@stacksjs/rpx 0.11.13 → 0.11.15

package/src/proxy-handler.ts

@@ -1,5 +1,5 @@
 /**
- * The fetch handler used by the shared :443 server. Both the in-process
+ * The request handlers used by the shared :443 server. Both the in-process
  * multi-proxy mode in `start.ts` and the long-running daemon delegate to this
  * module so routing semantics stay in one place.
  *
@@ -7,37 +7,108 @@
  * The callback indirection lets each caller use whatever data structure makes
  * sense (a fixed Map at startup, or a hot-swappable registry view) without
  * coupling this module to either.
+ *
+ * Three transports are supported per route:
+ *   - HTTP(S) proxying via `fetch()` to an upstream `host:port`.
+ *   - WebSocket proxying via `server.upgrade()` + an upstream `WebSocket`.
+ *   - Static file serving from a local directory (`route.static`).
  */
+import type { ServerWebSocket } from 'bun'
+import type { ResolvedStaticRoute } from './static-files'
 import type { PathRewrite } from './types'
-import { debugLog } from './utils'
-import { resolvePathRewrite } from './utils'
+import { serveStaticFile } from './static-files'
+import { debugLog, resolvePathRewrite } from './utils'
 
 export interface ProxyRoute {
-  /** Upstream `host:port` to forward requests to (e.g. `localhost:5173`). */
-  sourceHost: string
+  /**
+   * Upstream `host:port` to forward requests to (e.g. `localhost:5173`).
+   * Optional when `static` is set.
+   */
+  sourceHost?: string
   /** Strip `.html` suffix and 301 to clean URLs. */
   cleanUrls?: boolean
   /** Set the `origin` header to the target. */
   changeOrigin?: boolean
   /** Per-route path rewrites (vite/nginx-style prefix routing). */
   pathRewrites?: PathRewrite[]
+  /** When set, serve files from a local directory instead of proxying. */
+  static?: ResolvedStaticRoute
 }
 
 export type GetRoute = (hostname: string) => ProxyRoute | undefined
 
-export type ProxyFetchHandler = (req: Request) => Promise<Response>
+export type ProxyFetchHandler = (req: Request, server?: ProxyServer) => Promise<Response | undefined>
+
+/** Minimal shape of the Bun server needed for WebSocket upgrades. */
+export interface ProxyServer {
+  // Loose `any` so it structurally accepts Bun's `Server<WebSocketData>` for
+  // any data generic (the daemon/start callers parameterize differently).
+  upgrade: (req: Request, options?: { data?: any, headers?: any }) => boolean
+}
+
+/** Data attached to an upgraded client socket so the ws handler can dial upstream. */
+interface WsData {
+  targetUrl: string
+  forwardHeaders: Record<string, string>
+}
+
+/** Per-socket state: the upstream client + a buffer for early client frames. */
+interface WsState {
+  upstream: WebSocket
+  upstreamOpen: boolean
+  pending: Array<string | ArrayBufferLike | Uint8Array>
+}
+
+const HOP_BY_HOP = new Set([
+  'connection',
+  'keep-alive',
+  'proxy-authenticate',
+  'proxy-authorization',
+  'te',
+  'trailer',
+  'transfer-encoding',
+  'upgrade',
+  'sec-websocket-key',
+  'sec-websocket-version',
+  'sec-websocket-extensions',
+])
+
+function extractHostname(req: Request): string {
+  const hostHeader = req.headers.get('host') || ''
+  // Strip port (`stacks.localhost:443` → `stacks.localhost`).
+  return hostHeader.split(':')[0]
+}
+
+/**
+ * Resolve the upstream target (`host` + `path`) for a request against a route,
+ * applying any matching path rewrite.
+ */
+function resolveTarget(req: Request, route: ProxyRoute, verbose?: boolean): { targetHost: string, targetPath: string, search: string } {
+  const url = new URL(req.url)
+  let targetHost = route.sourceHost ?? ''
+  let targetPath = url.pathname
+
+  const rewriteMatch = resolvePathRewrite(url.pathname, route.pathRewrites)
+  if (rewriteMatch) {
+    targetHost = rewriteMatch.targetHost
+    targetPath = rewriteMatch.targetPath
+    debugLog('request', `Path rewrite: ${url.pathname} → ${targetHost}${targetPath}`, verbose)
+  }
+
+  return { targetHost, targetPath, search: url.search }
+}
 
 /**
  * Build a Bun.serve-compatible `fetch` handler that routes requests based on
  * the `Host` header. Returns 404 when no route matches and 502 on upstream
- * failures.
+ * failures. When a request is a WebSocket upgrade and `server` is supplied, it
+ * is upgraded (returns `undefined` so Bun completes the handshake) and the
+ * traffic is handled by the `websocket` handler from {@link createProxyWebSocketHandler}.
  */
 export function createProxyFetchHandler(getRoute: GetRoute, verbose?: boolean): ProxyFetchHandler {
-  return async (req: Request): Promise<Response> => {
+  return async (req: Request, server?: ProxyServer): Promise<Response | undefined> => {
     const url = new URL(req.url)
-    const hostHeader = req.headers.get('host') || ''
-    // Strip port (`stacks.localhost:443` → `stacks.localhost`).
-    const hostname = hostHeader.split(':')[0]
+    const hostname = extractHostname(req)
 
     const route = getRoute(hostname)
     if (!route) {
@@ -45,19 +116,42 @@ export function createProxyFetchHandler(getRoute: GetRoute, verbose?: boolean):
       return new Response(`No proxy configured for ${hostname}`, { status: 404 })
     }
 
-    let targetHost = route.sourceHost
-    let targetPath = url.pathname
+    // Static file serving short-circuits everything else.
+    if (route.static)
+      return serveStaticFile(url.pathname, route.static)
+
+    // WebSocket upgrade: hand the socket to Bun and dial the upstream on open.
+    if (req.headers.get('upgrade')?.toLowerCase() === 'websocket') {
+      if (!server || !route.sourceHost)
+        return new Response('WebSocket upgrade not supported here', { status: 400 })
+
+      const { targetHost, targetPath, search } = resolveTarget(req, route, verbose)
+      const targetUrl = `ws://${targetHost}${targetPath}${search}`
 
-    // Per-route path rewrites: prefix preserved by default, matching Vite /
-    // nginx / http-proxy-middleware semantics. See `resolvePathRewrite`.
-    const rewriteMatch = resolvePathRewrite(url.pathname, route.pathRewrites)
-    if (rewriteMatch) {
-      targetHost = rewriteMatch.targetHost
-      targetPath = rewriteMatch.targetPath
-      debugLog('request', `Path rewrite: ${url.pathname} → ${targetHost}${targetPath}`, verbose)
+      const forwardHeaders: Record<string, string> = {}
+      for (const [k, v] of req.headers) {
+        if (!HOP_BY_HOP.has(k.toLowerCase()) && k.toLowerCase() !== 'host')
+          forwardHeaders[k] = v
+      }
+      forwardHeaders.host = targetHost
+      forwardHeaders['x-forwarded-for'] = '127.0.0.1'
+      forwardHeaders['x-forwarded-proto'] = 'https'
+      forwardHeaders['x-forwarded-host'] = hostname
+
+      const data: WsData = { targetUrl, forwardHeaders }
+      const ok = server.upgrade(req, { data })
+      if (ok) {
+        debugLog('ws', `upgraded ${hostname}${targetPath} → ${targetUrl}`, verbose)
+        return undefined
+      }
+      return new Response('WebSocket upgrade failed', { status: 400 })
     }
 
-    const targetUrl = `http://${targetHost}${targetPath}${url.search}`
+    if (!route.sourceHost)
+      return new Response(`No upstream configured for ${hostname}`, { status: 502 })
+
+    const { targetHost, targetPath, search } = resolveTarget(req, route, verbose)
+    const targetUrl = `http://${targetHost}${targetPath}${search}`
 
     try {
       const headers = new Headers(req.headers)
@@ -97,3 +191,72 @@ export function createProxyFetchHandler(getRoute: GetRoute, verbose?: boolean):
     }
   }
 }
+
+/**
+ * Build the `websocket` handler block for Bun.serve. It opens an upstream
+ * `WebSocket` per client socket, buffers client→upstream frames until the
+ * upstream connection is open, and pipes messages, closes and errors in both
+ * directions with a clean teardown.
+ */
+export function createProxyWebSocketHandler(verbose?: boolean) {
+  const state = new WeakMap<ServerWebSocket<WsData>, WsState>()
+
+  return {
+    open(ws: ServerWebSocket<WsData>): void {
+      const { targetUrl, forwardHeaders } = ws.data
+      let upstream: WebSocket
+      try {
+        // Bun's WebSocket accepts a `headers` option (control-channel auth etc.).
+        upstream = new WebSocket(targetUrl, { headers: forwardHeaders } as any)
+      }
+      catch (err) {
+        debugLog('ws', `failed to open upstream ${targetUrl}: ${err}`, verbose)
+        ws.close(1011, 'upstream connect failed')
+        return
+      }
+      upstream.binaryType = 'arraybuffer'
+      const st: WsState = { upstream, upstreamOpen: false, pending: [] }
+      state.set(ws, st)
+
+      upstream.addEventListener('open', () => {
+        st.upstreamOpen = true
+        for (const frame of st.pending)
+          upstream.send(frame as any)
+        st.pending = []
+      })
+      upstream.addEventListener('message', (ev: MessageEvent) => {
+        // Forward both binary (ArrayBuffer) and text frames to the client.
+        ws.send(ev.data as any)
+      })
+      upstream.addEventListener('close', (ev: CloseEvent) => {
+        try { ws.close(ev.code || 1000, ev.reason || '') }
+        catch { /* already closing */ }
+      })
+      upstream.addEventListener('error', () => {
+        debugLog('ws', `upstream error for ${targetUrl}`, verbose)
+        try { ws.close(1011, 'upstream error') }
+        catch { /* already closing */ }
+      })
+    },
+
+    message(ws: ServerWebSocket<WsData>, message: string | Buffer): void {
+      const st = state.get(ws)
+      if (!st)
+        return
+      const frame = typeof message === 'string' ? message : new Uint8Array(message)
+      if (st.upstreamOpen)
+        st.upstream.send(frame as any)
+      else
+        st.pending.push(frame)
+    },
+
+    close(ws: ServerWebSocket<WsData>, code: number, reason: string): void {
+      const st = state.get(ws)
+      if (!st)
+        return
+      state.delete(ws)
+      try { st.upstream.close(code || 1000, reason || '') }
+      catch { /* already closed */ }
+    },
+  }
+}

package/src/registry.ts

@@ -14,7 +14,7 @@
  *   - `id` is validated against a strict charset to keep it from escaping
  *     the registry directory.
  */
-import type { PathRewrite } from './types'
+import type { PathRewrite, StaticRouteConfig } from './types'
 import * as fs from 'node:fs'
 import * as fsp from 'node:fs/promises'
 import { homedir } from 'node:os'
@@ -24,7 +24,8 @@ import { debugLog } from './utils'
 
 export interface RegistryEntry {
   id: string
-  from: string
+  /** Upstream `host:port`. Optional when `static` is set. */
+  from?: string
   to: string
   /**
    * Optional. PID of the long-running process that owns this entry. When set,
@@ -38,6 +39,8 @@ export interface RegistryEntry {
   pathRewrites?: PathRewrite[]
   cleanUrls?: boolean
   changeOrigin?: boolean
+  /** Serve a local directory for this route instead of proxying. */
+  static?: string | StaticRouteConfig
 }
 
 const ID_PATTERN = /^[a-zA-Z0-9._-]+$/
@@ -89,9 +92,13 @@ function isValidEntry(value: unknown): value is RegistryEntry {
   // (manual entries from `rpx register`) the daemon's PID-GC skips it.
   const pidOk = e.pid === undefined
     || (typeof e.pid === 'number' && Number.isInteger(e.pid) && e.pid > 0)
+  // A route forwards to an upstream (`from`) OR serves files (`static`).
+  const hasFrom = typeof e.from === 'string' && e.from.length > 0
+  const hasStatic = typeof e.static === 'string'
+    || (!!e.static && typeof e.static === 'object' && typeof (e.static as StaticRouteConfig).dir === 'string')
   return (
     typeof e.id === 'string' && isValidId(e.id)
-    && typeof e.from === 'string' && e.from.length > 0
+    && (hasFrom || hasStatic)
     && typeof e.to === 'string' && e.to.length > 0
     && pidOk
     && typeof e.createdAt === 'string'
@@ -272,6 +279,7 @@ export function watchRegistry(
           pathRewrites: entry.pathRewrites,
           cleanUrls: entry.cleanUrls,
           changeOrigin: entry.changeOrigin,
+          static: entry.static,
         }))
         .sort((a, b) => a.id.localeCompare(b.id)),
     )

package/src/sni.ts

@@ -0,0 +1,93 @@
+/**
+ * Build a Bun.serve TLS array for per-domain SNI from real PEM files on disk.
+ *
+ * Production deployments (Let's Encrypt) have one cert+key per domain. Bun's
+ * `Bun.serve({ tls: [{ serverName, cert, key }, ...] })` selects the right cert
+ * by SNI server name at handshake time, so a single listener can front many
+ * domains with their own real certs.
+ */
+import type { DomainCert, ProductionTlsConfig } from './types'
+import * as fsp from 'node:fs/promises'
+import * as path from 'node:path'
+import { debugLog } from './utils'
+
+/** One entry of the Bun.serve `tls` array. */
+export interface SniTlsEntry {
+  serverName: string
+  cert: string
+  key: string
+}
+
+/**
+ * Map a PEM filename under a `certsDir` to its SNI server name. Returns `null`
+ * for files that aren't `<name>.crt`. The wildcard convention
+ * `_wildcard.<apex>.crt` maps to server name `*.<apex>`.
+ */
+export function serverNameFromCertFilename(filename: string): string | null {
+  if (!filename.endsWith('.crt'))
+    return null
+  const base = filename.slice(0, -'.crt'.length)
+  if (base.length === 0)
+    return null
+  if (base.startsWith('_wildcard.'))
+    return `*.${base.slice('_wildcard.'.length)}`
+  return base
+}
+
+async function readPair(serverName: string, certPath: string, keyPath: string, verbose?: boolean): Promise<SniTlsEntry | null> {
+  try {
+    const [cert, key] = await Promise.all([
+      fsp.readFile(certPath, 'utf8'),
+      fsp.readFile(keyPath, 'utf8'),
+    ])
+    return { serverName, cert, key }
+  }
+  catch (err) {
+    debugLog('sni', `skipping ${serverName}: ${(err as Error).message}`, verbose)
+    return null
+  }
+}
+
+/**
+ * Build the SNI TLS array from a {@link ProductionTlsConfig}. Reads PEM files
+ * from an explicit `domains` map and/or a `certsDir` convention. Files that
+ * can't be read are skipped (logged in verbose mode). Returns `[]` when nothing
+ * usable is found so the caller can fall back to the dev cert flow.
+ */
+export async function buildSniTlsConfig(cfg: ProductionTlsConfig, verbose?: boolean): Promise<SniTlsEntry[]> {
+  const bySrvName = new Map<string, DomainCert>()
+
+  if (cfg.certsDir) {
+    let names: string[] = []
+    try {
+      names = await fsp.readdir(cfg.certsDir)
+    }
+    catch (err) {
+      debugLog('sni', `certsDir read failed (${cfg.certsDir}): ${(err as Error).message}`, verbose)
+    }
+    for (const name of names) {
+      const serverName = serverNameFromCertFilename(name)
+      if (!serverName)
+        continue
+      const base = name.slice(0, -'.crt'.length)
+      bySrvName.set(serverName, {
+        certPath: path.join(cfg.certsDir, name),
+        keyPath: path.join(cfg.certsDir, `${base}.key`),
+      })
+    }
+  }
+
+  // Explicit `domains` entries take precedence over `certsDir` discoveries.
+  if (cfg.domains) {
+    for (const [serverName, pair] of Object.entries(cfg.domains))
+      bySrvName.set(serverName, pair)
+  }
+
+  const entries: SniTlsEntry[] = []
+  for (const [serverName, pair] of bySrvName) {
+    const entry = await readPair(serverName, pair.certPath, pair.keyPath, verbose)
+    if (entry)
+      entries.push(entry)
+  }
+  return entries
+}

package/src/start.ts

@@ -20,8 +20,10 @@ import { addHosts, checkHosts, removeHosts } from './hosts'
 import { checkExistingCertificates, cleanupCertificates, generateCertificate, httpsConfig, loadSSLConfig } from './https'
 import { DefaultPortManager, findAvailablePort, isPortInUse } from './port-manager'
 import { ProcessManager } from './process-manager'
-import { createProxyFetchHandler } from './proxy-handler'
-import type { ProxyRoute } from './proxy-handler'
+import { createProxyFetchHandler, createProxyWebSocketHandler } from './proxy-handler'
+import type { ProxyRoute, ProxyServer as ProxyServerLike } from './proxy-handler'
+import { isWildcardPattern, matchHost } from './host-match'
+import { resolveStaticRoute } from './static-files'
 import { debugLog, getSudoPassword, safeStringify } from './utils'
 
 const processManager = new ProcessManager()
@@ -307,7 +309,7 @@ export async function startServer(options: SingleProxyConfig): Promise<void> {
 
   // Check and update hosts file for custom domains
   const hostsToCheck = [toUrl.hostname]
-  if (!toUrl.hostname.includes('localhost') && !toUrl.hostname.includes('127.0.0.1')) {
+  if (isHostsManagementEnabled(options) && !toUrl.hostname.includes('localhost') && !toUrl.hostname.includes('127.0.0.1')) {
     debugLog('hosts', `Checking if hosts file entry exists for: ${toUrl.hostname}`, options?.verbose)
 
     try {
@@ -709,9 +711,11 @@ export async function setupProxy(options: ProxySetupOptions): Promise<void> {
   // Use the global port manager if not provided
   const portManager = options.portManager || globalPortManager
 
+  const hostsEnabled = isHostsManagementEnabled(options)
+
   try {
     // Add an extra check to make sure the hostname is in the hosts file
-    if (to && !to.includes('localhost') && !to.includes('127.0.0.1')) {
+    if (hostsEnabled && to && !to.includes('localhost') && !to.includes('127.0.0.1')) {
       const hostsExist = await checkHosts([to], verbose)
       if (!hostsExist[0]) {
         log.warn(`The hostname ${to} isn't in your hosts file. Adding it now...`)
@@ -728,7 +732,7 @@ export async function setupProxy(options: ProxySetupOptions): Promise<void> {
     else {
       // On macOS, *.localhost domains resolve to 127.0.0.1 automatically (RFC 6761)
       // so we don't need to add them to /etc/hosts
-      if (process.platform !== 'darwin' && to && to.includes('localhost') && !to.match(/^(localhost|127\.0\.0\.1)$/)) {
+      if (hostsEnabled && process.platform !== 'darwin' && to && to.includes('localhost') && !to.match(/^(localhost|127\.0\.0\.1)$/)) {
         const hostsExist = await checkHosts([to], verbose)
         if (!hostsExist[0]) {
           debugLog('hosts', `${to} not found in hosts file, adding...`, verbose)
@@ -931,6 +935,23 @@ function getVerbose(options: any): boolean {
   return options?.verbose || false
 }
 
+/**
+ * Whether rpx may read/write `/etc/hosts`. Disabled when `hostsManagement` is
+ * explicitly `false`, or when `cleanup.hosts` is `false` (or `cleanup` is
+ * `false`). Real-server deployments with real DNS should set
+ * `hostsManagement: false` so rpx never touches `/etc/hosts`.
+ */
+function isHostsManagementEnabled(options: any): boolean {
+  if (options?.hostsManagement === false)
+    return false
+  const cleanup = options?.cleanup
+  if (cleanup === false)
+    return false
+  if (cleanup && typeof cleanup === 'object' && cleanup.hosts === false)
+    return false
+  return true
+}
+
 export async function startProxies(options?: ProxyOptions): Promise<void> {
   // Allow re-using a previous SSL config between multiple startProxies calls
   // This is particularly important for the Vite plugin
@@ -957,8 +978,13 @@ export async function startProxies(options?: ProxyOptions): Promise<void> {
   }
 
   const verbose = getVerbose(mergedOptions)
+  // Master switch for /etc/hosts management. `hostsManagement: false` (real
+  // server with real DNS) or `cleanup: { hosts: false }` disables all hosts
+  // reads/writes. Defaults to enabled for backward compatibility.
+  const hostsEnabled = isHostsManagementEnabled(mergedOptions)
   debugLog('config', `Starting with config: ${safeStringify(mergedOptions, 2)}`, verbose)
   debugLog('config', `Is multi-proxy? ${'proxies' in mergedOptions}`, verbose)
+  debugLog('config', `Hosts management enabled? ${hostsEnabled}`, verbose)
 
   // viaDaemon mode short-circuits before any port binding / cert work — the
   // daemon owns all of that. We only need to register entries and block.
@@ -1072,7 +1098,7 @@ export async function startProxies(options?: ProxyOptions): Promise<void> {
   // Pre-acquire sudo credentials once so that all subsequent sudo operations
   // (cert trust, hosts file, DNS resolver) reuse the cached credential
   // without prompting again. `sudo -v` validates and caches for the timeout period.
-  if (process.platform !== 'win32' && (mergedOptions.https || mergedOptions.cleanup?.hosts !== false)) {
+  if (process.platform !== 'win32' && (mergedOptions.https || hostsEnabled)) {
     const sudoPassword = getSudoPassword()
     if (!sudoPassword) {
       try {
@@ -1151,7 +1177,10 @@ export async function startProxies(options?: ProxyOptions): Promise<void> {
     log.info(`  Consider using reserved TLDs: .test, .localhost, or .local`)
   }
 
-  if (process.platform === 'darwin' && customDomains.length > 0) {
+  // Local development DNS (resolver overrides + hosts entries) is a dev-only
+  // convenience. On a real server (`hostsManagement: false`) DNS is real, so
+  // skip it entirely — nothing under /etc should be touched.
+  if (hostsEnabled && process.platform === 'darwin' && customDomains.length > 0) {
     const { setupDevelopmentDns } = await import('./dns')
     const dnsStarted = await setupDevelopmentDns({ domains: customDomains, verbose })
     if (dnsStarted) {
@@ -1217,19 +1246,31 @@ export async function startProxies(options?: ProxyOptions): Promise<void> {
 
     for (const option of proxyOptions) {
       const domain = option.to || 'rpx.localhost'
-      const fromUrl = new URL(option.from?.startsWith('http') ? option.from : `http://${option.from}`)
+      const cleanUrls = option.cleanUrls || false
 
-      routingTable.set(domain, {
-        sourceHost: fromUrl.host,
-        cleanUrls: option.cleanUrls || false,
-        changeOrigin: option.changeOrigin || false,
-        pathRewrites: option.pathRewrites,
-      })
-
-      debugLog('proxies', `Route: ${domain} → ${fromUrl.host}`, verbose)
+      // Static-file route: serve a local directory instead of proxying.
+      if (option.static) {
+        routingTable.set(domain, {
+          static: resolveStaticRoute(option.static, cleanUrls),
+          cleanUrls,
+        })
+        debugLog('proxies', `Route: ${domain} → static ${typeof option.static === 'string' ? option.static : option.static.dir}`, verbose)
+      }
+      else {
+        const fromUrl = new URL(option.from?.startsWith('http') ? option.from : `http://${option.from}`)
+        routingTable.set(domain, {
+          sourceHost: fromUrl.host,
+          cleanUrls,
+          changeOrigin: option.changeOrigin || false,
+          pathRewrites: option.pathRewrites,
+        })
+        debugLog('proxies', `Route: ${domain} → ${fromUrl.host}`, verbose)
+      }
 
-      // Ensure hosts file entries exist for non-localhost domains
-      if (!domain.includes('localhost') && !domain.includes('127.0.0.1')) {
+      // Ensure hosts file entries exist for non-localhost domains. A wildcard
+      // domain (`*.example.com`) has no single hosts entry — skip it. Skipped
+      // entirely when hosts management is disabled (real-server mode).
+      if (hostsEnabled && !isWildcardPattern(domain) && !domain.includes('localhost') && !domain.includes('127.0.0.1')) {
         try {
           const hostsExist = await checkHosts([domain], verbose)
           if (!hostsExist[0]) {
@@ -1259,6 +1300,9 @@ export async function startProxies(options?: ProxyOptions): Promise<void> {
       return
     }
 
+    const sharedFetchHandler = createProxyFetchHandler(host => matchHost(routingTable, host), verbose)
+    const sharedWsHandler = createProxyWebSocketHandler(verbose)
+
     try {
       const bunServer = Bun.serve({
         port: listenPort,
@@ -1270,7 +1314,10 @@ export async function startProxies(options?: ProxyOptions): Promise<void> {
           requestCert: false,
           rejectUnauthorized: false,
         },
-        fetch: createProxyFetchHandler(host => routingTable.get(host), verbose),
+        fetch(req: Request, server: unknown) {
+          return sharedFetchHandler(req, server as ProxyServerLike)
+        },
+        websocket: sharedWsHandler,
         error(err: Error) {
           debugLog('server', `Shared proxy server error: ${err}`, verbose)
           return new Response(`Server Error: ${err.message}`, { status: 500 })