@xopcai/xopc 0.0.81 → 0.0.82

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. package/dist/browser-ext/manifest.json +1 -1
  2. package/dist/extensions/telegram/xopc.extension.json +1 -1
  3. package/dist/gateway/static/root/assets/{agents-DOONGaKz.js → agents-Cqh1ts38.js} +1 -1
  4. package/dist/gateway/static/root/assets/{apps-page-Ci17oA_o.js → apps-page-pJ27dsqn.js} +1 -1
  5. package/dist/gateway/static/root/assets/{channels-settings-CARdL-ys.js → channels-settings-wTiWStg9.js} +1 -1
  6. package/dist/gateway/static/root/assets/{channels-status-swr-CUU3faST.js → channels-status-swr-D1KYmOmi.js} +1 -1
  7. package/dist/gateway/static/root/assets/{cron-api-BVQ2n75R.js → cron-api-Y2wfSJVI.js} +1 -1
  8. package/dist/gateway/static/root/assets/{cron-page-x582Y6D5.js → cron-page-B97KU_RG.js} +1 -1
  9. package/dist/gateway/static/root/assets/{dist-XT96cQdR.js → dist-CboA_Css.js} +1 -1
  10. package/dist/gateway/static/root/assets/{extension-debug-page-Czzfrtt5.js → extension-debug-page-DN_zNmpo.js} +1 -1
  11. package/dist/gateway/static/root/assets/{extension-page-B_c5UIqX.js → extension-page-BUXtOzv5.js} +1 -1
  12. package/dist/gateway/static/root/assets/{extension-settings-page-Ckvjgw0_.js → extension-settings-page-C2dX4KCW.js} +1 -1
  13. package/dist/gateway/static/root/assets/{field-primitives-DQpT8iVa.js → field-primitives-B9rOLqdm.js} +1 -1
  14. package/dist/gateway/static/root/assets/{heartbeat-config-api-DKqOuQ0V.js → heartbeat-config-api-DvfiRVrc.js} +1 -1
  15. package/dist/gateway/static/root/assets/{index-Bq3Lg4bG.js → index-DQuaMye9.js} +79 -79
  16. package/dist/gateway/static/root/assets/{logs-page-B3CwJNBq.js → logs-page-BQuBpHcc.js} +1 -1
  17. package/dist/gateway/static/root/assets/{sessions-page-BCNnhz9g.js → sessions-page-BeiFm0Ms.js} +1 -1
  18. package/dist/gateway/static/root/assets/{settings-form-section-CjjEpVYM.js → settings-form-section-2Yu-FASs.js} +1 -1
  19. package/dist/gateway/static/root/assets/{settings-page-B7_PjiHL.js → settings-page-RPAz_Wg_.js} +1 -1
  20. package/dist/gateway/static/root/assets/{skills-page-VrL9TeVF.js → skills-page-Wu4aNWDx.js} +1 -1
  21. package/dist/gateway/static/root/assets/{utils-DQehHvlm.js → utils-D2Gn2qod.js} +1 -1
  22. package/dist/gateway/static/root/assets/{voice-api-key-field-k4FWwgkk.js → voice-api-key-field-BxIGhhEL.js} +1 -1
  23. package/dist/gateway/static/root/index.html +1 -1
  24. package/dist/package.js +1 -1
  25. package/dist/src/agent/service/process-direct-streaming.js +12 -0
  26. package/dist/src/agent/service/process-direct-streaming.js.map +1 -1
  27. package/dist/src/gateway/hono/app.js +62 -11
  28. package/dist/src/gateway/hono/app.js.map +1 -1
  29. package/dist/src/gateway/hono/middleware/auth.js +27 -3
  30. package/dist/src/gateway/hono/middleware/auth.js.map +1 -1
  31. package/dist/src/gateway/hono/middleware/logger.d.ts +5 -1
  32. package/dist/src/gateway/hono/middleware/logger.js +41 -5
  33. package/dist/src/gateway/hono/middleware/logger.js.map +1 -1
  34. package/dist/src/gateway/hono/routes/exposure.js +2 -1
  35. package/dist/src/gateway/hono/routes/exposure.js.map +1 -1
  36. package/dist/src/gateway/hono/sse.d.ts +1 -0
  37. package/dist/src/gateway/hono/sse.js +1 -0
  38. package/dist/src/gateway/hono/sse.js.map +1 -1
  39. package/dist/src/gateway/service.js +1 -1
  40. package/dist/src/share/share-rate-limit.js +23 -2
  41. package/dist/src/share/share-rate-limit.js.map +1 -1
  42. package/dist/src/tunnel/tunnel-rate-limit.js +13 -1
  43. package/dist/src/tunnel/tunnel-rate-limit.js.map +1 -1
  44. package/package.json +1 -1
package/dist/src/gateway/hono/app.js CHANGED
@@ -2,7 +2,9 @@ import { createLogger } from "../../utils/logger/index.js";
2
2
  import { init_logger } from "../../utils/logger.js";
3
3
  import { resolveAllowedBrowserOrigins, resolveGatewayServiceListenPort } from "../host.js";
4
4
  import { resolveGatewayEffectiveHost } from "../../config/gateway-bind.js";
5
+ import { getClientIpFromHeaders } from "../auth-rate-limit.js";
5
6
  import { maxWebchatAgentRequestBodyBytes } from "../chat-limits.js";
7
+ import { resolveClientIpFromRequest } from "../client-ip.js";
6
8
  import { loadTunnelState } from "../../tunnel/tunnel-state.js";
7
9
  import { createFixedWindowRateLimiter } from "../../infra/rate-limit.js";
8
10
  import { buildGatewayConsoleCspHeader } from "../security/csp.js";
@@ -20,6 +22,7 @@ import { Hono } from "hono";
20
22
  import { cors } from "hono/cors";
21
23
  import { createMiddleware } from "hono/factory";
22
24
  import { bodyLimit } from "hono/body-limit";
25
+ import { getConnInfo } from "@hono/node-server/conninfo";
23
26
  //#region src/gateway/hono/app.ts
24
27
  init_logger();
25
28
  const log = createLogger("HonoApp");
@@ -43,7 +46,10 @@ function createHonoApp(config) {
43
46
  tunnelPublicUrl: loadTunnelState()?.publicUrl
44
47
  });
45
48
  app.use(logContextMiddleware());
46
- app.use(logger());
49
+ app.use(logger({
50
+ trustedProxies: service.currentConfig.gateway?.trustedProxies,
51
+ allowRealIpFallback: service.currentConfig.gateway?.allowRealIpFallback === true
52
+ }));
47
53
  app.use(cors({
48
54
  origin: (origin) => {
49
55
  const allowed = resolveBrowserOrigins();
@@ -95,9 +101,11 @@ function createHonoApp(config) {
95
101
  if (!result.ok) {
96
102
  log.warn({
97
103
  origin,
104
+ requestHost: c.req.header("host"),
98
105
  reason: "reason" in result ? result.reason : "unknown",
99
- path: c.req.path
100
- }, "Browser origin check failed");
106
+ path: c.req.path,
107
+ method: c.req.method
108
+ }, `Browser origin check failed: ${origin} not in allowed list`);
101
109
  return c.json({
102
110
  error: "Forbidden",
103
111
  message: "Origin not allowed"
@@ -108,6 +116,10 @@ function createHonoApp(config) {
108
116
  app.use("/api/skills/upload", bodyLimit({
109
117
  maxSize: 10 * 1024 * 1024,
110
118
  onError: (c) => {
119
+ log.warn({
120
+ path: c.req.path,
121
+ maxSizeMb: 10
122
+ }, "Request body too large: skills upload exceeds 10MB limit");
111
123
  return c.json({
112
124
  error: "Skill package too large",
113
125
  maxSize: "10MB"
@@ -121,10 +133,16 @@ function createHonoApp(config) {
121
133
  const maxSizeMb = Math.ceil(maxSize / (1024 * 1024));
122
134
  return bodyLimit({
123
135
  maxSize,
124
- onError: (ctx) => ctx.json({
125
- error: "Request body too large",
126
- maxSize: `${maxSizeMb}MB`
127
- }, 413)
136
+ onError: (ctx) => {
137
+ log.warn({
138
+ path: ctx.req.path,
139
+ maxSizeMb
140
+ }, `Request body too large: exceeds ${maxSizeMb}MB limit`);
141
+ return ctx.json({
142
+ error: "Request body too large",
143
+ maxSize: `${maxSizeMb}MB`
144
+ }, 413);
145
+ }
128
146
  })(c, next);
129
147
  });
130
148
  registerPublicGatewayRoutes(app, service);
@@ -155,7 +173,20 @@ function createHonoApp(config) {
155
173
  registerAuthenticatedRoutes(app, authenticated, {
156
174
  service,
157
175
  strictRateLimitMiddleware: createMiddleware(async (c, next) => {
158
- const clientIp = c.req.header("x-forwarded-for")?.split(",")[0]?.trim() ?? c.req.header("x-real-ip") ?? "unknown";
176
+ const trustedProxies = service.currentConfig.gateway?.trustedProxies;
177
+ const allowRealIpFallback = service.currentConfig.gateway?.allowRealIpFallback === true;
178
+ let remoteAddress;
179
+ try {
180
+ remoteAddress = getConnInfo(c).remote.address;
181
+ } catch {
182
+ remoteAddress = void 0;
183
+ }
184
+ const clientIp = trustedProxies?.length ? resolveClientIpFromRequest({
185
+ remoteAddress,
186
+ getHeader: (name) => c.req.header(name),
187
+ trustedProxies,
188
+ allowRealIpFallback
189
+ }) : getClientIpFromHeaders({ get: (name) => c.req.header(name) ?? void 0 });
159
190
  let limiter = strictRateLimiter.get(clientIp);
160
191
  if (!limiter) {
161
192
  limiter = createFixedWindowRateLimiter({
@@ -168,11 +199,19 @@ function createHonoApp(config) {
168
199
  if (!result.allowed) {
169
200
  log.warn({
170
201
  clientIp,
171
- retryAfterMs: result.retryAfterMs
172
- }, "Rate limit exceeded");
202
+ path: c.req.path,
203
+ method: c.req.method,
204
+ limit: STRICT_RATE_LIMIT_MAX,
205
+ windowSec: Math.round(STRICT_RATE_LIMIT_WINDOW_MS / 1e3),
206
+ retryAfterSec: Math.ceil(result.retryAfterMs / 1e3),
207
+ reason: "api_rate_limit_exceeded"
208
+ }, `API rate limit exceeded: ${STRICT_RATE_LIMIT_MAX} req/${STRICT_RATE_LIMIT_WINDOW_MS / 1e3}s limit for IP ${clientIp}`);
173
209
  c.header("Retry-After", String(Math.ceil(result.retryAfterMs / 1e3)));
210
+ c.header("X-RateLimit-Limit", String(STRICT_RATE_LIMIT_MAX));
211
+ c.header("X-RateLimit-Remaining", "0");
174
212
  return c.json({ error: "Too many requests" }, 429);
175
213
  }
214
+ c.header("X-RateLimit-Limit", String(STRICT_RATE_LIMIT_MAX));
176
215
  c.header("X-RateLimit-Remaining", String(result.remaining));
177
216
  await next();
178
217
  }),
@@ -188,10 +227,22 @@ function createHonoApp(config) {
188
227
  }, "Static UI cache prewarmed");
189
228
  app.route("/", authenticated);
190
229
  app.notFound((c) => {
230
+ const isApiRoute = c.req.path.startsWith("/api/");
231
+ const fields = {
232
+ path: c.req.path,
233
+ method: c.req.method
234
+ };
235
+ if (isApiRoute) log.warn(fields, "Route not found");
236
+ else log.debug(fields, "Route not found");
191
237
  return c.json({ error: "Not found" }, 404);
192
238
  });
193
239
  app.onError((err, c) => {
194
- log.error({ err }, "Hono error");
240
+ log.error({
241
+ err,
242
+ path: c.req.path,
243
+ method: c.req.method,
244
+ userAgent: c.req.header("user-agent")
245
+ }, `Hono error on ${c.req.method} ${c.req.path}: ${err instanceof Error ? err.message : String(err)}`);
195
246
  return c.json({ error: "Internal server error" }, 500);
196
247
  });
197
248
  return app;
package/dist/src/gateway/hono/app.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"app.js","names":[],"sources":["../../../../src/gateway/hono/app.ts"],"sourcesContent":["import { Hono } from 'hono';\nimport { cors } from 'hono/cors';\nimport { createMiddleware } from 'hono/factory';\nimport { bodyLimit } from 'hono/body-limit';\n\nimport { resolveGatewayEffectiveHost } from '../../config/gateway-bind.js';\nimport { createFixedWindowRateLimiter } from '../../infra/rate-limit.js';\nimport { createLogger } from '../../utils/logger.js';\nimport type { GatewayService } from '../service.js';\nimport { resolveAllowedBrowserOrigins, resolveGatewayServiceListenPort } from '../host.js';\nimport { loadTunnelState } from '../../tunnel/tunnel-state.js';\nimport { maxWebchatAgentRequestBodyBytes } from '../chat-limits.js';\nimport { buildGatewayConsoleCspHeader } from '../security/csp.js';\nimport { checkBrowserOrigin } from '../security/origin-check.js';\nimport { auth } from './middleware/auth.js';\nimport { operatorScopes } from './middleware/scopes.js';\nimport { logContextMiddleware } from './middleware/log-context.js';\nimport { logger } from './middleware/logger.js';\nimport { registerPublicExtensionAssetRoutes } from './routes/auth-registry-extensions.js';\nimport { registerAuthenticatedRoutes } from './routes/index.js';\nimport { registerPublicGatewayRoutes } from './routes/public-gateway.js';\nimport { resetLazyRouteBundlesForTests } from './routes/lazy-fallback.js';\nimport { prewarmStaticUiCache } from './lib/static-ui.js';\nconst log = createLogger('HonoApp');\n\nexport interface HonoAppConfig {\n service: GatewayService;\n token?: string;\n}\n\n/**\n * Extension sandbox HTML under `/api/extensions/:id/assets/*` ships its own CSP\n * (`frame-ancestors 'self'`). The global gateway middleware must not overwrite it\n * with `frame-ancestors 'none'` / `X-Frame-Options: DENY`, or the console cannot embed iframes.\n */\nexport function isExtensionGatewayUiAssetPath(path: string): boolean {\n return /^\\/api\\/extensions\\/[^/]+\\/assets\\//.test(path);\n}\n\nexport function createHonoApp(config: HonoAppConfig): Hono {\n if (process.env.VITEST) {\n resetLazyRouteBundlesForTests();\n }\n const { service, token } = config;\n const app = new Hono();\n\n const gatewayPort = resolveGatewayServiceListenPort(service);\n\n const resolveBrowserOrigins = (): string[] =>\n resolveAllowedBrowserOrigins({\n configuredOrigins: service.currentConfig.gateway.corsOrigins,\n port: gatewayPort,\n bindHost: resolveGatewayEffectiveHost(service.currentConfig),\n tunnelPublicUrl: loadTunnelState()?.publicUrl,\n });\n\n app.use(logContextMiddleware());\n app.use(logger());\n app.use(\n cors({\n origin: (origin) => {\n const allowed = resolveBrowserOrigins();\n if (!origin) {\n return allowed[0] ?? `http://127.0.0.1:${gatewayPort}`;\n }\n const normalized = origin.toLowerCase();\n const hit = allowed.find((entry) => entry.toLowerCase() === normalized);\n if (hit) return origin;\n return allowed.includes('*') ? '*' : '';\n },\n allowMethods: ['GET', 'POST', 'PATCH', 'DELETE', 'OPTIONS'],\n allowHeaders: ['Content-Type', 'Authorization', 'Accept', 'X-Session-Id', 'Last-Event-ID'],\n credentials: true,\n maxAge: 86400,\n }),\n );\n\n // Build CSP header once at startup (no inline script hashes needed for SPA)\n const gatewayConsoleCsp = buildGatewayConsoleCspHeader();\n\n // Security headers middleware\n app.use(createMiddleware(async (c, next) => {\n await next();\n if (isExtensionGatewayUiAssetPath(c.req.path)) {\n return;\n }\n c.header('X-Frame-Options', 'DENY');\n c.header('X-Content-Type-Options', 'nosniff');\n c.header('Referrer-Policy', 'strict-origin-when-cross-origin');\n c.header('X-XSS-Protection', '1; mode=block');\n // microphone=(self): allow same-origin chat voice (composer). microphone=() breaks packaged Electron loading the gateway SPA.\n c.header('Permissions-Policy', 'camera=(), microphone=(self), geolocation=()');\n c.header('Content-Security-Policy', gatewayConsoleCsp);\n }));\n\n // Browser Origin check middleware for API routes (CSRF protection).\n // Non-browser requests (no Origin header) pass through — they are\n // authenticated by the token middleware instead.\n const allowHostHeaderOriginFallback =\n service.currentConfig.gateway?.dangerouslyAllowHostHeaderOriginFallback === true;\n app.use('/api/*', createMiddleware(async (c, next) => {\n // Sandboxed extension iframes (no allow-same-origin) send `Origin: null`.\n // `checkBrowserOrigin` rejects that; these routes rely on CSP instead\n // (`registerPublicExtensionAssetRoutes`).\n if (isExtensionGatewayUiAssetPath(c.req.path)) {\n return next();\n }\n\n const origin = c.req.header('origin');\n if (!origin || origin.trim().toLowerCase() === 'null') {\n // Native apps / opaque origins — authenticated via Bearer token\n return next();\n }\n\n const result = checkBrowserOrigin({\n requestHost: c.req.header('host'),\n origin,\n allowedOrigins: resolveBrowserOrigins(),\n allowHostHeaderOriginFallback,\n isLocalClient: false,\n });\n\n if (!result.ok) {\n log.warn(\n { origin, reason: 'reason' in result ? result.reason : 'unknown', path: c.req.path },\n 'Browser origin check failed',\n );\n return c.json({ error: 'Forbidden', message: 'Origin not allowed' }, 403);\n }\n\n return next();\n }));\n\n app.use('/api/skills/upload', bodyLimit({\n maxSize: 10 * 1024 * 1024,\n onError: (c) => {\n return c.json({ error: 'Skill package too large', maxSize: '10MB' }, 413);\n },\n }));\n\n const DEFAULT_API_BODY_MAX = 1 * 1024 * 1024;\n const WEBCHAT_AGENT_BODY_MAX = maxWebchatAgentRequestBodyBytes();\n\n app.use('/api/*', async (c, next) => {\n const maxSize = c.req.path === '/api/agent' ? WEBCHAT_AGENT_BODY_MAX : DEFAULT_API_BODY_MAX;\n const maxSizeMb = Math.ceil(maxSize / (1024 * 1024));\n return bodyLimit({\n maxSize,\n onError: (ctx) =>\n ctx.json({ error: 'Request body too large', maxSize: `${maxSizeMb}MB` }, 413),\n })(c, next);\n });\n\n registerPublicGatewayRoutes(app, service);\n\n // Extension UI assets are served without auth: sandboxed iframes (no allow-same-origin)\n // have an opaque origin of `null` and cannot forward the ?token= from the parent HTML URL.\n // Security is enforced by the strict CSP (frame-ancestors 'self') on every response.\n registerPublicExtensionAssetRoutes(app, service);\n\n const authenticated = new Hono();\n authenticated.use(\n auth({\n token,\n getGatewayAuth: () => service.currentConfig.gateway?.auth,\n getResolvedAuth: () => {\n if (typeof service.getResolvedAuth === 'function') {\n return service.getResolvedAuth();\n }\n return token ? { mode: 'token', token } : { mode: 'none' };\n },\n getTrustedProxyContext: () => ({\n trustedProxies: service.currentConfig.gateway?.trustedProxies,\n allowRealIpFallback: service.currentConfig.gateway?.allowRealIpFallback === true,\n }),\n }),\n );\n authenticated.use(operatorScopes());\n\n const STRICT_RATE_LIMIT_MAX = 15;\n const STRICT_RATE_LIMIT_WINDOW_MS = 60_000;\n\n const strictRateLimiter = new Map<string, ReturnType<typeof createFixedWindowRateLimiter>>();\n\n const RATE_LIMIT_CLEANUP_INTERVAL = 5 * 60 * 1000;\n setInterval(() => {\n for (const [ip, limiter] of strictRateLimiter.entries()) {\n const result = limiter.consume();\n if (result.remaining === STRICT_RATE_LIMIT_MAX - 1) {\n strictRateLimiter.delete(ip);\n }\n }\n }, RATE_LIMIT_CLEANUP_INTERVAL);\n\n const strictRateLimitMiddleware = createMiddleware(async (c, next) => {\n const clientIp = c.req.header('x-forwarded-for')?.split(',')[0]?.trim()\n ?? c.req.header('x-real-ip')\n ?? 'unknown';\n\n let limiter = strictRateLimiter.get(clientIp);\n if (!limiter) {\n limiter = createFixedWindowRateLimiter({\n maxRequests: STRICT_RATE_LIMIT_MAX,\n windowMs: STRICT_RATE_LIMIT_WINDOW_MS,\n });\n strictRateLimiter.set(clientIp, limiter);\n }\n\n const result = limiter.consume();\n if (!result.allowed) {\n log.warn({ clientIp, retryAfterMs: result.retryAfterMs }, 'Rate limit exceeded');\n c.header('Retry-After', String(Math.ceil(result.retryAfterMs / 1000)));\n return c.json({ error: 'Too many requests' }, 429);\n }\n\n c.header('X-RateLimit-Remaining', String(result.remaining));\n await next();\n });\n\n const sseConfig = {\n service,\n maxSseConnections: service.currentConfig.gateway.maxSseConnections,\n };\n\n registerAuthenticatedRoutes(app, authenticated, {\n service,\n strictRateLimitMiddleware,\n sseConfig,\n });\n\n const prewarm = prewarmStaticUiCache();\n if (prewarm.loaded > 0) {\n log.debug({ loaded: prewarm.loaded, missing: prewarm.missing }, 'Static UI cache prewarmed');\n }\n\n app.route('/', authenticated);\n\n app.notFound((c) => {\n return c.json({ error: 'Not found' }, 404);\n });\n\n app.onError((err, c) => {\n log.error({ err }, 'Hono error');\n return c.json({ error: 'Internal server error' }, 500);\n });\n\n return app;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;aAOqD;AAgBrD,MAAM,MAAM,aAAa,UAAU;;;;;;AAYnC,SAAgB,8BAA8B,MAAuB;AACnE,QAAO,sCAAsC,KAAK,KAAK;;AAGzD,SAAgB,cAAc,QAA6B;AACzD,KAAI,QAAQ,IAAI,OACd,gCAA+B;CAEjC,MAAM,EAAE,SAAS,UAAU;CAC3B,MAAM,MAAM,IAAI,MAAM;CAEtB,MAAM,cAAc,gCAAgC,QAAQ;CAE5D,MAAM,8BACJ,6BAA6B;EAC3B,mBAAmB,QAAQ,cAAc,QAAQ;EACjD,MAAM;EACN,UAAU,4BAA4B,QAAQ,cAAc;EAC5D,iBAAiB,iBAAiB,EAAE;EACrC,CAAC;AAEJ,KAAI,IAAI,sBAAsB,CAAC;AAC/B,KAAI,IAAI,QAAQ,CAAC;AACjB,KAAI,IACF,KAAK;EACH,SAAS,WAAW;GAClB,MAAM,UAAU,uBAAuB;AACvC,OAAI,CAAC,OACH,QAAO,QAAQ,MAAM,oBAAoB;GAE3C,MAAM,aAAa,OAAO,aAAa;AAEvC,OADY,QAAQ,MAAM,UAAU,MAAM,aAAa,KAAK,WACrD,CAAE,QAAO;AAChB,UAAO,QAAQ,SAAS,IAAI,GAAG,MAAM;;EAEvC,cAAc;GAAC;GAAO;GAAQ;GAAS;GAAU;GAAU;EAC3D,cAAc;GAAC;GAAgB;GAAiB;GAAU;GAAgB;GAAgB;EAC1F,aAAa;EACb,QAAQ;EACT,CAAC,CACH;CAGD,MAAM,oBAAoB,8BAA8B;AAGxD,KAAI,IAAI,iBAAiB,OAAO,GAAG,SAAS;AAC1C,QAAM,MAAM;AACZ,MAAI,8BAA8B,EAAE,IAAI,KAAK,CAC3C;AAEF,IAAE,OAAO,mBAAmB,OAAO;AACnC,IAAE,OAAO,0BAA0B,UAAU;AAC7C,IAAE,OAAO,mBAAmB,kCAAkC;AAC9D,IAAE,OAAO,oBAAoB,gBAAgB;AAE7C,IAAE,OAAO,sBAAsB,+CAA+C;AAC9E,IAAE,OAAO,2BAA2B,kBAAkB;GACtD,CAAC;CAKH,MAAM,gCACJ,QAAQ,cAAc,SAAS,6CAA6C;AAC9E,KAAI,IAAI,UAAU,iBAAiB,OAAO,GAAG,SAAS;AAIpD,MAAI,8BAA8B,EAAE,IAAI,KAAK,CAC3C,QAAO,MAAM;EAGf,MAAM,SAAS,EAAE,IAAI,OAAO,SAAS;AACrC,MAAI,CAAC,UAAU,OAAO,MAAM,CAAC,aAAa,KAAK,OAE7C,QAAO,MAAM;EAGf,MAAM,SAAS,mBAAmB;GAChC,aAAa,EAAE,IAAI,OAAO,OAAO;GACjC;GACA,gBAAgB,uBAAuB;GACvC;GACA,eAAe;GAChB,CAAC;AAEF,MAAI,CAAC,OAAO,IAAI;AACd,OAAI,KACF;IAAE;IAAQ,QAAQ,YAAY,SAAS,OAAO,SAAS;IAAW,MAAM,EAAE,IAAI;IAAM,EACpF,8BACD;AACD,UAAO,EAAE,KAAK;IAAE,OAAO;IAAa,SAAS;IAAsB,EAAE,IAAI;;AAG3E,SAAO,MAAM;GACb,CAAC;AAEH,KAAI,IAAI,sBAAsB,UAAU;EACtC,SAAS,KAAK,OAAO;EACrB,UAAU,MAAM;AACd,UAAO,EAAE,KAAK;IAAE,OAAO;IAA2B,SAAS;IAAQ,EAAE,IAAI;;EAE5E,CAAC,CAAC;CAEH,MAAM,uBAAuB,IAAI,OAAO;CACxC,MAAM,yBAAyB,iCAAiC;AAEhE,KAAI,IAAI,UAAU,OAAO,GAAG,SAAS;EACnC,MAAM,UAAU,EAAE,IAAI,SAAS,eAAe,yBAAyB;EACvE,MAAM,YAAY,KAAK,KAAK,WAAW,OAAO,MAAM;AACpD,SAAO,UAAU;GACf;GACA,UAAU,QACR,IAAI,KAAK;IAAE,OAAO;IAA0B,SAAS,GAAG,UAAU;IAAK,EAAE,IAAI;GAChF,CAAC,CAAC,GAAG,KAAK;GACX;AAEF,6BAA4B,KAAK,QAAQ;AAKzC,oCAAmC,KAAK,QAAQ;CAEhD,MAAM,gBAAgB,IAAI,MAAM;AAChC,eAAc,IACZ,KAAK;EACH;EACA,sBAAsB,QAAQ,cAAc,SAAS;EACrD,uBAAuB;AACrB,OAAI,OAAO,QAAQ,oBAAoB,WACrC,QAAO,QAAQ,iBAAiB;AAElC,UAAO,QAAQ;IAAE,MAAM;IAAS;IAAO,GAAG,EAAE,MAAM,QAAQ;;EAE5D,+BAA+B;GAC7B,gBAAgB,QAAQ,cAAc,SAAS;GAC/C,qBAAqB,QAAQ,cAAc,SAAS,wBAAwB;GAC7E;EACF,CAAC,CACH;AACD,eAAc,IAAI,gBAAgB,CAAC;CAEnC,MAAM,wBAAwB;CAC9B,MAAM,8BAA8B;CAEpC,MAAM,oCAAoB,IAAI,KAA8D;AAG5F,mBAAkB;AAChB,OAAK,MAAM,CAAC,IAAI,YAAY,kBAAkB,SAAS,CAErD,KADe,QAAQ,SACb,CAAC,cAAc,wBAAwB,EAC/C,mBAAkB,OAAO,GAAG;IALE,MAAS,IAQd;AAgC/B,6BAA4B,KAAK,eAAe;EAC9C;EACA,2BAhCgC,iBAAiB,OAAO,GAAG,SAAS;GACpE,MAAM,WAAW,EAAE,IAAI,OAAO,kBAAkB,EAAE,MAAM,IAAI,CAAC,IAAI,MAAM,IAClE,EAAE,IAAI,OAAO,YAAY,IACzB;GAEL,IAAI,UAAU,kBAAkB,IAAI,SAAS;AAC7C,OAAI,CAAC,SAAS;AACZ,cAAU,6BAA6B;KACrC,aAAa;KACb,UAAU;KACX,CAAC;AACF,sBAAkB,IAAI,UAAU,QAAQ;;GAG1C,MAAM,SAAS,QAAQ,SAAS;AAChC,OAAI,CAAC,OAAO,SAAS;AACnB,QAAI,KAAK;KAAE;KAAU,cAAc,OAAO;KAAc,EAAE,sBAAsB;AAChF,MAAE,OAAO,eAAe,OAAO,KAAK,KAAK,OAAO,eAAe,IAAK,CAAC,CAAC;AACtE,WAAO,EAAE,KAAK,EAAE,OAAO,qBAAqB,EAAE,IAAI;;AAGpD,KAAE,OAAO,yBAAyB,OAAO,OAAO,UAAU,CAAC;AAC3D,SAAM,MAAM;IAUa;EACzB,WAAA;GAPA;GACA,mBAAmB,QAAQ,cAAc,QAAQ;GAMxC;EACV,CAAC;CAEF,MAAM,UAAU,sBAAsB;AACtC,KAAI,QAAQ,SAAS,EACnB,KAAI,MAAM;EAAE,QAAQ,QAAQ;EAAQ,SAAS,QAAQ;EAAS,EAAE,4BAA4B;AAG9F,KAAI,MAAM,KAAK,cAAc;AAE7B,KAAI,UAAU,MAAM;AAClB,SAAO,EAAE,KAAK,EAAE,OAAO,aAAa,EAAE,IAAI;GAC1C;AAEF,KAAI,SAAS,KAAK,MAAM;AACtB,MAAI,MAAM,EAAE,KAAK,EAAE,aAAa;AAChC,SAAO,EAAE,KAAK,EAAE,OAAO,yBAAyB,EAAE,IAAI;GACtD;AAEF,QAAO"}
1
+ {"version":3,"file":"app.js","names":[],"sources":["../../../../src/gateway/hono/app.ts"],"sourcesContent":["import { Hono } from 'hono';\nimport { cors } from 'hono/cors';\nimport { createMiddleware } from 'hono/factory';\nimport { bodyLimit } from 'hono/body-limit';\nimport { getConnInfo } from '@hono/node-server/conninfo';\n\nimport { resolveGatewayEffectiveHost } from '../../config/gateway-bind.js';\nimport { createFixedWindowRateLimiter } from '../../infra/rate-limit.js';\nimport { createLogger } from '../../utils/logger.js';\nimport { getClientIpFromHeaders } from '../auth-rate-limit.js';\nimport { resolveClientIpFromRequest } from '../client-ip.js';\nimport type { GatewayService } from '../service.js';\nimport { resolveAllowedBrowserOrigins, resolveGatewayServiceListenPort } from '../host.js';\nimport { loadTunnelState } from '../../tunnel/tunnel-state.js';\nimport { maxWebchatAgentRequestBodyBytes } from '../chat-limits.js';\nimport { buildGatewayConsoleCspHeader } from '../security/csp.js';\nimport { checkBrowserOrigin } from '../security/origin-check.js';\nimport { auth } from './middleware/auth.js';\nimport { operatorScopes } from './middleware/scopes.js';\nimport { logContextMiddleware } from './middleware/log-context.js';\nimport { logger } from './middleware/logger.js';\nimport { registerPublicExtensionAssetRoutes } from './routes/auth-registry-extensions.js';\nimport { registerAuthenticatedRoutes } from './routes/index.js';\nimport { registerPublicGatewayRoutes } from './routes/public-gateway.js';\nimport { resetLazyRouteBundlesForTests } from './routes/lazy-fallback.js';\nimport { prewarmStaticUiCache } from './lib/static-ui.js';\nconst log = createLogger('HonoApp');\n\nexport interface HonoAppConfig {\n service: GatewayService;\n token?: string;\n}\n\n/**\n * Extension sandbox HTML under `/api/extensions/:id/assets/*` ships its own CSP\n * (`frame-ancestors 'self'`). The global gateway middleware must not overwrite it\n * with `frame-ancestors 'none'` / `X-Frame-Options: DENY`, or the console cannot embed iframes.\n */\nexport function isExtensionGatewayUiAssetPath(path: string): boolean {\n return /^\\/api\\/extensions\\/[^/]+\\/assets\\//.test(path);\n}\n\nexport function createHonoApp(config: HonoAppConfig): Hono {\n if (process.env.VITEST) {\n resetLazyRouteBundlesForTests();\n }\n const { service, token } = config;\n const app = new Hono();\n\n const gatewayPort = resolveGatewayServiceListenPort(service);\n\n const resolveBrowserOrigins = (): string[] =>\n resolveAllowedBrowserOrigins({\n configuredOrigins: service.currentConfig.gateway.corsOrigins,\n port: gatewayPort,\n bindHost: resolveGatewayEffectiveHost(service.currentConfig),\n tunnelPublicUrl: loadTunnelState()?.publicUrl,\n });\n\n app.use(logContextMiddleware());\n app.use(logger({\n trustedProxies: service.currentConfig.gateway?.trustedProxies,\n allowRealIpFallback: service.currentConfig.gateway?.allowRealIpFallback === true,\n }));\n app.use(\n cors({\n origin: (origin) => {\n const allowed = resolveBrowserOrigins();\n if (!origin) {\n return allowed[0] ?? `http://127.0.0.1:${gatewayPort}`;\n }\n const normalized = origin.toLowerCase();\n const hit = allowed.find((entry) => entry.toLowerCase() === normalized);\n if (hit) return origin;\n return allowed.includes('*') ? '*' : '';\n },\n allowMethods: ['GET', 'POST', 'PATCH', 'DELETE', 'OPTIONS'],\n allowHeaders: ['Content-Type', 'Authorization', 'Accept', 'X-Session-Id', 'Last-Event-ID'],\n credentials: true,\n maxAge: 86400,\n }),\n );\n\n // Build CSP header once at startup (no inline script hashes needed for SPA)\n const gatewayConsoleCsp = buildGatewayConsoleCspHeader();\n\n // Security headers middleware\n app.use(createMiddleware(async (c, next) => {\n await next();\n if (isExtensionGatewayUiAssetPath(c.req.path)) {\n return;\n }\n c.header('X-Frame-Options', 'DENY');\n c.header('X-Content-Type-Options', 'nosniff');\n c.header('Referrer-Policy', 'strict-origin-when-cross-origin');\n c.header('X-XSS-Protection', '1; mode=block');\n // microphone=(self): allow same-origin chat voice (composer). microphone=() breaks packaged Electron loading the gateway SPA.\n c.header('Permissions-Policy', 'camera=(), microphone=(self), geolocation=()');\n c.header('Content-Security-Policy', gatewayConsoleCsp);\n }));\n\n // Browser Origin check middleware for API routes (CSRF protection).\n // Non-browser requests (no Origin header) pass through — they are\n // authenticated by the token middleware instead.\n const allowHostHeaderOriginFallback =\n service.currentConfig.gateway?.dangerouslyAllowHostHeaderOriginFallback === true;\n app.use('/api/*', createMiddleware(async (c, next) => {\n // Sandboxed extension iframes (no allow-same-origin) send `Origin: null`.\n // `checkBrowserOrigin` rejects that; these routes rely on CSP instead\n // (`registerPublicExtensionAssetRoutes`).\n if (isExtensionGatewayUiAssetPath(c.req.path)) {\n return next();\n }\n\n const origin = c.req.header('origin');\n if (!origin || origin.trim().toLowerCase() === 'null') {\n // Native apps / opaque origins — authenticated via Bearer token\n return next();\n }\n\n const result = checkBrowserOrigin({\n requestHost: c.req.header('host'),\n origin,\n allowedOrigins: resolveBrowserOrigins(),\n allowHostHeaderOriginFallback,\n isLocalClient: false,\n });\n\n if (!result.ok) {\n log.warn(\n {\n origin,\n requestHost: c.req.header('host'),\n reason: 'reason' in result ? result.reason : 'unknown',\n path: c.req.path,\n method: c.req.method,\n },\n `Browser origin check failed: ${origin} not in allowed list`,\n );\n return c.json({ error: 'Forbidden', message: 'Origin not allowed' }, 403);\n }\n\n return next();\n }));\n\n app.use('/api/skills/upload', bodyLimit({\n maxSize: 10 * 1024 * 1024,\n onError: (c) => {\n log.warn({ path: c.req.path, maxSizeMb: 10 }, 'Request body too large: skills upload exceeds 10MB limit');\n return c.json({ error: 'Skill package too large', maxSize: '10MB' }, 413);\n },\n }));\n\n const DEFAULT_API_BODY_MAX = 1 * 1024 * 1024;\n const WEBCHAT_AGENT_BODY_MAX = maxWebchatAgentRequestBodyBytes();\n\n app.use('/api/*', async (c, next) => {\n const maxSize = c.req.path === '/api/agent' ? WEBCHAT_AGENT_BODY_MAX : DEFAULT_API_BODY_MAX;\n const maxSizeMb = Math.ceil(maxSize / (1024 * 1024));\n return bodyLimit({\n maxSize,\n onError: (ctx) => {\n log.warn({ path: ctx.req.path, maxSizeMb }, `Request body too large: exceeds ${maxSizeMb}MB limit`);\n return ctx.json({ error: 'Request body too large', maxSize: `${maxSizeMb}MB` }, 413);\n },\n })(c, next);\n });\n\n registerPublicGatewayRoutes(app, service);\n\n // Extension UI assets are served without auth: sandboxed iframes (no allow-same-origin)\n // have an opaque origin of `null` and cannot forward the ?token= from the parent HTML URL.\n // Security is enforced by the strict CSP (frame-ancestors 'self') on every response.\n registerPublicExtensionAssetRoutes(app, service);\n\n const authenticated = new Hono();\n authenticated.use(\n auth({\n token,\n getGatewayAuth: () => service.currentConfig.gateway?.auth,\n getResolvedAuth: () => {\n if (typeof service.getResolvedAuth === 'function') {\n return service.getResolvedAuth();\n }\n return token ? { mode: 'token', token } : { mode: 'none' };\n },\n getTrustedProxyContext: () => ({\n trustedProxies: service.currentConfig.gateway?.trustedProxies,\n allowRealIpFallback: service.currentConfig.gateway?.allowRealIpFallback === true,\n }),\n }),\n );\n authenticated.use(operatorScopes());\n\n const STRICT_RATE_LIMIT_MAX = 15;\n const STRICT_RATE_LIMIT_WINDOW_MS = 60_000;\n\n const strictRateLimiter = new Map<string, ReturnType<typeof createFixedWindowRateLimiter>>();\n\n const RATE_LIMIT_CLEANUP_INTERVAL = 5 * 60 * 1000;\n setInterval(() => {\n for (const [ip, limiter] of strictRateLimiter.entries()) {\n const result = limiter.consume();\n if (result.remaining === STRICT_RATE_LIMIT_MAX - 1) {\n strictRateLimiter.delete(ip);\n }\n }\n }, RATE_LIMIT_CLEANUP_INTERVAL);\n\n const strictRateLimitMiddleware = createMiddleware(async (c, next) => {\n const trustedProxies = service.currentConfig.gateway?.trustedProxies;\n const allowRealIpFallback = service.currentConfig.gateway?.allowRealIpFallback === true;\n let remoteAddress: string | undefined;\n try {\n remoteAddress = getConnInfo(c).remote.address;\n } catch {\n remoteAddress = undefined;\n }\n const clientIp = trustedProxies?.length\n ? resolveClientIpFromRequest({\n remoteAddress,\n getHeader: (name) => c.req.header(name),\n trustedProxies,\n allowRealIpFallback,\n })\n : getClientIpFromHeaders({\n get: (name) => c.req.header(name) ?? undefined,\n });\n\n let limiter = strictRateLimiter.get(clientIp);\n if (!limiter) {\n limiter = createFixedWindowRateLimiter({\n maxRequests: STRICT_RATE_LIMIT_MAX,\n windowMs: STRICT_RATE_LIMIT_WINDOW_MS,\n });\n strictRateLimiter.set(clientIp, limiter);\n }\n\n const result = limiter.consume();\n if (!result.allowed) {\n log.warn(\n {\n clientIp,\n path: c.req.path,\n method: c.req.method,\n limit: STRICT_RATE_LIMIT_MAX,\n windowSec: Math.round(STRICT_RATE_LIMIT_WINDOW_MS / 1000),\n retryAfterSec: Math.ceil(result.retryAfterMs / 1000),\n reason: 'api_rate_limit_exceeded',\n },\n `API rate limit exceeded: ${STRICT_RATE_LIMIT_MAX} req/${STRICT_RATE_LIMIT_WINDOW_MS / 1000}s limit for IP ${clientIp}`,\n );\n c.header('Retry-After', String(Math.ceil(result.retryAfterMs / 1000)));\n c.header('X-RateLimit-Limit', String(STRICT_RATE_LIMIT_MAX));\n c.header('X-RateLimit-Remaining', '0');\n return c.json({ error: 'Too many requests' }, 429);\n }\n\n c.header('X-RateLimit-Limit', String(STRICT_RATE_LIMIT_MAX));\n c.header('X-RateLimit-Remaining', String(result.remaining));\n await next();\n });\n\n const sseConfig = {\n service,\n maxSseConnections: service.currentConfig.gateway.maxSseConnections,\n };\n\n registerAuthenticatedRoutes(app, authenticated, {\n service,\n strictRateLimitMiddleware,\n sseConfig,\n });\n\n const prewarm = prewarmStaticUiCache();\n if (prewarm.loaded > 0) {\n log.debug({ loaded: prewarm.loaded, missing: prewarm.missing }, 'Static UI cache prewarmed');\n }\n\n app.route('/', authenticated);\n\n app.notFound((c) => {\n const isApiRoute = c.req.path.startsWith('/api/');\n const fields = { path: c.req.path, method: c.req.method };\n if (isApiRoute) {\n log.warn(fields, 'Route not found');\n } else {\n log.debug(fields, 'Route not found');\n }\n return c.json({ error: 'Not found' }, 404);\n });\n\n app.onError((err, c) => {\n log.error(\n {\n err,\n path: c.req.path,\n method: c.req.method,\n userAgent: c.req.header('user-agent'),\n },\n `Hono error on ${c.req.method} ${c.req.path}: ${err instanceof Error ? err.message : String(err)}`,\n );\n return c.json({ error: 'Internal server error' }, 500);\n });\n\n return app;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;aAQqD;AAkBrD,MAAM,MAAM,aAAa,UAAU;;;;;;AAYnC,SAAgB,8BAA8B,MAAuB;AACnE,QAAO,sCAAsC,KAAK,KAAK;;AAGzD,SAAgB,cAAc,QAA6B;AACzD,KAAI,QAAQ,IAAI,OACd,gCAA+B;CAEjC,MAAM,EAAE,SAAS,UAAU;CAC3B,MAAM,MAAM,IAAI,MAAM;CAEtB,MAAM,cAAc,gCAAgC,QAAQ;CAE5D,MAAM,8BACJ,6BAA6B;EAC3B,mBAAmB,QAAQ,cAAc,QAAQ;EACjD,MAAM;EACN,UAAU,4BAA4B,QAAQ,cAAc;EAC5D,iBAAiB,iBAAiB,EAAE;EACrC,CAAC;AAEJ,KAAI,IAAI,sBAAsB,CAAC;AAC/B,KAAI,IAAI,OAAO;EACb,gBAAgB,QAAQ,cAAc,SAAS;EAC/C,qBAAqB,QAAQ,cAAc,SAAS,wBAAwB;EAC7E,CAAC,CAAC;AACH,KAAI,IACF,KAAK;EACH,SAAS,WAAW;GAClB,MAAM,UAAU,uBAAuB;AACvC,OAAI,CAAC,OACH,QAAO,QAAQ,MAAM,oBAAoB;GAE3C,MAAM,aAAa,OAAO,aAAa;AAEvC,OADY,QAAQ,MAAM,UAAU,MAAM,aAAa,KAAK,WACrD,CAAE,QAAO;AAChB,UAAO,QAAQ,SAAS,IAAI,GAAG,MAAM;;EAEvC,cAAc;GAAC;GAAO;GAAQ;GAAS;GAAU;GAAU;EAC3D,cAAc;GAAC;GAAgB;GAAiB;GAAU;GAAgB;GAAgB;EAC1F,aAAa;EACb,QAAQ;EACT,CAAC,CACH;CAGD,MAAM,oBAAoB,8BAA8B;AAGxD,KAAI,IAAI,iBAAiB,OAAO,GAAG,SAAS;AAC1C,QAAM,MAAM;AACZ,MAAI,8BAA8B,EAAE,IAAI,KAAK,CAC3C;AAEF,IAAE,OAAO,mBAAmB,OAAO;AACnC,IAAE,OAAO,0BAA0B,UAAU;AAC7C,IAAE,OAAO,mBAAmB,kCAAkC;AAC9D,IAAE,OAAO,oBAAoB,gBAAgB;AAE7C,IAAE,OAAO,sBAAsB,+CAA+C;AAC9E,IAAE,OAAO,2BAA2B,kBAAkB;GACtD,CAAC;CAKH,MAAM,gCACJ,QAAQ,cAAc,SAAS,6CAA6C;AAC9E,KAAI,IAAI,UAAU,iBAAiB,OAAO,GAAG,SAAS;AAIpD,MAAI,8BAA8B,EAAE,IAAI,KAAK,CAC3C,QAAO,MAAM;EAGf,MAAM,SAAS,EAAE,IAAI,OAAO,SAAS;AACrC,MAAI,CAAC,UAAU,OAAO,MAAM,CAAC,aAAa,KAAK,OAE7C,QAAO,MAAM;EAGf,MAAM,SAAS,mBAAmB;GAChC,aAAa,EAAE,IAAI,OAAO,OAAO;GACjC;GACA,gBAAgB,uBAAuB;GACvC;GACA,eAAe;GAChB,CAAC;AAEF,MAAI,CAAC,OAAO,IAAI;AACd,OAAI,KACF;IACE;IACA,aAAa,EAAE,IAAI,OAAO,OAAO;IACjC,QAAQ,YAAY,SAAS,OAAO,SAAS;IAC7C,MAAM,EAAE,IAAI;IACZ,QAAQ,EAAE,IAAI;IACf,EACD,gCAAgC,OAAO,sBACxC;AACD,UAAO,EAAE,KAAK;IAAE,OAAO;IAAa,SAAS;IAAsB,EAAE,IAAI;;AAG3E,SAAO,MAAM;GACb,CAAC;AAEH,KAAI,IAAI,sBAAsB,UAAU;EACtC,SAAS,KAAK,OAAO;EACrB,UAAU,MAAM;AACd,OAAI,KAAK;IAAE,MAAM,EAAE,IAAI;IAAM,WAAW;IAAI,EAAE,2DAA2D;AACzG,UAAO,EAAE,KAAK;IAAE,OAAO;IAA2B,SAAS;IAAQ,EAAE,IAAI;;EAE5E,CAAC,CAAC;CAEH,MAAM,uBAAuB,IAAI,OAAO;CACxC,MAAM,yBAAyB,iCAAiC;AAEhE,KAAI,IAAI,UAAU,OAAO,GAAG,SAAS;EACnC,MAAM,UAAU,EAAE,IAAI,SAAS,eAAe,yBAAyB;EACvE,MAAM,YAAY,KAAK,KAAK,WAAW,OAAO,MAAM;AACpD,SAAO,UAAU;GACf;GACA,UAAU,QAAQ;AAChB,QAAI,KAAK;KAAE,MAAM,IAAI,IAAI;KAAM;KAAW,EAAE,mCAAmC,UAAU,UAAU;AACnG,WAAO,IAAI,KAAK;KAAE,OAAO;KAA0B,SAAS,GAAG,UAAU;KAAK,EAAE,IAAI;;GAEvF,CAAC,CAAC,GAAG,KAAK;GACX;AAEF,6BAA4B,KAAK,QAAQ;AAKzC,oCAAmC,KAAK,QAAQ;CAEhD,MAAM,gBAAgB,IAAI,MAAM;AAChC,eAAc,IACZ,KAAK;EACH;EACA,sBAAsB,QAAQ,cAAc,SAAS;EACrD,uBAAuB;AACrB,OAAI,OAAO,QAAQ,oBAAoB,WACrC,QAAO,QAAQ,iBAAiB;AAElC,UAAO,QAAQ;IAAE,MAAM;IAAS;IAAO,GAAG,EAAE,MAAM,QAAQ;;EAE5D,+BAA+B;GAC7B,gBAAgB,QAAQ,cAAc,SAAS;GAC/C,qBAAqB,QAAQ,cAAc,SAAS,wBAAwB;GAC7E;EACF,CAAC,CACH;AACD,eAAc,IAAI,gBAAgB,CAAC;CAEnC,MAAM,wBAAwB;CAC9B,MAAM,8BAA8B;CAEpC,MAAM,oCAAoB,IAAI,KAA8D;AAG5F,mBAAkB;AAChB,OAAK,MAAM,CAAC,IAAI,YAAY,kBAAkB,SAAS,CAErD,KADe,QAAQ,SACb,CAAC,cAAc,wBAAwB,EAC/C,mBAAkB,OAAO,GAAG;IALE,MAAS,IAQd;AA6D/B,6BAA4B,KAAK,eAAe;EAC9C;EACA,2BA7DgC,iBAAiB,OAAO,GAAG,SAAS;GACpE,MAAM,iBAAiB,QAAQ,cAAc,SAAS;GACtD,MAAM,sBAAsB,QAAQ,cAAc,SAAS,wBAAwB;GACnF,IAAI;AACJ,OAAI;AACF,oBAAgB,YAAY,EAAE,CAAC,OAAO;WAChC;AACN,oBAAgB,KAAA;;GAElB,MAAM,WAAW,gBAAgB,SAC7B,2BAA2B;IACzB;IACA,YAAY,SAAS,EAAE,IAAI,OAAO,KAAK;IACvC;IACA;IACD,CAAC,GACF,uBAAuB,EACrB,MAAM,SAAS,EAAE,IAAI,OAAO,KAAK,IAAI,KAAA,GACtC,CAAC;GAEN,IAAI,UAAU,kBAAkB,IAAI,SAAS;AAC7C,OAAI,CAAC,SAAS;AACZ,cAAU,6BAA6B;KACrC,aAAa;KACb,UAAU;KACX,CAAC;AACF,sBAAkB,IAAI,UAAU,QAAQ;;GAG1C,MAAM,SAAS,QAAQ,SAAS;AAChC,OAAI,CAAC,OAAO,SAAS;AACnB,QAAI,KACF;KACE;KACA,MAAM,EAAE,IAAI;KACZ,QAAQ,EAAE,IAAI;KACd,OAAO;KACP,WAAW,KAAK,MAAM,8BAA8B,IAAK;KACzD,eAAe,KAAK,KAAK,OAAO,eAAe,IAAK;KACpD,QAAQ;KACT,EACD,4BAA4B,sBAAsB,OAAO,8BAA8B,IAAK,iBAAiB,WAC9G;AACD,MAAE,OAAO,eAAe,OAAO,KAAK,KAAK,OAAO,eAAe,IAAK,CAAC,CAAC;AACtE,MAAE,OAAO,qBAAqB,OAAO,sBAAsB,CAAC;AAC5D,MAAE,OAAO,yBAAyB,IAAI;AACtC,WAAO,EAAE,KAAK,EAAE,OAAO,qBAAqB,EAAE,IAAI;;AAGpD,KAAE,OAAO,qBAAqB,OAAO,sBAAsB,CAAC;AAC5D,KAAE,OAAO,yBAAyB,OAAO,OAAO,UAAU,CAAC;AAC3D,SAAM,MAAM;IAUa;EACzB,WAAA;GAPA;GACA,mBAAmB,QAAQ,cAAc,QAAQ;GAMxC;EACV,CAAC;CAEF,MAAM,UAAU,sBAAsB;AACtC,KAAI,QAAQ,SAAS,EACnB,KAAI,MAAM;EAAE,QAAQ,QAAQ;EAAQ,SAAS,QAAQ;EAAS,EAAE,4BAA4B;AAG9F,KAAI,MAAM,KAAK,cAAc;AAE7B,KAAI,UAAU,MAAM;EAClB,MAAM,aAAa,EAAE,IAAI,KAAK,WAAW,QAAQ;EACjD,MAAM,SAAS;GAAE,MAAM,EAAE,IAAI;GAAM,QAAQ,EAAE,IAAI;GAAQ;AACzD,MAAI,WACF,KAAI,KAAK,QAAQ,kBAAkB;MAEnC,KAAI,MAAM,QAAQ,kBAAkB;AAEtC,SAAO,EAAE,KAAK,EAAE,OAAO,aAAa,EAAE,IAAI;GAC1C;AAEF,KAAI,SAAS,KAAK,MAAM;AACtB,MAAI,MACF;GACE;GACA,MAAM,EAAE,IAAI;GACZ,QAAQ,EAAE,IAAI;GACd,WAAW,EAAE,IAAI,OAAO,aAAa;GACtC,EACD,iBAAiB,EAAE,IAAI,OAAO,GAAG,EAAE,IAAI,KAAK,IAAI,eAAe,QAAQ,IAAI,UAAU,OAAO,IAAI,GACjG;AACD,SAAO,EAAE,KAAK,EAAE,OAAO,yBAAyB,EAAE,IAAI;GACtD;AAEF,QAAO"}
package/dist/src/gateway/hono/middleware/auth.js CHANGED
@@ -74,9 +74,10 @@ function auth(config) {
74
74
  const rlCfg = resolveAuthRateLimitConfig(rlInput);
75
75
  const rateLimitActive = rlCfg.enabled && !isAuthRateLimitGloballyDisabled();
76
76
  const clientIp = resolveMiddlewareClientIp(c, trustedProxies, proxyContext?.allowRealIpFallback);
77
+ const origin = c.req.header("origin");
77
78
  const { limiter, key: rateLimitKey, cfg: activeRlCfg } = resolveAuthRateLimitTracking({
78
79
  clientIp,
79
- origin: c.req.header("origin"),
80
+ origin,
80
81
  cfg: rlCfg
81
82
  });
82
83
  if (!trustedProxyConfig) {
@@ -107,6 +108,17 @@ function auth(config) {
107
108
  if (rateLimitActive) {
108
109
  const blocked = limiter.checkBlocked(rateLimitKey, activeRlCfg);
109
110
  if (blocked.blocked) {
111
+ log.warn({
112
+ clientIp,
113
+ origin: origin ?? void 0,
114
+ path: c.req.path,
115
+ method: c.req.method,
116
+ attemptCount: activeRlCfg.maxAttempts,
117
+ windowSec: Math.round(activeRlCfg.windowMs / 1e3),
118
+ blockDurationSec: Math.round(activeRlCfg.blockDurationMs / 1e3),
119
+ retryAfterSec: blocked.retryAfterSec,
120
+ reason: "auth_failure_rate_limit"
121
+ }, `Auth rate limit blocked: ${activeRlCfg.maxAttempts} failures in ${activeRlCfg.windowMs / 1e3}s, blocking for ${activeRlCfg.blockDurationMs / 1e3}s`);
110
122
  c.header("Retry-After", String(blocked.retryAfterSec));
111
123
  return c.json({
112
124
  error: "Too Many Requests",
@@ -121,7 +133,7 @@ function auth(config) {
121
133
  method: c.req.method,
122
134
  clientIp,
123
135
  reason: result.reason
124
- }, "HTTP auth rejected: trusted-proxy validation failed");
136
+ }, `HTTP auth rejected: trusted-proxy validation failed (${result.reason})`);
125
137
  return c.json({
126
138
  error: "Unauthorized",
127
139
  message: "Trusted-proxy authentication failed"
@@ -134,9 +146,10 @@ function auth(config) {
134
146
  const rateLimitActive = rlCfg.enabled && !isAuthRateLimitGloballyDisabled();
135
147
  const proxyContext = getTrustedProxyContext?.();
136
148
  const clientIp = resolveMiddlewareClientIp(c, proxyContext?.trustedProxies, proxyContext?.allowRealIpFallback);
149
+ const origin = c.req.header("origin");
137
150
  const { limiter, key: rateLimitKey, cfg: activeRlCfg } = resolveAuthRateLimitTracking({
138
151
  clientIp,
139
- origin: c.req.header("origin"),
152
+ origin,
140
153
  cfg: rlCfg
141
154
  });
142
155
  const authHeader = extractTokenFromHeader(c.req.header("authorization"));
@@ -156,6 +169,17 @@ function auth(config) {
156
169
  if (rateLimitActive) {
157
170
  const blocked = limiter.checkBlocked(rateLimitKey, activeRlCfg);
158
171
  if (blocked.blocked) {
172
+ log.warn({
173
+ clientIp,
174
+ origin: origin ?? void 0,
175
+ path: requestPath,
176
+ method: c.req.method,
177
+ attemptCount: activeRlCfg.maxAttempts,
178
+ windowSec: Math.round(activeRlCfg.windowMs / 1e3),
179
+ blockDurationSec: Math.round(activeRlCfg.blockDurationMs / 1e3),
180
+ retryAfterSec: blocked.retryAfterSec,
181
+ reason: "auth_failure_rate_limit"
182
+ }, `Auth rate limit blocked: ${activeRlCfg.maxAttempts} failures in ${activeRlCfg.windowMs / 1e3}s, blocking for ${activeRlCfg.blockDurationMs / 1e3}s`);
159
183
  c.header("Retry-After", String(blocked.retryAfterSec));
160
184
  return c.json({
161
185
  error: "Too Many Requests",
package/dist/src/gateway/hono/middleware/auth.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth.js","names":[],"sources":["../../../../../src/gateway/hono/middleware/auth.ts"],"sourcesContent":["import { createMiddleware } from 'hono/factory';\nimport type { Context } from 'hono';\nimport { getConnInfo } from '@hono/node-server/conninfo';\nimport type { GatewayAuthConfig } from '../../../config/schema.js';\nimport {\n getClientIpFromHeaders,\n isAuthRateLimitGloballyDisabled,\n resolveAuthRateLimitConfig,\n resolveAuthRateLimitTracking,\n} from '../../auth-rate-limit.js';\nimport type { ResolvedGatewayAuth } from '../../auth.js';\nimport { resolveClientIpFromRequest } from '../../client-ip.js';\nimport { safeEqualSecret } from '../../security/secret-equal.js';\nimport { authorizeTrustedProxy } from '../../trusted-proxy.js';\nimport { createLogger } from '../../../utils/logger.js';\n\nconst log = createLogger('Hono:Auth');\n\nexport interface AuthConfig {\n token?: string;\n /** Current gateway auth from config (for rate-limit settings); optional. */\n getGatewayAuth?: () => GatewayAuthConfig | undefined;\n getResolvedAuth?: () => ResolvedGatewayAuth;\n getTrustedProxyContext?: () => {\n trustedProxies?: string[];\n allowRealIpFallback?: boolean;\n };\n}\n\n/**\n * Validate token using constant-time comparison to prevent timing attacks.\n */\nfunction validateToken(providedToken: string | undefined, expectedToken: string): boolean {\n if (!providedToken) return false;\n return safeEqualSecret(providedToken, expectedToken);\n}\n\n/**\n * Extract token from Authorization header\n * Supports: \"Bearer <token>\", \"<token>\"\n */\nfunction extractTokenFromHeader(authHeader: string | null): string | null {\n if (!authHeader) return null;\n\n const parts = authHeader.split(' ');\n if (parts.length === 2 && parts[0].toLowerCase() === 'bearer') {\n return parts[1];\n }\n return authHeader;\n}\n\n/**\n * Extract token from query parameter.\n *\n * SECURITY: query-string tokens leak into server logs, Referer headers, and\n * browser history. We accept them only for SSE/WebSocket connections where\n * the `Authorization` header cannot be set by `EventSource`. For normal REST\n * requests prefer the `Authorization: Bearer <token>` header.\n */\nfunction extractTokenFromQuery(url: string): string | null {\n const parsed = new URL(url);\n return parsed.searchParams.get('token');\n}\n\n/** Paths where query-string token auth is acceptable (SSE / WebSocket). */\nconst QUERY_TOKEN_ALLOWED_PATHS = new Set(['/api/events', '/api/ws']);\n\nfunction isQueryTokenAllowedPath(path: string): boolean {\n return QUERY_TOKEN_ALLOWED_PATHS.has(path) || path.startsWith('/api/events');\n}\n\nfunction resolveRemoteAddress(c: Context): string | undefined {\n try {\n return getConnInfo(c).remote.address;\n } catch {\n return undefined;\n }\n}\n\nfunction resolveMiddlewareClientIp(\n c: Context,\n trustedProxies?: string[],\n allowRealIpFallback?: boolean,\n): string {\n if (trustedProxies?.length) {\n return resolveClientIpFromRequest({\n remoteAddress: resolveRemoteAddress(c),\n getHeader: (name) => c.req.header(name),\n trustedProxies,\n allowRealIpFallback,\n });\n }\n return getClientIpFromHeaders({\n get: (name: string) => c.req.header(name) ?? undefined,\n });\n}\n\n/**\n * Create auth middleware for HTTP routes\n */\nexport function auth(config?: AuthConfig) {\n const { token, getGatewayAuth, getResolvedAuth, getTrustedProxyContext } = config || {};\n\n return createMiddleware(async (c, next) => {\n const resolvedAuth = getResolvedAuth?.();\n const authMode = resolvedAuth?.mode ?? (token ? 'token' : 'none');\n\n if (authMode === 'trusted-proxy') {\n const proxyContext = getTrustedProxyContext?.();\n const trustedProxies = proxyContext?.trustedProxies;\n const trustedProxyConfig = resolvedAuth?.trustedProxy;\n\n const rlInput = getGatewayAuth?.()?.rateLimit;\n const rlCfg = resolveAuthRateLimitConfig(rlInput);\n const rateLimitActive = rlCfg.enabled && !isAuthRateLimitGloballyDisabled();\n const clientIp = resolveMiddlewareClientIp(\n c,\n trustedProxies,\n proxyContext?.allowRealIpFallback,\n );\n const origin = c.req.header('origin');\n const tracking = resolveAuthRateLimitTracking({ clientIp, origin, cfg: rlCfg });\n const { limiter, key: rateLimitKey, cfg: activeRlCfg } = tracking;\n\n if (!trustedProxyConfig) {\n if (rateLimitActive) {\n limiter.recordFailure(rateLimitKey, activeRlCfg);\n }\n log.warn(\n { path: c.req.path, method: c.req.method, clientIp, reason: 'trusted_proxy_config_missing' },\n 'HTTP auth rejected: trusted-proxy config missing',\n );\n return c.json({ error: 'Unauthorized', message: 'Trusted-proxy auth is not configured' }, 401);\n }\n\n const result = authorizeTrustedProxy({\n remoteAddress: resolveRemoteAddress(c),\n getHeader: (name) => c.req.header(name),\n trustedProxies,\n trustedProxyConfig,\n });\n\n if (result.ok) {\n if (rateLimitActive) {\n limiter.recordSuccess(rateLimitKey);\n }\n await next();\n return;\n }\n\n if (result.ok === false) {\n if (rateLimitActive) {\n const blocked = limiter.checkBlocked(rateLimitKey, activeRlCfg);\n if (blocked.blocked) {\n c.header('Retry-After', String(blocked.retryAfterSec));\n return c.json(\n {\n error: 'Too Many Requests',\n message: 'Too many authentication attempts',\n retryAfter: blocked.retryAfterSec,\n },\n 429,\n );\n }\n limiter.recordFailure(rateLimitKey, activeRlCfg);\n }\n\n log.warn(\n { path: c.req.path, method: c.req.method, clientIp, reason: result.reason },\n 'HTTP auth rejected: trusted-proxy validation failed',\n );\n return c.json({ error: 'Unauthorized', message: 'Trusted-proxy authentication failed' }, 401);\n }\n }\n\n if (authMode === 'none' || !token) {\n return next();\n }\n\n const rlInput = getGatewayAuth?.()?.rateLimit;\n const rlCfg = resolveAuthRateLimitConfig(rlInput);\n const rateLimitActive = rlCfg.enabled && !isAuthRateLimitGloballyDisabled();\n\n const proxyContext = getTrustedProxyContext?.();\n const clientIp = resolveMiddlewareClientIp(\n c,\n proxyContext?.trustedProxies,\n proxyContext?.allowRealIpFallback,\n );\n const origin = c.req.header('origin');\n const tracking = resolveAuthRateLimitTracking({ clientIp, origin, cfg: rlCfg });\n const { limiter, key: rateLimitKey, cfg: activeRlCfg } = tracking;\n\n const authHeader = extractTokenFromHeader(c.req.header('authorization'));\n const requestPath = new URL(c.req.url).pathname;\n const queryToken = isQueryTokenAllowedPath(requestPath)\n ? extractTokenFromQuery(c.req.url)\n : null;\n\n if (!authHeader && queryToken === null && new URL(c.req.url).searchParams.has('token')) {\n log.warn(\n { path: requestPath, method: c.req.method, clientIp },\n 'Token in query string rejected: use Authorization header for this endpoint',\n );\n }\n\n const providedToken = authHeader || queryToken;\n\n if (providedToken && validateToken(providedToken, token)) {\n if (rateLimitActive) {\n limiter.recordSuccess(rateLimitKey);\n }\n await next();\n return;\n }\n\n if (rateLimitActive) {\n const blocked = limiter.checkBlocked(rateLimitKey, activeRlCfg);\n if (blocked.blocked) {\n c.header('Retry-After', String(blocked.retryAfterSec));\n return c.json(\n {\n error: 'Too Many Requests',\n message: 'Too many authentication attempts',\n retryAfter: blocked.retryAfterSec,\n },\n 429,\n );\n }\n }\n\n if (!providedToken) {\n if (rateLimitActive) {\n limiter.recordFailure(rateLimitKey, activeRlCfg);\n }\n log.warn(\n { path: c.req.path, method: c.req.method, clientIp, reason: 'missing_token' },\n 'HTTP auth rejected: no Bearer or ?token=',\n );\n return c.json({ error: 'Unauthorized', message: 'Missing authentication token' }, 401);\n }\n\n if (!validateToken(providedToken, token)) {\n if (rateLimitActive) {\n limiter.recordFailure(rateLimitKey, activeRlCfg);\n }\n log.warn(\n { path: c.req.path, method: c.req.method, clientIp, reason: 'invalid_token' },\n 'HTTP auth rejected: token mismatch',\n );\n return c.json({ error: 'Unauthorized', message: 'Invalid authentication token' }, 401);\n }\n });\n}\n\nexport interface WebSocketAuthResult {\n valid: boolean;\n error?: string;\n}\n\n/**\n * Validate WebSocket connection token\n */\nexport function validateWebSocketAuth(\n url: URL,\n authHeader: string | null,\n expectedToken?: string\n): WebSocketAuthResult {\n if (!expectedToken) {\n return { valid: true };\n }\n\n const queryToken = url.searchParams.get('token');\n const headerToken = extractTokenFromHeader(authHeader);\n\n const providedToken = queryToken || headerToken;\n\n if (!providedToken) {\n log.warn(\n { path: url.pathname, reason: 'missing_token', hasHeaderToken: Boolean(headerToken) },\n 'WebSocket auth rejected: no token in query or Authorization',\n );\n return { valid: false, error: 'Missing authentication token' };\n }\n\n if (!safeEqualSecret(providedToken, expectedToken)) {\n log.warn({ path: url.pathname, reason: 'invalid_token' }, 'WebSocket auth rejected: token mismatch');\n return { valid: false, error: 'Invalid authentication token' };\n }\n\n return { valid: true };\n}\n"],"mappings":";;;;;;;;;aAcwD;AAExD,MAAM,MAAM,aAAa,YAAY;;;;AAgBrC,SAAS,cAAc,eAAmC,eAAgC;AACxF,KAAI,CAAC,cAAe,QAAO;AAC3B,QAAO,gBAAgB,eAAe,cAAc;;;;;;AAOtD,SAAS,uBAAuB,YAA0C;AACxE,KAAI,CAAC,WAAY,QAAO;CAExB,MAAM,QAAQ,WAAW,MAAM,IAAI;AACnC,KAAI,MAAM,WAAW,KAAK,MAAM,GAAG,aAAa,KAAK,SACnD,QAAO,MAAM;AAEf,QAAO;;;;;;;;;;AAWT,SAAS,sBAAsB,KAA4B;AAEzD,QAAO,IADY,IAAI,IACV,CAAC,aAAa,IAAI,QAAQ;;;AAIzC,MAAM,4BAA4B,IAAI,IAAI,CAAC,eAAe,UAAU,CAAC;AAErE,SAAS,wBAAwB,MAAuB;AACtD,QAAO,0BAA0B,IAAI,KAAK,IAAI,KAAK,WAAW,cAAc;;AAG9E,SAAS,qBAAqB,GAAgC;AAC5D,KAAI;AACF,SAAO,YAAY,EAAE,CAAC,OAAO;SACvB;AACN;;;AAIJ,SAAS,0BACP,GACA,gBACA,qBACQ;AACR,KAAI,gBAAgB,OAClB,QAAO,2BAA2B;EAChC,eAAe,qBAAqB,EAAE;EACtC,YAAY,SAAS,EAAE,IAAI,OAAO,KAAK;EACvC;EACA;EACD,CAAC;AAEJ,QAAO,uBAAuB,EAC5B,MAAM,SAAiB,EAAE,IAAI,OAAO,KAAK,IAAI,KAAA,GAC9C,CAAC;;;;;AAMJ,SAAgB,KAAK,QAAqB;CACxC,MAAM,EAAE,OAAO,gBAAgB,iBAAiB,2BAA2B,UAAU,EAAE;AAEvF,QAAO,iBAAiB,OAAO,GAAG,SAAS;EACzC,MAAM,eAAe,mBAAmB;EACxC,MAAM,WAAW,cAAc,SAAS,QAAQ,UAAU;AAE1D,MAAI,aAAa,iBAAiB;GAChC,MAAM,eAAe,0BAA0B;GAC/C,MAAM,iBAAiB,cAAc;GACrC,MAAM,qBAAqB,cAAc;GAEzC,MAAM,UAAU,kBAAkB,EAAE;GACpC,MAAM,QAAQ,2BAA2B,QAAQ;GACjD,MAAM,kBAAkB,MAAM,WAAW,CAAC,iCAAiC;GAC3E,MAAM,WAAW,0BACf,GACA,gBACA,cAAc,oBACf;GAGD,MAAM,EAAE,SAAS,KAAK,cAAc,KAAK,gBADxB,6BAA6B;IAAE;IAAU,QAD3C,EAAE,IAAI,OAAO,SACoC;IAAE,KAAK;IAAO,CACb;AAEjE,OAAI,CAAC,oBAAoB;AACvB,QAAI,gBACF,SAAQ,cAAc,cAAc,YAAY;AAElD,QAAI,KACF;KAAE,MAAM,EAAE,IAAI;KAAM,QAAQ,EAAE,IAAI;KAAQ;KAAU,QAAQ;KAAgC,EAC5F,mDACD;AACD,WAAO,EAAE,KAAK;KAAE,OAAO;KAAgB,SAAS;KAAwC,EAAE,IAAI;;GAGhG,MAAM,SAAS,sBAAsB;IACnC,eAAe,qBAAqB,EAAE;IACtC,YAAY,SAAS,EAAE,IAAI,OAAO,KAAK;IACvC;IACA;IACD,CAAC;AAEF,OAAI,OAAO,IAAI;AACb,QAAI,gBACF,SAAQ,cAAc,aAAa;AAErC,UAAM,MAAM;AACZ;;AAGF,OAAI,OAAO,OAAO,OAAO;AACvB,QAAI,iBAAiB;KACnB,MAAM,UAAU,QAAQ,aAAa,cAAc,YAAY;AAC/D,SAAI,QAAQ,SAAS;AACnB,QAAE,OAAO,eAAe,OAAO,QAAQ,cAAc,CAAC;AACtD,aAAO,EAAE,KACP;OACE,OAAO;OACP,SAAS;OACT,YAAY,QAAQ;OACrB,EACD,IACD;;AAEH,aAAQ,cAAc,cAAc,YAAY;;AAGlD,QAAI,KACF;KAAE,MAAM,EAAE,IAAI;KAAM,QAAQ,EAAE,IAAI;KAAQ;KAAU,QAAQ,OAAO;KAAQ,EAC3E,sDACD;AACD,WAAO,EAAE,KAAK;KAAE,OAAO;KAAgB,SAAS;KAAuC,EAAE,IAAI;;;AAIjG,MAAI,aAAa,UAAU,CAAC,MAC1B,QAAO,MAAM;EAGf,MAAM,UAAU,kBAAkB,EAAE;EACpC,MAAM,QAAQ,2BAA2B,QAAQ;EACjD,MAAM,kBAAkB,MAAM,WAAW,CAAC,iCAAiC;EAE3E,MAAM,eAAe,0BAA0B;EAC/C,MAAM,WAAW,0BACf,GACA,cAAc,gBACd,cAAc,oBACf;EAGD,MAAM,EAAE,SAAS,KAAK,cAAc,KAAK,gBADxB,6BAA6B;GAAE;GAAU,QAD3C,EAAE,IAAI,OAAO,SACoC;GAAE,KAAK;GAAO,CACb;EAEjE,MAAM,aAAa,uBAAuB,EAAE,IAAI,OAAO,gBAAgB,CAAC;EACxE,MAAM,cAAc,IAAI,IAAI,EAAE,IAAI,IAAI,CAAC;EACvC,MAAM,aAAa,wBAAwB,YAAY,GACnD,sBAAsB,EAAE,IAAI,IAAI,GAChC;AAEJ,MAAI,CAAC,cAAc,eAAe,QAAQ,IAAI,IAAI,EAAE,IAAI,IAAI,CAAC,aAAa,IAAI,QAAQ,CACpF,KAAI,KACF;GAAE,MAAM;GAAa,QAAQ,EAAE,IAAI;GAAQ;GAAU,EACrD,6EACD;EAGH,MAAM,gBAAgB,cAAc;AAEpC,MAAI,iBAAiB,cAAc,eAAe,MAAM,EAAE;AACxD,OAAI,gBACF,SAAQ,cAAc,aAAa;AAErC,SAAM,MAAM;AACZ;;AAGF,MAAI,iBAAiB;GACnB,MAAM,UAAU,QAAQ,aAAa,cAAc,YAAY;AAC/D,OAAI,QAAQ,SAAS;AACnB,MAAE,OAAO,eAAe,OAAO,QAAQ,cAAc,CAAC;AACtD,WAAO,EAAE,KACP;KACE,OAAO;KACP,SAAS;KACT,YAAY,QAAQ;KACrB,EACD,IACD;;;AAIL,MAAI,CAAC,eAAe;AAClB,OAAI,gBACF,SAAQ,cAAc,cAAc,YAAY;AAElD,OAAI,KACF;IAAE,MAAM,EAAE,IAAI;IAAM,QAAQ,EAAE,IAAI;IAAQ;IAAU,QAAQ;IAAiB,EAC7E,2CACD;AACD,UAAO,EAAE,KAAK;IAAE,OAAO;IAAgB,SAAS;IAAgC,EAAE,IAAI;;AAGxF,MAAI,CAAC,cAAc,eAAe,MAAM,EAAE;AACxC,OAAI,gBACF,SAAQ,cAAc,cAAc,YAAY;AAElD,OAAI,KACF;IAAE,MAAM,EAAE,IAAI;IAAM,QAAQ,EAAE,IAAI;IAAQ;IAAU,QAAQ;IAAiB,EAC7E,qCACD;AACD,UAAO,EAAE,KAAK;IAAE,OAAO;IAAgB,SAAS;IAAgC,EAAE,IAAI;;GAExF;;;;;AAWJ,SAAgB,sBACd,KACA,YACA,eACqB;AACrB,KAAI,CAAC,cACH,QAAO,EAAE,OAAO,MAAM;CAGxB,MAAM,aAAa,IAAI,aAAa,IAAI,QAAQ;CAChD,MAAM,cAAc,uBAAuB,WAAW;CAEtD,MAAM,gBAAgB,cAAc;AAEpC,KAAI,CAAC,eAAe;AAClB,MAAI,KACF;GAAE,MAAM,IAAI;GAAU,QAAQ;GAAiB,gBAAgB,QAAQ,YAAY;GAAE,EACrF,8DACD;AACD,SAAO;GAAE,OAAO;GAAO,OAAO;GAAgC;;AAGhE,KAAI,CAAC,gBAAgB,eAAe,cAAc,EAAE;AAClD,MAAI,KAAK;GAAE,MAAM,IAAI;GAAU,QAAQ;GAAiB,EAAE,0CAA0C;AACpG,SAAO;GAAE,OAAO;GAAO,OAAO;GAAgC;;AAGhE,QAAO,EAAE,OAAO,MAAM"}
1
+ {"version":3,"file":"auth.js","names":[],"sources":["../../../../../src/gateway/hono/middleware/auth.ts"],"sourcesContent":["import { createMiddleware } from 'hono/factory';\nimport type { Context } from 'hono';\nimport { getConnInfo } from '@hono/node-server/conninfo';\nimport type { GatewayAuthConfig } from '../../../config/schema.js';\nimport {\n getClientIpFromHeaders,\n isAuthRateLimitGloballyDisabled,\n resolveAuthRateLimitConfig,\n resolveAuthRateLimitTracking,\n} from '../../auth-rate-limit.js';\nimport type { ResolvedGatewayAuth } from '../../auth.js';\nimport { resolveClientIpFromRequest } from '../../client-ip.js';\nimport { safeEqualSecret } from '../../security/secret-equal.js';\nimport { authorizeTrustedProxy } from '../../trusted-proxy.js';\nimport { createLogger } from '../../../utils/logger.js';\n\nconst log = createLogger('Hono:Auth');\n\nexport interface AuthConfig {\n token?: string;\n /** Current gateway auth from config (for rate-limit settings); optional. */\n getGatewayAuth?: () => GatewayAuthConfig | undefined;\n getResolvedAuth?: () => ResolvedGatewayAuth;\n getTrustedProxyContext?: () => {\n trustedProxies?: string[];\n allowRealIpFallback?: boolean;\n };\n}\n\n/**\n * Validate token using constant-time comparison to prevent timing attacks.\n */\nfunction validateToken(providedToken: string | undefined, expectedToken: string): boolean {\n if (!providedToken) return false;\n return safeEqualSecret(providedToken, expectedToken);\n}\n\n/**\n * Extract token from Authorization header\n * Supports: \"Bearer <token>\", \"<token>\"\n */\nfunction extractTokenFromHeader(authHeader: string | null): string | null {\n if (!authHeader) return null;\n\n const parts = authHeader.split(' ');\n if (parts.length === 2 && parts[0].toLowerCase() === 'bearer') {\n return parts[1];\n }\n return authHeader;\n}\n\n/**\n * Extract token from query parameter.\n *\n * SECURITY: query-string tokens leak into server logs, Referer headers, and\n * browser history. We accept them only for SSE/WebSocket connections where\n * the `Authorization` header cannot be set by `EventSource`. For normal REST\n * requests prefer the `Authorization: Bearer <token>` header.\n */\nfunction extractTokenFromQuery(url: string): string | null {\n const parsed = new URL(url);\n return parsed.searchParams.get('token');\n}\n\n/** Paths where query-string token auth is acceptable (SSE / WebSocket). */\nconst QUERY_TOKEN_ALLOWED_PATHS = new Set(['/api/events', '/api/ws']);\n\nfunction isQueryTokenAllowedPath(path: string): boolean {\n return QUERY_TOKEN_ALLOWED_PATHS.has(path) || path.startsWith('/api/events');\n}\n\nfunction resolveRemoteAddress(c: Context): string | undefined {\n try {\n return getConnInfo(c).remote.address;\n } catch {\n return undefined;\n }\n}\n\nfunction resolveMiddlewareClientIp(\n c: Context,\n trustedProxies?: string[],\n allowRealIpFallback?: boolean,\n): string {\n if (trustedProxies?.length) {\n return resolveClientIpFromRequest({\n remoteAddress: resolveRemoteAddress(c),\n getHeader: (name) => c.req.header(name),\n trustedProxies,\n allowRealIpFallback,\n });\n }\n return getClientIpFromHeaders({\n get: (name: string) => c.req.header(name) ?? undefined,\n });\n}\n\n/**\n * Create auth middleware for HTTP routes\n */\nexport function auth(config?: AuthConfig) {\n const { token, getGatewayAuth, getResolvedAuth, getTrustedProxyContext } = config || {};\n\n return createMiddleware(async (c, next) => {\n const resolvedAuth = getResolvedAuth?.();\n const authMode = resolvedAuth?.mode ?? (token ? 'token' : 'none');\n\n if (authMode === 'trusted-proxy') {\n const proxyContext = getTrustedProxyContext?.();\n const trustedProxies = proxyContext?.trustedProxies;\n const trustedProxyConfig = resolvedAuth?.trustedProxy;\n\n const rlInput = getGatewayAuth?.()?.rateLimit;\n const rlCfg = resolveAuthRateLimitConfig(rlInput);\n const rateLimitActive = rlCfg.enabled && !isAuthRateLimitGloballyDisabled();\n const clientIp = resolveMiddlewareClientIp(\n c,\n trustedProxies,\n proxyContext?.allowRealIpFallback,\n );\n const origin = c.req.header('origin');\n const tracking = resolveAuthRateLimitTracking({ clientIp, origin, cfg: rlCfg });\n const { limiter, key: rateLimitKey, cfg: activeRlCfg } = tracking;\n\n if (!trustedProxyConfig) {\n if (rateLimitActive) {\n limiter.recordFailure(rateLimitKey, activeRlCfg);\n }\n log.warn(\n { path: c.req.path, method: c.req.method, clientIp, reason: 'trusted_proxy_config_missing' },\n 'HTTP auth rejected: trusted-proxy config missing',\n );\n return c.json({ error: 'Unauthorized', message: 'Trusted-proxy auth is not configured' }, 401);\n }\n\n const result = authorizeTrustedProxy({\n remoteAddress: resolveRemoteAddress(c),\n getHeader: (name) => c.req.header(name),\n trustedProxies,\n trustedProxyConfig,\n });\n\n if (result.ok) {\n if (rateLimitActive) {\n limiter.recordSuccess(rateLimitKey);\n }\n await next();\n return;\n }\n\n if (result.ok === false) {\n if (rateLimitActive) {\n const blocked = limiter.checkBlocked(rateLimitKey, activeRlCfg);\n if (blocked.blocked) {\n log.warn(\n {\n clientIp,\n origin: origin ?? undefined,\n path: c.req.path,\n method: c.req.method,\n attemptCount: activeRlCfg.maxAttempts,\n windowSec: Math.round(activeRlCfg.windowMs / 1000),\n blockDurationSec: Math.round(activeRlCfg.blockDurationMs / 1000),\n retryAfterSec: blocked.retryAfterSec,\n reason: 'auth_failure_rate_limit',\n },\n `Auth rate limit blocked: ${activeRlCfg.maxAttempts} failures in ${activeRlCfg.windowMs / 1000}s, blocking for ${activeRlCfg.blockDurationMs / 1000}s`,\n );\n c.header('Retry-After', String(blocked.retryAfterSec));\n return c.json(\n {\n error: 'Too Many Requests',\n message: 'Too many authentication attempts',\n retryAfter: blocked.retryAfterSec,\n },\n 429,\n );\n }\n limiter.recordFailure(rateLimitKey, activeRlCfg);\n }\n\n log.warn(\n {\n path: c.req.path,\n method: c.req.method,\n clientIp,\n reason: result.reason,\n },\n `HTTP auth rejected: trusted-proxy validation failed (${result.reason})`,\n );\n return c.json({ error: 'Unauthorized', message: 'Trusted-proxy authentication failed' }, 401);\n }\n }\n\n if (authMode === 'none' || !token) {\n return next();\n }\n\n const rlInput = getGatewayAuth?.()?.rateLimit;\n const rlCfg = resolveAuthRateLimitConfig(rlInput);\n const rateLimitActive = rlCfg.enabled && !isAuthRateLimitGloballyDisabled();\n\n const proxyContext = getTrustedProxyContext?.();\n const clientIp = resolveMiddlewareClientIp(\n c,\n proxyContext?.trustedProxies,\n proxyContext?.allowRealIpFallback,\n );\n const origin = c.req.header('origin');\n const tracking = resolveAuthRateLimitTracking({ clientIp, origin, cfg: rlCfg });\n const { limiter, key: rateLimitKey, cfg: activeRlCfg } = tracking;\n\n const authHeader = extractTokenFromHeader(c.req.header('authorization'));\n const requestPath = new URL(c.req.url).pathname;\n const queryToken = isQueryTokenAllowedPath(requestPath)\n ? extractTokenFromQuery(c.req.url)\n : null;\n\n if (!authHeader && queryToken === null && new URL(c.req.url).searchParams.has('token')) {\n log.warn(\n { path: requestPath, method: c.req.method, clientIp },\n 'Token in query string rejected: use Authorization header for this endpoint',\n );\n }\n\n const providedToken = authHeader || queryToken;\n\n if (providedToken && validateToken(providedToken, token)) {\n if (rateLimitActive) {\n limiter.recordSuccess(rateLimitKey);\n }\n await next();\n return;\n }\n\n if (rateLimitActive) {\n const blocked = limiter.checkBlocked(rateLimitKey, activeRlCfg);\n if (blocked.blocked) {\n log.warn(\n {\n clientIp,\n origin: origin ?? undefined,\n path: requestPath,\n method: c.req.method,\n attemptCount: activeRlCfg.maxAttempts,\n windowSec: Math.round(activeRlCfg.windowMs / 1000),\n blockDurationSec: Math.round(activeRlCfg.blockDurationMs / 1000),\n retryAfterSec: blocked.retryAfterSec,\n reason: 'auth_failure_rate_limit',\n },\n `Auth rate limit blocked: ${activeRlCfg.maxAttempts} failures in ${activeRlCfg.windowMs / 1000}s, blocking for ${activeRlCfg.blockDurationMs / 1000}s`,\n );\n c.header('Retry-After', String(blocked.retryAfterSec));\n return c.json(\n {\n error: 'Too Many Requests',\n message: 'Too many authentication attempts',\n retryAfter: blocked.retryAfterSec,\n },\n 429,\n );\n }\n }\n\n if (!providedToken) {\n if (rateLimitActive) {\n limiter.recordFailure(rateLimitKey, activeRlCfg);\n }\n log.warn(\n { path: c.req.path, method: c.req.method, clientIp, reason: 'missing_token' },\n 'HTTP auth rejected: no Bearer or ?token=',\n );\n return c.json({ error: 'Unauthorized', message: 'Missing authentication token' }, 401);\n }\n\n if (!validateToken(providedToken, token)) {\n if (rateLimitActive) {\n limiter.recordFailure(rateLimitKey, activeRlCfg);\n }\n log.warn(\n { path: c.req.path, method: c.req.method, clientIp, reason: 'invalid_token' },\n 'HTTP auth rejected: token mismatch',\n );\n return c.json({ error: 'Unauthorized', message: 'Invalid authentication token' }, 401);\n }\n });\n}\n\nexport interface WebSocketAuthResult {\n valid: boolean;\n error?: string;\n}\n\n/**\n * Validate WebSocket connection token\n */\nexport function validateWebSocketAuth(\n url: URL,\n authHeader: string | null,\n expectedToken?: string\n): WebSocketAuthResult {\n if (!expectedToken) {\n return { valid: true };\n }\n\n const queryToken = url.searchParams.get('token');\n const headerToken = extractTokenFromHeader(authHeader);\n\n const providedToken = queryToken || headerToken;\n\n if (!providedToken) {\n log.warn(\n { path: url.pathname, reason: 'missing_token', hasHeaderToken: Boolean(headerToken) },\n 'WebSocket auth rejected: no token in query or Authorization',\n );\n return { valid: false, error: 'Missing authentication token' };\n }\n\n if (!safeEqualSecret(providedToken, expectedToken)) {\n log.warn({ path: url.pathname, reason: 'invalid_token' }, 'WebSocket auth rejected: token mismatch');\n return { valid: false, error: 'Invalid authentication token' };\n }\n\n return { valid: true };\n}\n"],"mappings":";;;;;;;;;aAcwD;AAExD,MAAM,MAAM,aAAa,YAAY;;;;AAgBrC,SAAS,cAAc,eAAmC,eAAgC;AACxF,KAAI,CAAC,cAAe,QAAO;AAC3B,QAAO,gBAAgB,eAAe,cAAc;;;;;;AAOtD,SAAS,uBAAuB,YAA0C;AACxE,KAAI,CAAC,WAAY,QAAO;CAExB,MAAM,QAAQ,WAAW,MAAM,IAAI;AACnC,KAAI,MAAM,WAAW,KAAK,MAAM,GAAG,aAAa,KAAK,SACnD,QAAO,MAAM;AAEf,QAAO;;;;;;;;;;AAWT,SAAS,sBAAsB,KAA4B;AAEzD,QAAO,IADY,IAAI,IACV,CAAC,aAAa,IAAI,QAAQ;;;AAIzC,MAAM,4BAA4B,IAAI,IAAI,CAAC,eAAe,UAAU,CAAC;AAErE,SAAS,wBAAwB,MAAuB;AACtD,QAAO,0BAA0B,IAAI,KAAK,IAAI,KAAK,WAAW,cAAc;;AAG9E,SAAS,qBAAqB,GAAgC;AAC5D,KAAI;AACF,SAAO,YAAY,EAAE,CAAC,OAAO;SACvB;AACN;;;AAIJ,SAAS,0BACP,GACA,gBACA,qBACQ;AACR,KAAI,gBAAgB,OAClB,QAAO,2BAA2B;EAChC,eAAe,qBAAqB,EAAE;EACtC,YAAY,SAAS,EAAE,IAAI,OAAO,KAAK;EACvC;EACA;EACD,CAAC;AAEJ,QAAO,uBAAuB,EAC5B,MAAM,SAAiB,EAAE,IAAI,OAAO,KAAK,IAAI,KAAA,GAC9C,CAAC;;;;;AAMJ,SAAgB,KAAK,QAAqB;CACxC,MAAM,EAAE,OAAO,gBAAgB,iBAAiB,2BAA2B,UAAU,EAAE;AAEvF,QAAO,iBAAiB,OAAO,GAAG,SAAS;EACzC,MAAM,eAAe,mBAAmB;EACxC,MAAM,WAAW,cAAc,SAAS,QAAQ,UAAU;AAE1D,MAAI,aAAa,iBAAiB;GAChC,MAAM,eAAe,0BAA0B;GAC/C,MAAM,iBAAiB,cAAc;GACrC,MAAM,qBAAqB,cAAc;GAEzC,MAAM,UAAU,kBAAkB,EAAE;GACpC,MAAM,QAAQ,2BAA2B,QAAQ;GACjD,MAAM,kBAAkB,MAAM,WAAW,CAAC,iCAAiC;GAC3E,MAAM,WAAW,0BACf,GACA,gBACA,cAAc,oBACf;GACD,MAAM,SAAS,EAAE,IAAI,OAAO,SAAS;GAErC,MAAM,EAAE,SAAS,KAAK,cAAc,KAAK,gBADxB,6BAA6B;IAAE;IAAU;IAAQ,KAAK;IAAO,CACb;AAEjE,OAAI,CAAC,oBAAoB;AACvB,QAAI,gBACF,SAAQ,cAAc,cAAc,YAAY;AAElD,QAAI,KACF;KAAE,MAAM,EAAE,IAAI;KAAM,QAAQ,EAAE,IAAI;KAAQ;KAAU,QAAQ;KAAgC,EAC5F,mDACD;AACD,WAAO,EAAE,KAAK;KAAE,OAAO;KAAgB,SAAS;KAAwC,EAAE,IAAI;;GAGhG,MAAM,SAAS,sBAAsB;IACnC,eAAe,qBAAqB,EAAE;IACtC,YAAY,SAAS,EAAE,IAAI,OAAO,KAAK;IACvC;IACA;IACD,CAAC;AAEF,OAAI,OAAO,IAAI;AACb,QAAI,gBACF,SAAQ,cAAc,aAAa;AAErC,UAAM,MAAM;AACZ;;AAGF,OAAI,OAAO,OAAO,OAAO;AACvB,QAAI,iBAAiB;KACnB,MAAM,UAAU,QAAQ,aAAa,cAAc,YAAY;AAC/D,SAAI,QAAQ,SAAS;AACnB,UAAI,KACF;OACE;OACA,QAAQ,UAAU,KAAA;OAClB,MAAM,EAAE,IAAI;OACZ,QAAQ,EAAE,IAAI;OACd,cAAc,YAAY;OAC1B,WAAW,KAAK,MAAM,YAAY,WAAW,IAAK;OAClD,kBAAkB,KAAK,MAAM,YAAY,kBAAkB,IAAK;OAChE,eAAe,QAAQ;OACvB,QAAQ;OACT,EACD,4BAA4B,YAAY,YAAY,eAAe,YAAY,WAAW,IAAK,kBAAkB,YAAY,kBAAkB,IAAK,GACrJ;AACD,QAAE,OAAO,eAAe,OAAO,QAAQ,cAAc,CAAC;AACtD,aAAO,EAAE,KACP;OACE,OAAO;OACP,SAAS;OACT,YAAY,QAAQ;OACrB,EACD,IACD;;AAEH,aAAQ,cAAc,cAAc,YAAY;;AAGlD,QAAI,KACF;KACE,MAAM,EAAE,IAAI;KACZ,QAAQ,EAAE,IAAI;KACd;KACA,QAAQ,OAAO;KAChB,EACD,wDAAwD,OAAO,OAAO,GACvE;AACD,WAAO,EAAE,KAAK;KAAE,OAAO;KAAgB,SAAS;KAAuC,EAAE,IAAI;;;AAIjG,MAAI,aAAa,UAAU,CAAC,MAC1B,QAAO,MAAM;EAGf,MAAM,UAAU,kBAAkB,EAAE;EACpC,MAAM,QAAQ,2BAA2B,QAAQ;EACjD,MAAM,kBAAkB,MAAM,WAAW,CAAC,iCAAiC;EAE3E,MAAM,eAAe,0BAA0B;EAC/C,MAAM,WAAW,0BACf,GACA,cAAc,gBACd,cAAc,oBACf;EACD,MAAM,SAAS,EAAE,IAAI,OAAO,SAAS;EAErC,MAAM,EAAE,SAAS,KAAK,cAAc,KAAK,gBADxB,6BAA6B;GAAE;GAAU;GAAQ,KAAK;GAAO,CACb;EAEjE,MAAM,aAAa,uBAAuB,EAAE,IAAI,OAAO,gBAAgB,CAAC;EACxE,MAAM,cAAc,IAAI,IAAI,EAAE,IAAI,IAAI,CAAC;EACvC,MAAM,aAAa,wBAAwB,YAAY,GACnD,sBAAsB,EAAE,IAAI,IAAI,GAChC;AAEJ,MAAI,CAAC,cAAc,eAAe,QAAQ,IAAI,IAAI,EAAE,IAAI,IAAI,CAAC,aAAa,IAAI,QAAQ,CACpF,KAAI,KACF;GAAE,MAAM;GAAa,QAAQ,EAAE,IAAI;GAAQ;GAAU,EACrD,6EACD;EAGH,MAAM,gBAAgB,cAAc;AAEpC,MAAI,iBAAiB,cAAc,eAAe,MAAM,EAAE;AACxD,OAAI,gBACF,SAAQ,cAAc,aAAa;AAErC,SAAM,MAAM;AACZ;;AAGF,MAAI,iBAAiB;GACnB,MAAM,UAAU,QAAQ,aAAa,cAAc,YAAY;AAC/D,OAAI,QAAQ,SAAS;AACnB,QAAI,KACF;KACE;KACA,QAAQ,UAAU,KAAA;KAClB,MAAM;KACN,QAAQ,EAAE,IAAI;KACd,cAAc,YAAY;KAC1B,WAAW,KAAK,MAAM,YAAY,WAAW,IAAK;KAClD,kBAAkB,KAAK,MAAM,YAAY,kBAAkB,IAAK;KAChE,eAAe,QAAQ;KACvB,QAAQ;KACT,EACD,4BAA4B,YAAY,YAAY,eAAe,YAAY,WAAW,IAAK,kBAAkB,YAAY,kBAAkB,IAAK,GACrJ;AACD,MAAE,OAAO,eAAe,OAAO,QAAQ,cAAc,CAAC;AACtD,WAAO,EAAE,KACP;KACE,OAAO;KACP,SAAS;KACT,YAAY,QAAQ;KACrB,EACD,IACD;;;AAIL,MAAI,CAAC,eAAe;AAClB,OAAI,gBACF,SAAQ,cAAc,cAAc,YAAY;AAElD,OAAI,KACF;IAAE,MAAM,EAAE,IAAI;IAAM,QAAQ,EAAE,IAAI;IAAQ;IAAU,QAAQ;IAAiB,EAC7E,2CACD;AACD,UAAO,EAAE,KAAK;IAAE,OAAO;IAAgB,SAAS;IAAgC,EAAE,IAAI;;AAGxF,MAAI,CAAC,cAAc,eAAe,MAAM,EAAE;AACxC,OAAI,gBACF,SAAQ,cAAc,cAAc,YAAY;AAElD,OAAI,KACF;IAAE,MAAM,EAAE,IAAI;IAAM,QAAQ,EAAE,IAAI;IAAQ;IAAU,QAAQ;IAAiB,EAC7E,qCACD;AACD,UAAO,EAAE,KAAK;IAAE,OAAO;IAAgB,SAAS;IAAgC,EAAE,IAAI;;GAExF;;;;;AAWJ,SAAgB,sBACd,KACA,YACA,eACqB;AACrB,KAAI,CAAC,cACH,QAAO,EAAE,OAAO,MAAM;CAGxB,MAAM,aAAa,IAAI,aAAa,IAAI,QAAQ;CAChD,MAAM,cAAc,uBAAuB,WAAW;CAEtD,MAAM,gBAAgB,cAAc;AAEpC,KAAI,CAAC,eAAe;AAClB,MAAI,KACF;GAAE,MAAM,IAAI;GAAU,QAAQ;GAAiB,gBAAgB,QAAQ,YAAY;GAAE,EACrF,8DACD;AACD,SAAO;GAAE,OAAO;GAAO,OAAO;GAAgC;;AAGhE,KAAI,CAAC,gBAAgB,eAAe,cAAc,EAAE;AAClD,MAAI,KAAK;GAAE,MAAM,IAAI;GAAU,QAAQ;GAAiB,EAAE,0CAA0C;AACpG,SAAO;GAAE,OAAO;GAAO,OAAO;GAAgC;;AAGhE,QAAO,EAAE,OAAO,MAAM"}
package/dist/src/gateway/hono/middleware/logger.d.ts CHANGED
@@ -1 +1,5 @@
1
- export declare function logger(): import("hono/dist/types/types.js").MiddlewareHandler<any, string, {}, Response>;
1
+ export interface LoggerMiddlewareConfig {
2
+ trustedProxies?: string[];
3
+ allowRealIpFallback?: boolean;
4
+ }
5
+ export declare function logger(config?: LoggerMiddlewareConfig): import("hono/dist/types/types.js").MiddlewareHandler<any, string, {}, Response>;
package/dist/src/gateway/hono/middleware/logger.js CHANGED
@@ -1,20 +1,56 @@
1
1
  import { createLogger } from "../../../utils/logger/index.js";
2
2
  import { init_logger } from "../../../utils/logger.js";
3
+ import { getClientIpFromHeaders } from "../../auth-rate-limit.js";
4
+ import { resolveClientIpFromRequest } from "../../client-ip.js";
3
5
  import { createMiddleware } from "hono/factory";
6
+ import { getConnInfo } from "@hono/node-server/conninfo";
4
7
  //#region src/gateway/hono/middleware/logger.ts
5
8
  init_logger();
6
9
  const log = createLogger("Hono:Request");
7
- function logger() {
10
+ function resolveRemoteAddress(c) {
11
+ try {
12
+ return getConnInfo(c).remote.address;
13
+ } catch {
14
+ return;
15
+ }
16
+ }
17
+ function resolveRequestClientIp(c, config) {
18
+ const trustedProxies = config?.trustedProxies;
19
+ if (trustedProxies?.length) return resolveClientIpFromRequest({
20
+ remoteAddress: resolveRemoteAddress(c),
21
+ getHeader: (name) => c.req.header(name),
22
+ trustedProxies,
23
+ allowRealIpFallback: config?.allowRealIpFallback
24
+ });
25
+ return getClientIpFromHeaders({ get: (name) => c.req.header(name) ?? void 0 });
26
+ }
27
+ function logger(config) {
8
28
  return createMiddleware(async (c, next) => {
9
29
  const start = Date.now();
30
+ const clientIp = resolveRequestClientIp(c, config);
31
+ const userAgent = c.req.header("user-agent") ?? void 0;
32
+ const contentLength = c.req.header("content-length");
33
+ const referer = c.req.header("referer") ?? void 0;
10
34
  await next();
11
35
  const duration = Date.now() - start;
12
- log.debug({
36
+ const status = c.res.status;
37
+ const isServerError = status >= 500;
38
+ const isClientError = status >= 400 && status < 500;
39
+ const isSlow = duration > 1e3;
40
+ const logData = {
13
41
  method: c.req.method,
14
42
  path: c.req.path,
15
- status: c.res.status,
16
- duration: `${duration}ms`
17
- }, "HTTP request");
43
+ status,
44
+ durationMs: duration,
45
+ clientIp,
46
+ ...userAgent ? { userAgent } : {},
47
+ ...contentLength ? { contentLength: Number(contentLength) } : {},
48
+ ...referer ? { referer } : {}
49
+ };
50
+ const msg = `HTTP ${c.req.method} ${c.req.path} → ${status} (${duration}ms)`;
51
+ if (isServerError || isSlow) log.warn(logData, msg);
52
+ else if (isClientError) log.info(logData, msg);
53
+ else log.debug(logData, msg);
18
54
  });
19
55
  }
20
56
  //#endregion
package/dist/src/gateway/hono/middleware/logger.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"logger.js","names":[],"sources":["../../../../../src/gateway/hono/middleware/logger.ts"],"sourcesContent":["import { createMiddleware } from 'hono/factory';\nimport { createLogger } from '../../../utils/logger.js';\n\nconst log = createLogger('Hono:Request');\n\nexport function logger() {\n return createMiddleware(async (c, next) => {\n const start = Date.now();\n \n await next();\n \n const duration = Date.now() - start;\n \n log.debug({\n method: c.req.method,\n path: c.req.path,\n status: c.res.status,\n duration: `${duration}ms`,\n }, 'HTTP request');\n });\n}\n"],"mappings":";;;;aACwD;AAExD,MAAM,MAAM,aAAa,eAAe;AAExC,SAAgB,SAAS;AACvB,QAAO,iBAAiB,OAAO,GAAG,SAAS;EACzC,MAAM,QAAQ,KAAK,KAAK;AAExB,QAAM,MAAM;EAEZ,MAAM,WAAW,KAAK,KAAK,GAAG;AAE9B,MAAI,MAAM;GACR,QAAQ,EAAE,IAAI;GACd,MAAM,EAAE,IAAI;GACZ,QAAQ,EAAE,IAAI;GACd,UAAU,GAAG,SAAS;GACvB,EAAE,eAAe;GAClB"}
1
+ {"version":3,"file":"logger.js","names":[],"sources":["../../../../../src/gateway/hono/middleware/logger.ts"],"sourcesContent":["import { createMiddleware } from 'hono/factory';\nimport type { Context } from 'hono';\nimport { getConnInfo } from '@hono/node-server/conninfo';\n\nimport { getClientIpFromHeaders } from '../../auth-rate-limit.js';\nimport { resolveClientIpFromRequest } from '../../client-ip.js';\nimport { createLogger } from '../../../utils/logger.js';\n\nconst log = createLogger('Hono:Request');\n\nexport interface LoggerMiddlewareConfig {\n trustedProxies?: string[];\n allowRealIpFallback?: boolean;\n}\n\nfunction resolveRemoteAddress(c: Context): string | undefined {\n try {\n return getConnInfo(c).remote.address;\n } catch {\n return undefined;\n }\n}\n\nfunction resolveRequestClientIp(c: Context, config?: LoggerMiddlewareConfig): string {\n const trustedProxies = config?.trustedProxies;\n if (trustedProxies?.length) {\n return resolveClientIpFromRequest({\n remoteAddress: resolveRemoteAddress(c),\n getHeader: (name) => c.req.header(name),\n trustedProxies,\n allowRealIpFallback: config?.allowRealIpFallback,\n });\n }\n return getClientIpFromHeaders({\n get: (name) => c.req.header(name) ?? undefined,\n });\n}\n\nexport function logger(config?: LoggerMiddlewareConfig) {\n return createMiddleware(async (c, next) => {\n const start = Date.now();\n\n const clientIp = resolveRequestClientIp(c, config);\n const userAgent = c.req.header('user-agent') ?? undefined;\n const contentLength = c.req.header('content-length');\n const referer = c.req.header('referer') ?? undefined;\n\n await next();\n\n const duration = Date.now() - start;\n const status = c.res.status;\n const isServerError = status >= 500;\n const isClientError = status >= 400 && status < 500;\n const isSlow = duration > 1000;\n\n const logData = {\n method: c.req.method,\n path: c.req.path,\n status,\n durationMs: duration,\n clientIp,\n ...(userAgent ? { userAgent } : {}),\n ...(contentLength ? { contentLength: Number(contentLength) } : {}),\n ...(referer ? { referer } : {}),\n };\n\n const msg = `HTTP ${c.req.method} ${c.req.path} → ${status} (${duration}ms)`;\n\n if (isServerError || isSlow) {\n log.warn(logData, msg);\n } else if (isClientError) {\n // 4xx: info avoids doubling warn noise from auth / rate-limit handlers\n log.info(logData, msg);\n } else {\n log.debug(logData, msg);\n }\n });\n}\n"],"mappings":";;;;;;;aAMwD;AAExD,MAAM,MAAM,aAAa,eAAe;AAOxC,SAAS,qBAAqB,GAAgC;AAC5D,KAAI;AACF,SAAO,YAAY,EAAE,CAAC,OAAO;SACvB;AACN;;;AAIJ,SAAS,uBAAuB,GAAY,QAAyC;CACnF,MAAM,iBAAiB,QAAQ;AAC/B,KAAI,gBAAgB,OAClB,QAAO,2BAA2B;EAChC,eAAe,qBAAqB,EAAE;EACtC,YAAY,SAAS,EAAE,IAAI,OAAO,KAAK;EACvC;EACA,qBAAqB,QAAQ;EAC9B,CAAC;AAEJ,QAAO,uBAAuB,EAC5B,MAAM,SAAS,EAAE,IAAI,OAAO,KAAK,IAAI,KAAA,GACtC,CAAC;;AAGJ,SAAgB,OAAO,QAAiC;AACtD,QAAO,iBAAiB,OAAO,GAAG,SAAS;EACzC,MAAM,QAAQ,KAAK,KAAK;EAExB,MAAM,WAAW,uBAAuB,GAAG,OAAO;EAClD,MAAM,YAAY,EAAE,IAAI,OAAO,aAAa,IAAI,KAAA;EAChD,MAAM,gBAAgB,EAAE,IAAI,OAAO,iBAAiB;EACpD,MAAM,UAAU,EAAE,IAAI,OAAO,UAAU,IAAI,KAAA;AAE3C,QAAM,MAAM;EAEZ,MAAM,WAAW,KAAK,KAAK,GAAG;EAC9B,MAAM,SAAS,EAAE,IAAI;EACrB,MAAM,gBAAgB,UAAU;EAChC,MAAM,gBAAgB,UAAU,OAAO,SAAS;EAChD,MAAM,SAAS,WAAW;EAE1B,MAAM,UAAU;GACd,QAAQ,EAAE,IAAI;GACd,MAAM,EAAE,IAAI;GACZ;GACA,YAAY;GACZ;GACA,GAAI,YAAY,EAAE,WAAW,GAAG,EAAE;GAClC,GAAI,gBAAgB,EAAE,eAAe,OAAO,cAAc,EAAE,GAAG,EAAE;GACjE,GAAI,UAAU,EAAE,SAAS,GAAG,EAAE;GAC/B;EAED,MAAM,MAAM,QAAQ,EAAE,IAAI,OAAO,GAAG,EAAE,IAAI,KAAK,KAAK,OAAO,IAAI,SAAS;AAExE,MAAI,iBAAiB,OACnB,KAAI,KAAK,SAAS,IAAI;WACb,cAET,KAAI,KAAK,SAAS,IAAI;MAEtB,KAAI,MAAM,SAAS,IAAI;GAEzB"}
package/dist/src/gateway/hono/routes/exposure.js CHANGED
@@ -11,7 +11,8 @@ function createExposureMutationRateLimitMiddleware() {
11
11
  if (!token) return c.json({ error: "Gateway token required" }, 401);
12
12
  const result = consumeTunnelMutationLimit(token);
13
13
  if (!result.allowed) {
14
- c.header("Retry-After", String(Math.ceil(result.retryAfterMs / 1e3)));
14
+ const retryAfterSec = Math.ceil(result.retryAfterMs / 1e3);
15
+ c.header("Retry-After", String(retryAfterSec));
15
16
  return c.json({
16
17
  error: "Rate limit exceeded",
17
18
  retryAfterMs: result.retryAfterMs
package/dist/src/gateway/hono/routes/exposure.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"exposure.js","names":[],"sources":["../../../../../src/gateway/hono/routes/exposure.ts"],"sourcesContent":["import type { Hono, MiddlewareHandler } from 'hono';\n\nimport type { Config } from '../../../config/schema.js';\nimport { extractToken } from '../../auth.js';\nimport { getExposureManager } from '../../../remote-access/exposure-manager.js';\nimport type { GatewayTailscaleMode } from '../../server-tailscale.js';\nimport { consumeTunnelMutationLimit } from '../../../tunnel/tunnel-rate-limit.js';\nimport type { AuthenticatedRouteDeps } from './deps.js';\n\nfunction requireGatewayToken(c: { req: { header: (name: string) => string | undefined } }): string | null {\n return (\n extractToken({\n authorization: c.req.header('authorization') ?? undefined,\n }) ?? null\n );\n}\n\nfunction createExposureMutationRateLimitMiddleware(): MiddlewareHandler {\n return async (c, next) => {\n const token = requireGatewayToken(c);\n if (!token) {\n return c.json({ error: 'Gateway token required' }, 401);\n }\n const result = consumeTunnelMutationLimit(token);\n if (!result.allowed) {\n c.header('Retry-After', String(Math.ceil(result.retryAfterMs / 1000)));\n return c.json(\n { error: 'Rate limit exceeded', retryAfterMs: result.retryAfterMs },\n 429,\n );\n }\n return next();\n };\n}\n\nfunction resolveGatewayPort(config: Config): number {\n return config.gateway?.port ?? 18790;\n}\n\nexport function registerExposureRoutes(authenticated: Hono, deps: AuthenticatedRouteDeps): void {\n const manager = getExposureManager();\n\n authenticated.get('/api/exposure/status', async (c) => {\n const status = await manager.getStatus(deps.service.currentConfig);\n return c.json(status);\n });\n\n const mutationLimit = createExposureMutationRateLimitMiddleware();\n\n authenticated.post('/api/exposure/tailscale/start', mutationLimit, async (c) => {\n const body = (await c.req.json().catch(() => ({}))) as { mode?: GatewayTailscaleMode };\n const mode = body.mode === 'funnel' ? 'funnel' : 'serve';\n const config = deps.service.currentConfig;\n const port = resolveGatewayPort(config);\n try {\n await manager.startTailscale(config, port, mode);\n } catch (err) {\n const em = err instanceof Error ? err.message : String(err);\n return c.json({ error: em }, 400);\n }\n return c.json(await manager.getStatus(config));\n });\n\n authenticated.post('/api/exposure/tailscale/stop', mutationLimit, async (c) => {\n await manager.stopTailscale();\n return c.json(await manager.getStatus(deps.service.currentConfig));\n });\n}\n"],"mappings":";;;;AASA,SAAS,oBAAoB,GAA6E;AACxG,QACE,aAAa,EACX,eAAe,EAAE,IAAI,OAAO,gBAAgB,IAAI,KAAA,GACjD,CAAC,IAAI;;AAIV,SAAS,4CAA+D;AACtE,QAAO,OAAO,GAAG,SAAS;EACxB,MAAM,QAAQ,oBAAoB,EAAE;AACpC,MAAI,CAAC,MACH,QAAO,EAAE,KAAK,EAAE,OAAO,0BAA0B,EAAE,IAAI;EAEzD,MAAM,SAAS,2BAA2B,MAAM;AAChD,MAAI,CAAC,OAAO,SAAS;AACnB,KAAE,OAAO,eAAe,OAAO,KAAK,KAAK,OAAO,eAAe,IAAK,CAAC,CAAC;AACtE,UAAO,EAAE,KACP;IAAE,OAAO;IAAuB,cAAc,OAAO;IAAc,EACnE,IACD;;AAEH,SAAO,MAAM;;;AAIjB,SAAS,mBAAmB,QAAwB;AAClD,QAAO,OAAO,SAAS,QAAQ;;AAGjC,SAAgB,uBAAuB,eAAqB,MAAoC;CAC9F,MAAM,UAAU,oBAAoB;AAEpC,eAAc,IAAI,wBAAwB,OAAO,MAAM;EACrD,MAAM,SAAS,MAAM,QAAQ,UAAU,KAAK,QAAQ,cAAc;AAClE,SAAO,EAAE,KAAK,OAAO;GACrB;CAEF,MAAM,gBAAgB,2CAA2C;AAEjE,eAAc,KAAK,iCAAiC,eAAe,OAAO,MAAM;EAE9E,MAAM,QAAO,MADO,EAAE,IAAI,MAAM,CAAC,aAAa,EAAE,EAAE,EAChC,SAAS,WAAW,WAAW;EACjD,MAAM,SAAS,KAAK,QAAQ;EAC5B,MAAM,OAAO,mBAAmB,OAAO;AACvC,MAAI;AACF,SAAM,QAAQ,eAAe,QAAQ,MAAM,KAAK;WACzC,KAAK;GACZ,MAAM,KAAK,eAAe,QAAQ,IAAI,UAAU,OAAO,IAAI;AAC3D,UAAO,EAAE,KAAK,EAAE,OAAO,IAAI,EAAE,IAAI;;AAEnC,SAAO,EAAE,KAAK,MAAM,QAAQ,UAAU,OAAO,CAAC;GAC9C;AAEF,eAAc,KAAK,gCAAgC,eAAe,OAAO,MAAM;AAC7E,QAAM,QAAQ,eAAe;AAC7B,SAAO,EAAE,KAAK,MAAM,QAAQ,UAAU,KAAK,QAAQ,cAAc,CAAC;GAClE"}
1
+ {"version":3,"file":"exposure.js","names":[],"sources":["../../../../../src/gateway/hono/routes/exposure.ts"],"sourcesContent":["import type { Hono, MiddlewareHandler } from 'hono';\n\nimport type { Config } from '../../../config/schema.js';\nimport { extractToken } from '../../auth.js';\nimport { getExposureManager } from '../../../remote-access/exposure-manager.js';\nimport type { GatewayTailscaleMode } from '../../server-tailscale.js';\nimport { consumeTunnelMutationLimit } from '../../../tunnel/tunnel-rate-limit.js';\nimport type { AuthenticatedRouteDeps } from './deps.js';\n\nfunction requireGatewayToken(c: { req: { header: (name: string) => string | undefined } }): string | null {\n return (\n extractToken({\n authorization: c.req.header('authorization') ?? undefined,\n }) ?? null\n );\n}\n\nfunction createExposureMutationRateLimitMiddleware(): MiddlewareHandler {\n return async (c, next) => {\n const token = requireGatewayToken(c);\n if (!token) {\n return c.json({ error: 'Gateway token required' }, 401);\n }\n const result = consumeTunnelMutationLimit(token);\n if (!result.allowed) {\n const retryAfterSec = Math.ceil(result.retryAfterMs / 1000);\n c.header('Retry-After', String(retryAfterSec));\n return c.json(\n { error: 'Rate limit exceeded', retryAfterMs: result.retryAfterMs },\n 429,\n );\n }\n return next();\n };\n}\n\nfunction resolveGatewayPort(config: Config): number {\n return config.gateway?.port ?? 18790;\n}\n\nexport function registerExposureRoutes(authenticated: Hono, deps: AuthenticatedRouteDeps): void {\n const manager = getExposureManager();\n\n authenticated.get('/api/exposure/status', async (c) => {\n const status = await manager.getStatus(deps.service.currentConfig);\n return c.json(status);\n });\n\n const mutationLimit = createExposureMutationRateLimitMiddleware();\n\n authenticated.post('/api/exposure/tailscale/start', mutationLimit, async (c) => {\n const body = (await c.req.json().catch(() => ({}))) as { mode?: GatewayTailscaleMode };\n const mode = body.mode === 'funnel' ? 'funnel' : 'serve';\n const config = deps.service.currentConfig;\n const port = resolveGatewayPort(config);\n try {\n await manager.startTailscale(config, port, mode);\n } catch (err) {\n const em = err instanceof Error ? err.message : String(err);\n return c.json({ error: em }, 400);\n }\n return c.json(await manager.getStatus(config));\n });\n\n authenticated.post('/api/exposure/tailscale/stop', mutationLimit, async (c) => {\n await manager.stopTailscale();\n return c.json(await manager.getStatus(deps.service.currentConfig));\n });\n}\n"],"mappings":";;;;AASA,SAAS,oBAAoB,GAA6E;AACxG,QACE,aAAa,EACX,eAAe,EAAE,IAAI,OAAO,gBAAgB,IAAI,KAAA,GACjD,CAAC,IAAI;;AAIV,SAAS,4CAA+D;AACtE,QAAO,OAAO,GAAG,SAAS;EACxB,MAAM,QAAQ,oBAAoB,EAAE;AACpC,MAAI,CAAC,MACH,QAAO,EAAE,KAAK,EAAE,OAAO,0BAA0B,EAAE,IAAI;EAEzD,MAAM,SAAS,2BAA2B,MAAM;AAChD,MAAI,CAAC,OAAO,SAAS;GACnB,MAAM,gBAAgB,KAAK,KAAK,OAAO,eAAe,IAAK;AAC3D,KAAE,OAAO,eAAe,OAAO,cAAc,CAAC;AAC9C,UAAO,EAAE,KACP;IAAE,OAAO;IAAuB,cAAc,OAAO;IAAc,EACnE,IACD;;AAEH,SAAO,MAAM;;;AAIjB,SAAS,mBAAmB,QAAwB;AAClD,QAAO,OAAO,SAAS,QAAQ;;AAGjC,SAAgB,uBAAuB,eAAqB,MAAoC;CAC9F,MAAM,UAAU,oBAAoB;AAEpC,eAAc,IAAI,wBAAwB,OAAO,MAAM;EACrD,MAAM,SAAS,MAAM,QAAQ,UAAU,KAAK,QAAQ,cAAc;AAClE,SAAO,EAAE,KAAK,OAAO;GACrB;CAEF,MAAM,gBAAgB,2CAA2C;AAEjE,eAAc,KAAK,iCAAiC,eAAe,OAAO,MAAM;EAE9E,MAAM,QAAO,MADO,EAAE,IAAI,MAAM,CAAC,aAAa,EAAE,EAAE,EAChC,SAAS,WAAW,WAAW;EACjD,MAAM,SAAS,KAAK,QAAQ;EAC5B,MAAM,OAAO,mBAAmB,OAAO;AACvC,MAAI;AACF,SAAM,QAAQ,eAAe,QAAQ,MAAM,KAAK;WACzC,KAAK;GACZ,MAAM,KAAK,eAAe,QAAQ,IAAI,UAAU,OAAO,IAAI;AAC3D,UAAO,EAAE,KAAK,EAAE,OAAO,IAAI,EAAE,IAAI;;AAEnC,SAAO,EAAE,KAAK,MAAM,QAAQ,UAAU,OAAO,CAAC;GAC9C;AAEF,eAAc,KAAK,gCAAgC,eAAe,OAAO,MAAM;AAC7E,QAAM,QAAQ,eAAe;AAC7B,SAAO,EAAE,KAAK,MAAM,QAAQ,UAAU,KAAK,QAAQ,cAAc,CAAC;GAClE"}
package/dist/src/gateway/hono/sse.d.ts CHANGED
@@ -13,6 +13,7 @@ export interface SSEHandlerConfig {
13
13
  *
14
14
  * SSE events:
15
15
  * event: status — { status, runId }
16
+ * event: user_message — { timestamp, content?, attachments? } (user turn accepted, before agent tokens)
16
17
  * event: user_transcript — { text, attachments? } (voice STT complete, before agent tokens)
17
18
  * event: token — { content }
18
19
  * event: error — { content }
package/dist/src/gateway/hono/sse.js CHANGED
@@ -33,6 +33,7 @@ function maxBase64CharsForBinary(maxBinaryBytes) {
33
33
  *
34
34
  * SSE events:
35
35
  * event: status — { status, runId }
36
+ * event: user_message — { timestamp, content?, attachments? } (user turn accepted, before agent tokens)
36
37
  * event: user_transcript — { text, attachments? } (voice STT complete, before agent tokens)
37
38
  * event: token — { content }
38
39
  * event: error — { content }
package/dist/src/gateway/hono/sse.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"sse.js","names":[],"sources":["../../../../src/gateway/hono/sse.ts"],"sourcesContent":["import { randomUUID } from 'node:crypto';\nimport { streamSSE } from 'hono/streaming';\nimport type { Context } from 'hono';\nimport type { GatewayService } from '../service.js';\nimport { MAX_WEBCHAT_ATTACHMENT_FILE_BYTES } from '../chat-limits.js';\nimport { createLogger, updateAsyncLogContext } from '../../utils/logger.js';\nimport { stringifySSEData } from './sse-json.js';\nimport { buildSessionKey, parseSessionKey } from '../../routing/session-key.js';\nimport { getDefaultAgentId } from '../../routing/resolve-route.js';\n\nconst log = createLogger('Hono:SSE');\n\n// Active SSE connections tracking for connection limiting\nconst activeConnections = new Map<string, AbortController>();\n\nexport interface SSEHandlerConfig {\n service: GatewayService;\n maxSseConnections?: number;\n}\n\n// Type validation for agent request body\ninterface AgentRequestBody {\n message: string;\n channel?: string;\n chatId?: string;\n /** Alias for `chatId` (gateway console + extension clients). */\n sessionKey?: string;\n /** Epoch ms when the client started this send (abort cutoff / stale POST drop). */\n clientCreatedAtMs?: number;\n /** When true and `channel` is `webchat`, start a new peer id (new session). */\n newSession?: boolean;\n thinking?: string;\n attachments?: Array<{\n type: string;\n mimeType?: string;\n data?: string;\n name?: string;\n size?: number;\n }>;\n}\n\nfunction isValidAgentRequest(body: unknown): body is AgentRequestBody {\n if (!body || typeof body !== 'object') return false;\n const b = body as Record<string, unknown>;\n // Allow empty message if attachments are provided\n const hasMessage = typeof b.message === 'string';\n const hasAttachments = Array.isArray(b.attachments) && b.attachments.length > 0;\n return hasMessage || hasAttachments;\n}\n\n/** Max base64 character length that can decode to `MAX_WEBCHAT_ATTACHMENT_FILE_BYTES`. */\nfunction maxBase64CharsForBinary(maxBinaryBytes: number): number {\n return 4 * Math.ceil(maxBinaryBytes / 3);\n}\n\n/**\n * POST /api/agent — Send a message to the agent, stream response via SSE.\n *\n * Request body: { message, channel?, chatId?, attachments? }\n * Accept: text/event-stream → SSE stream\n * Accept: application/json → wait for full response, return JSON\n *\n * SSE events:\n * event: status — { status, runId }\n * event: user_transcript — { text, attachments? } (voice STT complete, before agent tokens)\n * event: token — { content }\n * event: error — { content }\n * event: result — { ok, payload: { status, summary } }\n */\nexport function createAgentSSEHandler(config: SSEHandlerConfig) {\n const { service } = config;\n\n return async (c: Context) => {\n const body = await c.req.json().catch(() => null);\n\n // Input validation\n if (!isValidAgentRequest(body)) {\n return c.json({\n ok: false,\n error: { code: 'BAD_REQUEST', message: 'Missing required field: message or attachments' }\n }, 400);\n }\n\n const { message, channel = 'webchat', attachments, thinking } = body;\n const clientCreatedAtMs =\n typeof body.clientCreatedAtMs === 'number' && Number.isFinite(body.clientCreatedAtMs)\n ? body.clientCreatedAtMs\n : undefined;\n const newSession = Boolean(body.newSession);\n let chatId = 'default';\n if (newSession && channel === 'webchat') {\n chatId = `chat_${randomUUID()}`;\n } else {\n const sk = typeof body.sessionKey === 'string' && body.sessionKey.trim() ? body.sessionKey.trim() : '';\n const cid = typeof body.chatId === 'string' && body.chatId.trim() ? body.chatId.trim() : '';\n const rawChatId = sk || cid || 'default';\n\n // Validate sessionKey / chatId format to prevent cross-session access\n if (rawChatId !== 'default' && !/^[a-zA-Z0-9][a-zA-Z0-9._:@\\-]{0,255}$/.test(rawChatId)) {\n log.warn({ rawChatId: rawChatId.slice(0, 64) }, 'Rejected invalid chatId format');\n return c.json({\n ok: false,\n error: { code: 'BAD_REQUEST', message: 'Invalid session key format' },\n }, 400);\n }\n chatId = rawChatId;\n }\n\n updateAsyncLogContext({ sessionId: String(chatId) });\n\n if (Array.isArray(attachments)) {\n const maxDataChars = maxBase64CharsForBinary(MAX_WEBCHAT_ATTACHMENT_FILE_BYTES);\n for (const a of attachments) {\n if (!a || typeof a !== 'object') continue;\n const data = (a as { data?: unknown }).data;\n if (typeof data === 'string' && data.length > maxDataChars) {\n return c.json(\n {\n ok: false,\n error: {\n code: 'BAD_REQUEST',\n message: `Attachment exceeds maximum size (${MAX_WEBCHAT_ATTACHMENT_FILE_BYTES} bytes)`,\n },\n },\n 400,\n );\n }\n }\n }\n\n const accept = c.req.header('Accept') || '';\n const wantSSE = accept.includes('text/event-stream');\n\n const clientAbort = new AbortController();\n const raw = c.req.raw;\n // Keep webchat runs alive across transient disconnects (page refresh / tab route switch)\n // so the client can reattach via /api/agent/resume using runId from `status`.\n // Explicit cancellation still goes through /api/agent/abort.\n if (channel !== 'webchat') {\n if (raw.signal.aborted) {\n clientAbort.abort();\n } else {\n raw.signal.addEventListener('abort', () => clientAbort.abort(), { once: true });\n }\n }\n\n // --- Non-streaming fallback: collect everything, return JSON ---\n if (!wantSSE) {\n let jsonSessionKey: string | undefined;\n if (channel === 'webchat') {\n const cfg = service.currentConfig;\n const parsedKey = parseSessionKey(chatId);\n jsonSessionKey = parsedKey\n ? chatId\n : buildSessionKey({\n agentId: getDefaultAgentId(cfg),\n source: 'webchat',\n accountId: 'default',\n peerKind: 'direct',\n peerId: chatId,\n });\n }\n\n const generator = service.runAgent(message, channel, chatId, attachments, thinking, {\n signal: clientAbort.signal,\n ...(clientCreatedAtMs !== undefined ? { clientCreatedAtMs } : {}),\n });\n try {\n let finalResult: { status: string; summary: string } | undefined;\n const tokens: string[] = [];\n\n while (true) {\n const { done, value } = await generator.next();\n if (done) {\n finalResult = value as { status: string; summary: string };\n break;\n }\n const chunk = value as { type: string; content?: string; status?: string; runId?: string };\n if (chunk.type === 'token' && chunk.content) {\n tokens.push(chunk.content);\n }\n }\n\n return c.json({\n ok: true,\n payload: {\n ...finalResult,\n content: tokens.join(''),\n ...(jsonSessionKey !== undefined\n ? { sessionKey: jsonSessionKey, key: jsonSessionKey }\n : {}),\n },\n });\n } catch (error) {\n log.error({ err: error }, 'Agent run failed (JSON mode)');\n return c.json({\n ok: false,\n error: { code: 'INTERNAL_ERROR', message: error instanceof Error ? error.message : 'Unknown error' },\n }, 500);\n }\n }\n\n // --- SSE streaming ---\n c.header('X-Accel-Buffering', 'no');\n return streamSSE(c, async (stream) => {\n if (channel !== 'webchat') {\n stream.onAbort(() => {\n clientAbort.abort();\n });\n }\n\n const generator = service.runAgent(message, channel, chatId, attachments, thinking, {\n signal: clientAbort.signal,\n ...(clientCreatedAtMs !== undefined ? { clientCreatedAtMs } : {}),\n });\n\n let eventId = 0;\n\n try {\n while (true) {\n const { done, value } = await generator.next();\n\n if (done) {\n // Final result\n await stream.writeSSE({\n id: String(++eventId),\n event: 'result',\n data: JSON.stringify({ ok: true, payload: value }),\n });\n break;\n }\n\n const chunk = value as { type: string; content?: string; status?: string; runId?: string };\n\n // Intermediate events: status / token / error\n await stream.writeSSE({\n id: String(++eventId),\n event: chunk.type || 'message',\n data: stringifySSEData(chunk),\n });\n }\n } catch (error) {\n log.error({ err: error }, 'Agent run failed (SSE mode)');\n await stream.writeSSE({\n id: String(++eventId),\n event: 'error',\n data: JSON.stringify({\n ok: false,\n error: { code: 'INTERNAL_ERROR', message: error instanceof Error ? error.message : 'Unknown error' },\n }),\n });\n }\n });\n };\n}\n\n/**\n * POST /api/agent/resume — Re-attach to an in-progress agent run via SSE.\n *\n * Request body: { runId, chatId }\n * The relay replays all buffered events from the beginning and then live-tails\n * until the run completes.\n *\n * SSE events are identical to those from POST /api/agent.\n */\nexport function createAgentResumeHandler(config: SSEHandlerConfig) {\n const { service } = config;\n\n return async (c: Context) => {\n const body = await c.req.json().catch(() => null);\n if (!body || typeof body !== 'object') {\n return c.json({ ok: false, error: { code: 'BAD_REQUEST', message: 'Invalid JSON body' } }, 400);\n }\n\n const { runId, chatId: resumeChatId } = body as { runId?: string; chatId?: string };\n if (typeof resumeChatId === 'string' && resumeChatId.trim()) {\n updateAsyncLogContext({ sessionId: resumeChatId.trim() });\n }\n if (!runId || typeof runId !== 'string') {\n return c.json({ ok: false, error: { code: 'BAD_REQUEST', message: 'Missing required field: runId' } }, 400);\n }\n\n if (!service.runRelay.hasRun(runId)) {\n return c.json({ ok: false, error: { code: 'NOT_FOUND', message: 'Run not found or already expired' } }, 404);\n }\n\n c.header('X-Accel-Buffering', 'no');\n return streamSSE(c, async (stream) => {\n let eventId = 0;\n try {\n for await (const event of service.runRelay.subscribe(runId)) {\n await stream.writeSSE({\n id: String(++eventId),\n event: event.type || 'message',\n data: stringifySSEData(event),\n });\n }\n // Run completed — send a final result event\n await stream.writeSSE({\n id: String(++eventId),\n event: 'result',\n data: JSON.stringify({ ok: true, payload: { status: 'ok', summary: 'Resumed run completed' } }),\n });\n } catch (error) {\n log.error({ err: error, runId }, 'Resume stream failed');\n await stream.writeSSE({\n id: String(++eventId),\n event: 'error',\n data: JSON.stringify({\n ok: false,\n error: { code: 'INTERNAL_ERROR', message: error instanceof Error ? error.message : 'Unknown error' },\n }),\n });\n }\n });\n };\n}\n\n/**\n * POST /api/send — Send a message through a channel (non-streaming).\n */\nexport function createSendHandler(config: SSEHandlerConfig) {\n const { service } = config;\n\n return async (c: Context) => {\n const body = await c.req.json().catch(() => ({}));\n const channel = body.channel as string;\n const chatId = body.chatId as string;\n const content = body.content as string;\n\n if (!channel || !chatId || !content) {\n return c.json(\n { ok: false, error: { code: 'BAD_REQUEST', message: 'Missing required fields: channel, chatId, content' } },\n 400,\n );\n }\n\n updateAsyncLogContext({ sessionId: String(chatId) });\n\n try {\n const result = await service.sendMessage(channel, chatId, content);\n return c.json({ ok: true, payload: result });\n } catch (error) {\n log.error({ err: error }, 'Send failed');\n return c.json(\n { ok: false, error: { code: 'INTERNAL_ERROR', message: error instanceof Error ? error.message : 'Unknown error' } },\n 500,\n );\n }\n };\n}\n\n/**\n * GET /api/events — Server-pushed event stream (SSE).\n *\n * The client opens this long-lived connection to receive:\n * - channel status changes\n * - config reload notifications\n * - cron execution results\n * - any other server-initiated events\n *\n * Supports Last-Event-ID for reconnection.\n * Enforces maximum connection limit to prevent DoS.\n */\nexport function createEventsSSEHandler(config: SSEHandlerConfig) {\n const { service } = config;\n const maxConnections = config.maxSseConnections ?? 100;\n\n return async (c: Context) => {\n // Check maximum connections limit\n if (activeConnections.size >= maxConnections) {\n log.warn({ current: activeConnections.size, max: maxConnections }, 'SSE connection limit reached');\n return c.json({\n ok: false,\n error: { code: 'TOO_MANY_CONNECTIONS', message: 'Maximum SSE connections exceeded' }\n }, 503);\n }\n\n const lastEventId = c.req.header('Last-Event-ID') || undefined;\n const sessionId = c.req.header('X-Session-Id')\n || c.req.query('sessionId')\n || crypto.randomUUID();\n\n updateAsyncLogContext({ sessionId: String(sessionId) });\n\n const abortController = new AbortController();\n activeConnections.set(sessionId, abortController);\n\n return streamSSE(c, async (stream) => {\n let aborted = false;\n\n // Send a hello event so the client knows the stream is established\n await stream.writeSSE({\n id: '0',\n event: 'connected',\n data: JSON.stringify({ sessionId }),\n });\n\n // Subscribe to service events\n const cleanup = service.subscribe(sessionId, async (event) => {\n if (aborted) return;\n try {\n await stream.writeSSE({\n id: event.id,\n event: event.type,\n data: JSON.stringify(event.payload),\n });\n } catch {\n // Stream closed, will be cleaned up by onAbort\n }\n });\n\n // Replay missed events on reconnect\n if (lastEventId) {\n const missed = service.getEventsSince(sessionId, lastEventId);\n for (const event of missed) {\n await stream.writeSSE({\n id: event.id,\n event: event.type,\n data: JSON.stringify(event.payload),\n });\n }\n }\n\n // Keep alive with periodic comments (every 30s)\n const keepAlive = setInterval(async () => {\n if (aborted) { clearInterval(keepAlive); return; }\n try {\n await stream.writeSSE({ event: 'ping', data: '' });\n } catch {\n clearInterval(keepAlive);\n }\n }, 30_000);\n\n // Block until aborted — streamSSE closes when the callback returns\n await new Promise<void>((resolve) => {\n stream.onAbort(() => {\n aborted = true;\n clearInterval(keepAlive);\n cleanup();\n activeConnections.delete(sessionId);\n log.debug({ sessionId }, 'Event stream disconnected');\n resolve();\n });\n });\n });\n };\n}\n"],"mappings":";;;;;;;;;;aAK4E;kBAEI;oBACb;AAEnE,MAAM,MAAM,aAAa,WAAW;AAGpC,MAAM,oCAAoB,IAAI,KAA8B;AA4B5D,SAAS,oBAAoB,MAAyC;AACpE,KAAI,CAAC,QAAQ,OAAO,SAAS,SAAU,QAAO;CAC9C,MAAM,IAAI;CAEV,MAAM,aAAa,OAAO,EAAE,YAAY;CACxC,MAAM,iBAAiB,MAAM,QAAQ,EAAE,YAAY,IAAI,EAAE,YAAY,SAAS;AAC9E,QAAO,cAAc;;;AAIvB,SAAS,wBAAwB,gBAAgC;AAC/D,QAAO,IAAI,KAAK,KAAK,iBAAiB,EAAE;;;;;;;;;;;;;;;;AAiB1C,SAAgB,sBAAsB,QAA0B;CAC9D,MAAM,EAAE,YAAY;AAEpB,QAAO,OAAO,MAAe;EAC3B,MAAM,OAAO,MAAM,EAAE,IAAI,MAAM,CAAC,YAAY,KAAK;AAGjD,MAAI,CAAC,oBAAoB,KAAK,CAC5B,QAAO,EAAE,KAAK;GACZ,IAAI;GACJ,OAAO;IAAE,MAAM;IAAe,SAAS;IAAkD;GAC1F,EAAE,IAAI;EAGT,MAAM,EAAE,SAAS,UAAU,WAAW,aAAa,aAAa;EAChE,MAAM,oBACJ,OAAO,KAAK,sBAAsB,YAAY,OAAO,SAAS,KAAK,kBAAkB,GACjF,KAAK,oBACL,KAAA;EACN,MAAM,aAAa,QAAQ,KAAK,WAAW;EAC3C,IAAI,SAAS;AACb,MAAI,cAAc,YAAY,UAC5B,UAAS,QAAQ,YAAY;OACxB;GACL,MAAM,KAAK,OAAO,KAAK,eAAe,YAAY,KAAK,WAAW,MAAM,GAAG,KAAK,WAAW,MAAM,GAAG;GACpG,MAAM,MAAM,OAAO,KAAK,WAAW,YAAY,KAAK,OAAO,MAAM,GAAG,KAAK,OAAO,MAAM,GAAG;GACzF,MAAM,YAAY,MAAM,OAAO;AAG/B,OAAI,cAAc,aAAa,CAAC,wCAAwC,KAAK,UAAU,EAAE;AACvF,QAAI,KAAK,EAAE,WAAW,UAAU,MAAM,GAAG,GAAG,EAAE,EAAE,iCAAiC;AACjF,WAAO,EAAE,KAAK;KACZ,IAAI;KACJ,OAAO;MAAE,MAAM;MAAe,SAAS;MAA8B;KACtE,EAAE,IAAI;;AAET,YAAS;;AAGX,wBAAsB,EAAE,WAAW,OAAO,OAAO,EAAE,CAAC;AAEpD,MAAI,MAAM,QAAQ,YAAY,EAAE;GAC9B,MAAM,eAAe,wBAAwB,kCAAkC;AAC/E,QAAK,MAAM,KAAK,aAAa;AAC3B,QAAI,CAAC,KAAK,OAAO,MAAM,SAAU;IACjC,MAAM,OAAQ,EAAyB;AACvC,QAAI,OAAO,SAAS,YAAY,KAAK,SAAS,aAC5C,QAAO,EAAE,KACP;KACE,IAAI;KACJ,OAAO;MACL,MAAM;MACN,SAAS,oCAAoC,kCAAkC;MAChF;KACF,EACD,IACD;;;EAMP,MAAM,WADS,EAAE,IAAI,OAAO,SAAS,IAAI,IAClB,SAAS,oBAAoB;EAEpD,MAAM,cAAc,IAAI,iBAAiB;EACzC,MAAM,MAAM,EAAE,IAAI;AAIlB,MAAI,YAAY,UACd,KAAI,IAAI,OAAO,QACb,aAAY,OAAO;MAEnB,KAAI,OAAO,iBAAiB,eAAe,YAAY,OAAO,EAAE,EAAE,MAAM,MAAM,CAAC;AAKnF,MAAI,CAAC,SAAS;GACZ,IAAI;AACJ,OAAI,YAAY,WAAW;IACzB,MAAM,MAAM,QAAQ;AAEpB,qBADkB,gBAAgB,OACR,GACtB,SACA,gBAAgB;KACd,SAAS,kBAAkB,IAAI;KAC/B,QAAQ;KACR,WAAW;KACX,UAAU;KACV,QAAQ;KACT,CAAC;;GAGR,MAAM,YAAY,QAAQ,SAAS,SAAS,SAAS,QAAQ,aAAa,UAAU;IAClF,QAAQ,YAAY;IACpB,GAAI,sBAAsB,KAAA,IAAY,EAAE,mBAAmB,GAAG,EAAE;IACjE,CAAC;AACF,OAAI;IACF,IAAI;IACJ,MAAM,SAAmB,EAAE;AAE3B,WAAO,MAAM;KACX,MAAM,EAAE,MAAM,UAAU,MAAM,UAAU,MAAM;AAC9C,SAAI,MAAM;AACR,oBAAc;AACd;;KAEF,MAAM,QAAQ;AACd,SAAI,MAAM,SAAS,WAAW,MAAM,QAClC,QAAO,KAAK,MAAM,QAAQ;;AAI9B,WAAO,EAAE,KAAK;KACZ,IAAI;KACJ,SAAS;MACP,GAAG;MACH,SAAS,OAAO,KAAK,GAAG;MACxB,GAAI,mBAAmB,KAAA,IACnB;OAAE,YAAY;OAAgB,KAAK;OAAgB,GACnD,EAAE;MACP;KACF,CAAC;YACK,OAAO;AACd,QAAI,MAAM,EAAE,KAAK,OAAO,EAAE,+BAA+B;AACzD,WAAO,EAAE,KAAK;KACZ,IAAI;KACJ,OAAO;MAAE,MAAM;MAAkB,SAAS,iBAAiB,QAAQ,MAAM,UAAU;MAAiB;KACrG,EAAE,IAAI;;;AAKX,IAAE,OAAO,qBAAqB,KAAK;AACnC,SAAO,UAAU,GAAG,OAAO,WAAW;AACpC,OAAI,YAAY,UACd,QAAO,cAAc;AACnB,gBAAY,OAAO;KACnB;GAGJ,MAAM,YAAY,QAAQ,SAAS,SAAS,SAAS,QAAQ,aAAa,UAAU;IAClF,QAAQ,YAAY;IACpB,GAAI,sBAAsB,KAAA,IAAY,EAAE,mBAAmB,GAAG,EAAE;IACjE,CAAC;GAEF,IAAI,UAAU;AAEd,OAAI;AACF,WAAO,MAAM;KACX,MAAM,EAAE,MAAM,UAAU,MAAM,UAAU,MAAM;AAE9C,SAAI,MAAM;AAER,YAAM,OAAO,SAAS;OACpB,IAAI,OAAO,EAAE,QAAQ;OACrB,OAAO;OACP,MAAM,KAAK,UAAU;QAAE,IAAI;QAAM,SAAS;QAAO,CAAC;OACnD,CAAC;AACF;;KAGF,MAAM,QAAQ;AAGd,WAAM,OAAO,SAAS;MACpB,IAAI,OAAO,EAAE,QAAQ;MACrB,OAAO,MAAM,QAAQ;MACrB,MAAM,iBAAiB,MAAM;MAC9B,CAAC;;YAEG,OAAO;AACd,QAAI,MAAM,EAAE,KAAK,OAAO,EAAE,8BAA8B;AACxD,UAAM,OAAO,SAAS;KACpB,IAAI,OAAO,EAAE,QAAQ;KACrB,OAAO;KACP,MAAM,KAAK,UAAU;MACnB,IAAI;MACJ,OAAO;OAAE,MAAM;OAAkB,SAAS,iBAAiB,QAAQ,MAAM,UAAU;OAAiB;MACrG,CAAC;KACH,CAAC;;IAEJ;;;;;;;;;;;;AAaN,SAAgB,yBAAyB,QAA0B;CACjE,MAAM,EAAE,YAAY;AAEpB,QAAO,OAAO,MAAe;EAC3B,MAAM,OAAO,MAAM,EAAE,IAAI,MAAM,CAAC,YAAY,KAAK;AACjD,MAAI,CAAC,QAAQ,OAAO,SAAS,SAC3B,QAAO,EAAE,KAAK;GAAE,IAAI;GAAO,OAAO;IAAE,MAAM;IAAe,SAAS;IAAqB;GAAE,EAAE,IAAI;EAGjG,MAAM,EAAE,OAAO,QAAQ,iBAAiB;AACxC,MAAI,OAAO,iBAAiB,YAAY,aAAa,MAAM,CACzD,uBAAsB,EAAE,WAAW,aAAa,MAAM,EAAE,CAAC;AAE3D,MAAI,CAAC,SAAS,OAAO,UAAU,SAC7B,QAAO,EAAE,KAAK;GAAE,IAAI;GAAO,OAAO;IAAE,MAAM;IAAe,SAAS;IAAiC;GAAE,EAAE,IAAI;AAG7G,MAAI,CAAC,QAAQ,SAAS,OAAO,MAAM,CACjC,QAAO,EAAE,KAAK;GAAE,IAAI;GAAO,OAAO;IAAE,MAAM;IAAa,SAAS;IAAoC;GAAE,EAAE,IAAI;AAG9G,IAAE,OAAO,qBAAqB,KAAK;AACnC,SAAO,UAAU,GAAG,OAAO,WAAW;GACpC,IAAI,UAAU;AACd,OAAI;AACF,eAAW,MAAM,SAAS,QAAQ,SAAS,UAAU,MAAM,CACzD,OAAM,OAAO,SAAS;KACpB,IAAI,OAAO,EAAE,QAAQ;KACrB,OAAO,MAAM,QAAQ;KACrB,MAAM,iBAAiB,MAAM;KAC9B,CAAC;AAGJ,UAAM,OAAO,SAAS;KACpB,IAAI,OAAO,EAAE,QAAQ;KACrB,OAAO;KACP,MAAM,KAAK,UAAU;MAAE,IAAI;MAAM,SAAS;OAAE,QAAQ;OAAM,SAAS;OAAyB;MAAE,CAAC;KAChG,CAAC;YACK,OAAO;AACd,QAAI,MAAM;KAAE,KAAK;KAAO;KAAO,EAAE,uBAAuB;AACxD,UAAM,OAAO,SAAS;KACpB,IAAI,OAAO,EAAE,QAAQ;KACrB,OAAO;KACP,MAAM,KAAK,UAAU;MACnB,IAAI;MACJ,OAAO;OAAE,MAAM;OAAkB,SAAS,iBAAiB,QAAQ,MAAM,UAAU;OAAiB;MACrG,CAAC;KACH,CAAC;;IAEJ;;;;;;AAON,SAAgB,kBAAkB,QAA0B;CAC1D,MAAM,EAAE,YAAY;AAEpB,QAAO,OAAO,MAAe;EAC3B,MAAM,OAAO,MAAM,EAAE,IAAI,MAAM,CAAC,aAAa,EAAE,EAAE;EACjD,MAAM,UAAU,KAAK;EACrB,MAAM,SAAS,KAAK;EACpB,MAAM,UAAU,KAAK;AAErB,MAAI,CAAC,WAAW,CAAC,UAAU,CAAC,QAC1B,QAAO,EAAE,KACP;GAAE,IAAI;GAAO,OAAO;IAAE,MAAM;IAAe,SAAS;IAAqD;GAAE,EAC3G,IACD;AAGH,wBAAsB,EAAE,WAAW,OAAO,OAAO,EAAE,CAAC;AAEpD,MAAI;GACF,MAAM,SAAS,MAAM,QAAQ,YAAY,SAAS,QAAQ,QAAQ;AAClE,UAAO,EAAE,KAAK;IAAE,IAAI;IAAM,SAAS;IAAQ,CAAC;WACrC,OAAO;AACd,OAAI,MAAM,EAAE,KAAK,OAAO,EAAE,cAAc;AACxC,UAAO,EAAE,KACP;IAAE,IAAI;IAAO,OAAO;KAAE,MAAM;KAAkB,SAAS,iBAAiB,QAAQ,MAAM,UAAU;KAAiB;IAAE,EACnH,IACD;;;;;;;;;;;;;;;;AAiBP,SAAgB,uBAAuB,QAA0B;CAC/D,MAAM,EAAE,YAAY;CACpB,MAAM,iBAAiB,OAAO,qBAAqB;AAEnD,QAAO,OAAO,MAAe;AAE3B,MAAI,kBAAkB,QAAQ,gBAAgB;AAC5C,OAAI,KAAK;IAAE,SAAS,kBAAkB;IAAM,KAAK;IAAgB,EAAE,+BAA+B;AAClG,UAAO,EAAE,KAAK;IACZ,IAAI;IACJ,OAAO;KAAE,MAAM;KAAwB,SAAS;KAAoC;IACrF,EAAE,IAAI;;EAGT,MAAM,cAAc,EAAE,IAAI,OAAO,gBAAgB,IAAI,KAAA;EACrD,MAAM,YAAY,EAAE,IAAI,OAAO,eAAe,IACzC,EAAE,IAAI,MAAM,YAAY,IACxB,OAAO,YAAY;AAExB,wBAAsB,EAAE,WAAW,OAAO,UAAU,EAAE,CAAC;EAEvD,MAAM,kBAAkB,IAAI,iBAAiB;AAC7C,oBAAkB,IAAI,WAAW,gBAAgB;AAEjD,SAAO,UAAU,GAAG,OAAO,WAAW;GACpC,IAAI,UAAU;AAGd,SAAM,OAAO,SAAS;IACpB,IAAI;IACJ,OAAO;IACP,MAAM,KAAK,UAAU,EAAE,WAAW,CAAC;IACpC,CAAC;GAGF,MAAM,UAAU,QAAQ,UAAU,WAAW,OAAO,UAAU;AAC5D,QAAI,QAAS;AACb,QAAI;AACF,WAAM,OAAO,SAAS;MACpB,IAAI,MAAM;MACV,OAAO,MAAM;MACb,MAAM,KAAK,UAAU,MAAM,QAAQ;MACpC,CAAC;YACI;KAGR;AAGF,OAAI,aAAa;IACf,MAAM,SAAS,QAAQ,eAAe,WAAW,YAAY;AAC7D,SAAK,MAAM,SAAS,OAClB,OAAM,OAAO,SAAS;KACpB,IAAI,MAAM;KACV,OAAO,MAAM;KACb,MAAM,KAAK,UAAU,MAAM,QAAQ;KACpC,CAAC;;GAKN,MAAM,YAAY,YAAY,YAAY;AACxC,QAAI,SAAS;AAAE,mBAAc,UAAU;AAAE;;AACzC,QAAI;AACF,WAAM,OAAO,SAAS;MAAE,OAAO;MAAQ,MAAM;MAAI,CAAC;YAC5C;AACN,mBAAc,UAAU;;MAEzB,IAAO;AAGV,SAAM,IAAI,SAAe,YAAY;AACnC,WAAO,cAAc;AACnB,eAAU;AACV,mBAAc,UAAU;AACxB,cAAS;AACT,uBAAkB,OAAO,UAAU;AACnC,SAAI,MAAM,EAAE,WAAW,EAAE,4BAA4B;AACrD,cAAS;MACT;KACF;IACF"}
1
+ {"version":3,"file":"sse.js","names":[],"sources":["../../../../src/gateway/hono/sse.ts"],"sourcesContent":["import { randomUUID } from 'node:crypto';\nimport { streamSSE } from 'hono/streaming';\nimport type { Context } from 'hono';\nimport type { GatewayService } from '../service.js';\nimport { MAX_WEBCHAT_ATTACHMENT_FILE_BYTES } from '../chat-limits.js';\nimport { createLogger, updateAsyncLogContext } from '../../utils/logger.js';\nimport { stringifySSEData } from './sse-json.js';\nimport { buildSessionKey, parseSessionKey } from '../../routing/session-key.js';\nimport { getDefaultAgentId } from '../../routing/resolve-route.js';\n\nconst log = createLogger('Hono:SSE');\n\n// Active SSE connections tracking for connection limiting\nconst activeConnections = new Map<string, AbortController>();\n\nexport interface SSEHandlerConfig {\n service: GatewayService;\n maxSseConnections?: number;\n}\n\n// Type validation for agent request body\ninterface AgentRequestBody {\n message: string;\n channel?: string;\n chatId?: string;\n /** Alias for `chatId` (gateway console + extension clients). */\n sessionKey?: string;\n /** Epoch ms when the client started this send (abort cutoff / stale POST drop). */\n clientCreatedAtMs?: number;\n /** When true and `channel` is `webchat`, start a new peer id (new session). */\n newSession?: boolean;\n thinking?: string;\n attachments?: Array<{\n type: string;\n mimeType?: string;\n data?: string;\n name?: string;\n size?: number;\n }>;\n}\n\nfunction isValidAgentRequest(body: unknown): body is AgentRequestBody {\n if (!body || typeof body !== 'object') return false;\n const b = body as Record<string, unknown>;\n // Allow empty message if attachments are provided\n const hasMessage = typeof b.message === 'string';\n const hasAttachments = Array.isArray(b.attachments) && b.attachments.length > 0;\n return hasMessage || hasAttachments;\n}\n\n/** Max base64 character length that can decode to `MAX_WEBCHAT_ATTACHMENT_FILE_BYTES`. */\nfunction maxBase64CharsForBinary(maxBinaryBytes: number): number {\n return 4 * Math.ceil(maxBinaryBytes / 3);\n}\n\n/**\n * POST /api/agent — Send a message to the agent, stream response via SSE.\n *\n * Request body: { message, channel?, chatId?, attachments? }\n * Accept: text/event-stream → SSE stream\n * Accept: application/json → wait for full response, return JSON\n *\n * SSE events:\n * event: status — { status, runId }\n * event: user_message — { timestamp, content?, attachments? } (user turn accepted, before agent tokens)\n * event: user_transcript — { text, attachments? } (voice STT complete, before agent tokens)\n * event: token — { content }\n * event: error — { content }\n * event: result — { ok, payload: { status, summary } }\n */\nexport function createAgentSSEHandler(config: SSEHandlerConfig) {\n const { service } = config;\n\n return async (c: Context) => {\n const body = await c.req.json().catch(() => null);\n\n // Input validation\n if (!isValidAgentRequest(body)) {\n return c.json({\n ok: false,\n error: { code: 'BAD_REQUEST', message: 'Missing required field: message or attachments' }\n }, 400);\n }\n\n const { message, channel = 'webchat', attachments, thinking } = body;\n const clientCreatedAtMs =\n typeof body.clientCreatedAtMs === 'number' && Number.isFinite(body.clientCreatedAtMs)\n ? body.clientCreatedAtMs\n : undefined;\n const newSession = Boolean(body.newSession);\n let chatId = 'default';\n if (newSession && channel === 'webchat') {\n chatId = `chat_${randomUUID()}`;\n } else {\n const sk = typeof body.sessionKey === 'string' && body.sessionKey.trim() ? body.sessionKey.trim() : '';\n const cid = typeof body.chatId === 'string' && body.chatId.trim() ? body.chatId.trim() : '';\n const rawChatId = sk || cid || 'default';\n\n // Validate sessionKey / chatId format to prevent cross-session access\n if (rawChatId !== 'default' && !/^[a-zA-Z0-9][a-zA-Z0-9._:@\\-]{0,255}$/.test(rawChatId)) {\n log.warn({ rawChatId: rawChatId.slice(0, 64) }, 'Rejected invalid chatId format');\n return c.json({\n ok: false,\n error: { code: 'BAD_REQUEST', message: 'Invalid session key format' },\n }, 400);\n }\n chatId = rawChatId;\n }\n\n updateAsyncLogContext({ sessionId: String(chatId) });\n\n if (Array.isArray(attachments)) {\n const maxDataChars = maxBase64CharsForBinary(MAX_WEBCHAT_ATTACHMENT_FILE_BYTES);\n for (const a of attachments) {\n if (!a || typeof a !== 'object') continue;\n const data = (a as { data?: unknown }).data;\n if (typeof data === 'string' && data.length > maxDataChars) {\n return c.json(\n {\n ok: false,\n error: {\n code: 'BAD_REQUEST',\n message: `Attachment exceeds maximum size (${MAX_WEBCHAT_ATTACHMENT_FILE_BYTES} bytes)`,\n },\n },\n 400,\n );\n }\n }\n }\n\n const accept = c.req.header('Accept') || '';\n const wantSSE = accept.includes('text/event-stream');\n\n const clientAbort = new AbortController();\n const raw = c.req.raw;\n // Keep webchat runs alive across transient disconnects (page refresh / tab route switch)\n // so the client can reattach via /api/agent/resume using runId from `status`.\n // Explicit cancellation still goes through /api/agent/abort.\n if (channel !== 'webchat') {\n if (raw.signal.aborted) {\n clientAbort.abort();\n } else {\n raw.signal.addEventListener('abort', () => clientAbort.abort(), { once: true });\n }\n }\n\n // --- Non-streaming fallback: collect everything, return JSON ---\n if (!wantSSE) {\n let jsonSessionKey: string | undefined;\n if (channel === 'webchat') {\n const cfg = service.currentConfig;\n const parsedKey = parseSessionKey(chatId);\n jsonSessionKey = parsedKey\n ? chatId\n : buildSessionKey({\n agentId: getDefaultAgentId(cfg),\n source: 'webchat',\n accountId: 'default',\n peerKind: 'direct',\n peerId: chatId,\n });\n }\n\n const generator = service.runAgent(message, channel, chatId, attachments, thinking, {\n signal: clientAbort.signal,\n ...(clientCreatedAtMs !== undefined ? { clientCreatedAtMs } : {}),\n });\n try {\n let finalResult: { status: string; summary: string } | undefined;\n const tokens: string[] = [];\n\n while (true) {\n const { done, value } = await generator.next();\n if (done) {\n finalResult = value as { status: string; summary: string };\n break;\n }\n const chunk = value as { type: string; content?: string; status?: string; runId?: string };\n if (chunk.type === 'token' && chunk.content) {\n tokens.push(chunk.content);\n }\n }\n\n return c.json({\n ok: true,\n payload: {\n ...finalResult,\n content: tokens.join(''),\n ...(jsonSessionKey !== undefined\n ? { sessionKey: jsonSessionKey, key: jsonSessionKey }\n : {}),\n },\n });\n } catch (error) {\n log.error({ err: error }, 'Agent run failed (JSON mode)');\n return c.json({\n ok: false,\n error: { code: 'INTERNAL_ERROR', message: error instanceof Error ? error.message : 'Unknown error' },\n }, 500);\n }\n }\n\n // --- SSE streaming ---\n c.header('X-Accel-Buffering', 'no');\n return streamSSE(c, async (stream) => {\n if (channel !== 'webchat') {\n stream.onAbort(() => {\n clientAbort.abort();\n });\n }\n\n const generator = service.runAgent(message, channel, chatId, attachments, thinking, {\n signal: clientAbort.signal,\n ...(clientCreatedAtMs !== undefined ? { clientCreatedAtMs } : {}),\n });\n\n let eventId = 0;\n\n try {\n while (true) {\n const { done, value } = await generator.next();\n\n if (done) {\n // Final result\n await stream.writeSSE({\n id: String(++eventId),\n event: 'result',\n data: JSON.stringify({ ok: true, payload: value }),\n });\n break;\n }\n\n const chunk = value as { type: string; content?: string; status?: string; runId?: string };\n\n // Intermediate events: status / token / error\n await stream.writeSSE({\n id: String(++eventId),\n event: chunk.type || 'message',\n data: stringifySSEData(chunk),\n });\n }\n } catch (error) {\n log.error({ err: error }, 'Agent run failed (SSE mode)');\n await stream.writeSSE({\n id: String(++eventId),\n event: 'error',\n data: JSON.stringify({\n ok: false,\n error: { code: 'INTERNAL_ERROR', message: error instanceof Error ? error.message : 'Unknown error' },\n }),\n });\n }\n });\n };\n}\n\n/**\n * POST /api/agent/resume — Re-attach to an in-progress agent run via SSE.\n *\n * Request body: { runId, chatId }\n * The relay replays all buffered events from the beginning and then live-tails\n * until the run completes.\n *\n * SSE events are identical to those from POST /api/agent.\n */\nexport function createAgentResumeHandler(config: SSEHandlerConfig) {\n const { service } = config;\n\n return async (c: Context) => {\n const body = await c.req.json().catch(() => null);\n if (!body || typeof body !== 'object') {\n return c.json({ ok: false, error: { code: 'BAD_REQUEST', message: 'Invalid JSON body' } }, 400);\n }\n\n const { runId, chatId: resumeChatId } = body as { runId?: string; chatId?: string };\n if (typeof resumeChatId === 'string' && resumeChatId.trim()) {\n updateAsyncLogContext({ sessionId: resumeChatId.trim() });\n }\n if (!runId || typeof runId !== 'string') {\n return c.json({ ok: false, error: { code: 'BAD_REQUEST', message: 'Missing required field: runId' } }, 400);\n }\n\n if (!service.runRelay.hasRun(runId)) {\n return c.json({ ok: false, error: { code: 'NOT_FOUND', message: 'Run not found or already expired' } }, 404);\n }\n\n c.header('X-Accel-Buffering', 'no');\n return streamSSE(c, async (stream) => {\n let eventId = 0;\n try {\n for await (const event of service.runRelay.subscribe(runId)) {\n await stream.writeSSE({\n id: String(++eventId),\n event: event.type || 'message',\n data: stringifySSEData(event),\n });\n }\n // Run completed — send a final result event\n await stream.writeSSE({\n id: String(++eventId),\n event: 'result',\n data: JSON.stringify({ ok: true, payload: { status: 'ok', summary: 'Resumed run completed' } }),\n });\n } catch (error) {\n log.error({ err: error, runId }, 'Resume stream failed');\n await stream.writeSSE({\n id: String(++eventId),\n event: 'error',\n data: JSON.stringify({\n ok: false,\n error: { code: 'INTERNAL_ERROR', message: error instanceof Error ? error.message : 'Unknown error' },\n }),\n });\n }\n });\n };\n}\n\n/**\n * POST /api/send — Send a message through a channel (non-streaming).\n */\nexport function createSendHandler(config: SSEHandlerConfig) {\n const { service } = config;\n\n return async (c: Context) => {\n const body = await c.req.json().catch(() => ({}));\n const channel = body.channel as string;\n const chatId = body.chatId as string;\n const content = body.content as string;\n\n if (!channel || !chatId || !content) {\n return c.json(\n { ok: false, error: { code: 'BAD_REQUEST', message: 'Missing required fields: channel, chatId, content' } },\n 400,\n );\n }\n\n updateAsyncLogContext({ sessionId: String(chatId) });\n\n try {\n const result = await service.sendMessage(channel, chatId, content);\n return c.json({ ok: true, payload: result });\n } catch (error) {\n log.error({ err: error }, 'Send failed');\n return c.json(\n { ok: false, error: { code: 'INTERNAL_ERROR', message: error instanceof Error ? error.message : 'Unknown error' } },\n 500,\n );\n }\n };\n}\n\n/**\n * GET /api/events — Server-pushed event stream (SSE).\n *\n * The client opens this long-lived connection to receive:\n * - channel status changes\n * - config reload notifications\n * - cron execution results\n * - any other server-initiated events\n *\n * Supports Last-Event-ID for reconnection.\n * Enforces maximum connection limit to prevent DoS.\n */\nexport function createEventsSSEHandler(config: SSEHandlerConfig) {\n const { service } = config;\n const maxConnections = config.maxSseConnections ?? 100;\n\n return async (c: Context) => {\n // Check maximum connections limit\n if (activeConnections.size >= maxConnections) {\n log.warn({ current: activeConnections.size, max: maxConnections }, 'SSE connection limit reached');\n return c.json({\n ok: false,\n error: { code: 'TOO_MANY_CONNECTIONS', message: 'Maximum SSE connections exceeded' }\n }, 503);\n }\n\n const lastEventId = c.req.header('Last-Event-ID') || undefined;\n const sessionId = c.req.header('X-Session-Id')\n || c.req.query('sessionId')\n || crypto.randomUUID();\n\n updateAsyncLogContext({ sessionId: String(sessionId) });\n\n const abortController = new AbortController();\n activeConnections.set(sessionId, abortController);\n\n return streamSSE(c, async (stream) => {\n let aborted = false;\n\n // Send a hello event so the client knows the stream is established\n await stream.writeSSE({\n id: '0',\n event: 'connected',\n data: JSON.stringify({ sessionId }),\n });\n\n // Subscribe to service events\n const cleanup = service.subscribe(sessionId, async (event) => {\n if (aborted) return;\n try {\n await stream.writeSSE({\n id: event.id,\n event: event.type,\n data: JSON.stringify(event.payload),\n });\n } catch {\n // Stream closed, will be cleaned up by onAbort\n }\n });\n\n // Replay missed events on reconnect\n if (lastEventId) {\n const missed = service.getEventsSince(sessionId, lastEventId);\n for (const event of missed) {\n await stream.writeSSE({\n id: event.id,\n event: event.type,\n data: JSON.stringify(event.payload),\n });\n }\n }\n\n // Keep alive with periodic comments (every 30s)\n const keepAlive = setInterval(async () => {\n if (aborted) { clearInterval(keepAlive); return; }\n try {\n await stream.writeSSE({ event: 'ping', data: '' });\n } catch {\n clearInterval(keepAlive);\n }\n }, 30_000);\n\n // Block until aborted — streamSSE closes when the callback returns\n await new Promise<void>((resolve) => {\n stream.onAbort(() => {\n aborted = true;\n clearInterval(keepAlive);\n cleanup();\n activeConnections.delete(sessionId);\n log.debug({ sessionId }, 'Event stream disconnected');\n resolve();\n });\n });\n });\n };\n}\n"],"mappings":";;;;;;;;;;aAK4E;kBAEI;oBACb;AAEnE,MAAM,MAAM,aAAa,WAAW;AAGpC,MAAM,oCAAoB,IAAI,KAA8B;AA4B5D,SAAS,oBAAoB,MAAyC;AACpE,KAAI,CAAC,QAAQ,OAAO,SAAS,SAAU,QAAO;CAC9C,MAAM,IAAI;CAEV,MAAM,aAAa,OAAO,EAAE,YAAY;CACxC,MAAM,iBAAiB,MAAM,QAAQ,EAAE,YAAY,IAAI,EAAE,YAAY,SAAS;AAC9E,QAAO,cAAc;;;AAIvB,SAAS,wBAAwB,gBAAgC;AAC/D,QAAO,IAAI,KAAK,KAAK,iBAAiB,EAAE;;;;;;;;;;;;;;;;;AAkB1C,SAAgB,sBAAsB,QAA0B;CAC9D,MAAM,EAAE,YAAY;AAEpB,QAAO,OAAO,MAAe;EAC3B,MAAM,OAAO,MAAM,EAAE,IAAI,MAAM,CAAC,YAAY,KAAK;AAGjD,MAAI,CAAC,oBAAoB,KAAK,CAC5B,QAAO,EAAE,KAAK;GACZ,IAAI;GACJ,OAAO;IAAE,MAAM;IAAe,SAAS;IAAkD;GAC1F,EAAE,IAAI;EAGT,MAAM,EAAE,SAAS,UAAU,WAAW,aAAa,aAAa;EAChE,MAAM,oBACJ,OAAO,KAAK,sBAAsB,YAAY,OAAO,SAAS,KAAK,kBAAkB,GACjF,KAAK,oBACL,KAAA;EACN,MAAM,aAAa,QAAQ,KAAK,WAAW;EAC3C,IAAI,SAAS;AACb,MAAI,cAAc,YAAY,UAC5B,UAAS,QAAQ,YAAY;OACxB;GACL,MAAM,KAAK,OAAO,KAAK,eAAe,YAAY,KAAK,WAAW,MAAM,GAAG,KAAK,WAAW,MAAM,GAAG;GACpG,MAAM,MAAM,OAAO,KAAK,WAAW,YAAY,KAAK,OAAO,MAAM,GAAG,KAAK,OAAO,MAAM,GAAG;GACzF,MAAM,YAAY,MAAM,OAAO;AAG/B,OAAI,cAAc,aAAa,CAAC,wCAAwC,KAAK,UAAU,EAAE;AACvF,QAAI,KAAK,EAAE,WAAW,UAAU,MAAM,GAAG,GAAG,EAAE,EAAE,iCAAiC;AACjF,WAAO,EAAE,KAAK;KACZ,IAAI;KACJ,OAAO;MAAE,MAAM;MAAe,SAAS;MAA8B;KACtE,EAAE,IAAI;;AAET,YAAS;;AAGX,wBAAsB,EAAE,WAAW,OAAO,OAAO,EAAE,CAAC;AAEpD,MAAI,MAAM,QAAQ,YAAY,EAAE;GAC9B,MAAM,eAAe,wBAAwB,kCAAkC;AAC/E,QAAK,MAAM,KAAK,aAAa;AAC3B,QAAI,CAAC,KAAK,OAAO,MAAM,SAAU;IACjC,MAAM,OAAQ,EAAyB;AACvC,QAAI,OAAO,SAAS,YAAY,KAAK,SAAS,aAC5C,QAAO,EAAE,KACP;KACE,IAAI;KACJ,OAAO;MACL,MAAM;MACN,SAAS,oCAAoC,kCAAkC;MAChF;KACF,EACD,IACD;;;EAMP,MAAM,WADS,EAAE,IAAI,OAAO,SAAS,IAAI,IAClB,SAAS,oBAAoB;EAEpD,MAAM,cAAc,IAAI,iBAAiB;EACzC,MAAM,MAAM,EAAE,IAAI;AAIlB,MAAI,YAAY,UACd,KAAI,IAAI,OAAO,QACb,aAAY,OAAO;MAEnB,KAAI,OAAO,iBAAiB,eAAe,YAAY,OAAO,EAAE,EAAE,MAAM,MAAM,CAAC;AAKnF,MAAI,CAAC,SAAS;GACZ,IAAI;AACJ,OAAI,YAAY,WAAW;IACzB,MAAM,MAAM,QAAQ;AAEpB,qBADkB,gBAAgB,OACR,GACtB,SACA,gBAAgB;KACd,SAAS,kBAAkB,IAAI;KAC/B,QAAQ;KACR,WAAW;KACX,UAAU;KACV,QAAQ;KACT,CAAC;;GAGR,MAAM,YAAY,QAAQ,SAAS,SAAS,SAAS,QAAQ,aAAa,UAAU;IAClF,QAAQ,YAAY;IACpB,GAAI,sBAAsB,KAAA,IAAY,EAAE,mBAAmB,GAAG,EAAE;IACjE,CAAC;AACF,OAAI;IACF,IAAI;IACJ,MAAM,SAAmB,EAAE;AAE3B,WAAO,MAAM;KACX,MAAM,EAAE,MAAM,UAAU,MAAM,UAAU,MAAM;AAC9C,SAAI,MAAM;AACR,oBAAc;AACd;;KAEF,MAAM,QAAQ;AACd,SAAI,MAAM,SAAS,WAAW,MAAM,QAClC,QAAO,KAAK,MAAM,QAAQ;;AAI9B,WAAO,EAAE,KAAK;KACZ,IAAI;KACJ,SAAS;MACP,GAAG;MACH,SAAS,OAAO,KAAK,GAAG;MACxB,GAAI,mBAAmB,KAAA,IACnB;OAAE,YAAY;OAAgB,KAAK;OAAgB,GACnD,EAAE;MACP;KACF,CAAC;YACK,OAAO;AACd,QAAI,MAAM,EAAE,KAAK,OAAO,EAAE,+BAA+B;AACzD,WAAO,EAAE,KAAK;KACZ,IAAI;KACJ,OAAO;MAAE,MAAM;MAAkB,SAAS,iBAAiB,QAAQ,MAAM,UAAU;MAAiB;KACrG,EAAE,IAAI;;;AAKX,IAAE,OAAO,qBAAqB,KAAK;AACnC,SAAO,UAAU,GAAG,OAAO,WAAW;AACpC,OAAI,YAAY,UACd,QAAO,cAAc;AACnB,gBAAY,OAAO;KACnB;GAGJ,MAAM,YAAY,QAAQ,SAAS,SAAS,SAAS,QAAQ,aAAa,UAAU;IAClF,QAAQ,YAAY;IACpB,GAAI,sBAAsB,KAAA,IAAY,EAAE,mBAAmB,GAAG,EAAE;IACjE,CAAC;GAEF,IAAI,UAAU;AAEd,OAAI;AACF,WAAO,MAAM;KACX,MAAM,EAAE,MAAM,UAAU,MAAM,UAAU,MAAM;AAE9C,SAAI,MAAM;AAER,YAAM,OAAO,SAAS;OACpB,IAAI,OAAO,EAAE,QAAQ;OACrB,OAAO;OACP,MAAM,KAAK,UAAU;QAAE,IAAI;QAAM,SAAS;QAAO,CAAC;OACnD,CAAC;AACF;;KAGF,MAAM,QAAQ;AAGd,WAAM,OAAO,SAAS;MACpB,IAAI,OAAO,EAAE,QAAQ;MACrB,OAAO,MAAM,QAAQ;MACrB,MAAM,iBAAiB,MAAM;MAC9B,CAAC;;YAEG,OAAO;AACd,QAAI,MAAM,EAAE,KAAK,OAAO,EAAE,8BAA8B;AACxD,UAAM,OAAO,SAAS;KACpB,IAAI,OAAO,EAAE,QAAQ;KACrB,OAAO;KACP,MAAM,KAAK,UAAU;MACnB,IAAI;MACJ,OAAO;OAAE,MAAM;OAAkB,SAAS,iBAAiB,QAAQ,MAAM,UAAU;OAAiB;MACrG,CAAC;KACH,CAAC;;IAEJ;;;;;;;;;;;;AAaN,SAAgB,yBAAyB,QAA0B;CACjE,MAAM,EAAE,YAAY;AAEpB,QAAO,OAAO,MAAe;EAC3B,MAAM,OAAO,MAAM,EAAE,IAAI,MAAM,CAAC,YAAY,KAAK;AACjD,MAAI,CAAC,QAAQ,OAAO,SAAS,SAC3B,QAAO,EAAE,KAAK;GAAE,IAAI;GAAO,OAAO;IAAE,MAAM;IAAe,SAAS;IAAqB;GAAE,EAAE,IAAI;EAGjG,MAAM,EAAE,OAAO,QAAQ,iBAAiB;AACxC,MAAI,OAAO,iBAAiB,YAAY,aAAa,MAAM,CACzD,uBAAsB,EAAE,WAAW,aAAa,MAAM,EAAE,CAAC;AAE3D,MAAI,CAAC,SAAS,OAAO,UAAU,SAC7B,QAAO,EAAE,KAAK;GAAE,IAAI;GAAO,OAAO;IAAE,MAAM;IAAe,SAAS;IAAiC;GAAE,EAAE,IAAI;AAG7G,MAAI,CAAC,QAAQ,SAAS,OAAO,MAAM,CACjC,QAAO,EAAE,KAAK;GAAE,IAAI;GAAO,OAAO;IAAE,MAAM;IAAa,SAAS;IAAoC;GAAE,EAAE,IAAI;AAG9G,IAAE,OAAO,qBAAqB,KAAK;AACnC,SAAO,UAAU,GAAG,OAAO,WAAW;GACpC,IAAI,UAAU;AACd,OAAI;AACF,eAAW,MAAM,SAAS,QAAQ,SAAS,UAAU,MAAM,CACzD,OAAM,OAAO,SAAS;KACpB,IAAI,OAAO,EAAE,QAAQ;KACrB,OAAO,MAAM,QAAQ;KACrB,MAAM,iBAAiB,MAAM;KAC9B,CAAC;AAGJ,UAAM,OAAO,SAAS;KACpB,IAAI,OAAO,EAAE,QAAQ;KACrB,OAAO;KACP,MAAM,KAAK,UAAU;MAAE,IAAI;MAAM,SAAS;OAAE,QAAQ;OAAM,SAAS;OAAyB;MAAE,CAAC;KAChG,CAAC;YACK,OAAO;AACd,QAAI,MAAM;KAAE,KAAK;KAAO;KAAO,EAAE,uBAAuB;AACxD,UAAM,OAAO,SAAS;KACpB,IAAI,OAAO,EAAE,QAAQ;KACrB,OAAO;KACP,MAAM,KAAK,UAAU;MACnB,IAAI;MACJ,OAAO;OAAE,MAAM;OAAkB,SAAS,iBAAiB,QAAQ,MAAM,UAAU;OAAiB;MACrG,CAAC;KACH,CAAC;;IAEJ;;;;;;AAON,SAAgB,kBAAkB,QAA0B;CAC1D,MAAM,EAAE,YAAY;AAEpB,QAAO,OAAO,MAAe;EAC3B,MAAM,OAAO,MAAM,EAAE,IAAI,MAAM,CAAC,aAAa,EAAE,EAAE;EACjD,MAAM,UAAU,KAAK;EACrB,MAAM,SAAS,KAAK;EACpB,MAAM,UAAU,KAAK;AAErB,MAAI,CAAC,WAAW,CAAC,UAAU,CAAC,QAC1B,QAAO,EAAE,KACP;GAAE,IAAI;GAAO,OAAO;IAAE,MAAM;IAAe,SAAS;IAAqD;GAAE,EAC3G,IACD;AAGH,wBAAsB,EAAE,WAAW,OAAO,OAAO,EAAE,CAAC;AAEpD,MAAI;GACF,MAAM,SAAS,MAAM,QAAQ,YAAY,SAAS,QAAQ,QAAQ;AAClE,UAAO,EAAE,KAAK;IAAE,IAAI;IAAM,SAAS;IAAQ,CAAC;WACrC,OAAO;AACd,OAAI,MAAM,EAAE,KAAK,OAAO,EAAE,cAAc;AACxC,UAAO,EAAE,KACP;IAAE,IAAI;IAAO,OAAO;KAAE,MAAM;KAAkB,SAAS,iBAAiB,QAAQ,MAAM,UAAU;KAAiB;IAAE,EACnH,IACD;;;;;;;;;;;;;;;;AAiBP,SAAgB,uBAAuB,QAA0B;CAC/D,MAAM,EAAE,YAAY;CACpB,MAAM,iBAAiB,OAAO,qBAAqB;AAEnD,QAAO,OAAO,MAAe;AAE3B,MAAI,kBAAkB,QAAQ,gBAAgB;AAC5C,OAAI,KAAK;IAAE,SAAS,kBAAkB;IAAM,KAAK;IAAgB,EAAE,+BAA+B;AAClG,UAAO,EAAE,KAAK;IACZ,IAAI;IACJ,OAAO;KAAE,MAAM;KAAwB,SAAS;KAAoC;IACrF,EAAE,IAAI;;EAGT,MAAM,cAAc,EAAE,IAAI,OAAO,gBAAgB,IAAI,KAAA;EACrD,MAAM,YAAY,EAAE,IAAI,OAAO,eAAe,IACzC,EAAE,IAAI,MAAM,YAAY,IACxB,OAAO,YAAY;AAExB,wBAAsB,EAAE,WAAW,OAAO,UAAU,EAAE,CAAC;EAEvD,MAAM,kBAAkB,IAAI,iBAAiB;AAC7C,oBAAkB,IAAI,WAAW,gBAAgB;AAEjD,SAAO,UAAU,GAAG,OAAO,WAAW;GACpC,IAAI,UAAU;AAGd,SAAM,OAAO,SAAS;IACpB,IAAI;IACJ,OAAO;IACP,MAAM,KAAK,UAAU,EAAE,WAAW,CAAC;IACpC,CAAC;GAGF,MAAM,UAAU,QAAQ,UAAU,WAAW,OAAO,UAAU;AAC5D,QAAI,QAAS;AACb,QAAI;AACF,WAAM,OAAO,SAAS;MACpB,IAAI,MAAM;MACV,OAAO,MAAM;MACb,MAAM,KAAK,UAAU,MAAM,QAAQ;MACpC,CAAC;YACI;KAGR;AAGF,OAAI,aAAa;IACf,MAAM,SAAS,QAAQ,eAAe,WAAW,YAAY;AAC7D,SAAK,MAAM,SAAS,OAClB,OAAM,OAAO,SAAS;KACpB,IAAI,MAAM;KACV,OAAO,MAAM;KACb,MAAM,KAAK,UAAU,MAAM,QAAQ;KACpC,CAAC;;GAKN,MAAM,YAAY,YAAY,YAAY;AACxC,QAAI,SAAS;AAAE,mBAAc,UAAU;AAAE;;AACzC,QAAI;AACF,WAAM,OAAO,SAAS;MAAE,OAAO;MAAQ,MAAM;MAAI,CAAC;YAC5C;AACN,mBAAc,UAAU;;MAEzB,IAAO;AAGV,SAAM,IAAI,SAAe,YAAY;AACnC,WAAO,cAAc;AACnB,eAAU;AACV,mBAAc,UAAU;AACxB,cAAS;AACT,uBAAkB,OAAO,UAAU;AACnC,SAAI,MAAM,EAAE,WAAW,EAAE,4BAA4B;AACrD,cAAS;MACT;KACF;IACF"}