casualos 3.3.8-alpha.10146812598 → 3.3.8-alpha.10185494837

package/dist/cli.js

@@ -94691,7 +94691,7 @@ var trace = TraceAPI.getInstance();
 function hashLowEntropyPasswordWithSalt2(password, salt) {
   const tracer = trace.getTracer(
     "InstrumentedHashHelpers",
-    false ? void 0 : "v3.3.8-alpha.10146812598"
+    false ? void 0 : "v3.3.8-alpha.10185494837"
   );
   return tracer.startActiveSpan(
     "hashLowEntropyPasswordWithSalt",
@@ -94709,7 +94709,7 @@ function hashLowEntropyPasswordWithSalt2(password, salt) {
 function hashHighEntropyPasswordWithSalt2(password, salt) {
   const tracer = trace.getTracer(
     "InstrumentedHashHelpers",
-    false ? void 0 : "v3.3.8-alpha.10146812598"
+    false ? void 0 : "v3.3.8-alpha.10185494837"
   );
   return tracer.startActiveSpan(
     "hashHighEntropyPasswordWithSalt",
@@ -94727,7 +94727,7 @@ function hashHighEntropyPasswordWithSalt2(password, salt) {
 function verifyPasswordAgainstHashes2(password, salt, hashes) {
   const tracer = trace.getTracer(
     "InstrumentedHashHelpers",
-    false ? void 0 : "v3.3.8-alpha.10146812598"
+    false ? void 0 : "v3.3.8-alpha.10185494837"
   );
   return tracer.startActiveSpan(
     "verifyPasswordAgainstHashes",
@@ -101321,7 +101321,7 @@ var import_semantic_conventions = __toESM(require_src3());
 function traced(tracerName, options = {}, metricOptions = {}) {
   const tracer = trace.getTracer(
     tracerName,
-    false ? void 0 : "v3.3.8-alpha.10146812598"
+    false ? void 0 : "v3.3.8-alpha.10185494837"
   );
   return function(target, propertyKey, descriptor) {
     const originalMethod = descriptor.value;
@@ -101399,7 +101399,7 @@ function getHistogram(meter) {
   }
   return metrics.getMeter(
     meter.meter,
-    false ? void 0 : "v3.3.8-alpha.10146812598"
+    false ? void 0 : "v3.3.8-alpha.10185494837"
   ).createHistogram(meter.name, meter.options);
 }
 function getCounter(meter) {
@@ -101408,7 +101408,7 @@ function getCounter(meter) {
   }
   return metrics.getMeter(
     meter.meter,
-    false ? void 0 : "v3.3.8-alpha.10146812598"
+    false ? void 0 : "v3.3.8-alpha.10185494837"
   ).createCounter(meter.name, meter.options);
 }
 function traceHttpResponse(options = {}) {
@@ -106769,7 +106769,7 @@ var WebsocketController = class {
             connection.inst,
             connection.branch
           );
-          if (branch2.temporary) {
+          if (branch2?.temporary) {
             await this._temporaryStore.deleteBranch(
               connection.recordName,
               connection.inst,
@@ -111900,7 +111900,7 @@ var RecordsServer = class {
     this._loomController = loomController;
     this._tracer = trace.getTracer(
       "RecordsServer",
-      false ? void 0 : "v3.3.8-alpha.10146812598"
+      false ? void 0 : "v3.3.8-alpha.10185494837"
     );
     this._procedures = this._createProcedures();
     this._setupRoutes();
@@ -112464,6 +112464,36 @@ var RecordsServer = class {
       updateFile: procedure().origins("api").http("PUT", "/api/v2/records/file").inputs(UPDATE_FILE_SCHEMA).handler(
         async (data, context) => this._updateFile(data, context)
       ),
+      scanFileForModeration: procedure().origins("account").http("POST", "/api/v2/records/file/scan").inputs(
+        z.object({
+          recordName: RECORD_NAME_VALIDATION,
+          fileName: z.string().min(1)
+        })
+      ).handler(async (input2, context) => {
+        const validation = await this._validateSessionKey(
+          context.sessionKey
+        );
+        if (validation.success === false) {
+          if (validation.errorCode === "no_session_key") {
+            return NOT_LOGGED_IN_RESULT;
+          }
+          return validation;
+        }
+        if (!isSuperUserRole(validation.role)) {
+          return {
+            success: false,
+            errorCode: "not_authorized",
+            errorMessage: "You are not authorized to perform this action."
+          };
+        }
+        const recordName = input2.recordName;
+        const fileName = input2.fileName;
+        const result = await this._moderationController.scanFile({
+          recordName,
+          fileName
+        });
+        return result;
+      }),
       eraseData: procedure().origins("api").http("DELETE", "/api/v2/records/data").inputs(ERASE_DATA_SCHEMA).handler(
         async (data, context) => this._baseEraseRecordData(this._data, data, context)
       ),
@@ -113734,8 +113764,8 @@ var RecordsServer = class {
         return {
           success: true,
           ...metadata,
-          version: true ? "v3.3.8-alpha.10146812598" : void 0,
-          versionHash: true ? "fa305e70ffae2a7db952ef49002955d89d58cb46" : void 0
+          version: true ? "v3.3.8-alpha.10185494837" : void 0,
+          versionHash: true ? "91a916cb35e56046a4342c1841d800db837acbbe" : void 0
         };
       })
     };
@@ -126561,10 +126591,11 @@ var import_lodash23 = __toESM(require_lodash());
 // ../aux-records/ModerationController.ts
 var TRACE_NAME16 = "ModerationController";
 var ModerationController = class {
-  constructor(store, config2, messenger) {
+  constructor(store, config2, messenger, jobProvider) {
     this._store = store;
     this._config = config2;
     this._messenger = messenger;
+    this._jobProvider = jobProvider;
   }
   async reportInst(request) {
     try {
@@ -126626,10 +126657,266 @@ var ModerationController = class {
       };
     }
   }
+  async scheduleModerationScans() {
+    try {
+      if (!this._jobProvider) {
+        console.warn(
+          "[ModerationController] No job provider available to schedule moderation scans."
+        );
+        return {
+          success: false,
+          errorCode: "not_supported",
+          errorMessage: "This operation is not supported."
+        };
+      }
+      const config2 = await this._config.getModerationConfig();
+      if (!config2) {
+        return {
+          success: false,
+          errorCode: "not_supported",
+          errorMessage: "This operation is not supported."
+        };
+      }
+      const jobs = [];
+      if (config2.jobs?.files?.enabled) {
+        console.log(
+          "[ModerationController] Starting file moderation job..."
+        );
+        let filter3 = {};
+        if (config2.jobs.files.fileExtensions) {
+          filter3.keyNameConstraint = {
+            matchAnySuffix: config2.jobs.files.fileExtensions
+          };
+        }
+        const lastFileJob = await this._store.findMostRecentJobOfType(
+          "files"
+        );
+        if (lastFileJob) {
+          filter3.createdAfterMs = lastFileJob.createdAtMs;
+        }
+        const job = await this._jobProvider.startFilesJob(filter3);
+        await this._store.addModerationJob(job);
+        jobs.push(job);
+        console.log(
+          "[ModerationController] File moderation job started:",
+          job
+        );
+      }
+      return {
+        success: true,
+        jobs
+      };
+    } catch (err) {
+      const span = trace.getActiveSpan();
+      span?.recordException(err);
+      span?.setStatus({ code: SpanStatusCode.ERROR });
+      console.error(
+        "[ModerationController] Failed to start moderation jobs:",
+        err
+      );
+      return {
+        success: false,
+        errorCode: "server_error",
+        errorMessage: "A server error occurred."
+      };
+    }
+  }
+  async scanFile(request) {
+    try {
+      if (!this._jobProvider) {
+        console.warn(
+          "[ModerationController] No job provider available to scan files."
+        );
+        return {
+          success: false,
+          errorCode: "not_supported",
+          errorMessage: "This operation is not supported."
+        };
+      }
+      const config2 = await this._config.getModerationConfig();
+      if (!config2) {
+        return {
+          success: false,
+          errorCode: "not_supported",
+          errorMessage: "This operation is not supported."
+        };
+      }
+      if (!config2.jobs?.files?.enabled) {
+        return {
+          success: false,
+          errorCode: "not_supported",
+          errorMessage: "This operation is not supported."
+        };
+      }
+      if (config2.jobs.files.fileExtensions) {
+        if (config2.jobs.files.fileExtensions.every(
+          (ext) => !request.fileName.endsWith(ext)
+        )) {
+          return {
+            success: false,
+            errorCode: "not_supported",
+            errorMessage: "The file extension is not supported."
+          };
+        }
+      }
+      const createdAtMs = Date.now();
+      const scan = await this._jobProvider.scanFile({
+        recordName: request.recordName,
+        fileName: request.fileName,
+        minConfidence: config2.jobs.files.minConfidence
+      });
+      const resultId = v4_default();
+      let bannedLabel = null;
+      for (let label of config2.jobs.files.bannedLabels) {
+        if (label.label) {
+          bannedLabel = scan.labels.find(
+            (l3) => l3.name.localeCompare(label.label, void 0, {
+              sensitivity: "base"
+            }) === 0 && l3.confidence >= label.threshold
+          );
+        }
+        if (bannedLabel) {
+          console.log(
+            `[ModerationController] Banned label (${bannedLabel.name}) detected in file: ${request.fileName}`
+          );
+          if (label.actions.includes("notify") && this._messenger) {
+            await this._messenger.sendRecordNotification({
+              resource: "file",
+              action: "scanned",
+              recordName: request.recordName,
+              resourceId: request.fileName,
+              resultId,
+              labels: scan.labels,
+              timeMs: createdAtMs,
+              bannedLabel,
+              message: `Banned label (${bannedLabel.category ? bannedLabel.category + ":" : ""}${bannedLabel.name ?? ""}) detected in file (${request.recordName}/${request.fileName}).`
+            });
+          }
+          break;
+        }
+      }
+      const result = {
+        id: resultId,
+        recordName: request.recordName,
+        fileName: request.fileName,
+        jobId: request.jobId,
+        labels: scan.labels,
+        modelVersion: scan.modelVersion,
+        createdAtMs,
+        updatedAtMs: Date.now(),
+        appearsToMatchBannedContent: !!bannedLabel
+      };
+      this._store.addFileModerationResult(result);
+      return {
+        success: true,
+        result
+      };
+    } catch (err) {
+      const span = trace.getActiveSpan();
+      span?.recordException(err);
+      span?.setStatus({ code: SpanStatusCode.ERROR });
+      console.error("[ModerationController] Failed to scan file:", err);
+      return {
+        success: false,
+        errorCode: "server_error",
+        errorMessage: "A server error occurred."
+      };
+    }
+  }
 };
 __decorateClass([
   traced(TRACE_NAME16)
 ], ModerationController.prototype, "reportInst", 1);
+__decorateClass([
+  traced(TRACE_NAME16)
+], ModerationController.prototype, "scheduleModerationScans", 1);
+__decorateClass([
+  traced(TRACE_NAME16)
+], ModerationController.prototype, "scanFile", 1);
+
+// ../aux-records/ModerationConfiguration.ts
+var moderationSchema = z.object({
+  allowUnauthenticatedReports: z.boolean().describe(
+    "Whether to allow unauthenticated users to report insts. Defaults to true."
+  ).default(true),
+  jobs: z.object({
+    files: z.object({
+      enabled: z.boolean().describe("Whether to enable file moderation."),
+      fileExtensions: z.array(z.string()).describe(
+        "The file extensions to scan. Defaults to common image formats."
+      ).optional().default([".png", ".webp", ".jpg", ".jpeg", ".gif"]),
+      minConfidence: z.number().describe(
+        "The minimum confidence to consider a detected label. Should be between 0 and 1. For AWS Rekognition, this defaults to 0.5."
+      ).min(0).max(1).optional(),
+      bannedLabels: z.array(
+        z.object({
+          label: z.string().describe(
+            "The label that should be matched. If omitted, then labels will be matched by category. See https://docs.aws.amazon.com/rekognition/latest/dg/moderation.html#moderation-api for AWS Rekognition moderation labels."
+          ).optional(),
+          threshold: z.number().describe(
+            "The threshold that the label confidence must equal or exceed in order to be considered a match. Defaults to 0.7."
+          ).min(0).max(1).default(0.7),
+          actions: z.array(z.enum(["notify"])).describe(
+            "The actions that should be taken when a file is detected with the label. Defaults to [notify]."
+          ).optional().default(["notify"])
+        })
+      ).describe(
+        "The labels that should be banned. If a file contains any of these labels, it will be marked as banned. Additionally, a notification will be sent "
+      ).optional().default([
+        {
+          label: "Explicit",
+          threshold: 0.5,
+          actions: ["notify"]
+        },
+        {
+          label: "Non-Explicit Nudity of Intimate parts and Kissing",
+          threshold: 0.5,
+          actions: ["notify"]
+        },
+        {
+          label: "Swimwear or Underwear",
+          threshold: 0.5,
+          actions: ["notify"]
+        },
+        {
+          label: "Violence",
+          threshold: 0.5,
+          actions: ["notify"]
+        },
+        {
+          label: "Visually Disturbing",
+          threshold: 0.5,
+          actions: ["notify"]
+        },
+        {
+          label: "Drugs & Tobacco",
+          threshold: 0.5,
+          actions: ["notify"]
+        },
+        {
+          label: "Alcohol",
+          threshold: 0.5,
+          actions: ["notify"]
+        },
+        {
+          label: "Rude Gestures",
+          threshold: 0.5,
+          actions: ["notify"]
+        },
+        {
+          label: "Gambling",
+          threshold: 0.5,
+          actions: ["notify"]
+        },
+        {
+          label: "Hate Symbols",
+          threshold: 0.5,
+          actions: ["notify"]
+        }
+      ])
+    }).describe("Options for moderating files.")
+  }).describe("The moderation jobs that are enabled.").optional()
+});
 
 // ../aux-records/NotificationMessenger.ts
 var slackSchema = z.object({
@@ -127562,13 +127849,6 @@ __decorateClass([
   traced(TRACE_NAME17)
 ], LoomController.prototype, "getToken", 1);
 
-// ../aux-records/ModerationConfiguration.ts
-var moderationSchema = z.object({
-  allowUnauthenticatedReports: z.boolean().describe(
-    "Whether to allow unauthenticated users to report insts. Defaults to true."
-  ).default(true)
-});
-
 // ../aux-records/PrivoConfiguration.ts
 var privoSchema = z.object({
   gatewayEndpoint: z.string().describe("The Privo API (aslo called the Gateway) URL.").nonempty(),
@@ -127982,10 +128262,47 @@ var telemetrySchema = z.object({
     "The resource that should be used. See https://opentelemetry.io/docs/specs/semconv/resource/ for more information."
   ).optional().default({})
 });
+var rekognitionSchema = z.object({
+  moderation: z.object({
+    files: z.object({
+      job: z.object({
+        sourceBucket: z.string().describe(
+          "The bucket that should be scanned when a job is started."
+        ).min(1),
+        reportBucket: z.string().describe(
+          "The bucket that job reports should be placed in."
+        ).min(1),
+        priority: z.number().describe(
+          "The priority of jobs that are created. Higher numbers are higher priority. Defaults to 10."
+        ).int().optional().default(10),
+        roleArn: z.string().describe(
+          "The ARN of the role that should be used to run the job."
+        ).min(1),
+        lambdaFunctionArn: z.string().describe(
+          "The ARN of the lambda function that should be invoked to process the files."
+        ).min(1),
+        tags: z.array(
+          z.object({
+            key: z.string().min(1),
+            value: z.string().min(1)
+          })
+        ).describe("The tags that should be placed on the job.").optional()
+      }).describe("The options specific to starting batch jobs.").optional(),
+      scan: z.object({
+        projectVersionArn: z.string().describe(
+          "The ARN of the custom moderation model that should be used. If omitted, then the default model is used."
+        ).min(1).optional()
+      }).describe("The options specific to scanning files.").optional()
+    })
+  })
+});
 var serverConfigSchema = z.object({
   s3: s3Schema.describe(
     "S3 Configuration Options. If omitted, then S3 cannot be used for file storage."
   ).optional(),
+  rekognition: rekognitionSchema.describe(
+    "AWS Rekognition configuration options. If omitted, then AWS Rekognition cannot be used for moderation/classification."
+  ).optional(),
   minio: minioSchema.describe(
     "Minio Configuration Options. If omitted, then Minio cannot be used for file storage."
   ).optional(),
@@ -128079,7 +128396,7 @@ var config = new Conf({
   projectName: "casualos-cli"
 });
 var program2 = new Command();
-program2.name("casualos").description("A CLI for CasualOS").version("v3.3.8-alpha.10146812598").option(
+program2.name("casualos").description("A CLI for CasualOS").version("v3.3.8-alpha.10185494837").option(
   "-e, --endpoint <url>",
   "The endpoint to use for queries. Can be used to override the current endpoint."
 );

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "casualos",
-    "version": "3.3.8-alpha.10146812598",
+    "version": "3.3.8-alpha.10185494837",
     "description": "Command line interface for CasualOS.",
     "main": "./dist/index.js",
     "types": "index.d.ts",
@@ -35,8 +35,8 @@
         "access": "public"
     },
     "dependencies": {
-        "@casual-simulation/aux-common": "^3.3.8-alpha.10146812598",
-        "@casual-simulation/aux-records": "^3.3.8-alpha.10146812598",
+        "@casual-simulation/aux-common": "^3.3.8-alpha.10185494837",
+        "@casual-simulation/aux-records": "^3.3.8-alpha.10185494837",
         "axios": "1.6.2",
         "commander": "12.0.0",
         "conf": "12.0.0",
@@ -54,5 +54,5 @@
         "**/*.d.ts",
         "**/*.def"
     ],
-    "gitHead": "fa305e70ffae2a7db952ef49002955d89d58cb46"
+    "gitHead": "91a916cb35e56046a4342c1841d800db837acbbe"
 }