@hasna/uptime 0.1.10 → 0.1.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +41 -0
- package/dist/api.js +487 -87
- package/dist/checks.d.ts +37 -5
- package/dist/checks.d.ts.map +1 -1
- package/dist/checks.js +471 -4
- package/dist/cli/index.js +486 -89
- package/dist/cloud-plan.js +2 -2
- package/dist/imports.d.ts +6 -2
- package/dist/imports.d.ts.map +1 -1
- package/dist/imports.js +162 -15
- package/dist/index.d.ts +3 -3
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +493 -89
- package/dist/mcp/index.js +483 -86
- package/dist/service.d.ts +3 -1
- package/dist/service.d.ts.map +1 -1
- package/dist/service.js +486 -86
- package/dist/store.js +152 -8
- package/dist/target-policy.d.ts +7 -0
- package/dist/target-policy.d.ts.map +1 -1
- package/dist/types.d.ts +26 -1
- package/dist/types.d.ts.map +1 -1
- package/docs/aws-deployment-runbook.md +155 -51
- package/infra/aws/README.md +3 -2
- package/infra/aws/outputs.tf +35 -0
- package/infra/aws/terraform.tfvars.example +1 -1
- package/infra/aws/variables.tf +1 -1
- package/package.json +1 -1
package/dist/cloud-plan.js
CHANGED
|
@@ -21,7 +21,7 @@ function buildAwsDeploymentPlan(options = {}) {
|
|
|
21
21
|
const image = clean(options.image, `${imageRepositoryUri}@sha256:<image-digest>`);
|
|
22
22
|
const evidenceBucket = clean(options.evidenceBucket, `hasna-${stage}-${prefix}-evidence`);
|
|
23
23
|
const hostedSqliteDbPath = clean(options.hostedSqliteDbPath, DEFAULT_HOSTED_SQLITE_DB);
|
|
24
|
-
const runtimePackageVersion = clean(options.runtimePackageVersion, "0.1.
|
|
24
|
+
const runtimePackageVersion = clean(options.runtimePackageVersion, "0.1.12");
|
|
25
25
|
const protectedAccessMode = options.protectedAccessMode ?? DEFAULT_PROTECTED_ACCESS_MODE;
|
|
26
26
|
const protectedAccessUrl = protectedAccessMode === "cloudfront_default_domain" ? "https://<cloudfront-domain>" : `https://${hostname}`;
|
|
27
27
|
const cluster = `${prefix}-${stage}`;
|
|
@@ -163,7 +163,7 @@ function buildAwsDeploymentPlan(options = {}) {
|
|
|
163
163
|
"The infrastructure owner repository was not found in this workspace.",
|
|
164
164
|
"The EFS SQLite bridge is single-writer only: web target desired count is 1 and scheduler/public-probe/reporter targets remain 0 until Postgres and cloud leases exist.",
|
|
165
165
|
"Hosted production auth/RBAC must replace broad static hosted-token operation before exposure.",
|
|
166
|
-
"Public probe execution still needs
|
|
166
|
+
"Public probe execution still needs cloud check-job leases wired to runHostedHttpCheck and live policy-decision log evidence.",
|
|
167
167
|
"Private probe enrollment, claim, submit, heartbeat, revocation, and rotation are not cloud-backed yet."
|
|
168
168
|
],
|
|
169
169
|
requiredEvidence: [
|
package/dist/imports.d.ts
CHANGED
|
@@ -71,7 +71,9 @@ export interface UptimeImportStore {
|
|
|
71
71
|
allowBrowserPage?: boolean;
|
|
72
72
|
}): Monitor;
|
|
73
73
|
deleteMonitor(idOrName: string): boolean;
|
|
74
|
-
getMonitor(idOrName: string
|
|
74
|
+
getMonitor(idOrName: string, options?: {
|
|
75
|
+
workspaceId?: string;
|
|
76
|
+
}): Monitor | null;
|
|
75
77
|
listResults(options?: ListResultsOptions): unknown[];
|
|
76
78
|
getProvenance(source: string, sourceId: string): MonitorProvenance | null;
|
|
77
79
|
upsertMonitorProvenance(input: UpsertMonitorProvenanceInput): MonitorProvenance;
|
|
@@ -84,7 +86,9 @@ export interface UptimeImportStore {
|
|
|
84
86
|
markImportBatchRolledBack(batchId: string): StoredImportBatch;
|
|
85
87
|
runInTransaction?<T>(fn: () => T): T;
|
|
86
88
|
}
|
|
87
|
-
export declare function previewImport(store: UptimeImportStore, request: ImportRequest
|
|
89
|
+
export declare function previewImport(store: UptimeImportStore, request: ImportRequest, options?: {
|
|
90
|
+
workspaceId?: string;
|
|
91
|
+
}): ImportPreview;
|
|
88
92
|
export declare function applyImport(store: UptimeImportStore, request: ImportRequest): ImportApplyResult;
|
|
89
93
|
export declare function rollbackImport(store: UptimeImportStore, batchId: string): ImportRollbackResult;
|
|
90
94
|
//# sourceMappingURL=imports.d.ts.map
|
package/dist/imports.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"imports.d.ts","sourceRoot":"","sources":["../src/imports.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,4BAA4B,EAAE,MAAM,YAAY,CAAC;AACrG,OAAO,KAAK,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,0BAA0B,EAAE,kBAAkB,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAEjJ,MAAM,MAAM,YAAY,GAAG,QAAQ,GAAG,UAAU,GAAG,SAAS,GAAG,SAAS,GAAG,YAAY,CAAC;AACxF,MAAM,MAAM,YAAY,GAAG,QAAQ,GAAG,QAAQ,GAAG,WAAW,GAAG,SAAS,GAAG,UAAU,CAAC;AAEtF,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,YAAY,CAAC;IACrB,OAAO,EAAE,OAAO,EAAE,CAAC;IACnB,QAAQ,CAAC,EAAE,OAAO,CAAC,kBAAkB,CAAC,CAAC;CACxC;AAED,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,YAAY,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,WAAW,CAAC;IAClB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,cAAc,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,eAAe,CAAC;IAC3B,MAAM,EAAE,YAAY,CAAC;IACrB,OAAO,EAAE,OAAO,GAAG,IAAI,CAAC;IACxB,UAAU,EAAE,iBAAiB,GAAG,IAAI,CAAC;IACrC,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;CACvB;AAED,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,YAAY,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,IAAI,CAAC;IACb,KAAK,EAAE,iBAAiB,EAAE,CAAC;IAC3B,MAAM,EAAE,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;CACtC;AAED,MAAM,WAAW,eAAgB,SAAQ,iBAAiB;IACxD,OAAO,EAAE,OAAO,GAAG,IAAI,CAAC;IACxB,MAAM,EAAE,OAAO,GAAG,IAAI,CAAC;IACvB,KAAK,EAAE,OAAO,GAAG,IAAI,CAAC;CACvB;AAED,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,YAAY,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,eAAe,EAAE,CAAC;IACzB,MAAM,EAAE,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;CACtC;AAED,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,MAAM,EAAE,SAAS,GAAG,UAAU,GAAG,UAAU,GAAG,SAAS,CAAC;IACxD,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;CACvB;AAED,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,kBAAkB,EAAE,CAAC;CAC7B;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,IAAI,EAAE,OAAO,GAAG,QAAQ,CAAC;IAClC,aAAa,CAAC,KAAK,EAAE,oBAAoB,EAAE,OAAO,CAAC,EAAE;QAAE,gBAAgB,CAAC,EAAE,OAAO,CAAA;KAAE,GAAG,OAAO,CAAC;IAC9F,aAAa,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,0BAA0B,EAAE,OAAO,CAAC,EAAE;QAAE,gBAAgB,CAAC,EAAE,OAAO,CAAA;KAAE,GAAG,OAAO,CAAC;IACtH,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC;IACzC,UAAU,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,GAAG,IAAI,CAAC;
|
|
1
|
+
{"version":3,"file":"imports.d.ts","sourceRoot":"","sources":["../src/imports.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,4BAA4B,EAAE,MAAM,YAAY,CAAC;AACrG,OAAO,KAAK,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,0BAA0B,EAAE,kBAAkB,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAEjJ,MAAM,MAAM,YAAY,GAAG,QAAQ,GAAG,UAAU,GAAG,SAAS,GAAG,SAAS,GAAG,YAAY,CAAC;AACxF,MAAM,MAAM,YAAY,GAAG,QAAQ,GAAG,QAAQ,GAAG,WAAW,GAAG,SAAS,GAAG,UAAU,CAAC;AAEtF,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,YAAY,CAAC;IACrB,OAAO,EAAE,OAAO,EAAE,CAAC;IACnB,QAAQ,CAAC,EAAE,OAAO,CAAC,kBAAkB,CAAC,CAAC;CACxC;AAED,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,YAAY,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,WAAW,CAAC;IAClB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,cAAc,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,eAAe,CAAC;IAC3B,MAAM,EAAE,YAAY,CAAC;IACrB,OAAO,EAAE,OAAO,GAAG,IAAI,CAAC;IACxB,UAAU,EAAE,iBAAiB,GAAG,IAAI,CAAC;IACrC,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;CACvB;AAED,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,YAAY,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,IAAI,CAAC;IACb,KAAK,EAAE,iBAAiB,EAAE,CAAC;IAC3B,MAAM,EAAE,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;CACtC;AAED,MAAM,WAAW,eAAgB,SAAQ,iBAAiB;IACxD,OAAO,EAAE,OAAO,GAAG,IAAI,CAAC;IACxB,MAAM,EAAE,OAAO,GAAG,IAAI,CAAC;IACvB,KAAK,EAAE,OAAO,GAAG,IAAI,CAAC;CACvB;AAED,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,YAAY,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,eAAe,EAAE,CAAC;IACzB,MAAM,EAAE,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;CACtC;AAED,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,MAAM,EAAE,SAAS,GAAG,UAAU,GAAG,UAAU,GAAG,SAAS,CAAC;IACxD,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;CACvB;AAED,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,kBAAkB,EAAE,CAAC;CAC7B;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,IAAI,EAAE,OAAO,GAAG,QAAQ,CAAC;IAClC,aAAa,CAAC,KAAK,EAAE,oBAAoB,EAAE,OAAO,CAAC,EAAE;QAAE,gBAAgB,CAAC,EAAE,OAAO,CAAA;KAAE,GAAG,OAAO,CAAC;IAC9F,aAAa,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,0BAA0B,EAAE,OAAO,CAAC,EAAE;QAAE,gBAAgB,CAAC,EAAE,OAAO,CAAA;KAAE,GAAG,OAAO,CAAC;IACtH,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC;IACzC,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,WAAW,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,GAAG,IAAI,CAAC;IACjF,WAAW,CAAC,OAAO,CAAC,EAAE,kBAAkB,GAAG,OAAO,EAAE,CAAC;IACrD,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,iBAAiB,GAAG,IAAI,CAAC;IAC1E,uBAAuB,CAAC,KAAK,EAAE,4BAA4B,GAAG,iBAAiB,CAAC;IAChF,eAAe,CAAC,KAAK,EAAE;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,OAAO,EAAE,CAAA;KAAE,GAAG,iBAAiB,CAAC;IAC9F,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,iBAAiB,GAAG,IAAI,CAAC;IAC1D,yBAAyB,CAAC,OAAO,EAAE,MAAM,GAAG,iBAAiB,CAAC;IAC9D,gBAAgB,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;CACtC;AAED,wBAAgB,aAAa,CAAC,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,aAAa,EAAE,OAAO,GAAE;IAAE,WAAW,CAAC,EAAE,MAAM,CAAA;CAAO,GAAG,aAAa,CAUrI;AAwBD,wBAAgB,WAAW,CAAC,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,aAAa,GAAG,iBAAiB,CAwB/F;AAED,wBAAgB,cAAc,CAAC,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,MAAM,GAAG,oBAAoB,CAe9F"}
|
package/dist/imports.js
CHANGED
|
@@ -14,6 +14,40 @@ var MAX_RESULT_LIMIT = 1000;
|
|
|
14
14
|
// src/target-policy.ts
|
|
15
15
|
import net from "net";
|
|
16
16
|
var SECRET_PARAM_PATTERN = /(token|secret|password|passwd|api[_-]?key|access[_-]?token|auth|credential|session)/i;
|
|
17
|
+
var DENIED_IPV4_CIDRS = [
|
|
18
|
+
["0.0.0.0", 8],
|
|
19
|
+
["10.0.0.0", 8],
|
|
20
|
+
["100.64.0.0", 10],
|
|
21
|
+
["127.0.0.0", 8],
|
|
22
|
+
["169.254.0.0", 16],
|
|
23
|
+
["172.16.0.0", 12],
|
|
24
|
+
["192.0.0.0", 24],
|
|
25
|
+
["192.0.2.0", 24],
|
|
26
|
+
["192.88.99.0", 24],
|
|
27
|
+
["192.168.0.0", 16],
|
|
28
|
+
["198.18.0.0", 15],
|
|
29
|
+
["198.51.100.0", 24],
|
|
30
|
+
["203.0.113.0", 24],
|
|
31
|
+
["224.0.0.0", 4],
|
|
32
|
+
["240.0.0.0", 4]
|
|
33
|
+
];
|
|
34
|
+
var DENIED_IPV6_CIDRS = [
|
|
35
|
+
["::", 128],
|
|
36
|
+
["::1", 128],
|
|
37
|
+
["64:ff9b::", 96],
|
|
38
|
+
["64:ff9b:1::", 48],
|
|
39
|
+
["100::", 64],
|
|
40
|
+
["100:0:0:1::", 64],
|
|
41
|
+
["2001::", 23],
|
|
42
|
+
["2001:db8::", 32],
|
|
43
|
+
["2002::", 16],
|
|
44
|
+
["2620:4f:8000::", 48],
|
|
45
|
+
["3fff::", 20],
|
|
46
|
+
["5f00::", 16],
|
|
47
|
+
["fc00::", 7],
|
|
48
|
+
["fe80::", 10],
|
|
49
|
+
["ff00::", 8]
|
|
50
|
+
];
|
|
17
51
|
function assertHostedTargetAllowed(target) {
|
|
18
52
|
if (target.kind === "http" || target.kind === "browser_page") {
|
|
19
53
|
if (!target.url)
|
|
@@ -51,7 +85,7 @@ function assertHostedHttpUrlAllowed(value) {
|
|
|
51
85
|
assertHostedHostAllowed(parsed.hostname, "HTTP host");
|
|
52
86
|
}
|
|
53
87
|
function assertHostedHostAllowed(hostname, label = "host") {
|
|
54
|
-
const host =
|
|
88
|
+
const host = normalizeHostedHost(hostname);
|
|
55
89
|
if (!host)
|
|
56
90
|
throw new Error(`${label} is required`);
|
|
57
91
|
if (host === "localhost" || host.endsWith(".localhost")) {
|
|
@@ -68,26 +102,136 @@ function assertHostedHostAllowed(hostname, label = "host") {
|
|
|
68
102
|
throw new Error(`${label} is not allowed in hosted mode: private or reserved IPv6`);
|
|
69
103
|
}
|
|
70
104
|
}
|
|
71
|
-
function
|
|
105
|
+
function assertHostedResolvedAddressesAllowed(hostname, addresses, label = "resolved address") {
|
|
106
|
+
if (addresses.length === 0) {
|
|
107
|
+
throw new Error(`${label} is not allowed in hosted mode: DNS returned no addresses for ${normalizeHostedHost(hostname) || "host"}`);
|
|
108
|
+
}
|
|
109
|
+
for (const entry of addresses) {
|
|
110
|
+
assertHostedAddressAllowed(entry.address, label);
|
|
111
|
+
}
|
|
112
|
+
}
|
|
113
|
+
function assertHostedAddressAllowed(address, label = "resolved address") {
|
|
114
|
+
const host = normalizeHostedHost(address);
|
|
115
|
+
const ipVersion = net.isIP(host);
|
|
116
|
+
if (ipVersion === 4 && isDeniedIpv4(host)) {
|
|
117
|
+
throw new Error(`${label} is not allowed in hosted mode: private or reserved IPv4`);
|
|
118
|
+
}
|
|
119
|
+
if (ipVersion === 6 && isDeniedIpv6(host)) {
|
|
120
|
+
throw new Error(`${label} is not allowed in hosted mode: private or reserved IPv6`);
|
|
121
|
+
}
|
|
122
|
+
if (ipVersion === 0) {
|
|
123
|
+
throw new Error(`${label} is not allowed in hosted mode: DNS returned a non-IP address`);
|
|
124
|
+
}
|
|
125
|
+
}
|
|
126
|
+
function normalizeHostedHost(hostname) {
|
|
72
127
|
return hostname.trim().toLowerCase().replace(/^\[|\]$/g, "").replace(/\.$/, "");
|
|
73
128
|
}
|
|
74
129
|
function isDeniedIpv4(ip) {
|
|
75
|
-
const parts = ip
|
|
76
|
-
if (parts
|
|
130
|
+
const parts = parseIpv4Words(ip);
|
|
131
|
+
if (!parts)
|
|
77
132
|
return true;
|
|
78
|
-
|
|
79
|
-
const [a, b] = parts;
|
|
80
|
-
return a === 0 || a === 10 || a === 127 || a === 100 && b >= 64 && b <= 127 || a === 169 && b === 254 || a === 172 && b >= 16 && b <= 31 || a === 192 && b === 168 || a >= 224;
|
|
133
|
+
return DENIED_IPV4_CIDRS.some(([base, prefix]) => ipv4MatchesCidr(parts, parseIpv4Words(base), prefix));
|
|
81
134
|
}
|
|
82
135
|
function isDeniedIpv6(ip) {
|
|
83
136
|
const normalized = ip.toLowerCase();
|
|
84
|
-
|
|
137
|
+
const words = parseIpv6Words(normalized);
|
|
138
|
+
if (!words)
|
|
139
|
+
return true;
|
|
140
|
+
const mappedIpv4 = ipv4FromMappedIpv6Words(words);
|
|
141
|
+
if (mappedIpv4)
|
|
142
|
+
return isDeniedIpv4(mappedIpv4);
|
|
143
|
+
return isIpv4CompatibleIpv6(words) || DENIED_IPV6_CIDRS.some(([base, prefix]) => ipv6MatchesCidr(words, parseIpv6Words(base), prefix));
|
|
144
|
+
}
|
|
145
|
+
function isIpv4CompatibleIpv6(words) {
|
|
146
|
+
if (!words)
|
|
147
|
+
return false;
|
|
148
|
+
if (!words.slice(0, 6).every((word) => word === 0))
|
|
149
|
+
return false;
|
|
150
|
+
if (words[6] === 0 && (words[7] === 0 || words[7] === 1))
|
|
151
|
+
return false;
|
|
152
|
+
return true;
|
|
153
|
+
}
|
|
154
|
+
function ipv4FromMappedIpv6Words(words) {
|
|
155
|
+
if (words[0] !== 0 || words[1] !== 0 || words[2] !== 0 || words[3] !== 0 || words[4] !== 0 || words[5] !== 65535) {
|
|
156
|
+
return null;
|
|
157
|
+
}
|
|
158
|
+
return ipv4FromWords(words[6], words[7]);
|
|
159
|
+
}
|
|
160
|
+
function ipv4FromWords(high, low) {
|
|
161
|
+
return [
|
|
162
|
+
high >> 8,
|
|
163
|
+
high & 255,
|
|
164
|
+
low >> 8,
|
|
165
|
+
low & 255
|
|
166
|
+
].join(".");
|
|
167
|
+
}
|
|
168
|
+
function ipv4MatchesCidr(parts, base, prefix) {
|
|
169
|
+
const mask = prefix === 0 ? 0 : 4294967295 << 32 - prefix >>> 0;
|
|
170
|
+
return (ipv4ToNumber(parts) & mask) >>> 0 === (ipv4ToNumber(base) & mask) >>> 0;
|
|
171
|
+
}
|
|
172
|
+
function ipv4ToNumber(parts) {
|
|
173
|
+
return (parts[0] << 24 >>> 0 | parts[1] << 16 | parts[2] << 8 | parts[3]) >>> 0;
|
|
174
|
+
}
|
|
175
|
+
function ipv6MatchesCidr(words, base, prefix) {
|
|
176
|
+
const fullWords = Math.floor(prefix / 16);
|
|
177
|
+
for (let index = 0;index < fullWords; index += 1) {
|
|
178
|
+
if (words[index] !== base[index])
|
|
179
|
+
return false;
|
|
180
|
+
}
|
|
181
|
+
const remainingBits = prefix % 16;
|
|
182
|
+
if (remainingBits === 0)
|
|
183
|
+
return true;
|
|
184
|
+
const mask = 65535 << 16 - remainingBits & 65535;
|
|
185
|
+
return (words[fullWords] & mask) === (base[fullWords] & mask);
|
|
186
|
+
}
|
|
187
|
+
function parseIpv6Words(value) {
|
|
188
|
+
let ip = value.toLowerCase();
|
|
189
|
+
const zoneIndex = ip.indexOf("%");
|
|
190
|
+
if (zoneIndex >= 0)
|
|
191
|
+
ip = ip.slice(0, zoneIndex);
|
|
192
|
+
if (ip.includes(".")) {
|
|
193
|
+
const lastColon = ip.lastIndexOf(":");
|
|
194
|
+
if (lastColon < 0)
|
|
195
|
+
return null;
|
|
196
|
+
const ipv4 = parseIpv4Words(ip.slice(lastColon + 1));
|
|
197
|
+
if (!ipv4)
|
|
198
|
+
return null;
|
|
199
|
+
ip = `${ip.slice(0, lastColon)}:${(ipv4[0] << 8 | ipv4[1]).toString(16)}:${(ipv4[2] << 8 | ipv4[3]).toString(16)}`;
|
|
200
|
+
}
|
|
201
|
+
const compressed = ip.split("::");
|
|
202
|
+
if (compressed.length > 2)
|
|
203
|
+
return null;
|
|
204
|
+
const left = parseIpv6Side(compressed[0]);
|
|
205
|
+
const right = compressed.length === 2 ? parseIpv6Side(compressed[1]) : [];
|
|
206
|
+
if (!left || !right)
|
|
207
|
+
return null;
|
|
208
|
+
if (compressed.length === 1)
|
|
209
|
+
return left.length === 8 ? left : null;
|
|
210
|
+
const missing = 8 - left.length - right.length;
|
|
211
|
+
if (missing < 1)
|
|
212
|
+
return null;
|
|
213
|
+
return [...left, ...Array(missing).fill(0), ...right];
|
|
214
|
+
}
|
|
215
|
+
function parseIpv6Side(value) {
|
|
216
|
+
if (!value)
|
|
217
|
+
return [];
|
|
218
|
+
const words = value.split(":");
|
|
219
|
+
if (words.some((word) => !/^[0-9a-f]{1,4}$/.test(word)))
|
|
220
|
+
return null;
|
|
221
|
+
return words.map((word) => Number.parseInt(word, 16));
|
|
222
|
+
}
|
|
223
|
+
function parseIpv4Words(value) {
|
|
224
|
+
const words = value.split(".").map((part) => Number(part));
|
|
225
|
+
if (words.length !== 4 || words.some((word) => !Number.isInteger(word) || word < 0 || word > 255)) {
|
|
226
|
+
return null;
|
|
227
|
+
}
|
|
228
|
+
return words;
|
|
85
229
|
}
|
|
86
230
|
|
|
87
231
|
// src/imports.ts
|
|
88
|
-
function previewImport(store, request) {
|
|
232
|
+
function previewImport(store, request, options = {}) {
|
|
89
233
|
const source = normalizeSource(request.source);
|
|
90
|
-
const items = dedupePreviewItems(request.records.map((record) => previewRecord(store, source, record, request.defaults ?? {})));
|
|
234
|
+
const items = dedupePreviewItems(request.records.map((record) => previewRecord(store, source, record, request.defaults ?? {}, options)));
|
|
91
235
|
return {
|
|
92
236
|
source,
|
|
93
237
|
generatedAt: new Date().toISOString(),
|
|
@@ -161,7 +305,7 @@ function rollbackImport(store, batchId) {
|
|
|
161
305
|
items
|
|
162
306
|
};
|
|
163
307
|
}
|
|
164
|
-
function previewRecord(store, source, record, defaults) {
|
|
308
|
+
function previewRecord(store, source, record, defaults, options) {
|
|
165
309
|
const warnings = [];
|
|
166
310
|
let candidate;
|
|
167
311
|
try {
|
|
@@ -181,13 +325,16 @@ function previewRecord(store, source, record, defaults) {
|
|
|
181
325
|
reason: error instanceof Error ? error.message : String(error)
|
|
182
326
|
};
|
|
183
327
|
}
|
|
184
|
-
const
|
|
185
|
-
const
|
|
186
|
-
|
|
328
|
+
const monitorOptions = options.workspaceId ? { workspaceId: options.workspaceId } : undefined;
|
|
329
|
+
const rawProvenance = store.getProvenance(candidate.source, candidate.sourceId);
|
|
330
|
+
const provenanceMonitor = rawProvenance ? store.getMonitor(rawProvenance.monitorId, monitorOptions) : null;
|
|
331
|
+
const provenance = provenanceMonitor ? rawProvenance : null;
|
|
332
|
+
const monitor = provenanceMonitor ?? store.getMonitor(candidate.name, monitorOptions);
|
|
333
|
+
if (rawProvenance && !provenanceMonitor && !options.workspaceId) {
|
|
187
334
|
return { candidate, action: "create", monitor: null, provenance, warnings: ["source provenance points to a missing monitor"], reason: null };
|
|
188
335
|
}
|
|
189
336
|
if (provenance && monitor) {
|
|
190
|
-
const nameOwner = store.getMonitor(candidate.name);
|
|
337
|
+
const nameOwner = store.getMonitor(candidate.name, monitorOptions);
|
|
191
338
|
if (nameOwner && nameOwner.id !== monitor.id) {
|
|
192
339
|
return {
|
|
193
340
|
candidate,
|
package/dist/index.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
export { createUptimeClient, UptimeService } from "./service.js";
|
|
2
2
|
export { UptimeStore } from "./store.js";
|
|
3
|
-
export { runBrowserPageCheck, runMonitorCheck, runHttpCheck, runTcpCheck } from "./checks.js";
|
|
3
|
+
export { isBrowserPageEvidence, isHttpTargetPolicyEvidence, normalizeHttpTargetPolicyEvidence, runBrowserPageCheck, runHostedHttpCheck, runMonitorCheck, runHttpCheck, runTcpCheck, } from "./checks.js";
|
|
4
4
|
export { createApiHandler, serveUptime } from "./api.js";
|
|
5
5
|
export { applyImport, previewImport, rollbackImport } from "./imports.js";
|
|
6
6
|
export { buildUptimeReport, sendUptimeReport } from "./report.js";
|
|
@@ -8,9 +8,9 @@ export { generateProbeKeyPair, probePublicKeyFingerprint, probeResultSigningPayl
|
|
|
8
8
|
export { buildAwsDeploymentPlan, buildPrivateProbeCloudConfig, renderPrivateProbeEnv } from "./cloud-plan.js";
|
|
9
9
|
export { uptimeHome, uptimeDbPath, uptimeHostedFallbackDbPath, ensureUptimeHome } from "./paths.js";
|
|
10
10
|
export type { UptimeBackup, UptimeBackupCheck, UptimeRuntimeMode, UptimeStoreOptions, MonitorProvenance, SaveImportBatchInput, StoredImportBatch, UpsertMonitorProvenanceInput, } from "./store.js";
|
|
11
|
-
export type { BrowserPageRunner, BrowserPageRunnerResult, FetchLike, } from "./checks.js";
|
|
11
|
+
export type { BrowserPageRunner, BrowserPageRunnerResult, FetchLike, HostedDnsResolver, HostedHttpCheckOptions, HostedHttpRequestContext, HostedHttpRequestLike, HostedHttpResponse, MonitorCheckOptions, } from "./checks.js";
|
|
12
12
|
export type { ImportAction, ImportApplyItem, ImportApplyResult, ImportCandidate, ImportPreview, ImportPreviewItem, ImportRequest, ImportRollbackItem, ImportRollbackResult, ImportSource, } from "./imports.js";
|
|
13
|
-
export type { BrowserFailedRequest, BrowserPageEvidence, AuditEvent, CheckAttemptResult, CheckEvidence, CheckResult, CheckStatus, CreateMonitorKind, CreateMonitorInput, CreateReportScheduleInput, ImportedMonitorInput, ImportedUpdateMonitorInput, EvidenceArtifact, Incident, IncidentStatus, ListAuditEventsOptions, ListReportRunsOptions, ListResultsOptions, Monitor, MonitorKind, MonitorStatus, MonitorSummary, ProbeCheckJob, ProbeCheckJobStatus, ProbeIdentity, ProbeResultSubmission, ProbeSubmissionReceipt, RecordAuditEventInput, ReportDeliveryChannel, ReportDeliveryRecord, ReportEmailChannelConfig, ReportLogsChannelConfig, ReportRun, ReportRunStatus, ReportSchedule, ReportScheduleChannels, ReportScheduleStatus, ReportSmsChannelConfig, SchedulerHandle, UpdateMonitorInput, UpdateReportScheduleInput, UptimeSummary, } from "./types.js";
|
|
13
|
+
export type { BrowserFailedRequest, BrowserPageEvidence, AuditEvent, CheckAttemptResult, CheckEvidence, CheckResult, CheckStatus, CreateMonitorKind, CreateMonitorInput, CreateReportScheduleInput, ImportedMonitorInput, ImportedUpdateMonitorInput, EvidenceArtifact, HttpTargetPolicyDecision, HttpTargetPolicyEvidence, Incident, IncidentStatus, ListAuditEventsOptions, ListReportRunsOptions, ListResultsOptions, Monitor, MonitorKind, MonitorStatus, MonitorSummary, ProbeCheckJob, ProbeCheckJobStatus, ProbeIdentity, ProbeResultSubmission, ProbeSubmissionReceipt, RecordAuditEventInput, ReportDeliveryChannel, ReportDeliveryRecord, ReportEmailChannelConfig, ReportLogsChannelConfig, ReportRun, ReportRunStatus, ReportSchedule, ReportScheduleChannels, ReportScheduleStatus, ReportSmsChannelConfig, SchedulerHandle, UpdateMonitorInput, UpdateReportScheduleInput, UptimeSummary, } from "./types.js";
|
|
14
14
|
export type { ProbeKeyPair, ProbeSigningInput } from "./probes.js";
|
|
15
15
|
export type { AwsDeploymentPlan, AwsDeploymentPlanOptions, AwsServicePlan, PrivateProbeCloudConfig, PrivateProbeCloudConfigOptions, } from "./cloud-plan.js";
|
|
16
16
|
export type { BuildUptimeReportOptions, SendUptimeReportOptions, UptimeEmailReportTarget, UptimeLogsReportTarget, UptimeReport, UptimeReportDelivery, UptimeSmsReportTarget, } from "./report.js";
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AACjE,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,OAAO,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AACjE,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,OAAO,EACL,qBAAqB,EACrB,0BAA0B,EAC1B,iCAAiC,EACjC,mBAAmB,EACnB,kBAAkB,EAClB,eAAe,EACf,YAAY,EACZ,WAAW,GACZ,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AACzD,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC1E,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAClE,OAAO,EAAE,oBAAoB,EAAE,yBAAyB,EAAE,yBAAyB,EAAE,eAAe,EAAE,0BAA0B,EAAE,MAAM,aAAa,CAAC;AACtJ,OAAO,EAAE,sBAAsB,EAAE,4BAA4B,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AAC9G,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,0BAA0B,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AACpG,YAAY,EACV,YAAY,EACZ,iBAAiB,EACjB,iBAAiB,EACjB,kBAAkB,EAClB,iBAAiB,EACjB,oBAAoB,EACpB,iBAAiB,EACjB,4BAA4B,GAC7B,MAAM,YAAY,CAAC;AACpB,YAAY,EACV,iBAAiB,EACjB,uBAAuB,EACvB,SAAS,EACT,iBAAiB,EACjB,sBAAsB,EACtB,wBAAwB,EACxB,qBAAqB,EACrB,kBAAkB,EAClB,mBAAmB,GACpB,MAAM,aAAa,CAAC;AACrB,YAAY,EACV,YAAY,EACZ,eAAe,EACf,iBAAiB,EACjB,eAAe,EACf,aAAa,EACb,iBAAiB,EACjB,aAAa,EACb,kBAAkB,EAClB,oBAAoB,EACpB,YAAY,GACb,MAAM,cAAc,CAAC;AACtB,YAAY,EACV,oBAAoB,EACpB,mBAAmB,EACnB,UAAU,EACV,kBAAkB,EAClB,aAAa,EACb,WAAW,EACX,WAAW,EACX,iBAAiB,EACjB,kBAAkB,EAClB,yBAAyB,EACzB,oBAAoB,EACpB,0BAA0B,EAC1B,gBAAgB,EAChB,wBAAwB,EACxB,wBAAwB,EACxB,QAAQ,EACR,cAAc,EACd,sBAAsB,EACtB,qBAAqB,EACrB,kBAAkB,EAClB,OAAO,EACP,WAAW,EACX,aAAa,EACb,cAAc,EACd,aAAa,EACb,mBAAmB,EACnB,aAAa,EACb,qBAAqB,EACrB,sBAAsB,EACtB,qBAAqB,EACrB,qBAAqB,EACrB,oBAAoB,EACpB,wBAAwB,EACxB,uBAAuB,EACvB,SAAS,EACT,eAAe,EACf,cAAc,EACd,sBAAsB,EACtB,oBAAoB,EACpB,sBAAsB,EACtB,eAAe,EACf,kBAAkB,EAClB,yBAAyB,EACzB,aAAa,GACd,MAAM,YAAY,CAAC;AACpB,YAAY,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AACnE,YAAY,EACV,iBAAiB,EACjB,wBAAwB,EACxB,cAAc,EACd,uBAAuB,EACvB,8BAA8B,GAC/B,MAAM,iBAAiB,CAAC;AACzB,YAAY,EACV,wBAAwB,EACxB,uBAAuB,EACvB,uBAAuB,EACvB,sBAAsB,EACtB,YAAY,EACZ,oBAAoB,EACpB,qBAAqB,GACtB,MAAM,aAAa,CAAC"}
|