lsh-framework 1.2.0 → 1.3.0

package/dist/cicd/auth.js

@@ -1,269 +0,0 @@
-import jwt from 'jsonwebtoken';
-import bcrypt from 'bcrypt';
-const JWT_SECRET = process.env.JWT_SECRET || 'your-secret-key-change-in-production';
-const TOKEN_EXPIRY = '24h';
-export class AuthService {
-    pool;
-    constructor(pool) {
-        this.pool = pool;
-        this.initializeSchema();
-    }
-    async initializeSchema() {
-        const query = `
-      CREATE TABLE IF NOT EXISTS users (
-        id SERIAL PRIMARY KEY,
-        email VARCHAR(255) UNIQUE NOT NULL,
-        name VARCHAR(255) NOT NULL,
-        password_hash VARCHAR(255) NOT NULL,
-        role VARCHAR(50) NOT NULL DEFAULT 'viewer',
-        created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
-        last_login TIMESTAMP,
-        is_active BOOLEAN DEFAULT true
-      );
-
-      CREATE TABLE IF NOT EXISTS api_keys (
-        id SERIAL PRIMARY KEY,
-        user_id INTEGER REFERENCES users(id) ON DELETE CASCADE,
-        key_hash VARCHAR(255) UNIQUE NOT NULL,
-        name VARCHAR(255),
-        permissions JSONB,
-        last_used TIMESTAMP,
-        created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
-        expires_at TIMESTAMP
-      );
-
-      CREATE TABLE IF NOT EXISTS audit_logs (
-        id SERIAL PRIMARY KEY,
-        user_id INTEGER REFERENCES users(id),
-        action VARCHAR(255) NOT NULL,
-        resource VARCHAR(255),
-        details JSONB,
-        ip_address VARCHAR(45),
-        user_agent TEXT,
-        timestamp TIMESTAMP DEFAULT CURRENT_TIMESTAMP
-      );
-
-      CREATE INDEX IF NOT EXISTS idx_audit_logs_user ON audit_logs(user_id);
-      CREATE INDEX IF NOT EXISTS idx_audit_logs_timestamp ON audit_logs(timestamp);
-    `;
-        try {
-            await this.pool.query(query);
-        }
-        catch (error) {
-            console.error('Error initializing auth schema:', error);
-        }
-    }
-    async register(email, password, name, role = 'viewer') {
-        const passwordHash = await bcrypt.hash(password, 10);
-        const query = `
-      INSERT INTO users (email, name, password_hash, role)
-      VALUES ($1, $2, $3, $4)
-      RETURNING id, email, name, role, created_at
-    `;
-        try {
-            const result = await this.pool.query(query, [email, name, passwordHash, role]);
-            return result.rows[0];
-        }
-        catch (error) {
-            if (error.code === '23505') { // Unique constraint violation
-                throw new Error('User with this email already exists');
-            }
-            throw error;
-        }
-    }
-    async login(email, password) {
-        const query = `
-      SELECT id, email, name, role, password_hash, created_at
-      FROM users
-      WHERE email = $1 AND is_active = true
-    `;
-        const result = await this.pool.query(query, [email]);
-        if (result.rows.length === 0) {
-            throw new Error('Invalid credentials');
-        }
-        const user = result.rows[0];
-        const isValid = await bcrypt.compare(password, user.password_hash);
-        if (!isValid) {
-            throw new Error('Invalid credentials');
-        }
-        // Update last login
-        await this.pool.query('UPDATE users SET last_login = CURRENT_TIMESTAMP WHERE id = $1', [user.id]);
-        const token = this.generateToken(user);
-        delete user.password_hash;
-        return { user, token };
-    }
-    generateToken(user) {
-        const payload = {
-            userId: user.id,
-            email: user.email,
-            role: user.role
-        };
-        return jwt.sign(payload, JWT_SECRET, { expiresIn: TOKEN_EXPIRY });
-    }
-    verifyToken(token) {
-        try {
-            return jwt.verify(token, JWT_SECRET);
-        }
-        catch (_error) {
-            throw new Error('Invalid or expired token');
-        }
-    }
-    async generateApiKey(userId, name, permissions) {
-        const apiKey = this.generateRandomKey();
-        const keyHash = await bcrypt.hash(apiKey, 10);
-        const query = `
-      INSERT INTO api_keys (user_id, key_hash, name, permissions)
-      VALUES ($1, $2, $3, $4)
-      RETURNING id
-    `;
-        await this.pool.query(query, [userId, keyHash, name, permissions || {}]);
-        return apiKey;
-    }
-    generateRandomKey() {
-        const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
-        let key = 'cicd_';
-        for (let i = 0; i < 32; i++) {
-            key += chars.charAt(Math.floor(Math.random() * chars.length));
-        }
-        return key;
-    }
-    async verifyApiKey(apiKey) {
-        const query = `
-      SELECT ak.*, u.email, u.role
-      FROM api_keys ak
-      JOIN users u ON ak.user_id = u.id
-      WHERE u.is_active = true
-      AND (ak.expires_at IS NULL OR ak.expires_at > CURRENT_TIMESTAMP)
-    `;
-        const result = await this.pool.query(query);
-        for (const row of result.rows) {
-            const isValid = await bcrypt.compare(apiKey, row.key_hash);
-            if (isValid) {
-                // Update last used
-                await this.pool.query('UPDATE api_keys SET last_used = CURRENT_TIMESTAMP WHERE id = $1', [row.id]);
-                return {
-                    userId: row.user_id,
-                    email: row.email,
-                    role: row.role
-                };
-            }
-        }
-        return null;
-    }
-    async logAudit(userId, action, resource, details, req) {
-        const query = `
-      INSERT INTO audit_logs (user_id, action, resource, details, ip_address, user_agent)
-      VALUES ($1, $2, $3, $4, $5, $6)
-    `;
-        const ipAddress = req?.ip || req?.socket?.remoteAddress;
-        const userAgent = req?.headers['user-agent'];
-        await this.pool.query(query, [
-            userId,
-            action,
-            resource,
-            details || {},
-            ipAddress,
-            userAgent
-        ]);
-    }
-}
-// Middleware for authentication
-export function authenticate(authService) {
-    return async (req, res, next) => {
-        try {
-            const authHeader = req.headers.authorization;
-            if (!authHeader) {
-                return res.status(401).json({ error: 'No authorization header' });
-            }
-            let user = null;
-            if (authHeader.startsWith('Bearer ')) {
-                // JWT token authentication
-                const token = authHeader.substring(7);
-                user = authService.verifyToken(token);
-            }
-            else if (authHeader.startsWith('ApiKey ')) {
-                // API key authentication
-                const apiKey = authHeader.substring(7);
-                user = await authService.verifyApiKey(apiKey);
-            }
-            if (!user) {
-                return res.status(401).json({ error: 'Invalid authentication credentials' });
-            }
-            req.user = user;
-            next();
-        }
-        catch (error) {
-            const message = error instanceof Error ? error.message : 'Authentication failed';
-            return res.status(401).json({ error: message });
-        }
-    };
-}
-// Role-based access control middleware
-export function authorize(...allowedRoles) {
-    return (req, res, next) => {
-        if (!req.user) {
-            return res.status(401).json({ error: 'Authentication required' });
-        }
-        if (!allowedRoles.includes(req.user.role)) {
-            return res.status(403).json({ error: 'Insufficient permissions' });
-        }
-        next();
-    };
-}
-// Permission-based middleware
-export function requirePermission(permission) {
-    return (req, res, next) => {
-        if (!req.user) {
-            return res.status(401).json({ error: 'Authentication required' });
-        }
-        // Admin has all permissions
-        if (req.user.role === 'admin') {
-            return next();
-        }
-        // Check specific permissions based on role
-        const rolePermissions = {
-            developer: [
-                'pipelines.view',
-                'pipelines.trigger',
-                'metrics.view',
-                'analytics.view',
-                'alerts.view'
-            ],
-            viewer: [
-                'pipelines.view',
-                'metrics.view',
-                'analytics.view'
-            ]
-        };
-        const userPermissions = rolePermissions[req.user.role] || [];
-        if (!userPermissions.includes(permission)) {
-            return res.status(403).json({ error: `Permission '${permission}' required` });
-        }
-        next();
-    };
-}
-export function rateLimit(options) {
-    const requests = new Map();
-    return (req, res, next) => {
-        const key = req.user?.userId?.toString() || req.ip || 'anonymous';
-        const now = Date.now();
-        const record = requests.get(key);
-        if (!record || now > record.resetTime) {
-            requests.set(key, {
-                count: 1,
-                resetTime: now + options.windowMs
-            });
-            return next();
-        }
-        if (record.count >= options.max) {
-            const retryAfter = Math.ceil((record.resetTime - now) / 1000);
-            res.setHeader('Retry-After', retryAfter);
-            return res.status(429).json({
-                error: 'Too many requests',
-                retryAfter
-            });
-        }
-        record.count++;
-        next();
-    };
-}

package/dist/cicd/cache-manager.js

@@ -1,172 +0,0 @@
-import Redis from 'ioredis';
-import { createHash } from 'crypto';
-export class CacheManager {
-    redis;
-    stats;
-    defaultTTL;
-    keyPrefix;
-    constructor(redisUrl = 'redis://localhost:6379', options = {}) {
-        this.redis = new Redis(redisUrl);
-        this.defaultTTL = options.ttl || 3600; // 1 hour default
-        this.keyPrefix = options.prefix || 'cicd:cache:';
-        this.stats = {
-            hits: 0,
-            misses: 0,
-            sets: 0,
-            deletes: 0,
-            size: 0,
-            hitRate: 0
-        };
-        // Set up error handling
-        this.redis.on('error', (err) => {
-            console.error('Redis cache error:', err);
-        });
-    }
-    generateKey(namespace, identifier) {
-        const hash = createHash('md5').update(identifier).digest('hex');
-        return `${this.keyPrefix}${namespace}:${hash}`;
-    }
-    async get(namespace, identifier) {
-        const key = this.generateKey(namespace, identifier);
-        try {
-            const cached = await this.redis.get(key);
-            if (cached) {
-                this.stats.hits++;
-                this.updateHitRate();
-                return JSON.parse(cached);
-            }
-            this.stats.misses++;
-            this.updateHitRate();
-            return null;
-        }
-        catch (error) {
-            console.error(`Cache get error for ${key}:`, error);
-            return null;
-        }
-    }
-    async set(namespace, identifier, value, ttl) {
-        const key = this.generateKey(namespace, identifier);
-        const ttlSeconds = ttl || this.defaultTTL;
-        try {
-            const serialized = JSON.stringify(value);
-            await this.redis.setex(key, ttlSeconds, serialized);
-            this.stats.sets++;
-            this.stats.size = await this.getSize();
-        }
-        catch (error) {
-            console.error(`Cache set error for ${key}:`, error);
-        }
-    }
-    async invalidate(namespace, identifier) {
-        try {
-            if (identifier) {
-                // Invalidate specific item
-                const key = this.generateKey(namespace, identifier);
-                await this.redis.del(key);
-                this.stats.deletes++;
-            }
-            else {
-                // Invalidate entire namespace
-                const pattern = `${this.keyPrefix}${namespace}:*`;
-                const keys = await this.redis.keys(pattern);
-                if (keys.length > 0) {
-                    await this.redis.del(...keys);
-                    this.stats.deletes += keys.length;
-                }
-            }
-            this.stats.size = await this.getSize();
-        }
-        catch (error) {
-            console.error(`Cache invalidate error:`, error);
-        }
-    }
-    async getOrSet(namespace, identifier, factory, ttl) {
-        // Try to get from cache first
-        const cached = await this.get(namespace, identifier);
-        if (cached !== null) {
-            return cached;
-        }
-        // Generate fresh value
-        const value = await factory();
-        await this.set(namespace, identifier, value, ttl);
-        return value;
-    }
-    async warmup(namespace, items) {
-        const promises = items.map(async (item) => {
-            await this.getOrSet(namespace, item.id, item.factory, item.ttl);
-        });
-        await Promise.all(promises);
-    }
-    updateHitRate() {
-        const total = this.stats.hits + this.stats.misses;
-        this.stats.hitRate = total > 0 ? (this.stats.hits / total) * 100 : 0;
-    }
-    async getSize() {
-        try {
-            const info = await this.redis.info('memory');
-            const match = info.match(/used_memory_human:(.+)/);
-            if (match) {
-                const size = match[1].trim();
-                // Convert to bytes
-                if (size.endsWith('K'))
-                    return parseFloat(size) * 1024;
-                if (size.endsWith('M'))
-                    return parseFloat(size) * 1024 * 1024;
-                if (size.endsWith('G'))
-                    return parseFloat(size) * 1024 * 1024 * 1024;
-                return parseFloat(size);
-            }
-            return 0;
-        }
-        catch (_error) {
-            return 0;
-        }
-    }
-    async getStats() {
-        this.stats.size = await this.getSize();
-        return { ...this.stats };
-    }
-    async clear() {
-        try {
-            const pattern = `${this.keyPrefix}*`;
-            const keys = await this.redis.keys(pattern);
-            if (keys.length > 0) {
-                await this.redis.del(...keys);
-            }
-            this.resetStats();
-        }
-        catch (error) {
-            console.error('Cache clear error:', error);
-        }
-    }
-    resetStats() {
-        this.stats = {
-            hits: 0,
-            misses: 0,
-            sets: 0,
-            deletes: 0,
-            size: 0,
-            hitRate: 0
-        };
-    }
-    async disconnect() {
-        await this.redis.quit();
-    }
-}
-// Decorator for method-level caching
-export function Cacheable(namespace, ttl) {
-    return function (target, propertyKey, descriptor) {
-        const originalMethod = descriptor.value;
-        descriptor.value = async function (...args) {
-            const cacheManager = this.cacheManager;
-            if (!cacheManager) {
-                return originalMethod.apply(this, args);
-            }
-            const identifier = `${propertyKey}:${JSON.stringify(args)}`;
-            return cacheManager.getOrSet(namespace, identifier, () => originalMethod.apply(this, args), ttl);
-        };
-        return descriptor;
-    };
-}
-// Export singleton instance
-export const cacheManager = new CacheManager();