npm - @sinch/functions-runtime - Versions diffs - 0.4.0 → 0.4.1 - Mend

@sinch/functions-runtime 0.4.0 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/bin/sinch-runtime.js +104 -29
package/dist/bin/sinch-runtime.js.map +1 -1
package/dist/index.d.ts +12 -0
package/dist/index.js +81 -20
package/dist/index.js.map +1 -1
package/package.json +1 -1

package/dist/bin/sinch-runtime.js CHANGED Viewed

@@ -160,6 +160,31 @@ function setupJsonParsing(app, options = {}) {
   return app;
 }
+// ../runtime-shared/dist/auth/basic-auth.js
+import { timingSafeEqual } from "crypto";
+function validateBasicAuth(authHeader, expectedKey, expectedSecret) {
+  if (!authHeader) {
+    return false;
+  }
+  if (!authHeader.toLowerCase().startsWith("basic ")) {
+    return false;
+  }
+  const decoded = Buffer.from(authHeader.slice(6), "base64").toString("utf-8");
+  const colonIndex = decoded.indexOf(":");
+  if (colonIndex === -1) {
+    return false;
+  }
+  const providedKey = decoded.slice(0, colonIndex);
+  const providedSecret = decoded.slice(colonIndex + 1);
+  const expectedKeyBuf = Buffer.from(expectedKey);
+  const providedKeyBuf = Buffer.from(providedKey);
+  const expectedSecretBuf = Buffer.from(expectedSecret);
+  const providedSecretBuf = Buffer.from(providedSecret);
+  const keyMatch = expectedKeyBuf.length === providedKeyBuf.length && timingSafeEqual(expectedKeyBuf, providedKeyBuf);
+  const secretMatch = expectedSecretBuf.length === providedSecretBuf.length && timingSafeEqual(expectedSecretBuf, providedSecretBuf);
+  return keyMatch && secretMatch;
+}
 // ../runtime-shared/dist/host/app.js
 import { createRequire as createRequire2 } from "module";
 import { pathToFileURL } from "url";
@@ -462,7 +487,7 @@ function setupRequestHandler(app, options = {}) {
     const functionUrl = pathToFileURL(functionPath).href;
     const module = await import(functionUrl);
     return module.default || module;
-  }, buildContext = buildBaseContext, logger = console.log, landingPageEnabled = true, onRequestStart = () => {
+  }, buildContext = buildBaseContext, logger = console.log, landingPageEnabled = true, authConfig, authKey, authSecret, onRequestStart = () => {
   }, onRequestEnd = () => {
   } } = options;
   app.use("/{*splat}", async (req, res) => {
@@ -490,6 +515,17 @@ function setupRequestHandler(app, options = {}) {
     try {
       const functionName = extractFunctionName(req.originalUrl, req.body);
       logger(`[${(/* @__PURE__ */ new Date()).toISOString()}] ${req.method} ${req.path} -> ${functionName}`);
+      if (authConfig && authKey && authSecret) {
+        const needsAuth = authConfig === "*" || Array.isArray(authConfig) && authConfig.includes(functionName);
+        if (needsAuth) {
+          const isValid = validateBasicAuth(req.headers.authorization, authKey, authSecret);
+          if (!isValid) {
+            logger(`[AUTH] Rejected unauthorized request to ${functionName}`);
+            res.status(401).set("WWW-Authenticate", 'Basic realm="sinch-function"').json({ error: "Unauthorized" });
+            return;
+          }
+        }
+      }
       onRequestStart({ functionName, req });
       const context = buildContext(req);
       const userFunction = await Promise.resolve(loadUserFunction());
@@ -780,7 +816,7 @@ import * as path4 from "path";
 var LocalStorage = class {
   baseDir;
   constructor(baseDir) {
-    this.baseDir = baseDir ?? path4.join(process.cwd(), "storage");
+    this.baseDir = baseDir ?? path4.join(process.cwd(), ".sinch", "storage");
   }
   resolvePath(key) {
     const sanitized = key.replace(/^\/+/, "").replace(/\.\./g, "_");
@@ -1232,6 +1268,13 @@ import axios from "axios";
 // src/tunnel/webhook-config.ts
 import { SinchClient as SinchClient2 } from "@sinch/sdk-core";
+var SINCH_FN_URL_PATTERN = /\.fn(-\w+)?\.sinch\.com/;
+function isOurWebhook(target) {
+  return !!target && SINCH_FN_URL_PATTERN.test(target);
+}
+function isTunnelUrl(target) {
+  return !!target && target.includes("tunnel.fn");
+}
 async function configureConversationWebhooks(tunnelUrl, config) {
   try {
     const conversationAppId = process.env.CONVERSATION_APP_ID;
@@ -1253,24 +1296,23 @@ async function configureConversationWebhooks(tunnelUrl, config) {
       app_id: conversationAppId
     });
     const existingWebhooks = webhooksResult.webhooks || [];
-    const tunnelWebhooks = existingWebhooks.filter((w) => w.target?.includes("/api/ingress/"));
-    for (const staleWebhook of tunnelWebhooks) {
-      try {
-        await sinchClient.conversation.webhooks.delete({ webhook_id: staleWebhook.id });
-        console.log(`\u{1F9F9} Cleaned up stale tunnel webhook: ${staleWebhook.id}`);
-      } catch (err) {
-      }
+    const deployedWebhook = existingWebhooks.find(
+      (w) => isOurWebhook(w.target)
+    );
+    if (!deployedWebhook || !deployedWebhook.id) {
+      console.log("\u26A0\uFE0F No deployed webhook found \u2014 deploy first");
+      return;
     }
-    const createResult = await sinchClient.conversation.webhooks.create({
-      webhookCreateRequestBody: {
-        app_id: conversationAppId,
-        target: webhookUrl,
-        target_type: "HTTP",
-        triggers: ["MESSAGE_INBOUND"]
-      }
+    config.conversationWebhookId = deployedWebhook.id;
+    config.originalTarget = deployedWebhook.target;
+    await sinchClient.conversation.webhooks.update({
+      webhook_id: deployedWebhook.id,
+      webhookUpdateRequestBody: {
+        target: webhookUrl
+      },
+      update_mask: ["target"]
     });
-    config.conversationWebhookId = createResult.id;
-    console.log(`\u2705 Created Conversation webhook: ${webhookUrl}`);
+    console.log(`\u2705 Updated Conversation webhook to tunnel: ${webhookUrl}`);
     console.log("\u{1F4AC} Send a message to your Conversation app to test!");
   } catch (error) {
     console.log("\u26A0\uFE0F Could not configure Conversation webhooks:", error.message);
@@ -1289,10 +1331,29 @@ async function cleanupConversationWebhook(config) {
       keyId,
       keySecret
     });
-    await sinchClient.conversation.webhooks.delete({ webhook_id: config.conversationWebhookId });
-    console.log("\u{1F9F9} Cleaned up tunnel webhook");
+    let restoreTarget = config.originalTarget;
+    if (!restoreTarget || isTunnelUrl(restoreTarget)) {
+      const functionName = process.env.FUNCTION_NAME || process.env.FUNCTION_ID;
+      if (functionName) {
+        restoreTarget = `https://${functionName}.fn-dev.sinch.com/webhook/conversation`;
+        console.log(`\u{1F527} Derived restore target from env: ${restoreTarget}`);
+      } else {
+        console.log("\u26A0\uFE0F Cannot restore webhook \u2014 no FUNCTION_NAME or FUNCTION_ID available");
+        return;
+      }
+    }
+    await sinchClient.conversation.webhooks.update({
+      webhook_id: config.conversationWebhookId,
+      webhookUpdateRequestBody: {
+        target: restoreTarget
+      },
+      update_mask: ["target"]
+    });
+    console.log(`\u{1F504} Restored webhook target to: ${restoreTarget}`);
     config.conversationWebhookId = void 0;
+    config.originalTarget = void 0;
   } catch (error) {
+    console.log("\u26A0\uFE0F Could not restore Conversation webhook:", error.message);
   }
 }
 async function configureElevenLabs() {
@@ -1627,7 +1688,7 @@ function loadRuntimeConfig() {
   };
 }
 var storage = createStorageClient();
-var databasePath = path6.join(process.cwd(), "data", "app.db");
+var databasePath = path6.join(process.cwd(), ".sinch", "data", "app.db");
 function buildLocalContext(req, runtimeConfig) {
   const baseContext = buildBaseContext(req);
   const cache = createCacheClient();
@@ -1755,20 +1816,34 @@ async function main() {
   } catch {
   }
   await secretsLoader.loadFromKeychain();
-  fs5.mkdirSync(path6.join(process.cwd(), "storage"), { recursive: true });
-  fs5.mkdirSync(path6.join(process.cwd(), "data"), { recursive: true });
+  fs5.mkdirSync(path6.join(process.cwd(), ".sinch", "storage"), { recursive: true });
+  fs5.mkdirSync(path6.join(process.cwd(), ".sinch", "data"), { recursive: true });
   const config = loadRuntimeConfig();
   const staticDir = process.env.STATIC_DIR;
   const landingPageEnabled = process.env.LANDING_PAGE_ENABLED !== "false";
   const app = createApp({ staticDir, landingPageEnabled });
+  const authKey = process.env.PROJECT_ID_API_KEY;
+  const authSecret = process.env.PROJECT_ID_API_SECRET;
+  let userAuthConfig;
+  const loadUserFunction = async () => {
+    const functionPath = findFunctionPath3();
+    const functionUrl = pathToFileURL2(functionPath).href;
+    const module = await import(functionUrl);
+    if (userAuthConfig === void 0) {
+      userAuthConfig = module.auth || module.default?.auth;
+      if (userAuthConfig && verbose) {
+        console.log(`[AUTH] Auth config loaded: ${JSON.stringify(userAuthConfig)}`);
+      }
+    }
+    return module.default || module;
+  };
+  await loadUserFunction();
   setupRequestHandler(app, {
     landingPageEnabled,
-    loadUserFunction: async () => {
-      const functionPath = findFunctionPath3();
-      const functionUrl = pathToFileURL2(functionPath).href;
-      const module = await import(functionUrl);
-      return module.default || module;
-    },
+    authConfig: userAuthConfig,
+    authKey,
+    authSecret,
+    loadUserFunction,
     buildContext: (req) => buildLocalContext(req, config),
     logger: console.log,
     onRequestStart: ({ req }) => {