@undefineds.co/xpod 0.3.50 → 0.3.52

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/runtime/Proxy.d.ts +4 -0
  2. package/dist/runtime/Proxy.js +58 -8
  3. package/dist/runtime/Proxy.js.map +1 -1
  4. package/package.json +1 -1
package/dist/runtime/Proxy.d.ts CHANGED
@@ -20,6 +20,10 @@ export declare class GatewayProxy {
20
20
  stop(): Promise<void>;
21
21
  private handleRequest;
22
22
  private shouldRouteToApi;
23
+ private isApiHost;
24
+ private hostFromUrl;
25
+ private normalizeHost;
26
+ private firstHeaderValue;
23
27
  private shouldInspectRootMutation;
24
28
  private shouldRejectRootResourceMutation;
25
29
  private writeRootMutationForbidden;
package/dist/runtime/Proxy.js CHANGED
@@ -100,15 +100,26 @@ class GatewayProxy {
100
100
  handleRequest(req, res) {
101
101
  const url = req.url ?? '/';
102
102
  const origin = req.headers.origin;
103
- // Store original host for x-forwarded-host before any rewrites
104
- const originalHost = req.headers.host;
103
+ // Store public host for routing before any CSS canonical-host rewrites.
104
+ // External gateways pass the original domain through X-Forwarded-Host;
105
+ // direct/local requests use Host.
106
+ const originalHost = this.firstHeaderValue(req.headers['x-forwarded-host']) ?? req.headers.host;
107
+ const apiHost = this.isApiHost(originalHost);
105
108
  // Set x-forwarded-proto based on CSS_BASE_URL
106
109
  const baseUrl = this.baseUrl ?? process.env.CSS_BASE_URL ?? '';
107
110
  if (baseUrl.startsWith('https')) {
108
111
  req.headers['x-forwarded-proto'] = 'https';
109
112
  }
110
- // Rewrite Host header to match CSS_BASE_URL for proper routing
111
- if (baseUrl) {
113
+ // API subdomains are the public API boundary. Preserve the API host for API
114
+ // handlers (for example Matrix discovery) instead of rewriting it to the
115
+ // canonical CSS/WebID host.
116
+ if (apiHost) {
117
+ if (originalHost) {
118
+ req.headers.host = originalHost;
119
+ req.headers['x-forwarded-host'] = originalHost;
120
+ }
121
+ }
122
+ else if (baseUrl) {
112
123
  try {
113
124
  const parsedBaseUrl = new URL(baseUrl);
114
125
  req.headers.host = parsedBaseUrl.host;
@@ -136,13 +147,16 @@ class GatewayProxy {
136
147
  void this.handleInternalApi(req, res);
137
148
  return;
138
149
  }
139
- // 2. API Server Routing (/v1 or /api)
150
+ // 2. API Server Routing.
151
+ // Public API is selected by host (`api.<domain>`), not by adding an `/api`
152
+ // path prefix to the IdP/Pod host. Path-based routing remains for local/dev
153
+ // single-origin clients and existing legacy endpoints.
140
154
  // 2a. Dashboard UI is served by API server under /dashboard/*
141
155
  if ((url === '/dashboard' || url.startsWith('/dashboard/')) && this.targets.api) {
142
156
  this.proxy.web(req, res, { target: this.toProxyTarget(this.targets.api) });
143
157
  return;
144
158
  }
145
- if (this.shouldRouteToApi(url) && this.targets.api) {
159
+ if ((apiHost || this.shouldRouteToApi(url)) && this.targets.api) {
146
160
  this.proxy.web(req, res, { target: this.toProxyTarget(this.targets.api) });
147
161
  return;
148
162
  }
@@ -171,6 +185,39 @@ class GatewayProxy {
171
185
  || url === '/.well-known/matrix/client'
172
186
  || url.startsWith('/_matrix/');
173
187
  }
188
+ isApiHost(hostHeader) {
189
+ const host = this.normalizeHost(hostHeader);
190
+ if (!host) {
191
+ return false;
192
+ }
193
+ if (host.startsWith('api.')) {
194
+ return true;
195
+ }
196
+ const configuredHost = this.hostFromUrl(process.env.XPOD_CLOUD_API_ENDPOINT)
197
+ ?? this.hostFromUrl(process.env.XPOD_PUBLIC_API_URL);
198
+ return Boolean(configuredHost && host === configuredHost);
199
+ }
200
+ hostFromUrl(value) {
201
+ if (!value) {
202
+ return undefined;
203
+ }
204
+ try {
205
+ return new URL(value).hostname.toLowerCase();
206
+ }
207
+ catch {
208
+ return undefined;
209
+ }
210
+ }
211
+ normalizeHost(hostHeader) {
212
+ const host = this.firstHeaderValue(hostHeader)?.split(',')[0]?.trim();
213
+ if (!host) {
214
+ return undefined;
215
+ }
216
+ return host.replace(/:\d+$/, '').toLowerCase();
217
+ }
218
+ firstHeaderValue(value) {
219
+ return Array.isArray(value) ? value[0] : value;
220
+ }
174
221
  shouldInspectRootMutation(req) {
175
222
  const method = (req.method ?? 'GET').toUpperCase();
176
223
  if (!['POST', 'PUT', 'PATCH', 'DELETE'].includes(method)) {
@@ -243,8 +290,11 @@ class GatewayProxy {
243
290
  delete headers['transfer-encoding'];
244
291
  return;
245
292
  }
246
- if (hasTransferEncoding && headers['content-length'] !== undefined) {
247
- delete headers['content-length'];
293
+ if (hasTransferEncoding) {
294
+ delete headers['transfer-encoding'];
295
+ if (headers['content-length'] !== undefined) {
296
+ delete headers['content-length'];
297
+ }
248
298
  }
249
299
  }
250
300
  handleCorsPreflightRequest(res, origin) {
package/dist/runtime/Proxy.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"Proxy.js","sourceRoot":"","sources":["../../src/runtime/Proxy.ts"],"names":[],"mappings":";;;;;;AAAA,4DAAmC;AACnC,gDAAwB;AACxB,iEAAqD;AAErD,iEAA8D;AAa9D,uDAAuD;AACvD,MAAM,WAAW,GAAG;IAClB,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAC;IACrE,WAAW,EAAE,IAAI;IACjB,cAAc,EAAE;QACd,eAAe,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ;QAC3D,kBAAkB,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,EAAE,MAAM;KAChE;IACD,cAAc,EAAE;QACd,cAAc,EAAE,aAAa,EAAE,YAAY,EAAE,OAAO,EAAE,eAAe;QACrE,MAAM,EAAE,eAAe,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa;QAC1D,WAAW,EAAE,kBAAkB,EAAE,cAAc;KAChD;CACF,CAAC;AAEF,MAAa,YAAY;IAWvB,YACE,IAAwB,EAChB,UAAsB,EAC9B,QAAQ,GAAG,SAAS,EACpB,UAA+B,EAAE;QAFzB,eAAU,GAAV,UAAU,CAAY;QAZf,WAAM,GAAG,IAAA,oCAAY,EAAC,IAAI,CAAC,CAAC;QAGrC,YAAO,GAA2D,EAAE,CAAC;QAa3E,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,iCAAe,CAAC;QAC1D,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,IAAI,CAAC,WAAW,CAAC,oBAAoB,CAAC;YACpF,IAAI;YACJ,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE,OAAO,CAAC,UAAU;SAC/B,CAAC,CAAC;QACH,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,KAAK,CAAC;QAC9C,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;QAC/C,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAC/B,IAAI,CAAC,KAAK,GAAG,oBAAS,CAAC,iBAAiB,CAAC;YACvC,IAAI,EAAE,IAAI;SACX,CAAC,CAAC;QAEH,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE;YACxC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;YACvC,IAAI,GAAG,IAAI,WAAW,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;gBAClD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,qBAAqB,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;YAClF,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;YAC/C,IAAI,CAAC,4BAA4B,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;YACjD,MAAM,kBAAkB,GAAG,GAAyB,CAAC;YACrD,MAAM,QAAQ,GAAG,GAA0B,CAAC;YAC5C,IAAI,CAAC,kBAAkB,CAAC,yBAAyB,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,WAAW,EAAE,CAAC;gBACvF,OAAO;YACT,CAAC;YAED,MAAM,MAAM,GAAa,EAAE,CAAC;YAC5B,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE;gBAC5B,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;YACnE,CAAC,CAAC,CAAC;YACH,QAAQ,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;gBACtB,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;gBAC3C,MAAM,SAAS,GAAG,IAAI,CAAC,kCAAkC,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;gBAClF,QAAQ,CAAC,SAAS,CAAC,SAAS,CAAC,UAAU,EAAE,SAAS,CAAC,OAAO,CAAC,CAAC;gBAC5D,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YAC/B,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,GAAG,cAAI,CAAC,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QAE/D,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE;YAC9C,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC;YAE3B,kDAAkD;YAClD,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;gBAC/C,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAQ,EAAE,CAAC,CAAC;YAC5F,CAAC;iBAAM,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;gBAC5B,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAQ,EAAE,CAAC,CAAC;YAC5F,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAEM,UAAU,CAAC,OAAiF;QACjG,IAAI,CAAC,OAAO,GAAG;YACb,GAAG,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC;YACtC,GAAG,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC;SACvC,CAAC;IACJ,CAAC;IAEM,KAAK,CAAC,KAAK;QAChB,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,cAAc,CAAC,CAAC;QAChE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gBAAgB,IAAI,CAAC,WAAW,CAAC,oBAAoB,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC,CAAC;IACjG,CAAC;IAEM,IAAI;QACT,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;YACnB,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE;gBACjE,OAAO,EAAE,CAAC;YACZ,CAAC,EAAE,MAAM,CAAC,CAAC;QACb,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,aAAa,CAAC,GAAyB,EAAE,GAAwB;QACvE,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC;QAC3B,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC;QAElC,+DAA+D;QAC/D,MAAM,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC;QAEtC,8CAA8C;QAC9C,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC;QAC/D,IAAI,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAChC,GAAG,CAAC,OAAO,CAAC,mBAAmB,CAAC,GAAG,OAAO,CAAC;QAC7C,CAAC;QAED,+DAA+D;QAC/D,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,CAAC;gBACH,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;gBACvC,GAAG,CAAC,OAAO,CAAC,IAAI,GAAG,aAAa,CAAC,IAAI,CAAC;gBACtC,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAC,GAAG,aAAa,CAAC,IAAI,CAAC;YACvD,CAAC;YAAC,MAAM,CAAC;gBACP,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAC,EAAE,CAAC;oBACrC,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAC,GAAG,YAAY,CAAC;gBACjD,CAAC;YACH,CAAC;QACH,CAAC;aAAM,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAC,EAAE,CAAC;YAC5C,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAC,GAAG,YAAY,CAAC;QACjD,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,GAAG,GAAG,CAAC,MAAM,IAAI,GAAG,sBAAsB,GAAG,CAAC,OAAO,CAAC,mBAAmB,CAAC,qBAAqB,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAC,SAAS,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAC1J,CAAC;QAEF,gCAAgC;QAChC,IAAI,GAAG,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YAChC,IAAI,GAAG,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;gBAC7B,IAAI,CAAC,0BAA0B,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;gBAC7C,OAAO;YACT,CAAC;YACD,IAAI,MAAM,EAAE,CAAC;gBACX,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YACnC,CAAC;YACD,KAAK,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YACtC,OAAO;QACT,CAAC;QAED,sCAAsC;QAEtC,8DAA8D;QAC9D,IAAI,CAAC,GAAG,KAAK,YAAY,IAAI,GAAG,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;YAChF,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAQ,EAAE,CAAC,CAAC;YAClF,OAAO;QACT,CAAC;QAED,IAAI,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;YACnD,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAQ,EAAE,CAAC,CAAC;YAClF,OAAO;QACT,CAAC;QAED,2BAA2B;QAC3B,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;YACrB,IAAI,IAAI,CAAC,gCAAgC,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC/C,IAAI,CAAC,0BAA0B,CAAC,GAAG,CAAC,CAAC;gBACrC,OAAO;YACT,CAAC;YAED,MAAM,kBAAkB,GAAG,GAAyB,CAAC;YACrD,kBAAkB,CAAC,yBAAyB,GAAG,IAAI,CAAC,yBAAyB,CAAC,GAAG,CAAC,CAAC;YACnF,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE;gBACvB,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAQ;gBACnD,GAAG,CAAC,kBAAkB,CAAC,yBAAyB,CAAC,CAAC,CAAC,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAC/E,CAAC,CAAC;QACZ,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACnB,GAAG,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IAEO,gBAAgB,CAAC,GAAW;QAClC,OAAO,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC;eACxB,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC;eACvB,GAAG,CAAC,UAAU,CAAC,aAAa,CAAC;eAC7B,GAAG,KAAK,4BAA4B;eACpC,GAAG,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;IACnC,CAAC;IAEO,yBAAyB,CAAC,GAAyB;QACzD,MAAM,MAAM,GAAG,CAAC,GAAG,CAAC,MAAM,IAAI,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;QACnD,IAAI,CAAC,CAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC3D,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC;QACtE,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACrD,OAAO,QAAQ,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAC/D,CAAC;IAEO,gCAAgC,CAAC,GAAyB;QAChE,MAAM,MAAM,GAAG,CAAC,GAAG,CAAC,MAAM,IAAI,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;QACnD,IAAI,CAAC,CAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC3D,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC;QACtE,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACrD,OAAO,QAAQ,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAC1F,CAAC;IAEO,0BAA0B,CAAC,GAAwB;QACzD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,+BAA+B,EAAE,CAAC,CAAC,CAAC;QACjF,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE;YACjB,cAAc,EAAE,kBAAkB;YAClC,gBAAgB,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;SAC1C,CAAC,CAAC;QACH,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAChB,CAAC;IAEO,kCAAkC,CACxC,QAA8B,EAC9B,IAAY;QAEZ,MAAM,OAAO,GAA6B,EAAE,GAAG,QAAQ,CAAC,OAAO,EAAE,CAAC;QAClE,MAAM,UAAU,GAAG,QAAQ,CAAC,UAAU,IAAI,GAAG,CAAC;QAC9C,MAAM,WAAW,GAAG,OAAO,QAAQ,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,QAAQ;YACtE,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,cAAc,CAAC;YAClC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;gBAC/C,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE;gBAC3C,CAAC,CAAC,EAAE,CAAC;QACT,MAAM,QAAQ,GAAG,WAAW,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAEvF,IACE,UAAU,KAAK,GAAG;YAClB,QAAQ,CAAC,QAAQ,CAAC,6BAA6B,CAAC;YAChD,QAAQ,CAAC,QAAQ,CAAC,gCAAgC,CAAC,EACnD,CAAC;YACD,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,+BAA+B,EAAE,CAAC,CAAC,CAAC;YAC3F,OAAO,OAAO,CAAC,gBAAgB,CAAC,CAAC;YACjC,OAAO,OAAO,CAAC,mBAAmB,CAAC,CAAC;YACpC,OAAO,CAAC,cAAc,CAAC,GAAG,kBAAkB,CAAC;YAC7C,OAAO,CAAC,gBAAgB,CAAC,GAAG,MAAM,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;YAC9D,OAAO,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,CAAC;QAC5D,CAAC;QAED,OAAO,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACpC,OAAO,CAAC,gBAAgB,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACpD,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IACvC,CAAC;IAEO,+BAA+B;QACrC,OAAO;YACL,IAAI,EAAE,oBAAoB;YAC1B,OAAO,EAAE,sCAAsC;YAC/C,UAAU,EAAE,GAAG;YACf,SAAS,EAAE,MAAM;YACjB,OAAO,EAAE,EAAE,KAAK,EAAE,sBAAsB,EAAE;SAC3C,CAAC;IACJ,CAAC;IAEO,4BAA4B,CAAC,GAAyB,EAAE,QAA8B;QAC5F,MAAM,MAAM,GAAG,CAAC,GAAG,CAAC,MAAM,IAAI,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;QACnD,MAAM,UAAU,GAAG,QAAQ,CAAC,UAAU,IAAI,GAAG,CAAC;QAC9C,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAwD,CAAC;QAClF,MAAM,gBAAgB,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACtD,MAAM,mBAAmB,GAAG,KAAK,CAAC,OAAO,CAAC,gBAAgB,CAAC;YACzD,CAAC,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;YAC3E,CAAC,CAAC,OAAO,gBAAgB,KAAK,QAAQ;gBACpC,CAAC,CAAC,gBAAgB,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC;gBACpD,CAAC,CAAC,KAAK,CAAC;QAEZ,IAAI,MAAM,KAAK,MAAM,IAAI,UAAU,KAAK,GAAG,IAAI,UAAU,KAAK,GAAG,IAAI,CAAC,UAAU,IAAI,GAAG,IAAI,UAAU,GAAG,GAAG,CAAC,EAAE,CAAC;YAC7G,OAAO,OAAO,CAAC,mBAAmB,CAAC,CAAC;YACpC,OAAO;QACT,CAAC;QAED,IAAI,mBAAmB,IAAI,OAAO,CAAC,gBAAgB,CAAC,KAAK,SAAS,EAAE,CAAC;YACnE,OAAO,OAAO,CAAC,gBAAgB,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;IAEO,0BAA0B,CAChC,GAAwB,EACxB,MAA0B;QAE1B,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QACjC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACnB,GAAG,CAAC,GAAG,EAAE,CAAC;IACZ,CAAC;IAED;;OAEG;IACK,cAAc,CAAC,GAAwB,EAAE,MAA0B;QACzE,GAAG,CAAC,SAAS,CAAC,6BAA6B,EAAE,MAAM,IAAI,GAAG,CAAC,CAAC;QAC5D,GAAG,CAAC,SAAS,CAAC,kCAAkC,EAAE,MAAM,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC,CAAC;QACnF,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QAC9E,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,WAAW,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QACrF,GAAG,CAAC,SAAS,CAAC,+BAA+B,EAAE,WAAW,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IACxF,CAAC;IAEO,KAAK,CAAC,iBAAiB,CAAC,GAAyB,EAAE,GAAwB;QACjF,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC;YAC9B,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAC;YACnD,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;YAEjC,IAAI,QAAQ,KAAK,iBAAiB,EAAE,CAAC;gBACnC,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC;gBAC9C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;gBACzC,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;gBAClC,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC5D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;gBAChC,OAAO;YACT,CAAC;YAED,IAAI,QAAQ,KAAK,eAAe,EAAE,CAAC;gBACjC,MAAM,KAAK,GAAG,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC;gBAC5D,MAAM,MAAM,GAAG,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC;gBAC9D,MAAM,UAAU,GAAG,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;gBACpD,MAAM,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;gBAEhE,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC;oBACnC,KAAK;oBACL,MAAM;oBACN,KAAK,EAAE,MAAM,CAAC,QAAQ,CAAC,KAAe,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;iBAC5D,CAAC,CAAC;gBAEH,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;gBAC9B,OAAO;YACT,CAAC;YAED,IAAI,QAAQ,KAAK,eAAe,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC1D,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;gBACtC,YAAY,CAAC,GAAG,EAAE;oBAChB,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC;oBAC3E,KAAK,QAAQ,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE;wBACxB,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;4BACpB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;wBAClB,CAAC;oBACH,CAAC,CAAC,CAAC;gBACL,CAAC,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACnB,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QACvB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,mCAAmC,EAAE,KAAK,CAAC,CAAC;YAC9D,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;gBACrB,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC7D,CAAC;YACD,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,UAAU;QACtB,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;YACtB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,IAAI,CAAC,WAAW,CAAC,uBAAuB,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAC3E,CAAC;IAEO,eAAe,CAAC,MAAoC;QAC1D,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC/B,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC;QACzB,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,aAAa,CAAC,MAA0B;QAC9C,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YACtB,OAAO;gBACL,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,QAAQ,EAAE,OAAO;aAClB,CAAC;QACJ,CAAC;QACD,OAAO,MAAM,CAAC,GAAI,CAAC;IACrB,CAAC;CACF;AAzXD,oCAyXC","sourcesContent":["import httpProxy from 'http-proxy';\nimport http from 'http';\nimport { getLoggerFor } from 'global-logger-factory';\nimport type { Supervisor } from '../supervisor/Supervisor';\nimport { nodeRuntimeHost } from './host/node/NodeRuntimeHost';\nimport type { RuntimeHost, RuntimeListenEndpoint } from './host/types';\n\ntype InterceptedRequest = http.IncomingMessage & { __xpodInspectRootMutation?: boolean };\n\ninterface RootMutationForbiddenBody {\n name: 'ForbiddenHttpError';\n message: string;\n statusCode: 403;\n errorCode: 'H403';\n details: { cause: 'root-container-write' };\n}\n\n// CORS configuration matching CSS CorsHandler defaults\nconst CORS_CONFIG = {\n methods: ['GET', 'HEAD', 'OPTIONS', 'POST', 'PUT', 'PATCH', 'DELETE'],\n credentials: true,\n allowedHeaders: [\n 'Authorization', 'Content-Type', 'Accept', 'DPoP', 'Origin',\n 'X-Requested-With', 'If-Match', 'If-None-Match', 'Slug', 'Link',\n ],\n exposedHeaders: [\n 'Accept-Patch', 'Accept-Post', 'Accept-Put', 'Allow', 'Content-Range',\n 'ETag', 'Last-Modified', 'Link', 'Location', 'Updates-Via',\n 'WAC-Allow', 'Www-Authenticate', 'X-Request-Id',\n ],\n};\n\nexport class GatewayProxy {\n private readonly logger = getLoggerFor(this);\n private proxy: httpProxy;\n private server: http.Server;\n private targets: { css?: GatewayProxyTarget; api?: GatewayProxyTarget } = {};\n private readonly runtimeHost: RuntimeHost;\n private readonly listenEndpoint: RuntimeListenEndpoint;\n private readonly exitOnStop: boolean;\n private readonly shutdownHandler?: () => Promise<void>;\n private readonly baseUrl?: string;\n\n constructor(\n port: number | undefined,\n private supervisor: Supervisor,\n bindHost = '0.0.0.0',\n options: GatewayProxyOptions = {},\n ) {\n this.runtimeHost = options.runtimeHost ?? nodeRuntimeHost;\n this.listenEndpoint = options.listenEndpoint ?? this.runtimeHost.createListenEndpoint({\n port,\n host: bindHost,\n socketPath: options.socketPath,\n });\n this.exitOnStop = options.exitOnStop ?? false;\n this.shutdownHandler = options.shutdownHandler;\n this.baseUrl = options.baseUrl;\n this.proxy = httpProxy.createProxyServer({\n xfwd: true,\n });\n\n this.proxy.on('error', (err, _req, res) => {\n this.logger.error('Proxy error:', err);\n if (res && 'writeHead' in res && !res.headersSent) {\n res.writeHead(502, { 'Content-Type': 'application/json' });\n res.end(JSON.stringify({ error: 'Service Unavailable', details: err.message }));\n }\n });\n\n this.proxy.on('proxyRes', (proxyRes, req, res) => {\n this.sanitizeProxyResponseHeaders(req, proxyRes);\n const interceptedRequest = req as InterceptedRequest;\n const outgoing = res as http.ServerResponse;\n if (!interceptedRequest.__xpodInspectRootMutation || !outgoing || outgoing.headersSent) {\n return;\n }\n\n const chunks: Buffer[] = [];\n proxyRes.on('data', (chunk) => {\n chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));\n });\n proxyRes.on('end', () => {\n const originalBody = Buffer.concat(chunks);\n const rewritten = this.normalizeRootMutationProxyResponse(proxyRes, originalBody);\n outgoing.writeHead(rewritten.statusCode, rewritten.headers);\n outgoing.end(rewritten.body);\n });\n });\n\n this.server = http.createServer(this.handleRequest.bind(this));\n\n this.server.on('upgrade', (req, socket, head) => {\n const url = req.url ?? '/';\n\n // Route /ws/* WebSocket connections to API server\n if (url.startsWith('/ws/') && this.targets.api) {\n this.proxy.ws(req, socket, head, { target: this.toProxyTarget(this.targets.api) as any });\n } else if (this.targets.css) {\n this.proxy.ws(req, socket, head, { target: this.toProxyTarget(this.targets.css) as any });\n } else {\n socket.destroy();\n }\n });\n }\n\n public setTargets(targets: { css?: string | GatewayProxyTarget; api?: string | GatewayProxyTarget }): void {\n this.targets = {\n css: this.normalizeTarget(targets.css),\n api: this.normalizeTarget(targets.api),\n };\n }\n\n public async start(): Promise<void> {\n await this.runtimeHost.listen(this.server, this.listenEndpoint);\n this.logger.info(`Listening on ${this.runtimeHost.formatListenEndpoint(this.listenEndpoint)}`);\n }\n\n public stop(): Promise<void> {\n return new Promise((resolve, reject) => {\n this.proxy.close();\n this.runtimeHost.close(this.server, this.listenEndpoint).then(() => {\n resolve();\n }, reject);\n });\n }\n\n private handleRequest(req: http.IncomingMessage, res: http.ServerResponse): void {\n const url = req.url ?? '/';\n const origin = req.headers.origin;\n\n // Store original host for x-forwarded-host before any rewrites\n const originalHost = req.headers.host;\n\n // Set x-forwarded-proto based on CSS_BASE_URL\n const baseUrl = this.baseUrl ?? process.env.CSS_BASE_URL ?? '';\n if (baseUrl.startsWith('https')) {\n req.headers['x-forwarded-proto'] = 'https';\n }\n\n // Rewrite Host header to match CSS_BASE_URL for proper routing\n if (baseUrl) {\n try {\n const parsedBaseUrl = new URL(baseUrl);\n req.headers.host = parsedBaseUrl.host;\n req.headers['x-forwarded-host'] = parsedBaseUrl.host;\n } catch {\n if (!req.headers['x-forwarded-host']) {\n req.headers['x-forwarded-host'] = originalHost;\n }\n }\n } else if (!req.headers['x-forwarded-host']) {\n req.headers['x-forwarded-host'] = originalHost;\n }\n\n this.logger.debug(\n `${req.method} ${url} x-forwarded-proto=${req.headers['x-forwarded-proto']} x-forwarded-host=${req.headers['x-forwarded-host']} host=${req.headers.host}`,\n );\n\n // 1. Internal service endpoints\n if (url.startsWith('/service/')) {\n if (req.method === 'OPTIONS') {\n this.handleCorsPreflightRequest(res, origin);\n return;\n }\n if (origin) {\n this.addCorsHeaders(res, origin);\n }\n void this.handleInternalApi(req, res);\n return;\n }\n\n // 2. API Server Routing (/v1 or /api)\n\n // 2a. Dashboard UI is served by API server under /dashboard/*\n if ((url === '/dashboard' || url.startsWith('/dashboard/')) && this.targets.api) {\n this.proxy.web(req, res, { target: this.toProxyTarget(this.targets.api) as any });\n return;\n }\n\n if (this.shouldRouteToApi(url) && this.targets.api) {\n this.proxy.web(req, res, { target: this.toProxyTarget(this.targets.api) as any });\n return;\n }\n\n // 3. CSS Routing (Default)\n if (this.targets.css) {\n if (this.shouldRejectRootResourceMutation(req)) {\n this.writeRootMutationForbidden(res);\n return;\n }\n\n const interceptedRequest = req as InterceptedRequest;\n interceptedRequest.__xpodInspectRootMutation = this.shouldInspectRootMutation(req);\n this.proxy.web(req, res, {\n target: this.toProxyTarget(this.targets.css) as any,\n ...(interceptedRequest.__xpodInspectRootMutation ? { selfHandleResponse: true } : {}),\n } as any);\n } else {\n res.writeHead(503);\n res.end('CSS Service Not Available');\n }\n }\n\n private shouldRouteToApi(url: string): boolean {\n return url.startsWith('/v1/')\n || url.startsWith('/api/')\n || url.startsWith('/provision/')\n || url === '/.well-known/matrix/client'\n || url.startsWith('/_matrix/');\n }\n\n private shouldInspectRootMutation(req: http.IncomingMessage): boolean {\n const method = (req.method ?? 'GET').toUpperCase();\n if (![ 'POST', 'PUT', 'PATCH', 'DELETE' ].includes(method)) {\n return false;\n }\n\n const pathname = new URL(req.url ?? '/', 'http://localhost').pathname;\n const segments = pathname.split('/').filter(Boolean);\n return segments.length === 1 && !segments[0].startsWith('.');\n }\n\n private shouldRejectRootResourceMutation(req: http.IncomingMessage): boolean {\n const method = (req.method ?? 'GET').toUpperCase();\n if (![ 'POST', 'PUT', 'PATCH', 'DELETE' ].includes(method)) {\n return false;\n }\n\n const pathname = new URL(req.url ?? '/', 'http://localhost').pathname;\n const segments = pathname.split('/').filter(Boolean);\n return segments.length === 1 && !segments[0].startsWith('.') && !pathname.endsWith('/');\n }\n\n private writeRootMutationForbidden(res: http.ServerResponse): void {\n const body = Buffer.from(JSON.stringify(this.createRootMutationForbiddenBody()));\n res.writeHead(403, {\n 'Content-Type': 'application/json',\n 'Content-Length': String(body.byteLength),\n });\n res.end(body);\n }\n\n private normalizeRootMutationProxyResponse(\n proxyRes: http.IncomingMessage,\n body: Buffer,\n ): { statusCode: number; headers: http.OutgoingHttpHeaders; body: Buffer } {\n const headers: http.OutgoingHttpHeaders = { ...proxyRes.headers };\n const statusCode = proxyRes.statusCode ?? 500;\n const contentType = typeof proxyRes.headers['content-type'] === 'string'\n ? proxyRes.headers['content-type']\n : Array.isArray(proxyRes.headers['content-type'])\n ? proxyRes.headers['content-type'][0] ?? ''\n : '';\n const bodyText = contentType.includes('application/json') ? body.toString('utf8') : '';\n\n if (\n statusCode === 500 &&\n bodyText.includes('Cannot obtain the parent of') &&\n bodyText.includes('because it is a root container')\n ) {\n const normalizedBody = Buffer.from(JSON.stringify(this.createRootMutationForbiddenBody()));\n delete headers['content-length'];\n delete headers['transfer-encoding'];\n headers['content-type'] = 'application/json';\n headers['content-length'] = String(normalizedBody.byteLength);\n return { statusCode: 403, headers, body: normalizedBody };\n }\n\n delete headers['transfer-encoding'];\n headers['content-length'] = String(body.byteLength);\n return { statusCode, headers, body };\n }\n\n private createRootMutationForbiddenBody(): RootMutationForbiddenBody {\n return {\n name: 'ForbiddenHttpError',\n message: 'Write to server root is not allowed.',\n statusCode: 403,\n errorCode: 'H403',\n details: { cause: 'root-container-write' },\n };\n }\n\n private sanitizeProxyResponseHeaders(req: http.IncomingMessage, proxyRes: http.IncomingMessage): void {\n const method = (req.method ?? 'GET').toUpperCase();\n const statusCode = proxyRes.statusCode ?? 200;\n const headers = proxyRes.headers as Record<string, string | string[] | undefined>;\n const transferEncoding = headers['transfer-encoding'];\n const hasTransferEncoding = Array.isArray(transferEncoding)\n ? transferEncoding.some((value) => value.toLowerCase().includes('chunked'))\n : typeof transferEncoding === 'string'\n ? transferEncoding.toLowerCase().includes('chunked')\n : false;\n\n if (method === 'HEAD' || statusCode === 204 || statusCode === 304 || (statusCode >= 100 && statusCode < 200)) {\n delete headers['transfer-encoding'];\n return;\n }\n\n if (hasTransferEncoding && headers['content-length'] !== undefined) {\n delete headers['content-length'];\n }\n }\n\n private handleCorsPreflightRequest(\n res: http.ServerResponse,\n origin: string | undefined,\n ): void {\n this.addCorsHeaders(res, origin);\n res.writeHead(204);\n res.end();\n }\n\n /**\n * Add CORS headers matching CSS CorsHandler configuration\n */\n private addCorsHeaders(res: http.ServerResponse, origin: string | undefined): void {\n res.setHeader('Access-Control-Allow-Origin', origin || '*');\n res.setHeader('Access-Control-Allow-Credentials', String(CORS_CONFIG.credentials));\n res.setHeader('Access-Control-Allow-Methods', CORS_CONFIG.methods.join(', '));\n res.setHeader('Access-Control-Allow-Headers', CORS_CONFIG.allowedHeaders.join(', '));\n res.setHeader('Access-Control-Expose-Headers', CORS_CONFIG.exposedHeaders.join(', '));\n }\n\n private async handleInternalApi(req: http.IncomingMessage, res: http.ServerResponse): Promise<void> {\n try {\n const reqUrl = req.url ?? '/';\n const parsed = new URL(reqUrl, 'http://localhost');\n const pathname = parsed.pathname;\n\n if (pathname === '/service/status') {\n const status = this.supervisor.getAllStatus();\n const cssReady = await this.isCssReady();\n const code = cssReady ? 200 : 503;\n res.writeHead(code, { 'Content-Type': 'application/json' });\n res.end(JSON.stringify(status));\n return;\n }\n\n if (pathname === '/service/logs') {\n const level = parsed.searchParams.get('level') ?? undefined;\n const source = parsed.searchParams.get('source') ?? undefined;\n const limitValue = parsed.searchParams.get('limit');\n const limit = limitValue ? parseInt(limitValue, 10) : undefined;\n\n const logs = this.supervisor.getLogs({\n level,\n source,\n limit: Number.isFinite(limit as number) ? limit : undefined,\n });\n\n res.writeHead(200, { 'Content-Type': 'application/json' });\n res.end(JSON.stringify(logs));\n return;\n }\n\n if (pathname === '/service/stop' && req.method === 'POST') {\n res.writeHead(200, { 'Content-Type': 'application/json' });\n res.end(JSON.stringify({ ok: true }));\n setImmediate(() => {\n const shutdown = this.shutdownHandler ?? (() => this.supervisor.stopAll());\n void shutdown().then(() => {\n if (this.exitOnStop) {\n process.exit(0);\n }\n });\n });\n return;\n }\n\n res.writeHead(404);\n res.end('Not Found');\n } catch (error) {\n this.logger.error('Internal service endpoint failed:', error);\n if (!res.headersSent) {\n res.writeHead(500, { 'Content-Type': 'application/json' });\n }\n res.end(JSON.stringify({ error: 'Internal Server Error' }));\n }\n }\n\n private async isCssReady(): Promise<boolean> {\n if (!this.targets.css) {\n return true;\n }\n\n return this.runtimeHost.isConnectionTargetReady(this.targets.css, 1_500);\n }\n\n private normalizeTarget(target?: string | GatewayProxyTarget): GatewayProxyTarget | undefined {\n if (!target) {\n return undefined;\n }\n if (typeof target === 'string') {\n return { url: target };\n }\n return target;\n }\n\n private toProxyTarget(target: GatewayProxyTarget): string | { socketPath: string; protocol: string } {\n if (target.socketPath) {\n return {\n socketPath: target.socketPath,\n protocol: 'http:',\n };\n }\n return target.url!;\n }\n}\n\nexport interface GatewayProxyTarget {\n url?: string;\n socketPath?: string;\n}\n\nexport interface GatewayProxyOptions {\n socketPath?: string;\n listenEndpoint?: RuntimeListenEndpoint;\n runtimeHost?: RuntimeHost;\n exitOnStop?: boolean;\n shutdownHandler?: () => Promise<void>;\n baseUrl?: string;\n}\n"]}
1
+ {"version":3,"file":"Proxy.js","sourceRoot":"","sources":["../../src/runtime/Proxy.ts"],"names":[],"mappings":";;;;;;AAAA,4DAAmC;AACnC,gDAAwB;AACxB,iEAAqD;AAErD,iEAA8D;AAa9D,uDAAuD;AACvD,MAAM,WAAW,GAAG;IAClB,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAC;IACrE,WAAW,EAAE,IAAI;IACjB,cAAc,EAAE;QACd,eAAe,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ;QAC3D,kBAAkB,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,EAAE,MAAM;KAChE;IACD,cAAc,EAAE;QACd,cAAc,EAAE,aAAa,EAAE,YAAY,EAAE,OAAO,EAAE,eAAe;QACrE,MAAM,EAAE,eAAe,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa;QAC1D,WAAW,EAAE,kBAAkB,EAAE,cAAc;KAChD;CACF,CAAC;AAEF,MAAa,YAAY;IAWvB,YACE,IAAwB,EAChB,UAAsB,EAC9B,QAAQ,GAAG,SAAS,EACpB,UAA+B,EAAE;QAFzB,eAAU,GAAV,UAAU,CAAY;QAZf,WAAM,GAAG,IAAA,oCAAY,EAAC,IAAI,CAAC,CAAC;QAGrC,YAAO,GAA2D,EAAE,CAAC;QAa3E,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,iCAAe,CAAC;QAC1D,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,IAAI,CAAC,WAAW,CAAC,oBAAoB,CAAC;YACpF,IAAI;YACJ,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE,OAAO,CAAC,UAAU;SAC/B,CAAC,CAAC;QACH,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,KAAK,CAAC;QAC9C,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;QAC/C,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAC/B,IAAI,CAAC,KAAK,GAAG,oBAAS,CAAC,iBAAiB,CAAC;YACvC,IAAI,EAAE,IAAI;SACX,CAAC,CAAC;QAEH,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE;YACxC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;YACvC,IAAI,GAAG,IAAI,WAAW,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;gBAClD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,qBAAqB,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;YAClF,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;YAC/C,IAAI,CAAC,4BAA4B,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;YACjD,MAAM,kBAAkB,GAAG,GAAyB,CAAC;YACrD,MAAM,QAAQ,GAAG,GAA0B,CAAC;YAC5C,IAAI,CAAC,kBAAkB,CAAC,yBAAyB,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,WAAW,EAAE,CAAC;gBACvF,OAAO;YACT,CAAC;YAED,MAAM,MAAM,GAAa,EAAE,CAAC;YAC5B,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE;gBAC5B,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;YACnE,CAAC,CAAC,CAAC;YACH,QAAQ,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;gBACtB,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;gBAC3C,MAAM,SAAS,GAAG,IAAI,CAAC,kCAAkC,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;gBAClF,QAAQ,CAAC,SAAS,CAAC,SAAS,CAAC,UAAU,EAAE,SAAS,CAAC,OAAO,CAAC,CAAC;gBAC5D,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YAC/B,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,GAAG,cAAI,CAAC,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QAE/D,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE;YAC9C,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC;YAE3B,kDAAkD;YAClD,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;gBAC/C,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAQ,EAAE,CAAC,CAAC;YAC5F,CAAC;iBAAM,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;gBAC5B,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAQ,EAAE,CAAC,CAAC;YAC5F,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAEM,UAAU,CAAC,OAAiF;QACjG,IAAI,CAAC,OAAO,GAAG;YACb,GAAG,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC;YACtC,GAAG,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC;SACvC,CAAC;IACJ,CAAC;IAEM,KAAK,CAAC,KAAK;QAChB,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,cAAc,CAAC,CAAC;QAChE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gBAAgB,IAAI,CAAC,WAAW,CAAC,oBAAoB,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC,CAAC;IACjG,CAAC;IAEM,IAAI;QACT,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;YACnB,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE;gBACjE,OAAO,EAAE,CAAC;YACZ,CAAC,EAAE,MAAM,CAAC,CAAC;QACb,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,aAAa,CAAC,GAAyB,EAAE,GAAwB;QACvE,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC;QAC3B,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC;QAElC,wEAAwE;QACxE,uEAAuE;QACvE,kCAAkC;QAClC,MAAM,YAAY,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC;QAChG,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QAE7C,8CAA8C;QAC9C,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC;QAC/D,IAAI,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAChC,GAAG,CAAC,OAAO,CAAC,mBAAmB,CAAC,GAAG,OAAO,CAAC;QAC7C,CAAC;QAED,4EAA4E;QAC5E,yEAAyE;QACzE,4BAA4B;QAC5B,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,YAAY,EAAE,CAAC;gBACjB,GAAG,CAAC,OAAO,CAAC,IAAI,GAAG,YAAY,CAAC;gBAChC,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAC,GAAG,YAAY,CAAC;YACjD,CAAC;QACH,CAAC;aAAM,IAAI,OAAO,EAAE,CAAC;YACnB,IAAI,CAAC;gBACH,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;gBACvC,GAAG,CAAC,OAAO,CAAC,IAAI,GAAG,aAAa,CAAC,IAAI,CAAC;gBACtC,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAC,GAAG,aAAa,CAAC,IAAI,CAAC;YACvD,CAAC;YAAC,MAAM,CAAC;gBACP,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAC,EAAE,CAAC;oBACrC,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAC,GAAG,YAAY,CAAC;gBACjD,CAAC;YACH,CAAC;QACH,CAAC;aAAM,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAC,EAAE,CAAC;YAC5C,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAC,GAAG,YAAY,CAAC;QACjD,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,GAAG,GAAG,CAAC,MAAM,IAAI,GAAG,sBAAsB,GAAG,CAAC,OAAO,CAAC,mBAAmB,CAAC,qBAAqB,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAC,SAAS,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAC1J,CAAC;QAEF,gCAAgC;QAChC,IAAI,GAAG,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YAChC,IAAI,GAAG,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;gBAC7B,IAAI,CAAC,0BAA0B,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;gBAC7C,OAAO;YACT,CAAC;YACD,IAAI,MAAM,EAAE,CAAC;gBACX,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YACnC,CAAC;YACD,KAAK,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YACtC,OAAO;QACT,CAAC;QAED,yBAAyB;QACzB,2EAA2E;QAC3E,4EAA4E;QAC5E,uDAAuD;QAEvD,8DAA8D;QAC9D,IAAI,CAAC,GAAG,KAAK,YAAY,IAAI,GAAG,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;YAChF,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAQ,EAAE,CAAC,CAAC;YAClF,OAAO;QACT,CAAC;QAED,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;YAChE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAQ,EAAE,CAAC,CAAC;YAClF,OAAO;QACT,CAAC;QAED,2BAA2B;QAC3B,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;YACrB,IAAI,IAAI,CAAC,gCAAgC,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC/C,IAAI,CAAC,0BAA0B,CAAC,GAAG,CAAC,CAAC;gBACrC,OAAO;YACT,CAAC;YAED,MAAM,kBAAkB,GAAG,GAAyB,CAAC;YACrD,kBAAkB,CAAC,yBAAyB,GAAG,IAAI,CAAC,yBAAyB,CAAC,GAAG,CAAC,CAAC;YACnF,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE;gBACvB,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAQ;gBACnD,GAAG,CAAC,kBAAkB,CAAC,yBAAyB,CAAC,CAAC,CAAC,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAC/E,CAAC,CAAC;QACZ,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACnB,GAAG,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IAEO,gBAAgB,CAAC,GAAW;QAClC,OAAO,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC;eACxB,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC;eACvB,GAAG,CAAC,UAAU,CAAC,aAAa,CAAC;eAC7B,GAAG,KAAK,4BAA4B;eACpC,GAAG,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;IACnC,CAAC;IAEO,SAAS,CAAC,UAA8B;QAC9C,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;QAC5C,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,KAAK,CAAC;QACf,CAAC;QACD,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,cAAc,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;eACvE,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;QACvD,OAAO,OAAO,CAAC,cAAc,IAAI,IAAI,KAAK,cAAc,CAAC,CAAC;IAC5D,CAAC;IAEO,WAAW,CAAC,KAAyB;QAC3C,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,IAAI,CAAC;YACH,OAAO,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QAC/C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;IAEO,aAAa,CAAC,UAA8B;QAClD,MAAM,IAAI,GAAG,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;QACtE,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IACjD,CAAC;IAEO,gBAAgB,CAAC,KAAoC;QAC3D,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;IACjD,CAAC;IAEO,yBAAyB,CAAC,GAAyB;QACzD,MAAM,MAAM,GAAG,CAAC,GAAG,CAAC,MAAM,IAAI,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;QACnD,IAAI,CAAC,CAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC3D,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC;QACtE,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACrD,OAAO,QAAQ,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAC/D,CAAC;IAEO,gCAAgC,CAAC,GAAyB;QAChE,MAAM,MAAM,GAAG,CAAC,GAAG,CAAC,MAAM,IAAI,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;QACnD,IAAI,CAAC,CAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC3D,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC;QACtE,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACrD,OAAO,QAAQ,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAC1F,CAAC;IAEO,0BAA0B,CAAC,GAAwB;QACzD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,+BAA+B,EAAE,CAAC,CAAC,CAAC;QACjF,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE;YACjB,cAAc,EAAE,kBAAkB;YAClC,gBAAgB,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;SAC1C,CAAC,CAAC;QACH,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAChB,CAAC;IAEO,kCAAkC,CACxC,QAA8B,EAC9B,IAAY;QAEZ,MAAM,OAAO,GAA6B,EAAE,GAAG,QAAQ,CAAC,OAAO,EAAE,CAAC;QAClE,MAAM,UAAU,GAAG,QAAQ,CAAC,UAAU,IAAI,GAAG,CAAC;QAC9C,MAAM,WAAW,GAAG,OAAO,QAAQ,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,QAAQ;YACtE,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,cAAc,CAAC;YAClC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;gBAC/C,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE;gBAC3C,CAAC,CAAC,EAAE,CAAC;QACT,MAAM,QAAQ,GAAG,WAAW,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAEvF,IACE,UAAU,KAAK,GAAG;YAClB,QAAQ,CAAC,QAAQ,CAAC,6BAA6B,CAAC;YAChD,QAAQ,CAAC,QAAQ,CAAC,gCAAgC,CAAC,EACnD,CAAC;YACD,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,+BAA+B,EAAE,CAAC,CAAC,CAAC;YAC3F,OAAO,OAAO,CAAC,gBAAgB,CAAC,CAAC;YACjC,OAAO,OAAO,CAAC,mBAAmB,CAAC,CAAC;YACpC,OAAO,CAAC,cAAc,CAAC,GAAG,kBAAkB,CAAC;YAC7C,OAAO,CAAC,gBAAgB,CAAC,GAAG,MAAM,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;YAC9D,OAAO,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,CAAC;QAC5D,CAAC;QAED,OAAO,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACpC,OAAO,CAAC,gBAAgB,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACpD,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IACvC,CAAC;IAEO,+BAA+B;QACrC,OAAO;YACL,IAAI,EAAE,oBAAoB;YAC1B,OAAO,EAAE,sCAAsC;YAC/C,UAAU,EAAE,GAAG;YACf,SAAS,EAAE,MAAM;YACjB,OAAO,EAAE,EAAE,KAAK,EAAE,sBAAsB,EAAE;SAC3C,CAAC;IACJ,CAAC;IAEO,4BAA4B,CAAC,GAAyB,EAAE,QAA8B;QAC5F,MAAM,MAAM,GAAG,CAAC,GAAG,CAAC,MAAM,IAAI,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;QACnD,MAAM,UAAU,GAAG,QAAQ,CAAC,UAAU,IAAI,GAAG,CAAC;QAC9C,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAwD,CAAC;QAClF,MAAM,gBAAgB,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACtD,MAAM,mBAAmB,GAAG,KAAK,CAAC,OAAO,CAAC,gBAAgB,CAAC;YACzD,CAAC,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;YAC3E,CAAC,CAAC,OAAO,gBAAgB,KAAK,QAAQ;gBACpC,CAAC,CAAC,gBAAgB,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC;gBACpD,CAAC,CAAC,KAAK,CAAC;QAEZ,IAAI,MAAM,KAAK,MAAM,IAAI,UAAU,KAAK,GAAG,IAAI,UAAU,KAAK,GAAG,IAAI,CAAC,UAAU,IAAI,GAAG,IAAI,UAAU,GAAG,GAAG,CAAC,EAAE,CAAC;YAC7G,OAAO,OAAO,CAAC,mBAAmB,CAAC,CAAC;YACpC,OAAO;QACT,CAAC;QAED,IAAI,mBAAmB,EAAE,CAAC;YACxB,OAAO,OAAO,CAAC,mBAAmB,CAAC,CAAC;YACpC,IAAI,OAAO,CAAC,gBAAgB,CAAC,KAAK,SAAS,EAAE,CAAC;gBAC5C,OAAO,OAAO,CAAC,gBAAgB,CAAC,CAAC;YACnC,CAAC;QACH,CAAC;IACH,CAAC;IAEO,0BAA0B,CAChC,GAAwB,EACxB,MAA0B;QAE1B,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QACjC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACnB,GAAG,CAAC,GAAG,EAAE,CAAC;IACZ,CAAC;IAED;;OAEG;IACK,cAAc,CAAC,GAAwB,EAAE,MAA0B;QACzE,GAAG,CAAC,SAAS,CAAC,6BAA6B,EAAE,MAAM,IAAI,GAAG,CAAC,CAAC;QAC5D,GAAG,CAAC,SAAS,CAAC,kCAAkC,EAAE,MAAM,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC,CAAC;QACnF,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QAC9E,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,WAAW,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QACrF,GAAG,CAAC,SAAS,CAAC,+BAA+B,EAAE,WAAW,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IACxF,CAAC;IAEO,KAAK,CAAC,iBAAiB,CAAC,GAAyB,EAAE,GAAwB;QACjF,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC;YAC9B,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAC;YACnD,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;YAEjC,IAAI,QAAQ,KAAK,iBAAiB,EAAE,CAAC;gBACnC,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC;gBAC9C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;gBACzC,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;gBAClC,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC5D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;gBAChC,OAAO;YACT,CAAC;YAED,IAAI,QAAQ,KAAK,eAAe,EAAE,CAAC;gBACjC,MAAM,KAAK,GAAG,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC;gBAC5D,MAAM,MAAM,GAAG,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC;gBAC9D,MAAM,UAAU,GAAG,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;gBACpD,MAAM,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;gBAEhE,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC;oBACnC,KAAK;oBACL,MAAM;oBACN,KAAK,EAAE,MAAM,CAAC,QAAQ,CAAC,KAAe,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;iBAC5D,CAAC,CAAC;gBAEH,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;gBAC9B,OAAO;YACT,CAAC;YAED,IAAI,QAAQ,KAAK,eAAe,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC1D,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;gBACtC,YAAY,CAAC,GAAG,EAAE;oBAChB,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC;oBAC3E,KAAK,QAAQ,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE;wBACxB,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;4BACpB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;wBAClB,CAAC;oBACH,CAAC,CAAC,CAAC;gBACL,CAAC,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACnB,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QACvB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,mCAAmC,EAAE,KAAK,CAAC,CAAC;YAC9D,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;gBACrB,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC7D,CAAC;YACD,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,UAAU;QACtB,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;YACtB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,IAAI,CAAC,WAAW,CAAC,uBAAuB,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAC3E,CAAC;IAEO,eAAe,CAAC,MAAoC;QAC1D,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC/B,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC;QACzB,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,aAAa,CAAC,MAA0B;QAC9C,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YACtB,OAAO;gBACL,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,QAAQ,EAAE,OAAO;aAClB,CAAC;QACJ,CAAC;QACD,OAAO,MAAM,CAAC,GAAI,CAAC;IACrB,CAAC;CACF;AA9aD,oCA8aC","sourcesContent":["import httpProxy from 'http-proxy';\nimport http from 'http';\nimport { getLoggerFor } from 'global-logger-factory';\nimport type { Supervisor } from '../supervisor/Supervisor';\nimport { nodeRuntimeHost } from './host/node/NodeRuntimeHost';\nimport type { RuntimeHost, RuntimeListenEndpoint } from './host/types';\n\ntype InterceptedRequest = http.IncomingMessage & { __xpodInspectRootMutation?: boolean };\n\ninterface RootMutationForbiddenBody {\n name: 'ForbiddenHttpError';\n message: string;\n statusCode: 403;\n errorCode: 'H403';\n details: { cause: 'root-container-write' };\n}\n\n// CORS configuration matching CSS CorsHandler defaults\nconst CORS_CONFIG = {\n methods: ['GET', 'HEAD', 'OPTIONS', 'POST', 'PUT', 'PATCH', 'DELETE'],\n credentials: true,\n allowedHeaders: [\n 'Authorization', 'Content-Type', 'Accept', 'DPoP', 'Origin',\n 'X-Requested-With', 'If-Match', 'If-None-Match', 'Slug', 'Link',\n ],\n exposedHeaders: [\n 'Accept-Patch', 'Accept-Post', 'Accept-Put', 'Allow', 'Content-Range',\n 'ETag', 'Last-Modified', 'Link', 'Location', 'Updates-Via',\n 'WAC-Allow', 'Www-Authenticate', 'X-Request-Id',\n ],\n};\n\nexport class GatewayProxy {\n private readonly logger = getLoggerFor(this);\n private proxy: httpProxy;\n private server: http.Server;\n private targets: { css?: GatewayProxyTarget; api?: GatewayProxyTarget } = {};\n private readonly runtimeHost: RuntimeHost;\n private readonly listenEndpoint: RuntimeListenEndpoint;\n private readonly exitOnStop: boolean;\n private readonly shutdownHandler?: () => Promise<void>;\n private readonly baseUrl?: string;\n\n constructor(\n port: number | undefined,\n private supervisor: Supervisor,\n bindHost = '0.0.0.0',\n options: GatewayProxyOptions = {},\n ) {\n this.runtimeHost = options.runtimeHost ?? nodeRuntimeHost;\n this.listenEndpoint = options.listenEndpoint ?? this.runtimeHost.createListenEndpoint({\n port,\n host: bindHost,\n socketPath: options.socketPath,\n });\n this.exitOnStop = options.exitOnStop ?? false;\n this.shutdownHandler = options.shutdownHandler;\n this.baseUrl = options.baseUrl;\n this.proxy = httpProxy.createProxyServer({\n xfwd: true,\n });\n\n this.proxy.on('error', (err, _req, res) => {\n this.logger.error('Proxy error:', err);\n if (res && 'writeHead' in res && !res.headersSent) {\n res.writeHead(502, { 'Content-Type': 'application/json' });\n res.end(JSON.stringify({ error: 'Service Unavailable', details: err.message }));\n }\n });\n\n this.proxy.on('proxyRes', (proxyRes, req, res) => {\n this.sanitizeProxyResponseHeaders(req, proxyRes);\n const interceptedRequest = req as InterceptedRequest;\n const outgoing = res as http.ServerResponse;\n if (!interceptedRequest.__xpodInspectRootMutation || !outgoing || outgoing.headersSent) {\n return;\n }\n\n const chunks: Buffer[] = [];\n proxyRes.on('data', (chunk) => {\n chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));\n });\n proxyRes.on('end', () => {\n const originalBody = Buffer.concat(chunks);\n const rewritten = this.normalizeRootMutationProxyResponse(proxyRes, originalBody);\n outgoing.writeHead(rewritten.statusCode, rewritten.headers);\n outgoing.end(rewritten.body);\n });\n });\n\n this.server = http.createServer(this.handleRequest.bind(this));\n\n this.server.on('upgrade', (req, socket, head) => {\n const url = req.url ?? '/';\n\n // Route /ws/* WebSocket connections to API server\n if (url.startsWith('/ws/') && this.targets.api) {\n this.proxy.ws(req, socket, head, { target: this.toProxyTarget(this.targets.api) as any });\n } else if (this.targets.css) {\n this.proxy.ws(req, socket, head, { target: this.toProxyTarget(this.targets.css) as any });\n } else {\n socket.destroy();\n }\n });\n }\n\n public setTargets(targets: { css?: string | GatewayProxyTarget; api?: string | GatewayProxyTarget }): void {\n this.targets = {\n css: this.normalizeTarget(targets.css),\n api: this.normalizeTarget(targets.api),\n };\n }\n\n public async start(): Promise<void> {\n await this.runtimeHost.listen(this.server, this.listenEndpoint);\n this.logger.info(`Listening on ${this.runtimeHost.formatListenEndpoint(this.listenEndpoint)}`);\n }\n\n public stop(): Promise<void> {\n return new Promise((resolve, reject) => {\n this.proxy.close();\n this.runtimeHost.close(this.server, this.listenEndpoint).then(() => {\n resolve();\n }, reject);\n });\n }\n\n private handleRequest(req: http.IncomingMessage, res: http.ServerResponse): void {\n const url = req.url ?? '/';\n const origin = req.headers.origin;\n\n // Store public host for routing before any CSS canonical-host rewrites.\n // External gateways pass the original domain through X-Forwarded-Host;\n // direct/local requests use Host.\n const originalHost = this.firstHeaderValue(req.headers['x-forwarded-host']) ?? req.headers.host;\n const apiHost = this.isApiHost(originalHost);\n\n // Set x-forwarded-proto based on CSS_BASE_URL\n const baseUrl = this.baseUrl ?? process.env.CSS_BASE_URL ?? '';\n if (baseUrl.startsWith('https')) {\n req.headers['x-forwarded-proto'] = 'https';\n }\n\n // API subdomains are the public API boundary. Preserve the API host for API\n // handlers (for example Matrix discovery) instead of rewriting it to the\n // canonical CSS/WebID host.\n if (apiHost) {\n if (originalHost) {\n req.headers.host = originalHost;\n req.headers['x-forwarded-host'] = originalHost;\n }\n } else if (baseUrl) {\n try {\n const parsedBaseUrl = new URL(baseUrl);\n req.headers.host = parsedBaseUrl.host;\n req.headers['x-forwarded-host'] = parsedBaseUrl.host;\n } catch {\n if (!req.headers['x-forwarded-host']) {\n req.headers['x-forwarded-host'] = originalHost;\n }\n }\n } else if (!req.headers['x-forwarded-host']) {\n req.headers['x-forwarded-host'] = originalHost;\n }\n\n this.logger.debug(\n `${req.method} ${url} x-forwarded-proto=${req.headers['x-forwarded-proto']} x-forwarded-host=${req.headers['x-forwarded-host']} host=${req.headers.host}`,\n );\n\n // 1. Internal service endpoints\n if (url.startsWith('/service/')) {\n if (req.method === 'OPTIONS') {\n this.handleCorsPreflightRequest(res, origin);\n return;\n }\n if (origin) {\n this.addCorsHeaders(res, origin);\n }\n void this.handleInternalApi(req, res);\n return;\n }\n\n // 2. API Server Routing.\n // Public API is selected by host (`api.<domain>`), not by adding an `/api`\n // path prefix to the IdP/Pod host. Path-based routing remains for local/dev\n // single-origin clients and existing legacy endpoints.\n\n // 2a. Dashboard UI is served by API server under /dashboard/*\n if ((url === '/dashboard' || url.startsWith('/dashboard/')) && this.targets.api) {\n this.proxy.web(req, res, { target: this.toProxyTarget(this.targets.api) as any });\n return;\n }\n\n if ((apiHost || this.shouldRouteToApi(url)) && this.targets.api) {\n this.proxy.web(req, res, { target: this.toProxyTarget(this.targets.api) as any });\n return;\n }\n\n // 3. CSS Routing (Default)\n if (this.targets.css) {\n if (this.shouldRejectRootResourceMutation(req)) {\n this.writeRootMutationForbidden(res);\n return;\n }\n\n const interceptedRequest = req as InterceptedRequest;\n interceptedRequest.__xpodInspectRootMutation = this.shouldInspectRootMutation(req);\n this.proxy.web(req, res, {\n target: this.toProxyTarget(this.targets.css) as any,\n ...(interceptedRequest.__xpodInspectRootMutation ? { selfHandleResponse: true } : {}),\n } as any);\n } else {\n res.writeHead(503);\n res.end('CSS Service Not Available');\n }\n }\n\n private shouldRouteToApi(url: string): boolean {\n return url.startsWith('/v1/')\n || url.startsWith('/api/')\n || url.startsWith('/provision/')\n || url === '/.well-known/matrix/client'\n || url.startsWith('/_matrix/');\n }\n\n private isApiHost(hostHeader: string | undefined): boolean {\n const host = this.normalizeHost(hostHeader);\n if (!host) {\n return false;\n }\n if (host.startsWith('api.')) {\n return true;\n }\n\n const configuredHost = this.hostFromUrl(process.env.XPOD_CLOUD_API_ENDPOINT)\n ?? this.hostFromUrl(process.env.XPOD_PUBLIC_API_URL);\n return Boolean(configuredHost && host === configuredHost);\n }\n\n private hostFromUrl(value: string | undefined): string | undefined {\n if (!value) {\n return undefined;\n }\n try {\n return new URL(value).hostname.toLowerCase();\n } catch {\n return undefined;\n }\n }\n\n private normalizeHost(hostHeader: string | undefined): string | undefined {\n const host = this.firstHeaderValue(hostHeader)?.split(',')[0]?.trim();\n if (!host) {\n return undefined;\n }\n return host.replace(/:\\d+$/, '').toLowerCase();\n }\n\n private firstHeaderValue(value: string | string[] | undefined): string | undefined {\n return Array.isArray(value) ? value[0] : value;\n }\n\n private shouldInspectRootMutation(req: http.IncomingMessage): boolean {\n const method = (req.method ?? 'GET').toUpperCase();\n if (![ 'POST', 'PUT', 'PATCH', 'DELETE' ].includes(method)) {\n return false;\n }\n\n const pathname = new URL(req.url ?? '/', 'http://localhost').pathname;\n const segments = pathname.split('/').filter(Boolean);\n return segments.length === 1 && !segments[0].startsWith('.');\n }\n\n private shouldRejectRootResourceMutation(req: http.IncomingMessage): boolean {\n const method = (req.method ?? 'GET').toUpperCase();\n if (![ 'POST', 'PUT', 'PATCH', 'DELETE' ].includes(method)) {\n return false;\n }\n\n const pathname = new URL(req.url ?? '/', 'http://localhost').pathname;\n const segments = pathname.split('/').filter(Boolean);\n return segments.length === 1 && !segments[0].startsWith('.') && !pathname.endsWith('/');\n }\n\n private writeRootMutationForbidden(res: http.ServerResponse): void {\n const body = Buffer.from(JSON.stringify(this.createRootMutationForbiddenBody()));\n res.writeHead(403, {\n 'Content-Type': 'application/json',\n 'Content-Length': String(body.byteLength),\n });\n res.end(body);\n }\n\n private normalizeRootMutationProxyResponse(\n proxyRes: http.IncomingMessage,\n body: Buffer,\n ): { statusCode: number; headers: http.OutgoingHttpHeaders; body: Buffer } {\n const headers: http.OutgoingHttpHeaders = { ...proxyRes.headers };\n const statusCode = proxyRes.statusCode ?? 500;\n const contentType = typeof proxyRes.headers['content-type'] === 'string'\n ? proxyRes.headers['content-type']\n : Array.isArray(proxyRes.headers['content-type'])\n ? proxyRes.headers['content-type'][0] ?? ''\n : '';\n const bodyText = contentType.includes('application/json') ? body.toString('utf8') : '';\n\n if (\n statusCode === 500 &&\n bodyText.includes('Cannot obtain the parent of') &&\n bodyText.includes('because it is a root container')\n ) {\n const normalizedBody = Buffer.from(JSON.stringify(this.createRootMutationForbiddenBody()));\n delete headers['content-length'];\n delete headers['transfer-encoding'];\n headers['content-type'] = 'application/json';\n headers['content-length'] = String(normalizedBody.byteLength);\n return { statusCode: 403, headers, body: normalizedBody };\n }\n\n delete headers['transfer-encoding'];\n headers['content-length'] = String(body.byteLength);\n return { statusCode, headers, body };\n }\n\n private createRootMutationForbiddenBody(): RootMutationForbiddenBody {\n return {\n name: 'ForbiddenHttpError',\n message: 'Write to server root is not allowed.',\n statusCode: 403,\n errorCode: 'H403',\n details: { cause: 'root-container-write' },\n };\n }\n\n private sanitizeProxyResponseHeaders(req: http.IncomingMessage, proxyRes: http.IncomingMessage): void {\n const method = (req.method ?? 'GET').toUpperCase();\n const statusCode = proxyRes.statusCode ?? 200;\n const headers = proxyRes.headers as Record<string, string | string[] | undefined>;\n const transferEncoding = headers['transfer-encoding'];\n const hasTransferEncoding = Array.isArray(transferEncoding)\n ? transferEncoding.some((value) => value.toLowerCase().includes('chunked'))\n : typeof transferEncoding === 'string'\n ? transferEncoding.toLowerCase().includes('chunked')\n : false;\n\n if (method === 'HEAD' || statusCode === 204 || statusCode === 304 || (statusCode >= 100 && statusCode < 200)) {\n delete headers['transfer-encoding'];\n return;\n }\n\n if (hasTransferEncoding) {\n delete headers['transfer-encoding'];\n if (headers['content-length'] !== undefined) {\n delete headers['content-length'];\n }\n }\n }\n\n private handleCorsPreflightRequest(\n res: http.ServerResponse,\n origin: string | undefined,\n ): void {\n this.addCorsHeaders(res, origin);\n res.writeHead(204);\n res.end();\n }\n\n /**\n * Add CORS headers matching CSS CorsHandler configuration\n */\n private addCorsHeaders(res: http.ServerResponse, origin: string | undefined): void {\n res.setHeader('Access-Control-Allow-Origin', origin || '*');\n res.setHeader('Access-Control-Allow-Credentials', String(CORS_CONFIG.credentials));\n res.setHeader('Access-Control-Allow-Methods', CORS_CONFIG.methods.join(', '));\n res.setHeader('Access-Control-Allow-Headers', CORS_CONFIG.allowedHeaders.join(', '));\n res.setHeader('Access-Control-Expose-Headers', CORS_CONFIG.exposedHeaders.join(', '));\n }\n\n private async handleInternalApi(req: http.IncomingMessage, res: http.ServerResponse): Promise<void> {\n try {\n const reqUrl = req.url ?? '/';\n const parsed = new URL(reqUrl, 'http://localhost');\n const pathname = parsed.pathname;\n\n if (pathname === '/service/status') {\n const status = this.supervisor.getAllStatus();\n const cssReady = await this.isCssReady();\n const code = cssReady ? 200 : 503;\n res.writeHead(code, { 'Content-Type': 'application/json' });\n res.end(JSON.stringify(status));\n return;\n }\n\n if (pathname === '/service/logs') {\n const level = parsed.searchParams.get('level') ?? undefined;\n const source = parsed.searchParams.get('source') ?? undefined;\n const limitValue = parsed.searchParams.get('limit');\n const limit = limitValue ? parseInt(limitValue, 10) : undefined;\n\n const logs = this.supervisor.getLogs({\n level,\n source,\n limit: Number.isFinite(limit as number) ? limit : undefined,\n });\n\n res.writeHead(200, { 'Content-Type': 'application/json' });\n res.end(JSON.stringify(logs));\n return;\n }\n\n if (pathname === '/service/stop' && req.method === 'POST') {\n res.writeHead(200, { 'Content-Type': 'application/json' });\n res.end(JSON.stringify({ ok: true }));\n setImmediate(() => {\n const shutdown = this.shutdownHandler ?? (() => this.supervisor.stopAll());\n void shutdown().then(() => {\n if (this.exitOnStop) {\n process.exit(0);\n }\n });\n });\n return;\n }\n\n res.writeHead(404);\n res.end('Not Found');\n } catch (error) {\n this.logger.error('Internal service endpoint failed:', error);\n if (!res.headersSent) {\n res.writeHead(500, { 'Content-Type': 'application/json' });\n }\n res.end(JSON.stringify({ error: 'Internal Server Error' }));\n }\n }\n\n private async isCssReady(): Promise<boolean> {\n if (!this.targets.css) {\n return true;\n }\n\n return this.runtimeHost.isConnectionTargetReady(this.targets.css, 1_500);\n }\n\n private normalizeTarget(target?: string | GatewayProxyTarget): GatewayProxyTarget | undefined {\n if (!target) {\n return undefined;\n }\n if (typeof target === 'string') {\n return { url: target };\n }\n return target;\n }\n\n private toProxyTarget(target: GatewayProxyTarget): string | { socketPath: string; protocol: string } {\n if (target.socketPath) {\n return {\n socketPath: target.socketPath,\n protocol: 'http:',\n };\n }\n return target.url!;\n }\n}\n\nexport interface GatewayProxyTarget {\n url?: string;\n socketPath?: string;\n}\n\nexport interface GatewayProxyOptions {\n socketPath?: string;\n listenEndpoint?: RuntimeListenEndpoint;\n runtimeHost?: RuntimeHost;\n exitOnStop?: boolean;\n shutdownHandler?: () => Promise<void>;\n baseUrl?: string;\n}\n"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@undefineds.co/xpod",
3
- "version": "0.3.50",
3
+ "version": "0.3.52",
4
4
  "description": "Xpod is an extended Community Solid Server, offering rich-feature, production-level Solid Pod and identity management.",
5
5
  "repository": "https://github.com/undefinedsco/xpod",
6
6
  "author": "developer@undefineds.co",