npm - api-ape - Versions diffs - 3.0.2 → 4.1.0 - Mend

api-ape 3.0.2 → 4.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (186) hide show

package/README.md +59 -572
package/client/README.md +73 -14
package/client/auth/crypto/aead.js +214 -0
package/client/auth/crypto/constants.js +32 -0
package/client/auth/crypto/encoding.js +104 -0
package/client/auth/crypto/files.md +27 -0
package/client/auth/crypto/kdf.js +217 -0
package/client/auth/crypto-utils.js +118 -0
package/client/auth/files.md +52 -0
package/client/auth/key-recovery.js +288 -0
package/client/auth/recovery/constants.js +37 -0
package/client/auth/recovery/files.md +23 -0
package/client/auth/recovery/key-derivation.js +61 -0
package/client/auth/recovery/sss-browser.js +189 -0
package/client/auth/share-storage.js +205 -0
package/client/auth/storage/constants.js +18 -0
package/client/auth/storage/db.js +132 -0
package/client/auth/storage/files.md +27 -0
package/client/auth/storage/keys.js +173 -0
package/client/auth/storage/shares.js +200 -0
package/client/browser.js +190 -23
package/client/connectSocket.js +418 -988
package/client/connection/README.md +23 -0
package/client/connection/fileDownload.js +256 -0
package/client/connection/fileHandling.js +450 -0
package/client/connection/fileUtils.js +346 -0
package/client/connection/files.md +71 -0
package/client/connection/messageHandler.js +105 -0
package/client/connection/network.js +350 -0
package/client/connection/proxy.js +233 -0
package/client/connection/sender.js +333 -0
package/client/connection/state.js +321 -0
package/client/connection/subscriptions.js +151 -0
package/client/files.md +53 -0
package/client/index.js +298 -142
package/client/transports/README.md +50 -0
package/client/transports/files.md +41 -0
package/client/transports/streamParser.js +195 -0
package/client/transports/streaming.js +555 -203
package/dist/ape.js +6 -1
package/dist/ape.js.map +4 -4
package/index.d.ts +38 -16
package/package.json +31 -6
package/server/README.md +272 -67
package/server/adapters/README.md +23 -14
package/server/adapters/files.md +68 -0
package/server/adapters/firebase.js +543 -160
package/server/adapters/index.js +362 -112
package/server/adapters/mongo.js +530 -140
package/server/adapters/postgres.js +534 -155
package/server/adapters/redis.js +508 -143
package/server/adapters/supabase.js +555 -186
package/server/client/README.md +43 -0
package/server/client/connection.js +586 -0
package/server/client/files.md +40 -0
package/server/client/index.js +342 -0
package/server/files.md +54 -0
package/server/index.js +322 -71
package/server/lib/README.md +26 -0
package/server/lib/broadcast/clients.js +219 -0
package/server/lib/broadcast/files.md +58 -0
package/server/lib/broadcast/index.js +57 -0
package/server/lib/broadcast/publishProxy.js +110 -0
package/server/lib/broadcast/pubsub.js +137 -0
package/server/lib/broadcast/sendProxy.js +103 -0
package/server/lib/bun.js +315 -99
package/server/lib/fileTransfer/README.md +63 -0
package/server/lib/fileTransfer/files.md +30 -0
package/server/lib/fileTransfer/streaming.js +435 -0
package/server/lib/fileTransfer.js +710 -326
package/server/lib/files.md +111 -0
package/server/lib/httpUtils.js +283 -0
package/server/lib/loader.js +208 -7
package/server/lib/longPolling/README.md +63 -0
package/server/lib/longPolling/files.md +44 -0
package/server/lib/longPolling/getHandler.js +365 -0
package/server/lib/longPolling/postHandler.js +327 -0
package/server/lib/longPolling.js +174 -219
package/server/lib/main.js +369 -532
package/server/lib/runtimes/README.md +42 -0
package/server/lib/runtimes/bun.js +586 -0
package/server/lib/runtimes/files.md +56 -0
package/server/lib/runtimes/node.js +511 -0
package/server/lib/wiring.js +539 -98
package/server/lib/ws/README.md +35 -0
package/server/lib/ws/adapters/README.md +54 -0
package/server/lib/ws/adapters/bun.js +538 -170
package/server/lib/ws/adapters/deno.js +623 -149
package/server/lib/ws/adapters/files.md +42 -0
package/server/lib/ws/files.md +74 -0
package/server/lib/ws/frames.js +532 -154
package/server/lib/ws/index.js +207 -10
package/server/lib/ws/server.js +385 -92
package/server/lib/ws/socket.js +549 -181
package/server/lib/wsProvider.js +363 -89
package/server/plugins/binary.js +282 -0
package/server/security/README.md +92 -0
package/server/security/auth/README.md +319 -0
package/server/security/auth/adapters/files.md +95 -0
package/server/security/auth/adapters/ldap/constants.js +37 -0
package/server/security/auth/adapters/ldap/files.md +19 -0
package/server/security/auth/adapters/ldap/helpers.js +111 -0
package/server/security/auth/adapters/ldap.js +353 -0
package/server/security/auth/adapters/oauth2/constants.js +41 -0
package/server/security/auth/adapters/oauth2/files.md +19 -0
package/server/security/auth/adapters/oauth2/helpers.js +123 -0
package/server/security/auth/adapters/oauth2.js +273 -0
package/server/security/auth/adapters/opaque-handlers.js +314 -0
package/server/security/auth/adapters/opaque.js +205 -0
package/server/security/auth/adapters/saml/constants.js +52 -0
package/server/security/auth/adapters/saml/files.md +19 -0
package/server/security/auth/adapters/saml/helpers.js +74 -0
package/server/security/auth/adapters/saml.js +173 -0
package/server/security/auth/adapters/totp.js +703 -0
package/server/security/auth/adapters/webauthn.js +625 -0
package/server/security/auth/files.md +61 -0
package/server/security/auth/framework/constants.js +27 -0
package/server/security/auth/framework/files.md +23 -0
package/server/security/auth/framework/handlers.js +272 -0
package/server/security/auth/framework/socket-auth.js +177 -0
package/server/security/auth/handlers/auth-messages.js +143 -0
package/server/security/auth/handlers/files.md +28 -0
package/server/security/auth/index.js +290 -0
package/server/security/auth/mfa/crypto/aead.js +148 -0
package/server/security/auth/mfa/crypto/constants.js +35 -0
package/server/security/auth/mfa/crypto/files.md +27 -0
package/server/security/auth/mfa/crypto/kdf.js +120 -0
package/server/security/auth/mfa/crypto/utils.js +68 -0
package/server/security/auth/mfa/crypto-utils.js +80 -0
package/server/security/auth/mfa/files.md +77 -0
package/server/security/auth/mfa/ledger/constants.js +75 -0
package/server/security/auth/mfa/ledger/errors.js +73 -0
package/server/security/auth/mfa/ledger/files.md +23 -0
package/server/security/auth/mfa/ledger/share-record.js +32 -0
package/server/security/auth/mfa/ledger.js +255 -0
package/server/security/auth/mfa/recovery/constants.js +67 -0
package/server/security/auth/mfa/recovery/files.md +19 -0
package/server/security/auth/mfa/recovery/handlers.js +216 -0
package/server/security/auth/mfa/recovery.js +191 -0
package/server/security/auth/mfa/sss/constants.js +21 -0
package/server/security/auth/mfa/sss/files.md +23 -0
package/server/security/auth/mfa/sss/gf256.js +103 -0
package/server/security/auth/mfa/sss/serialization.js +82 -0
package/server/security/auth/mfa/sss.js +161 -0
package/server/security/auth/mfa/two-of-three/constants.js +58 -0
package/server/security/auth/mfa/two-of-three/files.md +23 -0
package/server/security/auth/mfa/two-of-three/handlers.js +241 -0
package/server/security/auth/mfa/two-of-three/helpers.js +71 -0
package/server/security/auth/mfa/two-of-three.js +136 -0
package/server/security/auth/nonce-manager.js +89 -0
package/server/security/auth/state-machine-mfa.js +269 -0
package/server/security/auth/state-machine.js +257 -0
package/server/security/extractRootDomain.js +144 -16
package/server/security/files.md +51 -0
package/server/security/origin.js +197 -15
package/server/security/reply.js +274 -16
package/server/socket/README.md +119 -0
package/server/socket/authMiddleware.js +299 -0
package/server/socket/files.md +86 -0
package/server/socket/open.js +154 -8
package/server/socket/pluginHooks.js +334 -0
package/server/socket/receive.js +184 -224
package/server/socket/receiveContext.js +117 -0
package/server/socket/send.js +416 -78
package/server/socket/tagUtils.js +402 -0
package/server/utils/README.md +19 -0
package/server/utils/deepRequire.js +255 -30
package/server/utils/files.md +57 -0
package/server/utils/genId.js +182 -20
package/server/utils/parseUserAgent.js +313 -251
package/server/utils/userAgent/README.md +65 -0
package/server/utils/userAgent/files.md +46 -0
package/server/utils/userAgent/patterns.js +545 -0
package/utils/README.md +21 -0
package/utils/files.md +66 -0
package/utils/jss/README.md +21 -0
package/utils/jss/decode.js +471 -0
package/utils/jss/encode.js +312 -0
package/utils/jss/files.md +68 -0
package/utils/jss/plugins.js +210 -0
package/utils/jss.js +219 -273
package/utils/messageHash.js +238 -35
package/dist/api-ape.min.js +0 -2
package/dist/api-ape.min.js.map +0 -7
package/server/client.js +0 -311
package/server/lib/broadcast.js +0 -146

package/server/lib/longPolling.js CHANGED Viewed

@@ -1,233 +1,188 @@
-const { addClient, removeClient, broadcast, clients, updateClientEmbed } = require('./broadcast')
-const makeid = require('../utils/genId')
-const jss = require('../../utils/jss')
-const parseUserAgent = require('../utils/parseUserAgent')
-// Active streaming connections: clientId -> { res, messageQueue, heartbeatTimer }
-const streamClients = new Map()
-// Pending message handlers for POST requests: queryId -> { resolve, reject, timer }
-const pendingRequests = new Map()
 /**
- * Set apeClientId cookie if not present
+ * @fileoverview Long Polling Handler - HTTP Fallback for WebSocket
+ *
+ * This module provides HTTP long-polling as a fallback transport when WebSocket
+ * connections are not available. Long polling is essential for:
+ *
+ * - Clients behind restrictive firewalls that block WebSocket
+ * - Networks that don't support WebSocket protocol
+ * - Legacy browser support
+ * - Debugging and testing scenarios
+ *
+ * How Long Polling Works:
+ * 1. Client makes a GET request that is held open (streaming response)
+ * 2. Server sends events to client by writing to the response stream
+ * 3. Client sends messages via POST requests
+ * 4. Heartbeats keep the connection alive
+ * 5. Connection is recycled periodically to prevent timeouts
+ *
+ * This module coordinates the GET and POST handlers and maintains
+ * the client state map shared between them.
+ *
+ * @module server/lib/longPolling
+ * @see {@link module:server/lib/longPolling/getHandler} - GET handler for streaming responses
+ * @see {@link module:server/lib/longPolling/postHandler} - POST handler for client messages
+ * @see {@link module:server/lib/wiring} - WebSocket wiring (primary transport)
+ *
+ * @example
+ * // Create long polling handlers for api-ape server
+ * const { createLongPollingHandler } = require('./longPolling')
+ *
+ * const { handleStreamGet, handleStreamPost } = createLongPollingHandler(
+ *     controllers,
+ *     onConnect,
+ *     fileTransfer
+ * )
+ *
+ * // Use in HTTP server
+ * server.on('request', (req, res) => {
+ *     if (req.url === '/api/ape/poll' && req.method === 'GET') {
+ *         handleStreamGet(req, res)
+ *     } else if (req.url === '/api/ape/poll' && req.method === 'POST') {
+ *         handleStreamPost(req, res, controllers)
+ *     }
+ * })
  */
-function ensureClientId(req, res) {
-    const cookies = req.headers.cookie || ''
-    const match = cookies.match(/(?:^|;\s*)apeClientId=([^;]*)/)
-    if (match) {
-        return match[1]
-    }
-    // Generate new clientId and set cookie
-    const clientId = makeid(20)
-    res.setHeader('Set-Cookie', `apeClientId=${clientId}; Path=/; HttpOnly; SameSite=Strict`)
-    return clientId
-}
+const {
+  createGetHandler,
+  ensureClientId,
+} = require("./longPolling/getHandler");
+const { createPostHandler, getClientId } = require("./longPolling/postHandler");
 /**
- * Get clientId from cookie
+ * Map of active long-polling client connections.
+ *
+ * Keyed by client ID (from cookie), values contain:
+ * - res: HTTP response stream
+ * - messageQueue: Pending messages
+ * - heartbeatTimer: Interval timer for keepalives
+ * - isActive: Whether the connection is still active
+ * - embed: Custom data attached during onConnect
+ * - onDisconnect: Cleanup callback
+ *
+ * @private
+ * @type {Map<string, Object>}
  */
-function getClientId(req) {
-    const cookies = req.headers.cookie || ''
-    const match = cookies.match(/(?:^|;\s*)apeClientId=([^;]*)/)
-    return match ? match[1] : null
-}
+const streamClients = new Map();
 /**
- * Send JSON response helper
+ * @typedef {Object} LongPollingHandlers
+ * Object containing the HTTP handlers for long polling.
+ *
+ * @property {Function} handleStreamGet - GET request handler for streaming responses.
+ *     Creates a long-lived HTTP response that streams events to the client.
+ * @property {Function} handleStreamPost - POST request handler for client messages.
+ *     Processes messages sent by clients and routes to controllers.
  */
-function sendJson(res, statusCode, data) {
-    res.writeHead(statusCode, { 'Content-Type': 'application/json' })
-    res.end(JSON.stringify(data))
-}
 /**
- * Create long polling handler
+ * Creates the long polling HTTP handlers.
+ *
+ * This function sets up the GET and POST handlers that work together
+ * to provide bidirectional communication over HTTP:
+ *
+ * **GET Handler (Streaming Receive)**:
+ * - Client opens a long-lived HTTP connection
+ * - Server streams JSON events to the response
+ * - Heartbeats sent every 20 seconds to keep connection alive
+ * - Connection recycled after 25 seconds (client reconnects)
+ *
+ * **POST Handler (Send Messages)**:
+ * - Client sends JSON messages via POST
+ * - Messages are routed to appropriate controllers
+ * - Response contains the controller's return value
+ *
+ * Both handlers share the `streamClients` Map to coordinate state.
+ *
+ * @function createLongPollingHandler
+ * @param {Object<string, Function>} controllers - Map of controller functions keyed by endpoint
+ * @param {Function} [onConnect] - Optional callback when a client connects.
+ *     Receives (socket, req, send) and can return { onDisconnect, embed }.
+ * @param {import('./fileTransfer').FileTransferManager} fileTransfer - File transfer manager
+ * @param {Object} [options] - Optional configuration options
+ * @param {number} [options.heartbeatInterval=20000] - Interval in ms for heartbeat pings
+ * @param {number} [options.recycleTimeout=25000] - Timeout in ms before recycling connection
+ * @returns {LongPollingHandlers} Object with handleStreamGet and handleStreamPost
+ *
+ * @example
+ * // Basic setup
+ * const handlers = createLongPollingHandler(controllers, null, fileTransfer)
+ *
+ * // In request handler
+ * if (pathname === '/api/ape/poll') {
+ *     if (req.method === 'GET') {
+ *         handlers.handleStreamGet(req, res)
+ *     } else if (req.method === 'POST') {
+ *         handlers.handleStreamPost(req, res, controllers)
+ *     }
+ * }
+ *
+ * @example
+ * // With connection callback
+ * const handlers = createLongPollingHandler(
+ *     controllers,
+ *     async (socket, req, send) => {
+ *         // Authenticate user
+ *         const user = await authenticate(req)
+ *
+ *         // Send welcome message
+ *         send('welcome', { userId: user.id })
+ *
+ *         return {
+ *             embed: { userId: user.id },
+ *             onDisconnect: () => {
+ *                 console.log(`User ${user.id} disconnected`)
+ *             }
+ *         }
+ *     },
+ *     fileTransfer
+ * )
  */
-function createLongPollingHandler(controllers, onConnect, fileTransfer) {
-    /**
-     * Handle GET /api/ape/poll - Streaming receive
-     * Keeps connection open and writes JSON messages as they arrive
-     */
-    function handleStreamGet(req, res) {
-        const clientId = ensureClientId(req, res)
-        // Set up streaming response headers
-        res.writeHead(200, {
-            'Content-Type': 'application/json',
-            'Cache-Control': 'no-cache',
-            'Connection': 'keep-alive',
-            'X-Accel-Buffering': 'no' // Disable nginx buffering
-        })
-        // Create message queue for this client
-        const clientState = {
-            res,
-            messageQueue: [],
-            heartbeatTimer: null,
-            isActive: true
-        }
-        // Send function for this streaming client
-        const send = (type, data, err) => {
-            if (!clientState.isActive) return
-            const message = jss.stringify({ type, data, err: err || undefined })
-            try {
-                res.write(message)
-            } catch (e) {
-                cleanup()
-            }
-        }
-        send.toString = () => clientId
-        // Clean up on close
-        const cleanup = () => {
-            if (!clientState.isActive) return
-            clientState.isActive = false
-            if (clientState.heartbeatTimer) {
-                clearInterval(clientState.heartbeatTimer)
-            }
-            streamClients.delete(clientId)
-            removeClient({ clientId })
-            // Notify disconnect handler if registered
-            if (clientState.onDisconnect) {
-                clientState.onDisconnect()
-            }
-        }
-        req.on('close', cleanup)
-        req.on('error', cleanup)
-        res.on('error', cleanup)
-        // Heartbeat to keep connection alive (every 20s)
-        clientState.heartbeatTimer = setInterval(() => {
-            if (!clientState.isActive) return
-            try {
-                // Send heartbeat as empty comment (client ignores)
-                res.write('{"type":"__heartbeat__"}')
-            } catch (e) {
-                cleanup()
-            }
-        }, 20000)
-        // Extract sessionId from cookies
-        const sessionIdMatch = (req.headers.cookie || '').match(/(?:^|;\s*)sessionId=([^;]*)/)
-        const sessionId = sessionIdMatch ? sessionIdMatch[1] : null
-        // Parse user agent
-        const agent = parseUserAgent(req.headers['user-agent'])
-        // Register client for broadcasts with full metadata
-        addClient({ clientId, sessionId, agent, send, embed: null })
-        streamClients.set(clientId, clientState)
-        // Call onConnect hook if provided
-        if (onConnect) {
-            Promise.resolve(onConnect(null, req, send))
-                .then(handlers => {
-                    if (handlers) {
-                        if (handlers.onDisconnect) {
-                            clientState.onDisconnect = handlers.onDisconnect
-                        }
-                        if (handlers.embed) {
-                            clientState.embed = handlers.embed
-                            updateClientEmbed(clientId, handlers.embed)
-                        }
-                    }
-                })
-                .catch(err => {
-                    console.error('onConnect error:', err)
-                })
-        }
-        // Close after 25 seconds (before typical proxy timeout)
-        // Client will immediately reconnect
-        setTimeout(() => {
-            cleanup()
-            try {
-                res.end()
-            } catch (e) { }
-        }, 25000)
-    }
-    /**
-     * Handle POST /api/ape/poll - Send messages
-     * Process message through controllers, return response
-     */
-    function handleStreamPost(req, res, controllers) {
-        const clientId = getClientId(req)
-        if (!clientId) {
-            return sendJson(res, 401, { error: 'Missing session. GET /api/ape/poll first.' })
-        }
-        // Collect body
-        const chunks = []
-        req.on('data', chunk => chunks.push(chunk))
-        req.on('end', async () => {
-            try {
-                const body = Buffer.concat(chunks).toString('utf8')
-                const { type: rawType, data, createdAt } = jss.parse(body)
-                // Normalize type
-                const type = rawType.replace(/^\//, '').toLowerCase()
-                // Find controller
-                const controller = controllers[type]
-                if (!controller) {
-                    return sendJson(res, 404, { error: `Controller "${type}" not found` })
-                }
-                // Get client state for embed values
-                const clientState = streamClients.get(clientId)
-                const embedValues = clientState?.embed || {}
-                // Extract sessionId from cookies (set by outer framework)
-                const sessionIdMatch = (req.headers.cookie || '').match(/(?:^|;\s*)sessionId=([^;]*)/)
-                const sessionId = sessionIdMatch ? sessionIdMatch[1] : null
-                // Build controller context
-                const context = {
-                    ...embedValues,
-                    clientId,
-                    sessionId,  // Session ID from cookie (set by outer framework)
-                    req,
-                    broadcast: (t, d) => broadcast(t, d),
-                    broadcastOthers: (t, d) => broadcast(t, d, clientId),
-                    clients
-                }
-                // Execute controller
-                const result = await controller.call(context, data)
-                // Send response
-                const responsePayload = { data: result }
-                res.writeHead(200, { 'Content-Type': 'application/json' })
-                res.end(jss.stringify(responsePayload))
-            } catch (err) {
-                const errorMessage = err.message || String(err)
-                sendJson(res, 500, { error: errorMessage })
-            }
-        })
-        req.on('error', (err) => {
-            sendJson(res, 500, { error: err.message })
-        })
-    }
-    return {
-        handleStreamGet,
-        handleStreamPost,
-        getStreamClients: () => streamClients
-    }
+function createLongPollingHandler(controllers, onConnect, fileTransfer, options = {}) {
+  /**
+   * GET handler for streaming responses.
+   * Creates a long-lived HTTP response that streams events to the client.
+   * @type {Function}
+   */
+  const handleStreamGet = createGetHandler(streamClients, onConnect, options);
+  /**
+   * POST handler for client messages.
+   * Processes incoming messages and routes them to controllers.
+   * @type {Function}
+   */
+  const handleStreamPost = createPostHandler(streamClients);
+  return {
+    handleStreamGet,
+    handleStreamPost,
+  };
 }
-module.exports = { createLongPollingHandler, getClientId, ensureClientId }
+module.exports = {
+  /**
+   * Create long polling handlers for HTTP fallback transport.
+   * @function
+   */
+  createLongPollingHandler,
+  /**
+   * Extract client ID from request cookies (POST handler utility).
+   * Returns null if no client ID cookie is present.
+   * @function
+   * @param {http.IncomingMessage} req - The HTTP request
+   * @returns {string|null} The client ID or null
+   */
+  getClientId,
+  /**
+   * Get or create a client ID from request/response (GET handler utility).
+   * Sets a cookie if no client ID exists.
+   * @function
+   * @param {http.IncomingMessage} req - The HTTP request
+   * @param {http.ServerResponse} res - The HTTP response
+   * @returns {string} The client ID
+   */
+  ensureClientId,
+};