@platformatic/kafka 1.21.0 → 1.22.0-alpha.2

package/dist/apis/enumerations.d.ts

@@ -3,6 +3,7 @@ export declare const SASLMechanisms: {
     readonly SCRAM_SHA_256: "SCRAM-SHA-256";
     readonly SCRAM_SHA_512: "SCRAM-SHA-512";
     readonly OAUTHBEARER: "OAUTHBEARER";
+    readonly GSSAPI: "GSSAPI";
 };
 export declare const allowedSASLMechanisms: SASLMechanismValue[];
 export type SASLMechanism = keyof typeof SASLMechanisms;

package/dist/apis/enumerations.js

@@ -3,7 +3,8 @@ export const SASLMechanisms = {
     PLAIN: 'PLAIN',
     SCRAM_SHA_256: 'SCRAM-SHA-256',
     SCRAM_SHA_512: 'SCRAM-SHA-512',
-    OAUTHBEARER: 'OAUTHBEARER'
+    OAUTHBEARER: 'OAUTHBEARER',
+    GSSAPI: 'GSSAPI'
 };
 export const allowedSASLMechanisms = Object.values(SASLMechanisms);
 // Metadata API

package/dist/clients/base/options.d.ts

@@ -124,6 +124,9 @@ export declare const baseOptionsSchema: {
                 authBytesValidator: {
                     function: boolean;
                 };
+                authenticate: {
+                    function: boolean;
+                };
             };
             required: string[];
             additionalProperties: boolean;

package/dist/clients/base/options.js

@@ -41,7 +41,8 @@ export const baseOptionsSchema = {
                 username: { oneOf: [{ type: 'string' }, { function: true }] },
                 password: { oneOf: [{ type: 'string' }, { function: true }] },
                 token: { oneOf: [{ type: 'string' }, { function: true }] },
-                authBytesValidator: { function: true }
+                authBytesValidator: { function: true },
+                authenticate: { function: true }
             },
             required: ['mechanism'],
             additionalProperties: false

package/dist/network/connection.d.ts

@@ -4,18 +4,21 @@ import { type ConnectionOptions as TLSConnectionOptions } from 'node:tls';
 import { type CallbackWithPromise } from '../apis/callbacks.ts';
 import { type Callback, type ResponseParser } from '../apis/definitions.ts';
 import { type SASLMechanismValue } from '../apis/enumerations.ts';
+import { type SaslAuthenticateResponse, type SASLAuthenticationAPI } from '../apis/security/sasl-authenticate-v2.ts';
 import { Writer } from '../protocol/writer.ts';
 export type SASLCredentialProvider = () => string | Promise<string>;
 export interface Broker {
     host: string;
     port: number;
 }
+export type SASLCustomAuthenticator = (mechanism: SASLMechanismValue, connection: Connection, authenticate: SASLAuthenticationAPI, usernameProvider: string | SASLCredentialProvider | undefined, passwordProvider: string | SASLCredentialProvider | undefined, tokenProvider: string | SASLCredentialProvider | undefined, callback: CallbackWithPromise<SaslAuthenticateResponse>) => void;
 export interface SASLOptions {
     mechanism: SASLMechanismValue;
     username?: string | SASLCredentialProvider;
     password?: string | SASLCredentialProvider;
     token?: string | SASLCredentialProvider;
     authBytesValidator?: (authBytes: Buffer, callback: CallbackWithPromise<Buffer>) => void;
+    authenticate?: SASLCustomAuthenticator;
 }
 export interface ConnectionOptions {
     connectTimeout?: number;

package/dist/network/connection.js

@@ -69,10 +69,10 @@ export class Connection extends EventEmitter {
         notifyCreation('connection', this);
     }
     get host() {
-        return this.#status === ConnectionStatuses.CONNECTED ? this.#host : undefined;
+        return this.#status === ConnectionStatuses.CONNECTING || ConnectionStatuses.CONNECTED ? this.#host : undefined;
     }
     get port() {
-        return this.#status === ConnectionStatuses.CONNECTED ? this.#port : undefined;
+        return this.#status === ConnectionStatuses.CONNECTING || ConnectionStatuses.CONNECTED ? this.#port : undefined;
     }
     get instanceId() {
         return this.#instanceId;
@@ -257,7 +257,7 @@ export class Connection extends EventEmitter {
         if (this.#status === ConnectionStatuses.CONNECTING) {
             this.#status = ConnectionStatuses.AUTHENTICATING;
         }
-        const { mechanism, username, password, token } = this.#options.sasl;
+        const { mechanism, username, password, token, authenticate } = this.#options.sasl;
         if (!allowedSASLMechanisms.includes(mechanism)) {
             this.#onConnectionError(host, port, diagnosticContext, new UserError(`SASL mechanism ${mechanism} not supported.`));
             return;
@@ -269,12 +269,18 @@ export class Connection extends EventEmitter {
             }
             this.emit('sasl:handshake', response.mechanisms);
             const callback = this.#onSaslAuthenticate.bind(this, host, port, diagnosticContext);
-            if (mechanism === SASLMechanisms.PLAIN) {
+            if (authenticate) {
+                authenticate(mechanism, this, saslAuthenticateV2.api, username, password, token, callback);
+            }
+            else if (mechanism === SASLMechanisms.PLAIN) {
                 saslPlain.authenticate(saslAuthenticateV2.api, this, username, password, callback);
             }
             else if (mechanism === SASLMechanisms.OAUTHBEARER) {
                 saslOAuthBearer.authenticate(saslAuthenticateV2.api, this, token, callback);
             }
+            else if (mechanism === SASLMechanisms.GSSAPI) {
+                callback(new UserError('No custom SASL/GSSAPI authenticator provided.'), undefined);
+            }
             else {
                 saslScramSha.authenticate(saslAuthenticateV2.api, this, mechanism.substring(6), username, password, defaultCrypto, callback);
             }

package/dist/protocol/index.d.ts

@@ -11,5 +11,6 @@ export * from './records.ts';
 export * as saslOAuthBearer from './sasl/oauth-bearer.ts';
 export * as saslPlain from './sasl/plain.ts';
 export * as saslScramSha from './sasl/scram-sha.ts';
+export * as saslUtils from './sasl/utils.ts';
 export * from './varint.ts';
 export * from './writer.ts';

package/dist/protocol/index.js

@@ -11,5 +11,6 @@ export * from "./records.js";
 export * as saslOAuthBearer from "./sasl/oauth-bearer.js";
 export * as saslPlain from "./sasl/plain.js";
 export * as saslScramSha from "./sasl/scram-sha.js";
+export * as saslUtils from "./sasl/utils.js";
 export * from "./varint.js";
 export * from "./writer.js";

package/dist/protocol/sasl/oauth-bearer.js

@@ -1,6 +1,6 @@
 import { createPromisifiedCallback, kCallbackPromise } from "../../apis/callbacks.js";
 import { AuthenticationError } from "../../errors.js";
-import { getCredential } from "./credential-provider.js";
+import { getCredential } from "./utils.js";
 export function jwtValidateAuthenticationBytes(authBytes, callback) {
     let authData = {};
     try {
@@ -24,7 +24,8 @@ export function authenticate(authenticateAPI, connection, tokenOrProvider, callb
     }
     getCredential('SASL/OAUTHBEARER token', tokenOrProvider, (error, token) => {
         if (error) {
-            return callback(error, undefined);
+            callback(error, undefined);
+            return;
         }
         authenticateAPI(connection, Buffer.from(`n,,\x01auth=Bearer ${token}\x01\x01`), callback);
     });

package/dist/protocol/sasl/plain.js

@@ -1,16 +1,18 @@
 import { createPromisifiedCallback, kCallbackPromise } from "../../apis/callbacks.js";
-import { getCredential } from "./credential-provider.js";
+import { getCredential } from "./utils.js";
 export function authenticate(authenticateAPI, connection, usernameProvider, passwordProvider, callback) {
     if (!callback) {
         callback = createPromisifiedCallback();
     }
     getCredential('SASL/PLAIN username', usernameProvider, (error, username) => {
         if (error) {
-            return callback(error, undefined);
+            callback(error, undefined);
+            return;
         }
         getCredential('SASL/PLAIN password', passwordProvider, (error, password) => {
             if (error) {
-                return callback(error, undefined);
+                callback(error, undefined);
+                return;
             }
             authenticateAPI(connection, Buffer.from(['', username, password].join('\0')), callback);
         });

package/dist/protocol/sasl/scram-sha.d.ts

@@ -14,11 +14,13 @@ export interface ScramCryptoModule {
 }
 export declare const ScramAlgorithms: {
     readonly 'SHA-256': {
+        readonly id: "SHA-256";
         readonly keyLength: 32;
         readonly algorithm: "sha256";
         readonly minIterations: 4096;
     };
     readonly 'SHA-512': {
+        readonly id: "SHA-512";
         readonly keyLength: 64;
         readonly algorithm: "sha512";
         readonly minIterations: 4096;

package/dist/protocol/sasl/scram-sha.js

@@ -1,7 +1,7 @@
 import { createHash, createHmac, pbkdf2Sync, randomBytes } from 'node:crypto';
 import { createPromisifiedCallback, kCallbackPromise } from "../../apis/callbacks.js";
 import { AuthenticationError } from "../../errors.js";
-import { getCredential } from "./credential-provider.js";
+import { getCredential } from "./utils.js";
 const GS2_HEADER = 'n,,';
 const GS2_HEADER_BASE64 = Buffer.from(GS2_HEADER).toString('base64');
 const HMAC_CLIENT_KEY = 'Client Key';
@@ -9,11 +9,13 @@ const HMAC_SERVER_KEY = 'Server Key';
 const PARAMETERS_PARSER = /([^=]+)=(.+)/;
 export const ScramAlgorithms = {
     'SHA-256': {
+        id: 'SHA-256',
         keyLength: 32,
         algorithm: 'sha256',
         minIterations: 4096
     },
     'SHA-512': {
+        id: 'SHA-512',
         keyLength: 64,
         algorithm: 'sha512',
         minIterations: 4096
@@ -129,11 +131,13 @@ export function authenticate(authenticateAPI, connection, algorithm, usernamePro
     }
     getCredential(`SASL/SCRAM-${algorithm} username`, usernameProvider, (error, username) => {
         if (error) {
-            return callback(error, undefined);
+            callback(error, undefined);
+            return;
         }
         getCredential(`SASL/SCRAM-${algorithm} password`, passwordProvider, (error, password) => {
             if (error) {
-                return callback(error, undefined);
+                callback(error, undefined);
+                return;
             }
             performAuthentication(connection, algorithm, definition, authenticateAPI, crypto, username, password, callback);
         });

package/dist/protocol/sasl/utils.d.ts

@@ -0,0 +1,4 @@
+import { type CallbackWithPromise } from '../../apis/index.ts';
+import { type SASLCredentialProvider } from '../../network/connection.ts';
+export declare function getCredential(label: string, credentialOrProvider: string | SASLCredentialProvider, callback: CallbackWithPromise<string>): void;
+export declare function getCredential(label: string, credentialOrProvider: string | SASLCredentialProvider): Promise<string>;

package/dist/protocol/sasl/{credential-provider.js → utils.js}

@@ -1,28 +1,32 @@
+import { createPromisifiedCallback, kCallbackPromise } from "../../apis/index.js";
 import { AuthenticationError } from "../../errors.js";
 export function getCredential(label, credentialOrProvider, callback) {
+    if (!callback) {
+        callback = createPromisifiedCallback();
+    }
     if (typeof credentialOrProvider === 'string') {
         callback(null, credentialOrProvider);
-        return;
+        return callback[kCallbackPromise];
     }
     else if (typeof credentialOrProvider !== 'function') {
         callback(new AuthenticationError(`The ${label} should be a string or a function.`), undefined);
-        return;
+        return callback[kCallbackPromise];
     }
     try {
         const credential = credentialOrProvider();
         if (typeof credential === 'string') {
             callback(null, credential);
-            return;
+            return callback[kCallbackPromise];
         }
         else if (typeof credential?.then !== 'function') {
             callback(new AuthenticationError(`The ${label} provider should return a string or a promise that resolves to a string.`), undefined);
-            return;
+            return callback[kCallbackPromise];
         }
         credential
             .then(token => {
             if (typeof token !== 'string') {
                 process.nextTick(callback, new AuthenticationError(`The ${label} provider should resolve to a string.`), undefined);
-                return;
+                return callback[kCallbackPromise];
             }
             process.nextTick(callback, null, token);
         })
@@ -33,4 +37,5 @@ export function getCredential(label, credentialOrProvider, callback) {
     catch (error) {
         callback(new AuthenticationError(`The ${label} provider threw an error.`, { cause: error }), undefined);
     }
+    return callback[kCallbackPromise];
 }

package/dist/version.js

@@ -1,2 +1,2 @@
 export const name = "@platformatic/kafka";
-export const version = "1.21.0";
+export const version = "1.22.0-alpha.2";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@platformatic/kafka",
-  "version": "1.21.0",
+  "version": "1.22.0-alpha.2",
   "description": "Modern and performant client for Apache Kafka",
   "homepage": "https://github.com/platformatic/kafka",
   "author": "Platformatic Inc. <oss@platformatic.dev> (https://platformatic.dev)",
@@ -40,6 +40,7 @@
     "@confluentinc/kafka-javascript": "^1.5.0",
     "@platformatic/rdkafka": "^4.0.0",
     "@types/debug": "^4.1.12",
+    "@types/kerberos": "^1.1.5",
     "@types/node": "^22.18.5",
     "@types/semver": "^7.7.1",
     "@watchable/unpromise": "^1.0.2",
@@ -50,8 +51,9 @@
     "eslint": "^9.35.0",
     "fast-jwt": "^6.0.2",
     "hwp": "^0.4.1",
-    "kafkajs": "^2.2.4",
     "json5": "^2.2.3",
+    "kafkajs": "^2.2.4",
+    "kerberos": "^2.2.2",
     "neostandard": "^0.12.2",
     "parse5": "^7.3.0",
     "prettier": "^3.6.2",

package/dist/protocol/sasl/credential-provider.d.ts

@@ -1,3 +0,0 @@
-import { type Callback } from '../../apis/index.ts';
-import { type SASLCredentialProvider } from '../../network/connection.ts';
-export declare function getCredential(label: string, credentialOrProvider: string | SASLCredentialProvider, callback: Callback<string>): void;