@opsimathically/nodenetproccalld 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/LICENSE.txt +1 -0
  2. package/README.md +199 -0
  3. package/config/api_keys.config.json5 +21 -0
  4. package/config/server.config.json5 +79 -0
  5. package/dist/index.d.mts +246 -0
  6. package/dist/index.d.ts +246 -0
  7. package/dist/index.js +2400 -0
  8. package/dist/index.js.map +1 -0
  9. package/dist/index.mjs +2365 -0
  10. package/dist/index.mjs.map +1 -0
  11. package/package.json +74 -0
package/dist/index.d.ts ADDED
@@ -0,0 +1,246 @@
1
+ import { privilege_name_t, networkprocedurecall_auth_callback_t, tls_min_version_t, networkprocedurecall_abuse_controls_t, networkprocedurecall_auth_success_t, networkprocedurecall_abuse_metrics_t } from '@opsimathically/networkprocedurecall';
2
+ import { workerprocedurecall_constructor_params_t, start_workers_params_t } from '@opsimathically/workerprocedurecall';
3
+
4
+ type daemon_tls_file_config_t = {
5
+ key_file: string;
6
+ cert_file: string;
7
+ ca_file: string;
8
+ crl_file?: string;
9
+ min_version?: tls_min_version_t;
10
+ cipher_suites?: string;
11
+ handshake_timeout_ms?: number;
12
+ request_timeout_ms?: number;
13
+ max_frame_bytes?: number;
14
+ };
15
+
16
+ type daemon_worker_config_t = {
17
+ count: number;
18
+ constructor_options?: workerprocedurecall_constructor_params_t;
19
+ start_options?: Omit<start_workers_params_t, 'count'>;
20
+ };
21
+
22
+ type daemon_observability_config_t = {
23
+ enable_console_log?: boolean;
24
+ log_worker_events?: boolean;
25
+ metrics_log_interval_ms?: number;
26
+ };
27
+
28
+ type daemon_server_config_file_t = {
29
+ information: {
30
+ server_name: string;
31
+ };
32
+ network: {
33
+ bind_addr: string;
34
+ tcp_listen_port: number;
35
+ };
36
+ tls_mtls: daemon_tls_file_config_t;
37
+ workerprocedurecall: daemon_worker_config_t;
38
+ abuse_controls?: networkprocedurecall_abuse_controls_t;
39
+ observability?: daemon_observability_config_t;
40
+ };
41
+
42
+ type daemon_api_key_identity_constraints_t = {
43
+ remote_address_regex?: string;
44
+ tls_peer_subject_regex?: string;
45
+ tls_peer_san_regex?: string;
46
+ tls_peer_fingerprint256_regex?: string;
47
+ tls_peer_serial_number_regex?: string;
48
+ };
49
+
50
+ type daemon_api_key_entry_t = {
51
+ key_id: string;
52
+ api_key: string;
53
+ privileges: privilege_name_t[];
54
+ enabled?: boolean;
55
+ identity_constraints?: daemon_api_key_identity_constraints_t;
56
+ };
57
+
58
+ type daemon_api_keys_config_file_t = {
59
+ api_keys: daemon_api_key_entry_t[];
60
+ };
61
+
62
+ type daemon_compiled_identity_constraints_t = {
63
+ remote_address_regex?: RegExp;
64
+ tls_peer_subject_regex?: RegExp;
65
+ tls_peer_san_regex?: RegExp;
66
+ tls_peer_fingerprint256_regex?: RegExp;
67
+ tls_peer_serial_number_regex?: RegExp;
68
+ };
69
+
70
+ type daemon_runtime_api_key_entry_t = Omit<
71
+ daemon_api_key_entry_t,
72
+ 'identity_constraints' | 'enabled'
73
+ > & {
74
+ enabled: boolean;
75
+ identity_constraints?: daemon_compiled_identity_constraints_t;
76
+ };
77
+
78
+ type daemon_resolved_tls_mtls_t = {
79
+ key_pem: string;
80
+ cert_pem: string;
81
+ ca_pem: string;
82
+ crl_pem?: string;
83
+ min_version?: tls_min_version_t;
84
+ cipher_suites?: string;
85
+ handshake_timeout_ms?: number;
86
+ request_timeout_ms?: number;
87
+ max_frame_bytes?: number;
88
+ };
89
+
90
+ type daemon_runtime_config_t = {
91
+ server_config: Omit<daemon_server_config_file_t, 'tls_mtls'> & {
92
+ tls_mtls: daemon_resolved_tls_mtls_t;
93
+ };
94
+ api_keys_config: {
95
+ api_keys: daemon_runtime_api_key_entry_t[];
96
+ };
97
+ };
98
+
99
+ type daemon_config_paths_t = {
100
+ server_config_path: string;
101
+ api_keys_config_path: string;
102
+ };
103
+
104
+ type daemon_tls_generation_options_t = {
105
+ enabled: boolean;
106
+ output_dir: string;
107
+ overwrite: boolean;
108
+ ca_common_name: string;
109
+ server_common_name: string;
110
+ client_common_name: string;
111
+ valid_days: number;
112
+ };
113
+
114
+ type daemon_generated_tls_material_t = {
115
+ output_dir: string;
116
+ ca_key_path: string;
117
+ ca_cert_path: string;
118
+ server_key_path: string;
119
+ server_cert_path: string;
120
+ client_key_path: string;
121
+ client_cert_path: string;
122
+ };
123
+
124
+ type daemon_cli_options_t = daemon_config_paths_t & {
125
+ help: boolean;
126
+ tls_generation: daemon_tls_generation_options_t;
127
+ };
128
+
129
+ type daemon_auth_callback_params_t = Parameters<networkprocedurecall_auth_callback_t>[0];
130
+
131
+ declare class ApiKeyAuthorizer {
132
+ private readonly api_key_entries;
133
+ constructor(params: {
134
+ api_key_entries: daemon_runtime_api_key_entry_t[];
135
+ });
136
+ authenticate(params: {
137
+ auth_callback_params: daemon_auth_callback_params_t;
138
+ }): Promise<'failed' | networkprocedurecall_auth_success_t>;
139
+ private matchesIdentityConstraints;
140
+ private matchOptionalValue;
141
+ }
142
+
143
+ declare class ConfigValidator {
144
+ validateServerConfig(params: {
145
+ server_config_raw: unknown;
146
+ }): daemon_server_config_file_t;
147
+ validateApiKeysConfig(params: {
148
+ api_keys_config_raw: unknown;
149
+ }): daemon_api_keys_config_file_t;
150
+ toRuntimeApiKeysConfig(params: {
151
+ api_keys_config: daemon_api_keys_config_file_t;
152
+ }): daemon_runtime_api_key_entry_t[];
153
+ private compileIdentityConstraints;
154
+ private assertUniqueApiKeys;
155
+ private assertUniqueKeyIds;
156
+ }
157
+
158
+ declare class ConfigFileLoader {
159
+ private readonly config_validator;
160
+ constructor(params?: {
161
+ config_validator?: ConfigValidator;
162
+ });
163
+ loadDaemonConfig(params: {
164
+ config_paths: daemon_config_paths_t;
165
+ }): daemon_runtime_config_t;
166
+ private readJson5File;
167
+ private resolveTlsMaterial;
168
+ private readPemFile;
169
+ }
170
+
171
+ declare class DaemonCli {
172
+ parseOptions(): daemon_cli_options_t;
173
+ printHelp(): void;
174
+ }
175
+
176
+ declare class DaemonProcess {
177
+ private readonly daemon;
178
+ private is_running;
179
+ private stop_in_progress;
180
+ private stop_resolve;
181
+ private readonly stop_waiter;
182
+ constructor(params: {
183
+ config_paths: daemon_config_paths_t;
184
+ });
185
+ run(): Promise<void>;
186
+ private attachProcessHandlers;
187
+ private detachProcessHandlers;
188
+ private readonly handleSignal;
189
+ private readonly handleUncaughtException;
190
+ private readonly handleUnhandledRejection;
191
+ private requestStop;
192
+ }
193
+
194
+ type daemon_lifecycle_state_t = 'stopped' | 'starting' | 'running' | 'stopping';
195
+ type daemon_runtime_snapshot_t = {
196
+ lifecycle_state: daemon_lifecycle_state_t;
197
+ server_name?: string;
198
+ bind_addr?: string;
199
+ tcp_listen_port?: number;
200
+ worker_health_states?: unknown;
201
+ abuse_metrics?: networkprocedurecall_abuse_metrics_t;
202
+ };
203
+ declare class NetworkProcedureCallDaemon {
204
+ private readonly config_paths;
205
+ private readonly config_file_loader;
206
+ private lifecycle_state;
207
+ private daemon_config;
208
+ private workerprocedurecall;
209
+ private networkprocedurecall;
210
+ private api_key_authorizer;
211
+ private worker_event_listener_id;
212
+ private metrics_log_interval_handle;
213
+ constructor(params: {
214
+ config_paths: daemon_config_paths_t;
215
+ config_file_loader?: ConfigFileLoader;
216
+ });
217
+ start(): Promise<void>;
218
+ stop(): Promise<void>;
219
+ getRuntimeSnapshot(): daemon_runtime_snapshot_t;
220
+ private createAuthCallback;
221
+ private buildServerStartParams;
222
+ private startMetricsLogging;
223
+ private clearMetricsLoggingInterval;
224
+ private stopBestEffort;
225
+ private requireDaemonConfig;
226
+ private requireApiKeyAuthorizer;
227
+ private logWorkerEvent;
228
+ private logMessage;
229
+ }
230
+
231
+ declare class TlsMaterialGenerator {
232
+ generateTlsMaterial(params: {
233
+ tls_generation_options: daemon_tls_generation_options_t;
234
+ }): daemon_generated_tls_material_t;
235
+ private assertOpenSslAvailable;
236
+ private buildTlsFileMap;
237
+ private assertTargetFilesAreWritable;
238
+ private generateCa;
239
+ private generateServerCertificate;
240
+ private generateClientCertificate;
241
+ private cleanupIntermediateFiles;
242
+ private runOpenSslCommand;
243
+ private getErrorMessage;
244
+ }
245
+
246
+ export { ApiKeyAuthorizer, ConfigFileLoader, ConfigValidator, DaemonCli, DaemonProcess, NetworkProcedureCallDaemon, TlsMaterialGenerator, type daemon_api_key_entry_t, type daemon_api_key_identity_constraints_t, type daemon_api_keys_config_file_t, type daemon_cli_options_t, type daemon_config_paths_t, type daemon_generated_tls_material_t, type daemon_observability_config_t, type daemon_runtime_api_key_entry_t, type daemon_runtime_config_t, type daemon_server_config_file_t, type daemon_tls_file_config_t, type daemon_tls_generation_options_t, type daemon_worker_config_t };