npm - @jay-framework/editor-server - Versions diffs - 0.6.0 → 0.6.1 - Mend

@jay-framework/editor-server 0.6.0 → 0.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.d.ts +1 -0
package/dist/{index.cjs → index.js} +38 -17
package/package.json +6 -6

package/dist/index.d.ts CHANGED Viewed

@@ -24,6 +24,7 @@ declare class EditorServer implements DevServerProtocol {
     onHasImage(callback: (params: HasImageMessage) => Promise<HasImageResponse>): void;
     private handlePortDiscovery;
     private setupSocketHandlers;
+    private isLocalhost;
     private handleProtocolMessage;
 }
 declare function createEditorServer(options: EditorServerOptions): EditorServer;

package/dist/{index.cjs → index.js} RENAMED Viewed

@@ -1,15 +1,13 @@
-"use strict";
 var __defProp = Object.defineProperty;
 var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
 var __publicField = (obj, key, value) => {
   __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
   return value;
 };
-Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-const socket_io = require("socket.io");
-const http = require("http");
-const getPort = require("get-port");
-const editorProtocol = require("@jay-framework/editor-protocol");
+import { Server } from "socket.io";
+import { createServer } from "http";
+import getPort from "get-port";
+import { createProtocolResponse } from "@jay-framework/editor-protocol";
 class EditorServer {
   constructor(options) {
     __publicField(this, "io", null);
@@ -25,7 +23,18 @@ class EditorServer {
   }
   async start() {
     this.port = await getPort({ port: this.portRange });
-    this.httpServer = http.createServer((req, res) => {
+    this.httpServer = createServer((req, res) => {
+      const clientIP = req.socket.remoteAddress || req.connection.remoteAddress;
+      if (!this.isLocalhost(clientIP)) {
+        console.warn(`Rejected connection from non-localhost IP: ${clientIP}`);
+        res.writeHead(403, { "Content-Type": "application/json" });
+        res.end(
+          JSON.stringify({
+            error: "Access denied: Only localhost connections are allowed"
+          })
+        );
+        return;
+      }
       if (req.url?.startsWith("/editor-connect")) {
         this.handlePortDiscovery(req, res);
       } else {
@@ -33,11 +42,12 @@ class EditorServer {
         res.end("Not Found");
       }
     });
-    this.io = new socket_io.Server(this.httpServer, {
+    this.io = new Server(this.httpServer, {
       cors: {
-        origin: "*",
+        origin: ["http://localhost:*", "http://127.0.0.1:*"],
         methods: ["GET", "POST"]
-      }
+      },
+      allowEIO3: true
     });
     this.setupSocketHandlers();
     return new Promise((resolve, reject) => {
@@ -90,7 +100,13 @@ class EditorServer {
     if (!this.io)
       return;
     this.io.on("connection", (socket) => {
-      console.log(`Editor connected: ${socket.id}`);
+      const clientIP = socket.handshake.address;
+      if (!this.isLocalhost(clientIP)) {
+        console.warn(`Rejected WebSocket connection from non-localhost IP: ${clientIP}`);
+        socket.disconnect(true);
+        return;
+      }
+      console.log(`Editor connected: ${socket.id} from ${clientIP}`);
       socket.on("protocol-message", async (message) => {
         try {
           const response = await this.handleProtocolMessage(message);
@@ -101,7 +117,7 @@ class EditorServer {
             success: false,
             error: error instanceof Error ? error.message : "Unknown error"
           };
-          const errorResponse = editorProtocol.createProtocolResponse(message.id, errorPayload);
+          const errorResponse = createProtocolResponse(message.id, errorPayload);
           socket.emit("protocol-response", errorResponse);
         }
       });
@@ -110,6 +126,9 @@ class EditorServer {
       });
     });
   }
+  isLocalhost(ip) {
+    return ip === "127.0.0.1" || ip === "localhost" || ip === "::1" || ip === "::ffff:127.0.0.1";
+  }
   async handleProtocolMessage(message) {
     const { id, payload } = message;
     switch (payload.type) {
@@ -118,19 +137,19 @@ class EditorServer {
           throw new Error("Publish handler not registered");
         }
         const publishResult = await this.handlers.publish(payload);
-        return editorProtocol.createProtocolResponse(id, publishResult);
+        return createProtocolResponse(id, publishResult);
       case "saveImage":
         if (!this.handlers.saveImage) {
           throw new Error("Save image handler not registered");
         }
         const saveResult = await this.handlers.saveImage(payload);
-        return editorProtocol.createProtocolResponse(id, saveResult);
+        return createProtocolResponse(id, saveResult);
       case "hasImage":
         if (!this.handlers.hasImage) {
           throw new Error("Has image handler not registered");
         }
         const hasResult = await this.handlers.hasImage(payload);
-        return editorProtocol.createProtocolResponse(id, hasResult);
+        return createProtocolResponse(id, hasResult);
       default:
         throw new Error(`Unknown message type: ${payload.type}`);
     }
@@ -139,5 +158,7 @@ class EditorServer {
 function createEditorServer(options) {
   return new EditorServer(options);
 }
-exports.EditorServer = EditorServer;
-exports.createEditorServer = createEditorServer;
+export {
+  EditorServer,
+  createEditorServer
+};

package/package.json CHANGED Viewed

@@ -1,9 +1,9 @@
 {
   "name": "@jay-framework/editor-server",
-  "version": "0.6.0",
+  "version": "0.6.1",
   "type": "module",
   "license": "Apache-2.0",
-  "main": "dist/index.cjs",
+  "main": "dist/index.js",
   "files": [
     "dist",
     "readme.md"
@@ -20,16 +20,16 @@
     "test:watch": "vitest"
   },
   "dependencies": {
-    "@jay-framework/editor-protocol": "^0.6.0",
+    "@jay-framework/editor-protocol": "^0.6.1",
     "get-port": "^7.0.0",
     "socket.io": "^4.7.4",
     "uuid": "^9.0.1",
     "yaml": "^2.3.4"
   },
   "devDependencies": {
-    "@jay-framework/dev-environment": "^0.6.0",
-    "@jay-framework/editor-client": "^0.6.0",
-    "@jay-framework/jay-cli": "^0.6.0",
+    "@jay-framework/dev-environment": "^0.6.1",
+    "@jay-framework/editor-client": "^0.6.1",
+    "@jay-framework/jay-cli": "^0.6.1",
     "@types/express": "^5.0.2",
     "@types/node": "^22.15.21",
     "@types/uuid": "^9.0.7",