insforge 1.3.0 → 1.4.8

package/backend/src/services/functions/function.service.ts

@@ -1,8 +1,10 @@
 import { DatabaseManager } from '@/infra/database/database.manager.js';
 import {
   EdgeFunctionMetadataSchema,
-  FunctionUploadRequest,
-  FunctionUpdateRequest,
+  UploadFunctionRequest,
+  UpdateFunctionRequest,
+  FunctionSchema,
+  ListFunctionsResponse,
 } from '@insforge/shared-schemas';
 import logger from '@/utils/logger.js';
 import { DatabaseError, Pool } from 'pg';
@@ -10,13 +12,6 @@ import fetch from 'node-fetch';
 import { AppError } from '@/api/middlewares/error.js';
 import { ERROR_CODES } from '@/types/error-constants.js';
 
-export interface FunctionWithRuntime {
-  functions: Record<string, unknown>[];
-  runtime: {
-    status: 'running' | 'unavailable';
-  };
-}
-
 export class FunctionService {
   private static instance: FunctionService;
   private pool: Pool | null = null;
@@ -41,13 +36,19 @@ export class FunctionService {
   /**
    * List all functions with runtime health check
    */
-  async listFunctions(): Promise<FunctionWithRuntime> {
+  async listFunctions(): Promise<ListFunctionsResponse> {
     try {
       const result = await this.getPool().query(
         `SELECT
-          id, slug, name, description, status,
-          created_at, updated_at, deployed_at
-        FROM _functions
+          id,
+          slug,
+          name,
+          description,
+          status,
+          created_at as "createdAt",
+          updated_at as "updatedAt",
+          deployed_at as "deployedAt"
+        FROM functions.definitions
         ORDER BY created_at DESC`
       );
 
@@ -86,13 +87,20 @@ export class FunctionService {
   /**
    * Get a specific function by slug
    */
-  async getFunction(slug: string): Promise<Record<string, unknown> | undefined> {
+  async getFunction(slug: string): Promise<FunctionSchema | undefined> {
     try {
       const result = await this.getPool().query(
         `SELECT
-          id, slug, name, description, code, status,
-          created_at, updated_at, deployed_at
-        FROM _functions
+          id,
+          slug,
+          name,
+          description,
+          code,
+          status,
+          created_at as "createdAt",
+          updated_at as "updatedAt",
+          deployed_at as "deployedAt"
+        FROM functions.definitions
         WHERE slug = $1`,
         [slug]
       );
@@ -111,7 +119,7 @@ export class FunctionService {
   /**
    * Create a new function
    */
-  async createFunction(data: FunctionUploadRequest): Promise<Record<string, unknown>> {
+  async createFunction(data: UploadFunctionRequest): Promise<FunctionSchema> {
     const client = await this.getPool().connect();
     try {
       const { name, code, description, status } = data;
@@ -125,22 +133,23 @@ export class FunctionService {
 
       // Insert function
       await client.query(
-        `INSERT INTO _functions (id, slug, name, description, code, status)
+        `INSERT INTO functions.definitions (id, slug, name, description, code, status)
         VALUES ($1, $2, $3, $4, $5, $6)`,
         [id, slug, name, description || null, code, status]
       );
 
       // If status is active, update deployed_at
       if (status === 'active') {
-        await client.query(`UPDATE _functions SET deployed_at = CURRENT_TIMESTAMP WHERE id = $1`, [
-          id,
-        ]);
+        await client.query(
+          `UPDATE functions.definitions SET deployed_at = CURRENT_TIMESTAMP WHERE id = $1`,
+          [id]
+        );
       }
 
       // Fetch the created function
       const result = await client.query(
-        `SELECT id, slug, name, description, status, created_at
-        FROM _functions WHERE id = $1`,
+        `SELECT id, slug, name, description, status, created_at as "createdAt"
+        FROM functions.definitions WHERE id = $1`,
         [id]
       );
 
@@ -176,14 +185,15 @@ export class FunctionService {
    */
   async updateFunction(
     slug: string,
-    updates: FunctionUpdateRequest
-  ): Promise<Record<string, unknown> | null> {
+    updates: UpdateFunctionRequest
+  ): Promise<FunctionSchema | null> {
     const client = await this.getPool().connect();
     try {
       // Check if function exists
-      const existingResult = await client.query('SELECT id FROM _functions WHERE slug = $1', [
-        slug,
-      ]);
+      const existingResult = await client.query(
+        'SELECT id FROM functions.definitions WHERE slug = $1',
+        [slug]
+      );
       if (existingResult.rows.length === 0) {
         return null;
       }
@@ -195,22 +205,28 @@ export class FunctionService {
 
       // Update fields
       if (updates.name !== undefined) {
-        await client.query('UPDATE _functions SET name = $1 WHERE slug = $2', [updates.name, slug]);
+        await client.query('UPDATE functions.definitions SET name = $1 WHERE slug = $2', [
+          updates.name,
+          slug,
+        ]);
       }
 
       if (updates.description !== undefined) {
-        await client.query('UPDATE _functions SET description = $1 WHERE slug = $2', [
+        await client.query('UPDATE functions.definitions SET description = $1 WHERE slug = $2', [
           updates.description,
           slug,
         ]);
       }
 
       if (updates.code !== undefined) {
-        await client.query('UPDATE _functions SET code = $1 WHERE slug = $2', [updates.code, slug]);
+        await client.query('UPDATE functions.definitions SET code = $1 WHERE slug = $2', [
+          updates.code,
+          slug,
+        ]);
       }
 
       if (updates.status !== undefined) {
-        await client.query('UPDATE _functions SET status = $1 WHERE slug = $2', [
+        await client.query('UPDATE functions.definitions SET status = $1 WHERE slug = $2', [
           updates.status,
           slug,
         ]);
@@ -218,21 +234,22 @@ export class FunctionService {
         // Update deployed_at if status changes to active
         if (updates.status === 'active') {
           await client.query(
-            'UPDATE _functions SET deployed_at = CURRENT_TIMESTAMP WHERE slug = $1',
+            'UPDATE functions.definitions SET deployed_at = CURRENT_TIMESTAMP WHERE slug = $1',
             [slug]
           );
         }
       }
 
       // Update updated_at
-      await client.query('UPDATE _functions SET updated_at = CURRENT_TIMESTAMP WHERE slug = $1', [
-        slug,
-      ]);
+      await client.query(
+        'UPDATE functions.definitions SET updated_at = CURRENT_TIMESTAMP WHERE slug = $1',
+        [slug]
+      );
 
       // Fetch updated function
       const result = await client.query(
-        `SELECT id, slug, name, description, status, updated_at
-        FROM _functions WHERE slug = $1`,
+        `SELECT id, slug, name, description, status, updated_at as "updatedAt", deployed_at as "deployedAt"
+        FROM functions.definitions WHERE slug = $1`,
         [slug]
       );
 
@@ -254,7 +271,10 @@ export class FunctionService {
    */
   async deleteFunction(slug: string): Promise<boolean> {
     try {
-      const result = await this.getPool().query('DELETE FROM _functions WHERE slug = $1', [slug]);
+      const result = await this.getPool().query(
+        'DELETE FROM functions.definitions WHERE slug = $1',
+        [slug]
+      );
 
       if (result.rowCount === 0) {
         return false;
@@ -278,7 +298,7 @@ export class FunctionService {
     try {
       const result = await this.getPool().query(
         `SELECT slug, name, description, status
-        FROM _functions
+        FROM functions.definitions
         ORDER BY created_at DESC`
       );
 

package/backend/src/services/logs/audit.service.ts

@@ -35,7 +35,7 @@ export class AuditService {
     try {
       const pool = this.getPool();
       const result = await pool.query(
-        `INSERT INTO _audit_logs (actor, action, module, details, ip_address)
+        `INSERT INTO system.audit_logs (actor, action, module, details, ip_address)
          VALUES ($1, $2, $3, $4, $5)
          RETURNING *`,
         [
@@ -109,12 +109,12 @@ export class AuditService {
       }
 
       // Get total count first
-      const countSql = `SELECT COUNT(*) as count FROM _audit_logs ${whereClause}`;
+      const countSql = `SELECT COUNT(*) as count FROM system.audit_logs ${whereClause}`;
       const countResult = await pool.query(countSql, params);
       const total = parseInt(countResult.rows[0].count, 10);
 
       // Get paginated records
-      let dataSql = `SELECT * FROM _audit_logs ${whereClause} ORDER BY created_at DESC`;
+      let dataSql = `SELECT * FROM system.audit_logs ${whereClause} ORDER BY created_at DESC`;
       const dataParams = [...params];
 
       if (query.limit) {
@@ -154,7 +154,7 @@ export class AuditService {
   async getById(id: string): Promise<AuditLogSchema | null> {
     try {
       const pool = this.getPool();
-      const result = await pool.query('SELECT * FROM _audit_logs WHERE id = $1', [id]);
+      const result = await pool.query('SELECT * FROM system.audit_logs WHERE id = $1', [id]);
 
       const row = result.rows[0];
 
@@ -186,30 +186,30 @@ export class AuditService {
       startDate.setDate(startDate.getDate() - days);
 
       const totalLogsResult = await pool.query(
-        'SELECT COUNT(*) as count FROM _audit_logs WHERE created_at >= $1',
+        'SELECT COUNT(*) as count FROM system.audit_logs WHERE created_at >= $1',
         [startDate.toISOString()]
       );
 
       const uniqueActorsResult = await pool.query(
-        'SELECT COUNT(DISTINCT actor) as count FROM _audit_logs WHERE created_at >= $1',
+        'SELECT COUNT(DISTINCT actor) as count FROM system.audit_logs WHERE created_at >= $1',
         [startDate.toISOString()]
       );
 
       const uniqueModulesResult = await pool.query(
-        'SELECT COUNT(DISTINCT module) as count FROM _audit_logs WHERE created_at >= $1',
+        'SELECT COUNT(DISTINCT module) as count FROM system.audit_logs WHERE created_at >= $1',
         [startDate.toISOString()]
       );
 
       const actionsByModuleResult = await pool.query(
         `SELECT module, COUNT(*) as count
-         FROM _audit_logs
+         FROM system.audit_logs
          WHERE created_at >= $1
          GROUP BY module`,
         [startDate.toISOString()]
       );
 
       const recentActivityResult = await pool.query(
-        `SELECT * FROM _audit_logs
+        `SELECT * FROM system.audit_logs
          WHERE created_at >= $1
          ORDER BY created_at DESC
          LIMIT 10`,
@@ -253,7 +253,7 @@ export class AuditService {
       cutoffDate.setDate(cutoffDate.getDate() - daysToKeep);
 
       const result = await pool.query(
-        'DELETE FROM _audit_logs WHERE created_at < $1 RETURNING id',
+        'DELETE FROM system.audit_logs WHERE created_at < $1 RETURNING id',
         [cutoffDate.toISOString()]
       );
 

package/backend/src/services/secrets/secret.service.ts

@@ -3,21 +3,9 @@ import crypto from 'crypto';
 import { DatabaseManager } from '@/infra/database/database.manager.js';
 import logger from '@/utils/logger.js';
 import { EncryptionManager } from '@/infra/security/encryption.manager.js';
+import { SecretSchema, CreateSecretRequest } from '@insforge/shared-schemas';
 
-export interface SecretSchema {
-  id: string;
-  key: string;
-  isActive: boolean;
-  isReserved: boolean;
-  lastUsedAt: Date | null;
-  expiresAt: Date | null;
-  createdAt: Date;
-  updatedAt: Date;
-}
-
-export interface CreateSecretInput {
-  key: string;
-  value: string;
+export interface CreateSecretInput extends CreateSecretRequest {
   isReserved?: boolean;
   expiresAt?: Date;
 }
@@ -59,7 +47,7 @@ export class SecretService {
       const encryptedValue = EncryptionManager.encrypt(input.value);
 
       const result = await this.getPool().query(
-        `INSERT INTO _secrets (key, value_ciphertext, is_reserved, expires_at)
+        `INSERT INTO system.secrets (key, value_ciphertext, is_reserved, expires_at)
          VALUES ($1, $2, $3, $4)
          RETURNING id`,
         [input.key, encryptedValue, input.isReserved || false, input.expiresAt || null]
@@ -79,7 +67,7 @@ export class SecretService {
   async getSecretById(id: string): Promise<string | null> {
     try {
       const result = await this.getPool().query(
-        `UPDATE _secrets
+        `UPDATE system.secrets
          SET last_used_at = NOW()
          WHERE id = $1 AND is_active = true
          AND (expires_at IS NULL OR expires_at > NOW())
@@ -106,7 +94,7 @@ export class SecretService {
   async getSecretByKey(key: string): Promise<string | null> {
     try {
       const result = await this.getPool().query(
-        `UPDATE _secrets
+        `UPDATE system.secrets
          SET last_used_at = NOW()
          WHERE key = $1 AND is_active = true
          AND (expires_at IS NULL OR expires_at > NOW())
@@ -142,7 +130,7 @@ export class SecretService {
           expires_at as "expiresAt",
           created_at as "createdAt",
           updated_at as "updatedAt"
-         FROM _secrets
+         FROM system.secrets
          ORDER BY created_at DESC`
       );
 
@@ -183,10 +171,14 @@ export class SecretService {
         values.push(input.expiresAt);
       }
 
+      if (updates.length === 0) {
+        return false;
+      }
+
       values.push(id);
 
       const result = await this.getPool().query(
-        `UPDATE _secrets
+        `UPDATE system.secrets
          SET ${updates.join(', ')}
          WHERE id = $${paramCount}`,
         values
@@ -203,6 +195,81 @@ export class SecretService {
     }
   }
 
+  /**
+   * Update a secret by key
+   */
+  async updateSecretByKey(key: string, input: UpdateSecretInput): Promise<boolean> {
+    try {
+      const updates: string[] = [];
+      const values: (string | boolean | Date | null)[] = [];
+      let paramCount = 1;
+
+      if (input.value !== undefined) {
+        const encryptedValue = EncryptionManager.encrypt(input.value);
+        updates.push(`value_ciphertext = $${paramCount++}`);
+        values.push(encryptedValue);
+      }
+
+      if (input.isActive !== undefined) {
+        updates.push(`is_active = $${paramCount++}`);
+        values.push(input.isActive);
+      }
+
+      if (input.isReserved !== undefined) {
+        updates.push(`is_reserved = $${paramCount++}`);
+        values.push(input.isReserved);
+      }
+
+      if (input.expiresAt !== undefined) {
+        updates.push(`expires_at = $${paramCount++}`);
+        values.push(input.expiresAt);
+      }
+
+      if (updates.length === 0) {
+        return false;
+      }
+
+      values.push(key);
+
+      const result = await this.getPool().query(
+        `UPDATE system.secrets
+         SET ${updates.join(', ')}
+         WHERE key = $${paramCount}`,
+        values
+      );
+
+      const success = (result.rowCount ?? 0) > 0;
+      if (success) {
+        logger.info('Secret updated by key', { key });
+      }
+      return success;
+    } catch (error) {
+      logger.error('Failed to update secret by key', { error, key });
+      throw new Error('Failed to update secret');
+    }
+  }
+
+  /**
+   * Delete a secret by key
+   */
+  async deleteSecretByKey(key: string): Promise<boolean> {
+    try {
+      const result = await this.getPool().query(
+        'DELETE FROM system.secrets WHERE key = $1 AND is_reserved = false',
+        [key]
+      );
+
+      const success = (result.rowCount ?? 0) > 0;
+      if (success) {
+        logger.info('Secret deleted by key', { key });
+      }
+      return success;
+    } catch (error) {
+      logger.error('Failed to delete secret by key', { error, key });
+      throw new Error('Failed to delete secret');
+    }
+  }
+
   /**
    * Check if a secret value matches the stored value
    */
@@ -210,7 +277,7 @@ export class SecretService {
     try {
       // Optimized: Single query that retrieves and updates in one operation
       const result = await this.getPool().query(
-        `UPDATE _secrets
+        `UPDATE system.secrets
          SET last_used_at = NOW()
          WHERE key = $1
          AND is_active = true
@@ -225,7 +292,12 @@ export class SecretService {
       }
 
       const decryptedValue = EncryptionManager.decrypt(result.rows[0].value_ciphertext);
-      const matches = decryptedValue === value;
+      // Use constant-time comparison to prevent timing attacks
+      const decryptedBuffer = Buffer.from(decryptedValue);
+      const valueBuffer = Buffer.from(value);
+      const matches =
+        decryptedBuffer.length === valueBuffer.length &&
+        crypto.timingSafeEqual(decryptedBuffer, valueBuffer);
 
       if (matches) {
         logger.info('Secret check successful', { key });
@@ -247,7 +319,7 @@ export class SecretService {
     try {
       // Optimized: Single query with WHERE clause to prevent deleting reserved secrets
       const result = await this.getPool().query(
-        'DELETE FROM _secrets WHERE id = $1 AND is_reserved = false',
+        'DELETE FROM system.secrets WHERE id = $1 AND is_reserved = false',
         [id]
       );
 
@@ -257,7 +329,7 @@ export class SecretService {
       } else {
         // Check if it exists but is reserved
         const checkResult = await this.getPool().query(
-          'SELECT is_reserved FROM _secrets WHERE id = $1',
+          'SELECT is_reserved FROM system.secrets WHERE id = $1',
           [id]
         );
         if (checkResult.rows.length && checkResult.rows[0].is_reserved) {
@@ -279,7 +351,9 @@ export class SecretService {
     try {
       await client.query('BEGIN');
 
-      const oldSecretResult = await client.query(`SELECT key FROM _secrets WHERE id = $1`, [id]);
+      const oldSecretResult = await client.query(`SELECT key FROM system.secrets WHERE id = $1`, [
+        id,
+      ]);
 
       if (!oldSecretResult.rows.length) {
         throw new Error('Secret not found');
@@ -288,7 +362,7 @@ export class SecretService {
       const secretKey = oldSecretResult.rows[0].key;
 
       await client.query(
-        `UPDATE _secrets
+        `UPDATE system.secrets
          SET is_active = false,
              expires_at = NOW() + INTERVAL '24 hours'
          WHERE id = $1`,
@@ -297,7 +371,7 @@ export class SecretService {
 
       const encryptedValue = EncryptionManager.encrypt(newValue);
       const newSecretResult = await client.query(
-        `INSERT INTO _secrets (key, value_ciphertext)
+        `INSERT INTO system.secrets (key, value_ciphertext)
          VALUES ($1, $2)
          RETURNING id`,
         [secretKey, encryptedValue]
@@ -327,7 +401,7 @@ export class SecretService {
   async cleanupExpiredSecrets(): Promise<number> {
     try {
       const result = await this.getPool().query(
-        `DELETE FROM _secrets
+        `DELETE FROM system.secrets
          WHERE expires_at IS NOT NULL
          AND expires_at < NOW()
          RETURNING id`