cruss-agent 1.0.5 → 1.0.7

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cruss-agent",
-  "version": "1.0.5",
+  "version": "1.0.7",
   "description": "Local API relay for Cruss — test localhost APIs from cruss-ten.vercel.app",
   "main": "server.js",
   "bin": {

package/server.js

@@ -6,14 +6,24 @@ const https = require('https')
 const url   = require('url')
 
 const PORT    = 9119
-const VERSION = '1.0.5'
-
+const VERSION = '1.0.7'
+
+// ── CORS ─────────────────────────────────────────────────────────────────
+// Access-Control-Allow-Private-Network is required by Chrome 104+ (PNA policy).
+// When an HTTPS page (e.g. cruss-ten.vercel.app) makes a non-simple request
+// (POST with Content-Type: application/json) to localhost, Chrome first sends
+// an OPTIONS preflight with "Access-Control-Request-Private-Network: true".
+// The agent MUST respond with "Access-Control-Allow-Private-Network: true"
+// or Chrome silently blocks the actual request. GET /health works without it
+// because simple GET requests bypass the PNA preflight — which is exactly
+// why health checks passed but POST /proxy was never received.
 function corsHeaders() {
   return {
-    'Access-Control-Allow-Origin':  '*',
-    'Access-Control-Allow-Methods': 'GET, POST, OPTIONS',
-    'Access-Control-Allow-Headers': '*',
-    'Access-Control-Max-Age':       '86400',
+    'Access-Control-Allow-Origin':          '*',
+    'Access-Control-Allow-Methods':         'GET, POST, OPTIONS',
+    'Access-Control-Allow-Headers':         '*',
+    'Access-Control-Allow-Private-Network': 'true',
+    'Access-Control-Max-Age':               '86400',
   }
 }
 
@@ -31,10 +41,6 @@ const HOP_BY_HOP = new Set([
   'te', 'trailers', 'transfer-encoding', 'upgrade',
 ])
 
-// Returns all addresses to try for a given hostname.
-// On macOS, python3 -m http.server binds to :: (IPv6 only).
-// Node resolves localhost -> 127.0.0.1 (IPv4) -> ECONNREFUSED.
-// Trying both 127.0.0.1 and ::1 guarantees one works.
 function loopbackCandidates(hostname) {
   if (hostname === 'localhost')  return ['127.0.0.1', '::1']
   if (hostname === '127.0.0.1') return ['127.0.0.1', '::1']
@@ -45,14 +51,16 @@ function loopbackCandidates(hostname) {
 function proxyOnce(hostname, port, path, method, outHeaders, body, isHttps) {
   return new Promise((resolve, reject) => {
     const lib = isHttps ? https : http
+    const resolvedPort = port || (isHttps ? 443 : 80)
     const options = {
       hostname,
-      port:    port || (isHttps ? 443 : 80),
+      port:    resolvedPort,
       path:    path || '/',
       method:  method || 'GET',
       headers: outHeaders,
       timeout: 30000,
     }
+    console.log(`  → trying ${hostname}:${resolvedPort}${path || '/'}`)
     const t0  = Date.now()
     const req = lib.request(options, res => {
       const chunks = []
@@ -64,10 +72,11 @@ function proxyOnce(hostname, port, path, method, outHeaders, body, isHttps) {
         const respHeaders = {}
         for (const [k, v] of Object.entries(res.headers || {})) {
           if (!['access-control-allow-origin','access-control-allow-headers',
-                'access-control-allow-methods'].includes(k.toLowerCase())) {
+                'access-control-allow-methods','access-control-allow-private-network'].includes(k.toLowerCase())) {
             respHeaders[k] = Array.isArray(v) ? v.join(', ') : v
           }
         }
+        console.log(`  ✓ ${res.statusCode} ${res.statusMessage} (${elapsed}ms)`)
         resolve({
           status: res.statusCode, statusText: res.statusMessage,
           headers: respHeaders, body: bodyStr,
@@ -77,7 +86,10 @@ function proxyOnce(hostname, port, path, method, outHeaders, body, isHttps) {
       res.on('error', reject)
     })
     req.on('timeout', () => { req.destroy(); reject(new Error('Request timed out (30s)')) })
-    req.on('error', reject)
+    req.on('error', (err) => {
+      console.log(`  ✗ ${hostname}:${resolvedPort} — ${err.code || err.message}`)
+      reject(err)
+    })
     const hasBody = body && !['GET','HEAD','OPTIONS'].includes((method||'GET').toUpperCase())
     if (hasBody) req.write(typeof body === 'string' ? body : JSON.stringify(body))
     req.end()
@@ -87,15 +99,14 @@ function proxyOnce(hostname, port, path, method, outHeaders, body, isHttps) {
 async function proxyRequest(targetUrl, method, reqHeaders, body) {
   const parsed  = url.parse(targetUrl)
   const isHttps = parsed.protocol === 'https:'
-
   const outHeaders = {}
   for (const [k, v] of Object.entries(reqHeaders || {})) {
     if (!HOP_BY_HOP.has(k.toLowerCase())) outHeaders[k] = v
   }
-
   const candidates = loopbackCandidates(parsed.hostname)
+  console.log(`\n  [${new Date().toISOString()}] ${method} ${targetUrl}`)
+  console.log(`  candidates: ${candidates.join(', ')}`)
   let lastErr
-
   for (const host of candidates) {
     try {
       return await proxyOnce(host, parsed.port, parsed.path, method, outHeaders, body, isHttps)
@@ -104,10 +115,9 @@ async function proxyRequest(targetUrl, method, reqHeaders, body) {
       if (err.code !== 'ECONNREFUSED' && err.code !== 'EADDRNOTAVAIL') throw err
     }
   }
-
+  const port = parsed.port || (isHttps ? 443 : 80)
   throw new Error(
-    `Connection refused on all addresses (${candidates.join(', ')}) port ${parsed.port || (isHttps ? 443 : 80)}. ` +
-    `Is your server running?`
+    `Connection refused on all addresses (${candidates.join(', ')}) port ${port}. Is your server running on port ${port}?`
   )
 }
 
@@ -115,8 +125,14 @@ const server = http.createServer(async (req, res) => {
   const cors    = corsHeaders()
   const reqPath = url.parse(req.url).pathname
 
+  // Log ALL incoming requests so we can see preflights
+  console.log(`  [${req.method}] ${reqPath} — origin: ${req.headers['origin'] || '(none)'} pna: ${req.headers['access-control-request-private-network'] || 'no'}`)
+
   if (req.method === 'OPTIONS') {
-    res.writeHead(204, cors); res.end(); return
+    console.log(`  ← preflight OK`)
+    res.writeHead(204, cors)
+    res.end()
+    return
   }
 
   function send(status, body) {
@@ -134,19 +150,18 @@ const server = http.createServer(async (req, res) => {
     try {
       payload = JSON.parse(await readBody(req))
     } catch {
-      send(400, { error: 'Request body must be valid JSON' }); return
+      send(400, { error: 'Request body must be valid JSON' })
+      return
     }
-
     const { method, url: targetUrl, headers, body } = payload || {}
-
     if (!targetUrl || typeof targetUrl !== 'string') { send(400, { error: 'url is required' }); return }
     if (!method   || typeof method   !== 'string')   { send(400, { error: 'method is required' }); return }
-
     try {
       const result = await proxyRequest(targetUrl, method, headers || {}, body)
       send(200, { data: result })
     } catch (err) {
       const msg = err instanceof Error ? err.message : String(err)
+      console.log(`  ✗ proxy failed: ${msg}`)
       send(200, { data: { status: 0, statusText: 'Network Error', headers: {}, body: null, error: msg, responseTime: 0, size: 0 } })
     }
     return
@@ -168,13 +183,13 @@ server.listen(PORT, '0.0.0.0', () => {
   console.log('  ║   Ctrl+C to stop                      ║')
   console.log('  ╚═══════════════════════════════════════╝')
   console.log('')
-  console.log('  Waiting for requests...')
+  console.log('  All requests logged below.')
   console.log('')
 })
 
 server.on('error', err => {
   if (err.code === 'EADDRINUSE') {
-    console.error(`\n  Port ${PORT} is already in use. Run: kill $(lsof -ti:${PORT})`)
+    console.error(`\n  Port ${PORT} already in use. Run: kill $(lsof -ti:${PORT})`)
   } else {
     console.error('\n  Agent failed to start:', err.message)
   }