@deepstructure/tenant-db - npm Package Compare versions

Comparing version 2.7.0 to 3.0.0

dist/index.d.ts

		@@ -211,2 +211,38 @@ import { PostgrestClient } from '@supabase/postgrest-js';
		};
		ReconcilerLogs: {
		Row: {
		action: string;
		createdAt: string;
		errorMessage: string \| null;
		id: string;
		metadata: Json \| null;
		orgId: string \| null;
		resourceId: string;
		resourceType: string;
		status: string;
		};
		Insert: {
		action: string;
		createdAt?: string;
		errorMessage?: string \| null;
		id: string;
		metadata?: Json \| null;
		orgId?: string \| null;
		resourceId: string;
		resourceType: string;
		status: string;
		};
		Update: {
		action?: string;
		createdAt?: string;
		errorMessage?: string \| null;
		id?: string;
		metadata?: Json \| null;
		orgId?: string \| null;
		resourceId?: string;
		resourceType?: string;
		status?: string;
		};
		Relationships: [];
		};
		Secret: {
		@@ -446,2 +482,7 @@ Row: {
		};
		ReconcilerLogs: {
		Insert: Omit<Database["public"]["Tables"]["ReconcilerLogs"]["Insert"], "createdAt"> & {
		createdAt?: string;
		};
		};
		EnvVar: {
		@@ -490,3 +531,3 @@ Insert: Omit<Database["public"]["Tables"]["EnvVar"]["Insert"], "createdAt"> & {
		};
		type TenantDBTableNames = "Team" \| "User" \| "UserTeam" \| "SystemConfig";
		type TenantDBTableNames = "Team" \| "User" \| "UserTeam" \| "SystemConfig" \| "ReconcilerLogs";
		type TenantDB = {
		@@ -717,2 +758,6 @@ public: {
		type SystemConfig = TenantTables<"SystemConfig">;
		type ReconcilerLogEntry = Omit<TenantTables<"ReconcilerLogs"> & {
		action: "DEPLOY" \| "DESTROY" \| "RESET" \| "DEPLOY_NO_DB" \| "DEPLOY_WEB_CONSOLE_ONLY";
		status: "failed" \| "success" \| "pending" \| "skipped" \| "error" \| "in_progress" \| "cancelled";
		}, "id" \| "createdAt">;
		declare class TenantDatabase {
		@@ -739,2 +784,5 @@ postgrest: PostgrestClient<TenantDB>;
		} \| null>;
		insertReconcilerLog(log: ReconcilerLogEntry): Promise<{
		id: string;
		}>;
		}
		@@ -759,2 +807,2 @@

		export { type ApiKey, type Application, type Deployment, type EnvVar, type OrgDB, type OrgDBTableNames, OrgDatabase, type OrgEnums, type OrgTables, type OrgTablesInsert, type OrgTablesUpdate, type OrgViews, type Secret, type SystemConfig, type Team, type TeamSecret, type TenantDB, type TenantDBTableNames, TenantDatabase, type TenantEnums, type TenantTables, type TenantTablesInsert, type TenantTablesUpdate, type User, type UserTeam, createPostgrestClient, generateApiKey, maskApiKey, orgDatabase, orgDatabaseFromId, tenantDatabase };
		export { type ApiKey, type Application, type Deployment, type EnvVar, type OrgDB, type OrgDBTableNames, OrgDatabase, type OrgEnums, type OrgTables, type OrgTablesInsert, type OrgTablesUpdate, type OrgViews, type ReconcilerLogEntry, type Secret, type SystemConfig, type Team, type TeamSecret, type TenantDB, type TenantDBTableNames, TenantDatabase, type TenantEnums, type TenantTables, type TenantTablesInsert, type TenantTablesUpdate, type User, type UserTeam, createPostgrestClient, generateApiKey, maskApiKey, orgDatabase, orgDatabaseFromId, tenantDatabase };

dist/index.js

		@@ -1,2 +0,2 @@
		import{PostgrestClient as b}from"@supabase/postgrest-js";var A=s=>{if(s)return s;let{POSTGREST_URL:t}=process.env;if(!t)throw new Error("missing POSTGREST_URL environment variable");return t},I=(s,t)=>{let e=s.toLowerCase().replace(/[^a-z0-9-]/g,"-").replace(/^[^a-z0-9]+\|[^a-z0-9]+$/g,"").substring(0,253),r=new URL(A(t));return r.hostname=`team.${r.hostname}`,r.pathname=`/team/team-${e}`,r.toString().replace(/\/$/,"")};function d(s,t){let e=typeof s=="string",r=e?s:void 0,n=e?t:s,a=n?.token\|\|process.env.JWT_TOKEN;if(!a)throw new Error("missing Postgrest JWT token: use JWT_TOKEN environment variable or pass via options");let i={Authorization:`Bearer ${a}`};return r?n?.url&&n?.useProvidedUrlAsIs?new b(n.url,{headers:i,fetch}):new b(I(r,n?.url),{headers:i,fetch}):new b(A(n?.url),{headers:i,fetch})}import"@supabase/postgrest-js";import{randomBytes as w,pbkdf2 as E}from"node:crypto";import{promisify as P}from"node:util";var S=P(E),h="ds";function v(){return w(4).toString("hex")}function x(){return w(12).toString("hex")}function f(s){if(s&&s.length!==8)throw new Error("Invalid identifier format");return s=s\|\|v(),`${h}-${s}-${x()}`}function m(s){let[t,e,r]=s.split("-");if(t!==h)throw new Error("Invalid API Key: incorrect prefix");if(typeof e!="string"\|\|e.length!==8)throw new Error("Invalid API Key: incorrect identifier format");if(typeof r!="string"\|\|r.length!==24)throw new Error("Invalid API Key: incorrect secret format");return{identifier:e,secret:r}}async function T(s,t=w(16).toString("hex")){let a=await S(s,t,1e4,64,"sha512");return`${t}:${a.toString("hex")}`}function K(s){let{identifier:t,secret:e}=m(s),r="".repeat(e.length);return`${h}-${t}-${r}`}import{uuidv7 as y}from"uuidv7";import C from"age-encryption";var D=async(s,t)=>{let{Encrypter:e}=await C(),r=new e;for(let a of t)r.addRecipient(a);let n=r.encrypt(Buffer.from(s));return btoa(n.toString())};var l="DEFAULT_DS_API_KEY";function o(s){if(!s)throw new Error("no applicationId given and DS_APPLICATION_ID environment variable not set");return s}var g=class{postgrest;constructor(t,e){this.postgrest=d(t,e)}async getApplications(){let{data:t,error:e}=await this.postgrest.from("Application").select("");if(e)throw e;return t}async getApplicationById(t){let{data:e,error:r}=await this.postgrest.from("Application").select("*").eq("id",t).single();if(r)throw r;return e}async getLatestApplicationDeployments(t){let e=this.postgrest,r=[];for(let i of t){let{data:c,error:p}=await e.from("Deployment").select("id").eq("applicationId",i).order("createdAt",{ascending:!1}).limit(1).maybeSingle();if(p)throw p;c!==null&&r.push(c.id)}let{data:n,error:a}=await e.from("Deployment").select("id, createdAt, applicationId, status").in("id",r);if(a)throw a;return n}async getDeploymentJson(t){let{data:e,error:r}=await this.postgrest.from("Deployment").select("deployment").eq("id",t).single().throwOnError();if(r)throw r;return e.deployment}async listEnvVars(t=process.env.DS_APPLICATION_ID){t=o(t);try{let{data:e}=await this.postgrest.from("EnvVar").select(`
		import{PostgrestClient as b}from"@supabase/postgrest-js";var A=s=>{if(s)return s;let{POSTGREST_URL:t}=process.env;if(!t)throw new Error("missing POSTGREST_URL environment variable");return t},O=(s,t)=>{let e=s.toLowerCase().replace(/[^a-z0-9-]/g,"-").replace(/^[^a-z0-9]+\|[^a-z0-9]+$/g,"").substring(0,253),r=new URL(A(t));return r.hostname=`team.${r.hostname}`,r.pathname=`/team/team-${e}`,r.toString().replace(/\/$/,"")};function m(s,t){let e=typeof s=="string",r=e?s:void 0,n=e?t:s,a=n?.token\|\|process.env.JWT_TOKEN;if(!a)throw new Error("missing Postgrest JWT token: use JWT_TOKEN environment variable or pass via options");let i={Authorization:`Bearer ${a}`};return r?n?.url&&n?.useProvidedUrlAsIs?new b(n.url,{headers:i,fetch}):new b(O(r,n?.url),{headers:i,fetch}):new b(A(n?.url),{headers:i,fetch})}import"@supabase/postgrest-js";import{randomBytes as w,pbkdf2 as I}from"node:crypto";import{promisify as P}from"node:util";var S=P(I),h="ds";function v(){return w(4).toString("hex")}function x(){return w(12).toString("hex")}function f(s){if(s&&s.length!==8)throw new Error("Invalid identifier format");return s=s\|\|v(),`${h}-${s}-${x()}`}function y(s){let[t,e,r]=s.split("-");if(t!==h)throw new Error("Invalid API Key: incorrect prefix");if(typeof e!="string"\|\|e.length!==8)throw new Error("Invalid API Key: incorrect identifier format");if(typeof r!="string"\|\|r.length!==24)throw new Error("Invalid API Key: incorrect secret format");return{identifier:e,secret:r}}async function T(s,t=w(16).toString("hex")){let a=await S(s,t,1e4,64,"sha512");return`${t}:${a.toString("hex")}`}function K(s){let{identifier:t,secret:e}=y(s),r="".repeat(e.length);return`${h}-${t}-${r}`}import{uuidv7 as l}from"uuidv7";import C from"age-encryption";var D=async(s,t)=>{let{Encrypter:e}=await C(),r=new e;for(let a of t)r.addRecipient(a);let n=r.encrypt(Buffer.from(s));return btoa(n.toString())};var g="DEFAULT_DS_API_KEY";function o(s){if(!s)throw new Error("no applicationId given and DS_APPLICATION_ID environment variable not set");return s}var d=class{postgrest;constructor(t,e){this.postgrest=m(t,e)}async getApplications(){let{data:t,error:e}=await this.postgrest.from("Application").select("");if(e)throw e;return t}async getApplicationById(t){let{data:e,error:r}=await this.postgrest.from("Application").select("*").eq("id",t).single();if(r)throw r;return e}async getLatestApplicationDeployments(t){let e=this.postgrest,r=[];for(let i of t){let{data:c,error:p}=await e.from("Deployment").select("id").eq("applicationId",i).order("createdAt",{ascending:!1}).limit(1).maybeSingle();if(p)throw p;c!==null&&r.push(c.id)}let{data:n,error:a}=await e.from("Deployment").select("id, createdAt, applicationId, status").in("id",r);if(a)throw a;return n}async getDeploymentJson(t){let{data:e,error:r}=await this.postgrest.from("Deployment").select("deployment").eq("id",t).single().throwOnError();if(r)throw r;return e.deployment}async listEnvVars(t=process.env.DS_APPLICATION_ID){t=o(t);try{let{data:e}=await this.postgrest.from("EnvVar").select(`
		id,
		@@ -12,3 +12,3 @@ name,
		)
		`).eq("applicationId",t).throwOnError();return e?.length?e.filter(Boolean):[]}catch(e){throw new Error("error listing env vars: "+e.message,{cause:e})}}async setEnvVar({applicationId:t=process.env.DS_APPLICATION_ID,name:e,value:r}){t=o(t);try{let n=await this.listSecrets(t);if(n&&n.find(i=>i.name===e))throw new Error(`a secret with the name "${e}" already exists`);let{data:a}=await this.postgrest.from("EnvVar").upsert({id:y(),applicationId:t,name:e,value:r,updatedAt:new Date().toISOString()},{onConflict:"applicationId, name"}).select().single().throwOnError();if(!a)throw new Error("could not store env var");return a}catch(n){throw new Error("error setting env vars: "+n.message,{cause:n})}}async unsetEnvVar({applicationId:t=process.env.DS_APPLICATION_ID,name:e}){t=o(t);try{let{count:r}=await this.postgrest.from("EnvVar").delete({count:"exact"}).eq("applicationId",t).eq("name",e).throwOnError();if(r===0\|\|r===null)throw new Error(`no env var found with name "${e}"`)}catch(r){throw new Error("error listing env vars: "+r.message,{cause:r})}}async listSecrets(t=process.env.DS_APPLICATION_ID){t=o(t);try{let{data:e}=await this.postgrest.from("Secret").select(`
		`).eq("applicationId",t).throwOnError();return e?.length?e.filter(Boolean):[]}catch(e){throw new Error("error listing env vars: "+e.message,{cause:e})}}async setEnvVar({applicationId:t=process.env.DS_APPLICATION_ID,name:e,value:r}){t=o(t);try{let n=await this.listSecrets(t);if(n&&n.find(i=>i.name===e))throw new Error(`a secret with the name "${e}" already exists`);let{data:a}=await this.postgrest.from("EnvVar").upsert({id:l(),applicationId:t,name:e,value:r,updatedAt:new Date().toISOString()},{onConflict:"applicationId, name"}).select().single().throwOnError();if(!a)throw new Error("could not store env var");return a}catch(n){throw new Error("error setting env vars: "+n.message,{cause:n})}}async unsetEnvVar({applicationId:t=process.env.DS_APPLICATION_ID,name:e}){t=o(t);try{let{count:r}=await this.postgrest.from("EnvVar").delete({count:"exact"}).eq("applicationId",t).eq("name",e).throwOnError();if(r===0\|\|r===null)throw new Error(`no env var found with name "${e}"`)}catch(r){throw new Error("error listing env vars: "+r.message,{cause:r})}}async listSecrets(t=process.env.DS_APPLICATION_ID){t=o(t);try{let{data:e}=await this.postgrest.from("Secret").select(`
		id,
		@@ -24,2 +24,2 @@ name,
		)
		`).eq("applicationId",t).throwOnError();return e?.length?e.filter(Boolean):[]}catch(e){throw new Error("error listing secrets: "+e.message,{cause:e})}}async setSecret({applicationId:t=process.env.DS_APPLICATION_ID,name:e,value:r,alreadyEncrypted:n=!1}){t=o(t);try{let{data:a}=await this.postgrest.from("SystemConfig").select("value").eq("name","DS_PUBLIC_AGE_KEY").single().throwOnError();if(!a)throw new Error("missing public key in org database");let i=await this.listEnvVars(t);if(i&&i.find(O=>O.name===e))throw new Error(`an env var with the name "${e}" already exists`);let c=n?r:await D(r,[a.value]),{data:p}=await this.postgrest.from("Secret").upsert({id:y(),applicationId:t,name:e,valueEnc:c,updatedAt:new Date().toISOString()},{onConflict:"applicationId, name"}).select().single().throwOnError();if(!p)throw new Error("could not store secret");return p}catch(a){throw new Error("error setting secret: "+a.message,{cause:a})}}async unsetSecret({applicationId:t=process.env.DS_APPLICATION_ID,name:e}){t=o(t);try{let{count:r}=await this.postgrest.from("Secret").delete({count:"exact"}).eq("applicationId",t).eq("name",e).throwOnError();if(r===0\|\|r===null)throw new Error(`no secret found with name "${e}"`)}catch(r){throw new Error("error unsetting secret: "+r.message,{cause:r})}}async createApiKey(t,e=process.env.DS_APPLICATION_ID){e=o(e);try{if(t){let{data:c}=await this.postgrest.from("ApiKey").select("id").eq("applicationId",e).eq("name",t).maybeSingle().throwOnError();if(c)throw new Error(`an API key with the name "${t}" already exists`)}let r=f(),{identifier:n,secret:a}=m(r),i=await T(a);return await this.postgrest.from("ApiKey").insert({id:y(),identifier:n,hashedSecret:i,name:t\|\|null,applicationId:e,updatedAt:new Date().toISOString()}).throwOnError(),r}catch(r){throw new Error("error creating API key: "+r.message,{cause:r})}}async verifyApiKey(t,e=process.env.DS_APPLICATION_ID){e=o(e);try{let{identifier:r,secret:n}=m(t),{data:a}=await this.postgrest.from("ApiKey").select("hashedSecret").eq("applicationId",e).eq("identifier",r).single().throwOnError();if(!a)return!1;let[i]=a.hashedSecret.split(":");if(!i)throw new Error("hashed secret not in expected format");let c=await T(n,i);return this.postgrest.from("ApiKey").update({lastUsedAt:new Date().toISOString()}).eq("applicationId",e).eq("identifier",r).then(({error:p})=>{p&&console.warn("Failed to update lastUsedAt for ApiKey:",p)}),c===a.hashedSecret}catch(r){throw new Error("error verifying API key: "+r.message)}}async revokeApiKey(t,e=process.env.DS_APPLICATION_ID){e=o(e);try{let{data:r}=await this.postgrest.from("ApiKey").select("identifier, name").eq("applicationId",e).or(`identifier.eq.${t},name.eq.${t}`).single().throwOnError();if(!r)throw new Error(`no API key found with identifier or name "${t}"`);return await this.postgrest.from("ApiKey").delete().eq("applicationId",e).eq("identifier",r.identifier).throwOnError(),{identifier:r.identifier,name:r.name,applicationId:e}}catch(r){throw new Error("Unexpected error revoking API key: "+r.message)}}async rotateApiKey(t,e=process.env.DS_APPLICATION_ID){e=o(e);try{let{data:r}=await this.postgrest.from("ApiKey").select("identifier, name").eq("applicationId",e).or(`identifier.eq.${t},name.eq.${t}`).single().throwOnError();if(!r)throw new Error(`no API key found with identifier or name "${t}"`);let n=f(r.identifier),{secret:a}=m(n),i=await T(a);return await this.postgrest.from("ApiKey").update({hashedSecret:i,updatedAt:new Date().toISOString()}).eq("applicationId",e).eq("identifier",r.identifier).throwOnError(),{apiKey:n,identifier:r.identifier,name:r.name,applicationId:e}}catch(r){throw new Error("error rotating API key: "+r.message,{cause:r})}}async listApiKeys(t=process.env.DS_APPLICATION_ID){t=o(t);try{let{data:e}=await this.postgrest.from("ApiKey").select("id, identifier, name, createdAt, updatedAt, lastUsedAt").eq("applicationId",t).order("createdAt",{ascending:!1}).throwOnError();return e\|\|[]}catch(e){throw new Error("error listing API keys: "+e.message)}}async createDefaultApiKey(t=process.env.DS_APPLICATION_ID){t=o(t);try{let e=await this.createApiKey(l,t);return await this.setSecret({applicationId:t,name:l,value:e}),e}catch(e){throw new Error("error creating default API key: "+e.message,{cause:e})}}async revokeDefaultApiKey(t=process.env.DS_APPLICATION_ID){t=o(t);try{let e=await this.revokeApiKey(l,t);return await this.unsetSecret({applicationId:t,name:l}),e}catch(e){throw new Error("error revoking default API key: "+e.message,{cause:e})}}async rotateDefaultApiKey(t=process.env.DS_APPLICATION_ID){t=o(t);try{let e=await this.rotateApiKey(l,t);return await this.setSecret({applicationId:t,name:l,value:e.apiKey}),e}catch(e){throw new Error(`error rotating default API key: ${e.message}`,{cause:e})}}};import"@supabase/postgrest-js";var u=class{postgrest;constructor(t){this.postgrest=d(t)}async getTeam(t){let{data:e}=await this.postgrest.from("Team").select().eq("id",t).limit(1).single();return e}async getUser(t){let{data:e}=await this.postgrest.from("User").select().eq("email",t).limit(1).single();return e}};var _=s=>new u(s),re=(s,t)=>new g(s,t),se=async(s,t)=>{let e=await _(t).getTeam(s);if(!e)throw new Error(`No team found for teamId=${s}`);return new g(e.name,t)};export{g as OrgDatabase,u as TenantDatabase,d as createPostgrestClient,f as generateApiKey,K as maskApiKey,re as orgDatabase,se as orgDatabaseFromId,_ as tenantDatabase,y as uuid};
		`).eq("applicationId",t).throwOnError();return e?.length?e.filter(Boolean):[]}catch(e){throw new Error("error listing secrets: "+e.message,{cause:e})}}async setSecret({applicationId:t=process.env.DS_APPLICATION_ID,name:e,value:r,alreadyEncrypted:n=!1}){t=o(t);try{let{data:a}=await this.postgrest.from("SystemConfig").select("value").eq("name","DS_PUBLIC_AGE_KEY").single().throwOnError();if(!a)throw new Error("missing public key in org database");let i=await this.listEnvVars(t);if(i&&i.find(E=>E.name===e))throw new Error(`an env var with the name "${e}" already exists`);let c=n?r:await D(r,[a.value]),{data:p}=await this.postgrest.from("Secret").upsert({id:l(),applicationId:t,name:e,valueEnc:c,updatedAt:new Date().toISOString()},{onConflict:"applicationId, name"}).select().single().throwOnError();if(!p)throw new Error("could not store secret");return p}catch(a){throw new Error("error setting secret: "+a.message,{cause:a})}}async unsetSecret({applicationId:t=process.env.DS_APPLICATION_ID,name:e}){t=o(t);try{let{count:r}=await this.postgrest.from("Secret").delete({count:"exact"}).eq("applicationId",t).eq("name",e).throwOnError();if(r===0\|\|r===null)throw new Error(`no secret found with name "${e}"`)}catch(r){throw new Error("error unsetting secret: "+r.message,{cause:r})}}async createApiKey(t,e=process.env.DS_APPLICATION_ID){e=o(e);try{if(t){let{data:c}=await this.postgrest.from("ApiKey").select("id").eq("applicationId",e).eq("name",t).maybeSingle().throwOnError();if(c)throw new Error(`an API key with the name "${t}" already exists`)}let r=f(),{identifier:n,secret:a}=y(r),i=await T(a);return await this.postgrest.from("ApiKey").insert({id:l(),identifier:n,hashedSecret:i,name:t\|\|null,applicationId:e,updatedAt:new Date().toISOString()}).throwOnError(),r}catch(r){throw new Error("error creating API key: "+r.message,{cause:r})}}async verifyApiKey(t,e=process.env.DS_APPLICATION_ID){e=o(e);try{let{identifier:r,secret:n}=y(t),{data:a}=await this.postgrest.from("ApiKey").select("hashedSecret").eq("applicationId",e).eq("identifier",r).single().throwOnError();if(!a)return!1;let[i]=a.hashedSecret.split(":");if(!i)throw new Error("hashed secret not in expected format");let c=await T(n,i);return this.postgrest.from("ApiKey").update({lastUsedAt:new Date().toISOString()}).eq("applicationId",e).eq("identifier",r).then(({error:p})=>{p&&console.warn("Failed to update lastUsedAt for ApiKey:",p)}),c===a.hashedSecret}catch(r){throw new Error("error verifying API key: "+r.message)}}async revokeApiKey(t,e=process.env.DS_APPLICATION_ID){e=o(e);try{let{data:r}=await this.postgrest.from("ApiKey").select("identifier, name").eq("applicationId",e).or(`identifier.eq.${t},name.eq.${t}`).single().throwOnError();if(!r)throw new Error(`no API key found with identifier or name "${t}"`);return await this.postgrest.from("ApiKey").delete().eq("applicationId",e).eq("identifier",r.identifier).throwOnError(),{identifier:r.identifier,name:r.name,applicationId:e}}catch(r){throw new Error("Unexpected error revoking API key: "+r.message)}}async rotateApiKey(t,e=process.env.DS_APPLICATION_ID){e=o(e);try{let{data:r}=await this.postgrest.from("ApiKey").select("identifier, name").eq("applicationId",e).or(`identifier.eq.${t},name.eq.${t}`).single().throwOnError();if(!r)throw new Error(`no API key found with identifier or name "${t}"`);let n=f(r.identifier),{secret:a}=y(n),i=await T(a);return await this.postgrest.from("ApiKey").update({hashedSecret:i,updatedAt:new Date().toISOString()}).eq("applicationId",e).eq("identifier",r.identifier).throwOnError(),{apiKey:n,identifier:r.identifier,name:r.name,applicationId:e}}catch(r){throw new Error("error rotating API key: "+r.message,{cause:r})}}async listApiKeys(t=process.env.DS_APPLICATION_ID){t=o(t);try{let{data:e}=await this.postgrest.from("ApiKey").select("id, identifier, name, createdAt, updatedAt, lastUsedAt").eq("applicationId",t).order("createdAt",{ascending:!1}).throwOnError();return e\|\|[]}catch(e){throw new Error("error listing API keys: "+e.message)}}async createDefaultApiKey(t=process.env.DS_APPLICATION_ID){t=o(t);try{let e=await this.createApiKey(g,t);return await this.setSecret({applicationId:t,name:g,value:e}),e}catch(e){throw new Error("error creating default API key: "+e.message,{cause:e})}}async revokeDefaultApiKey(t=process.env.DS_APPLICATION_ID){t=o(t);try{let e=await this.revokeApiKey(g,t);return await this.unsetSecret({applicationId:t,name:g}),e}catch(e){throw new Error("error revoking default API key: "+e.message,{cause:e})}}async rotateDefaultApiKey(t=process.env.DS_APPLICATION_ID){t=o(t);try{let e=await this.rotateApiKey(g,t);return await this.setSecret({applicationId:t,name:g,value:e.apiKey}),e}catch(e){throw new Error(`error rotating default API key: ${e.message}`,{cause:e})}}};import"@supabase/postgrest-js";var u=class{postgrest;constructor(t){this.postgrest=m(t)}async getTeam(t){let{data:e}=await this.postgrest.from("Team").select().eq("id",t).limit(1).single();return e}async getUser(t){let{data:e}=await this.postgrest.from("User").select().eq("email",t).limit(1).single();return e}async insertReconcilerLog(t){let{data:e,error:r}=await this.postgrest.from("ReconcilerLogs").insert({id:l(),...t}).select("id").single();if(r)throw new Error(`Error inserting reconciler log: ${r.message}`);return e}};var _=s=>new u(s),se=(s,t)=>new d(s,t),ne=async(s,t)=>{let e=await _(t).getTeam(s);if(!e)throw new Error(`No team found for teamId=${s}`);return new d(e.name,t)};export{d as OrgDatabase,u as TenantDatabase,m as createPostgrestClient,f as generateApiKey,K as maskApiKey,se as orgDatabase,ne as orgDatabaseFromId,_ as tenantDatabase,l as uuid};

package.json

		{
		"name": "@deepstructure/tenant-db",
		"version": "2.7.0",
		"version": "3.0.0",
		"access": "public",
		@@ -27,3 +27,3 @@ "license": "UNLICENSED",
		"typescript": "^5.3.3",
		"@ds/tsconfig": "2.7.0"
		"@ds/tsconfig": "3.0.0"
		},
		@@ -30,0 +30,0 @@ "dependencies": {

dist/index.cjs

Sorry, the diff of this file is not supported yet

dist/index.d.cts

Sorry, the diff of this file is not supported yet

		@@ -1,2 +0,2 @@
		import{PostgrestClient as b}from"@supabase/postgrest-js";var A=s=>{if(s)return s;let{POSTGREST_URL:t}=process.env;if(!t)throw new Error("missing POSTGREST_URL environment variable");return t},I=(s,t)=>{let e=s.toLowerCase().replace(/[^a-z0-9-]/g,"-").replace(/^[^a-z0-9]+\|[^a-z0-9]+$/g,"").substring(0,253),r=new URL(A(t));return r.hostname=`team.${r.hostname}`,r.pathname=`/team/team-${e}`,r.toString().replace(/\/$/,"")};function d(s,t){let e=typeof s=="string",r=e?s:void 0,n=e?t:s,a=n?.token\|\|process.env.JWT_TOKEN;if(!a)throw new Error("missing Postgrest JWT token: use JWT_TOKEN environment variable or pass via options");let i={Authorization:`Bearer ${a}`};return r?n?.url&&n?.useProvidedUrlAsIs?new b(n.url,{headers:i,fetch}):new b(I(r,n?.url),{headers:i,fetch}):new b(A(n?.url),{headers:i,fetch})}import"@supabase/postgrest-js";import{randomBytes as w,pbkdf2 as E}from"node:crypto";import{promisify as P}from"node:util";var S=P(E),h="ds";function v(){return w(4).toString("hex")}function x(){return w(12).toString("hex")}function f(s){if(s&&s.length!==8)throw new Error("Invalid identifier format");return s=s\|\|v(),`${h}-${s}-${x()}`}function m(s){let[t,e,r]=s.split("-");if(t!==h)throw new Error("Invalid API Key: incorrect prefix");if(typeof e!="string"\|\|e.length!==8)throw new Error("Invalid API Key: incorrect identifier format");if(typeof r!="string"\|\|r.length!==24)throw new Error("Invalid API Key: incorrect secret format");return{identifier:e,secret:r}}async function T(s,t=w(16).toString("hex")){let a=await S(s,t,1e4,64,"sha512");return`${t}:${a.toString("hex")}`}function K(s){let{identifier:t,secret:e}=m(s),r="".repeat(e.length);return`${h}-${t}-${r}`}import{uuidv7 as y}from"uuidv7";import C from"age-encryption";var D=async(s,t)=>{let{Encrypter:e}=await C(),r=new e;for(let a of t)r.addRecipient(a);let n=r.encrypt(Buffer.from(s));return btoa(n.toString())};var l="DEFAULT_DS_API_KEY";function o(s){if(!s)throw new Error("no applicationId given and DS_APPLICATION_ID environment variable not set");return s}var g=class{postgrest;constructor(t,e){this.postgrest=d(t,e)}async getApplications(){let{data:t,error:e}=await this.postgrest.from("Application").select("");if(e)throw e;return t}async getApplicationById(t){let{data:e,error:r}=await this.postgrest.from("Application").select("*").eq("id",t).single();if(r)throw r;return e}async getLatestApplicationDeployments(t){let e=this.postgrest,r=[];for(let i of t){let{data:c,error:p}=await e.from("Deployment").select("id").eq("applicationId",i).order("createdAt",{ascending:!1}).limit(1).maybeSingle();if(p)throw p;c!==null&&r.push(c.id)}let{data:n,error:a}=await e.from("Deployment").select("id, createdAt, applicationId, status").in("id",r);if(a)throw a;return n}async getDeploymentJson(t){let{data:e,error:r}=await this.postgrest.from("Deployment").select("deployment").eq("id",t).single().throwOnError();if(r)throw r;return e.deployment}async listEnvVars(t=process.env.DS_APPLICATION_ID){t=o(t);try{let{data:e}=await this.postgrest.from("EnvVar").select(`
		import{PostgrestClient as b}from"@supabase/postgrest-js";var A=s=>{if(s)return s;let{POSTGREST_URL:t}=process.env;if(!t)throw new Error("missing POSTGREST_URL environment variable");return t},O=(s,t)=>{let e=s.toLowerCase().replace(/[^a-z0-9-]/g,"-").replace(/^[^a-z0-9]+\|[^a-z0-9]+$/g,"").substring(0,253),r=new URL(A(t));return r.hostname=`team.${r.hostname}`,r.pathname=`/team/team-${e}`,r.toString().replace(/\/$/,"")};function m(s,t){let e=typeof s=="string",r=e?s:void 0,n=e?t:s,a=n?.token\|\|process.env.JWT_TOKEN;if(!a)throw new Error("missing Postgrest JWT token: use JWT_TOKEN environment variable or pass via options");let i={Authorization:`Bearer ${a}`};return r?n?.url&&n?.useProvidedUrlAsIs?new b(n.url,{headers:i,fetch}):new b(O(r,n?.url),{headers:i,fetch}):new b(A(n?.url),{headers:i,fetch})}import"@supabase/postgrest-js";import{randomBytes as w,pbkdf2 as I}from"node:crypto";import{promisify as P}from"node:util";var S=P(I),h="ds";function v(){return w(4).toString("hex")}function x(){return w(12).toString("hex")}function f(s){if(s&&s.length!==8)throw new Error("Invalid identifier format");return s=s\|\|v(),`${h}-${s}-${x()}`}function y(s){let[t,e,r]=s.split("-");if(t!==h)throw new Error("Invalid API Key: incorrect prefix");if(typeof e!="string"\|\|e.length!==8)throw new Error("Invalid API Key: incorrect identifier format");if(typeof r!="string"\|\|r.length!==24)throw new Error("Invalid API Key: incorrect secret format");return{identifier:e,secret:r}}async function T(s,t=w(16).toString("hex")){let a=await S(s,t,1e4,64,"sha512");return`${t}:${a.toString("hex")}`}function K(s){let{identifier:t,secret:e}=y(s),r="".repeat(e.length);return`${h}-${t}-${r}`}import{uuidv7 as l}from"uuidv7";import C from"age-encryption";var D=async(s,t)=>{let{Encrypter:e}=await C(),r=new e;for(let a of t)r.addRecipient(a);let n=r.encrypt(Buffer.from(s));return btoa(n.toString())};var g="DEFAULT_DS_API_KEY";function o(s){if(!s)throw new Error("no applicationId given and DS_APPLICATION_ID environment variable not set");return s}var d=class{postgrest;constructor(t,e){this.postgrest=m(t,e)}async getApplications(){let{data:t,error:e}=await this.postgrest.from("Application").select("");if(e)throw e;return t}async getApplicationById(t){let{data:e,error:r}=await this.postgrest.from("Application").select("*").eq("id",t).single();if(r)throw r;return e}async getLatestApplicationDeployments(t){let e=this.postgrest,r=[];for(let i of t){let{data:c,error:p}=await e.from("Deployment").select("id").eq("applicationId",i).order("createdAt",{ascending:!1}).limit(1).maybeSingle();if(p)throw p;c!==null&&r.push(c.id)}let{data:n,error:a}=await e.from("Deployment").select("id, createdAt, applicationId, status").in("id",r);if(a)throw a;return n}async getDeploymentJson(t){let{data:e,error:r}=await this.postgrest.from("Deployment").select("deployment").eq("id",t).single().throwOnError();if(r)throw r;return e.deployment}async listEnvVars(t=process.env.DS_APPLICATION_ID){t=o(t);try{let{data:e}=await this.postgrest.from("EnvVar").select(`
		id,
		@@ -12,3 +12,3 @@ name,
		)
		`).eq("applicationId",t).throwOnError();return e?.length?e.filter(Boolean):[]}catch(e){throw new Error("error listing env vars: "+e.message,{cause:e})}}async setEnvVar({applicationId:t=process.env.DS_APPLICATION_ID,name:e,value:r}){t=o(t);try{let n=await this.listSecrets(t);if(n&&n.find(i=>i.name===e))throw new Error(`a secret with the name "${e}" already exists`);let{data:a}=await this.postgrest.from("EnvVar").upsert({id:y(),applicationId:t,name:e,value:r,updatedAt:new Date().toISOString()},{onConflict:"applicationId, name"}).select().single().throwOnError();if(!a)throw new Error("could not store env var");return a}catch(n){throw new Error("error setting env vars: "+n.message,{cause:n})}}async unsetEnvVar({applicationId:t=process.env.DS_APPLICATION_ID,name:e}){t=o(t);try{let{count:r}=await this.postgrest.from("EnvVar").delete({count:"exact"}).eq("applicationId",t).eq("name",e).throwOnError();if(r===0\|\|r===null)throw new Error(`no env var found with name "${e}"`)}catch(r){throw new Error("error listing env vars: "+r.message,{cause:r})}}async listSecrets(t=process.env.DS_APPLICATION_ID){t=o(t);try{let{data:e}=await this.postgrest.from("Secret").select(`
		`).eq("applicationId",t).throwOnError();return e?.length?e.filter(Boolean):[]}catch(e){throw new Error("error listing env vars: "+e.message,{cause:e})}}async setEnvVar({applicationId:t=process.env.DS_APPLICATION_ID,name:e,value:r}){t=o(t);try{let n=await this.listSecrets(t);if(n&&n.find(i=>i.name===e))throw new Error(`a secret with the name "${e}" already exists`);let{data:a}=await this.postgrest.from("EnvVar").upsert({id:l(),applicationId:t,name:e,value:r,updatedAt:new Date().toISOString()},{onConflict:"applicationId, name"}).select().single().throwOnError();if(!a)throw new Error("could not store env var");return a}catch(n){throw new Error("error setting env vars: "+n.message,{cause:n})}}async unsetEnvVar({applicationId:t=process.env.DS_APPLICATION_ID,name:e}){t=o(t);try{let{count:r}=await this.postgrest.from("EnvVar").delete({count:"exact"}).eq("applicationId",t).eq("name",e).throwOnError();if(r===0\|\|r===null)throw new Error(`no env var found with name "${e}"`)}catch(r){throw new Error("error listing env vars: "+r.message,{cause:r})}}async listSecrets(t=process.env.DS_APPLICATION_ID){t=o(t);try{let{data:e}=await this.postgrest.from("Secret").select(`
		id,
		@@ -24,2 +24,2 @@ name,
		)
		`).eq("applicationId",t).throwOnError();return e?.length?e.filter(Boolean):[]}catch(e){throw new Error("error listing secrets: "+e.message,{cause:e})}}async setSecret({applicationId:t=process.env.DS_APPLICATION_ID,name:e,value:r,alreadyEncrypted:n=!1}){t=o(t);try{let{data:a}=await this.postgrest.from("SystemConfig").select("value").eq("name","DS_PUBLIC_AGE_KEY").single().throwOnError();if(!a)throw new Error("missing public key in org database");let i=await this.listEnvVars(t);if(i&&i.find(O=>O.name===e))throw new Error(`an env var with the name "${e}" already exists`);let c=n?r:await D(r,[a.value]),{data:p}=await this.postgrest.from("Secret").upsert({id:y(),applicationId:t,name:e,valueEnc:c,updatedAt:new Date().toISOString()},{onConflict:"applicationId, name"}).select().single().throwOnError();if(!p)throw new Error("could not store secret");return p}catch(a){throw new Error("error setting secret: "+a.message,{cause:a})}}async unsetSecret({applicationId:t=process.env.DS_APPLICATION_ID,name:e}){t=o(t);try{let{count:r}=await this.postgrest.from("Secret").delete({count:"exact"}).eq("applicationId",t).eq("name",e).throwOnError();if(r===0\|\|r===null)throw new Error(`no secret found with name "${e}"`)}catch(r){throw new Error("error unsetting secret: "+r.message,{cause:r})}}async createApiKey(t,e=process.env.DS_APPLICATION_ID){e=o(e);try{if(t){let{data:c}=await this.postgrest.from("ApiKey").select("id").eq("applicationId",e).eq("name",t).maybeSingle().throwOnError();if(c)throw new Error(`an API key with the name "${t}" already exists`)}let r=f(),{identifier:n,secret:a}=m(r),i=await T(a);return await this.postgrest.from("ApiKey").insert({id:y(),identifier:n,hashedSecret:i,name:t\|\|null,applicationId:e,updatedAt:new Date().toISOString()}).throwOnError(),r}catch(r){throw new Error("error creating API key: "+r.message,{cause:r})}}async verifyApiKey(t,e=process.env.DS_APPLICATION_ID){e=o(e);try{let{identifier:r,secret:n}=m(t),{data:a}=await this.postgrest.from("ApiKey").select("hashedSecret").eq("applicationId",e).eq("identifier",r).single().throwOnError();if(!a)return!1;let[i]=a.hashedSecret.split(":");if(!i)throw new Error("hashed secret not in expected format");let c=await T(n,i);return this.postgrest.from("ApiKey").update({lastUsedAt:new Date().toISOString()}).eq("applicationId",e).eq("identifier",r).then(({error:p})=>{p&&console.warn("Failed to update lastUsedAt for ApiKey:",p)}),c===a.hashedSecret}catch(r){throw new Error("error verifying API key: "+r.message)}}async revokeApiKey(t,e=process.env.DS_APPLICATION_ID){e=o(e);try{let{data:r}=await this.postgrest.from("ApiKey").select("identifier, name").eq("applicationId",e).or(`identifier.eq.${t},name.eq.${t}`).single().throwOnError();if(!r)throw new Error(`no API key found with identifier or name "${t}"`);return await this.postgrest.from("ApiKey").delete().eq("applicationId",e).eq("identifier",r.identifier).throwOnError(),{identifier:r.identifier,name:r.name,applicationId:e}}catch(r){throw new Error("Unexpected error revoking API key: "+r.message)}}async rotateApiKey(t,e=process.env.DS_APPLICATION_ID){e=o(e);try{let{data:r}=await this.postgrest.from("ApiKey").select("identifier, name").eq("applicationId",e).or(`identifier.eq.${t},name.eq.${t}`).single().throwOnError();if(!r)throw new Error(`no API key found with identifier or name "${t}"`);let n=f(r.identifier),{secret:a}=m(n),i=await T(a);return await this.postgrest.from("ApiKey").update({hashedSecret:i,updatedAt:new Date().toISOString()}).eq("applicationId",e).eq("identifier",r.identifier).throwOnError(),{apiKey:n,identifier:r.identifier,name:r.name,applicationId:e}}catch(r){throw new Error("error rotating API key: "+r.message,{cause:r})}}async listApiKeys(t=process.env.DS_APPLICATION_ID){t=o(t);try{let{data:e}=await this.postgrest.from("ApiKey").select("id, identifier, name, createdAt, updatedAt, lastUsedAt").eq("applicationId",t).order("createdAt",{ascending:!1}).throwOnError();return e\|\|[]}catch(e){throw new Error("error listing API keys: "+e.message)}}async createDefaultApiKey(t=process.env.DS_APPLICATION_ID){t=o(t);try{let e=await this.createApiKey(l,t);return await this.setSecret({applicationId:t,name:l,value:e}),e}catch(e){throw new Error("error creating default API key: "+e.message,{cause:e})}}async revokeDefaultApiKey(t=process.env.DS_APPLICATION_ID){t=o(t);try{let e=await this.revokeApiKey(l,t);return await this.unsetSecret({applicationId:t,name:l}),e}catch(e){throw new Error("error revoking default API key: "+e.message,{cause:e})}}async rotateDefaultApiKey(t=process.env.DS_APPLICATION_ID){t=o(t);try{let e=await this.rotateApiKey(l,t);return await this.setSecret({applicationId:t,name:l,value:e.apiKey}),e}catch(e){throw new Error(`error rotating default API key: ${e.message}`,{cause:e})}}};import"@supabase/postgrest-js";var u=class{postgrest;constructor(t){this.postgrest=d(t)}async getTeam(t){let{data:e}=await this.postgrest.from("Team").select().eq("id",t).limit(1).single();return e}async getUser(t){let{data:e}=await this.postgrest.from("User").select().eq("email",t).limit(1).single();return e}};var _=s=>new u(s),re=(s,t)=>new g(s,t),se=async(s,t)=>{let e=await _(t).getTeam(s);if(!e)throw new Error(`No team found for teamId=${s}`);return new g(e.name,t)};export{g as OrgDatabase,u as TenantDatabase,d as createPostgrestClient,f as generateApiKey,K as maskApiKey,re as orgDatabase,se as orgDatabaseFromId,_ as tenantDatabase,y as uuid};
		`).eq("applicationId",t).throwOnError();return e?.length?e.filter(Boolean):[]}catch(e){throw new Error("error listing secrets: "+e.message,{cause:e})}}async setSecret({applicationId:t=process.env.DS_APPLICATION_ID,name:e,value:r,alreadyEncrypted:n=!1}){t=o(t);try{let{data:a}=await this.postgrest.from("SystemConfig").select("value").eq("name","DS_PUBLIC_AGE_KEY").single().throwOnError();if(!a)throw new Error("missing public key in org database");let i=await this.listEnvVars(t);if(i&&i.find(E=>E.name===e))throw new Error(`an env var with the name "${e}" already exists`);let c=n?r:await D(r,[a.value]),{data:p}=await this.postgrest.from("Secret").upsert({id:l(),applicationId:t,name:e,valueEnc:c,updatedAt:new Date().toISOString()},{onConflict:"applicationId, name"}).select().single().throwOnError();if(!p)throw new Error("could not store secret");return p}catch(a){throw new Error("error setting secret: "+a.message,{cause:a})}}async unsetSecret({applicationId:t=process.env.DS_APPLICATION_ID,name:e}){t=o(t);try{let{count:r}=await this.postgrest.from("Secret").delete({count:"exact"}).eq("applicationId",t).eq("name",e).throwOnError();if(r===0\|\|r===null)throw new Error(`no secret found with name "${e}"`)}catch(r){throw new Error("error unsetting secret: "+r.message,{cause:r})}}async createApiKey(t,e=process.env.DS_APPLICATION_ID){e=o(e);try{if(t){let{data:c}=await this.postgrest.from("ApiKey").select("id").eq("applicationId",e).eq("name",t).maybeSingle().throwOnError();if(c)throw new Error(`an API key with the name "${t}" already exists`)}let r=f(),{identifier:n,secret:a}=y(r),i=await T(a);return await this.postgrest.from("ApiKey").insert({id:l(),identifier:n,hashedSecret:i,name:t\|\|null,applicationId:e,updatedAt:new Date().toISOString()}).throwOnError(),r}catch(r){throw new Error("error creating API key: "+r.message,{cause:r})}}async verifyApiKey(t,e=process.env.DS_APPLICATION_ID){e=o(e);try{let{identifier:r,secret:n}=y(t),{data:a}=await this.postgrest.from("ApiKey").select("hashedSecret").eq("applicationId",e).eq("identifier",r).single().throwOnError();if(!a)return!1;let[i]=a.hashedSecret.split(":");if(!i)throw new Error("hashed secret not in expected format");let c=await T(n,i);return this.postgrest.from("ApiKey").update({lastUsedAt:new Date().toISOString()}).eq("applicationId",e).eq("identifier",r).then(({error:p})=>{p&&console.warn("Failed to update lastUsedAt for ApiKey:",p)}),c===a.hashedSecret}catch(r){throw new Error("error verifying API key: "+r.message)}}async revokeApiKey(t,e=process.env.DS_APPLICATION_ID){e=o(e);try{let{data:r}=await this.postgrest.from("ApiKey").select("identifier, name").eq("applicationId",e).or(`identifier.eq.${t},name.eq.${t}`).single().throwOnError();if(!r)throw new Error(`no API key found with identifier or name "${t}"`);return await this.postgrest.from("ApiKey").delete().eq("applicationId",e).eq("identifier",r.identifier).throwOnError(),{identifier:r.identifier,name:r.name,applicationId:e}}catch(r){throw new Error("Unexpected error revoking API key: "+r.message)}}async rotateApiKey(t,e=process.env.DS_APPLICATION_ID){e=o(e);try{let{data:r}=await this.postgrest.from("ApiKey").select("identifier, name").eq("applicationId",e).or(`identifier.eq.${t},name.eq.${t}`).single().throwOnError();if(!r)throw new Error(`no API key found with identifier or name "${t}"`);let n=f(r.identifier),{secret:a}=y(n),i=await T(a);return await this.postgrest.from("ApiKey").update({hashedSecret:i,updatedAt:new Date().toISOString()}).eq("applicationId",e).eq("identifier",r.identifier).throwOnError(),{apiKey:n,identifier:r.identifier,name:r.name,applicationId:e}}catch(r){throw new Error("error rotating API key: "+r.message,{cause:r})}}async listApiKeys(t=process.env.DS_APPLICATION_ID){t=o(t);try{let{data:e}=await this.postgrest.from("ApiKey").select("id, identifier, name, createdAt, updatedAt, lastUsedAt").eq("applicationId",t).order("createdAt",{ascending:!1}).throwOnError();return e\|\|[]}catch(e){throw new Error("error listing API keys: "+e.message)}}async createDefaultApiKey(t=process.env.DS_APPLICATION_ID){t=o(t);try{let e=await this.createApiKey(g,t);return await this.setSecret({applicationId:t,name:g,value:e}),e}catch(e){throw new Error("error creating default API key: "+e.message,{cause:e})}}async revokeDefaultApiKey(t=process.env.DS_APPLICATION_ID){t=o(t);try{let e=await this.revokeApiKey(g,t);return await this.unsetSecret({applicationId:t,name:g}),e}catch(e){throw new Error("error revoking default API key: "+e.message,{cause:e})}}async rotateDefaultApiKey(t=process.env.DS_APPLICATION_ID){t=o(t);try{let e=await this.rotateApiKey(g,t);return await this.setSecret({applicationId:t,name:g,value:e.apiKey}),e}catch(e){throw new Error(`error rotating default API key: ${e.message}`,{cause:e})}}};import"@supabase/postgrest-js";var u=class{postgrest;constructor(t){this.postgrest=m(t)}async getTeam(t){let{data:e}=await this.postgrest.from("Team").select().eq("id",t).limit(1).single();return e}async getUser(t){let{data:e}=await this.postgrest.from("User").select().eq("email",t).limit(1).single();return e}async insertReconcilerLog(t){let{data:e,error:r}=await this.postgrest.from("ReconcilerLogs").insert({id:l(),...t}).select("id").single();if(r)throw new Error(`Error inserting reconciler log: ${r.message}`);return e}};var _=s=>new u(s),se=(s,t)=>new d(s,t),ne=async(s,t)=>{let e=await _(t).getTeam(s);if(!e)throw new Error(`No team found for teamId=${s}`);return new d(e.name,t)};export{d as OrgDatabase,u as TenantDatabase,m as createPostgrestClient,f as generateApiKey,K as maskApiKey,se as orgDatabase,ne as orgDatabaseFromId,_ as tenantDatabase,l as uuid};

@deepstructure/tenant-db - npm Package Compare versions

Improved metrics

Worsened metrics