@reddb-io/client 1.9.1 → 1.10.0

package/index.browser.d.ts

@@ -13,10 +13,10 @@
  *   - It omits `splitNdjson()` (a `node:stream` `Transform`), which has no
  *     browser counterpart.
  *
- * `connect()` only reaches `http(s)://` from a browser; `grpc(s)://`,
- * `red(s)://`, and `pg` throw `RedDBError` with code
- * `'BROWSER_TRANSPORT_UNSUPPORTED'`, and embedded URIs throw
- * `EmbeddedNotSupported`.
+ * `connect()` reaches `http(s)://` and `red+wss://` (RedWire-over-binary-
+ * WebSocket, #937) from a browser; `grpc(s)://`, `red(s)://`, and `pg`
+ * throw `RedDBError` with code `'BROWSER_TRANSPORT_UNSUPPORTED'`, and
+ * embedded URIs throw `EmbeddedNotSupported`.
  */
 
 export type AuthOptions =
@@ -422,7 +422,8 @@ export class RedDB {
 /**
  * Connect to a remote RedDB instance from a browser.
  *
- * Only `http://host:port` / `https://host:port` are reachable from a browser
+ * `http://host:port`, `https://host:port`, and `red+wss://host:port`
+ * (RedWire-over-binary-WebSocket, #937) are reachable from a browser
  * sandbox. `grpc(s)://`, `red(s)://`, and `pg` throw `RedDBError` with code
  * `'BROWSER_TRANSPORT_UNSUPPORTED'`. Embedded URIs (`memory://`, `memory:`,
  * `file:///path`, `red:///`, `red://:memory[:]`) throw `EmbeddedNotSupported`.
@@ -436,7 +437,7 @@ export function login(
 ): Promise<LoginResult>
 
 export interface ParsedUri {
-  kind: 'embedded' | 'http' | 'https' | 'red' | 'reds' | 'grpc' | 'grpcs' | 'pg'
+  kind: 'embedded' | 'http' | 'https' | 'red' | 'reds' | 'redwss' | 'grpc' | 'grpcs' | 'pg'
   host?: string
   port?: number
   path?: string

package/index.d.ts

@@ -443,7 +443,7 @@ export function login(
 ): Promise<LoginResult>
 
 export interface ParsedUri {
-  kind: 'embedded' | 'http' | 'https' | 'red' | 'reds' | 'grpc' | 'grpcs' | 'pg'
+  kind: 'embedded' | 'http' | 'https' | 'red' | 'reds' | 'redwss' | 'grpc' | 'grpcs' | 'pg'
   host?: string
   port?: number
   path?: string

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@reddb-io/client",
-  "version": "1.9.1",
+  "version": "1.10.0",
   "description": "Thin remote-only RedDB driver. Downloads the `red_client` binary on install. Speaks RedWire/gRPC/HTTP. Embedded URIs (memory://, file://, red:///path) are rejected — use @reddb-io/sdk for those.",
   "type": "module",
   "main": "src/index.js",

package/src/core/url.js

@@ -20,7 +20,7 @@ import { RedDBError } from './errors.js'
 
 /**
  * @typedef {object} ParsedUri
- * @property {'embedded' | 'http' | 'https' | 'red' | 'reds' | 'grpc' | 'grpcs' | 'pg'} kind
+ * @property {'embedded' | 'http' | 'https' | 'red' | 'reds' | 'redwss' | 'grpc' | 'grpcs' | 'pg'} kind
  * @property {string} [host]
  * @property {number} [port]
  * @property {string} [path]            // for embedded `file://`-equivalent
@@ -47,12 +47,48 @@ export function parseUri(uri) {
       "connect() requires a URI string (e.g. 'red://localhost:5050' or 'red:///data.rdb')",
     )
   }
+  if (uri.startsWith('red+wss://')) {
+    return parseRedWssUrl(uri)
+  }
   if (uri.startsWith('red://') || uri === 'red:' || uri === 'red:/') {
     return parseRedUrl(uri)
   }
   return parseLegacyUrl(uri)
 }
 
+/**
+ * Parse `red+wss://[user:pass@]host:port[?token=...]` — RedWire framing
+ * tunneled over a binary WebSocket (the browser transport; #937, ADR
+ * 0036). Resolves to a `wss://host:port/redwire` endpoint downstream.
+ * Default port is 443 (the TLS edge).
+ */
+export function parseRedWssUrl(uri) {
+  let parsed
+  try {
+    // Borrow the URL parser via an `https://` authority so user / pass /
+    // host / port / query all decode with the standard rules.
+    parsed = new URL('https://' + uri.slice('red+wss://'.length))
+  } catch (err) {
+    throw new RedDBError('UNPARSEABLE_URI', `failed to parse '${uri}': ${err.message}`)
+  }
+  if (!parsed.hostname) {
+    throw new TypeError(`invalid red+wss:// URI: missing host in '${uri}'`)
+  }
+  const params = parsed.searchParams
+  return {
+    kind: 'redwss',
+    host: parsed.hostname,
+    port: parsed.port ? Number(parsed.port) : 443,
+    username: parsed.username ? decodeURIComponent(parsed.username) : undefined,
+    password: parsed.password ? decodeURIComponent(parsed.password) : undefined,
+    token: params.get('token') ?? undefined,
+    apiKey: params.get('apiKey') ?? params.get('api_key') ?? undefined,
+    loginUrl: params.get('loginUrl') ?? params.get('login_url') ?? undefined,
+    params,
+    originalUri: uri,
+  }
+}
+
 /**
  * Parse a `red://` URL.
  *

package/src/index.browser.js

@@ -40,6 +40,7 @@ import {
   mergeAuthFromUri,
 } from './core/index.js'
 import { HttpRpcClient } from './http.js'
+import { connectRedwireWs, REDWIRE_WS_PATH } from './redwire-ws.js'
 import { createSelectStream, createInputStream } from './streaming-web.js'
 
 export { RedDBError, EmbeddedNotSupported, EMBEDDED_REJECTION_MESSAGE, isEmbeddedUri }
@@ -122,6 +123,28 @@ export async function connect(uri, options = {}) {
     return new RedDB(client)
   }
 
+  // RedWire-over-binary-WebSocket (#937, ADR 0036): the browser speaks the
+  // same multiplexed binary protocol as the native drivers, tunneled over
+  // a WSS the sandbox can open. The TLS edge enforces the Origin allowlist
+  // and WSS-only on its side; here we just open the socket and run the
+  // standard RedWire handshake over it.
+  if (parsed.kind === 'redwss') {
+    const merged = mergeAuthFromUri(parsed, options.auth)
+    let token = merged.token
+    if (!token && merged.username && merged.password) {
+      const loginUrl = merged.loginUrl ?? `https://${parsed.host}:${parsed.port}/auth/login`
+      const session = await login(loginUrl, {
+        username: merged.username,
+        password: merged.password,
+      })
+      token = session.token
+    }
+    const auth = token ? { kind: 'bearer', token } : { kind: 'anonymous' }
+    const url = `wss://${parsed.host}:${parsed.port}${REDWIRE_WS_PATH}`
+    const client = await connectRedwireWs({ url, auth })
+    return new RedDB(client)
+  }
+
   if (
     parsed.kind === 'grpc'
     || parsed.kind === 'grpcs'