@rstreamlabs/rstream 1.1.0

package/dist/index.js

@@ -0,0 +1,543 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  Rstream: () => RstreamClient,
+  RstreamAuthRessource: () => RstreamAuthRessource,
+  RstreamClient: () => RstreamClient,
+  RstreamClientsRessource: () => RstreamClientsRessource,
+  RstreamTunnelsRessource: () => RstreamTunnelsRessource,
+  RstreamWebHooksRessource: () => RstreamWebHooksRessource,
+  Watch: () => Watch,
+  clientSchema: () => clientSchema,
+  createShortTermTokenParamsSchema: () => createShortTermTokenParamsSchema,
+  createShortTermTokenResponseSchema: () => createShortTermTokenResponseSchema,
+  eventSchema: () => eventSchema,
+  listClientsParamsSchema: () => listClientsParamsSchema,
+  listClientsResponseSchema: () => listClientsResponseSchema,
+  listTunnelsParamsSchema: () => listTunnelsParamsSchema,
+  listTunnelsResponseSchema: () => listTunnelsResponseSchema,
+  rstreamAuthPayloadSchema: () => rstreamAuthPayloadSchema,
+  tunnelSchema: () => tunnelSchema
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/auth-ressource.ts
+var import_crypto = __toESM(require("crypto"));
+var import_jsonwebtoken = __toESM(require("jsonwebtoken"));
+var RstreamAuthRessource = class {
+  client;
+  constructor(client) {
+    this.client = client;
+  }
+  async createShortTermToken(params, options) {
+    const credentials = options?.credentials || this.client.credentials;
+    if (!credentials || !("clientId" in credentials)) {
+      throw new Error(
+        "Application credentials (client id, client secret) are required to create a short term token."
+      );
+    }
+    const now = Math.floor(Date.now() / 1e3);
+    const exp = now + (params?.expires_in ?? 60);
+    const payload = {
+      iat: now,
+      // Issued at
+      exp,
+      // Expiration time
+      type: "app",
+      clientId: credentials.clientId,
+      metadata: {
+        engine: this.client.engine,
+        permissions: params?.permissions
+      }
+    };
+    const pk = import_crypto.default.createPrivateKey({
+      key: Buffer.from(credentials.clientSecret, "hex"),
+      format: "der",
+      type: "pkcs8"
+    });
+    const token = import_jsonwebtoken.default.sign(payload, pk, {
+      algorithm: "ES512"
+    });
+    const result = {
+      token
+    };
+    return result;
+  }
+};
+
+// src/zod.ts
+var z = __toESM(require("zod"));
+var StringFilter = z.union([
+  z.string(),
+  z.object({ exact: z.string() }),
+  z.object({ oneof: z.array(z.string()) }),
+  z.object({ regex: z.string() })
+]);
+function transform(field) {
+  if (field instanceof z.ZodOptional) {
+    return transform(field.unwrap()).optional();
+  }
+  if (field instanceof z.ZodString) {
+    return StringFilter.optional();
+  }
+  if (field instanceof z.ZodRecord) {
+    return z.record(field.keySchema, transform(field.valueSchema)).optional();
+  }
+  return field.optional();
+}
+function filters(base) {
+  const entries = Object.entries(base.shape).map(([key, field]) => [
+    key,
+    transform(field)
+  ]);
+  const shape = Object.fromEntries(entries);
+  const node = z.lazy(
+    () => z.union([
+      z.object(shape),
+      z.object({ AND: z.array(node) }),
+      z.object({ OR: z.array(node) })
+    ])
+  );
+  return node;
+}
+function select(base) {
+  const entries = Object.entries(base.shape).map(([key]) => {
+    return [key, z.boolean().optional()];
+  });
+  const shape = Object.fromEntries(entries);
+  return z.object(shape);
+}
+
+// src/tunnel.ts
+var z2 = __toESM(require("zod"));
+var tunnelSchema = z2.object({
+  id: z2.string(),
+  client_id: z2.string(),
+  user_id: z2.string(),
+  status: z2.enum(["online", "offline"]),
+  name: z2.string().optional(),
+  protocol: z2.string(),
+  publish: z2.boolean(),
+  labels: z2.record(z2.string().optional()).optional(),
+  host: z2.string().optional(),
+  tls_mode: z2.string(),
+  tls_min_version: z2.string().optional(),
+  mtls: z2.boolean(),
+  token_auth: z2.boolean(),
+  path: z2.string().optional()
+});
+var listTunnelsParamsSchema = z2.object({
+  limit: z2.number().optional(),
+  filters: tunnelSchema.pick({
+    status: true,
+    client_id: true,
+    protocol: true,
+    publish: true,
+    labels: true
+  }).partial().optional()
+});
+var listTunnelsResponseSchema = z2.object({
+  tunnels: z2.array(tunnelSchema)
+});
+
+// src/auth.ts
+var z3 = __toESM(require("zod"));
+var createShortTermTokenParamsSchema = z3.object({
+  expires_in: z3.number().default(60),
+  // 1 minute
+  permissions: z3.object({
+    // Permissions for creating a tunnel
+    create: z3.union([
+      z3.boolean(),
+      z3.object({
+        filters: filters(tunnelSchema).optional()
+      })
+    ]).optional(),
+    // Permissions for connecting to a tunnel
+    connect: z3.union([
+      z3.boolean(),
+      z3.object({
+        filters: filters(tunnelSchema).optional()
+      })
+    ]).optional(),
+    // Permissions for listing tunnels
+    list: z3.union([
+      z3.boolean(),
+      z3.object({
+        filters: filters(tunnelSchema).optional(),
+        select: select(tunnelSchema).optional()
+      })
+    ]).optional()
+  }),
+  // Additional metadata
+  metadata: z3.unknown().optional()
+});
+var createShortTermTokenResponseSchema = z3.object({
+  token: z3.string()
+});
+var rstreamAuthPayloadSchema = z3.discriminatedUnion("type", [
+  z3.object({
+    type: z3.literal("pat")
+  }),
+  z3.object({
+    type: z3.literal("app"),
+    clientId: z3.string()
+  })
+]).and(
+  z3.object({
+    metadata: z3.object({
+      engine: z3.string().optional(),
+      permissions: createShortTermTokenParamsSchema.shape.permissions.optional()
+    }).optional()
+  })
+);
+
+// src/client.ts
+var z4 = __toESM(require("zod"));
+var clientSchema = z4.object({
+  id: z4.string(),
+  user_id: z4.string(),
+  status: z4.enum(["online", "offline"]),
+  details: z4.object({
+    agent: z4.string().optional(),
+    os: z4.string().optional(),
+    version: z4.string().optional(),
+    protocol_version: z4.string().optional()
+  }).optional(),
+  labels: z4.record(z4.string().optional()).optional()
+});
+var listClientsParamsSchema = z4.object({
+  limit: z4.number().optional(),
+  filters: clientSchema.pick({
+    labels: true
+  }).partial().optional()
+});
+var listClientsResponseSchema = z4.object({
+  clients: z4.array(clientSchema)
+});
+
+// src/clients-ressource.ts
+var RstreamClientsRessource = class {
+  client;
+  constructor(client) {
+    this.client = client;
+  }
+  async list(params) {
+    const response = await this.client.request(
+      `/clients?params=${encodeURIComponent(JSON.stringify(params))}`,
+      {
+        method: "GET"
+      }
+    );
+    return listClientsResponseSchema.parse(response);
+  }
+  async get(id) {
+    const response = await this.client.request(`/clients/${id}`, {
+      method: "GET"
+    });
+    return clientSchema.parse(response);
+  }
+};
+
+// src/event.ts
+var z5 = __toESM(require("zod"));
+var eventSchema = z5.union([
+  z5.object({
+    type: z5.literal("client.created"),
+    object: clientSchema
+  }),
+  z5.object({
+    type: z5.literal("client.updated"),
+    object: clientSchema
+  }),
+  z5.object({
+    type: z5.literal("client.deleted"),
+    object: clientSchema
+  }),
+  z5.object({
+    type: z5.literal("tunnel.created"),
+    object: tunnelSchema
+  }),
+  z5.object({
+    type: z5.literal("tunnel.updated"),
+    object: tunnelSchema
+  }),
+  z5.object({
+    type: z5.literal("tunnel.deleted"),
+    object: tunnelSchema
+  })
+]);
+
+// src/tunnels-ressource.ts
+var RstreamTunnelsRessource = class {
+  client;
+  constructor(client) {
+    this.client = client;
+  }
+  async list(params) {
+    const response = await this.client.request(
+      `/tunnels?params=${encodeURIComponent(JSON.stringify(params))}`,
+      {
+        method: "GET"
+      }
+    );
+    return listTunnelsResponseSchema.parse(response);
+  }
+  async get(id) {
+    const response = await this.client.request(`/tunnels/${id}`, {
+      method: "GET"
+    });
+    return tunnelSchema.parse(response);
+  }
+};
+
+// src/webhooks-ressource.ts
+var import_crypto2 = __toESM(require("crypto"));
+var RstreamWebHooksRessource = class {
+  client;
+  constructor(client) {
+    this.client = client;
+  }
+  // Constructs and verifies the signature of an Event from the provided details.
+  async event(payload, header, secret, tolerance = 300, receivedAt = Date.now()) {
+    const payloadBuffer = Buffer.isBuffer(payload) ? payload : Buffer.from(payload);
+    const signatureHeader = Array.isArray(header) ? header[0] : header.toString();
+    if (!signatureHeader) {
+      throw new Error("No signature header");
+    }
+    const elements = signatureHeader.split(",").map((element) => element.trim());
+    let timestamp;
+    const signatures = [];
+    for (const element of elements) {
+      if (element.startsWith("t=")) {
+        timestamp = element.substring(2);
+      } else if (element.startsWith("v1=")) {
+        signatures.push(element.substring(3));
+      }
+    }
+    if (!timestamp || signatures.length === 0) {
+      throw new Error("Invalid signature header format");
+    }
+    const timestampNum = parseInt(timestamp, 10);
+    const now = Math.floor(receivedAt / 1e3);
+    if (Math.abs(now - timestampNum) > tolerance) {
+      throw new Error(
+        `Webhook signature timestamp outside tolerance: ${now}, ${timestampNum}`
+      );
+    }
+    const signedPayload = `${timestamp}.${payloadBuffer.toString("utf8")}`;
+    const expectedSignature = import_crypto2.default.createHmac("sha256", secret).update(signedPayload).digest("hex");
+    let signatureMatched = false;
+    for (const signature of signatures) {
+      try {
+        if (import_crypto2.default.timingSafeEqual(
+          Buffer.from(signature),
+          Buffer.from(expectedSignature)
+        )) {
+          signatureMatched = true;
+          break;
+        }
+      } catch (error) {
+        console.log("Error comparing signatures:", error);
+        continue;
+      }
+    }
+    if (!signatureMatched) {
+      throw new Error("Signature verification failed");
+    }
+    try {
+      return eventSchema.parse(JSON.parse(payloadBuffer.toString("utf8")));
+    } catch (error) {
+      throw new Error(
+        `Failed to parse webhook payload: ${error instanceof Error ? error.message : String(error)}`
+      );
+    }
+  }
+};
+
+// src/rstream.ts
+var RstreamClient = class {
+  cfg;
+  constructor(config) {
+    this.cfg = config;
+  }
+  get engine() {
+    return this.cfg?.engine || process.env.RSTREAM_DEFAULT_ENGINE || "engine.rstream.io:443";
+  }
+  get credentials() {
+    if (this.cfg?.credentials && "token" in this.cfg.credentials) {
+      return this.cfg.credentials;
+    }
+    if (process.env.RSTREAM_DEFAULT_AUTHENTICATION_TOKEN) {
+      return {
+        token: process.env.RSTREAM_DEFAULT_AUTHENTICATION_TOKEN
+      };
+    }
+    if (this.cfg?.credentials && "clientId" in this.cfg.credentials) {
+      return this.cfg.credentials;
+    }
+    if (process.env.RSTREAM_DEFAULT_CLIENT_ID && process.env.RSTREAM_DEFAULT_CLIENT_SECRET) {
+      return {
+        clientId: process.env.RSTREAM_DEFAULT_CLIENT_ID,
+        clientSecret: process.env.RSTREAM_DEFAULT_CLIENT_SECRET
+      };
+    }
+    return void 0;
+  }
+  get api() {
+    return `https://${this.engine}/api`;
+  }
+  get auth() {
+    return new RstreamAuthRessource(this);
+  }
+  get clients() {
+    return new RstreamClientsRessource(this);
+  }
+  get tunnels() {
+    return new RstreamTunnelsRessource(this);
+  }
+  get webhooks() {
+    return new RstreamWebHooksRessource(this);
+  }
+  async getToken() {
+    const credentials = this.credentials;
+    if (credentials && "token" in credentials) {
+      return credentials.token;
+    }
+    if (credentials && "clientId" in credentials) {
+      return (await this.auth.createShortTermToken(void 0, {
+        credentials: {
+          clientId: credentials.clientId,
+          clientSecret: credentials.clientSecret
+        }
+      })).token;
+    }
+    return void 0;
+  }
+  async request(path, options) {
+    const url = `${this.api}${path}`;
+    const headers = new Headers(options?.headers || {});
+    const token = await this.getToken();
+    if (token) {
+      headers.set("Authorization", `Bearer ${token}`);
+    }
+    const response = await fetch(url, {
+      ...options,
+      headers
+    });
+    if (!response.ok) {
+      const errorText = await response.text();
+      throw new Error(`HTTP error ${response.status}: ${errorText}`);
+    }
+    return await response.json();
+  }
+};
+
+// src/watch.ts
+var import_jsonwebtoken2 = __toESM(require("jsonwebtoken"));
+var Watch = class {
+  connection = null;
+  connectionState = "preparing";
+  config;
+  events;
+  constructor(config, events) {
+    this.config = config;
+    this.events = events;
+  }
+  async connect() {
+    if (this.connectionState !== "preparing") {
+      throw new Error("Watch: Connection already started or closed.");
+    }
+    this.connectionState = "connecting";
+    const token = await this.config.auth.token();
+    const payload = rstreamAuthPayloadSchema.parse(
+      import_jsonwebtoken2.default.decode(token, { complete: false })
+    );
+    const base = `https://${this.config.engine || payload.metadata?.engine || "engine.rstream.io:443"}`;
+    if (this.config.transport === "sse") {
+      const url = new URL(`/api/sse`, base);
+      url.searchParams.set("rstream.token", token);
+      this.connection = new EventSource(url.toString());
+    } else {
+      const url = new URL(`/api/websocket`, base);
+      url.searchParams.set("rstream.token", token);
+      url.protocol = url.protocol === "https:" ? "wss:" : "ws:";
+      this.connection = new WebSocket(url.toString());
+    }
+    this.connection.onopen = () => {
+      this.connectionState = "connected";
+      this.events.onConnect?.();
+    };
+    this.connection.onmessage = (msg) => {
+      const parsed = eventSchema.parse(JSON.parse(msg.data));
+      this.events.onEvent?.(parsed);
+    };
+    this.connection.onerror = () => {
+      if (this.connectionState !== "closed") {
+        this.disconnect();
+      }
+    };
+  }
+  disconnect() {
+    if (this.connection) {
+      this.connection.onerror = null;
+      this.connection.onmessage = null;
+      this.connection.onopen = null;
+      this.connection.close();
+      this.connection = null;
+    }
+    if (this.connectionState !== "closed") {
+      this.connectionState = "closed";
+      this.events.onClose?.();
+    }
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  Rstream,
+  RstreamAuthRessource,
+  RstreamClient,
+  RstreamClientsRessource,
+  RstreamTunnelsRessource,
+  RstreamWebHooksRessource,
+  Watch,
+  clientSchema,
+  createShortTermTokenParamsSchema,
+  createShortTermTokenResponseSchema,
+  eventSchema,
+  listClientsParamsSchema,
+  listClientsResponseSchema,
+  listTunnelsParamsSchema,
+  listTunnelsResponseSchema,
+  rstreamAuthPayloadSchema,
+  tunnelSchema
+});