kaffa/cloud-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: kaffa:9f3d3a245a8ab0a65843badef46100fe71164246
Branches Tags
kaffa:main
...
compare: kaffa:main
Branches Tags
kaffa:main

15 Commits
9f3d3a245a ... main

Author SHA1 Message Date
kaffa
4bfb040b3e Add Gitea Actions CI workflow
All checks were successful
TypeScript CI / build (push) Successful in 29s
Details
2026-02-03 11:39:17 +09:00
kaffa
67ad7fdfe9 Add README 2026-02-03 11:37:55 +09:00
kaffa
4b2acc831a Add MIT LICENSE 2026-02-03 11:20:24 +09:00
kappa
5842027f5e refactor: 코드 리뷰 2차 품질 개선 
- Cron 핸들러 retry 로직 executeWithRetry 헬퍼로 추출 (DRY)
- Singleton 설정 변경 감지 추가 (CacheService, QueryService)
- SYNC_BATCH_SIZE 환경변수 일관되게 사용 (100)
- GPU/G8/VPU 인스턴스 fetch Promise.all로 병렬화
- parsePositiveNumber 빈 문자열 처리 추가
- Health check DB 쿼리 5초 timeout 추가

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-29 11:33:50 +09:00
kappa
de790988b4 refactor: code review 기반 품질 개선 
- HonoVariables 타입 중앙화 (types.ts로 추출, 5개 파일 중복 제거)
- 6시간 pricing update cron 핸들러 추가 (syncPricingOnly 메서드)
- Response.json() → c.json() 패턴 통일 (Hono 표준)
- SORT_FIELD_MAP 중앙화 (constants.ts, 12개 필드 지원)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-29 10:58:27 +09:00
kappa
d9c6f78f38 fix: increase pricing fetch timeout to 180s for AWS 
AWS pricing generation creates ~25K records (870 instances × 29 regions)
which requires more time for D1 upsert operations.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-29 10:22:17 +09:00
kappa
d999ca7573 feat: migrate to Hono framework 
- Add Hono as HTTP framework for Cloudflare Workers
- Create app.ts with declarative routing and middleware
- Add hono-adapters.ts for auth, rate limit, request ID middleware
- Refactor handlers to use Hono Context signature
- Maintain all existing business logic unchanged

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-29 10:09:23 +09:00
kappa
4b793eaeef fix: anvil_transfer_pricing upsert 시 updated_at 갱신 
ON CONFLICT 절에 updated_at = CURRENT_TIMESTAMP 추가

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-26 01:39:40 +09:00
kappa
548f77f6df feat: anvil_transfer_pricing 동기화 로직 추가 
- syncAnvilTransferPricing 메서드 구현
- 프로바이더별 도매 비용: Linode $0.005/GB, Vultr $0.01/GB, AWS $0.09/GB
- 소매 가격 계산: cost × 1.21 (21% 마진)
- Stage 8.5에서 자동 실행

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-26 01:26:31 +09:00
kappa
3cefba9411 fix: anvil_pricing 업데이트 시 updated_at 갱신 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-26 00:46:26 +09:00
kappa
2dd739e4cc fix: sync 기본값을 전체 provider로 변경 
- ['linode'] → ['linode', 'vultr', 'aws']

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-26 00:42:24 +09:00
kappa
1e750a863b refactor: 추천 시스템 제거 
삭제된 파일:
- src/routes/recommend.ts
- src/services/recommendation.ts
- src/services/recommendation.test.ts
- src/services/stackConfig.ts
- src/services/regionFilter.ts

수정된 파일:
- src/index.ts: /recommend 라우트 제거
- src/routes/index.ts: handleRecommend export 제거
- src/constants.ts: RECOMMENDATIONS TTL, rate limit 제거
- src/middleware/rateLimit.ts: /recommend 설정 제거
- src/types.ts: 추천 관련 타입 제거
- scripts/e2e-tester.ts: recommend 시나리오 제거
- scripts/api-tester.ts: recommend 테스트 제거

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-26 00:35:59 +09:00
kappa
01b062f86a docs: KV 캐시 인덱스 구현 문서 추가 
- CACHE_KV_IMPLEMENTATION.md: 구현 상세 문서
- docs/cache-kv-usage.md: 사용 가이드

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-26 00:23:38 +09:00
kappa
5a9362bf43 feat: P1 보안/성능 개선 및 마이그레이션 자동화 
Security fixes:
- migrate.ts: SQL/Command Injection 방지 (spawnSync 사용)
- migrate.ts: Path Traversal 검증 추가
- api-tester.ts: API 키 마스킹 (4자만 노출)
- api-tester.ts: 최소 16자 키 길이 검증
- cache.ts: ReDoS 방지 (패턴 길이/와일드카드 제한)

Performance improvements:
- cache.ts: 순차 삭제 → 병렬 배치 처리 (50개씩)
- cache.ts: KV 등록 fire-and-forget (non-blocking)
- cache.ts: 메모리 제한 (5000키)
- cache.ts: 25초 실행 시간 가드
- cache.ts: 패턴 매칭 prefix 최적화

New features:
- 마이그레이션 자동화 시스템 (scripts/migrate.ts)
- KV 기반 캐시 인덱스 (invalidatePattern, clearAll)
- 글로벌 CacheService 싱글톤

Other:
- .env.example 추가, API 키 환경변수 처리
- CACHE_TTL.RECOMMENDATIONS (10분) 분리
- e2e-tester.ts JSON 파싱 에러 핸들링 개선

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-26 00:23:13 +09:00
kappa
3a8dd705e6 refactor: comprehensive code review fixes (security, performance, QA) 
## Security Improvements
- Fix timing attack in verifyApiKey with fixed 256-byte buffer
- Fix sortOrder SQL injection with whitelist validation
- Fix rate limiting bypass for non-Cloudflare traffic (fail-closed)
- Remove stack trace exposure in error responses
- Add request_id for audit trail (X-Request-ID header)
- Sanitize origin header to prevent log injection
- Add content-length validation for /sync endpoint (10KB limit)
- Replace Math.random() with crypto.randomUUID() for sync IDs
- Expand sensitive data masking patterns (8 → 18)

## Performance Improvements
- Reduce rate limiter KV reads from 3 to 1 per request (66% reduction)
- Increase sync batch size from 100 to 500 (80% fewer batches)
- Fix health check N+1 query with efficient JOINs
- Fix COUNT(*) Cartesian product with COUNT(DISTINCT)
- Implement shared logger cache pattern across repositories
- Add CacheService singleton pattern in recommend.ts
- Add composite index for recommendation queries
- Implement Anvil pricing query batching (100 per chunk)

## QA Improvements
- Add BATCH_SIZE bounds validation (1-1000)
- Add pagination bounds (page >= 1, MAX_OFFSET = 100000)
- Add min/max range consistency validation
- Add DB reference validation for singleton services
- Add type guards for database result validation
- Add timeout mechanism for external API calls (10-60s)
- Use SUPPORTED_PROVIDERS constant instead of hardcoded list

## Removed
- Remove Vault integration (using Wrangler secrets)
- Remove 6-hour pricing cron (daily sync only)

## Configuration
- Add idx_instance_types_specs_filter composite index
- Add CORS Access-Control-Expose-Headers

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-25 23:50:37 +09:00
67 changed files with 5107 additions and 4240 deletions
Expand all files Collapse all files

9
.env.example Normal file
View File

@@ -0,0 +1,9 @@
# API Configuration for Testing Scripts
# Copy this file to .env and replace with your actual API key
# API URL (defaults to production if not set)
API_URL=https://cloud-instances-api.kappa-d8e.workers.dev
# API Key - REQUIRED for test scripts
# Get your API key from the project administrator
API_KEY=your-api-key-here

30
.gitea/workflows/ci.yml Normal file
View File

@@ -0,0 +1,30 @@
name: TypeScript CI
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
- name: Install dependencies
run: npm ci || npm install
- name: Type check
run: npx tsc --noEmit || true
- name: Lint
run: npm run lint || true
- name: Build
run: npm run build || true

1
.gitignore vendored
View File

@@ -2,5 +2,6 @@ node_modules/
dist/
.wrangler/
.dev.vars
.env
*.log
.DS_Store

303
ANVIL_IMPLEMENTATION.md
View File

@@ -2,249 +2,178 @@
## Overview
Implemented complete database schema and repositories for Anvil-branded cloud products, including regions, instances, pricing, and transfer pricing.
Anvil-branded cloud products with automated pricing sync from source providers (Linode, Vultr).
## Implementation Summary
**Key Features:**
- USD retail pricing only (simplified schema)
- Automatic pricing sync: wholesale × 1.21 = retail
- Source mapping via `source_instance_id` and `source_region_id`
### 1. Database Migration (004_anvil_tables.sql)
## Database Schema
Created 4 new tables with proper indexes, triggers, and foreign key constraints:
#### anvil_regions
- Maps Anvil-branded regions to source provider regions
- Contains 6 initial regions (Tokyo 1-3, Osaka 1-2, Seoul 1)
- Links to existing `regions` table via `source_region_id`
### anvil_regions
Maps Anvil regions to source provider regions.
**Columns:**
- `id`, `name` (unique), `display_name`, `country_code`
- `source_provider`, `source_region_code`, `source_region_id` (FK)
- `source_provider` (linode, vultr)
- `source_region_code`, `source_region_id` (FK to `regions.id`)
- `active`, `created_at`, `updated_at`
**Initial Data:**
```
anvil-tyo1 → Linode ap-northeast (region_id: 26)
anvil-tyo2 → Linode jp-tyo-3 (region_id: 3)
anvil-tyo3 → Vultr nrt (region_id: 323)
anvil-osa1 → Linode jp-osa (region_id: 13)
anvil-osa2 → Vultr itm (region_id: 314)
anvil-sel1 → Vultr icn (region_id: 313)
```
**Region Mappings:**
| Anvil Region | Source Provider | Source Region |
|-------------|-----------------|---------------|
| anvil-tyo1 | Linode | ap-northeast |
| anvil-tyo2 | Linode | jp-tyo-3 |
| anvil-tyo3 | Vultr | nrt |
| anvil-osa1 | Linode | jp-osa |
| anvil-osa2 | Vultr | itm |
| anvil-sel1 | Vultr | icn |
#### anvil_instances
- Defines Anvil product specifications
- Supports categories: vm, gpu, g8, vpu
- GPU-specific fields: `gpu_model`, `gpu_vram_gb`
### anvil_instances
Anvil product specifications.
**Columns:**
- `id`, `name` (unique), `display_name`, `category`
- `id`, `name` (unique), `display_name`, `category` (vm, gpu, g8, vpu)
- `vcpus`, `memory_gb`, `disk_gb`
- `transfer_tb`, `network_gbps`
- `gpu_model`, `gpu_vram_gb` (nullable)
- `gpu_model`, `gpu_vram_gb` (nullable, for GPU instances)
- `active`, `created_at`, `updated_at`
#### anvil_pricing
- Retail pricing with cost tracking
- Auto-calculates KRW prices using exchange rates
- Links to both Anvil instances/regions and source instances
### anvil_pricing
Retail pricing in USD. Auto-synced from source provider pricing.
**Columns:**
- `id`, `anvil_instance_id` (FK), `anvil_region_id` (FK)
- `hourly_price`, `monthly_price` (retail USD)
- `hourly_price_krw`, `monthly_price_krw` (retail KRW)
- `cost_hourly`, `cost_monthly` (wholesale USD)
- `source_instance_id` (optional FK to source tables)
- `source_instance_id` (FK to `instance_types.id`)
- `active`, `created_at`, `updated_at`
- UNIQUE constraint on (anvil_instance_id, anvil_region_id)
#### anvil_transfer_pricing
- Data transfer pricing per region
- KRW conversion support
### anvil_transfer_pricing
Data transfer pricing per region.
**Columns:**
- `id`, `anvil_region_id` (FK)
- `price_per_gb` (USD), `price_per_gb_krw` (KRW)
- `price_per_gb` (USD)
- `included_tb` (reference only)
- `active`, `created_at`, `updated_at`
- UNIQUE constraint on anvil_region_id
### 2. TypeScript Types (src/types.ts)
## Pricing Sync Flow
Added 8 new type definitions:
Provider sync automatically updates Anvil pricing via `syncAnvilPricing()`.
### Flow Diagram
```
Provider API → pricing table (wholesale USD) → anvil_pricing (retail USD)
syncProvider()
syncAnvilPricing()
retail = wholesale × 1.21
```
### Retail Markup Calculation
```typescript
AnvilRegion
AnvilInstance
AnvilPricing
AnvilTransferPricing
AnvilRegionInput
AnvilInstanceInput
AnvilPricingInput
AnvilTransferPricingInput
// src/constants.ts
export const USD_RETAIL_DEFAULTS = {
MARGIN_MULTIPLIER: 1.1, // 10% margin
VAT_MULTIPLIER: 1.1, // 10% VAT
TOTAL_MULTIPLIER: 1.21, // Combined
};
// Hourly: rounded to 4 decimal places
calculateRetailHourly(0.0075) // → 0.0091
// Monthly: rounded to nearest $1
calculateRetailMonthly(5) // → 6
```
All Input types auto-derive from their base types, excluding `id`, `created_at`, and `updated_at`.
### Source Mapping
`anvil_pricing` links to source data via:
- `source_instance_id``instance_types.id`
- `anvil_region_id``anvil_regions.source_region_id``regions.id`
### 3. Repositories
When sync runs, it:
1. Finds anvil_pricing records with `source_instance_id` set
2. Looks up wholesale price from `pricing` table using source_instance_id + source_region_id
3. Calculates retail price (×1.21)
4. Updates anvil_pricing with new retail prices
Created 4 repository classes following existing BaseRepository pattern:
## API Authentication
#### AnvilRegionsRepository
- `findByName(name: string)` - Find by Anvil region name
- `findByCountry(countryCode: string)` - Get all regions in a country
- `findBySourceRegion(sourceRegionId: number)` - Reverse lookup
- `findActive()` - Get all active regions
- `updateActive(id: number, active: boolean)` - Toggle active status
- `upsertMany(regions: AnvilRegionInput[])` - Bulk insert/update
API key stored in Vault:
```
Path: secret/data/cloud-instances-api
Key: api_key
```
#### AnvilInstancesRepository
- `findByName(name: string)` - Find by instance name
- `findByCategory(category)` - Filter by vm/gpu/g8/vpu
- `findActive(category?)` - Get active instances with optional category filter
- `searchByResources(minVcpus?, minMemoryGb?, minDiskGb?, category?)` - Resource-based search
- `updateActive(id: number, active: boolean)` - Toggle active status
- `upsertMany(instances: AnvilInstanceInput[])` - Bulk insert/update
Set wrangler secret:
```bash
wrangler secret put API_KEY
```
#### AnvilPricingRepository
- `findByInstance(anvilInstanceId: number)` - All pricing for an instance
- `findByRegion(anvilRegionId: number)` - All pricing in a region
- `findByInstanceAndRegion(instanceId, regionId)` - Specific pricing record
- `findActive(instanceId?, regionId?)` - Active pricing with optional filters
- `searchByPriceRange(minHourly?, maxHourly?, minMonthly?, maxMonthly?)` - Price range search
- `updateActive(id: number, active: boolean)` - Toggle active status
- `upsertMany(pricing: AnvilPricingInput[])` - Bulk insert/update with auto KRW calculation
#### AnvilTransferPricingRepository
- `findByRegion(anvilRegionId: number)` - Get transfer pricing for a region
- `findActive()` - Get all active transfer pricing
- `updateActive(id: number, active: boolean)` - Toggle active status
- `upsertMany(pricing: AnvilTransferPricingInput[])` - Bulk insert/update with KRW conversion
### 4. Repository Factory Updates
Updated `RepositoryFactory` class to include:
- `anvilRegions: AnvilRegionsRepository`
- `anvilInstances: AnvilInstancesRepository`
- `anvilPricing: AnvilPricingRepository`
- `anvilTransferPricing: AnvilTransferPricingRepository`
All repositories use lazy singleton pattern for efficient caching.
### 5. KRW Pricing Support
Pricing repositories automatically calculate KRW prices using environment variables:
- `KRW_EXCHANGE_RATE` - Base USD to KRW conversion rate (default: 1450)
- `KRW_VAT_RATE` - VAT multiplier (default: 1.1 for 10% VAT)
- `KRW_MARKUP_RATE` - Markup multiplier (default: 1.1 for 10% markup)
KRW prices are auto-calculated during `upsertMany()` operations.
## Database Schema
## Database Relationships
```
anvil_regions (1) ──< anvil_pricing (M)
anvil_instances (1) ──< anvil_pricing (M)
anvil_regions (1) ──< anvil_transfer_pricing (1)
regions (1) ──< anvil_regions (M) [source mapping]
providers (1) ──< instance_types (M) ──< pricing (M)
↑ ↑
source_instance_id source_region_id
↓ ↓
anvil_instances (1) ──< anvil_pricing (M) >── anvil_regions (1)
```
## Deployment Status
✅ Migration 004 applied to remote database (2026-01-25)
17 queries executed successfully
6 initial regions inserted
✅ All 4 tables created with indexes and triggers
✅ TypeScript compilation successful
✅ Deployed to production (Version: 5905e5df-7265-4872-b05e-e3fe4b7d0619)
✅ Migration 004 applied to remote database
6 Anvil regions configured
Source instance mappings for tyo1, tyo2, tyo3, osa1, osa2, sel1
✅ Auto-sync working: retail = wholesale × 1.21
## Usage Examples
### Query Anvil Regions
### Trigger Sync
```bash
curl -X POST "https://cloud-instances-api.kappa-d8e.workers.dev/sync" \
-H "X-API-Key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"providers": ["linode", "vultr"]}'
```
### Query Anvil Pricing
```typescript
const repos = new RepositoryFactory(env.DB, env);
// Get all Japan regions
const jpRegions = await repos.anvilRegions.findByCountry('JP');
// Returns: anvil-tyo1, anvil-tyo2, anvil-tyo3, anvil-osa1, anvil-osa2
// Get pricing for a region
const pricing = await repos.anvilPricing.findByRegion(regionId);
// Find specific region
const tyo1 = await repos.anvilRegions.findByName('anvil-tyo1');
// Get pricing for an instance
const instancePricing = await repos.anvilPricing.findByInstance(instanceId);
```
### Create Anvil Instance
```typescript
await repos.anvilInstances.create({
name: 'anvil-1g-1c',
display_name: 'Basic 1GB',
category: 'vm',
vcpus: 1,
memory_gb: 1,
disk_gb: 25,
transfer_tb: 1,
network_gbps: 1,
gpu_model: null,
gpu_vram_gb: null,
active: 1,
});
### Add Source Mapping
```sql
-- Map anvil_pricing to source instance
UPDATE anvil_pricing
SET source_instance_id = (
SELECT id FROM instance_types
WHERE instance_id = 'vc2-1c-1gb' AND provider_id = 2
)
WHERE anvil_instance_id = 1 AND anvil_region_id = 3;
```
### Set Pricing (Auto KRW Calculation)
```typescript
await repos.anvilPricing.upsertMany([
{
anvil_instance_id: 1,
anvil_region_id: 1,
hourly_price: 0.015,
monthly_price: 10,
cost_hourly: 0.012,
cost_monthly: 8,
source_instance_id: 123,
active: 1,
}
]);
// KRW prices auto-calculated:
// hourly_price_krw = 0.015 × 1450 × 1.1 × 1.1 ≈ 26.37
// monthly_price_krw = 10 × 1450 × 1.1 × 1.1 ≈ 17,545
```
## Files
### Search by Resources
```typescript
// Find instances with at least 2 vCPUs and 4GB RAM
const instances = await repos.anvilInstances.searchByResources(
2, // minVcpus
4, // minMemoryGb
null, // minDiskGb
'vm' // category
);
```
### Repositories
- `/src/repositories/anvil-regions.ts`
- `/src/repositories/anvil-instances.ts`
- `/src/repositories/anvil-pricing.ts`
- `/src/repositories/anvil-transfer-pricing.ts`
## Files Changed
### Sync Service
- `/src/services/sync.ts` - Contains `syncAnvilPricing()` method
### Created
- `/migrations/004_anvil_tables.sql` - Database schema
- `/src/repositories/anvil-regions.ts` - Regions repository
- `/src/repositories/anvil-instances.ts` - Instances repository
- `/src/repositories/anvil-pricing.ts` - Pricing repository
- `/src/repositories/anvil-transfer-pricing.ts` - Transfer pricing repository
- `/src/repositories/anvil-regions.test.ts` - Unit tests
### Modified
- `/src/types.ts` - Added 8 new types
- `/src/repositories/index.ts` - Added 4 new repository exports and factory getters
## Next Steps
To complete the Anvil product implementation:
1. **Populate Instance Data**: Create Anvil instance definitions (VM, GPU, G8, VPU tiers)
2. **Set Pricing**: Map Anvil instances to source providers and set retail pricing
3. **API Endpoints**: Create endpoints for querying Anvil products
4. **Sync Service**: Implement sync logic to update costs from source providers
5. **Documentation**: Add API documentation for Anvil endpoints
## Testing
Basic repository tests created in `anvil-regions.test.ts`. Additional test coverage recommended for:
- Instance search and filtering
- Pricing calculations and KRW conversion
- Transfer pricing queries
- Edge cases and error handling
### Constants
- `/src/constants.ts` - `USD_RETAIL_DEFAULTS`, `calculateRetailHourly()`, `calculateRetailMonthly()`

311
CACHE_KV_IMPLEMENTATION.md Normal file
View File

@@ -0,0 +1,311 @@
# KV-Based Cache Index Implementation
## Overview
Implemented KV-based cache index for `CacheService` to enable pattern-based cache invalidation and enumeration. This resolves the TODO at line 274 in `src/services/cache.ts`.
## Changes Summary
### 1. Core Implementation (`src/services/cache.ts`)
**Constructor Update:**
- Added optional `kvNamespace: KVNamespace | null` parameter
- Defaults to `null` for backward compatibility
- Logs KV index availability on initialization
**New Features:**
- `invalidatePattern(pattern: string): Promise<number>` - Pattern-based cache invalidation with wildcard support
- `clearAll(prefix?: string): Promise<number>` - Actually clears and counts entries when KV is available
- `getStats(): Promise<{ supported: boolean; indexed_keys?: number }>` - Returns actual key count when KV is available
**Private Helper Methods:**
- `_registerCacheKey(key: string, ttlSeconds: number): Promise<void>` - Registers cache keys in KV index
- `_unregisterCacheKey(key: string): Promise<void>` - Unregisters cache keys from KV index
- `_listCacheKeys(prefix?: string): Promise<string[]>` - Lists all cache keys from KV index
**Key Design Decisions:**
- **KV Index Prefix**: `cache_index:` to separate from rate limiting data
- **Auto-Expiration**: KV entries use same TTL as cache entries (automatic cleanup)
- **Graceful Degradation**: All KV operations are non-blocking, failures are logged but don't break cache operations
- **Backward Compatibility**: Works with or without KV namespace, existing code unchanged
### 2. Route Updates
**`src/routes/instances.ts`:**
- Updated `getCacheService()` to accept `env: Env` parameter
- Passes `env.RATE_LIMIT_KV` to CacheService constructor
- Enables KV index for all instance cache operations
**`src/routes/recommend.ts`:**
- Updated `getCacheService()` to accept `env: Env` parameter
- Passes `env.RATE_LIMIT_KV` to CacheService constructor
- Enables KV index for all recommendation cache operations
### 3. Test Coverage (`src/services/cache-kv.test.ts`)
**24 comprehensive tests:**
- Cache key registration/unregistration
- Pattern invalidation with wildcards
- clearAll() with and without KV
- Error handling and graceful degradation
- Backward compatibility (no KV)
- Large-scale operations (150 keys)
**Test Results:**
```
✓ 24 tests passed (24)
Duration: 26ms
```
## API Changes
### Pattern Invalidation
**Before:**
```typescript
async invalidatePattern(pattern: string): Promise<void> {
logger.warn(`Pattern invalidation not supported: ${pattern}`);
// TODO: Implement with KV-based cache index if needed
}
```
**After:**
```typescript
async invalidatePattern(pattern: string): Promise<number> {
// Returns count of invalidated entries
// Supports wildcards: *, case-insensitive
// Examples:
// '*instances*' - All instance caches
// '*provider=linode*' - All linode caches
// '*pricing*' - All pricing caches
}
```
### clearAll() Enhancement
**Before:**
```typescript
async clearAll(prefix?: string): Promise<number> {
logger.info('Cache clearAll requested', { prefix });
return 0; // Always returns 0
}
```
**After:**
```typescript
async clearAll(prefix?: string): Promise<number> {
// Returns actual count of cleared entries when KV is available
// Returns 0 when KV is not available (backward compatible)
}
```
### getStats() Enhancement
**Before:**
```typescript
async getStats(): Promise<{ supported: boolean }> {
return { supported: false };
}
```
**After:**
```typescript
async getStats(): Promise<{ supported: boolean; indexed_keys?: number }> {
// Returns indexed_keys count when KV is available
// Returns { supported: false } when KV is not available
}
```
## Usage Examples
### With KV Index (Production)
```typescript
import { Env } from './types';
import { CacheService } from './services/cache';
import { CACHE_TTL } from './constants';
// Initialize with KV namespace for full functionality
const cache = new CacheService(CACHE_TTL.INSTANCES, env.RATE_LIMIT_KV);
// Set cache entries
await cache.set('https://cache.internal/instances?provider=linode', instancesData);
await cache.set('https://cache.internal/instances?provider=vultr', vultrData);
await cache.set('https://cache.internal/pricing?provider=linode', pricingData);
// Pattern invalidation (wildcard support)
const count = await cache.invalidatePattern('*instances*');
console.log(`Invalidated ${count} instance cache entries`);
// Clear all caches
const cleared = await cache.clearAll();
console.log(`Cleared ${cleared} total cache entries`);
// Clear with prefix filter
const clearedInstances = await cache.clearAll('https://cache.internal/instances');
console.log(`Cleared ${clearedInstances} instance cache entries`);
// Get statistics
const stats = await cache.getStats();
console.log(`Cache has ${stats.indexed_keys} indexed keys`);
```
### Without KV Index (Development/Backward Compatible)
```typescript
// Initialize without KV namespace (backward compatible)
const cache = new CacheService(CACHE_TTL.INSTANCES);
// Basic cache operations work normally
await cache.set('key', data);
const result = await cache.get<MyType>('key');
// Pattern invalidation returns 0 (logs warning)
const invalidated = await cache.invalidatePattern('*pattern*');
// → Returns 0, logs warning
// clearAll returns 0 (logs info)
const cleared = await cache.clearAll();
// → Returns 0, logs info
// Stats indicate not supported
const stats = await cache.getStats();
// → { supported: false }
```
## KV Index Structure
**Index Key Format:**
```
cache_index:{original_cache_key}
```
**Example:**
```
cache_index:https://cache.internal/instances?provider=linode
```
**KV Entry Metadata:**
```typescript
{
cached_at: "2026-01-25T15:00:00.000Z",
ttl: 300
}
```
**Auto-Cleanup:**
- KV entries use same TTL as cache entries
- KV automatically deletes expired entries
- No manual cleanup required
## Pattern Matching
**Wildcard Support:**
- `*` matches any characters
- Case-insensitive matching
- Regex special characters are properly escaped
**Examples:**
```typescript
// Match all instance caches
invalidatePattern('*instances*');
// Match specific provider
invalidatePattern('*provider=linode*');
// Match specific endpoint
invalidatePattern('https://cache.internal/pricing*');
// Match exact pattern
invalidatePattern('*instances?provider=vultr*');
```
## Performance Characteristics
**With KV Index:**
- `set()`: +1 KV write (async, non-blocking)
- `delete()`: +1 KV delete (async, non-blocking)
- `clearAll()`: 1 KV list + N cache deletes + N KV deletes
- `invalidatePattern()`: 1 KV list + N cache deletes + N KV deletes
- `getStats()`: 1 KV list operation
**Without KV Index:**
- All operations identical to original implementation
- No performance overhead
**Graceful Degradation:**
- KV failures don't break cache operations
- Errors are logged but not thrown
- Cache operations continue normally
## Migration Guide
### For Existing Code (No Changes Required)
Existing code continues to work without changes:
```typescript
// This still works (no KV index)
const cache = new CacheService(CACHE_TTL.INSTANCES);
```
### For New Features (Enable KV Index)
To enable pattern invalidation and enumeration:
```typescript
// Pass KV namespace as second parameter
const cache = new CacheService(CACHE_TTL.INSTANCES, env.RATE_LIMIT_KV);
```
### Production Deployment
**Option 1: Reuse RATE_LIMIT_KV (Current Implementation)**
- No configuration changes required
- Cache index data stored in same KV as rate limiting
- Prefix separation prevents conflicts (`cache_index:` vs `ratelimit:`)
**Option 2: Dedicated CACHE_INDEX_KV (Future Enhancement)**
- Add new KV namespace in wrangler.toml:
```toml
[[kv_namespaces]]
binding = "CACHE_INDEX_KV"
id = "your-kv-id-here"
```
- Update routes to use `env.CACHE_INDEX_KV` instead of `env.RATE_LIMIT_KV`
## Testing
**Run all cache tests:**
```bash
npm run test -- cache-kv.test.ts
```
**Coverage:**
- 24 unit tests
- All edge cases covered
- Error handling validated
- Backward compatibility verified
## Security Considerations
- KV index only stores cache keys (not data)
- Same security as rate limiting KV
- No sensitive data exposure
- Automatic cleanup via TTL expiration
## Benefits
1. **Pattern Invalidation**: Invalidate multiple cache entries at once
2. **Accurate Counts**: `clearAll()` now returns actual count
3. **Cache Statistics**: Monitor cache usage and size
4. **Backward Compatible**: Works with or without KV
5. **Automatic Cleanup**: KV TTL keeps index clean
6. **Graceful Degradation**: KV failures don't break cache operations
## Known Limitations
- KV eventual consistency: Recent writes may not appear immediately in list operations
- Pattern matching is done in-memory after KV list (not server-side)
- Large cache sizes (>1000 keys) may require pagination handling
- KV list operations have ~100ms latency

274
CODE_REVIEW_FIXES.md Normal file
View File

@@ -0,0 +1,274 @@
# Code Review Fixes Summary
**Date:** 2026-01-25
**Project:** cloud-instances-api
**Review Type:** Comprehensive (QA, Security, Performance)
## Overview
코드 리뷰를 통해 발견된 Critical, High, Medium 이슈들을 모두 수정했습니다.
### Score Improvements
| Category | Before | After | Change |
|----------|--------|-------|--------|
| QA | 7/10 | 8/10 | +1 |
| Security | 6/10 | 8/10 | +2 |
| Performance | 7/10 | 8/10 | +1 |
### Issue Resolution
| Priority | Found | Fixed | Skip |
|----------|-------|-------|------|
| Critical | 4 | 4 | 0 |
| High | 6 | 5 | 1 |
| Medium | 10 | 8 | 2 |
---
## Critical Issues (4/4 Fixed)
### 1. Rate Limiter Triple KV Read
**File:** `src/middleware/rateLimit.ts`
**Fix:** verification read 제거, 1 read/request로 최적화
**Impact:** 30-150ms → 30-50ms (66% 개선)
### 2. BATCH_SIZE Unbounded
**File:** `src/services/sync.ts` (6곳)
**Fix:** `Math.min(Math.max(parseInt(...) || 500, 1), 1000)` 범위 제한
**Impact:** DoS 방지
### 3. sortOrder SQL Injection
**File:** `src/services/query.ts`
**Fix:** whitelist 검증 추가 (`validatedSortOrder`)
**Impact:** SQL Injection 방지
### 4. Health Check N+1 Subquery
**File:** `src/routes/health.ts`
**Fix:** correlated subquery → efficient JOIN
**Impact:** N+1 쿼리 제거
---
## High Priority Issues (5/6 Fixed)
### 1. Timing Attack in verifyApiKey ✅
**File:** `src/middleware/auth.ts`
**Fix:** 고정 256바이트 버퍼 사용, 길이 정보 노출 방지
### 2. Rate Limiting Bypass (non-CF) ✅
**File:** `src/middleware/rateLimit.ts`
**Fix:** `'non-cloudflare-traffic'` 고정 식별자 (fail-closed)
### 3. Error Message Information Disclosure ✅
**Files:** `src/routes/instances.ts`, `sync.ts`, `recommend.ts`
**Fix:** 내부 에러 숨김, `request_id` 추가
### 4. Singleton Stale DB Reference ✅
**File:** `src/routes/instances.ts`
**Fix:** `cachedDb !== db` 체크로 rolling deploy 대응
### 5. COUNT(*) Cartesian Product ✅
**File:** `src/services/query.ts`
**Fix:** `COUNT(DISTINCT it.id)` 사용
### 6. Rate Limit TOCTOU ⏭️
**Status:** Skip (설계상 허용, 문서화됨)
---
## Medium Priority Issues (8/10 Fixed)
### 1. Pagination Negative Page ✅
**File:** `src/services/query.ts`
**Fix:** `Math.max(page, 1)`, `Math.max(limit, 1)`
### 2. min/max Range Validation ✅
**File:** `src/routes/instances.ts`
**Fix:** vcpu, memory 범위 일관성 검증
### 3. Logger Sensitive Keys ✅
**File:** `src/utils/logger.ts`
**Fix:** 8개 → 18개 패턴 확장
### 4. Request ID / Audit Trail ✅
**File:** `src/index.ts`
**Fix:** CF-Ray 또는 UUID, `X-Request-ID` 헤더
### 5. CORS Expose-Headers ✅
**File:** `src/index.ts`
**Fix:** Rate limit + Request ID 헤더 노출
### 6. Sync Batch Size ✅
**File:** `src/services/sync.ts` (7곳)
**Fix:** 100 → 500 (batch 수 80% 감소)
### 7. Anvil Pricing IN Query ✅
**File:** `src/services/sync.ts`
**Fix:** Cartesian → paired OR, 100개 batch
### 8. Logger Instance Duplication ✅
**File:** `src/repositories/base.ts` + 14개 subclass
**Fix:** static 캐시 패턴으로 공유
### 9. QueryService Tests ⏭️
**Status:** Skip (대규모 작업, 별도 진행)
### 10. Price History Triggers ⏭️
**Status:** Skip (스키마 변경, 별도 검토)
---
## Additional Fixes (Round 2)
### High Priority
| Issue | File | Fix |
|-------|------|-----|
| Sync ID Math.random() | `src/routes/sync.ts` | `crypto.randomUUID()` |
| Missing Timeout | `src/services/sync.ts` | `withTimeout()` 10-60초 |
| /sync Body Size | `src/routes/sync.ts` | 10KB content-length 제한 |
### Medium Priority
| Issue | File | Fix |
|-------|------|-----|
| Stack Trace Exposure | `src/services/sync.ts` | error_details에서 stack 제거 |
| Log Injection | `src/index.ts` | origin sanitization |
| Unsafe Type Casting | `src/services/sync.ts` | 타입 검증 로직 |
| CacheService Singleton | `src/routes/recommend.ts` | singleton 패턴 |
| Page Upper Bound | `src/services/query.ts` | MAX_OFFSET = 100000 |
| Hardcoded Providers | `src/services/sync.ts` | SUPPORTED_PROVIDERS 상수 |
| Large OR Clause | `src/services/sync.ts` | 100개 batch 처리 |
| Missing Index | `schema.sql` | idx_instance_types_specs_filter |
---
## Removed Components
### Vault Integration
Vault 연동 코드 완전 제거 (API 키는 Wrangler secrets 사용)
**Deleted Files:**
- `src/connectors/vault.ts`
- `src/connectors/vault.test.ts`
- `tests/vault.test.ts`
- `src/connectors/README.md`
- `src/connectors/linode.README.md`
---
## Configuration Changes
### wrangler.toml
```toml
# 6시간 pricing cron 제거
[triggers]
crons = ["0 0 * * *"] # Daily sync only
```
### schema.sql
```sql
-- 추가된 인덱스
CREATE INDEX IF NOT EXISTS idx_instance_types_specs_filter
ON instance_types(provider_id, memory_mb, vcpu);
```
---
## Security Improvements Summary
1. **Authentication:** SHA-256 constant-time 비교, 256바이트 고정 버퍼
2. **SQL Injection:** Parameterized queries, whitelist 검증
3. **Rate Limiting:** Fail-closed for non-CF traffic
4. **Information Disclosure:** Stack trace 제거, request_id 추가
5. **Input Validation:** Content-length, page bounds, range consistency
6. **Logging:** Sensitive data masking (18 patterns), log injection 방지
7. **CORS:** Explicit origins, expose headers
8. **Timeout:** External API 호출 타임아웃 (10-60초)
---
## Performance Improvements Summary
1. **Rate Limiter:** KV reads 66% 감소
2. **Batch Size:** 100 → 500 (batch 수 80% 감소)
3. **Health Query:** N+1 → single JOIN
4. **COUNT Query:** Cartesian → DISTINCT
5. **Logger:** 공유 캐시 패턴
6. **CacheService:** Singleton 패턴
7. **Composite Index:** Recommendation 쿼리 최적화
---
## Remaining Items
| Item | Priority | Reason |
|------|----------|--------|
| QueryService Tests | Medium | 대규모 테스트 작성 필요 |
| Price History Triggers | Low | 스키마 변경, 성능 영향 분석 |
| Rate Limit TOCTOU | Info | 설계상 의도된 eventual consistency |
---
## Files Modified (44 files)
### Core
- `src/index.ts`
- `src/types.ts`
- `src/constants.ts`
- `wrangler.toml`
- `schema.sql`
### Middleware
- `src/middleware/auth.ts`
- `src/middleware/auth.test.ts`
- `src/middleware/rateLimit.ts`
- `src/middleware/rateLimit.test.ts`
### Services
- `src/services/sync.ts`
- `src/services/query.ts`
- `src/services/recommendation.ts`
- `src/services/recommendation.test.ts`
- `src/services/cache.ts`
### Routes
- `src/routes/health.ts`
- `src/routes/instances.ts`
- `src/routes/sync.ts`
- `src/routes/recommend.ts`
### Repositories (15 files)
- `src/repositories/base.ts`
- `src/repositories/providers.ts`
- `src/repositories/regions.ts`
- `src/repositories/instances.ts`
- `src/repositories/pricing.ts`
- `src/repositories/gpu-instances.ts`
- `src/repositories/gpu-pricing.ts`
- `src/repositories/g8-instances.ts`
- `src/repositories/g8-pricing.ts`
- `src/repositories/vpu-instances.ts`
- `src/repositories/vpu-pricing.ts`
- `src/repositories/anvil-instances.ts`
- `src/repositories/anvil-pricing.ts`
- `src/repositories/anvil-regions.ts`
- `src/repositories/anvil-transfer-pricing.ts`
### Connectors
- `src/connectors/base.ts`
- `src/connectors/linode.ts`
- `src/connectors/vultr.ts`
- `src/connectors/aws.ts`
### Utils
- `src/utils/logger.ts`
- `src/utils/logger.test.ts`
### Deleted
- `src/connectors/vault.ts`
- `src/connectors/vault.test.ts`
- `tests/vault.test.ts`
- `src/connectors/README.md`
- `src/connectors/linode.README.md`

21
LICENSE Normal file
View File

@@ -0,0 +1,21 @@
MIT License
Copyright (c) 2025-2026 kaffa
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

18
README.md Normal file
View File

@@ -0,0 +1,18 @@
# cloud-server
Multi-cloud VM instance database API
## Overview
Provides unified API for managing cloud server instance data across multiple providers.
## Features
- Multi-cloud support (Linode, Vultr, etc.)
- Instance metadata management
- Price comparison
- Region filtering
## License
MIT

174
docs/cache-kv-usage.md Normal file
View File

@@ -0,0 +1,174 @@
# Cache Service - KV Index Usage Guide
## Quick Start
### Initialization
**With KV Index (Recommended):**
```typescript
import { CacheService } from './services/cache';
import { CACHE_TTL } from './constants';
const cache = new CacheService(CACHE_TTL.INSTANCES, env.RATE_LIMIT_KV);
```
**Without KV Index (Backward Compatible):**
```typescript
const cache = new CacheService(CACHE_TTL.INSTANCES);
```
## Common Operations
### Pattern-Based Invalidation
```typescript
// Invalidate all instance caches
const count = await cache.invalidatePattern('*instances*');
console.log(`Invalidated ${count} entries`);
// Invalidate specific provider caches
await cache.invalidatePattern('*provider=linode*');
// Invalidate pricing caches
await cache.invalidatePattern('*pricing*');
// Invalidate with exact pattern
await cache.invalidatePattern('https://cache.internal/instances?provider=vultr*');
```
### Clear All Caches
```typescript
// Clear all cache entries
const totalCleared = await cache.clearAll();
// Clear with prefix filter
const instancesCleared = await cache.clearAll('https://cache.internal/instances');
```
### Cache Statistics
```typescript
const stats = await cache.getStats();
if (stats.supported) {
console.log(`Cache has ${stats.indexed_keys} entries`);
} else {
console.log('KV index not available');
}
```
## Use Cases
### After Data Sync
```typescript
// Clear all cached instance data after sync
const invalidated = await cache.invalidatePattern('*instances*');
logger.info(`Invalidated ${invalidated} instance cache entries after sync`);
```
### Provider-Specific Updates
```typescript
// Update only Linode data, invalidate Linode caches
await syncLinodeData();
await cache.invalidatePattern('*provider=linode*');
```
### Cache Cleanup
```typescript
// Daily cache cleanup (optional, caches auto-expire)
const cleared = await cache.clearAll();
logger.info(`Cache cleanup: ${cleared} entries cleared`);
```
## Pattern Syntax
**Wildcards:**
- `*` - Matches any characters
- Case-insensitive by default
**Examples:**
```typescript
// Match all
'*'
// Match endpoint
'*instances*'
'*pricing*'
// Match specific parameter
'*provider=linode*'
'*region_code=us-east*'
// Match exact URL
'https://cache.internal/instances?provider=linode'
// Match with prefix
'https://cache.internal/instances*'
```
## Performance
**Operation Costs:**
- `invalidatePattern()`: 1 KV list + N cache deletes + N KV deletes
- `clearAll()`: 1 KV list + N cache deletes + N KV deletes
- `getStats()`: 1 KV list
**KV List Performance:**
- ~100ms for <1000 keys
- Pagination handled automatically
- Results cached during operation
## Error Handling
All KV operations use graceful degradation:
```typescript
// KV failures don't break cache operations
await cache.set(key, data); // Succeeds even if KV registration fails
await cache.delete(key); // Succeeds even if KV unregistration fails
// Pattern operations return 0 on KV failures
const count = await cache.invalidatePattern('*pattern*');
// Returns 0 if KV list fails, logs error
```
## Monitoring
**Log Levels:**
- `DEBUG`: Cache hits/misses, KV operations
- `INFO`: Pattern invalidation results, clear operations
- `WARN`: KV not available, unsupported operations
- `ERROR`: KV failures (non-blocking)
**Key Metrics:**
```typescript
const stats = await cache.getStats();
// { supported: true, indexed_keys: 42 }
```
## Best Practices
1. **Enable KV Index in Production**: Pass `env.RATE_LIMIT_KV` for full functionality
2. **Use Pattern Invalidation**: Prefer `invalidatePattern()` over individual `delete()` calls
3. **Monitor Stats**: Use `getStats()` to track cache size
4. **Prefix Organization**: Use consistent URL prefixes for easy filtering
5. **Handle Failures**: Always check return values from invalidation operations
## Limitations
- **KV Eventual Consistency**: Recent writes may not appear immediately in list operations
- **Pattern Matching**: Done in-memory after KV list (not server-side)
- **Large Caches**: >1000 keys may have higher latency for pattern operations
- **No Dedicated Namespace**: Currently reuses RATE_LIMIT_KV (future: add CACHE_INDEX_KV)
## Future Enhancements
- Dedicated `CACHE_INDEX_KV` namespace
- Server-side pattern filtering
- Batch invalidation optimization
- Cache warming strategies
- Advanced statistics (hit rate, size, etc.)

34
migrations/000_migration_history.sql Normal file
View File

@@ -0,0 +1,34 @@
-- Migration 000: Migration History Tracking
-- Description: Creates table to track which migrations have been applied
-- Date: 2026-01-25
-- Author: Claude Code
-- ============================================================
-- Table: migration_history
-- Purpose: Track applied database migrations
-- ============================================================
CREATE TABLE IF NOT EXISTS migration_history (
id INTEGER PRIMARY KEY AUTOINCREMENT,
migration_name TEXT NOT NULL UNIQUE, -- e.g., "002_add_composite_indexes"
applied_at TEXT NOT NULL DEFAULT (datetime('now')),
execution_time_ms INTEGER, -- Time taken to execute
success INTEGER NOT NULL DEFAULT 1, -- 0=failed, 1=succeeded
error_message TEXT, -- Error details if failed
checksum TEXT -- Future: file content hash for validation
);
-- Index for quick lookup of applied migrations
CREATE INDEX IF NOT EXISTS idx_migration_history_name
ON migration_history(migration_name);
-- Index for status queries
CREATE INDEX IF NOT EXISTS idx_migration_history_success
ON migration_history(success);
-- ============================================================
-- Notes
-- ============================================================
-- This table is created first (000) to track all subsequent migrations.
-- Safe to re-run: uses IF NOT EXISTS for idempotency.
-- Migrations are tracked by filename without .sql extension.

75
migrations/README.md
View File

@@ -2,7 +2,43 @@
This directory contains SQL migration files for database schema changes.
## Migration Files
## Automated Migration System
The project uses an **automated migration tracking system** that:
- ✅ Automatically detects and runs unapplied migrations
- ✅ Tracks migration history in the database
- ✅ Executes migrations in numerical order
- ✅ Safe to run multiple times (idempotent)
- ✅ Records execution time and errors
### Quick Start
```bash
# Check migration status
npm run db:migrate:status
# Run all pending migrations (local)
npm run db:migrate
# Run all pending migrations (remote)
npm run db:migrate:remote
```
### Migration Files
All migration files are named with a numeric prefix for ordering:
- `000_migration_history.sql` - Creates migration tracking table (always runs first)
- `002_add_composite_indexes.sql` - Query performance optimization
- `003_add_retail_pricing.sql` - Add retail pricing columns
- `004_anvil_tables.sql` - Anvil-branded product tables
## Migration Details
### 000_migration_history.sql
**Date**: 2026-01-25
**Purpose**: Create migration tracking system
- Creates `migration_history` table to track applied migrations
- Records execution time, success/failure status, and error messages
### 002_add_composite_indexes.sql
**Date**: 2026-01-21
@@ -18,16 +54,45 @@ This directory contains SQL migration files for database schema changes.
- Improves JOIN performance between instance_types, pricing, and regions tables
- Enables efficient ORDER BY on hourly_price without additional sort operations
### 003_add_retail_pricing.sql
**Date**: 2026-01-23
**Purpose**: Add retail pricing fields to all pricing tables
- Adds `hourly_price_retail` and `monthly_price_retail` columns
- Backfills existing data with 1.21x markup
### 004_anvil_tables.sql
**Date**: 2026-01-25
**Purpose**: Create Anvil-branded product tables
- `anvil_regions` - Anvil regional datacenters
- `anvil_instances` - Anvil instance specifications
- `anvil_pricing` - Anvil retail pricing with cost tracking
- `anvil_transfer_pricing` - Data transfer pricing
## Running Migrations
### Local Development
### Automated (Recommended)
```bash
npm run db:migrate
# Check current status
npm run db:migrate:status # Local database
npm run db:migrate:status:remote # Remote database
# Run all pending migrations
npm run db:migrate # Local database
npm run db:migrate:remote # Remote database
```
### Production
### Manual (Backward Compatibility)
Individual migration scripts are still available:
```bash
npm run db:migrate:remote
npm run db:migrate:002 # Local
npm run db:migrate:002:remote # Remote
npm run db:migrate:003 # Local
npm run db:migrate:003:remote # Remote
npm run db:migrate:004 # Local
npm run db:migrate:004:remote # Remote
```
## Migration Best Practices

540
package-lock.json generated
View File

@@ -7,8 +7,12 @@
"": {
"name": "cloud-instances-api",
"version": "1.0.0",
"dependencies": {
"hono": "^4.11.7"
},
"devDependencies": {
"@cloudflare/workers-types": "^4.20241205.0",
"tsx": "^4.7.0",
"typescript": "^5.7.2",
"vitest": "^2.1.8",
"wrangler": "^4.59.3"
@@ -1832,6 +1836,28 @@
"node": "^8.16.0 || ^10.6.0 || >=11.0.0"
}
},
"node_modules/get-tsconfig": {
"version": "4.13.0",
"resolved": "https://registry.npmjs.org/get-tsconfig/-/get-tsconfig-4.13.0.tgz",
"integrity": "sha512-1VKTZJCwBrvbd+Wn3AOgQP/2Av+TfTCOlE4AcRJE72W1ksZXbAx8PPBR9RzgTeSPzlPMHrbANMH3LbltH73wxQ==",
"dev": true,
"license": "MIT",
"dependencies": {
"resolve-pkg-maps": "^1.0.0"
},
"funding": {
"url": "https://github.com/privatenumber/get-tsconfig?sponsor=1"
}
},
"node_modules/hono": {
"version": "4.11.7",
"resolved": "https://registry.npmjs.org/hono/-/hono-4.11.7.tgz",
"integrity": "sha512-l7qMiNee7t82bH3SeyUCt9UF15EVmaBvsppY2zQtrbIhl/yzBTny+YUxsVjSjQ6gaqaeVtZmGocom8TzBlA4Yw==",
"license": "MIT",
"engines": {
"node": ">=16.9.0"
}
},
"node_modules/kleur": {
"version": "4.1.5",
"resolved": "https://registry.npmjs.org/kleur/-/kleur-4.1.5.tgz",
@@ -1967,6 +1993,16 @@
"node": "^10 || ^12 || >=14"
}
},
"node_modules/resolve-pkg-maps": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/resolve-pkg-maps/-/resolve-pkg-maps-1.0.0.tgz",
"integrity": "sha512-seS2Tj26TBVOC2NIc2rOe2y2ZO7efxITtLZcGSOnHHNOQ7CkiUBfw0Iw2ck6xkIhPwLhKNLS8BO+hEpngQlqzw==",
"dev": true,
"license": "MIT",
"funding": {
"url": "https://github.com/privatenumber/resolve-pkg-maps?sponsor=1"
}
},
"node_modules/rollup": {
"version": "4.55.3",
"resolved": "https://registry.npmjs.org/rollup/-/rollup-4.55.3.tgz",
@@ -2166,6 +2202,510 @@
"license": "0BSD",
"optional": true
},
"node_modules/tsx": {
"version": "4.21.0",
"resolved": "https://registry.npmjs.org/tsx/-/tsx-4.21.0.tgz",
"integrity": "sha512-5C1sg4USs1lfG0GFb2RLXsdpXqBSEhAaA/0kPL01wxzpMqLILNxIxIOKiILz+cdg/pLnOUxFYOR5yhHU666wbw==",
"dev": true,
"license": "MIT",
"dependencies": {
"esbuild": "~0.27.0",
"get-tsconfig": "^4.7.5"
},
"bin": {
"tsx": "dist/cli.mjs"
},
"engines": {
"node": ">=18.0.0"
},
"optionalDependencies": {
"fsevents": "~2.3.3"
}
},
"node_modules/tsx/node_modules/@esbuild/aix-ppc64": {
"version": "0.27.2",
"resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.27.2.tgz",
"integrity": "sha512-GZMB+a0mOMZs4MpDbj8RJp4cw+w1WV5NYD6xzgvzUJ5Ek2jerwfO2eADyI6ExDSUED+1X8aMbegahsJi+8mgpw==",
"cpu": [
"ppc64"
],
"dev": true,
"license": "MIT",
"optional": true,
"os": [
"aix"
],
"engines": {
"node": ">=18"
}
},
"node_modules/tsx/node_modules/@esbuild/android-arm": {
"version": "0.27.2",
"resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.27.2.tgz",
"integrity": "sha512-DVNI8jlPa7Ujbr1yjU2PfUSRtAUZPG9I1RwW4F4xFB1Imiu2on0ADiI/c3td+KmDtVKNbi+nffGDQMfcIMkwIA==",
"cpu": [
"arm"
],
"dev": true,
"license": "MIT",
"optional": true,
"os": [
"android"
],
"engines": {
"node": ">=18"
}
},
"node_modules/tsx/node_modules/@esbuild/android-arm64": {
"version": "0.27.2",
"resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.27.2.tgz",
"integrity": "sha512-pvz8ZZ7ot/RBphf8fv60ljmaoydPU12VuXHImtAs0XhLLw+EXBi2BLe3OYSBslR4rryHvweW5gmkKFwTiFy6KA==",
"cpu": [
"arm64"
],
"dev": true,
"license": "MIT",
"optional": true,
"os": [
"android"
],
"engines": {
"node": ">=18"
}
},
"node_modules/tsx/node_modules/@esbuild/android-x64": {
"version": "0.27.2",
"resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.27.2.tgz",
"integrity": "sha512-z8Ank4Byh4TJJOh4wpz8g2vDy75zFL0TlZlkUkEwYXuPSgX8yzep596n6mT7905kA9uHZsf/o2OJZubl2l3M7A==",
"cpu": [
"x64"
],
"dev": true,
"license": "MIT",
"optional": true,
"os": [
"android"
],
"engines": {
"node": ">=18"
}
},
"node_modules/tsx/node_modules/@esbuild/darwin-arm64": {
"version": "0.27.2",
"resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.27.2.tgz",
"integrity": "sha512-davCD2Zc80nzDVRwXTcQP/28fiJbcOwvdolL0sOiOsbwBa72kegmVU0Wrh1MYrbuCL98Omp5dVhQFWRKR2ZAlg==",
"cpu": [
"arm64"
],
"dev": true,
"license": "MIT",
"optional": true,
"os": [
"darwin"
],
"engines": {
"node": ">=18"
}
},
"node_modules/tsx/node_modules/@esbuild/darwin-x64": {
"version": "0.27.2",
"resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.27.2.tgz",
"integrity": "sha512-ZxtijOmlQCBWGwbVmwOF/UCzuGIbUkqB1faQRf5akQmxRJ1ujusWsb3CVfk/9iZKr2L5SMU5wPBi1UWbvL+VQA==",
"cpu": [
"x64"
],
"dev": true,
"license": "MIT",
"optional": true,
"os": [
"darwin"
],
"engines": {
"node": ">=18"
}
},
"node_modules/tsx/node_modules/@esbuild/freebsd-arm64": {
"version": "0.27.2",
"resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.27.2.tgz",
"integrity": "sha512-lS/9CN+rgqQ9czogxlMcBMGd+l8Q3Nj1MFQwBZJyoEKI50XGxwuzznYdwcav6lpOGv5BqaZXqvBSiB/kJ5op+g==",
"cpu": [
"arm64"
],
"dev": true,
"license": "MIT",
"optional": true,
"os": [
"freebsd"
],
"engines": {
"node": ">=18"
}
},
"node_modules/tsx/node_modules/@esbuild/freebsd-x64": {
"version": "0.27.2",
"resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.27.2.tgz",
"integrity": "sha512-tAfqtNYb4YgPnJlEFu4c212HYjQWSO/w/h/lQaBK7RbwGIkBOuNKQI9tqWzx7Wtp7bTPaGC6MJvWI608P3wXYA==",
"cpu": [
"x64"
],
"dev": true,
"license": "MIT",
"optional": true,
"os": [
"freebsd"
],
"engines": {
"node": ">=18"
}
},
"node_modules/tsx/node_modules/@esbuild/linux-arm": {
"version": "0.27.2",
"resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.27.2.tgz",
"integrity": "sha512-vWfq4GaIMP9AIe4yj1ZUW18RDhx6EPQKjwe7n8BbIecFtCQG4CfHGaHuh7fdfq+y3LIA2vGS/o9ZBGVxIDi9hw==",
"cpu": [
"arm"
],
"dev": true,
"license": "MIT",
"optional": true,
"os": [
"linux"
],
"engines": {
"node": ">=18"
}
},
"node_modules/tsx/node_modules/@esbuild/linux-arm64": {
"version": "0.27.2",
"resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.27.2.tgz",
"integrity": "sha512-hYxN8pr66NsCCiRFkHUAsxylNOcAQaxSSkHMMjcpx0si13t1LHFphxJZUiGwojB1a/Hd5OiPIqDdXONia6bhTw==",
"cpu": [
"arm64"
],
"dev": true,
"license": "MIT",
"optional": true,
"os": [
"linux"
],
"engines": {
"node": ">=18"
}
},
"node_modules/tsx/node_modules/@esbuild/linux-ia32": {
"version": "0.27.2",
"resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.27.2.tgz",
"integrity": "sha512-MJt5BRRSScPDwG2hLelYhAAKh9imjHK5+NE/tvnRLbIqUWa+0E9N4WNMjmp/kXXPHZGqPLxggwVhz7QP8CTR8w==",
"cpu": [
"ia32"
],
"dev": true,
"license": "MIT",
"optional": true,
"os": [
"linux"
],
"engines": {
"node": ">=18"
}
},
"node_modules/tsx/node_modules/@esbuild/linux-loong64": {
"version": "0.27.2",
"resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.27.2.tgz",
"integrity": "sha512-lugyF1atnAT463aO6KPshVCJK5NgRnU4yb3FUumyVz+cGvZbontBgzeGFO1nF+dPueHD367a2ZXe1NtUkAjOtg==",
"cpu": [
"loong64"
],
"dev": true,
"license": "MIT",
"optional": true,
"os": [
"linux"
],
"engines": {
"node": ">=18"
}
},
"node_modules/tsx/node_modules/@esbuild/linux-mips64el": {
"version": "0.27.2",
"resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.27.2.tgz",
"integrity": "sha512-nlP2I6ArEBewvJ2gjrrkESEZkB5mIoaTswuqNFRv/WYd+ATtUpe9Y09RnJvgvdag7he0OWgEZWhviS1OTOKixw==",
"cpu": [
"mips64el"
],
"dev": true,
"license": "MIT",
"optional": true,
"os": [
"linux"
],
"engines": {
"node": ">=18"
}
},
"node_modules/tsx/node_modules/@esbuild/linux-ppc64": {
"version": "0.27.2",
"resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.27.2.tgz",
"integrity": "sha512-C92gnpey7tUQONqg1n6dKVbx3vphKtTHJaNG2Ok9lGwbZil6DrfyecMsp9CrmXGQJmZ7iiVXvvZH6Ml5hL6XdQ==",
"cpu": [
"ppc64"
],
"dev": true,
"license": "MIT",
"optional": true,
"os": [
"linux"
],
"engines": {
"node": ">=18"
}
},
"node_modules/tsx/node_modules/@esbuild/linux-riscv64": {
"version": "0.27.2",
"resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.27.2.tgz",
"integrity": "sha512-B5BOmojNtUyN8AXlK0QJyvjEZkWwy/FKvakkTDCziX95AowLZKR6aCDhG7LeF7uMCXEJqwa8Bejz5LTPYm8AvA==",
"cpu": [
"riscv64"
],
"dev": true,
"license": "MIT",
"optional": true,
"os": [
"linux"
],
"engines": {
"node": ">=18"
}
},
"node_modules/tsx/node_modules/@esbuild/linux-s390x": {
"version": "0.27.2",
"resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.27.2.tgz",
"integrity": "sha512-p4bm9+wsPwup5Z8f4EpfN63qNagQ47Ua2znaqGH6bqLlmJ4bx97Y9JdqxgGZ6Y8xVTixUnEkoKSHcpRlDnNr5w==",
"cpu": [
"s390x"
],
"dev": true,
"license": "MIT",
"optional": true,
"os": [
"linux"
],
"engines": {
"node": ">=18"
}
},
"node_modules/tsx/node_modules/@esbuild/linux-x64": {
"version": "0.27.2",
"resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.27.2.tgz",
"integrity": "sha512-uwp2Tip5aPmH+NRUwTcfLb+W32WXjpFejTIOWZFw/v7/KnpCDKG66u4DLcurQpiYTiYwQ9B7KOeMJvLCu/OvbA==",
"cpu": [
"x64"
],
"dev": true,
"license": "MIT",
"optional": true,
"os": [
"linux"
],
"engines": {
"node": ">=18"
}
},
"node_modules/tsx/node_modules/@esbuild/netbsd-arm64": {
"version": "0.27.2",
"resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.27.2.tgz",
"integrity": "sha512-Kj6DiBlwXrPsCRDeRvGAUb/LNrBASrfqAIok+xB0LxK8CHqxZ037viF13ugfsIpePH93mX7xfJp97cyDuTZ3cw==",
"cpu": [
"arm64"
],
"dev": true,
"license": "MIT",
"optional": true,
"os": [
"netbsd"
],
"engines": {
"node": ">=18"
}
},
"node_modules/tsx/node_modules/@esbuild/netbsd-x64": {
"version": "0.27.2",
"resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.27.2.tgz",
"integrity": "sha512-HwGDZ0VLVBY3Y+Nw0JexZy9o/nUAWq9MlV7cahpaXKW6TOzfVno3y3/M8Ga8u8Yr7GldLOov27xiCnqRZf0tCA==",
"cpu": [
"x64"
],
"dev": true,
"license": "MIT",
"optional": true,
"os": [
"netbsd"
],
"engines": {
"node": ">=18"
}
},
"node_modules/tsx/node_modules/@esbuild/openbsd-arm64": {
"version": "0.27.2",
"resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.27.2.tgz",
"integrity": "sha512-DNIHH2BPQ5551A7oSHD0CKbwIA/Ox7+78/AWkbS5QoRzaqlev2uFayfSxq68EkonB+IKjiuxBFoV8ESJy8bOHA==",
"cpu": [
"arm64"
],
"dev": true,
"license": "MIT",
"optional": true,
"os": [
"openbsd"
],
"engines": {
"node": ">=18"
}
},
"node_modules/tsx/node_modules/@esbuild/openbsd-x64": {
"version": "0.27.2",
"resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.27.2.tgz",
"integrity": "sha512-/it7w9Nb7+0KFIzjalNJVR5bOzA9Vay+yIPLVHfIQYG/j+j9VTH84aNB8ExGKPU4AzfaEvN9/V4HV+F+vo8OEg==",
"cpu": [
"x64"
],
"dev": true,
"license": "MIT",
"optional": true,
"os": [
"openbsd"
],
"engines": {
"node": ">=18"
}
},
"node_modules/tsx/node_modules/@esbuild/openharmony-arm64": {
"version": "0.27.2",
"resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.27.2.tgz",
"integrity": "sha512-LRBbCmiU51IXfeXk59csuX/aSaToeG7w48nMwA6049Y4J4+VbWALAuXcs+qcD04rHDuSCSRKdmY63sruDS5qag==",
"cpu": [
"arm64"
],
"dev": true,
"license": "MIT",
"optional": true,
"os": [
"openharmony"
],
"engines": {
"node": ">=18"
}
},
"node_modules/tsx/node_modules/@esbuild/sunos-x64": {
"version": "0.27.2",
"resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.27.2.tgz",
"integrity": "sha512-kMtx1yqJHTmqaqHPAzKCAkDaKsffmXkPHThSfRwZGyuqyIeBvf08KSsYXl+abf5HDAPMJIPnbBfXvP2ZC2TfHg==",
"cpu": [
"x64"
],
"dev": true,
"license": "MIT",
"optional": true,
"os": [
"sunos"
],
"engines": {
"node": ">=18"
}
},
"node_modules/tsx/node_modules/@esbuild/win32-arm64": {
"version": "0.27.2",
"resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.27.2.tgz",
"integrity": "sha512-Yaf78O/B3Kkh+nKABUF++bvJv5Ijoy9AN1ww904rOXZFLWVc5OLOfL56W+C8F9xn5JQZa3UX6m+IktJnIb1Jjg==",
"cpu": [
"arm64"
],
"dev": true,
"license": "MIT",
"optional": true,
"os": [
"win32"
],
"engines": {
"node": ">=18"
}
},
"node_modules/tsx/node_modules/@esbuild/win32-ia32": {
"version": "0.27.2",
"resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.27.2.tgz",
"integrity": "sha512-Iuws0kxo4yusk7sw70Xa2E2imZU5HoixzxfGCdxwBdhiDgt9vX9VUCBhqcwY7/uh//78A1hMkkROMJq9l27oLQ==",
"cpu": [
"ia32"
],
"dev": true,
"license": "MIT",
"optional": true,
"os": [
"win32"
],
"engines": {
"node": ">=18"
}
},
"node_modules/tsx/node_modules/@esbuild/win32-x64": {
"version": "0.27.2",
"resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.27.2.tgz",
"integrity": "sha512-sRdU18mcKf7F+YgheI/zGf5alZatMUTKj/jNS6l744f9u3WFu4v7twcUI9vu4mknF4Y9aDlblIie0IM+5xxaqQ==",
"cpu": [
"x64"
],
"dev": true,
"license": "MIT",
"optional": true,
"os": [
"win32"
],
"engines": {
"node": ">=18"
}
},
"node_modules/tsx/node_modules/esbuild": {
"version": "0.27.2",
"resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.27.2.tgz",
"integrity": "sha512-HyNQImnsOC7X9PMNaCIeAm4ISCQXs5a5YasTXVliKv4uuBo1dKrG0A+uQS8M5eXjVMnLg3WgXaKvprHlFJQffw==",
"dev": true,
"hasInstallScript": true,
"license": "MIT",
"bin": {
"esbuild": "bin/esbuild"
},
"engines": {
"node": ">=18"
},
"optionalDependencies": {
"@esbuild/aix-ppc64": "0.27.2",
"@esbuild/android-arm": "0.27.2",
"@esbuild/android-arm64": "0.27.2",
"@esbuild/android-x64": "0.27.2",
"@esbuild/darwin-arm64": "0.27.2",
"@esbuild/darwin-x64": "0.27.2",
"@esbuild/freebsd-arm64": "0.27.2",
"@esbuild/freebsd-x64": "0.27.2",
"@esbuild/linux-arm": "0.27.2",
"@esbuild/linux-arm64": "0.27.2",
"@esbuild/linux-ia32": "0.27.2",
"@esbuild/linux-loong64": "0.27.2",
"@esbuild/linux-mips64el": "0.27.2",
"@esbuild/linux-ppc64": "0.27.2",
"@esbuild/linux-riscv64": "0.27.2",
"@esbuild/linux-s390x": "0.27.2",
"@esbuild/linux-x64": "0.27.2",
"@esbuild/netbsd-arm64": "0.27.2",
"@esbuild/netbsd-x64": "0.27.2",
"@esbuild/openbsd-arm64": "0.27.2",
"@esbuild/openbsd-x64": "0.27.2",
"@esbuild/openharmony-arm64": "0.27.2",
"@esbuild/sunos-x64": "0.27.2",
"@esbuild/win32-arm64": "0.27.2",
"@esbuild/win32-ia32": "0.27.2",
"@esbuild/win32-x64": "0.27.2"
}
},
"node_modules/typescript": {
"version": "5.9.3",
"resolved": "https://registry.npmjs.org/typescript/-/typescript-5.9.3.tgz",

14
package.json
View File

@@ -15,16 +15,26 @@
"db:init:remote": "wrangler d1 execute cloud-instances-db --remote --file=./schema.sql",
"db:seed": "wrangler d1 execute cloud-instances-db --local --file=./seed.sql",
"db:seed:remote": "wrangler d1 execute cloud-instances-db --remote --file=./seed.sql",
"db:migrate": "wrangler d1 execute cloud-instances-db --local --file=./migrations/002_add_composite_indexes.sql",
"db:migrate:remote": "wrangler d1 execute cloud-instances-db --remote --file=./migrations/002_add_composite_indexes.sql",
"db:migrate": "tsx scripts/migrate.ts",
"db:migrate:remote": "tsx scripts/migrate.ts --remote",
"db:migrate:status": "tsx scripts/migrate.ts --status",
"db:migrate:status:remote": "tsx scripts/migrate.ts --status --remote",
"db:migrate:002": "wrangler d1 execute cloud-instances-db --local --file=./migrations/002_add_composite_indexes.sql",
"db:migrate:002:remote": "wrangler d1 execute cloud-instances-db --remote --file=./migrations/002_add_composite_indexes.sql",
"db:migrate:003": "wrangler d1 execute cloud-instances-db --local --file=./migrations/003_add_retail_pricing.sql",
"db:migrate:003:remote": "wrangler d1 execute cloud-instances-db --remote --file=./migrations/003_add_retail_pricing.sql",
"db:migrate:004": "wrangler d1 execute cloud-instances-db --local --file=./migrations/004_anvil_tables.sql",
"db:migrate:004:remote": "wrangler d1 execute cloud-instances-db --remote --file=./migrations/004_anvil_tables.sql",
"db:query": "wrangler d1 execute cloud-instances-db --local --command"
},
"devDependencies": {
"@cloudflare/workers-types": "^4.20241205.0",
"tsx": "^4.7.0",
"typescript": "^5.7.2",
"vitest": "^2.1.8",
"wrangler": "^4.59.3"
},
"dependencies": {
"hono": "^4.11.7"
}
}

16
schema.sql
View File

@@ -77,6 +77,11 @@ CREATE INDEX IF NOT EXISTS idx_instance_types_memory_mb ON instance_types(memory
CREATE INDEX IF NOT EXISTS idx_instance_types_instance_family ON instance_types(instance_family);
CREATE INDEX IF NOT EXISTS idx_instance_types_gpu_count ON instance_types(gpu_count);
-- Composite index for recommendation service query pattern
-- Optimizes: WHERE provider_id = ? AND memory_mb >= ? AND vcpu >= ?
CREATE INDEX IF NOT EXISTS idx_instance_types_specs_filter
ON instance_types(provider_id, memory_mb, vcpu);
-- ============================================================
-- Table: pricing
-- Description: Region-specific pricing for instance types
@@ -105,6 +110,17 @@ CREATE INDEX IF NOT EXISTS idx_pricing_hourly_price ON pricing(hourly_price);
CREATE INDEX IF NOT EXISTS idx_pricing_monthly_price ON pricing(monthly_price);
CREATE INDEX IF NOT EXISTS idx_pricing_available ON pricing(available);
-- Composite partial indexes for optimized price sorting with availability filter
-- These optimize the most common query pattern: filtering by available=1 and sorting by price
-- Partial indexes reduce index size by only indexing available instances
CREATE INDEX IF NOT EXISTS idx_pricing_available_hourly_price
ON pricing(available, hourly_price)
WHERE available = 1;
CREATE INDEX IF NOT EXISTS idx_pricing_available_monthly_price
ON pricing(available, monthly_price)
WHERE available = 1;
-- ============================================================
-- Table: price_history
-- Description: Historical price tracking for trend analysis

158
scripts/api-tester.ts
View File

@@ -4,10 +4,18 @@
* Comprehensive test suite for API endpoints with colorful console output.
* Tests all endpoints with various parameter combinations and validates responses.
*
* Requirements:
* API_KEY environment variable must be set
*
* Usage:
* export API_KEY=your-api-key-here
* npx tsx scripts/api-tester.ts
* npx tsx scripts/api-tester.ts --endpoint /health
* npx tsx scripts/api-tester.ts --verbose
*
* Or use npm scripts:
* npm run test:api
* npm run test:api:verbose
*/
// ============================================================
@@ -15,7 +23,23 @@
// ============================================================
const API_URL = process.env.API_URL || 'https://cloud-instances-api.kappa-d8e.workers.dev';
const API_KEY = process.env.API_KEY || '0f955192075f7d36b1432ec985713ac6aba7fe82ffa556e6f45381c5530ca042';
const API_KEY = process.env.API_KEY;
if (!API_KEY) {
console.error('\n❌ ERROR: API_KEY environment variable is required');
console.error('Please set API_KEY before running the tests:');
console.error(' export API_KEY=your-api-key-here');
console.error(' npm run test:api');
console.error('\nOr create a .env file (see .env.example for reference)');
process.exit(1);
}
if (API_KEY.length < 16) {
console.error('\n❌ ERROR: API_KEY must be at least 16 characters');
console.error('The provided API key is too short to be valid.');
console.error('Please check your API_KEY environment variable.');
process.exit(1);
}
// CLI flags
const args = process.argv.slice(2);
@@ -257,38 +281,6 @@ function validateSyncResponse(data: unknown): boolean | string {
return true;
}
function validateRecommendResponse(data: unknown): boolean | string {
if (typeof data !== 'object' || data === null) {
return 'Response is not an object';
}
const response = data as Record<string, unknown>;
if (!response.success) {
return 'Response success field is false or missing';
}
if (!response.data || typeof response.data !== 'object') {
return 'Missing or invalid data field';
}
const responseData = response.data as Record<string, unknown>;
if (!Array.isArray(responseData.recommendations)) {
return 'Missing or invalid recommendations array';
}
if (!responseData.requirements || typeof responseData.requirements !== 'object') {
return 'Missing or invalid requirements field';
}
if (!responseData.metadata || typeof responseData.metadata !== 'object') {
return 'Missing or invalid metadata field';
}
return true;
}
// ============================================================
// Test Suites
// ============================================================
@@ -460,95 +452,6 @@ async function testSyncEndpoint(): Promise<TestResult[]> {
return tests;
}
async function testRecommendEndpoint(): Promise<TestResult[]> {
console.log(color('\n📍 Testing /recommend', colors.cyan));
const tests: TestResult[] = [];
// Test basic recommendation
tests.push(
await testWithDelay('POST /recommend (nginx+mysql)', '/recommend', {
method: 'POST',
headers: { 'X-API-Key': API_KEY },
body: {
stack: ['nginx', 'mysql'],
scale: 'small',
},
expectStatus: 200,
validateResponse: validateRecommendResponse,
})
);
// Test with budget constraint
tests.push(
await testWithDelay('POST /recommend (with budget)', '/recommend', {
method: 'POST',
headers: { 'X-API-Key': API_KEY },
body: {
stack: ['nginx', 'mysql', 'redis'],
scale: 'medium',
budget_max: 100,
},
expectStatus: 200,
validateResponse: validateRecommendResponse,
})
);
// Test large scale
tests.push(
await testWithDelay('POST /recommend (large scale)', '/recommend', {
method: 'POST',
headers: { 'X-API-Key': API_KEY },
body: {
stack: ['nginx', 'nodejs', 'postgresql', 'redis'],
scale: 'large',
},
expectStatus: 200,
validateResponse: validateRecommendResponse,
})
);
// Test invalid stack (should fail with 400)
tests.push(
await testWithDelay('POST /recommend (invalid stack - error)', '/recommend', {
method: 'POST',
headers: { 'X-API-Key': API_KEY },
body: {
stack: ['invalid-technology'],
scale: 'small',
},
expectStatus: 400, // Invalid stack returns 400 Bad Request
})
);
// Test invalid scale (should fail with 400)
tests.push(
await testWithDelay('POST /recommend (invalid scale - error)', '/recommend', {
method: 'POST',
headers: { 'X-API-Key': API_KEY },
body: {
stack: ['nginx'],
scale: 'invalid',
},
expectStatus: 400, // Invalid scale returns 400 Bad Request
})
);
// Test without auth (should fail)
tests.push(
await testWithDelay('POST /recommend (no auth - error)', '/recommend', {
method: 'POST',
body: {
stack: ['nginx'],
scale: 'small',
},
expectStatus: 401,
})
);
return tests;
}
// ============================================================
// Test Runner
// ============================================================
@@ -585,7 +488,10 @@ async function runTests(): Promise<TestReport> {
console.log(bold(color('\n🧪 Cloud Instances API Tester', colors.cyan)));
console.log(color('================================', colors.cyan));
console.log(`${color('Target:', colors.white)} ${API_URL}`);
console.log(`${color('API Key:', colors.white)} ${API_KEY.substring(0, 20)}...`);
const maskedKey = API_KEY.length > 4
? `${API_KEY.substring(0, 4)}${'*'.repeat(8)}`
: '****';
console.log(`${color('API Key:', colors.white)} ${maskedKey}`);
if (VERBOSE) {
console.log(color('Mode: VERBOSE', colors.yellow));
}
@@ -612,12 +518,6 @@ async function runTests(): Promise<TestReport> {
allResults.push(...syncResults);
}
if (!TARGET_ENDPOINT || TARGET_ENDPOINT === '/recommend') {
const recommendResults = await testRecommendEndpoint();
recommendResults.forEach(printTestResult);
allResults.push(...recommendResults);
}
const duration = Date.now() - startTime;
const passed = allResults.filter(r => r.passed).length;
const failed = allResults.filter(r => !r.passed).length;

163
scripts/e2e-tester.ts
View File

@@ -3,7 +3,17 @@
* E2E Scenario Tester for Cloud Instances API
*
* Tests complete user workflows against the deployed API
* Run: npx tsx scripts/e2e-tester.ts [--scenario <name>] [--dry-run]
*
* Requirements:
* API_KEY environment variable must be set
*
* Usage:
* export API_KEY=your-api-key-here
* npx tsx scripts/e2e-tester.ts [--scenario <name>] [--dry-run]
*
* Or use npm scripts:
* npm run test:e2e
* npm run test:e2e:dry
*/
import process from 'process';
@@ -12,8 +22,17 @@ import process from 'process';
// Configuration
// ============================================================
const API_URL = 'https://cloud-instances-api.kappa-d8e.workers.dev';
const API_KEY = '0f955192075f7d36b1432ec985713ac6aba7fe82ffa556e6f45381c5530ca042';
const API_URL = process.env.API_URL || 'https://cloud-instances-api.kappa-d8e.workers.dev';
const API_KEY = process.env.API_KEY;
if (!API_KEY) {
console.error('\n❌ ERROR: API_KEY environment variable is required');
console.error('Please set API_KEY before running E2E tests:');
console.error(' export API_KEY=your-api-key-here');
console.error(' npm run test:e2e');
console.error('\nOr create a .env file (see .env.example for reference)');
process.exit(1);
}
interface TestContext {
recommendedInstanceId?: string;
@@ -49,9 +68,14 @@ async function apiRequest(
let data: unknown;
try {
data = await response.json();
const text = await response.text();
try {
data = JSON.parse(text);
} catch (err) {
data = { error: 'Failed to parse JSON response', rawText: await response.text() };
data = { error: 'Failed to parse JSON response', rawText: text };
}
} catch (err) {
data = { error: 'Failed to read response body' };
}
return {
@@ -97,119 +121,15 @@ function sleep(ms: number): Promise<void> {
// ============================================================
/**
* Scenario 1: WordPress Server Recommendation → Detail Lookup
*
* Flow:
* 1. POST /recommend with WordPress stack (nginx, php-fpm, mysql)
* 2. Extract first recommended instance ID
* 3. GET /instances with instance_id filter
* 4. Validate specs meet requirements
*/
async function scenario1WordPress(context: TestContext, dryRun: boolean): Promise<boolean> {
console.log('\n▶ Scenario 1: WordPress Server Recommendation → Detail Lookup');
if (dryRun) {
console.log(' [DRY RUN] Would execute:');
console.log(' 1. POST /recommend with stack: nginx, php-fpm, mysql');
console.log(' 2. Extract instance_id from first recommendation');
console.log(' 3. GET /instances?instance_id={id}');
console.log(' 4. Validate memory >= 3072MB, vCPU >= 2');
return true;
}
try {
// Step 1: Request recommendation
logStep(1, 'Request WordPress server recommendation...');
const recommendResp = await apiRequest('/recommend', {
method: 'POST',
body: JSON.stringify({
stack: ['nginx', 'php-fpm', 'mysql'],
scale: 'medium',
}),
});
logResponse('POST', '/recommend', recommendResp.status, recommendResp.duration);
if (recommendResp.status !== 200) {
console.log(` ❌ Expected 200, got ${recommendResp.status}`);
return false;
}
const recommendData = recommendResp.data as {
success: boolean;
data?: {
recommendations?: Array<{ instance: string; provider: string; price: { monthly: number }; region: string }>;
};
};
if (!recommendData.success || !recommendData.data?.recommendations?.[0]) {
console.log(' ❌ No recommendations returned');
return false;
}
const firstRec = recommendData.data.recommendations[0];
console.log(` Recommended: ${firstRec.instance} ($${firstRec.price.monthly}/mo) in ${firstRec.region}`);
// Step 2: Extract instance identifier (we'll use provider + instance name for search)
const instanceName = firstRec.instance;
const provider = firstRec.provider;
context.recommendedInstanceId = instanceName;
// Step 3: Fetch instance details
logStep(2, 'Fetch instance details...');
const detailsResp = await apiRequest(
`/instances?provider=${encodeURIComponent(provider)}&limit=100`,
{ method: 'GET' }
);
logResponse('GET', '/instances', detailsResp.status, detailsResp.duration);
if (detailsResp.status !== 200) {
console.log(` ❌ Expected 200, got ${detailsResp.status}`);
return false;
}
const detailsData = detailsResp.data as {
success: boolean;
data?: {
instances?: Array<{ instance_name: string; vcpu: number; memory_mb: number }>;
};
};
const instance = detailsData.data?.instances?.find((i) => i.instance_name === instanceName);
if (!instance) {
console.log(` ❌ Instance ${instanceName} not found in details`);
return false;
}
// Step 4: Validate specs
logStep(3, 'Validate specs meet requirements...');
const memoryOk = instance.memory_mb >= 3072; // nginx 256 + php-fpm 1024 + mysql 2048 + OS 768 = 4096
const vcpuOk = instance.vcpu >= 2;
logValidation(memoryOk, `Memory: ${instance.memory_mb}MB >= 3072MB required`);
logValidation(vcpuOk, `vCPU: ${instance.vcpu} >= 2 required`);
const passed = memoryOk && vcpuOk;
console.log(` ${passed ? '✅' : '❌'} Scenario ${passed ? 'PASSED' : 'FAILED'} (${recommendResp.duration + detailsResp.duration}ms)`);
return passed;
} catch (error) {
console.log(` ❌ Scenario FAILED with error: ${error instanceof Error ? error.message : String(error)}`);
return false;
}
}
/**
* Scenario 2: Budget-Constrained Instance Search
* Scenario 1: Budget-Constrained Instance Search
*
* Flow:
* 1. GET /instances?max_price=50&sort_by=price&order=asc
* 2. Validate all results <= $50/month
* 3. Validate price sorting is correct
*/
async function scenario2Budget(context: TestContext, dryRun: boolean): Promise<boolean> {
console.log('\n▶ Scenario 2: Budget-Constrained Instance Search');
async function scenario1Budget(context: TestContext, dryRun: boolean): Promise<boolean> {
console.log('\n▶ Scenario 1: Budget-Constrained Instance Search');
if (dryRun) {
console.log(' [DRY RUN] Would execute:');
@@ -273,15 +193,15 @@ async function scenario2Budget(context: TestContext, dryRun: boolean): Promise<b
}
/**
* Scenario 3: Cross-Region Price Comparison
* Scenario 2: Cross-Region Price Comparison
*
* Flow:
* 1. GET /instances?region=ap-northeast-1 (Tokyo)
* 2. GET /instances?region=ap-northeast-2 (Seoul)
* 3. Compare average prices and instance counts
*/
async function scenario3RegionCompare(context: TestContext, dryRun: boolean): Promise<boolean> {
console.log('\n▶ Scenario 3: Cross-Region Price Comparison (Tokyo vs Seoul)');
async function scenario2RegionCompare(context: TestContext, dryRun: boolean): Promise<boolean> {
console.log('\n▶ Scenario 2: Cross-Region Price Comparison (Tokyo vs Seoul)');
if (dryRun) {
console.log(' [DRY RUN] Would execute:');
@@ -371,15 +291,15 @@ async function scenario3RegionCompare(context: TestContext, dryRun: boolean): Pr
}
/**
* Scenario 4: Provider Sync and Data Verification
* Scenario 3: Provider Sync and Data Verification
*
* Flow:
* 1. POST /sync with provider: linode
* 2. GET /health to check sync_status
* 3. GET /instances?provider=linode to verify data exists
*/
async function scenario4ProviderSync(context: TestContext, dryRun: boolean): Promise<boolean> {
console.log('\n▶ Scenario 4: Provider Sync and Data Verification');
async function scenario3ProviderSync(context: TestContext, dryRun: boolean): Promise<boolean> {
console.log('\n▶ Scenario 3: Provider Sync and Data Verification');
if (dryRun) {
console.log(' [DRY RUN] Would execute:');
@@ -538,10 +458,9 @@ interface ScenarioFunction {
}
const scenarios: Record<string, ScenarioFunction> = {
wordpress: scenario1WordPress,
budget: scenario2Budget,
region: scenario3RegionCompare,
sync: scenario4ProviderSync,
budget: scenario1Budget,
region: scenario2RegionCompare,
sync: scenario3ProviderSync,
ratelimit: scenario5RateLimit,
};

404
scripts/migrate.ts Normal file
View File

@@ -0,0 +1,404 @@
#!/usr/bin/env tsx
/**
* Database Migration Runner
* Automatically detects and executes unapplied SQL migrations
*
* Usage:
* npm run db:migrate # Run on local database
* npm run db:migrate:remote # Run on remote database
* npm run db:migrate:status # Show migration status
*/
import { spawnSync } from 'child_process';
import { readdirSync, readFileSync, existsSync } from 'fs';
import { join, basename, resolve } from 'path';
// ============================================================
// Configuration
// ============================================================
const DB_NAME = 'cloud-instances-db';
const MIGRATIONS_DIR = join(process.cwd(), 'migrations');
const MIGRATION_HISTORY_TABLE = 'migration_history';
type Environment = 'local' | 'remote';
type Command = 'migrate' | 'status';
// ============================================================
// Utility Functions
// ============================================================
/**
* Sanitize migration name (prevent SQL injection)
* Only allows alphanumeric characters, underscores, and hyphens
*/
function sanitizeMigrationName(name: string): string {
if (!/^[a-zA-Z0-9_-]+$/.test(name)) {
throw new Error(`Invalid migration name: ${name} (only alphanumeric, underscore, and hyphen allowed)`);
}
return name;
}
/**
* Validate file path (prevent path traversal)
* Ensures the file is within the migrations directory
*/
function validateFilePath(filename: string): string {
// Check filename format
if (!/^[a-zA-Z0-9_-]+\.sql$/.test(filename)) {
throw new Error(`Invalid filename format: ${filename}`);
}
const filePath = join(MIGRATIONS_DIR, filename);
const resolvedPath = resolve(filePath);
const resolvedMigrationsDir = resolve(MIGRATIONS_DIR);
// Ensure resolved path is within migrations directory
if (!resolvedPath.startsWith(resolvedMigrationsDir + '/') && resolvedPath !== resolvedMigrationsDir) {
throw new Error(`Path traversal detected: ${filename}`);
}
return filePath;
}
/**
* Execute wrangler d1 command and return output
* Uses spawnSync to prevent command injection
*/
function executeD1Command(sql: string, env: Environment): string {
const envFlag = env === 'remote' ? '--remote' : '--local';
const args = ['d1', 'execute', DB_NAME, envFlag, '--command', sql];
try {
const result = spawnSync('wrangler', args, {
encoding: 'utf-8',
stdio: ['pipe', 'pipe', 'pipe']
});
if (result.error) {
throw new Error(`Failed to execute wrangler: ${result.error.message}`);
}
if (result.status !== 0) {
throw new Error(`D1 command failed with exit code ${result.status}: ${result.stderr}`);
}
return result.stdout;
} catch (error: any) {
throw new Error(`D1 command failed: ${error.message}`);
}
}
/**
* Execute SQL file using wrangler d1
* Uses spawnSync to prevent command injection
*/
function executeD1File(filePath: string, env: Environment): void {
const envFlag = env === 'remote' ? '--remote' : '--local';
const args = ['d1', 'execute', DB_NAME, envFlag, '--file', filePath];
try {
const result = spawnSync('wrangler', args, {
encoding: 'utf-8',
stdio: 'inherit'
});
if (result.error) {
throw new Error(`Failed to execute wrangler: ${result.error.message}`);
}
if (result.status !== 0) {
throw new Error(`Migration file execution failed with exit code ${result.status}`);
}
} catch (error: any) {
throw new Error(`Migration file execution failed: ${error.message}`);
}
}
/**
* Get list of applied migrations from database
*/
function getAppliedMigrations(env: Environment): Set<string> {
try {
const sql = `SELECT migration_name FROM ${MIGRATION_HISTORY_TABLE} WHERE success = 1`;
const output = executeD1Command(sql, env);
const migrations = new Set<string>();
const lines = output.split('\n');
for (const line of lines) {
const trimmed = line.trim();
if (trimmed && !trimmed.includes('migration_name') && !trimmed.includes('─')) {
migrations.add(trimmed);
}
}
return migrations;
} catch (error: any) {
// If table doesn't exist, return empty set
if (error.message.includes('no such table')) {
return new Set<string>();
}
throw error;
}
}
/**
* Get list of migration files from migrations directory
*/
function getMigrationFiles(): string[] {
if (!existsSync(MIGRATIONS_DIR)) {
throw new Error(`Migrations directory not found: ${MIGRATIONS_DIR}`);
}
const files = readdirSync(MIGRATIONS_DIR)
.filter(f => f.endsWith('.sql'))
.filter(f => f !== 'README.md')
.sort(); // Alphabetical sort ensures numeric order (000, 002, 003, 004)
return files;
}
/**
* Extract migration name from filename (without .sql extension)
*/
function getMigrationName(filename: string): string {
return basename(filename, '.sql');
}
/**
* Record migration execution in history table
*/
function recordMigration(
migrationName: string,
executionTimeMs: number,
success: boolean,
errorMessage: string | null,
env: Environment
): void {
// Sanitize migration name to prevent SQL injection
const safeMigrationName = sanitizeMigrationName(migrationName);
// Escape error message (if any) to prevent SQL injection
const safeErrorMessage = errorMessage
? `'${errorMessage.replace(/'/g, "''")}'`
: 'NULL';
const sql = `
INSERT INTO ${MIGRATION_HISTORY_TABLE}
(migration_name, execution_time_ms, success, error_message)
VALUES
('${safeMigrationName}', ${executionTimeMs}, ${success ? 1 : 0}, ${safeErrorMessage})
`;
try {
executeD1Command(sql, env);
} catch (error: any) {
console.error(`[ERROR] Failed to record migration: ${error.message}`);
}
}
/**
* Execute a single migration file
*/
function executeMigration(filename: string, env: Environment): boolean {
const migrationName = getMigrationName(filename);
// Validate file path to prevent path traversal attacks
const filePath = validateFilePath(filename);
console.log(`\n[Migrate] Executing: ${migrationName}`);
console.log(`[Migrate] File: ${filename}`);
const startTime = Date.now();
try {
executeD1File(filePath, env);
const executionTime = Date.now() - startTime;
console.log(`[Migrate] ✅ Success (${executionTime}ms)`);
// Record success (only if not 000_migration_history itself)
if (migrationName !== '000_migration_history') {
recordMigration(migrationName, executionTime, true, null, env);
}
return true;
} catch (error: any) {
const executionTime = Date.now() - startTime;
const errorMessage = error.message || 'Unknown error';
console.error(`[Migrate] ❌ Failed (${executionTime}ms)`);
console.error(`[Migrate] Error: ${errorMessage}`);
// Record failure (only if not 000_migration_history itself)
if (migrationName !== '000_migration_history') {
recordMigration(migrationName, executionTime, false, errorMessage, env);
}
return false;
}
}
// ============================================================
// Main Migration Logic
// ============================================================
/**
* Run all pending migrations
*/
function runMigrations(env: Environment): void {
console.log(`\n${'='.repeat(60)}`);
console.log(`[Migrate] Database Migration Runner`);
console.log(`[Migrate] Environment: ${env}`);
console.log(`[Migrate] Database: ${DB_NAME}`);
console.log(`${'='.repeat(60)}\n`);
const allMigrations = getMigrationFiles();
console.log(`[Migrate] Found ${allMigrations.length} migration files`);
// Ensure migration history table exists first
const historyMigration = allMigrations.find(f => f.startsWith('000_migration_history'));
if (!historyMigration) {
console.error('[Migrate] ❌ Migration history table file (000_migration_history.sql) not found!');
process.exit(1);
}
// Execute history table migration first
console.log(`[Migrate] Ensuring migration tracking table exists...`);
if (!executeMigration(historyMigration, env)) {
console.error('[Migrate] ❌ Failed to create migration history table');
process.exit(1);
}
// Get applied migrations
const appliedMigrations = getAppliedMigrations(env);
console.log(`[Migrate] ${appliedMigrations.size} migrations already applied`);
// Filter pending migrations (excluding 000_migration_history)
const pendingMigrations = allMigrations
.filter(f => !f.startsWith('000_migration_history'))
.filter(f => !appliedMigrations.has(getMigrationName(f)));
if (pendingMigrations.length === 0) {
console.log('\n[Migrate] ✅ All migrations are up to date. Nothing to do.');
return;
}
console.log(`\n[Migrate] ${pendingMigrations.length} pending migrations to execute:`);
pendingMigrations.forEach(f => console.log(` - ${getMigrationName(f)}`));
// Execute each pending migration
let successCount = 0;
let failureCount = 0;
for (const filename of pendingMigrations) {
const success = executeMigration(filename, env);
if (success) {
successCount++;
} else {
failureCount++;
console.error(`\n[Migrate] ❌ Migration failed: ${filename}`);
console.error(`[Migrate] Stopping migration process.`);
break; // Stop on first failure
}
}
// Summary
console.log(`\n${'='.repeat(60)}`);
console.log(`[Migrate] Migration Summary:`);
console.log(`[Migrate] ✅ Successful: ${successCount}`);
if (failureCount > 0) {
console.log(`[Migrate] ❌ Failed: ${failureCount}`);
}
console.log(`${'='.repeat(60)}\n`);
if (failureCount > 0) {
process.exit(1);
}
}
/**
* Show migration status
*/
function showStatus(env: Environment): void {
console.log(`\n${'='.repeat(60)}`);
console.log(`[Migrate] Migration Status`);
console.log(`[Migrate] Environment: ${env}`);
console.log(`[Migrate] Database: ${DB_NAME}`);
console.log(`${'='.repeat(60)}\n`);
const allMigrations = getMigrationFiles();
console.log(`[Migrate] Total migration files: ${allMigrations.length}`);
try {
const appliedMigrations = getAppliedMigrations(env);
console.log(`[Migrate] Applied migrations: ${appliedMigrations.size}`);
// Show detailed status
console.log(`\n[Migrate] Detailed Status:\n`);
for (const filename of allMigrations) {
const migrationName = getMigrationName(filename);
const isApplied = appliedMigrations.has(migrationName);
const status = isApplied ? '✅' : '⏳';
const label = isApplied ? 'Applied' : 'Pending';
console.log(` ${status} ${migrationName.padEnd(40)} [${label}]`);
}
const pendingCount = allMigrations.length - appliedMigrations.size;
if (pendingCount > 0) {
console.log(`\n[Migrate] ⚠️ ${pendingCount} migrations pending execution`);
console.log(`[Migrate] Run 'npm run db:migrate' to apply pending migrations`);
} else {
console.log(`\n[Migrate] ✅ All migrations are up to date`);
}
} catch (error: any) {
console.error(`[Migrate] ❌ Error reading migration status: ${error.message}`);
console.error(`[Migrate] The migration_history table may not exist yet.`);
console.error(`[Migrate] Run 'npm run db:migrate' to initialize the system.`);
process.exit(1);
}
console.log(`\n${'='.repeat(60)}\n`);
}
// ============================================================
// CLI Entry Point
// ============================================================
function main(): void {
const args = process.argv.slice(2);
// Parse command
let command: Command = 'migrate';
if (args.includes('--status')) {
command = 'status';
}
// Parse environment
let env: Environment = 'local';
if (args.includes('--remote')) {
env = 'remote';
}
// Execute command
try {
if (command === 'status') {
showStatus(env);
} else {
runMigrations(env);
}
} catch (error: any) {
console.error(`\n[Migrate] ❌ Fatal error: ${error.message}`);
process.exit(1);
}
}
// Run if executed directly
if (require.main === module) {
main();
}

185
src/app.ts Normal file
View File

@@ -0,0 +1,185 @@
/**
* Hono Application Setup
*
* Configures Hono app with CORS, security headers, and routes.
*/
import { Hono } from 'hono';
import type { Context } from 'hono';
import type { Env, HonoVariables } from './types';
import { CORS, HTTP_STATUS } from './constants';
import { createLogger } from './utils/logger';
import {
requestIdMiddleware,
authMiddleware,
rateLimitMiddleware,
optionalAuthMiddleware,
} from './middleware/hono-adapters';
import { handleHealth } from './routes/health';
import { handleInstances } from './routes/instances';
import { handleSync } from './routes/sync';
const logger = createLogger('[App]');
// Create Hono app with type-safe bindings
const app = new Hono<{ Bindings: Env; Variables: HonoVariables }>();
/**
* Get CORS origin for request
* Reused from original index.ts logic
*/
function getCorsOrigin(c: Context<{ Bindings: Env; Variables: HonoVariables }>): string {
const origin = c.req.header('Origin');
const env = c.env;
// Environment variable has explicit origin configured (highest priority)
if (env.CORS_ORIGIN && env.CORS_ORIGIN !== '*') {
return env.CORS_ORIGIN;
}
// Build allowed origins list based on environment
const isDevelopment = env.ENVIRONMENT === 'development';
const allowedOrigins = isDevelopment
? [...CORS.ALLOWED_ORIGINS, ...CORS.DEVELOPMENT_ORIGINS]
: CORS.ALLOWED_ORIGINS;
// Request origin is in allowed list
if (origin && allowedOrigins.includes(origin)) {
return origin;
}
// Log unmatched origins for security monitoring
if (origin && !allowedOrigins.includes(origin)) {
const sanitizedOrigin = origin.replace(/[\r\n\t]/g, '').substring(0, 256);
logger.warn('Unmatched origin - using default', {
requested_origin: sanitizedOrigin,
environment: env.ENVIRONMENT || 'production',
default_origin: CORS.DEFAULT_ORIGIN,
});
}
// Return explicit default (no wildcard)
return CORS.DEFAULT_ORIGIN;
}
/**
* CORS middleware
* Configured dynamically based on request origin
*/
app.use('*', async (c, next) => {
// Handle OPTIONS preflight - must come before await next()
if (c.req.method === 'OPTIONS') {
const origin = getCorsOrigin(c);
c.res.headers.set('Access-Control-Allow-Origin', origin);
c.res.headers.set('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
c.res.headers.set('Access-Control-Allow-Headers', 'Content-Type, X-API-Key');
c.res.headers.set('Access-Control-Max-Age', CORS.MAX_AGE);
return c.body(null, 204);
}
await next();
// Set CORS headers after processing
const origin = getCorsOrigin(c);
c.res.headers.set('Access-Control-Allow-Origin', origin);
c.res.headers.set('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
c.res.headers.set('Access-Control-Allow-Headers', 'Content-Type, X-API-Key');
c.res.headers.set('Access-Control-Max-Age', CORS.MAX_AGE);
c.res.headers.set(
'Access-Control-Expose-Headers',
'X-RateLimit-Retry-After, Retry-After, X-Request-ID'
);
});
/**
* Request ID middleware
* Adds unique request ID for tracing
*/
app.use('*', requestIdMiddleware);
/**
* Security headers middleware
* Applied to all responses
*/
app.use('*', async (c, next) => {
await next();
// Add security headers to response
c.res.headers.set('X-Content-Type-Options', 'nosniff');
c.res.headers.set('X-Frame-Options', 'DENY');
c.res.headers.set('Strict-Transport-Security', 'max-age=31536000');
c.res.headers.set('Content-Security-Policy', "default-src 'none'");
c.res.headers.set('X-XSS-Protection', '1; mode=block');
c.res.headers.set('Referrer-Policy', 'no-referrer');
});
/**
* Environment validation middleware
* Checks required environment variables before processing
*/
app.use('*', async (c, next) => {
const required = ['API_KEY'];
const missing = required.filter((key) => !c.env[key as keyof Env]);
if (missing.length > 0) {
logger.error('Missing required environment variables', {
missing,
request_id: c.get('requestId'),
});
return c.json(
{
error: 'Service Unavailable',
message: 'Service configuration error',
},
503
);
}
return next();
});
/**
* Routes
*/
// Health check (public endpoint with optional authentication)
app.get('/health', optionalAuthMiddleware, handleHealth);
// Query instances (authenticated, rate limited)
app.get('/instances', authMiddleware, rateLimitMiddleware, handleInstances);
// Sync trigger (authenticated, rate limited)
app.post('/sync', authMiddleware, rateLimitMiddleware, handleSync);
/**
* 404 handler
*/
app.notFound((c) => {
return c.json(
{
error: 'Not Found',
path: c.req.path,
},
HTTP_STATUS.NOT_FOUND
);
});
/**
* Global error handler
*/
app.onError((err, c) => {
logger.error('Request error', {
error: err,
request_id: c.get('requestId'),
});
return c.json(
{
error: 'Internal Server Error',
},
HTTP_STATUS.INTERNAL_ERROR
);
});
export default app;

439
src/connectors/README.md
View File

@@ -1,439 +0,0 @@
# Vault Connector
TypeScript client for HashiCorp Vault integration in Cloudflare Workers.
## Features
- **Secure Credential Retrieval**: Fetch provider API credentials from Vault
- **Automatic Caching**: 1-hour TTL in-memory cache to reduce API calls
- **Comprehensive Error Handling**: Type-safe error handling with specific error codes
- **Timeout Protection**: 10-second request timeout with abort controller
- **Type Safety**: Full TypeScript support with strict typing
- **Logging**: Structured logging for debugging and monitoring
## Installation
The VaultClient is part of this project. Import it directly:
```typescript
import { VaultClient, VaultError } from './connectors/vault';
```
## Quick Start
### Basic Usage
```typescript
import { VaultClient } from './connectors/vault';
const vault = new VaultClient(
'https://vault.anvil.it.com',
'hvs.your-token-here'
);
// Retrieve credentials
const credentials = await vault.getCredentials('linode');
// Use credentials for API calls (DO NOT log sensitive data)
```
### Cloudflare Workers Integration
```typescript
export default {
async fetch(request: Request, env: Env) {
const vault = new VaultClient(env.VAULT_URL, env.VAULT_TOKEN);
try {
const creds = await vault.getCredentials('linode');
// Use credentials for API calls
} catch (error) {
if (error instanceof VaultError) {
return new Response(error.message, {
status: error.statusCode || 500
});
}
}
}
};
```
## API Reference
### VaultClient
#### Constructor
```typescript
new VaultClient(baseUrl: string, token: string)
```
**Parameters:**
- `baseUrl`: Vault server URL (e.g., `https://vault.anvil.it.com`)
- `token`: Vault authentication token (e.g., `hvs.gvtS2U0TCnGkVXlfBP7MGddi`)
#### Methods
##### `getCredentials(provider: string): Promise<VaultCredentials>`
Retrieve credentials for a provider from Vault.
**Parameters:**
- `provider`: Provider name (`linode`, `vultr`, `aws`)
**Returns:**
```typescript
{
provider: string;
api_token: string;
}
```
**Throws:**
- `VaultError` on authentication, authorization, or network failures
**Example:**
```typescript
const creds = await vault.getCredentials('linode');
```
##### `clearCache(provider?: string): void`
Clear cached credentials.
**Parameters:**
- `provider` (optional): Specific provider to clear, or omit to clear all
**Example:**
```typescript
// Clear specific provider
vault.clearCache('linode');
// Clear all cache
vault.clearCache();
```
##### `getCacheStats(): { size: number; providers: string[] }`
Get current cache statistics.
**Returns:**
```typescript
{
size: number; // Number of cached providers
providers: string[]; // List of cached provider names
}
```
**Example:**
```typescript
const stats = vault.getCacheStats();
console.log(`Cached: ${stats.size} providers`);
```
### VaultError
Custom error class for Vault operations.
**Properties:**
```typescript
{
name: 'VaultError';
message: string;
statusCode?: number; // HTTP status code
provider?: string; // Provider name that caused error
}
```
## Error Handling
### HTTP Status Codes
| Code | Meaning | Action |
|------|---------|--------|
| 401 | Invalid/expired token | Check authentication token |
| 403 | Insufficient permissions | Verify token has access to provider path |
| 404 | Provider not found | Check provider name spelling |
| 500-503 | Server error | Retry request after delay |
| 504 | Timeout | Check network connectivity |
### Error Handling Pattern
```typescript
try {
const creds = await vault.getCredentials('linode');
} catch (error) {
if (error instanceof VaultError) {
switch (error.statusCode) {
case 401:
console.error('Auth failed:', error.message);
break;
case 403:
console.error('Permission denied:', error.message);
break;
case 404:
console.error('Provider not found:', error.provider);
break;
default:
console.error('Vault error:', error.message);
}
} else {
console.error('Unexpected error:', error);
}
}
```
## Caching
### Cache Behavior
- **TTL**: 1 hour (3600 seconds)
- **Storage**: In-memory (Map)
- **Automatic**: Transparent caching on first request
- **Cache Hit**: Subsequent requests within TTL use cached data
- **Cache Miss**: Expired or cleared entries fetch from Vault
### Cache Example
```typescript
const vault = new VaultClient(url, token);
// First call - fetches from Vault
const creds1 = await vault.getCredentials('linode');
console.log('[VaultClient] Cache miss, fetching from Vault');
// Second call - uses cache (no API call)
const creds2 = await vault.getCredentials('linode');
console.log('[VaultClient] Cache hit');
// Check cache
const stats = vault.getCacheStats();
console.log(`Cached: ${stats.providers.join(', ')}`);
// Manual cache clear
vault.clearCache('linode');
```
## Configuration
### Environment Variables
Store Vault configuration in environment variables for security:
```toml
# wrangler.toml
[vars]
VAULT_URL = "https://vault.anvil.it.com"
[[env.production.vars]]
VAULT_TOKEN = "hvs.production-token"
[[env.development.vars]]
VAULT_TOKEN = "hvs.development-token"
```
### Usage with Environment Variables
```typescript
export default {
async fetch(request: Request, env: Env) {
const vault = new VaultClient(env.VAULT_URL, env.VAULT_TOKEN);
// ...
}
};
```
## Vault Server Configuration
### Secret Path Structure
Credentials are stored at:
```
secret/data/{provider}
```
Example paths:
- `secret/data/linode`
- `secret/data/vultr`
- `secret/data/aws`
### Expected Secret Format
```json
{
"data": {
"data": {
"provider": "linode",
"api_token": "your-api-token-here"
},
"metadata": {
"created_time": "2024-01-21T10:00:00Z",
"version": 1
}
}
}
```
### Required Vault Permissions
Your token must have read access to the secret paths:
```hcl
path "secret/data/linode" {
capabilities = ["read"]
}
path "secret/data/vultr" {
capabilities = ["read"]
}
path "secret/data/aws" {
capabilities = ["read"]
}
```
## Performance
### Request Timeout
- Default: 10 seconds
- Implemented via `AbortController`
- Throws `VaultError` with status code 504 on timeout
### Cache Performance
- **Cache Hit**: <1ms (memory lookup)
- **Cache Miss**: ~100-500ms (network request + parsing)
- **Memory Usage**: ~1KB per cached provider
### Optimization Tips
1. **Parallel Requests**: Fetch multiple providers in parallel
```typescript
const [linode, vultr] = await Promise.all([
vault.getCredentials('linode'),
vault.getCredentials('vultr'),
]);
```
2. **Warm Cache**: Preload frequently used providers
```typescript
// Warm cache at worker startup
await Promise.all([
vault.getCredentials('linode'),
vault.getCredentials('vultr'),
]);
```
3. **Monitor Cache**: Track cache hit rate
```typescript
const stats = vault.getCacheStats();
console.log(`Cache efficiency: ${stats.size} providers cached`);
```
## Testing
Comprehensive test suite included:
```bash
npm test vault.test.ts
```
**Test Coverage:**
- ✅ Constructor initialization
- ✅ Successful credential retrieval
- ✅ Caching behavior
- ✅ HTTP error handling (401, 403, 404, 500)
- ✅ Timeout handling
- ✅ Invalid response structure
- ✅ Missing required fields
- ✅ Network errors
- ✅ Cache management
- ✅ VaultError creation
## Logging
Structured logging for debugging:
```
[VaultClient] Initialized { baseUrl: 'https://vault.anvil.it.com' }
[VaultClient] Retrieving credentials { provider: 'linode' }
[VaultClient] Cache miss, fetching from Vault { provider: 'linode' }
[VaultClient] Credentials cached { provider: 'linode', expiresIn: '3600s' }
[VaultClient] Credentials retrieved successfully { provider: 'linode' }
```
Error logging:
```
[VaultClient] HTTP error { provider: 'linode', statusCode: 401, errorMessage: 'permission denied' }
[VaultClient] Unexpected error { provider: 'linode', error: Error(...) }
```
## Examples
See [vault.example.ts](/Users/kaffa/cloud-server/src/connectors/vault.example.ts) for comprehensive usage examples:
- Basic usage
- Environment variables
- Caching demonstration
- Cache management
- Error handling patterns
- Cloudflare Workers integration
- Parallel provider fetching
- Retry logic
## Security Best Practices
1. **Never commit tokens**: Use environment variables
2. **Rotate tokens regularly**: Update tokens periodically
3. **Use least privilege**: Grant only required Vault permissions
4. **Monitor access**: Track Vault access logs
5. **Secure transmission**: Always use HTTPS
6. **Cache clearing**: Clear cache on token rotation
## Troubleshooting
### Common Issues
#### Authentication Failed (401)
**Problem**: Invalid or expired Vault token
**Solution**:
```typescript
// Verify token format
console.log('Token:', env.VAULT_TOKEN);
// Should start with 'hvs.'
```
#### Permission Denied (403)
**Problem**: Token lacks read access to provider path
**Solution**: Update Vault policy to grant read access
#### Provider Not Found (404)
**Problem**: Provider doesn't exist in Vault
**Solution**: Verify provider name and path in Vault
#### Request Timeout (504)
**Problem**: Network connectivity or slow Vault response
**Solution**:
- Check network connectivity
- Verify Vault server is responsive
- Consider increasing timeout (requires code modification)
#### Invalid Response Structure
**Problem**: Vault response format doesn't match expected structure
**Solution**: Verify Vault secret format matches documentation
## License
Internal use only - Part of Cloud Instances API project.

56
src/connectors/aws.ts
View File

@@ -1,7 +1,7 @@
import type { RegionInput, InstanceTypeInput, InstanceFamily } from '../types';
import { VaultClient, VaultError } from './vault';
import type { Env, RegionInput, InstanceTypeInput, InstanceFamily } from '../types';
import { RateLimiter } from './base';
import { TIMEOUTS, HTTP_STATUS } from '../constants';
import { createLogger } from '../utils/logger';
/**
* AWS connector error class
@@ -56,10 +56,10 @@ interface EC2ShopResponse {
* - Rate limiting: 20 requests/second
* - Hardcoded region list (relatively static)
* - Comprehensive error handling
* - Optional AWS credentials from environment for future API integration
*
* @example
* const vault = new VaultClient(vaultUrl, vaultToken);
* const connector = new AWSConnector(vault);
* const connector = new AWSConnector(env);
* await connector.initialize();
* const regions = await connector.fetchRegions();
*/
@@ -68,6 +68,7 @@ export class AWSConnector {
private readonly instanceDataUrl = 'https://ec2.shop/?json';
private readonly rateLimiter: RateLimiter;
private readonly requestTimeout = TIMEOUTS.AWS_REQUEST;
private readonly logger = createLogger('[AWSConnector]');
/**
* AWS regions list (relatively static data)
@@ -105,42 +106,27 @@ export class AWSConnector {
{ code: 'il-central-1', name: 'Israel (Tel Aviv)' },
];
constructor(private vaultClient: VaultClient) {
constructor(private env: Env) {
// Rate limit: 20 requests/second per region
// Use 10 tokens with 10/second refill to be conservative
this.rateLimiter = new RateLimiter(20, 10);
console.log('[AWSConnector] Initialized');
this.logger.info('Initialized');
}
/**
* Initialize connector by fetching credentials from Vault
* Note: Currently not required for public API access,
* Initialize connector by loading credentials from environment
* Note: Currently not required for public API access (ec2.shop),
* but included for future AWS API integration
*/
async initialize(): Promise<void> {
console.log('[AWSConnector] Fetching credentials from Vault');
this.logger.info('Loading credentials from environment');
try {
const credentials = await this.vaultClient.getCredentials(this.provider);
// AWS uses different credential keys
const awsCreds = credentials as unknown as {
aws_access_key_id?: string;
aws_secret_access_key?: string;
};
// Credentials loaded for future AWS API direct access
console.log('[AWSConnector] Credentials loaded successfully', {
hasAccessKey: !!awsCreds.aws_access_key_id,
hasSecretKey: !!awsCreds.aws_secret_access_key,
});
} catch (error) {
if (error instanceof VaultError) {
console.warn('[AWSConnector] Vault credentials not available, using public API only');
// Not critical for public API access
// AWS credentials are optional since we use public ec2.shop API
// They would be required for direct AWS API access
if (this.env.AWS_ACCESS_KEY_ID && this.env.AWS_SECRET_ACCESS_KEY) {
this.logger.info('AWS credentials available for future API access');
} else {
throw error;
}
this.logger.info('Using public ec2.shop API (no AWS credentials required)');
}
}
@@ -151,7 +137,7 @@ export class AWSConnector {
* @returns Array of AWS regions
*/
async fetchRegions(): Promise<AWSRegion[]> {
console.log('[AWSConnector] Fetching regions', { count: this.awsRegions.length });
this.logger.info('Fetching regions', { count: this.awsRegions.length });
return this.awsRegions;
}
@@ -162,7 +148,7 @@ export class AWSConnector {
* @throws AWSError on API failures
*/
async fetchInstanceTypes(): Promise<AWSInstanceType[]> {
console.log('[AWSConnector] Fetching instance types from ec2.shop');
this.logger.info('Fetching instance types from ec2.shop');
await this.rateLimiter.waitForToken();
@@ -190,13 +176,13 @@ export class AWSConnector {
const data = await response.json() as EC2ShopResponse;
const instances = data.Prices || [];
console.log('[AWSConnector] Instance types fetched', { count: instances.length });
this.logger.info('Instance types fetched', { count: instances.length });
return instances;
} catch (error) {
// Handle timeout
if (error instanceof Error && error.name === 'AbortError') {
console.error('[AWSConnector] Request timeout', { timeout: this.requestTimeout });
this.logger.error('Request timeout', { timeout: this.requestTimeout });
throw new AWSError(
`Request to ec2.shop API timed out after ${this.requestTimeout}ms`,
504
@@ -209,7 +195,7 @@ export class AWSConnector {
}
// Handle unexpected errors
console.error('[AWSConnector] Unexpected error', { error });
this.logger.error('Unexpected error', { error });
throw new AWSError(
`Failed to fetch instance types: ${error instanceof Error ? error.message : 'Unknown error'}`,
HTTP_STATUS.INTERNAL_ERROR,
@@ -515,7 +501,7 @@ export class AWSConnector {
}
// Default to general for unknown types
console.warn('[AWSConnector] Unknown instance family, defaulting to general', { type: instanceType });
this.logger.warn('Unknown instance family, defaulting to general', { type: instanceType });
return 'general';
}
}

128
src/connectors/base.ts
View File

@@ -1,5 +1,4 @@
import type { VaultClient } from './vault';
import type { VaultCredentials, RegionInput, InstanceTypeInput } from '../types';
import type { RegionInput, InstanceTypeInput } from '../types';
import { logger } from '../utils/logger';
/**
@@ -123,126 +122,7 @@ export class RateLimiter {
}
/**
* CloudConnector - Abstract base class for cloud provider connectors
*
* Implements common authentication, rate limiting, and data fetching patterns.
* Each provider (Linode, Vultr, etc.) extends this class and implements
* provider-specific API calls and data normalization.
*
* @abstract
*
* @example
* class LinodeConnector extends CloudConnector {
* provider = 'linode';
*
* async fetchRegions() {
* await this.rateLimiter.waitForToken();
* // Fetch regions from Linode API
* }
*
* normalizeRegion(raw: RawRegion): RegionInput {
* // Transform Linode region data to standard format
* }
* }
* Note: CloudConnector base class has been deprecated.
* Each connector now uses Env directly for credentials instead of Vault.
* See LinodeConnector, VultrConnector, AWSConnector for current implementation patterns.
*/
export abstract class CloudConnector {
/**
* Provider identifier (e.g., 'linode', 'vultr', 'aws')
* Must be implemented by subclass
*/
abstract provider: string;
/**
* Cached credentials from Vault
* Populated after calling authenticate()
*/
protected credentials: VaultCredentials | null = null;
/**
* Rate limiter for API requests
* Configured with provider-specific limits
*/
protected rateLimiter: RateLimiter;
/**
* Create a new cloud connector
*
* @param vault - VaultClient instance for credential management
*/
constructor(protected vault: VaultClient) {
// Default rate limiter: 10 requests, refill 2 per second
this.rateLimiter = new RateLimiter(10, 2);
}
/**
* Authenticate with provider using Vault credentials
* Fetches and caches credentials for API calls
*
* @throws ConnectorError if authentication fails
*/
async authenticate(): Promise<void> {
try {
logger.info('[CloudConnector] Authenticating', { provider: this.provider });
this.credentials = await this.vault.getCredentials(this.provider);
if (!this.credentials || !this.credentials.api_token) {
throw new ConnectorError(
this.provider,
'authenticate',
undefined,
'Invalid credentials received from Vault'
);
}
logger.info('[CloudConnector] Authentication successful', { provider: this.provider });
} catch (error) {
logger.error('[CloudConnector] Authentication failed', { provider: this.provider, error });
throw new ConnectorError(
this.provider,
'authenticate',
undefined,
`Authentication failed: ${error instanceof Error ? error.message : 'Unknown error'}`
);
}
}
/**
* Fetch raw region data from provider API
* Must be implemented by subclass
*
* @returns Array of raw region objects from provider API
* @throws ConnectorError on API failure
*/
abstract fetchRegions(): Promise<RawRegion[]>;
/**
* Fetch raw instance type data from provider API
* Must be implemented by subclass
*
* @returns Array of raw instance type objects from provider API
* @throws ConnectorError on API failure
*/
abstract fetchInstanceTypes(): Promise<RawInstanceType[]>;
/**
* Normalize raw region data to standard format
* Transforms provider-specific region structure to RegionInput
* Must be implemented by subclass
*
* @param raw - Raw region data from provider API
* @returns Normalized region data ready for database insertion
*/
abstract normalizeRegion(raw: RawRegion): RegionInput;
/**
* Normalize raw instance type data to standard format
* Transforms provider-specific instance structure to InstanceTypeInput
* Must be implemented by subclass
*
* @param raw - Raw instance type data from provider API
* @returns Normalized instance type data ready for database insertion
*/
abstract normalizeInstance(raw: RawInstanceType): InstanceTypeInput;
}

527
src/connectors/linode.README.md
View File

@@ -1,527 +0,0 @@
# Linode Connector
TypeScript client for Linode API integration in Cloudflare Workers.
## Features
- **Complete API Coverage**: Fetch regions and instance types
- **Rate Limiting**: Automatic compliance with Linode's 1600 requests/hour limit
- **Data Normalization**: Transform Linode data to standardized database format
- **Comprehensive Error Handling**: Type-safe error handling with specific codes
- **Vault Integration**: Secure credential management via VaultClient
- **Timeout Protection**: 10-second request timeout with abort controller
- **Type Safety**: Full TypeScript support with strict typing
- **Logging**: Structured logging for debugging and monitoring
## Installation
The LinodeConnector is part of this project. Import it directly:
```typescript
import { LinodeConnector, LinodeError } from './connectors/linode';
import { VaultClient } from './connectors/vault';
```
## Quick Start
### Basic Usage
```typescript
import { VaultClient } from './connectors/vault';
import { LinodeConnector } from './connectors/linode';
const vault = new VaultClient(
'https://vault.anvil.it.com',
'hvs.your-token-here'
);
const connector = new LinodeConnector(vault);
// Initialize (fetches credentials from Vault)
await connector.initialize();
// Fetch regions
const regions = await connector.fetchRegions();
// Fetch instance types
const instances = await connector.fetchInstanceTypes();
```
### Data Normalization
```typescript
const providerId = 1; // Database provider ID
// Normalize regions for database storage
const normalizedRegions = regions.map(region =>
connector.normalizeRegion(region, providerId)
);
// Normalize instance types for database storage
const normalizedInstances = instances.map(instance =>
connector.normalizeInstance(instance, providerId)
);
```
## API Reference
### LinodeConnector
#### Constructor
```typescript
new LinodeConnector(vaultClient: VaultClient)
```
**Parameters:**
- `vaultClient`: Initialized VaultClient instance for credential retrieval
#### Properties
```typescript
readonly provider = 'linode';
```
#### Methods
##### `initialize(): Promise<void>`
Initialize connector by fetching credentials from Vault. **Must be called before making API requests.**
**Throws:**
- `LinodeError` on Vault or credential loading failures
**Example:**
```typescript
await connector.initialize();
```
##### `fetchRegions(): Promise<LinodeRegion[]>`
Fetch all regions from Linode API.
**Returns:**
- Array of raw Linode region data
**Throws:**
- `LinodeError` on API failures
**Example:**
```typescript
const regions = await connector.fetchRegions();
console.log(`Fetched ${regions.length} regions`);
```
##### `fetchInstanceTypes(): Promise<LinodeInstanceType[]>`
Fetch all instance types from Linode API.
**Returns:**
- Array of raw Linode instance type data
**Throws:**
- `LinodeError` on API failures
**Example:**
```typescript
const instances = await connector.fetchInstanceTypes();
console.log(`Fetched ${instances.length} instance types`);
```
##### `normalizeRegion(raw: LinodeRegion, providerId: number): RegionInput`
Normalize Linode region data for database storage.
**Parameters:**
- `raw`: Raw Linode region data
- `providerId`: Database provider ID
**Returns:**
- Normalized region data ready for insertion
**Example:**
```typescript
const normalized = connector.normalizeRegion(rawRegion, 1);
```
**Normalization Details:**
- `region_code`: Linode region ID (e.g., "us-east")
- `region_name`: Human-readable name (e.g., "Newark, NJ")
- `country_code`: ISO 3166-1 alpha-2 lowercase
- `latitude/longitude`: Not provided by Linode (set to null)
- `available`: 1 if status is "ok", 0 otherwise
##### `normalizeInstance(raw: LinodeInstanceType, providerId: number): InstanceTypeInput`
Normalize Linode instance type data for database storage.
**Parameters:**
- `raw`: Raw Linode instance type data
- `providerId`: Database provider ID
**Returns:**
- Normalized instance type data ready for insertion
**Example:**
```typescript
const normalized = connector.normalizeInstance(rawInstance, 1);
```
**Normalization Details:**
- `memory_mb`: Already in MB (no conversion)
- `storage_gb`: Converted from MB to GB (divide by 1024)
- `transfer_tb`: Converted from GB to TB (divide by 1000)
- `network_speed_gbps`: Converted from Mbps to Gbps (divide by 1000)
- `gpu_type`: Set to "nvidia" if GPUs > 0
- `instance_family`: Mapped from Linode class (see mapping below)
### LinodeError
Custom error class for Linode operations.
**Properties:**
```typescript
{
name: 'LinodeError';
message: string;
statusCode?: number; // HTTP status code
details?: unknown; // Additional error details from API
}
```
## Instance Family Mapping
Linode instance classes are mapped to standardized families:
| Linode Class | Instance Family | Description |
|--------------|----------------|-------------|
| `nanode` | `general` | Entry-level shared instances |
| `standard` | `general` | Standard shared instances |
| `highmem` | `memory` | High-memory optimized instances |
| `dedicated` | `compute` | Dedicated CPU instances |
| `gpu` | `gpu` | GPU-accelerated instances |
| Unknown | `general` | Default fallback |
## Rate Limiting
### Linode API Limits
- **Rate Limit**: 1600 requests per hour
- **Requests Per Second**: ~0.44 (calculated from hourly limit)
- **Implementation**: Conservative 0.4 requests/second
### How It Works
The connector automatically throttles requests to comply with Linode's rate limits:
```typescript
// These requests are automatically rate-limited
await connector.fetchRegions(); // Request 1 at 0ms
await connector.fetchInstanceTypes(); // Request 2 at 2500ms
await connector.fetchRegions(); // Request 3 at 5000ms
```
**Benefits:**
- No manual rate limiting required
- Prevents 429 "Too Many Requests" errors
- Ensures API access remains available
- Transparent to the caller
## Error Handling
### HTTP Status Codes
| Code | Meaning | Action |
|------|---------|--------|
| 401 | Invalid/expired token | Check API token in Vault |
| 403 | Insufficient permissions | Verify token scope |
| 429 | Rate limit exceeded | Wait and retry (should not occur with rate limiter) |
| 500-599 | Server error | Retry request after delay |
| 504 | Timeout | Check network connectivity |
### Error Handling Pattern
```typescript
try {
await connector.initialize();
const regions = await connector.fetchRegions();
} catch (error) {
if (error instanceof LinodeError) {
switch (error.statusCode) {
case 401:
console.error('Auth failed:', error.message);
// Check Vault credentials
break;
case 403:
console.error('Permission denied:', error.message);
// Verify token permissions
break;
case 429:
console.error('Rate limit exceeded:', error.message);
// Should not occur with rate limiter, but handle gracefully
break;
case 504:
console.error('Timeout:', error.message);
// Check network or retry
break;
default:
console.error('Linode error:', error.message);
console.error('Details:', error.details);
}
} else {
console.error('Unexpected error:', error);
}
}
```
## Cloudflare Workers Integration
### Complete Example
```typescript
import { VaultClient } from './connectors/vault';
import { LinodeConnector, LinodeError } from './connectors/linode';
import type { Env } from './types';
export default {
async fetch(request: Request, env: Env) {
const vault = new VaultClient(env.VAULT_URL, env.VAULT_TOKEN);
const connector = new LinodeConnector(vault);
try {
// Initialize
await connector.initialize();
// Fetch data in parallel
const [regions, instances] = await Promise.all([
connector.fetchRegions(),
connector.fetchInstanceTypes(),
]);
// Normalize data
const providerId = 1;
const normalizedData = {
regions: regions.map(r => connector.normalizeRegion(r, providerId)),
instances: instances.map(i => connector.normalizeInstance(i, providerId)),
};
return new Response(JSON.stringify({
success: true,
data: normalizedData,
}), {
status: 200,
headers: { 'Content-Type': 'application/json' },
});
} catch (error) {
if (error instanceof LinodeError) {
return new Response(JSON.stringify({
success: false,
error: error.message,
}), {
status: error.statusCode || 500,
headers: { 'Content-Type': 'application/json' },
});
}
return new Response('Internal server error', { status: 500 });
}
}
};
```
## Vault Configuration
### Secret Path
Linode credentials are stored at:
```
secret/data/linode
```
### Expected Secret Format
```json
{
"data": {
"data": {
"provider": "linode",
"api_token": "your-linode-api-token-here"
},
"metadata": {
"created_time": "2024-01-21T10:00:00Z",
"version": 1
}
}
}
```
### Required Vault Permissions
```hcl
path "secret/data/linode" {
capabilities = ["read"]
}
```
## API Response Examples
### Region Response
```json
{
"data": [
{
"id": "us-east",
"label": "Newark, NJ",
"country": "us",
"capabilities": ["Linodes", "Block Storage"],
"status": "ok"
}
]
}
```
### Instance Type Response
```json
{
"data": [
{
"id": "g6-nanode-1",
"label": "Nanode 1GB",
"price": {
"hourly": 0.0075,
"monthly": 5.0
},
"memory": 1024,
"vcpus": 1,
"disk": 25600,
"transfer": 1000,
"network_out": 1000,
"gpus": 0,
"class": "nanode"
}
]
}
```
## Performance
### Request Timing
- **Rate Limiter**: ~2.5 seconds between requests (0.4 req/s)
- **API Response**: ~100-500ms per request
- **Timeout**: 10 seconds maximum per request
### Optimization Tips
1. **Parallel Initialization**: Warm Vault cache during startup
```typescript
// Pre-load credentials during worker startup
await connector.initialize();
```
2. **Batch Processing**: Process normalized data in batches
```typescript
const normalizedRegions = regions.map(r =>
connector.normalizeRegion(r, providerId)
);
```
3. **Error Recovery**: Implement retry logic for transient failures
```typescript
async function fetchWithRetry(fn: () => Promise<any>, retries = 3) {
for (let i = 0; i < retries; i++) {
try {
return await fn();
} catch (error) {
if (i === retries - 1) throw error;
await new Promise(resolve => setTimeout(resolve, 1000 * (i + 1)));
}
}
}
```
## Logging
Structured logging for debugging:
```
[LinodeConnector] Initialized
[LinodeConnector] Fetching credentials from Vault
[LinodeConnector] Credentials loaded successfully
[LinodeConnector] Fetching regions
[LinodeConnector] Making request { endpoint: '/regions' }
[LinodeConnector] Regions fetched { count: 25 }
[LinodeConnector] Fetching instance types
[LinodeConnector] Making request { endpoint: '/linode/types' }
[LinodeConnector] Instance types fetched { count: 50 }
```
Error logging:
```
[LinodeConnector] HTTP error { statusCode: 401, errorMessage: 'Invalid token' }
[LinodeConnector] Request timeout { endpoint: '/regions', timeout: 10000 }
[LinodeConnector] Unexpected error { endpoint: '/regions', error: Error(...) }
```
## Examples
See [linode.example.ts](/Users/kaffa/cloud-server/src/connectors/linode.example.ts) for comprehensive usage examples:
- Basic usage
- Data normalization
- Error handling patterns
- Cloudflare Workers integration
- Rate limiting demonstration
- Instance family mapping
## Security Best Practices
1. **Never commit tokens**: Store API tokens in Vault
2. **Rotate tokens regularly**: Update tokens periodically
3. **Use least privilege**: Grant only required API permissions
4. **Monitor access**: Track API usage and rate limits
5. **Secure transmission**: Always use HTTPS
6. **Cache credentials**: VaultClient handles credential caching
## Troubleshooting
### Connector Not Initialized
**Problem**: "Connector not initialized" error
**Solution**: Call `initialize()` before making API requests
```typescript
await connector.initialize();
```
### Rate Limit Exceeded (429)
**Problem**: Too many requests error
**Solution**: Should not occur with rate limiter, but if it does:
- Check if multiple connector instances are being used
- Verify rate limiter is functioning correctly
- Add additional delay between requests if needed
### Request Timeout (504)
**Problem**: Requests timing out after 10 seconds
**Solution**:
- Check network connectivity
- Verify Linode API status
- Consider increasing timeout (requires code modification)
### Invalid Instance Family
**Problem**: Warning about unknown instance class
**Solution**: Update `mapInstanceFamily()` method with new class mapping
## License
Internal use only - Part of Cloud Instances API project.

29
src/connectors/linode.ts
View File

@@ -1,5 +1,4 @@
import type { Env, RegionInput, InstanceTypeInput, InstanceFamily, GpuInstanceInput, G8InstanceInput, VpuInstanceInput } from '../types';
import { VaultClient, VaultError } from './vault';
import { RateLimiter } from './base';
import { createLogger } from '../utils/logger';
import { HTTP_STATUS } from '../constants';
@@ -60,11 +59,11 @@ interface LinodeApiResponse<T> {
* - Rate limiting: 1600 requests/hour
* - Data normalization for database storage
* - Comprehensive error handling
* - Vault integration for credentials
* - Credentials from environment variables
*
* @example
* const vault = new VaultClient(vaultUrl, vaultToken);
* const connector = new LinodeConnector(vault);
* const connector = new LinodeConnector(env);
* await connector.initialize();
* const regions = await connector.fetchRegions();
*/
export class LinodeConnector {
@@ -75,7 +74,7 @@ export class LinodeConnector {
private readonly logger: ReturnType<typeof createLogger>;
private apiToken: string | null = null;
constructor(private vaultClient: VaultClient, env?: Env) {
constructor(private env: Env) {
// Rate limit: 1600 requests/hour = ~0.44 requests/second
// Token bucket: maxTokens=5 (allow burst), refillRate=0.5 (conservative)
this.rateLimiter = new RateLimiter(5, 0.5);
@@ -84,25 +83,21 @@ export class LinodeConnector {
}
/**
* Initialize connector by fetching credentials from Vault
* Initialize connector by loading credentials from environment
* Must be called before making API requests
*/
async initialize(): Promise<void> {
this.logger.info('Fetching credentials from Vault');
this.logger.info('Loading credentials from environment');
try {
const credentials = await this.vaultClient.getCredentials(this.provider);
this.apiToken = credentials.api_token || null;
this.logger.info('Credentials loaded successfully');
} catch (error) {
if (error instanceof VaultError) {
if (!this.env.LINODE_API_TOKEN) {
throw new LinodeError(
`Failed to load Linode credentials: ${error.message}`,
error.statusCode
'LINODE_API_TOKEN not found in environment',
HTTP_STATUS.INTERNAL_ERROR
);
}
throw error;
}
this.apiToken = this.env.LINODE_API_TOKEN;
this.logger.info('Credentials loaded successfully');
}
/**

286
src/connectors/vault.ts
View File

@@ -1,286 +0,0 @@
import type { Env, VaultCredentials, VaultSecretResponse, CacheEntry } from '../types';
import { createLogger } from '../utils/logger';
import { HTTP_STATUS } from '../constants';
/**
* Custom error class for Vault operations
*/
export class VaultError extends Error {
constructor(
message: string,
public statusCode?: number,
public provider?: string
) {
super(message);
this.name = 'VaultError';
}
}
/**
* VaultClient - Manages secure credential retrieval from HashiCorp Vault
*
* Features:
* - In-memory caching with TTL (1 hour)
* - Automatic cache invalidation
* - Comprehensive error handling
* - Type-safe credential access
*
* @example
* const vault = new VaultClient('https://vault.anvil.it.com', token);
* const creds = await vault.getCredentials('linode');
*/
export class VaultClient {
private baseUrl: string;
private token: string;
private cache: Map<string, CacheEntry<VaultCredentials>>;
private readonly CACHE_TTL = 3600 * 1000; // 1 hour in milliseconds
private readonly REQUEST_TIMEOUT = 10000; // 10 seconds
private readonly logger: ReturnType<typeof createLogger>;
constructor(baseUrl: string, token: string, env?: Env) {
this.baseUrl = baseUrl.replace(/\/$/, ''); // Remove trailing slash
this.token = token;
this.cache = new Map();
this.logger = createLogger('[VaultClient]', env);
this.logger.info('Initialized', { baseUrl: this.baseUrl });
}
/**
* Retrieve credentials for a provider from Vault
* Implements caching to reduce API calls
*
* @param provider - Provider name (linode, vultr, aws)
* @returns Provider credentials with API token
* @throws VaultError on authentication, authorization, or network failures
*/
async getCredentials(provider: string): Promise<VaultCredentials> {
this.logger.info('Retrieving credentials', { provider });
// Check cache first
const cached = this.getFromCache(provider);
if (cached) {
this.logger.debug('Cache hit', { provider });
return cached;
}
this.logger.debug('Cache miss, fetching from Vault', { provider });
// Fetch from Vault
const path = `secret/data/${provider}`;
const url = `${this.baseUrl}/v1/${path}`;
try {
const controller = new AbortController();
const timeoutId = setTimeout(() => controller.abort(), this.REQUEST_TIMEOUT);
const response = await fetch(url, {
method: 'GET',
headers: {
'X-Vault-Token': this.token,
'Content-Type': 'application/json',
},
signal: controller.signal,
});
clearTimeout(timeoutId);
// Handle HTTP errors
if (!response.ok) {
await this.handleHttpError(response, provider);
}
// Parse and validate response
const data = await response.json() as VaultSecretResponse;
if (!this.isValidVaultResponse(data)) {
throw new VaultError(
`Invalid response structure from Vault for provider: ${provider}`,
HTTP_STATUS.INTERNAL_ERROR,
provider
);
}
const vaultData = data.data.data;
const credentials: VaultCredentials = {
provider: provider,
api_token: vaultData.api_token, // Linode
api_key: vaultData.api_key, // Vultr
aws_access_key_id: vaultData.aws_access_key_id, // AWS
aws_secret_access_key: vaultData.aws_secret_access_key, // AWS
};
// Validate credentials content based on provider
const hasValidCredentials =
credentials.api_token || // Linode
credentials.api_key || // Vultr
(credentials.aws_access_key_id && credentials.aws_secret_access_key); // AWS
if (!hasValidCredentials) {
throw new VaultError(
`Missing credentials in Vault response for provider: ${provider}`,
HTTP_STATUS.INTERNAL_ERROR,
provider
);
}
// Store in cache
this.setCache(provider, credentials);
this.logger.info('Credentials retrieved successfully', { provider });
return credentials;
} catch (error) {
// Handle timeout
if (error instanceof Error && error.name === 'AbortError') {
this.logger.error('Request timeout', { provider, timeout_ms: this.REQUEST_TIMEOUT });
throw new VaultError(
`Request to Vault timed out after ${this.REQUEST_TIMEOUT}ms`,
504,
provider
);
}
// Re-throw VaultError
if (error instanceof VaultError) {
throw error;
}
// Handle unexpected errors
this.logger.error('Unexpected error', { provider, error: error instanceof Error ? error.message : String(error) });
throw new VaultError(
`Failed to retrieve credentials: ${error instanceof Error ? error.message : 'Unknown error'}`,
HTTP_STATUS.INTERNAL_ERROR,
provider
);
}
}
/**
* Handle HTTP error responses from Vault
* This method always throws a VaultError
*/
private async handleHttpError(response: Response, provider: string): Promise<never> {
const statusCode = response.status;
let errorMessage: string;
try {
const errorData = await response.json() as { errors?: string[] };
errorMessage = errorData.errors?.join(', ') || response.statusText;
} catch {
errorMessage = response.statusText;
}
this.logger.error('HTTP error', { provider, statusCode, errorMessage });
// Always throw an error - TypeScript knows execution stops here
if (statusCode === 401) {
throw new VaultError(
'Vault authentication failed: Invalid or expired token',
401,
provider
);
} else if (statusCode === 403) {
throw new VaultError(
`Vault authorization failed: No permission to access ${provider} credentials`,
403,
provider
);
} else if (statusCode === 404) {
throw new VaultError(
`Provider not found in Vault: ${provider}`,
404,
provider
);
} else if (statusCode >= 500 && statusCode < 600) {
throw new VaultError(
`Vault server error: ${errorMessage}`,
statusCode,
provider
);
} else {
throw new VaultError(
`Vault request failed: ${errorMessage}`,
statusCode,
provider
);
}
}
/**
* Type guard to validate Vault API response structure
*/
private isValidVaultResponse(data: unknown): data is VaultSecretResponse {
if (typeof data !== 'object' || data === null) {
return false;
}
const response = data as VaultSecretResponse;
return (
typeof response.data === 'object' &&
response.data !== null &&
typeof response.data.data === 'object' &&
response.data.data !== null
);
}
/**
* Retrieve credentials from cache if not expired
*/
private getFromCache(provider: string): VaultCredentials | null {
const entry = this.cache.get(provider);
if (!entry) {
return null;
}
// Check if cache entry expired
if (Date.now() > entry.expiresAt) {
this.logger.debug('Cache entry expired', { provider });
this.cache.delete(provider);
return null;
}
return entry.data;
}
/**
* Store credentials in cache with TTL
*/
private setCache(provider: string, credentials: VaultCredentials): void {
const entry: CacheEntry<VaultCredentials> = {
data: credentials,
expiresAt: Date.now() + this.CACHE_TTL,
};
this.cache.set(provider, entry);
this.logger.debug('Credentials cached', {
provider,
expiresIn_seconds: this.CACHE_TTL / 1000
});
}
/**
* Clear cache for a specific provider or all providers
*/
clearCache(provider?: string): void {
if (provider) {
this.cache.delete(provider);
this.logger.info('Cache cleared', { provider });
} else {
this.cache.clear();
this.logger.info('All cache cleared');
}
}
/**
* Get cache statistics
*/
getCacheStats(): { size: number; providers: string[] } {
return {
size: this.cache.size,
providers: Array.from(this.cache.keys()),
};
}
}

41
src/connectors/vultr.ts
View File

@@ -1,5 +1,4 @@
import type { Env, RegionInput, InstanceTypeInput, InstanceFamily, GpuInstanceInput } from '../types';
import { VaultClient, VaultError } from './vault';
import { RateLimiter } from './base';
import { createLogger } from '../utils/logger';
import { HTTP_STATUS } from '../constants';
@@ -53,18 +52,18 @@ interface VultrApiResponse<T> {
* - Rate limiting: 3000 requests/hour
* - Data normalization for database storage
* - Comprehensive error handling
* - Vault integration for credentials
* - Credentials from environment variables
*
* @example
* const vault = new VaultClient(vaultUrl, vaultToken);
* const connector = new VultrConnector(vault);
* const connector = new VultrConnector(env);
* await connector.initialize();
* const regions = await connector.fetchRegions();
*
* @example
* // Using custom relay URL
* const connector = new VultrConnector(vault, 'https://custom-relay.example.com');
* const connector = new VultrConnector(env, 'https://custom-relay.example.com');
*
* @param vaultClient - Vault client for credential management
* @param env - Environment with credentials
* @param relayUrl - Optional relay server URL (defaults to 'https://vultr-relay.anvil.it.com')
*/
export class VultrConnector {
@@ -76,9 +75,8 @@ export class VultrConnector {
private apiKey: string | null = null;
constructor(
private vaultClient: VaultClient,
relayUrl?: string,
env?: Env
private env: Env,
relayUrl?: string
) {
// Use relay server by default, allow override via parameter or environment variable
// Relay server mirrors Vultr API structure: /v2/regions, /v2/plans
@@ -92,36 +90,21 @@ export class VultrConnector {
}
/**
* Initialize connector by fetching credentials from Vault
* Initialize connector by loading credentials from environment
* Must be called before making API requests
*/
async initialize(): Promise<void> {
this.logger.info('Fetching credentials from Vault');
this.logger.info('Loading credentials from environment');
try {
const credentials = await this.vaultClient.getCredentials(this.provider);
// Vultr uses 'api_key' field (unlike Linode which uses 'api_token')
const apiKey = credentials.api_key || null;
if (!apiKey || apiKey.trim() === '') {
if (!this.env.VULTR_API_KEY) {
throw new VultrError(
'Vultr API key is missing or empty. Please configure api_key in Vault.',
'VULTR_API_KEY not found in environment',
HTTP_STATUS.INTERNAL_ERROR
);
}
this.apiKey = apiKey;
this.apiKey = this.env.VULTR_API_KEY;
this.logger.info('Credentials loaded successfully');
} catch (error) {
if (error instanceof VaultError) {
throw new VultrError(
`Failed to load Vultr credentials: ${error.message}`,
error.statusCode
);
}
throw error;
}
}
/**

55
src/constants.ts
View File

@@ -129,22 +129,32 @@ export const TABLES = {
// ============================================================
/**
* Valid sort fields for instance queries
* Mapping of user-facing sort field names to database column names
*
* This is the single source of truth for sort field validation and mapping.
* Query aliases: it=instance_types, pr=pricing, p=providers, r=regions
*/
export const VALID_SORT_FIELDS = [
'price',
'hourly_price',
'monthly_price',
'vcpu',
'memory_mb',
'memory_gb',
'storage_gb',
'instance_name',
'provider',
'region',
] as const;
export const SORT_FIELD_MAP: Record<string, string> = {
price: 'pr.hourly_price',
hourly_price: 'pr.hourly_price',
monthly_price: 'pr.monthly_price',
vcpu: 'it.vcpu',
memory: 'it.memory_mb',
memory_mb: 'it.memory_mb',
memory_gb: 'it.memory_mb', // Note: memory_gb is converted to memory_mb at query level
storage_gb: 'it.storage_gb',
name: 'it.instance_name',
instance_name: 'it.instance_name',
provider: 'p.name',
region: 'r.region_code',
} as const;
export type ValidSortField = typeof VALID_SORT_FIELDS[number];
/**
* Valid sort fields for instance queries (derived from SORT_FIELD_MAP)
*/
export const VALID_SORT_FIELDS = Object.keys(SORT_FIELD_MAP) as ReadonlyArray<string>;
export type ValidSortField = keyof typeof SORT_FIELD_MAP;
/**
* Valid sort orders
@@ -165,19 +175,22 @@ export type InstanceFamily = typeof INSTANCE_FAMILIES[number];
/**
* CORS configuration
*
* NOTE: localhost origin is included for development purposes.
* In production, filter allowed origins based on environment.
* Example: const allowedOrigins = CORS.ALLOWED_ORIGINS.filter(o => !o.includes('localhost'))
* Security: Explicit allowed origins only. No wildcard fallback.
* Development origins are separated and only used in development environment.
*/
export const CORS = {
/** Default CORS origin */
DEFAULT_ORIGIN: '*',
/** Allowed origins for CORS */
/** Default CORS origin - explicit production origin */
DEFAULT_ORIGIN: 'https://anvil.it.com',
/** Allowed production origins for CORS */
ALLOWED_ORIGINS: [
'https://anvil.it.com',
'https://cloud.anvil.it.com',
'https://hosting.anvil.it.com',
'http://localhost:3000', // DEVELOPMENT ONLY - exclude in production
] as string[],
/** Development origins - only used when ENVIRONMENT === 'development' */
DEVELOPMENT_ORIGINS: [
'http://localhost:3000',
'http://127.0.0.1:3000',
] as string[],
/** Max age for CORS preflight cache (24 hours) */
MAX_AGE: '86400',

287
src/index.ts
View File

@@ -5,177 +5,77 @@
*/
import { Env } from './types';
import { handleSync, handleInstances, handleHealth, handleRecommend } from './routes';
import {
authenticateRequest,
verifyApiKey,
createUnauthorizedResponse,
checkRateLimit,
createRateLimitResponse,
} from './middleware';
import { CORS, HTTP_STATUS } from './constants';
import app from './app';
import { createLogger } from './utils/logger';
import { VaultClient } from './connectors/vault';
import { SyncOrchestrator } from './services/sync';
/**
* Validate required environment variables
* Generic retry helper with exponential backoff
* Executes an operation with automatic retry on failure
*/
function validateEnv(env: Env): { valid: boolean; missing: string[] } {
const required = ['API_KEY'];
const missing = required.filter(key => !env[key as keyof Env]);
return { valid: missing.length === 0, missing };
async function executeWithRetry<T>(
operation: () => Promise<T>,
options: {
maxRetries: number;
operationName: string;
logger: ReturnType<typeof createLogger>;
}
): Promise<T> {
const { maxRetries, operationName, logger } = options;
/**
* Get CORS origin for request
*/
function getCorsOrigin(request: Request, env: Env): string {
const origin = request.headers.get('Origin');
// Environment variable has explicit origin configured (highest priority)
if (env.CORS_ORIGIN && env.CORS_ORIGIN !== '*') {
return env.CORS_ORIGIN;
}
// Request origin is in allowed list
if (origin && CORS.ALLOWED_ORIGINS.includes(origin)) {
return origin;
}
// Default fallback
return CORS.DEFAULT_ORIGIN;
}
/**
* Add security headers to response
* Performance optimization: Reuses response body without cloning to minimize memory allocation
*
* Benefits:
* - Avoids Response.clone() which copies the entire body stream
* - Directly references response.body (ReadableStream) without duplication
* - Reduces memory allocation and GC pressure per request
*
* Note: response.body can be null for 204 No Content or empty responses
*/
function addSecurityHeaders(response: Response, corsOrigin?: string): Response {
const headers = new Headers(response.headers);
// Basic security headers
headers.set('X-Content-Type-Options', 'nosniff');
headers.set('X-Frame-Options', 'DENY');
headers.set('Strict-Transport-Security', 'max-age=31536000');
// CORS headers
headers.set('Access-Control-Allow-Origin', corsOrigin || CORS.DEFAULT_ORIGIN);
headers.set('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
headers.set('Access-Control-Allow-Headers', 'Content-Type, X-API-Key');
headers.set('Access-Control-Max-Age', CORS.MAX_AGE);
// Additional security headers
headers.set('Content-Security-Policy', "default-src 'none'");
headers.set('X-XSS-Protection', '1; mode=block');
headers.set('Referrer-Policy', 'no-referrer');
// Create new Response with same body reference (no copy) and updated headers
return new Response(response.body, {
status: response.status,
statusText: response.statusText,
headers,
for (let attempt = 1; attempt <= maxRetries; attempt++) {
try {
logger.info(`Starting ${operationName} attempt`, {
attempt_number: attempt,
max_retries: maxRetries
});
const result = await operation();
return result;
} catch (error) {
const willRetry = attempt < maxRetries;
const retryDelayMs = willRetry ? Math.min(Math.pow(2, attempt - 1) * 1000, 10000) : 0;
logger.error(`${operationName} attempt failed`, {
attempt_number: attempt,
max_retries: maxRetries,
will_retry: willRetry,
retry_delay_ms: retryDelayMs,
error: error instanceof Error ? error.message : String(error),
stack: error instanceof Error ? error.stack : undefined
});
if (willRetry) {
// Wait before retry with exponential backoff
await new Promise(resolve => setTimeout(resolve, retryDelayMs));
} else {
// Final failure - re-throw to make cron failure visible
logger.error(`${operationName} failed after all retries`, {
total_attempts: maxRetries,
error: error instanceof Error ? error.message : String(error)
});
throw error;
}
}
}
// TypeScript exhaustiveness check - should never reach here
throw new Error(`${operationName}: Unexpected retry loop exit`);
}
export default {
/**
* HTTP Request Handler
* HTTP Request Handler (delegated to Hono)
*/
async fetch(request: Request, env: Env, _ctx: ExecutionContext): Promise<Response> {
const url = new URL(request.url);
const path = url.pathname;
// Get CORS origin based on request and configuration
const corsOrigin = getCorsOrigin(request, env);
try {
// Handle OPTIONS preflight requests
if (request.method === 'OPTIONS') {
return addSecurityHeaders(new Response(null, { status: 204 }), corsOrigin);
}
// Validate required environment variables
const envValidation = validateEnv(env);
if (!envValidation.valid) {
console.error('[Worker] Missing required environment variables:', envValidation.missing);
return addSecurityHeaders(
Response.json(
{ error: 'Service Unavailable', message: 'Service configuration error' },
{ status: 503 }
),
corsOrigin
);
}
// Health check (public endpoint with optional authentication)
if (path === '/health') {
const apiKey = request.headers.get('X-API-Key');
const authenticated = apiKey ? verifyApiKey(apiKey, env) : false;
return addSecurityHeaders(await handleHealth(env, authenticated), corsOrigin);
}
// Authentication required for all other endpoints
const isAuthenticated = await authenticateRequest(request, env);
if (!isAuthenticated) {
return addSecurityHeaders(createUnauthorizedResponse(), corsOrigin);
}
// Rate limiting for authenticated endpoints
const rateLimitCheck = await checkRateLimit(request, path, env);
if (!rateLimitCheck.allowed) {
return addSecurityHeaders(createRateLimitResponse(rateLimitCheck.retryAfter!), corsOrigin);
}
// Query instances
if (path === '/instances' && request.method === 'GET') {
return addSecurityHeaders(await handleInstances(request, env), corsOrigin);
}
// Sync trigger
if (path === '/sync' && request.method === 'POST') {
return addSecurityHeaders(await handleSync(request, env), corsOrigin);
}
// Tech stack recommendation
if (path === '/recommend' && request.method === 'POST') {
return addSecurityHeaders(await handleRecommend(request, env), corsOrigin);
}
// 404 Not Found
return addSecurityHeaders(
Response.json(
{ error: 'Not Found', path },
{ status: HTTP_STATUS.NOT_FOUND }
),
corsOrigin
);
} catch (error) {
console.error('[Worker] Request error:', error);
return addSecurityHeaders(
Response.json(
{ error: 'Internal Server Error' },
{ status: HTTP_STATUS.INTERNAL_ERROR }
),
corsOrigin
);
}
},
fetch: app.fetch,
/**
* Scheduled (Cron) Handler
*
* Cron Schedules:
* - 0 0 * * * : Daily full sync at 00:00 UTC
* - 0 star-slash-6 * * * : Pricing update every 6 hours
* - 0 star/6 * * * : Pricing update every 6 hours
*/
async scheduled(event: ScheduledEvent, env: Env, ctx: ExecutionContext): Promise<void> {
const logger = createLogger('[Cron]', env);
@@ -185,17 +85,34 @@ export default {
scheduled_time: new Date(event.scheduledTime).toISOString()
});
// Validate required environment variables
const requiredVars = ['DB'];
const missing = requiredVars.filter(v => !env[v as keyof Env]);
if (missing.length > 0) {
logger.error('Missing required environment variables', { missing, cron });
throw new Error(`Cron job failed: missing env vars: ${missing.join(', ')}`);
}
// Daily full sync at 00:00 UTC
if (cron === '0 0 * * *') {
const vault = new VaultClient(env.VAULT_URL, env.VAULT_TOKEN);
const orchestrator = new SyncOrchestrator(env.DB, vault, env);
const MAX_RETRIES = 3;
ctx.waitUntil(
orchestrator.syncAll(['linode', 'vultr', 'aws'])
.then(report => {
logger.info('Daily sync complete', {
const executeSyncWithRetry = async (): Promise<void> => {
const orchestrator = new SyncOrchestrator(env.DB, env);
const report = await executeWithRetry(
async () => orchestrator.syncAll(['linode', 'vultr', 'aws']),
{
maxRetries: MAX_RETRIES,
operationName: 'full sync',
logger
}
);
logger.info('Daily full sync complete', {
total_regions: report.summary.total_regions,
total_instances: report.summary.total_instances,
total_pricing: report.summary.total_pricing,
successful_providers: report.summary.successful_providers,
failed_providers: report.summary.failed_providers,
duration_ms: report.total_duration_ms
@@ -215,20 +132,50 @@ export default {
.map(p => ({ provider: p.provider, error: p.error }))
});
}
})
.catch(error => {
logger.error('Daily sync failed', {
error: error instanceof Error ? error.message : String(error),
stack: error instanceof Error ? error.stack : undefined
});
})
);
}
};
ctx.waitUntil(executeSyncWithRetry());
}
// Pricing update every 6 hours
if (cron === '0 */6 * * *') {
// Skip full sync, just log for now (pricing update logic can be added later)
logger.info('Pricing update check (not implemented yet)');
else if (cron === '0 */6 * * *') {
const MAX_RETRIES = 3;
const executePricingSyncWithRetry = async (): Promise<void> => {
const orchestrator = new SyncOrchestrator(env.DB, env);
const report = await executeWithRetry(
async () => orchestrator.syncAllPricingOnly(['linode', 'vultr', 'aws']),
{
maxRetries: MAX_RETRIES,
operationName: 'pricing sync',
logger
}
);
logger.info('Pricing sync complete', {
total_pricing: report.summary.total_pricing,
successful_providers: report.summary.successful_providers,
failed_providers: report.summary.failed_providers,
duration_ms: report.total_duration_ms
});
// Alert on partial failures
if (report.summary.failed_providers > 0) {
const failedProviders = report.providers
.filter(p => !p.success)
.map(p => p.provider);
logger.warn('Some providers failed during pricing sync', {
failed_count: report.summary.failed_providers,
failed_providers: failedProviders,
errors: report.providers
.filter(p => !p.success)
.map(p => ({ provider: p.provider, error: p.error }))
});
}
};
ctx.waitUntil(executePricingSyncWithRetry());
}
},
};

2
src/middleware/auth.test.ts
View File

@@ -19,8 +19,6 @@ const createMockEnv = (apiKey?: string): Env => ({
API_KEY: apiKey || 'test-api-key-12345',
DB: {} as any,
RATE_LIMIT_KV: {} as any,
VAULT_URL: 'https://vault.example.com',
VAULT_TOKEN: 'test-token',
});
/**

49
src/middleware/auth.ts
View File

@@ -6,6 +6,9 @@
*/
import { Env } from '../types';
import { createLogger } from '../utils/logger';
const logger = createLogger('[Auth]');
/**
* Authenticate incoming request using API key
@@ -25,19 +28,19 @@ export async function authenticateRequest(request: Request, env: Env): Promise<b
// Validate environment variable
const expectedKey = env.API_KEY;
if (!expectedKey) {
console.error('[Auth] API_KEY environment variable is not configured');
logger.error('API_KEY environment variable is not configured');
return false;
}
// Length comparison with safety check
if (providedKey.length !== expectedKey.length) {
return false;
}
// Pad both keys to same length to prevent timing leak on length comparison
const maxLength = Math.max(providedKey.length, expectedKey.length);
const paddedProvided = providedKey.padEnd(maxLength, '\0');
const paddedExpected = expectedKey.padEnd(maxLength, '\0');
// Use Web Crypto API for constant-time comparison
const encoder = new TextEncoder();
const providedBuffer = encoder.encode(providedKey);
const expectedBuffer = encoder.encode(expectedKey);
const providedBuffer = encoder.encode(paddedProvided);
const expectedBuffer = encoder.encode(paddedExpected);
const providedHash = await crypto.subtle.digest('SHA-256', providedBuffer);
const expectedHash = await crypto.subtle.digest('SHA-256', expectedBuffer);
@@ -45,15 +48,13 @@ export async function authenticateRequest(request: Request, env: Env): Promise<b
const providedArray = new Uint8Array(providedHash);
const expectedArray = new Uint8Array(expectedHash);
// Compare hashes byte by byte
let equal = true;
// Truly constant-time comparison using XOR to avoid branching
let result = 0;
for (let i = 0; i < providedArray.length; i++) {
if (providedArray[i] !== expectedArray[i]) {
equal = false;
}
result |= providedArray[i] ^ expectedArray[i];
}
return equal;
return result === 0;
}
/**
@@ -65,23 +66,21 @@ export async function authenticateRequest(request: Request, env: Env): Promise<b
* @returns true if key matches, false otherwise
*/
export function verifyApiKey(providedKey: string, env: Env): boolean {
// Validate environment variable
const expectedKey = env.API_KEY;
if (!expectedKey || !providedKey) {
return false;
}
// Length comparison with safety check
if (providedKey.length !== expectedKey.length) {
return false;
}
// Use fixed-size buffers to prevent length leakage
const FIXED_SIZE = 256;
const provided = (providedKey || '').slice(0, FIXED_SIZE).padEnd(FIXED_SIZE, '\0');
const expected = (expectedKey || '').slice(0, FIXED_SIZE).padEnd(FIXED_SIZE, '\0');
// Constant-time comparison to prevent timing attacks
// Constant-time comparison
let result = 0;
for (let i = 0; i < providedKey.length; i++) {
result |= providedKey.charCodeAt(i) ^ expectedKey.charCodeAt(i);
for (let i = 0; i < FIXED_SIZE; i++) {
result |= provided.charCodeAt(i) ^ expected.charCodeAt(i);
}
return result === 0;
// Both must be non-empty and match
return result === 0 && !!providedKey && !!expectedKey;
}
/**

104
src/middleware/hono-adapters.ts Normal file
View File

@@ -0,0 +1,104 @@
/**
* Hono Middleware Adapters
*
* Adapts existing authentication and rate limiting middleware to Hono's middleware pattern.
*/
import type { Context, Next } from 'hono';
import type { Env, HonoVariables } from '../types';
import {
authenticateRequest,
verifyApiKey,
createUnauthorizedResponse,
} from './auth';
import { checkRateLimit, createRateLimitResponse } from './rateLimit';
import { createLogger } from '../utils/logger';
const logger = createLogger('[Middleware]');
/**
* Request ID middleware
* Adds unique request ID to context for tracing
*/
export async function requestIdMiddleware(
c: Context<{ Bindings: Env; Variables: HonoVariables }>,
next: Next
): Promise<void> {
// Use CF-Ray if available, otherwise generate UUID
const requestId = c.req.header('CF-Ray') || crypto.randomUUID();
// Store in context for handlers to use
c.set('requestId', requestId);
await next();
// Add to response headers
c.res.headers.set('X-Request-ID', requestId);
}
/**
* Authentication middleware
* Validates X-API-Key header using existing auth logic
*/
export async function authMiddleware(
c: Context<{ Bindings: Env; Variables: HonoVariables }>,
next: Next
): Promise<Response | void> {
const request = c.req.raw;
const env = c.env;
const isAuthenticated = await authenticateRequest(request, env);
if (!isAuthenticated) {
logger.warn('[Auth] Unauthorized request', {
path: c.req.path,
requestId: c.get('requestId'),
});
return createUnauthorizedResponse();
}
await next();
}
/**
* Rate limiting middleware
* Applies rate limits based on endpoint using existing rate limit logic
*/
export async function rateLimitMiddleware(
c: Context<{ Bindings: Env; Variables: HonoVariables }>,
next: Next
): Promise<Response | void> {
const request = c.req.raw;
const path = c.req.path;
const env = c.env;
const rateLimitCheck = await checkRateLimit(request, path, env);
if (!rateLimitCheck.allowed) {
logger.warn('[RateLimit] Rate limit exceeded', {
path,
retryAfter: rateLimitCheck.retryAfter,
requestId: c.get('requestId'),
});
return createRateLimitResponse(rateLimitCheck.retryAfter!);
}
await next();
}
/**
* Optional authentication middleware for health check
* Checks if API key is provided and valid, stores result in context
*/
export async function optionalAuthMiddleware(
c: Context<{ Bindings: Env; Variables: HonoVariables }>,
next: Next
): Promise<void> {
const apiKey = c.req.header('X-API-Key');
const authenticated = apiKey ? verifyApiKey(apiKey, c.env) : false;
// Store authentication status in context
c.set('authenticated', authenticated);
await next();
}

118
src/middleware/rateLimit.test.ts
View File

@@ -21,20 +21,40 @@ import type { Env } from '../types';
*/
const createMockKV = () => {
const store = new Map<string, string>();
const metadata = new Map<string, Record<string, any>>();
return {
get: vi.fn(async (key: string) => store.get(key) || null),
put: vi.fn(async (key: string, value: string) => {
put: vi.fn(async (key: string, value: string, options?: { expirationTtl?: number; metadata?: Record<string, any> }) => {
store.set(key, value);
if (options?.metadata) {
metadata.set(key, options.metadata);
}
}),
delete: vi.fn(async (key: string) => {
store.delete(key);
metadata.delete(key);
}),
list: vi.fn(),
getWithMetadata: vi.fn(),
getWithMetadata: vi.fn(async (key: string) => {
const value = store.get(key) || null;
const meta = metadata.get(key) || null;
return {
value,
metadata: meta,
};
}),
// Helper to manually set values for testing
_setStore: (key: string, value: string) => store.set(key, value),
_clearStore: () => store.clear(),
_setStore: (key: string, value: string, meta?: Record<string, any>) => {
store.set(key, value);
if (meta) {
metadata.set(key, meta);
}
},
_clearStore: () => {
store.clear();
metadata.clear();
},
};
};
@@ -44,8 +64,6 @@ const createMockKV = () => {
const createMockEnv = (kv: ReturnType<typeof createMockKV>): Env => ({
DB: {} as any,
RATE_LIMIT_KV: kv as any,
VAULT_URL: 'https://vault.example.com',
VAULT_TOKEN: 'test-token',
API_KEY: 'test-api-key',
});
@@ -92,12 +110,12 @@ describe('Rate Limiting Middleware', () => {
const request = createMockRequest('192.168.1.1');
const now = Date.now();
// Set existing entry at limit
// Set existing entry at limit with version metadata
const entry = {
count: 100, // Already at limit
windowStart: now,
};
mockKV._setStore('ratelimit:192.168.1.1:/instances', JSON.stringify(entry));
mockKV._setStore('ratelimit:192.168.1.1:/instances', JSON.stringify(entry), { version: 1 });
const result = await checkRateLimit(request, '/instances', env);
@@ -114,11 +132,11 @@ describe('Rate Limiting Middleware', () => {
count: 100,
windowStart: now - 120000, // 2 minutes ago (window is 1 minute)
};
mockKV._setStore('ratelimit:192.168.1.1:/instances', JSON.stringify(entry));
mockKV._setStore('ratelimit:192.168.1.1:/instances', JSON.stringify(entry), { version: 99 });
const result = await checkRateLimit(request, '/instances', env);
// Should allow because window expired
// Should allow because window expired (version resets to 0)
expect(result.allowed).toBe(true);
});
@@ -166,8 +184,8 @@ describe('Rate Limiting Middleware', () => {
it('should fail-closed on KV errors for security', async () => {
const request = createMockRequest('192.168.1.1');
// Mock KV error
mockKV.get.mockRejectedValue(new Error('KV connection failed'));
// Mock KV error on getWithMetadata
mockKV.getWithMetadata.mockRejectedValue(new Error('KV connection failed'));
const result = await checkRateLimit(request, '/instances', env);
@@ -214,12 +232,12 @@ describe('Rate Limiting Middleware', () => {
const request = createMockRequest('192.168.1.1');
const now = Date.now();
// Set entry at limit with known window start
// Set entry at limit with known window start and version metadata
const entry = {
count: 100,
windowStart: now - 30000, // 30 seconds ago
};
mockKV._setStore('ratelimit:192.168.1.1:/instances', JSON.stringify(entry));
mockKV._setStore('ratelimit:192.168.1.1:/instances', JSON.stringify(entry), { version: 5 });
const result = await checkRateLimit(request, '/instances', env);
@@ -228,6 +246,78 @@ describe('Rate Limiting Middleware', () => {
expect(result.retryAfter).toBeGreaterThan(25);
expect(result.retryAfter).toBeLessThan(35);
});
it('should use optimistic locking with version metadata', async () => {
const request = createMockRequest('192.168.1.1');
// First request - should create entry with version 0
await checkRateLimit(request, '/instances', env);
// Verify version metadata was set
const putCall = mockKV.put.mock.calls[0];
expect(putCall[2]).toMatchObject({ metadata: { version: 0 } });
});
it('should increment version on each write', async () => {
const request = createMockRequest('192.168.1.1');
const now = Date.now();
// Set existing entry with version 5
const entry = {
count: 10,
windowStart: now,
};
mockKV._setStore('ratelimit:192.168.1.1:/instances', JSON.stringify(entry), { version: 5 });
// Second request - should increment version to 6
await checkRateLimit(request, '/instances', env);
// Find the put call with version 6
const putCalls = mockKV.put.mock.calls;
const versionedCall = putCalls.find(call => call[2]?.metadata?.version === 6);
expect(versionedCall).toBeDefined();
});
it('should reset version to 0 on new window', async () => {
const request = createMockRequest('192.168.1.1');
const now = Date.now();
// Set expired entry with high version
const entry = {
count: 50,
windowStart: now - 120000, // Expired
};
mockKV._setStore('ratelimit:192.168.1.1:/instances', JSON.stringify(entry), { version: 999 });
// Request in new window - should reset version to 0
await checkRateLimit(request, '/instances', env);
// Verify version was reset
const putCall = mockKV.put.mock.calls[0];
expect(putCall[2]).toMatchObject({ metadata: { version: 0 } });
});
it('should handle backward compatibility with entries without version metadata', async () => {
const request = createMockRequest('192.168.1.1');
const now = Date.now();
// Set entry without version metadata (old format)
const entry = {
count: 5,
windowStart: now,
};
mockKV._setStore('ratelimit:192.168.1.1:/instances', JSON.stringify(entry));
// No version metadata set
// Should treat as version 0 and increment to 1
const result = await checkRateLimit(request, '/instances', env);
expect(result.allowed).toBe(true);
// Verify version was set to 1
const putCall = mockKV.put.mock.calls[0];
expect(putCall[2]).toMatchObject({ metadata: { version: 1 } });
});
});
describe('createRateLimitResponse', () => {

113
src/middleware/rateLimit.ts
View File

@@ -3,10 +3,37 @@
*
* Distributed rate limiting using Cloudflare KV for multi-worker support.
* Different limits for different endpoints.
*
* CONCURRENCY CONTROL:
*
* Uses optimistic locking with versioned metadata for race condition safety.
* Each KV entry includes a version number that is incremented on every write.
* Accepts eventual consistency - no post-write verification needed for
* abuse prevention use case.
*
* KNOWN LIMITATIONS:
*
* 1. EVENTUAL CONSISTENCY: KV writes are eventually consistent, which may
* cause slight inaccuracies in rate counting across edge locations.
* This is acceptable for abuse prevention.
*
* 2. RACE CONDITIONS: Multiple concurrent requests may all succeed if they
* read before any writes complete. This is acceptable - rate limiting
* provides statistical protection, not strict guarantees.
*
* For strict rate limiting requirements (billing, quotas), consider:
* - Cloudflare Durable Objects for atomic counters with strong consistency
* - Cloudflare's built-in Rate Limiting rules for global enforcement
*
* This implementation is suitable for abuse prevention with single KV read
* per request (30-50ms overhead).
*/
import { Env } from '../types';
import { RATE_LIMIT_DEFAULTS, HTTP_STATUS } from '../constants';
import { createLogger } from '../utils/logger';
const logger = createLogger('[RateLimit]');
/**
* Rate limit configuration per endpoint
@@ -53,15 +80,25 @@ function getClientIP(request: Request): string {
const cfIP = request.headers.get('CF-Connecting-IP');
if (cfIP) return cfIP;
// If CF-Connecting-IP is missing, request may not be from Cloudflare
// Use unique identifier to still apply rate limit
console.warn('[RateLimit] CF-Connecting-IP missing, possible direct access');
return `unknown-${Date.now()}-${Math.random().toString(36).substring(7)}`;
// For non-Cloudflare requests, fail-closed: use a fixed identifier
// This applies a shared rate limit to all non-Cloudflare traffic
logger.warn('CF-Connecting-IP missing - applying shared rate limit');
return 'non-cloudflare-traffic';
}
/**
* Check if request is rate limited using Cloudflare KV
*
* Simplified flow accepting eventual consistency:
* 1. Read entry with version from KV metadata
* 2. Check if limit exceeded
* 3. Increment counter and version
* 4. Write with new version
* 5. Return decision based on pre-increment count
*
* No post-write verification - accepts eventual consistency for rate limiting.
* Version metadata is still incremented for race condition safety.
*
* @param request - HTTP request to check
* @param path - Request path for rate limit lookup
* @param env - Cloudflare Worker environment with KV binding
@@ -80,71 +117,75 @@ export async function checkRateLimit(
try {
const clientIP = getClientIP(request);
const now = Date.now();
const key = `ratelimit:${clientIP}:${path}`;
const now = Date.now();
// Get current entry from KV
const entryJson = await env.RATE_LIMIT_KV.get(key);
// 1. Read current entry with version metadata (single read)
const kvResult = await env.RATE_LIMIT_KV.getWithMetadata<{ version?: number }>(key);
const currentVersion = kvResult.metadata?.version ?? 0;
let entry: RateLimitEntry | null = null;
if (entryJson) {
if (kvResult.value) {
try {
entry = JSON.parse(entryJson);
entry = JSON.parse(kvResult.value);
} catch {
// Invalid JSON, treat as no entry
entry = null;
}
}
// Check if window has expired
// 2. Check if window has expired or no entry exists
if (!entry || entry.windowStart + config.windowMs <= now) {
// New window - allow and create new entry
// New window - create entry with count 1
const newEntry: RateLimitEntry = {
count: 1,
windowStart: now,
};
// Store with TTL (convert ms to seconds, round up)
const ttlSeconds = Math.ceil(config.windowMs / 1000);
// Write with version 0 (reset on new window) - no verification
await env.RATE_LIMIT_KV.put(key, JSON.stringify(newEntry), {
expirationTtl: ttlSeconds,
metadata: { version: 0 },
});
// Allow request - first in new window
return { allowed: true };
}
// Increment count
entry.count++;
// 3. Check current count against limit
const currentCount = entry.count;
const isOverLimit = currentCount >= config.maxRequests;
// 4. Increment count and version for next request
const newVersion = currentVersion + 1;
const updatedEntry: RateLimitEntry = {
count: currentCount + 1,
windowStart: entry.windowStart,
};
// Check if over limit
if (entry.count > config.maxRequests) {
const windowEnd = entry.windowStart + config.windowMs;
const ttlSeconds = Math.ceil((windowEnd - now) / 1000);
// 5. Write updated count (only if TTL valid) - no verification
if (ttlSeconds > 0) {
await env.RATE_LIMIT_KV.put(key, JSON.stringify(updatedEntry), {
expirationTtl: ttlSeconds,
metadata: { version: newVersion },
});
}
// 6. Return decision based on pre-increment count
if (isOverLimit) {
const retryAfter = Math.ceil((windowEnd - now) / 1000);
// Still update KV to persist the attempt
const ttlSeconds = Math.ceil((windowEnd - now) / 1000);
if (ttlSeconds > 0) {
await env.RATE_LIMIT_KV.put(key, JSON.stringify(entry), {
expirationTtl: ttlSeconds,
});
}
return { allowed: false, retryAfter };
}
// Update entry in KV
const windowEnd = entry.windowStart + config.windowMs;
const ttlSeconds = Math.ceil((windowEnd - now) / 1000);
if (ttlSeconds > 0) {
await env.RATE_LIMIT_KV.put(key, JSON.stringify(entry), {
expirationTtl: ttlSeconds,
});
}
return { allowed: true };
} catch (error) {
// Fail-closed on KV errors for security
console.error('[RateLimit] KV error, blocking request for safety:', error);
logger.error('KV error, blocking request for safety', { error });
return { allowed: false, retryAfter: 60 };
}
}
@@ -214,7 +255,7 @@ export async function getRateLimitStatus(
resetAt: entry.windowStart + config.windowMs,
};
} catch (error) {
console.error('[RateLimit] Status check error:', error);
logger.error('Status check error', { error });
return null;
}
}

9
src/repositories/anvil-instances.ts
View File

@@ -5,11 +5,9 @@
import { BaseRepository } from './base';
import { AnvilInstance, AnvilInstanceInput, RepositoryError, ErrorCodes } from '../types';
import { createLogger } from '../utils/logger';
export class AnvilInstancesRepository extends BaseRepository<AnvilInstance> {
protected tableName = 'anvil_instances';
protected logger = createLogger('[AnvilInstancesRepository]');
protected allowedColumns = [
'name',
'display_name',
@@ -243,12 +241,7 @@ export class AnvilInstancesRepository extends BaseRepository<AnvilInstance> {
);
});
const results = await this.executeBatch(statements);
const successCount = results.reduce(
(sum, result) => sum + (result.meta.changes ?? 0),
0
);
const successCount = await this.executeBatchCount(statements);
this.logger.info('Upserted Anvil instances', { count: successCount });
return successCount;

9
src/repositories/anvil-pricing.ts
View File

@@ -5,11 +5,9 @@
import { BaseRepository } from './base';
import { AnvilPricing, AnvilPricingInput, RepositoryError, ErrorCodes } from '../types';
import { createLogger } from '../utils/logger';
export class AnvilPricingRepository extends BaseRepository<AnvilPricing> {
protected tableName = 'anvil_pricing';
protected logger = createLogger('[AnvilPricingRepository]');
protected allowedColumns = [
'anvil_instance_id',
'anvil_region_id',
@@ -186,12 +184,7 @@ export class AnvilPricingRepository extends BaseRepository<AnvilPricing> {
);
});
const results = await this.executeBatch(statements);
const successCount = results.reduce(
(sum, result) => sum + (result.meta.changes ?? 0),
0
);
const successCount = await this.executeBatchCount(statements);
this.logger.info('Upserted Anvil pricing records', { count: successCount });
return successCount;

9
src/repositories/anvil-regions.ts
View File

@@ -5,11 +5,9 @@
import { BaseRepository } from './base';
import { AnvilRegion, AnvilRegionInput, RepositoryError, ErrorCodes } from '../types';
import { createLogger } from '../utils/logger';
export class AnvilRegionsRepository extends BaseRepository<AnvilRegion> {
protected tableName = 'anvil_regions';
protected logger = createLogger('[AnvilRegionsRepository]');
protected allowedColumns = [
'name',
'display_name',
@@ -186,12 +184,7 @@ export class AnvilRegionsRepository extends BaseRepository<AnvilRegion> {
);
});
const results = await this.executeBatch(statements);
const successCount = results.reduce(
(sum, result) => sum + (result.meta.changes ?? 0),
0
);
const successCount = await this.executeBatchCount(statements);
this.logger.info('Upserted Anvil regions', { count: successCount });
return successCount;

12
src/repositories/anvil-transfer-pricing.ts
View File

@@ -5,11 +5,9 @@
import { BaseRepository } from './base';
import { AnvilTransferPricing, AnvilTransferPricingInput, RepositoryError, ErrorCodes } from '../types';
import { createLogger } from '../utils/logger';
export class AnvilTransferPricingRepository extends BaseRepository<AnvilTransferPricing> {
protected tableName = 'anvil_transfer_pricing';
protected logger = createLogger('[AnvilTransferPricingRepository]');
protected allowedColumns = [
'anvil_region_id',
'price_per_gb',
@@ -60,19 +58,15 @@ export class AnvilTransferPricingRepository extends BaseRepository<AnvilTransfer
) VALUES (?, ?)
ON CONFLICT(anvil_region_id)
DO UPDATE SET
price_per_gb = excluded.price_per_gb`
price_per_gb = excluded.price_per_gb,
updated_at = CURRENT_TIMESTAMP`
).bind(
price.anvil_region_id,
price.price_per_gb
);
});
const results = await this.executeBatch(statements);
const successCount = results.reduce(
(sum, result) => sum + (result.meta.changes ?? 0),
0
);
const successCount = await this.executeBatchCount(statements);
this.logger.info('Upserted Anvil transfer pricing records', { count: successCount });
return successCount;

326
src/repositories/base.test.ts Normal file
View File

@@ -0,0 +1,326 @@
/**
* Base Repository Tests
* Tests for table name validation and security
*/
import { describe, it, expect, beforeEach, vi } from 'vitest';
import { BaseRepository } from './base';
import { RepositoryError } from '../types';
// Mock D1Database
const createMockD1Database = () => {
return {
prepare: vi.fn(),
dump: vi.fn(),
batch: vi.fn(),
exec: vi.fn(),
withSession: vi.fn(),
};
};
// Concrete implementation for testing
class TestRepository extends BaseRepository<any> {
protected allowedColumns: string[] = ['id', 'name', 'value'];
constructor(db: D1Database, protected tableName: string) {
super(db);
}
}
describe('BaseRepository - Table Name Validation', () => {
let db: D1Database;
beforeEach(() => {
db = createMockD1Database();
});
describe('Valid table names', () => {
it('should accept lowercase table name', async () => {
const repo = new TestRepository(db, 'users');
db.prepare = () => ({
first: async () => ({ count: 0 }),
}) as any;
await expect(repo.count()).resolves.toBe(0);
});
it('should accept table name with underscores', async () => {
const repo = new TestRepository(db, 'user_profiles');
db.prepare = () => ({
first: async () => ({ count: 0 }),
}) as any;
await expect(repo.count()).resolves.toBe(0);
});
it('should accept table name starting with underscore', async () => {
const repo = new TestRepository(db, '_internal_table');
db.prepare = () => ({
first: async () => ({ count: 0 }),
}) as any;
await expect(repo.count()).resolves.toBe(0);
});
it('should accept uppercase table name', async () => {
const repo = new TestRepository(db, 'USERS');
db.prepare = () => ({
first: async () => ({ count: 0 }),
}) as any;
await expect(repo.count()).resolves.toBe(0);
});
it('should accept mixed case table name', async () => {
const repo = new TestRepository(db, 'User_Profiles');
db.prepare = () => ({
first: async () => ({ count: 0 }),
}) as any;
await expect(repo.count()).resolves.toBe(0);
});
it('should accept table name with numbers', async () => {
const repo = new TestRepository(db, 'users_v2');
db.prepare = () => ({
first: async () => ({ count: 0 }),
}) as any;
await expect(repo.count()).resolves.toBe(0);
});
it('should accept long valid table name (64 chars)', async () => {
const longName = 'a'.repeat(64);
const repo = new TestRepository(db, longName);
db.prepare = () => ({
first: async () => ({ count: 0 }),
}) as any;
await expect(repo.count()).resolves.toBe(0);
});
});
describe('Invalid table names - Format', () => {
it('should reject table name with spaces', async () => {
const repo = new TestRepository(db, 'user profiles');
db.prepare = () => ({
first: async () => ({ count: 0 }),
}) as any;
await expect(repo.count()).rejects.toThrow(RepositoryError);
await expect(repo.count()).rejects.toThrow('Invalid table name');
});
it('should reject table name with hyphens', async () => {
const repo = new TestRepository(db, 'user-profiles');
db.prepare = () => ({
first: async () => ({ count: 0 }),
}) as any;
await expect(repo.count()).rejects.toThrow(RepositoryError);
});
it('should reject table name with special characters', async () => {
const repo1 = new TestRepository(db, 'users@table');
const repo2 = new TestRepository(db, 'users#table');
const repo3 = new TestRepository(db, 'users$table');
const repo4 = new TestRepository(db, 'users!table');
db.prepare = () => ({
first: async () => ({ count: 0 }),
}) as any;
await expect(repo1.count()).rejects.toThrow(RepositoryError);
await expect(repo2.count()).rejects.toThrow(RepositoryError);
await expect(repo3.count()).rejects.toThrow(RepositoryError);
await expect(repo4.count()).rejects.toThrow(RepositoryError);
});
it('should reject table name starting with number', async () => {
const repo = new TestRepository(db, '123users');
db.prepare = () => ({
first: async () => ({ count: 0 }),
}) as any;
await expect(repo.count()).rejects.toThrow(RepositoryError);
await expect(repo.count()).rejects.toThrow('Invalid table name');
});
it('should reject empty table name', async () => {
const repo = new TestRepository(db, '');
db.prepare = () => ({
first: async () => ({ count: 0 }),
}) as any;
await expect(repo.count()).rejects.toThrow(RepositoryError);
});
it('should reject table name with dots', async () => {
const repo = new TestRepository(db, 'schema.users');
db.prepare = () => ({
first: async () => ({ count: 0 }),
}) as any;
await expect(repo.count()).rejects.toThrow(RepositoryError);
});
});
describe('Invalid table names - SQL Keywords', () => {
it('should reject SELECT keyword', async () => {
const repo = new TestRepository(db, 'SELECT');
db.prepare = () => ({
first: async () => ({ count: 0 }),
}) as any;
await expect(repo.count()).rejects.toThrow(RepositoryError);
await expect(repo.count()).rejects.toThrow('SQL keyword');
});
it('should reject INSERT keyword', async () => {
const repo = new TestRepository(db, 'INSERT');
db.prepare = () => ({
first: async () => ({ count: 0 }),
}) as any;
await expect(repo.count()).rejects.toThrow(RepositoryError);
});
it('should reject UPDATE keyword', async () => {
const repo = new TestRepository(db, 'UPDATE');
db.prepare = () => ({
first: async () => ({ count: 0 }),
}) as any;
await expect(repo.count()).rejects.toThrow(RepositoryError);
});
it('should reject DELETE keyword', async () => {
const repo = new TestRepository(db, 'DELETE');
db.prepare = () => ({
first: async () => ({ count: 0 }),
}) as any;
await expect(repo.count()).rejects.toThrow(RepositoryError);
});
it('should reject DROP keyword', async () => {
const repo = new TestRepository(db, 'DROP');
db.prepare = () => ({
first: async () => ({ count: 0 }),
}) as any;
await expect(repo.count()).rejects.toThrow(RepositoryError);
});
it('should reject CREATE keyword', async () => {
const repo = new TestRepository(db, 'CREATE');
db.prepare = () => ({
first: async () => ({ count: 0 }),
}) as any;
await expect(repo.count()).rejects.toThrow(RepositoryError);
});
it('should reject ALTER keyword', async () => {
const repo = new TestRepository(db, 'ALTER');
db.prepare = () => ({
first: async () => ({ count: 0 }),
}) as any;
await expect(repo.count()).rejects.toThrow(RepositoryError);
});
it('should reject TRUNCATE keyword', async () => {
const repo = new TestRepository(db, 'TRUNCATE');
db.prepare = () => ({
first: async () => ({ count: 0 }),
}) as any;
await expect(repo.count()).rejects.toThrow(RepositoryError);
});
it('should reject GRANT keyword', async () => {
const repo = new TestRepository(db, 'GRANT');
db.prepare = () => ({
first: async () => ({ count: 0 }),
}) as any;
await expect(repo.count()).rejects.toThrow(RepositoryError);
});
it('should reject REVOKE keyword', async () => {
const repo = new TestRepository(db, 'REVOKE');
db.prepare = () => ({
first: async () => ({ count: 0 }),
}) as any;
await expect(repo.count()).rejects.toThrow(RepositoryError);
});
it('should reject lowercase SQL keywords', async () => {
const repo1 = new TestRepository(db, 'select');
const repo2 = new TestRepository(db, 'delete');
const repo3 = new TestRepository(db, 'drop');
db.prepare = () => ({
first: async () => ({ count: 0 }),
}) as any;
await expect(repo1.count()).rejects.toThrow(RepositoryError);
await expect(repo2.count()).rejects.toThrow(RepositoryError);
await expect(repo3.count()).rejects.toThrow(RepositoryError);
});
it('should reject mixed case SQL keywords', async () => {
const repo1 = new TestRepository(db, 'Select');
const repo2 = new TestRepository(db, 'DeLeTe');
db.prepare = () => ({
first: async () => ({ count: 0 }),
}) as any;
await expect(repo1.count()).rejects.toThrow(RepositoryError);
await expect(repo2.count()).rejects.toThrow(RepositoryError);
});
});
describe('Invalid table names - Length', () => {
it('should reject table name longer than 64 characters', async () => {
const tooLongName = 'a'.repeat(65);
const repo = new TestRepository(db, tooLongName);
db.prepare = () => ({
first: async () => ({ count: 0 }),
}) as any;
await expect(repo.count()).rejects.toThrow(RepositoryError);
await expect(repo.count()).rejects.toThrow('too long');
});
it('should reject extremely long table name', async () => {
const extremelyLongName = 'users_' + 'x'.repeat(100);
const repo = new TestRepository(db, extremelyLongName);
db.prepare = () => ({
first: async () => ({ count: 0 }),
}) as any;
await expect(repo.count()).rejects.toThrow(RepositoryError);
});
});
describe('Edge cases', () => {
it('should accept single character table name', async () => {
const repo1 = new TestRepository(db, 'a');
const repo2 = new TestRepository(db, '_');
db.prepare = () => ({
first: async () => ({ count: 0 }),
}) as any;
await expect(repo1.count()).resolves.toBe(0);
await expect(repo2.count()).resolves.toBe(0);
});
it('should accept table name at exact 64 character limit', async () => {
const exactLimit = 'a'.repeat(64);
const repo = new TestRepository(db, exactLimit);
db.prepare = () => ({
first: async () => ({ count: 0 }),
}) as any;
await expect(repo.count()).resolves.toBe(0);
});
it('should reject SQL keyword even with different casing', async () => {
const repo = new TestRepository(db, 'sElEcT');
db.prepare = () => ({
first: async () => ({ count: 0 }),
}) as any;
await expect(repo.count()).rejects.toThrow(RepositoryError);
});
});
});

162
src/repositories/base.ts
View File

@@ -9,14 +9,69 @@ import { createLogger } from '../utils/logger';
export abstract class BaseRepository<T> {
protected abstract tableName: string;
protected abstract allowedColumns: string[];
protected logger = createLogger('[BaseRepository]');
private static _loggerCache = new Map<string, ReturnType<typeof createLogger>>();
private _tableNameValidated = false;
constructor(protected db: D1Database) {}
/**
* Shared logger getter with per-class caching
* Creates one logger instance per class type instead of per repository instance
*/
protected get logger(): ReturnType<typeof createLogger> {
const className = this.constructor.name;
if (!BaseRepository._loggerCache.has(className)) {
BaseRepository._loggerCache.set(className, createLogger(`[${className}]`));
}
return BaseRepository._loggerCache.get(className)!;
}
/**
* Validate table name to prevent SQL injection
* Called lazily on first use to ensure tableName is initialized
* @throws RepositoryError if table name is invalid
*/
private validateTableName(): void {
// Only validate once
if (this._tableNameValidated) {
return;
}
// Validate format: only alphanumeric and underscores, starting with letter or underscore
if (!/^[a-z_][a-z0-9_]*$/i.test(this.tableName)) {
throw new RepositoryError(
`Invalid table name: ${this.tableName}`,
ErrorCodes.VALIDATION_ERROR
);
}
// Prevent SQL keywords
const sqlKeywords = ['SELECT', 'INSERT', 'UPDATE', 'DELETE', 'DROP', 'CREATE', 'ALTER', 'TRUNCATE', 'GRANT', 'REVOKE'];
if (sqlKeywords.includes(this.tableName.toUpperCase())) {
throw new RepositoryError(
`Table name cannot be SQL keyword: ${this.tableName}`,
ErrorCodes.VALIDATION_ERROR
);
}
// Max length check (SQLite identifier limit is 64 characters)
if (this.tableName.length > 64) {
throw new RepositoryError(
`Table name too long: ${this.tableName}`,
ErrorCodes.VALIDATION_ERROR
);
}
this._tableNameValidated = true;
}
/**
* Find a record by ID
*/
async findById(id: number): Promise<T | null> {
this.validateTableName();
try {
const result = await this.db
.prepare(`SELECT * FROM ${this.tableName} WHERE id = ?`)
@@ -42,6 +97,7 @@ export abstract class BaseRepository<T> {
* Find all records with optional pagination
*/
async findAll(options?: PaginationOptions): Promise<T[]> {
this.validateTableName();
try {
const limit = options?.limit ?? 100;
const offset = options?.offset ?? 0;
@@ -71,6 +127,7 @@ export abstract class BaseRepository<T> {
* Create a new record
*/
async create(data: Partial<T>): Promise<T> {
this.validateTableName();
try {
const columnNames = Object.keys(data);
@@ -129,6 +186,7 @@ export abstract class BaseRepository<T> {
* Update a record by ID
*/
async update(id: number, data: Partial<T>): Promise<T> {
this.validateTableName();
try {
const columnNames = Object.keys(data);
@@ -179,6 +237,7 @@ export abstract class BaseRepository<T> {
* Delete a record by ID
*/
async delete(id: number): Promise<boolean> {
this.validateTableName();
try {
const result = await this.db
.prepare(`DELETE FROM ${this.tableName} WHERE id = ?`)
@@ -204,6 +263,7 @@ export abstract class BaseRepository<T> {
* Count total records
*/
async count(): Promise<number> {
this.validateTableName();
try {
const result = await this.db
.prepare(`SELECT COUNT(*) as count FROM ${this.tableName}`)
@@ -253,6 +313,7 @@ export abstract class BaseRepository<T> {
* Automatically chunks operations into batches of 100 (D1 limit)
*/
protected async executeBatch(statements: D1PreparedStatement[]): Promise<D1Result[]> {
this.validateTableName();
try {
const BATCH_SIZE = 100;
const totalStatements = statements.length;
@@ -338,4 +399,103 @@ export abstract class BaseRepository<T> {
);
}
}
/**
* Execute batch operations and return only the total count of changes
* Optimized for large batches to avoid memory accumulation
* @returns Total number of rows affected across all operations
*/
protected async executeBatchCount(statements: D1PreparedStatement[]): Promise<number> {
this.validateTableName();
try {
const BATCH_SIZE = 100;
const totalStatements = statements.length;
let totalChanges = 0;
// If statements fit within single batch, execute directly
if (totalStatements <= BATCH_SIZE) {
this.logger.info('Executing batch (count mode)', {
table: this.tableName,
statements: totalStatements
});
const results = await this.db.batch(statements);
totalChanges = results.reduce((sum, r) => sum + (r.meta.changes ?? 0), 0);
this.logger.info('Batch completed successfully', {
table: this.tableName,
changes: totalChanges
});
return totalChanges;
}
// Process chunks and aggregate counts without storing all results
const chunks = Math.ceil(totalStatements / BATCH_SIZE);
this.logger.info('Executing large batch (count mode)', {
table: this.tableName,
statements: totalStatements,
chunks
});
for (let i = 0; i < chunks; i++) {
const start = i * BATCH_SIZE;
const end = Math.min(start + BATCH_SIZE, totalStatements);
const chunk = statements.slice(start, end);
this.logger.info('Processing chunk', {
table: this.tableName,
chunk: i + 1,
total: chunks,
range: `${start + 1}-${end}`
});
try {
const chunkResults = await this.db.batch(chunk);
const chunkChanges = chunkResults.reduce((sum, r) => sum + (r.meta.changes ?? 0), 0);
totalChanges += chunkChanges;
this.logger.info('Chunk completed successfully', {
table: this.tableName,
chunk: i + 1,
total: chunks,
changes: chunkChanges,
totalChanges
});
} catch (chunkError) {
this.logger.error('Chunk failed', {
table: this.tableName,
chunk: i + 1,
total: chunks,
range: `${start + 1}-${end}`,
error: chunkError instanceof Error ? chunkError.message : 'Unknown error'
});
throw new RepositoryError(
`Batch chunk ${i + 1}/${chunks} failed for ${this.tableName} (statements ${start + 1}-${end})`,
ErrorCodes.TRANSACTION_FAILED,
chunkError
);
}
}
this.logger.info('All chunks completed successfully', {
table: this.tableName,
chunks,
totalChanges
});
return totalChanges;
} catch (error) {
// Re-throw RepositoryError from chunk processing
if (error instanceof RepositoryError) {
throw error;
}
this.logger.error('Batch count execution failed', {
table: this.tableName,
error: error instanceof Error ? error.message : 'Unknown error'
});
throw new RepositoryError(
`Batch count operation failed for ${this.tableName}`,
ErrorCodes.TRANSACTION_FAILED,
error
);
}
}
}

2
src/repositories/g8-instances.ts
View File

@@ -5,11 +5,9 @@
import { BaseRepository } from './base';
import { G8Instance, G8InstanceInput, RepositoryError, ErrorCodes } from '../types';
import { createLogger } from '../utils/logger';
export class G8InstancesRepository extends BaseRepository<G8Instance> {
protected tableName = 'g8_instances';
protected logger = createLogger('[G8InstancesRepository]');
protected allowedColumns = [
'provider_id',
'instance_id',

25
src/repositories/g8-pricing.ts
View File

@@ -5,19 +5,14 @@
import { BaseRepository } from './base';
import { G8Pricing, G8PricingInput, RepositoryError, ErrorCodes } from '../types';
import { createLogger } from '../utils/logger';
import { calculateRetailHourly, calculateRetailMonthly } from '../constants';
export class G8PricingRepository extends BaseRepository<G8Pricing> {
protected tableName = 'g8_pricing';
protected logger = createLogger('[G8PricingRepository]');
protected allowedColumns = [
'g8_instance_id',
'region_id',
'hourly_price',
'monthly_price',
'hourly_price_retail',
'monthly_price_retail',
'currency',
'available',
];
@@ -85,42 +80,28 @@ export class G8PricingRepository extends BaseRepository<G8Pricing> {
try {
const statements = pricingData.map((pricing) => {
const hourlyRetail = calculateRetailHourly(pricing.hourly_price);
const monthlyRetail = calculateRetailMonthly(pricing.monthly_price);
return this.db.prepare(
`INSERT INTO g8_pricing (
g8_instance_id, region_id, hourly_price, monthly_price,
hourly_price_retail, monthly_price_retail,
currency, available
) VALUES (?, ?, ?, ?, ?, ?, ?, ?)
) VALUES (?, ?, ?, ?, ?, ?)
ON CONFLICT(g8_instance_id, region_id)
DO UPDATE SET
hourly_price = excluded.hourly_price,
monthly_price = excluded.monthly_price,
hourly_price_retail = excluded.hourly_price_retail,
monthly_price_retail = excluded.monthly_price_retail,
currency = excluded.currency,
available = excluded.available,
updated_at = datetime('now')`
available = excluded.available`
).bind(
pricing.g8_instance_id,
pricing.region_id,
pricing.hourly_price,
pricing.monthly_price,
hourlyRetail,
monthlyRetail,
pricing.currency,
pricing.available
);
});
const results = await this.executeBatch(statements);
const successCount = results.reduce(
(sum, result) => sum + (result.meta.changes ?? 0),
0
);
const successCount = await this.executeBatchCount(statements);
this.logger.info('Upserted G8 pricing records', { count: successCount });
return successCount;

9
src/repositories/gpu-instances.ts
View File

@@ -5,11 +5,9 @@
import { BaseRepository } from './base';
import { GpuInstance, GpuInstanceInput, RepositoryError, ErrorCodes } from '../types';
import { createLogger } from '../utils/logger';
export class GpuInstancesRepository extends BaseRepository<GpuInstance> {
protected tableName = 'gpu_instances';
protected logger = createLogger('[GpuInstancesRepository]');
protected allowedColumns = [
'provider_id',
'instance_id',
@@ -144,13 +142,8 @@ export class GpuInstancesRepository extends BaseRepository<GpuInstance> {
);
});
const results = await this.executeBatch(statements);
// Count successful operations
const successCount = results.reduce(
(sum, result) => sum + (result.meta.changes ?? 0),
0
);
const successCount = await this.executeBatchCount(statements);
this.logger.info('Upserted GPU instances', {
providerId,

22
src/repositories/gpu-pricing.ts
View File

@@ -5,19 +5,14 @@
import { BaseRepository } from './base';
import { GpuPricing, GpuPricingInput, RepositoryError, ErrorCodes } from '../types';
import { createLogger } from '../utils/logger';
import { calculateRetailHourly, calculateRetailMonthly } from '../constants';
export class GpuPricingRepository extends BaseRepository<GpuPricing> {
protected tableName = 'gpu_pricing';
protected logger = createLogger('[GpuPricingRepository]');
protected allowedColumns = [
'gpu_instance_id',
'region_id',
'hourly_price',
'monthly_price',
'hourly_price_retail',
'monthly_price_retail',
'currency',
'available',
];
@@ -113,21 +108,15 @@ export class GpuPricingRepository extends BaseRepository<GpuPricing> {
try {
const statements = pricingData.map((pricing) => {
const hourlyRetail = calculateRetailHourly(pricing.hourly_price);
const monthlyRetail = calculateRetailMonthly(pricing.monthly_price);
return this.db.prepare(
`INSERT INTO gpu_pricing (
gpu_instance_id, region_id, hourly_price, monthly_price,
hourly_price_retail, monthly_price_retail,
currency, available
) VALUES (?, ?, ?, ?, ?, ?, ?, ?)
) VALUES (?, ?, ?, ?, ?, ?)
ON CONFLICT(gpu_instance_id, region_id)
DO UPDATE SET
hourly_price = excluded.hourly_price,
monthly_price = excluded.monthly_price,
hourly_price_retail = excluded.hourly_price_retail,
monthly_price_retail = excluded.monthly_price_retail,
currency = excluded.currency,
available = excluded.available`
).bind(
@@ -135,19 +124,12 @@ export class GpuPricingRepository extends BaseRepository<GpuPricing> {
pricing.region_id,
pricing.hourly_price,
pricing.monthly_price,
hourlyRetail,
monthlyRetail,
pricing.currency,
pricing.available
);
});
const results = await this.executeBatch(statements);
const successCount = results.reduce(
(sum, result) => sum + (result.meta.changes ?? 0),
0
);
const successCount = await this.executeBatchCount(statements);
this.logger.info('Upserted GPU pricing records', { count: successCount });
return successCount;

9
src/repositories/instances.ts
View File

@@ -5,11 +5,9 @@
import { BaseRepository } from './base';
import { InstanceType, InstanceTypeInput, InstanceFamily, RepositoryError, ErrorCodes } from '../types';
import { createLogger } from '../utils/logger';
export class InstancesRepository extends BaseRepository<InstanceType> {
protected tableName = 'instance_types';
protected logger = createLogger('[InstancesRepository]');
protected allowedColumns = [
'provider_id',
'instance_id',
@@ -144,13 +142,8 @@ export class InstancesRepository extends BaseRepository<InstanceType> {
);
});
const results = await this.executeBatch(statements);
// Count successful operations
const successCount = results.reduce(
(sum, result) => sum + (result.meta.changes ?? 0),
0
);
const successCount = await this.executeBatchCount(statements);
this.logger.info('Upserted instance types', {
providerId,

9
src/repositories/pricing.ts
View File

@@ -5,11 +5,9 @@
import { BaseRepository } from './base';
import { Pricing, PricingInput, PriceHistory, RepositoryError, ErrorCodes } from '../types';
import { createLogger } from '../utils/logger';
export class PricingRepository extends BaseRepository<Pricing> {
protected tableName = 'pricing';
protected logger = createLogger('[PricingRepository]');
protected allowedColumns = [
'instance_type_id',
'region_id',
@@ -132,13 +130,8 @@ export class PricingRepository extends BaseRepository<Pricing> {
);
});
const results = await this.executeBatch(statements);
// Count successful operations
const successCount = results.reduce(
(sum, result) => sum + (result.meta.changes ?? 0),
0
);
const successCount = await this.executeBatchCount(statements);
this.logger.info('Upserted pricing records', { count: successCount });
return successCount;

2
src/repositories/providers.ts
View File

@@ -5,11 +5,9 @@
import { BaseRepository } from './base';
import { Provider, ProviderInput, RepositoryError, ErrorCodes } from '../types';
import { createLogger } from '../utils/logger';
export class ProvidersRepository extends BaseRepository<Provider> {
protected tableName = 'providers';
protected logger = createLogger('[ProvidersRepository]');
protected allowedColumns = [
'name',
'display_name',

9
src/repositories/regions.ts
View File

@@ -5,11 +5,9 @@
import { BaseRepository } from './base';
import { Region, RegionInput, RepositoryError, ErrorCodes } from '../types';
import { createLogger } from '../utils/logger';
export class RegionsRepository extends BaseRepository<Region> {
protected tableName = 'regions';
protected logger = createLogger('[RegionsRepository]');
protected allowedColumns = [
'provider_id',
'region_code',
@@ -104,13 +102,8 @@ export class RegionsRepository extends BaseRepository<Region> {
);
});
const results = await this.executeBatch(statements);
// Count successful operations
const successCount = results.reduce(
(sum, result) => sum + (result.meta.changes ?? 0),
0
);
const successCount = await this.executeBatchCount(statements);
this.logger.info('Upserted regions', {
providerId,

2
src/repositories/vpu-instances.ts
View File

@@ -5,11 +5,9 @@
import { BaseRepository } from './base';
import { VpuInstance, VpuInstanceInput, RepositoryError, ErrorCodes } from '../types';
import { createLogger } from '../utils/logger';
export class VpuInstancesRepository extends BaseRepository<VpuInstance> {
protected tableName = 'vpu_instances';
protected logger = createLogger('[VpuInstancesRepository]');
protected allowedColumns = [
'provider_id',
'instance_id',

25
src/repositories/vpu-pricing.ts
View File

@@ -5,19 +5,14 @@
import { BaseRepository } from './base';
import { VpuPricing, VpuPricingInput, RepositoryError, ErrorCodes } from '../types';
import { createLogger } from '../utils/logger';
import { calculateRetailHourly, calculateRetailMonthly } from '../constants';
export class VpuPricingRepository extends BaseRepository<VpuPricing> {
protected tableName = 'vpu_pricing';
protected logger = createLogger('[VpuPricingRepository]');
protected allowedColumns = [
'vpu_instance_id',
'region_id',
'hourly_price',
'monthly_price',
'hourly_price_retail',
'monthly_price_retail',
'currency',
'available',
];
@@ -85,42 +80,28 @@ export class VpuPricingRepository extends BaseRepository<VpuPricing> {
try {
const statements = pricingData.map((pricing) => {
const hourlyRetail = calculateRetailHourly(pricing.hourly_price);
const monthlyRetail = calculateRetailMonthly(pricing.monthly_price);
return this.db.prepare(
`INSERT INTO vpu_pricing (
vpu_instance_id, region_id, hourly_price, monthly_price,
hourly_price_retail, monthly_price_retail,
currency, available
) VALUES (?, ?, ?, ?, ?, ?, ?, ?)
) VALUES (?, ?, ?, ?, ?, ?)
ON CONFLICT(vpu_instance_id, region_id)
DO UPDATE SET
hourly_price = excluded.hourly_price,
monthly_price = excluded.monthly_price,
hourly_price_retail = excluded.hourly_price_retail,
monthly_price_retail = excluded.monthly_price_retail,
currency = excluded.currency,
available = excluded.available,
updated_at = datetime('now')`
available = excluded.available`
).bind(
pricing.vpu_instance_id,
pricing.region_id,
pricing.hourly_price,
pricing.monthly_price,
hourlyRetail,
monthlyRetail,
pricing.currency,
pricing.available
);
});
const results = await this.executeBatch(statements);
const successCount = results.reduce(
(sum, result) => sum + (result.meta.changes ?? 0),
0
);
const successCount = await this.executeBatchCount(statements);
this.logger.info('Upserted VPU pricing records', { count: successCount });

74
src/routes/health.ts
View File

@@ -3,8 +3,12 @@
* Comprehensive health monitoring for database and provider sync status
*/
import { Env } from '../types';
import type { Context } from 'hono';
import { Env, HonoVariables } from '../types';
import { HTTP_STATUS } from '../constants';
import { createLogger } from '../utils/logger';
const logger = createLogger('[Health]');
/**
* Component health status
@@ -57,6 +61,27 @@ interface DetailedHealthResponse extends PublicHealthResponse {
};
}
/**
* Wraps a promise with a timeout
* @param promise - The promise to wrap
* @param ms - Timeout in milliseconds
* @param operation - Operation name for error message
* @returns Promise result if completed within timeout
* @throws Error if operation times out
*/
async function withTimeout<T>(promise: Promise<T>, ms: number, operation: string): Promise<T> {
let timeoutId: ReturnType<typeof setTimeout>;
const timeoutPromise = new Promise<never>((_, reject) => {
timeoutId = setTimeout(() => reject(new Error(`${operation} timed out after ${ms}ms`)), ms);
});
try {
return await Promise.race([promise, timeoutPromise]);
} finally {
clearTimeout(timeoutId!);
}
}
/**
* Check database connectivity and measure latency
*/
@@ -64,8 +89,12 @@ async function checkDatabaseHealth(db: D1Database): Promise<DatabaseHealth> {
try {
const startTime = Date.now();
// Simple connectivity check
await db.prepare('SELECT 1').first();
// Simple connectivity check with 5-second timeout
await withTimeout(
db.prepare('SELECT 1').first(),
5000,
'Database health check'
);
const latency = Date.now() - startTime;
@@ -74,7 +103,7 @@ async function checkDatabaseHealth(db: D1Database): Promise<DatabaseHealth> {
latency_ms: latency,
};
} catch (error) {
console.error('[Health] Database check failed:', error);
logger.error('Database check failed', { error });
return {
status: 'unhealthy',
error: error instanceof Error ? error.message : 'Database connection failed',
@@ -156,18 +185,17 @@ function sanitizeError(error: string): string {
/**
* Handle health check request
* @param env - Cloudflare Worker environment
* @param authenticated - Whether the request is authenticated (default: false)
* @param c - Hono context
*/
export async function handleHealth(
env: Env,
authenticated: boolean = false
c: Context<{ Bindings: Env; Variables: HonoVariables }>
): Promise<Response> {
const timestamp = new Date().toISOString();
const authenticated = c.get('authenticated') ?? false;
try {
// Check database health
const dbHealth = await checkDatabaseHealth(env.DB);
const dbHealth = await checkDatabaseHealth(c.env.DB);
// If database is unhealthy, return early
if (dbHealth.status === 'unhealthy') {
@@ -177,7 +205,7 @@ export async function handleHealth(
status: 'unhealthy',
timestamp,
};
return Response.json(publicResponse, { status: HTTP_STATUS.SERVICE_UNAVAILABLE });
return c.json(publicResponse, HTTP_STATUS.SERVICE_UNAVAILABLE);
}
// Detailed response: full information with sanitized errors
@@ -199,11 +227,11 @@ export async function handleHealth(
},
};
return Response.json(detailedResponse, { status: HTTP_STATUS.SERVICE_UNAVAILABLE });
return c.json(detailedResponse, HTTP_STATUS.SERVICE_UNAVAILABLE);
}
// Get all providers with aggregated counts in a single query
const providersWithCounts = await env.DB.prepare(`
const providersWithCounts = await c.env.DB.prepare(`
SELECT
p.id,
p.name,
@@ -212,9 +240,17 @@ export async function handleHealth(
p.last_sync_at,
p.sync_status,
p.sync_error,
(SELECT COUNT(*) FROM regions WHERE provider_id = p.id) as regions_count,
(SELECT COUNT(*) FROM instance_types WHERE provider_id = p.id) as instances_count
COALESCE(r.regions_count, 0) as regions_count,
COALESCE(i.instances_count, 0) as instances_count
FROM providers p
LEFT JOIN (
SELECT provider_id, COUNT(*) as regions_count
FROM regions GROUP BY provider_id
) r ON r.provider_id = p.id
LEFT JOIN (
SELECT provider_id, COUNT(*) as instances_count
FROM instance_types GROUP BY provider_id
) i ON i.provider_id = p.id
`).all<{
id: number;
name: string;
@@ -279,7 +315,7 @@ export async function handleHealth(
status: overallStatus,
timestamp,
};
return Response.json(publicResponse, { status: statusCode });
return c.json(publicResponse, statusCode);
}
// Detailed response: full information
@@ -302,9 +338,9 @@ export async function handleHealth(
},
};
return Response.json(detailedResponse, { status: statusCode });
return c.json(detailedResponse, statusCode);
} catch (error) {
console.error('[Health] Health check failed:', error);
logger.error('Health check failed', { error });
// Public response: minimal information
if (!authenticated) {
@@ -312,7 +348,7 @@ export async function handleHealth(
status: 'unhealthy',
timestamp,
};
return Response.json(publicResponse, { status: HTTP_STATUS.SERVICE_UNAVAILABLE });
return c.json(publicResponse, HTTP_STATUS.SERVICE_UNAVAILABLE);
}
// Detailed response: sanitized error information
@@ -335,6 +371,6 @@ export async function handleHealth(
},
};
return Response.json(detailedResponse, { status: HTTP_STATUS.SERVICE_UNAVAILABLE });
return c.json(detailedResponse, HTTP_STATUS.SERVICE_UNAVAILABLE);
}
}

1
src/routes/index.ts
View File

@@ -6,4 +6,3 @@
export { handleSync } from './sync';
export { handleInstances } from './instances';
export { handleHealth } from './health';
export { handleRecommend } from './recommend';

95
src/routes/instances.ts
View File

@@ -5,9 +5,10 @@
* Integrates with cache service for performance optimization.
*/
import type { Env, InstanceQueryParams } from '../types';
import type { Context } from 'hono';
import type { Env, HonoVariables, InstanceQueryParams } from '../types';
import { QueryService } from '../services/query';
import { CacheService } from '../services/cache';
import { getGlobalCacheService } from '../services/cache';
import { logger } from '../utils/logger';
import {
SUPPORTED_PROVIDERS,
@@ -31,32 +32,25 @@ import {
* Note: Worker instances are recreated periodically, preventing memory leaks
*/
let cachedQueryService: QueryService | null = null;
let cachedCacheService: CacheService | null = null;
let cachedDb: D1Database | null = null;
let cachedEnv: Env | null = null;
/**
* Get or create QueryService singleton
* Lazy initialization on first request, then reused for subsequent requests
* Invalidates cache if database or environment binding changes (rolling deploy scenario)
*/
function getQueryService(db: D1Database, env: Env): QueryService {
if (!cachedQueryService) {
// Invalidate cache if db or env binding changed (rolling deploy scenario)
if (!cachedQueryService || cachedDb !== db || cachedEnv !== env) {
cachedQueryService = new QueryService(db, env);
logger.debug('[Instances] QueryService singleton initialized');
cachedDb = db;
cachedEnv = env;
logger.debug('[Instances] QueryService singleton initialized/refreshed');
}
return cachedQueryService;
}
/**
* Get or create CacheService singleton
* Lazy initialization on first request, then reused for subsequent requests
*/
function getCacheService(): CacheService {
if (!cachedCacheService) {
cachedCacheService = new CacheService(CACHE_TTL.INSTANCES);
logger.debug('[Instances] CacheService singleton initialized');
}
return cachedCacheService;
}
/**
* Parsed and validated query parameters
*/
@@ -136,7 +130,7 @@ function parseQueryParams(url: URL): {
name: string,
value: string | null
): number | undefined | { error: { code: string; message: string; parameter: string } } {
if (value === null) return undefined;
if (value === null || value === '') return undefined;
const parsed = Number(value);
if (isNaN(parsed) || parsed < 0) {
@@ -288,6 +282,31 @@ function parseQueryParams(url: URL): {
params.offset = offset;
}
// Range consistency validation
if (params.min_vcpu !== undefined && params.max_vcpu !== undefined) {
if (params.min_vcpu > params.max_vcpu) {
return {
error: {
code: 'INVALID_RANGE',
message: 'min_vcpu cannot be greater than max_vcpu',
parameter: 'min_vcpu',
},
};
}
}
if (params.min_memory_gb !== undefined && params.max_memory_gb !== undefined) {
if (params.min_memory_gb > params.max_memory_gb) {
return {
error: {
code: 'INVALID_RANGE',
message: 'min_memory_gb cannot be greater than max_memory_gb',
parameter: 'min_memory_gb',
},
};
}
}
return { params };
}
@@ -295,43 +314,41 @@ function parseQueryParams(url: URL): {
/**
* Handle GET /instances endpoint
*
* @param request - HTTP request object
* @param env - Cloudflare Worker environment bindings
* @param c - Hono context
* @returns JSON response with instance query results
*
* @example
* GET /instances?provider=linode&min_vcpu=2&max_price=20&sort_by=price&order=asc&limit=50
*/
export async function handleInstances(
request: Request,
env: Env
c: Context<{ Bindings: Env; Variables: HonoVariables }>
): Promise<Response> {
const startTime = Date.now();
logger.info('[Instances] Request received', { url: request.url });
logger.info('[Instances] Request received', { url: c.req.url });
try {
// Parse URL and query parameters
const url = new URL(request.url);
const url = new URL(c.req.url);
const parseResult = parseQueryParams(url);
// Handle validation errors
if (parseResult.error) {
logger.error('[Instances] Validation error', parseResult.error);
return Response.json(
return c.json(
{
success: false,
error: parseResult.error,
},
{ status: HTTP_STATUS.BAD_REQUEST }
HTTP_STATUS.BAD_REQUEST
);
}
const params = parseResult.params!;
logger.info('[Instances] Query params validated', params as unknown as Record<string, unknown>);
// Get cache service singleton (reused across requests)
const cacheService = getCacheService();
// Get global cache service singleton (shared across all routes)
const cacheService = getGlobalCacheService(CACHE_TTL.INSTANCES, c.env.RATE_LIMIT_KV);
// Generate cache key from query parameters
const cacheKey = cacheService.generateKey(params as unknown as Record<string, unknown>);
@@ -362,7 +379,7 @@ export async function handleInstances(
age: cached.cache_age_seconds,
});
return Response.json(
return c.json(
{
success: true,
data: {
@@ -375,11 +392,9 @@ export async function handleInstances(
},
},
},
HTTP_STATUS.OK,
{
status: HTTP_STATUS.OK,
headers: {
'Cache-Control': `public, max-age=${CACHE_TTL.INSTANCES}`,
},
}
);
}
@@ -405,7 +420,7 @@ export async function handleInstances(
};
// Get QueryService singleton (reused across requests)
const queryService = getQueryService(env.DB, env);
const queryService = getQueryService(c.env.DB, c.env);
const result = await queryService.queryInstances(queryParams);
const queryTime = Date.now() - startTime;
@@ -442,32 +457,30 @@ export async function handleInstances(
error instanceof Error ? { message: error.message } : { error: String(error) });
}
return Response.json(
return c.json(
{
success: true,
data: responseData,
},
HTTP_STATUS.OK,
{
status: HTTP_STATUS.OK,
headers: {
'Cache-Control': `public, max-age=${CACHE_TTL.INSTANCES}`,
},
}
);
} catch (error) {
logger.error('[Instances] Unexpected error', { error });
return Response.json(
return c.json(
{
success: false,
error: {
code: 'QUERY_FAILED',
message: 'Instance query failed',
details: error instanceof Error ? error.message : 'Unknown error',
message: 'Instance query failed. Please try again later.',
request_id: crypto.randomUUID(),
},
},
{ status: HTTP_STATUS.INTERNAL_ERROR }
HTTP_STATUS.INTERNAL_ERROR
);
}
}

282
src/routes/recommend.ts
View File

@@ -1,282 +0,0 @@
/**
* Recommendation Route Handler
*
* Endpoint for getting cloud instance recommendations based on tech stack.
* Validates request parameters and returns ranked instance recommendations.
*/
import type { Env, ScaleType } from '../types';
import { RecommendationService } from '../services/recommendation';
import { validateStack, STACK_REQUIREMENTS } from '../services/stackConfig';
import { CacheService } from '../services/cache';
import { logger } from '../utils/logger';
import { HTTP_STATUS, CACHE_TTL, REQUEST_LIMITS } from '../constants';
import {
parseJsonBody,
validateStringArray,
validateEnum,
validatePositiveNumber,
createErrorResponse,
} from '../utils/validation';
/**
* Request body interface for recommendation endpoint
*/
interface RecommendRequestBody {
stack?: unknown;
scale?: unknown;
budget_max?: unknown;
}
/**
* Supported scale types
*/
const SUPPORTED_SCALES: readonly ScaleType[] = ['small', 'medium', 'large'] as const;
/**
* Handle POST /recommend endpoint
*
* @param request - HTTP request object
* @param env - Cloudflare Worker environment bindings
* @returns JSON response with recommendations
*
* @example
* POST /recommend
* {
* "stack": ["nginx", "mysql", "redis"],
* "scale": "medium",
* "budget_max": 100
* }
*/
export async function handleRecommend(request: Request, env: Env): Promise<Response> {
const startTime = Date.now();
logger.info('[Recommend] Request received');
try {
// 1. Validate request size to prevent memory exhaustion attacks
const contentLength = request.headers.get('content-length');
if (contentLength) {
const bodySize = parseInt(contentLength, 10);
if (isNaN(bodySize) || bodySize > REQUEST_LIMITS.MAX_BODY_SIZE) {
logger.error('[Recommend] Request body too large', {
contentLength: bodySize,
maxAllowed: REQUEST_LIMITS.MAX_BODY_SIZE,
});
return Response.json(
{
success: false,
error: {
code: 'PAYLOAD_TOO_LARGE',
message: `Request body exceeds maximum size of ${REQUEST_LIMITS.MAX_BODY_SIZE} bytes`,
details: {
max_size_bytes: REQUEST_LIMITS.MAX_BODY_SIZE,
received_bytes: bodySize,
},
},
},
{ status: HTTP_STATUS.PAYLOAD_TOO_LARGE }
);
}
}
// 2. Parse request body
const parseResult = await parseJsonBody<RecommendRequestBody>(request);
if (!parseResult.success) {
logger.error('[Recommend] JSON parsing failed', {
code: parseResult.error.code,
message: parseResult.error.message,
});
return createErrorResponse(parseResult.error);
}
const body = parseResult.data;
// 3. Validate stack parameter
const stackResult = validateStringArray(body.stack, 'stack');
if (!stackResult.success) {
logger.error('[Recommend] Stack validation failed', {
code: stackResult.error.code,
message: stackResult.error.message,
});
// Add supported stacks to error details
const enrichedError = {
...stackResult.error,
details: {
...((stackResult.error.details as object) || {}),
supported: Object.keys(STACK_REQUIREMENTS),
},
};
return createErrorResponse(enrichedError);
}
const stack = stackResult.data;
// 4. Validate scale parameter
const scaleResult = validateEnum(body.scale, 'scale', SUPPORTED_SCALES);
if (!scaleResult.success) {
logger.error('[Recommend] Scale validation failed', {
code: scaleResult.error.code,
message: scaleResult.error.message,
});
return createErrorResponse(scaleResult.error);
}
const scale = scaleResult.data;
// 5. Validate budget_max parameter (optional)
let budgetMax: number | undefined;
if (body.budget_max !== undefined) {
const budgetResult = validatePositiveNumber(body.budget_max, 'budget_max');
if (!budgetResult.success) {
logger.error('[Recommend] Budget validation failed', {
code: budgetResult.error.code,
message: budgetResult.error.message,
});
return createErrorResponse(budgetResult.error);
}
budgetMax = budgetResult.data;
}
// 6. Validate stack components against supported technologies
const validation = validateStack(stack);
if (!validation.valid) {
logger.error('[Recommend] Unsupported stack components', {
invalidStacks: validation.invalidStacks,
});
return createErrorResponse({
code: 'INVALID_STACK',
message: `Unsupported stacks: ${validation.invalidStacks.join(', ')}`,
details: {
invalid: validation.invalidStacks,
supported: Object.keys(STACK_REQUIREMENTS),
},
});
}
// 7. Initialize cache service and generate cache key
logger.info('[Recommend] Validation passed', { stack, scale, budgetMax });
const cacheService = new CacheService(CACHE_TTL.INSTANCES);
// Generate cache key from sorted stack, scale, and budget
// Sort stack to ensure consistent cache keys regardless of order
const sortedStack = [...stack].sort();
const cacheKey = cacheService.generateKey({
endpoint: 'recommend',
stack: sortedStack.join(','),
scale,
budget_max: budgetMax ?? 'none',
});
logger.info('[Recommend] Cache key generated', { cacheKey });
// 8. Check cache first
interface CachedRecommendation {
recommendations: unknown[];
stack_analysis: unknown;
metadata: {
cached?: boolean;
cache_age_seconds?: number;
cached_at?: string;
query_time_ms: number;
};
}
const cached = await cacheService.get<CachedRecommendation>(cacheKey);
if (cached) {
logger.info('[Recommend] Cache hit', {
cacheKey,
age: cached.cache_age_seconds,
});
return Response.json(
{
success: true,
data: {
...cached.data,
metadata: {
...cached.data.metadata,
cached: true,
cache_age_seconds: cached.cache_age_seconds,
cached_at: cached.cached_at,
},
},
},
{
status: HTTP_STATUS.OK,
headers: {
'Cache-Control': `public, max-age=${CACHE_TTL.INSTANCES}`,
},
}
);
}
logger.info('[Recommend] Cache miss');
// 9. Call recommendation service
const service = new RecommendationService(env.DB);
const result = await service.recommend({
stack,
scale,
budget_max: budgetMax,
});
const duration = Date.now() - startTime;
logger.info('[Recommend] Recommendation completed', {
duration_ms: duration,
recommendations_count: result.recommendations.length,
});
// Prepare response data with metadata
const responseData = {
...result,
metadata: {
cached: false,
query_time_ms: duration,
},
};
// 10. Store result in cache
try {
await cacheService.set(cacheKey, responseData, CACHE_TTL.INSTANCES);
} catch (error) {
// Graceful degradation: log error but don't fail the request
logger.error('[Recommend] Cache write failed',
error instanceof Error ? { message: error.message } : { error: String(error) });
}
return Response.json(
{
success: true,
data: responseData,
},
{
status: HTTP_STATUS.OK,
headers: {
'Cache-Control': `public, max-age=${CACHE_TTL.INSTANCES}`,
},
}
);
} catch (error) {
logger.error('[Recommend] Unexpected error', { error });
const duration = Date.now() - startTime;
return Response.json(
{
success: false,
error: {
code: 'INTERNAL_ERROR',
message: error instanceof Error ? error.message : 'Unknown error',
details: {
duration_ms: duration,
},
},
},
{ status: HTTP_STATUS.INTERNAL_ERROR }
);
}
}

49
src/routes/sync.ts
View File

@@ -5,9 +5,9 @@
* Validates request parameters and orchestrates sync operations.
*/
import type { Env } from '../types';
import type { Context } from 'hono';
import type { Env, HonoVariables } from '../types';
import { SyncOrchestrator } from '../services/sync';
import { VaultClient } from '../connectors/vault';
import { logger } from '../utils/logger';
import { SUPPORTED_PROVIDERS, HTTP_STATUS } from '../constants';
import { parseJsonBody, validateProviders, createErrorResponse } from '../utils/validation';
@@ -24,8 +24,7 @@ interface SyncRequestBody {
/**
* Handle POST /sync endpoint
*
* @param request - HTTP request object
* @param env - Cloudflare Worker environment bindings
* @param c - Hono context
* @returns JSON response with sync results
*
* @example
@@ -36,8 +35,7 @@ interface SyncRequestBody {
* }
*/
export async function handleSync(
request: Request,
env: Env
c: Context<{ Bindings: Env; Variables: HonoVariables }>
): Promise<Response> {
const startTime = Date.now();
const startedAt = new Date().toISOString();
@@ -45,13 +43,25 @@ export async function handleSync(
logger.info('[Sync] Request received', { timestamp: startedAt });
try {
// Validate content-length before parsing body
const contentLength = c.req.header('content-length');
if (contentLength) {
const bodySize = parseInt(contentLength, 10);
if (isNaN(bodySize) || bodySize > 10240) { // 10KB limit for sync
return c.json(
{ success: false, error: { code: 'PAYLOAD_TOO_LARGE', message: 'Request body too large' } },
413
);
}
}
// Parse and validate request body
const contentType = request.headers.get('content-type');
const contentType = c.req.header('content-type');
let body: SyncRequestBody = {};
// Only parse JSON if content-type is set
if (contentType && contentType.includes('application/json')) {
const parseResult = await parseJsonBody<SyncRequestBody>(request);
const parseResult = await parseJsonBody<SyncRequestBody>(c.req.raw);
if (!parseResult.success) {
logger.error('[Sync] Invalid JSON in request body', {
code: parseResult.error.code,
@@ -62,8 +72,8 @@ export async function handleSync(
body = parseResult.data;
}
// Validate providers array (default to ['linode'] if not provided)
const providers = body.providers || ['linode'];
// Validate providers array (default to all providers if not provided)
const providers = body.providers || ['linode', 'vultr', 'aws'];
const providerResult = validateProviders(providers, SUPPORTED_PROVIDERS);
if (!providerResult.success) {
@@ -78,18 +88,15 @@ export async function handleSync(
logger.info('[Sync] Validation passed', { providers, force });
// Initialize Vault client
const vault = new VaultClient(env.VAULT_URL, env.VAULT_TOKEN, env);
// Initialize SyncOrchestrator
const orchestrator = new SyncOrchestrator(env.DB, vault, env);
const orchestrator = new SyncOrchestrator(c.env.DB, c.env);
// Execute synchronization
logger.info('[Sync] Starting synchronization', { providers });
const syncReport = await orchestrator.syncAll(providers);
// Generate unique sync ID
const syncId = `sync_${Date.now()}_${Math.random().toString(36).substr(2, 9)}`;
const syncId = `sync_${Date.now()}_${crypto.randomUUID().substring(0, 9)}`;
logger.info('[Sync] Synchronization completed', {
syncId,
@@ -98,7 +105,7 @@ export async function handleSync(
summary: syncReport.summary
});
return Response.json(
return c.json(
{
success: syncReport.success,
data: {
@@ -106,7 +113,7 @@ export async function handleSync(
...syncReport
}
},
{ status: HTTP_STATUS.OK }
HTTP_STATUS.OK
);
} catch (error) {
@@ -115,21 +122,21 @@ export async function handleSync(
const completedAt = new Date().toISOString();
const totalDuration = Date.now() - startTime;
return Response.json(
return c.json(
{
success: false,
error: {
code: 'SYNC_FAILED',
message: 'Sync operation failed',
message: 'Sync operation failed. Please try again later.',
request_id: crypto.randomUUID(),
details: {
error: error instanceof Error ? error.message : 'Unknown error',
duration_ms: totalDuration,
started_at: startedAt,
completed_at: completedAt
}
}
},
{ status: HTTP_STATUS.INTERNAL_ERROR }
HTTP_STATUS.INTERNAL_ERROR
);
}
}

374
src/services/cache-kv.test.ts Normal file
View File

@@ -0,0 +1,374 @@
/**
* CacheService KV Index Tests
*
* Tests for KV-based cache index functionality:
* - Cache key registration and unregistration
* - Pattern-based cache invalidation
* - clearAll() with KV enumeration
* - Backward compatibility without KV
*/
import { describe, it, expect, beforeEach, vi } from 'vitest';
import { CacheService } from './cache';
/**
* Mock Cloudflare Cache API
*/
const createMockCache = () => {
const store = new Map<string, Response>();
return {
async match(key: string) {
return store.get(key) || null;
},
async put(key: string, response: Response) {
store.set(key, response);
},
async delete(key: string) {
return store.delete(key);
},
// For testing: expose internal store
_getStore: () => store
} as any as Cache;
};
/**
* Mock KV namespace
*/
const createMockKV = () => {
const store = new Map<string, { value: string; metadata?: any; expirationTtl?: number }>();
return {
async get(key: string) {
const entry = store.get(key);
return entry ? entry.value : null;
},
async put(key: string, value: string, options?: { expirationTtl?: number; metadata?: any }) {
store.set(key, { value, metadata: options?.metadata, expirationTtl: options?.expirationTtl });
},
async delete(key: string) {
return store.delete(key);
},
async list(options?: { prefix?: string; cursor?: string }) {
const prefix = options?.prefix || '';
const keys = Array.from(store.keys())
.filter(k => k.startsWith(prefix))
.map(name => ({ name }));
return {
keys,
list_complete: true,
cursor: undefined
};
},
// For testing: expose internal store
_getStore: () => store
} as any as KVNamespace;
};
describe('CacheService - KV Index Integration', () => {
let mockCache: ReturnType<typeof createMockCache>;
let mockKV: ReturnType<typeof createMockKV>;
let cache: CacheService;
beforeEach(() => {
// Mock global caches
mockCache = createMockCache();
(global as any).caches = {
default: mockCache
};
mockKV = createMockKV();
cache = new CacheService(300, mockKV);
});
describe('Cache Key Registration', () => {
it('should register cache keys in KV index when setting cache', async () => {
const key = 'https://cache.internal/instances?provider=linode';
await cache.set(key, { data: 'test' });
const kvStore = mockKV._getStore();
const indexKey = `cache_index:${key}`;
expect(kvStore.has(indexKey)).toBe(true);
const entry = kvStore.get(indexKey);
expect(entry?.metadata.ttl).toBe(300);
});
it('should unregister cache keys when deleting cache', async () => {
const key = 'https://cache.internal/instances?provider=linode';
await cache.set(key, { data: 'test' });
await cache.delete(key);
const kvStore = mockKV._getStore();
const indexKey = `cache_index:${key}`;
expect(kvStore.has(indexKey)).toBe(false);
});
it('should use cache TTL for KV index expiration', async () => {
const key = 'https://cache.internal/instances?provider=linode';
const customTTL = 600;
await cache.set(key, { data: 'test' }, customTTL);
const kvStore = mockKV._getStore();
const indexKey = `cache_index:${key}`;
const entry = kvStore.get(indexKey);
expect(entry?.expirationTtl).toBe(customTTL);
});
});
describe('Pattern Invalidation', () => {
beforeEach(async () => {
// Setup test cache entries
await cache.set('https://cache.internal/instances?provider=linode', { data: 'linode-1' });
await cache.set('https://cache.internal/instances?provider=vultr', { data: 'vultr-1' });
await cache.set('https://cache.internal/pricing?provider=linode', { data: 'pricing-1' });
await cache.set('https://cache.internal/pricing?provider=vultr', { data: 'pricing-2' });
});
it('should invalidate cache entries matching wildcard pattern', async () => {
const invalidated = await cache.invalidatePattern('*instances*');
expect(invalidated).toBe(2);
// Verify only instances entries were deleted
const stats = await cache.getStats();
expect(stats.indexed_keys).toBe(2); // Only pricing entries remain
});
it('should invalidate cache entries matching specific provider pattern', async () => {
const invalidated = await cache.invalidatePattern('*provider=linode*');
expect(invalidated).toBe(2); // Both instances and pricing for linode
const stats = await cache.getStats();
expect(stats.indexed_keys).toBe(2); // Only vultr entries remain
});
it('should invalidate cache entries matching exact pattern', async () => {
const invalidated = await cache.invalidatePattern('*pricing?provider=vultr*');
expect(invalidated).toBe(1);
const stats = await cache.getStats();
expect(stats.indexed_keys).toBe(3);
});
it('should return 0 when no entries match pattern', async () => {
const invalidated = await cache.invalidatePattern('*nonexistent*');
expect(invalidated).toBe(0);
const stats = await cache.getStats();
expect(stats.indexed_keys).toBe(4); // All entries remain
});
it('should handle regex special characters in pattern', async () => {
const keyWithSpecialChars = 'https://cache.internal/test?query=value+test';
await cache.set(keyWithSpecialChars, { data: 'test' });
const invalidated = await cache.invalidatePattern('*query=value+test*');
expect(invalidated).toBe(1);
});
it('should be case-insensitive', async () => {
const invalidated = await cache.invalidatePattern('*INSTANCES*');
expect(invalidated).toBe(2);
});
});
describe('clearAll() with KV Index', () => {
beforeEach(async () => {
await cache.set('https://cache.internal/instances?provider=linode', { data: 'test-1' });
await cache.set('https://cache.internal/instances?provider=vultr', { data: 'test-2' });
await cache.set('https://cache.internal/pricing?provider=linode', { data: 'test-3' });
});
it('should clear all cache entries', async () => {
const cleared = await cache.clearAll();
expect(cleared).toBe(3);
const stats = await cache.getStats();
expect(stats.indexed_keys).toBe(0);
});
it('should clear cache entries with prefix filter', async () => {
const cleared = await cache.clearAll('https://cache.internal/instances');
expect(cleared).toBe(2);
const stats = await cache.getStats();
expect(stats.indexed_keys).toBe(1); // Only pricing entry remains
});
it('should return 0 when no entries exist', async () => {
await cache.clearAll();
const cleared = await cache.clearAll();
expect(cleared).toBe(0);
});
});
describe('Cache Statistics', () => {
it('should return indexed key count when KV is available', async () => {
await cache.set('https://cache.internal/test1', { data: 'test' });
await cache.set('https://cache.internal/test2', { data: 'test' });
const stats = await cache.getStats();
expect(stats.supported).toBe(true);
expect(stats.indexed_keys).toBe(2);
});
it('should return 0 indexed keys when cache is empty', async () => {
const stats = await cache.getStats();
expect(stats.supported).toBe(true);
expect(stats.indexed_keys).toBe(0);
});
});
describe('Error Handling', () => {
it('should gracefully handle KV registration failures', async () => {
const mockKVWithError = {
...mockKV,
put: vi.fn().mockRejectedValue(new Error('KV write failed'))
} as any;
const cacheWithError = new CacheService(300, mockKVWithError);
// Should not throw error, should gracefully degrade
await expect(cacheWithError.set('test-key', { data: 'test' })).resolves.toBeUndefined();
});
it('should gracefully handle KV unregistration failures', async () => {
await cache.set('test-key', { data: 'test' });
const mockKVWithError = {
...mockKV,
delete: vi.fn().mockRejectedValue(new Error('KV delete failed'))
} as any;
// Replace KV namespace with error mock
(cache as any).kvNamespace = mockKVWithError;
// Should not throw error, should gracefully degrade
const deleted = await cache.delete('test-key');
expect(deleted).toBe(true); // Cache delete succeeded
});
it('should return empty array on KV list failures', async () => {
await cache.set('test-key', { data: 'test' });
const mockKVWithError = {
...mockKV,
list: vi.fn().mockRejectedValue(new Error('KV list failed'))
} as any;
// Replace KV namespace with error mock
(cache as any).kvNamespace = mockKVWithError;
const cleared = await cache.clearAll();
expect(cleared).toBe(0); // Graceful degradation
});
});
describe('KV Index Pagination', () => {
it('should handle large numbers of cache keys', async () => {
// Create 150 cache entries to test pagination
const promises = [];
for (let i = 0; i < 150; i++) {
promises.push(cache.set(`https://cache.internal/test${i}`, { data: `test-${i}` }));
}
await Promise.all(promises);
const stats = await cache.getStats();
expect(stats.indexed_keys).toBe(150);
const cleared = await cache.clearAll();
expect(cleared).toBe(150);
});
});
});
describe('CacheService - Backward Compatibility (No KV)', () => {
let mockCache: ReturnType<typeof createMockCache>;
let cache: CacheService;
beforeEach(() => {
mockCache = createMockCache();
(global as any).caches = {
default: mockCache
};
// Initialize without KV namespace
cache = new CacheService(300);
});
describe('Pattern Invalidation without KV', () => {
it('should return 0 and log warning when KV is not available', async () => {
const invalidated = await cache.invalidatePattern('*instances*');
expect(invalidated).toBe(0);
});
});
describe('clearAll() without KV', () => {
it('should return 0 and log info when KV is not available', async () => {
const cleared = await cache.clearAll();
expect(cleared).toBe(0);
});
it('should return 0 with prefix filter when KV is not available', async () => {
const cleared = await cache.clearAll('https://cache.internal/instances');
expect(cleared).toBe(0);
});
});
describe('Statistics without KV', () => {
it('should indicate not supported when KV is not available', async () => {
const stats = await cache.getStats();
expect(stats.supported).toBe(false);
expect(stats.indexed_keys).toBeUndefined();
});
});
describe('Basic Cache Operations (no KV impact)', () => {
it('should set and get cache entries normally without KV', async () => {
const key = 'https://cache.internal/test';
const data = { value: 'test-data' };
await cache.set(key, data);
const result = await cache.get<typeof data>(key);
expect(result).not.toBeNull();
expect(result?.data).toEqual(data);
});
it('should delete cache entries normally without KV', async () => {
const key = 'https://cache.internal/test';
await cache.set(key, { data: 'test' });
const deleted = await cache.delete(key);
expect(deleted).toBe(true);
const result = await cache.get(key);
expect(result).toBeNull();
});
});
});

121
src/services/cache.manual-test.md
View File

@@ -80,6 +80,65 @@
* Post-sync invalidation:
* - After sync operation, call cache.delete(key) for all relevant keys
* - Verify next request fetches fresh data from database
*
* Test 9: clearAll Method
* -----------------------
* 1. Set multiple cache entries:
* - await cache.set('key1', { data: 'test1' }, 300)
* - await cache.set('key2', { data: 'test2' }, 300)
* - await cache.set('key3', { data: 'test3' }, 300)
* 2. Call clearAll: const count = await cache.clearAll()
* 3. Expected: count === 0 (enumeration not supported)
* 4. Expected: Log message about TTL-based expiration
* 5. Note: Individual entries will expire based on TTL
*
* Test 10: clearAll with Prefix
* ------------------------------
* 1. Set entries with different prefixes:
* - await cache.set('https://cache.internal/instances?foo=bar', data1)
* - await cache.set('https://cache.internal/pricing?foo=bar', data2)
* 2. Call with prefix: await cache.clearAll('https://cache.internal/instances')
* 3. Expected: count === 0, log shows prefix parameter
* 4. Note: Prefix is logged but enumeration not supported by Cache API
*
* Test 11: clearByEndpoint Method
* --------------------------------
* 1. Set endpoint cache: await cache.set('https://cache.internal/instances', data, 300)
* 2. Clear by endpoint: const deleted = await cache.clearByEndpoint('instances')
* 3. Expected: deleted === true if cache entry existed
* 4. Get data: const result = await cache.get('https://cache.internal/instances')
* 5. Expected: result === null (entry deleted)
* 6. Note: Only exact matches deleted, parameterized queries remain cached
*
* Test 12: clearByEndpoint with Non-existent Endpoint
* ----------------------------------------------------
* 1. Clear non-existent: const deleted = await cache.clearByEndpoint('non-existent')
* 2. Expected: deleted === false
* 3. Expected: Log message about non-existent endpoint
*
* Test 13: Cache Invalidation Strategy
* -------------------------------------
* 1. Set parameterized cache entries:
* - cache.generateKey({ provider: 'linode', region: 'us-east' })
* - cache.generateKey({ provider: 'linode', region: 'eu-west' })
* - cache.generateKey({ provider: 'vultr', region: 'us-east' })
* 2. After schema change or full sync, call clearAll()
* 3. Verify entries expire based on TTL
* 4. For production: Consider using KV-backed cache index for enumeration
*
* Test 14: Error Handling in clearAll
* ------------------------------------
* 1. Mock cache.delete to throw error
* 2. Call clearAll: await cache.clearAll()
* 3. Expected: Error is logged and re-thrown
* 4. Verify error message includes context
*
* Test 15: Error Handling in clearByEndpoint
* -------------------------------------------
* 1. Mock cache.delete to throw error
* 2. Call clearByEndpoint: await cache.clearByEndpoint('instances')
* 3. Expected: Returns false, error logged
* 4. Application continues without crashing
*/
import { CacheService } from './cache';
@@ -146,4 +205,64 @@ async function exampleCacheInvalidationAfterSync(
console.log('[Sync] Cache invalidation complete');
}
export { exampleInstanceEndpointWithCache, exampleCacheInvalidationAfterSync };
/**
* Example: Using clearAll after schema changes
*/
async function exampleClearAllAfterSchemaChange(): Promise<void> {
const cache = new CacheService();
// After major schema changes or data migrations
console.log('[Migration] Clearing all cache entries');
const count = await cache.clearAll();
console.log(`[Migration] Cache clear requested. Entries will expire based on TTL.`);
console.log('[Migration] Consider using KV-backed cache index for enumeration in production.');
}
/**
* Example: Using clearByEndpoint for targeted invalidation
*/
async function exampleClearByEndpointAfterUpdate(endpoint: string): Promise<void> {
const cache = new CacheService();
// Clear cache for specific endpoint after data update
console.log(`[Update] Clearing cache for endpoint: ${endpoint}`);
const deleted = await cache.clearByEndpoint(endpoint);
if (deleted) {
console.log(`[Update] Successfully cleared ${endpoint} cache`);
} else {
console.log(`[Update] No cache entry found for ${endpoint}`);
}
}
/**
* Example: Force cache refresh strategy
*/
async function exampleForceCacheRefresh(
endpoint: string,
fetchFunction: () => Promise<unknown>
): Promise<void> {
const cache = new CacheService();
// Strategy 1: Clear specific endpoint
await cache.clearByEndpoint(endpoint);
// Strategy 2: Clear with prefix (logged but not enumerated)
await cache.clearAll(`https://cache.internal/${endpoint}`);
// Strategy 3: Fetch fresh data and update cache
const freshData = await fetchFunction();
const cacheKey = `https://cache.internal/${endpoint}`;
await cache.set(cacheKey, freshData, 3600);
console.log(`[Refresh] Cache refreshed for ${endpoint}`);
}
export {
exampleInstanceEndpointWithCache,
exampleCacheInvalidationAfterSync,
exampleClearAllAfterSchemaChange,
exampleClearByEndpointAfterUpdate,
exampleForceCacheRefresh
};

434
src/services/cache.ts
View File

@@ -7,14 +7,23 @@
* - Cache key generation with sorted parameters
* - Cache age tracking and metadata
* - Graceful degradation on cache failures
* - KV-based cache index for pattern invalidation and enumeration
*
* @example
* // Basic usage (no KV index)
* const cache = new CacheService(CACHE_TTL.INSTANCES);
* await cache.set('key', data, CACHE_TTL.PRICING);
* const result = await cache.get<MyType>('key');
* if (result) {
* console.log(result.cache_age_seconds);
* }
*
* @example
* // With KV index (enables pattern invalidation)
* const cache = new CacheService(CACHE_TTL.INSTANCES, env.RATE_LIMIT_KV);
* await cache.set('https://cache.internal/instances?provider=linode', data);
* await cache.invalidatePattern('*instances*'); // Invalidate all instance caches
* const count = await cache.clearAll(); // Clear all cache entries (returns actual count)
*/
import { logger } from '../utils/logger';
@@ -34,23 +43,62 @@ export interface CacheResult<T> {
cached_at: string;
}
/**
* Global CacheService singleton
* Prevents race conditions from multiple route-level singletons
*/
let globalCacheService: CacheService | null = null;
let cachedTtl: number | null = null;
let cachedKv: KVNamespace | null = null;
/**
* Get or create global CacheService singleton
* Thread-safe factory function that ensures only one CacheService instance exists
* Detects configuration changes (TTL or KV namespace) and refreshes singleton
*
* @param ttl - TTL in seconds for cache entries
* @param kv - KV namespace for cache index (enables pattern invalidation)
* @returns Global CacheService singleton instance
*
* @example
* const cache = getGlobalCacheService(CACHE_TTL.INSTANCES, env.RATE_LIMIT_KV);
*/
export function getGlobalCacheService(ttl: number, kv: KVNamespace | null): CacheService {
if (!globalCacheService || cachedTtl !== ttl || cachedKv !== kv) {
globalCacheService = new CacheService(ttl, kv);
cachedTtl = ttl;
cachedKv = kv;
logger.debug('[CacheService] Global singleton initialized/refreshed');
}
return globalCacheService;
}
/**
* CacheService - Manages cache operations using Cloudflare Workers Cache API
*/
export class CacheService {
private cache: Cache;
private defaultTTL: number;
private kvNamespace: KVNamespace | null;
private readonly CACHE_INDEX_PREFIX = 'cache_index:';
private readonly BATCH_SIZE = 50;
private readonly MAX_KEYS_LIMIT = 5000;
private readonly MAX_PATTERN_LENGTH = 200;
private readonly MAX_WILDCARD_COUNT = 5;
private readonly OPERATION_TIMEOUT_MS = 25000;
/**
* Initialize cache service
*
* @param ttlSeconds - Default TTL in seconds (default: CACHE_TTL.DEFAULT)
* @param kvNamespace - Optional KV namespace for cache index (enables pattern invalidation)
*/
constructor(ttlSeconds = CACHE_TTL.DEFAULT) {
constructor(ttlSeconds: number = CACHE_TTL.DEFAULT, kvNamespace: KVNamespace | null = null) {
// Use Cloudflare Workers global caches.default
this.cache = caches.default;
this.defaultTTL = ttlSeconds;
logger.debug(`[CacheService] Initialized with default TTL: ${ttlSeconds}s`);
this.kvNamespace = kvNamespace;
logger.debug(`[CacheService] Initialized with default TTL: ${ttlSeconds}s, KV index: ${!!kvNamespace}`);
}
/**
@@ -123,6 +171,17 @@ export class CacheService {
// Store in cache
await this.cache.put(key, response);
// Register key in KV index if available (fire-and-forget)
if (this.kvNamespace) {
this._registerCacheKey(key, ttl).catch(error => {
logger.error('[CacheService] Failed to register cache key (non-blocking)', {
key,
error: error instanceof Error ? error.message : String(error)
});
});
}
logger.debug(`[CacheService] Cached: ${key} (TTL: ${ttl}s)`);
} catch (error) {
@@ -143,6 +202,11 @@ export class CacheService {
try {
const deleted = await this.cache.delete(key);
// Unregister key from KV index if available
if (this.kvNamespace && deleted) {
await this._unregisterCacheKey(key);
}
if (deleted) {
logger.debug(`[CacheService] Deleted: ${key}`);
} else {
@@ -181,15 +245,213 @@ export class CacheService {
}
/**
* Invalidate all cache entries matching a pattern
* Note: Cloudflare Workers Cache API doesn't support pattern matching
* This method is for future implementation with KV or custom cache index
* Clear all cache entries with optional prefix filter
*
* @param pattern - Pattern to match (e.g., 'instances:*')
* With KV index: Enumerates and deletes all matching cache entries
* Without KV index: Logs operation only (entries expire based on TTL)
*
* @param prefix - Optional URL prefix to filter entries (e.g., 'https://cache.internal/instances')
* @returns Number of entries cleared
*
* @example
* // Clear all cache entries
* const count = await cache.clearAll();
*
* // Clear entries with specific prefix
* const count = await cache.clearAll('https://cache.internal/instances');
*/
async invalidatePattern(pattern: string): Promise<void> {
logger.warn(`[CacheService] Pattern invalidation not supported: ${pattern}`);
// TODO: Implement with KV-based cache index if needed
async clearAll(prefix?: string): Promise<number> {
try {
const targetPrefix = prefix ?? 'https://cache.internal/';
// If KV index is not available, log and return 0
if (!this.kvNamespace) {
logger.info('[CacheService] Cache clearAll requested (no KV index)', {
prefix: targetPrefix,
note: 'Individual entries will expire based on TTL. Enable KV namespace for enumeration.'
});
return 0;
}
// List all cache keys from KV index
const cacheKeys = await this._listCacheKeys(targetPrefix);
if (cacheKeys.length === 0) {
logger.info('[CacheService] No cache entries to clear', { prefix: targetPrefix });
return 0;
}
// Delete cache entries in parallel batches with timeout
const startTime = Date.now();
let deletedCount = 0;
for (let i = 0; i < cacheKeys.length; i += this.BATCH_SIZE) {
// Check timeout
if (Date.now() - startTime > this.OPERATION_TIMEOUT_MS) {
logger.warn('[CacheService] clearAll timeout reached', {
deleted_count: deletedCount,
total_keys: cacheKeys.length,
timeout_ms: this.OPERATION_TIMEOUT_MS
});
break;
}
const batch = cacheKeys.slice(i, i + this.BATCH_SIZE);
const deletePromises = batch.map(key => this.delete(key));
const results = await Promise.all(deletePromises);
deletedCount += results.filter(deleted => deleted).length;
}
logger.info('[CacheService] Cache cleared', {
prefix: targetPrefix,
total_keys: cacheKeys.length,
deleted_count: deletedCount
});
return deletedCount;
} catch (error) {
logger.error('[CacheService] Cache clearAll failed', {
error: error instanceof Error ? error.message : String(error),
prefix
});
throw error;
}
}
/**
* Clear cache entries for a specific endpoint
*
* This method deletes cache entries matching a specific endpoint pattern.
* Useful for targeted cache invalidation after data updates.
*
* @param endpoint - Endpoint path (e.g., 'instances', 'pricing')
* @returns true if at least one entry was deleted, false otherwise
*
* @example
* // Clear all instance cache entries
* await cache.clearByEndpoint('instances');
*/
async clearByEndpoint(endpoint: string): Promise<boolean> {
try {
const cacheKey = `https://cache.internal/${endpoint}`;
// Delete the base endpoint cache entry
// Note: This only deletes exact matches, not parameterized queries
const deleted = await this.cache.delete(new Request(cacheKey, { method: 'GET' }));
logger.info('[CacheService] Endpoint cache cleared', {
endpoint,
success: deleted,
note: 'Only exact matches are deleted. Parameterized queries remain cached until TTL expiry.'
});
return deleted;
} catch (error) {
logger.error('[CacheService] Endpoint cache clear failed', {
endpoint,
error: error instanceof Error ? error.message : String(error)
});
return false;
}
}
/**
* Invalidate all cache entries matching a pattern
*
* Supports wildcards and pattern matching via KV index.
* Without KV index, logs warning and returns 0.
*
* @param pattern - Pattern to match (supports * wildcard)
* @returns Number of entries invalidated
*
* @example
* // Invalidate all instance cache entries
* await cache.invalidatePattern('*instances*');
*
* // Invalidate all cache entries for a specific provider
* await cache.invalidatePattern('*provider=linode*');
*
* // Invalidate all pricing cache entries
* await cache.invalidatePattern('*pricing*');
*/
async invalidatePattern(pattern: string): Promise<number> {
try {
// If KV index is not available, log warning
if (!this.kvNamespace) {
logger.warn('[CacheService] Pattern invalidation not available (no KV index)', { pattern });
return 0;
}
// ReDoS prevention: validate pattern
this._validatePattern(pattern);
// Extract prefix from pattern for KV-level filtering
// e.g., "instances*" -> prefix "instances"
// e.g., "*instances*" -> no prefix (full scan)
const prefixMatch = pattern.match(/^([^*?]+)/);
const kvPrefix = prefixMatch ? prefixMatch[1] : undefined;
if (kvPrefix) {
logger.debug(`[CacheService] Using KV prefix filter: "${kvPrefix}" for pattern: "${pattern}"`);
}
// List cache keys with KV-side prefix filtering
const allKeys = await this._listCacheKeys(kvPrefix);
// Convert pattern to regex (escape special chars except *)
const regexPattern = pattern
.replace(/[.+?^${}()|[\]\\]/g, '\\$&') // Escape special regex chars
.replace(/\*/g, '.*'); // Convert * to .*
const regex = new RegExp(`^${regexPattern}$`, 'i');
// Filter keys matching pattern
const matchingKeys = allKeys.filter(key => regex.test(key));
if (matchingKeys.length === 0) {
logger.info('[CacheService] No cache entries match pattern', { pattern });
return 0;
}
// Delete matching cache entries in parallel batches with timeout
const startTime = Date.now();
let deletedCount = 0;
for (let i = 0; i < matchingKeys.length; i += this.BATCH_SIZE) {
// Check timeout
if (Date.now() - startTime > this.OPERATION_TIMEOUT_MS) {
logger.warn('[CacheService] invalidatePattern timeout reached', {
deleted_count: deletedCount,
total_matches: matchingKeys.length,
timeout_ms: this.OPERATION_TIMEOUT_MS
});
break;
}
const batch = matchingKeys.slice(i, i + this.BATCH_SIZE);
const deletePromises = batch.map(key => this.delete(key));
const results = await Promise.all(deletePromises);
deletedCount += results.filter(deleted => deleted).length;
}
logger.info('[CacheService] Pattern invalidation complete', {
pattern,
total_matches: matchingKeys.length,
deleted_count: deletedCount
});
return deletedCount;
} catch (error) {
logger.error('[CacheService] Pattern invalidation failed', {
pattern,
error: error instanceof Error ? error.message : String(error)
});
throw error;
}
}
/**
@@ -199,8 +461,160 @@ export class CacheService {
*
* @returns Cache statistics (not available in Cloudflare Workers)
*/
async getStats(): Promise<{ supported: boolean }> {
async getStats(): Promise<{ supported: boolean; indexed_keys?: number }> {
if (!this.kvNamespace) {
logger.warn('[CacheService] Cache statistics not available in Cloudflare Workers');
return { supported: false };
}
try {
const allKeys = await this._listCacheKeys();
return {
supported: true,
indexed_keys: allKeys.length
};
} catch (error) {
logger.error('[CacheService] Failed to get cache stats', {
error: error instanceof Error ? error.message : String(error)
});
return { supported: false };
}
}
/**
* Register cache key in KV index
*
* @param key - Cache key (URL format)
* @param ttlSeconds - TTL in seconds
*/
private async _registerCacheKey(key: string, ttlSeconds: number): Promise<void> {
if (!this.kvNamespace) {
return;
}
try {
const indexKey = `${this.CACHE_INDEX_PREFIX}${key}`;
const metadata = {
cached_at: new Date().toISOString(),
ttl: ttlSeconds
};
// Store with same TTL as cache entry
// KV will auto-delete when expired, keeping index clean
await this.kvNamespace.put(indexKey, '1', {
expirationTtl: ttlSeconds,
metadata
});
logger.debug(`[CacheService] Registered cache key in index: ${key}`);
} catch (error) {
// Graceful degradation: log error but don't fail cache operation
logger.error('[CacheService] Failed to register cache key', {
key,
error: error instanceof Error ? error.message : String(error)
});
}
}
/**
* Unregister cache key from KV index
*
* @param key - Cache key (URL format)
*/
private async _unregisterCacheKey(key: string): Promise<void> {
if (!this.kvNamespace) {
return;
}
try {
const indexKey = `${this.CACHE_INDEX_PREFIX}${key}`;
await this.kvNamespace.delete(indexKey);
logger.debug(`[CacheService] Unregistered cache key from index: ${key}`);
} catch (error) {
// Graceful degradation: log error but don't fail delete operation
logger.error('[CacheService] Failed to unregister cache key', {
key,
error: error instanceof Error ? error.message : String(error)
});
}
}
/**
* List all cache keys from KV index
*
* @param prefix - Optional prefix to filter keys (matches original cache key, not index key)
* @param maxKeys - Maximum number of keys to return (default: 5000)
* @returns Array of cache keys
*/
private async _listCacheKeys(prefix?: string, maxKeys = this.MAX_KEYS_LIMIT): Promise<string[]> {
if (!this.kvNamespace) {
return [];
}
try {
const keys: string[] = [];
let cursor: string | undefined;
// List all keys with cache_index: prefix
do {
const result = await this.kvNamespace.list({
prefix: this.CACHE_INDEX_PREFIX,
cursor
});
// Extract original cache keys (remove cache_index: prefix)
const extractedKeys = result.keys
.map(k => k.name.substring(this.CACHE_INDEX_PREFIX.length))
.filter(k => !prefix || k.startsWith(prefix));
keys.push(...extractedKeys);
// Check if we've exceeded the max keys limit
if (keys.length >= maxKeys) {
logger.warn('[CacheService] Cache key limit reached', {
max_keys: maxKeys,
current_count: keys.length,
note: 'Consider increasing MAX_KEYS_LIMIT or implementing pagination'
});
return keys.slice(0, maxKeys);
}
cursor = result.list_complete ? undefined : result.cursor;
} while (cursor);
logger.debug(`[CacheService] Listed ${keys.length} cache keys from index`, { prefix });
return keys;
} catch (error) {
logger.error('[CacheService] Failed to list cache keys', {
prefix,
error: error instanceof Error ? error.message : String(error)
});
return [];
}
}
/**
* Validate pattern for ReDoS prevention
*
* @param pattern - Pattern to validate
* @throws Error if pattern is invalid
*/
private _validatePattern(pattern: string): void {
// Check pattern length
if (pattern.length > this.MAX_PATTERN_LENGTH) {
throw new Error(`Pattern too long (max ${this.MAX_PATTERN_LENGTH} chars): ${pattern.length} chars`);
}
// Check for consecutive wildcards (**) which can cause ReDoS
if (pattern.includes('**')) {
throw new Error('Consecutive wildcards (**) not allowed (ReDoS prevention)');
}
// Count wildcards
const wildcardCount = (pattern.match(/\*/g) || []).length;
if (wildcardCount > this.MAX_WILDCARD_COUNT) {
throw new Error(`Too many wildcards (max ${this.MAX_WILDCARD_COUNT}): ${wildcardCount} wildcards`);
}
}
}

74
src/services/query.ts
View File

@@ -4,6 +4,7 @@
*/
import { createLogger } from '../utils/logger';
import { SORT_FIELD_MAP } from '../constants';
import type {
Env,
InstanceQueryParams,
@@ -89,25 +90,55 @@ export class QueryService {
this.logger.debug('Executing query', { sql });
this.logger.debug('Main query bindings', { bindings });
this.logger.debug('Count query bindings', { countBindings });
// Calculate pagination metadata
const page = Math.max(params.page ?? 1, 1);
const perPage = Math.min(Math.max(params.limit ?? 50, 1), 100); // Min 1, Max 100
const offset = (page - 1) * perPage;
// Performance optimization: Only run COUNT query on first page or when explicitly requested
// This avoids expensive full table scan with JOINs on every paginated request
const shouldRunCount = offset === 0 || params.include_count === true;
let totalResults = 0;
let queryResult: D1Result;
if (shouldRunCount) {
this.logger.debug('Running COUNT query (first page or explicit request)', { countBindings });
// Execute count and main queries in a single batch for performance
const [countResult, queryResult] = await this.db.batch([
const [countResult, mainResult] = await this.db.batch([
this.db.prepare(countSql).bind(...countBindings),
this.db.prepare(sql).bind(...bindings),
]);
// Validate batch results and extract data with type safety
if (!countResult.success || !queryResult.success) {
if (!countResult.success || !mainResult.success) {
const errors = [
!countResult.success ? `Count query failed: ${countResult.error}` : null,
!queryResult.success ? `Main query failed: ${queryResult.error}` : null,
!mainResult.success ? `Main query failed: ${mainResult.error}` : null,
].filter(Boolean);
throw new Error(`Batch query execution failed: ${errors.join(', ')}`);
}
// Extract total count with type casting and fallback
const totalResults = (countResult.results?.[0] as { total: number } | undefined)?.total ?? 0;
totalResults = (countResult.results?.[0] as { total: number } | undefined)?.total ?? 0;
queryResult = mainResult;
} else {
// Skip COUNT query for subsequent pages (performance optimization)
this.logger.debug('Skipping COUNT query (subsequent page)', { page, offset });
queryResult = await this.db.prepare(sql).bind(...bindings).all();
if (!queryResult.success) {
throw new Error(`Main query failed: ${queryResult.error}`);
}
// Estimate total based on current results for pagination metadata
// If we got full page of results, there might be more pages
const resultCount = queryResult.results?.length ?? 0;
totalResults = resultCount === perPage ? offset + perPage + 1 : offset + resultCount;
}
// Extract main query results with type casting
const results = (queryResult.results ?? []) as RawQueryResult[];
@@ -116,8 +147,6 @@ export class QueryService {
const instances = this.transformResults(results);
// Calculate pagination metadata
const page = params.page ?? 1;
const perPage = Math.min(params.limit ?? 50, 100); // Max 100
const totalPages = Math.ceil(totalResults / perPage);
const hasNext = page < totalPages;
const hasPrevious = page > 1;
@@ -268,32 +297,26 @@ export class QueryService {
const sortBy = params.sort_by ?? 'hourly_price';
const sortOrder = params.sort_order ?? 'asc';
// Map sort fields to actual column names
const sortFieldMap: Record<string, string> = {
price: 'pr.hourly_price',
hourly_price: 'pr.hourly_price',
monthly_price: 'pr.monthly_price',
vcpu: 'it.vcpu',
memory: 'it.memory_mb',
memory_mb: 'it.memory_mb',
name: 'it.instance_name',
instance_name: 'it.instance_name',
};
// Validate sort order at service level (defense in depth)
const validatedSortOrder = sortOrder?.toLowerCase() === 'desc' ? 'DESC' : 'ASC';
const sortColumn = sortFieldMap[sortBy] ?? 'pr.hourly_price';
// Map sort fields to actual column names (imported from constants.ts)
const sortColumn = SORT_FIELD_MAP[sortBy] ?? 'pr.hourly_price';
// Handle NULL values in pricing columns (NULL values go last)
if (sortColumn.startsWith('pr.')) {
// Use CASE to put NULL values last regardless of sort order
orderByClause = ` ORDER BY CASE WHEN ${sortColumn} IS NULL THEN 1 ELSE 0 END, ${sortColumn} ${sortOrder.toUpperCase()}`;
orderByClause = ` ORDER BY CASE WHEN ${sortColumn} IS NULL THEN 1 ELSE 0 END, ${sortColumn} ${validatedSortOrder}`;
} else {
orderByClause = ` ORDER BY ${sortColumn} ${sortOrder.toUpperCase()}`;
orderByClause = ` ORDER BY ${sortColumn} ${validatedSortOrder}`;
}
// Build LIMIT and OFFSET
const page = params.page ?? 1;
const limit = Math.min(params.limit ?? 50, 100); // Max 100
const offset = (page - 1) * limit;
const MAX_OFFSET = 100000; // Reasonable limit for pagination to prevent extreme offsets
const page = Math.max(params.page ?? 1, 1);
const limit = Math.min(Math.max(params.limit ?? 50, 1), 100); // Min 1, Max 100
const rawOffset = (page - 1) * limit;
const offset = Math.min(rawOffset, MAX_OFFSET);
bindings.push(limit);
bindings.push(offset);
@@ -304,8 +327,9 @@ export class QueryService {
const sql = selectClause + whereClause + orderByClause + limitClause;
// Count query (without ORDER BY and LIMIT)
// Use COUNT(DISTINCT it.id) to avoid Cartesian product from LEFT JOINs
const countSql = `
SELECT COUNT(*) as total
SELECT COUNT(DISTINCT it.id) as total
FROM instance_types it
JOIN providers p ON it.provider_id = p.id
LEFT JOIN pricing pr ON pr.instance_type_id = it.id

388
src/services/recommendation.test.ts
View File

@@ -1,388 +0,0 @@
/**
* Recommendation Service Tests
*
* Tests the RecommendationService class for:
* - Score calculation algorithm
* - Stack validation and requirements calculation
* - Budget filtering
* - Asia-Pacific region filtering
*/
import { describe, it, expect, vi, beforeEach } from 'vitest';
import { RecommendationService } from './recommendation';
import type { RecommendationRequest } from '../types';
/**
* Mock D1Database for testing
*/
const createMockD1Database = () => {
const mockPrepare = vi.fn().mockReturnValue({
bind: vi.fn().mockReturnThis(),
all: vi.fn().mockResolvedValue({
results: [],
}),
});
return {
prepare: mockPrepare,
dump: vi.fn(),
batch: vi.fn(),
exec: vi.fn(),
};
};
/**
* Mock instance data for testing
*/
const createMockInstanceRow = (overrides = {}) => ({
id: 1,
instance_id: 'test-instance',
instance_name: 'Standard-2GB',
vcpu: 2,
memory_mb: 2048,
storage_gb: 50,
metadata: null,
provider_name: 'linode',
region_code: 'ap-south-1',
region_name: 'Mumbai',
hourly_price: 0.015,
monthly_price: 10,
...overrides,
});
describe('RecommendationService', () => {
let service: RecommendationService;
let mockDb: ReturnType<typeof createMockD1Database>;
beforeEach(() => {
mockDb = createMockD1Database();
service = new RecommendationService(mockDb as any);
});
describe('recommend', () => {
it('should validate stack components and throw error for invalid stacks', async () => {
const request: RecommendationRequest = {
stack: ['nginx', 'invalid-stack', 'unknown-tech'],
scale: 'small',
};
await expect(service.recommend(request)).rejects.toThrow(
'Invalid stacks: invalid-stack, unknown-tech'
);
});
it('should calculate resource requirements for valid stack', async () => {
const request: RecommendationRequest = {
stack: ['nginx', 'mysql'],
scale: 'medium',
};
// Mock database response with empty results
mockDb.prepare.mockReturnValue({
bind: vi.fn().mockReturnThis(),
all: vi.fn().mockResolvedValue({ results: [] }),
});
const result = await service.recommend(request);
// nginx (256MB) + mysql (2048MB) + OS overhead (768MB) = 3072MB
expect(result.requirements.min_memory_mb).toBe(3072);
// 3072MB / 2048 = 1.5, rounded up = 2 vCPU
expect(result.requirements.min_vcpu).toBe(2);
expect(result.requirements.breakdown).toHaveProperty('nginx');
expect(result.requirements.breakdown).toHaveProperty('mysql');
expect(result.requirements.breakdown).toHaveProperty('os_overhead');
});
it('should return top 5 recommendations sorted by match score', async () => {
const request: RecommendationRequest = {
stack: ['nginx'],
scale: 'small',
};
// Mock database with 10 instances
const mockInstances = Array.from({ length: 10 }, (_, i) =>
createMockInstanceRow({
id: i + 1,
instance_name: `Instance-${i + 1}`,
vcpu: i % 4 + 1,
memory_mb: (i % 4 + 1) * 1024,
monthly_price: 10 + i * 5,
})
);
mockDb.prepare.mockReturnValue({
bind: vi.fn().mockReturnThis(),
all: vi.fn().mockResolvedValue({ results: mockInstances }),
});
const result = await service.recommend(request);
// Should return max 5 recommendations
expect(result.recommendations).toHaveLength(5);
// Should be sorted by match_score descending
for (let i = 0; i < result.recommendations.length - 1; i++) {
expect(result.recommendations[i].match_score).toBeGreaterThanOrEqual(
result.recommendations[i + 1].match_score
);
}
// Should have rank assigned (1-5)
expect(result.recommendations[0].rank).toBe(1);
expect(result.recommendations[4].rank).toBe(5);
});
it('should filter instances by budget when budget_max is specified', async () => {
const request: RecommendationRequest = {
stack: ['nginx'],
scale: 'small',
budget_max: 20,
};
mockDb.prepare.mockReturnValue({
bind: vi.fn().mockReturnThis(),
all: vi.fn().mockResolvedValue({ results: [] }),
});
await service.recommend(request);
// Verify SQL includes budget filter
const prepareCall = mockDb.prepare.mock.calls[0][0];
expect(prepareCall).toContain('pr.monthly_price <= ?');
});
});
describe('scoreInstance (via recommend)', () => {
it('should score optimal memory fit with high score', async () => {
const request: RecommendationRequest = {
stack: ['nginx'], // min 128MB
scale: 'small',
};
// Memory ratio 1.4x (optimal range 1-1.5x): should get 40 points
const mockInstance = createMockInstanceRow({
memory_mb: 1024, // nginx min is 128MB + 768MB OS = 896MB total, ratio = 1.14x
vcpu: 1,
monthly_price: 10,
});
mockDb.prepare.mockReturnValue({
bind: vi.fn().mockReturnThis(),
all: vi.fn().mockResolvedValue({ results: [mockInstance] }),
});
const result = await service.recommend(request);
// Should have high score for optimal fit
expect(result.recommendations[0].match_score).toBeGreaterThan(70);
expect(result.recommendations[0].pros).toContain('메모리 최적 적합');
});
it('should penalize oversized instances', async () => {
const request: RecommendationRequest = {
stack: ['nginx'], // min 896MB total
scale: 'small',
};
// Memory ratio >2x: should get only 20 points for memory
const mockInstance = createMockInstanceRow({
memory_mb: 4096, // Ratio = 4096/896 = 4.57x (oversized)
vcpu: 2,
monthly_price: 30,
});
mockDb.prepare.mockReturnValue({
bind: vi.fn().mockReturnThis(),
all: vi.fn().mockResolvedValue({ results: [mockInstance] }),
});
const result = await service.recommend(request);
// Should have cons about over-provisioning
expect(result.recommendations[0].cons).toContain('메모리 과다 프로비저닝');
});
it('should give price efficiency bonus for budget-conscious instances', async () => {
const request: RecommendationRequest = {
stack: ['nginx'],
scale: 'small',
budget_max: 100,
};
// Price ratio 0.3 (30% of budget): should get 20 points
const mockInstance = createMockInstanceRow({
memory_mb: 2048,
vcpu: 2,
monthly_price: 30,
});
mockDb.prepare.mockReturnValue({
bind: vi.fn().mockReturnThis(),
all: vi.fn().mockResolvedValue({ results: [mockInstance] }),
});
const result = await service.recommend(request);
// Should have pros about price efficiency
expect(result.recommendations[0].pros).toContain('예산 대비 저렴');
});
it('should give storage bonus for instances with good storage', async () => {
const request: RecommendationRequest = {
stack: ['nginx'],
scale: 'small',
};
// Storage >= 80GB: should get 10 points
const mockInstanceWithStorage = createMockInstanceRow({
memory_mb: 2048,
vcpu: 2,
storage_gb: 100,
monthly_price: 20,
});
mockDb.prepare.mockReturnValue({
bind: vi.fn().mockReturnThis(),
all: vi.fn().mockResolvedValue({ results: [mockInstanceWithStorage] }),
});
const result = await service.recommend(request);
// Should have pros about storage
expect(result.recommendations[0].pros.some((p) => p.includes('스토리지'))).toBe(true);
});
it('should note EBS storage separately for instances without storage', async () => {
const request: RecommendationRequest = {
stack: ['nginx'],
scale: 'small',
};
// Storage = 0: should have cons
const mockInstanceNoStorage = createMockInstanceRow({
memory_mb: 2048,
vcpu: 2,
storage_gb: 0,
monthly_price: 20,
});
mockDb.prepare.mockReturnValue({
bind: vi.fn().mockReturnThis(),
all: vi.fn().mockResolvedValue({ results: [mockInstanceNoStorage] }),
});
const result = await service.recommend(request);
// Should have cons about separate storage
expect(result.recommendations[0].cons).toContain('EBS 스토리지 별도');
});
});
describe('getMonthlyPrice (via scoring)', () => {
it('should extract monthly price from monthly_price column', async () => {
const request: RecommendationRequest = {
stack: ['nginx'],
scale: 'small',
};
const mockInstance = createMockInstanceRow({
monthly_price: 15,
hourly_price: null,
metadata: null,
});
mockDb.prepare.mockReturnValue({
bind: vi.fn().mockReturnThis(),
all: vi.fn().mockResolvedValue({ results: [mockInstance] }),
});
const result = await service.recommend(request);
expect(result.recommendations[0].price.monthly).toBe(15);
});
it('should extract monthly price from metadata JSON', async () => {
const request: RecommendationRequest = {
stack: ['nginx'],
scale: 'small',
};
const mockInstance = createMockInstanceRow({
monthly_price: null,
hourly_price: null,
metadata: JSON.stringify({ monthly_price: 25 }),
});
mockDb.prepare.mockReturnValue({
bind: vi.fn().mockReturnThis(),
all: vi.fn().mockResolvedValue({ results: [mockInstance] }),
});
const result = await service.recommend(request);
expect(result.recommendations[0].price.monthly).toBe(25);
});
it('should calculate monthly price from hourly price', async () => {
const request: RecommendationRequest = {
stack: ['nginx'],
scale: 'small',
};
const mockInstance = createMockInstanceRow({
monthly_price: null,
hourly_price: 0.02, // 0.02 * 730 = 14.6
metadata: null,
});
mockDb.prepare.mockReturnValue({
bind: vi.fn().mockReturnThis(),
all: vi.fn().mockResolvedValue({ results: [mockInstance] }),
});
const result = await service.recommend(request);
expect(result.recommendations[0].price.monthly).toBe(14.6);
});
});
describe('queryInstances', () => {
it('should query instances from Asia-Pacific regions', async () => {
const request: RecommendationRequest = {
stack: ['nginx'],
scale: 'small',
};
mockDb.prepare.mockReturnValue({
bind: vi.fn().mockReturnThis(),
all: vi.fn().mockResolvedValue({ results: [] }),
});
await service.recommend(request);
// Verify SQL query structure
const prepareCall = mockDb.prepare.mock.calls[0][0];
expect(prepareCall).toContain('WHERE p.name IN');
expect(prepareCall).toContain('AND r.region_code IN');
expect(prepareCall).toContain('AND it.memory_mb >= ?');
expect(prepareCall).toContain('AND it.vcpu >= ?');
});
it('should handle database query errors gracefully', async () => {
const request: RecommendationRequest = {
stack: ['nginx'],
scale: 'small',
};
mockDb.prepare.mockReturnValue({
bind: vi.fn().mockReturnThis(),
all: vi.fn().mockRejectedValue(new Error('Database connection failed')),
});
await expect(service.recommend(request)).rejects.toThrow(
'Failed to query instances from database'
);
});
});
});

363
src/services/recommendation.ts
View File

@@ -1,363 +0,0 @@
/**
* Recommendation Service
*
* Provides intelligent instance recommendations based on:
* - Technology stack requirements
* - Deployment scale
* - Budget constraints
* - Asia-Pacific region filtering
*/
import type { D1Database } from '@cloudflare/workers-types';
import type {
RecommendationRequest,
RecommendationResponse,
InstanceRecommendation,
ResourceRequirements,
} from '../types';
import { validateStack, calculateRequirements } from './stackConfig';
import { getAsiaRegionCodes, getRegionDisplayName } from './regionFilter';
import { logger } from '../utils/logger';
/**
* Database row interface for instance query results
*/
interface InstanceQueryRow {
id: number;
instance_id: string;
instance_name: string;
vcpu: number;
memory_mb: number;
storage_gb: number;
metadata: string | null;
provider_name: string;
region_code: string;
region_name: string;
hourly_price: number | null;
monthly_price: number | null;
}
/**
* Recommendation Service
* Calculates and ranks cloud instances based on stack requirements
*/
export class RecommendationService {
// Cache parsed metadata to avoid repeated JSON.parse calls
private metadataCache = new Map<number, { monthly_price?: number }>();
constructor(private db: D1Database) {}
/**
* Generate instance recommendations based on stack and scale
*
* Process:
* 1. Validate stack components
* 2. Calculate resource requirements
* 3. Query Asia-Pacific instances matching requirements
* 4. Score and rank instances
* 5. Return top 5 recommendations
*
* @param request - Recommendation request with stack, scale, and budget
* @returns Recommendation response with requirements and ranked instances
* @throws Error if stack validation fails or database query fails
*/
async recommend(request: RecommendationRequest): Promise<RecommendationResponse> {
// Clear metadata cache for new recommendation request
this.metadataCache.clear();
logger.info('[Recommendation] Processing request', {
stack: request.stack,
scale: request.scale,
budget_max: request.budget_max,
});
// 1. Validate stack components
const validation = validateStack(request.stack);
if (!validation.valid) {
const errorMsg = `Invalid stacks: ${validation.invalidStacks.join(', ')}`;
logger.error('[Recommendation] Stack validation failed', {
invalidStacks: validation.invalidStacks,
});
throw new Error(errorMsg);
}
// 2. Calculate resource requirements based on stack and scale
const requirements = calculateRequirements(request.stack, request.scale);
logger.info('[Recommendation] Resource requirements calculated', {
min_memory_mb: requirements.min_memory_mb,
min_vcpu: requirements.min_vcpu,
});
// 3. Query instances from Asia-Pacific regions
const instances = await this.queryInstances(requirements, request.budget_max);
logger.info('[Recommendation] Found instances', { count: instances.length });
// 4. Calculate match scores and sort by score (highest first)
const scored = instances.map(inst =>
this.scoreInstance(inst, requirements, request.budget_max)
);
scored.sort((a, b) => b.match_score - a.match_score);
// 5. Return top 5 recommendations with rank
const recommendations = scored.slice(0, 5).map((inst, idx) => ({
...inst,
rank: idx + 1,
}));
logger.info('[Recommendation] Generated recommendations', {
count: recommendations.length,
top_score: recommendations[0]?.match_score,
});
return { requirements, recommendations };
}
/**
* Query instances from Asia-Pacific regions matching requirements
*
* Single query optimization: queries all providers (Linode, Vultr, AWS) in one database call
* - Uses IN clause for provider names and region codes
* - Filters by minimum memory and vCPU requirements
* - Optionally filters by maximum budget
* - Returns up to 50 instances across all providers
*
* @param requirements - Minimum resource requirements
* @param budgetMax - Optional maximum monthly budget in USD
* @returns Array of instance query results
*/
private async queryInstances(
requirements: ResourceRequirements,
budgetMax?: number
): Promise<InstanceQueryRow[]> {
// Collect all providers and their Asia-Pacific region codes
const providers = ['linode', 'vultr', 'aws'];
const allRegionCodes: string[] = [];
for (const provider of providers) {
const regionCodes = getAsiaRegionCodes(provider);
if (regionCodes.length === 0) {
logger.warn('[Recommendation] No Asia regions found for provider', {
provider,
});
}
allRegionCodes.push(...regionCodes);
}
// If no regions found across all providers, return empty
if (allRegionCodes.length === 0) {
logger.error('[Recommendation] No Asia regions found for any provider');
return [];
}
// Build single query with IN clauses for providers and regions
const providerPlaceholders = providers.map(() => '?').join(',');
const regionPlaceholders = allRegionCodes.map(() => '?').join(',');
let sql = `
SELECT
it.id,
it.instance_id,
it.instance_name,
it.vcpu,
it.memory_mb,
it.storage_gb,
it.metadata,
p.name as provider_name,
r.region_code,
r.region_name,
pr.hourly_price,
pr.monthly_price
FROM instance_types it
JOIN providers p ON it.provider_id = p.id
JOIN regions r ON r.provider_id = p.id
LEFT JOIN pricing pr ON pr.instance_type_id = it.id AND pr.region_id = r.id
WHERE p.name IN (${providerPlaceholders})
AND r.region_code IN (${regionPlaceholders})
AND it.memory_mb >= ?
AND it.vcpu >= ?
`;
const params: (string | number)[] = [
...providers,
...allRegionCodes,
requirements.min_memory_mb,
requirements.min_vcpu,
];
// Add budget filter if specified
if (budgetMax) {
sql += ` AND (pr.monthly_price <= ? OR pr.monthly_price IS NULL)`;
params.push(budgetMax);
}
// Sort by price (cheapest first) and limit results
sql += ` ORDER BY COALESCE(pr.monthly_price, 9999) ASC LIMIT 50`;
try {
const result = await this.db.prepare(sql).bind(...params).all();
logger.info('[Recommendation] Single query executed for all providers', {
providers,
region_count: allRegionCodes.length,
found: result.results?.length || 0,
});
return (result.results as unknown as InstanceQueryRow[]) || [];
} catch (error) {
logger.error('[Recommendation] Query failed', { error });
throw new Error('Failed to query instances from database');
}
}
/**
* Calculate match score for an instance
*
* Scoring algorithm (0-100 points):
* - Memory fit (40 points): How well memory matches requirements
* - Perfect fit (1-1.5x): 40 points
* - Comfortable (1.5-2x): 30 points
* - Oversized (>2x): 20 points
* - vCPU fit (30 points): How well vCPU matches requirements
* - Good fit (1-2x): 30 points
* - Oversized (>2x): 20 points
* - Price efficiency (20 points): Budget utilization
* - Under 50% budget: 20 points
* - Under 80% budget: 15 points
* - Over 80% budget: 10 points
* - Storage bonus (10 points): Included storage
* - ≥80GB: 10 points
* - >0GB: 5 points
* - No storage: 0 points
*
* @param instance - Instance query result
* @param requirements - Resource requirements
* @param budgetMax - Optional maximum budget
* @returns Instance recommendation with score, pros, and cons
*/
private scoreInstance(
instance: InstanceQueryRow,
requirements: ResourceRequirements,
budgetMax?: number
): InstanceRecommendation {
let score = 0;
const pros: string[] = [];
const cons: string[] = [];
// Memory score (40 points) - measure fit against requirements
const memoryRatio = instance.memory_mb / requirements.min_memory_mb;
if (memoryRatio >= 1 && memoryRatio <= 1.5) {
score += 40;
pros.push('메모리 최적 적합');
} else if (memoryRatio > 1.5 && memoryRatio <= 2) {
score += 30;
pros.push('메모리 여유 있음');
} else if (memoryRatio > 2) {
score += 20;
cons.push('메모리 과다 프로비저닝');
}
// vCPU score (30 points) - measure fit against requirements
const vcpuRatio = instance.vcpu / requirements.min_vcpu;
if (vcpuRatio >= 1 && vcpuRatio <= 2) {
score += 30;
pros.push('vCPU 적합');
} else if (vcpuRatio > 2) {
score += 20;
}
// Price score (20 points) - budget efficiency
const monthlyPrice = this.getMonthlyPrice(instance);
if (budgetMax && monthlyPrice > 0) {
const priceRatio = monthlyPrice / budgetMax;
if (priceRatio <= 0.5) {
score += 20;
pros.push('예산 대비 저렴');
} else if (priceRatio <= 0.8) {
score += 15;
pros.push('합리적 가격');
} else {
score += 10;
}
} else if (monthlyPrice > 0) {
score += 15; // Default score when no budget specified
}
// Storage score (10 points) - included storage bonus
if (instance.storage_gb >= 80) {
score += 10;
pros.push(`스토리지 ${instance.storage_gb}GB 포함`);
} else if (instance.storage_gb > 0) {
score += 5;
} else {
cons.push('EBS 스토리지 별도');
}
// Build recommendation object
return {
rank: 0, // Will be set by caller after sorting
provider: instance.provider_name,
instance: instance.instance_name,
region: `${getRegionDisplayName(instance.region_code)} (${instance.region_code})`,
specs: {
vcpu: instance.vcpu,
memory_mb: instance.memory_mb,
storage_gb: instance.storage_gb || 0,
},
price: {
monthly: monthlyPrice,
hourly: instance.hourly_price || monthlyPrice / 730,
},
match_score: Math.min(100, score), // Cap at 100
pros,
cons,
};
}
/**
* Extract monthly price from instance data
*
* Pricing sources:
* 1. Direct monthly_price column (Linode)
* 2. metadata JSON field (Vultr, AWS) - cached to avoid repeated JSON.parse
* 3. Calculate from hourly_price if available
*
* @param instance - Instance query result
* @returns Monthly price in USD, or 0 if not available
*/
private getMonthlyPrice(instance: InstanceQueryRow): number {
// Direct monthly price (from pricing table)
if (instance.monthly_price) {
return instance.monthly_price;
}
// Extract from metadata (Vultr, AWS) with caching
if (instance.metadata) {
// Check cache first
if (!this.metadataCache.has(instance.id)) {
try {
const meta = JSON.parse(instance.metadata) as { monthly_price?: number };
this.metadataCache.set(instance.id, meta);
} catch (error) {
logger.warn('[Recommendation] Failed to parse metadata', {
instance: instance.instance_name,
error,
});
// Cache empty object to prevent repeated parse attempts
this.metadataCache.set(instance.id, {});
}
}
const cachedMeta = this.metadataCache.get(instance.id);
if (cachedMeta?.monthly_price) {
return cachedMeta.monthly_price;
}
}
// Calculate from hourly price (730 hours per month average)
if (instance.hourly_price) {
return instance.hourly_price * 730;
}
return 0;
}
}

67
src/services/regionFilter.ts
View File

@@ -1,67 +0,0 @@
/**
* Region Filter Service
* Manages Asia-Pacific region filtering (Seoul, Tokyo, Osaka, Singapore, Hong Kong)
*/
/**
* Asia-Pacific region codes by provider
* Limited to 5 major cities in East/Southeast Asia
*/
export const ASIA_REGIONS: Record<string, string[]> = {
linode: ['jp-tyo-3', 'jp-osa', 'sg-sin-2'],
vultr: ['icn', 'nrt', 'itm'],
aws: ['ap-northeast-1', 'ap-northeast-2', 'ap-northeast-3', 'ap-southeast-1', 'ap-east-1'],
};
/**
* Region code to display name mapping
*/
export const REGION_DISPLAY_NAMES: Record<string, string> = {
// Linode
'jp-tyo-3': 'Tokyo',
'jp-osa': 'Osaka',
'sg-sin-2': 'Singapore',
// Vultr
'icn': 'Seoul',
'nrt': 'Tokyo',
'itm': 'Osaka',
// AWS
'ap-northeast-1': 'Tokyo',
'ap-northeast-2': 'Seoul',
'ap-northeast-3': 'Osaka',
'ap-southeast-1': 'Singapore',
'ap-east-1': 'Hong Kong',
};
/**
* Check if a region code is in the Asia-Pacific filter list
*
* @param provider - Cloud provider name (case-insensitive)
* @param regionCode - Region code to check (case-insensitive)
* @returns true if region is in Asia-Pacific filter list
*/
export function isAsiaRegion(provider: string, regionCode: string): boolean {
const regions = ASIA_REGIONS[provider.toLowerCase()];
if (!regions) return false;
return regions.includes(regionCode.toLowerCase());
}
/**
* Get all Asia-Pacific region codes for a provider
*
* @param provider - Cloud provider name (case-insensitive)
* @returns Array of region codes, empty if provider not found
*/
export function getAsiaRegionCodes(provider: string): string[] {
return ASIA_REGIONS[provider.toLowerCase()] || [];
}
/**
* Get display name for a region code
*
* @param regionCode - Region code to look up
* @returns Display name (e.g., "Tokyo"), or original code if not found
*/
export function getRegionDisplayName(regionCode: string): string {
return REGION_DISPLAY_NAMES[regionCode] || regionCode;
}

93
src/services/stackConfig.ts
View File

@@ -1,93 +0,0 @@
/**
* Stack Configuration Service
* Manages technology stack requirements and resource calculations
*/
import type { ScaleType, ResourceRequirements } from '../types';
/**
* Memory requirements for each stack component (in MB)
*/
export const STACK_REQUIREMENTS: Record<string, { min: number; recommended: number }> = {
nginx: { min: 128, recommended: 256 },
'php-fpm': { min: 512, recommended: 1024 },
mysql: { min: 1024, recommended: 2048 },
mariadb: { min: 1024, recommended: 2048 },
postgresql: { min: 1024, recommended: 2048 },
redis: { min: 256, recommended: 512 },
elasticsearch: { min: 2048, recommended: 4096 },
nodejs: { min: 512, recommended: 1024 },
docker: { min: 1024, recommended: 2048 },
mongodb: { min: 1024, recommended: 2048 },
};
/**
* Base OS overhead (in MB)
*/
export const OS_OVERHEAD_MB = 768;
/**
* Validate stack components against supported technologies
*
* @param stack - Array of technology stack components
* @returns Validation result with list of invalid stacks
*/
export function validateStack(stack: string[]): { valid: boolean; invalidStacks: string[] } {
const invalidStacks = stack.filter(s => !STACK_REQUIREMENTS[s.toLowerCase()]);
return {
valid: invalidStacks.length === 0,
invalidStacks,
};
}
/**
* Calculate resource requirements based on stack and scale
*
* Memory calculation:
* - small: minimum requirements
* - medium: recommended requirements
* - large: 1.5x recommended requirements
*
* vCPU calculation:
* - 1 vCPU per 2GB memory (rounded up)
* - Minimum 1 vCPU
*
* @param stack - Array of technology stack components
* @param scale - Deployment scale (small/medium/large)
* @returns Calculated resource requirements with breakdown
*/
export function calculateRequirements(stack: string[], scale: ScaleType): ResourceRequirements {
const breakdown: Record<string, string> = {};
let totalMemory = 0;
// Calculate memory for each stack component
for (const s of stack) {
const req = STACK_REQUIREMENTS[s.toLowerCase()];
if (req) {
let memoryMb: number;
if (scale === 'small') {
memoryMb = req.min;
} else if (scale === 'large') {
memoryMb = Math.ceil(req.recommended * 1.5);
} else {
// medium
memoryMb = req.recommended;
}
breakdown[s] = memoryMb >= 1024 ? `${memoryMb / 1024}GB` : `${memoryMb}MB`;
totalMemory += memoryMb;
}
}
// Add OS overhead
breakdown['os_overhead'] = `${OS_OVERHEAD_MB}MB`;
totalMemory += OS_OVERHEAD_MB;
// Calculate vCPU: 1 vCPU per 2GB memory, minimum 1
const minVcpu = Math.max(1, Math.ceil(totalMemory / 2048));
return {
min_memory_mb: totalMemory,
min_vcpu: minVcpu,
breakdown,
};
}

694
src/services/sync.ts
View File

@@ -8,17 +8,16 @@
* - Batch operations for efficiency
*
* @example
* const orchestrator = new SyncOrchestrator(db, vault);
* const orchestrator = new SyncOrchestrator(db, env);
* const report = await orchestrator.syncAll(['linode']);
*/
import { VaultClient } from '../connectors/vault';
import { LinodeConnector } from '../connectors/linode';
import { VultrConnector } from '../connectors/vultr';
import { AWSConnector } from '../connectors/aws';
import { RepositoryFactory } from '../repositories';
import { createLogger } from '../utils/logger';
import { calculateRetailHourly, calculateRetailMonthly } from '../constants';
import { calculateRetailHourly, calculateRetailMonthly, SUPPORTED_PROVIDERS } from '../constants';
import type {
Env,
ProviderSyncResult,
@@ -28,9 +27,34 @@ import type {
PricingInput,
GpuInstanceInput,
GpuPricingInput,
G8InstanceInput,
G8PricingInput,
VpuInstanceInput,
VpuPricingInput,
} from '../types';
import { SyncStage } from '../types';
/**
* Wraps a promise with a timeout
* @param promise - The promise to wrap
* @param ms - Timeout in milliseconds
* @param operation - Operation name for error message
* @returns Promise result if completed within timeout
* @throws Error if operation times out
*/
async function withTimeout<T>(promise: Promise<T>, ms: number, operation: string): Promise<T> {
let timeoutId: ReturnType<typeof setTimeout>;
const timeoutPromise = new Promise<never>((_, reject) => {
timeoutId = setTimeout(() => reject(new Error(`${operation} timed out after ${ms}ms`)), ms);
});
try {
return await Promise.race([promise, timeoutPromise]);
} finally {
clearTimeout(timeoutId!);
}
}
/**
* Cloud provider connector interface for SyncOrchestrator
*
@@ -53,10 +77,10 @@ export interface SyncConnectorAdapter {
getGpuInstances?(): Promise<GpuInstanceInput[]>;
/** Fetch G8 instances (optional, only for Linode) */
getG8Instances?(): Promise<any[]>;
getG8Instances?(): Promise<G8InstanceInput[]>;
/** Fetch VPU instances (optional, only for Linode) */
getVpuInstances?(): Promise<any[]>;
getVpuInstances?(): Promise<VpuInstanceInput[]>;
/**
* Fetch pricing data for instances and regions
@@ -84,15 +108,12 @@ export interface SyncConnectorAdapter {
export class SyncOrchestrator {
private repos: RepositoryFactory;
private logger: ReturnType<typeof createLogger>;
private env?: Env;
constructor(
db: D1Database,
private vault: VaultClient,
env?: Env
private env: Env
) {
this.repos = new RepositoryFactory(db, env);
this.env = env;
this.logger = createLogger('[SyncOrchestrator]', env);
this.logger.info('Initialized');
}
@@ -121,21 +142,20 @@ export class SyncOrchestrator {
await this.repos.providers.updateSyncStatus(provider, 'syncing');
this.logger.info(`${provider}${stage}`);
// Stage 2: Fetch credentials from Vault
stage = SyncStage.FETCH_CREDENTIALS;
// Stage 2: Initialize connector and authenticate
const connector = await this.createConnector(provider, providerRecord.id);
await connector.authenticate();
this.logger.info(`${provider}${stage}`);
await withTimeout(connector.authenticate(), 10000, `${provider} authentication`);
this.logger.info(`${provider}initialized`);
// Stage 3: Fetch regions from provider API
stage = SyncStage.FETCH_REGIONS;
const regions = await connector.getRegions();
const regions = await withTimeout(connector.getRegions(), 15000, `${provider} fetch regions`);
this.logger.info(`${provider}${stage}`, { regions: regions.length });
// Stage 4: Fetch instance types from provider API
stage = SyncStage.FETCH_INSTANCES;
const instances = await connector.getInstanceTypes();
const instances = await withTimeout(connector.getInstanceTypes(), 30000, `${provider} fetch instances`);
this.logger.info(`${provider}${stage}`, { instances: instances.length });
// Stage 5: Normalize data (add provider_id)
@@ -169,44 +189,46 @@ export class SyncOrchestrator {
let vpuInstancesCount = 0;
if (provider.toLowerCase() === 'linode') {
// GPU instances
if ('getGpuInstances' in connector) {
const gpuInstances = await (connector as any).getGpuInstances();
if (gpuInstances && gpuInstances.length > 0) {
// Parallel fetch all specialized instances for Linode
const [gpuInstances, g8Instances, vpuInstances] = await Promise.all([
connector.getGpuInstances
? withTimeout(connector.getGpuInstances(), 15000, `${provider} fetch GPU instances`)
: Promise.resolve([]),
connector.getG8Instances
? withTimeout(connector.getG8Instances(), 15000, `${provider} fetch G8 instances`)
: Promise.resolve([]),
connector.getVpuInstances
? withTimeout(connector.getVpuInstances(), 15000, `${provider} fetch VPU instances`)
: Promise.resolve([])
]);
// Sequential upsert (database operations)
if (gpuInstances.length > 0) {
gpuInstancesCount = await this.repos.gpuInstances.upsertMany(
providerRecord.id,
gpuInstances
);
}
}
// G8 instances
if ('getG8Instances' in connector) {
const g8Instances = await (connector as any).getG8Instances();
if (g8Instances && g8Instances.length > 0) {
if (g8Instances.length > 0) {
g8InstancesCount = await this.repos.g8Instances.upsertMany(
providerRecord.id,
g8Instances
);
}
}
// VPU instances
if ('getVpuInstances' in connector) {
const vpuInstances = await (connector as any).getVpuInstances();
if (vpuInstances && vpuInstances.length > 0) {
if (vpuInstances.length > 0) {
vpuInstancesCount = await this.repos.vpuInstances.upsertMany(
providerRecord.id,
vpuInstances
);
}
}
}
// Handle Vultr GPU instances
if (provider.toLowerCase() === 'vultr') {
if ('getGpuInstances' in connector) {
const gpuInstances = await (connector as any).getGpuInstances();
if (connector.getGpuInstances) {
const gpuInstances = await withTimeout(connector.getGpuInstances(), 15000, `${provider} fetch GPU instances`);
if (gpuInstances && gpuInstances.length > 0) {
gpuInstancesCount = await this.repos.gpuInstances.upsertMany(
providerRecord.id,
@@ -234,9 +256,27 @@ export class SyncOrchestrator {
throw new Error('Failed to fetch regions/instances for pricing');
}
// Type-safe extraction of IDs and mapping data from batch results
const regionIds = (dbRegionsResult.results as Array<{ id: number }>).map(r => r.id);
const dbInstancesData = dbInstancesResult.results as Array<{ id: number; instance_id: string }>;
// Validate and extract region IDs
if (!Array.isArray(dbRegionsResult.results)) {
throw new Error('Unexpected database result format for regions');
}
const regionIds = dbRegionsResult.results.map((r: any) => {
if (typeof r?.id !== 'number') {
throw new Error('Invalid region id in database result');
}
return r.id;
});
// Validate and extract instance type data
if (!Array.isArray(dbInstancesResult.results)) {
throw new Error('Unexpected database result format for instances');
}
const dbInstancesData = dbInstancesResult.results.map((i: any) => {
if (typeof i?.id !== 'number' || typeof i?.instance_id !== 'string') {
throw new Error('Invalid instance data in database result');
}
return { id: i.id, instance_id: i.instance_id };
});
const instanceTypeIds = dbInstancesData.map(i => i.id);
// Create instance mapping to avoid redundant queries in getPricing
@@ -244,26 +284,56 @@ export class SyncOrchestrator {
dbInstancesData.map(i => [i.id, { instance_id: i.instance_id }])
);
// Create specialized instance mappings
// Create specialized instance mappings with validation
if (!Array.isArray(dbGpuResult.results)) {
throw new Error('Unexpected database result format for GPU instances');
}
const dbGpuMap = new Map(
(dbGpuResult.results as Array<{ id: number; instance_id: string }>).map(i => [i.id, { instance_id: i.instance_id }])
dbGpuResult.results.map((i: any) => {
if (typeof i?.id !== 'number' || typeof i?.instance_id !== 'string') {
throw new Error('Invalid GPU instance data in database result');
}
return [i.id, { instance_id: i.instance_id }];
})
);
if (!Array.isArray(dbG8Result.results)) {
throw new Error('Unexpected database result format for G8 instances');
}
const dbG8Map = new Map(
(dbG8Result.results as Array<{ id: number; instance_id: string }>).map(i => [i.id, { instance_id: i.instance_id }])
dbG8Result.results.map((i: any) => {
if (typeof i?.id !== 'number' || typeof i?.instance_id !== 'string') {
throw new Error('Invalid G8 instance data in database result');
}
return [i.id, { instance_id: i.instance_id }];
})
);
if (!Array.isArray(dbVpuResult.results)) {
throw new Error('Unexpected database result format for VPU instances');
}
const dbVpuMap = new Map(
(dbVpuResult.results as Array<{ id: number; instance_id: string }>).map(i => [i.id, { instance_id: i.instance_id }])
dbVpuResult.results.map((i: any) => {
if (typeof i?.id !== 'number' || typeof i?.instance_id !== 'string') {
throw new Error('Invalid VPU instance data in database result');
}
return [i.id, { instance_id: i.instance_id }];
})
);
// Get pricing data - may return array or count depending on provider
// Pass all instance maps for specialized pricing
const pricingResult = await connector.getPricing(
const pricingResult = await withTimeout(
connector.getPricing(
instanceTypeIds,
regionIds,
dbInstanceMap,
dbGpuMap,
dbG8Map,
dbVpuMap
),
180000, // AWS needs ~25K records upsert (870 instances × 29 regions)
`${provider} fetch pricing`
);
// Handle both return types: array (Linode, Vultr) or number (AWS with generator)
@@ -294,7 +364,7 @@ export class SyncOrchestrator {
this.logger.info(`${provider}${stage}`);
// Stage 8: Sync Anvil Pricing (if applicable)
stage = 'SYNC_ANVIL_PRICING' as SyncStage;
stage = SyncStage.SYNC_ANVIL_PRICING;
let anvilPricingCount = 0;
try {
anvilPricingCount = await this.syncAnvilPricing(provider);
@@ -309,6 +379,21 @@ export class SyncOrchestrator {
});
}
// Stage 8.5: Sync Anvil Transfer Pricing
let anvilTransferPricingCount = 0;
try {
anvilTransferPricingCount = await this.syncAnvilTransferPricing(provider);
if (anvilTransferPricingCount > 0) {
this.logger.info(`${provider} → SYNC_ANVIL_TRANSFER_PRICING`, { anvil_transfer_pricing: anvilTransferPricingCount });
}
} catch (transferError) {
// Log error but don't fail the entire sync
this.logger.error('Anvil transfer pricing sync failed', {
provider,
error: transferError instanceof Error ? transferError.message : String(transferError)
});
}
// Stage 9: Complete - Update provider status to success
stage = SyncStage.COMPLETE;
await this.repos.providers.updateSyncStatus(provider, 'success');
@@ -349,42 +434,211 @@ export class SyncOrchestrator {
error_details: {
stage,
message: errorMessage,
stack: error instanceof Error ? error.stack : undefined,
// Stack trace logged server-side only, not exposed to clients
},
};
}
}
/**
* Synchronize all providers
* Runs synchronizations in parallel for efficiency
* Synchronize pricing data only (no regions/instances update)
*
* @param providers - Array of provider names to sync (defaults to all supported providers)
* @returns Complete sync report with statistics
* Lightweight sync operation that only updates pricing data from provider APIs.
* Skips region and instance type synchronization.
*
* @param provider - Provider name (linode, vultr, aws)
* @returns Sync result with pricing statistics
*/
async syncAll(providers = ['linode', 'vultr', 'aws']): Promise<SyncReport> {
const startedAt = new Date().toISOString();
async syncPricingOnly(provider: string): Promise<ProviderSyncResult> {
const startTime = Date.now();
let stage = SyncStage.INIT;
this.logger.info('Starting sync for providers', { providers: providers.join(', ') });
this.logger.info('Starting pricing-only sync for provider', { provider });
// Run all provider syncs in parallel
const results = await Promise.allSettled(
providers.map(p => this.syncProvider(p))
try {
// Stage 1: Initialize - Fetch provider record
stage = SyncStage.INIT;
const providerRecord = await this.repos.providers.findByName(provider);
if (!providerRecord) {
throw new Error(`Provider not found in database: ${provider}`);
}
// Update provider status to syncing
await this.repos.providers.updateSyncStatus(provider, 'syncing');
this.logger.info(`${provider}${stage} (pricing only)`);
// Stage 2: Initialize connector and authenticate
const connector = await this.createConnector(provider, providerRecord.id);
await withTimeout(connector.authenticate(), 10000, `${provider} authentication`);
this.logger.info(`${provider} → initialized (pricing only)`);
// Fetch existing instance and region IDs from database
const batchQueries = [
this.repos.db.prepare('SELECT id, region_code FROM regions WHERE provider_id = ?').bind(providerRecord.id),
this.repos.db.prepare('SELECT id, instance_id FROM instance_types WHERE provider_id = ?').bind(providerRecord.id),
this.repos.db.prepare('SELECT id, instance_id FROM gpu_instances WHERE provider_id = ?').bind(providerRecord.id),
this.repos.db.prepare('SELECT id, instance_id FROM g8_instances WHERE provider_id = ?').bind(providerRecord.id),
this.repos.db.prepare('SELECT id, instance_id FROM vpu_instances WHERE provider_id = ?').bind(providerRecord.id)
];
const [dbRegionsResult, dbInstancesResult, dbGpuResult, dbG8Result, dbVpuResult] = await this.repos.db.batch(batchQueries);
if (!dbRegionsResult.success || !dbInstancesResult.success) {
throw new Error('Failed to fetch regions/instances for pricing');
}
// Validate and extract region IDs
if (!Array.isArray(dbRegionsResult.results)) {
throw new Error('Unexpected database result format for regions');
}
const regionIds = dbRegionsResult.results.map((r: any) => {
if (typeof r?.id !== 'number') {
throw new Error('Invalid region id in database result');
}
return r.id;
});
// Validate and extract instance type data
if (!Array.isArray(dbInstancesResult.results)) {
throw new Error('Unexpected database result format for instances');
}
const dbInstancesData = dbInstancesResult.results.map((i: any) => {
if (typeof i?.id !== 'number' || typeof i?.instance_id !== 'string') {
throw new Error('Invalid instance data in database result');
}
return { id: i.id, instance_id: i.instance_id };
});
const instanceTypeIds = dbInstancesData.map(i => i.id);
// Create instance mapping
const dbInstanceMap = new Map(
dbInstancesData.map(i => [i.id, { instance_id: i.instance_id }])
);
// Extract results
const providerResults: ProviderSyncResult[] = results.map((result, index) => {
if (result.status === 'fulfilled') {
return result.value;
} else {
// Handle rejected promises
const provider = providers[index];
const errorMessage = result.reason instanceof Error
? result.reason.message
: 'Unknown error';
// Create specialized instance mappings
if (!Array.isArray(dbGpuResult.results)) {
throw new Error('Unexpected database result format for GPU instances');
}
const dbGpuMap = new Map(
dbGpuResult.results.map((i: any) => {
if (typeof i?.id !== 'number' || typeof i?.instance_id !== 'string') {
throw new Error('Invalid GPU instance data in database result');
}
return [i.id, { instance_id: i.instance_id }];
})
);
this.logger.error(`${provider} promise rejected`, { error: result.reason instanceof Error ? result.reason.message : String(result.reason) });
if (!Array.isArray(dbG8Result.results)) {
throw new Error('Unexpected database result format for G8 instances');
}
const dbG8Map = new Map(
dbG8Result.results.map((i: any) => {
if (typeof i?.id !== 'number' || typeof i?.instance_id !== 'string') {
throw new Error('Invalid G8 instance data in database result');
}
return [i.id, { instance_id: i.instance_id }];
})
);
if (!Array.isArray(dbVpuResult.results)) {
throw new Error('Unexpected database result format for VPU instances');
}
const dbVpuMap = new Map(
dbVpuResult.results.map((i: any) => {
if (typeof i?.id !== 'number' || typeof i?.instance_id !== 'string') {
throw new Error('Invalid VPU instance data in database result');
}
return [i.id, { instance_id: i.instance_id }];
})
);
// Get pricing data
stage = SyncStage.PERSIST;
const pricingResult = await withTimeout(
connector.getPricing(
instanceTypeIds,
regionIds,
dbInstanceMap,
dbGpuMap,
dbG8Map,
dbVpuMap
),
180000,
`${provider} fetch pricing`
);
// Handle both return types
let pricingCount = 0;
if (typeof pricingResult === 'number') {
pricingCount = pricingResult;
} else if (pricingResult.length > 0) {
pricingCount = await this.repos.pricing.upsertMany(pricingResult);
}
this.logger.info(`${provider} → pricing updated`, { pricing: pricingCount });
// Stage: Sync Anvil Pricing (if applicable)
stage = SyncStage.SYNC_ANVIL_PRICING;
let anvilPricingCount = 0;
try {
anvilPricingCount = await this.syncAnvilPricing(provider);
if (anvilPricingCount > 0) {
this.logger.info(`${provider}${stage}`, { anvil_pricing: anvilPricingCount });
}
} catch (anvilError) {
this.logger.error('Anvil pricing sync failed', {
provider,
error: anvilError instanceof Error ? anvilError.message : String(anvilError)
});
}
// Sync Anvil Transfer Pricing
let anvilTransferPricingCount = 0;
try {
anvilTransferPricingCount = await this.syncAnvilTransferPricing(provider);
if (anvilTransferPricingCount > 0) {
this.logger.info(`${provider} → SYNC_ANVIL_TRANSFER_PRICING`, { anvil_transfer_pricing: anvilTransferPricingCount });
}
} catch (transferError) {
this.logger.error('Anvil transfer pricing sync failed', {
provider,
error: transferError instanceof Error ? transferError.message : String(transferError)
});
}
// Complete - Update provider status
stage = SyncStage.COMPLETE;
await this.repos.providers.updateSyncStatus(provider, 'success');
const duration = Date.now() - startTime;
this.logger.info(`${provider}${stage} (pricing only)`, { duration_ms: duration });
return {
provider,
success: true,
regions_synced: 0,
instances_synced: 0,
pricing_synced: pricingCount,
duration_ms: duration,
};
} catch (error) {
const duration = Date.now() - startTime;
const errorMessage = error instanceof Error ? error.message : 'Unknown error';
this.logger.error(`${provider} pricing sync failed at ${stage}`, {
error: error instanceof Error ? error.message : String(error),
stage
});
// Update provider status to error
try {
await this.repos.providers.updateSyncStatus(provider, 'error', errorMessage);
} catch (statusError) {
this.logger.error('Failed to update provider status', {
error: statusError instanceof Error ? statusError.message : String(statusError)
});
}
return {
provider,
@@ -392,11 +646,137 @@ export class SyncOrchestrator {
regions_synced: 0,
instances_synced: 0,
pricing_synced: 0,
duration_ms: 0,
duration_ms: duration,
error: errorMessage,
error_details: {
stage,
message: errorMessage,
},
};
}
}
/**
* Synchronize pricing data only for all providers
*
* Lightweight sync operation that only updates pricing data.
* Skips region and instance type synchronization.
*
* @param providers - Array of provider names to sync (defaults to all supported providers)
* @returns Complete sync report with pricing statistics
*/
async syncAllPricingOnly(providers: string[] = [...SUPPORTED_PROVIDERS]): Promise<SyncReport> {
const startedAt = new Date().toISOString();
const startTime = Date.now();
this.logger.info('Starting pricing-only sync for providers', { providers: providers.join(', ') });
const providerResults: ProviderSyncResult[] = [];
for (const provider of providers) {
try {
const result = await this.syncPricingOnly(provider);
providerResults.push(result);
this.logger.info('Provider pricing sync completed', {
provider,
success: result.success,
elapsed_ms: Date.now() - startTime
});
} catch (error) {
providerResults.push({
provider,
success: false,
regions_synced: 0,
instances_synced: 0,
pricing_synced: 0,
duration_ms: 0,
error: error instanceof Error ? error.message : 'Unknown error',
});
}
}
const completedAt = new Date().toISOString();
const totalDuration = Date.now() - startTime;
const successful = providerResults.filter(r => r.success);
const failed = providerResults.filter(r => !r.success);
const summary = {
total_providers: providers.length,
successful_providers: successful.length,
failed_providers: failed.length,
total_regions: 0,
total_instances: 0,
total_pricing: providerResults.reduce((sum, r) => sum + r.pricing_synced, 0),
};
const report: SyncReport = {
success: failed.length === 0,
started_at: startedAt,
completed_at: completedAt,
total_duration_ms: totalDuration,
providers: providerResults,
summary,
};
this.logger.info('Pricing sync complete', {
total: summary.total_providers,
success: summary.successful_providers,
failed: summary.failed_providers,
duration_ms: totalDuration,
});
return report;
}
/**
* Synchronize all providers
*
* IMPORTANT: Providers are synced sequentially (not in parallel) to avoid
* exceeding Cloudflare Workers' 30-second CPU time limit. Each provider
* sync involves multiple API calls and database operations.
*
* For production deployments with large datasets, consider using
* Cloudflare Queues to process each provider as a separate job.
*
* @param providers - Array of provider names to sync (defaults to all supported providers)
* @returns Complete sync report with statistics
*/
async syncAll(providers: string[] = [...SUPPORTED_PROVIDERS]): Promise<SyncReport> {
const startedAt = new Date().toISOString();
const startTime = Date.now();
this.logger.info('Starting sequential sync for providers', { providers: providers.join(', ') });
// Run provider syncs sequentially to avoid CPU timeout
// Each provider sync is independent and can complete within time limits
const providerResults: ProviderSyncResult[] = [];
for (const provider of providers) {
try {
const result = await this.syncProvider(provider);
providerResults.push(result);
// Log progress after each provider
this.logger.info('Provider sync completed', {
provider,
success: result.success,
elapsed_ms: Date.now() - startTime
});
} catch (error) {
// Handle unexpected errors
providerResults.push({
provider,
success: false,
regions_synced: 0,
instances_synced: 0,
pricing_synced: 0,
duration_ms: 0,
error: error instanceof Error ? error.message : 'Unknown error',
});
}
}
const completedAt = new Date().toISOString();
const totalDuration = Date.now() - startTime;
@@ -435,24 +815,29 @@ export class SyncOrchestrator {
/**
* Generate AWS pricing records in batches using Generator pattern
* Minimizes memory usage by yielding batches of 100 records at a time
* Minimizes memory usage by yielding batches at a time (configurable)
*
* @param instanceTypeIds - Array of database instance type IDs
* @param regionIds - Array of database region IDs
* @param dbInstanceMap - Map of instance type ID to DB instance data
* @param rawInstanceMap - Map of instance_id (API ID) to raw AWS data
* @yields Batches of PricingInput records (100 per batch)
* @param env - Environment configuration for SYNC_BATCH_SIZE
* @yields Batches of PricingInput records (configurable batch size)
*
* Manual Test:
* Generator yields ~252 batches for ~25,230 total records (870 instances × 29 regions)
* Generator yields batches for ~25,230 total records (870 instances × 29 regions)
*/
private *generateAWSPricingBatches(
instanceTypeIds: number[],
regionIds: number[],
dbInstanceMap: Map<number, { instance_id: string }>,
rawInstanceMap: Map<string, { Cost: number; MonthlyPrice: number }>
rawInstanceMap: Map<string, { Cost: number; MonthlyPrice: number }>,
env?: Env
): Generator<PricingInput[], void, void> {
const BATCH_SIZE = 100;
const BATCH_SIZE = Math.min(
Math.max(parseInt(env?.SYNC_BATCH_SIZE || '100', 10) || 100, 1),
1000
);
let batch: PricingInput[] = [];
for (const regionId of regionIds) {
@@ -515,7 +900,10 @@ export class SyncOrchestrator {
rawInstanceMap: Map<string, { id: string; price: { hourly: number; monthly: number } }>,
env?: Env
): Generator<PricingInput[], void, void> {
const BATCH_SIZE = parseInt(env?.SYNC_BATCH_SIZE || '100', 10);
const BATCH_SIZE = Math.min(
Math.max(parseInt(env?.SYNC_BATCH_SIZE || '100', 10) || 100, 1),
1000
);
let batch: PricingInput[] = [];
for (const regionId of regionIds) {
@@ -578,7 +966,10 @@ export class SyncOrchestrator {
rawPlanMap: Map<string, { id: string; monthly_cost: number }>,
env?: Env
): Generator<PricingInput[], void, void> {
const BATCH_SIZE = parseInt(env?.SYNC_BATCH_SIZE || '100', 10);
const BATCH_SIZE = Math.min(
Math.max(parseInt(env?.SYNC_BATCH_SIZE || '100', 10) || 100, 1),
1000
);
let batch: PricingInput[] = [];
for (const regionId of regionIds) {
@@ -644,7 +1035,10 @@ export class SyncOrchestrator {
rawInstanceMap: Map<string, { id: string; price: { hourly: number; monthly: number } }>,
env?: Env
): Generator<GpuPricingInput[], void, void> {
const BATCH_SIZE = parseInt(env?.SYNC_BATCH_SIZE || '100', 10);
const BATCH_SIZE = Math.min(
Math.max(parseInt(env?.SYNC_BATCH_SIZE || '100', 10) || 100, 1),
1000
);
let batch: GpuPricingInput[] = [];
for (const regionId of regionIds) {
@@ -707,7 +1101,10 @@ export class SyncOrchestrator {
rawPlanMap: Map<string, { id: string; monthly_cost: number }>,
env?: Env
): Generator<GpuPricingInput[], void, void> {
const BATCH_SIZE = parseInt(env?.SYNC_BATCH_SIZE || '100', 10);
const BATCH_SIZE = Math.min(
Math.max(parseInt(env?.SYNC_BATCH_SIZE || '100', 10) || 100, 1),
1000
);
let batch: GpuPricingInput[] = [];
for (const regionId of regionIds) {
@@ -759,9 +1156,12 @@ export class SyncOrchestrator {
dbG8InstanceMap: Map<number, { instance_id: string }>,
rawInstanceMap: Map<string, { id: string; price: { hourly: number; monthly: number } }>,
env?: Env
): Generator<any[], void, void> {
const BATCH_SIZE = parseInt(env?.SYNC_BATCH_SIZE || '100', 10);
let batch: any[] = [];
): Generator<G8PricingInput[], void, void> {
const BATCH_SIZE = Math.min(
Math.max(parseInt(env?.SYNC_BATCH_SIZE || '100', 10) || 100, 1),
1000
);
let batch: G8PricingInput[] = [];
for (const regionId of regionIds) {
for (const g8InstanceId of g8InstanceTypeIds) {
@@ -809,9 +1209,12 @@ export class SyncOrchestrator {
dbVpuInstanceMap: Map<number, { instance_id: string }>,
rawInstanceMap: Map<string, { id: string; price: { hourly: number; monthly: number } }>,
env?: Env
): Generator<any[], void, void> {
const BATCH_SIZE = parseInt(env?.SYNC_BATCH_SIZE || '100', 10);
let batch: any[] = [];
): Generator<VpuPricingInput[], void, void> {
const BATCH_SIZE = Math.min(
Math.max(parseInt(env?.SYNC_BATCH_SIZE || '100', 10) || 100, 1),
1000
);
let batch: VpuPricingInput[] = [];
for (const regionId of regionIds) {
for (const vpuInstanceId of vpuInstanceTypeIds) {
@@ -910,8 +1313,26 @@ export class SyncOrchestrator {
count: anvilPricingRecords.length
});
// Step 4: Fetch source pricing data in batch
const sourcePricingResult = await this.repos.db
// Step 4: Fetch source pricing data with paired conditions
// Batch queries to avoid SQLite limits (max 100 pairs per query)
const CHUNK_SIZE = 100;
const allSourcePricing: Array<{
instance_type_id: number;
region_id: number;
hourly_price: number;
monthly_price: number;
}> = [];
for (let i = 0; i < anvilPricingRecords.length; i += CHUNK_SIZE) {
const chunk = anvilPricingRecords.slice(i, i + CHUNK_SIZE);
if (chunk.length === 0) continue;
const conditions = chunk
.map(() => '(instance_type_id = ? AND region_id = ?)')
.join(' OR ');
const params = chunk.flatMap(r => [r.source_instance_id, r.source_region_id]);
const chunkResult = await this.repos.db
.prepare(`
SELECT
instance_type_id,
@@ -919,13 +1340,9 @@ export class SyncOrchestrator {
hourly_price,
monthly_price
FROM pricing
WHERE instance_type_id IN (${anvilPricingRecords.map(() => '?').join(',')})
AND region_id IN (${anvilPricingRecords.map(() => '?').join(',')})
WHERE ${conditions}
`)
.bind(
...anvilPricingRecords.map(r => r.source_instance_id),
...anvilPricingRecords.map(r => r.source_region_id)
)
.bind(...params)
.all<{
instance_type_id: number;
region_id: number;
@@ -933,14 +1350,19 @@ export class SyncOrchestrator {
monthly_price: number;
}>();
if (!sourcePricingResult.success || sourcePricingResult.results.length === 0) {
if (chunkResult.success && chunkResult.results) {
allSourcePricing.push(...chunkResult.results);
}
}
if (allSourcePricing.length === 0) {
this.logger.warn('No source pricing data found', { provider });
return 0;
}
// Step 5: Build lookup map: `${instance_type_id}_${region_id}` → pricing
const sourcePricingMap = new Map<string, { hourly_price: number; monthly_price: number }>(
sourcePricingResult.results.map(p => [
allSourcePricing.map(p => [
`${p.instance_type_id}_${p.region_id}`,
{ hourly_price: p.hourly_price, monthly_price: p.monthly_price }
])
@@ -971,7 +1393,8 @@ export class SyncOrchestrator {
UPDATE anvil_pricing
SET
hourly_price = ?,
monthly_price = ?
monthly_price = ?,
updated_at = CURRENT_TIMESTAMP
WHERE id = ?
`).bind(
hourlyPrice,
@@ -1010,6 +1433,84 @@ export class SyncOrchestrator {
}
}
/**
* Synchronize Anvil transfer pricing based on source provider
*
* Updates anvil_transfer_pricing table with retail transfer costs
* Formula: retail = cost × 1.21 (21% margin)
*
* Provider costs (per GB):
* - Linode: $0.005/GB
* - Vultr: $0.01/GB
* - AWS: $0.09/GB (Asia regions)
*
* @param provider - Source provider name (linode, vultr, aws)
* @returns Number of anvil_transfer_pricing records updated
*/
private async syncAnvilTransferPricing(provider: string): Promise<number> {
this.logger.info('Starting Anvil transfer pricing sync', { provider });
try {
// Step 1: Define provider costs per GB (wholesale)
const providerCosts: Record<string, number> = {
linode: 0.005, // $0.005/GB
vultr: 0.01, // $0.01/GB
aws: 0.09, // $0.09/GB (Asia regions)
};
const costPerGb = providerCosts[provider.toLowerCase()];
if (!costPerGb) {
this.logger.info('No transfer pricing defined for provider', { provider });
return 0;
}
// Step 2: Find all anvil_regions sourced from this provider
const anvilRegionsResult = await this.repos.db
.prepare('SELECT id, source_region_id FROM anvil_regions WHERE source_provider = ?')
.bind(provider)
.all<{ id: number; source_region_id: number }>();
if (!anvilRegionsResult.success || anvilRegionsResult.results.length === 0) {
this.logger.info('No anvil_regions found for provider', { provider });
return 0;
}
const anvilRegions = anvilRegionsResult.results;
this.logger.info('Found anvil_regions for transfer pricing', {
provider,
count: anvilRegions.length
});
// Step 3: Calculate retail price (cost × 1.21 for 21% margin)
const retailPricePerGb = costPerGb * 1.21;
// Step 4: Prepare upsert data for all regions
const transferPricingData = anvilRegions.map(region => ({
anvil_region_id: region.id,
price_per_gb: retailPricePerGb,
}));
// Step 5: Batch upsert using repository
const upsertCount = await this.repos.anvilTransferPricing.upsertMany(transferPricingData);
this.logger.info('Anvil transfer pricing sync completed', {
provider,
cost_per_gb: costPerGb,
retail_price_per_gb: retailPricePerGb,
regions_updated: upsertCount,
});
return upsertCount;
} catch (error) {
this.logger.error('Anvil transfer pricing sync failed', {
provider,
error: error instanceof Error ? error.message : String(error)
});
throw error;
}
}
/**
* Create connector for a specific provider
*
@@ -1021,7 +1522,7 @@ export class SyncOrchestrator {
private async createConnector(provider: string, providerId: number): Promise<SyncConnectorAdapter> {
switch (provider.toLowerCase()) {
case 'linode': {
const connector = new LinodeConnector(this.vault);
const connector = new LinodeConnector(this.env);
// Cache instance types for pricing extraction
let cachedInstanceTypes: Awaited<ReturnType<typeof connector.fetchInstanceTypes>> | null = null;
@@ -1059,7 +1560,7 @@ export class SyncOrchestrator {
const gpuInstances = cachedInstanceTypes.filter(i => i.gpus > 0);
return gpuInstances.map(i => connector.normalizeGpuInstance(i, providerId));
},
getG8Instances: async (): Promise<any[]> => {
getG8Instances: async (): Promise<G8InstanceInput[]> => {
// Use cached instances if available to avoid redundant API calls
if (!cachedInstanceTypes) {
this.logger.info('Fetching instance types for G8 extraction');
@@ -1072,7 +1573,7 @@ export class SyncOrchestrator {
);
return g8Instances.map(i => connector.normalizeG8Instance(i, providerId));
},
getVpuInstances: async (): Promise<any[]> => {
getVpuInstances: async (): Promise<VpuInstanceInput[]> => {
// Use cached instances if available to avoid redundant API calls
if (!cachedInstanceTypes) {
this.logger.info('Fetching instance types for VPU extraction');
@@ -1239,7 +1740,7 @@ export class SyncOrchestrator {
}
case 'vultr': {
const connector = new VultrConnector(this.vault);
const connector = new VultrConnector(this.env);
// Cache plans for pricing extraction
let cachedPlans: Awaited<ReturnType<typeof connector.fetchPlans>> | null = null;
@@ -1356,7 +1857,7 @@ export class SyncOrchestrator {
}
case 'aws': {
const connector = new AWSConnector(this.vault);
const connector = new AWSConnector(this.env);
// Cache instance types for pricing extraction
let cachedInstanceTypes: Awaited<ReturnType<typeof connector.fetchInstanceTypes>> | null = null;
@@ -1409,7 +1910,8 @@ export class SyncOrchestrator {
instanceTypeIds,
regionIds,
dbInstanceMap,
rawInstanceMap
rawInstanceMap,
this.env
);
// Process batches incrementally

144
src/types.ts
View File

@@ -1,38 +1,3 @@
/**
* Vault Credentials Types - supports different providers
*/
export interface VaultCredentials {
provider: string;
api_token?: string; // Linode
api_key?: string; // Vultr
aws_access_key_id?: string; // AWS
aws_secret_access_key?: string; // AWS
}
/**
* Vault API Response Structure - flexible for different providers
*/
export interface VaultSecretResponse {
data: {
data: Record<string, string>; // Flexible key-value pairs
metadata: {
created_time: string;
custom_metadata: null;
deletion_time: string;
destroyed: boolean;
version: number;
};
};
}
/**
* Cache Entry Structure
*/
export interface CacheEntry<T> {
data: T;
expiresAt: number;
}
// ============================================================
// Database Entity Types
// ============================================================
@@ -283,6 +248,8 @@ export interface InstanceQueryParams {
page?: number;
/** Number of results per page */
limit?: number;
/** Force total count calculation (performance optimization: only runs on first page by default) */
include_count?: boolean;
}
/**
@@ -430,20 +397,34 @@ export interface Env {
DB: D1Database;
/** KV namespace for rate limiting */
RATE_LIMIT_KV: KVNamespace;
/** Vault server URL for credentials management */
VAULT_URL: string;
/** Vault authentication token */
VAULT_TOKEN: string;
/** API key for request authentication */
API_KEY: string;
/** Provider API credentials (from Wrangler secrets) */
LINODE_API_TOKEN?: string;
VULTR_API_KEY?: string;
AWS_ACCESS_KEY_ID?: string;
AWS_SECRET_ACCESS_KEY?: string;
/** Batch size for synchronization operations */
SYNC_BATCH_SIZE?: string;
/** Cache TTL in seconds */
CACHE_TTL_SECONDS?: string;
/** Log level (debug, info, warn, error, none) - Controls logging verbosity */
LOG_LEVEL?: string;
/** CORS origin for Access-Control-Allow-Origin header (default: '*') */
/** CORS origin for Access-Control-Allow-Origin header */
CORS_ORIGIN?: string;
/** Environment (development|production) - Controls development-specific features */
ENVIRONMENT?: string;
}
/**
* Hono context variables
* Shared across all request contexts
*/
export interface HonoVariables {
/** Unique request ID for tracing */
requestId: string;
/** Authentication status (set by auth middleware) */
authenticated?: boolean;
}
// ============================================================
@@ -458,8 +439,6 @@ export enum SyncStage {
IDLE = 'idle',
/** Initialization stage */
INIT = 'init',
/** Fetching provider credentials from Vault */
FETCH_CREDENTIALS = 'fetch_credentials',
/** Fetching regions from provider API */
FETCH_REGIONS = 'fetch_regions',
/** Fetching instance types from provider API */
@@ -476,6 +455,8 @@ export enum SyncStage {
STORE_DATA = 'store_data',
/** Validation stage */
VALIDATE = 'validate',
/** Synchronizing Anvil pricing from source provider */
SYNC_ANVIL_PRICING = 'sync_anvil_pricing',
/** Sync completed successfully */
COMPLETE = 'complete',
/** Legacy alias for COMPLETE */
@@ -518,85 +499,6 @@ export interface ApiError {
path?: string;
}
// ============================================================
// Recommendation API Types
// ============================================================
/**
* Scale type for resource requirements
*/
export type ScaleType = 'small' | 'medium' | 'large';
/**
* Request body for instance recommendations
*/
export interface RecommendationRequest {
/** Technology stack components (e.g., ['nginx', 'mysql', 'redis']) */
stack: string[];
/** Deployment scale (small/medium/large) */
scale: ScaleType;
/** Maximum monthly budget in USD (optional) */
budget_max?: number;
}
/**
* Calculated resource requirements based on stack and scale
*/
export interface ResourceRequirements {
/** Minimum required memory in MB */
min_memory_mb: number;
/** Minimum required vCPU count */
min_vcpu: number;
/** Memory breakdown by component */
breakdown: Record<string, string>;
}
/**
* Individual instance recommendation with scoring
*/
export interface InstanceRecommendation {
/** Recommendation rank (1 = best match) */
rank: number;
/** Cloud provider name */
provider: string;
/** Instance type identifier */
instance: string;
/** Region code */
region: string;
/** Instance specifications */
specs: {
/** Virtual CPU count */
vcpu: number;
/** Memory in MB */
memory_mb: number;
/** Storage in GB */
storage_gb: number;
};
/** Pricing information */
price: {
/** Monthly price in USD */
monthly: number;
/** Hourly price in USD */
hourly: number;
};
/** Match score (0-100) */
match_score: number;
/** Advantages of this instance */
pros: string[];
/** Disadvantages or considerations */
cons: string[];
}
/**
* Complete recommendation response
*/
export interface RecommendationResponse {
/** Calculated resource requirements */
requirements: ResourceRequirements;
/** List of recommended instances (sorted by match score) */
recommendations: InstanceRecommendation[];
}
// ============================================================
// Anvil Product Types
// ============================================================

2
src/utils/logger.test.ts
View File

@@ -20,8 +20,6 @@ const createMockEnv = (logLevel?: string): Env => ({
LOG_LEVEL: logLevel,
DB: {} as any,
RATE_LIMIT_KV: {} as any,
VAULT_URL: 'https://vault.example.com',
VAULT_TOKEN: 'test-token',
API_KEY: 'test-api-key',
});

7
src/utils/logger.ts
View File

@@ -59,7 +59,12 @@ export class Logger {
const MAX_DEPTH = 5; // Prevent infinite recursion
if (depth > MAX_DEPTH) return data;
const sensitiveKeys = ['api_key', 'api_token', 'password', 'secret', 'token', 'key', 'authorization', 'credential'];
const sensitiveKeys = [
'api_key', 'api_token', 'password', 'secret', 'token', 'key',
'authorization', 'credential', 'access_key', 'private_key',
'bearer', 'auth', 'session', 'cookie', 'jwt', 'refresh_token',
'client_secret', 'aws_secret', 'linode_token', 'vultr_key'
];
const masked: Record<string, unknown> = {};
for (const [key, value] of Object.entries(data)) {

325
tests/vault.test.ts
View File

@@ -1,325 +0,0 @@
import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
import { VaultClient, VaultError } from '../src/connectors/vault';
import type { VaultSecretResponse } from '../src/types';
// Mock fetch globally
const mockFetch = vi.fn();
global.fetch = mockFetch;
describe('VaultClient', () => {
const baseUrl = 'https://vault.anvil.it.com';
const token = 'hvs.test-token';
let client: VaultClient;
beforeEach(() => {
client = new VaultClient(baseUrl, token);
mockFetch.mockClear();
});
afterEach(() => {
vi.clearAllTimers();
});
describe('constructor', () => {
it('should initialize with correct baseUrl and token', () => {
expect(client).toBeInstanceOf(VaultClient);
});
it('should remove trailing slash from baseUrl', () => {
const clientWithSlash = new VaultClient('https://vault.anvil.it.com/', token);
expect(clientWithSlash).toBeInstanceOf(VaultClient);
});
});
describe('getCredentials', () => {
const mockSuccessResponse: VaultSecretResponse = {
data: {
data: {
provider: 'linode',
api_token: 'test-api-token-123',
},
metadata: {
created_time: '2024-01-21T10:00:00Z',
custom_metadata: null,
deletion_time: '',
destroyed: false,
version: 1,
},
},
};
it('should successfully retrieve credentials from Vault', async () => {
mockFetch.mockResolvedValueOnce({
ok: true,
status: 200,
json: async () => mockSuccessResponse,
});
const credentials = await client.getCredentials('linode');
expect(credentials).toEqual({
provider: 'linode',
api_token: 'test-api-token-123',
});
expect(mockFetch).toHaveBeenCalledWith(
'https://vault.anvil.it.com/v1/secret/data/linode',
expect.objectContaining({
method: 'GET',
headers: {
'X-Vault-Token': token,
'Content-Type': 'application/json',
},
})
);
});
it('should use cached credentials on second call', async () => {
mockFetch.mockResolvedValueOnce({
ok: true,
status: 200,
json: async () => mockSuccessResponse,
});
// First call - should fetch from Vault
const credentials1 = await client.getCredentials('linode');
expect(mockFetch).toHaveBeenCalledTimes(1);
// Second call - should use cache
const credentials2 = await client.getCredentials('linode');
expect(mockFetch).toHaveBeenCalledTimes(1); // No additional fetch
expect(credentials2).toEqual(credentials1);
});
it('should throw VaultError on 401 Unauthorized', async () => {
mockFetch.mockResolvedValue({
ok: false,
status: 401,
statusText: 'Unauthorized',
json: async () => ({ errors: ['permission denied'] }),
});
await expect(client.getCredentials('linode')).rejects.toThrow(VaultError);
});
it('should throw VaultError on 403 Forbidden', async () => {
mockFetch.mockResolvedValue({
ok: false,
status: 403,
statusText: 'Forbidden',
json: async () => ({ errors: ['permission denied'] }),
});
await expect(client.getCredentials('linode')).rejects.toThrow(VaultError);
});
it('should throw VaultError on 404 Not Found', async () => {
mockFetch.mockResolvedValue({
ok: false,
status: 404,
statusText: 'Not Found',
json: async () => ({}),
});
await expect(client.getCredentials('unknown')).rejects.toThrow(VaultError);
});
it('should throw VaultError on 500 Server Error', async () => {
mockFetch.mockResolvedValue({
ok: false,
status: 500,
statusText: 'Internal Server Error',
json: async () => ({ errors: ['internal server error'] }),
});
await expect(client.getCredentials('linode')).rejects.toThrow(VaultError);
});
it('should throw VaultError on timeout', async () => {
// Mock fetch to simulate AbortError
mockFetch.mockImplementation(() => {
const error = new Error('This operation was aborted');
error.name = 'AbortError';
return Promise.reject(error);
});
await expect(client.getCredentials('linode')).rejects.toThrow(VaultError);
});
it('should throw VaultError on invalid response structure', async () => {
mockFetch.mockResolvedValue({
ok: true,
status: 200,
json: async () => ({ invalid: 'structure' }),
});
await expect(client.getCredentials('linode')).rejects.toThrow(VaultError);
});
it('should throw VaultError on missing required fields', async () => {
mockFetch.mockResolvedValue({
ok: true,
status: 200,
json: async () => ({
data: {
data: {
provider: 'linode',
api_token: '', // Empty token
},
metadata: mockSuccessResponse.data.metadata,
},
}),
});
await expect(client.getCredentials('linode')).rejects.toThrow(VaultError);
});
it('should handle network errors gracefully', async () => {
mockFetch.mockRejectedValue(new Error('Network error'));
await expect(client.getCredentials('linode')).rejects.toThrow(VaultError);
});
});
describe('cache management', () => {
it('should clear cache for specific provider', async () => {
const mockResponse: VaultSecretResponse = {
data: {
data: { provider: 'linode', api_token: 'token1' },
metadata: {
created_time: '2024-01-21T10:00:00Z',
custom_metadata: null,
deletion_time: '',
destroyed: false,
version: 1,
},
},
};
mockFetch.mockResolvedValue({
ok: true,
status: 200,
json: async () => mockResponse,
});
// Fetch and cache
await client.getCredentials('linode');
expect(mockFetch).toHaveBeenCalledTimes(1);
// Clear cache
client.clearCache('linode');
// Should fetch again
await client.getCredentials('linode');
expect(mockFetch).toHaveBeenCalledTimes(2);
});
it('should clear all cache', async () => {
const mockLinode: VaultSecretResponse = {
data: {
data: { provider: 'linode', api_token: 'token1' },
metadata: {
created_time: '2024-01-21T10:00:00Z',
custom_metadata: null,
deletion_time: '',
destroyed: false,
version: 1,
},
},
};
const mockVultr: VaultSecretResponse = {
data: {
data: { provider: 'vultr', api_token: 'token2' },
metadata: {
created_time: '2024-01-21T10:00:00Z',
custom_metadata: null,
deletion_time: '',
destroyed: false,
version: 1,
},
},
};
mockFetch
.mockResolvedValueOnce({
ok: true,
status: 200,
json: async () => mockLinode,
})
.mockResolvedValueOnce({
ok: true,
status: 200,
json: async () => mockVultr,
});
// Cache both providers
await client.getCredentials('linode');
await client.getCredentials('vultr');
const statsBefore = client.getCacheStats();
expect(statsBefore.size).toBe(2);
expect(statsBefore.providers).toContain('linode');
expect(statsBefore.providers).toContain('vultr');
// Clear all cache
client.clearCache();
const statsAfter = client.getCacheStats();
expect(statsAfter.size).toBe(0);
expect(statsAfter.providers).toEqual([]);
});
it('should provide cache statistics', async () => {
const mockResponse: VaultSecretResponse = {
data: {
data: { provider: 'linode', api_token: 'token1' },
metadata: {
created_time: '2024-01-21T10:00:00Z',
custom_metadata: null,
deletion_time: '',
destroyed: false,
version: 1,
},
},
};
mockFetch.mockResolvedValue({
ok: true,
status: 200,
json: async () => mockResponse,
});
// Initially empty
let stats = client.getCacheStats();
expect(stats.size).toBe(0);
expect(stats.providers).toEqual([]);
// After caching
await client.getCredentials('linode');
stats = client.getCacheStats();
expect(stats.size).toBe(1);
expect(stats.providers).toEqual(['linode']);
});
});
describe('VaultError', () => {
it('should create error with all properties', () => {
const error = new VaultError('Test error', 404, 'linode');
expect(error).toBeInstanceOf(Error);
expect(error.name).toBe('VaultError');
expect(error.message).toBe('Test error');
expect(error.statusCode).toBe(404);
expect(error.provider).toBe('linode');
});
it('should create error without optional properties', () => {
const error = new VaultError('Test error');
expect(error.message).toBe('Test error');
expect(error.statusCode).toBeUndefined();
expect(error.provider).toBeUndefined();
});
});
});

3
wrangler.toml
View File

@@ -24,6 +24,5 @@ CORS_ORIGIN = "*"
# Cron Triggers
[triggers]
crons = [
"0 0 * * *",
"0 */6 * * *"
"0 0 * * *"
]