feat: add staticAuthService and examples

Author: zeruk

examples/auth/static-credentials/README.md

@@ -0,0 +1,8 @@
+# Authenticate with service account key file credentials
+
+`static-credentials` example provides the code snippet for authenticating to YDB with the static credentials (user and password).
+
+## Running code snippet
+```bash
+npm run auth:static-credentials -- --connection-string "grpcs://endpoint/?database=database" --user "user" --password "password"
+```

examples/auth/static-credentials/index.ts

@@ -0,0 +1,4 @@
+import {main} from '../../utils';
+import {options, run} from './snippet';
+
+main(run, options);

examples/auth/static-credentials/snippet.ts

@@ -0,0 +1,24 @@
+import {Driver, StaticCredentialsAuthService, Logger} from 'ydb-sdk';
+
+export async function run(logger: Logger, endpoint: string, database: string, args?: any) {
+    logger.info('Driver initializing...');
+    const {user, password} = args;
+    const authService = new StaticCredentialsAuthService(user, password, endpoint)
+    const driver = new Driver({endpoint, database, authService});
+    const timeout = 100000;
+    if (!await driver.ready(timeout)) {
+        logger.fatal(`Driver has not become ready in ${timeout}ms!`);
+        process.exit(1);
+    }
+    logger.info('Done');
+}
+
+export const options = [{
+    key: 'user',
+    name: 'user',
+    description: 'user for YDB authentication',
+},{
+    key: 'password',
+    name: 'password',
+    description: 'password for YDB authentication',
+}];

examples/package.json

@@ -10,6 +10,7 @@
     "auth:environ": "node build/auth/environ/index.js",
     "auth:metadata-credentials": "node build/auth/metadata-credentials/index.js",
     "auth:service-account-credentials": "node build/auth/service-account-credentials/index.js",
+    "auth:static-credentials": "node build/auth/static-credentials/index.js",
     "bulk-upsert": "node build/bulk-upsert/index.js",
     "read-table": "node build/read-table/index.js",
     "scan-query": "node build/scan-query/index.js",

src/credentials.ts

@@ -1,12 +1,13 @@
 import * as grpc from '@grpc/grpc-js';
 import jwt from 'jsonwebtoken';
 import {DateTime} from 'luxon';
-import {GrpcService, sleep, withTimeout} from "./utils";
+import {getOperationPayload, GrpcService,  sleep, withTimeout} from "./utils";
 import {MetadataTokenService} from '@yandex-cloud/nodejs-sdk/dist/token-service/metadata-token-service';
 import {TokenService} from "@yandex-cloud/nodejs-sdk/dist/types";
-import {yandex} from "ydb-sdk-proto";
+import {yandex, Ydb} from "ydb-sdk-proto";
 import {ISslCredentials, makeDefaultSslCredentials} from './ssl-credentials';
 import IamTokenService = yandex.cloud.iam.v1.IamTokenService;
+import AuthServiceResult = Ydb.Auth.LoginResult;
 import ICreateIamTokenResponse = yandex.cloud.iam.v1.ICreateIamTokenResponse;
 
 function makeCredentialsMetadata(token: string): grpc.Metadata {
@@ -39,6 +40,90 @@ export class AnonymousAuthService implements IAuthService {
     }
 }
 
+
+export class StaticCredentialsAuthService implements IAuthService {
+    private tokenExpirationTimeout =  30 * 60 * 1000;
+    private tokenRequestTimeout = 10 * 1000;
+    private tokenTimestamp: DateTime|null;
+    private token: string = '';
+    private tokenUpdateInProgress: Boolean = false;
+    private user: string;
+    private password: string;
+    private endpoint: string
+    private sslCredentials: ISslCredentials | undefined
+
+    private readonly GrpcService = class extends GrpcService<Ydb.Auth.V1.AuthService> {
+        constructor(endpoint: string, sslCredentials?: ISslCredentials) {
+            super(endpoint, 'Ydb.Auth.V1.AuthService', Ydb.Auth.V1.AuthService, sslCredentials)
+        }
+
+        login(request: Ydb.Auth.ILoginRequest) {
+            return this.api.login(request)
+        }
+
+        destroy() { this.api.end() }
+    
+    }
+
+    constructor(user: string, password: string, endpoint: string, sslCredentials?: ISslCredentials) {
+        this.user = user;
+        this.password = password;
+        this.endpoint = endpoint;
+        this.sslCredentials = sslCredentials
+        this.tokenTimestamp = null;
+    }
+
+    private get expired() {
+        return !this.tokenTimestamp || (
+            DateTime.utc().diff(this.tokenTimestamp).valueOf() > this.tokenExpirationTimeout
+        );
+    }
+
+    private async sendTokenRequest(): Promise<AuthServiceResult> {
+        let runtimeAuthService = new this.GrpcService(this.endpoint, this.sslCredentials)
+        try {
+            const tokenPromise = runtimeAuthService.login({
+                user: this.user,
+                password: this.password
+            });
+            const response = await withTimeout<Ydb.Auth.LoginResponse>(tokenPromise, this.tokenRequestTimeout);
+            const result = AuthServiceResult.decode(getOperationPayload(response));
+            runtimeAuthService.destroy()
+            return result
+        } catch (error) {
+            throw new Error("Can't login by user and password " + String(error))
+        }
+        
+    }
+
+    private async updateToken() {
+        this.tokenUpdateInProgress = true
+        const {token} = await this.sendTokenRequest();
+        if (token) {
+            this.token = token;
+            this.tokenTimestamp = DateTime.utc();
+            this.tokenUpdateInProgress = false
+        } else {
+            this.tokenUpdateInProgress = false
+            throw new Error('Received empty token from credentials!');
+        }
+    }
+
+    private async waitUntilTokenUpdated() {
+        while (this.tokenUpdateInProgress) { await sleep(1) }
+        return
+    }
+
+    public async getAuthMetadata(): Promise<grpc.Metadata> {
+        if (this.expired) {
+            // block updateToken calls while token updating
+            if(this.tokenUpdateInProgress) await this.waitUntilTokenUpdated()
+            else await this.updateToken();
+        }
+        return makeCredentialsMetadata(this.token);
+    }
+}
+
 export class TokenAuthService implements IAuthService {
     constructor(private token: string) {}
 

src/index.ts

@@ -65,6 +65,7 @@ export {
     IamAuthService,
     TokenAuthService,
     MetadataAuthService,
+    StaticCredentialsAuthService
 } from './credentials';
 export {ISslCredentials} from './ssl-credentials';
 export {withRetries, RetryParameters} from './retries';