@querypanel/node-sdk 1.0.36 → 1.0.38

package/dist/index.js

@@ -525,7 +525,6 @@ function sanitize2(value) {
 }
 
 // src/core/client.ts
-import { createSign } from "crypto";
 var ApiClient = class {
   baseUrl;
   privateKey;
@@ -533,6 +532,7 @@ var ApiClient = class {
   defaultTenantId;
   additionalHeaders;
   fetchImpl;
+  cryptoKey = null;
   constructor(baseUrl, privateKey, organizationId, options) {
     if (!baseUrl) {
       throw new Error("Base URL is required");
@@ -648,6 +648,66 @@ var ApiClient = class {
     }
     return headers;
   }
+  /**
+   * Base64URL encode a string (works in both Node.js 18+ and Deno)
+   */
+  base64UrlEncode(str) {
+    const bytes = new TextEncoder().encode(str);
+    let binary = "";
+    const chunkSize = 8192;
+    for (let i = 0; i < bytes.length; i += chunkSize) {
+      const chunk = bytes.slice(i, i + chunkSize);
+      binary += String.fromCharCode(...chunk);
+    }
+    const base64 = btoa(binary);
+    return base64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/g, "");
+  }
+  /**
+   * Base64URL encode from Uint8Array (for binary data like signatures)
+   */
+  base64UrlEncodeBytes(bytes) {
+    let binary = "";
+    const chunkSize = 8192;
+    for (let i = 0; i < bytes.length; i += chunkSize) {
+      const chunk = bytes.slice(i, i + chunkSize);
+      binary += String.fromCharCode(...chunk);
+    }
+    const base64 = btoa(binary);
+    return base64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/g, "");
+  }
+  /**
+   * Import the private key into Web Crypto API format (cached after first import)
+   */
+  async getCryptoKey() {
+    if (this.cryptoKey) {
+      return this.cryptoKey;
+    }
+    this.cryptoKey = await crypto.subtle.importKey(
+      "pkcs8",
+      this.privateKeyToArrayBuffer(this.privateKey),
+      {
+        name: "RSASSA-PKCS1-v1_5",
+        hash: "SHA-256"
+      },
+      false,
+      ["sign"]
+    );
+    return this.cryptoKey;
+  }
+  /**
+   * Convert PEM private key to ArrayBuffer for Web Crypto API
+   */
+  privateKeyToArrayBuffer(pem) {
+    const pemHeader = "-----BEGIN PRIVATE KEY-----";
+    const pemFooter = "-----END PRIVATE KEY-----";
+    const pemContents = pem.replace(pemHeader, "").replace(pemFooter, "").replace(/\s/g, "");
+    const binaryString = atob(pemContents);
+    const bytes = new Uint8Array(binaryString.length);
+    for (let i = 0; i < binaryString.length; i++) {
+      bytes[i] = binaryString.charCodeAt(i);
+    }
+    return bytes.buffer;
+  }
   async generateJWT(tenantId, userId, scopes) {
     const header = {
       alg: "RS256",
@@ -659,19 +719,20 @@ var ApiClient = class {
     };
     if (userId) payload.userId = userId;
     if (scopes?.length) payload.scopes = scopes;
-    const encodeJson = (obj) => {
-      const json = JSON.stringify(obj);
-      const base64 = Buffer.from(json).toString("base64");
-      return base64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/g, "");
-    };
-    const encodedHeader = encodeJson(header);
-    const encodedPayload = encodeJson(payload);
+    const encodedHeader = this.base64UrlEncode(JSON.stringify(header));
+    const encodedPayload = this.base64UrlEncode(JSON.stringify(payload));
     const data = `${encodedHeader}.${encodedPayload}`;
-    const signer = createSign("RSA-SHA256");
-    signer.update(data);
-    signer.end();
-    const signature = signer.sign(this.privateKey);
-    const encodedSignature = signature.toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/g, "");
+    const key = await this.getCryptoKey();
+    const dataBytes = new TextEncoder().encode(data);
+    const signature = await crypto.subtle.sign(
+      {
+        name: "RSASSA-PKCS1-v1_5"
+      },
+      key,
+      dataBytes
+    );
+    const signatureBytes = new Uint8Array(signature);
+    const encodedSignature = this.base64UrlEncodeBytes(signatureBytes);
     return `${data}.${encodedSignature}`;
   }
 };
@@ -756,13 +817,19 @@ var QueryEngine = class {
       return sql;
     }
     const tenantField = metadata.tenantFieldName;
-    const paramKey = tenantField;
-    params[paramKey] = tenantId;
     const normalizedSql = sql.toLowerCase();
     if (normalizedSql.includes(tenantField.toLowerCase())) {
       return sql;
     }
-    const tenantPredicate = metadata.dialect === "clickhouse" ? `${tenantField} = {${tenantField}:${metadata.tenantFieldType ?? "String"}}` : `${tenantField} = '${tenantId}'`;
+    let tenantPredicate;
+    if (metadata.dialect === "clickhouse") {
+      const paramKey = tenantField;
+      params[paramKey] = tenantId;
+      tenantPredicate = `${tenantField} = {${tenantField}:${metadata.tenantFieldType ?? "String"}}`;
+    } else {
+      const escapedId = tenantId.replace(/'/g, "''");
+      tenantPredicate = `${tenantField} = '${escapedId}'`;
+    }
     if (/\bwhere\b/i.test(sql)) {
       return sql.replace(
         /\bwhere\b/i,
@@ -996,7 +1063,6 @@ function resolveTenantId2(client, tenantId) {
 }
 
 // src/routes/ingest.ts
-import { randomUUID } from "crypto";
 async function syncSchema(client, queryEngine, databaseName, options, signal) {
   const tenantId = resolveTenantId3(client, options.tenantId);
   const adapter = queryEngine.getDatabase(databaseName);
@@ -1008,7 +1074,7 @@ async function syncSchema(client, queryEngine, databaseName, options, signal) {
   if (options.forceReindex) {
     payload.force_reindex = true;
   }
-  const sessionId = randomUUID();
+  const sessionId = crypto.randomUUID();
   const response = await client.post(
     "/ingest",
     payload,
@@ -1057,10 +1123,9 @@ function buildSchemaRequest(databaseName, adapter, introspection, metadata) {
 }
 
 // src/routes/query.ts
-import { randomUUID as randomUUID2 } from "crypto";
 async function ask(client, queryEngine, question, options, signal) {
   const tenantId = resolveTenantId4(client, options.tenantId);
-  const sessionId = randomUUID2();
+  const sessionId = crypto.randomUUID();
   const maxRetry = options.maxRetry ?? 0;
   let attempt = 0;
   let lastError = options.lastError;