tlsd 2.15.0 → 2.16.1

package/README.md

@@ -9,7 +9,7 @@ It is *not* designed for production websites.
 
 	- SSL/TLS via Greenlock
 	- Websockets built in
-	- Standardised Websockets/RPC protocol for front/back end communcations
+    - Standardised Websockets/RPC protocol for front/back end communications
 	- Utility command 'tlsd'
 
 
@@ -48,16 +48,16 @@ You should see the pages being delivered and a websocket connection being establ
 In dev mode, tlsd runs a plain HTTP server without TLS/SSL security.
 This is for local (your computer) development:
 
-    tlsd root_dir port_num log_level
+    tlsd run dev root_dir port verbosity
 
 All arguments are required.
 
 
 ## tlsd domain
 
-Adds a domain to Greenlock so that you can serve site with HTTPS:
+Adds a domain to Greenlock and links the site's root so it can be served with HTTPS:
 
-	tlsd domain example.com
+	tlsd domain example.com /absolute/path/to/site_root
 
 
 ## tlsd version
@@ -71,11 +71,15 @@ In HTTPS mode, you must specify the dir containing links/dirs for domains to ser
 it will run on HTTP on 80 (redirecting to 443), HTTPS on 443, and magically
 generate certs and serve secure sites like nodes:
 
-	DOMAINS_ROOT=./my_domains MAINTAINER_EMAIL=foo@bar.com VERBOSITY=4  node tlsd.js
+    DOMAINS_ROOT=./my_domains MAINTAINER_EMAIL=foo@bar.com VERBOSITY=4  node tlsd.js
 
-All env vars and arguments are required.
+All env vars are required.
 
-You must also add your domain to greenlock before running nodes or it won't be recognzied:
+You must also register your domain before running in TLS mode, otherwise it won't be recognized. Either run:
+
+	tlsd domain example.com /absolute/path/to/site_root
+
+or use Greenlock directly:
 
 	npx greenlock add --subject example.com --altnames example.com,www.example.com
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "tlsd",
-  "version": "2.15.0",
+  "version": "2.16.1",
   "description": "A server for web app prototyping with HTTPS and Websockets",
   "main": "tlsd.js",
   "bin": {

package/rpc_static/rpc/index.html

@@ -0,0 +1,214 @@
+<!doctype html>
+<html>
+    <head>
+        <meta charset="UTF-8">
+        <meta name="viewport" content="width=device-width, initial-scale=1.0">
+        <link rel="icon" href="data:image/svg+xml,<svg xmlns=%22http://www.w3.org/2000/svg%22 viewBox=%220 0 100 100%22><text y=%22.9em%22 font-size=%2290%22>⚙️</text></svg>">
+        <title>RPC Tool</title>
+        <style>
+            * {
+                margin: 0;
+                padding: 0;
+                box-sizing: border-box;
+            }
+            
+            body {
+                font-family: Arial, sans-serif;
+                height: 100vh;
+                overflow: hidden;
+            }
+            
+            .grid-container {
+                display: grid;
+                grid-template-columns: 1fr 1fr;
+                grid-template-rows: 1fr 1fr;
+                height: 100vh;
+                gap: 10px;
+                padding: 10px;
+            }
+            
+            .textarea-group {
+                display: flex;
+                flex-direction: column;
+                height: 100%;
+            }
+            
+            .textarea-group:first-child {
+                position: relative;
+            }
+            
+            .send-button {
+                position: absolute;
+                top: 0;
+                right: 0;
+                background-color: #007bff;
+                color: white;
+                border: none;
+                border-radius: 4px;
+                padding: 6px 12px;
+                font-size: 12px;
+                font-weight: bold;
+                cursor: pointer;
+                transition: background-color 0.2s;
+            }
+            
+            .send-button:hover {
+                background-color: #0056b3;
+            }
+            
+            .send-button:active {
+                background-color: #004085;
+            }
+            
+            .textarea-label {
+                font-weight: bold;
+                margin-bottom: 5px;
+                color: #333;
+                font-size: 14px;
+            }
+            
+            .textarea-input {
+                flex: 1;
+                resize: none;
+                border: 2px solid #ddd;
+                border-radius: 5px;
+                padding: 10px;
+                font-family: monospace;
+                font-size: 14px;
+                line-height: 1.4;
+                background-color: #f9f9f9;
+            }
+            
+            .textarea-input:focus {
+                outline: none;
+                border-color: #007bff;
+                background-color: white;
+            }
+            
+            .textarea-input:hover {
+                border-color: #007bff;
+            }
+        </style>
+        <script src="/rpc/rpc.js"></script>
+    </head>
+    <body>
+        <div class="grid-container">
+            <div class="textarea-group">
+                <label class="textarea-label">Message Data</label>
+                <button class="send-button">Send</button>
+                <textarea class="textarea-input" id="e_input" ></textarea>
+            </div>
+            <div class="textarea-group">
+                <label class="textarea-label">Preview</label>
+                <textarea class="textarea-input" id="e_preview" ></textarea>
+            </div>
+            <div class="textarea-group">
+                <label class="textarea-label">Sent to Server →</label>
+                <textarea class="textarea-input" id="e_sent" ></textarea>
+            </div>
+            <div class="textarea-group">
+                <label class="textarea-label">← Received from Server</label>
+                <textarea class="textarea-input" id="e_received" ></textarea>
+            </div>
+        </div>
+        
+        <script>
+
+            // Get the send button and first textarea
+            const sendButton = document.querySelector('.send-button');
+            const e_input = document.querySelector('#e_input');
+            const e_preview = document.querySelector('#e_preview');
+            const e_sent = document.querySelector('#e_sent');
+            const e_received = document.querySelector('#e_received');
+            
+            // Add click event listener to the send button
+            sendButton.addEventListener('click', function() {
+                // Get the content from the first textarea
+                const textareaContent = e_input.value;
+                
+                // Store the content in local storage
+                localStorage.setItem('textareaContent', textareaContent);
+                let data = parse_input( textareaContent );
+
+                let json_out = o2j( data, null, 2 );
+                e_sent.value = json_out;
+
+                let x_data = j2o( o2j( data ) );
+                delete x_data.action;
+                let x_json = o2j( x_data, null, 4 );
+
+                e_received.value = "...";
+
+                RPC( data, function( rsp ) {
+                    e_received.value = o2j( rsp, null, 2 );
+                }, function( err ) {
+                    e_received.value = "ERROR:\n" + o2j( err, null, 2 );
+                });
+
+            });
+            
+            // Load content from local storage when page loads
+            window.addEventListener('pageshow', function() {
+                const savedContent = localStorage.getItem('textareaContent');
+                if (savedContent) {
+                    e_input.value = savedContent;
+                }
+            });
+
+            function toInt( v ) {
+                return parseInt( v );
+            }
+
+            function j2o( v ) {
+                return JSON.parse( v );
+            }
+
+            function o2j( v, null_to_empty, indent ) {
+                return JSON.stringify( v, null, indent );
+            }
+
+            // parse the input into a data object
+            function parse_input( input ) {
+                let data = {};
+                let action = null;
+                let lines = input.trim().split( /\n+/ ).filter( ln => ln );
+                for( let line of lines ) {
+                    let words = line.split( /\s+/ );
+                    let k = words.shift();
+                    let v = words.join( " " );
+                    if( k == "action" ) {
+                        action = v;
+                    }
+                    if( k[ 0 ] == "#" ) {
+                        continue; // ignore
+                    }
+                    else
+                    if( v[ 0 ] == "{" || v[ 0 ] == "[" ) {
+                        v = j2o( v ) || v;
+                    }
+                    else 
+                    if( /^[\d]+$/.test( v ) ) {
+                        v = toInt( v );
+                    }
+                    else
+                    if( v == "true" ) {
+                        v = true;
+                    }
+                    else
+                    if( v == "false" ) {
+                        v = false;
+                    }
+                    data[ k ] = v;
+                }
+                return data;
+            }
+
+            setInterval( function() {
+                let data = parse_input( e_input.value );
+                let json_out = o2j( data, null, 2 );
+                e_preview.value = json_out;
+            }, 500 );
+
+        </script>
+    </body>
+</html>

package/scaffold/rpc/index.cjs

@@ -1,20 +1,15 @@
 
-//	This is the back end script that handles messages from the front end.
-//	The "input" object is exactly the same thing that was given to RPC()
-//	on the front end.
-//	Use okay() to return a normal response, or fail() to return an error.
-//	These correspond to the same okay()/fail() functions given to RPC() on
-//	the front end.
+delete require.cache[ module.filename ];
 
-module.exports = ( input, okay, fail ) => {
+module.exports = ( input, okay, fail, context ) => {
 
 	const action = input.action;
 
 	if( action == "hello" ) {
-		return okay( "welcome" );
+		return okay( { message: "Welcome!" } );
 	}
 
-	fail( "Invalid action: "+action );
+	okay( { error: "Invalid action: "+action } );
 
 };
 

package/scaffold/static/index.html

@@ -1,3 +1,4 @@
+<!DOCTYPE html>
 <html>
     <head>
         <title>TLSD Test Page</title>
@@ -14,6 +15,10 @@
 
         <h3 id=connect_status>...</h3>
 
+        <div id="drop_zone">
+            <h4>🎯 Drop files here to upload</h4>
+        </div>
+
         <script src="/rpc/rpc.js"></script>
 
         <script>
@@ -23,26 +28,38 @@
             // Websocket or REST based on the size of the JSON encoded msg.
             // Otherwise, you can explicitly choose the transport by using
             // RPC.POST() or RPC.WS().
-
-            RPC.onmessage = msg => {
-                // Message originating from server (not a response to client message).
-                // Returning true will prevent tlsd from doing anything further
-                // with the message.
-                return false;
-            };
-
-            RPC.on_connect = function( evt ) {
+            RPC.connect( function( evt ) {
                 // RPC is ready to be used (websocket is connected)
-                RPC( { action: "hello" }, msg => {
-                    document.getElementById( "connect_status" ).innerText = msg;
+                RPC( { action: "hello" }, response => {
+                    document.getElementById( "connect_status" ).innerText = response.message;
                 } );
-            }
+            } );
+
+            // Drag/drop upload
+            const dropZone = document.getElementById( "drop_zone" );
+            dropZone.addEventListener( 'dragover', ( e ) => e.preventDefault() );
+            dropZone.addEventListener( 'drop', function( e ) {
+                e.preventDefault();
+                const file = e.dataTransfer.files[ 0 ];
+                const xhr = new XMLHttpRequest();
+                const uploadURL = '/';
+                xhr.open( 'PUT', uploadURL, true );
+                xhr.setRequestHeader( 'Content-Type', file.type || 'application/octet-stream' );
+                xhr.onload = () => {
+                    if( xhr.status === 200 ) {
+                        let result = JSON.parse( xhr.responseText );
+                        alert( "Successfully uploaded file. Hash=" + result.hash );
+                    } else {
+                        alert( "Upload failed with status: " + xhr.status );
+                    }
+                };
+
+                xhr.onerror = () => {
+                    alert( "Upload failed" );
+                };
 
-            RPC.on_disconnect = function( evt ) {
-                // The websocket connection was lost for some reason.
-                // The RPC code will reconnect automatically.
-                document.getElementById( "connect_status" ).innerText = "[ DISCONNECTED ]";
-            }
+                xhr.send( file );
+            } );
 
         </script>
 

package/tlsd

@@ -52,8 +52,8 @@ if [ "$cmd" = "run" ] ; then
 				node "$home/tlsd.js" "$root_dir" "$port" "$verbosity"
 				if [ $? != 0 ] ; then
 					echo
-					echo "(( restart in 15 seconds ))"
-					sleep 15
+					echo "(( restart in 5 seconds ))"
+					sleep 5
 				fi
 
 			done

package/tlsd.js

@@ -2,30 +2,33 @@
 // Copyright 2025 Sleepless Software Inc.
 // All Rights Reserved
 
-const { path, http, https, fs, crypto, tls, } = require( "allcore" );
+const { path, http, fs, } = require( "allcore" );
 
 const connect = require( "connect" );
 const websocket = require( "websocket" );
-const serveStatic = require( "serve-static" )
+const serveStatic = require( "serve-static" );
 
 const body_parser = require( "body-parser" ).json( { limit: "10mb" } );
 const compression = require( "compression" )();
 const cors = require( "cors" )();
 const queryString = require( "querystring" );
 
-const { log5, o2j, j2o, toInt, is_dir } = require( "sleepless" );
+const { log5, o2j, j2o, toInt, is_dir, sha1 } = require( "sleepless" );
 const L = log5.mkLog( "TLSD: " );
 const { D, V, I, W, E } = L;
 
 
+const UPLOAD_DIR = process.env.UPLOAD_DIR || "/tmp/tlsd-put-files/";
+const UPLOAD_MAX_BYTES = toInt( process.env.UPLOAD_MAX_BYTES ) || ( 200 * 1024 * 1024 );
+
 let dev_mode = false;
 
 
 function usage() {
 	const base = path.basename( module.filename );
-	log(
+	I(
 `Usage:
-    TLS mode:
+    Production/TLS mode:
     	DOMAINS_ROOT=./my_domains MAINTAINER_EMAIL=foo@bar.com VERBOSITY=4  node ` + base + `
     Dev mode:
     	node ` + base + ` site_root listen_port verbosity
@@ -42,13 +45,17 @@ function next_seq() {
 }
 
 
-// Handles incoming RPC msgs.
-// Tries to load the rpc handler module from root and if successful, passes the msg to it
-// transport = 
-//      { type: "WS", connection: { ... } }
-//      { type: "GET", connection: { req, res } }
-//      { type: "POST", connection: { req, res } }
-function rpc_handler( root, msg, transport, _okay, _fail ) {
+// Handles incoming RPC messages.
+// Load order for RPC handlers under the provided root:
+//  1) Tries explicit CommonJS module at "root/rpc/index.cjs"
+//  2) Falls back to legacy directory loader at "root/rpc"
+// If loading succeeds, passes the message to the handler.
+// context may be one of:
+//      { transport_type: "WS", connection: { ... } }
+//      { transport_type: "GET", connection: { req, res } }
+//      { transport_type: "POST", connection: { req, res } }
+// Additionally, context.upload_dir is set to the server's upload directory.
+function rpc_handler( root, msg, context, _okay, _fail ) {
 
 	V( "RPC " + o2j( msg ).abbr( 70 ) );
 
@@ -64,13 +71,14 @@ function rpc_handler( root, msg, transport, _okay, _fail ) {
 		_fail();
 	};
 
+	context.upload_dir = UPLOAD_DIR;
+
 	try {
         // try loading explicit common js module 
-		const path = root + "/rpc/index.cjs";
-		//D( "path=" + path );
-		const mod = require( path );
+		const mod_path = root + "/rpc/index.cjs";
+		const mod = require( mod_path );
 		try {
-			mod( msg, okay, fail, transport );
+            mod( msg, okay, fail, context );
 		} catch( err ) {
             fail( err ); 
 		}
@@ -79,11 +87,10 @@ function rpc_handler( root, msg, transport, _okay, _fail ) {
 
         // try loading it the old way using the dir
         try {
-			const path = root + "/rpc";
-			//D( "path=" + path );
-			const mod = require( path );
+			const mod_path = root + "/rpc";
+			const mod = require( mod_path );
 			try {
-				mod( msg, okay, fail, transport );
+                mod( msg, okay, fail, context );
 			} catch( err ) {
 				fail( err );
 			}
@@ -99,7 +106,7 @@ function rpc_handler( root, msg, transport, _okay, _fail ) {
 // Glue function to call rpc handler module and then return response
 // via the websockets msg object
 function ws_msg_handler( root, msg, host, connection ) {
-	rpc_handler( root, msg.msg, { type: "WS", host, connection }, data => {
+	rpc_handler( root, msg.msg, { transport_type: "WS", host, connection }, data => {
 		msg.reply( data );
 	}, err => {
 		msg.error( err || "Unspecified Error" );
@@ -124,8 +131,9 @@ function logger( req, res, next ) {
 }
 
 
-// Creates and returns a handler function that intercepts and services
-// POST requests to "/rpc" endpoint.
+// Creates and returns a handler that intercepts and services requests to
+// the "/rpc" endpoint. In TLS mode only POST is allowed; in dev mode
+// GET is also allowed with query-string payloads.
 function rpc_post( root ) {
     return function( req, res, next ) {
         let { method, url, query, body } = req;
@@ -133,7 +141,7 @@ function rpc_post( root ) {
         url = url.split( "?" ).shift();
         if( url != "/rpc" && url != "/rpc/" ) {
             next();
-            return
+            return;
         }
 
         // Only allow POSTS in TLS mode.
@@ -152,7 +160,7 @@ function rpc_post( root ) {
         D( method + " >------> " + o2j( input, null, 2 ) );
 
         // Summon the rpc handler for the domain root.
-        rpc_handler( root, input, { type: method, connection: { host: req.headers[ "host" ], req, res, } } , output => {
+        rpc_handler( root, input, { transport_type: method, connection: { host: req.headers[ "host" ], req, res, } } , output => {
             res.writeHead( 200, {
                 "Content-Type": "application/json",
                 "Cache-Control": "no-store",
@@ -183,8 +191,8 @@ function not_found( root ) {
     return function( req, res, next ) {
         // Can't just do a redirect here because if /404 doesn't exist, it will
         // just go into a redirect loop. So test to see if the dir exists first.
-        let path = root + "/static/404";
-        is_dir( path, so => {
+        let mod_path = root + "/static/404";
+        is_dir( mod_path, so => {
             if( so ) {
                 let p404 = "/404/?original_path=" + encodeURIComponent( req.url );
                 res.writeHead( 302, { "Location": p404, } );    // redirect to path
@@ -196,6 +204,87 @@ function not_found( root ) {
     }
 }
 
+function put_handler( req, res, next ) {
+
+    if( req.method != "PUT" ) {
+        next();
+        return;
+    }
+
+    function fail( error, stack ) {
+        E( error, stack );
+        res.writeHead( 500, { "Content-Type": "application/json" } );
+        res.write( o2j( { error } ) );
+        res.end();
+    }
+
+    try {
+        I( "PUT " + req.url );
+
+		// Preflight size check from Content-Length if provided
+		const content_length = toInt( req.headers[ "content-length" ] );
+		if( content_length && content_length > UPLOAD_MAX_BYTES ) {
+			W( "PUT: Content-Length " + content_length + " exceeds cap " + UPLOAD_MAX_BYTES );
+			res.writeHead( 413, { "Content-Type": "application/json" } );
+			res.write( o2j( { error: "Payload too large" } ) );
+			res.end();
+			return;
+		}
+
+        let local_path = UPLOAD_DIR;
+        fs.mkdirSync( local_path, { recursive: true } );
+
+        // generate random hash to store file under locally
+        const hash = sha1( "" + ( Date.now() + Math.random() ) );
+        local_path += "/" + hash;
+
+        D( "PUT: " + local_path );
+
+		const writeStream = fs.createWriteStream( local_path );
+
+		let responded = false;
+		let received_bytes = 0;
+		const abort_too_large = function( ) {
+			if( responded ) return;
+			responded = true;
+			try { req.unpipe( writeStream ); } catch( _e ) {}
+			try { writeStream.destroy(); } catch( _e ) {}
+			try { req.destroy(); } catch( _e ) {}
+			try { fs.unlink( local_path, function( ){} ); } catch( _e ) {}
+			res.writeHead( 413, { "Content-Type": "application/json" } );
+			res.write( o2j( { error: "Payload too large" } ) );
+			res.end();
+		};
+
+		// Streaming size guard
+		req.on( "data", function( chunk ) {
+			received_bytes += chunk.length;
+			if( received_bytes > UPLOAD_MAX_BYTES ) {
+				W( "PUT: stream exceeded cap: " + received_bytes + " > " + UPLOAD_MAX_BYTES );
+				abort_too_large( );
+			}
+		} );
+
+        req.pipe( writeStream );
+
+		writeStream.on( "finish", ( ) => {
+			if( responded ) return;
+            I( "PUT: " + local_path );
+            res.writeHead( 200, { "Content-Type": "application/json" } );
+            res.write( o2j( { hash } ) );
+            res.end();
+        } );
+
+		writeStream.on( "error", ( error ) => {
+			if( responded ) return;
+            fail( "PUT: " + local_path + " failed during stream", error.stack );
+        } );
+    } catch ( error ) {
+        fail( "PUT: failed", error.stack );
+    }
+
+}
+
 
 // Create and return a connect app/function that implements
 // default (basic) functionality.
@@ -206,6 +295,7 @@ function basic_handler( root ) {
 	app.use( cors );        // allow requests from other domains
 	app.use( populate_query );
 	app.use( logger );
+    app.use( put_handler )
     app.use( rpc_post( root ) );
 	app.use( rpc_static );
 	app.use( serveStatic( root + "/static" ) ); // static files for domain
@@ -220,7 +310,8 @@ const cached_basic_handlers = {};
 // Handle REST calls (as opposed to websocket messages)
 function rest_handler( root, req, rsp ) {
 
-	I( req.headers[ "host" ] + ": " + req.method + " " + req.url );
+	const remote_ip = req.socket.remoteAddress;
+	I( remote_ip + " " + req.headers[ "host" ] + ": " + req.method + " " + req.url );
 	D( "rest_handler root: " + root );
 
 	const call = function( handler ) {
@@ -237,14 +328,15 @@ function rest_handler( root, req, rsp ) {
 	}
 
 	// try loading custom handler first
+	let handler;
 	try {
 		handler = require( root );
-		D( "Using custom REST handler loaded from "+root );
+		D( "Using custom REST handler loaded from " + root );
 		call( handler );
 	} catch( err ) {
 		// attempt to load custom handler threw an exception
 
-        let handler = cached_basic_handlers[ root ];
+        handler = cached_basic_handlers[ root ];
         if( ! handler ) {
             handler = basic_handler( root );
             cached_basic_handlers[ root ] = handler;
@@ -267,11 +359,12 @@ function ws_attach( server, msg_handler ) {
 	
 		const host = wsreq.httpRequest.headers[ "host" ];
 
-		const socket = wsreq.accept( null, wsreq.origin );
+		const socket = wsreq.accept( null, wsreq.origin || "*" );
 
 		const name = "ws-conn-" + next_seq();       // XXX just use the websocket id
 
-		// send msg to connected client
+		// Send a message to the connected client. 
+		// XXX "cb" is currently unused - not sure it should be that way
 		const send = function( msg, cb ) {
 			if( msg.msg_id === undefined ) {
 				msg.msg_id = "msg-id-" + next_seq();	// every message must have an id
@@ -336,7 +429,7 @@ if( argv.length == 2 ) {
 
     VERBOSITY = toInt( VERBOSITY );
 
-	if( DOMAINS_ROOT && MAINTAINER_EMAIL && VERBOSITY ) {
+	if( DOMAINS_ROOT && MAINTAINER_EMAIL && VERBOSITY >= 0 ) {
 
 		L( toInt( VERBOSITY ) );
 
@@ -374,14 +467,14 @@ if( argv.length == 2 ) {
 else
 if( argv.length == 5 ) {
 
-	let [ exe, script, SITE_ROOT, PORT, VERBOSITY, ] = argv;
+	let [ _exe, _script, SITE_ROOT, PORT, VERBOSITY, ] = argv;
 
     VERBOSITY = toInt( VERBOSITY );
     PORT = toInt( PORT );
 
 	dev_mode = true;
 
-	if( SITE_ROOT && PORT && VERBOSITY ) {
+	if( SITE_ROOT && PORT && VERBOSITY >= 0 ) {
 
 		L( toInt( VERBOSITY ) );
 
@@ -415,7 +508,7 @@ if( argv.length == 3 && argv[ 2 ] == "-v" ) {
 
 	// pull package version from package.json and print it
 	const p = require( __dirname + "/package.json" );
-	log( p.version );
+	I( p.version );
 
 }
 else {