@promptbook/remote-server 0.85.0-9 → 0.85.0

package/README.md

@@ -24,10 +24,6 @@
 
 
 
-<blockquote style="color: #ff8811">
-    <b>⚠ Warning:</b> This is a pre-release version of the library. It is not yet ready for production use. Please look at <a href="https://www.npmjs.com/package/@promptbook/core?activeTab=versions">latest stable release</a>.
-</blockquote>
-
 ## 📦 Package `@promptbook/remote-server`
 
 - Promptbooks are [divided into several](#-packages) packages, all are published from [single monorepo](https://github.com/webgptorg/promptbook).

package/esm/index.es.js

@@ -31,7 +31,7 @@ var BOOK_LANGUAGE_VERSION = '1.0.0';
  * @generated
  * @see https://github.com/webgptorg/promptbook
  */
-var PROMPTBOOK_ENGINE_VERSION = '0.85.0-8';
+var PROMPTBOOK_ENGINE_VERSION = '0.85.0-16';
 /**
  * TODO: string_promptbook_version should be constrained to the all versions of Promptbook engine
  * Note: [💞] Ignore a discrepancy between file name and entity name
@@ -1491,57 +1491,6 @@ function isValidPromptbookVersion(version) {
     return true;
 }
 
-/**
- * Checks if an URL is reserved for private networks or localhost.
- *
- * Note: There are two simmilar functions:
- * - `isUrlOnPrivateNetwork` which tests full URL
- * - `isHostnameOnPrivateNetwork` *(this one)* which tests just hostname
- *
- * @public exported from `@promptbook/utils`
- */
-function isHostnameOnPrivateNetwork(hostname) {
-    if (hostname === 'example.com' ||
-        hostname === 'localhost' ||
-        hostname.endsWith('.localhost') ||
-        hostname.endsWith('.local') ||
-        hostname.endsWith('.test') ||
-        hostname === '127.0.0.1' ||
-        hostname === '::1') {
-        return true;
-    }
-    if (hostname.includes(':')) {
-        // IPv6
-        var ipParts = hostname.split(':');
-        return ipParts[0] === 'fc00' || ipParts[0] === 'fd00' || ipParts[0] === 'fe80';
-    }
-    else {
-        // IPv4
-        var ipParts = hostname.split('.').map(function (part) { return Number.parseInt(part, 10); });
-        return (ipParts[0] === 10 ||
-            (ipParts[0] === 172 && ipParts[1] >= 16 && ipParts[1] <= 31) ||
-            (ipParts[0] === 192 && ipParts[1] === 168));
-    }
-}
-
-/**
- * Checks if an IP address or hostname is reserved for private networks or localhost.
- *
- * Note: There are two simmilar functions:
- * - `isUrlOnPrivateNetwork` *(this one)* which tests full URL
- * - `isHostnameOnPrivateNetwork` which tests just hostname
- *
- * @param {string} ipAddress - The IP address to check.
- * @returns {boolean} Returns true if the IP address is reserved for private networks or localhost, otherwise false.
- * @public exported from `@promptbook/utils`
- */
-function isUrlOnPrivateNetwork(url) {
-    if (typeof url === 'string') {
-        url = new URL(url);
-    }
-    return isHostnameOnPrivateNetwork(url.hostname);
-}
-
 /**
  * Tests if given string is valid URL.
  *
@@ -1584,16 +1533,19 @@ function isValidPipelineUrl(url) {
     if (!isValidUrl(url)) {
         return false;
     }
-    if (!url.startsWith('https://')) {
+    if (!url.startsWith('https://') && !url.startsWith('http://') /* <- Note: [👣] */) {
         return false;
     }
     if (url.includes('#')) {
         // TODO: [🐠]
         return false;
     }
+    /*
+    Note: [👣][🧠] Is it secure to allow pipeline URLs on private and unsecured networks?
     if (isUrlOnPrivateNetwork(url)) {
         return false;
     }
+    */
     return true;
 }
 /**
@@ -7017,6 +6969,46 @@ function startRemoteServer(options) {
             }
         });
     }); });
+    // TODO: [🧠] Is it secure / good idea to expose source codes of hosted books
+    app.get("".concat(rootPath, "/books/*"), function (request, response) { return __awaiter(_this, void 0, void 0, function () {
+        var pipelines, fullUrl, pipelineUrl, pipeline, source, error_1;
+        return __generator(this, function (_a) {
+            switch (_a.label) {
+                case 0:
+                    _a.trys.push([0, 3, , 4]);
+                    if (collection === null) {
+                        response.status(500).send('No collection nor books available');
+                        return [2 /*return*/];
+                    }
+                    return [4 /*yield*/, collection.listPipelines()];
+                case 1:
+                    pipelines = _a.sent();
+                    fullUrl = request.protocol + '://' + request.get('host') + request.originalUrl;
+                    pipelineUrl = pipelines.find(function (pipelineUrl) { return pipelineUrl.endsWith(request.originalUrl); }) || fullUrl;
+                    return [4 /*yield*/, collection.getPipelineByUrl(pipelineUrl)];
+                case 2:
+                    pipeline = _a.sent();
+                    source = pipeline.sources[0];
+                    if (source === undefined || source.type !== 'BOOK') {
+                        throw new Error('Pipeline source is not a book');
+                    }
+                    response
+                        .type('text/markdown')
+                        .send(source.content);
+                    return [3 /*break*/, 4];
+                case 3:
+                    error_1 = _a.sent();
+                    if (!(error_1 instanceof Error)) {
+                        throw error_1;
+                    }
+                    response
+                        .status(404)
+                        .send({ error: serializeError(error_1) });
+                    return [3 /*break*/, 4];
+                case 4: return [2 /*return*/];
+            }
+        });
+    }); });
     app.get("".concat(rootPath, "/executions"), function (request, response) { return __awaiter(_this, void 0, void 0, function () {
         return __generator(this, function (_a) {
             response.send(runningExecutionTasks);
@@ -7029,7 +7021,9 @@ function startRemoteServer(options) {
             taskId = request.params.taskId;
             execution = runningExecutionTasks.find(function (executionTask) { return executionTask.taskId === taskId; });
             if (execution === undefined) {
-                response.status(404).send("Execution \"".concat(taskId, "\" not found"));
+                response
+                    .status(404)
+                    .send("Execution \"".concat(taskId, "\" not found"));
                 return [2 /*return*/];
             }
             response.send(execution.currentValue);
@@ -7037,7 +7031,7 @@ function startRemoteServer(options) {
         });
     }); });
     app.post("".concat(rootPath, "/executions/new"), function (request, response) { return __awaiter(_this, void 0, void 0, function () {
-        var _a, inputParameters, identification, pipelineUrl, pipeline, tools, pipelineExecutor, executionTask, error_1;
+        var _a, inputParameters, identification, pipelineUrl, pipeline, tools, pipelineExecutor, executionTask, error_2;
         return __generator(this, function (_b) {
             switch (_b.label) {
                 case 0:
@@ -7065,11 +7059,11 @@ function startRemoteServer(options) {
                     response.send(executionTask);
                     return [3 /*break*/, 5];
                 case 4:
-                    error_1 = _b.sent();
-                    if (!(error_1 instanceof Error)) {
-                        throw error_1;
+                    error_2 = _b.sent();
+                    if (!(error_2 instanceof Error)) {
+                        throw error_2;
                     }
-                    response.status(400).send({ error: serializeError(error_1) });
+                    response.status(400).send({ error: serializeError(error_2) });
                     return [3 /*break*/, 5];
                 case 5: return [2 /*return*/];
             }
@@ -7090,7 +7084,7 @@ function startRemoteServer(options) {
         }
         // -----------
         socket.on('prompt-request', function (request) { return __awaiter(_this, void 0, void 0, function () {
-            var identification, prompt, tools, llm, _a, promptResult, _b, error_2;
+            var identification, prompt, tools, llm, _a, promptResult, _b, error_3;
             return __generator(this, function (_c) {
                 switch (_c.label) {
                     case 0:
@@ -7159,11 +7153,11 @@ function startRemoteServer(options) {
                         socket.emit('prompt-response', { promptResult: promptResult } /* <- Note: [🤛] */);
                         return [3 /*break*/, 15];
                     case 13:
-                        error_2 = _c.sent();
-                        if (!(error_2 instanceof Error)) {
-                            throw error_2;
+                        error_3 = _c.sent();
+                        if (!(error_3 instanceof Error)) {
+                            throw error_3;
                         }
-                        socket.emit('error', serializeError(error_2) /* <- Note: [🤛] */);
+                        socket.emit('error', serializeError(error_3) /* <- Note: [🤛] */);
                         return [3 /*break*/, 15];
                     case 14:
                         socket.disconnect();
@@ -7175,7 +7169,7 @@ function startRemoteServer(options) {
         // -----------
         // TODO: [👒] Listing models (and checking configuration) probbably should go through REST API not Socket.io
         socket.on('listModels-request', function (request) { return __awaiter(_this, void 0, void 0, function () {
-            var identification, tools, llm, models, error_3;
+            var identification, tools, llm, models, error_4;
             return __generator(this, function (_a) {
                 switch (_a.label) {
                     case 0:
@@ -7196,11 +7190,11 @@ function startRemoteServer(options) {
                         socket.emit('listModels-response', { models: models } /* <- Note: [🤛] */);
                         return [3 /*break*/, 6];
                     case 4:
-                        error_3 = _a.sent();
-                        if (!(error_3 instanceof Error)) {
-                            throw error_3;
+                        error_4 = _a.sent();
+                        if (!(error_4 instanceof Error)) {
+                            throw error_4;
                         }
-                        socket.emit('error', serializeError(error_3));
+                        socket.emit('error', serializeError(error_4));
                         return [3 /*break*/, 6];
                     case 5:
                         socket.disconnect();
@@ -7212,7 +7206,7 @@ function startRemoteServer(options) {
         // -----------
         // TODO: [👒] Listing models (and checking configuration) probbably should go through REST API not Socket.io
         socket.on('preparePipeline-request', function (request) { return __awaiter(_this, void 0, void 0, function () {
-            var identification, pipeline, tools, preparedPipeline, error_4;
+            var identification, pipeline, tools, preparedPipeline, error_5;
             return __generator(this, function (_a) {
                 switch (_a.label) {
                     case 0:
@@ -7232,11 +7226,11 @@ function startRemoteServer(options) {
                         socket.emit('preparePipeline-response', { preparedPipeline: preparedPipeline } /* <- Note: [🤛] */);
                         return [3 /*break*/, 6];
                     case 4:
-                        error_4 = _a.sent();
-                        if (!(error_4 instanceof Error)) {
-                            throw error_4;
+                        error_5 = _a.sent();
+                        if (!(error_5 instanceof Error)) {
+                            throw error_5;
                         }
-                        socket.emit('error', serializeError(error_4));
+                        socket.emit('error', serializeError(error_5));
                         return [3 /*break*/, 6];
                     case 5:
                         socket.disconnect();