@malloy-publisher/server 0.0.218 → 0.0.219

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (24) hide show
  1. package/dist/app/api-doc.yaml +22 -6
  2. package/dist/app/assets/{EnvironmentPage-DxOiCxcd.js → EnvironmentPage-gehnjfC6.js} +1 -1
  3. package/dist/app/assets/{HomePage-i8qAtD6x.js → HomePage-8LQBytE4.js} +1 -1
  4. package/dist/app/assets/{MainPage-B58d5pmX.js → MainPage-DDaZLJw-.js} +1 -1
  5. package/dist/app/assets/{MaterializationsPage-6OEVM543.js → MaterializationsPage-D7P1Kp6O.js} +1 -1
  6. package/dist/app/assets/{ModelPage-8d5l7YkU.js → ModelPage-Do_vhxOc.js} +1 -1
  7. package/dist/app/assets/{PackagePage-BVmoVsPQ.js → PackagePage-Cz9fVwSG.js} +1 -1
  8. package/dist/app/assets/{RouteError-DFX521_t.js → RouteError-UONCloyN.js} +1 -1
  9. package/dist/app/assets/{WorkbookPage-CzucDJ-T.js → WorkbookPage-Bhzqvbq_.js} +1 -1
  10. package/dist/app/assets/{core-B95VQkAV.es-Cbn-yKG-.js → core-BiGj7BML.es-kMHAa8tP.js} +1 -1
  11. package/dist/app/assets/{index--xJ1pzL-.js → index-VzRbxcF7.js} +3 -3
  12. package/dist/app/assets/{index-DxRKma36.js → index-ddq4-5hu.js} +1 -1
  13. package/dist/app/assets/{index-Bxkza-hz.js → index-qOQF9CXq.js} +1 -1
  14. package/dist/app/assets/{index.umd-o-yUIEtS.js → index.umd-B2kmxDh7.js} +1 -1
  15. package/dist/app/index.html +1 -1
  16. package/dist/server.mjs +267 -220
  17. package/package.json +1 -1
  18. package/src/service/connection.spec.ts +70 -0
  19. package/src/service/connection.ts +50 -5
  20. package/src/service/connection_config.spec.ts +138 -0
  21. package/src/service/connection_config.ts +81 -2
  22. package/src/service/proxy.spec.ts +82 -35
  23. package/src/service/proxy.ts +55 -40
  24. package/dist/sshcrypto-8m50vnmb.node +0 -0
package/dist/server.mjs CHANGED
@@ -158407,11 +158407,6 @@ var require_utils74 = __commonJS((exports, module) => {
158407
158407
  };
158408
158408
  });
158409
158409
 
158410
- // ../../node_modules/ssh2/lib/protocol/crypto/build/Release/sshcrypto.node
158411
- var require_sshcrypto = __commonJS((exports, module) => {
158412
- module.exports = __require("./sshcrypto-8m50vnmb.node");
158413
- });
158414
-
158415
158410
  // ../../node_modules/ssh2/lib/protocol/crypto/poly1305.js
158416
158411
  var require_poly1305 = __commonJS((exports, module) => {
158417
158412
  var __dirname = "/home/runner/work/publisher/publisher/node_modules/ssh2/lib/protocol/crypto", __filename = "/home/runner/work/publisher/publisher/node_modules/ssh2/lib/protocol/crypto/poly1305.js";
@@ -158898,7 +158893,7 @@ var require_crypto = __commonJS((exports, module) => {
158898
158893
  var ChaChaPolyDecipher;
158899
158894
  var GenericDecipher;
158900
158895
  try {
158901
- binding = require_sshcrypto();
158896
+ binding = (()=>{throw new Error("Cannot require module "+"./crypto/build/Release/sshcrypto.node");})();
158902
158897
  ({
158903
158898
  AESGCMCipher,
158904
158899
  ChaChaPolyCipher,
@@ -161487,11 +161482,11 @@ var require_agent = __commonJS((exports, module) => {
161487
161482
  };
161488
161483
  })();
161489
161484
  var WINDOWS_PIPE_REGEX = /^[/\\][/\\]\.[/\\]pipe[/\\].+/;
161490
- function createAgent(path4) {
161491
- if (process.platform === "win32" && !WINDOWS_PIPE_REGEX.test(path4)) {
161492
- return path4 === "pageant" ? new PageantAgent : new CygwinAgent(path4);
161485
+ function createAgent(path3) {
161486
+ if (process.platform === "win32" && !WINDOWS_PIPE_REGEX.test(path3)) {
161487
+ return path3 === "pageant" ? new PageantAgent : new CygwinAgent(path3);
161493
161488
  }
161494
- return new OpenSSHAgent(path4);
161489
+ return new OpenSSHAgent(path3);
161495
161490
  }
161496
161491
  var AgentProtocol = (() => {
161497
161492
  const SSH_AGENTC_REQUEST_IDENTITIES = 11;
@@ -166093,17 +166088,17 @@ var require_SFTP = __commonJS((exports, module) => {
166093
166088
  if (!this.server)
166094
166089
  sendOrBuffer(this, CLIENT_VERSION_BUFFER);
166095
166090
  }
166096
- createReadStream(path4, options) {
166091
+ createReadStream(path3, options) {
166097
166092
  if (this.server)
166098
166093
  throw new Error("Client-only method called in server mode");
166099
- return new ReadStream(this, path4, options);
166094
+ return new ReadStream(this, path3, options);
166100
166095
  }
166101
- createWriteStream(path4, options) {
166096
+ createWriteStream(path3, options) {
166102
166097
  if (this.server)
166103
166098
  throw new Error("Client-only method called in server mode");
166104
- return new WriteStream(this, path4, options);
166099
+ return new WriteStream(this, path3, options);
166105
166100
  }
166106
- open(path4, flags_, attrs, cb) {
166101
+ open(path3, flags_, attrs, cb) {
166107
166102
  if (this.server)
166108
166103
  throw new Error("Client-only method called in server mode");
166109
166104
  if (typeof attrs === "function") {
@@ -166122,7 +166117,7 @@ var require_SFTP = __commonJS((exports, module) => {
166122
166117
  attrsFlags = attrs.flags;
166123
166118
  attrsLen = attrs.nb;
166124
166119
  }
166125
- const pathLen = Buffer.byteLength(path4);
166120
+ const pathLen = Buffer.byteLength(path3);
166126
166121
  let p = 9;
166127
166122
  const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + pathLen + 4 + 4 + attrsLen);
166128
166123
  writeUInt32BE(buf, buf.length - 4, 0);
@@ -166130,7 +166125,7 @@ var require_SFTP = __commonJS((exports, module) => {
166130
166125
  const reqid = this._writeReqid = this._writeReqid + 1 & MAX_REQID;
166131
166126
  writeUInt32BE(buf, reqid, 5);
166132
166127
  writeUInt32BE(buf, pathLen, p);
166133
- buf.utf8Write(path4, p += 4, pathLen);
166128
+ buf.utf8Write(path3, p += 4, pathLen);
166134
166129
  writeUInt32BE(buf, flags, p += pathLen);
166135
166130
  writeUInt32BE(buf, attrsFlags, p += 4);
166136
166131
  if (attrsLen) {
@@ -166250,7 +166245,7 @@ var require_SFTP = __commonJS((exports, module) => {
166250
166245
  throw new Error("Client-only method called in server mode");
166251
166246
  fastXfer(fs2, this, localPath, remotePath, opts, cb);
166252
166247
  }
166253
- readFile(path4, options, callback_) {
166248
+ readFile(path3, options, callback_) {
166254
166249
  if (this.server)
166255
166250
  throw new Error("Client-only method called in server mode");
166256
166251
  let callback;
@@ -166323,13 +166318,13 @@ var require_SFTP = __commonJS((exports, module) => {
166323
166318
  return callback && callback(er, buffer);
166324
166319
  });
166325
166320
  };
166326
- this.open(path4, flag, 438, (er, handle_) => {
166321
+ this.open(path3, flag, 438, (er, handle_) => {
166327
166322
  if (er)
166328
166323
  return callback && callback(er);
166329
166324
  handle = handle_;
166330
166325
  const tryStat = (er2, st) => {
166331
166326
  if (er2) {
166332
- this.stat(path4, (er_, st_) => {
166327
+ this.stat(path3, (er_, st_) => {
166333
166328
  if (er_) {
166334
166329
  return this.close(handle, () => {
166335
166330
  callback && callback(er2);
@@ -166350,7 +166345,7 @@ var require_SFTP = __commonJS((exports, module) => {
166350
166345
  this.fstat(handle, tryStat);
166351
166346
  });
166352
166347
  }
166353
- writeFile(path4, data, options, callback_) {
166348
+ writeFile(path3, data, options, callback_) {
166354
166349
  if (this.server)
166355
166350
  throw new Error("Client-only method called in server mode");
166356
166351
  let callback;
@@ -166369,7 +166364,7 @@ var require_SFTP = __commonJS((exports, module) => {
166369
166364
  if (options.encoding && !Buffer.isEncoding(options.encoding))
166370
166365
  throw new Error(`Unknown encoding: ${options.encoding}`);
166371
166366
  const flag = options.flag || "w";
166372
- this.open(path4, flag, options.mode, (openErr, handle) => {
166367
+ this.open(path3, flag, options.mode, (openErr, handle) => {
166373
166368
  if (openErr) {
166374
166369
  callback && callback(openErr);
166375
166370
  } else {
@@ -166378,7 +166373,7 @@ var require_SFTP = __commonJS((exports, module) => {
166378
166373
  if (position === null) {
166379
166374
  const tryStat = (er, st) => {
166380
166375
  if (er) {
166381
- this.stat(path4, (er_, st_) => {
166376
+ this.stat(path3, (er_, st_) => {
166382
166377
  if (er_) {
166383
166378
  return this.close(handle, () => {
166384
166379
  callback && callback(er);
@@ -166397,7 +166392,7 @@ var require_SFTP = __commonJS((exports, module) => {
166397
166392
  }
166398
166393
  });
166399
166394
  }
166400
- appendFile(path4, data, options, callback_) {
166395
+ appendFile(path3, data, options, callback_) {
166401
166396
  if (this.server)
166402
166397
  throw new Error("Client-only method called in server mode");
166403
166398
  let callback;
@@ -166415,12 +166410,12 @@ var require_SFTP = __commonJS((exports, module) => {
166415
166410
  throw new TypeError("Bad arguments");
166416
166411
  if (!options.flag)
166417
166412
  options = Object.assign({ flag: "a" }, options);
166418
- this.writeFile(path4, data, options, callback);
166413
+ this.writeFile(path3, data, options, callback);
166419
166414
  }
166420
- exists(path4, cb) {
166415
+ exists(path3, cb) {
166421
166416
  if (this.server)
166422
166417
  throw new Error("Client-only method called in server mode");
166423
- this.stat(path4, (err) => {
166418
+ this.stat(path3, (err) => {
166424
166419
  cb && cb(err ? false : true);
166425
166420
  });
166426
166421
  }
@@ -166459,7 +166454,7 @@ var require_SFTP = __commonJS((exports, module) => {
166459
166454
  const isBuffered = sendOrBuffer(this, buf);
166460
166455
  this._debug && this._debug(`SFTP: Outbound: ${isBuffered ? "Buffered" : "Sending"} RENAME`);
166461
166456
  }
166462
- mkdir(path4, attrs, cb) {
166457
+ mkdir(path3, attrs, cb) {
166463
166458
  if (this.server)
166464
166459
  throw new Error("Client-only method called in server mode");
166465
166460
  let flags = 0;
@@ -166473,7 +166468,7 @@ var require_SFTP = __commonJS((exports, module) => {
166473
166468
  flags = attrs.flags;
166474
166469
  attrsLen = attrs.nb;
166475
166470
  }
166476
- const pathLen = Buffer.byteLength(path4);
166471
+ const pathLen = Buffer.byteLength(path3);
166477
166472
  let p = 9;
166478
166473
  const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + pathLen + 4 + attrsLen);
166479
166474
  writeUInt32BE(buf, buf.length - 4, 0);
@@ -166481,7 +166476,7 @@ var require_SFTP = __commonJS((exports, module) => {
166481
166476
  const reqid = this._writeReqid = this._writeReqid + 1 & MAX_REQID;
166482
166477
  writeUInt32BE(buf, reqid, 5);
166483
166478
  writeUInt32BE(buf, pathLen, p);
166484
- buf.utf8Write(path4, p += 4, pathLen);
166479
+ buf.utf8Write(path3, p += 4, pathLen);
166485
166480
  writeUInt32BE(buf, flags, p += pathLen);
166486
166481
  if (attrsLen) {
166487
166482
  p += 4;
@@ -166495,10 +166490,10 @@ var require_SFTP = __commonJS((exports, module) => {
166495
166490
  const isBuffered = sendOrBuffer(this, buf);
166496
166491
  this._debug && this._debug(`SFTP: Outbound: ${isBuffered ? "Buffered" : "Sending"} MKDIR`);
166497
166492
  }
166498
- rmdir(path4, cb) {
166493
+ rmdir(path3, cb) {
166499
166494
  if (this.server)
166500
166495
  throw new Error("Client-only method called in server mode");
166501
- const pathLen = Buffer.byteLength(path4);
166496
+ const pathLen = Buffer.byteLength(path3);
166502
166497
  let p = 9;
166503
166498
  const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + pathLen);
166504
166499
  writeUInt32BE(buf, buf.length - 4, 0);
@@ -166506,7 +166501,7 @@ var require_SFTP = __commonJS((exports, module) => {
166506
166501
  const reqid = this._writeReqid = this._writeReqid + 1 & MAX_REQID;
166507
166502
  writeUInt32BE(buf, reqid, 5);
166508
166503
  writeUInt32BE(buf, pathLen, p);
166509
- buf.utf8Write(path4, p += 4, pathLen);
166504
+ buf.utf8Write(path3, p += 4, pathLen);
166510
166505
  this._requests[reqid] = { cb };
166511
166506
  const isBuffered = sendOrBuffer(this, buf);
166512
166507
  this._debug && this._debug(`SFTP: Outbound: ${isBuffered ? "Buffered" : "Sending"} RMDIR`);
@@ -166590,10 +166585,10 @@ var require_SFTP = __commonJS((exports, module) => {
166590
166585
  const isBuffered = sendOrBuffer(this, buf);
166591
166586
  this._debug && this._debug(`SFTP: Outbound: ${isBuffered ? "Buffered" : "Sending"} FSTAT`);
166592
166587
  }
166593
- stat(path4, cb) {
166588
+ stat(path3, cb) {
166594
166589
  if (this.server)
166595
166590
  throw new Error("Client-only method called in server mode");
166596
- const pathLen = Buffer.byteLength(path4);
166591
+ const pathLen = Buffer.byteLength(path3);
166597
166592
  let p = 9;
166598
166593
  const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + pathLen);
166599
166594
  writeUInt32BE(buf, buf.length - 4, 0);
@@ -166601,15 +166596,15 @@ var require_SFTP = __commonJS((exports, module) => {
166601
166596
  const reqid = this._writeReqid = this._writeReqid + 1 & MAX_REQID;
166602
166597
  writeUInt32BE(buf, reqid, 5);
166603
166598
  writeUInt32BE(buf, pathLen, p);
166604
- buf.utf8Write(path4, p += 4, pathLen);
166599
+ buf.utf8Write(path3, p += 4, pathLen);
166605
166600
  this._requests[reqid] = { cb };
166606
166601
  const isBuffered = sendOrBuffer(this, buf);
166607
166602
  this._debug && this._debug(`SFTP: Outbound: ${isBuffered ? "Buffered" : "Sending"} STAT`);
166608
166603
  }
166609
- lstat(path4, cb) {
166604
+ lstat(path3, cb) {
166610
166605
  if (this.server)
166611
166606
  throw new Error("Client-only method called in server mode");
166612
- const pathLen = Buffer.byteLength(path4);
166607
+ const pathLen = Buffer.byteLength(path3);
166613
166608
  let p = 9;
166614
166609
  const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + pathLen);
166615
166610
  writeUInt32BE(buf, buf.length - 4, 0);
@@ -166617,15 +166612,15 @@ var require_SFTP = __commonJS((exports, module) => {
166617
166612
  const reqid = this._writeReqid = this._writeReqid + 1 & MAX_REQID;
166618
166613
  writeUInt32BE(buf, reqid, 5);
166619
166614
  writeUInt32BE(buf, pathLen, p);
166620
- buf.utf8Write(path4, p += 4, pathLen);
166615
+ buf.utf8Write(path3, p += 4, pathLen);
166621
166616
  this._requests[reqid] = { cb };
166622
166617
  const isBuffered = sendOrBuffer(this, buf);
166623
166618
  this._debug && this._debug(`SFTP: Outbound: ${isBuffered ? "Buffered" : "Sending"} LSTAT`);
166624
166619
  }
166625
- opendir(path4, cb) {
166620
+ opendir(path3, cb) {
166626
166621
  if (this.server)
166627
166622
  throw new Error("Client-only method called in server mode");
166628
- const pathLen = Buffer.byteLength(path4);
166623
+ const pathLen = Buffer.byteLength(path3);
166629
166624
  let p = 9;
166630
166625
  const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + pathLen);
166631
166626
  writeUInt32BE(buf, buf.length - 4, 0);
@@ -166633,12 +166628,12 @@ var require_SFTP = __commonJS((exports, module) => {
166633
166628
  const reqid = this._writeReqid = this._writeReqid + 1 & MAX_REQID;
166634
166629
  writeUInt32BE(buf, reqid, 5);
166635
166630
  writeUInt32BE(buf, pathLen, p);
166636
- buf.utf8Write(path4, p += 4, pathLen);
166631
+ buf.utf8Write(path3, p += 4, pathLen);
166637
166632
  this._requests[reqid] = { cb };
166638
166633
  const isBuffered = sendOrBuffer(this, buf);
166639
166634
  this._debug && this._debug(`SFTP: Outbound: ${isBuffered ? "Buffered" : "Sending"} OPENDIR`);
166640
166635
  }
166641
- setstat(path4, attrs, cb) {
166636
+ setstat(path3, attrs, cb) {
166642
166637
  if (this.server)
166643
166638
  throw new Error("Client-only method called in server mode");
166644
166639
  let flags = 0;
@@ -166650,7 +166645,7 @@ var require_SFTP = __commonJS((exports, module) => {
166650
166645
  } else if (typeof attrs === "function") {
166651
166646
  cb = attrs;
166652
166647
  }
166653
- const pathLen = Buffer.byteLength(path4);
166648
+ const pathLen = Buffer.byteLength(path3);
166654
166649
  let p = 9;
166655
166650
  const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + pathLen + 4 + attrsLen);
166656
166651
  writeUInt32BE(buf, buf.length - 4, 0);
@@ -166658,7 +166653,7 @@ var require_SFTP = __commonJS((exports, module) => {
166658
166653
  const reqid = this._writeReqid = this._writeReqid + 1 & MAX_REQID;
166659
166654
  writeUInt32BE(buf, reqid, 5);
166660
166655
  writeUInt32BE(buf, pathLen, p);
166661
- buf.utf8Write(path4, p += 4, pathLen);
166656
+ buf.utf8Write(path3, p += 4, pathLen);
166662
166657
  writeUInt32BE(buf, flags, p += pathLen);
166663
166658
  if (attrsLen) {
166664
166659
  p += 4;
@@ -166714,8 +166709,8 @@ var require_SFTP = __commonJS((exports, module) => {
166714
166709
  mtime: toUnixTimestamp(mtime)
166715
166710
  }, cb);
166716
166711
  }
166717
- utimes(path4, atime, mtime, cb) {
166718
- return this.setstat(path4, {
166712
+ utimes(path3, atime, mtime, cb) {
166713
+ return this.setstat(path3, {
166719
166714
  atime: toUnixTimestamp(atime),
166720
166715
  mtime: toUnixTimestamp(mtime)
166721
166716
  }, cb);
@@ -166726,8 +166721,8 @@ var require_SFTP = __commonJS((exports, module) => {
166726
166721
  gid
166727
166722
  }, cb);
166728
166723
  }
166729
- chown(path4, uid, gid, cb) {
166730
- return this.setstat(path4, {
166724
+ chown(path3, uid, gid, cb) {
166725
+ return this.setstat(path3, {
166731
166726
  uid,
166732
166727
  gid
166733
166728
  }, cb);
@@ -166737,15 +166732,15 @@ var require_SFTP = __commonJS((exports, module) => {
166737
166732
  mode
166738
166733
  }, cb);
166739
166734
  }
166740
- chmod(path4, mode, cb) {
166741
- return this.setstat(path4, {
166735
+ chmod(path3, mode, cb) {
166736
+ return this.setstat(path3, {
166742
166737
  mode
166743
166738
  }, cb);
166744
166739
  }
166745
- readlink(path4, cb) {
166740
+ readlink(path3, cb) {
166746
166741
  if (this.server)
166747
166742
  throw new Error("Client-only method called in server mode");
166748
- const pathLen = Buffer.byteLength(path4);
166743
+ const pathLen = Buffer.byteLength(path3);
166749
166744
  let p = 9;
166750
166745
  const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + pathLen);
166751
166746
  writeUInt32BE(buf, buf.length - 4, 0);
@@ -166753,7 +166748,7 @@ var require_SFTP = __commonJS((exports, module) => {
166753
166748
  const reqid = this._writeReqid = this._writeReqid + 1 & MAX_REQID;
166754
166749
  writeUInt32BE(buf, reqid, 5);
166755
166750
  writeUInt32BE(buf, pathLen, p);
166756
- buf.utf8Write(path4, p += 4, pathLen);
166751
+ buf.utf8Write(path3, p += 4, pathLen);
166757
166752
  this._requests[reqid] = {
166758
166753
  cb: (err, names) => {
166759
166754
  if (typeof cb !== "function")
@@ -166794,10 +166789,10 @@ var require_SFTP = __commonJS((exports, module) => {
166794
166789
  const isBuffered = sendOrBuffer(this, buf);
166795
166790
  this._debug && this._debug(`SFTP: Outbound: ${isBuffered ? "Buffered" : "Sending"} SYMLINK`);
166796
166791
  }
166797
- realpath(path4, cb) {
166792
+ realpath(path3, cb) {
166798
166793
  if (this.server)
166799
166794
  throw new Error("Client-only method called in server mode");
166800
- const pathLen = Buffer.byteLength(path4);
166795
+ const pathLen = Buffer.byteLength(path3);
166801
166796
  let p = 9;
166802
166797
  const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + pathLen);
166803
166798
  writeUInt32BE(buf, buf.length - 4, 0);
@@ -166805,7 +166800,7 @@ var require_SFTP = __commonJS((exports, module) => {
166805
166800
  const reqid = this._writeReqid = this._writeReqid + 1 & MAX_REQID;
166806
166801
  writeUInt32BE(buf, reqid, 5);
166807
166802
  writeUInt32BE(buf, pathLen, p);
166808
- buf.utf8Write(path4, p += 4, pathLen);
166803
+ buf.utf8Write(path3, p += 4, pathLen);
166809
166804
  this._requests[reqid] = {
166810
166805
  cb: (err, names) => {
166811
166806
  if (typeof cb !== "function")
@@ -166847,13 +166842,13 @@ var require_SFTP = __commonJS((exports, module) => {
166847
166842
  this._debug(`SFTP: Outbound: ${which} posix-rename@openssh.com`);
166848
166843
  }
166849
166844
  }
166850
- ext_openssh_statvfs(path4, cb) {
166845
+ ext_openssh_statvfs(path3, cb) {
166851
166846
  if (this.server)
166852
166847
  throw new Error("Client-only method called in server mode");
166853
166848
  const ext = this._extensions["statvfs@openssh.com"];
166854
166849
  if (!ext || ext !== "2")
166855
166850
  throw new Error("Server does not support this extended request");
166856
- const pathLen = Buffer.byteLength(path4);
166851
+ const pathLen = Buffer.byteLength(path3);
166857
166852
  let p = 9;
166858
166853
  const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + 19 + 4 + pathLen);
166859
166854
  writeUInt32BE(buf, buf.length - 4, 0);
@@ -166863,7 +166858,7 @@ var require_SFTP = __commonJS((exports, module) => {
166863
166858
  writeUInt32BE(buf, 19, p);
166864
166859
  buf.utf8Write("statvfs@openssh.com", p += 4, 19);
166865
166860
  writeUInt32BE(buf, pathLen, p += 19);
166866
- buf.utf8Write(path4, p += 4, pathLen);
166861
+ buf.utf8Write(path3, p += 4, pathLen);
166867
166862
  this._requests[reqid] = { extended: "statvfs@openssh.com", cb };
166868
166863
  const isBuffered = sendOrBuffer(this, buf);
166869
166864
  if (this._debug) {
@@ -166947,7 +166942,7 @@ var require_SFTP = __commonJS((exports, module) => {
166947
166942
  const isBuffered = sendOrBuffer(this, buf);
166948
166943
  this._debug && this._debug(`SFTP: Outbound: ${isBuffered ? "Buffered" : "Sending"} fsync@openssh.com`);
166949
166944
  }
166950
- ext_openssh_lsetstat(path4, attrs, cb) {
166945
+ ext_openssh_lsetstat(path3, attrs, cb) {
166951
166946
  if (this.server)
166952
166947
  throw new Error("Client-only method called in server mode");
166953
166948
  const ext = this._extensions["lsetstat@openssh.com"];
@@ -166962,7 +166957,7 @@ var require_SFTP = __commonJS((exports, module) => {
166962
166957
  } else if (typeof attrs === "function") {
166963
166958
  cb = attrs;
166964
166959
  }
166965
- const pathLen = Buffer.byteLength(path4);
166960
+ const pathLen = Buffer.byteLength(path3);
166966
166961
  let p = 9;
166967
166962
  const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + 20 + 4 + pathLen + 4 + attrsLen);
166968
166963
  writeUInt32BE(buf, buf.length - 4, 0);
@@ -166972,7 +166967,7 @@ var require_SFTP = __commonJS((exports, module) => {
166972
166967
  writeUInt32BE(buf, 20, p);
166973
166968
  buf.utf8Write("lsetstat@openssh.com", p += 4, 20);
166974
166969
  writeUInt32BE(buf, pathLen, p += 20);
166975
- buf.utf8Write(path4, p += 4, pathLen);
166970
+ buf.utf8Write(path3, p += 4, pathLen);
166976
166971
  writeUInt32BE(buf, flags, p += pathLen);
166977
166972
  if (attrsLen) {
166978
166973
  p += 4;
@@ -166989,13 +166984,13 @@ var require_SFTP = __commonJS((exports, module) => {
166989
166984
  this._debug(`SFTP: Outbound: ${status} lsetstat@openssh.com`);
166990
166985
  }
166991
166986
  }
166992
- ext_openssh_expandPath(path4, cb) {
166987
+ ext_openssh_expandPath(path3, cb) {
166993
166988
  if (this.server)
166994
166989
  throw new Error("Client-only method called in server mode");
166995
166990
  const ext = this._extensions["expand-path@openssh.com"];
166996
166991
  if (ext !== "1")
166997
166992
  throw new Error("Server does not support this extended request");
166998
- const pathLen = Buffer.byteLength(path4);
166993
+ const pathLen = Buffer.byteLength(path3);
166999
166994
  let p = 9;
167000
166995
  const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + 23 + 4 + pathLen);
167001
166996
  writeUInt32BE(buf, buf.length - 4, 0);
@@ -167005,7 +167000,7 @@ var require_SFTP = __commonJS((exports, module) => {
167005
167000
  writeUInt32BE(buf, 23, p);
167006
167001
  buf.utf8Write("expand-path@openssh.com", p += 4, 23);
167007
167002
  writeUInt32BE(buf, pathLen, p += 20);
167008
- buf.utf8Write(path4, p += 4, pathLen);
167003
+ buf.utf8Write(path3, p += 4, pathLen);
167009
167004
  this._requests[reqid] = {
167010
167005
  cb: (err, names) => {
167011
167006
  if (typeof cb !== "function")
@@ -168222,12 +168217,12 @@ var require_SFTP = __commonJS((exports, module) => {
168222
168217
  [REQUEST.LSTAT]: (sftp, payload) => {
168223
168218
  bufferParser.init(payload, 1);
168224
168219
  const reqID = bufferParser.readUInt32BE();
168225
- const path4 = bufferParser.readString(true);
168220
+ const path3 = bufferParser.readString(true);
168226
168221
  bufferParser.clear();
168227
- if (path4 === undefined)
168222
+ if (path3 === undefined)
168228
168223
  return doFatalSFTPError(sftp, "Malformed LSTAT packet");
168229
168224
  sftp._debug && sftp._debug(`SFTP: Inbound: Received LSTAT (id:${reqID})`);
168230
- if (!sftp.emit("LSTAT", reqID, path4)) {
168225
+ if (!sftp.emit("LSTAT", reqID, path3)) {
168231
168226
  sftp.status(reqID, STATUS_CODE.OP_UNSUPPORTED);
168232
168227
  }
168233
168228
  },
@@ -168246,13 +168241,13 @@ var require_SFTP = __commonJS((exports, module) => {
168246
168241
  [REQUEST.SETSTAT]: (sftp, payload) => {
168247
168242
  bufferParser.init(payload, 1);
168248
168243
  const reqID = bufferParser.readUInt32BE();
168249
- const path4 = bufferParser.readString(true);
168244
+ const path3 = bufferParser.readString(true);
168250
168245
  const attrs = readAttrs(sftp._biOpt);
168251
168246
  bufferParser.clear();
168252
168247
  if (attrs === undefined)
168253
168248
  return doFatalSFTPError(sftp, "Malformed SETSTAT packet");
168254
168249
  sftp._debug && sftp._debug(`SFTP: Inbound: Received SETSTAT (id:${reqID})`);
168255
- if (!sftp.emit("SETSTAT", reqID, path4, attrs)) {
168250
+ if (!sftp.emit("SETSTAT", reqID, path3, attrs)) {
168256
168251
  sftp.status(reqID, STATUS_CODE.OP_UNSUPPORTED);
168257
168252
  }
168258
168253
  },
@@ -168272,12 +168267,12 @@ var require_SFTP = __commonJS((exports, module) => {
168272
168267
  [REQUEST.OPENDIR]: (sftp, payload) => {
168273
168268
  bufferParser.init(payload, 1);
168274
168269
  const reqID = bufferParser.readUInt32BE();
168275
- const path4 = bufferParser.readString(true);
168270
+ const path3 = bufferParser.readString(true);
168276
168271
  bufferParser.clear();
168277
- if (path4 === undefined)
168272
+ if (path3 === undefined)
168278
168273
  return doFatalSFTPError(sftp, "Malformed OPENDIR packet");
168279
168274
  sftp._debug && sftp._debug(`SFTP: Inbound: Received OPENDIR (id:${reqID})`);
168280
- if (!sftp.emit("OPENDIR", reqID, path4)) {
168275
+ if (!sftp.emit("OPENDIR", reqID, path3)) {
168281
168276
  sftp.status(reqID, STATUS_CODE.OP_UNSUPPORTED);
168282
168277
  }
168283
168278
  },
@@ -168296,61 +168291,61 @@ var require_SFTP = __commonJS((exports, module) => {
168296
168291
  [REQUEST.REMOVE]: (sftp, payload) => {
168297
168292
  bufferParser.init(payload, 1);
168298
168293
  const reqID = bufferParser.readUInt32BE();
168299
- const path4 = bufferParser.readString(true);
168294
+ const path3 = bufferParser.readString(true);
168300
168295
  bufferParser.clear();
168301
- if (path4 === undefined)
168296
+ if (path3 === undefined)
168302
168297
  return doFatalSFTPError(sftp, "Malformed REMOVE packet");
168303
168298
  sftp._debug && sftp._debug(`SFTP: Inbound: Received REMOVE (id:${reqID})`);
168304
- if (!sftp.emit("REMOVE", reqID, path4)) {
168299
+ if (!sftp.emit("REMOVE", reqID, path3)) {
168305
168300
  sftp.status(reqID, STATUS_CODE.OP_UNSUPPORTED);
168306
168301
  }
168307
168302
  },
168308
168303
  [REQUEST.MKDIR]: (sftp, payload) => {
168309
168304
  bufferParser.init(payload, 1);
168310
168305
  const reqID = bufferParser.readUInt32BE();
168311
- const path4 = bufferParser.readString(true);
168306
+ const path3 = bufferParser.readString(true);
168312
168307
  const attrs = readAttrs(sftp._biOpt);
168313
168308
  bufferParser.clear();
168314
168309
  if (attrs === undefined)
168315
168310
  return doFatalSFTPError(sftp, "Malformed MKDIR packet");
168316
168311
  sftp._debug && sftp._debug(`SFTP: Inbound: Received MKDIR (id:${reqID})`);
168317
- if (!sftp.emit("MKDIR", reqID, path4, attrs)) {
168312
+ if (!sftp.emit("MKDIR", reqID, path3, attrs)) {
168318
168313
  sftp.status(reqID, STATUS_CODE.OP_UNSUPPORTED);
168319
168314
  }
168320
168315
  },
168321
168316
  [REQUEST.RMDIR]: (sftp, payload) => {
168322
168317
  bufferParser.init(payload, 1);
168323
168318
  const reqID = bufferParser.readUInt32BE();
168324
- const path4 = bufferParser.readString(true);
168319
+ const path3 = bufferParser.readString(true);
168325
168320
  bufferParser.clear();
168326
- if (path4 === undefined)
168321
+ if (path3 === undefined)
168327
168322
  return doFatalSFTPError(sftp, "Malformed RMDIR packet");
168328
168323
  sftp._debug && sftp._debug(`SFTP: Inbound: Received RMDIR (id:${reqID})`);
168329
- if (!sftp.emit("RMDIR", reqID, path4)) {
168324
+ if (!sftp.emit("RMDIR", reqID, path3)) {
168330
168325
  sftp.status(reqID, STATUS_CODE.OP_UNSUPPORTED);
168331
168326
  }
168332
168327
  },
168333
168328
  [REQUEST.REALPATH]: (sftp, payload) => {
168334
168329
  bufferParser.init(payload, 1);
168335
168330
  const reqID = bufferParser.readUInt32BE();
168336
- const path4 = bufferParser.readString(true);
168331
+ const path3 = bufferParser.readString(true);
168337
168332
  bufferParser.clear();
168338
- if (path4 === undefined)
168333
+ if (path3 === undefined)
168339
168334
  return doFatalSFTPError(sftp, "Malformed REALPATH packet");
168340
168335
  sftp._debug && sftp._debug(`SFTP: Inbound: Received REALPATH (id:${reqID})`);
168341
- if (!sftp.emit("REALPATH", reqID, path4)) {
168336
+ if (!sftp.emit("REALPATH", reqID, path3)) {
168342
168337
  sftp.status(reqID, STATUS_CODE.OP_UNSUPPORTED);
168343
168338
  }
168344
168339
  },
168345
168340
  [REQUEST.STAT]: (sftp, payload) => {
168346
168341
  bufferParser.init(payload, 1);
168347
168342
  const reqID = bufferParser.readUInt32BE();
168348
- const path4 = bufferParser.readString(true);
168343
+ const path3 = bufferParser.readString(true);
168349
168344
  bufferParser.clear();
168350
- if (path4 === undefined)
168345
+ if (path3 === undefined)
168351
168346
  return doFatalSFTPError(sftp, "Malformed STAT packet");
168352
168347
  sftp._debug && sftp._debug(`SFTP: Inbound: Received STAT (id:${reqID})`);
168353
- if (!sftp.emit("STAT", reqID, path4)) {
168348
+ if (!sftp.emit("STAT", reqID, path3)) {
168354
168349
  sftp.status(reqID, STATUS_CODE.OP_UNSUPPORTED);
168355
168350
  }
168356
168351
  },
@@ -168370,12 +168365,12 @@ var require_SFTP = __commonJS((exports, module) => {
168370
168365
  [REQUEST.READLINK]: (sftp, payload) => {
168371
168366
  bufferParser.init(payload, 1);
168372
168367
  const reqID = bufferParser.readUInt32BE();
168373
- const path4 = bufferParser.readString(true);
168368
+ const path3 = bufferParser.readString(true);
168374
168369
  bufferParser.clear();
168375
- if (path4 === undefined)
168370
+ if (path3 === undefined)
168376
168371
  return doFatalSFTPError(sftp, "Malformed READLINK packet");
168377
168372
  sftp._debug && sftp._debug(`SFTP: Inbound: Received READLINK (id:${reqID})`);
168378
- if (!sftp.emit("READLINK", reqID, path4)) {
168373
+ if (!sftp.emit("READLINK", reqID, path3)) {
168379
168374
  sftp.status(reqID, STATUS_CODE.OP_UNSUPPORTED);
168380
168375
  }
168381
168376
  },
@@ -168444,7 +168439,7 @@ var require_SFTP = __commonJS((exports, module) => {
168444
168439
  function roundUpToMultipleOf8(n) {
168445
168440
  return n + 7 & ~7;
168446
168441
  }
168447
- function ReadStream(sftp, path4, options) {
168442
+ function ReadStream(sftp, path3, options) {
168448
168443
  if (options === undefined)
168449
168444
  options = {};
168450
168445
  else if (typeof options === "string")
@@ -168458,7 +168453,7 @@ var require_SFTP = __commonJS((exports, module) => {
168458
168453
  options.emitClose = false;
168459
168454
  options.autoDestroy = false;
168460
168455
  ReadableStream3.call(this, options);
168461
- this.path = path4;
168456
+ this.path = path3;
168462
168457
  this.flags = options.flags === undefined ? "r" : options.flags;
168463
168458
  this.mode = options.mode === undefined ? 438 : options.mode;
168464
168459
  this.start = options.start;
@@ -168578,7 +168573,7 @@ var require_SFTP = __commonJS((exports, module) => {
168578
168573
  },
168579
168574
  configurable: true
168580
168575
  });
168581
- function WriteStream(sftp, path4, options) {
168576
+ function WriteStream(sftp, path3, options) {
168582
168577
  if (options === undefined)
168583
168578
  options = {};
168584
168579
  else if (typeof options === "string")
@@ -168590,7 +168585,7 @@ var require_SFTP = __commonJS((exports, module) => {
168590
168585
  options.emitClose = false;
168591
168586
  options.autoDestroy = false;
168592
168587
  WritableStream.call(this, options);
168593
- this.path = path4;
168588
+ this.path = path3;
168594
168589
  this.flags = options.flags === undefined ? "w" : options.flags;
168595
168590
  this.mode = options.mode === undefined ? 438 : options.mode;
168596
168591
  this.start = options.start;
@@ -246665,7 +246660,138 @@ function safeJoinUnderRoot(root, ...segments) {
246665
246660
 
246666
246661
  // src/service/connection_config.ts
246667
246662
  import { createPrivateKey } from "crypto";
246663
+ import { existsSync } from "fs";
246668
246664
  import path3 from "path";
246665
+
246666
+ // src/service/proxy.ts
246667
+ init_logger();
246668
+ var import_ssh2 = __toESM(require_lib10(), 1);
246669
+ import net from "net";
246670
+ var SSH_CONNECT_TIMEOUT_MS = 15000;
246671
+ var SSH_KEEPALIVE_INTERVAL_MS = 15000;
246672
+ function parseHostKeys(raw) {
246673
+ const keys = new Set;
246674
+ for (const line of raw.split(/\r?\n/)) {
246675
+ const trimmed = line.trim();
246676
+ if (!trimmed || trimmed.startsWith("#"))
246677
+ continue;
246678
+ const tokens = trimmed.split(/\s+/);
246679
+ const blob = tokens.find((t) => /^AAAA[A-Za-z0-9+/]+={0,2}$/.test(t));
246680
+ const key = blob ?? tokens[tokens.length - 1];
246681
+ if (key)
246682
+ keys.add(key);
246683
+ }
246684
+ return keys;
246685
+ }
246686
+ async function openProxy(proxy, target) {
246687
+ if (proxy.type === "ssh") {
246688
+ if (!proxy.ssh) {
246689
+ throw new Error("ConnectionProxy type is 'ssh' but the 'ssh' config object is missing.");
246690
+ }
246691
+ return openSshProxy(proxy.ssh, target);
246692
+ }
246693
+ throw new Error(`Proxy type '${proxy.type}' is not supported yet. Only 'ssh' is implemented.`);
246694
+ }
246695
+ function openSshProxy(ssh, target) {
246696
+ return new Promise((resolve2, reject) => {
246697
+ const client = new import_ssh2.Client;
246698
+ let localPort = 0;
246699
+ let server;
246700
+ let settled = false;
246701
+ const sockets = new Set;
246702
+ function fail(err) {
246703
+ if (settled)
246704
+ return;
246705
+ settled = true;
246706
+ server?.close();
246707
+ client.end();
246708
+ reject(err);
246709
+ }
246710
+ const connectConfig = {
246711
+ host: ssh.host,
246712
+ port: ssh.port ?? 22,
246713
+ username: ssh.username,
246714
+ privateKey: ssh.privateKey,
246715
+ ...ssh.privateKeyPass ? { passphrase: ssh.privateKeyPass } : {},
246716
+ readyTimeout: SSH_CONNECT_TIMEOUT_MS,
246717
+ keepaliveInterval: SSH_KEEPALIVE_INTERVAL_MS,
246718
+ keepaliveCountMax: 3,
246719
+ hostVerifier: (key) => {
246720
+ const presented = key.toString("base64");
246721
+ if (ssh.hostKey) {
246722
+ const pinned = parseHostKeys(ssh.hostKey);
246723
+ if (pinned.has(presented)) {
246724
+ return true;
246725
+ }
246726
+ fail(new Error(`SSH host-key verification failed for ${ssh.host}: the presented key ` + `(${presented.slice(0, 24)}…) is not among the ${pinned.size} pinned ` + `host key(s).`));
246727
+ return false;
246728
+ }
246729
+ logger.warn(`Connecting to SSH bastion ${ssh.host} without host-key verification (no hostKey pinned).`);
246730
+ return true;
246731
+ }
246732
+ };
246733
+ client.on("error", (err) => fail(err));
246734
+ client.on("ready", () => {
246735
+ server = net.createServer((socket) => {
246736
+ sockets.add(socket);
246737
+ socket.on("close", () => sockets.delete(socket));
246738
+ const earlyData = [];
246739
+ socket.on("data", (chunk) => earlyData.push(chunk));
246740
+ client.forwardOut("127.0.0.1", localPort, target.host, target.port, (err, channel) => {
246741
+ if (err) {
246742
+ socket.destroy(err);
246743
+ return;
246744
+ }
246745
+ if (socket.destroyed) {
246746
+ channel.destroy();
246747
+ return;
246748
+ }
246749
+ for (const chunk of earlyData) {
246750
+ channel.write(chunk);
246751
+ }
246752
+ earlyData.length = 0;
246753
+ socket.removeAllListeners("data");
246754
+ socket.pipe(channel);
246755
+ channel.pipe(socket);
246756
+ socket.on("error", () => channel.destroy());
246757
+ channel.on("error", () => socket.destroy());
246758
+ socket.on("close", () => channel.destroy());
246759
+ channel.on("close", () => socket.destroy());
246760
+ });
246761
+ });
246762
+ server.listen(0, "127.0.0.1", () => {
246763
+ const addr = server.address();
246764
+ if (!addr || typeof addr === "string") {
246765
+ fail(new Error("Failed to obtain local listen port for SSH proxy."));
246766
+ return;
246767
+ }
246768
+ localPort = addr.port;
246769
+ if (settled)
246770
+ return;
246771
+ settled = true;
246772
+ resolve2({
246773
+ host: "127.0.0.1",
246774
+ port: localPort,
246775
+ close() {
246776
+ return new Promise((res) => {
246777
+ for (const s of sockets)
246778
+ s.destroy();
246779
+ server.close(() => {
246780
+ client.end();
246781
+ res();
246782
+ });
246783
+ });
246784
+ }
246785
+ });
246786
+ });
246787
+ server.on("error", (err) => fail(err));
246788
+ });
246789
+ client.connect(connectConfig);
246790
+ });
246791
+ }
246792
+
246793
+ // src/service/connection_config.ts
246794
+ var PROXIED_SSLMODES = ["disable", "no-verify", "verify-ca"];
246669
246795
  var PUBLISHER_DUCKDB_API_FIELDS = new Set(["attachedDatabases"]);
246670
246796
  function normalizeSnowflakePrivateKey(privateKey) {
246671
246797
  let privateKeyContent = privateKey.trim();
@@ -246850,6 +246976,29 @@ function validateConnectionShape(connection) {
246850
246976
  if (!connection.postgresConnection?.host || !connection.postgresConnection?.port) {
246851
246977
  throw new Error(`Connection proxy on '${connection.name}' requires explicit host and port on the ` + `postgres connection; the connectionString form is not supported with a proxy.`);
246852
246978
  }
246979
+ const hostKey = connection.proxy.ssh?.hostKey;
246980
+ if (hostKey && parseHostKeys(hostKey).size === 0) {
246981
+ throw new Error(`Connection proxy on '${connection.name}' has a hostKey with no usable host-key line ` + `(only blanks/comments). Provide an OpenSSH known_hosts line or base64 blob, or omit ` + `hostKey to connect unpinned.`);
246982
+ }
246983
+ const sslmode = connection.postgresConnection?.sslmode;
246984
+ if (sslmode != null) {
246985
+ if (!PROXIED_SSLMODES.includes(sslmode)) {
246986
+ throw new Error(`Connection proxy on '${connection.name}' has unsupported sslmode '${sslmode}' ` + `(expected ${PROXIED_SSLMODES.join(" | ")}).`);
246987
+ }
246988
+ if (sslmode === "verify-ca") {
246989
+ const caBundle = process.env.NODE_EXTRA_CA_CERTS;
246990
+ if (!caBundle || !existsSync(caBundle)) {
246991
+ throw new Error(`Connection proxy on '${connection.name}' uses sslmode 'verify-ca' but no readable ` + `CA bundle is available (NODE_EXTRA_CA_CERTS is unset or points at a missing file). ` + `Add the CA bundle to the image or use sslmode 'no-verify'.`);
246992
+ }
246993
+ }
246994
+ }
246995
+ const dbName = connection.postgresConnection?.databaseName;
246996
+ if (dbName && decodeURI(encodeURIComponent(dbName)) !== dbName) {
246997
+ throw new Error(`Connection proxy on '${connection.name}' has a database name with characters that can't ` + `be carried over a proxied connection (${JSON.stringify(dbName)}). Use a database name ` + `without URI-reserved characters (; , / ? : @ & = + $ #).`);
246998
+ }
246999
+ }
247000
+ if (!connection.proxy && connection.postgresConnection?.sslmode) {
247001
+ throw new Error(`Connection '${connection.name}' sets postgresConnection.sslmode but has no proxy; sslmode is ` + `only supported for proxied connections (direct connections use the deployment PGSSLMODE).`);
246853
247002
  }
246854
247003
  switch (connection.type) {
246855
247004
  case "postgres":
@@ -247126,126 +247275,6 @@ function validateAndBuildTrinoCoreConfig(trinoConfig) {
247126
247275
  throw new Error(`Invalid Trino connection: expected "http://server:port" or "https://server:port".`);
247127
247276
  }
247128
247277
 
247129
- // src/service/proxy.ts
247130
- var import_ssh2 = __toESM(require_lib10(), 1);
247131
- import net from "net";
247132
- var SSH_CONNECT_TIMEOUT_MS = 15000;
247133
- var SSH_KEEPALIVE_INTERVAL_MS = 15000;
247134
- function extractHostKeyBase64(raw) {
247135
- const tokens = raw.trim().split(/\s+/);
247136
- const blob = tokens.find((t) => /^AAAA[A-Za-z0-9+/]+={0,2}$/.test(t));
247137
- return blob ?? tokens[tokens.length - 1] ?? "";
247138
- }
247139
- async function openProxy(proxy, target) {
247140
- if (proxy.type === "ssh") {
247141
- if (!proxy.ssh) {
247142
- throw new Error("ConnectionProxy type is 'ssh' but the 'ssh' config object is missing.");
247143
- }
247144
- return openSshProxy(proxy.ssh, target);
247145
- }
247146
- throw new Error(`Proxy type '${proxy.type}' is not supported yet. Only 'ssh' is implemented.`);
247147
- }
247148
- function openSshProxy(ssh, target) {
247149
- return new Promise((resolve2, reject) => {
247150
- const client = new import_ssh2.Client;
247151
- let localPort = 0;
247152
- let server;
247153
- let settled = false;
247154
- const sockets = new Set;
247155
- function fail(err) {
247156
- if (settled)
247157
- return;
247158
- settled = true;
247159
- server?.close();
247160
- client.end();
247161
- reject(err);
247162
- }
247163
- const connectConfig = {
247164
- host: ssh.host,
247165
- port: ssh.port ?? 22,
247166
- username: ssh.username,
247167
- privateKey: ssh.privateKey,
247168
- ...ssh.privateKeyPass ? { passphrase: ssh.privateKeyPass } : {},
247169
- readyTimeout: SSH_CONNECT_TIMEOUT_MS,
247170
- keepaliveInterval: SSH_KEEPALIVE_INTERVAL_MS,
247171
- keepaliveCountMax: 3,
247172
- hostVerifier: (key) => {
247173
- const presented = key.toString("base64");
247174
- if (ssh.hostKey) {
247175
- const expected = extractHostKeyBase64(ssh.hostKey);
247176
- if (presented !== expected) {
247177
- fail(new Error(`SSH host-key mismatch for ${ssh.host}: expected ${expected.slice(0, 24)}… but got ${presented.slice(0, 24)}….`));
247178
- return false;
247179
- }
247180
- return true;
247181
- }
247182
- if (process.env.PUBLISHER_SSH_ALLOW_UNKNOWN_HOSTKEY === "true") {
247183
- return true;
247184
- }
247185
- fail(new Error(`SSH connection to ${ssh.host} refused: no hostKey provided and ` + `PUBLISHER_SSH_ALLOW_UNKNOWN_HOSTKEY is not 'true'. ` + `Set hostKey to the bastion's host public key (an OpenSSH ` + `known_hosts line or its base64 blob, e.g. from ssh-keyscan).`));
247186
- return false;
247187
- }
247188
- };
247189
- client.on("error", (err) => fail(err));
247190
- client.on("ready", () => {
247191
- server = net.createServer((socket) => {
247192
- sockets.add(socket);
247193
- socket.on("close", () => sockets.delete(socket));
247194
- const earlyData = [];
247195
- socket.on("data", (chunk) => earlyData.push(chunk));
247196
- client.forwardOut("127.0.0.1", localPort, target.host, target.port, (err, channel) => {
247197
- if (err) {
247198
- socket.destroy(err);
247199
- return;
247200
- }
247201
- if (socket.destroyed) {
247202
- channel.destroy();
247203
- return;
247204
- }
247205
- for (const chunk of earlyData) {
247206
- channel.write(chunk);
247207
- }
247208
- earlyData.length = 0;
247209
- socket.removeAllListeners("data");
247210
- socket.pipe(channel);
247211
- channel.pipe(socket);
247212
- socket.on("error", () => channel.destroy());
247213
- channel.on("error", () => socket.destroy());
247214
- socket.on("close", () => channel.destroy());
247215
- channel.on("close", () => socket.destroy());
247216
- });
247217
- });
247218
- server.listen(0, "127.0.0.1", () => {
247219
- const addr = server.address();
247220
- if (!addr || typeof addr === "string") {
247221
- fail(new Error("Failed to obtain local listen port for SSH proxy."));
247222
- return;
247223
- }
247224
- localPort = addr.port;
247225
- if (settled)
247226
- return;
247227
- settled = true;
247228
- resolve2({
247229
- host: "127.0.0.1",
247230
- port: localPort,
247231
- close() {
247232
- return new Promise((res) => {
247233
- for (const s of sockets)
247234
- s.destroy();
247235
- server.close(() => {
247236
- client.end();
247237
- res();
247238
- });
247239
- });
247240
- }
247241
- });
247242
- });
247243
- server.on("error", (err) => fail(err));
247244
- });
247245
- client.connect(connectConfig);
247246
- });
247247
- }
247248
-
247249
247278
  // src/service/connection.ts
247250
247279
  async function installAndLoadExtension(connection, extensionName, fromCommunity = false) {
247251
247280
  try {
@@ -247798,19 +247827,37 @@ function buildSnowflakePrivateKeyConnection(metadata) {
247798
247827
  poolOptions: buildPoolOptions({ poolMin: 1, poolMax: 20 })
247799
247828
  });
247800
247829
  }
247830
+ function buildProxiedSslQuery(name, sslmode) {
247831
+ const caBundle = process.env.NODE_EXTRA_CA_CERTS;
247832
+ const mode = sslmode ?? "no-verify";
247833
+ switch (mode) {
247834
+ case "disable":
247835
+ return "?sslmode=disable";
247836
+ case "no-verify":
247837
+ return "?sslmode=no-verify";
247838
+ case "verify-ca":
247839
+ if (!caBundle) {
247840
+ throw new Error(`Connection proxy on '${name}' uses sslmode 'verify-ca' but no trusted CA bundle is available (NODE_EXTRA_CA_CERTS is unset). Add the CA bundle to the image or use sslmode 'no-verify'.`);
247841
+ }
247842
+ return `?uselibpqcompat=true&sslmode=verify-ca&sslrootcert=${encodeURIComponent(caBundle)}`;
247843
+ default:
247844
+ throw new Error(`Connection proxy on '${name}' has unsupported sslmode '${mode}' (expected disable | no-verify | verify-ca).`);
247845
+ }
247846
+ }
247801
247847
  function buildProxiedPostgresConnection(metadata, endpoint) {
247802
247848
  const name = metadata.apiConnection.name;
247803
247849
  const pg = metadata.apiConnection.postgresConnection;
247804
247850
  if (!pg) {
247805
247851
  throw new Error(`Proxied connection '${name}' has type 'postgres' but no postgresConnection config.`);
247806
247852
  }
247853
+ const enc = encodeURIComponent;
247854
+ const auth = pg.userName ? `${enc(pg.userName)}${pg.password ? `:${enc(pg.password)}` : ""}@` : "";
247855
+ const db = pg.databaseName ? `/${enc(pg.databaseName)}` : "";
247856
+ const ssl = buildProxiedSslQuery(name, pg.sslmode);
247857
+ const connectionString = `postgresql://${auth}${endpoint.host}:${endpoint.port}${db}${ssl}`;
247807
247858
  return new PooledPostgresConnection({
247808
247859
  name,
247809
- host: endpoint.host,
247810
- port: endpoint.port,
247811
- username: pg.userName,
247812
- password: pg.password,
247813
- databaseName: pg.databaseName,
247860
+ connectionString,
247814
247861
  poolMin: 1,
247815
247862
  poolMax: 20
247816
247863
  });