codexapp 0.1.8 → 0.1.10

package/dist/index.html

@@ -4,8 +4,8 @@
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>Codex Web Local</title>
-    <script type="module" crossorigin src="/assets/index-DrAmX48U.js"></script>
-    <link rel="stylesheet" crossorigin href="/assets/index-BIm_B5t3.css">
+    <script type="module" crossorigin src="/assets/index-DMpyfM80.js"></script>
+    <link rel="stylesheet" crossorigin href="/assets/index-CKknL24Z.css">
   </head>
   <body class="bg-slate-950">
     <div id="app"></div>

package/dist-cli/index.js

@@ -10,6 +10,7 @@ import { spawn as spawn2, spawnSync } from "child_process";
 import { fileURLToPath as fileURLToPath2 } from "url";
 import { dirname as dirname2 } from "path";
 import { Command } from "commander";
+import qrcode from "qrcode-terminal";
 
 // src/server/httpServer.ts
 import { fileURLToPath } from "url";
@@ -1163,13 +1164,9 @@ function createCodexBridgeMiddleware() {
         res.setHeader("Cache-Control", "no-cache, no-transform");
         res.setHeader("Connection", "keep-alive");
         res.setHeader("X-Accel-Buffering", "no");
-        const unsubscribe = appServer.onNotification((notification) => {
+        const unsubscribe = middleware.subscribeNotifications((notification) => {
           if (res.writableEnded || res.destroyed) return;
-          const payload = {
-            ...notification,
-            atIso: (/* @__PURE__ */ new Date()).toISOString()
-          };
-          res.write(`data: ${JSON.stringify(payload)}
+          res.write(`data: ${JSON.stringify(notification)}
 
 `);
         });
@@ -1200,20 +1197,20 @@ data: ${JSON.stringify({ ok: true })}
   middleware.dispose = () => {
     appServer.dispose();
   };
+  middleware.subscribeNotifications = (listener) => {
+    return appServer.onNotification((notification) => {
+      listener({
+        ...notification,
+        atIso: (/* @__PURE__ */ new Date()).toISOString()
+      });
+    });
+  };
   return middleware;
 }
 
 // src/server/authMiddleware.ts
 import { randomBytes, timingSafeEqual } from "crypto";
 var TOKEN_COOKIE = "codex_web_local_token";
-function isLocalhostRequest(req) {
-  const remote = req.socket.remoteAddress ?? "";
-  if (remote === "127.0.0.1" || remote === "::1" || remote === "::ffff:127.0.0.1") {
-    return true;
-  }
-  const host = (req.headers.host ?? "").toLowerCase();
-  return host.startsWith("localhost:") || host === "localhost" || host.startsWith("127.0.0.1:");
-}
 function constantTimeCompare(a, b) {
   const bufA = Buffer.from(a);
   const bufB = Buffer.from(b);
@@ -1232,6 +1229,22 @@ function parseCookies(header) {
   }
   return cookies;
 }
+function isLocalhostRemote(remote) {
+  return remote === "127.0.0.1" || remote === "::1" || remote === "::ffff:127.0.0.1";
+}
+function isLocalhostHost(host) {
+  const normalized = host.toLowerCase();
+  return normalized.startsWith("localhost:") || normalized === "localhost" || normalized.startsWith("127.0.0.1:");
+}
+function isAuthorizedByRequestLike(remoteAddress, hostHeader, cookieHeader, validTokens) {
+  const remote = remoteAddress ?? "";
+  if (isLocalhostRemote(remote) || isLocalhostHost(hostHeader ?? "")) {
+    return true;
+  }
+  const cookies = parseCookies(cookieHeader);
+  const token = cookies[TOKEN_COOKIE];
+  return Boolean(token && validTokens.has(token));
+}
 var LOGIN_PAGE_HTML = `<!DOCTYPE html>
 <html lang="en">
 <head>
@@ -1273,10 +1286,10 @@ form.addEventListener('submit',async e=>{
 </script>
 </body>
 </html>`;
-function createAuthMiddleware(password) {
+function createAuthSession(password) {
   const validTokens = /* @__PURE__ */ new Set();
-  return (req, res, next) => {
-    if (isLocalhostRequest(req)) {
+  const middleware = (req, res, next) => {
+    if (isAuthorizedByRequestLike(req.socket.remoteAddress, req.headers.host, req.headers.cookie, validTokens)) {
       next();
       return;
     }
@@ -1294,9 +1307,9 @@ function createAuthMiddleware(password) {
             res.status(401).json({ error: "Invalid password" });
             return;
           }
-          const token2 = randomBytes(32).toString("hex");
-          validTokens.add(token2);
-          res.setHeader("Set-Cookie", `${TOKEN_COOKIE}=${token2}; Path=/; HttpOnly; SameSite=Strict`);
+          const token = randomBytes(32).toString("hex");
+          validTokens.add(token);
+          res.setHeader("Set-Cookie", `${TOKEN_COOKIE}=${token}; Path=/; HttpOnly; SameSite=Strict`);
           res.json({ ok: true });
         } catch {
           res.status(400).json({ error: "Invalid request body" });
@@ -1304,18 +1317,17 @@ function createAuthMiddleware(password) {
       });
       return;
     }
-    const cookies = parseCookies(req.headers.cookie);
-    const token = cookies[TOKEN_COOKIE];
-    if (token && validTokens.has(token)) {
-      next();
-      return;
-    }
     res.setHeader("Content-Type", "text/html; charset=utf-8");
     res.status(200).send(LOGIN_PAGE_HTML);
   };
+  return {
+    middleware,
+    isRequestAuthorized: (req) => isAuthorizedByRequestLike(req.socket.remoteAddress, req.headers.host, req.headers.cookie, validTokens)
+  };
 }
 
 // src/server/httpServer.ts
+import { WebSocketServer } from "ws";
 var __dirname = dirname(fileURLToPath(import.meta.url));
 var distDir = join2(__dirname, "..", "dist");
 var IMAGE_CONTENT_TYPES = {
@@ -1343,8 +1355,9 @@ function normalizeLocalImagePath(rawPath) {
 function createServer(options = {}) {
   const app = express();
   const bridge = createCodexBridgeMiddleware();
-  if (options.password) {
-    app.use(createAuthMiddleware(options.password));
+  const authSession = options.password ? createAuthSession(options.password) : null;
+  if (authSession) {
+    app.use(authSession.middleware);
   }
   app.use(bridge);
   app.get("/codex-local-image", (req, res) => {
@@ -1372,7 +1385,33 @@ function createServer(options = {}) {
   });
   return {
     app,
-    dispose: () => bridge.dispose()
+    dispose: () => bridge.dispose(),
+    attachWebSocket: (server) => {
+      const wss = new WebSocketServer({ noServer: true });
+      server.on("upgrade", (req, socket, head) => {
+        const url = new URL(req.url ?? "", "http://localhost");
+        if (url.pathname !== "/codex-api/ws") {
+          return;
+        }
+        if (authSession && !authSession.isRequestAuthorized(req)) {
+          socket.write("HTTP/1.1 401 Unauthorized\r\nConnection: close\r\n\r\n");
+          socket.destroy();
+          return;
+        }
+        wss.handleUpgrade(req, socket, head, (ws) => {
+          wss.emit("connection", ws, req);
+        });
+      });
+      wss.on("connection", (ws) => {
+        ws.send(JSON.stringify({ method: "ready", params: { ok: true }, atIso: (/* @__PURE__ */ new Date()).toISOString() }));
+        const unsubscribe = bridge.subscribeNotifications((notification) => {
+          if (ws.readyState !== 1) return;
+          ws.send(JSON.stringify(notification));
+        });
+        ws.on("close", unsubscribe);
+        ws.on("error", unsubscribe);
+      });
+    }
   };
 }
 
@@ -1515,6 +1554,49 @@ function openBrowser(url) {
   });
   child.unref();
 }
+function parseCloudflaredUrl(chunk) {
+  const urlMatch = chunk.match(/https:\/\/[a-zA-Z0-9-]+\.trycloudflare\.com/g);
+  if (!urlMatch || urlMatch.length === 0) {
+    return null;
+  }
+  return urlMatch[urlMatch.length - 1] ?? null;
+}
+async function startCloudflaredTunnel(localPort) {
+  return new Promise((resolve2, reject) => {
+    const child = spawn2("cloudflared", ["tunnel", "--url", `http://localhost:${String(localPort)}`], {
+      stdio: ["ignore", "pipe", "pipe"]
+    });
+    const timeout = setTimeout(() => {
+      child.kill("SIGTERM");
+      reject(new Error("Timed out waiting for cloudflared tunnel URL"));
+    }, 2e4);
+    const handleData = (value) => {
+      const text = String(value);
+      const parsedUrl = parseCloudflaredUrl(text);
+      if (!parsedUrl) {
+        return;
+      }
+      clearTimeout(timeout);
+      child.stdout?.off("data", handleData);
+      child.stderr?.off("data", handleData);
+      resolve2({ process: child, url: parsedUrl });
+    };
+    const onError = (error) => {
+      clearTimeout(timeout);
+      reject(new Error(`Failed to start cloudflared: ${error.message}`));
+    };
+    child.once("error", onError);
+    child.stdout?.on("data", handleData);
+    child.stderr?.on("data", handleData);
+    child.once("exit", (code) => {
+      if (code === 0) {
+        return;
+      }
+      clearTimeout(timeout);
+      reject(new Error(`cloudflared exited before providing a URL (code ${String(code)})`));
+    });
+  });
+}
 function listenWithFallback(server, startPort) {
   return new Promise((resolve2, reject) => {
     const attempt = (port) => {
@@ -1546,13 +1628,28 @@ async function startServer(options) {
   }
   const requestedPort = parseInt(options.port, 10);
   const password = resolvePassword(options.password);
-  const { app, dispose } = createServer({ password });
+  const { app, dispose, attachWebSocket } = createServer({ password });
   const server = createServer2(app);
+  attachWebSocket(server);
   const port = await listenWithFallback(server, requestedPort);
+  let tunnelChild = null;
+  let tunnelUrl = null;
+  if (options.tunnel) {
+    try {
+      const tunnel = await startCloudflaredTunnel(port);
+      tunnelChild = tunnel.process;
+      tunnelUrl = tunnel.url;
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error);
+      console.warn(`
+[cloudflared] Tunnel not started: ${message}`);
+    }
+  }
   const lines = [
     "",
     "Codex Web Local is running!",
     `  Version:  ${version}`,
+    "  GitHub:   https://github.com/friuns2/codexui",
     "",
     `  Local:    http://localhost:${String(port)}`
   ];
@@ -1562,12 +1659,25 @@ async function startServer(options) {
   if (password) {
     lines.push(`  Password: ${password}`);
   }
+  if (tunnelUrl) {
+    lines.push(`  Tunnel:   ${tunnelUrl}`);
+    lines.push("");
+    lines.push("  Tunnel QR code:");
+    lines.push(`  URL:      ${tunnelUrl}`);
+  }
   printTermuxKeepAlive(lines);
   lines.push("");
   console.log(lines.join("\n"));
+  if (tunnelUrl) {
+    qrcode.generate(tunnelUrl, { small: true });
+    console.log("");
+  }
   openBrowser(`http://localhost:${String(port)}`);
   function shutdown() {
     console.log("\nShutting down...");
+    if (tunnelChild && !tunnelChild.killed) {
+      tunnelChild.kill("SIGTERM");
+    }
     server.close(() => {
       dispose();
       process.exit(0);
@@ -1585,7 +1695,7 @@ async function runLogin() {
   console.log("\nStarting `codex login`...\n");
   runOrFail(codexCommand, ["login"], "Codex login");
 }
-program.option("-p, --port <port>", "port to listen on", "5999").option("--password <pass>", "set a specific password").option("--no-password", "disable password protection").action(async (opts) => {
+program.option("-p, --port <port>", "port to listen on", "5999").option("--password <pass>", "set a specific password").option("--no-password", "disable password protection").option("--tunnel", "start cloudflared tunnel", true).option("--no-tunnel", "disable cloudflared tunnel startup").action(async (opts) => {
   await startServer(opts);
 });
 program.command("login").description("Install/check Codex CLI and run `codex login`").action(runLogin);