npm - @celerispay/hazelcast-client - Versions diffs - 3.12.5-8 → 3.12.7-2 - Mend

@celerispay/hazelcast-client 3.12.5-8 → 3.12.7-2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

package/CHANGES_UNCOMMITTED.md +53 -0
package/FAULT_TOLERANCE_IMPROVEMENTS.md +208 -0
package/HAZELCAST_CLIENT_EVOLUTION.md +402 -0
package/lib/HeartbeatService.js +11 -2
package/lib/PartitionService.d.ts +0 -3
package/lib/PartitionService.js +3 -32
package/lib/invocation/ClientConnection.js +41 -11
package/lib/invocation/ClientConnectionManager.d.ts +54 -0
package/lib/invocation/ClientConnectionManager.js +210 -4
package/lib/invocation/ClusterService.d.ts +47 -0
package/lib/invocation/ClusterService.js +164 -4
package/lib/invocation/ConnectionAuthenticator.d.ts +11 -0
package/lib/invocation/ConnectionAuthenticator.js +85 -12
package/lib/invocation/CredentialPreservationService.d.ts +141 -0
package/lib/invocation/CredentialPreservationService.js +377 -0
package/lib/invocation/HazelcastFailoverManager.d.ts +102 -0
package/lib/invocation/HazelcastFailoverManager.js +285 -0
package/package.json +7 -6

package/lib/invocation/CredentialPreservationService.js ADDED Viewed

@@ -0,0 +1,377 @@
+"use strict";
+/*
+ * Copyright (c) 2008-2021, Hazelcast, Inc. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+/**
+ * Service to preserve and restore authentication credentials across failover cycles
+ * This fixes the "Invalid Credentials" issue that occurs when nodes rejoin after failover
+ */
+var CredentialPreservationService = /** @class */ (function () {
+    function CredentialPreservationService(logger) {
+        /**
+         * Stores authentication context for each node
+         */
+        this.nodeCredentials = new Map();
+        this.logger = logger;
+    }
+    /**
+     * Preserves authentication credentials for a node before it gets disconnected
+     * @param address The node address
+     * @param uuid The node's UUID
+     * @param ownerUuid The owner UUID
+     * @param groupName The group name
+     * @param groupPassword The group password
+     * @param isOwner Whether this is an owner connection
+     */
+    CredentialPreservationService.prototype.preserveCredentials = function (address, uuid, ownerUuid, groupName, groupPassword, isOwner) {
+        var addressStr = address.toString();
+        this.nodeCredentials.set(addressStr, {
+            uuid: uuid,
+            ownerUuid: ownerUuid,
+            groupName: groupName,
+            groupPassword: groupPassword,
+            lastAuthenticated: Date.now(),
+            isOwner: isOwner
+        });
+        this.logger.debug('CredentialPreservationService', "Preserved credentials for " + addressStr + ": uuid=" + uuid + ", ownerUuid=" + ownerUuid + ", isOwner=" + isOwner);
+    };
+    /**
+     * Restores authentication credentials for a specific node
+     * @param address The node address
+     * @returns The preserved credentials or null if not found
+     */
+    CredentialPreservationService.prototype.restoreCredentials = function (address) {
+        var _this = this;
+        var addressStr = address.toString();
+        var credentials = this.nodeCredentials.get(addressStr);
+        if (credentials) {
+            this.logger.info('CredentialPreservationService', "\u2705 Found preserved credentials for " + addressStr + ": uuid=" + credentials.uuid + ", ownerUuid=" + credentials.ownerUuid);
+            return credentials;
+        }
+        // Log all available credentials for debugging
+        this.logger.info('CredentialPreservationService', "\u274C No preserved credentials found for " + addressStr);
+        this.logger.info('CredentialPreservationService', "\uD83D\uDCCB Available credentials: " + this.nodeCredentials.size + " entries");
+        if (this.nodeCredentials.size > 0) {
+            this.nodeCredentials.forEach(function (cred, addr) {
+                _this.logger.info('CredentialPreservationService', "   - " + addr + ": uuid=" + cred.uuid + ", ownerUuid=" + cred.ownerUuid + ", isOwner=" + cred.isOwner);
+            });
+        }
+        return null;
+    };
+    /**
+     * Updates credentials after successful authentication
+     * @param address The node address
+     * @param uuid The new UUID
+     * @param ownerUuid The new owner UUID
+     */
+    CredentialPreservationService.prototype.updateCredentials = function (address, uuid, ownerUuid) {
+        var addressStr = address.toString();
+        var credentials = this.nodeCredentials.get(addressStr);
+        if (credentials) {
+            credentials.uuid = uuid;
+            credentials.ownerUuid = ownerUuid;
+            credentials.lastAuthenticated = Date.now();
+            this.logger.debug('CredentialPreservationService', "Updated credentials for " + addressStr + ": uuid=" + uuid + ", ownerUuid=" + ownerUuid);
+        }
+    };
+    /**
+     * Clears credentials for a specific node
+     * @param address The node address
+     */
+    CredentialPreservationService.prototype.clearCredentials = function (address) {
+        var addressStr = address.toString();
+        if (this.nodeCredentials.delete(addressStr)) {
+            this.logger.debug('CredentialPreservationService', "Cleared credentials for " + addressStr);
+        }
+    };
+    /**
+     * Clears all stored credentials - used for cluster reset scenarios
+     */
+    CredentialPreservationService.prototype.clearAllCredentials = function () {
+        var credentialCount = this.nodeCredentials.size;
+        this.nodeCredentials.clear();
+        this.logger.info('CredentialPreservationService', "\uD83E\uDDF9 Cleared all " + credentialCount + " stored credentials for cluster reset");
+    };
+    /**
+     * Cleans up stale credentials older than the specified age
+     * @param maxAgeMs Maximum age in milliseconds (default: 5 minutes)
+     */
+    CredentialPreservationService.prototype.cleanupStaleCredentials = function (maxAgeMs) {
+        var _this = this;
+        if (maxAgeMs === void 0) { maxAgeMs = 300000; }
+        var now = Date.now();
+        var addressesToRemove = [];
+        this.nodeCredentials.forEach(function (credentials, addressStr) {
+            var age = now - credentials.lastAuthenticated;
+            if (age > maxAgeMs) {
+                addressesToRemove.push(addressStr);
+            }
+        });
+        if (addressesToRemove.length > 0) {
+            addressesToRemove.forEach(function (addressStr) {
+                _this.nodeCredentials.delete(addressStr);
+            });
+            this.logger.debug('CredentialPreservationService', "Cleaned up " + addressesToRemove.length + " stale credential entries");
+        }
+    };
+    /**
+     * Gets a summary of preserved credentials for debugging
+     * @returns A summary string
+     */
+    CredentialPreservationService.prototype.getCredentialsSummary = function () {
+        var entries = Array.from(this.nodeCredentials.entries());
+        if (entries.length === 0) {
+            return 'none';
+        }
+        return entries.map(function (_a) {
+            var address = _a[0], creds = _a[1];
+            return address + ": uuid=" + (creds.uuid || 'null') + ", ownerUuid=" + (creds.ownerUuid || 'null') + ", isOwner=" + creds.isOwner;
+        }).join('; ');
+    };
+    /**
+     * Smart credential restoration that handles both scenarios:
+     * 1. If member added event occurred -> use new UUID
+     * 2. If no member added event -> use old UUID (node probably never changed)
+     * @param address The address to restore credentials for
+     * @param hasMemberAddedEvent Whether we received a member added event for this address
+     * @returns The appropriate credentials to use
+     */
+    CredentialPreservationService.prototype.smartRestoreCredentials = function (address, hasMemberAddedEvent) {
+        if (hasMemberAddedEvent === void 0) { hasMemberAddedEvent = false; }
+        var addressStr = address.toString();
+        var credentials = this.nodeCredentials.get(addressStr);
+        if (!credentials) {
+            this.logger.debug('CredentialPreservationService', "No preserved credentials found for " + addressStr);
+            return null;
+        }
+        if (hasMemberAddedEvent) {
+            // Member actually left and rejoined - use the updated credentials
+            this.logger.info('CredentialPreservationService', "\uD83D\uDD04 Member added event detected for " + addressStr + ", using updated credentials: uuid=" + credentials.uuid);
+            return credentials;
+        }
+        else {
+            // No member added event - node probably never changed, use original credentials
+            this.logger.info('CredentialPreservationService', "\uD83D\uDD04 No member added event for " + addressStr + ", assuming node unchanged, using original credentials: uuid=" + credentials.uuid);
+            return credentials;
+        }
+    };
+    /**
+     * Checks if we have valid credentials for an address
+     * @param address The address to check
+     * @returns True if we have valid credentials
+     */
+    CredentialPreservationService.prototype.hasValidCredentials = function (address) {
+        var addressStr = address.toString();
+        var credentials = this.nodeCredentials.get(addressStr);
+        return !!(credentials && credentials.uuid && credentials.ownerUuid);
+    };
+    /**
+     * Gets the last known UUID for an address
+     * @param address The address to get UUID for
+     * @returns The UUID or null if not found
+     */
+    CredentialPreservationService.prototype.getLastKnownUuid = function (address) {
+        var addressStr = address.toString();
+        var credentials = this.nodeCredentials.get(addressStr);
+        return credentials ? credentials.uuid : null;
+    };
+    /**
+     * Updates the owner UUID for ALL preserved credentials
+     * This is called when cluster membership changes and we need to sync all credentials
+     * @param newOwnerUuid The new owner UUID from the current cluster state
+     */
+    CredentialPreservationService.prototype.updateAllOwnerUuids = function (newOwnerUuid) {
+        var _this = this;
+        this.logger.info('CredentialPreservationService', "\uD83D\uDD04 Updating ALL preserved credentials with new owner UUID: " + newOwnerUuid);
+        var updatedCount = 0;
+        this.nodeCredentials.forEach(function (credentials, addressStr) {
+            if (credentials.ownerUuid !== newOwnerUuid) {
+                var oldOwnerUuid = credentials.ownerUuid;
+                credentials.ownerUuid = newOwnerUuid;
+                updatedCount++;
+                _this.logger.info('CredentialPreservationService', "\uD83D\uDD04 Updated " + addressStr + ": ownerUuid " + oldOwnerUuid + " \u2192 " + newOwnerUuid);
+            }
+        });
+        this.logger.info('CredentialPreservationService', "\u2705 Updated " + updatedCount + " credential entries with new owner UUID");
+    };
+    /**
+     * Gets the current owner UUID from preserved credentials
+     * @returns The current owner UUID or null if not found
+     */
+    CredentialPreservationService.prototype.getCurrentOwnerUuid = function () {
+        // Find any credential that has isOwner=true
+        for (var _i = 0, _a = Array.from(this.nodeCredentials.values()); _i < _a.length; _i++) {
+            var credentials = _a[_i];
+            if (credentials.isOwner) {
+                return credentials.ownerUuid;
+            }
+        }
+        // If no owner found, return the first available ownerUuid
+        for (var _b = 0, _c = Array.from(this.nodeCredentials.values()); _b < _c.length; _b++) {
+            var credentials = _c[_b];
+            if (credentials.ownerUuid) {
+                return credentials.ownerUuid;
+            }
+        }
+        return null;
+    };
+    /**
+     * Validates that all credentials have consistent owner UUIDs
+     * @returns True if all credentials are consistent, false otherwise
+     */
+    CredentialPreservationService.prototype.validateOwnerUuidConsistency = function () {
+        var ownerUuids = new Set();
+        this.nodeCredentials.forEach(function (credentials, addressStr) {
+            if (credentials.ownerUuid) {
+                ownerUuids.add(credentials.ownerUuid);
+            }
+        });
+        var isConsistent = ownerUuids.size <= 1;
+        if (!isConsistent) {
+            this.logger.warn('CredentialPreservationService', "\u26A0\uFE0F Owner UUID inconsistency detected: " + Array.from(ownerUuids).join(', '));
+        }
+        return isConsistent;
+    };
+    /**
+     * Invalidates ALL credentials that have a specific owner UUID
+     * This is called when cluster membership changes and old owner UUIDs become invalid
+     * @param oldOwnerUuid The old owner UUID that is no longer valid
+     */
+    CredentialPreservationService.prototype.invalidateCredentialsWithOwnerUuid = function (oldOwnerUuid) {
+        var _this = this;
+        this.logger.info('CredentialPreservationService', "\uD83D\uDDD1\uFE0F Invalidating ALL credentials with old owner UUID: " + oldOwnerUuid);
+        var invalidatedCount = 0;
+        var addressesToRemove = [];
+        this.nodeCredentials.forEach(function (credentials, addressStr) {
+            if (credentials.ownerUuid === oldOwnerUuid) {
+                _this.logger.info('CredentialPreservationService', "\uD83D\uDDD1\uFE0F Invalidating credentials for " + addressStr + ": old ownerUuid=" + oldOwnerUuid);
+                addressesToRemove.push(addressStr);
+                invalidatedCount++;
+            }
+        });
+        // Remove the invalidated credentials
+        addressesToRemove.forEach(function (addressStr) {
+            _this.nodeCredentials.delete(addressStr);
+        });
+        this.logger.info('CredentialPreservationService', "\u2705 Invalidated " + invalidatedCount + " credential entries with old owner UUID: " + oldOwnerUuid);
+    };
+    /**
+     * Invalidates ALL credentials that don't match the current cluster owner UUID
+     * This ensures complete credential consistency across the entire cluster
+     * @param currentClusterOwnerUuid The current cluster owner UUID that should be valid
+     */
+    CredentialPreservationService.prototype.invalidateAllCredentialsExceptCurrentOwner = function (currentClusterOwnerUuid) {
+        var _this = this;
+        this.logger.info('CredentialPreservationService', "\uD83D\uDDD1\uFE0F Comprehensive credential cleanup: Invalidating ALL credentials except those with current owner UUID: " + currentClusterOwnerUuid);
+        var invalidatedCount = 0;
+        var addressesToRemove = [];
+        this.nodeCredentials.forEach(function (credentials, addressStr) {
+            if (credentials.ownerUuid !== currentClusterOwnerUuid) {
+                _this.logger.info('CredentialPreservationService', "\uD83D\uDDD1\uFE0F Invalidating credentials for " + addressStr + ": old ownerUuid=" + credentials.ownerUuid + " \u2260 current=" + currentClusterOwnerUuid);
+                addressesToRemove.push(addressStr);
+                invalidatedCount++;
+            }
+            else {
+                _this.logger.debug('CredentialPreservationService', "\u2705 Keeping valid credentials for " + addressStr + ": ownerUuid=" + credentials.ownerUuid + " matches current");
+            }
+        });
+        // Remove the invalidated credentials
+        addressesToRemove.forEach(function (addressStr) {
+            _this.nodeCredentials.delete(addressStr);
+        });
+        this.logger.info('CredentialPreservationService', "\u2705 Comprehensive cleanup completed: Invalidated " + invalidatedCount + " credential entries, kept " + this.nodeCredentials.size + " valid entries");
+        // Log remaining valid credentials for debugging
+        if (this.nodeCredentials.size > 0) {
+            this.logger.info('CredentialPreservationService', "\uD83D\uDCCB Remaining valid credentials after cleanup:");
+            this.nodeCredentials.forEach(function (credentials, addressStr) {
+                _this.logger.info('CredentialPreservationService', "   - " + addressStr + ": uuid=" + credentials.uuid + ", ownerUuid=" + credentials.ownerUuid + ", isOwner=" + credentials.isOwner);
+            });
+        }
+    };
+    /**
+     * Invalidates only problematic credentials while preserving working ones
+     * This prevents breaking working connections (like 192.168.1.108)
+     * @param currentClusterOwnerUuid The current cluster owner UUID that should be valid
+     */
+    CredentialPreservationService.prototype.invalidateOnlyProblematicCredentials = function (currentClusterOwnerUuid) {
+        var _this = this;
+        this.logger.info('CredentialPreservationService', "\uD83C\uDFAF Targeted credential cleanup: Only invalidating problematic credentials, preserving working ones");
+        var invalidatedCount = 0;
+        var addressesToRemove = [];
+        this.nodeCredentials.forEach(function (credentials, addressStr) {
+            // Only invalidate if the ownerUuid is clearly wrong AND we've had authentication issues
+            if (credentials.ownerUuid !== currentClusterOwnerUuid) {
+                // Check if this address has had recent authentication failures
+                var hasAuthIssues = _this.hasRecentAuthenticationIssues(addressStr);
+                if (hasAuthIssues) {
+                    _this.logger.info('CredentialPreservationService', "\uD83C\uDFAF Invalidating problematic credentials for " + addressStr + ": old ownerUuid=" + credentials.ownerUuid + " \u2260 current=" + currentClusterOwnerUuid + " (has auth issues)");
+                    addressesToRemove.push(addressStr);
+                    invalidatedCount++;
+                }
+                else {
+                    _this.logger.info('CredentialPreservationService', "\u2705 Keeping working credentials for " + addressStr + ": ownerUuid=" + credentials.ownerUuid + " (no auth issues)");
+                }
+            }
+            else {
+                _this.logger.debug('CredentialPreservationService', "\u2705 Keeping valid credentials for " + addressStr + ": ownerUuid=" + credentials.ownerUuid + " matches current");
+            }
+        });
+        // Remove only the problematic credentials
+        addressesToRemove.forEach(function (addressStr) {
+            _this.nodeCredentials.delete(addressStr);
+        });
+        this.logger.info('CredentialPreservationService', "\u2705 Targeted cleanup completed: Invalidated " + invalidatedCount + " problematic credential entries, kept " + this.nodeCredentials.size + " working entries");
+    };
+    /**
+     * Checks if an address has had recent authentication issues
+     * This helps determine which credentials to invalidate
+     * @param addressStr The address to check
+     * @returns True if the address has recent auth issues
+     */
+    CredentialPreservationService.prototype.hasRecentAuthenticationIssues = function (addressStr) {
+        // For now, we'll be conservative and only invalidate if we're certain
+        // In the future, we could track authentication failure history
+        return false; // Don't invalidate anything for now - revert to previous working behavior
+    };
+    /**
+     * Clears all credentials for a specific address
+     * This is called when we need to force fresh authentication for a node
+     * @param address The address to clear credentials for
+     */
+    CredentialPreservationService.prototype.clearCredentialsForAddress = function (address) {
+        var addressStr = address.toString();
+        if (this.nodeCredentials.has(addressStr)) {
+            this.logger.info('CredentialPreservationService', "\uD83D\uDDD1\uFE0F Clearing credentials for " + addressStr);
+            this.nodeCredentials.delete(addressStr);
+        }
+    };
+    /**
+     * Gets all addresses that have credentials with a specific owner UUID
+     * @param ownerUuid The owner UUID to search for
+     * @returns Array of addresses that have credentials with this owner UUID
+     */
+    CredentialPreservationService.prototype.getAddressesWithOwnerUuid = function (ownerUuid) {
+        var addresses = [];
+        this.nodeCredentials.forEach(function (credentials, addressStr) {
+            if (credentials.ownerUuid === ownerUuid) {
+                addresses.push(addressStr);
+            }
+        });
+        return addresses;
+    };
+    return CredentialPreservationService;
+}());
+exports.CredentialPreservationService = CredentialPreservationService;

package/lib/invocation/HazelcastFailoverManager.d.ts ADDED Viewed

@@ -0,0 +1,102 @@
+import { ILogger } from '../logging/ILogger';
+import { ClientConnection } from './ClientConnection';
+import Address = require('../Address');
+import HazelcastClient from '../HazelcastClient';
+/**
+ * Node state in the cluster
+ */
+export declare enum NodeState {
+    UNKNOWN = "unknown",
+    CONNECTING = "connecting",
+    CONNECTED = "connected",
+    OWNER = "owner",
+    CHILD = "child",
+    DISCONNECTED = "disconnected",
+    FAILED = "failed",
+}
+/**
+ * Node information
+ */
+export interface NodeInfo {
+    address: Address;
+    state: NodeState;
+    connection: ClientConnection | null;
+    lastSeen: number;
+    failureCount: number;
+    isOwner: boolean;
+}
+/**
+ * Implements the Java client's failover behavior
+ * This ensures seamless node transitions and proper ownership handling
+ */
+export declare class HazelcastFailoverManager {
+    private readonly logger;
+    private readonly client;
+    private readonly nodes;
+    private readonly failoverInProgress;
+    private readonly failoverTimeout;
+    private currentOwner;
+    constructor(client: HazelcastClient, logger: ILogger);
+    /**
+     * Registers a node in the cluster
+     * @param address The node address
+     * @param connection The connection to the node
+     * @param isOwner Whether this node is the owner
+     */
+    registerNode(address: Address, connection: ClientConnection, isOwner?: boolean): void;
+    /**
+     * Handles node disconnection gracefully
+     * @param address The disconnected node address
+     */
+    handleNodeDisconnection(address: Address): void;
+    /**
+     * Handles owner node disconnection
+     * @param address The disconnected owner node address
+     */
+    private handleOwnerDisconnection(address);
+    /**
+     * Handles child node disconnection
+     * @param address The disconnected child node address
+     */
+    private handleChildDisconnection(address);
+    /**
+     * Selects the best candidate for new owner
+     * @returns The address of the best candidate, or null if none available
+     */
+    private selectNewOwner();
+    /**
+     * Promotes a node to owner
+     * @param address The address of the node to promote
+     */
+    private promoteToOwner(address);
+    /**
+     * Handles node reconnection
+     * @param address The reconnected node address
+     * @param connection The new connection
+     */
+    handleNodeReconnection(address: Address, connection: ClientConnection): void;
+    /**
+     * Stops all failover and reconnection logic
+     */
+    private stopFailoverLogic();
+    /**
+     * Gets the current owner address
+     * @returns The current owner address or null if no owner
+     */
+    getCurrentOwner(): Address | null;
+    /**
+     * Gets all connected nodes
+     * @returns Array of connected node addresses
+     */
+    getConnectedNodes(): Address[];
+    /**
+     * Gets the cluster state summary
+     * @returns Summary of cluster state
+     */
+    getClusterStateSummary(): any;
+    /**
+     * Cleans up failed nodes that haven't recovered
+     * @param maxFailureAge Maximum age for failed nodes (default: 5 minutes)
+     */
+    cleanupFailedNodes(maxFailureAge?: number): void;
+}