@hubfluencer/mcp 0.1.0

package/src/login.ts

@@ -0,0 +1,129 @@
+#!/usr/bin/env node
+/**
+ * `hubfluencer-login` — device-link CLI.
+ *
+ * Connects this agent to a Hubfluencer account without copy-pasting a token:
+ * starts a link request, prints a URL + code for the user to approve in the
+ * signed-in app, polls until approved, then stores the scoped access token in
+ * ~/.hubfluencer/credentials.json (mode 0600). The MCP server reads it from
+ * there (or from HUBFLUENCER_API_TOKEN).
+ */
+
+import { chmod, mkdir, writeFile } from "node:fs/promises";
+import { dirname } from "node:path";
+import { assertSafeBaseUrl } from "./client.js";
+import { CREDENTIALS_PATH } from "./credentials.js";
+
+const BASE = (process.env.HUBFLUENCER_BASE_URL || "https://hubfluencer.com")
+	.replace(/\/+$/, "")
+	.replace(/\/api$/, "");
+// Fail before printing a code / polling if the base would leak the token.
+assertSafeBaseUrl(BASE);
+const MAX_POLLS = 120;
+
+const sleep = (ms: number) => new Promise((r) => setTimeout(r, ms));
+
+async function main() {
+	const clientName = process.argv[2] || "Claude Code";
+
+	const startRes = await fetch(`${BASE}/api/agent-link/start`, {
+		method: "POST",
+		headers: { "content-type": "application/json", accept: "application/json" },
+		body: JSON.stringify({
+			client_name: clientName,
+			scopes: ["video:generate", "video:read"],
+		}),
+	});
+	if (!startRes.ok) {
+		console.error(
+			`Could not start login (HTTP ${startRes.status}). Check HUBFLUENCER_BASE_URL.`,
+		);
+		process.exit(1);
+	}
+	const start = (await startRes.json()) as {
+		device_code: string;
+		user_code: string;
+		verification_uri: string;
+		verification_uri_complete?: string;
+		interval?: number;
+	};
+
+	const url = start.verification_uri_complete || start.verification_uri;
+	console.error("\nConnect this agent to Hubfluencer:\n");
+	console.error(`  1. Open:   ${url}`);
+	console.error(`  2. Confirm code:  ${start.user_code}`);
+	console.error("  3. Click Approve (you'll need to be signed in).\n");
+	console.error("Waiting for approval…");
+
+	// Mutable: the server can ask us to back off via `slow_down` (device-flow
+	// spec), at which point we widen the interval rather than keep hammering.
+	let intervalMs = Math.max(2, start.interval ?? 5) * 1000;
+	const MAX_INTERVAL_MS = 30_000;
+
+	for (let i = 0; i < MAX_POLLS; i++) {
+		await sleep(intervalMs);
+		const pollRes = await fetch(`${BASE}/api/agent-link/poll`, {
+			method: "POST",
+			headers: {
+				"content-type": "application/json",
+				accept: "application/json",
+			},
+			body: JSON.stringify({ device_code: start.device_code }),
+		});
+		const body = (await pollRes.json().catch(() => ({}))) as {
+			status?: string;
+			token?: string;
+			error?: string;
+		};
+
+		if (pollRes.ok && body.status === "approved" && body.token) {
+			await storeToken(body.token);
+			console.error(
+				`\n✓ Connected. Access token saved to ${CREDENTIALS_PATH}.`,
+			);
+			console.error("  Revoke anytime in the app: Settings → Access tokens.\n");
+			return;
+		}
+		if (body.status === "slow_down") {
+			// Honour the backoff request: widen the interval (capped) and keep polling.
+			intervalMs = Math.min(intervalMs + 5000, MAX_INTERVAL_MS);
+			continue;
+		}
+		if (body.status === "pending") continue;
+
+		console.error(
+			`\n✗ ${body.error || body.status || `HTTP ${pollRes.status}`}. Run login again.`,
+		);
+		process.exit(1);
+	}
+
+	console.error("\n✗ Timed out waiting for approval. Run login again.");
+	process.exit(1);
+}
+
+async function storeToken(token: string) {
+	const dir = dirname(CREDENTIALS_PATH);
+	await mkdir(dir, { recursive: true, mode: 0o700 });
+	await writeFile(
+		CREDENTIALS_PATH,
+		JSON.stringify({ token, base_url: BASE }, null, 2),
+		{
+			mode: 0o600,
+		},
+	);
+	// The `mode` option only applies when the file is freshly created — an
+	// existing (possibly loose-perm) file keeps its perms. chmod explicitly so a
+	// pre-existing world/group-readable token file is tightened. Best-effort on
+	// platforms where chmod is a no-op (Windows).
+	try {
+		await chmod(CREDENTIALS_PATH, 0o600);
+		await chmod(dir, 0o700);
+	} catch {
+		// chmod is hardening — never fail the login over it
+	}
+}
+
+main().catch((e) => {
+	console.error("Fatal:", e instanceof Error ? e.message : String(e));
+	process.exit(1);
+});

package/src/uploads.ts

@@ -0,0 +1,369 @@
+/**
+ * Local-asset upload mechanics for the editor pipeline.
+ *
+ * The base REST client (`client.ts`) only speaks JSON to the API host. Bringing
+ * a local file in needs two things it can't do: PUT raw bytes to a presigned
+ * S3/R2 URL, and drive a resumable multipart upload. Both live here.
+ *
+ * SECURITY: every local path the agent hands us is funnelled through
+ * `resolveReadPath`, the read-side mirror of `index.ts`'s `resolveSavePath`. A
+ * prompt-injected `file_path` (e.g. "~/.ssh/id_rsa") would otherwise be
+ * exfiltrated to the user's own bucket and read back via `get_editor` — so reads
+ * are confined to HUBFLUENCER_INPUT_DIR (or cwd) and an extension allowlist.
+ */
+
+import { open, readFile, stat } from "node:fs/promises";
+import { basename, extname, isAbsolute, resolve, sep } from "node:path";
+import type { HubfluencerClient } from "./client.js";
+import { assertSafeFetchUrl } from "./core.js";
+
+// Server-returned presign/download URLs are normally on R2/S3 over https. Allow
+// loopback http only when the API base itself is local (dev MinIO/localstack),
+// mirroring the base-URL exception — so a compromised/MITM'd API response can't
+// turn a PUT into an SSRF write to an internal host.
+const ALLOW_LOOPBACK_FETCH =
+	/^http:\/\/(localhost|127\.0\.0\.1|\[?::1\]?)/.test(
+		process.env.HUBFLUENCER_BASE_URL || "",
+	);
+
+// Mirror the server-side constants (editor_upload.ex / editor_asset_controller.ex)
+// so we fail fast client-side with a clear message instead of after a wasted PUT.
+const MAX_VIDEO_BYTES = 500_000_000; // EditorUpload.@max_upload_bytes
+const MAX_IMAGE_BYTES = 20 * 1024 * 1024; // editor_asset @max_image_size
+const MAX_LOGO_BYTES = 20 * 1024 * 1024; // logos go through the image inspector too
+const MULTIPART_THRESHOLD = 50 * 1024 * 1024; // @multipart_min_size — at/above this, use multipart
+
+const VIDEO_EXT_MIME: Record<string, string> = {
+	mp4: "video/mp4",
+	mov: "video/quicktime",
+	webm: "video/webm",
+	mkv: "video/x-matroska",
+};
+// Logos/product/closing accept only jpeg+png server-side (ImageAssetInspector).
+// WebP is intentionally excluded until the backend mime source-of-truth is
+// reconciled, so an agent never hits a presign-passes/confirm-fails trap.
+const IMAGE_EXT_MIME: Record<string, string> = {
+	jpg: "image/jpeg",
+	jpeg: "image/jpeg",
+	png: "image/png",
+};
+
+export const VIDEO_EXTS = Object.keys(VIDEO_EXT_MIME);
+export const IMAGE_EXTS = Object.keys(IMAGE_EXT_MIME);
+
+export interface ResolvedFile {
+	path: string;
+	ext: string;
+	mime: string;
+	size: number;
+}
+
+export interface PartSlice {
+	/** 1-based part number, as S3/R2 multipart expects. */
+	part_number: number;
+	/** Byte offset of this part within the file. */
+	offset: number;
+	/** Byte length of this part (the last part is the remainder). */
+	len: number;
+}
+
+/**
+ * Splits a file of `size` bytes into 1-based multipart slices of `partSize`
+ * bytes each, the last part carrying the remainder. Pure + total: the single
+ * source of truth for how `uploadVideoMultipart` chunks a file, so its edge
+ * cases (exact multiple, sub-part file, large remainder) are unit-testable
+ * without touching the filesystem or the network.
+ */
+export function planMultipartParts(
+	size: number,
+	partSize: number,
+): PartSlice[] {
+	if (!Number.isFinite(size) || size <= 0) {
+		throw new Error(`size must be a positive number, got ${size}.`);
+	}
+	if (!Number.isFinite(partSize) || partSize <= 0) {
+		throw new Error(`partSize must be a positive number, got ${partSize}.`);
+	}
+	const parts: PartSlice[] = [];
+	for (let offset = 0, n = 1; offset < size; offset += partSize, n++) {
+		parts.push({
+			part_number: n,
+			offset,
+			len: Math.min(partSize, size - offset),
+		});
+	}
+	return parts;
+}
+
+/**
+ * Confines a model-supplied read path to an allowlisted input base and an
+ * extension allowlist, then stats it. Base = HUBFLUENCER_INPUT_DIR if set, else
+ * the current working directory. Rejects traversal outside the base — the same
+ * `target === base || target.startsWith(base + sep)` guard `resolveSavePath`
+ * uses, which defeats the `/base-evil` sibling-prefix bypass.
+ */
+export async function resolveReadPath(
+	filePath: string,
+	extToMime: Record<string, string>,
+	maxBytes: number,
+): Promise<ResolvedFile> {
+	if (!filePath || typeof filePath !== "string") {
+		throw new Error("file_path is required.");
+	}
+	const base = resolve(process.env.HUBFLUENCER_INPUT_DIR || process.cwd());
+	const target = isAbsolute(filePath)
+		? resolve(filePath)
+		: resolve(base, filePath);
+	if (target !== base && !target.startsWith(base + sep)) {
+		throw new Error(
+			`file_path must be inside ${base} (set HUBFLUENCER_INPUT_DIR to change). Refusing to read ${target}.`,
+		);
+	}
+	const ext = extname(target).slice(1).toLowerCase();
+	const mime = extToMime[ext];
+	if (!mime) {
+		const allowed = Object.keys(extToMime)
+			.map((e) => `.${e}`)
+			.join(", ");
+		throw new Error(`Unsupported file type ".${ext}". Allowed: ${allowed}.`);
+	}
+	let size: number;
+	try {
+		const st = await stat(target);
+		if (!st.isFile()) throw new Error("not a regular file");
+		size = st.size;
+	} catch (e) {
+		throw new Error(
+			`Cannot read ${target}: ${e instanceof Error ? e.message : String(e)}`,
+		);
+	}
+	if (size <= 0) throw new Error(`${target} is empty.`);
+	if (size > maxBytes) {
+		throw new Error(
+			`${target} is ${size} bytes — over the ${maxBytes}-byte cap for this asset type.`,
+		);
+	}
+	return { path: target, ext, mime, size };
+}
+
+/**
+ * PUTs bytes to a presigned S3/R2 URL. `contentType` is sent ONLY when the URL
+ * signed it (single-object presign does — see S3Client.presign_put's
+ * query_params; multipart part presign does NOT, so callers omit it there to
+ * avoid sending an unsigned header). Returns the object/part ETag from the
+ * response (needed to complete a multipart upload).
+ */
+export async function putToPresignedUrl(
+	url: string,
+	body: Buffer,
+	contentType: string | undefined,
+	timeoutMs = 300_000,
+): Promise<string | undefined> {
+	// The presigned URL comes back in API JSON — refuse to PUT bytes to an
+	// insecure or private/internal host (SSRF / cleartext exfil of file bytes).
+	assertSafeFetchUrl(url, { allowLoopback: ALLOW_LOOPBACK_FETCH });
+	const headers: Record<string, string> = {};
+	if (contentType) headers["content-type"] = contentType;
+	// Pass an exact ArrayBuffer slice — the generic Uint8Array<ArrayBufferLike>
+	// type doesn't resolve cleanly against fetch's BodyInit union, but a plain
+	// ArrayBuffer is unambiguous (and this is a one-time copy of a bounded chunk).
+	const ab = body.buffer.slice(
+		body.byteOffset,
+		body.byteOffset + body.byteLength,
+	) as ArrayBuffer;
+	let resp: Response;
+	try {
+		resp = await fetch(url, {
+			method: "PUT",
+			headers,
+			body: ab,
+			signal: AbortSignal.timeout(timeoutMs),
+		});
+	} catch (e) {
+		if (
+			e instanceof Error &&
+			(e.name === "TimeoutError" || e.name === "AbortError")
+		) {
+			throw new Error(`Upload PUT timed out after ${timeoutMs / 1000}s.`);
+		}
+		throw e instanceof Error ? new Error(`Upload PUT failed: ${e.message}`) : e;
+	}
+	if (!resp.ok) {
+		const text = await resp.text().catch(() => "");
+		throw new Error(
+			`Upload PUT rejected (HTTP ${resp.status})${text ? `: ${text.slice(0, 200)}` : ""}.`,
+		);
+	}
+	return resp.headers.get("etag") ?? undefined;
+}
+
+interface PresignVideoResponse {
+	data: { upload_id: number | string; presigned_url: string; s3_key: string };
+}
+interface ConfirmUploadResponse {
+	data: { id: number | string; status: string; error_message?: string | null };
+}
+interface MultipartInitResponse {
+	data: {
+		upload_id: number | string;
+		s3_upload_id: string;
+		s3_key: string;
+		parts_count: number;
+		part_size: number;
+	};
+}
+interface SignPartResponse {
+	data: { presigned_url: string; part_number: number };
+}
+
+export interface UploadedVideo {
+	upload_id: number | string;
+	status: string;
+}
+
+/**
+ * Uploads a local video file to an editor project and returns the upload id +
+ * its post-confirm status. Picks single-PUT for small files and resumable
+ * multipart at/above the 50 MiB threshold. The returned upload is queued for
+ * async processing (status "pending"/"processing") — poll the uploads list
+ * until it reaches "ready" before placing it on the timeline.
+ */
+export async function uploadVideoFile(
+	client: HubfluencerClient,
+	slug: string,
+	filePath: string,
+	opts: { fitMode?: string; productDescription?: string } = {},
+): Promise<UploadedVideo> {
+	const file = await resolveReadPath(filePath, VIDEO_EXT_MIME, MAX_VIDEO_BYTES);
+	const filename = basename(file.path);
+	const fit_mode = opts.fitMode === "cover" ? "cover" : undefined;
+	const product_description = opts.productDescription;
+
+	if (file.size >= MULTIPART_THRESHOLD) {
+		return uploadVideoMultipart(client, slug, file, {
+			filename,
+			fit_mode,
+			product_description,
+		});
+	}
+
+	const presign = await client.post<PresignVideoResponse>(
+		`/editor/${slug}/uploads/presign`,
+		{
+			filename,
+			mime_type: file.mime,
+			size_bytes: file.size,
+			fit_mode,
+			product_description,
+		},
+	);
+	const { upload_id, presigned_url } = presign.data;
+	const buf = await readFile(file.path);
+	// Content-Type MUST equal the presigned mime exactly — confirm HEADs the
+	// object and 422s on mismatch (editor/uploads.ex).
+	await putToPresignedUrl(presigned_url, buf, file.mime);
+	const confirmed = await client.post<ConfirmUploadResponse>(
+		`/editor/${slug}/uploads/${upload_id}/confirm`,
+	);
+	return { upload_id, status: confirmed.data?.status ?? "processing" };
+}
+
+async function uploadVideoMultipart(
+	client: HubfluencerClient,
+	slug: string,
+	file: ResolvedFile,
+	meta: { filename: string; fit_mode?: string; product_description?: string },
+): Promise<UploadedVideo> {
+	const init = await client.post<MultipartInitResponse>(
+		`/editor/${slug}/uploads/multipart/init`,
+		{
+			filename: meta.filename,
+			mime_type: file.mime,
+			size_bytes: file.size,
+			fit_mode: meta.fit_mode,
+			product_description: meta.product_description,
+		},
+	);
+	const { upload_id, s3_upload_id, parts_count, part_size } = init.data;
+	const plan = planMultipartParts(file.size, part_size);
+	// The server signs parts by number and validates the set on complete; if its
+	// part count disagrees with our slicing, fail loudly before uploading rather
+	// than producing an unmatchable set.
+	if (plan.length !== parts_count) {
+		throw new Error(
+			`Multipart plan mismatch: server expects ${parts_count} parts, computed ${plan.length} for ${file.size} bytes at ${part_size}/part.`,
+		);
+	}
+	const fh = await open(file.path, "r");
+	const parts: Array<{ part_number: number; etag: string }> = [];
+	try {
+		for (const { part_number, offset, len } of plan) {
+			const chunk = Buffer.alloc(len);
+			await fh.read(chunk, 0, len, offset);
+			const sign = await client.post<SignPartResponse>(
+				`/editor/${slug}/uploads/multipart/sign-part`,
+				{ upload_id, s3_upload_id, part_number },
+			);
+			// No content-type here — the part presign does not sign one.
+			const etag = await putToPresignedUrl(
+				sign.data.presigned_url,
+				chunk,
+				undefined,
+			);
+			if (!etag) {
+				throw new Error(`Part ${part_number} returned no ETag from S3.`);
+			}
+			parts.push({ part_number, etag });
+		}
+		const done = await client.post<ConfirmUploadResponse>(
+			`/editor/${slug}/uploads/multipart/complete`,
+			{ upload_id, s3_upload_id, parts },
+		);
+		return { upload_id, status: done.data?.status ?? "processing" };
+	} catch (e) {
+		// Best-effort abort so a failed run doesn't leak a dangling multipart
+		// upload (and its pending row) on R2.
+		try {
+			await client.post(`/editor/${slug}/uploads/multipart/abort`, {
+				upload_id,
+				s3_upload_id,
+			});
+		} catch {
+			// abort is cleanup — never mask the original failure
+		}
+		throw e;
+	} finally {
+		await fh.close();
+	}
+}
+
+interface PresignImageResponse {
+	data: { presigned_url: string; s3_key: string };
+}
+
+/**
+ * Uploads a local image to one of the editor's image-asset slots
+ * (product / closing-image / logo). These share the same presign→PUT shape;
+ * the caller then POSTs the returned `s3_key` to the slot's confirm endpoint
+ * (the confirm validates the key against an anchored regex, so it must be
+ * threaded through verbatim). Returns the `s3_key`.
+ */
+export async function uploadImageFile(
+	client: HubfluencerClient,
+	presignPath: string,
+	filePath: string,
+	maxBytes: number = MAX_IMAGE_BYTES,
+): Promise<{ s3_key: string }> {
+	const file = await resolveReadPath(filePath, IMAGE_EXT_MIME, maxBytes);
+	const presign = await client.post<PresignImageResponse>(presignPath, {
+		mime_type: file.mime,
+		size_bytes: file.size,
+	});
+	const { presigned_url, s3_key } = presign.data;
+	const buf = await readFile(file.path);
+	await putToPresignedUrl(presigned_url, buf, file.mime);
+	return { s3_key };
+}
+
+export const LOGO_MAX_BYTES = MAX_LOGO_BYTES;
+export const IMAGE_MAX_BYTES = MAX_IMAGE_BYTES;

package/tsconfig.json

@@ -0,0 +1,19 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "Node16",
+    "moduleResolution": "Node16",
+    "lib": ["ES2023"],
+    "outDir": "./dist",
+    "rootDir": "./src",
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "forceConsistentCasingInFileNames": true,
+    "declaration": true,
+    "sourceMap": true,
+    "resolveJsonModule": true
+  },
+  "include": ["src/**/*.ts"],
+  "exclude": ["node_modules", "dist"]
+}