catalyst-relay 0.2.0 → 0.2.2

package/README.md

@@ -59,6 +59,29 @@ const [session, loginError] = await client.login();
 if (loginError) throw loginError;
 console.log(`Logged in as ${session.username}`);
 
+// --- SAML Authentication (requires playwright) ---
+const [samlClient] = createClient({
+    url: 'https://sap-server:443',
+    client: '100',
+    auth: {
+        type: 'saml',
+        username: 'user@company.com',
+        password: 'pass'
+    },
+    insecure: true
+});
+
+// --- SSO Authentication (requires kerberos) ---
+const [ssoClient] = createClient({
+    url: 'https://sap-server:443',
+    client: '100',
+    auth: {
+        type: 'sso',
+        slsUrl: 'https://sapsso.company.com'
+    },
+    insecure: true
+});
+
 // Read ABAP objects
 const [objects, readError] = await client.read([
     { name: 'ZCL_MY_CLASS', extension: 'aclass' },
@@ -94,10 +117,33 @@ curl -X POST http://localhost:3000/login \
   }'
 
 # Response: { "success": true, "data": { "sessionId": "abc123", "username": "USER" } }
+
+# Login with SAML
+curl -X POST http://localhost:3000/login \
+  -H "Content-Type: application/json" \
+  -d '{
+    "url": "https://sap-server:443",
+    "client": "100",
+    "auth": { "type": "saml", "username": "user@company.com", "password": "pass" }
+  }'
+
+# Login with SSO (Kerberos)
+curl -X POST http://localhost:3000/login \
+  -H "Content-Type: application/json" \
+  -d '{
+    "url": "https://sap-server:443",
+    "client": "100",
+    "auth": { "type": "sso", "slsUrl": "https://sapsso.company.com" }
+  }'
 ```
 
 ## Features
 
+### Authentication
+- **Basic Auth** — Username/password authentication
+- **SAML** — Browser-automated SSO via identity providers (Azure AD, Okta, SAP IDP)
+- **SSO (Kerberos)** — Windows domain authentication via SAP Secure Login Server
+
 ### Session Management
 - Login/logout with session tokens
 - Automatic CSRF token handling and refresh
@@ -224,9 +270,9 @@ if (!error) {
 ```typescript
 const [data, error] = await client.previewData({
     objectName: 'T000',
-    columns: ['MANDT', 'MTEXT'],
-    limit: 10,
-    where: "MANDT = '100'"
+    objectType: 'table',
+    sqlQuery: "SELECT MANDT, MTEXT FROM T000 WHERE MANDT = '100'",
+    limit: 10
 });
 ```
 
@@ -281,7 +327,8 @@ curl -X POST http://localhost:3000/preview/data \
   -H "x-session-id: abc123" \
   -d '{
     "objectName": "T000",
-    "columns": ["MANDT", "MTEXT"],
+    "objectType": "table",
+    "sqlQuery": "SELECT MANDT, MTEXT FROM T000 WHERE MANDT = '\''100'\''",
     "limit": 10
   }'
 ```
@@ -376,9 +423,8 @@ The library uses only web standard APIs (`fetch`, `Request`, `Response`, `URL`)
 
 ## Known Limitations
 
-- **SAML authentication**: Stubbed out, not yet implemented
-- **SSO (Kerberos) authentication**: Stubbed out, not yet implemented
-- Basic authentication is fully functional
+- **SSO (Kerberos)**: Primarily tested on Windows with Active Directory; Linux/macOS requires MIT Kerberos with valid ticket (`kinit`)
+- **SAML**: First run downloads Chromium browser (~150MB) for headless automation
 
 ## Dependencies
 
@@ -389,6 +435,14 @@ The library uses only web standard APIs (`fetch`, `Request`, `Response`, `URL`)
 | `undici` | HTTP client with SSL bypass support |
 | `@xmldom/xmldom` | XML parsing for ADT responses |
 | `diff` | Text diffing for git-diff feature |
+| `node-forge` | Certificate parsing and RSA key generation (SSO) |
+
+### Optional Peer Dependencies
+
+| Package | Required For | Install |
+|---------|--------------|---------|
+| `playwright` | SAML authentication | `npm install playwright` |
+| `kerberos` | SSO (Kerberos) authentication | `npm install kerberos` |
 
 ## Project Structure
 
@@ -401,6 +455,9 @@ src/
 │   ├── config.ts         # Configuration loading
 │   ├── adt/              # ADT operations
 │   ├── auth/             # Authentication strategies
+│   │   ├── basic/        # Username/password auth
+│   │   ├── saml/         # SAML browser automation
+│   │   └── sso/          # Kerberos + mTLS certificates
 │   ├── session/          # Session management
 │   └── utils/            # Shared utilities
 ├── types/                # TypeScript type definitions

package/dist/index.d.mts

@@ -10,6 +10,26 @@ interface BasicAuthConfig {
     username: string;
     password: string;
 }
+/**
+ * CSS selectors for SAML login form
+ */
+interface SamlFormSelectors {
+    /** CSS selector for username input field */
+    username: string;
+    /** CSS selector for password input field */
+    password: string;
+    /** CSS selector for submit button */
+    submit: string;
+}
+/**
+ * SAML provider configuration
+ */
+interface SamlProviderConfig {
+    /** Whether to ignore HTTPS certificate errors */
+    ignoreHttpsErrors: boolean;
+    /** CSS selectors for login form elements */
+    formSelectors: SamlFormSelectors;
+}
 /**
  * SAML authentication configuration
  */
@@ -17,13 +37,23 @@ interface SamlAuthConfig {
     type: 'saml';
     username: string;
     password: string;
-    provider?: string;
+    /** Optional custom provider configuration for non-standard login forms */
+    providerConfig?: SamlProviderConfig;
 }
 /**
  * SSO (Kerberos) authentication configuration
  */
 interface SsoAuthConfig {
     type: 'sso';
+    /** Secure Login Server URL (e.g., https://sapsso.corp.example.com) */
+    slsUrl: string;
+    /** SLS profile name (default: SAPSSO_P) */
+    profile?: string;
+    /** Kerberos service principal name override */
+    servicePrincipalName?: string;
+    /** Force certificate re-enrollment even if valid cert exists */
+    forceEnroll?: boolean;
+    /** @deprecated Use slsUrl instead */
     certificate?: string;
 }
 /**
@@ -83,30 +113,10 @@ interface PreviewQuery {
     objectName: string;
     /** Object type ('table' or 'view') */
     objectType: 'table' | 'view';
-    /** WHERE clause filters */
-    filters?: Filter[];
-    /** ORDER BY columns */
-    orderBy?: OrderBy[];
+    /** SQL query to execute */
+    sqlQuery: string;
     /** Maximum rows to return (default: 100) */
     limit?: number;
-    /** Row offset for pagination */
-    offset?: number;
-}
-/**
- * Filter condition for data preview
- */
-interface Filter {
-    column: string;
-    operator: FilterOperator;
-    value: string | number | boolean | null;
-}
-type FilterOperator = 'eq' | 'ne' | 'gt' | 'ge' | 'lt' | 'le' | 'like' | 'in';
-/**
- * Sort specification for data preview
- */
-interface OrderBy {
-    column: string;
-    direction: 'asc' | 'desc';
 }
 
 /**
@@ -402,12 +412,11 @@ interface DiffResult {
  * HTTP client for SAP ADT (ABAP Development Tools) with:
  * - Session management (login/logout)
  * - CSRF token fetching and automatic refresh
- * - Basic authentication (SAML and SSO to be implemented)
+ * - Basic, SAML, and SSO (Kerberos + mTLS) authentication
  * - Automatic retry on 403 CSRF errors
  * - Session reset on 500 errors
  *
  * Uses web standard APIs (fetch, Request, Response) - runtime-agnostic.
- * High-level ADT operations (CRAUD, preview, etc.) are stubs to be implemented.
  */
 
 interface ADTClient {
@@ -435,4 +444,4 @@ interface ADTClient {
 }
 declare function createClient(config: ClientConfig): Result<ADTClient, Error>;
 
-export { type ADTClient, type ActivationMessage, type ActivationResult, type ApiResponse, type AsyncResult, type AuthConfig, type AuthType, type BasicAuthConfig, type ClientConfig, type ColumnInfo, type DataFrame, type Dependency, type DiffResult, type DistinctResult, type ErrorCode, type ErrorResponse, type Filter, type FilterOperator, type ObjectConfig, type ObjectContent, type ObjectMetadata, type ObjectRef, type ObjectWithContent, type OrderBy, type Package, type PreviewQuery, type Result, type SamlAuthConfig, type SearchResult, type Session, type SsoAuthConfig, type SuccessResponse, type Transport, type TransportConfig, type TreeNode, type TreeQuery, type UpsertResult, createClient, err, ok };
+export { type ADTClient, type ActivationMessage, type ActivationResult, type ApiResponse, type AsyncResult, type AuthConfig, type AuthType, type BasicAuthConfig, type ClientConfig, type ColumnInfo, type DataFrame, type Dependency, type DiffResult, type DistinctResult, type ErrorCode, type ErrorResponse, type ObjectConfig, type ObjectContent, type ObjectMetadata, type ObjectRef, type ObjectWithContent, type Package, type PreviewQuery, type Result, type SamlAuthConfig, type SearchResult, type Session, type SsoAuthConfig, type SuccessResponse, type Transport, type TransportConfig, type TreeNode, type TreeQuery, type UpsertResult, createClient, err, ok };

package/dist/index.d.ts

@@ -10,6 +10,26 @@ interface BasicAuthConfig {
     username: string;
     password: string;
 }
+/**
+ * CSS selectors for SAML login form
+ */
+interface SamlFormSelectors {
+    /** CSS selector for username input field */
+    username: string;
+    /** CSS selector for password input field */
+    password: string;
+    /** CSS selector for submit button */
+    submit: string;
+}
+/**
+ * SAML provider configuration
+ */
+interface SamlProviderConfig {
+    /** Whether to ignore HTTPS certificate errors */
+    ignoreHttpsErrors: boolean;
+    /** CSS selectors for login form elements */
+    formSelectors: SamlFormSelectors;
+}
 /**
  * SAML authentication configuration
  */
@@ -17,13 +37,23 @@ interface SamlAuthConfig {
     type: 'saml';
     username: string;
     password: string;
-    provider?: string;
+    /** Optional custom provider configuration for non-standard login forms */
+    providerConfig?: SamlProviderConfig;
 }
 /**
  * SSO (Kerberos) authentication configuration
  */
 interface SsoAuthConfig {
     type: 'sso';
+    /** Secure Login Server URL (e.g., https://sapsso.corp.example.com) */
+    slsUrl: string;
+    /** SLS profile name (default: SAPSSO_P) */
+    profile?: string;
+    /** Kerberos service principal name override */
+    servicePrincipalName?: string;
+    /** Force certificate re-enrollment even if valid cert exists */
+    forceEnroll?: boolean;
+    /** @deprecated Use slsUrl instead */
     certificate?: string;
 }
 /**
@@ -83,30 +113,10 @@ interface PreviewQuery {
     objectName: string;
     /** Object type ('table' or 'view') */
     objectType: 'table' | 'view';
-    /** WHERE clause filters */
-    filters?: Filter[];
-    /** ORDER BY columns */
-    orderBy?: OrderBy[];
+    /** SQL query to execute */
+    sqlQuery: string;
     /** Maximum rows to return (default: 100) */
     limit?: number;
-    /** Row offset for pagination */
-    offset?: number;
-}
-/**
- * Filter condition for data preview
- */
-interface Filter {
-    column: string;
-    operator: FilterOperator;
-    value: string | number | boolean | null;
-}
-type FilterOperator = 'eq' | 'ne' | 'gt' | 'ge' | 'lt' | 'le' | 'like' | 'in';
-/**
- * Sort specification for data preview
- */
-interface OrderBy {
-    column: string;
-    direction: 'asc' | 'desc';
 }
 
 /**
@@ -402,12 +412,11 @@ interface DiffResult {
  * HTTP client for SAP ADT (ABAP Development Tools) with:
  * - Session management (login/logout)
  * - CSRF token fetching and automatic refresh
- * - Basic authentication (SAML and SSO to be implemented)
+ * - Basic, SAML, and SSO (Kerberos + mTLS) authentication
  * - Automatic retry on 403 CSRF errors
  * - Session reset on 500 errors
  *
  * Uses web standard APIs (fetch, Request, Response) - runtime-agnostic.
- * High-level ADT operations (CRAUD, preview, etc.) are stubs to be implemented.
  */
 
 interface ADTClient {
@@ -435,4 +444,4 @@ interface ADTClient {
 }
 declare function createClient(config: ClientConfig): Result<ADTClient, Error>;
 
-export { type ADTClient, type ActivationMessage, type ActivationResult, type ApiResponse, type AsyncResult, type AuthConfig, type AuthType, type BasicAuthConfig, type ClientConfig, type ColumnInfo, type DataFrame, type Dependency, type DiffResult, type DistinctResult, type ErrorCode, type ErrorResponse, type Filter, type FilterOperator, type ObjectConfig, type ObjectContent, type ObjectMetadata, type ObjectRef, type ObjectWithContent, type OrderBy, type Package, type PreviewQuery, type Result, type SamlAuthConfig, type SearchResult, type Session, type SsoAuthConfig, type SuccessResponse, type Transport, type TransportConfig, type TreeNode, type TreeQuery, type UpsertResult, createClient, err, ok };
+export { type ADTClient, type ActivationMessage, type ActivationResult, type ApiResponse, type AsyncResult, type AuthConfig, type AuthType, type BasicAuthConfig, type ClientConfig, type ColumnInfo, type DataFrame, type Dependency, type DiffResult, type DistinctResult, type ErrorCode, type ErrorResponse, type ObjectConfig, type ObjectContent, type ObjectMetadata, type ObjectRef, type ObjectWithContent, type Package, type PreviewQuery, type Result, type SamlAuthConfig, type SearchResult, type Session, type SsoAuthConfig, type SuccessResponse, type Transport, type TransportConfig, type TreeNode, type TreeQuery, type UpsertResult, createClient, err, ok };