npm - @opsimathically/nodenetproccalld - Versions diffs - 0.0.1 → 0.0.2 - Mend

@opsimathically/nodenetproccalld 0.0.1 → 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/index.mjs CHANGED Viewed

@@ -1580,6 +1580,7 @@ var ConfigFileLoader = _ConfigFileLoader;
 // src/classes/daemoncli/DaemonCli.class.ts
 var default_server_config_path = "./config/server.config.json5";
 var default_api_keys_config_path = "./config/api_keys.config.json5";
+var default_config_output_dir = "./config";
 var default_tls_output_dir = "./config/certs";
 var default_ca_common_name = "nodenetproccalld-local-ca";
 var default_server_common_name = "localhost";
@@ -1591,6 +1592,11 @@ var _DaemonCli = class _DaemonCli {
       server_config_path: default_server_config_path,
       api_keys_config_path: default_api_keys_config_path,
       help: false,
+      default_config_generation: {
+        enabled: false,
+        output_dir: default_config_output_dir,
+        overwrite: false
+      },
       tls_generation: {
         enabled: false,
         output_dir: default_tls_output_dir,
@@ -1626,6 +1632,23 @@ var _DaemonCli = class _DaemonCli {
         index += 1;
         continue;
       }
+      if (token2 === "--generate-default-config") {
+        options.default_config_generation.enabled = true;
+        continue;
+      }
+      if (token2 === "--default-config-output-dir") {
+        const next_value = argv[index + 1];
+        if (!next_value) {
+          throw new Error("Missing value for --default-config-output-dir");
+        }
+        options.default_config_generation.output_dir = next_value;
+        index += 1;
+        continue;
+      }
+      if (token2 === "--default-config-overwrite") {
+        options.default_config_generation.overwrite = true;
+        continue;
+      }
       if (token2 === "--generate-tls-material") {
         options.tls_generation.enabled = true;
         continue;
@@ -1692,13 +1715,18 @@ var _DaemonCli = class _DaemonCli {
       "nodenetproccalld",
       "",
       "Usage:",
-      "  node dist/index.js [options]",
+      "  nodenetproccalld [options]",
       "",
       "Options:",
       "  --server-config <path>      Path to server JSON5 config file.",
       "                              Default: ./config/server.config.json5",
       "  --api-keys-config <path>    Path to api keys JSON5 config file.",
       "                              Default: ./config/api_keys.config.json5",
+      "  --generate-default-config   Generate default JSON5 daemon config files and exit.",
+      "  --default-config-output-dir <path>",
+      "                              Output directory for server/api-key config files.",
+      "                              Default: ./config",
+      "  --default-config-overwrite  Overwrite existing default config files.",
       "  --generate-tls-material     Generate CA/server/client TLS material and exit.",
       "  --tls-output-dir <path>     Output directory for generated TLS files.",
       "                              Default: ./config/certs",
@@ -2040,10 +2068,160 @@ var _DaemonProcess = class _DaemonProcess {
 __name(_DaemonProcess, "DaemonProcess");
 var DaemonProcess = _DaemonProcess;
-// src/classes/tlsmaterialgenerator/TlsMaterialGenerator.class.ts
-import { execFileSync } from "child_process";
+// src/classes/defaultconfiggenerator/DefaultConfigGenerator.class.ts
 import fs2 from "fs";
 import path2 from "path";
+var default_server_config_template = `{
+  // Friendly name that clients can use in their own config maps.
+  information: {
+    server_name: 'daemon_server_1'
+  },
+  // Bind target for tls.createServer.
+  network: {
+    bind_addr: '0.0.0.0',
+    tcp_listen_port: 6767
+  },
+  // PEM files are resolved relative to this config file unless absolute paths are used.
+  tls_mtls: {
+    key_file: './certs/server.key.pem',
+    cert_file: './certs/server.cert.pem',
+    ca_file: './certs/ca.cert.pem',
+    // crl_file: './certs/ca.crl.pem',
+    min_version: 'TLSv1.3',
+    handshake_timeout_ms: 5000,
+    request_timeout_ms: 15000,
+    max_frame_bytes: 1048576
+  },
+  workerprocedurecall: {
+    count: 4,
+    constructor_options: {
+      call_timeout_ms: 30000,
+      control_timeout_ms: 10000,
+      restart_on_failure: true,
+      max_restarts_per_worker: 6,
+      max_pending_calls_per_worker: 500
+    },
+    start_options: {
+      restart_base_delay_ms: 150,
+      restart_max_delay_ms: 5000,
+      restart_jitter_ms: 250
+    }
+  },
+  // Optional abuse controls from @opsimathically/networkprocedurecall.
+  abuse_controls: {
+    connection_controls: {
+      max_concurrent_sockets: 1024,
+      max_concurrent_handshakes: 256,
+      max_unauthenticated_sessions: 256,
+      per_ip_max_new_connections_per_window: 64,
+      tls_handshake_timeout_ms: 5000,
+      auth_message_timeout_ms: 5000
+    },
+    request_controls: {
+      max_in_flight_requests_per_connection: 128,
+      per_connection: {
+        enabled: true,
+        tokens_per_interval: 200,
+        interval_ms: 1000,
+        burst_tokens: 400
+      },
+      per_api_key: {
+        enabled: true,
+        tokens_per_interval: 1000,
+        interval_ms: 1000,
+        burst_tokens: 2000
+      },
+      per_ip: {
+        enabled: true,
+        tokens_per_interval: 500,
+        interval_ms: 1000,
+        burst_tokens: 1000
+      }
+    }
+  },
+  observability: {
+    enable_console_log: true,
+    log_worker_events: true,
+    metrics_log_interval_ms: 30000
+  }
+}
+`;
+var default_api_keys_config_template = `{
+  // API keys and privilege grants for auth_callback.
+  api_keys: [
+    {
+      key_id: 'admin_key_1',
+      api_key: 'replace_me_with_random_secret',
+      privileges: ['all_privileges'],
+      enabled: true,
+      identity_constraints: {
+        // Example: accept loopback clients only.
+        remote_address_regex: '^(127\\\\.0\\\\.0\\\\.1|::1|::ffff:127\\\\.0\\\\.0\\\\.1)$'
+      }
+    },
+    {
+      key_id: 'invoke_only_key_1',
+      api_key: 'replace_me_with_second_secret',
+      privileges: ['invoke_functions'],
+      enabled: false
+    }
+  ]
+}
+`;
+function EnsureParentDirectory(params) {
+  fs2.mkdirSync(path2.dirname(params.file_path), {
+    recursive: true
+  });
+}
+__name(EnsureParentDirectory, "EnsureParentDirectory");
+function WriteFileIfAllowed(params) {
+  if (!params.overwrite && fs2.existsSync(params.file_path)) {
+    throw new Error(`Refusing to overwrite existing config "${params.file_path}". Use --default-config-overwrite to replace it.`);
+  }
+  EnsureParentDirectory({
+    file_path: params.file_path
+  });
+  fs2.writeFileSync(params.file_path, params.content, "utf8");
+}
+__name(WriteFileIfAllowed, "WriteFileIfAllowed");
+var _DefaultConfigGenerator = class _DefaultConfigGenerator {
+  generateDefaultConfig(params) {
+    const options = params.default_config_generation_options;
+    const output_dir = path2.resolve(process.cwd(), options.output_dir);
+    const server_config_path = path2.join(output_dir, "server.config.json5");
+    const api_keys_config_path = path2.join(output_dir, "api_keys.config.json5");
+    fs2.mkdirSync(output_dir, {
+      recursive: true
+    });
+    WriteFileIfAllowed({
+      file_path: server_config_path,
+      content: default_server_config_template,
+      overwrite: options.overwrite
+    });
+    WriteFileIfAllowed({
+      file_path: api_keys_config_path,
+      content: default_api_keys_config_template,
+      overwrite: options.overwrite
+    });
+    return {
+      output_dir,
+      server_config_path,
+      api_keys_config_path
+    };
+  }
+};
+__name(_DefaultConfigGenerator, "DefaultConfigGenerator");
+var DefaultConfigGenerator = _DefaultConfigGenerator;
+// src/classes/tlsmaterialgenerator/TlsMaterialGenerator.class.ts
+import { execFileSync } from "child_process";
+import fs3 from "fs";
+import path3 from "path";
 function EnsurePositiveInteger(params) {
   if (!Number.isInteger(params.value) || params.value <= 0) {
     throw new Error(`${params.label} must be a positive integer.`);
@@ -2051,13 +2229,13 @@ function EnsurePositiveInteger(params) {
 }
 __name(EnsurePositiveInteger, "EnsurePositiveInteger");
 function MakeDirRecursive(params) {
-  fs2.mkdirSync(params.dir_path, {
+  fs3.mkdirSync(params.dir_path, {
     recursive: true
   });
 }
 __name(MakeDirRecursive, "MakeDirRecursive");
 function WriteTextFile(params) {
-  fs2.writeFileSync(params.file_path, params.content, "utf8");
+  fs3.writeFileSync(params.file_path, params.content, "utf8");
 }
 __name(WriteTextFile, "WriteTextFile");
 var _TlsMaterialGenerator = class _TlsMaterialGenerator {
@@ -2067,7 +2245,7 @@ var _TlsMaterialGenerator = class _TlsMaterialGenerator {
       value: options.valid_days,
       label: "tls_generation.valid_days"
     });
-    const output_dir = path2.resolve(process.cwd(), options.output_dir);
+    const output_dir = path3.resolve(process.cwd(), options.output_dir);
     MakeDirRecursive({
       dir_path: output_dir
     });
@@ -2126,17 +2304,17 @@ var _TlsMaterialGenerator = class _TlsMaterialGenerator {
   }
   buildTlsFileMap(params) {
     return {
-      ca_key_path: path2.join(params.output_dir, "ca.key.pem"),
-      ca_cert_path: path2.join(params.output_dir, "ca.cert.pem"),
-      server_key_path: path2.join(params.output_dir, "server.key.pem"),
-      server_csr_path: path2.join(params.output_dir, "server.csr.pem"),
-      server_cert_path: path2.join(params.output_dir, "server.cert.pem"),
-      server_ext_path: path2.join(params.output_dir, "server.ext"),
-      client_key_path: path2.join(params.output_dir, "client.key.pem"),
-      client_csr_path: path2.join(params.output_dir, "client.csr.pem"),
-      client_cert_path: path2.join(params.output_dir, "client.cert.pem"),
-      client_ext_path: path2.join(params.output_dir, "client.ext"),
-      ca_serial_path: path2.join(params.output_dir, "ca.cert.srl")
+      ca_key_path: path3.join(params.output_dir, "ca.key.pem"),
+      ca_cert_path: path3.join(params.output_dir, "ca.cert.pem"),
+      server_key_path: path3.join(params.output_dir, "server.key.pem"),
+      server_csr_path: path3.join(params.output_dir, "server.csr.pem"),
+      server_cert_path: path3.join(params.output_dir, "server.cert.pem"),
+      server_ext_path: path3.join(params.output_dir, "server.ext"),
+      client_key_path: path3.join(params.output_dir, "client.key.pem"),
+      client_csr_path: path3.join(params.output_dir, "client.csr.pem"),
+      client_cert_path: path3.join(params.output_dir, "client.cert.pem"),
+      client_ext_path: path3.join(params.output_dir, "client.ext"),
+      ca_serial_path: path3.join(params.output_dir, "ca.cert.srl")
     };
   }
   assertTargetFilesAreWritable(params) {
@@ -2150,18 +2328,18 @@ var _TlsMaterialGenerator = class _TlsMaterialGenerator {
     ];
     if (!params.overwrite) {
       for (const target_path of target_paths) {
-        if (fs2.existsSync(target_path)) {
+        if (fs3.existsSync(target_path)) {
           throw new Error(`Refusing to overwrite existing file "${target_path}". Use --tls-overwrite to replace existing material.`);
         }
       }
       return;
     }
     for (const target_path of target_paths) {
-      fs2.rmSync(target_path, {
+      fs3.rmSync(target_path, {
         force: true
       });
     }
-    fs2.rmSync(params.tls_files.ca_serial_path, {
+    fs3.rmSync(params.tls_files.ca_serial_path, {
       force: true
     });
   }
@@ -2282,19 +2460,19 @@ var _TlsMaterialGenerator = class _TlsMaterialGenerator {
     });
   }
   cleanupIntermediateFiles(params) {
-    fs2.rmSync(params.tls_files.server_csr_path, {
+    fs3.rmSync(params.tls_files.server_csr_path, {
       force: true
     });
-    fs2.rmSync(params.tls_files.client_csr_path, {
+    fs3.rmSync(params.tls_files.client_csr_path, {
       force: true
     });
-    fs2.rmSync(params.tls_files.server_ext_path, {
+    fs3.rmSync(params.tls_files.server_ext_path, {
       force: true
     });
-    fs2.rmSync(params.tls_files.client_ext_path, {
+    fs3.rmSync(params.tls_files.client_ext_path, {
       force: true
     });
-    fs2.rmSync(params.tls_files.ca_serial_path, {
+    fs3.rmSync(params.tls_files.ca_serial_path, {
       force: true
     });
   }
@@ -2321,6 +2499,17 @@ async function StartDaemonFromCli() {
     daemon_cli.printHelp();
     return;
   }
+  if (cli_options.default_config_generation.enabled) {
+    const default_config_generator = new DefaultConfigGenerator();
+    const generated_default_config = default_config_generator.generateDefaultConfig({
+      default_config_generation_options: cli_options.default_config_generation
+    });
+    console.log("Default config generated successfully.");
+    console.log(`Output directory: ${generated_default_config.output_dir}`);
+    console.log(`Server config: ${generated_default_config.server_config_path}`);
+    console.log(`API keys config: ${generated_default_config.api_keys_config_path}`);
+    return;
+  }
   if (cli_options.tls_generation.enabled) {
     const tls_material_generator = new TlsMaterialGenerator();
     const generated_tls_material = tls_material_generator.generateTlsMaterial({
@@ -2359,6 +2548,7 @@ export {
   ConfigValidator,
   DaemonCli,
   DaemonProcess,
+  DefaultConfigGenerator,
   NetworkProcedureCallDaemon,
   TlsMaterialGenerator
 };