Copy docs into Zeek repo directly

This is based on commit 2731def9159247e6da8a3191783c89683363689c from the
zeek-docs repo.

doc/scripting/js/api.js

@@ -0,0 +1,60 @@
+// api.js
+//
+// HTTP API allowing to invoke any Zeek events and functions using a simple JSON payload.
+//
+// Triggering and intel match (this will log to intel.log)
+//
+//     $ curl --data-raw '{"args": [{"indicator": "50.3.2.1", "indicator_type": "Intel::ADDR", "where":"Intel::IN_ANYWHERE"}, []]}' \
+//         http://localhost:8080/events/Intel::match
+//
+// Calling a Zeek function:
+//
+//     $ curl -XPOST --data '{"args": [1000]}' localhost:8080/functions/rand
+//     {
+//       "result": 730
+//     }
+//
+const http = require('node:http');
+
+// Light-weight safe-json-stringify replacement.
+BigInt.prototype.toJSON = function () { return parseInt(this.toString()); };
+
+const handleCall = (cb, req, res) => {
+  const name = req.url.split('/').at(-1);
+  const body = [];
+  req.on('data', (chunk) => {
+    body.push(chunk);
+  }).on('end', () => {
+    try {
+      const parsed = JSON.parse(Buffer.concat(body).toString() || '{}');
+      const args = parsed.args || [];
+      const result = cb(name, args);
+      res.writeHead(202);
+      return res.end(`${JSON.stringify({ result: result }, null, 2)}\n`);
+    } catch (err) {
+      console.error(`error: ${err}`);
+      res.writeHead(400);
+      return res.end(`${JSON.stringify({ error: err.toString() })}\n`);
+    }
+  });
+};
+
+const server = http.createServer((req, res) => {
+  if (req.method === 'POST') {
+    if (req.url.startsWith('/events/')) {
+      return handleCall(zeek.event, req, res);
+    } else if (req.url.startsWith('/functions/')) {
+      return handleCall(zeek.invoke, req, res);
+    }
+  }
+
+  res.writeHead(404);
+  return res.end();
+});
+
+const host = process.env.API_HOST || '127.0.0.1';
+const port = parseInt(process.env.API_PORT || 8080, 10);
+
+server.listen(port, host, () => {
+  console.log(`Listening on ${host}:${port}...`);
+});

doc/scripting/js/api.zeek

@@ -0,0 +1,14 @@
+## api.zeek
+##
+## Sample events to be invoked by api.js
+module MyAPI;
+
+export {
+	global print_msg: event(msg: string, ts: time &default=network_time());
+}
+
+event MyAPI::print_msg(msg: string, ts: time) {
+	print "ZEEK", "print_msg", ts, msg;
+}
+
+@load ./api.js

doc/scripting/js/connection-service.js

@@ -0,0 +1,9 @@
+// connection-service.js
+zeek.on('connection_state_remove', { priority: 10 }, (c) => {
+  // c.service.push('service-from-js'); only modifies JavaScript array
+  c.service = c.service.concat('service-from-js');
+});
+
+zeek.hook('Conn::log_policy', (rec, id, filter) => {
+  console.log(rec.service);
+});

doc/scripting/js/global-vars.js

@@ -0,0 +1,9 @@
+// global-vars.js
+const timeouts = zeek.global_vars['Conn::analyzer_inactivity_timeouts'];
+
+// Similar to redef.
+timeouts['AllAnalyzers::ANALYZER_ANALYZER_SSH'] = 42.0;
+
+zeek.on('zeek_init', () => {
+  console.log('js', timeouts);
+});

doc/scripting/js/hello.js

@@ -0,0 +1,5 @@
+// hello.js
+zeek.on('zeek_init', () => {
+  let version = zeek.invoke('zeek_version');
+  console.log(`Hello, Zeek ${version}!`);
+});

doc/scripting/js/intel-insert.js

@@ -0,0 +1,10 @@
+// intel-insert.js
+zeek.on('zeek_init', () => {
+  let intel_item = {
+    indicator: '192.168.0.1',
+    indicator_type: 'Intel::ADDR',
+    meta: { source: 'some intel source' },
+  };
+
+  zeek.invoke('Intel::insert', [intel_item]);
+});

doc/scripting/js/zeek-as.js

@@ -0,0 +1,13 @@
+// zeek-as.js
+zeek.on('zeek_init', () => {
+  try {
+    // This throws because type_name takes an any parameter
+    zeek.invoke('type_name', ['192.168.0.0/16']);
+  } catch (e) {
+    console.error(`error: ${e}`);
+  }
+
+  // Explicit conversion of string to addr type.
+  let type_string = zeek.invoke('type_name', [zeek.as('subnet', '192.168.0.0/16')]);
+  console.log(`good: type_name is ${type_string}`);
+});