mygensite 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 Roman Shtylman
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.en.md

@@ -0,0 +1,196 @@
+# mygensite
+
+Expose your localhost to the world via [mygen.site](https://mygen.site) with access control.
+
+A fork of [localtunnel](https://github.com/localtunnel/localtunnel) with extended features: password protection, IP whitelisting, TTL, owner management, and admin tokens.
+
+## Quickstart
+
+```
+npx mygensite --port 8000
+```
+
+## Installation
+
+### Globally
+
+```
+npm install -g mygensite
+```
+
+### As a dependency in your project
+
+```
+npm install mygensite
+```
+
+## CLI usage
+
+```
+mygensite --port 8000
+```
+
+It will connect to mygen.site, set up the tunnel, and tell you what URL to use. The `lt` command also works for backward compatibility.
+
+### Arguments
+
+Below are some common arguments. See `mygensite --help` for all options.
+
+- `--port` (required) local port to expose
+- `--subdomain` request a named subdomain (default is random)
+- `--host` upstream server URL (default: `https://mygen.site`)
+- `--local-host` proxy to a hostname other than localhost
+- `--access` access control mode: `public`, `password`, `ip_only`, `both` (default: `both`)
+- `--password` password for access control (auto-generated if omitted)
+- `--owner-email` owner email for dashboard management
+- `--ttl` tunnel TTL in seconds, 60-86400 (default: 3600)
+
+```
+mygensite --port 3000 --subdomain my-app --access password --password secret --ttl 7200
+```
+
+Output includes URL, password, and admin_token for runtime management.
+
+You may also specify arguments via env variables:
+
+```
+PORT=3000 mygensite
+```
+
+## API
+
+### mygensite(options)
+
+Creates a new tunnel to the specified local `port`. Returns a Promise that resolves once you have been assigned a public URL.
+
+```js
+const mygensite = require('mygensite');
+
+(async () => {
+  const tunnel = await mygensite({
+    port: 3000,
+    subdomain: 'my-app',
+    access: 'password',
+    password: 'secret',
+    owner_email: 'alice@company.com',
+    ttl: 3600,
+  });
+
+  console.log(tunnel.url);           // https://my-app.mygen.site
+  console.log(tunnel.password);      // "secret"
+  console.log(tunnel.admin_token);   // "tok_xxx"
+  console.log(tunnel.access);        // { mode: "password", ... }
+  console.log(tunnel.expires_at);    // "2025-06-01T13:00:00Z"
+
+  tunnel.on('close', () => {
+    // tunnel closed
+  });
+})();
+```
+
+#### Options
+
+##### localtunnel compatible
+
+- `port` (number) [required] The local port number to expose.
+- `subdomain` (string) Request a specific subdomain on the proxy server.
+- `host` (string) URL for the upstream proxy server. Defaults to `https://mygen.site`.
+- `local_host` (string) Proxy to this hostname instead of `localhost`. This will also cause the `Host` header to be re-written to this value in proxied requests.
+- `local_https` (boolean) Enable tunneling to local HTTPS server.
+- `local_cert` (string) Path to certificate PEM file for local HTTPS server.
+- `local_key` (string) Path to certificate key file for local HTTPS server.
+- `local_ca` (string) Path to certificate authority file for self-signed certificates.
+- `allow_invalid_cert` (boolean) Disable certificate checks for your local HTTPS server.
+
+##### mygensite extensions
+
+- `access` (string) Access control mode: `public`, `password`, `ip_only`, `both`. Default: `both`.
+- `password` (string) Password for access control. Auto-generated if omitted.
+- `allowed_ips` (string[]) IP whitelist for `ip_only` or `both` mode. Supports CIDR notation.
+- `owner_email` (string) Owner email for dashboard management.
+- `ttl` (number) Tunnel TTL in seconds (60-86400). Default: 3600.
+
+### Tunnel instance
+
+#### Properties
+
+| property | description |
+| --- | --- |
+| `url` | The public URL for the tunnel |
+| `password` | The password (if access control is set) |
+| `admin_token` | Token for runtime management via API |
+| `access` | Access control settings object |
+| `expires_at` | ISO timestamp when the tunnel expires |
+
+#### Events
+
+| event | args | description |
+| --- | --- | --- |
+| request | info | fires when a request is processed, contains `method` and `path` |
+| error | err | fires when an error happens on the tunnel |
+| close | | fires when the tunnel has closed |
+
+#### Methods
+
+| method | args | description |
+| --- | --- | --- |
+| `close()` | | Close the tunnel |
+| `updateAccess(access)` | `{ mode, password, allowed_ips }` | Update access control at runtime. Returns a Promise. |
+| `extendTTL(ttl)` | seconds (number) | Extend the tunnel TTL. Returns a Promise. |
+
+### Runtime management
+
+```js
+// Switch to public access
+await tunnel.updateAccess({ mode: 'public' });
+
+// Add password protection
+await tunnel.updateAccess({ mode: 'password', password: 'newpass' });
+
+// Restrict by IP
+await tunnel.updateAccess({ mode: 'ip_only', allowed_ips: ['1.2.3.0/24'] });
+
+// Extend TTL by 1 hour
+await tunnel.extendTTL(3600);
+```
+
+## Error Codes
+
+### Tunnel creation errors
+
+| status | error | description | fix |
+| --- | --- | --- | --- |
+| 400 | `invalid_slug` | Slug must be 3-63 chars, lowercase alphanumeric and hyphens | Use a valid slug format, e.g. `my-app-1` |
+| 400 | `reserved_slug` | This slug is reserved and cannot be used | Choose a different slug. Reserved: www, api, dashboard, admin, etc. |
+| 400 | `invalid_ttl` | TTL must be between 60 and 86400 seconds | Use a value between 60 (1 min) and 86400 (24 hours) |
+| 400 | `invalid_access` | Access mode must be: public, password, ip_only, both | Use one of the four valid modes |
+| 409 | `slug_in_use` | This slug is already in use | Use a different slug, or omit `subdomain` for a random one |
+| 503 | — | Server is temporarily unavailable | Retry after a few seconds |
+
+### Runtime management errors (updateAccess, extendTTL)
+
+| status | error | description | fix |
+| --- | --- | --- | --- |
+| 401 | `unauthorized` | Invalid or missing admin_token | Use the `admin_token` returned from tunnel creation |
+| 404 | `not_found` | Service not found | Check that the slug is correct and the tunnel is still active |
+| 400 | `invalid_access` | Invalid access mode | Use one of: public, password, ip_only, both |
+| 400 | `invalid_ttl` | TTL out of range | Use a value between 60 and 86400 |
+
+### Gateway errors (when accessing the tunnel URL)
+
+| status | description | fix |
+| --- | --- | --- |
+| 404 | Service not found | Check that the slug exists and has not been deleted |
+| 410 | Service has expired | Call `extendTTL()` or create a new tunnel |
+| 403 | IP not allowed | Add your IP to `allowed_ips`, or switch access mode to `public` |
+| 401 | Incorrect password | Retry with the correct password |
+| 502 | Service is offline (tunnel disconnected) | Restart the tunnel client |
+| 504 | Service timed out | Check that your local server is running and responsive |
+
+## Compatibility
+
+mygensite is fully compatible with any localtunnel server. Extension options are sent as query parameters and silently ignored by servers that don't support them.
+
+## License
+
+MIT

package/README.ko.md

@@ -0,0 +1,196 @@
+# mygensite
+
+[mygen.site](https://mygen.site)를 통해 로컬 서버를 접근 제어와 함께 외부에 노출합니다.
+
+[localtunnel](https://github.com/localtunnel/localtunnel) fork에 비밀번호 보호, IP 화이트리스트, TTL, 소유자 관리, admin token 기능을 추가했습니다.
+
+## 빠른 시작
+
+```
+npx mygensite --port 8000
+```
+
+## 설치
+
+### 전역 설치
+
+```
+npm install -g mygensite
+```
+
+### 프로젝트 의존성으로 설치
+
+```
+npm install mygensite
+```
+
+## CLI 사용법
+
+```
+mygensite --port 8000
+```
+
+mygen.site에 연결하여 터널을 생성하고, 사용할 URL을 알려줍니다. 하위 호환을 위해 `lt` 명령어도 사용 가능합니다.
+
+### 인자
+
+주요 인자 목록입니다. 전체 옵션은 `mygensite --help`를 참고하세요.
+
+- `--port` (필수) 노출할 로컬 포트
+- `--subdomain` 원하는 서브도메인 지정 (기본: 랜덤)
+- `--host` 업스트림 서버 URL (기본: `https://mygen.site`)
+- `--local-host` localhost 대신 프록시할 호스트명
+- `--access` 접근 제어 모드: `public`, `password`, `ip_only`, `both` (기본: `both`)
+- `--password` 접근 제어 비밀번호 (미지정 시 자동 생성)
+- `--owner-email` 대시보드 관리용 소유자 이메일
+- `--ttl` 터널 유효 시간(초), 60-86400 (기본: 3600)
+
+```
+mygensite --port 3000 --subdomain my-app --access password --password secret --ttl 7200
+```
+
+출력에 URL, 비밀번호, admin_token이 포함됩니다.
+
+환경변수로도 인자를 지정할 수 있습니다:
+
+```
+PORT=3000 mygensite
+```
+
+## API
+
+### mygensite(options)
+
+지정한 로컬 `port`로 터널을 생성합니다. 공개 URL이 할당되면 resolve되는 Promise를 반환합니다.
+
+```js
+const mygensite = require('mygensite');
+
+(async () => {
+  const tunnel = await mygensite({
+    port: 3000,
+    subdomain: 'my-app',
+    access: 'password',
+    password: 'secret',
+    owner_email: 'alice@company.com',
+    ttl: 3600,
+  });
+
+  console.log(tunnel.url);           // https://my-app.mygen.site
+  console.log(tunnel.password);      // "secret"
+  console.log(tunnel.admin_token);   // "tok_xxx"
+  console.log(tunnel.access);        // { mode: "password", ... }
+  console.log(tunnel.expires_at);    // "2025-06-01T13:00:00Z"
+
+  tunnel.on('close', () => {
+    // 터널 종료됨
+  });
+})();
+```
+
+#### 옵션
+
+##### localtunnel 호환
+
+- `port` (number) [필수] 노출할 로컬 포트 번호.
+- `subdomain` (string) 프록시 서버에 요청할 서브도메인.
+- `host` (string) 업스트림 프록시 서버 URL. 기본값: `https://mygen.site`.
+- `local_host` (string) `localhost` 대신 프록시할 호스트명. 프록시 요청의 `Host` 헤더도 이 값으로 변경됩니다.
+- `local_https` (boolean) 로컬 HTTPS 서버로 터널링.
+- `local_cert` (string) 로컬 HTTPS 서버의 인증서 PEM 파일 경로.
+- `local_key` (string) 로컬 HTTPS 서버의 인증서 키 파일 경로.
+- `local_ca` (string) 자체 서명 인증서용 CA 파일 경로.
+- `allow_invalid_cert` (boolean) 로컬 HTTPS 서버의 인증서 검증 비활성화.
+
+##### mygensite 확장
+
+- `access` (string) 접근 제어 모드: `public`, `password`, `ip_only`, `both`. 기본값: `both`.
+- `password` (string) 접근 제어 비밀번호. 미지정 시 자동 생성.
+- `allowed_ips` (string[]) `ip_only` 또는 `both` 모드에서 허용할 IP 목록. CIDR 표기 지원.
+- `owner_email` (string) 대시보드 관리용 소유자 이메일.
+- `ttl` (number) 터널 유효 시간(초), 60-86400. 기본값: 3600.
+
+### Tunnel 인스턴스
+
+#### 속성
+
+| 속성 | 설명 |
+| --- | --- |
+| `url` | 터널의 공개 URL |
+| `password` | 비밀번호 (접근 제어 설정 시) |
+| `admin_token` | 런타임 관리용 API 토큰 |
+| `access` | 접근 제어 설정 객체 |
+| `expires_at` | 터널 만료 시각 (ISO 형식) |
+
+#### 이벤트
+
+| 이벤트 | 인자 | 설명 |
+| --- | --- | --- |
+| request | info | 요청 처리 시 발생, `method`와 `path` 포함 |
+| error | err | 터널 에러 발생 시 |
+| close | | 터널 종료 시 |
+
+#### 메서드
+
+| 메서드 | 인자 | 설명 |
+| --- | --- | --- |
+| `close()` | | 터널 종료 |
+| `updateAccess(access)` | `{ mode, password, allowed_ips }` | 런타임에 접근 제어 변경. Promise 반환. |
+| `extendTTL(ttl)` | 초 (number) | 터널 TTL 연장. Promise 반환. |
+
+### 런타임 관리
+
+```js
+// 공개로 전환
+await tunnel.updateAccess({ mode: 'public' });
+
+// 비밀번호 보호 추가
+await tunnel.updateAccess({ mode: 'password', password: 'newpass' });
+
+// IP 제한
+await tunnel.updateAccess({ mode: 'ip_only', allowed_ips: ['1.2.3.0/24'] });
+
+// TTL 1시간 연장
+await tunnel.extendTTL(3600);
+```
+
+## 에러 코드
+
+### 터널 생성 에러
+
+| 상태 | 에러 | 설명 | 해결 |
+| --- | --- | --- | --- |
+| 400 | `invalid_slug` | slug는 3-63자, 소문자 영숫자와 하이픈만 가능 | 올바른 형식 사용, 예: `my-app-1` |
+| 400 | `reserved_slug` | 예약된 slug로 사용 불가 | 다른 slug 사용. 예약어: www, api, dashboard, admin 등 |
+| 400 | `invalid_ttl` | TTL은 60-86400초 범위여야 함 | 60(1분) ~ 86400(24시간) 사이 값 사용 |
+| 400 | `invalid_access` | 접근 모드는 public, password, ip_only, both 중 하나 | 4가지 모드 중 하나를 지정 |
+| 409 | `slug_in_use` | 이미 사용 중인 slug | 다른 slug 사용, 또는 `subdomain` 생략하여 랜덤 할당 |
+| 503 | — | 서버 일시 장애 | 몇 초 후 재시도 |
+
+### 런타임 관리 에러 (updateAccess, extendTTL)
+
+| 상태 | 에러 | 설명 | 해결 |
+| --- | --- | --- | --- |
+| 401 | `unauthorized` | admin_token 없음 또는 불일치 | 터널 생성 시 반환된 `admin_token` 사용 |
+| 404 | `not_found` | 서비스 없음 | slug가 맞는지, 터널이 아직 활성 상태인지 확인 |
+| 400 | `invalid_access` | 잘못된 접근 모드 | public, password, ip_only, both 중 하나 사용 |
+| 400 | `invalid_ttl` | TTL 범위 초과 | 60 ~ 86400 사이 값 사용 |
+
+### Gateway 에러 (터널 URL 접속 시)
+
+| 상태 | 설명 | 해결 |
+| --- | --- | --- |
+| 404 | 서비스 없음 | slug가 존재하고 삭제되지 않았는지 확인 |
+| 410 | 서비스 만료 | `extendTTL()`로 연장하거나 새 터널 생성 |
+| 403 | IP 접근 거부 | `allowed_ips`에 IP 추가, 또는 `public` 모드로 변경 |
+| 401 | 비밀번호 틀림 | 올바른 비밀번호로 재시도 |
+| 502 | 서비스 오프라인 (터널 연결 끊김) | 터널 클라이언트 재시작 |
+| 504 | 서비스 응답 시간 초과 | 로컬 서버가 실행 중이고 응답 가능한지 확인 |
+
+## 호환성
+
+mygensite는 모든 localtunnel 서버와 완전 호환됩니다. 확장 옵션은 쿼리 파라미터로 전송되며, 지원하지 않는 서버에서는 무시됩니다.
+
+## 라이선스
+
+MIT

package/README.md

@@ -0,0 +1,77 @@
+# mygensite
+
+Expose your localhost to the world via [mygen.site](https://mygen.site) with access control.
+
+## Install
+
+```bash
+npm install mygensite
+```
+
+## Tunnel (expose local server)
+
+```js
+const mygensite = require('mygensite');
+
+const tunnel = await mygensite({
+  port: 3000,                          // required: local port
+  subdomain: 'my-app',                 // optional: default random
+  host: 'https://mygen.site',          // optional: default mygen.site
+  access: 'password',                  // optional: public | password | ip_only | both (default: both)
+  password: 'secret',                  // optional: auto-generated if omitted
+  allowed_ips: ['1.2.3.0/24'],         // optional: for ip_only or both
+  owner_email: 'alice@company.com',    // optional: dashboard management
+  ttl: 3600,                           // optional: seconds, 60-86400 (default: 3600)
+});
+
+// Result
+tunnel.url          // "https://my-app.mygen.site"
+tunnel.password     // "secret"
+tunnel.admin_token  // "tok_xxx"
+tunnel.expires_at   // "2025-06-01T13:00:00Z"
+
+// Runtime management
+await tunnel.updateAccess({ mode: 'public' });
+await tunnel.extendTTL(3600);
+
+// Cleanup
+tunnel.close();
+```
+
+## Access Modes
+
+| mode | behavior |
+|------|----------|
+| `public` | anyone can access |
+| `password` | password required |
+| `ip_only` | allowed_ips only |
+| `both` | allowed_ips + password (default) |
+
+## Error Codes
+
+| status | error | when | fix |
+|--------|-------|------|-----|
+| 400 | `invalid_slug` | slug format invalid | use 3-63 chars, lowercase alphanum + hyphen (e.g. `my-app-1`) |
+| 400 | `reserved_slug` | slug is reserved | choose different slug. reserved: www, api, dashboard, admin, etc. |
+| 400 | `invalid_ttl` | TTL out of range | use 60-86400 (seconds) |
+| 400 | `invalid_access` | bad access mode | use: public, password, ip_only, both |
+| 401 | `unauthorized` | wrong admin_token | use the `admin_token` from tunnel creation response |
+| 404 | `not_found` | service not found | verify slug is correct and tunnel is active |
+| 409 | `slug_in_use` | slug already taken | use different slug, or omit `subdomain` for random |
+| 410 | `expired` | TTL expired | call `extendTTL()` or create new tunnel |
+| 502 | — | tunnel offline | restart tunnel client |
+
+## CLI
+
+```bash
+mygensite --port 3000 --subdomain my-app --access password --password secret --ttl 7200
+```
+
+## Documentation
+
+- [English (detailed)](./README.en.md) — full API reference, all options, events, methods
+- [한국어](./README.ko.md) — 한국어 상세 문서
+
+## License
+
+MIT

package/bin/lt.js

@@ -0,0 +1,129 @@
+#!/usr/bin/env node
+/* eslint-disable no-console */
+
+const openurl = require('openurl');
+const yargs = require('yargs');
+
+const localtunnel = require('../localtunnel');
+const { version } = require('../package');
+
+const { argv } = yargs
+  .usage('Usage: mygensite --port [num] <options>')
+  .env(true)
+  .option('p', {
+    alias: 'port',
+    describe: 'Internal HTTP server port',
+  })
+  .option('h', {
+    alias: 'host',
+    describe: 'Upstream server providing forwarding',
+    default: 'https://mygen.site',
+  })
+  .option('s', {
+    alias: 'subdomain',
+    describe: 'Request this subdomain',
+  })
+  .option('l', {
+    alias: 'local-host',
+    describe: 'Tunnel traffic to this host instead of localhost, override Host header to this host',
+  })
+  .option('local-https', {
+    describe: 'Tunnel traffic to a local HTTPS server',
+  })
+  .option('local-cert', {
+    describe: 'Path to certificate PEM file for local HTTPS server',
+  })
+  .option('local-key', {
+    describe: 'Path to certificate key file for local HTTPS server',
+  })
+  .option('local-ca', {
+    describe: 'Path to certificate authority file for self-signed certificates',
+  })
+  .option('allow-invalid-cert', {
+    describe: 'Disable certificate checks for your local HTTPS server (ignore cert/key/ca options)',
+  })
+  .options('o', {
+    alias: 'open',
+    describe: 'Opens the tunnel URL in your browser',
+  })
+  .option('print-requests', {
+    describe: 'Print basic request info',
+  })
+  .option('access', {
+    describe: 'Access control mode: public, password, ip_only, both',
+  })
+  .option('password', {
+    describe: 'Password for access control',
+  })
+  .option('owner-email', {
+    describe: 'Owner email for dashboard management',
+  })
+  .option('ttl', {
+    describe: 'Tunnel TTL in seconds (60-86400)',
+    type: 'number',
+  })
+  .require('port')
+  .boolean('local-https')
+  .boolean('allow-invalid-cert')
+  .boolean('print-requests')
+  .help('help', 'Show this help and exit')
+  .version(version);
+
+if (typeof argv.port !== 'number') {
+  yargs.showHelp();
+  console.error('\nInvalid argument: `port` must be a number');
+  process.exit(1);
+}
+
+(async () => {
+  const tunnel = await localtunnel({
+    port: argv.port,
+    host: argv.host,
+    subdomain: argv.subdomain,
+    local_host: argv.localHost,
+    local_https: argv.localHttps,
+    local_cert: argv.localCert,
+    local_key: argv.localKey,
+    local_ca: argv.localCa,
+    allow_invalid_cert: argv.allowInvalidCert,
+    access: argv.access,
+    password: argv.password,
+    owner_email: argv.ownerEmail,
+    ttl: argv.ttl,
+  }).catch(err => {
+    throw err;
+  });
+
+  tunnel.on('error', err => {
+    throw err;
+  });
+
+  console.log('your url is: %s', tunnel.url);
+
+  if (tunnel.password) {
+    console.log('your password is: %s', tunnel.password);
+  }
+
+  if (tunnel.admin_token) {
+    console.log('your admin_token is: %s', tunnel.admin_token);
+  }
+
+  /**
+   * `cachedUrl` is set when using a proxy server that support resource caching.
+   * This URL generally remains available after the tunnel itself has closed.
+   * @see https://github.com/localtunnel/localtunnel/pull/319#discussion_r319846289
+   */
+  if (tunnel.cachedUrl) {
+    console.log('your cachedUrl is: %s', tunnel.cachedUrl);
+  }
+
+  if (argv.open) {
+    openurl.open(tunnel.url);
+  }
+
+  if (argv['print-requests']) {
+    tunnel.on('request', info => {
+      console.log(new Date().toString(), info.method, info.path);
+    });
+  }
+})();

package/lib/HeaderHostTransformer.js

@@ -0,0 +1,23 @@
+const { Transform } = require('stream');
+
+class HeaderHostTransformer extends Transform {
+  constructor(opts = {}) {
+    super(opts);
+    this.host = opts.host || 'localhost';
+    this.replaced = false;
+  }
+
+  _transform(data, encoding, callback) {
+    callback(
+      null,
+      this.replaced // after replacing the first instance of the Host header we just become a regular passthrough
+        ? data
+        : data.toString().replace(/(\r\n[Hh]ost: )\S+/, (match, $1) => {
+            this.replaced = true;
+            return $1 + this.host;
+          })
+    );
+  }
+}
+
+module.exports = HeaderHostTransformer;

package/lib/Tunnel.js

@@ -0,0 +1,214 @@
+/* eslint-disable consistent-return, no-underscore-dangle */
+
+const { parse } = require('url');
+const { EventEmitter } = require('events');
+const axios = require('axios');
+const debug = require('debug')('localtunnel:client');
+
+const TunnelCluster = require('./TunnelCluster');
+
+module.exports = class Tunnel extends EventEmitter {
+  constructor(opts = {}) {
+    super(opts);
+    this.opts = opts;
+    this.closed = false;
+    if (!this.opts.host) {
+      this.opts.host = 'https://mygen.site';
+    }
+  }
+
+  _getInfo(body) {
+    /* eslint-disable camelcase */
+    const { id, ip, port, url, cached_url, max_conn_count } = body;
+    const { host, port: local_port, local_host } = this.opts;
+    const { local_https, local_cert, local_key, local_ca, allow_invalid_cert } = this.opts;
+
+    // Parse extended fields from mygensite server
+    this.password = body.password || null;
+    this.admin_token = body.admin_token || null;
+    this.access = body.access || null;
+    this.expires_at = body.expires_at || null;
+
+    return {
+      name: id,
+      url,
+      cached_url,
+      max_conn: max_conn_count || 1,
+      remote_host: parse(host).hostname,
+      remote_ip: ip,
+      remote_port: port,
+      local_port,
+      local_host,
+      local_https,
+      local_cert,
+      local_key,
+      local_ca,
+      allow_invalid_cert,
+    };
+    /* eslint-enable camelcase */
+  }
+
+  // initialize connection
+  // callback with connection info
+  _init(cb) {
+    const opt = this.opts;
+    const getInfo = this._getInfo.bind(this);
+
+    const params = {
+      responseType: 'json',
+    };
+
+    // Build extended query params for mygensite server
+    const queryParams = {};
+    if (opt.access) queryParams.access = opt.access;
+    if (opt.password) queryParams.password = opt.password;
+    if (opt.allowed_ips) {
+      queryParams.allowed_ips = Array.isArray(opt.allowed_ips)
+        ? opt.allowed_ips.join(',')
+        : opt.allowed_ips;
+    }
+    if (opt.owner_email) queryParams.owner_email = opt.owner_email;
+    if (opt.ttl) queryParams.ttl = String(opt.ttl);
+
+    if (Object.keys(queryParams).length > 0) {
+      params.params = queryParams;
+    }
+
+    const baseUri = `${opt.host}/`;
+    // no subdomain at first, maybe use requested domain
+    const assignedDomain = opt.subdomain;
+    // where to quest
+    const uri = baseUri + (assignedDomain || '?new');
+
+    (function getUrl() {
+      axios
+        .get(uri, params)
+        .then(res => {
+          const body = res.data;
+          debug('got tunnel information', res.data);
+          if (res.status !== 200) {
+            const err = new Error(
+              (body && body.message) || 'localtunnel server returned an error, please try again'
+            );
+            return cb(err);
+          }
+          cb(null, getInfo(body));
+        })
+        .catch(err => {
+          debug(`tunnel server offline: ${err.message}, retry 1s`);
+          return setTimeout(getUrl, 1000);
+        });
+    })();
+  }
+
+  _establish(info) {
+    // increase max event listeners so that localtunnel consumers don't get
+    // warning messages as soon as they setup even one listener. See #71
+    this.setMaxListeners(info.max_conn + (EventEmitter.defaultMaxListeners || 10));
+
+    this.tunnelCluster = new TunnelCluster(info);
+
+    // only emit the url the first time
+    this.tunnelCluster.once('open', () => {
+      this.emit('url', info.url);
+    });
+
+    // re-emit socket error
+    this.tunnelCluster.on('error', err => {
+      debug('got socket error', err.message);
+      this.emit('error', err);
+    });
+
+    let tunnelCount = 0;
+
+    // track open count
+    this.tunnelCluster.on('open', tunnel => {
+      tunnelCount++;
+      debug('tunnel open [total: %d]', tunnelCount);
+
+      const closeHandler = () => {
+        tunnel.destroy();
+      };
+
+      if (this.closed) {
+        return closeHandler();
+      }
+
+      this.once('close', closeHandler);
+      tunnel.once('close', () => {
+        this.removeListener('close', closeHandler);
+      });
+    });
+
+    // when a tunnel dies, open a new one
+    this.tunnelCluster.on('dead', () => {
+      tunnelCount--;
+      debug('tunnel dead [total: %d]', tunnelCount);
+      if (this.closed) {
+        return;
+      }
+      this.tunnelCluster.open();
+    });
+
+    this.tunnelCluster.on('request', req => {
+      this.emit('request', req);
+    });
+
+    // establish as many tunnels as allowed
+    for (let count = 0; count < info.max_conn; ++count) {
+      this.tunnelCluster.open();
+    }
+  }
+
+  open(cb) {
+    this._init((err, info) => {
+      if (err) {
+        return cb(err);
+      }
+
+      this.clientId = info.name;
+      this.url = info.url;
+
+      // `cached_url` is only returned by proxy servers that support resource caching.
+      if (info.cached_url) {
+        this.cachedUrl = info.cached_url;
+      }
+
+      this._establish(info);
+      cb();
+    });
+  }
+
+  close() {
+    this.closed = true;
+    this.emit('close');
+  }
+
+  async updateAccess(access) {
+    const res = await axios.patch(
+      `${this.opts.host}/api/services/${this.clientId}`,
+      { access },
+      {
+        headers: {
+          Authorization: `Bearer ${this.admin_token}`,
+          'Content-Type': 'application/json',
+        },
+      }
+    );
+    return res.data;
+  }
+
+  async extendTTL(ttl) {
+    const res = await axios.patch(
+      `${this.opts.host}/api/services/${this.clientId}`,
+      { ttl },
+      {
+        headers: {
+          Authorization: `Bearer ${this.admin_token}`,
+          'Content-Type': 'application/json',
+        },
+      }
+    );
+    return res.data;
+  }
+};

package/lib/TunnelCluster.js

@@ -0,0 +1,153 @@
+const { EventEmitter } = require('events');
+const debug = require('debug')('localtunnel:client');
+const fs = require('fs');
+const net = require('net');
+const tls = require('tls');
+
+const HeaderHostTransformer = require('./HeaderHostTransformer');
+
+// manages groups of tunnels
+module.exports = class TunnelCluster extends EventEmitter {
+  constructor(opts = {}) {
+    super(opts);
+    this.opts = opts;
+  }
+
+  open() {
+    const opt = this.opts;
+
+    // Prefer IP if returned by the server
+    const remoteHostOrIp = opt.remote_ip || opt.remote_host;
+    const remotePort = opt.remote_port;
+    const localHost = opt.local_host || 'localhost';
+    const localPort = opt.local_port;
+    const localProtocol = opt.local_https ? 'https' : 'http';
+    const allowInvalidCert = opt.allow_invalid_cert;
+
+    debug(
+      'establishing tunnel %s://%s:%s <> %s:%s',
+      localProtocol,
+      localHost,
+      localPort,
+      remoteHostOrIp,
+      remotePort
+    );
+
+    // connection to localtunnel server
+    const remote = net.connect({
+      host: remoteHostOrIp,
+      port: remotePort,
+    });
+
+    remote.setKeepAlive(true);
+
+    remote.on('error', err => {
+      debug('got remote connection error', err.message);
+
+      // emit connection refused errors immediately, because they
+      // indicate that the tunnel can't be established.
+      if (err.code === 'ECONNREFUSED') {
+        this.emit(
+          'error',
+          new Error(
+            `connection refused: ${remoteHostOrIp}:${remotePort} (check your firewall settings)`
+          )
+        );
+      }
+
+      remote.end();
+    });
+
+    const connLocal = () => {
+      if (remote.destroyed) {
+        debug('remote destroyed');
+        this.emit('dead');
+        return;
+      }
+
+      debug('connecting locally to %s://%s:%d', localProtocol, localHost, localPort);
+      remote.pause();
+
+      if (allowInvalidCert) {
+        debug('allowing invalid certificates');
+      }
+
+      const getLocalCertOpts = () =>
+        allowInvalidCert
+          ? { rejectUnauthorized: false }
+          : {
+              cert: fs.readFileSync(opt.local_cert),
+              key: fs.readFileSync(opt.local_key),
+              ca: opt.local_ca ? [fs.readFileSync(opt.local_ca)] : undefined,
+            };
+
+      // connection to local http server
+      const local = opt.local_https
+        ? tls.connect({ host: localHost, port: localPort, ...getLocalCertOpts() })
+        : net.connect({ host: localHost, port: localPort });
+
+      const remoteClose = () => {
+        debug('remote close');
+        this.emit('dead');
+        local.end();
+      };
+
+      remote.once('close', remoteClose);
+
+      // TODO some languages have single threaded servers which makes opening up
+      // multiple local connections impossible. We need a smarter way to scale
+      // and adjust for such instances to avoid beating on the door of the server
+      local.once('error', err => {
+        debug('local error %s', err.message);
+        local.end();
+
+        remote.removeListener('close', remoteClose);
+
+        if (err.code !== 'ECONNREFUSED'
+            && err.code !== 'ECONNRESET') {
+          return remote.end();
+        }
+
+        // retrying connection to local server
+        setTimeout(connLocal, 1000);
+      });
+
+      local.once('connect', () => {
+        debug('connected locally');
+        remote.resume();
+
+        let stream = remote;
+
+        // if user requested specific local host
+        // then we use host header transform to replace the host header
+        if (opt.local_host) {
+          debug('transform Host header to %s', opt.local_host);
+          stream = remote.pipe(new HeaderHostTransformer({ host: opt.local_host }));
+        }
+
+        stream.pipe(local).pipe(remote);
+
+        // when local closes, also get a new remote
+        local.once('close', hadError => {
+          debug('local connection closed [%s]', hadError);
+        });
+      });
+    };
+
+    remote.on('data', data => {
+      const match = data.toString().match(/^(\w+) (\S+)/);
+      if (match) {
+        this.emit('request', {
+          method: match[1],
+          path: match[2],
+        });
+      }
+    });
+
+    // tunnel is considered open when remote connects
+    remote.once('connect', () => {
+      this.emit('open', remote);
+      connLocal();
+    });
+  }
+};

package/localtunnel.js

@@ -0,0 +1,14 @@
+const Tunnel = require('./lib/Tunnel');
+
+module.exports = function localtunnel(arg1, arg2, arg3) {
+  const options = typeof arg1 === 'object' ? arg1 : { ...arg2, port: arg1 };
+  const callback = typeof arg1 === 'object' ? arg2 : arg3;
+  const client = new Tunnel(options);
+  if (callback) {
+    client.open(err => (err ? callback(err) : callback(null, client)));
+    return client;
+  }
+  return new Promise((resolve, reject) =>
+    client.open(err => (err ? reject(err) : resolve(client)))
+  );
+};

package/package.json

@@ -0,0 +1,43 @@
+{
+  "name": "mygensite",
+  "description": "Expose your localhost to mygen.site with access control",
+  "version": "1.0.0",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/localtunnel/localtunnel.git"
+  },
+  "author": "Roman Shtylman <shtylman@gmail.com>",
+  "contributors": [
+    "Roman Shtylman <shtylman@gmail.com>",
+    "Gert Hengeveld <gert@hichroma.com>",
+    "Tom Coleman <tom@hichroma.com>"
+  ],
+  "files": [
+    "bin/",
+    "lib/",
+    "localtunnel.js",
+    "LICENSE",
+    "README.md"
+  ],
+  "main": "./localtunnel.js",
+  "bin": {
+    "mygensite": "bin/lt.js",
+    "lt": "bin/lt.js"
+  },
+  "scripts": {
+    "test": "mocha --reporter list --timeout 60000 -- *.spec.js"
+  },
+  "dependencies": {
+    "axios": "0.21.4",
+    "debug": "4.3.2",
+    "openurl": "1.1.1",
+    "yargs": "17.1.1"
+  },
+  "devDependencies": {
+    "mocha": "~9.1.1"
+  },
+  "engines": {
+    "node": ">=8.3.0"
+  }
+}