@kapeta/local-cluster-service 0.76.4 → 0.76.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -1,3 +1,10 @@
1
+ ## [0.76.5](https://github.com/kapetacom/local-cluster-service/compare/v0.76.4...v0.76.5) (2024-10-03)
2
+
3
+
4
+ ### Bug Fixes
5
+
6
+ * Poor mans security ([#268](https://github.com/kapetacom/local-cluster-service/issues/268)) ([dcc85ec](https://github.com/kapetacom/local-cluster-service/commit/dcc85ecdf9971c3033eaf43e65a9b262de269821))
7
+
1
8
  ## [0.76.4](https://github.com/kapetacom/local-cluster-service/compare/v0.76.3...v0.76.4) (2024-10-01)
2
9
 
3
10
 
@@ -61,6 +61,7 @@ export declare class StormClient {
61
61
  private readonly _baseUrl;
62
62
  private readonly _systemId;
63
63
  private readonly _handle;
64
+ private readonly _sharedSecret;
64
65
  constructor(handle: string, systemId?: string);
65
66
  private createOptions;
66
67
  private send;
@@ -91,4 +92,5 @@ export declare class StormClient {
91
92
  deleteUIPageConversation(conversationId: string): Promise<string>;
92
93
  downloadSystem(handle: string, conversationId: string): Promise<Buffer>;
93
94
  uploadSystem(handle: string, conversationId: string, buffer: Buffer): Promise<Response>;
95
+ private getSharedSecretHeader;
94
96
  }
@@ -23,14 +23,17 @@ class StormClient {
23
23
  _baseUrl;
24
24
  _systemId;
25
25
  _handle;
26
+ _sharedSecret;
26
27
  constructor(handle, systemId) {
27
28
  this._baseUrl = (0, utils_1.getRemoteUrl)('ai-service', 'https://ai.kapeta.com');
28
29
  this._systemId = systemId || '';
29
30
  this._handle = handle;
31
+ this._sharedSecret = process.env.SHARED_SECRET || '@keep-this-super-secret!';
30
32
  }
31
33
  async createOptions(path, method, body) {
32
34
  const url = `${this._baseUrl}${path}`;
33
35
  const headers = {
36
+ ...this.getSharedSecretHeader(),
34
37
  'Content-Type': 'application/json',
35
38
  };
36
39
  const api = new nodejs_api_client_1.KapetaAPI();
@@ -149,7 +152,7 @@ class StormClient {
149
152
  async replaceMockWithAPICall(prompt) {
150
153
  const u = `${this._baseUrl}/v2/ui/implement-api-clients-all`;
151
154
  try {
152
- const headers = {};
155
+ const headers = this.getSharedSecretHeader();
153
156
  headers[exports.HandleHeader] = this._handle;
154
157
  headers[exports.ConversationIdHeader] = this._systemId;
155
158
  headers[exports.SystemIdHeader] = this._systemId;
@@ -176,12 +179,13 @@ class StormClient {
176
179
  body: JSON.stringify({
177
180
  pages: pages,
178
181
  }),
182
+ headers: this.getSharedSecretHeader(),
179
183
  });
180
184
  return await response.text();
181
185
  }
182
186
  async createSimpleBackend(handle, systemId, input) {
183
187
  const u = `${this._baseUrl}/v2/create-simple-backend/${handle}/${systemId}`;
184
- const headers = {};
188
+ const headers = this.getSharedSecretHeader();
185
189
  headers[exports.HandleHeader] = this._handle;
186
190
  headers[exports.ConversationIdHeader] = this._systemId;
187
191
  headers[exports.SystemIdHeader] = this._systemId;
@@ -267,7 +271,9 @@ class StormClient {
267
271
  }
268
272
  async downloadSystem(handle, conversationId) {
269
273
  const u = `${this._baseUrl}/v2/systems/${handle}/${conversationId}/download`;
270
- const response = await fetch(u);
274
+ const response = await fetch(u, {
275
+ headers: this.getSharedSecretHeader(),
276
+ });
271
277
  if (!response.ok) {
272
278
  throw new Error(`Failed to download system: ${response.status}`);
273
279
  }
@@ -279,10 +285,16 @@ class StormClient {
279
285
  method: 'PUT',
280
286
  body: buffer,
281
287
  headers: {
288
+ ...this.getSharedSecretHeader(),
282
289
  'content-type': 'application/zip',
283
290
  },
284
291
  });
285
292
  return response;
286
293
  }
294
+ getSharedSecretHeader() {
295
+ return {
296
+ SharedSecret: this._sharedSecret,
297
+ };
298
+ }
287
299
  }
288
300
  exports.StormClient = StormClient;
@@ -61,6 +61,7 @@ export declare class StormClient {
61
61
  private readonly _baseUrl;
62
62
  private readonly _systemId;
63
63
  private readonly _handle;
64
+ private readonly _sharedSecret;
64
65
  constructor(handle: string, systemId?: string);
65
66
  private createOptions;
66
67
  private send;
@@ -91,4 +92,5 @@ export declare class StormClient {
91
92
  deleteUIPageConversation(conversationId: string): Promise<string>;
92
93
  downloadSystem(handle: string, conversationId: string): Promise<Buffer>;
93
94
  uploadSystem(handle: string, conversationId: string, buffer: Buffer): Promise<Response>;
95
+ private getSharedSecretHeader;
94
96
  }
@@ -23,14 +23,17 @@ class StormClient {
23
23
  _baseUrl;
24
24
  _systemId;
25
25
  _handle;
26
+ _sharedSecret;
26
27
  constructor(handle, systemId) {
27
28
  this._baseUrl = (0, utils_1.getRemoteUrl)('ai-service', 'https://ai.kapeta.com');
28
29
  this._systemId = systemId || '';
29
30
  this._handle = handle;
31
+ this._sharedSecret = process.env.SHARED_SECRET || '@keep-this-super-secret!';
30
32
  }
31
33
  async createOptions(path, method, body) {
32
34
  const url = `${this._baseUrl}${path}`;
33
35
  const headers = {
36
+ ...this.getSharedSecretHeader(),
34
37
  'Content-Type': 'application/json',
35
38
  };
36
39
  const api = new nodejs_api_client_1.KapetaAPI();
@@ -149,7 +152,7 @@ class StormClient {
149
152
  async replaceMockWithAPICall(prompt) {
150
153
  const u = `${this._baseUrl}/v2/ui/implement-api-clients-all`;
151
154
  try {
152
- const headers = {};
155
+ const headers = this.getSharedSecretHeader();
153
156
  headers[exports.HandleHeader] = this._handle;
154
157
  headers[exports.ConversationIdHeader] = this._systemId;
155
158
  headers[exports.SystemIdHeader] = this._systemId;
@@ -176,12 +179,13 @@ class StormClient {
176
179
  body: JSON.stringify({
177
180
  pages: pages,
178
181
  }),
182
+ headers: this.getSharedSecretHeader(),
179
183
  });
180
184
  return await response.text();
181
185
  }
182
186
  async createSimpleBackend(handle, systemId, input) {
183
187
  const u = `${this._baseUrl}/v2/create-simple-backend/${handle}/${systemId}`;
184
- const headers = {};
188
+ const headers = this.getSharedSecretHeader();
185
189
  headers[exports.HandleHeader] = this._handle;
186
190
  headers[exports.ConversationIdHeader] = this._systemId;
187
191
  headers[exports.SystemIdHeader] = this._systemId;
@@ -267,7 +271,9 @@ class StormClient {
267
271
  }
268
272
  async downloadSystem(handle, conversationId) {
269
273
  const u = `${this._baseUrl}/v2/systems/${handle}/${conversationId}/download`;
270
- const response = await fetch(u);
274
+ const response = await fetch(u, {
275
+ headers: this.getSharedSecretHeader(),
276
+ });
271
277
  if (!response.ok) {
272
278
  throw new Error(`Failed to download system: ${response.status}`);
273
279
  }
@@ -279,10 +285,16 @@ class StormClient {
279
285
  method: 'PUT',
280
286
  body: buffer,
281
287
  headers: {
288
+ ...this.getSharedSecretHeader(),
282
289
  'content-type': 'application/zip',
283
290
  },
284
291
  });
285
292
  return response;
286
293
  }
294
+ getSharedSecretHeader() {
295
+ return {
296
+ SharedSecret: this._sharedSecret,
297
+ };
298
+ }
287
299
  }
288
300
  exports.StormClient = StormClient;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@kapeta/local-cluster-service",
3
- "version": "0.76.4",
3
+ "version": "0.76.5",
4
4
  "description": "Manages configuration, ports and service discovery for locally running Kapeta systems",
5
5
  "type": "commonjs",
6
6
  "exports": {
@@ -91,10 +91,12 @@ export class StormClient {
91
91
  private readonly _baseUrl: string;
92
92
  private readonly _systemId: string;
93
93
  private readonly _handle: string;
94
+ private readonly _sharedSecret: string;
94
95
  constructor(handle: string, systemId?: string) {
95
96
  this._baseUrl = getRemoteUrl('ai-service', 'https://ai.kapeta.com');
96
97
  this._systemId = systemId || '';
97
98
  this._handle = handle;
99
+ this._sharedSecret = process.env.SHARED_SECRET || '@keep-this-super-secret!';
98
100
  }
99
101
 
100
102
  private async createOptions(
@@ -104,6 +106,7 @@ export class StormClient {
104
106
  ): Promise<RequestInit & { url: string }> {
105
107
  const url = `${this._baseUrl}${path}`;
106
108
  const headers: { [k: string]: string } = {
109
+ ...this.getSharedSecretHeader(),
107
110
  'Content-Type': 'application/json',
108
111
  };
109
112
  const api = new KapetaAPI();
@@ -253,7 +256,7 @@ export class StormClient {
253
256
  public async replaceMockWithAPICall(prompt: ImplementAPIClients): Promise<HTMLPage[]> {
254
257
  const u = `${this._baseUrl}/v2/ui/implement-api-clients-all`;
255
258
  try {
256
- const headers: { [key: string]: any } = {};
259
+ const headers: { [key: string]: any } = this.getSharedSecretHeader();
257
260
  headers[HandleHeader] = this._handle;
258
261
  headers[ConversationIdHeader] = this._systemId;
259
262
  headers[SystemIdHeader] = this._systemId;
@@ -283,6 +286,7 @@ export class StormClient {
283
286
  body: JSON.stringify({
284
287
  pages: pages,
285
288
  }),
289
+ headers: this.getSharedSecretHeader(),
286
290
  });
287
291
  return await response.text();
288
292
  }
@@ -290,7 +294,7 @@ export class StormClient {
290
294
  public async createSimpleBackend(handle: string, systemId: string, input: CreateSimpleBackendRequest) {
291
295
  const u = `${this._baseUrl}/v2/create-simple-backend/${handle}/${systemId}`;
292
296
 
293
- const headers: { [key: string]: any } = {};
297
+ const headers: { [key: string]: any } = this.getSharedSecretHeader();
294
298
  headers[HandleHeader] = this._handle;
295
299
  headers[ConversationIdHeader] = this._systemId;
296
300
  headers[SystemIdHeader] = this._systemId;
@@ -391,7 +395,9 @@ export class StormClient {
391
395
 
392
396
  async downloadSystem(handle: string, conversationId: string) {
393
397
  const u = `${this._baseUrl}/v2/systems/${handle}/${conversationId}/download`;
394
- const response = await fetch(u);
398
+ const response = await fetch(u, {
399
+ headers: this.getSharedSecretHeader(),
400
+ });
395
401
  if (!response.ok) {
396
402
  throw new Error(`Failed to download system: ${response.status}`);
397
403
  }
@@ -404,10 +410,17 @@ export class StormClient {
404
410
  method: 'PUT',
405
411
  body: buffer,
406
412
  headers: {
413
+ ...this.getSharedSecretHeader(),
407
414
  'content-type': 'application/zip',
408
415
  },
409
416
  });
410
417
 
411
418
  return response;
412
419
  }
420
+
421
+ private getSharedSecretHeader() {
422
+ return {
423
+ SharedSecret: this._sharedSecret,
424
+ };
425
+ }
413
426
  }