feat(enterprise): add auth TLS and recovery hardening

2026-04-29 22:01:43 +00:00
parent 2f3031cfc7
commit ed2c02bcf9
27 changed files with 2369 additions and 55 deletions
@@ -28,6 +28,32 @@ export interface ISmartdbServerOptions {
  persistPath?: string;
  /** Persistence interval in ms (default: 60000) */
  persistIntervalMs?: number;
+  /** Authentication configuration. Disabled by default. */
+  auth?: ISmartdbAuthOptions;
+  /** TLS transport configuration for TCP listeners. Disabled by default. */
+  tls?: ISmartdbTlsOptions;
+}
+
+export interface ISmartdbAuthOptions {
+  enabled?: boolean;
+  users?: ISmartdbAuthUser[];
+  usersPath?: string;
+  scramIterations?: number;
+}
+
+export interface ISmartdbAuthUser {
+  username: string;
+  password: string;
+  database?: string;
+  roles?: string[];
+}
+
+export interface ISmartdbTlsOptions {
+  enabled?: boolean;
+  certPath?: string;
+  keyPath?: string;
+  caPath?: string;
+  requireClientCert?: boolean;
 }

 /**
@@ -64,6 +90,8 @@ export class SmartdbServer {
      storagePath: options.storagePath ?? './data',
      persistPath: options.persistPath,
      persistIntervalMs: options.persistIntervalMs ?? 60000,
+      auth: options.auth,
+      tls: options.tls,
    };
    this.bridge = new RustDbBridge();
  }
@@ -106,6 +134,8 @@ export class SmartdbServer {
      storagePath: this.options.storagePath,
      persistPath: this.options.persistPath,
      persistIntervalMs: this.options.persistIntervalMs,
+      auth: this.options.auth,
+      tls: this.options.tls,
    });

    this.resolvedConnectionUri = result.connectionUri;
@@ -142,7 +172,8 @@ export class SmartdbServer {
      const encodedPath = encodeURIComponent(this.options.socketPath);
      return `mongodb://${encodedPath}`;
    }
-    return `mongodb://${this.options.host ?? '127.0.0.1'}:${this.options.port ?? 27017}`;
+    const baseUri = `mongodb://${this.options.host ?? '127.0.0.1'}:${this.options.port ?? 27017}`;
+    return this.options.tls?.enabled ? `${baseUri}/?tls=true` : baseUri;
  }

  /**