UNPKG

navflow-proxy-server

Version:

Dynamic WebSocket proxy server for NavFlow

89 lines (75 loc) 2.38 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
/** * Authentication middleware for tunnel requests */ const { isValidTunnelId } = require('./utils'); /** * Authentication middleware factory * @param {TunnelManager} tunnelManager * @returns {Function} Express middleware */ function createAuthMiddleware(tunnelManager) { return (req, res, next) => { // Skip auth for health check, device endpoints, test endpoints, and other system endpoints if (req.path === '/health' || req.path === '/stats' || req.path === '/' || req.path.startsWith('/api/devices') || req.path.startsWith('/api/test')) { return next(); } // Get tunnel ID from header const tunnelId = req.headers['x-tunnel-id']; if (!tunnelId) { return res.status(400).json({ error: 'Authentication required - missing X-Tunnel-ID header' }); } if (!isValidTunnelId(tunnelId)) { return res.status(400).json({ error: 'Invalid tunnel ID format', tunnelId: tunnelId }); } // Get password from header or query parameter const password = req.headers['x-tunnel-auth'] || req.query.auth; if (!password) { return res.status(401).json({ error: 'Authentication required - missing X-Tunnel-Auth header' }); } // Validate tunnel and password if (!tunnelManager.validateAuth(tunnelId, password)) { // Check if tunnel exists at all const tunnel = tunnelManager.getTunnel(tunnelId); if (!tunnel) { return res.status(404).json({ error: 'Tunnel not found - browser server may be disconnected', tunnelId: tunnelId }); } return res.status(401).json({ error: 'Invalid authentication credentials', tunnelId: tunnelId }); } // Update tunnel activity tunnelManager.updateActivity(tunnelId); // Add tunnel info to request req.tunnel = { id: tunnelId, password: password }; next(); }; } /** * WebSocket authentication for tunnel connections * @param {WebSocket} ws * @param {Object} req * @returns {boolean} Whether authentication passed */ function authenticateWebSocket(ws, req) { // WebSocket connections don't need password auth initially // They establish the tunnel and receive credentials return true; } module.exports = { createAuthMiddleware, authenticateWebSocket };