UNPKG

rivetkit

Version:

Lightweight libraries for building stateful actors on edge platforms

96 lines (77 loc) 2.58 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
import crypto from "node:crypto"; import { createMiddleware } from "hono/factory"; import type { ManagerDriver } from "@/driver-helpers/mod"; import type { RunConfig } from "@/mod"; import type { RunConfigInput } from "@/registry/run-config"; import { inspectorLogger } from "./log"; export function compareSecrets(providedSecret: string, validSecret: string) { // Early length check to avoid unnecessary processing if (providedSecret.length !== validSecret.length) { return false; } const encoder = new TextEncoder(); const a = encoder.encode(providedSecret); const b = encoder.encode(validSecret); if (a.byteLength !== b.byteLength) { return false; } // Perform timing-safe comparison if (!crypto.timingSafeEqual(a, b)) { return false; } return true; } export const secureInspector = (runConfig: RunConfig) => createMiddleware(async (c, next) => { const userToken = c.req.header("Authorization")?.replace("Bearer ", ""); if (!userToken) { return c.text("Unauthorized", 401); } const inspectorToken = runConfig.inspector.token?.(); if (!inspectorToken) { return c.text("Unauthorized", 401); } const isValid = compareSecrets(userToken, inspectorToken); if (!isValid) { return c.text("Unauthorized", 401); } await next(); }); export function getInspectorUrl(runConfig: RunConfigInput | undefined) { if (!runConfig?.inspector?.enabled) { return "disabled"; } const accessToken = runConfig?.inspector?.token?.(); if (!accessToken) { inspectorLogger().warn( "Inspector Token is not set, but Inspector is enabled. Please set it in the run configuration `inspector.token` or via `RIVETKIT_INSPECTOR_TOKEN` environment variable. Inspector will not be accessible.", ); return "disabled"; } const url = new URL("https://inspect.rivet.dev"); url.searchParams.set("t", accessToken); if (runConfig?.inspector?.defaultEndpoint) { url.searchParams.set("u", runConfig.inspector.defaultEndpoint); } return url.href; } export const isInspectorEnabled = ( runConfig: RunConfig, context: "actor" | "manager", ) => { if (typeof runConfig.inspector?.enabled === "boolean") { return runConfig.inspector.enabled; } else if (typeof runConfig.inspector?.enabled === "object") { return runConfig.inspector.enabled[context]; } return false; }; export const configureInspectorAccessToken = ( runConfig: RunConfig, managerDriver: ManagerDriver, ) => { if (!runConfig.inspector?.token()) { const token = managerDriver.getOrCreateInspectorAccessToken(); runConfig.inspector.token = () => token; } };