@prompd/cli 0.3.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +162 -0
- package/bin/prompd.js +23 -0
- package/dist/commands/cache.d.ts +3 -0
- package/dist/commands/cache.d.ts.map +1 -0
- package/dist/commands/cache.js +199 -0
- package/dist/commands/cache.js.map +1 -0
- package/dist/commands/compile.d.ts +9 -0
- package/dist/commands/compile.d.ts.map +1 -0
- package/dist/commands/compile.js +104 -0
- package/dist/commands/compile.js.map +1 -0
- package/dist/commands/config.d.ts +7 -0
- package/dist/commands/config.d.ts.map +1 -0
- package/dist/commands/config.js +212 -0
- package/dist/commands/config.js.map +1 -0
- package/dist/commands/create.d.ts +3 -0
- package/dist/commands/create.d.ts.map +1 -0
- package/dist/commands/create.js +183 -0
- package/dist/commands/create.js.map +1 -0
- package/dist/commands/deps.d.ts +3 -0
- package/dist/commands/deps.d.ts.map +1 -0
- package/dist/commands/deps.js +192 -0
- package/dist/commands/deps.js.map +1 -0
- package/dist/commands/explain.d.ts +3 -0
- package/dist/commands/explain.d.ts.map +1 -0
- package/dist/commands/explain.js +227 -0
- package/dist/commands/explain.js.map +1 -0
- package/dist/commands/git.d.ts +3 -0
- package/dist/commands/git.d.ts.map +1 -0
- package/dist/commands/git.js +306 -0
- package/dist/commands/git.js.map +1 -0
- package/dist/commands/init.d.ts +3 -0
- package/dist/commands/init.d.ts.map +1 -0
- package/dist/commands/init.js +177 -0
- package/dist/commands/init.js.map +1 -0
- package/dist/commands/list.d.ts +3 -0
- package/dist/commands/list.d.ts.map +1 -0
- package/dist/commands/list.js +126 -0
- package/dist/commands/list.js.map +1 -0
- package/dist/commands/mcp.d.ts +3 -0
- package/dist/commands/mcp.d.ts.map +1 -0
- package/dist/commands/mcp.js +326 -0
- package/dist/commands/mcp.js.map +1 -0
- package/dist/commands/namespace.d.ts +3 -0
- package/dist/commands/namespace.d.ts.map +1 -0
- package/dist/commands/namespace.js +113 -0
- package/dist/commands/namespace.js.map +1 -0
- package/dist/commands/package.d.ts +23 -0
- package/dist/commands/package.d.ts.map +1 -0
- package/dist/commands/package.js +746 -0
- package/dist/commands/package.js.map +1 -0
- package/dist/commands/provider.d.ts +3 -0
- package/dist/commands/provider.d.ts.map +1 -0
- package/dist/commands/provider.js +285 -0
- package/dist/commands/provider.js.map +1 -0
- package/dist/commands/registry.d.ts +9 -0
- package/dist/commands/registry.d.ts.map +1 -0
- package/dist/commands/registry.js +361 -0
- package/dist/commands/registry.js.map +1 -0
- package/dist/commands/run.d.ts +3 -0
- package/dist/commands/run.d.ts.map +1 -0
- package/dist/commands/run.js +157 -0
- package/dist/commands/run.js.map +1 -0
- package/dist/commands/show.d.ts +3 -0
- package/dist/commands/show.d.ts.map +1 -0
- package/dist/commands/show.js +90 -0
- package/dist/commands/show.js.map +1 -0
- package/dist/commands/uninstall.d.ts +3 -0
- package/dist/commands/uninstall.d.ts.map +1 -0
- package/dist/commands/uninstall.js +95 -0
- package/dist/commands/uninstall.js.map +1 -0
- package/dist/commands/validate.d.ts +3 -0
- package/dist/commands/validate.d.ts.map +1 -0
- package/dist/commands/validate.js +57 -0
- package/dist/commands/validate.js.map +1 -0
- package/dist/commands/version.d.ts +3 -0
- package/dist/commands/version.d.ts.map +1 -0
- package/dist/commands/version.js +166 -0
- package/dist/commands/version.js.map +1 -0
- package/dist/index.d.ts +5 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +388 -0
- package/dist/index.js.map +1 -0
- package/dist/lib/auth.d.ts +164 -0
- package/dist/lib/auth.d.ts.map +1 -0
- package/dist/lib/auth.js +388 -0
- package/dist/lib/auth.js.map +1 -0
- package/dist/lib/compiler/file-system.d.ts +178 -0
- package/dist/lib/compiler/file-system.d.ts.map +1 -0
- package/dist/lib/compiler/file-system.js +440 -0
- package/dist/lib/compiler/file-system.js.map +1 -0
- package/dist/lib/compiler/formatters/anthropic.d.ts +21 -0
- package/dist/lib/compiler/formatters/anthropic.d.ts.map +1 -0
- package/dist/lib/compiler/formatters/anthropic.js +95 -0
- package/dist/lib/compiler/formatters/anthropic.js.map +1 -0
- package/dist/lib/compiler/formatters/markdown.d.ts +17 -0
- package/dist/lib/compiler/formatters/markdown.d.ts.map +1 -0
- package/dist/lib/compiler/formatters/markdown.js +114 -0
- package/dist/lib/compiler/formatters/markdown.js.map +1 -0
- package/dist/lib/compiler/formatters/openai.d.ts +21 -0
- package/dist/lib/compiler/formatters/openai.d.ts.map +1 -0
- package/dist/lib/compiler/formatters/openai.js +98 -0
- package/dist/lib/compiler/formatters/openai.js.map +1 -0
- package/dist/lib/compiler/index.d.ts +56 -0
- package/dist/lib/compiler/index.d.ts.map +1 -0
- package/dist/lib/compiler/index.js +165 -0
- package/dist/lib/compiler/index.js.map +1 -0
- package/dist/lib/compiler/language-map.d.ts +31 -0
- package/dist/lib/compiler/language-map.d.ts.map +1 -0
- package/dist/lib/compiler/language-map.js +156 -0
- package/dist/lib/compiler/language-map.js.map +1 -0
- package/dist/lib/compiler/package-resolver.d.ts +68 -0
- package/dist/lib/compiler/package-resolver.d.ts.map +1 -0
- package/dist/lib/compiler/package-resolver.js +254 -0
- package/dist/lib/compiler/package-resolver.js.map +1 -0
- package/dist/lib/compiler/pipeline.d.ts +53 -0
- package/dist/lib/compiler/pipeline.d.ts.map +1 -0
- package/dist/lib/compiler/pipeline.js +209 -0
- package/dist/lib/compiler/pipeline.js.map +1 -0
- package/dist/lib/compiler/prompd-loader.d.ts +108 -0
- package/dist/lib/compiler/prompd-loader.d.ts.map +1 -0
- package/dist/lib/compiler/prompd-loader.js +270 -0
- package/dist/lib/compiler/prompd-loader.js.map +1 -0
- package/dist/lib/compiler/section-override.d.ts +40 -0
- package/dist/lib/compiler/section-override.d.ts.map +1 -0
- package/dist/lib/compiler/section-override.js +296 -0
- package/dist/lib/compiler/section-override.js.map +1 -0
- package/dist/lib/compiler/stages/assets.d.ts +71 -0
- package/dist/lib/compiler/stages/assets.d.ts.map +1 -0
- package/dist/lib/compiler/stages/assets.js +456 -0
- package/dist/lib/compiler/stages/assets.js.map +1 -0
- package/dist/lib/compiler/stages/codegen.d.ts +17 -0
- package/dist/lib/compiler/stages/codegen.d.ts.map +1 -0
- package/dist/lib/compiler/stages/codegen.js +64 -0
- package/dist/lib/compiler/stages/codegen.js.map +1 -0
- package/dist/lib/compiler/stages/dependency.d.ts +38 -0
- package/dist/lib/compiler/stages/dependency.d.ts.map +1 -0
- package/dist/lib/compiler/stages/dependency.js +307 -0
- package/dist/lib/compiler/stages/dependency.js.map +1 -0
- package/dist/lib/compiler/stages/lexical.d.ts +19 -0
- package/dist/lib/compiler/stages/lexical.d.ts.map +1 -0
- package/dist/lib/compiler/stages/lexical.js +92 -0
- package/dist/lib/compiler/stages/lexical.js.map +1 -0
- package/dist/lib/compiler/stages/semantic.d.ts +20 -0
- package/dist/lib/compiler/stages/semantic.d.ts.map +1 -0
- package/dist/lib/compiler/stages/semantic.js +166 -0
- package/dist/lib/compiler/stages/semantic.js.map +1 -0
- package/dist/lib/compiler/stages/template.d.ts +94 -0
- package/dist/lib/compiler/stages/template.d.ts.map +1 -0
- package/dist/lib/compiler/stages/template.js +1044 -0
- package/dist/lib/compiler/stages/template.js.map +1 -0
- package/dist/lib/compiler/types.d.ts +200 -0
- package/dist/lib/compiler/types.d.ts.map +1 -0
- package/dist/lib/compiler/types.js +137 -0
- package/dist/lib/compiler/types.js.map +1 -0
- package/dist/lib/config.d.ts +29 -0
- package/dist/lib/config.d.ts.map +1 -0
- package/dist/lib/config.js +375 -0
- package/dist/lib/config.js.map +1 -0
- package/dist/lib/errors.d.ts +19 -0
- package/dist/lib/errors.d.ts.map +1 -0
- package/dist/lib/errors.js +47 -0
- package/dist/lib/errors.js.map +1 -0
- package/dist/lib/executor.d.ts +18 -0
- package/dist/lib/executor.d.ts.map +1 -0
- package/dist/lib/executor.js +372 -0
- package/dist/lib/executor.js.map +1 -0
- package/dist/lib/git.d.ts +74 -0
- package/dist/lib/git.d.ts.map +1 -0
- package/dist/lib/git.js +254 -0
- package/dist/lib/git.js.map +1 -0
- package/dist/lib/index.d.ts +43 -0
- package/dist/lib/index.d.ts.map +1 -0
- package/dist/lib/index.js +108 -0
- package/dist/lib/index.js.map +1 -0
- package/dist/lib/mcp.d.ts +42 -0
- package/dist/lib/mcp.d.ts.map +1 -0
- package/dist/lib/mcp.js +477 -0
- package/dist/lib/mcp.js.map +1 -0
- package/dist/lib/model-updater.d.ts +51 -0
- package/dist/lib/model-updater.d.ts.map +1 -0
- package/dist/lib/model-updater.js +275 -0
- package/dist/lib/model-updater.js.map +1 -0
- package/dist/lib/parser.d.ts +9 -0
- package/dist/lib/parser.d.ts.map +1 -0
- package/dist/lib/parser.js +197 -0
- package/dist/lib/parser.js.map +1 -0
- package/dist/lib/registry.d.ts +183 -0
- package/dist/lib/registry.d.ts.map +1 -0
- package/dist/lib/registry.js +786 -0
- package/dist/lib/registry.js.map +1 -0
- package/dist/lib/rpc-server.d.ts +78 -0
- package/dist/lib/rpc-server.d.ts.map +1 -0
- package/dist/lib/rpc-server.js +404 -0
- package/dist/lib/rpc-server.js.map +1 -0
- package/dist/lib/security.d.ts +120 -0
- package/dist/lib/security.d.ts.map +1 -0
- package/dist/lib/security.js +478 -0
- package/dist/lib/security.js.map +1 -0
- package/dist/lib/validation.d.ts +106 -0
- package/dist/lib/validation.d.ts.map +1 -0
- package/dist/lib/validation.js +398 -0
- package/dist/lib/validation.js.map +1 -0
- package/dist/lib/version.d.ts +29 -0
- package/dist/lib/version.d.ts.map +1 -0
- package/dist/lib/version.js +202 -0
- package/dist/lib/version.js.map +1 -0
- package/dist/lib/workflow-engine.d.ts +161 -0
- package/dist/lib/workflow-engine.d.ts.map +1 -0
- package/dist/lib/workflow-engine.js +422 -0
- package/dist/lib/workflow-engine.js.map +1 -0
- package/dist/lib/workflow.d.ts +102 -0
- package/dist/lib/workflow.d.ts.map +1 -0
- package/dist/lib/workflow.js +228 -0
- package/dist/lib/workflow.js.map +1 -0
- package/dist/server.d.ts +8 -0
- package/dist/server.d.ts.map +1 -0
- package/dist/server.js +134 -0
- package/dist/server.js.map +1 -0
- package/dist/types/index.d.ts +116 -0
- package/dist/types/index.d.ts.map +1 -0
- package/dist/types/index.js +144 -0
- package/dist/types/index.js.map +1 -0
- package/package.json +104 -0
package/dist/lib/auth.js
ADDED
|
@@ -0,0 +1,388 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* OAuth 2.0 Authentication System for Prompd Workflows
|
|
4
|
+
* Enterprise-grade authentication with security best practices
|
|
5
|
+
*/
|
|
6
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
7
|
+
if (k2 === undefined) k2 = k;
|
|
8
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
9
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
10
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
11
|
+
}
|
|
12
|
+
Object.defineProperty(o, k2, desc);
|
|
13
|
+
}) : (function(o, m, k, k2) {
|
|
14
|
+
if (k2 === undefined) k2 = k;
|
|
15
|
+
o[k2] = m[k];
|
|
16
|
+
}));
|
|
17
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
18
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
19
|
+
}) : function(o, v) {
|
|
20
|
+
o["default"] = v;
|
|
21
|
+
});
|
|
22
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
23
|
+
var ownKeys = function(o) {
|
|
24
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
25
|
+
var ar = [];
|
|
26
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
27
|
+
return ar;
|
|
28
|
+
};
|
|
29
|
+
return ownKeys(o);
|
|
30
|
+
};
|
|
31
|
+
return function (mod) {
|
|
32
|
+
if (mod && mod.__esModule) return mod;
|
|
33
|
+
var result = {};
|
|
34
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
35
|
+
__setModuleDefault(result, mod);
|
|
36
|
+
return result;
|
|
37
|
+
};
|
|
38
|
+
})();
|
|
39
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
40
|
+
exports.createDefaultAuthConfig = exports.AuthMiddleware = exports.AuthManager = void 0;
|
|
41
|
+
const crypto = __importStar(require("crypto"));
|
|
42
|
+
const jwt = __importStar(require("jsonwebtoken"));
|
|
43
|
+
const bcrypt = __importStar(require("bcrypt"));
|
|
44
|
+
const events_1 = require("events");
|
|
45
|
+
/**
|
|
46
|
+
* Core authentication manager
|
|
47
|
+
*/
|
|
48
|
+
class AuthManager extends events_1.EventEmitter {
|
|
49
|
+
constructor(config) {
|
|
50
|
+
super();
|
|
51
|
+
this.sessions = new Map();
|
|
52
|
+
this.users = new Map();
|
|
53
|
+
this.workflowPermissions = new Map();
|
|
54
|
+
this.oauthStates = new Map();
|
|
55
|
+
this.config = config;
|
|
56
|
+
this.setupSessionCleanup();
|
|
57
|
+
}
|
|
58
|
+
/**
|
|
59
|
+
* Generate OAuth 2.0 authorization URL with PKCE
|
|
60
|
+
*/
|
|
61
|
+
generateAuthUrl(userId) {
|
|
62
|
+
// Generate PKCE parameters
|
|
63
|
+
const codeVerifier = this.generateCodeVerifier();
|
|
64
|
+
const codeChallenge = this.generateCodeChallenge(codeVerifier);
|
|
65
|
+
const state = this.generateSecureToken();
|
|
66
|
+
// Store state for validation
|
|
67
|
+
this.oauthStates.set(state, {
|
|
68
|
+
state,
|
|
69
|
+
codeVerifier,
|
|
70
|
+
createdAt: new Date()
|
|
71
|
+
});
|
|
72
|
+
// Build authorization URL
|
|
73
|
+
const params = new URLSearchParams({
|
|
74
|
+
response_type: 'code',
|
|
75
|
+
client_id: this.config.oauth.clientId,
|
|
76
|
+
redirect_uri: this.config.oauth.redirectUri,
|
|
77
|
+
scope: this.config.oauth.scopes.join(' '),
|
|
78
|
+
state,
|
|
79
|
+
code_challenge: codeChallenge,
|
|
80
|
+
code_challenge_method: 'S256'
|
|
81
|
+
});
|
|
82
|
+
const authUrl = `${this.config.oauth.authorizationUrl}?${params.toString()}`;
|
|
83
|
+
this.emit('authUrlGenerated', { authUrl, state, userId });
|
|
84
|
+
return { authUrl, state, codeVerifier };
|
|
85
|
+
}
|
|
86
|
+
/**
|
|
87
|
+
* Exchange OAuth code for tokens
|
|
88
|
+
*/
|
|
89
|
+
async exchangeCodeForTokens(code, state) {
|
|
90
|
+
// Validate state
|
|
91
|
+
const stateData = this.oauthStates.get(state);
|
|
92
|
+
if (!stateData) {
|
|
93
|
+
throw new Error('Invalid or expired OAuth state');
|
|
94
|
+
}
|
|
95
|
+
// Check state expiration (10 minutes)
|
|
96
|
+
const stateAge = Date.now() - stateData.createdAt.getTime();
|
|
97
|
+
if (stateAge > 10 * 60 * 1000) {
|
|
98
|
+
this.oauthStates.delete(state);
|
|
99
|
+
throw new Error('OAuth state expired');
|
|
100
|
+
}
|
|
101
|
+
try {
|
|
102
|
+
// Exchange code for tokens
|
|
103
|
+
const tokenResponse = await this.requestTokens(code, stateData.codeVerifier);
|
|
104
|
+
// Clean up state
|
|
105
|
+
this.oauthStates.delete(state);
|
|
106
|
+
this.emit('tokensExchanged', { code, state });
|
|
107
|
+
return tokenResponse;
|
|
108
|
+
}
|
|
109
|
+
catch (error) {
|
|
110
|
+
this.emit('tokenExchangeFailed', { code, state, error });
|
|
111
|
+
throw error;
|
|
112
|
+
}
|
|
113
|
+
}
|
|
114
|
+
/**
|
|
115
|
+
* Create authenticated session
|
|
116
|
+
*/
|
|
117
|
+
async createSession(user, metadata = {}) {
|
|
118
|
+
const sessionId = this.generateSecureToken();
|
|
119
|
+
const now = new Date();
|
|
120
|
+
const expiresAt = new Date(now.getTime() + this.config.sessionConfig.maxAge);
|
|
121
|
+
const session = {
|
|
122
|
+
sessionId,
|
|
123
|
+
userId: user.id,
|
|
124
|
+
createdAt: now,
|
|
125
|
+
expiresAt,
|
|
126
|
+
lastAccessAt: now,
|
|
127
|
+
metadata
|
|
128
|
+
};
|
|
129
|
+
this.sessions.set(sessionId, session);
|
|
130
|
+
this.emit('sessionCreated', { sessionId, userId: user.id });
|
|
131
|
+
return session;
|
|
132
|
+
}
|
|
133
|
+
/**
|
|
134
|
+
* Validate and refresh session
|
|
135
|
+
*/
|
|
136
|
+
async validateSession(sessionId) {
|
|
137
|
+
const session = this.sessions.get(sessionId);
|
|
138
|
+
if (!session) {
|
|
139
|
+
return null;
|
|
140
|
+
}
|
|
141
|
+
// Check expiration
|
|
142
|
+
if (new Date() > session.expiresAt) {
|
|
143
|
+
this.sessions.delete(sessionId);
|
|
144
|
+
this.emit('sessionExpired', { sessionId, userId: session.userId });
|
|
145
|
+
return null;
|
|
146
|
+
}
|
|
147
|
+
// Update last access
|
|
148
|
+
session.lastAccessAt = new Date();
|
|
149
|
+
this.emit('sessionAccessed', { sessionId, userId: session.userId });
|
|
150
|
+
return session;
|
|
151
|
+
}
|
|
152
|
+
/**
|
|
153
|
+
* Generate JWT token for API access
|
|
154
|
+
*/
|
|
155
|
+
generateJWT(user, permissions = []) {
|
|
156
|
+
const payload = {
|
|
157
|
+
sub: user.id,
|
|
158
|
+
email: user.email,
|
|
159
|
+
name: user.name,
|
|
160
|
+
roles: user.roles,
|
|
161
|
+
permissions: [...user.permissions, ...permissions],
|
|
162
|
+
iat: Math.floor(Date.now() / 1000)
|
|
163
|
+
};
|
|
164
|
+
return jwt.sign(payload, this.config.jwtSecret, {
|
|
165
|
+
expiresIn: this.config.jwtExpiresIn || '24h',
|
|
166
|
+
issuer: 'prompd-workflow-engine',
|
|
167
|
+
audience: 'prompd-api'
|
|
168
|
+
});
|
|
169
|
+
}
|
|
170
|
+
/**
|
|
171
|
+
* Verify JWT token
|
|
172
|
+
*/
|
|
173
|
+
verifyJWT(token) {
|
|
174
|
+
try {
|
|
175
|
+
return jwt.verify(token, this.config.jwtSecret, {
|
|
176
|
+
issuer: 'prompd-workflow-engine',
|
|
177
|
+
audience: 'prompd-api'
|
|
178
|
+
});
|
|
179
|
+
}
|
|
180
|
+
catch (error) {
|
|
181
|
+
this.emit('jwtVerificationFailed', { token: token.substring(0, 10), error });
|
|
182
|
+
throw new Error('Invalid or expired token');
|
|
183
|
+
}
|
|
184
|
+
}
|
|
185
|
+
/**
|
|
186
|
+
* Check workflow permissions
|
|
187
|
+
*/
|
|
188
|
+
async checkWorkflowPermission(userId, workflowId, permission) {
|
|
189
|
+
const workflowPerms = this.workflowPermissions.get(workflowId) || [];
|
|
190
|
+
const userPerms = workflowPerms.find(p => p.userId === userId);
|
|
191
|
+
if (!userPerms) {
|
|
192
|
+
return false;
|
|
193
|
+
}
|
|
194
|
+
// Admin permission includes all others
|
|
195
|
+
if (userPerms.permissions.includes('admin')) {
|
|
196
|
+
return true;
|
|
197
|
+
}
|
|
198
|
+
return userPerms.permissions.includes(permission);
|
|
199
|
+
}
|
|
200
|
+
/**
|
|
201
|
+
* Grant workflow permissions
|
|
202
|
+
*/
|
|
203
|
+
async grantWorkflowPermission(workflowId, userId, permissions, grantedBy) {
|
|
204
|
+
const existing = this.workflowPermissions.get(workflowId) || [];
|
|
205
|
+
const existingIndex = existing.findIndex(p => p.userId === userId);
|
|
206
|
+
const permission = {
|
|
207
|
+
workflowId,
|
|
208
|
+
userId,
|
|
209
|
+
permissions,
|
|
210
|
+
grantedAt: new Date(),
|
|
211
|
+
grantedBy
|
|
212
|
+
};
|
|
213
|
+
if (existingIndex >= 0) {
|
|
214
|
+
existing[existingIndex] = permission;
|
|
215
|
+
}
|
|
216
|
+
else {
|
|
217
|
+
existing.push(permission);
|
|
218
|
+
}
|
|
219
|
+
this.workflowPermissions.set(workflowId, existing);
|
|
220
|
+
this.emit('workflowPermissionGranted', { workflowId, userId, permissions, grantedBy });
|
|
221
|
+
}
|
|
222
|
+
/**
|
|
223
|
+
* Revoke workflow permissions
|
|
224
|
+
*/
|
|
225
|
+
async revokeWorkflowPermission(workflowId, userId, revokedBy) {
|
|
226
|
+
const existing = this.workflowPermissions.get(workflowId) || [];
|
|
227
|
+
const filtered = existing.filter(p => p.userId !== userId);
|
|
228
|
+
this.workflowPermissions.set(workflowId, filtered);
|
|
229
|
+
this.emit('workflowPermissionRevoked', { workflowId, userId, revokedBy });
|
|
230
|
+
}
|
|
231
|
+
/**
|
|
232
|
+
* Create or update user
|
|
233
|
+
*/
|
|
234
|
+
async createUser(userData) {
|
|
235
|
+
const user = {
|
|
236
|
+
id: this.generateSecureToken(),
|
|
237
|
+
...userData,
|
|
238
|
+
createdAt: new Date()
|
|
239
|
+
};
|
|
240
|
+
this.users.set(user.id, user);
|
|
241
|
+
this.emit('userCreated', { userId: user.id, email: user.email });
|
|
242
|
+
return user;
|
|
243
|
+
}
|
|
244
|
+
/**
|
|
245
|
+
* Get user by ID
|
|
246
|
+
*/
|
|
247
|
+
async getUser(userId) {
|
|
248
|
+
return this.users.get(userId) || null;
|
|
249
|
+
}
|
|
250
|
+
/**
|
|
251
|
+
* Hash password securely
|
|
252
|
+
*/
|
|
253
|
+
async hashPassword(password) {
|
|
254
|
+
return await bcrypt.hash(password, this.config.bcryptRounds);
|
|
255
|
+
}
|
|
256
|
+
/**
|
|
257
|
+
* Verify password
|
|
258
|
+
*/
|
|
259
|
+
async verifyPassword(password, hash) {
|
|
260
|
+
return await bcrypt.compare(password, hash);
|
|
261
|
+
}
|
|
262
|
+
/**
|
|
263
|
+
* Destroy session
|
|
264
|
+
*/
|
|
265
|
+
async destroySession(sessionId) {
|
|
266
|
+
const session = this.sessions.get(sessionId);
|
|
267
|
+
this.sessions.delete(sessionId);
|
|
268
|
+
if (session) {
|
|
269
|
+
this.emit('sessionDestroyed', { sessionId, userId: session.userId });
|
|
270
|
+
}
|
|
271
|
+
}
|
|
272
|
+
async requestTokens(code, codeVerifier) {
|
|
273
|
+
const params = new URLSearchParams({
|
|
274
|
+
grant_type: 'authorization_code',
|
|
275
|
+
code,
|
|
276
|
+
redirect_uri: this.config.oauth.redirectUri,
|
|
277
|
+
client_id: this.config.oauth.clientId,
|
|
278
|
+
client_secret: this.config.oauth.clientSecret,
|
|
279
|
+
code_verifier: codeVerifier
|
|
280
|
+
});
|
|
281
|
+
// In a real implementation, this would make an HTTP request
|
|
282
|
+
// For now, return a mock token
|
|
283
|
+
return {
|
|
284
|
+
accessToken: this.generateSecureToken(),
|
|
285
|
+
refreshToken: this.generateSecureToken(),
|
|
286
|
+
tokenType: 'Bearer',
|
|
287
|
+
expiresIn: 3600,
|
|
288
|
+
scope: this.config.oauth.scopes.join(' '),
|
|
289
|
+
issuedAt: new Date()
|
|
290
|
+
};
|
|
291
|
+
}
|
|
292
|
+
generateCodeVerifier() {
|
|
293
|
+
return crypto.randomBytes(32).toString('base64url');
|
|
294
|
+
}
|
|
295
|
+
generateCodeChallenge(verifier) {
|
|
296
|
+
return crypto.createHash('sha256').update(verifier).digest('base64url');
|
|
297
|
+
}
|
|
298
|
+
generateSecureToken() {
|
|
299
|
+
return crypto.randomBytes(32).toString('hex');
|
|
300
|
+
}
|
|
301
|
+
setupSessionCleanup() {
|
|
302
|
+
// Clean up expired sessions every 5 minutes
|
|
303
|
+
setInterval(() => {
|
|
304
|
+
const now = new Date();
|
|
305
|
+
for (const [sessionId, session] of this.sessions.entries()) {
|
|
306
|
+
if (now > session.expiresAt) {
|
|
307
|
+
this.sessions.delete(sessionId);
|
|
308
|
+
this.emit('sessionExpired', { sessionId, userId: session.userId });
|
|
309
|
+
}
|
|
310
|
+
}
|
|
311
|
+
// Clean up expired OAuth states (older than 10 minutes)
|
|
312
|
+
for (const [state, stateData] of this.oauthStates.entries()) {
|
|
313
|
+
const stateAge = now.getTime() - stateData.createdAt.getTime();
|
|
314
|
+
if (stateAge > 10 * 60 * 1000) {
|
|
315
|
+
this.oauthStates.delete(state);
|
|
316
|
+
}
|
|
317
|
+
}
|
|
318
|
+
}, 5 * 60 * 1000);
|
|
319
|
+
}
|
|
320
|
+
}
|
|
321
|
+
exports.AuthManager = AuthManager;
|
|
322
|
+
/**
|
|
323
|
+
* Authentication middleware for workflow execution
|
|
324
|
+
*/
|
|
325
|
+
class AuthMiddleware {
|
|
326
|
+
constructor(authManager) {
|
|
327
|
+
this.authManager = authManager;
|
|
328
|
+
}
|
|
329
|
+
/**
|
|
330
|
+
* Middleware for session-based authentication
|
|
331
|
+
*/
|
|
332
|
+
async authenticateSession(sessionId) {
|
|
333
|
+
const session = await this.authManager.validateSession(sessionId);
|
|
334
|
+
if (!session) {
|
|
335
|
+
return null;
|
|
336
|
+
}
|
|
337
|
+
return await this.authManager.getUser(session.userId);
|
|
338
|
+
}
|
|
339
|
+
/**
|
|
340
|
+
* Middleware for JWT-based authentication
|
|
341
|
+
*/
|
|
342
|
+
async authenticateJWT(token) {
|
|
343
|
+
try {
|
|
344
|
+
const payload = this.authManager.verifyJWT(token);
|
|
345
|
+
return await this.authManager.getUser(payload.sub);
|
|
346
|
+
}
|
|
347
|
+
catch {
|
|
348
|
+
return null;
|
|
349
|
+
}
|
|
350
|
+
}
|
|
351
|
+
/**
|
|
352
|
+
* Authorize workflow execution
|
|
353
|
+
*/
|
|
354
|
+
async authorizeWorkflowExecution(userId, workflowId) {
|
|
355
|
+
return await this.authManager.checkWorkflowPermission(userId, workflowId, 'execute');
|
|
356
|
+
}
|
|
357
|
+
/**
|
|
358
|
+
* Authorize workflow modification
|
|
359
|
+
*/
|
|
360
|
+
async authorizeWorkflowModification(userId, workflowId) {
|
|
361
|
+
return await this.authManager.checkWorkflowPermission(userId, workflowId, 'modify');
|
|
362
|
+
}
|
|
363
|
+
}
|
|
364
|
+
exports.AuthMiddleware = AuthMiddleware;
|
|
365
|
+
/**
|
|
366
|
+
* Default authentication configuration
|
|
367
|
+
*/
|
|
368
|
+
const createDefaultAuthConfig = () => ({
|
|
369
|
+
jwtSecret: '',
|
|
370
|
+
jwtExpiresIn: '24h',
|
|
371
|
+
bcryptRounds: 12,
|
|
372
|
+
oauth: {
|
|
373
|
+
clientId: '',
|
|
374
|
+
clientSecret: '',
|
|
375
|
+
redirectUri: '',
|
|
376
|
+
scopes: ['openid', 'profile', 'email'],
|
|
377
|
+
authorizationUrl: '',
|
|
378
|
+
tokenUrl: ''
|
|
379
|
+
},
|
|
380
|
+
sessionConfig: {
|
|
381
|
+
maxAge: 24 * 60 * 60 * 1000, // 24 hours
|
|
382
|
+
secure: process.env.NODE_ENV === 'production',
|
|
383
|
+
httpOnly: true,
|
|
384
|
+
sameSite: 'strict'
|
|
385
|
+
}
|
|
386
|
+
});
|
|
387
|
+
exports.createDefaultAuthConfig = createDefaultAuthConfig;
|
|
388
|
+
//# sourceMappingURL=auth.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/lib/auth.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,+CAAiC;AACjC,kDAAoC;AACpC,+CAAiC;AACjC,mCAAsC;AA8DtC;;GAEG;AACH,MAAa,WAAY,SAAQ,qBAAY;IAO3C,YAAY,MAAkB;QAC5B,KAAK,EAAE,CAAC;QANF,aAAQ,GAA6B,IAAI,GAAG,EAAE,CAAC;QAC/C,UAAK,GAAsB,IAAI,GAAG,EAAE,CAAC;QACrC,wBAAmB,GAAsC,IAAI,GAAG,EAAE,CAAC;QACnE,gBAAW,GAA0E,IAAI,GAAG,EAAE,CAAC;QAIrG,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,mBAAmB,EAAE,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,MAAe;QAC7B,2BAA2B;QAC3B,MAAM,YAAY,GAAG,IAAI,CAAC,oBAAoB,EAAE,CAAC;QACjD,MAAM,aAAa,GAAG,IAAI,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC;QAC/D,MAAM,KAAK,GAAG,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAEzC,6BAA6B;QAC7B,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,KAAK,EAAE;YAC1B,KAAK;YACL,YAAY;YACZ,SAAS,EAAE,IAAI,IAAI,EAAE;SACtB,CAAC,CAAC;QAEH,0BAA0B;QAC1B,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,aAAa,EAAE,MAAM;YACrB,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ;YACrC,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW;YAC3C,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;YACzC,KAAK;YACL,cAAc,EAAE,aAAa;YAC7B,qBAAqB,EAAE,MAAM;SAC9B,CAAC,CAAC;QAEH,MAAM,OAAO,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,gBAAgB,IAAI,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;QAE7E,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;QAE1D,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC;IAC1C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,qBAAqB,CAAC,IAAY,EAAE,KAAa;QACrD,iBAAiB;QACjB,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAC9C,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;QACpD,CAAC;QAED,sCAAsC;QACtC,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;QAC5D,IAAI,QAAQ,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;YAC9B,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;QACzC,CAAC;QAED,IAAI,CAAC;YACH,2BAA2B;YAC3B,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,SAAS,CAAC,YAAY,CAAC,CAAC;YAE7E,iBAAiB;YACjB,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAE/B,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;YAE9C,OAAO,aAAa,CAAC;QACvB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,IAAI,CAAC,qBAAqB,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;YACzD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,IAAU,EAAE,WAAoC,EAAE;QACpE,MAAM,SAAS,GAAG,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAC7C,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;QAE7E,MAAM,OAAO,GAAgB;YAC3B,SAAS;YACT,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,SAAS,EAAE,GAAG;YACd,SAAS;YACT,YAAY,EAAE,GAAG;YACjB,QAAQ;SACT,CAAC;QAEF,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QACtC,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;QAE5D,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CAAC,SAAiB;QACrC,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC7C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,IAAI,CAAC;QACd,CAAC;QAED,mBAAmB;QACnB,IAAI,IAAI,IAAI,EAAE,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;YACnC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAChC,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;YACnE,OAAO,IAAI,CAAC;QACd,CAAC;QAED,qBAAqB;QACrB,OAAO,CAAC,YAAY,GAAG,IAAI,IAAI,EAAE,CAAC;QAClC,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QAEpE,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,IAAU,EAAE,cAAwB,EAAE;QAChD,MAAM,OAAO,GAAG;YACd,GAAG,EAAE,IAAI,CAAC,EAAE;YACZ,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,WAAW,EAAE,CAAC,GAAG,IAAI,CAAC,WAAW,EAAE,GAAG,WAAW,CAAC;YAClD,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;SACnC,CAAC;QAEF,OAAO,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE;YAC9C,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,KAAK;YAC5C,MAAM,EAAE,wBAAwB;YAChC,QAAQ,EAAE,YAAY;SACJ,CAAC,CAAC;IACxB,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,KAAa;QACrB,IAAI,CAAC;YACH,OAAO,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE;gBAC9C,MAAM,EAAE,wBAAwB;gBAChC,QAAQ,EAAE,YAAY;aACvB,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,IAAI,CAAC,uBAAuB,EAAE,EAAE,KAAK,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;YAC7E,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,uBAAuB,CAC3B,MAAc,EACd,UAAkB,EAClB,UAAmD;QAEnD,MAAM,aAAa,GAAG,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;QACrE,MAAM,SAAS,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC;QAE/D,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO,KAAK,CAAC;QACf,CAAC;QAED,uCAAuC;QACvC,IAAI,SAAS,CAAC,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5C,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,SAAS,CAAC,WAAW,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IACpD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,uBAAuB,CAC3B,UAAkB,EAClB,MAAc,EACd,WAAwD,EACxD,SAAiB;QAEjB,MAAM,QAAQ,GAAG,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;QAChE,MAAM,aAAa,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC;QAEnE,MAAM,UAAU,GAAuB;YACrC,UAAU;YACV,MAAM;YACN,WAAW;YACX,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,SAAS;SACV,CAAC;QAEF,IAAI,aAAa,IAAI,CAAC,EAAE,CAAC;YACvB,QAAQ,CAAC,aAAa,CAAC,GAAG,UAAU,CAAC;QACvC,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC5B,CAAC;QAED,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QACnD,IAAI,CAAC,IAAI,CAAC,2BAA2B,EAAE,EAAE,UAAU,EAAE,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,CAAC,CAAC;IACzF,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,wBAAwB,CAAC,UAAkB,EAAE,MAAc,EAAE,SAAiB;QAClF,MAAM,QAAQ,GAAG,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;QAChE,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC;QAE3D,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QACnD,IAAI,CAAC,IAAI,CAAC,2BAA2B,EAAE,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;IAC5E,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CAAC,QAAwC;QACvD,MAAM,IAAI,GAAS;YACjB,EAAE,EAAE,IAAI,CAAC,mBAAmB,EAAE;YAC9B,GAAG,QAAQ;YACX,SAAS,EAAE,IAAI,IAAI,EAAE;SACtB,CAAC;QAEF,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;QAC9B,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;QAEjE,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO,CAAC,MAAc;QAC1B,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC;IACxC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,QAAgB;QACjC,OAAO,MAAM,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IAC/D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,QAAgB,EAAE,IAAY;QACjD,OAAO,MAAM,MAAM,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IAC9C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,SAAiB;QACpC,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC7C,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAEhC,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QACvE,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,aAAa,CAAC,IAAY,EAAE,YAAoB;QAC5D,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,UAAU,EAAE,oBAAoB;YAChC,IAAI;YACJ,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW;YAC3C,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ;YACrC,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,YAAY;YAC7C,aAAa,EAAE,YAAY;SAC5B,CAAC,CAAC;QAEH,4DAA4D;QAC5D,+BAA+B;QAC/B,OAAO;YACL,WAAW,EAAE,IAAI,CAAC,mBAAmB,EAAE;YACvC,YAAY,EAAE,IAAI,CAAC,mBAAmB,EAAE;YACxC,SAAS,EAAE,QAAQ;YACnB,SAAS,EAAE,IAAI;YACf,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;YACzC,QAAQ,EAAE,IAAI,IAAI,EAAE;SACrB,CAAC;IACJ,CAAC;IAEO,oBAAoB;QAC1B,OAAO,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACtD,CAAC;IAEO,qBAAqB,CAAC,QAAgB;QAC5C,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IAC1E,CAAC;IAEO,mBAAmB;QACzB,OAAO,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAChD,CAAC;IAEO,mBAAmB;QACzB,4CAA4C;QAC5C,WAAW,CAAC,GAAG,EAAE;YACf,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,KAAK,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,EAAE,CAAC;gBAC3D,IAAI,GAAG,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;oBAC5B,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;oBAChC,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;gBACrE,CAAC;YACH,CAAC;YAED,wDAAwD;YACxD,KAAK,MAAM,CAAC,KAAK,EAAE,SAAS,CAAC,IAAI,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,EAAE,CAAC;gBAC5D,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,EAAE,GAAG,SAAS,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;gBAC/D,IAAI,QAAQ,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;oBAC9B,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBACjC,CAAC;YACH,CAAC;QACH,CAAC,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IACpB,CAAC;CACF;AAxUD,kCAwUC;AAED;;GAEG;AACH,MAAa,cAAc;IACzB,YAAoB,WAAwB;QAAxB,gBAAW,GAAX,WAAW,CAAa;IAAG,CAAC;IAEhD;;OAEG;IACH,KAAK,CAAC,mBAAmB,CAAC,SAAiB;QACzC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;QAClE,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACxD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CAAC,KAAa;QACjC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;YAClD,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACrD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,0BAA0B,CAC9B,MAAc,EACd,UAAkB;QAElB,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,uBAAuB,CAAC,MAAM,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC;IACvF,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,6BAA6B,CACjC,MAAc,EACd,UAAkB;QAElB,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,uBAAuB,CAAC,MAAM,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC;IACtF,CAAC;CACF;AA9CD,wCA8CC;AAED;;GAEG;AACI,MAAM,uBAAuB,GAAG,GAAe,EAAE,CAAC,CAAC;IACxD,SAAS,EAAE,EAAE;IACb,YAAY,EAAE,KAAK;IACnB,YAAY,EAAE,EAAE;IAChB,KAAK,EAAE;QACL,QAAQ,EAAE,EAAE;QACZ,YAAY,EAAE,EAAE;QAChB,WAAW,EAAE,EAAE;QACf,MAAM,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC;QACtC,gBAAgB,EAAE,EAAE;QACpB,QAAQ,EAAE,EAAE;KACb;IACD,aAAa,EAAE;QACb,MAAM,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,WAAW;QACxC,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY;QAC7C,QAAQ,EAAE,IAAI;QACd,QAAQ,EAAE,QAAQ;KACnB;CACF,CAAC,CAAC;AAlBU,QAAA,uBAAuB,2BAkBjC"}
|
|
@@ -0,0 +1,178 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* File System Abstraction
|
|
3
|
+
*
|
|
4
|
+
* Provides an abstraction layer for file system operations in the compiler.
|
|
5
|
+
* This allows the compiler to work with in-memory file systems (for server-side
|
|
6
|
+
* compilation) or the actual file system (for CLI usage).
|
|
7
|
+
*/
|
|
8
|
+
/**
|
|
9
|
+
* File system interface that can be implemented for different storage backends.
|
|
10
|
+
*/
|
|
11
|
+
export interface IFileSystem {
|
|
12
|
+
/**
|
|
13
|
+
* Check if a file or directory exists.
|
|
14
|
+
*/
|
|
15
|
+
exists(filePath: string): boolean | Promise<boolean>;
|
|
16
|
+
/**
|
|
17
|
+
* Read a file's contents as a UTF-8 string.
|
|
18
|
+
*/
|
|
19
|
+
readFile(filePath: string): string | Promise<string>;
|
|
20
|
+
/**
|
|
21
|
+
* Check if a path is a directory.
|
|
22
|
+
*/
|
|
23
|
+
isDirectory(filePath: string): boolean | Promise<boolean>;
|
|
24
|
+
/**
|
|
25
|
+
* List files in a directory.
|
|
26
|
+
*/
|
|
27
|
+
readdir(dirPath: string): string[] | Promise<string[]>;
|
|
28
|
+
/**
|
|
29
|
+
* Resolve a path (for package resolution).
|
|
30
|
+
*/
|
|
31
|
+
resolve(...pathSegments: string[]): string;
|
|
32
|
+
/**
|
|
33
|
+
* Get the directory name of a path.
|
|
34
|
+
*/
|
|
35
|
+
dirname(filePath: string): string;
|
|
36
|
+
/**
|
|
37
|
+
* Join path segments.
|
|
38
|
+
*/
|
|
39
|
+
join(...pathSegments: string[]): string;
|
|
40
|
+
}
|
|
41
|
+
/**
|
|
42
|
+
* Default file system implementation that uses Node.js fs module.
|
|
43
|
+
*/
|
|
44
|
+
export declare class NodeFileSystem implements IFileSystem {
|
|
45
|
+
exists(filePath: string): boolean;
|
|
46
|
+
readFile(filePath: string): string;
|
|
47
|
+
isDirectory(filePath: string): boolean;
|
|
48
|
+
readdir(dirPath: string): string[];
|
|
49
|
+
resolve(...pathSegments: string[]): string;
|
|
50
|
+
dirname(filePath: string): string;
|
|
51
|
+
join(...pathSegments: string[]): string;
|
|
52
|
+
}
|
|
53
|
+
/**
|
|
54
|
+
* In-memory file system for server-side compilation.
|
|
55
|
+
* Files are provided as a map of path -> content.
|
|
56
|
+
*/
|
|
57
|
+
export declare class MemoryFileSystem implements IFileSystem {
|
|
58
|
+
private files;
|
|
59
|
+
private static readonly MAX_PACKAGE_SIZE;
|
|
60
|
+
private static readonly MAX_FILE_SIZE;
|
|
61
|
+
private static readonly MAX_FILE_COUNT;
|
|
62
|
+
constructor(files?: Record<string, string>);
|
|
63
|
+
/**
|
|
64
|
+
* Add or update a file in the in-memory file system.
|
|
65
|
+
*/
|
|
66
|
+
addFile(filePath: string, content: string): void;
|
|
67
|
+
/**
|
|
68
|
+
* Add multiple files at once.
|
|
69
|
+
*/
|
|
70
|
+
addFiles(files: Record<string, string>): void;
|
|
71
|
+
exists(filePath: string): boolean;
|
|
72
|
+
readFile(filePath: string): string;
|
|
73
|
+
isDirectory(filePath: string): boolean;
|
|
74
|
+
readdir(dirPath: string): string[];
|
|
75
|
+
resolve(...pathSegments: string[]): string;
|
|
76
|
+
dirname(filePath: string): string;
|
|
77
|
+
join(...pathSegments: string[]): string;
|
|
78
|
+
/**
|
|
79
|
+
* Validate package name against npm/semver standards.
|
|
80
|
+
* Prevents path traversal and injection attacks.
|
|
81
|
+
*/
|
|
82
|
+
private validatePackageName;
|
|
83
|
+
/**
|
|
84
|
+
* Validate semantic version format.
|
|
85
|
+
*/
|
|
86
|
+
private validateVersion;
|
|
87
|
+
/**
|
|
88
|
+
* Validate ZIP package structure before extraction.
|
|
89
|
+
* Prevents: zip bombs, path traversal, symlink attacks.
|
|
90
|
+
*/
|
|
91
|
+
private validateZipStructure;
|
|
92
|
+
/**
|
|
93
|
+
* Validate a single ZIP entry for security issues.
|
|
94
|
+
*/
|
|
95
|
+
private validateZipEntry;
|
|
96
|
+
/**
|
|
97
|
+
* Add a package from a ZIP Buffer to the in-memory file system.
|
|
98
|
+
* Extracts the .pdpkg (ZIP) and stores all files with the package path prefix.
|
|
99
|
+
* SECURITY: Validates package name, version, and ZIP structure.
|
|
100
|
+
*
|
|
101
|
+
* @param packageName - Full package name (e.g., "@namespace/package-name")
|
|
102
|
+
* @param version - Package version (e.g., "1.0.0")
|
|
103
|
+
* @param packageBuffer - Buffer containing the .pdpkg (ZIP) file
|
|
104
|
+
*/
|
|
105
|
+
addPackage(packageName: string, version: string, packageBuffer: Buffer): Promise<void>;
|
|
106
|
+
/**
|
|
107
|
+
* Recursively load a directory's contents into the in-memory file system.
|
|
108
|
+
*
|
|
109
|
+
* @param sourceDir - Directory to read from disk
|
|
110
|
+
* @param targetPath - Virtual path in memory file system
|
|
111
|
+
*/
|
|
112
|
+
private loadDirectoryToMemory;
|
|
113
|
+
/**
|
|
114
|
+
* Add a package from the registry to the in-memory file system.
|
|
115
|
+
* Downloads the package tarball and extracts it to memory.
|
|
116
|
+
*
|
|
117
|
+
* @param packageRef - Package reference (e.g., "@namespace/package@1.0.0")
|
|
118
|
+
* @param downloadFn - Optional function to download package, receives (packageName, version) and returns {tarball: Buffer, metadata: any}
|
|
119
|
+
*/
|
|
120
|
+
addPackageFromRegistry(packageRef: string, downloadFn?: (packageName: string, version: string) => Promise<{
|
|
121
|
+
tarball: Buffer;
|
|
122
|
+
metadata: any;
|
|
123
|
+
}>): Promise<void>;
|
|
124
|
+
/**
|
|
125
|
+
* Get the virtual file system path for a package.
|
|
126
|
+
*
|
|
127
|
+
* @param packageName - Full package name (e.g., "@namespace/package-name")
|
|
128
|
+
* @param version - Package version (e.g., "1.0.0")
|
|
129
|
+
* @returns Virtual path (e.g., "/packages/@namespace/package-name@1.0.0")
|
|
130
|
+
*/
|
|
131
|
+
getPackagePath(packageName: string, version: string): string;
|
|
132
|
+
/**
|
|
133
|
+
* Parse a package reference into name and version.
|
|
134
|
+
*
|
|
135
|
+
* @param packageRef - Package reference (e.g., "@namespace/package@1.0.0")
|
|
136
|
+
* @returns Object with packageName and version
|
|
137
|
+
*/
|
|
138
|
+
private parsePackageReference;
|
|
139
|
+
/**
|
|
140
|
+
* Normalize path to use forward slashes and ensure consistency.
|
|
141
|
+
*/
|
|
142
|
+
private normalizePath;
|
|
143
|
+
/**
|
|
144
|
+
* Get all files under a base path.
|
|
145
|
+
*
|
|
146
|
+
* @param basePath - Optional base path to filter files
|
|
147
|
+
* @returns Map of file paths to content
|
|
148
|
+
*/
|
|
149
|
+
getAllFiles(basePath?: string): Map<string, string>;
|
|
150
|
+
/**
|
|
151
|
+
* Calculate total size of files under base path.
|
|
152
|
+
*
|
|
153
|
+
* @param basePath - Base path to calculate size for
|
|
154
|
+
* @returns Object with size in bytes and file count
|
|
155
|
+
*/
|
|
156
|
+
getTotalSize(basePath: string): {
|
|
157
|
+
size: number;
|
|
158
|
+
files: number;
|
|
159
|
+
};
|
|
160
|
+
/**
|
|
161
|
+
* Create a .pdpkg tarball Buffer from in-memory files.
|
|
162
|
+
* Used for server-side package creation without disk writes.
|
|
163
|
+
* SECURITY: Scans for secrets before packing.
|
|
164
|
+
*
|
|
165
|
+
* @param basePath - Base path in memory filesystem (e.g., "/my-package")
|
|
166
|
+
* @param manifest - Package manifest.json content
|
|
167
|
+
* @param options - Optional filter for files
|
|
168
|
+
* @returns Buffer containing gzipped tarball
|
|
169
|
+
*/
|
|
170
|
+
createPackageBuffer(basePath: string, manifest: Record<string, any>, options?: {
|
|
171
|
+
filter?: (path: string) => boolean;
|
|
172
|
+
}): Promise<Buffer>;
|
|
173
|
+
}
|
|
174
|
+
/**
|
|
175
|
+
* Get the default file system (Node.js fs).
|
|
176
|
+
*/
|
|
177
|
+
export declare function getDefaultFileSystem(): IFileSystem;
|
|
178
|
+
//# sourceMappingURL=file-system.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"file-system.d.ts","sourceRoot":"","sources":["../../../src/lib/compiler/file-system.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B;;OAEG;IACH,MAAM,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAErD;;OAEG;IACH,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAErD;;OAEG;IACH,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAE1D;;OAEG;IACH,OAAO,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAEvD;;OAEG;IACH,OAAO,CAAC,GAAG,YAAY,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC;IAE3C;;OAEG;IACH,OAAO,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAAC;IAElC;;OAEG;IACH,IAAI,CAAC,GAAG,YAAY,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC;CACzC;AAED;;GAEG;AACH,qBAAa,cAAe,YAAW,WAAW;IAChD,MAAM,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IAIjC,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM;IAIlC,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IAItC,OAAO,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE;IAIlC,OAAO,CAAC,GAAG,YAAY,EAAE,MAAM,EAAE,GAAG,MAAM;IAI1C,OAAO,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM;IAIjC,IAAI,CAAC,GAAG,YAAY,EAAE,MAAM,EAAE,GAAG,MAAM;CAGxC;AAED;;;GAGG;AACH,qBAAa,gBAAiB,YAAW,WAAW;IAClD,OAAO,CAAC,KAAK,CAAsB;IAGnC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,gBAAgB,CAAoB;IAC5D,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAoB;IACzD,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,cAAc,CAAQ;gBAElC,KAAK,GAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAM;IAQ9C;;OAEG;IACH,OAAO,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI;IAIhD;;OAEG;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,IAAI;IAM7C,MAAM,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IAIjC,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM;IAWlC,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IActC,OAAO,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE;IAuBlC,OAAO,CAAC,GAAG,YAAY,EAAE,MAAM,EAAE,GAAG,MAAM;IAI1C,OAAO,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM;IAIjC,IAAI,CAAC,GAAG,YAAY,EAAE,MAAM,EAAE,GAAG,MAAM;IAIvC;;;OAGG;IACH,OAAO,CAAC,mBAAmB;IAa3B;;OAEG;IACH,OAAO,CAAC,eAAe;IAOvB;;;OAGG;IACH,OAAO,CAAC,oBAAoB;IA4B5B;;OAEG;IACH,OAAO,CAAC,gBAAgB;IA0BxB;;;;;;;;OAQG;IACG,UAAU,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAoC5F;;;;;OAKG;YACW,qBAAqB;IAoBnC;;;;;;OAMG;IACG,sBAAsB,CAC1B,UAAU,EAAE,MAAM,EAClB,UAAU,CAAC,EAAE,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,GAAG,CAAA;KAAE,CAAC,GACjG,OAAO,CAAC,IAAI,CAAC;IAehB;;;;;;OAMG;IACH,cAAc,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM;IAI5D;;;;;OAKG;IACH,OAAO,CAAC,qBAAqB;IAc7B;;OAEG;IACH,OAAO,CAAC,aAAa;IAsBrB;;;;;OAKG;IACH,WAAW,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC;IAkBnD;;;;;OAKG;IACH,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE;IAc/D;;;;;;;;;OASG;IACG,mBAAmB,CACvB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAC7B,OAAO,CAAC,EAAE;QACR,MAAM,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC;KACpC,GACA,OAAO,CAAC,MAAM,CAAC;CA0CnB;AAED;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,WAAW,CAElD"}
|