npm - scdb-core - Versions diffs - 1.0.0 - Mend

scdb-core 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/auth.js ADDED Viewed

@@ -0,0 +1,113 @@
+import bcrypt from 'bcryptjs';
+import crypto from 'crypto';
+const SALT_ROUNDS = 10;
+const API_KEY_BYTES = 32;
+/**
+ * Hash a password for storage.
+ * @param {string} password
+ * @returns {Promise<string>}
+ */
+export async function hashPassword(password) {
+  return bcrypt.hash(password, SALT_ROUNDS);
+}
+/**
+ * Verify password against hash.
+ * @param {string} password
+ * @param {string} hash
+ * @returns {Promise<boolean>}
+ */
+export async function verifyPassword(password, hash) {
+  return bcrypt.compare(password, hash);
+}
+/**
+ * Hash an API key for storage (we only store hash, not plain key).
+ * @param {string} key
+ * @returns {string}
+ */
+export function hashApiKey(key) {
+  return crypto.createHash('sha256').update(key, 'utf8').digest('hex');
+}
+/**
+ * Generate a new API key (returns plain key; caller hashes for storage).
+ * @returns {string}
+ */
+export function generateApiKey(port) {
+  return "::::" + port + "::::" + crypto.randomBytes(API_KEY_BYTES).toString('hex');
+}
+/**
+ * Authenticate by username/password. Returns user row with role or null.
+ * @param {ReturnType<import('./index.js').openDatabase> extends Promise<infer T> ? T : never} db - opened db from openDatabase()
+ * @param {string} username
+ * @param {string} password
+ * @returns {Promise<{ id: number, username: string, role: string } | null>}
+ */
+export async function authenticateUser(db, username, password) {
+  const rows = db.query(
+    'SELECT id, username, password_hash, role FROM users WHERE username = ?',
+    [username]
+  );
+  if (rows.length === 0) return null;
+  const user = rows[0];
+  const ok = await verifyPassword(password, user.password_hash);
+  if (!ok) return null;
+  return { id: user.id, username: user.username, role: user.role };
+}
+/**
+ * Authenticate by API key. Returns { id, name, role } or null.
+ * @param {ReturnType<import('./index.js').openDatabase> extends Promise<infer T> ? T : never} db
+ * @param {string} key - raw API key
+ * @returns {{ id: number, name: string | null, role: string } | null}
+ */
+export function authenticateApiKey(db, key) {
+  const keyHash = hashApiKey(key);
+  const rows = db.query(
+    'SELECT id, name, role FROM api_keys WHERE key_hash = ?',
+    [keyHash]
+  );
+  if (rows.length === 0) return null;
+  const r = rows[0];
+  return { id: r.id, name: r.name ?? null, role: r.role };
+}
+const ROLES = ['admin', 'readwrite', 'readonly'];
+/**
+ * Check if role is allowed to run a given SQL (rough: only SELECT vs write).
+ * @param {string} role
+ * @param {string} sql - trimmed uppercase SQL
+ * @returns {boolean}
+ */
+export function canRunSql(role, sql) {
+  const trimmed = sql.trim().toUpperCase();
+  const isWrite = /^(INSERT|UPDATE|DELETE|CREATE|DROP|ALTER|REPLACE)\s/.test(trimmed);
+  if (!isWrite) return true; // SELECT and read-only statements
+  if (role === 'admin' || role === 'readwrite') return true;
+  return false; // readonly cannot write
+}
+/**
+ * Write an audit log entry. principal_type: 'user' | 'api_key', action: e.g. 'query', 'execute'.
+ * @param {ReturnType<import('./index.js').openDatabase> extends Promise<infer T> ? T : never} db
+ * @param {{ principalType: 'user'|'api_key', principalId: number, role: string, action: string, queryPreview?: string, success: boolean }} entry
+ */
+export function auditLog(db, entry) {
+  const preview = (entry.queryPreview || '').slice(0, 500);
+  db.execute(
+    `INSERT INTO audit_log (principal_type, principal_id, role, action, query_preview, success) VALUES (?, ?, ?, ?, ?, ?)`,
+    [
+      entry.principalType,
+      entry.principalId,
+      entry.role,
+      entry.action,
+      preview,
+      entry.success ? 1 : 0,
+    ]
+  );
+}

package/index.js ADDED Viewed

@@ -0,0 +1,126 @@
+import initSqlJs from 'sql.js';
+import fs from 'fs';
+import path from 'path';
+import { fileURLToPath } from 'url';
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+let SQL = null;
+async function getSQL() {
+  if (SQL) return SQL;
+  SQL = await initSqlJs();
+  return SQL;
+}
+const MIGRATIONS = `
+-- Users (web panel login)
+CREATE TABLE IF NOT EXISTS users (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  username TEXT UNIQUE NOT NULL,
+  password_hash TEXT NOT NULL,
+  role TEXT NOT NULL CHECK(role IN ('admin','readwrite','readonly')),
+  created_at TEXT DEFAULT (datetime('now'))
+);
+-- API keys (for lib and CLI)
+CREATE TABLE IF NOT EXISTS api_keys (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  key_hash TEXT UNIQUE NOT NULL,
+  name TEXT,
+  role TEXT NOT NULL CHECK(role IN ('admin','readwrite','readonly')),
+  created_at TEXT DEFAULT (datetime('now')),
+  owner_user_id INTEGER REFERENCES users(id)
+);
+-- Audit log
+CREATE TABLE IF NOT EXISTS audit_log (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  principal_type TEXT NOT NULL CHECK(principal_type IN ('user','api_key')),
+  principal_id INTEGER NOT NULL,
+  role TEXT NOT NULL,
+  action TEXT NOT NULL,
+  query_preview TEXT,
+  success INTEGER NOT NULL,
+  created_at TEXT DEFAULT (datetime('now'))
+);
+CREATE INDEX IF NOT EXISTS idx_audit_created ON audit_log(created_at);
+CREATE INDEX IF NOT EXISTS idx_audit_principal ON audit_log(principal_type, principal_id);
+`;
+/**
+ * Open or create database from file path. Call once at startup.
+ * @param {string} dbPath - Path to .sqlite file (created if missing)
+ * @returns {Promise<{ query, execute, save, db }>}
+ */
+export async function openDatabase(dbPath) {
+  const Sql = await getSQL();
+  let db;
+  const resolved = path.resolve(process.cwd(), dbPath);
+  const dir = path.dirname(resolved);
+  if (!fs.existsSync(dir)) {
+    fs.mkdirSync(dir, { recursive: true });
+  }
+  if (fs.existsSync(resolved)) {
+    const buf = fs.readFileSync(resolved);
+    db = new Sql.Database(new Uint8Array(buf));
+  } else {
+    db = new Sql.Database();
+  }
+  db.run(MIGRATIONS);
+  try {
+    db.run('ALTER TABLE api_keys ADD COLUMN owner_user_id INTEGER REFERENCES users(id)');
+  } catch (_) {
+    // column already exists
+  }
+  return {
+    db,
+    /**
+     * Run a parameterized SELECT; returns array of row objects.
+     * @param {string} sql
+     * @param {unknown[]} params
+     * @returns {Record<string, unknown>[]}
+     */
+    query(sql, params = []) {
+      const stmt = db.prepare(sql);
+      try {
+        if (params.length) stmt.bind(params);
+        const rows = [];
+        while (stmt.step()) rows.push(stmt.getAsObject());
+        return rows;
+      } finally {
+        stmt.free();
+      }
+    },
+    /**
+     * Run a parameterized INSERT/UPDATE/DELETE; returns { changes, lastInsertRowid }.
+     * @param {string} sql
+     * @param {unknown[]} params
+     * @returns {{ changes: number, lastInsertRowid: number }}
+     */
+    execute(sql, params = []) {
+      db.run(sql, params);
+      return {
+        changes: db.getRowsModified(),
+        lastInsertRowid: db.exec("SELECT last_insert_rowid()")[0]?.values?.[0]?.[0] ?? 0,
+      };
+    },
+    /**
+     * Persist database to the file.
+     */
+    save() {
+      const data = db.export();
+      fs.writeFileSync(resolved, Buffer.from(data));
+    },
+  };
+}
+export { getSQL };
+export * from './auth.js';
+export * from './schema.js';

package/package.json ADDED Viewed

@@ -0,0 +1,10 @@
+{
+  "name": "scdb-core",
+  "version": "1.0.0",
+  "main": "index.js",
+  "type": "module",
+  "dependencies": {
+    "bcryptjs": "^2.4.3",
+    "sql.js": "^1.10.0"
+  }
+}

package/schema.js ADDED Viewed

@@ -0,0 +1,27 @@
+/**
+ * List all user tables (exclude sqlite_*).
+ * @param {import('./index.js').openDatabase extends () => Promise<infer T> ? T : never} db
+ * @returns {{ name: string }[]}
+ */
+export function listTables(db) {
+  return db.query(
+    `SELECT name FROM sqlite_master WHERE type = 'table' AND name NOT LIKE 'sqlite_%' ORDER BY name`
+  );
+}
+/**
+ * Get column info for a table.
+ * @param {import('./index.js').openDatabase extends () => Promise<infer T> ? T : never} db
+ * @param {string} tableName
+ * @returns {{ name: string, type: string }[]}
+ */
+export function tableColumns(db, tableName) {
+  return db.query(`PRAGMA table_info(${quoteTableName(tableName)})`);
+}
+function quoteTableName(name) {
+  if (!/^[a-zA-Z_][a-zA-Z0-9_]*$/.test(name)) {
+    throw new Error('Invalid table name');
+  }
+  return `"${name}"`;
+}