${JSON.stringify(options.name)}) first.`);
|
|
161
118
|
}
|
|
162
119
|
// For passthrough, lazy-load _cert.ts so the edge-mode bundle stays
|
|
163
120
|
// clean of @peculiar/x509. The dynamic import keeps the dep out of
|
|
@@ -171,9 +128,8 @@ export async function connect(inkbox, options) {
|
|
|
171
128
|
const cert = await import("./_cert.js");
|
|
172
129
|
const tls = await import("./_tls.js");
|
|
173
130
|
const keypair = await cert.loadOrCreateKeypair(stateDirPath);
|
|
174
|
-
const tunnelPublicHost = tunnel.publicHost ?? `${options.name}.${PROD_ZONE}`;
|
|
175
131
|
if (await cert.certNeedsSign(stateDirPath, keypair)) {
|
|
176
|
-
const csrPem = await cert.buildCsr(keypair,
|
|
132
|
+
const csrPem = await cert.buildCsr(keypair, tunnel.publicHost);
|
|
177
133
|
const signed = await inkbox.tunnels.signCsr(tunnel.id, { csrPem });
|
|
178
134
|
cert.writeCertChain(stateDirPath, signed.certPem, signed.chainPem);
|
|
179
135
|
}
|
|
@@ -199,20 +155,18 @@ export async function connect(inkbox, options) {
|
|
|
199
155
|
name: options.name,
|
|
200
156
|
serverZone: tunnel.zone,
|
|
201
157
|
serverPublicHost: tunnel.publicHost,
|
|
202
|
-
state,
|
|
203
158
|
dataPlaneZoneOverride: options.dataPlaneZone ?? null,
|
|
204
159
|
});
|
|
205
160
|
saveState(stateDirPath, {
|
|
206
161
|
tunnelId: tunnel.id,
|
|
207
162
|
name: options.name,
|
|
208
|
-
secret,
|
|
209
163
|
mode: tunnel.tlsMode,
|
|
210
164
|
zone,
|
|
211
165
|
publicHost,
|
|
212
166
|
});
|
|
213
167
|
const runtime = new TunnelRuntime({
|
|
214
168
|
tunnelId: tunnel.id,
|
|
215
|
-
|
|
169
|
+
apiKey: inkbox._apiKey,
|
|
216
170
|
zone,
|
|
217
171
|
publicHost,
|
|
218
172
|
poolSize: options.poolSize ?? null,
|
|
@@ -239,4 +193,5 @@ export async function connect(inkbox, options) {
|
|
|
239
193
|
listenerOpts,
|
|
240
194
|
});
|
|
241
195
|
}
|
|
196
|
+
void TunnelStateConflict; // retained for re-export breadth on the surviving surface
|
|
242
197
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/tunnels/client/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAGH,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACvE,OAAO,EACL,aAAa,EACb,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/tunnels/client/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAGH,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACvE,OAAO,EACL,oBAAoB,EACpB,aAAa,EACb,mBAAmB,GACpB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AACvD,OAAO,EAAE,OAAO,EAAU,MAAM,aAAa,CAAC;AAC9C,OAAO,EAGL,qBAAqB,GACtB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,eAAe,EACf,qBAAqB,EACrB,SAAS,EACT,SAAS,GACV,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,kBAAkB,GAInB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EACL,0BAA0B,EAC1B,2BAA2B,EAC3B,aAAa,GACd,MAAM,eAAe,CAAC;AAKvB,OAAO,EACL,oBAAoB,EACpB,oBAAoB,EACpB,qBAAqB,GACtB,MAAM,kBAAkB,CAAC;AAO1B,OAAO,EACL,wBAAwB,EACxB,QAAQ,EACR,kBAAkB,GACnB,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAEhD,2FAA2F;AAC3F,MAAM,CAAC,MAAM,SAAS,GAAG,gBAAgB,CAAC;AAE1C;;;;;;;GAOG;AACH,MAAM,OAAO,qBAAsB,SAAQ,KAAK;IAC9C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;IACtC,CAAC;CACF;AAED,OAAO,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAwDxD,SAAS,gBAAgB,CAAC,QAA4B;IACpD,IAAI,QAAQ,KAAK,SAAS;QAAE,OAAO;IACnC,IACE,CAAC,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC;QAC3B,QAAQ,GAAG,aAAa;QACxB,QAAQ,GAAG,aAAa,EACxB,CAAC;QACD,MAAM,IAAI,UAAU,CAClB,mCAAmC,aAAa,KAAK,aAAa,UAAU,QAAQ,GAAG,CACxF,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAS,uBAAuB,CAAC,IAAoB;IACnD,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,KAAK,SAAS,CAAC;IAChD,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,KAAK,SAAS,CAAC;IAC9C,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,KAAK,SAAS,CAAC;IAC3C,IAAI,UAAU,IAAI,UAAU,EAAE,CAAC;QAC7B,MAAM,IAAI,qBAAqB,CAC7B,oEAAoE,CACrE,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,IAAI,CAAC,KAAK,EAAE,CAAC;QACzC,MAAM,IAAI,qBAAqB,CAC7B,qEAAqE,CACtE,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,IAAI,KAAK,EAAE,CAAC;QACxC,MAAM,IAAI,qBAAqB,CAC7B,oEAAoE,CACrE,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,kBAAkB,CAAC,IAK3B;IACC,MAAM,IAAI,GAAG,IAAI,CAAC,qBAAqB,IAAI,IAAI,CAAC,UAAU,CAAC;IAC3D,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,CAAC,gBAAgB,EAAE,CAAC;AACrD,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,OAAO,CAC3B,MAAc,EACd,OAAuB;IAEvB,6EAA6E;IAC7E,kBAAkB,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACjC,gBAAgB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IACnC,uBAAuB,CAAC,OAAO,CAAC,CAAC;IACjC,IAAI,OAAO,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;QACpC,qBAAqB,CAAC,OAAO,CAAC,SAAS,EAAE;YACvC,qBAAqB,EAAE,OAAO,CAAC,qBAAqB;SACrD,CAAC,CAAC;IACL,CAAC;IAED,MAAM,YAAY,GAAG,OAAO,CAAC,QAAQ,IAAI,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACvE,qBAAqB,CAAC,YAAY,CAAC,CAAC;IACpC,MAAM,KAAK,GAAG,SAAS,CAAC,YAAY,CAAC,CAAC;IAEtC,IAAI,MAAM,GAAkB,IAAI,CAAC;IAEjC,IAAI,KAAK,EAAE,QAAQ,EAAE,CAAC;QACpB,IAAI,CAAC;YACH,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QACpD,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,MAAM,GAAG,GAA8B,CAAC;YAC9C,IAAI,MAAM,EAAE,UAAU,KAAK,GAAG,EAAE,CAAC;gBAC/B,MAAM,IAAI,aAAa,CACrB,UAAU,OAAO,CAAC,IAAI,QAAQ,KAAK,CAAC,QAAQ,sBAAsB;oBAChE,SAAS,YAAY,mCAAmC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,CACzG,CAAC;YACJ,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IACD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QACzC,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,OAAO,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC;IACnE,CAAC;IACD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,oBAAoB,CAC5B,mBAAmB,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,uBAAuB;YACpE,yEAAyE;YACzE,8BAA8B,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CACvE,CAAC;IACJ,CAAC;IAED,oEAAoE;IACpE,mEAAmE;IACnE,oEAAoE;IACpE,wBAAwB;IACxB,IAAI,aAAa,GAA6C,IAAI,CAAC;IACnE,IAAI,MAAM,CAAC,OAAO,KAAK,OAAO,CAAC,WAAW,EAAE,CAAC;QAC3C,gEAAgE;QAChE,qEAAqE;QACrE,mCAAmC;QACnC,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC;QACxC,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC;QACtC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,YAAY,CAAC,CAAC;QAC7D,IAAI,MAAM,IAAI,CAAC,aAAa,CAAC,YAAY,EAAE,OAAO,CAAC,EAAE,CAAC;YACpD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC;YAC/D,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;YACnE,IAAI,CAAC,cAAc,CAAC,YAAY,EAAE,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;QACrE,CAAC;QACD,MAAM,QAAQ,GAAG,GAAG,YAAY,iBAAiB,CAAC;QAClD,MAAM,YAAY,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CACvD,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAC/B,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAC/C,mEAAmE;QACnE,iEAAiE;QACjE,8DAA8D;QAC9D,iEAAiE;QACjE,4CAA4C;QAC5C,MAAM,QAAQ,GAAG,OAAO,CAAC,iBAAiB,KAAK,KAAK,CAAC;QACrD,MAAM,aAAa,GAAG,QAAQ;YAC5B,CAAC,CAAC,CAAC,IAAI,EAAE,UAAU,CAAC;YACpB,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;QACjB,aAAa,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC;YACpC,YAAY;YACZ,MAAM;YACN,aAAa;SACd,CAAC,CAAC;IACL,CAAC;IAED,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,kBAAkB,CAAC;QAC9C,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,UAAU,EAAE,MAAM,CAAC,IAAI;QACvB,gBAAgB,EAAE,MAAM,CAAC,UAAU;QACnC,qBAAqB,EAAE,OAAO,CAAC,aAAa,IAAI,IAAI;KACrD,CAAC,CAAC;IAEH,SAAS,CAAC,YAAY,EAAE;QACtB,QAAQ,EAAE,MAAM,CAAC,EAAE;QACnB,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,IAAI,EAAE,MAAM,CAAC,OAAO;QACpB,IAAI;QACJ,UAAU;KACX,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,IAAI,aAAa,CAAC;QAChC,QAAQ,EAAE,MAAM,CAAC,EAAE;QACnB,MAAM,EAAE,MAAM,CAAC,OAAO;QACtB,IAAI;QACJ,UAAU;QACV,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,IAAI;QAClC,QAAQ,EAAE;YACR,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,WAAW,EAAE,OAAO,CAAC,OAAO;YAC5B,SAAS,EAAE,OAAO,CAAC,SAAS;SAC7B;QACD,aAAa,EAAE,aAAa,IAAI,SAAS;QACzC,mBAAmB,EAAE,OAAO,CAAC,mBAAmB,IAAI,0BAA0B;QAC9E,gBAAgB,EAAE,OAAO,CAAC,gBAAgB,IAAI,2BAA2B;QACzE,qBAAqB,EAAE,OAAO,CAAC,qBAAqB;QACpD,kBAAkB,EAAE,OAAO,CAAC,kBAAkB;QAC9C,iBAAiB,EAAE,OAAO,CAAC,iBAAiB;QAC5C,QAAQ,EAAE,OAAO,CAAC,QAAQ;KAC3B,CAAC,CAAC;IAEH,MAAM,YAAY,GAAuB;QACvC,qBAAqB,EAAE,OAAO,CAAC,qBAAqB;KACrD,CAAC;IACF,OAAO,IAAI,kBAAkB,CAAC;QAC5B,UAAU;QACV,MAAM;QACN,OAAO;QACP,YAAY;KACb,CAAC,CAAC;AACL,CAAC;AAED,KAAK,mBAAmB,CAAC,CAAC,0DAA0D"}
|
|
@@ -10,22 +10,24 @@ export declare class TunnelError extends InkboxError {
|
|
|
10
10
|
export declare class TunnelNameInvalid extends TunnelError {
|
|
11
11
|
constructor(message: string);
|
|
12
12
|
}
|
|
13
|
-
export declare class TunnelSecretUnavailable extends TunnelError {
|
|
14
|
-
constructor(message: string);
|
|
15
|
-
}
|
|
16
13
|
export declare class TunnelRemoved extends TunnelError {
|
|
17
14
|
constructor(message: string);
|
|
18
15
|
}
|
|
19
16
|
export declare class TunnelStateConflict extends InkboxAPIError {
|
|
20
17
|
constructor(statusCode: number, detail: InkboxAPIErrorDetail);
|
|
21
18
|
}
|
|
22
|
-
export declare class TunnelNameUnavailable extends InkboxAPIError {
|
|
23
|
-
constructor(statusCode: number, detail: InkboxAPIErrorDetail);
|
|
24
|
-
}
|
|
25
19
|
export declare class TunnelTLSModeMismatch extends InkboxAPIError {
|
|
26
20
|
constructor(statusCode: number, detail: InkboxAPIErrorDetail);
|
|
27
21
|
}
|
|
28
22
|
export declare class TunnelCSRStateConflict extends TunnelStateConflict {
|
|
29
23
|
constructor(statusCode: number, detail: InkboxAPIErrorDetail);
|
|
30
24
|
}
|
|
25
|
+
/**
|
|
26
|
+
* Raised by `connect()` when no tunnel exists for the supplied name in
|
|
27
|
+
* the calling org. Tunnels are provisioned atomically as part of
|
|
28
|
+
* `inkbox.createIdentity(...)`; they have no standalone create surface.
|
|
29
|
+
*/
|
|
30
|
+
export declare class TunnelNotProvisioned extends TunnelError {
|
|
31
|
+
constructor(message: string);
|
|
32
|
+
}
|
|
31
33
|
//# sourceMappingURL=exceptions.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"exceptions.d.ts","sourceRoot":"","sources":["../../src/tunnels/exceptions.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,cAAc,EACd,WAAW,EACX,KAAK,oBAAoB,EAC1B,MAAM,aAAa,CAAC;AAErB,qBAAa,WAAY,SAAQ,WAAW;gBAC9B,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,iBAAkB,SAAQ,WAAW;gBACpC,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,
|
|
1
|
+
{"version":3,"file":"exceptions.d.ts","sourceRoot":"","sources":["../../src/tunnels/exceptions.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,cAAc,EACd,WAAW,EACX,KAAK,oBAAoB,EAC1B,MAAM,aAAa,CAAC;AAErB,qBAAa,WAAY,SAAQ,WAAW;gBAC9B,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,iBAAkB,SAAQ,WAAW;gBACpC,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,aAAc,SAAQ,WAAW;gBAChC,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,mBAAoB,SAAQ,cAAc;gBACzC,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,oBAAoB;CAI7D;AAED,qBAAa,qBAAsB,SAAQ,cAAc;gBAC3C,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,oBAAoB;CAI7D;AAED,qBAAa,sBAAuB,SAAQ,mBAAmB;gBACjD,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,oBAAoB;CAI7D;AAED;;;;GAIG;AACH,qBAAa,oBAAqB,SAAQ,WAAW;gBACvC,OAAO,EAAE,MAAM;CAI5B"}
|
|
@@ -16,41 +16,16 @@ export class TunnelNameInvalid extends TunnelError {
|
|
|
16
16
|
this.name = "TunnelNameInvalid";
|
|
17
17
|
}
|
|
18
18
|
}
|
|
19
|
-
export class TunnelSecretUnavailable extends TunnelError {
|
|
20
|
-
constructor(message) {
|
|
21
|
-
super(message);
|
|
22
|
-
this.name = "TunnelSecretUnavailable";
|
|
23
|
-
}
|
|
24
|
-
}
|
|
25
19
|
export class TunnelRemoved extends TunnelError {
|
|
26
20
|
constructor(message) {
|
|
27
21
|
super(message);
|
|
28
22
|
this.name = "TunnelRemoved";
|
|
29
23
|
}
|
|
30
24
|
}
|
|
31
|
-
function sanitizeDetail(detail) {
|
|
32
|
-
const sanitizeStr = (s) => s.replace(/delete_pending/g, "pending_removal").replace(/deleted/g, "removed");
|
|
33
|
-
if (typeof detail === "string")
|
|
34
|
-
return sanitizeStr(detail);
|
|
35
|
-
if (detail && typeof detail === "object") {
|
|
36
|
-
const out = {};
|
|
37
|
-
for (const [k, v] of Object.entries(detail)) {
|
|
38
|
-
out[k] = typeof v === "string" ? sanitizeStr(v) : v;
|
|
39
|
-
}
|
|
40
|
-
return out;
|
|
41
|
-
}
|
|
42
|
-
return detail;
|
|
43
|
-
}
|
|
44
25
|
export class TunnelStateConflict extends InkboxAPIError {
|
|
45
|
-
constructor(statusCode, detail) {
|
|
46
|
-
super(statusCode, sanitizeDetail(detail));
|
|
47
|
-
this.name = "TunnelStateConflict";
|
|
48
|
-
}
|
|
49
|
-
}
|
|
50
|
-
export class TunnelNameUnavailable extends InkboxAPIError {
|
|
51
26
|
constructor(statusCode, detail) {
|
|
52
27
|
super(statusCode, detail);
|
|
53
|
-
this.name = "
|
|
28
|
+
this.name = "TunnelStateConflict";
|
|
54
29
|
}
|
|
55
30
|
}
|
|
56
31
|
export class TunnelTLSModeMismatch extends InkboxAPIError {
|
|
@@ -65,4 +40,15 @@ export class TunnelCSRStateConflict extends TunnelStateConflict {
|
|
|
65
40
|
this.name = "TunnelCSRStateConflict";
|
|
66
41
|
}
|
|
67
42
|
}
|
|
43
|
+
/**
|
|
44
|
+
* Raised by `connect()` when no tunnel exists for the supplied name in
|
|
45
|
+
* the calling org. Tunnels are provisioned atomically as part of
|
|
46
|
+
* `inkbox.createIdentity(...)`; they have no standalone create surface.
|
|
47
|
+
*/
|
|
48
|
+
export class TunnelNotProvisioned extends TunnelError {
|
|
49
|
+
constructor(message) {
|
|
50
|
+
super(message);
|
|
51
|
+
this.name = "TunnelNotProvisioned";
|
|
52
|
+
}
|
|
53
|
+
}
|
|
68
54
|
//# sourceMappingURL=exceptions.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"exceptions.js","sourceRoot":"","sources":["../../src/tunnels/exceptions.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,cAAc,EACd,WAAW,GAEZ,MAAM,aAAa,CAAC;AAErB,MAAM,OAAO,WAAY,SAAQ,WAAW;IAC1C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,aAAa,CAAC;IAC5B,CAAC;CACF;AAED,MAAM,OAAO,iBAAkB,SAAQ,WAAW;IAChD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;IAClC,CAAC;CACF;AAED,MAAM,OAAO,
|
|
1
|
+
{"version":3,"file":"exceptions.js","sourceRoot":"","sources":["../../src/tunnels/exceptions.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,cAAc,EACd,WAAW,GAEZ,MAAM,aAAa,CAAC;AAErB,MAAM,OAAO,WAAY,SAAQ,WAAW;IAC1C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,aAAa,CAAC;IAC5B,CAAC;CACF;AAED,MAAM,OAAO,iBAAkB,SAAQ,WAAW;IAChD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;IAClC,CAAC;CACF;AAED,MAAM,OAAO,aAAc,SAAQ,WAAW;IAC5C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,eAAe,CAAC;IAC9B,CAAC;CACF;AAED,MAAM,OAAO,mBAAoB,SAAQ,cAAc;IACrD,YAAY,UAAkB,EAAE,MAA4B;QAC1D,KAAK,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QAC1B,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;IACpC,CAAC;CACF;AAED,MAAM,OAAO,qBAAsB,SAAQ,cAAc;IACvD,YAAY,UAAkB,EAAE,MAA4B;QAC1D,KAAK,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QAC1B,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;IACtC,CAAC;CACF;AAED,MAAM,OAAO,sBAAuB,SAAQ,mBAAmB;IAC7D,YAAY,UAAkB,EAAE,MAA4B;QAC1D,KAAK,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QAC1B,IAAI,CAAC,IAAI,GAAG,wBAAwB,CAAC;IACvC,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,OAAO,oBAAqB,SAAQ,WAAW;IACnD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,sBAAsB,CAAC;IACrC,CAAC;CACF"}
|
|
@@ -1,20 +1,16 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* inkbox-tunnels/resources/tunnels.ts
|
|
3
3
|
*
|
|
4
|
-
* Control-plane
|
|
4
|
+
* Control-plane reads + update + sign-csr for tunnels. Tunnels are
|
|
5
|
+
* created and deleted exclusively via identity-create / identity-delete
|
|
6
|
+
* cascades; there is no standalone create / delete / restore /
|
|
7
|
+
* force-delete / rotate-secret surface.
|
|
5
8
|
*/
|
|
6
9
|
import { HttpTransport } from "../../_http.js";
|
|
7
|
-
import {
|
|
10
|
+
import { SignedCert, Tunnel } from "../types.js";
|
|
8
11
|
export declare const POOL_SIZE_MIN = 1;
|
|
9
12
|
export declare const POOL_SIZE_MAX = 32;
|
|
10
|
-
export interface CreateTunnelOptions {
|
|
11
|
-
tunnelName: string;
|
|
12
|
-
tlsMode?: TLSMode | "edge" | "passthrough";
|
|
13
|
-
description?: string | null;
|
|
14
|
-
}
|
|
15
13
|
export interface UpdateTunnelOptions {
|
|
16
|
-
/** Pass `null` to clear; omit to leave unchanged. */
|
|
17
|
-
description?: string | null;
|
|
18
14
|
/**
|
|
19
15
|
* Pass `{}` or `null` to clear (the server's column is non-nullable
|
|
20
16
|
* and collapses both forms to `{}`); omit to leave unchanged.
|
|
@@ -27,38 +23,13 @@ export declare class TunnelsResource {
|
|
|
27
23
|
list(): Promise<Tunnel[]>;
|
|
28
24
|
get(tunnelId: string): Promise<Tunnel>;
|
|
29
25
|
/**
|
|
30
|
-
*
|
|
31
|
-
*
|
|
32
|
-
*/
|
|
33
|
-
create(options: CreateTunnelOptions): Promise<CreatedTunnel>;
|
|
34
|
-
/**
|
|
35
|
-
* Update a tunnel. Pass only the fields you want to change.
|
|
26
|
+
* Update a tunnel's metadata. `metadata` is the only mutable field;
|
|
27
|
+
* other tunnel attributes are derived from the owning identity.
|
|
36
28
|
*
|
|
37
|
-
* - `
|
|
38
|
-
* -
|
|
39
|
-
* (rejected client-side); pass `{}` to clear.
|
|
29
|
+
* - `metadata: {}` (or `null`) clears the metadata bag. The server
|
|
30
|
+
* column is non-nullable and collapses both forms to `{}`.
|
|
40
31
|
*/
|
|
41
32
|
update(tunnelId: string, options: UpdateTunnelOptions): Promise<Tunnel>;
|
|
42
|
-
/**
|
|
43
|
-
* Schedule a tunnel for removal. The name is held for 24 hours, during
|
|
44
|
-
* which `restore` brings it back online.
|
|
45
|
-
*/
|
|
46
|
-
delete(tunnelId: string): Promise<Tunnel>;
|
|
47
|
-
/** Bring a scheduled-for-removal tunnel back online. */
|
|
48
|
-
restore(tunnelId: string): Promise<Tunnel>;
|
|
49
|
-
/**
|
|
50
|
-
* Remove a scheduled-for-removal tunnel immediately, skipping the 24-hour
|
|
51
|
-
* window. Requires an admin-scoped API key.
|
|
52
|
-
*/
|
|
53
|
-
forceDelete(tunnelId: string): Promise<Tunnel>;
|
|
54
|
-
/**
|
|
55
|
-
* Rotate the per-tunnel connect secret.
|
|
56
|
-
*
|
|
57
|
-
* The new secret takes effect on the next agent reconnect; existing live
|
|
58
|
-
* connections continue serving traffic with the old secret until they
|
|
59
|
-
* reconnect.
|
|
60
|
-
*/
|
|
61
|
-
rotateSecret(tunnelId: string): Promise<RotatedSecret>;
|
|
62
33
|
/**
|
|
63
34
|
* Sign a CSR for a passthrough tunnel.
|
|
64
35
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tunnels.d.ts","sourceRoot":"","sources":["../../../src/tunnels/resources/tunnels.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"tunnels.d.ts","sourceRoot":"","sources":["../../../src/tunnels/resources/tunnels.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,aAAa,EAAkB,MAAM,gBAAgB,CAAC;AAK/D,OAAO,EAGL,UAAU,EACV,MAAM,EAGP,MAAM,aAAa,CAAC;AAMrB,eAAO,MAAM,aAAa,IAAI,CAAC;AAC/B,eAAO,MAAM,aAAa,KAAK,CAAC;AAoBhC,MAAM,WAAW,mBAAmB;IAClC;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;CAC3C;AAED,qBAAa,eAAe;IACd,OAAO,CAAC,QAAQ,CAAC,IAAI;gBAAJ,IAAI,EAAE,aAAa;IAI1C,IAAI,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;IAQzB,GAAG,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAO5C;;;;;;OAMG;IACG,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,MAAM,CAAC;IAe7E;;;;;;OAMG;IACG,OAAO,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE;QAAE,MAAM,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,UAAU,CAAC;CAalF"}
|