@linzumi/cli 0.0.20-beta → 0.0.23-beta

package/src/localForwarding.ts

@@ -1,523 +0,0 @@
-/*
-- Date: 2026-04-26
-  Spec: plans/2026-04-26-local-runner-forwarding-and-editor-plan.md
-  Relationship: Implements the local side of bounded HTTP preview forwarding,
-  enforcing explicit allowed ports before the runner contacts loopback.
-
-- Date: 2026-04-26
-  Spec: plans/2026-04-26-local-runner-subdomain-forwarding-epr.md
-  Relationship: Implements the runner side of local WebSocket forwarding for
-  isolated preview subdomains.
-*/
-import { gzipSync } from "node:zlib";
-import { type JsonObject, type JsonValue, isJsonObject } from "./protocol";
-import type { PhoenixClient } from "./phoenix";
-
-const maxForwardBodyBytes = 64 * 1024 * 1024;
-const gzipForwardThresholdBytes = 32 * 1024;
-
-export type ForwardHttpRequestControl = {
-  readonly type: "forward_http_request";
-  readonly requestId: string;
-  readonly port: number;
-  readonly method: string;
-  readonly path: string;
-  readonly queryString?: string;
-  readonly headers?: JsonValue;
-  readonly bodyBase64?: string;
-};
-
-export type ForwardHttpResponsePayload = JsonObject;
-
-type RequestBodyDecision =
-  | { readonly ok: true; readonly body: Uint8Array | undefined }
-  | { readonly ok: false; readonly error: string };
-
-export type ForwardWebSocketOpenControl = {
-  readonly type: "forward_websocket_open";
-  readonly socketId: string;
-  readonly port: number;
-  readonly path: string;
-  readonly queryString?: string;
-  readonly headers?: JsonValue;
-};
-
-export type ForwardWebSocketSendControl = {
-  readonly type: "forward_websocket_send";
-  readonly socketId: string;
-  readonly opcode: "text" | "binary" | "ping" | "pong";
-  readonly bodyBase64: string;
-};
-
-export type ForwardWebSocketCloseControl = {
-  readonly type: "forward_websocket_close";
-  readonly socketId: string;
-};
-
-export type ForwardWebSocketControl =
-  | ForwardWebSocketOpenControl
-  | ForwardWebSocketSendControl
-  | ForwardWebSocketCloseControl;
-
-export type ForwardWebSocketManager = {
-  readonly handle: (control: ForwardWebSocketControl) => void;
-  readonly close: () => void;
-};
-
-export async function handleForwardHttpRequest(
-  control: ForwardHttpRequestControl,
-  allowedPorts: readonly number[],
-): Promise<ForwardHttpResponsePayload> {
-  if (!allowedPorts.includes(control.port)) {
-    return forwardError(control.requestId, "forward_port_not_allowed");
-  }
-
-  const bodyDecision = requestBody(control);
-
-  if (!bodyDecision.ok) {
-    return forwardError(control.requestId, bodyDecision.error);
-  }
-
-  try {
-    const request = {
-      method: control.method,
-      headers: requestHeaders(control.headers),
-      ...(bodyDecision.body === undefined ? {} : { body: bodyDecision.body }),
-    };
-    const response = await fetchWithHttpsFallback(
-      control.port,
-      control.path,
-      control.queryString,
-      request,
-    );
-    const upstreamBuffer = Buffer.from(await response.arrayBuffer());
-    const patchedBody = patchForwardBody(
-      control.path,
-      response.headers,
-      upstreamBuffer,
-    );
-    const preparedResponse = prepareResponseBodyForChannel(
-      control,
-      response.headers,
-      patchedBody,
-    );
-
-    if (preparedResponse.body.byteLength > maxForwardBodyBytes) {
-      return forwardError(control.requestId, "forward_response_too_large");
-    }
-
-    return {
-      requestId: control.requestId,
-      ok: true,
-      status: response.status,
-      headers: preparedResponse.headers,
-      bodyBase64: preparedResponse.body.toString("base64"),
-    };
-  } catch (_error) {
-    return forwardError(control.requestId, "forward_target_unavailable");
-  }
-}
-
-export function isForwardHttpRequestControl(control: {
-  readonly type: string;
-}): control is ForwardHttpRequestControl {
-  return control.type === "forward_http_request";
-}
-
-export function isForwardWebSocketControl(control: {
-  readonly type: string;
-}): control is ForwardWebSocketControl {
-  return (
-    control.type === "forward_websocket_open" ||
-    control.type === "forward_websocket_send" ||
-    control.type === "forward_websocket_close"
-  );
-}
-
-export function createForwardWebSocketManager(
-  kandan: Pick<PhoenixClient, "push">,
-  topic: string,
-  allowedPorts: () => readonly number[],
-): ForwardWebSocketManager {
-  const sockets = new Map<string, WebSocket>();
-
-  const pushEvent = (payload: JsonObject) =>
-    kandan
-      .push(topic, "forward:websocket_event", payload)
-      .catch(() => undefined);
-
-  const closeSocket = (socketId: string) => {
-    const socket = sockets.get(socketId);
-    sockets.delete(socketId);
-    socket?.close();
-  };
-
-  return {
-    handle: (control) => {
-      switch (control.type) {
-        case "forward_websocket_open": {
-          if (!allowedPorts().includes(control.port)) {
-            void pushEvent({
-              socketId: control.socketId,
-              type: "error",
-              error: "forward_port_not_allowed",
-            });
-            return;
-          }
-
-          openLocalWebSocket(control, sockets, pushEvent, "ws");
-          return;
-        }
-        case "forward_websocket_send": {
-          const socket = sockets.get(control.socketId);
-          if (socket === undefined || socket.readyState !== WebSocket.OPEN) {
-            void pushEvent({
-              socketId: control.socketId,
-              type: "error",
-              error: "websocket_not_open",
-            });
-            return;
-          }
-
-          const body = Buffer.from(control.bodyBase64, "base64");
-          switch (control.opcode) {
-            case "text":
-              socket.send(body.toString());
-              return;
-            case "binary":
-            case "ping":
-            case "pong":
-              socket.send(body);
-              return;
-          }
-        }
-        case "forward_websocket_close":
-          closeSocket(control.socketId);
-          return;
-      }
-    },
-    close: () => {
-      for (const socketId of sockets.keys()) {
-        closeSocket(socketId);
-      }
-    },
-  };
-}
-
-function openLocalWebSocket(
-  control: ForwardWebSocketOpenControl,
-  sockets: Map<string, WebSocket>,
-  pushEvent: (payload: JsonObject) => Promise<void | JsonValue>,
-  scheme: "ws" | "wss",
-): void {
-  let opened = false;
-  const url = localForwardUrl(
-    scheme === "ws" ? "http" : "https",
-    control.port,
-    control.path,
-    control.queryString,
-  ).replace(/^http/, scheme);
-  const protocols = webSocketProtocols(control.headers);
-  const websocket =
-    protocols === undefined ? new WebSocket(url) : new WebSocket(url, protocols);
-  sockets.set(control.socketId, websocket);
-  websocket.addEventListener("open", () => {
-    opened = true;
-    void pushEvent({ socketId: control.socketId, type: "open" });
-  });
-  websocket.addEventListener("message", (event) => {
-    const body =
-      typeof event.data === "string"
-        ? Buffer.from(event.data)
-        : Buffer.from(event.data as ArrayBuffer);
-    void pushEvent({
-      socketId: control.socketId,
-      type: "message",
-      opcode: typeof event.data === "string" ? "text" : "binary",
-      bodyBase64: body.toString("base64"),
-    });
-  });
-  websocket.addEventListener("close", (event) => {
-    sockets.delete(control.socketId);
-    void pushEvent({
-      socketId: control.socketId,
-      type: "close",
-      code: event.code,
-      reason: event.reason,
-    });
-  });
-  websocket.addEventListener("error", () => {
-    sockets.delete(control.socketId);
-    if (!opened && scheme === "ws") {
-      openLocalWebSocket(control, sockets, pushEvent, "wss");
-      return;
-    }
-
-    void pushEvent({
-      socketId: control.socketId,
-      type: "error",
-      error: "websocket_error",
-    });
-  });
-}
-
-function webSocketProtocols(headers: JsonValue | undefined): string[] | undefined {
-  if (!Array.isArray(headers)) {
-    return undefined;
-  }
-
-  const protocols = headers.flatMap(header => {
-    if (
-      !isWireHeader(header) ||
-      header.name.toLowerCase() !== "sec-websocket-protocol"
-    ) {
-      return [];
-    }
-
-    return header.value
-      .split(",")
-      .map(protocol => protocol.trim())
-      .filter(protocol => protocol !== "");
-  });
-
-  return protocols.length === 0 ? undefined : protocols;
-}
-
-function localForwardUrl(
-  scheme: "http" | "https",
-  port: number,
-  path: string,
-  queryString: string | undefined,
-): string {
-  const normalizedPath = path.startsWith("/") ? path : `/${path}`;
-  const url = new URL(`${scheme}://127.0.0.1:${port}${normalizedPath}`);
-
-  if (queryString !== undefined && queryString.trim() !== "") {
-    url.search = queryString;
-  }
-
-  return url.toString();
-}
-
-async function fetchWithHttpsFallback(
-  port: number,
-  path: string,
-  queryString: string | undefined,
-  request: RequestInit,
-): Promise<Response> {
-  try {
-    return await fetch(
-      localForwardUrl("http", port, path, queryString),
-      request,
-    );
-  } catch (httpError) {
-    try {
-      return await fetch(
-        localForwardUrl("https", port, path, queryString),
-        request,
-      );
-    } catch (_httpsError) {
-      throw httpError;
-    }
-  }
-}
-
-function requestBody(
-  control: ForwardHttpRequestControl,
-): RequestBodyDecision {
-  if (control.method === "GET" || control.method === "HEAD") {
-    return { ok: true, body: undefined };
-  }
-
-  if (control.bodyBase64 === undefined || control.bodyBase64 === "") {
-    return { ok: true, body: undefined };
-  }
-
-  const body = decodeBase64Body(control.bodyBase64);
-
-  if (body === undefined) {
-    return { ok: false, error: "invalid_forward_request" };
-  }
-
-  if (body.byteLength > maxForwardBodyBytes) {
-    return { ok: false, error: "forward_body_too_large" };
-  }
-
-  return { ok: true, body };
-}
-
-function decodeBase64Body(value: string): Uint8Array | undefined {
-  const normalized = value.trim();
-
-  if (
-    normalized.length % 4 === 1 ||
-    !/^[A-Za-z0-9+/]*={0,2}$/.test(normalized)
-  ) {
-    return undefined;
-  }
-
-  const body = Buffer.from(normalized, "base64");
-  const canonicalBody = body.toString("base64").replace(/=+$/, "");
-  const canonicalInput = normalized.replace(/=+$/, "");
-
-  return canonicalBody === canonicalInput ? body : undefined;
-}
-
-function requestHeaders(headers: JsonValue | undefined): Headers {
-  const result = new Headers();
-
-  if (!Array.isArray(headers)) {
-    return result;
-  }
-
-  for (const header of headers) {
-    if (isHeader(header)) {
-      result.set(header.name, header.value);
-    }
-  }
-
-  return result;
-}
-
-function responseHeaders(headers: Headers): JsonValue[] {
-  return Array.from(headers.entries())
-    .filter(([name]) => !blockedForwardHeaderNames.has(name.toLowerCase()))
-    .slice(0, 40)
-    .map(([name, value]) => ({ name, value }));
-}
-
-function patchForwardBody(path: string, headers: Headers, body: Buffer): Buffer {
-  if (!codeServerWorkbenchScript(path, headers)) {
-    return body;
-  }
-
-  return Buffer.from(
-    body
-      .toString("utf8")
-      .replace(
-        "message:h(3783,null,\"code-server\")",
-        "message:h(3783,null,\"Kandan\")",
-      ),
-  );
-}
-
-function prepareResponseBodyForChannel(
-  control: ForwardHttpRequestControl,
-  headers: Headers,
-  body: Buffer,
-): { readonly body: Buffer; readonly headers: JsonValue[] } {
-  const forwardedHeaders = responseHeaders(headers);
-
-  if (!shouldGzipResponse(control, headers, body)) {
-    return { body, headers: forwardedHeaders };
-  }
-
-  return {
-    body: gzipSync(body),
-    headers: [
-      ...forwardedHeaders,
-      { name: "content-encoding", value: "gzip" },
-      { name: "vary", value: "accept-encoding" },
-    ],
-  };
-}
-
-function shouldGzipResponse(
-  control: ForwardHttpRequestControl,
-  headers: Headers,
-  body: Buffer,
-): boolean {
-  if (
-    control.method === "HEAD" ||
-    body.byteLength < gzipForwardThresholdBytes ||
-    !clientAcceptsGzip(control.headers)
-  ) {
-    return false;
-  }
-
-  return compressibleResponse(control.path, headers);
-}
-
-function clientAcceptsGzip(headers: JsonValue | undefined): boolean {
-  if (!Array.isArray(headers)) {
-    return false;
-  }
-
-  return headers.some(
-    header =>
-      isWireHeader(header) &&
-      header.name.toLowerCase() === "accept-encoding" &&
-      header.value
-        .toLowerCase()
-        .split(",")
-        .map(value => value.trim())
-        .some(value => value === "gzip" || value.startsWith("gzip;")),
-  );
-}
-
-function compressibleResponse(path: string, headers: Headers): boolean {
-  const contentType = headers.get("content-type")?.toLowerCase() ?? "";
-
-  if (
-    contentType.startsWith("text/") ||
-    contentType.includes("javascript") ||
-    contentType.includes("json") ||
-    contentType.includes("xml")
-  ) {
-    return true;
-  }
-
-  return /\.(?:css|html|js|json|map|mjs|svg|txt)$/i.test(path);
-}
-
-function codeServerWorkbenchScript(path: string, headers: Headers): boolean {
-  return (
-    path.endsWith("/out/vs/code/browser/workbench/workbench.js") &&
-    (headers.get("content-type") ?? "").toLowerCase().includes("javascript")
-  );
-}
-
-function isHeader(
-  value: JsonValue,
-): value is { readonly name: string; readonly value: string } {
-  return (
-    isWireHeader(value) &&
-    !blockedForwardHeaderNames.has(value.name.toLowerCase())
-  );
-}
-
-function isWireHeader(
-  value: JsonValue,
-): value is { readonly name: string; readonly value: string } {
-  return (
-    isJsonObject(value) &&
-    typeof value.name === "string" &&
-    typeof value.value === "string"
-  );
-}
-
-function forwardError(
-  requestId: string,
-  error: string,
-): ForwardHttpResponsePayload {
-  return {
-    requestId,
-    ok: false,
-    error,
-  };
-}
-
-const blockedForwardHeaderNames = new Set([
-  "accept-encoding",
-  "connection",
-  "content-encoding",
-  "content-length",
-  "host",
-  "keep-alive",
-  "proxy-authenticate",
-  "proxy-authorization",
-  "te",
-  "trailer",
-  "transfer-encoding",
-  "upgrade",
-]);