npm - @harperfast/harper - Versions diffs - 5.0.0-alpha.10 → 5.0.0-beta.1 - Mend

@harperfast/harper 5.0.0-alpha.10 → 5.0.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (444) hide show

package/bin/BinObjects.js +17 -0
package/bin/cliOperations.js +157 -0
package/bin/copyDb.ts +280 -0
package/bin/harper.js +156 -0
package/bin/install.js +15 -0
package/bin/lite.js +5 -0
package/bin/restart.js +201 -0
package/bin/run.js +409 -0
package/bin/status.js +65 -0
package/bin/stop.js +22 -0
package/bin/upgrade.js +134 -0
package/components/Application.ts +646 -0
package/components/ApplicationScope.ts +49 -0
package/components/Component.ts +53 -0
package/components/ComponentV1.ts +342 -0
package/components/DEFAULT_CONFIG.ts +18 -0
package/components/EntryHandler.ts +227 -0
package/components/Logger.ts +14 -0
package/components/OptionsWatcher.ts +354 -0
package/components/PluginModule.ts +6 -0
package/components/Scope.ts +329 -0
package/components/componentLoader.ts +529 -0
package/components/deriveCommonPatternBase.ts +31 -0
package/components/deriveGlobOptions.ts +44 -0
package/components/deriveURLPath.ts +57 -0
package/components/operations.js +658 -0
package/components/operationsValidation.js +246 -0
package/components/packageComponent.ts +39 -0
package/components/requestRestart.ts +26 -0
package/components/resolveBaseURLPath.ts +38 -0
package/components/status/ComponentStatus.ts +110 -0
package/components/status/ComponentStatusRegistry.ts +251 -0
package/components/status/api.ts +153 -0
package/components/status/crossThread.ts +405 -0
package/components/status/errors.ts +152 -0
package/components/status/index.ts +44 -0
package/components/status/internal.ts +65 -0
package/components/status/registry.ts +12 -0
package/components/status/types.ts +96 -0
package/config/RootConfigWatcher.ts +59 -0
package/config/configHelpers.ts +11 -0
package/config/configUtils.js +967 -0
package/config/harperConfigEnvVars.ts +641 -0
package/dataLayer/CreateAttributeObject.js +25 -0
package/dataLayer/CreateTableObject.js +11 -0
package/dataLayer/DataLayerObjects.js +43 -0
package/dataLayer/DeleteBeforeObject.js +22 -0
package/dataLayer/DeleteObject.js +25 -0
package/dataLayer/DropAttributeObject.js +11 -0
package/dataLayer/GetBackupObject.js +22 -0
package/dataLayer/InsertObject.js +24 -0
package/dataLayer/ReadAuditLogObject.js +24 -0
package/dataLayer/SQLSearch.js +1335 -0
package/dataLayer/SearchByConditionsObject.js +61 -0
package/dataLayer/SearchByHashObject.js +21 -0
package/dataLayer/SearchObject.js +45 -0
package/dataLayer/SqlSearchObject.js +14 -0
package/dataLayer/UpdateObject.js +23 -0
package/dataLayer/UpsertObject.js +23 -0
package/dataLayer/bulkLoad.js +813 -0
package/dataLayer/dataObjects/BulkLoadObjects.js +27 -0
package/dataLayer/dataObjects/UpsertObject.js +23 -0
package/dataLayer/delete.js +164 -0
package/dataLayer/export.js +381 -0
package/dataLayer/getBackup.js +40 -0
package/dataLayer/harperBridge/BridgeMethods.js +81 -0
package/dataLayer/harperBridge/ResourceBridge.ts +633 -0
package/dataLayer/harperBridge/bridgeUtility/insertUpdateReturnObj.js +28 -0
package/dataLayer/harperBridge/bridgeUtility/insertUpdateValidate.js +88 -0
package/dataLayer/harperBridge/harperBridge.js +21 -0
package/dataLayer/harperBridge/lmdbBridge/LMDBBridge.js +119 -0
package/dataLayer/harperBridge/lmdbBridge/lmdbMethods/DeleteAuditLogsBeforeResults.js +19 -0
package/dataLayer/harperBridge/lmdbBridge/lmdbMethods/lmdbCreateAttribute.js +112 -0
package/dataLayer/harperBridge/lmdbBridge/lmdbMethods/lmdbCreateRecords.js +67 -0
package/dataLayer/harperBridge/lmdbBridge/lmdbMethods/lmdbCreateSchema.js +31 -0
package/dataLayer/harperBridge/lmdbBridge/lmdbMethods/lmdbCreateTable.js +94 -0
package/dataLayer/harperBridge/lmdbBridge/lmdbMethods/lmdbDeleteAuditLogsBefore.js +98 -0
package/dataLayer/harperBridge/lmdbBridge/lmdbMethods/lmdbDeleteRecords.js +89 -0
package/dataLayer/harperBridge/lmdbBridge/lmdbMethods/lmdbDropAttribute.js +109 -0
package/dataLayer/harperBridge/lmdbBridge/lmdbMethods/lmdbDropSchema.js +107 -0
package/dataLayer/harperBridge/lmdbBridge/lmdbMethods/lmdbDropTable.js +137 -0
package/dataLayer/harperBridge/lmdbBridge/lmdbMethods/lmdbFlush.js +35 -0
package/dataLayer/harperBridge/lmdbBridge/lmdbMethods/lmdbGetBackup.js +111 -0
package/dataLayer/harperBridge/lmdbBridge/lmdbMethods/lmdbGetDataByHash.js +28 -0
package/dataLayer/harperBridge/lmdbBridge/lmdbMethods/lmdbGetDataByValue.js +29 -0
package/dataLayer/harperBridge/lmdbBridge/lmdbMethods/lmdbReadAuditLog.js +207 -0
package/dataLayer/harperBridge/lmdbBridge/lmdbMethods/lmdbSearchByConditions.js +156 -0
package/dataLayer/harperBridge/lmdbBridge/lmdbMethods/lmdbSearchByHash.js +21 -0
package/dataLayer/harperBridge/lmdbBridge/lmdbMethods/lmdbSearchByValue.js +30 -0
package/dataLayer/harperBridge/lmdbBridge/lmdbMethods/lmdbTransaction.js +19 -0
package/dataLayer/harperBridge/lmdbBridge/lmdbMethods/lmdbUpdateRecords.js +64 -0
package/dataLayer/harperBridge/lmdbBridge/lmdbMethods/lmdbUpsertRecords.js +70 -0
package/dataLayer/harperBridge/lmdbBridge/lmdbUtility/LMDBCreateAttributeObject.js +22 -0
package/dataLayer/harperBridge/lmdbBridge/lmdbUtility/LMDBDeleteTransactionObject.js +23 -0
package/dataLayer/harperBridge/lmdbBridge/lmdbUtility/LMDBInsertTransactionObject.js +22 -0
package/dataLayer/harperBridge/lmdbBridge/lmdbUtility/LMDBTransactionObject.js +23 -0
package/dataLayer/harperBridge/lmdbBridge/lmdbUtility/LMDBUpdateTransactionObject.js +24 -0
package/dataLayer/harperBridge/lmdbBridge/lmdbUtility/LMDBUpsertTransactionObject.js +24 -0
package/dataLayer/harperBridge/lmdbBridge/lmdbUtility/TableSizeObject.js +25 -0
package/dataLayer/harperBridge/lmdbBridge/lmdbUtility/initializeHashSearch.js +21 -0
package/dataLayer/harperBridge/lmdbBridge/lmdbUtility/initializePaths.js +157 -0
package/dataLayer/harperBridge/lmdbBridge/lmdbUtility/lmdbCheckForNewAttributes.js +94 -0
package/dataLayer/harperBridge/lmdbBridge/lmdbUtility/lmdbCreateTransactionsAuditEnvironment.js +39 -0
package/dataLayer/harperBridge/lmdbBridge/lmdbUtility/lmdbGetTableSize.js +34 -0
package/dataLayer/harperBridge/lmdbBridge/lmdbUtility/lmdbProcessRows.js +100 -0
package/dataLayer/harperBridge/lmdbBridge/lmdbUtility/lmdbSearch.js +371 -0
package/dataLayer/harperBridge/lmdbBridge/lmdbUtility/lmdbWriteTransaction.js +109 -0
package/dataLayer/hdbInfoController.js +254 -0
package/dataLayer/insert.js +266 -0
package/dataLayer/readAuditLog.js +59 -0
package/dataLayer/schema.js +366 -0
package/dataLayer/schemaDescribe.js +289 -0
package/dataLayer/search.js +60 -0
package/dataLayer/transaction.js +17 -0
package/dataLayer/update.js +124 -0
package/dist/components/Logger.d.ts +12 -0
package/dist/components/Logger.js +3 -0
package/dist/components/Logger.js.map +1 -0
package/dist/components/Scope.d.ts +14 -4
package/dist/components/Scope.js +18 -10
package/dist/components/Scope.js.map +1 -1
package/dist/components/componentLoader.js +16 -9
package/dist/components/componentLoader.js.map +1 -1
package/dist/components/operations.js +2 -2
package/dist/components/operations.js.map +1 -1
package/dist/config/configUtils.d.ts +1 -1
package/dist/config/configUtils.js +1 -1
package/dist/config/configUtils.js.map +1 -1
package/dist/dataLayer/CreateTableObject.d.ts +2 -2
package/dist/dataLayer/CreateTableObject.js +2 -2
package/dist/dataLayer/CreateTableObject.js.map +1 -1
package/dist/dataLayer/delete.d.ts +1 -1
package/dist/dataLayer/schema.js +6 -5
package/dist/dataLayer/schema.js.map +1 -1
package/dist/dataLayer/schemaDescribe.js +1 -1
package/dist/dataLayer/schemaDescribe.js.map +1 -1
package/dist/index.d.ts +1 -1
package/dist/index.js +2 -0
package/dist/index.js.map +1 -1
package/dist/resources/DatabaseTransaction.d.ts +1 -1
package/dist/resources/IterableEventQueue.d.ts +1 -1
package/dist/resources/LMDBTransaction.d.ts +5 -1
package/dist/resources/Resource.d.ts +1 -1
package/dist/resources/RocksIndexStore.d.ts +3 -3
package/dist/resources/RocksTransactionLogStore.d.ts +6 -3
package/dist/resources/Table.d.ts +15 -6
package/dist/resources/Table.js +4 -1
package/dist/resources/Table.js.map +1 -1
package/dist/resources/analytics/read.js +32 -22
package/dist/resources/analytics/read.js.map +1 -1
package/dist/resources/analytics/write.js +3 -6
package/dist/resources/analytics/write.js.map +1 -1
package/dist/resources/auditStore.d.ts +3 -3
package/dist/resources/blob.d.ts +25 -2
package/dist/resources/databases.d.ts +12 -2
package/dist/resources/databases.js +22 -19
package/dist/resources/databases.js.map +1 -1
package/dist/resources/search.js +11 -5
package/dist/resources/search.js.map +1 -1
package/dist/resources/transaction.d.ts +2 -1
package/dist/security/auth.js +1 -1
package/dist/security/auth.js.map +1 -1
package/dist/security/cryptoHash.d.ts +2 -2
package/dist/security/jsLoader.js +243 -66
package/dist/security/jsLoader.js.map +1 -1
package/dist/security/keys.js +4 -5
package/dist/security/keys.js.map +1 -1
package/dist/security/user.js +3 -3
package/dist/security/user.js.map +1 -1
package/dist/server/REST.js +16 -2
package/dist/server/REST.js.map +1 -1
package/dist/server/Server.d.ts +2 -1
package/dist/server/Server.js.map +1 -1
package/dist/server/fastifyRoutes/plugins/hdbCore.d.ts +6 -1
package/dist/server/fastifyRoutes.js +2 -0
package/dist/server/fastifyRoutes.js.map +1 -1
package/dist/server/http.js +12 -6
package/dist/server/http.js.map +1 -1
package/dist/server/jobs/JobObject.d.ts +3 -3
package/dist/server/loadRootComponents.js +1 -0
package/dist/server/loadRootComponents.js.map +1 -1
package/dist/server/operationsServer.js +3 -1
package/dist/server/operationsServer.js.map +1 -1
package/dist/server/serverHelpers/JSONStream.d.ts +3 -3
package/dist/server/serverHelpers/Request.d.ts +5 -5
package/dist/server/serverHelpers/requestTimePlugin.d.ts +1 -1
package/dist/server/threads/manageThreads.d.ts +2 -2
package/dist/server/threads/manageThreads.js +50 -35
package/dist/server/threads/manageThreads.js.map +1 -1
package/dist/server/threads/socketRouter.d.ts +1 -1
package/dist/sqlTranslator/deleteTranslator.d.ts +1 -1
package/dist/utility/AWS/AWSConnector.d.ts +3 -2
package/dist/utility/common_utils.d.ts +3 -3
package/dist/utility/environment/systemInformation.d.ts +1 -0
package/dist/utility/functions/date/dateFunctions.d.ts +11 -11
package/dist/utility/globalSchema.d.ts +1 -1
package/dist/utility/hdbTerms.d.ts +3 -0
package/dist/utility/hdbTerms.js +3 -0
package/dist/utility/hdbTerms.js.map +1 -1
package/dist/utility/installation.d.ts +2 -4
package/dist/utility/installation.js.map +1 -1
package/dist/utility/lmdb/commonUtility.d.ts +1 -0
package/dist/utility/lmdb/deleteUtility.d.ts +1 -0
package/dist/utility/lmdb/environmentUtility.d.ts +1 -0
package/dist/utility/lmdb/searchUtility.d.ts +2 -1
package/dist/utility/lmdb/writeUtility.d.ts +1 -0
package/dist/utility/logging/harper_logger.d.ts +6 -6
package/dist/utility/processManagement/processManagement.d.ts +1 -1
package/dist/utility/processManagement/servicesConfig.d.ts +12 -6
package/dist/validation/common_validators.d.ts +4 -3
package/dist/validation/configValidator.d.ts +3 -2
package/index.d.ts +56 -0
package/index.js +41 -0
package/json/systemSchema.json +373 -0
package/launchServiceScripts/launchHarperDB.js +3 -0
package/launchServiceScripts/utility/checkNodeVersion.js +15 -0
package/package.json +21 -3
package/resources/DatabaseTransaction.ts +378 -0
package/resources/ErrorResource.ts +57 -0
package/resources/IterableEventQueue.ts +94 -0
package/resources/LMDBTransaction.ts +349 -0
package/resources/RecordEncoder.ts +702 -0
package/resources/RequestTarget.ts +134 -0
package/resources/Resource.ts +789 -0
package/resources/ResourceInterface.ts +221 -0
package/resources/ResourceInterfaceV2.ts +53 -0
package/resources/ResourceV2.ts +67 -0
package/resources/Resources.ts +162 -0
package/resources/RocksIndexStore.ts +70 -0
package/resources/RocksTransactionLogStore.ts +352 -0
package/resources/Table.ts +4527 -0
package/resources/analytics/hostnames.ts +72 -0
package/resources/analytics/metadata.ts +10 -0
package/resources/analytics/read.ts +252 -0
package/resources/analytics/write.ts +803 -0
package/resources/auditStore.ts +556 -0
package/resources/blob.ts +1268 -0
package/resources/crdt.ts +125 -0
package/resources/dataLoader.ts +527 -0
package/resources/databases.ts +1290 -0
package/resources/graphql.ts +221 -0
package/resources/indexes/HierarchicalNavigableSmallWorld.ts +638 -0
package/resources/indexes/customIndexes.ts +7 -0
package/resources/indexes/vector.ts +38 -0
package/resources/jsResource.ts +86 -0
package/resources/loadEnv.ts +22 -0
package/resources/login.ts +18 -0
package/resources/openApi.ts +409 -0
package/resources/registrationDeprecated.ts +8 -0
package/resources/replayLogs.ts +136 -0
package/resources/roles.ts +98 -0
package/resources/search.ts +1301 -0
package/resources/tracked.ts +584 -0
package/resources/transaction.ts +89 -0
package/resources/transactionBroadcast.ts +258 -0
package/security/auth.ts +376 -0
package/security/certificateVerification/certificateVerificationSource.ts +84 -0
package/security/certificateVerification/configValidation.ts +107 -0
package/security/certificateVerification/crlVerification.ts +623 -0
package/security/certificateVerification/index.ts +121 -0
package/security/certificateVerification/ocspVerification.ts +148 -0
package/security/certificateVerification/pkijs-ed25519-patch.ts +188 -0
package/security/certificateVerification/types.ts +128 -0
package/security/certificateVerification/verificationConfig.ts +138 -0
package/security/certificateVerification/verificationUtils.ts +447 -0
package/security/cryptoHash.js +42 -0
package/security/data_objects/PermissionAttributeResponseObject.js +15 -0
package/security/data_objects/PermissionResponseObject.js +115 -0
package/security/data_objects/PermissionTableResponseObject.js +20 -0
package/security/fastifyAuth.js +169 -0
package/security/impersonation.ts +160 -0
package/security/jsLoader.ts +716 -0
package/security/keys.js +948 -0
package/security/permissionsTranslator.js +300 -0
package/security/role.js +218 -0
package/security/tokenAuthentication.ts +228 -0
package/security/user.ts +449 -0
package/server/DurableSubscriptionsSession.ts +503 -0
package/server/REST.ts +407 -0
package/server/Server.ts +89 -0
package/server/fastifyRoutes/helpers/getCORSOptions.js +36 -0
package/server/fastifyRoutes/helpers/getHeaderTimeoutConfig.js +15 -0
package/server/fastifyRoutes/helpers/getServerOptions.js +33 -0
package/server/fastifyRoutes/plugins/hdbCore.js +39 -0
package/server/fastifyRoutes.ts +205 -0
package/server/graphqlQuerying.ts +700 -0
package/server/http.ts +640 -0
package/server/itc/serverHandlers.js +161 -0
package/server/itc/utility/ITCEventObject.js +10 -0
package/server/jobs/JobObject.js +24 -0
package/server/jobs/jobProcess.js +69 -0
package/server/jobs/jobRunner.js +162 -0
package/server/jobs/jobs.js +304 -0
package/server/loadRootComponents.js +44 -0
package/server/mqtt.ts +485 -0
package/server/nodeName.ts +75 -0
package/server/operationsServer.ts +313 -0
package/server/serverHelpers/Headers.ts +108 -0
package/server/serverHelpers/JSONStream.ts +269 -0
package/server/serverHelpers/OperationFunctionObject.ts +13 -0
package/server/serverHelpers/Request.ts +158 -0
package/server/serverHelpers/contentTypes.ts +637 -0
package/server/serverHelpers/requestTimePlugin.js +57 -0
package/server/serverHelpers/serverHandlers.js +148 -0
package/server/serverHelpers/serverUtilities.ts +473 -0
package/server/serverRegistry.ts +8 -0
package/server/static.ts +187 -0
package/server/status/definitions.ts +37 -0
package/server/status/index.ts +125 -0
package/server/storageReclamation.ts +93 -0
package/server/threads/itc.js +89 -0
package/server/threads/manageThreads.js +594 -0
package/server/threads/socketRouter.ts +360 -0
package/server/threads/threadServer.js +279 -0
package/server/throttle.ts +73 -0
package/sqlTranslator/SelectValidator.js +330 -0
package/sqlTranslator/alasqlFunctionImporter.js +62 -0
package/sqlTranslator/deleteTranslator.js +67 -0
package/sqlTranslator/index.js +242 -0
package/sqlTranslator/sql_statement_bucket.js +472 -0
package/static/defaultConfig.yaml +3 -0
package/studio/web/HDBDogOnly.svg +78 -0
package/studio/web/assets/PPRadioGrotesk-Bold-DDaUYG8E.woff +0 -0
package/studio/web/assets/fa-brands-400-CEJbCg16.woff +0 -0
package/studio/web/assets/fa-brands-400-CSYNqBb_.ttf +0 -0
package/studio/web/assets/fa-brands-400-DnkPfk3o.eot +0 -0
package/studio/web/assets/fa-brands-400-UxlILjvJ.woff2 +0 -0
package/studio/web/assets/fa-brands-400-cH1MgKbP.svg +3717 -0
package/studio/web/assets/fa-regular-400-BhTwtT8w.eot +0 -0
package/studio/web/assets/fa-regular-400-D1vz6WBx.ttf +0 -0
package/studio/web/assets/fa-regular-400-DFnMcJPd.woff +0 -0
package/studio/web/assets/fa-regular-400-DGzu1beS.woff2 +0 -0
package/studio/web/assets/fa-regular-400-gwj8Pxq-.svg +801 -0
package/studio/web/assets/fa-solid-900-B4ZZ7kfP.svg +5034 -0
package/studio/web/assets/fa-solid-900-B6Axprfb.eot +0 -0
package/studio/web/assets/fa-solid-900-BUswJgRo.woff2 +0 -0
package/studio/web/assets/fa-solid-900-DOXgCApm.woff +0 -0
package/studio/web/assets/fa-solid-900-mxuxnBEa.ttf +0 -0
package/studio/web/assets/index-BTgXJX9d.js +235 -0
package/studio/web/assets/index-BTgXJX9d.js.map +1 -0
package/studio/web/assets/index-C-GXfcup.js +37 -0
package/studio/web/assets/index-C-GXfcup.js.map +1 -0
package/studio/web/assets/index-PFlNdimM.js +2 -0
package/studio/web/assets/index-PFlNdimM.js.map +1 -0
package/studio/web/assets/index-Y2g_iFpU.css +1 -0
package/studio/web/assets/index-jiPwkrsB.css +1 -0
package/studio/web/assets/index.lazy-C3TJZJ4o.js +266 -0
package/studio/web/assets/index.lazy-C3TJZJ4o.js.map +1 -0
package/studio/web/assets/profiler-DotzgiCJ.js +2 -0
package/studio/web/assets/profiler-DotzgiCJ.js.map +1 -0
package/studio/web/assets/react-redux-VxUEx_mU.js +6 -0
package/studio/web/assets/react-redux-VxUEx_mU.js.map +1 -0
package/studio/web/assets/startRecording-B_9J9Csd.js +3 -0
package/studio/web/assets/startRecording-B_9J9Csd.js.map +1 -0
package/studio/web/fabric-signup-background.webp +0 -0
package/studio/web/fabric-signup-text.png +0 -0
package/studio/web/favicon_purple.png +0 -0
package/studio/web/github-icon.svg +15 -0
package/studio/web/harper-fabric_black.png +0 -0
package/studio/web/harper-fabric_white.png +0 -0
package/studio/web/harper-studio_white.png +0 -0
package/studio/web/index.html +16 -0
package/studio/web/running.css +148 -0
package/studio/web/running.html +147 -0
package/studio/web/running.js +111 -0
package/upgrade/UpgradeObjects.js +13 -0
package/upgrade/directives/directivesController.js +90 -0
package/upgrade/directivesManager.js +139 -0
package/upgrade/upgradePrompt.js +124 -0
package/upgrade/upgradeUtilities.js +28 -0
package/utility/AWS/AWSConnector.js +29 -0
package/utility/OperationFunctionCaller.js +63 -0
package/utility/assignCmdEnvVariables.js +62 -0
package/utility/common_utils.js +867 -0
package/utility/environment/environmentManager.js +208 -0
package/utility/environment/systemInformation.js +355 -0
package/utility/errors/commonErrors.js +267 -0
package/utility/errors/hdbError.js +146 -0
package/utility/functions/date/dateFunctions.js +65 -0
package/utility/functions/geo.js +355 -0
package/utility/functions/sql/alaSQLExtension.js +104 -0
package/utility/globalSchema.js +35 -0
package/utility/hdbTerms.ts +819 -0
package/utility/install/checkJWTTokensExist.js +62 -0
package/utility/install/harperdb.conf +15 -0
package/utility/install/harperdb.service +14 -0
package/utility/install/installer.js +635 -0
package/utility/installation.ts +30 -0
package/utility/lmdb/DBIDefinition.js +20 -0
package/utility/lmdb/DeleteRecordsResponseObject.js +25 -0
package/utility/lmdb/InsertRecordsResponseObject.js +22 -0
package/utility/lmdb/OpenDBIObject.js +31 -0
package/utility/lmdb/OpenEnvironmentObject.js +41 -0
package/utility/lmdb/UpdateRecordsResponseObject.js +25 -0
package/utility/lmdb/UpsertRecordsResponseObject.js +22 -0
package/utility/lmdb/cleanLMDBMap.js +65 -0
package/utility/lmdb/commonUtility.js +119 -0
package/utility/lmdb/deleteUtility.js +128 -0
package/utility/lmdb/environmentUtility.js +477 -0
package/utility/lmdb/searchCursorFunctions.js +187 -0
package/utility/lmdb/searchUtility.js +918 -0
package/utility/lmdb/terms.js +57 -0
package/utility/lmdb/writeUtility.js +407 -0
package/utility/logging/harper_logger.js +876 -0
package/utility/logging/logRotator.js +157 -0
package/utility/logging/logger.ts +24 -0
package/utility/logging/readLog.js +355 -0
package/utility/logging/transactionLog.js +57 -0
package/utility/mount_hdb.js +59 -0
package/utility/npmUtilities.js +102 -0
package/utility/operationPermissions.ts +112 -0
package/utility/operation_authorization.js +836 -0
package/utility/packageUtils.js +55 -0
package/utility/password.ts +99 -0
package/utility/processManagement/processManagement.js +187 -0
package/utility/processManagement/servicesConfig.js +56 -0
package/utility/scripts/restartHdb.js +24 -0
package/utility/scripts/user_data.sh +13 -0
package/utility/signalling.js +36 -0
package/utility/terms/certificates.js +81 -0
package/utility/when.ts +20 -0
package/v1.d.ts +39 -0
package/v1.js +41 -0
package/v2.d.ts +39 -0
package/v2.js +41 -0
package/validation/bulkDeleteValidator.js +24 -0
package/validation/check_permissions.js +19 -0
package/validation/common_validators.js +95 -0
package/validation/configValidator.js +331 -0
package/validation/deleteValidator.js +15 -0
package/validation/fileLoadValidator.js +153 -0
package/validation/insertValidator.js +40 -0
package/validation/installValidator.js +37 -0
package/validation/readLogValidator.js +64 -0
package/validation/role_validation.js +320 -0
package/validation/schemaMetadataValidator.js +42 -0
package/validation/searchValidator.js +166 -0
package/validation/statusValidator.ts +66 -0
package/validation/transactionLogValidator.js +33 -0
package/validation/user_validation.js +55 -0
package/validation/validationWrapper.js +105 -0
package/dist/resources/analytics/profile.d.ts +0 -2
package/dist/resources/analytics/profile.js +0 -144
package/dist/resources/analytics/profile.js.map +0 -1

package/security/tokenAuthentication.ts ADDED Viewed

@@ -0,0 +1,228 @@
+import jwt, { type Algorithm, type JwtPayload, type Secret, type SignOptions } from 'jsonwebtoken';
+import fs from 'fs-extra';
+import path from 'node:path';
+import Joi from 'joi';
+import { validateBySchema } from '../validation/validationWrapper.js';
+import {
+	CONFIG_PARAMS,
+	JWT_ENUM,
+	LICENSE_KEY_DIR_NAME,
+	SYSTEM_SCHEMA_NAME,
+	SYSTEM_TABLE_NAMES,
+} from '../utility/hdbTerms.ts';
+import { ClientError, hdbErrors } from '../utility/errors/hdbError.js';
+const { HTTP_STATUS_CODES, AUTHENTICATION_ERROR_MSGS } = hdbErrors;
+import logger from '../utility/logging/harper_logger.js';
+import * as password from '../utility/password.ts';
+import { findAndValidateUser, type User } from './user.ts';
+import { update } from '../dataLayer/insert.js';
+import UpdateObject from '../dataLayer/UpdateObject.js';
+import signalling from '../utility/signalling.js';
+import { UserEventMsg } from '../server/threads/itc.js';
+import env from '../utility/environment/environmentManager.js';
+env.initSync();
+type StringValue = SignOptions['expiresIn'];
+const OPERATION_TOKEN_TIMEOUT: StringValue = env.get(CONFIG_PARAMS.AUTHENTICATION_OPERATIONTOKENTIMEOUT) || '1d';
+const REFRESH_TOKEN_TIMEOUT: StringValue = env.get(CONFIG_PARAMS.AUTHENTICATION_REFRESHTOKENTIMEOUT) || '30d';
+const RSA_ALGORITHM: Algorithm = 'RS256';
+const TOKEN_TYPE = {
+	OPERATION: 'operation',
+	REFRESH: 'refresh',
+};
+interface JWTRSAKeys {
+	publicKey: string;
+	privateKey: string;
+	passphrase: string;
+}
+interface AuthObject {
+	username?: string;
+	password?: string;
+	role?: string;
+	expires_in?: string | number;
+	bypass_auth?: boolean;
+	hdb_user?: User;
+}
+interface TokenObject {
+	refresh_token: string;
+}
+interface JWTTokens {
+	operation_token: string;
+	refresh_token?: string;
+}
+/**
+ * fetches the rsa keys from cache var or disk
+ * @returns {Promise<JWTRSAKeys>}
+ */
+let rsaKeys: JWTRSAKeys | undefined = undefined;
+export async function getJWTRSAKeys(): Promise<JWTRSAKeys> {
+	if (rsaKeys) return rsaKeys;
+	try {
+		const keysDir: string = path.join(env.getHdbBasePath(), LICENSE_KEY_DIR_NAME);
+		const passphrase: string = await fs.readFile(path.join(keysDir, JWT_ENUM.JWT_PASSPHRASE_NAME), 'utf8');
+		const privateKey: string = await fs.readFile(path.join(keysDir, JWT_ENUM.JWT_PRIVATE_KEY_NAME), 'utf8');
+		const publicKey: string = await fs.readFile(path.join(keysDir, JWT_ENUM.JWT_PUBLIC_KEY_NAME), 'utf8');
+		rsaKeys = { publicKey, privateKey, passphrase };
+		return rsaKeys;
+	} catch (err) {
+		logger.error(err);
+		throw new ClientError(AUTHENTICATION_ERROR_MSGS.NO_ENCRYPTION_KEYS, HTTP_STATUS_CODES.INTERNAL_SERVER_ERROR);
+	}
+}
+/**
+ * Creates a new operation token and refresh token.
+ * If there is no username and password, the hdb_user making the request is used in the token.
+ * An optional role can be provided which will be saved in the token payload.
+ * The token expires in the time specified in the expires_in field or the default time.
+ * @param authObj
+ */
+export async function createTokens(authObj: AuthObject): Promise<JWTTokens> {
+	const validation: any = validateBySchema(
+		authObj,
+		Joi.object({
+			username: Joi.string().optional(),
+			password: Joi.string().optional(),
+			role: Joi.string().optional(),
+			expires_in: Joi.alternatives(Joi.string(), Joi.number()).optional(),
+		})
+	);
+	if (validation) throw new ClientError(validation.message);
+	let user: any;
+	try {
+		// bypassAuth will be set to true if this is called from a component
+		let validatePassword: boolean = authObj.bypass_auth !== true;
+		if (!authObj.username && !authObj.password) {
+			// if the username and password are not provided, use the hdb_user making the request.
+			authObj.username = authObj.hdb_user?.username;
+			// the password would have been checked by authHandler before getting here
+			validatePassword = false;
+		}
+		user = await findAndValidateUser(authObj.username, authObj.password, validatePassword);
+	} catch (err) {
+		logger.error(err);
+		throw new ClientError(AUTHENTICATION_ERROR_MSGS.INVALID_CREDENTIALS, HTTP_STATUS_CODES.UNAUTHORIZED);
+	}
+	if (!user) throw new ClientError(AUTHENTICATION_ERROR_MSGS.INVALID_CREDENTIALS, HTTP_STATUS_CODES.UNAUTHORIZED);
+	let superUser: boolean = false;
+	if (user.role?.permission) {
+		superUser = user.role.permission.super_user === true;
+	}
+	const payload: {
+		username: string;
+		super_user: boolean;
+		role?: any;
+	} = { username: authObj.username, super_user: superUser };
+	if (authObj.role) payload.role = authObj.role;
+	const keys: JWTRSAKeys = await getJWTRSAKeys();
+	const operationToken = jwt.sign(
+		payload,
+		{ key: keys.privateKey, passphrase: keys.passphrase } satisfies Secret,
+		{
+			expiresIn: (authObj.expires_in ?? OPERATION_TOKEN_TIMEOUT) as StringValue,
+			algorithm: RSA_ALGORITHM,
+			subject: TOKEN_TYPE.OPERATION,
+		} satisfies SignOptions
+	);
+	const refreshToken = jwt.sign(
+		payload,
+		{ key: keys.privateKey, passphrase: keys.passphrase } satisfies Secret,
+		{
+			expiresIn: REFRESH_TOKEN_TIMEOUT,
+			algorithm: RSA_ALGORITHM,
+			subject: TOKEN_TYPE.REFRESH,
+		} satisfies SignOptions
+	);
+	// update the user refresh token
+	const hashedToken: string | Promise<string> = password.hash(refreshToken, password.HASH_FUNCTION.SHA256);
+	const updateResult: any = await update(
+		new UpdateObject(SYSTEM_SCHEMA_NAME, SYSTEM_TABLE_NAMES.USER_TABLE_NAME, [
+			{ username: authObj.username, refresh_token: hashedToken },
+		])
+	);
+	if (updateResult.skipped_hashes.length > 0)
+		throw new ClientError(AUTHENTICATION_ERROR_MSGS.REFRESH_TOKEN_SAVE_FAILED, HTTP_STATUS_CODES.INTERNAL_SERVER_ERROR);
+	signalling.signalUserChange(new UserEventMsg(process.pid));
+	return {
+		operation_token: operationToken,
+		refresh_token: refreshToken,
+	};
+}
+/**
+ * Refreshes the operation token using the refresh token.
+ * @param tokenObj
+ */
+export async function refreshOperationToken(tokenObj: TokenObject): Promise<JWTTokens> {
+	const validation: any = validateBySchema(tokenObj, Joi.object({ refresh_token: Joi.string().required() }).required());
+	if (validation) throw new ClientError(validation.message);
+	const { refresh_token } = tokenObj;
+	await validateRefreshToken(refresh_token);
+	const keys: JWTRSAKeys = await getJWTRSAKeys();
+	const decodedJWT = jwt.decode(refresh_token, { json: true });
+	const operationToken = jwt.sign(
+		{ username: decodedJWT.username, super_user: decodedJWT.super_user },
+		{ key: keys.privateKey, passphrase: keys.passphrase } satisfies Secret,
+		{
+			expiresIn: OPERATION_TOKEN_TIMEOUT as StringValue,
+			algorithm: RSA_ALGORITHM,
+			subject: TOKEN_TYPE.OPERATION,
+		} satisfies SignOptions
+	);
+	return { operation_token: operationToken };
+}
+export async function validateOperationToken(token: string): Promise<any> {
+	return validateToken(token, TOKEN_TYPE.OPERATION);
+}
+export async function validateRefreshToken(token: string): Promise<any> {
+	return validateToken(token, TOKEN_TYPE.REFRESH);
+}
+async function validateToken(token: string, tokenType: string): Promise<any> {
+	try {
+		const keys: JWTRSAKeys = await getJWTRSAKeys();
+		const tokenVerified = jwt.verify(token, keys.publicKey, {
+			algorithms: [RSA_ALGORITHM],
+			subject: tokenType,
+		}) as JwtPayload;
+		// If a role is present, it means the token is not an operation token. The validation of
+		// the token will happen in the respective function/component that uses the token.
+		if (tokenVerified.role) {
+			throw new Error('Invalid token');
+		}
+		const user: any = await findAndValidateUser(tokenVerified.username, undefined, false);
+		if (tokenType === TOKEN_TYPE.REFRESH && !password.validate(user.refresh_token, token)) {
+			throw new Error('Invalid token');
+		}
+		return user;
+	} catch (err) {
+		logger.warn(err);
+		if (err?.name === 'TokenExpiredError') {
+			throw new ClientError(AUTHENTICATION_ERROR_MSGS.TOKEN_EXPIRED, HTTP_STATUS_CODES.FORBIDDEN);
+		}
+		throw new ClientError(AUTHENTICATION_ERROR_MSGS.INVALID_TOKEN, HTTP_STATUS_CODES.UNAUTHORIZED);
+	}
+}

package/security/user.ts ADDED Viewed

@@ -0,0 +1,449 @@
+'use strict';
+const USERNAME_REQUIRED = 'username is required';
+const ALTERUSER_NOTHING_TO_UPDATE = 'nothing to update, must supply active, role or password to update';
+const EMPTY_PASSWORD = 'password cannot be an empty string';
+const EMPTY_ROLE = 'If role is specified, it cannot be empty.';
+const ACTIVE_BOOLEAN = 'active must be true or false';
+export {
+	addUser,
+	alterUser,
+	dropUser,
+	getSuperUser,
+	userInfo,
+	listUsers,
+	listUsersExternal,
+	setUsersWithRolesCache,
+	findAndValidateUser,
+	getUsersWithRolesCache,
+	USERNAME_REQUIRED,
+	ALTERUSER_NOTHING_TO_UPDATE,
+	EMPTY_PASSWORD,
+	EMPTY_ROLE,
+	ACTIVE_BOOLEAN,
+};
+export interface User {
+	active?: boolean;
+	username: string;
+	role?: UserRole;
+	__updatedtime__?: number;
+	__createdtime__?: number;
+	[other: string]: unknown;
+}
+export interface UserRole {
+	permission: UserRoleNamedPermissions & UserRoleDatabasePermissions;
+	role: string;
+	id: string;
+	__updatedtime__: number;
+	__createdtime__: number;
+}
+export interface UserRoleNamedPermissions extends Partial<CRUDPermissions> {
+	super_user?: boolean;
+	cluster_user?: boolean;
+	structure_user?: boolean | string[];
+	operations?: string[];
+	/** Pre-expanded Set built from operations at cache-load time. Not persisted. */
+	_expandedOperations?: Set<string>;
+}
+export interface UserRoleDatabasePermissions {
+	[databaseName: string]: UserRoleSchemaRecord;
+}
+export interface UserRoleSchemaRecord extends Partial<CRUDPermissions> {
+	tables: Record<string, UserRolePermissionTable | UserLegacyRolePermissionTable>;
+}
+export interface UserRolePermissionTable extends CRUDPermissions {
+	attribute_permissions: UserRoleAttributePermissionTable[];
+}
+export interface UserRoleAttributePermissionTable extends Omit<CRUDPermissions, 'delete'> {
+	attribute_name: string;
+}
+export interface UserLegacyRolePermissionTable extends CRUDPermissions {
+	attribute_restrictions: UserLegacyRoleAttributePermissionTable[];
+}
+export interface UserLegacyRoleAttributePermissionTable extends CRUDPermissions {
+	attribute_name: string;
+}
+export interface CRUDPermissions {
+	read: boolean;
+	insert: boolean;
+	update: boolean;
+	delete: boolean;
+}
+//requires must be declared after module.exports to avoid cyclical dependency
+const insert = require('../dataLayer/insert.js');
+const delete_ = require('../dataLayer/delete.js');
+const validation = require('../validation/user_validation.js');
+const search = require('../dataLayer/search.js');
+const signalling = require('../utility/signalling.js');
+const hdbUtility = require('../utility/common_utils.js');
+const validate = require('validate.js');
+const logger = require('../utility/logging/harper_logger.js');
+const { promisify } = require('util');
+const env = require('../utility/environment/environmentManager.js');
+const systemSchema = require('../json/systemSchema.json');
+const { hdbErrors, ClientError } = require('../utility/errors/hdbError.js');
+const { HTTP_STATUS_CODES, AUTHENTICATION_ERROR_MSGS, HDB_ERROR_MSGS } = hdbErrors;
+const { UserEventMsg } = require('../server/threads/itc.js');
+const _ = require('lodash');
+const harperLogger = require('../utility/logging/harper_logger.js');
+// Need to use `.js` even for other TS files since TS compiler won't replace requires.
+// Whenever we can fix the cyclical dependency issue in this file (and switch to imports) we can use the correct file extensions.
+const password = require('../utility/password.js');
+const { server } = require('../server/Server.js');
+const terms = require('../utility/hdbTerms.js');
+const { expandOperationsPerms } = require('../utility/operationPermissions.js');
+server.getUser = (username: string, password?: string | null): Promise<User> => {
+	return findAndValidateUser(username, password, password != null);
+};
+server.authenticateUser = (username: string, password?: string | null): Promise<User> => {
+	return findAndValidateUser(username, password);
+};
+const USER_ATTRIBUTE_ALLOWLIST = {
+	username: true,
+	active: true,
+	role: true,
+	password: true,
+};
+const passwordHashCache = new Map();
+const promiseDelete = promisify(delete_.delete);
+const configuredHashFunction =
+	env.get(terms.CONFIG_PARAMS.AUTHENTICATION_HASHFUNCTION) ?? password.HASH_FUNCTION.SHA256;
+let usersWithRolesMap;
+async function addUser(user: User | any): Promise<string> {
+	let cleanUser = validate.cleanAttributes(user, USER_ATTRIBUTE_ALLOWLIST);
+	let validationResp = validation.addUserValidation(cleanUser);
+	if (validationResp) throw new ClientError(validationResp.message);
+	let searchRole = await search.searchByValue({
+		schema: 'system',
+		table: 'hdb_role',
+		attribute: 'role',
+		value: cleanUser.role,
+		get_attributes: ['id', 'permission', 'role'],
+	});
+	if (!searchRole || searchRole.length < 1) {
+		throw new ClientError(HDB_ERROR_MSGS.ROLE_NAME_NOT_FOUND(cleanUser.role), HTTP_STATUS_CODES.NOT_FOUND);
+	}
+	if (searchRole.length > 1) {
+		throw new ClientError(HDB_ERROR_MSGS.DUP_ROLES_FOUND(cleanUser.role), HTTP_STATUS_CODES.CONFLICT);
+	}
+	cleanUser.password = await password.hash(cleanUser.password, configuredHashFunction);
+	cleanUser.hash_function = configuredHashFunction;
+	cleanUser.role = searchRole[0].id;
+	const insertResponse = await insert.insert({
+		operation: 'insert',
+		schema: 'system',
+		table: 'hdb_user',
+		records: [cleanUser],
+	});
+	logger.debug(insertResponse);
+	await setUsersWithRolesCache();
+	if (insertResponse.skipped_hashes.length === 1) {
+		throw new ClientError(HDB_ERROR_MSGS.USER_ALREADY_EXISTS(cleanUser.username), HTTP_STATUS_CODES.CONFLICT);
+	}
+	await signalling.signalUserChange(new UserEventMsg(process.pid));
+	return `${cleanUser.username} successfully added`;
+}
+async function alterUser(jsonMessage) {
+	let cleanUser = validate.cleanAttributes(jsonMessage, USER_ATTRIBUTE_ALLOWLIST);
+	if (hdbUtility.isEmptyOrZeroLength(cleanUser.username)) {
+		throw new Error(USERNAME_REQUIRED);
+	}
+	if (
+		hdbUtility.isEmptyOrZeroLength(cleanUser.password) &&
+		hdbUtility.isEmptyOrZeroLength(cleanUser.role) &&
+		hdbUtility.isEmptyOrZeroLength(cleanUser.active)
+	) {
+		throw new Error(ALTERUSER_NOTHING_TO_UPDATE);
+	}
+	if (!hdbUtility.isEmpty(cleanUser.password) && hdbUtility.isEmptyOrZeroLength(cleanUser.password.trim())) {
+		throw new Error(EMPTY_PASSWORD);
+	}
+	if (!hdbUtility.isEmpty(cleanUser.active) && !hdbUtility.isBoolean(cleanUser.active)) {
+		throw new Error(ACTIVE_BOOLEAN);
+	}
+	if (!hdbUtility.isEmpty(cleanUser.password) && !hdbUtility.isEmptyOrZeroLength(cleanUser.password.trim())) {
+		cleanUser.password = await password.hash(cleanUser.password, configuredHashFunction);
+		cleanUser.hash_function = configuredHashFunction;
+	}
+	// the not operator will consider an empty string as undefined, so we need to check for an empty string explicitly
+	if (cleanUser.role === '') {
+		throw new Error(EMPTY_ROLE);
+	}
+	// Invalid roles will be found in the role search
+	if (cleanUser.role) {
+		const roleData = await search.searchByValue({
+			schema: 'system',
+			table: 'hdb_role',
+			attribute: 'role',
+			value: cleanUser.role,
+			get_attributes: ['*'],
+		});
+		if (!roleData || roleData.length === 0)
+			throw new ClientError(HDB_ERROR_MSGS.ALTER_USER_ROLE_NOT_FOUND(cleanUser.role), HTTP_STATUS_CODES.NOT_FOUND);
+		if (roleData.length > 1)
+			throw new ClientError(HDB_ERROR_MSGS.DUP_ROLES_FOUND(cleanUser.role), HTTP_STATUS_CODES.CONFLICT);
+		cleanUser.role = roleData[0].id;
+	}
+	const updateResponse = await insert.update({
+		operation: 'update',
+		schema: 'system',
+		table: 'hdb_user',
+		records: [cleanUser],
+	});
+	await setUsersWithRolesCache();
+	await signalling.signalUserChange(new UserEventMsg(process.pid));
+	return updateResponse;
+}
+async function dropUser(user: User | any): Promise<string> {
+	const validationResp = validation.dropUserValidation(user);
+	if (validationResp) throw new ClientError(validationResp.message);
+	if (usersWithRolesMap.get(user.username) === undefined)
+		throw new ClientError(HDB_ERROR_MSGS.USER_NOT_EXIST(user.username), HTTP_STATUS_CODES.NOT_FOUND);
+	const deleteResponse = await promiseDelete({
+		table: 'hdb_user',
+		schema: 'system',
+		hash_values: [user.username],
+	});
+	logger.debug(deleteResponse);
+	await setUsersWithRolesCache();
+	await signalling.signalUserChange(new UserEventMsg(process.pid));
+	return `${user.username} successfully deleted`;
+}
+async function userInfo(body): Promise<string | User> {
+	if (!body || !body.hdb_user) {
+		return 'There was no user info in the body';
+	}
+	let user = _.cloneDeep(body.hdb_user);
+	let roleData = await search.searchByHash({
+		schema: 'system',
+		table: 'hdb_role',
+		hash_values: [user.role.id],
+		get_attributes: ['*'],
+	});
+	user.role = roleData[0];
+	delete user.password;
+	delete user.refresh_token;
+	delete user.hash;
+	delete user.hash_function;
+	return user;
+}
+/**
+ * This function should be called by chooseOperation as it scrubs sensitive information before returning
+ * the results of list users.
+ */
+async function listUsersExternal(): Promise<User[]> {
+	const userData = await listUsers();
+	userData.forEach((user) => {
+		delete user.password;
+		delete user.hash;
+		delete user.refresh_token;
+		delete user.hash_function;
+	});
+	return [...userData.values()];
+}
+/**
+ * Queries system table for user records, adds role-based perms, scrubs list based on licensed role allowance and returns
+ * data in a Map with the username as the key for the entry
+ */
+async function listUsers(): Promise<Map<string, User>> {
+	const roles = await search.searchByValue({
+		schema: 'system',
+		table: 'hdb_role',
+		value: '*',
+		attribute: 'role',
+		get_attributes: ['*'],
+	});
+	const roleMapObj = {};
+	for (let role of roles) {
+		roleMapObj[role.id] = _.cloneDeep(role);
+	}
+	if (Object.keys(roleMapObj).length === 0) return null;
+	const users = await search.searchByValue({
+		schema: 'system',
+		table: 'hdb_user',
+		value: '*',
+		attribute: 'username',
+		get_attributes: ['*'],
+	});
+	const userMap: Map<string, User> = new Map();
+	for (let user of users) {
+		user = _.cloneDeep(user);
+		user.role = roleMapObj[user.role];
+		appendSystemTablesToRole(user.role);
+		cacheExpandedOperationsPerms(user.role);
+		userMap.set(user.username, user);
+	}
+	return userMap;
+}
+/**
+ * adds system table permissions to a role.  This is used to protect system tables by leveraging operationAuthorization.
+ * @param userRole - Role of the user found during auth.
+ */
+function appendSystemTablesToRole(userRole: UserRole) {
+	if (!userRole) {
+		logger.error(`invalid user role found.`);
+		return;
+	}
+	if (!userRole.permission.system) {
+		userRole.permission.system = {
+			tables: {},
+		};
+	}
+	if (!userRole.permission.system.tables) {
+		userRole.permission.system.tables = {};
+	}
+	for (let table of Object.keys(systemSchema)) {
+		let newProp = {
+			read: !!userRole.permission.super_user,
+			insert: false,
+			update: false,
+			delete: false,
+			attribute_permissions: [],
+		};
+		userRole.permission.system.tables[table] = newProp;
+	}
+}
+/**
+ * Pre-expands operations into a Set at cache-load time so verifyPerms can do an O(1) lookup
+ * instead of allocating and expanding on every request.
+ * @param userRole - Role of the user found during auth.
+ */
+function cacheExpandedOperationsPerms(userRole: UserRole) {
+	if (!userRole?.permission?.operations) return;
+	userRole.permission._expandedOperations = expandOperationsPerms(userRole.permission.operations);
+}
+async function setUsersWithRolesCache(cache = undefined) {
+	if (cache) usersWithRolesMap = cache;
+	else usersWithRolesMap = await listUsers();
+}
+async function getUsersWithRolesCache() {
+	if (!usersWithRolesMap) await setUsersWithRolesCache();
+	return usersWithRolesMap;
+}
+/**
+ * iterates global.hdb_users to find and validate the username & optionally the password as well as if they are active.
+ * @param {string} username
+ * @param {string} pw
+ * @param {boolean} validatePassword
+ */
+async function findAndValidateUser(username: string, pw?: string | null, validatePassword = true): Promise<User> {
+	if (!usersWithRolesMap) {
+		await setUsersWithRolesCache();
+	}
+	const userTmp = usersWithRolesMap.get(username);
+	if (!userTmp) {
+		if (!validatePassword) return { username };
+		throw new ClientError(AUTHENTICATION_ERROR_MSGS.GENERIC_AUTH_FAIL, HTTP_STATUS_CODES.UNAUTHORIZED);
+	}
+	if (userTmp && !userTmp.active)
+		throw new ClientError(AUTHENTICATION_ERROR_MSGS.USER_INACTIVE, HTTP_STATUS_CODES.UNAUTHORIZED);
+	const user: User = {
+		active: userTmp.active,
+		username: userTmp.username,
+	};
+	if (userTmp.refresh_token) user.refresh_token = userTmp.refresh_token;
+	// Shallow-clone the role and its permission so that verifyPerms can replace
+	// requestJson.hdb_user.role.permission with translated perms without mutating the cache.
+	// The _expandedOperations Set and operations array are shared by reference (read-only).
+	if (userTmp.role) user.role = { ...userTmp.role, permission: { ...userTmp.role.permission } };
+	if (validatePassword === true) {
+		// if matches the cached hash immediately return (the fast path)
+		if (passwordHashCache.get(pw) === userTmp.password) return user;
+		// if validates, cache the password
+		else {
+			let validated = password.validate(userTmp.password, pw, userTmp.hash_function || password.HASH_FUNCTION.MD5); // if no hashFunction default to legacy MD5
+			// argon2id hash validation is async so await it if it is a promise
+			if (validated?.then) validated = await validated;
+			if (validated === true) passwordHashCache.set(pw, userTmp.password);
+			else throw new ClientError(AUTHENTICATION_ERROR_MSGS.GENERIC_AUTH_FAIL, HTTP_STATUS_CODES.UNAUTHORIZED);
+		}
+	}
+	return user;
+}
+async function getSuperUser(): Promise<User | undefined> {
+	if (!usersWithRolesMap) {
+		await setUsersWithRolesCache();
+	}
+	for (let [, user] of usersWithRolesMap) {
+		if (user.role.role === 'super_user') return user;
+	}
+}
+let invalidateCallbacks = [];
+server.invalidateUser = function (user: User | any) {
+	for (let callback of invalidateCallbacks) {
+		try {
+			callback(user);
+		} catch (error) {
+			harperLogger.error('Error invalidating user', error);
+		}
+	}
+};
+server.onInvalidatedUser = function (callback) {
+	invalidateCallbacks.push(callback);
+};