harperdb 4.6.6 → 4.7.0-alpha.2

package/resources/ResourceInterface.d.ts

@@ -1,8 +1,9 @@
 import { DatabaseTransaction } from './DatabaseTransaction.ts';
 import { OperationFunctionName } from '../server/serverHelpers/serverUtilities.ts';
-import { RequestTarget } from './RequestTarget';
+import { RequestTarget } from './RequestTarget.ts';
+import { Entry } from './RecordEncoder.ts';
 export interface ResourceInterface<Key = any, Record = any> {
-    get?(id: Id): Promise<UpdatableRecord<Record>>;
+    get?(id: Id): Promise<Record>;
     get?(query: RequestTargetOrId): Promise<AsyncIterable<Record>>;
     put?(target: RequestTargetOrId, record: any): void;
     post?(target: RequestTargetOrId, record: any): void;
@@ -21,25 +22,25 @@ export interface User {
     username: string;
 }
 export interface Context {
-    /**	 The user making the request	 */
+    /**	 The user making the request */
     user?: User;
-    /**	 The database transaction object	 */
+    /**	 The database transaction object */
     transaction?: DatabaseTransaction;
-    /**	 If the operation that will be performed with this context should check user authorization	 */
+    /**	 If the operation that will be performed with this context should check user authorization */
     authorize?: number;
-    /**	 The last modification time of any data that has been accessed with this context	 */
+    /**	 The last modification time of any data that has been accessed with this context */
     lastModified?: number;
     /**	 The time	at which a saved record should expire */
     expiresAt?: number;
-    /**	 Indicates that caching should not be applied	 */
+    /**	 Indicates that caching should not be applied */
     noCache?: boolean;
-    /**	 Indicates that values from the source data should be stored as a cached value	 */
+    /**	 Indicates that values from the source data should be stored as a cached value */
     noCacheStore?: boolean;
     /**	 Only return values from the table, and don't use data from the source */
     onlyIfCached?: boolean;
     /**	 Allows data from a caching table to be used if there is an error retrieving data from the source */
     staleIfError?: boolean;
-    /**	 Indicates any cached data must be revalidated	 */
+    /**	 Indicates any cached data must be revalidated */
     mustRevalidate?: boolean;
     /**	 An array of nodes to replicate to */
     replicateTo?: string[];
@@ -52,6 +53,28 @@ export interface Context {
     resourceCache?: Map<Id, any>;
     _freezeRecords?: boolean;
 }
+export interface SourceContext<TRequestContext = Context> {
+    /** The original request context passed from the caching layer */
+    requestContext: TRequestContext;
+    /** The existing record, from the existing entry (if any) */
+    replacingRecord?: any;
+    /** The existing database entry (if any) */
+    replacingEntry?: Entry;
+    /** The version/timestamp of the existing record */
+    replacingVersion?: number;
+    /** Indicates that values from the source data should NOT be stored as a cached value */
+    noCacheStore?: boolean;
+    /** Reference to the source Resource instance */
+    source?: ResourceInterface;
+    /** Shared resource cache from parent context for visibility of modifications */
+    resourceCache?: Map<Id, any>;
+    /** Database transaction for the context */
+    transaction?: DatabaseTransaction;
+    /** The time at which the cached entry should expire (ms since epoch) */
+    expiresAt?: number;
+    /** The last modification time of any data accessed with this context */
+    lastModified?: number;
+}
 export type Operator = 'and' | 'or';
 type SearchType = 'equals' | 'contains' | 'starts_with' | 'ends_with' | 'greater_than' | 'greater_than_equal' | 'less_than' | 'less_than_equal' | 'between';
 export interface DirectCondition {
@@ -94,7 +117,7 @@ export interface SubscriptionRequest {
 export type Query = RequestTarget;
 export type RequestTargetOrId = RequestTarget | Id;
 export type Id = number | string | (number | string | null)[] | null;
-type UpdatableRecord<T> = T;
+export type UpdatableRecord<T> = T;
 interface Subscription {
 }
 export {};

package/resources/Resources.d.ts

@@ -12,6 +12,7 @@ interface ResourceEntry {
 export declare class Resources extends Map<string, ResourceEntry> {
     isWorker: boolean;
     loginPath?: (request: any) => string;
+    allTypes: Map<any, any>;
     set(path: any, resource: any, exportTypes?: {
         [key: string]: boolean;
     }, force?: boolean): void;

package/resources/Table.d.ts

@@ -203,7 +203,7 @@ export declare function makeTable(options: any): {
         get isCollection(): boolean;
         connect(incomingMessages: import("./IterableEventQueue.js").IterableEventQueue, query?: {}): AsyncIterable<any>;
         getId(): Id;
-        getContext(): Context;
+        getContext(): Context | import("./ResourceInterface.ts").SourceContext;
     };
     name: any;
     primaryStore: any;
@@ -412,7 +412,7 @@ export declare function makeTable(options: any): {
         get isCollection(): boolean;
         connect(incomingMessages: import("./IterableEventQueue.js").IterableEventQueue, query?: {}): AsyncIterable<any>;
         getId(): Id;
-        getContext(): Context;
+        getContext(): Context | import("./ResourceInterface.ts").SourceContext;
     }> | {
         #record: any;
         #changes: any;
@@ -574,7 +574,7 @@ export declare function makeTable(options: any): {
         get isCollection(): boolean;
         connect(incomingMessages: import("./IterableEventQueue.js").IterableEventQueue, query?: {}): AsyncIterable<any>;
         getId(): Id;
-        getContext(): Context;
+        getContext(): Context | import("./ResourceInterface.ts").SourceContext;
     };
     _updateResource(resource: any, entry: any): void;
     getNewId(): any;

package/resources/analytics/hostnames.d.ts

@@ -110,7 +110,7 @@ export declare function getAnalyticsHostnameTable(): {
         get isCollection(): boolean;
         connect(incomingMessages: import("../IterableEventQueue.js").IterableEventQueue, query?: {}): AsyncIterable<any>;
         getId(): import("../ResourceInterface.js").Id;
-        getContext(): import("../ResourceInterface.js").Context;
+        getContext(): import("../ResourceInterface.js").Context | import("../ResourceInterface.js").SourceContext;
     };
     name: any;
     primaryStore: any;
@@ -250,7 +250,7 @@ export declare function getAnalyticsHostnameTable(): {
         get isCollection(): boolean;
         connect(incomingMessages: import("../IterableEventQueue.js").IterableEventQueue, query?: {}): AsyncIterable<any>;
         getId(): import("../ResourceInterface.js").Id;
-        getContext(): import("../ResourceInterface.js").Context;
+        getContext(): import("../ResourceInterface.js").Context | import("../ResourceInterface.js").SourceContext;
     }> | {
         #record: any;
         #changes: any;
@@ -361,7 +361,7 @@ export declare function getAnalyticsHostnameTable(): {
         get isCollection(): boolean;
         connect(incomingMessages: import("../IterableEventQueue.js").IterableEventQueue, query?: {}): AsyncIterable<any>;
         getId(): import("../ResourceInterface.js").Id;
-        getContext(): import("../ResourceInterface.js").Context;
+        getContext(): import("../ResourceInterface.js").Context | import("../ResourceInterface.js").SourceContext;
     };
     _updateResource(resource: any, entry: any): void;
     getNewId(): any;

package/resources/analytics/write.d.ts

@@ -23,6 +23,7 @@ export declare function setAnalyticsEnabled(enabled: boolean): void;
  */
 export declare function recordAction(value: Value, metric: string, path?: string, method?: string, type?: string): void;
 export declare function recordActionBinary(value: any, metric: any, path?: any, method?: any, type?: any): void;
+export declare const analyticsDelay = 1000;
 export declare function addAnalyticsListener(callback: any): void;
 export declare function recordHostname(): Promise<void>;
 export interface Metric {
@@ -47,6 +48,7 @@ export declare function calculateCPUUtilization(resourceUsage: ResourceUsage, pe
  *  new values for this time period.
  */
 export declare function diffResourceUsage(lastResourceUsage: ResourceUsage, resourceUsage: ResourceUsage): ResourceUsage;
+export declare function onAnalyticsAggregate(callback: any): void;
 export {};
 /**
  * This section contains a possible/experimental approach to bucketing values as they come instead of pushing all into an array and sorting.

package/resources/auditStore.d.ts

@@ -53,6 +53,7 @@ export declare function readAuditEntry(buffer: Uint8Array, start?: number, end?:
     previousLocalTime: any;
     readonly user: import("ordered-binary").Key;
     readonly encoded: Uint8Array<ArrayBufferLike>;
+    readonly size: number;
     getValue(store: any, fullRecord?: any, auditTime?: any): any;
     getBinaryValue(): Uint8Array<ArrayBufferLike>;
     extendedType: any;
@@ -70,6 +71,7 @@ export declare function readAuditEntry(buffer: Uint8Array, start?: number, end?:
     previousLocalTime?: undefined;
     readonly user?: undefined;
     readonly encoded?: undefined;
+    readonly size?: undefined;
     getValue?: undefined;
     getBinaryValue?: undefined;
     extendedType?: undefined;

package/resources/databases.d.ts

@@ -187,7 +187,7 @@ export declare function table(tableDefinition: TableDefinition): {
         get isCollection(): boolean;
         connect(incomingMessages: import("./IterableEventQueue.js").IterableEventQueue, query?: {}): AsyncIterable<any>;
         getId(): import("./ResourceInterface.js").Id;
-        getContext(): import("./ResourceInterface.js").Context;
+        getContext(): import("./ResourceInterface.js").Context | import("./ResourceInterface.js").SourceContext;
     };
     name: any;
     primaryStore: any;
@@ -327,7 +327,7 @@ export declare function table(tableDefinition: TableDefinition): {
         get isCollection(): boolean;
         connect(incomingMessages: import("./IterableEventQueue.js").IterableEventQueue, query?: {}): AsyncIterable<any>;
         getId(): import("./ResourceInterface.js").Id;
-        getContext(): import("./ResourceInterface.js").Context;
+        getContext(): import("./ResourceInterface.js").Context | import("./ResourceInterface.js").SourceContext;
     }> | {
         #record: any;
         #changes: any;
@@ -438,7 +438,7 @@ export declare function table(tableDefinition: TableDefinition): {
         get isCollection(): boolean;
         connect(incomingMessages: import("./IterableEventQueue.js").IterableEventQueue, query?: {}): AsyncIterable<any>;
         getId(): import("./ResourceInterface.js").Id;
-        getContext(): import("./ResourceInterface.js").Context;
+        getContext(): import("./ResourceInterface.js").Context | import("./ResourceInterface.js").SourceContext;
     };
     _updateResource(resource: any, entry: any): void;
     getNewId(): any;

package/resources/usageLicensing.d.ts

@@ -0,0 +1,23 @@
+import { ValidatedLicense } from '../validation/usageLicensing.ts';
+interface InstallLicenseRequest {
+    operation: 'install_usage_license';
+    license: string;
+}
+export declare function installUsageLicenseOp(req: InstallLicenseRequest): Promise<string>;
+interface UsageLicense extends ValidatedLicense {
+    usedReads: number;
+    usedReadBytes: number;
+    usedWrites: number;
+    usedWriteBytes: number;
+    usedRealTimeMessages: number;
+    usedRealTimeBytes: number;
+    usedCpuTime: number;
+}
+interface UsageLicenseRecord extends UsageLicense {
+    addTo: (field: string, value: number) => void;
+}
+interface GetUsageLicensesReq {
+    operation: 'get_usage_licenses';
+}
+export declare function getUsageLicensesOp(req: GetUsageLicensesReq): AsyncIterable<UsageLicenseRecord>;
+export {};

package/security/certificateVerification.d.ts

@@ -0,0 +1,80 @@
+/**
+ * Certificate verification for mTLS authentication
+ *
+ * This module provides certificate revocation checking for client certificates
+ * in mutual TLS (mTLS) connections. Currently supports OCSP (Online Certificate
+ * Status Protocol) with the ability to add CRL (Certificate Revocation List) support.
+ * Uses a system table, hdb_certificate_cache, for a certificate verification
+ * status cache.
+ *
+ * Default configuration:
+ * - Enabled by default when mTLS is configured
+ * - Timeout: 5 seconds
+ * - Cache TTL: 1 hour
+ * - Failure mode: fail-open (allows connections if verification fails)
+ */
+import './pkijs-ed25519-patch.ts';
+interface CertificateVerificationResult {
+    valid: boolean;
+    status: string;
+    cached?: boolean;
+    error?: string;
+    method?: 'ocsp' | 'crl' | 'disabled';
+}
+interface PeerCertificate {
+    subject?: {
+        CN?: string;
+        [key: string]: any;
+    };
+    raw?: Buffer;
+    issuerCertificate?: PeerCertificate;
+}
+interface CertificateVerificationConfig {
+    timeout?: number;
+    cacheTtl?: number;
+    failureMode?: 'fail-open' | 'fail-closed';
+}
+interface CertificateChainEntry {
+    cert: Buffer;
+    issuer?: Buffer;
+}
+/**
+ * Determine if certificate verification should be performed based on configuration
+ * @param mtlsConfig - The mTLS configuration (can be boolean or object)
+ * @returns Configuration object or false if verification is disabled
+ */
+export declare function getCertificateVerificationConfig(mtlsConfig: boolean | Record<string, any> | null | undefined): false | CertificateVerificationConfig;
+/**
+ * Verify certificate revocation status
+ * @param peerCertificate - Peer certificate object from TLS connection
+ * @param mtlsConfig - The mTLS configuration from the request
+ * @returns Promise resolving to verification result
+ */
+export declare function verifyCertificate(peerCertificate: PeerCertificate, mtlsConfig?: boolean | Record<string, any> | null): Promise<CertificateVerificationResult>;
+/**
+ * Verify OCSP status of a client certificate
+ * @param certPem - Client certificate in PEM format or Buffer
+ * @param issuerPem - Issuer (CA) certificate in PEM format or Buffer
+ * @returns Promise resolving to verification result
+ */
+export declare function verifyOCSP(certPem: Buffer | string, issuerPem: Buffer | string, config?: CertificateVerificationConfig): Promise<CertificateVerificationResult>;
+/**
+ * Set TTL configuration for the certificate cache
+ * @param ttlConfig - Configuration for cache expiration and eviction
+ */
+export declare function setCertificateCacheTTL(ttlConfig: {
+    expiration: number;
+    eviction?: number;
+    scanInterval?: number;
+}): void;
+/**
+ * Convert a buffer to PEM format
+ */
+export declare function bufferToPem(buffer: Buffer, type: string): string;
+/**
+ * Extract certificate chain from peer certificate object
+ * @param peerCertificate - Peer certificate object from TLS connection
+ * @returns Certificate chain
+ */
+export declare function extractCertificateChain(peerCertificate: PeerCertificate): CertificateChainEntry[];
+export {};

package/security/pkijs-ed25519-patch.d.ts

@@ -0,0 +1,14 @@
+/**
+ * PKI.js Ed25519/Ed448 Support Patch
+ *
+ * This module patches PKI.js to add complete Ed25519/Ed448 support for certificate
+ * and OCSP response verification. While PKI.js has some Ed25519/Ed448 support,
+ * it currently lacks:
+ * - getHashAlgorithm() support for Ed25519/Ed448 OIDs
+ * - getAlgorithmByOID() recognition of Ed25519/Ed448
+ * - Certificate verification using Ed25519/Ed448 signatures
+ * - OCSP response signature verification with Ed25519/Ed448
+ *
+ * This patch must be loaded before any module that uses PKI.js (including easy-ocsp).
+ */
+export declare function applyEd25519Patch(): void;