@pylonsync/functions 0.3.274 → 0.3.276

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pylonsync/functions",
-  "version": "0.3.274",
+  "version": "0.3.276",
   "description": "TypeScript function runtime for pylon — defines server-side queries, mutations, and actions.",
   "type": "module",
   "main": "src/index.ts",

package/src/runtime.ts

@@ -40,9 +40,13 @@ import { join, basename } from "path";
 // consuming apps type-check this source under node/DOM where the `Bun` global
 // is absent — so declare the surface we touch (mirrors the ambient in
 // ssr-client-bundler.ts). Keeps `tsc` clean in a scaffolded app.
+interface BunFileSink {
+  write(chunk: string): number;
+  flush(): number | Promise<number>;
+}
 declare const Bun: {
   write(destination: unknown, input: string): Promise<number>;
-  stdout: unknown;
+  stdout: { writer(): BunFileSink };
   stderr: unknown;
   stdin: { stream(): ReadableStream<Uint8Array> };
 };
@@ -71,9 +75,27 @@ interface ResultMessage {
 // Send
 // ---------------------------------------------------------------------------
 
+// Protocol frames go through ONE FileSink over stdout. The old
+// `Bun.write(Bun.stdout, line)` returned an UNAWAITED promise, so once a
+// runner multiplexes concurrent calls (since the v0.3.259 runner change) two
+// handlers emitting frames larger than PIPE_BUF (~4KB) could race their
+// write() syscalls and interleave on stdout — the host's NDJSON reader then
+// failed to parse the corrupted line and dropped the frame, hanging the caller
+// to its timeout. A single sink appends every frame to one ordered buffer, so
+// writes can't interleave; `send` is the only stdout writer.
+let stdoutSink: BunFileSink | undefined;
 function send(msg: Record<string, unknown>): void {
   const line = JSON.stringify(msg) + "\n";
-  Bun.write(Bun.stdout, line);
+  if (!stdoutSink) stdoutSink = Bun.stdout.writer();
+  stdoutSink.write(line);
+  // flush() can return a Promise under pipe backpressure. The single sink
+  // already preserves frame order, so we don't await — just keep a flush
+  // error (e.g. EPIPE after the host exits) from becoming an unhandled
+  // rejection.
+  const flushed = stdoutSink.flush();
+  if (flushed && typeof (flushed as Promise<number>).then === "function") {
+    (flushed as Promise<number>).then(undefined, () => {});
+  }
 }
 
 /**

package/src/ssr-client-bundler.ts

@@ -910,12 +910,18 @@ async function _doBuildInner(
     // rather than an inline string in CLIENT_RUNTIME_SOURCE that nothing
     // could render. Bun pulls it into the shared chunk via the runtime's
     // static `import { createPylonBoundary } from "./client-boundary"`.
+    //
+    // Resolve THIS module's directory from the standard `import.meta.url`
+    // (via node:url) rather than Bun's `import.meta.dir` — the latter is a
+    // Bun-only extension that `tsc` doesn't know about, so any app that
+    // imports `@pylonsync/functions` and runs `tsc` would otherwise fail
+    // type-checking on this file. `import.meta.url` works in Bun and Node.
+    const urlMod: any = await import("node:url");
+    const fileURLToPath = urlMod.fileURLToPath ?? urlMod.default?.fileURLToPath;
+    const here = path.dirname(fileURLToPath(import.meta.url));
     fs.writeFileSync(
       path.join(stageDir, "client-boundary.ts"),
-      fs.readFileSync(
-        path.join(import.meta.dir, "ssr-client-boundary.ts"),
-        "utf8",
-      ),
+      fs.readFileSync(path.join(here, "ssr-client-boundary.ts"), "utf8"),
       "utf8",
     );
 

package/src/ssr-runtime.test.ts

@@ -11,6 +11,7 @@ import {
   buildHydrationTail,
   errorDigest,
   resolveOrigin,
+  isSafeRedirect,
   asRouteControl,
   PylonRouteControl,
 } from "./ssr-runtime";
@@ -284,6 +285,24 @@ describe("renderMetadata head-tag marking (client-nav sync)", () => {
     expect(titles[0].children).toEqual(["Hello"]);
   });
 
+  test("emits og:site_name when openGraph.siteName is set", () => {
+    const frag = renderMetadata(fakeReact, {
+      openGraph: { title: "OG", siteName: "Pylon" },
+    });
+    const metas: any[] = frag.children.filter((k: any) => k.type === "meta");
+    const siteName = metas.find((m) => m.props.property === "og:site_name");
+    expect(siteName).toBeDefined();
+    expect(siteName.props.content).toBe("Pylon");
+    // It's a head tag like the rest, so it must carry the nav-swap marker.
+    expect(siteName.props["data-pylon-meta"]).toBe("");
+  });
+
+  test("omits og:site_name when not provided", () => {
+    const frag = renderMetadata(fakeReact, { openGraph: { title: "OG" } });
+    const metas: any[] = frag.children.filter((k: any) => k.type === "meta");
+    expect(metas.some((m) => m.props.property === "og:site_name")).toBe(false);
+  });
+
   test("returns null when there's nothing to emit", () => {
     expect(renderMetadata(fakeReact, undefined)).toBeNull();
     expect(renderMetadata(fakeReact, {})).toBeNull();
@@ -431,3 +450,42 @@ describe("asRouteControl — route-control normalization (redirect/notFound)", (
     expect(asRouteControl("PYLON_NOT_FOUND")).toBeNull(); // a bare string, not an error
   });
 });
+
+describe("isSafeRedirect — open-redirect guard for response.redirect()", () => {
+  const trusted = {
+    publicUrl: "https://app.example.com",
+    trustedHostsCsv: "checkout.stripe.com, other.example.com",
+  };
+
+  test("allows same-site relative paths", () => {
+    expect(isSafeRedirect("/", trusted)).toBe(true);
+    expect(isSafeRedirect("/dashboard", trusted)).toBe(true);
+    expect(isSafeRedirect("/a/b?x=1#h", trusted)).toBe(true);
+    // %2F in a path stays a path segment (browsers don't change origin on it).
+    expect(isSafeRedirect("/%2F%2Fevil.com", trusted)).toBe(true);
+  });
+
+  test("rejects the classic open-redirect vectors", () => {
+    expect(isSafeRedirect("//evil.com", trusted)).toBe(false); // protocol-relative
+    expect(isSafeRedirect("/\\evil.com", trusted)).toBe(false); // backslash trick
+    expect(isSafeRedirect("\\/evil.com", trusted)).toBe(false);
+    expect(isSafeRedirect("https://evil.com", trusted)).toBe(false); // other origin
+    expect(isSafeRedirect("https://evil.com/path", trusted)).toBe(false);
+    expect(isSafeRedirect("javascript:alert(1)", trusted)).toBe(false);
+    expect(isSafeRedirect("data:text/html,x", trusted)).toBe(false);
+    expect(isSafeRedirect("dashboard", trusted)).toBe(false); // bare-relative → reject
+  });
+
+  test("allows absolute URLs to a trusted host (public origin / PYLON_TRUSTED_HOSTS / loopback)", () => {
+    expect(isSafeRedirect("https://app.example.com/next", trusted)).toBe(true);
+    expect(isSafeRedirect("https://checkout.stripe.com/pay/abc", trusted)).toBe(true);
+    expect(isSafeRedirect("http://localhost:3000/x", trusted)).toBe(true);
+    expect(isSafeRedirect("http://127.0.0.1/x", trusted)).toBe(true);
+  });
+
+  test("with no trusted config, only relative paths + loopback are allowed", () => {
+    expect(isSafeRedirect("/ok", {})).toBe(true);
+    expect(isSafeRedirect("http://localhost/x", {})).toBe(true);
+    expect(isSafeRedirect("https://app.example.com/x", {})).toBe(false);
+  });
+});

package/src/ssr-runtime.ts

@@ -264,6 +264,24 @@ export function makeResponseController(
       if (!Number.isInteger(status) || status < 300 || status > 399) {
         throw new Error(`pylon ssr: redirect() status must be 3xx, got ${status}`);
       }
+      // SECURITY: refuse open redirects. A relative path or a trusted-host
+      // absolute is fine; anything else (//evil.com, https://evil.com,
+      // javascript:, …) throws — surfaced as a render error, never a silent
+      // off-site redirect from `redirect(request-derived-url)`.
+      const env = (globalThis as any).process?.env ?? {};
+      if (
+        !isSafeRedirect(url, {
+          publicUrl: env.PYLON_PUBLIC_URL,
+          canonicalHost: env.PYLON_CANONICAL_HOST,
+          trustedHostsCsv: env.PYLON_TRUSTED_HOSTS,
+        })
+      ) {
+        throw new Error(
+          `pylon ssr: redirect() refused an untrusted target ${JSON.stringify(url)} — ` +
+            `use a same-site path (e.g. "/dashboard") or add the host to ` +
+            `PYLON_TRUSTED_HOSTS. (Refusing to emit an open redirect.)`,
+        );
+      }
       const e = new PylonRouteControl("redirect");
       e.url = url;
       e.redirectStatus = status;
@@ -339,6 +357,9 @@ export interface SsrMetadata {
     imageAlt?: string;
     url?: string;
     type?: string;
+    /** `og:site_name` — the brand the page belongs to (e.g. "Pylon").
+     *  Discord and other unfurlers show this above the title. */
+    siteName?: string;
   };
   twitter?: {
     card?: string;
@@ -399,6 +420,7 @@ export function renderMetadata(React: any, m: SsrMetadata | undefined): any {
     }
     if (og.url) kids.push(el("meta", { key: "ogu", property: "og:url", content: og.url }));
     if (og.type) kids.push(el("meta", { key: "ogy", property: "og:type", content: og.type }));
+    if (og.siteName) kids.push(el("meta", { key: "ogsn", property: "og:site_name", content: og.siteName }));
   }
   const tw = m.twitter;
   if (tw) {
@@ -700,6 +722,47 @@ function resolveRequestOrigin(headers: Record<string, string> | undefined): stri
   });
 }
 
+/** SECURITY: validate a `response.redirect()` target to prevent OPEN REDIRECTS.
+ *  Mirrors the OAuth-layer `validate_trusted_redirect` (crates/auth). A relative
+ *  same-site path is always allowed; an absolute URL only when it's http(s) to a
+ *  trusted host — the app's public/canonical origin, a `PYLON_TRUSTED_HOSTS`
+ *  entry, or loopback. Everything else is rejected: protocol-relative
+ *  `//evil.com`, backslash tricks (`/\evil.com` — browsers normalize `\`→`/`),
+ *  other-origin absolutes, and `javascript:`/`data:` schemes. So the natural
+ *  `response.redirect(searchParams.get("next"))` can't be turned into an
+ *  off-site redirect by attacker-supplied input. Exported for tests. */
+export function isSafeRedirect(
+  url: string,
+  opts: { publicUrl?: string; canonicalHost?: string; trustedHostsCsv?: string },
+): boolean {
+  // Relative same-site path: exactly one leading slash. Reject protocol-
+  // relative (`//host`) and backslash variants that resolve cross-origin.
+  if (url.startsWith("/")) {
+    return url.length < 2 || (url[1] !== "/" && url[1] !== "\\");
+  }
+  if (url.startsWith("\\")) return false; // `\\host` / `\/host`
+  // Absolute: only http(s) to a trusted host. A bare-relative ("dashboard"),
+  // opaque, or unparseable target throws here → rejected (fail closed).
+  let parsed: URL;
+  try {
+    parsed = new URL(url);
+  } catch {
+    return false;
+  }
+  if (parsed.protocol !== "http:" && parsed.protocol !== "https:") return false;
+  const host = parsed.host.toLowerCase();
+  if (LOOPBACK_HOST.test(host)) return true;
+  const allow = new Set<string>();
+  const add = (v: string) => {
+    const h = hostOf(v);
+    if (h) allow.add(h);
+  };
+  add(opts.publicUrl || "");
+  add(opts.canonicalHost || "");
+  for (const x of (opts.trustedHostsCsv || "").split(",")) add(x);
+  return allow.has(host);
+}
+
 /** Merge auto-discovered social-card images into a page's metadata. An
  *  explicit `openGraph.image` / `twitter.image` always wins; otherwise a
  *  colocated `opengraph-image.*` (and `twitter-image.*`, falling back to

package/src/types.ts

@@ -293,6 +293,14 @@ export interface Scheduler {
  * webhook). Available on action ctx only — sending email is external
  * I/O, not allowed in mutation transactions.
  *
+ * This is the APP email channel (`PYLON_EMAIL_*`): arbitrary recipient
+ * and body, so it must be the app's own provider. It is deliberately
+ * separate from Pylon's built-in auth emails (codes / password reset /
+ * invitations), which send via a `PYLON_AUTH_EMAIL_*` channel. On Pylon
+ * Cloud the auth channel may be a shared, locked-down platform key, so
+ * `ctx.email` stays inert until you set `PYLON_EMAIL_*` yourself — the
+ * shared auth key can never be used to send arbitrary mail.
+ *
  * The runtime owns provider config + credentials; functions only
  * supply the (to, subject, body) tuple. Failures are surfaced as
  * thrown errors; on success the return is void.