@de-otio/chaoskb-server 0.2.0

package/dist/lib/handler/middleware/ssh-auth.ts

@@ -0,0 +1,300 @@
+import * as crypto from 'crypto';
+import { DynamoDBDocumentClient, QueryCommand, UpdateCommand } from '@aws-sdk/lib-dynamodb';
+import { logger } from '../logger.js';
+
+export interface AuthResult {
+  tenantId: string;
+  publicKey: string;
+  fingerprint: string;
+}
+
+export class AuthError extends Error {
+  constructor(
+    message: string,
+    public readonly statusCode: number,
+  ) {
+    super(message);
+    this.name = 'AuthError';
+  }
+}
+
+interface ParsedAuthHeader {
+  signature: string;
+  timestamp: string;
+  sequence: number;
+}
+
+/** Timestamp tolerance: 30 seconds (replay protection is primarily sequence-based). */
+const TIMESTAMP_TOLERANCE_MS = 30 * 1000;
+
+/**
+ * Parse the new SSH-Signature authorization scheme.
+ *
+ * Headers:
+ *   Authorization: SSH-Signature <base64-signature>
+ *   X-ChaosKB-Timestamp: <ISO 8601>
+ *   X-ChaosKB-Sequence: <monotonic counter>
+ */
+export function parseAuthHeaders(headers: Record<string, string>): ParsedAuthHeader {
+  const authHeader = headers['authorization'] || headers['Authorization'];
+  if (!authHeader) {
+    throw new AuthError('Missing Authorization header', 401);
+  }
+
+  if (!authHeader.startsWith('SSH-Signature ')) {
+    // Support legacy format during migration
+    if (authHeader.startsWith('ChaosKB-SSH ')) {
+      return parseLegacyAuthHeader(authHeader, headers);
+    }
+    throw new AuthError('Invalid authorization scheme', 401);
+  }
+
+  const signature = authHeader.slice('SSH-Signature '.length);
+  const timestamp = headers['x-chaoskb-timestamp'] || headers['X-ChaosKB-Timestamp'];
+  const sequenceStr = headers['x-chaoskb-sequence'] || headers['X-ChaosKB-Sequence'];
+
+  if (!signature || !timestamp) {
+    throw new AuthError('Missing required headers (X-ChaosKB-Timestamp)', 401);
+  }
+
+  const sequence = sequenceStr ? parseInt(sequenceStr, 10) : 0;
+  if (isNaN(sequence)) {
+    throw new AuthError('Invalid sequence number', 401);
+  }
+
+  return { signature, timestamp, sequence };
+}
+
+/** Parse legacy ChaosKB-SSH format for backwards compatibility. */
+function parseLegacyAuthHeader(
+  header: string,
+  headers: Record<string, string>,
+): ParsedAuthHeader {
+  const params = header.slice('ChaosKB-SSH '.length);
+  const fields: Record<string, string> = {};
+
+  for (const part of params.split(', ')) {
+    const eqIndex = part.indexOf('=');
+    if (eqIndex === -1) continue;
+    fields[part.slice(0, eqIndex)] = part.slice(eqIndex + 1);
+  }
+
+  if (!fields['sig'] || !fields['ts']) {
+    throw new AuthError('Missing required authorization fields', 401);
+  }
+
+  const sequenceStr = headers['x-chaoskb-sequence'] || headers['X-ChaosKB-Sequence'];
+
+  return {
+    signature: fields['sig'],
+    timestamp: fields['ts'],
+    sequence: sequenceStr ? parseInt(sequenceStr, 10) : 0,
+  };
+}
+
+/** Compute SSH key fingerprint (SHA-256 of raw public key, base64). */
+export function fingerprintFromPublicKey(publicKeyBase64: string): string {
+  return crypto.createHash('sha256').update(Buffer.from(publicKeyBase64, 'base64')).digest('base64');
+}
+
+export function verifyTimestamp(timestamp: string): void {
+  const requestTime = new Date(timestamp).getTime();
+  if (isNaN(requestTime)) {
+    throw new AuthError('Invalid timestamp format', 401);
+  }
+
+  const now = Date.now();
+  const diff = Math.abs(now - requestTime);
+  if (diff > TIMESTAMP_TOLERANCE_MS) {
+    throw new AuthError('Request timestamp expired', 401);
+  }
+}
+
+export function buildCanonicalString(
+  method: string,
+  path: string,
+  timestamp: string,
+  sequence: number,
+  body?: string | null,
+): string {
+  const bodyHash = body
+    ? crypto.createHash('sha256').update(body).digest('hex')
+    : '';
+  return `chaoskb-auth\n${method} ${path}\n${timestamp}\n${sequence}\n${bodyHash}`;
+}
+
+/**
+ * Check and update the per-device sequence counter for replay protection.
+ *
+ * Uses a DynamoDB conditional write: only succeeds if the new sequence
+ * is strictly greater than the stored highest-seen sequence.
+ */
+export async function checkSequence(
+  ddb: DynamoDBDocumentClient,
+  tableName: string,
+  tenantId: string,
+  fingerprint: string,
+  sequence: number,
+): Promise<void> {
+  if (sequence <= 0) {
+    throw new AuthError('Sequence number must be positive', 401);
+  }
+
+  try {
+    await ddb.send(
+      new UpdateCommand({
+        TableName: tableName,
+        Key: {
+          PK: `TENANT#${tenantId}`,
+          SK: `SEQUENCE#${fingerprint}`,
+        },
+        UpdateExpression: 'SET highestSeq = :new',
+        ConditionExpression:
+          'attribute_not_exists(highestSeq) OR highestSeq < :new',
+        ExpressionAttributeValues: {
+          ':new': sequence,
+        },
+      }),
+    );
+  } catch (error: unknown) {
+    if (
+      error &&
+      typeof error === 'object' &&
+      'name' in error &&
+      error.name === 'ConditionalCheckFailedException'
+    ) {
+      logger.warn('Replay detected: sequence number already seen', {
+        tenantId,
+        fingerprint,
+        sequence,
+      });
+      throw new AuthError('Replay detected: sequence number already used', 401);
+    }
+    throw error;
+  }
+}
+
+export function verifyEd25519Signature(
+  publicKeyBase64: string,
+  canonicalString: string,
+  signatureBase64: string,
+): boolean {
+  try {
+    const publicKeyBuffer = Buffer.from(publicKeyBase64, 'base64');
+    const signatureBuffer = Buffer.from(signatureBase64, 'base64');
+    const data = Buffer.from(canonicalString);
+
+    // Create Ed25519 public key object from raw bytes
+    const keyObject = crypto.createPublicKey({
+      key: Buffer.concat([
+        // Ed25519 DER prefix for a 32-byte public key
+        Buffer.from('302a300506032b6570032100', 'hex'),
+        publicKeyBuffer,
+      ]),
+      format: 'der',
+      type: 'spki',
+    });
+
+    return crypto.verify(null, data, keyObject, signatureBuffer);
+  } catch {
+    return false;
+  }
+}
+
+function tenantIdFromPublicKey(publicKeyBase64: string): string {
+  const hash = crypto.createHash('sha256').update(publicKeyBase64).digest('hex');
+  return hash.slice(0, 32);
+}
+
+export async function authenticateRequest(
+  event: {
+    requestContext: { http: { method: string; path: string } };
+    headers: Record<string, string>;
+    body?: string | null;
+  },
+  ddb: DynamoDBDocumentClient,
+  tableName: string,
+): Promise<AuthResult> {
+  const parsed = parseAuthHeaders(event.headers);
+  verifyTimestamp(parsed.timestamp);
+
+  // Look up the public key by querying tenant META records
+  // The public key is identified from the request — we need to find which tenant it belongs to
+  // For now, extract from legacy header or from a separate header
+  const publicKey = extractPublicKey(event.headers);
+  const tenantId = tenantIdFromPublicKey(publicKey);
+  const fingerprint = fingerprintFromPublicKey(publicKey);
+
+  // Look up the registered public key in DynamoDB
+  const result = await ddb.send(
+    new QueryCommand({
+      TableName: tableName,
+      KeyConditionExpression: 'PK = :pk AND SK = :sk',
+      ExpressionAttributeValues: {
+        ':pk': `TENANT#${tenantId}`,
+        ':sk': 'META',
+      },
+      Limit: 1,
+    }),
+  );
+
+  if (!result.Items || result.Items.length === 0) {
+    throw new AuthError('Unknown public key', 401);
+  }
+
+  const tenant = result.Items[0];
+  if (tenant['publicKey'] !== publicKey) {
+    throw new AuthError('Public key mismatch', 401);
+  }
+
+  // Verify the SSH signature against the canonical string (includes sequence)
+  const canonicalString = buildCanonicalString(
+    event.requestContext.http.method,
+    event.requestContext.http.path,
+    parsed.timestamp,
+    parsed.sequence,
+    event.body,
+  );
+
+  const valid = verifyEd25519Signature(
+    publicKey,
+    canonicalString,
+    parsed.signature,
+  );
+
+  if (!valid) {
+    logger.warn('Signature verification failed', { tenantId });
+    throw new AuthError('Invalid signature', 401);
+  }
+
+  // Check sequence number for replay protection (after signature verification)
+  if (parsed.sequence > 0) {
+    await checkSequence(ddb, tableName, tenantId, fingerprint, parsed.sequence);
+  }
+
+  return { tenantId, publicKey, fingerprint };
+}
+
+/**
+ * Extract the public key from request headers.
+ * New format uses X-ChaosKB-PublicKey header; legacy embeds it in the auth header.
+ */
+function extractPublicKey(headers: Record<string, string>): string {
+  // New header format
+  const pubKeyHeader = headers['x-chaoskb-publickey'] || headers['X-ChaosKB-PublicKey'];
+  if (pubKeyHeader) return pubKeyHeader;
+
+  // Legacy format: ChaosKB-SSH pubkey=..., ts=..., sig=...
+  const authHeader = headers['authorization'] || headers['Authorization'];
+  if (authHeader?.startsWith('ChaosKB-SSH ')) {
+    const params = authHeader.slice('ChaosKB-SSH '.length);
+    for (const part of params.split(', ')) {
+      const eqIndex = part.indexOf('=');
+      if (eqIndex !== -1 && part.slice(0, eqIndex) === 'pubkey') {
+        return part.slice(eqIndex + 1);
+      }
+    }
+  }
+
+  throw new AuthError('Missing public key in request headers', 401);
+}

package/dist/lib/handler/routes/audit.d.ts

@@ -0,0 +1,24 @@
+import { DynamoDBDocumentClient } from '@aws-sdk/lib-dynamodb';
+interface HandlerResponse {
+    statusCode: number;
+    body: string;
+    headers: Record<string, string>;
+}
+export type AuditEventType = 'registered' | 'rotation-started' | 'rotation-confirmed' | 'rotation-completed' | 'revoked' | 'device-linked' | 'device-removed';
+export interface AuditEvent {
+    eventType: AuditEventType;
+    fingerprint: string;
+    metadata?: Record<string, unknown>;
+}
+/**
+ * Write an audit event to DynamoDB.
+ *
+ * PK: TENANT#{tenantId}, SK: AUDIT#{ISO timestamp}#{random suffix}
+ */
+export declare function logAuditEvent(ddb: DynamoDBDocumentClient, tableName: string, tenantId: string, event: AuditEvent): Promise<void>;
+/**
+ * Query all audit log entries for a tenant, sorted by timestamp (ascending).
+ */
+export declare function handleGetAuditLog(tenantId: string, ddb: DynamoDBDocumentClient, tableName: string): Promise<HandlerResponse>;
+export {};
+//# sourceMappingURL=audit.d.ts.map

package/dist/lib/handler/routes/audit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../../../../lib/handler/routes/audit.ts"],"names":[],"mappings":"AACA,OAAO,EACL,sBAAsB,EAGvB,MAAM,uBAAuB,CAAC;AAG/B,UAAU,eAAe;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACjC;AAED,MAAM,MAAM,cAAc,GACtB,YAAY,GACZ,kBAAkB,GAClB,oBAAoB,GACpB,oBAAoB,GACpB,SAAS,GACT,eAAe,GACf,gBAAgB,CAAC;AAErB,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,cAAc,CAAC;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAID;;;;GAIG;AACH,wBAAsB,aAAa,CACjC,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,UAAU,GAChB,OAAO,CAAC,IAAI,CAAC,CAyBf;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,eAAe,CAAC,CAyB1B"}

package/dist/lib/handler/routes/audit.js

@@ -0,0 +1,94 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.logAuditEvent = logAuditEvent;
+exports.handleGetAuditLog = handleGetAuditLog;
+const crypto = __importStar(require("crypto"));
+const lib_dynamodb_1 = require("@aws-sdk/lib-dynamodb");
+const logger_js_1 = require("../logger.js");
+const TTL_90_DAYS_SECONDS = 90 * 24 * 60 * 60;
+/**
+ * Write an audit event to DynamoDB.
+ *
+ * PK: TENANT#{tenantId}, SK: AUDIT#{ISO timestamp}#{random suffix}
+ */
+async function logAuditEvent(ddb, tableName, tenantId, event) {
+    const now = new Date().toISOString();
+    const suffix = crypto.randomBytes(6).toString('hex');
+    const ttl = Math.floor(Date.now() / 1000) + TTL_90_DAYS_SECONDS;
+    await ddb.send(new lib_dynamodb_1.PutCommand({
+        TableName: tableName,
+        Item: {
+            PK: `TENANT#${tenantId}`,
+            SK: `AUDIT#${now}#${suffix}`,
+            eventType: event.eventType,
+            fingerprint: event.fingerprint,
+            metadata: event.metadata,
+            timestamp: now,
+            ttl,
+        },
+    }));
+    logger_js_1.logger.info('Audit event logged', {
+        tenantId,
+        eventType: event.eventType,
+        fingerprint: event.fingerprint,
+    });
+}
+/**
+ * Query all audit log entries for a tenant, sorted by timestamp (ascending).
+ */
+async function handleGetAuditLog(tenantId, ddb, tableName) {
+    const result = await ddb.send(new lib_dynamodb_1.QueryCommand({
+        TableName: tableName,
+        KeyConditionExpression: 'PK = :pk AND begins_with(SK, :prefix)',
+        ExpressionAttributeValues: {
+            ':pk': `TENANT#${tenantId}`,
+            ':prefix': 'AUDIT#',
+        },
+        ScanIndexForward: true,
+    }));
+    const events = (result.Items ?? []).map((item) => ({
+        eventType: item['eventType'],
+        fingerprint: item['fingerprint'],
+        metadata: item['metadata'],
+        timestamp: item['timestamp'],
+    }));
+    return {
+        statusCode: 200,
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ events }),
+    };
+}
+//# sourceMappingURL=audit.js.map

package/dist/lib/handler/routes/audit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.js","sourceRoot":"","sources":["../../../../lib/handler/routes/audit.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoCA,sCA8BC;AAKD,8CA6BC;AApGD,+CAAiC;AACjC,wDAI+B;AAC/B,4CAAsC;AAuBtC,MAAM,mBAAmB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;AAE9C;;;;GAIG;AACI,KAAK,UAAU,aAAa,CACjC,GAA2B,EAC3B,SAAiB,EACjB,QAAgB,EAChB,KAAiB;IAEjB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACrC,MAAM,MAAM,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACrD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,mBAAmB,CAAC;IAEhE,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,yBAAU,CAAC;QACb,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE;YACJ,EAAE,EAAE,UAAU,QAAQ,EAAE;YACxB,EAAE,EAAE,SAAS,GAAG,IAAI,MAAM,EAAE;YAC5B,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,SAAS,EAAE,GAAG;YACd,GAAG;SACJ;KACF,CAAC,CACH,CAAC;IAEF,kBAAM,CAAC,IAAI,CAAC,oBAAoB,EAAE;QAChC,QAAQ;QACR,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,WAAW,EAAE,KAAK,CAAC,WAAW;KAC/B,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,iBAAiB,CACrC,QAAgB,EAChB,GAA2B,EAC3B,SAAiB;IAEjB,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,IAAI,CAC3B,IAAI,2BAAY,CAAC;QACf,SAAS,EAAE,SAAS;QACpB,sBAAsB,EAAE,uCAAuC;QAC/D,yBAAyB,EAAE;YACzB,KAAK,EAAE,UAAU,QAAQ,EAAE;YAC3B,SAAS,EAAE,QAAQ;SACpB;QACD,gBAAgB,EAAE,IAAI;KACvB,CAAC,CACH,CAAC;IAEF,MAAM,MAAM,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QACjD,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC;QAC5B,WAAW,EAAE,IAAI,CAAC,aAAa,CAAC;QAChC,QAAQ,EAAE,IAAI,CAAC,UAAU,CAAC;QAC1B,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC;KAC7B,CAAC,CAAC,CAAC;IAEJ,OAAO;QACL,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;KACjC,CAAC;AACJ,CAAC"}

package/dist/lib/handler/routes/audit.ts

@@ -0,0 +1,101 @@
+import * as crypto from 'crypto';
+import {
+  DynamoDBDocumentClient,
+  PutCommand,
+  QueryCommand,
+} from '@aws-sdk/lib-dynamodb';
+import { logger } from '../logger.js';
+
+interface HandlerResponse {
+  statusCode: number;
+  body: string;
+  headers: Record<string, string>;
+}
+
+export type AuditEventType =
+  | 'registered'
+  | 'rotation-started'
+  | 'rotation-confirmed'
+  | 'rotation-completed'
+  | 'revoked'
+  | 'device-linked'
+  | 'device-removed';
+
+export interface AuditEvent {
+  eventType: AuditEventType;
+  fingerprint: string;
+  metadata?: Record<string, unknown>;
+}
+
+const TTL_90_DAYS_SECONDS = 90 * 24 * 60 * 60;
+
+/**
+ * Write an audit event to DynamoDB.
+ *
+ * PK: TENANT#{tenantId}, SK: AUDIT#{ISO timestamp}#{random suffix}
+ */
+export async function logAuditEvent(
+  ddb: DynamoDBDocumentClient,
+  tableName: string,
+  tenantId: string,
+  event: AuditEvent,
+): Promise<void> {
+  const now = new Date().toISOString();
+  const suffix = crypto.randomBytes(6).toString('hex');
+  const ttl = Math.floor(Date.now() / 1000) + TTL_90_DAYS_SECONDS;
+
+  await ddb.send(
+    new PutCommand({
+      TableName: tableName,
+      Item: {
+        PK: `TENANT#${tenantId}`,
+        SK: `AUDIT#${now}#${suffix}`,
+        eventType: event.eventType,
+        fingerprint: event.fingerprint,
+        metadata: event.metadata,
+        timestamp: now,
+        ttl,
+      },
+    }),
+  );
+
+  logger.info('Audit event logged', {
+    tenantId,
+    eventType: event.eventType,
+    fingerprint: event.fingerprint,
+  });
+}
+
+/**
+ * Query all audit log entries for a tenant, sorted by timestamp (ascending).
+ */
+export async function handleGetAuditLog(
+  tenantId: string,
+  ddb: DynamoDBDocumentClient,
+  tableName: string,
+): Promise<HandlerResponse> {
+  const result = await ddb.send(
+    new QueryCommand({
+      TableName: tableName,
+      KeyConditionExpression: 'PK = :pk AND begins_with(SK, :prefix)',
+      ExpressionAttributeValues: {
+        ':pk': `TENANT#${tenantId}`,
+        ':prefix': 'AUDIT#',
+      },
+      ScanIndexForward: true,
+    }),
+  );
+
+  const events = (result.Items ?? []).map((item) => ({
+    eventType: item['eventType'],
+    fingerprint: item['fingerprint'],
+    metadata: item['metadata'],
+    timestamp: item['timestamp'],
+  }));
+
+  return {
+    statusCode: 200,
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ events }),
+  };
+}

package/dist/lib/handler/routes/blobs.d.ts

@@ -0,0 +1,13 @@
+import { DynamoDBDocumentClient } from '@aws-sdk/lib-dynamodb';
+interface HandlerResponse {
+    statusCode: number;
+    body: string;
+    headers: Record<string, string>;
+}
+export declare function handlePutBlob(blobId: string, tenantId: string, rawBody: string | null | undefined, isBase64Encoded: boolean, contentType: string, ddb: DynamoDBDocumentClient, tableName: string): Promise<HandlerResponse>;
+export declare function handleGetBlob(blobId: string, tenantId: string, ddb: DynamoDBDocumentClient, tableName: string): Promise<HandlerResponse>;
+export declare function handleDeleteBlob(blobId: string, tenantId: string, ddb: DynamoDBDocumentClient, tableName: string): Promise<HandlerResponse>;
+export declare function handleListBlobs(tenantId: string, since: string | undefined, ddb: DynamoDBDocumentClient, tableName: string): Promise<HandlerResponse>;
+export declare function handleCountBlobs(tenantId: string, ddb: DynamoDBDocumentClient, tableName: string): Promise<HandlerResponse>;
+export {};
+//# sourceMappingURL=blobs.d.ts.map

package/dist/lib/handler/routes/blobs.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"blobs.d.ts","sourceRoot":"","sources":["../../../../lib/handler/routes/blobs.ts"],"names":[],"mappings":"AACA,OAAO,EACL,sBAAsB,EAKvB,MAAM,uBAAuB,CAAC;AAK/B,UAAU,eAAe;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACjC;AAID,wBAAsB,aAAa,CACjC,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,EAClC,eAAe,EAAE,OAAO,EACxB,WAAW,EAAE,MAAM,EACnB,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,eAAe,CAAC,CAuG1B;AAED,wBAAsB,aAAa,CACjC,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,eAAe,CAAC,CAkC1B;AAED,wBAAsB,gBAAgB,CACpC,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,eAAe,CAAC,CAiE1B;AAED,wBAAsB,eAAe,CACnC,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,GAAG,SAAS,EACzB,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,eAAe,CAAC,CAuE1B;AAED,wBAAsB,gBAAgB,CACpC,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,eAAe,CAAC,CAmB1B"}