update

Author: shahradelahi

.npmignore

@@ -0,0 +1,3 @@
+src
+tests
+.ignoreme

README.md

@@ -1,7 +1,71 @@
 # node-vault
 
-Client for HashiCorp's Vault
+A Javascript client for the HTTP API of HashiCorp's [vault](https://vaultproject.io/) with a focus on ease of use.
 
 ```bash
-npm install node-vault@git://github.com/shahradelahi/node-vault.git
+npm install @litehex/node-vault
 ```
+
+### Usage
+
+##### Init and unseal vault
+
+```js
+import { Client } from '@litehex/node-vault';
+
+// Get a new instance of the client
+const vc = new Client({
+  apiVersion: 'v1', // default
+  endpoint: 'http://127.0.0.1:8200', // default
+  token: 'hv.xxxxxxxxxxxxxxxxxxxxx' // Optional unless you want to initialize the vault
+});
+
+// Init vault
+vc.init({ secret_shares: 1, secret_threshold: 1 }).then((res) => {
+  const { keys, root_token } = res;
+  vc.token = root_token;
+  // Unseal vault
+  vc.unseal({ secret_shares: 1, key: keys[0] });
+});
+```
+
+##### Write, read and delete secrets
+
+```js
+vc.write({ path: 'secret/hello', data: { foo: 'bar' } }).then(() => {
+  vc.read({ path: 'secret/hello' }).then(({ data }) => {
+    console.log(data); // { value: 'world' }
+  });
+});
+
+vc.delete({ path: 'secret/hello' });
+```
+
+### Docs
+
+- HashCorp's Vault [API docs](https://developer.hashicorp.com/vault/api-docs)
+
+### Examples
+
+##### Using a proxy or having the ability to modify the outgoing request.
+
+```js
+import { Client } from '@litehex/node-vault';
+import { ProxyAgent } from 'undici';
+
+const agent = new ProxyAgent('http://localhost:8080');
+
+const vc = new Client({
+  // ... other params
+  request: {
+    agent: agent,
+    headers: {
+      'X-Custom-Header': 'value'
+    }
+  }
+});
+```
+
+### License
+
+This project is licensed under the GPLv3 License - see the [LICENSE](LICENSE) file for details

package.json

@@ -1,6 +1,7 @@
 {
-  "name": "node-vault",
-  "version": "0.1.0",
+  "name": "@litehex/node-vault",
+  "version": "0.1.0-alpha.1",
+  "private": false,
   "description": "Client for HashiCorp's Vault",
   "author": "Shahrad Elahi <shahrad@litehex.com> (https://github.com/shahradelahi)",
   "main": "build/src/index.js",
@@ -11,15 +12,30 @@
   },
   "scripts": {
     "build": "rimraf build && tsc",
+    "prepublish": "npm run build",
     "format:check": "prettier --plugin-search-dir . --check .",
     "format:write": "prettier --plugin-search-dir . --write ."
   },
+  "keywords": [
+    "hashcorp",
+    "vault",
+    "client",
+    "secrets",
+    "node",
+    "bun"
+  ],
+  "files": [
+    "build/src"
+  ],
+  "packageManager": "pnpm@8.9.2",
   "dependencies": {
+    "lodash.pick": "^4.4.0",
     "mustache": "^4.2.0",
     "undici": "^5.27.2",
     "zod": "^3.22.4"
   },
   "devDependencies": {
+    "@types/lodash.pick": "^4.4.9",
     "@types/mocha": "^10.0.6",
     "@types/mustache": "^4.2.5",
     "@types/node": "^20.9.4",

pnpm-lock.yaml

@@ -0,0 +1,16 @@
+import type { Response } from 'undici';
+import { z } from 'zod';
+
+export class ApiResponseError extends Error {
+  readonly response: Response;
+
+  constructor(message: string, response: Response) {
+    message = `VaultError: ${message}`;
+    super(message);
+    this.response = response;
+  }
+}
+
+export const ApiErrorSchema = z.object({
+  errors: z.array(z.string())
+});

src/errors.ts

@@ -1,6 +1,7 @@
 import { z } from 'zod';
 import { CommandInit, generateCommand } from './utils/generate-command';
-import { RequestSchema } from './typings';
+import { RequestInit, RequestSchema } from './typings';
+import { PartialDeep } from 'type-fest';
 
 const ClientOptionsSchema = z.object({
   endpoint: z.string().optional(),
@@ -10,33 +11,40 @@ const ClientOptionsSchema = z.object({
   namespace: z.string().optional()
 });
 
-export type ClientOptions = z.infer<typeof ClientOptionsSchema>;
+export type ClientOptions = z.infer<typeof ClientOptionsSchema> & {
+  request?: PartialDeep<RequestInit>;
+};
 
 export class Client {
-  readonly endpoint: string;
-  readonly apiVersion: string;
-  readonly pathPrefix: string;
-  readonly token: string | undefined;
-  readonly namespace: string | undefined;
+  endpoint: string;
+  apiVersion: string;
+  pathPrefix: string;
+  namespace: string | undefined;
+  token: string | undefined;
+  request: PartialDeep<Omit<RequestInit, 'url'>> | undefined;
 
-  constructor({ ...restOpts }: ClientOptions) {
+  constructor({ request, ...restOpts }: ClientOptions = {}) {
     const options = ClientOptionsSchema.parse(restOpts);
 
     this.endpoint = options.endpoint || process.env.VAULT_ADDR || 'http://127.0.0.1:8200';
     this.apiVersion = options.apiVersion || 'v1';
     this.pathPrefix = options.pathPrefix || '';
     this.namespace = options.namespace || process.env.VAULT_NAMESPACE;
     this.token = options.token || process.env.VAULT_TOKEN;
+
+    this.request = request;
   }
 
-  private assignCommands<T extends RequestSchema>(commands: Record<string, CommandInit<T>>) {
-    for (const [name, cmd] of Object.entries(commands)) {
+  private assignCommands<T extends RequestSchema>(
+    commands: Record<string, Omit<CommandInit<T>, 'client'>>
+  ) {
+    for (const [name, init] of Object.entries(commands)) {
       // @ts-ignore
-      this[name] = this.generateFunction(cmd);
+      this[name] = generateCommand({ ...init, client: this });
     }
   }
 
-  readonly status = generateCommand({
+  status = generateCommand({
     method: 'GET',
     path: '/sys/seal-status',
     client: this,
@@ -49,6 +57,72 @@ export class Client {
       })
     }
   });
+
+  init = generateCommand({
+    method: 'PUT',
+    path: '/sys/init',
+    client: this,
+    schema: {
+      body: z.object({
+        secret_shares: z.number(),
+        secret_threshold: z.number()
+      }),
+      response: z.object({
+        keys: z.array(z.string()),
+        keys_base64: z.array(z.string()),
+        root_token: z.string()
+      })
+    }
+  });
+
+  read = generateCommand({
+    method: 'GET',
+    path: '/{{path}}',
+    client: this,
+    schema: {
+      path: z.object({
+        path: z.string()
+      }),
+      response: z.record(z.any())
+    }
+  });
+
+  write = generateCommand({
+    method: 'POST',
+    path: '/{{path}}',
+    client: this,
+    refine: (init, params) => {
+      console.log('refine', init, params);
+      return init;
+    },
+    schema: {
+      path: z.object({
+        path: z.string()
+      }),
+      body: z.any(),
+      response: z.record(z.any())
+    }
+  });
+
+  delete = generateCommand({
+    method: 'DELETE',
+    path: '/{{path}}',
+    client: this,
+    schema: {
+      path: z.object({
+        path: z.string()
+      }),
+      response: z.record(z.any())
+    }
+  });
 }
 
+const AuthSchema = z.object({
+  client_token: z.string(),
+  policies: z.array(z.string()),
+  metadata: z.any(),
+  lease_duration: z.number(),
+  renewable: z.boolean()
+});
+
 export type * from './typings';

src/index.ts

@@ -1,5 +1,6 @@
 import { fetch } from 'undici';
 import type { RequestInit, RequestSchema, ValidatedResponse } from './typings';
+import { ApiResponseError } from './errors';
 
 export async function request<Schema extends RequestSchema>(
   init: RequestInit,
@@ -8,24 +9,39 @@ export async function request<Schema extends RequestSchema>(
   if (schema.searchParams) {
     const valid = schema.searchParams.safeParse(init.url);
     if (!valid.success) {
-      throw new Error(valid.error.message);
+      throw new Error('ErrorSearchPrams: Invalid Args. ' + valid.error.message);
     }
   }
 
   if (schema.body) {
     const valid = schema.body.safeParse(init.body);
     if (!valid.success) {
-      throw new Error(valid.error.message);
+      throw new Error('ErrorBody: Invalid Args. ' + valid.error.message);
     }
   }
 
-  const response = await fetch(init.url, init);
+  let body: string | undefined = undefined;
+  if (init.body) {
+    body = JSON.stringify(init.body);
+  }
+
+  const { url, strictSchema, ...restInit } = init;
+  const response = await fetch(url, {
+    ...restInit,
+    body
+  });
+
+  if (!response.ok) {
+    const text = await response.text();
+    throw new ApiResponseError(`${response.statusText}\n${text}`, response);
+  }
+
   const json = await response.json();
 
-  if (schema.response) {
+  if (false !== strictSchema && schema.response) {
     const valid = schema.response.safeParse(json);
     if (!valid.success) {
-      throw new Error(valid.error.message);
+      throw new ApiResponseError('Server response did not match client schema.', response);
     }
     return valid.data;
   }