npm - node-opcua-server - Versions diffs - 2.166.0 → 2.168.0 - Mend

node-opcua-server 2.166.0 → 2.168.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (111) hide show

package/dist/addressSpace_accessor.d.ts +6 -6
package/dist/addressSpace_accessor.js +2 -2
package/dist/addressSpace_accessor.js.map +1 -1
package/dist/base_server.d.ts +14 -3
package/dist/base_server.js +64 -44
package/dist/base_server.js.map +1 -1
package/dist/extract_password_from_blob.js +1 -3
package/dist/extract_password_from_blob.js.map +1 -1
package/dist/factory.d.ts +2 -3
package/dist/factory.js.map +1 -1
package/dist/filter/check_where_clause_on_address_space.d.ts +2 -2
package/dist/filter/check_where_clause_on_address_space.js +1 -2
package/dist/filter/check_where_clause_on_address_space.js.map +1 -1
package/dist/filter/extract_event_fields.d.ts +3 -3
package/dist/filter/extract_event_fields.js +1 -2
package/dist/filter/extract_event_fields.js.map +1 -1
package/dist/helper.d.ts +3 -3
package/dist/helper.js +4 -8
package/dist/helper.js.map +1 -1
package/dist/i_address_space_accessor.d.ts +4 -4
package/dist/i_channel_data.d.ts +1 -1
package/dist/i_register_server_manager.d.ts +1 -1
package/dist/i_server_side_publish_engine.d.ts +8 -6
package/dist/i_server_side_publish_engine.js +7 -2
package/dist/i_server_side_publish_engine.js.map +1 -1
package/dist/index.d.ts +8 -7
package/dist/index.js +8 -7
package/dist/index.js.map +1 -1
package/dist/invalidate_server_certificate_cache.d.ts +16 -0
package/dist/invalidate_server_certificate_cache.js +28 -0
package/dist/invalidate_server_certificate_cache.js.map +1 -0
package/dist/monitored_item.d.ts +10 -11
package/dist/monitored_item.js +38 -39
package/dist/monitored_item.js.map +1 -1
package/dist/node_sampler.d.ts +1 -1
package/dist/node_sampler.js +2 -4
package/dist/node_sampler.js.map +1 -1
package/dist/opcua_server.d.ts +57 -62
package/dist/opcua_server.js +10 -10
package/dist/opcua_server.js.map +1 -1
package/dist/register_server_manager.d.ts +8 -8
package/dist/register_server_manager.js +40 -40
package/dist/register_server_manager.js.map +1 -1
package/dist/register_server_manager_hidden.d.ts +1 -1
package/dist/register_server_manager_hidden.js +2 -4
package/dist/register_server_manager_hidden.js.map +1 -1
package/dist/register_server_manager_mdns_only.d.ts +1 -1
package/dist/register_server_manager_mdns_only.js.map +1 -1
package/dist/sampling_func.d.ts +2 -2
package/dist/server_capabilities.d.ts +3 -3
package/dist/server_capabilities.js.map +1 -1
package/dist/server_end_point.d.ts +47 -4
package/dist/server_end_point.js +133 -42
package/dist/server_end_point.js.map +1 -1
package/dist/server_engine.js +29 -25
package/dist/server_engine.js.map +1 -1
package/dist/server_publish_engine.d.ts +5 -5
package/dist/server_publish_engine.js +29 -23
package/dist/server_publish_engine.js.map +1 -1
package/dist/server_publish_engine_for_orphan_subscriptions.d.ts +2 -2
package/dist/server_publish_engine_for_orphan_subscriptions.js.map +1 -1
package/dist/server_session.d.ts +9 -10
package/dist/server_session.js +11 -12
package/dist/server_session.js.map +1 -1
package/dist/server_subscription.d.ts +13 -13
package/dist/server_subscription.js +100 -79
package/dist/server_subscription.js.map +1 -1
package/dist/sessions_compatible_for_transfer.d.ts +1 -1
package/dist/sessions_compatible_for_transfer.js +1 -1
package/dist/sessions_compatible_for_transfer.js.map +1 -1
package/dist/user_manager.d.ts +4 -4
package/dist/user_manager.js +1 -1
package/dist/user_manager.js.map +1 -1
package/dist/user_manager_ua.d.ts +2 -2
package/dist/user_manager_ua.js +2 -2
package/dist/user_manager_ua.js.map +1 -1
package/dist/validate_filter.d.ts +7 -4
package/dist/validate_filter.js +5 -6
package/dist/validate_filter.js.map +1 -1
package/package.json +51 -50
package/source/addressSpace_accessor.ts +24 -24
package/source/base_server.ts +75 -63
package/source/extract_password_from_blob.ts +3 -11
package/source/factory.ts +2 -4
package/source/filter/check_where_clause_on_address_space.ts +4 -7
package/source/filter/extract_event_fields.ts +4 -5
package/source/helper.ts +9 -13
package/source/i_address_space_accessor.ts +13 -4
package/source/i_channel_data.ts +1 -1
package/source/i_register_server_manager.ts +2 -4
package/source/i_server_side_publish_engine.ts +16 -9
package/source/index.ts +10 -9
package/source/invalidate_server_certificate_cache.ts +26 -0
package/source/monitored_item.ts +44 -42
package/source/node_sampler.ts +9 -11
package/source/opcua_server.ts +86 -99
package/source/register_server_manager.ts +75 -72
package/source/register_server_manager_hidden.ts +3 -5
package/source/register_server_manager_mdns_only.ts +1 -3
package/source/sampling_func.ts +2 -2
package/source/server_capabilities.ts +9 -6
package/source/server_end_point.ts +143 -50
package/source/server_engine.ts +22 -22
package/source/server_publish_engine.ts +35 -30
package/source/server_publish_engine_for_orphan_subscriptions.ts +3 -3
package/source/server_session.ts +36 -33
package/source/server_subscription.ts +182 -184
package/source/sessions_compatible_for_transfer.ts +9 -9
package/source/user_manager.ts +7 -7
package/source/user_manager_ua.ts +3 -5
package/source/validate_filter.ts +9 -11

package/source/base_server.ts CHANGED Viewed

@@ -4,16 +4,16 @@
 // tslint:disable:no-console
 import fs from "node:fs";
+import { isIP } from "node:net";
 import os from "node:os";
 import path from "node:path";
-import { isIP } from "node:net";
 import { withLock } from "@ster5/global-mutex";
-import async from "async";
 import chalk from "chalk";
 import { assert } from "node-opcua-assert";
 import { getDefaultCertificateManager, makeSubject, type OPCUACertificateManager } from "node-opcua-certificate-manager";
 import { performCertificateSanityCheck } from "node-opcua-client";
-import { type IOPCUASecureObjectOptions, makeApplicationUrn, OPCUASecureObject } from "node-opcua-common";
+import { type IOPCUASecureObjectOptions, invalidateCachedSecrets, makeApplicationUrn, OPCUASecureObject } from "node-opcua-common";
 import { exploreCertificate } from "node-opcua-crypto/web";
 import { coerceLocalizedText } from "node-opcua-data-model";
 import { installPeriodicClockAdjustment, uninstallPeriodicClockAdjustment } from "node-opcua-date-time";
@@ -26,7 +26,7 @@ import {
     ipv4ToHex,
     resolveFullyQualifiedDomainName
 } from "node-opcua-hostname";
-import type { Message, Response, ServerSecureChannelLayer } from "node-opcua-secure-channel";
+import type { Message, Request, Response, ServerSecureChannelLayer } from "node-opcua-secure-channel";
 import { FindServersRequest, FindServersResponse } from "node-opcua-service-discovery";
 import { ApplicationDescription, ApplicationType, GetEndpointsResponse } from "node-opcua-service-endpoints";
 import { ServiceFault } from "node-opcua-service-secure-channel";
@@ -82,6 +82,11 @@ function cleanupEndpoint(endpoint: OPCUAServerEndPoint) {
         endpoint.removeListener("openSecureChannelFailure", endpoint._on_openSecureChannelFailure);
         endpoint._on_openSecureChannelFailure = undefined;
     }
+    if (endpoint._on_channel_secured) {
+        assert(typeof endpoint._on_channel_secured === "function");
+        endpoint.removeListener("channelSecured", endpoint._on_channel_secured);
+        endpoint._on_channel_secured = undefined;
+    }
 }
 /**
@@ -102,7 +107,18 @@ const emptyCallback = () => {
     /* empty */
 };
-export class OPCUABaseServer extends OPCUASecureObject {
+export interface OPCUABaseServerEvents {
+    request: [request: Request, channel: ServerSecureChannelLayer];
+    response: [response: Response, channel: ServerSecureChannelLayer];
+    newChannel: [channel: ServerSecureChannelLayer, endpoint: OPCUAServerEndPoint];
+    channelSecured: [channel: ServerSecureChannelLayer, endpoint: OPCUAServerEndPoint];
+    closeChannel: [channel: ServerSecureChannelLayer, endpoint: OPCUAServerEndPoint];
+    connectionRefused: [socketData: ISocketData, endpoint: OPCUAServerEndPoint];
+    openSecureChannelFailure: [socketData: ISocketData, channelData: IChannelData, endpoint: OPCUAServerEndPoint];
+}
+// biome-ignore lint/suspicious/noExplicitAny: must propagate EventEmitter generic
+export class OPCUABaseServer<T extends OPCUABaseServerEvents = any> extends OPCUASecureObject<T> {
     public static makeServiceFault = makeServiceFault;
     /**
@@ -208,7 +224,7 @@ export class OPCUABaseServer extends OPCUASecureObject {
         return [];
     }
-    protected async createDefaultCertificate(): Promise<void> {
+    public async createDefaultCertificate(): Promise<void> {
         if (fs.existsSync(this.certificateFile)) {
             return;
         }
@@ -339,9 +355,7 @@ export class OPCUABaseServer extends OPCUASecureObject {
         // recreate with current hostnames
         await this.createDefaultCertificate();
         // invalidate cached cert so next getCertificate() reloads from disk
-        const priv = this as unknown as { $$certificate: null; $$certificateChain: null };
-        priv.$$certificate = null;
-        priv.$$certificateChain = null;
+        invalidateCachedSecrets(this);
     }
     private _checkCertificateSanMismatch(): void {
@@ -393,11 +407,23 @@ export class OPCUABaseServer extends OPCUASecureObject {
         installPeriodicClockAdjustment();
         // eslint-disable-next-line @typescript-eslint/no-this-alias
-        const server = this;
+        const server: OPCUABaseServer<OPCUABaseServerEvents> = this;
         const _on_new_channel = function (this: OPCUAServerEndPoint, channel: ServerSecureChannelLayer) {
             server.emit("newChannel", channel, this);
         };
+        const _on_channel_secured = function (this: OPCUAServerEndPoint, channel: ServerSecureChannelLayer) {
+            // Install a response interceptor once per channel so the
+            // server can emit "response" events for diagnostics.
+            // Done here (after OpenSecureChannel) rather than at
+            // newChannel time, so the interceptor can rely on
+            // securityPolicy/securityMode being populated.
+            channel.setResponseInterceptor((_msg, response1) => {
+                server.emit("response", response1, channel);
+            });
+            server.emit("channelSecured", channel, this);
+        };
         const _on_close_channel = function (this: OPCUAServerEndPoint, channel: ServerSecureChannelLayer) {
             server.emit("closeChannel", channel, this);
         };
@@ -422,6 +448,9 @@ export class OPCUABaseServer extends OPCUASecureObject {
             endpoint._on_new_channel = _on_new_channel;
             endpoint.on("newChannel", endpoint._on_new_channel);
+            endpoint._on_channel_secured = _on_channel_secured;
+            endpoint.on("channelSecured", endpoint._on_channel_secured);
             endpoint._on_close_channel = _on_close_channel;
             endpoint.on("closeChannel", endpoint._on_close_channel);
@@ -444,17 +473,18 @@ export class OPCUABaseServer extends OPCUASecureObject {
         uninstallPeriodicClockAdjustment();
         this.serverCertificateManager.dispose().then(() => {
             debugLog("OPCUABaseServer#shutdown starting");
-            async.forEach(
-                this.endpoints,
-                (endpoint: OPCUAServerEndPoint, callback: (err?: Error) => void) => {
+            const promises = this.endpoints.map((endpoint) => {
+                return new Promise<void>((resolve, reject) => {
                     cleanupEndpoint(endpoint);
-                    endpoint.shutdown(callback);
-                },
-                (err?: Error | null) => {
+                    endpoint.shutdown((err) => (err ? reject(err) : resolve()));
+                });
+            });
+            Promise.all(promises)
+                .then(() => {
                     debugLog("shutdown completed");
-                    done(err);
-                }
-            );
+                    done();
+                })
+                .catch((err) => done(err));
         });
     }
@@ -465,28 +495,16 @@ export class OPCUABaseServer extends OPCUASecureObject {
         // c8 ignore next
         if (!callback) throw new Error("thenify is not available");
         debugLog("OPCUABaseServer#shutdownChannels");
-        async.forEach(
-            this.endpoints,
-            (endpoint: OPCUAServerEndPoint, inner_callback: (err?: Error | null) => void) => {
+        const promises = this.endpoints.map((endpoint) => {
+            return new Promise<void>((resolve, reject) => {
                 debugLog(" shutting down endpoint ", endpoint.endpointDescriptions()[0].endpointUrl);
-                async.series(
-                    [
-                        // xx                  (callback2: (err?: Error| null) => void) => {
-                        // xx                      endpoint.suspendConnection(callback2);
-                        // xx                  },
-                        (callback2: (err?: Error | null) => void) => {
-                            endpoint.abruptlyInterruptChannels();
-                            endpoint.shutdown(callback2);
-                        }
-                        // xx              (callback2: (err?: Error| null) => void) => {
-                        // xx                 endpoint.restoreConnection(callback2);
-                        // xx              }
-                    ],
-                    inner_callback
-                );
-            },
-            callback
-        );
+                endpoint.abruptlyInterruptChannels();
+                endpoint.shutdown((err) => (err ? reject(err) : resolve()));
+            });
+        });
+        Promise.all(promises)
+            .then(() => callback())
+            .catch((err) => callback?.(err));
     }
     /**
@@ -497,13 +515,6 @@ export class OPCUABaseServer extends OPCUASecureObject {
         assert(message.requestId !== 0);
         const request = message.request;
-        // install channel._on_response so we can intercept its call and  emit the "response" event.
-        if (!channel._on_response) {
-            channel._on_response = (_msg: string, response1: Response /*, inner_message: Message*/) => {
-                this.emit("response", response1, channel);
-            };
-        }
         // prepare request
         this.prepare(message, channel);
@@ -518,7 +529,7 @@ export class OPCUABaseServer extends OPCUASecureObject {
         let errMessage: string;
         let response: Response;
-        this.emit("request", request, channel);
+        (this as OPCUABaseServer<OPCUABaseServerEvents>).emit("request", request, channel);
         try {
             // handler must be named _on_ActionRequest()
@@ -608,24 +619,24 @@ export class OPCUABaseServer extends OPCUASecureObject {
         if (!callback) {
             throw new Error("Internal Error");
         }
-        async.forEach(
-            this.endpoints,
-            (ep: OPCUAServerEndPoint, _inner_callback) => {
+        const promises = this.endpoints.map((ep) => {
+            return new Promise<void>((resolve, reject) => {
                 /* c8 ignore next */
                 if (doDebug) {
                     debugLog("Suspending ", ep.endpointDescriptions()[0].endpointUrl);
                 }
                 ep.suspendConnection((err?: Error | null) => {
                     /* c8 ignore next */
                     if (doDebug) {
                         debugLog("Suspended ", ep.endpointDescriptions()[0].endpointUrl);
                     }
-                    _inner_callback(err);
+                    err ? reject(err) : resolve();
                 });
-            },
-            (err?: Error | null) => callback(err)
-        );
+            });
+        });
+        Promise.all(promises)
+            .then(() => callback())
+            .catch((err) => callback(err));
     }
     /**
@@ -638,13 +649,14 @@ export class OPCUABaseServer extends OPCUASecureObject {
     public resumeEndPoints(callback?: (err?: Error | null) => void): void | Promise<void> {
         // c8 ignore next
         if (!callback) throw new Error("thenify is not available");
-        async.forEach(
-            this.endpoints,
-            (ep: OPCUAServerEndPoint, _inner_callback) => {
-                ep.restoreConnection(_inner_callback);
-            },
-            (err?: Error | null) => callback(err)
-        );
+        const promises = this.endpoints.map((ep) => {
+            return new Promise<void>((resolve, reject) => {
+                ep.restoreConnection((err) => (err ? reject(err) : resolve()));
+            });
+        });
+        Promise.all(promises)
+            .then(() => callback())
+            .catch((err) => callback(err));
     }
     protected prepare(_message: Message, _channel: ServerSecureChannelLayer): void {

package/source/extract_password_from_blob.ts CHANGED Viewed

@@ -28,10 +28,7 @@ export interface ExtractPasswordResult {
  * @param serverNonce     - the nonce that was sent during
  *                          CreateSession / last ActivateSession
  */
-export function extractPasswordFromDecryptedBlob(
-    decryptedBuffer: Buffer,
-    serverNonce: Nonce
-): ExtractPasswordResult {
+export function extractPasswordFromDecryptedBlob(decryptedBuffer: Buffer, serverNonce: Nonce): ExtractPasswordResult {
     const invalidResult: ExtractPasswordResult = {
         valid: false,
         password: ""
@@ -56,16 +53,11 @@ export function extractPasswordFromDecryptedBlob(
         return invalidResult;
     }
-    const password = decryptedBuffer
-        .subarray(4, 4 + passwordLength)
-        .toString("utf-8");
+    const password = decryptedBuffer.subarray(4, 4 + passwordLength).toString("utf-8");
     // verify that the trailing bytes match the server nonce
     // (nonce binding — ensures session integrity)
-    const trailingNonce = decryptedBuffer.subarray(
-        4 + passwordLength,
-        4 + passwordLength + serverNonce.length
-    );
+    const trailingNonce = decryptedBuffer.subarray(4 + passwordLength, 4 + passwordLength + serverNonce.length);
     if (!trailingNonce.equals(serverNonce)) {
         return invalidResult;
     }

package/source/factory.ts CHANGED Viewed

@@ -5,11 +5,9 @@
 import { assert } from "node-opcua-assert";
 import { ExtensionObject } from "node-opcua-extension-object";
 import { getStandardDataTypeFactory } from "node-opcua-factory";
-import { ExpandedNodeId } from "node-opcua-nodeid";
+import type { ExpandedNodeId } from "node-opcua-nodeid";
-export interface EngineForFactory {
-    /** */
-}
+export type EngineForFactory = {};
 export class Factory {
     public engine: EngineForFactory;

package/source/filter/check_where_clause_on_address_space.ts CHANGED Viewed

@@ -1,7 +1,6 @@
-import { IAddressSpace, ISessionContext, IEventData } from "node-opcua-address-space-base";
-import { checkFilter } from "node-opcua-service-filter";
-import { FilterContextOnAddressSpace } from "node-opcua-service-filter";
-import { ContentFilter } from "node-opcua-types";
+import type { IAddressSpace, IEventData, ISessionContext } from "node-opcua-address-space-base";
+import { checkFilter, FilterContextOnAddressSpace } from "node-opcua-service-filter";
+import type { ContentFilter } from "node-opcua-types";
 export function checkWhereClauseOnAdressSpace(
     addressSpace: IAddressSpace,
@@ -9,8 +8,6 @@ export function checkWhereClauseOnAdressSpace(
     whereClause: ContentFilter,
     eventData: IEventData
 ): boolean {
     // const filterContext: FilterContext = {
     //     addressSpace,
     //     sessionContext,
@@ -24,6 +21,6 @@ export function checkWhereClauseOnAdressSpace(
     //     }
     // };
     const filterContext = new FilterContextOnAddressSpace(sessionContext, eventData);
     return checkFilter(filterContext, whereClause);
 }

package/source/filter/extract_event_fields.ts CHANGED Viewed

@@ -1,8 +1,7 @@
-import { IEventData, ISessionContext } from "node-opcua-address-space-base";
-import { extractEventFieldsBase } from "node-opcua-service-filter";
-import { FilterContextOnAddressSpace } from "node-opcua-service-filter";
-import { SimpleAttributeOperand } from "node-opcua-types";
-import { Variant } from "node-opcua-variant";
+import type { IEventData, ISessionContext } from "node-opcua-address-space-base";
+import { extractEventFieldsBase, FilterContextOnAddressSpace } from "node-opcua-service-filter";
+import type { SimpleAttributeOperand } from "node-opcua-types";
+import type { Variant } from "node-opcua-variant";
 //
 /**

package/source/helper.ts CHANGED Viewed

@@ -1,8 +1,8 @@
 import util from "util";
-import { OPCUAServer } from "./opcua_server";
-import { ServerEngine } from "./server_engine";
-import { ServerSession } from "./server_session";
-import { Subscription, SubscriptionState } from "./server_subscription";
+import type { OPCUAServer } from "./opcua_server";
+import type { ServerEngine } from "./server_engine";
+import type { ServerSession } from "./server_session";
+import { type Subscription, SubscriptionState } from "./server_subscription";
 const consolelog = (...args: any) => {
     const d = new Date();
@@ -25,13 +25,9 @@ const info = (subscription: Subscription) => {
         SubscriptionState[subscription.state].padEnd(9),
         subscription.state,
         "kac=",
-        subscription.currentKeepAliveCount.toString().padStart(3)+
-        "/"+
-        subscription.maxKeepAliveCount.toString().padStart(3),
+        subscription.currentKeepAliveCount.toString().padStart(3) + "/" + subscription.maxKeepAliveCount.toString().padStart(3),
         "ltc=",
-        subscription.currentLifetimeCount.toString().padStart(3)+
-        "/"+
-        subscription.lifeTimeCount.toString().padStart(3),
+        subscription.currentLifetimeCount.toString().padStart(3) + "/" + subscription.lifeTimeCount.toString().padStart(3),
         "prc=",
         subscription.publishEngine?.pendingPublishRequestCount.toString().padStart(3),
         "pi=",
@@ -65,14 +61,14 @@ export function installSubscriptionMonitoring(subscription: Subscription) {
 export function installSessionLoggingOnEngine(serverEngine: ServerEngine) {
     function on_create_session(session: ServerSession) {
         try {
-            session.on("activate_session", function () {
+            session.on("activate_session", () => {
                 consolelog("activate_session");
             });
             session.on("statusChanged", (status) => {
                 consolelog("session status changed: ", status);
             });
-            session.on("new_subscription", function (subscription) {
+            session.on("new_subscription", (subscription) => {
                 installSubscriptionMonitoring(subscription);
             });
         } catch (err) {
@@ -80,7 +76,7 @@ export function installSessionLoggingOnEngine(serverEngine: ServerEngine) {
         }
     }
     serverEngine.on("create_session", on_create_session);
-    serverEngine.once("session_closed", function (session) {
+    serverEngine.once("session_closed", (session) => {
         consolelog("session is closed");
         serverEngine.removeListener("create_session", on_create_session);
     });

package/source/i_address_space_accessor.ts CHANGED Viewed

@@ -1,7 +1,16 @@
-import { ISessionContext } from "node-opcua-address-space-base";
-import { DataValue } from "node-opcua-data-value";
-import { StatusCode } from "node-opcua-status-code";
-import { BrowseDescriptionOptions, BrowseResult, ReadRequestOptions, WriteValue, CallMethodRequest, CallMethodResultOptions, HistoryReadRequest, HistoryReadResult } from "node-opcua-types";
+import type { ISessionContext } from "node-opcua-address-space-base";
+import type { DataValue } from "node-opcua-data-value";
+import type { StatusCode } from "node-opcua-status-code";
+import type {
+    BrowseDescriptionOptions,
+    BrowseResult,
+    CallMethodRequest,
+    CallMethodResultOptions,
+    HistoryReadRequest,
+    HistoryReadResult,
+    ReadRequestOptions,
+    WriteValue
+} from "node-opcua-types";
 export interface IAddressSpaceAccessor {
     browse(context: ISessionContext, nodesToBrowse: BrowseDescriptionOptions[]): Promise<BrowseResult[]>;

package/source/i_channel_data.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { AsymmetricAlgorithmSecurityHeader, MessageSecurityMode, SecurityPolicy } from "node-opcua-secure-channel";
+import type { MessageSecurityMode, SecurityPolicy } from "node-opcua-secure-channel";
 export interface IChannelData {
     channelId: number | null;

package/source/i_register_server_manager.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 /**
  * @module node-opcua-server
  */
-import { EventEmitter } from "events";
+import type { EventEmitter } from "events";
 /**
  * Finite State Machine for RegisterServerManager.
@@ -46,12 +46,10 @@ export enum RegisterServerManagerStatus {
     UNREGISTERING = 7,
     UNREGISTERED = 8,
     NOT_APPLICABLE = -1,
     DISPOSING = 9
 }
 export interface IRegisterServerManager extends EventEmitter {
     /** The URL of the discovery server the manager is configured to connect to. */
     discoveryServerEndpointUrl: string;

package/source/i_server_side_publish_engine.ts CHANGED Viewed

@@ -1,11 +1,13 @@
-import { PublishResponseOptions, PublishResponse, StatusChangeNotification } from "node-opcua-types";
 import assert from "node-opcua-assert";
-import { Subscription } from "./server_subscription";
+import type { ExtensionObject } from "node-opcua-extension-object";
+import type { SequenceNumberGenerator } from "node-opcua-secure-channel";
+import { PublishResponse, type PublishResponseOptions, type StatusChangeNotification } from "node-opcua-types";
+import type { Subscription } from "./server_subscription";
 export interface INotifMsg {
     subscriptionId: number;
     sequenceNumber: number;
-    notificationData: any;
+    notificationData: (ExtensionObject | null)[] | null;
     moreNotifications: boolean;
 }
@@ -25,10 +27,10 @@ export interface IClosedOrTransferredSubscription {
 }
 export class TransferredSubscription implements IClosedOrTransferredSubscription {
     public id: number;
-    public publishEngine: any;
+    public publishEngine: IServerSidePublishEngine | null;
     public _pending_notification?: StatusChangeNotification;
-    private _sequence_number_generator: any;
-    constructor(options: { id: number; generator: any; publishEngine: any }) {
+    private _sequence_number_generator: SequenceNumberGenerator | null;
+    constructor(options: { id: number; generator: SequenceNumberGenerator; publishEngine: IServerSidePublishEngine }) {
         this.id = options.id;
         this._sequence_number_generator = options.generator;
         this.publishEngine = options.publishEngine;
@@ -41,8 +43,10 @@ export class TransferredSubscription implements IClosedOrTransferredSubscription
         this.publishEngine = null;
     }
     _publish_pending_notifications(): void {
-        assert(this._pending_notification);
-        const notificationMessage = this._pending_notification!;
+        if (!this._pending_notification) {
+            throw new Error("Internal Error: no pending notification");
+        }
+        const notificationMessage = this._pending_notification;
         this._pending_notification = undefined;
         const moreNotifications = false;
         const subscriptionId = this.id;
@@ -68,7 +72,10 @@ export class TransferredSubscription implements IClosedOrTransferredSubscription
                 availableSequenceNumbers[availableSequenceNumbers.length - 1] === response.notificationMessage.sequenceNumber
         );
         response.availableSequenceNumbers = availableSequenceNumbers;
-        this.publishEngine._send_response(this, response);
+        if (!this.publishEngine) {
+            throw new Error("Internal Error: publishEngine is null");
+        }
+        this.publishEngine._send_response(this as unknown as Subscription, response);
     }
     private _get_next_sequence_number(): number {
         return this._sequence_number_generator ? this._sequence_number_generator.next() : 0;

package/source/index.ts CHANGED Viewed

@@ -9,10 +9,10 @@
  * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
  * the Software, and to permit persons to whom the Software is furnished to do so,
  * subject to the following conditions:
- *
+ *
  *   The above copyright notice and this permission notice shall be included in all
  *   copies or substantial portions of the Software.
- *
+ *
  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
  * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
@@ -24,15 +24,16 @@
  * @module node-opcua-server
  */
 export * from "./base_server";
-export * from "./server_end_point";
+export * from "./helper";
+export * from "./invalidate_server_certificate_cache";
+export * from "./monitored_item";
+export * from "./opcua_server";
 export * from "./register_server_manager";
 export * from "./register_server_manager_mdns_only";
-export * from "./server_publish_engine";
-export * from "./server_subscription";
-export * from "./server_session";
 export * from "./server_capabilities";
+export * from "./server_end_point";
 export * from "./server_engine";
-export * from "./opcua_server";
-export * from "./monitored_item";
+export * from "./server_publish_engine";
+export * from "./server_session";
+export * from "./server_subscription";
 export * from "./user_manager";
-export * from "./helper";

package/source/invalidate_server_certificate_cache.ts ADDED Viewed

@@ -0,0 +1,26 @@
+/**
+ * @module node-opcua-server
+ */
+import { invalidateCachedSecrets } from "node-opcua-common";
+import type { OPCUABaseServer } from "./base_server";
+/**
+ * Invalidate all cached certificates on a running server so that
+ * subsequent GetEndpoints / OpenSecureChannel calls reflect the
+ * current on-disk certificate.
+ *
+ * Call this after replacing the server's certificate PEM file.
+ * Works with or without push certificate management.
+ *
+ * ```ts
+ * // 1. write new cert to disk (e.g. via CertificateManager)
+ * // 2. tell the server to pick it up:
+ * invalidateServerCertificateCache(server);
+ * ```
+ */
+export function invalidateServerCertificateCache(server: OPCUABaseServer): void {
+    invalidateCachedSecrets(server);
+    for (const ep of server.endpoints) {
+        ep.invalidateCertificates();
+    }
+}