infrahub-sdk 0.0.7 → 0.0.9

package/examples/expired-certificate-example.ts

@@ -0,0 +1,36 @@
+// Example: Connecting to Infrahub with an expired or self-signed certificate
+import { InfrahubClient, InfrahubClientOptions } from 'infrahub-sdk';
+import fs from 'fs';
+
+// Option 1: Disable certificate verification (for development/testing only)
+// This will bypass ALL certificate validation including expired certificates
+const clientWithoutVerification = new InfrahubClient({
+  address: 'https://your-infrahub-server.com',
+  token: 'your-api-token',
+  tls: {
+    rejectUnauthorized: false
+  }
+});
+
+// Test the connection
+async function testConnection() {
+  try {
+    const version = await clientWithoutVerification.getVersion();
+    console.log('Successfully connected! Infrahub version:', version);
+  } catch (error) {
+    console.error('Connection failed:', error);
+  }
+}
+
+testConnection();
+
+// Option 2: Use a custom CA certificate (production-friendly approach)
+// Uncomment the following to use a custom CA certificate instead:
+//
+// const clientWithCustomCA = new InfrahubClient({
+//   address: 'https://your-infrahub-server.com',
+//   token: 'your-api-token',
+//   tls: {
+//     ca: fs.readFileSync('/path/to/your/ca-certificate.pem')
+//   }
+// });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "infrahub-sdk",
-  "version": "0.0.7",
+  "version": "0.0.9",
   "description": "A client SDK for the Infrahub API.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/index.test.ts

@@ -45,6 +45,58 @@ describe('InfrahubClient', () => {
     consoleErrorSpy.mockRestore();
   });
 
+  it('should provide helpful error message for certificate errors', async () => {
+    const mockRequest = jest
+      .fn()
+      .mockImplementation(() => 
+        Promise.reject(new Error('request failed, reason: certificate has expired'))
+      );
+    (client as any).graphqlClient.request = mockRequest;
+    const consoleErrorSpy = jest
+      .spyOn(console, 'error')
+      .mockImplementation(() => {});
+    
+    try {
+      await client.executeGraphQL('{ test }');
+      expect(true).toBe(false); // Should not reach here
+    } catch (error) {
+      expect(error).toBeInstanceOf(Error);
+      if (error instanceof Error) {
+        expect(error.message).toContain('certificate has expired');
+        expect(error.message).toContain('Certificate validation failed');
+        expect(error.message).toContain('rejectUnauthorized: false');
+      }
+    }
+    
+    consoleErrorSpy.mockRestore();
+  });
+
+  it('should provide helpful error message for self-signed certificate errors', async () => {
+    const mockRequest = jest
+      .fn()
+      .mockImplementation(() => 
+        Promise.reject(new Error('request failed, reason: self-signed certificate'))
+      );
+    (client as any).graphqlClient.request = mockRequest;
+    const consoleErrorSpy = jest
+      .spyOn(console, 'error')
+      .mockImplementation(() => {});
+    
+    try {
+      await client.executeGraphQL('{ test }');
+      expect(true).toBe(false); // Should not reach here
+    } catch (error) {
+      expect(error).toBeInstanceOf(Error);
+      if (error instanceof Error) {
+        expect(error.message).toContain('self-signed certificate');
+        expect(error.message).toContain('Certificate validation failed');
+        expect(error.message).toContain('tls: { rejectUnauthorized: false }');
+      }
+    }
+    
+    consoleErrorSpy.mockRestore();
+  });
+
   it('should initialize rest client with baseUrl', () => {
     expect((client as any).rest).toBeDefined();
   });
@@ -86,6 +138,27 @@ describe('InfrahubClient', () => {
       expect((tlsClient as any).graphqlClient).toBeInstanceOf(GraphQLClient);
     });
 
+    it('should create agent with rejectUnauthorized: false when explicitly set', () => {
+      const https = require('https');
+      const createAgentSpy = jest.spyOn(https, 'Agent');
+      
+      const options: InfrahubClientOptions = {
+        address: baseURL,
+        token: token,
+        tls: {
+          rejectUnauthorized: false
+        }
+      };
+      
+      const tlsClient = new InfrahubClient(options);
+      
+      expect(createAgentSpy).toHaveBeenCalled();
+      const agentOptions = createAgentSpy.mock.calls[createAgentSpy.mock.calls.length - 1][0] as any;
+      expect(agentOptions.rejectUnauthorized).toBe(false);
+      
+      createAgentSpy.mockRestore();
+    });
+
     it('should accept TLS configuration with custom CA certificate', () => {
       const options: InfrahubClientOptions = {
         address: baseURL,

package/src/index.ts

@@ -27,10 +27,14 @@ export interface TLSConfig {
   /**
    * If true, the server certificate is verified against the list of supplied CAs.
    * Set to false to disable certificate verification (not recommended for production).
+   * 
+   * Note: Setting this to false will bypass all certificate validation, including
+   * expired certificates, self-signed certificates, and hostname mismatches.
    */
   rejectUnauthorized?: boolean;
   /**
    * Optional CA certificates to trust. Can be a string or Buffer containing the certificate(s).
+   * Use this when connecting to servers with custom or self-signed certificates.
    */
   ca?: string | Buffer | Array<string | Buffer>;
   /**
@@ -49,7 +53,15 @@ export interface InfrahubClientOptions {
   branch?: string;
   /**
    * TLS/SSL configuration options for HTTPS connections.
-   * Use this to handle custom certificates or disable certificate verification.
+   * Use this to handle custom certificates, expired certificates, or disable certificate verification.
+   * 
+   * @example
+   * // Disable certificate verification (development only)
+   * { tls: { rejectUnauthorized: false } }
+   * 
+   * @example
+   * // Use custom CA certificate
+   * { tls: { ca: fs.readFileSync('/path/to/ca.pem') } }
    */
   tls?: TLSConfig;
 }
@@ -71,22 +83,61 @@ export class InfrahubClient {
     this.branch = new InfrahubBranchManager(this);
 
     // Create custom fetch with TLS options if provided
-    let customFetch: typeof fetch = fetch;
+    // Also handle Request objects properly for node-fetch v2 compatibility
+    let httpsAgent: https.Agent | undefined;
     if (options.tls) {
-      const httpsAgent = new https.Agent({
-        rejectUnauthorized: options.tls.rejectUnauthorized,
-        ca: options.tls.ca,
-        cert: options.tls.cert,
-        key: options.tls.key
-      });
-      customFetch = ((
-        url: Parameters<typeof fetch>[0],
-        opts: Parameters<typeof fetch>[1] = {}
-      ) => {
-        return fetch(url, { ...opts, agent: httpsAgent });
-      }) as typeof fetch;
+      // Build agent options, ensuring rejectUnauthorized is explicitly set if provided
+      const agentOptions: https.AgentOptions = {};
+
+      if (options.tls.rejectUnauthorized !== undefined) {
+        agentOptions.rejectUnauthorized = options.tls.rejectUnauthorized;
+      }
+      if (options.tls.ca !== undefined) {
+        agentOptions.ca = options.tls.ca;
+      }
+      if (options.tls.cert !== undefined) {
+        agentOptions.cert = options.tls.cert;
+      }
+      if (options.tls.key !== undefined) {
+        agentOptions.key = options.tls.key;
+      }
+
+      httpsAgent = new https.Agent(agentOptions);
     }
 
+    // Wrap fetch to handle Request objects from openapi-fetch
+    // node-fetch v2 doesn't properly extract URL from Request objects
+    const customFetch = ((
+      input: Parameters<typeof fetch>[0],
+      init?: Parameters<typeof fetch>[1]
+    ) => {
+      let url: string;
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      let options: any = init || {};
+
+      // Handle Request objects by extracting URL and merging options
+      if (input && typeof input === 'object' && 'url' in input) {
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        const req = input as any;
+        url = req.url;
+        options = {
+          method: req.method,
+          headers: req.headers,
+          body: req.body,
+          ...init
+        };
+      } else {
+        url = input as string;
+      }
+
+      // Add HTTPS agent if configured
+      if (httpsAgent) {
+        options = { ...options, agent: httpsAgent };
+      }
+
+      return fetch(url, options);
+    }) as typeof fetch;
+
     // Initialize the openapi-fetch client with TLS configuration
     this.rest = createClient<paths>({
       baseUrl: this.baseUrl,
@@ -194,6 +245,50 @@ export class InfrahubClient {
       });
       return await (this.graphqlClient.request as any)(query, variables);
     } catch (error) {
+      // Check if this is a certificate error and provide helpful guidance
+      if (error instanceof Error) {
+        const errorMessage = error.message.toLowerCase();
+        const isCertError =
+          errorMessage.includes('certificate') ||
+          errorMessage.includes('cert') ||
+          errorMessage.includes('ssl') ||
+          errorMessage.includes('tls');
+        const isExpired = errorMessage.includes('expired');
+        const isSelfSigned = errorMessage.includes('self-signed') || errorMessage.includes('self signed');
+        const isUnauthorized = errorMessage.includes('unauthorized');
+
+        if (isCertError && (isExpired || isSelfSigned || isUnauthorized)) {
+          const helpMessage = [
+            '',
+            'Certificate validation failed. To resolve this issue, you can configure TLS options:',
+            '',
+            '1. Disable certificate verification (for development/testing only):',
+            '   const client = new InfrahubClient({',
+            '     address: "your-address",',
+            '     token: "your-token",',
+            '     tls: { rejectUnauthorized: false }',
+            '   });',
+            '',
+            '2. Or provide a custom CA certificate (requires: import fs from "fs"):',
+            '   const client = new InfrahubClient({',
+            '     address: "your-address",',
+            '     token: "your-token",',
+            '     tls: { ca: fs.readFileSync("/path/to/ca-cert.pem") }',
+            '   });',
+            '',
+            'See the README.md for more TLS configuration options.',
+            ''
+          ].join('\n');
+
+          console.error(helpMessage);
+          
+          // Create a new error with helpful message appended
+          const enhancedError = new Error(`${error.message}\n${helpMessage}`);
+          enhancedError.stack = error.stack;
+          throw enhancedError;
+        }
+      }
+      
       console.error('Error executing GraphQL query:', error);
       throw error;
     }

package/src/integration.test.ts

@@ -0,0 +1,63 @@
+/**
+ * Integration tests for the Infrahub SDK
+ *
+ * These tests require a running Infrahub server at http://localhost:8000
+ *
+ * Run with: npx jest --testPathPattern=integration --resetModules
+ * Or run directly: npx ts-node src/integration.test.ts
+ */
+
+import { InfrahubClient, InfrahubClientOptions } from './index';
+import { describe, expect, it, beforeAll } from '@jest/globals';
+
+const INFRAHUB_URL = process.env.INFRAHUB_URL || 'http://localhost:8000';
+const INFRAHUB_TOKEN = process.env.INFRAHUB_TOKEN || '';
+
+describe('Integration Tests - Schema Loading', () => {
+  let client: InfrahubClient;
+
+  beforeAll(() => {
+    const options: InfrahubClientOptions = {
+      address: INFRAHUB_URL,
+      token: INFRAHUB_TOKEN
+    };
+    client = new InfrahubClient(options);
+  });
+
+  it('should load schema from the server', async () => {
+    const result = await client.rest.GET('/api/schema');
+
+    expect(result.error).toBeUndefined();
+    expect(result.response?.status).toBe(200);
+    expect(result.data).toBeDefined();
+
+    // Schema should have nodes and/or generics arrays
+    if (result.data) {
+      expect(typeof result.data).toBe('object');
+    }
+  });
+
+  it('should load schema summary from the server', async () => {
+    const result = await client.rest.GET('/api/schema/summary');
+
+    expect(result.error).toBeUndefined();
+    expect(result.response?.status).toBe(200);
+    expect(result.data).toBeDefined();
+  });
+
+  it('should get server info', async () => {
+    const result = await client.rest.GET('/api/info');
+
+    expect(result.error).toBeUndefined();
+    expect(result.response?.status).toBe(200);
+    expect(result.data).toBeDefined();
+  });
+
+  it('should get server config', async () => {
+    const result = await client.rest.GET('/api/config');
+
+    expect(result.error).toBeUndefined();
+    expect(result.response?.status).toBe(200);
+    expect(result.data).toBeDefined();
+  });
+});