@lucaapp/service-utils 4.0.0 → 4.0.2

package/dist/lib/kafka/kafkaClient.d.ts

@@ -12,6 +12,7 @@ declare class KafkaClient {
     private readonly producer;
     private readonly consumers;
     readonly serviceIdentity: ServiceIdentity;
+    readonly encryptionEnabled: boolean;
     constructor(parentLogger: Logger, kafkaConfig: KafkaConfiguration, topicSecrets: Partial<Record<KafkaTopic, string>>, serviceIdentity: ServiceIdentity);
     connect: () => Promise<void>;
     private getTopic;

package/dist/lib/kafka/kafkaClient.js

@@ -88,6 +88,9 @@ class KafkaClient {
             if (!value) {
                 throw (0, utils_1.logAndGetError)(this.logger, 'Invalid value argument `null | undefined` supplied.');
             }
+            if (!this.encryptionEnabled) {
+                return value;
+            }
             const jwe = await new jose.CompactEncrypt(new util_1.TextEncoder().encode(value));
             jwe.setProtectedHeader({ alg: 'A256GCMKW', enc: 'A256GCM' });
             return jwe.encrypt(this.getTopicSecret(topic));
@@ -96,16 +99,26 @@ class KafkaClient {
             if (!jwe) {
                 return null;
             }
+            if (!this.encryptionEnabled) {
+                return jwe;
+            }
             const { plaintext } = await jose.compactDecrypt(jwe, this.getTopicSecret(topic));
             return Buffer.from(plaintext);
         };
         this.generateSignature = async (value) => {
+            if (!this.encryptionEnabled) {
+                return '';
+            }
             const privateKey = await this.serviceIdentity.getIdentityPrivateKey();
             return await new jose.CompactSign(new util_1.TextEncoder().encode(value))
                 .setProtectedHeader({ alg: KEY_ALG })
                 .sign(privateKey);
         };
         this.verifySignature = async (kafkaTopic, value, headers) => {
+            if (!this.encryptionEnabled) {
+                this.logger.info('Skipping signature verification (encryption disabled)');
+                return;
+            }
             if (!headers || !headers.signature) {
                 throw (0, utils_1.logAndGetError)(this.logger, 'Unable to verify signature. Expected header not present');
             }
@@ -245,6 +258,11 @@ class KafkaClient {
                 this.logger.error(error, 'Unable to properly disconnect kafka');
             }
         };
+        this.encryptionEnabled = kafkaConfig.encryptionEnabled ?? true;
+        if (kafkaConfig.encryptionEnabled &&
+            Object.keys(topicSecrets).length === 0) {
+            throw (0, utils_1.logAndGetError)(parentLogger, 'encryptionEnabled is true but no topicSecrets provided');
+        }
         this.environment = kafkaConfig.environment;
         this.logger = parentLogger.child({
             kafkaClientId: kafkaConfig.clientId,

package/dist/lib/kafka/types.d.ts

@@ -13,6 +13,7 @@ type KafkaConfiguration = {
     username?: string;
     password?: string;
     ssl?: boolean;
+    encryptionEnabled?: boolean;
 };
 type EventPayloadHandler<T extends KafkaTopic> = (message: Omit<KafkaMessage, 'value'> & {
     value: KafkaEvent<T>;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lucaapp/service-utils",
-  "version": "4.0.0",
+  "version": "4.0.2",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "files": [
@@ -79,7 +79,7 @@
   },
   "resolutions": {
     "yaml": "2.2.2",
-    "semver": "7.7.1",
+    "semver": "7.7.2",
     "follow-redirects": "1.15.9",
     "braces": "3.0.3",
     "send": "0.19.1",
@@ -87,7 +87,7 @@
     "cookie": ">= 1.0.2",
     "string-width": "4.2.3",
     "@types/express": "4.17.23",
-    "esbuild": "^0.25.7",
+    "esbuild": "^0.25.8",
     "axios": "^1.11.0",
     "vite": "6.2.5"
   }