npm - @lucaapp/service-utils - Versions diffs - 4.0.1 → 4.0.2 - Mend

@lucaapp/service-utils 4.0.1 → 4.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/lib/kafka/kafkaClient.d.ts +1 -0
package/dist/lib/kafka/kafkaClient.js +18 -0
package/dist/lib/kafka/types.d.ts +1 -0
package/package.json +1 -1

package/dist/lib/kafka/kafkaClient.d.ts CHANGED Viewed

@@ -12,6 +12,7 @@ declare class KafkaClient {
     private readonly producer;
     private readonly consumers;
     readonly serviceIdentity: ServiceIdentity;
+    readonly encryptionEnabled: boolean;
     constructor(parentLogger: Logger, kafkaConfig: KafkaConfiguration, topicSecrets: Partial<Record<KafkaTopic, string>>, serviceIdentity: ServiceIdentity);
     connect: () => Promise<void>;
     private getTopic;

package/dist/lib/kafka/kafkaClient.js CHANGED Viewed

@@ -88,6 +88,9 @@ class KafkaClient {
             if (!value) {
                 throw (0, utils_1.logAndGetError)(this.logger, 'Invalid value argument `null | undefined` supplied.');
             }
+            if (!this.encryptionEnabled) {
+                return value;
+            }
             const jwe = await new jose.CompactEncrypt(new util_1.TextEncoder().encode(value));
             jwe.setProtectedHeader({ alg: 'A256GCMKW', enc: 'A256GCM' });
             return jwe.encrypt(this.getTopicSecret(topic));
@@ -96,16 +99,26 @@ class KafkaClient {
             if (!jwe) {
                 return null;
             }
+            if (!this.encryptionEnabled) {
+                return jwe;
+            }
             const { plaintext } = await jose.compactDecrypt(jwe, this.getTopicSecret(topic));
             return Buffer.from(plaintext);
         };
         this.generateSignature = async (value) => {
+            if (!this.encryptionEnabled) {
+                return '';
+            }
             const privateKey = await this.serviceIdentity.getIdentityPrivateKey();
             return await new jose.CompactSign(new util_1.TextEncoder().encode(value))
                 .setProtectedHeader({ alg: KEY_ALG })
                 .sign(privateKey);
         };
         this.verifySignature = async (kafkaTopic, value, headers) => {
+            if (!this.encryptionEnabled) {
+                this.logger.info('Skipping signature verification (encryption disabled)');
+                return;
+            }
             if (!headers || !headers.signature) {
                 throw (0, utils_1.logAndGetError)(this.logger, 'Unable to verify signature. Expected header not present');
             }
@@ -245,6 +258,11 @@ class KafkaClient {
                 this.logger.error(error, 'Unable to properly disconnect kafka');
             }
         };
+        this.encryptionEnabled = kafkaConfig.encryptionEnabled ?? true;
+        if (kafkaConfig.encryptionEnabled &&
+            Object.keys(topicSecrets).length === 0) {
+            throw (0, utils_1.logAndGetError)(parentLogger, 'encryptionEnabled is true but no topicSecrets provided');
+        }
         this.environment = kafkaConfig.environment;
         this.logger = parentLogger.child({
             kafkaClientId: kafkaConfig.clientId,

package/dist/lib/kafka/types.d.ts CHANGED Viewed

@@ -13,6 +13,7 @@ type KafkaConfiguration = {
     username?: string;
     password?: string;
     ssl?: boolean;
+    encryptionEnabled?: boolean;
 };
 type EventPayloadHandler<T extends KafkaTopic> = (message: Omit<KafkaMessage, 'value'> & {
     value: KafkaEvent<T>;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@lucaapp/service-utils",
-  "version": "4.0.1",
+  "version": "4.0.2",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "files": [