@superhero/eventflow-db 4.0.0 → 4.0.2

package/README.md

@@ -7,6 +7,7 @@
 - Simplified table schema management for the Eventflow components.
 - Supports creating, reading, updating and deleting events and their associations.
 - Supports database interactions for scheduled and published events.
+- Supports database interactions for certificate, hub and log.
 - Integrates with `@superhero/db` for file management of SQL queries, and `mysql2` as the database driver.
 - Error declarations with descriptive error messages and  error codes.
 
@@ -110,6 +111,8 @@ await db.updateEventPublishedToSuccess(eventId)
 
 ### Logging
 
+#### Persisting a log entry
+
 ```javascript
 const log = 
 {
@@ -121,6 +124,15 @@ const log =
 await db.persistLog(log)
 ```
 
+#### Archive logs
+
+Archives logs by partitioning the log table by date.
+
+```javascript
+const date = new Date()
+await db.archiveLog(date)
+```
+
 ### Managing Hubs
 
 #### Persisting a Hub
@@ -145,10 +157,95 @@ const hubs = await db.readOnlineHubs()
 console.log('Online Hubs:', hubs)
 ```
 
+### Managing Certificate
+
+#### Persisting a Certificate
+
+```javascript
+const certificate = 
+{
+  id        : 'unique_certificate_id',
+  validity  : new Date('2025-12-31T23:59:59.000Z'),
+  cert      : 'certificate_value',
+  key       : Buffer.from('encryption_key'),
+  key_iv    : Buffer.from('initialization_vector'),
+  key_salt  : Buffer.from('key_salt'),
+  key_tag   : Buffer.from('key_tag'),
+  pass      : Buffer.from('encrypted_passphrase'),
+  pass_iv   : Buffer.from('pass_iv'),
+  pass_salt : Buffer.from('pass_salt'),
+  pass_tag  : Buffer.from('pass_tag'),
+};
+
+const isPersisted = await db.persistCertificate(certificate);
+console.log('Persisted:', isPersisted);
+```
+
+#### Reading a Certificate
+
+```javascript
+try 
+{
+  const certificate = await db.readCertificate('unique_certificate_id');
+  console.log('Certificate:', certificate);
+} 
+catch (error) 
+{
+  if (error.code === 'E_EVENTFLOW_DB_CERTIFICATE_NOT_FOUND') 
+  {
+    console.error('Certificate not found');
+  }
+  else 
+  {
+    console.error('Error reading certificate:', error);
+  }
+}
+```
+
+#### Revoking a Certificate
+
+```javascript
+const revoked = await db.revokeCertificate('unique_certificate_id');
+console.log('Certificate revoked:', revoked);
+```
+
 ## Table Schemas
 
 Below are the database schemas used in this component:
 
+### Certificate Table
+
+Only expected to have 1 certificate for each ID active at the same time. Once a certificate is revoked, it will be be persisted with a version number greater than 0, hence partition it as `cold` data; archived.
+
+```sql
+CREATE TABLE IF NOT EXISTS certificate
+(
+  created   DATETIME(3)   NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
+  updated   DATETIME(3)   NOT NULL DEFAULT CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3),
+  version   INT UNSIGNED  NOT NULL DEFAULT 0,
+  id        VARCHAR(64)   NOT NULL,
+  cert      TEXT          NOT NULL,
+  `key`     BLOB          NOT NULL,
+  key_iv    VARBINARY(16) NOT NULL,
+  key_salt  VARBINARY(16) NOT NULL,
+  key_tag   VARBINARY(16) NOT NULL,
+  pass      BLOB          NOT NULL,
+  pass_iv   VARBINARY(16) NOT NULL,
+  pass_salt VARBINARY(16) NOT NULL,
+  pass_tag  VARBINARY(16) NOT NULL,
+  validity  DATETIME      NOT NULL,
+  revoked   DATETIME          NULL,
+
+  PRIMARY KEY (version, id)
+)
+ENGINE=InnoDB
+PARTITION BY RANGE (version)
+(
+  PARTITION p_hot   VALUES LESS THAN (1),
+  PARTITION p_cold  VALUES LESS THAN MAXVALUE
+)
+```
+
 ### Event Table
 
 ```sql
@@ -283,6 +380,8 @@ ENGINE=InnoDB
 
 ### Log Table
 
+Partition on timestamp to make it possible to archive logs.
+
 ```sql
 CREATE TABLE IF NOT EXISTS log 
 (
@@ -324,72 +423,84 @@ npm test
 ▶ @superhero/eventflow-db
   ▶ Setup table schemas
     ▶ Persist a hub
-      ✔ Read online hubs (5.587373ms)
+      ✔ Read online hubs (8.808208ms)
 
       ▶ Persisting an event should generate an ID if not provided
-        ✔ Read an event by id should return the same data as when persisted the event (4.480859ms)
+        ✔ Read an event by id should return the same data as when persisted the event (9.057985ms)
 
         ▶ Schedule a persisted event
-          ✔ Read all scheduled events (5.224091ms)
-          ✔ Update scheduled event as executed (5.74482ms)
-          ✔ Update scheduled event as success (5.297828ms)
-          ✔ Update scheduled event as failed (6.276729ms)
-        ✔ Schedule a persisted event (29.417902ms)
+          ✔ Read all scheduled events (5.28951ms)
+          ✔ Update scheduled event as executed (11.686935ms)
+          ✔ Update scheduled event as success (10.393756ms)
+          ✔ Update scheduled event as failed (9.877872ms)
+        ✔ Schedule a persisted event (50.493271ms)
 
         ▶ Publish a persisted event
-          ✔ Update published event to consumed by hub (7.16767ms)
-          ✔ Update published event to consumed by spoke (6.096988ms)
-          ✔ Update published event to success (6.491936ms)
-          ✔ Update published event to failed (7.925911ms)
-          ✔ Update published event to orphan (4.379269ms)
-        ✔ Publish a persisted event (38.916677ms)
+          ✔ Update published event to consumed by hub (8.985592ms)
+          ✔ Update published event to consumed by spoke (10.847144ms)
+          ✔ Update published event to success (8.945934ms)
+          ✔ Update published event to failed (12.743366ms)
+          ✔ Update published event to orphan (12.484305ms)
+        ✔ Publish a persisted event (69.042999ms)
 
         ▶ Persist event cpid association
-          ✔ Read events by domain and cpid (3.532181ms)
-          ✔ Read associated cpid by event id (4.202583ms)
-          ✔ Delete associated cpid by event id (7.538617ms)
-          ✔ Read deleted associated cpid by event id returns empty (2.465462ms)
-        ✔ Persist event cpid association (25.886055ms)
+          ✔ Read events by domain and cpid (6.375096ms)
+          ✔ Read associated cpid by event id (6.539711ms)
+          ✔ Delete associated cpid by event id (35.785772ms)
+          ✔ Read deleted associated cpid by event id returns empty (3.44164ms)
+        ✔ Persist event cpid association (63.474382ms)
 
         ▶ Persist event eid association
-          ✔ Read events by eid (3.706348ms)
-          ✔ Read events by domain and eid (4.862519ms)
-          ✔ Read associated eid by event id (3.864714ms)
-          ✔ Delete associated eid by event id (3.806146ms)
-          ✔ Read deleted associated eid by event id returns empty (3.217061ms)
-        ✔ Persist event eid association (24.547606ms)
+          ✔ Read events by eid (3.186193ms)
+          ✔ Read events by domain and eid (3.211094ms)
+          ✔ Read associated eid by event id (5.22712ms)
+          ✔ Delete associated eid by event id (4.791241ms)
+          ✔ Read deleted associated eid by event id returns empty (2.82022ms)
+        ✔ Persist event eid association (25.839658ms)
 
         ▶ Delete event
-          ✔ Reading a deleted event rejects (2.195439ms)
-        ✔ Delete event (9.437439ms)
+          ✔ Reading a deleted event rejects (2.870914ms)
+        ✔ Delete event (12.001935ms)
 
         ▶ By domain and pid
-          ✔ Read event by domain and pid (3.467037ms)
-          ✔ Delete event by domain and pid (5.735279ms)
-          ✔ Read empty eventlog by domain and pid (2.678678ms)
-        ✔ By domain and pid (17.088958ms)
-      ✔ Persisting an event should generate an ID if not provided (158.031614ms)
-
-      ✔ Persist log (5.5136ms)
-      ✔ Update hub to quit (7.367751ms)
-    ✔ Persist a hub (182.853588ms)
-    ✔ Reading a non existing event should reject with an error (2.51415ms)
-  ✔ Setup table schemas (250.260079ms)
-✔ @superhero/eventflow-db (251.7368ms)
-
-tests 36
+          ✔ Read event by domain and pid (4.653075ms)
+          ✔ Delete event by domain and pid (6.649683ms)
+          ✔ Read empty eventlog by domain and pid (2.870288ms)
+        ✔ By domain and pid (19.564013ms)
+      ✔ Persisting an event should generate an ID if not provided (257.977724ms)
+
+      ✔ Persist log (8.236839ms)
+      ✔ Update hub to quit (11.86896ms)
+
+      ▶ Certificate management
+        ✔ Persist a certificate (9.410534ms)
+        ✔ Persisting a duplicate certificate should return false (3.669139ms)
+        ✔ Read a persisted certificate by id (9.817305ms)
+        ✔ Reading a non-existing certificate should reject with an error (3.705119ms)
+
+        ▶ Revoke a persisted certificate
+          ✔ Reading a revoked certificate should reject with an error (3.894204ms)
+        ✔ Revoke a persisted certificate (14.21005ms)
+      ✔ Certificate management (44.130336ms)
+    ✔ Persist a hub (339.721847ms)
+
+    ✔ Reading a non existing event should reject with an error (6.280731ms)
+  ✔ Setup table schemas (431.031157ms)
+✔ @superhero/eventflow-db (436.106715ms)
+
+tests 43
 suites 1
-pass 36
+pass 43
 
-----------------------------------------------------------------
+-------------------------------------------------------------------------------------------------------------------------
 file            | line % | branch % | funcs % | uncovered lines
-----------------------------------------------------------------
+-------------------------------------------------------------------------------------------------------------------------
 config.js       | 100.00 |   100.00 |  100.00 | 
-index.js        | 100.00 |    96.51 |  100.00 | 
+index.js        |  69.41 |    56.25 |   97.92 | 43-48 58-62 73-77 88-92 103-107 118-122 133-137 148-153 186-191 203-207…
 index.test.js   | 100.00 |   100.00 |  100.00 | 
-----------------------------------------------------------------
-all files       | 100.00 |    97.62 |  100.00 | 
-----------------------------------------------------------------
+-------------------------------------------------------------------------------------------------------------------------
+all files       |  79.42 |    70.83 |   98.92 | 
+-------------------------------------------------------------------------------------------------------------------------
 ```
 
 ## License

package/index.js

@@ -33,16 +33,31 @@ export default class DB
     await this.gateway.close()
   }
 
-  async createTableEventPublished()
+  async createTableCertificate()
   {
     try
     {
-      await this.gateway.query('event_published/schema')
+      await this.gateway.query('certificate/schema')
     }
     catch(reason)
     {
-      const error = new Error('could not create table event_published')
-      error.code  = 'E_EVENTFLOW_DB_CREATE_TABLE_EVENT_PUBLISHED'
+      const error = new Error('could not create table certificate')
+      error.code  = 'E_EVENTFLOW_DB_CREATE_TABLE_CERTIFICATE'
+      error.cause = reason
+      throw error
+    }
+  }
+
+  async createTableEvent()
+  {
+    try
+    {
+      await this.gateway.query('event/schema')
+    }
+    catch(reason)
+    {
+      const error = new Error('could not create table event')
+      error.code  = 'E_EVENTFLOW_DB_CREATE_TABLE_EVENT'
       error.cause = reason
       throw error
     } 
@@ -78,68 +93,69 @@ export default class DB
     } 
   }
 
-  async createTableEventScheduled()
+  async createTableEventPublished()
   {
     try
     {
-      await this.gateway.query('event_scheduled/schema')
+      await this.gateway.query('event_published/schema')
     }
     catch(reason)
     {
-      const error = new Error('could not create table event_schedule')
-      error.code  = 'E_EVENTFLOW_DB_CREATE_TABLE_EVENT_SCHEDULED'
+      const error = new Error('could not create table event_published')
+      error.code  = 'E_EVENTFLOW_DB_CREATE_TABLE_EVENT_PUBLISHED'
       error.cause = reason
       throw error
     } 
   }
 
-  async createTableEvent()
+  async createTableEventScheduled()
   {
     try
     {
-      await this.gateway.query('event/schema')
+      await this.gateway.query('event_scheduled/schema')
     }
     catch(reason)
     {
-      const error = new Error('could not create table event')
-      error.code  = 'E_EVENTFLOW_DB_CREATE_TABLE_EVENT'
+      const error = new Error('could not create table event_schedule')
+      error.code  = 'E_EVENTFLOW_DB_CREATE_TABLE_EVENT_SCHEDULED'
       error.cause = reason
       throw error
     } 
   }
 
-  async createTableLog()
+  async createTableHub()
   {
     try
     {
-      await this.gateway.query('log/schema')
+      await this.gateway.query('hub/schema')
     }
     catch(reason)
     {
-      const error = new Error('could not create table log')
-      error.code  = 'E_EVENTFLOW_DB_CREATE_TABLE_LOG'
+      const error = new Error('could not create table hub')
+      error.code  = 'E_EVENTFLOW_DB_CREATE_TABLE_HUB'
       error.cause = reason
       throw error
     } 
   }
 
-  async createTableHub()
+  async createTableLog()
   {
     try
     {
-      await this.gateway.query('hub/schema')
+      await this.gateway.query('log/schema')
     }
     catch(reason)
     {
-      const error = new Error('could not create table hub')
-      error.code  = 'E_EVENTFLOW_DB_CREATE_TABLE_HUB'
+      const error = new Error('could not create table log')
+      error.code  = 'E_EVENTFLOW_DB_CREATE_TABLE_LOG'
       error.cause = reason
       throw error
-    } 
+    }
   }
 
   async setupTableSchemas()
   {
+    await this.createTableCertificate()
     await this.createTableHub()
     await this.createTableEvent()
     await this.createTableEventCpid()
@@ -659,4 +675,68 @@ export default class DB
       throw error
     }
   }
+
+  async readCertificate(id)
+  {
+    let result 
+
+    try
+    {
+      result = await this.gateway.query('certificate/read', [ id ])
+    }
+    catch(reason)
+    {
+      const error = new Error(`could not read certificate by id: ${id}`)
+      error.code  = 'E_EVENTFLOW_DB_CERTIFICATE_READ'
+      error.cause = reason
+      throw error
+    }
+
+    if(0 === result.length)
+    {
+      const error = new Error(`certificate not found by id: ${id}`)
+      error.code  = 'E_EVENTFLOW_DB_CERTIFICATE_NOT_FOUND'
+      throw error
+    }
+
+    return result[0]
+  }
+
+  async persistCertificate(certificate)
+  {
+    try
+    {
+      const result = await this.gateway.query('certificate/persist', [ certificate ])
+      return result.affectedRows > 0
+    }
+    catch(reason)
+    {
+      if('ER_DUP_ENTRY' === reason.code)
+      {
+        return false
+      }
+
+      const error = new Error(`could not persist certificate`)
+      error.code  = 'E_EVENTFLOW_DB_CERTIFICATE_PERSIST'
+      error.cause = reason
+      error.certificate = certificate
+      throw error
+    }
+  }
+
+  async revokeCertificate(id)
+  {
+    try
+    {
+      const result = await this.gateway.query('certificate/revoke', [ id, id ])
+      return result.affectedRows > 0
+    }
+    catch(reason)
+    {
+      const error = new Error(`could not revoke certificate by id: ${id}`)
+      error.code  = 'E_EVENTFLOW_DB_CERTIFICATE_REVOKE'
+      error.cause = reason
+      throw error
+    }
+  }
 }

package/index.test.js

@@ -252,6 +252,71 @@ suite('@superhero/eventflow-db', async () =>
         const updated = await db.updateHubToQuit(hub.id)
         assert.ok(updated, 'Hub should be updated to quit')
       })
+
+      await sub.test('Certificate management', async (sub) => 
+      {
+        const
+          id  = Date.now().toString(36),
+          crt = 
+          {
+            id,
+            validity  : new Date(new Date().toISOString().substring(0, 19)),
+            cert      : 'test_certificate_value',
+            key       : Buffer.from('test_key'),
+            key_iv    : Buffer.from('test_key_iv'),
+            key_salt  : Buffer.from('test_key_salt'),
+            key_tag   : Buffer.from('test_key_tag'),
+            pass      : Buffer.from('test_pass'),
+            pass_iv   : Buffer.from('test_pass_iv'),
+            pass_salt : Buffer.from('test_pass_salt'),
+            pass_tag  : Buffer.from('test_pass_tag')
+          }
+
+        await sub.test('Persist a certificate', async () => 
+        {
+          const persisted = await db.persistCertificate(crt)
+          assert.ok(persisted, 'Certificate should be persisted')
+        })
+
+        await sub.test('Persisting a duplicate certificate should return false', async () => 
+        {
+          const duplicatePersisted = await db.persistCertificate(crt)
+          assert.equal(duplicatePersisted, false, 'Duplicate certificate should not be persisted')
+        })
+  
+        await sub.test('Read a persisted certificate by id', async () => 
+        {
+          const readCert = await db.readCertificate(id)
+
+          for(const key in crt)
+          {
+            assert.deepEqual(readCert[key], crt[key], 'Read certificate should match the persisted certificate')
+          }
+        })
+  
+        await sub.test('Reading a non-existing certificate should reject with an error', async () => 
+        {
+          await assert.rejects(
+            db.readCertificate('ROOT', 'non_existing_id'),
+            { code: 'E_EVENTFLOW_DB_CERTIFICATE_NOT_FOUND' },
+            'Should throw an error when certificate is not found'
+          )
+        })
+  
+        await sub.test('Revoke a persisted certificate', async (sub) => 
+        {
+          const revoked = await db.revokeCertificate(id)
+          assert.ok(revoked, 'Certificate should be revoked')
+          await sub.test('Reading a revoked certificate should reject with an error', async () => 
+          {
+            await assert.rejects(
+              db.readCertificate(id),
+              { code: 'E_EVENTFLOW_DB_CERTIFICATE_NOT_FOUND' },
+              'Revoked certificate should not be readable'
+            )
+          })
+        })
+      })
     })
   
     await sub.test('Reading a non existing event should reject with an error', async () => 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@superhero/eventflow-db",
-  "version": "4.0.0",
+  "version": "4.0.2",
   "description": "Eventflow db is a set of common database logic in the eventflow ecosystem.",
   "keywords": [
     "eventflow"
@@ -20,7 +20,7 @@
     "@superhero/locator": "4.2.0"
   },
   "scripts": {
-    "build": "docker run --rm --name eventflow-mysql -e MYSQL_ROOT_PASSWORD=root -e MYSQL_DATABASE=eventflow -p 3306:3306 -d mysql:latest",
+    "test-build": "docker ps -q -f name=eventflow-mysql | grep -q . && docker stop eventflow-mysql; docker run --rm --name eventflow-mysql -e MYSQL_ROOT_PASSWORD=root -e MYSQL_DATABASE=eventflow -p 3306:3306 --health-cmd=\"mysqladmin ping -h 127.0.0.1 -uroot -proot --silent || exit 1\" --health-interval=10s --health-timeout=5s --health-retries=5 -d mysql:latest; until [ \"$(docker inspect --format='{{.State.Health.Status}}' eventflow-mysql)\" == \"healthy\" ]; do sleep 1; done; npm test",
     "test": "node --trace-warnings --test --experimental-test-coverage"
   },
   "author": {

package/sql/certificate/persist.sql

@@ -0,0 +1,2 @@
+INSERT INTO certificate
+SET ?

package/sql/certificate/read.sql

@@ -0,0 +1,5 @@
+SELECT *
+FROM certificate
+WHERE id = ?
+  AND version = 0
+  AND revoked IS NULL

package/sql/certificate/revoke.sql

@@ -0,0 +1,13 @@
+UPDATE certificate AS c
+LEFT JOIN
+(
+  SELECT id, COUNT(*) AS new_version
+  FROM certificate
+  WHERE id = ?
+) sub
+ON c.id = sub.id
+SET c.revoked = UTC_TIMESTAMP(),
+    c.version = sub.new_version
+WHERE c.id = ?
+  AND c.version = 0
+  AND c.revoked IS NULL

package/sql/certificate/schema.sql

@@ -0,0 +1,26 @@
+CREATE TABLE IF NOT EXISTS certificate 
+(
+  created   DATETIME(3)   NOT NULL DEFAULT CURRENT_TIMESTAMP(3),
+  updated   DATETIME(3)   NOT NULL DEFAULT CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3),
+  version   INT UNSIGNED  NOT NULL DEFAULT 0,
+  id        VARCHAR(64)   NOT NULL,
+  cert      TEXT          NOT NULL,
+  `key`     BLOB          NOT NULL,
+  key_iv    VARBINARY(16) NOT NULL,
+  key_salt  VARBINARY(16) NOT NULL,
+  key_tag   VARBINARY(16) NOT NULL,
+  pass      BLOB          NOT NULL,
+  pass_iv   VARBINARY(16) NOT NULL,
+  pass_salt VARBINARY(16) NOT NULL,
+  pass_tag  VARBINARY(16) NOT NULL,
+  validity  DATETIME      NOT NULL,
+  revoked   DATETIME          NULL,
+
+  PRIMARY KEY (version, id)
+)
+ENGINE=InnoDB
+PARTITION BY RANGE (version) 
+(
+  PARTITION p_hot   VALUES LESS THAN (1),
+  PARTITION p_cold  VALUES LESS THAN MAXVALUE
+)