@stacksjs/rpx 0.11.3 → 0.11.5

package/dist/{chunk-gbny098p.js → chunk-sqn04kae.js}

@@ -1,2 +1,2 @@
 import{createRequire as a}from"node:module";var c=a(import.meta.url);
-export{c as H};
+export{c as I};

package/dist/chunk-wcerh8e8.js

@@ -0,0 +1 @@
+import{A as e,B as f,C as g,D as h,E as i,F as j,G as k,H as l,w as a,x as b,y as c,z as d}from"./chunk-cvt0dqrv.js";import"./chunk-sqn04kae.js";export{l as safeDeleteFile,k as resolvePathRewrite,e as isValidRootCA,i as isSingleProxyOptions,j as isSingleProxyConfig,h as isMultiProxyOptions,g as isMultiProxyConfig,a as getSudoPassword,f as getPrimaryDomain,d as extractHostname,b as execSudoSync,c as debugLog};

package/dist/https.d.ts

@@ -24,16 +24,3 @@ export declare function loadSSLConfig(options: ProxyOption): Promise<SSLConfig |
  */
 export declare function forceTrustCertificate(certPath: string): Promise<boolean>;
 export declare function generateCertificate(options: ProxyOptions): Promise<void>;
-export declare function getSSLConfig(): { key: string, cert: string, ca?: string } | null;
-// needs to accept the options
-export declare function checkExistingCertificates(options?: ProxyOptions): Promise<SSLConfig | null>;
-export declare function httpsConfig(options: ProxyOption | ProxyOptions, verbose?: boolean): TlsConfig;
-/**
- * Clean up SSL certificates for a specific domain
- */
-export declare function cleanupCertificates(domain: string, verbose?: boolean): Promise<void>;
-/**
- * Checks if a certificate is trusted by the system (macOS only for now)
- * If options.regenerateUntrustedCerts is false, always returns true (skips trust check)
- */
-export declare function isCertTrusted(certPath: string, options?: { verbose?: boolean, regenerateUntrustedCerts?: boolean }): Promise<boolean>;

package/dist/process-manager.d.ts

@@ -1,3 +1,4 @@
+import * as process from 'node:process';
 import type { ChildProcess } from 'node:child_process';
 import type { StartOptions } from './types';
 export declare const processManager: ProcessManager;

package/dist/src/index.js

@@ -1 +1 @@
-import{a as t,c as r,d as e,e as f,f as a,g as i,h as s,i as p,j as c,k as x,l as m,m as n,n as g,o as C,p as l,q as P,s as d,t as u,u as v,v as o}from"../chunk-8mnzvjyr.js";import"../chunk-3y886wa5.js";import{A as G,B as I,C as J,D as K,E as N,F as O,G as Q,w as j,x as q,y as z,z as B}from"../chunk-g5db14m7.js";import"../chunk-gbny098p.js";var U=o;export{u as startServer,v as startProxy,o as startProxies,Q as safeDeleteFile,f as removeHosts,P as portManager,i as loadSSLConfig,G as isValidRootCA,N as isSingleProxyOptions,O as isSingleProxyConfig,g as isPortInUse,K as isMultiProxyOptions,J as isMultiProxyConfig,n as isCertTrusted,x as httpsConfig,j as getSudoPassword,I as getPrimaryDomain,p as generateCertificate,s as forceTrustCertificate,C as findAvailablePort,B as extractHostname,q as execSudoSync,r as defaultConfig,U as default,z as debugLog,r as config,t as colors,m as cleanupCertificates,d as cleanup,a as checkHosts,c as checkExistingCertificates,e as addHosts,l as DefaultPortManager};
+import{a as t,c as r,d as e,e as f,f as a,g as i,h as s,i as p,j as c,k as x,l as m,m as n,n as g,o as C,p as l,q as P,s as d,t as u,u as v,v as o}from"../chunk-grcvjvzg.js";import"../chunk-hj5q1vd6.js";import{A as G,B as I,C as J,D as K,E as N,F as O,G as Q,H as R,w as j,x as q,y as z,z as B}from"../chunk-cvt0dqrv.js";import"../chunk-sqn04kae.js";var U=o;export{u as startServer,v as startProxy,o as startProxies,R as safeDeleteFile,Q as resolvePathRewrite,f as removeHosts,P as portManager,i as loadSSLConfig,G as isValidRootCA,N as isSingleProxyOptions,O as isSingleProxyConfig,g as isPortInUse,K as isMultiProxyOptions,J as isMultiProxyConfig,n as isCertTrusted,x as httpsConfig,j as getSudoPassword,I as getPrimaryDomain,p as generateCertificate,s as forceTrustCertificate,C as findAvailablePort,B as extractHostname,q as execSudoSync,r as defaultConfig,U as default,z as debugLog,r as config,t as colors,m as cleanupCertificates,d as cleanup,a as checkHosts,c as checkExistingCertificates,e as addHosts,l as DefaultPortManager};

package/dist/start.d.ts

@@ -1,3 +1,6 @@
+import * as http from 'node:http';
+import * as http2 from 'node:http2';
+import * as https from 'node:https';
 import type { CleanupOptions, ProxyOption, ProxyOptions, ProxySetupOptions, SingleProxyConfig } from './types';
 export declare function cleanup(options?: CleanupOptions): Promise<void>;
 export declare function startServer(options: SingleProxyConfig): Promise<void>;

package/dist/utils.d.ts

@@ -1,4 +1,4 @@
-import type { MultiProxyConfig, ProxyConfigs, ProxyOption, ProxyOptions, SingleProxyConfig } from './types';
+import type { MultiProxyConfig, PathRewrite, ProxyConfigs, ProxyOption, ProxyOptions, SingleProxyConfig } from './types';
 /**
  * Get sudo password from environment variable if set
  */
@@ -27,6 +27,16 @@ export declare function isMultiProxyOptions(options: ProxyOption | ProxyOptions)
  */
 export declare function isSingleProxyOptions(options: ProxyOption | ProxyOptions): options is SingleProxyConfig;
 export declare function isSingleProxyConfig(options: ProxyConfigs | ProxyOptions): options is SingleProxyConfig;
+/**
+ * Resolve a path against a list of `pathRewrites`.
+ *
+ * Returns `null` if no rewrite matches; otherwise returns `{ targetHost, targetPath }`
+ * with the prefix preserved by default (or stripped when `stripPrefix === true`).
+ *
+ * Matching rule: rewrite matches if `pathname` is exactly `from` OR starts with
+ * `from + '/'`. So `/api` matches `/api`, `/api/`, `/api/cart` — but not `/apidocs`.
+ */
+export declare function resolvePathRewrite(pathname: string, rewrites: PathRewrite[] | undefined): { targetHost: string, targetPath: string } | null;
 /**
  * Safely delete a file if it exists
  */

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@stacksjs/rpx",
   "type": "module",
-  "version": "0.11.3",
+  "version": "0.11.5",
   "description": "A modern and smart reverse proxy.",
   "author": "Chris Breuer <chris@stacksjs.org>",
   "license": "MIT",
@@ -31,15 +31,6 @@
       "import": "./dist/src/index.js"
     }
   },
-  "publishConfig": {
-    "exports": {
-      ".": {
-        "types": "./dist/index.d.ts",
-        "bun": "./dist/src/index.js",
-        "import": "./dist/src/index.js"
-      }
-    }
-  },
   "module": "./dist/src/index.js",
   "types": "./dist/index.d.ts",
   "bin": {
@@ -48,7 +39,8 @@
   },
   "files": [
     "README.md",
-    "dist"
+    "dist",
+    "src"
   ],
   "scripts": {
     "build": "bun build.ts && bun run compile",

package/src/colors.ts

@@ -0,0 +1,13 @@
+const c = (open: number, close: number): (str: string) => string => (str: string): string => `\x1B[${open}m${str}\x1B[${close}m`
+
+export const colors: {
+  bold: (str: string) => string
+  dim: (str: string) => string
+  green: (str: string) => string
+  cyan: (str: string) => string
+} = {
+  bold: c(1, 22),
+  dim: c(2, 22),
+  green: c(32, 39),
+  cyan: c(36, 39),
+}

package/src/config.ts

@@ -0,0 +1,45 @@
+import type { ProxyConfig } from './types'
+import { homedir } from 'node:os'
+import { join, resolve } from 'node:path'
+import { loadConfig } from 'bunfig'
+
+export const defaultConfig: ProxyConfig = {
+  from: 'localhost:5173',
+  to: 'stacks.localhost',
+  cleanUrls: false,
+  https: {
+    basePath: '',
+    caCertPath: join(homedir(), '.stacks', 'ssl', `stacks.localhost.ca.crt`),
+    certPath: join(homedir(), '.stacks', 'ssl', `stacks.localhost.crt`),
+    keyPath: join(homedir(), '.stacks', 'ssl', `stacks.localhost.crt.key`),
+  },
+  cleanup: {
+    certs: false,
+    hosts: false,
+  },
+  vitePluginUsage: false,
+  verbose: true,
+  changeOrigin: false,
+  /**
+   * If true, will regenerate and re-trust certs that exist but are not trusted by the system.
+   * If false, will use the existing cert even if not trusted (may result in browser warnings).
+   */
+  regenerateUntrustedCerts: true,
+}
+
+// Lazy-loaded config to avoid top-level await (enables bun --compile)
+let _config: ProxyConfig | null = null
+
+export async function getConfig(): Promise<ProxyConfig> {
+  if (!_config) {
+    _config = await loadConfig({
+  name: 'rpx',
+  cwd: resolve(__dirname, '..'),
+  defaultConfig,
+})
+  }
+  return _config
+}
+
+// For backwards compatibility - synchronous access with default fallback
+export const config: ProxyConfig = defaultConfig

package/src/dns.ts

@@ -0,0 +1,399 @@
+/**
+ * Minimal DNS server for local development
+ * Handles DNS queries for configured domains and responds with localhost IPs
+ */
+import dgram from 'node:dgram'
+import { debugLog } from './utils'
+
+// Use a high port that doesn't require root
+const DNS_PORT = 15353
+
+interface DnsHeader {
+  id: number
+  flags: number
+  qdcount: number
+  ancount: number
+  nscount: number
+  arcount: number
+}
+
+interface DnsQuestion {
+  name: string
+  type: number
+  class: number
+}
+
+/**
+ * Parse DNS header from buffer
+ */
+function parseHeader(buffer: Buffer): DnsHeader {
+  return {
+    id: buffer.readUInt16BE(0),
+    flags: buffer.readUInt16BE(2),
+    qdcount: buffer.readUInt16BE(4),
+    ancount: buffer.readUInt16BE(6),
+    nscount: buffer.readUInt16BE(8),
+    arcount: buffer.readUInt16BE(10),
+  }
+}
+
+/**
+ * Parse domain name from DNS message
+ */
+function parseName(buffer: Buffer, offset: number): { name: string, newOffset: number } {
+  const labels: string[] = []
+  let currentOffset = offset
+
+  while (true) {
+    const length = buffer[currentOffset]
+
+    if (length === 0) {
+      currentOffset++
+      break
+    }
+
+    // Check for pointer (compression)
+    if ((length & 0xC0) === 0xC0) {
+      const pointer = buffer.readUInt16BE(currentOffset) & 0x3FFF
+      const { name } = parseName(buffer, pointer)
+      labels.push(name)
+      currentOffset += 2
+      break
+    }
+
+    currentOffset++
+    labels.push(buffer.subarray(currentOffset, currentOffset + length).toString('ascii'))
+    currentOffset += length
+  }
+
+  return { name: labels.join('.'), newOffset: currentOffset }
+}
+
+/**
+ * Parse DNS question section
+ */
+function parseQuestion(buffer: Buffer, offset: number): { question: DnsQuestion, newOffset: number } {
+  const { name, newOffset } = parseName(buffer, offset)
+  const type = buffer.readUInt16BE(newOffset)
+  const qclass = buffer.readUInt16BE(newOffset + 2)
+
+  return {
+    question: { name, type, class: qclass },
+    newOffset: newOffset + 4,
+  }
+}
+
+/**
+ * Encode domain name for DNS response
+ */
+function encodeName(name: string): Buffer {
+  const labels = name.split('.')
+  const parts: Buffer[] = []
+
+  for (const label of labels) {
+    parts.push(Buffer.from([label.length]))
+    parts.push(Buffer.from(label, 'ascii'))
+  }
+  parts.push(Buffer.from([0])) // Null terminator
+
+  return Buffer.concat(parts)
+}
+
+/**
+ * Build DNS response
+ */
+function buildResponse(
+  queryId: number,
+  question: DnsQuestion,
+  ip: string,
+): Buffer {
+  const parts: Buffer[] = []
+
+  // Header
+  const header = Buffer.alloc(12)
+  header.writeUInt16BE(queryId, 0) // ID
+  header.writeUInt16BE(0x8180, 2) // Flags: Response, Authoritative, No error
+  header.writeUInt16BE(1, 4) // Questions: 1
+  header.writeUInt16BE(1, 6) // Answers: 1
+  header.writeUInt16BE(0, 8) // Authority: 0
+  header.writeUInt16BE(0, 10) // Additional: 0
+  parts.push(header)
+
+  // Question section (echo back)
+  parts.push(encodeName(question.name))
+  const qtype = Buffer.alloc(4)
+  qtype.writeUInt16BE(question.type, 0)
+  qtype.writeUInt16BE(question.class, 2)
+  parts.push(qtype)
+
+  // Answer section
+  parts.push(encodeName(question.name))
+
+  const answer = Buffer.alloc(10)
+  answer.writeUInt16BE(question.type, 0) // Type
+  answer.writeUInt16BE(1, 2) // Class: IN
+  answer.writeUInt32BE(300, 4) // TTL: 5 minutes
+
+  if (question.type === 1) {
+    // A record (IPv4)
+    answer.writeUInt16BE(4, 8) // Data length
+    parts.push(answer)
+    const ipParts = ip.split('.').map(p => Number.parseInt(p, 10))
+    parts.push(Buffer.from(ipParts))
+  }
+  else if (question.type === 28) {
+    // AAAA record (IPv6)
+    answer.writeUInt16BE(16, 8) // Data length
+    parts.push(answer)
+    // ::1 as bytes
+    parts.push(Buffer.from([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1]))
+  }
+  else {
+    // Unsupported type - return NXDOMAIN
+    header.writeUInt16BE(0x8183, 2) // Flags with NXDOMAIN
+    header.writeUInt16BE(0, 6) // No answers
+    return Buffer.concat([header, encodeName(question.name), qtype])
+  }
+
+  return Buffer.concat(parts)
+}
+
+/**
+ * Build NXDOMAIN response for unknown domains
+ */
+function buildNxdomainResponse(queryId: number, question: DnsQuestion): Buffer {
+  const parts: Buffer[] = []
+
+  // Header with NXDOMAIN
+  const header = Buffer.alloc(12)
+  header.writeUInt16BE(queryId, 0) // ID
+  header.writeUInt16BE(0x8183, 2) // Flags: Response, Authoritative, NXDOMAIN
+  header.writeUInt16BE(1, 4) // Questions: 1
+  header.writeUInt16BE(0, 6) // Answers: 0
+  header.writeUInt16BE(0, 8) // Authority: 0
+  header.writeUInt16BE(0, 10) // Additional: 0
+  parts.push(header)
+
+  // Question section (echo back)
+  parts.push(encodeName(question.name))
+  const qtype = Buffer.alloc(4)
+  qtype.writeUInt16BE(question.type, 0)
+  qtype.writeUInt16BE(question.class, 2)
+  parts.push(qtype)
+
+  return Buffer.concat(parts)
+}
+
+let dnsServer: dgram.Socket | null = null
+let configuredDomains: Set<string> = new Set()
+
+/**
+ * Start the DNS server
+ */
+export async function startDnsServer(domains: string[], verbose?: boolean): Promise<boolean> {
+  if (dnsServer) {
+    debugLog('dns', 'DNS server already running', verbose)
+    return true
+  }
+
+  configuredDomains = new Set(domains.map(d => d.toLowerCase()))
+
+  return new Promise((resolve) => {
+    dnsServer = dgram.createSocket('udp4')
+
+    dnsServer.on('error', (err) => {
+      debugLog('dns', `DNS server error: ${err.message}`, verbose)
+      if (err.message.includes('EACCES') || err.message.includes('permission')) {
+        debugLog('dns', 'DNS server requires root privileges to bind to port 53', verbose)
+      }
+      dnsServer?.close()
+      dnsServer = null
+      resolve(false)
+    })
+
+    dnsServer.on('message', (msg, rinfo) => {
+      try {
+        const header = parseHeader(msg)
+        const { question } = parseQuestion(msg, 12)
+
+        debugLog('dns', `Query for ${question.name} type ${question.type} from ${rinfo.address}`, verbose)
+
+        // Check if this domain should be handled
+        const domainLower = question.name.toLowerCase()
+        let shouldHandle = false
+
+        for (const configured of configuredDomains) {
+          if (domainLower === configured || domainLower.endsWith(`.${configured}`)) {
+            shouldHandle = true
+            break
+          }
+        }
+
+        // Note: Only configured domains are handled, no hardcoded TLDs
+
+        let response: Buffer
+        if (shouldHandle && (question.type === 1 || question.type === 28)) {
+          response = buildResponse(header.id, question, '127.0.0.1')
+          debugLog('dns', `Responding with localhost for ${question.name}`, verbose)
+        }
+        else {
+          response = buildNxdomainResponse(header.id, question)
+          debugLog('dns', `NXDOMAIN for ${question.name}`, verbose)
+        }
+
+        dnsServer?.send(response, rinfo.port, rinfo.address)
+      }
+      catch (err) {
+        debugLog('dns', `Error processing DNS query: ${err}`, verbose)
+      }
+    })
+
+    dnsServer.on('listening', () => {
+      const address = dnsServer?.address()
+      debugLog('dns', `DNS server listening on ${address?.address}:${address?.port}`, verbose)
+      resolve(true)
+    })
+
+    // Try to bind to port 53 with sudo
+    try {
+      dnsServer.bind(DNS_PORT, '127.0.0.1')
+    }
+    catch (err) {
+      debugLog('dns', `Failed to bind DNS server: ${err}`, verbose)
+      resolve(false)
+    }
+  })
+}
+
+/**
+ * Stop the DNS server
+ */
+export function stopDnsServer(verbose?: boolean): void {
+  if (dnsServer) {
+    debugLog('dns', 'Stopping DNS server', verbose)
+    dnsServer.close()
+    dnsServer = null
+  }
+}
+
+/**
+ * Check if DNS server is running
+ */
+export function isDnsServerRunning(): boolean {
+  return dnsServer !== null
+}
+
+/**
+ * Extract unique TLDs from domain list
+ */
+function extractTLDs(domains: string[]): string[] {
+  const tlds = new Set<string>()
+  for (const domain of domains) {
+    const parts = domain.split('.')
+    if (parts.length >= 2) {
+      tlds.add(parts[parts.length - 1])
+    }
+  }
+  return Array.from(tlds)
+}
+
+// Track which TLDs we've created resolvers for
+const createdResolvers = new Set<string>()
+
+/**
+ * Flush macOS DNS cache to ensure resolver changes take effect
+ */
+async function flushDnsCache(verbose?: boolean): Promise<void> {
+  if (process.platform !== 'darwin') {
+    return
+  }
+
+  const { execSudoSync, getSudoPassword } = await import('./utils')
+  const sudoPassword = getSudoPassword()
+
+  if (!sudoPassword) {
+    debugLog('dns', 'Cannot flush DNS cache without SUDO_PASSWORD', verbose)
+    return
+  }
+
+  try {
+    // Flush DNS cache and restart mDNSResponder
+    execSudoSync('dscacheutil -flushcache')
+    execSudoSync('killall -HUP mDNSResponder 2>/dev/null || true')
+    debugLog('dns', 'DNS cache flushed', verbose)
+  }
+  catch (err) {
+    // Non-fatal - DNS cache flush failure shouldn't block startup
+    debugLog('dns', `Could not flush DNS cache: ${err}`, verbose)
+  }
+}
+
+/**
+ * Set up the macOS resolver for configured domains
+ * Creates /etc/resolver/<tld> files pointing to our local DNS server
+ */
+export async function setupResolver(verbose?: boolean, domains?: string[]): Promise<boolean> {
+  if (process.platform !== 'darwin') {
+    debugLog('dns', 'Resolver setup only needed on macOS', verbose)
+    return true
+  }
+
+  const { execSudoSync, getSudoPassword } = await import('./utils')
+  const sudoPassword = getSudoPassword()
+
+  if (!sudoPassword) {
+    debugLog('dns', 'SUDO_PASSWORD not set, cannot create resolver files', verbose)
+    return false
+  }
+
+  // Get TLDs from configured domains
+  const tlds = domains ? extractTLDs(domains) : ['test']
+
+  try {
+    for (const tld of tlds) {
+      if (createdResolvers.has(tld)) {
+        continue
+      }
+
+      // Use bash -c to properly handle the echo with newlines
+      const cmd = `bash -c 'mkdir -p /etc/resolver && echo -e "nameserver 127.0.0.1\\nport ${DNS_PORT}" > /etc/resolver/${tld}'`
+      execSudoSync(cmd)
+      createdResolvers.add(tld)
+      debugLog('dns', `Created /etc/resolver/${tld} for .${tld} TLD`, verbose)
+    }
+
+    // Flush DNS cache to ensure new resolver files take effect immediately
+    await flushDnsCache(verbose)
+
+    return true
+  }
+  catch (err) {
+    debugLog('dns', `Failed to create resolver file: ${err}`, verbose)
+    return false
+  }
+}
+
+/**
+ * Remove the macOS resolver files we created
+ */
+export async function removeResolver(verbose?: boolean): Promise<void> {
+  if (process.platform !== 'darwin') {
+    return
+  }
+
+  const { execSudoSync, getSudoPassword } = await import('./utils')
+
+  try {
+    const sudoPassword = getSudoPassword()
+    if (sudoPassword) {
+      for (const tld of createdResolvers) {
+        execSudoSync(`rm -f /etc/resolver/${tld}`)
+        debugLog('dns', `Removed /etc/resolver/${tld}`, verbose)
+      }
+      createdResolvers.clear()
+    }
+  }
+  catch (err) {
+    debugLog('dns', `Failed to remove resolver files: ${err}`, verbose)
+  }
+}