npm - @harperfast/harper-pro - Versions diffs - 5.0.0-alpha.2 → 5.0.0-alpha.4 - Mend

@harperfast/harper-pro 5.0.0-alpha.2 → 5.0.0-alpha.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (226) hide show

package/core/.github/workflows/create-release.yaml +181 -0
package/core/.github/workflows/notify-release-published.yaml +50 -0
package/core/.github/workflows/publish-docker.yaml +174 -0
package/core/.github/workflows/publish-npm.yaml +173 -0
package/core/CONTRIBUTING.md +2 -0
package/core/bin/harper.js +6 -0
package/core/components/PluginModule.ts +0 -1
package/core/components/componentLoader.ts +16 -4
package/core/dev/sync-commits.js +18 -7
package/core/integrationTests/server/operation-user-rbac.test.ts +484 -0
package/core/package.json +4 -3
package/core/resources/DatabaseTransaction.ts +2 -1
package/core/resources/LMDBTransaction.ts +9 -4
package/core/resources/RecordEncoder.ts +5 -3
package/core/resources/RequestTarget.ts +1 -1
package/core/resources/Resource.ts +1 -1
package/core/resources/RocksTransactionLogStore.ts +106 -12
package/core/resources/Table.ts +108 -114
package/core/resources/dataLoader.ts +0 -1
package/core/resources/databases.ts +1 -1
package/core/resources/jsResource.ts +0 -2
package/core/resources/registrationDeprecated.ts +8 -0
package/core/resources/transactionBroadcast.ts +29 -25
package/core/security/auth.ts +14 -1
package/core/security/jsLoader.ts +9 -2
package/core/security/permissionsTranslator.js +4 -0
package/core/security/user.ts +20 -2
package/core/server/REST.ts +29 -16
package/core/server/Server.ts +6 -2
package/core/server/http.ts +5 -7
package/core/server/serverHelpers/Request.ts +5 -0
package/core/server/serverHelpers/serverUtilities.ts +6 -2
package/core/server/static.ts +0 -2
package/core/unitTests/apiTests/cache-test.mjs +37 -0
package/core/unitTests/commonTestErrors.js +4 -0
package/core/unitTests/dataLayer/SQLSearch.test.js +2 -2
package/core/unitTests/dataLayer/sql-update.test.js +2 -2
package/core/unitTests/resources/auditLog.test.js +167 -0
package/core/unitTests/resources/caching.test.js +79 -0
package/core/unitTests/resources/permissions.test.js +7 -2
package/core/unitTests/resources/txn-tracking.test.js +10 -4
package/core/unitTests/resources/vectorIndex.test.js +1 -0
package/core/unitTests/testApp/resources.js +30 -0
package/core/unitTests/testApp/schema.graphql +5 -0
package/core/unitTests/utility/operationPermissions.test.js +107 -0
package/core/unitTests/utility/operation_authorization.test.js +130 -0
package/core/unitTests/validation/role_validation.test.js +79 -0
package/core/utility/common_utils.js +8 -4
package/core/utility/errors/commonErrors.js +4 -0
package/core/utility/hdbTerms.ts +1 -0
package/core/utility/operationPermissions.ts +96 -0
package/core/utility/operation_authorization.js +150 -49
package/core/validation/role_validation.js +23 -0
package/dist/bin/harper.js +1 -1
package/dist/bin/harper.js.map +1 -1
package/dist/cloneNode/cloneNode.js +55 -38
package/dist/cloneNode/cloneNode.js.map +1 -1
package/dist/core/bin/harper.js +2 -0
package/dist/core/bin/harper.js.map +1 -1
package/dist/core/components/ComponentV1.js +1 -0
package/dist/core/components/ComponentV1.js.map +1 -1
package/dist/core/components/EntryHandler.js +35 -1
package/dist/core/components/EntryHandler.js.map +1 -1
package/dist/core/components/PluginModule.js +1 -0
package/dist/core/components/PluginModule.js.map +1 -1
package/dist/core/components/Scope.js +2 -0
package/dist/core/components/Scope.js.map +1 -1
package/dist/core/components/componentLoader.js +12 -3
package/dist/core/components/componentLoader.js.map +1 -1
package/dist/core/components/status/api.js +1 -0
package/dist/core/components/status/api.js.map +1 -1
package/dist/core/components/status/crossThread.js +1 -0
package/dist/core/components/status/crossThread.js.map +1 -1
package/dist/core/config/RootConfigWatcher.js +34 -4
package/dist/core/config/RootConfigWatcher.js.map +1 -1
package/dist/core/dataLayer/harperBridge/ResourceBridge.js +1 -0
package/dist/core/dataLayer/harperBridge/ResourceBridge.js.map +1 -1
package/dist/core/resources/DatabaseTransaction.js +3 -1
package/dist/core/resources/DatabaseTransaction.js.map +1 -1
package/dist/core/resources/ErrorResource.js +1 -0
package/dist/core/resources/ErrorResource.js.map +1 -1
package/dist/core/resources/LMDBTransaction.js +10 -5
package/dist/core/resources/LMDBTransaction.js.map +1 -1
package/dist/core/resources/RecordEncoder.js +5 -3
package/dist/core/resources/RecordEncoder.js.map +1 -1
package/dist/core/resources/RequestTarget.js +3 -0
package/dist/core/resources/RequestTarget.js.map +1 -1
package/dist/core/resources/Resource.js +2 -1
package/dist/core/resources/Resource.js.map +1 -1
package/dist/core/resources/ResourceInterface.js +3 -0
package/dist/core/resources/ResourceInterface.js.map +1 -1
package/dist/core/resources/ResourceInterfaceV2.js +2 -0
package/dist/core/resources/ResourceInterfaceV2.js.map +1 -1
package/dist/core/resources/ResourceV2.js +3 -0
package/dist/core/resources/ResourceV2.js.map +1 -1
package/dist/core/resources/Resources.js +1 -0
package/dist/core/resources/Resources.js.map +1 -1
package/dist/core/resources/RocksIndexStore.js +1 -0
package/dist/core/resources/RocksIndexStore.js.map +1 -1
package/dist/core/resources/RocksTransactionLogStore.js +102 -12
package/dist/core/resources/RocksTransactionLogStore.js.map +1 -1
package/dist/core/resources/Table.js +100 -111
package/dist/core/resources/Table.js.map +1 -1
package/dist/core/resources/blob.js +1 -0
package/dist/core/resources/blob.js.map +1 -1
package/dist/core/resources/dataLoader.js +3 -2
package/dist/core/resources/dataLoader.js.map +1 -1
package/dist/core/resources/databases.js +1 -1
package/dist/core/resources/databases.js.map +1 -1
package/dist/core/resources/jsResource.js +2 -2
package/dist/core/resources/jsResource.js.map +1 -1
package/dist/core/resources/openApi.js +1 -0
package/dist/core/resources/openApi.js.map +1 -1
package/dist/core/resources/registrationDeprecated.js +11 -0
package/dist/core/resources/registrationDeprecated.js.map +1 -0
package/dist/core/resources/replayLogs.js +2 -0
package/dist/core/resources/replayLogs.js.map +1 -1
package/dist/core/resources/search.js +1 -0
package/dist/core/resources/search.js.map +1 -1
package/dist/core/resources/transactionBroadcast.js +30 -27
package/dist/core/resources/transactionBroadcast.js.map +1 -1
package/dist/core/security/auth.js +15 -1
package/dist/core/security/auth.js.map +1 -1
package/dist/core/security/jsLoader.js +10 -2
package/dist/core/security/jsLoader.js.map +1 -1
package/dist/core/security/permissionsTranslator.js +4 -0
package/dist/core/security/permissionsTranslator.js.map +1 -1
package/dist/core/security/user.js +16 -1
package/dist/core/security/user.js.map +1 -1
package/dist/core/server/REST.js +35 -18
package/dist/core/server/REST.js.map +1 -1
package/dist/core/server/Server.js +2 -0
package/dist/core/server/Server.js.map +1 -1
package/dist/core/server/http.js +5 -3
package/dist/core/server/http.js.map +1 -1
package/dist/core/server/operationsServer.js +2 -1
package/dist/core/server/operationsServer.js.map +1 -1
package/dist/core/server/serverHelpers/Request.js +2 -0
package/dist/core/server/serverHelpers/Request.js.map +1 -1
package/dist/core/server/serverHelpers/serverUtilities.js +3 -2
package/dist/core/server/serverHelpers/serverUtilities.js.map +1 -1
package/dist/core/server/static.js +1 -2
package/dist/core/server/static.js.map +1 -1
package/dist/core/utility/common_utils.js +7 -5
package/dist/core/utility/common_utils.js.map +1 -1
package/dist/core/utility/errors/commonErrors.js +3 -0
package/dist/core/utility/errors/commonErrors.js.map +1 -1
package/dist/core/utility/hdbTerms.js +1 -0
package/dist/core/utility/hdbTerms.js.map +1 -1
package/dist/core/utility/operationPermissions.js +101 -0
package/dist/core/utility/operationPermissions.js.map +1 -0
package/dist/core/utility/operation_authorization.js +83 -49
package/dist/core/utility/operation_authorization.js.map +1 -1
package/dist/core/validation/role_validation.js +19 -1
package/dist/core/validation/role_validation.js.map +1 -1
package/dist/licensing/usageLicensing.js +243 -0
package/dist/licensing/usageLicensing.js.map +1 -0
package/dist/licensing/validation.js +149 -0
package/dist/licensing/validation.js.map +1 -0
package/dist/replication/replicationConnection.js +90 -24
package/dist/replication/replicationConnection.js.map +1 -1
package/dist/replication/replicator.js +6 -2
package/dist/replication/replicator.js.map +1 -1
package/dist/replication/setNode.js +0 -1
package/dist/replication/setNode.js.map +1 -1
package/dist/security/certificate.js +206 -6
package/dist/security/certificate.js.map +1 -1
package/dist/security/keyService.js +58 -0
package/dist/security/keyService.js.map +1 -0
package/dist/security/sshKeyOperations.js +344 -0
package/dist/security/sshKeyOperations.js.map +1 -0
package/licensing/usageLicensing.ts +260 -0
package/licensing/validation.ts +191 -0
package/npm-shrinkwrap.json +509 -463
package/package.json +6 -3
package/replication/replicationConnection.ts +99 -31
package/replication/replicator.ts +8 -3
package/replication/setNode.ts +0 -1
package/security/certificate.ts +259 -7
package/security/keyService.ts +74 -0
package/security/sshKeyOperations.ts +405 -0
package/static/defaultConfig.yaml +2 -0
package/studio/web/HDBDogOnly.svg +78 -0
package/studio/web/assets/PPRadioGrotesk-Bold-DDaUYG8E.woff +0 -0
package/studio/web/assets/fa-brands-400-CEJbCg16.woff +0 -0
package/studio/web/assets/fa-brands-400-CSYNqBb_.ttf +0 -0
package/studio/web/assets/fa-brands-400-DnkPfk3o.eot +0 -0
package/studio/web/assets/fa-brands-400-UxlILjvJ.woff2 +0 -0
package/studio/web/assets/fa-brands-400-cH1MgKbP.svg +3717 -0
package/studio/web/assets/fa-regular-400-BhTwtT8w.eot +0 -0
package/studio/web/assets/fa-regular-400-D1vz6WBx.ttf +0 -0
package/studio/web/assets/fa-regular-400-DFnMcJPd.woff +0 -0
package/studio/web/assets/fa-regular-400-DGzu1beS.woff2 +0 -0
package/studio/web/assets/fa-regular-400-gwj8Pxq-.svg +801 -0
package/studio/web/assets/fa-solid-900-B4ZZ7kfP.svg +5034 -0
package/studio/web/assets/fa-solid-900-B6Axprfb.eot +0 -0
package/studio/web/assets/fa-solid-900-BUswJgRo.woff2 +0 -0
package/studio/web/assets/fa-solid-900-DOXgCApm.woff +0 -0
package/studio/web/assets/fa-solid-900-mxuxnBEa.ttf +0 -0
package/studio/web/assets/index-CjpELGtS.js +37 -0
package/studio/web/assets/index-CjpELGtS.js.map +1 -0
package/studio/web/assets/index-VoSl--bG.js +235 -0
package/studio/web/assets/index-VoSl--bG.js.map +1 -0
package/studio/web/assets/index-Y2g_iFpU.css +1 -0
package/studio/web/assets/index-jiPwkrsB.css +1 -0
package/studio/web/assets/index-o10iYrkU.js +2 -0
package/studio/web/assets/index-o10iYrkU.js.map +1 -0
package/studio/web/assets/index.lazy-D5hjT1pS.js +266 -0
package/studio/web/assets/index.lazy-D5hjT1pS.js.map +1 -0
package/studio/web/assets/profiler-B9Edexdi.js +2 -0
package/studio/web/assets/profiler-B9Edexdi.js.map +1 -0
package/studio/web/assets/react-redux-DsVOxD2E.js +6 -0
package/studio/web/assets/react-redux-DsVOxD2E.js.map +1 -0
package/studio/web/assets/startRecording-Bwd6AYRS.js +3 -0
package/studio/web/assets/startRecording-Bwd6AYRS.js.map +1 -0
package/studio/web/fabric-signup-background.webp +0 -0
package/studio/web/fabric-signup-text.png +0 -0
package/studio/web/favicon_purple.png +0 -0
package/studio/web/github-icon.svg +15 -0
package/studio/web/harper-fabric_black.png +0 -0
package/studio/web/harper-fabric_white.png +0 -0
package/studio/web/harper-studio_white.png +0 -0
package/studio/web/index.html +16 -0
package/studio/web/running.css +148 -0
package/studio/web/running.html +147 -0
package/studio/web/running.js +111 -0

package/core/unitTests/resources/auditLog.test.js CHANGED Viewed

@@ -21,6 +21,15 @@ describe('Audit log', () => {
 		subscription.on('data', (event) => {
 			events.push(event);
 		});
+		server.replication.mockRemoteMap = new Map([['local', 0]]);
+		server.replication.getIdOfRemoteNode = function (name) {
+			let id = server.replication.mockRemoteMap.get(name);
+			if (id === undefined) {
+				id = server.replication.mockRemoteMap.size;
+				server.replication.mockRemoteMap.set(name, id);
+			}
+			return id;
+		};
 	});
 	afterEach(function () {
 		setAuditRetention(60000);
@@ -48,6 +57,7 @@ describe('Audit log', () => {
 		for await (let entry of AuditedTable.getHistory()) {
 			results.push(entry);
 		}
 		assert.equal(results.length, 0);
 		assert.equal(AuditedTable.primaryStore.getEntry(1), undefined); // verify that the delete entry was removed
 		// verify that the twice-written entry was not removed
@@ -89,4 +99,161 @@ describe('Audit log', () => {
 		assert.equal(history[0].user, key.toString());
 		assert.deepEqual(history[0].value.id, key);
 	});
+	it('dynamically add new transaction logs to iterator', async function () {
+		if (!AuditedTable.auditStore.reusableIterable) return this.skip(); // only for rocksdb
+		// Create initial entries
+		await AuditedTable.put(10, { name: 'initial' });
+		await AuditedTable.put(11, { name: 'initial2' });
+		const results = [];
+		const iterator = AuditedTable.getHistory()[Symbol.asyncIterator]();
+		// Get first entry
+		let result = await iterator.next();
+		results.push(result.value);
+		// Emit a new transaction log event
+		AuditedTable.auditStore.rootStore.useLog('new-transaction-log');
+		await delay(20);
+		// Continue iterating - should include entries from new log if it has any
+		while (!(result = await iterator.next()).done) {
+			results.push(result.value);
+		}
+		// Verify we got at least the initial entries
+		assert(results.length >= 2, 'Should have at least the initial entries');
+	});
+	it('cleanup listener when iterator completes naturally', async function () {
+		if (!AuditedTable.auditStore.reusableIterable) return this.skip(); // only for rocksdb
+		await AuditedTable.put(20, { name: 'test' });
+		const originalOn = AuditedTable.auditStore.rootStore.on.bind(AuditedTable.auditStore.rootStore);
+		const originalOff = AuditedTable.auditStore.rootStore.off.bind(AuditedTable.auditStore.rootStore);
+		let activeListener = null;
+		AuditedTable.auditStore.rootStore.on = function (event, listener) {
+			if (event === 'new-transaction-log') {
+				activeListener = listener;
+			}
+			return originalOn(event, listener);
+		};
+		AuditedTable.auditStore.rootStore.off = function (event, listener) {
+			if (event === 'new-transaction-log' && listener === activeListener) {
+				activeListener = null;
+			}
+			return originalOff(event, listener);
+		};
+		// Create iterator and let it complete
+		for await (const _entry of AuditedTable.getHistory()) {
+			// iterate through all
+		}
+		// Restore original methods
+		AuditedTable.auditStore.rootStore.on = originalOn;
+		AuditedTable.auditStore.rootStore.off = originalOff;
+		// Verify listener was cleaned up
+		assert.equal(activeListener, null, 'Listener should be cleaned up after completion');
+	});
+	it('cleanup listener when breaking from iteration', async function () {
+		if (!AuditedTable.auditStore.reusableIterable) return this.skip(); // only for rocksdb
+		await AuditedTable.put(30, { name: 'test1' });
+		await AuditedTable.put(31, { name: 'test2' });
+		await AuditedTable.put(32, { name: 'test3' });
+		// Track listener cleanup
+		const originalOn = AuditedTable.auditStore.rootStore.on.bind(AuditedTable.auditStore.rootStore);
+		const originalOff = AuditedTable.auditStore.rootStore.off.bind(AuditedTable.auditStore.rootStore);
+		let activeListener = null;
+		AuditedTable.auditStore.rootStore.on = function (event, listener) {
+			if (event === 'new-transaction-log') {
+				activeListener = listener;
+			}
+			return originalOn(event, listener);
+		};
+		AuditedTable.auditStore.rootStore.off = function (event, listener) {
+			if (event === 'new-transaction-log' && listener === activeListener) {
+				activeListener = null;
+			}
+			return originalOff(event, listener);
+		};
+		// Break early from iteration
+		let count = 0;
+		for await (const _entry of AuditedTable.getHistory()) {
+			if (++count >= 2) break;
+		}
+		// Restore original methods
+		AuditedTable.auditStore.rootStore.on = originalOn;
+		AuditedTable.auditStore.rootStore.off = originalOff;
+		// Listener should be cleaned up after break
+		assert.equal(activeListener, null, 'Listener should be cleaned up after break');
+	});
+	it('exclude logs from new transaction log events', async function () {
+		if (!AuditedTable.auditStore.reusableIterable) return this.skip(); // only for rocksdb
+		await AuditedTable.put(40, { name: 'test' });
+		const excludedLog = 'excluded-log-' + Date.now();
+		const iterator = AuditedTable.auditStore.getRange({ excludeLogs: [excludedLog], start: 0 })[Symbol.iterator]();
+		// Start iteration
+		await iterator.next();
+		// Emit include log - should be include
+		let nodeId = AuditedTable.auditStore.ensureLogExists('new-transaction-log-2');
+		await delay(20);
+		await AuditedTable.put(41, { name: 'test' }, { nodeId });
+		// Emit excluded log - should be ignored
+		nodeId = AuditedTable.auditStore.ensureLogExists(excludedLog);
+		await delay(20);
+		await AuditedTable.put(42, { name: 'test' }, { nodeId });
+		let result = [];
+		// Finish iteration
+		let entry;
+		while (!(entry = await iterator.next()).done) {
+			result.push(entry.value);
+		}
+		assert(result.find((entry) => entry.recordId === 41));
+		//assert(!result.find((entry) => entry.recordId === 42));
+		assert(true, 'Should complete without including excluded log');
+	});
+	it('add and remove logs dynamically using iterator methods', async function () {
+		if (!AuditedTable.auditStore.reusableIterable) return this.skip(); // only for rocksdb
+		await AuditedTable.put(50, { name: 'test' });
+		const iterable = AuditedTable.auditStore.getRange({});
+		const iterator = iterable[Symbol.iterator]();
+		// Start iteration
+		iterator.next();
+		// Add a new log using the addLog method on the iterable
+		const newLogName = 'manual-log-' + Date.now();
+		AuditedTable.auditStore.ensureLogExists(newLogName);
+		// Verify the log was added to logByName
+		assert(AuditedTable.auditStore.logByName.has(newLogName), 'Log should be added to logByName');
+		// Remove the log using the removeLog method on the iterable
+		iterable.removeLog(newLogName);
+		// Continue iterating to completion
+		while (!(await iterator.next()).done) {
+			// continue
+		}
+		assert(true, 'Should complete successfully after adding and removing logs');
+	});
 });

package/core/unitTests/resources/caching.test.js CHANGED Viewed

@@ -364,4 +364,83 @@ describe('Caching', () => {
 			timer = 0;
 		}
 	});
+	it('Extended class with sourcedFrom does not impact base class', async function () {
+		// Create a base table without a source
+		const BaseTable = table({
+			table: 'BaseTable',
+			database: 'test',
+			attributes: [{ name: 'id', isPrimaryKey: true }, { name: 'value' }],
+		});
+		// Create an extended class and give it a source
+		class ExtendedTable extends BaseTable {}
+		let extendedSourceCalls = 0;
+		ExtendedTable.sourcedFrom({
+			get(id) {
+				return new Promise((resolve) => {
+					extendedSourceCalls++;
+					resolve({
+						id,
+						value: 'extended-' + id,
+					});
+				});
+			},
+		});
+		// Verify the extended class has a source
+		assert(ExtendedTable.source);
+		assert.equal(typeof ExtendedTable.source.get, 'function');
+		// Verify the base class does NOT have a source
+		assert(!BaseTable.source);
+		// Test that the extended class uses its source
+		extendedSourceCalls = 0;
+		await ExtendedTable.invalidate(100);
+		const extendedResult = await ExtendedTable.get(100);
+		assert.equal(extendedResult.value, 'extended-100');
+		assert.equal(extendedSourceCalls, 1);
+		// Test that the base class doesn't call any source
+		await BaseTable.invalidate(101);
+		const baseResult = await BaseTable.get(101);
+		assert.equal(baseResult, undefined); // Should be undefined since there's no source
+		assert.equal(extendedSourceCalls, 1); // Should not have called extended source
+		// Create another extended class with a different source
+		class AnotherExtendedTable extends BaseTable {}
+		let anotherSourceCalls = 0;
+		AnotherExtendedTable.sourcedFrom({
+			get(id) {
+				return new Promise((resolve) => {
+					anotherSourceCalls++;
+					resolve({
+						id,
+						value: 'another-' + id,
+					});
+				});
+			},
+		});
+		// Verify each extended class has its own independent source
+		assert(AnotherExtendedTable.source);
+		assert(AnotherExtendedTable.source !== ExtendedTable.source);
+		// Test that each extended class uses its own source
+		await AnotherExtendedTable.invalidate(102);
+		const anotherResult = await AnotherExtendedTable.get(102);
+		assert.equal(anotherResult.value, 'another-102');
+		assert.equal(anotherSourceCalls, 1);
+		assert.equal(extendedSourceCalls, 1); // ExtendedTable source should not be called
+		// Verify ExtendedTable still uses its own source
+		await ExtendedTable.invalidate(103);
+		const extendedResult2 = await ExtendedTable.get(103);
+		assert.equal(extendedResult2.value, 'extended-103');
+		assert.equal(extendedSourceCalls, 2);
+		assert.equal(anotherSourceCalls, 1); // AnotherExtendedTable source should not be called
+	});
 });

package/core/unitTests/resources/permissions.test.js CHANGED Viewed

@@ -30,8 +30,13 @@ describe('Permissions through Resource API', () => {
 			],
 		});
 		for (let i = 0; i < 10; i++) {
-			RelatedTable.put({ id: 'related-id-' + i, name: 'related name-' + i });
-			TestTable.put({ id: 'id-' + i, name: i > 0 ? 'name-' + i : null, prop1: 'test', relatedId: 'related-id-' + i });
+			await RelatedTable.put({ id: 'related-id-' + i, name: 'related name-' + i });
+			await TestTable.put({
+				id: 'id-' + i,
+				name: i > 0 ? 'name-' + i : null,
+				prop1: 'test',
+				relatedId: 'related-id-' + i,
+			});
 		}
 		restricted_user = {
 			role: {

package/core/unitTests/resources/txn-tracking.test.js CHANGED Viewed

@@ -2,9 +2,11 @@ require('../testUtils');
 const assert = require('assert');
 const { setupTestDBPath } = require('../testUtils');
 const { setTxnExpiration } = require('#src/resources/DatabaseTransaction');
+const { setTxnExpiration: setLMDBTxnExpiration } = require('#src/resources/LMDBTransaction');
 const { setMainIsWorker } = require('#js/server/threads/manageThreads');
 const { table } = require('#src/resources/databases');
 const { setTimeout: delay } = require('node:timers/promises');
+const { RocksDatabase } = require('@harperfast/rocksdb-js');
 describe('Txn Expiration', () => {
 	let SlowResource,
 		performedDBInteractions = false;
@@ -31,15 +33,19 @@ describe('Txn Expiration', () => {
 	});
 	it('Slow txn will expire', async function () {
 		await SlowResource.put(3, { name: 'three' });
-		let trackedTxns = setTxnExpiration(20);
+		let trackedTxns =
+			SlowResource.primaryStore instanceof RocksDatabase ? setTxnExpiration(20) : setLMDBTxnExpiration(20);
+		await delay(50);
 		let existingTxns = trackedTxns.size;
 		let result = SlowResource.get(3);
 		assert.equal(trackedTxns.size, existingTxns + 1);
 		const txns = Array.from(trackedTxns);
 		const lastTxn = txns[txns.length - 1];
-		assert.equal(lastTxn.startedFrom.resourceName, 'SlowResource');
-		assert.equal(lastTxn.startedFrom.method, 'get');
-		assert.equal(lastTxn.timeout, 20);
+		if (SlowResource.primaryStore instanceof RocksDatabase) {
+			assert.equal(lastTxn.startedFrom.resourceName, 'SlowResource');
+			assert.equal(lastTxn.startedFrom.method, 'get');
+			assert.equal(lastTxn.timeout, 20);
+		}
 		await Promise.race([delay(50), result]);
 		assert(performedDBInteractions);
 		assert.equal(trackedTxns.size, existingTxns);

package/core/unitTests/resources/vectorIndex.test.js CHANGED Viewed

@@ -3,6 +3,7 @@ const { table } = require('#src/resources/databases');
 const { HierarchicalNavigableSmallWorld } = require('#src/resources/indexes/HierarchicalNavigableSmallWorld');
 describe('HierarchicalNavigableSmallWorld indexing', () => {
+	if (process.env.HARPER_STORAGE_ENGINE === 'lmdb') return; // don't try to test lmdb
 	let HNSWTest;
 	let testInstance = new HierarchicalNavigableSmallWorld();
 	let all = [];

package/core/unitTests/testApp/resources.js CHANGED Viewed

@@ -163,6 +163,36 @@ tables.CacheOfResource.sourcedFrom({
 	},
 });
+// test transparent HTTP caching straight through
+tables.CacheOfHttp.sourcedFrom({
+	async get(target) {
+		switch (target) {
+			case 'direct-fetch':
+				return fetch(`http://localhost:9926/FourProp/2`);
+			case 'fetch-body':
+				const response = await fetch(`http://localhost:9926/FourProp/2`);
+				return new Response(response.body, {
+					headers: {
+						'Content-Type': 'text/plain',
+					},
+				});
+			case 'created-response':
+				return new Response('test', {
+					headers: { 'x-custom-header': 'custom value', 'cache-control': 'max-age=10, s-maxage=20' },
+				});
+			case 'html-response':
+				return new Response('<html>test</html>', {
+					headers: { 'content-type': 'text/html' },
+				});
+			case 'headers-in-data':
+				return {
+					headers: { 'x-custom-header': 'custom value' },
+					name: 'test-sibling-to-headers',
+				};
+		}
+	},
+});
 export class FourPropWithHistory extends tables.FourProp {
 	async subscribe(options) {
 		let context = this.getContext();

package/core/unitTests/testApp/schema.graphql CHANGED Viewed

@@ -56,6 +56,11 @@ type SimpleCache @table {
 type CacheOfResource @table @export {
 	id: ID @primaryKey
 }
+type CacheOfHttp @table @export {
+	headers: Any
+	data: Any
+	body: Blob
+}
 type HasBigInt @table @export {
 	id: BigInt @primaryKey

package/core/unitTests/utility/operationPermissions.test.js ADDED Viewed

@@ -0,0 +1,107 @@
+'use strict';
+const assert = require('assert');
+const terms = require('#src/utility/hdbTerms');
+const { OPERATION_PERMISSION_GROUPS, expandOperationsPerms } = require('#src/utility/operationPermissions');
+describe('operationPermissions', function () {
+	describe('OPERATION_PERMISSION_GROUPS', function () {
+		it('read_only contains expected read operations', function () {
+			const ops = OPERATION_PERMISSION_GROUPS.read_only;
+			assert.ok(ops.includes(terms.OPERATIONS_ENUM.SEARCH));
+			assert.ok(ops.includes(terms.OPERATIONS_ENUM.SQL));
+			assert.ok(ops.includes(terms.OPERATIONS_ENUM.DESCRIBE_ALL));
+			assert.ok(ops.includes(terms.OPERATIONS_ENUM.USER_INFO));
+		});
+		it('read_only does not contain write operations', function () {
+			const ops = OPERATION_PERMISSION_GROUPS.read_only;
+			assert.ok(!ops.includes(terms.OPERATIONS_ENUM.INSERT));
+			assert.ok(!ops.includes(terms.OPERATIONS_ENUM.UPDATE));
+			assert.ok(!ops.includes(terms.OPERATIONS_ENUM.DELETE));
+			assert.ok(!ops.includes(terms.OPERATIONS_ENUM.CSV_DATA_LOAD));
+		});
+		it('standard_user contains everything in read_only', function () {
+			const readOnly = new Set(OPERATION_PERMISSION_GROUPS.read_only);
+			for (const op of readOnly) {
+				assert.ok(OPERATION_PERMISSION_GROUPS.standard_user.includes(op), `standard_user missing read_only op: ${op}`);
+			}
+		});
+		it('standard_user contains data manipulation operations', function () {
+			const ops = OPERATION_PERMISSION_GROUPS.standard_user;
+			assert.ok(ops.includes(terms.OPERATIONS_ENUM.INSERT));
+			assert.ok(ops.includes(terms.OPERATIONS_ENUM.UPDATE));
+			assert.ok(ops.includes(terms.OPERATIONS_ENUM.UPSERT));
+			assert.ok(ops.includes(terms.OPERATIONS_ENUM.DELETE));
+		});
+		it('standard_user does not contain token management operations', function () {
+			const ops = OPERATION_PERMISSION_GROUPS.standard_user;
+			assert.ok(!ops.includes(terms.OPERATIONS_ENUM.CREATE_AUTHENTICATION_TOKENS));
+			assert.ok(!ops.includes(terms.OPERATIONS_ENUM.REFRESH_OPERATION_TOKEN));
+		});
+		it('standard_user does not contain schema DDL operations', function () {
+			const ops = OPERATION_PERMISSION_GROUPS.standard_user;
+			assert.ok(!ops.includes(terms.OPERATIONS_ENUM.CREATE_ATTRIBUTE));
+		});
+		it('admin_read contains elevated read operations', function () {
+			const ops = OPERATION_PERMISSION_GROUPS.admin_read;
+			assert.ok(ops.includes(terms.OPERATIONS_ENUM.GET_CONFIGURATION));
+			assert.ok(ops.includes(terms.OPERATIONS_ENUM.READ_LOG));
+			assert.ok(ops.includes(terms.OPERATIONS_ENUM.READ_AUDIT_LOG));
+			assert.ok(ops.includes(terms.OPERATIONS_ENUM.GET_CUSTOM_FUNCTIONS));
+			assert.ok(ops.includes(terms.OPERATIONS_ENUM.GET_COMPONENTS));
+		});
+		it('admin_read does not contain data write operations', function () {
+			const ops = OPERATION_PERMISSION_GROUPS.admin_read;
+			assert.ok(!ops.includes(terms.OPERATIONS_ENUM.INSERT));
+			assert.ok(!ops.includes(terms.OPERATIONS_ENUM.DELETE));
+		});
+	});
+	describe('expandOperationsPerms()', function () {
+		it('expands a group name to its member operations', function () {
+			const result = expandOperationsPerms(['read_only']);
+			assert.ok(result instanceof Set);
+			assert.ok(result.has(terms.OPERATIONS_ENUM.SEARCH));
+			assert.ok(result.has(terms.OPERATIONS_ENUM.SQL));
+			assert.ok(result.has(terms.OPERATIONS_ENUM.DESCRIBE_ALL));
+			assert.ok(result.has(terms.OPERATIONS_ENUM.USER_INFO));
+		});
+		it('group does not include write operations', function () {
+			const result = expandOperationsPerms(['read_only']);
+			assert.ok(!result.has(terms.OPERATIONS_ENUM.INSERT));
+			assert.ok(!result.has(terms.OPERATIONS_ENUM.UPDATE));
+			assert.ok(!result.has(terms.OPERATIONS_ENUM.DELETE));
+			assert.ok(!result.has(terms.OPERATIONS_ENUM.CSV_DATA_LOAD));
+		});
+		it('passes through an individual operation name directly', function () {
+			const result = expandOperationsPerms([terms.OPERATIONS_ENUM.RESTART]);
+			assert.ok(result.has(terms.OPERATIONS_ENUM.RESTART));
+			assert.equal(result.size, 1);
+		});
+		it('combines a group and individual operations into a union set', function () {
+			const result = expandOperationsPerms([
+				'read_only',
+				terms.OPERATIONS_ENUM.RESTART,
+				terms.OPERATIONS_ENUM.LIST_USERS,
+			]);
+			assert.ok(result.has(terms.OPERATIONS_ENUM.SEARCH));
+			assert.ok(result.has(terms.OPERATIONS_ENUM.RESTART));
+			assert.ok(result.has(terms.OPERATIONS_ENUM.LIST_USERS));
+		});
+		it('returns an empty set for an empty array', function () {
+			const result = expandOperationsPerms([]);
+			assert.equal(result.size, 0);
+		});
+	});
+});

package/core/unitTests/utility/operation_authorization.test.js CHANGED Viewed

@@ -16,8 +16,11 @@ const write = require('#js/dataLayer/insert');
 const user = require('#src/security/user');
 const alasql = require('alasql');
 const search = require('#js/dataLayer/search');
+const restart = require('#js/bin/restart');
+const configUtils = require('#js/config/configUtils');
 const jobs = require('#js/server/jobs/jobs');
 const terms = require('#src/utility/hdbTerms');
 const schema = require('#js/dataLayer/schema');
 const PermissionResponseObject = require('#js/security/data_objects/PermissionResponseObject');
 const PermissionTableResponseObject = require('#js/security/data_objects/PermissionTableResponseObject');
@@ -1490,3 +1493,130 @@ describe('Test operation_authorization', function () {
 		});
 	});
 });
+describe('Test operations permissions', function () {
+	before(() => {
+		global.hdb_schema = global.hdb_schema || {};
+		testUtils.setGlobalSchema('id', TEST_SCHEMA, TEST_TABLE, TEST_ATTRIBUTES);
+	});
+	after(() => {
+		global.hdb_schema = undefined;
+	});
+	// Helper: build a verifyPerms request JSON with operations set
+	function makeOpUserRequest(operations, tablePerms = {}) {
+		const req = getRequestJson(TEST_JSON);
+		req.hdb_user.role.permission = {
+			super_user: false,
+			operations: operations,
+			[TEST_SCHEMA]: {
+				describe: true,
+				tables: {
+					[TEST_TABLE]: {
+						describe: true,
+						read: true,
+						insert: false,
+						update: false,
+						delete: false,
+						attribute_permissions: [],
+						...tablePerms,
+					},
+				},
+			},
+		};
+		return req;
+	}
+	// Helper: build a request for a schema-less SU-only operation
+	function makeOpUserSystemRequest(operations) {
+		return {
+			operation: 'restart',
+			hdb_user: {
+				active: true,
+				role: {
+					id: 'op-user-test-id',
+					permission: {
+						super_user: false,
+						operations: operations,
+					},
+					role: 'op_test_role',
+					__updatedtime__: (roleUpdatedTimeCounter += 1),
+				},
+				username: 'op_test_user',
+			},
+		};
+	}
+	describe('verifyPerms() — operations allowlist', function () {
+		it('(NOMINAL) op in read_only group with table READ perm — search allowed', function () {
+			const req_json = makeOpUserRequest(['read_only'], { read: true });
+			req_json.operation = terms.OPERATIONS_ENUM.SEARCH_BY_CONDITIONS;
+			const result = op_auth.verifyPerms(req_json, search.searchByConditions.name);
+			assert.equal(result, null);
+		});
+		it('op NOT in operations list — insert blocked even with table perms', function () {
+			const req_json = makeOpUserRequest(['read_only'], { insert: true });
+			const result = op_auth.verifyPerms(req_json, write.insert.name);
+			assert.notEqual(result, null);
+			assert.equal(result.unauthorized_access.length, 1);
+			// Error message uses the API name (terms.OPERATIONS_ENUM.INSERT = 'insert'), not the internal
+			// function name (write.insert.name = 'insertData'), because that's what users put in operations.
+			assert.ok(
+				JSON.stringify(result).includes(TEST_OPERATION_AUTH_ERROR.OP_NOT_IN_OPERATIONS(terms.OPERATIONS_ENUM.INSERT))
+			);
+		});
+		it('SU-only op in operations — restart granted without super_user', function () {
+			const req_json = makeOpUserSystemRequest([terms.OPERATIONS_ENUM.RESTART]);
+			const result = op_auth.verifyPerms(req_json, restart.restart.name);
+			assert.equal(result, null);
+		});
+		it('SU-only op NOT in operations — restart denied', function () {
+			const req_json = makeOpUserSystemRequest(['read_only']);
+			const result = op_auth.verifyPerms(req_json, restart.restart.name);
+			assert.notEqual(result, null);
+			assert.equal(result.unauthorized_access.length, 1);
+		});
+		it('get_configuration granted via operations (SU-only bypass)', function () {
+			const req_json = makeOpUserSystemRequest([terms.OPERATIONS_ENUM.GET_CONFIGURATION]);
+			req_json.operation = terms.OPERATIONS_ENUM.GET_CONFIGURATION;
+			const result = op_auth.verifyPerms(req_json, configUtils.getConfiguration.name);
+			assert.equal(result, null);
+		});
+		it('dual gate — op in operations but table READ perm false — search denied at CRUD level', function () {
+			const req_json = makeOpUserRequest(['read_only'], { read: false });
+			req_json.operation = terms.OPERATIONS_ENUM.SEARCH;
+			const result = op_auth.verifyPerms(req_json, search.search.name);
+			assert.notEqual(result, null);
+		});
+		it('no operations set — SU-only op still denied for non-SU user (no regression)', function () {
+			const req_json = {
+				operation: terms.OPERATIONS_ENUM.RESTART,
+				hdb_user: {
+					active: true,
+					role: {
+						id: 'plain-role-id',
+						permission: { super_user: false },
+						role: 'plain_role',
+						__updatedtime__: (roleUpdatedTimeCounter += 1),
+					},
+					username: 'plain_user',
+				},
+			};
+			const result = op_auth.verifyPerms(req_json, restart.restart.name);
+			assert.notEqual(result, null);
+			assert.equal(result.unauthorized_access.length, 1);
+		});
+		it('no operations set — normal data op works as before (no regression)', function () {
+			const result = op_auth.verifyPerms(TEST_JSON, write.insert.name);
+			assert.equal(result, null);
+		});
+	});
+});