@zintrust/core 0.1.39 → 0.1.41

package/src/proxy/mongodb/MongoDBProxyServer.d.ts

@@ -0,0 +1,33 @@
+type MongoCollectionLike = Record<string, unknown>;
+type MongoDatabaseLike = {
+    collection: (name: string) => MongoCollectionLike;
+};
+type MongoClientLike = {
+    connect: () => Promise<void>;
+    db: (name: string) => MongoDatabaseLike;
+    close: () => Promise<void>;
+};
+type ProxyOverrides = Partial<{
+    host: string;
+    port: number;
+    maxBodyBytes: number;
+    mongoUri: string;
+    mongoDb: string;
+    requireSigning: boolean;
+    keyId: string;
+    secret: string;
+    signingWindowMs: number;
+}>;
+export declare const MongoDBProxyServer: Readonly<{
+    start(overrides?: ProxyOverrides): Promise<{
+        server: Readonly<{
+            start: () => Promise<void>;
+            stop: () => Promise<void>;
+            server: import("node:http").Server;
+        }>;
+        client: MongoClientLike;
+        close(): Promise<void>;
+    }>;
+}>;
+export {};
+//# sourceMappingURL=MongoDBProxyServer.d.ts.map

package/src/proxy/mongodb/MongoDBProxyServer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"MongoDBProxyServer.d.ts","sourceRoot":"","sources":["../../../../src/proxy/mongodb/MongoDBProxyServer.ts"],"names":[],"mappings":"AAYA,KAAK,mBAAmB,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AACnD,KAAK,iBAAiB,GAAG;IACvB,UAAU,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,mBAAmB,CAAC;CACnD,CAAC;AACF,KAAK,eAAe,GAAG;IACrB,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7B,EAAE,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,iBAAiB,CAAC;IACxC,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC5B,CAAC;AAaF,KAAK,cAAc,GAAG,OAAO,CAAC;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,cAAc,EAAE,OAAO,CAAC;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,EAAE,MAAM,CAAC;CACzB,CAAC,CAAC;AA4PH,eAAO,MAAM,kBAAkB;sBACN,cAAc;;;;;;;;;EA+BrC,CAAC"}

package/src/proxy/mongodb/MongoDBProxyServer.js

@@ -0,0 +1,202 @@
+import { Env } from '../../config/env.js';
+import { Logger } from '../../config/logger.js';
+import { ErrorFactory } from '../../exceptions/ZintrustError.js';
+import { ErrorHandler } from '../ErrorHandler.js';
+import { createProxyServer } from '../ProxyServer.js';
+import { resolveProxySigningConfig } from '../ProxySigningConfigResolver.js';
+import { verifyProxySignatureIfNeeded } from '../ProxySigningRequest.js';
+import { RequestValidator } from '../RequestValidator.js';
+const resolveProxyConfig = (overrides = {}) => {
+    const host = overrides?.host ?? Env.get('MONGODB_PROXY_HOST', Env.HOST ?? '127.0.0.1');
+    const port = overrides.port ?? Env.getInt('MONGODB_PROXY_PORT', Env.PORT ?? 3000);
+    const maxBodyBytes = overrides.maxBodyBytes ?? Env.getInt('MONGODB_PROXY_MAX_BODY_BYTES', Env.MAX_BODY_SIZE ?? 0);
+    return { host, port, maxBodyBytes };
+};
+const resolveMongoConfig = (overrides = {}) => {
+    const uri = overrides.mongoUri ?? Env.get('MONGO_URI', 'mongodb://localhost:27017');
+    const database = overrides.mongoDb ?? Env.get('MONGO_DB', 'zintrust');
+    return { uri, database };
+};
+const resolveSigningConfig = (overrides = {}) => resolveProxySigningConfig(overrides, {
+    keyIdEnvVar: 'MONGODB_PROXY_KEY_ID',
+    secretEnvVar: 'MONGODB_PROXY_SECRET',
+    requireEnvVar: 'MONGODB_PROXY_REQUIRE_SIGNING',
+    windowEnvVar: 'MONGODB_PROXY_SIGNING_WINDOW_MS',
+});
+const resolveConfig = (overrides = {}) => {
+    const proxyConfig = resolveProxyConfig(overrides);
+    const mongoConfig = resolveMongoConfig(overrides);
+    const signingConfig = resolveSigningConfig(overrides);
+    return {
+        host: proxyConfig.host,
+        port: proxyConfig.port,
+        maxBodyBytes: proxyConfig.maxBodyBytes,
+        mongoOptions: mongoConfig,
+        signing: {
+            keyId: signingConfig.keyId,
+            secret: signingConfig.secret,
+            require: signingConfig.requireSigning,
+            windowMs: signingConfig.signingWindowMs,
+        },
+    };
+};
+const validateOperationPayload = (payload) => {
+    const operation = payload['operation'];
+    const collection = payload['collection'];
+    const args = payload['args'];
+    if (typeof operation !== 'string' || operation.trim() === '') {
+        return {
+            valid: false,
+            error: { code: 'VALIDATION_ERROR', message: 'operation is required' },
+        };
+    }
+    if (typeof collection !== 'string' || collection.trim() === '') {
+        return {
+            valid: false,
+            error: { code: 'VALIDATION_ERROR', message: 'collection is required' },
+        };
+    }
+    return {
+        valid: true,
+        operation,
+        collection,
+        args: args ?? {},
+    };
+};
+const getMongoModule = async () => {
+    const mongoModule = (await import('mongodb'));
+    const MongoDBClient = mongoModule.MongoClient;
+    if (typeof MongoDBClient !== 'function') {
+        throw ErrorFactory.createDatabaseError('MongoDB driver is unavailable');
+    }
+    return { MongoClient: MongoDBClient };
+};
+const createMongoClient = async (uri) => {
+    const { MongoClient: MongoDBClient } = await getMongoModule();
+    const client = new MongoDBClient(uri);
+    await client.connect();
+    return client;
+};
+const callMethod = async (coll, methodName, ...params) => {
+    const method = coll[methodName];
+    if (typeof method === 'function') {
+        const result = method(...params);
+        if (result !== null && typeof result === 'object' && 'toArray' in result) {
+            const toArray = result.toArray;
+            if (typeof toArray === 'function') {
+                return toArray();
+            }
+        }
+        return result;
+    }
+    throw ErrorFactory.createDatabaseError(`Method ${methodName} not found on collection`);
+};
+const OPERATION_HANDLERS = Object.freeze({
+    find: async (coll, args) => callMethod(coll, 'find', args['filter'] ?? {}),
+    findOne: async (coll, args) => callMethod(coll, 'findOne', args['filter'] ?? {}),
+    insertOne: async (coll, args) => callMethod(coll, 'insertOne', args['document'] ?? {}),
+    insertMany: async (coll, args) => callMethod(coll, 'insertMany', args['documents'] ?? []),
+    updateOne: async (coll, args) => callMethod(coll, 'updateOne', args['filter'] ?? {}, args['update'] ?? {}),
+    updateMany: async (coll, args) => callMethod(coll, 'updateMany', args['filter'] ?? {}, args['update'] ?? {}),
+    deleteOne: async (coll, args) => callMethod(coll, 'deleteOne', args['filter'] ?? {}),
+    deleteMany: async (coll, args) => callMethod(coll, 'deleteMany', args['filter'] ?? {}),
+    countDocuments: async (coll, args) => callMethod(coll, 'countDocuments', args['filter'] ?? {}),
+    aggregate: async (coll, args) => callMethod(coll, 'aggregate', args['pipeline'] ?? []),
+});
+const executeOperation = async (client, dbName, collectionName, operation, args) => {
+    const db = client.db(dbName);
+    const coll = db.collection(collectionName);
+    if (Object.prototype.hasOwnProperty.call(OPERATION_HANDLERS, operation)) {
+        const handler = OPERATION_HANDLERS[operation];
+        return handler(coll, args);
+    }
+    throw ErrorFactory.createDatabaseError(`Unsupported MongoDB operation: ${String(operation)}`);
+};
+const createBackend = (client, config) => ({
+    name: 'mongodb',
+    handle: async (request) => {
+        const methodError = RequestValidator.requirePost(request.method);
+        if (methodError) {
+            return {
+                status: 405,
+                body: { code: methodError.code, message: methodError.message },
+            };
+        }
+        if (request.path !== '/zin/mongodb/operation') {
+            return { status: 404, body: { code: 'NOT_FOUND', message: 'Unknown endpoint' } };
+        }
+        const parsed = RequestValidator.parseJson(request.body);
+        if (!parsed.ok) {
+            return { status: 400, body: { code: parsed.error.code, message: parsed.error.message } };
+        }
+        const validated = validateOperationPayload(parsed.value);
+        if (!validated.valid) {
+            return {
+                status: 400,
+                body: {
+                    code: validated.error?.code ?? 'VALIDATION_ERROR',
+                    message: validated.error?.message ?? 'Invalid request',
+                },
+            };
+        }
+        try {
+            const result = await executeOperation(client, config.mongoOptions.database, validated.collection ?? '', validated.operation ?? '', validated.args ?? {});
+            return { status: 200, body: { success: true, result } };
+        }
+        catch (error) {
+            Logger.error('MongoDB proxy operation failed', { error });
+            return ErrorHandler.toProxyError(500, 'MONGODB_PROXY_ERROR', String(error));
+        }
+    },
+    health: async () => {
+        try {
+            client.db(config.mongoOptions.database);
+            await Promise.resolve();
+            return { status: 200, body: { status: 'ok' } };
+        }
+        catch (error) {
+            await Promise.resolve();
+            return { status: 503, body: { status: 'unhealthy', error: String(error) } };
+        }
+    },
+    shutdown: async () => {
+        await client.close();
+    },
+});
+const createVerifier = (config) => {
+    return async (req, body) => {
+        const verified = await verifyProxySignatureIfNeeded(req, body, config.signing);
+        if (!verified.ok) {
+            const error = verified.error ?? { status: 401, message: 'Unauthorized' };
+            return { ok: false, status: error.status, message: error.message };
+        }
+        return { ok: true };
+    };
+};
+export const MongoDBProxyServer = Object.freeze({
+    async start(overrides = {}) {
+        const config = resolveConfig(overrides);
+        Logger.info(`Starting MongoDB proxy on ${config.host}:${config.port} → ${config.mongoOptions.uri}`);
+        const client = await createMongoClient(config.mongoOptions.uri);
+        const backend = createBackend(client, config);
+        const verifier = createVerifier(config);
+        const server = createProxyServer({
+            host: config.host,
+            port: config.port,
+            maxBodyBytes: config.maxBodyBytes,
+            backend,
+            verify: verifier,
+        });
+        await server.start();
+        Logger.info(`✓ MongoDB proxy listening on ${config.host}:${config.port}`);
+        return {
+            server,
+            client,
+            async close() {
+                await server.stop();
+                await client.close();
+                Logger.info('MongoDB proxy server closed');
+            },
+        };
+    },
+});

package/src/proxy/mongodb/register.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=register.d.ts.map

package/src/proxy/mongodb/register.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"register.d.ts","sourceRoot":"","sources":["../../../../src/proxy/mongodb/register.ts"],"names":[],"mappings":""}

package/src/proxy/mongodb/register.js

@@ -0,0 +1,5 @@
+import { ProxyRegistry } from '../ProxyRegistry.js';
+ProxyRegistry.register({
+    name: 'mongodb',
+    description: 'MongoDB HTTP proxy',
+});

package/src/proxy/mysql/MySqlProxyServer.d.ts

@@ -0,0 +1,14 @@
+import { type BaseProxyOverrides } from '../ProxyServerUtils';
+type ProxyOverrides = BaseProxyOverrides & Partial<{
+    dbHost: string;
+    dbPort: number;
+    dbName: string;
+    dbUser: string;
+    dbPass: string;
+    connectionLimit: number;
+}>;
+export declare const MySqlProxyServer: Readonly<{
+    start(overrides?: ProxyOverrides): Promise<void>;
+}>;
+export default MySqlProxyServer;
+//# sourceMappingURL=MySqlProxyServer.d.ts.map

package/src/proxy/mysql/MySqlProxyServer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"MySqlProxyServer.d.ts","sourceRoot":"","sources":["../../../../src/proxy/mysql/MySqlProxyServer.ts"],"names":[],"mappings":"AAOA,OAAO,EAIL,KAAK,kBAAkB,EACxB,MAAM,yBAAyB,CAAC;AAajC,KAAK,cAAc,GAAG,kBAAkB,GACtC,OAAO,CAAC;IACN,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,EAAE,MAAM,CAAC;CACzB,CAAC,CAAC;AAyJL,eAAO,MAAM,gBAAgB;sBACJ,cAAc,GAAQ,OAAO,CAAC,IAAI,CAAC;EA4C1D,CAAC;AAEH,eAAe,gBAAgB,CAAC"}

package/src/proxy/mysql/MySqlProxyServer.js

@@ -0,0 +1,169 @@
+import { Env } from '../../config/env.js';
+import { Logger } from '../../config/logger.js';
+import { ErrorFactory } from '../../exceptions/ZintrustError.js';
+import { ErrorHandler } from '../ErrorHandler.js';
+import { createProxyServer } from '../ProxyServer.js';
+import { resolveBaseConfig, resolveBaseSigningConfig, verifyRequestSignature, } from '../ProxyServerUtils.js';
+import { RequestValidator } from '../RequestValidator.js';
+import { validateSqlPayload } from '../SqlPayloadValidator.js';
+import { createPool } from 'mysql2/promise';
+const resolveDatabaseConfig = (overrides = {}) => {
+    const dbHost = overrides.dbHost ?? Env.get('MYSQL_DB_HOST', Env.get('DB_HOST', '127.0.0.1'));
+    const dbPort = overrides.dbPort ?? Env.getInt('MYSQL_DB_PORT', Env.getInt('DB_PORT', 3306));
+    const dbName = overrides.dbName ?? Env.get('MYSQL_DB_DATABASE', Env.get('DB_DATABASE', 'zintrust'));
+    const dbUser = overrides.dbUser ?? Env.get('MYSQL_DB_USERNAME', Env.get('DB_USERNAME', 'root'));
+    const dbPass = overrides.dbPass ?? Env.get('MYSQL_DB_PASSWORD', Env.get('DB_PASSWORD', 'pass'));
+    const connectionLimit = overrides.connectionLimit ?? Env.MYSQL_PROXY_POOL_LIMIT;
+    return { dbHost, dbPort, dbName, dbUser, dbPass, connectionLimit };
+};
+const resolveConfig = (overrides = {}) => {
+    const proxyConfig = resolveBaseConfig(overrides, 'MYSQL');
+    const dbConfig = resolveDatabaseConfig(overrides);
+    const signingConfig = resolveBaseSigningConfig(overrides, 'MYSQL');
+    const poolOptions = {
+        host: dbConfig.dbHost,
+        port: dbConfig.dbPort,
+        database: dbConfig.dbName,
+        user: dbConfig.dbUser,
+        password: dbConfig.dbPass,
+        waitForConnections: true,
+        connectionLimit: dbConfig.connectionLimit <= 0 ? 50 : dbConfig.connectionLimit,
+        queueLimit: 0,
+        enableKeepAlive: true,
+        keepAliveInitialDelay: 0,
+        namedPlaceholders: true,
+    };
+    return {
+        host: proxyConfig.host,
+        port: proxyConfig.port,
+        maxBodyBytes: proxyConfig.maxBodyBytes,
+        poolOptions,
+        signing: {
+            keyId: signingConfig.keyId,
+            secret: signingConfig.secret,
+            require: signingConfig.requireSigning,
+            windowMs: signingConfig.signingWindowMs,
+        },
+    };
+};
+const normalizeResult = (rows) => {
+    if (Array.isArray(rows)) {
+        return { rows: rows, rowCount: rows.length };
+    }
+    if (rows !== null && rows !== undefined && typeof rows === 'object') {
+        const input = rows;
+        const affectedRows = Number.isFinite(input.affectedRows) ? Number(input.affectedRows) : 0;
+        const insertId = input.insertId;
+        const lastInsertId = typeof insertId === 'number' || typeof insertId === 'string' || typeof insertId === 'bigint'
+            ? insertId
+            : undefined;
+        return { rows: [], rowCount: affectedRows, lastInsertId };
+    }
+    return { rows: [], rowCount: 0 };
+};
+const handleEndpoint = (path, rows) => {
+    if (path === '/zin/mysql/query') {
+        return { status: 200, body: normalizeResult(rows) };
+    }
+    if (path === '/zin/mysql/queryOne') {
+        if (Array.isArray(rows)) {
+            return { status: 200, body: { row: rows[0] ?? null } };
+        }
+        return { status: 200, body: { row: null } };
+    }
+    if (path === '/zin/mysql/exec') {
+        const normalized = normalizeResult(rows);
+        return {
+            status: 200,
+            body: {
+                ok: true,
+                meta: { changes: normalized.rowCount, lastRowId: normalized.lastInsertId },
+            },
+        };
+    }
+    return ErrorHandler.toProxyError(404, 'NOT_FOUND', 'Unknown endpoint');
+};
+const createBackend = (pool) => ({
+    name: 'mysql',
+    async handle(request) {
+        const methodError = RequestValidator.requirePost(request.method);
+        if (methodError) {
+            return ErrorHandler.toProxyError(405, methodError.code, methodError.message);
+        }
+        const parsed = RequestValidator.parseJson(request.body);
+        if (!parsed.ok) {
+            return ErrorHandler.toProxyError(400, parsed.error.code, parsed.error.message);
+        }
+        const sqlValidation = validateSqlPayload(parsed.value);
+        if (!sqlValidation.valid) {
+            const error = sqlValidation.error ?? {
+                code: 'VALIDATION_ERROR',
+                message: 'Invalid SQL payload',
+            };
+            return ErrorHandler.toProxyError(400, error.code, error.message);
+        }
+        try {
+            const [rows] = await pool.query(sqlValidation.sql ?? '', sqlValidation.params ?? []);
+            return handleEndpoint(request.path, rows);
+        }
+        catch (error) {
+            Logger.error('[MySQLProxyServer] Query execution failed', {
+                path: request.path,
+                sqlPreview: String(sqlValidation.sql ?? '').slice(0, 160),
+                paramsCount: Array.isArray(sqlValidation.params) ? sqlValidation.params.length : 0,
+                error: error instanceof Error ? error.message : String(error),
+            });
+            return ErrorHandler.toProxyError(500, 'MYSQL_ERROR', String(error));
+        }
+    },
+    async health() {
+        try {
+            await pool.query('SELECT 1');
+            return { status: 200, body: { status: 'healthy' } };
+        }
+        catch (error) {
+            Logger.error('[MySQLProxyServer] Health check failed', {
+                error: error instanceof Error ? error.message : String(error),
+            });
+            return ErrorHandler.toProxyError(503, 'UNHEALTHY', String(error));
+        }
+    },
+});
+export const MySqlProxyServer = Object.freeze({
+    async start(overrides = {}) {
+        const config = resolveConfig(overrides);
+        const signingHasKeyId = config.signing.keyId.trim() !== '';
+        const signingHasSecret = config.signing.secret.trim() !== '';
+        if (config.signing.require && (!signingHasKeyId || !signingHasSecret)) {
+            throw ErrorFactory.createConfigError(`MySQL proxy signing is required but credentials are missing. ` +
+                `Set MYSQL_PROXY_KEY_ID and MYSQL_PROXY_SECRET (fallbacks: APP_NAME and APP_KEY). ` +
+                `Resolved state: keyId=${config.signing.keyId || '<empty>'}, hasSecret=${String(signingHasSecret)}, ` +
+                `cwd=${typeof process !== 'undefined' && typeof process.cwd === 'function' ? process.cwd() : '<unknown>'}`);
+        }
+        // Debug: surface resolved config so we can compare watch vs non-watch runs
+        try {
+            Logger.info(`MySQL proxy config: proxyHost=${config.host} proxyPort=${config.port} dbHost=${String(config.poolOptions.host)} dbPort=${String(config.poolOptions.port)} dbName=${String(config.poolOptions.database)} dbUser=${String(config.poolOptions.user)} requireSigning=${String(config.signing.require)} keyId=${config.signing.keyId} hasSecret=${String(config.signing.secret.trim() !== '')} signingWindowMs=${String(config.signing.windowMs)}`);
+        }
+        catch {
+            // noop - logging must not block startup
+        }
+        const pool = createPool(config.poolOptions);
+        const backend = createBackend(pool);
+        const proxy = createProxyServer({
+            host: config.host,
+            port: config.port,
+            maxBodyBytes: config.maxBodyBytes,
+            backend,
+            verify: async (req, body) => {
+                const verified = await verifyRequestSignature(req, body, config, 'MySQLProxyServer');
+                if (!verified.ok && verified.error) {
+                    return { ok: false, status: verified.error.status, message: verified.error.message };
+                }
+                return { ok: true };
+            },
+        });
+        await proxy.start();
+        Logger.info(`MySQL proxy listening on http://${config.host}:${config.port}`);
+    },
+});
+export default MySqlProxyServer;

package/src/proxy/mysql/register.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=register.d.ts.map

package/src/proxy/mysql/register.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"register.d.ts","sourceRoot":"","sources":["../../../../src/proxy/mysql/register.ts"],"names":[],"mappings":""}

package/src/proxy/mysql/register.js

@@ -0,0 +1,5 @@
+import { ProxyRegistry } from '../ProxyRegistry.js';
+ProxyRegistry.register({
+    name: 'mysql',
+    description: 'MySQL HTTP proxy server',
+});

package/src/proxy/postgres/PostgresProxyServer.d.ts

@@ -0,0 +1,14 @@
+import { type BaseProxyOverrides } from '../ProxyServerUtils';
+type ProxyOverrides = BaseProxyOverrides & Partial<{
+    dbHost: string;
+    dbPort: number;
+    dbName: string;
+    dbUser: string;
+    dbPass: string;
+    connectionLimit: number;
+}>;
+export declare const PostgresProxyServer: Readonly<{
+    start(overrides?: ProxyOverrides): Promise<void>;
+}>;
+export default PostgresProxyServer;
+//# sourceMappingURL=PostgresProxyServer.d.ts.map

package/src/proxy/postgres/PostgresProxyServer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"PostgresProxyServer.d.ts","sourceRoot":"","sources":["../../../../src/proxy/postgres/PostgresProxyServer.ts"],"names":[],"mappings":"AAMA,OAAO,EAIL,KAAK,kBAAkB,EACxB,MAAM,yBAAyB,CAAC;AAoBjC,KAAK,cAAc,GAAG,kBAAkB,GACtC,OAAO,CAAC;IACN,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,EAAE,MAAM,CAAC;CACzB,CAAC,CAAC;AAgIL,eAAO,MAAM,mBAAmB;sBACP,cAAc,GAAQ,OAAO,CAAC,IAAI,CAAC;EAoC1D,CAAC;AAEH,eAAe,mBAAmB,CAAC"}

package/src/proxy/postgres/PostgresProxyServer.js

@@ -0,0 +1,140 @@
+import { Env } from '../../config/env.js';
+import { Logger } from '../../config/logger.js';
+import { ErrorHandler } from '../ErrorHandler.js';
+import { createProxyServer } from '../ProxyServer.js';
+import { resolveBaseConfig, resolveBaseSigningConfig, verifyRequestSignature, } from '../ProxyServerUtils.js';
+import { RequestValidator } from '../RequestValidator.js';
+import { validateSqlPayload } from '../SqlPayloadValidator.js';
+import { Pool } from 'pg';
+const resolveDatabaseConfig = (overrides = {}) => {
+    const dbHost = overrides.dbHost ?? Env.DB_HOST ?? '127.0.0.1';
+    const dbPort = overrides.dbPort ?? Env.DB_PORT_POSTGRESQL ?? 5432;
+    const dbName = overrides.dbName ?? Env.DB_DATABASE_POSTGRESQL ?? 'postgres';
+    const dbUser = overrides.dbUser ?? Env.DB_USERNAME_POSTGRESQL ?? 'postgres';
+    const dbPass = overrides.dbPass ?? Env.DB_PASSWORD_POSTGRESQL ?? '';
+    const connectionLimit = overrides.connectionLimit ?? Env.POSTGRES_PROXY_POOL_LIMIT;
+    return { dbHost, dbPort, dbName, dbUser, dbPass, connectionLimit };
+};
+const resolveConfig = (overrides = {}) => {
+    const proxyConfig = resolveBaseConfig(overrides, 'POSTGRES');
+    const dbConfig = resolveDatabaseConfig(overrides);
+    const signingConfig = resolveBaseSigningConfig(overrides, 'POSTGRES');
+    const poolOptions = {
+        host: dbConfig.dbHost,
+        port: dbConfig.dbPort,
+        database: dbConfig.dbName,
+        user: dbConfig.dbUser,
+        password: dbConfig.dbPass,
+        max: dbConfig.connectionLimit <= 0 ? 50 : dbConfig.connectionLimit,
+    };
+    return {
+        host: proxyConfig.host,
+        port: proxyConfig.port,
+        maxBodyBytes: proxyConfig.maxBodyBytes,
+        poolOptions,
+        signing: {
+            keyId: signingConfig.keyId,
+            secret: signingConfig.secret,
+            require: signingConfig.requireSigning,
+            windowMs: signingConfig.signingWindowMs,
+        },
+    };
+};
+const normalizeSql = (sql) => {
+    if (!sql.includes('?'))
+        return sql;
+    let index = 0;
+    return sql.replaceAll('?', () => {
+        index += 1;
+        return `$${index}`;
+    });
+};
+const handleEndpoint = (path, result) => {
+    if (path === '/zin/postgres/query') {
+        return { status: 200, body: { rows: result.rows, rowCount: result.rowCount } };
+    }
+    if (path === '/zin/postgres/queryOne') {
+        const row = result.rows[0] ?? null;
+        return { status: 200, body: { row } };
+    }
+    if (path === '/zin/postgres/exec') {
+        return {
+            status: 200,
+            body: {
+                ok: true,
+                meta: { changes: result.rowCount },
+            },
+        };
+    }
+    return ErrorHandler.toProxyError(404, 'NOT_FOUND', 'Unknown endpoint');
+};
+const createBackend = (pool) => ({
+    name: 'postgres',
+    async handle(request) {
+        const methodError = RequestValidator.requirePost(request.method);
+        if (methodError) {
+            return ErrorHandler.toProxyError(405, methodError.code, methodError.message);
+        }
+        const parsed = RequestValidator.parseJson(request.body);
+        if (!parsed.ok) {
+            return ErrorHandler.toProxyError(400, parsed.error.code, parsed.error.message);
+        }
+        const sqlValidation = validateSqlPayload(parsed.value);
+        if (!sqlValidation.valid) {
+            const error = sqlValidation.error ?? {
+                code: 'VALIDATION_ERROR',
+                message: 'Invalid SQL payload',
+            };
+            return ErrorHandler.toProxyError(400, error.code, error.message);
+        }
+        try {
+            const sql = normalizeSql(sqlValidation.sql ?? '');
+            const result = await pool.query(sql, sqlValidation.params ?? []);
+            return handleEndpoint(request.path, {
+                rows: (result.rows ?? []),
+                rowCount: result.rowCount ?? result.rows?.length ?? 0,
+            });
+        }
+        catch (error) {
+            return ErrorHandler.toProxyError(500, 'POSTGRES_ERROR', String(error));
+        }
+    },
+    async health() {
+        try {
+            await pool.query('SELECT 1');
+            return { status: 200, body: { status: 'healthy' } };
+        }
+        catch (error) {
+            return ErrorHandler.toProxyError(503, 'UNHEALTHY', String(error));
+        }
+    },
+});
+export const PostgresProxyServer = Object.freeze({
+    async start(overrides = {}) {
+        const config = resolveConfig(overrides);
+        try {
+            Logger.info(`Postgres proxy config: proxyHost=${config.host} proxyPort=${config.port} dbHost=${String(config.poolOptions.host)} dbPort=${String(config.poolOptions.port)} dbName=${String(config.poolOptions.database)} dbUser=${String(config.poolOptions.user)}`);
+        }
+        catch {
+            // noop - logging must not block startup
+        }
+        const pool = new Pool(config.poolOptions);
+        const backend = createBackend(pool);
+        const proxy = createProxyServer({
+            host: config.host,
+            port: config.port,
+            maxBodyBytes: config.maxBodyBytes,
+            backend,
+            verify: async (req, body) => {
+                const verified = await verifyRequestSignature(req, body, config, 'PostgresProxyServer');
+                if (!verified.ok && verified.error) {
+                    return { ok: false, status: verified.error.status, message: verified.error.message };
+                }
+                return { ok: true };
+            },
+        });
+        await proxy.start();
+        Logger.info(`Postgres proxy listening on http://${config.host}:${config.port}`);
+    },
+});
+export default PostgresProxyServer;

package/src/proxy/postgres/register.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=register.d.ts.map

package/src/proxy/postgres/register.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"register.d.ts","sourceRoot":"","sources":["../../../../src/proxy/postgres/register.ts"],"names":[],"mappings":""}

package/src/proxy/postgres/register.js

@@ -0,0 +1,5 @@
+import { ProxyRegistry } from '../ProxyRegistry.js';
+ProxyRegistry.register({
+    name: 'postgres',
+    description: 'PostgreSQL HTTP proxy server',
+});

package/src/proxy/redis/RedisProxyServer.d.ts

@@ -0,0 +1,12 @@
+import { type BaseProxyOverrides } from '../ProxyServerUtils';
+type ProxyOverrides = BaseProxyOverrides & Partial<{
+    redisHost: string;
+    redisPort: number;
+    redisPassword: string;
+    redisDb: number;
+}>;
+export declare const RedisProxyServer: Readonly<{
+    start(overrides?: ProxyOverrides): Promise<void>;
+}>;
+export default RedisProxyServer;
+//# sourceMappingURL=RedisProxyServer.d.ts.map

package/src/proxy/redis/RedisProxyServer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"RedisProxyServer.d.ts","sourceRoot":"","sources":["../../../../src/proxy/redis/RedisProxyServer.ts"],"names":[],"mappings":"AAOA,OAAO,EAIL,KAAK,kBAAkB,EACxB,MAAM,yBAAyB,CAAC;AAiBjC,KAAK,cAAc,GAAG,kBAAkB,GACtC,OAAO,CAAC;IACN,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC,CAAC;AAyNL,eAAO,MAAM,gBAAgB;sBACJ,cAAc,GAAQ,OAAO,CAAC,IAAI,CAAC;EAqB1D,CAAC;AAEH,eAAe,gBAAgB,CAAC"}