@celerispay/hazelcast-client 3.12.5 → 3.12.7-3

package/lib/invocation/ConnectionAuthenticator.d.ts

@@ -10,5 +10,16 @@ export declare class ConnectionAuthenticator {
     private logger;
     constructor(connection: ClientConnection, client: HazelcastClient);
     authenticate(asOwner: boolean): Promise<void>;
+    /**
+     * Gets a human-readable description of authentication status
+     */
+    private getStatusDescription(status);
+    /**
+     * Creates credentials with optional restoration from preservation service
+     * @param asOwner Whether this is an owner connection
+     * @param preservedCredentials Optional preserved credentials to use
+     * @returns The credentials message
+     */
+    createCredentialsWithRestoration(asOwner: boolean, preservedCredentials?: any): ClientMessage;
     createCredentials(asOwner: boolean): ClientMessage;
 }

package/lib/invocation/ConnectionAuthenticator.js

@@ -34,53 +34,126 @@ var ConnectionAuthenticator = /** @class */ (function () {
     }
     ConnectionAuthenticator.prototype.authenticate = function (asOwner) {
         var _this = this;
+        var addressStr = this.connection.getAddress().toString();
+        this.logger.info('ConnectionAuthenticator', "\uD83D\uDD10 Starting authentication for " + addressStr + " (asOwner=" + asOwner + ")");
         var credentials = this.createCredentials(asOwner);
+        this.logger.info('ConnectionAuthenticator', "\uD83D\uDCE4 Sending authentication request to " + addressStr + "...");
         return this.client.getInvocationService()
             .invokeOnConnection(this.connection, credentials)
             .then(function (msg) {
+            _this.logger.info('ConnectionAuthenticator', "\uD83D\uDCE5 Received authentication response from " + addressStr);
             var authResponse = ClientAuthenticationCodec_1.ClientAuthenticationCodec.decodeResponse(msg);
+            _this.logger.info('ConnectionAuthenticator', "\uD83D\uDD0D Authentication response for " + addressStr + ":");
+            _this.logger.info('ConnectionAuthenticator', "   - Status: " + authResponse.status + " (" + _this.getStatusDescription(authResponse.status) + ")");
+            _this.logger.info('ConnectionAuthenticator', "   - Server UUID: " + (authResponse.uuid || 'NOT PROVIDED'));
+            _this.logger.info('ConnectionAuthenticator', "   - Server Owner UUID: " + (authResponse.ownerUuid || 'NOT PROVIDED'));
+            _this.logger.info('ConnectionAuthenticator', "   - Server Address: " + (authResponse.address ? authResponse.address.toString() : 'NOT PROVIDED'));
+            _this.logger.info('ConnectionAuthenticator', "   - Server Version: " + (authResponse.serverHazelcastVersion || 'NOT PROVIDED'));
             switch (authResponse.status) {
                 case 0 /* AUTHENTICATED */:
+                    _this.logger.info('ConnectionAuthenticator', "\u2705 Authentication SUCCESSFUL for " + addressStr);
                     _this.connection.setAddress(authResponse.address);
                     _this.connection.setConnectedServerVersion(authResponse.serverHazelcastVersion);
                     if (asOwner) {
+                        var oldUuid = _this.clusterService.uuid;
+                        var oldOwnerUuid = _this.clusterService.ownerUuid;
                         _this.clusterService.uuid = authResponse.uuid;
                         _this.clusterService.ownerUuid = authResponse.ownerUuid;
+                        _this.logger.info('ConnectionAuthenticator', "\uD83D\uDD04 Updated cluster service for " + addressStr + ":");
+                        _this.logger.info('ConnectionAuthenticator', "   - UUID: " + (oldUuid || 'NOT SET') + " \u2192 " + authResponse.uuid);
+                        _this.logger.info('ConnectionAuthenticator', "   - Owner UUID: " + (oldOwnerUuid || 'NOT SET') + " \u2192 " + authResponse.ownerUuid);
                     }
-                    _this.logger.info('ConnectionAuthenticator', 'Connection to ' +
-                        _this.connection.getAddress().toString() + ' authenticated');
+                    _this.logger.info('ConnectionAuthenticator', "\u2705 Connection to " + addressStr + " authenticated successfully");
                     break;
                 case 1 /* CREDENTIALS_FAILED */:
-                    _this.logger.error('ConnectionAuthenticator', 'Invalid Credentials');
-                    throw new Error('Invalid Credentials, could not authenticate connection to ' +
-                        _this.connection.getAddress().toString());
+                    _this.logger.error('ConnectionAuthenticator', "\u274C Authentication FAILED for " + addressStr + ": Invalid Credentials");
+                    _this.logger.error('ConnectionAuthenticator', "   - Server rejected our credentials");
+                    _this.logger.error('ConnectionAuthenticator', "   - Check if UUIDs and group credentials are correct");
+                    throw new Error('Invalid Credentials, could not authenticate connection to ' + addressStr);
                 case 2 /* SERIALIZATION_VERSION_MISMATCH */:
-                    _this.logger.error('ConnectionAuthenticator', 'Serialization version mismatch');
-                    throw new Error('Serialization version mismatch, could not authenticate connection to ' +
-                        _this.connection.getAddress().toString());
+                    _this.logger.error('ConnectionAuthenticator', "\u274C Authentication FAILED for " + addressStr + ": Serialization version mismatch");
+                    throw new Error('Serialization version mismatch, could not authenticate connection to ' + addressStr);
                 default:
-                    _this.logger.error('ConnectionAuthenticator', 'Unknown authentication status: '
-                        + authResponse.status);
+                    _this.logger.error('ConnectionAuthenticator', "\u274C Authentication FAILED for " + addressStr + ": Unknown status " + authResponse.status);
                     throw new HazelcastError_1.AuthenticationError('Unknown authentication status: ' + authResponse.status +
-                        ' , could not authenticate connection to ' +
-                        _this.connection.getAddress().toString());
+                        ' , could not authenticate connection to ' + addressStr);
             }
+        })
+            .catch(function (error) {
+            _this.logger.error('ConnectionAuthenticator', "\uD83D\uDCA5 Authentication ERROR for " + addressStr + ": " + error.message);
+            throw error;
         });
     };
+    /**
+     * Gets a human-readable description of authentication status
+     */
+    ConnectionAuthenticator.prototype.getStatusDescription = function (status) {
+        switch (status) {
+            case 0 /* AUTHENTICATED */: return 'AUTHENTICATED';
+            case 1 /* CREDENTIALS_FAILED */: return 'CREDENTIALS_FAILED';
+            case 2 /* SERIALIZATION_VERSION_MISMATCH */: return 'SERIALIZATION_VERSION_MISMATCH';
+            default: return "UNKNOWN_STATUS_" + status;
+        }
+    };
+    /**
+     * Creates credentials with optional restoration from preservation service
+     * @param asOwner Whether this is an owner connection
+     * @param preservedCredentials Optional preserved credentials to use
+     * @returns The credentials message
+     */
+    ConnectionAuthenticator.prototype.createCredentialsWithRestoration = function (asOwner, preservedCredentials) {
+        if (preservedCredentials && preservedCredentials.uuid && preservedCredentials.ownerUuid) {
+            this.logger.debug('ConnectionAuthenticator', "Using preserved credentials: uuid=" + preservedCredentials.uuid + ", ownerUuid=" + preservedCredentials.ownerUuid);
+            // Use preserved credentials instead of current cluster state
+            var groupConfig = this.client.getConfig().groupConfig;
+            var customCredentials = this.client.getConfig().customCredentials;
+            var clientMessage = void 0;
+            var clientVersion = BuildInfo_1.BuildInfo.getClientVersion();
+            if (customCredentials != null) {
+                var credentialsPayload = this.client.getSerializationService().toData(customCredentials);
+                clientMessage = ClientAuthenticationCustomCodec_1.ClientAuthenticationCustomCodec.encodeRequest(credentialsPayload, preservedCredentials.uuid, preservedCredentials.ownerUuid, asOwner, 'NJS', 1, clientVersion);
+            }
+            else {
+                clientMessage = ClientAuthenticationCodec_1.ClientAuthenticationCodec.encodeRequest(preservedCredentials.groupName, preservedCredentials.groupPassword, preservedCredentials.uuid, preservedCredentials.ownerUuid, asOwner, 'NJS', 1, clientVersion);
+            }
+            return clientMessage;
+        }
+        // Fall back to normal credential creation
+        return this.createCredentials(asOwner);
+    };
     ConnectionAuthenticator.prototype.createCredentials = function (asOwner) {
         var groupConfig = this.client.getConfig().groupConfig;
         var uuid = this.clusterService.uuid;
         var ownerUuid = this.clusterService.ownerUuid;
         var customCredentials = this.client.getConfig().customCredentials;
+        // LOG EXACTLY WHAT CREDENTIALS WE'RE SENDING
+        this.logger.info('ConnectionAuthenticator', "\uD83D\uDD10 Creating authentication credentials for " + this.connection.getAddress().toString() + ":");
+        this.logger.info('ConnectionAuthenticator', "   - As Owner: " + asOwner);
+        this.logger.info('ConnectionAuthenticator', "   - UUID: " + (uuid || 'NOT SET'));
+        this.logger.info('ConnectionAuthenticator', "   - Owner UUID: " + (ownerUuid || 'NOT SET'));
+        this.logger.info('ConnectionAuthenticator', "   - Group Name: " + (groupConfig.name || 'NOT SET'));
+        this.logger.info('ConnectionAuthenticator', "   - Group Password: " + (groupConfig.password ? '***SET***' : 'NOT SET'));
+        this.logger.info('ConnectionAuthenticator', "   - Custom Credentials: " + (customCredentials ? 'YES' : 'NO'));
+        this.logger.info('ConnectionAuthenticator', "   - Client Version: " + BuildInfo_1.BuildInfo.getClientVersion());
         var clientMessage;
         var clientVersion = BuildInfo_1.BuildInfo.getClientVersion();
         if (customCredentials != null) {
             var credentialsPayload = this.client.getSerializationService().toData(customCredentials);
+            this.logger.info('ConnectionAuthenticator', "\uD83D\uDCE4 Sending CUSTOM authentication request with:");
+            this.logger.info('ConnectionAuthenticator', "   - Custom Credentials: " + typeof credentialsPayload);
+            this.logger.info('ConnectionAuthenticator', "   - UUID: " + (uuid || 'NOT SET'));
+            this.logger.info('ConnectionAuthenticator', "   - Owner UUID: " + (ownerUuid || 'NOT SET'));
             clientMessage = ClientAuthenticationCustomCodec_1.ClientAuthenticationCustomCodec.encodeRequest(credentialsPayload, uuid, ownerUuid, asOwner, 'NJS', 1, clientVersion);
         }
         else {
+            this.logger.info('ConnectionAuthenticator', "\uD83D\uDCE4 Sending STANDARD authentication request with:");
+            this.logger.info('ConnectionAuthenticator', "   - Group Name: " + (groupConfig.name || 'NOT SET'));
+            this.logger.info('ConnectionAuthenticator', "   - Group Password: " + (groupConfig.password ? '***SET***' : 'NOT SET'));
+            this.logger.info('ConnectionAuthenticator', "   - UUID: " + (uuid || 'NOT SET'));
+            this.logger.info('ConnectionAuthenticator', "   - Owner UUID: " + (ownerUuid || 'NOT SET'));
             clientMessage = ClientAuthenticationCodec_1.ClientAuthenticationCodec.encodeRequest(groupConfig.name, groupConfig.password, uuid, ownerUuid, asOwner, 'NJS', 1, clientVersion);
         }
+        this.logger.info('ConnectionAuthenticator', "\uD83D\uDCCB Final authentication message created and ready to send");
         return clientMessage;
     };
     return ConnectionAuthenticator;

package/lib/invocation/CredentialPreservationService.d.ts

@@ -0,0 +1,141 @@
+import { ILogger } from '../logging/ILogger';
+import Address = require('../Address');
+/**
+ * Interface for node credentials
+ */
+export interface NodeCredentials {
+    uuid: string;
+    ownerUuid: string;
+    groupName: string;
+    groupPassword: string;
+    lastAuthenticated: number;
+    isOwner: boolean;
+}
+/**
+ * Service to preserve and restore authentication credentials across failover cycles
+ * This fixes the "Invalid Credentials" issue that occurs when nodes rejoin after failover
+ */
+export declare class CredentialPreservationService {
+    private readonly logger;
+    /**
+     * Stores authentication context for each node
+     */
+    private nodeCredentials;
+    constructor(logger: ILogger);
+    /**
+     * Preserves authentication credentials for a node before it gets disconnected
+     * @param address The node address
+     * @param uuid The node's UUID
+     * @param ownerUuid The owner UUID
+     * @param groupName The group name
+     * @param groupPassword The group password
+     * @param isOwner Whether this is an owner connection
+     */
+    preserveCredentials(address: Address, uuid: string, ownerUuid: string, groupName: string, groupPassword: string, isOwner: boolean): void;
+    /**
+     * Restores authentication credentials for a specific node
+     * @param address The node address
+     * @returns The preserved credentials or null if not found
+     */
+    restoreCredentials(address: Address): NodeCredentials | null;
+    /**
+     * Updates credentials after successful authentication
+     * @param address The node address
+     * @param uuid The new UUID
+     * @param ownerUuid The new owner UUID
+     */
+    updateCredentials(address: Address, uuid: string, ownerUuid: string): void;
+    /**
+     * Clears credentials for a specific node
+     * @param address The node address
+     */
+    clearCredentials(address: Address): void;
+    /**
+     * Clears all stored credentials - used for cluster reset scenarios
+     */
+    clearAllCredentials(): void;
+    /**
+     * Cleans up stale credentials older than the specified age
+     * @param maxAgeMs Maximum age in milliseconds (default: 5 minutes)
+     */
+    cleanupStaleCredentials(maxAgeMs?: number): void;
+    /**
+     * Gets a summary of preserved credentials for debugging
+     * @returns A summary string
+     */
+    getCredentialsSummary(): string;
+    /**
+     * Smart credential restoration that handles both scenarios:
+     * 1. If member added event occurred -> use new UUID
+     * 2. If no member added event -> use old UUID (node probably never changed)
+     * @param address The address to restore credentials for
+     * @param hasMemberAddedEvent Whether we received a member added event for this address
+     * @returns The appropriate credentials to use
+     */
+    smartRestoreCredentials(address: Address, hasMemberAddedEvent?: boolean): NodeCredentials | null;
+    /**
+     * Checks if we have valid credentials for an address
+     * @param address The address to check
+     * @returns True if we have valid credentials
+     */
+    hasValidCredentials(address: Address): boolean;
+    /**
+     * Gets the last known UUID for an address
+     * @param address The address to get UUID for
+     * @returns The UUID or null if not found
+     */
+    getLastKnownUuid(address: Address): string | null;
+    /**
+     * Updates the owner UUID for ALL preserved credentials
+     * This is called when cluster membership changes and we need to sync all credentials
+     * @param newOwnerUuid The new owner UUID from the current cluster state
+     */
+    updateAllOwnerUuids(newOwnerUuid: string): void;
+    /**
+     * Gets the current owner UUID from preserved credentials
+     * @returns The current owner UUID or null if not found
+     */
+    getCurrentOwnerUuid(): string | null;
+    /**
+     * Validates that all credentials have consistent owner UUIDs
+     * @returns True if all credentials are consistent, false otherwise
+     */
+    validateOwnerUuidConsistency(): boolean;
+    /**
+     * Invalidates ALL credentials that have a specific owner UUID
+     * This is called when cluster membership changes and old owner UUIDs become invalid
+     * @param oldOwnerUuid The old owner UUID that is no longer valid
+     */
+    invalidateCredentialsWithOwnerUuid(oldOwnerUuid: string): void;
+    /**
+     * Invalidates ALL credentials that don't match the current cluster owner UUID
+     * This ensures complete credential consistency across the entire cluster
+     * @param currentClusterOwnerUuid The current cluster owner UUID that should be valid
+     */
+    invalidateAllCredentialsExceptCurrentOwner(currentClusterOwnerUuid: string): void;
+    /**
+     * Invalidates only problematic credentials while preserving working ones
+     * This prevents breaking working connections (like 192.168.1.108)
+     * @param currentClusterOwnerUuid The current cluster owner UUID that should be valid
+     */
+    invalidateOnlyProblematicCredentials(currentClusterOwnerUuid: string): void;
+    /**
+     * Checks if an address has had recent authentication issues
+     * This helps determine which credentials to invalidate
+     * @param addressStr The address to check
+     * @returns True if the address has recent auth issues
+     */
+    private hasRecentAuthenticationIssues(addressStr);
+    /**
+     * Clears all credentials for a specific address
+     * This is called when we need to force fresh authentication for a node
+     * @param address The address to clear credentials for
+     */
+    clearCredentialsForAddress(address: Address): void;
+    /**
+     * Gets all addresses that have credentials with a specific owner UUID
+     * @param ownerUuid The owner UUID to search for
+     * @returns Array of addresses that have credentials with this owner UUID
+     */
+    getAddressesWithOwnerUuid(ownerUuid: string): string[];
+}