@volter/tunnel 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/README.md +91 -0
  2. package/client/tunnel-client.ts +868 -0
  3. package/package.json +43 -0
  4. package/server/Dockerfile +9 -0
  5. package/server/fly.toml +23 -0
  6. package/server/package.json +9 -0
  7. package/server/server.mjs +809 -0
package/README.md ADDED
@@ -0,0 +1,91 @@
1
+ # @volter/tunnel
2
+
3
+ WebSocket-based HTTP/WS reverse tunnel. Two halves that speak one wire protocol:
4
+
5
+ - **`server/`** — a relay you host on a public domain. Browsers hit
6
+ `https://{tunnelId}.your-domain` and the relay forwards each request/response
7
+ (and WebSocket upgrade) over a control channel to a connected client.
8
+ - **`client/`** — a connector library + CLI that runs next to a local server,
9
+ registers a `tunnelId` with the relay, and proxies traffic to a local port.
10
+
11
+ It supports HTTP, streaming responses, WebSocket relay, optional JWT auth
12
+ (Bearer header, `?__volter_token=` query, or `__volter_auth` cookie), and
13
+ CSP `frame-ancestors` stripping so tunneled apps can be embedded in iframes.
14
+
15
+ > Runtime note: the published package ships TypeScript source for the client
16
+ > (`client/tunnel-client.ts`). It is designed to be consumed under **Bun**
17
+ > (which imports `.ts` directly), as in the Volter gateway/sandbox. The server
18
+ > is plain ESM JavaScript and runs under Node.
19
+
20
+ ## Install
21
+
22
+ ```bash
23
+ bun add @volter/tunnel # client library + CLI (Bun)
24
+ # jsonwebtoken is an optional peer dep, only needed by the server for JWT auth
25
+ ```
26
+
27
+ ## Client — library
28
+
29
+ ```ts
30
+ import { createTunnel } from '@volter/tunnel/client';
31
+
32
+ const tunnel = await createTunnel({
33
+ port: 3000, // local port to expose
34
+ host: 'https://vgit-tunnels.volterapp.com', // relay URL
35
+ tunnelId: 'my-app', // -> https://my-app.<domain>
36
+ secret: process.env.TUNNEL_SECRET, // must match relay's TUNNEL_SECRET
37
+ authRequired: false,
38
+ });
39
+
40
+ console.log(tunnel.url); // public URL
41
+ // ... later
42
+ tunnel.close();
43
+ ```
44
+
45
+ ## Client — CLI
46
+
47
+ ```bash
48
+ # via the bin once installed
49
+ volter-tunnel --port 3000 [--host <relayUrl>] [--tunnel-id <id>] [--auth-not-required]
50
+
51
+ # or directly with Bun
52
+ bun run node_modules/@volter/tunnel/client/tunnel-client.ts --port 3000
53
+ ```
54
+
55
+ Defaults: `--host` falls back to `$TUNNEL_SERVER_URL` then
56
+ `https://vgit-tunnels.volterapp.com`.
57
+
58
+ ## Server — deploy
59
+
60
+ The relay lives in `server/` with a Dockerfile and a Fly.io config
61
+ (`server/fly.toml`, app `mc-tunnel`, domain `vgit-tunnels.volterapp.com`).
62
+
63
+ ```bash
64
+ cd server
65
+ fly deploy # deploy the relay to Fly.io
66
+ # or run locally:
67
+ npm install && node server.mjs
68
+ ```
69
+
70
+ ### Server environment variables
71
+
72
+ | Var | Purpose |
73
+ |---|---|
74
+ | `PORT` | Port the relay listens on (Fly: `8080`) |
75
+ | `TUNNEL_DOMAIN` | Public base domain, e.g. `vgit-tunnels.volterapp.com` |
76
+ | `TUNNEL_SECURE` | `true` to emit `https`/`wss` public URLs |
77
+ | `TUNNEL_SECRET` | Shared secret clients must present in `register` |
78
+ | `JWT_SECRET` | HS256 secret for validating end-user auth tokens (optional) |
79
+
80
+ Client and relay must share the same `TUNNEL_SECRET`.
81
+
82
+ ## Layout
83
+
84
+ ```
85
+ @volter/tunnel
86
+ ├── client/tunnel-client.ts # createTunnel() + CLI (export "./client", bin "volter-tunnel")
87
+ └── server/ # relay (export "./server")
88
+ ├── server.mjs
89
+ ├── Dockerfile
90
+ └── fly.toml
91
+ ```