@deepstructure/tenant-db - npm Package Compare versions

Comparing version 3.6.6 to 3.7.0

dist/index.d.ts

		@@ -756,3 +756,3 @@ import { PostgrestClient } from '@supabase/postgrest-js';
		type ReconcilerLogEntry = Omit<TenantTables<"ReconcilerLogs"> & {
		action: "DEPLOY" \| "DESTROY" \| "RESET" \| "DEPLOY_NO_DB" \| "DEPLOY_WEB_CONSOLE_ONLY";
		action: "DEPLOY" \| "DESTROY" \| "RESET" \| "DELETE" \| "DEPLOY_NO_DB" \| "DEPLOY_WEB_CONSOLE_ONLY";
		status: "failed" \| "success" \| "pending" \| "skipped" \| "error" \| "in_progress" \| "cancelled";
		@@ -784,2 +784,28 @@ }, "id" \| "createdAt">;
		}>;
		getReconcilerLog(logId: string): Promise<{
		action: string;
		createdAt: string;
		errorMessage: string \| null;
		id: string;
		metadata: string \| number \| boolean \| Json[] \| {
		[x: string]: string \| number \| boolean \| Json[] \| any \| null \| undefined;
		} \| null;
		orgId: string \| null;
		resourceId: string;
		resourceType: string;
		status: string;
		}>;
		getReconcilerLogs(orgId?: string, limit?: number): Promise<{
		action: string;
		createdAt: string;
		errorMessage: string \| null;
		id: string;
		metadata: string \| number \| boolean \| Json[] \| {
		[x: string]: string \| number \| boolean \| Json[] \| any \| null \| undefined;
		} \| null;
		orgId: string \| null;
		resourceId: string;
		resourceType: string;
		status: string;
		}[]>;
		}
		@@ -786,0 +812,0 @@

dist/index.js

		@@ -1,2 +0,2 @@
		import{PostgrestClient as b}from"@supabase/postgrest-js";var A=s=>{if(s)return s;let{POSTGREST_URL:t}=process.env;if(!t)throw new Error("missing POSTGREST_URL environment variable");return t},O=(s,t)=>{let e=s.toLowerCase().replace(/[^a-z0-9-]/g,"-").replace(/^[^a-z0-9]+\|[^a-z0-9]+$/g,"").substring(0,253),r=new URL(A(t));return r.hostname=`team.${r.hostname}`,r.pathname=`/team/team-${e}`,r.toString().replace(/\/$/,"")};function m(s,t){let e=typeof s=="string",r=e?s:void 0,n=e?t:s,a=n?.token\|\|process.env.JWT_TOKEN;if(!a)throw new Error("missing Postgrest JWT token: use JWT_TOKEN environment variable or pass via options");let i={Authorization:`Bearer ${a}`};return r?n?.url&&n?.useProvidedUrlAsIs?new b(n.url,{headers:i,fetch}):new b(O(r,n?.url),{headers:i,fetch}):new b(A(n?.url),{headers:i,fetch})}import"@supabase/postgrest-js";import{randomBytes as w,pbkdf2 as I}from"node:crypto";import{promisify as P}from"node:util";var S=P(I),h="ds";function v(){return w(4).toString("hex")}function x(){return w(12).toString("hex")}function f(s){if(s&&s.length!==8)throw new Error("Invalid identifier format");return s=s\|\|v(),`${h}-${s}-${x()}`}function y(s){let[t,e,r]=s.split("-");if(t!==h)throw new Error("Invalid API Key: incorrect prefix");if(typeof e!="string"\|\|e.length!==8)throw new Error("Invalid API Key: incorrect identifier format");if(typeof r!="string"\|\|r.length!==24)throw new Error("Invalid API Key: incorrect secret format");return{identifier:e,secret:r}}async function T(s,t=w(16).toString("hex")){let a=await S(s,t,1e4,64,"sha512");return`${t}:${a.toString("hex")}`}function K(s){let{identifier:t,secret:e}=y(s),r="".repeat(e.length);return`${h}-${t}-${r}`}import{uuidv7 as l}from"uuidv7";import C from"age-encryption";var D=async(s,t)=>{let{Encrypter:e}=await C(),r=new e;for(let a of t)r.addRecipient(a);let n=r.encrypt(Buffer.from(s));return btoa(n.toString())};var g="DEFAULT_DS_API_KEY";function o(s){if(!s)throw new Error("no applicationId given and DS_APPLICATION_ID environment variable not set");return s}var d=class{postgrest;constructor(t,e){this.postgrest=m(t,e)}async getApplications(){let{data:t,error:e}=await this.postgrest.from("Application").select("");if(e)throw e;return t}async getApplicationById(t){let{data:e,error:r}=await this.postgrest.from("Application").select("*").eq("id",t).single();if(r)throw r;return e}async getLatestApplicationDeployments(t){let e=this.postgrest,r=[];for(let i of t){let{data:c,error:p}=await e.from("Deployment").select("id").eq("applicationId",i).order("createdAt",{ascending:!1}).limit(1).maybeSingle();if(p)throw p;c!==null&&r.push(c.id)}let{data:n,error:a}=await e.from("Deployment").select("id, createdAt, applicationId, status").in("id",r);if(a)throw a;return n}async getDeploymentJson(t){let{data:e,error:r}=await this.postgrest.from("Deployment").select("deployment").eq("id",t).single().throwOnError();if(r)throw r;return e.deployment}async listEnvVars(t=process.env.DS_APPLICATION_ID){t=o(t);try{let{data:e}=await this.postgrest.from("EnvVar").select(`
		import{PostgrestClient as w}from"@supabase/postgrest-js";var A=s=>{if(s)return s;let{POSTGREST_URL:t}=process.env;if(!t)throw new Error("missing POSTGREST_URL environment variable");return t},O=(s,t)=>{let e=s.toLowerCase().replace(/[^a-z0-9-]/g,"-").replace(/^[^a-z0-9]+\|[^a-z0-9]+$/g,"").substring(0,253),r=new URL(A(t));return r.hostname=`team.${r.hostname}`,r.pathname=`/team/team-${e}`,r.toString().replace(/\/$/,"")};function m(s,t){let e=typeof s=="string",r=e?s:void 0,a=e?t:s,n=a?.token\|\|process.env.JWT_TOKEN;if(!n)throw new Error("missing Postgrest JWT token: use JWT_TOKEN environment variable or pass via options");let o={Authorization:`Bearer ${n}`};return r?a?.url&&a?.useProvidedUrlAsIs?new w(a.url,{headers:o,fetch}):new w(O(r,a?.url),{headers:o,fetch}):new w(A(a?.url),{headers:o,fetch})}import"@supabase/postgrest-js";import{randomBytes as b,pbkdf2 as I}from"node:crypto";import{promisify as P}from"node:util";var S=P(I),h="ds";function v(){return b(4).toString("hex")}function x(){return b(12).toString("hex")}function f(s){if(s&&s.length!==8)throw new Error("Invalid identifier format");return s=s\|\|v(),`${h}-${s}-${x()}`}function y(s){let[t,e,r]=s.split("-");if(t!==h)throw new Error("Invalid API Key: incorrect prefix");if(typeof e!="string"\|\|e.length!==8)throw new Error("Invalid API Key: incorrect identifier format");if(typeof r!="string"\|\|r.length!==24)throw new Error("Invalid API Key: incorrect secret format");return{identifier:e,secret:r}}async function T(s,t=b(16).toString("hex")){let n=await S(s,t,1e4,64,"sha512");return`${t}:${n.toString("hex")}`}function K(s){let{identifier:t,secret:e}=y(s),r="".repeat(e.length);return`${h}-${t}-${r}`}import{uuidv7 as l}from"uuidv7";import C from"age-encryption";var D=async(s,t)=>{let{Encrypter:e}=await C(),r=new e;for(let n of t)r.addRecipient(n);let a=r.encrypt(Buffer.from(s));return btoa(a.toString())};var g="DEFAULT_DS_API_KEY";function i(s){if(!s)throw new Error("no applicationId given and DS_APPLICATION_ID environment variable not set");return s}var d=class{postgrest;constructor(t,e){this.postgrest=m(t,e)}async getApplications(){let{data:t,error:e}=await this.postgrest.from("Application").select("");if(e)throw e;return t}async getApplicationById(t){let{data:e,error:r}=await this.postgrest.from("Application").select("*").eq("id",t).single();if(r)throw r;return e}async getLatestApplicationDeployments(t){let e=this.postgrest,r=[];for(let o of t){let{data:c,error:p}=await e.from("Deployment").select("id").eq("applicationId",o).order("createdAt",{ascending:!1}).limit(1).maybeSingle();if(p)throw p;c!==null&&r.push(c.id)}let{data:a,error:n}=await e.from("Deployment").select("id, createdAt, applicationId, status").in("id",r);if(n)throw n;return a}async getDeploymentJson(t){let{data:e,error:r}=await this.postgrest.from("Deployment").select("deployment").eq("id",t).single().throwOnError();if(r)throw r;return e.deployment}async listEnvVars(t=process.env.DS_APPLICATION_ID){t=i(t);try{let{data:e}=await this.postgrest.from("EnvVar").select(`
		id,
		@@ -12,3 +12,3 @@ name,
		)
		`).eq("applicationId",t).throwOnError();return e?.length?e.filter(Boolean):[]}catch(e){throw new Error("error listing env vars: "+e.message,{cause:e})}}async setEnvVar({applicationId:t=process.env.DS_APPLICATION_ID,name:e,value:r}){t=o(t);try{let n=await this.listSecrets(t);if(n&&n.find(i=>i.name===e))throw new Error(`a secret with the name "${e}" already exists`);let{data:a}=await this.postgrest.from("EnvVar").upsert({id:l(),applicationId:t,name:e,value:r,updatedAt:new Date().toISOString()},{onConflict:"applicationId, name"}).select().single().throwOnError();if(!a)throw new Error("could not store env var");return a}catch(n){throw new Error("error setting env vars: "+n.message,{cause:n})}}async unsetEnvVar({applicationId:t=process.env.DS_APPLICATION_ID,name:e}){t=o(t);try{let{count:r}=await this.postgrest.from("EnvVar").delete({count:"exact"}).eq("applicationId",t).eq("name",e).throwOnError();if(r===0\|\|r===null)throw new Error(`no env var found with name "${e}"`)}catch(r){throw new Error("error listing env vars: "+r.message,{cause:r})}}async listSecrets(t=process.env.DS_APPLICATION_ID){t=o(t);try{let{data:e}=await this.postgrest.from("Secret").select(`
		`).eq("applicationId",t).throwOnError();return e?.length?e.filter(Boolean):[]}catch(e){throw new Error("error listing env vars: "+e.message,{cause:e})}}async setEnvVar({applicationId:t=process.env.DS_APPLICATION_ID,name:e,value:r}){t=i(t);try{let a=await this.listSecrets(t);if(a&&a.find(o=>o.name===e))throw new Error(`a secret with the name "${e}" already exists`);let{data:n}=await this.postgrest.from("EnvVar").upsert({id:l(),applicationId:t,name:e,value:r,updatedAt:new Date().toISOString()},{onConflict:"applicationId, name"}).select().single().throwOnError();if(!n)throw new Error("could not store env var");return n}catch(a){throw new Error("error setting env vars: "+a.message,{cause:a})}}async unsetEnvVar({applicationId:t=process.env.DS_APPLICATION_ID,name:e}){t=i(t);try{let{count:r}=await this.postgrest.from("EnvVar").delete({count:"exact"}).eq("applicationId",t).eq("name",e).throwOnError();if(r===0\|\|r===null)throw new Error(`no env var found with name "${e}"`)}catch(r){throw new Error("error listing env vars: "+r.message,{cause:r})}}async listSecrets(t=process.env.DS_APPLICATION_ID){t=i(t);try{let{data:e}=await this.postgrest.from("Secret").select(`
		id,
		@@ -24,2 +24,2 @@ name,
		)
		`).eq("applicationId",t).throwOnError();return e?.length?e.filter(Boolean):[]}catch(e){throw new Error("error listing secrets: "+e.message,{cause:e})}}async setSecret({applicationId:t=process.env.DS_APPLICATION_ID,name:e,value:r,alreadyEncrypted:n=!1}){t=o(t);try{let{data:a}=await this.postgrest.from("SystemConfig").select("value").eq("name","DS_PUBLIC_AGE_KEY").single().throwOnError();if(!a)throw new Error("missing public key in org database");let i=await this.listEnvVars(t);if(i&&i.find(E=>E.name===e))throw new Error(`an env var with the name "${e}" already exists`);let c=n?r:await D(r,[a.value]),{data:p}=await this.postgrest.from("Secret").upsert({id:l(),applicationId:t,name:e,valueEnc:c,updatedAt:new Date().toISOString()},{onConflict:"applicationId, name"}).select().single().throwOnError();if(!p)throw new Error("could not store secret");return p}catch(a){throw new Error("error setting secret: "+a.message,{cause:a})}}async unsetSecret({applicationId:t=process.env.DS_APPLICATION_ID,name:e}){t=o(t);try{let{count:r}=await this.postgrest.from("Secret").delete({count:"exact"}).eq("applicationId",t).eq("name",e).throwOnError();if(r===0\|\|r===null)throw new Error(`no secret found with name "${e}"`)}catch(r){throw new Error("error unsetting secret: "+r.message,{cause:r})}}async createApiKey(t,e=process.env.DS_APPLICATION_ID){e=o(e);try{if(t){let{data:c}=await this.postgrest.from("ApiKey").select("id").eq("applicationId",e).eq("name",t).maybeSingle().throwOnError();if(c)throw new Error(`an API key with the name "${t}" already exists`)}let r=f(),{identifier:n,secret:a}=y(r),i=await T(a);return await this.postgrest.from("ApiKey").insert({id:l(),identifier:n,hashedSecret:i,name:t\|\|null,applicationId:e,updatedAt:new Date().toISOString()}).throwOnError(),r}catch(r){throw new Error("error creating API key: "+r.message,{cause:r})}}async verifyApiKey(t,e=process.env.DS_APPLICATION_ID){e=o(e);try{let{identifier:r,secret:n}=y(t),{data:a}=await this.postgrest.from("ApiKey").select("hashedSecret").eq("applicationId",e).eq("identifier",r).single().throwOnError();if(!a)return!1;let[i]=a.hashedSecret.split(":");if(!i)throw new Error("hashed secret not in expected format");let c=await T(n,i);return this.postgrest.from("ApiKey").update({lastUsedAt:new Date().toISOString()}).eq("applicationId",e).eq("identifier",r).then(({error:p})=>{p&&console.warn("Failed to update lastUsedAt for ApiKey:",p)}),c===a.hashedSecret}catch(r){throw new Error("error verifying API key: "+r.message)}}async revokeApiKey(t,e=process.env.DS_APPLICATION_ID){e=o(e);try{let{data:r}=await this.postgrest.from("ApiKey").select("identifier, name").eq("applicationId",e).or(`identifier.eq.${t},name.eq.${t}`).single().throwOnError();if(!r)throw new Error(`no API key found with identifier or name "${t}"`);return await this.postgrest.from("ApiKey").delete().eq("applicationId",e).eq("identifier",r.identifier).throwOnError(),{identifier:r.identifier,name:r.name,applicationId:e}}catch(r){throw new Error("Unexpected error revoking API key: "+r.message)}}async rotateApiKey(t,e=process.env.DS_APPLICATION_ID){e=o(e);try{let{data:r}=await this.postgrest.from("ApiKey").select("identifier, name").eq("applicationId",e).or(`identifier.eq.${t},name.eq.${t}`).single().throwOnError();if(!r)throw new Error(`no API key found with identifier or name "${t}"`);let n=f(r.identifier),{secret:a}=y(n),i=await T(a);return await this.postgrest.from("ApiKey").update({hashedSecret:i,updatedAt:new Date().toISOString()}).eq("applicationId",e).eq("identifier",r.identifier).throwOnError(),{apiKey:n,identifier:r.identifier,name:r.name,applicationId:e}}catch(r){throw new Error("error rotating API key: "+r.message,{cause:r})}}async listApiKeys(t=process.env.DS_APPLICATION_ID){t=o(t);try{let{data:e}=await this.postgrest.from("ApiKey").select("id, identifier, name, createdAt, updatedAt, lastUsedAt").eq("applicationId",t).order("createdAt",{ascending:!1}).throwOnError();return e\|\|[]}catch(e){throw new Error("error listing API keys: "+e.message)}}async createDefaultApiKey(t=process.env.DS_APPLICATION_ID){t=o(t);try{let e=await this.createApiKey(g,t);return await this.setSecret({applicationId:t,name:g,value:e}),e}catch(e){throw new Error("error creating default API key: "+e.message,{cause:e})}}async revokeDefaultApiKey(t=process.env.DS_APPLICATION_ID){t=o(t);try{let e=await this.revokeApiKey(g,t);return await this.unsetSecret({applicationId:t,name:g}),e}catch(e){throw new Error("error revoking default API key: "+e.message,{cause:e})}}async rotateDefaultApiKey(t=process.env.DS_APPLICATION_ID){t=o(t);try{let e=await this.rotateApiKey(g,t);return await this.setSecret({applicationId:t,name:g,value:e.apiKey}),e}catch(e){throw new Error(`error rotating default API key: ${e.message}`,{cause:e})}}};import"@supabase/postgrest-js";var u=class{postgrest;constructor(t){this.postgrest=m(t)}async getTeam(t){let{data:e}=await this.postgrest.from("Team").select().eq("id",t).limit(1).single();return e}async getUser(t){let{data:e}=await this.postgrest.from("User").select().eq("email",t).limit(1).single();return e}async insertReconcilerLog(t){let{data:e,error:r}=await this.postgrest.from("ReconcilerLogs").insert({id:l(),...t}).select("id").single();if(r)throw new Error(`Error inserting reconciler log: ${r.message}`);return e}};var _=s=>new u(s),se=(s,t)=>new d(s,t),ne=async(s,t)=>{let e=await _(t).getTeam(s);if(!e)throw new Error(`No team found for teamId=${s}`);return new d(e.name,t)};export{d as OrgDatabase,u as TenantDatabase,m as createPostgrestClient,f as generateApiKey,K as maskApiKey,se as orgDatabase,ne as orgDatabaseFromId,_ as tenantDatabase,l as uuid};
		`).eq("applicationId",t).throwOnError();return e?.length?e.filter(Boolean):[]}catch(e){throw new Error("error listing secrets: "+e.message,{cause:e})}}async setSecret({applicationId:t=process.env.DS_APPLICATION_ID,name:e,value:r,alreadyEncrypted:a=!1}){t=i(t);try{let{data:n}=await this.postgrest.from("SystemConfig").select("value").eq("name","DS_PUBLIC_AGE_KEY").single().throwOnError();if(!n)throw new Error("missing public key in org database");let o=await this.listEnvVars(t);if(o&&o.find(E=>E.name===e))throw new Error(`an env var with the name "${e}" already exists`);let c=a?r:await D(r,[n.value]),{data:p}=await this.postgrest.from("Secret").upsert({id:l(),applicationId:t,name:e,valueEnc:c,updatedAt:new Date().toISOString()},{onConflict:"applicationId, name"}).select().single().throwOnError();if(!p)throw new Error("could not store secret");return p}catch(n){throw new Error("error setting secret: "+n.message,{cause:n})}}async unsetSecret({applicationId:t=process.env.DS_APPLICATION_ID,name:e}){t=i(t);try{let{count:r}=await this.postgrest.from("Secret").delete({count:"exact"}).eq("applicationId",t).eq("name",e).throwOnError();if(r===0\|\|r===null)throw new Error(`no secret found with name "${e}"`)}catch(r){throw new Error("error unsetting secret: "+r.message,{cause:r})}}async createApiKey(t,e=process.env.DS_APPLICATION_ID){e=i(e);try{if(t){let{data:c}=await this.postgrest.from("ApiKey").select("id").eq("applicationId",e).eq("name",t).maybeSingle().throwOnError();if(c)throw new Error(`an API key with the name "${t}" already exists`)}let r=f(),{identifier:a,secret:n}=y(r),o=await T(n);return await this.postgrest.from("ApiKey").insert({id:l(),identifier:a,hashedSecret:o,name:t\|\|null,applicationId:e,updatedAt:new Date().toISOString()}).throwOnError(),r}catch(r){throw new Error("error creating API key: "+r.message,{cause:r})}}async verifyApiKey(t,e=process.env.DS_APPLICATION_ID){e=i(e);try{let{identifier:r,secret:a}=y(t),{data:n}=await this.postgrest.from("ApiKey").select("hashedSecret").eq("applicationId",e).eq("identifier",r).single().throwOnError();if(!n)return!1;let[o]=n.hashedSecret.split(":");if(!o)throw new Error("hashed secret not in expected format");let c=await T(a,o);return this.postgrest.from("ApiKey").update({lastUsedAt:new Date().toISOString()}).eq("applicationId",e).eq("identifier",r).then(({error:p})=>{p&&console.warn("Failed to update lastUsedAt for ApiKey:",p)}),c===n.hashedSecret}catch(r){throw new Error("error verifying API key: "+r.message)}}async revokeApiKey(t,e=process.env.DS_APPLICATION_ID){e=i(e);try{let{data:r}=await this.postgrest.from("ApiKey").select("identifier, name").eq("applicationId",e).or(`identifier.eq.${t},name.eq.${t}`).single().throwOnError();if(!r)throw new Error(`no API key found with identifier or name "${t}"`);return await this.postgrest.from("ApiKey").delete().eq("applicationId",e).eq("identifier",r.identifier).throwOnError(),{identifier:r.identifier,name:r.name,applicationId:e}}catch(r){throw new Error("Unexpected error revoking API key: "+r.message)}}async rotateApiKey(t,e=process.env.DS_APPLICATION_ID){e=i(e);try{let{data:r}=await this.postgrest.from("ApiKey").select("identifier, name").eq("applicationId",e).or(`identifier.eq.${t},name.eq.${t}`).single().throwOnError();if(!r)throw new Error(`no API key found with identifier or name "${t}"`);let a=f(r.identifier),{secret:n}=y(a),o=await T(n);return await this.postgrest.from("ApiKey").update({hashedSecret:o,updatedAt:new Date().toISOString()}).eq("applicationId",e).eq("identifier",r.identifier).throwOnError(),{apiKey:a,identifier:r.identifier,name:r.name,applicationId:e}}catch(r){throw new Error("error rotating API key: "+r.message,{cause:r})}}async listApiKeys(t=process.env.DS_APPLICATION_ID){t=i(t);try{let{data:e}=await this.postgrest.from("ApiKey").select("id, identifier, name, createdAt, updatedAt, lastUsedAt").eq("applicationId",t).order("createdAt",{ascending:!1}).throwOnError();return e\|\|[]}catch(e){throw new Error("error listing API keys: "+e.message)}}async createDefaultApiKey(t=process.env.DS_APPLICATION_ID){t=i(t);try{let e=await this.createApiKey(g,t);return await this.setSecret({applicationId:t,name:g,value:e}),e}catch(e){throw new Error("error creating default API key: "+e.message,{cause:e})}}async revokeDefaultApiKey(t=process.env.DS_APPLICATION_ID){t=i(t);try{let e=await this.revokeApiKey(g,t);return await this.unsetSecret({applicationId:t,name:g}),e}catch(e){throw new Error("error revoking default API key: "+e.message,{cause:e})}}async rotateDefaultApiKey(t=process.env.DS_APPLICATION_ID){t=i(t);try{let e=await this.rotateApiKey(g,t);return await this.setSecret({applicationId:t,name:g,value:e.apiKey}),e}catch(e){throw new Error(`error rotating default API key: ${e.message}`,{cause:e})}}};import"@supabase/postgrest-js";var u=class{postgrest;constructor(t){this.postgrest=m(t)}async getTeam(t){let{data:e}=await this.postgrest.from("Team").select().eq("id",t).limit(1).single();return e}async getUser(t){let{data:e}=await this.postgrest.from("User").select().eq("email",t).limit(1).single();return e}async insertReconcilerLog(t){let{data:e,error:r}=await this.postgrest.from("ReconcilerLogs").insert({id:l(),...t}).select("id").single();if(r)throw new Error(`Error inserting reconciler log: ${r.message}`);return e}async getReconcilerLog(t){let{data:e,error:r}=await this.postgrest.from("ReconcilerLogs").select().eq("id",t).limit(1).single();if(r)throw new Error(`Error fetching reconciler log: ${r.message}`);return e}async getReconcilerLogs(t,e=50){let r=this.postgrest.from("ReconcilerLogs").select().order("createdAt",{ascending:!1}).limit(e);t&&r.eq("orgId",t);let{data:a,error:n}=await r;if(n)throw new Error(`Error fetching reconciler logs: ${n.message}`);return a.reverse()}};var _=s=>new u(s),se=(s,t)=>new d(s,t),ne=async(s,t)=>{let e=await _(t).getTeam(s);if(!e)throw new Error(`No team found for teamId=${s}`);return new d(e.name,t)};export{d as OrgDatabase,u as TenantDatabase,m as createPostgrestClient,f as generateApiKey,K as maskApiKey,se as orgDatabase,ne as orgDatabaseFromId,_ as tenantDatabase,l as uuid};

package.json

		{
		"name": "@deepstructure/tenant-db",
		"version": "3.6.6",
		"version": "3.7.0",
		"access": "public",
		@@ -27,3 +27,3 @@ "license": "UNLICENSED",
		"typescript": "^5.3.3",
		"@ds/tsconfig": "3.6.6"
		"@ds/tsconfig": "3.7.0"
		},
		@@ -45,4 +45,5 @@ "dependencies": {
		"seed": "jiti prisma/seed.ts",
		"typecheck": "tsc",
		"migration:validate": "jiti scripts/validate-migrations.ts"
		}
		}

dist/index.cjs

Sorry, the diff of this file is not supported yet

dist/index.d.cts

Sorry, the diff of this file is not supported yet

		@@ -1,2 +0,2 @@
		import{PostgrestClient as b}from"@supabase/postgrest-js";var A=s=>{if(s)return s;let{POSTGREST_URL:t}=process.env;if(!t)throw new Error("missing POSTGREST_URL environment variable");return t},O=(s,t)=>{let e=s.toLowerCase().replace(/[^a-z0-9-]/g,"-").replace(/^[^a-z0-9]+\|[^a-z0-9]+$/g,"").substring(0,253),r=new URL(A(t));return r.hostname=`team.${r.hostname}`,r.pathname=`/team/team-${e}`,r.toString().replace(/\/$/,"")};function m(s,t){let e=typeof s=="string",r=e?s:void 0,n=e?t:s,a=n?.token\|\|process.env.JWT_TOKEN;if(!a)throw new Error("missing Postgrest JWT token: use JWT_TOKEN environment variable or pass via options");let i={Authorization:`Bearer ${a}`};return r?n?.url&&n?.useProvidedUrlAsIs?new b(n.url,{headers:i,fetch}):new b(O(r,n?.url),{headers:i,fetch}):new b(A(n?.url),{headers:i,fetch})}import"@supabase/postgrest-js";import{randomBytes as w,pbkdf2 as I}from"node:crypto";import{promisify as P}from"node:util";var S=P(I),h="ds";function v(){return w(4).toString("hex")}function x(){return w(12).toString("hex")}function f(s){if(s&&s.length!==8)throw new Error("Invalid identifier format");return s=s\|\|v(),`${h}-${s}-${x()}`}function y(s){let[t,e,r]=s.split("-");if(t!==h)throw new Error("Invalid API Key: incorrect prefix");if(typeof e!="string"\|\|e.length!==8)throw new Error("Invalid API Key: incorrect identifier format");if(typeof r!="string"\|\|r.length!==24)throw new Error("Invalid API Key: incorrect secret format");return{identifier:e,secret:r}}async function T(s,t=w(16).toString("hex")){let a=await S(s,t,1e4,64,"sha512");return`${t}:${a.toString("hex")}`}function K(s){let{identifier:t,secret:e}=y(s),r="".repeat(e.length);return`${h}-${t}-${r}`}import{uuidv7 as l}from"uuidv7";import C from"age-encryption";var D=async(s,t)=>{let{Encrypter:e}=await C(),r=new e;for(let a of t)r.addRecipient(a);let n=r.encrypt(Buffer.from(s));return btoa(n.toString())};var g="DEFAULT_DS_API_KEY";function o(s){if(!s)throw new Error("no applicationId given and DS_APPLICATION_ID environment variable not set");return s}var d=class{postgrest;constructor(t,e){this.postgrest=m(t,e)}async getApplications(){let{data:t,error:e}=await this.postgrest.from("Application").select("");if(e)throw e;return t}async getApplicationById(t){let{data:e,error:r}=await this.postgrest.from("Application").select("*").eq("id",t).single();if(r)throw r;return e}async getLatestApplicationDeployments(t){let e=this.postgrest,r=[];for(let i of t){let{data:c,error:p}=await e.from("Deployment").select("id").eq("applicationId",i).order("createdAt",{ascending:!1}).limit(1).maybeSingle();if(p)throw p;c!==null&&r.push(c.id)}let{data:n,error:a}=await e.from("Deployment").select("id, createdAt, applicationId, status").in("id",r);if(a)throw a;return n}async getDeploymentJson(t){let{data:e,error:r}=await this.postgrest.from("Deployment").select("deployment").eq("id",t).single().throwOnError();if(r)throw r;return e.deployment}async listEnvVars(t=process.env.DS_APPLICATION_ID){t=o(t);try{let{data:e}=await this.postgrest.from("EnvVar").select(`
		import{PostgrestClient as w}from"@supabase/postgrest-js";var A=s=>{if(s)return s;let{POSTGREST_URL:t}=process.env;if(!t)throw new Error("missing POSTGREST_URL environment variable");return t},O=(s,t)=>{let e=s.toLowerCase().replace(/[^a-z0-9-]/g,"-").replace(/^[^a-z0-9]+\|[^a-z0-9]+$/g,"").substring(0,253),r=new URL(A(t));return r.hostname=`team.${r.hostname}`,r.pathname=`/team/team-${e}`,r.toString().replace(/\/$/,"")};function m(s,t){let e=typeof s=="string",r=e?s:void 0,a=e?t:s,n=a?.token\|\|process.env.JWT_TOKEN;if(!n)throw new Error("missing Postgrest JWT token: use JWT_TOKEN environment variable or pass via options");let o={Authorization:`Bearer ${n}`};return r?a?.url&&a?.useProvidedUrlAsIs?new w(a.url,{headers:o,fetch}):new w(O(r,a?.url),{headers:o,fetch}):new w(A(a?.url),{headers:o,fetch})}import"@supabase/postgrest-js";import{randomBytes as b,pbkdf2 as I}from"node:crypto";import{promisify as P}from"node:util";var S=P(I),h="ds";function v(){return b(4).toString("hex")}function x(){return b(12).toString("hex")}function f(s){if(s&&s.length!==8)throw new Error("Invalid identifier format");return s=s\|\|v(),`${h}-${s}-${x()}`}function y(s){let[t,e,r]=s.split("-");if(t!==h)throw new Error("Invalid API Key: incorrect prefix");if(typeof e!="string"\|\|e.length!==8)throw new Error("Invalid API Key: incorrect identifier format");if(typeof r!="string"\|\|r.length!==24)throw new Error("Invalid API Key: incorrect secret format");return{identifier:e,secret:r}}async function T(s,t=b(16).toString("hex")){let n=await S(s,t,1e4,64,"sha512");return`${t}:${n.toString("hex")}`}function K(s){let{identifier:t,secret:e}=y(s),r="".repeat(e.length);return`${h}-${t}-${r}`}import{uuidv7 as l}from"uuidv7";import C from"age-encryption";var D=async(s,t)=>{let{Encrypter:e}=await C(),r=new e;for(let n of t)r.addRecipient(n);let a=r.encrypt(Buffer.from(s));return btoa(a.toString())};var g="DEFAULT_DS_API_KEY";function i(s){if(!s)throw new Error("no applicationId given and DS_APPLICATION_ID environment variable not set");return s}var d=class{postgrest;constructor(t,e){this.postgrest=m(t,e)}async getApplications(){let{data:t,error:e}=await this.postgrest.from("Application").select("");if(e)throw e;return t}async getApplicationById(t){let{data:e,error:r}=await this.postgrest.from("Application").select("*").eq("id",t).single();if(r)throw r;return e}async getLatestApplicationDeployments(t){let e=this.postgrest,r=[];for(let o of t){let{data:c,error:p}=await e.from("Deployment").select("id").eq("applicationId",o).order("createdAt",{ascending:!1}).limit(1).maybeSingle();if(p)throw p;c!==null&&r.push(c.id)}let{data:a,error:n}=await e.from("Deployment").select("id, createdAt, applicationId, status").in("id",r);if(n)throw n;return a}async getDeploymentJson(t){let{data:e,error:r}=await this.postgrest.from("Deployment").select("deployment").eq("id",t).single().throwOnError();if(r)throw r;return e.deployment}async listEnvVars(t=process.env.DS_APPLICATION_ID){t=i(t);try{let{data:e}=await this.postgrest.from("EnvVar").select(`
		id,
		@@ -12,3 +12,3 @@ name,
		)
		`).eq("applicationId",t).throwOnError();return e?.length?e.filter(Boolean):[]}catch(e){throw new Error("error listing env vars: "+e.message,{cause:e})}}async setEnvVar({applicationId:t=process.env.DS_APPLICATION_ID,name:e,value:r}){t=o(t);try{let n=await this.listSecrets(t);if(n&&n.find(i=>i.name===e))throw new Error(`a secret with the name "${e}" already exists`);let{data:a}=await this.postgrest.from("EnvVar").upsert({id:l(),applicationId:t,name:e,value:r,updatedAt:new Date().toISOString()},{onConflict:"applicationId, name"}).select().single().throwOnError();if(!a)throw new Error("could not store env var");return a}catch(n){throw new Error("error setting env vars: "+n.message,{cause:n})}}async unsetEnvVar({applicationId:t=process.env.DS_APPLICATION_ID,name:e}){t=o(t);try{let{count:r}=await this.postgrest.from("EnvVar").delete({count:"exact"}).eq("applicationId",t).eq("name",e).throwOnError();if(r===0\|\|r===null)throw new Error(`no env var found with name "${e}"`)}catch(r){throw new Error("error listing env vars: "+r.message,{cause:r})}}async listSecrets(t=process.env.DS_APPLICATION_ID){t=o(t);try{let{data:e}=await this.postgrest.from("Secret").select(`
		`).eq("applicationId",t).throwOnError();return e?.length?e.filter(Boolean):[]}catch(e){throw new Error("error listing env vars: "+e.message,{cause:e})}}async setEnvVar({applicationId:t=process.env.DS_APPLICATION_ID,name:e,value:r}){t=i(t);try{let a=await this.listSecrets(t);if(a&&a.find(o=>o.name===e))throw new Error(`a secret with the name "${e}" already exists`);let{data:n}=await this.postgrest.from("EnvVar").upsert({id:l(),applicationId:t,name:e,value:r,updatedAt:new Date().toISOString()},{onConflict:"applicationId, name"}).select().single().throwOnError();if(!n)throw new Error("could not store env var");return n}catch(a){throw new Error("error setting env vars: "+a.message,{cause:a})}}async unsetEnvVar({applicationId:t=process.env.DS_APPLICATION_ID,name:e}){t=i(t);try{let{count:r}=await this.postgrest.from("EnvVar").delete({count:"exact"}).eq("applicationId",t).eq("name",e).throwOnError();if(r===0\|\|r===null)throw new Error(`no env var found with name "${e}"`)}catch(r){throw new Error("error listing env vars: "+r.message,{cause:r})}}async listSecrets(t=process.env.DS_APPLICATION_ID){t=i(t);try{let{data:e}=await this.postgrest.from("Secret").select(`
		id,
		@@ -24,2 +24,2 @@ name,
		)
		`).eq("applicationId",t).throwOnError();return e?.length?e.filter(Boolean):[]}catch(e){throw new Error("error listing secrets: "+e.message,{cause:e})}}async setSecret({applicationId:t=process.env.DS_APPLICATION_ID,name:e,value:r,alreadyEncrypted:n=!1}){t=o(t);try{let{data:a}=await this.postgrest.from("SystemConfig").select("value").eq("name","DS_PUBLIC_AGE_KEY").single().throwOnError();if(!a)throw new Error("missing public key in org database");let i=await this.listEnvVars(t);if(i&&i.find(E=>E.name===e))throw new Error(`an env var with the name "${e}" already exists`);let c=n?r:await D(r,[a.value]),{data:p}=await this.postgrest.from("Secret").upsert({id:l(),applicationId:t,name:e,valueEnc:c,updatedAt:new Date().toISOString()},{onConflict:"applicationId, name"}).select().single().throwOnError();if(!p)throw new Error("could not store secret");return p}catch(a){throw new Error("error setting secret: "+a.message,{cause:a})}}async unsetSecret({applicationId:t=process.env.DS_APPLICATION_ID,name:e}){t=o(t);try{let{count:r}=await this.postgrest.from("Secret").delete({count:"exact"}).eq("applicationId",t).eq("name",e).throwOnError();if(r===0\|\|r===null)throw new Error(`no secret found with name "${e}"`)}catch(r){throw new Error("error unsetting secret: "+r.message,{cause:r})}}async createApiKey(t,e=process.env.DS_APPLICATION_ID){e=o(e);try{if(t){let{data:c}=await this.postgrest.from("ApiKey").select("id").eq("applicationId",e).eq("name",t).maybeSingle().throwOnError();if(c)throw new Error(`an API key with the name "${t}" already exists`)}let r=f(),{identifier:n,secret:a}=y(r),i=await T(a);return await this.postgrest.from("ApiKey").insert({id:l(),identifier:n,hashedSecret:i,name:t\|\|null,applicationId:e,updatedAt:new Date().toISOString()}).throwOnError(),r}catch(r){throw new Error("error creating API key: "+r.message,{cause:r})}}async verifyApiKey(t,e=process.env.DS_APPLICATION_ID){e=o(e);try{let{identifier:r,secret:n}=y(t),{data:a}=await this.postgrest.from("ApiKey").select("hashedSecret").eq("applicationId",e).eq("identifier",r).single().throwOnError();if(!a)return!1;let[i]=a.hashedSecret.split(":");if(!i)throw new Error("hashed secret not in expected format");let c=await T(n,i);return this.postgrest.from("ApiKey").update({lastUsedAt:new Date().toISOString()}).eq("applicationId",e).eq("identifier",r).then(({error:p})=>{p&&console.warn("Failed to update lastUsedAt for ApiKey:",p)}),c===a.hashedSecret}catch(r){throw new Error("error verifying API key: "+r.message)}}async revokeApiKey(t,e=process.env.DS_APPLICATION_ID){e=o(e);try{let{data:r}=await this.postgrest.from("ApiKey").select("identifier, name").eq("applicationId",e).or(`identifier.eq.${t},name.eq.${t}`).single().throwOnError();if(!r)throw new Error(`no API key found with identifier or name "${t}"`);return await this.postgrest.from("ApiKey").delete().eq("applicationId",e).eq("identifier",r.identifier).throwOnError(),{identifier:r.identifier,name:r.name,applicationId:e}}catch(r){throw new Error("Unexpected error revoking API key: "+r.message)}}async rotateApiKey(t,e=process.env.DS_APPLICATION_ID){e=o(e);try{let{data:r}=await this.postgrest.from("ApiKey").select("identifier, name").eq("applicationId",e).or(`identifier.eq.${t},name.eq.${t}`).single().throwOnError();if(!r)throw new Error(`no API key found with identifier or name "${t}"`);let n=f(r.identifier),{secret:a}=y(n),i=await T(a);return await this.postgrest.from("ApiKey").update({hashedSecret:i,updatedAt:new Date().toISOString()}).eq("applicationId",e).eq("identifier",r.identifier).throwOnError(),{apiKey:n,identifier:r.identifier,name:r.name,applicationId:e}}catch(r){throw new Error("error rotating API key: "+r.message,{cause:r})}}async listApiKeys(t=process.env.DS_APPLICATION_ID){t=o(t);try{let{data:e}=await this.postgrest.from("ApiKey").select("id, identifier, name, createdAt, updatedAt, lastUsedAt").eq("applicationId",t).order("createdAt",{ascending:!1}).throwOnError();return e\|\|[]}catch(e){throw new Error("error listing API keys: "+e.message)}}async createDefaultApiKey(t=process.env.DS_APPLICATION_ID){t=o(t);try{let e=await this.createApiKey(g,t);return await this.setSecret({applicationId:t,name:g,value:e}),e}catch(e){throw new Error("error creating default API key: "+e.message,{cause:e})}}async revokeDefaultApiKey(t=process.env.DS_APPLICATION_ID){t=o(t);try{let e=await this.revokeApiKey(g,t);return await this.unsetSecret({applicationId:t,name:g}),e}catch(e){throw new Error("error revoking default API key: "+e.message,{cause:e})}}async rotateDefaultApiKey(t=process.env.DS_APPLICATION_ID){t=o(t);try{let e=await this.rotateApiKey(g,t);return await this.setSecret({applicationId:t,name:g,value:e.apiKey}),e}catch(e){throw new Error(`error rotating default API key: ${e.message}`,{cause:e})}}};import"@supabase/postgrest-js";var u=class{postgrest;constructor(t){this.postgrest=m(t)}async getTeam(t){let{data:e}=await this.postgrest.from("Team").select().eq("id",t).limit(1).single();return e}async getUser(t){let{data:e}=await this.postgrest.from("User").select().eq("email",t).limit(1).single();return e}async insertReconcilerLog(t){let{data:e,error:r}=await this.postgrest.from("ReconcilerLogs").insert({id:l(),...t}).select("id").single();if(r)throw new Error(`Error inserting reconciler log: ${r.message}`);return e}};var _=s=>new u(s),se=(s,t)=>new d(s,t),ne=async(s,t)=>{let e=await _(t).getTeam(s);if(!e)throw new Error(`No team found for teamId=${s}`);return new d(e.name,t)};export{d as OrgDatabase,u as TenantDatabase,m as createPostgrestClient,f as generateApiKey,K as maskApiKey,se as orgDatabase,ne as orgDatabaseFromId,_ as tenantDatabase,l as uuid};
		`).eq("applicationId",t).throwOnError();return e?.length?e.filter(Boolean):[]}catch(e){throw new Error("error listing secrets: "+e.message,{cause:e})}}async setSecret({applicationId:t=process.env.DS_APPLICATION_ID,name:e,value:r,alreadyEncrypted:a=!1}){t=i(t);try{let{data:n}=await this.postgrest.from("SystemConfig").select("value").eq("name","DS_PUBLIC_AGE_KEY").single().throwOnError();if(!n)throw new Error("missing public key in org database");let o=await this.listEnvVars(t);if(o&&o.find(E=>E.name===e))throw new Error(`an env var with the name "${e}" already exists`);let c=a?r:await D(r,[n.value]),{data:p}=await this.postgrest.from("Secret").upsert({id:l(),applicationId:t,name:e,valueEnc:c,updatedAt:new Date().toISOString()},{onConflict:"applicationId, name"}).select().single().throwOnError();if(!p)throw new Error("could not store secret");return p}catch(n){throw new Error("error setting secret: "+n.message,{cause:n})}}async unsetSecret({applicationId:t=process.env.DS_APPLICATION_ID,name:e}){t=i(t);try{let{count:r}=await this.postgrest.from("Secret").delete({count:"exact"}).eq("applicationId",t).eq("name",e).throwOnError();if(r===0\|\|r===null)throw new Error(`no secret found with name "${e}"`)}catch(r){throw new Error("error unsetting secret: "+r.message,{cause:r})}}async createApiKey(t,e=process.env.DS_APPLICATION_ID){e=i(e);try{if(t){let{data:c}=await this.postgrest.from("ApiKey").select("id").eq("applicationId",e).eq("name",t).maybeSingle().throwOnError();if(c)throw new Error(`an API key with the name "${t}" already exists`)}let r=f(),{identifier:a,secret:n}=y(r),o=await T(n);return await this.postgrest.from("ApiKey").insert({id:l(),identifier:a,hashedSecret:o,name:t\|\|null,applicationId:e,updatedAt:new Date().toISOString()}).throwOnError(),r}catch(r){throw new Error("error creating API key: "+r.message,{cause:r})}}async verifyApiKey(t,e=process.env.DS_APPLICATION_ID){e=i(e);try{let{identifier:r,secret:a}=y(t),{data:n}=await this.postgrest.from("ApiKey").select("hashedSecret").eq("applicationId",e).eq("identifier",r).single().throwOnError();if(!n)return!1;let[o]=n.hashedSecret.split(":");if(!o)throw new Error("hashed secret not in expected format");let c=await T(a,o);return this.postgrest.from("ApiKey").update({lastUsedAt:new Date().toISOString()}).eq("applicationId",e).eq("identifier",r).then(({error:p})=>{p&&console.warn("Failed to update lastUsedAt for ApiKey:",p)}),c===n.hashedSecret}catch(r){throw new Error("error verifying API key: "+r.message)}}async revokeApiKey(t,e=process.env.DS_APPLICATION_ID){e=i(e);try{let{data:r}=await this.postgrest.from("ApiKey").select("identifier, name").eq("applicationId",e).or(`identifier.eq.${t},name.eq.${t}`).single().throwOnError();if(!r)throw new Error(`no API key found with identifier or name "${t}"`);return await this.postgrest.from("ApiKey").delete().eq("applicationId",e).eq("identifier",r.identifier).throwOnError(),{identifier:r.identifier,name:r.name,applicationId:e}}catch(r){throw new Error("Unexpected error revoking API key: "+r.message)}}async rotateApiKey(t,e=process.env.DS_APPLICATION_ID){e=i(e);try{let{data:r}=await this.postgrest.from("ApiKey").select("identifier, name").eq("applicationId",e).or(`identifier.eq.${t},name.eq.${t}`).single().throwOnError();if(!r)throw new Error(`no API key found with identifier or name "${t}"`);let a=f(r.identifier),{secret:n}=y(a),o=await T(n);return await this.postgrest.from("ApiKey").update({hashedSecret:o,updatedAt:new Date().toISOString()}).eq("applicationId",e).eq("identifier",r.identifier).throwOnError(),{apiKey:a,identifier:r.identifier,name:r.name,applicationId:e}}catch(r){throw new Error("error rotating API key: "+r.message,{cause:r})}}async listApiKeys(t=process.env.DS_APPLICATION_ID){t=i(t);try{let{data:e}=await this.postgrest.from("ApiKey").select("id, identifier, name, createdAt, updatedAt, lastUsedAt").eq("applicationId",t).order("createdAt",{ascending:!1}).throwOnError();return e\|\|[]}catch(e){throw new Error("error listing API keys: "+e.message)}}async createDefaultApiKey(t=process.env.DS_APPLICATION_ID){t=i(t);try{let e=await this.createApiKey(g,t);return await this.setSecret({applicationId:t,name:g,value:e}),e}catch(e){throw new Error("error creating default API key: "+e.message,{cause:e})}}async revokeDefaultApiKey(t=process.env.DS_APPLICATION_ID){t=i(t);try{let e=await this.revokeApiKey(g,t);return await this.unsetSecret({applicationId:t,name:g}),e}catch(e){throw new Error("error revoking default API key: "+e.message,{cause:e})}}async rotateDefaultApiKey(t=process.env.DS_APPLICATION_ID){t=i(t);try{let e=await this.rotateApiKey(g,t);return await this.setSecret({applicationId:t,name:g,value:e.apiKey}),e}catch(e){throw new Error(`error rotating default API key: ${e.message}`,{cause:e})}}};import"@supabase/postgrest-js";var u=class{postgrest;constructor(t){this.postgrest=m(t)}async getTeam(t){let{data:e}=await this.postgrest.from("Team").select().eq("id",t).limit(1).single();return e}async getUser(t){let{data:e}=await this.postgrest.from("User").select().eq("email",t).limit(1).single();return e}async insertReconcilerLog(t){let{data:e,error:r}=await this.postgrest.from("ReconcilerLogs").insert({id:l(),...t}).select("id").single();if(r)throw new Error(`Error inserting reconciler log: ${r.message}`);return e}async getReconcilerLog(t){let{data:e,error:r}=await this.postgrest.from("ReconcilerLogs").select().eq("id",t).limit(1).single();if(r)throw new Error(`Error fetching reconciler log: ${r.message}`);return e}async getReconcilerLogs(t,e=50){let r=this.postgrest.from("ReconcilerLogs").select().order("createdAt",{ascending:!1}).limit(e);t&&r.eq("orgId",t);let{data:a,error:n}=await r;if(n)throw new Error(`Error fetching reconciler logs: ${n.message}`);return a.reverse()}};var _=s=>new u(s),se=(s,t)=>new d(s,t),ne=async(s,t)=>{let e=await _(t).getTeam(s);if(!e)throw new Error(`No team found for teamId=${s}`);return new d(e.name,t)};export{d as OrgDatabase,u as TenantDatabase,m as createPostgrestClient,f as generateApiKey,K as maskApiKey,se as orgDatabase,ne as orgDatabaseFromId,_ as tenantDatabase,l as uuid};

@deepstructure/tenant-db - npm Package Compare versions

Improved metrics