@pengzi/kms 1.0.0

package/dist/services/permission.service.js

@@ -0,0 +1,140 @@
+"use strict";
+/**
+ * 权限服务
+ * 负责权限验证和访问控制
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PermissionService = void 0;
+const types_1 = require("../types");
+const constants_1 = require("../utils/constants");
+class PermissionService {
+    userRepo;
+    auditService;
+    constructor(userRepo, auditService) {
+        this.userRepo = userRepo;
+        this.auditService = auditService;
+    }
+    /**
+     * 检查用户是否拥有指定权限
+     */
+    async checkPermission(projectId, userId, requiredPermission) {
+        const user = await this.userRepo.findByProjectAndUsername(projectId, userId);
+        if (!user) {
+            return false;
+        }
+        if (user.status !== 'active') {
+            return false;
+        }
+        // 检查直接权限
+        if (user.permissions.includes(requiredPermission)) {
+            return true;
+        }
+        // 检查角色权限
+        for (const role of user.roles) {
+            const rolePermissions = constants_1.ROLE_PERMISSIONS[role];
+            if (rolePermissions?.includes(requiredPermission)) {
+                return true;
+            }
+        }
+        return false;
+    }
+    /**
+     * 要求用户必须拥有指定权限，否则抛出异常
+     */
+    async requirePermission(projectId, userId, requiredPermission) {
+        const hasPermission = await this.checkPermission(projectId, userId, requiredPermission);
+        if (!hasPermission) {
+            await this.auditService.log({
+                projectId,
+                userId,
+                action: types_1.AuditAction.PERMISSION_DENIED,
+                resourceType: types_1.ResourceType.KEY,
+                resourceId: requiredPermission,
+                details: {
+                    success: false,
+                    errorMessage: `User ${userId} does not have permission: ${requiredPermission}`,
+                },
+            });
+            throw new types_1.ForbiddenError(`User does not have required permission: ${requiredPermission}`);
+        }
+    }
+    /**
+     * 检查用户是否拥有指定角色
+     */
+    async hasRole(projectId, userId, role) {
+        const user = await this.userRepo.findByProjectAndUsername(projectId, userId);
+        if (!user) {
+            return false;
+        }
+        return user.roles.includes(role);
+    }
+    /**
+     * 授予角色
+     */
+    async grantRole(projectId, adminUserId, targetUserId, role) {
+        // 验证管理员权限
+        await this.requirePermission(projectId, adminUserId, types_1.Permission.USER_UPDATE);
+        const user = await this.userRepo.findByProjectAndUsername(projectId, targetUserId);
+        if (!user) {
+            throw new Error('User not found');
+        }
+        if (user.roles.includes(role)) {
+            return; // 已经拥有该角色
+        }
+        await this.userRepo.updateUser(user.userId, {
+            roles: [...user.roles, role],
+        });
+        await this.auditService.log({
+            projectId,
+            userId: adminUserId,
+            action: types_1.AuditAction.GRANT_ROLE,
+            resourceType: types_1.ResourceType.USER,
+            resourceId: user.userId,
+            details: {
+                success: true,
+            },
+        });
+    }
+    /**
+     * 撤销角色
+     */
+    async revokeRole(projectId, adminUserId, targetUserId, role) {
+        // 验证管理员权限
+        await this.requirePermission(projectId, adminUserId, types_1.Permission.USER_UPDATE);
+        const user = await this.userRepo.findByProjectAndUsername(projectId, targetUserId);
+        if (!user) {
+            throw new Error('User not found');
+        }
+        await this.userRepo.updateUser(user.userId, {
+            roles: user.roles.filter((r) => r !== role),
+        });
+        await this.auditService.log({
+            projectId,
+            userId: adminUserId,
+            action: types_1.AuditAction.REVOKE_ROLE,
+            resourceType: types_1.ResourceType.USER,
+            resourceId: user.userId,
+            details: {
+                success: true,
+            },
+        });
+    }
+    /**
+     * 获取用户的所有权限（包括角色权限）
+     */
+    async getUserPermissions(projectId, userId) {
+        const user = await this.userRepo.findByProjectAndUsername(projectId, userId);
+        if (!user) {
+            return [];
+        }
+        const permissions = new Set(user.permissions);
+        // 添加角色权限
+        for (const role of user.roles) {
+            const rolePermissions = constants_1.ROLE_PERMISSIONS[role] || [];
+            rolePermissions.forEach((p) => permissions.add(p));
+        }
+        return Array.from(permissions);
+    }
+}
+exports.PermissionService = PermissionService;
+//# sourceMappingURL=permission.service.js.map

package/dist/services/permission.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"permission.service.js","sourceRoot":"","sources":["../../src/services/permission.service.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAIH,oCAAuF;AACvF,kDAAsD;AAEtD,MAAa,iBAAiB;IAElB;IACA;IAFV,YACU,QAAwB,EACxB,YAA0B;QAD1B,aAAQ,GAAR,QAAQ,CAAgB;QACxB,iBAAY,GAAZ,YAAY,CAAc;IACjC,CAAC;IAEJ;;OAEG;IACH,KAAK,CAAC,eAAe,CACnB,SAAiB,EACjB,MAAc,EACd,kBAA8B;QAE9B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QAE7E,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC7B,OAAO,KAAK,CAAC;QACf,CAAC;QAED,SAAS;QACT,IAAI,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;YAClD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,SAAS;QACT,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9B,MAAM,eAAe,GAAG,4BAAgB,CAAC,IAAI,CAAC,CAAC;YAC/C,IAAI,eAAe,EAAE,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBAClD,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,iBAAiB,CACrB,SAAiB,EACjB,MAAc,EACd,kBAA8B;QAE9B,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,eAAe,CAC9C,SAAS,EACT,MAAM,EACN,kBAAkB,CACnB,CAAC;QAEF,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC;gBAC1B,SAAS;gBACT,MAAM;gBACN,MAAM,EAAE,mBAAW,CAAC,iBAAiB;gBACrC,YAAY,EAAE,oBAAY,CAAC,GAAG;gBAC9B,UAAU,EAAE,kBAAkB;gBAC9B,OAAO,EAAE;oBACP,OAAO,EAAE,KAAK;oBACd,YAAY,EAAE,QAAQ,MAAM,8BAA8B,kBAAkB,EAAE;iBAC/E;aACF,CAAC,CAAC;YAEH,MAAM,IAAI,sBAAc,CAAC,2CAA2C,kBAAkB,EAAE,CAAC,CAAC;QAC5F,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO,CAAC,SAAiB,EAAE,MAAc,EAAE,IAAU;QACzD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QAE7E,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IACnC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CACb,SAAiB,EACjB,WAAmB,EACnB,YAAoB,EACpB,IAAU;QAEV,UAAU;QACV,MAAM,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,WAAW,EAAE,kBAAU,CAAC,WAAW,CAAC,CAAC;QAE7E,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;QAEnF,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QACpC,CAAC;QAED,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,OAAO,CAAC,UAAU;QACpB,CAAC;QAED,MAAM,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,MAAO,EAAE;YAC3C,KAAK,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC;SAC7B,CAAC,CAAC;QAEH,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC;YAC1B,SAAS;YACT,MAAM,EAAE,WAAW;YACnB,MAAM,EAAE,mBAAW,CAAC,UAAU;YAC9B,YAAY,EAAE,oBAAY,CAAC,IAAI;YAC/B,UAAU,EAAE,IAAI,CAAC,MAAO;YACxB,OAAO,EAAE;gBACP,OAAO,EAAE,IAAI;aACd;SACF,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CACd,SAAiB,EACjB,WAAmB,EACnB,YAAoB,EACpB,IAAU;QAEV,UAAU;QACV,MAAM,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,WAAW,EAAE,kBAAU,CAAC,WAAW,CAAC,CAAC;QAE7E,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;QAEnF,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QACpC,CAAC;QAED,MAAM,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,MAAO,EAAE;YAC3C,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC;SAC5C,CAAC,CAAC;QAEH,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC;YAC1B,SAAS;YACT,MAAM,EAAE,WAAW;YACnB,MAAM,EAAE,mBAAW,CAAC,WAAW;YAC/B,YAAY,EAAE,oBAAY,CAAC,IAAI;YAC/B,UAAU,EAAE,IAAI,CAAC,MAAO;YACxB,OAAO,EAAE;gBACP,OAAO,EAAE,IAAI;aACd;SACF,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,kBAAkB,CAAC,SAAiB,EAAE,MAAc;QACxD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QAE7E,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,WAAW,GAAG,IAAI,GAAG,CAAa,IAAI,CAAC,WAAW,CAAC,CAAC;QAE1D,SAAS;QACT,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9B,MAAM,eAAe,GAAG,4BAAgB,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YACrD,eAAe,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACrD,CAAC;QAED,OAAO,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IACjC,CAAC;CACF;AAhLD,8CAgLC"}

package/dist/services/project.service.d.ts

@@ -0,0 +1,37 @@
+/**
+ * 项目服务
+ * 负责项目的业务逻辑
+ */
+import { ProjectRepository } from '../repositories/project.repository';
+import { UserRepository } from '../repositories/user.repository';
+import { AuditService } from './audit.service';
+import { CryptoService } from '../core/crypto.service';
+import { Project, CreateProjectOptions } from '../types';
+export declare class ProjectService {
+    private projectRepo;
+    private userRepo;
+    private auditService;
+    private cryptoService;
+    constructor(projectRepo: ProjectRepository, userRepo: UserRepository, auditService: AuditService, cryptoService: CryptoService);
+    /**
+     * 创建项目
+     */
+    createProject(options: CreateProjectOptions, userId: string): Promise<Project>;
+    /**
+     * 获取项目
+     */
+    getProject(projectId: string): Promise<Project>;
+    /**
+     * 列出所有项目
+     */
+    listProjects(): Promise<Project[]>;
+    /**
+     * 删除项目
+     */
+    deleteProject(projectId: string, userId: string): Promise<void>;
+    /**
+     * 解锁项目主密钥（使用主密码）
+     */
+    unlockProjectMasterKey(projectId: string, masterPassword: string): Promise<string>;
+}
+//# sourceMappingURL=project.service.d.ts.map

package/dist/services/project.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"project.service.d.ts","sourceRoot":"","sources":["../../src/services/project.service.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AACvE,OAAO,EAAE,cAAc,EAAE,MAAM,iCAAiC,CAAC;AACjE,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACvD,OAAO,EAAE,OAAO,EAAE,oBAAoB,EAAE,MAAM,UAAU,CAAC;AAOzD,qBAAa,cAAc;IAEvB,OAAO,CAAC,WAAW;IACnB,OAAO,CAAC,QAAQ;IAChB,OAAO,CAAC,YAAY;IACpB,OAAO,CAAC,aAAa;gBAHb,WAAW,EAAE,iBAAiB,EAC9B,QAAQ,EAAE,cAAc,EACxB,YAAY,EAAE,YAAY,EAC1B,aAAa,EAAE,aAAa;IAGtC;;OAEG;IACG,aAAa,CAAC,OAAO,EAAE,oBAAoB,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IA0CpF;;OAEG;IACG,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAUrD;;OAEG;IACG,YAAY,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;IAIxC;;OAEG;IACG,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAkBrE;;OAEG;IACG,sBAAsB,CAAC,SAAS,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;CAWzF"}

package/dist/services/project.service.js

@@ -0,0 +1,96 @@
+"use strict";
+/**
+ * 项目服务
+ * 负责项目的业务逻辑
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ProjectService = void 0;
+const project_model_1 = require("../models/project.model");
+const key_derivation_1 = require("../core/key-derivation");
+const types_1 = require("../types");
+const constants_1 = require("../utils/constants");
+const types_2 = require("../types");
+class ProjectService {
+    projectRepo;
+    userRepo;
+    auditService;
+    cryptoService;
+    constructor(projectRepo, userRepo, auditService, cryptoService) {
+        this.projectRepo = projectRepo;
+        this.userRepo = userRepo;
+        this.auditService = auditService;
+        this.cryptoService = cryptoService;
+    }
+    /**
+     * 创建项目
+     */
+    async createProject(options, userId) {
+        // 验证密码强度
+        const passwordValidation = (0, constants_1.validatePasswordStrength)(options.masterPassword);
+        if (!passwordValidation.valid) {
+            throw new types_1.ValidationError(passwordValidation.errors.join(', '));
+        }
+        // 验证项目名称唯一性
+        const existingProject = await this.projectRepo.findByProjectName(options.projectName);
+        if (existingProject) {
+            throw new types_1.ValidationError('Project name already exists');
+        }
+        // 派生主密钥
+        const salt = (0, key_derivation_1.generateSalt)();
+        const masterKey = await this.cryptoService.deriveMasterKey(options.masterPassword, salt);
+        const masterKeyHash = await this.cryptoService.hashMasterKey(masterKey);
+        // 加密主密钥（这里简化处理，实际应该使用系统主密钥加密）
+        // 为了安全，我们存储哈希用于验证，不存储加密的主密钥
+        // 使用时需要用户重新提供密码来派生主密钥
+        const project = (0, project_model_1.createProject)(options, '', // 加密后的主密钥（可选实现）
+        masterKeyHash, salt);
+        await this.projectRepo.insertOne(project);
+        // 记录审计日志
+        await this.auditService.logProjectCreated(project.projectId, userId, project.projectName, true);
+        return project;
+    }
+    /**
+     * 获取项目
+     */
+    async getProject(projectId) {
+        const project = await this.projectRepo.findByProjectId(projectId);
+        if (!project) {
+            throw new types_1.ProjectNotFoundError(projectId);
+        }
+        return project;
+    }
+    /**
+     * 列出所有项目
+     */
+    async listProjects() {
+        return await this.projectRepo.findProjects();
+    }
+    /**
+     * 删除项目
+     */
+    async deleteProject(projectId, userId) {
+        const project = await this.getProject(projectId);
+        await this.projectRepo.softDeleteProject(projectId);
+        await this.auditService.log({
+            projectId,
+            userId,
+            action: types_2.AuditAction.DELETE_PROJECT,
+            resourceType: types_2.ResourceType.PROJECT,
+            resourceId: projectId,
+            details: {
+                keyName: project.projectName,
+                success: true,
+            },
+        });
+    }
+    /**
+     * 解锁项目主密钥（使用主密码）
+     */
+    async unlockProjectMasterKey(projectId, masterPassword) {
+        const project = await this.getProject(projectId);
+        const masterKey = await this.cryptoService.unlockProjectMasterKey(masterPassword, project.salt, project.masterKeyHash);
+        return masterKey.toString('hex');
+    }
+}
+exports.ProjectService = ProjectService;
+//# sourceMappingURL=project.service.js.map

package/dist/services/project.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"project.service.js","sourceRoot":"","sources":["../../src/services/project.service.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAOH,2DAAyE;AACzE,2DAAsD;AACtD,oCAAiE;AACjE,kDAA8D;AAC9D,oCAAqD;AAErD,MAAa,cAAc;IAEf;IACA;IACA;IACA;IAJV,YACU,WAA8B,EAC9B,QAAwB,EACxB,YAA0B,EAC1B,aAA4B;QAH5B,gBAAW,GAAX,WAAW,CAAmB;QAC9B,aAAQ,GAAR,QAAQ,CAAgB;QACxB,iBAAY,GAAZ,YAAY,CAAc;QAC1B,kBAAa,GAAb,aAAa,CAAe;IACnC,CAAC;IAEJ;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,OAA6B,EAAE,MAAc;QAC/D,SAAS;QACT,MAAM,kBAAkB,GAAG,IAAA,oCAAwB,EAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QAC5E,IAAI,CAAC,kBAAkB,CAAC,KAAK,EAAE,CAAC;YAC9B,MAAM,IAAI,uBAAe,CAAC,kBAAkB,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QAClE,CAAC;QAED,YAAY;QACZ,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,iBAAiB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;QACtF,IAAI,eAAe,EAAE,CAAC;YACpB,MAAM,IAAI,uBAAe,CAAC,6BAA6B,CAAC,CAAC;QAC3D,CAAC;QAED,QAAQ;QACR,MAAM,IAAI,GAAG,IAAA,6BAAY,GAAE,CAAC;QAC5B,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,eAAe,CAAC,OAAO,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC;QACzF,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;QAExE,8BAA8B;QAC9B,4BAA4B;QAC5B,sBAAsB;QAEtB,MAAM,OAAO,GAAG,IAAA,6BAAa,EAC3B,OAAO,EACP,EAAE,EAAE,gBAAgB;QACpB,aAAa,EACb,IAAI,CACL,CAAC;QAEF,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,OAAc,CAAC,CAAC;QAEjD,SAAS;QACT,MAAM,IAAI,CAAC,YAAY,CAAC,iBAAiB,CACvC,OAAO,CAAC,SAAS,EACjB,MAAM,EACN,OAAO,CAAC,WAAW,EACnB,IAAI,CACL,CAAC;QAEF,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CAAC,SAAiB;QAChC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;QAElE,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,4BAAoB,CAAC,SAAS,CAAC,CAAC;QAC5C,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY;QAChB,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,EAAE,CAAC;IAC/C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,SAAiB,EAAE,MAAc;QACnD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QAEjD,MAAM,IAAI,CAAC,WAAW,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;QAEpD,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC;YAC1B,SAAS;YACT,MAAM;YACN,MAAM,EAAE,mBAAW,CAAC,cAAc;YAClC,YAAY,EAAE,oBAAY,CAAC,OAAO;YAClC,UAAU,EAAE,SAAS;YACrB,OAAO,EAAE;gBACP,OAAO,EAAE,OAAO,CAAC,WAAW;gBAC5B,OAAO,EAAE,IAAI;aACd;SACF,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,sBAAsB,CAAC,SAAiB,EAAE,cAAsB;QACpE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QAEjD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,sBAAsB,CAC/D,cAAc,EACd,OAAO,CAAC,IAAI,EACZ,OAAO,CAAC,aAAa,CACtB,CAAC;QAEF,OAAO,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,CAAC;CACF;AA5GD,wCA4GC"}

package/dist/types/audit.types.d.ts

@@ -0,0 +1,122 @@
+/**
+ * 审计日志相关类型定义
+ */
+/**
+ * 操作类型
+ */
+export declare enum AuditAction {
+    CREATE_PROJECT = "CREATE_PROJECT",
+    UPDATE_PROJECT = "UPDATE_PROJECT",
+    DELETE_PROJECT = "DELETE_PROJECT",
+    CREATE_KEY = "CREATE_KEY",
+    READ_KEY = "READ_KEY",
+    UPDATE_KEY = "UPDATE_KEY",
+    DELETE_KEY = "DELETE_KEY",
+    LIST_KEYS = "LIST_KEYS",
+    ROTATE_KEY = "ROTATE_KEY",
+    CREATE_USER = "CREATE_USER",
+    UPDATE_USER = "UPDATE_USER",
+    DELETE_USER = "DELETE_USER",
+    GRANT_ROLE = "GRANT_ROLE",
+    REVOKE_ROLE = "REVOKE_ROLE",
+    LOGIN = "LOGIN",
+    LOGOUT = "LOGOUT",
+    LOGIN_FAILED = "LOGIN_FAILED",
+    PERMISSION_DENIED = "PERMISSION_DENIED"
+}
+/**
+ * 资源类型
+ */
+export declare enum ResourceType {
+    PROJECT = "project",
+    KEY = "key",
+    USER = "user"
+}
+/**
+ * 日志严重级别
+ */
+export declare enum AuditSeverity {
+    INFO = "info",
+    WARNING = "warning",
+    ERROR = "error",
+    CRITICAL = "critical"
+}
+/**
+ * 审计日志数据结构
+ */
+export interface AuditLog {
+    /** MongoDB ObjectId */
+    _id?: string;
+    /** 项目ID */
+    projectId: string;
+    /** 操作用户ID */
+    userId?: string;
+    /** 操作类型 */
+    action: AuditAction;
+    /** 资源类型 */
+    resourceType: ResourceType;
+    /** 资源ID */
+    resourceId: string;
+    /** 操作详情 */
+    details: AuditDetails;
+    /** 时间戳 */
+    timestamp: Date;
+    /** 严重级别 */
+    severity: AuditSeverity;
+}
+/**
+ * 审计日志详情
+ */
+export interface AuditDetails {
+    /** 密钥名称 */
+    keyName?: string;
+    /** 密钥类型 */
+    keyType?: string;
+    /** IP地址 */
+    ipAddress?: string;
+    /** User Agent */
+    userAgent?: string;
+    /** 是否成功 */
+    success: boolean;
+    /** 错误信息 */
+    errorMessage?: string;
+    /** 额外信息 */
+    [key: string]: any;
+}
+/**
+ * 审计日志查询参数
+ */
+export interface AuditQuery {
+    /** 开始时间 */
+    startDate?: Date;
+    /** 结束时间 */
+    endDate?: Date;
+    /** 操作类型 */
+    action?: AuditAction;
+    /** 资源类型 */
+    resourceType?: ResourceType;
+    /** 用户ID */
+    userId?: string;
+    /** 严重级别 */
+    severity?: AuditSeverity;
+    /** 是否成功 */
+    success?: boolean;
+    /** 分页：页码 */
+    page?: number;
+    /** 分页：每页数量 */
+    limit?: number;
+}
+/**
+ * 审计日志查询结果
+ */
+export interface AuditQueryResult {
+    /** 日志列表 */
+    logs: AuditLog[];
+    /** 总数 */
+    total: number;
+    /** 当前页 */
+    page: number;
+    /** 每页数量 */
+    limit: number;
+}
+//# sourceMappingURL=audit.types.d.ts.map

package/dist/types/audit.types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.types.d.ts","sourceRoot":"","sources":["../../src/types/audit.types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;GAEG;AACH,oBAAY,WAAW;IAErB,cAAc,mBAAmB;IACjC,cAAc,mBAAmB;IACjC,cAAc,mBAAmB;IAGjC,UAAU,eAAe;IACzB,QAAQ,aAAa;IACrB,UAAU,eAAe;IACzB,UAAU,eAAe;IACzB,SAAS,cAAc;IACvB,UAAU,eAAe;IAGzB,WAAW,gBAAgB;IAC3B,WAAW,gBAAgB;IAC3B,WAAW,gBAAgB;IAC3B,UAAU,eAAe;IACzB,WAAW,gBAAgB;IAG3B,KAAK,UAAU;IACf,MAAM,WAAW;IACjB,YAAY,iBAAiB;IAG7B,iBAAiB,sBAAsB;CACxC;AAED;;GAEG;AACH,oBAAY,YAAY;IACtB,OAAO,YAAY;IACnB,GAAG,QAAQ;IACX,IAAI,SAAS;CACd;AAED;;GAEG;AACH,oBAAY,aAAa;IACvB,IAAI,SAAS;IACb,OAAO,YAAY;IACnB,KAAK,UAAU;IACf,QAAQ,aAAa;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,uBAAuB;IACvB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,WAAW;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW;IACX,MAAM,EAAE,WAAW,CAAC;IACpB,WAAW;IACX,YAAY,EAAE,YAAY,CAAC;IAC3B,WAAW;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW;IACX,OAAO,EAAE,YAAY,CAAC;IACtB,UAAU;IACV,SAAS,EAAE,IAAI,CAAC;IAChB,WAAW;IACX,QAAQ,EAAE,aAAa,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,WAAW;IACX,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW;IACX,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW;IACX,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iBAAiB;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW;IACX,OAAO,EAAE,OAAO,CAAC;IACjB,WAAW;IACX,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW;IACX,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,WAAW;IACX,SAAS,CAAC,EAAE,IAAI,CAAC;IACjB,WAAW;IACX,OAAO,CAAC,EAAE,IAAI,CAAC;IACf,WAAW;IACX,MAAM,CAAC,EAAE,WAAW,CAAC;IACrB,WAAW;IACX,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,WAAW;IACX,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW;IACX,QAAQ,CAAC,EAAE,aAAa,CAAC;IACzB,WAAW;IACX,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,YAAY;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,cAAc;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,WAAW;IACX,IAAI,EAAE,QAAQ,EAAE,CAAC;IACjB,SAAS;IACT,KAAK,EAAE,MAAM,CAAC;IACd,UAAU;IACV,IAAI,EAAE,MAAM,CAAC;IACb,WAAW;IACX,KAAK,EAAE,MAAM,CAAC;CACf"}

package/dist/types/audit.types.js

@@ -0,0 +1,55 @@
+"use strict";
+/**
+ * 审计日志相关类型定义
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuditSeverity = exports.ResourceType = exports.AuditAction = void 0;
+/**
+ * 操作类型
+ */
+var AuditAction;
+(function (AuditAction) {
+    // 项目操作
+    AuditAction["CREATE_PROJECT"] = "CREATE_PROJECT";
+    AuditAction["UPDATE_PROJECT"] = "UPDATE_PROJECT";
+    AuditAction["DELETE_PROJECT"] = "DELETE_PROJECT";
+    // 密钥操作
+    AuditAction["CREATE_KEY"] = "CREATE_KEY";
+    AuditAction["READ_KEY"] = "READ_KEY";
+    AuditAction["UPDATE_KEY"] = "UPDATE_KEY";
+    AuditAction["DELETE_KEY"] = "DELETE_KEY";
+    AuditAction["LIST_KEYS"] = "LIST_KEYS";
+    AuditAction["ROTATE_KEY"] = "ROTATE_KEY";
+    // 用户操作
+    AuditAction["CREATE_USER"] = "CREATE_USER";
+    AuditAction["UPDATE_USER"] = "UPDATE_USER";
+    AuditAction["DELETE_USER"] = "DELETE_USER";
+    AuditAction["GRANT_ROLE"] = "GRANT_ROLE";
+    AuditAction["REVOKE_ROLE"] = "REVOKE_ROLE";
+    // 认证操作
+    AuditAction["LOGIN"] = "LOGIN";
+    AuditAction["LOGOUT"] = "LOGOUT";
+    AuditAction["LOGIN_FAILED"] = "LOGIN_FAILED";
+    // 权限
+    AuditAction["PERMISSION_DENIED"] = "PERMISSION_DENIED";
+})(AuditAction || (exports.AuditAction = AuditAction = {}));
+/**
+ * 资源类型
+ */
+var ResourceType;
+(function (ResourceType) {
+    ResourceType["PROJECT"] = "project";
+    ResourceType["KEY"] = "key";
+    ResourceType["USER"] = "user";
+})(ResourceType || (exports.ResourceType = ResourceType = {}));
+/**
+ * 日志严重级别
+ */
+var AuditSeverity;
+(function (AuditSeverity) {
+    AuditSeverity["INFO"] = "info";
+    AuditSeverity["WARNING"] = "warning";
+    AuditSeverity["ERROR"] = "error";
+    AuditSeverity["CRITICAL"] = "critical";
+})(AuditSeverity || (exports.AuditSeverity = AuditSeverity = {}));
+//# sourceMappingURL=audit.types.js.map

package/dist/types/audit.types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.types.js","sourceRoot":"","sources":["../../src/types/audit.types.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAEH;;GAEG;AACH,IAAY,WA4BX;AA5BD,WAAY,WAAW;IACrB,OAAO;IACP,gDAAiC,CAAA;IACjC,gDAAiC,CAAA;IACjC,gDAAiC,CAAA;IAEjC,OAAO;IACP,wCAAyB,CAAA;IACzB,oCAAqB,CAAA;IACrB,wCAAyB,CAAA;IACzB,wCAAyB,CAAA;IACzB,sCAAuB,CAAA;IACvB,wCAAyB,CAAA;IAEzB,OAAO;IACP,0CAA2B,CAAA;IAC3B,0CAA2B,CAAA;IAC3B,0CAA2B,CAAA;IAC3B,wCAAyB,CAAA;IACzB,0CAA2B,CAAA;IAE3B,OAAO;IACP,8BAAe,CAAA;IACf,gCAAiB,CAAA;IACjB,4CAA6B,CAAA;IAE7B,KAAK;IACL,sDAAuC,CAAA;AACzC,CAAC,EA5BW,WAAW,2BAAX,WAAW,QA4BtB;AAED;;GAEG;AACH,IAAY,YAIX;AAJD,WAAY,YAAY;IACtB,mCAAmB,CAAA;IACnB,2BAAW,CAAA;IACX,6BAAa,CAAA;AACf,CAAC,EAJW,YAAY,4BAAZ,YAAY,QAIvB;AAED;;GAEG;AACH,IAAY,aAKX;AALD,WAAY,aAAa;IACvB,8BAAa,CAAA;IACb,oCAAmB,CAAA;IACnB,gCAAe,CAAA;IACf,sCAAqB,CAAA;AACvB,CAAC,EALW,aAAa,6BAAb,aAAa,QAKxB"}

package/dist/types/client.types.d.ts

@@ -0,0 +1,47 @@
+/**
+ * KMS 客户端类型定义
+ */
+/**
+ * KMS 客户端配置选项
+ */
+export interface KMSClientOptions {
+    /** MongoDB 连接字符串（明文） */
+    connectionString: string;
+    /** 数据库名称 */
+    databaseName: string;
+    /** 连接选项 */
+    connectionOptions?: {
+        connectTimeoutMS?: number;
+        socketTimeoutMS?: number;
+        serverSelectionTimeoutMS?: number;
+        maxPoolSize?: number;
+        minPoolSize?: number;
+    };
+}
+/**
+ * 加密的 KMS 客户端配置选项
+ * 用于安全地存储数据库连接字符串
+ */
+export interface EncryptedKMSClientOptions {
+    /** 加密的连接字符串（JSON 格式） */
+    encryptedConnectionString: string;
+    /** 数据库名称 */
+    databaseName: string;
+    /** 私钥（PEM 格式），默认从 KMS_PRIVATE_KEY 环境变量读取 */
+    privateKey?: string;
+    /** 私钥密码（如果私钥有密码保护），默认从 KMS_PRIVATE_KEY_PASSPHRASE 环境变量读取 */
+    privateKeyPassphrase?: string;
+    /** 连接选项 */
+    connectionOptions?: {
+        connectTimeoutMS?: number;
+        socketTimeoutMS?: number;
+        serverSelectionTimeoutMS?: number;
+        maxPoolSize?: number;
+        minPoolSize?: number;
+    };
+}
+/**
+ * 客户端配置（联合类型）
+ */
+export type ClientOptions = KMSClientOptions | EncryptedKMSClientOptions;
+//# sourceMappingURL=client.types.d.ts.map

package/dist/types/client.types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.types.d.ts","sourceRoot":"","sources":["../../src/types/client.types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,wBAAwB;IACxB,gBAAgB,EAAE,MAAM,CAAC;IACzB,YAAY;IACZ,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW;IACX,iBAAiB,CAAC,EAAE;QAClB,gBAAgB,CAAC,EAAE,MAAM,CAAC;QAC1B,eAAe,CAAC,EAAE,MAAM,CAAC;QACzB,wBAAwB,CAAC,EAAE,MAAM,CAAC;QAClC,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;CACH;AAED;;;GAGG;AACH,MAAM,WAAW,yBAAyB;IACxC,wBAAwB;IACxB,yBAAyB,EAAE,MAAM,CAAC;IAClC,YAAY;IACZ,YAAY,EAAE,MAAM,CAAC;IACrB,4CAA4C;IAC5C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,4DAA4D;IAC5D,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,WAAW;IACX,iBAAiB,CAAC,EAAE;QAClB,gBAAgB,CAAC,EAAE,MAAM,CAAC;QAC1B,eAAe,CAAC,EAAE,MAAM,CAAC;QACzB,wBAAwB,CAAC,EAAE,MAAM,CAAC;QAClC,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;CACH;AAED;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG,gBAAgB,GAAG,yBAAyB,CAAC"}

package/dist/types/client.types.js

@@ -0,0 +1,6 @@
+"use strict";
+/**
+ * KMS 客户端类型定义
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=client.types.js.map

package/dist/types/client.types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.types.js","sourceRoot":"","sources":["../../src/types/client.types.ts"],"names":[],"mappings":";AAAA;;GAEG"}

package/dist/types/crypto.types.d.ts

@@ -0,0 +1,48 @@
+/**
+ * 加密相关类型定义
+ */
+/**
+ * 加密后的数据结构
+ */
+export interface EncryptedData {
+    /** 加密后的数据（十六进制） */
+    encrypted: string;
+    /** 初始化向量（十六进制） */
+    iv: string;
+    /** 认证标签（十六进制） */
+    authTag: string;
+}
+/**
+ * 密钥派生配置
+ */
+export interface KeyDerivationConfig {
+    /** 迭代次数 */
+    iterations: number;
+    /** 密钥长度（字节） */
+    keyLength: number;
+    /** 盐值（十六进制） */
+    salt: string;
+}
+/**
+ * 加密配置
+ */
+export interface EncryptionConfig {
+    /** 加密算法 */
+    algorithm: string;
+    /** 密钥长度（字节） */
+    keyLength: number;
+    /** IV长度（字节） */
+    ivLength: number;
+}
+/**
+ * 项目主密钥信息
+ */
+export interface MasterKeyInfo {
+    /** 加密后的主密钥 */
+    encryptedMasterKey: string;
+    /** 主密钥哈希（用于验证） */
+    masterKeyHash: string;
+    /** 盐值 */
+    salt: string;
+}
+//# sourceMappingURL=crypto.types.d.ts.map

package/dist/types/crypto.types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.types.d.ts","sourceRoot":"","sources":["../../src/types/crypto.types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,mBAAmB;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB;IAClB,EAAE,EAAE,MAAM,CAAC;IACX,iBAAiB;IACjB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,WAAW;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe;IACf,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,WAAW;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe;IACf,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,cAAc;IACd,kBAAkB,EAAE,MAAM,CAAC;IAC3B,kBAAkB;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS;IACT,IAAI,EAAE,MAAM,CAAC;CACd"}

package/dist/types/crypto.types.js

@@ -0,0 +1,6 @@
+"use strict";
+/**
+ * 加密相关类型定义
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=crypto.types.js.map

package/dist/types/crypto.types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.types.js","sourceRoot":"","sources":["../../src/types/crypto.types.ts"],"names":[],"mappings":";AAAA;;GAEG"}