npm - @onlineapps/service-validator-core - Versions diffs - 1.0.7 → 1.0.9 - Mend

@onlineapps/service-validator-core 1.0.7 → 1.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (40) hide show

package/README.md +24 -0
package/coverage/clover.xml +0 -0
package/coverage/coverage-final.json +0 -0
package/coverage/lcov-report/base.css +0 -0
package/coverage/lcov-report/block-navigation.js +0 -0
package/coverage/lcov-report/favicon.png +0 -0
package/coverage/lcov-report/index.html +0 -0
package/coverage/lcov-report/prettify.css +0 -0
package/coverage/lcov-report/prettify.js +0 -0
package/coverage/lcov-report/sort-arrow-sprite.png +0 -0
package/coverage/lcov-report/sorter.js +0 -0
package/coverage/lcov-report/src/index.html +0 -0
package/coverage/lcov-report/src/index.js.html +0 -0
package/coverage/lcov-report/src/security/certificateManager.js.html +0 -0
package/coverage/lcov-report/src/security/index.html +0 -0
package/coverage/lcov-report/src/security/tokenManager.js.html +0 -0
package/coverage/lcov-report/src/validators/connectorValidator.js.html +0 -0
package/coverage/lcov-report/src/validators/endpointValidator.js.html +0 -0
package/coverage/lcov-report/src/validators/healthValidator.js.html +0 -0
package/coverage/lcov-report/src/validators/index.html +0 -0
package/coverage/lcov-report/src/validators/openApiValidator.js.html +0 -0
package/coverage/lcov.info +0 -0
package/jest.config.js +0 -0
package/package.json +5 -1
package/src/config.js +30 -0
package/src/defaults.js +17 -0
package/src/index.js +1 -1
package/src/security/ValidationProofCodec.js +0 -0
package/src/security/ValidationProofVerifier.js +0 -0
package/src/security/certificateManager.js +0 -0
package/src/security/tokenManager.js +17 -12
package/src/types/ValidationProofSchema.js +0 -0
package/src/utils/FingerprintUtils.js +0 -0
package/src/validators/connectorValidator.js +0 -0
package/src/validators/endpointValidator.js +0 -0
package/src/validators/healthValidator.js +0 -0
package/src/validators/openApiValidator.js +0 -0
package/tests/component/validation-flow.test.js +10 -0
package/tests/integration/real-validation.test.js +10 -0
package/tests/unit/ValidationCore.test.js +10 -0

package/README.md CHANGED Viewed

@@ -81,6 +81,30 @@ Validates health check configuration:
 - **TokenManager** - Generates and verifies pre-validation tokens
 - **CertificateManager** - Issues and verifies cryptographic certificates
+### Validation Proof Structure
+**Official format** (returned by `ValidationProofCodec.encode()`):
+```json
+{
+  "validationProof": "<SHA256-hash-64-chars>",
+  "validationData": {
+    "serviceName": "hello-service",
+    "version": "1.0.0",
+    "validator": "@onlineapps/conn-orch-validator",
+    "validatorVersion": "2.0.6",
+    "validatedAt": "2025-10-23T06:53:12.996Z",
+    "testsRun": 3,
+    "testsPassed": 3,
+    "testsFailed": 0,
+    "durationMs": 151
+  }
+}
+```
+**IMPORTANT:** Always use `validationProof` and `validationData` keys (NOT `hash`/`data`).
+See [ValidationProofCodec.js](src/security/ValidationProofCodec.js) and [ValidationProofSchema.js](src/types/ValidationProofSchema.js) for complete specification.
 ## API
 ### ValidationCore(config)

package/coverage/clover.xml CHANGED Viewed

File without changes

package/coverage/coverage-final.json CHANGED Viewed

File without changes

package/coverage/lcov-report/base.css CHANGED Viewed

File without changes

package/coverage/lcov-report/block-navigation.js CHANGED Viewed

File without changes

package/coverage/lcov-report/favicon.png CHANGED Viewed

File without changes

package/coverage/lcov-report/index.html CHANGED Viewed

File without changes

package/coverage/lcov-report/prettify.css CHANGED Viewed

File without changes

package/coverage/lcov-report/prettify.js CHANGED Viewed

File without changes

package/coverage/lcov-report/sort-arrow-sprite.png CHANGED Viewed

File without changes

package/coverage/lcov-report/sorter.js CHANGED Viewed

File without changes

package/coverage/lcov-report/src/index.html CHANGED Viewed

File without changes

package/coverage/lcov-report/src/index.js.html CHANGED Viewed

File without changes

package/coverage/lcov-report/src/security/certificateManager.js.html CHANGED Viewed

File without changes

package/coverage/lcov-report/src/security/index.html CHANGED Viewed

File without changes

package/coverage/lcov-report/src/security/tokenManager.js.html CHANGED Viewed

File without changes

package/coverage/lcov-report/src/validators/connectorValidator.js.html CHANGED Viewed

File without changes

package/coverage/lcov-report/src/validators/endpointValidator.js.html CHANGED Viewed

File without changes

package/coverage/lcov-report/src/validators/healthValidator.js.html CHANGED Viewed

File without changes

package/coverage/lcov-report/src/validators/index.html CHANGED Viewed

File without changes

package/coverage/lcov-report/src/validators/openApiValidator.js.html CHANGED Viewed

File without changes

package/coverage/lcov.info CHANGED Viewed

File without changes

package/jest.config.js CHANGED Viewed

File without changes

package/package.json CHANGED Viewed

@@ -1,10 +1,13 @@
 {
   "name": "@onlineapps/service-validator-core",
-  "version": "1.0.7",
+  "version": "1.0.9",
   "description": "Core validation logic for microservices",
   "main": "src/index.js",
   "scripts": {
     "test": "jest",
+    "test:unit": "jest tests/unit",
+    "test:component": "jest tests/component",
+    "test:integration": "jest tests/integration",
     "test:coverage": "jest --coverage",
     "lint": "eslint src/"
   },
@@ -17,6 +20,7 @@
   "license": "MIT",
   "dependencies": {
     "ajv": "^8.12.0",
+    "@onlineapps/runtime-config": "1.0.2",
     "jsonwebtoken": "^9.0.2",
     "uuid": "^9.0.1"
   },

package/src/config.js ADDED Viewed

@@ -0,0 +1,30 @@
+'use strict';
+/**
+ * Runtime configuration schema for @onlineapps/service-validator-core.
+ *
+ * Priority:
+ * 1) Explicit config
+ * 2) ENV
+ * 3) Module-owned defaults
+ *
+ * IMPORTANT:
+ * - Token secret is required (NO FALLBACKS).
+ */
+const { createRuntimeConfig } = require('@onlineapps/runtime-config');
+const DEFAULTS = require('./defaults');
+const runtimeCfg = createRuntimeConfig({
+  defaults: DEFAULTS,
+  schema: {
+    tokenSecret: { env: 'VALIDATION_TOKEN_SECRET', required: true },
+    tokenExpiresIn: { env: 'VALIDATION_TOKEN_EXPIRES_IN', defaultKey: 'tokenExpiresIn' },
+    tokenAlgorithm: { env: 'VALIDATION_TOKEN_ALGORITHM', defaultKey: 'tokenAlgorithm' },
+    tokenIssuer: { env: 'VALIDATION_TOKEN_ISSUER', defaultKey: 'tokenIssuer' },
+  }
+});
+module.exports = runtimeCfg;

package/src/defaults.js ADDED Viewed

@@ -0,0 +1,17 @@
+'use strict';
+/**
+ * Module-owned defaults for @onlineapps/service-validator-core.
+ *
+ * Ownership rule:
+ * - This module owns token behavior defaults (expiry, algorithm, issuer).
+ * - Secret is NOT defaulted (must be provided via explicit config or ENV).
+ */
+module.exports = {
+  tokenExpiresIn: '24h',
+  tokenAlgorithm: 'HS256',
+  tokenIssuer: 'validation-core',
+};

package/src/index.js CHANGED Viewed

@@ -30,7 +30,7 @@ class ValidationCore {
       health: new HealthValidator()
     };
-    this.tokenManager = new TokenManager();
+    this.tokenManager = new TokenManager(this.config.token || {});
     this.certificateManager = new CertificateManager();
     this.proofVerifier = new ValidationProofVerifier({
       maxProofAge: config.maxProofAge,

package/src/security/ValidationProofCodec.js CHANGED Viewed

File without changes

package/src/security/ValidationProofVerifier.js CHANGED Viewed

File without changes

package/src/security/certificateManager.js CHANGED Viewed

File without changes

package/src/security/tokenManager.js CHANGED Viewed

@@ -1,22 +1,27 @@
 const jwt = require('jsonwebtoken');
 const crypto = require('crypto');
 const FingerprintUtils = require('../utils/FingerprintUtils');
+const runtimeCfg = require('../config');
 class TokenManager {
   constructor(config = {}) {
-    this.secret = config.secret || process.env.VALIDATION_TOKEN_SECRET || this.generateSecret();
-    this.expiresIn = config.expiresIn || '24h';
-    this.algorithm = config.algorithm || 'HS256';
-    this.issuer = config.issuer || 'validation-core';
-    this.usedTokens = new Set(); // Track used tokens for single-use enforcement
-  }
+    let resolved;
+    try {
+      resolved = runtimeCfg.resolve({
+        tokenSecret: config.secret,
+        tokenExpiresIn: config.expiresIn,
+        tokenAlgorithm: config.algorithm,
+        tokenIssuer: config.issuer,
+      });
+    } catch (err) {
+      throw new Error('[TokenManager] Missing configuration - tokenSecret is required (set VALIDATION_TOKEN_SECRET env or pass config.secret)');
+    }
-  /**
-   * Generate a secure secret if none provided
-   * @returns {string} Generated secret
-   */
-  generateSecret() {
-    return crypto.randomBytes(64).toString('hex');
+    this.secret = resolved.tokenSecret;
+    this.expiresIn = resolved.tokenExpiresIn;
+    this.algorithm = resolved.tokenAlgorithm;
+    this.issuer = resolved.tokenIssuer;
+    this.usedTokens = new Set(); // Track used tokens for single-use enforcement
   }
   /**

package/src/types/ValidationProofSchema.js CHANGED Viewed

File without changes

package/src/utils/FingerprintUtils.js CHANGED Viewed

File without changes

package/src/validators/connectorValidator.js CHANGED Viewed

File without changes

package/src/validators/endpointValidator.js CHANGED Viewed

File without changes

package/src/validators/healthValidator.js CHANGED Viewed

File without changes

package/src/validators/openApiValidator.js CHANGED Viewed

File without changes

package/tests/component/validation-flow.test.js CHANGED Viewed

@@ -2,10 +2,20 @@ const ValidationCore = require('../../src/index');
 describe('Validation Flow Component Tests @component', () => {
   let validationCore;
+  let oldSecret;
   beforeEach(() => {
+    oldSecret = process.env.VALIDATION_TOKEN_SECRET;
+    process.env.VALIDATION_TOKEN_SECRET = 'test-validation-secret';
     validationCore = new ValidationCore();
   });
+  afterEach(() => {
+    if (oldSecret === undefined) {
+      delete process.env.VALIDATION_TOKEN_SECRET;
+    } else {
+      process.env.VALIDATION_TOKEN_SECRET = oldSecret;
+    }
+  });
   describe('Complete validation workflow', () => {
     it('should perform full validation and generate token', async () => {

package/tests/integration/real-validation.test.js CHANGED Viewed

@@ -4,10 +4,20 @@ const path = require('path');
 describe('ValidationCore Integration Tests @integration', () => {
   let validationCore;
+  let oldSecret;
   beforeEach(() => {
+    oldSecret = process.env.VALIDATION_TOKEN_SECRET;
+    process.env.VALIDATION_TOKEN_SECRET = 'test-validation-secret';
     validationCore = new ValidationCore();
   });
+  afterEach(() => {
+    if (oldSecret === undefined) {
+      delete process.env.VALIDATION_TOKEN_SECRET;
+    } else {
+      process.env.VALIDATION_TOKEN_SECRET = oldSecret;
+    }
+  });
   describe('Real service validation', () => {
     it('should validate a complete service configuration', async () => {

package/tests/unit/ValidationCore.test.js CHANGED Viewed

@@ -2,10 +2,20 @@ const ValidationCore = require('../../src/index');
 describe('ValidationCore Unit Tests @unit', () => {
   let validationCore;
+  let oldSecret;
   beforeEach(() => {
+    oldSecret = process.env.VALIDATION_TOKEN_SECRET;
+    process.env.VALIDATION_TOKEN_SECRET = 'test-validation-secret';
     validationCore = new ValidationCore();
   });
+  afterEach(() => {
+    if (oldSecret === undefined) {
+      delete process.env.VALIDATION_TOKEN_SECRET;
+    } else {
+      process.env.VALIDATION_TOKEN_SECRET = oldSecret;
+    }
+  });
   describe('constructor', () => {
     it('should initialize with default config', () => {