npm - kafka-ts - Versions diffs - 0.0.1-beta.0 → 0.0.1-beta.1 - Mend

kafka-ts 0.0.1-beta.0 → 0.0.1-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/README.md CHANGED Viewed

@@ -92,10 +92,18 @@ The existing high-level libraries (e.g. kafkajs) are missing a few crucial featu
 -   **Consuming messages without consumer groups** - When you don't need the consumer to track the partition offsets, you can simply create a consumer without groupId and always either start consuming messages from the beginning or from the latest partition offset.
 -   **Low-level API requests** - It's possible to communicate directly with the Kafka cluster using the kafka api protocol.
+## Supported SASL mechanisms
+- PLAIN
+- SCRAM-SHA-256
+- SCRAM-SHA-512
+Custom SASL mechanisms can be implemented following the `SASLProvider` interface. See [src/auth](./src/auth) for examples.
 ## Backlog
-Minimal set of features required before a stable release:
+Minimal set of features left to implement before a stable release:
 -   Partitioner (Currently have to specify the partition on producer.send())
 -   API versioning (Currently only tested against Kafka 3.7+)
--   SASL SCRAM-SHA-512 support

package/examples/src/client.ts CHANGED Viewed

@@ -1,9 +1,9 @@
 import { readFileSync } from 'fs';
-import { createKafkaClient } from 'kafka-ts';
+import { createKafkaClient, saslScramSha512 } from 'kafka-ts';
 export const kafka = createKafkaClient({
     clientId: 'examples',
     bootstrapServers: [{ host: 'localhost', port: 9092 }],
-    sasl: { mechanism: 'SCRAM-SHA-256', username: 'admin', password: 'admin' },
+    sasl: saslScramSha512({ username: 'admin', password: 'admin' }),
     ssl: { ca: readFileSync('../certs/ca.crt').toString() },
 });

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "kafka-ts",
-    "version": "0.0.1-beta.0",
+    "version": "0.0.1-beta.1",
     "main": "dist/index.js",
     "author": "Priit Käärd",
     "license": "MIT",

package/src/auth/index.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export { saslPlain } from './plain';
2	+ export { saslScramSha256, saslScramSha512 } from './scram';

package/src/auth/plain.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import { API } from "../api";
+import { SASLProvider } from "../broker";
+export const saslPlain = ({ username, password }: { username: string; password: string }): SASLProvider => ({
+    mechanism: 'PLAIN',
+    authenticate: async ({ sendRequest }) => {
+        const authBytes = [null, username, password].join('\u0000');
+        await sendRequest(API.SASL_AUTHENTICATE, { authBytes: Buffer.from(authBytes) });
+    },
+});

package/src/auth/scram.ts ADDED Viewed

@@ -0,0 +1,52 @@
+import { API } from '../api';
+import { SASLProvider } from '../broker';
+import { base64Decode, base64Encode, generateNonce, hash, hmac, saltPassword, xor } from '../utils/crypto';
+import { KafkaTSError } from '../utils/error';
+const saslScram =
+    ({ mechanism, keyLength, digest }: { mechanism: string; keyLength: number; digest: string }) =>
+    ({ username, password }: { username: string; password: string }): SASLProvider => ({
+        mechanism,
+        authenticate: async ({ sendRequest }) => {
+            const nonce = generateNonce();
+            const firstMessage = `n=${username},r=${nonce}`;
+            const { authBytes } = await sendRequest(API.SASL_AUTHENTICATE, {
+                authBytes: Buffer.from(`n,,${firstMessage}`),
+            });
+            if (!authBytes) {
+                throw new KafkaTSError('No auth response');
+            }
+            const response = Object.fromEntries(
+                authBytes
+                    .toString()
+                    .split(',')
+                    .map((pair) => pair.split('=')),
+            ) as { r: string; s: string; i: string };
+            const rnonce = response.r;
+            if (!rnonce.startsWith(nonce)) {
+                throw new KafkaTSError('Invalid nonce');
+            }
+            const iterations = parseInt(response.i);
+            const salt = base64Decode(response.s);
+            const saltedPassword = await saltPassword(password, salt, iterations, keyLength, digest);
+            const clientKey = hmac(saltedPassword, 'Client Key', digest);
+            const clientKeyHash = hash(clientKey, digest);
+            let finalMessage = `c=${base64Encode('n,,')},r=${rnonce}`;
+            const fullMessage = `${firstMessage},${authBytes.toString()},${finalMessage}`;
+            const clientSignature = hmac(clientKeyHash, fullMessage, digest);
+            const clientProof = base64Encode(xor(clientKey, clientSignature));
+            finalMessage += `,p=${clientProof}`;
+            await sendRequest(API.SASL_AUTHENTICATE, { authBytes: Buffer.from(finalMessage) });
+        },
+    });
+export const saslScramSha256 = saslScram({ mechanism: 'SCRAM-SHA-256', keyLength: 32, digest: 'sha256' });
+export const saslScramSha512 = saslScram({ mechanism: 'SCRAM-SHA-512', keyLength: 64, digest: 'sha512' });

package/src/broker.ts CHANGED Viewed

@@ -2,20 +2,18 @@ import { TcpSocketConnectOpts } from 'net';
 import { TLSSocketOptions } from 'tls';
 import { API } from './api';
 import { Connection, SendRequest } from './connection';
-import { base64Decode, base64Encode, generateNonce, hash, hmac, saltPassword, xor } from './utils/crypto';
 import { KafkaTSError } from './utils/error';
 import { memo } from './utils/memo';
-export type SASLOptions = {
-    mechanism: 'PLAIN' | 'SCRAM-SHA-256';
-    username: string;
-    password: string;
+export type SASLProvider = {
+    mechanism: string;
+    authenticate: (context: { sendRequest: SendRequest }) => Promise<void>;
 };
 type BrokerOptions = {
     clientId: string | null;
     options: TcpSocketConnectOpts;
-    sasl: SASLOptions | null;
+    sasl: SASLProvider | null;
     ssl: TLSSocketOptions | null;
 };
@@ -69,78 +67,6 @@ export class Broker {
     }
     private async saslAuthenticate() {
-        if (!this.options.sasl) {
-            return;
-        }
-        const { mechanism } = this.options.sasl;
-        const authenticate = { PLAIN: plainProvider, 'SCRAM-SHA-256': scramSha256Provider }[mechanism as string];
-        if (!authenticate) {
-            throw new KafkaTSError(`SASL mechanism ${mechanism} is not supported`);
-        }
-        await authenticate({
-            ...this.options.sasl,
-            sendRequest: this.sendRequest.bind(this),
-        });
+        await this.options.sasl?.authenticate({ sendRequest: this.sendRequest });
     }
 }
-const plainProvider = async ({
-    username,
-    password,
-    sendRequest,
-}: {
-    username: string;
-    password: string;
-    sendRequest: SendRequest;
-}) => {
-    const authBytes = [null, username, password].join('\u0000');
-    await sendRequest(API.SASL_AUTHENTICATE, { authBytes: Buffer.from(authBytes) });
-};
-const scramSha256Provider = async ({
-    username,
-    password,
-    sendRequest,
-}: {
-    username: string;
-    password: string;
-    sendRequest: SendRequest;
-}) => {
-    const nonce = generateNonce();
-    const firstMessage = `n=${username},r=${nonce}`;
-    const { authBytes } = await sendRequest(API.SASL_AUTHENTICATE, { authBytes: Buffer.from(`n,,${firstMessage}`) });
-    if (!authBytes) {
-        throw new KafkaTSError('No auth response');
-    }
-    const response = Object.fromEntries(
-        authBytes
-            .toString()
-            .split(',')
-            .map((pair) => pair.split('=')),
-    ) as { r: string; s: string; i: string };
-    const rnonce = response.r;
-    if (!rnonce.startsWith(nonce)) {
-        throw new KafkaTSError('Invalid nonce');
-    }
-    const iterations = parseInt(response.i);
-    const salt = base64Decode(response.s);
-    const saltedPassword = await saltPassword(password, salt, iterations, 32, 'sha256');
-    const clientKey = hmac(saltedPassword, 'Client Key');
-    const clientKeyHash = hash(clientKey);
-    let finalMessage = `c=${base64Encode('n,,')},r=${rnonce}`;
-    const fullMessage = `${firstMessage},${authBytes.toString()},${finalMessage}`;
-    const clientSignature = hmac(clientKeyHash, fullMessage);
-    const clientProof = base64Encode(xor(clientKey, clientSignature));
-    finalMessage += `,p=${clientProof}`;
-    await sendRequest(API.SASL_AUTHENTICATE, { authBytes: Buffer.from(finalMessage) });
-};

package/src/client.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 import { TcpSocketConnectOpts } from 'net';
 import { TLSSocketOptions } from 'tls';
-import { SASLOptions } from './broker';
+import { SASLProvider } from './broker';
 import { Cluster } from './cluster';
 import { Consumer, ConsumerOptions } from './consumer/consumer';
 import { Producer, ProducerOptions } from './producer/producer';
@@ -8,7 +8,7 @@ import { Producer, ProducerOptions } from './producer/producer';
 type ClientOptions = {
     clientId?: string | null;
     bootstrapServers: TcpSocketConnectOpts[];
-    sasl?: SASLOptions | null;
+    sasl?: SASLProvider | null;
     ssl?: TLSSocketOptions | null;
 };

package/src/cluster.test.ts CHANGED Viewed

@@ -3,6 +3,7 @@ import { readFileSync } from 'fs';
 import { afterAll, beforeAll, describe, expect, it } from 'vitest';
 import { API } from './api';
 import { KEY_TYPE } from './api/find-coordinator';
+import { saslPlain } from './auth';
 import { createKafkaClient } from './client';
 import { Cluster } from './cluster';
 import { KafkaTSApiError } from './utils/error';
@@ -10,7 +11,7 @@ import { KafkaTSApiError } from './utils/error';
 export const kafka = createKafkaClient({
     clientId: 'kafka-ts',
     bootstrapServers: [{ host: 'localhost', port: 9092 }],
-    sasl: { mechanism: 'PLAIN', username: 'admin', password: 'admin' },
+    sasl: saslPlain({ username: 'admin', password: 'admin' }),
     ssl: { ca: readFileSync('./certs/ca.crt').toString() },
 });

package/src/cluster.ts CHANGED Viewed

@@ -1,14 +1,14 @@
 import { TcpSocketConnectOpts } from 'net';
 import { TLSSocketOptions } from 'tls';
 import { API } from './api';
-import { Broker, SASLOptions } from './broker';
+import { Broker, SASLProvider } from './broker';
 import { SendRequest } from './connection';
 import { ConnectionError, KafkaTSError } from './utils/error';
 type ClusterOptions = {
     clientId: string | null;
     bootstrapServers: TcpSocketConnectOpts[];
-    sasl: SASLOptions | null;
+    sasl: SASLProvider | null;
     ssl: TLSSocketOptions | null;
 };

package/src/index.ts CHANGED Viewed

@@ -1,4 +1,6 @@
-export * from './utils/error';
-export * from './client';
 export * from './api';
+export * from './auth';
+export { SASLProvider } from './broker';
+export * from './client';
 export * from './types';
+export * from './utils/error';

package/src/utils/crypto.ts CHANGED Viewed

@@ -9,6 +9,7 @@ export const saltPassword = (password: string, salt: string, iterations: number,
 export const base64Encode = (input: Buffer | string) => Buffer.from(input).toString('base64');
 export const base64Decode = (input: string) => Buffer.from(input, 'base64').toString();
-export const hash = (data: Buffer) => createHash('sha256').update(data).digest();
-export const hmac = (key: Buffer, data: Buffer | string) => createHmac('sha256', key).update(data).digest();
+export const hash = (data: Buffer, digest: string) => createHash(digest).update(data).digest();
+export const hmac = (key: Buffer, data: Buffer | string, digest: string) =>
+    createHmac(digest, key).update(data).digest();
 export const xor = (a: Buffer, b: Buffer) => Buffer.from(a.map((byte, i) => byte ^ b[i]));