@spinabot/brigade 1.11.2 → 1.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +56 -0
- package/dist/agents/tools/edge-tts.d.ts +44 -0
- package/dist/agents/tools/edge-tts.d.ts.map +1 -0
- package/dist/agents/tools/edge-tts.js +142 -0
- package/dist/agents/tools/edge-tts.js.map +1 -0
- package/dist/agents/tools/generate-music-tool.d.ts +61 -0
- package/dist/agents/tools/generate-music-tool.d.ts.map +1 -0
- package/dist/agents/tools/generate-music-tool.js +286 -0
- package/dist/agents/tools/generate-music-tool.js.map +1 -0
- package/dist/agents/tools/generate-speech-tool.d.ts +69 -0
- package/dist/agents/tools/generate-speech-tool.d.ts.map +1 -0
- package/dist/agents/tools/generate-speech-tool.js +331 -0
- package/dist/agents/tools/generate-speech-tool.js.map +1 -0
- package/dist/agents/tools/generate-video-tool.d.ts +111 -0
- package/dist/agents/tools/generate-video-tool.d.ts.map +1 -0
- package/dist/agents/tools/generate-video-tool.js +1028 -0
- package/dist/agents/tools/generate-video-tool.js.map +1 -0
- package/dist/agents/tools/media-command.d.ts +47 -0
- package/dist/agents/tools/media-command.d.ts.map +1 -0
- package/dist/agents/tools/media-command.js +93 -0
- package/dist/agents/tools/media-command.js.map +1 -0
- package/dist/agents/tools/registry.d.ts.map +1 -1
- package/dist/agents/tools/registry.js +27 -0
- package/dist/agents/tools/registry.js.map +1 -1
- package/dist/agents/tools/transcribe-audio-tool.d.ts +96 -0
- package/dist/agents/tools/transcribe-audio-tool.d.ts.map +1 -0
- package/dist/agents/tools/transcribe-audio-tool.js +577 -0
- package/dist/agents/tools/transcribe-audio-tool.js.map +1 -0
- package/dist/buildstamp.json +1 -1
- package/dist/cli/commands/connect.d.ts +6 -0
- package/dist/cli/commands/connect.d.ts.map +1 -1
- package/dist/cli/commands/connect.js +7 -0
- package/dist/cli/commands/connect.js.map +1 -1
- package/dist/cli/commands/doctor.d.ts.map +1 -1
- package/dist/cli/commands/doctor.js +2 -1
- package/dist/cli/commands/doctor.js.map +1 -1
- package/dist/cli/commands/expose.d.ts.map +1 -1
- package/dist/cli/commands/expose.js +22 -3
- package/dist/cli/commands/expose.js.map +1 -1
- package/dist/cli/commands/gateway.d.ts +12 -0
- package/dist/cli/commands/gateway.d.ts.map +1 -1
- package/dist/cli/commands/gateway.js +114 -2
- package/dist/cli/commands/gateway.js.map +1 -1
- package/dist/cli/commands/status.d.ts.map +1 -1
- package/dist/cli/commands/status.js +2 -1
- package/dist/cli/commands/status.js.map +1 -1
- package/dist/cli/program/build-program.d.ts.map +1 -1
- package/dist/cli/program/build-program.js +36 -0
- package/dist/cli/program/build-program.js.map +1 -1
- package/dist/config/io.d.ts +13 -0
- package/dist/config/io.d.ts.map +1 -1
- package/dist/config/io.js.map +1 -1
- package/dist/core/gateway-auth.d.ts +86 -0
- package/dist/core/gateway-auth.d.ts.map +1 -0
- package/dist/core/gateway-auth.js +156 -0
- package/dist/core/gateway-auth.js.map +1 -0
- package/dist/core/gateway-probe.d.ts +5 -0
- package/dist/core/gateway-probe.d.ts.map +1 -1
- package/dist/core/gateway-probe.js +2 -1
- package/dist/core/gateway-probe.js.map +1 -1
- package/dist/core/gateway-spawn.d.ts.map +1 -1
- package/dist/core/gateway-spawn.js +5 -2
- package/dist/core/gateway-spawn.js.map +1 -1
- package/dist/core/server.d.ts.map +1 -1
- package/dist/core/server.js +21 -1
- package/dist/core/server.js.map +1 -1
- package/dist/core/tunnel/auth-proxy.d.ts +3 -2
- package/dist/core/tunnel/auth-proxy.d.ts.map +1 -1
- package/dist/core/tunnel/auth-proxy.js +8 -34
- package/dist/core/tunnel/auth-proxy.js.map +1 -1
- package/dist/core/tunnel/manager.d.ts +4 -2
- package/dist/core/tunnel/manager.d.ts.map +1 -1
- package/dist/core/tunnel/manager.js +3 -2
- package/dist/core/tunnel/manager.js.map +1 -1
- package/dist/tui/client.d.ts +8 -0
- package/dist/tui/client.d.ts.map +1 -1
- package/dist/tui/client.js +5 -1
- package/dist/tui/client.js.map +1 -1
- package/package.json +1 -1
|
@@ -0,0 +1,156 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Optional, multi-token authentication for the Brigade gateway.
|
|
3
|
+
*
|
|
4
|
+
* The gateway is localhost-only and UNAUTHENTICATED by default: every local
|
|
5
|
+
* connection is the operator and is granted full scope (see the connection
|
|
6
|
+
* handler in `core/server.ts`). That is the right default for a single-user
|
|
7
|
+
* machine. When the operator configures one or more tokens — `gateway.auth`
|
|
8
|
+
* in brigade.json, or the `BRIGADE_GATEWAY_TOKENS` env var — the gateway flips
|
|
9
|
+
* to REQUIRING a valid token on every WebSocket connection, and `brigade
|
|
10
|
+
* expose`'s auth-proxy accepts those same tokens.
|
|
11
|
+
*
|
|
12
|
+
* MULTIPLE tokens are supported on purpose: hand a distinct token to each
|
|
13
|
+
* client/device, and revoke one without disturbing the others. Any token in
|
|
14
|
+
* the list is equally valid.
|
|
15
|
+
*
|
|
16
|
+
* A token may travel three ways so browsers, CLIs, and WebSocket libraries can
|
|
17
|
+
* all authenticate:
|
|
18
|
+
* - `Authorization: Bearer <token>`
|
|
19
|
+
* - `x-brigade-token: <token>` header
|
|
20
|
+
* - `?token=<token>` query string
|
|
21
|
+
*
|
|
22
|
+
* This module is the single source of truth shared by BOTH the gateway
|
|
23
|
+
* connection gate and the expose auth-proxy, so the two can never drift.
|
|
24
|
+
*/
|
|
25
|
+
import { randomBytes, timingSafeEqual } from "node:crypto";
|
|
26
|
+
/** Header carrying a raw token (no `Bearer ` prefix). Brigade-native name. */
|
|
27
|
+
export const TOKEN_HEADER = "x-brigade-token";
|
|
28
|
+
/**
|
|
29
|
+
* Constant-time string equality. Returns `false` (never throws) when the
|
|
30
|
+
* candidate is missing or a different length — `timingSafeEqual` itself throws
|
|
31
|
+
* on length mismatch, so we guard that first. The length check is not itself
|
|
32
|
+
* constant-time, but a token's length is not the secret; its bytes are.
|
|
33
|
+
*/
|
|
34
|
+
export function tokenMatches(expected, provided) {
|
|
35
|
+
if (!provided)
|
|
36
|
+
return false;
|
|
37
|
+
const a = Buffer.from(expected, "utf8");
|
|
38
|
+
const b = Buffer.from(provided, "utf8");
|
|
39
|
+
if (a.length !== b.length)
|
|
40
|
+
return false;
|
|
41
|
+
return timingSafeEqual(a, b);
|
|
42
|
+
}
|
|
43
|
+
/**
|
|
44
|
+
* `true` when `provided` equals ANY token in the list. Every token is compared
|
|
45
|
+
* (no early `break`) so the elapsed time can't reveal which token matched, or
|
|
46
|
+
* how many tokens are configured.
|
|
47
|
+
*/
|
|
48
|
+
export function matchesAnyToken(tokens, provided) {
|
|
49
|
+
if (!provided)
|
|
50
|
+
return false;
|
|
51
|
+
let ok = false;
|
|
52
|
+
for (const t of tokens) {
|
|
53
|
+
if (tokenMatches(t, provided))
|
|
54
|
+
ok = true;
|
|
55
|
+
}
|
|
56
|
+
return ok;
|
|
57
|
+
}
|
|
58
|
+
/** Pull a candidate token from the Authorization header, the token header, or `?token=`. */
|
|
59
|
+
export function extractToken(reqUrl, headers) {
|
|
60
|
+
const auth = headers["authorization"];
|
|
61
|
+
if (typeof auth === "string" && auth.toLowerCase().startsWith("bearer ")) {
|
|
62
|
+
const t = auth.slice(7).trim();
|
|
63
|
+
if (t.length > 0)
|
|
64
|
+
return t;
|
|
65
|
+
}
|
|
66
|
+
const hdr = headers[TOKEN_HEADER];
|
|
67
|
+
if (typeof hdr === "string" && hdr.length > 0)
|
|
68
|
+
return hdr;
|
|
69
|
+
if (Array.isArray(hdr) && hdr.length > 0 && hdr[0])
|
|
70
|
+
return hdr[0];
|
|
71
|
+
if (reqUrl) {
|
|
72
|
+
const qIdx = reqUrl.indexOf("?");
|
|
73
|
+
if (qIdx >= 0) {
|
|
74
|
+
const t = new URLSearchParams(reqUrl.slice(qIdx + 1)).get("token");
|
|
75
|
+
if (t)
|
|
76
|
+
return t;
|
|
77
|
+
}
|
|
78
|
+
}
|
|
79
|
+
return undefined;
|
|
80
|
+
}
|
|
81
|
+
/** Split a `BRIGADE_GATEWAY_TOKENS` value on commas and/or whitespace. */
|
|
82
|
+
function splitEnvTokens(raw) {
|
|
83
|
+
if (!raw)
|
|
84
|
+
return [];
|
|
85
|
+
return raw
|
|
86
|
+
.split(/[\s,]+/)
|
|
87
|
+
.map((s) => s.trim())
|
|
88
|
+
.filter((s) => s.length > 0);
|
|
89
|
+
}
|
|
90
|
+
/**
|
|
91
|
+
* Effective token list = `auth.token` (legacy single) ∪ `auth.tokens` ∪
|
|
92
|
+
* `BRIGADE_GATEWAY_TOKENS`, trimmed, blanks dropped, de-duplicated (order
|
|
93
|
+
* preserved). An empty result means the gateway stays unauthenticated.
|
|
94
|
+
*/
|
|
95
|
+
export function resolveGatewayTokens(auth, env = process.env) {
|
|
96
|
+
const out = [];
|
|
97
|
+
const seen = new Set();
|
|
98
|
+
const push = (t) => {
|
|
99
|
+
if (typeof t !== "string")
|
|
100
|
+
return;
|
|
101
|
+
const v = t.trim();
|
|
102
|
+
if (v.length > 0 && !seen.has(v)) {
|
|
103
|
+
seen.add(v);
|
|
104
|
+
out.push(v);
|
|
105
|
+
}
|
|
106
|
+
};
|
|
107
|
+
push(auth?.token);
|
|
108
|
+
for (const t of auth?.tokens ?? [])
|
|
109
|
+
push(t);
|
|
110
|
+
for (const t of splitEnvTokens(env.BRIGADE_GATEWAY_TOKENS))
|
|
111
|
+
push(t);
|
|
112
|
+
return out;
|
|
113
|
+
}
|
|
114
|
+
/**
|
|
115
|
+
* Whether the gateway should ENFORCE a token. Auth is on when there is at
|
|
116
|
+
* least one effective token AND the operator hasn't explicitly set
|
|
117
|
+
* `auth.mode: "none"` (the off-switch). Returns the resolved token list too so
|
|
118
|
+
* callers don't resolve twice.
|
|
119
|
+
*/
|
|
120
|
+
export function resolveGatewayAuth(auth, env = process.env) {
|
|
121
|
+
const tokens = resolveGatewayTokens(auth, env);
|
|
122
|
+
const required = tokens.length > 0 && auth?.mode !== "none";
|
|
123
|
+
return { required, tokens };
|
|
124
|
+
}
|
|
125
|
+
/** A fresh URL-safe token (192 bits of entropy, base64url, no padding). */
|
|
126
|
+
export function generateGatewayToken() {
|
|
127
|
+
return randomBytes(24).toString("base64url");
|
|
128
|
+
}
|
|
129
|
+
/** Mask a token for display — first 4 + last 4, the middle elided. */
|
|
130
|
+
export function maskToken(token) {
|
|
131
|
+
if (token.length <= 8)
|
|
132
|
+
return "*".repeat(Math.max(token.length, 1));
|
|
133
|
+
return `${token.slice(0, 4)}…${token.slice(-4)}`;
|
|
134
|
+
}
|
|
135
|
+
/**
|
|
136
|
+
* Pick the token a LOCAL client should present to reach an authenticated
|
|
137
|
+
* gateway on this machine. Priority: explicit override (a `--token` flag) →
|
|
138
|
+
* the `BRIGADE_GATEWAY_TOKEN` env var → the first configured token. Returns
|
|
139
|
+
* `undefined` when the gateway is unauthenticated — there is simply nothing to
|
|
140
|
+
* send and the connection works exactly as before.
|
|
141
|
+
*/
|
|
142
|
+
export function resolveClientToken(auth, opts = {}) {
|
|
143
|
+
const override = opts.override?.trim();
|
|
144
|
+
if (override)
|
|
145
|
+
return override;
|
|
146
|
+
const env = opts.env ?? process.env;
|
|
147
|
+
const single = env.BRIGADE_GATEWAY_TOKEN?.trim();
|
|
148
|
+
if (single)
|
|
149
|
+
return single;
|
|
150
|
+
return resolveGatewayTokens(auth, env)[0];
|
|
151
|
+
}
|
|
152
|
+
/** `ws` connection headers carrying the token, if any (empty object otherwise). */
|
|
153
|
+
export function clientAuthHeaders(token) {
|
|
154
|
+
return token ? { [TOKEN_HEADER]: token } : {};
|
|
155
|
+
}
|
|
156
|
+
//# sourceMappingURL=gateway-auth.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"gateway-auth.js","sourceRoot":"","sources":["../../src/core/gateway-auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAG3D,8EAA8E;AAC9E,MAAM,CAAC,MAAM,YAAY,GAAG,iBAAiB,CAAC;AAE9C;;;;;GAKG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,QAA4B;IAC1E,IAAI,CAAC,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC5B,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACxC,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACxC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACxC,OAAO,eAAe,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AAC9B,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAAC,MAAyB,EAAE,QAA4B;IACtF,IAAI,CAAC,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC5B,IAAI,EAAE,GAAG,KAAK,CAAC;IACf,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACxB,IAAI,YAAY,CAAC,CAAC,EAAE,QAAQ,CAAC;YAAE,EAAE,GAAG,IAAI,CAAC;IAC1C,CAAC;IACD,OAAO,EAAE,CAAC;AACX,CAAC;AAED,4FAA4F;AAC5F,MAAM,UAAU,YAAY,CAAC,MAA0B,EAAE,OAA4B;IACpF,MAAM,IAAI,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;IACtC,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC1E,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC/B,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,CAAC,CAAC;IAC5B,CAAC;IACD,MAAM,GAAG,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IAClC,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC;IAC1D,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC;QAAE,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC;IAClE,IAAI,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACjC,IAAI,IAAI,IAAI,CAAC,EAAE,CAAC;YACf,MAAM,CAAC,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACnE,IAAI,CAAC;gBAAE,OAAO,CAAC,CAAC;QACjB,CAAC;IACF,CAAC;IACD,OAAO,SAAS,CAAC;AAClB,CAAC;AAED,0EAA0E;AAC1E,SAAS,cAAc,CAAC,GAAuB;IAC9C,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,CAAC;IACpB,OAAO,GAAG;SACR,KAAK,CAAC,QAAQ,CAAC;SACf,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SACpB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AAC/B,CAAC;AAaD;;;;GAIG;AACH,MAAM,UAAU,oBAAoB,CACnC,IAAmC,EACnC,MAAyB,OAAO,CAAC,GAAG;IAEpC,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,IAAI,GAAG,CAAC,CAAqB,EAAQ,EAAE;QAC5C,IAAI,OAAO,CAAC,KAAK,QAAQ;YAAE,OAAO;QAClC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QACnB,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YAClC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACZ,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACb,CAAC;IACF,CAAC,CAAC;IACF,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAClB,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,MAAM,IAAI,EAAE;QAAE,IAAI,CAAC,CAAC,CAAC,CAAC;IAC5C,KAAK,MAAM,CAAC,IAAI,cAAc,CAAC,GAAG,CAAC,sBAAsB,CAAC;QAAE,IAAI,CAAC,CAAC,CAAC,CAAC;IACpE,OAAO,GAAG,CAAC;AACZ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,kBAAkB,CACjC,IAAmC,EACnC,MAAyB,OAAO,CAAC,GAAG;IAEpC,MAAM,MAAM,GAAG,oBAAoB,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC/C,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,IAAI,EAAE,IAAI,KAAK,MAAM,CAAC;IAC5D,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;AAC7B,CAAC;AAED,2EAA2E;AAC3E,MAAM,UAAU,oBAAoB;IACnC,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AAC9C,CAAC;AAED,sEAAsE;AACtE,MAAM,UAAU,SAAS,CAAC,KAAa;IACtC,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC;QAAE,OAAO,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC;IACpE,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;AAClD,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,kBAAkB,CACjC,IAAmC,EACnC,OAAuD,EAAE;IAEzD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC;IACvC,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC;IACpC,MAAM,MAAM,GAAG,GAAG,CAAC,qBAAqB,EAAE,IAAI,EAAE,CAAC;IACjD,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAC1B,OAAO,oBAAoB,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;AAC3C,CAAC;AAED,mFAAmF;AACnF,MAAM,UAAU,iBAAiB,CAAC,KAAyB;IAC1D,OAAO,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;AAC/C,CAAC"}
|
|
@@ -109,6 +109,11 @@ export interface GatewayProbeOptions {
|
|
|
109
109
|
port?: number;
|
|
110
110
|
/** Total wallclock budget. Default 1500ms — enough for a local boot, fast enough to keep `brigade status` snappy. */
|
|
111
111
|
timeoutMs?: number;
|
|
112
|
+
/** Token for an authenticated gateway. Omit when unauthenticated (default).
|
|
113
|
+
* A missing/wrong token against an authed gateway surfaces as
|
|
114
|
+
* `errorKind: "auth"` (the handshake 401), which callers report as
|
|
115
|
+
* "up, but the token was rejected" rather than "down". */
|
|
116
|
+
token?: string;
|
|
112
117
|
}
|
|
113
118
|
/**
|
|
114
119
|
* Open a WebSocket to the gateway and read its state-on-connect frame.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"gateway-probe.d.ts","sourceRoot":"","sources":["../../src/core/gateway-probe.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAUH,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"gateway-probe.d.ts","sourceRoot":"","sources":["../../src/core/gateway-probe.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAUH,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAC;AAG3D,eAAO,MAAM,gBAAgB,QAAwC,CAAC;AAEtE;;;;;;;;;;GAUG;AACH,eAAO,MAAM,sBAAsB,QAA8C,CAAC;AAElF;;;;;;GAMG;AACH,eAAO,MAAM,0BAA0B,QAAS,CAAC;AAEjD,qEAAqE;AACrE,MAAM,WAAW,gBAAgB;IAC/B,qDAAqD;IACrD,EAAE,EAAE,MAAM,CAAC;IACX,8DAA8D;IAC9D,GAAG,EAAE,MAAM,CAAC;IACZ,mEAAmE;IACnE,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;;GAGG;AACH,wBAAsB,kBAAkB,IAAI,OAAO,CAAC,IAAI,CAAC,CAwBxD;AAED;;;;;GAKG;AACH;yEACyE;AACzE,wBAAsB,aAAa,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,GAAG,SAAS,CAAC,CAYhG;AAED,wBAAgB,iBAAiB,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,gBAAgB,GAAG,SAAS,CAkBrF;AAED,8DAA8D;AAC9D,wBAAsB,kBAAkB,IAAI,OAAO,CAAC,IAAI,CAAC,CAoBxD;AAED;;;;GAIG;AACH,MAAM,MAAM,uBAAuB;AACjC,2DAA2D;AACzD,SAAS;AACX,gDAAgD;GAC9C,SAAS;AACX,kDAAkD;GAChD,KAAK;AACP,8EAA8E;GAC5E,MAAM;AACR,gCAAgC;GAC9B,KAAK;AACP,2CAA2C;GACzC,SAAS;AACX,8DAA8D;GAC5D,OAAO,CAAC;AAEZ,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,OAAO,CAAC;IACnB,GAAG,EAAE,MAAM,CAAC;IACZ,wEAAwE;IACxE,KAAK,CAAC,EAAE,oBAAoB,CAAC;IAC7B,6CAA6C;IAC7C,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,kEAAkE;IAClE,SAAS,CAAC,EAAE,uBAAuB,CAAC;IACpC,yEAAyE;IACzE,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,OAAO,GAAG,uBAAuB,CAa1E;AAED,MAAM,WAAW,mBAAmB;IAClC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,qHAAqH;IACrH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;;+DAG2D;IAC3D,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAMD;;;;GAIG;AACH,wBAAsB,YAAY,CAAC,IAAI,GAAE,mBAAwB,GAAG,OAAO,CAAC,kBAAkB,CAAC,CA0D9F;AAED;;;;GAIG;AACH,wBAAsB,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC,CAclD;AAED;;;;GAIG;AACH,wBAAsB,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC,CAoBlD;AAED;;;;;GAKG;AACH,wBAAgB,WAAW,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAQrE;AAED;8DAC8D;AAC9D,wBAAsB,OAAO,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAYhF;AAED;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAOnD"}
|
|
@@ -23,6 +23,7 @@ import * as path from "node:path";
|
|
|
23
23
|
import { WebSocket } from "ws";
|
|
24
24
|
import { BRIGADE_DIR } from "./config.js";
|
|
25
25
|
import { tryGetRuntimeContext } from "../storage/runtime-context.js";
|
|
26
|
+
import { clientAuthHeaders } from "./gateway-auth.js";
|
|
26
27
|
export const GATEWAY_PID_PATH = path.join(BRIGADE_DIR, "gateway.pid");
|
|
27
28
|
/**
|
|
28
29
|
* Out-of-process supervisor heartbeat. The gateway writes the file every
|
|
@@ -176,7 +177,7 @@ export async function probeGateway(opts = {}) {
|
|
|
176
177
|
const start = Date.now();
|
|
177
178
|
return await new Promise((resolve) => {
|
|
178
179
|
let settled = false;
|
|
179
|
-
const ws = new WebSocket(url, { handshakeTimeout: timeoutMs });
|
|
180
|
+
const ws = new WebSocket(url, { handshakeTimeout: timeoutMs, headers: clientAuthHeaders(opts.token) });
|
|
180
181
|
const finish = (result) => {
|
|
181
182
|
if (settled)
|
|
182
183
|
return;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"gateway-probe.js","sourceRoot":"","sources":["../../src/core/gateway-probe.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,OAAO,MAAM,kBAAkB,CAAC;AAC5C,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAElC,OAAO,EAAE,SAAS,EAAE,MAAM,IAAI,CAAC;AAE/B,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,oBAAoB,EAAE,MAAM,+BAA+B,CAAC;
|
|
1
|
+
{"version":3,"file":"gateway-probe.js","sourceRoot":"","sources":["../../src/core/gateway-probe.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,OAAO,MAAM,kBAAkB,CAAC;AAC5C,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAElC,OAAO,EAAE,SAAS,EAAE,MAAM,IAAI,CAAC;AAE/B,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,oBAAoB,EAAE,MAAM,+BAA+B,CAAC;AAErE,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAEtD,MAAM,CAAC,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;AAEtE;;;;;;;;;;GAUG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,mBAAmB,CAAC,CAAC;AAElF;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,0BAA0B,GAAG,MAAM,CAAC;AAYjD;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB;IACtC,MAAM,OAAO,GAAqB;QAChC,EAAE,EAAE,IAAI,CAAC,GAAG,EAAE;QACd,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,QAAQ,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,IAAI,CAAC;KAC9C,CAAC;IAEF,mEAAmE;IACnE,iEAAiE;IACjE,MAAM,IAAI,GAAG,oBAAoB,EAAE,CAAC;IACpC,IAAI,IAAI,EAAE,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC5B,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;QACpD,CAAC;QAAC,MAAM,CAAC;YACP,+DAA+D;YAC/D,yDAAyD;QAC3D,CAAC;QACD,OAAO;IACT,CAAC;IAED,MAAM,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,sBAAsB,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC/E,MAAM,GAAG,GAAG,GAAG,sBAAsB,MAAM,CAAC;IAC5C,MAAM,OAAO,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,CAAC;IAC9D,MAAM,OAAO,CAAC,MAAM,CAAC,GAAG,EAAE,sBAAsB,CAAC,CAAC;AACpD,CAAC;AAED;;;;;GAKG;AACH;yEACyE;AACzE,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,YAAqB;IACvD,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;QAC/B,MAAM,IAAI,GAAG,oBAAoB,EAAE,CAAC;QACpC,IAAI,IAAI,EAAE,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC5B,IAAI,CAAC;gBACH,OAAO,CAAC,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,aAAa,EAAE,CAAiC,CAAC;YACrF,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,SAAS,CAAC;YACnB,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,iBAAiB,CAAC,YAAY,CAAC,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,YAAqB;IACrD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,IAAI,sBAAsB,EAAE,MAAM,CAAC,CAAC;QAC5E,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAA8B,CAAC;QAC5D,IACE,OAAO,MAAM,CAAC,EAAE,KAAK,QAAQ;YAC7B,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ;YAC9B,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ;YACnC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC1B,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC;YAC3B,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,EAChC,CAAC;YACD,OAAO,MAA0B,CAAC;QACpC,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,8DAA8D;AAC9D,MAAM,CAAC,KAAK,UAAU,kBAAkB;IACtC,2EAA2E;IAC3E,0EAA0E;IAC1E,MAAM,IAAI,GAAG,oBAAoB,EAAE,CAAC;IACpC,IAAI,IAAI,EAAE,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC5B,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,cAAc,EAAE,CAAC;QAC7C,CAAC;QAAC,MAAM,CAAC;YACP,mEAAmE;QACrE,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC;IAC/C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAK,GAA6B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACrD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;AACH,CAAC;AAoCD;;;;;GAKG;AACH,MAAM,UAAU,oBAAoB,CAAC,GAAY;IAC/C,MAAM,GAAG,GAAG,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;IACnF,4EAA4E;IAC5E,yCAAyC;IACzC,IAAI,GAAG,CAAC,QAAQ,CAAC,cAAc,CAAC;QAAE,OAAO,SAAS,CAAC;IACnD,IAAI,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC;QAAE,OAAO,KAAK,CAAC;IACxG,IAAI,GAAG,CAAC,QAAQ,CAAC,cAAc,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC;QAAE,OAAO,SAAS,CAAC;IAClF,IAAI,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAC7G,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,GAAG,CAAC,QAAQ,CAAC,4BAA4B,CAAC;QAAE,OAAO,MAAM,CAAC;IAC9D,IAAI,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC;QAAE,OAAO,SAAS,CAAC;IAC1G,OAAO,OAAO,CAAC;AACjB,CAAC;AAcD,MAAM,kBAAkB,GAAG,IAAI,CAAC;AAChC,MAAM,YAAY,GAAG,WAAW,CAAC;AACjC,MAAM,YAAY,GAAG,IAAI,CAAC;AAE1B;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,OAA4B,EAAE;IAC/D,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,YAAY,CAAC;IACvC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,YAAY,CAAC;IACvC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,kBAAkB,CAAC;IACvD,MAAM,GAAG,GAAG,QAAQ,IAAI,IAAI,IAAI,EAAE,CAAC;IACnC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,OAAO,MAAM,IAAI,OAAO,CAAqB,CAAC,OAAO,EAAE,EAAE;QACvD,IAAI,OAAO,GAAG,KAAK,CAAC;QACpB,MAAM,EAAE,GAAG,IAAI,SAAS,CAAC,GAAG,EAAE,EAAE,gBAAgB,EAAE,SAAS,EAAE,OAAO,EAAE,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACvG,MAAM,MAAM,GAAG,CAAC,MAA0B,EAAQ,EAAE;YAClD,IAAI,OAAO;gBAAE,OAAO;YACpB,OAAO,GAAG,IAAI,CAAC;YACf,IAAI,CAAC;gBACH,EAAE,CAAC,kBAAkB,EAAE,CAAC;gBACxB,sEAAsE;gBACtE,+DAA+D;gBAC/D,kEAAkE;gBAClE,mEAAmE;gBACnE,uEAAuE;gBACvE,uEAAuE;gBACvE,yDAAyD;gBACzD,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;gBACzB,EAAE,CAAC,KAAK,EAAE,CAAC;YACb,CAAC;YAAC,MAAM,CAAC;gBACP,6DAA6D;YAC/D,CAAC;YACD,OAAO,CAAC,MAAM,CAAC,CAAC;QAClB,CAAC,CAAC;QACF,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YAC5B,MAAM,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,mBAAmB,SAAS,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,CAAC;QACnG,CAAC,EAAE,SAAS,CAAC,CAAC;QACd,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACrB,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,MAAM,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,SAAS,EAAE,oBAAoB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC9F,CAAC,CAAC,CAAC;QACH,EAAE,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,EAAE;YACxB,qEAAqE;YACrE,qEAAqE;YACrE,mEAAmE;YACnE,oBAAoB;YACpB,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAC7E,IAAI,MAAM,EAAE,IAAI,KAAK,OAAO,IAAI,MAAM,EAAE,KAAK,KAAK,OAAO,IAAI,MAAM,EAAE,OAAO,EAAE,CAAC;oBAC7E,MAAM,CAAC;wBACL,SAAS,EAAE,IAAI;wBACf,GAAG;wBACH,KAAK,EAAE,MAAM,CAAC,OAA+B;wBAC7C,KAAK,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;qBAC1B,CAAC,CAAC;oBACH,OAAO;gBACT,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,gEAAgE;YAClE,CAAC;YACD,MAAM,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,EAAE,CAAC,CAAC;QAC9D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY;IAChC,6DAA6D;IAC7D,MAAM,IAAI,GAAG,oBAAoB,EAAE,CAAC;IACpC,IAAI,IAAI,EAAE,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC5B,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAClD,CAAC;QAAC,MAAM,CAAC;YACP,sEAAsE;QACxE,CAAC;QACD,OAAO;IACT,CAAC;IAED,MAAM,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzE,MAAM,OAAO,CAAC,SAAS,CAAC,gBAAgB,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,CAAC;AACzE,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY;IAChC,6DAA6D;IAC7D,iEAAiE;IACjE,MAAM,IAAI,GAAG,oBAAoB,EAAE,CAAC;IACpC,IAAI,IAAI,EAAE,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC5B,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;QACvC,CAAC;QAAC,MAAM,CAAC;YACP,qEAAqE;QACvE,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;IACzC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAK,GAA6B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACrD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,WAAW,CAAC,YAAqB;IAC/C,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,IAAI,gBAAgB,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;QAC7E,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;QACxB,OAAO,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED;8DAC8D;AAC9D,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,YAAqB;IACjD,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;QAC/B,MAAM,IAAI,GAAG,oBAAoB,EAAE,CAAC;QACpC,IAAI,IAAI,EAAE,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC5B,IAAI,CAAC;gBACH,OAAO,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;YAC7C,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,SAAS,CAAC;YACnB,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,WAAW,CAAC,YAAY,CAAC,CAAC;AACnC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAAC,GAAW;IACxC,IAAI,CAAC;QACH,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAQ,GAA6B,CAAC,IAAI,KAAK,OAAO,CAAC;IACzD,CAAC;AACH,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"gateway-spawn.d.ts","sourceRoot":"","sources":["../../src/core/gateway-spawn.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAaH,MAAM,WAAW,oBAAoB;IACpC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,0EAA0E;IAC1E,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,0EAA0E;IAC1E,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;CACrC;AAED,MAAM,WAAW,mBAAmB;IACnC,sEAAsE;IACtE,cAAc,EAAE,OAAO,CAAC;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;CACb;AAmED;;;;;;;;GAQG;AACH,wBAAsB,oBAAoB,CAAC,IAAI,GAAE,oBAAyB,GAAG,OAAO,CAAC,mBAAmB,CAAC,
|
|
1
|
+
{"version":3,"file":"gateway-spawn.d.ts","sourceRoot":"","sources":["../../src/core/gateway-spawn.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAaH,MAAM,WAAW,oBAAoB;IACpC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,0EAA0E;IAC1E,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,0EAA0E;IAC1E,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;CACrC;AAED,MAAM,WAAW,mBAAmB;IACnC,sEAAsE;IACtE,cAAc,EAAE,OAAO,CAAC;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;CACb;AAmED;;;;;;;;GAQG;AACH,wBAAsB,oBAAoB,CAAC,IAAI,GAAE,oBAAyB,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAwExG"}
|
|
@@ -96,7 +96,10 @@ export async function ensureGatewayRunning(opts = {}) {
|
|
|
96
96
|
const port = opts.port ?? (Number(process.env.BRIGADE_PORT) || DEFAULT_PORT);
|
|
97
97
|
const timeoutMs = opts.spawnTimeoutMs ?? DEFAULT_SPAWN_TIMEOUT_MS;
|
|
98
98
|
const existing = await probeGateway({ host, port, timeoutMs: PROBE_TIMEOUT_MS });
|
|
99
|
-
|
|
99
|
+
// An authenticated gateway answers our token-less liveness probe with a 401
|
|
100
|
+
// (errorKind "auth") — that still proves a gateway is listening, so treat it
|
|
101
|
+
// as already-running instead of spawning a duplicate onto the held port.
|
|
102
|
+
if (existing.reachable || existing.errorKind === "auth")
|
|
100
103
|
return { alreadyRunning: true, host, port };
|
|
101
104
|
opts.onStatus?.("starting Brigade service…");
|
|
102
105
|
const child = spawnDetachedGateway(host, port);
|
|
@@ -133,7 +136,7 @@ export async function ensureGatewayRunning(opts = {}) {
|
|
|
133
136
|
}
|
|
134
137
|
await sleep(SPAWN_POLL_INTERVAL_MS);
|
|
135
138
|
const probe = await probeGateway({ host, port, timeoutMs: PROBE_TIMEOUT_MS });
|
|
136
|
-
if (probe.reachable)
|
|
139
|
+
if (probe.reachable || probe.errorKind === "auth")
|
|
137
140
|
return { alreadyRunning: false, host, port };
|
|
138
141
|
lastError = probe.error;
|
|
139
142
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"gateway-spawn.js","sourceRoot":"","sources":["../../src/core/gateway-spawn.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAqB,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC9D,OAAO,OAAO,MAAM,cAAc,CAAC;AAEnC,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD,MAAM,sBAAsB,GAAG,GAAG,CAAC;AACnC,MAAM,wBAAwB,GAAG,MAAM,CAAC;AACxC,8EAA8E;AAC9E,MAAM,gBAAgB,GAAG,IAAI,CAAC;AAkB9B,SAAS,KAAK,CAAC,EAAU;IACxB,OAAO,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;AAC9C,CAAC;AAED;;;;;;;;;;;GAWG;AACH,SAAS,uBAAuB,CAAC,IAAY,EAAE,IAAY;IAC1D,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,EAAE,IAAI,EAAE,CAAC;IAChE,IAAI,QAAQ,EAAE,CAAC;QACd,IAAI,CAAC;YACJ,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAY,CAAC;YAC/C,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,MAAM,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;gBACjF,MAAM,GAAG,GAAW,MAAM,CAAC,CAAC,CAAC,CAAC;gBAC9B,MAAM,IAAI,GAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;gBAClE,+DAA+D;gBAC/D,+DAA+D;gBAC/D,iEAAiE;gBACjE,+DAA+D;gBAC/D,gEAAgE;gBAChE,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;YAC5B,CAAC;QACF,CAAC;QAAC,MAAM,CAAC;YACR,4DAA4D;QAC7D,CAAC;IACF,CAAC;IACD,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IACpC,IAAI,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CACd,oEAAoE;YACnE,mEAAmE;YACnE,sCAAsC,CACvC,CAAC;IACH,CAAC;IACD,OAAO;QACN,GAAG,EAAE,OAAO,CAAC,QAAQ;QACrB,IAAI,EAAE,CAAC,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,IAAI,CAAC;KAClF,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,IAAY,EAAE,IAAY;IACvD,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,uBAAuB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC1D,OAAO,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE;QACvB,6DAA6D;QAC7D,qEAAqE;QACrE,sDAAsD;QACtD,QAAQ,EAAE,IAAI;QACd,KAAK,EAAE,QAAQ;QACf,WAAW,EAAE,IAAI;QACjB,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,YAAY,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE;KACnD,CAAC,CAAC;IACH,2EAA2E;IAC3E,0EAA0E;IAC1E,+DAA+D;AAChE,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,OAA6B,EAAE;IACzE,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,WAAW,CAAC;IACtC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,YAAY,CAAC,CAAC;IAC7E,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,IAAI,wBAAwB,CAAC;IAElE,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,gBAAgB,EAAE,CAAC,CAAC;IACjF,IAAI,QAAQ,CAAC,SAAS;QAAE,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"gateway-spawn.js","sourceRoot":"","sources":["../../src/core/gateway-spawn.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAqB,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC9D,OAAO,OAAO,MAAM,cAAc,CAAC;AAEnC,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD,MAAM,sBAAsB,GAAG,GAAG,CAAC;AACnC,MAAM,wBAAwB,GAAG,MAAM,CAAC;AACxC,8EAA8E;AAC9E,MAAM,gBAAgB,GAAG,IAAI,CAAC;AAkB9B,SAAS,KAAK,CAAC,EAAU;IACxB,OAAO,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;AAC9C,CAAC;AAED;;;;;;;;;;;GAWG;AACH,SAAS,uBAAuB,CAAC,IAAY,EAAE,IAAY;IAC1D,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,EAAE,IAAI,EAAE,CAAC;IAChE,IAAI,QAAQ,EAAE,CAAC;QACd,IAAI,CAAC;YACJ,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAY,CAAC;YAC/C,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,MAAM,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;gBACjF,MAAM,GAAG,GAAW,MAAM,CAAC,CAAC,CAAC,CAAC;gBAC9B,MAAM,IAAI,GAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;gBAClE,+DAA+D;gBAC/D,+DAA+D;gBAC/D,iEAAiE;gBACjE,+DAA+D;gBAC/D,gEAAgE;gBAChE,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;YAC5B,CAAC;QACF,CAAC;QAAC,MAAM,CAAC;YACR,4DAA4D;QAC7D,CAAC;IACF,CAAC;IACD,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IACpC,IAAI,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CACd,oEAAoE;YACnE,mEAAmE;YACnE,sCAAsC,CACvC,CAAC;IACH,CAAC;IACD,OAAO;QACN,GAAG,EAAE,OAAO,CAAC,QAAQ;QACrB,IAAI,EAAE,CAAC,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,IAAI,CAAC;KAClF,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,IAAY,EAAE,IAAY;IACvD,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,uBAAuB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC1D,OAAO,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE;QACvB,6DAA6D;QAC7D,qEAAqE;QACrE,sDAAsD;QACtD,QAAQ,EAAE,IAAI;QACd,KAAK,EAAE,QAAQ;QACf,WAAW,EAAE,IAAI;QACjB,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,YAAY,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE;KACnD,CAAC,CAAC;IACH,2EAA2E;IAC3E,0EAA0E;IAC1E,+DAA+D;AAChE,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,OAA6B,EAAE;IACzE,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,WAAW,CAAC;IACtC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,YAAY,CAAC,CAAC;IAC7E,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,IAAI,wBAAwB,CAAC;IAElE,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,gBAAgB,EAAE,CAAC,CAAC;IACjF,4EAA4E;IAC5E,6EAA6E;IAC7E,yEAAyE;IACzE,IAAI,QAAQ,CAAC,SAAS,IAAI,QAAQ,CAAC,SAAS,KAAK,MAAM;QAAE,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAErG,IAAI,CAAC,QAAQ,EAAE,CAAC,2BAA2B,CAAC,CAAC;IAC7C,MAAM,KAAK,GAAG,oBAAoB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAE/C,wEAAwE;IACxE,0EAA0E;IAC1E,uEAAuE;IACvE,yEAAyE;IACzE,6EAA6E;IAC7E,0EAA0E;IAC1E,2EAA2E;IAC3E,IAAI,UAA6B,CAAC;IAClC,IAAI,SAA6E,CAAC;IAClF,MAAM,OAAO,GAAG,CAAC,GAAU,EAAQ,EAAE;QACpC,UAAU,GAAG,GAAG,CAAC;IAClB,CAAC,CAAC;IACF,MAAM,MAAM,GAAG,CAAC,IAAmB,EAAE,MAA6B,EAAQ,EAAE;QAC3E,SAAS,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;IAC9B,CAAC,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC7B,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE3B,IAAI,CAAC;QACJ,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;QACxC,IAAI,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC;QAC/B,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC;YAC9B,IAAI,UAAU,EAAE,CAAC;gBAChB,MAAM,IAAI,KAAK,CACd,uCAAuC,UAAU,CAAC,OAAO,IAAI;oBAC5D,8CAA8C,CAC/C,CAAC;YACH,CAAC;YACD,IAAI,SAAS,EAAE,CAAC;gBACf,MAAM,MAAM,GACX,SAAS,CAAC,IAAI,IAAI,IAAI,CAAC,CAAC,CAAC,aAAa,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,UAAU,SAAS,CAAC,MAAM,EAAE,CAAC;gBACvF,MAAM,IAAI,KAAK,CACd,qDAAqD,MAAM,KAAK;oBAC/D,oDAAoD;oBACpD,qDAAqD,CACtD,CAAC;YACH,CAAC;YACD,MAAM,KAAK,CAAC,sBAAsB,CAAC,CAAC;YACpC,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,gBAAgB,EAAE,CAAC,CAAC;YAC9E,IAAI,KAAK,CAAC,SAAS,IAAI,KAAK,CAAC,SAAS,KAAK,MAAM;gBAAE,OAAO,EAAE,cAAc,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;YAChG,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC;QACzB,CAAC;QACD,MAAM,IAAI,KAAK,CACd,iDAAiD,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG;YAC/E,CAAC,SAAS,CAAC,CAAC,CAAC,iBAAiB,SAAS,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YAChD,2DAA2D,CAC5D,CAAC;IACH,CAAC;YAAS,CAAC;QACV,sEAAsE;QACtE,uEAAuE;QACvE,yEAAyE;QACzE,KAAK,CAAC,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACvC,KAAK,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACrC,mEAAmE;QACnE,mEAAmE;QACnE,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QAC5B,KAAK,CAAC,KAAK,EAAE,CAAC;IACf,CAAC;AACF,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/core/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/core/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AA2QH,OAAO,EAAE,KAAK,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAUzD,MAAM,WAAW,aAAa;IAC7B,+DAA+D;IAC/D,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,6EAA6E;IAC7E,IAAI,CAAC,EAAE,MAAM,CAAC;IACd;;;;;OAKG;IACH,aAAa,CAAC,EAAE,aAAa,CAAC;CAC9B;AAED,MAAM,WAAW,YAAY;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CACtB;AA8FD,wBAAsB,WAAW,CAAC,IAAI,GAAE,aAAkB,GAAG,OAAO,CAAC,YAAY,CAAC,CAwKjF"}
|
package/dist/core/server.js
CHANGED
|
@@ -134,6 +134,7 @@ import { getBrigadeWorkspaceDir, loadConfig, saveConfig } from "./config.js";
|
|
|
134
134
|
import { mutateConfigAtomic } from "../config/io.js";
|
|
135
135
|
import { acquireGatewayLock } from "./gateway-lock.js";
|
|
136
136
|
import { clearHeartbeatFile, clearPidFile, writeHeartbeatFile, writePidFile } from "./gateway-probe.js";
|
|
137
|
+
import { extractToken, matchesAnyToken, resolveGatewayAuth } from "./gateway-auth.js";
|
|
137
138
|
// Persist a model selection to brigade.json's new wizard-shape (the lifted
|
|
138
139
|
// code expected the older flat `defaultProvider`/`defaultModelId` fields).
|
|
139
140
|
// Writes through the same `agents.defaults.{provider, model.primary}` path
|
|
@@ -1441,7 +1442,26 @@ async function continueBoot(args) {
|
|
|
1441
1442
|
// value the handshake's `HelloOk.policy.maxBufferedBytes` field advertises;
|
|
1442
1443
|
// at 2× the payload cap a client this far behind is a stuck/slow consumer.
|
|
1443
1444
|
const MAX_WS_BUFFERED_BYTES = 64 * 1024 * 1024; // 64 MiB
|
|
1444
|
-
|
|
1445
|
+
// Optional, opt-in gateway authentication (see core/gateway-auth.ts).
|
|
1446
|
+
// DEFAULT — no tokens configured — resolves to `required:false`, so the
|
|
1447
|
+
// gateway stays unauthenticated + localhost-only exactly as before; this
|
|
1448
|
+
// feature NEVER changes behaviour until the operator sets
|
|
1449
|
+
// `gateway.auth.tokens` (or the BRIGADE_GATEWAY_TOKENS env var). When tokens
|
|
1450
|
+
// ARE present we install a `verifyClient` gate that rejects the WS upgrade
|
|
1451
|
+
// with 401 unless a valid token rides in via `Authorization: Bearer`,
|
|
1452
|
+
// `x-brigade-token`, or `?token=`. We gate ONLY the WS control surface (every
|
|
1453
|
+
// connection is granted operator scope) — NOT the HTTP routes, which carry
|
|
1454
|
+
// inbound channel webhooks that must stay reachable. Resolved once at boot;
|
|
1455
|
+
// token changes take effect on the next gateway start.
|
|
1456
|
+
const gatewayAuth = resolveGatewayAuth(loadConfig().gateway?.auth, process.env);
|
|
1457
|
+
const wssOptions = { server: httpServer, maxPayload: MAX_WS_PAYLOAD_BYTES };
|
|
1458
|
+
if (gatewayAuth.required) {
|
|
1459
|
+
wssOptions.verifyClient = (info) => matchesAnyToken(gatewayAuth.tokens, extractToken(info.req.url, info.req.headers));
|
|
1460
|
+
}
|
|
1461
|
+
const wss = new WebSocketServer(wssOptions);
|
|
1462
|
+
if (gatewayAuth.required) {
|
|
1463
|
+
bootLog(`authentication enabled — clients must present a valid token (${gatewayAuth.tokens.length} configured)`);
|
|
1464
|
+
}
|
|
1445
1465
|
// `WebSocketServer` re-emits errors from the underlying httpServer (and
|
|
1446
1466
|
// can emit its own — bad upgrade frame, etc). With NO 'error' listener on
|
|
1447
1467
|
// wss, Node's EventEmitter throws the error, crashing the process with an
|