@joystick.js/db-canary 0.0.0-canary.2213 → 0.0.0-canary.2217

package/dist/server/index.js

@@ -1 +1 @@
-import k from"net";import{decode as C}from"msgpackr";import E from"./lib/op_types.js";import b from"./lib/safe_json_parse.js";import{load_settings as y,get_settings as g,get_port_configuration as S}from"./lib/load_settings.js";import{send_error as f}from"./lib/send_response.js";import{start_cluster as q}from"./cluster/index.js";import x from"./lib/logger.js";import{initialize_database as N,cleanup_database as A}from"./lib/query_engine.js";import{create_message_parser as B,encode_message as _}from"./lib/tcp_protocol.js";import{create_connection_manager as D}from"./lib/connection_manager.js";import{shutdown_write_queue as $}from"./lib/write_queue.js";import{setup_authentication as F,verify_password as J,get_client_ip as K,is_rate_limited as P,initialize_auth_manager as j,reset_auth_state as G}from"./lib/auth_manager.js";import{initialize_api_key_manager as M}from"./lib/api_key_manager.js";import{restore_backup as W,start_backup_schedule as H,stop_backup_schedule as U}from"./lib/backup_manager.js";import{initialize_replication_manager as V,shutdown_replication_manager as Y}from"./lib/replication_manager.js";import{initialize_write_forwarder as L,shutdown_write_forwarder as Q}from"./lib/write_forwarder.js";import{handle_database_operation as X,handle_admin_operation as Z,handle_ping_operation as ee}from"./lib/operation_dispatcher.js";import{start_http_server as re,stop_http_server as te}from"./lib/http_server.js";import{create_recovery_token as oe,initialize_recovery_manager as T,reset_recovery_state as ne}from"./lib/recovery_manager.js";const d=new Set;let i=null;const se=async(t,r={})=>{if(!r?.password){const s=_({ok:0,error:"Authentication operation requires password to be set in data."});t.write(s),t.end();return}try{const o=K(t);if(P(o)){const n=_({ok:0,error:"Too many failed attempts. Please try again later."});t.write(n),t.end();return}if(!await J(r.password,o)){const n=_({ok:0,error:"Authentication failed"});t.write(n),t.end();return}d.add(t.id);const e=_({ok:1,version:"1.0.0",message:"Authentication successful"});t.write(e)}catch(o){const s={ok:0,error:`Authentication error: ${o.message}`},a=_(s);t.write(a),t.end()}},ae=async(t,r={})=>{try{const s={ok:1,password:F(),message:"Authentication setup completed successfully. Save this password - it will not be shown again."},a=_(s);t.write(a)}catch(o){const s={ok:0,error:`Setup error: ${o.message}`},a=_(s);t.write(a)}},ie=(t="")=>{if(!t)throw new Error("Must pass an op type for operation.");return E.includes(t)},Ee=t=>{try{if(typeof t=="string")return b(t);if(Buffer.isBuffer(t)){const r=C(t);return typeof r=="string"?b(r):r}else return t}catch{return null}},v=t=>d.has(t.id),qe=async()=>{const{create_context_logger:t}=x("server"),r=t();let o=null;try{y(),o=g()}catch{}if(o?.restore_from)try{r.info("Startup restore requested",{backup_filename:o.restore_from});const e=await W(o.restore_from);r.info("Startup restore completed",{backup_filename:o.restore_from,duration_ms:e.duration_ms});const c={...o};delete c.restore_from,process.env.JOYSTICK_DB_SETTINGS=JSON.stringify(c),y(),o=g(),r.info("Removed restore_from from settings after successful restore")}catch(e){r.error("Startup restore failed",{backup_filename:o.restore_from,error:e.message}),r.info("Continuing with fresh database after restore failure")}N(),j(),M(),T();try{V(),r.info("Replication manager initialized")}catch(e){r.warn("Failed to initialize replication manager",{error:e.message})}try{L(),r.info("Write forwarder initialized")}catch(e){r.warn("Failed to initialize write forwarder",{error:e.message})}if(o?.s3)try{H(),r.info("Backup scheduling started")}catch(e){r.warn("Failed to start backup scheduling",{error:e.message})}i=D({max_connections:1e3,idle_timeout:600*1e3,request_timeout:5*1e3});let s=null;try{const{http_port:e}=S();s=await re(e),s&&r.info("HTTP server started",{http_port:e})}catch(e){r.warn("Failed to start HTTP server",{error:e.message})}const a=k.createServer((e={})=>{if(!i.add_connection(e))return;const c=B();e.on("data",async n=>{i.update_activity(e.id);try{const h=c.parse_messages(n);for(const O of h){const u=O,l=u?.op||null;if(!l){f(e,{message:"Missing operation type"});continue}if(!ie(l)){f(e,{message:"Invalid operation type"});continue}const z=i.create_request_timeout(e.id,l);try{switch(l){case"authentication":await se(e,u?.data||{});break;case"setup":await ae(e,u?.data||{});break;case"insert_one":case"update_one":case"delete_one":case"bulk_write":case"find_one":case"find":case"create_index":case"drop_index":case"get_indexes":await X(e,l,u?.data||{},v,n.length,i,d);break;case"ping":ee(e);break;case"admin":await Z(e,u?.data||{},v,i,d);break;case"reload":if(!v(e)){f(e,{message:"Authentication required"});break}try{let p=null;try{p=g()}catch{}let m=null;try{await y(),m=g()}catch{m={port:1983,authentication:{}}}const w={ok:1,status:"success",message:"Configuration reloaded successfully",changes:{port_changed:p?p.port!==m.port:!1,authentication_changed:p?p.authentication?.password_hash!==m.authentication?.password_hash:!1},timestamp:new Date().toISOString()},I=_(w);e.write(I)}catch(p){const m={ok:0,error:`Reload operation failed: ${p.message}`},w=_(m);e.write(w)}break;default:f(e,{message:`Operation ${l} not implemented`})}}finally{clearTimeout(z)}}}catch(h){r.error("Message parsing failed",{client_id:e.id,error:h.message}),f(e,{message:"Invalid message format"}),e.end()}}),e.on("end",()=>{r.info("Client disconnected",{socket_id:e.id}),d.delete(e.id),i.remove_connection(e.id)}),e.on("error",n=>{r.error("Socket error",{socket_id:e.id,error:n.message}),d.delete(e.id),i.remove_connection(e.id)})});return a.cleanup=async()=>{try{await te(),U(),await Y(),await Q(),i&&i.shutdown(),d.clear(),await $(),await new Promise(e=>setTimeout(e,100)),await A(),G(),ne()}catch{}},a};if(import.meta.url===`file://${process.argv[1]}`){const{create_context_logger:t}=x("main"),r=t();if(process.argv.includes("--generate-recovery-token"))try{T();const n=oe();console.log("Emergency Recovery Token Generated"),console.log(`Visit: ${n.url}`),console.log("Token expires in 10 minutes"),r.info("Recovery token generated via CLI",{expires_at:new Date(n.expires_at).toISOString()}),process.exit(0)}catch(n){console.error("Failed to generate recovery token:",n.message),r.error("Recovery token generation failed",{error:n.message}),process.exit(1)}const{tcp_port:o,http_port:s}=S(),a={worker_count:process.env.WORKER_COUNT?parseInt(process.env.WORKER_COUNT):void 0,port:o,environment:process.env.NODE_ENV||"development"},{has_settings:e}=await import("./lib/load_settings.js"),c=e();r.info("Starting JoystickDB server...",{workers:a.worker_count||"auto",tcp_port:o,http_port:s,environment:a.environment,has_settings:c,port_source:c?"JOYSTICK_DB_SETTINGS":"default"}),q(a)}export{se as authentication,ie as check_op_type,qe as create_server,Ee as parse_data,ae as setup};
+import k from"net";import{decode as C}from"msgpackr";import E from"./lib/op_types.js";import S from"./lib/safe_json_parse.js";import{load_settings as y,get_settings as g,get_port_configuration as v}from"./lib/load_settings.js";import{send_error as f}from"./lib/send_response.js";import{start_cluster as q}from"./cluster/index.js";import x from"./lib/logger.js";import{initialize_database as N,cleanup_database as A}from"./lib/query_engine.js";import{create_message_parser as B,encode_message as _}from"./lib/tcp_protocol.js";import{create_connection_manager as D}from"./lib/connection_manager.js";import{shutdown_write_queue as $}from"./lib/write_queue.js";import{setup_authentication as F,verify_password as J,get_client_ip as K,is_rate_limited as P,initialize_auth_manager as j,reset_auth_state as G}from"./lib/auth_manager.js";import{initialize_api_key_manager as M}from"./lib/api_key_manager.js";import{is_development_mode as W,display_development_startup_message as H,warn_undefined_node_env as U}from"./lib/development_mode.js";import{restore_backup as V,start_backup_schedule as Y,stop_backup_schedule as L}from"./lib/backup_manager.js";import{initialize_replication_manager as Q,shutdown_replication_manager as X}from"./lib/replication_manager.js";import{initialize_write_forwarder as Z,shutdown_write_forwarder as ee}from"./lib/write_forwarder.js";import{handle_database_operation as re,handle_admin_operation as te,handle_ping_operation as oe}from"./lib/operation_dispatcher.js";import{start_http_server as ne,stop_http_server as se}from"./lib/http_server.js";import{create_recovery_token as ae,initialize_recovery_manager as T,reset_recovery_state as ie}from"./lib/recovery_manager.js";const d=new Set;let c=null;const ce=async(t,r={})=>{if(!r?.password){const s=_({ok:0,error:"Authentication operation requires password to be set in data."});t.write(s),t.end();return}try{const o=K(t);if(P(o)){const n=_({ok:0,error:"Too many failed attempts. Please try again later."});t.write(n),t.end();return}if(!await J(r.password,o)){const n=_({ok:0,error:"Authentication failed"});t.write(n),t.end();return}d.add(t.id);const e=_({ok:1,version:"1.0.0",message:"Authentication successful"});t.write(e)}catch(o){const s={ok:0,error:`Authentication error: ${o.message}`},a=_(s);t.write(a),t.end()}},_e=async(t,r={})=>{try{const s={ok:1,password:F(),message:"Authentication setup completed successfully. Save this password - it will not be shown again."},a=_(s);t.write(a)}catch(o){const s={ok:0,error:`Setup error: ${o.message}`},a=_(s);t.write(a)}},pe=(t="")=>{if(!t)throw new Error("Must pass an op type for operation.");return E.includes(t)},Be=t=>{try{if(typeof t=="string")return S(t);if(Buffer.isBuffer(t)){const r=C(t);return typeof r=="string"?S(r):r}else return t}catch{return null}},b=t=>d.has(t.id),De=async()=>{const{create_context_logger:t}=x("server"),r=t();let o=null;try{y(),o=g()}catch{}if(o?.restore_from)try{r.info("Startup restore requested",{backup_filename:o.restore_from});const e=await V(o.restore_from);r.info("Startup restore completed",{backup_filename:o.restore_from,duration_ms:e.duration_ms});const i={...o};delete i.restore_from,process.env.JOYSTICK_DB_SETTINGS=JSON.stringify(i),y(),o=g(),r.info("Removed restore_from from settings after successful restore")}catch(e){r.error("Startup restore failed",{backup_filename:o.restore_from,error:e.message}),r.info("Continuing with fresh database after restore failure")}N(),j(),await M(),T();try{Q(),r.info("Replication manager initialized")}catch(e){r.warn("Failed to initialize replication manager",{error:e.message})}try{Z(),r.info("Write forwarder initialized")}catch(e){r.warn("Failed to initialize write forwarder",{error:e.message})}if(o?.s3)try{Y(),r.info("Backup scheduling started")}catch(e){r.warn("Failed to start backup scheduling",{error:e.message})}c=D({max_connections:1e3,idle_timeout:600*1e3,request_timeout:5*1e3});let s=null;try{const{http_port:e}=v();s=await ne(e),s&&r.info("HTTP server started",{http_port:e})}catch(e){r.warn("Failed to start HTTP server",{error:e.message})}if(W()){const{tcp_port:e,http_port:i}=v();H(e,i)}else U();const a=k.createServer((e={})=>{if(!c.add_connection(e))return;const i=B();e.on("data",async n=>{c.update_activity(e.id);try{const h=i.parse_messages(n);for(const O of h){const u=O,l=u?.op||null;if(!l){f(e,{message:"Missing operation type"});continue}if(!pe(l)){f(e,{message:"Invalid operation type"});continue}const z=c.create_request_timeout(e.id,l);try{switch(l){case"authentication":await ce(e,u?.data||{});break;case"setup":await _e(e,u?.data||{});break;case"insert_one":case"update_one":case"delete_one":case"bulk_write":case"find_one":case"find":case"create_index":case"drop_index":case"get_indexes":await re(e,l,u?.data||{},b,n.length,c,d);break;case"ping":oe(e);break;case"admin":await te(e,u?.data||{},b,c,d);break;case"reload":if(!b(e)){f(e,{message:"Authentication required"});break}try{let p=null;try{p=g()}catch{}let m=null;try{await y(),m=g()}catch{m={port:1983,authentication:{}}}const w={ok:1,status:"success",message:"Configuration reloaded successfully",changes:{port_changed:p?p.port!==m.port:!1,authentication_changed:p?p.authentication?.password_hash!==m.authentication?.password_hash:!1},timestamp:new Date().toISOString()},I=_(w);e.write(I)}catch(p){const m={ok:0,error:`Reload operation failed: ${p.message}`},w=_(m);e.write(w)}break;default:f(e,{message:`Operation ${l} not implemented`})}}finally{clearTimeout(z)}}}catch(h){r.error("Message parsing failed",{client_id:e.id,error:h.message}),f(e,{message:"Invalid message format"}),e.end()}}),e.on("end",()=>{r.info("Client disconnected",{socket_id:e.id}),d.delete(e.id),c.remove_connection(e.id)}),e.on("error",n=>{r.error("Socket error",{socket_id:e.id,error:n.message}),d.delete(e.id),c.remove_connection(e.id)})});return a.cleanup=async()=>{try{await se(),L(),await X(),await ee(),c&&c.shutdown(),d.clear(),await $(),await new Promise(e=>setTimeout(e,100)),await A(),G(),ie()}catch{}},a};if(import.meta.url===`file://${process.argv[1]}`){const{create_context_logger:t}=x("main"),r=t();if(process.argv.includes("--generate-recovery-token"))try{T();const n=ae();console.log("Emergency Recovery Token Generated"),console.log(`Visit: ${n.url}`),console.log("Token expires in 10 minutes"),r.info("Recovery token generated via CLI",{expires_at:new Date(n.expires_at).toISOString()}),process.exit(0)}catch(n){console.error("Failed to generate recovery token:",n.message),r.error("Recovery token generation failed",{error:n.message}),process.exit(1)}const{tcp_port:o,http_port:s}=v(),a={worker_count:process.env.WORKER_COUNT?parseInt(process.env.WORKER_COUNT):void 0,port:o,environment:process.env.NODE_ENV||"development"},{has_settings:e}=await import("./lib/load_settings.js"),i=e();r.info("Starting JoystickDB server...",{workers:a.worker_count||"auto",tcp_port:o,http_port:s,environment:a.environment,has_settings:i,port_source:i?"JOYSTICK_DB_SETTINGS":"default"}),q(a)}export{ce as authentication,pe as check_op_type,De as create_server,Be as parse_data,_e as setup};

package/dist/server/lib/api_key_manager.js

@@ -1,9 +1,9 @@
-import{readFileSync as b,writeFileSync as O,existsSync as m,unlinkSync as P}from"fs";import A from"crypto";import y from"bcrypt";import E from"./logger.js";import{get_database as c,build_collection_key as g}from"./query_engine.js";const{create_context_logger:x}=E("api_key_manager"),l=x(),d="./API_KEY",i="_users",h=12;let u=null,_=!1;const T=()=>{const e="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";let r="";const s=A.randomBytes(32);for(let o=0;o<32;o++)r+=e[s[o]%e.length];return r},w=()=>{if(u)return u;if(m(d))try{return u=b(d,"utf8").trim(),l.info("API key loaded from file"),u}catch(r){throw l.error("Failed to read API key file",{error:r.message}),new Error(`Failed to read API key file: ${r.message}`)}const e=T();try{return O(d,e,{mode:384}),u=e,l.info("New API key generated and saved",{file_path:d}),N(e),e}catch(r){throw l.error("Failed to save API key file",{error:r.message}),new Error(`Failed to save API key file: ${r.message}`)}},N=e=>{const r=process.env.JOYSTICK_DB_PORT||"1983",s=process.env.JOYSTICK_DB_HTTP_PORT||"1984";console.log(`
+import{readFileSync as x,writeFileSync as T,existsSync as v,unlinkSync as F}from"fs";import N from"crypto";import y from"bcrypt";import D from"./logger.js";import{get_database as _,build_collection_key as m}from"./query_engine.js";import{is_development_mode as g}from"./development_mode.js";const{create_context_logger:J}=D("api_key_manager"),a=J(),f="./API_KEY",l="_users",S=12;let d=null,u=!1;const R=()=>{const e="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";let r="";const o=N.randomBytes(32);for(let s=0;s<32;s++)r+=e[o[s]%e.length];return r},w=()=>{if(g())return d="development-mode-bypass",a.info("Development mode: API key generation bypassed"),d;if(d)return d;if(v(f))try{return d=x(f,"utf8").trim(),a.info("API key loaded from file"),d}catch(r){throw a.error("Failed to read API key file",{error:r.message}),new Error(`Failed to read API key file: ${r.message}`)}const e=R();try{return T(f,e,{mode:384}),d=e,a.info("New API key generated and saved",{file_path:f}),U(e),e}catch(r){throw a.error("Failed to save API key file",{error:r.message}),new Error(`Failed to save API key file: ${r.message}`)}},U=e=>{const r=process.env.JOYSTICK_DB_PORT||"1983",o=process.env.JOYSTICK_DB_HTTP_PORT||"1984";console.log(`
 JoystickDB Setup
 `),console.log(`To finish setting up your database and enable operations for authenticated users, you will need to create an admin user via the database's admin API using the API key displayed below.
 `),console.log("=== STORE THIS KEY SECURELY -- IT WILL NOT BE DISPLAYED AGAIN ==="),console.log(e),console.log(`===
 `),console.log(`To create a user, send a POST request to the server:
-`),console.log(`fetch('http://localhost:${s}/api/users', {`),console.log("  method: 'POST',"),console.log("  headers: {"),console.log("    'Content-Type': 'application/json',"),console.log(`    'x-joystick-db-api-key': '${e}'`),console.log("  },"),console.log("  body: JSON.stringify({"),console.log("    username: 'admin',"),console.log("    password: 'your_secure_password',"),console.log("    role: 'read_write'"),console.log("  })"),console.log(`});
+`),console.log(`fetch('http://localhost:${o}/api/users', {`),console.log("  method: 'POST',"),console.log("  headers: {"),console.log("    'Content-Type': 'application/json',"),console.log(`    'x-joystick-db-api-key': '${e}'`),console.log("  },"),console.log("  body: JSON.stringify({"),console.log("    username: 'admin',"),console.log("    password: 'your_secure_password',"),console.log("    role: 'read_write'"),console.log("  })"),console.log(`});
 `),console.log("==!=="),console.log("Store this key securely. It will not be displayed again."),console.log(`==!==
-`),console.log(`API key saved to: ${d}
-`)},F=e=>{if(!e)return!1;const r=w();return e===r},J=e=>!e||typeof e!="string"?!1:/^[a-zA-Z0-9]{3,50}$/.test(e),S=e=>!e||typeof e!="string"?{valid:!1,error:"Password is required"}:e.length<8?{valid:!1,error:"Password must be at least 8 characters long"}:e.length>128?{valid:!1,error:"Password must be no more than 128 characters long"}:{valid:!0},k=e=>["read","write","read_write"].includes(e),R=async e=>{const{username:r,password:s,role:o}=e;if(!J(r))throw new Error("Username must be alphanumeric and 3-50 characters long");const t=S(s);if(!t.valid)throw new Error(t.error);if(!k(o))throw new Error("Role must be one of: read, write, read_write");const a=c(),p=await y.hash(s,h),n={username:r,password_hash:p,role:o,created_at:new Date().toISOString(),updated_at:new Date().toISOString()},f=g(i,r);let v=null;return await a.transaction(()=>{if(a.get(f))throw new Error("Username already exists");a.put(f,JSON.stringify(n)),v=n}),o==="read_write"&&(_=!0,l.info("Admin user created, API key requirement relaxed for authenticated operations")),l.info("User created successfully",{username:r,role:o}),{username:n.username,role:n.role,created_at:n.created_at}},U=()=>{const e=c(),r=[];for(const{key:s,value:o}of e.getRange({start:`${i}:`,end:`${i}:\xFF`})){const t=JSON.parse(o),a={username:t.username,role:t.role,created_at:t.created_at,updated_at:t.updated_at};r.push(a)}return r},D=e=>{const r=c(),s=g(i,e),o=r.get(s);if(!o)return null;const t=JSON.parse(o);return{username:t.username,role:t.role,created_at:t.created_at,updated_at:t.updated_at}},$=async(e,r)=>{const s=c(),o=g(i,e);let t=null;if(r.password){const f=S(r.password);if(!f.valid)throw new Error(f.error);t=await y.hash(r.password,h)}if(r.role&&!k(r.role))throw new Error("Role must be one of: read, write, read_write");const a=s.get(o);if(!a)throw new Error("User not found");const n={...JSON.parse(a)};return r.role&&(n.role=r.role),t&&(n.password_hash=t),n.updated_at=new Date().toISOString(),s.putSync(o,JSON.stringify(n)),l.info("User updated successfully",{username:e,updates:Object.keys(r)}),{username:n.username,role:n.role,created_at:n.created_at,updated_at:n.updated_at}},L=e=>{const r=c(),s=g(i,e);if(!r.get(s))throw new Error("User not found");const t=r.removeSync(s);return l.info("User deleted successfully",{username:e}),!0},Y=async(e,r)=>{const s=c(),o=g(i,e),t=s.get(o);if(!t)return null;const a=JSON.parse(t);return await y.compare(r,a.password_hash)?{username:a.username,role:a.role,created_at:a.created_at,updated_at:a.updated_at}:null},I=()=>{if(_)return!0;const e=c();for(const{value:r}of e.getRange({start:`${i}:`,end:`${i}:\xFF`}))if(JSON.parse(r).role==="read_write")return _=!0,!0;return!1},C=()=>{w(),_=I(),_&&l.info("Admin user detected, API key requirement relaxed for authenticated operations")},B=()=>{if(u=null,_=!1,m(d))try{P(d)}catch{}};export{I as check_admin_user_exists,R as create_user,L as delete_user,U as get_all_users,D as get_user,C as initialize_api_key_manager,w as load_or_generate_api_key,B as reset_api_key_state,$ as update_user,F as validate_api_key,Y as verify_user_password};
+`),console.log(`API key saved to: ${f}
+`)},$=e=>{if(g())return!0;if(!e)return!1;const r=w();return e===r},L=e=>!e||typeof e!="string"?!1:/^[a-zA-Z0-9]{3,50}$/.test(e),k=(e,r=!1)=>!e||typeof e!="string"?{valid:!1,error:"Password is required"}:g()&&r?{valid:!0}:e.length<8?{valid:!1,error:"Password must be at least 8 characters long"}:e.length>128?{valid:!1,error:"Password must be no more than 128 characters long"}:{valid:!0},I=e=>["read","write","read_write"].includes(e),b=async(e,r=!1)=>{const{username:o,password:s,role:t}=e;if(!L(o))throw new Error("Username must be alphanumeric and 3-50 characters long");const n=k(s,r);if(!n.valid)throw new Error(n.error);if(!I(t))throw new Error("Role must be one of: read, write, read_write");const p=_(),i=await y.hash(s,S),c={username:o,password_hash:i,role:t,created_at:new Date().toISOString(),updated_at:new Date().toISOString()},h=m(l,o);let E=null;return await p.transaction(()=>{if(p.get(h))throw new Error("Username already exists");p.put(h,JSON.stringify(c)),E=c}),t==="read_write"&&(u=!0,a.info("Admin user created, API key requirement relaxed for authenticated operations")),a.info("User created successfully",{username:o,role:t}),{username:c.username,role:c.role,created_at:c.created_at}},Y=()=>{const e=_(),r=[];for(const{key:o,value:s}of e.getRange({start:`${l}:`,end:`${l}:\xFF`})){const t=JSON.parse(s),n={username:t.username,role:t.role,created_at:t.created_at,updated_at:t.updated_at};r.push(n)}return r},P=e=>{const r=_(),o=m(l,e),s=r.get(o);if(!s)return null;const t=JSON.parse(s);return{username:t.username,role:t.role,created_at:t.created_at,updated_at:t.updated_at}},C=async(e,r)=>{const o=_(),s=m(l,e);let t=null;if(r.password){const c=k(r.password);if(!c.valid)throw new Error(c.error);t=await y.hash(r.password,S)}if(r.role&&!I(r.role))throw new Error("Role must be one of: read, write, read_write");const n=o.get(s);if(!n)throw new Error("User not found");const i={...JSON.parse(n)};return r.role&&(i.role=r.role),t&&(i.password_hash=t),i.updated_at=new Date().toISOString(),o.putSync(s,JSON.stringify(i)),a.info("User updated successfully",{username:e,updates:Object.keys(r)}),{username:i.username,role:i.role,created_at:i.created_at,updated_at:i.updated_at}},B=e=>{const r=_(),o=m(l,e);if(!r.get(o))throw new Error("User not found");const t=r.removeSync(o);return a.info("User deleted successfully",{username:e}),!0},K=async(e,r)=>{const o=_(),s=m(l,e),t=o.get(s);if(!t)return null;const n=JSON.parse(t);return await y.compare(r,n.password_hash)?{username:n.username,role:n.role,created_at:n.created_at,updated_at:n.updated_at}:null},O=()=>{if(u)return!0;const e=_();for(const{value:r}of e.getRange({start:`${l}:`,end:`${l}:\xFF`}))if(JSON.parse(r).role==="read_write")return u=!0,!0;return!1},A=async()=>{if(!g())return null;const e=P("admin");if(e)return a.info("Development admin user already exists, skipping creation"),e;try{const r=await b({username:"admin",password:"password",role:"read_write"},!0);return a.info("Development admin user created automatically",{username:"admin"}),r}catch(r){throw a.error("Failed to create development admin user",{error:r.message}),r}},q=async()=>{if(w(),u=O(),u&&a.info("Admin user detected, API key requirement relaxed for authenticated operations"),g()&&!u)try{await A(),u=!0}catch(e){a.error("Failed to initialize development admin user",{error:e.message})}},j=()=>{if(d=null,u=!1,v(f))try{F(f)}catch{}};export{O as check_admin_user_exists,A as create_development_admin_user,b as create_user,B as delete_user,Y as get_all_users,P as get_user,q as initialize_api_key_manager,w as load_or_generate_api_key,j as reset_api_key_state,C as update_user,$ as validate_api_key,K as verify_user_password};

package/dist/server/lib/development_mode.js

@@ -0,0 +1,7 @@
+import s from"./logger.js";const{create_context_logger:t}=s("development_mode"),n=t(),l=()=>process.env.NODE_ENV==="development",r=(e,o)=>{console.log(`
+JoystickDB Development Mode
+`),console.log("Development environment detected (NODE_ENV=development)."),console.log(`Security features have been bypassed for local development.
+`),console.log("Default admin user created:"),console.log("  Username: admin"),console.log(`  Password: password
+`),console.log("WARNING: This configuration is NOT suitable for production use."),console.log(`Set NODE_ENV to 'production' or another value for secure operation.
+`),console.log(`TCP Server: localhost:${e}`),console.log(`HTTP Server: localhost:${o}
+`),n.info("Development mode activated",{tcp_port:e,http_port:o,default_admin_created:!0,security_bypassed:!0})},c=()=>{process.env.NODE_ENV||(n.warn("NODE_ENV is not set, defaulting to secure mode"),console.log("WARNING: NODE_ENV is not set. Defaulting to secure mode."))};export{r as display_development_startup_message,l as is_development_mode,c as warn_undefined_node_env};

package/dist/server/lib/http_server.js

@@ -1,4 +1,4 @@
-import v from"http";import{URL as x}from"url";import _ from"crypto";import k from"./logger.js";import{setup_authentication as T,get_auth_stats as P}from"./auth_manager.js";import{is_token_valid as C,record_failed_recovery_attempt as A,change_password as S}from"./recovery_manager.js";import{validate_api_key as I,create_user as D,get_all_users as E,update_user as H,delete_user as O}from"./api_key_manager.js";const{create_context_logger:R}=k("http_server"),a=R();let p=null,l=null,u=!1,m=new Map;const B=60*1e3,U=10,J=()=>_.randomUUID(),f=()=>!P().configured,Y=t=>{const e=Date.now(),r=(m.get(t)||[]).filter(n=>e-n<B);return m.set(t,r),r.length>=U},$=t=>{const e=Date.now(),o=m.get(t)||[];o.push(e),m.set(t,o)},j=(t,e=null)=>`<!DOCTYPE html>
+import _ from"http";import{URL as x}from"url";import k from"crypto";import T from"./logger.js";import{setup_authentication as P,get_auth_stats as A}from"./auth_manager.js";import{is_token_valid as C,record_failed_recovery_attempt as S,change_password as I}from"./recovery_manager.js";import{validate_api_key as D,create_user as E,get_all_users as H,update_user as O,delete_user as R}from"./api_key_manager.js";import{is_development_mode as l}from"./development_mode.js";const{create_context_logger:B}=T("http_server"),a=B();let u=null,c=null,m=!1,h=new Map;const U=60*1e3,J=10,Y=()=>k.randomUUID(),g=()=>!A().configured,$=t=>{const e=Date.now(),r=(h.get(t)||[]).filter(n=>e-n<U);return h.set(t,r),r.length>=J},j=t=>{const e=Date.now(),o=h.get(t)||[];o.push(e),h.set(t,o)},N=(t,e=null)=>`<!DOCTYPE html>
 <html>
 <head>
     <title>JoystickDB Setup</title>
@@ -65,7 +65,7 @@ import v from"http";import{URL as x}from"url";import _ from"crypto";import k fro
         </ul>
     </div>
 </body>
-</html>`,N=t=>`<!DOCTYPE html>
+</html>`,W=t=>`<!DOCTYPE html>
 <html>
 <head>
     <title>JoystickDB Setup Complete</title>
@@ -159,7 +159,7 @@ await client.ping();
         <p><strong>Your JoystickDB server is ready to use!</strong></p>
     </div>
 </body>
-</html>`,c=t=>`<!DOCTYPE html>
+</html>`,p=t=>`<!DOCTYPE html>
 <html>
 <head>
     <title>JoystickDB Setup Error</title>
@@ -202,7 +202,7 @@ await client.ping();
         <p><a href="javascript:history.back()">\u2190 Go Back</a></p>
     </div>
 </body>
-</html>`,g=(t,e=null)=>`<!DOCTYPE html>
+</html>`,y=(t,e=null)=>`<!DOCTYPE html>
 <html>
 <head>
     <title>JoystickDB Emergency Password Recovery</title>
@@ -325,7 +325,7 @@ await client.ping();
         </ul>
     </div>
 </body>
-</html>`,W=t=>`<!DOCTYPE html>
+</html>`,M=t=>`<!DOCTYPE html>
 <html>
 <head>
     <title>JoystickDB Password Changed</title>
@@ -395,11 +395,11 @@ await client.ping();
         <p><strong>Your JoystickDB server is ready with the new password!</strong></p>
     </div>
 </body>
-</html>`,M=t=>new Promise((e,o)=>{let r="";t.on("data",n=>{r+=n.toString()}),t.on("end",()=>{try{const n=new URLSearchParams(r),s={};for(const[d,h]of n)s[d]=h;e(s)}catch(n){o(n)}}),t.on("error",n=>{o(n)})}),b=t=>new Promise((e,o)=>{let r="";t.on("data",n=>{r+=n.toString()}),t.on("end",()=>{try{const n=JSON.parse(r);e(n)}catch(n){o(n)}}),t.on("error",n=>{o(n)})}),y=t=>{const e=t.headers["x-joystick-db-api-key"];return I(e)},i=(t,e,o)=>{t.writeHead(e,{"Content-Type":"application/json"}),t.end(JSON.stringify(o))},G=async(t,e)=>{const o=t.socket.remoteAddress||"127.0.0.1";if(!y(t)){a.warn("Invalid API key for user creation",{client_ip:o}),i(e,403,{error:"Database setup incomplete. A valid API key must be passed until an admin user has been created."});return}try{const r=await b(t),n=await D(r);a.info("User created via API",{username:n.username,client_ip:o}),i(e,201,{ok:1,user:n})}catch(r){a.error("User creation failed via API",{client_ip:o,error:r.message}),i(e,400,{error:r.message})}},z=async(t,e)=>{const o=t.socket.remoteAddress||"127.0.0.1";if(!y(t)){a.warn("Invalid API key for get users",{client_ip:o}),i(e,403,{error:"Database setup incomplete. A valid API key must be passed until an admin user has been created."});return}try{const r=E();a.info("Users retrieved via API",{count:r.length,client_ip:o}),i(e,200,{ok:1,users:r})}catch(r){a.error("Get users failed via API",{client_ip:o,error:r.message}),i(e,500,{error:r.message})}},F=async(t,e,o)=>{const r=t.socket.remoteAddress||"127.0.0.1";if(!y(t)){a.warn("Invalid API key for user update",{client_ip:r,username:o}),i(e,403,{error:"Database setup incomplete. A valid API key must be passed until an admin user has been created."});return}try{const n=await b(t),s=await H(o,n);a.info("User updated via API",{username:o,client_ip:r}),i(e,200,{ok:1,user:s})}catch(n){a.error("User update failed via API",{client_ip:r,username:o,error:n.message});const s=n.message==="User not found"?404:400;i(e,s,{error:n.message})}},K=async(t,e,o)=>{const r=t.socket.remoteAddress||"127.0.0.1";if(!y(t)){a.warn("Invalid API key for user deletion",{client_ip:r,username:o}),i(e,403,{error:"Database setup incomplete. A valid API key must be passed until an admin user has been created."});return}try{O(o),a.info("User deleted via API",{username:o,client_ip:r}),i(e,200,{ok:1,message:"User deleted successfully"})}catch(n){a.error("User deletion failed via API",{client_ip:r,username:o,error:n.message});const s=n.message==="User not found"?404:400;i(e,s,{error:n.message})}},L=async(t,e,o)=>{if(t.method==="POST"&&o.length===0){await G(t,e);return}if(t.method==="GET"&&o.length===0){await z(t,e);return}if(t.method==="PUT"&&o.length===1){const r=o[0];await F(t,e,r);return}if(t.method==="DELETE"&&o.length===1){const r=o[0];await K(t,e,r);return}i(e,405,{error:"Method not allowed"})},V=async(t,e,o)=>{const r=t.socket.remoteAddress||"127.0.0.1";if(Y(r)){e.writeHead(429,{"Content-Type":"text/html"}),e.end(c("Too many setup attempts. Please try again later."));return}if($(r),!f()){e.writeHead(400,{"Content-Type":"text/html"}),e.end(c("Setup has already been completed."));return}if(!l||o!==l){a.warn("Invalid setup token attempt",{client_ip:r,provided_token:o}),e.writeHead(403,{"Content-Type":"text/html"}),e.end(c("Invalid or missing setup token."));return}if(t.method==="GET"){e.writeHead(200,{"Content-Type":"text/html"}),e.end(j(l));return}if(t.method==="POST"){try{const n=T();u=!0,l=null,a.info("Setup completed successfully via HTTP interface",{client_ip:r}),e.writeHead(200,{"Content-Type":"text/html"}),e.end(N(n))}catch(n){a.error("Setup failed via HTTP interface",{client_ip:r,error:n.message}),e.writeHead(500,{"Content-Type":"text/html"}),e.end(c(n.message))}return}e.writeHead(405,{"Content-Type":"text/html"}),e.end(c("Method not allowed."))},X=async(t,e,o)=>{const r=t.socket.remoteAddress||"127.0.0.1";if(a.info("Recovery request received",{client_ip:r,method:t.method}),!o){e.writeHead(400,{"Content-Type":"text/html"}),e.end(c("Recovery token is required."));return}const n=C(o);if(!n.valid){A(r);let s="Invalid recovery token.";n.reason==="expired"?s="Recovery token has expired. Generate a new token using --generate-recovery-token.":n.reason==="locked"?s="Recovery is locked due to too many failed attempts. Please try again later.":n.reason==="no_token"&&(s="No active recovery token found. Generate a new token using --generate-recovery-token."),a.warn("Invalid recovery token attempt",{client_ip:r,reason:n.reason,provided_token:o}),e.writeHead(403,{"Content-Type":"text/html"}),e.end(c(s));return}if(t.method==="GET"){e.writeHead(200,{"Content-Type":"text/html"}),e.end(g(o));return}if(t.method==="POST"){try{const s=await M(t),{password:d,confirm_password:h}=s;if(!d||!h){e.writeHead(400,{"Content-Type":"text/html"}),e.end(g(o,"Both password fields are required."));return}if(d!==h){e.writeHead(400,{"Content-Type":"text/html"}),e.end(g(o,"Passwords do not match."));return}const w=await S(d,r,()=>{a.info("Password change completed, existing connections should be terminated")});a.info("Emergency password change completed via HTTP interface",{client_ip:r,timestamp:w.timestamp}),e.writeHead(200,{"Content-Type":"text/html"}),e.end(W(w.timestamp))}catch(s){a.error("Emergency password change failed via HTTP interface",{client_ip:r,error:s.message}),e.writeHead(400,{"Content-Type":"text/html"}),e.end(g(o,s.message))}return}e.writeHead(405,{"Content-Type":"text/html"}),e.end(c("Method not allowed."))},Q=(t=1984)=>{const e=v.createServer(async(r,n)=>{try{const s=new x(r.url,`http://localhost:${t}`);if(s.pathname==="/setup"){const d=s.searchParams.get("token");await V(r,n,d);return}if(s.pathname==="/recovery"){const d=s.searchParams.get("token");await X(r,n,d);return}if(s.pathname.startsWith("/api/users")){const d=s.pathname.split("/").slice(3);await L(r,n,d);return}n.writeHead(404,{"Content-Type":"text/html"}),n.end(`<!DOCTYPE html>
+</html>`,G=t=>new Promise((e,o)=>{let r="";t.on("data",n=>{r+=n.toString()}),t.on("end",()=>{try{const n=new URLSearchParams(r),s={};for(const[d,f]of n)s[d]=f;e(s)}catch(n){o(n)}}),t.on("error",n=>{o(n)})}),v=t=>new Promise((e,o)=>{let r="";t.on("data",n=>{r+=n.toString()}),t.on("end",()=>{try{const n=JSON.parse(r);e(n)}catch(n){o(n)}}),t.on("error",n=>{o(n)})}),w=t=>{if(l())return!0;const e=t.headers["x-joystick-db-api-key"];return D(e)},i=(t,e,o)=>{t.writeHead(e,{"Content-Type":"application/json"}),t.end(JSON.stringify(o))},z=async(t,e)=>{const o=t.socket.remoteAddress||"127.0.0.1";if(!w(t)){const r=l()?"API key validation failed (this should not happen in development mode)":"Database setup incomplete. A valid API key must be passed until an admin user has been created.";a.warn("Invalid API key for user creation",{client_ip:o,development_mode:l()}),i(e,403,{error:r});return}try{const r=await v(t),n=await E(r);a.info("User created via API",{username:n.username,client_ip:o}),i(e,201,{ok:1,user:n})}catch(r){a.error("User creation failed via API",{client_ip:o,error:r.message}),i(e,400,{error:r.message})}},F=async(t,e)=>{const o=t.socket.remoteAddress||"127.0.0.1";if(!w(t)){const r=l()?"API key validation failed (this should not happen in development mode)":"Database setup incomplete. A valid API key must be passed until an admin user has been created.";a.warn("Invalid API key for get users",{client_ip:o,development_mode:l()}),i(e,403,{error:r});return}try{const r=H();a.info("Users retrieved via API",{count:r.length,client_ip:o}),i(e,200,{ok:1,users:r})}catch(r){a.error("Get users failed via API",{client_ip:o,error:r.message}),i(e,500,{error:r.message})}},K=async(t,e,o)=>{const r=t.socket.remoteAddress||"127.0.0.1";if(!w(t)){const n=l()?"API key validation failed (this should not happen in development mode)":"Database setup incomplete. A valid API key must be passed until an admin user has been created.";a.warn("Invalid API key for user update",{client_ip:r,username:o,development_mode:l()}),i(e,403,{error:n});return}try{const n=await v(t),s=await O(o,n);a.info("User updated via API",{username:o,client_ip:r}),i(e,200,{ok:1,user:s})}catch(n){a.error("User update failed via API",{client_ip:r,username:o,error:n.message});const s=n.message==="User not found"?404:400;i(e,s,{error:n.message})}},L=async(t,e,o)=>{const r=t.socket.remoteAddress||"127.0.0.1";if(!w(t)){const n=l()?"API key validation failed (this should not happen in development mode)":"Database setup incomplete. A valid API key must be passed until an admin user has been created.";a.warn("Invalid API key for user deletion",{client_ip:r,username:o,development_mode:l()}),i(e,403,{error:n});return}try{R(o),a.info("User deleted via API",{username:o,client_ip:r}),i(e,200,{ok:1,message:"User deleted successfully"})}catch(n){a.error("User deletion failed via API",{client_ip:r,username:o,error:n.message});const s=n.message==="User not found"?404:400;i(e,s,{error:n.message})}},V=async(t,e,o)=>{if(t.method==="POST"&&o.length===0){await z(t,e);return}if(t.method==="GET"&&o.length===0){await F(t,e);return}if(t.method==="PUT"&&o.length===1){const r=o[0];await K(t,e,r);return}if(t.method==="DELETE"&&o.length===1){const r=o[0];await L(t,e,r);return}i(e,405,{error:"Method not allowed"})},X=async(t,e,o)=>{const r=t.socket.remoteAddress||"127.0.0.1";if($(r)){e.writeHead(429,{"Content-Type":"text/html"}),e.end(p("Too many setup attempts. Please try again later."));return}if(j(r),!g()){e.writeHead(400,{"Content-Type":"text/html"}),e.end(p("Setup has already been completed."));return}if(!c||o!==c){a.warn("Invalid setup token attempt",{client_ip:r,provided_token:o}),e.writeHead(403,{"Content-Type":"text/html"}),e.end(p("Invalid or missing setup token."));return}if(t.method==="GET"){e.writeHead(200,{"Content-Type":"text/html"}),e.end(N(c));return}if(t.method==="POST"){try{const n=P();m=!0,c=null,a.info("Setup completed successfully via HTTP interface",{client_ip:r}),e.writeHead(200,{"Content-Type":"text/html"}),e.end(W(n))}catch(n){a.error("Setup failed via HTTP interface",{client_ip:r,error:n.message}),e.writeHead(500,{"Content-Type":"text/html"}),e.end(p(n.message))}return}e.writeHead(405,{"Content-Type":"text/html"}),e.end(p("Method not allowed."))},Q=async(t,e,o)=>{const r=t.socket.remoteAddress||"127.0.0.1";if(a.info("Recovery request received",{client_ip:r,method:t.method}),!o){e.writeHead(400,{"Content-Type":"text/html"}),e.end(p("Recovery token is required."));return}const n=C(o);if(!n.valid){S(r);let s="Invalid recovery token.";n.reason==="expired"?s="Recovery token has expired. Generate a new token using --generate-recovery-token.":n.reason==="locked"?s="Recovery is locked due to too many failed attempts. Please try again later.":n.reason==="no_token"&&(s="No active recovery token found. Generate a new token using --generate-recovery-token."),a.warn("Invalid recovery token attempt",{client_ip:r,reason:n.reason,provided_token:o}),e.writeHead(403,{"Content-Type":"text/html"}),e.end(p(s));return}if(t.method==="GET"){e.writeHead(200,{"Content-Type":"text/html"}),e.end(y(o));return}if(t.method==="POST"){try{const s=await G(t),{password:d,confirm_password:f}=s;if(!d||!f){e.writeHead(400,{"Content-Type":"text/html"}),e.end(y(o,"Both password fields are required."));return}if(d!==f){e.writeHead(400,{"Content-Type":"text/html"}),e.end(y(o,"Passwords do not match."));return}const b=await I(d,r,()=>{a.info("Password change completed, existing connections should be terminated")});a.info("Emergency password change completed via HTTP interface",{client_ip:r,timestamp:b.timestamp}),e.writeHead(200,{"Content-Type":"text/html"}),e.end(M(b.timestamp))}catch(s){a.error("Emergency password change failed via HTTP interface",{client_ip:r,error:s.message}),e.writeHead(400,{"Content-Type":"text/html"}),e.end(y(o,s.message))}return}e.writeHead(405,{"Content-Type":"text/html"}),e.end(p("Method not allowed."))},Z=(t=1984)=>{const e=_.createServer(async(r,n)=>{try{const s=new x(r.url,`http://localhost:${t}`);if(s.pathname==="/setup"){const d=s.searchParams.get("token");await X(r,n,d);return}if(s.pathname==="/recovery"){const d=s.searchParams.get("token");await Q(r,n,d);return}if(s.pathname.startsWith("/api/users")){const d=s.pathname.split("/").slice(3);await V(r,n,d);return}n.writeHead(404,{"Content-Type":"text/html"}),n.end(`<!DOCTYPE html>
 <html>
 <head><title>404 Not Found</title></head>
 <body>
 <h1>404 Not Found</h1>
 <p>The requested resource was not found on this server.</p>
 </body>
-</html>`)}catch(s){a.error("HTTP request error",{error:s.message,url:r.url}),n.writeHead(500,{"Content-Type":"text/html"}),n.end(c("Internal server error."))}}),o=new Set;return e.on("connection",r=>{o.add(r),r.on("close",()=>{o.delete(r)})}),e._connections=o,e.on("error",r=>{a.error("HTTP server error",{error:r.message})}),e},Z=(t=1984)=>{const e=f();e&&(l=J(),u=!1);const o=Q(t);return new Promise((r,n)=>{o.once("error",s=>{e&&(l=null,u=!1),a.error("Failed to start HTTP server",{port:t,error:s.message}),n(s)}),o.listen(t,()=>{p=o,e?(a.info("JoystickDB Setup Required"),a.info(`Visit: http://localhost:${t}/setup?token=${l}`)):a.info("HTTP server started for recovery operations",{port:t}),r(o)})})},q=()=>new Promise(t=>{if(!p){t();return}const e=p,o=e._connections||new Set;p=null,l=null,u=!1,m.clear(),o.forEach(r=>{try{r.destroy()}catch{}}),e.close(r=>{r?a.warn("HTTP server close error",{error:r.message}):a.info("HTTP server stopped"),setTimeout(()=>{t()},250)}),setTimeout(()=>{a.warn("HTTP server forced shutdown after timeout"),t()},2e3)}),ee=()=>({setup_required:f(),setup_token:l,setup_completed:u,http_server_running:!!p});export{ee as get_setup_info,f as is_setup_required,Z as start_http_server,q as stop_http_server};
+</html>`)}catch(s){a.error("HTTP request error",{error:s.message,url:r.url}),n.writeHead(500,{"Content-Type":"text/html"}),n.end(p("Internal server error."))}}),o=new Set;return e.on("connection",r=>{o.add(r),r.on("close",()=>{o.delete(r)})}),e._connections=o,e.on("error",r=>{a.error("HTTP server error",{error:r.message})}),e},q=(t=1984)=>{const e=g();e&&(c=Y(),m=!1);const o=Z(t);return new Promise((r,n)=>{o.once("error",s=>{e&&(c=null,m=!1),a.error("Failed to start HTTP server",{port:t,error:s.message}),n(s)}),o.listen(t,()=>{u=o,e?(a.info("JoystickDB Setup Required"),a.info(`Visit: http://localhost:${t}/setup?token=${c}`)):a.info("HTTP server started for recovery operations",{port:t}),r(o)})})},ee=()=>new Promise(t=>{if(!u){t();return}const e=u,o=e._connections||new Set;u=null,c=null,m=!1,h.clear(),o.forEach(r=>{try{r.destroy()}catch{}}),e.close(r=>{r?a.warn("HTTP server close error",{error:r.message}):a.info("HTTP server stopped"),setTimeout(()=>{t()},250)}),setTimeout(()=>{a.warn("HTTP server forced shutdown after timeout"),t()},2e3)}),te=()=>({setup_required:g(),setup_token:c,setup_completed:m,http_server_running:!!u});export{te as get_setup_info,g as is_setup_required,q as start_http_server,ee as stop_http_server};

package/package.json

@@ -1,10 +1,10 @@
 {
   "name": "@joystick.js/db-canary",
   "type": "module",
-  "version": "0.0.0-canary.2213",
-  "canary_version": "0.0.0-canary.2213",
+  "version": "0.0.0-canary.2217",
+  "canary_version": "0.0.0-canary.2216",
   "description": "JoystickDB - A minimalist database server for the Joystick framework",
-  "main": "./dist/index.js",
+  "main": "./dist/server/index.js",
   "scripts": {
     "build": "node ./.build/index.js",
     "release": "node increment_version.js && npm run build && npm publish",
@@ -45,4 +45,4 @@
     "winston": "^3.17.0",
     "winston-daily-rotate-file": "^5.0.0"
   }
-}
+}

package/src/server/index.js

@@ -31,6 +31,11 @@ import {
   verify_user_password,
   check_admin_user_exists
 } from './lib/api_key_manager.js';
+import { 
+  is_development_mode, 
+  display_development_startup_message, 
+  warn_undefined_node_env 
+} from './lib/development_mode.js';
 import { 
   restore_backup, 
   start_backup_schedule, 
@@ -252,7 +257,7 @@ export const create_server = async () => {
   
   initialize_database();
   initialize_auth_manager();
-  initialize_api_key_manager();
+  await initialize_api_key_manager();
   initialize_recovery_manager();
   
   // NOTE: Initialize replication manager for primary nodes.
@@ -299,6 +304,14 @@ export const create_server = async () => {
     log.warn('Failed to start HTTP server', { error: http_error.message });
   }
   
+  // NOTE: Display development mode startup message if in development.
+  if (is_development_mode()) {
+    const { tcp_port, http_port } = get_port_configuration();
+    display_development_startup_message(tcp_port, http_port);
+  } else {
+    warn_undefined_node_env();
+  }
+  
   const server = net.createServer((socket = {}) => {
     if (!connection_manager.add_connection(socket)) {
       return;

package/src/server/lib/api_key_manager.js

@@ -10,6 +10,7 @@ import crypto from 'crypto';
 import bcrypt from 'bcrypt';
 import create_logger from './logger.js';
 import { get_database, build_collection_key, generate_document_id } from './query_engine.js';
+import { is_development_mode } from './development_mode.js';
 
 const { create_context_logger } = create_logger('api_key_manager');
 const log = create_context_logger();
@@ -47,9 +48,17 @@ const generate_api_key = () => {
 
 /**
  * Loads API key from file or generates new one if it doesn't exist.
+ * In development mode, skips API key generation entirely.
  * @returns {string} API key from file or newly generated key
  */
 const load_or_generate_api_key = () => {
+  // NOTE: Skip API key generation in development mode.
+  if (is_development_mode()) {
+    cached_api_key = 'development-mode-bypass';
+    log.info('Development mode: API key generation bypassed');
+    return cached_api_key;
+  }
+  
   if (cached_api_key) {
     return cached_api_key;
   }
@@ -118,10 +127,16 @@ const display_startup_message = (api_key) => {
 
 /**
  * Validates an API key against the stored key.
+ * In development mode, always returns true to bypass API key validation.
  * @param {string} provided_key - API key to validate
  * @returns {boolean} True if API key is valid
  */
 const validate_api_key = (provided_key) => {
+  // NOTE: Bypass API key validation in development mode.
+  if (is_development_mode()) {
+    return true;
+  }
+  
   if (!provided_key) {
     return false;
   }
@@ -145,16 +160,23 @@ const validate_username = (username) => {
 
 /**
  * Validates password complexity requirements.
+ * In development mode, allows simple passwords for default admin user.
  * @param {string} password - Password to validate
+ * @param {boolean} [is_development_default=false] - Whether this is the development default user
  * @returns {Object} Validation result
  * @returns {boolean} returns.valid - Whether password is valid
  * @returns {string} returns.error - Error message if invalid
  */
-const validate_password = (password) => {
+const validate_password = (password, is_development_default = false) => {
   if (!password || typeof password !== 'string') {
     return { valid: false, error: 'Password is required' };
   }
   
+  // NOTE: Skip complexity requirements for development default user.
+  if (is_development_mode() && is_development_default) {
+    return { valid: true };
+  }
+  
   if (password.length < 8) {
     return { valid: false, error: 'Password must be at least 8 characters long' };
   }
@@ -182,10 +204,11 @@ const validate_role = (role) => {
  * @param {string} user_data.username - Username
  * @param {string} user_data.password - Plain text password
  * @param {string} user_data.role - User role
+ * @param {boolean} [is_development_default=false] - Whether this is the development default user
  * @returns {Promise<Object>} Created user data
  * @throws {Error} When validation fails or user already exists
  */
-const create_user = async (user_data) => {
+const create_user = async (user_data, is_development_default = false) => {
   const { username, password, role } = user_data;
   
   // Validate input
@@ -193,7 +216,7 @@ const create_user = async (user_data) => {
     throw new Error('Username must be alphanumeric and 3-50 characters long');
   }
   
-  const password_validation = validate_password(password);
+  const password_validation = validate_password(password, is_development_default);
   if (!password_validation.valid) {
     throw new Error(password_validation.error);
   }
@@ -429,16 +452,58 @@ const check_admin_user_exists = () => {
   return false;
 };
 
+/**
+ * Creates the default admin user for development mode.
+ * @returns {Promise<Object|null>} Created user data or null if already exists
+ */
+const create_development_admin_user = async () => {
+  if (!is_development_mode()) {
+    return null;
+  }
+  
+  // Check if admin user already exists
+  const existing_admin = get_user('admin');
+  if (existing_admin) {
+    log.info('Development admin user already exists, skipping creation');
+    return existing_admin;
+  }
+  
+  try {
+    const admin_user = await create_user({
+      username: 'admin',
+      password: 'password',
+      role: 'read_write'
+    }, true);
+    
+    log.info('Development admin user created automatically', { username: 'admin' });
+    return admin_user;
+  } catch (error) {
+    log.error('Failed to create development admin user', { error: error.message });
+    throw error;
+  }
+};
+
 /**
  * Initializes the API key manager.
+ * In development mode, creates default admin user automatically.
  */
-const initialize_api_key_manager = () => {
+const initialize_api_key_manager = async () => {
   load_or_generate_api_key();
   admin_user_exists = check_admin_user_exists();
   
   if (admin_user_exists) {
     log.info('Admin user detected, API key requirement relaxed for authenticated operations');
   }
+  
+  // NOTE: Create development admin user if in development mode.
+  if (is_development_mode() && !admin_user_exists) {
+    try {
+      await create_development_admin_user();
+      admin_user_exists = true;
+    } catch (error) {
+      log.error('Failed to initialize development admin user', { error: error.message });
+    }
+  }
 };
 
 /**
@@ -469,5 +534,6 @@ export {
   verify_user_password,
   check_admin_user_exists,
   initialize_api_key_manager,
-  reset_api_key_state
+  reset_api_key_state,
+  create_development_admin_user
 };

package/src/server/lib/development_mode.js

@@ -0,0 +1,60 @@
+/**
+ * @fileoverview Development environment detection and setup utilities.
+ * 
+ * Provides functions to detect development mode, bypass security requirements,
+ * and automatically create default admin users for local development.
+ */
+
+import create_logger from './logger.js';
+
+const { create_context_logger } = create_logger('development_mode');
+const log = create_context_logger();
+
+/**
+ * Checks if the server is running in development mode.
+ * @returns {boolean} True if NODE_ENV is set to 'development'
+ */
+const is_development_mode = () => {
+  return process.env.NODE_ENV === 'development';
+};
+
+/**
+ * Displays development mode startup message with security warnings.
+ * @param {number} tcp_port - TCP server port
+ * @param {number} http_port - HTTP server port
+ */
+const display_development_startup_message = (tcp_port, http_port) => {
+  console.log('\nJoystickDB Development Mode\n');
+  console.log('Development environment detected (NODE_ENV=development).');
+  console.log('Security features have been bypassed for local development.\n');
+  console.log('Default admin user created:');
+  console.log('  Username: admin');
+  console.log('  Password: password\n');
+  console.log('WARNING: This configuration is NOT suitable for production use.');
+  console.log('Set NODE_ENV to \'production\' or another value for secure operation.\n');
+  console.log(`TCP Server: localhost:${tcp_port}`);
+  console.log(`HTTP Server: localhost:${http_port}\n`);
+  
+  log.info('Development mode activated', {
+    tcp_port,
+    http_port,
+    default_admin_created: true,
+    security_bypassed: true
+  });
+};
+
+/**
+ * Logs warning if NODE_ENV is undefined or empty.
+ */
+const warn_undefined_node_env = () => {
+  if (!process.env.NODE_ENV) {
+    log.warn('NODE_ENV is not set, defaulting to secure mode');
+    console.log('WARNING: NODE_ENV is not set. Defaulting to secure mode.');
+  }
+};
+
+export {
+  is_development_mode,
+  display_development_startup_message,
+  warn_undefined_node_env
+};

package/src/server/lib/http_server.js

@@ -24,6 +24,7 @@ import {
   delete_user,
   check_admin_user_exists
 } from './api_key_manager.js';
+import { is_development_mode } from './development_mode.js';
 
 const { create_context_logger } = create_logger('http_server');
 const log = create_context_logger();
@@ -613,10 +614,16 @@ const parse_json_data = (req) => {
 
 /**
  * Validates API key from request headers.
+ * In development mode, always returns true to bypass API key validation.
  * @param {http.IncomingMessage} req - HTTP request object
  * @returns {boolean} True if API key is valid
  */
 const validate_request_api_key = (req) => {
+  // NOTE: Bypass API key validation in development mode.
+  if (is_development_mode()) {
+    return true;
+  }
+  
   const api_key = req.headers['x-joystick-db-api-key'];
   return validate_api_key(api_key);
 };
@@ -642,9 +649,13 @@ const handle_create_user = async (req, res) => {
   const client_ip = req.socket.remoteAddress || '127.0.0.1';
   
   if (!validate_request_api_key(req)) {
-    log.warn('Invalid API key for user creation', { client_ip });
+    const error_message = is_development_mode() 
+      ? 'API key validation failed (this should not happen in development mode)'
+      : 'Database setup incomplete. A valid API key must be passed until an admin user has been created.';
+    
+    log.warn('Invalid API key for user creation', { client_ip, development_mode: is_development_mode() });
     send_json_response(res, 403, {
-      error: 'Database setup incomplete. A valid API key must be passed until an admin user has been created.'
+      error: error_message
     });
     return;
   }
@@ -677,9 +688,13 @@ const handle_get_users = async (req, res) => {
   const client_ip = req.socket.remoteAddress || '127.0.0.1';
   
   if (!validate_request_api_key(req)) {
-    log.warn('Invalid API key for get users', { client_ip });
+    const error_message = is_development_mode() 
+      ? 'API key validation failed (this should not happen in development mode)'
+      : 'Database setup incomplete. A valid API key must be passed until an admin user has been created.';
+    
+    log.warn('Invalid API key for get users', { client_ip, development_mode: is_development_mode() });
     send_json_response(res, 403, {
-      error: 'Database setup incomplete. A valid API key must be passed until an admin user has been created.'
+      error: error_message
     });
     return;
   }
@@ -712,9 +727,13 @@ const handle_update_user = async (req, res, username) => {
   const client_ip = req.socket.remoteAddress || '127.0.0.1';
   
   if (!validate_request_api_key(req)) {
-    log.warn('Invalid API key for user update', { client_ip, username });
+    const error_message = is_development_mode() 
+      ? 'API key validation failed (this should not happen in development mode)'
+      : 'Database setup incomplete. A valid API key must be passed until an admin user has been created.';
+    
+    log.warn('Invalid API key for user update', { client_ip, username, development_mode: is_development_mode() });
     send_json_response(res, 403, {
-      error: 'Database setup incomplete. A valid API key must be passed until an admin user has been created.'
+      error: error_message
     });
     return;
   }
@@ -750,9 +769,13 @@ const handle_delete_user = async (req, res, username) => {
   const client_ip = req.socket.remoteAddress || '127.0.0.1';
   
   if (!validate_request_api_key(req)) {
-    log.warn('Invalid API key for user deletion', { client_ip, username });
+    const error_message = is_development_mode() 
+      ? 'API key validation failed (this should not happen in development mode)'
+      : 'Database setup incomplete. A valid API key must be passed until an admin user has been created.';
+    
+    log.warn('Invalid API key for user deletion', { client_ip, username, development_mode: is_development_mode() });
     send_json_response(res, 403, {
-      error: 'Database setup incomplete. A valid API key must be passed until an admin user has been created.'
+      error: error_message
     });
     return;
   }