@interopio/gateway-server 0.19.2 → 0.19.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/changelog.md +5 -0
  2. package/dist/index.cjs +2 -2
  3. package/dist/index.cjs.map +4 -4
  4. package/dist/index.js +2 -2
  5. package/dist/index.js.map +4 -4
  6. package/package.json +2 -2
package/dist/index.js CHANGED
@@ -1,3 +1,3 @@
1
- var jt=Object.defineProperty;var Vt=(t,e)=>{for(var r in e)jt(t,r,{get:e[r],enumerable:!0})};var Gt={};Vt(Gt,{Factory:()=>Xe});import Hn from"node:http";import Pn from"node:https";import{readFileSync as Ke}from"node:fs";import{AsyncLocalStorage as Rn}from"node:async_hooks";import{IOGateway as Tn}from"@interopio/gateway";import*as Te from"@interopio/gateway/logging/core";function b(t){return Te.getLogger(`gateway.server.${t}`)}function Ze(t,e){return e instanceof RegExp?e.toString():e}import{IOGateway as Jt}from"@interopio/gateway";import{AsyncLocalStorage as Yt}from"node:async_hooks";var Qt=Jt.Encoding,M=b("ws"),Kt=Qt.json();function Xt(t){let e;if(t.authenticated&&(e=t.name,e===void 0&&t.principal!==void 0)){let r=t.principal;typeof r=="object"&&(e=r.name),e===void 0&&(r===void 0?e="":e=String(r))}return e}function Zt(t,e,r){let n=`${r?.address}:${r?.port}`,o=r?.address??"<unknown>",s={key:n,host:o,codec:Kt,onAuthenticate:async()=>{let i=await e();if(i?.authenticated)return{type:"success",user:Xt(i)};throw new Error(`no valid client authentication ${n}`)},onPing:()=>{t.ping(i=>{i?M.warn(`failed to ping ${n}`,i):M.info(`ping sent to ${n}`)})},onDisconnect:i=>{switch(i){case"inactive":{M.warn(`no heartbeat (ping) received from ${n}, closing socket`),t.close(4001,"ping expected");break}case"shutdown":{t.close(1001,"shutdown");break}}}};try{return this.client(i=>t.send(i),s)}catch(i){M.warn(`${n} failed to create client`,i)}}async function er(t){return M.info(`starting gateway on ${t.endpoint}`),await this.start(t),async({socket:e,handshake:r})=>{let{logPrefix:n,remoteAddress:o,principal:s}=r;M.info(`${n}connected on gw using ${o?.address}`);let i=Zt.call(this,e,s,o);if(!i){M.error(`${n}gw client init failed`),e.terminate();return}e.on("error",c=>{M.error(`${n}websocket error: ${c}`,c)});let a=t.storage!==void 0?Yt.snapshot():void 0;e.on("message",(c,d)=>{Array.isArray(c)&&(c=Buffer.concat(c)),a!==void 0?a(()=>i.send(c)):i.send(c)}),e.on("close",c=>{M.info(`${n}disconnected from gw. code: ${c}`),i.close()})}}var et=er;function tt(...t){if(!Array.isArray(t))throw new Error("middleware must be array!");let e=t.flat();for(let r of e)if(typeof r!="function")throw new Error("middleware must be compose of functions!");return async function(r,n){let o=async(s,i)=>{let a=s===e.length?n:e[s];if(a===void 0)return;let c=!1,d=!1,l=await a(i,async g=>{if(c)throw new Error("next() called multiple times");c=!0;try{return await o(s+1,g??i)}finally{d=!0}});if(c&&!d)throw new Error(`middleware resolved before downstream.
2
- You are probably missing an await or return statement in your middleware function.`);return l};return o(0,r)}}import{isIP as tr}from"node:net";import{Cookie as ke}from"tough-cookie";function rr(t,e){let r=t.get("x-forwarded-host");if(Array.isArray(r)&&(r=r[0]),r){let n=t.one("x-forwarded-port");n&&(r=`${r}:${n}`)}return r??=t.one("host"),Array.isArray(r)&&(r=r[0]),r?r.split(",",1)[0].trim():e}function nr(t){let e=t.one("x-forwarded-ssl");return typeof e=="string"&&e.toLowerCase()==="on"}function or(t,e){let r=t.get("x-forwarded-proto");return Array.isArray(r)&&(r=r[0]),r!==void 0?r.split(",",1)[0].trim():nr(t)?"https":e}function ir(t,e,r){let n=r?r.port:t.protocol==="https:"?443:80,o=e.one("x-forwarded-for");if(Array.isArray(o)&&(o=o[0]),o!==void 0)return o=o.split(",",1)[0].trim(),{address:o,port:Number(n),family:tr(o)===6?"IPv6":"IPv4"}}var ne=class{#e;constructor(e){this.#e=e}get headers(){return this.#e}},oe=class t extends ne{static logIdCounter=0;#e;get id(){return this.#e===void 0&&(this.#e=`${this.initId()}-${++t.logIdCounter}`),this.#e}initId(){return"request"}get cookies(){return ar(this.headers)}parseHost(e){return rr(this.headers,e)}parseProtocol(e){return or(this.headers,e)}parseRemoteAddress(e){return ir(this.URL,this.headers,e)}},ie=class extends ne{get cookies(){return cr(this.headers)}setCookieValue(e){return new ke({key:e.name,value:e.value,maxAge:e.maxAge,domain:e.domain,path:e.path,secure:e.secure,httpOnly:e.httpOnly,sameSite:e.sameSite}).toString()}};function sr(t){let e=[];{let r=0,n=0;for(let o=0;o<t.length;o++)switch(t.charCodeAt(o)){case 32:r===n&&(r=n=o+1);break;case 44:e.push(t.slice(r,n)),r=n=o+1;break;default:n=n+1;break}e.push(t.slice(r,n))}return e}function rt(t){typeof t=="string"&&(t=[t]),typeof t=="number"&&(t=[String(t)]);let e=[];if(t)for(let r of t)r&&e.push(...sr(r));return e}function ar(t){return t.list("cookie").map(e=>e.split(";").map(r=>ke.parse(r))).flat(1).filter(e=>e!==void 0).map(e=>Object.freeze({name:e.key,value:e.value}))}function cr(t){return t.list("set-cookie").map(e=>{let r=ke.parse(e);if(r){let n={name:r.key,value:r.value,maxAge:Number(r.maxAge??-1)};return r.httpOnly&&(n.httpOnly=!0),r.domain&&(n.domain=r.domain),r.path&&(n.path=r.path),r.secure&&(n.secure=!0),r.httpOnly&&(n.httpOnly=!0),r.sameSite&&(n.sameSite=r.sameSite),Object.freeze(n)}}).filter(e=>e!==void 0)}var X=class{constructor(){}toList(e){let r=this.get(e);return rt(r)}},v=class extends Map{get(e){return super.get(e.toLowerCase())}one(e){return this.get(e)?.[0]}list(e){let r=super.get(e.toLowerCase());return rt(r)}set(e,r){return typeof r=="number"&&(r=String(r)),typeof r=="string"&&(r=[r]),r?super.set(e.toLowerCase(),r):(super.delete(e.toLowerCase()),this)}add(e,r){let n=super.get(e.toLowerCase());return typeof r=="string"&&(r=[r]),n&&(r=n.concat(r)),this.set(e,r),this}};var Oe=class{#e;constructor(e){this.#e=e}get value(){return this.#e}toString(){return this.#e.toString()}},f=class t{static CONTINUE=new t(100,"Continue");static SWITCHING_PROTOCOLS=new t(101,"Switching Protocols");static OK=new t(200,"OK");static CREATED=new t(201,"Created");static ACCEPTED=new t(202,"Accepted");static NON_AUTHORITATIVE_INFORMATION=new t(203,"Non-Authoritative Information");static NO_CONTENT=new t(204,"No Content");static RESET_CONTENT=new t(205,"Reset Content");static PARTIAL_CONTENT=new t(206,"Partial Content");static MULTI_STATUS=new t(207,"Multi-Status");static IM_USED=new t(226,"IM Used");static MULTIPLE_CHOICES=new t(300,"Multiple Choices");static MOVED_PERMANENTLY=new t(301,"Moved Permanently");static BAD_REQUEST=new t(400,"Bad Request");static UNAUTHORIZED=new t(401,"Unauthorized");static FORBIDDEN=new t(403,"Forbidden");static NOT_FOUND=new t(404,"Not Found");static METHOD_NOT_ALLOWED=new t(405,"Method Not Allowed");static NOT_ACCEPTABLE=new t(406,"Not Acceptable");static PROXY_AUTHENTICATION_REQUIRED=new t(407,"Proxy Authentication Required");static REQUEST_TIMEOUT=new t(408,"Request Timeout");static CONFLICT=new t(409,"Conflict");static GONE=new t(410,"Gone");static LENGTH_REQUIRED=new t(411,"Length Required");static PRECONDITION_FAILED=new t(412,"Precondition Failed");static PAYLOAD_TOO_LARGE=new t(413,"Payload Too Large");static URI_TOO_LONG=new t(414,"URI Too Long");static UNSUPPORTED_MEDIA_TYPE=new t(415,"Unsupported Media Type");static EXPECTATION_FAILED=new t(417,"Expectation Failed");static IM_A_TEAPOT=new t(418,"I'm a teapot");static TOO_EARLY=new t(425,"Too Early");static UPGRADE_REQUIRED=new t(426,"Upgrade Required");static PRECONDITION_REQUIRED=new t(428,"Precondition Required");static TOO_MANY_REQUESTS=new t(429,"Too Many Requests");static REQUEST_HEADER_FIELDS_TOO_LARGE=new t(431,"Request Header Fields Too Large");static UNAVAILABLE_FOR_LEGAL_REASONS=new t(451,"Unavailable For Legal Reasons");static INTERNAL_SERVER_ERROR=new t(500,"Internal Server Error");static NOT_IMPLEMENTED=new t(501,"Not Implemented");static BAD_GATEWAY=new t(502,"Bad Gateway");static SERVICE_UNAVAILABLE=new t(503,"Service Unavailable");static GATEWAY_TIMEOUT=new t(504,"Gateway Timeout");static HTTP_VERSION_NOT_SUPPORTED=new t(505,"HTTP Version Not Supported");static VARIANT_ALSO_NEGOTIATES=new t(506,"Variant Also Negotiates");static INSUFFICIENT_STORAGE=new t(507,"Insufficient Storage");static LOOP_DETECTED=new t(508,"Loop Detected");static NOT_EXTENDED=new t(510,"Not Extended");static NETWORK_AUTHENTICATION_REQUIRED=new t(511,"Network Authentication Required");static#e=[];static{Object.keys(t).filter(e=>e!=="VALUES"&&e!=="resolve").forEach(e=>{let r=t[e];r instanceof t&&(Object.defineProperty(r,"name",{enumerable:!0,value:e,writable:!1}),t.#e.push(r))})}static resolve(e){for(let r of t.#e)if(r.value===e)return r}#r;#t;constructor(e,r){this.#r=e,this.#t=r}get value(){return this.#r}get phrase(){return this.#t}toString(){return`${this.#r} ${this.name}`}};function nt(t){if(typeof t=="number"){if(t<100||t>999)throw new Error(`status code ${t} should be in range 100-999`);let e=f.resolve(t);return e!==void 0?e:new Oe(t)}return t}import Le from"node:http";var se=class extends Le.IncomingMessage{exchange;upgradeHead;get urlBang(){return this.url}get socketEncrypted(){return this.socket.encrypted===!0}},U=class extends Le.ServerResponse{markHeadersSent(){this._header=!0}getRawHeaderNames(){return super.getRawHeaderNames()}},ae=class extends oe{},ce=class extends ie{#e=[];#r;#t="new";#o=[];setStatusCode(e){return this.#t==="committed"?!1:(this.#r=e,!0)}setRawStatusCode(e){return this.setStatusCode(e===void 0?void 0:nt(e))}get statusCode(){return this.#r}addCookie(e){if(this.#t==="committed")throw new Error(`Cannot add cookie ${JSON.stringify(e)} because HTTP response has already been committed`);return this.#e.push(e),this}beforeCommit(e){this.#o.push(e)}get commited(){let e=this.#t;return e!=="new"&&e!=="commit-action-failed"}async body(e){if(e instanceof ReadableStream)throw new Error("ReadableStream body not supported yet");let r=await e;try{return await this.doCommit(async()=>await this.bodyInternal(Promise.resolve(r))).catch(n=>{throw n})}catch(n){throw n}}async end(){return this.commited?Promise.resolve(!1):this.doCommit(async()=>await this.bodyInternal(Promise.resolve()))}doCommit(e){let r=this.#t,n=Promise.resolve();if(r==="new")this.#t="committing",this.#o.length>0&&(n=this.#o.reduce((o,s)=>o.then(()=>s()),Promise.resolve()).catch(o=>{this.#t==="committing"&&(this.#t="commit-action-failed")}));else if(r==="commit-action-failed")this.#t="committing";else return Promise.resolve(!1);return n=n.then(()=>{this.applyStatusCode(),this.applyHeaders(),this.applyCookies(),this.#t="committed"}),n.then(async()=>e!==void 0?await e():!0)}applyStatusCode(){}applyHeaders(){}applyCookies(){}},q=class extends ae{#e;#r;#t;constructor(e){super(new Me(e)),this.#t=e}getNativeRequest(){return this.#t}get upgrade(){return this.#t.upgrade}get http2(){return this.#t.httpVersionMajor>=2}get path(){return this.URL?.pathname}get URL(){return this.#e??=new URL(this.#t.urlBang,`${this.protocol}://${this.host}`),this.#e}get query(){return this.URL?.search}get method(){return this.#t.method}get host(){let e;return this.#t.httpVersionMajor>=2&&(e=this.#t.headers[":authority"]),e??=this.#t.socket.remoteAddress,super.parseHost(e)}get protocol(){let e;return this.#t.httpVersionMajor>2&&(e=this.#t.headers[":scheme"]),e??=this.#t.socketEncrypted?"https":"http",super.parseProtocol(e)}get socket(){return this.#t.socket}get remoteAddress(){let e=this.#t.socket.remoteFamily,r=this.#t.socket.remoteAddress,n=this.#t.socket.remotePort,o=!e||!r||!n?void 0:{family:e,address:r,port:n};return super.parseRemoteAddress(o)??o}get cookies(){return this.#r??=super.cookies,this.#r}get body(){return Le.IncomingMessage.toWeb(this.#t)}async blob(){let e=[];if(this.body!==void 0)for await(let r of this.body)e.push(r);return new Blob(e,{type:this.headers.one("content-type")||"application/octet-stream"})}async text(){return await(await this.blob()).text()}async formData(){let r=await(await this.blob()).text();return new URLSearchParams(r)}async json(){let e=await this.blob();if(e.size===0)return;let r=await e.text();return JSON.parse(r)}initId(){let e=this.#t.socket.remoteAddress;if(!e)throw new Error("Socket has no remote address");return`${e}:${this.#t.socket.remotePort}`}},Me=class extends X{#e;constructor(e){super(),this.#e=e}has(e){return this.#e.headers[e]!==void 0}get(e){return this.#e.headers[e]}list(e){return super.toList(e)}one(e){let r=this.#e.headers[e];return Array.isArray(r)?r[0]:r}keys(){return Object.keys(this.#e.headers).values()}},We=class extends X{#e;constructor(e){super(),this.#e=e}has(e){return this.#e.hasHeader(e)}keys(){return this.#e.getHeaderNames().values()}get(e){return this.#e.getHeader(e)}one(e){let r=this.#e.getHeader(e);return Array.isArray(r)?r[0]:r}set(e,r){return this.#e.headersSent||(Array.isArray(r)?r=r.map(n=>typeof n=="number"?String(n):n):typeof r=="number"&&(r=String(r)),r?this.#e.setHeader(e,r):this.#e.removeHeader(e)),this}add(e,r){return this.#e.headersSent||this.#e.appendHeader(e,r),this}list(e){return super.toList(e)}},de=class extends ce{#e;constructor(e){super(new We(e)),this.#e=e}getNativeResponse(){return this.#e}get statusCode(){return super.statusCode??{value:this.#e.statusCode}}applyStatusCode(){let e=super.statusCode;e!==void 0&&(this.#e.statusCode=e.value)}addCookie(e){return this.headers.add("Set-Cookie",super.setCookieValue(e)),this}async bodyInternal(e){if(this.#e.headersSent)return!1;if(e instanceof ReadableStream)throw new Error("ReadableStream body not supported in response");{let r=await e;return await new Promise((n,o)=>{try{r===void 0?this.#e.end(()=>{n(!0)}):(this.headers.has("content-length")||(typeof r=="string"?this.headers.set("content-length",Buffer.byteLength(r)):r instanceof Blob?this.headers.set("content-length",r.size):this.headers.set("content-length",r.byteLength)),this.#e.end(r,()=>{n(!0)}))}catch(s){o(s instanceof Error?s:new Error(`end failed: ${s}`))}})}}},ue=class t{#e;constructor(e){this.#e=e}get delegate(){return this.#e}get id(){return this.#e.id}get method(){return this.#e.method}get path(){return this.#e.path}get protocol(){return this.#e.protocol}get host(){return this.#e.host}get URL(){return this.#e.URL}get headers(){return this.#e.headers}get cookies(){return this.#e.cookies}get remoteAddress(){return this.#e.remoteAddress}get upgrade(){return this.#e.upgrade}get body(){return this.#e.body}async blob(){return await this.#e.blob()}async text(){return await this.#e.text()}async formData(){return await this.#e.formData()}async json(){return await this.#e.json()}toString(){return`${t.name} [delegate: ${this.delegate.toString()}]`}static getNativeRequest(e){if(e instanceof ae)return e.getNativeRequest();if(e instanceof t)return t.getNativeRequest(e.delegate);throw new Error(`Cannot get native request from ${e.constructor.name}`)}},_=class t{#e;constructor(e){this.#e=e}get delegate(){return this.#e}setStatusCode(e){return this.delegate.setStatusCode(e)}setRawStatusCode(e){return this.delegate.setRawStatusCode(e)}get statusCode(){return this.delegate.statusCode}get cookies(){return this.delegate.cookies}addCookie(e){return this.delegate.addCookie(e),this}async end(){return await this.delegate.end()}async body(e){return await this.#e.body(e)}get headers(){return this.#e.headers}toString(){return`${t.name} [delegate: ${this.delegate.toString()}]`}static getNativeResponse(e){if(e instanceof ce)return e.getNativeResponse();if(e instanceof t)return t.getNativeResponse(e.delegate);throw new Error(`Cannot get native response from ${e.constructor.name}`)}},le=class t{#e;constructor(e){this.#e=e}get delegate(){return this.#e}get request(){return this.#e.request}get response(){return this.#e.response}attribute(e){return this.#e.attribute(e)}principal(){return this.#e.principal()}get logPrefix(){return this.#e.logPrefix}toString(){return`${t.name} [delegate: ${this.delegate}]`}},pe=class{request;response;#e={};#r;#t="";constructor(e,r){this.#e[ot]=e.id,this.request=e,this.response=r}get method(){return this.request.method}get path(){return this.request.path}get attributes(){return this.#e}attribute(e){return this.attributes[e]}principal(){return Promise.resolve(void 0)}get logPrefix(){let e=this.attribute(ot);return this.#r!==e&&(this.#r=e,this.#t=e!==void 0?`[${e}] `:""),this.#t}},ot="io.interop.gateway.server.log_id";import{networkInterfaces as dr}from"node:os";var ur=/^(\d+|(0x[\da-f]+))(-(\d+|(0x[\da-f]+)))?$/i;function Ie(t){if(t>65535)throw new Error(`bad port ${t}`);return t}function*it(t){if(typeof t=="string")for(let e of t.split(",")){let r=e.trim(),n=ur.exec(r);if(n){let o=parseInt(n[1]),s=parseInt(n[4]??n[1]);for(let i=Ie(o);i<Ie(s)+1;i++)yield i}else throw new Error(`'${e}' is not a valid port or range.`)}else yield Ie(t)}var st=(()=>{function t(r){return r.length>0?r[0]:void 0}let e=Object.values(dr()).flatMap(r=>(r??[]).filter(n=>n.family==="IPv4")).reduce((r,n)=>(r[n.internal?"internal":"external"].push(n),r),{internal:[],external:[]});return(t(e.internal)??t(e.external))?.address})();import{getHeapStatistics as lr,writeHeapSnapshot as pr}from"node:v8";import{access as hr,mkdir as fr,rename as at,unlink as gr}from"node:fs/promises";var y=b("monitoring"),mr={memoryLimit:1024*1024*1024,reportInterval:600*1e3,dumpLocation:".",maxBackups:10,dumpPrefix:"Heap"};function yr(){return lr()}async function ct(t){let e=t.dumpPrefix??"Heap",r=`${t.dumpLocation}/${e}.heapsnapshot`;y.enabledFor("debug")&&y.debug(`starting heap dump in ${r}`),await $e(t.dumpLocation).catch(async o=>{y.enabledFor("debug")&&y.debug(`dump location ${t.dumpLocation} does not exists. Will try to create it`);try{await fr(t.dumpLocation,{recursive:!0}),y.info(`dump location dir ${t.dumpLocation} successfully created`)}catch{y.error(`failed to create dump location ${t.dumpLocation}`)}});let n=pr(r);y.info("heap dumped");try{y.debug("rolling snapshot backups");let o=`${t.dumpLocation}/${e}.${t.maxBackups}.heapsnapshot`;await $e(o).then(async()=>{y.enabledFor("debug")&&y.debug(`deleting ${o}`);try{await gr(o)}catch(i){y.warn(`failed to delete ${o}`,i)}}).catch(()=>{});for(let i=t.maxBackups-1;i>0;i--){let a=`${t.dumpLocation}/${e}.${i}.heapsnapshot`,c=`${t.dumpLocation}/${e}.${i+1}.heapsnapshot`;await $e(a).then(async()=>{try{await at(a,c)}catch(d){y.warn(`failed to rename ${a} to ${c}`,d)}}).catch(()=>{})}let s=`${t.dumpLocation}/${e}.1.heapsnapshot`;try{await at(n,s)}catch(i){y.warn(`failed to rename ${n} to ${s}`,i)}y.debug("snapshots rolled")}catch(o){throw y.error("error rolling backups",o),o}}async function $e(t){y.enabledFor("trace")&&y.debug(`checking file ${t}`),await hr(t)}async function Sr(t,e,r){y.enabledFor("debug")&&y.debug(`processing heap stats ${JSON.stringify(t)}`);let n=Math.min(r.memoryLimit,.95*t.heap_size_limit),o=t.used_heap_size;y.info(`heap stats ${JSON.stringify(t)}`),o>=n?(y.warn(`used heap ${o} bytes exceeds memory limit ${n} bytes`),e.memoryLimitExceeded?delete e.snapshot:(e.memoryLimitExceeded=!0,e.snapshot=!0),await ct(r)):(e.memoryLimitExceeded=!1,delete e.snapshot)}function dt(t){let e={...mr,...t},r=!1,n={memoryLimitExceeded:!1},o=async()=>{let a=yr();await Sr(a,n,e)},s=setInterval(o,e.reportInterval);return{...e,channel:async a=>{if(!r)switch(a??="run",a){case"run":{await o();break}case"dump":{await ct(e);break}case"stop":{r=!0,clearInterval(s),y.info("exit memory diagnostic");break}}return r}}}async function wr({channel:t},e){await t(e)||y.warn(`cannot execute command "${e}" already closed`)}async function ut(t){return await wr(t,"stop")}import lt from"@interopio/gateway-server/package.json"with{type:"json"};var vr=t=>(t??=`${lt.name} - v${lt.version}`,async({response:e},r)=>{t!==!1&&!e.headers.has("server")&&e.headers.set("Server",t),await r()}),pt=t=>vr(t);import{IOGateway as he}from"@interopio/gateway";var Ne=b("gateway.ws.client-verify");function xr(t){switch(t.missing){case"allow":case"whitelist":return!0;case"block":case"blacklist":return!1;default:return!1}}function Er(t,e){let r=t.block??t.blacklist,n=t.allow??t.whitelist;if(r.length>0&&he.Filtering.valuesMatch(r,e))return Ne.warn(`origin ${e} matches block filter`),!1;if(n.length>0&&he.Filtering.valuesMatch(n,e))return Ne.enabledFor("debug")&&Ne.debug(`origin ${e} matches allow filter`),!0}function Cr(t){switch(t.non_matched){case"allow":case"whitelist":return!0;case"block":case"blacklist":return!1;default:return!1}}function ht(t,e){if(!e)return!0;if(t){let r=Er(e,t);return r||Cr(e)}else return xr(e)}function ft(t){if(t){let e=(t.block??t.blacklist??[]).map(he.Filtering.regexify),r=(t.allow??t.whitelist??[]).map(he.Filtering.regexify);return{non_matched:t.non_matched??"allow",missing:t.missing??"allow",allow:r,block:e}}}var gt=t=>async e=>{for(let r of t)if((await r(e)).match)return A();return E},z=t=>{let e=async r=>{for(let n of t)if(!(await n(r)).match)return E;return A()};return e.toString=()=>`and(${t.map(r=>r.toString()).join(", ")})`,e},mt=t=>async e=>(await t(e)).match?E:A(),Z=async t=>A();Z.toString=()=>"any-exchange";var yt=Object.freeze({}),E=Object.freeze({match:!1,variables:yt}),A=(t=yt)=>({match:!0,variables:t}),H=(t,e)=>{let r=e?.method,n=async o=>{let s=o.request,i=s.path;if(r!==void 0&&s.method!==r)return E;if(typeof t=="string")return i===t?A():E;{let a=t.exec(i);return a===null?E:{match:!0,variables:{...a.groups}}}};return n.toString=()=>`pattern(${t.toString()}, method=${r??"<any>"})`,n},Fe=t=>{let e=r=>{if(t.ignoredMediaTypes!==void 0){for(let n of t.ignoredMediaTypes)if(r===n||n==="*/*")return!0}return!1};return async r=>{let n=r.request,o;try{o=n.headers.list("accept")}catch{return E}for(let s of o)if(!e(s)){for(let i of t.mediaTypes)if(s.startsWith(i))return A()}return E}},B=async({request:t})=>t.upgrade&&t.headers.one("upgrade")?.toLowerCase()==="websocket"?A():E;B.toString=()=>"websocket upgrade";import{IOGateway as St}from"@interopio/gateway";async function Be(t,e,r){let n=(s,i)=>{if(i?.cors){let a=i.cors===!0?{allowOrigins:i.origins?.allow?.map(St.Filtering.regexify),allowMethods:s.method===void 0?["*"]:[s.method],allowCredentials:i.authorize?.access!=="permitted"?!0:void 0}:i.cors,c=s.path;r.cors.push([c,a])}},o=new class{handle(...s){s.forEach(({request:i,options:a,handler:c})=>{let d=H(St.Filtering.regexify(i.path),{method:i.method});a?.authorize&&r.authorize.push([d,a.authorize]),n(i,a);let u=async(l,g)=>{let{match:h,variables:p}=await d(l);h?await c(l,p):await g()};r.middleware.push(u)})}socket(...s){for(let{path:i,factory:a,options:c}of s){let d=i??"/";r.sockets.set(d,{default:i===void 0,ping:c?.ping,factory:a,maxConnections:c?.maxConnections,authorize:c?.authorize,originFilters:ft(c?.origins)})}}};await t(o,e)}import{IOGateway as Ue}from"@interopio/gateway";function Hr(t){let e=t.headers.one("origin");if(e===void 0)return!0;let r=t.URL,n=r.protocol,o=r.host,s=URL.parse(e),i=s?.host,a=s?.protocol;return n===a&&o===i}function Pr(t){return t.headers.has("origin")&&!Hr(t)}function bt(t){return t.method==="OPTIONS"&&t.headers.has("origin")&&t.headers.has("access-control-request-method")}var wt=["Origin","Access-Control-Request-Method","Access-Control-Request-Headers"],Rr=(t,e)=>{let{request:r,response:n}=t,o=n.headers;if(!o.has("Vary"))o.set("Vary",wt.join(", "));else{let i=o.list("Vary");for(let a of wt)i.find(c=>c===a)||i.push(a);o.set("Vary",i.join(", "))}try{if(!Pr(r))return!0}catch{return P.enabledFor("debug")&&P.debug("reject: origin is malformed"),ee(n),!1}if(o.has("access-control-allow-origin"))return P.enabledFor("trace")&&P.debug('skip: already contains "Access-Control-Allow-Origin"'),!0;let s=bt(r);return e?kr(t,e,s):s?(ee(n),!1):!0},ge=["*"],De=["GET","HEAD","POST"],vt={allowOrigins:ge,allowMethods:De,allowHeaders:ge,maxAge:1800};function me(t){if(t){let e=t.allowHeaders;e&&e!==S&&(t={...t,allowHeaders:e.map(n=>n.toLowerCase())});let r=t.allowOrigins;return r&&(r==="*"?(Et(t),Ct(t)):t={...t,allowOrigins:r.map(n=>typeof n=="string"&&n!==S&&(n=Ue.Filtering.regexify(n),typeof n=="string")?At(n).toLowerCase():n)}),t}}function fe(t,e){if(e===void 0)return t!==void 0?t===S?[S]:t:[];if(t===void 0)return e===S?[S]:e;if(t==ge||t===De)return e===S?[S]:e;if(e==ge||e===De)return t===S?[S]:t;if(t===S||t.includes(S)||e===S||e.includes(S))return[S];let r=new Set;return t.forEach(n=>r.add(n)),e.forEach(n=>r.add(n)),Array.from(r)}var te=(t,e)=>e===void 0?t:{allowOrigins:fe(t.allowOrigins,e?.allowOrigins),allowMethods:fe(t.allowMethods,e?.allowMethods),allowHeaders:fe(t.allowHeaders,e?.allowHeaders),exposeHeaders:fe(t.exposeHeaders,e?.exposeHeaders),allowCredentials:e?.allowCredentials??t.allowCredentials,allowPrivateNetwork:e?.allowPrivateNetwork??t.allowPrivateNetwork,maxAge:e?.maxAge??t.maxAge},Tr=t=>{let e=t.corsConfigSource,r=t.corsProcessor??Rr;return async(n,o)=>{let s=await e(n);!r(n,s)||bt(n.request)||await o()}},xt=Tr,P=b("cors");function ee(t){t.setStatusCode(f.FORBIDDEN)}function kr(t,e,r){let{request:n,response:o}=t,s=o.headers,i=n.headers.one("origin"),a=Mr(e,i);if(a===void 0)return P.enabledFor("debug")&&P.debug(`reject: '${i}' origin is not allowed`),ee(o),!1;let c=Ir(n,r),d=Wr(e,c);if(d===void 0)return P.enabledFor("debug")&&P.debug(`reject: HTTP '${c}' is not allowed`),ee(o),!1;let u=$r(n,r),l=Lr(e,u);if(r&&l===void 0)return P.enabledFor("debug")&&P.debug(`reject: headers '${u}' are not allowed`),ee(o),!1;s.set("Access-Control-Allow-Origin",a),r&&s.set("Access-Control-Allow-Methods",d.join(",")),r&&l!==void 0&&l.length>0&&s.set("Access-Control-Allow-Headers",l.join(", "));let g=e.exposeHeaders;return g&&g.length>0&&s.set("Access-Control-Expose-Headers",g.join(", ")),e.allowCredentials&&s.set("Access-Control-Allow-Credentials","true"),e.allowPrivateNetwork&&n.headers.one("access-control-request-private-network")==="true"&&s.set("Access-Control-Allow-Private-Network","true"),r&&e.maxAge!==void 0&&s.set("Access-Control-Max-Age",e.maxAge.toString()),!0}var S="*",Or=["GET","HEAD"];function Et(t){if(t.allowCredentials===!0&&t.allowOrigins===S)throw new Error('when allowCredentials is true allowOrigins cannot be "*"')}function Ct(t){if(t.allowPrivateNetwork===!0&&t.allowOrigins===S)throw new Error('when allowPrivateNetwork is true allowOrigins cannot be "*"')}function Mr(t,e){if(e){let r=t.allowOrigins;if(r){if(r===S)return Et(t),Ct(t),S;let n=At(e.toLowerCase());for(let o of r)if(o===S||Ue.Filtering.valueMatches(o,n))return e}}}function Wr(t,e){if(e){let r=t.allowMethods??Or;if(r===S)return[e];if(Ue.Filtering.valuesMatch(r,e))return r}}function Lr(t,e){if(e===void 0)return;if(e.length==0)return[];let r=t.allowHeaders;if(r===void 0)return;let n=r===S||r.includes(S),o=[];for(let s of e){let i=s?.trim();if(i){if(n)o.push(i);else for(let a of r)if(i.toLowerCase()===a){o.push(i);break}}}if(o.length>0)return o}function At(t){return t.endsWith("/")?t.slice(0,-1):t}function Ir(t,e){return e?t.headers.one("access-control-request-method"):t.method}function $r(t,e){let r=t.headers;return e?r.list("access-control-request-headers"):Array.from(r.keys())}var Ht=t=>async e=>{for(let[r,n]of t.mappings)if((await r(e)).match)return P.debug(`resolved cors config on '${e.request.path}' using ${r}: ${JSON.stringify(n)}`),n};import{IOGateway as Nr}from"@interopio/gateway";function Pt(t){let{sockets:e,cors:r}=t,n=t.corsConfig===!1?void 0:te(vt,t.corsConfig),o=[];for(let[i,a]of e){let c=n;for(let[u,l]of r)Nr.Filtering.valueMatches(u,i)&&(l===void 0?c=void 0:c=c===void 0?l:te(c,l));let d=t.corsConfig===!1?void 0:{allowOrigins:a.originFilters?.allow,allowMethods:["GET","CONNECT","OPTIONS"],allowHeaders:["Upgrade","Connection","Origin","Sec-Websocket-Key","Sec-Websocket-Version","Sec-Websocket-Protocol","Sec-Websocket-Extensions"],exposeHeaders:["Sec-Websocket-Accept","Sec-Websocket-Protocol","Sec-Websocket-Extensions"],allowCredentials:a.authorize?.access!=="permitted"?!0:void 0};c=c===void 0?d:te(c,d),o.push([z([B,H(i)]),me(c)])}let s=[];for(let[i,a]of r){let[,c]=s.find(([u])=>String(u)===String(i))??[i,n];c=c===void 0?a:te(c,a);let d=!1;for(let u of s)if(String(u[0])===String(i)){u[1]=c,d=!0;break}d||s.push([i,c])}for(let[i,a]of s)o.push([H(i),me(a)]);return o.push([H(/\/api\/.*/),me(n)]),Ht({mappings:o})}function Rt(t){return t!==void 0&&typeof t.type=="string"&&typeof t.authenticated=="boolean"}var C=class extends Error{_authentication;get authentication(){return this._authentication}set authentication(e){if(e===void 0)throw new TypeError("Authentication cannot be undefined");this._authentication=e}},ye=class extends C{},Se=class extends C{};var D=class extends Error{},W=class{constructor(e){this.granted=e}granted},$=class{#e;constructor(e){this.#e=e}async verify(e,r){if(!(await this.#e(e,r))?.granted)throw new D("Access denied")}async authorize(e,r){return await this.#e(e,r)}},G=class extends C{};var R=t=>async e=>{let r=!0,{response:n}=e;for(let o of t.keys())n.headers.has(o)&&(r=!1);if(r)for(let[o,s]of t)n.headers.set(o,s)},Fr=()=>R(new v().add("cache-control","no-cache, no-store, max-age=0, must-revalidate").add("pragma","no-cache").add("expires","0")),Br=()=>R(new v().add("x-content-type-options","nosniff")),Dr=(t,e,r)=>{let n=`max-age=${t}`;e&&(n+=" ; includeSubDomains"),r&&(n+=" ; preload");let o=R(new v().add("strict-transport-security",n)),s=i=>i.request.URL.protocol==="https:";return async i=>{s(i)&&await o(i)}},Ur=t=>R(new v().add("x-frame-options",t)),qr=t=>R(new v().add("x-xss-protection",t)),_r=t=>{let e=t===void 0?void 0:R(new v().add("permissions-policy",t));return async r=>{e!==void 0&&await e(r)}},zr=(t,e)=>{let r=e?"content-security-policy-report-only":"content-security-policy",n=t===void 0?void 0:R(new v().add(r,t));return async o=>{n!==void 0&&await n(o)}},Gr=(t="no-referrer")=>R(new v().add("referer-policy",t)),jr=t=>{let e=t===void 0?void 0:R(new v().add("cross-origin-opener-policy",t));return async r=>{e!==void 0&&await e(r)}},Vr=t=>{let e=t===void 0?void 0:R(new v().add("cross-origin-embedder-policy",t));return async r=>{e!==void 0&&await e(r)}},Jr=t=>{let e=t===void 0?void 0:R(new v().add("cross-origin-resource-policy",t));return async r=>{e!==void 0&&await e(r)}},Qr=(...t)=>async e=>{for(let r of t)await r(e)};function qe(t){let e=[];t?.cache?.disabled||e.push(Fr()),t?.contentType?.disabled||e.push(Br()),t?.hsts?.disabled||e.push(Dr(t?.hsts?.maxAge??365*24*60*60,t?.hsts?.includeSubDomains??!0,t?.hsts?.preload??!1)),t?.frameOptions?.disabled||e.push(Ur(t?.frameOptions?.mode??"DENY")),t?.xss?.disabled||e.push(qr(t?.xss?.headerValue??"0")),t?.permissionsPolicy?.disabled||e.push(_r(t?.permissionsPolicy?.policyDirectives)),t?.contentSecurityPolicy?.disabled||e.push(zr(t?.contentSecurityPolicy?.policyDirectives??"default-src 'self'",t?.contentSecurityPolicy?.reportOnly)),t?.refererPolicy?.disabled||e.push(Gr(t?.refererPolicy?.policy??"no-referrer")),t?.crossOriginOpenerPolicy?.disabled||e.push(jr(t?.crossOriginOpenerPolicy?.policy)),t?.crossOriginEmbedderPolicy?.disabled||e.push(Vr(t?.crossOriginEmbedderPolicy?.policy)),t?.crossOriginResourcePolicy?.disabled||e.push(Jr(t?.crossOriginResourcePolicy?.policy)),t?.writers&&e.push(...t.writers);let r=Qr(...e);return async(n,o)=>{await r(n),await o()}}var j=t=>{let e=t.entryPoint,r=t?.rethrowAuthenticationServiceError??!0;return async({exchange:n},o)=>{if(!r||!(o instanceof G))return e(n,o);throw o}};var Yr="Realm",Kr=t=>`Basic realm="${t}"`,V=t=>{let e=Kr(t?.realm??Yr);return async(r,n)=>{let{response:o}=r;o.setStatusCode(f.UNAUTHORIZED),o.headers.set("WWW-Authenticate",e)}};var Tt="Basic ",we=t=>async e=>{let{request:r}=e,n=r.headers.one("authorization");if(!n||!/basic/i.test(n.substring(0)))return;let o=n.length<=Tt.length?"":n.substring(Tt.length),i=Buffer.from(o,"base64").toString(t?.credentialsEncoding??"utf-8").split(":",2);if(i.length===2)return{type:"UsernamePassword",authenticated:!1,principal:i[0],credentials:i[1]}};import{AsyncLocalStorage as Xr}from"node:async_hooks";var N=class t{static hasSecurityContext(e){return e.getStore()?.securityContext!==void 0}static async getSecurityContext(e){return await e.getStore()?.securityContext}static clearSecurityContext(e){delete e.getStore()?.securityContext}static withSecurityContext(e){return(r=new Xr)=>(r.getStore().securityContext=e,r)}static withAuthentication(e){return t.withSecurityContext(Promise.resolve({authentication:e}))}static async getContext(e){if(t.hasSecurityContext(e))return t.getSecurityContext(e)}};async function Zr(t,e,r,n,o,s){let a=await(await n(t))?.(r);if(a===void 0)throw new Error("No authentication manager found for the exchange");try{await en(a,{exchange:t,next:e},o,s)}catch(c){throw c instanceof C,c}}async function en(t,e,r,n){N.withAuthentication(t)(n),await r(e,t)}function J(t){let e={matcher:Z,successHandler:async({next:n})=>{await n()},converter:we({}),failureHandler:j({entryPoint:V({})}),...t},r=e.managerResolver;if(r===void 0&&e.manager!==void 0){let n=e.manager;r=async o=>n}if(r===void 0)throw new Error("Authentication filter requires a managerResolver or a manager");return async(n,o)=>{let i=(await e.matcher(n)).match?await e.converter(n):void 0;if(i===void 0){await o();return}try{await Zr(n,o,i,r,e.successHandler,e.storage)}catch(a){if(a instanceof C){await e.failureHandler({exchange:n,next:o},a);return}throw a}}}var kt=t=>async(e,r)=>{e.response.setStatusCode(t.httpStatus)};var Q=b("auth.entry-point"),be=t=>{let e=t.defaultEntryPoint??(async({response:r},n)=>{r.setStatusCode(f.UNAUTHORIZED),await r.end()});return async(r,n)=>{for(let[o,s]of t.entryPoints)if(Q.enabledFor("debug")&&Q.debug(`trying to match using: ${o}`),(await o(r)).match)return Q.enabledFor("debug")&&Q.debug(`match found. using default entry point ${s}`),s(r,n);return Q.enabledFor("debug")&&Q.debug(`no match found. using default entry point ${e}`),e(r,n)}};var Ot=t=>async({exchange:e,next:r},n)=>{for(let o of t)await o({exchange:e,next:r},n)};function _e(t){let e=async g=>g.request.headers.list("X-Requested-With").includes("XMLHttpRequest")?A():E,r=be({entryPoints:[[e,kt({httpStatus:f.UNAUTHORIZED})]],defaultEntryPoint:V({})}),n=t.entryPoint??r,o=t.manager,s=Fe({mediaTypes:["application/atom+xml","application/x-www-form-urlencoded","application/json","application/octet-stream","application/xml","multipart/form-data","text/xml"],ignoredMediaTypes:["*/*"]}),i=mt(Fe({mediaTypes:["text/html"]})),a=z([i,s]),c=gt([e,a]);t.defaultEntryPoints.push([c,n]);let d=t.failureHandler??j({entryPoint:n}),u=Ot(t.successHandlers??t.defaultSuccessHandlers),l=we({});return J({storage:t.storage,manager:o,failureHandler:d,successHandler:u,converter:l})}var Mt={invalid_request:"invalid_request",invalid_token:"invalid_token",insufficient_scope:"insufficient_scope"},Wt="https://tools.ietf.org/html/rfc6750#section-3.1";function ve(t){return{errorCode:Mt.invalid_token,httpStatus:f.UNAUTHORIZED,description:t,uri:Wt}}function ze(t){return{errorCode:Mt.invalid_request,httpStatus:f.BAD_REQUEST,description:t,uri:Wt}}var tn="access_token",rn=/^Bearer\s+(?<token>[a-zA-Z0-9-._~+/]+=*)$/i,k=class extends C{error;constructor(e,r,n){super(r??(typeof e=="string"?void 0:e.description),n),this.error=typeof e=="string"?{errorCode:e}:e}},Lt=t=>t.type==="BearerToken",nn=t=>async e=>{let{request:r}=e;return Promise.all([sn(r.headers,t?.headerName).then(n=>n!==void 0?[n]:void 0),an(r,t?.uriQueryParameter),cn(e,t?.formEncodedBodyParameter)]).then(n=>n.filter(o=>o!==void 0).flat(1)).then(on).then(n=>{if(n)return{authenticated:!1,type:"BearerToken",token:n}})};async function on(t){if(t.length===0)return;if(t.length>1){let r=ze("Found multiple access tokens in the request");throw new k(r)}let e=t[0];if(!e||e.length===0){let r=ze("The requested access token parameter is an empty string");throw new k(r)}return e}async function sn(t,e="authorization"){let r=t.one(e);if(!r||!/bearer/i.test(r.substring(0)))return;let n=rn.exec(r);if(n===null){let o=ve("Bearer token is malformed");throw new k(o)}return n.groups?.token}async function It(t){let e=t.getAll(tn);if(e.length!==0)return e}async function an(t,e=!1){if(!(!e||t.method!=="GET"))return It(t.URL.searchParams)}async function cn(t,e=!1){let{request:r}=t;if(!e||r.headers.one("content-type")!=="application/x-www-form-urlencoded"||r.method!=="POST")return;let n=await t.request.formData();if(n)return It(n)}var xe=nn;function dn(t){let e="Bearer";if(t.size!==0){e+=" ";let r=0;for(let[n,o]of t)e+=`${n}="${o}"`,r!==t.size-1&&(e+=", "),r++}return e}var $t=t=>t.httpStatus!==void 0;function un(t){if(t instanceof k){let{error:e}=t;if($t(e))return e.httpStatus}return f.UNAUTHORIZED}function ln(t,e){let r=new Map;if(e&&r.set("realm",e),t instanceof k){let{error:n}=t;r.set("error",n.errorCode),n.description&&r.set("error_description",n.description),n.uri&&r.set("error_uri",n.uri),$t(n)&&n.scope&&r.set("scope",n.scope)}return r}var pn=t=>async(e,r)=>{let n=un(r),o=ln(r,t?.realmName),s=dn(o),{response:i}=e;i.headers.set("WWW-Authenticate",s),i.setStatusCode(n),await i.end()},Ee=pn;var hn=t=>{let e=t?.principalClaimName??"sub";return r=>({type:"JwtToken",authenticated:!0,name:r.getClaimAsString(e)})},fn=t=>async e=>t(e),Y=class extends Error{},re=class extends Y{};function gn(t){if(t instanceof re)return new k(ve(t.message),t.message,{cause:t});throw new G(t.message,{cause:t})}function Ge(t){let e=t.decoder,r=t.authConverter??fn(hn({}));return async n=>{if(Lt(n)){let o=n.token;try{let s=await e(o);return await r(s)}catch(s){throw s instanceof Y?gn(s):s}}}}function je(t){let e=t.entryPoint??Ee({}),r=t?.converter??xe({}),n=t.failureHandler??j({entryPoint:e});if(t.managerResolver!==void 0)return J({storage:t.storage,converter:r,failureHandler:n,managerResolver:t.managerResolver});if(t.jwt!==void 0){let o=t.jwt.manager??Ge(t.jwt);return J({storage:t.storage,converter:r,failureHandler:n,managerResolver:async s=>o})}throw new Error("Invalid resource server configuration: either managerResolver or jwt must be provided")}import{jwtVerifier as Sn,JwtVerifyError as wn}from"@interopio/gateway/jose/jwt";async function Nt(t,e,r){let n=new ye("Full authentication is required to access this resource."),o=new C("Access Denied",{cause:n});e&&(o.authentication=e),await r(t,o)}function mn(t){return async(e,r)=>{e.response.setStatusCode(t),e.response.headers.set("Content-Type","text/plain; charset=utf-8");let n=Buffer.from("Access Denied","utf-8");e.response.headers.set("Content-Length",n.length),await e.response.body(n)}}var Ft=t=>{let e=mn(f.FORBIDDEN),r=t.authenticationEntryPoint??V();return async(n,o)=>{try{await o()}catch(s){if(s instanceof D){let i=await n.principal();Rt(i)?(i.authenticated||await e(n,s),await Nt(n,i,r)):await Nt(n,void 0,r);return}throw s}}};var yn=b("security.auth");function Ve(t){let e=async(r,n)=>{let o;for(let[s,i]of t.mappings)if((await s(n))?.match){yn.debug(`checking authorization on '${n.request.path}' using [${s}, ${i}]`);let a=await i.authorize(r,{exchange:n});if(a!==void 0){o=a;break}}return o??=new W(!1),o};return new $(e)}var Ce=b("security.auth");function Je(t){let{manager:e,storage:r}=t;return async(n,o)=>{let s=N.getContext(r).then(i=>i?.authentication);try{await e.verify(s,n),Ce.enabledFor("debug")&&Ce.debug("authorization successful")}catch(i){throw i instanceof D&&Ce.enabledFor("debug")&&Ce.debug(`authorization failed: ${i.message}`),i}await o()}}var Qe=class extends le{#e;constructor(e,r){super(e),this.#e=r}async principal(){return(await this.#e())?.authentication}},Bt=t=>{let e=t.storage;return async(r,n)=>{await n(new Qe(r,async()=>await N.getContext(e)))}};var L={first:Number.MAX_SAFE_INTEGER,http_headers:100,https_redirect:200,cors:300,http_basic:600,authentication:800,security_context_server_web_exchange:1500,error_translation:1800,authorization:1900,last:Number.MAX_SAFE_INTEGER},I=Symbol.for("filterOrder"),Dt=(t,e)=>{let r=[];class n{#e;#r=[];manager;get authenticationEntryPoint(){return this.#e!==void 0||this.#r.length===0?this.#e:this.#r.length===1?this.#r[0][1]:be({entryPoints:this.#r,defaultEntryPoint:this.#r[this.#r.length-1][1]})}build(){if(t.headers!==void 0&&t.headers.disabled!==!0){let a=qe(t.headers);a[I]=L.http_headers,r.push(a)}if(t.cors?.disabled!==!0&&e.corsConfigSource!==void 0){let a=xt({corsConfigSource:e.corsConfigSource});a[I]=L.cors,r.push(a)}if(t.basic!==void 0&&t.basic?.disabled!==!0){let a=t.basic.user?.name.toLowerCase(),c=t.basic.user?.password??"",d=t.basic.user?.authorities??[],u=async h=>{let p=h.principal,w=h.credentials;if(p.toLowerCase()!==a||w!==c)throw new Se("Invalid username or password");return{type:"UsernamePassword",authenticated:!0,principal:p,credentials:w,authorities:[...d]}},l=[async({exchange:h,next:p},w)=>p()],g=_e({storage:e.storage,manager:u,defaultEntryPoints:this.#r,defaultSuccessHandlers:l});g[I]=L.http_basic,r.push(g)}if(t.jwt!==void 0&&t.jwt.disabled!==!0){let a=Sn({issuerBaseUri:t.jwt.issuerUri,issuer:t.jwt.issuer,audience:t.jwt.audience}),c=async h=>{try{let{payload:p}=await a(h);return{subject:p.sub,getClaimAsString(w){return p[w]}}}catch(p){throw p instanceof wn?new re(p.message,{cause:p}):new Y("error occurred while attempting to decoding jwt",{cause:p})}},d=xe({uriQueryParameter:!0}),u=async h=>{try{return await d(h)===void 0?E:A()}catch{return E}},l=Ee({});this.#r.push([u,l]);let g=je({storage:e.storage,entryPoint:l,converter:d,jwt:{decoder:c}});g[I]=L.authentication,r.push(g)}let i=Bt({storage:e.storage});if(r.push(i),i[I]=L.security_context_server_web_exchange,t.authorize!==void 0){let a=Ft({authenticationEntryPoint:this.authenticationEntryPoint});a[I]=L.error_translation,r.push(a);let d=(l=>{let g=[],h=!1;for(let[p,w]of l??[]){let m;if(p==="any-exchange")h=!0,m=Z;else{if(h)throw new Error("Cannot register other matchers after 'any-exchange' matcher");m=p}let x;if(w.access==="permitted")x=new $(async()=>new W(!0)),x.toString=()=>"AuthorizationManager[permitted]";else if(w.access==="denied")x=new $(async()=>new W(!1)),x.toString=()=>"AuthorizationManager[denied]";else if(w.access==="authenticated")x=new $(async K=>{let F=await K;return F!==void 0?new W(F.authenticated):new W(!1)}),x.toString=()=>"AuthorizationManager[authenticated]";else throw new Error(`Unknown access type: ${JSON.stringify(w)}`);g.push([m,x])}return Ve({mappings:g})})(t.authorize),u=Je({manager:d,storage:e.storage});u[I]=L.authorization,r.push(u)}r.sort((a,c)=>{let d=a[I]??L.last,u=c[I]??L.last;return d-u})}}return new n().build(),r};function bn(t){let e=[],r={access:t.authConfig?.type!=="none"?"authenticated":"permitted"};for(let[n,o]of t.sockets){let s=o.authorize??r,i=H(n,{method:"GET"});i=z([B,i]),e.push([i,s])}return e.push([H("/",{method:"GET"}),{access:"permitted"}]),e.push([H("/favicon.ico",{method:"GET"}),{access:"permitted"}]),e.push([H("/health",{method:"GET"}),{access:"permitted"}]),t.authorize.length>0&&e.push(...t.authorize),e.push(["any-exchange",r]),{authorize:e,cors:{disabled:t.corsConfig===!1},basic:{disabled:t.authConfig?.type!=="basic",...t.authConfig?.basic},jwt:{disabled:t.authConfig?.type!=="oauth2",...t.authConfig?.oauth2?.jwt}}}async function Ut(t){let e=Pt(t),r=bn(t),{storage:n}=t;return Dt(r,{storage:n,corsConfigSource:e})}import{AsyncLocalStorage as vn}from"node:async_hooks";var Ae=class extends _{},Ye=class{#e;#r=!1;#t;#o;constructor(e,r){this.#e=e,this.#t=r}createExchange(e,r){return new pe(e,r)}set storage(e){this.#o=e}set enableLoggingRequestDetails(e){this.#r=e}formatHeaders(e){let r="{";for(let n of e.keys())if(this.#r){let o=e.get(n);r+=`"${n}": "${o}", `}else{r+="masked, ";break}return r.endsWith(", ")&&(r=r.slice(0,-2)),r+="}",r}formatRequest(e){let r=e.URL.search;return`HTTP ${e.method} "${e.path}${r}`}logRequest(e){if(this.#e.enabledFor("debug")){let r=this.#e.enabledFor("trace");this.#e.debug(`${e.logPrefix}${this.formatRequest(e.request)}${r?`, headers: ${this.formatHeaders(e.request.headers)}`:""}"`)}}logResponse(e){if(this.#e.enabledFor("debug")){let r=this.#e.enabledFor("trace"),n=e.response.statusCode;this.#e.debug(`${e.logPrefix}Completed ${n??"200 OK"}${r?`, headers: ${this.formatHeaders(e.response.headers)}`:""}"`)}}handleUnresolvedError(e,r){let{request:n,response:o,logPrefix:s}=e;if(o.setStatusCode(f.INTERNAL_SERVER_ERROR)){this.#e.error(`${s}500 Server Error for ${this.formatRequest(n)}`,r);return}throw this.#e.error(`${s}Error [${r.message} for ${this.formatRequest(n)}, but already ended (${o.statusCode})`,r),r}async web(e){return await this.#t(e)}async http(e,r){let n=this.createExchange(e,r),o=()=>(this.logRequest(n),this.web(n).then(()=>{this.logResponse(n)}).catch(s=>{this.handleUnresolvedError(n,s)}).then(async()=>{await n.response.end()}));await new Promise((s,i)=>{this.#o!==void 0?this.#o.run({exchange:n},()=>{o().then(()=>s()).catch(a=>i(a))}):o().then(()=>s()).catch(a=>i(a))})}},He=class{#e;#r=new vn;#t;storage(e){return this.#r=e,this}httpHandlerDecorator(e){if(this.#t===void 0)this.#t=e;else{let r=this.#t;this.#t=n=>(n=r(n),e(n))}return this}constructor(e){this.#e=e}build(){let e=b("http"),r=new Ye(e,this.#e);this.#r!==void 0&&(r.storage=this.#r),r.enableLoggingRequestDetails=!1;let n=async(o,s)=>r.http(o,s);return this.#t?this.#t(n):n}};import{WebSocketServer as En}from"ws";function qt(t,e){let r=t?.exchange,n=r?.request??new q(t),o=r?.principal,s=o?o.bind(r):async function(){},i=n.URL,a=new v;for(let g of n.headers.keys())a.set(g,n.headers.list(g));let c=n.cookies,d=r?.logPrefix??`[${n.id}] `,u=n.remoteAddress;return{url:i,headers:a,cookies:c,principal:s,protocol:e,remoteAddress:u,logPrefix:d}}function _t(t){return[async(r,n)=>{let s=r.request.path??"/",i=t.sockets,a=i.get(s)??Array.from(i.values()).find(c=>{if(s==="/"&&c.default===!0)return!0});if(a!==void 0){let{request:c,response:d}=r,u=await B(r);if((c.method==="GET"||c.method==="CONNECT")&&u.match)if(a.upgradeStrategy!==void 0){a.upgradeStrategy(r);return}else throw new Error(`No upgrade strategy defined for route on ${s}`);else{if(a.default){await n();return}d.setStatusCode(f.UPGRADE_REQUIRED),d.headers.set("Upgrade","websocket").set("Connection","Upgrade").set("Content-Type","text/plain");let l=Buffer.from(`This service [${c.path}] requires use of the websocket protocol.`,"utf-8");await d.body(l)}}else await n()}]}import{WebSocket as xn}from"ws";var Pe=class extends xn{constructor(e,r,n){super(null,void 0,n)}connected},Re=class t{static#e=Buffer.alloc(0);static#r=[0,Buffer.alloc(8)];#t;#o;#i;#s=!1;#n;constructor(e,r,n){this.#n=e,this.#o=typeof n=="number"?n:n?.interval,this.#t=typeof n=="number"||n?.data==="timestamp"?()=>t.#d(Date.now()):()=>t.#e,this.#o&&(this.#i=setInterval(()=>{let[o,s]=r();for(let i of s)this.#a(i,o)||this.#c(i,o)},this.#o))}#a(e,r){return e.connected===!1?(this.#n.enabledFor("debug")&&this.#n.debug(`terminating unresponsive ws client on [${r}]`),e.terminate(),!0):!1}#c(e,r){e.connected=!1;let n=this.#t();this.#n.enabledFor("trace")&&this.#n.debug(`pinging ws client on [${r}]`),e.ping(n,this.#s,o=>{o&&this.#n.enabledFor("warn")&&this.#n.warn(`failed to ping ws client on [${r}]`,o)})}static#d(e=Date.now()){if(e-t.#r[0]>0){let r=Buffer.allocUnsafe(8);r.writeBigInt64BE(BigInt(e),0),t.#r=[e,r]}return t.#r[1]}static#u(e){return e.length===8?Number(e.readBigInt64BE(0)):0}close(){clearInterval(this.#i)}handlePing(e,r,n){r.connected=!0,r.pong(n,!1,o=>{o&&this.#n.enabledFor("warn")&&this.#n.warn(`${e.logPrefix}failed to pong ws client [${e.remoteAddress?.address}:${e.remoteAddress?.port}]`,o)})}handlePong(e,r,n){if(r.connected=!0,this.#n.enabledFor("warn")){let o=t.#u(n);if(o>0){let s=Date.now()-o;this.#n.enabledFor("debug")&&this.#n.debug(`${e.logPrefix}ws client [${e.remoteAddress?.address}:${e.remoteAddress?.port}] ping-pong latency: ${s}ms`),this.#o&&s>this.#o/2&&this.#n.enabledFor("warn")&&this.#n.warn(`${e.logPrefix}ws client [${e.remoteAddress?.address}:${e.remoteAddress?.port}] high ping-pong latency: ${s}ms`)}}}};var T=b("ws");function Cn(t,e,r,n){return o=>{let{logPrefix:s,request:i}=o,a=ue.getNativeRequest(i);a.exchange=o;let{socket:c,upgradeHead:d}=a,u=i.host;if(c.removeListener("error",n),e.maxConnections!==void 0&&r.clients?.size>=e.maxConnections){T.warn(`${s}dropping ws connection request on ${u}${t}. max connections exceeded.`),c.destroy();return}let l=i.headers.one("origin");if(!ht(l,e.originFilters)){T.enabledFor("info")&&T.info(`${s}dropping ws connection request on ${u}${t}. origin ${l??"<missing>"}`),c.destroy();return}T.enabledFor("debug")&&T.debug(`${s}accepted new ws connection request on ${u}${t}`),r.handleUpgrade(a,c,d,(g,h)=>{r.emit("connection",g,h)})}}function An(t,e){let r=new Set;t.forEach((o,s)=>{if(s===0&&o.startsWith("HTTP/1.1 101 ")){e.setStatusCode(f.SWITCHING_PROTOCOLS);return}let[i,a]=o.split(": ");e.headers.has(i)?t[s]=`${i}: ${e.headers.one(i)}`:e.headers.set(i,a),r.add(i.toLowerCase())});let n=_.getNativeResponse(e);for(let o of n.getRawHeaderNames()){let s=o.toLowerCase();if(!r.has(s)){let i=e.headers.get(s);i!==void 0&&t.push(`${o}: ${i}`)}}n.markHeadersSent()}async function zt(t,e,r,n,o){try{T.info(`creating ws server for [${t}]. max connections: ${e.maxConnections??"<unlimited>"}, origin filters: ${e.originFilters?JSON.stringify(e.originFilters,Ze):"<none>"}, ping: ${typeof e.ping=="number"?e.ping+"ms":e.ping?JSON.stringify(e.ping):"<none>"}`);let s=new En({noServer:!0,WebSocket:Pe,autoPong:!1}),i=new Re(T.child("pings"),()=>[t,s.clients],e.ping),a=await e.factory({endpoint:r,storage:n});s.on("error",c=>{T.error(`error starting the ws server for [${t}]`,c)}).on("listening",()=>{T.info(`ws server for [${t}] is listening`)}).on("headers",(c,d)=>{if(d.exchange!==void 0){let{response:u}=d.exchange;An(c,u)}}).on("connection",(c,d)=>{let u=qt(d,c.protocol);c.on("pong",l=>{i.handlePong(u,c,l)}),c.on("ping",l=>{i.handlePing(u,c,l)}),a({socket:c,handshake:u})}),s.on("close",()=>{i.close()}),e.upgradeStrategy=Cn(t,e,s,o),e.close=async()=>{await a.close?.call(a),T.info(`stopping ws server for [${t}]. clients: ${s.clients?.size??0}`),s.clients?.forEach(c=>{c.terminate()}),s.close()}}catch(s){T.warn(`failed to init route ${t}`,s)}}var O=b("app");function kn(t){let e={};return t.key&&(e.key=Ke(t.key)),t.cert&&(e.cert=Ke(t.cert)),t.ca&&(e.ca=Ke(t.ca)),e}async function On(t,e){let r=t.build();return async(n,o)=>{n.socket.addListener("error",e);let s;o instanceof U?s=o:(n.upgradeHead=o,s=new U(n),s.assignSocket(n.socket));let i=new q(n),a=new de(s),c=i.method==="HEAD"?new Ae(a):a;await r(i,c)}}function Mn(t){return new Promise((e,r)=>{let n=t(o=>{o?r(o):e(n)})})}function Wn(t){if(t)return dt({memoryLimit:t.memory_limit,dumpLocation:t.dump_location,dumpPrefix:t.dump_prefix,reportInterval:t.report_interval,maxBackups:t.max_backups})}async function Ln(t){let e=t.storage,r=await Ut(t),n=_t(t),o=tt(pt(t.serverHeader),...r,...n,...t.middleware,async({request:s,response:i},a)=>{if(s.method==="GET"&&s.path==="/health"){i.setStatusCode(f.OK);let c=Buffer.from("UP","utf-8");i.headers.set("Content-Type","text/plain; charset=utf-8"),await i.body(c)}else await a()},async({request:s,response:i},a)=>{if(s.method==="GET"&&s.path==="/"){i.setStatusCode(f.OK);let c=Buffer.from("io.Gateway Server","utf-8");i.headers.set("Content-Type","text/plain; charset=utf-8"),await i.body(c)}else await a()},async({response:s},i)=>{s.setStatusCode(f.NOT_FOUND),await s.end()});return new He(o).storage(e)}var Xe=async t=>{let e=t.ssl,r=e?(h,p)=>Pn.createServer({...h,...kn(e)},p):(h,p)=>Hn.createServer(h,p),n=Wn(t.memory),o={middleware:[],corsConfig:t.cors,cors:[],authConfig:t.auth,authorize:[],storage:new Rn,sockets:new Map},s=Tn.Factory({...t.gateway});if(t.gateway){let h=t.gateway;await Be(async p=>{p.socket({path:h.route,factory:et.bind(s),options:h})},t,o)}t.app&&await Be(t.app,t,o);let i=it(t.port??0),a=t.host,c=h=>O.error(`socket error: ${h}`,h),d=await Ln(o),u=await On(d,c),g=await new Promise((h,p)=>{let w=r({IncomingMessage:se,ServerResponse:U,...t.http},u);w.on("error",m=>{if(m.code==="EADDRINUSE"){O.debug(`port ${m.port} already in use on address ${m.address}`);let{value:x}=i.next();x?(O.info(`retry starting server on port ${x} and host ${a??"<unspecified>"}`),w.close(),w.listen(x,a)):(O.warn(`all configured port(s) ${t.port} are in use. closing...`),w.close(),p(m))}else O.error(`server error: ${m.message}`,m),p(m)}),w.on("listening",async()=>{let m=w.address();for(let[x,K]of o.sockets){let F=`${e?"wss":"ws"}://${st}:${m.port}${x}`;await zt(x,K,F,o.storage,c)}O.info(`http server listening on ${m.address}:${m.port}`),h(w)}),w.on("upgrade",(m,x,K)=>{try{u(m,K)}catch(F){O.error(`upgrade error: ${F}`,F)}}).on("close",async()=>{O.info("http server closed.")});try{let{value:m}=i.next();w.listen(m,a)}catch(m){O.error("error starting web socket server",m),p(m instanceof Error?m:new Error(`listen failed: ${m}`))}});return new class{gateway=s;async close(){for(let[h,p]of o.sockets)try{p.close!==void 0&&await p.close()}catch(w){O.warn(`error closing route ${h}`,w)}await Mn(h=>{g.closeAllConnections(),g.close(h)}),n&&await ut(n),s&&await s.stop()}}};var na=Xe;export{Gt as GatewayServer,na as default};
1
+ var Vt=Object.defineProperty;var Jt=(t,e)=>{for(var r in e)Vt(t,r,{get:e[r],enumerable:!0})};var jt={};Jt(jt,{Factory:()=>Ze});import Pn from"node:http";import Rn from"node:https";import{readFileSync as Xe}from"node:fs";import{AsyncLocalStorage as Tn}from"node:async_hooks";import{IOGateway as kn}from"@interopio/gateway";import{networkInterfaces as Qt}from"node:os";var Yt=/^(\d+|(0x[\da-f]+))(-(\d+|(0x[\da-f]+)))?$/i;function ke(t){if(t>65535)throw new Error(`bad port ${t}`);return t}function*et(t){if(typeof t=="string")for(let e of t.split(",")){let r=e.trim(),n=Yt.exec(r);if(n){let o=parseInt(n[1]),s=parseInt(n[4]??n[1]);for(let i=ke(o);i<ke(s)+1;i++)yield i}else throw new Error(`'${e}' is not a valid port or range.`)}else yield ke(t)}var tt=(()=>{function t(r){return r.length>0?r[0]:void 0}let e=Object.values(Qt()).flatMap(r=>(r??[]).filter(n=>n.family==="IPv4")).reduce((r,n)=>(r[n.internal?"internal":"external"].push(n),r),{internal:[],external:[]});return(t(e.internal)??t(e.external))?.address})();function U(t){if(t)return t.family==="IPv6"?`[${t.address}]:${t.port}`:`${t.address}:${t.port}`}import*as Oe from"@interopio/gateway/logging/core";function b(t){return Oe.getLogger(`gateway.server.${t}`)}function rt(t,e){return e instanceof RegExp?e.toString():e}import{IOGateway as Kt}from"@interopio/gateway";import{AsyncLocalStorage as Zt}from"node:async_hooks";var Xt=Kt.Encoding,M=b("ws"),er=Xt.json();function tr(t){let e;if(t.authenticated&&(e=t.name,e===void 0&&t.principal!==void 0)){let r=t.principal;typeof r=="object"&&(e=r.name),e===void 0&&(r===void 0?e="":e=String(r))}return e}function rr(t,e,r){let n=U(r),o=r?.address??"<unknown>",s={key:n,host:o,codec:er,onAuthenticate:async()=>{let i=await e();if(i?.authenticated)return{type:"success",user:tr(i)};throw new Error(`no valid client authentication ${n}`)},onPing:()=>{t.ping(i=>{i?M.warn(`failed to ping ${n}`,i):M.info(`ping sent to ${n}`)})},onDisconnect:i=>{switch(i){case"inactive":{M.warn(`no heartbeat (ping) received from ${n}, closing socket`),t.close(4001,"ping expected");break}case"shutdown":{t.close(1001,"shutdown");break}}}};try{return this.client(i=>t.send(i),s)}catch(i){M.warn(`${n} failed to create client`,i)}}async function nr(t){return M.info(`starting gateway on ${t.endpoint}`),await this.start(t),async({socket:e,handshake:r})=>{let{logPrefix:n,remoteAddress:o,principal:s}=r;M.info(`${n}connected on gw`);let i=rr.call(this,e,s,o);if(!i){M.error(`${n}gw client init failed`),e.terminate();return}e.on("error",c=>{M.error(`${n}websocket error: ${c}`,c)});let a=t.storage!==void 0?Zt.snapshot():void 0;e.on("message",(c,d)=>{Array.isArray(c)&&(c=Buffer.concat(c)),a!==void 0?a(()=>i.send(c)):i.send(c)}),e.on("close",c=>{M.info(`${n}disconnected from gw. code: ${c}`),i.close()})}}var nt=nr;function ot(...t){if(!Array.isArray(t))throw new Error("middleware must be array!");let e=t.flat();for(let r of e)if(typeof r!="function")throw new Error("middleware must be compose of functions!");return async function(r,n){let o=async(s,i)=>{let a=s===e.length?n:e[s];if(a===void 0)return;let c=!1,d=!1,l=await a(i,async g=>{if(c)throw new Error("next() called multiple times");c=!0;try{return await o(s+1,g??i)}finally{d=!0}});if(c&&!d)throw new Error(`middleware resolved before downstream.
2
+ You are probably missing an await or return statement in your middleware function.`);return l};return o(0,r)}}import{isIP as or}from"node:net";import{Cookie as Me}from"tough-cookie";function ir(t,e){let r=t.get("x-forwarded-host");if(Array.isArray(r)&&(r=r[0]),r){let n=t.one("x-forwarded-port");n&&(r=`${r}:${n}`)}return r??=t.one("host"),Array.isArray(r)&&(r=r[0]),r?r.split(",",1)[0].trim():e}function sr(t){let e=t.one("x-forwarded-ssl");return typeof e=="string"&&e.toLowerCase()==="on"}function ar(t,e){let r=t.get("x-forwarded-proto");return Array.isArray(r)&&(r=r[0]),r!==void 0?r.split(",",1)[0].trim():sr(t)?"https":e}function cr(t,e,r){let n=r?r.port:t.protocol==="https:"?443:80,o=e.one("x-forwarded-for");if(Array.isArray(o)&&(o=o[0]),o!==void 0)return o=o.split(",",1)[0].trim(),{address:o,port:Number(n),family:or(o)===6?"IPv6":"IPv4"}}var oe=class{#e;constructor(e){this.#e=e}get headers(){return this.#e}},ie=class t extends oe{static logIdCounter=0;#e;get id(){return this.#e===void 0&&(this.#e=`${this.initId()}-${++t.logIdCounter}`),this.#e}initId(){return"request"}get cookies(){return ur(this.headers)}parseHost(e){return ir(this.headers,e)}parseProtocol(e){return ar(this.headers,e)}parseRemoteAddress(e){return cr(this.URL,this.headers,e)}},se=class extends oe{get cookies(){return lr(this.headers)}setCookieValue(e){return new Me({key:e.name,value:e.value,maxAge:e.maxAge,domain:e.domain,path:e.path,secure:e.secure,httpOnly:e.httpOnly,sameSite:e.sameSite}).toString()}};function dr(t){let e=[];{let r=0,n=0;for(let o=0;o<t.length;o++)switch(t.charCodeAt(o)){case 32:r===n&&(r=n=o+1);break;case 44:e.push(t.slice(r,n)),r=n=o+1;break;default:n=n+1;break}e.push(t.slice(r,n))}return e}function it(t){typeof t=="string"&&(t=[t]),typeof t=="number"&&(t=[String(t)]);let e=[];if(t)for(let r of t)r&&e.push(...dr(r));return e}function ur(t){return t.list("cookie").map(e=>e.split(";").map(r=>Me.parse(r))).flat(1).filter(e=>e!==void 0).map(e=>Object.freeze({name:e.key,value:e.value}))}function lr(t){return t.list("set-cookie").map(e=>{let r=Me.parse(e);if(r){let n={name:r.key,value:r.value,maxAge:Number(r.maxAge??-1)};return r.httpOnly&&(n.httpOnly=!0),r.domain&&(n.domain=r.domain),r.path&&(n.path=r.path),r.secure&&(n.secure=!0),r.httpOnly&&(n.httpOnly=!0),r.sameSite&&(n.sameSite=r.sameSite),Object.freeze(n)}}).filter(e=>e!==void 0)}var Z=class{constructor(){}toList(e){let r=this.get(e);return it(r)}},v=class extends Map{get(e){return super.get(e.toLowerCase())}one(e){return this.get(e)?.[0]}list(e){let r=super.get(e.toLowerCase());return it(r)}set(e,r){return typeof r=="number"&&(r=String(r)),typeof r=="string"&&(r=[r]),r?super.set(e.toLowerCase(),r):(super.delete(e.toLowerCase()),this)}add(e,r){let n=super.get(e.toLowerCase());return typeof r=="string"&&(r=[r]),n&&(r=n.concat(r)),this.set(e,r),this}};var We=class{#e;constructor(e){this.#e=e}get value(){return this.#e}toString(){return this.#e.toString()}},f=class t{static CONTINUE=new t(100,"Continue");static SWITCHING_PROTOCOLS=new t(101,"Switching Protocols");static OK=new t(200,"OK");static CREATED=new t(201,"Created");static ACCEPTED=new t(202,"Accepted");static NON_AUTHORITATIVE_INFORMATION=new t(203,"Non-Authoritative Information");static NO_CONTENT=new t(204,"No Content");static RESET_CONTENT=new t(205,"Reset Content");static PARTIAL_CONTENT=new t(206,"Partial Content");static MULTI_STATUS=new t(207,"Multi-Status");static IM_USED=new t(226,"IM Used");static MULTIPLE_CHOICES=new t(300,"Multiple Choices");static MOVED_PERMANENTLY=new t(301,"Moved Permanently");static BAD_REQUEST=new t(400,"Bad Request");static UNAUTHORIZED=new t(401,"Unauthorized");static FORBIDDEN=new t(403,"Forbidden");static NOT_FOUND=new t(404,"Not Found");static METHOD_NOT_ALLOWED=new t(405,"Method Not Allowed");static NOT_ACCEPTABLE=new t(406,"Not Acceptable");static PROXY_AUTHENTICATION_REQUIRED=new t(407,"Proxy Authentication Required");static REQUEST_TIMEOUT=new t(408,"Request Timeout");static CONFLICT=new t(409,"Conflict");static GONE=new t(410,"Gone");static LENGTH_REQUIRED=new t(411,"Length Required");static PRECONDITION_FAILED=new t(412,"Precondition Failed");static PAYLOAD_TOO_LARGE=new t(413,"Payload Too Large");static URI_TOO_LONG=new t(414,"URI Too Long");static UNSUPPORTED_MEDIA_TYPE=new t(415,"Unsupported Media Type");static EXPECTATION_FAILED=new t(417,"Expectation Failed");static IM_A_TEAPOT=new t(418,"I'm a teapot");static TOO_EARLY=new t(425,"Too Early");static UPGRADE_REQUIRED=new t(426,"Upgrade Required");static PRECONDITION_REQUIRED=new t(428,"Precondition Required");static TOO_MANY_REQUESTS=new t(429,"Too Many Requests");static REQUEST_HEADER_FIELDS_TOO_LARGE=new t(431,"Request Header Fields Too Large");static UNAVAILABLE_FOR_LEGAL_REASONS=new t(451,"Unavailable For Legal Reasons");static INTERNAL_SERVER_ERROR=new t(500,"Internal Server Error");static NOT_IMPLEMENTED=new t(501,"Not Implemented");static BAD_GATEWAY=new t(502,"Bad Gateway");static SERVICE_UNAVAILABLE=new t(503,"Service Unavailable");static GATEWAY_TIMEOUT=new t(504,"Gateway Timeout");static HTTP_VERSION_NOT_SUPPORTED=new t(505,"HTTP Version Not Supported");static VARIANT_ALSO_NEGOTIATES=new t(506,"Variant Also Negotiates");static INSUFFICIENT_STORAGE=new t(507,"Insufficient Storage");static LOOP_DETECTED=new t(508,"Loop Detected");static NOT_EXTENDED=new t(510,"Not Extended");static NETWORK_AUTHENTICATION_REQUIRED=new t(511,"Network Authentication Required");static#e=[];static{Object.keys(t).filter(e=>e!=="VALUES"&&e!=="resolve").forEach(e=>{let r=t[e];r instanceof t&&(Object.defineProperty(r,"name",{enumerable:!0,value:e,writable:!1}),t.#e.push(r))})}static resolve(e){for(let r of t.#e)if(r.value===e)return r}#r;#t;constructor(e,r){this.#r=e,this.#t=r}get value(){return this.#r}get phrase(){return this.#t}toString(){return`${this.#r} ${this.name}`}};function st(t){if(typeof t=="number"){if(t<100||t>999)throw new Error(`status code ${t} should be in range 100-999`);let e=f.resolve(t);return e!==void 0?e:new We(t)}return t}import $e from"node:http";var ae=class extends $e.IncomingMessage{exchange;upgradeHead;get urlBang(){return this.url}get socketEncrypted(){return this.socket.encrypted===!0}},q=class extends $e.ServerResponse{markHeadersSent(){this._header=!0}getRawHeaderNames(){return super.getRawHeaderNames()}},ce=class extends ie{},de=class extends se{#e=[];#r;#t="new";#o=[];setStatusCode(e){return this.#t==="committed"?!1:(this.#r=e,!0)}setRawStatusCode(e){return this.setStatusCode(e===void 0?void 0:st(e))}get statusCode(){return this.#r}addCookie(e){if(this.#t==="committed")throw new Error(`Cannot add cookie ${JSON.stringify(e)} because HTTP response has already been committed`);return this.#e.push(e),this}beforeCommit(e){this.#o.push(e)}get commited(){let e=this.#t;return e!=="new"&&e!=="commit-action-failed"}async body(e){if(e instanceof ReadableStream)throw new Error("ReadableStream body not supported yet");let r=await e;try{return await this.doCommit(async()=>await this.bodyInternal(Promise.resolve(r))).catch(n=>{throw n})}catch(n){throw n}}async end(){return this.commited?Promise.resolve(!1):this.doCommit(async()=>await this.bodyInternal(Promise.resolve()))}doCommit(e){let r=this.#t,n=Promise.resolve();if(r==="new")this.#t="committing",this.#o.length>0&&(n=this.#o.reduce((o,s)=>o.then(()=>s()),Promise.resolve()).catch(o=>{this.#t==="committing"&&(this.#t="commit-action-failed")}));else if(r==="commit-action-failed")this.#t="committing";else return Promise.resolve(!1);return n=n.then(()=>{this.applyStatusCode(),this.applyHeaders(),this.applyCookies(),this.#t="committed"}),n.then(async()=>e!==void 0?await e():!0)}applyStatusCode(){}applyHeaders(){}applyCookies(){}},_=class extends ce{#e;#r;#t;constructor(e){super(new Ie(e)),this.#t=e}getNativeRequest(){return this.#t}get upgrade(){return this.#t.upgrade}get http2(){return this.#t.httpVersionMajor>=2}get path(){return this.URL?.pathname}get URL(){return this.#e??=new URL(this.#t.urlBang,`${this.protocol}://${this.host}`),this.#e}get query(){return this.URL?.search}get method(){return this.#t.method}get host(){let e;return this.#t.httpVersionMajor>=2&&(e=this.#t.headers[":authority"]),e??=this.#t.socket.remoteAddress,super.parseHost(e)}get protocol(){let e;return this.#t.httpVersionMajor>2&&(e=this.#t.headers[":scheme"]),e??=this.#t.socketEncrypted?"https":"http",super.parseProtocol(e)}get socket(){return this.#t.socket}get remoteAddress(){let e=this.#t.socket.remoteFamily,r=this.#t.socket.remoteAddress,n=this.#t.socket.remotePort,o=!e||!r||!n?void 0:{family:e,address:r,port:n};return super.parseRemoteAddress(o)??o}get cookies(){return this.#r??=super.cookies,this.#r}get body(){return $e.IncomingMessage.toWeb(this.#t)}async blob(){let e=[];if(this.body!==void 0)for await(let r of this.body)e.push(r);return new Blob(e,{type:this.headers.one("content-type")||"application/octet-stream"})}async text(){return await(await this.blob()).text()}async formData(){let r=await(await this.blob()).text();return new URLSearchParams(r)}async json(){let e=await this.blob();if(e.size===0)return;let r=await e.text();return JSON.parse(r)}initId(){let e=this.#t.socket.remoteAddress;if(!e)throw new Error("Socket has no remote address");return`${e}:${this.#t.socket.remotePort}`}},Ie=class extends Z{#e;constructor(e){super(),this.#e=e}has(e){return this.#e.headers[e]!==void 0}get(e){return this.#e.headers[e]}list(e){return super.toList(e)}one(e){let r=this.#e.headers[e];return Array.isArray(r)?r[0]:r}keys(){return Object.keys(this.#e.headers).values()}},Le=class extends Z{#e;constructor(e){super(),this.#e=e}has(e){return this.#e.hasHeader(e)}keys(){return this.#e.getHeaderNames().values()}get(e){return this.#e.getHeader(e)}one(e){let r=this.#e.getHeader(e);return Array.isArray(r)?r[0]:r}set(e,r){return this.#e.headersSent||(Array.isArray(r)?r=r.map(n=>typeof n=="number"?String(n):n):typeof r=="number"&&(r=String(r)),r?this.#e.setHeader(e,r):this.#e.removeHeader(e)),this}add(e,r){return this.#e.headersSent||this.#e.appendHeader(e,r),this}list(e){return super.toList(e)}},ue=class extends de{#e;constructor(e){super(new Le(e)),this.#e=e}getNativeResponse(){return this.#e}get statusCode(){return super.statusCode??{value:this.#e.statusCode}}applyStatusCode(){let e=super.statusCode;e!==void 0&&(this.#e.statusCode=e.value)}addCookie(e){return this.headers.add("Set-Cookie",super.setCookieValue(e)),this}async bodyInternal(e){if(this.#e.headersSent)return!1;if(e instanceof ReadableStream)throw new Error("ReadableStream body not supported in response");{let r=await e;return await new Promise((n,o)=>{try{r===void 0?this.#e.end(()=>{n(!0)}):(this.headers.has("content-length")||(typeof r=="string"?this.headers.set("content-length",Buffer.byteLength(r)):r instanceof Blob?this.headers.set("content-length",r.size):this.headers.set("content-length",r.byteLength)),this.#e.end(r,()=>{n(!0)}))}catch(s){o(s instanceof Error?s:new Error(`end failed: ${s}`))}})}}},le=class t{#e;constructor(e){this.#e=e}get delegate(){return this.#e}get id(){return this.#e.id}get method(){return this.#e.method}get path(){return this.#e.path}get protocol(){return this.#e.protocol}get host(){return this.#e.host}get URL(){return this.#e.URL}get headers(){return this.#e.headers}get cookies(){return this.#e.cookies}get remoteAddress(){return this.#e.remoteAddress}get upgrade(){return this.#e.upgrade}get body(){return this.#e.body}async blob(){return await this.#e.blob()}async text(){return await this.#e.text()}async formData(){return await this.#e.formData()}async json(){return await this.#e.json()}toString(){return`${t.name} [delegate: ${this.delegate.toString()}]`}static getNativeRequest(e){if(e instanceof ce)return e.getNativeRequest();if(e instanceof t)return t.getNativeRequest(e.delegate);throw new Error(`Cannot get native request from ${e.constructor.name}`)}},z=class t{#e;constructor(e){this.#e=e}get delegate(){return this.#e}setStatusCode(e){return this.delegate.setStatusCode(e)}setRawStatusCode(e){return this.delegate.setRawStatusCode(e)}get statusCode(){return this.delegate.statusCode}get cookies(){return this.delegate.cookies}addCookie(e){return this.delegate.addCookie(e),this}async end(){return await this.delegate.end()}async body(e){return await this.#e.body(e)}get headers(){return this.#e.headers}toString(){return`${t.name} [delegate: ${this.delegate.toString()}]`}static getNativeResponse(e){if(e instanceof de)return e.getNativeResponse();if(e instanceof t)return t.getNativeResponse(e.delegate);throw new Error(`Cannot get native response from ${e.constructor.name}`)}},pe=class t{#e;constructor(e){this.#e=e}get delegate(){return this.#e}get request(){return this.#e.request}get response(){return this.#e.response}attribute(e){return this.#e.attribute(e)}principal(){return this.#e.principal()}get logPrefix(){return this.#e.logPrefix}toString(){return`${t.name} [delegate: ${this.delegate}]`}},he=class{request;response;#e={};#r;#t="";constructor(e,r){this.#e[at]=e.id,this.request=e,this.response=r}get method(){return this.request.method}get path(){return this.request.path}get attributes(){return this.#e}attribute(e){return this.attributes[e]}principal(){return Promise.resolve(void 0)}get logPrefix(){let e=this.attribute(at);return this.#r!==e&&(this.#r=e,this.#t=e!==void 0?`[${e}] `:""),this.#t}},at="io.interop.gateway.server.log_id";import{getHeapStatistics as pr,writeHeapSnapshot as hr}from"node:v8";import{access as fr,mkdir as gr,rename as ct,unlink as mr}from"node:fs/promises";var y=b("monitoring"),yr={memoryLimit:1024*1024*1024,reportInterval:600*1e3,dumpLocation:".",maxBackups:10,dumpPrefix:"Heap"};function Sr(){return pr()}async function dt(t){let e=t.dumpPrefix??"Heap",r=`${t.dumpLocation}/${e}.heapsnapshot`;y.enabledFor("debug")&&y.debug(`starting heap dump in ${r}`),await Ne(t.dumpLocation).catch(async o=>{y.enabledFor("debug")&&y.debug(`dump location ${t.dumpLocation} does not exists. Will try to create it`);try{await gr(t.dumpLocation,{recursive:!0}),y.info(`dump location dir ${t.dumpLocation} successfully created`)}catch{y.error(`failed to create dump location ${t.dumpLocation}`)}});let n=hr(r);y.info("heap dumped");try{y.debug("rolling snapshot backups");let o=`${t.dumpLocation}/${e}.${t.maxBackups}.heapsnapshot`;await Ne(o).then(async()=>{y.enabledFor("debug")&&y.debug(`deleting ${o}`);try{await mr(o)}catch(i){y.warn(`failed to delete ${o}`,i)}}).catch(()=>{});for(let i=t.maxBackups-1;i>0;i--){let a=`${t.dumpLocation}/${e}.${i}.heapsnapshot`,c=`${t.dumpLocation}/${e}.${i+1}.heapsnapshot`;await Ne(a).then(async()=>{try{await ct(a,c)}catch(d){y.warn(`failed to rename ${a} to ${c}`,d)}}).catch(()=>{})}let s=`${t.dumpLocation}/${e}.1.heapsnapshot`;try{await ct(n,s)}catch(i){y.warn(`failed to rename ${n} to ${s}`,i)}y.debug("snapshots rolled")}catch(o){throw y.error("error rolling backups",o),o}}async function Ne(t){y.enabledFor("trace")&&y.debug(`checking file ${t}`),await fr(t)}async function wr(t,e,r){y.enabledFor("debug")&&y.debug(`processing heap stats ${JSON.stringify(t)}`);let n=Math.min(r.memoryLimit,.95*t.heap_size_limit),o=t.used_heap_size;y.info(`heap stats ${JSON.stringify(t)}`),o>=n?(y.warn(`used heap ${o} bytes exceeds memory limit ${n} bytes`),e.memoryLimitExceeded?delete e.snapshot:(e.memoryLimitExceeded=!0,e.snapshot=!0),await dt(r)):(e.memoryLimitExceeded=!1,delete e.snapshot)}function ut(t){let e={...yr,...t},r=!1,n={memoryLimitExceeded:!1},o=async()=>{let a=Sr();await wr(a,n,e)},s=setInterval(o,e.reportInterval);return{...e,channel:async a=>{if(!r)switch(a??="run",a){case"run":{await o();break}case"dump":{await dt(e);break}case"stop":{r=!0,clearInterval(s),y.info("exit memory diagnostic");break}}return r}}}async function br({channel:t},e){await t(e)||y.warn(`cannot execute command "${e}" already closed`)}async function lt(t){return await br(t,"stop")}import pt from"@interopio/gateway-server/package.json"with{type:"json"};var xr=t=>(t??=`${pt.name} - v${pt.version}`,async({response:e},r)=>{t!==!1&&!e.headers.has("server")&&e.headers.set("Server",t),await r()}),ht=t=>xr(t);import{IOGateway as fe}from"@interopio/gateway";var Fe=b("gateway.ws.client-verify");function Er(t){switch(t.missing){case"allow":case"whitelist":return!0;case"block":case"blacklist":return!1;default:return!1}}function Cr(t,e){let r=t.block??t.blacklist,n=t.allow??t.whitelist;if(r.length>0&&fe.Filtering.valuesMatch(r,e))return Fe.warn(`origin ${e} matches block filter`),!1;if(n.length>0&&fe.Filtering.valuesMatch(n,e))return Fe.enabledFor("debug")&&Fe.debug(`origin ${e} matches allow filter`),!0}function Ar(t){switch(t.non_matched){case"allow":case"whitelist":return!0;case"block":case"blacklist":return!1;default:return!1}}function ft(t,e){if(!e)return!0;if(t){let r=Cr(e,t);return r||Ar(e)}else return Er(e)}function gt(t){if(t){let e=(t.block??t.blacklist??[]).map(fe.Filtering.regexify),r=(t.allow??t.whitelist??[]).map(fe.Filtering.regexify);return{non_matched:t.non_matched??"allow",missing:t.missing??"allow",allow:r,block:e}}}var mt=t=>async e=>{for(let r of t)if((await r(e)).match)return A();return E},G=t=>{let e=async r=>{for(let n of t)if(!(await n(r)).match)return E;return A()};return e.toString=()=>`and(${t.map(r=>r.toString()).join(", ")})`,e},yt=t=>async e=>(await t(e)).match?E:A(),ee=async t=>A();ee.toString=()=>"any-exchange";var St=Object.freeze({}),E=Object.freeze({match:!1,variables:St}),A=(t=St)=>({match:!0,variables:t}),H=(t,e)=>{let r=e?.method,n=async o=>{let s=o.request,i=s.path;if(r!==void 0&&s.method!==r)return E;if(typeof t=="string")return i===t?A():E;{let a=t.exec(i);return a===null?E:{match:!0,variables:{...a.groups}}}};return n.toString=()=>`pattern(${t.toString()}, method=${r??"<any>"})`,n},Be=t=>{let e=r=>{if(t.ignoredMediaTypes!==void 0){for(let n of t.ignoredMediaTypes)if(r===n||n==="*/*")return!0}return!1};return async r=>{let n=r.request,o;try{o=n.headers.list("accept")}catch{return E}for(let s of o)if(!e(s)){for(let i of t.mediaTypes)if(s.startsWith(i))return A()}return E}},B=async({request:t})=>t.upgrade&&t.headers.one("upgrade")?.toLowerCase()==="websocket"?A():E;B.toString=()=>"websocket upgrade";import{IOGateway as wt}from"@interopio/gateway";async function De(t,e,r){let n=(s,i)=>{if(i?.cors){let a=i.cors===!0?{allowOrigins:i.origins?.allow?.map(wt.Filtering.regexify),allowMethods:s.method===void 0?["*"]:[s.method],allowCredentials:i.authorize?.access!=="permitted"?!0:void 0}:i.cors,c=s.path;r.cors.push([c,a])}},o=new class{handle(...s){s.forEach(({request:i,options:a,handler:c})=>{let d=H(wt.Filtering.regexify(i.path),{method:i.method});a?.authorize&&r.authorize.push([d,a.authorize]),n(i,a);let u=async(l,g)=>{let{match:h,variables:p}=await d(l);h?await c(l,p):await g()};r.middleware.push(u)})}socket(...s){for(let{path:i,factory:a,options:c}of s){let d=i??"/";r.sockets.set(d,{default:i===void 0,ping:c?.ping,factory:a,maxConnections:c?.maxConnections,authorize:c?.authorize,originFilters:gt(c?.origins)})}}};await t(o,e)}import{IOGateway as qe}from"@interopio/gateway";function Pr(t){let e=t.headers.one("origin");if(e===void 0)return!0;let r=t.URL,n=r.protocol,o=r.host,s=URL.parse(e),i=s?.host,a=s?.protocol;return n===a&&o===i}function Rr(t){return t.headers.has("origin")&&!Pr(t)}function vt(t){return t.method==="OPTIONS"&&t.headers.has("origin")&&t.headers.has("access-control-request-method")}var bt=["Origin","Access-Control-Request-Method","Access-Control-Request-Headers"],Tr=(t,e)=>{let{request:r,response:n}=t,o=n.headers;if(!o.has("Vary"))o.set("Vary",bt.join(", "));else{let i=o.list("Vary");for(let a of bt)i.find(c=>c===a)||i.push(a);o.set("Vary",i.join(", "))}try{if(!Rr(r))return!0}catch{return P.enabledFor("debug")&&P.debug("reject: origin is malformed"),te(n),!1}if(o.has("access-control-allow-origin"))return P.enabledFor("trace")&&P.debug('skip: already contains "Access-Control-Allow-Origin"'),!0;let s=vt(r);return e?Or(t,e,s):s?(te(n),!1):!0},me=["*"],Ue=["GET","HEAD","POST"],xt={allowOrigins:me,allowMethods:Ue,allowHeaders:me,maxAge:1800};function ye(t){if(t){let e=t.allowHeaders;e&&e!==S&&(t={...t,allowHeaders:e.map(n=>n.toLowerCase())});let r=t.allowOrigins;return r&&(r==="*"?(Ct(t),At(t)):t={...t,allowOrigins:r.map(n=>typeof n=="string"&&n!==S&&(n=qe.Filtering.regexify(n),typeof n=="string")?Ht(n).toLowerCase():n)}),t}}function ge(t,e){if(e===void 0)return t!==void 0?t===S?[S]:t:[];if(t===void 0)return e===S?[S]:e;if(t==me||t===Ue)return e===S?[S]:e;if(e==me||e===Ue)return t===S?[S]:t;if(t===S||t.includes(S)||e===S||e.includes(S))return[S];let r=new Set;return t.forEach(n=>r.add(n)),e.forEach(n=>r.add(n)),Array.from(r)}var re=(t,e)=>e===void 0?t:{allowOrigins:ge(t.allowOrigins,e?.allowOrigins),allowMethods:ge(t.allowMethods,e?.allowMethods),allowHeaders:ge(t.allowHeaders,e?.allowHeaders),exposeHeaders:ge(t.exposeHeaders,e?.exposeHeaders),allowCredentials:e?.allowCredentials??t.allowCredentials,allowPrivateNetwork:e?.allowPrivateNetwork??t.allowPrivateNetwork,maxAge:e?.maxAge??t.maxAge},kr=t=>{let e=t.corsConfigSource,r=t.corsProcessor??Tr;return async(n,o)=>{let s=await e(n);!r(n,s)||vt(n.request)||await o()}},Et=kr,P=b("cors");function te(t){t.setStatusCode(f.FORBIDDEN)}function Or(t,e,r){let{request:n,response:o}=t,s=o.headers,i=n.headers.one("origin"),a=Wr(e,i);if(a===void 0)return P.enabledFor("debug")&&P.debug(`reject: '${i}' origin is not allowed`),te(o),!1;let c=$r(n,r),d=Ir(e,c);if(d===void 0)return P.enabledFor("debug")&&P.debug(`reject: HTTP '${c}' is not allowed`),te(o),!1;let u=Nr(n,r),l=Lr(e,u);if(r&&l===void 0)return P.enabledFor("debug")&&P.debug(`reject: headers '${u}' are not allowed`),te(o),!1;s.set("Access-Control-Allow-Origin",a),r&&s.set("Access-Control-Allow-Methods",d.join(",")),r&&l!==void 0&&l.length>0&&s.set("Access-Control-Allow-Headers",l.join(", "));let g=e.exposeHeaders;return g&&g.length>0&&s.set("Access-Control-Expose-Headers",g.join(", ")),e.allowCredentials&&s.set("Access-Control-Allow-Credentials","true"),e.allowPrivateNetwork&&n.headers.one("access-control-request-private-network")==="true"&&s.set("Access-Control-Allow-Private-Network","true"),r&&e.maxAge!==void 0&&s.set("Access-Control-Max-Age",e.maxAge.toString()),!0}var S="*",Mr=["GET","HEAD"];function Ct(t){if(t.allowCredentials===!0&&t.allowOrigins===S)throw new Error('when allowCredentials is true allowOrigins cannot be "*"')}function At(t){if(t.allowPrivateNetwork===!0&&t.allowOrigins===S)throw new Error('when allowPrivateNetwork is true allowOrigins cannot be "*"')}function Wr(t,e){if(e){let r=t.allowOrigins;if(r){if(r===S)return Ct(t),At(t),S;let n=Ht(e.toLowerCase());for(let o of r)if(o===S||qe.Filtering.valueMatches(o,n))return e}}}function Ir(t,e){if(e){let r=t.allowMethods??Mr;if(r===S)return[e];if(qe.Filtering.valuesMatch(r,e))return r}}function Lr(t,e){if(e===void 0)return;if(e.length==0)return[];let r=t.allowHeaders;if(r===void 0)return;let n=r===S||r.includes(S),o=[];for(let s of e){let i=s?.trim();if(i){if(n)o.push(i);else for(let a of r)if(i.toLowerCase()===a){o.push(i);break}}}if(o.length>0)return o}function Ht(t){return t.endsWith("/")?t.slice(0,-1):t}function $r(t,e){return e?t.headers.one("access-control-request-method"):t.method}function Nr(t,e){let r=t.headers;return e?r.list("access-control-request-headers"):Array.from(r.keys())}var Pt=t=>async e=>{for(let[r,n]of t.mappings)if((await r(e)).match)return P.debug(`resolved cors config on '${e.request.path}' using ${r}: ${JSON.stringify(n)}`),n};import{IOGateway as Fr}from"@interopio/gateway";function Rt(t){let{sockets:e,cors:r}=t,n=t.corsConfig===!1?void 0:re(xt,t.corsConfig),o=[];for(let[i,a]of e){let c=n;for(let[u,l]of r)Fr.Filtering.valueMatches(u,i)&&(l===void 0?c=void 0:c=c===void 0?l:re(c,l));let d=t.corsConfig===!1?void 0:{allowOrigins:a.originFilters?.allow,allowMethods:["GET","CONNECT","OPTIONS"],allowHeaders:["Upgrade","Connection","Origin","Sec-Websocket-Key","Sec-Websocket-Version","Sec-Websocket-Protocol","Sec-Websocket-Extensions"],exposeHeaders:["Sec-Websocket-Accept","Sec-Websocket-Protocol","Sec-Websocket-Extensions"],allowCredentials:a.authorize?.access!=="permitted"?!0:void 0};c=c===void 0?d:re(c,d),o.push([G([B,H(i)]),ye(c)])}let s=[];for(let[i,a]of r){let[,c]=s.find(([u])=>String(u)===String(i))??[i,n];c=c===void 0?a:re(c,a);let d=!1;for(let u of s)if(String(u[0])===String(i)){u[1]=c,d=!0;break}d||s.push([i,c])}for(let[i,a]of s)o.push([H(i),ye(a)]);return o.push([H(/\/api\/.*/),ye(n)]),Pt({mappings:o})}function Tt(t){return t!==void 0&&typeof t.type=="string"&&typeof t.authenticated=="boolean"}var C=class extends Error{_authentication;get authentication(){return this._authentication}set authentication(e){if(e===void 0)throw new TypeError("Authentication cannot be undefined");this._authentication=e}},Se=class extends C{},we=class extends C{};var D=class extends Error{},W=class{constructor(e){this.granted=e}granted},$=class{#e;constructor(e){this.#e=e}async verify(e,r){if(!(await this.#e(e,r))?.granted)throw new D("Access denied")}async authorize(e,r){return await this.#e(e,r)}},j=class extends C{};var R=t=>async e=>{let r=!0,{response:n}=e;for(let o of t.keys())n.headers.has(o)&&(r=!1);if(r)for(let[o,s]of t)n.headers.set(o,s)},Br=()=>R(new v().add("cache-control","no-cache, no-store, max-age=0, must-revalidate").add("pragma","no-cache").add("expires","0")),Dr=()=>R(new v().add("x-content-type-options","nosniff")),Ur=(t,e,r)=>{let n=`max-age=${t}`;e&&(n+=" ; includeSubDomains"),r&&(n+=" ; preload");let o=R(new v().add("strict-transport-security",n)),s=i=>i.request.URL.protocol==="https:";return async i=>{s(i)&&await o(i)}},qr=t=>R(new v().add("x-frame-options",t)),_r=t=>R(new v().add("x-xss-protection",t)),zr=t=>{let e=t===void 0?void 0:R(new v().add("permissions-policy",t));return async r=>{e!==void 0&&await e(r)}},Gr=(t,e)=>{let r=e?"content-security-policy-report-only":"content-security-policy",n=t===void 0?void 0:R(new v().add(r,t));return async o=>{n!==void 0&&await n(o)}},jr=(t="no-referrer")=>R(new v().add("referer-policy",t)),Vr=t=>{let e=t===void 0?void 0:R(new v().add("cross-origin-opener-policy",t));return async r=>{e!==void 0&&await e(r)}},Jr=t=>{let e=t===void 0?void 0:R(new v().add("cross-origin-embedder-policy",t));return async r=>{e!==void 0&&await e(r)}},Qr=t=>{let e=t===void 0?void 0:R(new v().add("cross-origin-resource-policy",t));return async r=>{e!==void 0&&await e(r)}},Yr=(...t)=>async e=>{for(let r of t)await r(e)};function _e(t){let e=[];t?.cache?.disabled||e.push(Br()),t?.contentType?.disabled||e.push(Dr()),t?.hsts?.disabled||e.push(Ur(t?.hsts?.maxAge??365*24*60*60,t?.hsts?.includeSubDomains??!0,t?.hsts?.preload??!1)),t?.frameOptions?.disabled||e.push(qr(t?.frameOptions?.mode??"DENY")),t?.xss?.disabled||e.push(_r(t?.xss?.headerValue??"0")),t?.permissionsPolicy?.disabled||e.push(zr(t?.permissionsPolicy?.policyDirectives)),t?.contentSecurityPolicy?.disabled||e.push(Gr(t?.contentSecurityPolicy?.policyDirectives??"default-src 'self'",t?.contentSecurityPolicy?.reportOnly)),t?.refererPolicy?.disabled||e.push(jr(t?.refererPolicy?.policy??"no-referrer")),t?.crossOriginOpenerPolicy?.disabled||e.push(Vr(t?.crossOriginOpenerPolicy?.policy)),t?.crossOriginEmbedderPolicy?.disabled||e.push(Jr(t?.crossOriginEmbedderPolicy?.policy)),t?.crossOriginResourcePolicy?.disabled||e.push(Qr(t?.crossOriginResourcePolicy?.policy)),t?.writers&&e.push(...t.writers);let r=Yr(...e);return async(n,o)=>{await r(n),await o()}}var V=t=>{let e=t.entryPoint,r=t?.rethrowAuthenticationServiceError??!0;return async({exchange:n},o)=>{if(!r||!(o instanceof j))return e(n,o);throw o}};var Kr="Realm",Xr=t=>`Basic realm="${t}"`,J=t=>{let e=Xr(t?.realm??Kr);return async(r,n)=>{let{response:o}=r;o.setStatusCode(f.UNAUTHORIZED),o.headers.set("WWW-Authenticate",e)}};var kt="Basic ",be=t=>async e=>{let{request:r}=e,n=r.headers.one("authorization");if(!n||!/basic/i.test(n.substring(0)))return;let o=n.length<=kt.length?"":n.substring(kt.length),i=Buffer.from(o,"base64").toString(t?.credentialsEncoding??"utf-8").split(":",2);if(i.length===2)return{type:"UsernamePassword",authenticated:!1,principal:i[0],credentials:i[1]}};import{AsyncLocalStorage as Zr}from"node:async_hooks";var N=class t{static hasSecurityContext(e){return e.getStore()?.securityContext!==void 0}static async getSecurityContext(e){return await e.getStore()?.securityContext}static clearSecurityContext(e){delete e.getStore()?.securityContext}static withSecurityContext(e){return(r=new Zr)=>(r.getStore().securityContext=e,r)}static withAuthentication(e){return t.withSecurityContext(Promise.resolve({authentication:e}))}static async getContext(e){if(t.hasSecurityContext(e))return t.getSecurityContext(e)}};async function en(t,e,r,n,o,s){let a=await(await n(t))?.(r);if(a===void 0)throw new Error("No authentication manager found for the exchange");try{await tn(a,{exchange:t,next:e},o,s)}catch(c){throw c instanceof C,c}}async function tn(t,e,r,n){N.withAuthentication(t)(n),await r(e,t)}function Q(t){let e={matcher:ee,successHandler:async({next:n})=>{await n()},converter:be({}),failureHandler:V({entryPoint:J({})}),...t},r=e.managerResolver;if(r===void 0&&e.manager!==void 0){let n=e.manager;r=async o=>n}if(r===void 0)throw new Error("Authentication filter requires a managerResolver or a manager");return async(n,o)=>{let i=(await e.matcher(n)).match?await e.converter(n):void 0;if(i===void 0){await o();return}try{await en(n,o,i,r,e.successHandler,e.storage)}catch(a){if(a instanceof C){await e.failureHandler({exchange:n,next:o},a);return}throw a}}}var Ot=t=>async(e,r)=>{e.response.setStatusCode(t.httpStatus)};var Y=b("auth.entry-point"),ve=t=>{let e=t.defaultEntryPoint??(async({response:r},n)=>{r.setStatusCode(f.UNAUTHORIZED),await r.end()});return async(r,n)=>{for(let[o,s]of t.entryPoints)if(Y.enabledFor("debug")&&Y.debug(`trying to match using: ${o}`),(await o(r)).match)return Y.enabledFor("debug")&&Y.debug(`match found. using default entry point ${s}`),s(r,n);return Y.enabledFor("debug")&&Y.debug(`no match found. using default entry point ${e}`),e(r,n)}};var Mt=t=>async({exchange:e,next:r},n)=>{for(let o of t)await o({exchange:e,next:r},n)};function ze(t){let e=async g=>g.request.headers.list("X-Requested-With").includes("XMLHttpRequest")?A():E,r=ve({entryPoints:[[e,Ot({httpStatus:f.UNAUTHORIZED})]],defaultEntryPoint:J({})}),n=t.entryPoint??r,o=t.manager,s=Be({mediaTypes:["application/atom+xml","application/x-www-form-urlencoded","application/json","application/octet-stream","application/xml","multipart/form-data","text/xml"],ignoredMediaTypes:["*/*"]}),i=yt(Be({mediaTypes:["text/html"]})),a=G([i,s]),c=mt([e,a]);t.defaultEntryPoints.push([c,n]);let d=t.failureHandler??V({entryPoint:n}),u=Mt(t.successHandlers??t.defaultSuccessHandlers),l=be({});return Q({storage:t.storage,manager:o,failureHandler:d,successHandler:u,converter:l})}var Wt={invalid_request:"invalid_request",invalid_token:"invalid_token",insufficient_scope:"insufficient_scope"},It="https://tools.ietf.org/html/rfc6750#section-3.1";function xe(t){return{errorCode:Wt.invalid_token,httpStatus:f.UNAUTHORIZED,description:t,uri:It}}function Ge(t){return{errorCode:Wt.invalid_request,httpStatus:f.BAD_REQUEST,description:t,uri:It}}var rn="access_token",nn=/^Bearer\s+(?<token>[a-zA-Z0-9-._~+/]+=*)$/i,k=class extends C{error;constructor(e,r,n){super(r??(typeof e=="string"?void 0:e.description),n),this.error=typeof e=="string"?{errorCode:e}:e}},Lt=t=>t.type==="BearerToken",on=t=>async e=>{let{request:r}=e;return Promise.all([an(r.headers,t?.headerName).then(n=>n!==void 0?[n]:void 0),cn(r,t?.uriQueryParameter),dn(e,t?.formEncodedBodyParameter)]).then(n=>n.filter(o=>o!==void 0).flat(1)).then(sn).then(n=>{if(n)return{authenticated:!1,type:"BearerToken",token:n}})};async function sn(t){if(t.length===0)return;if(t.length>1){let r=Ge("Found multiple access tokens in the request");throw new k(r)}let e=t[0];if(!e||e.length===0){let r=Ge("The requested access token parameter is an empty string");throw new k(r)}return e}async function an(t,e="authorization"){let r=t.one(e);if(!r||!/bearer/i.test(r.substring(0)))return;let n=nn.exec(r);if(n===null){let o=xe("Bearer token is malformed");throw new k(o)}return n.groups?.token}async function $t(t){let e=t.getAll(rn);if(e.length!==0)return e}async function cn(t,e=!1){if(!(!e||t.method!=="GET"))return $t(t.URL.searchParams)}async function dn(t,e=!1){let{request:r}=t;if(!e||r.headers.one("content-type")!=="application/x-www-form-urlencoded"||r.method!=="POST")return;let n=await t.request.formData();if(n)return $t(n)}var Ee=on;function un(t){let e="Bearer";if(t.size!==0){e+=" ";let r=0;for(let[n,o]of t)e+=`${n}="${o}"`,r!==t.size-1&&(e+=", "),r++}return e}var Nt=t=>t.httpStatus!==void 0;function ln(t){if(t instanceof k){let{error:e}=t;if(Nt(e))return e.httpStatus}return f.UNAUTHORIZED}function pn(t,e){let r=new Map;if(e&&r.set("realm",e),t instanceof k){let{error:n}=t;r.set("error",n.errorCode),n.description&&r.set("error_description",n.description),n.uri&&r.set("error_uri",n.uri),Nt(n)&&n.scope&&r.set("scope",n.scope)}return r}var hn=t=>async(e,r)=>{let n=ln(r),o=pn(r,t?.realmName),s=un(o),{response:i}=e;i.headers.set("WWW-Authenticate",s),i.setStatusCode(n),await i.end()},Ce=hn;var fn=t=>{let e=t?.principalClaimName??"sub";return r=>({type:"JwtToken",authenticated:!0,name:r.getClaimAsString(e)})},gn=t=>async e=>t(e),K=class extends Error{},ne=class extends K{};function mn(t){if(t instanceof ne)return new k(xe(t.message),t.message,{cause:t});throw new j(t.message,{cause:t})}function je(t){let e=t.decoder,r=t.authConverter??gn(fn({}));return async n=>{if(Lt(n)){let o=n.token;try{let s=await e(o);return await r(s)}catch(s){throw s instanceof K?mn(s):s}}}}function Ve(t){let e=t.entryPoint??Ce({}),r=t?.converter??Ee({}),n=t.failureHandler??V({entryPoint:e});if(t.managerResolver!==void 0)return Q({storage:t.storage,converter:r,failureHandler:n,managerResolver:t.managerResolver});if(t.jwt!==void 0){let o=t.jwt.manager??je(t.jwt);return Q({storage:t.storage,converter:r,failureHandler:n,managerResolver:async s=>o})}throw new Error("Invalid resource server configuration: either managerResolver or jwt must be provided")}import{jwtVerifier as wn,JwtVerifyError as bn}from"@interopio/gateway/jose/jwt";async function Ft(t,e,r){let n=new Se("Full authentication is required to access this resource."),o=new C("Access Denied",{cause:n});e&&(o.authentication=e),await r(t,o)}function yn(t){return async(e,r)=>{e.response.setStatusCode(t),e.response.headers.set("Content-Type","text/plain; charset=utf-8");let n=Buffer.from("Access Denied","utf-8");e.response.headers.set("Content-Length",n.length),await e.response.body(n)}}var Bt=t=>{let e=yn(f.FORBIDDEN),r=t.authenticationEntryPoint??J();return async(n,o)=>{try{await o()}catch(s){if(s instanceof D){let i=await n.principal();Tt(i)?(i.authenticated||await e(n,s),await Ft(n,i,r)):await Ft(n,void 0,r);return}throw s}}};var Sn=b("security.auth");function Je(t){let e=async(r,n)=>{let o;for(let[s,i]of t.mappings)if((await s(n))?.match){Sn.debug(`checking authorization on '${n.request.path}' using [${s}, ${i}]`);let a=await i.authorize(r,{exchange:n});if(a!==void 0){o=a;break}}return o??=new W(!1),o};return new $(e)}var Ae=b("security.auth");function Qe(t){let{manager:e,storage:r}=t;return async(n,o)=>{let s=N.getContext(r).then(i=>i?.authentication);try{await e.verify(s,n),Ae.enabledFor("debug")&&Ae.debug("authorization successful")}catch(i){throw i instanceof D&&Ae.enabledFor("debug")&&Ae.debug(`authorization failed: ${i.message}`),i}await o()}}var Ye=class extends pe{#e;constructor(e,r){super(e),this.#e=r}async principal(){return(await this.#e())?.authentication}},Dt=t=>{let e=t.storage;return async(r,n)=>{await n(new Ye(r,async()=>await N.getContext(e)))}};var I={first:Number.MAX_SAFE_INTEGER,http_headers:100,https_redirect:200,cors:300,http_basic:600,authentication:800,security_context_server_web_exchange:1500,error_translation:1800,authorization:1900,last:Number.MAX_SAFE_INTEGER},L=Symbol.for("filterOrder"),Ut=(t,e)=>{let r=[];class n{#e;#r=[];manager;get authenticationEntryPoint(){return this.#e!==void 0||this.#r.length===0?this.#e:this.#r.length===1?this.#r[0][1]:ve({entryPoints:this.#r,defaultEntryPoint:this.#r[this.#r.length-1][1]})}build(){if(t.headers!==void 0&&t.headers.disabled!==!0){let a=_e(t.headers);a[L]=I.http_headers,r.push(a)}if(t.cors?.disabled!==!0&&e.corsConfigSource!==void 0){let a=Et({corsConfigSource:e.corsConfigSource});a[L]=I.cors,r.push(a)}if(t.basic!==void 0&&t.basic?.disabled!==!0){let a=t.basic.user?.name.toLowerCase(),c=t.basic.user?.password??"",d=t.basic.user?.authorities??[],u=async h=>{let p=h.principal,w=h.credentials;if(p.toLowerCase()!==a||w!==c)throw new we("Invalid username or password");return{type:"UsernamePassword",authenticated:!0,principal:p,credentials:w,authorities:[...d]}},l=[async({exchange:h,next:p},w)=>p()],g=ze({storage:e.storage,manager:u,defaultEntryPoints:this.#r,defaultSuccessHandlers:l});g[L]=I.http_basic,r.push(g)}if(t.jwt!==void 0&&t.jwt.disabled!==!0){let a=wn({issuerBaseUri:t.jwt.issuerUri,issuer:t.jwt.issuer,audience:t.jwt.audience}),c=async h=>{try{let{payload:p}=await a(h);return{subject:p.sub,getClaimAsString(w){return p[w]}}}catch(p){throw p instanceof bn?new ne(p.message,{cause:p}):new K("error occurred while attempting to decoding jwt",{cause:p})}},d=Ee({uriQueryParameter:!0}),u=async h=>{try{return await d(h)===void 0?E:A()}catch{return E}},l=Ce({});this.#r.push([u,l]);let g=Ve({storage:e.storage,entryPoint:l,converter:d,jwt:{decoder:c}});g[L]=I.authentication,r.push(g)}let i=Dt({storage:e.storage});if(r.push(i),i[L]=I.security_context_server_web_exchange,t.authorize!==void 0){let a=Bt({authenticationEntryPoint:this.authenticationEntryPoint});a[L]=I.error_translation,r.push(a);let d=(l=>{let g=[],h=!1;for(let[p,w]of l??[]){let m;if(p==="any-exchange")h=!0,m=ee;else{if(h)throw new Error("Cannot register other matchers after 'any-exchange' matcher");m=p}let x;if(w.access==="permitted")x=new $(async()=>new W(!0)),x.toString=()=>"AuthorizationManager[permitted]";else if(w.access==="denied")x=new $(async()=>new W(!1)),x.toString=()=>"AuthorizationManager[denied]";else if(w.access==="authenticated")x=new $(async X=>{let F=await X;return F!==void 0?new W(F.authenticated):new W(!1)}),x.toString=()=>"AuthorizationManager[authenticated]";else throw new Error(`Unknown access type: ${JSON.stringify(w)}`);g.push([m,x])}return Je({mappings:g})})(t.authorize),u=Qe({manager:d,storage:e.storage});u[L]=I.authorization,r.push(u)}r.sort((a,c)=>{let d=a[L]??I.last,u=c[L]??I.last;return d-u})}}return new n().build(),r};function vn(t){let e=[],r={access:t.authConfig?.type!=="none"?"authenticated":"permitted"};for(let[n,o]of t.sockets){let s=o.authorize??r,i=H(n,{method:"GET"});i=G([B,i]),e.push([i,s])}return e.push([H("/",{method:"GET"}),{access:"permitted"}]),e.push([H("/favicon.ico",{method:"GET"}),{access:"permitted"}]),e.push([H("/health",{method:"GET"}),{access:"permitted"}]),t.authorize.length>0&&e.push(...t.authorize),e.push(["any-exchange",r]),{authorize:e,cors:{disabled:t.corsConfig===!1},basic:{disabled:t.authConfig?.type!=="basic",...t.authConfig?.basic},jwt:{disabled:t.authConfig?.type!=="oauth2",...t.authConfig?.oauth2?.jwt}}}async function qt(t){let e=Rt(t),r=vn(t),{storage:n}=t;return Ut(r,{storage:n,corsConfigSource:e})}import{AsyncLocalStorage as xn}from"node:async_hooks";var He=class extends z{},Ke=class{#e;#r=!1;#t;#o;constructor(e,r){this.#e=e,this.#t=r}createExchange(e,r){return new he(e,r)}set storage(e){this.#o=e}set enableLoggingRequestDetails(e){this.#r=e}formatHeaders(e){let r="{";for(let n of e.keys())if(this.#r){let o=e.get(n);r+=`"${n}": "${o}", `}else{r+="masked, ";break}return r.endsWith(", ")&&(r=r.slice(0,-2)),r+="}",r}formatRequest(e){let r=e.URL.search;return`HTTP ${e.method} "${e.path}${r}`}logRequest(e){if(this.#e.enabledFor("debug")){let r=this.#e.enabledFor("trace");this.#e.debug(`${e.logPrefix}${this.formatRequest(e.request)}${r?`, headers: ${this.formatHeaders(e.request.headers)}`:""}"`)}}logResponse(e){if(this.#e.enabledFor("debug")){let r=this.#e.enabledFor("trace"),n=e.response.statusCode;this.#e.debug(`${e.logPrefix}Completed ${n??"200 OK"}${r?`, headers: ${this.formatHeaders(e.response.headers)}`:""}"`)}}handleUnresolvedError(e,r){let{request:n,response:o,logPrefix:s}=e;if(o.setStatusCode(f.INTERNAL_SERVER_ERROR)){this.#e.error(`${s}500 Server Error for ${this.formatRequest(n)}`,r);return}throw this.#e.error(`${s}Error [${r.message} for ${this.formatRequest(n)}, but already ended (${o.statusCode})`,r),r}async web(e){return await this.#t(e)}async http(e,r){let n=this.createExchange(e,r),o=()=>(this.logRequest(n),this.web(n).then(()=>{this.logResponse(n)}).catch(s=>{this.handleUnresolvedError(n,s)}).then(async()=>{await n.response.end()}));await new Promise((s,i)=>{this.#o!==void 0?this.#o.run({exchange:n},()=>{o().then(()=>s()).catch(a=>i(a))}):o().then(()=>s()).catch(a=>i(a))})}},Pe=class{#e;#r=new xn;#t;storage(e){return this.#r=e,this}httpHandlerDecorator(e){if(this.#t===void 0)this.#t=e;else{let r=this.#t;this.#t=n=>(n=r(n),e(n))}return this}constructor(e){this.#e=e}build(){let e=b("http"),r=new Ke(e,this.#e);this.#r!==void 0&&(r.storage=this.#r),r.enableLoggingRequestDetails=!1;let n=async(o,s)=>r.http(o,s);return this.#t?this.#t(n):n}};import{WebSocketServer as Cn}from"ws";function _t(t,e){let r=t?.exchange,n=r?.request??new _(t),o=r?.principal,s=o?o.bind(r):async function(){},i=n.URL,a=new v;for(let g of n.headers.keys())a.set(g,n.headers.list(g));let c=n.cookies,d=r?.logPrefix??`[${n.id}] `,u=n.remoteAddress;return{url:i,headers:a,cookies:c,principal:s,protocol:e,remoteAddress:u,logPrefix:d}}function zt(t){return[async(r,n)=>{let s=r.request.path??"/",i=t.sockets,a=i.get(s)??Array.from(i.values()).find(c=>{if(s==="/"&&c.default===!0)return!0});if(a!==void 0){let{request:c,response:d}=r,u=await B(r);if((c.method==="GET"||c.method==="CONNECT")&&u.match)if(a.upgradeStrategy!==void 0){a.upgradeStrategy(r);return}else throw new Error(`No upgrade strategy defined for route on ${s}`);else{if(a.default){await n();return}d.setStatusCode(f.UPGRADE_REQUIRED),d.headers.set("Upgrade","websocket").set("Connection","Upgrade").set("Content-Type","text/plain");let l=Buffer.from(`This service [${c.path}] requires use of the websocket protocol.`,"utf-8");await d.body(l)}}else await n()}]}import{WebSocket as En}from"ws";var Re=class extends En{constructor(e,r,n){super(null,void 0,n)}connected},Te=class t{static#e=Buffer.alloc(0);static#r=[0,Buffer.alloc(8)];#t;#o;#i;#s=!1;#n;constructor(e,r,n){this.#n=e,this.#o=typeof n=="number"?n:n?.interval,this.#t=typeof n=="number"||n?.data==="timestamp"?()=>t.#d(Date.now()):()=>t.#e,this.#o&&(this.#i=setInterval(()=>{let[o,s]=r();for(let i of s)this.#a(i,o)||this.#c(i,o)},this.#o))}#a(e,r){return e.connected===!1?(this.#n.enabledFor("debug")&&this.#n.debug(`terminating unresponsive ws client on [${r}]`),e.terminate(),!0):!1}#c(e,r){e.connected=!1;let n=this.#t();this.#n.enabledFor("trace")&&this.#n.debug(`pinging ws client on [${r}]`),e.ping(n,this.#s,o=>{o&&this.#n.enabledFor("warn")&&this.#n.warn(`failed to ping ws client on [${r}]`,o)})}static#d(e=Date.now()){if(e-t.#r[0]>0){let r=Buffer.allocUnsafe(8);r.writeBigInt64BE(BigInt(e),0),t.#r=[e,r]}return t.#r[1]}static#u(e){return e.length===8?Number(e.readBigInt64BE(0)):0}close(){clearInterval(this.#i)}handlePing(e,r,n){r.connected=!0,r.pong(n,!1,o=>{o&&this.#n.enabledFor("warn")&&this.#n.warn(`${e.logPrefix}failed to pong ws client ${U(e.remoteAddress)}`,o)})}handlePong(e,r,n){if(r.connected=!0,this.#n.enabledFor("warn")){let o=t.#u(n);if(o>0){let s=Date.now()-o;this.#n.enabledFor("debug")&&this.#n.debug(`${e.logPrefix}ws client ${U(e.remoteAddress)} ping-pong latency: ${s}ms`),this.#o&&s>this.#o/2&&this.#n.enabledFor("warn")&&this.#n.warn(`${e.logPrefix}ws client ${U(e.remoteAddress)} high ping-pong latency: ${s}ms`)}}}};var T=b("ws");function An(t,e,r,n){return o=>{let{logPrefix:s,request:i}=o,a=le.getNativeRequest(i);a.exchange=o;let{socket:c,upgradeHead:d}=a,u=i.host;if(c.removeListener("error",n),e.maxConnections!==void 0&&r.clients?.size>=e.maxConnections){T.warn(`${s}dropping ws connection request on ${u}${t}. max connections exceeded.`),c.destroy();return}let l=i.headers.one("origin");if(!ft(l,e.originFilters)){T.enabledFor("info")&&T.info(`${s}dropping ws connection request on ${u}${t}. origin ${l??"<missing>"}`),c.destroy();return}T.enabledFor("debug")&&T.debug(`${s}accepted new ws connection request on ${u}${t}`),r.handleUpgrade(a,c,d,(g,h)=>{r.emit("connection",g,h)})}}function Hn(t,e){let r=new Set;t.forEach((o,s)=>{if(s===0&&o.startsWith("HTTP/1.1 101 ")){e.setStatusCode(f.SWITCHING_PROTOCOLS);return}let[i,a]=o.split(": ");e.headers.has(i)?t[s]=`${i}: ${e.headers.one(i)}`:e.headers.set(i,a),r.add(i.toLowerCase())});let n=z.getNativeResponse(e);for(let o of n.getRawHeaderNames()){let s=o.toLowerCase();if(!r.has(s)){let i=e.headers.get(s);i!==void 0&&t.push(`${o}: ${i}`)}}n.markHeadersSent()}async function Gt(t,e,r,n,o){try{T.info(`creating ws server for [${t}]. max connections: ${e.maxConnections??"<unlimited>"}, origin filters: ${e.originFilters?JSON.stringify(e.originFilters,rt):"<none>"}, ping: ${typeof e.ping=="number"?e.ping+"ms":e.ping?JSON.stringify(e.ping):"<none>"}`);let s=new Cn({noServer:!0,WebSocket:Re,autoPong:!1}),i=new Te(T.child("pings"),()=>[t,s.clients],e.ping),a=await e.factory({endpoint:r,storage:n});s.on("error",c=>{T.error(`error starting the ws server for [${t}]`,c)}).on("listening",()=>{T.info(`ws server for [${t}] is listening`)}).on("headers",(c,d)=>{if(d.exchange!==void 0){let{response:u}=d.exchange;Hn(c,u)}}).on("connection",(c,d)=>{let u=_t(d,c.protocol);c.on("pong",l=>{i.handlePong(u,c,l)}),c.on("ping",l=>{i.handlePing(u,c,l)}),a({socket:c,handshake:u})}),s.on("close",()=>{i.close()}),e.upgradeStrategy=An(t,e,s,o),e.close=async()=>{await a.close?.call(a),T.info(`stopping ws server for [${t}]. clients: ${s.clients?.size??0}`),s.clients?.forEach(c=>{c.terminate()}),s.close()}}catch(s){T.warn(`failed to init route ${t}`,s)}}var O=b("app");function On(t){let e={};return t.key&&(e.key=Xe(t.key)),t.cert&&(e.cert=Xe(t.cert)),t.ca&&(e.ca=Xe(t.ca)),e}async function Mn(t,e){let r=t.build();return async(n,o)=>{n.socket.addListener("error",e);let s;o instanceof q?s=o:(n.upgradeHead=o,s=new q(n),s.assignSocket(n.socket));let i=new _(n),a=new ue(s),c=i.method==="HEAD"?new He(a):a;await r(i,c)}}function Wn(t){return new Promise((e,r)=>{let n=t(o=>{o?r(o):e(n)})})}function In(t){if(t)return ut({memoryLimit:t.memory_limit,dumpLocation:t.dump_location,dumpPrefix:t.dump_prefix,reportInterval:t.report_interval,maxBackups:t.max_backups})}async function Ln(t){let e=t.storage,r=await qt(t),n=zt(t),o=ot(ht(t.serverHeader),...r,...n,...t.middleware,async({request:s,response:i},a)=>{if(s.method==="GET"&&s.path==="/health"){i.setStatusCode(f.OK);let c=Buffer.from("UP","utf-8");i.headers.set("Content-Type","text/plain; charset=utf-8"),await i.body(c)}else await a()},async({request:s,response:i},a)=>{if(s.method==="GET"&&s.path==="/"){i.setStatusCode(f.OK);let c=Buffer.from("io.Gateway Server","utf-8");i.headers.set("Content-Type","text/plain; charset=utf-8"),await i.body(c)}else await a()},async({response:s},i)=>{s.setStatusCode(f.NOT_FOUND),await s.end()});return new Pe(o).storage(e)}var Ze=async t=>{let e=t.ssl,r=e?(h,p)=>Rn.createServer({...h,...On(e)},p):(h,p)=>Pn.createServer(h,p),n=In(t.memory),o={middleware:[],corsConfig:t.cors,cors:[],authConfig:t.auth,authorize:[],storage:new Tn,sockets:new Map},s=kn.Factory({...t.gateway});if(t.gateway){let h=t.gateway;await De(async p=>{p.socket({path:h.route,factory:nt.bind(s),options:h})},t,o)}t.app&&await De(t.app,t,o);let i=et(t.port??0),a=t.host,c=h=>O.error(`socket error: ${h}`,h),d=await Ln(o),u=await Mn(d,c),g=await new Promise((h,p)=>{let w=r({IncomingMessage:ae,ServerResponse:q,...t.http},u);w.on("error",m=>{if(m.code==="EADDRINUSE"){O.debug(`port ${m.port} already in use on address ${m.address}`);let{value:x}=i.next();x?(O.info(`retry starting server on port ${x} and host ${a??"<unspecified>"}`),w.close(),w.listen(x,a)):(O.warn(`all configured port(s) ${t.port} are in use. closing...`),w.close(),p(m))}else O.error(`server error: ${m.message}`,m),p(m)}),w.on("listening",async()=>{let m=w.address();for(let[x,X]of o.sockets){let F=`${e?"wss":"ws"}://${tt}:${m.port}${x}`;await Gt(x,X,F,o.storage,c)}O.info(`http server listening on ${m.address}:${m.port}`),h(w)}),w.on("upgrade",(m,x,X)=>{try{u(m,X)}catch(F){O.error(`upgrade error: ${F}`,F)}}).on("close",async()=>{O.info("http server closed.")});try{let{value:m}=i.next();w.listen(m,a)}catch(m){O.error("error starting web socket server",m),p(m instanceof Error?m:new Error(`listen failed: ${m}`))}});return new class{gateway=s;async close(){for(let[h,p]of o.sockets)try{p.close!==void 0&&await p.close()}catch(w){O.warn(`error closing route ${h}`,w)}await Wn(h=>{g.closeAllConnections(),g.close(h)}),n&&await lt(n),s&&await s.stop()}}};var sa=Ze;export{jt as GatewayServer,sa as default};
3
3
  //# sourceMappingURL=index.js.map