dominus-sdk-nodejs 1.1.7 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (21) hide show
  1. package/dist/index.d.ts +86 -9
  2. package/dist/index.d.ts.map +1 -1
  3. package/dist/index.js +103 -8
  4. package/dist/index.js.map +1 -1
  5. package/dist/lib/cache.d.ts +112 -0
  6. package/dist/lib/cache.d.ts.map +1 -0
  7. package/dist/lib/cache.js +237 -0
  8. package/dist/lib/cache.js.map +1 -0
  9. package/dist/lib/crypto.d.ts +70 -0
  10. package/dist/lib/crypto.d.ts.map +1 -0
  11. package/dist/lib/crypto.js +95 -0
  12. package/dist/lib/crypto.js.map +1 -0
  13. package/dist/namespaces/auth.d.ts +173 -29
  14. package/dist/namespaces/auth.d.ts.map +1 -1
  15. package/dist/namespaces/auth.js +511 -92
  16. package/dist/namespaces/auth.js.map +1 -1
  17. package/dist/namespaces/secure.d.ts +102 -0
  18. package/dist/namespaces/secure.d.ts.map +1 -0
  19. package/dist/namespaces/secure.js +151 -0
  20. package/dist/namespaces/secure.js.map +1 -0
  21. package/package.json +1 -1
package/dist/namespaces/auth.js CHANGED
@@ -3,44 +3,41 @@
3
3
  *
4
4
  * Provides RESTful access to users, roles, scopes, clients, tenants, etc.
5
5
  */
6
- import bcrypt from 'bcryptjs';
7
- // Helper to hash password client-side
8
- function hashPassword(password) {
9
- const salt = bcrypt.genSaltSync(12);
10
- return bcrypt.hashSync(password, salt);
11
- }
12
6
  export class AuthNamespace {
13
7
  client;
8
+ _publicKeyCache = null;
14
9
  constructor(client) {
15
10
  this.client = client;
16
11
  }
17
12
  // ========================================
18
13
  // USERS
19
14
  // ========================================
20
- async getUser(userId) {
15
+ async createUser(params) {
21
16
  return this.client.request({
22
- endpoint: `/api/guardian/users/${userId}`,
23
- method: 'GET',
17
+ endpoint: '/api/guardian/users',
18
+ body: {
19
+ username: params.username,
20
+ email: params.email,
21
+ password: params.password,
22
+ status: params.status || 'active',
23
+ },
24
24
  });
25
25
  }
26
- async listUsers() {
27
- const result = await this.client.request({
28
- endpoint: '/api/guardian/users',
26
+ async getUser(userId) {
27
+ return this.client.request({
28
+ endpoint: `/api/guardian/users/${userId}`,
29
29
  method: 'GET',
30
30
  });
31
- return Array.isArray(result) ? result : result.users || [];
32
31
  }
33
- async addUser(params) {
34
- const { username, password, email, roleId } = params;
35
- const passwordHash = hashPassword(password);
32
+ async listUsers(params) {
33
+ const { status, limit = 100, offset = 0, orderBy = 'created_at', orderDesc = true } = params || {};
34
+ let queryParams = `?limit=${limit}&offset=${offset}&order_by=${orderBy}&order_desc=${orderDesc}`;
35
+ if (status) {
36
+ queryParams += `&status=${status}`;
37
+ }
36
38
  return this.client.request({
37
- endpoint: '/api/guardian/users',
38
- body: {
39
- username,
40
- password_hash: passwordHash,
41
- email,
42
- role_id: roleId,
43
- },
39
+ endpoint: `/api/guardian/users${queryParams}`,
40
+ method: 'GET',
44
41
  });
45
42
  }
46
43
  async updateUser(userId, data) {
@@ -56,32 +53,121 @@ export class AuthNamespace {
56
53
  method: 'DELETE',
57
54
  });
58
55
  }
59
- // ========================================
60
- // ROLES
61
- // ========================================
62
- async getRole(roleId) {
56
+ async updatePassword(userId, password) {
63
57
  return this.client.request({
64
- endpoint: `/api/guardian/roles/${roleId}`,
58
+ endpoint: `/api/guardian/users/${userId}/password`,
59
+ method: 'PUT',
60
+ body: { password },
61
+ });
62
+ }
63
+ async verifyPassword(userId, password) {
64
+ return this.client.request({
65
+ endpoint: `/api/guardian/users/${userId}/verify-password`,
66
+ body: { password },
67
+ });
68
+ }
69
+ // User junction tables
70
+ async getUserRoles(userId) {
71
+ return this.client.request({
72
+ endpoint: `/api/guardian/users/${userId}/roles`,
65
73
  method: 'GET',
66
74
  });
67
75
  }
68
- async listRoles() {
69
- const result = await this.client.request({
70
- endpoint: '/api/guardian/roles',
76
+ async addUserRoles(userId, roleIds) {
77
+ return this.client.request({
78
+ endpoint: `/api/guardian/users/${userId}/roles`,
79
+ body: { role_ids: roleIds },
80
+ });
81
+ }
82
+ async removeUserRoles(userId, roleIds) {
83
+ return this.client.request({
84
+ endpoint: `/api/guardian/users/${userId}/roles`,
85
+ method: 'DELETE',
86
+ body: { role_ids: roleIds },
87
+ });
88
+ }
89
+ async getUserScopes(userId) {
90
+ return this.client.request({
91
+ endpoint: `/api/guardian/users/${userId}/scopes`,
71
92
  method: 'GET',
72
93
  });
73
- return Array.isArray(result) ? result : result.roles || [];
74
94
  }
75
- async addRole(params) {
95
+ async addUserScopes(userId, scopeIds) {
96
+ return this.client.request({
97
+ endpoint: `/api/guardian/users/${userId}/scopes`,
98
+ body: { scope_ids: scopeIds },
99
+ });
100
+ }
101
+ async removeUserScopes(userId, scopeIds) {
102
+ return this.client.request({
103
+ endpoint: `/api/guardian/users/${userId}/scopes`,
104
+ method: 'DELETE',
105
+ body: { scope_ids: scopeIds },
106
+ });
107
+ }
108
+ async getUserTenants(userId) {
109
+ return this.client.request({
110
+ endpoint: `/api/guardian/users/${userId}/tenants`,
111
+ method: 'GET',
112
+ });
113
+ }
114
+ async addUserTenants(userId, tenantIds) {
115
+ return this.client.request({
116
+ endpoint: `/api/guardian/users/${userId}/tenants`,
117
+ body: { tenant_ids: tenantIds },
118
+ });
119
+ }
120
+ async removeUserTenants(userId, tenantIds) {
121
+ return this.client.request({
122
+ endpoint: `/api/guardian/users/${userId}/tenants`,
123
+ method: 'DELETE',
124
+ body: { tenant_ids: tenantIds },
125
+ });
126
+ }
127
+ async getUserSubtypes(userId) {
128
+ return this.client.request({
129
+ endpoint: `/api/guardian/users/${userId}/subtypes`,
130
+ method: 'GET',
131
+ });
132
+ }
133
+ async addUserSubtypes(userId, subtypeIds) {
134
+ return this.client.request({
135
+ endpoint: `/api/guardian/users/${userId}/subtypes`,
136
+ body: { subtype_ids: subtypeIds },
137
+ });
138
+ }
139
+ async removeUserSubtypes(userId, subtypeIds) {
140
+ return this.client.request({
141
+ endpoint: `/api/guardian/users/${userId}/subtypes`,
142
+ method: 'DELETE',
143
+ body: { subtype_ids: subtypeIds },
144
+ });
145
+ }
146
+ // ========================================
147
+ // ROLES
148
+ // ========================================
149
+ async createRole(params) {
76
150
  return this.client.request({
77
151
  endpoint: '/api/guardian/roles',
78
152
  body: {
79
153
  name: params.name,
80
- scope_slugs: params.scopeSlugs || [],
81
154
  description: params.description,
82
155
  },
83
156
  });
84
157
  }
158
+ async getRole(roleId) {
159
+ return this.client.request({
160
+ endpoint: `/api/guardian/roles/${roleId}`,
161
+ method: 'GET',
162
+ });
163
+ }
164
+ async listRoles(params) {
165
+ const { limit = 100, offset = 0 } = params || {};
166
+ return this.client.request({
167
+ endpoint: `/api/guardian/roles?limit=${limit}&offset=${offset}`,
168
+ method: 'GET',
169
+ });
170
+ }
85
171
  async updateRole(roleId, data) {
86
172
  return this.client.request({
87
173
  endpoint: `/api/guardian/roles/${roleId}`,
@@ -95,23 +181,29 @@ export class AuthNamespace {
95
181
  method: 'DELETE',
96
182
  });
97
183
  }
98
- // ========================================
99
- // SCOPES
100
- // ========================================
101
- async getScope(scopeId) {
184
+ async getRoleScopes(roleId) {
102
185
  return this.client.request({
103
- endpoint: `/api/guardian/scopes/${scopeId}`,
186
+ endpoint: `/api/guardian/roles/${roleId}/scopes`,
104
187
  method: 'GET',
105
188
  });
106
189
  }
107
- async listScopes() {
108
- const result = await this.client.request({
109
- endpoint: '/api/guardian/scopes',
110
- method: 'GET',
190
+ async addRoleScopes(roleId, scopeIds) {
191
+ return this.client.request({
192
+ endpoint: `/api/guardian/roles/${roleId}/scopes`,
193
+ body: { scope_ids: scopeIds },
111
194
  });
112
- return Array.isArray(result) ? result : result.scopes || [];
113
195
  }
114
- async addScope(params) {
196
+ async removeRoleScopes(roleId, scopeIds) {
197
+ return this.client.request({
198
+ endpoint: `/api/guardian/roles/${roleId}/scopes`,
199
+ method: 'DELETE',
200
+ body: { scope_ids: scopeIds },
201
+ });
202
+ }
203
+ // ========================================
204
+ // SCOPES
205
+ // ========================================
206
+ async createScope(params) {
115
207
  return this.client.request({
116
208
  endpoint: '/api/guardian/scopes',
117
209
  body: {
@@ -121,11 +213,31 @@ export class AuthNamespace {
121
213
  },
122
214
  });
123
215
  }
216
+ async getScope(scopeId) {
217
+ return this.client.request({
218
+ endpoint: `/api/guardian/scopes/${scopeId}`,
219
+ method: 'GET',
220
+ });
221
+ }
222
+ async listScopes(params) {
223
+ const { limit = 100, offset = 0 } = params || {};
224
+ return this.client.request({
225
+ endpoint: `/api/guardian/scopes?limit=${limit}&offset=${offset}`,
226
+ method: 'GET',
227
+ });
228
+ }
124
229
  async updateScope(scopeId, data) {
230
+ const body = {};
231
+ if (data.slug !== undefined)
232
+ body.slug = data.slug;
233
+ if (data.displayName !== undefined)
234
+ body.display_name = data.displayName;
235
+ if (data.description !== undefined)
236
+ body.description = data.description;
125
237
  return this.client.request({
126
238
  endpoint: `/api/guardian/scopes/${scopeId}`,
127
239
  method: 'PUT',
128
- body: data,
240
+ body,
129
241
  });
130
242
  }
131
243
  async deleteScope(scopeId) {
@@ -135,28 +247,35 @@ export class AuthNamespace {
135
247
  });
136
248
  }
137
249
  // ========================================
138
- // CLIENTS
250
+ // CLIENTS (PSK/Machine Auth)
139
251
  // ========================================
252
+ async createClient(params) {
253
+ return this.client.request({
254
+ endpoint: '/api/guardian/clients',
255
+ body: {
256
+ label: params.label,
257
+ description: params.description,
258
+ },
259
+ });
260
+ }
140
261
  async getClient(clientId) {
141
262
  return this.client.request({
142
263
  endpoint: `/api/guardian/clients/${clientId}`,
143
264
  method: 'GET',
144
265
  });
145
266
  }
146
- async listClients() {
147
- const result = await this.client.request({
148
- endpoint: '/api/guardian/clients',
267
+ async listClients(params) {
268
+ const { limit = 100, offset = 0 } = params || {};
269
+ return this.client.request({
270
+ endpoint: `/api/guardian/clients?limit=${limit}&offset=${offset}`,
149
271
  method: 'GET',
150
272
  });
151
- return Array.isArray(result) ? result : result.clients || [];
152
273
  }
153
- async addClient(params) {
274
+ async updateClient(clientId, data) {
154
275
  return this.client.request({
155
- endpoint: '/api/guardian/clients',
156
- body: {
157
- label: params.label,
158
- role_id: params.roleId,
159
- },
276
+ endpoint: `/api/guardian/clients/${clientId}`,
277
+ method: 'PUT',
278
+ body: data,
160
279
  });
161
280
  }
162
281
  async deleteClient(clientId) {
@@ -165,102 +284,402 @@ export class AuthNamespace {
165
284
  method: 'DELETE',
166
285
  });
167
286
  }
287
+ async regeneratePsk(clientId) {
288
+ return this.client.request({
289
+ endpoint: `/api/guardian/clients/${clientId}/regenerate-psk`,
290
+ body: {},
291
+ });
292
+ }
293
+ async verifyPsk(clientId, psk) {
294
+ return this.client.request({
295
+ endpoint: `/api/guardian/clients/${clientId}/verify-psk`,
296
+ body: { psk },
297
+ });
298
+ }
299
+ async getClientTenants(clientId) {
300
+ return this.client.request({
301
+ endpoint: `/api/guardian/clients/${clientId}/tenants`,
302
+ method: 'GET',
303
+ });
304
+ }
305
+ async addClientTenants(clientId, tenantIds) {
306
+ return this.client.request({
307
+ endpoint: `/api/guardian/clients/${clientId}/tenants`,
308
+ body: { tenant_ids: tenantIds },
309
+ });
310
+ }
311
+ async removeClientTenants(clientId, tenantIds) {
312
+ return this.client.request({
313
+ endpoint: `/api/guardian/clients/${clientId}/tenants`,
314
+ method: 'DELETE',
315
+ body: { tenant_ids: tenantIds },
316
+ });
317
+ }
168
318
  // ========================================
169
319
  // TENANTS
170
320
  // ========================================
321
+ async createTenant(params) {
322
+ const body = {
323
+ name: params.name,
324
+ slug: params.slug,
325
+ };
326
+ if (params.categoryId)
327
+ body.category_id = params.categoryId;
328
+ if (params.displayName)
329
+ body.display_name = params.displayName;
330
+ if (params.description)
331
+ body.description = params.description;
332
+ return this.client.request({
333
+ endpoint: '/api/guardian/tenants',
334
+ body,
335
+ });
336
+ }
171
337
  async getTenant(tenantId) {
172
338
  return this.client.request({
173
339
  endpoint: `/api/guardian/tenants/${tenantId}`,
174
340
  method: 'GET',
175
341
  });
176
342
  }
177
- async listTenants() {
178
- const result = await this.client.request({
179
- endpoint: '/api/guardian/tenants',
343
+ async listTenants(params) {
344
+ const { status, categoryId, limit = 100, offset = 0 } = params || {};
345
+ let queryParams = `?limit=${limit}&offset=${offset}`;
346
+ if (status)
347
+ queryParams += `&status=${status}`;
348
+ if (categoryId)
349
+ queryParams += `&category_id=${categoryId}`;
350
+ return this.client.request({
351
+ endpoint: `/api/guardian/tenants${queryParams}`,
180
352
  method: 'GET',
181
353
  });
182
- return Array.isArray(result) ? result : result.tenants || [];
183
354
  }
184
- async addTenant(params) {
355
+ async updateTenant(tenantId, data) {
356
+ const body = {};
357
+ if (data.name !== undefined)
358
+ body.name = data.name;
359
+ if (data.displayName !== undefined)
360
+ body.display_name = data.displayName;
361
+ if (data.status !== undefined)
362
+ body.status = data.status;
185
363
  return this.client.request({
186
- endpoint: '/api/guardian/tenants',
364
+ endpoint: `/api/guardian/tenants/${tenantId}`,
365
+ method: 'PUT',
366
+ body,
367
+ });
368
+ }
369
+ async deleteTenant(tenantId) {
370
+ return this.client.request({
371
+ endpoint: `/api/guardian/tenants/${tenantId}`,
372
+ method: 'DELETE',
373
+ });
374
+ }
375
+ // ========================================
376
+ // TENANT CATEGORIES
377
+ // ========================================
378
+ async createTenantCategory(params) {
379
+ return this.client.request({
380
+ endpoint: '/api/guardian/tenant-categories',
187
381
  body: {
188
382
  name: params.name,
189
383
  slug: params.slug,
190
- category_id: params.categoryId,
384
+ description: params.description,
385
+ color: params.color || '#3B82F6',
191
386
  },
192
387
  });
193
388
  }
194
- async updateTenant(tenantId, data) {
389
+ async getTenantCategory(categoryId) {
195
390
  return this.client.request({
196
- endpoint: `/api/guardian/tenants/${tenantId}`,
391
+ endpoint: `/api/guardian/tenant-categories/${categoryId}`,
392
+ method: 'GET',
393
+ });
394
+ }
395
+ async listTenantCategories(params) {
396
+ const { limit = 100, offset = 0 } = params || {};
397
+ return this.client.request({
398
+ endpoint: `/api/guardian/tenant-categories?limit=${limit}&offset=${offset}`,
399
+ method: 'GET',
400
+ });
401
+ }
402
+ async updateTenantCategory(categoryId, data) {
403
+ return this.client.request({
404
+ endpoint: `/api/guardian/tenant-categories/${categoryId}`,
197
405
  method: 'PUT',
198
406
  body: data,
199
407
  });
200
408
  }
201
- async deleteTenant(tenantId) {
409
+ async deleteTenantCategory(categoryId) {
202
410
  return this.client.request({
203
- endpoint: `/api/guardian/tenants/${tenantId}`,
411
+ endpoint: `/api/guardian/tenant-categories/${categoryId}`,
204
412
  method: 'DELETE',
205
413
  });
206
414
  }
207
415
  // ========================================
208
- // TENANT CATEGORIES
416
+ // SUBTYPES
209
417
  // ========================================
210
- async getTenantCategory(categoryId) {
418
+ async createSubtype(params) {
211
419
  return this.client.request({
212
- endpoint: `/api/guardian/tenant-categories/${categoryId}`,
420
+ endpoint: '/api/guardian/subtypes',
421
+ body: {
422
+ name: params.name,
423
+ slug: params.slug,
424
+ description: params.description,
425
+ },
426
+ });
427
+ }
428
+ async getSubtype(subtypeId) {
429
+ return this.client.request({
430
+ endpoint: `/api/guardian/subtypes/${subtypeId}`,
213
431
  method: 'GET',
214
432
  });
215
433
  }
216
- async listTenantCategories() {
217
- const result = await this.client.request({
218
- endpoint: '/api/guardian/tenant-categories',
434
+ async listSubtypes(params) {
435
+ const { limit = 100, offset = 0 } = params || {};
436
+ return this.client.request({
437
+ endpoint: `/api/guardian/subtypes?limit=${limit}&offset=${offset}`,
219
438
  method: 'GET',
220
439
  });
221
- return Array.isArray(result) ? result : result.categories || [];
440
+ }
441
+ async updateSubtype(subtypeId, data) {
442
+ return this.client.request({
443
+ endpoint: `/api/guardian/subtypes/${subtypeId}`,
444
+ method: 'PUT',
445
+ body: data,
446
+ });
447
+ }
448
+ async deleteSubtype(subtypeId) {
449
+ return this.client.request({
450
+ endpoint: `/api/guardian/subtypes/${subtypeId}`,
451
+ method: 'DELETE',
452
+ });
222
453
  }
223
454
  // ========================================
224
- // PAGES & NAVIGATION
455
+ // PAGES
225
456
  // ========================================
226
- async listPages() {
227
- const result = await this.client.request({
457
+ async createPage(params) {
458
+ return this.client.request({
228
459
  endpoint: '/api/guardian/pages',
460
+ body: {
461
+ path: params.path,
462
+ name: params.name,
463
+ description: params.description,
464
+ is_active: params.isActive ?? true,
465
+ },
466
+ });
467
+ }
468
+ async getPage(pageId) {
469
+ return this.client.request({
470
+ endpoint: `/api/guardian/pages/${pageId}`,
229
471
  method: 'GET',
230
472
  });
231
- return Array.isArray(result) ? result : result.pages || [];
232
473
  }
233
- async listNavigation() {
234
- const result = await this.client.request({
235
- endpoint: '/api/guardian/navigation',
474
+ async listPages(params) {
475
+ const { isActive, limit = 100, offset = 0 } = params || {};
476
+ let queryParams = `?limit=${limit}&offset=${offset}`;
477
+ if (isActive !== undefined)
478
+ queryParams += `&is_active=${isActive}`;
479
+ return this.client.request({
480
+ endpoint: `/api/guardian/pages${queryParams}`,
481
+ method: 'GET',
482
+ });
483
+ }
484
+ async updatePage(pageId, data) {
485
+ const body = {};
486
+ if (data.path !== undefined)
487
+ body.path = data.path;
488
+ if (data.name !== undefined)
489
+ body.name = data.name;
490
+ if (data.description !== undefined)
491
+ body.description = data.description;
492
+ if (data.isActive !== undefined)
493
+ body.is_active = data.isActive;
494
+ return this.client.request({
495
+ endpoint: `/api/guardian/pages/${pageId}`,
496
+ method: 'PUT',
497
+ body,
498
+ });
499
+ }
500
+ async deletePage(pageId) {
501
+ return this.client.request({
502
+ endpoint: `/api/guardian/pages/${pageId}`,
503
+ method: 'DELETE',
504
+ });
505
+ }
506
+ async getPageTenants(pageId) {
507
+ return this.client.request({
508
+ endpoint: `/api/guardian/pages/${pageId}/tenants`,
236
509
  method: 'GET',
237
510
  });
238
- return Array.isArray(result) ? result : result.navigation || [];
511
+ }
512
+ async addPageTenants(pageId, tenantIds) {
513
+ return this.client.request({
514
+ endpoint: `/api/guardian/pages/${pageId}/tenants`,
515
+ body: { tenant_ids: tenantIds },
516
+ });
517
+ }
518
+ async removePageTenants(pageId, tenantIds) {
519
+ return this.client.request({
520
+ endpoint: `/api/guardian/pages/${pageId}/tenants`,
521
+ method: 'DELETE',
522
+ body: { tenant_ids: tenantIds },
523
+ });
239
524
  }
240
525
  // ========================================
241
- // SECURE TABLES
526
+ // NAVIGATION
242
527
  // ========================================
243
- async listSecureTables() {
244
- const result = await this.client.request({
245
- endpoint: '/api/guardian/secure-tables',
528
+ async createNavItem(params) {
529
+ const body = {
530
+ title: params.title,
531
+ sort_order: params.sortOrder ?? 0,
532
+ };
533
+ if (params.icon)
534
+ body.icon = params.icon;
535
+ if (params.pageId)
536
+ body.page_id = params.pageId;
537
+ if (params.parentId)
538
+ body.parent_id = params.parentId;
539
+ return this.client.request({
540
+ endpoint: '/api/guardian/navigation',
541
+ body,
542
+ });
543
+ }
544
+ async getNavItem(navId) {
545
+ return this.client.request({
546
+ endpoint: `/api/guardian/navigation/${navId}`,
547
+ method: 'GET',
548
+ });
549
+ }
550
+ async listNavItems(params) {
551
+ const { limit = 100, offset = 0 } = params || {};
552
+ return this.client.request({
553
+ endpoint: `/api/guardian/navigation?limit=${limit}&offset=${offset}`,
554
+ method: 'GET',
555
+ });
556
+ }
557
+ async updateNavItem(navId, data) {
558
+ const body = {};
559
+ if (data.title !== undefined)
560
+ body.title = data.title;
561
+ if (data.icon !== undefined)
562
+ body.icon = data.icon;
563
+ if (data.sortOrder !== undefined)
564
+ body.sort_order = data.sortOrder;
565
+ return this.client.request({
566
+ endpoint: `/api/guardian/navigation/${navId}`,
567
+ method: 'PUT',
568
+ body,
569
+ });
570
+ }
571
+ async deleteNavItem(navId) {
572
+ return this.client.request({
573
+ endpoint: `/api/guardian/navigation/${navId}`,
574
+ method: 'DELETE',
575
+ });
576
+ }
577
+ async getNavTenants(navId) {
578
+ return this.client.request({
579
+ endpoint: `/api/guardian/navigation/${navId}/tenants`,
246
580
  method: 'GET',
247
581
  });
248
- return Array.isArray(result) ? result : result.tables || [];
249
582
  }
250
- async addSecureTable(params) {
583
+ async addNavTenants(navId, tenantIds) {
584
+ return this.client.request({
585
+ endpoint: `/api/guardian/navigation/${navId}/tenants`,
586
+ body: { tenant_ids: tenantIds },
587
+ });
588
+ }
589
+ async removeNavTenants(navId, tenantIds) {
590
+ return this.client.request({
591
+ endpoint: `/api/guardian/navigation/${navId}/tenants`,
592
+ method: 'DELETE',
593
+ body: { tenant_ids: tenantIds },
594
+ });
595
+ }
596
+ // ========================================
597
+ // SECURE TABLES
598
+ // ========================================
599
+ async createSecureTable(params) {
251
600
  return this.client.request({
252
601
  endpoint: '/api/guardian/secure-tables',
253
602
  body: {
254
- schema_name: params.schema,
255
603
  table_name: params.tableName,
604
+ schema_name: params.schemaName || 'public',
256
605
  },
257
606
  });
258
607
  }
259
- async deleteSecureTable(tableId) {
608
+ async getSecureTable(secureTableId) {
260
609
  return this.client.request({
261
- endpoint: `/api/guardian/secure-tables/${tableId}`,
610
+ endpoint: `/api/guardian/secure-tables/${secureTableId}`,
611
+ method: 'GET',
612
+ });
613
+ }
614
+ async listSecureTables(params) {
615
+ const { limit = 100, offset = 0 } = params || {};
616
+ return this.client.request({
617
+ endpoint: `/api/guardian/secure-tables?limit=${limit}&offset=${offset}`,
618
+ method: 'GET',
619
+ });
620
+ }
621
+ async deleteSecureTable(secureTableId) {
622
+ return this.client.request({
623
+ endpoint: `/api/guardian/secure-tables/${secureTableId}`,
624
+ method: 'DELETE',
625
+ });
626
+ }
627
+ async getSecureTableScopes(secureTableId) {
628
+ return this.client.request({
629
+ endpoint: `/api/guardian/secure-tables/${secureTableId}/scopes`,
630
+ method: 'GET',
631
+ });
632
+ }
633
+ async addSecureTableScopes(secureTableId, scopeIds) {
634
+ return this.client.request({
635
+ endpoint: `/api/guardian/secure-tables/${secureTableId}/scopes`,
636
+ body: { scope_ids: scopeIds },
637
+ });
638
+ }
639
+ async removeSecureTableScopes(secureTableId, scopeIds) {
640
+ return this.client.request({
641
+ endpoint: `/api/guardian/secure-tables/${secureTableId}/scopes`,
262
642
  method: 'DELETE',
643
+ body: { scope_ids: scopeIds },
644
+ });
645
+ }
646
+ // ========================================
647
+ // JWT OPERATIONS (via Warden)
648
+ // ========================================
649
+ async getJwks() {
650
+ if (this._publicKeyCache) {
651
+ return this._publicKeyCache;
652
+ }
653
+ const result = await this.client.request({
654
+ endpoint: '/api/warden/jwks',
655
+ method: 'GET',
263
656
  });
657
+ this._publicKeyCache = result;
658
+ return result;
659
+ }
660
+ async validateJwt(token) {
661
+ // Ensure JWKS is cached for future signature verification
662
+ await this.getJwks();
663
+ // Decode JWT without verification to get claims
664
+ // For full signature validation, use a JWT library like jsonwebtoken
665
+ const parts = token.split('.');
666
+ if (parts.length !== 3) {
667
+ throw new Error('Invalid JWT format');
668
+ }
669
+ try {
670
+ const payload = JSON.parse(Buffer.from(parts[1], 'base64url').toString('utf-8'));
671
+ // Check expiration
672
+ if (payload.exp && payload.exp < Math.floor(Date.now() / 1000)) {
673
+ throw new Error('Token has expired');
674
+ }
675
+ return payload;
676
+ }
677
+ catch (e) {
678
+ if (e instanceof Error && e.message === 'Token has expired') {
679
+ throw e;
680
+ }
681
+ throw new Error(`Invalid token: ${e}`);
682
+ }
264
683
  }
265
684
  }
266
685
  //# sourceMappingURL=auth.js.map