npm - @neuralnomads/codenomad-dev - Versions diffs - 0.14.0-dev-20260418-e022a158 → 0.14.0-dev-20260420-04fc28c4 - Mend

@neuralnomads/codenomad-dev 0.14.0-dev-20260418-e022a158 → 0.14.0-dev-20260420-04fc28c4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

package/dist/index.js CHANGED Viewed

@@ -20,6 +20,7 @@ import { launchInBrowser } from "./launcher";
 import { resolveUi } from "./ui/remote-ui";
 import { AuthManager, BOOTSTRAP_TOKEN_STDOUT_PREFIX, DEFAULT_AUTH_COOKIE_NAME, DEFAULT_AUTH_USERNAME } from "./auth/manager";
 import { resolveHttpsOptions } from "./server/tls";
+import { RemoteProxySessionManager } from "./server/remote-proxy";
 import { resolveNetworkAddresses, resolveRemoteAddresses } from "./server/network-addresses";
 import { startDevReleaseMonitor } from "./releases/dev-release-monitor";
 import { SpeechService } from "./speech/service";
@@ -262,12 +263,14 @@ async function main() {
             },
         })
         : null;
-    if (uiResolution.uiDevServerUrl && options.https) {
-        throw new InvalidArgumentError("UI dev proxy is only supported with --https=false --http=true");
-    }
     const remoteAccessEnabled = options.host === "0.0.0.0" || !isLoopbackHost(options.host);
     const clientConnectionManager = new ClientConnectionManager(logger.child({ component: "client-connections" }));
     const pluginChannel = new PluginChannelManager(logger.child({ component: "plugin-channel" }));
+    const remoteProxySessionManager = new RemoteProxySessionManager({
+        authManager,
+        logger: logger.child({ component: "remote-proxy" }),
+        httpsOptions: tlsResolution?.httpsOptions,
+    });
     const voiceModeManager = new VoiceModeManager({
         connections: clientConnectionManager,
         channel: pluginChannel,
@@ -302,6 +305,7 @@ async function main() {
             clientConnectionManager,
             pluginChannel,
             voiceModeManager,
+            remoteProxySessionManager,
             uiStaticDir: uiResolution.uiStaticDir ?? DEFAULT_UI_STATIC_DIR,
             uiDevServerUrl: uiResolution.uiDevServerUrl,
             logger,
@@ -326,6 +330,7 @@ async function main() {
             clientConnectionManager,
             pluginChannel,
             voiceModeManager,
+            remoteProxySessionManager,
             uiStaticDir: uiResolution.uiStaticDir ?? DEFAULT_UI_STATIC_DIR,
             uiDevServerUrl: undefined,
             logger,

package/dist/server/__tests__/remote-proxy.test.js ADDED Viewed

@@ -0,0 +1,204 @@
+import assert from "node:assert/strict";
+import { after, afterEach, describe, it } from "node:test";
+import fs from "node:fs";
+import http from "node:http";
+import os from "node:os";
+import path from "node:path";
+import { Agent, fetch } from "undici";
+import { RemoteProxySessionManager } from "../remote-proxy";
+import { resolveHttpsOptions } from "../tls";
+const sharedTempDir = fs.mkdtempSync(path.join(os.tmpdir(), "codenomad-remote-proxy-test-"));
+const sharedTls = resolveHttpsOptions({
+    enabled: true,
+    configDir: sharedTempDir,
+    host: "127.0.0.1",
+    logger: createStubLogger(),
+});
+if (!sharedTls) {
+    throw new Error("Failed to generate HTTPS options for remote proxy tests");
+}
+const sharedHttpsOptions = sharedTls.httpsOptions;
+const httpsDispatcher = new Agent({ connect: { rejectUnauthorized: false } });
+const managers = new Set();
+afterEach(async () => {
+    for (const manager of managers) {
+        await disposeManager(manager);
+    }
+    managers.clear();
+});
+after(() => {
+    fs.rmSync(sharedTempDir, { recursive: true, force: true });
+    httpsDispatcher.close().catch(() => { });
+});
+describe("RemoteProxySessionManager", () => {
+    it("blocks proxying before activation and keeps bootstrap tokens scoped per session", async () => {
+        await withUpstreamServer(async (upstreamBaseUrl) => {
+            const manager = createSessionManager();
+            const session1 = await createSession(manager, `${upstreamBaseUrl}/base`);
+            const session2 = await createSession(manager, `${upstreamBaseUrl}/base`);
+            const blocked = await proxyFetch(`${session1.proxyOrigin}/status`);
+            assert.equal(blocked.status, 403);
+            const wrongTokenResponse = await proxyFetch(`${session1.proxyOrigin}/__codenomad/api/auth/token`, {
+                method: "POST",
+                headers: { "content-type": "application/json" },
+                body: JSON.stringify({ token: session2.token }),
+            });
+            assert.equal(wrongTokenResponse.status, 401);
+            assert.equal(await activateSession(session1), true);
+            assert.equal(await activateSession(session2), true);
+        }, (req, res) => {
+            res.writeHead(200, { "content-type": "text/plain" });
+            res.end(req.url ?? "");
+        });
+    });
+    it("preserves remote base paths and rewrites same-origin redirects to the local proxy origin", async () => {
+        await withUpstreamServer(async (upstreamBaseUrl) => {
+            const manager = createSessionManager();
+            const session = await createSession(manager, `${upstreamBaseUrl}/base`);
+            await activateSession(session);
+            const apiResponse = await proxyFetch(`${session.proxyOrigin}/api/auth/status?foo=bar`);
+            assert.equal(apiResponse.status, 200);
+            assert.equal(await apiResponse.text(), "/base/api/auth/status?foo=bar");
+            const redirectResponse = await proxyFetch(`${session.proxyOrigin}/redirect`, { redirect: "manual" });
+            assert.equal(redirectResponse.status, 302);
+            assert.equal(redirectResponse.headers.get("location"), `${session.proxyOrigin}/base/after?ok=1`);
+        }, (req, res) => {
+            const requestUrl = req.url ?? "";
+            if (requestUrl === "/base/redirect") {
+                res.writeHead(302, { location: "/base/after?ok=1" });
+                res.end();
+                return;
+            }
+            res.writeHead(200, { "content-type": "text/plain" });
+            res.end(requestUrl);
+        });
+    });
+    it("rewrites set-cookie names for the proxy and restores cookie names on proxied requests", async () => {
+        await withUpstreamServer(async (upstreamBaseUrl) => {
+            const manager = createSessionManager();
+            const session = await createSession(manager, `${upstreamBaseUrl}/base`);
+            await activateSession(session);
+            const loginResponse = await proxyFetch(`${session.proxyOrigin}/login`);
+            assert.equal(loginResponse.status, 200);
+            const setCookie = getSetCookie(loginResponse)[0];
+            assert.match(setCookie, /^cnrp_[0-9a-f]+_session=abc123/i);
+            assert.doesNotMatch(setCookie, /domain=/i);
+            const cookieHeader = setCookie.split(";", 1)[0];
+            const whoamiResponse = await proxyFetch(`${session.proxyOrigin}/whoami`, {
+                headers: { cookie: cookieHeader },
+            });
+            assert.equal(await whoamiResponse.text(), "session=abc123");
+        }, (req, res) => {
+            const requestUrl = req.url ?? "";
+            if (requestUrl === "/base/login") {
+                res.writeHead(200, {
+                    "content-type": "text/plain",
+                    "set-cookie": "session=abc123; Path=/; Secure; HttpOnly; Domain=127.0.0.1",
+                });
+                res.end("ok");
+                return;
+            }
+            if (requestUrl === "/base/whoami") {
+                res.writeHead(200, { "content-type": "text/plain" });
+                res.end(req.headers.cookie ?? "");
+                return;
+            }
+            res.writeHead(404, { "content-type": "text/plain" });
+            res.end(requestUrl);
+        });
+    });
+    it("supports explicit deletion and idle cleanup of sessions", async () => {
+        await withUpstreamServer(async (upstreamBaseUrl) => {
+            const manager = createSessionManager();
+            const session = await createSession(manager, `${upstreamBaseUrl}/base`);
+            assert.equal(await manager.deleteSession(session.sessionId), true);
+            assert.equal(await manager.deleteSession(session.sessionId), false);
+            const session3 = await createSession(manager, `${upstreamBaseUrl}/base`);
+            const internalSessions = manager.sessions;
+            const internalCleanup = manager.cleanupExpiredSessions;
+            internalSessions.get(session3.sessionId).lastAccessAt = Date.now() - 31 * 60000;
+            await internalCleanup.call(manager);
+            assert.equal(internalSessions.has(session3.sessionId), false);
+            assert.equal(await manager.deleteSession(session3.sessionId), false);
+        }, (_req, res) => {
+            res.writeHead(200, { "content-type": "text/plain" });
+            res.end("ok");
+        });
+    });
+});
+function createSessionManager() {
+    const manager = new RemoteProxySessionManager({
+        authManager: {
+            isLoopbackRequest: () => true,
+        },
+        logger: createStubLogger(),
+        httpsOptions: sharedHttpsOptions,
+    });
+    managers.add(manager);
+    return manager;
+}
+async function createSession(manager, baseUrl) {
+    const created = await manager.createSession(baseUrl, false);
+    const windowUrl = new URL(created.windowUrl);
+    return {
+        sessionId: created.sessionId,
+        windowUrl,
+        proxyOrigin: windowUrl.origin,
+        token: decodeURIComponent(windowUrl.hash.replace(/^#/, "")),
+    };
+}
+async function activateSession(session) {
+    const response = await proxyFetch(`${session.proxyOrigin}/__codenomad/api/auth/token`, {
+        method: "POST",
+        headers: { "content-type": "application/json" },
+        body: JSON.stringify({ token: session.token }),
+    });
+    if (!response.ok) {
+        return false;
+    }
+    const body = (await response.json());
+    return body.ok === true;
+}
+function getSetCookie(response) {
+    const values = response.headers.getSetCookie?.();
+    if (Array.isArray(values) && values.length > 0) {
+        return values;
+    }
+    const fallback = response.headers.get("set-cookie");
+    return fallback ? [fallback] : [];
+}
+async function proxyFetch(url, init) {
+    return fetch(url, { dispatcher: httpsDispatcher, ...init });
+}
+async function disposeManager(manager) {
+    const sessions = Array.from(manager.sessions.keys());
+    for (const sessionId of sessions) {
+        await manager.deleteSession(sessionId);
+    }
+    clearInterval(manager.cleanupTimer);
+}
+async function withUpstreamServer(callback, handler) {
+    const server = http.createServer(handler);
+    await new Promise((resolve) => server.listen(0, "127.0.0.1", () => resolve()));
+    try {
+        const address = server.address();
+        if (!address || typeof address === "string") {
+            throw new Error("Failed to resolve upstream server address");
+        }
+        await callback(`http://127.0.0.1:${address.port}`);
+    }
+    finally {
+        await new Promise((resolve, reject) => server.close((error) => (error ? reject(error) : resolve())));
+    }
+}
+function createStubLogger() {
+    const logger = {
+        info() { },
+        warn() { },
+        error() { },
+        child() {
+            return logger;
+        },
+    };
+    return logger;
+}

package/dist/server/http-server.js CHANGED Viewed

@@ -20,6 +20,7 @@ import { registerBackgroundProcessRoutes } from "./routes/background-processes";
 import { registerWorktreeRoutes } from "./routes/worktrees";
 import { registerSpeechRoutes } from "./routes/speech";
 import { registerRemoteServerRoutes } from "./routes/remote-servers";
+import { registerRemoteProxyRoutes } from "./routes/remote-proxy";
 import { registerSideCarRoutes } from "./routes/sidecars";
 import { BackgroundProcessManager } from "../background-processes/manager";
 import { registerAuthRoutes } from "./routes/auth";
@@ -139,7 +140,10 @@ export function createHttpServer(deps) {
         if (deps.authManager.isTokenBootstrapEnabled()) {
             publicPagePaths.add("/auth/token");
         }
-        if (publicApiPaths.has(pathname) || publicPagePaths.has(pathname)) {
+        const isLoopbackRemoteProxyDelete = request.method === "DELETE" &&
+            pathname.startsWith("/api/remote-proxy/sessions/") &&
+            deps.authManager.isLoopbackRequest(request);
+        if (publicApiPaths.has(pathname) || publicPagePaths.has(pathname) || isLoopbackRemoteProxyDelete) {
             done();
             return;
         }
@@ -203,6 +207,7 @@ export function createHttpServer(deps) {
         workspaceManager: deps.workspaceManager,
     });
     registerRemoteServerRoutes(app, { logger: apiLogger });
+    registerRemoteProxyRoutes(app, { logger: proxyLogger, sessionManager: deps.remoteProxySessionManager });
     registerSpeechRoutes(app, { speechService: deps.speechService });
     registerSideCarRoutes(app, { sidecarManager: deps.sidecarManager });
     registerSideCarProxyRoutes(app, { sidecarManager: deps.sidecarManager, logger: proxyLogger });