@interopio/gateway-server 0.21.0 → 0.22.0

package/{gateway-server → bin/gateway-server.cjs}

@@ -1,16 +1,15 @@
 #!/usr/bin/env node
 
-`use strict`;
+'use strict';
 
-import { writeFileSync } from 'node:fs';
-import { parseArgs } from 'node:util';
-import { configure } from '@interopio/gateway/logging/core';
+const { parseArgs } = require('node:util');
+const { configure } = require('@interopio/gateway/logging/core');
 
 // import { GatewayServer } from './src/index.ts';
-// import { mkcert, argon2 } from './src/tools/index.ts';
+// import { mkcert, argon2, manage } from './src/tools/index.ts';
 
-import { GatewayServer } from './dist/index.js';
-import { mkcert, argon2 } from './dist/tools/index.js';
+const { mkcert, argon2, manage } = require('@interopio/gateway-server/tools');
+const { GatewayServer } =  require('@interopio/gateway-server');
 
 function showHelp() {
     console.log(`
@@ -18,6 +17,7 @@ Usage: npx @interopio/gateway-server <command> [options]
 
 Commands:
   run                      Start the gateway server
+  manage                   Send management commands to a running gateway server
   passwd                   Generate password hash (default using Argon2)
   mkcert                   Generate client and/or server certificate signed by Dev CA
 
@@ -27,7 +27,7 @@ run options:
   -H, --host <host>        Network address to bind to (default: unspecified, listens on all)
                            examples: localhost, 127.0.0.1, 0.0.0.0, ::1
   -u, --user <name>        Enables basic authentication and sets the admin username
-  --no-auth                Disable authentication (overrides config, sets auth.type to 'none')
+  --no-auth                Disable authentication (overrides config, sets auth type to 'none')
   -S, --ssl, --tls         Enable HTTPS. Auto-generates Dev CA and/or server certificates if not
                            present. Enables x509 client cert auth if --user not specified.
   --cert <file>            File with SSL/TLS certificate (default: ./gateway-server.crt)
@@ -41,6 +41,18 @@ run options:
   -c, --config <file>      Server configuration file (JSON format)
   --debug                  Enable debug logging (default: info level)
 
+manage options:
+  --path <path>            Path to the gateway control socket (named pipe on Windows, Unix socket)
+                           examples: \\\\.\\pipe\\glue42-gateway-xxx, /tmp/gateway.sock
+  -p, --port <port>        TCP port of the management server
+  --timeout <ms>           Connection timeout in milliseconds (default: 5000)
+  <command>                Management command to execute: info, shutdown
+  [key=value...]           Additional command parameters as key=value pairs
+                           Values are parsed as JSON (numbers, booleans, arrays, objects)
+                           or kept as strings if not valid JSON
+  <json>                   Alternatively, pass entire command as a JSON object
+                           example: '{"command":"update-auth","type":"basic"}'
+
 passwd options:
   (no args)                Prompt for password interactively (masked input)
   --stdin                  Read password from stdin (for piping, e.g., echo "pass" | ...)
@@ -66,9 +78,13 @@ Examples:
   gateway-server run -p 3000
   gateway-server run -u admin --port 8385,8388 --debug
   gateway-server run -p 8443 --ssl --user admin --gateway
-  gateway-server run --port 42443 --tls --ca-key ./ssl/ca.key --host medes --gateway
+  gateway-server run --port 42443 --tls --ca-key ./ssl/ca.key --host example.com --gateway
   gateway-server run -p 3000 --static ./public --config ./server-config.json
   gateway-server run --config ./server-config.json --no-gateway --no-ssl --no-auth
+  gateway-server manage --path \\\\.\\pipe\\glue42-gateway-xxx info
+  gateway-server manage --path \\\\.\\pipe\\glue42-gateway-xxx shutdown
+  gateway-server manage --path \\\\.\\pipe\\glue42-gateway-xxx custom-cmd key1=value1 count=42 'data={"user":"test"}' --timeout 10000
+  gateway-server manage --path \\\\.\\pipe\\glue42-gateway-xxx '{"command":"update-auth","auth":{"token":"my-token"}}}'
   gateway-server passwd
   echo "mySecret123" | gateway-server passwd --stdin
   gateway-server mkcert
@@ -115,13 +131,16 @@ const command = positionals[0];
 // Route to appropriate command handler
 switch (command) {
     case 'run':
-        await runServer();
+        runServer().catch(e => {console.error(e); process.exit(1);});
+        break;
+    case 'manage':
+        manageCommand().catch(e => {console.error(e); process.exit(1);});
         break;
     case 'passwd':
-        await passwdCommand();
+        passwdCommand().catch(e => {console.error(e); process.exit(1);});
         break;
     case 'mkcert':
-        await mkcertCommand();
+        mkcertCommand().catch(e => {console.error(e); process.exit(1);});
         break;
     default:
         console.error(`Error: Unknown command "${command}"`);
@@ -129,6 +148,96 @@ switch (command) {
         process.exit(1);
 }
 
+// Command: manage - Send management commands to a running gateway server
+async function manageCommand() {
+    const { values, positionals } = parseArgs({
+        args: process.argv.slice(3), // Skip 'node', 'gateway-server', and 'manage'
+        options: {
+            path: { type: 'string' },
+            port: { type: 'string', short: 'p' },
+            timeout: { type: 'string' },
+        },
+        strict: true,
+        allowPositionals: true,
+    });
+
+    const socketPath = values.path;
+    const port = values.port ? parseInt(values.port, 10) : undefined;
+    const timeout = values.timeout ? parseInt(values.timeout, 10) : undefined;
+    const firstArg = positionals[0];
+
+    if (!socketPath && !port) {
+        console.error('Error: --path or --port is required');
+        console.error('Example: gateway-server manage --path \\\\.\\pipe\\glue42-gateway-xxx info');
+        process.exit(1);
+    }
+
+    if (!firstArg) {
+        console.error('Error: management command is required');
+        console.error('Available commands: info, shutdown');
+        console.error('Or pass a JSON object: gateway-server manage --path ... \'{"command":"info"}\'');
+        process.exit(1);
+    }
+
+    // Try to parse first argument as JSON (entire command object)
+    let commandParams;
+    if (firstArg.startsWith('{')) {
+        try {
+            commandParams = JSON.parse(firstArg);
+            if (!commandParams.command) {
+                console.error('Error: JSON command must have a "command" property');
+                process.exit(1);
+            }
+        }
+        catch (e) {
+            console.error(`Error: invalid JSON: ${e.message}`);
+            process.exit(1);
+        }
+    }
+    else {
+        // Parse as command name + key=value pairs
+        commandParams = { command: firstArg };
+        for (let i = 1; i < positionals.length; i++) {
+            const arg = positionals[i];
+            const eqIndex = arg.indexOf('=');
+            if (eqIndex === -1) {
+                console.error(`Error: invalid parameter "${arg}". Expected format: key=value`);
+                process.exit(1);
+            }
+            const key = arg.slice(0, eqIndex);
+            let value = arg.slice(eqIndex + 1);
+
+            // Try to parse as JSON for numbers, booleans, arrays, objects
+            try {
+                value = JSON.parse(value);
+            } catch {
+                // Keep as string if not valid JSON
+            }
+
+            commandParams[key] = value;
+        }
+    }
+
+    const server = socketPath ? { path: socketPath } : { port };
+    try {
+        const result = await manage.sendCommand(server, commandParams, { timeout });
+        if (result === undefined) {
+            console.log('<no response>');
+        }
+        else if (typeof result === 'string') {
+            console.log(result);
+        }
+        else {
+            console.log(JSON.stringify(result, null, 2));
+        }
+        process.exit(0);
+    }
+    catch (e) {
+        console.error(`Error: ${e.message || e}`);
+        process.exit(1);
+    }
+}
+
 // Command: passwd - Generate password hash
 async function passwdCommand() {
     const { values } = parseArgs({
@@ -140,7 +249,7 @@ async function passwdCommand() {
         allowPositionals: false,
     });
 
-    let password = undefined;
+    let password/*: string = undefined!*/;
 
     // Read password from stdin if specified
     if (values.stdin) {
@@ -172,7 +281,7 @@ async function readPasswordFromStdin() {
     }
 
     // Piped mode - read until EOF or newline
-    const chunks = [];
+    const chunks/*: Uint8Array[]*/ = [];
     for await (const chunk of process.stdin) {
         chunks.push(chunk);
     }
@@ -182,8 +291,8 @@ async function readPasswordFromStdin() {
 }
 
 // Prompt for password with masked input
-async function promptPassword(prompt) {
-    return new Promise((resolve) => {
+async function promptPassword(prompt/*: string*/) {
+    return new Promise/*<string>*/((resolve) => {
         process.stdout.write(prompt);
 
         // Only set raw mode if stdin is a TTY
@@ -205,7 +314,7 @@ async function promptPassword(prompt) {
             process.stdout.write('\n');
         };
 
-        const onData = (char) => {
+        const onData = (char/*: string*/) => {
             // Ctrl+C
             if (char === '\u0003') {
                 cleanup();
@@ -269,15 +378,18 @@ async function mkcertCommand() {
             // Client certificate: combined file by default
             keyPath = './gateway-client.key';
             certPath = './gateway-client.crt';
-        } else {
+        }
+        else {
             // Server certificate: separate files by default
             keyPath = './gateway-server.key';
             certPath = './gateway-server.crt';
         }
-    } else if (keyPath && !certPath) {
+    }
+    else if (keyPath && !certPath) {
         // Only --key specified: cert goes in the same file (combined)
         certPath = keyPath;
-    } else if (!keyPath && certPath) {
+    }
+    else if (!keyPath && certPath) {
         // Only --cert specified: key goes in the same file (combined)
         keyPath = certPath;
     }
@@ -293,30 +405,30 @@ async function mkcertCommand() {
         }
     }
 
-    const { readFileSync } = await import('node:fs');
+    const { readFile, writeFile } = await import('node:fs/promises');
     const { KEYUTIL, X509 } = await import('jsrsasign');
 
     // Load CA key
-    let caKeyObj;
+    let caKeyObj/*: ReturnType<typeof KEYUTIL.getKey>*/;
     try {
-        const caKeyPem = readFileSync(caKey, 'utf8');
+        const caKeyPem = await readFile(caKey, 'utf8');
         caKeyObj = KEYUTIL.getKey(caKeyPem);
     } catch (error) {
         console.error(`Error: Cannot read CA key from ${caKey}`);
-        console.error(error.message);
+        console.error(error?.['message']);
         process.exit(1);
     }
 
     // Extract issuer from CA certificate
-    let issuer;
+    let issuer/*: string*/;
     try {
-        const caCertPem = readFileSync(caCert, 'utf8');
+        const caCertPem = await readFile(caCert, 'utf8');
         const caCertObj = new X509();
         caCertObj.readCertPEM(caCertPem);
         issuer = caCertObj.getSubjectString();
     } catch (error) {
         console.error(`Error: Cannot read CA certificate from ${caCert}`);
-        console.error(error.message);
+        console.error(error?.['message']);
         process.exit(1);
     }
 
@@ -328,16 +440,17 @@ async function mkcertCommand() {
         if (keyPath === certPath) {
             // Concatenate cert and key into single file (cert first, then key)
             const combined = cert.cert + cert.key;
-            writeFileSync(keyPath, combined, { mode: 0o600 });
+            await writeFile(keyPath, combined, { mode: 0o600 });
             console.log(`${isClientCert ? 'Client' : 'Server'} certificate generated successfully:`);
             console.log(`  Combined (cert+key): ${keyPath}`);
             if (sanEntries.length > 0) {
                 console.log(`  SAN: ${sanEntries.join(', ')}`);
             }
-        } else {
+        }
+        else {
             // Write separate files
-            writeFileSync(keyPath, cert.key, { mode: 0o600 });
-            writeFileSync(certPath, cert.cert, { mode: 0o644 });
+            await writeFile(keyPath, cert.key, { mode: 0o600 });
+            await writeFile(certPath, cert.cert, { mode: 0o644 });
             console.log(`${isClientCert ? 'Client' : 'Server'} certificate generated successfully:`);
             console.log(`  Private key: ${keyPath}`);
             console.log(`  Certificate: ${certPath}`);
@@ -347,9 +460,10 @@ async function mkcertCommand() {
         }
 
         process.exit(0);
-    } catch (error) {
+    }
+    catch (error) {
         console.error(`Error: Cannot write certificate files`);
-        console.error(error.message);
+        console.error(error?.['message']);
         process.exit(1);
     }
 }
@@ -397,19 +511,62 @@ async function runServer() {
     };
 
     configure({
-        level: options.debug ? 'debug' : 'info',
+        level: options.debug ? {
+            gateway: 'debug',
+            "gateway.node": 'info',
+        } : 'info',
     });
 
     // Load server configuration from file if specified
-    let serverConfig = {};
+    let serverConfig/*: GatewayServer.ServerConfig*/ = {};
+
+    const { access, constants } = await import('node:fs/promises');
+    const { resolve, extname } = await import('node:path');
+
+    let configPath/*: string*/;
+    for (const fileName of
+        [
+            'gateway-server.config.js',
+            'gateway-server.config.mjs',
+            'gateway-server.config.cjs',
+            'gateway-server.config.ts',
+            'gateway-server.config.mts',
+            'gateway-server.config.cts',
+            'gateway-server.config.json'
+        ]) {
+        configPath = resolve(process.cwd(), fileName);
+        try {
+            await access(configPath, constants.R_OK);
+            // found readable config file, load it
+            break;
+        }
+        catch {
+            configPath = undefined;
+            // continue to next candidate
+        }
+    }
+
     if (options.config) {
+        configPath = options.config;
+    }
+    if (configPath) {
         try {
-            const { readFileSync } = await import('node:fs');
-            const configContent = readFileSync(options.config, 'utf8');
-            serverConfig = JSON.parse(configContent);
-        } catch (error) {
-            console.error(`Error: Cannot read server config from ${options.config}`);
-            console.error(error.message);
+            if (['.json'].includes(extname(configPath))) {
+                // JSON config file - read and parse manually
+                const { readFile } = await import('node:fs/promises');
+                const configContent = await readFile(configPath, 'utf8');
+                serverConfig = JSON.parse(configContent);
+            }
+            else {
+                // JS/TS config file - import dynamically
+                const { pathToFileURL } = await import('node:url');
+                const importedConfig = await import(pathToFileURL(configPath));
+                serverConfig = importedConfig.default || importedConfig;
+            }
+        }
+        catch (error) {
+            console.error(`Error: Cannot read server config from ${configPath}`);
+            console.error(error?.['message']);
             process.exit(1);
         }
     }
@@ -451,10 +608,10 @@ async function runServer() {
     // else: use whatever is in serverConfig (if any)
 
     // Determine effective SSL state
-    const effectiveSsl = options.ssl || (!options.noSsl && serverConfig.ssl !== undefined);
+    const effectiveSsl = options.ssl || (!options.noSsl && serverConfig?.ssl !== undefined);
 
     // Configure authentication
-    let auth;
+    let auth/*: GatewayServer.AuthConfig*/;
     if (values.auth === false) {
         // --no-auth: delete auth config from server config and set to 'none'
         delete serverConfig.auth;
@@ -467,7 +624,7 @@ async function runServer() {
         // Allow --user CLI option to override auth.user.name from config
         if (options.user) {
             if (!auth.user) {
-                auth.user = {};
+                auth.user = {name: options.user};
             }
             auth.user.name = options.user;
         }
@@ -548,7 +705,7 @@ async function runServer() {
     // Override static resources if specified
     if (options.static && options.static.length > 0) {
         if (!serverConfig.resources) {
-            serverConfig.resources = {};
+            serverConfig.resources = {locations: options.static};
         }
         serverConfig.resources.locations = options.static;
     }
@@ -557,10 +714,7 @@ async function runServer() {
     serverConfig.auth = auth;
 
     const server = await GatewayServer.Factory({
-        ...(serverConfig),
-        app: async (_configurer) => {
-            // No custom app logic for now
-        },
+        ...(serverConfig)
     });
 
     process.on('SIGINT', async () => {

package/changelog.md

@@ -2,6 +2,18 @@
 
 # Change Log
 
+## 0.22.0 (2026-02-20)
+
+### Added
+- feat: support config from gateway-server.config.{js,mjs,cjs,ts,mts,cts,json} files (with auto config file detection)
+- feat: management of the server via ipc (info and shutdown commands implemented for now, more to come)
+- feat: cli manage command
+### Changed
+- chore: bump @interopio/gateway to 0.24.0
+- feat: config is now in separate ts.d
+### Fixed
+- fix: malformed http host/x-forwarded-host header handling
+
 ## 0.21.0 (2026-01-27)
 
 ### Added

package/dist/config.cjs

@@ -0,0 +1,2 @@
+"use strict";var f=Object.defineProperty;var g=Object.getOwnPropertyDescriptor;var t=Object.getOwnPropertyNames;var C=Object.prototype.hasOwnProperty;var v=(r,e)=>{for(var o in e)f(r,o,{get:e[o],enumerable:!0})},S=(r,e,o,i)=>{if(e&&typeof e=="object"||typeof e=="function")for(let n of t(e))!C.call(r,n)&&n!==o&&f(r,n,{get:()=>e[n],enumerable:!(i=g(e,n))||i.enumerable});return r};var m=r=>S(f({},"__esModule",{value:!0}),r);var u={};v(u,{defineConfig:()=>p});module.exports=m(u);function p(r){return r}0&&(module.exports={defineConfig});
+//# sourceMappingURL=config.cjs.map

package/dist/config.cjs.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../src/config.ts"],
+  "sourcesContent": ["import { ServerConfig } from '../types/config';\n\nexport function defineConfig(config: ServerConfig): ServerConfig {\n    return config;\n}\n"],
+  "mappings": "yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,kBAAAE,IAAA,eAAAC,EAAAH,GAEO,SAASE,EAAaE,EAAoC,CAC7D,OAAOA,CACX",
+  "names": ["config_exports", "__export", "defineConfig", "__toCommonJS", "config"]
+}

package/dist/config.js

@@ -0,0 +1,2 @@
+function e(r){return r}export{e as defineConfig};
+//# sourceMappingURL=config.js.map

package/dist/config.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../src/config.ts"],
+  "sourcesContent": ["import { ServerConfig } from '../types/config';\n\nexport function defineConfig(config: ServerConfig): ServerConfig {\n    return config;\n}\n"],
+  "mappings": "AAEO,SAASA,EAAaC,EAAoC,CAC7D,OAAOA,CACX",
+  "names": ["defineConfig", "config"]
+}