vite-plugin-caddy-multiple-tls 1.8.0 → 1.9.0

package/README.md

@@ -130,7 +130,11 @@ export default config;
 
 This derives a host like `<repo>.<branch>.web-1.localhost`.
 
-The plugin now treats hostname ownership as explicit. If another live Vite server already owns the resolved domain, it will refuse takeover instead of deleting the other server's route. Use `instanceLabel`, `domain`, or stop the other server first.
+The plugin treats hostname ownership as latest-started-wins. If another live Vite server already owns a resolved hostname, the newly started server replaces that hostname's Caddy route so the domain points at the server you just started.
+
+When a plugin instance has multiple domains, each hostname is managed independently. Reusing `app.localhost` from another server will not remove a sibling route like `api.localhost`.
+
+If the plugin replaces one hostname from an older combined multi-domain route, it preserves the remaining sibling hostnames before removing the old combined route.
 
 If a previous Vite process crashed and left stale ownership behind, the plugin will reclaim it automatically and clean up the stale Caddy route before continuing.
 
@@ -179,12 +183,11 @@ export default config;
 
 ## Troubleshooting
 
-### `Cannot claim ... another Vite server already owns this domain`
+### A hostname points to the newest matching server
 
-This means another live dev server is already using the resolved hostname.
+If two dev servers resolve to the same hostname, the most recently started server owns that hostname.
 
-- Stop the other server if you want this one to use the same host.
-- Add `instanceLabel` if both servers should run at the same time.
+- Add `instanceLabel` if both servers should stay reachable at the same time.
 - Pass an explicit `domain` if you want total control over the hostname.
 
 ### `client is not allowed to access from origin ''`

package/dist/index.js

@@ -14,7 +14,6 @@ var ROUTE_ID_PREFIX = "vite-proxy-";
 var LOCK_TIMEOUT_MS = 5e3;
 var LOCK_RETRY_MS = 50;
 var ROUTE_OWNERSHIP_VERSION = 1;
-var ROUTE_OWNERSHIP_STALE_AFTER_MS = 3e4;
 var ROUTE_OWNERSHIP_HEARTBEAT_INTERVAL_MS = 1e4;
 var CONNECTIVITY_ERROR_CODES = /* @__PURE__ */ new Set([
   "ECONNREFUSED",
@@ -215,7 +214,14 @@ async function withFileLock(lockPath, fn) {
   }
 }
 async function withApiLock(apiUrl, fn) {
-  await withFileLock(getLockPath(apiUrl), fn);
+  let result;
+  await withFileLock(getLockPath(apiUrl), async () => {
+    result = await fn();
+  });
+  return result;
+}
+async function withCaddyApiLock(apiUrl, fn) {
+  return withApiLock(apiUrl, fn);
 }
 async function readRouteOwnershipByPath(recordPath) {
   try {
@@ -261,20 +267,6 @@ async function listRouteOwnershipRecords(scope) {
     );
   });
 }
-function isProcessAlive(pid) {
-  try {
-    process.kill(pid, 0);
-    return true;
-  } catch (e) {
-    return isNodeError(e) && e.code === "EPERM";
-  }
-}
-function isRouteOwnershipActive(record, now = Date.now()) {
-  if (isProcessAlive(record.pid)) {
-    return true;
-  }
-  return record.pid <= 0 && now - record.lastSeenAt <= ROUTE_OWNERSHIP_STALE_AFTER_MS;
-}
 async function claimRouteOwnership(record) {
   const normalizedRecord = normalizeRouteOwnershipRecord(record);
   const { lockPath, recordPath } = getRouteOwnershipPaths(normalizedRecord);
@@ -294,21 +286,10 @@ async function claimRouteOwnership(record) {
         return candidate.ownerId !== normalizedRecord.ownerId && intersectsDomains(candidate.domains, normalizedRecord.domains);
       }
     );
-    const activeConflict = overlappingRecords.find((candidate) => {
-      return isRouteOwnershipActive(candidate);
-    });
-    if (activeConflict) {
-      claimResult = {
-        status: "active-conflict",
-        currentRecord: normalizedRecord,
-        existingRecord: activeConflict
-      };
-      return;
-    }
     await writeRouteOwnership(normalizedRecord);
     if (overlappingRecords.length > 0) {
       claimResult = {
-        status: "reclaimed",
+        status: "replaced",
         currentRecord: normalizedRecord,
         previousRecords: overlappingRecords
       };
@@ -609,6 +590,106 @@ function intersectsDomains(targetDomains, routeDomains) {
   const targetSet = new Set(targetDomains);
   return routeDomains.some((domain) => targetSet.has(domain));
 }
+async function readManagedConfigById(id, apiUrl, adminOrigin) {
+  const res = await caddyFetch(`${getApiUrl(apiUrl)}/id/${id}`, void 0, apiUrl, adminOrigin);
+  if (res.status === 404) return null;
+  await assertCaddyResponse(res, `Failed to read managed Caddy resource ${id}`);
+  const text = await res.text();
+  const parsed = parseConfig(text);
+  return isRecord(parsed) ? parsed : null;
+}
+function createPreservedOwnershipRecord(record, domains) {
+  const normalizedDomains = normalizeRouteOwnershipDomains(domains);
+  const hash = createHash("sha1").update(`${record.routeId}:${normalizedDomains.join(",")}:${process.pid}:${Date.now()}`).digest("hex").slice(0, 12);
+  const ownerId = `${record.ownerId}-preserved-${hash}`;
+  const routeId = `${ROUTE_ID_PREFIX}preserved-${hash}`;
+  const now = Date.now();
+  return {
+    ...record,
+    ownerId,
+    domains: normalizedDomains,
+    routeId,
+    tlsPolicyId: record.tlsPolicyId ? `${routeId}-tls` : null,
+    startedAt: now,
+    lastSeenAt: now
+  };
+}
+async function postManagedRouteConfig(route, serverName = DEFAULT_SERVER_NAME, apiUrl, adminOrigin) {
+  const res = await caddyFetch(
+    `${getApiUrl(apiUrl)}/config/apps/http/servers/${serverName}/routes`,
+    {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify(route)
+    },
+    apiUrl,
+    adminOrigin
+  );
+  await assertCaddyResponse(res, "Failed to preserve managed Caddy route");
+}
+async function postManagedTlsPolicyConfig(policy, apiUrl, adminOrigin) {
+  const res = await caddyFetch(
+    `${getApiUrl(apiUrl)}/config/apps/tls/automation/policies`,
+    {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify(policy)
+    },
+    apiUrl,
+    adminOrigin
+  );
+  if (!res.ok) {
+    const text = await res.text();
+    if (isTlsPolicyOverlapError(text)) {
+      return;
+    }
+    throw buildCaddyRequestError("Failed to preserve managed Caddy TLS policy", res.status, text);
+  }
+}
+async function createManagedResourcePreservation(record, domains, serverName = DEFAULT_SERVER_NAME, apiUrl, adminOrigin) {
+  const remainingDomains = normalizeRouteOwnershipDomains(
+    domains.filter((domain) => record.domains.includes(domain))
+  );
+  if (remainingDomains.length === 0) return null;
+  const routeConfig = await readManagedConfigById(record.routeId, apiUrl, adminOrigin);
+  if (!routeConfig) return null;
+  const preservedRecord = createPreservedOwnershipRecord(record, remainingDomains);
+  const preservedRoute = {
+    ...routeConfig,
+    "@id": preservedRecord.routeId,
+    match: [{ host: preservedRecord.domains }]
+  };
+  const sourceTlsPolicy = record.tlsPolicyId && preservedRecord.tlsPolicyId ? await readManagedConfigById(record.tlsPolicyId, apiUrl, adminOrigin) : null;
+  const preservedTlsPolicy = preservedRecord.tlsPolicyId ? {
+    ...sourceTlsPolicy ?? {
+      issuers: [
+        {
+          module: "internal"
+        }
+      ]
+    },
+    "@id": preservedRecord.tlsPolicyId,
+    subjects: preservedRecord.domains
+  } : null;
+  await postManagedRouteConfig(preservedRoute, serverName, apiUrl, adminOrigin);
+  return {
+    record: preservedRecord,
+    tlsPolicy: preservedTlsPolicy
+  };
+}
+async function commitManagedResourcePreservation(preservation, apiUrl, adminOrigin) {
+  if (preservation.tlsPolicy) {
+    await postManagedTlsPolicyConfig(preservation.tlsPolicy, apiUrl, adminOrigin);
+  }
+  await writeRouteOwnership(preservation.record);
+}
+async function discardManagedResourcePreservation(preservation, apiUrl, adminOrigin) {
+  let discarded = await removeRoute(preservation.record.routeId, apiUrl, adminOrigin);
+  if (preservation.record.tlsPolicyId) {
+    discarded = await removeTlsPolicy(preservation.record.tlsPolicyId, apiUrl, adminOrigin) && discarded;
+  }
+  return discarded;
+}
 async function findManagedRoutesForDomains(domains, serverName = DEFAULT_SERVER_NAME, apiUrl, adminOrigin) {
   if (domains.length === 0) return [];
   const res = await caddyFetch(
@@ -983,15 +1064,6 @@ function viteCaddyTlsPlugin({
       lastSeenAt: now
     };
   }
-  function buildOwnershipConflictMessage(domains, existingRecord) {
-    const ownerLocation = existingRecord.configRoot ?? existingRecord.cwd;
-    const domainLabel = domains.join(", ");
-    return [
-      `Cannot claim ${domainLabel}: another Vite server already owns ${domains.length > 1 ? "these domains" : "this domain"}.`,
-      `Existing owner pid ${existingRecord.pid} from ${ownerLocation}.`,
-      "Stop the other server first, or use `instanceLabel` or `domain` to make the hostname unique."
-    ].join(" ");
-  }
   async function releaseOwnershipRecord(record) {
     if (!record) return;
     await releaseRouteOwnership(record);
@@ -999,6 +1071,10 @@ function viteCaddyTlsPlugin({
   async function releaseOwnershipRecords(records) {
     await Promise.all(records.map((record) => releaseOwnershipRecord(record)));
   }
+  function getPreservedDomains(record, replacedDomains) {
+    const replacedDomainSet = new Set(replacedDomains);
+    return record.domains.filter((domain2) => !replacedDomainSet.has(domain2));
+  }
   async function cleanupClaimedResources(record, removeWithRetry) {
     let cleaned = true;
     if (record.tlsPolicyId) {
@@ -1030,6 +1106,17 @@ function viteCaddyTlsPlugin({
     }
     return cleaned;
   }
+  async function discardManagedResourcePreservations(preservations) {
+    await Promise.all(
+      preservations.map((preservation) => {
+        return discardManagedResourcePreservation(
+          preservation,
+          pluginCaddyApiUrl,
+          pluginCaddyAdminOrigin
+        );
+      })
+    );
+  }
   function isPreviewServer(server) {
     return server.config.isProduction;
   }
@@ -1061,15 +1148,14 @@ function viteCaddyTlsPlugin({
       instanceLabel
     });
     const domainArray = resolvedDomains ?? [];
-    const ownerId = createOwnerId();
-    const ownershipRecord = createRouteOwnershipRecord(ownerId, domainArray, config.root);
-    const routeId = ownershipRecord.routeId;
-    const tlsPolicyId = ownershipRecord.tlsPolicyId;
+    const ownershipRecords = domainArray.map((resolvedDomain) => {
+      return createRouteOwnershipRecord(createOwnerId(), [resolvedDomain], config.root);
+    });
     let cleanupStarted = false;
     let resolvedPort = null;
     let resolvedHost = null;
     let setupStarted = false;
-    let activeOwnershipRecord = null;
+    let activeOwnershipRecords = [];
     let ownershipHeartbeat = null;
     function buildDomainResolutionMessage() {
       const issues = [];
@@ -1100,7 +1186,6 @@ function viteCaddyTlsPlugin({
       console.error(buildDomainResolutionMessage());
       return;
     }
-    let tlsPolicyAdded = false;
     function getPortFromAddress(address) {
       if (address && typeof address === "object" && "port" in address) {
         const port = address.port;
@@ -1180,12 +1265,21 @@ function viteCaddyTlsPlugin({
         clearInterval(ownershipHeartbeat);
         ownershipHeartbeat = null;
       }
-      if (!activeOwnershipRecord) return;
-      const cleaned = await cleanupClaimedResources(activeOwnershipRecord, removeWithRetry);
-      if (cleaned) {
-        await releaseOwnershipRecord(activeOwnershipRecord);
-        activeOwnershipRecord = null;
+      if (activeOwnershipRecords.length === 0) return;
+      await cleanupOwnershipRecords(activeOwnershipRecords);
+    }
+    async function cleanupOwnershipRecords(records) {
+      const cleanedOwnerIds = /* @__PURE__ */ new Set();
+      for (const activeOwnershipRecord of records) {
+        const cleaned = await cleanupClaimedResources(activeOwnershipRecord, removeWithRetry);
+        if (cleaned) {
+          await releaseOwnershipRecord(activeOwnershipRecord);
+          cleanedOwnerIds.add(activeOwnershipRecord.ownerId);
+        }
       }
+      activeOwnershipRecords = activeOwnershipRecords.filter((record) => {
+        return !cleanedOwnerIds.has(record.ownerId);
+      });
     }
     function onServerClose() {
       void cleanupRoute();
@@ -1230,16 +1324,28 @@ function viteCaddyTlsPlugin({
       console.error(`Failed to remove ${label} after ${maxAttempts} attempts.`);
       return false;
     }
-    function startOwnershipHeartbeat(record) {
+    function startOwnershipHeartbeat() {
       ownershipHeartbeat = setInterval(() => {
-        void touchRouteOwnership(record).then((touched) => {
-          if (touched || !ownershipHeartbeat) {
+        const records = [...activeOwnershipRecords];
+        if (records.length === 0) {
+          if (ownershipHeartbeat) {
+            clearInterval(ownershipHeartbeat);
+            ownershipHeartbeat = null;
+          }
+          return;
+        }
+        void Promise.all(records.map((record) => touchRouteOwnership(record))).then((touchResults) => {
+          if (touchResults.every(Boolean) || !ownershipHeartbeat) {
             return;
           }
+          const lostRecords = records.filter((_, index) => {
+            return !touchResults[index];
+          });
+          const lostDomains = lostRecords.flatMap((record) => record.domains);
           console.error(
-            `Lost route ownership for ${domainArray.join(", ")}. Cleaning up managed Caddy resources.`
+            `Lost route ownership for ${lostDomains.join(", ")}. Cleaning up managed Caddy resources.`
           );
-          void cleanupRoute();
+          void cleanupOwnershipRecords(lostRecords);
         }).catch((error) => {
           console.error(
             `Failed to refresh route ownership for ${domainArray.join(", ")}.`,
@@ -1264,105 +1370,152 @@ function viteCaddyTlsPlugin({
       }
       const port = getServerPort();
       const upstreamHost = getUpstreamHost();
-      let claimResult;
+      let configuredRoutes = false;
       try {
-        claimResult = await claimRouteOwnership(ownershipRecord);
+        configuredRoutes = await withCaddyApiLock(pluginCaddyApiUrl, async () => {
+          for (const ownershipRecord of ownershipRecords) {
+            const routeDomains = ownershipRecord.domains;
+            const routeId = ownershipRecord.routeId;
+            const tlsPolicyId = ownershipRecord.tlsPolicyId;
+            try {
+              const claimResult = await claimRouteOwnership(ownershipRecord);
+              activeOwnershipRecords.push(claimResult.currentRecord);
+              if (claimResult.status === "replaced") {
+                const preservations = [];
+                let replaced = true;
+                for (const previousRecord of claimResult.previousRecords) {
+                  const preservedDomains = getPreservedDomains(previousRecord, routeDomains);
+                  if (preservedDomains.length > 0) {
+                    const preservation = await createManagedResourcePreservation(
+                      previousRecord,
+                      preservedDomains,
+                      serverName,
+                      pluginCaddyApiUrl,
+                      pluginCaddyAdminOrigin
+                    );
+                    if (preservation) {
+                      preservations.push(preservation);
+                    }
+                  }
+                  replaced = await cleanupClaimedResources(previousRecord, removeWithRetry) && replaced;
+                }
+                if (!replaced) {
+                  console.error(
+                    `Failed to replace previous ownership for ${routeDomains.join(", ")}. Try stopping the other server or removing stale Caddy state manually.`
+                  );
+                  await discardManagedResourcePreservations(preservations);
+                  await cleanupRoute();
+                  return false;
+                }
+                try {
+                  await Promise.all(
+                    preservations.map((preservation) => {
+                      return commitManagedResourcePreservation(
+                        preservation,
+                        pluginCaddyApiUrl,
+                        pluginCaddyAdminOrigin
+                      );
+                    })
+                  );
+                } catch (e) {
+                  console.error(
+                    `Failed to preserve sibling domains while replacing ${routeDomains.join(", ")}.`,
+                    e
+                  );
+                  await discardManagedResourcePreservations(preservations);
+                  await cleanupRoute();
+                  return false;
+                }
+                await releaseOwnershipRecords(claimResult.previousRecords);
+              }
+            } catch (e) {
+              console.error("Failed to claim route ownership for the resolved domains.", e);
+              await cleanupRoute();
+              return false;
+            }
+            const conflictingRouteIds = (await findManagedRoutesForDomains(
+              routeDomains,
+              serverName,
+              pluginCaddyApiUrl,
+              pluginCaddyAdminOrigin
+            )).filter((existingRouteId) => {
+              return existingRouteId !== routeId;
+            });
+            const conflictingTlsPolicyIds = (await findManagedTlsPoliciesForDomains(
+              routeDomains,
+              pluginCaddyApiUrl,
+              pluginCaddyAdminOrigin
+            )).filter((existingTlsPolicyId) => {
+              return existingTlsPolicyId !== tlsPolicyId;
+            });
+            if (conflictingRouteIds.length > 0 || conflictingTlsPolicyIds.length > 0) {
+              const cleanedOrphans = await cleanupManagedResources(
+                conflictingRouteIds,
+                conflictingTlsPolicyIds,
+                removeWithRetry
+              );
+              if (cleanedOrphans) {
+                console.warn(
+                  `Reclaimed orphaned managed Caddy resources for ${routeDomains.join(", ")}.`
+                );
+              } else {
+                console.error(
+                  `Cannot point ${routeDomains.join(", ")} to this dev server because Caddy still has orphaned managed resources. Remove the stale Caddy state manually.`
+                );
+                await cleanupRoute();
+                return false;
+              }
+            }
+            if (tlsPolicyId) {
+              try {
+                await addTlsPolicy(
+                  tlsPolicyId,
+                  routeDomains,
+                  pluginCaddyApiUrl,
+                  pluginCaddyAdminOrigin
+                );
+              } catch (e) {
+                console.error(
+                  `Failed to add TLS policy to Caddy. Is the Caddy Admin API reachable at ${pluginCaddyApiUrl}?`,
+                  e
+                );
+                await cleanupRoute();
+                return false;
+              }
+            }
+            try {
+              await addRoute(
+                routeId,
+                routeDomains,
+                port,
+                cors,
+                serverName,
+                upstreamHost,
+                upstreamHostHeader,
+                pluginCaddyApiUrl,
+                pluginCaddyAdminOrigin
+              );
+            } catch (e) {
+              console.error(
+                `Failed to add route to Caddy. Is the Caddy Admin API reachable at ${pluginCaddyApiUrl}?`,
+                e
+              );
+              await cleanupRoute();
+              return false;
+            }
+          }
+          return true;
+        });
       } catch (e) {
-        console.error("Failed to claim route ownership for the resolved domains.", e);
-        return;
-      }
-      if (claimResult.status === "active-conflict") {
-        console.error(buildOwnershipConflictMessage(domainArray, claimResult.existingRecord));
+        console.error("Failed to update Caddy routes.", e);
+        await cleanupRoute();
         return;
       }
-      activeOwnershipRecord = claimResult.currentRecord;
-      if (claimResult.status === "reclaimed") {
-        let reclaimed = true;
-        for (const previousRecord of claimResult.previousRecords) {
-          reclaimed = await cleanupClaimedResources(previousRecord, removeWithRetry) && reclaimed;
-        }
-        if (!reclaimed) {
-          console.error(
-            `Failed to reclaim stale ownership for ${domainArray.join(", ")}. Try stopping the other server or removing stale Caddy state manually.`
-          );
-          await releaseOwnershipRecord(activeOwnershipRecord);
-          activeOwnershipRecord = null;
-          return;
-        }
-        await releaseOwnershipRecords(claimResult.previousRecords);
-      }
-      const conflictingRouteIds = (await findManagedRoutesForDomains(
-        domainArray,
-        serverName,
-        pluginCaddyApiUrl,
-        pluginCaddyAdminOrigin
-      )).filter((existingRouteId) => {
-        return existingRouteId !== routeId;
-      });
-      const conflictingTlsPolicyIds = (await findManagedTlsPoliciesForDomains(
-        domainArray,
-        pluginCaddyApiUrl,
-        pluginCaddyAdminOrigin
-      )).filter((existingTlsPolicyId) => {
-        return existingTlsPolicyId !== tlsPolicyId;
-      });
-      if (conflictingRouteIds.length > 0 || conflictingTlsPolicyIds.length > 0) {
-        const reclaimedOrphans = await cleanupManagedResources(
-          conflictingRouteIds,
-          conflictingTlsPolicyIds,
-          removeWithRetry
-        );
-        if (reclaimedOrphans) {
-          console.warn(`Reclaimed orphaned managed Caddy resources for ${domainArray.join(", ")}.`);
-        } else {
-          console.error(
-            `Cannot claim ${domainArray.join(", ")} because Caddy still has orphaned managed resources. Remove the stale Caddy state or use \`instanceLabel\` or \`domain\` to make the hostname unique.`
-          );
-          await releaseOwnershipRecord(activeOwnershipRecord);
-          activeOwnershipRecord = null;
-          return;
-        }
-      }
-      if (tlsPolicyId) {
-        try {
-          await addTlsPolicy(tlsPolicyId, domainArray, pluginCaddyApiUrl, pluginCaddyAdminOrigin);
-          tlsPolicyAdded = true;
-        } catch (e) {
-          console.error(
-            `Failed to add TLS policy to Caddy. Is the Caddy Admin API reachable at ${pluginCaddyApiUrl}?`,
-            e
-          );
-          await releaseOwnershipRecord(activeOwnershipRecord);
-          activeOwnershipRecord = null;
-          return;
-        }
-      }
-      try {
-        await addRoute(
-          routeId,
-          domainArray,
-          port,
-          cors,
-          serverName,
-          upstreamHost,
-          upstreamHostHeader,
-          pluginCaddyApiUrl,
-          pluginCaddyAdminOrigin
-        );
-      } catch (e) {
-        if (tlsPolicyAdded && tlsPolicyId) {
-          await removeTlsPolicy(tlsPolicyId, pluginCaddyApiUrl, pluginCaddyAdminOrigin);
-        }
-        await releaseOwnershipRecord(activeOwnershipRecord);
-        activeOwnershipRecord = null;
-        console.error(
-          `Failed to add route to Caddy. Is the Caddy Admin API reachable at ${pluginCaddyApiUrl}?`,
-          e
-        );
+      if (!configuredRoutes) {
         return;
       }
-      if (activeOwnershipRecord) {
-        startOwnershipHeartbeat(activeOwnershipRecord);
+      if (activeOwnershipRecords.length > 0) {
+        startOwnershipHeartbeat();
       }
       console.log("\n\u{1F512} Caddy is proxying your traffic on https");
       console.log(`

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "vite-plugin-caddy-multiple-tls",
-  "version": "1.8.0",
+  "version": "1.9.0",
   "description": "Vite plugin that uses Caddy to provide local HTTPS with derived domains.",
   "keywords": [
     "caddy",