@interopio/gateway-server 0.19.2 → 0.19.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/changelog.md +12 -0
  2. package/dist/gateway-ent.cjs +2 -2
  3. package/dist/gateway-ent.cjs.map +1 -1
  4. package/dist/gateway-ent.js +2 -2
  5. package/dist/gateway-ent.js.map +1 -1
  6. package/dist/index.cjs +2 -2
  7. package/dist/index.cjs.map +4 -4
  8. package/dist/index.js +2 -2
  9. package/dist/index.js.map +4 -4
  10. package/dist/web/test.js +2 -2
  11. package/dist/web/test.js.map +2 -2
  12. package/gateway-server.d.ts +6 -1
  13. package/package.json +2 -2
  14. package/readme.md +9 -0
package/dist/index.cjs CHANGED
@@ -1,3 +1,3 @@
1
- "use strict";var lr=Object.create;var se=Object.defineProperty;var pr=Object.getOwnPropertyDescriptor;var hr=Object.getOwnPropertyNames;var fr=Object.getPrototypeOf,gr=Object.prototype.hasOwnProperty;var at=(t,e)=>{for(var r in e)se(t,r,{get:e[r],enumerable:!0})},ct=(t,e,r,n)=>{if(e&&typeof e=="object"||typeof e=="function")for(let o of hr(e))!gr.call(t,o)&&o!==r&&se(t,o,{get:()=>e[o],enumerable:!(n=pr(e,o))||n.enumerable});return t};var Z=(t,e,r)=>(r=t!=null?lr(fr(t)):{},ct(e||!t||!t.__esModule?se(r,"default",{value:t,enumerable:!0}):r,t)),mr=t=>ct(se({},"__esModule",{value:!0}),t);var Bn={};at(Bn,{GatewayServer:()=>st,default:()=>Fn});module.exports=mr(Bn);var st={};at(st,{Factory:()=>it});var ar=Z(require("node:http"),1),cr=Z(require("node:https"),1),Ne=require("node:fs"),dr=require("node:async_hooks"),ur=require("@interopio/gateway");var Fe=Z(require("@interopio/gateway/logging/core"),1);function b(t){return Fe.getLogger(`gateway.server.${t}`)}function dt(t,e){return e instanceof RegExp?e.toString():e}var ut=require("@interopio/gateway"),lt=require("node:async_hooks"),yr=ut.IOGateway.Encoding,M=b("ws"),Sr=yr.json();function wr(t){let e;if(t.authenticated&&(e=t.name,e===void 0&&t.principal!==void 0)){let r=t.principal;typeof r=="object"&&(e=r.name),e===void 0&&(r===void 0?e="":e=String(r))}return e}function br(t,e,r){let n=`${r?.address}:${r?.port}`,o=r?.address??"<unknown>",s={key:n,host:o,codec:Sr,onAuthenticate:async()=>{let i=await e();if(i?.authenticated)return{type:"success",user:wr(i)};throw new Error(`no valid client authentication ${n}`)},onPing:()=>{t.ping(i=>{i?M.warn(`failed to ping ${n}`,i):M.info(`ping sent to ${n}`)})},onDisconnect:i=>{switch(i){case"inactive":{M.warn(`no heartbeat (ping) received from ${n}, closing socket`),t.close(4001,"ping expected");break}case"shutdown":{t.close(1001,"shutdown");break}}}};try{return this.client(i=>t.send(i),s)}catch(i){M.warn(`${n} failed to create client`,i)}}async function vr(t){return M.info(`starting gateway on ${t.endpoint}`),await this.start(t),async({socket:e,handshake:r})=>{let{logPrefix:n,remoteAddress:o,principal:s}=r;M.info(`${n}connected on gw using ${o?.address}`);let i=br.call(this,e,s,o);if(!i){M.error(`${n}gw client init failed`),e.terminate();return}e.on("error",c=>{M.error(`${n}websocket error: ${c}`,c)});let a=t.storage!==void 0?lt.AsyncLocalStorage.snapshot():void 0;e.on("message",(c,d)=>{Array.isArray(c)&&(c=Buffer.concat(c)),a!==void 0?a(()=>i.send(c)):i.send(c)}),e.on("close",c=>{M.info(`${n}disconnected from gw. code: ${c}`),i.close()})}}var pt=vr;function ht(...t){if(!Array.isArray(t))throw new Error("middleware must be array!");let e=t.flat();for(let r of e)if(typeof r!="function")throw new Error("middleware must be compose of functions!");return async function(r,n){let o=async(s,i)=>{let a=s===e.length?n:e[s];if(a===void 0)return;let c=!1,d=!1,l=await a(i,async g=>{if(c)throw new Error("next() called multiple times");c=!0;try{return await o(s+1,g??i)}finally{d=!0}});if(c&&!d)throw new Error(`middleware resolved before downstream.
2
- You are probably missing an await or return statement in your middleware function.`);return l};return o(0,r)}}var ft=require("node:net"),ue=require("tough-cookie");function xr(t,e){let r=t.get("x-forwarded-host");if(Array.isArray(r)&&(r=r[0]),r){let n=t.one("x-forwarded-port");n&&(r=`${r}:${n}`)}return r??=t.one("host"),Array.isArray(r)&&(r=r[0]),r?r.split(",",1)[0].trim():e}function Er(t){let e=t.one("x-forwarded-ssl");return typeof e=="string"&&e.toLowerCase()==="on"}function Cr(t,e){let r=t.get("x-forwarded-proto");return Array.isArray(r)&&(r=r[0]),r!==void 0?r.split(",",1)[0].trim():Er(t)?"https":e}function Ar(t,e,r){let n=r?r.port:t.protocol==="https:"?443:80,o=e.one("x-forwarded-for");if(Array.isArray(o)&&(o=o[0]),o!==void 0)return o=o.split(",",1)[0].trim(),{address:o,port:Number(n),family:(0,ft.isIP)(o)===6?"IPv6":"IPv4"}}var ae=class{#e;constructor(e){this.#e=e}get headers(){return this.#e}},ce=class t extends ae{static logIdCounter=0;#e;get id(){return this.#e===void 0&&(this.#e=`${this.initId()}-${++t.logIdCounter}`),this.#e}initId(){return"request"}get cookies(){return Pr(this.headers)}parseHost(e){return xr(this.headers,e)}parseProtocol(e){return Cr(this.headers,e)}parseRemoteAddress(e){return Ar(this.URL,this.headers,e)}},de=class extends ae{get cookies(){return Rr(this.headers)}setCookieValue(e){return new ue.Cookie({key:e.name,value:e.value,maxAge:e.maxAge,domain:e.domain,path:e.path,secure:e.secure,httpOnly:e.httpOnly,sameSite:e.sameSite}).toString()}};function Hr(t){let e=[];{let r=0,n=0;for(let o=0;o<t.length;o++)switch(t.charCodeAt(o)){case 32:r===n&&(r=n=o+1);break;case 44:e.push(t.slice(r,n)),r=n=o+1;break;default:n=n+1;break}e.push(t.slice(r,n))}return e}function gt(t){typeof t=="string"&&(t=[t]),typeof t=="number"&&(t=[String(t)]);let e=[];if(t)for(let r of t)r&&e.push(...Hr(r));return e}function Pr(t){return t.list("cookie").map(e=>e.split(";").map(r=>ue.Cookie.parse(r))).flat(1).filter(e=>e!==void 0).map(e=>Object.freeze({name:e.key,value:e.value}))}function Rr(t){return t.list("set-cookie").map(e=>{let r=ue.Cookie.parse(e);if(r){let n={name:r.key,value:r.value,maxAge:Number(r.maxAge??-1)};return r.httpOnly&&(n.httpOnly=!0),r.domain&&(n.domain=r.domain),r.path&&(n.path=r.path),r.secure&&(n.secure=!0),r.httpOnly&&(n.httpOnly=!0),r.sameSite&&(n.sameSite=r.sameSite),Object.freeze(n)}}).filter(e=>e!==void 0)}var ee=class{constructor(){}toList(e){let r=this.get(e);return gt(r)}},v=class extends Map{get(e){return super.get(e.toLowerCase())}one(e){return this.get(e)?.[0]}list(e){let r=super.get(e.toLowerCase());return gt(r)}set(e,r){return typeof r=="number"&&(r=String(r)),typeof r=="string"&&(r=[r]),r?super.set(e.toLowerCase(),r):(super.delete(e.toLowerCase()),this)}add(e,r){let n=super.get(e.toLowerCase());return typeof r=="string"&&(r=[r]),n&&(r=n.concat(r)),this.set(e,r),this}};var Be=class{#e;constructor(e){this.#e=e}get value(){return this.#e}toString(){return this.#e.toString()}},f=class t{static CONTINUE=new t(100,"Continue");static SWITCHING_PROTOCOLS=new t(101,"Switching Protocols");static OK=new t(200,"OK");static CREATED=new t(201,"Created");static ACCEPTED=new t(202,"Accepted");static NON_AUTHORITATIVE_INFORMATION=new t(203,"Non-Authoritative Information");static NO_CONTENT=new t(204,"No Content");static RESET_CONTENT=new t(205,"Reset Content");static PARTIAL_CONTENT=new t(206,"Partial Content");static MULTI_STATUS=new t(207,"Multi-Status");static IM_USED=new t(226,"IM Used");static MULTIPLE_CHOICES=new t(300,"Multiple Choices");static MOVED_PERMANENTLY=new t(301,"Moved Permanently");static BAD_REQUEST=new t(400,"Bad Request");static UNAUTHORIZED=new t(401,"Unauthorized");static FORBIDDEN=new t(403,"Forbidden");static NOT_FOUND=new t(404,"Not Found");static METHOD_NOT_ALLOWED=new t(405,"Method Not Allowed");static NOT_ACCEPTABLE=new t(406,"Not Acceptable");static PROXY_AUTHENTICATION_REQUIRED=new t(407,"Proxy Authentication Required");static REQUEST_TIMEOUT=new t(408,"Request Timeout");static CONFLICT=new t(409,"Conflict");static GONE=new t(410,"Gone");static LENGTH_REQUIRED=new t(411,"Length Required");static PRECONDITION_FAILED=new t(412,"Precondition Failed");static PAYLOAD_TOO_LARGE=new t(413,"Payload Too Large");static URI_TOO_LONG=new t(414,"URI Too Long");static UNSUPPORTED_MEDIA_TYPE=new t(415,"Unsupported Media Type");static EXPECTATION_FAILED=new t(417,"Expectation Failed");static IM_A_TEAPOT=new t(418,"I'm a teapot");static TOO_EARLY=new t(425,"Too Early");static UPGRADE_REQUIRED=new t(426,"Upgrade Required");static PRECONDITION_REQUIRED=new t(428,"Precondition Required");static TOO_MANY_REQUESTS=new t(429,"Too Many Requests");static REQUEST_HEADER_FIELDS_TOO_LARGE=new t(431,"Request Header Fields Too Large");static UNAVAILABLE_FOR_LEGAL_REASONS=new t(451,"Unavailable For Legal Reasons");static INTERNAL_SERVER_ERROR=new t(500,"Internal Server Error");static NOT_IMPLEMENTED=new t(501,"Not Implemented");static BAD_GATEWAY=new t(502,"Bad Gateway");static SERVICE_UNAVAILABLE=new t(503,"Service Unavailable");static GATEWAY_TIMEOUT=new t(504,"Gateway Timeout");static HTTP_VERSION_NOT_SUPPORTED=new t(505,"HTTP Version Not Supported");static VARIANT_ALSO_NEGOTIATES=new t(506,"Variant Also Negotiates");static INSUFFICIENT_STORAGE=new t(507,"Insufficient Storage");static LOOP_DETECTED=new t(508,"Loop Detected");static NOT_EXTENDED=new t(510,"Not Extended");static NETWORK_AUTHENTICATION_REQUIRED=new t(511,"Network Authentication Required");static#e=[];static{Object.keys(t).filter(e=>e!=="VALUES"&&e!=="resolve").forEach(e=>{let r=t[e];r instanceof t&&(Object.defineProperty(r,"name",{enumerable:!0,value:e,writable:!1}),t.#e.push(r))})}static resolve(e){for(let r of t.#e)if(r.value===e)return r}#r;#t;constructor(e,r){this.#r=e,this.#t=r}get value(){return this.#r}get phrase(){return this.#t}toString(){return`${this.#r} ${this.name}`}};function mt(t){if(typeof t=="number"){if(t<100||t>999)throw new Error(`status code ${t} should be in range 100-999`);let e=f.resolve(t);return e!==void 0?e:new Be(t)}return t}var Se=Z(require("node:http"),1),le=class extends Se.default.IncomingMessage{exchange;upgradeHead;get urlBang(){return this.url}get socketEncrypted(){return this.socket.encrypted===!0}},q=class extends Se.default.ServerResponse{markHeadersSent(){this._header=!0}getRawHeaderNames(){return super.getRawHeaderNames()}},pe=class extends ce{},he=class extends de{#e=[];#r;#t="new";#o=[];setStatusCode(e){return this.#t==="committed"?!1:(this.#r=e,!0)}setRawStatusCode(e){return this.setStatusCode(e===void 0?void 0:mt(e))}get statusCode(){return this.#r}addCookie(e){if(this.#t==="committed")throw new Error(`Cannot add cookie ${JSON.stringify(e)} because HTTP response has already been committed`);return this.#e.push(e),this}beforeCommit(e){this.#o.push(e)}get commited(){let e=this.#t;return e!=="new"&&e!=="commit-action-failed"}async body(e){if(e instanceof ReadableStream)throw new Error("ReadableStream body not supported yet");let r=await e;try{return await this.doCommit(async()=>await this.bodyInternal(Promise.resolve(r))).catch(n=>{throw n})}catch(n){throw n}}async end(){return this.commited?Promise.resolve(!1):this.doCommit(async()=>await this.bodyInternal(Promise.resolve()))}doCommit(e){let r=this.#t,n=Promise.resolve();if(r==="new")this.#t="committing",this.#o.length>0&&(n=this.#o.reduce((o,s)=>o.then(()=>s()),Promise.resolve()).catch(o=>{this.#t==="committing"&&(this.#t="commit-action-failed")}));else if(r==="commit-action-failed")this.#t="committing";else return Promise.resolve(!1);return n=n.then(()=>{this.applyStatusCode(),this.applyHeaders(),this.applyCookies(),this.#t="committed"}),n.then(async()=>e!==void 0?await e():!0)}applyStatusCode(){}applyHeaders(){}applyCookies(){}},_=class extends pe{#e;#r;#t;constructor(e){super(new De(e)),this.#t=e}getNativeRequest(){return this.#t}get upgrade(){return this.#t.upgrade}get http2(){return this.#t.httpVersionMajor>=2}get path(){return this.URL?.pathname}get URL(){return this.#e??=new URL(this.#t.urlBang,`${this.protocol}://${this.host}`),this.#e}get query(){return this.URL?.search}get method(){return this.#t.method}get host(){let e;return this.#t.httpVersionMajor>=2&&(e=this.#t.headers[":authority"]),e??=this.#t.socket.remoteAddress,super.parseHost(e)}get protocol(){let e;return this.#t.httpVersionMajor>2&&(e=this.#t.headers[":scheme"]),e??=this.#t.socketEncrypted?"https":"http",super.parseProtocol(e)}get socket(){return this.#t.socket}get remoteAddress(){let e=this.#t.socket.remoteFamily,r=this.#t.socket.remoteAddress,n=this.#t.socket.remotePort,o=!e||!r||!n?void 0:{family:e,address:r,port:n};return super.parseRemoteAddress(o)??o}get cookies(){return this.#r??=super.cookies,this.#r}get body(){return Se.default.IncomingMessage.toWeb(this.#t)}async blob(){let e=[];if(this.body!==void 0)for await(let r of this.body)e.push(r);return new Blob(e,{type:this.headers.one("content-type")||"application/octet-stream"})}async text(){return await(await this.blob()).text()}async formData(){let r=await(await this.blob()).text();return new URLSearchParams(r)}async json(){let e=await this.blob();if(e.size===0)return;let r=await e.text();return JSON.parse(r)}initId(){let e=this.#t.socket.remoteAddress;if(!e)throw new Error("Socket has no remote address");return`${e}:${this.#t.socket.remotePort}`}},De=class extends ee{#e;constructor(e){super(),this.#e=e}has(e){return this.#e.headers[e]!==void 0}get(e){return this.#e.headers[e]}list(e){return super.toList(e)}one(e){let r=this.#e.headers[e];return Array.isArray(r)?r[0]:r}keys(){return Object.keys(this.#e.headers).values()}},Ue=class extends ee{#e;constructor(e){super(),this.#e=e}has(e){return this.#e.hasHeader(e)}keys(){return this.#e.getHeaderNames().values()}get(e){return this.#e.getHeader(e)}one(e){let r=this.#e.getHeader(e);return Array.isArray(r)?r[0]:r}set(e,r){return this.#e.headersSent||(Array.isArray(r)?r=r.map(n=>typeof n=="number"?String(n):n):typeof r=="number"&&(r=String(r)),r?this.#e.setHeader(e,r):this.#e.removeHeader(e)),this}add(e,r){return this.#e.headersSent||this.#e.appendHeader(e,r),this}list(e){return super.toList(e)}},fe=class extends he{#e;constructor(e){super(new Ue(e)),this.#e=e}getNativeResponse(){return this.#e}get statusCode(){return super.statusCode??{value:this.#e.statusCode}}applyStatusCode(){let e=super.statusCode;e!==void 0&&(this.#e.statusCode=e.value)}addCookie(e){return this.headers.add("Set-Cookie",super.setCookieValue(e)),this}async bodyInternal(e){if(this.#e.headersSent)return!1;if(e instanceof ReadableStream)throw new Error("ReadableStream body not supported in response");{let r=await e;return await new Promise((n,o)=>{try{r===void 0?this.#e.end(()=>{n(!0)}):(this.headers.has("content-length")||(typeof r=="string"?this.headers.set("content-length",Buffer.byteLength(r)):r instanceof Blob?this.headers.set("content-length",r.size):this.headers.set("content-length",r.byteLength)),this.#e.end(r,()=>{n(!0)}))}catch(s){o(s instanceof Error?s:new Error(`end failed: ${s}`))}})}}},ge=class t{#e;constructor(e){this.#e=e}get delegate(){return this.#e}get id(){return this.#e.id}get method(){return this.#e.method}get path(){return this.#e.path}get protocol(){return this.#e.protocol}get host(){return this.#e.host}get URL(){return this.#e.URL}get headers(){return this.#e.headers}get cookies(){return this.#e.cookies}get remoteAddress(){return this.#e.remoteAddress}get upgrade(){return this.#e.upgrade}get body(){return this.#e.body}async blob(){return await this.#e.blob()}async text(){return await this.#e.text()}async formData(){return await this.#e.formData()}async json(){return await this.#e.json()}toString(){return`${t.name} [delegate: ${this.delegate.toString()}]`}static getNativeRequest(e){if(e instanceof pe)return e.getNativeRequest();if(e instanceof t)return t.getNativeRequest(e.delegate);throw new Error(`Cannot get native request from ${e.constructor.name}`)}},z=class t{#e;constructor(e){this.#e=e}get delegate(){return this.#e}setStatusCode(e){return this.delegate.setStatusCode(e)}setRawStatusCode(e){return this.delegate.setRawStatusCode(e)}get statusCode(){return this.delegate.statusCode}get cookies(){return this.delegate.cookies}addCookie(e){return this.delegate.addCookie(e),this}async end(){return await this.delegate.end()}async body(e){return await this.#e.body(e)}get headers(){return this.#e.headers}toString(){return`${t.name} [delegate: ${this.delegate.toString()}]`}static getNativeResponse(e){if(e instanceof he)return e.getNativeResponse();if(e instanceof t)return t.getNativeResponse(e.delegate);throw new Error(`Cannot get native response from ${e.constructor.name}`)}},me=class t{#e;constructor(e){this.#e=e}get delegate(){return this.#e}get request(){return this.#e.request}get response(){return this.#e.response}attribute(e){return this.#e.attribute(e)}principal(){return this.#e.principal()}get logPrefix(){return this.#e.logPrefix}toString(){return`${t.name} [delegate: ${this.delegate}]`}},ye=class{request;response;#e={};#r;#t="";constructor(e,r){this.#e[yt]=e.id,this.request=e,this.response=r}get method(){return this.request.method}get path(){return this.request.path}get attributes(){return this.#e}attribute(e){return this.attributes[e]}principal(){return Promise.resolve(void 0)}get logPrefix(){let e=this.attribute(yt);return this.#r!==e&&(this.#r=e,this.#t=e!==void 0?`[${e}] `:""),this.#t}},yt="io.interop.gateway.server.log_id";var St=require("node:os"),Tr=/^(\d+|(0x[\da-f]+))(-(\d+|(0x[\da-f]+)))?$/i;function qe(t){if(t>65535)throw new Error(`bad port ${t}`);return t}function*wt(t){if(typeof t=="string")for(let e of t.split(",")){let r=e.trim(),n=Tr.exec(r);if(n){let o=parseInt(n[1]),s=parseInt(n[4]??n[1]);for(let i=qe(o);i<qe(s)+1;i++)yield i}else throw new Error(`'${e}' is not a valid port or range.`)}else yield qe(t)}var bt=(()=>{function t(r){return r.length>0?r[0]:void 0}let e=Object.values((0,St.networkInterfaces)()).flatMap(r=>(r??[]).filter(n=>n.family==="IPv4")).reduce((r,n)=>(r[n.internal?"internal":"external"].push(n),r),{internal:[],external:[]});return(t(e.internal)??t(e.external))?.address})();var we=require("node:v8"),W=require("node:fs/promises"),y=b("monitoring"),kr={memoryLimit:1024*1024*1024,reportInterval:600*1e3,dumpLocation:".",maxBackups:10,dumpPrefix:"Heap"};function Or(){return(0,we.getHeapStatistics)()}async function vt(t){let e=t.dumpPrefix??"Heap",r=`${t.dumpLocation}/${e}.heapsnapshot`;y.enabledFor("debug")&&y.debug(`starting heap dump in ${r}`),await _e(t.dumpLocation).catch(async o=>{y.enabledFor("debug")&&y.debug(`dump location ${t.dumpLocation} does not exists. Will try to create it`);try{await(0,W.mkdir)(t.dumpLocation,{recursive:!0}),y.info(`dump location dir ${t.dumpLocation} successfully created`)}catch{y.error(`failed to create dump location ${t.dumpLocation}`)}});let n=(0,we.writeHeapSnapshot)(r);y.info("heap dumped");try{y.debug("rolling snapshot backups");let o=`${t.dumpLocation}/${e}.${t.maxBackups}.heapsnapshot`;await _e(o).then(async()=>{y.enabledFor("debug")&&y.debug(`deleting ${o}`);try{await(0,W.unlink)(o)}catch(i){y.warn(`failed to delete ${o}`,i)}}).catch(()=>{});for(let i=t.maxBackups-1;i>0;i--){let a=`${t.dumpLocation}/${e}.${i}.heapsnapshot`,c=`${t.dumpLocation}/${e}.${i+1}.heapsnapshot`;await _e(a).then(async()=>{try{await(0,W.rename)(a,c)}catch(d){y.warn(`failed to rename ${a} to ${c}`,d)}}).catch(()=>{})}let s=`${t.dumpLocation}/${e}.1.heapsnapshot`;try{await(0,W.rename)(n,s)}catch(i){y.warn(`failed to rename ${n} to ${s}`,i)}y.debug("snapshots rolled")}catch(o){throw y.error("error rolling backups",o),o}}async function _e(t){y.enabledFor("trace")&&y.debug(`checking file ${t}`),await(0,W.access)(t)}async function Mr(t,e,r){y.enabledFor("debug")&&y.debug(`processing heap stats ${JSON.stringify(t)}`);let n=Math.min(r.memoryLimit,.95*t.heap_size_limit),o=t.used_heap_size;y.info(`heap stats ${JSON.stringify(t)}`),o>=n?(y.warn(`used heap ${o} bytes exceeds memory limit ${n} bytes`),e.memoryLimitExceeded?delete e.snapshot:(e.memoryLimitExceeded=!0,e.snapshot=!0),await vt(r)):(e.memoryLimitExceeded=!1,delete e.snapshot)}function xt(t){let e={...kr,...t},r=!1,n={memoryLimitExceeded:!1},o=async()=>{let a=Or();await Mr(a,n,e)},s=setInterval(o,e.reportInterval);return{...e,channel:async a=>{if(!r)switch(a??="run",a){case"run":{await o();break}case"dump":{await vt(e);break}case"stop":{r=!0,clearInterval(s),y.info("exit memory diagnostic");break}}return r}}}async function Wr({channel:t},e){await t(e)||y.warn(`cannot execute command "${e}" already closed`)}async function Et(t){return await Wr(t,"stop")}var ze=Z(require("@interopio/gateway-server/package.json"),1),Ir=t=>(t??=`${ze.default.name} - v${ze.default.version}`,async({response:e},r)=>{t!==!1&&!e.headers.has("server")&&e.headers.set("Server",t),await r()}),Ct=t=>Ir(t);var te=require("@interopio/gateway");var Ge=b("gateway.ws.client-verify");function $r(t){switch(t.missing){case"allow":case"whitelist":return!0;case"block":case"blacklist":return!1;default:return!1}}function Nr(t,e){let r=t.block??t.blacklist,n=t.allow??t.whitelist;if(r.length>0&&te.IOGateway.Filtering.valuesMatch(r,e))return Ge.warn(`origin ${e} matches block filter`),!1;if(n.length>0&&te.IOGateway.Filtering.valuesMatch(n,e))return Ge.enabledFor("debug")&&Ge.debug(`origin ${e} matches allow filter`),!0}function Fr(t){switch(t.non_matched){case"allow":case"whitelist":return!0;case"block":case"blacklist":return!1;default:return!1}}function At(t,e){if(!e)return!0;if(t){let r=Nr(e,t);return r||Fr(e)}else return $r(e)}function Ht(t){if(t){let e=(t.block??t.blacklist??[]).map(te.IOGateway.Filtering.regexify),r=(t.allow??t.whitelist??[]).map(te.IOGateway.Filtering.regexify);return{non_matched:t.non_matched??"allow",missing:t.missing??"allow",allow:r,block:e}}}var Pt=t=>async e=>{for(let r of t)if((await r(e)).match)return A();return E},G=t=>{let e=async r=>{for(let n of t)if(!(await n(r)).match)return E;return A()};return e.toString=()=>`and(${t.map(r=>r.toString()).join(", ")})`,e},Rt=t=>async e=>(await t(e)).match?E:A(),re=async t=>A();re.toString=()=>"any-exchange";var Tt=Object.freeze({}),E=Object.freeze({match:!1,variables:Tt}),A=(t=Tt)=>({match:!0,variables:t}),H=(t,e)=>{let r=e?.method,n=async o=>{let s=o.request,i=s.path;if(r!==void 0&&s.method!==r)return E;if(typeof t=="string")return i===t?A():E;{let a=t.exec(i);return a===null?E:{match:!0,variables:{...a.groups}}}};return n.toString=()=>`pattern(${t.toString()}, method=${r??"<any>"})`,n},je=t=>{let e=r=>{if(t.ignoredMediaTypes!==void 0){for(let n of t.ignoredMediaTypes)if(r===n||n==="*/*")return!0}return!1};return async r=>{let n=r.request,o;try{o=n.headers.list("accept")}catch{return E}for(let s of o)if(!e(s)){for(let i of t.mediaTypes)if(s.startsWith(i))return A()}return E}},D=async({request:t})=>t.upgrade&&t.headers.one("upgrade")?.toLowerCase()==="websocket"?A():E;D.toString=()=>"websocket upgrade";var Ve=require("@interopio/gateway");async function Je(t,e,r){let n=(s,i)=>{if(i?.cors){let a=i.cors===!0?{allowOrigins:i.origins?.allow?.map(Ve.IOGateway.Filtering.regexify),allowMethods:s.method===void 0?["*"]:[s.method],allowCredentials:i.authorize?.access!=="permitted"?!0:void 0}:i.cors,c=s.path;r.cors.push([c,a])}},o=new class{handle(...s){s.forEach(({request:i,options:a,handler:c})=>{let d=H(Ve.IOGateway.Filtering.regexify(i.path),{method:i.method});a?.authorize&&r.authorize.push([d,a.authorize]),n(i,a);let u=async(l,g)=>{let{match:h,variables:p}=await d(l);h?await c(l,p):await g()};r.middleware.push(u)})}socket(...s){for(let{path:i,factory:a,options:c}of s){let d=i??"/";r.sockets.set(d,{default:i===void 0,ping:c?.ping,factory:a,maxConnections:c?.maxConnections,authorize:c?.authorize,originFilters:Ht(c?.origins)})}}};await t(o,e)}var xe=require("@interopio/gateway");function Dr(t){let e=t.headers.one("origin");if(e===void 0)return!0;let r=t.URL,n=r.protocol,o=r.host,s=URL.parse(e),i=s?.host,a=s?.protocol;return n===a&&o===i}function Ur(t){return t.headers.has("origin")&&!Dr(t)}function Ot(t){return t.method==="OPTIONS"&&t.headers.has("origin")&&t.headers.has("access-control-request-method")}var kt=["Origin","Access-Control-Request-Method","Access-Control-Request-Headers"],qr=(t,e)=>{let{request:r,response:n}=t,o=n.headers;if(!o.has("Vary"))o.set("Vary",kt.join(", "));else{let i=o.list("Vary");for(let a of kt)i.find(c=>c===a)||i.push(a);o.set("Vary",i.join(", "))}try{if(!Ur(r))return!0}catch{return P.enabledFor("debug")&&P.debug("reject: origin is malformed"),ne(n),!1}if(o.has("access-control-allow-origin"))return P.enabledFor("trace")&&P.debug('skip: already contains "Access-Control-Allow-Origin"'),!0;let s=Ot(r);return e?zr(t,e,s):s?(ne(n),!1):!0},ve=["*"],Qe=["GET","HEAD","POST"],Mt={allowOrigins:ve,allowMethods:Qe,allowHeaders:ve,maxAge:1800};function Ee(t){if(t){let e=t.allowHeaders;e&&e!==S&&(t={...t,allowHeaders:e.map(n=>n.toLowerCase())});let r=t.allowOrigins;return r&&(r==="*"?(Lt(t),It(t)):t={...t,allowOrigins:r.map(n=>typeof n=="string"&&n!==S&&(n=xe.IOGateway.Filtering.regexify(n),typeof n=="string")?$t(n).toLowerCase():n)}),t}}function be(t,e){if(e===void 0)return t!==void 0?t===S?[S]:t:[];if(t===void 0)return e===S?[S]:e;if(t==ve||t===Qe)return e===S?[S]:e;if(e==ve||e===Qe)return t===S?[S]:t;if(t===S||t.includes(S)||e===S||e.includes(S))return[S];let r=new Set;return t.forEach(n=>r.add(n)),e.forEach(n=>r.add(n)),Array.from(r)}var oe=(t,e)=>e===void 0?t:{allowOrigins:be(t.allowOrigins,e?.allowOrigins),allowMethods:be(t.allowMethods,e?.allowMethods),allowHeaders:be(t.allowHeaders,e?.allowHeaders),exposeHeaders:be(t.exposeHeaders,e?.exposeHeaders),allowCredentials:e?.allowCredentials??t.allowCredentials,allowPrivateNetwork:e?.allowPrivateNetwork??t.allowPrivateNetwork,maxAge:e?.maxAge??t.maxAge},_r=t=>{let e=t.corsConfigSource,r=t.corsProcessor??qr;return async(n,o)=>{let s=await e(n);!r(n,s)||Ot(n.request)||await o()}},Wt=_r,P=b("cors");function ne(t){t.setStatusCode(f.FORBIDDEN)}function zr(t,e,r){let{request:n,response:o}=t,s=o.headers,i=n.headers.one("origin"),a=jr(e,i);if(a===void 0)return P.enabledFor("debug")&&P.debug(`reject: '${i}' origin is not allowed`),ne(o),!1;let c=Qr(n,r),d=Vr(e,c);if(d===void 0)return P.enabledFor("debug")&&P.debug(`reject: HTTP '${c}' is not allowed`),ne(o),!1;let u=Yr(n,r),l=Jr(e,u);if(r&&l===void 0)return P.enabledFor("debug")&&P.debug(`reject: headers '${u}' are not allowed`),ne(o),!1;s.set("Access-Control-Allow-Origin",a),r&&s.set("Access-Control-Allow-Methods",d.join(",")),r&&l!==void 0&&l.length>0&&s.set("Access-Control-Allow-Headers",l.join(", "));let g=e.exposeHeaders;return g&&g.length>0&&s.set("Access-Control-Expose-Headers",g.join(", ")),e.allowCredentials&&s.set("Access-Control-Allow-Credentials","true"),e.allowPrivateNetwork&&n.headers.one("access-control-request-private-network")==="true"&&s.set("Access-Control-Allow-Private-Network","true"),r&&e.maxAge!==void 0&&s.set("Access-Control-Max-Age",e.maxAge.toString()),!0}var S="*",Gr=["GET","HEAD"];function Lt(t){if(t.allowCredentials===!0&&t.allowOrigins===S)throw new Error('when allowCredentials is true allowOrigins cannot be "*"')}function It(t){if(t.allowPrivateNetwork===!0&&t.allowOrigins===S)throw new Error('when allowPrivateNetwork is true allowOrigins cannot be "*"')}function jr(t,e){if(e){let r=t.allowOrigins;if(r){if(r===S)return Lt(t),It(t),S;let n=$t(e.toLowerCase());for(let o of r)if(o===S||xe.IOGateway.Filtering.valueMatches(o,n))return e}}}function Vr(t,e){if(e){let r=t.allowMethods??Gr;if(r===S)return[e];if(xe.IOGateway.Filtering.valuesMatch(r,e))return r}}function Jr(t,e){if(e===void 0)return;if(e.length==0)return[];let r=t.allowHeaders;if(r===void 0)return;let n=r===S||r.includes(S),o=[];for(let s of e){let i=s?.trim();if(i){if(n)o.push(i);else for(let a of r)if(i.toLowerCase()===a){o.push(i);break}}}if(o.length>0)return o}function $t(t){return t.endsWith("/")?t.slice(0,-1):t}function Qr(t,e){return e?t.headers.one("access-control-request-method"):t.method}function Yr(t,e){let r=t.headers;return e?r.list("access-control-request-headers"):Array.from(r.keys())}var Nt=t=>async e=>{for(let[r,n]of t.mappings)if((await r(e)).match)return P.debug(`resolved cors config on '${e.request.path}' using ${r}: ${JSON.stringify(n)}`),n};var Ft=require("@interopio/gateway");function Bt(t){let{sockets:e,cors:r}=t,n=t.corsConfig===!1?void 0:oe(Mt,t.corsConfig),o=[];for(let[i,a]of e){let c=n;for(let[u,l]of r)Ft.IOGateway.Filtering.valueMatches(u,i)&&(l===void 0?c=void 0:c=c===void 0?l:oe(c,l));let d=t.corsConfig===!1?void 0:{allowOrigins:a.originFilters?.allow,allowMethods:["GET","CONNECT","OPTIONS"],allowHeaders:["Upgrade","Connection","Origin","Sec-Websocket-Key","Sec-Websocket-Version","Sec-Websocket-Protocol","Sec-Websocket-Extensions"],exposeHeaders:["Sec-Websocket-Accept","Sec-Websocket-Protocol","Sec-Websocket-Extensions"],allowCredentials:a.authorize?.access!=="permitted"?!0:void 0};c=c===void 0?d:oe(c,d),o.push([G([D,H(i)]),Ee(c)])}let s=[];for(let[i,a]of r){let[,c]=s.find(([u])=>String(u)===String(i))??[i,n];c=c===void 0?a:oe(c,a);let d=!1;for(let u of s)if(String(u[0])===String(i)){u[1]=c,d=!0;break}d||s.push([i,c])}for(let[i,a]of s)o.push([H(i),Ee(a)]);return o.push([H(/\/api\/.*/),Ee(n)]),Nt({mappings:o})}function Dt(t){return t!==void 0&&typeof t.type=="string"&&typeof t.authenticated=="boolean"}var C=class extends Error{_authentication;get authentication(){return this._authentication}set authentication(e){if(e===void 0)throw new TypeError("Authentication cannot be undefined");this._authentication=e}},Ce=class extends C{},Ae=class extends C{};var U=class extends Error{},L=class{constructor(e){this.granted=e}granted},N=class{#e;constructor(e){this.#e=e}async verify(e,r){if(!(await this.#e(e,r))?.granted)throw new U("Access denied")}async authorize(e,r){return await this.#e(e,r)}},j=class extends C{};var R=t=>async e=>{let r=!0,{response:n}=e;for(let o of t.keys())n.headers.has(o)&&(r=!1);if(r)for(let[o,s]of t)n.headers.set(o,s)},Kr=()=>R(new v().add("cache-control","no-cache, no-store, max-age=0, must-revalidate").add("pragma","no-cache").add("expires","0")),Xr=()=>R(new v().add("x-content-type-options","nosniff")),Zr=(t,e,r)=>{let n=`max-age=${t}`;e&&(n+=" ; includeSubDomains"),r&&(n+=" ; preload");let o=R(new v().add("strict-transport-security",n)),s=i=>i.request.URL.protocol==="https:";return async i=>{s(i)&&await o(i)}},en=t=>R(new v().add("x-frame-options",t)),tn=t=>R(new v().add("x-xss-protection",t)),rn=t=>{let e=t===void 0?void 0:R(new v().add("permissions-policy",t));return async r=>{e!==void 0&&await e(r)}},nn=(t,e)=>{let r=e?"content-security-policy-report-only":"content-security-policy",n=t===void 0?void 0:R(new v().add(r,t));return async o=>{n!==void 0&&await n(o)}},on=(t="no-referrer")=>R(new v().add("referer-policy",t)),sn=t=>{let e=t===void 0?void 0:R(new v().add("cross-origin-opener-policy",t));return async r=>{e!==void 0&&await e(r)}},an=t=>{let e=t===void 0?void 0:R(new v().add("cross-origin-embedder-policy",t));return async r=>{e!==void 0&&await e(r)}},cn=t=>{let e=t===void 0?void 0:R(new v().add("cross-origin-resource-policy",t));return async r=>{e!==void 0&&await e(r)}},dn=(...t)=>async e=>{for(let r of t)await r(e)};function Ye(t){let e=[];t?.cache?.disabled||e.push(Kr()),t?.contentType?.disabled||e.push(Xr()),t?.hsts?.disabled||e.push(Zr(t?.hsts?.maxAge??365*24*60*60,t?.hsts?.includeSubDomains??!0,t?.hsts?.preload??!1)),t?.frameOptions?.disabled||e.push(en(t?.frameOptions?.mode??"DENY")),t?.xss?.disabled||e.push(tn(t?.xss?.headerValue??"0")),t?.permissionsPolicy?.disabled||e.push(rn(t?.permissionsPolicy?.policyDirectives)),t?.contentSecurityPolicy?.disabled||e.push(nn(t?.contentSecurityPolicy?.policyDirectives??"default-src 'self'",t?.contentSecurityPolicy?.reportOnly)),t?.refererPolicy?.disabled||e.push(on(t?.refererPolicy?.policy??"no-referrer")),t?.crossOriginOpenerPolicy?.disabled||e.push(sn(t?.crossOriginOpenerPolicy?.policy)),t?.crossOriginEmbedderPolicy?.disabled||e.push(an(t?.crossOriginEmbedderPolicy?.policy)),t?.crossOriginResourcePolicy?.disabled||e.push(cn(t?.crossOriginResourcePolicy?.policy)),t?.writers&&e.push(...t.writers);let r=dn(...e);return async(n,o)=>{await r(n),await o()}}var V=t=>{let e=t.entryPoint,r=t?.rethrowAuthenticationServiceError??!0;return async({exchange:n},o)=>{if(!r||!(o instanceof j))return e(n,o);throw o}};var un="Realm",ln=t=>`Basic realm="${t}"`,J=t=>{let e=ln(t?.realm??un);return async(r,n)=>{let{response:o}=r;o.setStatusCode(f.UNAUTHORIZED),o.headers.set("WWW-Authenticate",e)}};var Ut="Basic ",He=t=>async e=>{let{request:r}=e,n=r.headers.one("authorization");if(!n||!/basic/i.test(n.substring(0)))return;let o=n.length<=Ut.length?"":n.substring(Ut.length),i=Buffer.from(o,"base64").toString(t?.credentialsEncoding??"utf-8").split(":",2);if(i.length===2)return{type:"UsernamePassword",authenticated:!1,principal:i[0],credentials:i[1]}};var qt=require("node:async_hooks"),F=class t{static hasSecurityContext(e){return e.getStore()?.securityContext!==void 0}static async getSecurityContext(e){return await e.getStore()?.securityContext}static clearSecurityContext(e){delete e.getStore()?.securityContext}static withSecurityContext(e){return(r=new qt.AsyncLocalStorage)=>(r.getStore().securityContext=e,r)}static withAuthentication(e){return t.withSecurityContext(Promise.resolve({authentication:e}))}static async getContext(e){if(t.hasSecurityContext(e))return t.getSecurityContext(e)}};async function pn(t,e,r,n,o,s){let a=await(await n(t))?.(r);if(a===void 0)throw new Error("No authentication manager found for the exchange");try{await hn(a,{exchange:t,next:e},o,s)}catch(c){throw c instanceof C,c}}async function hn(t,e,r,n){F.withAuthentication(t)(n),await r(e,t)}function Q(t){let e={matcher:re,successHandler:async({next:n})=>{await n()},converter:He({}),failureHandler:V({entryPoint:J({})}),...t},r=e.managerResolver;if(r===void 0&&e.manager!==void 0){let n=e.manager;r=async o=>n}if(r===void 0)throw new Error("Authentication filter requires a managerResolver or a manager");return async(n,o)=>{let i=(await e.matcher(n)).match?await e.converter(n):void 0;if(i===void 0){await o();return}try{await pn(n,o,i,r,e.successHandler,e.storage)}catch(a){if(a instanceof C){await e.failureHandler({exchange:n,next:o},a);return}throw a}}}var _t=t=>async(e,r)=>{e.response.setStatusCode(t.httpStatus)};var Y=b("auth.entry-point"),Pe=t=>{let e=t.defaultEntryPoint??(async({response:r},n)=>{r.setStatusCode(f.UNAUTHORIZED),await r.end()});return async(r,n)=>{for(let[o,s]of t.entryPoints)if(Y.enabledFor("debug")&&Y.debug(`trying to match using: ${o}`),(await o(r)).match)return Y.enabledFor("debug")&&Y.debug(`match found. using default entry point ${s}`),s(r,n);return Y.enabledFor("debug")&&Y.debug(`no match found. using default entry point ${e}`),e(r,n)}};var zt=t=>async({exchange:e,next:r},n)=>{for(let o of t)await o({exchange:e,next:r},n)};function Ke(t){let e=async g=>g.request.headers.list("X-Requested-With").includes("XMLHttpRequest")?A():E,r=Pe({entryPoints:[[e,_t({httpStatus:f.UNAUTHORIZED})]],defaultEntryPoint:J({})}),n=t.entryPoint??r,o=t.manager,s=je({mediaTypes:["application/atom+xml","application/x-www-form-urlencoded","application/json","application/octet-stream","application/xml","multipart/form-data","text/xml"],ignoredMediaTypes:["*/*"]}),i=Rt(je({mediaTypes:["text/html"]})),a=G([i,s]),c=Pt([e,a]);t.defaultEntryPoints.push([c,n]);let d=t.failureHandler??V({entryPoint:n}),u=zt(t.successHandlers??t.defaultSuccessHandlers),l=He({});return Q({storage:t.storage,manager:o,failureHandler:d,successHandler:u,converter:l})}var Gt={invalid_request:"invalid_request",invalid_token:"invalid_token",insufficient_scope:"insufficient_scope"},jt="https://tools.ietf.org/html/rfc6750#section-3.1";function Re(t){return{errorCode:Gt.invalid_token,httpStatus:f.UNAUTHORIZED,description:t,uri:jt}}function Xe(t){return{errorCode:Gt.invalid_request,httpStatus:f.BAD_REQUEST,description:t,uri:jt}}var fn="access_token",gn=/^Bearer\s+(?<token>[a-zA-Z0-9-._~+/]+=*)$/i,k=class extends C{error;constructor(e,r,n){super(r??(typeof e=="string"?void 0:e.description),n),this.error=typeof e=="string"?{errorCode:e}:e}},Vt=t=>t.type==="BearerToken",mn=t=>async e=>{let{request:r}=e;return Promise.all([Sn(r.headers,t?.headerName).then(n=>n!==void 0?[n]:void 0),wn(r,t?.uriQueryParameter),bn(e,t?.formEncodedBodyParameter)]).then(n=>n.filter(o=>o!==void 0).flat(1)).then(yn).then(n=>{if(n)return{authenticated:!1,type:"BearerToken",token:n}})};async function yn(t){if(t.length===0)return;if(t.length>1){let r=Xe("Found multiple access tokens in the request");throw new k(r)}let e=t[0];if(!e||e.length===0){let r=Xe("The requested access token parameter is an empty string");throw new k(r)}return e}async function Sn(t,e="authorization"){let r=t.one(e);if(!r||!/bearer/i.test(r.substring(0)))return;let n=gn.exec(r);if(n===null){let o=Re("Bearer token is malformed");throw new k(o)}return n.groups?.token}async function Jt(t){let e=t.getAll(fn);if(e.length!==0)return e}async function wn(t,e=!1){if(!(!e||t.method!=="GET"))return Jt(t.URL.searchParams)}async function bn(t,e=!1){let{request:r}=t;if(!e||r.headers.one("content-type")!=="application/x-www-form-urlencoded"||r.method!=="POST")return;let n=await t.request.formData();if(n)return Jt(n)}var Te=mn;function vn(t){let e="Bearer";if(t.size!==0){e+=" ";let r=0;for(let[n,o]of t)e+=`${n}="${o}"`,r!==t.size-1&&(e+=", "),r++}return e}var Qt=t=>t.httpStatus!==void 0;function xn(t){if(t instanceof k){let{error:e}=t;if(Qt(e))return e.httpStatus}return f.UNAUTHORIZED}function En(t,e){let r=new Map;if(e&&r.set("realm",e),t instanceof k){let{error:n}=t;r.set("error",n.errorCode),n.description&&r.set("error_description",n.description),n.uri&&r.set("error_uri",n.uri),Qt(n)&&n.scope&&r.set("scope",n.scope)}return r}var Cn=t=>async(e,r)=>{let n=xn(r),o=En(r,t?.realmName),s=vn(o),{response:i}=e;i.headers.set("WWW-Authenticate",s),i.setStatusCode(n),await i.end()},ke=Cn;var An=t=>{let e=t?.principalClaimName??"sub";return r=>({type:"JwtToken",authenticated:!0,name:r.getClaimAsString(e)})},Hn=t=>async e=>t(e),K=class extends Error{},ie=class extends K{};function Pn(t){if(t instanceof ie)return new k(Re(t.message),t.message,{cause:t});throw new j(t.message,{cause:t})}function Ze(t){let e=t.decoder,r=t.authConverter??Hn(An({}));return async n=>{if(Vt(n)){let o=n.token;try{let s=await e(o);return await r(s)}catch(s){throw s instanceof K?Pn(s):s}}}}function et(t){let e=t.entryPoint??ke({}),r=t?.converter??Te({}),n=t.failureHandler??V({entryPoint:e});if(t.managerResolver!==void 0)return Q({storage:t.storage,converter:r,failureHandler:n,managerResolver:t.managerResolver});if(t.jwt!==void 0){let o=t.jwt.manager??Ze(t.jwt);return Q({storage:t.storage,converter:r,failureHandler:n,managerResolver:async s=>o})}throw new Error("Invalid resource server configuration: either managerResolver or jwt must be provided")}var Me=require("@interopio/gateway/jose/jwt");async function Yt(t,e,r){let n=new Ce("Full authentication is required to access this resource."),o=new C("Access Denied",{cause:n});e&&(o.authentication=e),await r(t,o)}function Rn(t){return async(e,r)=>{e.response.setStatusCode(t),e.response.headers.set("Content-Type","text/plain; charset=utf-8");let n=Buffer.from("Access Denied","utf-8");e.response.headers.set("Content-Length",n.length),await e.response.body(n)}}var Kt=t=>{let e=Rn(f.FORBIDDEN),r=t.authenticationEntryPoint??J();return async(n,o)=>{try{await o()}catch(s){if(s instanceof U){let i=await n.principal();Dt(i)?(i.authenticated||await e(n,s),await Yt(n,i,r)):await Yt(n,void 0,r);return}throw s}}};var Tn=b("security.auth");function tt(t){let e=async(r,n)=>{let o;for(let[s,i]of t.mappings)if((await s(n))?.match){Tn.debug(`checking authorization on '${n.request.path}' using [${s}, ${i}]`);let a=await i.authorize(r,{exchange:n});if(a!==void 0){o=a;break}}return o??=new L(!1),o};return new N(e)}var Oe=b("security.auth");function rt(t){let{manager:e,storage:r}=t;return async(n,o)=>{let s=F.getContext(r).then(i=>i?.authentication);try{await e.verify(s,n),Oe.enabledFor("debug")&&Oe.debug("authorization successful")}catch(i){throw i instanceof U&&Oe.enabledFor("debug")&&Oe.debug(`authorization failed: ${i.message}`),i}await o()}}var nt=class extends me{#e;constructor(e,r){super(e),this.#e=r}async principal(){return(await this.#e())?.authentication}},Xt=t=>{let e=t.storage;return async(r,n)=>{await n(new nt(r,async()=>await F.getContext(e)))}};var I={first:Number.MAX_SAFE_INTEGER,http_headers:100,https_redirect:200,cors:300,http_basic:600,authentication:800,security_context_server_web_exchange:1500,error_translation:1800,authorization:1900,last:Number.MAX_SAFE_INTEGER},$=Symbol.for("filterOrder"),Zt=(t,e)=>{let r=[];class n{#e;#r=[];manager;get authenticationEntryPoint(){return this.#e!==void 0||this.#r.length===0?this.#e:this.#r.length===1?this.#r[0][1]:Pe({entryPoints:this.#r,defaultEntryPoint:this.#r[this.#r.length-1][1]})}build(){if(t.headers!==void 0&&t.headers.disabled!==!0){let a=Ye(t.headers);a[$]=I.http_headers,r.push(a)}if(t.cors?.disabled!==!0&&e.corsConfigSource!==void 0){let a=Wt({corsConfigSource:e.corsConfigSource});a[$]=I.cors,r.push(a)}if(t.basic!==void 0&&t.basic?.disabled!==!0){let a=t.basic.user?.name.toLowerCase(),c=t.basic.user?.password??"",d=t.basic.user?.authorities??[],u=async h=>{let p=h.principal,w=h.credentials;if(p.toLowerCase()!==a||w!==c)throw new Ae("Invalid username or password");return{type:"UsernamePassword",authenticated:!0,principal:p,credentials:w,authorities:[...d]}},l=[async({exchange:h,next:p},w)=>p()],g=Ke({storage:e.storage,manager:u,defaultEntryPoints:this.#r,defaultSuccessHandlers:l});g[$]=I.http_basic,r.push(g)}if(t.jwt!==void 0&&t.jwt.disabled!==!0){let a=(0,Me.jwtVerifier)({issuerBaseUri:t.jwt.issuerUri,issuer:t.jwt.issuer,audience:t.jwt.audience}),c=async h=>{try{let{payload:p}=await a(h);return{subject:p.sub,getClaimAsString(w){return p[w]}}}catch(p){throw p instanceof Me.JwtVerifyError?new ie(p.message,{cause:p}):new K("error occurred while attempting to decoding jwt",{cause:p})}},d=Te({uriQueryParameter:!0}),u=async h=>{try{return await d(h)===void 0?E:A()}catch{return E}},l=ke({});this.#r.push([u,l]);let g=et({storage:e.storage,entryPoint:l,converter:d,jwt:{decoder:c}});g[$]=I.authentication,r.push(g)}let i=Xt({storage:e.storage});if(r.push(i),i[$]=I.security_context_server_web_exchange,t.authorize!==void 0){let a=Kt({authenticationEntryPoint:this.authenticationEntryPoint});a[$]=I.error_translation,r.push(a);let d=(l=>{let g=[],h=!1;for(let[p,w]of l??[]){let m;if(p==="any-exchange")h=!0,m=re;else{if(h)throw new Error("Cannot register other matchers after 'any-exchange' matcher");m=p}let x;if(w.access==="permitted")x=new N(async()=>new L(!0)),x.toString=()=>"AuthorizationManager[permitted]";else if(w.access==="denied")x=new N(async()=>new L(!1)),x.toString=()=>"AuthorizationManager[denied]";else if(w.access==="authenticated")x=new N(async X=>{let B=await X;return B!==void 0?new L(B.authenticated):new L(!1)}),x.toString=()=>"AuthorizationManager[authenticated]";else throw new Error(`Unknown access type: ${JSON.stringify(w)}`);g.push([m,x])}return tt({mappings:g})})(t.authorize),u=rt({manager:d,storage:e.storage});u[$]=I.authorization,r.push(u)}r.sort((a,c)=>{let d=a[$]??I.last,u=c[$]??I.last;return d-u})}}return new n().build(),r};function kn(t){let e=[],r={access:t.authConfig?.type!=="none"?"authenticated":"permitted"};for(let[n,o]of t.sockets){let s=o.authorize??r,i=H(n,{method:"GET"});i=G([D,i]),e.push([i,s])}return e.push([H("/",{method:"GET"}),{access:"permitted"}]),e.push([H("/favicon.ico",{method:"GET"}),{access:"permitted"}]),e.push([H("/health",{method:"GET"}),{access:"permitted"}]),t.authorize.length>0&&e.push(...t.authorize),e.push(["any-exchange",r]),{authorize:e,cors:{disabled:t.corsConfig===!1},basic:{disabled:t.authConfig?.type!=="basic",...t.authConfig?.basic},jwt:{disabled:t.authConfig?.type!=="oauth2",...t.authConfig?.oauth2?.jwt}}}async function er(t){let e=Bt(t),r=kn(t),{storage:n}=t;return Zt(r,{storage:n,corsConfigSource:e})}var tr=require("node:async_hooks");var We=class extends z{},ot=class{#e;#r=!1;#t;#o;constructor(e,r){this.#e=e,this.#t=r}createExchange(e,r){return new ye(e,r)}set storage(e){this.#o=e}set enableLoggingRequestDetails(e){this.#r=e}formatHeaders(e){let r="{";for(let n of e.keys())if(this.#r){let o=e.get(n);r+=`"${n}": "${o}", `}else{r+="masked, ";break}return r.endsWith(", ")&&(r=r.slice(0,-2)),r+="}",r}formatRequest(e){let r=e.URL.search;return`HTTP ${e.method} "${e.path}${r}`}logRequest(e){if(this.#e.enabledFor("debug")){let r=this.#e.enabledFor("trace");this.#e.debug(`${e.logPrefix}${this.formatRequest(e.request)}${r?`, headers: ${this.formatHeaders(e.request.headers)}`:""}"`)}}logResponse(e){if(this.#e.enabledFor("debug")){let r=this.#e.enabledFor("trace"),n=e.response.statusCode;this.#e.debug(`${e.logPrefix}Completed ${n??"200 OK"}${r?`, headers: ${this.formatHeaders(e.response.headers)}`:""}"`)}}handleUnresolvedError(e,r){let{request:n,response:o,logPrefix:s}=e;if(o.setStatusCode(f.INTERNAL_SERVER_ERROR)){this.#e.error(`${s}500 Server Error for ${this.formatRequest(n)}`,r);return}throw this.#e.error(`${s}Error [${r.message} for ${this.formatRequest(n)}, but already ended (${o.statusCode})`,r),r}async web(e){return await this.#t(e)}async http(e,r){let n=this.createExchange(e,r),o=()=>(this.logRequest(n),this.web(n).then(()=>{this.logResponse(n)}).catch(s=>{this.handleUnresolvedError(n,s)}).then(async()=>{await n.response.end()}));await new Promise((s,i)=>{this.#o!==void 0?this.#o.run({exchange:n},()=>{o().then(()=>s()).catch(a=>i(a))}):o().then(()=>s()).catch(a=>i(a))})}},Le=class{#e;#r=new tr.AsyncLocalStorage;#t;storage(e){return this.#r=e,this}httpHandlerDecorator(e){if(this.#t===void 0)this.#t=e;else{let r=this.#t;this.#t=n=>(n=r(n),e(n))}return this}constructor(e){this.#e=e}build(){let e=b("http"),r=new ot(e,this.#e);this.#r!==void 0&&(r.storage=this.#r),r.enableLoggingRequestDetails=!1;let n=async(o,s)=>r.http(o,s);return this.#t?this.#t(n):n}};var ir=require("ws");function rr(t,e){let r=t?.exchange,n=r?.request??new _(t),o=r?.principal,s=o?o.bind(r):async function(){},i=n.URL,a=new v;for(let g of n.headers.keys())a.set(g,n.headers.list(g));let c=n.cookies,d=r?.logPrefix??`[${n.id}] `,u=n.remoteAddress;return{url:i,headers:a,cookies:c,principal:s,protocol:e,remoteAddress:u,logPrefix:d}}function nr(t){return[async(r,n)=>{let s=r.request.path??"/",i=t.sockets,a=i.get(s)??Array.from(i.values()).find(c=>{if(s==="/"&&c.default===!0)return!0});if(a!==void 0){let{request:c,response:d}=r,u=await D(r);if((c.method==="GET"||c.method==="CONNECT")&&u.match)if(a.upgradeStrategy!==void 0){a.upgradeStrategy(r);return}else throw new Error(`No upgrade strategy defined for route on ${s}`);else{if(a.default){await n();return}d.setStatusCode(f.UPGRADE_REQUIRED),d.headers.set("Upgrade","websocket").set("Connection","Upgrade").set("Content-Type","text/plain");let l=Buffer.from(`This service [${c.path}] requires use of the websocket protocol.`,"utf-8");await d.body(l)}}else await n()}]}var or=require("ws"),Ie=class extends or.WebSocket{constructor(e,r,n){super(null,void 0,n)}connected},$e=class t{static#e=Buffer.alloc(0);static#r=[0,Buffer.alloc(8)];#t;#o;#i;#s=!1;#n;constructor(e,r,n){this.#n=e,this.#o=typeof n=="number"?n:n?.interval,this.#t=typeof n=="number"||n?.data==="timestamp"?()=>t.#d(Date.now()):()=>t.#e,this.#o&&(this.#i=setInterval(()=>{let[o,s]=r();for(let i of s)this.#a(i,o)||this.#c(i,o)},this.#o))}#a(e,r){return e.connected===!1?(this.#n.enabledFor("debug")&&this.#n.debug(`terminating unresponsive ws client on [${r}]`),e.terminate(),!0):!1}#c(e,r){e.connected=!1;let n=this.#t();this.#n.enabledFor("trace")&&this.#n.debug(`pinging ws client on [${r}]`),e.ping(n,this.#s,o=>{o&&this.#n.enabledFor("warn")&&this.#n.warn(`failed to ping ws client on [${r}]`,o)})}static#d(e=Date.now()){if(e-t.#r[0]>0){let r=Buffer.allocUnsafe(8);r.writeBigInt64BE(BigInt(e),0),t.#r=[e,r]}return t.#r[1]}static#u(e){return e.length===8?Number(e.readBigInt64BE(0)):0}close(){clearInterval(this.#i)}handlePing(e,r,n){r.connected=!0,r.pong(n,!1,o=>{o&&this.#n.enabledFor("warn")&&this.#n.warn(`${e.logPrefix}failed to pong ws client [${e.remoteAddress?.address}:${e.remoteAddress?.port}]`,o)})}handlePong(e,r,n){if(r.connected=!0,this.#n.enabledFor("warn")){let o=t.#u(n);if(o>0){let s=Date.now()-o;this.#n.enabledFor("debug")&&this.#n.debug(`${e.logPrefix}ws client [${e.remoteAddress?.address}:${e.remoteAddress?.port}] ping-pong latency: ${s}ms`),this.#o&&s>this.#o/2&&this.#n.enabledFor("warn")&&this.#n.warn(`${e.logPrefix}ws client [${e.remoteAddress?.address}:${e.remoteAddress?.port}] high ping-pong latency: ${s}ms`)}}}};var T=b("ws");function On(t,e,r,n){return o=>{let{logPrefix:s,request:i}=o,a=ge.getNativeRequest(i);a.exchange=o;let{socket:c,upgradeHead:d}=a,u=i.host;if(c.removeListener("error",n),e.maxConnections!==void 0&&r.clients?.size>=e.maxConnections){T.warn(`${s}dropping ws connection request on ${u}${t}. max connections exceeded.`),c.destroy();return}let l=i.headers.one("origin");if(!At(l,e.originFilters)){T.enabledFor("info")&&T.info(`${s}dropping ws connection request on ${u}${t}. origin ${l??"<missing>"}`),c.destroy();return}T.enabledFor("debug")&&T.debug(`${s}accepted new ws connection request on ${u}${t}`),r.handleUpgrade(a,c,d,(g,h)=>{r.emit("connection",g,h)})}}function Mn(t,e){let r=new Set;t.forEach((o,s)=>{if(s===0&&o.startsWith("HTTP/1.1 101 ")){e.setStatusCode(f.SWITCHING_PROTOCOLS);return}let[i,a]=o.split(": ");e.headers.has(i)?t[s]=`${i}: ${e.headers.one(i)}`:e.headers.set(i,a),r.add(i.toLowerCase())});let n=z.getNativeResponse(e);for(let o of n.getRawHeaderNames()){let s=o.toLowerCase();if(!r.has(s)){let i=e.headers.get(s);i!==void 0&&t.push(`${o}: ${i}`)}}n.markHeadersSent()}async function sr(t,e,r,n,o){try{T.info(`creating ws server for [${t}]. max connections: ${e.maxConnections??"<unlimited>"}, origin filters: ${e.originFilters?JSON.stringify(e.originFilters,dt):"<none>"}, ping: ${typeof e.ping=="number"?e.ping+"ms":e.ping?JSON.stringify(e.ping):"<none>"}`);let s=new ir.WebSocketServer({noServer:!0,WebSocket:Ie,autoPong:!1}),i=new $e(T.child("pings"),()=>[t,s.clients],e.ping),a=await e.factory({endpoint:r,storage:n});s.on("error",c=>{T.error(`error starting the ws server for [${t}]`,c)}).on("listening",()=>{T.info(`ws server for [${t}] is listening`)}).on("headers",(c,d)=>{if(d.exchange!==void 0){let{response:u}=d.exchange;Mn(c,u)}}).on("connection",(c,d)=>{let u=rr(d,c.protocol);c.on("pong",l=>{i.handlePong(u,c,l)}),c.on("ping",l=>{i.handlePing(u,c,l)}),a({socket:c,handshake:u})}),s.on("close",()=>{i.close()}),e.upgradeStrategy=On(t,e,s,o),e.close=async()=>{await a.close?.call(a),T.info(`stopping ws server for [${t}]. clients: ${s.clients?.size??0}`),s.clients?.forEach(c=>{c.terminate()}),s.close()}}catch(s){T.warn(`failed to init route ${t}`,s)}}var O=b("app");function Wn(t){let e={};return t.key&&(e.key=(0,Ne.readFileSync)(t.key)),t.cert&&(e.cert=(0,Ne.readFileSync)(t.cert)),t.ca&&(e.ca=(0,Ne.readFileSync)(t.ca)),e}async function Ln(t,e){let r=t.build();return async(n,o)=>{n.socket.addListener("error",e);let s;o instanceof q?s=o:(n.upgradeHead=o,s=new q(n),s.assignSocket(n.socket));let i=new _(n),a=new fe(s),c=i.method==="HEAD"?new We(a):a;await r(i,c)}}function In(t){return new Promise((e,r)=>{let n=t(o=>{o?r(o):e(n)})})}function $n(t){if(t)return xt({memoryLimit:t.memory_limit,dumpLocation:t.dump_location,dumpPrefix:t.dump_prefix,reportInterval:t.report_interval,maxBackups:t.max_backups})}async function Nn(t){let e=t.storage,r=await er(t),n=nr(t),o=ht(Ct(t.serverHeader),...r,...n,...t.middleware,async({request:s,response:i},a)=>{if(s.method==="GET"&&s.path==="/health"){i.setStatusCode(f.OK);let c=Buffer.from("UP","utf-8");i.headers.set("Content-Type","text/plain; charset=utf-8"),await i.body(c)}else await a()},async({request:s,response:i},a)=>{if(s.method==="GET"&&s.path==="/"){i.setStatusCode(f.OK);let c=Buffer.from("io.Gateway Server","utf-8");i.headers.set("Content-Type","text/plain; charset=utf-8"),await i.body(c)}else await a()},async({response:s},i)=>{s.setStatusCode(f.NOT_FOUND),await s.end()});return new Le(o).storage(e)}var it=async t=>{let e=t.ssl,r=e?(h,p)=>cr.default.createServer({...h,...Wn(e)},p):(h,p)=>ar.default.createServer(h,p),n=$n(t.memory),o={middleware:[],corsConfig:t.cors,cors:[],authConfig:t.auth,authorize:[],storage:new dr.AsyncLocalStorage,sockets:new Map},s=ur.IOGateway.Factory({...t.gateway});if(t.gateway){let h=t.gateway;await Je(async p=>{p.socket({path:h.route,factory:pt.bind(s),options:h})},t,o)}t.app&&await Je(t.app,t,o);let i=wt(t.port??0),a=t.host,c=h=>O.error(`socket error: ${h}`,h),d=await Nn(o),u=await Ln(d,c),g=await new Promise((h,p)=>{let w=r({IncomingMessage:le,ServerResponse:q,...t.http},u);w.on("error",m=>{if(m.code==="EADDRINUSE"){O.debug(`port ${m.port} already in use on address ${m.address}`);let{value:x}=i.next();x?(O.info(`retry starting server on port ${x} and host ${a??"<unspecified>"}`),w.close(),w.listen(x,a)):(O.warn(`all configured port(s) ${t.port} are in use. closing...`),w.close(),p(m))}else O.error(`server error: ${m.message}`,m),p(m)}),w.on("listening",async()=>{let m=w.address();for(let[x,X]of o.sockets){let B=`${e?"wss":"ws"}://${bt}:${m.port}${x}`;await sr(x,X,B,o.storage,c)}O.info(`http server listening on ${m.address}:${m.port}`),h(w)}),w.on("upgrade",(m,x,X)=>{try{u(m,X)}catch(B){O.error(`upgrade error: ${B}`,B)}}).on("close",async()=>{O.info("http server closed.")});try{let{value:m}=i.next();w.listen(m,a)}catch(m){O.error("error starting web socket server",m),p(m instanceof Error?m:new Error(`listen failed: ${m}`))}});return new class{gateway=s;async close(){for(let[h,p]of o.sockets)try{p.close!==void 0&&await p.close()}catch(w){O.warn(`error closing route ${h}`,w)}await In(h=>{g.closeAllConnections(),g.close(h)}),n&&await Et(n),s&&await s.stop()}}};var Fn=it;0&&(module.exports={GatewayServer});
1
+ "use strict";var pr=Object.create;var ae=Object.defineProperty;var hr=Object.getOwnPropertyDescriptor;var fr=Object.getOwnPropertyNames;var gr=Object.getPrototypeOf,mr=Object.prototype.hasOwnProperty;var at=(t,e)=>{for(var r in e)ae(t,r,{get:e[r],enumerable:!0})},ct=(t,e,r,n)=>{if(e&&typeof e=="object"||typeof e=="function")for(let o of fr(e))!mr.call(t,o)&&o!==r&&ae(t,o,{get:()=>e[o],enumerable:!(n=hr(e,o))||n.enumerable});return t};var ee=(t,e,r)=>(r=t!=null?pr(gr(t)):{},ct(e||!t||!t.__esModule?ae(r,"default",{value:t,enumerable:!0}):r,t)),yr=t=>ct(ae({},"__esModule",{value:!0}),t);var Bn={};at(Bn,{GatewayServer:()=>st,default:()=>Fn});module.exports=yr(Bn);var st={};at(st,{Factory:()=>it});var cr=ee(require("node:http"),1),dr=ee(require("node:https"),1),Fe=require("node:fs"),ur=require("node:async_hooks"),lr=require("@interopio/gateway");var dt=require("node:os"),Sr=/^(\d+|(0x[\da-f]+))(-(\d+|(0x[\da-f]+)))?$/i;function Be(t){if(t>65535)throw new Error(`bad port ${t}`);return t}function*ut(t){if(typeof t=="string")for(let e of t.split(",")){let r=e.trim(),n=Sr.exec(r);if(n){let o=parseInt(n[1]),s=parseInt(n[4]??n[1]);for(let i=Be(o);i<Be(s)+1;i++)yield i}else throw new Error(`'${e}' is not a valid port or range.`)}else yield Be(t)}var lt=(()=>{function t(r){return r.length>0?r[0]:void 0}let e=Object.values((0,dt.networkInterfaces)()).flatMap(r=>(r??[]).filter(n=>n.family==="IPv4")).reduce((r,n)=>(r[n.internal?"internal":"external"].push(n),r),{internal:[],external:[]});return(t(e.internal)??t(e.external))?.address})();function N(t){if(t)return t.family==="IPv6"?`[${t.address}]:${t.port}`:`${t.address}:${t.port}`}var pt=ee(require("@interopio/gateway/logging/core"),1);function b(t){return pt.getLogger(`gateway.server.${t}`)}function ht(t,e){return e instanceof RegExp?e.toString():e}var ft=require("@interopio/gateway"),gt=require("node:async_hooks"),M=b("ws"),wr=ft.IOGateway.Encoding.json();function br(t){let e;if(t.authenticated&&(e=t.name,e===void 0&&t.principal!==void 0)){let r=t.principal;typeof r=="object"&&(e=r.name),e===void 0&&(r===void 0?e="":e=String(r))}return e}function vr(t,e,r){let n=N(r),o=r?.address??"<unknown>",s={key:n,host:o,codec:wr,onAuthenticate:async()=>{let i=await e();if(i?.authenticated)return{type:"success",user:br(i)};throw new Error(`no valid client authentication ${n}`)},onPing:()=>{t.ping(i=>{i?M.warn(`failed to ping ${n}`,i):M.info(`ping sent to ${n}`)})},onDisconnect:i=>{switch(i){case"inactive":{M.warn(`no heartbeat (ping) received from ${n}, closing socket`),t.close(4001,"ping expected");break}case"shutdown":{t.close(1001,"shutdown");break}}}};try{return this.client(i=>t.send(i),s)}catch(i){M.warn(`${n} failed to create client`,i)}}async function xr(t){return M.info(`starting gateway on ${t.endpoint}`),await this.start(t),async({socket:e,handshake:r})=>{let{logPrefix:n,remoteAddress:o,principal:s}=r;M.info(`${n}connected on gw`);let i=vr.call(this,e,s,o);if(!i){M.error(`${n}gw client init failed`),e.terminate();return}e.on("error",c=>{M.error(`${n}websocket error: ${c}`,c)});let a=t.storage!==void 0?gt.AsyncLocalStorage.snapshot():void 0;e.on("message",(c,d)=>{Array.isArray(c)&&(c=Buffer.concat(c)),a!==void 0?a(()=>i.send(c)):i.send(c)}),e.on("close",c=>{M.info(`${n}disconnected from gw. code: ${c}`),i.close()})}}var mt=xr;function yt(...t){if(!Array.isArray(t))throw new Error("middleware must be array!");let e=t.flat();for(let r of e)if(typeof r!="function")throw new Error("middleware must be compose of functions!");return async function(r,n){let o=async(s,i)=>{let a=s===e.length?n:e[s];if(a===void 0)return;let c=!1,d=!1,p=await a(i,async f=>{if(c)throw new Error("next() called multiple times");c=!0;try{return await o(s+1,f??i)}finally{d=!0}});if(c&&!d)throw new Error(`middleware resolved before downstream.
2
+ You are probably missing an await or return statement in your middleware function.`);return p};return o(0,r)}}var St=require("node:net"),le=require("tough-cookie");function Er(t,e){let r=t.get("x-forwarded-host");if(Array.isArray(r)&&(r=r[0]),r){let n=t.one("x-forwarded-port");n&&(r=`${r}:${n}`)}return r??=t.one("host"),Array.isArray(r)&&(r=r[0]),r?r.split(",",1)[0].trim():e}function Cr(t){let e=t.one("x-forwarded-ssl");return typeof e=="string"&&e.toLowerCase()==="on"}function Ar(t,e){let r=t.get("x-forwarded-proto");return Array.isArray(r)&&(r=r[0]),r!==void 0?r.split(",",1)[0].trim():Cr(t)?"https":e}function Hr(t,e,r){let n=r?r.port:t.protocol==="https:"?443:80,o=e.one("x-forwarded-for");if(Array.isArray(o)&&(o=o[0]),o!==void 0)return o=o.split(",",1)[0].trim(),{address:o,port:Number(n),family:(0,St.isIP)(o)===6?"IPv6":"IPv4"}}var ce=class{#e;constructor(e){this.#e=e}get headers(){return this.#e}},de=class t extends ce{static logIdCounter=0;#e;get id(){return this.#e===void 0&&(this.#e=`${this.initId()}-${++t.logIdCounter}`),this.#e}initId(){return"request"}get cookies(){return Rr(this.headers)}parseHost(e){return Er(this.headers,e)}parseProtocol(e){return Ar(this.headers,e)}parseRemoteAddress(e){return Hr(this.URL,this.headers,e)}},ue=class extends ce{get cookies(){return Tr(this.headers)}setCookieValue(e){return new le.Cookie({key:e.name,value:e.value,maxAge:e.maxAge,domain:e.domain,path:e.path,secure:e.secure,httpOnly:e.httpOnly,sameSite:e.sameSite}).toString()}};function Pr(t){let e=[];{let r=0,n=0;for(let o=0;o<t.length;o++)switch(t.charCodeAt(o)){case 32:r===n&&(r=n=o+1);break;case 44:e.push(t.slice(r,n)),r=n=o+1;break;default:n=n+1;break}e.push(t.slice(r,n))}return e}function wt(t){typeof t=="string"&&(t=[t]),typeof t=="number"&&(t=[String(t)]);let e=[];if(t)for(let r of t)r&&e.push(...Pr(r));return e}function Rr(t){return t.list("cookie").map(e=>e.split(";").map(r=>le.Cookie.parse(r))).flat(1).filter(e=>e!==void 0).map(e=>Object.freeze({name:e.key,value:e.value}))}function Tr(t){return t.list("set-cookie").map(e=>{let r=le.Cookie.parse(e);if(r){let n={name:r.key,value:r.value,maxAge:Number(r.maxAge??-1)};return r.httpOnly&&(n.httpOnly=!0),r.domain&&(n.domain=r.domain),r.path&&(n.path=r.path),r.secure&&(n.secure=!0),r.httpOnly&&(n.httpOnly=!0),r.sameSite&&(n.sameSite=r.sameSite),Object.freeze(n)}}).filter(e=>e!==void 0)}var te=class{constructor(){}toList(e){let r=this.get(e);return wt(r)}},v=class extends Map{get(e){return super.get(e.toLowerCase())}one(e){return this.get(e)?.[0]}list(e){let r=super.get(e.toLowerCase());return wt(r)}set(e,r){return typeof r=="number"&&(r=String(r)),typeof r=="string"&&(r=[r]),r?super.set(e.toLowerCase(),r):(super.delete(e.toLowerCase()),this)}add(e,r){let n=super.get(e.toLowerCase());return typeof r=="string"&&(r=[r]),n&&(r=n.concat(r)),this.set(e,r),this}};var De=class{#e;constructor(e){this.#e=e}get value(){return this.#e}toString(){return this.#e.toString()}},g=class t{static CONTINUE=new t(100,"Continue");static SWITCHING_PROTOCOLS=new t(101,"Switching Protocols");static OK=new t(200,"OK");static CREATED=new t(201,"Created");static ACCEPTED=new t(202,"Accepted");static NON_AUTHORITATIVE_INFORMATION=new t(203,"Non-Authoritative Information");static NO_CONTENT=new t(204,"No Content");static RESET_CONTENT=new t(205,"Reset Content");static PARTIAL_CONTENT=new t(206,"Partial Content");static MULTI_STATUS=new t(207,"Multi-Status");static IM_USED=new t(226,"IM Used");static MULTIPLE_CHOICES=new t(300,"Multiple Choices");static MOVED_PERMANENTLY=new t(301,"Moved Permanently");static BAD_REQUEST=new t(400,"Bad Request");static UNAUTHORIZED=new t(401,"Unauthorized");static FORBIDDEN=new t(403,"Forbidden");static NOT_FOUND=new t(404,"Not Found");static METHOD_NOT_ALLOWED=new t(405,"Method Not Allowed");static NOT_ACCEPTABLE=new t(406,"Not Acceptable");static PROXY_AUTHENTICATION_REQUIRED=new t(407,"Proxy Authentication Required");static REQUEST_TIMEOUT=new t(408,"Request Timeout");static CONFLICT=new t(409,"Conflict");static GONE=new t(410,"Gone");static LENGTH_REQUIRED=new t(411,"Length Required");static PRECONDITION_FAILED=new t(412,"Precondition Failed");static PAYLOAD_TOO_LARGE=new t(413,"Payload Too Large");static URI_TOO_LONG=new t(414,"URI Too Long");static UNSUPPORTED_MEDIA_TYPE=new t(415,"Unsupported Media Type");static EXPECTATION_FAILED=new t(417,"Expectation Failed");static IM_A_TEAPOT=new t(418,"I'm a teapot");static TOO_EARLY=new t(425,"Too Early");static UPGRADE_REQUIRED=new t(426,"Upgrade Required");static PRECONDITION_REQUIRED=new t(428,"Precondition Required");static TOO_MANY_REQUESTS=new t(429,"Too Many Requests");static REQUEST_HEADER_FIELDS_TOO_LARGE=new t(431,"Request Header Fields Too Large");static UNAVAILABLE_FOR_LEGAL_REASONS=new t(451,"Unavailable For Legal Reasons");static INTERNAL_SERVER_ERROR=new t(500,"Internal Server Error");static NOT_IMPLEMENTED=new t(501,"Not Implemented");static BAD_GATEWAY=new t(502,"Bad Gateway");static SERVICE_UNAVAILABLE=new t(503,"Service Unavailable");static GATEWAY_TIMEOUT=new t(504,"Gateway Timeout");static HTTP_VERSION_NOT_SUPPORTED=new t(505,"HTTP Version Not Supported");static VARIANT_ALSO_NEGOTIATES=new t(506,"Variant Also Negotiates");static INSUFFICIENT_STORAGE=new t(507,"Insufficient Storage");static LOOP_DETECTED=new t(508,"Loop Detected");static NOT_EXTENDED=new t(510,"Not Extended");static NETWORK_AUTHENTICATION_REQUIRED=new t(511,"Network Authentication Required");static#e=[];static{Object.keys(t).filter(e=>e!=="VALUES"&&e!=="resolve").forEach(e=>{let r=t[e];r instanceof t&&(Object.defineProperty(r,"name",{enumerable:!0,value:e,writable:!1}),t.#e.push(r))})}static resolve(e){for(let r of t.#e)if(r.value===e)return r}#r;#t;constructor(e,r){this.#r=e,this.#t=r}get value(){return this.#r}get phrase(){return this.#t}toString(){return`${this.#r} ${this.name}`}};function bt(t){if(typeof t=="number"){if(t<100||t>999)throw new Error(`status code ${t} should be in range 100-999`);let e=g.resolve(t);return e!==void 0?e:new De(t)}return t}var we=ee(require("node:http"),1),pe=class extends we.default.IncomingMessage{exchange;upgradeHead;get urlBang(){return this.url}get socketEncrypted(){return this.socket.encrypted===!0}},_=class extends we.default.ServerResponse{markHeadersSent(){this._header=!0}getRawHeaderNames(){return super.getRawHeaderNames()}},he=class extends de{},fe=class extends ue{#e=[];#r;#t="new";#o=[];setStatusCode(e){return this.#t==="committed"?!1:(this.#r=e,!0)}setRawStatusCode(e){return this.setStatusCode(e===void 0?void 0:bt(e))}get statusCode(){return this.#r}addCookie(e){if(this.#t==="committed")throw new Error(`Cannot add cookie ${JSON.stringify(e)} because HTTP response has already been committed`);return this.#e.push(e),this}beforeCommit(e){this.#o.push(e)}get commited(){let e=this.#t;return e!=="new"&&e!=="commit-action-failed"}async body(e){if(e instanceof ReadableStream)throw new Error("ReadableStream body not supported yet");let r=await e;try{return await this.doCommit(async()=>await this.bodyInternal(Promise.resolve(r))).catch(n=>{throw n})}catch(n){throw n}}async end(){return this.commited?Promise.resolve(!1):this.doCommit(async()=>await this.bodyInternal(Promise.resolve()))}doCommit(e){let r=this.#t,n=Promise.resolve();if(r==="new")this.#t="committing",this.#o.length>0&&(n=this.#o.reduce((o,s)=>o.then(()=>s()),Promise.resolve()).catch(o=>{this.#t==="committing"&&(this.#t="commit-action-failed")}));else if(r==="commit-action-failed")this.#t="committing";else return Promise.resolve(!1);return n=n.then(()=>{this.applyStatusCode(),this.applyHeaders(),this.applyCookies(),this.#t="committed"}),n.then(async()=>e!==void 0?await e():!0)}applyStatusCode(){}applyHeaders(){}applyCookies(){}},z=class extends he{#e;#r;#t;constructor(e){super(new Ue(e)),this.#t=e}getNativeRequest(){return this.#t}get upgrade(){return this.#t.upgrade}get http2(){return this.#t.httpVersionMajor>=2}get path(){return this.URL?.pathname}get URL(){return this.#e??=new URL(this.#t.urlBang,`${this.protocol}://${this.host}`),this.#e}get query(){return this.URL?.search}get method(){return this.#t.method}get host(){let e;return this.#t.httpVersionMajor>=2&&(e=this.#t.headers[":authority"]),e??=this.#t.socket.remoteAddress,super.parseHost(e)}get protocol(){let e;return this.#t.httpVersionMajor>2&&(e=this.#t.headers[":scheme"]),e??=this.#t.socketEncrypted?"https":"http",super.parseProtocol(e)}get socket(){return this.#t.socket}get remoteAddress(){let e=this.#t.socket.remoteFamily,r=this.#t.socket.remoteAddress,n=this.#t.socket.remotePort,o=!e||!r||!n?void 0:{family:e,address:r,port:n};return super.parseRemoteAddress(o)??o}get cookies(){return this.#r??=super.cookies,this.#r}get body(){return we.default.IncomingMessage.toWeb(this.#t)}async blob(){let e=[];if(this.body!==void 0)for await(let r of this.body)e.push(r);return new Blob(e,{type:this.headers.one("content-type")||"application/octet-stream"})}async text(){return await(await this.blob()).text()}async formData(){let r=await(await this.blob()).text();return new URLSearchParams(r)}async json(){let e=await this.blob();if(e.size===0)return;let r=await e.text();return JSON.parse(r)}initId(){let e=this.#t.socket.remoteAddress;if(!e)throw new Error("Socket has no remote address");return`${e}:${this.#t.socket.remotePort}`}},Ue=class extends te{#e;constructor(e){super(),this.#e=e}has(e){return this.#e.headers[e]!==void 0}get(e){return this.#e.headers[e]}list(e){return super.toList(e)}one(e){let r=this.#e.headers[e];return Array.isArray(r)?r[0]:r}keys(){return Object.keys(this.#e.headers).values()}},qe=class extends te{#e;constructor(e){super(),this.#e=e}has(e){return this.#e.hasHeader(e)}keys(){return this.#e.getHeaderNames().values()}get(e){return this.#e.getHeader(e)}one(e){let r=this.#e.getHeader(e);return Array.isArray(r)?r[0]:r}set(e,r){return this.#e.headersSent||(Array.isArray(r)?r=r.map(n=>typeof n=="number"?String(n):n):typeof r=="number"&&(r=String(r)),r?this.#e.setHeader(e,r):this.#e.removeHeader(e)),this}add(e,r){return this.#e.headersSent||this.#e.appendHeader(e,r),this}list(e){return super.toList(e)}},ge=class extends fe{#e;constructor(e){super(new qe(e)),this.#e=e}getNativeResponse(){return this.#e}get statusCode(){return super.statusCode??{value:this.#e.statusCode}}applyStatusCode(){let e=super.statusCode;e!==void 0&&(this.#e.statusCode=e.value)}addCookie(e){return this.headers.add("Set-Cookie",super.setCookieValue(e)),this}async bodyInternal(e){if(this.#e.headersSent)return!1;if(e instanceof ReadableStream)throw new Error("ReadableStream body not supported in response");{let r=await e;return await new Promise((n,o)=>{try{r===void 0?this.#e.end(()=>{n(!0)}):(this.headers.has("content-length")||(typeof r=="string"?this.headers.set("content-length",Buffer.byteLength(r)):r instanceof Blob?this.headers.set("content-length",r.size):this.headers.set("content-length",r.byteLength)),this.#e.end(r,()=>{n(!0)}))}catch(s){o(s instanceof Error?s:new Error(`end failed: ${s}`))}})}}},me=class t{#e;constructor(e){this.#e=e}get delegate(){return this.#e}get id(){return this.#e.id}get method(){return this.#e.method}get path(){return this.#e.path}get protocol(){return this.#e.protocol}get host(){return this.#e.host}get URL(){return this.#e.URL}get headers(){return this.#e.headers}get cookies(){return this.#e.cookies}get remoteAddress(){return this.#e.remoteAddress}get upgrade(){return this.#e.upgrade}get body(){return this.#e.body}async blob(){return await this.#e.blob()}async text(){return await this.#e.text()}async formData(){return await this.#e.formData()}async json(){return await this.#e.json()}toString(){return`${t.name} [delegate: ${this.delegate.toString()}]`}static getNativeRequest(e){if(e instanceof he)return e.getNativeRequest();if(e instanceof t)return t.getNativeRequest(e.delegate);throw new Error(`Cannot get native request from ${e.constructor.name}`)}},G=class t{#e;constructor(e){this.#e=e}get delegate(){return this.#e}setStatusCode(e){return this.delegate.setStatusCode(e)}setRawStatusCode(e){return this.delegate.setRawStatusCode(e)}get statusCode(){return this.delegate.statusCode}get cookies(){return this.delegate.cookies}addCookie(e){return this.delegate.addCookie(e),this}async end(){return await this.delegate.end()}async body(e){return await this.#e.body(e)}get headers(){return this.#e.headers}toString(){return`${t.name} [delegate: ${this.delegate.toString()}]`}static getNativeResponse(e){if(e instanceof fe)return e.getNativeResponse();if(e instanceof t)return t.getNativeResponse(e.delegate);throw new Error(`Cannot get native response from ${e.constructor.name}`)}},ye=class t{#e;constructor(e){this.#e=e}get delegate(){return this.#e}get request(){return this.#e.request}get response(){return this.#e.response}attribute(e){return this.#e.attribute(e)}principal(){return this.#e.principal()}get logPrefix(){return this.#e.logPrefix}toString(){return`${t.name} [delegate: ${this.delegate}]`}},Se=class{request;response;#e={};#r;#t="";constructor(e,r){this.#e[vt]=e.id,this.request=e,this.response=r}get method(){return this.request.method}get path(){return this.request.path}get attributes(){return this.#e}attribute(e){return this.attributes[e]}principal(){return Promise.resolve(void 0)}get logPrefix(){let e=this.attribute(vt);return this.#r!==e&&(this.#r=e,this.#t=e!==void 0?`[${e}] `:""),this.#t}},vt="io.interop.gateway.server.log_id";var be=require("node:v8"),W=require("node:fs/promises"),y=b("monitoring"),kr={memoryLimit:1024*1024*1024,reportInterval:600*1e3,dumpLocation:".",maxBackups:10,dumpPrefix:"Heap"};function Or(){return(0,be.getHeapStatistics)()}async function xt(t){let e=t.dumpPrefix??"Heap",r=`${t.dumpLocation}/${e}.heapsnapshot`;y.enabledFor("debug")&&y.debug(`starting heap dump in ${r}`),await _e(t.dumpLocation).catch(async o=>{y.enabledFor("debug")&&y.debug(`dump location ${t.dumpLocation} does not exists. Will try to create it`);try{await(0,W.mkdir)(t.dumpLocation,{recursive:!0}),y.info(`dump location dir ${t.dumpLocation} successfully created`)}catch{y.error(`failed to create dump location ${t.dumpLocation}`)}});let n=(0,be.writeHeapSnapshot)(r);y.info("heap dumped");try{y.debug("rolling snapshot backups");let o=`${t.dumpLocation}/${e}.${t.maxBackups}.heapsnapshot`;await _e(o).then(async()=>{y.enabledFor("debug")&&y.debug(`deleting ${o}`);try{await(0,W.unlink)(o)}catch(i){y.warn(`failed to delete ${o}`,i)}}).catch(()=>{});for(let i=t.maxBackups-1;i>0;i--){let a=`${t.dumpLocation}/${e}.${i}.heapsnapshot`,c=`${t.dumpLocation}/${e}.${i+1}.heapsnapshot`;await _e(a).then(async()=>{try{await(0,W.rename)(a,c)}catch(d){y.warn(`failed to rename ${a} to ${c}`,d)}}).catch(()=>{})}let s=`${t.dumpLocation}/${e}.1.heapsnapshot`;try{await(0,W.rename)(n,s)}catch(i){y.warn(`failed to rename ${n} to ${s}`,i)}y.debug("snapshots rolled")}catch(o){throw y.error("error rolling backups",o),o}}async function _e(t){y.enabledFor("trace")&&y.debug(`checking file ${t}`),await(0,W.access)(t)}async function Mr(t,e,r){y.enabledFor("debug")&&y.debug(`processing heap stats ${JSON.stringify(t)}`);let n=Math.min(r.memoryLimit,.95*t.heap_size_limit),o=t.used_heap_size;y.info(`heap stats ${JSON.stringify(t)}`),o>=n?(y.warn(`used heap ${o} bytes exceeds memory limit ${n} bytes`),e.memoryLimitExceeded?delete e.snapshot:(e.memoryLimitExceeded=!0,e.snapshot=!0),await xt(r)):(e.memoryLimitExceeded=!1,delete e.snapshot)}function Et(t){let e={...kr,...t},r=!1,n={memoryLimitExceeded:!1},o=async()=>{let a=Or();await Mr(a,n,e)},s=setInterval(o,e.reportInterval);return{...e,channel:async a=>{if(!r)switch(a??="run",a){case"run":{await o();break}case"dump":{await xt(e);break}case"stop":{r=!0,clearInterval(s),y.info("exit memory diagnostic");break}}return r}}}async function Wr({channel:t},e){await t(e)||y.warn(`cannot execute command "${e}" already closed`)}async function Ct(t){return await Wr(t,"stop")}var ze=ee(require("@interopio/gateway-server/package.json"),1),Lr=t=>(t??=`${ze.default.name} - v${ze.default.version}`,async({response:e},r)=>{t!==!1&&!e.headers.has("server")&&e.headers.set("Server",t),await r()}),At=t=>Lr(t);var re=require("@interopio/gateway");var Ge=b("gateway.ws.client-verify");function $r(t){switch(t.missing){case"allow":case"whitelist":return!0;case"block":case"blacklist":return!1;default:return!1}}function Nr(t,e){let r=t.block??t.blacklist,n=t.allow??t.whitelist;if(r.length>0&&re.IOGateway.Filtering.valuesMatch(r,e))return Ge.warn(`origin ${e} matches block filter`),!1;if(n.length>0&&re.IOGateway.Filtering.valuesMatch(n,e))return Ge.enabledFor("debug")&&Ge.debug(`origin ${e} matches allow filter`),!0}function Fr(t){switch(t.non_matched){case"allow":case"whitelist":return!0;case"block":case"blacklist":return!1;default:return!1}}function Ht(t,e){if(!e)return!0;if(t){let r=Nr(e,t);return r||Fr(e)}else return $r(e)}function Pt(t){if(t){let e=(t.block??t.blacklist??[]).map(re.IOGateway.Filtering.regexify),r=(t.allow??t.whitelist??[]).map(re.IOGateway.Filtering.regexify);return{non_matched:t.non_matched??"allow",missing:t.missing??"allow",allow:r,block:e}}}var Rt=t=>async e=>{for(let r of t)if((await r(e)).match)return A();return E},j=t=>{let e=async r=>{for(let n of t)if(!(await n(r)).match)return E;return A()};return e.toString=()=>`and(${t.map(r=>r.toString()).join(", ")})`,e},Tt=t=>async e=>(await t(e)).match?E:A(),ne=async t=>A();ne.toString=()=>"any-exchange";var kt=Object.freeze({}),E=Object.freeze({match:!1,variables:kt}),A=(t=kt)=>({match:!0,variables:t}),H=(t,e)=>{let r=e?.method,n=async o=>{let s=o.request,i=s.path;if(r!==void 0&&s.method!==r)return E;if(typeof t=="string")return i===t?A():E;{let a=t.exec(i);return a===null?E:{match:!0,variables:{...a.groups}}}};return n.toString=()=>`pattern(${t.toString()}, method=${r??"<any>"})`,n},je=t=>{let e=r=>{if(t.ignoredMediaTypes!==void 0){for(let n of t.ignoredMediaTypes)if(r===n||n==="*/*")return!0}return!1};return async r=>{let n=r.request,o;try{o=n.headers.list("accept")}catch{return E}for(let s of o)if(!e(s)){for(let i of t.mediaTypes)if(s.startsWith(i))return A()}return E}},U=async({request:t})=>t.upgrade&&t.headers.one("upgrade")?.toLowerCase()==="websocket"?A():E;U.toString=()=>"websocket upgrade";var Ve=require("@interopio/gateway");async function Je(t,e,r){let n=(s,i)=>{if(i?.cors){let a=i.cors===!0?{allowOrigins:i.origins?.allow?.map(Ve.IOGateway.Filtering.regexify),allowMethods:s.method===void 0?["*"]:[s.method],allowCredentials:i.authorize?.access!=="permitted"?!0:void 0}:i.cors,c=s.path;r.cors.push([c,a])}},o=new class{handle(...s){s.forEach(({request:i,options:a,handler:c})=>{let d=H(Ve.IOGateway.Filtering.regexify(i.path),{method:i.method});a?.authorize&&r.authorize.push([d,a.authorize]),n(i,a);let u=async(p,f)=>{let{match:l,variables:h}=await d(p);l?await c(p,h):await f()};r.middleware.push(u)})}socket(...s){for(let{path:i,factory:a,options:c}of s){let d=i??"/";r.sockets.set(d,{default:i===void 0,ping:c?.ping,factory:a,maxConnections:c?.maxConnections,authorize:c?.authorize,originFilters:Pt(c?.origins)})}}};await t(o,e)}var Ee=require("@interopio/gateway");function Dr(t){let e=t.headers.one("origin");if(e===void 0)return!0;let r=t.URL,n=r.protocol,o=r.host,s=URL.parse(e),i=s?.host,a=s?.protocol;return n===a&&o===i}function Ur(t){return t.headers.has("origin")&&!Dr(t)}function Mt(t){return t.method==="OPTIONS"&&t.headers.has("origin")&&t.headers.has("access-control-request-method")}var Ot=["Origin","Access-Control-Request-Method","Access-Control-Request-Headers"],qr=(t,e)=>{let{request:r,response:n}=t,o=n.headers;if(!o.has("Vary"))o.set("Vary",Ot.join(", "));else{let i=o.list("Vary");for(let a of Ot)i.find(c=>c===a)||i.push(a);o.set("Vary",i.join(", "))}try{if(!Ur(r))return!0}catch{return P.enabledFor("debug")&&P.debug("reject: origin is malformed"),oe(n),!1}if(o.has("access-control-allow-origin"))return P.enabledFor("trace")&&P.debug('skip: already contains "Access-Control-Allow-Origin"'),!0;let s=Mt(r);return e?zr(t,e,s):s?(oe(n),!1):!0},xe=["*"],Qe=["GET","HEAD","POST"],Wt={allowOrigins:xe,allowMethods:Qe,allowHeaders:xe,maxAge:1800};function Ce(t){if(t){let e=t.allowHeaders;e&&e!==S&&(t={...t,allowHeaders:e.map(n=>n.toLowerCase())});let r=t.allowOrigins;return r&&(r==="*"?(Lt(t),$t(t)):t={...t,allowOrigins:r.map(n=>typeof n=="string"&&n!==S&&(n=Ee.IOGateway.Filtering.regexify(n),typeof n=="string")?Nt(n).toLowerCase():n)}),t}}function ve(t,e){if(e===void 0)return t!==void 0?t===S?[S]:t:[];if(t===void 0)return e===S?[S]:e;if(t==xe||t===Qe)return e===S?[S]:e;if(e==xe||e===Qe)return t===S?[S]:t;if(t===S||t.includes(S)||e===S||e.includes(S))return[S];let r=new Set;return t.forEach(n=>r.add(n)),e.forEach(n=>r.add(n)),Array.from(r)}var ie=(t,e)=>e===void 0?t:{allowOrigins:ve(t.allowOrigins,e?.allowOrigins),allowMethods:ve(t.allowMethods,e?.allowMethods),allowHeaders:ve(t.allowHeaders,e?.allowHeaders),exposeHeaders:ve(t.exposeHeaders,e?.exposeHeaders),allowCredentials:e?.allowCredentials??t.allowCredentials,allowPrivateNetwork:e?.allowPrivateNetwork??t.allowPrivateNetwork,maxAge:e?.maxAge??t.maxAge},_r=t=>{let e=t.corsConfigSource,r=t.corsProcessor??qr;return async(n,o)=>{let s=await e(n);!r(n,s)||Mt(n.request)||await o()}},It=_r,P=b("cors");function oe(t){t.setStatusCode(g.FORBIDDEN)}function zr(t,e,r){let{request:n,response:o}=t,s=o.headers,i=n.headers.one("origin"),a=jr(e,i);if(a===void 0)return P.enabledFor("debug")&&P.debug(`reject: '${i}' origin is not allowed`),oe(o),!1;let c=Qr(n,r),d=Vr(e,c);if(d===void 0)return P.enabledFor("debug")&&P.debug(`reject: HTTP '${c}' is not allowed`),oe(o),!1;let u=Yr(n,r),p=Jr(e,u);if(r&&p===void 0)return P.enabledFor("debug")&&P.debug(`reject: headers '${u}' are not allowed`),oe(o),!1;s.set("Access-Control-Allow-Origin",a),r&&s.set("Access-Control-Allow-Methods",d.join(",")),r&&p!==void 0&&p.length>0&&s.set("Access-Control-Allow-Headers",p.join(", "));let f=e.exposeHeaders;return f&&f.length>0&&s.set("Access-Control-Expose-Headers",f.join(", ")),e.allowCredentials&&s.set("Access-Control-Allow-Credentials","true"),e.allowPrivateNetwork&&n.headers.one("access-control-request-private-network")==="true"&&s.set("Access-Control-Allow-Private-Network","true"),r&&e.maxAge!==void 0&&s.set("Access-Control-Max-Age",e.maxAge.toString()),!0}var S="*",Gr=["GET","HEAD"];function Lt(t){if(t.allowCredentials===!0&&t.allowOrigins===S)throw new Error('when allowCredentials is true allowOrigins cannot be "*"')}function $t(t){if(t.allowPrivateNetwork===!0&&t.allowOrigins===S)throw new Error('when allowPrivateNetwork is true allowOrigins cannot be "*"')}function jr(t,e){if(e){let r=t.allowOrigins;if(r){if(r===S)return Lt(t),$t(t),S;let n=Nt(e.toLowerCase());for(let o of r)if(o===S||Ee.IOGateway.Filtering.valueMatches(o,n))return e}}}function Vr(t,e){if(e){let r=t.allowMethods??Gr;if(r===S)return[e];if(Ee.IOGateway.Filtering.valuesMatch(r,e))return r}}function Jr(t,e){if(e===void 0)return;if(e.length==0)return[];let r=t.allowHeaders;if(r===void 0)return;let n=r===S||r.includes(S),o=[];for(let s of e){let i=s?.trim();if(i){if(n)o.push(i);else for(let a of r)if(i.toLowerCase()===a){o.push(i);break}}}if(o.length>0)return o}function Nt(t){return t.endsWith("/")?t.slice(0,-1):t}function Qr(t,e){return e?t.headers.one("access-control-request-method"):t.method}function Yr(t,e){let r=t.headers;return e?r.list("access-control-request-headers"):Array.from(r.keys())}var Ft=t=>async e=>{for(let[r,n]of t.mappings)if((await r(e)).match)return P.debug(`resolved cors config on '${e.request.path}' using ${r}: ${JSON.stringify(n)}`),n};var Bt=require("@interopio/gateway");function Dt(t){let{sockets:e,cors:r}=t,n=t.corsConfig===!1?void 0:ie(Wt,t.corsConfig),o=[];for(let[i,a]of e){let c=n;for(let[u,p]of r)Bt.IOGateway.Filtering.valueMatches(u,i)&&(p===void 0?c=void 0:c=c===void 0?p:ie(c,p));let d=t.corsConfig===!1?void 0:{allowOrigins:a.originFilters?.allow,allowMethods:["GET","CONNECT","OPTIONS"],allowHeaders:["Upgrade","Connection","Origin","Sec-Websocket-Key","Sec-Websocket-Version","Sec-Websocket-Protocol","Sec-Websocket-Extensions"],exposeHeaders:["Sec-Websocket-Accept","Sec-Websocket-Protocol","Sec-Websocket-Extensions"],allowCredentials:a.authorize?.access!=="permitted"?!0:void 0};c=c===void 0?d:ie(c,d),o.push([j([U,H(i)]),Ce(c)])}let s=[];for(let[i,a]of r){let[,c]=s.find(([u])=>String(u)===String(i))??[i,n];c=c===void 0?a:ie(c,a);let d=!1;for(let u of s)if(String(u[0])===String(i)){u[1]=c,d=!0;break}d||s.push([i,c])}for(let[i,a]of s)o.push([H(i),Ce(a)]);return o.push([H(/\/api\/.*/),Ce(n)]),Ft({mappings:o})}function Ut(t){return t!==void 0&&typeof t.type=="string"&&typeof t.authenticated=="boolean"}var C=class extends Error{_authentication;get authentication(){return this._authentication}set authentication(e){if(e===void 0)throw new TypeError("Authentication cannot be undefined");this._authentication=e}},Ae=class extends C{},He=class extends C{};var q=class extends Error{},I=class{constructor(e){this.granted=e}granted},F=class{#e;constructor(e){this.#e=e}async verify(e,r){if(!(await this.#e(e,r))?.granted)throw new q("Access denied")}async authorize(e,r){return await this.#e(e,r)}},V=class extends C{};var R=t=>async e=>{let r=!0,{response:n}=e;for(let o of t.keys())n.headers.has(o)&&(r=!1);if(r)for(let[o,s]of t)n.headers.set(o,s)},Kr=()=>R(new v().add("cache-control","no-cache, no-store, max-age=0, must-revalidate").add("pragma","no-cache").add("expires","0")),Xr=()=>R(new v().add("x-content-type-options","nosniff")),Zr=(t,e,r)=>{let n=`max-age=${t}`;e&&(n+=" ; includeSubDomains"),r&&(n+=" ; preload");let o=R(new v().add("strict-transport-security",n)),s=i=>i.request.URL.protocol==="https:";return async i=>{s(i)&&await o(i)}},en=t=>R(new v().add("x-frame-options",t)),tn=t=>R(new v().add("x-xss-protection",t)),rn=t=>{let e=t===void 0?void 0:R(new v().add("permissions-policy",t));return async r=>{e!==void 0&&await e(r)}},nn=(t,e)=>{let r=e?"content-security-policy-report-only":"content-security-policy",n=t===void 0?void 0:R(new v().add(r,t));return async o=>{n!==void 0&&await n(o)}},on=(t="no-referrer")=>R(new v().add("referer-policy",t)),sn=t=>{let e=t===void 0?void 0:R(new v().add("cross-origin-opener-policy",t));return async r=>{e!==void 0&&await e(r)}},an=t=>{let e=t===void 0?void 0:R(new v().add("cross-origin-embedder-policy",t));return async r=>{e!==void 0&&await e(r)}},cn=t=>{let e=t===void 0?void 0:R(new v().add("cross-origin-resource-policy",t));return async r=>{e!==void 0&&await e(r)}},dn=(...t)=>async e=>{for(let r of t)await r(e)};function Ye(t){let e=[];t?.cache?.disabled||e.push(Kr()),t?.contentType?.disabled||e.push(Xr()),t?.hsts?.disabled||e.push(Zr(t?.hsts?.maxAge??365*24*60*60,t?.hsts?.includeSubDomains??!0,t?.hsts?.preload??!1)),t?.frameOptions?.disabled||e.push(en(t?.frameOptions?.mode??"DENY")),t?.xss?.disabled||e.push(tn(t?.xss?.headerValue??"0")),t?.permissionsPolicy?.disabled||e.push(rn(t?.permissionsPolicy?.policyDirectives)),t?.contentSecurityPolicy?.disabled||e.push(nn(t?.contentSecurityPolicy?.policyDirectives??"default-src 'self'",t?.contentSecurityPolicy?.reportOnly)),t?.refererPolicy?.disabled||e.push(on(t?.refererPolicy?.policy??"no-referrer")),t?.crossOriginOpenerPolicy?.disabled||e.push(sn(t?.crossOriginOpenerPolicy?.policy)),t?.crossOriginEmbedderPolicy?.disabled||e.push(an(t?.crossOriginEmbedderPolicy?.policy)),t?.crossOriginResourcePolicy?.disabled||e.push(cn(t?.crossOriginResourcePolicy?.policy)),t?.writers&&e.push(...t.writers);let r=dn(...e);return async(n,o)=>{await r(n),await o()}}var J=t=>{let e=t.entryPoint,r=t?.rethrowAuthenticationServiceError??!0;return async({exchange:n},o)=>{if(!r||!(o instanceof V))return e(n,o);throw o}};var un="Realm",ln=t=>`Basic realm="${t}"`,Q=t=>{let e=ln(t?.realm??un);return async(r,n)=>{let{response:o}=r;o.setStatusCode(g.UNAUTHORIZED),o.headers.set("WWW-Authenticate",e)}};var qt="Basic ",Pe=t=>async e=>{let{request:r}=e,n=r.headers.one("authorization");if(!n||!/basic/i.test(n.substring(0)))return;let o=n.length<=qt.length?"":n.substring(qt.length),i=Buffer.from(o,"base64").toString(t?.credentialsEncoding??"utf-8").split(":",2);if(i.length===2)return{type:"UsernamePassword",authenticated:!1,principal:i[0],credentials:i[1]}};var _t=require("node:async_hooks"),B=class t{static hasSecurityContext(e){return e.getStore()?.securityContext!==void 0}static async getSecurityContext(e){return await e.getStore()?.securityContext}static clearSecurityContext(e){delete e.getStore()?.securityContext}static withSecurityContext(e){return(r=new _t.AsyncLocalStorage)=>(r.getStore().securityContext=e,r)}static withAuthentication(e){return t.withSecurityContext(Promise.resolve({authentication:e}))}static async getContext(e){if(t.hasSecurityContext(e))return t.getSecurityContext(e)}};async function pn(t,e,r,n,o,s){let a=await(await n(t))?.(r);if(a===void 0)throw new Error("No authentication manager found for the exchange");try{await hn(a,{exchange:t,next:e},o,s)}catch(c){throw c instanceof C,c}}async function hn(t,e,r,n){B.withAuthentication(t)(n),await r(e,t)}function Y(t){let e={matcher:ne,successHandler:async({next:n})=>{await n()},converter:Pe({}),failureHandler:J({entryPoint:Q({})}),...t},r=e.managerResolver;if(r===void 0&&e.manager!==void 0){let n=e.manager;r=async o=>n}if(r===void 0)throw new Error("Authentication filter requires a managerResolver or a manager");return async(n,o)=>{let i=(await e.matcher(n)).match?await e.converter(n):void 0;if(i===void 0){await o();return}try{await pn(n,o,i,r,e.successHandler,e.storage)}catch(a){if(a instanceof C){await e.failureHandler({exchange:n,next:o},a);return}throw a}}}var zt=t=>async(e,r)=>{e.response.setStatusCode(t.httpStatus)};var K=b("auth.entry-point"),Re=t=>{let e=t.defaultEntryPoint??(async({response:r},n)=>{r.setStatusCode(g.UNAUTHORIZED),await r.end()});return async(r,n)=>{for(let[o,s]of t.entryPoints)if(K.enabledFor("debug")&&K.debug(`trying to match using: ${o}`),(await o(r)).match)return K.enabledFor("debug")&&K.debug(`match found. using default entry point ${s}`),s(r,n);return K.enabledFor("debug")&&K.debug(`no match found. using default entry point ${e}`),e(r,n)}};var Gt=t=>async({exchange:e,next:r},n)=>{for(let o of t)await o({exchange:e,next:r},n)};function Ke(t){let e=async f=>f.request.headers.list("X-Requested-With").includes("XMLHttpRequest")?A():E,r=Re({entryPoints:[[e,zt({httpStatus:g.UNAUTHORIZED})]],defaultEntryPoint:Q({})}),n=t.entryPoint??r,o=t.manager,s=je({mediaTypes:["application/atom+xml","application/x-www-form-urlencoded","application/json","application/octet-stream","application/xml","multipart/form-data","text/xml"],ignoredMediaTypes:["*/*"]}),i=Tt(je({mediaTypes:["text/html"]})),a=j([i,s]),c=Rt([e,a]);t.defaultEntryPoints.push([c,n]);let d=t.failureHandler??J({entryPoint:n}),u=Gt(t.successHandlers??t.defaultSuccessHandlers),p=Pe({});return Y({storage:t.storage,manager:o,failureHandler:d,successHandler:u,converter:p})}var jt={invalid_request:"invalid_request",invalid_token:"invalid_token",insufficient_scope:"insufficient_scope"},Vt="https://tools.ietf.org/html/rfc6750#section-3.1";function Te(t){return{errorCode:jt.invalid_token,httpStatus:g.UNAUTHORIZED,description:t,uri:Vt}}function Xe(t){return{errorCode:jt.invalid_request,httpStatus:g.BAD_REQUEST,description:t,uri:Vt}}var fn="access_token",gn=/^Bearer\s+(?<token>[a-zA-Z0-9-._~+/]+=*)$/i,k=class extends C{error;constructor(e,r,n){super(r??(typeof e=="string"?void 0:e.description),n),this.error=typeof e=="string"?{errorCode:e}:e}},Jt=t=>t.type==="BearerToken",mn=t=>async e=>{let{request:r}=e;return Promise.all([Sn(r.headers,t?.headerName).then(n=>n!==void 0?[n]:void 0),wn(r,t?.uriQueryParameter),bn(e,t?.formEncodedBodyParameter)]).then(n=>n.filter(o=>o!==void 0).flat(1)).then(yn).then(n=>{if(n)return{authenticated:!1,type:"BearerToken",token:n}})};async function yn(t){if(t.length===0)return;if(t.length>1){let r=Xe("Found multiple access tokens in the request");throw new k(r)}let e=t[0];if(!e||e.length===0){let r=Xe("The requested access token parameter is an empty string");throw new k(r)}return e}async function Sn(t,e="authorization"){let r=t.one(e);if(!r||!/bearer/i.test(r.substring(0)))return;let n=gn.exec(r);if(n===null){let o=Te("Bearer token is malformed");throw new k(o)}return n.groups?.token}async function Qt(t){let e=t.getAll(fn);if(e.length!==0)return e}async function wn(t,e=!1){if(!(!e||t.method!=="GET"))return Qt(t.URL.searchParams)}async function bn(t,e=!1){let{request:r}=t;if(!e||r.headers.one("content-type")!=="application/x-www-form-urlencoded"||r.method!=="POST")return;let n=await t.request.formData();if(n)return Qt(n)}var ke=mn;function vn(t){let e="Bearer";if(t.size!==0){e+=" ";let r=0;for(let[n,o]of t)e+=`${n}="${o}"`,r!==t.size-1&&(e+=", "),r++}return e}var Yt=t=>t.httpStatus!==void 0;function xn(t){if(t instanceof k){let{error:e}=t;if(Yt(e))return e.httpStatus}return g.UNAUTHORIZED}function En(t,e){let r=new Map;if(e&&r.set("realm",e),t instanceof k){let{error:n}=t;r.set("error",n.errorCode),n.description&&r.set("error_description",n.description),n.uri&&r.set("error_uri",n.uri),Yt(n)&&n.scope&&r.set("scope",n.scope)}return r}var Cn=t=>async(e,r)=>{let n=xn(r),o=En(r,t?.realmName),s=vn(o),{response:i}=e;i.headers.set("WWW-Authenticate",s),i.setStatusCode(n),await i.end()},Oe=Cn;var An=t=>{let e=t?.principalClaimName??"sub";return r=>({type:"JwtToken",authenticated:!0,name:r.getClaimAsString(e)})},Hn=t=>async e=>t(e),X=class extends Error{},se=class extends X{};function Pn(t){if(t instanceof se)return new k(Te(t.message),t.message,{cause:t});throw new V(t.message,{cause:t})}function Ze(t){let e=t.decoder,r=t.authConverter??Hn(An({}));return async n=>{if(Jt(n)){let o=n.token;try{let s=await e(o);return await r(s)}catch(s){throw s instanceof X?Pn(s):s}}}}function et(t){let e=t.entryPoint??Oe({}),r=t?.converter??ke({}),n=t.failureHandler??J({entryPoint:e});if(t.managerResolver!==void 0)return Y({storage:t.storage,converter:r,failureHandler:n,managerResolver:t.managerResolver});if(t.jwt!==void 0){let o=t.jwt.manager??Ze(t.jwt);return Y({storage:t.storage,converter:r,failureHandler:n,managerResolver:async s=>o})}throw new Error("Invalid resource server configuration: either managerResolver or jwt must be provided")}var We=require("@interopio/gateway/jose/jwt");async function Kt(t,e,r){let n=new Ae("Full authentication is required to access this resource."),o=new C("Access Denied",{cause:n});e&&(o.authentication=e),await r(t,o)}function Rn(t){return async(e,r)=>{e.response.setStatusCode(t),e.response.headers.set("Content-Type","text/plain; charset=utf-8");let n=Buffer.from("Access Denied","utf-8");e.response.headers.set("Content-Length",n.length),await e.response.body(n)}}var Xt=t=>{let e=Rn(g.FORBIDDEN),r=t.authenticationEntryPoint??Q();return async(n,o)=>{try{await o()}catch(s){if(s instanceof q){let i=await n.principal();Ut(i)?(i.authenticated||await e(n,s),await Kt(n,i,r)):await Kt(n,void 0,r);return}throw s}}};var Tn=b("security.auth");function tt(t){let e=async(r,n)=>{let o;for(let[s,i]of t.mappings)if((await s(n))?.match){Tn.debug(`checking authorization on '${n.request.path}' using [${s}, ${i}]`);let a=await i.authorize(r,{exchange:n});if(a!==void 0){o=a;break}}return o??=new I(!1),o};return new F(e)}var Me=b("security.auth");function rt(t){let{manager:e,storage:r}=t;return async(n,o)=>{let s=B.getContext(r).then(i=>i?.authentication);try{await e.verify(s,n),Me.enabledFor("debug")&&Me.debug("authorization successful")}catch(i){throw i instanceof q&&Me.enabledFor("debug")&&Me.debug(`authorization failed: ${i.message}`),i}await o()}}var nt=class extends ye{#e;constructor(e,r){super(e),this.#e=r}async principal(){return(await this.#e())?.authentication}},Zt=t=>{let e=t.storage;return async(r,n)=>{await n(new nt(r,async()=>await B.getContext(e)))}};var L={first:Number.MAX_SAFE_INTEGER,http_headers:100,https_redirect:200,cors:300,http_basic:600,authentication:800,security_context_server_web_exchange:1500,error_translation:1800,authorization:1900,last:Number.MAX_SAFE_INTEGER},$=Symbol.for("filterOrder"),er=(t,e)=>{let r=[];class n{#e;#r=[];manager;get authenticationEntryPoint(){return this.#e!==void 0||this.#r.length===0?this.#e:this.#r.length===1?this.#r[0][1]:Re({entryPoints:this.#r,defaultEntryPoint:this.#r[this.#r.length-1][1]})}build(){if(t.headers!==void 0&&t.headers.disabled!==!0){let a=Ye(t.headers);a[$]=L.http_headers,r.push(a)}if(t.cors?.disabled!==!0&&e.corsConfigSource!==void 0){let a=It({corsConfigSource:e.corsConfigSource});a[$]=L.cors,r.push(a)}if(t.basic!==void 0&&t.basic?.disabled!==!0){let a=t.basic.user?.name.toLowerCase(),c=t.basic.user?.password??"",d=t.basic.user?.authorities??[],u=async l=>{let h=l.principal,w=l.credentials;if(h.toLowerCase()!==a||w!==c)throw new He("Invalid username or password");return{type:"UsernamePassword",authenticated:!0,principal:h,credentials:w,authorities:[...d]}},p=[async({exchange:l,next:h},w)=>h()],f=Ke({storage:e.storage,manager:u,defaultEntryPoints:this.#r,defaultSuccessHandlers:p});f[$]=L.http_basic,r.push(f)}if(t.jwt!==void 0&&t.jwt.disabled!==!0){let a=(0,We.jwtVerifier)({issuerBaseUri:t.jwt.issuerUri,issuer:t.jwt.issuer,audience:t.jwt.audience}),c=async l=>{try{let{payload:h}=await a(l);return{subject:h.sub,getClaimAsString(w){return h[w]}}}catch(h){throw h instanceof We.JwtVerifyError?new se(h.message,{cause:h}):new X("error occurred while attempting to decoding jwt",{cause:h})}},d=ke({uriQueryParameter:!0}),u=async l=>{try{return await d(l)===void 0?E:A()}catch{return E}},p=Oe({});this.#r.push([u,p]);let f=et({storage:e.storage,entryPoint:p,converter:d,jwt:{decoder:c}});f[$]=L.authentication,r.push(f)}let i=Zt({storage:e.storage});if(r.push(i),i[$]=L.security_context_server_web_exchange,t.authorize!==void 0){let a=Xt({authenticationEntryPoint:this.authenticationEntryPoint});a[$]=L.error_translation,r.push(a);let d=(p=>{let f=[],l=!1;for(let[h,w]of p??[]){let m;if(h==="any-exchange")l=!0,m=ne;else{if(l)throw new Error("Cannot register other matchers after 'any-exchange' matcher");m=h}let x;if(w.access==="permitted")x=new F(async()=>new I(!0)),x.toString=()=>"AuthorizationManager[permitted]";else if(w.access==="denied")x=new F(async()=>new I(!1)),x.toString=()=>"AuthorizationManager[denied]";else if(w.access==="authenticated")x=new F(async Z=>{let D=await Z;return D!==void 0?new I(D.authenticated):new I(!1)}),x.toString=()=>"AuthorizationManager[authenticated]";else throw new Error(`Unknown access type: ${JSON.stringify(w)}`);f.push([m,x])}return tt({mappings:f})})(t.authorize),u=rt({manager:d,storage:e.storage});u[$]=L.authorization,r.push(u)}r.sort((a,c)=>{let d=a[$]??L.last,u=c[$]??L.last;return d-u})}}return new n().build(),r};function kn(t){let e=[],r={access:t.authConfig?.type!=="none"?"authenticated":"permitted"};for(let[n,o]of t.sockets){let s=o.authorize??r,i=H(n,{method:"GET"});i=j([U,i]),e.push([i,s])}return e.push([H("/",{method:"GET"}),{access:"permitted"}]),e.push([H("/favicon.ico",{method:"GET"}),{access:"permitted"}]),e.push([H("/health",{method:"GET"}),{access:"permitted"}]),t.authorize.length>0&&e.push(...t.authorize),e.push(["any-exchange",r]),{authorize:e,cors:{disabled:t.corsConfig===!1},basic:{disabled:t.authConfig?.type!=="basic",...t.authConfig?.basic},jwt:{disabled:t.authConfig?.type!=="oauth2",...t.authConfig?.oauth2?.jwt}}}async function tr(t){let e=Dt(t),r=kn(t),{storage:n}=t;return er(r,{storage:n,corsConfigSource:e})}var rr=require("node:async_hooks");var Ie=class extends G{},ot=class{#e;#r=!1;#t;#o;constructor(e,r){this.#e=e,this.#t=r}createExchange(e,r){return new Se(e,r)}set storage(e){this.#o=e}set enableLoggingRequestDetails(e){this.#r=e}formatHeaders(e){let r="{";for(let n of e.keys())if(this.#r){let o=e.get(n);r+=`"${n}": "${o}", `}else{r+="masked, ";break}return r.endsWith(", ")&&(r=r.slice(0,-2)),r+="}",r}formatRequest(e){let r=e.URL.search;return`HTTP ${e.method} "${e.path}${r}`}logRequest(e){if(this.#e.enabledFor("debug")){let r=this.#e.enabledFor("trace");this.#e.debug(`${e.logPrefix}${this.formatRequest(e.request)}${r?`, headers: ${this.formatHeaders(e.request.headers)}`:""}"`)}}logResponse(e){if(this.#e.enabledFor("debug")){let r=this.#e.enabledFor("trace"),n=e.response.statusCode;this.#e.debug(`${e.logPrefix}Completed ${n??"200 OK"}${r?`, headers: ${this.formatHeaders(e.response.headers)}`:""}"`)}}handleUnresolvedError(e,r){let{request:n,response:o,logPrefix:s}=e;if(o.setStatusCode(g.INTERNAL_SERVER_ERROR)){this.#e.error(`${s}500 Server Error for ${this.formatRequest(n)}`,r);return}throw this.#e.error(`${s}Error [${r.message} for ${this.formatRequest(n)}, but already ended (${o.statusCode})`,r),r}async web(e){return await this.#t(e)}async http(e,r){let n=this.createExchange(e,r),o=()=>(this.logRequest(n),this.web(n).then(()=>{this.logResponse(n)}).catch(s=>{this.handleUnresolvedError(n,s)}).then(async()=>{await n.response.end()}));await new Promise((s,i)=>{this.#o!==void 0?this.#o.run({exchange:n},()=>{o().then(()=>s()).catch(a=>i(a))}):o().then(()=>s()).catch(a=>i(a))})}},Le=class{#e;#r=new rr.AsyncLocalStorage;#t;storage(e){return this.#r=e,this}httpHandlerDecorator(e){if(this.#t===void 0)this.#t=e;else{let r=this.#t;this.#t=n=>(n=r(n),e(n))}return this}constructor(e){this.#e=e}build(){let e=b("http"),r=new ot(e,this.#e);this.#r!==void 0&&(r.storage=this.#r),r.enableLoggingRequestDetails=!1;let n=async(o,s)=>r.http(o,s);return this.#t?this.#t(n):n}};var sr=require("ws");function nr(t,e){let r=t?.exchange,n=r?.request??new z(t),o=r?.principal,s=o?o.bind(r):async function(){},i=n.URL,a=new v;for(let f of n.headers.keys())a.set(f,n.headers.list(f));let c=n.cookies,d=r?.logPrefix??`[${n.id}] `,u=n.remoteAddress;return{url:i,headers:a,cookies:c,principal:s,protocol:e,remoteAddress:u,logPrefix:d}}function or(t){return[async(r,n)=>{let s=r.request.path??"/",i=t.sockets,a=i.get(s)??Array.from(i.values()).find(c=>{if(s==="/"&&c.default===!0)return!0});if(a!==void 0){let{request:c,response:d}=r,u=await U(r);if((c.method==="GET"||c.method==="CONNECT")&&u.match)if(a.upgradeStrategy!==void 0){a.upgradeStrategy(r);return}else throw new Error(`No upgrade strategy defined for route on ${s}`);else{if(a.default){await n();return}d.setStatusCode(g.UPGRADE_REQUIRED),d.headers.set("Upgrade","websocket").set("Connection","Upgrade").set("Content-Type","text/plain");let p=Buffer.from(`This service [${c.path}] requires use of the websocket protocol.`,"utf-8");await d.body(p)}}else await n()}]}var ir=require("ws"),$e=class extends ir.WebSocket{constructor(e,r,n){super(null,void 0,n)}connected},Ne=class t{static#e=Buffer.alloc(0);static#r=[0,Buffer.alloc(8)];#t;#o;#i;#s=!1;#n;constructor(e,r,n){this.#n=e,this.#o=typeof n=="number"?n:n?.interval,this.#t=typeof n=="number"||n?.data==="timestamp"?()=>t.#d(Date.now()):()=>t.#e,this.#o&&(this.#i=setInterval(()=>{let[o,s]=r();for(let i of s)this.#a(i,o)||this.#c(i,o)},this.#o))}#a(e,r){return e.connected===!1?(this.#n.enabledFor("debug")&&this.#n.debug(`terminating unresponsive ws client on [${r}]`),e.terminate(),!0):!1}#c(e,r){e.connected=!1;let n=this.#t();this.#n.enabledFor("trace")&&this.#n.debug(`pinging ws client on [${r}]`),e.ping(n,this.#s,o=>{o&&this.#n.enabledFor("warn")&&this.#n.warn(`failed to ping ws client on [${r}]`,o)})}static#d(e=Date.now()){if(e-t.#r[0]>0){let r=Buffer.allocUnsafe(8);r.writeBigInt64BE(BigInt(e),0),t.#r=[e,r]}return t.#r[1]}static#u(e){return e.length===8?Number(e.readBigInt64BE(0)):0}close(){clearInterval(this.#i)}handlePing(e,r,n){r.connected=!0,r.pong(n,!1,o=>{o&&this.#n.enabledFor("warn")&&this.#n.warn(`${e.logPrefix}failed to pong ws client ${N(e.remoteAddress)}`,o)})}handlePong(e,r,n){if(r.connected=!0,this.#n.enabledFor("warn")){let o=t.#u(n);if(o>0){let s=Date.now()-o;this.#n.enabledFor("debug")&&this.#n.debug(`${e.logPrefix}ws client ${N(e.remoteAddress)} ping-pong latency: ${s}ms`),this.#o&&s>this.#o/2&&this.#n.enabledFor("warn")&&this.#n.warn(`${e.logPrefix}ws client ${N(e.remoteAddress)} high ping-pong latency: ${s}ms`)}}}};var T=b("ws");function On(t,e,r,n){return o=>{let{logPrefix:s,request:i}=o,a=me.getNativeRequest(i);a.exchange=o;let{socket:c,upgradeHead:d}=a,u=i.host;if(c.removeListener("error",n),e.maxConnections!==void 0&&r.clients?.size>=e.maxConnections){T.warn(`${s}dropping ws connection request on ${u}${t}. max connections exceeded.`),c.destroy();return}let p=i.headers.one("origin");if(!Ht(p,e.originFilters)){T.enabledFor("info")&&T.info(`${s}dropping ws connection request on ${u}${t}. origin ${p??"<missing>"}`),c.destroy();return}T.enabledFor("debug")&&T.debug(`${s}accepted new ws connection request on ${u}${t}`),r.handleUpgrade(a,c,d,(f,l)=>{r.emit("connection",f,l)})}}function Mn(t,e){let r=new Set;t.forEach((o,s)=>{if(s===0&&o.startsWith("HTTP/1.1 101 ")){e.setStatusCode(g.SWITCHING_PROTOCOLS);return}let[i,a]=o.split(": ");e.headers.has(i)?t[s]=`${i}: ${e.headers.one(i)}`:e.headers.set(i,a),r.add(i.toLowerCase())});let n=G.getNativeResponse(e);for(let o of n.getRawHeaderNames()){let s=o.toLowerCase();if(!r.has(s)){let i=e.headers.get(s);i!==void 0&&t.push(`${o}: ${i}`)}}n.markHeadersSent()}async function ar(t,e,r,n,o){try{T.info(`creating ws server for [${t}]. max connections: ${e.maxConnections??"<unlimited>"}, origin filters: ${e.originFilters?JSON.stringify(e.originFilters,ht):"<none>"}, ping: ${typeof e.ping=="number"?e.ping+"ms":e.ping?JSON.stringify(e.ping):"<none>"}`);let s=new sr.WebSocketServer({noServer:!0,WebSocket:$e,autoPong:!1}),i=new Ne(T.child("pings"),()=>[t,s.clients],e.ping),a=await e.factory({endpoint:r,storage:n});s.on("error",c=>{T.error(`error starting the ws server for [${t}]`,c)}).on("listening",()=>{T.info(`ws server for [${t}] is listening`)}).on("headers",(c,d)=>{if(d.exchange!==void 0){let{response:u}=d.exchange;Mn(c,u)}}).on("connection",(c,d)=>{let u=nr(d,c.protocol);c.on("pong",p=>{i.handlePong(u,c,p)}),c.on("ping",p=>{i.handlePing(u,c,p)}),a({socket:c,handshake:u})}),s.on("close",()=>{i.close()}),e.upgradeStrategy=On(t,e,s,o),e.close=async()=>{await a.close?.call(a),T.info(`stopping ws server for [${t}]. clients: ${s.clients?.size??0}`),s.clients?.forEach(c=>{c.terminate()}),s.close()}}catch(s){T.warn(`failed to init route ${t}`,s)}}var O=b("app");function Wn(t){let e={};return t.key&&(e.key=(0,Fe.readFileSync)(t.key)),t.cert&&(e.cert=(0,Fe.readFileSync)(t.cert)),t.ca&&(e.ca=(0,Fe.readFileSync)(t.ca)),e}async function In(t,e){let r=t.build();return async(n,o)=>{n.socket.addListener("error",e);let s;o instanceof _?s=o:(n.upgradeHead=o,s=new _(n),s.assignSocket(n.socket));let i=new z(n),a=new ge(s),c=i.method==="HEAD"?new Ie(a):a;await r(i,c)}}function Ln(t){return new Promise((e,r)=>{let n=t(o=>{o?r(o):e(n)})})}function $n(t){if(t)return Et({memoryLimit:t.memory_limit,dumpLocation:t.dump_location,dumpPrefix:t.dump_prefix,reportInterval:t.report_interval,maxBackups:t.max_backups})}async function Nn(t){let e=t.storage,r=await tr(t),n=or(t),o=yt(At(t.serverHeader),...r,...n,...t.middleware,async({request:s,response:i},a)=>{if(s.method==="GET"&&s.path==="/health"){i.setStatusCode(g.OK);let c=Buffer.from("UP","utf-8");i.headers.set("Content-Type","text/plain; charset=utf-8"),await i.body(c)}else await a()},async({request:s,response:i},a)=>{if(s.method==="GET"&&s.path==="/"){i.setStatusCode(g.OK);let c=Buffer.from("io.Gateway Server","utf-8");i.headers.set("Content-Type","text/plain; charset=utf-8"),await i.body(c)}else await a()},async({response:s},i)=>{s.setStatusCode(g.NOT_FOUND),await s.end()});return new Le(o).storage(e)}var it=async t=>{let e=t.ssl,r=e?(l,h)=>dr.default.createServer({...l,...Wn(e)},h):(l,h)=>cr.default.createServer(l,h),n=$n(t.memory),o={middleware:[],corsConfig:t.cors,cors:[],authConfig:t.auth,authorize:[],storage:new ur.AsyncLocalStorage,sockets:new Map},s=lr.IOGateway.Factory({...t.gateway});if(t.gateway){let l=t.gateway;await Je(async h=>{h.socket({path:l.route,factory:mt.bind(s),options:l})},t,o)}t.app&&await Je(t.app,t,o);let i=ut(t.port??0),a=t.host,c=l=>O.error(`socket error: ${l}`,l),d=await Nn(o),u=await In(d,c),f=await new Promise((l,h)=>{let w=r({IncomingMessage:pe,ServerResponse:_,...t.http},u);w.on("error",m=>{if(m.code==="EADDRINUSE"){O.debug(`port ${m.port} already in use on address ${m.address}`);let{value:x}=i.next();x?(O.info(`retry starting server on port ${x} and host ${a??"<unspecified>"}`),w.close(),w.listen(x,a)):(O.warn(`all configured port(s) ${t.port} are in use. closing...`),w.close(),h(m))}else O.error(`server error: ${m.message}`,m),h(m)}),w.on("listening",async()=>{let m=w.address();for(let[x,Z]of o.sockets){let D=`${e?"wss":"ws"}://${lt}:${m.port}${x}`;await ar(x,Z,D,o.storage,c)}O.info(`http server listening on ${e?"https":"http"}://${N(m)}`),l(w)}),w.on("upgrade",(m,x,Z)=>{try{u(m,Z)}catch(D){O.error(`upgrade error: ${D}`,D)}}).on("close",async()=>{O.info("http server closed.")});try{let{value:m}=i.next();w.listen(m,a)}catch(m){O.error("error starting web socket server",m),h(m instanceof Error?m:new Error(`listen failed: ${m}`))}});return new class{gateway=s;get address(){let l=f.address();return typeof l=="object"?l:null}async close(){for(let[l,h]of o.sockets)try{h.close!==void 0&&await h.close()}catch(w){O.warn(`error closing route ${l}`,w)}await Ln(l=>{f.closeAllConnections(),f.close(l)}),n&&await Ct(n),s&&await s.stop()}}};var Fn=it;0&&(module.exports={GatewayServer});
3
3
  //# sourceMappingURL=index.cjs.map