npm - @xopcai/xopc - Versions diffs - 0.0.77 → 0.0.78 - Mend

@xopcai/xopc 0.0.77 → 0.0.78

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (126) hide show

package/dist/src/tunnel/acme-csr.js DELETED Viewed

@@ -1,48 +0,0 @@
-import { join } from "node:path";
-import { tmpdir } from "node:os";
-import { mkdtempSync, readFileSync, rmSync } from "node:fs";
-import { execFileSync } from "node:child_process";
-//#region src/tunnel/acme-csr.ts
-/** Generate EC P-256 CSR + private key PEM via openssl (no extra npm deps). */
-function generateDomainCsr(domain) {
-	const workDir = mkdtempSync(join(tmpdir(), "xopc-acme-csr-"));
-	const keyPath = join(workDir, "domain.key.pem");
-	const csrPath = join(workDir, "domain.csr.pem");
-	try {
-		execFileSync("openssl", [
-			"ecparam",
-			"-name",
-			"prime256v1",
-			"-genkey",
-			"-noout",
-			"-out",
-			keyPath
-		], { stdio: "ignore" });
-		execFileSync("openssl", [
-			"req",
-			"-new",
-			"-key",
-			keyPath,
-			"-out",
-			csrPath,
-			"-subj",
-			`/CN=${domain}`
-		], { stdio: "ignore" });
-		const keyPem = readFileSync(keyPath, "utf8");
-		const match = readFileSync(csrPath, "utf8").match(/-----BEGIN CERTIFICATE REQUEST-----[\s\S]+?-----END CERTIFICATE REQUEST-----/);
-		if (!match) throw new Error("Failed to parse CSR PEM");
-		return {
-			csrDer: Buffer.from(match[0].replace(/-----(BEGIN|END) CERTIFICATE REQUEST-----/g, "").replace(/\s+/g, ""), "base64"),
-			keyPem
-		};
-	} finally {
-		rmSync(workDir, {
-			recursive: true,
-			force: true
-		});
-	}
-}
-//#endregion
-export { generateDomainCsr };
-//# sourceMappingURL=acme-csr.js.map

package/dist/src/tunnel/acme-csr.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"acme-csr.js","names":[],"sources":["../../../src/tunnel/acme-csr.ts"],"sourcesContent":["import { execFileSync } from 'node:child_process';\nimport { mkdtempSync, readFileSync, rmSync } from 'node:fs';\nimport { tmpdir } from 'node:os';\nimport { join } from 'node:path';\n\n/** Generate EC P-256 CSR + private key PEM via openssl (no extra npm deps). */\nexport function generateDomainCsr(domain: string): { csrDer: Buffer; keyPem: string } {\n const workDir = mkdtempSync(join(tmpdir(), 'xopc-acme-csr-'));\n const keyPath = join(workDir, 'domain.key.pem');\n const csrPath = join(workDir, 'domain.csr.pem');\n try {\n // Two-step CSR: avoid OpenSSL `-newkey ec` embedding explicit EC parameters (LE rejects those).\n execFileSync(\n 'openssl',\n ['ecparam', '-name', 'prime256v1', '-genkey', '-noout', '-out', keyPath],\n { stdio: 'ignore' },\n );\n execFileSync(\n 'openssl',\n ['req', '-new', '-key', keyPath, '-out', csrPath, '-subj', `/CN=${domain}`],\n { stdio: 'ignore' },\n );\n const keyPem = readFileSync(keyPath, 'utf8');\n const csrPem = readFileSync(csrPath, 'utf8');\n const match = csrPem.match(/-----BEGIN CERTIFICATE REQUEST-----[\\s\\S]+?-----END CERTIFICATE REQUEST-----/);\n if (!match) throw new Error('Failed to parse CSR PEM');\n const der = Buffer.from(\n match[0].replace(/-----(BEGIN|END) CERTIFICATE REQUEST-----/g, '').replace(/\\s+/g, ''),\n 'base64',\n );\n return { csrDer: der, keyPem };\n } finally {\n rmSync(workDir, { recursive: true, force: true });\n }\n}\n"],"mappings":";;;;;;AAMA,SAAgB,kBAAkB,QAAoD;CACpF,MAAM,UAAU,YAAY,KAAK,QAAQ,EAAE,iBAAiB,CAAC;CAC7D,MAAM,UAAU,KAAK,SAAS,iBAAiB;CAC/C,MAAM,UAAU,KAAK,SAAS,iBAAiB;AAC/C,KAAI;AAEF,eACE,WACA;GAAC;GAAW;GAAS;GAAc;GAAW;GAAU;GAAQ;GAAQ,EACxE,EAAE,OAAO,UAAU,CACpB;AACD,eACE,WACA;GAAC;GAAO;GAAQ;GAAQ;GAAS;GAAQ;GAAS;GAAS,OAAO;GAAS,EAC3E,EAAE,OAAO,UAAU,CACpB;EACD,MAAM,SAAS,aAAa,SAAS,OAAO;EAE5C,MAAM,QADS,aAAa,SAAS,OACjB,CAAC,MAAM,+EAA+E;AAC1G,MAAI,CAAC,MAAO,OAAM,IAAI,MAAM,0BAA0B;AAKtD,SAAO;GAAE,QAJG,OAAO,KACjB,MAAM,GAAG,QAAQ,8CAA8C,GAAG,CAAC,QAAQ,QAAQ,GAAG,EACtF,SAEkB;GAAE;GAAQ;WACtB;AACR,SAAO,SAAS;GAAE,WAAW;GAAM,OAAO;GAAM,CAAC"}

package/dist/src/tunnel/tls-server.d.ts DELETED Viewed

@@ -1,14 +0,0 @@
-import { type Server } from 'node:https';
-import { type StoredCert } from './acme-cert-store.js';
-import type { AcmeConfig } from './acme-client.js';
-export type TunnelTlsServerConfig = {
-    tlsPort: number;
-    gatewayPort: number;
-    acmeConfig: AcmeConfig;
-    fetch?: typeof fetch;
-};
-export declare function startTunnelTlsServer(config: TunnelTlsServerConfig): Promise<Server>;
-export declare function stopTunnelTlsServer(): void;
-export declare function getActiveTlsCert(): StoredCert | null;
-/** @internal */
-export declare function resetTunnelTlsServerForTests(): void;

package/dist/src/tunnel/tls-server.js DELETED Viewed

@@ -1,126 +0,0 @@
-import { createLogger } from "../utils/logger/index.js";
-import { init_logger } from "../utils/logger.js";
-import { ensureValidCert, loadStoredCert, startRenewalScheduler, stopRenewalScheduler } from "./acme-cert-store.js";
-import { Readable } from "node:stream";
-import { createServer } from "node:https";
-//#region src/tunnel/tls-server.ts
-init_logger();
-const log = createLogger("TunnelTLS");
-let httpsNodeServer = null;
-function resolveTlsFetch(gatewayPort, customFetch) {
-	if (customFetch) return (req) => customFetch(req);
-	return async (req) => {
-		const url = new URL(req.url);
-		url.protocol = "http:";
-		url.hostname = "127.0.0.1";
-		url.port = String(gatewayPort);
-		return fetch(url, {
-			method: req.method,
-			headers: req.headers,
-			body: req.body,
-			redirect: "manual",
-			duplex: "half"
-		});
-	};
-}
-async function nodeRequestToFetch(req, tlsPort) {
-	const url = new URL(req.url ?? "/", `https://127.0.0.1:${tlsPort}`);
-	const headers = new Headers();
-	for (const [key, value] of Object.entries(req.headers)) {
-		if (value === void 0) continue;
-		if (Array.isArray(value)) for (const part of value) headers.append(key, part);
-		else headers.set(key, value);
-	}
-	const hasBody = req.method !== "GET" && req.method !== "HEAD";
-	const init = {
-		method: req.method,
-		headers
-	};
-	if (hasBody) {
-		init.body = Readable.toWeb(req);
-		init.duplex = "half";
-	}
-	return new Request(url, init);
-}
-async function sendFetchResponse(res, response) {
-	res.writeHead(response.status, Object.fromEntries(response.headers.entries()));
-	if (response.body) {
-		const reader = response.body.getReader();
-		while (true) {
-			const { done, value } = await reader.read();
-			if (done) break;
-			res.write(value);
-		}
-	}
-	res.end();
-}
-async function startTunnelTlsServer(config) {
-	if (httpsNodeServer) return httpsNodeServer;
-	const cert = await ensureValidCert(config.acmeConfig);
-	const handler = resolveTlsFetch(config.gatewayPort, config.fetch);
-	httpsNodeServer = createServer({
-		key: cert.keyPem,
-		cert: cert.certPem,
-		minVersion: "TLSv1.2"
-	}, (req, res) => {
-		(async () => {
-			try {
-				await sendFetchResponse(res, await handler(await nodeRequestToFetch(req, config.tlsPort)));
-			} catch (err) {
-				log.warn({
-					err,
-					phase: "tls_proxy"
-				}, "TLS proxy request failed");
-				if (!res.headersSent) res.writeHead(502);
-				res.end("Bad Gateway");
-			}
-		})();
-	});
-	await new Promise((resolve, reject) => {
-		httpsNodeServer.once("error", reject);
-		httpsNodeServer.listen(config.tlsPort, "127.0.0.1", () => resolve());
-	}).catch((err) => {
-		httpsNodeServer?.close();
-		httpsNodeServer = null;
-		if ((err instanceof Error ? err.message : String(err)).includes("EADDRINUSE")) throw new Error(`Tunnel TLS port ${config.tlsPort} is already in use. Stop other xopc tunnel instances or set tunnel.e2e.tlsPort (try ${config.gatewayPort + 1} for gateway port ${config.gatewayPort}).`);
-		throw err;
-	});
-	log.info({
-		port: config.tlsPort,
-		domain: cert.domain,
-		expiresAt: cert.expiresAt
-	}, "Tunnel TLS server listening (Let's Encrypt cert)");
-	startRenewalScheduler(config.acmeConfig, () => reloadTlsCert());
-	return httpsNodeServer;
-}
-function reloadTlsCert() {
-	const cert = loadStoredCert();
-	if (!cert || !httpsNodeServer) return;
-	httpsNodeServer.setSecureContext({
-		key: cert.keyPem,
-		cert: cert.certPem
-	});
-	log.info({
-		domain: cert.domain,
-		expiresAt: cert.expiresAt
-	}, "TLS cert hot-reloaded");
-}
-function stopTunnelTlsServer() {
-	stopRenewalScheduler();
-	if (httpsNodeServer) {
-		httpsNodeServer.close();
-		httpsNodeServer = null;
-		log.info("TLS server stopped");
-	}
-}
-function getActiveTlsCert() {
-	return loadStoredCert();
-}
-/** @internal */
-function resetTunnelTlsServerForTests() {
-	stopTunnelTlsServer();
-}
-//#endregion
-export { getActiveTlsCert, resetTunnelTlsServerForTests, startTunnelTlsServer, stopTunnelTlsServer };
-//# sourceMappingURL=tls-server.js.map

package/dist/src/tunnel/tls-server.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"tls-server.js","names":["createHttpsServer"],"sources":["../../../src/tunnel/tls-server.ts"],"sourcesContent":["import { createServer as createHttpsServer, type Server } from 'node:https';\nimport { Readable } from 'node:stream';\n\nimport { createLogger } from '../utils/logger.js';\nimport {\n ensureValidCert,\n loadStoredCert,\n startRenewalScheduler,\n stopRenewalScheduler,\n type StoredCert,\n} from './acme-cert-store.js';\nimport type { AcmeConfig } from './acme-client.js';\n\nconst log = createLogger('TunnelTLS');\n\nlet httpsNodeServer: Server | null = null;\n\nexport type TunnelTlsServerConfig = {\n tlsPort: number;\n gatewayPort: number;\n acmeConfig: AcmeConfig;\n fetch?: typeof fetch;\n};\n\nfunction resolveTlsFetch(\n gatewayPort: number,\n customFetch?: typeof fetch,\n): (req: Request) => Response | Promise<Response> {\n if (customFetch) {\n return (req: Request) => customFetch(req);\n }\n return async (req: Request) => {\n const url = new URL(req.url);\n url.protocol = 'http:';\n url.hostname = '127.0.0.1';\n url.port = String(gatewayPort);\n return fetch(url, {\n method: req.method,\n headers: req.headers,\n body: req.body,\n redirect: 'manual',\n duplex: 'half',\n } as RequestInit);\n };\n}\n\nasync function nodeRequestToFetch(req: import('node:http').IncomingMessage, tlsPort: number): Promise<Request> {\n const url = new URL(req.url ?? '/', `https://127.0.0.1:${tlsPort}`);\n const headers = new Headers();\n for (const [key, value] of Object.entries(req.headers)) {\n if (value === undefined) continue;\n if (Array.isArray(value)) {\n for (const part of value) headers.append(key, part);\n } else {\n headers.set(key, value);\n }\n }\n\n const hasBody = req.method !== 'GET' && req.method !== 'HEAD';\n const init: RequestInit = {\n method: req.method,\n headers,\n };\n if (hasBody) {\n init.body = Readable.toWeb(req) as RequestInit['body'];\n (init as RequestInit & { duplex?: 'half' }).duplex = 'half';\n }\n return new Request(url, init);\n}\n\nasync function sendFetchResponse(res: import('node:http').ServerResponse, response: Response): Promise<void> {\n res.writeHead(response.status, Object.fromEntries(response.headers.entries()));\n if (response.body) {\n const reader = response.body.getReader();\n while (true) {\n const { done, value } = await reader.read();\n if (done) break;\n res.write(value);\n }\n }\n res.end();\n}\n\nexport async function startTunnelTlsServer(config: TunnelTlsServerConfig): Promise<Server> {\n if (httpsNodeServer) return httpsNodeServer;\n\n const cert = await ensureValidCert(config.acmeConfig);\n const handler = resolveTlsFetch(config.gatewayPort, config.fetch);\n\n httpsNodeServer = createHttpsServer(\n {\n key: cert.keyPem,\n cert: cert.certPem,\n minVersion: 'TLSv1.2',\n },\n (req, res) => {\n void (async () => {\n try {\n const request = await nodeRequestToFetch(req, config.tlsPort);\n const response = await handler(request);\n await sendFetchResponse(res, response);\n } catch (err) {\n log.warn({ err, phase: 'tls_proxy' }, 'TLS proxy request failed');\n if (!res.headersSent) res.writeHead(502);\n res.end('Bad Gateway');\n }\n })();\n },\n );\n\n await new Promise<void>((resolve, reject) => {\n httpsNodeServer!.once('error', reject);\n httpsNodeServer!.listen(config.tlsPort, '127.0.0.1', () => resolve());\n }).catch((err: unknown) => {\n httpsNodeServer?.close();\n httpsNodeServer = null;\n const em = err instanceof Error ? err.message : String(err);\n if (em.includes('EADDRINUSE')) {\n throw new Error(\n `Tunnel TLS port ${config.tlsPort} is already in use. ` +\n `Stop other xopc tunnel instances or set tunnel.e2e.tlsPort (try ${config.gatewayPort + 1} for gateway port ${config.gatewayPort}).`,\n );\n }\n throw err;\n });\n\n log.info(\n { port: config.tlsPort, domain: cert.domain, expiresAt: cert.expiresAt },\n \"Tunnel TLS server listening (Let's Encrypt cert)\",\n );\n\n startRenewalScheduler(config.acmeConfig, () => reloadTlsCert());\n\n return httpsNodeServer;\n}\n\nfunction reloadTlsCert(): void {\n const cert = loadStoredCert();\n if (!cert || !httpsNodeServer) return;\n httpsNodeServer.setSecureContext({ key: cert.keyPem, cert: cert.certPem });\n log.info({ domain: cert.domain, expiresAt: cert.expiresAt }, 'TLS cert hot-reloaded');\n}\n\nexport function stopTunnelTlsServer(): void {\n stopRenewalScheduler();\n if (httpsNodeServer) {\n httpsNodeServer.close();\n httpsNodeServer = null;\n log.info('TLS server stopped');\n }\n}\n\nexport function getActiveTlsCert(): StoredCert | null {\n return loadStoredCert();\n}\n\n/** @internal */\nexport function resetTunnelTlsServerForTests(): void {\n stopTunnelTlsServer();\n}\n"],"mappings":";;;;;;aAGkD;AAUlD,MAAM,MAAM,aAAa,YAAY;AAErC,IAAI,kBAAiC;AASrC,SAAS,gBACP,aACA,aACgD;AAChD,KAAI,YACF,SAAQ,QAAiB,YAAY,IAAI;AAE3C,QAAO,OAAO,QAAiB;EAC7B,MAAM,MAAM,IAAI,IAAI,IAAI,IAAI;AAC5B,MAAI,WAAW;AACf,MAAI,WAAW;AACf,MAAI,OAAO,OAAO,YAAY;AAC9B,SAAO,MAAM,KAAK;GAChB,QAAQ,IAAI;GACZ,SAAS,IAAI;GACb,MAAM,IAAI;GACV,UAAU;GACV,QAAQ;GACT,CAAgB;;;AAIrB,eAAe,mBAAmB,KAA0C,SAAmC;CAC7G,MAAM,MAAM,IAAI,IAAI,IAAI,OAAO,KAAK,qBAAqB,UAAU;CACnE,MAAM,UAAU,IAAI,SAAS;AAC7B,MAAK,MAAM,CAAC,KAAK,UAAU,OAAO,QAAQ,IAAI,QAAQ,EAAE;AACtD,MAAI,UAAU,KAAA,EAAW;AACzB,MAAI,MAAM,QAAQ,MAAM,CACtB,MAAK,MAAM,QAAQ,MAAO,SAAQ,OAAO,KAAK,KAAK;MAEnD,SAAQ,IAAI,KAAK,MAAM;;CAI3B,MAAM,UAAU,IAAI,WAAW,SAAS,IAAI,WAAW;CACvD,MAAM,OAAoB;EACxB,QAAQ,IAAI;EACZ;EACD;AACD,KAAI,SAAS;AACX,OAAK,OAAO,SAAS,MAAM,IAAI;AAC9B,OAA2C,SAAS;;AAEvD,QAAO,IAAI,QAAQ,KAAK,KAAK;;AAG/B,eAAe,kBAAkB,KAAyC,UAAmC;AAC3G,KAAI,UAAU,SAAS,QAAQ,OAAO,YAAY,SAAS,QAAQ,SAAS,CAAC,CAAC;AAC9E,KAAI,SAAS,MAAM;EACjB,MAAM,SAAS,SAAS,KAAK,WAAW;AACxC,SAAO,MAAM;GACX,MAAM,EAAE,MAAM,UAAU,MAAM,OAAO,MAAM;AAC3C,OAAI,KAAM;AACV,OAAI,MAAM,MAAM;;;AAGpB,KAAI,KAAK;;AAGX,eAAsB,qBAAqB,QAAgD;AACzF,KAAI,gBAAiB,QAAO;CAE5B,MAAM,OAAO,MAAM,gBAAgB,OAAO,WAAW;CACrD,MAAM,UAAU,gBAAgB,OAAO,aAAa,OAAO,MAAM;AAEjE,mBAAkBA,aAChB;EACE,KAAK,KAAK;EACV,MAAM,KAAK;EACX,YAAY;EACb,GACA,KAAK,QAAQ;AACZ,GAAM,YAAY;AAChB,OAAI;AAGF,UAAM,kBAAkB,KAAK,MADN,QAAQ,MADT,mBAAmB,KAAK,OAAO,QAAQ,CACtB,CACD;YAC/B,KAAK;AACZ,QAAI,KAAK;KAAE;KAAK,OAAO;KAAa,EAAE,2BAA2B;AACjE,QAAI,CAAC,IAAI,YAAa,KAAI,UAAU,IAAI;AACxC,QAAI,IAAI,cAAc;;MAEtB;GAEP;AAED,OAAM,IAAI,SAAe,SAAS,WAAW;AAC3C,kBAAiB,KAAK,SAAS,OAAO;AACtC,kBAAiB,OAAO,OAAO,SAAS,mBAAmB,SAAS,CAAC;GACrE,CAAC,OAAO,QAAiB;AACzB,mBAAiB,OAAO;AACxB,oBAAkB;AAElB,OADW,eAAe,QAAQ,IAAI,UAAU,OAAO,IAAI,EACpD,SAAS,aAAa,CAC3B,OAAM,IAAI,MACR,mBAAmB,OAAO,QAAQ,sFACmC,OAAO,cAAc,EAAE,oBAAoB,OAAO,YAAY,IACpI;AAEH,QAAM;GACN;AAEF,KAAI,KACF;EAAE,MAAM,OAAO;EAAS,QAAQ,KAAK;EAAQ,WAAW,KAAK;EAAW,EACxE,mDACD;AAED,uBAAsB,OAAO,kBAAkB,eAAe,CAAC;AAE/D,QAAO;;AAGT,SAAS,gBAAsB;CAC7B,MAAM,OAAO,gBAAgB;AAC7B,KAAI,CAAC,QAAQ,CAAC,gBAAiB;AAC/B,iBAAgB,iBAAiB;EAAE,KAAK,KAAK;EAAQ,MAAM,KAAK;EAAS,CAAC;AAC1E,KAAI,KAAK;EAAE,QAAQ,KAAK;EAAQ,WAAW,KAAK;EAAW,EAAE,wBAAwB;;AAGvF,SAAgB,sBAA4B;AAC1C,uBAAsB;AACtB,KAAI,iBAAiB;AACnB,kBAAgB,OAAO;AACvB,oBAAkB;AAClB,MAAI,KAAK,qBAAqB;;;AAIlC,SAAgB,mBAAsC;AACpD,QAAO,gBAAgB;;;AAIzB,SAAgB,+BAAqC;AACnD,sBAAqB"}

package/dist/src/tunnel/tunnel-e2e-config.d.ts DELETED Viewed

@@ -1,11 +0,0 @@
-import type { TunnelConfig } from '../config/schema.js';
-export type ResolvedTunnelE2eConfig = {
-    enabled: boolean;
-    tlsPort: number;
-    staging: boolean;
-};
-/** Historical schema default — not suitable when gateway.port ≠ 18790 (e.g. Electron 28790). */
-export declare const LEGACY_DEFAULT_TUNNEL_TLS_PORT = 18791;
-export declare function resolveTunnelTlsPort(e2eTlsPort: number | undefined, gatewayPort: number): number;
-export declare function resolveTunnelE2eConfig(tunnel?: TunnelConfig, gatewayPort?: number): ResolvedTunnelE2eConfig;
-export declare function resolveFrpSubdomainHost(brokerUrl: string, override?: string): string;

package/dist/src/tunnel/tunnel-e2e-config.js DELETED Viewed

@@ -1,29 +0,0 @@
-//#region src/tunnel/tunnel-e2e-config.ts
-/** Historical schema default — not suitable when gateway.port ≠ 18790 (e.g. Electron 28790). */
-const LEGACY_DEFAULT_TUNNEL_TLS_PORT = 18791;
-function resolveTunnelTlsPort(e2eTlsPort, gatewayPort) {
-	if (e2eTlsPort === void 0) return gatewayPort + 1;
-	if (e2eTlsPort === 18791 && gatewayPort !== 18790) return gatewayPort + 1;
-	return e2eTlsPort;
-}
-function resolveTunnelE2eConfig(tunnel, gatewayPort = 18790) {
-	const e2e = tunnel?.e2e;
-	return {
-		enabled: e2e?.enabled ?? true,
-		tlsPort: resolveTunnelTlsPort(e2e?.tlsPort, gatewayPort),
-		staging: e2e?.staging ?? false
-	};
-}
-function resolveFrpSubdomainHost(brokerUrl, override) {
-	if (override?.trim()) return override.trim();
-	try {
-		const host = new URL(brokerUrl.replace(/\/api\/?$/, "")).hostname;
-		if (host === "frp.xopc.ai" || host.endsWith(".frp.xopc.ai")) return "frp.xopc.ai";
-		if (host.includes(".")) return host;
-	} catch {}
-	return "frp.xopc.ai";
-}
-//#endregion
-export { LEGACY_DEFAULT_TUNNEL_TLS_PORT, resolveFrpSubdomainHost, resolveTunnelE2eConfig, resolveTunnelTlsPort };
-//# sourceMappingURL=tunnel-e2e-config.js.map

package/dist/src/tunnel/tunnel-e2e-config.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"tunnel-e2e-config.js","names":[],"sources":["../../../src/tunnel/tunnel-e2e-config.ts"],"sourcesContent":["import type { TunnelConfig } from '../config/schema.js';\n\nexport type ResolvedTunnelE2eConfig = {\n enabled: boolean;\n tlsPort: number;\n staging: boolean;\n};\n\n/** Historical schema default — not suitable when gateway.port ≠ 18790 (e.g. Electron 28790). */\nexport const LEGACY_DEFAULT_TUNNEL_TLS_PORT = 18791;\n\nexport function resolveTunnelTlsPort(e2eTlsPort: number | undefined, gatewayPort: number): number {\n if (e2eTlsPort === undefined) {\n return gatewayPort + 1;\n }\n if (e2eTlsPort === LEGACY_DEFAULT_TUNNEL_TLS_PORT && gatewayPort !== 18790) {\n return gatewayPort + 1;\n }\n return e2eTlsPort;\n}\n\nexport function resolveTunnelE2eConfig(\n tunnel?: TunnelConfig,\n gatewayPort = 18790,\n): ResolvedTunnelE2eConfig {\n const e2e = tunnel?.e2e;\n return {\n enabled: e2e?.enabled ?? true,\n tlsPort: resolveTunnelTlsPort(e2e?.tlsPort, gatewayPort),\n staging: e2e?.staging ?? false,\n };\n}\n\nexport function resolveFrpSubdomainHost(brokerUrl: string, override?: string): string {\n if (override?.trim()) return override.trim();\n try {\n const host = new URL(brokerUrl.replace(/\\/api\\/?$/, '')).hostname;\n if (host === 'frp.xopc.ai' || host.endsWith('.frp.xopc.ai')) return 'frp.xopc.ai';\n if (host.includes('.')) return host;\n } catch {\n /* fall through */\n }\n return 'frp.xopc.ai';\n}\n"],"mappings":";;AASA,MAAa,iCAAiC;AAE9C,SAAgB,qBAAqB,YAAgC,aAA6B;AAChG,KAAI,eAAe,KAAA,EACjB,QAAO,cAAc;AAEvB,KAAI,eAAA,SAAiD,gBAAgB,MACnE,QAAO,cAAc;AAEvB,QAAO;;AAGT,SAAgB,uBACd,QACA,cAAc,OACW;CACzB,MAAM,MAAM,QAAQ;AACpB,QAAO;EACL,SAAS,KAAK,WAAW;EACzB,SAAS,qBAAqB,KAAK,SAAS,YAAY;EACxD,SAAS,KAAK,WAAW;EAC1B;;AAGH,SAAgB,wBAAwB,WAAmB,UAA2B;AACpF,KAAI,UAAU,MAAM,CAAE,QAAO,SAAS,MAAM;AAC5C,KAAI;EACF,MAAM,OAAO,IAAI,IAAI,UAAU,QAAQ,aAAa,GAAG,CAAC,CAAC;AACzD,MAAI,SAAS,iBAAiB,KAAK,SAAS,eAAe,CAAE,QAAO;AACpE,MAAI,KAAK,SAAS,IAAI,CAAE,QAAO;SACzB;AAGR,QAAO"}