@rstreamlabs/rstream 1.4.0 → 1.5.0

package/dist/index.js

@@ -37,16 +37,21 @@ __export(index_exports, {
   RstreamTunnelsRessource: () => RstreamTunnelsRessource,
   RstreamWebHooksRessource: () => RstreamWebHooksRessource,
   Watch: () => Watch,
+  authTokenPermissionsSchema: () => authTokenPermissionsSchema,
+  authTokenSchema: () => authTokenSchema,
+  authTokenScopesSchema: () => authTokenScopesSchema,
+  authTokenTunnelsScopesSchema: () => authTokenTunnelsScopesSchema,
   clientSchema: () => clientSchema,
-  createShortTermTokenParamsSchema: () => createShortTermTokenParamsSchema,
-  createShortTermTokenResponseSchema: () => createShortTermTokenResponseSchema,
+  createAuthTokenParamsSchema: () => createAuthTokenParamsSchema,
+  createAuthTokenResponseSchema: () => createAuthTokenResponseSchema,
   eventSchema: () => eventSchema,
   listClientsParamsSchema: () => listClientsParamsSchema,
   listClientsResponseSchema: () => listClientsResponseSchema,
   listTunnelsParamsSchema: () => listTunnelsParamsSchema,
   listTunnelsResponseSchema: () => listTunnelsResponseSchema,
-  rstreamAuthPayloadSchema: () => rstreamAuthPayloadSchema,
-  tunnelSchema: () => tunnelSchema
+  parseWebTTYServers: () => parseWebTTYServers,
+  tunnelSchema: () => tunnelSchema,
+  webttyServerSchema: () => webttyServerSchema
 });
 module.exports = __toCommonJS(index_exports);
 
@@ -58,11 +63,11 @@ var RstreamAuthRessource = class {
   constructor(client) {
     this.client = client;
   }
-  async createShortTermToken(params, options) {
+  async createAuthToken(params, options) {
     const credentials = options?.credentials || this.client.credentials;
     if (!credentials || !("clientId" in credentials)) {
       throw new Error(
-        "Application credentials (client id, client secret) are required to create a short term token."
+        "Application credentials (client id, client secret) are required to create an auth token."
       );
     }
     const now = Math.floor(Date.now() / 1e3);
@@ -74,9 +79,10 @@ var RstreamAuthRessource = class {
       // Expiration time
       type: "app",
       clientId: credentials.clientId,
+      permissions: null,
       metadata: {
         engine: this.client.engine,
-        permissions: params?.permissions
+        scopes: params?.scopes
       }
     };
     const pk = import_crypto.default.createPrivateKey({
@@ -184,60 +190,79 @@ var listTunnelsResponseSchema = z2.array(tunnelSchema);
 
 // src/auth.ts
 var z3 = __toESM(require("zod"));
-var createShortTermTokenParamsSchema = z3.object({
-  expires_in: z3.number().default(60),
-  // 1 minute
-  permissions: z3.object({
-    // Permissions for creating a tunnel
-    create: z3.union([
-      z3.boolean(),
-      z3.object({
-        filters: filters(tunnelSchema).optional()
-      })
-    ]).optional(),
-    // Permissions for connecting to a tunnel
-    connect: z3.union([
-      z3.boolean(),
-      z3.object({
-        filters: filters(tunnelSchema).optional(),
-        params: filters(
-          z3.object({
-            path: z3.string().optional()
-          })
-        ).optional()
-      })
-    ]).optional(),
-    // Permissions for listing tunnels
-    list: z3.union([
-      z3.boolean(),
-      z3.object({
-        filters: filters(tunnelSchema).optional(),
-        select: select(tunnelSchema).optional()
-      })
-    ]).optional()
-  }),
-  // Additional metadata
-  metadata: z3.unknown().optional()
+var authTokenPermissionsSchema = z3.array(z3.string());
+var authTokenTunnelsScopesSchema = z3.object({
+  // Scopes for creating tunnels
+  create: z3.union([
+    z3.boolean(),
+    z3.object({
+      filters: filters(
+        tunnelSchema.omit({
+          client_id: true,
+          user_id: true,
+          status: true,
+          creation_date: true
+        })
+      ).optional()
+    })
+  ]).optional(),
+  // Scopes for connecting to tunnels
+  connect: z3.union([
+    z3.boolean(),
+    z3.object({
+      filters: filters(tunnelSchema).optional(),
+      params: filters(
+        z3.object({
+          path: z3.string().optional()
+        })
+      ).optional()
+    })
+  ]).optional(),
+  // Scopes for listing tunnels
+  list: z3.union([
+    z3.boolean(),
+    z3.object({
+      filters: filters(tunnelSchema).optional(),
+      select: select(tunnelSchema).optional()
+    })
+  ]).optional()
 });
-var createShortTermTokenResponseSchema = z3.object({
-  token: z3.string()
+var authTokenScopesSchema = z3.object({
+  tunnels: authTokenTunnelsScopesSchema.optional()
+  // Scopes related to tunnels
 });
-var rstreamAuthPayloadSchema = z3.discriminatedUnion("type", [
+var authTokenSchema = z3.union([
+  z3.object({
+    type: z3.literal("auth"),
+    userId: z3.string(),
+    permissions: authTokenPermissionsSchema.nullable()
+  }),
   z3.object({
     type: z3.literal("pat")
   }),
   z3.object({
     type: z3.literal("app"),
-    clientId: z3.string()
+    clientId: z3.string(),
+    permissions: authTokenPermissionsSchema.nullable()
   })
 ]).and(
   z3.object({
     metadata: z3.object({
       engine: z3.string().optional(),
-      permissions: createShortTermTokenParamsSchema.shape.permissions.optional()
+      scopes: authTokenScopesSchema.optional()
     }).optional()
   })
 );
+var createAuthTokenParamsSchema = z3.object({
+  expires_in: z3.number().default(60),
+  // 1 minute
+  scopes: authTokenScopesSchema.optional(),
+  metadata: z3.unknown().optional()
+  // Additional metadata
+});
+var createAuthTokenResponseSchema = z3.object({
+  token: z3.string()
+});
 
 // src/client.ts
 var z4 = __toESM(require("zod"));
@@ -450,7 +475,7 @@ var RstreamClient = class {
       return credentials.token;
     }
     if (credentials && "clientId" in credentials) {
-      return (await this.auth.createShortTermToken(void 0, {
+      return (await this.auth.createAuthToken(void 0, {
         credentials: {
           clientId: credentials.clientId,
           clientSecret: credentials.clientSecret
@@ -494,8 +519,8 @@ var Watch = class {
       throw new Error("Watch: Connection already started or closed.");
     }
     this.connectionState = "connecting";
-    const token = await this.config.auth.token();
-    const payload = rstreamAuthPayloadSchema.parse(
+    const token = typeof this.config.auth === "function" ? await this.config.auth() : this.config.auth;
+    const payload = authTokenSchema.parse(
       import_jsonwebtoken2.default.decode(token, { complete: false })
     );
     const base = `https://${this.config.engine || payload.metadata?.engine || "engine.rstream.io:443"}`;
@@ -522,6 +547,13 @@ var Watch = class {
         this.disconnect();
       }
     };
+    if (this.connection instanceof WebSocket) {
+      this.connection.onclose = () => {
+        if (this.connectionState !== "closed") {
+          this.disconnect();
+        }
+      };
+    }
   }
   disconnect() {
     if (this.connection) {
@@ -537,6 +569,93 @@ var Watch = class {
     }
   }
 };
+
+// src/webtty.ts
+var z6 = __toESM(require("zod"));
+var osFamilies = [
+  "linux",
+  "macos",
+  "windows",
+  "netbsd",
+  "openbsd",
+  "freebsd"
+];
+var architectures = [
+  "x86_i386",
+  "x86_i686",
+  "x86_64",
+  "x86_64_v2",
+  "x86_64_v3",
+  "x86_64_v4",
+  "armv6",
+  "armv6hf",
+  "armv7",
+  "armv7hf",
+  "arm64",
+  "mips",
+  "mipsle",
+  "mips64",
+  "mips64le",
+  "ppc64",
+  "ppc64le",
+  "riscv64"
+];
+var webttyServerSchema = z6.object({
+  tunnel_id: z6.string(),
+  host: z6.string(),
+  token_auth: z6.boolean(),
+  os_family: z6.enum(osFamilies).optional(),
+  arch: z6.enum(architectures).optional(),
+  os_id: z6.string().optional(),
+  // /etc/os-release::ID (ubuntu, debian, rocky, etc.)
+  os_version_id: z6.string().optional(),
+  // /etc/os-release::VERSION_ID (24.04, 22.04, 11, 10.0.19045, ...)
+  os_version_codename: z6.string().optional(),
+  // /etc/os-release::VERSION_CODENAME (jammy, noble...)
+  os_pretty_name: z6.string().optional(),
+  // /etc/os-release::PRETTY_NAME
+  kernel_release: z6.string().optional(),
+  // uname -r
+  hostname: z6.string().optional(),
+  // uname -n
+  labels: z6.record(z6.string(), z6.string().optional()).optional()
+});
+function parser(tunnel) {
+  if (tunnel.status !== "online") return null;
+  if (tunnel.publish !== true) return null;
+  if (tunnel.protocol !== "http") return null;
+  const tunnelLabels = tunnel.labels ?? {};
+  if (tunnelLabels["application-protocol"] !== "rstream.webtty") {
+    return null;
+  }
+  const labels = {};
+  for (const [key, value] of Object.entries(tunnelLabels)) {
+    if (!key.startsWith("rstream.webtty.label.")) continue;
+    const labelKey = key.slice("rstream.webtty.label.".length);
+    if (labelKey.length === 0) continue;
+    labels[labelKey] = value;
+  }
+  const candidate = {
+    tunnel_id: tunnel.id,
+    host: tunnel.host,
+    token_auth: tunnel.token_auth === true,
+    os_family: tunnelLabels["rstream.webtty.os_family"],
+    arch: tunnelLabels["rstream.webtty.arch"],
+    os_id: tunnelLabels["rstream.webtty.os_id"],
+    os_version_id: tunnelLabels["rstream.webtty.os_version_id"],
+    os_version_codename: tunnelLabels["rstream.webtty.os_version_codename"],
+    os_pretty_name: tunnelLabels["rstream.webtty.os_pretty_name"],
+    kernel_release: tunnelLabels["rstream.webtty.kernel_release"],
+    hostname: tunnelLabels["rstream.webtty.hostname"],
+    labels: Object.keys(labels).length > 0 ? labels : void 0
+  };
+  const parsed = webttyServerSchema.safeParse(candidate);
+  if (!parsed.success) return null;
+  return parsed.data;
+}
+function parseWebTTYServers(tunnels) {
+  return tunnels.map((tunnel) => parser(tunnel)).filter((server) => server !== null);
+}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   Rstream,
@@ -546,14 +665,19 @@ var Watch = class {
   RstreamTunnelsRessource,
   RstreamWebHooksRessource,
   Watch,
+  authTokenPermissionsSchema,
+  authTokenSchema,
+  authTokenScopesSchema,
+  authTokenTunnelsScopesSchema,
   clientSchema,
-  createShortTermTokenParamsSchema,
-  createShortTermTokenResponseSchema,
+  createAuthTokenParamsSchema,
+  createAuthTokenResponseSchema,
   eventSchema,
   listClientsParamsSchema,
   listClientsResponseSchema,
   listTunnelsParamsSchema,
   listTunnelsResponseSchema,
-  rstreamAuthPayloadSchema,
-  tunnelSchema
+  parseWebTTYServers,
+  tunnelSchema,
+  webttyServerSchema
 });

package/dist/index.mjs

@@ -6,11 +6,11 @@ var RstreamAuthRessource = class {
   constructor(client) {
     this.client = client;
   }
-  async createShortTermToken(params, options) {
+  async createAuthToken(params, options) {
     const credentials = options?.credentials || this.client.credentials;
     if (!credentials || !("clientId" in credentials)) {
       throw new Error(
-        "Application credentials (client id, client secret) are required to create a short term token."
+        "Application credentials (client id, client secret) are required to create an auth token."
       );
     }
     const now = Math.floor(Date.now() / 1e3);
@@ -22,9 +22,10 @@ var RstreamAuthRessource = class {
       // Expiration time
       type: "app",
       clientId: credentials.clientId,
+      permissions: null,
       metadata: {
         engine: this.client.engine,
-        permissions: params?.permissions
+        scopes: params?.scopes
       }
     };
     const pk = crypto.createPrivateKey({
@@ -132,60 +133,79 @@ var listTunnelsResponseSchema = z2.array(tunnelSchema);
 
 // src/auth.ts
 import * as z3 from "zod";
-var createShortTermTokenParamsSchema = z3.object({
-  expires_in: z3.number().default(60),
-  // 1 minute
-  permissions: z3.object({
-    // Permissions for creating a tunnel
-    create: z3.union([
-      z3.boolean(),
-      z3.object({
-        filters: filters(tunnelSchema).optional()
-      })
-    ]).optional(),
-    // Permissions for connecting to a tunnel
-    connect: z3.union([
-      z3.boolean(),
-      z3.object({
-        filters: filters(tunnelSchema).optional(),
-        params: filters(
-          z3.object({
-            path: z3.string().optional()
-          })
-        ).optional()
-      })
-    ]).optional(),
-    // Permissions for listing tunnels
-    list: z3.union([
-      z3.boolean(),
-      z3.object({
-        filters: filters(tunnelSchema).optional(),
-        select: select(tunnelSchema).optional()
-      })
-    ]).optional()
-  }),
-  // Additional metadata
-  metadata: z3.unknown().optional()
+var authTokenPermissionsSchema = z3.array(z3.string());
+var authTokenTunnelsScopesSchema = z3.object({
+  // Scopes for creating tunnels
+  create: z3.union([
+    z3.boolean(),
+    z3.object({
+      filters: filters(
+        tunnelSchema.omit({
+          client_id: true,
+          user_id: true,
+          status: true,
+          creation_date: true
+        })
+      ).optional()
+    })
+  ]).optional(),
+  // Scopes for connecting to tunnels
+  connect: z3.union([
+    z3.boolean(),
+    z3.object({
+      filters: filters(tunnelSchema).optional(),
+      params: filters(
+        z3.object({
+          path: z3.string().optional()
+        })
+      ).optional()
+    })
+  ]).optional(),
+  // Scopes for listing tunnels
+  list: z3.union([
+    z3.boolean(),
+    z3.object({
+      filters: filters(tunnelSchema).optional(),
+      select: select(tunnelSchema).optional()
+    })
+  ]).optional()
 });
-var createShortTermTokenResponseSchema = z3.object({
-  token: z3.string()
+var authTokenScopesSchema = z3.object({
+  tunnels: authTokenTunnelsScopesSchema.optional()
+  // Scopes related to tunnels
 });
-var rstreamAuthPayloadSchema = z3.discriminatedUnion("type", [
+var authTokenSchema = z3.union([
+  z3.object({
+    type: z3.literal("auth"),
+    userId: z3.string(),
+    permissions: authTokenPermissionsSchema.nullable()
+  }),
   z3.object({
     type: z3.literal("pat")
   }),
   z3.object({
     type: z3.literal("app"),
-    clientId: z3.string()
+    clientId: z3.string(),
+    permissions: authTokenPermissionsSchema.nullable()
   })
 ]).and(
   z3.object({
     metadata: z3.object({
       engine: z3.string().optional(),
-      permissions: createShortTermTokenParamsSchema.shape.permissions.optional()
+      scopes: authTokenScopesSchema.optional()
     }).optional()
   })
 );
+var createAuthTokenParamsSchema = z3.object({
+  expires_in: z3.number().default(60),
+  // 1 minute
+  scopes: authTokenScopesSchema.optional(),
+  metadata: z3.unknown().optional()
+  // Additional metadata
+});
+var createAuthTokenResponseSchema = z3.object({
+  token: z3.string()
+});
 
 // src/client.ts
 import * as z4 from "zod";
@@ -398,7 +418,7 @@ var RstreamClient = class {
       return credentials.token;
     }
     if (credentials && "clientId" in credentials) {
-      return (await this.auth.createShortTermToken(void 0, {
+      return (await this.auth.createAuthToken(void 0, {
         credentials: {
           clientId: credentials.clientId,
           clientSecret: credentials.clientSecret
@@ -442,8 +462,8 @@ var Watch = class {
       throw new Error("Watch: Connection already started or closed.");
     }
     this.connectionState = "connecting";
-    const token = await this.config.auth.token();
-    const payload = rstreamAuthPayloadSchema.parse(
+    const token = typeof this.config.auth === "function" ? await this.config.auth() : this.config.auth;
+    const payload = authTokenSchema.parse(
       jwt2.decode(token, { complete: false })
     );
     const base = `https://${this.config.engine || payload.metadata?.engine || "engine.rstream.io:443"}`;
@@ -470,6 +490,13 @@ var Watch = class {
         this.disconnect();
       }
     };
+    if (this.connection instanceof WebSocket) {
+      this.connection.onclose = () => {
+        if (this.connectionState !== "closed") {
+          this.disconnect();
+        }
+      };
+    }
   }
   disconnect() {
     if (this.connection) {
@@ -485,6 +512,93 @@ var Watch = class {
     }
   }
 };
+
+// src/webtty.ts
+import * as z6 from "zod";
+var osFamilies = [
+  "linux",
+  "macos",
+  "windows",
+  "netbsd",
+  "openbsd",
+  "freebsd"
+];
+var architectures = [
+  "x86_i386",
+  "x86_i686",
+  "x86_64",
+  "x86_64_v2",
+  "x86_64_v3",
+  "x86_64_v4",
+  "armv6",
+  "armv6hf",
+  "armv7",
+  "armv7hf",
+  "arm64",
+  "mips",
+  "mipsle",
+  "mips64",
+  "mips64le",
+  "ppc64",
+  "ppc64le",
+  "riscv64"
+];
+var webttyServerSchema = z6.object({
+  tunnel_id: z6.string(),
+  host: z6.string(),
+  token_auth: z6.boolean(),
+  os_family: z6.enum(osFamilies).optional(),
+  arch: z6.enum(architectures).optional(),
+  os_id: z6.string().optional(),
+  // /etc/os-release::ID (ubuntu, debian, rocky, etc.)
+  os_version_id: z6.string().optional(),
+  // /etc/os-release::VERSION_ID (24.04, 22.04, 11, 10.0.19045, ...)
+  os_version_codename: z6.string().optional(),
+  // /etc/os-release::VERSION_CODENAME (jammy, noble...)
+  os_pretty_name: z6.string().optional(),
+  // /etc/os-release::PRETTY_NAME
+  kernel_release: z6.string().optional(),
+  // uname -r
+  hostname: z6.string().optional(),
+  // uname -n
+  labels: z6.record(z6.string(), z6.string().optional()).optional()
+});
+function parser(tunnel) {
+  if (tunnel.status !== "online") return null;
+  if (tunnel.publish !== true) return null;
+  if (tunnel.protocol !== "http") return null;
+  const tunnelLabels = tunnel.labels ?? {};
+  if (tunnelLabels["application-protocol"] !== "rstream.webtty") {
+    return null;
+  }
+  const labels = {};
+  for (const [key, value] of Object.entries(tunnelLabels)) {
+    if (!key.startsWith("rstream.webtty.label.")) continue;
+    const labelKey = key.slice("rstream.webtty.label.".length);
+    if (labelKey.length === 0) continue;
+    labels[labelKey] = value;
+  }
+  const candidate = {
+    tunnel_id: tunnel.id,
+    host: tunnel.host,
+    token_auth: tunnel.token_auth === true,
+    os_family: tunnelLabels["rstream.webtty.os_family"],
+    arch: tunnelLabels["rstream.webtty.arch"],
+    os_id: tunnelLabels["rstream.webtty.os_id"],
+    os_version_id: tunnelLabels["rstream.webtty.os_version_id"],
+    os_version_codename: tunnelLabels["rstream.webtty.os_version_codename"],
+    os_pretty_name: tunnelLabels["rstream.webtty.os_pretty_name"],
+    kernel_release: tunnelLabels["rstream.webtty.kernel_release"],
+    hostname: tunnelLabels["rstream.webtty.hostname"],
+    labels: Object.keys(labels).length > 0 ? labels : void 0
+  };
+  const parsed = webttyServerSchema.safeParse(candidate);
+  if (!parsed.success) return null;
+  return parsed.data;
+}
+function parseWebTTYServers(tunnels) {
+  return tunnels.map((tunnel) => parser(tunnel)).filter((server) => server !== null);
+}
 export {
   RstreamClient as Rstream,
   RstreamAuthRessource,
@@ -493,14 +607,19 @@ export {
   RstreamTunnelsRessource,
   RstreamWebHooksRessource,
   Watch,
+  authTokenPermissionsSchema,
+  authTokenSchema,
+  authTokenScopesSchema,
+  authTokenTunnelsScopesSchema,
   clientSchema,
-  createShortTermTokenParamsSchema,
-  createShortTermTokenResponseSchema,
+  createAuthTokenParamsSchema,
+  createAuthTokenResponseSchema,
   eventSchema,
   listClientsParamsSchema,
   listClientsResponseSchema,
   listTunnelsParamsSchema,
   listTunnelsResponseSchema,
-  rstreamAuthPayloadSchema,
-  tunnelSchema
+  parseWebTTYServers,
+  tunnelSchema,
+  webttyServerSchema
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rstreamlabs/rstream",
-  "version": "1.4.0",
+  "version": "1.5.0",
   "description": "JS SDK for rstream.",
   "author": "@uartnet <hello@rstream.io>",
   "license": "Apache-2.0",
@@ -19,14 +19,14 @@
     "type-check": "tsc --noEmit"
   },
   "devDependencies": {
-    "@turbo/gen": "^2.5.8",
+    "@turbo/gen": "^2.6.1",
     "@types/jsonwebtoken": "^9.0.10",
     "@types/node": "^24",
     "eslint-config": "*",
-    "eslint": "9.36.0",
-    "tsup": "^8.5.0",
+    "eslint": "9.39.1",
+    "tsup": "^8.5.1",
     "typescript-config": "*",
-    "typescript": "5.9.2"
+    "typescript": "5.9.3"
   },
   "dependencies": {
     "jsonwebtoken": "^9.0.2",