@platformatic/kafka 1.12.0 → 1.13.0

package/dist/clients/base/options.d.ts

@@ -117,6 +117,9 @@ export declare const baseOptionsSchema: {
                         type?: undefined;
                     })[];
                 };
+                authBytesValidator: {
+                    function: boolean;
+                };
             };
             required: string[];
             additionalProperties: boolean;

package/dist/clients/base/options.js

@@ -39,7 +39,8 @@ export const baseOptionsSchema = {
                 mechanism: { type: 'string', enum: SASLMechanisms },
                 username: { oneOf: [{ type: 'string' }, { function: true }] },
                 password: { oneOf: [{ type: 'string' }, { function: true }] },
-                token: { oneOf: [{ type: 'string' }, { function: true }] }
+                token: { oneOf: [{ type: 'string' }, { function: true }] },
+                authBytesValidator: { function: true }
             },
             required: ['mechanism'],
             additionalProperties: false

package/dist/clients/producer/types.d.ts

@@ -1,4 +1,4 @@
-import { type CompressionAlgorithms } from '../../protocol/compression.ts';
+import { type CompressionAlgorithmValue } from '../../protocol/compression.ts';
 import { type MessageToProduce } from '../../protocol/records.ts';
 import { type BaseOptions, type TopicWithPartitionAndOffset } from '../base/types.ts';
 import { type Serializers } from '../serde.ts';
@@ -16,7 +16,7 @@ export interface ProduceOptions<Key, Value, HeaderKey, HeaderValue> {
     producerEpoch?: number;
     idempotent?: boolean;
     acks?: number;
-    compression?: CompressionAlgorithms;
+    compression?: CompressionAlgorithmValue;
     partitioner?: Partitioner<Key, Value, HeaderKey, HeaderValue>;
     autocreateTopics?: boolean;
     repeatOnStaleMetadata?: boolean;

package/dist/network/connection.d.ts

@@ -15,6 +15,7 @@ export interface SASLOptions {
     username?: string | SASLCredentialProvider;
     password?: string | SASLCredentialProvider;
     token?: string | SASLCredentialProvider;
+    authBytesValidator?: (authBytes: Buffer, callback: CallbackWithPromise<Buffer>) => void;
 }
 export interface ConnectionOptions {
     connectTimeout?: number;

package/dist/network/connection.js

@@ -336,7 +336,19 @@ export class Connection extends EventEmitter {
             this.#onConnectionError(host, port, diagnosticContext, error);
             return;
         }
-        if (response.sessionLifetimeMs > 0) {
+        if (this.#options.sasl.authBytesValidator) {
+            this.#options.sasl.authBytesValidator(response.authBytes, this.#onSaslAuthenticationValidation.bind(this, host, port, diagnosticContext, response.sessionLifetimeMs));
+        }
+        else {
+            this.#onSaslAuthenticationValidation(host, port, diagnosticContext, response.sessionLifetimeMs, null, response.authBytes);
+        }
+    }
+    #onSaslAuthenticationValidation(host, port, diagnosticContext, sessionLifetimeMs, error, authBytes) {
+        if (error) {
+            this.#onConnectionError(host, port, diagnosticContext, error);
+            return;
+        }
+        if (sessionLifetimeMs > 0) {
             this.#reauthenticationTimeout = setTimeout(() => {
                 const diagnosticContext = createDiagnosticContext({
                     connection: this,
@@ -345,13 +357,13 @@ export class Connection extends EventEmitter {
                     port
                 });
                 this.#authenticate(host, port, diagnosticContext);
-            }, Number(response.sessionLifetimeMs) * 0.8);
+            }, Number(sessionLifetimeMs) * 0.8);
         }
         if (this.#status === ConnectionStatuses.CONNECTED) {
-            this.emit('sasl:authentication:extended', response.authBytes);
+            this.emit('sasl:authentication:extended', authBytes);
         }
         else {
-            this.emit('sasl:authentication', response.authBytes);
+            this.emit('sasl:authentication', authBytes);
             this.#onConnectionSucceed(diagnosticContext);
         }
     }

package/dist/protocol/compression.d.ts

@@ -1,12 +1,21 @@
 import { DynamicBuffer } from './dynamic-buffer.ts';
 export type SyncCompressionPhase = (data: Buffer | DynamicBuffer) => Buffer;
 export type CompressionOperation = (data: Buffer) => Buffer;
-export interface CompressionAlgorithm {
+export interface CompressionAlgorithmSpecification {
     compressSync: SyncCompressionPhase;
     decompressSync: SyncCompressionPhase;
     bitmask: number;
     available?: boolean;
 }
+export declare const CompressionAlgorithms: {
+    readonly NONE: "none";
+    readonly GZIP: "gzip";
+    readonly SNAPPY: "snappy";
+    readonly LZ4: "lz4";
+    readonly ZSTD: "zstd";
+};
+export type CompressionAlgorithm = keyof typeof CompressionAlgorithms;
+export type CompressionAlgorithmValue = (typeof CompressionAlgorithms)[keyof typeof CompressionAlgorithms];
 export declare const compressionsAlgorithms: {
     readonly none: {
         readonly compressSync: (data: Buffer | DynamicBuffer) => Buffer;
@@ -67,4 +76,3 @@ export declare const compressionsAlgorithmsByBitmask: {
         readonly available: boolean;
     };
 };
-export type CompressionAlgorithms = keyof typeof compressionsAlgorithms;

package/dist/protocol/compression.js

@@ -4,6 +4,13 @@ import { UnsupportedCompressionError } from "../errors.js";
 import { DynamicBuffer } from "./dynamic-buffer.js";
 const require = createRequire(import.meta.url);
 const { zstdCompressSync, zstdDecompressSync, gzipSync, gunzipSync } = zlib;
+export const CompressionAlgorithms = {
+    NONE: 'none',
+    GZIP: 'gzip',
+    SNAPPY: 'snappy',
+    LZ4: 'lz4',
+    ZSTD: 'zstd'
+};
 function ensureBuffer(data) {
     return DynamicBuffer.isDynamicBuffer(data) ? data.slice() : data;
 }

package/dist/protocol/records.d.ts

@@ -1,5 +1,5 @@
 import { type NumericMap } from '../utils.ts';
-import { type CompressionAlgorithms } from './compression.ts';
+import { type CompressionAlgorithmValue } from './compression.ts';
 import { type NullableString } from './definitions.ts';
 import { Reader } from './reader.ts';
 import { Writer } from './writer.ts';
@@ -28,7 +28,7 @@ export interface MessageRecord {
 }
 export interface CreateRecordsBatchOptions {
     transactionalId?: NullableString;
-    compression: CompressionAlgorithms;
+    compression: CompressionAlgorithmValue;
     firstSequence?: number;
     producerId: bigint;
     producerEpoch: number;

package/dist/protocol/records.js

@@ -140,6 +140,9 @@ export function readRecordsBatch(reader) {
             throw new UnsupportedCompressionError(`Unsupported compression algorithm with bitmask ${compression}`);
         }
         const buffer = algorithm.decompressSync(reader.buffer.slice(reader.position, reader.buffer.length));
+        // Move the original reader to the end
+        reader.skip(reader.buffer.length - reader.position);
+        // Replace the reader with the decompressed buffer
         reader = Reader.from(buffer);
     }
     for (let i = 0; i < recordsLength; i++) {

package/dist/protocol/sasl/oauth-bearer.d.ts

@@ -1,5 +1,6 @@
 import { type CallbackWithPromise } from '../../apis/callbacks.ts';
 import { type SASLAuthenticationAPI, type SaslAuthenticateResponse } from '../../apis/security/sasl-authenticate-v2.ts';
 import { type Connection, type SASLCredentialProvider } from '../../network/connection.ts';
+export declare function jwtValidateAuthenticationBytes(authBytes: Buffer, callback: CallbackWithPromise<Buffer>): void;
 export declare function authenticate(authenticateAPI: SASLAuthenticationAPI, connection: Connection, tokenOrProvider: string | SASLCredentialProvider, callback: CallbackWithPromise<SaslAuthenticateResponse>): void;
 export declare function authenticate(authenticateAPI: SASLAuthenticationAPI, connection: Connection, tokenOrProvider: string | SASLCredentialProvider): Promise<SaslAuthenticateResponse>;

package/dist/protocol/sasl/oauth-bearer.js

@@ -1,5 +1,20 @@
 import { createPromisifiedCallback, kCallbackPromise } from "../../apis/callbacks.js";
+import { AuthenticationError } from "../../errors.js";
 import { getCredential } from "./credential-provider.js";
+export function jwtValidateAuthenticationBytes(authBytes, callback) {
+    let authData;
+    try {
+        authData = authBytes.length > 0 ? JSON.parse(authBytes.toString('utf-8')) : {};
+    }
+    catch (e) {
+        callback(new AuthenticationError('Invalid authBytes in SASL/OAUTHBEARER response', { authBytes }), undefined);
+        return;
+    }
+    if (authData.status === 'invalid_token') {
+        callback(new AuthenticationError('Invalid SASL/OAUTHBEARER token.', { authData }), undefined);
+    }
+    callback(null, authBytes);
+}
 export function authenticate(authenticateAPI, connection, tokenOrProvider, callback) {
     if (!callback) {
         callback = createPromisifiedCallback();

package/dist/version.js

@@ -1,2 +1,2 @@
 export const name = "@platformatic/kafka";
-export const version = "1.12.0";
+export const version = "1.13.0";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@platformatic/kafka",
-  "version": "1.12.0",
+  "version": "1.13.0",
   "description": "Modern and performant client for Apache Kafka",
   "homepage": "https://github.com/platformatic/kafka",
   "author": "Platformatic Inc. <oss@platformatic.dev> (https://platformatic.dev)",