@zintrust/core 0.1.40 → 0.1.41

package/src/orm/adapters/SqlProxyAdapterUtils.d.ts

@@ -0,0 +1,19 @@
+import { type RemoteSignedJsonSettings } from '../../common/RemoteSignedJson';
+export type ProxySettings = {
+    baseUrl: string;
+    keyId?: string;
+    secret?: string;
+    timeoutMs: number;
+    signaturePathPrefixToStrip?: string;
+};
+export type SignedProxyConfig = {
+    settings: ProxySettings;
+    missingUrlMessage: string;
+    missingCredentialsMessage: string;
+    messages: RemoteSignedJsonSettings['messages'];
+};
+export declare const buildSignedSettings: (config: SignedProxyConfig) => RemoteSignedJsonSettings;
+export declare const ensureSignedSettings: (config: SignedProxyConfig) => RemoteSignedJsonSettings;
+export declare const requestSignedProxy: <T>(config: SignedProxyConfig, path: string, payload: Record<string, unknown>) => Promise<T>;
+export declare const isRecord: (value: unknown) => value is Record<string, unknown>;
+//# sourceMappingURL=SqlProxyAdapterUtils.d.ts.map

package/src/orm/adapters/SqlProxyAdapterUtils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"SqlProxyAdapterUtils.d.ts","sourceRoot":"","sources":["../../../../src/orm/adapters/SqlProxyAdapterUtils.ts"],"names":[],"mappings":"AAAA,OAAO,EAAoB,KAAK,wBAAwB,EAAE,MAAM,0BAA0B,CAAC;AAK3F,MAAM,MAAM,aAAa,GAAG;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,0BAA0B,CAAC,EAAE,MAAM,CAAC;CACrC,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG;IAC9B,QAAQ,EAAE,aAAa,CAAC;IACxB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,yBAAyB,EAAE,MAAM,CAAC;IAClC,QAAQ,EAAE,wBAAwB,CAAC,UAAU,CAAC,CAAC;CAChD,CAAC;AAEF,eAAO,MAAM,mBAAmB,GAAI,QAAQ,iBAAiB,KAAG,wBAiB/D,CAAC;AAEF,eAAO,MAAM,oBAAoB,GAAI,QAAQ,iBAAiB,KAAG,wBAYhE,CAAC;AAEF,eAAO,MAAM,kBAAkB,GAAU,CAAC,EACxC,QAAQ,iBAAiB,EACzB,MAAM,MAAM,EACZ,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC/B,OAAO,CAAC,CAAC,CAGX,CAAC;AAEF,eAAO,MAAM,QAAQ,GAAI,OAAO,OAAO,KAAG,KAAK,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,CAC5B,CAAC"}

package/src/orm/adapters/SqlProxyAdapterUtils.js

@@ -0,0 +1,35 @@
+import { RemoteSignedJson } from '../../common/RemoteSignedJson.js';
+import { ErrorFactory } from '../../exceptions/ZintrustError.js';
+import { resolveSigningPrefix } from '../adapters/ProxySigningPath.js';
+import { normalizeSigningCredentials } from '../../proxy/SigningService.js';
+export const buildSignedSettings = (config) => {
+    const creds = normalizeSigningCredentials({
+        keyId: config.settings.keyId ?? '',
+        secret: config.settings.secret ?? '',
+    });
+    return {
+        baseUrl: config.settings.baseUrl,
+        keyId: creds.keyId,
+        secret: creds.secret,
+        timeoutMs: config.settings.timeoutMs,
+        signaturePathPrefixToStrip: config.settings.signaturePathPrefixToStrip ?? resolveSigningPrefix(config.settings.baseUrl),
+        missingUrlMessage: config.missingUrlMessage,
+        missingCredentialsMessage: config.missingCredentialsMessage,
+        messages: config.messages,
+    };
+};
+export const ensureSignedSettings = (config) => {
+    const signedSettings = buildSignedSettings(config);
+    if (signedSettings.baseUrl.trim() === '') {
+        throw ErrorFactory.createConfigError(config.missingUrlMessage);
+    }
+    if (signedSettings.keyId.trim() === '' || signedSettings.secret.trim() === '') {
+        throw ErrorFactory.createConfigError(config.missingCredentialsMessage);
+    }
+    return signedSettings;
+};
+export const requestSignedProxy = async (config, path, payload) => {
+    const signedSettings = ensureSignedSettings(config);
+    return RemoteSignedJson.request(signedSettings, path, payload);
+};
+export const isRecord = (value) => typeof value === 'object' && value !== null;

package/src/orm/adapters/SqlServerProxyAdapter.d.ts

@@ -0,0 +1,3 @@
+import type { IDatabaseAdapter } from '../DatabaseAdapter';
+export declare function createSqlServerProxyAdapter(): IDatabaseAdapter;
+//# sourceMappingURL=SqlServerProxyAdapter.d.ts.map

package/src/orm/adapters/SqlServerProxyAdapter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"SqlServerProxyAdapter.d.ts","sourceRoot":"","sources":["../../../../src/orm/adapters/SqlServerProxyAdapter.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,gBAAgB,EAAe,MAAM,sBAAsB,CAAC;AAyF1E,wBAAgB,2BAA2B,IAAI,gBAAgB,CAsF9D"}

package/src/orm/adapters/SqlServerProxyAdapter.js

@@ -0,0 +1,146 @@
+import { Env } from '../../config/env.js';
+import { Logger } from '../../config/logger.js';
+import { ErrorFactory } from '../../exceptions/ZintrustError.js';
+import { createSignedProxyRequest } from '../adapters/ProxySignedRequest.js';
+const cache = new Map();
+const CACHE_TTL_MS = 5000;
+const getCacheKey = (sql, params) => {
+    return `${sql}:${JSON.stringify(params)}`;
+};
+const getCachedResult = (key) => {
+    const entry = cache.get(key);
+    if (!entry)
+        return null;
+    if (Date.now() - entry.timestamp > CACHE_TTL_MS) {
+        cache.delete(key);
+        return null;
+    }
+    return entry.data;
+};
+const setCachedResult = (key, data) => {
+    cache.set(key, { data, timestamp: Date.now() });
+};
+const resolveProxyUrl = () => {
+    const url = Env.get('SQLSERVER_PROXY_URL', '');
+    if (typeof url === 'string' && url.trim() !== '')
+        return url;
+    const host = Env.get('SQLSERVER_PROXY_HOST', '127.0.0.1');
+    const port = Env.getInt('SQLSERVER_PROXY_PORT', 8793);
+    return `http://${host}:${port}`;
+};
+const createSignedRequest = async (url, body) => {
+    return createSignedProxyRequest({
+        url,
+        body,
+        keyId: Env.get('SQLSERVER_PROXY_KEY_ID', ''),
+        secret: Env.get('SQLSERVER_PROXY_SECRET', ''),
+        missingCredentialsMessage: 'SQL Server proxy signing credentials are missing (SQLSERVER_PROXY_KEY_ID / SQLSERVER_PROXY_SECRET)',
+    });
+};
+const sendQuery = async (sql, params) => {
+    const proxyUrl = resolveProxyUrl();
+    const payload = { sql, params };
+    const body = JSON.stringify(payload);
+    const { headers, body: signedBody } = await createSignedRequest(proxyUrl, body);
+    const timeout = Env.getInt('SQLSERVER_PROXY_TIMEOUT_MS', 30000);
+    const controller = new AbortController();
+    const timeoutId = globalThis.setTimeout(() => controller.abort(), timeout);
+    try {
+        const response = await fetch(proxyUrl, {
+            method: 'POST',
+            headers,
+            body: signedBody,
+            signal: controller.signal,
+        });
+        clearTimeout(timeoutId);
+        if (!response.ok) {
+            const errorText = await response.text();
+            throw ErrorFactory.createDatabaseError(`SQL Server proxy error: ${errorText}`);
+        }
+        const result = (await response.json());
+        return result;
+    }
+    catch (error) {
+        clearTimeout(timeoutId);
+        if (error.name === 'AbortError') {
+            throw ErrorFactory.createGeneralError('SQL Server proxy request timed out');
+        }
+        throw error;
+    }
+};
+export function createSqlServerProxyAdapter() {
+    let connected = false;
+    let inTransaction = false;
+    return {
+        // eslint-disable-next-line @typescript-eslint/require-await
+        async connect() {
+            const proxyUrl = resolveProxyUrl();
+            Logger.info(`Connecting to SQL Server via proxy: ${proxyUrl}`);
+            connected = true;
+        },
+        // eslint-disable-next-line @typescript-eslint/require-await
+        async disconnect() {
+            connected = false;
+            inTransaction = false;
+            cache.clear();
+            Logger.info('Disconnected from SQL Server proxy');
+        },
+        async query(sql, parameters) {
+            if (!connected) {
+                throw ErrorFactory.createConnectionError('Not connected to SQL Server proxy');
+            }
+            if (sql.trim().toUpperCase().startsWith('SELECT')) {
+                const cacheKey = getCacheKey(sql, parameters);
+                const cached = getCachedResult(cacheKey);
+                if (cached)
+                    return cached;
+                const result = await sendQuery(sql, parameters);
+                setCachedResult(cacheKey, result);
+                return result;
+            }
+            return sendQuery(sql, parameters);
+        },
+        async queryOne(sql, parameters) {
+            const result = await this.query(sql, parameters);
+            return result.rows[0] ?? null;
+        },
+        async ping() {
+            if (!connected) {
+                throw ErrorFactory.createConnectionError('Not connected to SQL Server proxy');
+            }
+            await this.query('SELECT 1 AS ping', []);
+        },
+        async transaction(callback) {
+            if (inTransaction) {
+                throw ErrorFactory.createGeneralError('Transaction already in progress');
+            }
+            inTransaction = true;
+            try {
+                await this.query('BEGIN TRANSACTION', []);
+                const result = await callback(this);
+                await this.query('COMMIT', []);
+                return result;
+            }
+            catch (error) {
+                await this.query('ROLLBACK', []);
+                throw error;
+            }
+            finally {
+                inTransaction = false;
+            }
+        },
+        async rawQuery(sql, parameters) {
+            const result = await this.query(sql, parameters ?? []);
+            return result.rows;
+        },
+        getType() {
+            return 'sqlserver-proxy';
+        },
+        isConnected() {
+            return connected;
+        },
+        getPlaceholder(index) {
+            return `@param${index}`;
+        },
+    };
+}

package/src/performance/Optimizer.d.ts

@@ -7,6 +7,7 @@ export interface IGenerationCache {
     set(type: string, params: Record<string, unknown>, code: string): Promise<void>;
     save(): Promise<void>;
     clear(): Promise<void>;
+    dispose(): Promise<void>;
     getStats(): Promise<{
         size: number;
         entries: number;

package/src/performance/Optimizer.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"Optimizer.d.ts","sourceRoot":"","sources":["../../../src/performance/Optimizer.ts"],"names":[],"mappings":"AAAA;;;GAGG;AASH,MAAM,WAAW,gBAAgB;IAC/B,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAC3E,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAChF,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACtB,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACvB,QAAQ,IAAI,OAAO,CAAC;QAClB,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,SAAS,EAAE,MAAM,CAAC;QAClB,IAAI,EAAE,MAAM,EAAE,CAAC;KAChB,CAAC,CAAC;CACJ;AAkDD;;;GAGG;AACH,eAAO,MAAM,eAAe;IAC1B;;OAEG;sBAES,MAAM,UACT,MAAM,eACD,MAAM,GACjB,gBAAgB;EAUnB,CAAC;AAiWH,MAAM,WAAW,WAAW;IAC1B,IAAI,CAAC,CAAC,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;IACxC,OAAO,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9C,KAAK,IAAI,IAAI,CAAC;CACf;AAED;;;GAGG;AACH,eAAO,MAAM,UAAU;IACrB;;OAEG;cACO,WAAW;EAqCrB,CAAC;AAEH;;GAEG;AAEH;;GAEG;AACH,wBAAsB,QAAQ,CAAC,CAAC,EAC9B,UAAU,EAAE,KAAK,CAAC,MAAM,OAAO,CAAC,CAAC,CAAC,CAAC,EACnC,SAAS,GAAE,MAAU,GACpB,OAAO,CAAC,CAAC,EAAE,CAAC,CAcd;AAED;;GAEG;AACH,wBAAsB,MAAM,CAAC,CAAC,EAAE,UAAU,EAAE,KAAK,CAAC,MAAM,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,EAAE,CAAC,CAEjF;AAED,eAAO,MAAM,iBAAiB;;;EAG5B,CAAC;AAEH;;GAEG;AAEH;;GAEG;AAEH,wBAAgB,cAAc,CAAC,CAAC,SAAS,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,GAAG,EAC9D,EAAE,EAAE,CAAC,EACL,OAAO,GAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,YAAY,CAAC,EAAE,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CAAO,GAC/F,CAAC,CA+DH;AAED,eAAO,MAAM,OAAO;;EAElB,CAAC;AAEH,MAAM,WAAW,qBAAqB;IACpC,iBAAiB,CAAC,CAAC,EACjB,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,WAAW,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,GAC5B,OAAO,CAAC,CAAC,CAAC,CAAC;IACd,kBAAkB,CAAC,CAAC,EAAE,UAAU,EAAE,KAAK,CAAC,MAAM,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC;IAC7F,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/C,QAAQ,IAAI;QACV,SAAS,EAAE,MAAM,CAAC;QAClB,WAAW,EAAE,MAAM,CAAC;QACpB,OAAO,EAAE,MAAM,CAAC;QAChB,YAAY,EAAE,MAAM,CAAC;QACrB,kBAAkB,EAAE,MAAM,CAAC;QAC3B,WAAW,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,IAAI,EAAE,MAAM,EAAE,CAAA;SAAE,CAAC;KAC/C,CAAC;IACF,SAAS,IAAI,IAAI,CAAC;IAClB,KAAK,IAAI,IAAI,CAAC;CACf;AASD;;;GAGG;AACH,eAAO,MAAM,oBAAoB;IAC/B;;OAEG;cACO,qBAAqB;EAoE/B,CAAC;AA2HH,eAAe,oBAAoB,CAAC"}
+{"version":3,"file":"Optimizer.d.ts","sourceRoot":"","sources":["../../../src/performance/Optimizer.ts"],"names":[],"mappings":"AAAA;;;GAGG;AASH,MAAM,WAAW,gBAAgB;IAC/B,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAC3E,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAChF,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACtB,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACvB,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACzB,QAAQ,IAAI,OAAO,CAAC;QAClB,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,SAAS,EAAE,MAAM,CAAC;QAClB,IAAI,EAAE,MAAM,EAAE,CAAC;KAChB,CAAC,CAAC;CACJ;AAkDD;;;GAGG;AACH,eAAO,MAAM,eAAe;IAC1B;;OAEG;sBAES,MAAM,UACT,MAAM,eACD,MAAM,GACjB,gBAAgB;EAUnB,CAAC;AAiXH,MAAM,WAAW,WAAW;IAC1B,IAAI,CAAC,CAAC,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;IACxC,OAAO,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9C,KAAK,IAAI,IAAI,CAAC;CACf;AAED;;;GAGG;AACH,eAAO,MAAM,UAAU;IACrB;;OAEG;cACO,WAAW;EAqCrB,CAAC;AAEH;;GAEG;AAEH;;GAEG;AACH,wBAAsB,QAAQ,CAAC,CAAC,EAC9B,UAAU,EAAE,KAAK,CAAC,MAAM,OAAO,CAAC,CAAC,CAAC,CAAC,EACnC,SAAS,GAAE,MAAU,GACpB,OAAO,CAAC,CAAC,EAAE,CAAC,CAcd;AAED;;GAEG;AACH,wBAAsB,MAAM,CAAC,CAAC,EAAE,UAAU,EAAE,KAAK,CAAC,MAAM,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,EAAE,CAAC,CAEjF;AAED,eAAO,MAAM,iBAAiB;;;EAG5B,CAAC;AAEH;;GAEG;AAEH;;GAEG;AAEH,wBAAgB,cAAc,CAAC,CAAC,SAAS,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,GAAG,EAC9D,EAAE,EAAE,CAAC,EACL,OAAO,GAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,YAAY,CAAC,EAAE,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CAAO,GAC/F,CAAC,CA+DH;AAED,eAAO,MAAM,OAAO;;EAElB,CAAC;AAEH,MAAM,WAAW,qBAAqB;IACpC,iBAAiB,CAAC,CAAC,EACjB,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,WAAW,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,GAC5B,OAAO,CAAC,CAAC,CAAC,CAAC;IACd,kBAAkB,CAAC,CAAC,EAAE,UAAU,EAAE,KAAK,CAAC,MAAM,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC;IAC7F,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/C,QAAQ,IAAI;QACV,SAAS,EAAE,MAAM,CAAC;QAClB,WAAW,EAAE,MAAM,CAAC;QACpB,OAAO,EAAE,MAAM,CAAC;QAChB,YAAY,EAAE,MAAM,CAAC;QACrB,kBAAkB,EAAE,MAAM,CAAC;QAC3B,WAAW,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,IAAI,EAAE,MAAM,EAAE,CAAA;SAAE,CAAC;KAC/C,CAAC;IACF,SAAS,IAAI,IAAI,CAAC;IAClB,KAAK,IAAI,IAAI,CAAC;CACf;AASD;;;GAGG;AACH,eAAO,MAAM,oBAAoB;IAC/B;;OAEG;cACO,qBAAqB;EAoE/B,CAAC;AA2HH,eAAe,oBAAoB,CAAC"}

package/src/performance/Optimizer.js

@@ -192,17 +192,16 @@ function createCacheInstance(state) {
          * Clear cache (async)
          */
         async clear() {
-            if (state.cleanupInterval) {
-                clearInterval(state.cleanupInterval);
-                state.cleanupInterval = undefined;
-            }
-            if (state.flushTimer) {
-                clearTimeout(state.flushTimer);
-                state.flushTimer = undefined;
-            }
+            stopCacheTimers(state);
             state.pendingWrites.clear();
             await clearCache(state);
         },
+        // eslint-disable-next-line @typescript-eslint/require-await
+        async dispose() {
+            stopCacheTimers(state);
+            state.pendingWrites.clear();
+            state.cache.clear();
+        },
         /**
          * Get cache statistics (async)
          */
@@ -211,6 +210,16 @@ function createCacheInstance(state) {
         },
     };
 }
+function stopCacheTimers(state) {
+    if (state.cleanupInterval) {
+        clearInterval(state.cleanupInterval);
+        state.cleanupInterval = undefined;
+    }
+    if (state.flushTimer) {
+        clearTimeout(state.flushTimer);
+        state.flushTimer = undefined;
+    }
+}
 function attachCacheStateForTests(instance, state) {
     Object.defineProperty(instance, GENERATION_CACHE_STATE_SYMBOL, {
         value: state,
@@ -222,6 +231,10 @@ function attachCacheStateForTests(instance, state) {
  */
 async function saveCacheToDisk(state) {
     try {
+        if (state.flushTimer !== undefined) {
+            clearTimeout(state.flushTimer);
+            state.flushTimer = undefined;
+        }
         const flushedEnsured = await flushPendingWrites(state);
         if (!flushedEnsured) {
             await ensureCacheDir(state.cacheDir);

package/src/proxy/ErrorHandler.d.ts

@@ -0,0 +1,11 @@
+export type ProxyErrorResponse = Readonly<{
+    status: number;
+    body: {
+        code: string;
+        message: string;
+    };
+}>;
+export declare const ErrorHandler: Readonly<{
+    toProxyError: (status: number, code: string, message: string) => ProxyErrorResponse;
+}>;
+//# sourceMappingURL=ErrorHandler.d.ts.map

package/src/proxy/ErrorHandler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ErrorHandler.d.ts","sourceRoot":"","sources":["../../../src/proxy/ErrorHandler.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,kBAAkB,GAAG,QAAQ,CAAC;IACxC,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;CACzC,CAAC,CAAC;AAOH,eAAO,MAAM,YAAY;2BALK,MAAM,QAAQ,MAAM,WAAW,MAAM,KAAG,kBAAkB;EAOtF,CAAC"}

package/src/proxy/ErrorHandler.js

@@ -0,0 +1,7 @@
+const toProxyError = (status, code, message) => ({
+    status,
+    body: { code, message },
+});
+export const ErrorHandler = Object.freeze({
+    toProxyError,
+});

package/src/proxy/PoolManager.d.ts

@@ -0,0 +1,8 @@
+export type PoolFactory<T> = () => T;
+export type PoolDisposer<T> = (pool: T) => Promise<void> | void;
+export type PoolManager<T> = Readonly<{
+    get: () => T;
+    dispose: () => Promise<void>;
+}>;
+export declare const createPoolManager: <T>(create: PoolFactory<T>, dispose: PoolDisposer<T>) => PoolManager<T>;
+//# sourceMappingURL=PoolManager.d.ts.map

package/src/proxy/PoolManager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"PoolManager.d.ts","sourceRoot":"","sources":["../../../src/proxy/PoolManager.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,WAAW,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC;AACrC,MAAM,MAAM,YAAY,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;AAEhE,MAAM,MAAM,WAAW,CAAC,CAAC,IAAI,QAAQ,CAAC;IACpC,GAAG,EAAE,MAAM,CAAC,CAAC;IACb,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC9B,CAAC,CAAC;AAEH,eAAO,MAAM,iBAAiB,GAAI,CAAC,EACjC,QAAQ,WAAW,CAAC,CAAC,CAAC,EACtB,SAAS,YAAY,CAAC,CAAC,CAAC,KACvB,WAAW,CAAC,CAAC,CAmBf,CAAC"}

package/src/proxy/PoolManager.js

@@ -0,0 +1,18 @@
+export const createPoolManager = (create, dispose) => {
+    let pool = null;
+    const get = () => {
+        pool ??= create();
+        return pool;
+    };
+    const disposePool = async () => {
+        if (pool === null)
+            return;
+        const current = pool;
+        pool = null;
+        await Promise.resolve(dispose(current));
+    };
+    return Object.freeze({
+        get,
+        dispose: disposePool,
+    });
+};

package/src/proxy/ProxyBackend.d.ts

@@ -0,0 +1,18 @@
+export type ProxyRequest = Readonly<{
+    method: string;
+    path: string;
+    headers: Record<string, string | undefined>;
+    body: string;
+}>;
+export type ProxyResponse = Readonly<{
+    status: number;
+    body: unknown;
+    headers?: Record<string, string>;
+}>;
+export type ProxyBackend = Readonly<{
+    name: string;
+    handle: (request: ProxyRequest) => Promise<ProxyResponse>;
+    health: () => Promise<ProxyResponse>;
+    shutdown?: () => Promise<void>;
+}>;
+//# sourceMappingURL=ProxyBackend.d.ts.map

package/src/proxy/ProxyBackend.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ProxyBackend.d.ts","sourceRoot":"","sources":["../../../src/proxy/ProxyBackend.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,YAAY,GAAG,QAAQ,CAAC;IAClC,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC;IAC5C,IAAI,EAAE,MAAM,CAAC;CACd,CAAC,CAAC;AAEH,MAAM,MAAM,aAAa,GAAG,QAAQ,CAAC;IACnC,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,OAAO,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClC,CAAC,CAAC;AAEH,MAAM,MAAM,YAAY,GAAG,QAAQ,CAAC;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,CAAC,OAAO,EAAE,YAAY,KAAK,OAAO,CAAC,aAAa,CAAC,CAAC;IAC1D,MAAM,EAAE,MAAM,OAAO,CAAC,aAAa,CAAC,CAAC;IACrC,QAAQ,CAAC,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAChC,CAAC,CAAC"}

package/src/proxy/ProxyBackend.js

@@ -0,0 +1 @@
+export {};

package/src/proxy/ProxyConfig.d.ts

@@ -0,0 +1,12 @@
+export type ProxySigningConfig = Readonly<{
+    keyId: string;
+    secret: string;
+    require: boolean;
+    windowMs: number;
+}>;
+export type ProxyServerConfig = Readonly<{
+    host: string;
+    port: number;
+    maxBodyBytes: number;
+}>;
+//# sourceMappingURL=ProxyConfig.d.ts.map

package/src/proxy/ProxyConfig.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ProxyConfig.d.ts","sourceRoot":"","sources":["../../../src/proxy/ProxyConfig.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,kBAAkB,GAAG,QAAQ,CAAC;IACxC,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CAClB,CAAC,CAAC;AAEH,MAAM,MAAM,iBAAiB,GAAG,QAAQ,CAAC;IACvC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,MAAM,CAAC;CACtB,CAAC,CAAC"}

package/src/proxy/ProxyConfig.js

@@ -0,0 +1 @@
+export {};

package/src/proxy/ProxyRegistry.d.ts

@@ -0,0 +1,10 @@
+export type ProxyRegistration = Readonly<{
+    name: string;
+    description: string;
+}>;
+export declare const ProxyRegistry: Readonly<{
+    register: (proxy: ProxyRegistration) => void;
+    get: (name: string) => ProxyRegistration | undefined;
+    list: () => ProxyRegistration[];
+}>;
+//# sourceMappingURL=ProxyRegistry.d.ts.map

package/src/proxy/ProxyRegistry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ProxyRegistry.d.ts","sourceRoot":"","sources":["../../../src/proxy/ProxyRegistry.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,iBAAiB,GAAG,QAAQ,CAAC;IACvC,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC,CAAC;AAYH,eAAO,MAAM,aAAa;sBARD,iBAAiB,KAAG,IAAI;gBAI9B,MAAM,KAAG,iBAAiB,GAAG,SAAS;gBAExC,iBAAiB,EAAE;EAMlC,CAAC"}

package/src/proxy/ProxyRegistry.js

@@ -0,0 +1,11 @@
+const registry = new Map();
+const register = (proxy) => {
+    registry.set(proxy.name, proxy);
+};
+const get = (name) => registry.get(name);
+const list = () => Array.from(registry.values());
+export const ProxyRegistry = Object.freeze({
+    register,
+    get,
+    list,
+});

package/src/proxy/ProxyServer.d.ts

@@ -0,0 +1,21 @@
+import { type IncomingMessage, type Server } from '../node-singletons/http';
+import type { ProxyBackend } from './ProxyBackend';
+export type ProxyServerOptions = Readonly<{
+    host: string;
+    port: number;
+    maxBodyBytes: number;
+    backend: ProxyBackend;
+    verify?: (req: IncomingMessage, body: string) => Promise<{
+        ok: true;
+    } | {
+        ok: false;
+        status: number;
+        message: string;
+    }>;
+}>;
+export declare const createProxyServer: (options: ProxyServerOptions) => Readonly<{
+    start: () => Promise<void>;
+    stop: () => Promise<void>;
+    server: Server;
+}>;
+//# sourceMappingURL=ProxyServer.d.ts.map

package/src/proxy/ProxyServer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ProxyServer.d.ts","sourceRoot":"","sources":["../../../src/proxy/ProxyServer.ts"],"names":[],"mappings":"AACA,OAAO,EAEL,KAAK,eAAe,EACpB,KAAK,MAAM,EAEZ,MAAM,uBAAuB,CAAC;AAC/B,OAAO,KAAK,EAAE,YAAY,EAA+B,MAAM,qBAAqB,CAAC;AAErF,MAAM,MAAM,kBAAkB,GAAG,QAAQ,CAAC;IACxC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,YAAY,CAAC;IACtB,MAAM,CAAC,EAAE,CACP,GAAG,EAAE,eAAe,EACpB,IAAI,EAAE,MAAM,KACT,OAAO,CAAC;QAAE,EAAE,EAAE,IAAI,CAAA;KAAE,GAAG;QAAE,EAAE,EAAE,KAAK,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CAC7E,CAAC,CAAC;AA0CH,eAAO,MAAM,iBAAiB,GAC5B,SAAS,kBAAkB,KAC1B,QAAQ,CAAC;IACV,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3B,IAAI,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1B,MAAM,EAAE,MAAM,CAAC;CAChB,CAsDA,CAAC"}

package/src/proxy/ProxyServer.js

@@ -0,0 +1,84 @@
+import { ErrorFactory } from '../exceptions/ZintrustError.js';
+import { createServer, } from '../node-singletons/http.js';
+const readBody = async (req, maxBodyBytes) => {
+    const chunks = [];
+    let size = 0;
+    for await (const chunk of req) {
+        const buffer = Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk);
+        size += buffer.length;
+        if (size > maxBodyBytes) {
+            throw ErrorFactory.createValidationError('Body too large');
+        }
+        chunks.push(buffer);
+    }
+    return Buffer.concat(chunks).toString('utf8');
+};
+const respond = (res, response) => {
+    res.writeHead(response.status, {
+        'Content-Type': 'application/json; charset=utf-8',
+        'Cache-Control': 'no-store',
+        ...response.headers,
+    });
+    res.end(JSON.stringify(response.body));
+};
+const toProxyRequest = (req, body) => {
+    const url = new URL(req.url ?? '/', `http://${req.headers.host ?? 'localhost'}`);
+    const headers = {};
+    for (const [key, value] of Object.entries(req.headers)) {
+        headers[key.toLowerCase()] = Array.isArray(value) ? value.join(',') : value;
+    }
+    return {
+        method: req.method ?? 'POST',
+        path: url.pathname,
+        headers,
+        body,
+    };
+};
+export const createProxyServer = (options) => {
+    const server = createServer(async (req, res) => {
+        try {
+            const body = await readBody(req, options.maxBodyBytes);
+            if ((req.url ?? '').startsWith('/health')) {
+                const response = await options.backend.health();
+                respond(res, response);
+                return;
+            }
+            if (options.verify) {
+                const verified = await options.verify(req, body);
+                if (!verified.ok) {
+                    respond(res, {
+                        status: verified.status,
+                        body: { code: 'UNAUTHORIZED', message: verified.message },
+                    });
+                    return;
+                }
+            }
+            const request = toProxyRequest(req, body);
+            const response = await options.backend.handle(request);
+            respond(res, response);
+        }
+        catch (error) {
+            respond(res, {
+                status: 500,
+                body: { code: 'PROXY_ERROR', message: String(error) },
+            });
+        }
+    });
+    const start = async () => new Promise((resolve) => {
+        server.listen(options.port, options.host, () => resolve());
+    });
+    const stop = async () => new Promise((resolve, reject) => {
+        server.close((error) => {
+            if (error) {
+                reject(error);
+                return;
+            }
+            resolve();
+        });
+    });
+    return Object.freeze({
+        start,
+        stop,
+        server,
+    });
+};

package/src/proxy/ProxyServerUtils.d.ts

@@ -0,0 +1,37 @@
+import type { IncomingMessage } from '../node-singletons/http';
+import type { ProxySigningConfig } from './ProxyConfig';
+export type BaseProxyConfig = {
+    host: string;
+    port: number;
+    maxBodyBytes: number;
+};
+export type BaseProxyOverrides = Partial<{
+    host: string;
+    port: number;
+    maxBodyBytes: number;
+    requireSigning: boolean;
+    keyId: string;
+    secret: string;
+    signingWindowMs: number;
+}>;
+export declare const resolveBaseConfig: (overrides: BaseProxyOverrides, prefix: string, defaults?: {
+    host?: string;
+    port?: number;
+    maxBodyBytes?: number;
+}) => BaseProxyConfig;
+export declare const resolveBaseSigningConfig: (overrides: BaseProxyOverrides, prefix: string) => {
+    keyId: string;
+    secret: string;
+    requireSigning: boolean;
+    signingWindowMs: number;
+};
+export declare const verifyRequestSignature: (req: IncomingMessage, body: string, config: {
+    signing: ProxySigningConfig;
+}, serviceName: string) => Promise<{
+    ok: boolean;
+    error?: {
+        status: number;
+        message: string;
+    };
+}>;
+//# sourceMappingURL=ProxyServerUtils.d.ts.map

package/src/proxy/ProxyServerUtils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ProxyServerUtils.d.ts","sourceRoot":"","sources":["../../../src/proxy/ProxyServerUtils.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAI7D,MAAM,MAAM,eAAe,GAAG;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,kBAAkB,GAAG,OAAO,CAAC;IACvC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,OAAO,CAAC;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,EAAE,MAAM,CAAC;CACzB,CAAC,CAAC;AAEH,eAAO,MAAM,iBAAiB,GAC5B,WAAW,kBAAkB,EAC7B,QAAQ,MAAM,EACd,WAAW;IAAE,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,YAAY,CAAC,EAAE,MAAM,CAAA;CAAE,KACjE,eAUF,CAAC;AAEF,eAAO,MAAM,wBAAwB,GACnC,WAAW,kBAAkB,EAC7B,QAAQ,MAAM,KACb;IACD,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,EAAE,OAAO,CAAC;IACxB,eAAe,EAAE,MAAM,CAAC;CAOtB,CAAC;AAEL,eAAO,MAAM,sBAAsB,GACjC,KAAK,eAAe,EACpB,MAAM,MAAM,EACZ,QAAQ;IAAE,OAAO,EAAE,kBAAkB,CAAA;CAAE,EACvC,aAAa,MAAM,KAClB,OAAO,CAAC;IAAE,EAAE,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAA;CAAE,CA8BtE,CAAC"}

package/src/proxy/ProxyServerUtils.js

@@ -0,0 +1,42 @@
+import { Env } from '../config/env.js';
+import { Logger } from '../config/logger.js';
+import { resolveProxySigningConfig } from './ProxySigningConfigResolver.js';
+import { extractSigningHeaders, verifyProxySignatureIfNeeded } from './ProxySigningRequest.js';
+export const resolveBaseConfig = (overrides, prefix, defaults) => {
+    const host = overrides.host ?? Env.get(`${prefix}_PROXY_HOST`, Env.HOST ?? defaults?.host ?? '127.0.0.1');
+    const port = overrides.port ?? Env.getInt(`${prefix}_PROXY_PORT`, Env.PORT ?? defaults?.port ?? 3000);
+    const maxBodyBytes = overrides.maxBodyBytes ??
+        Env.getInt(`${prefix}_PROXY_MAX_BODY_BYTES`, Env.MAX_BODY_SIZE ?? defaults?.maxBodyBytes ?? 0);
+    return { host, port, maxBodyBytes };
+};
+export const resolveBaseSigningConfig = (overrides, prefix) => resolveProxySigningConfig(overrides, {
+    keyIdEnvVar: `${prefix}_PROXY_KEY_ID`,
+    secretEnvVar: `${prefix}_PROXY_SECRET`,
+    requireEnvVar: `${prefix}_PROXY_REQUIRE_SIGNING`,
+    windowEnvVar: `${prefix}_PROXY_SIGNING_WINDOW_MS`,
+});
+export const verifyRequestSignature = async (req, body, config, serviceName) => {
+    const headers = extractSigningHeaders(req);
+    const hasAnySigningHeader = Object.values(headers).some((value) => typeof value === 'string' && value.trim() !== '');
+    Logger.debug(`[${serviceName}] Verifying request signature`, {
+        path: req.url ?? '',
+        method: req.method ?? 'POST',
+        requireSigning: config.signing.require,
+        hasAnySigningHeader,
+        configuredKeyId: config.signing.keyId,
+        hasConfiguredSecret: config.signing.secret.trim() !== '',
+        bodyBytes: body.length,
+    });
+    const verified = await verifyProxySignatureIfNeeded(req, body, config.signing);
+    if (!verified.ok) {
+        const error = verified.error ?? { status: 401, message: 'Unauthorized' };
+        Logger.warn(`[${serviceName}] Signature verification failed`, {
+            path: req.url ?? '',
+            method: req.method ?? 'POST',
+            status: error.status,
+            message: error.message,
+        });
+        return { ok: false, error };
+    }
+    return { ok: true };
+};

package/src/proxy/ProxySigningConfigResolver.d.ts

@@ -0,0 +1,22 @@
+type SigningOverrideLike = Partial<{
+    requireSigning: boolean;
+    keyId: string;
+    secret: string;
+    signingWindowMs: number;
+}>;
+type ResolveSigningConfigOptions = {
+    keyIdEnvVar: string;
+    secretEnvVar: string;
+    requireEnvVar: string;
+    windowEnvVar: string;
+    defaultRequire?: boolean;
+    defaultWindowMs?: number;
+};
+export declare const resolveProxySigningConfig: (overrides: SigningOverrideLike | undefined, options: ResolveSigningConfigOptions) => {
+    keyId: string;
+    secret: string;
+    requireSigning: boolean;
+    signingWindowMs: number;
+};
+export default resolveProxySigningConfig;
+//# sourceMappingURL=ProxySigningConfigResolver.d.ts.map

package/src/proxy/ProxySigningConfigResolver.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ProxySigningConfigResolver.d.ts","sourceRoot":"","sources":["../../../src/proxy/ProxySigningConfigResolver.ts"],"names":[],"mappings":"AAGA,KAAK,mBAAmB,GAAG,OAAO,CAAC;IACjC,cAAc,EAAE,OAAO,CAAC;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,EAAE,MAAM,CAAC;CACzB,CAAC,CAAC;AAEH,KAAK,2BAA2B,GAAG;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B,CAAC;AAEF,eAAO,MAAM,yBAAyB,GACpC,WAAW,mBAAmB,GAAG,SAAS,EAC1C,SAAS,2BAA2B,KACnC;IACD,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,EAAE,OAAO,CAAC;IACxB,eAAe,EAAE,MAAM,CAAC;CA4BzB,CAAC;AAEF,eAAe,yBAAyB,CAAC"}