@juit/pgproxy-cli 1.0.0

package/README.md

@@ -0,0 +1,198 @@
+# PostgreSQL Proxy over HTTP and WebSockets (CLI interface)
+
+This package provides a simple command line interface to run the PGProxy Server.
+
+* [Usage](#usage)
+* [Configuration Files](#configuration-files)
+  * [Main Section](#main-section)
+  * [Pool Section](#pool-section)
+* [Environment Variables](#environment-variables)
+* [PGProxy](https://github.com/juitnow/juit-pgproxy/blob/main/README.md)
+* [Copyright Notice](https://github.com/juitnow/juit-pgproxy/blob/main/NOTICE.md)
+* [License](https://github.com/juitnow/juit-pgproxy/blob/main/NOTICE.md)
+
+### Usage
+
+```
+Usage:
+
+  pgproxy-server [--options ...] [config file]
+
+Options:
+
+  --debug         Enable verbose logging.
+  --help          Show this help page and exit.
+  --version       Show version information and exit.
+
+  [config file]   An optional configuration file (in ".ini" format).
+
+Environment variables:
+
+  HTTP Server:
+
+    PGPROXYSECRET        The secret used to authenticate clients.
+    PGPROXYADDRESS       The address where this server will be bound to.
+    PGPROXYPORT          The port number where this server will be bound to.
+    PGPROXYHEALTHCHECK   Path for the unauthenticated health check GET request.
+
+  Connection Pool:
+
+    PGPOOLMINSIZE          Minimum number of connections to keep in the pool.
+    PGPOOLMAXSIZE          Maximum number of connections to keep in the pool.
+    PGPOOLIDLECONN         Maximum number of idle connections in the pool.
+    PGPOOLACQUIRETIMEOUT   Number of seconds after which 'acquire()' will fail.
+    PGPOOLBORROWTIMEOUT    Maximum seconds a connection can be borrowed for.
+    PGPOOLRETRYINTERVAL    Seconds to wait after connection creation failed.
+
+  PostgreSQL:
+
+    PGHOST       Name of host to connect to.
+    PGPORT       Port number to connect to at the server host.
+    PGDATABASE   The database name.
+    PGUSER       PostgreSQL user name to connect as.
+    PGPASSWORD   Password to be used if the server demands authentication.
+
+    See also: https://www.postgresql.org/docs/current/libpq-envars.html
+
+Remarks:
+
+  Environment variables will also be read from a ".env" file in the current
+  directory (if such file exists).
+
+  See also: https://github.com/motdotla/dotenv
+```
+
+### Configuration Files
+
+The configuration file(s) used by the command line interface are in `ini` format
+and contain two parts: the configuration of the PGProxy server (main section),
+and the configuration of the connection pool to PostgreSQL (`[pool]` section).
+
+For example
+
+```ini
+secret = mySuperSecret
+port = 12345
+
+[pool]
+database = myDatabaseName
+user = myUser
+password = myPasswor
+host = localhost
+port = 5432
+```
+
+#### Main section
+
+In the _main_ section the following options are available to configure the
+PGProxy server:
+
+* `secret`: The secret used to authenticate clients.
+* `address`: The address where this server will be bound to.
+* `port`: The port number where this server will be bound to.
+* `backlog`: The maximum length of the queue of pending connections.
+* `healthCheck`: The path used to provide stats and a healthcheck via GET requests.
+
+Furthermore, underlying NodeJS HTTP server the following options are available.
+Refer to the [Node JS documentation](https://nodejs.org/api/http.html#httpcreateserveroptions-requestlistener)
+for information on their behaviour.
+
+* `connectionsCheckingInterval`
+* `highWaterMark`
+* `insecureHTTPParser`
+* `joinDuplicateHeaders`
+* `keepAlive`
+* `keepAliveInitialDelay`
+* `keepAliveTimeout`
+* `maxHeaderSize`
+* `noDelay`
+* `requestTimeout`
+
+#### Pool section
+
+In the `[pool]` section the following options are available to configure the
+connection pool:
+
+* `minimumPoolSize`: The minimum number of connections to keep in the pool
+  (default: `0`).
+* `maximumPoolSize`: The maximum number of connections to keep in the pool
+  (default: `20`).
+* `maximumIdleConnections`: The maximum number of idle connections that can be
+   sitting in the pool (default: the average between `minimumPoolSize` and
+   `maximumPoolSize`).
+* `acquireTimeout`: The number of seconds after which an `acquire()` call will
+  fail (default: `30` sec.).
+* `borrowTimeout`: The maximum number of seconds a connection can be borrowed
+  for (default: `120` sec.).
+* `retryInterval`: The number of seconds to wait after the creation of a
+  connection failed (default: `5` sec.).
+* `validateOnBorrow`: Whether to validate connections on borrow or not (value
+  must be either `true` or `false`, default: `true`).
+
+Furthermore, to configure the _connections_ to PostgreSQL:
+
+* `database`: The database name.
+* `host`: Name of host to connect to.
+* `address`: IPv4 or IPv6 numeric IP address of host to connect to.
+* `port`: Port number to connect to at the server host.
+* `user`: PostgreSQL user name to connect as.
+* `password`: Password to be used if the server demands password authentication.
+* `connectTimeout`: Maximum wait for connection, in seconds.
+* `applicationName`: The `application_name` as it will appear in `pg_stat_activity`.
+* `keepalives`: Controls whether client-side TCP keepalives are used.
+* `keepalivesIdle`: The number of seconds of inactivity after which TCP should send a keepalive message to the server.
+* `keepalivesInterval`: The number of seconds after which a TCP keepalive message that is not acknowledged by the server should be retransmitted.
+* `keepalivesCount`: The number of TCP keepalives that can be lost before the client's connection to the server is considered dead.
+* `sslMode`: This option determines whether or with what priority a secure SSL
+  TCP/IP connection will be negotiated with the server. There are six modes:
+   * `disable`: only try a non-SSL connection
+   * `allow`: first try a non-SSL connection; if that fails, try an SSL
+    connection
+   * `prefer` _(default)_: first try an SSL connection; if that fails, try a
+     non-SSL connection
+   * `require`: only try an SSL connection. If a root CA file is present, verify
+     the certificate in the same way as if verify-ca was specified
+   * `verify-ca`: only try an SSL connection, and verify that the server
+     certificate is issued by a trusted certificate authority (CA)
+   * `verify-full`: only try an SSL connection, verify that the server
+     certificate is issued by a trusted CA and that the server host name matches
+     that in the certificate
+* `sslCompression`: If set to `true` (default), data sent over SSL connections
+  will be compressed.
+* `sslCertFile`: The file name of the client SSL certificate.
+* `sslKeyFile`: The location for the secret key used for the client certificate.
+* `sslRootCertFile`: The name of a file containing SSL certificate authority
+  (CA) certificate(s).
+* `sslCrlFile`: The file name of the SSL certificate revocation list (CRL).
+* `kerberosServiceName`: Kerberos service name to use when authenticating with
+  Kerberos 5 or GSSAPI.
+* `gssLibrary`: GSS library to use for GSSAPI authentication.
+
+### Environment Variables
+
+Most options can also be configured through environment variables as follows:
+
+* _main._`secret` => `PGPROXYSECRET`
+* _main._`address` => `PGPROXYADDRESS`
+* _main._`port` => `PGPROXYPORT`
+* _main._`healthCheck` => `PGPROXYHEALTHCHECK`
+
+For the connection pool:
+
+* `pool.minimumPoolSize` => `PGPOOLMINSIZE`
+* `pool.maximumPoolSize` => `PGPOOLMAXSIZE`
+* `pool.maximumIdleConnections` => `PGPOOLIDLECONN`
+* `pool.acquireTimeout` => `PGPOOLACQUIRETIMEOUT`
+* `pool.borrowTimeout` => `PGPOOLBORROWTIMEOUT`
+* `pool.retryInterval` => `PGPOOLRETRYINTERVAL`
+* `pool.validateOnBorrow` => `PGPOOLVALIDATEONBORROW`
+
+And for the connection to PosgreSQL:
+
+* `pool.host` => `PGHOST`
+* `pool.port` => `PGPORT`
+* `pool.database` => `PGDATABASE`
+* `pool.user` => `PGUSER`
+* `pool.password` => `PGPASSWORD`
+
+For more see also: https://www.postgresql.org/docs/current/libpq-envars.html

package/dist/cli.d.mts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/cli.mjs

@@ -0,0 +1,224 @@
+#!/usr/bin/env node
+
+// cli.mts
+import { readFileSync } from "node:fs";
+import { resolve } from "node:path";
+import { fileURLToPath } from "node:url";
+import { Server } from "@juit/pgproxy-server";
+import { config as dotEnvConfig } from "dotenv";
+import { parse } from "ini";
+import { boolean, number, object, oneOf, optional, string, validate } from "justus";
+import yargsParser from "yargs-parser";
+var logger = {
+  debug: function(...args2) {
+    if (debug)
+      console.log("[DEBUG]", ...args2);
+  },
+  info: function(...args2) {
+    console.log("[INFO] ", ...args2);
+  },
+  warn: function(...args2) {
+    console.log("[WARN] ", ...args2);
+  },
+  error: function(...args2) {
+    console.log("[ERROR]", ...args2);
+  }
+};
+function showHelp() {
+  console.log(`
+Usage:
+
+  pgproxy-server [--options ...] [config file]
+
+Options:
+
+  --debug         Enable verbose logging.
+  --help          Show this help page and exit.
+  --version       Show version information and exit.
+
+  [config file]   An optional configuration file (in ".ini" format).
+
+Environment variables:
+
+  HTTP Server:
+
+    PGPROXYSECRET        The secret used to authenticate clients.
+    PGPROXYADDRESS       The address where this server will be bound to.
+    PGPROXYPORT          The port number where this server will be bound to.
+    PGPROXYHEALTHCHECK   Path for the unauthenticated health check GET request.
+
+  Connection Pool:
+
+    PGPOOLMINSIZE            Minimum number of connections to keep in the pool.
+    PGPOOLMAXSIZE            Maximum number of connections to keep in the pool.
+    PGPOOLIDLECONN           Maximum number of idle connections in the pool.
+    PGPOOLACQUIRETIMEOUT     Seconds after which 'acquire()' will fail.
+    PGPOOLBORROWTIMEOUT      Maximum seconds a connection can be borrowed for.
+    PGPOOLRETRYINTERVAL      Seconds to wait after connection creation failed.
+    PGPOOLVALIDATEONBORROW   Whether to validate connnections on borrow or not.
+
+  PostgreSQL:
+
+    PGHOST       Name of host to connect to.
+    PGPORT       Port number to connect to at the server host.
+    PGDATABASE   The database name.
+    PGUSER       PostgreSQL user name to connect as.
+    PGPASSWORD   Password to be used if the server demands authentication.
+
+    See also: https://www.postgresql.org/docs/current/libpq-envars.html
+
+Remarks:
+
+  Environment variables will also be read from a ".env" file in the current
+  directory (if such file exists).
+
+  See also: https://github.com/motdotla/dotenv
+`);
+  process.exit(1);
+}
+function showVersion() {
+  const path = fileURLToPath(import.meta.url);
+  const file = resolve(path, "..", "..", "package.json");
+  const data = readFileSync(file, "utf-8");
+  const json = JSON.parse(data);
+  console.log(`v${json.version}`);
+  process.exit(1);
+}
+var booleanValidator = boolean({ fromString: true });
+var numberValidator = number({ fromString: true, minimum: 0 });
+var stringValidator = string({ minLength: 1 });
+var poolValidator = object({
+  /* Connection pool options */
+  acquireTimeout: optional(numberValidator),
+  borrowTimeout: optional(numberValidator),
+  maximumIdleConnections: optional(numberValidator),
+  maximumPoolSize: optional(numberValidator),
+  minimumPoolSize: optional(numberValidator),
+  retryInterval: optional(numberValidator),
+  validateOnBorrow: optional(booleanValidator),
+  /* LibPQ options */
+  address: optional(stringValidator),
+  applicationName: optional(stringValidator),
+  connectTimeout: optional(numberValidator),
+  database: optional(stringValidator),
+  gssLibrary: optional("gssapi"),
+  host: optional(stringValidator),
+  keepalives: optional(booleanValidator),
+  keepalivesCount: optional(numberValidator),
+  keepalivesIdle: optional(numberValidator),
+  keepalivesInterval: optional(numberValidator),
+  kerberosServiceName: optional(stringValidator),
+  password: optional(stringValidator),
+  port: optional(numberValidator),
+  sslCertFile: optional(stringValidator),
+  sslCompression: optional(booleanValidator),
+  sslCrlFile: optional(stringValidator),
+  sslKeyFile: optional(stringValidator),
+  sslMode: optional(oneOf("disable", "allow", "prefer", "require", "verify-ca", "verify-full")),
+  sslRootCertFile: optional(stringValidator),
+  user: optional(stringValidator)
+});
+var serverValidator = object({
+  /* Proxy server */
+  secret: string({ minLength: 8 }),
+  address: optional(string({ minLength: 1 })),
+  port: optional(numberValidator),
+  backlog: optional(numberValidator),
+  healthCheck: optional(stringValidator),
+  /* Connection pool & database */
+  pool: optional(poolValidator),
+  /* Node HTTP server options */
+  connectionsCheckingInterval: optional(numberValidator),
+  highWaterMark: optional(numberValidator),
+  insecureHTTPParser: optional(booleanValidator),
+  joinDuplicateHeaders: optional(booleanValidator),
+  keepAlive: optional(booleanValidator),
+  keepAliveInitialDelay: optional(numberValidator),
+  keepAliveTimeout: optional(numberValidator),
+  maxHeaderSize: optional(numberValidator),
+  noDelay: optional(booleanValidator),
+  requestTimeout: optional(numberValidator)
+});
+function readConfigs(files2) {
+  dotEnvConfig();
+  const config = {
+    secret: process.env.PGPROXYSECRET,
+    address: process.env.PGPROXYADDRESS,
+    port: process.env.PGPROXYPORT || "54321",
+    healthCheck: process.env.PGPROXYHEALTHCHECK
+  };
+  for (const file of files2) {
+    const text = readFileSync(file, "utf-8");
+    Object.assign(config, parse(text));
+  }
+  return validate(serverValidator, config);
+}
+var { _: args, ...opts } = yargsParser(process.argv.slice(2), {
+  configuration: {
+    "camel-case-expansion": false,
+    "strip-aliased": true,
+    "strip-dashed": true
+  },
+  alias: {
+    "debug": ["d"],
+    "help": ["h"],
+    "version": ["v"]
+  },
+  boolean: [
+    "debug",
+    "help",
+    "version"
+  ]
+});
+var files = args.map((arg) => `${arg}`);
+var debug = !!opts.debug;
+if (opts.help)
+  showHelp();
+if (opts.version)
+  showVersion();
+for (const key of Object.keys(opts)) {
+  switch (key) {
+    case "debug":
+    case "help":
+    case "version":
+      continue;
+    default:
+      logger.error(`Unsupported / unknown option: --${key}
+`);
+      showHelp();
+  }
+}
+var options;
+try {
+  options = readConfigs(files);
+} catch (error) {
+  logger.error(error.message);
+  process.exit(1);
+}
+var server = new Server(logger, options);
+await server.start();
+logger.info(`DB proxy server running with PID ${process.pid}`);
+process.on("SIGINT", () => server.stop().then(() => process.exitCode = 0).catch((error) => {
+  logger.error(error);
+  process.exit(1);
+}));
+process.on("SIGTERM", () => server.stop().then(() => process.exitCode = 0).catch((error) => {
+  logger.error(error);
+  process.exit(1);
+}));
+process.on("SIGHUP", () => {
+  try {
+    options = readConfigs(files);
+  } catch (error) {
+    logger.error(error.message);
+    logger.error("Not restarting running server");
+  }
+  server.stop().then(() => {
+    server = new Server(logger, options);
+    return server.start();
+  }).catch((error) => {
+    logger.error(error);
+    process.exit(1);
+  });
+});
+//# sourceMappingURL=cli.mjs.map

package/dist/cli.mjs.map

@@ -0,0 +1,6 @@
+{
+  "version": 3,
+  "sources": ["../src/cli.mts"],
+  "mappings": ";;;AAIA,SAAS,oBAAoB;AAC7B,SAAS,eAAe;AACxB,SAAS,qBAAqB;AAE9B,SAAS,cAAc;AACvB,SAAS,UAAU,oBAAoB;AACvC,SAAS,aAAa;AACtB,SAAS,SAAS,QAAQ,QAAQ,OAAO,UAAU,QAAQ,gBAAgB;AAC3E,OAAO,iBAAiB;AAMxB,IAAM,SAAiB;AAAA,EACrB,OAAO,YAAYA,OAAmB;AACpC,QAAI;AAAO,cAAQ,IAAI,WAAW,GAAGA,KAAI;AAAA,EAC3C;AAAA,EACA,MAAM,YAAYA,OAAmB;AACnC,YAAQ,IAAI,WAAW,GAAGA,KAAI;AAAA,EAChC;AAAA,EACA,MAAM,YAAYA,OAAmB;AACnC,YAAQ,IAAI,WAAW,GAAGA,KAAI;AAAA,EAChC;AAAA,EACA,OAAO,YAAYA,OAAmB;AACpC,YAAQ,IAAI,WAAW,GAAGA,KAAI;AAAA,EAChC;AACF;AAMA,SAAS,WAAkB;AACzB,UAAQ,IAAI;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,CAgDb;AACC,UAAQ,KAAK,CAAC;AAChB;AAEA,SAAS,cAAqB;AAC5B,QAAM,OAAO,cAAc,YAAY,GAAG;AAC1C,QAAM,OAAO,QAAQ,MAAM,MAAM,MAAM,cAAc;AACrD,QAAM,OAAO,aAAa,MAAM,OAAO;AACvC,QAAM,OAAO,KAAK,MAAM,IAAI;AAC5B,UAAQ,IAAI,IAAI,KAAK,OAAO,EAAE;AAC9B,UAAQ,KAAK,CAAC;AAChB;AAOA,IAAM,mBAAmB,QAAQ,EAAE,YAAY,KAAK,CAAC;AACrD,IAAM,kBAAkB,OAAO,EAAE,YAAY,MAAM,SAAS,EAAE,CAAC;AAC/D,IAAM,kBAAkB,OAAO,EAAE,WAAW,EAAE,CAAC;AAG/C,IAAM,gBAAgB,OAAO;AAAA;AAAA,EAE3B,gBAAgB,SAAS,eAAe;AAAA,EACxC,eAAe,SAAS,eAAe;AAAA,EACvC,wBAAwB,SAAS,eAAe;AAAA,EAChD,iBAAiB,SAAS,eAAe;AAAA,EACzC,iBAAiB,SAAS,eAAe;AAAA,EACzC,eAAe,SAAS,eAAe;AAAA,EACvC,kBAAkB,SAAS,gBAAgB;AAAA;AAAA,EAE3C,SAAS,SAAS,eAAe;AAAA,EACjC,iBAAiB,SAAS,eAAe;AAAA,EACzC,gBAAgB,SAAS,eAAe;AAAA,EACxC,UAAU,SAAS,eAAe;AAAA,EAClC,YAAY,SAAS,QAAQ;AAAA,EAC7B,MAAM,SAAS,eAAe;AAAA,EAC9B,YAAY,SAAS,gBAAgB;AAAA,EACrC,iBAAiB,SAAS,eAAe;AAAA,EACzC,gBAAgB,SAAS,eAAe;AAAA,EACxC,oBAAoB,SAAS,eAAe;AAAA,EAC5C,qBAAqB,SAAS,eAAe;AAAA,EAC7C,UAAU,SAAS,eAAe;AAAA,EAClC,MAAM,SAAS,eAAe;AAAA,EAC9B,aAAa,SAAS,eAAe;AAAA,EACrC,gBAAgB,SAAS,gBAAgB;AAAA,EACzC,YAAY,SAAS,eAAe;AAAA,EACpC,YAAY,SAAS,eAAe;AAAA,EACpC,SAAS,SAAS,MAAM,WAAW,SAAS,UAAU,WAAW,aAAa,aAAa,CAAC;AAAA,EAC5F,iBAAiB,SAAS,eAAe;AAAA,EACzC,MAAM,SAAS,eAAe;AAChC,CAAC;AAGD,IAAM,kBAAkB,OAAO;AAAA;AAAA,EAE7B,QAAQ,OAAO,EAAE,WAAW,EAAE,CAAC;AAAA,EAC/B,SAAS,SAAS,OAAO,EAAE,WAAW,EAAE,CAAC,CAAC;AAAA,EAC1C,MAAM,SAAS,eAAe;AAAA,EAC9B,SAAS,SAAS,eAAe;AAAA,EACjC,aAAa,SAAS,eAAe;AAAA;AAAA,EAErC,MAAM,SAAS,aAAa;AAAA;AAAA,EAE5B,6BAA6B,SAAS,eAAe;AAAA,EACrD,eAAe,SAAS,eAAe;AAAA,EACvC,oBAAoB,SAAS,gBAAgB;AAAA,EAC7C,sBAAsB,SAAS,gBAAgB;AAAA,EAC/C,WAAW,SAAS,gBAAgB;AAAA,EACpC,uBAAuB,SAAS,eAAe;AAAA,EAC/C,kBAAkB,SAAS,eAAe;AAAA,EAC1C,eAAe,SAAS,eAAe;AAAA,EACvC,SAAS,SAAS,gBAAgB;AAAA,EAClC,gBAAgB,SAAS,eAAe;AAC1C,CAAC;AAED,SAAS,YAAYC,QAAgC;AAEnD,eAAa;AAGb,QAAM,SAA6C;AAAA,IACjD,QAAQ,QAAQ,IAAI;AAAA,IACpB,SAAS,QAAQ,IAAI;AAAA,IACrB,MAAM,QAAQ,IAAI,eAAe;AAAA,IACjC,aAAa,QAAQ,IAAI;AAAA,EAC3B;AAGA,aAAW,QAAQA,QAAO;AACxB,UAAM,OAAO,aAAa,MAAM,OAAO;AACvC,WAAO,OAAO,QAAQ,MAAM,IAAI,CAAC;AAAA,EACnC;AAGA,SAAO,SAAS,iBAAiB,MAAM;AACzC;AAQA,IAAM,EAAE,GAAG,MAAM,GAAG,KAAK,IAAI,YAAY,QAAQ,KAAK,MAAM,CAAC,GAAG;AAAA,EAC9D,eAAe;AAAA,IACb,wBAAwB;AAAA,IACxB,iBAAiB;AAAA,IACjB,gBAAgB;AAAA,EAClB;AAAA,EACA,OAAO;AAAA,IACL,SAAS,CAAE,GAAI;AAAA,IACf,QAAQ,CAAE,GAAI;AAAA,IACd,WAAW,CAAE,GAAI;AAAA,EACnB;AAAA,EACA,SAAS;AAAA,IACP;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF,CAAC;AAGD,IAAM,QAAQ,KAAK,IAAI,CAAC,QAAQ,GAAG,GAAG,EAAE;AACxC,IAAM,QAAQ,CAAC,CAAE,KAAK;AACtB,IAAI,KAAK;AAAM,WAAS;AACxB,IAAI,KAAK;AAAS,cAAY;AAC9B,WAAW,OAAO,OAAO,KAAK,IAAI,GAAG;AACnC,UAAQ,KAAK;AAAA,IACX,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AACH;AAAA,IACF;AACE,aAAO,MAAM,mCAAmC,GAAG;AAAA,CAAI;AACvD,eAAS;AAAA,EACb;AACF;AAGA,IAAI;AACJ,IAAI;AACF,YAAU,YAAY,KAAK;AAC7B,SAAS,OAAY;AACnB,SAAO,MAAM,MAAM,OAAO;AAC1B,UAAQ,KAAK,CAAC;AAChB;AAGA,IAAI,SAAS,IAAI,OAAO,QAAQ,OAAO;AACvC,MAAM,OAAO,MAAM;AACnB,OAAO,KAAK,oCAAoC,QAAQ,GAAG,EAAE;AAG7D,QAAQ,GAAG,UAAU,MAAM,OAAO,KAAK,EAClC,KAAK,MAAM,QAAQ,WAAW,CAAC,EAC/B,MAAM,CAAC,UAAU;AAChB,SAAO,MAAM,KAAK;AAClB,UAAQ,KAAK,CAAC;AAChB,CAAC,CAAC;AACN,QAAQ,GAAG,WAAW,MAAM,OAAO,KAAK,EACnC,KAAK,MAAM,QAAQ,WAAW,CAAC,EAC/B,MAAM,CAAC,UAAU;AAChB,SAAO,MAAM,KAAK;AAClB,UAAQ,KAAK,CAAC;AAChB,CAAC,CAAC;AAGN,QAAQ,GAAG,UAAU,MAAM;AACzB,MAAI;AACF,cAAU,YAAY,KAAK;AAAA,EAC7B,SAAS,OAAY;AACnB,WAAO,MAAM,MAAM,OAAO;AAC1B,WAAO,MAAM,+BAA+B;AAAA,EAC9C;AAEA,SAAO,KAAK,EACP,KAAK,MAAM;AACV,aAAS,IAAI,OAAO,QAAQ,OAAO;AACnC,WAAO,OAAO,MAAM;AAAA,EACtB,CAAC,EACA,MAAM,CAAC,UAAU;AAChB,WAAO,MAAM,KAAK;AAClB,YAAQ,KAAK,CAAC;AAAA,EAChB,CAAC;AACP,CAAC;",
+  "names": ["args", "files"]
+}

package/package.json

@@ -0,0 +1,40 @@
+{
+  "name": "@juit/pgproxy-cli",
+  "version": "1.0.0",
+  "bin": {
+    "pgproxy-server": "./dist/cli.mjs"
+  },
+  "author": "Juit Developers <developers@juit.com>",
+  "license": "Apache-2.0",
+  "repository": {
+    "type": "git",
+    "url": "git+ssh://git@github.com/juitnow/juit-pgproxy.git"
+  },
+  "keywords": [
+    "database",
+    "pg",
+    "pool",
+    "postgres",
+    "proxy"
+  ],
+  "bugs": {
+    "url": "https://github.com/juitnow/juit-pgproxy/issues"
+  },
+  "homepage": "https://github.com/juitnow/juit-pgproxy#readme",
+  "dependencies": {
+    "@juit/pgproxy-server": "^1.0.0",
+    "dotenv": "^16.3.1",
+    "ini": "^4.1.1",
+    "justus": "^0.5.7",
+    "ws": "^8.15.1",
+    "yargs-parser": "^21.1.1"
+  },
+  "directories": {
+    "test": "test"
+  },
+  "files": [
+    "*.md",
+    "dist/",
+    "src/"
+  ]
+}

package/src/cli.mts

@@ -0,0 +1,274 @@
+#!/usr/bin/env node
+/* coverage ignore file */
+/* eslint-disable no-console */
+
+import { readFileSync } from 'node:fs'
+import { resolve } from 'node:path'
+import { fileURLToPath } from 'node:url'
+
+import { Server } from '@juit/pgproxy-server'
+import { config as dotEnvConfig } from 'dotenv'
+import { parse } from 'ini'
+import { boolean, number, object, oneOf, optional, string, validate } from 'justus'
+import yargsParser from 'yargs-parser'
+
+import type { Logger } from '@juit/pgproxy-pool'
+import type { ServerOptions } from '@juit/pgproxy-server'
+
+/* Basic logger, used throughout */
+const logger: Logger = {
+  debug: function(...args: any[]): void {
+    if (debug) console.log('[DEBUG]', ...args)
+  },
+  info: function(...args: any[]): void {
+    console.log('[INFO] ', ...args)
+  },
+  warn: function(...args: any[]): void {
+    console.log('[WARN] ', ...args)
+  },
+  error: function(...args: any[]): void {
+    console.log('[ERROR]', ...args)
+  },
+}
+
+/* ========================================================================== *
+ * HELP AND VERSION                                                           *
+ * ========================================================================== */
+
+function showHelp(): never {
+  console.log(`
+Usage:
+
+  pgproxy-server [--options ...] [config file]
+
+Options:
+
+  --debug         Enable verbose logging.
+  --help          Show this help page and exit.
+  --version       Show version information and exit.
+
+  [config file]   An optional configuration file (in ".ini" format).
+
+Environment variables:
+
+  HTTP Server:
+
+    PGPROXYSECRET        The secret used to authenticate clients.
+    PGPROXYADDRESS       The address where this server will be bound to.
+    PGPROXYPORT          The port number where this server will be bound to.
+    PGPROXYHEALTHCHECK   Path for the unauthenticated health check GET request.
+
+  Connection Pool:
+
+    PGPOOLMINSIZE            Minimum number of connections to keep in the pool.
+    PGPOOLMAXSIZE            Maximum number of connections to keep in the pool.
+    PGPOOLIDLECONN           Maximum number of idle connections in the pool.
+    PGPOOLACQUIRETIMEOUT     Seconds after which 'acquire()' will fail.
+    PGPOOLBORROWTIMEOUT      Maximum seconds a connection can be borrowed for.
+    PGPOOLRETRYINTERVAL      Seconds to wait after connection creation failed.
+    PGPOOLVALIDATEONBORROW   Whether to validate connnections on borrow or not.
+
+  PostgreSQL:
+
+    PGHOST       Name of host to connect to.
+    PGPORT       Port number to connect to at the server host.
+    PGDATABASE   The database name.
+    PGUSER       PostgreSQL user name to connect as.
+    PGPASSWORD   Password to be used if the server demands authentication.
+
+    See also: https://www.postgresql.org/docs/current/libpq-envars.html
+
+Remarks:
+
+  Environment variables will also be read from a ".env" file in the current
+  directory (if such file exists).
+
+  See also: https://github.com/motdotla/dotenv
+`)
+  process.exit(1)
+}
+
+function showVersion(): never {
+  const path = fileURLToPath(import.meta.url)
+  const file = resolve(path, '..', '..', 'package.json')
+  const data = readFileSync(file, 'utf-8')
+  const json = JSON.parse(data)
+  console.log(`v${json.version}`)
+  process.exit(1)
+}
+
+/* ========================================================================== *
+ * CONFIGURATION                                                              *
+ * ========================================================================== */
+
+/* Validation */
+const booleanValidator = boolean({ fromString: true })
+const numberValidator = number({ fromString: true, minimum: 0 })
+const stringValidator = string({ minLength: 1 })
+
+/* PoolOptions validator */
+const poolValidator = object({
+  /* Connection pool options */
+  acquireTimeout: optional(numberValidator),
+  borrowTimeout: optional(numberValidator),
+  maximumIdleConnections: optional(numberValidator),
+  maximumPoolSize: optional(numberValidator),
+  minimumPoolSize: optional(numberValidator),
+  retryInterval: optional(numberValidator),
+  validateOnBorrow: optional(booleanValidator),
+  /* LibPQ options */
+  address: optional(stringValidator),
+  applicationName: optional(stringValidator),
+  connectTimeout: optional(numberValidator),
+  database: optional(stringValidator),
+  gssLibrary: optional('gssapi'),
+  host: optional(stringValidator),
+  keepalives: optional(booleanValidator),
+  keepalivesCount: optional(numberValidator),
+  keepalivesIdle: optional(numberValidator),
+  keepalivesInterval: optional(numberValidator),
+  kerberosServiceName: optional(stringValidator),
+  password: optional(stringValidator),
+  port: optional(numberValidator),
+  sslCertFile: optional(stringValidator),
+  sslCompression: optional(booleanValidator),
+  sslCrlFile: optional(stringValidator),
+  sslKeyFile: optional(stringValidator),
+  sslMode: optional(oneOf('disable', 'allow', 'prefer', 'require', 'verify-ca', 'verify-full')),
+  sslRootCertFile: optional(stringValidator),
+  user: optional(stringValidator),
+})
+
+/* ServerOptions validator */
+const serverValidator = object({
+  /* Proxy server */
+  secret: string({ minLength: 8 }),
+  address: optional(string({ minLength: 1 })),
+  port: optional(numberValidator),
+  backlog: optional(numberValidator),
+  healthCheck: optional(stringValidator),
+  /* Connection pool & database */
+  pool: optional(poolValidator),
+  /* Node HTTP server options */
+  connectionsCheckingInterval: optional(numberValidator),
+  highWaterMark: optional(numberValidator),
+  insecureHTTPParser: optional(booleanValidator),
+  joinDuplicateHeaders: optional(booleanValidator),
+  keepAlive: optional(booleanValidator),
+  keepAliveInitialDelay: optional(numberValidator),
+  keepAliveTimeout: optional(numberValidator),
+  maxHeaderSize: optional(numberValidator),
+  noDelay: optional(booleanValidator),
+  requestTimeout: optional(numberValidator),
+})
+
+function readConfigs(files: string[]): ServerOptions {
+  /* First, parse any and all ".env" file in CWD for environment variables */
+  dotEnvConfig()
+
+  /* Base configuration fron environment variables */
+  const config: Record<string, string | undefined> = {
+    secret: process.env.PGPROXYSECRET,
+    address: process.env.PGPROXYADDRESS,
+    port: process.env.PGPROXYPORT || '54321',
+    healthCheck: process.env.PGPROXYHEALTHCHECK,
+  }
+
+  /* Parse command line files */
+  for (const file of files) {
+    const text = readFileSync(file, 'utf-8')
+    Object.assign(config, parse(text))
+  }
+
+  /* Validate and return our options */
+  return validate(serverValidator, config)
+}
+
+
+/* ========================================================================== *
+ * STARTUP                                                                    *
+ * ========================================================================== */
+
+/* Then parse our command line arguments */
+const { _: args, ...opts } = yargsParser(process.argv.slice(2), {
+  configuration: {
+    'camel-case-expansion': false,
+    'strip-aliased': true,
+    'strip-dashed': true,
+  },
+  alias: {
+    'debug': [ 'd' ],
+    'help': [ 'h' ],
+    'version': [ 'v' ],
+  },
+  boolean: [
+    'debug',
+    'help',
+    'version',
+  ],
+})
+
+/* Process each option, one by one */
+const files = args.map((arg) => `${arg}`)
+const debug = !! opts.debug
+if (opts.help) showHelp()
+if (opts.version) showVersion()
+for (const key of Object.keys(opts)) {
+  switch (key) {
+    case 'debug':
+    case 'help':
+    case 'version':
+      continue
+    default:
+      logger.error(`Unsupported / unknown option: --${key}\n`)
+      showHelp()
+  }
+}
+
+/* Read our configs */
+let options: ServerOptions
+try {
+  options = readConfigs(files)
+} catch (error: any) {
+  logger.error(error.message)
+  process.exit(1)
+}
+
+/* Start our server */
+let server = new Server(logger, options)
+await server.start()
+logger.info(`DB proxy server running with PID ${process.pid}`)
+
+/* Gracefully terminate on CTRL-C or "kill -TERM $PID" */
+process.on('SIGINT', () => server.stop()
+    .then(() => process.exitCode = 0)
+    .catch((error) => {
+      logger.error(error)
+      process.exit(1)
+    }))
+process.on('SIGTERM', () => server.stop()
+    .then(() => process.exitCode = 0)
+    .catch((error) => {
+      logger.error(error)
+      process.exit(1)
+    }))
+
+/* Reload configurations and restart server on "kill -HUP $PID" */
+process.on('SIGHUP', () => {
+  try {
+    options = readConfigs(files)
+  } catch (error: any) {
+    logger.error(error.message)
+    logger.error('Not restarting running server')
+  }
+
+  server.stop()
+      .then(() => {
+        server = new Server(logger, options)
+        return server.start()
+      })
+      .catch((error) => {
+        logger.error(error)
+        process.exit(1) // critical, let systemd handle restarts!
+      })
+})