npm - vestauth - Versions diffs - 0.16.0 → 0.18.0 - Mend

vestauth 0.16.0 → 0.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (25) hide show

package/CHANGELOG.md +13 -1
package/package.json +7 -3
package/src/cli/actions/server/dbCreate.js +18 -0
package/src/cli/actions/server/dbDrop.js +18 -0
package/src/cli/actions/server/dbMigrate.js +18 -0
package/src/cli/actions/server/start.js +4 -1
package/src/cli/commands/server.js +27 -0
package/src/db/migrations/.gitkeep +0 -0
package/src/db/migrations/20260223204000_create_agents_table.js +19 -0
package/src/db/migrations/20260223205500_create_public_jwks_table.js +25 -0
package/src/lib/helpers/databaseUrl.js +7 -0
package/src/lib/helpers/dbCreate.js +57 -0
package/src/lib/helpers/dbDrop.js +63 -0
package/src/lib/helpers/dbMigrate.js +93 -0
package/src/lib/helpers/errors.js +11 -0
package/src/lib/helpers/hostname.js +7 -0
package/src/lib/helpers/protocol.js +7 -0
package/src/lib/helpers/serverStart.js +3 -3
package/src/lib/server.js +11 -1
package/src/server/index.js +203 -0
package/src/server/models/agent.js +47 -0
package/src/server/models/index.js +31 -0
package/src/server/models/publicJwk.js +39 -0
package/src/server/services/register.js +13 -0
package/src/lib/server/index.js +0 -99

package/CHANGELOG.md CHANGED Viewed

@@ -2,7 +2,19 @@
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
-[Unreleased](https://github.com/vestauth/vestauth/compare/v0.16.0...main)
+[Unreleased](https://github.com/vestauth/vestauth/compare/v0.18.0...main)
+## [0.18.0](https://github.com/vestauth/vestauth/compare/v0.17.0...v0.18.0) (2026-02-24)
+### Added
+* Add `vestauth server start` for running your own vestauth server ([#33](https://github.com/vestauth/vestauth/pull/33))
+## [0.17.0](https://github.com/vestauth/vestauth/compare/v0.16.0...v0.17.0) (2026-02-23)
+### Added
+* Add `db:*` scripts ([#32](https://github.com/vestauth/vestauth/pull/32))
 ## [0.16.0](https://github.com/vestauth/vestauth/compare/v0.15.1...v0.16.0) (2026-02-23)

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "vestauth",
-  "version": "0.16.0",
+  "version": "0.18.0",
   "description": "auth for agents–from the creator of dotenvx",
   "keywords": [
     "vestauth",
@@ -48,10 +48,14 @@
   "dependencies": {
     "@dotenvx/dotenvx": "^1.52.0",
     "commander": "^11.1.0",
-    "express": "^4.21.2",
     "execa": "^5.1.1",
+    "express": "^4.21.2",
+    "knex": "^3.1.0",
+    "pg": "^8.18.0",
+    "sails-postgresql": "^5.0.1",
     "structured-headers": "^2.0.2",
-    "undici": "7.11.0"
+    "undici": "7.11.0",
+    "waterline": "^0.15.2"
   },
   "devDependencies": {
     "@yao-pkg/pkg": "^5.14.2",

package/src/cli/actions/server/dbCreate.js ADDED Viewed

@@ -0,0 +1,18 @@
+const { logger } = require('./../../../shared/logger')
+const catchAndLog = require('./../../../lib/helpers/catchAndLog')
+const server = require('./../../../lib/server')
+async function dbCreate () {
+  try {
+    const options = this.opts()
+    logger.debug(`options: ${JSON.stringify(options)}`)
+    await server.db.create({ databaseUrl: options.databaseUrl })
+  } catch (error) {
+    catchAndLog(error)
+    process.exit(1)
+  }
+}
+module.exports = dbCreate

package/src/cli/actions/server/dbDrop.js ADDED Viewed

@@ -0,0 +1,18 @@
+const { logger } = require('./../../../shared/logger')
+const catchAndLog = require('./../../../lib/helpers/catchAndLog')
+const server = require('./../../../lib/server')
+async function dbDrop () {
+  try {
+    const options = this.opts()
+    logger.debug(`options: ${JSON.stringify(options)}`)
+    await server.db.drop({ databaseUrl: options.databaseUrl })
+  } catch (error) {
+    catchAndLog(error)
+    process.exit(1)
+  }
+}
+module.exports = dbDrop

package/src/cli/actions/server/dbMigrate.js ADDED Viewed

@@ -0,0 +1,18 @@
+const { logger } = require('./../../../shared/logger')
+const catchAndLog = require('./../../../lib/helpers/catchAndLog')
+const server = require('./../../../lib/server')
+async function dbMigrate () {
+  try {
+    const options = this.opts()
+    logger.debug(`options: ${JSON.stringify(options)}`)
+    await server.db.migrate({ databaseUrl: options.databaseUrl })
+  } catch (error) {
+    catchAndLog(error)
+    process.exit(1)
+  }
+}
+module.exports = dbMigrate

package/src/cli/actions/server/start.js CHANGED Viewed

@@ -8,7 +8,10 @@ async function start () {
     const options = this.opts()
     logger.debug(`options: ${JSON.stringify(options)}`)
-    await server.start({ port: options.port })
+    await server.start({
+      port: options.port,
+      databaseUrl: options.databaseUrl
+    })
   } catch (error) {
     catchAndLog(error)
     process.exit(1)

package/src/cli/commands/server.js CHANGED Viewed

@@ -1,5 +1,8 @@
 const { Command } = require('commander')
 const env = require('./../../lib/helpers/env')
+const databaseUrl = require('./../../lib/helpers/databaseUrl')
+const protocol = require('./../../lib/helpers/protocol')
+const hostname = require('./../../lib/helpers/hostname')
 const server = new Command('server')
@@ -12,6 +15,30 @@ const startAction = require('./../actions/server/start')
 server.command('start')
   .description('start vestauth server')
   .option('--port <port>', 'port', env('PORT'))
+  .option('--protocol <protocol>', 'https or http', protocol())
+  .option('--hostname <hostname>', 'localhost:3000', hostname())
+  .option('--database-url <databaseUrl>', 'DATABASE_URL', databaseUrl())
   .action(startAction)
+// vestauth server db:create
+const dbCreateAction = require('./../actions/server/dbCreate')
+server.command('db:create')
+  .description('create vestauth database')
+  .option('--database-url <databaseUrl>', 'DATABASE_URL', databaseUrl())
+  .action(dbCreateAction)
+// vestauth server db:migrate
+const dbMigrateAction = require('./../actions/server/dbMigrate')
+server.command('db:migrate')
+  .description('run db migrations')
+  .option('--database-url <databaseUrl>', 'DATABASE_URL', databaseUrl())
+  .action(dbMigrateAction)
+// vestauth server db:drop
+const dbDropAction = require('./../actions/server/dbDrop')
+server.command('db:drop')
+  .description('delete vestauth database')
+  .option('--database-url <databaseUrl>', 'DATABASE_URL', databaseUrl())
+  .action(dbDropAction)
 module.exports = server

package/src/db/migrations/.gitkeep ADDED Viewed

File without changes

package/src/db/migrations/20260223204000_create_agents_table.js ADDED Viewed

@@ -0,0 +1,19 @@
+/**
+ * @param {import('knex').Knex} knex
+ */
+exports.up = async function (knex) {
+  await knex.schema.createTable('agents', function (table) {
+    table.bigIncrements('id').primary()
+    table.string('uid')
+    table.datetime('created_at').notNullable()
+    table.datetime('updated_at').notNullable()
+    table.unique(['uid'], { indexName: 'index_agents_on_uid' })
+  })
+}
+/**
+ * @param {import('knex').Knex} knex
+ */
+exports.down = async function (knex) {
+  await knex.schema.dropTableIfExists('agents')
+}

package/src/db/migrations/20260223205500_create_public_jwks_table.js ADDED Viewed

@@ -0,0 +1,25 @@
+/**
+ * @param {import('knex').Knex} knex
+ */
+exports.up = async function (knex) {
+  await knex.schema.createTable('public_jwks', function (table) {
+    table.bigIncrements('id').primary()
+    table.bigInteger('agent_id').notNullable()
+    table.string('kid').notNullable()
+    table.jsonb('value').notNullable().defaultTo({})
+    table.string('state').notNullable().defaultTo('active')
+    table.datetime('created_at').notNullable()
+    table.datetime('updated_at').notNullable()
+    table.index(['agent_id'], 'index_public_jwks_on_agent_id')
+    table.unique(['kid'], { indexName: 'index_public_jwks_on_kid' })
+    table.foreign('agent_id').references('agents.id')
+  })
+}
+/**
+ * @param {import('knex').Knex} knex
+ */
+exports.down = async function (knex) {
+  await knex.schema.dropTableIfExists('public_jwks')
+}

package/src/lib/helpers/databaseUrl.js ADDED Viewed

@@ -0,0 +1,7 @@
+const env = require('./env')
+function databaseUrl () {
+  return env('DATABASE_URL') || 'postgres://localhost/vestauth_production'
+}
+module.exports = databaseUrl

package/src/lib/helpers/dbCreate.js ADDED Viewed

@@ -0,0 +1,57 @@
+const knex = require('knex')
+const { logger } = require('../../shared/logger')
+function quoteIdentifier (value) {
+  return `"${String(value).replace(/"/g, '""')}"`
+}
+function parseConnectionUrl (value) {
+  if (!value) throw new Error('missing DATABASE_URL')
+  let url
+  try {
+    url = new URL(value)
+  } catch {
+    throw new Error('invalid DATABASE_URL')
+  }
+  const database = decodeURIComponent((url.pathname || '').replace(/^\//, ''))
+  if (!database) throw new Error('missing database name in DATABASE_URL')
+  return { url, database }
+}
+async function dbCreate ({ databaseUrl } = {}) {
+  const targetUrl = databaseUrl
+  const { url, database } = parseConnectionUrl(targetUrl)
+  // Connect to the maintenance DB (`postgres`) to create the target DB.
+  const maintenanceUrl = (() => {
+    const copy = new URL(url.toString())
+    copy.pathname = '/postgres'
+    return copy.toString()
+  })()
+  const db = knex({
+    client: 'pg',
+    connection: maintenanceUrl
+  })
+  try {
+    const result = await db.raw('select 1 from pg_database where datname = ?', [database])
+    const exists = Array.isArray(result.rows) && result.rows.length > 0
+    if (exists) {
+      logger.info(`Database '${database}' already exists`)
+      return { created: false, database }
+    }
+    await db.raw(`create database ${quoteIdentifier(database)}`)
+    logger.info(`Created database '${database}'`)
+    return { created: true, database }
+  } finally {
+    await db.destroy()
+  }
+}
+module.exports = dbCreate

package/src/lib/helpers/dbDrop.js ADDED Viewed

@@ -0,0 +1,63 @@
+const knex = require('knex')
+const { logger } = require('../../shared/logger')
+function quoteIdentifier (value) {
+  return `"${String(value).replace(/"/g, '""')}"`
+}
+function parseConnectionUrl (value) {
+  if (!value) throw new Error('missing DATABASE_URL')
+  let url
+  try {
+    url = new URL(value)
+  } catch {
+    throw new Error('invalid DATABASE_URL')
+  }
+  const database = decodeURIComponent((url.pathname || '').replace(/^\//, ''))
+  if (!database) throw new Error('missing database name in DATABASE_URL')
+  return { url, database }
+}
+async function dbDrop ({ databaseUrl } = {}) {
+  const targetUrl = databaseUrl
+  const { url, database } = parseConnectionUrl(targetUrl)
+  // Connect to the maintenance DB (`postgres`) to drop the target DB.
+  const maintenanceUrl = (() => {
+    const copy = new URL(url.toString())
+    copy.pathname = '/postgres'
+    return copy.toString()
+  })()
+  const db = knex({
+    client: 'pg',
+    connection: maintenanceUrl
+  })
+  try {
+    const result = await db.raw('select 1 from pg_database where datname = ?', [database])
+    const exists = Array.isArray(result.rows) && result.rows.length > 0
+    if (!exists) {
+      logger.info(`Database '${database}' does not exist`)
+      return { dropped: false, database }
+    }
+    // Terminate active connections so DROP DATABASE succeeds in local workflows.
+    await db.raw(
+      'select pg_terminate_backend(pid) from pg_stat_activity where datname = ? and pid <> pg_backend_pid()',
+      [database]
+    )
+    await db.raw(`drop database ${quoteIdentifier(database)}`)
+    logger.info(`Dropped database '${database}'`)
+    return { dropped: true, database }
+  } finally {
+    await db.destroy()
+  }
+}
+module.exports = dbDrop

package/src/lib/helpers/dbMigrate.js ADDED Viewed

@@ -0,0 +1,93 @@
+const path = require('path')
+const knex = require('knex')
+const Errors = require('./errors')
+const { logger } = require('../../shared/logger')
+function migrationLabel (filename) {
+  const base = String(filename).replace(/\.js$/, '')
+  const match = base.match(/^(\d+)_(.+)$/)
+  if (!match) return base
+  const version = match[1]
+  const name = match[2]
+    .split('_')
+    .map(part => part.charAt(0).toUpperCase() + part.slice(1))
+    .join('')
+  return `${version} ${name}`
+}
+function formatRailsTiming (ms) {
+  return `(${(ms / 1000).toFixed(4)}s)`
+}
+async function dbMigrate ({ databaseUrl } = {}) {
+  const connection = databaseUrl
+  if (!connection) throw new Errors().missingDatabaseUrl()
+  const db = knex({
+    client: 'pg',
+    connection,
+    ssl: { rejectUnauthorized: false },
+    migrations: {
+      directory: path.resolve(__dirname, '../../db/migrations')
+    }
+  })
+  try {
+    if (!db.migrate || typeof db.migrate.list !== 'function' || typeof db.migrate.up !== 'function') {
+      const startedAt = Date.now()
+      const [batchNo, migrations] = await db.migrate.latest()
+      const elapsedMs = Date.now() - startedAt
+      for (const migration of migrations) {
+        const label = migrationLabel(migration)
+        logger.info(`== ${label}: migrating ================================================`)
+        logger.info(`== ${label}: migrated ${formatRailsTiming(elapsedMs)} ===========================`)
+      }
+      return {
+        batchNo,
+        migrations
+      }
+    }
+    const [, pending] = await db.migrate.list()
+    const migrations = []
+    let batchNo = null
+    for (const pendingMigration of pending) {
+      const name = typeof pendingMigration === 'string'
+        ? pendingMigration
+        : pendingMigration.file || pendingMigration.name
+      const label = migrationLabel(name)
+      logger.info(`== ${label}: migrating ================================================`)
+      const startedAt = Date.now()
+      const [nextBatchNo, ran] = await db.migrate.up({ name })
+      batchNo = nextBatchNo
+      const elapsedMs = Date.now() - startedAt
+      logger.info(`== ${label}: migrated ${formatRailsTiming(elapsedMs)} ===========================`)
+      if (Array.isArray(ran)) {
+        migrations.push(...ran)
+      } else if (ran) {
+        migrations.push(ran)
+      } else {
+        migrations.push(name)
+      }
+    }
+    return {
+      batchNo,
+      migrations
+    }
+  } finally {
+    await db.destroy()
+  }
+}
+module.exports = dbMigrate

package/src/lib/helpers/errors.js CHANGED Viewed

@@ -121,6 +121,17 @@ class Errors {
     return e
   }
+  missingDatabaseUrl () {
+    const code = 'MISSING_DATABASE_URL'
+    const message = `[${code}] missing DATABASE_URL`
+    const help = `[${code}] pass --database-url or set DATABASE_URL`
+    const e = new Error(message)
+    e.code = code
+    e.help = help
+    return e
+  }
   commandFailed () {
     const code = 'COMMAND_FAILED'
     const message = `[${code}] command failed with exit code ${this.exitCode}`

package/src/lib/helpers/hostname.js ADDED Viewed

@@ -0,0 +1,7 @@
+const env = require('./env')
+function hostname () {
+  return env('HOSTNAME') || 'localhost:3000' // for server
+}
+module.exports = hostname

package/src/lib/helpers/protocol.js ADDED Viewed

@@ -0,0 +1,7 @@
+const env = require('./env')
+function protocol () {
+  return env('PROTOCOL') || 'http'
+}
+module.exports = protocol

package/src/lib/helpers/serverStart.js CHANGED Viewed

@@ -1,7 +1,7 @@
-const serverIndex = require('./../server/index')
+const serverIndex = require('./../../server/index')
-function serverStart ({ port }) {
-  serverIndex.start({ port })
+function serverStart ({ port, databaseUrl }) {
+  return serverIndex.start({ port, databaseUrl })
 }
 module.exports = serverStart

package/src/lib/server.js CHANGED Viewed

@@ -1,5 +1,15 @@
 const serverStart = require('./helpers/serverStart')
+const dbCreate = require('./helpers/dbCreate')
+const dbMigrate = require('./helpers/dbMigrate')
+const dbDrop = require('./helpers/dbDrop')
+const serverIndex = require('./../server/index')
 module.exports = {
-  start: serverStart
+  start: serverStart,
+  close: serverIndex.close,
+  db: {
+    create: dbCreate,
+    migrate: dbMigrate,
+    drop: dbDrop
+  }
 }

package/src/server/index.js ADDED Viewed

@@ -0,0 +1,203 @@
+const { logger } = require('./../shared/logger')
+const tool = require('./../lib/tool')
+const primitives = require('./../lib/primitives')
+const { connectOrm } = require('./models/index')
+const express = require('express')
+const app = express()
+let ORM = null
+let HTTP_SERVER = null
+let CLOSE_PROMISE = null
+let SIGNAL_HANDLERS_INSTALLED = false
+let SIGNAL_HANDLERS = null
+app.use(express.json())
+app.use((req, res, next) => {
+  const hostNoPort = (req.headers.host || '').split(':')[0].toLowerCase()
+  // agent-c235... .localhost
+  if (hostNoPort.endsWith('.localhost')) {
+    let sub = hostNoPort.slice(0, -'.localhost'.length) // "agent-c235..."
+    // remove "agent-" prefix if present
+    if (sub.startsWith('agent-')) {
+      sub = sub.slice('agent-'.length)
+    }
+    req.agentUid = sub
+    return next()
+  }
+  next()
+})
+app.get('/', (req, res) => {
+  if (req.agentUid) {
+    res.json({ uid: req.agentUid })
+  } else {
+    res.json({ hello: 'vestauth' })
+  }
+})
+app.post('/register', async (req, res) => {
+  try {
+    const url = `${req.protocol}://${req.get('host')}${req.originalUrl}`
+    const verified = await primitives.verify(req.method, url, req.headers, req.body.public_jwk)
+    const agent = await app.models.agent.create().fetch()
+    const attrs = {
+      agent: agent.id,
+      kid: verified.kid,
+      value: verified.public_jwk
+    }
+    const publicJwk = await app.models.public_jwk.create(attrs).fetch()
+    const agentFormatted = agent.toJSON()
+    res.json({
+      uid: agentFormatted.uidFormatted,
+      kid: publicJwk.kid,
+      public_jwk: verified.public_jwk,
+      is_new: true
+    })
+  } catch (err) {
+    logger.error(err)
+    res.status(401).json({ error: { status: 401, code: 401, message: err.message } })
+  }
+})
+app.get('/.well-known/http-message-signatures-directory', async (req, res) => {
+  const agent = await app.models.agent.findOne({ uid: req.agentUid })
+  if (!agent) {
+    return res.status(404).json({ error: { status: 404, code: 404, message: 'not found' } })
+  }
+  const jwks = await app.models.public_jwk.find({ agent: agent.id, state: 'active' })
+  const keys = jwks.map(j => j.value)
+  return res.json({ keys })
+})
+app.get('/whoami', async (req, res) => {
+  try {
+    const url = `${req.protocol}://${req.get('host')}${req.originalUrl}`
+    const verified = await tool.verify(req.method, url, req.headers)
+    res.json(verified)
+  } catch (err) {
+    logger.error(err)
+    res.status(401).json({ error: { status: 401, code: 401, message: err.message } })
+  }
+})
+async function start ({ port, databaseUrl } = {}) {
+  const PORT = port || '3000'
+  if (HTTP_SERVER) return HTTP_SERVER
+  try {
+    const { orm, config } = connectOrm({ databaseUrl })
+    // promisify initialize
+    const db = await new Promise((resolve, reject) => {
+      orm.initialize(config, (err, ontology) => {
+        if (err) return reject(err)
+        resolve(ontology)
+      })
+    })
+    ORM = orm
+    app.models = db.collections
+    HTTP_SERVER = await new Promise((resolve, reject) => {
+      const server = app.listen(PORT, () => {
+        logger.success(`vestauth server listening on http://localhost:${PORT}`)
+        resolve(server)
+      })
+      server.once('error', reject)
+    })
+    installSignalHandlers()
+    return HTTP_SERVER
+  } catch (error) {
+    await close().catch(() => {})
+    throw error
+  }
+}
+async function close () {
+  if (CLOSE_PROMISE) return CLOSE_PROMISE
+  CLOSE_PROMISE = (async () => {
+    removeSignalHandlers()
+    if (HTTP_SERVER) {
+      await new Promise((resolve, reject) => {
+        HTTP_SERVER.close((err) => {
+          if (err) return reject(err)
+          resolve()
+        })
+      })
+      HTTP_SERVER = null
+    }
+    if (ORM) {
+      await new Promise((resolve, reject) => {
+        ORM.teardown((err) => {
+          if (err) return reject(err)
+          resolve()
+        })
+      })
+      ORM = null
+    }
+    delete app.models
+  })()
+  try {
+    await CLOSE_PROMISE
+  } finally {
+    CLOSE_PROMISE = null
+  }
+}
+function installSignalHandlers () {
+  if (SIGNAL_HANDLERS_INSTALLED) return
+  const shutdown = () => {
+    close()
+      .then(() => process.exit(0))
+      .catch((err) => {
+        logger.error(err)
+        process.exit(1)
+      })
+  }
+  SIGNAL_HANDLERS = {
+    SIGINT: () => shutdown('SIGINT'),
+    SIGTERM: () => shutdown('SIGTERM')
+  }
+  process.once('SIGINT', SIGNAL_HANDLERS.SIGINT)
+  process.once('SIGTERM', SIGNAL_HANDLERS.SIGTERM)
+  SIGNAL_HANDLERS_INSTALLED = true
+}
+function removeSignalHandlers () {
+  if (!SIGNAL_HANDLERS_INSTALLED || !SIGNAL_HANDLERS) return
+  process.removeListener('SIGINT', SIGNAL_HANDLERS.SIGINT)
+  process.removeListener('SIGTERM', SIGNAL_HANDLERS.SIGTERM)
+  SIGNAL_HANDLERS = null
+  SIGNAL_HANDLERS_INSTALLED = false
+}
+module.exports = {
+  app,
+  start,
+  close
+}

package/src/server/models/agent.js ADDED Viewed

@@ -0,0 +1,47 @@
+const crypto = require('crypto')
+const Waterline = require('waterline')
+const protocol = require('./../../lib/helpers/protocol')
+const hostname = require('./../../lib/helpers/hostname')
+const Agent = Waterline.Collection.extend({
+  identity: 'agent',
+  tableName: 'agents',
+  datastore: 'default',
+  primaryKey: 'id',
+  schema: true,
+  attributes: {
+    id: { type: 'number', autoMigrations: { autoIncrement: true } },
+    uid: { type: 'string', required: false },
+    createdAt: { columnName: 'created_at', type: 'ref', autoCreatedAt: true },
+    updatedAt: { columnName: 'updated_at', type: 'ref', autoUpdatedAt: true },
+    // relationships
+    publicJwks: {
+      collection: 'public_jwk',
+      via: 'agent'
+    }
+  },
+  beforeCreate (self, next) {
+    if (!self.uid) {
+      const uid = crypto.randomBytes(12).toString('hex')
+      self.uid = uid
+    }
+    next()
+  },
+  customToJSON () {
+    const self = this
+    self.uidFormatted = `agent-${self.uid}`
+    self.wellKnownUrl = `${protocol()}://${self.uidFormatted}.${hostname()}/.well-known/http-message-signatures-directory`
+    // remove fields if needed
+    // delete self.privateKey
+    return self
+  }
+})
+module.exports = Agent

package/src/server/models/index.js ADDED Viewed

@@ -0,0 +1,31 @@
+const Waterline = require('waterline')
+const sailsPostgresAdapter = require('sails-postgresql')
+const Agent = require('./agent')
+const PublicJwk = require('./publicJwk')
+function connectOrm ({ databaseUrl }) {
+  const orm = new Waterline()
+  // register any models
+  orm.registerModel(Agent)
+  orm.registerModel(PublicJwk)
+  // setup config
+  const config = {
+    adapters: {
+      postgres: sailsPostgresAdapter
+    },
+    datastores: {
+      default: {
+        adapter: 'postgres',
+        url: databaseUrl,
+        migrate: 'safe' // IMPORTANT. instead managed by knex
+      }
+    }
+  }
+  return { orm, config }
+}
+module.exports = { connectOrm }

package/src/server/models/publicJwk.js ADDED Viewed

@@ -0,0 +1,39 @@
+const Waterline = require('waterline')
+const PublicJwk = Waterline.Collection.extend({
+  identity: 'public_jwk',
+  tableName: 'public_jwks',
+  datastore: 'default',
+  primaryKey: 'id',
+  schema: true,
+  attributes: {
+    id: { type: 'number', autoMigrations: { autoIncrement: true } },
+    agent: { model: 'agent', columnName: 'agent_id', required: true },
+    kid: { type: 'string', required: true },
+    value: { type: 'json', required: true },
+    state: { type: 'string', required: false },
+    createdAt: { columnName: 'created_at', type: 'ref', autoCreatedAt: true },
+    updatedAt: { columnName: 'updated_at', type: 'ref', autoUpdatedAt: true }
+  },
+  beforeCreate (self, next) {
+    if (!self.state) {
+      self.state = 'active' // default state
+    }
+    next()
+  }
+  // customToJSON () {
+  //   const self = this
+  //   self.uidFormatted = `agent-${self.uid}`
+  //   self.wellKnownUrl = `${protocol()}://${self.uidFormatted}.${hostname()}/.well-known/http-message-signatures-directory`
+  //   // remove fields if needed
+  //   // delete self.privateKey
+  //   return self
+  // }
+})
+module.exports = PublicJwk

package/src/server/services/register.js ADDED Viewed

@@ -0,0 +1,13 @@
+class Register {
+  constructor ({ httpMethod, uri, headers, publicJwk }) {
+    this.httpMethod = httpMethod
+    this.uri = uri
+    this.headers = headers
+    this.publicJwk = publicJwk
+  }
+  async run () {
+  }
+}
+module.exports = Register

package/src/lib/server/index.js DELETED Viewed

@@ -1,99 +0,0 @@
-const { logger } = require('./../../shared/logger')
-const tool = require('./../tool')
-const primitives = require('./../primitives')
-const express = require('express')
-const crypto = require('crypto')
-const AGENTS = []
-const PUBLIC_JWKS = []
-const app = express()
-app.use(express.json())
-app.use((req, res, next) => {
-  const hostNoPort = (req.headers.host || '').split(':')[0].toLowerCase()
-  // agent-c235... .localhost
-  if (hostNoPort.endsWith('.localhost')) {
-    const sub = hostNoPort.slice(0, -'.localhost'.length) // "agent-c235..."
-    req.agentUid = sub
-    return next()
-  }
-  next()
-})
-app.get('/', (req, res) => {
-  if (req.agentUid) {
-    res.json({ uid: req.agentUid })
-  } else {
-    res.json({ hello: 'vestauth' })
-  }
-})
-app.post('/register', async (req, res) => {
-  try {
-    const url = `${req.protocol}://${req.get('host')}${req.originalUrl}`
-    const verified = await primitives.verify(req.method, url, req.headers, req.body.public_jwk)
-    // insert agent
-    const uid = `agent-${crypto.randomBytes(12).toString('hex')}`
-    const agent = { uid }
-    AGENTS.push(agent)
-    // insert public_jwk
-    const publicJwk = {
-      agent_uid: agent.uid,
-      kid: verified.kid,
-      value: verified.public_jwk
-    }
-    PUBLIC_JWKS.push(publicJwk)
-    // response must be this format
-    const json = {
-      uid: agent.uid,
-      kid: publicJwk.kid,
-      public_jwk: verified.public_jwk,
-      is_new: true
-    }
-    res.json(json)
-  } catch (err) {
-    logger.error(err)
-    res.status(401).json({ error: { status: 401, code: 401, message: err.message } })
-  }
-})
-app.get('/.well-known/http-message-signatures-directory', (req, res) => {
-  const keys = PUBLIC_JWKS
-    .filter(jwk => jwk.agent_uid === req.agentUid)
-    .map(jwk => jwk.value)
-  res.json({ keys })
-})
-app.get('/whoami', async (req, res) => {
-  try {
-    const url = `${req.protocol}://${req.get('host')}${req.originalUrl}`
-    const verified = await tool.verify(req.method, url, req.headers)
-    res.json(verified)
-  } catch (err) {
-    logger.error(err)
-    res.status(401).json({ error: { status: 401, code: 401, message: err.message } })
-  }
-})
-function start ({ port } = {}) {
-  const PORT = port || '3000'
-  return app.listen(PORT, () => {
-    logger.success(`vestauth server listening on http://localhost:${PORT}`)
-  })
-}
-module.exports = {
-  app,
-  start
-}