npm - @pengzi/kms - Versions diffs - 1.2.0 → 1.3.0 - Mend

@pengzi/kms 1.2.0 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

package/README.md +794 -20
package/dist/client.d.ts +16 -1
package/dist/client.d.ts.map +1 -1
package/dist/client.js +26 -0
package/dist/client.js.map +1 -1
package/dist/services/audit.service.d.ts +4 -0
package/dist/services/audit.service.d.ts.map +1 -1
package/dist/services/audit.service.js +16 -0
package/dist/services/audit.service.js.map +1 -1
package/dist/services/key.service.d.ts +14 -1
package/dist/services/key.service.d.ts.map +1 -1
package/dist/services/key.service.js +72 -13
package/dist/services/key.service.js.map +1 -1
package/dist/services/project.service.d.ts +14 -1
package/dist/services/project.service.d.ts.map +1 -1
package/dist/services/project.service.js +50 -0
package/dist/services/project.service.js.map +1 -1
package/dist/src/client.js +26 -0
package/dist/src/services/audit.service.js +16 -0
package/dist/src/services/key.service.js +72 -13
package/dist/src/services/project.service.js +50 -0
package/package.json +1 -1

package/dist/src/services/key.service.js CHANGED Viewed

@@ -5,9 +5,10 @@
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.KeyService = void 0;
-const key_model_1 = require("../models/key.model");
 const types_1 = require("../types");
+const key_model_1 = require("../models/key.model");
 const types_2 = require("../types");
+const types_3 = require("../types");
 const crypto_1 = require("../core/crypto");
 class KeyService {
     constructor(keyRepo, auditService, permissionService, cryptoService) {
@@ -27,16 +28,16 @@ class KeyService {
      */
     async createKey(projectId, userId, masterPassword, keyData) {
         // 验证权限
-        await this.permissionService.requirePermission(projectId, userId, types_2.Permission.KEY_CREATE);
+        await this.permissionService.requirePermission(projectId, userId, types_3.Permission.KEY_CREATE);
         // 验证密钥数据
         const validation = (0, key_model_1.validateKey)(keyData);
         if (!validation.valid) {
-            throw new types_1.ValidationError(validation.errors.join(', '));
+            throw new types_2.ValidationError(validation.errors.join(', '));
         }
         // 检查密钥名称是否已存在
         const existingKey = await this.keyRepo.findByProjectAndName(projectId, keyData.keyName);
         if (existingKey) {
-            throw new types_1.ValidationError('Key with this name already exists');
+            throw new types_2.ValidationError('Key with this name already exists');
         }
         // 加密密钥值
         const masterKeyHex = await this.getMasterKey(projectId, masterPassword);
@@ -54,19 +55,19 @@ class KeyService {
      */
     async getKey(projectId, userId, masterPassword, keyId) {
         // 验证权限
-        await this.permissionService.requirePermission(projectId, userId, types_2.Permission.KEY_READ);
+        await this.permissionService.requirePermission(projectId, userId, types_3.Permission.KEY_READ);
         // 获取密钥
         const key = await this.keyRepo.findByKeyId(keyId);
         if (!key) {
-            throw new types_1.KeyNotFoundError(keyId);
+            throw new types_2.KeyNotFoundError(keyId);
         }
         // 验证项目
         if (key.projectId !== projectId) {
-            throw new types_1.ValidationError('Key does not belong to this project');
+            throw new types_2.ValidationError('Key does not belong to this project');
         }
         // 检查密钥是否可访问
         if (!(0, key_model_1.isKeyAccessible)(key)) {
-            throw new types_1.ValidationError('Key is not accessible');
+            throw new types_2.ValidationError('Key is not accessible');
         }
         // 解密密钥值
         const masterKeyHex = await this.getMasterKey(projectId, masterPassword);
@@ -83,7 +84,7 @@ class KeyService {
      */
     async listKeys(projectId, userId, filters, options) {
         // 验证权限
-        await this.permissionService.requirePermission(projectId, userId, types_2.Permission.KEY_LIST);
+        await this.permissionService.requirePermission(projectId, userId, types_3.Permission.KEY_LIST);
         return await this.keyRepo.findByProjectId(projectId, filters, options);
     }
     /**
@@ -91,11 +92,11 @@ class KeyService {
      */
     async updateKey(projectId, userId, masterPassword, keyId, updates) {
         // 验证权限
-        await this.permissionService.requirePermission(projectId, userId, types_2.Permission.KEY_UPDATE);
+        await this.permissionService.requirePermission(projectId, userId, types_3.Permission.KEY_UPDATE);
         const key = await this.keyRepo.getByKeyId(keyId);
         // 验证项目
         if (key.projectId !== projectId) {
-            throw new types_1.ValidationError('Key does not belong to this project');
+            throw new types_2.ValidationError('Key does not belong to this project');
         }
         let newEncryptedData;
         // 如果更新密钥值，需要重新加密
@@ -113,16 +114,74 @@ class KeyService {
      */
     async deleteKey(projectId, userId, keyId) {
         // 验证权限
-        await this.permissionService.requirePermission(projectId, userId, types_2.Permission.KEY_DELETE);
+        await this.permissionService.requirePermission(projectId, userId, types_3.Permission.KEY_DELETE);
         const key = await this.keyRepo.getByKeyId(keyId);
         // 验证项目
         if (key.projectId !== projectId) {
-            throw new types_1.ValidationError('Key does not belong to this project');
+            throw new types_2.ValidationError('Key does not belong to this project');
         }
         await this.keyRepo.softDeleteKey(keyId);
         // 记录审计日志
         await this.auditService.logKeyDeleted(projectId, userId, keyId, key.keyName, true);
     }
+    /**
+     * 设置密钥（简化 API：自动创建或更新）
+     * 如果密钥已存在则更新，不存在则创建
+     */
+    async setKey(projectId, userId, masterPassword, keyName, value, options) {
+        // 验证权限
+        await this.permissionService.requirePermission(projectId, userId, types_3.Permission.KEY_CREATE);
+        // 检查密钥是否已存在
+        const existingKey = await this.keyRepo.findByProjectAndName(projectId, keyName);
+        if (existingKey) {
+            // 验证更新权限
+            await this.permissionService.requirePermission(projectId, userId, types_3.Permission.KEY_UPDATE);
+            let newEncryptedData;
+            const masterKeyHex = await this.getMasterKey(projectId, masterPassword);
+            const masterKey = (0, crypto_1.hexToBuffer)(masterKeyHex);
+            newEncryptedData = await this.cryptoService.encryptKey(value, masterKey);
+            const updatedKey = (0, key_model_1.updateKey)(existingKey, {
+                value,
+                tags: options?.tags,
+                description: options?.description,
+            }, newEncryptedData);
+            await this.keyRepo.updateKey(existingKey.keyId, updatedKey);
+            // 记录审计日志
+            await this.auditService.logKeyUpdated(projectId, userId, existingKey.keyId, keyName, true);
+            // 返回解密后的值
+            return (0, key_model_1.toKeyValue)(updatedKey, value);
+        }
+        // 创建新密钥
+        const keyData = {
+            keyName,
+            keyType: options?.keyType || types_1.KeyType.CUSTOM,
+            value,
+            tags: options?.tags,
+            description: options?.description,
+        };
+        const validation = (0, key_model_1.validateKey)(keyData);
+        if (!validation.valid) {
+            throw new types_2.ValidationError(validation.errors.join(', '));
+        }
+        const masterKeyHex = await this.getMasterKey(projectId, masterPassword);
+        const masterKey = (0, crypto_1.hexToBuffer)(masterKeyHex);
+        const encryptedData = await this.cryptoService.encryptKey(value, masterKey);
+        const key = (0, key_model_1.createKey)(projectId, keyData, encryptedData, userId);
+        await this.keyRepo.insertOne(key);
+        // 记录审计日志
+        await this.auditService.logKeyCreated(projectId, userId, key.keyId, key.keyName, key.keyType, true);
+        return (0, key_model_1.toKeyValue)(key, value);
+    }
+    /**
+     * 通过密钥名称获取密钥（简化 API）
+     */
+    async getKeyByName(projectId, userId, masterPassword, keyName) {
+        const key = await this.keyRepo.findByProjectAndName(projectId, keyName);
+        if (!key) {
+            throw new types_2.KeyNotFoundError(keyName);
+        }
+        return await this.getKey(projectId, userId, masterPassword, key.keyId);
+    }
     /**
      * 获取项目主密钥（需要从项目服务获取）
      */

package/dist/src/services/project.service.js CHANGED Viewed

@@ -98,5 +98,55 @@ class ProjectService {
         const masterKey = await this.cryptoService.unlockProjectMasterKey(masterPassword, project.salt, project.masterKeyHash);
         return masterKey.toString('hex');
     }
+    /**
+     * 获取或创建项目（简化 API 使用）
+     * 如果项目不存在，自动创建项目并生成默认 SDK 用户
+     */
+    async getOrCreateProject(projectName, masterPassword) {
+        // 查找现有项目
+        let project = await this.projectRepo.findByProjectName(projectName);
+        if (project) {
+            // 验证主密码是否正确
+            await this.unlockProjectMasterKey(project.projectId, masterPassword);
+            // 确保存在 SDK 默认用户
+            await this.ensureSdkUser(project.projectId, masterPassword);
+            return { project, isNew: false };
+        }
+        // 创建新项目，使用 SDK 默认用户作为创建者
+        project = await this.createProject({ projectName, masterPassword }, '__sdk_auto__');
+        return { project, isNew: true };
+    }
+    /**
+     * 确保项目存在 SDK 默认用户（用于简化 API 的权限绕过）
+     * 如果项目是通过 CLI 创建的，可能没有 __sdk_auto__ 用户，此时自动创建
+     */
+    async ensureSdkUser(projectId, masterPassword) {
+        // 尝试查找 SDK 默认用户
+        let user = await this.userRepo.findByProjectAndUsername(projectId, '__sdk_auto__');
+        if (user) {
+            return user;
+        }
+        // 不存在则自动创建（仅当主密码正确时）
+        // 先验证主密码
+        await this.unlockProjectMasterKey(projectId, masterPassword);
+        const sdkUser = (0, user_model_1.createUser)(projectId, {
+            username: '__sdk_auto__',
+            password: masterPassword,
+            roles: [types_1.Role.ADMIN],
+        }, await (0, bcrypt_1.hash)(masterPassword, 10));
+        await this.userRepo.insertOne(sdkUser);
+        await this.auditService.log({
+            projectId,
+            userId: '__sdk_auto__',
+            action: types_3.AuditAction.CREATE_USER,
+            resourceType: types_3.ResourceType.USER,
+            resourceId: sdkUser.userId,
+            details: {
+                success: true,
+                note: 'Auto-created SDK default user',
+            },
+        });
+        return sdkUser;
+    }
 }
 exports.ProjectService = ProjectService;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@pengzi/kms",
-  "version": "1.2.0",
+  "version": "1.3.0",
   "description": "High-security Key Management System for Node.js applications",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",