traforo 0.0.9 → 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README +64 -6
- package/dist/cli.js +12 -0
- package/dist/client.d.ts +4 -0
- package/dist/client.js +8 -1
- package/dist/run-tunnel.d.ts +4 -0
- package/dist/run-tunnel.js +8 -0
- package/package.json +5 -3
package/README
CHANGED
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
HTTP tunnel via Cloudflare Durable Objects and WebSockets.
|
|
4
4
|
Expose local servers to the internet with a simple CLI.
|
|
5
|
+
Infinitely scalable with support for Cloudflare CDN caching and password protection.
|
|
5
6
|
|
|
6
7
|
## INSTALLATION
|
|
7
8
|
|
|
@@ -29,12 +30,66 @@ The tunnel URL will be:
|
|
|
29
30
|
|
|
30
31
|
## OPTIONS
|
|
31
32
|
|
|
32
|
-
-p, --port <port>
|
|
33
|
-
-t, --tunnel-id [id]
|
|
34
|
-
-
|
|
35
|
-
|
|
36
|
-
--
|
|
37
|
-
--
|
|
33
|
+
-p, --port <port> Local port to expose (required)
|
|
34
|
+
-t, --tunnel-id [id] Custom tunnel ID (prefer random default)
|
|
35
|
+
-c, --cache [key] Enable edge caching (optional partition key)
|
|
36
|
+
--password <password> Protect the tunnel with a password
|
|
37
|
+
-h, --host [host] Local host (default: localhost)
|
|
38
|
+
-s, --server [url] Custom tunnel server URL
|
|
39
|
+
--help Show help
|
|
40
|
+
--version Show version
|
|
41
|
+
|
|
42
|
+
## EDGE CACHING
|
|
43
|
+
|
|
44
|
+
Cache responses at Cloudflare's edge so repeat requests never hit your
|
|
45
|
+
local machine:
|
|
46
|
+
|
|
47
|
+
traforo -p 3000 --cache
|
|
48
|
+
|
|
49
|
+
What gets cached:
|
|
50
|
+
|
|
51
|
+
- GET requests where the origin sends cacheable Cache-Control headers
|
|
52
|
+
(public, max-age, s-maxage)
|
|
53
|
+
- Static asset extensions use Cloudflare-like default fallback TTLs when
|
|
54
|
+
cache headers are missing: 200/301=120m, 302/303=20m, 404/410=3m
|
|
55
|
+
|
|
56
|
+
What never gets cached:
|
|
57
|
+
|
|
58
|
+
- Non-GET requests
|
|
59
|
+
- 206 Partial Content responses (Cache API put() limitation)
|
|
60
|
+
- Responses with Set-Cookie, Cache-Control: no-store/no-cache/private
|
|
61
|
+
- Streaming responses (SSE, ndjson)
|
|
62
|
+
- WebSocket connections
|
|
63
|
+
|
|
64
|
+
Requests with `Authorization`, `Cache-Control: no-cache/no-store/max-age=0`,
|
|
65
|
+
or `Pragma: no-cache` bypass edge cache lookup.
|
|
66
|
+
|
|
67
|
+
Cache partitioning lets you bust all cached content by changing the key:
|
|
68
|
+
|
|
69
|
+
traforo -p 3000 --cache v1 # first deployment
|
|
70
|
+
traforo -p 3000 --cache v2 # new deploy, fresh cache
|
|
71
|
+
|
|
72
|
+
Each key creates a separate cache namespace. Old entries expire via TTL.
|
|
73
|
+
|
|
74
|
+
The X-Traforo-Cache response header shows HIT, MISS, or BYPASS for debugging.
|
|
75
|
+
When BYPASS/MISS comes from the local origin path, X-Traforo-Cache-Reason explains why.
|
|
76
|
+
|
|
77
|
+
## PASSWORD PROTECTION
|
|
78
|
+
|
|
79
|
+
Restrict tunnel access with a password:
|
|
80
|
+
|
|
81
|
+
traforo -p 3000 --password mysecret
|
|
82
|
+
|
|
83
|
+
Visitors in a browser see a login page. After entering the correct password
|
|
84
|
+
a `traforo-password` cookie is set and they can browse normally.
|
|
85
|
+
|
|
86
|
+
Non-browser clients (curl, APIs) get a 401 Unauthorized response with
|
|
87
|
+
instructions to pass the password as a cookie:
|
|
88
|
+
|
|
89
|
+
curl -b 'traforo-password=mysecret' https://{tunnel-id}-tunnel.traforo.dev
|
|
90
|
+
|
|
91
|
+
WebSocket upgrade requests without the correct cookie are rejected with
|
|
92
|
+
close code 4013.
|
|
38
93
|
|
|
39
94
|
## HOW IT WORKS
|
|
40
95
|
|
|
@@ -48,6 +103,7 @@ The tunnel URL will be:
|
|
|
48
103
|
|
|
49
104
|
/traforo-status Check if tunnel is online
|
|
50
105
|
/traforo-upstream WebSocket endpoint for local client
|
|
106
|
+
/traforo-login POST endpoint for password login
|
|
51
107
|
/* All other paths proxied to local server
|
|
52
108
|
|
|
53
109
|
## LIBRARY USAGE
|
|
@@ -58,6 +114,8 @@ The tunnel URL will be:
|
|
|
58
114
|
const client = new TunnelClient({
|
|
59
115
|
localPort: 3000,
|
|
60
116
|
tunnelId: 'my-app',
|
|
117
|
+
cacheKey: 'v1', // optional: enable edge caching
|
|
118
|
+
password: 'mysecret', // optional: password protection
|
|
61
119
|
})
|
|
62
120
|
|
|
63
121
|
await client.connect()
|
package/dist/cli.js
CHANGED
|
@@ -9,10 +9,14 @@ cli
|
|
|
9
9
|
.option('-t, --tunnel-id [id]', 'Custom tunnel ID (only for services safe to expose publicly; prefer random default)')
|
|
10
10
|
.option('-h, --host [host]', 'Local host (default: localhost)')
|
|
11
11
|
.option('-s, --server [url]', 'Tunnel server URL')
|
|
12
|
+
.option('-c, --cache [key]', 'Enable edge caching for static assets (optional key for cache partitioning, default: "default")')
|
|
13
|
+
.option('--password <password>', 'Protect the tunnel with a password (visitors must enter it to access)')
|
|
12
14
|
.example(`${CLI_NAME} -p 3000`)
|
|
13
15
|
.example(`${CLI_NAME} -p 3000 -- next start`)
|
|
14
16
|
.example(`${CLI_NAME} -p 3000 -- pnpm dev`)
|
|
15
17
|
.example(`${CLI_NAME} -p 5173 -t my-app -- vite`)
|
|
18
|
+
.example(`${CLI_NAME} -p 3000 --cache`)
|
|
19
|
+
.example(`${CLI_NAME} -p 3000 --cache v2`)
|
|
16
20
|
.action(async (options) => {
|
|
17
21
|
if (!options.port) {
|
|
18
22
|
console.error('Error: --port is required');
|
|
@@ -24,12 +28,20 @@ cli
|
|
|
24
28
|
console.error(`Error: Invalid port number: ${options.port}`);
|
|
25
29
|
process.exit(1);
|
|
26
30
|
}
|
|
31
|
+
// --cache with no value comes as boolean true, --cache v2 comes as string "v2"
|
|
32
|
+
const cacheKey = options.cache
|
|
33
|
+
? typeof options.cache === 'string'
|
|
34
|
+
? options.cache
|
|
35
|
+
: 'default'
|
|
36
|
+
: undefined;
|
|
27
37
|
await runTunnel({
|
|
28
38
|
port,
|
|
29
39
|
tunnelId: options.tunnelId,
|
|
30
40
|
localHost: options.host,
|
|
31
41
|
serverUrl: options.server,
|
|
32
42
|
command: command.length > 0 ? command : undefined,
|
|
43
|
+
cacheKey,
|
|
44
|
+
password: options.password,
|
|
33
45
|
});
|
|
34
46
|
});
|
|
35
47
|
cli.help();
|
package/dist/client.d.ts
CHANGED
|
@@ -18,6 +18,10 @@ type TunnelClientOptions = {
|
|
|
18
18
|
autoReconnect?: boolean;
|
|
19
19
|
/** Reconnect delay in ms */
|
|
20
20
|
reconnectDelay?: number;
|
|
21
|
+
/** Enable edge caching with this partition key */
|
|
22
|
+
cacheKey?: string;
|
|
23
|
+
/** Password to protect the tunnel */
|
|
24
|
+
password?: string;
|
|
21
25
|
};
|
|
22
26
|
export declare class TunnelClient {
|
|
23
27
|
private options;
|
package/dist/client.js
CHANGED
|
@@ -16,6 +16,7 @@ export class TunnelClient {
|
|
|
16
16
|
localHttps: false,
|
|
17
17
|
autoReconnect: true,
|
|
18
18
|
reconnectDelay: 3000,
|
|
19
|
+
cacheKey: undefined,
|
|
19
20
|
...options,
|
|
20
21
|
};
|
|
21
22
|
}
|
|
@@ -26,7 +27,13 @@ export class TunnelClient {
|
|
|
26
27
|
if (this.closed) {
|
|
27
28
|
throw new Error('Client is closed');
|
|
28
29
|
}
|
|
29
|
-
|
|
30
|
+
let wsUrl = `${this.options.serverUrl}/traforo-upstream?_tunnelId=${this.options.tunnelId}`;
|
|
31
|
+
if (this.options.cacheKey) {
|
|
32
|
+
wsUrl += `&_cacheKey=${encodeURIComponent(this.options.cacheKey)}`;
|
|
33
|
+
}
|
|
34
|
+
if (this.options.password) {
|
|
35
|
+
wsUrl += `&_password=${encodeURIComponent(this.options.password)}`;
|
|
36
|
+
}
|
|
30
37
|
// console.log(`Connecting to ${wsUrl}...`)
|
|
31
38
|
return new Promise((resolve, reject) => {
|
|
32
39
|
this.ws = new WebSocket(wsUrl);
|
package/dist/run-tunnel.d.ts
CHANGED
|
@@ -6,6 +6,10 @@ export type RunTunnelOptions = {
|
|
|
6
6
|
baseDomain?: string;
|
|
7
7
|
serverUrl?: string;
|
|
8
8
|
command?: string[];
|
|
9
|
+
/** Enable edge caching with optional partition key */
|
|
10
|
+
cacheKey?: string;
|
|
11
|
+
/** Password to protect the tunnel */
|
|
12
|
+
password?: string;
|
|
9
13
|
};
|
|
10
14
|
/**
|
|
11
15
|
* Parse argv to extract command after `--` separator.
|
package/dist/run-tunnel.js
CHANGED
|
@@ -97,7 +97,15 @@ export async function runTunnel(options) {
|
|
|
97
97
|
localHost,
|
|
98
98
|
...(options.baseDomain && { baseDomain: options.baseDomain }),
|
|
99
99
|
...(options.serverUrl && { serverUrl: options.serverUrl }),
|
|
100
|
+
...(options.cacheKey && { cacheKey: options.cacheKey }),
|
|
101
|
+
...(options.password && { password: options.password }),
|
|
100
102
|
});
|
|
103
|
+
if (options.cacheKey) {
|
|
104
|
+
console.log(`Edge caching enabled (key: ${options.cacheKey})`);
|
|
105
|
+
}
|
|
106
|
+
if (options.password) {
|
|
107
|
+
console.log(`Password protection enabled`);
|
|
108
|
+
}
|
|
101
109
|
// Handle shutdown
|
|
102
110
|
const cleanup = () => {
|
|
103
111
|
console.log('\nShutting down...');
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "traforo",
|
|
3
|
-
"version": "0.0
|
|
4
|
-
"description": "HTTP tunnel via Cloudflare Durable Objects and WebSockets",
|
|
3
|
+
"version": "0.1.0",
|
|
4
|
+
"description": "HTTP tunnel via Cloudflare Durable Objects and WebSockets. Edge caching and password protection.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"license": "MIT",
|
|
7
7
|
"repository": "https://github.com/remorses/traforo",
|
|
@@ -30,6 +30,7 @@
|
|
|
30
30
|
},
|
|
31
31
|
"devDependencies": {
|
|
32
32
|
"@cloudflare/workers-types": "^4.20250712.0",
|
|
33
|
+
"@types/http-cache-semantics": "^4.2.0",
|
|
33
34
|
"@types/node": "^22.0.0",
|
|
34
35
|
"@types/ws": "^8.18.1",
|
|
35
36
|
"tsx": "^4.20.5",
|
|
@@ -39,7 +40,8 @@
|
|
|
39
40
|
"wrangler": "^4.24.3"
|
|
40
41
|
},
|
|
41
42
|
"dependencies": {
|
|
42
|
-
"goke": "^6.
|
|
43
|
+
"goke": "^6.3.0",
|
|
44
|
+
"http-cache-semantics": "^4.2.0",
|
|
43
45
|
"string-dedent": "^3.0.2",
|
|
44
46
|
"ws": "^8.19.0"
|
|
45
47
|
},
|