@naylence/runtime 0.3.12 → 0.3.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/browser/index.cjs +1479 -926
- package/dist/browser/index.mjs +1472 -927
- package/dist/cjs/naylence/fame/connector/broadcast-channel-connector.browser.js +1 -1
- package/dist/cjs/naylence/fame/factory-manifest.js +6 -0
- package/dist/cjs/naylence/fame/grants/grant-materializer.js +59 -0
- package/dist/cjs/naylence/fame/node/admission/admission-profile-factory.js +4 -2
- package/dist/cjs/naylence/fame/node/admission/direct-admission-client-factory.js +3 -1
- package/dist/cjs/naylence/fame/node/admission/direct-admission-client.js +12 -9
- package/dist/cjs/naylence/fame/node/default-node-identity-policy-factory.js +21 -0
- package/dist/cjs/naylence/fame/node/default-node-identity-policy.js +60 -0
- package/dist/cjs/naylence/fame/node/factory-commons.js +31 -7
- package/dist/cjs/naylence/fame/node/index.js +11 -1
- package/dist/cjs/naylence/fame/node/node-config.js +4 -0
- package/dist/cjs/naylence/fame/node/node-identity-policy-factory.js +22 -0
- package/dist/cjs/naylence/fame/node/node-identity-policy-profile-factory.js +67 -0
- package/dist/cjs/naylence/fame/node/node-identity-policy.js +2 -0
- package/dist/cjs/naylence/fame/node/node.js +45 -9
- package/dist/cjs/naylence/fame/node/root-session-manager.js +1 -11
- package/dist/cjs/naylence/fame/node/rpc-client-manager.js +10 -3
- package/dist/cjs/naylence/fame/node/token-subject-node-identity-policy-factory.js +55 -0
- package/dist/cjs/naylence/fame/node/token-subject-node-identity-policy.js +84 -0
- package/dist/cjs/naylence/fame/node/upstream-session-manager.js +87 -9
- package/dist/cjs/naylence/fame/security/auth/auth-identity.js +2 -0
- package/dist/cjs/naylence/fame/security/auth/materializable-token-provider.js +9 -0
- package/dist/cjs/naylence/fame/security/auth/oauth2-pkce-token-provider.js +9 -0
- package/dist/cjs/naylence/fame/security/auth/static-token-provider.js +44 -0
- package/dist/cjs/naylence/fame/security/auth/token-provider.js +6 -0
- package/dist/cjs/naylence/fame/security/default-security-manager.js +4 -2
- package/dist/cjs/naylence/fame/security/index.js +1 -0
- package/dist/cjs/naylence/fame/security/keys/default-key-manager.js +1 -1
- package/dist/cjs/naylence/fame/util/task-spawner.js +8 -0
- package/dist/cjs/version.js +2 -2
- package/dist/esm/naylence/fame/connector/broadcast-channel-connector.browser.js +1 -1
- package/dist/esm/naylence/fame/factory-manifest.js +6 -0
- package/dist/esm/naylence/fame/grants/grant-materializer.js +55 -0
- package/dist/esm/naylence/fame/node/admission/admission-profile-factory.js +4 -2
- package/dist/esm/naylence/fame/node/admission/direct-admission-client-factory.js +3 -1
- package/dist/esm/naylence/fame/node/admission/direct-admission-client.js +13 -10
- package/dist/esm/naylence/fame/node/default-node-identity-policy-factory.js +17 -0
- package/dist/esm/naylence/fame/node/default-node-identity-policy.js +56 -0
- package/dist/esm/naylence/fame/node/factory-commons.js +31 -7
- package/dist/esm/naylence/fame/node/index.js +7 -0
- package/dist/esm/naylence/fame/node/node-config.js +4 -0
- package/dist/esm/naylence/fame/node/node-identity-policy-factory.js +18 -0
- package/dist/esm/naylence/fame/node/node-identity-policy-profile-factory.js +63 -0
- package/dist/esm/naylence/fame/node/node-identity-policy.js +1 -0
- package/dist/esm/naylence/fame/node/node.js +45 -9
- package/dist/esm/naylence/fame/node/root-session-manager.js +1 -11
- package/dist/esm/naylence/fame/node/rpc-client-manager.js +10 -3
- package/dist/esm/naylence/fame/node/token-subject-node-identity-policy-factory.js +18 -0
- package/dist/esm/naylence/fame/node/token-subject-node-identity-policy.js +80 -0
- package/dist/esm/naylence/fame/node/upstream-session-manager.js +87 -9
- package/dist/esm/naylence/fame/security/auth/auth-identity.js +1 -0
- package/dist/esm/naylence/fame/security/auth/materializable-token-provider.js +6 -0
- package/dist/esm/naylence/fame/security/auth/oauth2-pkce-token-provider.js +9 -0
- package/dist/esm/naylence/fame/security/auth/static-token-provider.js +44 -0
- package/dist/esm/naylence/fame/security/auth/token-provider.js +5 -0
- package/dist/esm/naylence/fame/security/default-security-manager.js +4 -2
- package/dist/esm/naylence/fame/security/index.js +1 -0
- package/dist/esm/naylence/fame/security/keys/default-key-manager.js +1 -1
- package/dist/esm/naylence/fame/util/task-spawner.js +8 -0
- package/dist/esm/version.js +2 -2
- package/dist/node/index.cjs +1432 -879
- package/dist/node/index.mjs +1425 -880
- package/dist/node/node.cjs +1560 -1007
- package/dist/node/node.mjs +1553 -1008
- package/dist/types/naylence/fame/factory-manifest.d.ts +1 -1
- package/dist/types/naylence/fame/grants/grant-materializer.d.ts +4 -0
- package/dist/types/naylence/fame/node/admission/admission-profile-factory.d.ts +1 -1
- package/dist/types/naylence/fame/node/admission/direct-admission-client-factory.d.ts +1 -1
- package/dist/types/naylence/fame/node/admission/direct-admission-client.d.ts +3 -0
- package/dist/types/naylence/fame/node/default-node-identity-policy-factory.d.ts +15 -0
- package/dist/types/naylence/fame/node/default-node-identity-policy.d.ts +5 -0
- package/dist/types/naylence/fame/node/factory-commons.d.ts +2 -0
- package/dist/types/naylence/fame/node/index.d.ts +7 -0
- package/dist/types/naylence/fame/node/node-config.d.ts +2 -0
- package/dist/types/naylence/fame/node/node-identity-policy-factory.d.ts +12 -0
- package/dist/types/naylence/fame/node/node-identity-policy-profile-factory.d.ts +15 -0
- package/dist/types/naylence/fame/node/node-identity-policy.d.ts +26 -0
- package/dist/types/naylence/fame/node/node-like.d.ts +3 -1
- package/dist/types/naylence/fame/node/node.d.ts +4 -1
- package/dist/types/naylence/fame/node/root-session-manager.d.ts +0 -1
- package/dist/types/naylence/fame/node/rpc-client-manager.d.ts +2 -0
- package/dist/types/naylence/fame/node/token-subject-node-identity-policy-factory.d.ts +14 -0
- package/dist/types/naylence/fame/node/token-subject-node-identity-policy.d.ts +5 -0
- package/dist/types/naylence/fame/node/upstream-session-manager.d.ts +4 -0
- package/dist/types/naylence/fame/security/auth/auth-identity.d.ts +6 -0
- package/dist/types/naylence/fame/security/auth/materializable-token-provider.d.ts +12 -0
- package/dist/types/naylence/fame/security/auth/oauth2-pkce-token-provider.d.ts +4 -2
- package/dist/types/naylence/fame/security/auth/static-token-provider.d.ts +4 -2
- package/dist/types/naylence/fame/security/auth/token-provider.d.ts +5 -0
- package/dist/types/naylence/fame/security/index.d.ts +1 -0
- package/dist/types/version.d.ts +1 -1
- package/package.json +1 -1
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
*
|
|
5
5
|
* Provides the list of runtime factory modules for registration.
|
|
6
6
|
*/
|
|
7
|
-
export declare const MODULES: readonly ["./connector/broadcast-channel-connector-factory.js", "./connector/broadcast-channel-listener-factory.js", "./connector/http-listener-factory.js", "./connector/http-stateless-connector-factory.js", "./connector/inpage-connector-factory.js", "./connector/inpage-listener-factory.js", "./connector/websocket-connector-factory.js", "./connector/websocket-listener-factory.js", "./delivery/at-least-once-delivery-policy-factory.js", "./delivery/at-most-once-delivery-policy-factory.js", "./delivery/delivery-profile-factory.js", "./fabric/in-process-fame-fabric-factory.js", "./node/admission/admission-profile-factory.js", "./node/admission/direct-admission-client-factory.js", "./node/admission/noop-admission-client-factory.js", "./node/admission/welcome-service-client-factory.js", "./node/node-factory.js", "./placement/static-node-placement-strategy-factory.js", "./security/auth/bearer-token-header-auth-injection-strategy-factory.js", "./security/auth/default-authorizer-factory.js", "./security/auth/jwks-jwt-token-verifier-factory.js", "./security/auth/jwt-token-issuer-factory.js", "./security/auth/jwt-token-verifier-factory.js", "./security/auth/no-auth-injection-strategy-factory.js", "./security/auth/none-token-provider-factory.js", "./security/auth/noop-authorizer-factory.js", "./security/auth/noop-token-issuer-factory.js", "./security/auth/noop-token-verifier-factory.js", "./security/auth/oauth2-authorizer-factory.js", "./security/auth/oauth2-client-credentials-token-provider-factory.js", "./security/auth/oauth2-pkce-token-provider-factory.js", "./security/auth/query-param-auth-injection-strategy-factory.js", "./security/auth/shared-secret-authorizer-factory.js", "./security/auth/shared-secret-token-provider-factory.js", "./security/auth/shared-secret-token-verifier-factory.js", "./security/auth/static-token-provider-factory.js", "./security/auth/websocket-subprotocol-auth-injection-strategy-factory.js", "./security/credential/dev-fixed-key-credential-provider-factory.js", "./security/credential/env-credential-provider-factory.js", "./security/credential/none-credential-provider-factory.js", "./security/credential/prompt-credential-provider-factory.js", "./security/credential/secret-store-credential-provider-factory.js", "./security/credential/session-key-credential-provider-factory.js", "./security/credential/static-credential-provider-factory.js", "./security/default-security-manager-factory.js", "./security/encryption/noop-encryption-manager-factory.js", "./security/encryption/noop-secure-channel-manager-factory.js", "./security/keys/default-key-manager-factory.js", "./security/keys/in-memory-key-store-factory.js", "./security/keys/noop-key-validator-factory.js", "./security/node-security-profile-factory.js", "./security/policy/default-security-policy-factory.js", "./security/policy/no-security-policy-factory.js", "./security/signing/eddsa-envelope-signer-factory.js", "./security/signing/eddsa-envelope-verifier-factory.js", "./security/trust-store/noop-trust-store-provider-factory.js", "./sentinel/capability-aware-routing-policy-factory.js", "./sentinel/composite-routing-policy-factory.js", "./sentinel/hybrid-path-routing-policy-factory.js", "./sentinel/load-balancing/composite-load-balancing-strategy-factory.js", "./sentinel/load-balancing/hrw-load-balancing-strategy-factory.js", "./sentinel/load-balancing/load-balancing-profile-factory.js", "./sentinel/load-balancing/random-load-balancing-strategy-factory.js", "./sentinel/load-balancing/round-robin-load-balancing-strategy-factory.js", "./sentinel/load-balancing/sticky-load-balancing-strategy-factory.js", "./sentinel/routing-profile-factory.js", "./sentinel/sentinel-factory.js", "./sentinel/store/route-store-factory.js", "./stickiness/simple-load-balancer-stickiness-manager-factory.js", "./telemetry/noop-trace-emitter-factory.js", "./telemetry/open-telemetry-trace-emitter-factory.js", "./telemetry/trace-emitter-profile-factory.js", "./welcome/default-welcome-service-factory.js"];
|
|
7
|
+
export declare const MODULES: readonly ["./connector/broadcast-channel-connector-factory.js", "./connector/broadcast-channel-listener-factory.js", "./connector/http-listener-factory.js", "./connector/http-stateless-connector-factory.js", "./connector/inpage-connector-factory.js", "./connector/inpage-listener-factory.js", "./connector/websocket-connector-factory.js", "./connector/websocket-listener-factory.js", "./delivery/at-least-once-delivery-policy-factory.js", "./delivery/at-most-once-delivery-policy-factory.js", "./delivery/delivery-profile-factory.js", "./fabric/in-process-fame-fabric-factory.js", "./node/admission/admission-profile-factory.js", "./node/admission/direct-admission-client-factory.js", "./node/admission/noop-admission-client-factory.js", "./node/admission/welcome-service-client-factory.js", "./node/default-node-identity-policy-factory.js", "./node/node-factory.js", "./node/node-identity-policy-profile-factory.js", "./node/token-subject-node-identity-policy-factory.js", "./placement/static-node-placement-strategy-factory.js", "./security/auth/bearer-token-header-auth-injection-strategy-factory.js", "./security/auth/default-authorizer-factory.js", "./security/auth/jwks-jwt-token-verifier-factory.js", "./security/auth/jwt-token-issuer-factory.js", "./security/auth/jwt-token-verifier-factory.js", "./security/auth/no-auth-injection-strategy-factory.js", "./security/auth/none-token-provider-factory.js", "./security/auth/noop-authorizer-factory.js", "./security/auth/noop-token-issuer-factory.js", "./security/auth/noop-token-verifier-factory.js", "./security/auth/oauth2-authorizer-factory.js", "./security/auth/oauth2-client-credentials-token-provider-factory.js", "./security/auth/oauth2-pkce-token-provider-factory.js", "./security/auth/query-param-auth-injection-strategy-factory.js", "./security/auth/shared-secret-authorizer-factory.js", "./security/auth/shared-secret-token-provider-factory.js", "./security/auth/shared-secret-token-verifier-factory.js", "./security/auth/static-token-provider-factory.js", "./security/auth/websocket-subprotocol-auth-injection-strategy-factory.js", "./security/credential/dev-fixed-key-credential-provider-factory.js", "./security/credential/env-credential-provider-factory.js", "./security/credential/none-credential-provider-factory.js", "./security/credential/prompt-credential-provider-factory.js", "./security/credential/secret-store-credential-provider-factory.js", "./security/credential/session-key-credential-provider-factory.js", "./security/credential/static-credential-provider-factory.js", "./security/default-security-manager-factory.js", "./security/encryption/noop-encryption-manager-factory.js", "./security/encryption/noop-secure-channel-manager-factory.js", "./security/keys/default-key-manager-factory.js", "./security/keys/in-memory-key-store-factory.js", "./security/keys/noop-key-validator-factory.js", "./security/node-security-profile-factory.js", "./security/policy/default-security-policy-factory.js", "./security/policy/no-security-policy-factory.js", "./security/signing/eddsa-envelope-signer-factory.js", "./security/signing/eddsa-envelope-verifier-factory.js", "./security/trust-store/noop-trust-store-provider-factory.js", "./sentinel/capability-aware-routing-policy-factory.js", "./sentinel/composite-routing-policy-factory.js", "./sentinel/hybrid-path-routing-policy-factory.js", "./sentinel/load-balancing/composite-load-balancing-strategy-factory.js", "./sentinel/load-balancing/hrw-load-balancing-strategy-factory.js", "./sentinel/load-balancing/load-balancing-profile-factory.js", "./sentinel/load-balancing/random-load-balancing-strategy-factory.js", "./sentinel/load-balancing/round-robin-load-balancing-strategy-factory.js", "./sentinel/load-balancing/sticky-load-balancing-strategy-factory.js", "./sentinel/routing-profile-factory.js", "./sentinel/sentinel-factory.js", "./sentinel/store/route-store-factory.js", "./stickiness/simple-load-balancer-stickiness-manager-factory.js", "./telemetry/noop-trace-emitter-factory.js", "./telemetry/open-telemetry-trace-emitter-factory.js", "./telemetry/trace-emitter-profile-factory.js", "./welcome/default-welcome-service-factory.js"];
|
|
8
8
|
export type FactoryModuleSpec = (typeof MODULES)[number];
|
|
9
9
|
export type FactoryModuleLoader = () => Promise<Record<string, unknown>>;
|
|
10
10
|
export declare const MODULE_LOADERS: Record<FactoryModuleSpec, FactoryModuleLoader>;
|
|
@@ -10,6 +10,6 @@ export declare const FACTORY_META: {
|
|
|
10
10
|
};
|
|
11
11
|
export declare class AdmissionProfileFactory extends AdmissionClientFactory<AdmissionProfileConfig> {
|
|
12
12
|
readonly type = "AdmissionProfile";
|
|
13
|
-
create(config?: AdmissionProfileConfig | Record<string, unknown> | null): Promise<AdmissionClient>;
|
|
13
|
+
create(config?: AdmissionProfileConfig | Record<string, unknown> | null, ...factoryArgs: unknown[]): Promise<AdmissionClient>;
|
|
14
14
|
}
|
|
15
15
|
export default AdmissionProfileFactory;
|
|
@@ -11,6 +11,6 @@ export declare const FACTORY_META: {
|
|
|
11
11
|
};
|
|
12
12
|
export declare class DirectAdmissionClientFactory extends AdmissionClientFactory<DirectAdmissionClientConfig> {
|
|
13
13
|
readonly type = "DirectAdmissionClient";
|
|
14
|
-
create(config?: DirectAdmissionClientConfig | Record<string, unknown> | null): Promise<AdmissionClient>;
|
|
14
|
+
create(config?: DirectAdmissionClientConfig | Record<string, unknown> | null, ...factoryArgs: unknown[]): Promise<AdmissionClient>;
|
|
15
15
|
}
|
|
16
16
|
export default DirectAdmissionClientFactory;
|
|
@@ -1,15 +1,18 @@
|
|
|
1
1
|
import { type FameEnvelopeWith, type NodeWelcomeFrame } from '@naylence/core';
|
|
2
2
|
import type { AdmissionClient } from './admission-client.js';
|
|
3
|
+
import type { NodeIdentityPolicy } from '../node-identity-policy.js';
|
|
3
4
|
export interface DirectAdmissionClientOptions {
|
|
4
5
|
readonly connectionGrants?: Array<Record<string, unknown>>;
|
|
5
6
|
readonly connection_grants?: Array<Record<string, unknown>>;
|
|
6
7
|
readonly ttlSec?: number | null;
|
|
7
8
|
readonly ttl_sec?: number | null;
|
|
9
|
+
readonly nodeIdentityPolicy?: NodeIdentityPolicy;
|
|
8
10
|
}
|
|
9
11
|
export declare class DirectAdmissionClient implements AdmissionClient {
|
|
10
12
|
readonly hasUpstream = true;
|
|
11
13
|
private readonly connectionGrants;
|
|
12
14
|
private readonly ttlSec;
|
|
15
|
+
private readonly nodeIdentityPolicy?;
|
|
13
16
|
constructor(options: DirectAdmissionClientOptions);
|
|
14
17
|
hello(systemId: string, instanceId: string, requestedLogicals?: string[]): Promise<FameEnvelopeWith<NodeWelcomeFrame>>;
|
|
15
18
|
close(): Promise<void>;
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import { NodeIdentityPolicyFactory, type NodeIdentityPolicyConfig } from './node-identity-policy-factory.js';
|
|
2
|
+
import type { NodeIdentityPolicy } from './node-identity-policy.js';
|
|
3
|
+
export interface DefaultNodeIdentityPolicyConfig extends NodeIdentityPolicyConfig {
|
|
4
|
+
type: 'DefaultNodeIdentityPolicy';
|
|
5
|
+
}
|
|
6
|
+
export declare const FACTORY_META: {
|
|
7
|
+
readonly base: "NodeIdentityPolicyFactory";
|
|
8
|
+
readonly key: "DefaultNodeIdentityPolicy";
|
|
9
|
+
};
|
|
10
|
+
export declare class DefaultNodeIdentityPolicyFactory extends NodeIdentityPolicyFactory<DefaultNodeIdentityPolicyConfig> {
|
|
11
|
+
readonly type = "DefaultNodeIdentityPolicy";
|
|
12
|
+
readonly isDefault = true;
|
|
13
|
+
create(_config?: DefaultNodeIdentityPolicyConfig | Record<string, unknown> | null): Promise<NodeIdentityPolicy>;
|
|
14
|
+
}
|
|
15
|
+
export default DefaultNodeIdentityPolicyFactory;
|
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
import type { InitialIdentityContext, NodeIdentityPolicy, NodeIdentityPolicyContext } from './node-identity-policy.js';
|
|
2
|
+
export declare class DefaultNodeIdentityPolicy implements NodeIdentityPolicy {
|
|
3
|
+
resolveInitialNodeId(context: InitialIdentityContext): Promise<string>;
|
|
4
|
+
resolveAdmissionNodeId(context: NodeIdentityPolicyContext): Promise<string>;
|
|
5
|
+
}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import type { AdmissionClient } from './admission/admission-client.js';
|
|
2
|
+
import type { NodeIdentityPolicy } from './node-identity-policy.js';
|
|
2
3
|
import { DefaultNodeAttachClient } from './admission/default-node-attach-client.js';
|
|
3
4
|
import type { FameNodeConfig } from './node-config.js';
|
|
4
5
|
import type { NodeEventListener } from './node-event-listener.js';
|
|
@@ -38,5 +39,6 @@ export interface CommonNodeComponents {
|
|
|
38
39
|
eventListeners: NodeEventListener[];
|
|
39
40
|
transportListeners: TransportListener[];
|
|
40
41
|
traceEmitter: TraceEmitter | null;
|
|
42
|
+
identityPolicy?: NodeIdentityPolicy;
|
|
41
43
|
}
|
|
42
44
|
export declare function makeCommonOptions(config: FameNodeConfig, rawConfig?: Record<string, unknown> | null): Promise<CommonNodeComponents>;
|
|
@@ -19,3 +19,10 @@ export * from './fame-environment-context.js';
|
|
|
19
19
|
export * from './session-manager.js';
|
|
20
20
|
export * from './upstream-session-manager.js';
|
|
21
21
|
export * from './root-session-manager.js';
|
|
22
|
+
export * from './node-identity-policy.js';
|
|
23
|
+
export * from './node-identity-policy-factory.js';
|
|
24
|
+
export * from './default-node-identity-policy.js';
|
|
25
|
+
export { DefaultNodeIdentityPolicyFactory, DefaultNodeIdentityPolicyConfig, } from './default-node-identity-policy-factory.js';
|
|
26
|
+
export * from './token-subject-node-identity-policy.js';
|
|
27
|
+
export { TokenSubjectNodeIdentityPolicyFactory, TokenSubjectNodeIdentityPolicyConfig, } from './token-subject-node-identity-policy-factory.js';
|
|
28
|
+
export { NodeIdentityPolicyProfileFactory, NodeIdentityPolicyProfileConfig, } from './node-identity-policy-profile-factory.js';
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import type { AdmissionConfig } from './admission/admission-client-factory.js';
|
|
2
|
+
import type { NodeIdentityPolicyConfig } from './node-identity-policy-factory.js';
|
|
2
3
|
import type { NodeLikeConfig } from './node-like-factory.js';
|
|
3
4
|
import type { DeliveryPolicyConfig } from '../delivery/delivery-policy-config.js';
|
|
4
5
|
import type { TransportListenerConfig } from '../connector/transport-listener-config.js';
|
|
@@ -27,5 +28,6 @@ export type FameNodeConfig = NodeLikeConfig & {
|
|
|
27
28
|
attachmentKeyValidator?: AttachmentKeyValidatorConfig | Record<string, unknown> | null;
|
|
28
29
|
telemetry?: TraceEmitterConfig | Record<string, unknown> | null;
|
|
29
30
|
requestedCapabilities?: string[];
|
|
31
|
+
identityPolicy?: NodeIdentityPolicyConfig | Record<string, unknown> | null;
|
|
30
32
|
};
|
|
31
33
|
export declare function normalizeFameNodeConfig(input?: Partial<FameNodeConfig> | Record<string, unknown> | null): FameNodeConfig;
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import type { CreateResourceOptions, ResourceConfig } from '@naylence/factory';
|
|
2
|
+
import { AbstractResourceFactory } from '@naylence/factory';
|
|
3
|
+
import type { NodeIdentityPolicy } from './node-identity-policy.js';
|
|
4
|
+
export declare const NODE_IDENTITY_POLICY_FACTORY_BASE_TYPE = "NodeIdentityPolicyFactory";
|
|
5
|
+
export interface NodeIdentityPolicyConfig extends ResourceConfig {
|
|
6
|
+
type: string;
|
|
7
|
+
[key: string]: unknown;
|
|
8
|
+
}
|
|
9
|
+
export declare abstract class NodeIdentityPolicyFactory<C extends NodeIdentityPolicyConfig = NodeIdentityPolicyConfig> extends AbstractResourceFactory<NodeIdentityPolicy, C> {
|
|
10
|
+
abstract create(config?: C | Record<string, unknown> | null, ...factoryArgs: unknown[]): Promise<NodeIdentityPolicy>;
|
|
11
|
+
static createNodeIdentityPolicy<C extends NodeIdentityPolicyConfig = NodeIdentityPolicyConfig>(config?: C | Record<string, unknown> | null, options?: CreateResourceOptions): Promise<NodeIdentityPolicy>;
|
|
12
|
+
}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import { NodeIdentityPolicyFactory, type NodeIdentityPolicyConfig } from './node-identity-policy-factory.js';
|
|
2
|
+
import type { NodeIdentityPolicy } from './node-identity-policy.js';
|
|
3
|
+
export interface NodeIdentityPolicyProfileConfig extends NodeIdentityPolicyConfig {
|
|
4
|
+
type: 'NodeIdentityPolicyProfile';
|
|
5
|
+
profile?: string | null;
|
|
6
|
+
}
|
|
7
|
+
export declare const FACTORY_META: {
|
|
8
|
+
readonly base: "NodeIdentityPolicyFactory";
|
|
9
|
+
readonly key: "NodeIdentityPolicyProfile";
|
|
10
|
+
};
|
|
11
|
+
export declare class NodeIdentityPolicyProfileFactory extends NodeIdentityPolicyFactory<NodeIdentityPolicyProfileConfig> {
|
|
12
|
+
readonly type = "NodeIdentityPolicyProfile";
|
|
13
|
+
create(config?: NodeIdentityPolicyProfileConfig | Record<string, unknown> | null): Promise<NodeIdentityPolicy>;
|
|
14
|
+
}
|
|
15
|
+
export default NodeIdentityPolicyProfileFactory;
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
import type { AuthIdentity } from '../security/auth/auth-identity.js';
|
|
2
|
+
export interface NodeIdentityPolicyContext {
|
|
3
|
+
/**
|
|
4
|
+
* The node ID determined so far (e.g. provided by caller, or generated
|
|
5
|
+
* via fingerprint/random).
|
|
6
|
+
*/
|
|
7
|
+
currentNodeId: string;
|
|
8
|
+
identities: AuthIdentity[];
|
|
9
|
+
grants?: Record<string, any>[];
|
|
10
|
+
}
|
|
11
|
+
export interface InitialIdentityContext {
|
|
12
|
+
readonly configuredId?: string | null;
|
|
13
|
+
readonly persistedId?: string | null;
|
|
14
|
+
}
|
|
15
|
+
export interface NodeIdentityPolicy {
|
|
16
|
+
/**
|
|
17
|
+
* Determines the initial node ID for the node.
|
|
18
|
+
* This is called during node initialization, before any admission attempts.
|
|
19
|
+
*/
|
|
20
|
+
resolveInitialNodeId(context: InitialIdentityContext): Promise<string>;
|
|
21
|
+
/**
|
|
22
|
+
* Optionally adjusts the node ID based on the provided context.
|
|
23
|
+
* Returns the final node ID to use.
|
|
24
|
+
*/
|
|
25
|
+
resolveAdmissionNodeId(context: NodeIdentityPolicyContext): Promise<string>;
|
|
26
|
+
}
|
|
@@ -19,8 +19,10 @@ import { CryptoProvider } from '../security/index.js';
|
|
|
19
19
|
* routing, and service invocation.
|
|
20
20
|
*/
|
|
21
21
|
export interface NodeLike {
|
|
22
|
-
/** Unique node identifier */
|
|
22
|
+
/** Unique node identifier (confirmed) */
|
|
23
23
|
readonly id: string;
|
|
24
|
+
/** Provisional node identifier (used during bootstrapping) */
|
|
25
|
+
readonly provisionalId: string;
|
|
24
26
|
/** System identifier (may be null for standalone nodes) */
|
|
25
27
|
readonly sid: string | null;
|
|
26
28
|
/** Physical path in the Fame network hierarchy */
|
|
@@ -42,7 +42,8 @@ export interface FameNodeOptions {
|
|
|
42
42
|
}
|
|
43
43
|
type FameNodeOptionsInput = FameNodeOptions & Record<string, unknown>;
|
|
44
44
|
export declare class FameNode extends TaskSpawner implements NodeLike {
|
|
45
|
-
private
|
|
45
|
+
private _provisionalId;
|
|
46
|
+
private _confirmedId;
|
|
46
47
|
private _sid;
|
|
47
48
|
private _physicalPath;
|
|
48
49
|
private _acceptedLogicals;
|
|
@@ -76,6 +77,7 @@ export declare class FameNode extends TaskSpawner implements NodeLike {
|
|
|
76
77
|
private initializeRootSessionManager;
|
|
77
78
|
private initializeUpstreamSessionManager;
|
|
78
79
|
private handleInboundFromUpstream;
|
|
80
|
+
private confirmIdentity;
|
|
79
81
|
private handleWelcome;
|
|
80
82
|
private handleAttach;
|
|
81
83
|
private handleEpochChange;
|
|
@@ -84,6 +86,7 @@ export declare class FameNode extends TaskSpawner implements NodeLike {
|
|
|
84
86
|
private handleDeliveryAck;
|
|
85
87
|
protected onDeliveryNack(frame: DeliveryAckFrame, envelope: FameEnvelope, _context?: FameDeliveryContext): Promise<void>;
|
|
86
88
|
get id(): string;
|
|
89
|
+
get provisionalId(): string;
|
|
87
90
|
get sid(): string | null;
|
|
88
91
|
get physicalPath(): string;
|
|
89
92
|
get acceptedLogicals(): Set<string>;
|
|
@@ -61,7 +61,6 @@ export declare class RootSessionManager extends TaskSpawner implements SessionMa
|
|
|
61
61
|
private startExpiryGuard;
|
|
62
62
|
private waitForExpiryOrStop;
|
|
63
63
|
private expiryGuard;
|
|
64
|
-
private initializeRootIdentityIfNeeded;
|
|
65
64
|
private consumeTask;
|
|
66
65
|
private waitForAbort;
|
|
67
66
|
private waitWithTimeout;
|
|
@@ -32,6 +32,8 @@ export declare class RPCClientManager {
|
|
|
32
32
|
private rpcBound;
|
|
33
33
|
private trackerEventHandler;
|
|
34
34
|
private trackerWithEvents;
|
|
35
|
+
private boundPhysicalPath;
|
|
36
|
+
private rpcRecipient;
|
|
35
37
|
constructor(getPhysicalPath: () => string, getId: () => string, deliverWrapper: DeliverWrapper, envelopeFactory: EnvelopeFactory, listenCallback: ListenCallback, deliveryTracker?: StreamCapableDeliveryTracker | undefined);
|
|
36
38
|
private setupTrackerEventHandler;
|
|
37
39
|
invoke(optionsInput: InvokeOptionsInput): Promise<unknown>;
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
import { NodeIdentityPolicyFactory, type NodeIdentityPolicyConfig } from './node-identity-policy-factory.js';
|
|
2
|
+
import type { NodeIdentityPolicy } from './node-identity-policy.js';
|
|
3
|
+
export interface TokenSubjectNodeIdentityPolicyConfig extends NodeIdentityPolicyConfig {
|
|
4
|
+
type: 'TokenSubjectNodeIdentityPolicy';
|
|
5
|
+
}
|
|
6
|
+
export declare const FACTORY_META: {
|
|
7
|
+
readonly base: "NodeIdentityPolicyFactory";
|
|
8
|
+
readonly key: "TokenSubjectNodeIdentityPolicy";
|
|
9
|
+
};
|
|
10
|
+
export declare class TokenSubjectNodeIdentityPolicyFactory extends NodeIdentityPolicyFactory<TokenSubjectNodeIdentityPolicyConfig> {
|
|
11
|
+
readonly type = "TokenSubjectNodeIdentityPolicy";
|
|
12
|
+
create(_config?: TokenSubjectNodeIdentityPolicyConfig | Record<string, unknown> | null): Promise<NodeIdentityPolicy>;
|
|
13
|
+
}
|
|
14
|
+
export default TokenSubjectNodeIdentityPolicyFactory;
|
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
import type { InitialIdentityContext, NodeIdentityPolicy, NodeIdentityPolicyContext } from './node-identity-policy.js';
|
|
2
|
+
export declare class TokenSubjectNodeIdentityPolicy implements NodeIdentityPolicy {
|
|
3
|
+
resolveInitialNodeId(context: InitialIdentityContext): Promise<string>;
|
|
4
|
+
resolveAdmissionNodeId(context: NodeIdentityPolicyContext): Promise<string>;
|
|
5
|
+
}
|
|
@@ -56,6 +56,7 @@ export declare class UpstreamSessionManager extends TaskSpawner implements Sessi
|
|
|
56
56
|
private readonly wrappedHandler;
|
|
57
57
|
private readonly readyEvent;
|
|
58
58
|
private readonly stopEvent;
|
|
59
|
+
private readonly wakeEvent;
|
|
59
60
|
private readonly queueEvent;
|
|
60
61
|
private currentStopSubtasks;
|
|
61
62
|
private readonly messageQueue;
|
|
@@ -67,8 +68,11 @@ export declare class UpstreamSessionManager extends TaskSpawner implements Sessi
|
|
|
67
68
|
private hadSuccessfulAttach;
|
|
68
69
|
private lastConnectorState;
|
|
69
70
|
private connectEpoch;
|
|
71
|
+
private _visibilityHandler;
|
|
70
72
|
constructor(optionsInput: UpstreamSessionManagerOptionsInput);
|
|
71
73
|
get systemId(): string | null;
|
|
74
|
+
private setupVisibilityListener;
|
|
75
|
+
private teardownVisibilityListener;
|
|
72
76
|
start(options?: {
|
|
73
77
|
waitUntilReady?: boolean;
|
|
74
78
|
}): Promise<void>;
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import type { TokenProvider } from './token-provider.js';
|
|
2
|
+
import type { TokenProviderConfig } from './token-provider-factory.js';
|
|
3
|
+
export interface MaterializableTokenProvider extends TokenProvider {
|
|
4
|
+
/**
|
|
5
|
+
* Performs any necessary work to obtain a token (e.g. PKCE flow) and returns
|
|
6
|
+
* a configuration for a TokenProvider that can supply that token statically.
|
|
7
|
+
*
|
|
8
|
+
* Returns undefined if materialization is not possible or not necessary.
|
|
9
|
+
*/
|
|
10
|
+
materialize(): Promise<TokenProviderConfig | undefined>;
|
|
11
|
+
}
|
|
12
|
+
export declare function isMaterializableTokenProvider(candidate: unknown): candidate is MaterializableTokenProvider;
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { type CredentialProvider } from '../credential/credential-provider.js';
|
|
2
2
|
import type { Token } from './token.js';
|
|
3
|
-
import type {
|
|
3
|
+
import type { TokenProviderConfig } from './token-provider-factory.js';
|
|
4
|
+
import type { MaterializableTokenProvider } from './materializable-token-provider.js';
|
|
4
5
|
interface FetchLike {
|
|
5
6
|
(input: RequestInfo | URL, init?: RequestInit): Promise<Response>;
|
|
6
7
|
}
|
|
@@ -23,10 +24,11 @@ export interface OAuth2PkceTokenProviderOptions {
|
|
|
23
24
|
export declare class OAuth2PkceRedirectInitiatedError extends Error {
|
|
24
25
|
constructor(message?: string);
|
|
25
26
|
}
|
|
26
|
-
export declare class OAuth2PkceTokenProvider implements
|
|
27
|
+
export declare class OAuth2PkceTokenProvider implements MaterializableTokenProvider {
|
|
27
28
|
private cachedToken;
|
|
28
29
|
private readonly options;
|
|
29
30
|
constructor(rawOptions: OAuth2PkceTokenProviderOptions | Record<string, unknown>);
|
|
31
|
+
materialize(): Promise<TokenProviderConfig | undefined>;
|
|
30
32
|
getToken(): Promise<Token>;
|
|
31
33
|
private isTokenFresh;
|
|
32
34
|
private beginBrowserAuthorization;
|
|
@@ -1,13 +1,15 @@
|
|
|
1
1
|
import type { Token } from './token.js';
|
|
2
|
-
import type {
|
|
2
|
+
import type { IdentityExposingTokenProvider } from './token-provider.js';
|
|
3
|
+
import type { AuthIdentity } from './auth-identity.js';
|
|
3
4
|
export interface StaticTokenProviderOptions {
|
|
4
5
|
token: string;
|
|
5
6
|
expiresAt?: number | string | Date | null;
|
|
6
7
|
}
|
|
7
8
|
type StaticTokenProviderOptionsInput = StaticTokenProviderOptions | string | (StaticTokenProviderOptions & Record<string, unknown>) | Record<string, unknown>;
|
|
8
|
-
export declare class StaticTokenProvider implements
|
|
9
|
+
export declare class StaticTokenProvider implements IdentityExposingTokenProvider {
|
|
9
10
|
private readonly token;
|
|
10
11
|
constructor(input: StaticTokenProviderOptionsInput);
|
|
11
12
|
getToken(): Promise<Token>;
|
|
13
|
+
getIdentity(): Promise<AuthIdentity | undefined>;
|
|
12
14
|
}
|
|
13
15
|
export {};
|
|
@@ -1,5 +1,10 @@
|
|
|
1
1
|
import type { Token } from './token.js';
|
|
2
|
+
import type { AuthIdentity } from './auth-identity.js';
|
|
2
3
|
export interface TokenProvider {
|
|
3
4
|
getToken(): Promise<Token>;
|
|
4
5
|
}
|
|
6
|
+
export interface IdentityExposingTokenProvider extends TokenProvider {
|
|
7
|
+
getIdentity(): Promise<AuthIdentity | undefined>;
|
|
8
|
+
}
|
|
5
9
|
export declare function isTokenProvider(candidate: unknown): candidate is TokenProvider;
|
|
10
|
+
export declare function isIdentityExposingTokenProvider(candidate: unknown): candidate is IdentityExposingTokenProvider;
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
export * from './auth/authorizer.js';
|
|
2
|
+
export * from './auth/auth-identity.js';
|
|
2
3
|
export { AUTHORIZER_FACTORY_BASE_TYPE, AuthorizerFactory, } from './auth/authorizer-factory.js';
|
|
3
4
|
export type * from './auth/authorizer-factory.js';
|
|
4
5
|
export * from './auth/auth-injection-strategy.js';
|
package/dist/types/version.d.ts
CHANGED