@de-otio/chaoskb-server 0.2.0 → 0.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/lib/constructs/blob-store.js +1 -1
- package/dist/lib/constructs/blob-store.js.map +1 -1
- package/dist/lib/handler/index.d.ts.map +1 -1
- package/dist/lib/handler/index.js +20 -4
- package/dist/lib/handler/index.js.map +1 -1
- package/dist/lib/handler/index.ts +19 -4
- package/dist/lib/handler/middleware/rate-limit.d.ts.map +1 -1
- package/dist/lib/handler/middleware/rate-limit.js +13 -9
- package/dist/lib/handler/middleware/rate-limit.js.map +1 -1
- package/dist/lib/handler/middleware/rate-limit.ts +14 -9
- package/dist/lib/handler/middleware/ssh-auth.d.ts.map +1 -1
- package/dist/lib/handler/middleware/ssh-auth.js +66 -6
- package/dist/lib/handler/middleware/ssh-auth.js.map +1 -1
- package/dist/lib/handler/middleware/ssh-auth.ts +74 -7
- package/dist/lib/handler/routes/audit.js +1 -1
- package/dist/lib/handler/routes/audit.js.map +1 -1
- package/dist/lib/handler/routes/audit.ts +1 -1
- package/dist/lib/handler/routes/blobs.d.ts.map +1 -1
- package/dist/lib/handler/routes/blobs.js +2 -3
- package/dist/lib/handler/routes/blobs.js.map +1 -1
- package/dist/lib/handler/routes/blobs.ts +2 -3
- package/dist/lib/handler/routes/devices.d.ts.map +1 -1
- package/dist/lib/handler/routes/devices.js +19 -12
- package/dist/lib/handler/routes/devices.js.map +1 -1
- package/dist/lib/handler/routes/devices.ts +20 -12
- package/dist/lib/handler/routes/github.d.ts +15 -2
- package/dist/lib/handler/routes/github.d.ts.map +1 -1
- package/dist/lib/handler/routes/github.js +96 -22
- package/dist/lib/handler/routes/github.js.map +1 -1
- package/dist/lib/handler/routes/github.ts +68 -35
- package/dist/lib/handler/routes/invites.d.ts.map +1 -1
- package/dist/lib/handler/routes/invites.js +11 -13
- package/dist/lib/handler/routes/invites.js.map +1 -1
- package/dist/lib/handler/routes/invites.ts +11 -13
- package/dist/lib/handler/routes/notifications.js +1 -1
- package/dist/lib/handler/routes/notifications.js.map +1 -1
- package/dist/lib/handler/routes/notifications.ts +1 -1
- package/dist/lib/handler/routes/projects.d.ts.map +1 -1
- package/dist/lib/handler/routes/projects.js.map +1 -1
- package/dist/lib/handler/routes/projects.ts +0 -1
- package/dist/lib/handler/routes/register.d.ts +1 -1
- package/dist/lib/handler/routes/register.d.ts.map +1 -1
- package/dist/lib/handler/routes/register.js +104 -58
- package/dist/lib/handler/routes/register.js.map +1 -1
- package/dist/lib/handler/routes/register.ts +113 -66
- package/dist/lib/handler/routes/restore.d.ts.map +1 -1
- package/dist/lib/handler/routes/restore.js +1 -2
- package/dist/lib/handler/routes/restore.js.map +1 -1
- package/dist/lib/handler/routes/restore.ts +1 -2
- package/dist/lib/handler/routes/rotation.d.ts.map +1 -1
- package/dist/lib/handler/routes/rotation.js +23 -2
- package/dist/lib/handler/routes/rotation.js.map +1 -1
- package/dist/lib/handler/routes/rotation.ts +30 -2
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"blobs.d.ts","sourceRoot":"","sources":["../../../../lib/handler/routes/blobs.ts"],"names":[],"mappings":"AACA,OAAO,EACL,sBAAsB,EAKvB,MAAM,uBAAuB,CAAC;AAK/B,UAAU,eAAe;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACjC;AAID,wBAAsB,aAAa,CACjC,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,EAClC,eAAe,EAAE,OAAO,EACxB,WAAW,EAAE,MAAM,EACnB,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,eAAe,CAAC,CAuG1B;AAED,wBAAsB,aAAa,CACjC,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,eAAe,CAAC,CAkC1B;AAED,wBAAsB,gBAAgB,CACpC,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,eAAe,CAAC,
|
|
1
|
+
{"version":3,"file":"blobs.d.ts","sourceRoot":"","sources":["../../../../lib/handler/routes/blobs.ts"],"names":[],"mappings":"AACA,OAAO,EACL,sBAAsB,EAKvB,MAAM,uBAAuB,CAAC;AAK/B,UAAU,eAAe;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACjC;AAID,wBAAsB,aAAa,CACjC,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,EAClC,eAAe,EAAE,OAAO,EACxB,WAAW,EAAE,MAAM,EACnB,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,eAAe,CAAC,CAuG1B;AAED,wBAAsB,aAAa,CACjC,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,eAAe,CAAC,CAkC1B;AAED,wBAAsB,gBAAgB,CACpC,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,eAAe,CAAC,CAgE1B;AAED,wBAAsB,eAAe,CACnC,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,GAAG,SAAS,EACzB,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,eAAe,CAAC,CAuE1B;AAED,wBAAsB,gBAAgB,CACpC,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,eAAe,CAAC,CAmB1B"}
|
|
@@ -193,11 +193,10 @@ async function handleDeleteBlob(blobId, tenantId, ddb, tableName) {
|
|
|
193
193
|
await ddb.send(new lib_dynamodb_1.UpdateCommand({
|
|
194
194
|
TableName: tableName,
|
|
195
195
|
Key: { PK: `TENANT#${tenantId}`, SK: `BLOB#${blobId}` },
|
|
196
|
-
UpdateExpression: 'SET deletedAt = :deletedAt,
|
|
197
|
-
ExpressionAttributeNames: { '#ttl': 'ttl' },
|
|
196
|
+
UpdateExpression: 'SET deletedAt = :deletedAt, expiresAt = :expiresAt, updatedAt = :updatedAt',
|
|
198
197
|
ExpressionAttributeValues: {
|
|
199
198
|
':deletedAt': now,
|
|
200
|
-
':
|
|
199
|
+
':expiresAt': ttlEpoch,
|
|
201
200
|
':updatedAt': now,
|
|
202
201
|
},
|
|
203
202
|
}));
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"blobs.js","sourceRoot":"","sources":["../../../../lib/handler/routes/blobs.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoBA,sCA+GC;AAED,sCAuCC;AAED,
|
|
1
|
+
{"version":3,"file":"blobs.js","sourceRoot":"","sources":["../../../../lib/handler/routes/blobs.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoBA,sCA+GC;AAED,sCAuCC;AAED,4CAqEC;AAED,0CA4EC;AAED,4CAuBC;AA1VD,+CAAiC;AACjC,wDAM+B;AAC/B,2EAAuE;AACvE,+DAA+E;AAC/E,4CAAsC;AAQtC,MAAM,WAAW,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,QAAQ;AAEvC,KAAK,UAAU,aAAa,CACjC,MAAc,EACd,QAAgB,EAChB,OAAkC,EAClC,eAAwB,EACxB,WAAmB,EACnB,GAA2B,EAC3B,SAAiB;IAEjB,mBAAmB;IACnB,MAAM,UAAU,GAAG,MAAM,IAAA,8BAAc,EAAC,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE,SAAS,CAAC,CAAC;IACzE,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;QACxB,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,GAAG,IAAA,gCAAgB,EAAC,UAAU,CAAC,EAAE;YAChF,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC;SAC9E,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,GAAG,IAAA,gCAAgB,EAAC,UAAU,CAAC,EAAE;YAChF,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,0BAA0B,EAAE,CAAC;SACxF,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,eAAe;QAChC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC;QAChC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAElC,iBAAiB;IACjB,MAAM,UAAU,GAAG,IAAA,wCAAkB,EAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IAC/D,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;QACtB,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,GAAG,IAAA,gCAAgB,EAAC,UAAU,CAAC,EAAE;YAChF,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,UAAU,CAAC,KAAK,EAAE,CAAC;SAC9E,CAAC;IACJ,CAAC;IAED,cAAc;IACd,MAAM,UAAU,GAAG,MAAM,GAAG,CAAC,IAAI,CAC/B,IAAI,yBAAU,CAAC;QACb,SAAS,EAAE,SAAS;QACpB,GAAG,EAAE,EAAE,EAAE,EAAE,UAAU,QAAQ,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;QAC7C,oBAAoB,EAAE,kBAAkB;KACzC,CAAC,CACH,CAAC;IAEF,MAAM,YAAY,GAAI,UAAU,CAAC,IAAI,EAAE,CAAC,kBAAkB,CAAY,IAAI,CAAC,CAAC;IAC5E,IAAI,YAAY,GAAG,UAAU,CAAC,MAAM,GAAG,WAAW,EAAE,CAAC;QACnD,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,GAAG,IAAA,gCAAgB,EAAC,UAAU,CAAC,EAAE;YAChF,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,KAAK,EAAE,gBAAgB;gBACvB,OAAO,EAAE,gCAAgC;gBACzC,YAAY;gBACZ,KAAK,EAAE,WAAW;aACnB,CAAC;SACH,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACrC,MAAM,MAAM,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAE/E,kBAAkB;IAClB,IAAI,CAAC;QACH,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,yBAAU,CAAC;YACb,SAAS,EAAE,SAAS;YACpB,IAAI,EAAE;gBACJ,EAAE,EAAE,UAAU,QAAQ,EAAE;gBACxB,EAAE,EAAE,QAAQ,MAAM,EAAE;gBACpB,IAAI,EAAE,UAAU;gBAChB,IAAI,EAAE,UAAU,CAAC,MAAM;gBACvB,SAAS,EAAE,GAAG;gBACd,SAAS,EAAE,GAAG;aACf;YACD,mBAAmB,EAAE,0BAA0B;SAChD,CAAC,CACH,CAAC;IACJ,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,IAAK,GAAyB,CAAC,IAAI,KAAK,iCAAiC,EAAE,CAAC;YAC1E,OAAO;gBACL,UAAU,EAAE,GAAG;gBACf,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,GAAG,IAAA,gCAAgB,EAAC,UAAU,CAAC,EAAE;gBAChF,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,aAAa,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC;aAC3D,CAAC;QACJ,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;IAED,gCAAgC;IAChC,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,4BAAa,CAAC;QAChB,SAAS,EAAE,SAAS;QACpB,GAAG,EAAE,EAAE,EAAE,EAAE,UAAU,QAAQ,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;QAC7C,gBAAgB,EAAE,iDAAiD;QACnE,yBAAyB,EAAE,EAAE,OAAO,EAAE,UAAU,CAAC,MAAM,EAAE;KAC1D,CAAC,CACH,CAAC;IAEF,kBAAM,CAAC,IAAI,CAAC,eAAe,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC,CAAC;IAE3E,OAAO;QACL,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,GAAG,IAAA,gCAAgB,EAAC,UAAU,CAAC,EAAE;QAChF,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,CAAC,MAAM,EAAE,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC;KAC/E,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,aAAa,CACjC,MAAc,EACd,QAAgB,EAChB,GAA2B,EAC3B,SAAiB;IAEjB,MAAM,UAAU,GAAG,MAAM,IAAA,8BAAc,EAAC,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE,SAAS,CAAC,CAAC;IACzE,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;QACxB,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,GAAG,IAAA,gCAAgB,EAAC,UAAU,CAAC,EAAE;YAChF,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC;SAC9E,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,IAAI,CAC3B,IAAI,yBAAU,CAAC;QACb,SAAS,EAAE,SAAS;QACpB,GAAG,EAAE,EAAE,EAAE,EAAE,UAAU,QAAQ,EAAE,EAAE,EAAE,EAAE,QAAQ,MAAM,EAAE,EAAE;KACxD,CAAC,CACH,CAAC;IAEF,IAAI,CAAC,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;QAC7C,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,GAAG,IAAA,gCAAgB,EAAC,UAAU,CAAC,EAAE;YAChF,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,gBAAgB,EAAE,CAAC;SACxE,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAW,CAAC;IAC3C,OAAO;QACL,UAAU,EAAE,GAAG;QACf,OAAO,EAAE;YACP,cAAc,EAAE,0BAA0B;YAC1C,GAAG,IAAA,gCAAgB,EAAC,UAAU,CAAC;SAChC;QACD,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;KAC3C,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,gBAAgB,CACpC,MAAc,EACd,QAAgB,EAChB,GAA2B,EAC3B,SAAiB;IAEjB,MAAM,UAAU,GAAG,MAAM,IAAA,8BAAc,EAAC,QAAQ,EAAE,QAAQ,EAAE,GAAG,EAAE,SAAS,CAAC,CAAC;IAC5E,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;QACxB,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,GAAG,IAAA,gCAAgB,EAAC,UAAU,CAAC,EAAE;YAChF,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC;SAC9E,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACrC,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,UAAU;IAE9E,yCAAyC;IACzC,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,IAAI,CAC7B,IAAI,yBAAU,CAAC;QACb,SAAS,EAAE,SAAS;QACpB,GAAG,EAAE,EAAE,EAAE,EAAE,UAAU,QAAQ,EAAE,EAAE,EAAE,EAAE,QAAQ,MAAM,EAAE,EAAE;QACvD,oBAAoB,EAAE,IAAI;QAC1B,wBAAwB,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE;KAC3C,CAAC,CACH,CAAC;IAEF,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnB,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,GAAG,IAAA,gCAAgB,EAAC,UAAU,CAAC,EAAE;YAChF,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,gBAAgB,EAAE,CAAC;SACxE,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAY,IAAI,CAAC,CAAC;IAExD,cAAc;IACd,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,4BAAa,CAAC;QAChB,SAAS,EAAE,SAAS;QACpB,GAAG,EAAE,EAAE,EAAE,EAAE,UAAU,QAAQ,EAAE,EAAE,EAAE,EAAE,QAAQ,MAAM,EAAE,EAAE;QACvD,gBAAgB,EAAE,4EAA4E;QAC9F,yBAAyB,EAAE;YACzB,YAAY,EAAE,GAAG;YACjB,YAAY,EAAE,QAAQ;YACtB,YAAY,EAAE,GAAG;SAClB;KACF,CAAC,CACH,CAAC;IAEF,yBAAyB;IACzB,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,4BAAa,CAAC;QAChB,SAAS,EAAE,SAAS;QACpB,GAAG,EAAE,EAAE,EAAE,EAAE,UAAU,QAAQ,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;QAC7C,gBAAgB,EAAE,iDAAiD;QACnE,yBAAyB,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE;KACjD,CAAC,CACH,CAAC;IAEF,kBAAM,CAAC,IAAI,CAAC,mBAAmB,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC;IAEpE,OAAO;QACL,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,GAAG,IAAA,gCAAgB,EAAC,UAAU,CAAC,EAAE;QAChF,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;KACpD,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,eAAe,CACnC,QAAgB,EAChB,KAAyB,EACzB,GAA2B,EAC3B,SAAiB;IAEjB,MAAM,UAAU,GAAG,MAAM,IAAA,8BAAc,EAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,SAAS,CAAC,CAAC;IAC1E,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;QACxB,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,GAAG,IAAA,gCAAgB,EAAC,UAAU,CAAC,EAAE;YAChF,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC;SAC9E,CAAC;IACJ,CAAC;IAED,IAAI,KAAK,GAA8B,EAAE,CAAC;IAE1C,IAAI,KAAK,EAAE,CAAC;QACV,+BAA+B;QAC/B,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,IAAI,CAC3B,IAAI,2BAAY,CAAC;YACf,SAAS,EAAE,SAAS;YACpB,SAAS,EAAE,iBAAiB;YAC5B,sBAAsB,EAAE,iCAAiC;YACzD,yBAAyB,EAAE;gBACzB,KAAK,EAAE,UAAU,QAAQ,EAAE;gBAC3B,QAAQ,EAAE,KAAK;aAChB;SACF,CAAC,CACH,CAAC;QACF,KAAK,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAA8B,CAAC;IAC5D,CAAC;SAAM,CAAC;QACN,+BAA+B;QAC/B,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,IAAI,CAC3B,IAAI,2BAAY,CAAC;YACf,SAAS,EAAE,SAAS;YACpB,sBAAsB,EAAE,uCAAuC;YAC/D,yBAAyB,EAAE;gBACzB,KAAK,EAAE,UAAU,QAAQ,EAAE;gBAC3B,SAAS,EAAE,OAAO;aACnB;YACD,oBAAoB,EAAE,8BAA8B;YACpD,wBAAwB,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE;SAC3C,CAAC,CACH,CAAC;QACF,KAAK,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAA8B,CAAC;IAC5D,CAAC;IAED,MAAM,KAAK,GAA+C,EAAE,CAAC;IAC7D,MAAM,UAAU,GAAyC,EAAE,CAAC;IAE5D,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,EAAE,GAAG,IAAI,CAAC,IAAI,CAAW,CAAC;QAChC,MAAM,MAAM,GAAG,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAEzD,IAAI,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YACtB,UAAU,CAAC,IAAI,CAAC;gBACd,EAAE,EAAE,MAAM;gBACV,UAAU,EAAE,IAAI,CAAC,WAAW,CAAW;aACxC,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC;gBACT,EAAE,EAAE,MAAM;gBACV,IAAI,EAAE,IAAI,CAAC,MAAM,CAAW;gBAC5B,EAAE,EAAE,IAAI,CAAC,WAAW,CAAW;aAChC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,kBAAM,CAAC,IAAI,CAAC,cAAc,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;IAEtF,OAAO;QACL,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,GAAG,IAAA,gCAAgB,EAAC,UAAU,CAAC,EAAE;QAChF,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;KAC5C,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,gBAAgB,CACpC,QAAgB,EAChB,GAA2B,EAC3B,SAAiB;IAEjB,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,IAAI,CAC3B,IAAI,2BAAY,CAAC;QACf,SAAS,EAAE,SAAS;QACpB,sBAAsB,EAAE,uCAAuC;QAC/D,yBAAyB,EAAE;YACzB,KAAK,EAAE,UAAU,QAAQ,EAAE;YAC3B,SAAS,EAAE,OAAO;SACnB;QACD,gBAAgB,EAAE,iCAAiC;QACnD,MAAM,EAAE,OAAO;KAChB,CAAC,CACH,CAAC;IAEF,OAAO;QACL,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,CAAC,EAAE,CAAC;KACnD,CAAC;AACJ,CAAC"}
|
|
@@ -215,11 +215,10 @@ export async function handleDeleteBlob(
|
|
|
215
215
|
new UpdateCommand({
|
|
216
216
|
TableName: tableName,
|
|
217
217
|
Key: { PK: `TENANT#${tenantId}`, SK: `BLOB#${blobId}` },
|
|
218
|
-
UpdateExpression: 'SET deletedAt = :deletedAt,
|
|
219
|
-
ExpressionAttributeNames: { '#ttl': 'ttl' },
|
|
218
|
+
UpdateExpression: 'SET deletedAt = :deletedAt, expiresAt = :expiresAt, updatedAt = :updatedAt',
|
|
220
219
|
ExpressionAttributeValues: {
|
|
221
220
|
':deletedAt': now,
|
|
222
|
-
':
|
|
221
|
+
':expiresAt': ttlEpoch,
|
|
223
222
|
':updatedAt': now,
|
|
224
223
|
},
|
|
225
224
|
}),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"devices.d.ts","sourceRoot":"","sources":["../../../../lib/handler/routes/devices.ts"],"names":[],"mappings":"AACA,OAAO,EACL,sBAAsB,EAMvB,MAAM,uBAAuB,CAAC;
|
|
1
|
+
{"version":3,"file":"devices.d.ts","sourceRoot":"","sources":["../../../../lib/handler/routes/devices.ts"],"names":[],"mappings":"AACA,OAAO,EACL,sBAAsB,EAMvB,MAAM,uBAAuB,CAAC;AAK/B,UAAU,eAAe;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACjC;AAID;;;;;GAKG;AACH,wBAAsB,oBAAoB,CACxC,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,EAC/B,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,eAAe,CAAC,CAqD1B;AAED;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,IAAI,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,EAC/B,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,eAAe,CAAC,CAyJ1B;AAED;;;;;GAKG;AACH,wBAAsB,wBAAwB,CAC5C,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,EAC/B,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,eAAe,CAAC,CAmE1B;AAED;;;;GAIG;AACH,wBAAsB,uBAAuB,CAC3C,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,eAAe,CAAC,CAkC1B;AAED;;;;GAIG;AACH,wBAAsB,iBAAiB,CACrC,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,eAAe,CAAC,CAuB1B;AAED;;;;GAIG;AACH,wBAAsB,kBAAkB,CACtC,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,MAAM,EACnB,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,eAAe,CAAC,CA0C1B"}
|
|
@@ -43,6 +43,7 @@ const crypto = __importStar(require("crypto"));
|
|
|
43
43
|
const lib_dynamodb_1 = require("@aws-sdk/lib-dynamodb");
|
|
44
44
|
const logger_js_1 = require("../logger.js");
|
|
45
45
|
const notifications_js_1 = require("./notifications.js");
|
|
46
|
+
const audit_js_1 = require("./audit.js");
|
|
46
47
|
const JSON_HEADERS = { 'Content-Type': 'application/json' };
|
|
47
48
|
/**
|
|
48
49
|
* POST /v1/link-code — authenticated
|
|
@@ -77,7 +78,7 @@ async function handleCreateLinkCode(tenantId, body, ddb, tableName) {
|
|
|
77
78
|
};
|
|
78
79
|
}
|
|
79
80
|
const now = new Date();
|
|
80
|
-
const
|
|
81
|
+
const expiresAtISO = new Date(now.getTime() + 5 * 60 * 1000).toISOString();
|
|
81
82
|
const ttl = Math.floor(now.getTime() / 1000) + 10 * 60; // DynamoDB TTL: 10 min (generous)
|
|
82
83
|
await ddb.send(new lib_dynamodb_1.PutCommand({
|
|
83
84
|
TableName: tableName,
|
|
@@ -86,15 +87,15 @@ async function handleCreateLinkCode(tenantId, body, ddb, tableName) {
|
|
|
86
87
|
SK: `LINK#${parsed.codeHash}`,
|
|
87
88
|
newPublicKey: null,
|
|
88
89
|
failureCount: 0,
|
|
89
|
-
|
|
90
|
-
ttl,
|
|
90
|
+
expiresAtISO,
|
|
91
|
+
expiresAt: ttl,
|
|
91
92
|
},
|
|
92
93
|
}));
|
|
93
94
|
logger_js_1.logger.info('Link code created', { tenantId });
|
|
94
95
|
return {
|
|
95
96
|
statusCode: 201,
|
|
96
97
|
headers: JSON_HEADERS,
|
|
97
|
-
body: JSON.stringify({ status: 'created', expiresAt }),
|
|
98
|
+
body: JSON.stringify({ status: 'created', expiresAt: expiresAtISO }),
|
|
98
99
|
};
|
|
99
100
|
}
|
|
100
101
|
/**
|
|
@@ -176,8 +177,9 @@ async function handleLinkConfirm(body, ddb, tableName) {
|
|
|
176
177
|
};
|
|
177
178
|
}
|
|
178
179
|
const linkRecord = linkResult.Item;
|
|
179
|
-
// Check expiry
|
|
180
|
-
|
|
180
|
+
// Check expiry (expiresAtISO is the ISO string for app-level checks;
|
|
181
|
+
// expiresAt is the epoch number for DynamoDB TTL auto-deletion)
|
|
182
|
+
if (new Date(linkRecord['expiresAtISO']) < new Date()) {
|
|
181
183
|
return {
|
|
182
184
|
statusCode: 410,
|
|
183
185
|
headers: JSON_HEADERS,
|
|
@@ -267,7 +269,7 @@ async function handleCreateLinkCodeFull(tenantId, body, ddb, tableName) {
|
|
|
267
269
|
};
|
|
268
270
|
}
|
|
269
271
|
const now = new Date();
|
|
270
|
-
const
|
|
272
|
+
const expiresAtISO = new Date(now.getTime() + 5 * 60 * 1000).toISOString();
|
|
271
273
|
const ttl = Math.floor(now.getTime() / 1000) + 10 * 60;
|
|
272
274
|
// Write the tenant-scoped link record
|
|
273
275
|
await ddb.send(new lib_dynamodb_1.PutCommand({
|
|
@@ -277,8 +279,8 @@ async function handleCreateLinkCodeFull(tenantId, body, ddb, tableName) {
|
|
|
277
279
|
SK: `LINK#${parsed.codeHash}`,
|
|
278
280
|
newPublicKey: null,
|
|
279
281
|
failureCount: 0,
|
|
280
|
-
|
|
281
|
-
ttl,
|
|
282
|
+
expiresAtISO,
|
|
283
|
+
expiresAt: ttl,
|
|
282
284
|
},
|
|
283
285
|
}));
|
|
284
286
|
// Write the reverse-lookup record (for unauthenticated link-confirm)
|
|
@@ -288,15 +290,14 @@ async function handleCreateLinkCodeFull(tenantId, body, ddb, tableName) {
|
|
|
288
290
|
PK: `LINK_CODE#${parsed.codeHash}`,
|
|
289
291
|
SK: 'META',
|
|
290
292
|
tenantId,
|
|
291
|
-
expiresAt,
|
|
292
|
-
ttl,
|
|
293
|
+
expiresAt: ttl,
|
|
293
294
|
},
|
|
294
295
|
}));
|
|
295
296
|
logger_js_1.logger.info('Link code created', { tenantId });
|
|
296
297
|
return {
|
|
297
298
|
statusCode: 201,
|
|
298
299
|
headers: JSON_HEADERS,
|
|
299
|
-
body: JSON.stringify({ status: 'created', expiresAt }),
|
|
300
|
+
body: JSON.stringify({ status: 'created', expiresAt: expiresAtISO }),
|
|
300
301
|
};
|
|
301
302
|
}
|
|
302
303
|
/**
|
|
@@ -384,6 +385,12 @@ async function handleDeleteDevice(tenantId, fingerprint, ddb, tableName) {
|
|
|
384
385
|
await (0, notifications_js_1.createNotification)(tenantId, 'device_revoked', {
|
|
385
386
|
hostname: fingerprint,
|
|
386
387
|
}, ddb, tableName);
|
|
388
|
+
// Audit event
|
|
389
|
+
await (0, audit_js_1.logAuditEvent)(ddb, tableName, tenantId, {
|
|
390
|
+
eventType: 'device-removed',
|
|
391
|
+
fingerprint,
|
|
392
|
+
metadata: { removedBy: 'owner' },
|
|
393
|
+
});
|
|
387
394
|
logger_js_1.logger.info('Device removed', { tenantId, fingerprint });
|
|
388
395
|
return {
|
|
389
396
|
statusCode: 200,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"devices.js","sourceRoot":"","sources":["../../../../lib/handler/routes/devices.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"devices.js","sourceRoot":"","sources":["../../../../lib/handler/routes/devices.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA2BA,oDA0DC;AASD,8CA6JC;AAQD,4DAwEC;AAOD,0DAuCC;AAOD,8CA2BC;AAOD,gDA+CC;AAjdD,+CAAiC;AACjC,wDAO+B;AAC/B,4CAAsC;AACtC,yDAAwD;AACxD,yCAA2C;AAQ3C,MAAM,YAAY,GAAG,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC;AAE5D;;;;;GAKG;AACI,KAAK,UAAU,oBAAoB,CACxC,QAAgB,EAChB,IAA+B,EAC/B,GAA2B,EAC3B,SAAiB;IAEjB,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,YAAY;YACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,0BAA0B,EAAE,CAAC;SACxF,CAAC;IACJ,CAAC;IAED,IAAI,MAA4B,CAAC;IACjC,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,YAAY;YACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC;SACjF,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC5D,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,YAAY;YACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,sBAAsB,EAAE,CAAC;SACpF,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,YAAY,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;IAC3E,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,kCAAkC;IAE1F,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,yBAAU,CAAC;QACb,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE;YACJ,EAAE,EAAE,UAAU,QAAQ,EAAE;YACxB,EAAE,EAAE,QAAQ,MAAM,CAAC,QAAQ,EAAE;YAC7B,YAAY,EAAE,IAAI;YAClB,YAAY,EAAE,CAAC;YACf,YAAY;YACZ,SAAS,EAAE,GAAG;SACf;KACF,CAAC,CACH,CAAC;IAEF,kBAAM,CAAC,IAAI,CAAC,mBAAmB,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;IAE/C,OAAO;QACL,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,YAAY;QACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,CAAC;KACrE,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,iBAAiB,CACrC,IAA+B,EAC/B,GAA2B,EAC3B,SAAiB;IAEjB,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,YAAY;YACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,0BAA0B,EAAE,CAAC;SACxF,CAAC;IACJ,CAAC;IAED,IAAI,MAA+C,CAAC;IACpD,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,YAAY;YACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC;SACjF,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;QAC1C,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,YAAY;YACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,qCAAqC,EAAE,CAAC;SACnG,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAEnF,4DAA4D;IAC5D,gFAAgF;IAChF,4EAA4E;IAC5E,8EAA8E;IAC9E,yCAAyC;IACzC,EAAE;IACF,6EAA6E;IAC7E,gFAAgF;IAChF,EAAE;IACF,6EAA6E;IAC7E,uCAAuC;IACvC,MAAM,YAAY,GAAG,MAAM,GAAG,CAAC,IAAI,CACjC,IAAI,yBAAU,CAAC;QACb,SAAS,EAAE,SAAS;QACpB,GAAG,EAAE;YACH,EAAE,EAAE,aAAa,QAAQ,EAAE;YAC3B,EAAE,EAAE,MAAM;SACX;KACF,CAAC,CACH,CAAC;IAEF,qEAAqE;IACrE,iEAAiE;IACjE,2DAA2D;IAE3D,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;QACvB,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,YAAY;YACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,8BAA8B,EAAE,CAAC;SACtF,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC,UAAU,CAAW,CAAC;IAEzD,sCAAsC;IACtC,MAAM,UAAU,GAAG,MAAM,GAAG,CAAC,IAAI,CAC/B,IAAI,yBAAU,CAAC;QACb,SAAS,EAAE,SAAS;QACpB,GAAG,EAAE;YACH,EAAE,EAAE,UAAU,QAAQ,EAAE;YACxB,EAAE,EAAE,QAAQ,QAAQ,EAAE;SACvB;KACF,CAAC,CACH,CAAC;IAEF,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;QACrB,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,YAAY;YACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,8BAA8B,EAAE,CAAC;SACtF,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,UAAU,CAAC,IAAI,CAAC;IAEnC,qEAAqE;IACrE,gEAAgE;IAChE,IAAI,IAAI,IAAI,CAAC,UAAU,CAAC,cAAc,CAAW,CAAC,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;QAChE,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,YAAY;YACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC;SAC7E,CAAC;IACJ,CAAC;IAED,sBAAsB;IACtB,MAAM,YAAY,GAAI,UAAU,CAAC,cAAc,CAAY,IAAI,CAAC,CAAC;IACjE,IAAI,YAAY,IAAI,CAAC,EAAE,CAAC;QACtB,oBAAoB;QACpB,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,4BAAa,CAAC;YAChB,SAAS,EAAE,SAAS;YACpB,GAAG,EAAE,EAAE,EAAE,EAAE,UAAU,QAAQ,EAAE,EAAE,EAAE,EAAE,QAAQ,QAAQ,EAAE,EAAE;SAC1D,CAAC,CACH,CAAC;QACF,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,4BAAa,CAAC;YAChB,SAAS,EAAE,SAAS;YACpB,GAAG,EAAE,EAAE,EAAE,EAAE,aAAa,QAAQ,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;SACjD,CAAC,CACH,CAAC;QACF,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,YAAY;YACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,OAAO,EAAE,0BAA0B,EAAE,CAAC;SAC1F,CAAC;IACJ,CAAC;IAED,uDAAuD;IACvD,IAAI,CAAC;QACH,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,4BAAa,CAAC;YAChB,SAAS,EAAE,SAAS;YACpB,GAAG,EAAE;gBACH,EAAE,EAAE,UAAU,QAAQ,EAAE;gBACxB,EAAE,EAAE,QAAQ,QAAQ,EAAE;aACvB;YACD,gBAAgB,EAAE,wBAAwB;YAC1C,mBAAmB,EAAE,sBAAsB;YAC3C,yBAAyB,EAAE;gBACzB,KAAK,EAAE,MAAM,CAAC,SAAS;aACxB;SACF,CAAC,CACH,CAAC;IACJ,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,IAAK,GAAyB,CAAC,IAAI,KAAK,iCAAiC,EAAE,CAAC;YAC1E,OAAO;gBACL,UAAU,EAAE,GAAG;gBACf,OAAO,EAAE,YAAY;gBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,2BAA2B,EAAE,CAAC;aACnF,CAAC;QACJ,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;IAED,kBAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;IAE5E,OAAO;QACL,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,YAAY;QACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;KAC9C,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACI,KAAK,UAAU,wBAAwB,CAC5C,QAAgB,EAChB,IAA+B,EAC/B,GAA2B,EAC3B,SAAiB;IAEjB,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,YAAY;YACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,0BAA0B,EAAE,CAAC;SACxF,CAAC;IACJ,CAAC;IAED,IAAI,MAA4B,CAAC;IACjC,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,YAAY;YACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC;SACjF,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC5D,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,YAAY;YACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,sBAAsB,EAAE,CAAC;SACpF,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,YAAY,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;IAC3E,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC;IAEvD,sCAAsC;IACtC,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,yBAAU,CAAC;QACb,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE;YACJ,EAAE,EAAE,UAAU,QAAQ,EAAE;YACxB,EAAE,EAAE,QAAQ,MAAM,CAAC,QAAQ,EAAE;YAC7B,YAAY,EAAE,IAAI;YAClB,YAAY,EAAE,CAAC;YACf,YAAY;YACZ,SAAS,EAAE,GAAG;SACf;KACF,CAAC,CACH,CAAC;IAEF,qEAAqE;IACrE,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,yBAAU,CAAC;QACb,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE;YACJ,EAAE,EAAE,aAAa,MAAM,CAAC,QAAQ,EAAE;YAClC,EAAE,EAAE,MAAM;YACV,QAAQ;YACR,SAAS,EAAE,GAAG;SACf;KACF,CAAC,CACH,CAAC;IAEF,kBAAM,CAAC,IAAI,CAAC,mBAAmB,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;IAE/C,OAAO;QACL,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,YAAY;QACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,CAAC;KACrE,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACI,KAAK,UAAU,uBAAuB,CAC3C,QAAgB,EAChB,QAAgB,EAChB,GAA2B,EAC3B,SAAiB;IAEjB,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,IAAI,CAC3B,IAAI,yBAAU,CAAC;QACb,SAAS,EAAE,SAAS;QACpB,GAAG,EAAE;YACH,EAAE,EAAE,UAAU,QAAQ,EAAE;YACxB,EAAE,EAAE,QAAQ,QAAQ,EAAE;SACvB;KACF,CAAC,CACH,CAAC;IAEF,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QACjB,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,YAAY;YACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,qBAAqB,EAAE,CAAC;SAC7E,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,CAAkB,CAAC;IAElE,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,YAAY;YACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,CAAC;SACxD,CAAC;IACJ,CAAC;IAED,OAAO;QACL,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,YAAY;QACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;KAC5C,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACI,KAAK,UAAU,iBAAiB,CACrC,QAAgB,EAChB,GAA2B,EAC3B,SAAiB;IAEjB,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,IAAI,CAC3B,IAAI,2BAAY,CAAC;QACf,SAAS,EAAE,SAAS;QACpB,sBAAsB,EAAE,uCAAuC;QAC/D,yBAAyB,EAAE;YACzB,KAAK,EAAE,UAAU,QAAQ,EAAE;YAC3B,SAAS,EAAE,MAAM;SAClB;KACF,CAAC,CACH,CAAC;IAEF,MAAM,OAAO,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAClD,WAAW,EAAG,IAAI,CAAC,IAAI,CAAY,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;QACvD,YAAY,EAAE,IAAI,CAAC,cAAc,CAAW;QAC5C,SAAS,EAAE,IAAI,CAAC,WAAW,CAAuB;KACnD,CAAC,CAAC,CAAC;IAEJ,OAAO;QACL,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,YAAY;QACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,CAAC;KAClC,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACI,KAAK,UAAU,kBAAkB,CACtC,QAAgB,EAChB,WAAmB,EACnB,GAA2B,EAC3B,SAAiB;IAEjB,yBAAyB;IACzB,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,4BAAa,CAAC;QAChB,SAAS,EAAE,SAAS;QACpB,GAAG,EAAE;YACH,EAAE,EAAE,UAAU,QAAQ,EAAE;YACxB,EAAE,EAAE,OAAO,WAAW,EAAE;SACzB;KACF,CAAC,CACH,CAAC;IAEF,iCAAiC;IACjC,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,4BAAa,CAAC;QAChB,SAAS,EAAE,SAAS;QACpB,GAAG,EAAE;YACH,EAAE,EAAE,UAAU,QAAQ,EAAE;YACxB,EAAE,EAAE,eAAe,WAAW,EAAE;SACjC;KACF,CAAC,CACH,CAAC;IAEF,uDAAuD;IACvD,MAAM,IAAA,qCAAkB,EAAC,QAAQ,EAAE,gBAAgB,EAAE;QACnD,QAAQ,EAAE,WAAW;KACtB,EAAE,GAAG,EAAE,SAAS,CAAC,CAAC;IAEnB,cAAc;IACd,MAAM,IAAA,wBAAa,EAAC,GAAG,EAAE,SAAS,EAAE,QAAQ,EAAE;QAC5C,SAAS,EAAE,gBAAgB;QAC3B,WAAW;QACX,QAAQ,EAAE,EAAE,SAAS,EAAE,OAAO,EAAE;KACjC,CAAC,CAAC;IAEH,kBAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC,CAAC;IAEzD,OAAO;QACL,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,YAAY;QACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;KAC5C,CAAC;AACJ,CAAC"}
|
|
@@ -9,6 +9,7 @@ import {
|
|
|
9
9
|
} from '@aws-sdk/lib-dynamodb';
|
|
10
10
|
import { logger } from '../logger.js';
|
|
11
11
|
import { createNotification } from './notifications.js';
|
|
12
|
+
import { logAuditEvent } from './audit.js';
|
|
12
13
|
|
|
13
14
|
interface HandlerResponse {
|
|
14
15
|
statusCode: number;
|
|
@@ -58,7 +59,7 @@ export async function handleCreateLinkCode(
|
|
|
58
59
|
}
|
|
59
60
|
|
|
60
61
|
const now = new Date();
|
|
61
|
-
const
|
|
62
|
+
const expiresAtISO = new Date(now.getTime() + 5 * 60 * 1000).toISOString();
|
|
62
63
|
const ttl = Math.floor(now.getTime() / 1000) + 10 * 60; // DynamoDB TTL: 10 min (generous)
|
|
63
64
|
|
|
64
65
|
await ddb.send(
|
|
@@ -69,8 +70,8 @@ export async function handleCreateLinkCode(
|
|
|
69
70
|
SK: `LINK#${parsed.codeHash}`,
|
|
70
71
|
newPublicKey: null,
|
|
71
72
|
failureCount: 0,
|
|
72
|
-
|
|
73
|
-
ttl,
|
|
73
|
+
expiresAtISO,
|
|
74
|
+
expiresAt: ttl,
|
|
74
75
|
},
|
|
75
76
|
}),
|
|
76
77
|
);
|
|
@@ -80,7 +81,7 @@ export async function handleCreateLinkCode(
|
|
|
80
81
|
return {
|
|
81
82
|
statusCode: 201,
|
|
82
83
|
headers: JSON_HEADERS,
|
|
83
|
-
body: JSON.stringify({ status: 'created', expiresAt }),
|
|
84
|
+
body: JSON.stringify({ status: 'created', expiresAt: expiresAtISO }),
|
|
84
85
|
};
|
|
85
86
|
}
|
|
86
87
|
|
|
@@ -181,8 +182,9 @@ export async function handleLinkConfirm(
|
|
|
181
182
|
|
|
182
183
|
const linkRecord = linkResult.Item;
|
|
183
184
|
|
|
184
|
-
// Check expiry
|
|
185
|
-
|
|
185
|
+
// Check expiry (expiresAtISO is the ISO string for app-level checks;
|
|
186
|
+
// expiresAt is the epoch number for DynamoDB TTL auto-deletion)
|
|
187
|
+
if (new Date(linkRecord['expiresAtISO'] as string) < new Date()) {
|
|
186
188
|
return {
|
|
187
189
|
statusCode: 410,
|
|
188
190
|
headers: JSON_HEADERS,
|
|
@@ -289,7 +291,7 @@ export async function handleCreateLinkCodeFull(
|
|
|
289
291
|
}
|
|
290
292
|
|
|
291
293
|
const now = new Date();
|
|
292
|
-
const
|
|
294
|
+
const expiresAtISO = new Date(now.getTime() + 5 * 60 * 1000).toISOString();
|
|
293
295
|
const ttl = Math.floor(now.getTime() / 1000) + 10 * 60;
|
|
294
296
|
|
|
295
297
|
// Write the tenant-scoped link record
|
|
@@ -301,8 +303,8 @@ export async function handleCreateLinkCodeFull(
|
|
|
301
303
|
SK: `LINK#${parsed.codeHash}`,
|
|
302
304
|
newPublicKey: null,
|
|
303
305
|
failureCount: 0,
|
|
304
|
-
|
|
305
|
-
ttl,
|
|
306
|
+
expiresAtISO,
|
|
307
|
+
expiresAt: ttl,
|
|
306
308
|
},
|
|
307
309
|
}),
|
|
308
310
|
);
|
|
@@ -315,8 +317,7 @@ export async function handleCreateLinkCodeFull(
|
|
|
315
317
|
PK: `LINK_CODE#${parsed.codeHash}`,
|
|
316
318
|
SK: 'META',
|
|
317
319
|
tenantId,
|
|
318
|
-
expiresAt,
|
|
319
|
-
ttl,
|
|
320
|
+
expiresAt: ttl,
|
|
320
321
|
},
|
|
321
322
|
}),
|
|
322
323
|
);
|
|
@@ -326,7 +327,7 @@ export async function handleCreateLinkCodeFull(
|
|
|
326
327
|
return {
|
|
327
328
|
statusCode: 201,
|
|
328
329
|
headers: JSON_HEADERS,
|
|
329
|
-
body: JSON.stringify({ status: 'created', expiresAt }),
|
|
330
|
+
body: JSON.stringify({ status: 'created', expiresAt: expiresAtISO }),
|
|
330
331
|
};
|
|
331
332
|
}
|
|
332
333
|
|
|
@@ -448,6 +449,13 @@ export async function handleDeleteDevice(
|
|
|
448
449
|
hostname: fingerprint,
|
|
449
450
|
}, ddb, tableName);
|
|
450
451
|
|
|
452
|
+
// Audit event
|
|
453
|
+
await logAuditEvent(ddb, tableName, tenantId, {
|
|
454
|
+
eventType: 'device-removed',
|
|
455
|
+
fingerprint,
|
|
456
|
+
metadata: { removedBy: 'owner' },
|
|
457
|
+
});
|
|
458
|
+
|
|
451
459
|
logger.info('Device removed', { tenantId, fingerprint });
|
|
452
460
|
|
|
453
461
|
return {
|
|
@@ -1,9 +1,19 @@
|
|
|
1
1
|
import { DynamoDBDocumentClient } from '@aws-sdk/lib-dynamodb';
|
|
2
|
+
export declare function isValidGitHubUsername(username: string): boolean;
|
|
2
3
|
/**
|
|
3
4
|
* Fetch SSH public keys from GitHub for a username.
|
|
4
5
|
* Returns one key per line. Uses a 5-minute in-memory cache.
|
|
5
6
|
*/
|
|
6
7
|
export declare function fetchGitHubKeys(username: string): Promise<string[]>;
|
|
8
|
+
/**
|
|
9
|
+
* Fetch SSH keys from GitHub, bypassing the in-memory cache.
|
|
10
|
+
* Used at auto-link time to ensure we have the latest key list.
|
|
11
|
+
*/
|
|
12
|
+
export declare function fetchGitHubKeysFresh(username: string): Promise<string[]>;
|
|
13
|
+
/**
|
|
14
|
+
* Check whether a public key (base64 blob) appears in a list of GitHub SSH key lines.
|
|
15
|
+
*/
|
|
16
|
+
export declare function keyAppearsInGitHubKeys(publicKeyBase64: string, githubKeys: string[]): boolean;
|
|
7
17
|
/**
|
|
8
18
|
* Verify that a public key (in SSH authorized_keys format or base64) appears
|
|
9
19
|
* on a GitHub account.
|
|
@@ -24,8 +34,11 @@ export declare function storeGitHubAssociation(tenantId: string, githubUsername:
|
|
|
24
34
|
*/
|
|
25
35
|
export declare function findTenantByGitHub(githubUsername: string, ddb: DynamoDBDocumentClient, tableName: string): Promise<string | null>;
|
|
26
36
|
/**
|
|
27
|
-
* Store a reverse lookup record: GITHUB#{username} -> tenantId
|
|
37
|
+
* Store a reverse lookup record: GITHUB#{username} -> tenantId.
|
|
38
|
+
* Uses a conditional write to prevent a different tenant from claiming
|
|
39
|
+
* a username that is already associated with another tenant.
|
|
40
|
+
* Returns true if stored, false if already claimed by a different tenant.
|
|
28
41
|
*/
|
|
29
|
-
export declare function storeGitHubReverseLookup(githubUsername: string, tenantId: string, ddb: DynamoDBDocumentClient, tableName: string): Promise<
|
|
42
|
+
export declare function storeGitHubReverseLookup(githubUsername: string, tenantId: string, ddb: DynamoDBDocumentClient, tableName: string): Promise<boolean>;
|
|
30
43
|
export declare function _resetGitHubKeyCache(): void;
|
|
31
44
|
//# sourceMappingURL=github.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"github.d.ts","sourceRoot":"","sources":["../../../../lib/handler/routes/github.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"github.d.ts","sourceRoot":"","sources":["../../../../lib/handler/routes/github.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,sBAAsB,EAA0B,MAAM,uBAAuB,CAAC;AAevF,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAE/D;AAED;;;GAGG;AACH,wBAAsB,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CA+BzE;AAED;;;GAGG;AACH,wBAAsB,oBAAoB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAG9E;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,eAAe,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,OAAO,CAW7F;AAED;;;GAGG;AACH,wBAAsB,iBAAiB,CACrC,eAAe,EAAE,MAAM,EACvB,cAAc,EAAE,MAAM,GACrB,OAAO,CAAC,OAAO,CAAC,CAGlB;AAED,qBAAa,uBAAwB,SAAQ,KAAK;aAE9B,IAAI,EAAE,MAAM;gBAAZ,IAAI,EAAE,MAAM,EAC5B,OAAO,EAAE,MAAM;CAKlB;AAED;;;GAGG;AACH,wBAAsB,sBAAsB,CAC1C,QAAQ,EAAE,MAAM,EAChB,cAAc,EAAE,MAAM,EACtB,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,IAAI,CAAC,CAcf;AAED;;;GAGG;AACH,wBAAsB,kBAAkB,CACtC,cAAc,EAAE,MAAM,EACtB,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAcxB;AAED;;;;;GAKG;AACH,wBAAsB,wBAAwB,CAC5C,cAAc,EAAE,MAAM,EACtB,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,OAAO,CAAC,CAyBlB;AAGD,wBAAgB,oBAAoB,IAAI,IAAI,CAE3C"}
|
|
@@ -1,22 +1,66 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
2
35
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
36
|
exports.GitHubVerificationError = void 0;
|
|
37
|
+
exports.isValidGitHubUsername = isValidGitHubUsername;
|
|
4
38
|
exports.fetchGitHubKeys = fetchGitHubKeys;
|
|
39
|
+
exports.fetchGitHubKeysFresh = fetchGitHubKeysFresh;
|
|
40
|
+
exports.keyAppearsInGitHubKeys = keyAppearsInGitHubKeys;
|
|
5
41
|
exports.verifyKeyOnGitHub = verifyKeyOnGitHub;
|
|
6
42
|
exports.storeGitHubAssociation = storeGitHubAssociation;
|
|
7
43
|
exports.findTenantByGitHub = findTenantByGitHub;
|
|
8
44
|
exports.storeGitHubReverseLookup = storeGitHubReverseLookup;
|
|
9
45
|
exports._resetGitHubKeyCache = _resetGitHubKeyCache;
|
|
46
|
+
const crypto = __importStar(require("crypto"));
|
|
10
47
|
const lib_dynamodb_1 = require("@aws-sdk/lib-dynamodb");
|
|
11
48
|
const logger_js_1 = require("../logger.js");
|
|
12
|
-
const JSON_HEADERS = { 'Content-Type': 'application/json' };
|
|
13
49
|
const githubKeyCache = new Map();
|
|
14
50
|
const CACHE_TTL_MS = 5 * 60 * 1000;
|
|
51
|
+
/** GitHub username constraints: 1-39 alphanumeric or hyphen, no leading/trailing hyphen, no consecutive hyphens. */
|
|
52
|
+
const GITHUB_USERNAME_RE = /^[a-zA-Z0-9](?:[a-zA-Z0-9]|-(?=[a-zA-Z0-9])){0,38}$/;
|
|
53
|
+
function isValidGitHubUsername(username) {
|
|
54
|
+
return GITHUB_USERNAME_RE.test(username);
|
|
55
|
+
}
|
|
15
56
|
/**
|
|
16
57
|
* Fetch SSH public keys from GitHub for a username.
|
|
17
58
|
* Returns one key per line. Uses a 5-minute in-memory cache.
|
|
18
59
|
*/
|
|
19
60
|
async function fetchGitHubKeys(username) {
|
|
61
|
+
if (!isValidGitHubUsername(username)) {
|
|
62
|
+
throw new GitHubVerificationError('github_verification_failed', 'Could not verify key against GitHub account');
|
|
63
|
+
}
|
|
20
64
|
const now = Date.now();
|
|
21
65
|
const cached = githubKeyCache.get(username);
|
|
22
66
|
if (cached && now < cached.expiresAt) {
|
|
@@ -24,10 +68,10 @@ async function fetchGitHubKeys(username) {
|
|
|
24
68
|
}
|
|
25
69
|
const response = await fetch(`https://github.com/${encodeURIComponent(username)}.keys`, { signal: AbortSignal.timeout(10_000) });
|
|
26
70
|
if (response.status === 404) {
|
|
27
|
-
throw new GitHubVerificationError('
|
|
71
|
+
throw new GitHubVerificationError('github_verification_failed', 'Could not verify key against GitHub account');
|
|
28
72
|
}
|
|
29
73
|
if (!response.ok) {
|
|
30
|
-
throw new GitHubVerificationError('
|
|
74
|
+
throw new GitHubVerificationError('github_verification_failed', 'Could not verify key against GitHub account');
|
|
31
75
|
}
|
|
32
76
|
const text = await response.text();
|
|
33
77
|
const keys = text
|
|
@@ -38,23 +82,36 @@ async function fetchGitHubKeys(username) {
|
|
|
38
82
|
return keys;
|
|
39
83
|
}
|
|
40
84
|
/**
|
|
41
|
-
*
|
|
42
|
-
*
|
|
85
|
+
* Fetch SSH keys from GitHub, bypassing the in-memory cache.
|
|
86
|
+
* Used at auto-link time to ensure we have the latest key list.
|
|
43
87
|
*/
|
|
44
|
-
async function
|
|
45
|
-
|
|
88
|
+
async function fetchGitHubKeysFresh(username) {
|
|
89
|
+
githubKeyCache.delete(username);
|
|
90
|
+
return fetchGitHubKeys(username);
|
|
91
|
+
}
|
|
92
|
+
/**
|
|
93
|
+
* Check whether a public key (base64 blob) appears in a list of GitHub SSH key lines.
|
|
94
|
+
*/
|
|
95
|
+
function keyAppearsInGitHubKeys(publicKeyBase64, githubKeys) {
|
|
96
|
+
const suppliedBuf = Buffer.from(publicKeyBase64);
|
|
46
97
|
for (const ghKey of githubKeys) {
|
|
47
98
|
const parts = ghKey.split(/\s+/);
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
// Also match if the full key blob matches
|
|
52
|
-
if (ghKey === publicKeyBase64) {
|
|
99
|
+
const candidate = parts.length >= 2 ? parts[1] : ghKey;
|
|
100
|
+
const candidateBuf = Buffer.from(candidate);
|
|
101
|
+
if (suppliedBuf.length === candidateBuf.length && crypto.timingSafeEqual(suppliedBuf, candidateBuf)) {
|
|
53
102
|
return true;
|
|
54
103
|
}
|
|
55
104
|
}
|
|
56
105
|
return false;
|
|
57
106
|
}
|
|
107
|
+
/**
|
|
108
|
+
* Verify that a public key (in SSH authorized_keys format or base64) appears
|
|
109
|
+
* on a GitHub account.
|
|
110
|
+
*/
|
|
111
|
+
async function verifyKeyOnGitHub(publicKeyBase64, githubUsername) {
|
|
112
|
+
const githubKeys = await fetchGitHubKeys(githubUsername);
|
|
113
|
+
return keyAppearsInGitHubKeys(publicKeyBase64, githubKeys);
|
|
114
|
+
}
|
|
58
115
|
class GitHubVerificationError extends Error {
|
|
59
116
|
code;
|
|
60
117
|
constructor(code, message) {
|
|
@@ -98,18 +155,35 @@ async function findTenantByGitHub(githubUsername, ddb, tableName) {
|
|
|
98
155
|
return result.Item?.['tenantId'] ?? null;
|
|
99
156
|
}
|
|
100
157
|
/**
|
|
101
|
-
* Store a reverse lookup record: GITHUB#{username} -> tenantId
|
|
158
|
+
* Store a reverse lookup record: GITHUB#{username} -> tenantId.
|
|
159
|
+
* Uses a conditional write to prevent a different tenant from claiming
|
|
160
|
+
* a username that is already associated with another tenant.
|
|
161
|
+
* Returns true if stored, false if already claimed by a different tenant.
|
|
102
162
|
*/
|
|
103
163
|
async function storeGitHubReverseLookup(githubUsername, tenantId, ddb, tableName) {
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
164
|
+
try {
|
|
165
|
+
await ddb.send(new lib_dynamodb_1.PutCommand({
|
|
166
|
+
TableName: tableName,
|
|
167
|
+
Item: {
|
|
168
|
+
PK: `GITHUB#${githubUsername}`,
|
|
169
|
+
SK: 'META',
|
|
170
|
+
tenantId,
|
|
171
|
+
createdAt: new Date().toISOString(),
|
|
172
|
+
},
|
|
173
|
+
ConditionExpression: 'attribute_not_exists(PK) OR tenantId = :tid',
|
|
174
|
+
ExpressionAttributeValues: {
|
|
175
|
+
':tid': tenantId,
|
|
176
|
+
},
|
|
177
|
+
}));
|
|
178
|
+
return true;
|
|
179
|
+
}
|
|
180
|
+
catch (err) {
|
|
181
|
+
if (err.name === 'ConditionalCheckFailedException') {
|
|
182
|
+
logger_js_1.logger.warn('GitHub username already claimed by another tenant', { githubUsername });
|
|
183
|
+
return false;
|
|
184
|
+
}
|
|
185
|
+
throw err;
|
|
186
|
+
}
|
|
113
187
|
}
|
|
114
188
|
// Export for testing
|
|
115
189
|
function _resetGitHubKeyCache() {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"github.js","sourceRoot":"","sources":["../../../../lib/handler/routes/github.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"github.js","sourceRoot":"","sources":["../../../../lib/handler/routes/github.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgBA,sDAEC;AAMD,0CA+BC;AAMD,oDAGC;AAKD,wDAWC;AAMD,8CAMC;AAgBD,wDAmBC;AAMD,gDAkBC;AAQD,4DA8BC;AAGD,oDAEC;AAlMD,+CAAiC;AACjC,wDAAuF;AACvF,4CAAsC;AAQtC,MAAM,cAAc,GAAG,IAAI,GAAG,EAAsB,CAAC;AACrD,MAAM,YAAY,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAEnC,oHAAoH;AACpH,MAAM,kBAAkB,GAAG,qDAAqD,CAAC;AAEjF,SAAgB,qBAAqB,CAAC,QAAgB;IACpD,OAAO,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AAC3C,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,eAAe,CAAC,QAAgB;IACpD,IAAI,CAAC,qBAAqB,CAAC,QAAQ,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,uBAAuB,CAAC,4BAA4B,EAAE,6CAA6C,CAAC,CAAC;IACjH,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,MAAM,GAAG,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC5C,IAAI,MAAM,IAAI,GAAG,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC;QACrC,OAAO,MAAM,CAAC,IAAI,CAAC;IACrB,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAC1B,sBAAsB,kBAAkB,CAAC,QAAQ,CAAC,OAAO,EACzD,EAAE,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CACxC,CAAC;IAEF,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QAC5B,MAAM,IAAI,uBAAuB,CAAC,4BAA4B,EAAE,6CAA6C,CAAC,CAAC;IACjH,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,uBAAuB,CAAC,4BAA4B,EAAE,6CAA6C,CAAC,CAAC;IACjH,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IACnC,MAAM,IAAI,GAAG,IAAI;SACd,KAAK,CAAC,IAAI,CAAC;SACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;SAC1B,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAErC,cAAc,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,GAAG,YAAY,EAAE,CAAC,CAAC;IACtE,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,oBAAoB,CAAC,QAAgB;IACzD,cAAc,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAChC,OAAO,eAAe,CAAC,QAAQ,CAAC,CAAC;AACnC,CAAC;AAED;;GAEG;AACH,SAAgB,sBAAsB,CAAC,eAAuB,EAAE,UAAoB;IAClF,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IACjD,KAAK,MAAM,KAAK,IAAI,UAAU,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;QACvD,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC5C,IAAI,WAAW,CAAC,MAAM,KAAK,YAAY,CAAC,MAAM,IAAI,MAAM,CAAC,eAAe,CAAC,WAAW,EAAE,YAAY,CAAC,EAAE,CAAC;YACpG,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,iBAAiB,CACrC,eAAuB,EACvB,cAAsB;IAEtB,MAAM,UAAU,GAAG,MAAM,eAAe,CAAC,cAAc,CAAC,CAAC;IACzD,OAAO,sBAAsB,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;AAC7D,CAAC;AAED,MAAa,uBAAwB,SAAQ,KAAK;IAE9B;IADlB,YACkB,IAAY,EAC5B,OAAe;QAEf,KAAK,CAAC,OAAO,CAAC,CAAC;QAHC,SAAI,GAAJ,IAAI,CAAQ;QAI5B,IAAI,CAAC,IAAI,GAAG,yBAAyB,CAAC;IACxC,CAAC;CACF;AARD,0DAQC;AAED;;;GAGG;AACI,KAAK,UAAU,sBAAsB,CAC1C,QAAgB,EAChB,cAAsB,EACtB,GAA2B,EAC3B,SAAiB;IAEjB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACrC,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,yBAAU,CAAC;QACb,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE;YACJ,EAAE,EAAE,UAAU,QAAQ,EAAE;YACxB,EAAE,EAAE,UAAU,cAAc,EAAE;YAC9B,cAAc;YACd,SAAS,EAAE,GAAG;SACf;KACF,CAAC,CACH,CAAC;IACF,kBAAM,CAAC,IAAI,CAAC,2BAA2B,EAAE,EAAE,QAAQ,EAAE,cAAc,EAAE,CAAC,CAAC;AACzE,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,kBAAkB,CACtC,cAAsB,EACtB,GAA2B,EAC3B,SAAiB;IAEjB,0DAA0D;IAC1D,oCAAoC;IACpC,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,IAAI,CAC3B,IAAI,yBAAU,CAAC;QACb,SAAS,EAAE,SAAS;QACpB,GAAG,EAAE;YACH,EAAE,EAAE,UAAU,cAAc,EAAE;YAC9B,EAAE,EAAE,MAAM;SACX;KACF,CAAC,CACH,CAAC;IAEF,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC;AAC3C,CAAC;AAED;;;;;GAKG;AACI,KAAK,UAAU,wBAAwB,CAC5C,cAAsB,EACtB,QAAgB,EAChB,GAA2B,EAC3B,SAAiB;IAEjB,IAAI,CAAC;QACH,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,yBAAU,CAAC;YACb,SAAS,EAAE,SAAS;YACpB,IAAI,EAAE;gBACJ,EAAE,EAAE,UAAU,cAAc,EAAE;gBAC9B,EAAE,EAAE,MAAM;gBACV,QAAQ;gBACR,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACpC;YACD,mBAAmB,EAAE,6CAA6C;YAClE,yBAAyB,EAAE;gBACzB,MAAM,EAAE,QAAQ;aACjB;SACF,CAAC,CACH,CAAC;QACF,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,IAAK,GAAyB,CAAC,IAAI,KAAK,iCAAiC,EAAE,CAAC;YAC1E,kBAAM,CAAC,IAAI,CAAC,mDAAmD,EAAE,EAAE,cAAc,EAAE,CAAC,CAAC;YACrF,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC;AAED,qBAAqB;AACrB,SAAgB,oBAAoB;IAClC,cAAc,CAAC,KAAK,EAAE,CAAC;AACzB,CAAC"}
|