npm - jh-web-gateway - Versions diffs - 2.0.1 → 2.1.0 - Mend

jh-web-gateway 2.0.1 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/{chunk-J7PNSI42.js → chunk-TNKXXCTQ.js} +208 -141
package/dist/chunk-TNKXXCTQ.js.map +1 -0
package/dist/cli.js +28 -21
package/dist/cli.js.map +1 -1
package/dist/{tui-2J5JN3FF.js → tui-YGSNFLO7.js} +4 -5
package/dist/tui-YGSNFLO7.js.map +1 -0
package/package.json +2 -1
package/dist/chunk-J7PNSI42.js.map +0 -1
package/dist/tui-2J5JN3FF.js.map +0 -1

package/dist/{chunk-J7PNSI42.js → chunk-TNKXXCTQ.js} RENAMED Viewed

@@ -64,12 +64,15 @@ async function findOrOpenJhPage(browser) {
 }
 // src/infra/config.ts
-import { readFile, writeFile, mkdir } from "fs/promises";
+import { readFile, writeFile, mkdir, chmod } from "fs/promises";
 import { homedir } from "os";
 import { join } from "path";
 function getConfigPath() {
   return join(homedir(), ".jh-gateway", "config.json");
 }
+function getConfigDir() {
+  return join(homedir(), ".jh-gateway");
+}
 function getDefaultConfig() {
   return {
     cdpUrl: "http://127.0.0.1:9222",
@@ -162,15 +165,13 @@ function validateConfig(raw) {
 }
 async function loadConfig() {
   const configPath = getConfigPath();
-  const configDir = join(homedir(), ".jh-gateway");
   let raw;
   try {
     raw = await readFile(configPath, "utf8");
   } catch (err) {
     if (isNodeError(err) && (err.code === "ENOENT" || err.code === "ENOTDIR")) {
       const defaults = getDefaultConfig();
-      await mkdir(configDir, { recursive: true });
-      await writeFile(configPath, JSON.stringify(defaults, null, 2), "utf8");
+      await saveConfig(defaults);
       return defaults;
     }
     throw err;
@@ -183,13 +184,19 @@ async function loadConfig() {
       `Config validation error: config file at ${configPath} contains malformed JSON`
     );
   }
-  return validateConfig(parsed);
+  const validated = validateConfig(parsed);
+  await enforceConfigPermissions(configPath, getConfigDir());
+  return validated;
 }
 async function saveConfig(config) {
   const configPath = getConfigPath();
-  const configDir = join(homedir(), ".jh-gateway");
-  await mkdir(configDir, { recursive: true });
-  await writeFile(configPath, JSON.stringify(config, null, 2), "utf8");
+  const configDir = getConfigDir();
+  await mkdir(configDir, { recursive: true, mode: 448 });
+  await writeFile(configPath, JSON.stringify(config, null, 2), {
+    encoding: "utf8",
+    mode: 384
+  });
+  await enforceConfigPermissions(configPath, configDir);
 }
 async function updateConfig(partial) {
   const current = await loadConfig();
@@ -202,9 +209,26 @@ async function updateConfig(partial) {
 function isNodeError(err) {
   return err instanceof Error && "code" in err;
 }
+async function enforceConfigPermissions(configPath, configDir) {
+  await chmod(configDir, 448).catch((err) => {
+    const message = err instanceof Error ? err.message : String(err);
+    console.warn(`[config] Could not enforce secure directory permissions: ${message}`);
+  });
+  await chmod(configPath, 384).catch((err) => {
+    const message = err instanceof Error ? err.message : String(err);
+    console.warn(`[config] Could not enforce secure file permissions: ${message}`);
+  });
+}
 // src/core/auth-capture.ts
 var JH_HOST = "chat.ai.jh.edu";
+function isJhUrl(url) {
+  try {
+    return new URL(url).hostname === JH_HOST;
+  } catch {
+    return false;
+  }
+}
 function getTokenExpiry(token) {
   try {
     const parts = token.split(".");
@@ -238,24 +262,15 @@ async function captureCredentials(cdpUrl, timeoutMs = 12e4) {
     page = await context.newPage();
   }
   const targetPage = page;
+  const routePattern = "**/*";
   return new Promise((resolve, reject) => {
     let settled = false;
-    const timer = setTimeout(() => {
-      if (settled) return;
-      settled = true;
-      reject(
-        new Error(
-          `Credential capture timed out after ${timeoutMs / 1e3}s. Please log in to chat.ai.jh.edu and send a message to trigger authentication.`
-        )
-      );
-    }, timeoutMs);
-    targetPage.route("**/*", async (route) => {
+    let cleanedUp = false;
+    const routeHandler = async (route) => {
       const request = route.request();
       const headers = await request.headers();
       const authHeader = headers["authorization"] ?? headers["Authorization"] ?? "";
-      if (!settled && authHeader.startsWith("Bearer ") && request.url().includes(JH_HOST)) {
-        settled = true;
-        clearTimeout(timer);
+      if (!settled && authHeader.startsWith("Bearer ") && isJhUrl(request.url())) {
         try {
           const bearerToken = authHeader.slice("Bearer ".length).trim();
           const rawCookies = await targetPage.context().cookies();
@@ -271,14 +286,45 @@ async function captureCredentials(cdpUrl, timeoutMs = 12e4) {
             expiresAt
           };
           await updateConfig({ credentials: captured });
-          resolve(captured);
+          settleSuccess(captured);
         } catch (err) {
-          reject(err);
+          settleFailure(err);
         }
       }
-      await route.continue();
-    }).then(() => {
-      if (!targetPage.url().includes(JH_HOST)) {
+      await route.continue().catch((err) => {
+        const message = err instanceof Error ? err.message : String(err);
+        console.warn(`[auth-capture] Route continuation failed: ${message}`);
+      });
+    };
+    const cleanup = async () => {
+      if (cleanedUp) return;
+      cleanedUp = true;
+      clearTimeout(timer);
+      await targetPage.unroute(routePattern, routeHandler).catch((err) => {
+        const message = err instanceof Error ? err.message : String(err);
+        console.warn(`[auth-capture] Route cleanup failed: ${message}`);
+      });
+    };
+    const settleSuccess = (captured) => {
+      if (settled) return;
+      settled = true;
+      void cleanup().finally(() => resolve(captured));
+    };
+    const settleFailure = (err) => {
+      if (settled) return;
+      settled = true;
+      const error = err instanceof Error ? err : new Error(String(err));
+      void cleanup().finally(() => reject(error));
+    };
+    const timer = setTimeout(() => {
+      settleFailure(
+        new Error(
+          `Credential capture timed out after ${timeoutMs / 1e3}s. Please log in to chat.ai.jh.edu and send a message to trigger authentication.`
+        )
+      );
+    }, timeoutMs);
+    targetPage.route(routePattern, routeHandler).then(() => {
+      if (!isJhUrl(targetPage.url())) {
         targetPage.goto(`https://${JH_HOST}`, { waitUntil: "commit" }).catch(() => {
         });
       } else {
@@ -286,11 +332,7 @@ async function captureCredentials(cdpUrl, timeoutMs = 12e4) {
         });
       }
     }).catch((err) => {
-      if (!settled) {
-        settled = true;
-        clearTimeout(timer);
-        reject(err);
-      }
+      settleFailure(err);
     });
   });
 }
@@ -316,7 +358,7 @@ async function captureCredentialsActive(cdpUrl, timeoutMs = 3e4) {
         const request = route.request();
         const headers = await request.headers();
         const authHeader = headers["authorization"] ?? headers["Authorization"] ?? "";
-        if (!settled && authHeader.startsWith("Bearer ") && request.url().includes(JH_HOST)) {
+        if (!settled && authHeader.startsWith("Bearer ") && isJhUrl(request.url())) {
           settled = true;
           clearTimeout(timer);
           try {
@@ -360,6 +402,7 @@ async function captureCredentialsActive(cdpUrl, timeoutMs = 3e4) {
 // src/infra/gateway-auth.ts
 import { randomBytes } from "crypto";
+import { timingSafeEqual } from "crypto";
 function generateApiKey() {
   return `jh-local-${randomBytes(16).toString("hex")}`;
 }
@@ -385,7 +428,7 @@ function authMiddleware(config) {
     }
     if (mode === "bearer") {
       const expected = `Bearer ${token}`;
-      if (authHeader !== expected) {
+      if (!safeEquals(authHeader, expected)) {
         return c.json(
           {
             error: {
@@ -400,7 +443,7 @@ function authMiddleware(config) {
       }
     } else if (mode === "basic") {
       const expected = `Basic ${Buffer.from(`gateway:${token}`).toString("base64")}`;
-      if (authHeader !== expected) {
+      if (!safeEquals(authHeader, expected)) {
         return c.json(
           {
             error: {
@@ -417,6 +460,12 @@ function authMiddleware(config) {
     return next();
   };
 }
+function safeEquals(actual, expected) {
+  const actualBuffer = Buffer.from(actual);
+  const expectedBuffer = Buffer.from(expected);
+  if (actualBuffer.length !== expectedBuffer.length) return false;
+  return timingSafeEqual(actualBuffer, expectedBuffer);
+}
 // src/infra/types.ts
 var MODEL_ENDPOINT_MAP = {
@@ -1667,6 +1716,7 @@ var PagePool = class {
   maxPages;
   maxWaitMs;
   initPromise = null;
+  pagesCreating = 0;
   constructor(options = {}) {
     this.targetUrl = options.targetUrl ?? "https://chat.ai.jh.edu";
     this.maxPages = options.maxPages ?? 3;
@@ -1703,8 +1753,13 @@ var PagePool = class {
    */
   async acquire() {
     let pooled = this.pages.find((p2) => !p2.inUse);
-    if (!pooled && this.pages.length < this.maxPages && this.browser) {
-      pooled = await this.createPage();
+    if (!pooled && this.pages.length + this.pagesCreating < this.maxPages && this.browser) {
+      this.pagesCreating++;
+      try {
+        pooled = await this.createPage();
+      } finally {
+        this.pagesCreating--;
+      }
     }
     if (!pooled) {
       pooled = this.pages.reduce(
@@ -1731,15 +1786,27 @@ var PagePool = class {
       throw new Error("No browser context available");
     }
     const page = await context.newPage();
-    await page.goto(this.targetUrl, { waitUntil: "networkidle", timeout: 3e4 });
-    console.log(`[PagePool] New page ready: ${page.url()}`);
-    const pooled = {
-      page,
-      queue: new RequestQueue(this.maxWaitMs),
-      inUse: false
-    };
-    this.pages.push(pooled);
-    return pooled;
+    try {
+      await page.goto(this.targetUrl, { waitUntil: "networkidle", timeout: 3e4 });
+      const finalUrl = page.url();
+      if (!finalUrl.includes("chat.ai.jh.edu")) {
+        throw new Error(
+          `New page redirected away from target: ${finalUrl} \u2014 browser session may have expired, restart without --headless to re-login.`
+        );
+      }
+      console.log(`[PagePool] New page ready: ${finalUrl}`);
+      const pooled = {
+        page,
+        queue: new RequestQueue(this.maxWaitMs),
+        inUse: false
+      };
+      this.pages.push(pooled);
+      return pooled;
+    } catch (err) {
+      await page.close().catch(() => {
+      });
+      throw err;
+    }
   }
   /** Close all pages except the seed page */
   async drain() {
@@ -1755,6 +1822,99 @@ var PagePool = class {
   }
 };
+// src/core/token-refresher.ts
+var CredentialHolder = class {
+  creds = null;
+  /** Returns the current credentials, or `null` if none have been set yet. */
+  get() {
+    return this.creds;
+  }
+  /** Atomically replaces the stored credentials. */
+  set(creds) {
+    this.creds = creds;
+  }
+};
+function shouldRefresh(nowMs, expiresAt, thresholdMs) {
+  return expiresAt * 1e3 - nowMs < thresholdMs;
+}
+var BACKOFF_DELAYS = [5e3, 15e3, 3e4];
+var TokenRefresher = class {
+  credentialHolder;
+  cdpUrl;
+  checkIntervalMs;
+  refreshBeforeExpiryMs;
+  maxRetries;
+  intervalId = null;
+  constructor(credentialHolder, cdpUrl, options) {
+    this.credentialHolder = credentialHolder;
+    this.cdpUrl = cdpUrl;
+    this.checkIntervalMs = options?.checkIntervalMs ?? 6e4;
+    this.refreshBeforeExpiryMs = options?.refreshBeforeExpiryMs ?? 3e5;
+    this.maxRetries = options?.maxRetries ?? 3;
+  }
+  /** Start the background check interval. */
+  start() {
+    if (this.intervalId !== null) return;
+    this.intervalId = setInterval(() => {
+      void this.checkAndRefresh();
+    }, this.checkIntervalMs);
+  }
+  /** Stop the background check interval. */
+  stop() {
+    if (this.intervalId !== null) {
+      clearInterval(this.intervalId);
+      this.intervalId = null;
+    }
+  }
+  /** Check if a refresh is needed and perform it. Returns true if refreshed. */
+  async checkAndRefresh() {
+    const creds = this.credentialHolder.get();
+    if (!creds || !creds.expiresAt) {
+      return false;
+    }
+    if (!shouldRefresh(Date.now(), creds.expiresAt, this.refreshBeforeExpiryMs)) {
+      return false;
+    }
+    for (let attempt = 0; attempt < this.maxRetries; attempt++) {
+      try {
+        const newCreds = await captureCredentialsActive(this.cdpUrl);
+        const gatewayCreds = {
+          bearerToken: newCreds.bearerToken,
+          cookie: newCreds.cookie,
+          userAgent: newCreds.userAgent,
+          expiresAt: newCreds.expiresAt
+        };
+        this.credentialHolder.set(gatewayCreds);
+        await updateConfig({ credentials: gatewayCreds });
+        const expiryDate = new Date(newCreds.expiresAt * 1e3).toISOString();
+        console.log(`[TokenRefresher] Credentials refreshed successfully. New expiry: ${expiryDate}`);
+        return true;
+      } catch (err) {
+        const delay = BACKOFF_DELAYS[attempt] ?? BACKOFF_DELAYS[BACKOFF_DELAYS.length - 1];
+        if (attempt < this.maxRetries - 1) {
+          console.warn(
+            `[TokenRefresher] Refresh attempt ${attempt + 1}/${this.maxRetries} failed, retrying in ${delay / 1e3}s...`
+          );
+          await this.sleep(delay);
+        } else {
+          const msg = err instanceof Error ? err.message : String(err);
+          console.warn(
+            `
+\u26A0\uFE0F  [TokenRefresher] All ${this.maxRetries} refresh attempts failed. ${msg}
+   Continuing with current credentials. If requests start failing with 401,
+   restart with \`jh-gateway start\` (without --headless) to re-login.
+`
+          );
+        }
+      }
+    }
+    return false;
+  }
+  sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+  }
+};
 // src/infra/chrome-manager.ts
 import { existsSync } from "fs";
 import { execSync, spawn } from "child_process";
@@ -1996,99 +2156,6 @@ Expected locations for ${process.platform}:
   }
 };
-// src/core/token-refresher.ts
-var CredentialHolder = class {
-  creds = null;
-  /** Returns the current credentials, or `null` if none have been set yet. */
-  get() {
-    return this.creds;
-  }
-  /** Atomically replaces the stored credentials. */
-  set(creds) {
-    this.creds = creds;
-  }
-};
-function shouldRefresh(nowMs, expiresAt, thresholdMs) {
-  return expiresAt * 1e3 - nowMs < thresholdMs;
-}
-var BACKOFF_DELAYS = [5e3, 15e3, 3e4];
-var TokenRefresher = class {
-  credentialHolder;
-  cdpUrl;
-  checkIntervalMs;
-  refreshBeforeExpiryMs;
-  maxRetries;
-  intervalId = null;
-  constructor(credentialHolder, cdpUrl, options) {
-    this.credentialHolder = credentialHolder;
-    this.cdpUrl = cdpUrl;
-    this.checkIntervalMs = options?.checkIntervalMs ?? 6e4;
-    this.refreshBeforeExpiryMs = options?.refreshBeforeExpiryMs ?? 3e5;
-    this.maxRetries = options?.maxRetries ?? 3;
-  }
-  /** Start the background check interval. */
-  start() {
-    if (this.intervalId !== null) return;
-    this.intervalId = setInterval(() => {
-      void this.checkAndRefresh();
-    }, this.checkIntervalMs);
-  }
-  /** Stop the background check interval. */
-  stop() {
-    if (this.intervalId !== null) {
-      clearInterval(this.intervalId);
-      this.intervalId = null;
-    }
-  }
-  /** Check if a refresh is needed and perform it. Returns true if refreshed. */
-  async checkAndRefresh() {
-    const creds = this.credentialHolder.get();
-    if (!creds || !creds.expiresAt) {
-      return false;
-    }
-    if (!shouldRefresh(Date.now(), creds.expiresAt, this.refreshBeforeExpiryMs)) {
-      return false;
-    }
-    for (let attempt = 0; attempt < this.maxRetries; attempt++) {
-      try {
-        const newCreds = await captureCredentialsActive(this.cdpUrl);
-        const gatewayCreds = {
-          bearerToken: newCreds.bearerToken,
-          cookie: newCreds.cookie,
-          userAgent: newCreds.userAgent,
-          expiresAt: newCreds.expiresAt
-        };
-        this.credentialHolder.set(gatewayCreds);
-        await updateConfig({ credentials: gatewayCreds });
-        const expiryDate = new Date(newCreds.expiresAt * 1e3).toISOString();
-        console.log(`[TokenRefresher] Credentials refreshed successfully. New expiry: ${expiryDate}`);
-        return true;
-      } catch (err) {
-        const delay = BACKOFF_DELAYS[attempt] ?? BACKOFF_DELAYS[BACKOFF_DELAYS.length - 1];
-        if (attempt < this.maxRetries - 1) {
-          console.warn(
-            `[TokenRefresher] Refresh attempt ${attempt + 1}/${this.maxRetries} failed, retrying in ${delay / 1e3}s...`
-          );
-          await this.sleep(delay);
-        } else {
-          const msg = err instanceof Error ? err.message : String(err);
-          console.warn(
-            `
-\u26A0\uFE0F  [TokenRefresher] All ${this.maxRetries} refresh attempts failed. ${msg}
-   Continuing with current credentials. If requests start failing with 401,
-   restart with \`jh-gateway start\` (without --headless) to re-login.
-`
-          );
-        }
-      }
-    }
-    return false;
-  }
-  sleep(ms) {
-    return new Promise((resolve) => setTimeout(resolve, ms));
-  }
-};
 export {
   getChromeWebSocketUrl,
   connectToChrome,
@@ -2104,9 +2171,9 @@ export {
   isTokenExpired,
   startServer,
   PagePool,
-  ChromeManager,
   CredentialHolder,
   shouldRefresh,
-  TokenRefresher
+  TokenRefresher,
+  ChromeManager
 };
-//# sourceMappingURL=chunk-J7PNSI42.js.map
+//# sourceMappingURL=chunk-TNKXXCTQ.js.map