@lobu/gateway 3.0.5 → 3.0.6

package/src/stores/redis-agent-store.ts

@@ -0,0 +1,279 @@
+import type {
+  AgentAccessStore,
+  AgentConfigStore,
+  AgentConnectionStore,
+  AgentMetadata,
+  AgentSettings,
+  ChannelBinding,
+  Grant,
+  StoredConnection,
+} from "@lobu/core";
+import type Redis from "ioredis";
+import type { AgentMetadataStore } from "../auth/agent-metadata-store";
+import type { AgentSettingsStore } from "../auth/settings";
+import type { ChannelBindingService } from "../channels";
+import type { GrantStore } from "../permissions/grant-store";
+import type { UserAgentsStore } from "../auth/user-agents-store";
+
+export class RedisAgentConfigStore implements AgentConfigStore {
+  constructor(
+    private readonly settingsStore: AgentSettingsStore,
+    private readonly metadataStore: AgentMetadataStore
+  ) {}
+
+  async getSettings(agentId: string): Promise<AgentSettings | null> {
+    return this.settingsStore.getSettings(agentId);
+  }
+
+  async saveSettings(agentId: string, settings: AgentSettings): Promise<void> {
+    await this.settingsStore.saveSettings(agentId, settings);
+  }
+
+  async updateSettings(
+    agentId: string,
+    updates: Partial<AgentSettings>
+  ): Promise<void> {
+    await this.settingsStore.updateSettings(agentId, updates);
+  }
+
+  async deleteSettings(agentId: string): Promise<void> {
+    await this.settingsStore.deleteSettings(agentId);
+  }
+
+  async hasSettings(agentId: string): Promise<boolean> {
+    return this.settingsStore.hasSettings(agentId);
+  }
+
+  async getMetadata(agentId: string): Promise<AgentMetadata | null> {
+    return this.metadataStore.getMetadata(agentId);
+  }
+
+  async saveMetadata(agentId: string, metadata: AgentMetadata): Promise<void> {
+    await this.metadataStore.createAgent(
+      agentId,
+      metadata.name,
+      metadata.owner.platform,
+      metadata.owner.userId,
+      {
+        description: metadata.description,
+        isWorkspaceAgent: metadata.isWorkspaceAgent,
+        workspaceId: metadata.workspaceId,
+        parentConnectionId: metadata.parentConnectionId,
+      }
+    );
+    if (metadata.lastUsedAt !== undefined) {
+      await this.metadataStore.updateMetadata(agentId, {
+        lastUsedAt: metadata.lastUsedAt,
+      });
+    }
+  }
+
+  async updateMetadata(
+    agentId: string,
+    updates: Partial<AgentMetadata>
+  ): Promise<void> {
+    await this.metadataStore.updateMetadata(agentId, updates);
+  }
+
+  async deleteMetadata(agentId: string): Promise<void> {
+    await this.metadataStore.deleteAgent(agentId);
+  }
+
+  async hasAgent(agentId: string): Promise<boolean> {
+    return this.metadataStore.hasAgent(agentId);
+  }
+
+  async listAgents(): Promise<AgentMetadata[]> {
+    return this.metadataStore.listAllAgents();
+  }
+
+  async listSandboxes(connectionId: string): Promise<AgentMetadata[]> {
+    return this.metadataStore.listSandboxes(connectionId);
+  }
+}
+
+export class RedisAgentConnectionStore implements AgentConnectionStore {
+  constructor(
+    private readonly redis: Redis,
+    private readonly channelBindingService: ChannelBindingService
+  ) {}
+
+  async getConnection(connectionId: string): Promise<StoredConnection | null> {
+    const raw = await this.redis.get(`connection:${connectionId}`);
+    return raw ? (JSON.parse(raw) as StoredConnection) : null;
+  }
+
+  async listConnections(filter?: {
+    templateAgentId?: string;
+    platform?: string;
+  }): Promise<StoredConnection[]> {
+    const ids = filter?.templateAgentId
+      ? await this.redis.smembers(`connections:agent:${filter.templateAgentId}`)
+      : await this.redis.smembers("connections:all");
+
+    const connections: StoredConnection[] = [];
+    for (const id of ids) {
+      const raw = await this.redis.get(`connection:${id}`);
+      if (!raw) continue;
+      const connection = JSON.parse(raw) as StoredConnection;
+      if (filter?.platform && connection.platform !== filter.platform) {
+        continue;
+      }
+      connections.push(connection);
+    }
+    return connections;
+  }
+
+  async saveConnection(connection: StoredConnection): Promise<void> {
+    const existing = await this.getConnection(connection.id);
+    await this.redis.set(
+      `connection:${connection.id}`,
+      JSON.stringify(connection)
+    );
+    await this.redis.sadd("connections:all", connection.id);
+
+    const previousTemplate = existing?.templateAgentId;
+    if (previousTemplate && previousTemplate !== connection.templateAgentId) {
+      await this.redis.srem(
+        `connections:agent:${previousTemplate}`,
+        connection.id
+      );
+    }
+    if (connection.templateAgentId) {
+      await this.redis.sadd(
+        `connections:agent:${connection.templateAgentId}`,
+        connection.id
+      );
+    }
+  }
+
+  async updateConnection(
+    connectionId: string,
+    updates: Partial<StoredConnection>
+  ): Promise<void> {
+    const existing = await this.getConnection(connectionId);
+    if (!existing) return;
+    await this.saveConnection({
+      ...existing,
+      ...updates,
+      id: connectionId,
+      updatedAt: Date.now(),
+    });
+  }
+
+  async deleteConnection(connectionId: string): Promise<void> {
+    const existing = await this.getConnection(connectionId);
+    await this.redis.del(`connection:${connectionId}`);
+    await this.redis.srem("connections:all", connectionId);
+    if (existing?.templateAgentId) {
+      await this.redis.srem(
+        `connections:agent:${existing.templateAgentId}`,
+        connectionId
+      );
+    }
+  }
+
+  async getChannelBinding(
+    platform: string,
+    channelId: string,
+    teamId?: string
+  ): Promise<ChannelBinding | null> {
+    return this.channelBindingService.getBinding(platform, channelId, teamId);
+  }
+
+  async createChannelBinding(binding: ChannelBinding): Promise<void> {
+    await this.channelBindingService.createBinding(
+      binding.agentId,
+      binding.platform,
+      binding.channelId,
+      binding.teamId
+    );
+  }
+
+  async deleteChannelBinding(
+    platform: string,
+    channelId: string,
+    teamId?: string
+  ): Promise<void> {
+    const existing = await this.channelBindingService.getBinding(
+      platform,
+      channelId,
+      teamId
+    );
+    if (!existing) return;
+    await this.channelBindingService.deleteBinding(
+      existing.agentId,
+      platform,
+      channelId,
+      teamId
+    );
+  }
+
+  async listChannelBindings(agentId: string): Promise<ChannelBinding[]> {
+    return this.channelBindingService.listBindings(agentId);
+  }
+
+  async deleteAllChannelBindings(agentId: string): Promise<number> {
+    return this.channelBindingService.deleteAllBindings(agentId);
+  }
+}
+
+export class RedisAgentAccessStore implements AgentAccessStore {
+  constructor(
+    private readonly grantStore: GrantStore,
+    private readonly userAgentsStore: UserAgentsStore
+  ) {}
+
+  async grant(
+    agentId: string,
+    pattern: string,
+    expiresAt: number | null,
+    denied?: boolean
+  ): Promise<void> {
+    await this.grantStore.grant(agentId, pattern, expiresAt, denied);
+  }
+
+  async hasGrant(agentId: string, pattern: string): Promise<boolean> {
+    return this.grantStore.hasGrant(agentId, pattern);
+  }
+
+  async isDenied(agentId: string, pattern: string): Promise<boolean> {
+    return this.grantStore.isDenied(agentId, pattern);
+  }
+
+  async listGrants(agentId: string): Promise<Grant[]> {
+    return this.grantStore.listGrants(agentId);
+  }
+
+  async revokeGrant(agentId: string, pattern: string): Promise<void> {
+    await this.grantStore.revoke(agentId, pattern);
+  }
+
+  async addUserAgent(
+    platform: string,
+    userId: string,
+    agentId: string
+  ): Promise<void> {
+    await this.userAgentsStore.addAgent(platform, userId, agentId);
+  }
+
+  async removeUserAgent(
+    platform: string,
+    userId: string,
+    agentId: string
+  ): Promise<void> {
+    await this.userAgentsStore.removeAgent(platform, userId, agentId);
+  }
+
+  async listUserAgents(platform: string, userId: string): Promise<string[]> {
+    return this.userAgentsStore.listAgents(platform, userId);
+  }
+
+  async ownsAgent(
+    platform: string,
+    userId: string,
+    agentId: string
+  ): Promise<boolean> {
+    return this.userAgentsStore.ownsAgent(platform, userId, agentId);
+  }
+}

package/src/utils/public-url.ts

@@ -0,0 +1,44 @@
+function normalizeBaseUrl(url: string): string {
+  return url.replace(/\/+$/, "");
+}
+
+function resolvePublicBaseUrl(options?: {
+  configuredUrl?: string;
+  requestUrl?: string;
+  forwardedProto?: string;
+  fallbackUrl?: string;
+}): string {
+  // Explicit configuredUrl always wins (caller knows best)
+  if (options?.configuredUrl) {
+    return normalizeBaseUrl(options.configuredUrl);
+  }
+
+  // When only requestUrl is provided, prefer it over the env default
+  // so OAuth redirects match the actual browser origin.
+  // Respect X-Forwarded-Proto for TLS-terminating proxies.
+  if (options?.requestUrl) {
+    const origin = new URL(options.requestUrl);
+    if (options.forwardedProto) {
+      const proto = options.forwardedProto.split(",")[0]?.trim().toLowerCase();
+      if (proto) origin.protocol = `${proto}:`;
+    }
+    return normalizeBaseUrl(origin.origin);
+  }
+
+  if (process.env.PUBLIC_GATEWAY_URL) {
+    return normalizeBaseUrl(process.env.PUBLIC_GATEWAY_URL);
+  }
+
+  return normalizeBaseUrl(options?.fallbackUrl || "http://localhost:8080");
+}
+
+export function resolvePublicUrl(
+  path: string,
+  options?: {
+    configuredUrl?: string;
+    requestUrl?: string;
+    fallbackUrl?: string;
+  }
+): string {
+  return new URL(path, `${resolvePublicBaseUrl(options)}/`).toString();
+}

package/src/utils/rate-limiter.ts

@@ -0,0 +1,94 @@
+export interface RedisRateLimitStore {
+  incr(key: string): Promise<number>;
+  expire(key: string, seconds: number): Promise<number>;
+  ttl?(key: string): Promise<number>;
+  del?(key: string): Promise<number>;
+}
+
+export interface FixedWindowRateLimitOptions {
+  key: string;
+  limit: number;
+  windowSeconds: number;
+}
+
+export interface FixedWindowRateLimitResult {
+  allowed: boolean;
+  count: number;
+  limit: number;
+  remaining: number;
+  retryAfterSeconds: number;
+  resetAt: number;
+}
+
+export class RedisFixedWindowRateLimiter {
+  constructor(private readonly redis: RedisRateLimitStore) {}
+
+  async consume(
+    options: FixedWindowRateLimitOptions
+  ): Promise<FixedWindowRateLimitResult> {
+    const count = await this.redis.incr(options.key);
+    if (count === 1) {
+      await this.redis.expire(options.key, options.windowSeconds);
+    }
+
+    const ttlSeconds = await this.getTtlSeconds(
+      options.key,
+      options.windowSeconds
+    );
+    return this.buildResult(options, count, ttlSeconds);
+  }
+
+  async reset(key: string): Promise<void> {
+    if (typeof this.redis.del === "function") {
+      await this.redis.del(key);
+    }
+  }
+
+  private async getTtlSeconds(
+    key: string,
+    windowSeconds: number
+  ): Promise<number> {
+    if (typeof this.redis.ttl !== "function") {
+      return windowSeconds;
+    }
+
+    const ttl = await this.redis.ttl(key);
+    if (ttl < 0) {
+      return windowSeconds;
+    }
+
+    return ttl;
+  }
+
+  private buildResult(
+    options: FixedWindowRateLimitOptions,
+    count: number,
+    ttlSeconds: number
+  ): FixedWindowRateLimitResult {
+    return {
+      allowed: count <= options.limit,
+      count,
+      limit: options.limit,
+      remaining: Math.max(0, options.limit - count),
+      retryAfterSeconds: Math.max(1, ttlSeconds),
+      resetAt: Date.now() + Math.max(1, ttlSeconds) * 1000,
+    };
+  }
+}
+
+export function getClientIp(headers: {
+  forwardedFor?: string;
+  realIp?: string;
+}): string {
+  const forwarded = headers.forwardedFor?.split(",")[0]?.trim().toLowerCase();
+  if (forwarded) {
+    return forwarded;
+  }
+
+  const realIp = headers.realIp?.trim().toLowerCase();
+  if (realIp) {
+    return realIp;
+  }
+
+  return "unknown";
+}

package/tsconfig.json

@@ -0,0 +1,33 @@
+{
+  "extends": "../../tsconfig.json",
+  "compilerOptions": {
+    "outDir": "dist",
+    "rootDir": "src",
+    "declaration": true,
+    "declarationMap": true,
+    "sourceMap": true,
+    "module": "commonjs",
+    "moduleResolution": "node",
+    "esModuleInterop": true,
+    "verbatimModuleSyntax": false,
+    "noEmit": false,
+    "allowImportingTsExtensions": false,
+    "downlevelIteration": true,
+    "target": "ES2017",
+    "skipLibCheck": true,
+    "noUnusedLocals": false,
+    "noUnusedParameters": false,
+    "composite": true
+  },
+  "include": ["src/**/*", "../core/src/deployment/base-deployment-manager.ts"],
+  "exclude": [
+    "dist",
+    "node_modules",
+    "**/*.test.ts",
+    "**/__tests__/**",
+    "src/routes/public/history-page/**/*.tsx",
+    "src/routes/public/agent-page/**/*.tsx",
+    "src/routes/public/agents-page/**/*.tsx"
+  ],
+  "references": [{ "path": "../core" }]
+}