@opsimathically/nodenetproccalld 0.0.1 → 0.0.2

package/README.md

@@ -64,10 +64,30 @@ npm run build
 npm run start
 ```
 
-3. Generate TLS material for fresh installs (CA/server/client):
+3. Generate default config files in `./config` (relative to where command is run):
 
 ```bash
-node dist/index.js --generate-tls-material
+nodenetproccalld --generate-default-config
+```
+
+By default this writes:
+
+- `./config/server.config.json5`
+- `./config/api_keys.config.json5`
+
+Useful options:
+
+```bash
+nodenetproccalld \
+  --generate-default-config \
+  --default-config-output-dir ./config \
+  --default-config-overwrite
+```
+
+4. Generate TLS material for fresh installs (CA/server/client):
+
+```bash
+nodenetproccalld --generate-tls-material
 ```
 
 By default this writes:
@@ -82,7 +102,7 @@ By default this writes:
 Useful options:
 
 ```bash
-node dist/index.js \
+nodenetproccalld \
   --generate-tls-material \
   --tls-output-dir ./config/certs \
   --tls-overwrite \
@@ -92,18 +112,18 @@ node dist/index.js \
   --tls-valid-days 365
 ```
 
-4. Start daemon with custom config paths:
+5. Start daemon with custom config paths:
 
 ```bash
-node dist/index.js \
+nodenetproccalld \
   --server-config /absolute/or/relative/server.config.json5 \
   --api-keys-config /absolute/or/relative/api_keys.config.json5
 ```
 
-5. CLI help:
+6. CLI help:
 
 ```bash
-node dist/index.js --help
+nodenetproccalld --help
 ```
 
 Installed package binaries:

package/dist/index.d.mts

@@ -101,6 +101,18 @@ type daemon_config_paths_t = {
   api_keys_config_path: string;
 };
 
+type daemon_default_config_generation_options_t = {
+  enabled: boolean;
+  output_dir: string;
+  overwrite: boolean;
+};
+
+type daemon_generated_default_config_t = {
+  output_dir: string;
+  server_config_path: string;
+  api_keys_config_path: string;
+};
+
 type daemon_tls_generation_options_t = {
   enabled: boolean;
   output_dir: string;
@@ -123,6 +135,7 @@ type daemon_generated_tls_material_t = {
 
 type daemon_cli_options_t = daemon_config_paths_t & {
   help: boolean;
+  default_config_generation: daemon_default_config_generation_options_t;
   tls_generation: daemon_tls_generation_options_t;
 };
 
@@ -191,6 +204,12 @@ declare class DaemonProcess {
     private requestStop;
 }
 
+declare class DefaultConfigGenerator {
+    generateDefaultConfig(params: {
+        default_config_generation_options: daemon_default_config_generation_options_t;
+    }): daemon_generated_default_config_t;
+}
+
 type daemon_lifecycle_state_t = 'stopped' | 'starting' | 'running' | 'stopping';
 type daemon_runtime_snapshot_t = {
     lifecycle_state: daemon_lifecycle_state_t;
@@ -243,4 +262,4 @@ declare class TlsMaterialGenerator {
     private getErrorMessage;
 }
 
-export { ApiKeyAuthorizer, ConfigFileLoader, ConfigValidator, DaemonCli, DaemonProcess, NetworkProcedureCallDaemon, TlsMaterialGenerator, type daemon_api_key_entry_t, type daemon_api_key_identity_constraints_t, type daemon_api_keys_config_file_t, type daemon_cli_options_t, type daemon_config_paths_t, type daemon_generated_tls_material_t, type daemon_observability_config_t, type daemon_runtime_api_key_entry_t, type daemon_runtime_config_t, type daemon_server_config_file_t, type daemon_tls_file_config_t, type daemon_tls_generation_options_t, type daemon_worker_config_t };
+export { ApiKeyAuthorizer, ConfigFileLoader, ConfigValidator, DaemonCli, DaemonProcess, DefaultConfigGenerator, NetworkProcedureCallDaemon, TlsMaterialGenerator, type daemon_api_key_entry_t, type daemon_api_key_identity_constraints_t, type daemon_api_keys_config_file_t, type daemon_cli_options_t, type daemon_config_paths_t, type daemon_default_config_generation_options_t, type daemon_generated_default_config_t, type daemon_generated_tls_material_t, type daemon_observability_config_t, type daemon_runtime_api_key_entry_t, type daemon_runtime_config_t, type daemon_server_config_file_t, type daemon_tls_file_config_t, type daemon_tls_generation_options_t, type daemon_worker_config_t };

package/dist/index.d.ts

@@ -101,6 +101,18 @@ type daemon_config_paths_t = {
   api_keys_config_path: string;
 };
 
+type daemon_default_config_generation_options_t = {
+  enabled: boolean;
+  output_dir: string;
+  overwrite: boolean;
+};
+
+type daemon_generated_default_config_t = {
+  output_dir: string;
+  server_config_path: string;
+  api_keys_config_path: string;
+};
+
 type daemon_tls_generation_options_t = {
   enabled: boolean;
   output_dir: string;
@@ -123,6 +135,7 @@ type daemon_generated_tls_material_t = {
 
 type daemon_cli_options_t = daemon_config_paths_t & {
   help: boolean;
+  default_config_generation: daemon_default_config_generation_options_t;
   tls_generation: daemon_tls_generation_options_t;
 };
 
@@ -191,6 +204,12 @@ declare class DaemonProcess {
     private requestStop;
 }
 
+declare class DefaultConfigGenerator {
+    generateDefaultConfig(params: {
+        default_config_generation_options: daemon_default_config_generation_options_t;
+    }): daemon_generated_default_config_t;
+}
+
 type daemon_lifecycle_state_t = 'stopped' | 'starting' | 'running' | 'stopping';
 type daemon_runtime_snapshot_t = {
     lifecycle_state: daemon_lifecycle_state_t;
@@ -243,4 +262,4 @@ declare class TlsMaterialGenerator {
     private getErrorMessage;
 }
 
-export { ApiKeyAuthorizer, ConfigFileLoader, ConfigValidator, DaemonCli, DaemonProcess, NetworkProcedureCallDaemon, TlsMaterialGenerator, type daemon_api_key_entry_t, type daemon_api_key_identity_constraints_t, type daemon_api_keys_config_file_t, type daemon_cli_options_t, type daemon_config_paths_t, type daemon_generated_tls_material_t, type daemon_observability_config_t, type daemon_runtime_api_key_entry_t, type daemon_runtime_config_t, type daemon_server_config_file_t, type daemon_tls_file_config_t, type daemon_tls_generation_options_t, type daemon_worker_config_t };
+export { ApiKeyAuthorizer, ConfigFileLoader, ConfigValidator, DaemonCli, DaemonProcess, DefaultConfigGenerator, NetworkProcedureCallDaemon, TlsMaterialGenerator, type daemon_api_key_entry_t, type daemon_api_key_identity_constraints_t, type daemon_api_keys_config_file_t, type daemon_cli_options_t, type daemon_config_paths_t, type daemon_default_config_generation_options_t, type daemon_generated_default_config_t, type daemon_generated_tls_material_t, type daemon_observability_config_t, type daemon_runtime_api_key_entry_t, type daemon_runtime_config_t, type daemon_server_config_file_t, type daemon_tls_file_config_t, type daemon_tls_generation_options_t, type daemon_worker_config_t };

package/dist/index.js

@@ -39,6 +39,7 @@ __export(index_exports, {
   ConfigValidator: () => ConfigValidator,
   DaemonCli: () => DaemonCli,
   DaemonProcess: () => DaemonProcess,
+  DefaultConfigGenerator: () => DefaultConfigGenerator,
   NetworkProcedureCallDaemon: () => NetworkProcedureCallDaemon,
   TlsMaterialGenerator: () => TlsMaterialGenerator
 });
@@ -1614,6 +1615,7 @@ var ConfigFileLoader = _ConfigFileLoader;
 // src/classes/daemoncli/DaemonCli.class.ts
 var default_server_config_path = "./config/server.config.json5";
 var default_api_keys_config_path = "./config/api_keys.config.json5";
+var default_config_output_dir = "./config";
 var default_tls_output_dir = "./config/certs";
 var default_ca_common_name = "nodenetproccalld-local-ca";
 var default_server_common_name = "localhost";
@@ -1625,6 +1627,11 @@ var _DaemonCli = class _DaemonCli {
       server_config_path: default_server_config_path,
       api_keys_config_path: default_api_keys_config_path,
       help: false,
+      default_config_generation: {
+        enabled: false,
+        output_dir: default_config_output_dir,
+        overwrite: false
+      },
       tls_generation: {
         enabled: false,
         output_dir: default_tls_output_dir,
@@ -1660,6 +1667,23 @@ var _DaemonCli = class _DaemonCli {
         index += 1;
         continue;
       }
+      if (token2 === "--generate-default-config") {
+        options.default_config_generation.enabled = true;
+        continue;
+      }
+      if (token2 === "--default-config-output-dir") {
+        const next_value = argv[index + 1];
+        if (!next_value) {
+          throw new Error("Missing value for --default-config-output-dir");
+        }
+        options.default_config_generation.output_dir = next_value;
+        index += 1;
+        continue;
+      }
+      if (token2 === "--default-config-overwrite") {
+        options.default_config_generation.overwrite = true;
+        continue;
+      }
       if (token2 === "--generate-tls-material") {
         options.tls_generation.enabled = true;
         continue;
@@ -1726,13 +1750,18 @@ var _DaemonCli = class _DaemonCli {
       "nodenetproccalld",
       "",
       "Usage:",
-      "  node dist/index.js [options]",
+      "  nodenetproccalld [options]",
       "",
       "Options:",
       "  --server-config <path>      Path to server JSON5 config file.",
       "                              Default: ./config/server.config.json5",
       "  --api-keys-config <path>    Path to api keys JSON5 config file.",
       "                              Default: ./config/api_keys.config.json5",
+      "  --generate-default-config   Generate default JSON5 daemon config files and exit.",
+      "  --default-config-output-dir <path>",
+      "                              Output directory for server/api-key config files.",
+      "                              Default: ./config",
+      "  --default-config-overwrite  Overwrite existing default config files.",
       "  --generate-tls-material     Generate CA/server/client TLS material and exit.",
       "  --tls-output-dir <path>     Output directory for generated TLS files.",
       "                              Default: ./config/certs",
@@ -2074,10 +2103,160 @@ var _DaemonProcess = class _DaemonProcess {
 __name(_DaemonProcess, "DaemonProcess");
 var DaemonProcess = _DaemonProcess;
 
-// src/classes/tlsmaterialgenerator/TlsMaterialGenerator.class.ts
-var import_node_child_process = require("child_process");
+// src/classes/defaultconfiggenerator/DefaultConfigGenerator.class.ts
 var import_node_fs2 = __toESM(require("fs"));
 var import_node_path2 = __toESM(require("path"));
+var default_server_config_template = `{
+  // Friendly name that clients can use in their own config maps.
+  information: {
+    server_name: 'daemon_server_1'
+  },
+
+  // Bind target for tls.createServer.
+  network: {
+    bind_addr: '0.0.0.0',
+    tcp_listen_port: 6767
+  },
+
+  // PEM files are resolved relative to this config file unless absolute paths are used.
+  tls_mtls: {
+    key_file: './certs/server.key.pem',
+    cert_file: './certs/server.cert.pem',
+    ca_file: './certs/ca.cert.pem',
+    // crl_file: './certs/ca.crl.pem',
+    min_version: 'TLSv1.3',
+    handshake_timeout_ms: 5000,
+    request_timeout_ms: 15000,
+    max_frame_bytes: 1048576
+  },
+
+  workerprocedurecall: {
+    count: 4,
+    constructor_options: {
+      call_timeout_ms: 30000,
+      control_timeout_ms: 10000,
+      restart_on_failure: true,
+      max_restarts_per_worker: 6,
+      max_pending_calls_per_worker: 500
+    },
+    start_options: {
+      restart_base_delay_ms: 150,
+      restart_max_delay_ms: 5000,
+      restart_jitter_ms: 250
+    }
+  },
+
+  // Optional abuse controls from @opsimathically/networkprocedurecall.
+  abuse_controls: {
+    connection_controls: {
+      max_concurrent_sockets: 1024,
+      max_concurrent_handshakes: 256,
+      max_unauthenticated_sessions: 256,
+      per_ip_max_new_connections_per_window: 64,
+      tls_handshake_timeout_ms: 5000,
+      auth_message_timeout_ms: 5000
+    },
+    request_controls: {
+      max_in_flight_requests_per_connection: 128,
+      per_connection: {
+        enabled: true,
+        tokens_per_interval: 200,
+        interval_ms: 1000,
+        burst_tokens: 400
+      },
+      per_api_key: {
+        enabled: true,
+        tokens_per_interval: 1000,
+        interval_ms: 1000,
+        burst_tokens: 2000
+      },
+      per_ip: {
+        enabled: true,
+        tokens_per_interval: 500,
+        interval_ms: 1000,
+        burst_tokens: 1000
+      }
+    }
+  },
+
+  observability: {
+    enable_console_log: true,
+    log_worker_events: true,
+    metrics_log_interval_ms: 30000
+  }
+}
+`;
+var default_api_keys_config_template = `{
+  // API keys and privilege grants for auth_callback.
+  api_keys: [
+    {
+      key_id: 'admin_key_1',
+      api_key: 'replace_me_with_random_secret',
+      privileges: ['all_privileges'],
+      enabled: true,
+      identity_constraints: {
+        // Example: accept loopback clients only.
+        remote_address_regex: '^(127\\\\.0\\\\.0\\\\.1|::1|::ffff:127\\\\.0\\\\.0\\\\.1)$'
+      }
+    },
+    {
+      key_id: 'invoke_only_key_1',
+      api_key: 'replace_me_with_second_secret',
+      privileges: ['invoke_functions'],
+      enabled: false
+    }
+  ]
+}
+`;
+function EnsureParentDirectory(params) {
+  import_node_fs2.default.mkdirSync(import_node_path2.default.dirname(params.file_path), {
+    recursive: true
+  });
+}
+__name(EnsureParentDirectory, "EnsureParentDirectory");
+function WriteFileIfAllowed(params) {
+  if (!params.overwrite && import_node_fs2.default.existsSync(params.file_path)) {
+    throw new Error(`Refusing to overwrite existing config "${params.file_path}". Use --default-config-overwrite to replace it.`);
+  }
+  EnsureParentDirectory({
+    file_path: params.file_path
+  });
+  import_node_fs2.default.writeFileSync(params.file_path, params.content, "utf8");
+}
+__name(WriteFileIfAllowed, "WriteFileIfAllowed");
+var _DefaultConfigGenerator = class _DefaultConfigGenerator {
+  generateDefaultConfig(params) {
+    const options = params.default_config_generation_options;
+    const output_dir = import_node_path2.default.resolve(process.cwd(), options.output_dir);
+    const server_config_path = import_node_path2.default.join(output_dir, "server.config.json5");
+    const api_keys_config_path = import_node_path2.default.join(output_dir, "api_keys.config.json5");
+    import_node_fs2.default.mkdirSync(output_dir, {
+      recursive: true
+    });
+    WriteFileIfAllowed({
+      file_path: server_config_path,
+      content: default_server_config_template,
+      overwrite: options.overwrite
+    });
+    WriteFileIfAllowed({
+      file_path: api_keys_config_path,
+      content: default_api_keys_config_template,
+      overwrite: options.overwrite
+    });
+    return {
+      output_dir,
+      server_config_path,
+      api_keys_config_path
+    };
+  }
+};
+__name(_DefaultConfigGenerator, "DefaultConfigGenerator");
+var DefaultConfigGenerator = _DefaultConfigGenerator;
+
+// src/classes/tlsmaterialgenerator/TlsMaterialGenerator.class.ts
+var import_node_child_process = require("child_process");
+var import_node_fs3 = __toESM(require("fs"));
+var import_node_path3 = __toESM(require("path"));
 function EnsurePositiveInteger(params) {
   if (!Number.isInteger(params.value) || params.value <= 0) {
     throw new Error(`${params.label} must be a positive integer.`);
@@ -2085,13 +2264,13 @@ function EnsurePositiveInteger(params) {
 }
 __name(EnsurePositiveInteger, "EnsurePositiveInteger");
 function MakeDirRecursive(params) {
-  import_node_fs2.default.mkdirSync(params.dir_path, {
+  import_node_fs3.default.mkdirSync(params.dir_path, {
     recursive: true
   });
 }
 __name(MakeDirRecursive, "MakeDirRecursive");
 function WriteTextFile(params) {
-  import_node_fs2.default.writeFileSync(params.file_path, params.content, "utf8");
+  import_node_fs3.default.writeFileSync(params.file_path, params.content, "utf8");
 }
 __name(WriteTextFile, "WriteTextFile");
 var _TlsMaterialGenerator = class _TlsMaterialGenerator {
@@ -2101,7 +2280,7 @@ var _TlsMaterialGenerator = class _TlsMaterialGenerator {
       value: options.valid_days,
       label: "tls_generation.valid_days"
     });
-    const output_dir = import_node_path2.default.resolve(process.cwd(), options.output_dir);
+    const output_dir = import_node_path3.default.resolve(process.cwd(), options.output_dir);
     MakeDirRecursive({
       dir_path: output_dir
     });
@@ -2160,17 +2339,17 @@ var _TlsMaterialGenerator = class _TlsMaterialGenerator {
   }
   buildTlsFileMap(params) {
     return {
-      ca_key_path: import_node_path2.default.join(params.output_dir, "ca.key.pem"),
-      ca_cert_path: import_node_path2.default.join(params.output_dir, "ca.cert.pem"),
-      server_key_path: import_node_path2.default.join(params.output_dir, "server.key.pem"),
-      server_csr_path: import_node_path2.default.join(params.output_dir, "server.csr.pem"),
-      server_cert_path: import_node_path2.default.join(params.output_dir, "server.cert.pem"),
-      server_ext_path: import_node_path2.default.join(params.output_dir, "server.ext"),
-      client_key_path: import_node_path2.default.join(params.output_dir, "client.key.pem"),
-      client_csr_path: import_node_path2.default.join(params.output_dir, "client.csr.pem"),
-      client_cert_path: import_node_path2.default.join(params.output_dir, "client.cert.pem"),
-      client_ext_path: import_node_path2.default.join(params.output_dir, "client.ext"),
-      ca_serial_path: import_node_path2.default.join(params.output_dir, "ca.cert.srl")
+      ca_key_path: import_node_path3.default.join(params.output_dir, "ca.key.pem"),
+      ca_cert_path: import_node_path3.default.join(params.output_dir, "ca.cert.pem"),
+      server_key_path: import_node_path3.default.join(params.output_dir, "server.key.pem"),
+      server_csr_path: import_node_path3.default.join(params.output_dir, "server.csr.pem"),
+      server_cert_path: import_node_path3.default.join(params.output_dir, "server.cert.pem"),
+      server_ext_path: import_node_path3.default.join(params.output_dir, "server.ext"),
+      client_key_path: import_node_path3.default.join(params.output_dir, "client.key.pem"),
+      client_csr_path: import_node_path3.default.join(params.output_dir, "client.csr.pem"),
+      client_cert_path: import_node_path3.default.join(params.output_dir, "client.cert.pem"),
+      client_ext_path: import_node_path3.default.join(params.output_dir, "client.ext"),
+      ca_serial_path: import_node_path3.default.join(params.output_dir, "ca.cert.srl")
     };
   }
   assertTargetFilesAreWritable(params) {
@@ -2184,18 +2363,18 @@ var _TlsMaterialGenerator = class _TlsMaterialGenerator {
     ];
     if (!params.overwrite) {
       for (const target_path of target_paths) {
-        if (import_node_fs2.default.existsSync(target_path)) {
+        if (import_node_fs3.default.existsSync(target_path)) {
           throw new Error(`Refusing to overwrite existing file "${target_path}". Use --tls-overwrite to replace existing material.`);
         }
       }
       return;
     }
     for (const target_path of target_paths) {
-      import_node_fs2.default.rmSync(target_path, {
+      import_node_fs3.default.rmSync(target_path, {
         force: true
       });
     }
-    import_node_fs2.default.rmSync(params.tls_files.ca_serial_path, {
+    import_node_fs3.default.rmSync(params.tls_files.ca_serial_path, {
       force: true
     });
   }
@@ -2316,19 +2495,19 @@ var _TlsMaterialGenerator = class _TlsMaterialGenerator {
     });
   }
   cleanupIntermediateFiles(params) {
-    import_node_fs2.default.rmSync(params.tls_files.server_csr_path, {
+    import_node_fs3.default.rmSync(params.tls_files.server_csr_path, {
       force: true
     });
-    import_node_fs2.default.rmSync(params.tls_files.client_csr_path, {
+    import_node_fs3.default.rmSync(params.tls_files.client_csr_path, {
       force: true
     });
-    import_node_fs2.default.rmSync(params.tls_files.server_ext_path, {
+    import_node_fs3.default.rmSync(params.tls_files.server_ext_path, {
       force: true
     });
-    import_node_fs2.default.rmSync(params.tls_files.client_ext_path, {
+    import_node_fs3.default.rmSync(params.tls_files.client_ext_path, {
       force: true
     });
-    import_node_fs2.default.rmSync(params.tls_files.ca_serial_path, {
+    import_node_fs3.default.rmSync(params.tls_files.ca_serial_path, {
       force: true
     });
   }
@@ -2355,6 +2534,17 @@ async function StartDaemonFromCli() {
     daemon_cli.printHelp();
     return;
   }
+  if (cli_options.default_config_generation.enabled) {
+    const default_config_generator = new DefaultConfigGenerator();
+    const generated_default_config = default_config_generator.generateDefaultConfig({
+      default_config_generation_options: cli_options.default_config_generation
+    });
+    console.log("Default config generated successfully.");
+    console.log(`Output directory: ${generated_default_config.output_dir}`);
+    console.log(`Server config: ${generated_default_config.server_config_path}`);
+    console.log(`API keys config: ${generated_default_config.api_keys_config_path}`);
+    return;
+  }
   if (cli_options.tls_generation.enabled) {
     const tls_material_generator = new TlsMaterialGenerator();
     const generated_tls_material = tls_material_generator.generateTlsMaterial({
@@ -2394,6 +2584,7 @@ if (require.main === module) {
   ConfigValidator,
   DaemonCli,
   DaemonProcess,
+  DefaultConfigGenerator,
   NetworkProcedureCallDaemon,
   TlsMaterialGenerator
 });