npm - @enbox/dwn-server - Versions diffs - 0.0.2 → 0.0.4 - Mend

@enbox/dwn-server 0.0.2 → 0.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (309) hide show

package/LICENSE +3 -2
package/README.md +115 -215
package/dist/esm/src/admin/activity-log.d.ts +44 -0
package/dist/esm/src/admin/activity-log.d.ts.map +1 -0
package/dist/esm/src/admin/activity-log.js +85 -0
package/dist/esm/src/admin/activity-log.js.map +1 -0
package/dist/esm/src/admin/admin-api.d.ts +61 -0
package/dist/esm/src/admin/admin-api.d.ts.map +1 -0
package/dist/esm/src/admin/admin-api.js +1047 -0
package/dist/esm/src/admin/admin-api.js.map +1 -0
package/dist/esm/src/admin/admin-auth.d.ts +9 -0
package/dist/esm/src/admin/admin-auth.d.ts.map +1 -0
package/dist/esm/src/admin/admin-auth.js +45 -0
package/dist/esm/src/admin/admin-auth.js.map +1 -0
package/dist/esm/src/admin/admin-store.d.ts +111 -0
package/dist/esm/src/admin/admin-store.d.ts.map +1 -0
package/dist/esm/src/admin/admin-store.js +376 -0
package/dist/esm/src/admin/admin-store.js.map +1 -0
package/dist/esm/src/admin/audit-log.d.ts +94 -0
package/dist/esm/src/admin/audit-log.d.ts.map +1 -0
package/dist/esm/src/admin/audit-log.js +220 -0
package/dist/esm/src/admin/audit-log.js.map +1 -0
package/dist/esm/src/admin/index.d.ts +10 -0
package/dist/esm/src/admin/index.d.ts.map +1 -0
package/dist/esm/src/admin/index.js +7 -0
package/dist/esm/src/admin/index.js.map +1 -0
package/dist/esm/src/admin/types.d.ts +306 -0
package/dist/esm/src/admin/types.d.ts.map +1 -0
package/dist/esm/src/admin/types.js +2 -0
package/dist/esm/src/admin/types.js.map +1 -0
package/dist/esm/src/admin/webhook-manager.d.ts +55 -0
package/dist/esm/src/admin/webhook-manager.d.ts.map +1 -0
package/dist/esm/src/admin/webhook-manager.js +184 -0
package/dist/esm/src/admin/webhook-manager.js.map +1 -0
package/dist/esm/src/config.d.ts +124 -9
package/dist/esm/src/config.d.ts.map +1 -1
package/dist/esm/src/config.js +155 -13
package/dist/esm/src/config.js.map +1 -1
package/dist/esm/src/connection/connection-manager.d.ts +32 -9
package/dist/esm/src/connection/connection-manager.d.ts.map +1 -1
package/dist/esm/src/connection/connection-manager.js +38 -5
package/dist/esm/src/connection/connection-manager.js.map +1 -1
package/dist/esm/src/connection/flow-controller.d.ts +53 -0
package/dist/esm/src/connection/flow-controller.d.ts.map +1 -0
package/dist/esm/src/connection/flow-controller.js +101 -0
package/dist/esm/src/connection/flow-controller.js.map +1 -0
package/dist/esm/src/connection/socket-connection.d.ts +54 -18
package/dist/esm/src/connection/socket-connection.d.ts.map +1 -1
package/dist/esm/src/connection/socket-connection.js +102 -40
package/dist/esm/src/connection/socket-connection.js.map +1 -1
package/dist/esm/src/delivery-service.d.ts +43 -0
package/dist/esm/src/delivery-service.d.ts.map +1 -0
package/dist/esm/src/delivery-service.js +574 -0
package/dist/esm/src/delivery-service.js.map +1 -0
package/dist/esm/src/dwn-error.d.ts +10 -1
package/dist/esm/src/dwn-error.d.ts.map +1 -1
package/dist/esm/src/dwn-error.js +9 -0
package/dist/esm/src/dwn-error.js.map +1 -1
package/dist/esm/src/dwn-server.d.ts +13 -6
package/dist/esm/src/dwn-server.d.ts.map +1 -1
package/dist/esm/src/dwn-server.js +199 -24
package/dist/esm/src/dwn-server.js.map +1 -1
package/dist/esm/src/http-api.d.ts +28 -13
package/dist/esm/src/http-api.d.ts.map +1 -1
package/dist/esm/src/http-api.js +649 -374
package/dist/esm/src/http-api.js.map +1 -1
package/dist/esm/src/index.d.ts +6 -2
package/dist/esm/src/index.d.ts.map +1 -1
package/dist/esm/src/index.js +4 -1
package/dist/esm/src/index.js.map +1 -1
package/dist/esm/src/json-rpc-api.js +2 -1
package/dist/esm/src/json-rpc-api.js.map +1 -1
package/dist/esm/src/json-rpc-handlers/dwn/process-message.d.ts.map +1 -1
package/dist/esm/src/json-rpc-handlers/dwn/process-message.js +109 -7
package/dist/esm/src/json-rpc-handlers/dwn/process-message.js.map +1 -1
package/dist/esm/src/json-rpc-handlers/subscription/ack.d.ts +20 -0
package/dist/esm/src/json-rpc-handlers/subscription/ack.d.ts.map +1 -0
package/dist/esm/src/json-rpc-handlers/subscription/ack.js +41 -0
package/dist/esm/src/json-rpc-handlers/subscription/ack.js.map +1 -0
package/dist/esm/src/json-rpc-handlers/subscription/close.d.ts.map +1 -1
package/dist/esm/src/json-rpc-handlers/subscription/close.js +1 -1
package/dist/esm/src/json-rpc-handlers/subscription/close.js.map +1 -1
package/dist/esm/src/json-rpc-handlers/subscription/index.d.ts +1 -0
package/dist/esm/src/json-rpc-handlers/subscription/index.d.ts.map +1 -1
package/dist/esm/src/json-rpc-handlers/subscription/index.js +1 -0
package/dist/esm/src/json-rpc-handlers/subscription/index.js.map +1 -1
package/dist/esm/src/lib/json-rpc-router.d.ts +25 -8
package/dist/esm/src/lib/json-rpc-router.d.ts.map +1 -1
package/dist/esm/src/lib/json-rpc-router.js.map +1 -1
package/dist/esm/src/lib/sql-utils.d.ts +6 -0
package/dist/esm/src/lib/sql-utils.d.ts.map +1 -0
package/dist/esm/src/lib/sql-utils.js +8 -0
package/dist/esm/src/lib/sql-utils.js.map +1 -0
package/dist/esm/src/main.js +0 -6
package/dist/esm/src/main.js.map +1 -1
package/dist/esm/src/message-processed-hook.d.ts +35 -0
package/dist/esm/src/message-processed-hook.d.ts.map +1 -0
package/dist/esm/src/message-processed-hook.js +2 -0
package/dist/esm/src/message-processed-hook.js.map +1 -0
package/dist/esm/src/metrics.d.ts +14 -2
package/dist/esm/src/metrics.d.ts.map +1 -1
package/dist/esm/src/metrics.js +41 -1
package/dist/esm/src/metrics.js.map +1 -1
package/dist/esm/src/plugins/event-log-nats.d.ts +25 -0
package/dist/esm/src/plugins/event-log-nats.d.ts.map +1 -0
package/dist/esm/src/plugins/event-log-nats.js +379 -0
package/dist/esm/src/plugins/event-log-nats.js.map +1 -0
package/dist/esm/src/rate-limiter.d.ts +60 -0
package/dist/esm/src/rate-limiter.d.ts.map +1 -0
package/dist/esm/src/rate-limiter.js +116 -0
package/dist/esm/src/rate-limiter.js.map +1 -0
package/dist/esm/src/registration/jwt-provider-auth-plugin.d.ts +53 -0
package/dist/esm/src/registration/jwt-provider-auth-plugin.d.ts.map +1 -0
package/dist/esm/src/registration/jwt-provider-auth-plugin.js +90 -0
package/dist/esm/src/registration/jwt-provider-auth-plugin.js.map +1 -0
package/dist/esm/src/registration/open-auth-handler.d.ts +37 -0
package/dist/esm/src/registration/open-auth-handler.d.ts.map +1 -0
package/dist/esm/src/registration/open-auth-handler.js +214 -0
package/dist/esm/src/registration/open-auth-handler.js.map +1 -0
package/dist/esm/src/registration/proof-of-work-manager.d.ts +1 -1
package/dist/esm/src/registration/proof-of-work-manager.d.ts.map +1 -1
package/dist/esm/src/registration/proof-of-work-manager.js +3 -3
package/dist/esm/src/registration/proof-of-work-manager.js.map +1 -1
package/dist/esm/src/registration/provider-auth-plugin.d.ts +46 -0
package/dist/esm/src/registration/provider-auth-plugin.d.ts.map +1 -0
package/dist/esm/src/registration/provider-auth-plugin.js +29 -0
package/dist/esm/src/registration/provider-auth-plugin.js.map +1 -0
package/dist/esm/src/registration/registration-manager.d.ts +28 -5
package/dist/esm/src/registration/registration-manager.d.ts.map +1 -1
package/dist/esm/src/registration/registration-manager.js +83 -12
package/dist/esm/src/registration/registration-manager.js.map +1 -1
package/dist/esm/src/registration/registration-store.d.ts +83 -3
package/dist/esm/src/registration/registration-store.d.ts.map +1 -1
package/dist/esm/src/registration/registration-store.js +248 -11
package/dist/esm/src/registration/registration-store.js.map +1 -1
package/dist/esm/src/storage.d.ts +5 -5
package/dist/esm/src/storage.d.ts.map +1 -1
package/dist/esm/src/storage.js +105 -24
package/dist/esm/src/storage.js.map +1 -1
package/dist/esm/src/web5-connect/sql-ttl-cache.d.ts.map +1 -1
package/dist/esm/src/web5-connect/sql-ttl-cache.js +11 -3
package/dist/esm/src/web5-connect/sql-ttl-cache.js.map +1 -1
package/dist/esm/src/web5-connect/web5-connect-server.d.ts.map +1 -1
package/dist/esm/src/web5-connect/web5-connect-server.js +2 -2
package/dist/esm/src/web5-connect/web5-connect-server.js.map +1 -1
package/dist/esm/src/ws-api.d.ts +18 -4
package/dist/esm/src/ws-api.d.ts.map +1 -1
package/dist/esm/src/ws-api.js +12 -16
package/dist/esm/src/ws-api.js.map +1 -1
package/package.json +34 -53
package/src/admin/activity-log.ts +100 -0
package/src/admin/admin-api.ts +1308 -0
package/src/admin/admin-auth.ts +56 -0
package/src/admin/admin-store.ts +515 -0
package/src/admin/audit-log.ts +327 -0
package/src/admin/index.ts +34 -0
package/src/admin/types.ts +352 -0
package/src/admin/webhook-manager.ts +245 -0
package/src/config.ts +190 -22
package/src/connection/connection-manager.ts +67 -17
package/src/connection/flow-controller.ts +117 -0
package/src/connection/socket-connection.ts +144 -67
package/src/delivery-service.ts +740 -0
package/src/dwn-error.ts +11 -2
package/src/dwn-server.ts +254 -39
package/src/http-api.ts +736 -392
package/src/index.ts +13 -2
package/src/json-rpc-api.ts +2 -1
package/src/json-rpc-handlers/dwn/process-message.ts +149 -15
package/src/json-rpc-handlers/subscription/ack.ts +63 -0
package/src/json-rpc-handlers/subscription/close.ts +5 -9
package/src/json-rpc-handlers/subscription/index.ts +1 -0
package/src/lib/json-rpc-router.ts +26 -11
package/src/lib/sql-utils.ts +7 -0
package/src/main.ts +0 -8
package/src/message-processed-hook.ts +33 -0
package/src/metrics.ts +57 -8
package/src/plugins/event-log-nats.ts +466 -0
package/src/process-handlers.ts +5 -5
package/src/rate-limiter.ts +143 -0
package/src/registration/jwt-provider-auth-plugin.ts +119 -0
package/src/registration/open-auth-handler.ts +263 -0
package/src/registration/proof-of-work-manager.ts +11 -10
package/src/registration/provider-auth-plugin.ts +84 -0
package/src/registration/registration-manager.ts +129 -31
package/src/registration/registration-store.ts +332 -22
package/src/storage.ts +136 -40
package/src/web5-connect/sql-ttl-cache.ts +12 -5
package/src/web5-connect/web5-connect-server.ts +9 -8
package/src/ws-api.ts +39 -26
package/dist/cjs/index.js +0 -6811
package/dist/cjs/package.json +0 -1
package/dist/esm/src/json-rpc-socket.d.ts +0 -39
package/dist/esm/src/json-rpc-socket.d.ts.map +0 -1
package/dist/esm/src/json-rpc-socket.js +0 -125
package/dist/esm/src/json-rpc-socket.js.map +0 -1
package/dist/esm/src/lib/http-server-shutdown-handler.d.ts +0 -10
package/dist/esm/src/lib/http-server-shutdown-handler.d.ts.map +0 -1
package/dist/esm/src/lib/http-server-shutdown-handler.js +0 -65
package/dist/esm/src/lib/http-server-shutdown-handler.js.map +0 -1
package/dist/esm/src/lib/json-rpc.d.ts +0 -54
package/dist/esm/src/lib/json-rpc.d.ts.map +0 -1
package/dist/esm/src/lib/json-rpc.js +0 -60
package/dist/esm/src/lib/json-rpc.js.map +0 -1
package/dist/esm/src/registration/proof-of-work-types.d.ts +0 -8
package/dist/esm/src/registration/proof-of-work-types.d.ts.map +0 -1
package/dist/esm/src/registration/proof-of-work-types.js +0 -2
package/dist/esm/src/registration/proof-of-work-types.js.map +0 -1
package/dist/esm/src/registration/registration-types.d.ts +0 -18
package/dist/esm/src/registration/registration-types.d.ts.map +0 -1
package/dist/esm/src/registration/registration-types.js +0 -2
package/dist/esm/src/registration/registration-types.js.map +0 -1
package/dist/esm/tests/common-scenario-validator.d.ts +0 -11
package/dist/esm/tests/common-scenario-validator.d.ts.map +0 -1
package/dist/esm/tests/common-scenario-validator.js +0 -114
package/dist/esm/tests/common-scenario-validator.js.map +0 -1
package/dist/esm/tests/connection/connection-manager.spec.d.ts +0 -2
package/dist/esm/tests/connection/connection-manager.spec.d.ts.map +0 -1
package/dist/esm/tests/connection/connection-manager.spec.js +0 -47
package/dist/esm/tests/connection/connection-manager.spec.js.map +0 -1
package/dist/esm/tests/connection/socket-connection.spec.d.ts +0 -2
package/dist/esm/tests/connection/socket-connection.spec.d.ts.map +0 -1
package/dist/esm/tests/connection/socket-connection.spec.js +0 -125
package/dist/esm/tests/connection/socket-connection.spec.js.map +0 -1
package/dist/esm/tests/cors/http-api.browser.d.ts +0 -2
package/dist/esm/tests/cors/http-api.browser.d.ts.map +0 -1
package/dist/esm/tests/cors/http-api.browser.js +0 -60
package/dist/esm/tests/cors/http-api.browser.js.map +0 -1
package/dist/esm/tests/cors/ping.browser.d.ts +0 -2
package/dist/esm/tests/cors/ping.browser.d.ts.map +0 -1
package/dist/esm/tests/cors/ping.browser.js +0 -7
package/dist/esm/tests/cors/ping.browser.js.map +0 -1
package/dist/esm/tests/dwn-process-message.spec.d.ts +0 -2
package/dist/esm/tests/dwn-process-message.spec.d.ts.map +0 -1
package/dist/esm/tests/dwn-process-message.spec.js +0 -172
package/dist/esm/tests/dwn-process-message.spec.js.map +0 -1
package/dist/esm/tests/dwn-server.spec.d.ts +0 -2
package/dist/esm/tests/dwn-server.spec.d.ts.map +0 -1
package/dist/esm/tests/dwn-server.spec.js +0 -49
package/dist/esm/tests/dwn-server.spec.js.map +0 -1
package/dist/esm/tests/http-api.spec.d.ts +0 -2
package/dist/esm/tests/http-api.spec.d.ts.map +0 -1
package/dist/esm/tests/http-api.spec.js +0 -775
package/dist/esm/tests/http-api.spec.js.map +0 -1
package/dist/esm/tests/json-rpc-socket.spec.d.ts +0 -2
package/dist/esm/tests/json-rpc-socket.spec.d.ts.map +0 -1
package/dist/esm/tests/json-rpc-socket.spec.js +0 -225
package/dist/esm/tests/json-rpc-socket.spec.js.map +0 -1
package/dist/esm/tests/plugins/data-store-sqlite.d.ts +0 -17
package/dist/esm/tests/plugins/data-store-sqlite.d.ts.map +0 -1
package/dist/esm/tests/plugins/data-store-sqlite.js +0 -23
package/dist/esm/tests/plugins/data-store-sqlite.js.map +0 -1
package/dist/esm/tests/plugins/event-log-sqlite.d.ts +0 -17
package/dist/esm/tests/plugins/event-log-sqlite.d.ts.map +0 -1
package/dist/esm/tests/plugins/event-log-sqlite.js +0 -23
package/dist/esm/tests/plugins/event-log-sqlite.js.map +0 -1
package/dist/esm/tests/plugins/event-stream-in-memory.d.ts +0 -17
package/dist/esm/tests/plugins/event-stream-in-memory.d.ts.map +0 -1
package/dist/esm/tests/plugins/event-stream-in-memory.js +0 -21
package/dist/esm/tests/plugins/event-stream-in-memory.js.map +0 -1
package/dist/esm/tests/plugins/message-store-sqlite.d.ts +0 -17
package/dist/esm/tests/plugins/message-store-sqlite.d.ts.map +0 -1
package/dist/esm/tests/plugins/message-store-sqlite.js +0 -23
package/dist/esm/tests/plugins/message-store-sqlite.js.map +0 -1
package/dist/esm/tests/plugins/resumable-task-store-sqlite.d.ts +0 -17
package/dist/esm/tests/plugins/resumable-task-store-sqlite.d.ts.map +0 -1
package/dist/esm/tests/plugins/resumable-task-store-sqlite.js +0 -23
package/dist/esm/tests/plugins/resumable-task-store-sqlite.js.map +0 -1
package/dist/esm/tests/process-handler.spec.d.ts +0 -2
package/dist/esm/tests/process-handler.spec.d.ts.map +0 -1
package/dist/esm/tests/process-handler.spec.js +0 -60
package/dist/esm/tests/process-handler.spec.js.map +0 -1
package/dist/esm/tests/registration/proof-of-work-manager.spec.d.ts +0 -2
package/dist/esm/tests/registration/proof-of-work-manager.spec.d.ts.map +0 -1
package/dist/esm/tests/registration/proof-of-work-manager.spec.js +0 -157
package/dist/esm/tests/registration/proof-of-work-manager.spec.js.map +0 -1
package/dist/esm/tests/rpc-subscribe-close.spec.d.ts +0 -2
package/dist/esm/tests/rpc-subscribe-close.spec.d.ts.map +0 -1
package/dist/esm/tests/rpc-subscribe-close.spec.js +0 -81
package/dist/esm/tests/rpc-subscribe-close.spec.js.map +0 -1
package/dist/esm/tests/scenarios/dynamic-plugin-loading.spec.d.ts +0 -2
package/dist/esm/tests/scenarios/dynamic-plugin-loading.spec.d.ts.map +0 -1
package/dist/esm/tests/scenarios/dynamic-plugin-loading.spec.js +0 -73
package/dist/esm/tests/scenarios/dynamic-plugin-loading.spec.js.map +0 -1
package/dist/esm/tests/scenarios/registration.spec.d.ts +0 -2
package/dist/esm/tests/scenarios/registration.spec.d.ts.map +0 -1
package/dist/esm/tests/scenarios/registration.spec.js +0 -507
package/dist/esm/tests/scenarios/registration.spec.js.map +0 -1
package/dist/esm/tests/scenarios/web5-connect.spec.d.ts +0 -2
package/dist/esm/tests/scenarios/web5-connect.spec.d.ts.map +0 -1
package/dist/esm/tests/scenarios/web5-connect.spec.js +0 -137
package/dist/esm/tests/scenarios/web5-connect.spec.js.map +0 -1
package/dist/esm/tests/test-dwn.d.ts +0 -7
package/dist/esm/tests/test-dwn.d.ts.map +0 -1
package/dist/esm/tests/test-dwn.js +0 -34
package/dist/esm/tests/test-dwn.js.map +0 -1
package/dist/esm/tests/utils.d.ts +0 -46
package/dist/esm/tests/utils.d.ts.map +0 -1
package/dist/esm/tests/utils.js +0 -116
package/dist/esm/tests/utils.js.map +0 -1
package/dist/esm/tests/ws-api.spec.d.ts +0 -2
package/dist/esm/tests/ws-api.spec.d.ts.map +0 -1
package/dist/esm/tests/ws-api.spec.js +0 -327
package/dist/esm/tests/ws-api.spec.js.map +0 -1
package/src/json-rpc-socket.ts +0 -155
package/src/lib/http-server-shutdown-handler.ts +0 -79
package/src/lib/json-rpc.ts +0 -126
package/src/registration/proof-of-work-types.ts +0 -7
package/src/registration/registration-types.ts +0 -18

package/src/registration/registration-manager.ts CHANGED Viewed

@@ -1,12 +1,14 @@
-import { ProofOfWorkManager } from "./proof-of-work-manager.js";
-import { ProofOfWork } from "./proof-of-work.js";
-import { RegistrationStore } from "./registration-store.js";
-import type { RegistrationData, RegistrationRequest } from "./registration-types.js";
-import type { ProofOfWorkChallengeModel } from "./proof-of-work-types.js";
-import { DwnServerError, DwnServerErrorCode } from "../dwn-error.js";
-import type { ActiveTenantCheckResult, TenantGate } from "@enbox/dwn-sdk-js";
-import { getDialectFromUrl } from "../storage.js";
-import { readFileSync } from "fs";
+import type { ProviderAuthPlugin } from './provider-auth-plugin.js';
+import type { ActiveTenantCheckResult, TenantGate } from '@enbox/dwn-sdk-js';
+import type { ProofOfWorkChallengeModel, RegistrationRequest } from '@enbox/dwn-clients';
+import { readFileSync } from 'fs';
+import { getDialectFromUrl } from '../storage.js';
+import { ProofOfWork } from './proof-of-work.js';
+import { ProofOfWorkManager } from './proof-of-work-manager.js';
+import { RegistrationStore } from './registration-store.js';
+import { DwnServerError, DwnServerErrorCode } from '../dwn-error.js';
 /**
  * The RegistrationManager is responsible for managing the registration of tenants.
@@ -14,6 +16,7 @@ import { readFileSync } from "fs";
  */
 export class RegistrationManager implements TenantGate {
   private proofOfWorkManager: ProofOfWorkManager;
+  private providerAuthPlugin?: ProviderAuthPlugin;
   private registrationStore: RegistrationStore;
   private termsOfServiceHash?: string;
@@ -27,7 +30,7 @@ export class RegistrationManager implements TenantGate {
   }
   /**
-   * The terms-of-service hash.
+   * The terms-of-service hash.
    */
   public getTermsOfServiceHash(): string | undefined {
     return this.termsOfServiceHash;
@@ -45,13 +48,14 @@ export class RegistrationManager implements TenantGate {
    * Creates a new RegistrationManager instance.
    * @param input.registrationStoreUrl - The URL of the registration store.
    * Set to `undefined` or empty string if tenant registration is not required (ie. DWN is open for all).
-   *
+   *
    */
   public static async create(input: {
     registrationStoreUrl?: string,
-    termsOfServiceFilePath?: string
+    termsOfServiceFilePath?: string,
     proofOfWorkChallengeNonceSeed?: string,
     proofOfWorkInitialMaximumAllowedHash?: string,
+    providerAuthPlugin?: ProviderAuthPlugin,
   }): Promise<RegistrationManager> {
     const { termsOfServiceFilePath, registrationStoreUrl } = input;
@@ -70,17 +74,22 @@ export class RegistrationManager implements TenantGate {
     // Initialize and start ProofOfWorkManager.
     registrationManager.proofOfWorkManager = await ProofOfWorkManager.create({
-      autoStart: true,
-      desiredSolveCountPerMinute: 10,
-      initialMaximumAllowedHashValue: input.proofOfWorkInitialMaximumAllowedHash,
-      challengeSeed: input.proofOfWorkChallengeNonceSeed,
+      autoStart                      : true,
+      desiredSolveCountPerMinute     : 10,
+      initialMaximumAllowedHashValue : input.proofOfWorkInitialMaximumAllowedHash,
+      challengeSeed                  : input.proofOfWorkChallengeNonceSeed,
     });
     // Initialize RegistrationStore.
     const sqlDialect = getDialectFromUrl(new URL(registrationStoreUrl));
     const registrationStore = await RegistrationStore.create(sqlDialect);
     registrationManager.registrationStore = registrationStore;
+    // Store optional provider auth plugin.
+    if (input.providerAuthPlugin !== undefined) {
+      registrationManager.providerAuthPlugin = input.providerAuthPlugin;
+    }
     return registrationManager;
   }
@@ -93,17 +102,79 @@ export class RegistrationManager implements TenantGate {
   }
   /**
-   * Handles a registration request.
+   * Handles a registration request by dispatching to the appropriate handler
+   * based on the credentials provided.
    */
   public async handleRegistrationRequest(registrationRequest: RegistrationRequest): Promise<void> {
-    // Ensure the supplied terms of service hash matches the one we require.
-    if (registrationRequest.registrationData.termsOfServiceHash !== this.termsOfServiceHash) {
-      throw new DwnServerError(DwnServerErrorCode.RegistrationManagerInvalidOrOutdatedTermsOfServiceHash,
-        `Expecting terms-of-service hash ${this.termsOfServiceHash}, but got ${registrationRequest.registrationData.termsOfServiceHash}.`
+    if (registrationRequest.providerAuth?.registrationToken !== undefined) {
+      await this.handleProviderAuthRegistration(registrationRequest);
+    } else if (registrationRequest.proofOfWork !== undefined) {
+      await this.handleProofOfWorkRegistration(registrationRequest);
+    } else {
+      throw new DwnServerError(
+        DwnServerErrorCode.RegistrationRequestMissingCredentials,
+        'Registration request must include either providerAuth or proofOfWork credentials.',
       );
     }
+  }
-    const { challengeNonce, responseNonce } = registrationRequest.proofOfWork;
+  /**
+   * Handles a provider-auth registration request.
+   */
+  private async handleProviderAuthRegistration(registrationRequest: RegistrationRequest): Promise<void> {
+    if (this.providerAuthPlugin === undefined) {
+      throw new DwnServerError(
+        DwnServerErrorCode.ProviderAuthNotEnabled,
+        'Provider auth registration is not enabled on this server.',
+      );
+    }
+    const token = registrationRequest.providerAuth!.registrationToken;
+    const validationResult = await this.providerAuthPlugin.validateRegistrationToken(token);
+    if (!validationResult.isValid) {
+      throw new DwnServerError(
+        DwnServerErrorCode.ProviderAuthTokenInvalid,
+        validationResult.detail ?? 'Provider auth registration token is invalid.',
+      );
+    }
+    // Validate ToS only when the server has ToS configured AND the request includes a hash.
+    if (this.termsOfServiceHash !== undefined && registrationRequest.registrationData.termsOfServiceHash !== undefined) {
+      if (registrationRequest.registrationData.termsOfServiceHash !== this.termsOfServiceHash) {
+        throw new DwnServerError(DwnServerErrorCode.RegistrationManagerInvalidOrOutdatedTermsOfServiceHash,
+          `Expecting terms-of-service hash ${this.termsOfServiceHash}, ` +
+          `but got ${registrationRequest.registrationData.termsOfServiceHash}.`,
+        );
+      }
+    }
+    await this.registrationStore.insertOrUpdateTenantRegistration({
+      did                : registrationRequest.registrationData.did,
+      termsOfServiceHash : registrationRequest.registrationData.termsOfServiceHash,
+      accountId          : validationResult.accountId,
+      registrationType   : 'provider-auth',
+      metadata           : validationResult.metadata !== undefined
+        ? JSON.stringify(validationResult.metadata)
+        : undefined,
+    });
+  }
+  /**
+   * Handles a proof-of-work registration request.
+   */
+  private async handleProofOfWorkRegistration(registrationRequest: RegistrationRequest): Promise<void> {
+    // Validate ToS only when the server has ToS configured.
+    if (this.termsOfServiceHash !== undefined) {
+      if (registrationRequest.registrationData.termsOfServiceHash !== this.termsOfServiceHash) {
+        throw new DwnServerError(DwnServerErrorCode.RegistrationManagerInvalidOrOutdatedTermsOfServiceHash,
+          `Expecting terms-of-service hash ${this.termsOfServiceHash}, ` +
+          `but got ${registrationRequest.registrationData.termsOfServiceHash}.`,
+        );
+      }
+    }
+    const { challengeNonce, responseNonce } = registrationRequest.proofOfWork!;
     await this.proofOfWorkManager.verifyProofOfWork({
       challengeNonce,
@@ -112,14 +183,24 @@ export class RegistrationManager implements TenantGate {
     });
     // Store tenant registration data in database.
-    await this.recordTenantRegistration(registrationRequest.registrationData);
+    await this.recordTenantRegistration({
+      did                : registrationRequest.registrationData.did,
+      termsOfServiceHash : registrationRequest.registrationData.termsOfServiceHash,
+      registrationType   : 'proof-of-work',
+    });
   }
   /**
    * Records the given registration data in the database.
    * Exposed as a public method for testing purposes.
    */
-  public async recordTenantRegistration(registrationData: RegistrationData): Promise<void> {
+  public async recordTenantRegistration(registrationData: {
+    did: string;
+    termsOfServiceHash?: string;
+    accountId?: string;
+    registrationType?: string;
+    metadata?: string;
+  }): Promise<void> {
     await this.registrationStore.insertOrUpdateTenantRegistration(registrationData);
   }
@@ -136,18 +217,35 @@ export class RegistrationManager implements TenantGate {
     if (tenantRegistration === undefined) {
       return {
-        isActiveTenant: false,
-        detail: 'Not a registered tenant.'
+        isActiveTenant : false,
+        detail         : 'Not a registered tenant.'
       };
     }
-    if (tenantRegistration.termsOfServiceHash !== this.termsOfServiceHash) {
+    if (tenantRegistration.suspended) {
       return {
-        isActiveTenant: false,
-        detail: 'Agreed terms-of-service is outdated.'
+        isActiveTenant : false,
+        detail         : 'Tenant is suspended.'
       };
     }
-    return { isActiveTenant: true }
+    // Only enforce ToS hash check when the server has a ToS configured.
+    if (this.termsOfServiceHash !== undefined &&
+      tenantRegistration.termsOfServiceHash !== this.termsOfServiceHash) {
+      return {
+        isActiveTenant : false,
+        detail         : 'Agreed terms-of-service is outdated.'
+      };
+    }
+    return { isActiveTenant: true };
+  }
+  /**
+   * Returns the underlying RegistrationStore, if initialized.
+   * Used by the admin API to access tenant data.
+   */
+  public getRegistrationStore(): RegistrationStore | undefined {
+    return this.registrationStore;
   }
 }

package/src/registration/registration-store.ts CHANGED Viewed

@@ -1,12 +1,16 @@
-import { Kysely } from 'kysely';
-import type { RegistrationData } from './registration-types.js';
 import type { Dialect } from '@enbox/dwn-sql-store';
+import type { TenantQuota } from '../admin/types.js';
+import { Kysely, sql } from 'kysely';
+import { escapeLikeWildcards } from '../lib/sql-utils.js';
 /**
  * The RegistrationStore is responsible for storing and retrieving tenant registration information.
  */
 export class RegistrationStore {
   private static readonly registeredTenantTableName = 'registeredTenants';
+  private static readonly tenantQuotasTableName = 'tenantQuotas';
   private db: Kysely<RegistrationDatabase>;
@@ -18,46 +22,114 @@ export class RegistrationStore {
    * Creates a new RegistrationStore instance.
    */
   public static async create(sqlDialect: Dialect): Promise<RegistrationStore> {
-    const proofOfWorkManager = new RegistrationStore(sqlDialect);
+    const store = new RegistrationStore(sqlDialect);
-    await proofOfWorkManager.initialize();
+    await store.initialize();
-    return proofOfWorkManager;
+    return store;
   }
   private async initialize(): Promise<void> {
     await this.db.schema
-    .createTable(RegistrationStore.registeredTenantTableName)
-    .ifNotExists()
-    .addColumn('did', 'text', (column) => column.primaryKey())
-    .addColumn('termsOfServiceHash', 'text')
-    .execute();
+      .createTable(RegistrationStore.registeredTenantTableName)
+      .ifNotExists()
+      .addColumn('did', 'text', (column) => column.primaryKey())
+      .addColumn('termsOfServiceHash', 'text')
+      .addColumn('suspended', 'integer', (column) => column.defaultTo(0))
+      .execute();
+    // Add the `suspended` column to existing tables that don't have it yet.
+    // Kysely doesn't support `ADD COLUMN IF NOT EXISTS` across all dialects, so we
+    // catch and ignore the "column already exists" error.
+    try {
+      await this.db.schema
+        .alterTable(RegistrationStore.registeredTenantTableName)
+        .addColumn('suspended', 'integer', (column) => column.defaultTo(0))
+        .execute();
+    } catch {
+      // Column already exists — expected for new installations.
+    }
+    // Add provider-auth columns (idempotent migration). https://github.com/enboxorg/enbox/issues/404
+    for (const col of ['accountId', 'registrationType', 'registeredAt', 'metadata']) {
+      try {
+        await this.db.schema
+          .alterTable(RegistrationStore.registeredTenantTableName)
+          .addColumn(col, 'text')
+          .execute();
+      } catch {
+        // Column already exists — expected.
+      }
+    }
+    // Per-tenant storage quotas table.
+    await this.db.schema
+      .createTable(RegistrationStore.tenantQuotasTableName)
+      .ifNotExists()
+      .addColumn('did', 'text', (column) => column.primaryKey())
+      .addColumn('maxMessages', 'integer', (column) => column.defaultTo(0))
+      .addColumn('maxStorageBytes', 'bigint', (column) => column.defaultTo(0))
+      .execute();
   }
   /**
    * Inserts or updates the tenant registration information.
    */
-  public async insertOrUpdateTenantRegistration(registrationData: RegistrationData): Promise<void> {
+  public async insertOrUpdateTenantRegistration(registrationData: {
+    did: string;
+    termsOfServiceHash?: string;
+    accountId?: string;
+    registrationType?: string;
+    metadata?: string;
+  }): Promise<void> {
+    const insertValues: Record<string, unknown> = {
+      did                : registrationData.did,
+      termsOfServiceHash : registrationData.termsOfServiceHash ?? '',
+      suspended          : 0,
+      registeredAt       : new Date().toISOString(),
+    };
+    if (registrationData.accountId !== undefined) {
+      insertValues.accountId = registrationData.accountId;
+    }
+    if (registrationData.registrationType !== undefined) {
+      insertValues.registrationType = registrationData.registrationType;
+    }
+    if (registrationData.metadata !== undefined) {
+      insertValues.metadata = registrationData.metadata;
+    }
     await this.db
       .insertInto(RegistrationStore.registeredTenantTableName)
-      .values(registrationData)
+      .values(insertValues as any)
       .onConflict((oc) =>
-        oc.column('did').doUpdateSet((eb) => ({
-          termsOfServiceHash: eb.ref('excluded.termsOfServiceHash'),
-        })),
+        oc.column('did').doUpdateSet((eb) => {
+          const updateSet: Record<string, any> = {
+            termsOfServiceHash: eb.ref('excluded.termsOfServiceHash'),
+          };
+          // Do NOT overwrite registeredAt on update.
+          if (registrationData.accountId !== undefined) {
+            updateSet.accountId = registrationData.accountId;
+          }
+          if (registrationData.registrationType !== undefined) {
+            updateSet.registrationType = registrationData.registrationType;
+          }
+          if (registrationData.metadata !== undefined) {
+            updateSet.metadata = registrationData.metadata;
+          }
+          return updateSet;
+        }),
       )
-      // Executes the query. No error is thrown if the query doesn’t affect any rows (ie. if the insert or update didn’t change anything).
       .executeTakeFirst();
   }
   /**
    * Retrieves the tenant registration information.
    */
-  public async getTenantRegistration(tenantDid: string): Promise<RegistrationData | undefined> {
+  public async getTenantRegistration(tenantDid: string): Promise<RegisteredTenantRow | undefined> {
     const result = await this.db
       .selectFrom(RegistrationStore.registeredTenantTableName)
-      .select('did')
-      .select('termsOfServiceHash')
+      .select(['did', 'termsOfServiceHash', 'suspended', 'accountId', 'registrationType', 'registeredAt', 'metadata'])
       .where('did', '=', tenantDid)
       .execute();
@@ -67,13 +139,251 @@ export class RegistrationStore {
     return result[0];
   }
+  // ---------------------------------------------------------------------------
+  // Admin operations
+  // ---------------------------------------------------------------------------
+  /**
+   * Returns a paginated list of registered tenants with optional search and status filtering.
+   *
+   * @see https://github.com/enboxorg/enbox/issues/390
+   */
+  public async listTenants(options?: {
+    cursor? : string;
+    limit? : number;
+    search? : string;
+    status? : 'active' | 'suspended';
+  }): Promise<{ tenants: RegisteredTenantRow[]; cursor?: string }> {
+    const limit = options?.limit ?? 20;
+    let query = this.db
+      .selectFrom(RegistrationStore.registeredTenantTableName)
+      .select(['did', 'termsOfServiceHash', 'suspended', 'accountId', 'registrationType', 'registeredAt', 'metadata'])
+      .orderBy('did', 'asc')
+      .limit(limit + 1); // fetch one extra to detect next page
+    if (options?.cursor) {
+      query = query.where('did', '>', options.cursor);
+    }
+    if (options?.search) {
+      query = query.where('did', 'like', `%${escapeLikeWildcards(options.search)}%`);
+    }
+    if (options?.status === 'suspended') {
+      query = query.where('suspended', '=', 1);
+    } else if (options?.status === 'active') {
+      query = query.where('suspended', '=', 0);
+    }
+    const results = await query.execute();
+    let cursor: string | undefined;
+    if (results.length > limit) {
+      results.pop();
+      cursor = results[results.length - 1].did;
+    }
+    return { tenants: results, cursor };
+  }
+  /**
+   * Returns the total count of registered tenants matching optional filters.
+   */
+  public async getTenantCount(options?: {
+    search? : string;
+    status? : 'active' | 'suspended';
+  }): Promise<number> {
+    let query = this.db
+      .selectFrom(RegistrationStore.registeredTenantTableName)
+      .select(sql<number>`count(*)`.as('count'));
+    if (options?.search) {
+      query = query.where('did', 'like', `%${escapeLikeWildcards(options.search)}%`);
+    }
+    if (options?.status === 'suspended') {
+      query = query.where('suspended', '=', 1);
+    } else if (options?.status === 'active') {
+      query = query.where('suspended', '=', 0);
+    }
+    const result = await query.executeTakeFirstOrThrow();
+    return Number(result.count);
+  }
+  /**
+   * Inserts a new tenant registration. Returns `false` if the tenant already exists.
+   *
+   * @see https://github.com/enboxorg/enbox/issues/393
+   */
+  public async createTenant(did: string): Promise<boolean> {
+    try {
+      await this.db
+        .insertInto(RegistrationStore.registeredTenantTableName)
+        .values({ did, termsOfServiceHash: '', suspended: 0 })
+        .execute();
+      return true;
+    } catch {
+      // Unique constraint violation — tenant already exists.
+      return false;
+    }
+  }
+  /**
+   * Suspends a tenant. Returns `true` if the tenant was found and suspended.
+   */
+  public async suspendTenant(did: string): Promise<boolean> {
+    const result = await this.db
+      .updateTable(RegistrationStore.registeredTenantTableName)
+      .set({ suspended: 1 })
+      .where('did', '=', did)
+      .executeTakeFirst();
+    return Number(result.numUpdatedRows) > 0;
+  }
+  /**
+   * Unsuspends a tenant. Returns `true` if the tenant was found and unsuspended.
+   */
+  public async unsuspendTenant(did: string): Promise<boolean> {
+    const result = await this.db
+      .updateTable(RegistrationStore.registeredTenantTableName)
+      .set({ suspended: 0 })
+      .where('did', '=', did)
+      .executeTakeFirst();
+    return Number(result.numUpdatedRows) > 0;
+  }
+  /**
+   * Deletes a tenant registration. Returns `true` if the tenant was found and deleted.
+   */
+  public async deleteTenant(did: string): Promise<boolean> {
+    const result = await this.db
+      .deleteFrom(RegistrationStore.registeredTenantTableName)
+      .where('did', '=', did)
+      .executeTakeFirst();
+    return Number(result.numDeletedRows) > 0;
+  }
+  /**
+   * Returns all tenant registrations associated with the given account ID.
+   *
+   * @see https://github.com/enboxorg/enbox/issues/404
+   */
+  public async getTenantsForAccount(accountId: string): Promise<RegisteredTenantRow[]> {
+    return this.db
+      .selectFrom(RegistrationStore.registeredTenantTableName)
+      .select(['did', 'termsOfServiceHash', 'suspended', 'accountId', 'registrationType', 'registeredAt', 'metadata'])
+      .where('accountId', '=', accountId)
+      .orderBy('did', 'asc')
+      .execute();
+  }
+  /**
+   * Returns the count of suspended tenants.
+   */
+  public async getSuspendedCount(): Promise<number> {
+    const result = await this.db
+      .selectFrom(RegistrationStore.registeredTenantTableName)
+      .select(sql<number>`count(*)`.as('count'))
+      .where('suspended', '=', 1)
+      .executeTakeFirstOrThrow();
+    return Number(result.count);
+  }
+  // ---------------------------------------------------------------------------
+  // Tenant quota operations
+  // ---------------------------------------------------------------------------
+  /**
+   * Returns the quota for a tenant, or `undefined` if no per-tenant quota is set.
+   */
+  public async getQuota(did: string): Promise<TenantQuota | undefined> {
+    const result = await this.db
+      .selectFrom(RegistrationStore.tenantQuotasTableName)
+      .select(['did', 'maxMessages', 'maxStorageBytes'])
+      .where('did', '=', did)
+      .executeTakeFirst();
+    if (result === undefined) {
+      return undefined;
+    }
+    return {
+      did             : result.did,
+      maxMessages     : Number(result.maxMessages),
+      maxStorageBytes : Number(result.maxStorageBytes),
+    };
+  }
+  /**
+   * Sets (inserts or updates) the quota for a tenant.
+   */
+  public async setQuota(quota: TenantQuota): Promise<void> {
+    await this.db
+      .insertInto(RegistrationStore.tenantQuotasTableName)
+      .values({
+        did             : quota.did,
+        maxMessages     : quota.maxMessages,
+        maxStorageBytes : quota.maxStorageBytes,
+      })
+      .onConflict((oc) =>
+        oc.column('did').doUpdateSet({
+          maxMessages     : quota.maxMessages,
+          maxStorageBytes : quota.maxStorageBytes,
+        }),
+      )
+      .executeTakeFirst();
+  }
+  /**
+   * Deletes the per-tenant quota. Returns `true` if a quota existed and was deleted.
+   */
+  public async deleteQuota(did: string): Promise<boolean> {
+    const result = await this.db
+      .deleteFrom(RegistrationStore.tenantQuotasTableName)
+      .where('did', '=', did)
+      .executeTakeFirst();
+    return Number(result.numDeletedRows) > 0;
+  }
+}
+/**
+ * A row in the `registeredTenants` table.
+ */
+export interface RegisteredTenantRow {
+  did : string;
+  termsOfServiceHash : string;
+  suspended? : number;
+  accountId? : string;
+  registrationType? : string;
+  registeredAt? : string;
+  metadata? : string;
 }
 interface RegisteredTenants {
-  did: string;
-  termsOfServiceHash: string;
+  did : string;
+  termsOfServiceHash : string;
+  suspended : number;
+  accountId? : string;
+  registrationType? : string;
+  registeredAt? : string;
+  metadata? : string;
+}
+interface TenantQuotasRow {
+  did : string;
+  maxMessages : number;
+  maxStorageBytes : number;
 }
 interface RegistrationDatabase {
-  registeredTenants: RegisteredTenants;
+  registeredTenants : RegisteredTenants;
+  tenantQuotas : TenantQuotasRow;
 }