@graphoria/server 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +201 -0
- package/NOTICE +10 -0
- package/README.md +129 -0
- package/cli.ts +105 -0
- package/dist/cli.d.ts +3 -0
- package/dist/cli.d.ts.map +1 -0
- package/dist/src/ai/agent/agent.d.ts +37 -0
- package/dist/src/ai/agent/agent.d.ts.map +1 -0
- package/dist/src/ai/agent/index.d.ts +3 -0
- package/dist/src/ai/agent/index.d.ts.map +1 -0
- package/dist/src/ai/agent/providers/anthropic.d.ts +10 -0
- package/dist/src/ai/agent/providers/anthropic.d.ts.map +1 -0
- package/dist/src/ai/agent/providers/index.d.ts +8 -0
- package/dist/src/ai/agent/providers/index.d.ts.map +1 -0
- package/dist/src/ai/agent/providers/ollama.d.ts +11 -0
- package/dist/src/ai/agent/providers/ollama.d.ts.map +1 -0
- package/dist/src/ai/agent/providers/openai.d.ts +14 -0
- package/dist/src/ai/agent/providers/openai.d.ts.map +1 -0
- package/dist/src/ai/agent/types.d.ts +51 -0
- package/dist/src/ai/agent/types.d.ts.map +1 -0
- package/dist/src/ai/ask-field.test.d.ts +2 -0
- package/dist/src/ai/ask-field.test.d.ts.map +1 -0
- package/dist/src/ai/index.d.ts +7 -0
- package/dist/src/ai/index.d.ts.map +1 -0
- package/dist/src/ai/mcp/create-server.d.ts +14 -0
- package/dist/src/ai/mcp/create-server.d.ts.map +1 -0
- package/dist/src/ai/mcp/create-server.test.d.ts +2 -0
- package/dist/src/ai/mcp/create-server.test.d.ts.map +1 -0
- package/dist/src/ai/mcp/index.d.ts +13 -0
- package/dist/src/ai/mcp/index.d.ts.map +1 -0
- package/dist/src/ai/mcp/index.test.d.ts +2 -0
- package/dist/src/ai/mcp/index.test.d.ts.map +1 -0
- package/dist/src/ai/mcp/instructions.d.ts +2 -0
- package/dist/src/ai/mcp/instructions.d.ts.map +1 -0
- package/dist/src/ai/tools/agent.d.ts +4 -0
- package/dist/src/ai/tools/agent.d.ts.map +1 -0
- package/dist/src/ai/tools/agent.test.d.ts +2 -0
- package/dist/src/ai/tools/agent.test.d.ts.map +1 -0
- package/dist/src/ai/tools/core.d.ts +75 -0
- package/dist/src/ai/tools/core.d.ts.map +1 -0
- package/dist/src/ai/tools/query-data.d.ts +35 -0
- package/dist/src/ai/tools/query-data.d.ts.map +1 -0
- package/dist/src/analyzeQuery/analyzers/fragmentAnalyzer.d.ts +5 -0
- package/dist/src/analyzeQuery/analyzers/fragmentAnalyzer.d.ts.map +1 -0
- package/dist/src/analyzeQuery/analyzers/operationAnalyzer.d.ts +6 -0
- package/dist/src/analyzeQuery/analyzers/operationAnalyzer.d.ts.map +1 -0
- package/dist/src/analyzeQuery/analyzers/selectionAnalyzer.d.ts +6 -0
- package/dist/src/analyzeQuery/analyzers/selectionAnalyzer.d.ts.map +1 -0
- package/dist/src/analyzeQuery/analyzers/variableAnalyzer.d.ts +4 -0
- package/dist/src/analyzeQuery/analyzers/variableAnalyzer.d.ts.map +1 -0
- package/dist/src/analyzeQuery/depthLimit.d.ts +16 -0
- package/dist/src/analyzeQuery/depthLimit.d.ts.map +1 -0
- package/dist/src/analyzeQuery/depthLimit.test.d.ts +2 -0
- package/dist/src/analyzeQuery/depthLimit.test.d.ts.map +1 -0
- package/dist/src/analyzeQuery/directiveUtils.d.ts +4 -0
- package/dist/src/analyzeQuery/directiveUtils.d.ts.map +1 -0
- package/dist/src/analyzeQuery/directiveUtils.test.d.ts +2 -0
- package/dist/src/analyzeQuery/directiveUtils.test.d.ts.map +1 -0
- package/dist/src/analyzeQuery/index.d.ts +5 -0
- package/dist/src/analyzeQuery/index.d.ts.map +1 -0
- package/dist/src/analyzeQuery/index.test.d.ts +2 -0
- package/dist/src/analyzeQuery/index.test.d.ts.map +1 -0
- package/dist/src/analyzeQuery/resolveVariables.d.ts +71 -0
- package/dist/src/analyzeQuery/resolveVariables.d.ts.map +1 -0
- package/dist/src/analyzeQuery/resolveVariables.test.d.ts +2 -0
- package/dist/src/analyzeQuery/resolveVariables.test.d.ts.map +1 -0
- package/dist/src/analyzeQuery/staticValues.test.d.ts +2 -0
- package/dist/src/analyzeQuery/staticValues.test.d.ts.map +1 -0
- package/dist/src/analyzeQuery/typeUtils.d.ts +9 -0
- package/dist/src/analyzeQuery/typeUtils.d.ts.map +1 -0
- package/dist/src/analyzeQuery/types.d.ts +54 -0
- package/dist/src/analyzeQuery/types.d.ts.map +1 -0
- package/dist/src/analyzeQuery/valueExtractors.d.ts +4 -0
- package/dist/src/analyzeQuery/valueExtractors.d.ts.map +1 -0
- package/dist/src/authentication/duration.d.ts +14 -0
- package/dist/src/authentication/duration.d.ts.map +1 -0
- package/dist/src/authentication/duration.test.d.ts +2 -0
- package/dist/src/authentication/duration.test.d.ts.map +1 -0
- package/dist/src/authentication/index.d.ts +4 -0
- package/dist/src/authentication/index.d.ts.map +1 -0
- package/dist/src/authentication/index.test.d.ts +2 -0
- package/dist/src/authentication/index.test.d.ts.map +1 -0
- package/dist/src/authentication/jwt.d.ts +10 -0
- package/dist/src/authentication/jwt.d.ts.map +1 -0
- package/dist/src/authentication/jwt.test.d.ts +2 -0
- package/dist/src/authentication/jwt.test.d.ts.map +1 -0
- package/dist/src/authentication/paseto.d.ts +7 -0
- package/dist/src/authentication/paseto.d.ts.map +1 -0
- package/dist/src/authentication/paseto.test.d.ts +2 -0
- package/dist/src/authentication/paseto.test.d.ts.map +1 -0
- package/dist/src/authentication/tokenRepository.d.ts +14 -0
- package/dist/src/authentication/tokenRepository.d.ts.map +1 -0
- package/dist/src/authentication/tokenRepository.test.d.ts +2 -0
- package/dist/src/authentication/tokenRepository.test.d.ts.map +1 -0
- package/dist/src/authentication/types.d.ts +42 -0
- package/dist/src/authentication/types.d.ts.map +1 -0
- package/dist/src/cli/seedAuth.d.ts +4 -0
- package/dist/src/cli/seedAuth.d.ts.map +1 -0
- package/dist/src/cli/seedAuth.test.d.ts +2 -0
- package/dist/src/cli/seedAuth.test.d.ts.map +1 -0
- package/dist/src/cli/seedAuthArgs.d.ts +9 -0
- package/dist/src/cli/seedAuthArgs.d.ts.map +1 -0
- package/dist/src/config/helpers/cronHelper.d.ts +21 -0
- package/dist/src/config/helpers/cronHelper.d.ts.map +1 -0
- package/dist/src/config/helpers/cronHelper.test.d.ts +2 -0
- package/dist/src/config/helpers/cronHelper.test.d.ts.map +1 -0
- package/dist/src/config/helpers/index.d.ts +4 -0
- package/dist/src/config/helpers/index.d.ts.map +1 -0
- package/dist/src/config/helpers/operationHelper.d.ts +44 -0
- package/dist/src/config/helpers/operationHelper.d.ts.map +1 -0
- package/dist/src/config/helpers/queueHelper.d.ts +20 -0
- package/dist/src/config/helpers/queueHelper.d.ts.map +1 -0
- package/dist/src/config/helpers/queueHelper.test.d.ts +2 -0
- package/dist/src/config/helpers/queueHelper.test.d.ts.map +1 -0
- package/dist/src/config/index.d.ts +236 -0
- package/dist/src/config/index.d.ts.map +1 -0
- package/dist/src/config/types/ai.d.ts +29 -0
- package/dist/src/config/types/ai.d.ts.map +1 -0
- package/dist/src/config/types/auth.d.ts +112 -0
- package/dist/src/config/types/auth.d.ts.map +1 -0
- package/dist/src/config/types/configuration.d.ts +61 -0
- package/dist/src/config/types/configuration.d.ts.map +1 -0
- package/dist/src/config/types/cron.d.ts +81 -0
- package/dist/src/config/types/cron.d.ts.map +1 -0
- package/dist/src/config/types/db.d.ts +210 -0
- package/dist/src/config/types/db.d.ts.map +1 -0
- package/dist/src/config/types/index.d.ts +17 -0
- package/dist/src/config/types/index.d.ts.map +1 -0
- package/dist/src/config/types/operation.d.ts +226 -0
- package/dist/src/config/types/operation.d.ts.map +1 -0
- package/dist/src/config/types/queue.d.ts +142 -0
- package/dist/src/config/types/queue.d.ts.map +1 -0
- package/dist/src/config/types/remote-rest.d.ts +18 -0
- package/dist/src/config/types/remote-rest.d.ts.map +1 -0
- package/dist/src/config/types/remote-schema.d.ts +27 -0
- package/dist/src/config/types/remote-schema.d.ts.map +1 -0
- package/dist/src/config/types/virtual-columns.d.ts +89 -0
- package/dist/src/config/types/virtual-columns.d.ts.map +1 -0
- package/dist/src/config/types/virtual-columns.test.d.ts +2 -0
- package/dist/src/config/types/virtual-columns.test.d.ts.map +1 -0
- package/dist/src/configuration/getSchemas/index.d.ts +867 -0
- package/dist/src/configuration/getSchemas/index.d.ts.map +1 -0
- package/dist/src/configuration/getSchemas/mergeEntities/index.d.ts +412 -0
- package/dist/src/configuration/getSchemas/mergeEntities/index.d.ts.map +1 -0
- package/dist/src/configuration/getSchemas/type-definition-generator/index.d.ts +16 -0
- package/dist/src/configuration/getSchemas/type-definition-generator/index.d.ts.map +1 -0
- package/dist/src/configuration/getSchemas/type-definition-generator/index.test.d.ts +2 -0
- package/dist/src/configuration/getSchemas/type-definition-generator/index.test.d.ts.map +1 -0
- package/dist/src/configuration/gql/buildExecute.d.ts +31 -0
- package/dist/src/configuration/gql/buildExecute.d.ts.map +1 -0
- package/dist/src/configuration/gql/buildExecute.test.d.ts +2 -0
- package/dist/src/configuration/gql/buildExecute.test.d.ts.map +1 -0
- package/dist/src/configuration/gql/gqlAuthOperations.d.ts +9 -0
- package/dist/src/configuration/gql/gqlAuthOperations.d.ts.map +1 -0
- package/dist/src/configuration/gql/gqlAuthOperations.test.d.ts +2 -0
- package/dist/src/configuration/gql/gqlAuthOperations.test.d.ts.map +1 -0
- package/dist/src/configuration/gql/handleGraphQLRequestFactory.d.ts +28 -0
- package/dist/src/configuration/gql/handleGraphQLRequestFactory.d.ts.map +1 -0
- package/dist/src/configuration/gql/handleGraphQLRequestFactory.test.d.ts +2 -0
- package/dist/src/configuration/gql/handleGraphQLRequestFactory.test.d.ts.map +1 -0
- package/dist/src/configuration/gql/handleGraphQLSubscriptionFactory.d.ts +19 -0
- package/dist/src/configuration/gql/handleGraphQLSubscriptionFactory.d.ts.map +1 -0
- package/dist/src/configuration/index.d.ts +719 -0
- package/dist/src/configuration/index.d.ts.map +1 -0
- package/dist/src/configuration/rest/generateOpenAPI.d.ts +19 -0
- package/dist/src/configuration/rest/generateOpenAPI.d.ts.map +1 -0
- package/dist/src/configuration/rest/handleRESTRequestFactory.d.ts +12 -0
- package/dist/src/configuration/rest/handleRESTRequestFactory.d.ts.map +1 -0
- package/dist/src/configuration/rest/handleRESTRequestFactory.test.d.ts +2 -0
- package/dist/src/configuration/rest/handleRESTRequestFactory.test.d.ts.map +1 -0
- package/dist/src/configuration/rest/index.d.ts +20 -0
- package/dist/src/configuration/rest/index.d.ts.map +1 -0
- package/dist/src/configuration/rest/openApiErrors.d.ts +71 -0
- package/dist/src/configuration/rest/openApiErrors.d.ts.map +1 -0
- package/dist/src/console/App.d.ts +3 -0
- package/dist/src/console/App.d.ts.map +1 -0
- package/dist/src/console/Login.d.ts +6 -0
- package/dist/src/console/Login.d.ts.map +1 -0
- package/dist/src/console/api.d.ts +17 -0
- package/dist/src/console/api.d.ts.map +1 -0
- package/dist/src/console/api.test.d.ts +2 -0
- package/dist/src/console/api.test.d.ts.map +1 -0
- package/dist/src/console/client.d.ts +67 -0
- package/dist/src/console/client.d.ts.map +1 -0
- package/dist/src/console/frontend.d.ts +8 -0
- package/dist/src/console/frontend.d.ts.map +1 -0
- package/dist/src/console/pages/ConfigPage.d.ts +2 -0
- package/dist/src/console/pages/ConfigPage.d.ts.map +1 -0
- package/dist/src/console/pages/RolesPage.d.ts +2 -0
- package/dist/src/console/pages/RolesPage.d.ts.map +1 -0
- package/dist/src/console/pages/StatusPage.d.ts +2 -0
- package/dist/src/console/pages/StatusPage.d.ts.map +1 -0
- package/dist/src/console/pages/TablesPage.d.ts +2 -0
- package/dist/src/console/pages/TablesPage.d.ts.map +1 -0
- package/dist/src/console/useApi.d.ts +8 -0
- package/dist/src/console/useApi.d.ts.map +1 -0
- package/dist/src/cron/index.d.ts +63 -0
- package/dist/src/cron/index.d.ts.map +1 -0
- package/dist/src/databases/auth/auth-operations.d.ts +11 -0
- package/dist/src/databases/auth/auth-operations.d.ts.map +1 -0
- package/dist/src/databases/auth/password.d.ts +3 -0
- package/dist/src/databases/auth/password.d.ts.map +1 -0
- package/dist/src/databases/auth/password.test.d.ts +2 -0
- package/dist/src/databases/auth/password.test.d.ts.map +1 -0
- package/dist/src/databases/common.d.ts +53 -0
- package/dist/src/databases/common.d.ts.map +1 -0
- package/dist/src/databases/common.test.d.ts +2 -0
- package/dist/src/databases/common.test.d.ts.map +1 -0
- package/dist/src/databases/core/executor.d.ts +10 -0
- package/dist/src/databases/core/executor.d.ts.map +1 -0
- package/dist/src/databases/core/executor.test.d.ts +2 -0
- package/dist/src/databases/core/executor.test.d.ts.map +1 -0
- package/dist/src/databases/core/function-mapping.d.ts +38 -0
- package/dist/src/databases/core/function-mapping.d.ts.map +1 -0
- package/dist/src/databases/core/identifier.d.ts +2 -0
- package/dist/src/databases/core/identifier.d.ts.map +1 -0
- package/dist/src/databases/core/identifier.test.d.ts +2 -0
- package/dist/src/databases/core/identifier.test.d.ts.map +1 -0
- package/dist/src/databases/core/query-builder.d.ts +64 -0
- package/dist/src/databases/core/query-builder.d.ts.map +1 -0
- package/dist/src/databases/core/query-builder.test.d.ts +2 -0
- package/dist/src/databases/core/query-builder.test.d.ts.map +1 -0
- package/dist/src/databases/directives.d.ts +16 -0
- package/dist/src/databases/directives.d.ts.map +1 -0
- package/dist/src/databases/directives.test.d.ts +2 -0
- package/dist/src/databases/directives.test.d.ts.map +1 -0
- package/dist/src/databases/engines/mssql/auth.d.ts +9 -0
- package/dist/src/databases/engines/mssql/auth.d.ts.map +1 -0
- package/dist/src/databases/engines/mssql/auth.test.d.ts +2 -0
- package/dist/src/databases/engines/mssql/auth.test.d.ts.map +1 -0
- package/dist/src/databases/engines/mssql/connection.d.ts +14 -0
- package/dist/src/databases/engines/mssql/connection.d.ts.map +1 -0
- package/dist/src/databases/engines/mssql/format.d.ts +5 -0
- package/dist/src/databases/engines/mssql/format.d.ts.map +1 -0
- package/dist/src/databases/engines/mssql/getStructure.d.ts +48 -0
- package/dist/src/databases/engines/mssql/getStructure.d.ts.map +1 -0
- package/dist/src/databases/engines/mssql/getViews.d.ts +7 -0
- package/dist/src/databases/engines/mssql/getViews.d.ts.map +1 -0
- package/dist/src/databases/engines/mssql/query/index.d.ts +7 -0
- package/dist/src/databases/engines/mssql/query/index.d.ts.map +1 -0
- package/dist/src/databases/engines/mssql/query/index.test.d.ts +2 -0
- package/dist/src/databases/engines/mssql/query/index.test.d.ts.map +1 -0
- package/dist/src/databases/engines/mysql/auth.d.ts +9 -0
- package/dist/src/databases/engines/mysql/auth.d.ts.map +1 -0
- package/dist/src/databases/engines/mysql/auth.test.d.ts +2 -0
- package/dist/src/databases/engines/mysql/auth.test.d.ts.map +1 -0
- package/dist/src/databases/engines/mysql/connection.d.ts +14 -0
- package/dist/src/databases/engines/mysql/connection.d.ts.map +1 -0
- package/dist/src/databases/engines/mysql/format.d.ts +5 -0
- package/dist/src/databases/engines/mysql/format.d.ts.map +1 -0
- package/dist/src/databases/engines/mysql/getStructure.d.ts +48 -0
- package/dist/src/databases/engines/mysql/getStructure.d.ts.map +1 -0
- package/dist/src/databases/engines/mysql/getViews.d.ts +7 -0
- package/dist/src/databases/engines/mysql/getViews.d.ts.map +1 -0
- package/dist/src/databases/engines/mysql/query/index.d.ts +7 -0
- package/dist/src/databases/engines/mysql/query/index.d.ts.map +1 -0
- package/dist/src/databases/engines/mysql/query/index.test.d.ts +2 -0
- package/dist/src/databases/engines/mysql/query/index.test.d.ts.map +1 -0
- package/dist/src/databases/engines/postgresql/auth.d.ts +9 -0
- package/dist/src/databases/engines/postgresql/auth.d.ts.map +1 -0
- package/dist/src/databases/engines/postgresql/auth.test.d.ts +2 -0
- package/dist/src/databases/engines/postgresql/auth.test.d.ts.map +1 -0
- package/dist/src/databases/engines/postgresql/connection.d.ts +14 -0
- package/dist/src/databases/engines/postgresql/connection.d.ts.map +1 -0
- package/dist/src/databases/engines/postgresql/format.d.ts +5 -0
- package/dist/src/databases/engines/postgresql/format.d.ts.map +1 -0
- package/dist/src/databases/engines/postgresql/getStructure.d.ts +48 -0
- package/dist/src/databases/engines/postgresql/getStructure.d.ts.map +1 -0
- package/dist/src/databases/engines/postgresql/getViews.d.ts +7 -0
- package/dist/src/databases/engines/postgresql/getViews.d.ts.map +1 -0
- package/dist/src/databases/engines/postgresql/query/index.d.ts +7 -0
- package/dist/src/databases/engines/postgresql/query/index.d.ts.map +1 -0
- package/dist/src/databases/engines/postgresql/query/index.test.d.ts +2 -0
- package/dist/src/databases/engines/postgresql/query/index.test.d.ts.map +1 -0
- package/dist/src/databases/engines/shared/claims.d.ts +2 -0
- package/dist/src/databases/engines/shared/claims.d.ts.map +1 -0
- package/dist/src/databases/engines/shared/types.d.ts +8 -0
- package/dist/src/databases/engines/shared/types.d.ts.map +1 -0
- package/dist/src/databases/high-level-operations.d.ts +146 -0
- package/dist/src/databases/high-level-operations.d.ts.map +1 -0
- package/dist/src/databases/high-level-operations.test.d.ts +2 -0
- package/dist/src/databases/high-level-operations.test.d.ts.map +1 -0
- package/dist/src/databases/index.d.ts +8 -0
- package/dist/src/databases/index.d.ts.map +1 -0
- package/dist/src/databases/metadata/structure.d.ts +56 -0
- package/dist/src/databases/metadata/structure.d.ts.map +1 -0
- package/dist/src/databases/schemaBuilder/convert.d.ts +2 -0
- package/dist/src/databases/schemaBuilder/convert.d.ts.map +1 -0
- package/dist/src/databases/schemaBuilder/generateCreateTable/index.d.ts +15 -0
- package/dist/src/databases/schemaBuilder/generateCreateTable/index.d.ts.map +1 -0
- package/dist/src/databases/schemaBuilder/generateCreateTable/index.test.d.ts +2 -0
- package/dist/src/databases/schemaBuilder/generateCreateTable/index.test.d.ts.map +1 -0
- package/dist/src/databases/schemaBuilder/generateCreateView/index.d.ts +18 -0
- package/dist/src/databases/schemaBuilder/generateCreateView/index.d.ts.map +1 -0
- package/dist/src/databases/schemaBuilder/generateInsert/index.d.ts +8 -0
- package/dist/src/databases/schemaBuilder/generateInsert/index.d.ts.map +1 -0
- package/dist/src/databases/schemaBuilder/generateInsert/index.test.d.ts +2 -0
- package/dist/src/databases/schemaBuilder/generateInsert/index.test.d.ts.map +1 -0
- package/dist/src/databases/schemaBuilder/generateSchemaCreation/index.d.ts +7 -0
- package/dist/src/databases/schemaBuilder/generateSchemaCreation/index.d.ts.map +1 -0
- package/dist/src/databases/schemaBuilder/generateSchemaCreation/index.test.d.ts +2 -0
- package/dist/src/databases/schemaBuilder/generateSchemaCreation/index.test.d.ts.map +1 -0
- package/dist/src/databases/schemaBuilder/mssqlToPostgres/convertView.d.ts +2 -0
- package/dist/src/databases/schemaBuilder/mssqlToPostgres/convertView.d.ts.map +1 -0
- package/dist/src/databases/schemaBuilder/utils.d.ts +8 -0
- package/dist/src/databases/schemaBuilder/utils.d.ts.map +1 -0
- package/dist/src/databases/sqlTypeUtils.d.ts +24 -0
- package/dist/src/databases/sqlTypeUtils.d.ts.map +1 -0
- package/dist/src/databases/sqlTypeUtils.test.d.ts +2 -0
- package/dist/src/databases/sqlTypeUtils.test.d.ts.map +1 -0
- package/dist/src/databases/transformers/data-transformers.d.ts +215 -0
- package/dist/src/databases/transformers/data-transformers.d.ts.map +1 -0
- package/dist/src/databases/transformers/data-transformers.test.d.ts +2 -0
- package/dist/src/databases/transformers/data-transformers.test.d.ts.map +1 -0
- package/dist/src/databases/transformers/genResolverName.d.ts +2 -0
- package/dist/src/databases/transformers/genResolverName.d.ts.map +1 -0
- package/dist/src/databases/transformers/genResolverName.test.d.ts +2 -0
- package/dist/src/databases/transformers/genResolverName.test.d.ts.map +1 -0
- package/dist/src/index.d.ts +139 -0
- package/dist/src/index.d.ts.map +1 -0
- package/dist/src/logging/index.d.ts +21 -0
- package/dist/src/logging/index.d.ts.map +1 -0
- package/dist/src/queues/kafka.d.ts +22 -0
- package/dist/src/queues/kafka.d.ts.map +1 -0
- package/dist/src/queues/rabbitmq.d.ts +34 -0
- package/dist/src/queues/rabbitmq.d.ts.map +1 -0
- package/dist/src/queues/rabbitmq.test.d.ts +2 -0
- package/dist/src/queues/rabbitmq.test.d.ts.map +1 -0
- package/dist/src/remoteREST/index.d.ts +13 -0
- package/dist/src/remoteREST/index.d.ts.map +1 -0
- package/dist/src/remoteREST/parse.d.ts +8 -0
- package/dist/src/remoteREST/parse.d.ts.map +1 -0
- package/dist/src/remoteREST/parse.test.d.ts +2 -0
- package/dist/src/remoteREST/parse.test.d.ts.map +1 -0
- package/dist/src/remoteREST/proxy.d.ts +6 -0
- package/dist/src/remoteREST/proxy.d.ts.map +1 -0
- package/dist/src/remoteREST/proxy.test.d.ts +2 -0
- package/dist/src/remoteREST/proxy.test.d.ts.map +1 -0
- package/dist/src/remoteREST/transform.d.ts +8 -0
- package/dist/src/remoteREST/transform.d.ts.map +1 -0
- package/dist/src/remoteREST/transform.test.d.ts +2 -0
- package/dist/src/remoteREST/transform.test.d.ts.map +1 -0
- package/dist/src/remoteREST/types.d.ts +37 -0
- package/dist/src/remoteREST/types.d.ts.map +1 -0
- package/dist/src/remoteSchemas/index.d.ts +13 -0
- package/dist/src/remoteSchemas/index.d.ts.map +1 -0
- package/dist/src/remoteSchemas/introspect.d.ts +7 -0
- package/dist/src/remoteSchemas/introspect.d.ts.map +1 -0
- package/dist/src/remoteSchemas/introspect.test.d.ts +2 -0
- package/dist/src/remoteSchemas/introspect.test.d.ts.map +1 -0
- package/dist/src/remoteSchemas/proxy.d.ts +7 -0
- package/dist/src/remoteSchemas/proxy.d.ts.map +1 -0
- package/dist/src/remoteSchemas/proxy.test.d.ts +2 -0
- package/dist/src/remoteSchemas/proxy.test.d.ts.map +1 -0
- package/dist/src/remoteSchemas/transform.d.ts +9 -0
- package/dist/src/remoteSchemas/transform.d.ts.map +1 -0
- package/dist/src/remoteSchemas/transform.test.d.ts +2 -0
- package/dist/src/remoteSchemas/transform.test.d.ts.map +1 -0
- package/dist/src/remoteSchemas/types.d.ts +41 -0
- package/dist/src/remoteSchemas/types.d.ts.map +1 -0
- package/dist/src/singletons/ai.d.ts +25 -0
- package/dist/src/singletons/ai.d.ts.map +1 -0
- package/dist/src/singletons/ai.test.d.ts +2 -0
- package/dist/src/singletons/ai.test.d.ts.map +1 -0
- package/dist/src/singletons/authentication.d.ts +4 -0
- package/dist/src/singletons/authentication.d.ts.map +1 -0
- package/dist/src/singletons/cache/index.d.ts +5 -0
- package/dist/src/singletons/cache/index.d.ts.map +1 -0
- package/dist/src/singletons/cache/lruCacheStore.d.ts +12 -0
- package/dist/src/singletons/cache/lruCacheStore.d.ts.map +1 -0
- package/dist/src/singletons/cache/lruCacheStore.test.d.ts +2 -0
- package/dist/src/singletons/cache/lruCacheStore.test.d.ts.map +1 -0
- package/dist/src/singletons/cache/redisCacheStore.d.ts +16 -0
- package/dist/src/singletons/cache/redisCacheStore.d.ts.map +1 -0
- package/dist/src/singletons/cache/redisClient.d.ts +3 -0
- package/dist/src/singletons/cache/redisClient.d.ts.map +1 -0
- package/dist/src/singletons/cache/registry.d.ts +7 -0
- package/dist/src/singletons/cache/registry.d.ts.map +1 -0
- package/dist/src/singletons/cache/registry.test.d.ts +2 -0
- package/dist/src/singletons/cache/registry.test.d.ts.map +1 -0
- package/dist/src/singletons/cache/types.d.ts +8 -0
- package/dist/src/singletons/cache/types.d.ts.map +1 -0
- package/dist/src/singletons/cron.d.ts +69 -0
- package/dist/src/singletons/cron.d.ts.map +1 -0
- package/dist/src/singletons/databases.d.ts +27 -0
- package/dist/src/singletons/databases.d.ts.map +1 -0
- package/dist/src/singletons/databases.test.d.ts +2 -0
- package/dist/src/singletons/databases.test.d.ts.map +1 -0
- package/dist/src/singletons/env.d.ts +494 -0
- package/dist/src/singletons/env.d.ts.map +1 -0
- package/dist/src/singletons/queues.d.ts +17 -0
- package/dist/src/singletons/queues.d.ts.map +1 -0
- package/dist/src/subscriptions/index.d.ts +4 -0
- package/dist/src/subscriptions/index.d.ts.map +1 -0
- package/dist/src/subscriptions/strategies/database.d.ts +12 -0
- package/dist/src/subscriptions/strategies/database.d.ts.map +1 -0
- package/dist/src/subscriptions/strategies/index.d.ts +12 -0
- package/dist/src/subscriptions/strategies/index.d.ts.map +1 -0
- package/dist/src/subscriptions/strategies/queue.d.ts +11 -0
- package/dist/src/subscriptions/strategies/queue.d.ts.map +1 -0
- package/dist/src/subscriptions/types.d.ts +67 -0
- package/dist/src/subscriptions/types.d.ts.map +1 -0
- package/dist/src/subscriptions/utils/polling.d.ts +17 -0
- package/dist/src/subscriptions/utils/polling.d.ts.map +1 -0
- package/dist/src/types/common.d.ts +44 -0
- package/dist/src/types/common.d.ts.map +1 -0
- package/dist/src/types/configuration.d.ts +28 -0
- package/dist/src/types/configuration.d.ts.map +1 -0
- package/dist/src/types/db.d.ts +43 -0
- package/dist/src/types/db.d.ts.map +1 -0
- package/dist/src/types/env.d.ts +2302 -0
- package/dist/src/types/env.d.ts.map +1 -0
- package/dist/src/types/env.test.d.ts +2 -0
- package/dist/src/types/env.test.d.ts.map +1 -0
- package/dist/src/types/resolver.d.ts +121 -0
- package/dist/src/types/resolver.d.ts.map +1 -0
- package/dist/src/types/zod/ai.d.ts +6 -0
- package/dist/src/types/zod/ai.d.ts.map +1 -0
- package/dist/src/types/zod/auth.d.ts +76 -0
- package/dist/src/types/zod/auth.d.ts.map +1 -0
- package/dist/src/types/zod/configuration.d.ts +1278 -0
- package/dist/src/types/zod/configuration.d.ts.map +1 -0
- package/dist/src/types/zod/configuration.test.d.ts +2 -0
- package/dist/src/types/zod/configuration.test.d.ts.map +1 -0
- package/dist/src/types/zod/cron.d.ts +32 -0
- package/dist/src/types/zod/cron.d.ts.map +1 -0
- package/dist/src/types/zod/db.d.ts +441 -0
- package/dist/src/types/zod/db.d.ts.map +1 -0
- package/dist/src/types/zod/db.test.d.ts +2 -0
- package/dist/src/types/zod/db.test.d.ts.map +1 -0
- package/dist/src/types/zod/mcp.d.ts +6 -0
- package/dist/src/types/zod/mcp.d.ts.map +1 -0
- package/dist/src/types/zod/operation.d.ts +9 -0
- package/dist/src/types/zod/operation.d.ts.map +1 -0
- package/dist/src/types/zod/queue.d.ts +656 -0
- package/dist/src/types/zod/queue.d.ts.map +1 -0
- package/dist/src/types/zod/queue.test.d.ts +2 -0
- package/dist/src/types/zod/queue.test.d.ts.map +1 -0
- package/dist/src/types/zod/remoteREST.d.ts +6 -0
- package/dist/src/types/zod/remoteREST.d.ts.map +1 -0
- package/dist/src/types/zod/remoteSchema.d.ts +6 -0
- package/dist/src/types/zod/remoteSchema.d.ts.map +1 -0
- package/dist/src/utils/benchmark.d.ts +2 -0
- package/dist/src/utils/benchmark.d.ts.map +1 -0
- package/dist/src/utils/event-emitter.d.ts +19 -0
- package/dist/src/utils/event-emitter.d.ts.map +1 -0
- package/dist/src/utils/responses.d.ts +19 -0
- package/dist/src/utils/responses.d.ts.map +1 -0
- package/dist/src/utils/responses.test.d.ts +2 -0
- package/dist/src/utils/responses.test.d.ts.map +1 -0
- package/dist/src/utils/safeJSONParse.d.ts +2 -0
- package/dist/src/utils/safeJSONParse.d.ts.map +1 -0
- package/dist/src/utils/selection.d.ts +3 -0
- package/dist/src/utils/selection.d.ts.map +1 -0
- package/dist/src/utils/selection.test.d.ts +2 -0
- package/dist/src/utils/selection.test.d.ts.map +1 -0
- package/dist/src/utils/sessionVariables.d.ts +47 -0
- package/dist/src/utils/sessionVariables.d.ts.map +1 -0
- package/dist/src/utils/sessionVariables.test.d.ts +2 -0
- package/dist/src/utils/sessionVariables.test.d.ts.map +1 -0
- package/dist/src/utils/writeSchema.d.ts +3 -0
- package/dist/src/utils/writeSchema.d.ts.map +1 -0
- package/dist/standalone.d.ts +3 -0
- package/dist/standalone.d.ts.map +1 -0
- package/dist/tsconfig.tsbuildinfo +1 -0
- package/package.json +119 -0
- package/playgrounds/console/index.html +25 -0
- package/playgrounds/graphiql/index.html +1144 -0
- package/playgrounds/scalar/index.html +19 -0
- package/src/ai/agent/agent.ts +222 -0
- package/src/ai/agent/index.ts +2 -0
- package/src/ai/agent/providers/anthropic.ts +113 -0
- package/src/ai/agent/providers/index.ts +62 -0
- package/src/ai/agent/providers/ollama.ts +128 -0
- package/src/ai/agent/providers/openai.ts +100 -0
- package/src/ai/agent/types.ts +65 -0
- package/src/ai/index.ts +8 -0
- package/src/ai/mcp/create-server.ts +444 -0
- package/src/ai/mcp/index.ts +80 -0
- package/src/ai/mcp/instructions.ts +103 -0
- package/src/ai/tools/agent.ts +111 -0
- package/src/ai/tools/core.ts +486 -0
- package/src/ai/tools/query-data.ts +109 -0
- package/src/analyzeQuery/analyzers/fragmentAnalyzer.ts +29 -0
- package/src/analyzeQuery/analyzers/operationAnalyzer.ts +50 -0
- package/src/analyzeQuery/analyzers/selectionAnalyzer.ts +135 -0
- package/src/analyzeQuery/analyzers/variableAnalyzer.ts +17 -0
- package/src/analyzeQuery/depthLimit.ts +124 -0
- package/src/analyzeQuery/directiveUtils.ts +99 -0
- package/src/analyzeQuery/index.ts +66 -0
- package/src/analyzeQuery/resolveVariables.ts +394 -0
- package/src/analyzeQuery/typeUtils.ts +47 -0
- package/src/analyzeQuery/types.ts +57 -0
- package/src/analyzeQuery/valueExtractors.ts +96 -0
- package/src/authentication/duration.ts +50 -0
- package/src/authentication/index.ts +34 -0
- package/src/authentication/jwt.ts +220 -0
- package/src/authentication/paseto.ts +256 -0
- package/src/authentication/tokenRepository.ts +75 -0
- package/src/authentication/types.ts +78 -0
- package/src/cli/seedAuth.ts +51 -0
- package/src/cli/seedAuthArgs.ts +50 -0
- package/src/config/helpers/cronHelper.ts +29 -0
- package/src/config/helpers/index.ts +8 -0
- package/src/config/helpers/operationHelper.ts +146 -0
- package/src/config/helpers/queueHelper.ts +27 -0
- package/src/config/index.ts +315 -0
- package/src/config/types/ai.ts +35 -0
- package/src/config/types/auth.ts +147 -0
- package/src/config/types/configuration.ts +69 -0
- package/src/config/types/cron.ts +140 -0
- package/src/config/types/db.ts +256 -0
- package/src/config/types/index.ts +129 -0
- package/src/config/types/operation.ts +253 -0
- package/src/config/types/queue.ts +172 -0
- package/src/config/types/remote-rest.ts +28 -0
- package/src/config/types/remote-schema.ts +39 -0
- package/src/config/types/virtual-columns.ts +157 -0
- package/src/configuration/getSchemas/index.ts +82 -0
- package/src/configuration/getSchemas/mergeEntities/index.ts +221 -0
- package/src/configuration/getSchemas/type-definition-generator/index.ts +511 -0
- package/src/configuration/gql/buildExecute.ts +54 -0
- package/src/configuration/gql/gqlAuthOperations.ts +150 -0
- package/src/configuration/gql/handleGraphQLRequestFactory.ts +415 -0
- package/src/configuration/gql/handleGraphQLSubscriptionFactory.ts +249 -0
- package/src/configuration/index.ts +138 -0
- package/src/configuration/rest/generateOpenAPI.ts +361 -0
- package/src/configuration/rest/handleRESTRequestFactory.ts +335 -0
- package/src/configuration/rest/index.ts +167 -0
- package/src/configuration/rest/openApiErrors.ts +106 -0
- package/src/console/api.ts +270 -0
- package/src/cron/index.ts +251 -0
- package/src/databases/auth/auth-operations.ts +36 -0
- package/src/databases/auth/password.ts +4 -0
- package/src/databases/common.ts +642 -0
- package/src/databases/core/executor.ts +97 -0
- package/src/databases/core/function-mapping.ts +176 -0
- package/src/databases/core/identifier.ts +8 -0
- package/src/databases/core/query-builder.ts +47 -0
- package/src/databases/directives.ts +112 -0
- package/src/databases/engines/mssql/auth.ts +112 -0
- package/src/databases/engines/mssql/connection.ts +151 -0
- package/src/databases/engines/mssql/format.ts +23 -0
- package/src/databases/engines/mssql/getStructure.ts +112 -0
- package/src/databases/engines/mssql/getViews.ts +17 -0
- package/src/databases/engines/mssql/query/index.ts +306 -0
- package/src/databases/engines/mysql/auth.ts +100 -0
- package/src/databases/engines/mysql/connection.ts +100 -0
- package/src/databases/engines/mysql/format.ts +23 -0
- package/src/databases/engines/mysql/getStructure.ts +116 -0
- package/src/databases/engines/mysql/getViews.ts +20 -0
- package/src/databases/engines/mysql/query/index.ts +291 -0
- package/src/databases/engines/postgresql/auth.ts +98 -0
- package/src/databases/engines/postgresql/connection.ts +99 -0
- package/src/databases/engines/postgresql/format.ts +23 -0
- package/src/databases/engines/postgresql/getStructure.ts +149 -0
- package/src/databases/engines/postgresql/getViews.ts +20 -0
- package/src/databases/engines/postgresql/query/index.ts +291 -0
- package/src/databases/engines/shared/claims.ts +26 -0
- package/src/databases/engines/shared/types.ts +7 -0
- package/src/databases/high-level-operations.ts +272 -0
- package/src/databases/index.ts +28 -0
- package/src/databases/metadata/structure.ts +12 -0
- package/src/databases/schemaBuilder/convert.ts +121 -0
- package/src/databases/schemaBuilder/generateCreateTable/index.ts +133 -0
- package/src/databases/schemaBuilder/generateCreateView/index.ts +101 -0
- package/src/databases/schemaBuilder/generateInsert/index.ts +47 -0
- package/src/databases/schemaBuilder/generateSchemaCreation/index.ts +29 -0
- package/src/databases/schemaBuilder/mssqlToPostgres/convertView.ts +47 -0
- package/src/databases/schemaBuilder/utils.ts +17 -0
- package/src/databases/sqlTypeUtils.ts +91 -0
- package/src/databases/transformers/data-transformers.ts +128 -0
- package/src/databases/transformers/genResolverName.ts +18 -0
- package/src/index.ts +461 -0
- package/src/logging/index.ts +69 -0
- package/src/queues/kafka.ts +409 -0
- package/src/queues/rabbitmq.ts +331 -0
- package/src/remoteREST/index.ts +46 -0
- package/src/remoteREST/parse.ts +68 -0
- package/src/remoteREST/proxy.ts +92 -0
- package/src/remoteREST/transform.ts +121 -0
- package/src/remoteREST/types.ts +38 -0
- package/src/remoteSchemas/index.ts +48 -0
- package/src/remoteSchemas/introspect.ts +44 -0
- package/src/remoteSchemas/proxy.ts +146 -0
- package/src/remoteSchemas/transform.ts +210 -0
- package/src/remoteSchemas/types.ts +43 -0
- package/src/singletons/ai.ts +91 -0
- package/src/singletons/authentication.ts +13 -0
- package/src/singletons/cache/index.ts +4 -0
- package/src/singletons/cache/lruCacheStore.ts +34 -0
- package/src/singletons/cache/redisCacheStore.ts +81 -0
- package/src/singletons/cache/redisClient.ts +12 -0
- package/src/singletons/cache/registry.ts +51 -0
- package/src/singletons/cache/types.ts +7 -0
- package/src/singletons/cron.ts +21 -0
- package/src/singletons/databases.ts +68 -0
- package/src/singletons/env.ts +3 -0
- package/src/singletons/queues.ts +101 -0
- package/src/subscriptions/index.ts +20 -0
- package/src/subscriptions/strategies/database.ts +68 -0
- package/src/subscriptions/strategies/index.ts +38 -0
- package/src/subscriptions/strategies/queue.ts +61 -0
- package/src/subscriptions/types.ts +74 -0
- package/src/subscriptions/utils/polling.ts +119 -0
- package/src/types/common.ts +57 -0
- package/src/types/configuration.ts +52 -0
- package/src/types/db.ts +87 -0
- package/src/types/env.ts +137 -0
- package/src/types/resolver.ts +181 -0
- package/src/types/zod/ai.ts +8 -0
- package/src/types/zod/auth.ts +96 -0
- package/src/types/zod/configuration.ts +46 -0
- package/src/types/zod/cron.ts +35 -0
- package/src/types/zod/db.ts +146 -0
- package/src/types/zod/mcp.ts +8 -0
- package/src/types/zod/operation.ts +37 -0
- package/src/types/zod/queue.ts +182 -0
- package/src/types/zod/remoteREST.ts +8 -0
- package/src/types/zod/remoteSchema.ts +11 -0
- package/src/utils/benchmark.ts +13 -0
- package/src/utils/event-emitter.ts +217 -0
- package/src/utils/responses.ts +42 -0
- package/src/utils/safeJSONParse.ts +10 -0
- package/src/utils/selection.ts +35 -0
- package/src/utils/sessionVariables.ts +131 -0
- package/src/utils/writeSchema.ts +13 -0
- package/standalone.ts +32 -0
|
@@ -0,0 +1,220 @@
|
|
|
1
|
+
import { timingSafeEqual } from "crypto";
|
|
2
|
+
|
|
3
|
+
import { SignJWT, jwtVerify } from "jose";
|
|
4
|
+
|
|
5
|
+
import type { JWTPayload } from "jose";
|
|
6
|
+
import type { Env } from "../types/env";
|
|
7
|
+
import type { SessionContext } from "../utils/sessionVariables";
|
|
8
|
+
import type { TokenRepository } from "./tokenRepository";
|
|
9
|
+
import type { TokenGenerationParameters, TokenOptions, TokenResponse, TokenService } from "./types";
|
|
10
|
+
|
|
11
|
+
import { parseDurationToSeconds } from "./duration";
|
|
12
|
+
import { createTokenRepository } from "./tokenRepository";
|
|
13
|
+
import { logger } from "../logging";
|
|
14
|
+
|
|
15
|
+
// Audience constants to distinguish token types
|
|
16
|
+
const ACCESS_TOKEN_AUDIENCE = "access";
|
|
17
|
+
const REFRESH_TOKEN_AUDIENCE = "refresh";
|
|
18
|
+
|
|
19
|
+
// Timing-safe string comparison to prevent timing attacks
|
|
20
|
+
const safeCompare = (a: string, b: string): boolean => {
|
|
21
|
+
try {
|
|
22
|
+
const bufA = Buffer.from(a);
|
|
23
|
+
const bufB = Buffer.from(b);
|
|
24
|
+
if (bufA.length !== bufB.length) return false;
|
|
25
|
+
return timingSafeEqual(bufA, bufB);
|
|
26
|
+
} catch {
|
|
27
|
+
return false;
|
|
28
|
+
}
|
|
29
|
+
};
|
|
30
|
+
|
|
31
|
+
export type { TokenGenerationParameters, TokenOptions, TokenResponse };
|
|
32
|
+
|
|
33
|
+
export type JWTTokenPayload = JWTPayload &
|
|
34
|
+
TokenGenerationParameters & {
|
|
35
|
+
jti: string;
|
|
36
|
+
};
|
|
37
|
+
|
|
38
|
+
const ALGORITHM = "HS256";
|
|
39
|
+
const TYP = "JWT";
|
|
40
|
+
|
|
41
|
+
export const createJWTService = (
|
|
42
|
+
env: Env,
|
|
43
|
+
tokenRepositoryOverride?: TokenRepository,
|
|
44
|
+
): TokenService => {
|
|
45
|
+
const tokenRepository = tokenRepositoryOverride ?? createTokenRepository(env.cache.redisUrl);
|
|
46
|
+
const jwtSecret = new TextEncoder().encode(env.jwt.secret);
|
|
47
|
+
|
|
48
|
+
const createToken = async (
|
|
49
|
+
payload: TokenGenerationParameters,
|
|
50
|
+
options: TokenOptions = {},
|
|
51
|
+
): Promise<string> => {
|
|
52
|
+
try {
|
|
53
|
+
const jwt = new SignJWT({ ...payload })
|
|
54
|
+
.setProtectedHeader({ alg: ALGORITHM, typ: TYP })
|
|
55
|
+
.setIssuedAt()
|
|
56
|
+
.setSubject(payload.sub)
|
|
57
|
+
.setExpirationTime(options.expiresIn || env.jwt.expiresIn)
|
|
58
|
+
.setJti(crypto.randomUUID()); // Add unique token ID
|
|
59
|
+
|
|
60
|
+
if (options.issuer) {
|
|
61
|
+
jwt.setIssuer(options.issuer);
|
|
62
|
+
}
|
|
63
|
+
if (options.audience) {
|
|
64
|
+
jwt.setAudience(options.audience);
|
|
65
|
+
}
|
|
66
|
+
if (options.notBefore) {
|
|
67
|
+
jwt.setNotBefore(options.notBefore);
|
|
68
|
+
}
|
|
69
|
+
|
|
70
|
+
return await jwt.sign(jwtSecret);
|
|
71
|
+
} catch (error) {
|
|
72
|
+
logger("auth").child({ strategy: "jwt" }).error({ err: error }, "token creation failed");
|
|
73
|
+
throw new Error("Token creation failed");
|
|
74
|
+
}
|
|
75
|
+
};
|
|
76
|
+
|
|
77
|
+
const verifyToken = async <T extends JWTTokenPayload = JWTTokenPayload>(
|
|
78
|
+
token: string,
|
|
79
|
+
options: TokenOptions = {},
|
|
80
|
+
): Promise<T> => {
|
|
81
|
+
const { payload } = await jwtVerify(token, jwtSecret, {
|
|
82
|
+
issuer: options.issuer,
|
|
83
|
+
audience: options.audience,
|
|
84
|
+
algorithms: [ALGORITHM],
|
|
85
|
+
typ: TYP,
|
|
86
|
+
});
|
|
87
|
+
|
|
88
|
+
return payload as T;
|
|
89
|
+
};
|
|
90
|
+
|
|
91
|
+
const verifyTokenAndGetRole = async (
|
|
92
|
+
authHeader: string | null,
|
|
93
|
+
adminSecretHeader: string | null,
|
|
94
|
+
): Promise<string> => {
|
|
95
|
+
// Use timing-safe comparison to prevent timing attacks
|
|
96
|
+
if (env.admin.secret && adminSecretHeader && safeCompare(adminSecretHeader, env.admin.secret))
|
|
97
|
+
return env.superadmin.role;
|
|
98
|
+
|
|
99
|
+
if (!authHeader) return env.anonymousRole;
|
|
100
|
+
|
|
101
|
+
if (!authHeader.startsWith("Bearer ")) return env.anonymousRole;
|
|
102
|
+
|
|
103
|
+
const token = authHeader.substring(7); // Remove 'Bearer ' prefix
|
|
104
|
+
|
|
105
|
+
try {
|
|
106
|
+
const verifiedToken = await verifyToken(token);
|
|
107
|
+
|
|
108
|
+
return verifiedToken.role;
|
|
109
|
+
} catch {
|
|
110
|
+
return env.anonymousRole;
|
|
111
|
+
}
|
|
112
|
+
};
|
|
113
|
+
|
|
114
|
+
const verifyTokenAndGetSession = async (
|
|
115
|
+
authHeader: string | null,
|
|
116
|
+
adminSecretHeader: string | null,
|
|
117
|
+
): Promise<SessionContext> => {
|
|
118
|
+
if (env.admin.secret && adminSecretHeader && safeCompare(adminSecretHeader, env.admin.secret))
|
|
119
|
+
return { sub: "superadmin", role: env.superadmin.role };
|
|
120
|
+
|
|
121
|
+
if (!authHeader || !authHeader.startsWith("Bearer "))
|
|
122
|
+
return { sub: "anonymous", role: env.anonymousRole };
|
|
123
|
+
|
|
124
|
+
const token = authHeader.substring(7);
|
|
125
|
+
|
|
126
|
+
try {
|
|
127
|
+
const payload = await verifyToken(token, { audience: ACCESS_TOKEN_AUDIENCE });
|
|
128
|
+
if (await tokenRepository.isRevoked(payload.jti)) {
|
|
129
|
+
logger("auth").child({ strategy: "jwt" }).warn({ jti: payload.jti }, "token revoked");
|
|
130
|
+
return { sub: "anonymous", role: env.anonymousRole };
|
|
131
|
+
}
|
|
132
|
+
logger("auth")
|
|
133
|
+
.child({ strategy: "jwt" })
|
|
134
|
+
.debug({ sub: payload.sub, role: payload.role }, "token verified");
|
|
135
|
+
return {
|
|
136
|
+
sub: payload.sub,
|
|
137
|
+
role: payload.role,
|
|
138
|
+
jti: payload.jti,
|
|
139
|
+
claims: (payload.claims as Record<string, unknown>) ?? {},
|
|
140
|
+
iat: payload.iat,
|
|
141
|
+
exp: payload.exp,
|
|
142
|
+
};
|
|
143
|
+
} catch (error) {
|
|
144
|
+
logger("auth").child({ strategy: "jwt" }).debug({ err: error }, "token verification failed");
|
|
145
|
+
return { sub: "anonymous", role: env.anonymousRole };
|
|
146
|
+
}
|
|
147
|
+
};
|
|
148
|
+
|
|
149
|
+
const createTokenPair = async (
|
|
150
|
+
payload: TokenGenerationParameters,
|
|
151
|
+
options: TokenOptions = {},
|
|
152
|
+
): Promise<TokenResponse> => {
|
|
153
|
+
const accessTokenExpiry = options.expiresIn || env.jwt.expiresIn;
|
|
154
|
+
|
|
155
|
+
// Access token - short lived, with "access" audience
|
|
156
|
+
const access_token = await createToken(payload, {
|
|
157
|
+
...options,
|
|
158
|
+
expiresIn: accessTokenExpiry,
|
|
159
|
+
audience: ACCESS_TOKEN_AUDIENCE,
|
|
160
|
+
});
|
|
161
|
+
|
|
162
|
+
// Refresh token - longer lived, with "refresh" audience
|
|
163
|
+
const refresh_token = await createToken(payload, {
|
|
164
|
+
...options,
|
|
165
|
+
expiresIn: env.jwt.rtExpiresIn,
|
|
166
|
+
audience: REFRESH_TOKEN_AUDIENCE,
|
|
167
|
+
});
|
|
168
|
+
|
|
169
|
+
return {
|
|
170
|
+
access_token,
|
|
171
|
+
refresh_token,
|
|
172
|
+
expires_in: parseDurationToSeconds(accessTokenExpiry),
|
|
173
|
+
role: payload.role,
|
|
174
|
+
};
|
|
175
|
+
};
|
|
176
|
+
|
|
177
|
+
const refreshAccessToken = async (refresh_token: string) => {
|
|
178
|
+
// Verify refresh token with correct audience
|
|
179
|
+
const payload = await verifyToken(refresh_token, {
|
|
180
|
+
audience: REFRESH_TOKEN_AUDIENCE,
|
|
181
|
+
});
|
|
182
|
+
|
|
183
|
+
if (await tokenRepository.isRevoked(payload.jti)) {
|
|
184
|
+
throw new Error("Token revoked");
|
|
185
|
+
}
|
|
186
|
+
|
|
187
|
+
// Check if this refresh token has already been used (token rotation)
|
|
188
|
+
const isAlreadyUsed = await tokenRepository.isTokenUsed(payload.jti);
|
|
189
|
+
|
|
190
|
+
if (isAlreadyUsed) {
|
|
191
|
+
// Token reuse detected - this could indicate token theft
|
|
192
|
+
// In a production system, you might want to revoke all tokens for this user
|
|
193
|
+
throw new Error("Token reuse detected");
|
|
194
|
+
}
|
|
195
|
+
|
|
196
|
+
// Mark this refresh token as used BEFORE issuing new tokens
|
|
197
|
+
await tokenRepository.saveJti(payload.jti, env.jwt.rtExpiresIn);
|
|
198
|
+
|
|
199
|
+
// Create new token pair with original subject, role, and claims
|
|
200
|
+
return createTokenPair(
|
|
201
|
+
{
|
|
202
|
+
sub: payload.sub,
|
|
203
|
+
role: payload.role,
|
|
204
|
+
claims: (payload.claims as Record<string, unknown>) ?? {},
|
|
205
|
+
},
|
|
206
|
+
{ expiresIn: env.jwt.expiresIn },
|
|
207
|
+
);
|
|
208
|
+
};
|
|
209
|
+
|
|
210
|
+
return {
|
|
211
|
+
createToken,
|
|
212
|
+
verifyToken,
|
|
213
|
+
verifyTokenAndGetRole,
|
|
214
|
+
verifyTokenAndGetSession,
|
|
215
|
+
createTokenPair,
|
|
216
|
+
refreshAccessToken,
|
|
217
|
+
revoke: tokenRepository.revoke,
|
|
218
|
+
isRevoked: tokenRepository.isRevoked,
|
|
219
|
+
};
|
|
220
|
+
};
|
|
@@ -0,0 +1,256 @@
|
|
|
1
|
+
import { timingSafeEqual } from "crypto";
|
|
2
|
+
|
|
3
|
+
import { decrypt, encrypt, sign, verify } from "paseto-ts/v4";
|
|
4
|
+
|
|
5
|
+
import type { Env } from "../types/env";
|
|
6
|
+
import type { SessionContext } from "../utils/sessionVariables";
|
|
7
|
+
import type { TokenRepository } from "./tokenRepository";
|
|
8
|
+
import type { TokenGenerationParameters, TokenOptions, TokenResponse, TokenService } from "./types";
|
|
9
|
+
|
|
10
|
+
import { parseDurationToSeconds, toPasetoDuration } from "./duration";
|
|
11
|
+
import { createTokenRepository } from "./tokenRepository";
|
|
12
|
+
import { logger } from "../logging";
|
|
13
|
+
|
|
14
|
+
// Audience constants to distinguish token types
|
|
15
|
+
const ACCESS_TOKEN_AUDIENCE = "access";
|
|
16
|
+
const REFRESH_TOKEN_AUDIENCE = "refresh";
|
|
17
|
+
|
|
18
|
+
// Timing-safe string comparison to prevent timing attacks
|
|
19
|
+
const safeCompare = (a: string, b: string): boolean => {
|
|
20
|
+
try {
|
|
21
|
+
const bufA = Buffer.from(a);
|
|
22
|
+
const bufB = Buffer.from(b);
|
|
23
|
+
if (bufA.length !== bufB.length) return false;
|
|
24
|
+
return timingSafeEqual(bufA, bufB);
|
|
25
|
+
} catch {
|
|
26
|
+
return false;
|
|
27
|
+
}
|
|
28
|
+
};
|
|
29
|
+
|
|
30
|
+
type PasetoPayload = {
|
|
31
|
+
sub: string;
|
|
32
|
+
role: string;
|
|
33
|
+
claims?: Record<string, unknown>;
|
|
34
|
+
jti: string;
|
|
35
|
+
aud?: string;
|
|
36
|
+
iss?: string;
|
|
37
|
+
iat?: string;
|
|
38
|
+
exp?: string;
|
|
39
|
+
nbf?: string;
|
|
40
|
+
};
|
|
41
|
+
|
|
42
|
+
/**
|
|
43
|
+
* Convert PASETO ISO 8601 timestamp string to Unix epoch seconds
|
|
44
|
+
*/
|
|
45
|
+
const isoToEpoch = (iso: string | undefined): number | undefined => {
|
|
46
|
+
if (!iso) return undefined;
|
|
47
|
+
return Math.floor(new Date(iso).getTime() / 1000);
|
|
48
|
+
};
|
|
49
|
+
|
|
50
|
+
type PasetoMode = "local" | "public";
|
|
51
|
+
|
|
52
|
+
export const createPASETOService = (
|
|
53
|
+
env: Env,
|
|
54
|
+
mode: PasetoMode,
|
|
55
|
+
tokenRepositoryOverride?: TokenRepository,
|
|
56
|
+
): TokenService => {
|
|
57
|
+
const tokenRepository = tokenRepositoryOverride ?? createTokenRepository(env.cache.redisUrl);
|
|
58
|
+
|
|
59
|
+
// Token creation and verification functions based on mode
|
|
60
|
+
const createPasetoToken = async (
|
|
61
|
+
payload: Record<string, unknown>,
|
|
62
|
+
expiry: string,
|
|
63
|
+
): Promise<string> => {
|
|
64
|
+
const pasetoPayload = {
|
|
65
|
+
...payload,
|
|
66
|
+
exp: toPasetoDuration(expiry),
|
|
67
|
+
};
|
|
68
|
+
|
|
69
|
+
if (mode === "local") {
|
|
70
|
+
return encrypt(env.paseto.localKey!, pasetoPayload);
|
|
71
|
+
}
|
|
72
|
+
return sign(env.paseto.secretKey!, pasetoPayload);
|
|
73
|
+
};
|
|
74
|
+
|
|
75
|
+
const verifyPasetoToken = async (token: string): Promise<PasetoPayload> => {
|
|
76
|
+
if (mode === "local") {
|
|
77
|
+
const { payload } = await decrypt<PasetoPayload>(env.paseto.localKey!, token);
|
|
78
|
+
return payload;
|
|
79
|
+
}
|
|
80
|
+
const { payload } = await verify<PasetoPayload>(env.paseto.publicKey!, token);
|
|
81
|
+
return payload;
|
|
82
|
+
};
|
|
83
|
+
|
|
84
|
+
const createToken = async (
|
|
85
|
+
payload: TokenGenerationParameters,
|
|
86
|
+
options: TokenOptions = {},
|
|
87
|
+
): Promise<string> => {
|
|
88
|
+
try {
|
|
89
|
+
const tokenPayload: Record<string, unknown> = {
|
|
90
|
+
sub: payload.sub,
|
|
91
|
+
role: payload.role,
|
|
92
|
+
jti: crypto.randomUUID(),
|
|
93
|
+
};
|
|
94
|
+
|
|
95
|
+
if (payload.claims) {
|
|
96
|
+
tokenPayload.claims = payload.claims;
|
|
97
|
+
}
|
|
98
|
+
if (options.audience) {
|
|
99
|
+
tokenPayload.aud = options.audience;
|
|
100
|
+
}
|
|
101
|
+
if (options.issuer) {
|
|
102
|
+
tokenPayload.iss = options.issuer;
|
|
103
|
+
}
|
|
104
|
+
|
|
105
|
+
const expiry = options.expiresIn || env.jwt.expiresIn;
|
|
106
|
+
return await createPasetoToken(tokenPayload, expiry);
|
|
107
|
+
} catch (error) {
|
|
108
|
+
logger("auth").child({ strategy: "paseto" }).error({ err: error }, "token creation failed");
|
|
109
|
+
throw new Error("Token creation failed");
|
|
110
|
+
}
|
|
111
|
+
};
|
|
112
|
+
|
|
113
|
+
const verifyToken = async <T = PasetoPayload>(
|
|
114
|
+
token: string,
|
|
115
|
+
options: TokenOptions = {},
|
|
116
|
+
): Promise<T> => {
|
|
117
|
+
const payload = await verifyPasetoToken(token);
|
|
118
|
+
|
|
119
|
+
// Validate audience manually (PASETO doesn't auto-validate audience)
|
|
120
|
+
if (options.audience && payload.aud !== options.audience) {
|
|
121
|
+
throw new Error("Audience mismatch");
|
|
122
|
+
}
|
|
123
|
+
|
|
124
|
+
if (options.issuer && payload.iss !== options.issuer) {
|
|
125
|
+
throw new Error("Issuer mismatch");
|
|
126
|
+
}
|
|
127
|
+
|
|
128
|
+
return payload as T;
|
|
129
|
+
};
|
|
130
|
+
|
|
131
|
+
const verifyTokenAndGetRole = async (
|
|
132
|
+
authHeader: string | null,
|
|
133
|
+
adminSecretHeader: string | null,
|
|
134
|
+
): Promise<string> => {
|
|
135
|
+
if (env.admin.secret && adminSecretHeader && safeCompare(adminSecretHeader, env.admin.secret))
|
|
136
|
+
return env.superadmin.role;
|
|
137
|
+
|
|
138
|
+
if (!authHeader) return env.anonymousRole;
|
|
139
|
+
|
|
140
|
+
if (!authHeader.startsWith("Bearer ")) return env.anonymousRole;
|
|
141
|
+
|
|
142
|
+
const token = authHeader.substring(7);
|
|
143
|
+
|
|
144
|
+
try {
|
|
145
|
+
const payload = await verifyPasetoToken(token);
|
|
146
|
+
return payload.role;
|
|
147
|
+
} catch {
|
|
148
|
+
return env.anonymousRole;
|
|
149
|
+
}
|
|
150
|
+
};
|
|
151
|
+
|
|
152
|
+
const verifyTokenAndGetSession = async (
|
|
153
|
+
authHeader: string | null,
|
|
154
|
+
adminSecretHeader: string | null,
|
|
155
|
+
): Promise<SessionContext> => {
|
|
156
|
+
if (env.admin.secret && adminSecretHeader && safeCompare(adminSecretHeader, env.admin.secret))
|
|
157
|
+
return { sub: "superadmin", role: env.superadmin.role };
|
|
158
|
+
|
|
159
|
+
if (!authHeader || !authHeader.startsWith("Bearer "))
|
|
160
|
+
return { sub: "anonymous", role: env.anonymousRole };
|
|
161
|
+
|
|
162
|
+
const token = authHeader.substring(7);
|
|
163
|
+
|
|
164
|
+
try {
|
|
165
|
+
const payload = await verifyPasetoToken(token);
|
|
166
|
+
// Enforce access-token audience on the bearer path
|
|
167
|
+
if (payload.aud && payload.aud !== ACCESS_TOKEN_AUDIENCE) {
|
|
168
|
+
throw new Error("Audience mismatch");
|
|
169
|
+
}
|
|
170
|
+
if (await tokenRepository.isRevoked(payload.jti)) {
|
|
171
|
+
logger("auth").child({ strategy: "paseto" }).warn({ jti: payload.jti }, "token revoked");
|
|
172
|
+
return { sub: "anonymous", role: env.anonymousRole };
|
|
173
|
+
}
|
|
174
|
+
logger("auth")
|
|
175
|
+
.child({ strategy: "paseto" })
|
|
176
|
+
.debug({ sub: payload.sub, role: payload.role }, "token verified");
|
|
177
|
+
return {
|
|
178
|
+
sub: payload.sub,
|
|
179
|
+
role: payload.role,
|
|
180
|
+
jti: payload.jti,
|
|
181
|
+
claims: payload.claims ?? {},
|
|
182
|
+
iat: isoToEpoch(payload.iat),
|
|
183
|
+
exp: isoToEpoch(payload.exp),
|
|
184
|
+
};
|
|
185
|
+
} catch (error) {
|
|
186
|
+
logger("auth")
|
|
187
|
+
.child({ strategy: "paseto" })
|
|
188
|
+
.debug({ err: error }, "token verification failed");
|
|
189
|
+
return { sub: "anonymous", role: env.anonymousRole };
|
|
190
|
+
}
|
|
191
|
+
};
|
|
192
|
+
|
|
193
|
+
const createTokenPair = async (
|
|
194
|
+
payload: TokenGenerationParameters,
|
|
195
|
+
options: TokenOptions = {},
|
|
196
|
+
): Promise<TokenResponse> => {
|
|
197
|
+
const accessTokenExpiry = options.expiresIn || env.jwt.expiresIn;
|
|
198
|
+
|
|
199
|
+
const access_token = await createToken(payload, {
|
|
200
|
+
...options,
|
|
201
|
+
expiresIn: accessTokenExpiry,
|
|
202
|
+
audience: ACCESS_TOKEN_AUDIENCE,
|
|
203
|
+
});
|
|
204
|
+
|
|
205
|
+
const refresh_token = await createToken(payload, {
|
|
206
|
+
...options,
|
|
207
|
+
expiresIn: env.jwt.rtExpiresIn,
|
|
208
|
+
audience: REFRESH_TOKEN_AUDIENCE,
|
|
209
|
+
});
|
|
210
|
+
|
|
211
|
+
return {
|
|
212
|
+
access_token,
|
|
213
|
+
refresh_token,
|
|
214
|
+
expires_in: parseDurationToSeconds(accessTokenExpiry),
|
|
215
|
+
role: payload.role,
|
|
216
|
+
};
|
|
217
|
+
};
|
|
218
|
+
|
|
219
|
+
const refreshAccessToken = async (refresh_token: string): Promise<TokenResponse> => {
|
|
220
|
+
const payload = await verifyToken<PasetoPayload>(refresh_token, {
|
|
221
|
+
audience: REFRESH_TOKEN_AUDIENCE,
|
|
222
|
+
});
|
|
223
|
+
|
|
224
|
+
if (await tokenRepository.isRevoked(payload.jti)) {
|
|
225
|
+
throw new Error("Token revoked");
|
|
226
|
+
}
|
|
227
|
+
|
|
228
|
+
const isAlreadyUsed = await tokenRepository.isTokenUsed(payload.jti);
|
|
229
|
+
|
|
230
|
+
if (isAlreadyUsed) {
|
|
231
|
+
throw new Error("Token reuse detected");
|
|
232
|
+
}
|
|
233
|
+
|
|
234
|
+
await tokenRepository.saveJti(payload.jti, env.jwt.rtExpiresIn);
|
|
235
|
+
|
|
236
|
+
return createTokenPair(
|
|
237
|
+
{
|
|
238
|
+
sub: payload.sub,
|
|
239
|
+
role: payload.role,
|
|
240
|
+
claims: payload.claims ?? {},
|
|
241
|
+
},
|
|
242
|
+
{ expiresIn: env.jwt.expiresIn },
|
|
243
|
+
);
|
|
244
|
+
};
|
|
245
|
+
|
|
246
|
+
return {
|
|
247
|
+
createToken,
|
|
248
|
+
verifyToken,
|
|
249
|
+
verifyTokenAndGetRole,
|
|
250
|
+
verifyTokenAndGetSession,
|
|
251
|
+
createTokenPair,
|
|
252
|
+
refreshAccessToken,
|
|
253
|
+
revoke: tokenRepository.revoke,
|
|
254
|
+
isRevoked: tokenRepository.isRevoked,
|
|
255
|
+
};
|
|
256
|
+
};
|
|
@@ -0,0 +1,75 @@
|
|
|
1
|
+
import { RedisClient as ValkeyClient } from "bun";
|
|
2
|
+
|
|
3
|
+
import { parseDurationToMs } from "./duration";
|
|
4
|
+
import { logger } from "../logging";
|
|
5
|
+
|
|
6
|
+
export type TokenRepository = {
|
|
7
|
+
saveJti(jti: string, expiresIn: string): Promise<void>;
|
|
8
|
+
isTokenUsed(jti: string): Promise<boolean>;
|
|
9
|
+
revoke(jti: string): Promise<void>;
|
|
10
|
+
isRevoked(jti: string): Promise<boolean>;
|
|
11
|
+
};
|
|
12
|
+
|
|
13
|
+
export type TokenRepositoryClient = {
|
|
14
|
+
hset(key: string, fields: Record<string, string>): Promise<unknown>;
|
|
15
|
+
hmget(key: string, fields: string[]): Promise<(string | null)[]>;
|
|
16
|
+
expire(key: string, seconds: number): Promise<unknown>;
|
|
17
|
+
};
|
|
18
|
+
|
|
19
|
+
export const createTokenRepositoryWithClient = (client: TokenRepositoryClient): TokenRepository => {
|
|
20
|
+
const log = logger("token-repository");
|
|
21
|
+
|
|
22
|
+
const saveJti = async (jti: string, expiresIn: string) => {
|
|
23
|
+
try {
|
|
24
|
+
await client.hset(jti, { isUsed: "true" });
|
|
25
|
+
await client.expire(jti, parseDurationToMs(expiresIn) / 1000);
|
|
26
|
+
} catch (error) {
|
|
27
|
+
log.error({ err: error }, "failed to save JTI");
|
|
28
|
+
throw new Error("Token storage unavailable");
|
|
29
|
+
}
|
|
30
|
+
};
|
|
31
|
+
|
|
32
|
+
const isTokenUsed = async (jti: string): Promise<boolean> => {
|
|
33
|
+
try {
|
|
34
|
+
const [isUsed] = await client.hmget(jti, ["isUsed"]);
|
|
35
|
+
return isUsed === "true";
|
|
36
|
+
} catch (error) {
|
|
37
|
+
log.error({ err: error }, "failed to check JTI usage, failing closed");
|
|
38
|
+
return true;
|
|
39
|
+
}
|
|
40
|
+
};
|
|
41
|
+
|
|
42
|
+
const revoke = async (jti: string) => {
|
|
43
|
+
try {
|
|
44
|
+
const [isUsed] = await client.hmget(jti, ["isUsed"]);
|
|
45
|
+
if (isUsed !== "true") return;
|
|
46
|
+
await client.hset(jti, { isRevoked: "true" });
|
|
47
|
+
} catch (error) {
|
|
48
|
+
log.error({ err: error }, "failed to revoke JTI");
|
|
49
|
+
throw new Error("Token revocation failed");
|
|
50
|
+
}
|
|
51
|
+
};
|
|
52
|
+
|
|
53
|
+
const isRevoked = async (jti: string): Promise<boolean> => {
|
|
54
|
+
try {
|
|
55
|
+
const [isRevoked] = await client.hmget(jti, ["isRevoked"]);
|
|
56
|
+
return isRevoked === "true";
|
|
57
|
+
} catch (error) {
|
|
58
|
+
log.error({ err: error }, "failed to check revocation, failing closed");
|
|
59
|
+
return true;
|
|
60
|
+
}
|
|
61
|
+
};
|
|
62
|
+
|
|
63
|
+
return {
|
|
64
|
+
saveJti,
|
|
65
|
+
isTokenUsed,
|
|
66
|
+
revoke,
|
|
67
|
+
isRevoked,
|
|
68
|
+
};
|
|
69
|
+
};
|
|
70
|
+
|
|
71
|
+
export const createTokenRepository = (redisUrl: string): TokenRepository =>
|
|
72
|
+
// Bun's RedisClient exposes the same hset/hmget/expire surface we need but
|
|
73
|
+
// its declared types are wider than TokenRepositoryClient. The cast is the
|
|
74
|
+
// structural-typing bridge and is intentional.
|
|
75
|
+
createTokenRepositoryWithClient(new ValkeyClient(redisUrl) as unknown as TokenRepositoryClient);
|
|
@@ -0,0 +1,78 @@
|
|
|
1
|
+
import type { SessionContext } from "../utils/sessionVariables";
|
|
2
|
+
|
|
3
|
+
// ============================================================================
|
|
4
|
+
// Token Strategy
|
|
5
|
+
// ============================================================================
|
|
6
|
+
|
|
7
|
+
export type TokenStrategy = "jwt" | "paseto_local" | "paseto_public";
|
|
8
|
+
|
|
9
|
+
// ============================================================================
|
|
10
|
+
// Shared Token Types
|
|
11
|
+
// ============================================================================
|
|
12
|
+
|
|
13
|
+
export type TokenGenerationParameters = {
|
|
14
|
+
sub: string;
|
|
15
|
+
role: string;
|
|
16
|
+
claims?: Record<string, unknown>;
|
|
17
|
+
};
|
|
18
|
+
|
|
19
|
+
export type TokenPayload = {
|
|
20
|
+
sub: string;
|
|
21
|
+
role: string;
|
|
22
|
+
claims?: Record<string, unknown>;
|
|
23
|
+
jti: string;
|
|
24
|
+
aud?: string | string[];
|
|
25
|
+
iss?: string;
|
|
26
|
+
iat?: number;
|
|
27
|
+
exp?: number;
|
|
28
|
+
nbf?: number;
|
|
29
|
+
[key: string]: unknown;
|
|
30
|
+
};
|
|
31
|
+
|
|
32
|
+
export type TokenOptions = {
|
|
33
|
+
expiresIn?: string;
|
|
34
|
+
issuer?: string;
|
|
35
|
+
audience?: string;
|
|
36
|
+
notBefore?: string | number;
|
|
37
|
+
};
|
|
38
|
+
|
|
39
|
+
export type TokenResponse = {
|
|
40
|
+
access_token: string;
|
|
41
|
+
refresh_token: string;
|
|
42
|
+
expires_in: number; // seconds until access_token expires
|
|
43
|
+
role: string;
|
|
44
|
+
};
|
|
45
|
+
|
|
46
|
+
// ============================================================================
|
|
47
|
+
// Token Service Interface
|
|
48
|
+
// ============================================================================
|
|
49
|
+
|
|
50
|
+
export type TokenService = {
|
|
51
|
+
createToken(payload: TokenGenerationParameters, options?: TokenOptions): Promise<string>;
|
|
52
|
+
|
|
53
|
+
verifyToken<T extends TokenPayload = TokenPayload>(
|
|
54
|
+
token: string,
|
|
55
|
+
options?: TokenOptions,
|
|
56
|
+
): Promise<T>;
|
|
57
|
+
|
|
58
|
+
verifyTokenAndGetRole(
|
|
59
|
+
authHeader: string | null,
|
|
60
|
+
adminSecretHeader: string | null,
|
|
61
|
+
): Promise<string>;
|
|
62
|
+
|
|
63
|
+
verifyTokenAndGetSession(
|
|
64
|
+
authHeader: string | null,
|
|
65
|
+
adminSecretHeader: string | null,
|
|
66
|
+
): Promise<SessionContext>;
|
|
67
|
+
|
|
68
|
+
createTokenPair(
|
|
69
|
+
payload: TokenGenerationParameters,
|
|
70
|
+
options?: TokenOptions,
|
|
71
|
+
): Promise<TokenResponse>;
|
|
72
|
+
|
|
73
|
+
refreshAccessToken(refresh_token: string): Promise<TokenResponse>;
|
|
74
|
+
|
|
75
|
+
revoke(jti: string): Promise<void>;
|
|
76
|
+
|
|
77
|
+
isRevoked(jti: string): Promise<boolean>;
|
|
78
|
+
};
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
import type { SeedAuthArgs } from "./seedAuthArgs";
|
|
2
|
+
|
|
3
|
+
import { loadConfiguration } from "../configuration";
|
|
4
|
+
import { insertAuthUser } from "../databases";
|
|
5
|
+
import { instantiateDatabasesConnections } from "../singletons/databases";
|
|
6
|
+
import { ConfigurationZod } from "../types/zod/configuration";
|
|
7
|
+
import { parseSeedAuthArgs } from "./seedAuthArgs";
|
|
8
|
+
import { logger } from "../logging";
|
|
9
|
+
|
|
10
|
+
export const runSeedAuth = async (args: SeedAuthArgs): Promise<void> => {
|
|
11
|
+
const rawConfig = await loadConfiguration(args.config);
|
|
12
|
+
const configuration = ConfigurationZod.parse(rawConfig);
|
|
13
|
+
|
|
14
|
+
if (!configuration.auth?.enabled) {
|
|
15
|
+
throw new Error("auth.enabled must be true in the configuration to seed an auth user");
|
|
16
|
+
}
|
|
17
|
+
|
|
18
|
+
await instantiateDatabasesConnections([configuration.auth.databaseEntity]);
|
|
19
|
+
|
|
20
|
+
await insertAuthUser(configuration.auth, {
|
|
21
|
+
username: args.user,
|
|
22
|
+
password: args.password,
|
|
23
|
+
role: args.role,
|
|
24
|
+
claims: args.claims,
|
|
25
|
+
});
|
|
26
|
+
};
|
|
27
|
+
|
|
28
|
+
export const seedAuthCommand = async (argv: string[]): Promise<void> => {
|
|
29
|
+
const log = logger("cli");
|
|
30
|
+
let args: SeedAuthArgs;
|
|
31
|
+
try {
|
|
32
|
+
args = parseSeedAuthArgs(argv);
|
|
33
|
+
} catch (error) {
|
|
34
|
+
const msg = error instanceof Error ? error.message : String(error);
|
|
35
|
+
log.error({ err: error }, `seed-auth: ${msg}`);
|
|
36
|
+
console.error(
|
|
37
|
+
"Usage: graphoria seed-auth --user <name> --password <pwd> --role <role> --config <path> [--claims <json>]",
|
|
38
|
+
);
|
|
39
|
+
process.exit(2);
|
|
40
|
+
}
|
|
41
|
+
|
|
42
|
+
try {
|
|
43
|
+
await runSeedAuth(args);
|
|
44
|
+
log.info({ user: args.user, role: args.role }, "seeded auth user");
|
|
45
|
+
process.exit(0);
|
|
46
|
+
} catch (error) {
|
|
47
|
+
const msg = error instanceof Error ? error.message : String(error);
|
|
48
|
+
log.error({ err: error }, `seed-auth failed: ${msg}`);
|
|
49
|
+
process.exit(1);
|
|
50
|
+
}
|
|
51
|
+
};
|