@rubytech/create-maxy 1.0.684 → 1.0.686

package/payload/server/maxy-edge.js

@@ -1,5 +1,4 @@
 import {
-  LOG_DIR,
   canAccessAdmin,
   describeRemoteSession,
   newCorrId,
@@ -8,9 +7,9 @@ import {
   vncLog
 } from "./chunk-3RBKKDHC.js";
 
-// server/maxy-edge.ts
+// server/edge.ts
 import { createServer, request as httpRequest } from "http";
-import { createConnection as createConnection3 } from "net";
+import { createConnection as createConnection2 } from "net";
 import { readFileSync, existsSync, watchFile } from "fs";
 import { homedir } from "os";
 import { join } from "path";
@@ -276,359 +275,7 @@ Content-Length: 0\r
   socket.destroy();
 }
 
-// server/ws-proxy-ttyd.ts
-import { createConnection as createConnection2 } from "net";
-
-// app/lib/ttyd-logger.ts
-import { appendFileSync, mkdirSync } from "fs";
-import { resolve } from "path";
-var EDGE_LOG_FILE = resolve(LOG_DIR, "edge-boot.log");
-try {
-  mkdirSync(LOG_DIR, { recursive: true });
-} catch (err) {
-  console.error(`[ttyd-log-fail] mkdir ${LOG_DIR} failed: ${err.message}`);
-}
-function ttydLog(phase, fields = {}) {
-  const ts = (/* @__PURE__ */ new Date()).toISOString();
-  const kv = Object.entries(fields).map(([k, v]) => `${k}=${JSON.stringify(v)}`).join(" ");
-  const line = kv.length > 0 ? `[${ts}] [${phase}] ${kv}
-` : `[${ts}] [${phase}]
-`;
-  try {
-    appendFileSync(EDGE_LOG_FILE, line);
-  } catch (err) {
-    console.error(`[ttyd-log-fail] ${err.message} \u2014 dropped: ${line.slice(0, 300).trim()}`);
-  }
-}
-
-// server/ws-proxy-ttyd.ts
-var WS_PATH2 = "/ttyd";
-var UPSTREAM_WS_PATH = "/ws";
-var UPSTREAM_TIMEOUT_MS2 = 5e3;
-var FLOW_ACTIVE_INTERVAL_MS = 5e3;
-var FLOW_IDLE_INTERVAL_MS = 3e4;
-var CHUNK_THROTTLE_MS = 1e3;
-var CHUNK_UNTHROTTLED_COUNT = 5;
-var HOP_BY_HOP2 = /* @__PURE__ */ new Set([
-  "connection",
-  "keep-alive",
-  "proxy-authenticate",
-  "proxy-authorization",
-  "te",
-  "trailer",
-  "transfer-encoding",
-  "upgrade"
-]);
-function attachTtydWsProxy(server2, opts) {
-  const upstreamHost = opts.upstreamHost ?? "127.0.0.1";
-  const upstreamPort = opts.upstreamPort ?? 7681;
-  const now = opts.now ?? (() => Date.now());
-  server2.on("upgrade", (req, clientSocket, head) => {
-    try {
-      handleUpgrade2(req, clientSocket, head, {
-        isPublicHost: opts.isPublicHost,
-        upstreamHost,
-        upstreamPort,
-        now
-      });
-    } catch (err) {
-      ttydLog("ttyd-ws-upgrade", {
-        decision: "rejected",
-        reason: "handler-exception",
-        err: err.message
-      });
-      clientSocket.destroy();
-    }
-  });
-}
-function handleUpgrade2(req, clientSocket, head, opts) {
-  const url = req.url ?? "";
-  const qsIndex = url.indexOf("?");
-  const pathname = qsIndex === -1 ? url : url.slice(0, qsIndex);
-  if (pathname !== WS_PATH2) return;
-  const corrId = newCorrId();
-  const query = qsIndex === -1 ? "" : url.slice(qsIndex + 1);
-  const clientCorrId = sanitizeClientCorrId(parseQueryParam2(query, "corrId"));
-  const hostHeader = (req.headers.host ?? "").split(":")[0];
-  const originHeader = headerString2(req.headers.origin);
-  const remote = req.socket.remoteAddress;
-  const xff = headerString2(req.headers["x-forwarded-for"]);
-  const cookieHeader = headerString2(req.headers.cookie);
-  const decision = canAccessAdmin({
-    host: hostHeader,
-    remoteAddress: remote,
-    xForwardedFor: xff,
-    cookieHeader,
-    isPublicHost: opts.isPublicHost
-  });
-  if (!decision.allow) {
-    const status = decision.reason === "public-host" ? 404 : 401;
-    const rawToken = parseCookieValue(cookieHeader, "__remote_session");
-    const tokenInfo = describeRemoteSession(rawToken);
-    ttydLog("ttyd-ws-upgrade", {
-      corrId,
-      clientCorrId: clientCorrId ?? null,
-      decision: "rejected",
-      reason: decision.reason,
-      ip: remote,
-      xff: xff ?? null,
-      origin: originHeader ?? null,
-      host: hostHeader,
-      cookieHeaderPresent: cookieHeader != null && cookieHeader.length > 0,
-      tokenPresent: tokenInfo.present,
-      tokenExpired: tokenInfo.expired
-    });
-    writeStatusAndDestroy2(clientSocket, status, decision.reason === "public-host" ? "Not Found" : "Unauthorized");
-    return;
-  }
-  const originHost = parseOriginHost2(originHeader);
-  if (!originHost) {
-    ttydLog("ttyd-ws-upgrade", {
-      corrId,
-      clientCorrId: clientCorrId ?? null,
-      decision: "rejected",
-      reason: "origin-missing-or-invalid",
-      origin: originHeader ?? null,
-      host: hostHeader,
-      ip: remote
-    });
-    writeStatusAndDestroy2(clientSocket, 403, "Forbidden");
-    return;
-  }
-  if (originHost !== hostHeader) {
-    ttydLog("ttyd-ws-upgrade", {
-      corrId,
-      clientCorrId: clientCorrId ?? null,
-      decision: "rejected",
-      reason: "origin-mismatch",
-      origin_host: originHost,
-      host: hostHeader,
-      ip: remote
-    });
-    writeStatusAndDestroy2(clientSocket, 403, "Forbidden");
-    return;
-  }
-  if (opts.isPublicHost(originHost)) {
-    ttydLog("ttyd-ws-upgrade", {
-      corrId,
-      clientCorrId: clientCorrId ?? null,
-      decision: "rejected",
-      reason: "origin-public-host",
-      origin_host: originHost,
-      host: hostHeader,
-      ip: remote
-    });
-    writeStatusAndDestroy2(clientSocket, 403, "Forbidden");
-    return;
-  }
-  ttydLog("ttyd-ws-upgrade", {
-    corrId,
-    clientCorrId: clientCorrId ?? null,
-    decision: "accepted",
-    ip: remote,
-    xff: xff ?? null,
-    origin: originHeader ?? null,
-    host: hostHeader,
-    sec_ws_version: headerString2(req.headers["sec-websocket-version"]) ?? null,
-    sec_ws_protocol: headerString2(req.headers["sec-websocket-protocol"]) ?? null
-  });
-  const connectStart = opts.now();
-  const upstream = createConnection2({ host: opts.upstreamHost, port: opts.upstreamPort });
-  upstream.setTimeout(UPSTREAM_TIMEOUT_MS2);
-  let bytesClientToUpstream = 0;
-  let bytesUpstreamToClient = 0;
-  let lastFlowBytesClient = 0;
-  let lastFlowBytesUpstream = 0;
-  let lastActivityAt = opts.now();
-  let lastChunkLogAtClient = 0;
-  let lastChunkLogAtUpstream = 0;
-  let chunkCountClient = 0;
-  let chunkCountUpstream = 0;
-  let closedBy = null;
-  let proxyOpened = false;
-  const sessionStart = opts.now();
-  let flowHandle = null;
-  let currentFlowInterval = FLOW_ACTIVE_INTERVAL_MS;
-  const scheduleFlow = (intervalMs) => {
-    if (flowHandle) clearInterval(flowHandle);
-    currentFlowInterval = intervalMs;
-    flowHandle = setInterval(emitFlow, intervalMs);
-  };
-  const emitFlow = () => {
-    if (!proxyOpened || closedBy) return;
-    const deltaClient = bytesClientToUpstream - lastFlowBytesClient;
-    const deltaUpstream = bytesUpstreamToClient - lastFlowBytesUpstream;
-    lastFlowBytesClient = bytesClientToUpstream;
-    lastFlowBytesUpstream = bytesUpstreamToClient;
-    const idleMs = opts.now() - lastActivityAt;
-    ttydLog("ttyd-proxy-flow", {
-      corrId,
-      clientBytes: bytesClientToUpstream,
-      upstreamBytes: bytesUpstreamToClient,
-      clientBytesDelta: deltaClient,
-      upstreamBytesDelta: deltaUpstream,
-      idleMs
-    });
-    const active = deltaClient > 0 || deltaUpstream > 0;
-    const desiredInterval = active ? FLOW_ACTIVE_INTERVAL_MS : FLOW_IDLE_INTERVAL_MS;
-    if (desiredInterval !== currentFlowInterval) scheduleFlow(desiredInterval);
-  };
-  const finish = (side, reason) => {
-    if (closedBy) return;
-    closedBy = side;
-    if (flowHandle) {
-      clearInterval(flowHandle);
-      flowHandle = null;
-    }
-    if (proxyOpened) {
-      ttydLog("ttyd-proxy-close", {
-        corrId,
-        closedBy: side,
-        reason,
-        clientBytes: bytesClientToUpstream,
-        upstreamBytes: bytesUpstreamToClient,
-        durationMs: opts.now() - sessionStart
-      });
-    }
-    clientSocket.destroy();
-    upstream.destroy();
-  };
-  upstream.once("connect", () => {
-    upstream.setTimeout(0);
-    proxyOpened = true;
-    ttydLog("ttyd-proxy-open", {
-      corrId,
-      upstream: `${opts.upstreamHost}:${opts.upstreamPort}`,
-      connect_ms: opts.now() - connectStart
-    });
-    const lines = [];
-    lines.push(`${req.method ?? "GET"} ${UPSTREAM_WS_PATH} HTTP/${req.httpVersion}`);
-    lines.push(`host: ${opts.upstreamHost}:${opts.upstreamPort}`);
-    for (const [name, value] of Object.entries(req.headers)) {
-      if (name === "host") continue;
-      if (HOP_BY_HOP2.has(name)) continue;
-      if (value == null) continue;
-      if (Array.isArray(value)) {
-        for (const v of value) lines.push(`${name}: ${v}`);
-      } else {
-        lines.push(`${name}: ${value}`);
-      }
-    }
-    const upgradeHeader = headerString2(req.headers.upgrade);
-    const connectionHeader = headerString2(req.headers.connection);
-    if (upgradeHeader) lines.push(`upgrade: ${upgradeHeader}`);
-    if (connectionHeader) lines.push(`connection: ${connectionHeader}`);
-    upstream.write(lines.join("\r\n") + "\r\n\r\n");
-    if (head && head.length > 0) upstream.write(head);
-    const logChunk = (dir, bytes) => {
-      const now = opts.now();
-      if (dir === "client\u2192upstream") {
-        chunkCountClient += 1;
-        const sinceLastMs = lastChunkLogAtClient === 0 ? 0 : now - lastChunkLogAtClient;
-        if (chunkCountClient <= CHUNK_UNTHROTTLED_COUNT || sinceLastMs >= CHUNK_THROTTLE_MS) {
-          ttydLog("ttyd-proxy-chunk", { corrId, dir, bytes, sinceLastMs });
-          lastChunkLogAtClient = now;
-        }
-      } else {
-        chunkCountUpstream += 1;
-        const sinceLastMs = lastChunkLogAtUpstream === 0 ? 0 : now - lastChunkLogAtUpstream;
-        if (chunkCountUpstream <= CHUNK_UNTHROTTLED_COUNT || sinceLastMs >= CHUNK_THROTTLE_MS) {
-          ttydLog("ttyd-proxy-chunk", { corrId, dir, bytes, sinceLastMs });
-          lastChunkLogAtUpstream = now;
-        }
-      }
-      lastActivityAt = now;
-    };
-    clientSocket.on("data", (chunk) => {
-      bytesClientToUpstream += chunk.length;
-      logChunk("client\u2192upstream", chunk.length);
-    });
-    upstream.on("data", (chunk) => {
-      bytesUpstreamToClient += chunk.length;
-      logChunk("upstream\u2192client", chunk.length);
-    });
-    clientSocket.pipe(upstream);
-    upstream.pipe(clientSocket);
-    scheduleFlow(FLOW_ACTIVE_INTERVAL_MS);
-    clientSocket.once("close", (hadError) => {
-      finish("client", hadError ? "error" : "normal");
-    });
-    upstream.once("close", (hadError) => {
-      finish("upstream", hadError ? "error" : "normal");
-    });
-    clientSocket.once("error", (err) => {
-      ttydLog("ttyd-proxy-error", { corrId, side: "client", err: err.message });
-      finish("client", "error");
-    });
-    upstream.once("error", (err) => {
-      ttydLog("ttyd-proxy-error", { corrId, side: "upstream", err: err.message });
-      finish("upstream", "error");
-    });
-  });
-  upstream.once("timeout", () => {
-    if (proxyOpened) return;
-    ttydLog("ttyd-proxy-error", {
-      corrId,
-      side: "upstream-connect",
-      err: "timeout",
-      timeout_ms: UPSTREAM_TIMEOUT_MS2
-    });
-    writeStatusAndDestroy2(clientSocket, 504, "Gateway Timeout");
-    upstream.destroy();
-  });
-  upstream.once("error", (err) => {
-    if (proxyOpened) return;
-    ttydLog("ttyd-proxy-error", {
-      corrId,
-      side: "upstream-connect",
-      err: err.message
-    });
-    writeStatusAndDestroy2(clientSocket, 502, "Bad Gateway");
-    upstream.destroy();
-  });
-}
-function parseQueryParam2(query, key) {
-  if (!query) return null;
-  for (const pair of query.split("&")) {
-    const eq = pair.indexOf("=");
-    const k = eq === -1 ? pair : pair.slice(0, eq);
-    if (k !== key) continue;
-    const v = eq === -1 ? "" : pair.slice(eq + 1);
-    try {
-      return decodeURIComponent(v);
-    } catch {
-      return null;
-    }
-  }
-  return null;
-}
-function headerString2(value) {
-  if (value == null) return void 0;
-  return Array.isArray(value) ? value[0] : value;
-}
-function parseOriginHost2(origin) {
-  if (!origin) return null;
-  try {
-    return new URL(origin).hostname;
-  } catch {
-    return null;
-  }
-}
-function writeStatusAndDestroy2(socket, status, statusText) {
-  try {
-    socket.write(
-      `HTTP/1.1 ${status} ${statusText}\r
-Connection: close\r
-Content-Length: 0\r
-\r
-`
-    );
-  } catch {
-  }
-  socket.destroy();
-}
-
-// server/maxy-edge.ts
+// server/edge.ts
 var PLATFORM_ROOT = process.env.MAXY_PLATFORM_ROOT || "";
 var BRAND_JSON_PATH = PLATFORM_ROOT ? join(PLATFORM_ROOT, "config", "brand.json") : "";
 var BRAND = { configDir: ".maxy" };
@@ -665,9 +312,7 @@ var UPSTREAM_HOST = process.env.MAXY_UI_HOST ?? "127.0.0.1";
 var UPSTREAM_PORT = parseInt(process.env.MAXY_UI_PORT ?? "19199", 10);
 var WEBSOCKIFY_HOST = process.env.WEBSOCKIFY_HOST ?? "127.0.0.1";
 var WEBSOCKIFY_PORT = parseInt(process.env.WEBSOCKIFY_PORT ?? "6080", 10);
-var TTYD_HOST = process.env.TTYD_HOST ?? "127.0.0.1";
-var TTYD_PORT = parseInt(process.env.TTYD_PORT ?? "7681", 10);
-var HOP_BY_HOP3 = /* @__PURE__ */ new Set([
+var HOP_BY_HOP2 = /* @__PURE__ */ new Set([
   "connection",
   "keep-alive",
   "proxy-authenticate",
@@ -681,7 +326,7 @@ function forwardHttp(clientReq, clientRes) {
   const headers = {};
   for (const [name, value] of Object.entries(clientReq.headers)) {
     if (value == null) continue;
-    if (HOP_BY_HOP3.has(name)) continue;
+    if (HOP_BY_HOP2.has(name)) continue;
     headers[name] = value;
   }
   const existingXff = headers["x-forwarded-for"];
@@ -711,7 +356,7 @@ function forwardHttp(clientReq, clientRes) {
   clientReq.pipe(upstream);
 }
 function forwardUpgrade(req, clientSocket, head) {
-  const upstream = createConnection3({ host: UPSTREAM_HOST, port: UPSTREAM_PORT });
+  const upstream = createConnection2({ host: UPSTREAM_HOST, port: UPSTREAM_PORT });
   upstream.setTimeout(5e3);
   upstream.once("connect", () => {
     upstream.setTimeout(0);
@@ -720,7 +365,7 @@ function forwardUpgrade(req, clientSocket, head) {
     lines.push(`host: ${UPSTREAM_HOST}:${UPSTREAM_PORT}`);
     for (const [name, value] of Object.entries(req.headers)) {
       if (name === "host") continue;
-      if (HOP_BY_HOP3.has(name)) continue;
+      if (HOP_BY_HOP2.has(name)) continue;
       if (value == null) continue;
       if (Array.isArray(value)) {
         for (const v of value) lines.push(`${name}: ${v}`);
@@ -771,22 +416,15 @@ attachVncWsProxy(server, {
   upstreamHost: WEBSOCKIFY_HOST,
   upstreamPort: WEBSOCKIFY_PORT
 });
-attachTtydWsProxy(server, {
-  isPublicHost,
-  upstreamHost: TTYD_HOST,
-  upstreamPort: TTYD_PORT
-});
 server.on("upgrade", (req, socket, head) => {
   const url = req.url ?? "";
   const qsIndex = url.indexOf("?");
   const pathname = qsIndex === -1 ? url : url.slice(0, qsIndex);
   if (pathname === "/websockify") return;
-  if (pathname === "/ttyd") return;
   forwardUpgrade(req, socket, head);
 });
 server.listen(EDGE_PORT, EDGE_HOSTNAME, () => {
   console.log(`[edge] listening on http://${EDGE_HOSTNAME}:${EDGE_PORT}`);
   console.log(`[edge] /websockify \u2192 ${WEBSOCKIFY_HOST}:${WEBSOCKIFY_PORT}`);
-  console.log(`[edge] /ttyd       \u2192 ${TTYD_HOST}:${TTYD_PORT}`);
   console.log(`[edge] everything else \u2192 ${UPSTREAM_HOST}:${UPSTREAM_PORT}`);
 });