lunel-cli 0.1.40 → 0.1.41

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/index.js +30 -7
  2. package/package.json +1 -1
package/dist/index.js CHANGED
@@ -11,8 +11,8 @@ import * as os from "os";
11
11
  import { spawn, execSync, execFileSync } from "child_process";
12
12
  import { createServer, createConnection } from "net";
13
13
  import { createInterface } from "readline";
14
- const DEFAULT_PROXY_URL = process.env.LUNEL_PROXY_URL || "https://gateway.lunel.dev";
15
- const MANAGER_URL = process.env.LUNEL_MANAGER_URL || "https://manager.lunel.dev";
14
+ const DEFAULT_PROXY_URL = normalizeGatewayUrl(process.env.LUNEL_PROXY_URL || "https://gateway.lunel.dev");
15
+ const MANAGER_URL = normalizeGatewayUrl(process.env.LUNEL_MANAGER_URL || "https://manager.lunel.dev");
16
16
  const CLI_ARGS = process.argv.slice(2);
17
17
  import { createRequire } from "module";
18
18
  const __require = createRequire(import.meta.url);
@@ -1943,7 +1943,10 @@ async function handleProxyConnect(payload) {
1943
1943
  throw tcpConnectError || Object.assign(new Error(`TCP connect failed to localhost:${port}`), { code: "ECONNREFUSED" });
1944
1944
  }
1945
1945
  // 2. Open proxy WebSocket to gateway
1946
- const wsBase = activeGatewayUrl.replace(/^http/, "ws");
1946
+ const wsBase = activeGatewayUrl.replace(/^https:/, "wss:");
1947
+ if (!wsBase.startsWith("wss://")) {
1948
+ throw Object.assign(new Error("Gateway URL must use https://"), { code: "EPROTO" });
1949
+ }
1947
1950
  const authQuery = currentSessionPassword
1948
1951
  ? `password=${encodeURIComponent(currentSessionPassword)}`
1949
1952
  : `code=${encodeURIComponent(currentSessionCode)}`;
@@ -2427,9 +2430,26 @@ function sendResponseOnData(response, dataWs) {
2427
2430
  dataWs.send(JSON.stringify(response));
2428
2431
  }
2429
2432
  function normalizeGatewayUrl(input) {
2430
- if (/^https?:\/\//.test(input))
2431
- return input.replace(/\/+$/, "");
2432
- return `https://${input}`.replace(/\/+$/, "");
2433
+ const raw = input.trim();
2434
+ if (!raw) {
2435
+ throw new Error("Gateway URL is required");
2436
+ }
2437
+ if (raw.toLowerCase().startsWith("http://") || raw.toLowerCase().startsWith("ws://")) {
2438
+ throw new Error("Insecure gateway protocol is not allowed; use https://");
2439
+ }
2440
+ const withScheme = /^[a-z]+:\/\//i.test(raw) ? raw : `https://${raw}`;
2441
+ let parsed;
2442
+ try {
2443
+ parsed = new URL(withScheme);
2444
+ }
2445
+ catch {
2446
+ throw new Error(`Invalid gateway URL: ${input}`);
2447
+ }
2448
+ if (parsed.protocol !== "https:") {
2449
+ throw new Error("Gateway URL must use https://");
2450
+ }
2451
+ const path = parsed.pathname === "/" ? "" : parsed.pathname.replace(/\/+$/, "");
2452
+ return `${parsed.protocol}//${parsed.host}${path}`;
2433
2453
  }
2434
2454
  async function createSessionFromManager() {
2435
2455
  const response = await fetch(`${MANAGER_URL}/v1/session`, {
@@ -2456,7 +2476,10 @@ function displayQR(primaryGateway, backupGateway, code) {
2456
2476
  });
2457
2477
  }
2458
2478
  function buildWsUrl(gatewayUrl, role, channel) {
2459
- const wsBase = gatewayUrl.replace(/^http/, "ws");
2479
+ const wsBase = gatewayUrl.replace(/^https:/, "wss:");
2480
+ if (!wsBase.startsWith("wss://")) {
2481
+ throw new Error("Gateway URL must use https://");
2482
+ }
2460
2483
  const query = new URLSearchParams();
2461
2484
  if (currentSessionPassword) {
2462
2485
  query.set("password", currentSessionPassword);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "lunel-cli",
3
- "version": "0.1.40",
3
+ "version": "0.1.41",
4
4
  "author": [
5
5
  {
6
6
  "name": "Soham Bharambe",