@kapeta/local-cluster-service 0.76.3 → 0.76.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -1,3 +1,17 @@
1
+ ## [0.76.5](https://github.com/kapetacom/local-cluster-service/compare/v0.76.4...v0.76.5) (2024-10-03)
2
+
3
+
4
+ ### Bug Fixes
5
+
6
+ * Poor mans security ([#268](https://github.com/kapetacom/local-cluster-service/issues/268)) ([dcc85ec](https://github.com/kapetacom/local-cluster-service/commit/dcc85ecdf9971c3033eaf43e65a9b262de269821))
7
+
8
+ ## [0.76.4](https://github.com/kapetacom/local-cluster-service/compare/v0.76.3...v0.76.4) (2024-10-01)
9
+
10
+
11
+ ### Bug Fixes
12
+
13
+ * more headers for logging including handle ([0cadb9a](https://github.com/kapetacom/local-cluster-service/commit/0cadb9abae8575bf486567bb1401dcaa69866bdd))
14
+
1
15
  ## [0.76.3](https://github.com/kapetacom/local-cluster-service/compare/v0.76.2...v0.76.3) (2024-10-01)
2
16
 
3
17
 
@@ -61,6 +61,7 @@ export declare class StormClient {
61
61
  private readonly _baseUrl;
62
62
  private readonly _systemId;
63
63
  private readonly _handle;
64
+ private readonly _sharedSecret;
64
65
  constructor(handle: string, systemId?: string);
65
66
  private createOptions;
66
67
  private send;
@@ -91,4 +92,5 @@ export declare class StormClient {
91
92
  deleteUIPageConversation(conversationId: string): Promise<string>;
92
93
  downloadSystem(handle: string, conversationId: string): Promise<Buffer>;
93
94
  uploadSystem(handle: string, conversationId: string, buffer: Buffer): Promise<Response>;
95
+ private getSharedSecretHeader;
94
96
  }
@@ -23,14 +23,17 @@ class StormClient {
23
23
  _baseUrl;
24
24
  _systemId;
25
25
  _handle;
26
+ _sharedSecret;
26
27
  constructor(handle, systemId) {
27
28
  this._baseUrl = (0, utils_1.getRemoteUrl)('ai-service', 'https://ai.kapeta.com');
28
29
  this._systemId = systemId || '';
29
30
  this._handle = handle;
31
+ this._sharedSecret = process.env.SHARED_SECRET || '@keep-this-super-secret!';
30
32
  }
31
33
  async createOptions(path, method, body) {
32
34
  const url = `${this._baseUrl}${path}`;
33
35
  const headers = {
36
+ ...this.getSharedSecretHeader(),
34
37
  'Content-Type': 'application/json',
35
38
  };
36
39
  const api = new nodejs_api_client_1.KapetaAPI();
@@ -149,13 +152,14 @@ class StormClient {
149
152
  async replaceMockWithAPICall(prompt) {
150
153
  const u = `${this._baseUrl}/v2/ui/implement-api-clients-all`;
151
154
  try {
155
+ const headers = this.getSharedSecretHeader();
156
+ headers[exports.HandleHeader] = this._handle;
157
+ headers[exports.ConversationIdHeader] = this._systemId;
158
+ headers[exports.SystemIdHeader] = this._systemId;
152
159
  const response = await fetch(u, {
153
160
  method: 'POST',
154
161
  body: JSON.stringify(prompt.pages),
155
- headers: {
156
- systemId: prompt.systemId,
157
- conversationId: prompt.systemId,
158
- },
162
+ headers: headers,
159
163
  });
160
164
  if (!response.ok) {
161
165
  console.error('Failed to implement api clients', response.status, await response.text());
@@ -175,16 +179,22 @@ class StormClient {
175
179
  body: JSON.stringify({
176
180
  pages: pages,
177
181
  }),
182
+ headers: this.getSharedSecretHeader(),
178
183
  });
179
184
  return await response.text();
180
185
  }
181
186
  async createSimpleBackend(handle, systemId, input) {
182
187
  const u = `${this._baseUrl}/v2/create-simple-backend/${handle}/${systemId}`;
188
+ const headers = this.getSharedSecretHeader();
189
+ headers[exports.HandleHeader] = this._handle;
190
+ headers[exports.ConversationIdHeader] = this._systemId;
191
+ headers[exports.SystemIdHeader] = this._systemId;
183
192
  const response = await fetch(u, {
184
193
  method: 'POST',
185
194
  body: JSON.stringify({
186
195
  pages: input.pages,
187
196
  }),
197
+ headers: headers,
188
198
  });
189
199
  if (!response.ok) {
190
200
  throw new Error(`HTTP error! Status: ${response.status}`);
@@ -261,7 +271,9 @@ class StormClient {
261
271
  }
262
272
  async downloadSystem(handle, conversationId) {
263
273
  const u = `${this._baseUrl}/v2/systems/${handle}/${conversationId}/download`;
264
- const response = await fetch(u);
274
+ const response = await fetch(u, {
275
+ headers: this.getSharedSecretHeader(),
276
+ });
265
277
  if (!response.ok) {
266
278
  throw new Error(`Failed to download system: ${response.status}`);
267
279
  }
@@ -273,10 +285,16 @@ class StormClient {
273
285
  method: 'PUT',
274
286
  body: buffer,
275
287
  headers: {
288
+ ...this.getSharedSecretHeader(),
276
289
  'content-type': 'application/zip',
277
290
  },
278
291
  });
279
292
  return response;
280
293
  }
294
+ getSharedSecretHeader() {
295
+ return {
296
+ SharedSecret: this._sharedSecret,
297
+ };
298
+ }
281
299
  }
282
300
  exports.StormClient = StormClient;
@@ -61,6 +61,7 @@ export declare class StormClient {
61
61
  private readonly _baseUrl;
62
62
  private readonly _systemId;
63
63
  private readonly _handle;
64
+ private readonly _sharedSecret;
64
65
  constructor(handle: string, systemId?: string);
65
66
  private createOptions;
66
67
  private send;
@@ -91,4 +92,5 @@ export declare class StormClient {
91
92
  deleteUIPageConversation(conversationId: string): Promise<string>;
92
93
  downloadSystem(handle: string, conversationId: string): Promise<Buffer>;
93
94
  uploadSystem(handle: string, conversationId: string, buffer: Buffer): Promise<Response>;
95
+ private getSharedSecretHeader;
94
96
  }
@@ -23,14 +23,17 @@ class StormClient {
23
23
  _baseUrl;
24
24
  _systemId;
25
25
  _handle;
26
+ _sharedSecret;
26
27
  constructor(handle, systemId) {
27
28
  this._baseUrl = (0, utils_1.getRemoteUrl)('ai-service', 'https://ai.kapeta.com');
28
29
  this._systemId = systemId || '';
29
30
  this._handle = handle;
31
+ this._sharedSecret = process.env.SHARED_SECRET || '@keep-this-super-secret!';
30
32
  }
31
33
  async createOptions(path, method, body) {
32
34
  const url = `${this._baseUrl}${path}`;
33
35
  const headers = {
36
+ ...this.getSharedSecretHeader(),
34
37
  'Content-Type': 'application/json',
35
38
  };
36
39
  const api = new nodejs_api_client_1.KapetaAPI();
@@ -149,13 +152,14 @@ class StormClient {
149
152
  async replaceMockWithAPICall(prompt) {
150
153
  const u = `${this._baseUrl}/v2/ui/implement-api-clients-all`;
151
154
  try {
155
+ const headers = this.getSharedSecretHeader();
156
+ headers[exports.HandleHeader] = this._handle;
157
+ headers[exports.ConversationIdHeader] = this._systemId;
158
+ headers[exports.SystemIdHeader] = this._systemId;
152
159
  const response = await fetch(u, {
153
160
  method: 'POST',
154
161
  body: JSON.stringify(prompt.pages),
155
- headers: {
156
- systemId: prompt.systemId,
157
- conversationId: prompt.systemId,
158
- },
162
+ headers: headers,
159
163
  });
160
164
  if (!response.ok) {
161
165
  console.error('Failed to implement api clients', response.status, await response.text());
@@ -175,16 +179,22 @@ class StormClient {
175
179
  body: JSON.stringify({
176
180
  pages: pages,
177
181
  }),
182
+ headers: this.getSharedSecretHeader(),
178
183
  });
179
184
  return await response.text();
180
185
  }
181
186
  async createSimpleBackend(handle, systemId, input) {
182
187
  const u = `${this._baseUrl}/v2/create-simple-backend/${handle}/${systemId}`;
188
+ const headers = this.getSharedSecretHeader();
189
+ headers[exports.HandleHeader] = this._handle;
190
+ headers[exports.ConversationIdHeader] = this._systemId;
191
+ headers[exports.SystemIdHeader] = this._systemId;
183
192
  const response = await fetch(u, {
184
193
  method: 'POST',
185
194
  body: JSON.stringify({
186
195
  pages: input.pages,
187
196
  }),
197
+ headers: headers,
188
198
  });
189
199
  if (!response.ok) {
190
200
  throw new Error(`HTTP error! Status: ${response.status}`);
@@ -261,7 +271,9 @@ class StormClient {
261
271
  }
262
272
  async downloadSystem(handle, conversationId) {
263
273
  const u = `${this._baseUrl}/v2/systems/${handle}/${conversationId}/download`;
264
- const response = await fetch(u);
274
+ const response = await fetch(u, {
275
+ headers: this.getSharedSecretHeader(),
276
+ });
265
277
  if (!response.ok) {
266
278
  throw new Error(`Failed to download system: ${response.status}`);
267
279
  }
@@ -273,10 +285,16 @@ class StormClient {
273
285
  method: 'PUT',
274
286
  body: buffer,
275
287
  headers: {
288
+ ...this.getSharedSecretHeader(),
276
289
  'content-type': 'application/zip',
277
290
  },
278
291
  });
279
292
  return response;
280
293
  }
294
+ getSharedSecretHeader() {
295
+ return {
296
+ SharedSecret: this._sharedSecret,
297
+ };
298
+ }
281
299
  }
282
300
  exports.StormClient = StormClient;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@kapeta/local-cluster-service",
3
- "version": "0.76.3",
3
+ "version": "0.76.5",
4
4
  "description": "Manages configuration, ports and service discovery for locally running Kapeta systems",
5
5
  "type": "commonjs",
6
6
  "exports": {
@@ -91,10 +91,12 @@ export class StormClient {
91
91
  private readonly _baseUrl: string;
92
92
  private readonly _systemId: string;
93
93
  private readonly _handle: string;
94
+ private readonly _sharedSecret: string;
94
95
  constructor(handle: string, systemId?: string) {
95
96
  this._baseUrl = getRemoteUrl('ai-service', 'https://ai.kapeta.com');
96
97
  this._systemId = systemId || '';
97
98
  this._handle = handle;
99
+ this._sharedSecret = process.env.SHARED_SECRET || '@keep-this-super-secret!';
98
100
  }
99
101
 
100
102
  private async createOptions(
@@ -104,6 +106,7 @@ export class StormClient {
104
106
  ): Promise<RequestInit & { url: string }> {
105
107
  const url = `${this._baseUrl}${path}`;
106
108
  const headers: { [k: string]: string } = {
109
+ ...this.getSharedSecretHeader(),
107
110
  'Content-Type': 'application/json',
108
111
  };
109
112
  const api = new KapetaAPI();
@@ -253,13 +256,15 @@ export class StormClient {
253
256
  public async replaceMockWithAPICall(prompt: ImplementAPIClients): Promise<HTMLPage[]> {
254
257
  const u = `${this._baseUrl}/v2/ui/implement-api-clients-all`;
255
258
  try {
259
+ const headers: { [key: string]: any } = this.getSharedSecretHeader();
260
+ headers[HandleHeader] = this._handle;
261
+ headers[ConversationIdHeader] = this._systemId;
262
+ headers[SystemIdHeader] = this._systemId;
263
+
256
264
  const response = await fetch(u, {
257
265
  method: 'POST',
258
266
  body: JSON.stringify(prompt.pages),
259
- headers: {
260
- systemId: prompt.systemId,
261
- conversationId: prompt.systemId,
262
- },
267
+ headers: headers,
263
268
  });
264
269
 
265
270
  if (!response.ok) {
@@ -281,17 +286,25 @@ export class StormClient {
281
286
  body: JSON.stringify({
282
287
  pages: pages,
283
288
  }),
289
+ headers: this.getSharedSecretHeader(),
284
290
  });
285
291
  return await response.text();
286
292
  }
287
293
 
288
294
  public async createSimpleBackend(handle: string, systemId: string, input: CreateSimpleBackendRequest) {
289
295
  const u = `${this._baseUrl}/v2/create-simple-backend/${handle}/${systemId}`;
296
+
297
+ const headers: { [key: string]: any } = this.getSharedSecretHeader();
298
+ headers[HandleHeader] = this._handle;
299
+ headers[ConversationIdHeader] = this._systemId;
300
+ headers[SystemIdHeader] = this._systemId;
301
+
290
302
  const response = await fetch(u, {
291
303
  method: 'POST',
292
304
  body: JSON.stringify({
293
305
  pages: input.pages,
294
306
  }),
307
+ headers: headers,
295
308
  });
296
309
  if (!response.ok) {
297
310
  throw new Error(`HTTP error! Status: ${response.status}`);
@@ -382,7 +395,9 @@ export class StormClient {
382
395
 
383
396
  async downloadSystem(handle: string, conversationId: string) {
384
397
  const u = `${this._baseUrl}/v2/systems/${handle}/${conversationId}/download`;
385
- const response = await fetch(u);
398
+ const response = await fetch(u, {
399
+ headers: this.getSharedSecretHeader(),
400
+ });
386
401
  if (!response.ok) {
387
402
  throw new Error(`Failed to download system: ${response.status}`);
388
403
  }
@@ -395,10 +410,17 @@ export class StormClient {
395
410
  method: 'PUT',
396
411
  body: buffer,
397
412
  headers: {
413
+ ...this.getSharedSecretHeader(),
398
414
  'content-type': 'application/zip',
399
415
  },
400
416
  });
401
417
 
402
418
  return response;
403
419
  }
420
+
421
+ private getSharedSecretHeader() {
422
+ return {
423
+ SharedSecret: this._sharedSecret,
424
+ };
425
+ }
404
426
  }