npm - s3db.js - Versions diffs - 13.4.0 → 13.6.0 - Mend

s3db.js 13.4.0 → 13.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (110) hide show

package/README.md +25 -10
package/dist/{s3db.cjs.js → s3db.cjs} +38801 -32446
package/dist/s3db.cjs.map +1 -0
package/dist/s3db.es.js +38653 -32291
package/dist/s3db.es.js.map +1 -1
package/package.json +218 -22
package/src/concerns/id.js +90 -6
package/src/concerns/index.js +2 -1
package/src/concerns/password-hashing.js +150 -0
package/src/database.class.js +6 -2
package/src/plugins/api/auth/basic-auth.js +40 -10
package/src/plugins/api/auth/index.js +49 -3
package/src/plugins/api/auth/oauth2-auth.js +171 -0
package/src/plugins/api/auth/oidc-auth.js +789 -0
package/src/plugins/api/auth/oidc-client.js +462 -0
package/src/plugins/api/auth/path-auth-matcher.js +284 -0
package/src/plugins/api/concerns/event-emitter.js +134 -0
package/src/plugins/api/concerns/failban-manager.js +651 -0
package/src/plugins/api/concerns/guards-helpers.js +402 -0
package/src/plugins/api/concerns/metrics-collector.js +346 -0
package/src/plugins/api/index.js +510 -57
package/src/plugins/api/middlewares/failban.js +305 -0
package/src/plugins/api/middlewares/rate-limit.js +301 -0
package/src/plugins/api/middlewares/request-id.js +74 -0
package/src/plugins/api/middlewares/security-headers.js +120 -0
package/src/plugins/api/middlewares/session-tracking.js +194 -0
package/src/plugins/api/routes/auth-routes.js +119 -78
package/src/plugins/api/routes/resource-routes.js +73 -30
package/src/plugins/api/server.js +1139 -45
package/src/plugins/api/utils/custom-routes.js +102 -0
package/src/plugins/api/utils/guards.js +213 -0
package/src/plugins/api/utils/mime-types.js +154 -0
package/src/plugins/api/utils/openapi-generator.js +91 -12
package/src/plugins/api/utils/path-matcher.js +173 -0
package/src/plugins/api/utils/static-filesystem.js +262 -0
package/src/plugins/api/utils/static-s3.js +231 -0
package/src/plugins/api/utils/template-engine.js +188 -0
package/src/plugins/cloud-inventory/drivers/alibaba-driver.js +853 -0
package/src/plugins/cloud-inventory/drivers/aws-driver.js +2554 -0
package/src/plugins/cloud-inventory/drivers/azure-driver.js +637 -0
package/src/plugins/cloud-inventory/drivers/base-driver.js +99 -0
package/src/plugins/cloud-inventory/drivers/cloudflare-driver.js +620 -0
package/src/plugins/cloud-inventory/drivers/digitalocean-driver.js +698 -0
package/src/plugins/cloud-inventory/drivers/gcp-driver.js +645 -0
package/src/plugins/cloud-inventory/drivers/hetzner-driver.js +559 -0
package/src/plugins/cloud-inventory/drivers/linode-driver.js +614 -0
package/src/plugins/cloud-inventory/drivers/mock-drivers.js +449 -0
package/src/plugins/cloud-inventory/drivers/mongodb-atlas-driver.js +771 -0
package/src/plugins/cloud-inventory/drivers/oracle-driver.js +768 -0
package/src/plugins/cloud-inventory/drivers/vultr-driver.js +636 -0
package/src/plugins/cloud-inventory/index.js +20 -0
package/src/plugins/cloud-inventory/registry.js +146 -0
package/src/plugins/cloud-inventory/terraform-exporter.js +362 -0
package/src/plugins/cloud-inventory.plugin.js +1333 -0
package/src/plugins/concerns/plugin-dependencies.js +62 -2
package/src/plugins/eventual-consistency/analytics.js +1 -0
package/src/plugins/eventual-consistency/consolidation.js +2 -2
package/src/plugins/eventual-consistency/garbage-collection.js +2 -2
package/src/plugins/eventual-consistency/install.js +2 -2
package/src/plugins/identity/README.md +335 -0
package/src/plugins/identity/concerns/mfa-manager.js +204 -0
package/src/plugins/identity/concerns/password.js +138 -0
package/src/plugins/identity/concerns/resource-schemas.js +273 -0
package/src/plugins/identity/concerns/token-generator.js +172 -0
package/src/plugins/identity/email-service.js +422 -0
package/src/plugins/identity/index.js +1052 -0
package/src/plugins/identity/oauth2-server.js +1033 -0
package/src/plugins/identity/oidc-discovery.js +285 -0
package/src/plugins/identity/rsa-keys.js +323 -0
package/src/plugins/identity/server.js +500 -0
package/src/plugins/identity/session-manager.js +453 -0
package/src/plugins/identity/ui/layouts/base.js +251 -0
package/src/plugins/identity/ui/middleware.js +135 -0
package/src/plugins/identity/ui/pages/admin/client-form.js +247 -0
package/src/plugins/identity/ui/pages/admin/clients.js +179 -0
package/src/plugins/identity/ui/pages/admin/dashboard.js +181 -0
package/src/plugins/identity/ui/pages/admin/user-form.js +283 -0
package/src/plugins/identity/ui/pages/admin/users.js +263 -0
package/src/plugins/identity/ui/pages/consent.js +262 -0
package/src/plugins/identity/ui/pages/forgot-password.js +104 -0
package/src/plugins/identity/ui/pages/login.js +144 -0
package/src/plugins/identity/ui/pages/mfa-backup-codes.js +180 -0
package/src/plugins/identity/ui/pages/mfa-enrollment.js +187 -0
package/src/plugins/identity/ui/pages/mfa-verification.js +178 -0
package/src/plugins/identity/ui/pages/oauth-error.js +225 -0
package/src/plugins/identity/ui/pages/profile.js +361 -0
package/src/plugins/identity/ui/pages/register.js +226 -0
package/src/plugins/identity/ui/pages/reset-password.js +128 -0
package/src/plugins/identity/ui/pages/verify-email.js +172 -0
package/src/plugins/identity/ui/routes.js +2541 -0
package/src/plugins/identity/ui/styles/main.css +465 -0
package/src/plugins/index.js +4 -1
package/src/plugins/ml/base-model.class.js +65 -16
package/src/plugins/ml/classification-model.class.js +1 -1
package/src/plugins/ml/timeseries-model.class.js +3 -1
package/src/plugins/ml.plugin.js +584 -31
package/src/plugins/shared/error-handler.js +147 -0
package/src/plugins/shared/index.js +9 -0
package/src/plugins/shared/middlewares/compression.js +117 -0
package/src/plugins/shared/middlewares/cors.js +49 -0
package/src/plugins/shared/middlewares/index.js +11 -0
package/src/plugins/shared/middlewares/logging.js +54 -0
package/src/plugins/shared/middlewares/rate-limit.js +73 -0
package/src/plugins/shared/middlewares/security.js +158 -0
package/src/plugins/shared/response-formatter.js +264 -0
package/src/plugins/state-machine.plugin.js +57 -2
package/src/resource.class.js +140 -12
package/src/schema.class.js +30 -1
package/src/validator.class.js +57 -6
package/dist/s3db.cjs.js.map +0 -1

package/src/plugins/cloud-inventory/drivers/hetzner-driver.js ADDED Viewed

@@ -0,0 +1,559 @@
+import { BaseCloudDriver } from './base-driver.js';
+/**
+ * Production-ready Hetzner Cloud inventory driver using hcloud-js library.
+ *
+ * Covers 12+ services with 15+ resource types:
+ * - Compute (servers/VPS, placement groups)
+ * - Storage (volumes)
+ * - Networking (networks, load balancers, firewalls, floating IPs, primary IPs)
+ * - SSH Keys, Images, Certificates, ISOs
+ *
+ * @see https://docs.hetzner.cloud/
+ * @see https://github.com/dennisbruner/hcloud-js
+ */
+export class HetznerInventoryDriver extends BaseCloudDriver {
+  constructor(options = {}) {
+    super({ ...options, driver: options.driver || 'hetzner' });
+    this._apiToken = null;
+    this._client = null;
+    this._accountId = this.config?.accountId || 'hetzner';
+    // Services to collect (can be filtered via config.services)
+    this._services = this.config?.services || [
+      'servers',
+      'volumes',
+      'networks',
+      'loadbalancers',
+      'firewalls',
+      'floatingips',
+      'sshkeys',
+      'images',
+      'certificates',
+      'primaryips',
+      'placementgroups',
+      'isos'
+    ];
+  }
+  /**
+   * Initialize Hetzner Cloud API client.
+   */
+  async _initializeClient() {
+    if (this._client) return;
+    const credentials = this.credentials || {};
+    this._apiToken = credentials.token || credentials.apiToken || process.env.HETZNER_TOKEN;
+    if (!this._apiToken) {
+      throw new Error('Hetzner API token is required. Provide via credentials.token or HETZNER_TOKEN env var.');
+    }
+    // Lazy import to keep core package lightweight
+    const hcloud = await import('hcloud-js');
+    this._client = new hcloud.Client(this._apiToken);
+    this.logger('info', 'Hetzner Cloud API client initialized', {
+      accountId: this._accountId,
+      services: this._services.length
+    });
+  }
+  /**
+   * Main entry point - lists all resources from configured services.
+   */
+  async *listResources(options = {}) {
+    await this._initializeClient();
+    const serviceCollectors = {
+      servers: () => this._collectServers(),
+      volumes: () => this._collectVolumes(),
+      networks: () => this._collectNetworks(),
+      loadbalancers: () => this._collectLoadBalancers(),
+      firewalls: () => this._collectFirewalls(),
+      floatingips: () => this._collectFloatingIPs(),
+      sshkeys: () => this._collectSSHKeys(),
+      images: () => this._collectImages(),
+      certificates: () => this._collectCertificates(),
+      primaryips: () => this._collectPrimaryIPs(),
+      placementgroups: () => this._collectPlacementGroups(),
+      isos: () => this._collectISOs()
+    };
+    for (const service of this._services) {
+      const collector = serviceCollectors[service];
+      if (!collector) {
+        this.logger('warn', `Unknown Hetzner service: ${service}`, { service });
+        continue;
+      }
+      try {
+        this.logger('info', `Collecting Hetzner ${service} resources`, { service });
+        yield* collector();
+      } catch (err) {
+        // Continue with next service instead of failing entire sync
+        this.logger('error', `Hetzner service collection failed, skipping to next service`, {
+          service,
+          error: err.message,
+          errorName: err.name,
+          stack: err.stack
+        });
+      }
+    }
+  }
+  /**
+   * Collect Servers (VPS).
+   */
+  async *_collectServers() {
+    try {
+      const response = await this._client.servers.list();
+      const servers = response.servers || [];
+      for (const server of servers) {
+        yield {
+          provider: 'hetzner',
+          accountId: this._accountId,
+          region: server.datacenter?.location?.name || null,
+          service: 'servers',
+          resourceType: 'hetzner.server',
+          resourceId: server.id?.toString(),
+          name: server.name,
+          tags: this._extractLabels(server.labels),
+          configuration: this._sanitize(server)
+        };
+      }
+      this.logger('info', `Collected ${servers.length} Hetzner servers`);
+    } catch (err) {
+      this.logger('error', 'Failed to collect Hetzner servers', {
+        error: err.message,
+        stack: err.stack
+      });
+      throw err;
+    }
+  }
+  /**
+   * Collect Volumes (block storage).
+   */
+  async *_collectVolumes() {
+    try {
+      const response = await this._client.volumes.list();
+      const volumes = response.volumes || [];
+      for (const volume of volumes) {
+        yield {
+          provider: 'hetzner',
+          accountId: this._accountId,
+          region: volume.location?.name || null,
+          service: 'volumes',
+          resourceType: 'hetzner.volume',
+          resourceId: volume.id?.toString(),
+          name: volume.name,
+          tags: this._extractLabels(volume.labels),
+          configuration: this._sanitize(volume)
+        };
+      }
+      this.logger('info', `Collected ${volumes.length} Hetzner volumes`);
+    } catch (err) {
+      this.logger('error', 'Failed to collect Hetzner volumes', {
+        error: err.message,
+        stack: err.stack
+      });
+      throw err;
+    }
+  }
+  /**
+   * Collect Networks (private networks/VPC).
+   */
+  async *_collectNetworks() {
+    try {
+      const response = await this._client.networks.list();
+      const networks = response.networks || [];
+      for (const network of networks) {
+        yield {
+          provider: 'hetzner',
+          accountId: this._accountId,
+          region: null, // Networks span multiple locations
+          service: 'networks',
+          resourceType: 'hetzner.network',
+          resourceId: network.id?.toString(),
+          name: network.name,
+          tags: this._extractLabels(network.labels),
+          configuration: this._sanitize(network)
+        };
+        // Subnets are embedded in network
+        if (network.subnets && Array.isArray(network.subnets)) {
+          for (const subnet of network.subnets) {
+            yield {
+              provider: 'hetzner',
+              accountId: this._accountId,
+              region: subnet.network_zone,
+              service: 'networks',
+              resourceType: 'hetzner.network.subnet',
+              resourceId: `${network.id}/subnet/${subnet.ip_range}`,
+              name: `${network.name}-${subnet.type}`,
+              tags: {},
+              metadata: { networkId: network.id, networkName: network.name },
+              configuration: this._sanitize(subnet)
+            };
+          }
+        }
+      }
+      this.logger('info', `Collected ${networks.length} Hetzner networks`);
+    } catch (err) {
+      this.logger('error', 'Failed to collect Hetzner networks', {
+        error: err.message,
+        stack: err.stack
+      });
+      throw err;
+    }
+  }
+  /**
+   * Collect Load Balancers.
+   */
+  async *_collectLoadBalancers() {
+    try {
+      const response = await this._client.loadBalancers.list();
+      const loadBalancers = response.load_balancers || [];
+      for (const lb of loadBalancers) {
+        yield {
+          provider: 'hetzner',
+          accountId: this._accountId,
+          region: lb.location?.name || null,
+          service: 'loadbalancers',
+          resourceType: 'hetzner.loadbalancer',
+          resourceId: lb.id?.toString(),
+          name: lb.name,
+          tags: this._extractLabels(lb.labels),
+          configuration: this._sanitize(lb)
+        };
+      }
+      this.logger('info', `Collected ${loadBalancers.length} Hetzner load balancers`);
+    } catch (err) {
+      this.logger('error', 'Failed to collect Hetzner load balancers', {
+        error: err.message,
+        stack: err.stack
+      });
+      throw err;
+    }
+  }
+  /**
+   * Collect Firewalls.
+   */
+  async *_collectFirewalls() {
+    try {
+      const response = await this._client.firewalls.list();
+      const firewalls = response.firewalls || [];
+      for (const firewall of firewalls) {
+        yield {
+          provider: 'hetzner',
+          accountId: this._accountId,
+          region: null, // Firewalls are global
+          service: 'firewalls',
+          resourceType: 'hetzner.firewall',
+          resourceId: firewall.id?.toString(),
+          name: firewall.name,
+          tags: this._extractLabels(firewall.labels),
+          configuration: this._sanitize(firewall)
+        };
+      }
+      this.logger('info', `Collected ${firewalls.length} Hetzner firewalls`);
+    } catch (err) {
+      this.logger('error', 'Failed to collect Hetzner firewalls', {
+        error: err.message,
+        stack: err.stack
+      });
+      throw err;
+    }
+  }
+  /**
+   * Collect Floating IPs.
+   */
+  async *_collectFloatingIPs() {
+    try {
+      const response = await this._client.floatingIPs.list();
+      const floatingIPs = response.floating_ips || [];
+      for (const fip of floatingIPs) {
+        yield {
+          provider: 'hetzner',
+          accountId: this._accountId,
+          region: fip.home_location?.name || null,
+          service: 'floatingips',
+          resourceType: 'hetzner.floatingip',
+          resourceId: fip.id?.toString(),
+          name: fip.name || fip.ip,
+          tags: this._extractLabels(fip.labels),
+          configuration: this._sanitize(fip)
+        };
+      }
+      this.logger('info', `Collected ${floatingIPs.length} Hetzner floating IPs`);
+    } catch (err) {
+      this.logger('error', 'Failed to collect Hetzner floating IPs', {
+        error: err.message,
+        stack: err.stack
+      });
+      throw err;
+    }
+  }
+  /**
+   * Collect SSH Keys.
+   */
+  async *_collectSSHKeys() {
+    try {
+      const response = await this._client.sshKeys.list();
+      const sshKeys = response.ssh_keys || [];
+      for (const key of sshKeys) {
+        yield {
+          provider: 'hetzner',
+          accountId: this._accountId,
+          region: null, // SSH keys are global
+          service: 'sshkeys',
+          resourceType: 'hetzner.sshkey',
+          resourceId: key.id?.toString(),
+          name: key.name,
+          tags: this._extractLabels(key.labels),
+          configuration: this._sanitize(key)
+        };
+      }
+      this.logger('info', `Collected ${sshKeys.length} Hetzner SSH keys`);
+    } catch (err) {
+      this.logger('error', 'Failed to collect Hetzner SSH keys', {
+        error: err.message,
+        stack: err.stack
+      });
+      throw err;
+    }
+  }
+  /**
+   * Collect custom Images.
+   */
+  async *_collectImages() {
+    try {
+      const response = await this._client.images.list();
+      const images = response.images || [];
+      // Filter to only custom images (type = 'snapshot' or 'backup')
+      const customImages = images.filter(img => img.type === 'snapshot' || img.type === 'backup');
+      for (const image of customImages) {
+        yield {
+          provider: 'hetzner',
+          accountId: this._accountId,
+          region: null, // Images are global
+          service: 'images',
+          resourceType: 'hetzner.image',
+          resourceId: image.id?.toString(),
+          name: image.description || image.name || image.id?.toString(),
+          tags: this._extractLabels(image.labels),
+          configuration: this._sanitize(image)
+        };
+      }
+      this.logger('info', `Collected ${customImages.length} custom Hetzner images`);
+    } catch (err) {
+      this.logger('error', 'Failed to collect Hetzner images', {
+        error: err.message,
+        stack: err.stack
+      });
+      throw err;
+    }
+  }
+  /**
+   * Collect SSL Certificates.
+   */
+  async *_collectCertificates() {
+    try {
+      const response = await this._client.certificates.list();
+      const certificates = response.certificates || [];
+      for (const cert of certificates) {
+        yield {
+          provider: 'hetzner',
+          accountId: this._accountId,
+          region: null, // Certificates are global
+          service: 'certificates',
+          resourceType: 'hetzner.certificate',
+          resourceId: cert.id?.toString(),
+          name: cert.name,
+          tags: this._extractLabels(cert.labels),
+          configuration: this._sanitize(cert)
+        };
+      }
+      this.logger('info', `Collected ${certificates.length} Hetzner certificates`);
+    } catch (err) {
+      this.logger('error', 'Failed to collect Hetzner certificates', {
+        error: err.message,
+        stack: err.stack
+      });
+      throw err;
+    }
+  }
+  /**
+   * Collect Primary IPs (independent public IPs).
+   */
+  async *_collectPrimaryIPs() {
+    try {
+      const response = await this._client.primaryIPs.list();
+      const primaryIPs = response.primary_ips || [];
+      for (const ip of primaryIPs) {
+        yield {
+          provider: 'hetzner',
+          accountId: this._accountId,
+          region: ip.datacenter?.location?.name || null,
+          service: 'primaryips',
+          resourceType: 'hetzner.primaryip',
+          resourceId: ip.id?.toString(),
+          name: ip.name || ip.ip,
+          tags: this._extractLabels(ip.labels),
+          metadata: {
+            type: ip.type, // ipv4 or ipv6
+            assignedToId: ip.assignee_id
+          },
+          configuration: this._sanitize(ip)
+        };
+      }
+      this.logger('info', `Collected ${primaryIPs.length} Hetzner primary IPs`);
+    } catch (err) {
+      this.logger('error', 'Failed to collect Hetzner primary IPs', {
+        error: err.message,
+        stack: err.stack
+      });
+      throw err;
+    }
+  }
+  /**
+   * Collect Placement Groups (server anti-affinity).
+   */
+  async *_collectPlacementGroups() {
+    try {
+      const response = await this._client.placementGroups.list();
+      const placementGroups = response.placement_groups || [];
+      for (const pg of placementGroups) {
+        yield {
+          provider: 'hetzner',
+          accountId: this._accountId,
+          region: null, // Placement groups are global
+          service: 'placementgroups',
+          resourceType: 'hetzner.placementgroup',
+          resourceId: pg.id?.toString(),
+          name: pg.name,
+          tags: this._extractLabels(pg.labels),
+          metadata: {
+            type: pg.type,
+            servers: pg.servers || []
+          },
+          configuration: this._sanitize(pg)
+        };
+      }
+      this.logger('info', `Collected ${placementGroups.length} Hetzner placement groups`);
+    } catch (err) {
+      this.logger('error', 'Failed to collect Hetzner placement groups', {
+        error: err.message,
+        stack: err.stack
+      });
+      throw err;
+    }
+  }
+  /**
+   * Collect ISOs (custom installation images).
+   */
+  async *_collectISOs() {
+    try {
+      const response = await this._client.isos.list();
+      const isos = response.isos || [];
+      for (const iso of isos) {
+        yield {
+          provider: 'hetzner',
+          accountId: this._accountId,
+          region: null, // ISOs are global
+          service: 'isos',
+          resourceType: 'hetzner.iso',
+          resourceId: iso.id?.toString(),
+          name: iso.name,
+          tags: {},
+          metadata: {
+            type: iso.type,
+            deprecated: iso.deprecated,
+            deprecation: iso.deprecation
+          },
+          configuration: this._sanitize(iso)
+        };
+      }
+      this.logger('info', `Collected ${isos.length} Hetzner ISOs`);
+    } catch (err) {
+      this.logger('error', 'Failed to collect Hetzner ISOs', {
+        error: err.message,
+        stack: err.stack
+      });
+      throw err;
+    }
+  }
+  /**
+   * Extract labels from Hetzner labels object.
+   */
+  _extractLabels(labels) {
+    if (!labels || typeof labels !== 'object') return {};
+    return { ...labels };
+  }
+  /**
+   * Sanitize configuration by removing sensitive data.
+   */
+  _sanitize(config) {
+    if (!config || typeof config !== 'object') return config;
+    const sanitized = { ...config };
+    const sensitiveFields = [
+      'root_password',
+      'password',
+      'token',
+      'secret',
+      'api_key',
+      'private_key',
+      'public_key',
+      'certificate',
+      'private_key'
+    ];
+    for (const field of sensitiveFields) {
+      if (field in sanitized) {
+        sanitized[field] = '***REDACTED***';
+      }
+    }
+    return sanitized;
+  }
+}