@fleetbase/registry-bridge-engine 0.0.1 → 0.0.3

package/addon/components/modals/create-registry-credentials.hbs

@@ -0,0 +1,5 @@
+<Modal::Default @modalIsOpened={{@modalIsOpened}} @options={{@options}} @confirm={{@onConfirm}} @decline={{@onDecline}}>
+    <div class="modal-body-container">
+        <InputGroup @name="Password" @helpText="You must authenticate using your password." @placeholder="Enter your password" @value={{@options.password}} @type="password" />    
+    </div>
+</Modal::Default>

package/addon/components/registry-admin-config.hbs

@@ -0,0 +1,16 @@
+<ContentPanel @title="Registry Configuration" @open={{true}} @pad={{true}} @panelBodyClass="bg-white dark:bg-gray-800">
+    <InputGroup @name="Registry Host" @value={{this.registryHost}} disabled={{or this.getConfigValues.isRunning this.saveConfigValues.isRunning}} />
+    <InputGroup @name="Registry Token" @value={{this.registryToken}} disabled={{or this.getConfigValues.isRunning this.saveConfigValues.isRunning}} />
+</ContentPanel>
+<EmberWormhole @to="next-view-section-subheader-actions">
+    <Button
+        @type="primary"
+        @size="sm"
+        @icon="save"
+        @text="Save Changes"
+        @onClick={{perform this.saveConfigValues}}
+        @disabled={{or this.getConfigValues.isRunning this.saveConfigValues.isRunning}}
+        @isLoading={{this.saveConfigValues.isRunning}}
+    />
+</EmberWormhole>
+<Spacer @height="400px" />

package/addon/components/registry-admin-config.js

@@ -0,0 +1,36 @@
+import Component from '@glimmer/component';
+import { inject as service } from '@ember/service';
+import { tracked } from '@glimmer/tracking';
+import { task } from 'ember-concurrency';
+
+export default class RegistryAdminConfigComponent extends Component {
+    @service fetch;
+    @service notifications;
+    @tracked registryHost;
+    @tracked registryToken;
+
+    constructor() {
+        super(...arguments);
+        this.getConfigValues.perform();
+    }
+
+    @task *getConfigValues() {
+        try {
+            const { host, token } = yield this.fetch.get('registry-extensions/config', {}, { namespace: '~registry/v1' });
+            this.registryHost = host;
+            this.registryToken = token;
+        } catch (error) {
+            this.notifications.serverError(error);
+        }
+    }
+
+    @task *saveConfigValues() {
+        try {
+            const { host, token } = yield this.fetch.post('registry-extensions/config', { host: this.registryHost, token: this.registryToken }, { namespace: '~registry/v1' });
+            this.registryHost = host;
+            this.registryToken = token;
+        } catch (error) {
+            this.notifications.serverError(error);
+        }
+    }
+}

package/addon/controllers/developers/credentials.js

@@ -0,0 +1,106 @@
+import Controller from '@ember/controller';
+import { action } from '@ember/object';
+import { inject as service } from '@ember/service';
+
+export default class DevelopersCredentialsController extends Controller {
+    @service modalsManager;
+    @service notifications;
+    @service hostRouter;
+    @service fetch;
+
+    columns = [
+        {
+            label: 'Owner',
+            valuePath: 'user.name',
+            width: '15%',
+        },
+        {
+            label: 'Fleetbase Token',
+            valuePath: 'token',
+            cellComponent: 'click-to-copy',
+            width: '20%',
+        },
+        {
+            label: 'Registry Token',
+            valuePath: 'registry_token',
+            cellComponent: 'click-to-reveal',
+            cellComponentArgs: {
+                clickToCopy: true,
+            },
+            width: '25%',
+        },
+        {
+            label: 'Expiry',
+            valuePath: 'expires_at',
+            width: '15%',
+        },
+        {
+            label: 'Created',
+            valuePath: 'created_at',
+            width: '15%',
+        },
+        {
+            label: '',
+            cellComponent: 'table/cell/dropdown',
+            ddButtonText: false,
+            ddButtonIcon: 'ellipsis-h',
+            ddButtonIconPrefix: 'fas',
+            ddMenuLabel: 'Credential Actions',
+            cellClassNames: 'overflow-visible',
+            wrapperClass: 'flex items-center justify-end mx-2',
+            width: '10%',
+            align: 'right',
+            actions: [
+                {
+                    label: 'Delete Credentials',
+                    fn: this.deleteCredentials,
+                    className: 'text-red-700 hover:text-red-800',
+                },
+            ],
+        },
+    ];
+
+    @action deleteCredentials(credentials) {
+        this.modalsManager.confirm({
+            title: 'Delete extension registry credentials?',
+            body: 'Are you sure you wish to delete these credentials? Once deleted any service or user using these credentials will loose access to the registry.',
+            confirm: async (modal) => {
+                modal.startLoading();
+
+                try {
+                    await this.fetch.delete(`auth/registry-tokens/${credentials.uuid}`, {}, { namespace: '~registry/v1' });
+                    this.notifications.success('Registry credentials deleted.');
+                    return this.hostRouter.refresh();
+                } catch (error) {
+                    this.notifications.serverError(error);
+                }
+            },
+        });
+    }
+
+    @action createCredentials() {
+        this.modalsManager.show('modals/create-registry-credentials', {
+            title: 'Create new registry credentials',
+            acceptButtonText: 'Create',
+            acceptButtonIcon: 'check',
+            password: null,
+            confirm: async (modal) => {
+                modal.startLoading();
+
+                const password = modal.getOption('password');
+                if (!password) {
+                    this.notifications.warning('Password cannot be empty');
+                    return modal.stopLoading();
+                }
+
+                try {
+                    await this.fetch.post('auth/registry-tokens', { password }, { namespace: '~registry/v1' });
+                    this.notifications.success('Registry credentials created.');
+                    return this.hostRouter.refresh();
+                } catch (error) {
+                    this.notifications.serverError(error);
+                }
+            },
+        });
+    }
+}

package/addon/engine.js

@@ -3,6 +3,7 @@ import loadInitializers from 'ember-load-initializers';
 import Resolver from 'ember-resolver';
 import config from './config/environment';
 import services from '@fleetbase/ember-core/exports/services';
+import RegistryAdminConfigComponent from './components/registry-admin-config';
 import ExtensionReviewerControlComponent from './components/extension-reviewer-control';
 import ExtensionPendingPublishViewerComponent from './components/extension-pending-publish-viewer';
 
@@ -24,12 +25,17 @@ export default class RegistryBridgeEngine extends Engine {
             'Extensions Registry',
             [
                 {
-                    title: 'Extensions Awaiting Review',
+                    title: 'Registry Config',
+                    icon: 'gear',
+                    component: RegistryAdminConfigComponent,
+                },
+                {
+                    title: 'Awaiting Review',
                     icon: 'gavel',
                     component: ExtensionReviewerControlComponent,
                 },
                 {
-                    title: 'Extensions Pending Publish',
+                    title: 'Pending Publish',
                     icon: 'rocket',
                     component: ExtensionPendingPublishViewerComponent,
                 },

package/addon/routes/developers/credentials.js

@@ -1,3 +1,10 @@
 import Route from '@ember/routing/route';
+import { inject as service } from '@ember/service';
 
-export default class DevelopersCredentialsRoute extends Route {}
+export default class DevelopersCredentialsRoute extends Route {
+    @service fetch;
+
+    model() {
+        return this.fetch.get('auth/registry-tokens', {}, { namespace: '~registry/v1' });
+    }
+}

package/addon/templates/application.hbs

@@ -17,6 +17,7 @@
         <Layout::Sidebar::Item @route="console.extensions.developers.extensions" @icon="box-archive">Extensions</Layout::Sidebar::Item>
         <Layout::Sidebar::Item @route="console.extensions.developers.analytics" @icon="chart-simple">Analytics</Layout::Sidebar::Item>
         <Layout::Sidebar::Item @route="console.extensions.developers.payments" @icon="cash-register">Payments</Layout::Sidebar::Item>
+        <Layout::Sidebar::Item @route="console.extensions.developers.credentials" @icon="key">Credentials</Layout::Sidebar::Item>
     </Layout::Sidebar::Panel>
     <Spacer @height="200px" />
 </EmberWormhole>

package/addon/templates/developers/credentials.hbs

@@ -1 +1,13 @@
-{{outlet}}
+<Layout::Section::Header @title="Credentials">
+    <Button @type="primary" @icon="plus" @iconPrefix="fas" @text="Create new credentials" class="mr-2" @onClick={{this.createCredentials}} />
+</Layout::Section::Header>
+
+<Layout::Section::Body class="overflow-y-scroll h-full">
+    <Table
+        @rows={{@model}}
+        @columns={{this.columns}}
+        @selectable={{false}}
+        @canSelectAll={{false}}
+        @pagination={{false}}
+    />
+</Layout::Section::Body>

package/addon/templates/developers/payments/index.hbs

@@ -6,7 +6,19 @@
 </Layout::Section::Header>
 
 <Layout::Section::Body class="overflow-y-scroll h-full">
-    {{#unless this.hasStripeConnectAccount}}
+    {{#if this.hasStripeConnectAccount}}
+        <Table
+            @rows={{@model.data}}
+            @columns={{this.columns}}
+            @selectable={{false}}
+            @canSelectAll={{false}}
+            @onSetup={{fn (mut this.table)}}
+            @pagination={{true}}
+            @paginationMeta={{@model.meta}}
+            @page={{this.page}}
+            @onPageChange={{fn (mut this.page)}}
+        />
+    {{else}}
         <div class="container">
             <div class="max-w-3xl mx-auto mt-4">
                 <div class="content">
@@ -18,16 +30,5 @@
                 </div>
             </div>
         </div>
-    {{/unless}}
-    <Table
-        @rows={{@model.data}}
-        @columns={{this.columns}}
-        @selectable={{false}}
-        @canSelectAll={{false}}
-        @onSetup={{fn (mut this.table)}}
-        @pagination={{true}}
-        @paginationMeta={{@model.meta}}
-        @page={{this.page}}
-        @onPageChange={{fn (mut this.page)}}
-    />
+    {{/if}}
 </Layout::Section::Body>

package/addon/templates/installed.hbs

@@ -13,15 +13,15 @@
                             <div class="font-semibold text-sm block">{{extension.name}}</div>
                             <div class="text-xs">{{n-a extension.description}}</div>
                         </div>
-                        <div class="pt-1 space-y-2">
+                        <div class="flex flex-col flex-1 pt-1 space-y-2">
                             <Button
                                 @type="default"
                                 @text={{t "registry-bridge.common.about-extension" extensionName=extension.name}}
                                 @icon="circle-info"
                                 @onClick={{fn this.about extension}}
-                                class="w-full"
+                                class="w-full btn-block"
                             />
-                            <Button @type="danger" @text={{t "registry-bridge.common.uninstall"}} @icon="trash" @onClick={{fn this.uninstall extension}} class="w-full" />
+                            <Button @type="danger" @text={{t "registry-bridge.common.uninstall"}} @icon="trash" @onClick={{fn this.uninstall extension}} class="w-full btn-block" />
                         </div>
                     </div>
                 </div>

package/app/components/modals/create-registry-credentials.js

@@ -0,0 +1 @@
+export { default } from '@fleetbase/registry-bridge-engine/components/modals/create-registry-credentials';

package/app/components/registry-admin-config.js

@@ -0,0 +1 @@
+export { default } from '@fleetbase/registry-bridge-engine/components/registry-admin-config';

package/app/controllers/developers/credentials.js

@@ -0,0 +1 @@
+export { default } from '@fleetbase/registry-bridge-engine/controllers/developers/credentials';

package/composer.json

@@ -1,6 +1,6 @@
 {
     "name": "fleetbase/registry-bridge",
-    "version": "0.0.1",
+    "version": "0.0.3",
     "description": "Internal Bridge between Fleetbase API and Extensions Registry",
     "keywords": [
         "fleetbase-extension",
@@ -20,7 +20,7 @@
     ],
     "require": {
         "php": "^8.0",
-        "fleetbase/core-api": "^1.4.28",
+        "fleetbase/core-api": "^1.4.30",
         "laravel/cashier": "^15.2.1",
         "php-http/guzzle7-adapter": "^1.0",
         "psr/http-factory-implementation": "*",

package/extension.json

@@ -1,6 +1,6 @@
 {
     "name": "Registry Bridge",
-    "version": "0.0.1",
+    "version": "0.0.3",
     "description": "Internal Bridge between Fleetbase API and Extensions Registry",
     "repository": "https://github.com/fleetbase/registry-bridge",
     "license": "AGPL-3.0-or-later",

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@fleetbase/registry-bridge-engine",
-    "version": "0.0.1",
+    "version": "0.0.3",
     "description": "Internal Bridge between Fleetbase API and Extensions Registry",
     "fleetbase": {
         "route": "extensions"
@@ -40,10 +40,10 @@
     "dependencies": {
         "@babel/core": "^7.23.2",
         "@fleetbase/ember-core": "^0.2.13",
-        "@fleetbase/ember-ui": "^0.2.18",
-        "@fortawesome/ember-fontawesome": "^0.4.1",
-        "@fortawesome/fontawesome-svg-core": "^6.5.2",
-        "@fortawesome/free-solid-svg-icons": "^6.5.2",
+        "@fleetbase/ember-ui": "^0.2.19",
+        "@fortawesome/ember-fontawesome": "^2.0.0",
+        "@fortawesome/fontawesome-svg-core": "6.4.0",
+        "@fortawesome/free-solid-svg-icons": "6.4.0",
         "@stripe/connect-js": "^3.3.10",
         "ember-auto-import": "^2.6.3",
         "ember-cli-babel": "^8.2.0",

package/server/config/registry-bridge.php

@@ -26,7 +26,8 @@ return [
         'webhook_secret' => env('STRIPE_WEBHOOK_SECRET'),
     ],
     'extensions' => [
-        'preinstalled' => Utils::castBoolean(env('REGISTRY_PREINSTALLED_EXTENSIONS', false))
+        'preinstalled' => Utils::castBoolean(env('REGISTRY_PREINSTALLED_EXTENSIONS', false)),
+        'protected_prefixes' => explode(',', env('REGISTRY_PROTECTED_PREFIXES', '@fleetbase,fleetbase,@flb,@fleetbase-extension,@flb-extension'))
     ],
     'facilitator_fee' => env('REGISTRY_FACILITATOR_FEE', 10)
 ];

package/server/migrations/2024_07_18_151000_add_auth_token_column_to_registry_users_table.php

@@ -0,0 +1,28 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::table('registry_users', function (Blueprint $table) {
+            $table->string('registry_token')->nullable()->after('token');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::table('registry_users', function (Blueprint $table) {
+            $table->dropColumn('registry_token');
+        });
+    }
+};

package/server/src/Http/Controllers/Internal/v1/RegistryAuthController.php

@@ -12,12 +12,55 @@ use Fleetbase\RegistryBridge\Models\RegistryExtension;
 use Fleetbase\RegistryBridge\Models\RegistryUser;
 use Fleetbase\RegistryBridge\Support\Bridge;
 use Fleetbase\Support\Auth;
+use Illuminate\Http\Request;
+use Illuminate\Support\Str;
 
 class RegistryAuthController extends Controller
 {
-    public function test()
+    /**
+     * Handle Composer authentication and return a list of unauthorized packages.
+     *
+     * This function authenticates the user based on the provided registry token.
+     * If the token is valid, it returns a list of packages that the user is not authorized to access.
+     *
+     * @param Request $request the incoming HTTP request containing the registry token
+     *
+     * @return \Illuminate\Http\JsonResponse a JSON response containing the status and a list of unauthorized packages
+     */
+    public function composerAuthentication(Request $request)
     {
-        dd(Bridge::get('~/flb/extensions'));
+        $registryToken = $request->input('registryToken');
+        if (!$registryToken) {
+            return response()->error('No registry token provided for authentication.', 401);
+        }
+
+        // Get registry user via token
+        $registryUser = RegistryUser::where('registry_token', $registryToken)->first();
+        if (!$registryUser) {
+            return response()->error('Invalid registry token provided for authentication.', 401);
+        }
+
+        // Fetch unauthorized extensions
+        $unauthorizedExtensions = RegistryExtension::where('payment_required', true)
+        ->whereDoesntHave('purchases', function ($query) use ($registryUser) {
+            $query->where('company_uuid', $registryUser->company_uuid);
+        })
+        ->whereHas('currentBundle')
+        ->with('currentBundle')
+        ->get();
+
+        // Map to unathorized to package names
+        $unauthorizedExtensionNames = $unauthorizedExtensions->map(function ($registryExtension) {
+            $composerJson = $registryExtension->currentBundle->meta['composer.json'] ?? [];
+
+            return $composerJson['name'] ?? null;
+        })->filter()->values();
+
+        // Done
+        return response()->json([
+            'status'               => 'ok',
+            'unauthorizedPackages' => $unauthorizedExtensionNames,
+        ]);
     }
 
     /**
@@ -129,15 +172,29 @@ class RegistryAuthController extends Controller
      */
     public function checkAccess(RegistryAuthRequest $request)
     {
-        // Get identity
-        $identity    = $request->input('identity');
+        $packageName       = $request->input('package');
+        $identity          = $request->input('identity');
+        $protectedPackage  = Str::startsWith($packageName, config('registry-bridge.extensions.protected_prefixes'));
 
-        // Find user by email or username
-        $user = User::where('email', $identity)->orWhere('username', $identity)->first();
+        // If no identity and not a protected package allow access
+        if (!$identity && !$protectedPackage) {
+            return response()->json(['allowed' => true]);
+        }
 
-        // If user is not admin respond with error
-        if (!$user->isAdmin()) {
-            return response()->error('User is not allowed access to the registry.', 401);
+        // Get registry user via identity
+        $registryUser = RegistryUser::findFromUsername($identity);
+
+        // If registry user is admin allow access
+        if ($registryUser->is_admin) {
+            return response()->json(['allowed' => true]);
+        }
+
+        // Check if package is protected, if so verify user has access to package
+        if ($protectedPackage) {
+            $extension = RegistryExtension::findByPackageName($packageName);
+            if ($extension && $extension->doesntHaveAccess($registryUser)) {
+                return response()->error('This package requires payment to access.', 401);
+            }
         }
 
         // For now only admin users can access registry
@@ -171,15 +228,16 @@ class RegistryAuthController extends Controller
         $force       = $request->boolean('force');
         $password    = $request->input('password');
 
+        // Find user by email or username
+        $registryUser = RegistryUser::findFromUsername($identity);
+        if (!$registryUser) {
+            return response()->error('Attempting to publish extension with invalid user.', 401);
+        }
+
         // If force publish bypass checks, authenticate by user login
         if ($force === true) {
-            // Find user by email or username
-            $user = User::where(function ($query) use ($identity) {
-                $query->where('email', $identity)->orWhere('phone', $identity)->orWhere('username', $identity);
-            })->first();
-
             // Authenticate user with password
-            if (Auth::isInvalidPassword($password, $user->password)) {
+            if (Auth::isInvalidPassword($password, $registryUser->user->password)) {
                 return response()->error('Invalid credentials, unable to force publish.', 401);
             }
 
@@ -197,16 +255,10 @@ class RegistryAuthController extends Controller
             return response()->error('Attempting to publish extension which has no record.', 401);
         }
 
-        // Find user by email or username
-        $user = User::where(function ($query) use ($identity) {
-            $query->where('email', $identity)->orWhere('phone', $identity)->orWhere('username', $identity);
-        })->first();
-        if (!$user) {
-            return response()->error('Attempting to publish extension with invalid user.', 401);
-        }
-
         // If user is not admin respond with error
-        if (!$user->isAdmin()) {
+        // For now only admin is allowed to publish to registry
+        // This may change in the future with approval/reject flow
+        if ($registryUser->isNotAdmin()) {
             return response()->error('User is not allowed publish to the registry.', 401);
         }
 
@@ -227,4 +279,91 @@ class RegistryAuthController extends Controller
         // Passed all checks
         return response()->json(['allowed' => true]);
     }
+
+    /**
+     * Creates a registry user by authenticating with the provided password.
+     *
+     * This method retrieves the current authenticated user and checks the provided password.
+     * If the password is valid, it logs in to the npm registry using the user's credentials,
+     * retrieves the authentication token, and associates it with the user. The registry token
+     * is stored in the database for the user's current session.
+     *
+     * @param Request $request the incoming HTTP request containing the user's password
+     *
+     * @return \Illuminate\Http\JsonResponse the JSON response containing the created RegistryUser or an error message
+     */
+    public function createRegistryUser(Request $request)
+    {
+        $password = $request->input('password');
+        if (!$password) {
+            return response()->error('Password is required.');
+        }
+
+        // Get current user
+        $user = Auth::getUserFromSession();
+        if (!$user) {
+            return response()->error('No user authenticated.');
+        }
+
+        // Authenticate user with password
+        if (Auth::isInvalidPassword($password, $user->password)) {
+            return response()->error('Invalid credentials.', 401);
+        }
+
+        // Create registry user
+        try {
+            $registryUser = Bridge::loginWithUser($user, $password);
+        } catch (\Throwable $e) {
+            return response()->json($e->getMessage());
+        }
+
+        return response()->json($registryUser);
+    }
+
+    /**
+     * Retrieves all registry tokens for the current company.
+     *
+     * This method queries the `RegistryUser` model to get all registry tokens
+     * associated with the current company's UUID from the session. It also includes
+     * user details for each registry token and returns the data as a JSON response.
+     *
+     * @return \Illuminate\Http\JsonResponse the JSON response containing a list of registry tokens with user details
+     */
+    public function getRegistryTokens()
+    {
+        $registryUsers = RegistryUser::select(
+            ['uuid', 'user_uuid', 'company_uuid', 'token', 'registry_token', 'expires_at', 'created_at']
+        )->where('company_uuid', session('company'))->with(
+            [
+                'user' => function ($query) {
+                    $query->select(['uuid', 'company_uuid', 'name', 'email']);
+                },
+            ]
+        )->get();
+
+        return response()->json($registryUsers);
+    }
+
+    /**
+     * Deletes a specific registry token by its UUID.
+     *
+     * This method deletes a registry token identified by its UUID. If the registry token
+     * does not exist, it returns an error response. If successful, it returns a JSON response
+     * with a status indicating the deletion was successful.
+     *
+     * @param string $id the UUID of the registry token to be deleted
+     *
+     * @return \Illuminate\Http\JsonResponse the JSON response indicating the status of the deletion
+     */
+    public function deleteRegistryToken(string $id)
+    {
+        $registryUser = RegistryUser::where('uuid', $id)->first();
+        if (!$registryUser) {
+            return response()->error('Registry token does not exist.');
+        }
+
+        $registryUser->delete();
+
+        return response()->json(['status' => 'ok']);
+    }
 }

package/server/src/Http/Controllers/Internal/v1/RegistryExtensionBundleController.php

@@ -8,7 +8,7 @@ use Fleetbase\RegistryBridge\Http\Controllers\RegistryBridgeController;
 use Fleetbase\RegistryBridge\Http\Requests\CreateRegistryExtensionBundleRequest;
 use Fleetbase\RegistryBridge\Http\Requests\RegistryExtensionActionRequest;
 use Fleetbase\RegistryBridge\Models\RegistryExtensionBundle;
-use Fleetbase\Support\Utils;
+use Fleetbase\RegistryBridge\Support\Utils;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Storage;
 use Illuminate\Support\Facades\Validator;