b981cc0926
The localhost check using host header and x-forwarded-for was unreliable in the standalone Next.js server which may inject forwarded headers internally. Replace with a per-process random token shared between the PTY server and the API route via env var.
44 lines
1.4 KiB
JavaScript
44 lines
1.4 KiB
JavaScript
const { createServer } = require("http");
|
|
const path = require("path");
|
|
const { parse } = require("url");
|
|
|
|
const crypto = require("crypto");
|
|
|
|
const dev = process.env.NODE_ENV !== "production";
|
|
// HOSTNAME in K8s is the pod name — always bind to 0.0.0.0
|
|
const hostname = "0.0.0.0";
|
|
const port = parseInt(process.env.PORT || "3100", 10);
|
|
|
|
// Shared secret for internal PTY→API calls (generated per process)
|
|
process.env.INTERNAL_API_TOKEN = crypto.randomBytes(32).toString("hex");
|
|
|
|
// In production, load the standalone config to avoid webpack dependency
|
|
if (!dev) {
|
|
try {
|
|
const configPath = path.join(__dirname, "next-config.json");
|
|
const nextConfig = JSON.parse(require("fs").readFileSync(configPath, "utf8"));
|
|
process.env.__NEXT_PRIVATE_STANDALONE_CONFIG = JSON.stringify(nextConfig);
|
|
} catch {
|
|
// Config not found (local dev) — next() will load config normally
|
|
}
|
|
}
|
|
|
|
const next = require("next");
|
|
const { attachPtyWebSocket } = require("./pty-server");
|
|
|
|
const app = next({ dev, hostname, port, dir: __dirname });
|
|
const handle = app.getRequestHandler();
|
|
|
|
app.prepare().then(() => {
|
|
const server = createServer((req, res) => {
|
|
const parsedUrl = parse(req.url || "/", true);
|
|
handle(req, res, parsedUrl);
|
|
});
|
|
|
|
attachPtyWebSocket(server);
|
|
|
|
server.listen(port, hostname, () => {
|
|
console.log(`> Harness ready on http://${hostname}:${port}`);
|
|
});
|
|
});
|