@rip-lang/server 1.3.110 → 1.3.112

package/edge/queue.rip

@@ -0,0 +1,53 @@
+# ==============================================================================
+# edge/queue.rip — scheduling, queue drain, and job processing
+# ==============================================================================
+
+# --- Scheduler ---
+
+export isCurrentVersion = (newestVersion, worker) ->
+  newestVersion is null or worker.version is null or worker.version >= newestVersion
+
+export getNextAvailableSocket = (availableWorkers, newestVersion) ->
+  while availableWorkers.length > 0
+    worker = availableWorkers.pop()
+    return worker if worker.inflight is 0 and isCurrentVersion(newestVersion, worker)
+  null
+
+export releaseWorker = (sockets, availableWorkers, newestVersion, worker) ->
+  return unless worker
+  return unless sockets.some((s) -> s.socket is worker.socket)
+  worker.inflight = 0
+  if isCurrentVersion(newestVersion, worker)
+    availableWorkers.push(worker)
+
+export shouldRetryBodylessBusy = (req, res) ->
+  req.method in ['GET', 'HEAD', 'OPTIONS', 'DELETE'] and
+    res.status is 503 and
+    res.headers.get('Rip-Worker-Busy') is '1'
+
+# --- Queue ---
+
+resolveJobError = (e) ->
+  if e instanceof Response then e else new Response('Internal error', { status: 500 })
+
+export processQueuedJob = (job, worker, forwardToWorker, onFinally) ->
+  forwardToWorker(job.req, worker)
+    .then((r) -> job.resolve(r))
+    .catch((e) -> job.resolve(resolveJobError(e)))
+    .finally(-> onFinally())
+
+export drainQueueOnce = (inflightTotal, socketsLength, availableWorkersLength, shiftJob, isJobTimedOut, queueTimeoutResponse, getNextAvailableSocket, processJob) ->
+  while inflightTotal < Math.max(1, socketsLength) and availableWorkersLength() > 0
+    job = shiftJob()
+    break unless job
+    if isJobTimedOut(job)
+      job.resolve(queueTimeoutResponse())
+      continue
+    inflightTotal++
+    worker = getNextAvailableSocket()
+    unless worker
+      inflightTotal--
+      job.resolve(new Response('Service unavailable', { status: 503, headers: { 'Retry-After': '1' } }))
+      break
+    processJob(job, worker)
+  inflightTotal

package/edge/ratelimit.rip

@@ -0,0 +1,63 @@
+# ==============================================================================
+# edge/ratelimit.rip — per-IP sliding window rate limiter
+# ==============================================================================
+
+DEFAULT_WINDOW_MS = 60000    # 1 minute
+DEFAULT_MAX_REQUESTS = 1000  # per window
+CLEANUP_INTERVAL_MS = 30000  # prune stale entries
+MAX_BUCKETS = 100000         # hard cap on tracked IPs to prevent memory exhaustion
+
+export createRateLimiter = (maxRequests, windowMs) ->
+  # Explicit check: 0 means disabled, null/undefined gets default
+  maxRequests = if typeof maxRequests is 'number' then maxRequests else DEFAULT_MAX_REQUESTS
+  windowMs = if typeof windowMs is 'number' and windowMs > 0 then windowMs else DEFAULT_WINDOW_MS
+  buckets = new Map()
+
+  cleanupTimer = if maxRequests > 0
+    setInterval ->
+      now = Date.now()
+      for [ip, timestamps] as buckets
+        fresh = timestamps.filter((t) -> now - t < windowMs)
+        if fresh.length is 0
+          buckets.delete(ip)
+        else
+          buckets.set(ip, fresh)
+    , CLEANUP_INTERVAL_MS
+  else
+    null
+
+  limiter =
+    maxRequests: maxRequests
+    windowMs: windowMs
+
+    check: (ip) ->
+      return { allowed: true, remaining: 0, retryAfter: 0 } if maxRequests <= 0
+      now = Date.now()
+      timestamps = buckets.get(ip) or []
+      timestamps = timestamps.filter((t) -> now - t < windowMs)
+      if timestamps.length >= maxRequests
+        buckets.set(ip, timestamps)
+        retryAfter = Math.ceil((timestamps[0] + windowMs - now) / 1000)
+        return { allowed: false, remaining: 0, retryAfter }
+      timestamps.push(now)
+      buckets.set(ip, timestamps)
+      # Evict oldest-inserted bucket if over cap (FIFO, not LRU — simple and bounded)
+      if buckets.size > MAX_BUCKETS
+        oldest = buckets.keys().next().value
+        buckets.delete(oldest)
+      { allowed: true, remaining: maxRequests - timestamps.length, retryAfter: 0 }
+
+    reset: (ip) ->
+      buckets.delete(ip)
+
+    stop: ->
+      clearInterval(cleanupTimer) if cleanupTimer
+
+  limiter
+
+export rateLimitResponse = (retryAfter) ->
+  new Response 'Rate limit exceeded',
+    status: 429
+    headers:
+      'Retry-After': String(retryAfter)
+      'Content-Type': 'text/plain'

package/edge/realtime.rip

@@ -0,0 +1,200 @@
+# ==============================================================================
+# edge/realtime.rip — Bam-style WebSocket realtime hub
+# ==============================================================================
+#
+# Manages WebSocket connections, group membership, and message routing.
+# Backend stays HTTP-only — the hub proxies WS events as HTTP POSTs and
+# processes JSON responses for membership updates and message delivery.
+#
+# Protocol keys:
+#   @  target groups (who receives)
+#   +  subscribe to groups
+#   -  unsubscribe from groups
+#   >  senders (exclude from delivery)
+#   *  close with reason
+#   Other keys are event payloads delivered to targets
+
+import { randomBytes } from 'node:crypto'
+
+# --- Hub lifecycle ---
+
+export createHub = ->
+  sockets: new Map()     # clientId -> ws
+  members: new Map()     # groupId -> Set(clientId) (bidirectional)
+  backendUrl: null       # set during wiring
+  deliveries: 0
+  messages: 0
+  connections: 0
+
+export generateClientId = ->
+  randomBytes(16).toString('hex')
+
+# --- Client management ---
+
+export addClient = (hub, clientId, ws) ->
+  hub.sockets.set(clientId, ws)
+  hub.members.set(clientId, new Set())
+  hub.connections++
+  clientId
+
+export removeClient = (hub, clientId) ->
+  hub.sockets.delete(clientId)
+  groups = hub.members.get(clientId)
+  hub.members.delete(clientId)
+  if groups
+    for group as groups
+      set = hub.members.get(group)
+      if set
+        set.delete(clientId)
+        hub.members.delete(group) if set.size is 0
+  return
+
+# --- Membership ---
+
+applySubscribe = (hub, groups, channels) ->
+  for group as groups
+    set = hub.members.get(group)
+    if set
+      for ch as channels
+        set.add(ch)
+    else
+      hub.members.set(group, new Set(channels))
+  for ch as channels
+    set = hub.members.get(ch)
+    if set
+      for group as groups
+        set.add(group)
+    else
+      hub.members.set(ch, new Set(groups))
+
+applyUnsubscribe = (hub, groups, channels) ->
+  for group as groups
+    set = hub.members.get(group)
+    if set
+      for ch as channels
+        set.delete(ch)
+      hub.members.delete(group) if set.size is 0
+  for ch as channels
+    set = hub.members.get(ch)
+    if set
+      for group as groups
+        set.delete(group)
+      hub.members.delete(ch) if set.size is 0
+
+# --- Message routing ---
+
+resolveTargets = (hub, groups) ->
+  clients = new Set()
+  for group as groups
+    set = hub.members.get(group)
+    if set
+      if String(group).startsWith('/')
+        for id as set
+          clients.add(id)
+      else
+        clients.add(group)
+  clients
+
+deliverToClients = (hub, clients, senders, payload) ->
+  for id as clients
+    continue if senders and senders.has(String(id))
+    ws = hub.sockets.get(id)
+    if ws
+      try
+        ws.send(payload)
+        hub.deliveries++
+        hub.messages++
+
+# --- Process backend response ---
+
+export processResponse = (hub, body, clientId) ->
+  try
+    json = JSON.parse(body)
+    return unless json and typeof json is 'object'  # reject primitives (strings, numbers, booleans)
+    list = if Array.isArray(json) then json else [json]
+
+    for item in list
+      groups = null
+      concat = null
+      remove = null
+      senders = null
+      bundle = {}
+
+      for key, val of item
+        switch key
+          when '@' then groups = new Set(val.map(String))
+          when '+' then concat = new Set(val.map(String))
+          when '-' then remove = new Set(val.map(String))
+          when '>' then senders = new Set(val.map(String))
+          when '*' then null # close reason — handled by caller
+          else bundle[key] = val
+
+      groups = new Set([clientId]) if not groups and clientId
+
+      if groups
+        applySubscribe(hub, groups, concat) if concat
+        applyUnsubscribe(hub, groups, remove) if remove
+
+      if groups and Object.keys(bundle).length > 0
+        clients = resolveTargets(hub, groups)
+        deliverToClients(hub, clients, senders, JSON.stringify(bundle))
+  catch e
+    console.error "realtime: invalid response:", e.message
+
+# --- Proxy to backend ---
+
+export proxyToBackend = (hub, headers, frameType, body) ->
+  return unless hub.backendUrl
+  proxyHeaders = new Headers(headers)
+  proxyHeaders.set('Sec-WebSocket-Frame', frameType)
+  proxyHeaders.delete('Upgrade')
+  proxyHeaders.delete('Connection')
+  proxyHeaders.delete('Sec-WebSocket-Key')
+  proxyHeaders.delete('Sec-WebSocket-Version')
+  proxyHeaders.delete('Sec-WebSocket-Extensions')
+
+  try
+    res = fetch! hub.backendUrl,
+      method: 'POST'
+      headers: proxyHeaders
+      body: body or ''
+    res.text!
+  catch e
+    console.error "realtime: proxy failed:", e.message
+    null
+
+# --- Binary delivery (for CRDT and raw data) ---
+
+export broadcastBinary = (hub, groupIds, data, excludeClientId) ->
+  clients = new Set()
+  for group in groupIds
+    set = hub.members.get(String(group))
+    if set
+      if String(group).startsWith('/')
+        for id as set
+          clients.add(id)
+      else
+        clients.add(String(group))
+  for id as clients
+    continue if excludeClientId and id is excludeClientId
+    ws = hub.sockets.get(id)
+    if ws
+      try
+        ws.send(data)
+        hub.deliveries++
+        hub.messages++
+  return
+
+# --- Publish (external) ---
+
+export handlePublish = (hub, body) ->
+  processResponse(hub, body, null)
+
+# --- Stats ---
+
+export getRealtimeStats = (hub) ->
+  clients: hub.sockets.size
+  groups: hub.members.size - hub.sockets.size  # groups minus client entries
+  deliveries: hub.deliveries
+  messages: hub.messages
+  connections: hub.connections

package/edge/registry.rip

@@ -0,0 +1,44 @@
+# ==============================================================================
+# edge/registry.rip — per-app state and multi-app registry
+# ==============================================================================
+
+createAppState = (appId, config) ->
+  appId: appId
+  config: config
+  sockets: []
+  availableWorkers: []
+  queue: []
+  inflightTotal: 0
+  newestVersion: null
+  maxQueue: config.maxQueue or 512
+  queueTimeoutMs: config.queueTimeoutMs or 30000
+  readTimeoutMs: config.readTimeoutMs or 30000
+  hosts: config.hosts or []
+
+export createAppRegistry = ->
+  apps: new Map()
+  hostIndex: new Map()
+
+export registerApp = (registry, appId, config) ->
+  state = createAppState(appId, config)
+  registry.apps.set(appId, state)
+  for host in (config.hosts or [])
+    registry.hostIndex.set(host.toLowerCase(), appId)
+  state
+
+export removeApp = (registry, appId) ->
+  state = registry.apps.get(appId)
+  return unless state
+  for host in state.hosts
+    h = host.toLowerCase()
+    registry.hostIndex.delete(h) if registry.hostIndex.get(h) is appId
+  registry.apps.delete(appId)
+
+export resolveHost = (registry, hostname) ->
+  registry.hostIndex.get(hostname.toLowerCase()) ?? null
+
+export getAppState = (registry, appId) ->
+  registry.apps.get(appId) ?? null
+
+export getAllApps = (registry) ->
+  Array.from(registry.apps.values())

package/edge/security.rip

@@ -0,0 +1,38 @@
+# ==============================================================================
+# edge/security.rip — request smuggling and validation defenses
+# ==============================================================================
+
+MAX_URL_LENGTH = 8192
+
+export validateRequest = (req) ->
+  url = new URL(req.url)
+
+  # Reject oversized URLs
+  if url.href.length > MAX_URL_LENGTH
+    return { valid: false, status: 400, message: 'URL too long' }
+
+  # Reject conflicting Content-Length and Transfer-Encoding
+  hasContentLength = req.headers.has('content-length')
+  hasTransferEncoding = req.headers.has('transfer-encoding')
+  if hasContentLength and hasTransferEncoding
+    return { valid: false, status: 400, message: 'Conflicting Content-Length and Transfer-Encoding' }
+
+  # Reject multiple Host headers (check for comma which indicates multiple values)
+  hostHeader = req.headers.get('host')
+  if hostHeader and hostHeader.includes(',')
+    return { valid: false, status: 400, message: 'Multiple Host headers' }
+
+  # Reject null bytes in URL
+  if url.pathname.includes('\x00') or url.search.includes('\x00')
+    return { valid: false, status: 400, message: 'Null byte in URL' }
+
+  # Reject path traversal — three decodes beyond URL parser
+  # Catches single (%2e), double (%252e), and triple (%25252e) encoding
+  pathname = url.pathname
+  d1 = try decodeURIComponent(pathname) catch then pathname
+  d2 = try decodeURIComponent(d1) catch then d1
+  d3 = try decodeURIComponent(d2) catch then d2
+  if pathname.includes('..') or d1.includes('..') or d2.includes('..') or d3.includes('..')
+    return { valid: false, status: 400, message: 'Path traversal rejected' }
+
+  { valid: true }

package/edge/tls.rip

@@ -0,0 +1,49 @@
+# ==============================================================================
+# edge/tls.rip — TLS material loading helpers
+# ==============================================================================
+
+import { readFileSync } from 'node:fs'
+import { join } from 'node:path'
+import { X509Certificate } from 'node:crypto'
+
+export printCertSummary = (certPem) ->
+  try
+    x = new X509Certificate(certPem)
+    subject = x.subject.split(/,/)[0]?.trim() or x.subject
+    issuer = x.issuer.split(/,/)[0]?.trim() or x.issuer
+    exp = new Date(x.validTo)
+    p "rip-server: tls cert #{subject} issued by #{issuer} expires #{exp.toISOString()}"
+
+export loadTlsMaterial = (flags, serverDir, acmeLoadCertFn) ->
+  # Explicit cert/key paths
+  if flags.certPath and flags.keyPath
+    try
+      cert = readFileSync(flags.certPath, 'utf8')
+      key = readFileSync(flags.keyPath, 'utf8')
+      printCertSummary(cert)
+      return { cert, key }
+    catch
+      console.error 'Failed to read TLS cert/key from provided paths. Use http or fix paths.'
+      exit 2
+
+  # ACME-managed cert (if domain is configured)
+  if acmeLoadCertFn and (flags.acme or flags.acmeStaging) and flags.acmeDomain
+    acmeCert = acmeLoadCertFn(flags.acmeDomain)
+    if acmeCert
+      p "rip-server: using ACME cert for #{flags.acmeDomain}"
+      printCertSummary(acmeCert.cert)
+      return { cert: acmeCert.cert, key: acmeCert.key }
+
+  # Shipped wildcard cert for *.ripdev.io (GlobalSign, valid for all subdomains)
+  certsDir = join(serverDir, 'certs')
+  certPath = join(certsDir, 'ripdev.io.crt')
+  keyPath = join(certsDir, 'ripdev.io.key')
+  try
+    cert = readFileSync(certPath, 'utf8')
+    key = readFileSync(keyPath, 'utf8')
+    printCertSummary(cert)
+    return { cert, key }
+  catch e
+    console.error "rip-server: failed to load TLS certs from #{certsDir}: #{e.message}"
+    console.error 'Use --cert/--key to provide your own, or use http to disable TLS.'
+    exit 2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rip-lang/server",
-  "version": "1.3.110",
+  "version": "1.3.112",
   "description": "Pure Rip web framework and application server",
   "type": "module",
   "main": "api.rip",
@@ -53,10 +53,13 @@
     "middleware.rip",
     "server.rip",
     "server.html",
-    "certs/",
+    "acme/",
     "bin/",
-    "tests/",
+    "certs/",
+    "control/",
     "docs/",
+    "edge/",
+    "tests/",
     "README.md"
   ]
 }