axvault 1.13.0 → 1.14.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +107 -14
- package/dist/cli.d.ts +2 -2
- package/dist/cli.js +21 -3
- package/dist/cli.js.map +1 -1
- package/dist/commands/init.d.ts +14 -0
- package/dist/commands/init.d.ts.map +1 -0
- package/dist/commands/init.js +88 -0
- package/dist/commands/init.js.map +1 -0
- package/dist/commands/serve.d.ts +1 -2
- package/dist/commands/serve.d.ts.map +1 -1
- package/dist/commands/serve.js +13 -20
- package/dist/commands/serve.js.map +1 -1
- package/dist/config.d.ts.map +1 -1
- package/dist/config.js +1 -1
- package/dist/config.js.map +1 -1
- package/dist/db/bootstrap-api-key.d.ts +4 -4
- package/dist/db/bootstrap-api-key.d.ts.map +1 -1
- package/dist/db/bootstrap-api-key.js +39 -6
- package/dist/db/bootstrap-api-key.js.map +1 -1
- package/dist/db/repositories/api-key-utilities.d.ts +3 -3
- package/dist/db/repositories/api-key-utilities.d.ts.map +1 -1
- package/dist/db/repositories/api-key-utilities.js +12 -1
- package/dist/db/repositories/api-key-utilities.js.map +1 -1
- package/dist/db/repositories/api-keys.d.ts +4 -2
- package/dist/db/repositories/api-keys.d.ts.map +1 -1
- package/dist/db/repositories/api-keys.js +7 -2
- package/dist/db/repositories/api-keys.js.map +1 -1
- package/dist/db/repositories/create-api-key.d.ts +1 -0
- package/dist/db/repositories/create-api-key.d.ts.map +1 -1
- package/dist/db/repositories/create-api-key.js +2 -2
- package/dist/db/repositories/create-api-key.js.map +1 -1
- package/dist/db/verify-database-initialization.d.ts +4 -0
- package/dist/db/verify-database-initialization.d.ts.map +1 -0
- package/dist/db/verify-database-initialization.js +66 -0
- package/dist/db/verify-database-initialization.js.map +1 -0
- package/dist/index.d.ts +4 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +4 -2
- package/dist/index.js.map +1 -1
- package/dist/resolve-database-url.d.ts +4 -0
- package/dist/resolve-database-url.d.ts.map +1 -0
- package/dist/resolve-database-url.js +11 -0
- package/dist/resolve-database-url.js.map +1 -0
- package/dist/resolve-secret-source.d.ts +11 -0
- package/dist/resolve-secret-source.d.ts.map +1 -0
- package/dist/resolve-secret-source.js +36 -0
- package/dist/resolve-secret-source.js.map +1 -0
- package/dist/server/plugins/auth.d.ts.map +1 -1
- package/dist/server/plugins/auth.js +1 -3
- package/dist/server/plugins/auth.js.map +1 -1
- package/dist/server/routes/health.d.ts.map +1 -1
- package/dist/server/routes/health.js +7 -1
- package/dist/server/routes/health.js.map +1 -1
- package/dist/server/server.d.ts.map +1 -1
- package/dist/server/server.js +8 -7
- package/dist/server/server.js.map +1 -1
- package/package.json +18 -18
- package/dist/server/send-sensible-error.d.ts +0 -7
- package/dist/server/send-sensible-error.d.ts.map +0 -1
- package/dist/server/send-sensible-error.js +0 -40
- package/dist/server/send-sensible-error.js.map +0 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"api-key-utilities.d.ts","sourceRoot":"","sources":["../../../src/db/repositories/api-key-utilities.ts"],"names":[],"mappings":"AAAA;;;;GAIG;
|
|
1
|
+
{"version":3,"file":"api-key-utilities.d.ts","sourceRoot":"","sources":["../../../src/db/repositories/api-key-utilities.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAQH,gCAAgC;AAChC,iBAAS,aAAa,IAAI,MAAM,CAE/B;AAOD,6EAA6E;AAC7E,iBAAS,mBAAmB,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,CAYjD;AAED,kCAAkC;AAClC,iBAAS,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAEvC;AAED,6EAA6E;AAC7E,iBAAS,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAG7C;AAED,4CAA4C;AAC5C,UAAU,WAAW;IACnB,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,WAAW,EAAE,MAAM,EAAE,CAAC;CACvB;AAOD,uDAAuD;AACvD,iBAAS,aAAa,CAAC,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAEjE;AAED,wDAAwD;AACxD,iBAAS,cAAc,CAAC,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAElE;AAED,wDAAwD;AACxD,iBAAS,cAAc,CAAC,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAElE;AAED,OAAO,EACL,gBAAgB,EAChB,aAAa,EACb,UAAU,EACV,cAAc,EACd,aAAa,EACb,cAAc,EACd,mBAAmB,GACpB,CAAC"}
|
|
@@ -6,6 +6,7 @@
|
|
|
6
6
|
import { createHash, randomBytes } from "node:crypto";
|
|
7
7
|
/** Key prefix for identification (e.g., "axv_sk_01234567") */
|
|
8
8
|
const KEY_PREFIX_LENGTH = 8;
|
|
9
|
+
const API_KEY_SECRET_PATTERN = /^axv_sk_[0-9a-f]{32}$/u;
|
|
9
10
|
/** Generate a new API key ID */
|
|
10
11
|
function generateKeyId() {
|
|
11
12
|
return `k_${randomBytes(6).toString("hex")}`;
|
|
@@ -14,6 +15,16 @@ function generateKeyId() {
|
|
|
14
15
|
function generateKeySecret() {
|
|
15
16
|
return `axv_sk_${randomBytes(16).toString("hex")}`;
|
|
16
17
|
}
|
|
18
|
+
/** Generate or validate an API key secret for deterministic provisioning. */
|
|
19
|
+
function resolveApiKeySecret(key) {
|
|
20
|
+
if (key === undefined) {
|
|
21
|
+
return generateKeySecret();
|
|
22
|
+
}
|
|
23
|
+
if (!API_KEY_SECRET_PATTERN.test(key)) {
|
|
24
|
+
throw new Error("Invalid API key secret: expected axv_sk_ followed by 32 lowercase hexadecimal characters.");
|
|
25
|
+
}
|
|
26
|
+
return key;
|
|
27
|
+
}
|
|
17
28
|
/** Hash an API key for storage */
|
|
18
29
|
function hashApiKey(key) {
|
|
19
30
|
return createHash("sha256").update(key).digest("hex");
|
|
@@ -39,5 +50,5 @@ function hasWriteAccess(apiKey, name) {
|
|
|
39
50
|
function hasGrantAccess(apiKey, name) {
|
|
40
51
|
return hasAccess(apiKey.grantAccess, name);
|
|
41
52
|
}
|
|
42
|
-
export { extractKeyPrefix, generateKeyId,
|
|
53
|
+
export { extractKeyPrefix, generateKeyId, hashApiKey, hasGrantAccess, hasReadAccess, hasWriteAccess, resolveApiKeySecret, };
|
|
43
54
|
//# sourceMappingURL=api-key-utilities.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"api-key-utilities.js","sourceRoot":"","sources":["../../../src/db/repositories/api-key-utilities.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAEtD,8DAA8D;AAC9D,MAAM,iBAAiB,GAAG,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"api-key-utilities.js","sourceRoot":"","sources":["../../../src/db/repositories/api-key-utilities.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAEtD,8DAA8D;AAC9D,MAAM,iBAAiB,GAAG,CAAC,CAAC;AAC5B,MAAM,sBAAsB,GAAG,wBAAwB,CAAC;AAExD,gCAAgC;AAChC,SAAS,aAAa;IACpB,OAAO,KAAK,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;AAC/C,CAAC;AAED,oCAAoC;AACpC,SAAS,iBAAiB;IACxB,OAAO,UAAU,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;AACrD,CAAC;AAED,6EAA6E;AAC7E,SAAS,mBAAmB,CAAC,GAAY;IACvC,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACtB,OAAO,iBAAiB,EAAE,CAAC;IAC7B,CAAC;IAED,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACtC,MAAM,IAAI,KAAK,CACb,2FAA2F,CAC5F,CAAC;IACJ,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC;AAED,kCAAkC;AAClC,SAAS,UAAU,CAAC,GAAW;IAC7B,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACxD,CAAC;AAED,6EAA6E;AAC7E,SAAS,gBAAgB,CAAC,GAAW;IACnC,qCAAqC;IACrC,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,iBAAiB,CAAC,CAAC,CAAC,0BAA0B;AACxE,CAAC;AASD,8DAA8D;AAC9D,SAAS,SAAS,CAAC,UAAoB,EAAE,IAAY;IACnD,OAAO,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;AAC/D,CAAC;AAED,uDAAuD;AACvD,SAAS,aAAa,CAAC,MAAmB,EAAE,IAAY;IACtD,OAAO,SAAS,CAAC,MAAM,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;AAC5C,CAAC;AAED,wDAAwD;AACxD,SAAS,cAAc,CAAC,MAAmB,EAAE,IAAY;IACvD,OAAO,SAAS,CAAC,MAAM,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;AAC7C,CAAC;AAED,wDAAwD;AACxD,SAAS,cAAc,CAAC,MAAmB,EAAE,IAAY;IACvD,OAAO,SAAS,CAAC,MAAM,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;AAC7C,CAAC;AAED,OAAO,EACL,gBAAgB,EAChB,aAAa,EACb,UAAU,EACV,cAAc,EACd,aAAa,EACb,cAAc,EACd,mBAAmB,GACpB,CAAC"}
|
|
@@ -11,13 +11,15 @@ declare function findApiKeyByKey(database: Queryable, key: string): Promise<ApiK
|
|
|
11
11
|
declare function findApiKeyById(database: Queryable, id: string): Promise<ApiKeyRecord | undefined>;
|
|
12
12
|
/** List all API keys (without revealing the raw key values) */
|
|
13
13
|
declare function listApiKeys(database: Queryable): Promise<ApiKeyRecord[]>;
|
|
14
|
+
/** Count API keys without loading full records. */
|
|
15
|
+
declare function countApiKeys(database: Queryable): Promise<number>;
|
|
14
16
|
/** Update last used timestamp */
|
|
15
17
|
declare function updateLastUsed(database: Queryable, id: string): Promise<void>;
|
|
16
18
|
/** Delete an API key */
|
|
17
19
|
declare function deleteApiKey(database: Queryable, id: string): Promise<boolean>;
|
|
18
|
-
export { deleteApiKey, findApiKeyById, findApiKeyByKey, listApiKeys, updateLastUsed, };
|
|
20
|
+
export { countApiKeys, deleteApiKey, findApiKeyById, findApiKeyByKey, listApiKeys, updateLastUsed, };
|
|
19
21
|
export { createApiKey } from "./create-api-key.js";
|
|
20
|
-
export { hasGrantAccess, hasReadAccess, hasWriteAccess, } from "./api-key-utilities.js";
|
|
22
|
+
export { hasGrantAccess, hasReadAccess, hasWriteAccess, resolveApiKeySecret, } from "./api-key-utilities.js";
|
|
21
23
|
export { updateApiKeyAccess } from "./update-api-key-access.js";
|
|
22
24
|
export type { ApiKeyRecord, ApiKeyWithSecret } from "./create-api-key.js";
|
|
23
25
|
//# sourceMappingURL=api-keys.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"api-keys.d.ts","sourceRoot":"","sources":["../../../src/db/repositories/api-keys.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAa,SAAS,EAAE,MAAM,aAAa,CAAC;AAExD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAmBxD,oCAAoC;AACpC,iBAAe,eAAe,CAC5B,QAAQ,EAAE,SAAS,EACnB,GAAG,EAAE,MAAM,GACV,OAAO,CAAC,YAAY,GAAG,SAAS,CAAC,CAOnC;AAED,yBAAyB;AACzB,iBAAe,cAAc,CAC3B,QAAQ,EAAE,SAAS,EACnB,EAAE,EAAE,MAAM,GACT,OAAO,CAAC,YAAY,GAAG,SAAS,CAAC,CAOnC;AAED,+DAA+D;AAC/D,iBAAe,WAAW,CAAC,QAAQ,EAAE,SAAS,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,CAKvE;AAED,iCAAiC;AACjC,iBAAe,cAAc,CAAC,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAK5E;AAED,wBAAwB;AACxB,iBAAe,YAAY,CAAC,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAK7E;AAED,OAAO,EACL,YAAY,EACZ,cAAc,EACd,eAAe,EACf,WAAW,EACX,cAAc,GACf,CAAC;AACF,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EACL,cAAc,EACd,aAAa,EACb,cAAc,
|
|
1
|
+
{"version":3,"file":"api-keys.d.ts","sourceRoot":"","sources":["../../../src/db/repositories/api-keys.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAa,SAAS,EAAE,MAAM,aAAa,CAAC;AAExD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAmBxD,oCAAoC;AACpC,iBAAe,eAAe,CAC5B,QAAQ,EAAE,SAAS,EACnB,GAAG,EAAE,MAAM,GACV,OAAO,CAAC,YAAY,GAAG,SAAS,CAAC,CAOnC;AAED,yBAAyB;AACzB,iBAAe,cAAc,CAC3B,QAAQ,EAAE,SAAS,EACnB,EAAE,EAAE,MAAM,GACT,OAAO,CAAC,YAAY,GAAG,SAAS,CAAC,CAOnC;AAED,+DAA+D;AAC/D,iBAAe,WAAW,CAAC,QAAQ,EAAE,SAAS,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,CAKvE;AAED,mDAAmD;AACnD,iBAAe,YAAY,CAAC,QAAQ,EAAE,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,CAKhE;AAED,iCAAiC;AACjC,iBAAe,cAAc,CAAC,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAK5E;AAED,wBAAwB;AACxB,iBAAe,YAAY,CAAC,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAK7E;AAED,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,cAAc,EACd,eAAe,EACf,WAAW,EACX,cAAc,GACf,CAAC;AACF,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EACL,cAAc,EACd,aAAa,EACb,cAAc,EACd,mBAAmB,GACpB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAChE,YAAY,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC"}
|
|
@@ -36,6 +36,11 @@ async function listApiKeys(database) {
|
|
|
36
36
|
const result = await database.query(`SELECT ${SELECT_COLUMNS} FROM api_keys ORDER BY created_at DESC`);
|
|
37
37
|
return result.rows.map((row) => rowToRecord(row));
|
|
38
38
|
}
|
|
39
|
+
/** Count API keys without loading full records. */
|
|
40
|
+
async function countApiKeys(database) {
|
|
41
|
+
const result = await database.query("SELECT COUNT(*)::int AS count FROM api_keys");
|
|
42
|
+
return result.rows[0]?.count ?? 0;
|
|
43
|
+
}
|
|
39
44
|
/** Update last used timestamp */
|
|
40
45
|
async function updateLastUsed(database, id) {
|
|
41
46
|
await database.query(`UPDATE api_keys SET last_used_at = $1 WHERE id = $2`, [
|
|
@@ -50,8 +55,8 @@ async function deleteApiKey(database, id) {
|
|
|
50
55
|
]);
|
|
51
56
|
return (result.rowCount ?? 0) > 0;
|
|
52
57
|
}
|
|
53
|
-
export { deleteApiKey, findApiKeyById, findApiKeyByKey, listApiKeys, updateLastUsed, };
|
|
58
|
+
export { countApiKeys, deleteApiKey, findApiKeyById, findApiKeyByKey, listApiKeys, updateLastUsed, };
|
|
54
59
|
export { createApiKey } from "./create-api-key.js";
|
|
55
|
-
export { hasGrantAccess, hasReadAccess, hasWriteAccess, } from "./api-key-utilities.js";
|
|
60
|
+
export { hasGrantAccess, hasReadAccess, hasWriteAccess, resolveApiKeySecret, } from "./api-key-utilities.js";
|
|
56
61
|
export { updateApiKeyAccess } from "./update-api-key-access.js";
|
|
57
62
|
//# sourceMappingURL=api-keys.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"api-keys.js","sourceRoot":"","sources":["../../../src/db/repositories/api-keys.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAGpD,qCAAqC;AACrC,SAAS,WAAW,CAAC,GAAc;IACjC,OAAO;QACL,EAAE,EAAE,GAAG,CAAC,EAAE;QACV,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,OAAO,EAAE,GAAG,CAAC,QAAQ;QACrB,SAAS,EAAE,GAAG,CAAC,UAAU,IAAI,SAAS;QACtC,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,WAAW,CAAa;QACnD,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,CAAa;QACrD,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,CAAa;QACrD,SAAS,EAAE,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC;QACnC,UAAU,EAAE,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,SAAS;KACtE,CAAC;AACJ,CAAC;AAED,MAAM,cAAc,GAAG,mGAAmG,CAAC;AAE3H,oCAAoC;AACpC,KAAK,UAAU,eAAe,CAC5B,QAAmB,EACnB,GAAW;IAEX,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,KAAK,CACjC,UAAU,cAAc,oCAAoC,EAC5D,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAClB,CAAC;IACF,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC3B,OAAO,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AAC5C,CAAC;AAED,yBAAyB;AACzB,KAAK,UAAU,cAAc,CAC3B,QAAmB,EACnB,EAAU;IAEV,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,KAAK,CACjC,UAAU,cAAc,8BAA8B,EACtD,CAAC,EAAE,CAAC,CACL,CAAC;IACF,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC3B,OAAO,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AAC5C,CAAC;AAED,+DAA+D;AAC/D,KAAK,UAAU,WAAW,CAAC,QAAmB;IAC5C,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,KAAK,CACjC,UAAU,cAAc,yCAAyC,CAClE,CAAC;IACF,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC;AACpD,CAAC;AAED,iCAAiC;AACjC,KAAK,UAAU,cAAc,CAAC,QAAmB,EAAE,EAAU;IAC3D,MAAM,QAAQ,CAAC,KAAK,CAAC,qDAAqD,EAAE;QAC1E,IAAI,CAAC,GAAG,EAAE;QACV,EAAE;KACH,CAAC,CAAC;AACL,CAAC;AAED,wBAAwB;AACxB,KAAK,UAAU,YAAY,CAAC,QAAmB,EAAE,EAAU;IACzD,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,oCAAoC,EAAE;QACxE,EAAE;KACH,CAAC,CAAC;IACH,OAAO,CAAC,MAAM,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;AACpC,CAAC;AAED,OAAO,EACL,YAAY,EACZ,cAAc,EACd,eAAe,EACf,WAAW,EACX,cAAc,GACf,CAAC;AACF,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EACL,cAAc,EACd,aAAa,EACb,cAAc,
|
|
1
|
+
{"version":3,"file":"api-keys.js","sourceRoot":"","sources":["../../../src/db/repositories/api-keys.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAGpD,qCAAqC;AACrC,SAAS,WAAW,CAAC,GAAc;IACjC,OAAO;QACL,EAAE,EAAE,GAAG,CAAC,EAAE;QACV,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,OAAO,EAAE,GAAG,CAAC,QAAQ;QACrB,SAAS,EAAE,GAAG,CAAC,UAAU,IAAI,SAAS;QACtC,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,WAAW,CAAa;QACnD,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,CAAa;QACrD,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,CAAa;QACrD,SAAS,EAAE,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC;QACnC,UAAU,EAAE,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,SAAS;KACtE,CAAC;AACJ,CAAC;AAED,MAAM,cAAc,GAAG,mGAAmG,CAAC;AAE3H,oCAAoC;AACpC,KAAK,UAAU,eAAe,CAC5B,QAAmB,EACnB,GAAW;IAEX,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,KAAK,CACjC,UAAU,cAAc,oCAAoC,EAC5D,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAClB,CAAC;IACF,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC3B,OAAO,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AAC5C,CAAC;AAED,yBAAyB;AACzB,KAAK,UAAU,cAAc,CAC3B,QAAmB,EACnB,EAAU;IAEV,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,KAAK,CACjC,UAAU,cAAc,8BAA8B,EACtD,CAAC,EAAE,CAAC,CACL,CAAC;IACF,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC3B,OAAO,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AAC5C,CAAC;AAED,+DAA+D;AAC/D,KAAK,UAAU,WAAW,CAAC,QAAmB;IAC5C,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,KAAK,CACjC,UAAU,cAAc,yCAAyC,CAClE,CAAC;IACF,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC;AACpD,CAAC;AAED,mDAAmD;AACnD,KAAK,UAAU,YAAY,CAAC,QAAmB;IAC7C,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,KAAK,CACjC,6CAA6C,CAC9C,CAAC;IACF,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,CAAC,CAAC;AACpC,CAAC;AAED,iCAAiC;AACjC,KAAK,UAAU,cAAc,CAAC,QAAmB,EAAE,EAAU;IAC3D,MAAM,QAAQ,CAAC,KAAK,CAAC,qDAAqD,EAAE;QAC1E,IAAI,CAAC,GAAG,EAAE;QACV,EAAE;KACH,CAAC,CAAC;AACL,CAAC;AAED,wBAAwB;AACxB,KAAK,UAAU,YAAY,CAAC,QAAmB,EAAE,EAAU;IACzD,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,oCAAoC,EAAE;QACxE,EAAE;KACH,CAAC,CAAC;IACH,OAAO,CAAC,MAAM,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;AACpC,CAAC;AAED,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,cAAc,EACd,eAAe,EACf,WAAW,EACX,cAAc,GACf,CAAC;AACF,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EACL,cAAc,EACd,aAAa,EACb,cAAc,EACd,mBAAmB,GACpB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC"}
|
|
@@ -24,6 +24,7 @@ declare function createApiKey(database: Queryable, options: {
|
|
|
24
24
|
readAccess: string[];
|
|
25
25
|
writeAccess: string[];
|
|
26
26
|
grantAccess: string[];
|
|
27
|
+
key?: string;
|
|
27
28
|
}): Promise<ApiKeyWithSecret>;
|
|
28
29
|
export { createApiKey };
|
|
29
30
|
export type { ApiKeyRecord, ApiKeyWithSecret };
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"create-api-key.d.ts","sourceRoot":"","sources":["../../../src/db/repositories/create-api-key.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAQ7C,sCAAsC;AACtC,UAAU,YAAY;IACpB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;IAC9B,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,SAAS,EAAE,IAAI,CAAC;IAChB,UAAU,EAAE,IAAI,GAAG,SAAS,CAAC;CAC9B;AAED,2DAA2D;AAC3D,UAAU,gBAAiB,SAAQ,YAAY;IAC7C,GAAG,EAAE,MAAM,CAAC;CACb;AAED,2BAA2B;AAC3B,iBAAe,YAAY,CACzB,QAAQ,EAAE,SAAS,EACnB,OAAO,EAAE;IACP,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,WAAW,EAAE,MAAM,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"create-api-key.d.ts","sourceRoot":"","sources":["../../../src/db/repositories/create-api-key.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAQ7C,sCAAsC;AACtC,UAAU,YAAY;IACpB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;IAC9B,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,SAAS,EAAE,IAAI,CAAC;IAChB,UAAU,EAAE,IAAI,GAAG,SAAS,CAAC;CAC9B;AAED,2DAA2D;AAC3D,UAAU,gBAAiB,SAAQ,YAAY;IAC7C,GAAG,EAAE,MAAM,CAAC;CACb;AAED,2BAA2B;AAC3B,iBAAe,YAAY,CACzB,QAAQ,EAAE,SAAS,EACnB,OAAO,EAAE;IACP,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,GAAG,CAAC,EAAE,MAAM,CAAC;CACd,GACA,OAAO,CAAC,gBAAgB,CAAC,CAkC3B;AAED,OAAO,EAAE,YAAY,EAAE,CAAC;AACxB,YAAY,EAAE,YAAY,EAAE,gBAAgB,EAAE,CAAC"}
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Create a new API key.
|
|
3
3
|
*/
|
|
4
|
-
import { extractKeyPrefix, generateKeyId,
|
|
4
|
+
import { extractKeyPrefix, generateKeyId, hashApiKey, resolveApiKeySecret, } from "./api-key-utilities.js";
|
|
5
5
|
/** Create a new API key */
|
|
6
6
|
async function createApiKey(database, options) {
|
|
7
7
|
const id = generateKeyId();
|
|
8
|
-
const key =
|
|
8
|
+
const key = resolveApiKeySecret(options.key);
|
|
9
9
|
const keyHash = hashApiKey(key);
|
|
10
10
|
const keyPrefix = extractKeyPrefix(key);
|
|
11
11
|
const now = Date.now();
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"create-api-key.js","sourceRoot":"","sources":["../../../src/db/repositories/create-api-key.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EACL,gBAAgB,EAChB,aAAa,EACb,
|
|
1
|
+
{"version":3,"file":"create-api-key.js","sourceRoot":"","sources":["../../../src/db/repositories/create-api-key.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EACL,gBAAgB,EAChB,aAAa,EACb,UAAU,EACV,mBAAmB,GACpB,MAAM,wBAAwB,CAAC;AAoBhC,2BAA2B;AAC3B,KAAK,UAAU,YAAY,CACzB,QAAmB,EACnB,OAMC;IAED,MAAM,EAAE,GAAG,aAAa,EAAE,CAAC;IAC3B,MAAM,GAAG,GAAG,mBAAmB,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAC7C,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;IAChC,MAAM,SAAS,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;IACxC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAEvB,MAAM,QAAQ,CAAC,KAAK,CAClB;6CACyC,EACzC;QACE,EAAE;QACF,OAAO,CAAC,IAAI;QACZ,OAAO;QACP,SAAS;QACT,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,UAAU,CAAC;QAClC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,WAAW,CAAC;QACnC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,WAAW,CAAC;QACnC,GAAG;KACJ,CACF,CAAC;IAEF,OAAO;QACL,EAAE;QACF,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,GAAG;QACH,OAAO;QACP,SAAS;QACT,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,SAAS,EAAE,IAAI,IAAI,CAAC,GAAG,CAAC;QACxB,UAAU,EAAE,SAAS;KACtB,CAAC;AACJ,CAAC;AAED,OAAO,EAAE,YAAY,EAAE,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"verify-database-initialization.d.ts","sourceRoot":"","sources":["../../src/db/verify-database-initialization.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAwB5C,iBAAe,4BAA4B,CACzC,QAAQ,EAAE,SAAS,GAClB,OAAO,CAAC,IAAI,CAAC,CAsDf;AAED,OAAO,EAAE,4BAA4B,EAAE,CAAC"}
|
|
@@ -0,0 +1,66 @@
|
|
|
1
|
+
const REQUIRED_CREDENTIAL_COLUMNS = [
|
|
2
|
+
"name",
|
|
3
|
+
"agent",
|
|
4
|
+
"provider",
|
|
5
|
+
"display_name",
|
|
6
|
+
"notes",
|
|
7
|
+
"encrypted_data",
|
|
8
|
+
"salt",
|
|
9
|
+
"iv",
|
|
10
|
+
"auth_tag",
|
|
11
|
+
"created_at",
|
|
12
|
+
"updated_at",
|
|
13
|
+
];
|
|
14
|
+
async function verifyDatabaseInitialization(database) {
|
|
15
|
+
const result = await database.query(`
|
|
16
|
+
SELECT
|
|
17
|
+
to_regclass('api_keys') IS NOT NULL AS has_api_keys,
|
|
18
|
+
to_regclass('credentials') IS NOT NULL AS has_credentials,
|
|
19
|
+
to_regclass('audit_log') IS NOT NULL AS has_audit_log,
|
|
20
|
+
EXISTS (
|
|
21
|
+
SELECT 1
|
|
22
|
+
FROM information_schema.columns
|
|
23
|
+
WHERE table_schema = current_schema()
|
|
24
|
+
AND table_name = 'audit_log'
|
|
25
|
+
AND column_name = 'detail'
|
|
26
|
+
) AS has_audit_log_detail,
|
|
27
|
+
COALESCE(
|
|
28
|
+
ARRAY(
|
|
29
|
+
SELECT column_name
|
|
30
|
+
FROM information_schema.columns
|
|
31
|
+
WHERE table_schema = current_schema()
|
|
32
|
+
AND table_name = 'credentials'
|
|
33
|
+
),
|
|
34
|
+
ARRAY[]::text[]
|
|
35
|
+
) AS credential_columns
|
|
36
|
+
`);
|
|
37
|
+
const status = result.rows[0];
|
|
38
|
+
if (!status) {
|
|
39
|
+
throw new Error("Failed to inspect database schema.");
|
|
40
|
+
}
|
|
41
|
+
const missingParts = [];
|
|
42
|
+
if (!status.has_api_keys) {
|
|
43
|
+
missingParts.push("table api_keys");
|
|
44
|
+
}
|
|
45
|
+
if (status.has_credentials) {
|
|
46
|
+
for (const column of REQUIRED_CREDENTIAL_COLUMNS) {
|
|
47
|
+
if (!status.credential_columns.includes(column)) {
|
|
48
|
+
missingParts.push(`column credentials.${column}`);
|
|
49
|
+
}
|
|
50
|
+
}
|
|
51
|
+
}
|
|
52
|
+
else {
|
|
53
|
+
missingParts.push("table credentials");
|
|
54
|
+
}
|
|
55
|
+
if (!status.has_audit_log) {
|
|
56
|
+
missingParts.push("table audit_log");
|
|
57
|
+
}
|
|
58
|
+
else if (!status.has_audit_log_detail) {
|
|
59
|
+
missingParts.push("column audit_log.detail");
|
|
60
|
+
}
|
|
61
|
+
if (missingParts.length > 0) {
|
|
62
|
+
throw new Error(`Database schema is missing ${missingParts.join(", ")}.`);
|
|
63
|
+
}
|
|
64
|
+
}
|
|
65
|
+
export { verifyDatabaseInitialization };
|
|
66
|
+
//# sourceMappingURL=verify-database-initialization.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"verify-database-initialization.js","sourceRoot":"","sources":["../../src/db/verify-database-initialization.ts"],"names":[],"mappings":"AAUA,MAAM,2BAA2B,GAAG;IAClC,MAAM;IACN,OAAO;IACP,UAAU;IACV,cAAc;IACd,OAAO;IACP,gBAAgB;IAChB,MAAM;IACN,IAAI;IACJ,UAAU;IACV,YAAY;IACZ,YAAY;CACJ,CAAC;AAEX,KAAK,UAAU,4BAA4B,CACzC,QAAmB;IAEnB,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,KAAK,CAA0B;;;;;;;;;;;;;;;;;;;;;GAqB5D,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC9B,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;IAED,MAAM,YAAY,GAAa,EAAE,CAAC;IAElC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;QACzB,YAAY,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IACtC,CAAC;IAED,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;QAC3B,KAAK,MAAM,MAAM,IAAI,2BAA2B,EAAE,CAAC;YACjD,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBAChD,YAAY,CAAC,IAAI,CAAC,sBAAsB,MAAM,EAAE,CAAC,CAAC;YACpD,CAAC;QACH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,YAAY,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IACzC,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;QAC1B,YAAY,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IACvC,CAAC;SAAM,IAAI,CAAC,MAAM,CAAC,oBAAoB,EAAE,CAAC;QACxC,YAAY,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;IAC/C,CAAC;IAED,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,8BAA8B,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC5E,CAAC;AACH,CAAC;AAED,OAAO,EAAE,4BAA4B,EAAE,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -7,6 +7,8 @@
|
|
|
7
7
|
*/
|
|
8
8
|
export type { ServerConfig } from "./config.js";
|
|
9
9
|
export type { BuildAppConfig } from "./config.js";
|
|
10
|
+
export { createConfigData, resolveBuildAppConfig, serverConfigSchema, } from "./config.js";
|
|
11
|
+
export { resolveDatabaseUrl } from "./resolve-database-url.js";
|
|
10
12
|
export { buildApp } from "./server/server.js";
|
|
11
13
|
export { default as configPlugin } from "./server/plugins/config.js";
|
|
12
14
|
export { default as databasePlugin } from "./server/plugins/database.js";
|
|
@@ -15,10 +17,10 @@ export { default as healthRoutes } from "./server/routes/health.js";
|
|
|
15
17
|
export { default as credentialRoutes } from "./server/routes/credentials.js";
|
|
16
18
|
export { default as keyRoutes } from "./server/routes/keys.js";
|
|
17
19
|
export { runMigrations } from "./db/run-migrations.js";
|
|
18
|
-
export {
|
|
20
|
+
export { closePool, createPool } from "./db/create-pool.js";
|
|
19
21
|
export type { Queryable } from "./db/types.js";
|
|
20
22
|
export type { ApiKeyRecord, ApiKeyWithSecret, } from "./db/repositories/api-keys.js";
|
|
21
|
-
export { createApiKey, deleteApiKey, findApiKeyById, findApiKeyByKey, hasGrantAccess, hasReadAccess, hasWriteAccess, listApiKeys, updateApiKeyAccess, updateLastUsed, } from "./db/repositories/api-keys.js";
|
|
23
|
+
export { countApiKeys, createApiKey, deleteApiKey, findApiKeyById, findApiKeyByKey, hasGrantAccess, hasReadAccess, hasWriteAccess, listApiKeys, resolveApiKeySecret, updateApiKeyAccess, updateLastUsed, } from "./db/repositories/api-keys.js";
|
|
22
24
|
export type { AuditLogEntry } from "./db/repositories/audit-log.js";
|
|
23
25
|
export { getLogsForCredential, getRecentLogs, logAccess, pruneOldLogs, } from "./db/repositories/audit-log.js";
|
|
24
26
|
export type { CredentialMetadata, CredentialRecord, } from "./db/repositories/credentials.js";
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,YAAY,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAChD,YAAY,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAClD,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAG9C,OAAO,EAAE,OAAO,IAAI,YAAY,EAAE,MAAM,4BAA4B,CAAC;AACrE,OAAO,EAAE,OAAO,IAAI,cAAc,EAAE,MAAM,8BAA8B,CAAC;AACzE,OAAO,EAAE,OAAO,IAAI,UAAU,EAAE,MAAM,0BAA0B,CAAC;AAGjE,OAAO,EAAE,OAAO,IAAI,YAAY,EAAE,MAAM,2BAA2B,CAAC;AACpE,OAAO,EAAE,OAAO,IAAI,gBAAgB,EAAE,MAAM,gCAAgC,CAAC;AAC7E,OAAO,EAAE,OAAO,IAAI,SAAS,EAAE,MAAM,yBAAyB,CAAC;AAG/D,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACvD,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,YAAY,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAChD,YAAY,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAClD,OAAO,EACL,gBAAgB,EAChB,qBAAqB,EACrB,kBAAkB,GACnB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAG9C,OAAO,EAAE,OAAO,IAAI,YAAY,EAAE,MAAM,4BAA4B,CAAC;AACrE,OAAO,EAAE,OAAO,IAAI,cAAc,EAAE,MAAM,8BAA8B,CAAC;AACzE,OAAO,EAAE,OAAO,IAAI,UAAU,EAAE,MAAM,0BAA0B,CAAC;AAGjE,OAAO,EAAE,OAAO,IAAI,YAAY,EAAE,MAAM,2BAA2B,CAAC;AACpE,OAAO,EAAE,OAAO,IAAI,gBAAgB,EAAE,MAAM,gCAAgC,CAAC;AAC7E,OAAO,EAAE,OAAO,IAAI,SAAS,EAAE,MAAM,yBAAyB,CAAC;AAG/D,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACvD,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAC5D,YAAY,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAG/C,YAAY,EACV,YAAY,EACZ,gBAAgB,GACjB,MAAM,+BAA+B,CAAC;AACvC,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,cAAc,EACd,eAAe,EACf,cAAc,EACd,aAAa,EACb,cAAc,EACd,WAAW,EACX,mBAAmB,EACnB,kBAAkB,EAClB,cAAc,GACf,MAAM,+BAA+B,CAAC;AACvC,YAAY,EAAE,aAAa,EAAE,MAAM,gCAAgC,CAAC;AACpE,OAAO,EACL,oBAAoB,EACpB,aAAa,EACb,SAAS,EACT,YAAY,GACb,MAAM,gCAAgC,CAAC;AACxC,YAAY,EACV,kBAAkB,EAClB,gBAAgB,GACjB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EACL,gBAAgB,EAChB,aAAa,EACb,eAAe,EACf,wBAAwB,EACxB,wBAAwB,EACxB,gBAAgB,GACjB,MAAM,kCAAkC,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -5,6 +5,8 @@
|
|
|
5
5
|
* The legacy createServer/createPool surface was intentionally removed; build
|
|
6
6
|
* the app with `buildApp()` plus the exported Fastify plugins instead.
|
|
7
7
|
*/
|
|
8
|
+
export { createConfigData, resolveBuildAppConfig, serverConfigSchema, } from "./config.js";
|
|
9
|
+
export { resolveDatabaseUrl } from "./resolve-database-url.js";
|
|
8
10
|
export { buildApp } from "./server/server.js";
|
|
9
11
|
// Plugins
|
|
10
12
|
export { default as configPlugin } from "./server/plugins/config.js";
|
|
@@ -16,8 +18,8 @@ export { default as credentialRoutes } from "./server/routes/credentials.js";
|
|
|
16
18
|
export { default as keyRoutes } from "./server/routes/keys.js";
|
|
17
19
|
// Database
|
|
18
20
|
export { runMigrations } from "./db/run-migrations.js";
|
|
19
|
-
export {
|
|
20
|
-
export { createApiKey, deleteApiKey, findApiKeyById, findApiKeyByKey, hasGrantAccess, hasReadAccess, hasWriteAccess, listApiKeys, updateApiKeyAccess, updateLastUsed, } from "./db/repositories/api-keys.js";
|
|
21
|
+
export { closePool, createPool } from "./db/create-pool.js";
|
|
22
|
+
export { countApiKeys, createApiKey, deleteApiKey, findApiKeyById, findApiKeyByKey, hasGrantAccess, hasReadAccess, hasWriteAccess, listApiKeys, resolveApiKeySecret, updateApiKeyAccess, updateLastUsed, } from "./db/repositories/api-keys.js";
|
|
21
23
|
export { getLogsForCredential, getRecentLogs, logAccess, pruneOldLogs, } from "./db/repositories/audit-log.js";
|
|
22
24
|
export { deleteCredential, getCredential, listCredentials, listCredentialsForApiKey, listCredentialsPaginated, upsertCredential, } from "./db/repositories/credentials.js";
|
|
23
25
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAE9C,UAAU;AACV,OAAO,EAAE,OAAO,IAAI,YAAY,EAAE,MAAM,4BAA4B,CAAC;AACrE,OAAO,EAAE,OAAO,IAAI,cAAc,EAAE,MAAM,8BAA8B,CAAC;AACzE,OAAO,EAAE,OAAO,IAAI,UAAU,EAAE,MAAM,0BAA0B,CAAC;AAEjE,gBAAgB;AAChB,OAAO,EAAE,OAAO,IAAI,YAAY,EAAE,MAAM,2BAA2B,CAAC;AACpE,OAAO,EAAE,OAAO,IAAI,gBAAgB,EAAE,MAAM,gCAAgC,CAAC;AAC7E,OAAO,EAAE,OAAO,IAAI,SAAS,EAAE,MAAM,yBAAyB,CAAC;AAE/D,WAAW;AACX,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACvD,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,EACL,gBAAgB,EAChB,qBAAqB,EACrB,kBAAkB,GACnB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAE9C,UAAU;AACV,OAAO,EAAE,OAAO,IAAI,YAAY,EAAE,MAAM,4BAA4B,CAAC;AACrE,OAAO,EAAE,OAAO,IAAI,cAAc,EAAE,MAAM,8BAA8B,CAAC;AACzE,OAAO,EAAE,OAAO,IAAI,UAAU,EAAE,MAAM,0BAA0B,CAAC;AAEjE,gBAAgB;AAChB,OAAO,EAAE,OAAO,IAAI,YAAY,EAAE,MAAM,2BAA2B,CAAC;AACpE,OAAO,EAAE,OAAO,IAAI,gBAAgB,EAAE,MAAM,gCAAgC,CAAC;AAC7E,OAAO,EAAE,OAAO,IAAI,SAAS,EAAE,MAAM,yBAAyB,CAAC;AAE/D,WAAW;AACX,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACvD,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAQ5D,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,cAAc,EACd,eAAe,EACf,cAAc,EACd,aAAa,EACb,cAAc,EACd,WAAW,EACX,mBAAmB,EACnB,kBAAkB,EAClB,cAAc,GACf,MAAM,+BAA+B,CAAC;AAEvC,OAAO,EACL,oBAAoB,EACpB,aAAa,EACb,SAAS,EACT,YAAY,GACb,MAAM,gCAAgC,CAAC;AAKxC,OAAO,EACL,gBAAgB,EAChB,aAAa,EACb,eAAe,EACf,wBAAwB,EACxB,wBAAwB,EACxB,gBAAgB,GACjB,MAAM,kCAAkC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"resolve-database-url.d.ts","sourceRoot":"","sources":["../src/resolve-database-url.ts"],"names":[],"mappings":"AAAA,QAAA,MAAM,oBAAoB,wCAAwC,CAAC;AAEnE,iBAAS,kBAAkB,CAAC,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,CAUxD;AAED,OAAO,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,CAAC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
const DEFAULT_DATABASE_URL = "postgresql://localhost:5432/axvault";
|
|
2
|
+
function resolveDatabaseUrl(databaseUrl) {
|
|
3
|
+
const value = databaseUrl ?? process.env.AXVAULT_DATABASE_URL ?? DEFAULT_DATABASE_URL;
|
|
4
|
+
const trimmedValue = value.trim();
|
|
5
|
+
if (trimmedValue.length === 0) {
|
|
6
|
+
throw new Error("Database URL must not be empty.");
|
|
7
|
+
}
|
|
8
|
+
return trimmedValue;
|
|
9
|
+
}
|
|
10
|
+
export { DEFAULT_DATABASE_URL, resolveDatabaseUrl };
|
|
11
|
+
//# sourceMappingURL=resolve-database-url.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"resolve-database-url.js","sourceRoot":"","sources":["../src/resolve-database-url.ts"],"names":[],"mappings":"AAAA,MAAM,oBAAoB,GAAG,qCAAqC,CAAC;AAEnE,SAAS,kBAAkB,CAAC,WAAoB;IAC9C,MAAM,KAAK,GACT,WAAW,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,oBAAoB,CAAC;IAC1E,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAElC,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;IACrD,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,OAAO,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,CAAC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
interface SecretSourceOptions {
|
|
2
|
+
directValue?: string;
|
|
3
|
+
envName?: string;
|
|
4
|
+
filePath?: string;
|
|
5
|
+
directOption: string;
|
|
6
|
+
envOption: string;
|
|
7
|
+
fileOption: string;
|
|
8
|
+
}
|
|
9
|
+
export declare function resolveSecretSource(options: SecretSourceOptions): Promise<string | undefined>;
|
|
10
|
+
export {};
|
|
11
|
+
//# sourceMappingURL=resolve-secret-source.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"resolve-secret-source.d.ts","sourceRoot":"","sources":["../src/resolve-secret-source.ts"],"names":[],"mappings":"AAEA,UAAU,mBAAmB;IAC3B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,mBAAmB,GAC3B,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CA2C7B"}
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
import { readFile } from "node:fs/promises";
|
|
2
|
+
export async function resolveSecretSource(options) {
|
|
3
|
+
const configuredSources = [];
|
|
4
|
+
if (typeof options.directValue === "string") {
|
|
5
|
+
configuredSources.push(options.directOption);
|
|
6
|
+
}
|
|
7
|
+
if (typeof options.envName === "string") {
|
|
8
|
+
configuredSources.push(options.envOption);
|
|
9
|
+
}
|
|
10
|
+
if (typeof options.filePath === "string") {
|
|
11
|
+
configuredSources.push(options.fileOption);
|
|
12
|
+
}
|
|
13
|
+
if (configuredSources.length > 1) {
|
|
14
|
+
throw new Error(`Choose only one of ${configuredSources.join(", ")}.`);
|
|
15
|
+
}
|
|
16
|
+
if (typeof options.directValue === "string") {
|
|
17
|
+
return options.directValue;
|
|
18
|
+
}
|
|
19
|
+
if (typeof options.envName === "string") {
|
|
20
|
+
const value = process.env[options.envName]?.trim();
|
|
21
|
+
if (!value) {
|
|
22
|
+
throw new Error(`Environment variable ${options.envName} is not set or is empty.`);
|
|
23
|
+
}
|
|
24
|
+
return value;
|
|
25
|
+
}
|
|
26
|
+
if (typeof options.filePath === "string") {
|
|
27
|
+
const fileContents = await readFile(options.filePath, "utf8");
|
|
28
|
+
const value = fileContents.trim();
|
|
29
|
+
if (!value) {
|
|
30
|
+
throw new Error(`Secret file ${options.filePath} is empty.`);
|
|
31
|
+
}
|
|
32
|
+
return value;
|
|
33
|
+
}
|
|
34
|
+
return undefined;
|
|
35
|
+
}
|
|
36
|
+
//# sourceMappingURL=resolve-secret-source.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"resolve-secret-source.js","sourceRoot":"","sources":["../src/resolve-secret-source.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAW5C,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,OAA4B;IAE5B,MAAM,iBAAiB,GAAa,EAAE,CAAC;IAEvC,IAAI,OAAO,OAAO,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;QAC5C,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;IAC/C,CAAC;IAED,IAAI,OAAO,OAAO,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;QACxC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAC5C,CAAC;IAED,IAAI,OAAO,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACzC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAC7C,CAAC;IAED,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,sBAAsB,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACzE,CAAC;IAED,IAAI,OAAO,OAAO,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;QAC5C,OAAO,OAAO,CAAC,WAAW,CAAC;IAC7B,CAAC;IAED,IAAI,OAAO,OAAO,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;QACxC,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,CAAC;QACnD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CACb,wBAAwB,OAAO,CAAC,OAAO,0BAA0B,CAClE,CAAC;QACJ,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,OAAO,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACzC,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAC9D,MAAM,KAAK,GAAG,YAAY,CAAC,IAAI,EAAE,CAAC;QAClC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,eAAe,OAAO,CAAC,QAAQ,YAAY,CAAC,CAAC;QAC/D,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../src/server/plugins/auth.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,EAIL,KAAK,YAAY,EAClB,MAAM,mCAAmC,CAAC;AAG3C,OAAO,QAAQ,SAAS,CAAC;IACvB,UAAU,cAAc;QACtB,MAAM,EAAE,YAAY,CAAC;KACtB;IAED,UAAU,eAAe;QACvB,YAAY,EAAE,CACZ,OAAO,EAAE,cAAc,EACvB,KAAK,EAAE,YAAY,KAChB,OAAO,CAAC,IAAI,CAAC,CAAC;QACnB,kBAAkB,EAAE,CAClB,OAAO,EAAE,cAAc,EACvB,KAAK,EAAE,YAAY,KAChB,OAAO,CAAC,IAAI,CAAC,CAAC;KACpB;CACF;;AAWD,
|
|
1
|
+
{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../src/server/plugins/auth.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,EAIL,KAAK,YAAY,EAClB,MAAM,mCAAmC,CAAC;AAG3C,OAAO,QAAQ,SAAS,CAAC;IACvB,UAAU,cAAc;QACtB,MAAM,EAAE,YAAY,CAAC;KACtB;IAED,UAAU,eAAe;QACvB,YAAY,EAAE,CACZ,OAAO,EAAE,cAAc,EACvB,KAAK,EAAE,YAAY,KAChB,OAAO,CAAC,IAAI,CAAC,CAAC;QACnB,kBAAkB,EAAE,CAClB,OAAO,EAAE,cAAc,EACvB,KAAK,EAAE,YAAY,KAChB,OAAO,CAAC,IAAI,CAAC,CAAC;KACpB;CACF;;AAWD,wBA8CE"}
|
|
@@ -14,9 +14,7 @@ function extractBearerToken(authorizationHeader) {
|
|
|
14
14
|
const match = /^Bearer\s+(\S+)$/iu.exec(authorizationHeader);
|
|
15
15
|
return match?.[1];
|
|
16
16
|
}
|
|
17
|
-
export default fp(
|
|
18
|
-
// eslint-disable-next-line @typescript-eslint/require-await -- Fastify plugin signature requires async
|
|
19
|
-
async function authPlugin(fastify) {
|
|
17
|
+
export default fp(async function authPlugin(fastify) {
|
|
20
18
|
// eslint-disable-next-line unicorn/no-null -- Fastify decorator requires an initial value
|
|
21
19
|
fastify.decorateRequest("apiKey", null);
|
|
22
20
|
fastify.decorate("authenticate", async (request, reply) => {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../src/server/plugins/auth.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAEhC,OAAO,EACL,eAAe,EACf,cAAc,EACd,cAAc,GAEf,MAAM,mCAAmC,CAAC;AAC3C,OAAO,EAAE,SAAS,EAAE,MAAM,oCAAoC,CAAC;AAmB/D,qDAAqD;AACrD,SAAS,kBAAkB,CACzB,mBAAuC;IAEvC,IAAI,CAAC,mBAAmB;QAAE,OAAO,SAAS,CAAC;IAC3C,MAAM,KAAK,GAAG,oBAAoB,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAC7D,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;AACpB,CAAC;AAED,eAAe,EAAE
|
|
1
|
+
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../src/server/plugins/auth.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAEhC,OAAO,EACL,eAAe,EACf,cAAc,EACd,cAAc,GAEf,MAAM,mCAAmC,CAAC;AAC3C,OAAO,EAAE,SAAS,EAAE,MAAM,oCAAoC,CAAC;AAmB/D,qDAAqD;AACrD,SAAS,kBAAkB,CACzB,mBAAuC;IAEvC,IAAI,CAAC,mBAAmB;QAAE,OAAO,SAAS,CAAC;IAC3C,MAAM,KAAK,GAAG,oBAAoB,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAC7D,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;AACpB,CAAC;AAED,eAAe,EAAE,CACf,KAAK,UAAU,UAAU,CAAC,OAAO;IAC/B,0FAA0F;IAC1F,OAAO,CAAC,eAAe,CAAC,QAAQ,EAAE,IAAa,CAAC,CAAC;IAEjD,OAAO,CAAC,QAAQ,CACd,cAAc,EACd,KAAK,EAAE,OAAuB,EAAE,KAAmB,EAAiB,EAAE;QACpE,MAAM,KAAK,GAAG,kBAAkB,CAAC,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;QAEhE,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,SAAS,CAAC,OAAO,CAAC,EAAE,EAAE;gBAC1B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,KAAK;gBACd,YAAY,EAAE,8BAA8B;aAC7C,CAAC,CAAC;YACH,OAAO,KAAK,CAAC,YAAY,CAAC,8BAA8B,CAAC,CAAC;QAC5D,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,OAAO,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;QAExD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,SAAS,CAAC,OAAO,CAAC,EAAE,EAAE;gBAC1B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,KAAK;gBACd,YAAY,EAAE,iBAAiB;aAChC,CAAC,CAAC;YACH,OAAO,KAAK,CAAC,YAAY,CAAC,iBAAiB,CAAC,CAAC;QAC/C,CAAC;QAED,MAAM,cAAc,CAAC,OAAO,CAAC,EAAE,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;QAC5C,sGAAsG;QACtG,OAAO,CAAC,MAAM,GAAG,MAAM,CAAC;IAC1B,CAAC,CACF,CAAC;IAEF,OAAO,CAAC,QAAQ,CACd,oBAAoB,EACpB,KAAK,EAAE,OAAuB,EAAE,KAAmB,EAAiB,EAAE;QACpE,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,EAAE,CAAC;YACzC,OAAO,KAAK,CAAC,SAAS,CAAC,uBAAuB,CAAC,CAAC;QAClD,CAAC;IACH,CAAC,CACF,CAAC;AACJ,CAAC,EACD,EAAE,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,UAAU,CAAC,EAAE,CAC7C,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"health.d.ts","sourceRoot":"","sources":["../../../src/server/routes/health.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,2BAA2B,CAAC;AAK1E,QAAA,MAAM,YAAY,EAAE,
|
|
1
|
+
{"version":3,"file":"health.d.ts","sourceRoot":"","sources":["../../../src/server/routes/health.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,2BAA2B,CAAC;AAK1E,QAAA,MAAM,YAAY,EAAE,wBA2BnB,CAAC;AAEF,eAAe,YAAY,CAAC"}
|
|
@@ -7,7 +7,13 @@ const healthRoutes = function (fastify, _options, done) {
|
|
|
7
7
|
fastify.route({
|
|
8
8
|
method: "GET",
|
|
9
9
|
url: "/api/v1/health",
|
|
10
|
-
config: {
|
|
10
|
+
config: {
|
|
11
|
+
rateLimit: false,
|
|
12
|
+
// This is a liveness probe, not a readiness gate: keep it green during
|
|
13
|
+
// transient overload so under-pressure sheds user traffic instead of
|
|
14
|
+
// turning back-pressure into orchestrator restarts.
|
|
15
|
+
pressureHandler: () => { },
|
|
16
|
+
},
|
|
11
17
|
schema: {
|
|
12
18
|
security: [],
|
|
13
19
|
response: { 200: HealthResponse },
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"health.js","sourceRoot":"","sources":["../../../src/server/routes/health.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,OAAO,WAAW,MAAM,uBAAuB,CAAC,OAAO,IAAI,EAAE,MAAM,EAAE,CAAC;AACtE,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAE3D,MAAM,YAAY,GAA6B,UAC7C,OAAO,EACP,QAAQ,EACR,IAAI;IAEJ,OAAO,CAAC,KAAK,CAAC;QACZ,MAAM,EAAE,KAAK;QACb,GAAG,EAAE,gBAAgB;QACrB,MAAM,EAAE,
|
|
1
|
+
{"version":3,"file":"health.js","sourceRoot":"","sources":["../../../src/server/routes/health.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,OAAO,WAAW,MAAM,uBAAuB,CAAC,OAAO,IAAI,EAAE,MAAM,EAAE,CAAC;AACtE,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAE3D,MAAM,YAAY,GAA6B,UAC7C,OAAO,EACP,QAAQ,EACR,IAAI;IAEJ,OAAO,CAAC,KAAK,CAAC;QACZ,MAAM,EAAE,KAAK;QACb,GAAG,EAAE,gBAAgB;QACrB,MAAM,EAAE;YACN,SAAS,EAAE,KAAK;YAChB,uEAAuE;YACvE,qEAAqE;YACrE,oDAAoD;YACpD,eAAe,EAAE,GAAG,EAAE,GAAE,CAAC;SAC1B;QACD,MAAM,EAAE;YACN,QAAQ,EAAE,EAAE;YACZ,QAAQ,EAAE,EAAE,GAAG,EAAE,cAAc,EAAE;SAClC;QACD,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE;YACjC,OAAO,KAAK,CAAC,IAAI,CAAC;gBAChB,MAAM,EAAE,IAAI;gBACZ,OAAO,EAAE,WAAW,CAAC,OAAO;aAC7B,CAAC,CAAC;QACL,CAAC;KACF,CAAC,CAAC;IACH,IAAI,EAAE,CAAC;AACT,CAAC,CAAC;AAEF,eAAe,YAAY,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/server/server.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAQH,OAAgB,EAAqB,KAAK,eAAe,EAAE,MAAM,SAAS,CAAC;AAW3E,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/server/server.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAQH,OAAgB,EAAqB,KAAK,eAAe,EAAE,MAAM,SAAS,CAAC;AAW3E,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAEnD,iBAAS,QAAQ,CAAC,MAAM,EAAE,cAAc,GAAG,eAAe,CAuJzD;AAED,OAAO,EAAE,QAAQ,EAAE,CAAC"}
|
package/dist/server/server.js
CHANGED
|
@@ -14,7 +14,6 @@ import underPressure from "@fastify/under-pressure";
|
|
|
14
14
|
import Fastify, {} from "fastify";
|
|
15
15
|
import { hasZodFastifySchemaValidationErrors, isResponseSerializationError, jsonSchemaTransform, serializerCompiler, validatorCompiler, } from "fastify-type-provider-zod";
|
|
16
16
|
import packageJson from "../../package.json" with { type: "json" };
|
|
17
|
-
import { sendSensibleError } from "./send-sensible-error.js";
|
|
18
17
|
function buildApp(config) {
|
|
19
18
|
const app = Fastify({
|
|
20
19
|
logger: {
|
|
@@ -101,23 +100,25 @@ function buildApp(config) {
|
|
|
101
100
|
request.log.warn(logPayload, "Client error");
|
|
102
101
|
}
|
|
103
102
|
if (hasZodFastifySchemaValidationErrors(error)) {
|
|
104
|
-
return reply.badRequest("Validation failed");
|
|
103
|
+
return reply.send(app.httpErrors.badRequest("Validation failed"));
|
|
105
104
|
}
|
|
106
105
|
if (isResponseSerializationError(error)) {
|
|
107
|
-
return reply.internalServerError("Internal server error");
|
|
106
|
+
return reply.send(app.httpErrors.internalServerError("Internal server error"));
|
|
108
107
|
}
|
|
109
108
|
// Handle unsupported content types
|
|
110
109
|
if (error.statusCode === 415 ||
|
|
111
110
|
error.code === "FST_ERR_CTP_INVALID_MEDIA_TYPE") {
|
|
112
|
-
return reply.unsupportedMediaType("Unsupported media type");
|
|
111
|
+
return reply.send(app.httpErrors.unsupportedMediaType("Unsupported media type"));
|
|
113
112
|
}
|
|
114
113
|
// Handle malformed JSON bodies
|
|
115
114
|
if (error.statusCode === 400 &&
|
|
116
115
|
error.code === "FST_ERR_CTP_INVALID_JSON_BODY") {
|
|
117
|
-
return reply.badRequest("Invalid JSON");
|
|
116
|
+
return reply.send(app.httpErrors.badRequest("Invalid JSON"));
|
|
118
117
|
}
|
|
119
|
-
|
|
120
|
-
|
|
118
|
+
if (statusCode >= 500 && statusCode !== 503) {
|
|
119
|
+
return reply.send(app.httpErrors.internalServerError("Internal server error"));
|
|
120
|
+
}
|
|
121
|
+
return reply.send(error);
|
|
121
122
|
});
|
|
122
123
|
// 404 handler for unmatched routes (aggressive rate limit to prevent probing).
|
|
123
124
|
// Must be set inside .after() so the rateLimit decorator from @fastify/rate-limit
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.js","sourceRoot":"","sources":["../../src/server/server.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,MAAM,MAAM,iBAAiB,CAAC;AACrC,OAAO,SAAS,MAAM,qBAAqB,CAAC;AAC5C,OAAO,QAAQ,MAAM,mBAAmB,CAAC;AACzC,OAAO,OAAO,MAAM,kBAAkB,CAAC;AACvC,OAAO,SAAS,MAAM,qBAAqB,CAAC;AAC5C,OAAO,aAAa,MAAM,yBAAyB,CAAC;AACpD,OAAO,OAAO,EAAE,EAA2C,MAAM,SAAS,CAAC;AAC3E,OAAO,EACL,mCAAmC,EACnC,4BAA4B,EAC5B,mBAAmB,EACnB,kBAAkB,EAElB,iBAAiB,GAClB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,WAAW,MAAM,oBAAoB,CAAC,OAAO,IAAI,EAAE,MAAM,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"server.js","sourceRoot":"","sources":["../../src/server/server.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,MAAM,MAAM,iBAAiB,CAAC;AACrC,OAAO,SAAS,MAAM,qBAAqB,CAAC;AAC5C,OAAO,QAAQ,MAAM,mBAAmB,CAAC;AACzC,OAAO,OAAO,MAAM,kBAAkB,CAAC;AACvC,OAAO,SAAS,MAAM,qBAAqB,CAAC;AAC5C,OAAO,aAAa,MAAM,yBAAyB,CAAC;AACpD,OAAO,OAAO,EAAE,EAA2C,MAAM,SAAS,CAAC;AAC3E,OAAO,EACL,mCAAmC,EACnC,4BAA4B,EAC5B,mBAAmB,EACnB,kBAAkB,EAElB,iBAAiB,GAClB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,WAAW,MAAM,oBAAoB,CAAC,OAAO,IAAI,EAAE,MAAM,EAAE,CAAC;AAGnE,SAAS,QAAQ,CAAC,MAAsB;IACtC,MAAM,GAAG,GAAG,OAAO,CAAC;QAClB,MAAM,EAAE;YACN,KAAK,EAAE,MAAM,CAAC,QAAQ;YACtB,MAAM,EAAE;gBACN,2BAA2B;gBAC3B,oBAAoB;gBACpB,uBAAuB;gBACvB,gBAAgB;aACjB;SACF;QACD,iBAAiB,EAAE,MAAM;QACzB,cAAc,EAAE,MAAM;QACtB,SAAS,EAAE,SAAS,EAAE,OAAO;QAC7B,aAAa,EAAE;YACb,cAAc,EAAE,GAAG,EAAE,mEAAmE;SACzF;KACF,CAAC,CAAC;IAEH,GAAG,CAAC,oBAAoB,CAAC,iBAAiB,CAAC,CAAC;IAC5C,GAAG,CAAC,qBAAqB,CAAC,kBAAkB,CAAC,CAAC;IAC9C,KAAK,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAE5B,uEAAuE;IACvE,gEAAgE;IAChE,KAAK,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAE1B,2CAA2C;IAC3C,KAAK,GAAG,CAAC,QAAQ,CAAC,OAAO,EAAE;QACzB,OAAO,EAAE;YACP,IAAI,EAAE;gBACJ,KAAK,EAAE,WAAW,CAAC,IAAI;gBACvB,WAAW,EAAE,WAAW,CAAC,WAAW;gBACpC,OAAO,EAAE,WAAW,CAAC,OAAO;aAC7B;YACD,UAAU,EAAE;gBACV,eAAe,EAAE;oBACf,UAAU,EAAE;wBACV,IAAI,EAAE,MAAM;wBACZ,MAAM,EAAE,QAAQ;qBACjB;iBACF;aACF;YACD,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;SAC/B;QACD,SAAS,EAAE,mBAAmB;KAC/B,CAAC,CAAC;IAEH,KAAK,GAAG,CAAC,QAAQ,CAAC,SAAS,EAAE;QAC3B,WAAW,EAAE,OAAO;QACpB,kBAAkB,EAAE,CAAC,MAAM,EAAE,EAAE,CAC7B,MAAM,CAAC,OAAO,CAAC,mBAAmB,EAAE,mCAAmC,CAAC;KAC3E,CAAC,CAAC;IAEH,iFAAiF;IACjF,KAAK,GAAG,CAAC,QAAQ,CAAC,SAAS,EAAE;QAC3B,GAAG,EAAE,GAAG;QACR,UAAU,EAAE,UAAU;QACtB,oBAAoB,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE;YAC1C,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;YAC5C,KAAwC,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;YAC1E,OAAO,KAAK,CAAC;QACf,CAAC;KACF,CAAC,CAAC;IAEH,gEAAgE;IAChE,KAAK,GAAG,CAAC,QAAQ,CAAC,aAAa,EAAE;QAC/B,iBAAiB,EAAE,IAAI;QACvB,gBAAgB,EAAE,WAAW;QAC7B,UAAU,EAAE,EAAE;QACd,OAAO,EAAE,iCAAiC;KAC3C,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,GAAG,CAAC,gBAAgB,EAAmB,CAAC;IAEzD,QAAQ,CAAC,eAAe,CAAC,CAAC,KAAmB,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QAC/D,MAAM,UAAU,GACd,KAAK,CAAC,UAAU,KAAK,SAAS,IAAI,KAAK,CAAC,UAAU,IAAI,GAAG;YACvD,CAAC,CAAC,KAAK,CAAC,UAAU;YAClB,CAAC,CAAC,GAAG,CAAC;QAEV,MAAM,UAAU,GAAG;YACjB,GAAG,EAAE,KAAK;YACV,OAAO,EAAE;gBACP,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,GAAG,EAAE,OAAO,CAAC,GAAG;gBAChB,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,MAAM,EAAE,OAAO,CAAC,MAAM;aACvB;SACF,CAAC;QACF,IAAI,UAAU,IAAI,GAAG,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;QAChD,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;QAC/C,CAAC;QAED,IAAI,mCAAmC,CAAC,KAAK,CAAC,EAAE,CAAC;YAC/C,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,mBAAmB,CAAC,CAAC,CAAC;QACpE,CAAC;QAED,IAAI,4BAA4B,CAAC,KAAK,CAAC,EAAE,CAAC;YACxC,OAAO,KAAK,CAAC,IAAI,CACf,GAAG,CAAC,UAAU,CAAC,mBAAmB,CAAC,uBAAuB,CAAC,CAC5D,CAAC;QACJ,CAAC;QAED,mCAAmC;QACnC,IACE,KAAK,CAAC,UAAU,KAAK,GAAG;YACxB,KAAK,CAAC,IAAI,KAAK,gCAAgC,EAC/C,CAAC;YACD,OAAO,KAAK,CAAC,IAAI,CACf,GAAG,CAAC,UAAU,CAAC,oBAAoB,CAAC,wBAAwB,CAAC,CAC9D,CAAC;QACJ,CAAC;QAED,+BAA+B;QAC/B,IACE,KAAK,CAAC,UAAU,KAAK,GAAG;YACxB,KAAK,CAAC,IAAI,KAAK,+BAA+B,EAC9C,CAAC;YACD,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC;QAC/D,CAAC;QAED,IAAI,UAAU,IAAI,GAAG,IAAI,UAAU,KAAK,GAAG,EAAE,CAAC;YAC5C,OAAO,KAAK,CAAC,IAAI,CACf,GAAG,CAAC,UAAU,CAAC,mBAAmB,CAAC,uBAAuB,CAAC,CAC5D,CAAC;QACJ,CAAC;QAED,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC3B,CAAC,CAAC,CAAC;IAEH,+EAA+E;IAC/E,kFAAkF;IAClF,oCAAoC;IACpC,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE;QACb,QAAQ,CAAC,kBAAkB,CACzB;YACE,UAAU,EAAE,GAAG,CAAC,SAAS,CAAC;gBACxB,GAAG,EAAE,CAAC;gBACN,UAAU,EAAE,GAAG;aAChB,CAAC;SACH,EACD,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE;YACxB,OAAO,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QACrC,CAAC,CACF,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,OAAO,GAAG,CAAC;AACb,CAAC;AAED,OAAO,EAAE,QAAQ,EAAE,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,8 +1,25 @@
|
|
|
1
1
|
{
|
|
2
|
+
"scripts": {
|
|
3
|
+
"prepack": "pnpm run rebuild",
|
|
4
|
+
"prepare": "git config core.hooksPath .githooks",
|
|
5
|
+
"build": "tsc -p tsconfig.app.json && cp -r src/db/migrations dist/db/migrations",
|
|
6
|
+
"clean": "rm -rf dist *.tsbuildinfo",
|
|
7
|
+
"format": "prettier --write .",
|
|
8
|
+
"format:check": "prettier --check .",
|
|
9
|
+
"fta": "fta-check",
|
|
10
|
+
"knip": "knip",
|
|
11
|
+
"lint": "eslint",
|
|
12
|
+
"rebuild": "pnpm run clean && pnpm run build",
|
|
13
|
+
"start": "pnpm -s run rebuild && node bin/axvault",
|
|
14
|
+
"test": "vitest run",
|
|
15
|
+
"test:coverage": "vitest run --coverage",
|
|
16
|
+
"test:watch": "vitest",
|
|
17
|
+
"typecheck": "tsc -b --noEmit"
|
|
18
|
+
},
|
|
2
19
|
"name": "axvault",
|
|
3
20
|
"author": "Łukasz Jerciński",
|
|
4
21
|
"license": "MIT",
|
|
5
|
-
"version": "1.
|
|
22
|
+
"version": "1.14.0",
|
|
6
23
|
"description": "Remote credential storage server for axkit",
|
|
7
24
|
"repository": {
|
|
8
25
|
"type": "git",
|
|
@@ -30,23 +47,6 @@
|
|
|
30
47
|
"README.md",
|
|
31
48
|
"LICENSE"
|
|
32
49
|
],
|
|
33
|
-
"scripts": {
|
|
34
|
-
"prepare": "git config core.hooksPath .githooks",
|
|
35
|
-
"prepack": "pnpm run rebuild",
|
|
36
|
-
"build": "tsc -p tsconfig.app.json && cp -r src/db/migrations dist/db/migrations",
|
|
37
|
-
"clean": "rm -rf dist *.tsbuildinfo",
|
|
38
|
-
"format": "prettier --write .",
|
|
39
|
-
"format:check": "prettier --check .",
|
|
40
|
-
"fta": "fta-check",
|
|
41
|
-
"knip": "knip",
|
|
42
|
-
"lint": "eslint",
|
|
43
|
-
"rebuild": "pnpm run clean && pnpm run build",
|
|
44
|
-
"start": "pnpm -s run rebuild && node bin/axvault",
|
|
45
|
-
"test": "vitest run",
|
|
46
|
-
"test:coverage": "vitest run --coverage",
|
|
47
|
-
"test:watch": "vitest",
|
|
48
|
-
"typecheck": "tsc -b --noEmit"
|
|
49
|
-
},
|
|
50
50
|
"dependencies": {
|
|
51
51
|
"@commander-js/extra-typings": "^14.0.0",
|
|
52
52
|
"@fastify/env": "^6.0.0",
|
|
@@ -1,7 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Map numeric HTTP status codes to @fastify/sensible reply methods.
|
|
3
|
-
*/
|
|
4
|
-
import type { FastifyReply } from "fastify";
|
|
5
|
-
declare function sendSensibleError(reply: FastifyReply, statusCode: number, message: string): FastifyReply<import("fastify").RouteGenericInterface, import("fastify").RawServerDefault, import("node:http").IncomingMessage, import("node:http").ServerResponse<import("node:http").IncomingMessage>, unknown, import("fastify").FastifySchema, import("fastify").FastifyTypeProviderDefault, unknown>;
|
|
6
|
-
export { sendSensibleError };
|
|
7
|
-
//# sourceMappingURL=send-sensible-error.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"send-sensible-error.d.ts","sourceRoot":"","sources":["../../src/server/send-sensible-error.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE5C,iBAAS,iBAAiB,CACxB,KAAK,EAAE,YAAY,EACnB,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,MAAM,4SAmChB;AAED,OAAO,EAAE,iBAAiB,EAAE,CAAC"}
|