securenow 6.0.2 → 6.1.0

package/cli/ui.js

@@ -0,0 +1,386 @@
+'use strict';
+
+const readline = require('readline');
+
+const NO_COLOR = !!process.env.NO_COLOR || !process.stdout.isTTY;
+
+const codes = {
+  reset: '\x1b[0m',
+  bold: '\x1b[1m',
+  dim: '\x1b[2m',
+  italic: '\x1b[3m',
+  underline: '\x1b[4m',
+  red: '\x1b[31m',
+  green: '\x1b[32m',
+  yellow: '\x1b[33m',
+  blue: '\x1b[34m',
+  magenta: '\x1b[35m',
+  cyan: '\x1b[36m',
+  white: '\x1b[37m',
+  gray: '\x1b[90m',
+  bgRed: '\x1b[41m',
+  bgGreen: '\x1b[42m',
+  bgYellow: '\x1b[43m',
+  bgBlue: '\x1b[44m',
+  bgCyan: '\x1b[46m',
+};
+
+function style(code, text) {
+  if (NO_COLOR) return text;
+  return `${code}${text}${codes.reset}`;
+}
+
+const c = {
+  bold: (s) => style(codes.bold, s),
+  dim: (s) => style(codes.dim, s),
+  italic: (s) => style(codes.italic, s),
+  underline: (s) => style(codes.underline, s),
+  red: (s) => style(codes.red, s),
+  green: (s) => style(codes.green, s),
+  yellow: (s) => style(codes.yellow, s),
+  blue: (s) => style(codes.blue, s),
+  magenta: (s) => style(codes.magenta, s),
+  cyan: (s) => style(codes.cyan, s),
+  white: (s) => style(codes.white, s),
+  gray: (s) => style(codes.gray, s),
+  success: (s) => style(codes.green, s),
+  error: (s) => style(codes.red, s),
+  warn: (s) => style(codes.yellow, s),
+  info: (s) => style(codes.cyan, s),
+};
+
+function stripAnsi(str) {
+  return str.replace(/\x1b\[[0-9;]*m/g, '');
+}
+
+function visibleLength(str) {
+  return stripAnsi(str).length;
+}
+
+function padEnd(str, len) {
+  const visible = visibleLength(str);
+  if (visible >= len) return str;
+  return str + ' '.repeat(len - visible);
+}
+
+function table(headers, rows, opts = {}) {
+  if (!rows.length) {
+    console.log(c.dim('  No results found.'));
+    return;
+  }
+
+  const maxWidth = process.stdout.columns || 120;
+  const colWidths = headers.map((h, i) => {
+    const headerLen = visibleLength(String(h));
+    const maxCell = rows.reduce((max, row) => {
+      const cell = String(row[i] ?? '');
+      return Math.max(max, visibleLength(cell));
+    }, 0);
+    return Math.min(Math.max(headerLen, maxCell), opts.maxColWidth || 60);
+  });
+
+  const totalWidth = colWidths.reduce((a, b) => a + b, 0) + (colWidths.length - 1) * 3;
+  if (totalWidth > maxWidth && colWidths.length > 1) {
+    const lastIdx = colWidths.length - 1;
+    const excess = totalWidth - maxWidth;
+    colWidths[lastIdx] = Math.max(10, colWidths[lastIdx] - excess);
+  }
+
+  const headerLine = headers.map((h, i) => padEnd(c.bold(String(h)), colWidths[i])).join('   ');
+  const separator = colWidths.map(w => c.dim('─'.repeat(w))).join('───');
+
+  console.log(`  ${headerLine}`);
+  console.log(`  ${separator}`);
+
+  for (const row of rows) {
+    const line = row.map((cell, i) => {
+      let s = String(cell ?? '');
+      if (visibleLength(s) > colWidths[i]) {
+        s = stripAnsi(s).slice(0, colWidths[i] - 1) + '…';
+      }
+      return padEnd(s, colWidths[i]);
+    }).join('   ');
+    console.log(`  ${line}`);
+  }
+}
+
+function keyValue(pairs) {
+  const maxKey = pairs.reduce((max, [k]) => Math.max(max, k.length), 0);
+  for (const [key, value] of pairs) {
+    console.log(`  ${c.bold(key.padEnd(maxKey))}  ${value ?? c.dim('—')}`);
+  }
+}
+
+function heading(text) {
+  console.log(`\n${c.bold(c.cyan(text))}`);
+}
+
+function subheading(text) {
+  console.log(`\n  ${c.bold(text)}`);
+}
+
+function success(msg) {
+  console.log(`${c.green('✓')} ${msg}`);
+}
+
+function error(msg) {
+  console.error(`${c.red('✗')} ${msg}`);
+}
+
+function warn(msg) {
+  console.log(`${c.yellow('!')} ${msg}`);
+}
+
+function info(msg) {
+  console.log(`${c.cyan('ℹ')} ${msg}`);
+}
+
+function spinner(message) {
+  if (!process.stderr.isTTY) {
+    process.stderr.write(`  ${message}...\n`);
+    return {
+      update() {},
+      stop(msg) { if (msg) process.stderr.write(`  ${msg}\n`); },
+      fail(msg) { if (msg) process.stderr.write(`  ${msg}\n`); },
+    };
+  }
+
+  const frames = ['⠋', '⠙', '⠹', '⠸', '⠼', '⠴', '⠦', '⠧', '⠇', '⠏'];
+  let i = 0;
+  let currentMsg = message;
+  const interval = setInterval(() => {
+    const frame = c.cyan(frames[i++ % frames.length]);
+    process.stderr.write(`\r  ${frame} ${currentMsg}`);
+  }, 80);
+
+  return {
+    update(msg) { currentMsg = msg; },
+    stop(finalMsg) {
+      clearInterval(interval);
+      process.stderr.write(`\r  ${c.green('✓')} ${finalMsg || currentMsg}\n`);
+    },
+    fail(finalMsg) {
+      clearInterval(interval);
+      process.stderr.write(`\r  ${c.red('✗')} ${finalMsg || currentMsg}\n`);
+    },
+  };
+}
+
+function prompt(question, opts = {}) {
+  const rl = readline.createInterface({
+    input: process.stdin,
+    output: process.stderr,
+  });
+
+  return new Promise((resolve) => {
+    const q = opts.secret ? question : `  ${c.cyan('?')} ${question} `;
+    rl.question(q, (answer) => {
+      rl.close();
+      resolve(answer.trim());
+    });
+
+    if (opts.secret) {
+      const onData = (char) => {
+        const code = char.toString();
+        if (code === '\n' || code === '\r' || code === '\u0004') return;
+        process.stderr.write('*');
+      };
+      process.stdin.on('data', onData);
+      rl.once('close', () => process.stdin.removeListener('data', onData));
+    }
+  });
+}
+
+async function confirm(question, defaultYes = false) {
+  const hint = defaultYes ? 'Y/n' : 'y/N';
+  const answer = await prompt(`${question} ${c.dim(`(${hint})`)}`);
+  if (!answer) return defaultYes;
+  return answer.toLowerCase().startsWith('y');
+}
+
+async function select(question, choices) {
+  console.log(`\n  ${c.cyan('?')} ${question}\n`);
+  choices.forEach((choice, i) => {
+    console.log(`    ${c.bold(String(i + 1))} ${choice.label || choice}`);
+  });
+  console.log('');
+  const answer = await prompt('Enter number');
+  const idx = parseInt(answer, 10) - 1;
+  if (idx < 0 || idx >= choices.length) {
+    error('Invalid selection');
+    process.exit(1);
+  }
+  return choices[idx].value ?? choices[idx];
+}
+
+async function multiSelect(question, choices) {
+  console.log(`\n  ${c.cyan('?')} ${question}\n`);
+  choices.forEach((choice, i) => {
+    const label = choice.label || choice;
+    const detail = choice.detail ? c.dim(` — ${choice.detail}`) : '';
+    console.log(`    ${c.bold(String(i + 1).padStart(3))} ${label}${detail}`);
+  });
+  console.log('');
+  console.log(c.dim(`  Enter numbers separated by commas, a range (e.g. 1-5), or "all"`));
+  const answer = await prompt('Selection');
+
+  if (!answer) return [];
+
+  if (answer.toLowerCase() === 'all') {
+    return choices.map((ch) => ch.value ?? ch);
+  }
+
+  const indices = new Set();
+  for (const part of answer.split(',')) {
+    const trimmed = part.trim();
+    if (trimmed.includes('-')) {
+      const [startStr, endStr] = trimmed.split('-');
+      const start = parseInt(startStr, 10);
+      const end = parseInt(endStr, 10);
+      if (!isNaN(start) && !isNaN(end)) {
+        for (let i = Math.min(start, end); i <= Math.max(start, end); i++) {
+          indices.add(i);
+        }
+      }
+    } else {
+      const num = parseInt(trimmed, 10);
+      if (!isNaN(num)) indices.add(num);
+    }
+  }
+
+  const selected = [];
+  for (const idx of indices) {
+    if (idx >= 1 && idx <= choices.length) {
+      selected.push(choices[idx - 1].value ?? choices[idx - 1]);
+    }
+  }
+  return selected;
+}
+
+function json(data) {
+  console.log(JSON.stringify(data, null, 2));
+}
+
+function hr() {
+  const width = Math.min(process.stdout.columns || 80, 80);
+  console.log(c.dim('─'.repeat(width)));
+}
+
+// Parses timestamps the backend returns in multiple formats:
+//   - UInt64 nanoseconds as a string (signoz logs) → "1775856777891000000"
+//   - ClickHouse DateTime64 string (signoz traces)  → "2026-04-10 21:34:51.133000000" (UTC, no Z)
+//   - ISO 8601                                       → "2026-04-10T21:34:51.133Z"
+//   - number (ms) / Date                              → passthrough
+function parseTimestamp(ts) {
+  if (ts == null || ts === '') return null;
+  if (ts instanceof Date) return isNaN(ts.getTime()) ? null : ts;
+  if (typeof ts === 'number') {
+    const d = new Date(ts);
+    return isNaN(d.getTime()) ? null : d;
+  }
+  const s = String(ts).trim();
+  if (/^\d{16,}$/.test(s)) {
+    const d = new Date(Number(s) / 1e6);
+    return isNaN(d.getTime()) ? null : d;
+  }
+  if (/^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}/.test(s) && !/[zZ]|[+-]\d{2}:?\d{2}$/.test(s)) {
+    const isoish = s.replace(' ', 'T').replace(/\.(\d{3})\d*$/, '.$1') + 'Z';
+    const d = new Date(isoish);
+    if (!isNaN(d.getTime())) return d;
+  }
+  const d = new Date(s);
+  return isNaN(d.getTime()) ? null : d;
+}
+
+function timeAgo(dateStr) {
+  const date = parseTimestamp(dateStr);
+  if (!date) return '—';
+  const diff = Date.now() - date.getTime();
+  const seconds = Math.floor(diff / 1000);
+  if (seconds < 60) return 'just now';
+  const minutes = Math.floor(seconds / 60);
+  if (minutes < 60) return `${minutes}m ago`;
+  const hours = Math.floor(minutes / 60);
+  if (hours < 24) return `${hours}h ago`;
+  const days = Math.floor(hours / 24);
+  if (days < 30) return `${days}d ago`;
+  return date.toLocaleDateString();
+}
+
+function truncate(str, len = 50) {
+  if (!str) return '';
+  str = String(str);
+  if (str.length <= len) return str;
+  return str.slice(0, len - 1) + '…';
+}
+
+function statusBadge(status) {
+  const map = {
+    active: c.green('● active'),
+    inactive: c.dim('○ inactive'),
+    healthy: c.green('● healthy'),
+    unhealthy: c.red('● unhealthy'),
+    warning: c.yellow('● warning'),
+    open: c.red('● open'),
+    resolved: c.green('● resolved'),
+    closed: c.dim('● closed'),
+    acknowledged: c.yellow('● ack'),
+    blocked: c.red('■ blocked'),
+    trusted: c.green('■ trusted'),
+    enabled: c.green('● enabled'),
+    disabled: c.dim('○ disabled'),
+    paused: c.yellow('◆ paused'),
+    critical: c.red('▲ critical'),
+    high: c.red('▲ high'),
+    medium: c.yellow('▲ medium'),
+    low: c.blue('▲ low'),
+    info: c.cyan('▲ info'),
+    read: c.dim('○ read'),
+    unread: c.cyan('● unread'),
+  };
+  return map[(status || '').toLowerCase()] || status;
+}
+
+function httpStatusColor(code) {
+  code = parseInt(code, 10);
+  if (code < 300) return c.green(code);
+  if (code < 400) return c.cyan(code);
+  if (code < 500) return c.yellow(code);
+  return c.red(code);
+}
+
+function durationColor(ms) {
+  ms = parseFloat(ms);
+  if (isNaN(ms)) return '—';
+  if (ms < 100) return c.green(`${ms.toFixed(0)}ms`);
+  if (ms < 500) return c.yellow(`${ms.toFixed(0)}ms`);
+  if (ms < 1000) return c.red(`${ms.toFixed(0)}ms`);
+  return c.red(`${(ms / 1000).toFixed(2)}s`);
+}
+
+module.exports = {
+  c,
+  NO_COLOR,
+  stripAnsi,
+  table,
+  keyValue,
+  heading,
+  subheading,
+  success,
+  error,
+  warn,
+  info,
+  spinner,
+  prompt,
+  confirm,
+  select,
+  multiSelect,
+  json,
+  hr,
+  timeAgo,
+  parseTimestamp,
+  truncate,
+  statusBadge,
+  httpStatusColor,
+  durationColor,
+};

package/cli/utils.js

@@ -0,0 +1,127 @@
+'use strict';
+
+const fs = require('fs');
+const ui = require('./ui');
+const cidrLib = require('../cidr');
+const { redactSensitiveData, DEFAULT_SENSITIVE_FIELDS } = require('../nextjs-middleware');
+
+// ── redact ──
+
+function readInput(arg) {
+  if (!arg) return null;
+  if (arg.startsWith('@')) {
+    const file = arg.slice(1);
+    return fs.readFileSync(file, 'utf8');
+  }
+  return arg;
+}
+
+function redact(args, flags) {
+  const input = readInput(args[0]);
+  if (!input) {
+    ui.error('Missing input. Provide a JSON string or @path/to/file.json');
+    console.log('');
+    console.log(`  ${ui.c.bold('Usage:')} securenow redact '<json>' [--fields f1,f2]`);
+    console.log(`         securenow redact @request.json`);
+    console.log('');
+    process.exit(1);
+  }
+
+  let parsed;
+  try {
+    parsed = JSON.parse(input);
+  } catch (err) {
+    ui.error(`Invalid JSON: ${err.message}`);
+    process.exit(1);
+  }
+
+  const extra = flags.fields
+    ? String(flags.fields).split(',').map((s) => s.trim()).filter(Boolean)
+    : [];
+  const envExtra = (process.env.SECURENOW_SENSITIVE_FIELDS || '')
+    .split(',').map((s) => s.trim()).filter(Boolean);
+  const fields = [...DEFAULT_SENSITIVE_FIELDS, ...envExtra, ...extra];
+
+  const result = redactSensitiveData(parsed, fields);
+
+  if (flags.json) {
+    ui.json(result);
+    return;
+  }
+  console.log(JSON.stringify(result, null, 2));
+}
+
+// ── cidr ──
+
+function cidrMatch(args, flags) {
+  const ip = args[0];
+  const cidrs = args[1];
+  if (!ip || !cidrs) {
+    ui.error('Usage: securenow cidr match <ip> <cidr1[,cidr2,...]>');
+    process.exit(1);
+  }
+
+  const list = cidrs.split(',').map((s) => s.trim()).filter(Boolean);
+  const matcher = cidrLib.createMatcher(list);
+  const hit = matcher.isBlocked(ip);
+  const stats = matcher.stats();
+
+  if (flags.json) {
+    ui.json({ ip, cidrs: list, match: hit, stats });
+    return;
+  }
+
+  console.log('');
+  ui.keyValue([
+    ['IP', ip],
+    ['Entries', `${stats.exact} exact, ${stats.cidr} CIDR`],
+    ['Match', hit ? ui.c.red('BLOCKED') : ui.c.green('not in list')],
+  ]);
+  console.log('');
+  process.exit(hit ? 0 : 2);
+}
+
+function cidrParse(args, flags) {
+  const cidr = args[0];
+  if (!cidr) {
+    ui.error('Usage: securenow cidr parse <cidr>');
+    process.exit(1);
+  }
+
+  const parsed = cidrLib.parseCidr(cidr);
+  if (!parsed) {
+    ui.error(`Invalid CIDR: ${cidr}`);
+    process.exit(1);
+  }
+
+  const intToIp = (n) => [
+    (n >>> 24) & 0xff, (n >>> 16) & 0xff, (n >>> 8) & 0xff, n & 0xff,
+  ].join('.');
+  const broadcast = (parsed.network | (~parsed.mask >>> 0)) >>> 0;
+  const size = (~parsed.mask >>> 0) + 1;
+
+  const out = {
+    cidr,
+    network: intToIp(parsed.network),
+    broadcast: intToIp(broadcast),
+    mask: intToIp(parsed.mask),
+    size,
+  };
+
+  if (flags.json) {
+    ui.json(out);
+    return;
+  }
+
+  console.log('');
+  ui.keyValue([
+    ['CIDR', out.cidr],
+    ['Network', out.network],
+    ['Broadcast', out.broadcast],
+    ['Mask', out.mask],
+    ['Size', String(out.size)],
+  ]);
+  console.log('');
+}
+
+module.exports = { redact, cidrMatch, cidrParse };