@zuzjs/flare-admin 0.1.3 → 0.1.5

package/dist/types/index.d.ts

@@ -12,6 +12,10 @@ export interface FlareAdminConfig {
      * Keep in an environment variable — NEVER expose to the browser.
      */
     adminKey: string;
+    /** Optional gRPC endpoint, e.g. "127.0.0.1:5051". */
+    grpcUrl?: string;
+    /** Transport preference for supported operations. */
+    transport?: "auto" | "http" | "grpc";
     /** Default token TTL, e.g. "24h" */
     defaultTtl?: string;
     /**
@@ -89,6 +93,322 @@ export interface FlareAdminNotifications {
         tokens: AdminPushToken[];
     }>;
 }
+export interface AdminStorageServer {
+    id: string;
+    name: string;
+    kind: string;
+    endpoint: string;
+    bucket: string;
+    region: string;
+    prefix?: string;
+    dataDir?: string;
+    forcePathStyle?: boolean;
+    frozen?: boolean;
+    readOnly?: boolean;
+    createdAt?: unknown;
+    updatedAt?: unknown;
+}
+export interface AdminStorageServerInput {
+    name: string;
+    kind?: string;
+    endpoint?: string;
+    bucket: string;
+    region?: string;
+    accessKey?: string;
+    secretKey?: string;
+    prefix?: string;
+    dataDir?: string;
+    forcePathStyle?: boolean;
+    frozen?: boolean;
+    readOnly?: boolean;
+}
+export interface AdminStorageServerPatchInput {
+    name?: string;
+    endpoint?: string;
+    bucket?: string;
+    region?: string;
+    accessKey?: string;
+    secretKey?: string;
+    prefix?: string;
+    dataDir?: string;
+    forcePathStyle?: boolean;
+    frozen?: boolean;
+    readOnly?: boolean;
+}
+export interface AdminStorageUploadInput {
+    serverId: string;
+    path: string;
+    contentBase64: string;
+    contentType?: string;
+    encrypt?: boolean;
+}
+export interface AdminStorageDownloadInput {
+    serverId: string;
+    path: string;
+    decrypt?: boolean;
+}
+export interface AdminStorageDeleteInput {
+    serverId: string;
+    path: string;
+}
+export interface AdminStorageObjectResult {
+    ok: boolean;
+    path: string;
+    key: string;
+    encrypted?: boolean;
+    size?: number;
+    contentBase64?: string;
+    contentType?: string;
+}
+export declare enum AdminStorageSignedAction {
+    Upload = "upload",
+    Download = "download",
+    Delete = "delete",
+    Edit = "edit"
+}
+export interface AdminStorageSignedUrlInput {
+    bucket: string;
+    key: string;
+    action: AdminStorageSignedAction;
+    expiresInSeconds?: number;
+    sizeBytes?: number;
+    contentType?: string;
+    encrypt?: boolean;
+    decrypt?: boolean;
+    forceDownload?: boolean;
+    allowedOrigins?: string[];
+    embedOnly?: boolean;
+}
+export interface AdminStorageSignedUrlResult {
+    ok: boolean;
+    action: AdminStorageSignedAction;
+    method: "PUT" | "PATCH" | "GET" | "DELETE";
+    token: string;
+    urlPath: string;
+    url: string;
+    expiresInSeconds?: number;
+    expiresAt: number;
+    forceDownload?: boolean;
+    allowedOrigins?: string[];
+    embedOnly?: boolean;
+}
+export interface AdminGetObjectUrlInput {
+    bucket: string;
+    key: string;
+    decrypt?: boolean;
+    expiresInSeconds?: number;
+    forceDownload?: boolean;
+    allowedOrigins?: string[];
+    embedOnly?: boolean;
+}
+export interface AdminDownloadObjectInput extends AdminGetObjectUrlInput {
+    filename?: string;
+    openInNewTab?: boolean;
+}
+export interface AdminDownloadObjectResult {
+    ok: boolean;
+    url: string;
+    filename: string;
+    triggered: boolean;
+}
+export interface AdminStorageAwsConfig {
+    kind: string;
+    endpoint: string;
+    region: string;
+    bucket: string;
+    prefix?: string;
+    dataDir?: string;
+    forcePathStyle?: boolean;
+    accessKeyId: string;
+    secretAccessKey: string;
+}
+export interface AdminStorageRulesPolicy {
+    maxEntries?: number;
+    maxAgeDays?: number;
+}
+export interface AdminStorageRulesHistoryResult {
+    history: unknown[];
+    policy: AdminStorageRulesPolicy;
+    restoreEvents: unknown[];
+}
+export interface FlareAdminStorage {
+    servers(): Promise<AdminStorageServer[]>;
+    createServer(input: AdminStorageServerInput): Promise<{
+        ok: boolean;
+        serverId: string;
+    }>;
+    patchServer(serverId: string, input: AdminStorageServerPatchInput): Promise<{
+        ok: boolean;
+        serverId: string;
+    }>;
+    deleteServer(serverId: string): Promise<{
+        ok: boolean;
+        serverId: string;
+        removedObjects: number;
+    }>;
+    awsConfig(serverId: string): Promise<AdminStorageAwsConfig>;
+    uploadObject(input: AdminStorageUploadInput): Promise<AdminStorageObjectResult>;
+    downloadObject(input: AdminStorageDownloadInput): Promise<AdminStorageObjectResult>;
+    deleteObject(input: AdminStorageDeleteInput | AdminDeleteObjectsInput): Promise<AdminStorageObjectResult | {
+        ok: boolean;
+        deleted: string[];
+        errors: Record<string, string>;
+    }>;
+    createSignedUrl(input: AdminStorageSignedUrlInput): Promise<AdminStorageSignedUrlResult>;
+    setRules(input: {
+        rules?: Record<string, unknown>;
+        rulesDsl?: string;
+        rulesHistoryPolicy?: AdminStorageRulesPolicy;
+    }): Promise<{
+        id: string;
+    }>;
+    validateRules(rulesDsl: string): Promise<{
+        valid: boolean;
+        diagnostics: unknown[];
+        rulesCount: number;
+    }>;
+    rulesHistory(): Promise<AdminStorageRulesHistoryResult>;
+    restoreRules(historyId: string): Promise<{
+        id: string;
+        rulesText: string;
+    }>;
+    createBucket(name: string, options?: AdminStorageBucketInput): Promise<AdminStorageBucket>;
+    listBuckets(): Promise<AdminStorageBucket[]>;
+    deleteBucket(name: string): Promise<{
+        ok: boolean;
+        removedObjects: number;
+    }>;
+    deleteBuckets(names: string[]): Promise<{
+        ok: boolean;
+        deleted: string[];
+        errors: Record<string, string>;
+    }>;
+    getBucketLocation(name: string): Promise<{
+        bucket: string;
+        kind: string;
+        region?: string;
+        endpoint?: string;
+    }>;
+    putObject(input: AdminPutObjectInput): Promise<AdminPutObjectResult>;
+    getObject(input: AdminGetObjectInput): Promise<AdminGetObjectResult>;
+    getObjectUrl(input: AdminGetObjectUrlInput): Promise<string>;
+    downloadObject(input: AdminDownloadObjectInput): Promise<AdminDownloadObjectResult>;
+    headObject(input: AdminHeadObjectInput): Promise<AdminStorageObjectMeta>;
+    headObjects(input: AdminHeadObjectsInput): Promise<AdminStorageObjectMeta[]>;
+    listObjects(input: AdminListObjectsInput): Promise<AdminListObjectsResult>;
+    copyObject(input: AdminCopyObjectInput): Promise<{
+        ok: boolean;
+    }>;
+    copyObjects(inputs: AdminCopyObjectInput[]): Promise<{
+        ok: boolean;
+        errors: Record<string, string>;
+    }>;
+    deleteObjects(input: AdminDeleteObjectsInput): Promise<{
+        ok: boolean;
+        deleted: string[];
+        errors: Record<string, string>;
+    }>;
+}
+export interface AdminStorageBucket {
+    id: string;
+    name: string;
+    bucket: string;
+    kind: string;
+    region?: string;
+    endpoint?: string;
+    prefix?: string;
+    frozen?: boolean;
+    readOnly?: boolean;
+    createdAt?: unknown;
+    updatedAt?: unknown;
+}
+export interface AdminStorageBucketInput {
+    kind?: string;
+    prefix?: string;
+    region?: string;
+    endpoint?: string;
+    accessKey?: string;
+    secretKey?: string;
+    dataDir?: string;
+    forcePathStyle?: boolean;
+}
+export interface AdminStorageObjectMeta {
+    key: string;
+    bucket: string;
+    size: number;
+    contentType: string;
+    encrypted: boolean;
+    createdAt?: unknown;
+    updatedAt?: unknown;
+}
+export interface AdminPutObjectInput {
+    bucket: string;
+    key: string;
+    body?: string | Uint8Array | ArrayBuffer | Buffer;
+    /** Pre-encoded base64 body. Mutually exclusive with `body`. Always uses base64 path. */
+    contentBase64?: string;
+    contentType?: string;
+    /** Encrypt at rest with AES-256-GCM. Defaults to true. */
+    encrypt?: boolean;
+    /**
+     * Max payload bytes for the base64-over-JSON upload path.
+     * Payloads larger than this are uploaded via a signed URL (raw binary PUT).
+     * Default: 4 MiB.
+     */
+    base64MaxBytes?: number;
+}
+export interface AdminPutObjectResult {
+    ok: boolean;
+    bucket: string;
+    key: string;
+    size: number;
+    encrypted: boolean;
+}
+export interface AdminGetObjectInput {
+    bucket: string;
+    key: string;
+    decrypt?: boolean;
+}
+export interface AdminGetObjectResult {
+    ok: boolean;
+    bucket: string;
+    key: string;
+    contentBase64: string;
+    contentType: string;
+    size: number;
+    encrypted: boolean;
+}
+export interface AdminHeadObjectInput {
+    bucket: string;
+    key: string;
+}
+export interface AdminHeadObjectsInput {
+    bucket: string;
+    keys: string[];
+}
+export interface AdminListObjectsInput {
+    bucket: string;
+    prefix?: string;
+    limit?: number;
+    cursor?: string;
+}
+export interface AdminListObjectsResult {
+    bucket: string;
+    objects: AdminStorageObjectMeta[];
+    count: number;
+    hasMore: boolean;
+    cursor?: string;
+}
+export interface AdminCopyObjectInput {
+    sourceBucket: string;
+    sourceKey: string;
+    destBucket: string;
+    destKey: string;
+}
+export interface AdminDeleteObjectsInput {
+    bucket: string;
+    keys: string[];
+}
 export type QueryOperator = "==" | "!=" | "<" | "<=" | ">" | ">=" | "in" | "not-in" | "array-contains" | "array-contains-any" | "elem-match" | "like" | "not-like" | "contains" | "exists" | "not-exists";
 export interface WhereFilter {
     field: string;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zuzjs/flare-admin",
-  "version": "0.1.3",
+  "version": "0.1.5",
   "description": "Privileged server-side access for Flare. Designed for secure environments to perform administrative tasks, manage user identities at scale, and orchestrate system-wide notifications with full bypass of client-side security rules.",
   "keywords": [
     "flare",
@@ -30,9 +30,12 @@
   },
   "files": [
     "dist",
+    "proto",
     "README.md"
   ],
   "dependencies": {
+    "@grpc/grpc-js": "^1.14.0",
+    "@grpc/proto-loader": "^0.8.0",
     "ws": "^8.19.0"
   }
 }

package/proto/admin.proto

@@ -0,0 +1,129 @@
+syntax = "proto3";
+
+package flare;
+
+import "query.proto";
+
+service AdminService {
+  rpc AdminQuery (AdminQueryRequest) returns (AdminQueryResponse);
+  rpc CreateCustomToken (CreateCustomTokenRequest) returns (CreateCustomTokenResponse);
+  rpc CreateAuthTicket (CreateAuthTicketRequest) returns (CreateAuthTicketResponse);
+  rpc GetDocument (AdminDocumentRequest) returns (AdminDocumentResponse);
+  rpc CreateDocument (AdminCreateDocumentRequest) returns (AdminMutationResponse);
+  rpc ReplaceDocument (AdminUpsertDocumentRequest) returns (AdminMutationResponse);
+  rpc UpdateDocument (AdminUpsertDocumentRequest) returns (AdminMutationResponse);
+  rpc DeleteDocument (AdminDocumentRequest) returns (AdminDeleteDocumentResponse);
+  rpc DeleteMany (AdminDeleteManyRequest) returns (AdminDeleteManyResponse);
+}
+
+message AdminQueryRequest {
+  string app_id = 1;
+  string admin_key = 2;
+  string collection = 3;
+  StructuredQuery query = 4;
+}
+
+message AdminQueryResponse {
+  string collection = 1;
+  StructuredQuery query = 2;
+  int32 count = 3;
+  string data_json = 4;
+  string error = 5;
+  string error_description = 6;
+}
+
+message CreateCustomTokenRequest {
+  string app_id = 1;
+  string admin_key = 2;
+  string uid = 3;
+  string role = 4;
+  string claims_json = 5;
+  string ttl = 6;
+}
+
+message CreateCustomTokenResponse {
+  string token = 1;
+  string error = 2;
+  string error_description = 3;
+}
+
+message CreateAuthTicketRequest {
+  string app_id = 1;
+  string admin_key = 2;
+  string uid = 3;
+  string role = 4;
+  string email = 5;
+  string sid = 6;
+  string tag = 7;
+  int64 ttl_seconds = 8;
+  string ip = 9;
+}
+
+message CreateAuthTicketResponse {
+  string ticket = 1;
+  string tag = 2;
+  string uuid = 3;
+  string expires_at = 4;
+  bool one_time = 5;
+  string uid = 6;
+  string role = 7;
+  string ip = 8;
+  string error = 9;
+  string error_description = 10;
+}
+
+message AdminDocumentRequest {
+  string app_id = 1;
+  string admin_key = 2;
+  string collection = 3;
+  string doc_id = 4;
+}
+
+message AdminDocumentResponse {
+  string collection = 1;
+  string doc_id = 2;
+  string data_json = 3;
+  bool found = 4;
+  string error = 5;
+  string error_description = 6;
+}
+
+message AdminCreateDocumentRequest {
+  string app_id = 1;
+  string admin_key = 2;
+  string collection = 3;
+  string data_json = 4;
+}
+
+message AdminUpsertDocumentRequest {
+  string app_id = 1;
+  string admin_key = 2;
+  string collection = 3;
+  string doc_id = 4;
+  string data_json = 5;
+}
+
+message AdminMutationResponse {
+  string id = 1;
+  string error = 2;
+  string error_description = 3;
+}
+
+message AdminDeleteDocumentResponse {
+  bool deleted = 1;
+  string error = 2;
+  string error_description = 3;
+}
+
+message AdminDeleteManyRequest {
+  string app_id = 1;
+  string admin_key = 2;
+  string collection = 3;
+  repeated AnyFilter where = 4;
+}
+
+message AdminDeleteManyResponse {
+  int64 deleted = 1;
+  string error = 2;
+  string error_description = 3;
+}

package/proto/app.proto

@@ -0,0 +1,69 @@
+syntax = "proto3";
+
+package flare;
+
+service AppService {
+  rpc CreateApp (CreateAppRequest) returns (CreateAppResponse);
+  rpc GetApp (GetAppRequest) returns (GetAppResponse);
+}
+
+message CreateAppRequest {
+  string name = 1;
+  string owner_uid = 2;
+  string app_id = 3;
+  string api_key = 4;
+  string admin_key = 5;
+  string jwt_secret = 6;
+  string db_name = 7;
+  string public_key = 8;
+  string private_key = 9;
+  AppSettings settings = 10;
+}
+
+message AppSettings {
+  int32 max_connections = 1;
+  bool enable_encryption = 2;
+  string rules_dsl = 3;
+  string rules_history_policy = 4;
+  repeated string rules_restore_events = 5;
+  PushSettings push = 6;
+}
+
+message PushSettings {
+  string vapid_public_key = 1;
+  string vapid_private_key = 2;
+  string vapid_subject = 3;
+  string welcome_notification = 4;
+}
+
+message CreateAppResponse {
+  string app_id = 1;
+  string db_name = 2;
+  string name = 3;
+  string owner_uid = 4;
+  string api_key = 5;
+  string admin_key = 6;
+  string jwt_secret = 7;
+  string public_key = 8;
+  string private_key = 9;
+  AppSettings settings = 10;
+  string created_at = 11;
+}
+
+message GetAppRequest {
+  string app_id = 1;
+}
+
+message GetAppResponse {
+  string app_id = 1;
+  string db_name = 2;
+  string name = 3;
+  string owner_uid = 4;
+  string api_key = 5;
+  string admin_key = 6;
+  string jwt_secret = 7;
+  string public_key = 8;
+  string private_key = 9;
+  AppSettings settings = 10;
+  string created_at = 11;
+}

package/proto/auth.proto

@@ -0,0 +1,70 @@
+syntax = "proto3";
+
+package flare;
+
+service AuthService {
+  rpc Login (LoginRequest) returns (LoginResponse);
+  rpc Register (RegisterRequest) returns (RegisterResponse);
+}
+
+message LoginRequest {
+  string app_id = 1;
+  string client_id = 2;
+  string email = 3;
+  string username = 4;
+  string password = 5;
+}
+
+message LoginResponse {
+  string user_id = 1;
+  string token = 2;
+  string refresh_token = 3;
+  string role = 4;
+  string error = 5;
+  string error_description = 6;
+}
+
+message RegisterRequest {
+  string app_id = 1;
+  string client_id = 2;
+  string email = 3;
+  string username = 4;
+  string password = 5;
+}
+
+message RegisterResponse {
+  string user_id = 1;
+  string token = 2;
+  string role = 3;
+  string error = 4;
+  string error_description = 5;
+}
+
+message TokenRequest {
+  string app_id = 1;
+  string client_id = 2;
+  string grant_type = 3;
+  string username = 4;
+  string email = 5;
+  string password = 6;
+  string scope = 7;
+}
+
+message TokenResponse {
+  string access_token = 1;
+  string refresh_token = 2;
+  string csrf_token = 3;
+  string error = 4;
+  string error_description = 5;
+}
+
+message LogoutRequest {
+  string app_id = 1;
+  string sid = 2;
+}
+
+message LogoutResponse {
+  bool success = 1;
+  string error = 2;
+  string error_description = 3;
+}

package/proto/flare.proto

@@ -0,0 +1,11 @@
+// flare.proto: root import for all flare gRPC services
+syntax = "proto3";
+
+package flare;
+
+import "app.proto";
+import "auth.proto";
+import "admin.proto";
+import "query.proto";
+
+// Add more imports/services as needed