@ordojs/enterprise

Enterprise-grade features for OrdoJS including SSO, RBAC, audit logging, and scalability.

Features

🔐 Authentication & Authorization

• SSO Support: SAML, OAuth2, Google, Azure AD, and Okta integration
• Role-Based Access Control (RBAC): Comprehensive permission system
• Session Management: Enterprise-grade session handling with JWT
• Multi-factor Authentication: Support for various MFA providers

📊 Audit & Compliance

• Comprehensive Audit Logging: Track all user actions and system events
• GDPR Compliance: Data retention, right to be forgotten, consent management
• SOX Compliance: Audit trails, access control, change management
• HIPAA Compliance: PHI data encryption, access logging, audit trails
• PCI Compliance: Card data encryption, tokenization, access control

⚡ Scalability & Performance

• Virtual Scrolling: Handle large datasets efficiently
• Performance Monitoring: Real-time metrics and alerting
• Caching Strategies: Advanced caching with Redis support
• Load Balancing: Health checks and session management

Installation

pnpm add @ordojs/enterprise

Quick Start

import { EnterpriseManager } from '@ordojs/enterprise';

// Configure enterprise features
const config = {
  sso: {
    enabled: true,
    providers: [
      {
        provider: 'google',
        clientId: 'your-client-id',
        clientSecret: 'your-client-secret',
        callbackUrl: 'http://localhost:3000/auth/google/callback',
        scope: ['email', 'profile'],
      },
    ],
  },
  rbac: {
    enabled: true,
    sessionTimeout: 24 * 60 * 60 * 1000, // 24 hours
    maxSessionsPerUser: 5,
  },
  audit: {
    enabled: true,
    retentionDays: 90,
    logLevel: 'info',
    includeMetadata: true,
  },
  compliance: {
    gdpr: {
      enabled: true,
      dataRetentionDays: 30,
      rightToBeForgotten: true,
      dataPortability: true,
      consentManagement: true,
    },
    sox: {
      enabled: true,
      auditTrailRequired: true,
      accessControlRequired: true,
      changeManagementRequired: true,
    },
    hipaa: {
      enabled: false,
      phiDataEncryption: false,
      accessLogging: false,
      auditTrail: false,
    },
    pci: {
      enabled: false,
      cardDataEncryption: false,
      tokenization: false,
      accessControl: false,
    },
  },
  scalability: {
    virtualScroll: {
      itemHeight: 50,
      overscan: 5,
      containerHeight: 400,
    },
    cache: {
      type: 'redis',
      ttl: 3600,
      maxSize: 1000,
      compression: true,
      encryption: false,
    },
  },
  security: {
    rateLimiting: {
      enabled: true,
      windowMs: 15 * 60 * 1000, // 15 minutes
      maxRequests: 100,
    },
    sessionManagement: {
      secret: 'your-session-secret',
      resave: false,
      saveUninitialized: false,
      cookie: {
        secure: process.env.NODE_ENV === 'production',
        httpOnly: true,
        maxAge: 24 * 60 * 60 * 1000, // 24 hours
      },
    },
  },
};

// Initialize enterprise manager
const enterpriseManager = new EnterpriseManager(config, 'your-jwt-secret');
await enterpriseManager.initialize();

SSO Configuration

Google OAuth2

import { SSOManager } from '@ordojs/enterprise';

const ssoManager = new SSOManager('your-jwt-secret');

ssoManager.configureProviders([
  {
    provider: 'google',
    clientId: 'your-google-client-id',
    clientSecret: 'your-google-client-secret',
    callbackUrl: 'http://localhost:3000/auth/google/callback',
    scope: ['email', 'profile'],
  },
]);

SAML

ssoManager.configureProviders([
  {
    provider: 'saml',
    clientId: 'your-saml-client-id',
    clientSecret: 'your-saml-client-secret',
    callbackUrl: 'http://localhost:3000/auth/saml/callback',
    entryPoint: 'https://your-idp.com/sso',
    issuer: 'your-app-entity-id',
    cert: 'your-idp-certificate',
  },
]);

Azure AD

ssoManager.configureProviders([
  {
    provider: 'azure-ad',
    clientId: 'your-azure-client-id',
    clientSecret: 'your-azure-client-secret',
    callbackUrl: 'http://localhost:3000/auth/azure/callback',
    tenantId: 'your-tenant-id',
    resource: 'your-app-resource-id',
  },
]);

RBAC Usage

import { RBACManager } from '@ordojs/enterprise';

const rbacManager = new RBACManager('your-jwt-secret');

// Create roles
const adminRole = await rbacManager.createRole({
  name: 'admin',
  description: 'Administrator role',
  permissions: [
    {
      id: 'user.read',
      name: 'Read Users',
      resource: 'users',
      action: 'read',
    },
    {
      id: 'user.write',
      name: 'Write Users',
      resource: 'users',
      action: 'write',
    },
  ],
});

// Assign role to user
await rbacManager.assignRoleToUser('user-id', adminRole.id, 'admin-user-id');

// Check permissions
const hasPermission = await rbacManager.hasPermission('user-id', 'users', 'read');

Audit Logging

import { AuditManager } from '@ordojs/enterprise';

const auditManager = new AuditManager(auditConfig, complianceConfig);

// Log authentication events
await auditManager.logAuthEvent('login', req, {
  userId: user.id,
  sessionId: session.id,
});

// Log data access
await auditManager.logDataAccess(userId, 'users', 'user-123', 'read', req, {
  fields: ['id', 'email', 'name'],
});

// Get compliance report
const report = await auditManager.generateComplianceReport();

Virtual Scrolling

import { VirtualScrollManager } from '@ordojs/enterprise';

const virtualScroll = new VirtualScrollManager({
  itemHeight: 50,
  overscan: 5,
  containerHeight: 400,
});

// Initialize with container and data
virtualScroll.initialize(containerElement, largeDataset);

// Set render callback
virtualScroll.setRenderCallback(items => {
  // Render visible items
  items.forEach(item => {
    // Render item
  });
});

Performance Monitoring

import { PerformanceMonitor } from '@ordojs/enterprise';

const performanceMonitor = new PerformanceMonitor(
  {
    memory: 80,
    cpu: 80,
    responseTime: 1000,
    errorRate: 5,
    cacheHitRate: 70,
  },
  cacheConfig
);

// Start monitoring
performanceMonitor.startMonitoring(5000); // Every 5 seconds

// Get performance report
const report = performanceMonitor.generatePerformanceReport();

Compliance Checking

import { ComplianceChecker } from '@ordojs/enterprise';

const complianceChecker = new ComplianceChecker(complianceConfig);

// Run compliance check
const report = await complianceChecker.runComplianceCheck(auditEvents);

// Check specific compliance
const gdprReport = await complianceChecker.runCategoryCheck('gdpr', auditEvents);

API Reference

EnterpriseManager

Main orchestrator for all enterprise features.

Methods

• initialize(): Initialize all enterprise features
• getSSOManager(): Get SSO manager instance
• getRBACManager(): Get RBAC manager instance
• getAuditManager(): Get audit manager instance
• getVirtualScrollManager(): Get virtual scroll manager instance
• authenticateWithSSO(provider, req): Authenticate user with SSO
• createUserSession(user, req): Create user session with RBAC
• checkPermission(userId, resource, action): Check user permissions
• createRole(roleData, createdBy): Create role with audit logging
• assignRoleToUser(userId, roleId, assignedBy): Assign role to user
• getComplianceReport(): Get compliance report
• getAuditEvents(filters, page, limit): Get audit events
• cleanupAuditEvents(): Cleanup old audit events
• getConfig(): Get enterprise configuration
• updateConfig(updates): Update enterprise configuration
• getSystemHealth(): Get system health status
• shutdown(): Shutdown enterprise features

SSOManager

Manage Single Sign-On authentication.

Methods

• configureProviders(configs, defaultProvider): Configure SSO providers
• getAuthMiddleware(provider): Get authentication middleware
• getCallbackMiddleware(provider): Get callback middleware
• getLogoutMiddleware(): Get logout middleware
• generateToken(user): Generate JWT token
• verifyToken(token): Verify JWT token
• createSession(user, req): Create user session
• getAuthResponse(user, req): Get authentication response

RBACManager

Manage Role-Based Access Control.

Methods

• createRole(roleData): Create a new role
• updateRole(roleId, updates): Update existing role
• deleteRole(roleId): Delete a role
• createPermission(permissionData): Create a new permission
• assignRoleToUser(userId, roleId, assignedBy): Assign role to user
• removeRoleFromUser(userId, roleId): Remove role from user
• getUserRoles(userId): Get all roles for a user
• getUserPermissions(userId): Get all permissions for a user
• hasPermission(userId, resource, action): Check if user has permission
• hasAnyPermission(userId, permissions): Check if user has any permission
• hasAllPermissions(userId, permissions): Check if user has all permissions
• createSession(user, req): Create user session
• validateSession(sessionId): Validate session
• invalidateSession(sessionId): Invalidate session
• invalidateUserSessions(userId): Invalidate all user sessions
• createPermissionMiddleware(resource, action): Create permission middleware
• createRoleMiddleware(roleNames): Create role middleware

AuditManager

Manage audit logging and compliance.

Methods

• logEvent(event): Log an audit event
• logAuthEvent(userId, action, req, details): Log authentication events
• logDataAccess(userId, resource, resourceId, action, req, details): Log data access
• logSecurityEvent(event, req): Log security events
• logSystemEvent(action, resource, details, severity): Log system events
• logComplianceEvent(complianceType, action, details, severity): Log compliance events
• queryEvents(filters, page, limit): Query audit events
• generateComplianceReport(): Generate compliance report
• cleanupOldEvents(): Cleanup old audit events

VirtualScrollManager

Handle large datasets with virtual scrolling.

Methods

• initialize(container, dataSource): Initialize virtual scroll
• setRenderCallback(callback): Set render callback
• updateDataSource(dataSource): Update data source
• scrollToItem(index, behavior): Scroll to specific item
• scrollToItemById(id, behavior): Scroll to item by ID
• getScrollState(): Get current scroll state
• getVisibleItems(): Get visible items
• isItemVisible(index): Check if item is visible
• getItemByIndex(index): Get item by index
• getItemById(id): Get item by ID
• updateConfig(config): Update configuration
• destroy(): Destroy virtual scroll
• refresh(): Refresh virtual scroll
• getScrollMetrics(): Get scroll metrics

PerformanceMonitor

Monitor application performance.

Methods

• startMonitoring(intervalMs): Start performance monitoring
• stopMonitoring(): Stop performance monitoring
• getCurrentMetrics(): Get current performance metrics
• getMetricsHistory(duration): Get metrics history
• getAlerts(severity): Get performance alerts
• getPerformanceSummary(): Get performance summary
• updateThresholds(thresholds): Update thresholds
• clearOldMetrics(olderThanMs): Clear old metrics
• clearOldAlerts(olderThanMs): Clear old alerts
• getPerformanceTrends(): Get performance trends
• generatePerformanceReport(): Generate performance report

ComplianceChecker

Check compliance with various standards.

Methods

• runComplianceCheck(auditEvents): Run all compliance checks
• runCategoryCheck(category, auditEvents): Run compliance check for specific category

Configuration

Enterprise Configuration

interface EnterpriseConfig {
  sso: {
    enabled: boolean;
    providers: SSOConfig[];
    defaultProvider?: string;
  };
  rbac: {
    enabled: boolean;
    defaultRole?: string;
    sessionTimeout: number;
    maxSessionsPerUser: number;
  };
  audit: AuditLogConfig;
  compliance: ComplianceConfig;
  scalability: {
    virtualScroll: VirtualScrollConfig;
    cache: CacheConfig;
    loadBalancer?: LoadBalancerConfig;
    microFrontends?: MicroFrontendConfig[];
  };
  security: {
    rateLimiting: {
      enabled: boolean;
      windowMs: number;
      maxRequests: number;
    };
    sessionManagement: {
      secret: string;
      resave: boolean;
      saveUninitialized: boolean;
      cookie: {
        secure: boolean;
        httpOnly: boolean;
        maxAge: number;
      };
    };
  };
}

Examples

See the examples directory for complete usage examples.

Contributing

Please read our Contributing Guide for details on our code of conduct and the process for submitting pull requests.

License

This project is licensed under the MIT License - see the LICENSE file for details.