@smithers-orchestrator/server 0.16.9 → 0.18.0

package/src/index.js

@@ -1,4 +1,4 @@
-import { createServer, IncomingMessage, ServerResponse } from "node:http";
+import { createServer } from "node:http";
 import { readFile, writeFile } from "node:fs/promises";
 import { createHash } from "node:crypto";
 import { pathToFileURL } from "node:url";
@@ -20,6 +20,7 @@ import { errorToJson } from "@smithers-orchestrator/errors/errorToJson";
 import { SmithersError } from "@smithers-orchestrator/errors/SmithersError";
 import { assertMaxBytes, assertMaxJsonDepth } from "@smithers-orchestrator/db/input-bounds";
 import { prometheusContentType, renderPrometheusMetrics, } from "@smithers-orchestrator/observability";
+/** @typedef {import("node:http").ServerResponse} ServerResponse */
 /** @typedef {import("./ServerOptions.js").ServerOptions} ServerOptions */
 
 // Re-export the full public surface so the tsup-bundled `src/index.d.ts`
@@ -44,6 +45,8 @@ const DEFAULT_MAX_BODY_BYTES = 1_048_576;
 const DEFAULT_MAX_BODY_JSON_DEPTH = 32;
 const DEFAULT_SSE_HEARTBEAT_MS = 10_000;
 const COMPLETED_RUN_RETENTION_MS = 60_000;
+const DEFAULT_HEADERS_TIMEOUT = 30_000;
+const DEFAULT_REQUEST_TIMEOUT = 60_000;
 class HttpError extends Error {
     status;
     code;
@@ -355,7 +358,7 @@ function assertAuth(req, authToken) {
         req.headers["Authorization"] ??
         req.headers["x-smithers-key"];
     const value = Array.isArray(header) ? header[0] : header;
-    const token = value?.startsWith("Bearer ") ? value.slice(7) : value;
+    const token = value?.slice(0, 7).toLowerCase() === "bearer " ? value.slice(7) : value;
     if (!token || token !== authToken) {
         throw new HttpError(401, "UNAUTHORIZED", "Missing or invalid authorization token");
     }
@@ -645,6 +648,8 @@ function startServerInternal(opts = {}) {
     const maxBodyBytes = opts.maxBodyBytes ?? DEFAULT_MAX_BODY_BYTES;
     const rootDir = opts.rootDir ? resolve(opts.rootDir) : undefined;
     const allowNetwork = Boolean(opts.allowNetwork);
+    const headersTimeout = opts.headersTimeout ?? DEFAULT_HEADERS_TIMEOUT;
+    const requestTimeout = opts.requestTimeout ?? DEFAULT_REQUEST_TIMEOUT;
     if (serverDb) {
         ensureSmithersTables(serverDb);
     }
@@ -1206,6 +1211,8 @@ function startServerInternal(opts = {}) {
             await recordHttpRequestMetricsSafely(requestMethod, requestPathname, res.statusCode || 500, performance.now() - requestStart);
         }
     });
+    server.headersTimeout = headersTimeout;
+    server.requestTimeout = requestTimeout;
     server.on("close", () => {
         logInfo("stopping smithers server", {
             activeRuns: runs.size,

package/src/serve.js

@@ -1,7 +1,6 @@
 import { Hono } from "hono";
 import { streamSSE } from "hono/streaming";
 import { Effect, Metric } from "effect";
-import { SmithersDb } from "@smithers-orchestrator/db/adapter";
 import { approveNode, denyNode } from "@smithers-orchestrator/engine/approvals";
 import { isRunHeartbeatFresh } from "@smithers-orchestrator/engine";
 import { nowMs } from "@smithers-orchestrator/scheduler/nowMs";
@@ -119,7 +118,7 @@ export function createServeApp(opts) {
                 return next();
             const authHeader = c.req.header("authorization");
             if (authHeader) {
-                const token = authHeader.startsWith("Bearer ")
+                const token = authHeader.slice(0, 7).toLowerCase() === "bearer "
                     ? authHeader.slice(7)
                     : authHeader;
                 if (token === authToken)