npm - @objectstack/service-datasource - Versions diffs - 7.6.0 - Mend

@objectstack/service-datasource 7.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (37) hide show

package/.turbo/turbo-build.log +28 -0
package/CHANGELOG.md +94 -0
package/LICENSE +202 -0
package/LICENSE.apache +202 -0
package/README.md +50 -0
package/dist/contracts/index.cjs +1 -0
package/dist/contracts/index.cjs.map +1 -0
package/dist/contracts/index.d.cts +178 -0
package/dist/contracts/index.d.ts +178 -0
package/dist/contracts/index.js +1 -0
package/dist/contracts/index.js.map +1 -0
package/dist/index.cjs +995 -0
package/dist/index.cjs.map +1 -0
package/dist/index.d.cts +414 -0
package/dist/index.d.ts +414 -0
package/dist/index.js +995 -0
package/dist/index.js.map +1 -0
package/package.json +61 -0
package/src/__tests__/admin-routes.test.ts +106 -0
package/src/__tests__/datasource-admin-plugin.test.ts +231 -0
package/src/__tests__/datasource-admin-service.test.ts +288 -0
package/src/__tests__/datasource-secret-binder.test.ts +101 -0
package/src/__tests__/external-datasource-service.test.ts +360 -0
package/src/admin-routes.ts +117 -0
package/src/contracts/datasource-admin-service.ts +119 -0
package/src/contracts/datasource-driver-factory.ts +77 -0
package/src/contracts/index.ts +18 -0
package/src/datasource-admin-plugin.ts +362 -0
package/src/datasource-admin-service.ts +297 -0
package/src/datasource-secret-binder.ts +144 -0
package/src/default-datasource-driver-factory.ts +185 -0
package/src/external-datasource-service.ts +456 -0
package/src/index.ts +73 -0
package/src/logger.ts +11 -0
package/src/plugin.ts +119 -0
package/tsconfig.json +17 -0
package/tsup.config.ts +19 -0

package/src/__tests__/datasource-admin-service.test.ts ADDED Viewed

@@ -0,0 +1,288 @@
+// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.
+import { describe, it, expect } from 'vitest';
+import {
+  DatasourceAdminService,
+  type DatasourceAdminServiceConfig,
+  type StoredDatasource,
+  type ProbeInput,
+} from '../datasource-admin-service.js';
+/**
+ * In-memory harness: an editable record store + secret store, with probe and
+ * bound-object count stubbable per test. Records what was probed/written so
+ * tests can assert credentials never leak into the persisted record.
+ */
+function makeHarness(opts?: {
+  seed?: StoredDatasource[];
+  probe?: (input: ProbeInput) => Promise<{ ok: boolean; error?: string; latencyMs?: number }>;
+  boundCounts?: Record<string, number>;
+}) {
+  // Flat list, not a name-keyed map: in production `listDatasourceRecords`
+  // merges artefact (code) records with runtime-store records, so the same
+  // name can legitimately appear twice (a runtime row shadowed by a code one).
+  const records: StoredDatasource[] = (opts?.seed ?? []).map((r) => ({ ...r }));
+  /** Resolve the effective record for a name (code wins over runtime). */
+  const findEffective = (n: string) =>
+    records.find((r) => r.name === n && r.origin !== 'runtime') ??
+    records.find((r) => r.name === n);
+  const secrets = new Map<string, { value: string; namespace?: string; key?: string }>();
+  let secretSeq = 0;
+  const probed: ProbeInput[] = [];
+  const registered: string[] = [];
+  const unregistered: string[] = [];
+  const removedSecrets: string[] = [];
+  const config: DatasourceAdminServiceConfig = {
+    probe: async (input) => {
+      probed.push(input);
+      return (opts?.probe ?? (async () => ({ ok: true, latencyMs: 3 })))(input);
+    },
+    listDatasourceRecords: async () => records.map((r) => ({ ...r })),
+    getDatasourceRecord: async (n) => {
+      const r = findEffective(n);
+      return r ? { ...r } : undefined;
+    },
+    putDatasourceRecord: async (record) => {
+      const idx = records.findIndex((r) => r.name === record.name && r.origin === 'runtime');
+      if (idx >= 0) records[idx] = { ...record };
+      else records.push({ ...record });
+    },
+    deleteDatasourceRecord: async (n) => {
+      const idx = records.findIndex((r) => r.name === n && r.origin === 'runtime');
+      if (idx >= 0) records.splice(idx, 1);
+    },
+    writeSecret: async (input, hint) => {
+      const ref = `sys_secret://datasource/${input.key ?? hint.name}#${++secretSeq}`;
+      secrets.set(ref, { value: input.value, namespace: input.namespace, key: input.key });
+      return ref;
+    },
+    removeSecret: async (ref) => {
+      removedSecrets.push(ref);
+      secrets.delete(ref);
+    },
+    countBoundObjects: async (n) => opts?.boundCounts?.[n] ?? 0,
+    registerPool: (record) => {
+      registered.push(record.name);
+    },
+    unregisterPool: (name) => {
+      unregistered.push(name);
+    },
+  };
+  const service = new DatasourceAdminService(config);
+  // Thin accessor over the flat record list, runtime-preferring (tests assert
+  // on the persisted runtime row, e.g. after create/update).
+  const store = {
+    get: (n: string) =>
+      records.find((r) => r.name === n && r.origin === 'runtime') ??
+      records.find((r) => r.name === n),
+    has: (n: string) => records.some((r) => r.name === n),
+    get size() {
+      return records.length;
+    },
+  };
+  return { service, store, secrets, probed, registered, unregistered, removedSecrets };
+}
+describe('listDatasources', () => {
+  it('reports origin + dedupes by name (code wins, flags shadowed runtime)', async () => {
+    const { service } = makeHarness({
+      seed: [
+        { name: 'crm_primary', driver: 'sqlite', origin: 'code', definedIn: '@example/crm' },
+        { name: 'crm_primary', driver: 'postgres', origin: 'runtime' },
+        { name: 'reporting', driver: 'postgres', schemaMode: 'external', origin: 'runtime' },
+      ],
+    });
+    const list = await service.listDatasources();
+    const crm = list.find((d) => d.name === 'crm_primary')!;
+    const reporting = list.find((d) => d.name === 'reporting')!;
+    expect(list).toHaveLength(2);
+    expect(crm.origin).toBe('code');
+    expect(crm.driver).toBe('sqlite'); // code wins over the runtime row
+    expect(crm.definedIn).toBe('@example/crm');
+    expect(crm.conflictsWithCode).toBe(true);
+    expect(reporting.origin).toBe('runtime');
+    expect(reporting.schemaMode).toBe('external');
+    expect(reporting.conflictsWithCode).toBeUndefined();
+  });
+});
+describe('testConnection', () => {
+  it('probes with the cleartext secret without persisting anything', async () => {
+    const { service, store, probed } = makeHarness();
+    const res = await service.testConnection(
+      { name: 'tmp', driver: 'postgres', config: { host: 'db.internal' } },
+      { value: 's3cret' },
+    );
+    expect(res.ok).toBe(true);
+    expect(probed[0].secret).toBe('s3cret');
+    expect(store.size).toBe(0); // nothing saved
+  });
+  it('returns ok:false when no driver is supplied', async () => {
+    const { service } = makeHarness();
+    const res = await service.testConnection({ name: 'x', driver: '' });
+    expect(res.ok).toBe(false);
+    expect(res.error).toMatch(/driver is required/i);
+  });
+  it('captures a thrown probe error as ok:false', async () => {
+    const { service } = makeHarness({
+      probe: async () => {
+        throw new Error('ECONNREFUSED');
+      },
+    });
+    const res = await service.testConnection({ name: 'x', driver: 'postgres' });
+    expect(res.ok).toBe(false);
+    expect(res.error).toMatch(/ECONNREFUSED/);
+  });
+});
+describe('createDatasource', () => {
+  it('persists a runtime record and stores the secret as an opaque ref only', async () => {
+    const { service, store, secrets } = makeHarness();
+    const summary = await service.createDatasource(
+      {
+        name: 'reporting',
+        driver: 'postgres',
+        schemaMode: 'external',
+        config: { host: 'db.internal', database: 'analytics' },
+        external: { allowWrites: false },
+      },
+      { value: 'postgres://user:pw@db.internal/analytics' },
+    );
+    expect(summary.origin).toBe('runtime');
+    const rec = store.get('reporting')!;
+    expect(rec.origin).toBe('runtime');
+    // credential is referenced, never inlined
+    expect(rec.external?.credentialsRef).toBeTruthy();
+    expect(JSON.stringify(rec)).not.toContain('postgres://');
+    expect(JSON.stringify(rec)).not.toContain('pw@');
+    expect(secrets.size).toBe(1);
+  });
+  it('hot-registers the pool after create', async () => {
+    const { service, registered } = makeHarness();
+    await service.createDatasource({ name: 'reporting', driver: 'postgres' });
+    expect(registered).toContain('reporting');
+  });
+  it('rejects a name owned by a code-defined datasource', async () => {
+    const { service } = makeHarness({
+      seed: [{ name: 'crm_primary', driver: 'sqlite', origin: 'code' }],
+    });
+    await expect(
+      service.createDatasource({ name: 'crm_primary', driver: 'postgres' }),
+    ).rejects.toThrow(/code-defined/i);
+  });
+  it('rejects a duplicate runtime name', async () => {
+    const { service } = makeHarness({
+      seed: [{ name: 'reporting', driver: 'postgres', origin: 'runtime' }],
+    });
+    await expect(
+      service.createDatasource({ name: 'reporting', driver: 'postgres' }),
+    ).rejects.toThrow(/already exists/i);
+  });
+  it('rejects an invalid name', async () => {
+    const { service } = makeHarness();
+    await expect(
+      service.createDatasource({ name: 'Bad-Name', driver: 'postgres' }),
+    ).rejects.toThrow(/must match/i);
+  });
+});
+describe('updateDatasource', () => {
+  it('patches a runtime record and rewraps the secret, removing the old ref', async () => {
+    const { service, store, secrets, removedSecrets } = makeHarness({
+      seed: [
+        {
+          name: 'reporting',
+          driver: 'postgres',
+          origin: 'runtime',
+          external: { credentialsRef: 'sys_secret://datasource/reporting#0' },
+        },
+      ],
+    });
+    secrets.set('sys_secret://datasource/reporting#0', { value: 'old' });
+    const summary = await service.updateDatasource(
+      'reporting',
+      { label: 'Reporting DB', active: false },
+      { value: 'new-pw' },
+    );
+    expect(summary.label).toBe('Reporting DB');
+    expect(summary.active).toBe(false);
+    const rec = store.get('reporting')!;
+    expect(rec.external?.credentialsRef).not.toBe('sys_secret://datasource/reporting#0');
+    expect(removedSecrets).toContain('sys_secret://datasource/reporting#0');
+  });
+  it('preserves the existing credentialsRef when external is patched without a new secret', async () => {
+    const ref = 'sys_secret://datasource/reporting#0';
+    const { service, store } = makeHarness({
+      seed: [
+        { name: 'reporting', driver: 'postgres', origin: 'runtime', external: { credentialsRef: ref } },
+      ],
+    });
+    await service.updateDatasource('reporting', { external: { allowWrites: true } });
+    expect(store.get('reporting')!.external?.credentialsRef).toBe(ref);
+  });
+  it('rejects editing a code-defined datasource', async () => {
+    const { service } = makeHarness({
+      seed: [{ name: 'crm_primary', driver: 'sqlite', origin: 'code' }],
+    });
+    await expect(
+      service.updateDatasource('crm_primary', { label: 'x' }),
+    ).rejects.toThrow(/code-defined/i);
+  });
+  it('rejects updating a missing datasource', async () => {
+    const { service } = makeHarness();
+    await expect(service.updateDatasource('nope', { label: 'x' })).rejects.toThrow(/not found/i);
+  });
+});
+describe('removeDatasource', () => {
+  it('removes a runtime record, its secret, and the pool', async () => {
+    const ref = 'sys_secret://datasource/reporting#0';
+    const { service, store, removedSecrets, unregistered } = makeHarness({
+      seed: [
+        { name: 'reporting', driver: 'postgres', origin: 'runtime', external: { credentialsRef: ref } },
+      ],
+    });
+    await service.removeDatasource('reporting');
+    expect(store.has('reporting')).toBe(false);
+    expect(removedSecrets).toContain(ref);
+    expect(unregistered).toContain('reporting');
+  });
+  it('refuses to remove while objects are still bound', async () => {
+    const { service, store } = makeHarness({
+      seed: [{ name: 'reporting', driver: 'postgres', origin: 'runtime' }],
+      boundCounts: { reporting: 3 },
+    });
+    await expect(service.removeDatasource('reporting')).rejects.toThrow(/3 object\(s\)/);
+    expect(store.has('reporting')).toBe(true);
+  });
+  it('refuses to remove a code-defined datasource', async () => {
+    const { service } = makeHarness({
+      seed: [{ name: 'crm_primary', driver: 'sqlite', origin: 'code' }],
+    });
+    await expect(service.removeDatasource('crm_primary')).rejects.toThrow(/code-defined/i);
+  });
+  it('rejects removing a missing datasource', async () => {
+    const { service } = makeHarness();
+    await expect(service.removeDatasource('nope')).rejects.toThrow(/not found/i);
+  });
+});

package/src/__tests__/datasource-secret-binder.test.ts ADDED Viewed

@@ -0,0 +1,101 @@
+// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.
+import { describe, it, expect } from 'vitest';
+import type { CryptoContext, CryptoHandle, ICryptoProvider } from '@objectstack/spec/contracts';
+import {
+  createDatasourceSecretBinder,
+  parseCredentialsRef,
+  toCredentialsRef,
+  type SecretStoreEngineLike,
+} from '../datasource-secret-binder.js';
+/**
+ * Minimal AAD-binding crypto fake: ciphertext = base64(`${ns}|${key}::${plain}`).
+ * decrypt() verifies the (namespace,key) AAD matches what encrypt() sealed —
+ * mirroring InMemoryCryptoProvider's guarantee without pulling in node:crypto.
+ */
+function fakeCrypto(): ICryptoProvider {
+  return {
+    async encrypt(plain: string, ctx: CryptoContext): Promise<CryptoHandle> {
+      return {
+        id: 'sec_' + ctx.key,
+        kmsKeyId: 'local:test:v1',
+        alg: 'aes-256-gcm',
+        version: 1,
+        ciphertext: Buffer.from(`${ctx.namespace}|${ctx.key}::${plain}`, 'utf8').toString('base64'),
+      };
+    },
+    async decrypt(handle: CryptoHandle, ctx: CryptoContext): Promise<string> {
+      const raw = Buffer.from(handle.ciphertext, 'base64').toString('utf8');
+      const [aad, plain] = raw.split('::');
+      if (aad !== `${ctx.namespace}|${ctx.key}`) throw new Error('AAD mismatch');
+      return plain;
+    },
+    async rotateKey(handle: CryptoHandle): Promise<CryptoHandle> {
+      return handle;
+    },
+    digest: (plain: string) => 'sha256:' + plain,
+  };
+}
+/** In-memory `sys_secret` store backing the engine surface. */
+function fakeEngine(): SecretStoreEngineLike & { rows: Map<string, any> } {
+  const rows = new Map<string, any>();
+  return {
+    rows,
+    async insert(_object, data) {
+      rows.set(String(data.id), data);
+      return data;
+    },
+    async delete(_object, options) {
+      rows.delete(String(options.where.id));
+      return undefined;
+    },
+    async find(_object, query) {
+      const id = String((query.where as any)?.id);
+      const row = rows.get(id);
+      return row ? [row] : [];
+    },
+  };
+}
+describe('createDatasourceSecretBinder', () => {
+  it('round-trips: bind → credentialsRef → resolve back to cleartext', async () => {
+    const engine = fakeEngine();
+    const binder = createDatasourceSecretBinder({ engine, cryptoProvider: fakeCrypto() });
+    const ref = await binder.bind({ value: 'super-secret-pw' }, { name: 'reporting' });
+    expect(ref).toBe(toCredentialsRef('sec_reporting'));
+    // The persisted row holds only ciphertext — never the cleartext.
+    const row = engine.rows.get('sec_reporting');
+    expect(row.namespace).toBe('datasource');
+    expect(row.key).toBe('reporting');
+    expect(JSON.stringify(row)).not.toContain('super-secret-pw');
+    expect(await binder.resolve(ref)).toBe('super-secret-pw');
+  });
+  it('resolve() returns undefined after unbind (row gone)', async () => {
+    const engine = fakeEngine();
+    const binder = createDatasourceSecretBinder({ engine, cryptoProvider: fakeCrypto() });
+    const ref = await binder.bind({ value: 'pw' }, { name: 'ds1' });
+    await binder.unbind(ref);
+    expect(await binder.resolve(ref)).toBeUndefined();
+  });
+  it('resolve() returns undefined for a foreign / non-sys_secret ref', async () => {
+    const engine = fakeEngine();
+    const binder = createDatasourceSecretBinder({ engine, cryptoProvider: fakeCrypto() });
+    expect(parseCredentialsRef('vault://other/handle')).toBeUndefined();
+    expect(await binder.resolve('vault://other/handle')).toBeUndefined();
+  });
+  it('resolve() degrades to undefined when the engine cannot read', async () => {
+    const engine = fakeEngine();
+    delete (engine as any).find; // older engine surface without a read path
+    const binder = createDatasourceSecretBinder({ engine, cryptoProvider: fakeCrypto() });
+    const ref = await binder.bind({ value: 'pw' }, { name: 'ds1' });
+    expect(await binder.resolve(ref)).toBeUndefined();
+  });
+});