@gugananuvem/aws-local-simulator 1.0.11 → 1.0.14

package/src/services/cognito/index.js

@@ -31,6 +31,11 @@ class CognitoService {
     logger.debug('Cognito Service inicializado');
   }
 
+  injectDependencies(server) {
+    const ct = server.getService('cloudtrail');
+    if (ct?.simulator) this.simulator.audit.setTrail(ct.simulator);
+  }
+
   async start() {
     if (this.isRunning) return;
     await this.server.start();

package/src/services/cognito/server.js

@@ -16,7 +16,19 @@ class CognitoServer {
   }
 
   setupMiddlewares() {
-    this.app.use(express.json());
+    this.app.use(express.raw({ type: '*/*', limit: '10mb' }));
+    this.app.use((req, res, next) => {
+      if (req.body && Buffer.isBuffer(req.body)) {
+        try {
+          req.body = JSON.parse(req.body.toString('utf8'));
+        } catch (e) {
+          req.body = {};
+        }
+      } else if (!req.body) {
+        req.body = {};
+      }
+      next();
+    });
     
     if (logger.currentLogLevel === 'verboso') {
       this.app.use((req, res, next) => {
@@ -48,12 +60,13 @@ class CognitoServer {
     // User Pool operations
     this.app.post('/', async (req, res) => {
       const target = req.headers['x-amz-target'];
+      logger.info(`Cognito incoming: target=${target} body=${JSON.stringify(req.body)}`);
       if (!target) {
         return res.status(400).json({ error: 'Missing X-Amz-Target header' });
       }
 
       try {
-        const result = await this.handleRequest(target, req.body);
+        const result = await this.handleRequest(target, req.body || {});
         res.json(result);
       } catch (error) {
         logger.error('Cognito Error:', error);
@@ -84,20 +97,46 @@ class CognitoServer {
       case 'DeleteUserPool':
         return this.simulator.deleteUserPool(params);
       
+      case 'ListUsers':
+        return this.simulator.listUsers(params);
       // User Pool Client Management
       case 'CreateUserPoolClient':
         return this.simulator.createUserPoolClient(params);
+      case 'ListUserPoolClients':
+        return this.simulator.listUserPoolClients(params);
+      case 'DescribeUserPoolClient':
+        return this.simulator.describeUserPoolClient(params);
+      case 'DeleteUserPoolClient':
+        return this.simulator.deleteUserPoolClient(params);
       
       // User Operations
       case 'SignUp':
         return this.simulator.signUp(params);
       case 'ConfirmSignUp':
         return this.simulator.confirmSignUp(params);
+      case 'ForgotPassword':
+        return this.simulator.forgotPassword(params);
+      case 'ConfirmForgotPassword':
+        return this.simulator.confirmForgotPassword(params);
+      case 'ChangePassword':
+        return this.simulator.changePassword(params);
       case 'InitiateAuth':
         return this.simulator.initiateAuth(params);
+      case 'RespondToAuthChallenge':
+        return this.simulator.respondToAuthChallenge(params);
       case 'GetToken':
         return this.simulator.getToken(params);
-      
+      case 'GlobalSignOut':
+        return this.simulator.globalSignOut(params);
+      case 'RevokeToken':
+        return this.simulator.revokeToken(params);
+      case 'GetUser':
+        return this.simulator.getUser(params);
+      case 'UpdateUserAttributes':
+        return this.simulator.updateUserAttributes(params);
+      case 'DeleteUser':
+        return this.simulator.deleteUser(params);
+
       // Admin Operations
       case 'AdminGetUser':
         return this.simulator.adminGetUser(params);
@@ -107,6 +146,18 @@ class CognitoServer {
         return this.simulator.adminSetUserPassword(params);
       case 'AdminDeleteUser':
         return this.simulator.adminDeleteUser(params);
+      case 'AdminDisableUser':
+        return this.simulator.adminDisableUser(params);
+      case 'AdminEnableUser':
+        return this.simulator.adminEnableUser(params);
+      case 'AdminResetUserPassword':
+        return this.simulator.adminResetUserPassword(params);
+      case 'AdminInitiateAuth':
+        return this.simulator.initiateAuth(params);
+      case 'AdminListGroupsForUser':
+        return this.simulator.adminListGroupsForUser(params);
+      case 'AdminUserGlobalSignOut':
+        return this.simulator.adminUserGlobalSignOut(params);
       
       // Identity Pool Operations
       case 'CreateIdentityPool':

package/src/services/cognito/simulator.js

@@ -9,6 +9,7 @@ const { v4: uuidv4 } = require('uuid');
 const logger = require('../../utils/logger');
 const LocalStore = require('../../utils/local-store');
 const path = require('path');
+const { CloudTrailAudit } = require('../../utils/cloudtrail-audit');
 
 class CognitoSimulator {
   constructor(config) {
@@ -22,6 +23,7 @@ class CognitoSimulator {
     this.refreshTokens = new Map();
     this.accessTokens = new Map();
     this.jwtSecret = crypto.randomBytes(64).toString('hex');
+    this.audit = new CloudTrailAudit('cognito-idp.amazonaws.com');
   }
 
   async initialize() {
@@ -73,6 +75,7 @@ class CognitoSimulator {
     this.persistUserPools();
     
     logger.debug(`✅ User Pool criado: ${PoolName} (${poolId})`);
+    this.audit.record({ eventName: 'CreateUserPool', readOnly: false, resources: [{ ARN: userPool.Arn, type: 'AWS::Cognito::UserPool' }], requestParameters: { poolName: PoolName } });
     
     return {
       UserPool: {
@@ -140,6 +143,215 @@ class CognitoSimulator {
     };
   }
 
+  listUsers(params = {}) {
+    const { UserPoolId, Filter, Limit = 60, PaginationToken } = params;
+    const userPool = this.userPools.get(UserPoolId);
+
+    if (!userPool) {
+      throw new Error(`User pool ${UserPoolId} not found`);
+    }
+
+    let users = Array.from(this.users.values()).filter(u => u.UserPoolId === UserPoolId);
+
+    if (PaginationToken) {
+      const startIndex = parseInt(PaginationToken);
+      users = users.slice(startIndex);
+    }
+
+    const results = users.slice(0, Limit);
+    const nextToken = results.length === Limit && users.length > Limit ? String(Limit) : null;
+
+    return {
+      Users: results.map(u => ({
+        Username: u.Username,
+        UserStatus: u.UserStatus,
+        Enabled: u.Enabled,
+        UserCreateDate: u.CreatedDate,
+        UserLastModifiedDate: u.LastModifiedDate,
+        Attributes: this.formatUserAttributes(u.Attributes)
+      })),
+      PaginationToken: nextToken
+    };
+  }
+
+  listUserPoolClients(params = {}) {
+    const { UserPoolId, MaxResults = 60, NextToken } = params;
+    const userPool = this.userPools.get(UserPoolId);
+    if (!userPool) throw new Error(`User pool ${UserPoolId} not found`);
+
+    let clients = Array.from(userPool.Clients.values());
+    if (NextToken) clients = clients.slice(parseInt(NextToken));
+    const results = clients.slice(0, MaxResults);
+
+    return {
+      UserPoolClients: results.map(c => ({
+        ClientId: c.ClientId,
+        ClientName: c.ClientName,
+        UserPoolId: c.UserPoolId
+      })),
+      NextToken: results.length === MaxResults && clients.length > MaxResults ? String(MaxResults) : null
+    };
+  }
+
+  describeUserPoolClient(params = {}) {
+    const { UserPoolId, ClientId } = params;
+    const userPool = this.userPools.get(UserPoolId);
+    if (!userPool) throw new Error(`User pool ${UserPoolId} not found`);
+    const client = userPool.Clients.get(ClientId);
+    if (!client) throw new Error(`Client ${ClientId} not found`);
+    return { UserPoolClient: client };
+  }
+
+  deleteUserPoolClient(params = {}) {
+    const { UserPoolId, ClientId } = params;
+    const userPool = this.userPools.get(UserPoolId);
+    if (!userPool) throw new Error(`User pool ${UserPoolId} not found`);
+    userPool.Clients.delete(ClientId);
+    this.persistUserPools();
+    return {};
+  }
+
+  forgotPassword(params = {}) {
+    const { ClientId, Username } = params;
+    const userPool = this.findUserPoolByClientId(ClientId);
+    if (!userPool) throw new Error(`Client ${ClientId} not found`);
+    return { CodeDeliveryDetails: { Destination: 'test@example.com', DeliveryMedium: 'EMAIL', AttributeName: 'email' } };
+  }
+
+  confirmForgotPassword(params = {}) {
+    const { ClientId, Username, ConfirmationCode, Password } = params;
+    const user = this.findUserByUsername(Username, ClientId);
+    if (!user) throw new Error(`User not found: ${Username}`);
+    user.Password = this.hashPassword(Password);
+    user.UserStatus = 'CONFIRMED';
+    this.persistUsers();
+    return {};
+  }
+
+  changePassword(params = {}) {
+    const { AccessToken, PreviousPassword, ProposedPassword } = params;
+    const session = this.accessTokens.get(AccessToken);
+    if (!session) throw new Error('Invalid access token');
+    const user = this.users.get(session.UserId);
+    if (!user) throw new Error('User not found');
+    if (!this.verifyPassword(PreviousPassword, user.Password)) throw new Error('Incorrect previous password');
+    user.Password = this.hashPassword(ProposedPassword);
+    this.persistUsers();
+    return {};
+  }
+
+  respondToAuthChallenge(params = {}) {
+    return { AuthenticationResult: null, ChallengeName: null };
+  }
+
+  revokeToken(params = {}) {
+    const { Token, ClientId } = params;
+    // Remove refresh token session if it exists
+    const session = this.refreshTokens.get(Token);
+    if (session) {
+      this.sessions.delete(session.Id);
+      this.accessTokens.delete(session.AccessToken);
+      this.refreshTokens.delete(Token);
+      this.persistSessions();
+    }
+    return {};
+  }
+
+  globalSignOut(params = {}) {
+    const { AccessToken } = params;
+    const session = this.accessTokens.get(AccessToken);
+    if (session) {
+      this.sessions.delete(session.Id);
+      this.accessTokens.delete(AccessToken);
+      this.refreshTokens.delete(session.RefreshToken);
+      this.persistSessions();
+    }
+    return {};
+  }
+
+  getUser(params = {}) {
+    const { AccessToken } = params;
+    const session = this.accessTokens.get(AccessToken);
+    if (!session) throw new Error('Invalid access token');
+    // Check session is still active
+    if (!this.sessions.has(session.Id)) throw new Error('Token has been revoked');
+    const user = this.users.get(session.UserId);
+    if (!user) throw new Error('User not found');
+    return {
+      Username: user.Username,
+      UserAttributes: this.formatUserAttributes(user.Attributes),
+      UserStatus: user.UserStatus
+    };
+  }
+
+  updateUserAttributes(params = {}) {
+    const { AccessToken, UserAttributes } = params;
+    const session = this.accessTokens.get(AccessToken);
+    if (!session) throw new Error('Invalid access token');
+    const user = this.users.get(session.UserId);
+    if (!user) throw new Error('User not found');
+    const updates = this.normalizeUserAttributes(UserAttributes || []);
+    Object.assign(user.Attributes, updates);
+    this.persistUsers();
+    return { CodeDeliveryDetailsList: [] };
+  }
+
+  deleteUser(params = {}) {
+    const { AccessToken } = params;
+    const session = this.accessTokens.get(AccessToken);
+    if (!session) throw new Error('Invalid access token');
+    this.users.delete(session.UserId);
+    this.persistUsers();
+    return {};
+  }
+
+  adminDisableUser(params = {}) {
+    const { UserPoolId, Username } = params;
+    const user = this.findUserByUsername(Username, null, UserPoolId);
+    if (!user) throw new Error(`User not found: ${Username}`);
+    user.Enabled = false;
+    this.persistUsers();
+    return {};
+  }
+
+  adminEnableUser(params = {}) {
+    const { UserPoolId, Username } = params;
+    const user = this.findUserByUsername(Username, null, UserPoolId);
+    if (!user) throw new Error(`User not found: ${Username}`);
+    user.Enabled = true;
+    this.persistUsers();
+    return {};
+  }
+
+  adminResetUserPassword(params = {}) {
+    const { UserPoolId, Username } = params;
+    const user = this.findUserByUsername(Username, null, UserPoolId);
+    if (!user) throw new Error(`User not found: ${Username}`);
+    user.UserStatus = 'RESET_REQUIRED';
+    this.persistUsers();
+    return {};
+  }
+
+  adminUserGlobalSignOut(params = {}) {
+    const { UserPoolId, Username } = params;
+    const user = this.findUserByUsername(Username, null, UserPoolId);
+    if (!user) throw new Error(`User not found: ${Username}`);
+    // Invalidate all sessions for this user
+    for (const [id, session] of this.sessions.entries()) {
+      if (session.UserId === user.UserId) {
+        this.accessTokens.delete(session.AccessToken);
+        this.refreshTokens.delete(session.RefreshToken);
+        this.sessions.delete(id);
+      }
+    }
+    this.persistSessions();
+    return {};
+  }
+
+  adminListGroupsForUser(params = {}) {
+    return { Groups: [], NextToken: null };
+  }
+
   deleteUserPool(params) {
     const { UserPoolId } = params;
     
@@ -207,7 +419,7 @@ class CognitoSimulator {
 
   // ============ User Operations ============
 
-  signUp(params) {
+  signUp(params = {}) {
     const { ClientId, Username, Password, UserAttributes, ValidationData } = params;
     
     // Encontra o user pool pelo client id
@@ -319,6 +531,7 @@ class CognitoSimulator {
     this.persistSessions();
     
     logger.debug(`🔐 Usuário autenticado: ${username}`);
+    this.audit.record({ eventName: 'InitiateAuth', readOnly: false, resources: [{ ARN: userPool.Arn, type: 'AWS::Cognito::UserPool' }], requestParameters: { clientId: ClientId, authFlow: AuthFlow } });
     
     return {
       AuthenticationResult: {
@@ -726,10 +939,10 @@ class CognitoSimulator {
   // ============ Persistence ============
 
   loadUserPools() {
+    // Load persisted pools first
     const saved = this.store.read('__userpools__');
     if (saved) {
       for (const [id, data] of Object.entries(saved)) {
-        // Reconstitui Maps
         data.Clients = new Map(Object.entries(data.Clients || {}));
         data.Groups = new Map(Object.entries(data.Groups || {}));
         data.IdentityProviders = new Map(Object.entries(data.IdentityProviders || {}));
@@ -737,6 +950,64 @@ class CognitoSimulator {
         this.userPools.set(id, data);
       }
     }
+
+    // Create user pools from config if not already persisted
+    if (this.config.cognito?.userPools) {
+      let configChanged = false;
+      const configPath = this.config._configPath;
+
+      for (let i = 0; i < this.config.cognito.userPools.length; i++) {
+        const poolConfig = this.config.cognito.userPools[i];
+        const existing = Array.from(this.userPools.values()).find(p => p.Name === poolConfig.PoolName);
+
+        if (!existing) {
+          const result = this.createUserPool(poolConfig);
+          const poolId = result.UserPool.Id;
+          logger.debug(`✅ User Pool criado a partir da config: ${poolConfig.PoolName} (${poolId})`);
+
+          // Auto-create a default client if not specified
+          if (!poolConfig.ClientId) {
+            const clientResult = this.createUserPoolClient({
+              UserPoolId: poolId,
+              ClientName: `${poolConfig.PoolName}-client`,
+              GenerateSecret: false
+            });
+            const clientId = clientResult.UserPoolClient.ClientId;
+            this.config.cognito.userPools[i].ClientId = clientId;
+            this.config.cognito.userPools[i].UserPoolId = poolId;
+            configChanged = true;
+            logger.debug(`✅ Client criado automaticamente: ${clientId}`);
+          }
+        } else if (!poolConfig.ClientId) {
+          // Pool exists but no clientId in config — write it back
+          const firstClient = existing.Clients.size > 0 ? existing.Clients.values().next().value : null;
+          if (firstClient) {
+            this.config.cognito.userPools[i].ClientId = firstClient.ClientId;
+            this.config.cognito.userPools[i].UserPoolId = existing.Id;
+            configChanged = true;
+          }
+        }
+      }
+
+      // Write clientId back to aws-local-simulator.json
+      if (configChanged && configPath) {
+        try {
+          const fs = require('fs');
+          const fileContent = JSON.parse(fs.readFileSync(configPath, 'utf8'));
+          fileContent.cognito = fileContent.cognito || {};
+          fileContent.cognito.userPools = this.config.cognito.userPools.map(p => ({
+            PoolName: p.PoolName,
+            AutoVerifiedAttributes: p.AutoVerifiedAttributes,
+            UserPoolId: p.UserPoolId,
+            ClientId: p.ClientId
+          }));
+          fs.writeFileSync(configPath, JSON.stringify(fileContent, null, 2));
+          logger.info(`✅ ClientId gravado em: ${configPath}`);
+        } catch (err) {
+          logger.warn(`⚠️ Não foi possível gravar clientId no config: ${err.message}`);
+        }
+      }
+    }
   }
 
   loadIdentityPools() {

package/src/services/config/index.js

@@ -0,0 +1,96 @@
+'use strict';
+
+/**
+ * @fileoverview AWS Config Service
+ * Porta padrão: 4013
+ */
+
+const http = require('http');
+const path = require('path');
+const { ConfigSimulator } = require('./simulador');
+const { createConfigServer } = require('./server');
+const LocalStore = require('../../utils/local-store');
+
+class ConfigService {
+  constructor(config) {
+    this.config = config;
+    this.logger = require('../../utils/logger');
+    this.name = 'config';
+    this.port = config?.ports?.config || config?.services?.config?.port || 4013;
+    this.store = null;
+    this.simulator = null;
+    this._server = null;
+    this.isRunning = false;
+  }
+
+  async initialize() {
+    this.logger.debug(`Inicializando AWS Config Service na porta ${this.port}...`);
+    const dataDir = process.env.AWS_LOCAL_SIMULATOR_DATA_DIR;
+    this.store = new LocalStore(path.join(dataDir, 'config'));
+    this.simulator = new ConfigSimulator(this.config, this.store, this.logger);
+    await this.simulator.load();
+    this.logger.debug('AWS Config Service inicializado');
+  }
+
+  injectDependencies(server) {
+    if (!server) return;
+    const s3 = server.getService('s3');
+    if (s3?.simulator) this.simulator.s3Simulator = s3.simulator;
+    const sns = server.getService('sns');
+    if (sns?.simulator) this.simulator.snsSimulator = sns.simulator;
+    const lambda = server.getService('lambda');
+    if (lambda?.simulator) this.simulator.lambdaSimulator = lambda.simulator;
+    const dynamo = server.getService('dynamodb');
+    if (dynamo?.simulator) this.simulator.dynamoSimulator = dynamo.simulator;
+    const ct = server.getService('cloudtrail');
+    if (ct?.simulator) this.simulator.cloudtrailSimulator = ct.simulator;
+  }
+
+  async start() {
+    if (this.isRunning) return;
+    const { handler } = createConfigServer(this.simulator, this.logger);
+    this._server = http.createServer((req, res) => {
+      handler(req, res).catch(err => {
+        this.logger.error('[Config] Unhandled error:', err);
+        if (!res.headersSent) {
+          res.writeHead(500, { 'Content-Type': 'application/x-amz-json-1.1' });
+          res.end(JSON.stringify({ __type: 'InternalFailure', message: err.message }));
+        }
+      });
+    });
+    return new Promise((resolve, reject) => {
+      this._server.listen(this.port, '0.0.0.0', (err) => {
+        if (err) return reject(err);
+        this.isRunning = true;
+        this.logger.debug(`AWS Config rodando na porta ${this.port}`);
+        resolve();
+      });
+    });
+  }
+
+  async stop() {
+    if (!this.isRunning || !this._server) return;
+    await new Promise((resolve) => this._server.close(resolve));
+    this.simulator._stopRecording?.();
+    this._server = null;
+    this.isRunning = false;
+  }
+
+  async reset() {
+    this.simulator.reset();
+    await this.simulator.save();
+  }
+
+  getStatus() {
+    return {
+      running: this.isRunning,
+      port: this.port,
+      endpoint: `http://localhost:${this.port}`,
+      ...this.simulator?.getStatus(),
+    };
+  }
+
+  getSimulator() { return this.simulator; }
+}
+
+module.exports = { ConfigService };