veryfront 0.1.65 → 0.1.68
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/esm/deno.js +1 -1
- package/esm/src/security/http/base-handler.d.ts.map +1 -1
- package/esm/src/security/http/base-handler.js +5 -4
- package/esm/src/server/bootstrap.js +9 -1
- package/package.json +1 -1
- package/src/deno.js +1 -1
- package/src/src/security/http/base-handler.ts +5 -4
- package/src/src/server/bootstrap.ts +13 -1
package/esm/deno.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"base-handler.d.ts","sourceRoot":"","sources":["../../../../src/src/security/http/base-handler.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,OAAO,MAAM,wBAAwB,CAAC;AAClD,OAAO,KAAK,EACV,OAAO,EACP,cAAc,EACd,eAAe,EACf,aAAa,EAEd,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAEtD,MAAM,WAAW,cAAc;IAC7B,qBAAqB,EAAE,CAAC,GAAG,EAAE,cAAc,EAAE,KAAK,CAAC,EAAE,MAAM,KAAK,eAAe,CAAC;IAChF,OAAO,EAAE,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,aAAa,CAAC;IAC3F,QAAQ,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,GAAG,CAAC,EAAE,cAAc,KAAK,IAAI,CAAC;IAC3F,eAAe,EAAE,CAAC,KAAK,EAAE,OAAO,KAAK,MAAM,CAAC;IAC5C,QAAQ,EAAE,MAAM,aAAa,CAAC;CAC/B;AAED,8BAAsB,WAAY,YAAW,OAAO;IAClD,QAAQ,CAAC,QAAQ,EAAE,eAAe,CAAC;IAEnC,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,cAAc,CAMxC;IAEF,QAAQ,CAAC,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC,OAAO,EAAE,GAAG,EAAE,cAAc,GAAG,OAAO,CAAC,aAAa,CAAC;IAElF,SAAS,CAAC,YAAY,CAAC,GAAG,EAAE,OAAO,CAAC,OAAO,EAAE,GAAG,EAAE,cAAc,GAAG,OAAO;IAY1E,OAAO,CAAC,cAAc;IAmBtB,SAAS,CAAC,qBAAqB,CAC7B,GAAG,EAAE,cAAc,EACnB,KAAK,CAAC,EAAE,MAAM,EACd,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GACjC,eAAe;IAWlB,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,GAAG,CAAC,EAAE,cAAc,GAAG,IAAI;IAKhG,SAAS,CAAC,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,IAAI,CAAC,EAAE,cAAc,GAAG,IAAI;IAIhG,SAAS,CAAC,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,IAAI,CAAC,EAAE,cAAc,GAAG,IAAI;IAIhG,SAAS,CAAC,eAAe,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM;IAKjD,SAAS,CAAC,QAAQ,IAAI,aAAa;IAInC,SAAS,CAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,aAAa;IAIhG,SAAS,CAAC,gBAAgB,CAAC,CAAC,EAC1B,GAAG,EAAE,cAAc,EACnB,EAAE,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,EACpB,OAAO,GAAE;QAAE,YAAY,CAAC,EAAE,OAAO,CAAA;KAAO,GACvC,OAAO,CAAC,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"base-handler.d.ts","sourceRoot":"","sources":["../../../../src/src/security/http/base-handler.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,OAAO,MAAM,wBAAwB,CAAC;AAClD,OAAO,KAAK,EACV,OAAO,EACP,cAAc,EACd,eAAe,EACf,aAAa,EAEd,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAEtD,MAAM,WAAW,cAAc;IAC7B,qBAAqB,EAAE,CAAC,GAAG,EAAE,cAAc,EAAE,KAAK,CAAC,EAAE,MAAM,KAAK,eAAe,CAAC;IAChF,OAAO,EAAE,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,aAAa,CAAC;IAC3F,QAAQ,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,GAAG,CAAC,EAAE,cAAc,KAAK,IAAI,CAAC;IAC3F,eAAe,EAAE,CAAC,KAAK,EAAE,OAAO,KAAK,MAAM,CAAC;IAC5C,QAAQ,EAAE,MAAM,aAAa,CAAC;CAC/B;AAED,8BAAsB,WAAY,YAAW,OAAO;IAClD,QAAQ,CAAC,QAAQ,EAAE,eAAe,CAAC;IAEnC,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,cAAc,CAMxC;IAEF,QAAQ,CAAC,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC,OAAO,EAAE,GAAG,EAAE,cAAc,GAAG,OAAO,CAAC,aAAa,CAAC;IAElF,SAAS,CAAC,YAAY,CAAC,GAAG,EAAE,OAAO,CAAC,OAAO,EAAE,GAAG,EAAE,cAAc,GAAG,OAAO;IAY1E,OAAO,CAAC,cAAc;IAmBtB,SAAS,CAAC,qBAAqB,CAC7B,GAAG,EAAE,cAAc,EACnB,KAAK,CAAC,EAAE,MAAM,EACd,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GACjC,eAAe;IAWlB,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,GAAG,CAAC,EAAE,cAAc,GAAG,IAAI;IAKhG,SAAS,CAAC,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,IAAI,CAAC,EAAE,cAAc,GAAG,IAAI;IAIhG,SAAS,CAAC,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,IAAI,CAAC,EAAE,cAAc,GAAG,IAAI;IAIhG,SAAS,CAAC,eAAe,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM;IAKjD,SAAS,CAAC,QAAQ,IAAI,aAAa;IAInC,SAAS,CAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,aAAa;IAIhG,SAAS,CAAC,gBAAgB,CAAC,CAAC,EAC1B,GAAG,EAAE,cAAc,EACnB,EAAE,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,EACpB,OAAO,GAAE;QAAE,YAAY,CAAC,EAAE,OAAO,CAAA;KAAO,GACvC,OAAO,CAAC,CAAC,CAAC;CAwDd"}
|
|
@@ -66,6 +66,7 @@ export class BaseHandler {
|
|
|
66
66
|
return { response, continue: false, metadata };
|
|
67
67
|
}
|
|
68
68
|
withProxyContext(ctx, fn, options = {}) {
|
|
69
|
+
const effectiveToken = ctx.proxyToken || ctx.adapter.env.get("VERYFRONT_API_TOKEN") || "";
|
|
69
70
|
const fsWrapper = ctx.adapter.fs;
|
|
70
71
|
if (typeof fsWrapper.setRequestBranch === "function") {
|
|
71
72
|
try {
|
|
@@ -76,7 +77,7 @@ export class BaseHandler {
|
|
|
76
77
|
}
|
|
77
78
|
}
|
|
78
79
|
const requireToken = options.requireToken ?? false;
|
|
79
|
-
if (!ctx.projectSlug || (requireToken && !
|
|
80
|
+
if (!ctx.projectSlug || (requireToken && !effectiveToken))
|
|
80
81
|
return fn();
|
|
81
82
|
if (fsWrapper.isMultiProjectMode?.()) {
|
|
82
83
|
const isProduction = (ctx.resolvedEnvironment ?? ctx.requestContext?.mode) === "production";
|
|
@@ -87,10 +88,10 @@ export class BaseHandler {
|
|
|
87
88
|
releaseId: ctx.releaseId,
|
|
88
89
|
branch,
|
|
89
90
|
}, ctx);
|
|
90
|
-
return fsWrapper.runWithContext(ctx.projectSlug,
|
|
91
|
+
return fsWrapper.runWithContext(ctx.projectSlug, effectiveToken, fn, ctx.projectId, { productionMode: isProduction, releaseId: ctx.releaseId, branch });
|
|
91
92
|
}
|
|
92
|
-
if (typeof fsWrapper.setRequestToken === "function" &&
|
|
93
|
-
fsWrapper.setRequestToken(
|
|
93
|
+
if (typeof fsWrapper.setRequestToken === "function" && effectiveToken) {
|
|
94
|
+
fsWrapper.setRequestToken(effectiveToken);
|
|
94
95
|
}
|
|
95
96
|
return runWithCacheBatching(fn);
|
|
96
97
|
}
|
|
@@ -4,7 +4,7 @@ import { getErrorMessage } from "../errors/veryfront-error.js";
|
|
|
4
4
|
import { INVALID_ARGUMENT } from "../errors/index.js";
|
|
5
5
|
import { enhanceAdapterWithFS } from "../platform/adapters/fs/integration.js";
|
|
6
6
|
import { isExtendedFSAdapter } from "../platform/adapters/fs/wrapper.js";
|
|
7
|
-
import { getEnv } from "../platform/compat/process.js";
|
|
7
|
+
import { getEnv, getHostEnv } from "../platform/compat/process.js";
|
|
8
8
|
import { initializeEsbuild } from "../platform/compat/esbuild.js";
|
|
9
9
|
import { logger } from "../utils/index.js";
|
|
10
10
|
import { isDebugEnabled } from "../utils/constants/env.js";
|
|
@@ -180,6 +180,7 @@ export async function bootstrapProd(projectDir, adapter) {
|
|
|
180
180
|
function validateProductionEnvironment(_adapter) {
|
|
181
181
|
const nodeEnv = getEnv("NODE_ENV") ?? getEnv("DENO_ENV");
|
|
182
182
|
const proxyMode = getEnv("PROXY_MODE");
|
|
183
|
+
const controlPlanePublicKey = getHostEnv("CHANNEL_DISPATCH_SIGNING_PUBLIC_KEY");
|
|
183
184
|
// In proxy mode (deployed pods), NODE_ENV must be explicitly set to production
|
|
184
185
|
if (proxyMode === "1") {
|
|
185
186
|
if (!nodeEnv) {
|
|
@@ -193,6 +194,13 @@ function validateProductionEnvironment(_adapter) {
|
|
|
193
194
|
logger.warn("[Bootstrap:Prod] NODE_ENV is set to '%s' in proxy mode. " +
|
|
194
195
|
"Expected 'production'. This may enable dev features.", nodeEnv);
|
|
195
196
|
}
|
|
197
|
+
if (!controlPlanePublicKey) {
|
|
198
|
+
logger.error("[Bootstrap:Prod] CRITICAL: CHANNEL_DISPATCH_SIGNING_PUBLIC_KEY is not set in proxy mode. " +
|
|
199
|
+
"Hosted runtimes cannot verify control-plane requests without it.");
|
|
200
|
+
throw INVALID_ARGUMENT.create({
|
|
201
|
+
detail: "CHANNEL_DISPATCH_SIGNING_PUBLIC_KEY must be set when running in proxy mode (PROXY_MODE=1)",
|
|
202
|
+
});
|
|
203
|
+
}
|
|
196
204
|
}
|
|
197
205
|
// Log effective configuration for debugging
|
|
198
206
|
bootstrapProdLog.debug("Environment configuration", {
|
package/package.json
CHANGED
package/src/deno.js
CHANGED
|
@@ -108,6 +108,7 @@ export abstract class BaseHandler implements Handler {
|
|
|
108
108
|
fn: () => Promise<T>,
|
|
109
109
|
options: { requireToken?: boolean } = {},
|
|
110
110
|
): Promise<T> {
|
|
111
|
+
const effectiveToken = ctx.proxyToken || ctx.adapter.env.get("VERYFRONT_API_TOKEN") || "";
|
|
111
112
|
const fsWrapper = ctx.adapter.fs as {
|
|
112
113
|
setRequestToken?: (t: string) => void;
|
|
113
114
|
setRequestBranch?: (b: string | null) => void;
|
|
@@ -130,7 +131,7 @@ export abstract class BaseHandler implements Handler {
|
|
|
130
131
|
}
|
|
131
132
|
|
|
132
133
|
const requireToken = options.requireToken ?? false;
|
|
133
|
-
if (!ctx.projectSlug || (requireToken && !
|
|
134
|
+
if (!ctx.projectSlug || (requireToken && !effectiveToken)) return fn();
|
|
134
135
|
|
|
135
136
|
if (fsWrapper.isMultiProjectMode?.()) {
|
|
136
137
|
const isProduction = (ctx.resolvedEnvironment ?? ctx.requestContext?.mode) === "production";
|
|
@@ -149,15 +150,15 @@ export abstract class BaseHandler implements Handler {
|
|
|
149
150
|
|
|
150
151
|
return fsWrapper.runWithContext!(
|
|
151
152
|
ctx.projectSlug,
|
|
152
|
-
|
|
153
|
+
effectiveToken,
|
|
153
154
|
fn,
|
|
154
155
|
ctx.projectId,
|
|
155
156
|
{ productionMode: isProduction, releaseId: ctx.releaseId, branch },
|
|
156
157
|
);
|
|
157
158
|
}
|
|
158
159
|
|
|
159
|
-
if (typeof fsWrapper.setRequestToken === "function" &&
|
|
160
|
-
fsWrapper.setRequestToken(
|
|
160
|
+
if (typeof fsWrapper.setRequestToken === "function" && effectiveToken) {
|
|
161
|
+
fsWrapper.setRequestToken(effectiveToken);
|
|
161
162
|
}
|
|
162
163
|
|
|
163
164
|
return runWithCacheBatching(fn);
|
|
@@ -10,7 +10,7 @@ import { getErrorMessage } from "../errors/veryfront-error.js";
|
|
|
10
10
|
import { INVALID_ARGUMENT } from "../errors/index.js";
|
|
11
11
|
import { enhanceAdapterWithFS } from "../platform/adapters/fs/integration.js";
|
|
12
12
|
import { isExtendedFSAdapter } from "../platform/adapters/fs/wrapper.js";
|
|
13
|
-
import { getEnv } from "../platform/compat/process.js";
|
|
13
|
+
import { getEnv, getHostEnv } from "../platform/compat/process.js";
|
|
14
14
|
import { initializeEsbuild } from "../platform/compat/esbuild.js";
|
|
15
15
|
import { logger } from "../utils/index.js";
|
|
16
16
|
import { isDebugEnabled } from "../utils/constants/env.js";
|
|
@@ -256,6 +256,7 @@ export async function bootstrapProd(
|
|
|
256
256
|
function validateProductionEnvironment(_adapter: RuntimeAdapter): void {
|
|
257
257
|
const nodeEnv = getEnv("NODE_ENV") ?? getEnv("DENO_ENV");
|
|
258
258
|
const proxyMode = getEnv("PROXY_MODE");
|
|
259
|
+
const controlPlanePublicKey = getHostEnv("CHANNEL_DISPATCH_SIGNING_PUBLIC_KEY");
|
|
259
260
|
|
|
260
261
|
// In proxy mode (deployed pods), NODE_ENV must be explicitly set to production
|
|
261
262
|
if (proxyMode === "1") {
|
|
@@ -276,6 +277,17 @@ function validateProductionEnvironment(_adapter: RuntimeAdapter): void {
|
|
|
276
277
|
nodeEnv,
|
|
277
278
|
);
|
|
278
279
|
}
|
|
280
|
+
|
|
281
|
+
if (!controlPlanePublicKey) {
|
|
282
|
+
logger.error(
|
|
283
|
+
"[Bootstrap:Prod] CRITICAL: CHANNEL_DISPATCH_SIGNING_PUBLIC_KEY is not set in proxy mode. " +
|
|
284
|
+
"Hosted runtimes cannot verify control-plane requests without it.",
|
|
285
|
+
);
|
|
286
|
+
throw INVALID_ARGUMENT.create({
|
|
287
|
+
detail:
|
|
288
|
+
"CHANNEL_DISPATCH_SIGNING_PUBLIC_KEY must be set when running in proxy mode (PROXY_MODE=1)",
|
|
289
|
+
});
|
|
290
|
+
}
|
|
279
291
|
}
|
|
280
292
|
|
|
281
293
|
// Log effective configuration for debugging
|