npm - @harperfast/harper-pro - Versions diffs - 5.0.0-alpha.2 → 5.0.0-alpha.3 - Mend

@harperfast/harper-pro 5.0.0-alpha.2 → 5.0.0-alpha.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (40) hide show

package/core/CONTRIBUTING.md +2 -0
package/core/package.json +2 -2
package/core/resources/DatabaseTransaction.ts +1 -1
package/core/resources/LMDBTransaction.ts +9 -4
package/core/resources/databases.ts +1 -1
package/core/unitTests/resources/permissions.test.js +7 -2
package/core/unitTests/resources/txn-tracking.test.js +10 -4
package/core/unitTests/resources/vectorIndex.test.js +1 -0
package/dist/bin/harper.js +1 -1
package/dist/bin/harper.js.map +1 -1
package/dist/core/resources/DatabaseTransaction.js +1 -1
package/dist/core/resources/DatabaseTransaction.js.map +1 -1
package/dist/core/resources/LMDBTransaction.js +9 -5
package/dist/core/resources/LMDBTransaction.js.map +1 -1
package/dist/core/resources/databases.js +1 -1
package/dist/core/resources/databases.js.map +1 -1
package/dist/licensing/usageLicensing.js +246 -0
package/dist/licensing/usageLicensing.js.map +1 -0
package/dist/licensing/validation.js +149 -0
package/dist/licensing/validation.js.map +1 -0
package/dist/replication/replicator.js +5 -2
package/dist/replication/replicator.js.map +1 -1
package/dist/replication/setNode.js +0 -1
package/dist/replication/setNode.js.map +1 -1
package/dist/security/certificate.js +206 -6
package/dist/security/certificate.js.map +1 -1
package/dist/security/keyService.js +58 -0
package/dist/security/keyService.js.map +1 -0
package/dist/security/sshKeyOperations.js +343 -0
package/dist/security/sshKeyOperations.js.map +1 -0
package/licensing/usageLicensing.ts +262 -0
package/licensing/validation.ts +191 -0
package/npm-shrinkwrap.json +253 -253
package/package.json +3 -2
package/replication/replicator.ts +6 -2
package/replication/setNode.ts +0 -1
package/security/certificate.ts +259 -7
package/security/keyService.ts +74 -0
package/security/sshKeyOperations.ts +405 -0
package/static/defaultConfig.yaml +2 -0

package/licensing/validation.ts ADDED Viewed

@@ -0,0 +1,191 @@
+import { createPublicKey, verify } from 'node:crypto';
+export class PublicKey {
+	pem: string;
+	constructor(mode?: string) {
+		if (mode && (mode === 'test' || mode === 'development')) {
+			this.pem = `-----BEGIN PUBLIC KEY-----
+MCowBQYDK2VwAyEAO301jvpO12znGdK/Izrre518pgmQNk9hSMXf4wDMucM=
+-----END PUBLIC KEY-----
+`;
+		} else {
+			this.pem = `-----BEGIN PUBLIC KEY-----
+MCowBQYDK2VwAyEAMtpzMn9YfS0fGaDLcAmYQx2OH8kVevwbNyQ1RIj5cvw=
+-----END PUBLIC KEY-----
+`;
+		}
+	}
+	getKey() {
+		return createPublicKey(this.pem);
+	}
+	toString() {
+		return this.pem;
+	}
+}
+interface DecodedLicense {
+	header: string;
+	payload: string;
+	signature: string;
+}
+type HarperLicenseTyp = 'Harper-License';
+type HarperLicenseAlg = 'EdDSA';
+export interface LicenseHeader {
+	typ: HarperLicenseTyp;
+	alg: HarperLicenseAlg;
+}
+export interface LicensePayload {
+	id: string;
+	level: number;
+	region?: string;
+	reads: number;
+	writes: number;
+	readBytes: number;
+	writeBytes: number;
+	realTimeMessages: number;
+	realTimeBytes: number;
+	cpuTime: number;
+	storage: number;
+	expiration: string;
+	autoRenew?: boolean;
+}
+export type ValidatedLicense = LicensePayload;
+export class LicenseEncodingError extends TypeError {}
+export class InvalidLicenseError extends TypeError {}
+export class InvalidLicenseSignatureError extends InvalidLicenseError {}
+export class InvalidHeaderError extends InvalidLicenseError {}
+export class InvalidPayloadError extends InvalidLicenseError {}
+let publicKey: PublicKey;
+export function initPublicKey(mode?: string) {
+	publicKey = new PublicKey(mode);
+}
+function getPublicKey(): PublicKey {
+	if (!publicKey) {
+		publicKey = new PublicKey();
+	}
+	return publicKey;
+}
+function validateLicenseSignature(encodedLicense: string): DecodedLicense {
+	if (typeof encodedLicense !== 'string') {
+		throw new LicenseEncodingError(`License must be a string; received ${typeof encodedLicense}: ${encodedLicense}`);
+	}
+	let licenseComponents: string[];
+	try {
+		licenseComponents = encodedLicense.split('.');
+	} catch (cause) {
+		const error = new LicenseEncodingError(
+			`Unable to split license into components; license must be a string with three dot-separated parts; got: ${encodedLicense}`
+		);
+		error.cause = cause;
+		throw error;
+	}
+	if (licenseComponents.length !== 3) {
+		throw new InvalidLicenseError(`License must have three dot-separated parts; got ${licenseComponents.length}`);
+	}
+	const [header, payload, signature] = licenseComponents;
+	const pubKey = getPublicKey().getKey();
+	const valid = verify(null, Buffer.from(header + '.' + payload, 'utf8'), pubKey, Buffer.from(signature, 'base64url'));
+	if (!valid) {
+		throw new InvalidLicenseSignatureError('License signature is invalid');
+	}
+	return {
+		header: toJSON(header),
+		payload: toJSON(payload),
+		signature: toJSON(signature),
+	};
+	function toJSON(str: string): string {
+		return Buffer.from(str, 'base64url').toString('utf8');
+	}
+}
+function validateLicenseHeader(header: LicenseHeader): void {
+	if (header?.typ !== 'Harper-License') {
+		throw new InvalidHeaderError(`Invalid license header; typ must be 'Harper-License'; got: ${header?.typ}`);
+	}
+	if (header?.alg !== 'EdDSA') {
+		throw new InvalidHeaderError(`Invalid license header; alg must be 'EdDSA'; got: ${header?.alg}`);
+	}
+}
+type AttrSchema = { required: boolean; type: string };
+function valid(schema: AttrSchema, value: any) {
+	if (schema.required) {
+		return typeof value === schema.type;
+	}
+	return typeof value === 'undefined' || typeof value === schema.type;
+}
+function validateLicensePayload(payload: LicensePayload): void {
+	const attrs = {
+		id: { required: true, type: 'string' },
+		region: { required: false, type: 'string' },
+		expiration: { required: true, type: 'string' },
+		level: { required: true, type: 'number' },
+		reads: { required: true, type: 'number' },
+		writes: { required: true, type: 'number' },
+		readBytes: { required: true, type: 'number' },
+		writeBytes: { required: true, type: 'number' },
+		realTimeMessages: { required: true, type: 'number' },
+		realTimeBytes: { required: true, type: 'number' },
+		cpuTime: { required: true, type: 'number' },
+		storage: { required: true, type: 'number' },
+		autoRenew: { required: false, type: 'boolean' },
+	};
+	for (const attr in attrs) {
+		const { required, type } = attrs[attr];
+		const attrDesc = required ? `required attribute '${attr}'` : `optional attribute '${attr}', when present,`;
+		if (!valid(attrs[attr], payload[attr])) {
+			throw new InvalidPayloadError(
+				`Invalid license payload; ${attrDesc} must be a ${type}; got: ${typeof payload[attr]}`
+			);
+		}
+	}
+}
+export function validateLicense(encodedLicense: string): ValidatedLicense {
+	const { header: headerJSON, payload: payloadJSON } = validateLicenseSignature(encodedLicense);
+	let header: LicenseHeader;
+	try {
+		header = JSON.parse(headerJSON);
+	} catch (cause) {
+		const error = new InvalidHeaderError();
+		error.cause = cause;
+		throw error;
+	}
+	validateLicenseHeader(header);
+	let payload: LicensePayload;
+	try {
+		payload = JSON.parse(payloadJSON);
+	} catch (cause) {
+		const error = new InvalidPayloadError();
+		error.cause = cause;
+		throw error;
+	}
+	validateLicensePayload(payload);
+	return payload;
+}