fluxerapp/fluxer
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

refactor progress

Browse Source
This commit is contained in:
Hampus Kraft
2026-02-17 12:22:36 +00:00
parent cb31608523
commit d5abd1a7e4
8257 changed files with 1190207 additions and 761040 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
packages/app_proxy/src/App.tsx Normal file
View File

@@ -0,0 +1,78 @@
/*
* Copyright (C) 2026 Fluxer Contributors
*
* This file is part of Fluxer.
*
* Fluxer is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Fluxer is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
*/
import type {AppProxyHonoEnv, CreateAppProxyAppOptions} from '@fluxer/app_proxy/src/AppProxyTypes';
import {applyAppProxyMiddleware} from '@fluxer/app_proxy/src/app_proxy/AppProxyMiddleware';
import {registerAppProxyRoutes} from '@fluxer/app_proxy/src/app_proxy/AppProxyRoutes';
import {Hono} from 'hono';
export interface AppProxyResult {
app: Hono<AppProxyHonoEnv>;
shutdown: () => Promise<void>;
}
export async function createAppProxyApp(options: CreateAppProxyAppOptions): Promise<AppProxyResult> {
const {
assetsPath = '/assets',
config,
cspDirectives,
customMiddleware = [],
logger,
metricsCollector,
rateLimitService = null,
sentryProxyEnabled = true,
sentryProxyPath = '/sentry',
sentryProxyRouteEnabled = true,
staticCDNEndpoint,
staticDir,
tracing,
} = options;
const app = new Hono<AppProxyHonoEnv>({strict: true});
applyAppProxyMiddleware({
app,
config,
customMiddleware,
logger,
metricsCollector,
rateLimitService,
sentryProxyEnabled,
sentryProxyPath,
tracing,
});
registerAppProxyRoutes({
app,
assetsPath,
cspDirectives,
logger,
sentryProxy: config.sentry_proxy,
sentryProxyPath,
sentryProxyRouteEnabled,
staticCDNEndpoint,
staticDir,
});
const shutdown = async (): Promise<void> => {
logger.info('App Proxy shutting down');
};
return {app, shutdown};
}

83
packages/app_proxy/src/AppProxyTypes.tsx Normal file
View File

@@ -0,0 +1,83 @@
/*
* Copyright (C) 2026 Fluxer Contributors
*
* This file is part of Fluxer.
*
* Fluxer is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Fluxer is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
*/
import type {CSPOptions} from '@fluxer/app_proxy/src/app_server/utils/CSP';
import type {SentryConfig, TelemetryConfig} from '@fluxer/config/src/MasterZodSchema';
import type {MetricsCollector} from '@fluxer/hono_types/src/MetricsTypes';
import type {TracingOptions} from '@fluxer/hono_types/src/TracingTypes';
import type {Logger} from '@fluxer/logger/src/Logger';
import type {IRateLimitService} from '@fluxer/rate_limit/src/IRateLimitService';
import type {MiddlewareHandler} from 'hono';
export interface AppProxySentryProxyConfig {
project_id: string;
public_key: string;
target_url: string;
path_prefix: string;
}
export interface AppProxyConfig {
env: string;
port: number;
static_cdn_endpoint: string;
sentry_proxy_path: string;
sentry_report_host: string;
sentry_proxy: AppProxySentryProxyConfig | null;
assets_dir: string;
kv: {
url: string;
timeout_ms: number;
};
rate_limit: {
sentry: {
limit: number;
window_ms: number;
};
};
telemetry: TelemetryConfig;
sentry: SentryConfig;
}
export interface AppProxyContext {
config: AppProxyConfig;
logger: Logger;
rateLimitService: IRateLimitService | null;
}
export interface AppProxyHonoEnv {
Variables: AppProxyContext;
}
export type AppProxyMiddleware = MiddlewareHandler<AppProxyHonoEnv>;
export interface CreateAppProxyAppOptions {
config: AppProxyConfig;
logger: Logger;
rateLimitService?: IRateLimitService | null;
metricsCollector?: MetricsCollector;
tracing?: TracingOptions;
customMiddleware?: Array<AppProxyMiddleware>;
sentryProxyPath?: string;
assetsPath?: string;
staticCDNEndpoint?: string;
staticDir?: string;
cspDirectives?: CSPOptions;
sentryProxyEnabled?: boolean;
sentryProxyRouteEnabled?: boolean;
}

52
packages/app_proxy/src/AppServer.tsx Normal file
View File

@@ -0,0 +1,52 @@
/*
* Copyright (C) 2026 Fluxer Contributors
*
* This file is part of Fluxer.
*
* Fluxer is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Fluxer is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
*/
import {resolve} from 'node:path';
import type {AppServerOptions, AppServerResult, HonoEnv} from '@fluxer/app_proxy/src/AppServerTypes';
import {applyAppServerMiddleware} from '@fluxer/app_proxy/src/app_server/AppServerMiddleware';
import {registerAppServerRoutes} from '@fluxer/app_proxy/src/app_server/AppServerRoutes';
import {Hono} from 'hono';
export function createAppServer(options: AppServerOptions): AppServerResult {
const {assetVersion, captureException, cspDirectives, env, logger, staticDir, telemetry} = options;
const resolvedStaticDir = resolve(staticDir);
const app = new Hono<HonoEnv>({strict: true});
applyAppServerMiddleware({
app,
captureException,
env,
logger,
telemetry,
});
registerAppServerRoutes({
app,
assetVersion,
cspDirectives,
logger,
staticDir: resolvedStaticDir,
});
const shutdown = () => {
logger.info('shutting down app server');
};
return {app, shutdown};
}

48
packages/app_proxy/src/AppServerTypes.tsx Normal file
View File

@@ -0,0 +1,48 @@
/*
* Copyright (C) 2026 Fluxer Contributors
*
* This file is part of Fluxer.
*
* Fluxer is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Fluxer is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
*/
import type {CSPOptions} from '@fluxer/app_proxy/src/app_server/utils/CSP';
import type {MetricsCollector} from '@fluxer/hono_types/src/MetricsTypes';
import type {TracingOptions} from '@fluxer/hono_types/src/TracingTypes';
import type {Logger} from '@fluxer/logger/src/Logger';
import type {Hono} from 'hono';
export interface AppTelemetryOptions {
metricsCollector?: MetricsCollector;
tracing?: TracingOptions;
}
export interface AppServerOptions {
staticDir: string;
assetVersion?: string;
cspDirectives?: CSPOptions;
logger: Logger;
telemetry?: AppTelemetryOptions;
env?: string;
captureException?: (error: Error, context?: Record<string, unknown>) => void;
}
export interface AppServerResult {
app: Hono<HonoEnv>;
shutdown: () => void;
}
export interface HonoEnv {
Variables: Record<string, unknown>;
}

27
packages/app_proxy/src/ErrorClassification.tsx Normal file
View File

@@ -0,0 +1,27 @@
/*
* Copyright (C) 2026 Fluxer Contributors
*
* This file is part of Fluxer.
*
* Fluxer is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Fluxer is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
*/
export function isExpectedError(error: Error): boolean {
if (!('isExpected' in error)) {
return false;
}
const expectedError = error as Error & {isExpected?: unknown};
return expectedError.isExpected === true;
}

160
packages/app_proxy/src/app_proxy/AppProxyMiddleware.tsx Normal file
View File

@@ -0,0 +1,160 @@
/*
* Copyright (C) 2026 Fluxer Contributors
*
* This file is part of Fluxer.
*
* Fluxer is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Fluxer is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
*/
import type {AppProxyConfig, AppProxyHonoEnv, AppProxyMiddleware} from '@fluxer/app_proxy/src/AppProxyTypes';
import {createProxyRateLimitMiddleware} from '@fluxer/app_proxy/src/app_proxy/middleware/ProxyRateLimit';
import {createSentryHostProxyMiddleware} from '@fluxer/app_proxy/src/app_proxy/middleware/SentryHostProxy';
import {proxySentry} from '@fluxer/app_proxy/src/app_proxy/proxy/SentryProxy';
import {resolveSentryHost} from '@fluxer/app_proxy/src/app_proxy/utils/Host';
import {isExpectedError} from '@fluxer/app_proxy/src/ErrorClassification';
import {applyMiddlewareStack} from '@fluxer/hono/src/middleware/MiddlewareStack';
import type {MetricsCollector} from '@fluxer/hono_types/src/MetricsTypes';
import type {TracingOptions} from '@fluxer/hono_types/src/TracingTypes';
import type {Logger} from '@fluxer/logger/src/Logger';
import type {IRateLimitService} from '@fluxer/rate_limit/src/IRateLimitService';
import {captureException} from '@fluxer/sentry/src/Sentry';
import type {Context, Hono} from 'hono';
interface ApplyAppProxyMiddlewareOptions {
app: Hono<AppProxyHonoEnv>;
config: AppProxyConfig;
customMiddleware: Array<AppProxyMiddleware>;
logger: Logger;
metricsCollector?: MetricsCollector;
rateLimitService: IRateLimitService | null;
sentryProxyEnabled: boolean;
sentryProxyPath: string;
tracing?: TracingOptions;
}
export function applyAppProxyMiddleware(options: ApplyAppProxyMiddlewareOptions): void {
const {
app,
config,
customMiddleware,
logger,
metricsCollector,
rateLimitService,
sentryProxyEnabled,
sentryProxyPath,
tracing,
} = options;
applyMiddlewareStack(app, {
requestId: {},
tracing,
metrics: metricsCollector
? {
enabled: true,
collector: metricsCollector,
skipPaths: ['/_health'],
}
: undefined,
logger: {
log: (data) => {
logger.info(
{
method: data.method,
path: data.path,
status: data.status,
durationMs: data.durationMs,
},
'Request completed',
);
},
skip: ['/_health'],
},
errorHandler: {
includeStack: !sentryProxyEnabled,
logger: (error: Error, ctx: Context) => {
if (!isExpectedError(error)) {
captureException(error, {
path: ctx.req.path,
method: ctx.req.method,
});
}
logger.error(
{
error: error.message,
stack: error.stack,
path: ctx.req.path,
method: ctx.req.method,
},
'Request error',
);
},
},
customMiddleware,
});
applySentryHostProxyMiddleware({
app,
config,
logger,
rateLimitService,
sentryProxyEnabled,
sentryProxyPath,
});
}
interface ApplySentryHostProxyMiddlewareOptions {
app: Hono<AppProxyHonoEnv>;
config: AppProxyConfig;
logger: Logger;
rateLimitService: IRateLimitService | null;
sentryProxyEnabled: boolean;
sentryProxyPath: string;
}
function applySentryHostProxyMiddleware(options: ApplySentryHostProxyMiddlewareOptions): void {
const {app, config, logger, rateLimitService, sentryProxyEnabled, sentryProxyPath} = options;
const sentryHost = resolveSentryHost(config);
const sentryProxy = config.sentry_proxy;
if (!sentryProxyEnabled || !sentryHost || !sentryProxy) {
return;
}
const sentryRateLimitMiddleware = createProxyRateLimitMiddleware({
rateLimitService,
bucketPrefix: 'sentry-proxy',
config: {
enabled: config.rate_limit.sentry.limit > 0,
limit: config.rate_limit.sentry.limit,
windowMs: config.rate_limit.sentry.window_ms,
skipPaths: ['/_health'],
},
logger,
});
const sentryHostMiddleware = createSentryHostProxyMiddleware({
sentryHost,
rateLimitMiddleware: sentryRateLimitMiddleware,
proxyHandler: (c) =>
proxySentry(c, {
enabled: true,
logger,
sentryProxy,
sentryProxyPath,
}),
});
app.use('*', sentryHostMiddleware);
}

87
packages/app_proxy/src/app_proxy/AppProxyRoutes.tsx Normal file
View File

@@ -0,0 +1,87 @@
/*
* Copyright (C) 2026 Fluxer Contributors
*
* This file is part of Fluxer.
*
* Fluxer is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Fluxer is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
*/
import {resolve} from 'node:path';
import type {AppProxyHonoEnv, AppProxySentryProxyConfig} from '@fluxer/app_proxy/src/AppProxyTypes';
import {proxyAssets} from '@fluxer/app_proxy/src/app_proxy/proxy/AssetsProxy';
import {proxySentry} from '@fluxer/app_proxy/src/app_proxy/proxy/SentryProxy';
import {createSpaIndexRoute} from '@fluxer/app_proxy/src/app_server/routes/SpaIndexRoute';
import type {CSPOptions} from '@fluxer/app_proxy/src/app_server/utils/CSP';
import type {Logger} from '@fluxer/logger/src/Logger';
import type {Hono} from 'hono';
interface RegisterAppProxyRoutesOptions {
app: Hono<AppProxyHonoEnv>;
assetsPath: string;
cspDirectives?: CSPOptions;
logger: Logger;
sentryProxy: AppProxySentryProxyConfig | null;
sentryProxyPath: string;
sentryProxyRouteEnabled: boolean;
staticCDNEndpoint: string | undefined;
staticDir?: string;
}
export function registerAppProxyRoutes(options: RegisterAppProxyRoutesOptions): void {
const {
app,
assetsPath,
cspDirectives,
logger,
sentryProxy,
sentryProxyPath,
sentryProxyRouteEnabled,
staticCDNEndpoint,
staticDir,
} = options;
app.get('/_health', (c) => c.text('OK'));
app.all(sentryProxyPath, (c) =>
proxySentry(c, {
enabled: sentryProxyRouteEnabled,
logger,
sentryProxy,
sentryProxyPath,
}),
);
app.all(`${sentryProxyPath}/*`, (c) =>
proxySentry(c, {
enabled: sentryProxyRouteEnabled,
logger,
sentryProxy,
sentryProxyPath,
}),
);
if (staticCDNEndpoint) {
app.get(`${assetsPath}/*`, (c) =>
proxyAssets(c, {
logger,
staticCDNEndpoint,
}),
);
}
if (staticDir) {
const resolvedStaticDir = resolve(staticDir);
createSpaIndexRoute(app, {staticDir: resolvedStaticDir, cspDirectives, logger});
}
}

72
packages/app_proxy/src/app_proxy/middleware/ProxyRateLimit.tsx Normal file
View File

@@ -0,0 +1,72 @@
/*
* Copyright (C) 2026 Fluxer Contributors
*
* This file is part of Fluxer.
*
* Fluxer is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Fluxer is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
*/
import {HttpStatus} from '@fluxer/constants/src/HttpConstants';
import {extractClientIp} from '@fluxer/ip_utils/src/ClientIp';
import type {Logger} from '@fluxer/logger/src/Logger';
import type {IRateLimitService} from '@fluxer/rate_limit/src/IRateLimitService';
import {createRateLimitMiddleware} from '@fluxer/rate_limit/src/middleware/RateLimitMiddleware';
interface ProxyRateLimitConfig {
enabled?: boolean;
limit: number;
windowMs: number;
skipPaths?: Array<string>;
}
export interface CreateProxyRateLimitMiddlewareOptions {
rateLimitService: IRateLimitService | null;
bucketPrefix: string;
config: ProxyRateLimitConfig;
logger: Logger;
}
export function createProxyRateLimitMiddleware(options: CreateProxyRateLimitMiddlewareOptions) {
const {bucketPrefix, config, logger, rateLimitService} = options;
return createRateLimitMiddleware({
rateLimitService: () => rateLimitService,
config: {
get enabled() {
const hasRateLimitService = Boolean(rateLimitService);
return config.enabled !== undefined ? hasRateLimitService && config.enabled : hasRateLimitService;
},
limit: config.limit,
windowMs: config.windowMs,
skipPaths: config.skipPaths,
},
getClientIdentifier: (req) => {
const realIp = extractClientIp(req);
return realIp || 'unknown';
},
getBucketName: (identifier, _ctx) => `${bucketPrefix}:ip:${identifier}`,
onRateLimitExceeded: (c, retryAfter) => {
const identifier = extractClientIp(c.req.raw) || 'unknown';
logger.warn(
{
ip: identifier,
path: c.req.path,
retryAfter,
},
'proxy rate limit exceeded',
);
return c.text('Too Many Requests', HttpStatus.TOO_MANY_REQUESTS);
},
});
}

48
packages/app_proxy/src/app_proxy/middleware/SentryHostProxy.tsx Normal file
View File

@@ -0,0 +1,48 @@
/*
* Copyright (C) 2026 Fluxer Contributors
*
* This file is part of Fluxer.
*
* Fluxer is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Fluxer is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
*/
import {normalizeHost} from '@fluxer/app_proxy/src/app_proxy/utils/Host';
import type {Context, Next} from 'hono';
interface SentryHostProxyMiddlewareOptions {
sentryHost: string;
// biome-ignore lint/suspicious/noConfusingVoidType: hono middleware may return void
rateLimitMiddleware: (c: Context, next: Next) => Promise<Response | undefined | void>;
proxyHandler: (c: Context) => Promise<Response>;
}
export function createSentryHostProxyMiddleware(options: SentryHostProxyMiddlewareOptions) {
const {proxyHandler, rateLimitMiddleware, sentryHost} = options;
return async function sentryHostProxy(c: Context, next: Next): Promise<Response | undefined> {
const incomingHost = normalizeHost(c.req.raw.headers.get('host') ?? '');
if (incomingHost && incomingHost === sentryHost) {
const result = await rateLimitMiddleware(c, async () => {
c.res = await proxyHandler(c);
});
if (result) {
return result;
}
return c.res;
}
await next();
return undefined;
};
}

56
packages/app_proxy/src/app_proxy/proxy/AssetsProxy.tsx Normal file
View File

@@ -0,0 +1,56 @@
/*
* Copyright (C) 2026 Fluxer Contributors
*
* This file is part of Fluxer.
*
* Fluxer is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Fluxer is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
*/
import {createProxyRequestHeaders, forwardProxyRequest} from '@fluxer/app_proxy/src/app_proxy/proxy/ProxyRequest';
import {HttpStatus} from '@fluxer/constants/src/HttpConstants';
import type {Logger} from '@fluxer/logger/src/Logger';
import type {Context} from 'hono';
export interface ProxyAssetsOptions {
staticCDNEndpoint: string;
logger: Logger;
}
export async function proxyAssets(c: Context, options: ProxyAssetsOptions): Promise<Response> {
const {logger, staticCDNEndpoint} = options;
const staticEndpoint = new URL(staticCDNEndpoint);
const targetUrl = new URL(c.req.path, staticEndpoint);
const headers = createProxyRequestHeaders({
incomingHeaders: c.req.raw.headers,
upstreamHost: staticEndpoint.host,
});
try {
return await forwardProxyRequest({
targetUrl,
method: 'GET',
headers,
});
} catch (error) {
logger.error(
{
path: c.req.path,
targetUrl: targetUrl.toString(),
error,
},
'assets proxy error',
);
return c.text('Bad Gateway', HttpStatus.BAD_GATEWAY);
}
}

106
packages/app_proxy/src/app_proxy/proxy/ProxyRequest.tsx Normal file
View File

@@ -0,0 +1,106 @@
/*
* Copyright (C) 2026 Fluxer Contributors
*
* This file is part of Fluxer.
*
* Fluxer is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Fluxer is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
*/
const BLOCKED_PROXY_REQUEST_HEADERS = [
'authorization',
'connection',
'cookie',
'host',
'keep-alive',
'proxy-authenticate',
'proxy-authorization',
'te',
'trailer',
'trailers',
'transfer-encoding',
'upgrade',
] as const;
const BLOCKED_PROXY_RESPONSE_HEADERS = [
'connection',
'keep-alive',
'proxy-authenticate',
'proxy-authorization',
'te',
'trailer',
'trailers',
'transfer-encoding',
'upgrade',
] as const;
interface NodeFetchRequestInit extends RequestInit {
duplex?: 'half';
}
export interface CreateProxyRequestHeadersOptions {
incomingHeaders: Headers;
upstreamHost: string;
}
export interface ForwardProxyRequestOptions {
targetUrl: URL;
method: string;
headers: Headers;
body?: Request['body'];
bufferResponseBody?: boolean;
}
export function createProxyRequestHeaders(options: CreateProxyRequestHeadersOptions): Headers {
const headers = new Headers(options.incomingHeaders);
for (const headerName of BLOCKED_PROXY_REQUEST_HEADERS) {
headers.delete(headerName);
}
headers.set('host', options.upstreamHost);
return headers;
}
export async function forwardProxyRequest(options: ForwardProxyRequestOptions): Promise<Response> {
const {targetUrl, method, headers, body, bufferResponseBody = false} = options;
const requestInit: NodeFetchRequestInit = {method, headers};
if (method !== 'GET' && method !== 'HEAD' && body !== null && body !== undefined) {
requestInit.body = body;
requestInit.duplex = 'half';
}
const upstreamResponse = await fetch(targetUrl.toString(), requestInit);
const responseHeaders = new Headers(upstreamResponse.headers);
for (const headerName of BLOCKED_PROXY_RESPONSE_HEADERS) {
responseHeaders.delete(headerName);
}
responseHeaders.delete('content-length');
responseHeaders.delete('content-encoding');
if (bufferResponseBody) {
const bodyBuffer = new Uint8Array(await upstreamResponse.arrayBuffer());
return new Response(bodyBuffer, {
status: upstreamResponse.status,
headers: responseHeaders,
});
}
return new Response(upstreamResponse.body, {
status: upstreamResponse.status,
headers: responseHeaders,
});
}

77
packages/app_proxy/src/app_proxy/proxy/SentryProxy.tsx Normal file
View File

@@ -0,0 +1,77 @@
/*
* Copyright (C) 2026 Fluxer Contributors
*
* This file is part of Fluxer.
*
* Fluxer is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Fluxer is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
*/
import type {AppProxySentryProxyConfig} from '@fluxer/app_proxy/src/AppProxyTypes';
import {createProxyRequestHeaders, forwardProxyRequest} from '@fluxer/app_proxy/src/app_proxy/proxy/ProxyRequest';
import {HttpStatus} from '@fluxer/constants/src/HttpConstants';
import type {Logger} from '@fluxer/logger/src/Logger';
import type {Context} from 'hono';
export interface ProxySentryOptions {
enabled: boolean;
sentryProxy: AppProxySentryProxyConfig | null;
sentryProxyPath: string;
logger: Logger;
}
export async function proxySentry(c: Context, options: ProxySentryOptions): Promise<Response> {
const {enabled, logger, sentryProxy, sentryProxyPath} = options;
if (!enabled || !sentryProxy) {
return c.text('Sentry proxy not configured', HttpStatus.SERVICE_UNAVAILABLE);
}
const targetPath = resolveSentryTargetPath(c.req.path, sentryProxyPath, sentryProxy.path_prefix);
const targetUrl = new URL(targetPath, sentryProxy.target_url);
const upstreamSentryEndpoint = new URL(sentryProxy.target_url);
const headers = createProxyRequestHeaders({
incomingHeaders: c.req.raw.headers,
upstreamHost: upstreamSentryEndpoint.host,
});
try {
return await forwardProxyRequest({
targetUrl,
method: c.req.method,
headers,
body: c.req.raw.body,
bufferResponseBody: true,
});
} catch (error) {
logger.error(
{
path: c.req.path,
targetUrl: targetUrl.toString(),
error,
},
'sentry proxy error',
);
return c.text('Bad Gateway', HttpStatus.BAD_GATEWAY);
}
}
function resolveSentryTargetPath(requestPath: string, sentryProxyPath: string, sentryPathPrefix: string): string {
let normalizedPath = requestPath;
if (normalizedPath.startsWith(sentryProxyPath)) {
normalizedPath = normalizedPath.slice(sentryProxyPath.length) || '/';
}
if (!normalizedPath.startsWith('/')) {
normalizedPath = `/${normalizedPath}`;
}
return `${sentryPathPrefix}${normalizedPath}`;
}

51
packages/app_proxy/src/app_proxy/utils/Host.tsx Normal file
View File

@@ -0,0 +1,51 @@
/*
* Copyright (C) 2026 Fluxer Contributors
*
* This file is part of Fluxer.
*
* Fluxer is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Fluxer is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
*/
export function normalizeHost(value: string): string {
const trimmed = value.trim().toLowerCase();
if (!trimmed) {
return '';
}
const primary = trimmed.split(',')[0]?.trim() ?? '';
if (primary.startsWith('[')) {
const end = primary.indexOf(']');
return end > 0 ? primary.slice(1, end) : primary;
}
return primary.split(':')[0] ?? primary;
}
export function resolveSentryHost(config: {
sentry_proxy: {target_url: string} | null;
sentry_report_host: string;
}): string | null {
if (!config.sentry_proxy || !config.sentry_report_host) {
return null;
}
const normalizedSentryHost = normalizeHostValue(config.sentry_report_host);
return normalizedSentryHost || null;
}
function normalizeHostValue(rawHost: string): string {
try {
return normalizeHost(new URL(rawHost).host);
} catch {
return normalizeHost(rawHost);
}
}

83
packages/app_proxy/src/app_server/AppServerMiddleware.tsx Normal file
View File

@@ -0,0 +1,83 @@
/*
* Copyright (C) 2026 Fluxer Contributors
*
* This file is part of Fluxer.
*
* Fluxer is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Fluxer is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
*/
import type {AppTelemetryOptions, HonoEnv} from '@fluxer/app_proxy/src/AppServerTypes';
import {isExpectedError} from '@fluxer/app_proxy/src/ErrorClassification';
import {applyMiddlewareStack} from '@fluxer/hono/src/middleware/MiddlewareStack';
import type {Logger} from '@fluxer/logger/src/Logger';
import type {Hono} from 'hono';
interface ApplyAppServerMiddlewareOptions {
app: Hono<HonoEnv>;
captureException?: (error: Error, context?: Record<string, unknown>) => void;
env?: string;
logger: Logger;
telemetry?: AppTelemetryOptions;
}
export function applyAppServerMiddleware(options: ApplyAppServerMiddlewareOptions): void {
const {app, captureException, env, logger, telemetry} = options;
applyMiddlewareStack(app, {
requestId: {},
tracing: telemetry?.tracing,
metrics: telemetry?.metricsCollector
? {
enabled: true,
collector: telemetry.metricsCollector,
skipPaths: ['/_health'],
}
: undefined,
logger: {
log: (data) => {
logger.info(
{
method: data.method,
path: data.path,
status: data.status,
durationMs: data.durationMs,
},
'Request completed',
);
},
skip: ['/_health'],
},
errorHandler: {
includeStack: env === 'development',
logger: (error, c) => {
if (!isExpectedError(error) && captureException) {
captureException(error, {
path: c.req.path,
method: c.req.method,
});
}
logger.error(
{
error: error.message,
stack: error.stack,
path: c.req.path,
method: c.req.method,
},
'Request error',
);
},
},
});
}

50
packages/app_proxy/src/app_server/AppServerRoutes.tsx Normal file
View File

@@ -0,0 +1,50 @@
/*
* Copyright (C) 2026 Fluxer Contributors
*
* This file is part of Fluxer.
*
* Fluxer is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Fluxer is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
*/
import type {HonoEnv} from '@fluxer/app_proxy/src/AppServerTypes';
import {createSpaIndexRoute} from '@fluxer/app_proxy/src/app_server/routes/SpaIndexRoute';
import {createSpaRoute} from '@fluxer/app_proxy/src/app_server/routes/SpaRoute';
import type {CSPOptions} from '@fluxer/app_proxy/src/app_server/utils/CSP';
import type {Logger} from '@fluxer/logger/src/Logger';
import type {Hono} from 'hono';
interface RegisterAppServerRoutesOptions {
app: Hono<HonoEnv>;
assetVersion?: string;
cspDirectives?: CSPOptions;
logger: Logger;
staticDir: string;
}
export function registerAppServerRoutes(options: RegisterAppServerRoutesOptions): void {
const {app, assetVersion, cspDirectives, logger, staticDir} = options;
app.get('/_health', (c) => c.text('OK'));
createSpaRoute(app, {
staticDir,
assetVersion,
});
createSpaIndexRoute(app, {
staticDir,
cspDirectives,
logger,
});
}

66
packages/app_proxy/src/app_server/routes/SpaIndexRoute.tsx Normal file
View File

@@ -0,0 +1,66 @@
/*
* Copyright (C) 2026 Fluxer Contributors
*
* This file is part of Fluxer.
*
* Fluxer is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Fluxer is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
*/
import type {CSPOptions} from '@fluxer/app_proxy/src/app_server/utils/CSP';
import {isStaticAsset} from '@fluxer/app_proxy/src/app_server/utils/Mime';
import {
applySpaHeaders,
serveSpaFallback,
serveStaticFile,
} from '@fluxer/app_proxy/src/app_server/utils/StaticFileUtils';
import type {Logger} from '@fluxer/logger/src/Logger';
import type {Env, Hono} from 'hono';
export interface SpaIndexRouteOptions {
staticDir: string;
cspDirectives?: CSPOptions;
logger: Logger;
}
export function createSpaIndexRoute<E extends Env>(app: Hono<E>, options: SpaIndexRouteOptions): void {
const {cspDirectives, logger, staticDir} = options;
app.get('*', (c) => {
const requestPath = c.req.path;
if (isStaticAsset(requestPath)) {
const result = serveStaticFile({requestPath, resolvedStaticDir: staticDir, logger});
if (!result.success) {
if (result.error) {
return c.text(result.error, 500);
}
return c.notFound();
}
return new Response(result.content, {
headers: {
'Content-Type': result.mimeType,
'Cache-Control': result.cacheControl,
},
});
}
const fallbackResult = serveSpaFallback({resolvedStaticDir: staticDir, cspDirectives, logger});
if (!fallbackResult.success) {
return c.text(fallbackResult.error, 500);
}
applySpaHeaders(c, fallbackResult.csp);
return c.body(fallbackResult.content);
});
}

81
packages/app_proxy/src/app_server/routes/SpaRoute.tsx Normal file
View File

@@ -0,0 +1,81 @@
/*
* Copyright (C) 2026 Fluxer Contributors
*
* This file is part of Fluxer.
*
* Fluxer is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Fluxer is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
*/
import {existsSync, readFileSync} from 'node:fs';
import {join} from 'node:path';
import type {Env, Hono} from 'hono';
export interface SpaRouteOptions {
staticDir: string;
assetVersion?: string;
}
export function createSpaRoute<E extends Env>(app: Hono<E>, options: SpaRouteOptions): void {
const {assetVersion, staticDir} = options;
app.get('/version.json', (c) => {
const versionFileContent = readStaticTextFile(staticDir, 'version.json');
if (!versionFileContent) {
if (assetVersion) {
return c.json({version: assetVersion});
}
return c.notFound();
}
c.header('Cache-Control', 'no-cache');
return c.json(JSON.parse(versionFileContent) as unknown);
});
app.get('/manifest.json', (c) => {
const manifestContent = readStaticTextFile(staticDir, 'manifest.json');
if (!manifestContent) {
return c.notFound();
}
c.header('Content-Type', 'application/manifest+json');
c.header('Cache-Control', 'no-cache');
return c.body(manifestContent);
});
app.get('/sw.js', (c) => {
const serviceWorkerContent = readStaticTextFile(staticDir, 'sw.js');
if (!serviceWorkerContent) {
return c.notFound();
}
c.header('Content-Type', 'application/javascript; charset=utf-8');
c.header('Cache-Control', 'no-cache');
return c.body(serviceWorkerContent);
});
app.get('/sw.js.map', (c) => {
const sourceMapContent = readStaticTextFile(staticDir, 'sw.js.map');
if (!sourceMapContent) {
return c.notFound();
}
c.header('Content-Type', 'application/json');
c.header('Cache-Control', 'no-cache');
return c.body(sourceMapContent);
});
}
function readStaticTextFile(staticDir: string, filename: string): string | null {
const filePath = join(staticDir, filename);
if (!existsSync(filePath)) {
return null;
}
return readFileSync(filePath, 'utf-8');
}

182
packages/app_proxy/src/app_server/utils/CSP.tsx Normal file
View File

@@ -0,0 +1,182 @@
/*
* Copyright (C) 2026 Fluxer Contributors
*
* This file is part of Fluxer.
*
* Fluxer is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Fluxer is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
*/
import {randomBytes} from 'node:crypto';
import type {SentryDSN} from '@fluxer/app_proxy/src/app_server/utils/SentryDSN';
export const CSP_HOSTS = {
FRAME: [
'https://www.youtube.com/embed/',
'https://www.youtube.com/s/player/',
'https://hcaptcha.com',
'https://*.hcaptcha.com',
'https://challenges.cloudflare.com',
],
IMAGE: [
'https://*.fluxer.app',
'https://i.ytimg.com',
'https://*.youtube.com',
'https://fluxerusercontent.com',
'https://fluxerstatic.com',
'https://*.fluxer.media',
'https://fluxer.media',
],
MEDIA: [
'https://*.fluxer.app',
'https://*.youtube.com',
'https://fluxerusercontent.com',
'https://fluxerstatic.com',
'https://*.fluxer.media',
'https://fluxer.media',
],
SCRIPT: [
'https://*.fluxer.app',
'https://hcaptcha.com',
'https://*.hcaptcha.com',
'https://challenges.cloudflare.com',
'https://fluxerstatic.com',
],
STYLE: [
'https://*.fluxer.app',
'https://hcaptcha.com',
'https://*.hcaptcha.com',
'https://challenges.cloudflare.com',
'https://fluxerstatic.com',
],
FONT: ['https://*.fluxer.app', 'https://fluxerstatic.com'],
CONNECT: [
'https://*.fluxer.app',
'wss://*.fluxer.app',
'https://*.fluxer.media',
'wss://*.fluxer.media',
'https://hcaptcha.com',
'https://*.hcaptcha.com',
'https://challenges.cloudflare.com',
'https://*.fluxer.workers.dev',
'https://fluxerusercontent.com',
'https://fluxerstatic.com',
'https://sentry.web.fluxer.app',
'https://sentry.web.canary.fluxer.app',
'https://fluxer.media',
'http://127.0.0.1:21863',
'http://127.0.0.1:21864',
],
WORKER: ['https://*.fluxer.app', 'https://fluxerstatic.com', 'blob:'],
MANIFEST: ['https://*.fluxer.app'],
} as const;
export interface CSPOptions {
defaultSrc?: ReadonlyArray<string>;
scriptSrc?: ReadonlyArray<string>;
styleSrc?: ReadonlyArray<string>;
imgSrc?: ReadonlyArray<string>;
mediaSrc?: ReadonlyArray<string>;
fontSrc?: ReadonlyArray<string>;
connectSrc?: ReadonlyArray<string>;
frameSrc?: ReadonlyArray<string>;
workerSrc?: ReadonlyArray<string>;
manifestSrc?: ReadonlyArray<string>;
reportUri?: string;
}
export interface SentryProxyConfig {
sentryProxy: SentryDSN | null;
sentryProxyPath: string;
sentryReportHost: string;
}
export function generateNonce(): string {
return randomBytes(16).toString('hex');
}
export function buildSentryReportURI(config: SentryProxyConfig): string {
const sentry = config.sentryProxy;
if (!sentry) {
return '';
}
const pathPrefix = config.sentryProxyPath.replace(/\/+$/, '');
let uri = `${pathPrefix}/api/${sentry.projectId}/security/?sentry_version=7`;
if (sentry.publicKey) {
uri += `&sentry_key=${sentry.publicKey}`;
}
if (config.sentryReportHost) {
return config.sentryReportHost + uri;
}
return uri;
}
export function buildCSP(nonce: string, options?: CSPOptions): string {
const defaultSrc = ["'self'", ...(options?.defaultSrc ?? [])];
const scriptSrc = ["'self'", `'nonce-${nonce}'`, "'wasm-unsafe-eval'", ...(options?.scriptSrc ?? [])];
const styleSrc = ["'self'", "'unsafe-inline'", ...(options?.styleSrc ?? [])];
const imgSrc = ["'self'", 'blob:', 'data:', ...(options?.imgSrc ?? [])];
const mediaSrc = ["'self'", 'blob:', ...(options?.mediaSrc ?? [])];
const fontSrc = ["'self'", 'data:', ...(options?.fontSrc ?? [])];
const connectSrc = ["'self'", 'data:', ...(options?.connectSrc ?? [])];
const frameSrc = ["'self'", ...(options?.frameSrc ?? [])];
const workerSrc = ["'self'", 'blob:', ...(options?.workerSrc ?? [])];
const manifestSrc = ["'self'", ...(options?.manifestSrc ?? [])];
const directives = [
`default-src ${defaultSrc.join(' ')}`,
`script-src ${scriptSrc.join(' ')}`,
`style-src ${styleSrc.join(' ')}`,
`img-src ${imgSrc.join(' ')}`,
`media-src ${mediaSrc.join(' ')}`,
`font-src ${fontSrc.join(' ')}`,
`connect-src ${connectSrc.join(' ')}`,
`frame-src ${frameSrc.join(' ')}`,
`worker-src ${workerSrc.join(' ')}`,
`manifest-src ${manifestSrc.join(' ')}`,
"object-src 'none'",
"base-uri 'self'",
"frame-ancestors 'none'",
];
if (options?.reportUri) {
directives.push(`report-uri ${options.reportUri}`);
}
return directives.join('; ');
}
export function buildFluxerCSPOptions(config: SentryProxyConfig): CSPOptions {
const reportURI = buildSentryReportURI(config);
return {
scriptSrc: [...CSP_HOSTS.SCRIPT],
styleSrc: [...CSP_HOSTS.STYLE],
imgSrc: [...CSP_HOSTS.IMAGE],
mediaSrc: [...CSP_HOSTS.MEDIA],
fontSrc: [...CSP_HOSTS.FONT],
connectSrc: [...CSP_HOSTS.CONNECT],
frameSrc: [...CSP_HOSTS.FRAME],
workerSrc: [...CSP_HOSTS.WORKER],
manifestSrc: [...CSP_HOSTS.MANIFEST],
reportUri: reportURI || undefined,
};
}
export function buildFluxerCSP(nonce: string, config: SentryProxyConfig): string {
return buildCSP(nonce, buildFluxerCSPOptions(config));
}

78
packages/app_proxy/src/app_server/utils/Mime.tsx Normal file
View File

@@ -0,0 +1,78 @@
/*
* Copyright (C) 2026 Fluxer Contributors
*
* This file is part of Fluxer.
*
* Fluxer is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Fluxer is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
*/
const MIME_TYPES: Record<string, string> = {
'.html': 'text/html; charset=utf-8',
'.htm': 'text/html; charset=utf-8',
'.js': 'application/javascript; charset=utf-8',
'.mjs': 'application/javascript; charset=utf-8',
'.css': 'text/css; charset=utf-8',
'.json': 'application/json; charset=utf-8',
'.png': 'image/png',
'.jpg': 'image/jpeg',
'.jpeg': 'image/jpeg',
'.gif': 'image/gif',
'.webp': 'image/webp',
'.avif': 'image/avif',
'.svg': 'image/svg+xml',
'.ico': 'image/x-icon',
'.woff': 'font/woff',
'.woff2': 'font/woff2',
'.ttf': 'font/ttf',
'.otf': 'font/otf',
'.eot': 'application/vnd.ms-fontobject',
'.mp3': 'audio/mpeg',
'.mp4': 'video/mp4',
'.webm': 'video/webm',
'.ogg': 'audio/ogg',
'.wav': 'audio/wav',
'.pdf': 'application/pdf',
'.txt': 'text/plain; charset=utf-8',
'.xml': 'application/xml; charset=utf-8',
'.webmanifest': 'application/manifest+json',
'.map': 'application/json',
'.wasm': 'application/wasm',
};
export function getMimeType(path: string): string {
const ext = path.slice(path.lastIndexOf('.')).toLowerCase();
return MIME_TYPES[ext] ?? 'application/octet-stream';
}
export function isStaticAsset(path: string): boolean {
const lastSlashIndex = path.lastIndexOf('/');
const filename = lastSlashIndex >= 0 ? path.slice(lastSlashIndex + 1) : path;
return filename.includes('.');
}
export function isHashedAsset(path: string): boolean {
const hashPattern = /\.[a-f0-9]{8,}\.(?:js|css|mjs|woff2?|ttf|eot|otf|png|jpg|jpeg|gif|webp|avif|svg)$/i;
const hashPattern2 = /-[a-f0-9]{8,}\.(?:js|css|mjs|woff2?|ttf|eot|otf|png|jpg|jpeg|gif|webp|avif|svg)$/i;
return hashPattern.test(path) || hashPattern2.test(path);
}

64
packages/app_proxy/src/app_server/utils/SentryDSN.tsx Normal file
View File

@@ -0,0 +1,64 @@
/*
* Copyright (C) 2026 Fluxer Contributors
*
* This file is part of Fluxer.
*
* Fluxer is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Fluxer is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
*/
export interface SentryDSN {
projectId: string;
publicKey: string;
targetUrl: string;
pathPrefix: string;
}
export function parseSentryDSN(dsn: string | undefined): SentryDSN | null {
if (!dsn?.trim()) {
return null;
}
try {
const parsed = new URL(dsn.trim());
if (!parsed.protocol || !parsed.host) {
return null;
}
const pathPart = parsed.pathname.replace(/^\/+|\/+$/g, '');
const segments = pathPart ? pathPart.split('/') : [];
if (segments.length === 0) {
return null;
}
const projectId = segments[segments.length - 1]!;
const prefixSegments = segments.slice(0, -1);
const pathPrefix = prefixSegments.length > 0 ? `/${prefixSegments.join('/')}` : '';
const publicKey = parsed.username;
if (!publicKey) {
return null;
}
return {
projectId,
publicKey,
targetUrl: `${parsed.protocol}//${parsed.host}`,
pathPrefix,
};
} catch {
return null;
}
}

109
packages/app_proxy/src/app_server/utils/StaticFileUtils.tsx Normal file
View File

@@ -0,0 +1,109 @@
/*
* Copyright (C) 2026 Fluxer Contributors
*
* This file is part of Fluxer.
*
* Fluxer is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Fluxer is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
*/
import {existsSync, readFileSync} from 'node:fs';
import {join} from 'node:path';
import type {CSPOptions} from '@fluxer/app_proxy/src/app_server/utils/CSP';
import {buildCSP, generateNonce} from '@fluxer/app_proxy/src/app_server/utils/CSP';
import {getMimeType, isHashedAsset} from '@fluxer/app_proxy/src/app_server/utils/Mime';
import type {Logger} from '@fluxer/logger/src/Logger';
import type {Context} from 'hono';
export function isPathSafe(filePath: string, resolvedStaticDir: string): boolean {
return filePath.startsWith(resolvedStaticDir);
}
export interface ServeStaticFileOptions {
requestPath: string;
resolvedStaticDir: string;
logger: Logger;
}
export type ServeStaticFileResult =
| {success: true; content: Buffer; mimeType: string; cacheControl: string}
| {success: false; error?: string};
export function serveStaticFile(options: ServeStaticFileOptions): ServeStaticFileResult {
const {requestPath, resolvedStaticDir, logger} = options;
const filePath = join(resolvedStaticDir, requestPath);
if (!isPathSafe(filePath, resolvedStaticDir)) {
logger.warn({requestPath, filePath}, 'directory traversal attempt blocked');
return {success: false};
}
if (!existsSync(filePath)) {
return {success: false};
}
try {
const content = readFileSync(filePath);
const mimeType = getMimeType(requestPath);
const cacheControl = isHashedAsset(requestPath)
? 'public, max-age=31536000, immutable'
: 'public, max-age=3600, must-revalidate';
return {success: true, content, mimeType, cacheControl};
} catch (err) {
logger.error({requestPath, error: err}, 'failed to read static file');
return {success: false, error: 'Internal Server Error'};
}
}
export interface ServeSpaFallbackOptions {
resolvedStaticDir: string;
cspDirectives?: CSPOptions;
logger: Logger;
}
export type ServeSpaFallbackResult =
| {success: true; content: string; nonce: string; csp: string}
| {success: false; error: string};
export function serveSpaFallback(options: ServeSpaFallbackOptions): ServeSpaFallbackResult {
const {resolvedStaticDir, cspDirectives, logger} = options;
const indexPath = join(resolvedStaticDir, 'index.html');
if (!existsSync(indexPath)) {
logger.error({path: indexPath}, 'index.html not found');
return {success: false, error: 'Internal Server Error'};
}
try {
const nonce = generateNonce();
const csp = buildCSP(nonce, cspDirectives);
let indexContent = readFileSync(indexPath, 'utf-8');
indexContent = indexContent.replaceAll('{{CSP_NONCE_PLACEHOLDER}}', nonce);
return {success: true, content: indexContent, nonce, csp};
} catch (err) {
logger.error({error: err}, 'failed to serve index.html');
return {success: false, error: 'Internal Server Error'};
}
}
export function applySpaHeaders(c: Context, csp: string): void {
c.header('Content-Security-Policy', csp);
c.header('Content-Type', 'text/html; charset=utf-8');
c.header('Cache-Control', 'no-cache');
c.header('X-Content-Type-Options', 'nosniff');
c.header('X-Frame-Options', 'DENY');
c.header('Referrer-Policy', 'strict-origin-when-cross-origin');
}