@interopio/gateway-server 0.19.4 → 0.20.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (18) hide show
  1. package/changelog.md +15 -0
  2. package/dist/index.cjs +7 -2
  3. package/dist/index.cjs.map +4 -4
  4. package/dist/index.js +7 -2
  5. package/dist/index.js.map +4 -4
  6. package/dist/tools/index.js +2 -0
  7. package/dist/tools/index.js.map +7 -0
  8. package/dist/web/test.js +2 -2
  9. package/dist/web/test.js.map +2 -2
  10. package/gateway-server +442 -0
  11. package/gateway-server.d.ts +101 -7
  12. package/package.json +13 -6
  13. package/readme.md +190 -13
  14. package/types/crypto/argon2.d.ts +127 -0
  15. package/types/crypto/keygen.d.ts +7 -0
  16. package/types/crypto/mkcert.d.ts +47 -0
  17. package/types/tools.d.ts +6 -0
  18. package/types/web/server.d.ts +12 -5
package/dist/index.js CHANGED
@@ -1,3 +1,8 @@
1
- var Vt=Object.defineProperty;var Jt=(t,e)=>{for(var r in e)Vt(t,r,{get:e[r],enumerable:!0})};var jt={};Jt(jt,{Factory:()=>Xe});import Hn from"node:http";import Pn from"node:https";import{readFileSync as Ke}from"node:fs";import{AsyncLocalStorage as Rn}from"node:async_hooks";import{IOGateway as Tn}from"@interopio/gateway";import{networkInterfaces as Qt}from"node:os";var Yt=/^(\d+|(0x[\da-f]+))(-(\d+|(0x[\da-f]+)))?$/i;function ke(t){if(t>65535)throw new Error(`bad port ${t}`);return t}function*Ze(t){if(typeof t=="string")for(let e of t.split(",")){let r=e.trim(),n=Yt.exec(r);if(n){let o=parseInt(n[1]),s=parseInt(n[4]??n[1]);for(let i=ke(o);i<ke(s)+1;i++)yield i}else throw new Error(`'${e}' is not a valid port or range.`)}else yield ke(t)}var et=(()=>{function t(r){return r.length>0?r[0]:void 0}let e=Object.values(Qt()).flatMap(r=>(r??[]).filter(n=>n.family==="IPv4")).reduce((r,n)=>(r[n.internal?"internal":"external"].push(n),r),{internal:[],external:[]});return(t(e.internal)??t(e.external))?.address})();function $(t){if(t)return t.family==="IPv6"?`[${t.address}]:${t.port}`:`${t.address}:${t.port}`}import*as tt from"@interopio/gateway/logging/core";function b(t){return tt.getLogger(`gateway.server.${t}`)}function rt(t,e){return e instanceof RegExp?e.toString():e}import{IOGateway as Kt}from"@interopio/gateway";import{AsyncLocalStorage as Xt}from"node:async_hooks";var M=b("ws"),Zt=Kt.Encoding.json();function er(t){let e;if(t.authenticated&&(e=t.name,e===void 0&&t.principal!==void 0)){let r=t.principal;typeof r=="object"&&(e=r.name),e===void 0&&(r===void 0?e="":e=String(r))}return e}function tr(t,e,r){let n=$(r),o=r?.address??"<unknown>",s={key:n,host:o,codec:Zt,onAuthenticate:async()=>{let i=await e();if(i?.authenticated)return{type:"success",user:er(i)};throw new Error(`no valid client authentication ${n}`)},onPing:()=>{t.ping(i=>{i?M.warn(`failed to ping ${n}`,i):M.info(`ping sent to ${n}`)})},onDisconnect:i=>{switch(i){case"inactive":{M.warn(`no heartbeat (ping) received from ${n}, closing socket`),t.close(4001,"ping expected");break}case"shutdown":{t.close(1001,"shutdown");break}}}};try{return this.client(i=>t.send(i),s)}catch(i){M.warn(`${n} failed to create client`,i)}}async function rr(t){return M.info(`starting gateway on ${t.endpoint}`),await this.start(t),async({socket:e,handshake:r})=>{let{logPrefix:n,remoteAddress:o,principal:s}=r;M.info(`${n}connected on gw`);let i=tr.call(this,e,s,o);if(!i){M.error(`${n}gw client init failed`),e.terminate();return}e.on("error",c=>{M.error(`${n}websocket error: ${c}`,c)});let a=t.storage!==void 0?Xt.snapshot():void 0;e.on("message",(c,d)=>{Array.isArray(c)&&(c=Buffer.concat(c)),a!==void 0?a(()=>i.send(c)):i.send(c)}),e.on("close",c=>{M.info(`${n}disconnected from gw. code: ${c}`),i.close()})}}var nt=rr;function ot(...t){if(!Array.isArray(t))throw new Error("middleware must be array!");let e=t.flat();for(let r of e)if(typeof r!="function")throw new Error("middleware must be compose of functions!");return async function(r,n){let o=async(s,i)=>{let a=s===e.length?n:e[s];if(a===void 0)return;let c=!1,d=!1,p=await a(i,async f=>{if(c)throw new Error("next() called multiple times");c=!0;try{return await o(s+1,f??i)}finally{d=!0}});if(c&&!d)throw new Error(`middleware resolved before downstream.
2
- You are probably missing an await or return statement in your middleware function.`);return p};return o(0,r)}}import{isIP as nr}from"node:net";import{Cookie as Oe}from"tough-cookie";function or(t,e){let r=t.get("x-forwarded-host");if(Array.isArray(r)&&(r=r[0]),r){let n=t.one("x-forwarded-port");n&&(r=`${r}:${n}`)}return r??=t.one("host"),Array.isArray(r)&&(r=r[0]),r?r.split(",",1)[0].trim():e}function ir(t){let e=t.one("x-forwarded-ssl");return typeof e=="string"&&e.toLowerCase()==="on"}function sr(t,e){let r=t.get("x-forwarded-proto");return Array.isArray(r)&&(r=r[0]),r!==void 0?r.split(",",1)[0].trim():ir(t)?"https":e}function ar(t,e,r){let n=r?r.port:t.protocol==="https:"?443:80,o=e.one("x-forwarded-for");if(Array.isArray(o)&&(o=o[0]),o!==void 0)return o=o.split(",",1)[0].trim(),{address:o,port:Number(n),family:nr(o)===6?"IPv6":"IPv4"}}var oe=class{#e;constructor(e){this.#e=e}get headers(){return this.#e}},ie=class t extends oe{static logIdCounter=0;#e;get id(){return this.#e===void 0&&(this.#e=`${this.initId()}-${++t.logIdCounter}`),this.#e}initId(){return"request"}get cookies(){return dr(this.headers)}parseHost(e){return or(this.headers,e)}parseProtocol(e){return sr(this.headers,e)}parseRemoteAddress(e){return ar(this.URL,this.headers,e)}},se=class extends oe{get cookies(){return ur(this.headers)}setCookieValue(e){return new Oe({key:e.name,value:e.value,maxAge:e.maxAge,domain:e.domain,path:e.path,secure:e.secure,httpOnly:e.httpOnly,sameSite:e.sameSite}).toString()}};function cr(t){let e=[];{let r=0,n=0;for(let o=0;o<t.length;o++)switch(t.charCodeAt(o)){case 32:r===n&&(r=n=o+1);break;case 44:e.push(t.slice(r,n)),r=n=o+1;break;default:n=n+1;break}e.push(t.slice(r,n))}return e}function it(t){typeof t=="string"&&(t=[t]),typeof t=="number"&&(t=[String(t)]);let e=[];if(t)for(let r of t)r&&e.push(...cr(r));return e}function dr(t){return t.list("cookie").map(e=>e.split(";").map(r=>Oe.parse(r))).flat(1).filter(e=>e!==void 0).map(e=>Object.freeze({name:e.key,value:e.value}))}function ur(t){return t.list("set-cookie").map(e=>{let r=Oe.parse(e);if(r){let n={name:r.key,value:r.value,maxAge:Number(r.maxAge??-1)};return r.httpOnly&&(n.httpOnly=!0),r.domain&&(n.domain=r.domain),r.path&&(n.path=r.path),r.secure&&(n.secure=!0),r.httpOnly&&(n.httpOnly=!0),r.sameSite&&(n.sameSite=r.sameSite),Object.freeze(n)}}).filter(e=>e!==void 0)}var Z=class{constructor(){}toList(e){let r=this.get(e);return it(r)}},v=class extends Map{get(e){return super.get(e.toLowerCase())}one(e){return this.get(e)?.[0]}list(e){let r=super.get(e.toLowerCase());return it(r)}set(e,r){return typeof r=="number"&&(r=String(r)),typeof r=="string"&&(r=[r]),r?super.set(e.toLowerCase(),r):(super.delete(e.toLowerCase()),this)}add(e,r){let n=super.get(e.toLowerCase());return typeof r=="string"&&(r=[r]),n&&(r=n.concat(r)),this.set(e,r),this}};var Me=class{#e;constructor(e){this.#e=e}get value(){return this.#e}toString(){return this.#e.toString()}},g=class t{static CONTINUE=new t(100,"Continue");static SWITCHING_PROTOCOLS=new t(101,"Switching Protocols");static OK=new t(200,"OK");static CREATED=new t(201,"Created");static ACCEPTED=new t(202,"Accepted");static NON_AUTHORITATIVE_INFORMATION=new t(203,"Non-Authoritative Information");static NO_CONTENT=new t(204,"No Content");static RESET_CONTENT=new t(205,"Reset Content");static PARTIAL_CONTENT=new t(206,"Partial Content");static MULTI_STATUS=new t(207,"Multi-Status");static IM_USED=new t(226,"IM Used");static MULTIPLE_CHOICES=new t(300,"Multiple Choices");static MOVED_PERMANENTLY=new t(301,"Moved Permanently");static BAD_REQUEST=new t(400,"Bad Request");static UNAUTHORIZED=new t(401,"Unauthorized");static FORBIDDEN=new t(403,"Forbidden");static NOT_FOUND=new t(404,"Not Found");static METHOD_NOT_ALLOWED=new t(405,"Method Not Allowed");static NOT_ACCEPTABLE=new t(406,"Not Acceptable");static PROXY_AUTHENTICATION_REQUIRED=new t(407,"Proxy Authentication Required");static REQUEST_TIMEOUT=new t(408,"Request Timeout");static CONFLICT=new t(409,"Conflict");static GONE=new t(410,"Gone");static LENGTH_REQUIRED=new t(411,"Length Required");static PRECONDITION_FAILED=new t(412,"Precondition Failed");static PAYLOAD_TOO_LARGE=new t(413,"Payload Too Large");static URI_TOO_LONG=new t(414,"URI Too Long");static UNSUPPORTED_MEDIA_TYPE=new t(415,"Unsupported Media Type");static EXPECTATION_FAILED=new t(417,"Expectation Failed");static IM_A_TEAPOT=new t(418,"I'm a teapot");static TOO_EARLY=new t(425,"Too Early");static UPGRADE_REQUIRED=new t(426,"Upgrade Required");static PRECONDITION_REQUIRED=new t(428,"Precondition Required");static TOO_MANY_REQUESTS=new t(429,"Too Many Requests");static REQUEST_HEADER_FIELDS_TOO_LARGE=new t(431,"Request Header Fields Too Large");static UNAVAILABLE_FOR_LEGAL_REASONS=new t(451,"Unavailable For Legal Reasons");static INTERNAL_SERVER_ERROR=new t(500,"Internal Server Error");static NOT_IMPLEMENTED=new t(501,"Not Implemented");static BAD_GATEWAY=new t(502,"Bad Gateway");static SERVICE_UNAVAILABLE=new t(503,"Service Unavailable");static GATEWAY_TIMEOUT=new t(504,"Gateway Timeout");static HTTP_VERSION_NOT_SUPPORTED=new t(505,"HTTP Version Not Supported");static VARIANT_ALSO_NEGOTIATES=new t(506,"Variant Also Negotiates");static INSUFFICIENT_STORAGE=new t(507,"Insufficient Storage");static LOOP_DETECTED=new t(508,"Loop Detected");static NOT_EXTENDED=new t(510,"Not Extended");static NETWORK_AUTHENTICATION_REQUIRED=new t(511,"Network Authentication Required");static#e=[];static{Object.keys(t).filter(e=>e!=="VALUES"&&e!=="resolve").forEach(e=>{let r=t[e];r instanceof t&&(Object.defineProperty(r,"name",{enumerable:!0,value:e,writable:!1}),t.#e.push(r))})}static resolve(e){for(let r of t.#e)if(r.value===e)return r}#r;#t;constructor(e,r){this.#r=e,this.#t=r}get value(){return this.#r}get phrase(){return this.#t}toString(){return`${this.#r} ${this.name}`}};function st(t){if(typeof t=="number"){if(t<100||t>999)throw new Error(`status code ${t} should be in range 100-999`);let e=g.resolve(t);return e!==void 0?e:new Me(t)}return t}import Le from"node:http";var ae=class extends Le.IncomingMessage{exchange;upgradeHead;get urlBang(){return this.url}get socketEncrypted(){return this.socket.encrypted===!0}},q=class extends Le.ServerResponse{markHeadersSent(){this._header=!0}getRawHeaderNames(){return super.getRawHeaderNames()}},ce=class extends ie{},de=class extends se{#e=[];#r;#t="new";#o=[];setStatusCode(e){return this.#t==="committed"?!1:(this.#r=e,!0)}setRawStatusCode(e){return this.setStatusCode(e===void 0?void 0:st(e))}get statusCode(){return this.#r}addCookie(e){if(this.#t==="committed")throw new Error(`Cannot add cookie ${JSON.stringify(e)} because HTTP response has already been committed`);return this.#e.push(e),this}beforeCommit(e){this.#o.push(e)}get commited(){let e=this.#t;return e!=="new"&&e!=="commit-action-failed"}async body(e){if(e instanceof ReadableStream)throw new Error("ReadableStream body not supported yet");let r=await e;try{return await this.doCommit(async()=>await this.bodyInternal(Promise.resolve(r))).catch(n=>{throw n})}catch(n){throw n}}async end(){return this.commited?Promise.resolve(!1):this.doCommit(async()=>await this.bodyInternal(Promise.resolve()))}doCommit(e){let r=this.#t,n=Promise.resolve();if(r==="new")this.#t="committing",this.#o.length>0&&(n=this.#o.reduce((o,s)=>o.then(()=>s()),Promise.resolve()).catch(o=>{this.#t==="committing"&&(this.#t="commit-action-failed")}));else if(r==="commit-action-failed")this.#t="committing";else return Promise.resolve(!1);return n=n.then(()=>{this.applyStatusCode(),this.applyHeaders(),this.applyCookies(),this.#t="committed"}),n.then(async()=>e!==void 0?await e():!0)}applyStatusCode(){}applyHeaders(){}applyCookies(){}},_=class extends ce{#e;#r;#t;constructor(e){super(new We(e)),this.#t=e}getNativeRequest(){return this.#t}get upgrade(){return this.#t.upgrade}get http2(){return this.#t.httpVersionMajor>=2}get path(){return this.URL?.pathname}get URL(){return this.#e??=new URL(this.#t.urlBang,`${this.protocol}://${this.host}`),this.#e}get query(){return this.URL?.search}get method(){return this.#t.method}get host(){let e;return this.#t.httpVersionMajor>=2&&(e=this.#t.headers[":authority"]),e??=this.#t.socket.remoteAddress,super.parseHost(e)}get protocol(){let e;return this.#t.httpVersionMajor>2&&(e=this.#t.headers[":scheme"]),e??=this.#t.socketEncrypted?"https":"http",super.parseProtocol(e)}get socket(){return this.#t.socket}get remoteAddress(){let e=this.#t.socket.remoteFamily,r=this.#t.socket.remoteAddress,n=this.#t.socket.remotePort,o=!e||!r||!n?void 0:{family:e,address:r,port:n};return super.parseRemoteAddress(o)??o}get cookies(){return this.#r??=super.cookies,this.#r}get body(){return Le.IncomingMessage.toWeb(this.#t)}async blob(){let e=[];if(this.body!==void 0)for await(let r of this.body)e.push(r);return new Blob(e,{type:this.headers.one("content-type")||"application/octet-stream"})}async text(){return await(await this.blob()).text()}async formData(){let r=await(await this.blob()).text();return new URLSearchParams(r)}async json(){let e=await this.blob();if(e.size===0)return;let r=await e.text();return JSON.parse(r)}initId(){let e=this.#t.socket.remoteAddress;if(!e)throw new Error("Socket has no remote address");return`${e}:${this.#t.socket.remotePort}`}},We=class extends Z{#e;constructor(e){super(),this.#e=e}has(e){return this.#e.headers[e]!==void 0}get(e){return this.#e.headers[e]}list(e){return super.toList(e)}one(e){let r=this.#e.headers[e];return Array.isArray(r)?r[0]:r}keys(){return Object.keys(this.#e.headers).values()}},Ie=class extends Z{#e;constructor(e){super(),this.#e=e}has(e){return this.#e.hasHeader(e)}keys(){return this.#e.getHeaderNames().values()}get(e){return this.#e.getHeader(e)}one(e){let r=this.#e.getHeader(e);return Array.isArray(r)?r[0]:r}set(e,r){return this.#e.headersSent||(Array.isArray(r)?r=r.map(n=>typeof n=="number"?String(n):n):typeof r=="number"&&(r=String(r)),r?this.#e.setHeader(e,r):this.#e.removeHeader(e)),this}add(e,r){return this.#e.headersSent||this.#e.appendHeader(e,r),this}list(e){return super.toList(e)}},ue=class extends de{#e;constructor(e){super(new Ie(e)),this.#e=e}getNativeResponse(){return this.#e}get statusCode(){return super.statusCode??{value:this.#e.statusCode}}applyStatusCode(){let e=super.statusCode;e!==void 0&&(this.#e.statusCode=e.value)}addCookie(e){return this.headers.add("Set-Cookie",super.setCookieValue(e)),this}async bodyInternal(e){if(this.#e.headersSent)return!1;if(e instanceof ReadableStream)throw new Error("ReadableStream body not supported in response");{let r=await e;return await new Promise((n,o)=>{try{r===void 0?this.#e.end(()=>{n(!0)}):(this.headers.has("content-length")||(typeof r=="string"?this.headers.set("content-length",Buffer.byteLength(r)):r instanceof Blob?this.headers.set("content-length",r.size):this.headers.set("content-length",r.byteLength)),this.#e.end(r,()=>{n(!0)}))}catch(s){o(s instanceof Error?s:new Error(`end failed: ${s}`))}})}}},le=class t{#e;constructor(e){this.#e=e}get delegate(){return this.#e}get id(){return this.#e.id}get method(){return this.#e.method}get path(){return this.#e.path}get protocol(){return this.#e.protocol}get host(){return this.#e.host}get URL(){return this.#e.URL}get headers(){return this.#e.headers}get cookies(){return this.#e.cookies}get remoteAddress(){return this.#e.remoteAddress}get upgrade(){return this.#e.upgrade}get body(){return this.#e.body}async blob(){return await this.#e.blob()}async text(){return await this.#e.text()}async formData(){return await this.#e.formData()}async json(){return await this.#e.json()}toString(){return`${t.name} [delegate: ${this.delegate.toString()}]`}static getNativeRequest(e){if(e instanceof ce)return e.getNativeRequest();if(e instanceof t)return t.getNativeRequest(e.delegate);throw new Error(`Cannot get native request from ${e.constructor.name}`)}},z=class t{#e;constructor(e){this.#e=e}get delegate(){return this.#e}setStatusCode(e){return this.delegate.setStatusCode(e)}setRawStatusCode(e){return this.delegate.setRawStatusCode(e)}get statusCode(){return this.delegate.statusCode}get cookies(){return this.delegate.cookies}addCookie(e){return this.delegate.addCookie(e),this}async end(){return await this.delegate.end()}async body(e){return await this.#e.body(e)}get headers(){return this.#e.headers}toString(){return`${t.name} [delegate: ${this.delegate.toString()}]`}static getNativeResponse(e){if(e instanceof de)return e.getNativeResponse();if(e instanceof t)return t.getNativeResponse(e.delegate);throw new Error(`Cannot get native response from ${e.constructor.name}`)}},pe=class t{#e;constructor(e){this.#e=e}get delegate(){return this.#e}get request(){return this.#e.request}get response(){return this.#e.response}attribute(e){return this.#e.attribute(e)}principal(){return this.#e.principal()}get logPrefix(){return this.#e.logPrefix}toString(){return`${t.name} [delegate: ${this.delegate}]`}},he=class{request;response;#e={};#r;#t="";constructor(e,r){this.#e[at]=e.id,this.request=e,this.response=r}get method(){return this.request.method}get path(){return this.request.path}get attributes(){return this.#e}attribute(e){return this.attributes[e]}principal(){return Promise.resolve(void 0)}get logPrefix(){let e=this.attribute(at);return this.#r!==e&&(this.#r=e,this.#t=e!==void 0?`[${e}] `:""),this.#t}},at="io.interop.gateway.server.log_id";import{getHeapStatistics as lr,writeHeapSnapshot as pr}from"node:v8";import{access as hr,mkdir as fr,rename as ct,unlink as gr}from"node:fs/promises";var y=b("monitoring"),mr={memoryLimit:1024*1024*1024,reportInterval:600*1e3,dumpLocation:".",maxBackups:10,dumpPrefix:"Heap"};function yr(){return lr()}async function dt(t){let e=t.dumpPrefix??"Heap",r=`${t.dumpLocation}/${e}.heapsnapshot`;y.enabledFor("debug")&&y.debug(`starting heap dump in ${r}`),await $e(t.dumpLocation).catch(async o=>{y.enabledFor("debug")&&y.debug(`dump location ${t.dumpLocation} does not exists. Will try to create it`);try{await fr(t.dumpLocation,{recursive:!0}),y.info(`dump location dir ${t.dumpLocation} successfully created`)}catch{y.error(`failed to create dump location ${t.dumpLocation}`)}});let n=pr(r);y.info("heap dumped");try{y.debug("rolling snapshot backups");let o=`${t.dumpLocation}/${e}.${t.maxBackups}.heapsnapshot`;await $e(o).then(async()=>{y.enabledFor("debug")&&y.debug(`deleting ${o}`);try{await gr(o)}catch(i){y.warn(`failed to delete ${o}`,i)}}).catch(()=>{});for(let i=t.maxBackups-1;i>0;i--){let a=`${t.dumpLocation}/${e}.${i}.heapsnapshot`,c=`${t.dumpLocation}/${e}.${i+1}.heapsnapshot`;await $e(a).then(async()=>{try{await ct(a,c)}catch(d){y.warn(`failed to rename ${a} to ${c}`,d)}}).catch(()=>{})}let s=`${t.dumpLocation}/${e}.1.heapsnapshot`;try{await ct(n,s)}catch(i){y.warn(`failed to rename ${n} to ${s}`,i)}y.debug("snapshots rolled")}catch(o){throw y.error("error rolling backups",o),o}}async function $e(t){y.enabledFor("trace")&&y.debug(`checking file ${t}`),await hr(t)}async function Sr(t,e,r){y.enabledFor("debug")&&y.debug(`processing heap stats ${JSON.stringify(t)}`);let n=Math.min(r.memoryLimit,.95*t.heap_size_limit),o=t.used_heap_size;y.info(`heap stats ${JSON.stringify(t)}`),o>=n?(y.warn(`used heap ${o} bytes exceeds memory limit ${n} bytes`),e.memoryLimitExceeded?delete e.snapshot:(e.memoryLimitExceeded=!0,e.snapshot=!0),await dt(r)):(e.memoryLimitExceeded=!1,delete e.snapshot)}function ut(t){let e={...mr,...t},r=!1,n={memoryLimitExceeded:!1},o=async()=>{let a=yr();await Sr(a,n,e)},s=setInterval(o,e.reportInterval);return{...e,channel:async a=>{if(!r)switch(a??="run",a){case"run":{await o();break}case"dump":{await dt(e);break}case"stop":{r=!0,clearInterval(s),y.info("exit memory diagnostic");break}}return r}}}async function wr({channel:t},e){await t(e)||y.warn(`cannot execute command "${e}" already closed`)}async function lt(t){return await wr(t,"stop")}import pt from"@interopio/gateway-server/package.json"with{type:"json"};var vr=t=>(t??=`${pt.name} - v${pt.version}`,async({response:e},r)=>{t!==!1&&!e.headers.has("server")&&e.headers.set("Server",t),await r()}),ht=t=>vr(t);import{IOGateway as fe}from"@interopio/gateway";var Ne=b("gateway.ws.client-verify");function xr(t){switch(t.missing){case"allow":case"whitelist":return!0;case"block":case"blacklist":return!1;default:return!1}}function Er(t,e){let r=t.block??t.blacklist,n=t.allow??t.whitelist;if(r.length>0&&fe.Filtering.valuesMatch(r,e))return Ne.warn(`origin ${e} matches block filter`),!1;if(n.length>0&&fe.Filtering.valuesMatch(n,e))return Ne.enabledFor("debug")&&Ne.debug(`origin ${e} matches allow filter`),!0}function Cr(t){switch(t.non_matched){case"allow":case"whitelist":return!0;case"block":case"blacklist":return!1;default:return!1}}function ft(t,e){if(!e)return!0;if(t){let r=Er(e,t);return r||Cr(e)}else return xr(e)}function gt(t){if(t){let e=(t.block??t.blacklist??[]).map(fe.Filtering.regexify),r=(t.allow??t.whitelist??[]).map(fe.Filtering.regexify);return{non_matched:t.non_matched??"allow",missing:t.missing??"allow",allow:r,block:e}}}var mt=t=>async e=>{for(let r of t)if((await r(e)).match)return A();return E},G=t=>{let e=async r=>{for(let n of t)if(!(await n(r)).match)return E;return A()};return e.toString=()=>`and(${t.map(r=>r.toString()).join(", ")})`,e},yt=t=>async e=>(await t(e)).match?E:A(),ee=async t=>A();ee.toString=()=>"any-exchange";var St=Object.freeze({}),E=Object.freeze({match:!1,variables:St}),A=(t=St)=>({match:!0,variables:t}),H=(t,e)=>{let r=e?.method,n=async o=>{let s=o.request,i=s.path;if(r!==void 0&&s.method!==r)return E;if(typeof t=="string")return i===t?A():E;{let a=t.exec(i);return a===null?E:{match:!0,variables:{...a.groups}}}};return n.toString=()=>`pattern(${t.toString()}, method=${r??"<any>"})`,n},Fe=t=>{let e=r=>{if(t.ignoredMediaTypes!==void 0){for(let n of t.ignoredMediaTypes)if(r===n||n==="*/*")return!0}return!1};return async r=>{let n=r.request,o;try{o=n.headers.list("accept")}catch{return E}for(let s of o)if(!e(s)){for(let i of t.mediaTypes)if(s.startsWith(i))return A()}return E}},D=async({request:t})=>t.upgrade&&t.headers.one("upgrade")?.toLowerCase()==="websocket"?A():E;D.toString=()=>"websocket upgrade";import{IOGateway as wt}from"@interopio/gateway";async function Be(t,e,r){let n=(s,i)=>{if(i?.cors){let a=i.cors===!0?{allowOrigins:i.origins?.allow?.map(wt.Filtering.regexify),allowMethods:s.method===void 0?["*"]:[s.method],allowCredentials:i.authorize?.access!=="permitted"?!0:void 0}:i.cors,c=s.path;r.cors.push([c,a])}},o=new class{handle(...s){s.forEach(({request:i,options:a,handler:c})=>{let d=H(wt.Filtering.regexify(i.path),{method:i.method});a?.authorize&&r.authorize.push([d,a.authorize]),n(i,a);let u=async(p,f)=>{let{match:l,variables:h}=await d(p);l?await c(p,h):await f()};r.middleware.push(u)})}socket(...s){for(let{path:i,factory:a,options:c}of s){let d=i??"/";r.sockets.set(d,{default:i===void 0,ping:c?.ping,factory:a,maxConnections:c?.maxConnections,authorize:c?.authorize,originFilters:gt(c?.origins)})}}};await t(o,e)}import{IOGateway as Ue}from"@interopio/gateway";function Hr(t){let e=t.headers.one("origin");if(e===void 0)return!0;let r=t.URL,n=r.protocol,o=r.host,s=URL.parse(e),i=s?.host,a=s?.protocol;return n===a&&o===i}function Pr(t){return t.headers.has("origin")&&!Hr(t)}function vt(t){return t.method==="OPTIONS"&&t.headers.has("origin")&&t.headers.has("access-control-request-method")}var bt=["Origin","Access-Control-Request-Method","Access-Control-Request-Headers"],Rr=(t,e)=>{let{request:r,response:n}=t,o=n.headers;if(!o.has("Vary"))o.set("Vary",bt.join(", "));else{let i=o.list("Vary");for(let a of bt)i.find(c=>c===a)||i.push(a);o.set("Vary",i.join(", "))}try{if(!Pr(r))return!0}catch{return P.enabledFor("debug")&&P.debug("reject: origin is malformed"),te(n),!1}if(o.has("access-control-allow-origin"))return P.enabledFor("trace")&&P.debug('skip: already contains "Access-Control-Allow-Origin"'),!0;let s=vt(r);return e?kr(t,e,s):s?(te(n),!1):!0},me=["*"],De=["GET","HEAD","POST"],xt={allowOrigins:me,allowMethods:De,allowHeaders:me,maxAge:1800};function ye(t){if(t){let e=t.allowHeaders;e&&e!==S&&(t={...t,allowHeaders:e.map(n=>n.toLowerCase())});let r=t.allowOrigins;return r&&(r==="*"?(Ct(t),At(t)):t={...t,allowOrigins:r.map(n=>typeof n=="string"&&n!==S&&(n=Ue.Filtering.regexify(n),typeof n=="string")?Ht(n).toLowerCase():n)}),t}}function ge(t,e){if(e===void 0)return t!==void 0?t===S?[S]:t:[];if(t===void 0)return e===S?[S]:e;if(t==me||t===De)return e===S?[S]:e;if(e==me||e===De)return t===S?[S]:t;if(t===S||t.includes(S)||e===S||e.includes(S))return[S];let r=new Set;return t.forEach(n=>r.add(n)),e.forEach(n=>r.add(n)),Array.from(r)}var re=(t,e)=>e===void 0?t:{allowOrigins:ge(t.allowOrigins,e?.allowOrigins),allowMethods:ge(t.allowMethods,e?.allowMethods),allowHeaders:ge(t.allowHeaders,e?.allowHeaders),exposeHeaders:ge(t.exposeHeaders,e?.exposeHeaders),allowCredentials:e?.allowCredentials??t.allowCredentials,allowPrivateNetwork:e?.allowPrivateNetwork??t.allowPrivateNetwork,maxAge:e?.maxAge??t.maxAge},Tr=t=>{let e=t.corsConfigSource,r=t.corsProcessor??Rr;return async(n,o)=>{let s=await e(n);!r(n,s)||vt(n.request)||await o()}},Et=Tr,P=b("cors");function te(t){t.setStatusCode(g.FORBIDDEN)}function kr(t,e,r){let{request:n,response:o}=t,s=o.headers,i=n.headers.one("origin"),a=Mr(e,i);if(a===void 0)return P.enabledFor("debug")&&P.debug(`reject: '${i}' origin is not allowed`),te(o),!1;let c=Lr(n,r),d=Wr(e,c);if(d===void 0)return P.enabledFor("debug")&&P.debug(`reject: HTTP '${c}' is not allowed`),te(o),!1;let u=$r(n,r),p=Ir(e,u);if(r&&p===void 0)return P.enabledFor("debug")&&P.debug(`reject: headers '${u}' are not allowed`),te(o),!1;s.set("Access-Control-Allow-Origin",a),r&&s.set("Access-Control-Allow-Methods",d.join(",")),r&&p!==void 0&&p.length>0&&s.set("Access-Control-Allow-Headers",p.join(", "));let f=e.exposeHeaders;return f&&f.length>0&&s.set("Access-Control-Expose-Headers",f.join(", ")),e.allowCredentials&&s.set("Access-Control-Allow-Credentials","true"),e.allowPrivateNetwork&&n.headers.one("access-control-request-private-network")==="true"&&s.set("Access-Control-Allow-Private-Network","true"),r&&e.maxAge!==void 0&&s.set("Access-Control-Max-Age",e.maxAge.toString()),!0}var S="*",Or=["GET","HEAD"];function Ct(t){if(t.allowCredentials===!0&&t.allowOrigins===S)throw new Error('when allowCredentials is true allowOrigins cannot be "*"')}function At(t){if(t.allowPrivateNetwork===!0&&t.allowOrigins===S)throw new Error('when allowPrivateNetwork is true allowOrigins cannot be "*"')}function Mr(t,e){if(e){let r=t.allowOrigins;if(r){if(r===S)return Ct(t),At(t),S;let n=Ht(e.toLowerCase());for(let o of r)if(o===S||Ue.Filtering.valueMatches(o,n))return e}}}function Wr(t,e){if(e){let r=t.allowMethods??Or;if(r===S)return[e];if(Ue.Filtering.valuesMatch(r,e))return r}}function Ir(t,e){if(e===void 0)return;if(e.length==0)return[];let r=t.allowHeaders;if(r===void 0)return;let n=r===S||r.includes(S),o=[];for(let s of e){let i=s?.trim();if(i){if(n)o.push(i);else for(let a of r)if(i.toLowerCase()===a){o.push(i);break}}}if(o.length>0)return o}function Ht(t){return t.endsWith("/")?t.slice(0,-1):t}function Lr(t,e){return e?t.headers.one("access-control-request-method"):t.method}function $r(t,e){let r=t.headers;return e?r.list("access-control-request-headers"):Array.from(r.keys())}var Pt=t=>async e=>{for(let[r,n]of t.mappings)if((await r(e)).match)return P.debug(`resolved cors config on '${e.request.path}' using ${r}: ${JSON.stringify(n)}`),n};import{IOGateway as Nr}from"@interopio/gateway";function Rt(t){let{sockets:e,cors:r}=t,n=t.corsConfig===!1?void 0:re(xt,t.corsConfig),o=[];for(let[i,a]of e){let c=n;for(let[u,p]of r)Nr.Filtering.valueMatches(u,i)&&(p===void 0?c=void 0:c=c===void 0?p:re(c,p));let d=t.corsConfig===!1?void 0:{allowOrigins:a.originFilters?.allow,allowMethods:["GET","CONNECT","OPTIONS"],allowHeaders:["Upgrade","Connection","Origin","Sec-Websocket-Key","Sec-Websocket-Version","Sec-Websocket-Protocol","Sec-Websocket-Extensions"],exposeHeaders:["Sec-Websocket-Accept","Sec-Websocket-Protocol","Sec-Websocket-Extensions"],allowCredentials:a.authorize?.access!=="permitted"?!0:void 0};c=c===void 0?d:re(c,d),o.push([G([D,H(i)]),ye(c)])}let s=[];for(let[i,a]of r){let[,c]=s.find(([u])=>String(u)===String(i))??[i,n];c=c===void 0?a:re(c,a);let d=!1;for(let u of s)if(String(u[0])===String(i)){u[1]=c,d=!0;break}d||s.push([i,c])}for(let[i,a]of s)o.push([H(i),ye(a)]);return o.push([H(/\/api\/.*/),ye(n)]),Pt({mappings:o})}function Tt(t){return t!==void 0&&typeof t.type=="string"&&typeof t.authenticated=="boolean"}var C=class extends Error{_authentication;get authentication(){return this._authentication}set authentication(e){if(e===void 0)throw new TypeError("Authentication cannot be undefined");this._authentication=e}},Se=class extends C{},we=class extends C{};var U=class extends Error{},W=class{constructor(e){this.granted=e}granted},N=class{#e;constructor(e){this.#e=e}async verify(e,r){if(!(await this.#e(e,r))?.granted)throw new U("Access denied")}async authorize(e,r){return await this.#e(e,r)}},j=class extends C{};var R=t=>async e=>{let r=!0,{response:n}=e;for(let o of t.keys())n.headers.has(o)&&(r=!1);if(r)for(let[o,s]of t)n.headers.set(o,s)},Fr=()=>R(new v().add("cache-control","no-cache, no-store, max-age=0, must-revalidate").add("pragma","no-cache").add("expires","0")),Br=()=>R(new v().add("x-content-type-options","nosniff")),Dr=(t,e,r)=>{let n=`max-age=${t}`;e&&(n+=" ; includeSubDomains"),r&&(n+=" ; preload");let o=R(new v().add("strict-transport-security",n)),s=i=>i.request.URL.protocol==="https:";return async i=>{s(i)&&await o(i)}},Ur=t=>R(new v().add("x-frame-options",t)),qr=t=>R(new v().add("x-xss-protection",t)),_r=t=>{let e=t===void 0?void 0:R(new v().add("permissions-policy",t));return async r=>{e!==void 0&&await e(r)}},zr=(t,e)=>{let r=e?"content-security-policy-report-only":"content-security-policy",n=t===void 0?void 0:R(new v().add(r,t));return async o=>{n!==void 0&&await n(o)}},Gr=(t="no-referrer")=>R(new v().add("referer-policy",t)),jr=t=>{let e=t===void 0?void 0:R(new v().add("cross-origin-opener-policy",t));return async r=>{e!==void 0&&await e(r)}},Vr=t=>{let e=t===void 0?void 0:R(new v().add("cross-origin-embedder-policy",t));return async r=>{e!==void 0&&await e(r)}},Jr=t=>{let e=t===void 0?void 0:R(new v().add("cross-origin-resource-policy",t));return async r=>{e!==void 0&&await e(r)}},Qr=(...t)=>async e=>{for(let r of t)await r(e)};function qe(t){let e=[];t?.cache?.disabled||e.push(Fr()),t?.contentType?.disabled||e.push(Br()),t?.hsts?.disabled||e.push(Dr(t?.hsts?.maxAge??365*24*60*60,t?.hsts?.includeSubDomains??!0,t?.hsts?.preload??!1)),t?.frameOptions?.disabled||e.push(Ur(t?.frameOptions?.mode??"DENY")),t?.xss?.disabled||e.push(qr(t?.xss?.headerValue??"0")),t?.permissionsPolicy?.disabled||e.push(_r(t?.permissionsPolicy?.policyDirectives)),t?.contentSecurityPolicy?.disabled||e.push(zr(t?.contentSecurityPolicy?.policyDirectives??"default-src 'self'",t?.contentSecurityPolicy?.reportOnly)),t?.refererPolicy?.disabled||e.push(Gr(t?.refererPolicy?.policy??"no-referrer")),t?.crossOriginOpenerPolicy?.disabled||e.push(jr(t?.crossOriginOpenerPolicy?.policy)),t?.crossOriginEmbedderPolicy?.disabled||e.push(Vr(t?.crossOriginEmbedderPolicy?.policy)),t?.crossOriginResourcePolicy?.disabled||e.push(Jr(t?.crossOriginResourcePolicy?.policy)),t?.writers&&e.push(...t.writers);let r=Qr(...e);return async(n,o)=>{await r(n),await o()}}var V=t=>{let e=t.entryPoint,r=t?.rethrowAuthenticationServiceError??!0;return async({exchange:n},o)=>{if(!r||!(o instanceof j))return e(n,o);throw o}};var Yr="Realm",Kr=t=>`Basic realm="${t}"`,J=t=>{let e=Kr(t?.realm??Yr);return async(r,n)=>{let{response:o}=r;o.setStatusCode(g.UNAUTHORIZED),o.headers.set("WWW-Authenticate",e)}};var kt="Basic ",be=t=>async e=>{let{request:r}=e,n=r.headers.one("authorization");if(!n||!/basic/i.test(n.substring(0)))return;let o=n.length<=kt.length?"":n.substring(kt.length),i=Buffer.from(o,"base64").toString(t?.credentialsEncoding??"utf-8").split(":",2);if(i.length===2)return{type:"UsernamePassword",authenticated:!1,principal:i[0],credentials:i[1]}};import{AsyncLocalStorage as Xr}from"node:async_hooks";var F=class t{static hasSecurityContext(e){return e.getStore()?.securityContext!==void 0}static async getSecurityContext(e){return await e.getStore()?.securityContext}static clearSecurityContext(e){delete e.getStore()?.securityContext}static withSecurityContext(e){return(r=new Xr)=>(r.getStore().securityContext=e,r)}static withAuthentication(e){return t.withSecurityContext(Promise.resolve({authentication:e}))}static async getContext(e){if(t.hasSecurityContext(e))return t.getSecurityContext(e)}};async function Zr(t,e,r,n,o,s){let a=await(await n(t))?.(r);if(a===void 0)throw new Error("No authentication manager found for the exchange");try{await en(a,{exchange:t,next:e},o,s)}catch(c){throw c instanceof C,c}}async function en(t,e,r,n){F.withAuthentication(t)(n),await r(e,t)}function Q(t){let e={matcher:ee,successHandler:async({next:n})=>{await n()},converter:be({}),failureHandler:V({entryPoint:J({})}),...t},r=e.managerResolver;if(r===void 0&&e.manager!==void 0){let n=e.manager;r=async o=>n}if(r===void 0)throw new Error("Authentication filter requires a managerResolver or a manager");return async(n,o)=>{let i=(await e.matcher(n)).match?await e.converter(n):void 0;if(i===void 0){await o();return}try{await Zr(n,o,i,r,e.successHandler,e.storage)}catch(a){if(a instanceof C){await e.failureHandler({exchange:n,next:o},a);return}throw a}}}var Ot=t=>async(e,r)=>{e.response.setStatusCode(t.httpStatus)};var Y=b("auth.entry-point"),ve=t=>{let e=t.defaultEntryPoint??(async({response:r},n)=>{r.setStatusCode(g.UNAUTHORIZED),await r.end()});return async(r,n)=>{for(let[o,s]of t.entryPoints)if(Y.enabledFor("debug")&&Y.debug(`trying to match using: ${o}`),(await o(r)).match)return Y.enabledFor("debug")&&Y.debug(`match found. using default entry point ${s}`),s(r,n);return Y.enabledFor("debug")&&Y.debug(`no match found. using default entry point ${e}`),e(r,n)}};var Mt=t=>async({exchange:e,next:r},n)=>{for(let o of t)await o({exchange:e,next:r},n)};function _e(t){let e=async f=>f.request.headers.list("X-Requested-With").includes("XMLHttpRequest")?A():E,r=ve({entryPoints:[[e,Ot({httpStatus:g.UNAUTHORIZED})]],defaultEntryPoint:J({})}),n=t.entryPoint??r,o=t.manager,s=Fe({mediaTypes:["application/atom+xml","application/x-www-form-urlencoded","application/json","application/octet-stream","application/xml","multipart/form-data","text/xml"],ignoredMediaTypes:["*/*"]}),i=yt(Fe({mediaTypes:["text/html"]})),a=G([i,s]),c=mt([e,a]);t.defaultEntryPoints.push([c,n]);let d=t.failureHandler??V({entryPoint:n}),u=Mt(t.successHandlers??t.defaultSuccessHandlers),p=be({});return Q({storage:t.storage,manager:o,failureHandler:d,successHandler:u,converter:p})}var Wt={invalid_request:"invalid_request",invalid_token:"invalid_token",insufficient_scope:"insufficient_scope"},It="https://tools.ietf.org/html/rfc6750#section-3.1";function xe(t){return{errorCode:Wt.invalid_token,httpStatus:g.UNAUTHORIZED,description:t,uri:It}}function ze(t){return{errorCode:Wt.invalid_request,httpStatus:g.BAD_REQUEST,description:t,uri:It}}var tn="access_token",rn=/^Bearer\s+(?<token>[a-zA-Z0-9-._~+/]+=*)$/i,k=class extends C{error;constructor(e,r,n){super(r??(typeof e=="string"?void 0:e.description),n),this.error=typeof e=="string"?{errorCode:e}:e}},Lt=t=>t.type==="BearerToken",nn=t=>async e=>{let{request:r}=e;return Promise.all([sn(r.headers,t?.headerName).then(n=>n!==void 0?[n]:void 0),an(r,t?.uriQueryParameter),cn(e,t?.formEncodedBodyParameter)]).then(n=>n.filter(o=>o!==void 0).flat(1)).then(on).then(n=>{if(n)return{authenticated:!1,type:"BearerToken",token:n}})};async function on(t){if(t.length===0)return;if(t.length>1){let r=ze("Found multiple access tokens in the request");throw new k(r)}let e=t[0];if(!e||e.length===0){let r=ze("The requested access token parameter is an empty string");throw new k(r)}return e}async function sn(t,e="authorization"){let r=t.one(e);if(!r||!/bearer/i.test(r.substring(0)))return;let n=rn.exec(r);if(n===null){let o=xe("Bearer token is malformed");throw new k(o)}return n.groups?.token}async function $t(t){let e=t.getAll(tn);if(e.length!==0)return e}async function an(t,e=!1){if(!(!e||t.method!=="GET"))return $t(t.URL.searchParams)}async function cn(t,e=!1){let{request:r}=t;if(!e||r.headers.one("content-type")!=="application/x-www-form-urlencoded"||r.method!=="POST")return;let n=await t.request.formData();if(n)return $t(n)}var Ee=nn;function dn(t){let e="Bearer";if(t.size!==0){e+=" ";let r=0;for(let[n,o]of t)e+=`${n}="${o}"`,r!==t.size-1&&(e+=", "),r++}return e}var Nt=t=>t.httpStatus!==void 0;function un(t){if(t instanceof k){let{error:e}=t;if(Nt(e))return e.httpStatus}return g.UNAUTHORIZED}function ln(t,e){let r=new Map;if(e&&r.set("realm",e),t instanceof k){let{error:n}=t;r.set("error",n.errorCode),n.description&&r.set("error_description",n.description),n.uri&&r.set("error_uri",n.uri),Nt(n)&&n.scope&&r.set("scope",n.scope)}return r}var pn=t=>async(e,r)=>{let n=un(r),o=ln(r,t?.realmName),s=dn(o),{response:i}=e;i.headers.set("WWW-Authenticate",s),i.setStatusCode(n),await i.end()},Ce=pn;var hn=t=>{let e=t?.principalClaimName??"sub";return r=>({type:"JwtToken",authenticated:!0,name:r.getClaimAsString(e)})},fn=t=>async e=>t(e),K=class extends Error{},ne=class extends K{};function gn(t){if(t instanceof ne)return new k(xe(t.message),t.message,{cause:t});throw new j(t.message,{cause:t})}function Ge(t){let e=t.decoder,r=t.authConverter??fn(hn({}));return async n=>{if(Lt(n)){let o=n.token;try{let s=await e(o);return await r(s)}catch(s){throw s instanceof K?gn(s):s}}}}function je(t){let e=t.entryPoint??Ce({}),r=t?.converter??Ee({}),n=t.failureHandler??V({entryPoint:e});if(t.managerResolver!==void 0)return Q({storage:t.storage,converter:r,failureHandler:n,managerResolver:t.managerResolver});if(t.jwt!==void 0){let o=t.jwt.manager??Ge(t.jwt);return Q({storage:t.storage,converter:r,failureHandler:n,managerResolver:async s=>o})}throw new Error("Invalid resource server configuration: either managerResolver or jwt must be provided")}import{jwtVerifier as Sn,JwtVerifyError as wn}from"@interopio/gateway/jose/jwt";async function Ft(t,e,r){let n=new Se("Full authentication is required to access this resource."),o=new C("Access Denied",{cause:n});e&&(o.authentication=e),await r(t,o)}function mn(t){return async(e,r)=>{e.response.setStatusCode(t),e.response.headers.set("Content-Type","text/plain; charset=utf-8");let n=Buffer.from("Access Denied","utf-8");e.response.headers.set("Content-Length",n.length),await e.response.body(n)}}var Bt=t=>{let e=mn(g.FORBIDDEN),r=t.authenticationEntryPoint??J();return async(n,o)=>{try{await o()}catch(s){if(s instanceof U){let i=await n.principal();Tt(i)?(i.authenticated||await e(n,s),await Ft(n,i,r)):await Ft(n,void 0,r);return}throw s}}};var yn=b("security.auth");function Ve(t){let e=async(r,n)=>{let o;for(let[s,i]of t.mappings)if((await s(n))?.match){yn.debug(`checking authorization on '${n.request.path}' using [${s}, ${i}]`);let a=await i.authorize(r,{exchange:n});if(a!==void 0){o=a;break}}return o??=new W(!1),o};return new N(e)}var Ae=b("security.auth");function Je(t){let{manager:e,storage:r}=t;return async(n,o)=>{let s=F.getContext(r).then(i=>i?.authentication);try{await e.verify(s,n),Ae.enabledFor("debug")&&Ae.debug("authorization successful")}catch(i){throw i instanceof U&&Ae.enabledFor("debug")&&Ae.debug(`authorization failed: ${i.message}`),i}await o()}}var Qe=class extends pe{#e;constructor(e,r){super(e),this.#e=r}async principal(){return(await this.#e())?.authentication}},Dt=t=>{let e=t.storage;return async(r,n)=>{await n(new Qe(r,async()=>await F.getContext(e)))}};var I={first:Number.MAX_SAFE_INTEGER,http_headers:100,https_redirect:200,cors:300,http_basic:600,authentication:800,security_context_server_web_exchange:1500,error_translation:1800,authorization:1900,last:Number.MAX_SAFE_INTEGER},L=Symbol.for("filterOrder"),Ut=(t,e)=>{let r=[];class n{#e;#r=[];manager;get authenticationEntryPoint(){return this.#e!==void 0||this.#r.length===0?this.#e:this.#r.length===1?this.#r[0][1]:ve({entryPoints:this.#r,defaultEntryPoint:this.#r[this.#r.length-1][1]})}build(){if(t.headers!==void 0&&t.headers.disabled!==!0){let a=qe(t.headers);a[L]=I.http_headers,r.push(a)}if(t.cors?.disabled!==!0&&e.corsConfigSource!==void 0){let a=Et({corsConfigSource:e.corsConfigSource});a[L]=I.cors,r.push(a)}if(t.basic!==void 0&&t.basic?.disabled!==!0){let a=t.basic.user?.name.toLowerCase(),c=t.basic.user?.password??"",d=t.basic.user?.authorities??[],u=async l=>{let h=l.principal,w=l.credentials;if(h.toLowerCase()!==a||w!==c)throw new we("Invalid username or password");return{type:"UsernamePassword",authenticated:!0,principal:h,credentials:w,authorities:[...d]}},p=[async({exchange:l,next:h},w)=>h()],f=_e({storage:e.storage,manager:u,defaultEntryPoints:this.#r,defaultSuccessHandlers:p});f[L]=I.http_basic,r.push(f)}if(t.jwt!==void 0&&t.jwt.disabled!==!0){let a=Sn({issuerBaseUri:t.jwt.issuerUri,issuer:t.jwt.issuer,audience:t.jwt.audience}),c=async l=>{try{let{payload:h}=await a(l);return{subject:h.sub,getClaimAsString(w){return h[w]}}}catch(h){throw h instanceof wn?new ne(h.message,{cause:h}):new K("error occurred while attempting to decoding jwt",{cause:h})}},d=Ee({uriQueryParameter:!0}),u=async l=>{try{return await d(l)===void 0?E:A()}catch{return E}},p=Ce({});this.#r.push([u,p]);let f=je({storage:e.storage,entryPoint:p,converter:d,jwt:{decoder:c}});f[L]=I.authentication,r.push(f)}let i=Dt({storage:e.storage});if(r.push(i),i[L]=I.security_context_server_web_exchange,t.authorize!==void 0){let a=Bt({authenticationEntryPoint:this.authenticationEntryPoint});a[L]=I.error_translation,r.push(a);let d=(p=>{let f=[],l=!1;for(let[h,w]of p??[]){let m;if(h==="any-exchange")l=!0,m=ee;else{if(l)throw new Error("Cannot register other matchers after 'any-exchange' matcher");m=h}let x;if(w.access==="permitted")x=new N(async()=>new W(!0)),x.toString=()=>"AuthorizationManager[permitted]";else if(w.access==="denied")x=new N(async()=>new W(!1)),x.toString=()=>"AuthorizationManager[denied]";else if(w.access==="authenticated")x=new N(async X=>{let B=await X;return B!==void 0?new W(B.authenticated):new W(!1)}),x.toString=()=>"AuthorizationManager[authenticated]";else throw new Error(`Unknown access type: ${JSON.stringify(w)}`);f.push([m,x])}return Ve({mappings:f})})(t.authorize),u=Je({manager:d,storage:e.storage});u[L]=I.authorization,r.push(u)}r.sort((a,c)=>{let d=a[L]??I.last,u=c[L]??I.last;return d-u})}}return new n().build(),r};function bn(t){let e=[],r={access:t.authConfig?.type!=="none"?"authenticated":"permitted"};for(let[n,o]of t.sockets){let s=o.authorize??r,i=H(n,{method:"GET"});i=G([D,i]),e.push([i,s])}return e.push([H("/",{method:"GET"}),{access:"permitted"}]),e.push([H("/favicon.ico",{method:"GET"}),{access:"permitted"}]),e.push([H("/health",{method:"GET"}),{access:"permitted"}]),t.authorize.length>0&&e.push(...t.authorize),e.push(["any-exchange",r]),{authorize:e,cors:{disabled:t.corsConfig===!1},basic:{disabled:t.authConfig?.type!=="basic",...t.authConfig?.basic},jwt:{disabled:t.authConfig?.type!=="oauth2",...t.authConfig?.oauth2?.jwt}}}async function qt(t){let e=Rt(t),r=bn(t),{storage:n}=t;return Ut(r,{storage:n,corsConfigSource:e})}import{AsyncLocalStorage as vn}from"node:async_hooks";var He=class extends z{},Ye=class{#e;#r=!1;#t;#o;constructor(e,r){this.#e=e,this.#t=r}createExchange(e,r){return new he(e,r)}set storage(e){this.#o=e}set enableLoggingRequestDetails(e){this.#r=e}formatHeaders(e){let r="{";for(let n of e.keys())if(this.#r){let o=e.get(n);r+=`"${n}": "${o}", `}else{r+="masked, ";break}return r.endsWith(", ")&&(r=r.slice(0,-2)),r+="}",r}formatRequest(e){let r=e.URL.search;return`HTTP ${e.method} "${e.path}${r}`}logRequest(e){if(this.#e.enabledFor("debug")){let r=this.#e.enabledFor("trace");this.#e.debug(`${e.logPrefix}${this.formatRequest(e.request)}${r?`, headers: ${this.formatHeaders(e.request.headers)}`:""}"`)}}logResponse(e){if(this.#e.enabledFor("debug")){let r=this.#e.enabledFor("trace"),n=e.response.statusCode;this.#e.debug(`${e.logPrefix}Completed ${n??"200 OK"}${r?`, headers: ${this.formatHeaders(e.response.headers)}`:""}"`)}}handleUnresolvedError(e,r){let{request:n,response:o,logPrefix:s}=e;if(o.setStatusCode(g.INTERNAL_SERVER_ERROR)){this.#e.error(`${s}500 Server Error for ${this.formatRequest(n)}`,r);return}throw this.#e.error(`${s}Error [${r.message} for ${this.formatRequest(n)}, but already ended (${o.statusCode})`,r),r}async web(e){return await this.#t(e)}async http(e,r){let n=this.createExchange(e,r),o=()=>(this.logRequest(n),this.web(n).then(()=>{this.logResponse(n)}).catch(s=>{this.handleUnresolvedError(n,s)}).then(async()=>{await n.response.end()}));await new Promise((s,i)=>{this.#o!==void 0?this.#o.run({exchange:n},()=>{o().then(()=>s()).catch(a=>i(a))}):o().then(()=>s()).catch(a=>i(a))})}},Pe=class{#e;#r=new vn;#t;storage(e){return this.#r=e,this}httpHandlerDecorator(e){if(this.#t===void 0)this.#t=e;else{let r=this.#t;this.#t=n=>(n=r(n),e(n))}return this}constructor(e){this.#e=e}build(){let e=b("http"),r=new Ye(e,this.#e);this.#r!==void 0&&(r.storage=this.#r),r.enableLoggingRequestDetails=!1;let n=async(o,s)=>r.http(o,s);return this.#t?this.#t(n):n}};import{WebSocketServer as En}from"ws";function _t(t,e){let r=t?.exchange,n=r?.request??new _(t),o=r?.principal,s=o?o.bind(r):async function(){},i=n.URL,a=new v;for(let f of n.headers.keys())a.set(f,n.headers.list(f));let c=n.cookies,d=r?.logPrefix??`[${n.id}] `,u=n.remoteAddress;return{url:i,headers:a,cookies:c,principal:s,protocol:e,remoteAddress:u,logPrefix:d}}function zt(t){return[async(r,n)=>{let s=r.request.path??"/",i=t.sockets,a=i.get(s)??Array.from(i.values()).find(c=>{if(s==="/"&&c.default===!0)return!0});if(a!==void 0){let{request:c,response:d}=r,u=await D(r);if((c.method==="GET"||c.method==="CONNECT")&&u.match)if(a.upgradeStrategy!==void 0){a.upgradeStrategy(r);return}else throw new Error(`No upgrade strategy defined for route on ${s}`);else{if(a.default){await n();return}d.setStatusCode(g.UPGRADE_REQUIRED),d.headers.set("Upgrade","websocket").set("Connection","Upgrade").set("Content-Type","text/plain");let p=Buffer.from(`This service [${c.path}] requires use of the websocket protocol.`,"utf-8");await d.body(p)}}else await n()}]}import{WebSocket as xn}from"ws";var Re=class extends xn{constructor(e,r,n){super(null,void 0,n)}connected},Te=class t{static#e=Buffer.alloc(0);static#r=[0,Buffer.alloc(8)];#t;#o;#i;#s=!1;#n;constructor(e,r,n){this.#n=e,this.#o=typeof n=="number"?n:n?.interval,this.#t=typeof n=="number"||n?.data==="timestamp"?()=>t.#d(Date.now()):()=>t.#e,this.#o&&(this.#i=setInterval(()=>{let[o,s]=r();for(let i of s)this.#a(i,o)||this.#c(i,o)},this.#o))}#a(e,r){return e.connected===!1?(this.#n.enabledFor("debug")&&this.#n.debug(`terminating unresponsive ws client on [${r}]`),e.terminate(),!0):!1}#c(e,r){e.connected=!1;let n=this.#t();this.#n.enabledFor("trace")&&this.#n.debug(`pinging ws client on [${r}]`),e.ping(n,this.#s,o=>{o&&this.#n.enabledFor("warn")&&this.#n.warn(`failed to ping ws client on [${r}]`,o)})}static#d(e=Date.now()){if(e-t.#r[0]>0){let r=Buffer.allocUnsafe(8);r.writeBigInt64BE(BigInt(e),0),t.#r=[e,r]}return t.#r[1]}static#u(e){return e.length===8?Number(e.readBigInt64BE(0)):0}close(){clearInterval(this.#i)}handlePing(e,r,n){r.connected=!0,r.pong(n,!1,o=>{o&&this.#n.enabledFor("warn")&&this.#n.warn(`${e.logPrefix}failed to pong ws client ${$(e.remoteAddress)}`,o)})}handlePong(e,r,n){if(r.connected=!0,this.#n.enabledFor("warn")){let o=t.#u(n);if(o>0){let s=Date.now()-o;this.#n.enabledFor("debug")&&this.#n.debug(`${e.logPrefix}ws client ${$(e.remoteAddress)} ping-pong latency: ${s}ms`),this.#o&&s>this.#o/2&&this.#n.enabledFor("warn")&&this.#n.warn(`${e.logPrefix}ws client ${$(e.remoteAddress)} high ping-pong latency: ${s}ms`)}}}};var T=b("ws");function Cn(t,e,r,n){return o=>{let{logPrefix:s,request:i}=o,a=le.getNativeRequest(i);a.exchange=o;let{socket:c,upgradeHead:d}=a,u=i.host;if(c.removeListener("error",n),e.maxConnections!==void 0&&r.clients?.size>=e.maxConnections){T.warn(`${s}dropping ws connection request on ${u}${t}. max connections exceeded.`),c.destroy();return}let p=i.headers.one("origin");if(!ft(p,e.originFilters)){T.enabledFor("info")&&T.info(`${s}dropping ws connection request on ${u}${t}. origin ${p??"<missing>"}`),c.destroy();return}T.enabledFor("debug")&&T.debug(`${s}accepted new ws connection request on ${u}${t}`),r.handleUpgrade(a,c,d,(f,l)=>{r.emit("connection",f,l)})}}function An(t,e){let r=new Set;t.forEach((o,s)=>{if(s===0&&o.startsWith("HTTP/1.1 101 ")){e.setStatusCode(g.SWITCHING_PROTOCOLS);return}let[i,a]=o.split(": ");e.headers.has(i)?t[s]=`${i}: ${e.headers.one(i)}`:e.headers.set(i,a),r.add(i.toLowerCase())});let n=z.getNativeResponse(e);for(let o of n.getRawHeaderNames()){let s=o.toLowerCase();if(!r.has(s)){let i=e.headers.get(s);i!==void 0&&t.push(`${o}: ${i}`)}}n.markHeadersSent()}async function Gt(t,e,r,n,o){try{T.info(`creating ws server for [${t}]. max connections: ${e.maxConnections??"<unlimited>"}, origin filters: ${e.originFilters?JSON.stringify(e.originFilters,rt):"<none>"}, ping: ${typeof e.ping=="number"?e.ping+"ms":e.ping?JSON.stringify(e.ping):"<none>"}`);let s=new En({noServer:!0,WebSocket:Re,autoPong:!1}),i=new Te(T.child("pings"),()=>[t,s.clients],e.ping),a=await e.factory({endpoint:r,storage:n});s.on("error",c=>{T.error(`error starting the ws server for [${t}]`,c)}).on("listening",()=>{T.info(`ws server for [${t}] is listening`)}).on("headers",(c,d)=>{if(d.exchange!==void 0){let{response:u}=d.exchange;An(c,u)}}).on("connection",(c,d)=>{let u=_t(d,c.protocol);c.on("pong",p=>{i.handlePong(u,c,p)}),c.on("ping",p=>{i.handlePing(u,c,p)}),a({socket:c,handshake:u})}),s.on("close",()=>{i.close()}),e.upgradeStrategy=Cn(t,e,s,o),e.close=async()=>{await a.close?.call(a),T.info(`stopping ws server for [${t}]. clients: ${s.clients?.size??0}`),s.clients?.forEach(c=>{c.terminate()}),s.close()}}catch(s){T.warn(`failed to init route ${t}`,s)}}var O=b("app");function kn(t){let e={};return t.key&&(e.key=Ke(t.key)),t.cert&&(e.cert=Ke(t.cert)),t.ca&&(e.ca=Ke(t.ca)),e}async function On(t,e){let r=t.build();return async(n,o)=>{n.socket.addListener("error",e);let s;o instanceof q?s=o:(n.upgradeHead=o,s=new q(n),s.assignSocket(n.socket));let i=new _(n),a=new ue(s),c=i.method==="HEAD"?new He(a):a;await r(i,c)}}function Mn(t){return new Promise((e,r)=>{let n=t(o=>{o?r(o):e(n)})})}function Wn(t){if(t)return ut({memoryLimit:t.memory_limit,dumpLocation:t.dump_location,dumpPrefix:t.dump_prefix,reportInterval:t.report_interval,maxBackups:t.max_backups})}async function In(t){let e=t.storage,r=await qt(t),n=zt(t),o=ot(ht(t.serverHeader),...r,...n,...t.middleware,async({request:s,response:i},a)=>{if(s.method==="GET"&&s.path==="/health"){i.setStatusCode(g.OK);let c=Buffer.from("UP","utf-8");i.headers.set("Content-Type","text/plain; charset=utf-8"),await i.body(c)}else await a()},async({request:s,response:i},a)=>{if(s.method==="GET"&&s.path==="/"){i.setStatusCode(g.OK);let c=Buffer.from("io.Gateway Server","utf-8");i.headers.set("Content-Type","text/plain; charset=utf-8"),await i.body(c)}else await a()},async({response:s},i)=>{s.setStatusCode(g.NOT_FOUND),await s.end()});return new Pe(o).storage(e)}var Xe=async t=>{let e=t.ssl,r=e?(l,h)=>Pn.createServer({...l,...kn(e)},h):(l,h)=>Hn.createServer(l,h),n=Wn(t.memory),o={middleware:[],corsConfig:t.cors,cors:[],authConfig:t.auth,authorize:[],storage:new Rn,sockets:new Map},s=Tn.Factory({...t.gateway});if(t.gateway){let l=t.gateway;await Be(async h=>{h.socket({path:l.route,factory:nt.bind(s),options:l})},t,o)}t.app&&await Be(t.app,t,o);let i=Ze(t.port??0),a=t.host,c=l=>O.error(`socket error: ${l}`,l),d=await In(o),u=await On(d,c),f=await new Promise((l,h)=>{let w=r({IncomingMessage:ae,ServerResponse:q,...t.http},u);w.on("error",m=>{if(m.code==="EADDRINUSE"){O.debug(`port ${m.port} already in use on address ${m.address}`);let{value:x}=i.next();x?(O.info(`retry starting server on port ${x} and host ${a??"<unspecified>"}`),w.close(),w.listen(x,a)):(O.warn(`all configured port(s) ${t.port} are in use. closing...`),w.close(),h(m))}else O.error(`server error: ${m.message}`,m),h(m)}),w.on("listening",async()=>{let m=w.address();for(let[x,X]of o.sockets){let B=`${e?"wss":"ws"}://${et}:${m.port}${x}`;await Gt(x,X,B,o.storage,c)}O.info(`http server listening on ${e?"https":"http"}://${$(m)}`),l(w)}),w.on("upgrade",(m,x,X)=>{try{u(m,X)}catch(B){O.error(`upgrade error: ${B}`,B)}}).on("close",async()=>{O.info("http server closed.")});try{let{value:m}=i.next();w.listen(m,a)}catch(m){O.error("error starting web socket server",m),h(m instanceof Error?m:new Error(`listen failed: ${m}`))}});return new class{gateway=s;get address(){let l=f.address();return typeof l=="object"?l:null}async close(){for(let[l,h]of o.sockets)try{h.close!==void 0&&await h.close()}catch(w){O.warn(`error closing route ${l}`,w)}await Mn(l=>{f.closeAllConnections(),f.close(l)}),n&&await lt(n),s&&await s.stop()}}};var Ns=Xe;export{jt as GatewayServer,Ns as default};
1
+ var Or=Object.defineProperty;var Mr=(t,e)=>{for(var r in e)Or(t,r,{get:e[r],enumerable:!0})};var Tr={};Mr(Tr,{Factory:()=>Pt,VERSION:()=>Rr});import wo from"node:http";import So from"node:https";import{AsyncLocalStorage as bo}from"node:async_hooks";import{networkInterfaces as Ir}from"node:os";var Lr=/^(\d+|(0x[\da-f]+))(-(\d+|(0x[\da-f]+)))?$/i;function tt(t){if(t>65535)throw new Error(`bad port ${t}`);return t}function*kt(t){if(typeof t=="string")for(let e of t.split(",")){let r=e.trim(),n=Lr.exec(r);if(n){let o=parseInt(n[1]),i=parseInt(n[4]??n[1]);for(let s=tt(o);s<tt(i)+1;s++)yield s}else throw new Error(`'${e}' is not a valid port or range.`)}else yield tt(t)}var Rt=(()=>{function t(r){return r.length>0?r[0]:void 0}let e=Object.values(Ir()).flatMap(r=>(r??[]).filter(n=>n.family==="IPv4")).reduce((r,n)=>(r[n.internal?"internal":"external"].push(n),r),{internal:[],external:[]});return(t(e.internal)??t(e.external))?.address})();function B(t){if(t)return t.family==="IPv6"?`[${t.address}]:${t.port}`:`${t.address}:${t.port}`}import*as Tt from"@interopio/gateway/logging/core";function y(t){return Tt.getLogger(`gateway.server.${t}`)}function Ot(t,e){return e instanceof RegExp?e.toString():e}import{IOGateway as Dr}from"@interopio/gateway";import{AsyncLocalStorage as $r}from"node:async_hooks";var N=y("ws"),Wr=Dr.Encoding.json();function Ur(t){let e;if(t.authenticated&&(e=t.name,e===void 0&&t.principal!==void 0)){let r=t.principal;typeof r=="object"&&r!==null&&("username"in r||"name"in r)&&(e=r.username??r.name),e===void 0&&(r==null?e="":e=String(r))}return e}function Nr(t,e,r,n){let o=B(n),i=n?.address??"<unknown>",s={key:o,host:i,codec:Wr,onAuthenticate:async()=>{let a=await r();if(a?.authenticated)return{type:"success",user:Ur(a)};throw new Error(`no valid client authentication ${o}`)},onPing:()=>{e.ping(a=>{a?N.warn(`failed to ping ${o}`,a):N.info(`ping sent to ${o}`)})},onDisconnect:a=>{switch(a){case"inactive":{N.warn(`no heartbeat (ping) received from ${o}, closing socket`),e.close(4001,"ping expected");break}case"shutdown":{e.close(1001,"shutdown");break}}}};try{return t.client(a=>e.send(a),s)}catch(a){N.warn(`${o} failed to create client`,a)}}async function Fr(t){return N.info(`starting gateway on ${t.endpoint}`),await this.start(t),async({socket:e,handshake:r})=>{let{logPrefix:n,remoteAddress:o,principal:i}=r,s=(await i())?.name;N.info(`${n}connected on gw as ${s??"<anonymous>"}`);let a=await this.getGateway(s),c=Nr(a,e,i,o);if(!c){N.error(`${n}gw client init failed`),e.terminate();return}e.on("error",u=>{N.error(`${n}websocket error: ${u}`,u)});let d=t.storage!==void 0?$r.snapshot():void 0;e.on("message",(u,l)=>{Array.isArray(u)&&(u=Buffer.concat(u)),d!==void 0?d(()=>c.send(u)):c.send(u)}),e.on("close",u=>{N.info(`${n}disconnected from gw. code: ${u}`),c.close()})}}var Mt=Fr;import{IOGateway as It}from"@interopio/gateway";var E=y("gateway-manager");function Lt(){return globalThis.crypto.randomUUID().replaceAll("-","")}var Se=class{#e;#r;#t=new Map;#n=new Map;#i;#s=!1;#o;constructor(e){this.#i={baseConfig:e.baseConfig,scope:e.scope??"principal"},this.#e=e.baseConfig.node??Lt(),E.enabledFor("debug")&&E.debug(`creating default gateway with gateway id: ${this.#e}`),this.#r=It.Factory({...e.baseConfig,node:this.#e})}async start(e){return this.#s?this:(this.#o=e,E.debug("starting default gateway"),await this.#r.start(e),this.#s=!0,this)}async getGateway(e){if(this.#i.scope==="singleton"||!e)return this.#r;let r=this.#n.get(e),n=r?this.#t.get(r):void 0;return n?E.enabledFor("debug")&&E.debug(`reusing existing gateway for principal '${e}'`):(E.enabledFor("debug")&&E.debug(`no existing gateway for principal '${e}', creating new one`),n=await this.createPrincipalGateway(e)),n}async createPrincipalGateway(e){let r=Lt(),n={...this.#i.baseConfig,node:r};E.enabledFor("debug")&&E.debug(`creating gateway for principal '${e}' with gateway id: ${n.node}`);let o=It.Factory(n);return this.#n.set(e,r),this.#t.set(r,o),await o.start(this.#o),o}getGateways(){let e=new Map(this.#t);return e.set(this.#e,this.#r),e}info(e){if(e&&this.#e!==e){let r=this.#t.get(e);if(r)return r.info();throw new Error(`no gateway found with ID: ${e}`)}return e===this.#e?this.#r.info():{...this.#r.info(),managedGateways:this.#t.size,scope:this.#i.scope}}async stop(e){if(e&&this.#e!==e){let r=this.#t.get(e);if(r){E.info(`stopping gateway with ID: ${e}`),await r.stop(),this.#t.delete(e);for(let[n,o]of this.#n.entries())if(o===e){this.#n.delete(n);break}return r}else throw new Error(`no gateway found with ID: ${e}`)}if(e===this.#e)return E.debug("stopping default gateway (managed gateways will continue running)"),await this.#r.stop(),this.#s=!1,this.#r;E.info(`stopping all gateways (1 default + ${this.#t.size} managed)`);for(let[r,n]of this.#t.entries())E.enabledFor("debug")&&E.debug(`stopping gateway with ID: ${r}`),await n.stop();return this.#t.clear(),this.#n.clear(),E.debug("stopping default gateway"),await this.#r.stop(),this.#s=!1,this.#r}getPrincipalGatewayId(e){return this.#n.get(e)}getPrincipalGatewayIds(){return new Map(this.#n)}getDefaultGateway(){return this.#r}client(e,r){return this.#r.client(e,r)}async connect(e){return this.#r.connect(e)}getPrincipalCount(){return this.#t.size}};function Dt(...t){if(!Array.isArray(t))throw new Error("middleware must be array!");let e=t.flat();for(let r of e)if(typeof r!="function")throw new Error("middleware must be compose of functions!");return async function(r,n){let o=async(i,s)=>{let a=i===e.length?n:e[i];if(a===void 0)return;let c=!1,d=!1,l=await a(s,async g=>{if(c)throw new Error("next() called multiple times");c=!0;try{return await o(i+1,g??s)}finally{d=!0}});if(c&&!d)throw new Error(`middleware resolved before downstream.
2
+ You are probably missing an await or return statement in your middleware function.`);return l};return o(0,r)}}import{isIP as Gr}from"node:net";import{Cookie as rt}from"tough-cookie";function Br(t,e){let r=t.get("x-forwarded-host");if(Array.isArray(r)&&(r=r[0]),r){let n=t.one("x-forwarded-port");n&&(r=`${r}:${n}`)}return r??=t.one("host"),Array.isArray(r)&&(r=r[0]),r?r.split(",",1)[0].trim():e}function _r(t){let e=t.one("x-forwarded-ssl");return typeof e=="string"&&e.toLowerCase()==="on"}function qr(t,e){let r=t.get("x-forwarded-proto");return Array.isArray(r)&&(r=r[0]),r!==void 0?r.split(",",1)[0].trim():_r(t)?"https":e}function zr(t,e,r){let n=r?r.port:t.protocol==="https:"?443:80,o=e.one("x-forwarded-for");if(Array.isArray(o)&&(o=o[0]),o!==void 0)return o=o.split(",",1)[0].trim(),{address:o,port:Number(n),family:Gr(o)===6?"IPv6":"IPv4"}}var be=class{#e;constructor(e){this.#e=e}get headers(){return this.#e}},ve=class t extends be{static logIdCounter=0;#e;get id(){return this.#e===void 0&&(this.#e=`${this.initId()}-${++t.logIdCounter}`),this.#e}initId(){return"request"}get cookies(){return Vr(this.headers)}parseHost(e){return Br(this.headers,e)}parseProtocol(e){return qr(this.headers,e)}parseRemoteAddress(e){return zr(this.URL,this.headers,e)}},xe=class extends be{get cookies(){return Xr(this.headers)}setCookieValue(e){return new rt({key:e.name,value:e.value,maxAge:e.maxAge,domain:e.domain,path:e.path,secure:e.secure,httpOnly:e.httpOnly,sameSite:e.sameSite}).toString()}};function jr(t){let e=[];{let r=0,n=0;for(let o=0;o<t.length;o++)switch(t.charCodeAt(o)){case 32:r===n&&(r=n=o+1);break;case 44:e.push(t.slice(r,n)),r=n=o+1;break;default:n=n+1;break}e.push(t.slice(r,n))}return e}function $t(t){typeof t=="string"&&(t=[t]),typeof t=="number"&&(t=[String(t)]);let e=[];if(t)for(let r of t)r&&e.push(...jr(r));return e}function Vr(t){return t.list("cookie").map(e=>e.split(";").map(r=>rt.parse(r))).flat(1).filter(e=>e!==void 0).map(e=>Object.freeze({name:e.key,value:e.value}))}function Xr(t){return t.list("set-cookie").map(e=>{let r=rt.parse(e);if(r){let n={name:r.key,value:r.value,maxAge:Number(r.maxAge??-1)};return r.httpOnly&&(n.httpOnly=!0),r.domain&&(n.domain=r.domain),r.path&&(n.path=r.path),r.secure&&(n.secure=!0),r.httpOnly&&(n.httpOnly=!0),r.sameSite&&(n.sameSite=r.sameSite),Object.freeze(n)}}).filter(e=>e!==void 0)}var ue=class{constructor(){}toList(e){let r=this.get(e);return $t(r)}},x=class extends Map{get(e){return super.get(e.toLowerCase())}one(e){return this.get(e)?.[0]}list(e){let r=super.get(e.toLowerCase());return $t(r)}set(e,r){return typeof r=="number"&&(r=String(r)),typeof r=="string"&&(r=[r]),r?super.set(e.toLowerCase(),r):(super.delete(e.toLowerCase()),this)}add(e,r){let n=super.get(e.toLowerCase());return typeof r=="string"&&(r=[r]),n&&(r=n.concat(r)),this.set(e,r),this}};var nt=class{#e;constructor(e){this.#e=e}get value(){return this.#e}toString(){return this.#e.toString()}},w=class t{static CONTINUE=new t(100,"Continue");static SWITCHING_PROTOCOLS=new t(101,"Switching Protocols");static OK=new t(200,"OK");static CREATED=new t(201,"Created");static ACCEPTED=new t(202,"Accepted");static NON_AUTHORITATIVE_INFORMATION=new t(203,"Non-Authoritative Information");static NO_CONTENT=new t(204,"No Content");static RESET_CONTENT=new t(205,"Reset Content");static PARTIAL_CONTENT=new t(206,"Partial Content");static MULTI_STATUS=new t(207,"Multi-Status");static IM_USED=new t(226,"IM Used");static MULTIPLE_CHOICES=new t(300,"Multiple Choices");static MOVED_PERMANENTLY=new t(301,"Moved Permanently");static BAD_REQUEST=new t(400,"Bad Request");static UNAUTHORIZED=new t(401,"Unauthorized");static FORBIDDEN=new t(403,"Forbidden");static NOT_FOUND=new t(404,"Not Found");static METHOD_NOT_ALLOWED=new t(405,"Method Not Allowed");static NOT_ACCEPTABLE=new t(406,"Not Acceptable");static PROXY_AUTHENTICATION_REQUIRED=new t(407,"Proxy Authentication Required");static REQUEST_TIMEOUT=new t(408,"Request Timeout");static CONFLICT=new t(409,"Conflict");static GONE=new t(410,"Gone");static LENGTH_REQUIRED=new t(411,"Length Required");static PRECONDITION_FAILED=new t(412,"Precondition Failed");static PAYLOAD_TOO_LARGE=new t(413,"Payload Too Large");static URI_TOO_LONG=new t(414,"URI Too Long");static UNSUPPORTED_MEDIA_TYPE=new t(415,"Unsupported Media Type");static EXPECTATION_FAILED=new t(417,"Expectation Failed");static IM_A_TEAPOT=new t(418,"I'm a teapot");static TOO_EARLY=new t(425,"Too Early");static UPGRADE_REQUIRED=new t(426,"Upgrade Required");static PRECONDITION_REQUIRED=new t(428,"Precondition Required");static TOO_MANY_REQUESTS=new t(429,"Too Many Requests");static REQUEST_HEADER_FIELDS_TOO_LARGE=new t(431,"Request Header Fields Too Large");static UNAVAILABLE_FOR_LEGAL_REASONS=new t(451,"Unavailable For Legal Reasons");static INTERNAL_SERVER_ERROR=new t(500,"Internal Server Error");static NOT_IMPLEMENTED=new t(501,"Not Implemented");static BAD_GATEWAY=new t(502,"Bad Gateway");static SERVICE_UNAVAILABLE=new t(503,"Service Unavailable");static GATEWAY_TIMEOUT=new t(504,"Gateway Timeout");static HTTP_VERSION_NOT_SUPPORTED=new t(505,"HTTP Version Not Supported");static VARIANT_ALSO_NEGOTIATES=new t(506,"Variant Also Negotiates");static INSUFFICIENT_STORAGE=new t(507,"Insufficient Storage");static LOOP_DETECTED=new t(508,"Loop Detected");static NOT_EXTENDED=new t(510,"Not Extended");static NETWORK_AUTHENTICATION_REQUIRED=new t(511,"Network Authentication Required");static#e=[];static{Object.keys(t).filter(e=>e!=="VALUES"&&e!=="resolve").forEach(e=>{let r=t[e];r instanceof t&&(Object.defineProperty(r,"name",{enumerable:!0,value:e,writable:!1}),t.#e.push(r))})}static resolve(e){for(let r of t.#e)if(r.value===e)return r}#r;#t;constructor(e,r){this.#r=e,this.#t=r}get value(){return this.#r}get phrase(){return this.#t}toString(){return`${this.#r} ${this.name}`}};function Wt(t){if(typeof t=="number"){if(t<100||t>999)throw new Error(`status code ${t} should be in range 100-999`);let e=w.resolve(t);return e!==void 0?e:new nt(t)}return t}import at from"node:http";var Ee=class extends at.IncomingMessage{exchange;upgradeHead;get urlBang(){return this.url}get socketEncrypted(){return this.socket.encrypted===!0}},Y=class extends at.ServerResponse{markHeadersSent(){this._header=!0}getRawHeaderNames(){return super.getRawHeaderNames()}},Ae=class extends ve{#e;get sslInfo(){return this.#e===void 0&&(this.#e=this.initSslInfo()),this.#e}},Ce=class extends xe{#e=[];#r;#t="new";#n=[];setStatusCode(e){return this.#t==="committed"?!1:(this.#r=e,!0)}setRawStatusCode(e){return this.setStatusCode(e===void 0?void 0:Wt(e))}get statusCode(){return this.#r}addCookie(e){if(this.#t==="committed")throw new Error(`Cannot add cookie ${JSON.stringify(e)} because HTTP response has already been committed`);return this.#e.push(e),this}beforeCommit(e){this.#n.push(e)}get commited(){let e=this.#t;return e!=="new"&&e!=="commit-action-failed"}async body(e){if(e instanceof ReadableStream)throw new Error("ReadableStream body not supported yet");let r=await e;try{return await this.doCommit(async()=>await this.bodyInternal(Promise.resolve(r))).catch(n=>{throw n})}catch(n){throw n}}async end(){return this.commited?Promise.resolve(!1):this.doCommit(async()=>await this.bodyInternal(Promise.resolve()))}doCommit(e){let r=this.#t,n=Promise.resolve();if(r==="new")this.#t="committing",this.#n.length>0&&(n=this.#n.reduce((o,i)=>o.then(()=>i()),Promise.resolve()).catch(o=>{this.#t==="committing"&&(this.#t="commit-action-failed")}));else if(r==="commit-action-failed")this.#t="committing";else return Promise.resolve(!1);return n=n.then(()=>{this.applyStatusCode(),this.applyHeaders(),this.applyCookies(),this.#t="committed"}),n.then(async()=>e!==void 0?await e():!0)}applyStatusCode(){}applyHeaders(){}applyCookies(){}},Q=class extends Ae{#e;#r;#t;constructor(e){super(new it(e)),this.#t=e}getNativeRequest(){return this.#t}get upgrade(){return this.#t.upgrade}get http2(){return this.#t.httpVersionMajor>=2}get path(){return this.URL?.pathname}get URL(){return this.#e??=new URL(this.#t.urlBang,`${this.protocol}://${this.host}`),this.#e}get query(){return this.URL?.search}get method(){return this.#t.method}get host(){let e;return this.#t.httpVersionMajor>=2&&(e=this.#t.headers[":authority"]),e??=this.#t.socket.remoteAddress,super.parseHost(e)}get protocol(){let e;return this.#t.httpVersionMajor>2&&(e=this.#t.headers[":scheme"]),e??=this.#t.socketEncrypted?"https":"http",super.parseProtocol(e)}get socket(){return this.#t.socket}get remoteAddress(){let e=this.#t.socket.remoteFamily,r=this.#t.socket.remoteAddress,n=this.#t.socket.remotePort,o=!e||!r||!n?void 0:{family:e,address:r,port:n};return super.parseRemoteAddress(o)??o}initSslInfo(){if(this.#t.socketEncrypted)return new ot(this.#t.socket)}get cookies(){return this.#r??=super.cookies,this.#r}get body(){return at.IncomingMessage.toWeb(this.#t)}async blob(){let e=[];if(this.body!==void 0)for await(let r of this.body)e.push(r);return new Blob(e,{type:this.headers.one("content-type")||"application/octet-stream"})}async text(){return await(await this.blob()).text()}async formData(){let r=await(await this.blob()).text();return new URLSearchParams(r)}async json(){let e=await this.blob();if(e.size===0)return;let r=await e.text();return JSON.parse(r)}initId(){let e=this.#t.socket.remoteAddress;if(!e)throw new Error("Socket has no remote address");return`${e}:${this.#t.socket.remotePort}`}},ot=class{peerCertificate;constructor(e){this.peerCertificate=e.getPeerX509Certificate()}},it=class extends ue{#e;constructor(e){super(),this.#e=e}has(e){return this.#e.headers[e]!==void 0}get(e){return this.#e.headers[e]}list(e){return super.toList(e)}one(e){let r=this.#e.headers[e];return Array.isArray(r)?r[0]:r}keys(){return Object.keys(this.#e.headers).values()}},st=class extends ue{#e;constructor(e){super(),this.#e=e}has(e){return this.#e.hasHeader(e)}keys(){return this.#e.getHeaderNames().values()}get(e){return this.#e.getHeader(e)}one(e){let r=this.#e.getHeader(e);return Array.isArray(r)?r[0]:r}set(e,r){return this.#e.headersSent||(Array.isArray(r)?r=r.map(n=>typeof n=="number"?String(n):n):typeof r=="number"&&(r=String(r)),r?this.#e.setHeader(e,r):this.#e.removeHeader(e)),this}add(e,r){return this.#e.headersSent||this.#e.appendHeader(e,r),this}list(e){return super.toList(e)}},Pe=class extends Ce{#e;constructor(e){super(new st(e)),this.#e=e}getNativeResponse(){return this.#e}get statusCode(){return super.statusCode??{value:this.#e.statusCode}}applyStatusCode(){let e=super.statusCode;e!==void 0&&(this.#e.statusCode=e.value)}addCookie(e){return this.headers.add("Set-Cookie",super.setCookieValue(e)),this}async bodyInternal(e){if(this.#e.headersSent)return!1;if(e instanceof ReadableStream)throw new Error("ReadableStream body not supported in response");{let r=await e;return await new Promise((n,o)=>{try{r===void 0?this.#e.end(()=>{n(!0)}):(this.headers.has("content-length")||(typeof r=="string"?this.headers.set("content-length",Buffer.byteLength(r)):r instanceof Blob?this.headers.set("content-length",r.size):this.headers.set("content-length",r.byteLength)),this.#e.end(r,()=>{n(!0)}))}catch(i){o(i instanceof Error?i:new Error(`end failed: ${i}`))}})}}},He=class t{#e;constructor(e){this.#e=e}get delegate(){return this.#e}get id(){return this.#e.id}get method(){return this.#e.method}get path(){return this.#e.path}get protocol(){return this.#e.protocol}get host(){return this.#e.host}get URL(){return this.#e.URL}get headers(){return this.#e.headers}get cookies(){return this.#e.cookies}get remoteAddress(){return this.#e.remoteAddress}get upgrade(){return this.#e.upgrade}get sslInfo(){return this.#e.sslInfo}get body(){return this.#e.body}async blob(){return await this.#e.blob()}async text(){return await this.#e.text()}async formData(){return await this.#e.formData()}async json(){return await this.#e.json()}toString(){return`${t.name} [delegate: ${this.delegate.toString()}]`}static getNativeRequest(e){if(e instanceof Ae)return e.getNativeRequest();if(e instanceof t)return t.getNativeRequest(e.delegate);throw new Error(`Cannot get native request from ${e.constructor.name}`)}},Z=class t{#e;constructor(e){this.#e=e}get delegate(){return this.#e}setStatusCode(e){return this.delegate.setStatusCode(e)}setRawStatusCode(e){return this.delegate.setRawStatusCode(e)}get statusCode(){return this.delegate.statusCode}get cookies(){return this.delegate.cookies}addCookie(e){return this.delegate.addCookie(e),this}async end(){return await this.delegate.end()}async body(e){return await this.#e.body(e)}get headers(){return this.#e.headers}toString(){return`${t.name} [delegate: ${this.delegate.toString()}]`}static getNativeResponse(e){if(e instanceof Ce)return e.getNativeResponse();if(e instanceof t)return t.getNativeResponse(e.delegate);throw new Error(`Cannot get native response from ${e.constructor.name}`)}},ke=class t{#e;constructor(e){this.#e=e}get delegate(){return this.#e}get request(){return this.#e.request}get response(){return this.#e.response}attribute(e){return this.#e.attribute(e)}principal(){return this.#e.principal()}get logPrefix(){return this.#e.logPrefix}toString(){return`${t.name} [delegate: ${this.delegate}]`}},Re=class{request;response;#e={};#r;#t="";constructor(e,r){this.#e[Ut]=e.id,this.request=e,this.response=r}get method(){return this.request.method}get path(){return this.request.path}get attributes(){return this.#e}attribute(e){return this.attributes[e]}principal(){return Promise.resolve(void 0)}get logPrefix(){let e=this.attribute(Ut);return this.#r!==e&&(this.#r=e,this.#t=e!==void 0?`[${e}] `:""),this.#t}},Ut="io.interop.gateway.server.log_id";import{getHeapStatistics as Jr,writeHeapSnapshot as Kr}from"node:v8";import{access as Yr,mkdir as Qr,rename as Nt,unlink as Zr}from"node:fs/promises";var S=y("monitoring"),en={memoryLimit:1024*1024*1024,reportInterval:600*1e3,dumpLocation:".",maxBackups:10,dumpPrefix:"Heap"};function tn(){return Jr()}async function Ft(t){let e=t.dumpPrefix??"Heap",r=`${t.dumpLocation}/${e}.heapsnapshot`;S.enabledFor("debug")&&S.debug(`starting heap dump in ${r}`),await ct(t.dumpLocation).catch(async o=>{S.enabledFor("debug")&&S.debug(`dump location ${t.dumpLocation} does not exists. Will try to create it`);try{await Qr(t.dumpLocation,{recursive:!0}),S.info(`dump location dir ${t.dumpLocation} successfully created`)}catch{S.error(`failed to create dump location ${t.dumpLocation}`)}});let n=Kr(r);S.info("heap dumped");try{S.debug("rolling snapshot backups");let o=`${t.dumpLocation}/${e}.${t.maxBackups}.heapsnapshot`;await ct(o).then(async()=>{S.enabledFor("debug")&&S.debug(`deleting ${o}`);try{await Zr(o)}catch(s){S.warn(`failed to delete ${o}`,s)}}).catch(()=>{});for(let s=t.maxBackups-1;s>0;s--){let a=`${t.dumpLocation}/${e}.${s}.heapsnapshot`,c=`${t.dumpLocation}/${e}.${s+1}.heapsnapshot`;await ct(a).then(async()=>{try{await Nt(a,c)}catch(d){S.warn(`failed to rename ${a} to ${c}`,d)}}).catch(()=>{})}let i=`${t.dumpLocation}/${e}.1.heapsnapshot`;try{await Nt(n,i)}catch(s){S.warn(`failed to rename ${n} to ${i}`,s)}S.debug("snapshots rolled")}catch(o){throw S.error("error rolling backups",o),o}}async function ct(t){S.enabledFor("trace")&&S.debug(`checking file ${t}`),await Yr(t)}async function rn(t,e,r){S.enabledFor("debug")&&S.debug(`processing heap stats ${JSON.stringify(t)}`);let n=Math.min(r.memoryLimit,.95*t.heap_size_limit),o=t.used_heap_size;S.info(`heap stats ${JSON.stringify(t)}`),o>=n?(S.warn(`used heap ${o} bytes exceeds memory limit ${n} bytes`),e.memoryLimitExceeded?delete e.snapshot:(e.memoryLimitExceeded=!0,e.snapshot=!0),await Ft(r)):(e.memoryLimitExceeded=!1,delete e.snapshot)}function Gt(t){let e={...en,...t},r=!1,n={memoryLimitExceeded:!1},o=async()=>{let a=tn();await rn(a,n,e)},i=setInterval(o,e.reportInterval);return{...e,channel:async a=>{if(!r)switch(a??="run",a){case"run":{await o();break}case"dump":{await Ft(e);break}case"stop":{r=!0,clearInterval(i),S.info("exit memory diagnostic");break}}return r}}}async function nn({channel:t},e){await t(e)||S.warn(`cannot execute command "${e}" already closed`)}async function Bt(t){return await nn(t,"stop")}var sn=(t,e)=>(e??=t,async({response:r},n)=>{e!==!1&&!r.headers.has("server")&&r.headers.set("Server",e),await n()}),_t=(t,e)=>sn(t,e);import{IOGateway as Te}from"@interopio/gateway";var dt=y("gateway.ws.client-verify");function an(t){switch(t.missing){case"allow":case"whitelist":return!0;case"block":case"blacklist":return!1;default:return!1}}function cn(t,e){let r=t.block??t.blacklist,n=t.allow??t.whitelist;if(r.length>0&&Te.Filtering.valuesMatch(r,e))return dt.warn(`origin ${e} matches block filter`),!1;if(n.length>0&&Te.Filtering.valuesMatch(n,e))return dt.enabledFor("debug")&&dt.debug(`origin ${e} matches allow filter`),!0}function dn(t){switch(t.non_matched){case"allow":case"whitelist":return!0;case"block":case"blacklist":return!1;default:return!1}}function qt(t,e){if(!e)return!0;if(t){let r=cn(e,t);return r||dn(e)}else return an(e)}function zt(t){if(t){let e=(t.block??t.blacklist??[]).map(Te.Filtering.regexify),r=(t.allow??t.whitelist??[]).map(Te.Filtering.regexify);return{non_matched:t.non_matched??"allow",missing:t.missing??"allow",allow:r,block:e}}}var jt=t=>async e=>{for(let r of t)if((await r(e)).match)return T();return C},ee=t=>{let e=async r=>{for(let n of t)if(!(await n(r)).match)return C;return T()};return e.toString=()=>`and(${t.map(r=>r.toString()).join(", ")})`,e},Vt=t=>async e=>(await t(e)).match?C:T(),le=async t=>T();le.toString=()=>"any-exchange";var Xt=Object.freeze({}),C=Object.freeze({match:!1,variables:Xt}),T=(t=Xt)=>({match:!0,variables:t}),O=(t,e)=>{let r=e?.method,n=async o=>{let i=o.request,s=i.path;if(r!==void 0&&i.method!==r)return C;if(typeof t=="string")return s===t?T():C;{let a=t.exec(s);return a===null?C:{match:!0,variables:{...a.groups}}}};return n.toString=()=>`pattern(${t.toString()}, method=${r??"<any>"})`,n},ut=t=>{let e=r=>{if(t.ignoredMediaTypes!==void 0){for(let n of t.ignoredMediaTypes)if(r===n||n==="*/*")return!0}return!1};return async r=>{let n=r.request,o;try{o=n.headers.list("accept")}catch{return C}for(let i of o)if(!e(i)){for(let s of t.mediaTypes)if(i.startsWith(s))return T()}return C}},V=async({request:t})=>t.upgrade&&t.headers.one("upgrade")?.toLowerCase()==="websocket"?T():C;V.toString=()=>"websocket upgrade";import{IOGateway as Jt}from"@interopio/gateway";async function lt(t,e,r){let n=(i,s)=>{if(s?.cors){let a=s.cors===!0?{allowOrigins:s.origins?.allow?.map(Jt.Filtering.regexify),allowMethods:i.method===void 0?["*"]:[i.method],allowCredentials:s.authorize?.access!=="permitted"?!0:void 0}:s.cors,c=i.path;r.cors.push([c,a])}},o=new class{handle(...i){i.forEach(({request:s,options:a,handler:c})=>{let d=O(Jt.Filtering.regexify(s.path),{method:s.method});a?.authorize&&r.authorize.push([d,a.authorize]),n(s,a);let u=async(l,g)=>{let{match:v,variables:p}=await d(l);v?await c(l,p):await g()};r.middleware.push(u)})}socket(...i){for(let{path:s,factory:a,options:c}of i){let d=s??"/";r.sockets.set(d,{default:s===void 0,ping:c?.ping,factory:a,maxConnections:c?.maxConnections,authorize:c?.authorize,originFilters:zt(c?.origins)})}}};await t(o,e)}import{IOGateway as ht}from"@interopio/gateway";function ln(t){let e=t.headers.one("origin");if(e===void 0)return!0;let r=t.URL,n=r.protocol,o=r.host,i=URL.parse(e),s=i?.host,a=i?.protocol;return n===a&&o===s}function pn(t){return t.headers.has("origin")&&!ln(t)}function Yt(t){return t.method==="OPTIONS"&&t.headers.has("origin")&&t.headers.has("access-control-request-method")}var Kt=["Origin","Access-Control-Request-Method","Access-Control-Request-Headers"],hn=(t,e)=>{let{request:r,response:n}=t,o=n.headers;if(!o.has("Vary"))o.set("Vary",Kt.join(", "));else{let s=o.list("Vary");for(let a of Kt)s.find(c=>c===a)||s.push(a);o.set("Vary",s.join(", "))}try{if(!pn(r))return!0}catch{return M.enabledFor("debug")&&M.debug("reject: origin is malformed"),pe(n),!1}if(o.has("access-control-allow-origin"))return M.enabledFor("trace")&&M.debug('skip: already contains "Access-Control-Allow-Origin"'),!0;let i=Yt(r);return e?gn(t,e,i):i?(pe(n),!1):!0},Me=["*"],pt=["GET","HEAD","POST"],Qt={allowOrigins:Me,allowMethods:pt,allowHeaders:Me,maxAge:1800};function Ie(t){if(t){let e=t.allowHeaders;e&&e!==b&&(t={...t,allowHeaders:e.map(n=>n.toLowerCase())});let r=t.allowOrigins;return r&&(r==="*"?(er(t),tr(t)):t={...t,allowOrigins:r.map(n=>typeof n=="string"&&n!==b&&(n=ht.Filtering.regexify(n),typeof n=="string")?rr(n).toLowerCase():n)}),t}}function Oe(t,e){if(e===void 0)return t!==void 0?t===b?[b]:t:[];if(t===void 0)return e===b?[b]:e;if(t==Me||t===pt)return e===b?[b]:e;if(e==Me||e===pt)return t===b?[b]:t;if(t===b||t.includes(b)||e===b||e.includes(b))return[b];let r=new Set;return t.forEach(n=>r.add(n)),e.forEach(n=>r.add(n)),Array.from(r)}var he=(t,e)=>e===void 0?t:{allowOrigins:Oe(t.allowOrigins,e?.allowOrigins),allowMethods:Oe(t.allowMethods,e?.allowMethods),allowHeaders:Oe(t.allowHeaders,e?.allowHeaders),exposeHeaders:Oe(t.exposeHeaders,e?.exposeHeaders),allowCredentials:e?.allowCredentials??t.allowCredentials,allowPrivateNetwork:e?.allowPrivateNetwork??t.allowPrivateNetwork,maxAge:e?.maxAge??t.maxAge},fn=t=>{let e=t.corsConfigSource,r=t.corsProcessor??hn;if(e===void 0)throw new Error("corsConfigSource is required");if(r===void 0)throw new Error("corsProcessor is required");return async(n,o)=>{let i=await e(n);!r(n,i)||Yt(n.request)||await o()}},Zt=fn,M=y("cors");function pe(t){t.setStatusCode(w.FORBIDDEN)}function gn(t,e,r){let{request:n,response:o}=t,i=o.headers,s=n.headers.one("origin"),a=yn(e,s);if(a===void 0)return M.enabledFor("debug")&&M.debug(`reject: '${s}' origin is not allowed`),pe(o),!1;let c=bn(n,r),d=wn(e,c);if(d===void 0)return M.enabledFor("debug")&&M.debug(`reject: HTTP '${c}' is not allowed`),pe(o),!1;let u=vn(n,r),l=Sn(e,u);if(r&&l===void 0)return M.enabledFor("debug")&&M.debug(`reject: headers '${u}' are not allowed`),pe(o),!1;i.set("Access-Control-Allow-Origin",a),r&&i.set("Access-Control-Allow-Methods",d.join(",")),r&&l!==void 0&&l.length>0&&i.set("Access-Control-Allow-Headers",l.join(", "));let g=e.exposeHeaders;return g&&g.length>0&&i.set("Access-Control-Expose-Headers",g.join(", ")),e.allowCredentials&&i.set("Access-Control-Allow-Credentials","true"),e.allowPrivateNetwork&&n.headers.one("access-control-request-private-network")==="true"&&i.set("Access-Control-Allow-Private-Network","true"),r&&e.maxAge!==void 0&&i.set("Access-Control-Max-Age",e.maxAge.toString()),!0}var b="*",mn=["GET","HEAD"];function er(t){if(t.allowCredentials===!0&&t.allowOrigins===b)throw new Error('when allowCredentials is true allowOrigins cannot be "*"')}function tr(t){if(t.allowPrivateNetwork===!0&&t.allowOrigins===b)throw new Error('when allowPrivateNetwork is true allowOrigins cannot be "*"')}function yn(t,e){if(e){let r=t.allowOrigins;if(r){if(r===b)return er(t),tr(t),b;let n=rr(e.toLowerCase());for(let o of r)if(o===b||ht.Filtering.valueMatches(o,n))return e}}}function wn(t,e){if(e){let r=t.allowMethods??mn;if(r===b)return[e];if(ht.Filtering.valuesMatch(r,e))return r}}function Sn(t,e){if(e===void 0)return;if(e.length==0)return[];let r=t.allowHeaders;if(r===void 0)return;let n=r===b||r.includes(b),o=[];for(let i of e){let s=i?.trim();if(s){if(n)o.push(s);else for(let a of r)if(s.toLowerCase()===a){o.push(s);break}}}if(o.length>0)return o}function rr(t){return t.endsWith("/")?t.slice(0,-1):t}function bn(t,e){return e?t.headers.one("access-control-request-method"):t.method}function vn(t,e){let r=t.headers;return e?r.list("access-control-request-headers"):Array.from(r.keys())}var nr=t=>async e=>{for(let[r,n]of t.mappings)if((await r(e)).match)return M.debug(`resolved cors config on '${e.request.path}' using ${r}: ${JSON.stringify(n)}`),n};import{IOGateway as xn}from"@interopio/gateway";function or(t){let{sockets:e,cors:r}=t,n=t.corsConfig===!1?void 0:he(Qt,t.corsConfig),o=[];for(let[s,a]of e){let c=n;for(let[u,l]of r)xn.Filtering.valueMatches(u,s)&&(l===void 0?c=void 0:c=c===void 0?l:he(c,l));let d=t.corsConfig===!1?void 0:{allowOrigins:a.originFilters?.allow,allowMethods:["GET","CONNECT","OPTIONS"],allowHeaders:["Upgrade","Connection","Origin","Sec-Websocket-Key","Sec-Websocket-Version","Sec-Websocket-Protocol","Sec-Websocket-Extensions"],exposeHeaders:["Sec-Websocket-Accept","Sec-Websocket-Protocol","Sec-Websocket-Extensions"],allowCredentials:a.authorize?.access!=="permitted"?!0:void 0};c=c===void 0?d:he(c,d),o.push([ee([V,O(s)]),Ie(c)])}let i=[];for(let[s,a]of r){let[,c]=i.find(([u])=>String(u)===String(s))??[s,n];c=c===void 0?a:he(c,a);let d=!1;for(let u of i)if(String(u[0])===String(s)){u[1]=c,d=!0;break}d||i.push([s,c])}for(let[s,a]of i)o.push([O(s),Ie(a)]);return o.push([O(/\/api\/.*/),Ie(n)]),nr({mappings:o})}function ir(t){return t!==void 0&&typeof t.type=="string"&&typeof t.authenticated=="boolean"}var A=class extends Error{_authentication;get authentication(){return this._authentication}set authentication(e){if(e===void 0)throw new TypeError("Authentication cannot be undefined");this._authentication=e}},Le=class extends A{},te=class extends A{},re=class extends A{constructor(e){super(e)}},fe=class extends re{constructor(e){super(e)}},ge=class extends re{constructor(e){super(e)}},me=class extends re{constructor(e){super(e)}},ye=class extends re{constructor(e){super(e)}};var X=class extends Error{},F=class{constructor(e){this.granted=e}granted},_=class{#e;constructor(e){this.#e=e}async verify(e,r){if(!(await this.#e(e,r))?.granted)throw new X("Access denied")}async authorize(e,r){return await this.#e(e,r)}},ne=class extends A{};var I=t=>async e=>{let r=!0,{response:n}=e;for(let o of t.keys())n.headers.has(o)&&(r=!1);if(r)for(let[o,i]of t)n.headers.set(o,i)},En=()=>I(new x().add("cache-control","no-cache, no-store, max-age=0, must-revalidate").add("pragma","no-cache").add("expires","0")),An=()=>I(new x().add("x-content-type-options","nosniff")),Cn=(t,e,r)=>{let n=`max-age=${t}`;e&&(n+=" ; includeSubDomains"),r&&(n+=" ; preload");let o=I(new x().add("strict-transport-security",n)),i=s=>s.request.URL.protocol==="https:";return async s=>{i(s)&&await o(s)}},Pn=t=>I(new x().add("x-frame-options",t)),Hn=t=>I(new x().add("x-xss-protection",t)),kn=t=>{let e=t===void 0?void 0:I(new x().add("permissions-policy",t));return async r=>{e!==void 0&&await e(r)}},Rn=(t,e)=>{let r=e?"content-security-policy-report-only":"content-security-policy",n=t===void 0?void 0:I(new x().add(r,t));return async o=>{n!==void 0&&await n(o)}},Tn=(t="no-referrer")=>I(new x().add("referer-policy",t)),On=t=>{let e=t===void 0?void 0:I(new x().add("cross-origin-opener-policy",t));return async r=>{e!==void 0&&await e(r)}},Mn=t=>{let e=t===void 0?void 0:I(new x().add("cross-origin-embedder-policy",t));return async r=>{e!==void 0&&await e(r)}},In=t=>{let e=t===void 0?void 0:I(new x().add("cross-origin-resource-policy",t));return async r=>{e!==void 0&&await e(r)}},Ln=(...t)=>async e=>{for(let r of t)await r(e)};function ft(t){let e=[];t?.cache?.disabled||e.push(En()),t?.contentType?.disabled||e.push(An()),t?.hsts?.disabled||e.push(Cn(t?.hsts?.maxAge??365*24*60*60,t?.hsts?.includeSubDomains??!0,t?.hsts?.preload??!1)),t?.frameOptions?.disabled||e.push(Pn(t?.frameOptions?.mode??"DENY")),t?.xss?.disabled||e.push(Hn(t?.xss?.headerValue??"0")),t?.permissionsPolicy?.disabled||e.push(kn(t?.permissionsPolicy?.policyDirectives)),t?.contentSecurityPolicy?.disabled||e.push(Rn(t?.contentSecurityPolicy?.policyDirectives??"default-src 'self'",t?.contentSecurityPolicy?.reportOnly)),t?.refererPolicy?.disabled||e.push(Tn(t?.refererPolicy?.policy??"no-referrer")),t?.crossOriginOpenerPolicy?.disabled||e.push(On(t?.crossOriginOpenerPolicy?.policy)),t?.crossOriginEmbedderPolicy?.disabled||e.push(Mn(t?.crossOriginEmbedderPolicy?.policy)),t?.crossOriginResourcePolicy?.disabled||e.push(In(t?.crossOriginResourcePolicy?.policy)),t?.writers&&e.push(...t.writers);let r=Ln(...e);return async(n,o)=>{await r(n),await o()}}var oe=t=>{let e=t.entryPoint,r=t?.rethrowAuthenticationServiceError??!0;return async({exchange:n},o)=>{if(!r||!(o instanceof ne))return e(n,o);throw o}};var Dn="Realm",$n=t=>`Basic realm="${t}"`,ie=t=>{let e=$n(t?.realm??Dn);return async(r,n)=>{let{response:o}=r;o.setStatusCode(w.UNAUTHORIZED),o.headers.set("WWW-Authenticate",e)}};var sr="Basic ",De=t=>{let e=t?.credentialsEncoding??"utf-8";return async r=>{let{request:n}=r,o=n.headers.one("authorization");if(!o||!/basic/i.test(o.substring(0)))return;let i=o.length<=sr.length?"":o.substring(sr.length),a=Buffer.from(i,"base64").toString(e).split(":",2);if(a.length!==2)return;let c=a[0],d=a[1];return{type:"UsernamePassword",authenticated:!1,principal:c,credentials:d,name:c,eraseCredentials:()=>{d=null}}}};import{AsyncLocalStorage as Wn}from"node:async_hooks";var q=class t{static hasSecurityContext(e){return e.getStore()?.securityContext!==void 0}static async getSecurityContext(e){return await e.getStore()?.securityContext}static clearSecurityContext(e){delete e.getStore()?.securityContext}static withSecurityContext(e){return(r=new Wn)=>(r.getStore().securityContext=e,r)}static withAuthentication(e){return t.withSecurityContext(Promise.resolve({authentication:e}))}static async getContext(e){if(t.hasSecurityContext(e))return t.getSecurityContext(e)}};async function Un(t,e,r,n,o,i){let a=await(await n(t))?.(r);if(a===void 0)throw new Error("No authentication manager found for the exchange");try{await Nn(a,{exchange:t,next:e},o,i)}catch(c){throw c instanceof A,c}}async function Nn(t,e,r,n){q.withAuthentication(t)(n),await r(e,t)}function z(t){let e={matcher:le,successHandler:async({next:n})=>{await n()},converter:De({}),failureHandler:oe({entryPoint:ie({})}),...t},r=e.managerResolver;if(r===void 0&&e.manager!==void 0){let n=e.manager;r=async o=>n}if(r===void 0)throw new Error("Authentication filter requires a managerResolver or a manager");return async(n,o)=>{let s=(await e.matcher(n)).match?await e.converter(n):void 0;if(s===void 0){await o();return}try{await Un(n,o,s,r,e.successHandler,e.storage)}catch(a){if(a instanceof A){await e.failureHandler({exchange:n,next:o},a);return}throw a}}}var ar=t=>async(e,r)=>{e.response.setStatusCode(t.httpStatus)};var se=y("auth.entry-point"),$e=t=>{let e=t.defaultEntryPoint??(async({response:r},n)=>{r.setStatusCode(w.UNAUTHORIZED),await r.end()});return async(r,n)=>{for(let[o,i]of t.entryPoints)if(se.enabledFor("debug")&&se.debug(`trying to match using: ${o}`),(await o(r)).match)return se.enabledFor("debug")&&se.debug(`match found. using default entry point ${i}`),i(r,n);return se.enabledFor("debug")&&se.debug(`no match found. using default entry point ${e}`),e(r,n)}};var cr=t=>async({exchange:e,next:r},n)=>{for(let o of t)await o({exchange:e,next:r},n)};function gt(t){let e=async g=>g.request.headers.list("X-Requested-With").includes("XMLHttpRequest")?T():C,r=$e({entryPoints:[[e,ar({httpStatus:w.UNAUTHORIZED})]],defaultEntryPoint:ie({})}),n=t.entryPoint??r,o=t.manager,i=ut({mediaTypes:["application/atom+xml","application/x-www-form-urlencoded","application/json","application/octet-stream","application/xml","multipart/form-data","text/xml"],ignoredMediaTypes:["*/*"]}),s=Vt(ut({mediaTypes:["text/html"]})),a=ee([s,i]),c=jt([e,a]);t.defaultEntryPoints.push([c,n]);let d=t.failureHandler??oe({entryPoint:n}),u=cr(t.successHandlers??t.defaultSuccessHandlers),l=De({});return z({storage:t.storage,manager:o,failureHandler:d,successHandler:u,converter:l})}var dr={invalid_request:"invalid_request",invalid_token:"invalid_token",insufficient_scope:"insufficient_scope"},ur="https://tools.ietf.org/html/rfc6750#section-3.1";function We(t){return{errorCode:dr.invalid_token,httpStatus:w.UNAUTHORIZED,description:t,uri:ur}}function mt(t){return{errorCode:dr.invalid_request,httpStatus:w.BAD_REQUEST,description:t,uri:ur}}var Fn="access_token",Gn=/^Bearer\s+(?<token>[a-zA-Z0-9-._~+/]+=*)$/i,D=class extends A{error;constructor(e,r,n){super(r??(typeof e=="string"?void 0:e.description),n),this.error=typeof e=="string"?{errorCode:e}:e}},lr=t=>t.type==="BearerToken",Bn=t=>async e=>{let{request:r}=e;return Promise.all([qn(r.headers,t?.headerName).then(n=>n!==void 0?[n]:void 0),zn(r,t?.uriQueryParameter),jn(e,t?.formEncodedBodyParameter)]).then(n=>n.filter(o=>o!==void 0).flat(1)).then(_n).then(n=>{if(n)return{authenticated:!1,type:"BearerToken",token:n}})};async function _n(t){if(t.length===0)return;if(t.length>1){let r=mt("Found multiple access tokens in the request");throw new D(r)}let e=t[0];if(!e||e.length===0){let r=mt("The requested access token parameter is an empty string");throw new D(r)}return e}async function qn(t,e="authorization"){let r=t.one(e);if(!r||!/bearer/i.test(r.substring(0)))return;let n=Gn.exec(r);if(n===null){let o=We("Bearer token is malformed");throw new D(o)}return n.groups?.token}async function pr(t){let e=t.getAll(Fn);if(e.length!==0)return e}async function zn(t,e=!1){if(!(!e||t.method!=="GET"))return pr(t.URL.searchParams)}async function jn(t,e=!1){let{request:r}=t;if(!e||r.headers.one("content-type")!=="application/x-www-form-urlencoded"||r.method!=="POST")return;let n=await t.request.formData();if(n)return pr(n)}var Ue=Bn;function Vn(t){let e="Bearer";if(t.size!==0){e+=" ";let r=0;for(let[n,o]of t)e+=`${n}="${o}"`,r!==t.size-1&&(e+=", "),r++}return e}var hr=t=>t.httpStatus!==void 0;function Xn(t){if(t instanceof D){let{error:e}=t;if(hr(e))return e.httpStatus}return w.UNAUTHORIZED}function Jn(t,e){let r=new Map;if(e&&r.set("realm",e),t instanceof D){let{error:n}=t;r.set("error",n.errorCode),n.description&&r.set("error_description",n.description),n.uri&&r.set("error_uri",n.uri),hr(n)&&n.scope&&r.set("scope",n.scope)}return r}var Kn=t=>async(e,r)=>{let n=Xn(r),o=Jn(r,t?.realmName),i=Vn(o),{response:s}=e;s.headers.set("WWW-Authenticate",i),s.setStatusCode(n),await s.end()},Ne=Kn;var Yn=t=>{let e=t?.principalClaimName??"sub";return r=>({type:"JwtToken",authenticated:!0,name:r.getClaimAsString(e)})},Qn=t=>async e=>t(e),ae=class extends Error{},we=class extends ae{};function Zn(t){if(t instanceof we)return new D(We(t.message),t.message,{cause:t});throw new ne(t.message,{cause:t})}function yt(t){let e=t.decoder,r=t.authConverter??Qn(Yn({}));return async n=>{if(lr(n)){let o=n.token;try{let i=await e(o);return await r(i)}catch(i){throw i instanceof ae?Zn(i):i}}}}function wt(t){let e=t.entryPoint??Ne({}),r=t?.converter??Ue({}),n=t.failureHandler??oe({entryPoint:e});if(t.managerResolver!==void 0)return z({storage:t.storage,converter:r,failureHandler:n,managerResolver:t.managerResolver});if(t.jwt!==void 0){let o=t.jwt.manager??yt(t.jwt);return z({storage:t.storage,converter:r,failureHandler:n,managerResolver:async i=>o})}throw new Error("Invalid resource server configuration: either managerResolver or jwt must be provided")}import{jwtVerifier as io,JwtVerifyError as so}from"@interopio/gateway/jose/jwt";async function fr(t,e,r){let n=new Le("Full authentication is required to access this resource."),o=new A("Access Denied",{cause:n});e&&(o.authentication=e),await r(t,o)}function eo(t){return async(e,r)=>{e.response.setStatusCode(t),e.response.headers.set("Content-Type","text/plain; charset=utf-8");let n=Buffer.from("Access Denied","utf-8");e.response.headers.set("Content-Length",n.length),await e.response.body(n)}}var gr=t=>{let e=eo(w.FORBIDDEN),r=t.authenticationEntryPoint??ie();return async(n,o)=>{try{await o()}catch(i){if(i instanceof X){let s=await n.principal();ir(s)?(s.authenticated||await e(n,i),await fr(n,s,r)):await fr(n,void 0,r);return}throw i}}};var to=y("security.auth");function St(t){let e=async(r,n)=>{let o;for(let[i,s]of t.mappings)if((await i(n))?.match){to.debug(`checking authorization on '${n.request.path}' using [${i}, ${s}]`);let a=await s.authorize(r,{exchange:n});if(a!==void 0){o=a;break}}return o??=new F(!1),o};return new _(e)}var Fe=y("security.auth");function bt(t){let{manager:e,storage:r}=t;return async(n,o)=>{let i=q.getContext(r).then(s=>s?.authentication);try{await e.verify(i,n),Fe.enabledFor("debug")&&Fe.debug("authorization successful")}catch(s){throw s instanceof X&&Fe.enabledFor("debug")&&Fe.debug(`authorization failed: ${s.message}`),s}await o()}}var vt=class extends ke{#e;constructor(e,r){super(e),this.#e=r}async principal(){return(await this.#e())?.authentication}},mr=t=>{let e=t.storage;return async(r,n)=>{await n(new vt(r,async()=>await q.getContext(e)))}};var yr=t=>{let{principalExtractor:e}=t;return async r=>{let n=r.request.sslInfo;if(n===void 0||n.peerCertificate===void 0)return;let o=n.peerCertificate,i=e(o);return{type:"PreAuthenticated",authenticated:!1,principal:i,name:i??"",credentials:o}}};var Ge=t=>{let e=t?.principalAltName==="email",r=/CN=(.*?)(?:,|$)/mi;return n=>{if(e){let s=n.subjectAltName?.split(", ").find(a=>a.startsWith("email:"));if(s)return s.replace("email:","")}let o=r.exec(n.subject);if(o===null)throw new te(`Cannot extract principal from subject DN: ${n.subject}`);return o[1]}};var J=class{async encode(e){if(e!=null)return await this.encodeDefinedPassword(e.toString())}async matches(e,r){return!e||!r?!1:await this.matchesDefined(e.toString(),r)}upgradeEncoding(e){return e?this.upgradeEncodingDefined(e):!1}upgradeEncodingDefined(e){return!1}},ce=class t extends J{static DEFAULT_ID_PREFIX="{";static DEFAULT_ID_SUFFIX="}";#e;#r;#t;#n;#i;#s=new class extends J{#c;constructor(e){super(),this.#c=e}async encodeDefinedPassword(e){throw new Error("encode is not supported")}async matchesDefined(e,r){let n=this.#c.#o(r);if(!n)throw new Error(`No password encoder mapped for id ${n}`);if(r){let o=r.indexOf(this.#c.#e),i=r.indexOf(this.#c.#r,o+this.#c.#e.length);if(o===-1&&i===-1)throw new Error("No prefix found in encoded password")}throw new Error("malformed password encoder prefix")}}(this);constructor(e,r,n=t.DEFAULT_ID_PREFIX,o=t.DEFAULT_ID_SUFFIX){if(e==null)throw new Error("idForEncode cannot be null or undefined");if(n==null)throw new Error("idPrefix cannot be null or undefined");if(!o)throw new Error("idSuffix cannot be empty");if(n.indexOf(o)!==-1)throw new Error(`idPrefix "${n}" cannot contain idSuffix "${o}"`);if(!r.has(e))throw new Error(`No PasswordEncoder mapped for id "${e}"`);for(let i of r.keys())if(i!==null){if(n&&i.includes(n))throw new Error(`id "${i}" cannot include ${n}`);if(o&&i.includes(o))throw new Error(`id "${i}" cannot include ${o}`)}super(),this.#t=e,this.#n=r.get(e),this.#i=new Map(r),this.#e=n,this.#r=o}set defaultPasswordEncoderForMatches(e){if(e==null)throw new Error("defaultPasswordEncoderForMatches cannot be null or undefined");this.#s=e}async encodeDefinedPassword(e){let r=await this.#n.encode(e);return`${this.#e}${this.#t}${this.#r}${r}`}async matchesDefined(e,r){let n=this.#o(r),o=n?this.#i.get(n):void 0;if(o===void 0)return await this.#s.matches(e,r);{let i=this.#a(r);return await o.matches(e,i)}}#o(e){if(e===void 0)return;let r=e.indexOf(this.#e);if(r!==0)return;let n=e.indexOf(this.#r,r+this.#e.length);if(n!==-1)return e.substring(r+this.#e.length,n)}upgradeEncodingDefined(e){let r=this.#o(e);if(this.#t!==r)return!0;{let n=this.#a(e);return this.#n.upgradeEncoding?.(n)??!1}}#a(e){let r=e.indexOf(this.#r);return e.substring(r+this.#r.length)}},Be=class t extends J{static#e=new t;static get instance(){return t.#e}constructor(){super()}async encodeDefinedPassword(e){return e.toString()}async matchesDefined(e,r){return e.toString()===r}};import{argon2 as H,keygen as ro}from"@interopio/gateway-server/tools";function no(t,e){if(t.length!==e.length)return!1;let r=0;for(let n=0;n<t.length;n++)r|=t[n]^e[n];return r===0}var _e=class extends J{#e;#r;#t;#n;#i;constructor(e=H.DEFAULT_SALT_LENGTH,r=H.DEFAULT_HASH_LENGTH,n=H.DEFAULT_PARALLELISM,o=H.DEFAULT_MEMORY,i=H.DEFAULT_PASSES){super(),this.#e=e,this.#r=r,this.#t=n,this.#n=o,this.#i=i}async matchesDefined(e,r){try{let n=H.decode(r),o=await H.createHash(n.algorithm,e,n.hash.length,n.parameters);return no(n.hash,o)}catch{return!1}}async encodeDefinedPassword(e){let r=ro.createSalt(this.#e),n={memory:this.#n,passes:this.#i,parallelism:this.#t,nonce:r},o=await H.createHash("argon2id",e,this.#r,n);return H.encode({algorithm:"argon2id",version:H.ARGON2_VERSION,parameters:n,hash:o})}upgradeEncodingDefined(e){let r=H.decode(e);return r.version<H.ARGON2_VERSION||r.parameters.memory<this.#n||r.parameters.passes<this.#i}};var xt=4096;function wr(){let t="argon2id",e=new Map([[t,new _e],["noop",Be.instance]]);return new ce(t,e,ce.DEFAULT_ID_PREFIX,ce.DEFAULT_ID_SUFFIX)}var Sr={async updatePassword(t,e){return t}},qe=class extends A{username;constructor(e,r,n){super(e,n),this.username=r}},ze=class t{#e;#r;#t=[];#n;#i;#s;#o;#a=e=>e;constructor(){}static ofUsername(e){return new t().username(e)}static ofUserDetails(e){let r=t.ofUsername(e.username).accountExpired(e.accountExpired??!1).accountLocked(e.accountLocked??!1).authorities(e.authorities).credentialsExpired(e.credentialsExpired??!1).disabled(e.disabled??!1);return e.password!==void 0&&r.password(e.password),r}username(e){if(!e)throw new TypeError("username cannot be empty");return this.#e=e,this}password(e){return this.#r=e,this}passwordEncoder(e){if(!e)throw new TypeError("password encoder cannot be null or undefined");return this.#a=e,this}roles(...e){return this.authorities(e.map(r=>{if(r.startsWith("role:"))throw new Error(`${r} must not start with 'role:' (it is automatically added)`);return{authority:`role:${r}`}}))}authorities(e){return this.#t=[...e],this}accountExpired(e){return this.#n=e,this}accountLocked(e){return this.#i=e,this}credentialsExpired(e){return this.#s=e,this}disabled(e){return this.#o=e,this}build(){if(!this.#e)throw new TypeError("username is required");let e=this.#r!==void 0?this.#a(this.#r):void 0;return{username:this.#e,password:e,authorities:this.#t,accountExpired:this.#n,accountLocked:this.#i,credentialsExpired:this.#s,disabled:this.#o,eraseCredentials(){e=null},toString(){return`User(username=${this.username}, password=[PROTECTED], authorities=${JSON.stringify(this.authorities)}, accountExpired=${this.accountExpired}, accountLocked=${this.accountLocked}, credentialsExpired=${this.credentialsExpired}, disabled=${this.disabled})`}}}};var j=y("security.users");function br(t,e){let r=e?.preAuthenticationChecks??(a=>{if(a.accountLocked)throw j.debug("user account is locked"),new fe("User account is locked");if(a.disabled)throw j.debug("user account is disabled"),new ge("User is disabled");if(a.accountExpired)throw j.debug("user account is expired"),new me("User account has expired")}),n=e?.postAuthenticationChecks??(a=>{if(a.credentialsExpired)throw j.debug("user credentials have expired"),new ye("User credentials have expired")}),o=e?.passwordEncoder??wr(),i=e?.userDetailsPasswordService??Sr,s=async(a,c)=>{let d=a.password;if(d!==void 0&&o.upgradeEncoding?.(d)){let l=await o.encode(c);return await i.updatePassword(a,l)}return a};return async a=>{let c=a.name,d=a.credentials!==void 0&&a.credentials!==null?a.credentials.toString():void 0,u=await t.findByUsername(c);if(!u)throw new Error(`User not found: ${c}`);if(r(u),!await o.matches(d,u.password))throw new te("Invalid Credentials");let l=await s(u,d);n(l);let g=l.password;return{type:"UsernamePassword",principal:l,credentials:g,authorities:l.authorities,authenticated:!0,name:l.username,eraseCredentials(){g=null}}}}function oo(){return t=>{if(t.accountLocked)throw j.debug("failed to authenticate since user account is locked"),new fe("User account is locked");if(t.disabled)throw j.debug("failed to authenticate user account is disabled"),new ge("User is disabled");if(t.accountExpired)throw j.debug("failed to authenticate since user account is expired"),new me("User account has expired");if(t.credentialsExpired)throw j.debug("failed to authenticate since user credentials have expired"),new ye("User credentials have expired")}}function vr(t){let e=t.userDetailsService,r=t.userDetailsChecker??oo(),n=o=>o.type==="PreAuthenticated"&&o.name!==void 0;return async o=>{let i=n(o)&&await e.findByUsername(o.name);if(!i)throw new qe("user not found",o.name);r(i);let s=o.credentials;return{type:"PreAuthenticated",principal:i,credentials:s,authorities:i.authorities,authenticated:!0,details:i,name:i.username,eraseCredentials(){s=null}}}}function Et(t){let e=t.manager??vr({userDetailsService:t.getService("UserDetailsService")}),r=t.extractor??Ge(),n=t.converter??yr({principalExtractor:r});return z({storage:t.storage,manager:e,converter:n})}var $={first:Number.MAX_SAFE_INTEGER,http_headers:100,https_redirect:200,cors:300,http_basic:600,authentication:800,security_context_server_web_exchange:1500,error_translation:1800,authorization:1900,last:Number.MAX_SAFE_INTEGER},W=Symbol.for("filterOrder"),xr=(t,e)=>{let r=(a,c)=>{if(e===void 0)return c;if(a==="UserDetailsService"&&e.userDetailsService!==void 0)return e.userDetailsService;if(a==="AuthenticationManager"&&e.authenticationManager!==void 0)return e.authenticationManager;if(c!==void 0)return c;throw new Error(`No service registered with name: ${a}`)},n=()=>{if(e.authenticationManager!==void 0)return e.authenticationManager;if(e.userDetailsService!==void 0)return br(e.userDetailsService,{userDetailsPasswordService:e.userDetailsPasswordService})},o=[];class i{#e;#r=[];#t;set authenticationManager(c){this.#t=c}get authenticationEntryPoint(){return this.#e!==void 0||this.#r.length===0?this.#e:this.#r.length===1?this.#r[0][1]:$e({entryPoints:this.#r,defaultEntryPoint:this.#r[this.#r.length-1][1]})}build(){if(t.headers!==void 0&&t.headers.disabled!==!0){let d=ft(t.headers);d[W]=$.http_headers,o.push(d)}if(t.x509!==void 0&&t.x509.disabled!==!0){let d=Et({storage:e.storage,getService:r,extractor:Ge({principalAltName:t.x509.principalAltName})});d[W]=$.authentication,o.push(d)}if(t.cors?.disabled!==!0&&e.corsConfigSource!==void 0){let d=Zt({corsConfigSource:e.corsConfigSource});d[W]=$.cors,o.push(d)}if(t.basic!==void 0&&t.basic?.disabled!==!0){let d=[async({exchange:l,next:g},v)=>g()],u=gt({storage:e.storage,manager:this.#t,defaultEntryPoints:this.#r,defaultSuccessHandlers:d});u[W]=$.http_basic,o.push(u)}if(t.jwt!==void 0&&t.jwt.disabled!==!0){let d=io({issuerBaseUri:t.jwt.issuerUri,issuer:t.jwt.issuer,audience:t.jwt.audience}),u=async f=>{try{let{payload:h}=await d(f);return{tokenValue:f,subject:h.sub,getClaimAsString(m){return h[m]}}}catch(h){throw h instanceof so?new we(h.message,{cause:h}):new ae("error occurred while attempting to decoding jwt",{cause:h})}},l=Ue({uriQueryParameter:!0}),g=async f=>{try{return await l(f)===void 0?C:T()}catch{return C}},v=Ne({});this.#r.push([g,v]);let p=wt({storage:e.storage,entryPoint:v,converter:l,jwt:{decoder:u}});p[W]=$.authentication,o.push(p)}let c=mr({storage:e.storage});if(o.push(c),c[W]=$.security_context_server_web_exchange,t.authorize!==void 0){let d=gr({authenticationEntryPoint:this.authenticationEntryPoint});d[W]=$.error_translation,o.push(d);let l=(v=>{let p=[],f=!1;for(let[h,m]of v??[]){let k;if(h==="any-exchange")f=!0,k=le;else{if(f)throw new Error("Cannot register other matchers after 'any-exchange' matcher");k=h}let R;if(m.access==="permitted")R=new _(async()=>new F(!0)),R.toString=()=>"AuthorizationManager[permitted]";else if(m.access==="denied")R=new _(async()=>new F(!1)),R.toString=()=>"AuthorizationManager[denied]";else if(m.access==="authenticated")R=new _(async K=>{let Ht=await K;return Ht!==void 0?new F(Ht.authenticated):new F(!1)}),R.toString=()=>"AuthorizationManager[authenticated]";else throw new Error(`Unknown access type: ${JSON.stringify(m)}`);p.push([k,R])}return St({mappings:p})})(t.authorize),g=bt({manager:l,storage:e.storage});g[W]=$.authorization,o.push(g)}o.sort((d,u)=>{let l=d[W]??$.last,g=u[W]??$.last;return l-g})}}let s=new i;return s.authenticationManager=n(),s.build(),o};var je=class{#e=new Map;constructor(...e){for(let r of e)this.#e.set(this.#r(r.username),r)}async findByUsername(e){let r=this.#r(e),n=this.#e.get(r);return n!==void 0?{...n}:void 0}async updatePassword(e,r){let n={...e,password:r};if(n){let o=this.#r(e.username);this.#e.set(o,n)}return n}#r(e){return e.toLowerCase()}};import{randomUUID as ao}from"node:crypto";var Ve=y("auth");function co(t){let e=[],r=t.authConfig?.type,n={access:r!=="none"?"authenticated":"permitted"};Ve.enabledFor("info")&&Ve.info(`using auth type: ${r??"none"}, default access: ${n.access}`);for(let[o,i]of t.sockets){let s=i.authorize??n,a=O(o,{method:"GET"});a=ee([V,a]),e.push([a,s])}return e.push([O("/",{method:"GET"}),{access:"permitted"}]),e.push([O("/favicon.ico",{method:"GET"}),{access:"permitted"}]),e.push([O("/health",{method:"GET"}),{access:"permitted"}]),t.authorize.length>0&&e.push(...t.authorize),e.push(["any-exchange",n]),{authorize:e,cors:{disabled:t.corsConfig===!1},x509:{disabled:r!=="x509",...t.authConfig?.x509},basic:{disabled:r!=="basic",...t.authConfig?.basic},jwt:{disabled:r!=="oauth2",...t.authConfig?.oauth2?.jwt}}}function uo(t){function e(s,a){let c=s.password;if(c===void 0){let d=ao().replaceAll("-","");Ve.enabledFor("info")&&Ve.info(`
3
+
4
+ using generated password: ${d}
5
+
6
+ This generated password is for development only. Your authentication configuration should be updated before running in production.
7
+ `),c=d}if(c.length>xt)throw new Error(`Password length exceeds maximum length of ${xt} characters`);return a!=null||/^\{.+}.*$/.test(c)?c:`{noop}${c}`}let r={name:"dev-user",roles:[],...t.authConfig?.user},n=e(r),o=r.roles,i=ze.ofUsername(r.name).password(n).roles(...o).build();return new je(i)}async function Er(t){let e=or(t),r=uo(t),n=co(t),{storage:o}=t;return xr(n,{storage:o,corsConfigSource:e,userDetailsService:r,userDetailsPasswordService:r})}import{AsyncLocalStorage as lo}from"node:async_hooks";var Xe=class extends Z{},At=class{#e;#r=!1;#t;#n;constructor(e,r){this.#e=e,this.#t=r}createExchange(e,r){return new Re(e,r)}set storage(e){this.#n=e}set enableLoggingRequestDetails(e){this.#r=e}formatHeaders(e){let r="{";for(let n of e.keys())if(this.#r){let o=e.get(n);r+=`"${n}": "${o}", `}else{r+="masked, ";break}return r.endsWith(", ")&&(r=r.slice(0,-2)),r+="}",r}formatRequest(e){let r=e.URL.search;return`HTTP ${e.method} "${e.path}${r}`}logRequest(e){if(this.#e.enabledFor("debug")){let r=this.#e.enabledFor("trace");this.#e.debug(`${e.logPrefix}${this.formatRequest(e.request)}${r?`, headers: ${this.formatHeaders(e.request.headers)}`:""}"`)}}logResponse(e){if(this.#e.enabledFor("debug")){let r=this.#e.enabledFor("trace"),n=e.response.statusCode;this.#e.debug(`${e.logPrefix}Completed ${n??"200 OK"}${r?`, headers: ${this.formatHeaders(e.response.headers)}`:""}"`)}}handleUnresolvedError(e,r){let{request:n,response:o,logPrefix:i}=e;if(o.setStatusCode(w.INTERNAL_SERVER_ERROR)){this.#e.error(`${i}500 Server Error for ${this.formatRequest(n)}`,r);return}throw this.#e.error(`${i}Error [${r.message} for ${this.formatRequest(n)}, but already ended (${o.statusCode})`,r),r}async web(e){return await this.#t(e)}async http(e,r){let n=this.createExchange(e,r),o=()=>(this.logRequest(n),this.web(n).then(()=>{this.logResponse(n)}).catch(i=>{this.handleUnresolvedError(n,i)}).then(async()=>{await n.response.end()}));await new Promise((i,s)=>{this.#n!==void 0?this.#n.run({exchange:n},()=>{o().then(()=>i()).catch(a=>s(a))}):o().then(()=>i()).catch(a=>s(a))})}},Je=class{#e;#r=new lo;#t;storage(e){return this.#r=e,this}httpHandlerDecorator(e){if(this.#t===void 0)this.#t=e;else{let r=this.#t;this.#t=n=>(n=r(n),e(n))}return this}constructor(e){this.#e=e}build(){let e=y("http"),r=new At(e,this.#e);this.#r!==void 0&&(r.storage=this.#r),r.enableLoggingRequestDetails=!1;let n=async(o,i)=>r.http(o,i);return this.#t?this.#t(n):n}};import{WebSocketServer as ho}from"ws";function Ar(t,e){let r=t?.exchange,n=r?.request??new Q(t),o=r?.principal,i=o?o.bind(r):async function(){},s=n.URL,a=new x;for(let g of n.headers.keys())a.set(g,n.headers.list(g));let c=n.cookies,d=r?.logPrefix??`[${n.id}] `,u=n.remoteAddress;return{url:s,headers:a,cookies:c,principal:i,protocol:e,remoteAddress:u,logPrefix:d}}function Cr(t){return[async(r,n)=>{let i=r.request.path??"/",s=t.sockets,a=s.get(i)??Array.from(s.values()).find(c=>{if(i==="/"&&c.default===!0)return!0});if(a!==void 0){let{request:c,response:d}=r,u=await V(r);if((c.method==="GET"||c.method==="CONNECT")&&u.match)if(a.upgradeStrategy!==void 0){a.upgradeStrategy(r);return}else throw new Error(`No upgrade strategy defined for route on ${i}`);else{if(a.default){await n();return}d.setStatusCode(w.UPGRADE_REQUIRED),d.headers.set("Upgrade","websocket").set("Connection","Upgrade").set("Content-Type","text/plain");let l=Buffer.from(`This service [${c.path}] requires use of the websocket protocol.`,"utf-8");await d.body(l)}}else await n()}]}import{WebSocket as po}from"ws";var Ke=class extends po{constructor(e,r,n){super(null,void 0,n)}connected},Ye=class t{static#e=Buffer.alloc(0);static#r=[0,Buffer.alloc(8)];#t;#n;#i;#s=!1;#o;constructor(e,r,n){this.#o=e,this.#n=typeof n=="number"?n:n?.interval,this.#t=typeof n=="number"||n?.data==="timestamp"?()=>t.#d(Date.now()):()=>t.#e,this.#n&&(this.#i=setInterval(()=>{let[o,i]=r();for(let s of i)this.#a(s,o)||this.#c(s,o)},this.#n))}#a(e,r){return e.connected===!1?(this.#o.enabledFor("debug")&&this.#o.debug(`terminating unresponsive ws client on [${r}]`),e.terminate(),!0):!1}#c(e,r){e.connected=!1;let n=this.#t();this.#o.enabledFor("trace")&&this.#o.debug(`pinging ws client on [${r}]`),e.ping(n,this.#s,o=>{o&&this.#o.enabledFor("warn")&&this.#o.warn(`failed to ping ws client on [${r}]`,o)})}static#d(e=Date.now()){if(e-t.#r[0]>0){let r=Buffer.allocUnsafe(8);r.writeBigInt64BE(BigInt(e),0),t.#r=[e,r]}return t.#r[1]}static#u(e){return e.length===8?Number(e.readBigInt64BE(0)):0}close(){clearInterval(this.#i)}handlePing(e,r,n){r.connected=!0,r.pong(n,!1,o=>{o&&this.#o.enabledFor("warn")&&this.#o.warn(`${e.logPrefix}failed to pong ws client ${B(e.remoteAddress)}`,o)})}handlePong(e,r,n){if(r.connected=!0,this.#o.enabledFor("warn")){let o=t.#u(n);if(o>0){let i=Date.now()-o;this.#o.enabledFor("debug")&&this.#o.debug(`${e.logPrefix}ws client ${B(e.remoteAddress)} ping-pong latency: ${i}ms`),this.#n&&i>this.#n/2&&this.#o.enabledFor("warn")&&this.#o.warn(`${e.logPrefix}ws client ${B(e.remoteAddress)} high ping-pong latency: ${i}ms`)}}}};var L=y("ws");function fo(t,e,r,n){return o=>{let{logPrefix:i,request:s}=o,a=He.getNativeRequest(s);a.exchange=o;let{socket:c,upgradeHead:d}=a,u=s.host;if(c.removeListener("error",n),e.maxConnections!==void 0&&r.clients?.size>=e.maxConnections){L.warn(`${i}dropping ws connection request on ${u}${t}. max connections exceeded.`),c.destroy();return}let l=s.headers.one("origin");if(!qt(l,e.originFilters)){L.enabledFor("info")&&L.info(`${i}dropping ws connection request on ${u}${t}. origin ${l??"<missing>"}`),c.destroy();return}L.enabledFor("debug")&&L.debug(`${i}accepted new ws connection request on ${u}${t}`),r.handleUpgrade(a,c,d,(g,v)=>{r.emit("connection",g,v)})}}function go(t,e){let r=new Set;t.forEach((o,i)=>{if(i===0&&o.startsWith("HTTP/1.1 101 ")){e.setStatusCode(w.SWITCHING_PROTOCOLS);return}let[s,a]=o.split(": ");e.headers.has(s)?t[i]=`${s}: ${e.headers.one(s)}`:e.headers.set(s,a),r.add(s.toLowerCase())});let n=Z.getNativeResponse(e);for(let o of n.getRawHeaderNames()){let i=o.toLowerCase();if(!r.has(i)){let s=e.headers.get(i);s!==void 0&&t.push(`${o}: ${s}`)}}n.markHeadersSent()}async function Pr(t,e,r,n,o){try{L.info(`creating ws server for [${t}]. max connections: ${e.maxConnections??"<unlimited>"}, origin filters: ${e.originFilters?JSON.stringify(e.originFilters,Ot):"<none>"}, ping: ${typeof e.ping=="number"?e.ping+"ms":e.ping?JSON.stringify(e.ping):"<none>"}`);let i=new ho({noServer:!0,WebSocket:Ke,autoPong:!1}),s=new Ye(L.child("pings"),()=>[t,i.clients],e.ping),a=await e.factory({endpoint:r,storage:n});i.on("error",c=>{L.error(`error starting the ws server for [${t}]`,c)}).on("listening",()=>{L.info(`ws server for [${t}] is listening`)}).on("headers",(c,d)=>{if(d.exchange!==void 0){let{response:u}=d.exchange;go(c,u)}}).on("connection",(c,d)=>{let u=Ar(d,c.protocol);c.on("pong",l=>{s.handlePong(u,c,l)}),c.on("ping",l=>{s.handlePing(u,c,l)}),a({socket:c,handshake:u})}),i.on("close",()=>{s.close()}),e.upgradeStrategy=fo(t,e,i,o),e.close=async()=>{await a.close?.call(a),L.info(`stopping ws server for [${t}]. clients: ${i.clients?.size??0}`),i.clients?.forEach(c=>{c.terminate()}),i.close()}}catch(i){L.warn(`failed to init route ${t}`,i)}}import{existsSync as P,readFileSync as G,writeFileSync as Qe,mkdirSync as Ze}from"node:fs";import{dirname as et}from"node:path";import{KEYUTIL as mo,X509 as yo}from"jsrsasign";import{mkcert as Ct}from"@interopio/gateway-server/tools";var de=y("ssl");function Hr(t,e){let r={};if(t.requestCert!==void 0&&(r.requestCert=t.requestCert),t.rejectUnauthorized!==void 0&&(r.rejectUnauthorized=t.rejectUnauthorized),t.key&&t.cert&&P(t.key)&&P(t.cert)){de.info(`using SSL/TLS certificate ${t.cert} with private key in ${t.key}${t.passphrase?" (password-protected)":""}`);let p={key:G(t.key),cert:G(t.cert),...r};return t.passphrase&&(p.passphrase=t.passphrase),t.requestCert&&t.ca&&P(t.ca)&&(p.ca=G(t.ca)),p}if(!t.key&&!t.cert){let p="./gateway-server.key",f="./gateway-server.crt";if(P(p)&&P(f)){de.info(`using SSL/TLS certificate ${f} with private key in ${p}${t.passphrase?" (password-protected)":""}`);let h={key:G(p),cert:G(f),...r};return t.passphrase&&(h.passphrase=t.passphrase),t.requestCert&&t.ca&&P(t.ca)&&(h.ca=G(t.ca)),h}}if(!e)throw new Error("SSL/TLS enabled but no server certificate provided. Either provide ssl.key and ssl.cert, or configure auth.x509.key for auto-generation.");let n=e.key??"gateway-ca.key",o=t.ca??`${n.replace(/\.key$/,".crt")}`,i=e.passphrase??t.passphrase;if(!P(n)){if(P(o))throw new Error(`CA key file not found: ${n} (CA certificate exists: ${o})`);let p=Ct.generateRootCA({name:Ct.DEFAULT_CA_NAME,passphrase:i}),f=et(n);f&&f!=="."&&!P(f)&&Ze(f,{recursive:!0});let h=et(o);h&&h!=="."&&h!==f&&!P(h)&&Ze(h,{recursive:!0}),Qe(n,p.key,{mode:256}),Qe(o,p.cert,{mode:420}),de.info(`created new local Root CA in ${o}, ${n}${i?" (password-protected)":""}`)}let s=G(n,"utf8"),a=mo.getKey(s,i),c=G(o,"utf8"),d=new yo;d.readCertPEM(c);let u=d.getSubjectString(),l=e.host;de.debug(`generating server certificate signed by: ${u} for host: ${l}`);let g=Ct.generateCert(a,u,[l],!1);if(t.key||t.cert){let p=t.key||"./gateway-server.key",f=t.cert||"./gateway-server.crt",h=et(p);h&&h!=="."&&!P(h)&&Ze(h,{recursive:!0});let m=et(f);m&&m!=="."&&m!==h&&!P(m)&&Ze(m,{recursive:!0}),Qe(p,g.key,{mode:384}),Qe(f,g.cert,{mode:420}),de.info(`generated server certificate saved to ${f} with private key in ${p}${i?" (password-protected)":""}`)}else de.info(`using in-memory server certificate for host: ${l}`);let v={key:g.key,cert:g.cert,...r};return t.requestCert&&t.ca&&P(o)&&(v.ca=G(o)),v}import kr from"@interopio/gateway-server/package.json"with{type:"json"};var U=y("app");async function vo(t,e){let r=t.build();return async(n,o)=>{n.socket.addListener("error",e);let i;o instanceof Y?i=o:(n.upgradeHead=o,i=new Y(n),i.assignSocket(n.socket));let s=new Q(n),a=new Pe(i),c=s.method==="HEAD"?new Xe(a):a;await r(s,c)}}function xo(t){return new Promise((e,r)=>{let n=t(o=>{o?r(o):e(n)})})}function Eo(t){if(t)return Gt({memoryLimit:t.memory_limit,dumpLocation:t.dump_location,dumpPrefix:t.dump_prefix,reportInterval:t.report_interval,maxBackups:t.max_backups})}var Rr=`${kr.name} - v${kr.version}`;async function Ao(t){let e=t.storage,r=await Er(t),n=Cr(t),o=Dt(_t(Rr,t.serverHeader),...r,...n,...t.middleware,async({request:i,response:s},a)=>{if(i.method==="GET"&&i.path==="/health"){s.setStatusCode(w.OK);let c=Buffer.from("UP","utf-8");s.headers.set("Content-Type","text/plain; charset=utf-8"),await s.body(c)}else await a()},async({request:i,response:s},a)=>{if(i.method==="GET"&&i.path==="/"){s.setStatusCode(w.OK);let c=Buffer.from("io.Gateway Server","utf-8");s.headers.set("Content-Type","text/plain; charset=utf-8"),await s.body(c)}else await a()},async({response:i},s)=>{i.setStatusCode(w.NOT_FOUND),await i.end()});return new Je(o).storage(e)}var Pt=async t=>{let e=t.ssl,r=t.host,n=t.auth?.x509?.key?{host:r??"localhost",key:t.auth.x509.key,passphrase:t.auth.x509.passphrase}:void 0,o=e?(p,f)=>So.createServer({...p,...Hr(e,n)},f):(p,f)=>wo.createServer(p,f),i=Eo(t.memory),s={middleware:[],corsConfig:t.cors,cors:[],authConfig:t.auth,authorize:[],storage:new bo,sockets:new Map},a=new Se({baseConfig:{...t.gateway},scope:t.gateway?.scope??"principal"});if(t.gateway){let p=t.gateway;await lt(async f=>{f.socket({path:p.route,factory:Mt.bind(a),options:p})},t,s)}t.app&&await lt(t.app,t,s);let c=kt(t.port??0),d=p=>U.error(`socket error: ${p}`,p),u=await Ao(s),l=await vo(u,d),v=await new Promise((p,f)=>{let h=o({IncomingMessage:Ee,ServerResponse:Y,...t.http},l);h.on("error",m=>{if(m.code==="EADDRINUSE"){U.debug(`port ${m.port} already in use on address ${m.address}`);let{value:k}=c.next();k?(U.info(`retry starting server on port ${k} and host ${r??"<unspecified>"}`),h.close(),h.listen(k,r)):(U.warn(`all configured port(s) ${t.port} are in use. closing...`),h.close(),f(m))}else U.error(`server error: ${m.message}`,m),f(m)}),h.on("listening",async()=>{let m=h.address();for(let[k,R]of s.sockets){let K=`${e?"wss":"ws"}://${Rt}:${m.port}${k}`;await Pr(k,R,K,s.storage,d)}U.info(`http server listening on ${e?"https":"http"}://${B(m)}`),p(h)}),h.on("upgrade",(m,k,R)=>{try{l(m,R)}catch(K){U.error(`upgrade error: ${K}`,K)}}).on("close",async()=>{U.info("http server closed.")});try{let{value:m}=c.next();h.listen(m,r)}catch(m){U.error("error starting web socket server",m),f(m instanceof Error?m:new Error(`listen failed: ${m}`))}});return new class{gateway=a;get address(){let p=v.address();return typeof p=="object"?p:null}async close(){for(let[p,f]of s.sockets)try{f.close!==void 0&&await f.close()}catch(h){U.warn(`error closing route ${p}`,h)}await xo(p=>{v.closeAllConnections(),v.close(p)}),i&&await Bt(i),await a.stop()}}};var hc=Pt;export{Tr as GatewayServer,hc as default};
3
8
  //# sourceMappingURL=index.js.map