@graphoria/server 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (628) hide show
  1. package/LICENSE +201 -0
  2. package/NOTICE +10 -0
  3. package/README.md +129 -0
  4. package/cli.ts +105 -0
  5. package/dist/cli.d.ts +3 -0
  6. package/dist/cli.d.ts.map +1 -0
  7. package/dist/src/ai/agent/agent.d.ts +37 -0
  8. package/dist/src/ai/agent/agent.d.ts.map +1 -0
  9. package/dist/src/ai/agent/index.d.ts +3 -0
  10. package/dist/src/ai/agent/index.d.ts.map +1 -0
  11. package/dist/src/ai/agent/providers/anthropic.d.ts +10 -0
  12. package/dist/src/ai/agent/providers/anthropic.d.ts.map +1 -0
  13. package/dist/src/ai/agent/providers/index.d.ts +8 -0
  14. package/dist/src/ai/agent/providers/index.d.ts.map +1 -0
  15. package/dist/src/ai/agent/providers/ollama.d.ts +11 -0
  16. package/dist/src/ai/agent/providers/ollama.d.ts.map +1 -0
  17. package/dist/src/ai/agent/providers/openai.d.ts +14 -0
  18. package/dist/src/ai/agent/providers/openai.d.ts.map +1 -0
  19. package/dist/src/ai/agent/types.d.ts +51 -0
  20. package/dist/src/ai/agent/types.d.ts.map +1 -0
  21. package/dist/src/ai/ask-field.test.d.ts +2 -0
  22. package/dist/src/ai/ask-field.test.d.ts.map +1 -0
  23. package/dist/src/ai/index.d.ts +7 -0
  24. package/dist/src/ai/index.d.ts.map +1 -0
  25. package/dist/src/ai/mcp/create-server.d.ts +14 -0
  26. package/dist/src/ai/mcp/create-server.d.ts.map +1 -0
  27. package/dist/src/ai/mcp/create-server.test.d.ts +2 -0
  28. package/dist/src/ai/mcp/create-server.test.d.ts.map +1 -0
  29. package/dist/src/ai/mcp/index.d.ts +13 -0
  30. package/dist/src/ai/mcp/index.d.ts.map +1 -0
  31. package/dist/src/ai/mcp/index.test.d.ts +2 -0
  32. package/dist/src/ai/mcp/index.test.d.ts.map +1 -0
  33. package/dist/src/ai/mcp/instructions.d.ts +2 -0
  34. package/dist/src/ai/mcp/instructions.d.ts.map +1 -0
  35. package/dist/src/ai/tools/agent.d.ts +4 -0
  36. package/dist/src/ai/tools/agent.d.ts.map +1 -0
  37. package/dist/src/ai/tools/agent.test.d.ts +2 -0
  38. package/dist/src/ai/tools/agent.test.d.ts.map +1 -0
  39. package/dist/src/ai/tools/core.d.ts +75 -0
  40. package/dist/src/ai/tools/core.d.ts.map +1 -0
  41. package/dist/src/ai/tools/query-data.d.ts +35 -0
  42. package/dist/src/ai/tools/query-data.d.ts.map +1 -0
  43. package/dist/src/analyzeQuery/analyzers/fragmentAnalyzer.d.ts +5 -0
  44. package/dist/src/analyzeQuery/analyzers/fragmentAnalyzer.d.ts.map +1 -0
  45. package/dist/src/analyzeQuery/analyzers/operationAnalyzer.d.ts +6 -0
  46. package/dist/src/analyzeQuery/analyzers/operationAnalyzer.d.ts.map +1 -0
  47. package/dist/src/analyzeQuery/analyzers/selectionAnalyzer.d.ts +6 -0
  48. package/dist/src/analyzeQuery/analyzers/selectionAnalyzer.d.ts.map +1 -0
  49. package/dist/src/analyzeQuery/analyzers/variableAnalyzer.d.ts +4 -0
  50. package/dist/src/analyzeQuery/analyzers/variableAnalyzer.d.ts.map +1 -0
  51. package/dist/src/analyzeQuery/depthLimit.d.ts +16 -0
  52. package/dist/src/analyzeQuery/depthLimit.d.ts.map +1 -0
  53. package/dist/src/analyzeQuery/depthLimit.test.d.ts +2 -0
  54. package/dist/src/analyzeQuery/depthLimit.test.d.ts.map +1 -0
  55. package/dist/src/analyzeQuery/directiveUtils.d.ts +4 -0
  56. package/dist/src/analyzeQuery/directiveUtils.d.ts.map +1 -0
  57. package/dist/src/analyzeQuery/directiveUtils.test.d.ts +2 -0
  58. package/dist/src/analyzeQuery/directiveUtils.test.d.ts.map +1 -0
  59. package/dist/src/analyzeQuery/index.d.ts +5 -0
  60. package/dist/src/analyzeQuery/index.d.ts.map +1 -0
  61. package/dist/src/analyzeQuery/index.test.d.ts +2 -0
  62. package/dist/src/analyzeQuery/index.test.d.ts.map +1 -0
  63. package/dist/src/analyzeQuery/resolveVariables.d.ts +71 -0
  64. package/dist/src/analyzeQuery/resolveVariables.d.ts.map +1 -0
  65. package/dist/src/analyzeQuery/resolveVariables.test.d.ts +2 -0
  66. package/dist/src/analyzeQuery/resolveVariables.test.d.ts.map +1 -0
  67. package/dist/src/analyzeQuery/staticValues.test.d.ts +2 -0
  68. package/dist/src/analyzeQuery/staticValues.test.d.ts.map +1 -0
  69. package/dist/src/analyzeQuery/typeUtils.d.ts +9 -0
  70. package/dist/src/analyzeQuery/typeUtils.d.ts.map +1 -0
  71. package/dist/src/analyzeQuery/types.d.ts +54 -0
  72. package/dist/src/analyzeQuery/types.d.ts.map +1 -0
  73. package/dist/src/analyzeQuery/valueExtractors.d.ts +4 -0
  74. package/dist/src/analyzeQuery/valueExtractors.d.ts.map +1 -0
  75. package/dist/src/authentication/duration.d.ts +14 -0
  76. package/dist/src/authentication/duration.d.ts.map +1 -0
  77. package/dist/src/authentication/duration.test.d.ts +2 -0
  78. package/dist/src/authentication/duration.test.d.ts.map +1 -0
  79. package/dist/src/authentication/index.d.ts +4 -0
  80. package/dist/src/authentication/index.d.ts.map +1 -0
  81. package/dist/src/authentication/index.test.d.ts +2 -0
  82. package/dist/src/authentication/index.test.d.ts.map +1 -0
  83. package/dist/src/authentication/jwt.d.ts +10 -0
  84. package/dist/src/authentication/jwt.d.ts.map +1 -0
  85. package/dist/src/authentication/jwt.test.d.ts +2 -0
  86. package/dist/src/authentication/jwt.test.d.ts.map +1 -0
  87. package/dist/src/authentication/paseto.d.ts +7 -0
  88. package/dist/src/authentication/paseto.d.ts.map +1 -0
  89. package/dist/src/authentication/paseto.test.d.ts +2 -0
  90. package/dist/src/authentication/paseto.test.d.ts.map +1 -0
  91. package/dist/src/authentication/tokenRepository.d.ts +14 -0
  92. package/dist/src/authentication/tokenRepository.d.ts.map +1 -0
  93. package/dist/src/authentication/tokenRepository.test.d.ts +2 -0
  94. package/dist/src/authentication/tokenRepository.test.d.ts.map +1 -0
  95. package/dist/src/authentication/types.d.ts +42 -0
  96. package/dist/src/authentication/types.d.ts.map +1 -0
  97. package/dist/src/cli/seedAuth.d.ts +4 -0
  98. package/dist/src/cli/seedAuth.d.ts.map +1 -0
  99. package/dist/src/cli/seedAuth.test.d.ts +2 -0
  100. package/dist/src/cli/seedAuth.test.d.ts.map +1 -0
  101. package/dist/src/cli/seedAuthArgs.d.ts +9 -0
  102. package/dist/src/cli/seedAuthArgs.d.ts.map +1 -0
  103. package/dist/src/config/helpers/cronHelper.d.ts +21 -0
  104. package/dist/src/config/helpers/cronHelper.d.ts.map +1 -0
  105. package/dist/src/config/helpers/cronHelper.test.d.ts +2 -0
  106. package/dist/src/config/helpers/cronHelper.test.d.ts.map +1 -0
  107. package/dist/src/config/helpers/index.d.ts +4 -0
  108. package/dist/src/config/helpers/index.d.ts.map +1 -0
  109. package/dist/src/config/helpers/operationHelper.d.ts +44 -0
  110. package/dist/src/config/helpers/operationHelper.d.ts.map +1 -0
  111. package/dist/src/config/helpers/queueHelper.d.ts +20 -0
  112. package/dist/src/config/helpers/queueHelper.d.ts.map +1 -0
  113. package/dist/src/config/helpers/queueHelper.test.d.ts +2 -0
  114. package/dist/src/config/helpers/queueHelper.test.d.ts.map +1 -0
  115. package/dist/src/config/index.d.ts +236 -0
  116. package/dist/src/config/index.d.ts.map +1 -0
  117. package/dist/src/config/types/ai.d.ts +29 -0
  118. package/dist/src/config/types/ai.d.ts.map +1 -0
  119. package/dist/src/config/types/auth.d.ts +112 -0
  120. package/dist/src/config/types/auth.d.ts.map +1 -0
  121. package/dist/src/config/types/configuration.d.ts +61 -0
  122. package/dist/src/config/types/configuration.d.ts.map +1 -0
  123. package/dist/src/config/types/cron.d.ts +81 -0
  124. package/dist/src/config/types/cron.d.ts.map +1 -0
  125. package/dist/src/config/types/db.d.ts +210 -0
  126. package/dist/src/config/types/db.d.ts.map +1 -0
  127. package/dist/src/config/types/index.d.ts +17 -0
  128. package/dist/src/config/types/index.d.ts.map +1 -0
  129. package/dist/src/config/types/operation.d.ts +226 -0
  130. package/dist/src/config/types/operation.d.ts.map +1 -0
  131. package/dist/src/config/types/queue.d.ts +142 -0
  132. package/dist/src/config/types/queue.d.ts.map +1 -0
  133. package/dist/src/config/types/remote-rest.d.ts +18 -0
  134. package/dist/src/config/types/remote-rest.d.ts.map +1 -0
  135. package/dist/src/config/types/remote-schema.d.ts +27 -0
  136. package/dist/src/config/types/remote-schema.d.ts.map +1 -0
  137. package/dist/src/config/types/virtual-columns.d.ts +89 -0
  138. package/dist/src/config/types/virtual-columns.d.ts.map +1 -0
  139. package/dist/src/config/types/virtual-columns.test.d.ts +2 -0
  140. package/dist/src/config/types/virtual-columns.test.d.ts.map +1 -0
  141. package/dist/src/configuration/getSchemas/index.d.ts +867 -0
  142. package/dist/src/configuration/getSchemas/index.d.ts.map +1 -0
  143. package/dist/src/configuration/getSchemas/mergeEntities/index.d.ts +412 -0
  144. package/dist/src/configuration/getSchemas/mergeEntities/index.d.ts.map +1 -0
  145. package/dist/src/configuration/getSchemas/type-definition-generator/index.d.ts +16 -0
  146. package/dist/src/configuration/getSchemas/type-definition-generator/index.d.ts.map +1 -0
  147. package/dist/src/configuration/getSchemas/type-definition-generator/index.test.d.ts +2 -0
  148. package/dist/src/configuration/getSchemas/type-definition-generator/index.test.d.ts.map +1 -0
  149. package/dist/src/configuration/gql/buildExecute.d.ts +31 -0
  150. package/dist/src/configuration/gql/buildExecute.d.ts.map +1 -0
  151. package/dist/src/configuration/gql/buildExecute.test.d.ts +2 -0
  152. package/dist/src/configuration/gql/buildExecute.test.d.ts.map +1 -0
  153. package/dist/src/configuration/gql/gqlAuthOperations.d.ts +9 -0
  154. package/dist/src/configuration/gql/gqlAuthOperations.d.ts.map +1 -0
  155. package/dist/src/configuration/gql/gqlAuthOperations.test.d.ts +2 -0
  156. package/dist/src/configuration/gql/gqlAuthOperations.test.d.ts.map +1 -0
  157. package/dist/src/configuration/gql/handleGraphQLRequestFactory.d.ts +28 -0
  158. package/dist/src/configuration/gql/handleGraphQLRequestFactory.d.ts.map +1 -0
  159. package/dist/src/configuration/gql/handleGraphQLRequestFactory.test.d.ts +2 -0
  160. package/dist/src/configuration/gql/handleGraphQLRequestFactory.test.d.ts.map +1 -0
  161. package/dist/src/configuration/gql/handleGraphQLSubscriptionFactory.d.ts +19 -0
  162. package/dist/src/configuration/gql/handleGraphQLSubscriptionFactory.d.ts.map +1 -0
  163. package/dist/src/configuration/index.d.ts +719 -0
  164. package/dist/src/configuration/index.d.ts.map +1 -0
  165. package/dist/src/configuration/rest/generateOpenAPI.d.ts +19 -0
  166. package/dist/src/configuration/rest/generateOpenAPI.d.ts.map +1 -0
  167. package/dist/src/configuration/rest/handleRESTRequestFactory.d.ts +12 -0
  168. package/dist/src/configuration/rest/handleRESTRequestFactory.d.ts.map +1 -0
  169. package/dist/src/configuration/rest/handleRESTRequestFactory.test.d.ts +2 -0
  170. package/dist/src/configuration/rest/handleRESTRequestFactory.test.d.ts.map +1 -0
  171. package/dist/src/configuration/rest/index.d.ts +20 -0
  172. package/dist/src/configuration/rest/index.d.ts.map +1 -0
  173. package/dist/src/configuration/rest/openApiErrors.d.ts +71 -0
  174. package/dist/src/configuration/rest/openApiErrors.d.ts.map +1 -0
  175. package/dist/src/console/App.d.ts +3 -0
  176. package/dist/src/console/App.d.ts.map +1 -0
  177. package/dist/src/console/Login.d.ts +6 -0
  178. package/dist/src/console/Login.d.ts.map +1 -0
  179. package/dist/src/console/api.d.ts +17 -0
  180. package/dist/src/console/api.d.ts.map +1 -0
  181. package/dist/src/console/api.test.d.ts +2 -0
  182. package/dist/src/console/api.test.d.ts.map +1 -0
  183. package/dist/src/console/client.d.ts +67 -0
  184. package/dist/src/console/client.d.ts.map +1 -0
  185. package/dist/src/console/frontend.d.ts +8 -0
  186. package/dist/src/console/frontend.d.ts.map +1 -0
  187. package/dist/src/console/pages/ConfigPage.d.ts +2 -0
  188. package/dist/src/console/pages/ConfigPage.d.ts.map +1 -0
  189. package/dist/src/console/pages/RolesPage.d.ts +2 -0
  190. package/dist/src/console/pages/RolesPage.d.ts.map +1 -0
  191. package/dist/src/console/pages/StatusPage.d.ts +2 -0
  192. package/dist/src/console/pages/StatusPage.d.ts.map +1 -0
  193. package/dist/src/console/pages/TablesPage.d.ts +2 -0
  194. package/dist/src/console/pages/TablesPage.d.ts.map +1 -0
  195. package/dist/src/console/useApi.d.ts +8 -0
  196. package/dist/src/console/useApi.d.ts.map +1 -0
  197. package/dist/src/cron/index.d.ts +63 -0
  198. package/dist/src/cron/index.d.ts.map +1 -0
  199. package/dist/src/databases/auth/auth-operations.d.ts +11 -0
  200. package/dist/src/databases/auth/auth-operations.d.ts.map +1 -0
  201. package/dist/src/databases/auth/password.d.ts +3 -0
  202. package/dist/src/databases/auth/password.d.ts.map +1 -0
  203. package/dist/src/databases/auth/password.test.d.ts +2 -0
  204. package/dist/src/databases/auth/password.test.d.ts.map +1 -0
  205. package/dist/src/databases/common.d.ts +53 -0
  206. package/dist/src/databases/common.d.ts.map +1 -0
  207. package/dist/src/databases/common.test.d.ts +2 -0
  208. package/dist/src/databases/common.test.d.ts.map +1 -0
  209. package/dist/src/databases/core/executor.d.ts +10 -0
  210. package/dist/src/databases/core/executor.d.ts.map +1 -0
  211. package/dist/src/databases/core/executor.test.d.ts +2 -0
  212. package/dist/src/databases/core/executor.test.d.ts.map +1 -0
  213. package/dist/src/databases/core/function-mapping.d.ts +38 -0
  214. package/dist/src/databases/core/function-mapping.d.ts.map +1 -0
  215. package/dist/src/databases/core/identifier.d.ts +2 -0
  216. package/dist/src/databases/core/identifier.d.ts.map +1 -0
  217. package/dist/src/databases/core/identifier.test.d.ts +2 -0
  218. package/dist/src/databases/core/identifier.test.d.ts.map +1 -0
  219. package/dist/src/databases/core/query-builder.d.ts +64 -0
  220. package/dist/src/databases/core/query-builder.d.ts.map +1 -0
  221. package/dist/src/databases/core/query-builder.test.d.ts +2 -0
  222. package/dist/src/databases/core/query-builder.test.d.ts.map +1 -0
  223. package/dist/src/databases/directives.d.ts +16 -0
  224. package/dist/src/databases/directives.d.ts.map +1 -0
  225. package/dist/src/databases/directives.test.d.ts +2 -0
  226. package/dist/src/databases/directives.test.d.ts.map +1 -0
  227. package/dist/src/databases/engines/mssql/auth.d.ts +9 -0
  228. package/dist/src/databases/engines/mssql/auth.d.ts.map +1 -0
  229. package/dist/src/databases/engines/mssql/auth.test.d.ts +2 -0
  230. package/dist/src/databases/engines/mssql/auth.test.d.ts.map +1 -0
  231. package/dist/src/databases/engines/mssql/connection.d.ts +14 -0
  232. package/dist/src/databases/engines/mssql/connection.d.ts.map +1 -0
  233. package/dist/src/databases/engines/mssql/format.d.ts +5 -0
  234. package/dist/src/databases/engines/mssql/format.d.ts.map +1 -0
  235. package/dist/src/databases/engines/mssql/getStructure.d.ts +48 -0
  236. package/dist/src/databases/engines/mssql/getStructure.d.ts.map +1 -0
  237. package/dist/src/databases/engines/mssql/getViews.d.ts +7 -0
  238. package/dist/src/databases/engines/mssql/getViews.d.ts.map +1 -0
  239. package/dist/src/databases/engines/mssql/query/index.d.ts +7 -0
  240. package/dist/src/databases/engines/mssql/query/index.d.ts.map +1 -0
  241. package/dist/src/databases/engines/mssql/query/index.test.d.ts +2 -0
  242. package/dist/src/databases/engines/mssql/query/index.test.d.ts.map +1 -0
  243. package/dist/src/databases/engines/mysql/auth.d.ts +9 -0
  244. package/dist/src/databases/engines/mysql/auth.d.ts.map +1 -0
  245. package/dist/src/databases/engines/mysql/auth.test.d.ts +2 -0
  246. package/dist/src/databases/engines/mysql/auth.test.d.ts.map +1 -0
  247. package/dist/src/databases/engines/mysql/connection.d.ts +14 -0
  248. package/dist/src/databases/engines/mysql/connection.d.ts.map +1 -0
  249. package/dist/src/databases/engines/mysql/format.d.ts +5 -0
  250. package/dist/src/databases/engines/mysql/format.d.ts.map +1 -0
  251. package/dist/src/databases/engines/mysql/getStructure.d.ts +48 -0
  252. package/dist/src/databases/engines/mysql/getStructure.d.ts.map +1 -0
  253. package/dist/src/databases/engines/mysql/getViews.d.ts +7 -0
  254. package/dist/src/databases/engines/mysql/getViews.d.ts.map +1 -0
  255. package/dist/src/databases/engines/mysql/query/index.d.ts +7 -0
  256. package/dist/src/databases/engines/mysql/query/index.d.ts.map +1 -0
  257. package/dist/src/databases/engines/mysql/query/index.test.d.ts +2 -0
  258. package/dist/src/databases/engines/mysql/query/index.test.d.ts.map +1 -0
  259. package/dist/src/databases/engines/postgresql/auth.d.ts +9 -0
  260. package/dist/src/databases/engines/postgresql/auth.d.ts.map +1 -0
  261. package/dist/src/databases/engines/postgresql/auth.test.d.ts +2 -0
  262. package/dist/src/databases/engines/postgresql/auth.test.d.ts.map +1 -0
  263. package/dist/src/databases/engines/postgresql/connection.d.ts +14 -0
  264. package/dist/src/databases/engines/postgresql/connection.d.ts.map +1 -0
  265. package/dist/src/databases/engines/postgresql/format.d.ts +5 -0
  266. package/dist/src/databases/engines/postgresql/format.d.ts.map +1 -0
  267. package/dist/src/databases/engines/postgresql/getStructure.d.ts +48 -0
  268. package/dist/src/databases/engines/postgresql/getStructure.d.ts.map +1 -0
  269. package/dist/src/databases/engines/postgresql/getViews.d.ts +7 -0
  270. package/dist/src/databases/engines/postgresql/getViews.d.ts.map +1 -0
  271. package/dist/src/databases/engines/postgresql/query/index.d.ts +7 -0
  272. package/dist/src/databases/engines/postgresql/query/index.d.ts.map +1 -0
  273. package/dist/src/databases/engines/postgresql/query/index.test.d.ts +2 -0
  274. package/dist/src/databases/engines/postgresql/query/index.test.d.ts.map +1 -0
  275. package/dist/src/databases/engines/shared/claims.d.ts +2 -0
  276. package/dist/src/databases/engines/shared/claims.d.ts.map +1 -0
  277. package/dist/src/databases/engines/shared/types.d.ts +8 -0
  278. package/dist/src/databases/engines/shared/types.d.ts.map +1 -0
  279. package/dist/src/databases/high-level-operations.d.ts +146 -0
  280. package/dist/src/databases/high-level-operations.d.ts.map +1 -0
  281. package/dist/src/databases/high-level-operations.test.d.ts +2 -0
  282. package/dist/src/databases/high-level-operations.test.d.ts.map +1 -0
  283. package/dist/src/databases/index.d.ts +8 -0
  284. package/dist/src/databases/index.d.ts.map +1 -0
  285. package/dist/src/databases/metadata/structure.d.ts +56 -0
  286. package/dist/src/databases/metadata/structure.d.ts.map +1 -0
  287. package/dist/src/databases/schemaBuilder/convert.d.ts +2 -0
  288. package/dist/src/databases/schemaBuilder/convert.d.ts.map +1 -0
  289. package/dist/src/databases/schemaBuilder/generateCreateTable/index.d.ts +15 -0
  290. package/dist/src/databases/schemaBuilder/generateCreateTable/index.d.ts.map +1 -0
  291. package/dist/src/databases/schemaBuilder/generateCreateTable/index.test.d.ts +2 -0
  292. package/dist/src/databases/schemaBuilder/generateCreateTable/index.test.d.ts.map +1 -0
  293. package/dist/src/databases/schemaBuilder/generateCreateView/index.d.ts +18 -0
  294. package/dist/src/databases/schemaBuilder/generateCreateView/index.d.ts.map +1 -0
  295. package/dist/src/databases/schemaBuilder/generateInsert/index.d.ts +8 -0
  296. package/dist/src/databases/schemaBuilder/generateInsert/index.d.ts.map +1 -0
  297. package/dist/src/databases/schemaBuilder/generateInsert/index.test.d.ts +2 -0
  298. package/dist/src/databases/schemaBuilder/generateInsert/index.test.d.ts.map +1 -0
  299. package/dist/src/databases/schemaBuilder/generateSchemaCreation/index.d.ts +7 -0
  300. package/dist/src/databases/schemaBuilder/generateSchemaCreation/index.d.ts.map +1 -0
  301. package/dist/src/databases/schemaBuilder/generateSchemaCreation/index.test.d.ts +2 -0
  302. package/dist/src/databases/schemaBuilder/generateSchemaCreation/index.test.d.ts.map +1 -0
  303. package/dist/src/databases/schemaBuilder/mssqlToPostgres/convertView.d.ts +2 -0
  304. package/dist/src/databases/schemaBuilder/mssqlToPostgres/convertView.d.ts.map +1 -0
  305. package/dist/src/databases/schemaBuilder/utils.d.ts +8 -0
  306. package/dist/src/databases/schemaBuilder/utils.d.ts.map +1 -0
  307. package/dist/src/databases/sqlTypeUtils.d.ts +24 -0
  308. package/dist/src/databases/sqlTypeUtils.d.ts.map +1 -0
  309. package/dist/src/databases/sqlTypeUtils.test.d.ts +2 -0
  310. package/dist/src/databases/sqlTypeUtils.test.d.ts.map +1 -0
  311. package/dist/src/databases/transformers/data-transformers.d.ts +215 -0
  312. package/dist/src/databases/transformers/data-transformers.d.ts.map +1 -0
  313. package/dist/src/databases/transformers/data-transformers.test.d.ts +2 -0
  314. package/dist/src/databases/transformers/data-transformers.test.d.ts.map +1 -0
  315. package/dist/src/databases/transformers/genResolverName.d.ts +2 -0
  316. package/dist/src/databases/transformers/genResolverName.d.ts.map +1 -0
  317. package/dist/src/databases/transformers/genResolverName.test.d.ts +2 -0
  318. package/dist/src/databases/transformers/genResolverName.test.d.ts.map +1 -0
  319. package/dist/src/index.d.ts +139 -0
  320. package/dist/src/index.d.ts.map +1 -0
  321. package/dist/src/logging/index.d.ts +21 -0
  322. package/dist/src/logging/index.d.ts.map +1 -0
  323. package/dist/src/queues/kafka.d.ts +22 -0
  324. package/dist/src/queues/kafka.d.ts.map +1 -0
  325. package/dist/src/queues/rabbitmq.d.ts +34 -0
  326. package/dist/src/queues/rabbitmq.d.ts.map +1 -0
  327. package/dist/src/queues/rabbitmq.test.d.ts +2 -0
  328. package/dist/src/queues/rabbitmq.test.d.ts.map +1 -0
  329. package/dist/src/remoteREST/index.d.ts +13 -0
  330. package/dist/src/remoteREST/index.d.ts.map +1 -0
  331. package/dist/src/remoteREST/parse.d.ts +8 -0
  332. package/dist/src/remoteREST/parse.d.ts.map +1 -0
  333. package/dist/src/remoteREST/parse.test.d.ts +2 -0
  334. package/dist/src/remoteREST/parse.test.d.ts.map +1 -0
  335. package/dist/src/remoteREST/proxy.d.ts +6 -0
  336. package/dist/src/remoteREST/proxy.d.ts.map +1 -0
  337. package/dist/src/remoteREST/proxy.test.d.ts +2 -0
  338. package/dist/src/remoteREST/proxy.test.d.ts.map +1 -0
  339. package/dist/src/remoteREST/transform.d.ts +8 -0
  340. package/dist/src/remoteREST/transform.d.ts.map +1 -0
  341. package/dist/src/remoteREST/transform.test.d.ts +2 -0
  342. package/dist/src/remoteREST/transform.test.d.ts.map +1 -0
  343. package/dist/src/remoteREST/types.d.ts +37 -0
  344. package/dist/src/remoteREST/types.d.ts.map +1 -0
  345. package/dist/src/remoteSchemas/index.d.ts +13 -0
  346. package/dist/src/remoteSchemas/index.d.ts.map +1 -0
  347. package/dist/src/remoteSchemas/introspect.d.ts +7 -0
  348. package/dist/src/remoteSchemas/introspect.d.ts.map +1 -0
  349. package/dist/src/remoteSchemas/introspect.test.d.ts +2 -0
  350. package/dist/src/remoteSchemas/introspect.test.d.ts.map +1 -0
  351. package/dist/src/remoteSchemas/proxy.d.ts +7 -0
  352. package/dist/src/remoteSchemas/proxy.d.ts.map +1 -0
  353. package/dist/src/remoteSchemas/proxy.test.d.ts +2 -0
  354. package/dist/src/remoteSchemas/proxy.test.d.ts.map +1 -0
  355. package/dist/src/remoteSchemas/transform.d.ts +9 -0
  356. package/dist/src/remoteSchemas/transform.d.ts.map +1 -0
  357. package/dist/src/remoteSchemas/transform.test.d.ts +2 -0
  358. package/dist/src/remoteSchemas/transform.test.d.ts.map +1 -0
  359. package/dist/src/remoteSchemas/types.d.ts +41 -0
  360. package/dist/src/remoteSchemas/types.d.ts.map +1 -0
  361. package/dist/src/singletons/ai.d.ts +25 -0
  362. package/dist/src/singletons/ai.d.ts.map +1 -0
  363. package/dist/src/singletons/ai.test.d.ts +2 -0
  364. package/dist/src/singletons/ai.test.d.ts.map +1 -0
  365. package/dist/src/singletons/authentication.d.ts +4 -0
  366. package/dist/src/singletons/authentication.d.ts.map +1 -0
  367. package/dist/src/singletons/cache/index.d.ts +5 -0
  368. package/dist/src/singletons/cache/index.d.ts.map +1 -0
  369. package/dist/src/singletons/cache/lruCacheStore.d.ts +12 -0
  370. package/dist/src/singletons/cache/lruCacheStore.d.ts.map +1 -0
  371. package/dist/src/singletons/cache/lruCacheStore.test.d.ts +2 -0
  372. package/dist/src/singletons/cache/lruCacheStore.test.d.ts.map +1 -0
  373. package/dist/src/singletons/cache/redisCacheStore.d.ts +16 -0
  374. package/dist/src/singletons/cache/redisCacheStore.d.ts.map +1 -0
  375. package/dist/src/singletons/cache/redisClient.d.ts +3 -0
  376. package/dist/src/singletons/cache/redisClient.d.ts.map +1 -0
  377. package/dist/src/singletons/cache/registry.d.ts +7 -0
  378. package/dist/src/singletons/cache/registry.d.ts.map +1 -0
  379. package/dist/src/singletons/cache/registry.test.d.ts +2 -0
  380. package/dist/src/singletons/cache/registry.test.d.ts.map +1 -0
  381. package/dist/src/singletons/cache/types.d.ts +8 -0
  382. package/dist/src/singletons/cache/types.d.ts.map +1 -0
  383. package/dist/src/singletons/cron.d.ts +69 -0
  384. package/dist/src/singletons/cron.d.ts.map +1 -0
  385. package/dist/src/singletons/databases.d.ts +27 -0
  386. package/dist/src/singletons/databases.d.ts.map +1 -0
  387. package/dist/src/singletons/databases.test.d.ts +2 -0
  388. package/dist/src/singletons/databases.test.d.ts.map +1 -0
  389. package/dist/src/singletons/env.d.ts +494 -0
  390. package/dist/src/singletons/env.d.ts.map +1 -0
  391. package/dist/src/singletons/queues.d.ts +17 -0
  392. package/dist/src/singletons/queues.d.ts.map +1 -0
  393. package/dist/src/subscriptions/index.d.ts +4 -0
  394. package/dist/src/subscriptions/index.d.ts.map +1 -0
  395. package/dist/src/subscriptions/strategies/database.d.ts +12 -0
  396. package/dist/src/subscriptions/strategies/database.d.ts.map +1 -0
  397. package/dist/src/subscriptions/strategies/index.d.ts +12 -0
  398. package/dist/src/subscriptions/strategies/index.d.ts.map +1 -0
  399. package/dist/src/subscriptions/strategies/queue.d.ts +11 -0
  400. package/dist/src/subscriptions/strategies/queue.d.ts.map +1 -0
  401. package/dist/src/subscriptions/types.d.ts +67 -0
  402. package/dist/src/subscriptions/types.d.ts.map +1 -0
  403. package/dist/src/subscriptions/utils/polling.d.ts +17 -0
  404. package/dist/src/subscriptions/utils/polling.d.ts.map +1 -0
  405. package/dist/src/types/common.d.ts +44 -0
  406. package/dist/src/types/common.d.ts.map +1 -0
  407. package/dist/src/types/configuration.d.ts +28 -0
  408. package/dist/src/types/configuration.d.ts.map +1 -0
  409. package/dist/src/types/db.d.ts +43 -0
  410. package/dist/src/types/db.d.ts.map +1 -0
  411. package/dist/src/types/env.d.ts +2302 -0
  412. package/dist/src/types/env.d.ts.map +1 -0
  413. package/dist/src/types/env.test.d.ts +2 -0
  414. package/dist/src/types/env.test.d.ts.map +1 -0
  415. package/dist/src/types/resolver.d.ts +121 -0
  416. package/dist/src/types/resolver.d.ts.map +1 -0
  417. package/dist/src/types/zod/ai.d.ts +6 -0
  418. package/dist/src/types/zod/ai.d.ts.map +1 -0
  419. package/dist/src/types/zod/auth.d.ts +76 -0
  420. package/dist/src/types/zod/auth.d.ts.map +1 -0
  421. package/dist/src/types/zod/configuration.d.ts +1278 -0
  422. package/dist/src/types/zod/configuration.d.ts.map +1 -0
  423. package/dist/src/types/zod/configuration.test.d.ts +2 -0
  424. package/dist/src/types/zod/configuration.test.d.ts.map +1 -0
  425. package/dist/src/types/zod/cron.d.ts +32 -0
  426. package/dist/src/types/zod/cron.d.ts.map +1 -0
  427. package/dist/src/types/zod/db.d.ts +441 -0
  428. package/dist/src/types/zod/db.d.ts.map +1 -0
  429. package/dist/src/types/zod/db.test.d.ts +2 -0
  430. package/dist/src/types/zod/db.test.d.ts.map +1 -0
  431. package/dist/src/types/zod/mcp.d.ts +6 -0
  432. package/dist/src/types/zod/mcp.d.ts.map +1 -0
  433. package/dist/src/types/zod/operation.d.ts +9 -0
  434. package/dist/src/types/zod/operation.d.ts.map +1 -0
  435. package/dist/src/types/zod/queue.d.ts +656 -0
  436. package/dist/src/types/zod/queue.d.ts.map +1 -0
  437. package/dist/src/types/zod/queue.test.d.ts +2 -0
  438. package/dist/src/types/zod/queue.test.d.ts.map +1 -0
  439. package/dist/src/types/zod/remoteREST.d.ts +6 -0
  440. package/dist/src/types/zod/remoteREST.d.ts.map +1 -0
  441. package/dist/src/types/zod/remoteSchema.d.ts +6 -0
  442. package/dist/src/types/zod/remoteSchema.d.ts.map +1 -0
  443. package/dist/src/utils/benchmark.d.ts +2 -0
  444. package/dist/src/utils/benchmark.d.ts.map +1 -0
  445. package/dist/src/utils/event-emitter.d.ts +19 -0
  446. package/dist/src/utils/event-emitter.d.ts.map +1 -0
  447. package/dist/src/utils/responses.d.ts +19 -0
  448. package/dist/src/utils/responses.d.ts.map +1 -0
  449. package/dist/src/utils/responses.test.d.ts +2 -0
  450. package/dist/src/utils/responses.test.d.ts.map +1 -0
  451. package/dist/src/utils/safeJSONParse.d.ts +2 -0
  452. package/dist/src/utils/safeJSONParse.d.ts.map +1 -0
  453. package/dist/src/utils/selection.d.ts +3 -0
  454. package/dist/src/utils/selection.d.ts.map +1 -0
  455. package/dist/src/utils/selection.test.d.ts +2 -0
  456. package/dist/src/utils/selection.test.d.ts.map +1 -0
  457. package/dist/src/utils/sessionVariables.d.ts +47 -0
  458. package/dist/src/utils/sessionVariables.d.ts.map +1 -0
  459. package/dist/src/utils/sessionVariables.test.d.ts +2 -0
  460. package/dist/src/utils/sessionVariables.test.d.ts.map +1 -0
  461. package/dist/src/utils/writeSchema.d.ts +3 -0
  462. package/dist/src/utils/writeSchema.d.ts.map +1 -0
  463. package/dist/standalone.d.ts +3 -0
  464. package/dist/standalone.d.ts.map +1 -0
  465. package/dist/tsconfig.tsbuildinfo +1 -0
  466. package/package.json +119 -0
  467. package/playgrounds/console/index.html +25 -0
  468. package/playgrounds/graphiql/index.html +1144 -0
  469. package/playgrounds/scalar/index.html +19 -0
  470. package/src/ai/agent/agent.ts +222 -0
  471. package/src/ai/agent/index.ts +2 -0
  472. package/src/ai/agent/providers/anthropic.ts +113 -0
  473. package/src/ai/agent/providers/index.ts +62 -0
  474. package/src/ai/agent/providers/ollama.ts +128 -0
  475. package/src/ai/agent/providers/openai.ts +100 -0
  476. package/src/ai/agent/types.ts +65 -0
  477. package/src/ai/index.ts +8 -0
  478. package/src/ai/mcp/create-server.ts +444 -0
  479. package/src/ai/mcp/index.ts +80 -0
  480. package/src/ai/mcp/instructions.ts +103 -0
  481. package/src/ai/tools/agent.ts +111 -0
  482. package/src/ai/tools/core.ts +486 -0
  483. package/src/ai/tools/query-data.ts +109 -0
  484. package/src/analyzeQuery/analyzers/fragmentAnalyzer.ts +29 -0
  485. package/src/analyzeQuery/analyzers/operationAnalyzer.ts +50 -0
  486. package/src/analyzeQuery/analyzers/selectionAnalyzer.ts +135 -0
  487. package/src/analyzeQuery/analyzers/variableAnalyzer.ts +17 -0
  488. package/src/analyzeQuery/depthLimit.ts +124 -0
  489. package/src/analyzeQuery/directiveUtils.ts +99 -0
  490. package/src/analyzeQuery/index.ts +66 -0
  491. package/src/analyzeQuery/resolveVariables.ts +394 -0
  492. package/src/analyzeQuery/typeUtils.ts +47 -0
  493. package/src/analyzeQuery/types.ts +57 -0
  494. package/src/analyzeQuery/valueExtractors.ts +96 -0
  495. package/src/authentication/duration.ts +50 -0
  496. package/src/authentication/index.ts +34 -0
  497. package/src/authentication/jwt.ts +220 -0
  498. package/src/authentication/paseto.ts +256 -0
  499. package/src/authentication/tokenRepository.ts +75 -0
  500. package/src/authentication/types.ts +78 -0
  501. package/src/cli/seedAuth.ts +51 -0
  502. package/src/cli/seedAuthArgs.ts +50 -0
  503. package/src/config/helpers/cronHelper.ts +29 -0
  504. package/src/config/helpers/index.ts +8 -0
  505. package/src/config/helpers/operationHelper.ts +146 -0
  506. package/src/config/helpers/queueHelper.ts +27 -0
  507. package/src/config/index.ts +315 -0
  508. package/src/config/types/ai.ts +35 -0
  509. package/src/config/types/auth.ts +147 -0
  510. package/src/config/types/configuration.ts +69 -0
  511. package/src/config/types/cron.ts +140 -0
  512. package/src/config/types/db.ts +256 -0
  513. package/src/config/types/index.ts +129 -0
  514. package/src/config/types/operation.ts +253 -0
  515. package/src/config/types/queue.ts +172 -0
  516. package/src/config/types/remote-rest.ts +28 -0
  517. package/src/config/types/remote-schema.ts +39 -0
  518. package/src/config/types/virtual-columns.ts +157 -0
  519. package/src/configuration/getSchemas/index.ts +82 -0
  520. package/src/configuration/getSchemas/mergeEntities/index.ts +221 -0
  521. package/src/configuration/getSchemas/type-definition-generator/index.ts +511 -0
  522. package/src/configuration/gql/buildExecute.ts +54 -0
  523. package/src/configuration/gql/gqlAuthOperations.ts +150 -0
  524. package/src/configuration/gql/handleGraphQLRequestFactory.ts +415 -0
  525. package/src/configuration/gql/handleGraphQLSubscriptionFactory.ts +249 -0
  526. package/src/configuration/index.ts +138 -0
  527. package/src/configuration/rest/generateOpenAPI.ts +361 -0
  528. package/src/configuration/rest/handleRESTRequestFactory.ts +335 -0
  529. package/src/configuration/rest/index.ts +167 -0
  530. package/src/configuration/rest/openApiErrors.ts +106 -0
  531. package/src/console/api.ts +270 -0
  532. package/src/cron/index.ts +251 -0
  533. package/src/databases/auth/auth-operations.ts +36 -0
  534. package/src/databases/auth/password.ts +4 -0
  535. package/src/databases/common.ts +642 -0
  536. package/src/databases/core/executor.ts +97 -0
  537. package/src/databases/core/function-mapping.ts +176 -0
  538. package/src/databases/core/identifier.ts +8 -0
  539. package/src/databases/core/query-builder.ts +47 -0
  540. package/src/databases/directives.ts +112 -0
  541. package/src/databases/engines/mssql/auth.ts +112 -0
  542. package/src/databases/engines/mssql/connection.ts +151 -0
  543. package/src/databases/engines/mssql/format.ts +23 -0
  544. package/src/databases/engines/mssql/getStructure.ts +112 -0
  545. package/src/databases/engines/mssql/getViews.ts +17 -0
  546. package/src/databases/engines/mssql/query/index.ts +306 -0
  547. package/src/databases/engines/mysql/auth.ts +100 -0
  548. package/src/databases/engines/mysql/connection.ts +100 -0
  549. package/src/databases/engines/mysql/format.ts +23 -0
  550. package/src/databases/engines/mysql/getStructure.ts +116 -0
  551. package/src/databases/engines/mysql/getViews.ts +20 -0
  552. package/src/databases/engines/mysql/query/index.ts +291 -0
  553. package/src/databases/engines/postgresql/auth.ts +98 -0
  554. package/src/databases/engines/postgresql/connection.ts +99 -0
  555. package/src/databases/engines/postgresql/format.ts +23 -0
  556. package/src/databases/engines/postgresql/getStructure.ts +149 -0
  557. package/src/databases/engines/postgresql/getViews.ts +20 -0
  558. package/src/databases/engines/postgresql/query/index.ts +291 -0
  559. package/src/databases/engines/shared/claims.ts +26 -0
  560. package/src/databases/engines/shared/types.ts +7 -0
  561. package/src/databases/high-level-operations.ts +272 -0
  562. package/src/databases/index.ts +28 -0
  563. package/src/databases/metadata/structure.ts +12 -0
  564. package/src/databases/schemaBuilder/convert.ts +121 -0
  565. package/src/databases/schemaBuilder/generateCreateTable/index.ts +133 -0
  566. package/src/databases/schemaBuilder/generateCreateView/index.ts +101 -0
  567. package/src/databases/schemaBuilder/generateInsert/index.ts +47 -0
  568. package/src/databases/schemaBuilder/generateSchemaCreation/index.ts +29 -0
  569. package/src/databases/schemaBuilder/mssqlToPostgres/convertView.ts +47 -0
  570. package/src/databases/schemaBuilder/utils.ts +17 -0
  571. package/src/databases/sqlTypeUtils.ts +91 -0
  572. package/src/databases/transformers/data-transformers.ts +128 -0
  573. package/src/databases/transformers/genResolverName.ts +18 -0
  574. package/src/index.ts +461 -0
  575. package/src/logging/index.ts +69 -0
  576. package/src/queues/kafka.ts +409 -0
  577. package/src/queues/rabbitmq.ts +331 -0
  578. package/src/remoteREST/index.ts +46 -0
  579. package/src/remoteREST/parse.ts +68 -0
  580. package/src/remoteREST/proxy.ts +92 -0
  581. package/src/remoteREST/transform.ts +121 -0
  582. package/src/remoteREST/types.ts +38 -0
  583. package/src/remoteSchemas/index.ts +48 -0
  584. package/src/remoteSchemas/introspect.ts +44 -0
  585. package/src/remoteSchemas/proxy.ts +146 -0
  586. package/src/remoteSchemas/transform.ts +210 -0
  587. package/src/remoteSchemas/types.ts +43 -0
  588. package/src/singletons/ai.ts +91 -0
  589. package/src/singletons/authentication.ts +13 -0
  590. package/src/singletons/cache/index.ts +4 -0
  591. package/src/singletons/cache/lruCacheStore.ts +34 -0
  592. package/src/singletons/cache/redisCacheStore.ts +81 -0
  593. package/src/singletons/cache/redisClient.ts +12 -0
  594. package/src/singletons/cache/registry.ts +51 -0
  595. package/src/singletons/cache/types.ts +7 -0
  596. package/src/singletons/cron.ts +21 -0
  597. package/src/singletons/databases.ts +68 -0
  598. package/src/singletons/env.ts +3 -0
  599. package/src/singletons/queues.ts +101 -0
  600. package/src/subscriptions/index.ts +20 -0
  601. package/src/subscriptions/strategies/database.ts +68 -0
  602. package/src/subscriptions/strategies/index.ts +38 -0
  603. package/src/subscriptions/strategies/queue.ts +61 -0
  604. package/src/subscriptions/types.ts +74 -0
  605. package/src/subscriptions/utils/polling.ts +119 -0
  606. package/src/types/common.ts +57 -0
  607. package/src/types/configuration.ts +52 -0
  608. package/src/types/db.ts +87 -0
  609. package/src/types/env.ts +137 -0
  610. package/src/types/resolver.ts +181 -0
  611. package/src/types/zod/ai.ts +8 -0
  612. package/src/types/zod/auth.ts +96 -0
  613. package/src/types/zod/configuration.ts +46 -0
  614. package/src/types/zod/cron.ts +35 -0
  615. package/src/types/zod/db.ts +146 -0
  616. package/src/types/zod/mcp.ts +8 -0
  617. package/src/types/zod/operation.ts +37 -0
  618. package/src/types/zod/queue.ts +182 -0
  619. package/src/types/zod/remoteREST.ts +8 -0
  620. package/src/types/zod/remoteSchema.ts +11 -0
  621. package/src/utils/benchmark.ts +13 -0
  622. package/src/utils/event-emitter.ts +217 -0
  623. package/src/utils/responses.ts +42 -0
  624. package/src/utils/safeJSONParse.ts +10 -0
  625. package/src/utils/selection.ts +35 -0
  626. package/src/utils/sessionVariables.ts +131 -0
  627. package/src/utils/writeSchema.ts +13 -0
  628. package/standalone.ts +32 -0
@@ -0,0 +1,220 @@
1
+ import { timingSafeEqual } from "crypto";
2
+
3
+ import { SignJWT, jwtVerify } from "jose";
4
+
5
+ import type { JWTPayload } from "jose";
6
+ import type { Env } from "../types/env";
7
+ import type { SessionContext } from "../utils/sessionVariables";
8
+ import type { TokenRepository } from "./tokenRepository";
9
+ import type { TokenGenerationParameters, TokenOptions, TokenResponse, TokenService } from "./types";
10
+
11
+ import { parseDurationToSeconds } from "./duration";
12
+ import { createTokenRepository } from "./tokenRepository";
13
+ import { logger } from "../logging";
14
+
15
+ // Audience constants to distinguish token types
16
+ const ACCESS_TOKEN_AUDIENCE = "access";
17
+ const REFRESH_TOKEN_AUDIENCE = "refresh";
18
+
19
+ // Timing-safe string comparison to prevent timing attacks
20
+ const safeCompare = (a: string, b: string): boolean => {
21
+ try {
22
+ const bufA = Buffer.from(a);
23
+ const bufB = Buffer.from(b);
24
+ if (bufA.length !== bufB.length) return false;
25
+ return timingSafeEqual(bufA, bufB);
26
+ } catch {
27
+ return false;
28
+ }
29
+ };
30
+
31
+ export type { TokenGenerationParameters, TokenOptions, TokenResponse };
32
+
33
+ export type JWTTokenPayload = JWTPayload &
34
+ TokenGenerationParameters & {
35
+ jti: string;
36
+ };
37
+
38
+ const ALGORITHM = "HS256";
39
+ const TYP = "JWT";
40
+
41
+ export const createJWTService = (
42
+ env: Env,
43
+ tokenRepositoryOverride?: TokenRepository,
44
+ ): TokenService => {
45
+ const tokenRepository = tokenRepositoryOverride ?? createTokenRepository(env.cache.redisUrl);
46
+ const jwtSecret = new TextEncoder().encode(env.jwt.secret);
47
+
48
+ const createToken = async (
49
+ payload: TokenGenerationParameters,
50
+ options: TokenOptions = {},
51
+ ): Promise<string> => {
52
+ try {
53
+ const jwt = new SignJWT({ ...payload })
54
+ .setProtectedHeader({ alg: ALGORITHM, typ: TYP })
55
+ .setIssuedAt()
56
+ .setSubject(payload.sub)
57
+ .setExpirationTime(options.expiresIn || env.jwt.expiresIn)
58
+ .setJti(crypto.randomUUID()); // Add unique token ID
59
+
60
+ if (options.issuer) {
61
+ jwt.setIssuer(options.issuer);
62
+ }
63
+ if (options.audience) {
64
+ jwt.setAudience(options.audience);
65
+ }
66
+ if (options.notBefore) {
67
+ jwt.setNotBefore(options.notBefore);
68
+ }
69
+
70
+ return await jwt.sign(jwtSecret);
71
+ } catch (error) {
72
+ logger("auth").child({ strategy: "jwt" }).error({ err: error }, "token creation failed");
73
+ throw new Error("Token creation failed");
74
+ }
75
+ };
76
+
77
+ const verifyToken = async <T extends JWTTokenPayload = JWTTokenPayload>(
78
+ token: string,
79
+ options: TokenOptions = {},
80
+ ): Promise<T> => {
81
+ const { payload } = await jwtVerify(token, jwtSecret, {
82
+ issuer: options.issuer,
83
+ audience: options.audience,
84
+ algorithms: [ALGORITHM],
85
+ typ: TYP,
86
+ });
87
+
88
+ return payload as T;
89
+ };
90
+
91
+ const verifyTokenAndGetRole = async (
92
+ authHeader: string | null,
93
+ adminSecretHeader: string | null,
94
+ ): Promise<string> => {
95
+ // Use timing-safe comparison to prevent timing attacks
96
+ if (env.admin.secret && adminSecretHeader && safeCompare(adminSecretHeader, env.admin.secret))
97
+ return env.superadmin.role;
98
+
99
+ if (!authHeader) return env.anonymousRole;
100
+
101
+ if (!authHeader.startsWith("Bearer ")) return env.anonymousRole;
102
+
103
+ const token = authHeader.substring(7); // Remove 'Bearer ' prefix
104
+
105
+ try {
106
+ const verifiedToken = await verifyToken(token);
107
+
108
+ return verifiedToken.role;
109
+ } catch {
110
+ return env.anonymousRole;
111
+ }
112
+ };
113
+
114
+ const verifyTokenAndGetSession = async (
115
+ authHeader: string | null,
116
+ adminSecretHeader: string | null,
117
+ ): Promise<SessionContext> => {
118
+ if (env.admin.secret && adminSecretHeader && safeCompare(adminSecretHeader, env.admin.secret))
119
+ return { sub: "superadmin", role: env.superadmin.role };
120
+
121
+ if (!authHeader || !authHeader.startsWith("Bearer "))
122
+ return { sub: "anonymous", role: env.anonymousRole };
123
+
124
+ const token = authHeader.substring(7);
125
+
126
+ try {
127
+ const payload = await verifyToken(token, { audience: ACCESS_TOKEN_AUDIENCE });
128
+ if (await tokenRepository.isRevoked(payload.jti)) {
129
+ logger("auth").child({ strategy: "jwt" }).warn({ jti: payload.jti }, "token revoked");
130
+ return { sub: "anonymous", role: env.anonymousRole };
131
+ }
132
+ logger("auth")
133
+ .child({ strategy: "jwt" })
134
+ .debug({ sub: payload.sub, role: payload.role }, "token verified");
135
+ return {
136
+ sub: payload.sub,
137
+ role: payload.role,
138
+ jti: payload.jti,
139
+ claims: (payload.claims as Record<string, unknown>) ?? {},
140
+ iat: payload.iat,
141
+ exp: payload.exp,
142
+ };
143
+ } catch (error) {
144
+ logger("auth").child({ strategy: "jwt" }).debug({ err: error }, "token verification failed");
145
+ return { sub: "anonymous", role: env.anonymousRole };
146
+ }
147
+ };
148
+
149
+ const createTokenPair = async (
150
+ payload: TokenGenerationParameters,
151
+ options: TokenOptions = {},
152
+ ): Promise<TokenResponse> => {
153
+ const accessTokenExpiry = options.expiresIn || env.jwt.expiresIn;
154
+
155
+ // Access token - short lived, with "access" audience
156
+ const access_token = await createToken(payload, {
157
+ ...options,
158
+ expiresIn: accessTokenExpiry,
159
+ audience: ACCESS_TOKEN_AUDIENCE,
160
+ });
161
+
162
+ // Refresh token - longer lived, with "refresh" audience
163
+ const refresh_token = await createToken(payload, {
164
+ ...options,
165
+ expiresIn: env.jwt.rtExpiresIn,
166
+ audience: REFRESH_TOKEN_AUDIENCE,
167
+ });
168
+
169
+ return {
170
+ access_token,
171
+ refresh_token,
172
+ expires_in: parseDurationToSeconds(accessTokenExpiry),
173
+ role: payload.role,
174
+ };
175
+ };
176
+
177
+ const refreshAccessToken = async (refresh_token: string) => {
178
+ // Verify refresh token with correct audience
179
+ const payload = await verifyToken(refresh_token, {
180
+ audience: REFRESH_TOKEN_AUDIENCE,
181
+ });
182
+
183
+ if (await tokenRepository.isRevoked(payload.jti)) {
184
+ throw new Error("Token revoked");
185
+ }
186
+
187
+ // Check if this refresh token has already been used (token rotation)
188
+ const isAlreadyUsed = await tokenRepository.isTokenUsed(payload.jti);
189
+
190
+ if (isAlreadyUsed) {
191
+ // Token reuse detected - this could indicate token theft
192
+ // In a production system, you might want to revoke all tokens for this user
193
+ throw new Error("Token reuse detected");
194
+ }
195
+
196
+ // Mark this refresh token as used BEFORE issuing new tokens
197
+ await tokenRepository.saveJti(payload.jti, env.jwt.rtExpiresIn);
198
+
199
+ // Create new token pair with original subject, role, and claims
200
+ return createTokenPair(
201
+ {
202
+ sub: payload.sub,
203
+ role: payload.role,
204
+ claims: (payload.claims as Record<string, unknown>) ?? {},
205
+ },
206
+ { expiresIn: env.jwt.expiresIn },
207
+ );
208
+ };
209
+
210
+ return {
211
+ createToken,
212
+ verifyToken,
213
+ verifyTokenAndGetRole,
214
+ verifyTokenAndGetSession,
215
+ createTokenPair,
216
+ refreshAccessToken,
217
+ revoke: tokenRepository.revoke,
218
+ isRevoked: tokenRepository.isRevoked,
219
+ };
220
+ };
@@ -0,0 +1,256 @@
1
+ import { timingSafeEqual } from "crypto";
2
+
3
+ import { decrypt, encrypt, sign, verify } from "paseto-ts/v4";
4
+
5
+ import type { Env } from "../types/env";
6
+ import type { SessionContext } from "../utils/sessionVariables";
7
+ import type { TokenRepository } from "./tokenRepository";
8
+ import type { TokenGenerationParameters, TokenOptions, TokenResponse, TokenService } from "./types";
9
+
10
+ import { parseDurationToSeconds, toPasetoDuration } from "./duration";
11
+ import { createTokenRepository } from "./tokenRepository";
12
+ import { logger } from "../logging";
13
+
14
+ // Audience constants to distinguish token types
15
+ const ACCESS_TOKEN_AUDIENCE = "access";
16
+ const REFRESH_TOKEN_AUDIENCE = "refresh";
17
+
18
+ // Timing-safe string comparison to prevent timing attacks
19
+ const safeCompare = (a: string, b: string): boolean => {
20
+ try {
21
+ const bufA = Buffer.from(a);
22
+ const bufB = Buffer.from(b);
23
+ if (bufA.length !== bufB.length) return false;
24
+ return timingSafeEqual(bufA, bufB);
25
+ } catch {
26
+ return false;
27
+ }
28
+ };
29
+
30
+ type PasetoPayload = {
31
+ sub: string;
32
+ role: string;
33
+ claims?: Record<string, unknown>;
34
+ jti: string;
35
+ aud?: string;
36
+ iss?: string;
37
+ iat?: string;
38
+ exp?: string;
39
+ nbf?: string;
40
+ };
41
+
42
+ /**
43
+ * Convert PASETO ISO 8601 timestamp string to Unix epoch seconds
44
+ */
45
+ const isoToEpoch = (iso: string | undefined): number | undefined => {
46
+ if (!iso) return undefined;
47
+ return Math.floor(new Date(iso).getTime() / 1000);
48
+ };
49
+
50
+ type PasetoMode = "local" | "public";
51
+
52
+ export const createPASETOService = (
53
+ env: Env,
54
+ mode: PasetoMode,
55
+ tokenRepositoryOverride?: TokenRepository,
56
+ ): TokenService => {
57
+ const tokenRepository = tokenRepositoryOverride ?? createTokenRepository(env.cache.redisUrl);
58
+
59
+ // Token creation and verification functions based on mode
60
+ const createPasetoToken = async (
61
+ payload: Record<string, unknown>,
62
+ expiry: string,
63
+ ): Promise<string> => {
64
+ const pasetoPayload = {
65
+ ...payload,
66
+ exp: toPasetoDuration(expiry),
67
+ };
68
+
69
+ if (mode === "local") {
70
+ return encrypt(env.paseto.localKey!, pasetoPayload);
71
+ }
72
+ return sign(env.paseto.secretKey!, pasetoPayload);
73
+ };
74
+
75
+ const verifyPasetoToken = async (token: string): Promise<PasetoPayload> => {
76
+ if (mode === "local") {
77
+ const { payload } = await decrypt<PasetoPayload>(env.paseto.localKey!, token);
78
+ return payload;
79
+ }
80
+ const { payload } = await verify<PasetoPayload>(env.paseto.publicKey!, token);
81
+ return payload;
82
+ };
83
+
84
+ const createToken = async (
85
+ payload: TokenGenerationParameters,
86
+ options: TokenOptions = {},
87
+ ): Promise<string> => {
88
+ try {
89
+ const tokenPayload: Record<string, unknown> = {
90
+ sub: payload.sub,
91
+ role: payload.role,
92
+ jti: crypto.randomUUID(),
93
+ };
94
+
95
+ if (payload.claims) {
96
+ tokenPayload.claims = payload.claims;
97
+ }
98
+ if (options.audience) {
99
+ tokenPayload.aud = options.audience;
100
+ }
101
+ if (options.issuer) {
102
+ tokenPayload.iss = options.issuer;
103
+ }
104
+
105
+ const expiry = options.expiresIn || env.jwt.expiresIn;
106
+ return await createPasetoToken(tokenPayload, expiry);
107
+ } catch (error) {
108
+ logger("auth").child({ strategy: "paseto" }).error({ err: error }, "token creation failed");
109
+ throw new Error("Token creation failed");
110
+ }
111
+ };
112
+
113
+ const verifyToken = async <T = PasetoPayload>(
114
+ token: string,
115
+ options: TokenOptions = {},
116
+ ): Promise<T> => {
117
+ const payload = await verifyPasetoToken(token);
118
+
119
+ // Validate audience manually (PASETO doesn't auto-validate audience)
120
+ if (options.audience && payload.aud !== options.audience) {
121
+ throw new Error("Audience mismatch");
122
+ }
123
+
124
+ if (options.issuer && payload.iss !== options.issuer) {
125
+ throw new Error("Issuer mismatch");
126
+ }
127
+
128
+ return payload as T;
129
+ };
130
+
131
+ const verifyTokenAndGetRole = async (
132
+ authHeader: string | null,
133
+ adminSecretHeader: string | null,
134
+ ): Promise<string> => {
135
+ if (env.admin.secret && adminSecretHeader && safeCompare(adminSecretHeader, env.admin.secret))
136
+ return env.superadmin.role;
137
+
138
+ if (!authHeader) return env.anonymousRole;
139
+
140
+ if (!authHeader.startsWith("Bearer ")) return env.anonymousRole;
141
+
142
+ const token = authHeader.substring(7);
143
+
144
+ try {
145
+ const payload = await verifyPasetoToken(token);
146
+ return payload.role;
147
+ } catch {
148
+ return env.anonymousRole;
149
+ }
150
+ };
151
+
152
+ const verifyTokenAndGetSession = async (
153
+ authHeader: string | null,
154
+ adminSecretHeader: string | null,
155
+ ): Promise<SessionContext> => {
156
+ if (env.admin.secret && adminSecretHeader && safeCompare(adminSecretHeader, env.admin.secret))
157
+ return { sub: "superadmin", role: env.superadmin.role };
158
+
159
+ if (!authHeader || !authHeader.startsWith("Bearer "))
160
+ return { sub: "anonymous", role: env.anonymousRole };
161
+
162
+ const token = authHeader.substring(7);
163
+
164
+ try {
165
+ const payload = await verifyPasetoToken(token);
166
+ // Enforce access-token audience on the bearer path
167
+ if (payload.aud && payload.aud !== ACCESS_TOKEN_AUDIENCE) {
168
+ throw new Error("Audience mismatch");
169
+ }
170
+ if (await tokenRepository.isRevoked(payload.jti)) {
171
+ logger("auth").child({ strategy: "paseto" }).warn({ jti: payload.jti }, "token revoked");
172
+ return { sub: "anonymous", role: env.anonymousRole };
173
+ }
174
+ logger("auth")
175
+ .child({ strategy: "paseto" })
176
+ .debug({ sub: payload.sub, role: payload.role }, "token verified");
177
+ return {
178
+ sub: payload.sub,
179
+ role: payload.role,
180
+ jti: payload.jti,
181
+ claims: payload.claims ?? {},
182
+ iat: isoToEpoch(payload.iat),
183
+ exp: isoToEpoch(payload.exp),
184
+ };
185
+ } catch (error) {
186
+ logger("auth")
187
+ .child({ strategy: "paseto" })
188
+ .debug({ err: error }, "token verification failed");
189
+ return { sub: "anonymous", role: env.anonymousRole };
190
+ }
191
+ };
192
+
193
+ const createTokenPair = async (
194
+ payload: TokenGenerationParameters,
195
+ options: TokenOptions = {},
196
+ ): Promise<TokenResponse> => {
197
+ const accessTokenExpiry = options.expiresIn || env.jwt.expiresIn;
198
+
199
+ const access_token = await createToken(payload, {
200
+ ...options,
201
+ expiresIn: accessTokenExpiry,
202
+ audience: ACCESS_TOKEN_AUDIENCE,
203
+ });
204
+
205
+ const refresh_token = await createToken(payload, {
206
+ ...options,
207
+ expiresIn: env.jwt.rtExpiresIn,
208
+ audience: REFRESH_TOKEN_AUDIENCE,
209
+ });
210
+
211
+ return {
212
+ access_token,
213
+ refresh_token,
214
+ expires_in: parseDurationToSeconds(accessTokenExpiry),
215
+ role: payload.role,
216
+ };
217
+ };
218
+
219
+ const refreshAccessToken = async (refresh_token: string): Promise<TokenResponse> => {
220
+ const payload = await verifyToken<PasetoPayload>(refresh_token, {
221
+ audience: REFRESH_TOKEN_AUDIENCE,
222
+ });
223
+
224
+ if (await tokenRepository.isRevoked(payload.jti)) {
225
+ throw new Error("Token revoked");
226
+ }
227
+
228
+ const isAlreadyUsed = await tokenRepository.isTokenUsed(payload.jti);
229
+
230
+ if (isAlreadyUsed) {
231
+ throw new Error("Token reuse detected");
232
+ }
233
+
234
+ await tokenRepository.saveJti(payload.jti, env.jwt.rtExpiresIn);
235
+
236
+ return createTokenPair(
237
+ {
238
+ sub: payload.sub,
239
+ role: payload.role,
240
+ claims: payload.claims ?? {},
241
+ },
242
+ { expiresIn: env.jwt.expiresIn },
243
+ );
244
+ };
245
+
246
+ return {
247
+ createToken,
248
+ verifyToken,
249
+ verifyTokenAndGetRole,
250
+ verifyTokenAndGetSession,
251
+ createTokenPair,
252
+ refreshAccessToken,
253
+ revoke: tokenRepository.revoke,
254
+ isRevoked: tokenRepository.isRevoked,
255
+ };
256
+ };
@@ -0,0 +1,75 @@
1
+ import { RedisClient as ValkeyClient } from "bun";
2
+
3
+ import { parseDurationToMs } from "./duration";
4
+ import { logger } from "../logging";
5
+
6
+ export type TokenRepository = {
7
+ saveJti(jti: string, expiresIn: string): Promise<void>;
8
+ isTokenUsed(jti: string): Promise<boolean>;
9
+ revoke(jti: string): Promise<void>;
10
+ isRevoked(jti: string): Promise<boolean>;
11
+ };
12
+
13
+ export type TokenRepositoryClient = {
14
+ hset(key: string, fields: Record<string, string>): Promise<unknown>;
15
+ hmget(key: string, fields: string[]): Promise<(string | null)[]>;
16
+ expire(key: string, seconds: number): Promise<unknown>;
17
+ };
18
+
19
+ export const createTokenRepositoryWithClient = (client: TokenRepositoryClient): TokenRepository => {
20
+ const log = logger("token-repository");
21
+
22
+ const saveJti = async (jti: string, expiresIn: string) => {
23
+ try {
24
+ await client.hset(jti, { isUsed: "true" });
25
+ await client.expire(jti, parseDurationToMs(expiresIn) / 1000);
26
+ } catch (error) {
27
+ log.error({ err: error }, "failed to save JTI");
28
+ throw new Error("Token storage unavailable");
29
+ }
30
+ };
31
+
32
+ const isTokenUsed = async (jti: string): Promise<boolean> => {
33
+ try {
34
+ const [isUsed] = await client.hmget(jti, ["isUsed"]);
35
+ return isUsed === "true";
36
+ } catch (error) {
37
+ log.error({ err: error }, "failed to check JTI usage, failing closed");
38
+ return true;
39
+ }
40
+ };
41
+
42
+ const revoke = async (jti: string) => {
43
+ try {
44
+ const [isUsed] = await client.hmget(jti, ["isUsed"]);
45
+ if (isUsed !== "true") return;
46
+ await client.hset(jti, { isRevoked: "true" });
47
+ } catch (error) {
48
+ log.error({ err: error }, "failed to revoke JTI");
49
+ throw new Error("Token revocation failed");
50
+ }
51
+ };
52
+
53
+ const isRevoked = async (jti: string): Promise<boolean> => {
54
+ try {
55
+ const [isRevoked] = await client.hmget(jti, ["isRevoked"]);
56
+ return isRevoked === "true";
57
+ } catch (error) {
58
+ log.error({ err: error }, "failed to check revocation, failing closed");
59
+ return true;
60
+ }
61
+ };
62
+
63
+ return {
64
+ saveJti,
65
+ isTokenUsed,
66
+ revoke,
67
+ isRevoked,
68
+ };
69
+ };
70
+
71
+ export const createTokenRepository = (redisUrl: string): TokenRepository =>
72
+ // Bun's RedisClient exposes the same hset/hmget/expire surface we need but
73
+ // its declared types are wider than TokenRepositoryClient. The cast is the
74
+ // structural-typing bridge and is intentional.
75
+ createTokenRepositoryWithClient(new ValkeyClient(redisUrl) as unknown as TokenRepositoryClient);
@@ -0,0 +1,78 @@
1
+ import type { SessionContext } from "../utils/sessionVariables";
2
+
3
+ // ============================================================================
4
+ // Token Strategy
5
+ // ============================================================================
6
+
7
+ export type TokenStrategy = "jwt" | "paseto_local" | "paseto_public";
8
+
9
+ // ============================================================================
10
+ // Shared Token Types
11
+ // ============================================================================
12
+
13
+ export type TokenGenerationParameters = {
14
+ sub: string;
15
+ role: string;
16
+ claims?: Record<string, unknown>;
17
+ };
18
+
19
+ export type TokenPayload = {
20
+ sub: string;
21
+ role: string;
22
+ claims?: Record<string, unknown>;
23
+ jti: string;
24
+ aud?: string | string[];
25
+ iss?: string;
26
+ iat?: number;
27
+ exp?: number;
28
+ nbf?: number;
29
+ [key: string]: unknown;
30
+ };
31
+
32
+ export type TokenOptions = {
33
+ expiresIn?: string;
34
+ issuer?: string;
35
+ audience?: string;
36
+ notBefore?: string | number;
37
+ };
38
+
39
+ export type TokenResponse = {
40
+ access_token: string;
41
+ refresh_token: string;
42
+ expires_in: number; // seconds until access_token expires
43
+ role: string;
44
+ };
45
+
46
+ // ============================================================================
47
+ // Token Service Interface
48
+ // ============================================================================
49
+
50
+ export type TokenService = {
51
+ createToken(payload: TokenGenerationParameters, options?: TokenOptions): Promise<string>;
52
+
53
+ verifyToken<T extends TokenPayload = TokenPayload>(
54
+ token: string,
55
+ options?: TokenOptions,
56
+ ): Promise<T>;
57
+
58
+ verifyTokenAndGetRole(
59
+ authHeader: string | null,
60
+ adminSecretHeader: string | null,
61
+ ): Promise<string>;
62
+
63
+ verifyTokenAndGetSession(
64
+ authHeader: string | null,
65
+ adminSecretHeader: string | null,
66
+ ): Promise<SessionContext>;
67
+
68
+ createTokenPair(
69
+ payload: TokenGenerationParameters,
70
+ options?: TokenOptions,
71
+ ): Promise<TokenResponse>;
72
+
73
+ refreshAccessToken(refresh_token: string): Promise<TokenResponse>;
74
+
75
+ revoke(jti: string): Promise<void>;
76
+
77
+ isRevoked(jti: string): Promise<boolean>;
78
+ };
@@ -0,0 +1,51 @@
1
+ import type { SeedAuthArgs } from "./seedAuthArgs";
2
+
3
+ import { loadConfiguration } from "../configuration";
4
+ import { insertAuthUser } from "../databases";
5
+ import { instantiateDatabasesConnections } from "../singletons/databases";
6
+ import { ConfigurationZod } from "../types/zod/configuration";
7
+ import { parseSeedAuthArgs } from "./seedAuthArgs";
8
+ import { logger } from "../logging";
9
+
10
+ export const runSeedAuth = async (args: SeedAuthArgs): Promise<void> => {
11
+ const rawConfig = await loadConfiguration(args.config);
12
+ const configuration = ConfigurationZod.parse(rawConfig);
13
+
14
+ if (!configuration.auth?.enabled) {
15
+ throw new Error("auth.enabled must be true in the configuration to seed an auth user");
16
+ }
17
+
18
+ await instantiateDatabasesConnections([configuration.auth.databaseEntity]);
19
+
20
+ await insertAuthUser(configuration.auth, {
21
+ username: args.user,
22
+ password: args.password,
23
+ role: args.role,
24
+ claims: args.claims,
25
+ });
26
+ };
27
+
28
+ export const seedAuthCommand = async (argv: string[]): Promise<void> => {
29
+ const log = logger("cli");
30
+ let args: SeedAuthArgs;
31
+ try {
32
+ args = parseSeedAuthArgs(argv);
33
+ } catch (error) {
34
+ const msg = error instanceof Error ? error.message : String(error);
35
+ log.error({ err: error }, `seed-auth: ${msg}`);
36
+ console.error(
37
+ "Usage: graphoria seed-auth --user <name> --password <pwd> --role <role> --config <path> [--claims <json>]",
38
+ );
39
+ process.exit(2);
40
+ }
41
+
42
+ try {
43
+ await runSeedAuth(args);
44
+ log.info({ user: args.user, role: args.role }, "seeded auth user");
45
+ process.exit(0);
46
+ } catch (error) {
47
+ const msg = error instanceof Error ? error.message : String(error);
48
+ log.error({ err: error }, `seed-auth failed: ${msg}`);
49
+ process.exit(1);
50
+ }
51
+ };