npm - @kognitivedev/workspace-auth - Versions diffs - 0.2.29 - Mend

@kognitivedev/workspace-auth 0.2.29

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

package/.turbo/turbo-build.log +2 -0
package/CHANGELOG.md +7 -0
package/dist/crypto.d.ts +10 -0
package/dist/crypto.js +41 -0
package/dist/db.d.ts +6 -0
package/dist/db.js +74 -0
package/dist/index.d.ts +4 -0
package/dist/index.js +35 -0
package/dist/schema.d.ts +817 -0
package/dist/schema.js +80 -0
package/dist/workspace.d.ts +197 -0
package/dist/workspace.js +300 -0
package/package.json +32 -0
package/src/__tests__/crypto.test.ts +29 -0
package/src/crypto.ts +50 -0
package/src/db.ts +45 -0
package/src/index.ts +36 -0
package/src/schema.ts +82 -0
package/src/workspace.ts +405 -0
package/tsconfig.json +13 -0
package/vitest.config.ts +8 -0

package/.turbo/turbo-build.log ADDED Viewed

	@@ -0,0 +1,2 @@
1	+
2	+ [0m[2m[35m$[0m [2m[1mtsc[0m

package/CHANGELOG.md ADDED Viewed

@@ -0,0 +1,7 @@
+# @kognitivedev/workspace-auth
+## 0.2.29
+### Patch Changes
+- release

package/dist/crypto.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+export type EncryptedSecret = {
+    encryptedKey: string;
+    iv: string;
+    authTag: string;
+};
+export declare function createRawApiKey(): string;
+export declare function getApiKeyPrefix(rawKey: string): string;
+export declare function hashApiKey(rawKey: string): string;
+export declare function encryptManagedSecret(rawSecret: string, secret?: string): EncryptedSecret;
+export declare function decryptManagedSecret(encrypted: EncryptedSecret, secret?: string): string;

package/dist/crypto.js ADDED Viewed

@@ -0,0 +1,41 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createRawApiKey = createRawApiKey;
+exports.getApiKeyPrefix = getApiKeyPrefix;
+exports.hashApiKey = hashApiKey;
+exports.encryptManagedSecret = encryptManagedSecret;
+exports.decryptManagedSecret = decryptManagedSecret;
+const node_crypto_1 = require("node:crypto");
+function createRawApiKey() {
+    return `kog_${(0, node_crypto_1.randomBytes)(16).toString("hex")}`;
+}
+function getApiKeyPrefix(rawKey) {
+    return rawKey.slice(0, 8);
+}
+function hashApiKey(rawKey) {
+    return (0, node_crypto_1.createHash)("sha256").update(rawKey).digest("hex");
+}
+function getEncryptionKey(secret = process.env.KOGNITIVE_MANAGED_CREDENTIAL_SECRET) {
+    if (!secret || Buffer.byteLength(secret, "utf8") < 32) {
+        throw new Error("KOGNITIVE_MANAGED_CREDENTIAL_SECRET must be set to a stable 32+ byte secret");
+    }
+    return (0, node_crypto_1.createHash)("sha256").update(secret).digest();
+}
+function encryptManagedSecret(rawSecret, secret) {
+    const iv = (0, node_crypto_1.randomBytes)(12);
+    const cipher = (0, node_crypto_1.createCipheriv)("aes-256-gcm", getEncryptionKey(secret), iv);
+    const encrypted = Buffer.concat([cipher.update(rawSecret, "utf8"), cipher.final()]);
+    return {
+        encryptedKey: encrypted.toString("base64"),
+        iv: iv.toString("base64"),
+        authTag: cipher.getAuthTag().toString("base64"),
+    };
+}
+function decryptManagedSecret(encrypted, secret) {
+    const decipher = (0, node_crypto_1.createDecipheriv)("aes-256-gcm", getEncryptionKey(secret), Buffer.from(encrypted.iv, "base64"));
+    decipher.setAuthTag(Buffer.from(encrypted.authTag, "base64"));
+    return Buffer.concat([
+        decipher.update(Buffer.from(encrypted.encryptedKey, "base64")),
+        decipher.final(),
+    ]).toString("utf8");
+}

package/dist/db.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import postgres from "postgres";
+import * as schema from "./schema";
+export declare function getWorkspaceAuthDb(): import("drizzle-orm/postgres-js").PostgresJsDatabase<typeof schema> & {
+    $client: postgres.Sql<{}>;
+};
+export type WorkspaceAuthDb = ReturnType<typeof getWorkspaceAuthDb>;

package/dist/db.js ADDED Viewed

@@ -0,0 +1,74 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getWorkspaceAuthDb = getWorkspaceAuthDb;
+const postgres_js_1 = require("drizzle-orm/postgres-js");
+const postgres_1 = __importDefault(require("postgres"));
+const schema = __importStar(require("./schema"));
+const globalForWorkspaceAuthDb = globalThis;
+function readPositiveInteger(value, fallback) {
+    if (!value)
+        return fallback;
+    const parsed = Number.parseInt(value, 10);
+    return Number.isFinite(parsed) && parsed > 0 ? parsed : fallback;
+}
+function shouldPrepareStatements(connectionString) {
+    var _a;
+    const explicit = process.env.DATABASE_PREPARE_STATEMENTS;
+    if (explicit) {
+        return explicit !== "0" && explicit.toLowerCase() !== "false";
+    }
+    const poolingMode = (_a = process.env.DATABASE_POOL_MODE) !== null && _a !== void 0 ? _a : process.env.PGBOUNCER_POOL_MODE;
+    if ((poolingMode === null || poolingMode === void 0 ? void 0 : poolingMode.toLowerCase()) === "transaction")
+        return false;
+    return !connectionString.toLowerCase().includes("pgbouncer");
+}
+function getWorkspaceAuthDb() {
+    var _a, _b, _c;
+    const connectionString = process.env.DATABASE_URL || "postgres://postgres:password@localhost:5432/cognitive_layer";
+    const client = (_a = globalForWorkspaceAuthDb.workspaceAuthDbClient) !== null && _a !== void 0 ? _a : (0, postgres_1.default)(connectionString, {
+        max: readPositiveInteger((_b = process.env.DATABASE_POOL_MAX) !== null && _b !== void 0 ? _b : process.env.POSTGRES_POOL_MAX, 20),
+        idle_timeout: readPositiveInteger(process.env.DATABASE_IDLE_TIMEOUT_SECONDS, 30),
+        connect_timeout: readPositiveInteger(process.env.DATABASE_CONNECT_TIMEOUT_SECONDS, 10),
+        prepare: shouldPrepareStatements(connectionString),
+    });
+    const db = (_c = globalForWorkspaceAuthDb.workspaceAuthDb) !== null && _c !== void 0 ? _c : (0, postgres_js_1.drizzle)(client, { schema });
+    globalForWorkspaceAuthDb.workspaceAuthDbClient = client;
+    globalForWorkspaceAuthDb.workspaceAuthDb = db;
+    return db;
+}

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+export { ACTIVE_PROJECT_ID_COOKIE, ACTIVE_PROJECT_SLUG_COOKIE, KOGNITIV_APPOINTMENTS_MANAGED_KEY_NAME, KOGNITIV_APPOINTMENTS_PRODUCT, KOGNITIV_VOICE_MANAGED_KEY_NAME, KOGNITIV_VOICE_PRODUCT, createWorkspaceProject, ensureManagedProjectApiKey, ensureOrganizationForClerk, getOwnedProject, getProductSetupState, hasManagedProjectApiKey, listOrganizationProjects, resolveActiveProject, resolveProductSetupWorkspace, slugifyWorkspaceValue, updateProductSetupState, type ProductSetupStateValue, } from "./workspace";
+export { createRawApiKey, decryptManagedSecret, encryptManagedSecret, getApiKeyPrefix, hashApiKey, type EncryptedSecret, } from "./crypto";
+export { getWorkspaceAuthDb, type WorkspaceAuthDb } from "./db";
+export { apiKeys, managedProjectApiKeys, organizations, productSetupStates, projects, } from "./schema";

package/dist/index.js ADDED Viewed

@@ -0,0 +1,35 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.projects = exports.productSetupStates = exports.organizations = exports.managedProjectApiKeys = exports.apiKeys = exports.getWorkspaceAuthDb = exports.hashApiKey = exports.getApiKeyPrefix = exports.encryptManagedSecret = exports.decryptManagedSecret = exports.createRawApiKey = exports.updateProductSetupState = exports.slugifyWorkspaceValue = exports.resolveProductSetupWorkspace = exports.resolveActiveProject = exports.listOrganizationProjects = exports.hasManagedProjectApiKey = exports.getProductSetupState = exports.getOwnedProject = exports.ensureOrganizationForClerk = exports.ensureManagedProjectApiKey = exports.createWorkspaceProject = exports.KOGNITIV_VOICE_PRODUCT = exports.KOGNITIV_VOICE_MANAGED_KEY_NAME = exports.KOGNITIV_APPOINTMENTS_PRODUCT = exports.KOGNITIV_APPOINTMENTS_MANAGED_KEY_NAME = exports.ACTIVE_PROJECT_SLUG_COOKIE = exports.ACTIVE_PROJECT_ID_COOKIE = void 0;
+var workspace_1 = require("./workspace");
+Object.defineProperty(exports, "ACTIVE_PROJECT_ID_COOKIE", { enumerable: true, get: function () { return workspace_1.ACTIVE_PROJECT_ID_COOKIE; } });
+Object.defineProperty(exports, "ACTIVE_PROJECT_SLUG_COOKIE", { enumerable: true, get: function () { return workspace_1.ACTIVE_PROJECT_SLUG_COOKIE; } });
+Object.defineProperty(exports, "KOGNITIV_APPOINTMENTS_MANAGED_KEY_NAME", { enumerable: true, get: function () { return workspace_1.KOGNITIV_APPOINTMENTS_MANAGED_KEY_NAME; } });
+Object.defineProperty(exports, "KOGNITIV_APPOINTMENTS_PRODUCT", { enumerable: true, get: function () { return workspace_1.KOGNITIV_APPOINTMENTS_PRODUCT; } });
+Object.defineProperty(exports, "KOGNITIV_VOICE_MANAGED_KEY_NAME", { enumerable: true, get: function () { return workspace_1.KOGNITIV_VOICE_MANAGED_KEY_NAME; } });
+Object.defineProperty(exports, "KOGNITIV_VOICE_PRODUCT", { enumerable: true, get: function () { return workspace_1.KOGNITIV_VOICE_PRODUCT; } });
+Object.defineProperty(exports, "createWorkspaceProject", { enumerable: true, get: function () { return workspace_1.createWorkspaceProject; } });
+Object.defineProperty(exports, "ensureManagedProjectApiKey", { enumerable: true, get: function () { return workspace_1.ensureManagedProjectApiKey; } });
+Object.defineProperty(exports, "ensureOrganizationForClerk", { enumerable: true, get: function () { return workspace_1.ensureOrganizationForClerk; } });
+Object.defineProperty(exports, "getOwnedProject", { enumerable: true, get: function () { return workspace_1.getOwnedProject; } });
+Object.defineProperty(exports, "getProductSetupState", { enumerable: true, get: function () { return workspace_1.getProductSetupState; } });
+Object.defineProperty(exports, "hasManagedProjectApiKey", { enumerable: true, get: function () { return workspace_1.hasManagedProjectApiKey; } });
+Object.defineProperty(exports, "listOrganizationProjects", { enumerable: true, get: function () { return workspace_1.listOrganizationProjects; } });
+Object.defineProperty(exports, "resolveActiveProject", { enumerable: true, get: function () { return workspace_1.resolveActiveProject; } });
+Object.defineProperty(exports, "resolveProductSetupWorkspace", { enumerable: true, get: function () { return workspace_1.resolveProductSetupWorkspace; } });
+Object.defineProperty(exports, "slugifyWorkspaceValue", { enumerable: true, get: function () { return workspace_1.slugifyWorkspaceValue; } });
+Object.defineProperty(exports, "updateProductSetupState", { enumerable: true, get: function () { return workspace_1.updateProductSetupState; } });
+var crypto_1 = require("./crypto");
+Object.defineProperty(exports, "createRawApiKey", { enumerable: true, get: function () { return crypto_1.createRawApiKey; } });
+Object.defineProperty(exports, "decryptManagedSecret", { enumerable: true, get: function () { return crypto_1.decryptManagedSecret; } });
+Object.defineProperty(exports, "encryptManagedSecret", { enumerable: true, get: function () { return crypto_1.encryptManagedSecret; } });
+Object.defineProperty(exports, "getApiKeyPrefix", { enumerable: true, get: function () { return crypto_1.getApiKeyPrefix; } });
+Object.defineProperty(exports, "hashApiKey", { enumerable: true, get: function () { return crypto_1.hashApiKey; } });
+var db_1 = require("./db");
+Object.defineProperty(exports, "getWorkspaceAuthDb", { enumerable: true, get: function () { return db_1.getWorkspaceAuthDb; } });
+var schema_1 = require("./schema");
+Object.defineProperty(exports, "apiKeys", { enumerable: true, get: function () { return schema_1.apiKeys; } });
+Object.defineProperty(exports, "managedProjectApiKeys", { enumerable: true, get: function () { return schema_1.managedProjectApiKeys; } });
+Object.defineProperty(exports, "organizations", { enumerable: true, get: function () { return schema_1.organizations; } });
+Object.defineProperty(exports, "productSetupStates", { enumerable: true, get: function () { return schema_1.productSetupStates; } });
+Object.defineProperty(exports, "projects", { enumerable: true, get: function () { return schema_1.projects; } });