npm - @replit/river - Versions diffs - 0.217.1 → 0.218.0 - Mend

@replit/river 0.217.1 → 0.218.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (27) hide show

package/README.md +32 -0
package/dist/{chunk-JFFRB3SS.js → chunk-2HK3WK7W.js} +55 -8
package/dist/chunk-2HK3WK7W.js.map +1 -0
package/dist/{chunk-VK3VJZGG.js → chunk-PWNG6VBS.js} +313 -10
package/dist/chunk-PWNG6VBS.js.map +1 -0
package/dist/{client-YP9bECp8.d.ts → client-B35XYDNc.d.ts} +22 -1
package/dist/codec/index.js +2 -2
package/dist/{connection-D_HE_YQB.d.ts → connection-bbb8EEFF.d.ts} +1 -1
package/dist/protobuf/index.d.ts +8 -8
package/dist/protobuf/index.js +20 -8
package/dist/protobuf/index.js.map +1 -1
package/dist/router/index.d.ts +7 -7
package/dist/router/index.js +1 -1
package/dist/{server-BfM3_JLq.d.ts → server-B-s_HVtb.d.ts} +35 -1
package/dist/{services-CL6k3HMH.d.ts → services-CVMD2iBf.d.ts} +2 -2
package/dist/testUtil/index.d.ts +4 -4
package/dist/testUtil/index.js +2 -2
package/dist/transport/impls/ws/client.d.ts +3 -3
package/dist/transport/impls/ws/client.js +2 -2
package/dist/transport/impls/ws/server.d.ts +3 -3
package/dist/transport/impls/ws/server.js +2 -2
package/dist/transport/index.d.ts +4 -4
package/dist/transport/index.js +2 -2
package/dist/{transport-CUpXnch7.d.ts → transport-WUuMJkX5.d.ts} +60 -10
package/package.json +1 -1
package/dist/chunk-JFFRB3SS.js.map +0 -1
package/dist/chunk-VK3VJZGG.js.map +0 -1

package/dist/{chunk-VK3VJZGG.js → chunk-PWNG6VBS.js} RENAMED Viewed

@@ -5,9 +5,12 @@ import {
 import {
   ControlMessageHandshakeRequestSchema,
   ControlMessageHandshakeResponseSchema,
+  ControlMessageRehandshakeRequestSchema,
+  ControlMessageRehandshakeResponseSchema,
   HandshakeErrorCustomHandlerFatalResponseCodes,
   HandshakeErrorRetriableResponseCodes,
   OpaqueTransportMessageSchema,
+  RehandshakeStreamId,
   acceptedProtocolVersions,
   coerceErrorString,
   createConnectionTelemetryInfo,
@@ -20,8 +23,10 @@ import {
   handshakeResponseMessage,
   isAcceptedProtocolVersion,
   isAck,
+  rehandshakeRequestMessage,
+  rehandshakeResponseMessage,
   validationErrorToRiverErrors
-} from "./chunk-JFFRB3SS.js";
+} from "./chunk-2HK3WK7W.js";
 // transport/events.ts
 var ProtocolError = {
@@ -559,6 +564,8 @@ var SessionConnected = class extends IdentifiedSession {
   heartbeatHandle;
   heartbeatMissTimeout;
   isActivelyHeartbeating = false;
+  rehandshakeTimer;
+  credentialExpiry;
   updateBookkeeping(ack, seq) {
     this.sendBuffer = this.sendBuffer.filter((unacked) => unacked.seq >= ack);
     this.ack = seq + 1;
@@ -664,6 +671,61 @@ var SessionConnected = class extends IdentifiedSession {
     };
     this.send(heartbeat);
   }
+  /**
+   * Schedules the next proactive re-handshake from the credential's expiry. The
+   * server calls this after each (re)validation, mirroring {@link startActiveHeartbeat}:
+   * once armed the session drives the exchange itself — one handshake window before
+   * expiry it sends a re-handshake request and waits for the response, firing
+   * {@link SessionConnectedListeners.onRehandshakeTimeout} if none arrives in time.
+   * Passing `undefined` (a credential that never expires) cancels any schedule.
+   */
+  scheduleRehandshake(expiry) {
+    this.clearRehandshakeTimer();
+    this.credentialExpiry = expiry;
+    if (expiry === void 0) {
+      return;
+    }
+    const delayMs = expiry - this.options.handshakeTimeoutMs - Date.now();
+    this.rehandshakeTimer = setTimeout(
+      () => {
+        this.rehandshakeTimer = void 0;
+        this.sendRehandshakeRequest();
+      },
+      Math.max(0, delayMs)
+    );
+  }
+  /**
+   * Sends a re-handshake request immediately and arms the response deadline,
+   * bypassing the expiry schedule. Returns false if the request couldn't be sent.
+   */
+  requestRehandshakeNow() {
+    this.clearRehandshakeTimer();
+    return this.sendRehandshakeRequest();
+  }
+  sendRehandshakeRequest() {
+    const res = this.send(rehandshakeRequestMessage());
+    if (!res.ok) {
+      return false;
+    }
+    const deadlineMs = this.credentialExpiry !== void 0 ? Math.min(
+      this.options.handshakeTimeoutMs,
+      this.credentialExpiry - Date.now()
+    ) : this.options.handshakeTimeoutMs;
+    this.rehandshakeTimer = setTimeout(
+      () => {
+        this.rehandshakeTimer = void 0;
+        this.listeners.onRehandshakeTimeout?.();
+      },
+      Math.max(0, deadlineMs)
+    );
+    return true;
+  }
+  clearRehandshakeTimer() {
+    if (this.rehandshakeTimer) {
+      clearTimeout(this.rehandshakeTimer);
+      this.rehandshakeTimer = void 0;
+    }
+  }
   onMessageData = (msg) => {
     const parsedMsgRes = this.codec.fromBuffer(msg);
     if (!parsedMsgRes.ok) {
@@ -673,6 +735,12 @@ var SessionConnected = class extends IdentifiedSession {
       return;
     }
     const parsedMsg = parsedMsgRes.value;
+    if (parsedMsg.from !== this.to) {
+      this.listeners.onInvalidMessage(
+        `received message with 'from' (${parsedMsg.from}) that does not match the session peer (${this.to})`
+      );
+      return;
+    }
     if (parsedMsg.seq !== this.ack) {
       if (parsedMsg.seq < this.ack) {
         this.log?.debug(
@@ -703,6 +771,10 @@ var SessionConnected = class extends IdentifiedSession {
     });
     this.updateBookkeeping(parsedMsg.ack, parsedMsg.seq);
     if (!isAck(parsedMsg.controlFlags)) {
+      if (parsedMsg.streamId === RehandshakeStreamId) {
+        this.listeners.onRehandshake(parsedMsg);
+        return;
+      }
       this.listeners.onMessage(parsedMsg);
       return;
     }
@@ -727,6 +799,7 @@ var SessionConnected = class extends IdentifiedSession {
       clearTimeout(this.heartbeatMissTimeout);
       this.heartbeatMissTimeout = void 0;
     }
+    this.clearRehandshakeTimer();
   }
   _handleClose() {
     super._handleClose();
@@ -1498,6 +1571,14 @@ var ClientTransport = class extends Transport {
    * Optional handshake options for this client.
    */
   handshakeExtensions;
+  /**
+   * Handshake-metadata constructions prefetched when a connection attempt begins
+   * (only when {@link ClientHandshakeOptions.eager} is set), so the
+   * token fetch overlaps the dial instead of following it. Keyed by the peer being
+   * connected to; consumed when the handshake is sent and cleared when an attempt
+   * is abandoned.
+   */
+  pendingHandshakeMetadata = /* @__PURE__ */ new Map();
   sessions;
   constructor(clientId, providedOptions) {
     super(clientId, providedOptions);
@@ -1511,6 +1592,62 @@ var ClientTransport = class extends Transport {
   extendHandshake(options) {
     this.handshakeExtensions = options;
   }
+  handleRehandshakeMessage(message) {
+    if (!Value2.Check(ControlMessageRehandshakeRequestSchema, message.payload)) {
+      this.log?.warn(
+        `ignoring malformed re-handshake request from ${message.from}`,
+        { clientId: this.clientId, connectedTo: message.from }
+      );
+      return;
+    }
+    void this.sendRehandshake(message.from);
+  }
+  /**
+   * Re-constructs handshake metadata via the configured handshake extension and
+   * sends it back to the server so it can replace the metadata for this session.
+   * Triggered by a server {@link ControlMessageRehandshakeRequestSchema}.
+   */
+  async sendRehandshake(to) {
+    if (!this.handshakeExtensions) {
+      this.log?.warn(
+        `got re-handshake request from ${to} but no handshake extensions are configured, ignoring`,
+        { clientId: this.clientId, connectedTo: to }
+      );
+      return;
+    }
+    const session = this.sessions.get(to);
+    if (!session || session.state !== "Connected" /* Connected */) {
+      return;
+    }
+    const loggingMetadata = session.loggingMetadata;
+    const sessionId = session.id;
+    let metadata;
+    try {
+      metadata = await this.handshakeExtensions.construct();
+    } catch (err) {
+      this.log?.error(
+        `failed to construct re-handshake metadata for ${to}: ${coerceErrorString(
+          err
+        )}`,
+        loggingMetadata
+      );
+      return;
+    }
+    try {
+      const send = this.getSessionBoundSendFn(to, sessionId);
+      send(rehandshakeResponseMessage(metadata));
+    } catch (err) {
+      const reason = coerceErrorString(err);
+      this.log?.error(
+        `failed to send re-handshake metadata to ${to}: ${reason}`,
+        loggingMetadata
+      );
+      this.protocolError({
+        type: ProtocolError.MessageSendFailure,
+        message: reason
+      });
+    }
+  }
   tryReconnecting(to) {
     const oldSession = this.sessions.get(to);
     if (!this.options.enableTransparentSessionReconnects && oldSession) {
@@ -1552,6 +1689,10 @@ var ClientTransport = class extends Transport {
     this.createSession(session);
     return session;
   }
+  deleteSession(session, options) {
+    this.pendingHandshakeMetadata.delete(session.to);
+    super.deleteSession(session, options);
+  }
   // listeners
   onConnectingFailed(session) {
     const noConnectionSession = super.onConnectingFailed(session);
@@ -1705,6 +1846,9 @@ var ClientTransport = class extends Transport {
       onMessage: (msg2) => {
         this.handleMsg(msg2);
       },
+      onRehandshake: (msg2) => {
+        this.handleRehandshakeMessage(msg2);
+      },
       onInvalidMessage: (reason) => {
         this.log?.error(`invalid message: ${reason}`, {
           ...connectedSession.loggingMetadata,
@@ -1822,6 +1966,12 @@ var ClientTransport = class extends Transport {
         }
       }
     );
+    if (this.handshakeExtensions?.eager) {
+      this.pendingHandshakeMetadata.set(
+        session.to,
+        this.constructHandshakeMetadata()
+      );
+    }
     const connectingSession = ClientSessionStateGraph.transition.BackingOffToConnecting(
       session,
       connPromise,
@@ -1869,24 +2019,39 @@ var ClientTransport = class extends Transport {
     );
     this.updateSession(connectingSession);
   }
+  /**
+   * Constructs handshake metadata via the configured handshake extension, capturing
+   * a failure as a value so a prefetched result can be awaited without rejecting.
+   */
+  async constructHandshakeMetadata() {
+    if (!this.handshakeExtensions) {
+      return { ok: true, metadata: void 0 };
+    }
+    try {
+      return { ok: true, metadata: await this.handshakeExtensions.construct() };
+    } catch (err) {
+      return { ok: false, reason: coerceErrorString(err) };
+    }
+  }
   async sendHandshake(session) {
     let metadata = void 0;
     if (this.handshakeExtensions) {
-      try {
-        metadata = await this.handshakeExtensions.construct();
-      } catch (err) {
-        const errStr = coerceErrorString(err);
+      const pending = this.pendingHandshakeMetadata.get(session.to);
+      this.pendingHandshakeMetadata.delete(session.to);
+      const result = await (pending ?? this.constructHandshakeMetadata());
+      if (!result.ok) {
         this.log?.error(
-          `failed to construct handshake metadata for session to ${session.to}: ${errStr}`,
+          `failed to construct handshake metadata for session to ${session.to}: ${result.reason}`,
           session.loggingMetadata
         );
         this.protocolError({
           type: ProtocolError.HandshakeFailed,
-          message: `failed to construct handshake metadata: ${errStr}`
+          message: `failed to construct handshake metadata: ${result.reason}`
         });
         this.deleteSession(session, { unhealthy: true });
         return;
       }
+      metadata = result.metadata;
     }
     if (session._isConsumed) {
       return;
@@ -1966,6 +2131,134 @@ var ServerTransport = class extends Transport {
     this.sessionHandshakeMetadata.delete(session.to);
     super.deleteSession(session, options);
   }
+  /**
+   * Asks the connected client to re-handshake — re-construct and resend its
+   * handshake metadata (e.g. a refreshed token). Returns false if there is no
+   * live connection to send the request over.
+   *
+   * On a successful re-handshake the stored metadata is replaced and observed by
+   * subsequent procedure calls. If the client does not respond with metadata that
+   * re-validates before the response deadline — the shorter of
+   * {@link SessionOptions.handshakeTimeoutMs} and the credential's remaining
+   * lifetime — the session is torn down.
+   */
+  requestRehandshake(to) {
+    const session = this.sessions.get(to);
+    if (!session || session.state !== "Connected" /* Connected */) {
+      return false;
+    }
+    return session.requestRehandshakeNow();
+  }
+  /**
+   * Stores freshly validated handshake metadata for a client and hands the
+   * credential's expiry to the session, which schedules and runs the next
+   * re-handshake itself. Called on every successful (re)handshake, so the schedule
+   * perpetuates itself and survives transparent reconnects.
+   */
+  storeSessionMetadata(session, parsed) {
+    this.sessionHandshakeMetadata.set(session.to, parsed);
+    if (session.state === "Connected" /* Connected */) {
+      session.scheduleRehandshake(
+        this.handshakeExtensions?.expiry?.(parsed)?.getTime()
+      );
+    }
+  }
+  handleRehandshakeMessage(message) {
+    if (!Value3.Check(ControlMessageRehandshakeResponseSchema, message.payload)) {
+      const session = this.sessions.get(message.from);
+      if (session) {
+        this.teardownForFailedRehandshake(
+          session,
+          "received malformed re-handshake control message"
+        );
+      }
+      return;
+    }
+    void this.onRehandshakeResponse(message.from, message.payload.metadata);
+  }
+  /**
+   * Re-validates handshake metadata sent by the client during a re-handshake and
+   * replaces the stored metadata on success. Any failure (malformed metadata,
+   * rejection, or a thrown validator) tears the session down.
+   */
+  async onRehandshakeResponse(from, metadata) {
+    const handshakeExtensions = this.handshakeExtensions;
+    if (!handshakeExtensions) {
+      return;
+    }
+    const session = this.sessions.get(from);
+    if (!session) {
+      return;
+    }
+    if (!Value3.Check(handshakeExtensions.schema, metadata)) {
+      this.teardownForFailedRehandshake(
+        session,
+        "received malformed handshake metadata during re-handshake"
+      );
+      return;
+    }
+    const previousParsedMetadata = this.sessionHandshakeMetadata.get(from);
+    let parsedMetadataOrFailureCode;
+    try {
+      parsedMetadataOrFailureCode = await handshakeExtensions.validate(
+        metadata,
+        previousParsedMetadata,
+        from
+      );
+    } catch (err) {
+      this.teardownForFailedRehandshake(
+        session,
+        `handshake validation threw during re-handshake: ${coerceErrorString(
+          err
+        )}`
+      );
+      return;
+    }
+    if (Value3.Check(
+      HandshakeErrorCustomHandlerFatalResponseCodes,
+      parsedMetadataOrFailureCode
+    )) {
+      this.teardownForFailedRehandshake(
+        session,
+        "re-handshake metadata rejected by handshake handler"
+      );
+      return;
+    }
+    if (this.sessions.get(from) !== session) {
+      return;
+    }
+    this.storeSessionMetadata(
+      session,
+      parsedMetadataOrFailureCode
+    );
+    this.log?.info(`re-handshake from ${from} ok`, {
+      ...session.loggingMetadata,
+      connectedTo: from
+    });
+  }
+  /**
+   * Tears down a session whose re-handshake failed (rejected, malformed, timed
+   * out, or a thrown validator). No-ops if {@link session} is no longer the live
+   * session for its peer — a transparent reconnect keeps the same id, so callers
+   * reaching here after an async gap can't accidentally close the session that
+   * replaced it.
+   */
+  teardownForFailedRehandshake(session, reason) {
+    if (this.sessions.get(session.to) !== session) {
+      return;
+    }
+    const to = session.to;
+    this.log?.warn(`tearing down session to ${to}: ${reason}`, {
+      ...session.loggingMetadata,
+      connectedTo: to
+    });
+    this.protocolError({
+      type: ProtocolError.HandshakeFailed,
+      code: "REJECTED_BY_CUSTOM_HANDLER",
+      message: reason
+    });
+    this.deleteSession(session, { unhealthy: true });
+  }
   handleConnection(conn) {
     if (this.getStatus() !== "open") return;
     this.log?.info(`new incoming connection`, {
@@ -2129,7 +2422,8 @@ var ServerTransport = class extends Transport {
       try {
         parsedMetadataOrFailureCode = await this.handshakeExtensions.validate(
           msg.payload.metadata,
-          previousParsedMetadata
+          previousParsedMetadata,
+          msg.from
         );
       } catch (err) {
         this.rejectHandshakeRequest(
@@ -2310,6 +2604,15 @@ var ServerTransport = class extends Transport {
         onMessage: (msg2) => {
           this.handleMsg(msg2);
         },
+        onRehandshake: (msg2) => {
+          this.handleRehandshakeMessage(msg2);
+        },
+        onRehandshakeTimeout: () => {
+          this.teardownForFailedRehandshake(
+            connectedSession,
+            "re-handshake timed out"
+          );
+        },
         onInvalidMessage: (reason) => {
           this.log?.error(`invalid message: ${reason}`, {
             ...connectedSession.loggingMetadata,
@@ -2339,7 +2642,7 @@ var ServerTransport = class extends Transport {
     if (!bufferSendRes.ok) {
       return;
     }
-    this.sessionHandshakeMetadata.set(connectedSession.to, parsedMetadata);
+    this.storeSessionMetadata(connectedSession, parsedMetadata);
     if (oldSession) {
       this.updateSession(connectedSession);
     } else {
@@ -2490,4 +2793,4 @@ export {
   WebSocketConnection,
   CodecMessageAdapter
 };
-//# sourceMappingURL=chunk-VK3VJZGG.js.map
+//# sourceMappingURL=chunk-PWNG6VBS.js.map