@omen.foundation/node-microservice-runtime 0.1.0

package/.env

@@ -0,0 +1,13 @@
+# Beamable credentials
+CID=1890069218625633
+PID=DE_1934633364747296
+HOST=wss://api.beamable.com/socket
+SECRET=6a24a8a1-f9f1-4e4a-b487-a446896f9b9f
+# Alternatively, you can use a refresh token instead of SECRET
+# REFRESH_TOKEN=
+
+# Optional developer settings
+NAME_PREFIX=
+LOG_LEVEL=info
+WATCH_TOKEN=false
+BEAM_INSTANCE_COUNT=1

package/dist/auth.cjs

@@ -0,0 +1,97 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthManager = void 0;
+const node_crypto_1 = require("node:crypto");
+const node_url_1 = require("node:url");
+const errors_js_1 = require("./errors.js");
+class AuthManager {
+    constructor(env, requester) {
+        this.env = env;
+        this.requester = requester;
+    }
+    async authenticate() {
+        if (this.env.secret) {
+            await this.authenticateWithRealmSecret();
+            return;
+        }
+        if (this.env.refreshToken) {
+            await this.authenticateWithRefreshToken();
+            return;
+        }
+        throw new errors_js_1.AuthenticationError('Neither SECRET nor REFRESH_TOKEN is configured.');
+    }
+    async authenticateWithRealmSecret() {
+        var _a, _b;
+        const nonce = await this.requester.request('get', 'gateway/nonce');
+        if (!(nonce === null || nonce === void 0 ? void 0 : nonce.nonce)) {
+            throw new errors_js_1.AuthenticationError('Gateway did not provide a nonce for authentication.');
+        }
+        const signature = this.calculateRealmSignature((_a = this.env.secret) !== null && _a !== void 0 ? _a : '', nonce.nonce);
+        const body = {
+            cid: this.env.cid,
+            pid: this.env.pid,
+            signature,
+        };
+        const response = await this.requester.request('post', 'gateway/auth', body);
+        if (!response || response.result !== 'ok') {
+            throw new errors_js_1.AuthenticationError(`Realm secret authentication failed with result=${(_b = response === null || response === void 0 ? void 0 : response.result) !== null && _b !== void 0 ? _b : 'unknown'}.`);
+        }
+    }
+    async authenticateWithRefreshToken() {
+        var _a;
+        const accessToken = await this.exchangeRefreshToken();
+        const body = {
+            cid: this.env.cid,
+            pid: this.env.pid,
+            token: accessToken,
+        };
+        const response = await this.requester.request('post', 'gateway/auth', body);
+        if (!response || response.result !== 'ok') {
+            throw new errors_js_1.AuthenticationError(`Refresh-token authentication failed with result=${(_a = response === null || response === void 0 ? void 0 : response.result) !== null && _a !== void 0 ? _a : 'unknown'}.`);
+        }
+    }
+    calculateRealmSignature(secret, nonce) {
+        const hash = (0, node_crypto_1.createHash)('md5');
+        hash.update(secret + nonce, 'utf8');
+        return hash.digest('base64');
+    }
+    async exchangeRefreshToken() {
+        var _a;
+        if (!this.env.refreshToken) {
+            throw new errors_js_1.AuthenticationError('REFRESH_TOKEN missing.');
+        }
+        const baseUrl = this.hostToHttpUrl();
+        const tokenUrl = new node_url_1.URL('/basic/auth/token', baseUrl).toString();
+        const response = await fetch(tokenUrl, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                Accept: 'application/json',
+                'beam-scope': `${this.env.cid}.${this.env.pid}`,
+            },
+            body: JSON.stringify({
+                grant_type: 'refresh_token',
+                refresh_token: this.env.refreshToken,
+            }),
+        });
+        if (!response.ok) {
+            throw new errors_js_1.AuthenticationError(`Failed to retrieve access token. status=${response.status}`);
+        }
+        const payload = (await response.json());
+        if (!payload.access_token) {
+            throw new errors_js_1.AuthenticationError(`Refresh-token exchange failed: ${(_a = payload.error) !== null && _a !== void 0 ? _a : 'unknown error'}`);
+        }
+        return payload.access_token;
+    }
+    hostToHttpUrl() {
+        const host = this.env.host.replace(/\/socket$/, '');
+        if (host.startsWith('wss://')) {
+            return `https://${host.substring('wss://'.length)}`;
+        }
+        if (host.startsWith('ws://')) {
+            return `http://${host.substring('ws://'.length)}`;
+        }
+        return host;
+    }
+}
+exports.AuthManager = AuthManager;

package/dist/auth.d.ts

@@ -0,0 +1,14 @@
+import type { EnvironmentConfig } from './types.js';
+import type { GatewayRequester } from './requester.js';
+export declare class AuthManager {
+    private readonly env;
+    private readonly requester;
+    constructor(env: EnvironmentConfig, requester: GatewayRequester);
+    authenticate(): Promise<void>;
+    private authenticateWithRealmSecret;
+    private authenticateWithRefreshToken;
+    private calculateRealmSignature;
+    private exchangeRefreshToken;
+    private hostToHttpUrl;
+}
+//# sourceMappingURL=auth.d.ts.map

package/dist/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AACpD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAgBvD,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAoB;IACxC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAmB;gBAEjC,GAAG,EAAE,iBAAiB,EAAE,SAAS,EAAE,gBAAgB;IAKzD,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC;YAYrB,2BAA2B;YAiB3B,4BAA4B;IAa1C,OAAO,CAAC,uBAAuB;YAMjB,oBAAoB;IA8BlC,OAAO,CAAC,aAAa;CAUtB"}

package/dist/auth.js

@@ -0,0 +1,93 @@
+import { createHash } from 'node:crypto';
+import { URL } from 'node:url';
+import { AuthenticationError } from './errors.js';
+export class AuthManager {
+    env;
+    requester;
+    constructor(env, requester) {
+        this.env = env;
+        this.requester = requester;
+    }
+    async authenticate() {
+        if (this.env.secret) {
+            await this.authenticateWithRealmSecret();
+            return;
+        }
+        if (this.env.refreshToken) {
+            await this.authenticateWithRefreshToken();
+            return;
+        }
+        throw new AuthenticationError('Neither SECRET nor REFRESH_TOKEN is configured.');
+    }
+    async authenticateWithRealmSecret() {
+        const nonce = await this.requester.request('get', 'gateway/nonce');
+        if (!nonce?.nonce) {
+            throw new AuthenticationError('Gateway did not provide a nonce for authentication.');
+        }
+        const signature = this.calculateRealmSignature(this.env.secret ?? '', nonce.nonce);
+        const body = {
+            cid: this.env.cid,
+            pid: this.env.pid,
+            signature,
+        };
+        const response = await this.requester.request('post', 'gateway/auth', body);
+        if (!response || response.result !== 'ok') {
+            throw new AuthenticationError(`Realm secret authentication failed with result=${response?.result ?? 'unknown'}.`);
+        }
+    }
+    async authenticateWithRefreshToken() {
+        const accessToken = await this.exchangeRefreshToken();
+        const body = {
+            cid: this.env.cid,
+            pid: this.env.pid,
+            token: accessToken,
+        };
+        const response = await this.requester.request('post', 'gateway/auth', body);
+        if (!response || response.result !== 'ok') {
+            throw new AuthenticationError(`Refresh-token authentication failed with result=${response?.result ?? 'unknown'}.`);
+        }
+    }
+    calculateRealmSignature(secret, nonce) {
+        const hash = createHash('md5');
+        hash.update(secret + nonce, 'utf8');
+        return hash.digest('base64');
+    }
+    async exchangeRefreshToken() {
+        if (!this.env.refreshToken) {
+            throw new AuthenticationError('REFRESH_TOKEN missing.');
+        }
+        const baseUrl = this.hostToHttpUrl();
+        const tokenUrl = new URL('/basic/auth/token', baseUrl).toString();
+        const response = await fetch(tokenUrl, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                Accept: 'application/json',
+                'beam-scope': `${this.env.cid}.${this.env.pid}`,
+            },
+            body: JSON.stringify({
+                grant_type: 'refresh_token',
+                refresh_token: this.env.refreshToken,
+            }),
+        });
+        if (!response.ok) {
+            throw new AuthenticationError(`Failed to retrieve access token. status=${response.status}`);
+        }
+        const payload = (await response.json());
+        if (!payload.access_token) {
+            throw new AuthenticationError(`Refresh-token exchange failed: ${payload.error ?? 'unknown error'}`);
+        }
+        return payload.access_token;
+    }
+    hostToHttpUrl() {
+        const host = this.env.host.replace(/\/socket$/, '');
+        if (host.startsWith('wss://')) {
+            return `https://${host.substring('wss://'.length)}`;
+        }
+        if (host.startsWith('ws://')) {
+            return `http://${host.substring('ws://'.length)}`;
+        }
+        return host;
+    }
+}
+//# sourceMappingURL=auth.js.map

package/dist/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAG/B,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAelD,MAAM,OAAO,WAAW;IACL,GAAG,CAAoB;IACvB,SAAS,CAAmB;IAE7C,YAAY,GAAsB,EAAE,SAA2B;QAC7D,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACf,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;IAC7B,CAAC;IAED,KAAK,CAAC,YAAY;QAChB,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC;YACpB,MAAM,IAAI,CAAC,2BAA2B,EAAE,CAAC;YACzC,OAAO;QACT,CAAC;QACD,IAAI,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC;YAC1B,MAAM,IAAI,CAAC,4BAA4B,EAAE,CAAC;YAC1C,OAAO;QACT,CAAC;QACD,MAAM,IAAI,mBAAmB,CAAC,iDAAiD,CAAC,CAAC;IACnF,CAAC;IAEO,KAAK,CAAC,2BAA2B;QACvC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAgB,KAAK,EAAE,eAAe,CAAC,CAAC;QAClF,IAAI,CAAC,KAAK,EAAE,KAAK,EAAE,CAAC;YAClB,MAAM,IAAI,mBAAmB,CAAC,qDAAqD,CAAC,CAAC;QACvF,CAAC;QACD,MAAM,SAAS,GAAG,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,IAAI,EAAE,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;QACnF,MAAM,IAAI,GAAG;YACX,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG;YACjB,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG;YACjB,SAAS;SACV,CAAC;QACF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAe,MAAM,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;QAC1F,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,IAAI,EAAE,CAAC;YAC1C,MAAM,IAAI,mBAAmB,CAAC,kDAAkD,QAAQ,EAAE,MAAM,IAAI,SAAS,GAAG,CAAC,CAAC;QACpH,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,4BAA4B;QACxC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,oBAAoB,EAAE,CAAC;QACtD,MAAM,IAAI,GAAG;YACX,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG;YACjB,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG;YACjB,KAAK,EAAE,WAAW;SACnB,CAAC;QACF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAe,MAAM,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;QAC1F,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,IAAI,EAAE,CAAC;YAC1C,MAAM,IAAI,mBAAmB,CAAC,mDAAmD,QAAQ,EAAE,MAAM,IAAI,SAAS,GAAG,CAAC,CAAC;QACrH,CAAC;IACH,CAAC;IAEO,uBAAuB,CAAC,MAAc,EAAE,KAAa;QAC3D,MAAM,IAAI,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC;QAC/B,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,KAAK,EAAE,MAAM,CAAC,CAAC;QACpC,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAC/B,CAAC;IAEO,KAAK,CAAC,oBAAoB;QAChC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC;YAC3B,MAAM,IAAI,mBAAmB,CAAC,wBAAwB,CAAC,CAAC;QAC1D,CAAC;QACD,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QACrC,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,mBAAmB,EAAE,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;QAClE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;YACrC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,MAAM,EAAE,kBAAkB;gBAC1B,YAAY,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE;aAChD;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,UAAU,EAAE,eAAe;gBAC3B,aAAa,EAAE,IAAI,CAAC,GAAG,CAAC,YAAY;aACrC,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,mBAAmB,CAAC,2CAA2C,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;QAC9F,CAAC;QAED,MAAM,OAAO,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAkB,CAAC;QACzD,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC;YAC1B,MAAM,IAAI,mBAAmB,CAAC,kCAAkC,OAAO,CAAC,KAAK,IAAI,eAAe,EAAE,CAAC,CAAC;QACtG,CAAC;QACD,OAAO,OAAO,CAAC,YAAY,CAAC;IAC9B,CAAC;IAEO,aAAa;QACnB,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QACpD,IAAI,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC9B,OAAO,WAAW,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QACtD,CAAC;QACD,IAAI,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7B,OAAO,UAAU,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QACpD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;CACF","sourcesContent":["import { createHash } from 'node:crypto';\r\nimport { URL } from 'node:url';\r\nimport type { EnvironmentConfig } from './types.js';\r\nimport type { GatewayRequester } from './requester.js';\r\nimport { AuthenticationError } from './errors.js';\r\n\r\ninterface NonceResponse {\r\n  nonce: string;\r\n}\r\n\r\ninterface AuthResponse {\r\n  result: string;\r\n}\r\n\r\ninterface TokenResponse {\r\n  access_token?: string;\r\n  error?: string;\r\n}\r\n\r\nexport class AuthManager {\r\n  private readonly env: EnvironmentConfig;\r\n  private readonly requester: GatewayRequester;\r\n\r\n  constructor(env: EnvironmentConfig, requester: GatewayRequester) {\r\n    this.env = env;\r\n    this.requester = requester;\r\n  }\r\n\r\n  async authenticate(): Promise<void> {\r\n    if (this.env.secret) {\r\n      await this.authenticateWithRealmSecret();\r\n      return;\r\n    }\r\n    if (this.env.refreshToken) {\r\n      await this.authenticateWithRefreshToken();\r\n      return;\r\n    }\r\n    throw new AuthenticationError('Neither SECRET nor REFRESH_TOKEN is configured.');\r\n  }\r\n\r\n  private async authenticateWithRealmSecret(): Promise<void> {\r\n    const nonce = await this.requester.request<NonceResponse>('get', 'gateway/nonce');\r\n    if (!nonce?.nonce) {\r\n      throw new AuthenticationError('Gateway did not provide a nonce for authentication.');\r\n    }\r\n    const signature = this.calculateRealmSignature(this.env.secret ?? '', nonce.nonce);\r\n    const body = {\r\n      cid: this.env.cid,\r\n      pid: this.env.pid,\r\n      signature,\r\n    };\r\n    const response = await this.requester.request<AuthResponse>('post', 'gateway/auth', body);\r\n    if (!response || response.result !== 'ok') {\r\n      throw new AuthenticationError(`Realm secret authentication failed with result=${response?.result ?? 'unknown'}.`);\r\n    }\r\n  }\r\n\r\n  private async authenticateWithRefreshToken(): Promise<void> {\r\n    const accessToken = await this.exchangeRefreshToken();\r\n    const body = {\r\n      cid: this.env.cid,\r\n      pid: this.env.pid,\r\n      token: accessToken,\r\n    };\r\n    const response = await this.requester.request<AuthResponse>('post', 'gateway/auth', body);\r\n    if (!response || response.result !== 'ok') {\r\n      throw new AuthenticationError(`Refresh-token authentication failed with result=${response?.result ?? 'unknown'}.`);\r\n    }\r\n  }\r\n\r\n  private calculateRealmSignature(secret: string, nonce: string): string {\r\n    const hash = createHash('md5');\r\n    hash.update(secret + nonce, 'utf8');\r\n    return hash.digest('base64');\r\n  }\r\n\r\n  private async exchangeRefreshToken(): Promise<string> {\r\n    if (!this.env.refreshToken) {\r\n      throw new AuthenticationError('REFRESH_TOKEN missing.');\r\n    }\r\n    const baseUrl = this.hostToHttpUrl();\r\n    const tokenUrl = new URL('/basic/auth/token', baseUrl).toString();\r\n    const response = await fetch(tokenUrl, {\r\n      method: 'POST',\r\n      headers: {\r\n        'Content-Type': 'application/json',\r\n        Accept: 'application/json',\r\n        'beam-scope': `${this.env.cid}.${this.env.pid}`,\r\n      },\r\n      body: JSON.stringify({\r\n        grant_type: 'refresh_token',\r\n        refresh_token: this.env.refreshToken,\r\n      }),\r\n    });\r\n\r\n    if (!response.ok) {\r\n      throw new AuthenticationError(`Failed to retrieve access token. status=${response.status}`);\r\n    }\r\n\r\n    const payload = (await response.json()) as TokenResponse;\r\n    if (!payload.access_token) {\r\n      throw new AuthenticationError(`Refresh-token exchange failed: ${payload.error ?? 'unknown error'}`);\r\n    }\r\n    return payload.access_token;\r\n  }\r\n\r\n  private hostToHttpUrl(): string {\r\n    const host = this.env.host.replace(/\\/socket$/, '');\r\n    if (host.startsWith('wss://')) {\r\n      return `https://${host.substring('wss://'.length)}`;\r\n    }\r\n    if (host.startsWith('ws://')) {\r\n      return `http://${host.substring('ws://'.length)}`;\r\n    }\r\n    return host;\r\n  }\r\n}\r\n"]}

package/dist/cli/index.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/cli/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/cli/index.ts"],"names":[],"mappings":""}