()
| 275 | * lifecycle. |
| 276 | */ |
| 277 | export function resolveConfigFromEnv(): Omit<ServerConfig, 'browserManager' | 'startTime'> & { |
| 278 | config: ReturnType<typeof resolveConfig>; |
| 279 | } { |
| 280 | return { |
| 281 | // Same sanitizer as the module-level AUTH_TOKEN: strips ALL unicode |
| 282 | // whitespace and rejects tokens shorter than 16 chars so a misconfigured |
| 283 | // embedder can't ship a BOM/zero-width as the bearer secret. |
| 284 | authToken: sanitizeAuthToken(process.env.AUTH_TOKEN) || crypto.randomUUID(), |
| 285 | browsePort: parseInt(process.env.BROWSE_PORT || '0', 10), |
| 286 | idleTimeoutMs: parseInt(process.env.BROWSE_IDLE_TIMEOUT || '1800000', 10), |
| 287 | config: resolveConfig(), |
| 288 | }; |
| 289 | } |
| 290 | |
| 291 | /** |
| 292 | * Paths reachable over the tunnel surface. Everything else returns 404. |
no test coverage detected