@sockethub/data-layer 1.0.0-alpha.12 → 1.0.0-alpha.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -56,7 +56,7 @@ encryption/decryption and session-based isolation.
56
56
  **Dependencies:**
57
57
 
58
58
  - Redis server (6.0+)
59
- - `@sockethub/crypto` for encryption
59
+ - `@sockethub/util` (`@sockethub/util/crypto`) for encryption
60
60
  - `@sockethub/schemas` for type definitions
61
61
 
62
62
  ## API Documentation
@@ -0,0 +1,88 @@
1
+ import type { CredentialsObject } from "@sockethub/schemas";
2
+ import { type Redis } from "ioredis";
3
+ import SecureStore from "secure-store-redis";
4
+ import type { RedisConfig } from "./types.js";
5
+ /**
6
+ * Creates or returns a shared Redis connection for CredentialsStore instances.
7
+ * This prevents connection exhaustion by reusing a single connection across
8
+ * all credential storage operations.
9
+ *
10
+ * @param config - Redis configuration
11
+ * @returns Shared Redis connection instance
12
+ */
13
+ export declare function createCredentialsRedisConnection(config: RedisConfig): Redis;
14
+ /**
15
+ * Resets the shared credentials Redis connection. Used primarily for testing.
16
+ */
17
+ export declare function resetSharedCredentialsRedisConnection(): Promise<void>;
18
+ export interface CredentialsStoreInterface {
19
+ get(actor: string, credentialsHash?: string, options?: CredentialsValidationOptions): Promise<CredentialsObject | undefined>;
20
+ save(actor: string, creds: CredentialsObject): Promise<number>;
21
+ }
22
+ export interface CredentialsValidationOptions {
23
+ /**
24
+ * Enables stricter checks used only when trying to attach a second socket
25
+ * session to an already-running actor-scoped platform instance.
26
+ */
27
+ validateSessionShare?: boolean;
28
+ }
29
+ export declare class CredentialsMismatchError extends Error {
30
+ constructor(message: string);
31
+ }
32
+ export declare class CredentialsNotShareableError extends Error {
33
+ constructor(message: string);
34
+ }
35
+ export declare function verifySecureStore(config: RedisConfig): Promise<void>;
36
+ /**
37
+ * Secure, encrypted storage for user credentials with session-based isolation.
38
+ *
39
+ * Provides automatic encryption/decryption of credential objects stored in Redis,
40
+ * ensuring that sensitive authentication data is never stored in plaintext.
41
+ * Each session gets its own isolated credential store.
42
+ *
43
+ * @example
44
+ * ```typescript
45
+ * const store = new CredentialsStore('session123', secret, redisConfig);
46
+ *
47
+ * // Store credentials
48
+ * await store.save('user@example.com', {
49
+ * username: 'user',
50
+ * password: 'secret',
51
+ * server: 'irc.freenode.net'
52
+ * });
53
+ *
54
+ * // Retrieve credentials
55
+ * const creds = await store.get('user@example.com', credentialsHash);
56
+ * ```
57
+ */
58
+ export declare class CredentialsStore implements CredentialsStoreInterface {
59
+ readonly uid: string;
60
+ store: SecureStore;
61
+ objectHash: (o: unknown) => string;
62
+ private readonly log;
63
+ /**
64
+ * Creates a new CredentialsStore instance.
65
+ *
66
+ * @param parentId - Unique identifier for the parent instance (e.g. server ID)
67
+ * @param sessionId - Client session identifier for credential isolation
68
+ * @param secret - 32-character encryption secret for credential security
69
+ * @param redisConfig - Redis connection configuration
70
+ * @throws Error if secret is not exactly 32 characters
71
+ */
72
+ constructor(parentId: string, sessionId: string, secret: string, redisConfig: RedisConfig);
73
+ initCrypto(): void;
74
+ initSecureStore(secret: string, redisConfig: RedisConfig): void;
75
+ /**
76
+ * Gets the credentials for a given actor ID.
77
+ * @param actor
78
+ * @param credentialsHash - Optional hash to validate credentials.
79
+ * If undefined, validation is skipped.
80
+ */
81
+ get(actor: string, credentialsHash?: string, options?: CredentialsValidationOptions): Promise<CredentialsObject>;
82
+ /**
83
+ * Saves the credentials for a given actor ID
84
+ * @param actor
85
+ * @param creds
86
+ */
87
+ save(actor: string, creds: CredentialsObject): Promise<number>;
88
+ }
@@ -0,0 +1,8 @@
1
+ import { CredentialsMismatchError, CredentialsNotShareableError, CredentialsStore, type CredentialsStoreInterface, type CredentialsValidationOptions, resetSharedCredentialsRedisConnection } from "./credentials-store.js";
2
+ import { getRedisConnectionCount, resetSharedRedisConnection } from "./job-base.js";
3
+ import { JobQueue } from "./job-queue.js";
4
+ import { JobWorker, type JobWorkerOptions } from "./job-worker.js";
5
+ export * from "./types.js";
6
+ import type { RedisConfig } from "./types.js";
7
+ declare function redisCheck(config: RedisConfig): Promise<void>;
8
+ export { redisCheck, JobQueue, JobWorker, type JobWorkerOptions, CredentialsStore, CredentialsMismatchError, CredentialsNotShareableError, getRedisConnectionCount, resetSharedRedisConnection, resetSharedCredentialsRedisConnection, type CredentialsValidationOptions, type CredentialsStoreInterface, };