@rubytech/create-maxy-code 0.1.275 → 0.1.276
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/payload/platform/plugins/admin/.claude-plugin/plugin.json +1 -1
- package/payload/platform/plugins/admin/PLUGIN.md +1 -4
- package/payload/platform/plugins/admin/mcp/dist/index.js +0 -8
- package/payload/platform/plugins/admin/mcp/dist/index.js.map +1 -1
- package/payload/platform/plugins/docs/references/admin-identity-gate.md +40 -81
- package/payload/platform/scripts/setup-account.sh +0 -5
- package/payload/platform/services/claude-session-manager/dist/canonical-tool-names.generated.d.ts.map +1 -1
- package/payload/platform/services/claude-session-manager/dist/canonical-tool-names.generated.js +0 -1
- package/payload/platform/services/claude-session-manager/dist/canonical-tool-names.generated.js.map +1 -1
- package/payload/platform/services/claude-session-manager/dist/index.js +0 -17
- package/payload/platform/services/claude-session-manager/dist/index.js.map +1 -1
- package/payload/platform/services/claude-session-manager/dist/rc-daemon.d.ts.map +1 -1
- package/payload/platform/services/claude-session-manager/dist/rc-daemon.js +4 -5
- package/payload/platform/services/claude-session-manager/dist/rc-daemon.js.map +1 -1
- package/payload/premium-plugins/writer-craft/mcp/dist/index.js +1 -1
- package/payload/premium-plugins/writer-craft/mcp/dist/index.js.map +1 -1
- package/payload/premium-plugins/writer-craft/mcp/dist/tools/voice-distil-profile.d.ts +2 -0
- package/payload/premium-plugins/writer-craft/mcp/dist/tools/voice-distil-profile.d.ts.map +1 -1
- package/payload/premium-plugins/writer-craft/mcp/dist/tools/voice-distil-profile.js +1 -1
- package/payload/premium-plugins/writer-craft/mcp/dist/tools/voice-distil-profile.js.map +1 -1
- package/payload/premium-plugins/writer-craft/mcp/src/index.ts +1 -1
- package/payload/premium-plugins/writer-craft/mcp/src/tools/voice-distil-profile.ts +3 -1
- package/payload/server/server.js +140 -233
- package/payload/platform/plugins/admin/hooks/__tests__/pin-identity-gate.test.sh +0 -96
- package/payload/platform/plugins/admin/hooks/pin-identity-gate.sh +0 -146
package/payload/server/server.js
CHANGED
|
@@ -604,46 +604,6 @@ var require_dist2 = __commonJS({
|
|
|
604
604
|
}
|
|
605
605
|
});
|
|
606
606
|
|
|
607
|
-
// ../lib/require-port-env/dist/index.js
|
|
608
|
-
var require_dist3 = __commonJS({
|
|
609
|
-
"../lib/require-port-env/dist/index.js"(exports) {
|
|
610
|
-
"use strict";
|
|
611
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
612
|
-
exports.MissingPortEnvError = void 0;
|
|
613
|
-
exports.requirePortEnv = requirePortEnv3;
|
|
614
|
-
var MissingPortEnvError = class extends Error {
|
|
615
|
-
envName;
|
|
616
|
-
tag;
|
|
617
|
-
failLine;
|
|
618
|
-
constructor(envName, tag, failLine, message) {
|
|
619
|
-
super(message);
|
|
620
|
-
this.name = "MissingPortEnvError";
|
|
621
|
-
this.envName = envName;
|
|
622
|
-
this.tag = tag;
|
|
623
|
-
this.failLine = failLine;
|
|
624
|
-
}
|
|
625
|
-
};
|
|
626
|
-
exports.MissingPortEnvError = MissingPortEnvError;
|
|
627
|
-
var VALID_PORT_MIN = 1;
|
|
628
|
-
var VALID_PORT_MAX = 65535;
|
|
629
|
-
function requirePortEnv3(envName, options = {}) {
|
|
630
|
-
const tag = options.tag ?? "port-env";
|
|
631
|
-
const failLine = options.failLine ?? "missing-port-env";
|
|
632
|
-
const raw = process.env[envName];
|
|
633
|
-
if (raw === void 0 || raw === "") {
|
|
634
|
-
const msg = `[${tag}] ${failLine} reason=missing-env env=${envName}`;
|
|
635
|
-
throw new MissingPortEnvError(envName, tag, failLine, msg);
|
|
636
|
-
}
|
|
637
|
-
const parsed = Number.parseInt(raw, 10);
|
|
638
|
-
if (!Number.isInteger(parsed) || parsed < VALID_PORT_MIN || parsed > VALID_PORT_MAX || String(parsed) !== raw.trim()) {
|
|
639
|
-
const msg = `[${tag}] ${failLine} reason=invalid-port-env env=${envName} value=${JSON.stringify(raw)}`;
|
|
640
|
-
throw new MissingPortEnvError(envName, tag, failLine, msg);
|
|
641
|
-
}
|
|
642
|
-
return parsed;
|
|
643
|
-
}
|
|
644
|
-
}
|
|
645
|
-
});
|
|
646
|
-
|
|
647
607
|
// ../lib/graph-write/dist/audit.js
|
|
648
608
|
var require_audit = __commonJS({
|
|
649
609
|
"../lib/graph-write/dist/audit.js"(exports) {
|
|
@@ -725,7 +685,7 @@ var require_conversation_provenance = __commonJS({
|
|
|
725
685
|
"use strict";
|
|
726
686
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
727
687
|
exports.injectConversationProvenance = injectConversationProvenance;
|
|
728
|
-
var index_js_1 =
|
|
688
|
+
var index_js_1 = require_dist3();
|
|
729
689
|
async function injectConversationProvenance(params) {
|
|
730
690
|
const { session, relationships, accountId, writeLabels, conversationNodeId, logNamespace, tool } = params;
|
|
731
691
|
const original = [...relationships];
|
|
@@ -775,7 +735,7 @@ var require_conversation_provenance = __commonJS({
|
|
|
775
735
|
});
|
|
776
736
|
|
|
777
737
|
// ../lib/graph-write/dist/index.js
|
|
778
|
-
var
|
|
738
|
+
var require_dist3 = __commonJS({
|
|
779
739
|
"../lib/graph-write/dist/index.js"(exports) {
|
|
780
740
|
"use strict";
|
|
781
741
|
var __createBinding = exports && exports.__createBinding || (Object.create ? (function(o, m, k, k2) {
|
|
@@ -8434,11 +8394,11 @@ app11.delete("/:id", requireAdminSession, async (c) => {
|
|
|
8434
8394
|
const owned = await verifyConversationOwnership(sessionId, accountId);
|
|
8435
8395
|
if (!owned) return c.json({ error: "Conversation not found" }, 404);
|
|
8436
8396
|
const managerPort = requirePortEnv("CLAUDE_SESSION_MANAGER_PORT", { tag: "admin-conversation-delete" });
|
|
8437
|
-
const
|
|
8397
|
+
const managerBase5 = `http://127.0.0.1:${managerPort}`;
|
|
8438
8398
|
const outcome = await cascadeAdminConversationDelete({
|
|
8439
8399
|
sessionId,
|
|
8440
8400
|
accountId,
|
|
8441
|
-
managerBase:
|
|
8401
|
+
managerBase: managerBase5
|
|
8442
8402
|
});
|
|
8443
8403
|
if (outcome.ok) return c.json({ ok: true, claudeSessionIds: outcome.claudeSessionIds });
|
|
8444
8404
|
if (outcome.reason === "pty-still-alive") {
|
|
@@ -9282,18 +9242,18 @@ var ALLOWED_EVENTS = /* @__PURE__ */ new Set([
|
|
|
9282
9242
|
]);
|
|
9283
9243
|
var app14 = new Hono();
|
|
9284
9244
|
app14.post("/", async (c) => {
|
|
9285
|
-
const
|
|
9245
|
+
const TAG30 = "[admin:events]";
|
|
9286
9246
|
let body;
|
|
9287
9247
|
try {
|
|
9288
9248
|
body = await c.req.json();
|
|
9289
9249
|
} catch (err) {
|
|
9290
9250
|
const detail = err instanceof Error ? err.message : String(err);
|
|
9291
|
-
console.error(`${
|
|
9251
|
+
console.error(`${TAG30} reject reason=body-not-json detail=${detail}`);
|
|
9292
9252
|
return c.json({ ok: false, detail: "Request body was not valid JSON" }, 400);
|
|
9293
9253
|
}
|
|
9294
9254
|
const event = typeof body.event === "string" ? body.event : "";
|
|
9295
9255
|
if (!ALLOWED_EVENTS.has(event)) {
|
|
9296
|
-
console.error(`${
|
|
9256
|
+
console.error(`${TAG30} reject reason=event-not-allowed event=${JSON.stringify(event)}`);
|
|
9297
9257
|
return c.json({ ok: false, detail: `Event "${event}" is not allowed` }, 400);
|
|
9298
9258
|
}
|
|
9299
9259
|
const rawFields = body.fields && typeof body.fields === "object" ? body.fields : {};
|
|
@@ -12106,7 +12066,7 @@ app18.post("/", requireAdminSession, async (c) => {
|
|
|
12106
12066
|
return c.json({ error: "AdminConversation node is missing sessionId" }, 500);
|
|
12107
12067
|
}
|
|
12108
12068
|
const managerPort = requirePortEnv("CLAUDE_SESSION_MANAGER_PORT", { tag: "graph-page-cascade" });
|
|
12109
|
-
const
|
|
12069
|
+
const managerBase5 = `http://127.0.0.1:${managerPort}`;
|
|
12110
12070
|
try {
|
|
12111
12071
|
await session.close();
|
|
12112
12072
|
} catch {
|
|
@@ -12114,7 +12074,7 @@ app18.post("/", requireAdminSession, async (c) => {
|
|
|
12114
12074
|
const outcome = await cascadeAdminConversationDelete({
|
|
12115
12075
|
sessionId,
|
|
12116
12076
|
accountId,
|
|
12117
|
-
managerBase:
|
|
12077
|
+
managerBase: managerBase5
|
|
12118
12078
|
});
|
|
12119
12079
|
const elapsed2 = Date.now() - started;
|
|
12120
12080
|
const labelSummary2 = preflightLabels.join(",");
|
|
@@ -13752,61 +13712,9 @@ app32.post("/", async (c) => {
|
|
|
13752
13712
|
});
|
|
13753
13713
|
var access_session_evict_default = app32;
|
|
13754
13714
|
|
|
13755
|
-
// server/routes/admin/identity.ts
|
|
13756
|
-
var import_dist4 = __toESM(require_dist3(), 1);
|
|
13757
|
-
var app33 = new Hono();
|
|
13758
|
-
var TAG28 = "[admin-identity]";
|
|
13759
|
-
function managerBase5() {
|
|
13760
|
-
const port2 = (0, import_dist4.requirePortEnv)("CLAUDE_SESSION_MANAGER_PORT", { tag: "admin-identity" });
|
|
13761
|
-
return `http://127.0.0.1:${port2}`;
|
|
13762
|
-
}
|
|
13763
|
-
app33.post("/validate", async (c) => {
|
|
13764
|
-
const remoteAddr = c.env?.incoming?.socket?.remoteAddress ?? "";
|
|
13765
|
-
const isLoopback = remoteAddr === "127.0.0.1" || remoteAddr === "::1" || remoteAddr === "::ffff:127.0.0.1";
|
|
13766
|
-
if (!isLoopback || c.req.header("x-forwarded-for")) {
|
|
13767
|
-
return c.json({ error: "forbidden" }, 403);
|
|
13768
|
-
}
|
|
13769
|
-
let body;
|
|
13770
|
-
try {
|
|
13771
|
-
body = await c.req.json();
|
|
13772
|
-
} catch {
|
|
13773
|
-
return c.json({ error: "bad-request" }, 400);
|
|
13774
|
-
}
|
|
13775
|
-
const pin = typeof body.pin === "string" ? body.pin : "";
|
|
13776
|
-
const sessionId = typeof body.sessionId === "string" ? body.sessionId : void 0;
|
|
13777
|
-
if (!pin) return c.json({ error: "bad-request" }, 400);
|
|
13778
|
-
const fireStop = () => {
|
|
13779
|
-
if (sessionId) {
|
|
13780
|
-
void fetch(`${managerBase5()}/${encodeURIComponent(sessionId)}/stop`, { method: "POST" }).catch(
|
|
13781
|
-
() => {
|
|
13782
|
-
}
|
|
13783
|
-
);
|
|
13784
|
-
}
|
|
13785
|
-
};
|
|
13786
|
-
const verdict = validatePin(pin, USERS_FILE);
|
|
13787
|
-
if (verdict.kind !== "match") {
|
|
13788
|
-
if (verdict.kind === "miss") fireStop();
|
|
13789
|
-
console.log(`${TAG28} op=endpoint-validate result=${verdict.kind}${sessionId ? ` sessionId=${sessionId.slice(0, 8)}` : ""}`);
|
|
13790
|
-
return c.json({ kind: verdict.kind });
|
|
13791
|
-
}
|
|
13792
|
-
const { userId } = verdict;
|
|
13793
|
-
const accounts = resolveUserAccounts(userId);
|
|
13794
|
-
if (accounts.length === 0) {
|
|
13795
|
-
fireStop();
|
|
13796
|
-
console.log(`${TAG28} op=endpoint-validate result=no-account userId=${userId.slice(0, 8)}`);
|
|
13797
|
-
return c.json({ kind: "miss" });
|
|
13798
|
-
}
|
|
13799
|
-
const accountId = accounts[0].accountId;
|
|
13800
|
-
const { userName } = await resolveUserIdentity(accountId, userId);
|
|
13801
|
-
const aboutOwner = await resolveOwnerProfileBlock(accountId, userId);
|
|
13802
|
-
console.log(`${TAG28} op=endpoint-validate result=match userId=${userId.slice(0, 8)} aboutOwner=${aboutOwner.ok ? "ok" : `unresolved:${aboutOwner.reason}`}`);
|
|
13803
|
-
return c.json({ kind: "match", userId, userName, aboutOwner });
|
|
13804
|
-
});
|
|
13805
|
-
var identity_default = app33;
|
|
13806
|
-
|
|
13807
13715
|
// server/routes/admin/browser.ts
|
|
13808
|
-
var
|
|
13809
|
-
|
|
13716
|
+
var app33 = new Hono();
|
|
13717
|
+
app33.post("/launch", requireAdminSession, async (c) => {
|
|
13810
13718
|
try {
|
|
13811
13719
|
const transport = resolveBrowserTransport(c.req.raw, c.env?.incoming?.socket?.remoteAddress);
|
|
13812
13720
|
console.error(`[admin/browser/launch] op=request transport=${transport}`);
|
|
@@ -13834,40 +13742,39 @@ app34.post("/launch", requireAdminSession, async (c) => {
|
|
|
13834
13742
|
);
|
|
13835
13743
|
}
|
|
13836
13744
|
});
|
|
13837
|
-
var browser_default =
|
|
13745
|
+
var browser_default = app33;
|
|
13838
13746
|
|
|
13839
13747
|
// server/routes/admin/index.ts
|
|
13840
|
-
var
|
|
13841
|
-
|
|
13842
|
-
|
|
13843
|
-
|
|
13844
|
-
|
|
13845
|
-
|
|
13846
|
-
|
|
13847
|
-
|
|
13848
|
-
|
|
13849
|
-
|
|
13850
|
-
|
|
13851
|
-
|
|
13852
|
-
|
|
13853
|
-
|
|
13854
|
-
|
|
13855
|
-
|
|
13856
|
-
|
|
13857
|
-
|
|
13858
|
-
|
|
13859
|
-
|
|
13860
|
-
|
|
13861
|
-
|
|
13862
|
-
|
|
13863
|
-
|
|
13864
|
-
|
|
13865
|
-
|
|
13866
|
-
|
|
13867
|
-
|
|
13868
|
-
|
|
13869
|
-
|
|
13870
|
-
var admin_default = app35;
|
|
13748
|
+
var app34 = new Hono();
|
|
13749
|
+
app34.route("/session", session_default);
|
|
13750
|
+
app34.route("/logs", logs_default);
|
|
13751
|
+
app34.route("/claude-info", claude_info_default);
|
|
13752
|
+
app34.route("/attachment", attachment_default);
|
|
13753
|
+
app34.route("/agents", agents_default);
|
|
13754
|
+
app34.route("/sessions", sessions_default);
|
|
13755
|
+
app34.route("/claude-sessions", claude_sessions_default);
|
|
13756
|
+
app34.route("/log-ingest", log_ingest_default);
|
|
13757
|
+
app34.route("/events", events_default);
|
|
13758
|
+
app34.route("/files", files_default);
|
|
13759
|
+
app34.route("/graph-search", graph_search_default);
|
|
13760
|
+
app34.route("/graph-subgraph", graph_subgraph_default);
|
|
13761
|
+
app34.route("/graph-delete", graph_delete_default);
|
|
13762
|
+
app34.route("/graph-restore", graph_restore_default);
|
|
13763
|
+
app34.route("/graph-labels-in-graph", graph_labels_in_graph_default);
|
|
13764
|
+
app34.route("/graph-default-view", graph_default_view_default);
|
|
13765
|
+
app34.route("/sidebar-artefacts", sidebar_artefacts_default);
|
|
13766
|
+
app34.route("/sidebar-sessions", sidebar_sessions_default);
|
|
13767
|
+
app34.route("/session-delete", session_delete_default);
|
|
13768
|
+
app34.route("/browser", browser_default);
|
|
13769
|
+
app34.route("/session-rc-spawn", session_rc_spawn_default);
|
|
13770
|
+
app34.route("/system-stats", system_stats_default);
|
|
13771
|
+
app34.route("/health-brand", health_default2);
|
|
13772
|
+
app34.route("/linkedin-ingest", linkedin_ingest_default);
|
|
13773
|
+
app34.route("/post-turn-context", post_turn_context_default);
|
|
13774
|
+
app34.route("/public-session-context", public_session_context_default);
|
|
13775
|
+
app34.route("/public-session-exit", public_session_exit_default);
|
|
13776
|
+
app34.route("/access-session-evict", access_session_evict_default);
|
|
13777
|
+
var admin_default = app34;
|
|
13871
13778
|
|
|
13872
13779
|
// app/lib/access-gate.ts
|
|
13873
13780
|
import neo4j4 from "neo4j-driver";
|
|
@@ -14078,11 +13985,11 @@ async function generateNewMagicToken(grantId) {
|
|
|
14078
13985
|
}
|
|
14079
13986
|
|
|
14080
13987
|
// server/routes/access/verify-token.ts
|
|
14081
|
-
var
|
|
13988
|
+
var TAG28 = "[access-verify]";
|
|
14082
13989
|
var MINT_TAG = "[access-session-mint]";
|
|
14083
13990
|
var COOKIE_NAME = "__access_session";
|
|
14084
|
-
var
|
|
14085
|
-
|
|
13991
|
+
var app35 = new Hono();
|
|
13992
|
+
app35.post("/", async (c) => {
|
|
14086
13993
|
const ip = c.var.clientIp || "unknown";
|
|
14087
13994
|
let body;
|
|
14088
13995
|
try {
|
|
@@ -14097,39 +14004,39 @@ app36.post("/", async (c) => {
|
|
|
14097
14004
|
}
|
|
14098
14005
|
const rateMsg = checkAccessRateLimit(ip, agentSlug);
|
|
14099
14006
|
if (rateMsg) {
|
|
14100
|
-
console.error(`${
|
|
14007
|
+
console.error(`${TAG28} grantId=- agentSlug=${agentSlug} result=rate-limited ip=${ip}`);
|
|
14101
14008
|
return c.json({ error: rateMsg }, 429);
|
|
14102
14009
|
}
|
|
14103
14010
|
const grant = await findGrantByMagicToken(token);
|
|
14104
14011
|
if (!grant) {
|
|
14105
14012
|
recordAccessFailedAttempt(ip, agentSlug);
|
|
14106
|
-
console.error(`${
|
|
14013
|
+
console.error(`${TAG28} grantId=- agentSlug=${agentSlug} result=notfound ip=${ip}`);
|
|
14107
14014
|
return c.json({ error: "invalid-or-expired-link" }, 401);
|
|
14108
14015
|
}
|
|
14109
14016
|
if (grant.agentSlug !== agentSlug) {
|
|
14110
14017
|
recordAccessFailedAttempt(ip, agentSlug);
|
|
14111
14018
|
console.error(
|
|
14112
|
-
`${
|
|
14019
|
+
`${TAG28} grantId=${grant.grantId} agentSlug=${agentSlug} result=agent-mismatch grantAgent=${grant.agentSlug} ip=${ip}`
|
|
14113
14020
|
);
|
|
14114
14021
|
return c.json({ error: "invalid-or-expired-link" }, 401);
|
|
14115
14022
|
}
|
|
14116
14023
|
if (grant.status === "expired" || grant.status === "revoked") {
|
|
14117
14024
|
recordAccessFailedAttempt(ip, agentSlug);
|
|
14118
14025
|
console.error(
|
|
14119
|
-
`${
|
|
14026
|
+
`${TAG28} grantId=${grant.grantId} agentSlug=${agentSlug} result=expired status=${grant.status} ip=${ip}`
|
|
14120
14027
|
);
|
|
14121
14028
|
return c.json({ error: "access-no-longer-valid" }, 401);
|
|
14122
14029
|
}
|
|
14123
14030
|
if (grant.expiresAt !== null && grant.expiresAt < Date.now()) {
|
|
14124
14031
|
recordAccessFailedAttempt(ip, agentSlug);
|
|
14125
14032
|
console.error(
|
|
14126
|
-
`${
|
|
14033
|
+
`${TAG28} grantId=${grant.grantId} agentSlug=${agentSlug} result=expired reason=expiresAt-past ip=${ip}`
|
|
14127
14034
|
);
|
|
14128
14035
|
return c.json({ error: "access-no-longer-valid" }, 401);
|
|
14129
14036
|
}
|
|
14130
14037
|
if (!grant.sliceToken) {
|
|
14131
14038
|
console.error(
|
|
14132
|
-
`${
|
|
14039
|
+
`${TAG28} grantId=${grant.grantId} agentSlug=${agentSlug} result=no-slice-token reason=schema-violation`
|
|
14133
14040
|
);
|
|
14134
14041
|
return c.json({ error: "grant-misconfigured" }, 500);
|
|
14135
14042
|
}
|
|
@@ -14145,12 +14052,12 @@ app36.post("/", async (c) => {
|
|
|
14145
14052
|
await consumeMagicTokenAndActivate(grant.grantId);
|
|
14146
14053
|
} catch (err) {
|
|
14147
14054
|
console.error(
|
|
14148
|
-
`${
|
|
14055
|
+
`${TAG28} grantId=${grant.grantId} agentSlug=${agentSlug} result=consume-failed err="${err instanceof Error ? err.message : String(err)}"`
|
|
14149
14056
|
);
|
|
14150
14057
|
return c.json({ error: "verification-failed" }, 500);
|
|
14151
14058
|
}
|
|
14152
14059
|
clearAccessRateLimit(ip, agentSlug);
|
|
14153
|
-
console.log(`${
|
|
14060
|
+
console.log(`${TAG28} grantId=${grant.grantId} agentSlug=${agentSlug} result=ok ip=${ip}`);
|
|
14154
14061
|
console.log(
|
|
14155
14062
|
`${MINT_TAG} grantId=${grant.grantId} sliceToken=${grant.sliceToken.slice(0, 8)} agentSlug=${agentSlug} personId=${grant.personId ?? "none"}`
|
|
14156
14063
|
);
|
|
@@ -14164,7 +14071,7 @@ app36.post("/", async (c) => {
|
|
|
14164
14071
|
displayName: grant.displayName
|
|
14165
14072
|
});
|
|
14166
14073
|
});
|
|
14167
|
-
var verify_token_default =
|
|
14074
|
+
var verify_token_default = app35;
|
|
14168
14075
|
|
|
14169
14076
|
// app/lib/access-email.ts
|
|
14170
14077
|
import { spawn as spawn2 } from "child_process";
|
|
@@ -14226,10 +14133,10 @@ async function sendMagicLinkEmail(payload) {
|
|
|
14226
14133
|
}
|
|
14227
14134
|
|
|
14228
14135
|
// server/routes/access/request-magic-link.ts
|
|
14229
|
-
var
|
|
14230
|
-
var
|
|
14136
|
+
var TAG29 = "[access-request-link]";
|
|
14137
|
+
var app36 = new Hono();
|
|
14231
14138
|
var VISITOR_MESSAGE = "If that email is on the invite list, a fresh link is on the way.";
|
|
14232
|
-
|
|
14139
|
+
app36.post("/", async (c) => {
|
|
14233
14140
|
let body;
|
|
14234
14141
|
try {
|
|
14235
14142
|
body = await c.req.json();
|
|
@@ -14243,18 +14150,18 @@ app37.post("/", async (c) => {
|
|
|
14243
14150
|
}
|
|
14244
14151
|
const rateMsg = checkRequestLinkRateLimit(contactValue);
|
|
14245
14152
|
if (rateMsg) {
|
|
14246
|
-
console.error(`${
|
|
14153
|
+
console.error(`${TAG29} contactValue=${maskContact(contactValue)} result=rate-limited`);
|
|
14247
14154
|
return c.json({ error: rateMsg }, 429);
|
|
14248
14155
|
}
|
|
14249
14156
|
recordRequestLinkAttempt(contactValue);
|
|
14250
14157
|
const accountId = process.env.ACCOUNT_ID ?? "";
|
|
14251
14158
|
if (!accountId) {
|
|
14252
|
-
console.error(`${
|
|
14159
|
+
console.error(`${TAG29} contactValue=${maskContact(contactValue)} result=no-account-id`);
|
|
14253
14160
|
return c.json({ message: VISITOR_MESSAGE }, 200);
|
|
14254
14161
|
}
|
|
14255
14162
|
const grant = await findActiveGrantByContact(contactValue, agentSlug, accountId);
|
|
14256
14163
|
if (!grant) {
|
|
14257
|
-
console.log(`${
|
|
14164
|
+
console.log(`${TAG29} contactValue=${maskContact(contactValue)} result=notfound`);
|
|
14258
14165
|
return c.json({ message: VISITOR_MESSAGE }, 200);
|
|
14259
14166
|
}
|
|
14260
14167
|
let token;
|
|
@@ -14262,7 +14169,7 @@ app37.post("/", async (c) => {
|
|
|
14262
14169
|
token = await generateNewMagicToken(grant.grantId);
|
|
14263
14170
|
} catch (err) {
|
|
14264
14171
|
console.error(
|
|
14265
|
-
`${
|
|
14172
|
+
`${TAG29} contactValue=${maskContact(contactValue)} result=mint-failed err="${err instanceof Error ? err.message : String(err)}"`
|
|
14266
14173
|
);
|
|
14267
14174
|
return c.json({ message: VISITOR_MESSAGE }, 200);
|
|
14268
14175
|
}
|
|
@@ -14294,22 +14201,22 @@ app37.post("/", async (c) => {
|
|
|
14294
14201
|
});
|
|
14295
14202
|
if (!sendResult.ok) {
|
|
14296
14203
|
console.error(
|
|
14297
|
-
`${
|
|
14204
|
+
`${TAG29} contactValue=${maskContact(contactValue)} result=send-failed err="${sendResult.error}"`
|
|
14298
14205
|
);
|
|
14299
14206
|
return c.json({ message: VISITOR_MESSAGE }, 200);
|
|
14300
14207
|
}
|
|
14301
14208
|
console.log(
|
|
14302
|
-
`${
|
|
14209
|
+
`${TAG29} contactValue=${maskContact(contactValue)} result=ok messageId=${sendResult.messageId}`
|
|
14303
14210
|
);
|
|
14304
14211
|
return c.json({ message: VISITOR_MESSAGE }, 200);
|
|
14305
14212
|
});
|
|
14306
|
-
var request_magic_link_default =
|
|
14213
|
+
var request_magic_link_default = app36;
|
|
14307
14214
|
|
|
14308
14215
|
// server/routes/access/index.ts
|
|
14309
|
-
var
|
|
14310
|
-
|
|
14311
|
-
|
|
14312
|
-
var access_default =
|
|
14216
|
+
var app37 = new Hono();
|
|
14217
|
+
app37.route("/verify-token", verify_token_default);
|
|
14218
|
+
app37.route("/request-magic-link", request_magic_link_default);
|
|
14219
|
+
var access_default = app37;
|
|
14313
14220
|
|
|
14314
14221
|
// server/routes/sites.ts
|
|
14315
14222
|
import { existsSync as existsSync19, readFileSync as readFileSync18, realpathSync as realpathSync5, statSync as statSync8 } from "fs";
|
|
@@ -14344,8 +14251,8 @@ function getExt(p) {
|
|
|
14344
14251
|
if (idx < p.lastIndexOf("/")) return "";
|
|
14345
14252
|
return p.slice(idx).toLowerCase();
|
|
14346
14253
|
}
|
|
14347
|
-
var
|
|
14348
|
-
|
|
14254
|
+
var app38 = new Hono();
|
|
14255
|
+
app38.get("/:rel{.*}", (c) => {
|
|
14349
14256
|
const reqPath = c.req.path;
|
|
14350
14257
|
const rawRel = c.req.param("rel") ?? "";
|
|
14351
14258
|
const trimmed = rawRel.replace(/^\/+/, "").replace(/\/+$/, "");
|
|
@@ -14448,7 +14355,7 @@ app39.get("/:rel{.*}", (c) => {
|
|
|
14448
14355
|
"X-Content-Type-Options": "nosniff"
|
|
14449
14356
|
});
|
|
14450
14357
|
});
|
|
14451
|
-
var sites_default =
|
|
14358
|
+
var sites_default = app38;
|
|
14452
14359
|
|
|
14453
14360
|
// app/lib/visitor-token.ts
|
|
14454
14361
|
import { createHmac, randomBytes, timingSafeEqual } from "crypto";
|
|
@@ -14548,7 +14455,7 @@ function readBrandConfig() {
|
|
|
14548
14455
|
}
|
|
14549
14456
|
|
|
14550
14457
|
// server/routes/visitor-consent.ts
|
|
14551
|
-
var
|
|
14458
|
+
var app39 = new Hono();
|
|
14552
14459
|
var CONSENT_COOKIE_NAME = "mxy_consent";
|
|
14553
14460
|
var CONSENT_COOKIE_MAX_AGE_SECONDS = 60 * 60 * 24 * 365;
|
|
14554
14461
|
var DEFAULT_CONSENT_COPY = {
|
|
@@ -14593,17 +14500,17 @@ function siteSlugFromReferer(referer) {
|
|
|
14593
14500
|
return "";
|
|
14594
14501
|
}
|
|
14595
14502
|
}
|
|
14596
|
-
|
|
14503
|
+
app39.options("/consent", (c) => {
|
|
14597
14504
|
const origin = getOrigin(c);
|
|
14598
14505
|
setCorsHeaders(c, origin);
|
|
14599
14506
|
return c.body(null, 204);
|
|
14600
14507
|
});
|
|
14601
|
-
|
|
14508
|
+
app39.options("/brand-config", (c) => {
|
|
14602
14509
|
const origin = getOrigin(c);
|
|
14603
14510
|
setCorsHeaders(c, origin);
|
|
14604
14511
|
return c.body(null, 204);
|
|
14605
14512
|
});
|
|
14606
|
-
|
|
14513
|
+
app39.post("/consent", async (c) => {
|
|
14607
14514
|
const origin = getOrigin(c);
|
|
14608
14515
|
setCorsHeaders(c, origin);
|
|
14609
14516
|
let raw;
|
|
@@ -14643,7 +14550,7 @@ app40.post("/consent", async (c) => {
|
|
|
14643
14550
|
console.log(`[consent] ${parsed.decision} site=${site} brand=${brandName} tokenBound=${tokenBound}`);
|
|
14644
14551
|
return c.body(null, 204);
|
|
14645
14552
|
});
|
|
14646
|
-
|
|
14553
|
+
app39.get("/brand-config", (c) => {
|
|
14647
14554
|
const origin = getOrigin(c);
|
|
14648
14555
|
setCorsHeaders(c, origin);
|
|
14649
14556
|
const brand = readBrandConfig();
|
|
@@ -14653,7 +14560,7 @@ app40.get("/brand-config", (c) => {
|
|
|
14653
14560
|
c.header("Cache-Control", "public, max-age=300");
|
|
14654
14561
|
return c.json({ consent: { copy, palette } });
|
|
14655
14562
|
});
|
|
14656
|
-
var visitor_consent_default =
|
|
14563
|
+
var visitor_consent_default = app39;
|
|
14657
14564
|
|
|
14658
14565
|
// server/routes/listings.ts
|
|
14659
14566
|
function getCookie(headerValue, name) {
|
|
@@ -14680,8 +14587,8 @@ function appendConsentParams(pageUrl, token) {
|
|
|
14680
14587
|
}
|
|
14681
14588
|
var SAFE_SLUG_RE = /^[a-z0-9](?:[a-z0-9-]{0,118}[a-z0-9])?$/;
|
|
14682
14589
|
var CHAT_SESSION_KEY_RE = /^[A-Za-z0-9][A-Za-z0-9_-]{7,127}$/;
|
|
14683
|
-
var
|
|
14684
|
-
|
|
14590
|
+
var app40 = new Hono();
|
|
14591
|
+
app40.get("/:slug/click", async (c) => {
|
|
14685
14592
|
const slug = c.req.param("slug") ?? "";
|
|
14686
14593
|
const rawSession = c.req.query("session") ?? "";
|
|
14687
14594
|
const sessionKey = CHAT_SESSION_KEY_RE.test(rawSession) ? rawSession : "invalid";
|
|
@@ -14745,10 +14652,10 @@ app41.get("/:slug/click", async (c) => {
|
|
|
14745
14652
|
console.log(`[property-card-click] sessionKey=${sessionKey} listingSlug=${slug} consent=${consentCookie ?? "absent"} ts=${(/* @__PURE__ */ new Date()).toISOString()}`);
|
|
14746
14653
|
return c.redirect(redirectUrl, 302);
|
|
14747
14654
|
});
|
|
14748
|
-
var listings_default =
|
|
14655
|
+
var listings_default = app40;
|
|
14749
14656
|
|
|
14750
14657
|
// server/routes/visitor-event.ts
|
|
14751
|
-
var
|
|
14658
|
+
var app41 = new Hono();
|
|
14752
14659
|
var BOT_UA_RE = /\b(bot|crawl|spider|slurp|headlesschrome|phantomjs|googlebot|bingbot|yandex|baiduspider|ahrefsbot|semrushbot|mj12bot|dotbot|petalbot)\b/i;
|
|
14753
14660
|
var buckets = /* @__PURE__ */ new Map();
|
|
14754
14661
|
var RATE_LIMIT = 60;
|
|
@@ -14815,12 +14722,12 @@ function originAllowed(origin, allowlist) {
|
|
|
14815
14722
|
return false;
|
|
14816
14723
|
}
|
|
14817
14724
|
}
|
|
14818
|
-
|
|
14725
|
+
app41.options("/event", (c) => {
|
|
14819
14726
|
const origin = getOrigin2(c);
|
|
14820
14727
|
setCorsHeaders2(c, origin);
|
|
14821
14728
|
return c.body(null, 204);
|
|
14822
14729
|
});
|
|
14823
|
-
|
|
14730
|
+
app41.post("/event", async (c) => {
|
|
14824
14731
|
const origin = getOrigin2(c);
|
|
14825
14732
|
setCorsHeaders2(c, origin);
|
|
14826
14733
|
const ua = c.req.header("user-agent") ?? "";
|
|
@@ -15025,7 +14932,7 @@ async function writeEvent(opts) {
|
|
|
15025
14932
|
);
|
|
15026
14933
|
}
|
|
15027
14934
|
}
|
|
15028
|
-
var visitor_event_default =
|
|
14935
|
+
var visitor_event_default = app41;
|
|
15029
14936
|
|
|
15030
14937
|
// server/routes/session.ts
|
|
15031
14938
|
import { resolve as resolve23 } from "path";
|
|
@@ -15071,8 +14978,8 @@ function withVisitorCookie(response, visitorId) {
|
|
|
15071
14978
|
headers
|
|
15072
14979
|
});
|
|
15073
14980
|
}
|
|
15074
|
-
var
|
|
15075
|
-
|
|
14981
|
+
var app42 = new Hono();
|
|
14982
|
+
app42.post("/", async (c) => {
|
|
15076
14983
|
let body;
|
|
15077
14984
|
try {
|
|
15078
14985
|
body = await c.req.json();
|
|
@@ -15283,10 +15190,10 @@ app43.post("/", async (c) => {
|
|
|
15283
15190
|
newVisitorId
|
|
15284
15191
|
);
|
|
15285
15192
|
});
|
|
15286
|
-
var session_default2 =
|
|
15193
|
+
var session_default2 = app42;
|
|
15287
15194
|
|
|
15288
15195
|
// app/lib/graph-health.ts
|
|
15289
|
-
var
|
|
15196
|
+
var import_dist4 = __toESM(require_dist3(), 1);
|
|
15290
15197
|
var HOUR_MS = 60 * 60 * 1e3;
|
|
15291
15198
|
function renderLabelTop(rows) {
|
|
15292
15199
|
return rows.map((b) => {
|
|
@@ -15331,7 +15238,7 @@ async function runGraphHealthTick() {
|
|
|
15331
15238
|
console.error(
|
|
15332
15239
|
`[graph-health] userprofile-multi accounts=${upAccounts} top=${upTop.length > 0 ? upTop.join(",") : "none"}`
|
|
15333
15240
|
);
|
|
15334
|
-
const indexed = [...
|
|
15241
|
+
const indexed = [...import_dist4.VECTOR_INDEXED_LABELS];
|
|
15335
15242
|
const embCount = await session.run(
|
|
15336
15243
|
`MATCH (n) WHERE n.embedding IS NULL AND any(l IN labels(n) WHERE l IN $indexed)
|
|
15337
15244
|
RETURN count(n) AS total`,
|
|
@@ -15707,8 +15614,8 @@ var streamSSE = (c, cb, onError) => {
|
|
|
15707
15614
|
|
|
15708
15615
|
// app/lib/whatsapp/gateway/routes.ts
|
|
15709
15616
|
function createWaChannelRoutes(deps) {
|
|
15710
|
-
const
|
|
15711
|
-
|
|
15617
|
+
const app44 = new Hono();
|
|
15618
|
+
app44.get("/wa-channel/inbound", (c) => {
|
|
15712
15619
|
const senderId = c.req.query("senderId");
|
|
15713
15620
|
if (!senderId) return c.json({ error: "senderId required" }, 400);
|
|
15714
15621
|
return streamSSE(c, async (stream2) => {
|
|
@@ -15726,7 +15633,7 @@ function createWaChannelRoutes(deps) {
|
|
|
15726
15633
|
}
|
|
15727
15634
|
});
|
|
15728
15635
|
});
|
|
15729
|
-
|
|
15636
|
+
app44.post("/wa-channel/reply", async (c) => {
|
|
15730
15637
|
const body = await c.req.json().catch(() => null);
|
|
15731
15638
|
const senderId = body?.senderId;
|
|
15732
15639
|
const text = body?.text;
|
|
@@ -15745,7 +15652,7 @@ function createWaChannelRoutes(deps) {
|
|
|
15745
15652
|
console.error(`[whatsapp-native] op=reply-dispatch senderId=${senderId} bytes=${bytes}`);
|
|
15746
15653
|
return c.json({ ok: true });
|
|
15747
15654
|
});
|
|
15748
|
-
|
|
15655
|
+
app44.post("/wa-channel/ready", async (c) => {
|
|
15749
15656
|
const body = await c.req.json().catch(() => null);
|
|
15750
15657
|
const senderId = body?.senderId;
|
|
15751
15658
|
if (typeof senderId !== "string") {
|
|
@@ -15754,7 +15661,7 @@ function createWaChannelRoutes(deps) {
|
|
|
15754
15661
|
deps.onReady?.(senderId);
|
|
15755
15662
|
return c.json({ ok: true });
|
|
15756
15663
|
});
|
|
15757
|
-
return
|
|
15664
|
+
return app44;
|
|
15758
15665
|
}
|
|
15759
15666
|
|
|
15760
15667
|
// app/lib/whatsapp/gateway/wa-gateway.ts
|
|
@@ -16127,7 +16034,7 @@ watchFile(ALIAS_DOMAINS_PATH, { interval: 2e3 }, () => {
|
|
|
16127
16034
|
function isPublicHost(host) {
|
|
16128
16035
|
return host.startsWith("public.") || aliasDomains.has(host);
|
|
16129
16036
|
}
|
|
16130
|
-
var
|
|
16037
|
+
var app43 = new Hono();
|
|
16131
16038
|
var waGateway = new WaGateway({
|
|
16132
16039
|
gatewayUrl: `http://127.0.0.1:${process.env.MAXY_UI_INTERNAL_PORT ?? ""}`,
|
|
16133
16040
|
serverPath: process.env.MAXY_WA_CHANNEL_SERVER_PATH ?? resolve26(process.env.MAXY_PLATFORM_ROOT ?? join18(__dirname, ".."), "services/whatsapp-channel/dist/server.js"),
|
|
@@ -16142,9 +16049,9 @@ var waGateway = new WaGateway({
|
|
|
16142
16049
|
}
|
|
16143
16050
|
}
|
|
16144
16051
|
});
|
|
16145
|
-
|
|
16146
|
-
|
|
16147
|
-
|
|
16052
|
+
app43.route("/", waGateway.routes());
|
|
16053
|
+
app43.use("*", clientIpMiddleware);
|
|
16054
|
+
app43.use("*", async (c, next) => {
|
|
16148
16055
|
await next();
|
|
16149
16056
|
c.header("X-Content-Type-Options", "nosniff");
|
|
16150
16057
|
c.header("Referrer-Policy", "strict-origin-when-cross-origin");
|
|
@@ -16154,7 +16061,7 @@ app44.use("*", async (c, next) => {
|
|
|
16154
16061
|
);
|
|
16155
16062
|
});
|
|
16156
16063
|
var HTTP_LOG_PATHS = /* @__PURE__ */ new Set(["/vnc-viewer.html", "/vnc-popout.html"]);
|
|
16157
|
-
|
|
16064
|
+
app43.use("*", async (c, next) => {
|
|
16158
16065
|
if (!HTTP_LOG_PATHS.has(c.req.path)) {
|
|
16159
16066
|
await next();
|
|
16160
16067
|
return;
|
|
@@ -16172,7 +16079,7 @@ app44.use("*", async (c, next) => {
|
|
|
16172
16079
|
});
|
|
16173
16080
|
}
|
|
16174
16081
|
});
|
|
16175
|
-
|
|
16082
|
+
app43.use("*", async (c, next) => {
|
|
16176
16083
|
const host = (c.req.header("host") ?? "").split(":")[0];
|
|
16177
16084
|
if (!isPublicHost(host)) {
|
|
16178
16085
|
await next();
|
|
@@ -16203,7 +16110,7 @@ function resolveRemoteAuthOpts() {
|
|
|
16203
16110
|
return brandLoginOpts;
|
|
16204
16111
|
}
|
|
16205
16112
|
var MAX_LOGIN_BODY = 8 * 1024;
|
|
16206
|
-
|
|
16113
|
+
app43.post("/__remote-auth/login", async (c) => {
|
|
16207
16114
|
const client = clientFrom(c);
|
|
16208
16115
|
const clientIp = client.ip || "unknown";
|
|
16209
16116
|
if (!requestIsTlsTerminated(c)) {
|
|
@@ -16248,7 +16155,7 @@ app44.post("/__remote-auth/login", async (c) => {
|
|
|
16248
16155
|
}
|
|
16249
16156
|
});
|
|
16250
16157
|
});
|
|
16251
|
-
|
|
16158
|
+
app43.get("/__remote-auth/logout", (c) => {
|
|
16252
16159
|
const client = clientFrom(c);
|
|
16253
16160
|
const clientIp = client.ip || "unknown";
|
|
16254
16161
|
console.error(`[remote-auth] logout ip=${clientIp}`);
|
|
@@ -16261,7 +16168,7 @@ app44.get("/__remote-auth/logout", (c) => {
|
|
|
16261
16168
|
}
|
|
16262
16169
|
});
|
|
16263
16170
|
});
|
|
16264
|
-
|
|
16171
|
+
app43.post("/__remote-auth/change-password", async (c) => {
|
|
16265
16172
|
const client = clientFrom(c);
|
|
16266
16173
|
const clientIp = client.ip || "unknown";
|
|
16267
16174
|
const rateLimited = checkRateLimit(client);
|
|
@@ -16312,13 +16219,13 @@ app44.post("/__remote-auth/change-password", async (c) => {
|
|
|
16312
16219
|
return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "change", changeError: "Failed to save password", redirect }), 200);
|
|
16313
16220
|
}
|
|
16314
16221
|
});
|
|
16315
|
-
|
|
16222
|
+
app43.get("/__remote-auth/setup", (c) => {
|
|
16316
16223
|
if (isRemoteAuthConfigured()) {
|
|
16317
16224
|
return c.redirect("/");
|
|
16318
16225
|
}
|
|
16319
16226
|
return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "setup" }), 200);
|
|
16320
16227
|
});
|
|
16321
|
-
|
|
16228
|
+
app43.post("/__remote-auth/set-initial-password", async (c) => {
|
|
16322
16229
|
if (isRemoteAuthConfigured()) {
|
|
16323
16230
|
return c.redirect("/");
|
|
16324
16231
|
}
|
|
@@ -16356,10 +16263,10 @@ app44.post("/__remote-auth/set-initial-password", async (c) => {
|
|
|
16356
16263
|
return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "setup", setupError: "Failed to save password. Please try again." }), 200);
|
|
16357
16264
|
}
|
|
16358
16265
|
});
|
|
16359
|
-
|
|
16266
|
+
app43.get("/api/remote-auth/status", (c) => {
|
|
16360
16267
|
return c.json({ configured: isRemoteAuthConfigured() });
|
|
16361
16268
|
});
|
|
16362
|
-
|
|
16269
|
+
app43.post("/api/remote-auth/set-password", async (c) => {
|
|
16363
16270
|
let body;
|
|
16364
16271
|
try {
|
|
16365
16272
|
body = await c.req.json();
|
|
@@ -16390,9 +16297,9 @@ app44.post("/api/remote-auth/set-password", async (c) => {
|
|
|
16390
16297
|
return c.json({ error: "Failed to save password" }, 500);
|
|
16391
16298
|
}
|
|
16392
16299
|
});
|
|
16393
|
-
|
|
16300
|
+
app43.route("/api/_client-error", client_error_default);
|
|
16394
16301
|
console.log("[client-error-route] mounted");
|
|
16395
|
-
|
|
16302
|
+
app43.use("*", async (c, next) => {
|
|
16396
16303
|
const host = (c.req.header("host") ?? "").split(":")[0];
|
|
16397
16304
|
const path2 = c.req.path;
|
|
16398
16305
|
if (path2 === "/favicon.ico" || path2.startsWith("/assets/") || path2.startsWith("/brand/")) {
|
|
@@ -16425,13 +16332,13 @@ app44.use("*", async (c, next) => {
|
|
|
16425
16332
|
console.error(`[remote-auth] login required ip=${clientIp} path=${path2} ${disambig}`);
|
|
16426
16333
|
return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), redirect: path2 }), 200);
|
|
16427
16334
|
});
|
|
16428
|
-
|
|
16429
|
-
|
|
16430
|
-
|
|
16431
|
-
|
|
16432
|
-
|
|
16433
|
-
|
|
16434
|
-
|
|
16335
|
+
app43.route("/api/health", health_default);
|
|
16336
|
+
app43.route("/api/chat", chat_default);
|
|
16337
|
+
app43.route("/api/whatsapp", whatsapp_default);
|
|
16338
|
+
app43.route("/api/onboarding", onboarding_default);
|
|
16339
|
+
app43.route("/api/admin", admin_default);
|
|
16340
|
+
app43.route("/api/access", access_default);
|
|
16341
|
+
app43.route("/api/session", session_default2);
|
|
16435
16342
|
var SAFE_SLUG_RE2 = /^[a-z][a-z0-9-]{2,49}$/;
|
|
16436
16343
|
var SAFE_FILENAME_RE = /^[a-z0-9_][a-z0-9_.-]{0,99}$/i;
|
|
16437
16344
|
var IMAGE_MIME = {
|
|
@@ -16443,7 +16350,7 @@ var IMAGE_MIME = {
|
|
|
16443
16350
|
".svg": "image/svg+xml",
|
|
16444
16351
|
".ico": "image/x-icon"
|
|
16445
16352
|
};
|
|
16446
|
-
|
|
16353
|
+
app43.get("/agent-assets/:slug/:filename", (c) => {
|
|
16447
16354
|
const slug = c.req.param("slug");
|
|
16448
16355
|
const filename = c.req.param("filename");
|
|
16449
16356
|
if (!SAFE_SLUG_RE2.test(slug)) {
|
|
@@ -16478,7 +16385,7 @@ app44.get("/agent-assets/:slug/:filename", (c) => {
|
|
|
16478
16385
|
"Cache-Control": "public, max-age=3600"
|
|
16479
16386
|
});
|
|
16480
16387
|
});
|
|
16481
|
-
|
|
16388
|
+
app43.get("/generated/:filename", (c) => {
|
|
16482
16389
|
const filename = c.req.param("filename");
|
|
16483
16390
|
if (!SAFE_FILENAME_RE.test(filename) || filename.includes("..")) {
|
|
16484
16391
|
console.error(`[generated] serve file=${filename} status=403`);
|
|
@@ -16508,10 +16415,10 @@ app44.get("/generated/:filename", (c) => {
|
|
|
16508
16415
|
"Cache-Control": "public, max-age=86400"
|
|
16509
16416
|
});
|
|
16510
16417
|
});
|
|
16511
|
-
|
|
16512
|
-
|
|
16513
|
-
|
|
16514
|
-
|
|
16418
|
+
app43.route("/sites", sites_default);
|
|
16419
|
+
app43.route("/listings", listings_default);
|
|
16420
|
+
app43.route("/v", visitor_event_default);
|
|
16421
|
+
app43.route("/v", visitor_consent_default);
|
|
16515
16422
|
var htmlCache = /* @__PURE__ */ new Map();
|
|
16516
16423
|
var brandLogoPath = "/brand/maxy-monochrome.png";
|
|
16517
16424
|
var brandIconPath = "/brand/maxy-monochrome.png";
|
|
@@ -16642,7 +16549,7 @@ function escapeHtml(s) {
|
|
|
16642
16549
|
function agentUnavailableHtml() {
|
|
16643
16550
|
return `<!doctype html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1"><title>${escapeHtml(BRAND.productName)}</title></head><body style="font-family:system-ui,sans-serif;max-width:32rem;margin:4rem auto;padding:0 1.5rem;color:#222"><h1 style="font-size:1.25rem">Agent unavailable</h1><p>This agent isn't available right now. If you reached this page from a saved link, the agent may have been turned off.</p></body></html>`;
|
|
16644
16551
|
}
|
|
16645
|
-
|
|
16552
|
+
app43.get("/", (c) => {
|
|
16646
16553
|
const host = (c.req.header("host") ?? "").split(":")[0];
|
|
16647
16554
|
if (isPublicHost(host)) {
|
|
16648
16555
|
const defaultSlug = resolveDefaultSlug();
|
|
@@ -16658,12 +16565,12 @@ app44.get("/", (c) => {
|
|
|
16658
16565
|
}
|
|
16659
16566
|
return c.html(cachedHtml("index.html"));
|
|
16660
16567
|
});
|
|
16661
|
-
|
|
16568
|
+
app43.get("/public", (c) => {
|
|
16662
16569
|
const host = (c.req.header("host") ?? "").split(":")[0];
|
|
16663
16570
|
if (isPublicHost(host)) return c.text("Not found", 404);
|
|
16664
16571
|
return c.html(cachedHtml("public.html"));
|
|
16665
16572
|
});
|
|
16666
|
-
|
|
16573
|
+
app43.get("/chat", (c) => {
|
|
16667
16574
|
const host = (c.req.header("host") ?? "").split(":")[0];
|
|
16668
16575
|
if (isPublicHost(host)) return c.text("Not found", 404);
|
|
16669
16576
|
return c.html(cachedHtml("public.html"));
|
|
@@ -16682,9 +16589,9 @@ async function logViewerFetch(c, next) {
|
|
|
16682
16589
|
duration_ms: Date.now() - start
|
|
16683
16590
|
});
|
|
16684
16591
|
}
|
|
16685
|
-
|
|
16686
|
-
|
|
16687
|
-
|
|
16592
|
+
app43.use("/vnc-viewer.html", logViewerFetch);
|
|
16593
|
+
app43.use("/vnc-popout.html", logViewerFetch);
|
|
16594
|
+
app43.get("/vnc-popout.html", (c) => {
|
|
16688
16595
|
let html = htmlCache.get("vnc-popout.html");
|
|
16689
16596
|
if (!html) {
|
|
16690
16597
|
html = readFileSync22(resolve26(process.cwd(), "public", "vnc-popout.html"), "utf-8");
|
|
@@ -16697,7 +16604,7 @@ app44.get("/vnc-popout.html", (c) => {
|
|
|
16697
16604
|
}
|
|
16698
16605
|
return c.html(html);
|
|
16699
16606
|
});
|
|
16700
|
-
|
|
16607
|
+
app43.post("/api/vnc/client-event", async (c) => {
|
|
16701
16608
|
let body;
|
|
16702
16609
|
try {
|
|
16703
16610
|
body = await c.req.json();
|
|
@@ -16718,30 +16625,30 @@ app44.post("/api/vnc/client-event", async (c) => {
|
|
|
16718
16625
|
});
|
|
16719
16626
|
return c.json({ ok: true });
|
|
16720
16627
|
});
|
|
16721
|
-
|
|
16628
|
+
app43.get("/g/:slug", (c) => {
|
|
16722
16629
|
return c.html(brandedPublicHtml());
|
|
16723
16630
|
});
|
|
16724
|
-
|
|
16631
|
+
app43.get("/graph", (c) => {
|
|
16725
16632
|
const host = (c.req.header("host") ?? "").split(":")[0];
|
|
16726
16633
|
if (isPublicHost(host)) return c.text("Not found", 404);
|
|
16727
16634
|
return c.html(cachedHtml("graph.html"));
|
|
16728
16635
|
});
|
|
16729
|
-
|
|
16636
|
+
app43.get("/sessions", (c) => {
|
|
16730
16637
|
const host = (c.req.header("host") ?? "").split(":")[0];
|
|
16731
16638
|
if (isPublicHost(host)) return c.text("Not found", 404);
|
|
16732
16639
|
return c.html(cachedHtml("sessions.html"));
|
|
16733
16640
|
});
|
|
16734
|
-
|
|
16641
|
+
app43.get("/data", (c) => {
|
|
16735
16642
|
const host = (c.req.header("host") ?? "").split(":")[0];
|
|
16736
16643
|
if (isPublicHost(host)) return c.text("Not found", 404);
|
|
16737
16644
|
return c.html(cachedHtml("data.html"));
|
|
16738
16645
|
});
|
|
16739
|
-
|
|
16646
|
+
app43.get("/browser", (c) => {
|
|
16740
16647
|
const host = (c.req.header("host") ?? "").split(":")[0];
|
|
16741
16648
|
if (isPublicHost(host)) return c.text("Not found", 404);
|
|
16742
16649
|
return c.html(cachedHtml("browser.html"));
|
|
16743
16650
|
});
|
|
16744
|
-
|
|
16651
|
+
app43.get("/:slug", async (c, next) => {
|
|
16745
16652
|
const slug = c.req.param("slug");
|
|
16746
16653
|
if (AGENT_SLUG_PATTERN.test(`/${slug}`)) {
|
|
16747
16654
|
const account = resolveAccount();
|
|
@@ -16756,13 +16663,13 @@ app44.get("/:slug", async (c, next) => {
|
|
|
16756
16663
|
await next();
|
|
16757
16664
|
});
|
|
16758
16665
|
if (brandFaviconPath !== "/favicon.ico") {
|
|
16759
|
-
|
|
16666
|
+
app43.get("/favicon.ico", (c) => {
|
|
16760
16667
|
c.header("Cache-Control", "public, max-age=300");
|
|
16761
16668
|
return c.redirect(brandFaviconPath, 302);
|
|
16762
16669
|
});
|
|
16763
16670
|
}
|
|
16764
|
-
|
|
16765
|
-
|
|
16671
|
+
app43.use("/*", serveStatic({ root: "./public" }));
|
|
16672
|
+
app43.all("*", (c) => {
|
|
16766
16673
|
const host = (c.req.header("host") ?? "").split(":")[0];
|
|
16767
16674
|
const path2 = c.req.path;
|
|
16768
16675
|
if (isPublicHost(host)) {
|
|
@@ -16776,7 +16683,7 @@ app44.all("*", (c) => {
|
|
|
16776
16683
|
});
|
|
16777
16684
|
var port = requirePortEnv("MAXY_UI_INTERNAL_PORT", { tag: "ui-server" });
|
|
16778
16685
|
var hostname = process.env.HOSTNAME ?? "127.0.0.1";
|
|
16779
|
-
var httpServer = serve({ fetch:
|
|
16686
|
+
var httpServer = serve({ fetch: app43.fetch, port, hostname });
|
|
16780
16687
|
console.log(`${BRAND.productName} listening on http://${hostname}:${port}`);
|
|
16781
16688
|
startAuthHealthHeartbeat();
|
|
16782
16689
|
{
|
|
@@ -16813,7 +16720,7 @@ for (const m of SUBAPP_MANIFEST) {
|
|
|
16813
16720
|
}
|
|
16814
16721
|
try {
|
|
16815
16722
|
const registered = [];
|
|
16816
|
-
for (const r of
|
|
16723
|
+
for (const r of app43.routes ?? []) {
|
|
16817
16724
|
if (typeof r.path !== "string" || r.path.includes(":") || r.path.includes("*")) continue;
|
|
16818
16725
|
if (AGENT_SLUG_PATTERN.test(r.path)) {
|
|
16819
16726
|
registered.push({ method: (r.method ?? "ALL").toUpperCase(), path: r.path });
|