@juit/pgproxy-client-whatwg 1.0.0

package/README.md

@@ -0,0 +1,34 @@
+# PostgreSQL Proxy Client (WHATWG + WebCrypto Implementation)
+
+This package provides client for PGProxy Servers based on WHATWG `fetch` and
+WebSockets, and the WebCrypto API.
+
+* [Usage with PGClient](#usage-with-pgclient)
+* [Direct Usage](#direct-usage)
+* [PGProxy](https://github.com/juitnow/juit-pgproxy/blob/main/README.md)
+* [Copyright Notice](https://github.com/juitnow/juit-pgproxy/blob/main/NOTICE.md)
+* [License](https://github.com/juitnow/juit-pgproxy/blob/main/NOTICE.md)
+
+### Usage with PGClient
+
+Simply register the client by importing it, and ensure that the `PGURL`
+environment variable is set to the HTTP/HTTPS url of the server (or specify
+the URL in the constructor):
+
+```ts
+import '@juit/pgproxy-client-whatwg'
+import { PGClient } from '@juit/pgproxy-client'
+
+const client = new PGClient('https://my-secret@my-pgproxy-server:54321/')
+```
+
+### Direct usage
+
+The WHATWG client can be used directly by simply importing the `WHATWGClient`
+class:
+
+```ts
+import { WHATWGClient } from '@juit/pgproxy-client-whatwg'
+
+const client = new WHATWGClient('https://my-secret@my-pgproxy-server:54321/')
+```

package/dist/index.cjs

@@ -0,0 +1,139 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// index.ts
+var src_exports = {};
+__export(src_exports, {
+  WHATWGClient: () => WHATWGClient,
+  WHATWGProvider: () => WHATWGProvider
+});
+module.exports = __toCommonJS(src_exports);
+var import_pgproxy_client = require("@juit/pgproxy-client");
+async function createToken(secret, crypto = globalThis.crypto) {
+  const encoder = new TextEncoder();
+  const buffer = new ArrayBuffer(48);
+  const token = new Uint8Array(buffer);
+  crypto.getRandomValues(token);
+  const timestamp = new DataView(buffer, 0, 8);
+  timestamp.setBigInt64(0, BigInt(Date.now()), true);
+  const header = new Uint8Array(buffer, 0, 16);
+  const key = await crypto.subtle.importKey(
+    "raw",
+    // ........................ // Our key type
+    encoder.encode(secret),
+    // ....... // UTF-8 representation of the secret
+    { name: "HMAC", hash: "SHA-256" },
+    // We want the HMAC(SHA-256)
+    false,
+    // ........................ // The key is not exportable
+    ["sign", "verify"]
+  );
+  const signature = await crypto.subtle.sign(
+    "HMAC",
+    // ............. // We need an HMAC
+    key,
+    // ................ // Use the key as allocated above
+    header
+  );
+  token.set(new Uint8Array(signature), 16);
+  const string = String.fromCharCode(...token);
+  return btoa(string).replaceAll("+", "-").replaceAll("/", "_");
+}
+var WHATWGProvider = class _WHATWGProvider extends import_pgproxy_client.WebSocketProvider {
+  constructor(url, options = {}) {
+    super();
+    const {
+      WebSocket = _WHATWGProvider.WebSocket,
+      crypto = _WHATWGProvider.crypto,
+      fetch = _WHATWGProvider.fetch
+    } = options;
+    url = new URL(url);
+    (0, import_pgproxy_client.assert)(/^https?:$/.test(url.protocol), `Unsupported protocol "${url.protocol}"`);
+    const secret = decodeURIComponent(url.password || url.username);
+    (0, import_pgproxy_client.assert)(secret, "No connection secret specified in URL");
+    url.password = "";
+    url.username = "";
+    const baseHttpUrl = new URL(url);
+    const baseWsUrl = new URL(url);
+    baseWsUrl.protocol = `ws${baseWsUrl.protocol.slice(4)}`;
+    this._getUniqueRequestId = () => crypto.randomUUID();
+    this._getWebSocket = async () => {
+      const token = await createToken(secret, crypto);
+      const wsUrl = new URL(baseWsUrl);
+      wsUrl.searchParams.set("auth", token);
+      return this._connectWebSocket(new WebSocket(wsUrl));
+    };
+    this.query = async (query, params) => {
+      const token = await createToken(secret, crypto);
+      const httpUrl = new URL(baseHttpUrl);
+      httpUrl.searchParams.set("auth", token);
+      const id = crypto.randomUUID();
+      const response = await fetch(httpUrl, {
+        method: "POST",
+        headers: { "content-type": "application/json" },
+        body: JSON.stringify({ id, query, params })
+      });
+      if (response.headers.get("content-type") !== "application/json") {
+        throw new Error(`Invalid response (status=${response.status})`);
+      }
+      let payload;
+      try {
+        payload = await response.json();
+      } catch (error) {
+        throw new Error(`Unable to parse JSON payload (status=${response.status})`);
+      }
+      (0, import_pgproxy_client.assert)(payload && typeof payload === "object", "JSON payload is not an object");
+      (0, import_pgproxy_client.assert)(payload.id === id, 'Invalid/uncorrelated ID in response"');
+      if (payload.statusCode === 200)
+        return payload;
+      throw new Error(`${payload.error || /* coverage ignore next */
+      "Unknown error"} (${payload.statusCode})`);
+    };
+  }
+  /* ======================================================================== *
+   * METHODS FROM CONSTRUCTOR                                                 *
+   * ======================================================================== */
+  query;
+  _getWebSocket;
+  _getUniqueRequestId;
+  /* ======================================================================== *
+   * ENVIRONMENT OVERRIDES                                                    *
+   * ======================================================================== */
+  /** Constructor for {@link WebSocket} instances (default: `globalThis.WebSocket`) */
+  static WebSocket = globalThis.WebSocket;
+  /** Web Cryptography API implementation (default: `globalThis.crypto`) */
+  static crypto = globalThis.crypto;
+  /** WHATWG `fetch` implementation (default: `globalThis.fetch`) */
+  static fetch = globalThis.fetch;
+};
+var WHATWGClient = class extends import_pgproxy_client.PGClient {
+  constructor(url) {
+    url = url || globalThis.process?.env?.PGURL;
+    (0, import_pgproxy_client.assert)(url, "No URL to connect to (PGURL environment variable missing?)");
+    super(new WHATWGProvider(typeof url === "string" ? new URL(url) : url));
+  }
+};
+(0, import_pgproxy_client.registerProvider)("http", WHATWGProvider);
+(0, import_pgproxy_client.registerProvider)("https", WHATWGProvider);
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  WHATWGClient,
+  WHATWGProvider
+});
+//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map

@@ -0,0 +1,6 @@
+{
+  "version": 3,
+  "sources": ["../src/index.ts"],
+  "mappings": ";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,4BAAsE;AAsBtE,eAAe,YACX,QACA,SAAwB,WAAW,QACpB;AACjB,QAAM,UAAU,IAAI,YAAY;AAGhC,QAAM,SAAS,IAAI,YAAY,EAAE;AACjC,QAAM,QAAQ,IAAI,WAAW,MAAM;AAGnC,SAAO,gBAAgB,KAAK;AAG5B,QAAM,YAAY,IAAI,SAAS,QAAQ,GAAG,CAAC;AAC3C,YAAU,YAAY,GAAG,OAAO,KAAK,IAAI,CAAC,GAAG,IAAI;AAGjD,QAAM,SAAS,IAAI,WAAW,QAAQ,GAAG,EAAE;AAG3C,QAAM,MAAM,MAAM,OAAO,OAAO;AAAA,IAC5B;AAAA;AAAA,IACA,QAAQ,OAAO,MAAM;AAAA;AAAA,IACrB,EAAE,MAAM,QAAQ,MAAM,UAAU;AAAA;AAAA,IAChC;AAAA;AAAA,IACA,CAAE,QAAQ,QAAS;AAAA,EAAC;AAGxB,QAAM,YAAY,MAAM,OAAO,OAAO;AAAA,IAClC;AAAA;AAAA,IACA;AAAA;AAAA,IACA;AAAA,EAAM;AAGV,QAAM,IAAI,IAAI,WAAW,SAAS,GAAG,EAAE;AAGvC,QAAM,SAAS,OAAO,aAAa,GAAG,KAAK;AAC3C,SAAO,KAAK,MAAM,EACb,WAAW,KAAK,GAAG,EACnB,WAAW,KAAK,GAAG;AAC1B;AAYO,IAAM,iBAAN,MAAM,wBAAuB,wCAAkB;AAAA,EACpD,YAAY,KAAU,UAAyB,CAAC,GAAG;AACjD,UAAM;AAEN,UAAM;AAAA,MACJ,YAAY,gBAAe;AAAA,MAC3B,SAAS,gBAAe;AAAA,MACxB,QAAQ,gBAAe;AAAA,IACzB,IAAI;AAGJ,UAAM,IAAI,IAAI,GAAG;AACjB,sCAAO,YAAY,KAAK,IAAI,QAAQ,GAAG,yBAAyB,IAAI,QAAQ,GAAG;AAI/E,UAAM,SAAS,mBAAmB,IAAI,YAAY,IAAI,QAAQ;AAC9D,sCAAO,QAAQ,uCAAuC;AACtD,QAAI,WAAW;AACf,QAAI,WAAW;AAGf,UAAM,cAAc,IAAI,IAAI,GAAG;AAC/B,UAAM,YAAY,IAAI,IAAI,GAAG;AAC7B,cAAU,WAAW,KAAK,UAAU,SAAS,MAAM,CAAC,CAAC;AAGrD,SAAK,sBAAsB,MAAc,OAAO,WAAW;AAE3D,SAAK,gBAAgB,YAAkC;AACrD,YAAM,QAAQ,MAAM,YAAY,QAAQ,MAAM;AAC9C,YAAM,QAAQ,IAAI,IAAI,SAAS;AAC/B,YAAM,aAAa,IAAI,QAAQ,KAAK;AACpC,aAAO,KAAK,kBAAkB,IAAI,UAAU,KAAK,CAAC;AAAA,IACpD;AAEA,SAAK,QAAQ,OACT,OACA,WAC8B;AAChC,YAAM,QAAQ,MAAM,YAAY,QAAQ,MAAM;AAC9C,YAAM,UAAU,IAAI,IAAI,WAAW;AACnC,cAAQ,aAAa,IAAI,QAAQ,KAAK;AAGtC,YAAM,KAAK,OAAO,WAAW;AAG7B,YAAM,WAAW,MAAM,MAAM,SAAS;AAAA,QACpC,QAAQ;AAAA,QACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,QAC9C,MAAM,KAAK,UAAU,EAAE,IAAI,OAAO,OAAO,CAAmB;AAAA,MAC9D,CAAC;AAED,UAAI,SAAS,QAAQ,IAAI,cAAc,MAAM,oBAAoB;AAC/D,cAAM,IAAI,MAAM,4BAA4B,SAAS,MAAM,GAAG;AAAA,MAChE;AAEA,UAAI;AAEJ,UAAI;AACF,kBAAU,MAAM,SAAS,KAAK;AAAA,MAChC,SAAS,OAAO;AACd,cAAM,IAAI,MAAM,wCAAwC,SAAS,MAAM,GAAG;AAAA,MAC5E;AAGA,wCAAO,WAAY,OAAO,YAAY,UAAW,+BAA+B;AAChF,wCAAO,QAAQ,OAAO,IAAI,sCAAsC;AAGhE,UAAI,QAAQ,eAAe;AAAK,eAAO;AACvC,YAAM,IAAI,MAAM,GAAG,QAAQ;AAAA,MAAoC,eAAe,KAAK,QAAQ,UAAU,GAAG;AAAA,IAC1G;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAMA;AAAA,EACU;AAAA,EACA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOV,OAAO,YAA8B,WAAW;AAAA;AAAA,EAEhD,OAAO,SAAwB,WAAW;AAAA;AAAA,EAE1C,OAAO,QAAQ,WAAW;AAC5B;AAEO,IAAM,eAAN,cAA2B,+BAAS;AAAA,EACzC,YAAY,KAAoB;AAC9B,UAAM,OAAQ,WAAmB,SAAS,KAAK;AAC/C,sCAAO,KAAK,4DAA4D;AACxE,UAAM,IAAI,eAAe,OAAO,QAAQ,WAAW,IAAI,IAAI,GAAG,IAAI,GAAG,CAAC;AAAA,EACxE;AACF;AAAA,IAEA,wCAAiB,QAAQ,cAAc;AAAA,IACvC,wCAAiB,SAAS,cAAc;",
+  "names": []
+}

package/dist/index.d.ts

@@ -0,0 +1,34 @@
+import { PGClient, WebSocketProvider } from '@juit/pgproxy-client';
+import type { PGConnectionResult, PGWebSocket } from '@juit/pgproxy-client';
+type MimimalCrypto = {
+    getRandomValues: Crypto['getRandomValues'];
+    randomUUID: Crypto['randomUUID'];
+    subtle: {
+        importKey: SubtleCrypto['importKey'];
+        sign: SubtleCrypto['sign'];
+    };
+};
+type MimimalWebSocket = {
+    new (url: URL): PGWebSocket;
+};
+export interface WHATWGOptions {
+    WebSocket?: typeof globalThis.WebSocket;
+    crypto?: MimimalCrypto;
+    fetch?: typeof globalThis.fetch;
+}
+export declare class WHATWGProvider extends WebSocketProvider {
+    constructor(url: URL, options?: WHATWGOptions);
+    query: (query: string, params: (string | null)[]) => Promise<PGConnectionResult>;
+    protected _getWebSocket: () => Promise<PGWebSocket>;
+    protected _getUniqueRequestId: () => string;
+    /** Constructor for {@link WebSocket} instances (default: `globalThis.WebSocket`) */
+    static WebSocket: MimimalWebSocket;
+    /** Web Cryptography API implementation (default: `globalThis.crypto`) */
+    static crypto: MimimalCrypto;
+    /** WHATWG `fetch` implementation (default: `globalThis.fetch`) */
+    static fetch: typeof fetch;
+}
+export declare class WHATWGClient extends PGClient {
+    constructor(url?: URL | string);
+}
+export {};

package/dist/index.mjs

@@ -0,0 +1,113 @@
+// index.ts
+import { PGClient, WebSocketProvider, assert, registerProvider } from "@juit/pgproxy-client";
+async function createToken(secret, crypto = globalThis.crypto) {
+  const encoder = new TextEncoder();
+  const buffer = new ArrayBuffer(48);
+  const token = new Uint8Array(buffer);
+  crypto.getRandomValues(token);
+  const timestamp = new DataView(buffer, 0, 8);
+  timestamp.setBigInt64(0, BigInt(Date.now()), true);
+  const header = new Uint8Array(buffer, 0, 16);
+  const key = await crypto.subtle.importKey(
+    "raw",
+    // ........................ // Our key type
+    encoder.encode(secret),
+    // ....... // UTF-8 representation of the secret
+    { name: "HMAC", hash: "SHA-256" },
+    // We want the HMAC(SHA-256)
+    false,
+    // ........................ // The key is not exportable
+    ["sign", "verify"]
+  );
+  const signature = await crypto.subtle.sign(
+    "HMAC",
+    // ............. // We need an HMAC
+    key,
+    // ................ // Use the key as allocated above
+    header
+  );
+  token.set(new Uint8Array(signature), 16);
+  const string = String.fromCharCode(...token);
+  return btoa(string).replaceAll("+", "-").replaceAll("/", "_");
+}
+var WHATWGProvider = class _WHATWGProvider extends WebSocketProvider {
+  constructor(url, options = {}) {
+    super();
+    const {
+      WebSocket = _WHATWGProvider.WebSocket,
+      crypto = _WHATWGProvider.crypto,
+      fetch = _WHATWGProvider.fetch
+    } = options;
+    url = new URL(url);
+    assert(/^https?:$/.test(url.protocol), `Unsupported protocol "${url.protocol}"`);
+    const secret = decodeURIComponent(url.password || url.username);
+    assert(secret, "No connection secret specified in URL");
+    url.password = "";
+    url.username = "";
+    const baseHttpUrl = new URL(url);
+    const baseWsUrl = new URL(url);
+    baseWsUrl.protocol = `ws${baseWsUrl.protocol.slice(4)}`;
+    this._getUniqueRequestId = () => crypto.randomUUID();
+    this._getWebSocket = async () => {
+      const token = await createToken(secret, crypto);
+      const wsUrl = new URL(baseWsUrl);
+      wsUrl.searchParams.set("auth", token);
+      return this._connectWebSocket(new WebSocket(wsUrl));
+    };
+    this.query = async (query, params) => {
+      const token = await createToken(secret, crypto);
+      const httpUrl = new URL(baseHttpUrl);
+      httpUrl.searchParams.set("auth", token);
+      const id = crypto.randomUUID();
+      const response = await fetch(httpUrl, {
+        method: "POST",
+        headers: { "content-type": "application/json" },
+        body: JSON.stringify({ id, query, params })
+      });
+      if (response.headers.get("content-type") !== "application/json") {
+        throw new Error(`Invalid response (status=${response.status})`);
+      }
+      let payload;
+      try {
+        payload = await response.json();
+      } catch (error) {
+        throw new Error(`Unable to parse JSON payload (status=${response.status})`);
+      }
+      assert(payload && typeof payload === "object", "JSON payload is not an object");
+      assert(payload.id === id, 'Invalid/uncorrelated ID in response"');
+      if (payload.statusCode === 200)
+        return payload;
+      throw new Error(`${payload.error || /* coverage ignore next */
+      "Unknown error"} (${payload.statusCode})`);
+    };
+  }
+  /* ======================================================================== *
+   * METHODS FROM CONSTRUCTOR                                                 *
+   * ======================================================================== */
+  query;
+  _getWebSocket;
+  _getUniqueRequestId;
+  /* ======================================================================== *
+   * ENVIRONMENT OVERRIDES                                                    *
+   * ======================================================================== */
+  /** Constructor for {@link WebSocket} instances (default: `globalThis.WebSocket`) */
+  static WebSocket = globalThis.WebSocket;
+  /** Web Cryptography API implementation (default: `globalThis.crypto`) */
+  static crypto = globalThis.crypto;
+  /** WHATWG `fetch` implementation (default: `globalThis.fetch`) */
+  static fetch = globalThis.fetch;
+};
+var WHATWGClient = class extends PGClient {
+  constructor(url) {
+    url = url || globalThis.process?.env?.PGURL;
+    assert(url, "No URL to connect to (PGURL environment variable missing?)");
+    super(new WHATWGProvider(typeof url === "string" ? new URL(url) : url));
+  }
+};
+registerProvider("http", WHATWGProvider);
+registerProvider("https", WHATWGProvider);
+export {
+  WHATWGClient,
+  WHATWGProvider
+};
+//# sourceMappingURL=index.mjs.map

package/dist/index.mjs.map

@@ -0,0 +1,6 @@
+{
+  "version": 3,
+  "sources": ["../src/index.ts"],
+  "mappings": ";AAAA,SAAS,UAAU,mBAAmB,QAAQ,wBAAwB;AAsBtE,eAAe,YACX,QACA,SAAwB,WAAW,QACpB;AACjB,QAAM,UAAU,IAAI,YAAY;AAGhC,QAAM,SAAS,IAAI,YAAY,EAAE;AACjC,QAAM,QAAQ,IAAI,WAAW,MAAM;AAGnC,SAAO,gBAAgB,KAAK;AAG5B,QAAM,YAAY,IAAI,SAAS,QAAQ,GAAG,CAAC;AAC3C,YAAU,YAAY,GAAG,OAAO,KAAK,IAAI,CAAC,GAAG,IAAI;AAGjD,QAAM,SAAS,IAAI,WAAW,QAAQ,GAAG,EAAE;AAG3C,QAAM,MAAM,MAAM,OAAO,OAAO;AAAA,IAC5B;AAAA;AAAA,IACA,QAAQ,OAAO,MAAM;AAAA;AAAA,IACrB,EAAE,MAAM,QAAQ,MAAM,UAAU;AAAA;AAAA,IAChC;AAAA;AAAA,IACA,CAAE,QAAQ,QAAS;AAAA,EAAC;AAGxB,QAAM,YAAY,MAAM,OAAO,OAAO;AAAA,IAClC;AAAA;AAAA,IACA;AAAA;AAAA,IACA;AAAA,EAAM;AAGV,QAAM,IAAI,IAAI,WAAW,SAAS,GAAG,EAAE;AAGvC,QAAM,SAAS,OAAO,aAAa,GAAG,KAAK;AAC3C,SAAO,KAAK,MAAM,EACb,WAAW,KAAK,GAAG,EACnB,WAAW,KAAK,GAAG;AAC1B;AAYO,IAAM,iBAAN,MAAM,wBAAuB,kBAAkB;AAAA,EACpD,YAAY,KAAU,UAAyB,CAAC,GAAG;AACjD,UAAM;AAEN,UAAM;AAAA,MACJ,YAAY,gBAAe;AAAA,MAC3B,SAAS,gBAAe;AAAA,MACxB,QAAQ,gBAAe;AAAA,IACzB,IAAI;AAGJ,UAAM,IAAI,IAAI,GAAG;AACjB,WAAO,YAAY,KAAK,IAAI,QAAQ,GAAG,yBAAyB,IAAI,QAAQ,GAAG;AAI/E,UAAM,SAAS,mBAAmB,IAAI,YAAY,IAAI,QAAQ;AAC9D,WAAO,QAAQ,uCAAuC;AACtD,QAAI,WAAW;AACf,QAAI,WAAW;AAGf,UAAM,cAAc,IAAI,IAAI,GAAG;AAC/B,UAAM,YAAY,IAAI,IAAI,GAAG;AAC7B,cAAU,WAAW,KAAK,UAAU,SAAS,MAAM,CAAC,CAAC;AAGrD,SAAK,sBAAsB,MAAc,OAAO,WAAW;AAE3D,SAAK,gBAAgB,YAAkC;AACrD,YAAM,QAAQ,MAAM,YAAY,QAAQ,MAAM;AAC9C,YAAM,QAAQ,IAAI,IAAI,SAAS;AAC/B,YAAM,aAAa,IAAI,QAAQ,KAAK;AACpC,aAAO,KAAK,kBAAkB,IAAI,UAAU,KAAK,CAAC;AAAA,IACpD;AAEA,SAAK,QAAQ,OACT,OACA,WAC8B;AAChC,YAAM,QAAQ,MAAM,YAAY,QAAQ,MAAM;AAC9C,YAAM,UAAU,IAAI,IAAI,WAAW;AACnC,cAAQ,aAAa,IAAI,QAAQ,KAAK;AAGtC,YAAM,KAAK,OAAO,WAAW;AAG7B,YAAM,WAAW,MAAM,MAAM,SAAS;AAAA,QACpC,QAAQ;AAAA,QACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,QAC9C,MAAM,KAAK,UAAU,EAAE,IAAI,OAAO,OAAO,CAAmB;AAAA,MAC9D,CAAC;AAED,UAAI,SAAS,QAAQ,IAAI,cAAc,MAAM,oBAAoB;AAC/D,cAAM,IAAI,MAAM,4BAA4B,SAAS,MAAM,GAAG;AAAA,MAChE;AAEA,UAAI;AAEJ,UAAI;AACF,kBAAU,MAAM,SAAS,KAAK;AAAA,MAChC,SAAS,OAAO;AACd,cAAM,IAAI,MAAM,wCAAwC,SAAS,MAAM,GAAG;AAAA,MAC5E;AAGA,aAAO,WAAY,OAAO,YAAY,UAAW,+BAA+B;AAChF,aAAO,QAAQ,OAAO,IAAI,sCAAsC;AAGhE,UAAI,QAAQ,eAAe;AAAK,eAAO;AACvC,YAAM,IAAI,MAAM,GAAG,QAAQ;AAAA,MAAoC,eAAe,KAAK,QAAQ,UAAU,GAAG;AAAA,IAC1G;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAMA;AAAA,EACU;AAAA,EACA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOV,OAAO,YAA8B,WAAW;AAAA;AAAA,EAEhD,OAAO,SAAwB,WAAW;AAAA;AAAA,EAE1C,OAAO,QAAQ,WAAW;AAC5B;AAEO,IAAM,eAAN,cAA2B,SAAS;AAAA,EACzC,YAAY,KAAoB;AAC9B,UAAM,OAAQ,WAAmB,SAAS,KAAK;AAC/C,WAAO,KAAK,4DAA4D;AACxE,UAAM,IAAI,eAAe,OAAO,QAAQ,WAAW,IAAI,IAAI,GAAG,IAAI,GAAG,CAAC;AAAA,EACxE;AACF;AAEA,iBAAiB,QAAQ,cAAc;AACvC,iBAAiB,SAAS,cAAc;",
+  "names": []
+}

package/package.json

@@ -0,0 +1,47 @@
+{
+  "name": "@juit/pgproxy-client-whatwg",
+  "version": "1.0.0",
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.mjs",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "require": {
+        "types": "./dist/index.d.ts",
+        "default": "./dist/index.cjs"
+      },
+      "import": {
+        "types": "./dist/index.d.ts",
+        "default": "./dist/index.mjs"
+      }
+    }
+  },
+  "author": "Juit Developers <developers@juit.com>",
+  "license": "Apache-2.0",
+  "repository": {
+    "type": "git",
+    "url": "git+ssh://git@github.com/juitnow/juit-pgproxy.git"
+  },
+  "keywords": [
+    "database",
+    "pg",
+    "pool",
+    "postgres",
+    "proxy"
+  ],
+  "bugs": {
+    "url": "https://github.com/juitnow/juit-pgproxy/issues"
+  },
+  "homepage": "https://github.com/juitnow/juit-pgproxy#readme",
+  "dependencies": {
+    "@juit/pgproxy-client": "1.0.0"
+  },
+  "directories": {
+    "test": "test"
+  },
+  "files": [
+    "*.md",
+    "dist/",
+    "src/"
+  ]
+}

package/src/index.ts

@@ -0,0 +1,182 @@
+import { PGClient, WebSocketProvider, assert, registerProvider } from '@juit/pgproxy-client'
+
+import type { PGConnectionResult, PGWebSocket } from '@juit/pgproxy-client'
+import type { Request, Response } from '@juit/pgproxy-server'
+
+type MimimalCrypto = {
+  getRandomValues: Crypto['getRandomValues']
+  randomUUID: Crypto['randomUUID']
+  subtle: {
+    importKey: SubtleCrypto['importKey']
+    sign: SubtleCrypto['sign']
+  }
+}
+
+type MimimalWebSocket = {
+  new (url: URL): PGWebSocket
+}
+
+/* ========================================================================== *
+ * INTERNALS                                                                  *
+ * ========================================================================== */
+
+async function createToken(
+    secret: string,
+    crypto: MimimalCrypto = globalThis.crypto,
+): Promise<string> {
+  const encoder = new TextEncoder()
+
+  /* Prepare the buffer and its Uint8Array view for the token */
+  const buffer = new ArrayBuffer(48)
+  const token = new Uint8Array(buffer)
+
+  /* Fill the whole token with random data */
+  crypto.getRandomValues(token)
+
+  /* Write the timestamp at offset 0 as a little endian 64-bits bigint */
+  const timestamp = new DataView(buffer, 0, 8)
+  timestamp.setBigInt64(0, BigInt(Date.now()), true)
+
+  /* Prepare the message, concatenating the header and database name */
+  const header = new Uint8Array(buffer, 0, 16)
+
+  /* Prepare the key for HMAC-SHA-256 */
+  const key = await crypto.subtle.importKey(
+      'raw', // ........................ // Our key type
+      encoder.encode(secret), // ....... // UTF-8 representation of the secret
+      { name: 'HMAC', hash: 'SHA-256' }, // We want the HMAC(SHA-256)
+      false, // ........................ // The key is not exportable
+      [ 'sign', 'verify' ]) // ......... // Key is used to sign and verify
+
+  /* Compute the signature of the message using the key */
+  const signature = await crypto.subtle.sign(
+      'HMAC', // ............. // We need an HMAC
+      key, // ................ // Use the key as allocated above
+      header) // ............ // The message to sign, as UTF-8
+
+  /* Copy the signature into our token */
+  token.set(new Uint8Array(signature), 16)
+
+  /* Encode the token as an URL-safe BASE-64 string */
+  const string = String.fromCharCode(...token)
+  return btoa(string)
+      .replaceAll('+', '-')
+      .replaceAll('/', '_')
+}
+
+/* ========================================================================== *
+ * WHATWG PROVIDER AND CLIENT IMPLEMENTATION                                  *
+ * ========================================================================== */
+
+export interface WHATWGOptions {
+  WebSocket?: typeof globalThis.WebSocket,
+  crypto?: MimimalCrypto, // typeof globalThis.crypto,
+  fetch?: typeof globalThis.fetch,
+}
+
+export class WHATWGProvider extends WebSocketProvider {
+  constructor(url: URL, options: WHATWGOptions = {}) {
+    super()
+
+    const {
+      WebSocket = WHATWGProvider.WebSocket,
+      crypto = WHATWGProvider.crypto,
+      fetch = WHATWGProvider.fetch,
+    } = options
+
+    /* Clone the URL and verify it's http/https */
+    url = new URL(url)
+    assert(/^https?:$/.test(url.protocol), `Unsupported protocol "${url.protocol}"`)
+
+    /* Extract the secret from the url, we support both "http://secret@host/..."
+     * and/or "http://whomever:secret@host/..." formats, discarding username */
+    const secret = decodeURIComponent(url.password || url.username)
+    assert(secret, 'No connection secret specified in URL')
+    url.password = ''
+    url.username = ''
+
+    /* Prepare the URL for http and web sockets */
+    const baseHttpUrl = new URL(url)
+    const baseWsUrl = new URL(url)
+    baseWsUrl.protocol = `ws${baseWsUrl.protocol.slice(4)}`
+
+    /* Our methods */
+    this._getUniqueRequestId = (): string => crypto.randomUUID()
+
+    this._getWebSocket = async (): Promise<PGWebSocket> => {
+      const token = await createToken(secret, crypto)
+      const wsUrl = new URL(baseWsUrl)
+      wsUrl.searchParams.set('auth', token)
+      return this._connectWebSocket(new WebSocket(wsUrl))
+    }
+
+    this.query = async (
+        query: string,
+        params: (string | null)[],
+    ): Promise<PGConnectionResult> => {
+      const token = await createToken(secret, crypto)
+      const httpUrl = new URL(baseHttpUrl)
+      httpUrl.searchParams.set('auth', token)
+
+      /* Get a fresh ID to correlate requests and responses */
+      const id = crypto.randomUUID()
+
+      /* Fetch out our request (let errors fall through) */
+      const response = await fetch(httpUrl, {
+        method: 'POST',
+        headers: { 'content-type': 'application/json' },
+        body: JSON.stringify({ id, query, params } satisfies Request),
+      })
+
+      if (response.headers.get('content-type') !== 'application/json') {
+        throw new Error(`Invalid response (status=${response.status})`)
+      }
+
+      let payload: Response
+      /* coverage ignore catch */
+      try {
+        payload = await response.json()
+      } catch (error) {
+        throw new Error(`Unable to parse JSON payload (status=${response.status})`)
+      }
+
+      /* Correlate the response to the request */
+      assert(payload && (typeof payload === 'object'), 'JSON payload is not an object')
+      assert(payload.id === id, 'Invalid/uncorrelated ID in response"')
+
+      /* Analyze the _payload_ status code, is successful, we have a winner! */
+      if (payload.statusCode === 200) return payload
+      throw new Error(`${payload.error || /* coverage ignore next */ 'Unknown error'} (${payload.statusCode})`)
+    }
+  }
+
+  /* ======================================================================== *
+   * METHODS FROM CONSTRUCTOR                                                 *
+   * ======================================================================== */
+
+  query: (query: string, params: (string | null)[]) => Promise<PGConnectionResult>
+  protected _getWebSocket: () => Promise<PGWebSocket>
+  protected _getUniqueRequestId: () => string
+
+  /* ======================================================================== *
+   * ENVIRONMENT OVERRIDES                                                    *
+   * ======================================================================== */
+
+  /** Constructor for {@link WebSocket} instances (default: `globalThis.WebSocket`) */
+  static WebSocket: MimimalWebSocket = globalThis.WebSocket
+  /** Web Cryptography API implementation (default: `globalThis.crypto`) */
+  static crypto: MimimalCrypto = globalThis.crypto
+  /** WHATWG `fetch` implementation (default: `globalThis.fetch`) */
+  static fetch = globalThis.fetch
+}
+
+export class WHATWGClient extends PGClient {
+  constructor(url?: URL | string) {
+    url = url || (globalThis as any).process?.env?.PGURL
+    assert(url, 'No URL to connect to (PGURL environment variable missing?)')
+    super(new WHATWGProvider(typeof url === 'string' ? new URL(url) : url))
+  }
+}
+
+registerProvider('http', WHATWGProvider)
+registerProvider('https', WHATWGProvider)