npm - @manojkmfsi/monodog - Versions diffs - 1.1.22 → 1.1.23 - Mend

@manojkmfsi/monodog 1.1.22 → 1.1.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/CHANGELOG.md +6 -0
package/dist/controllers/publish-controller.js +67 -5
package/dist/middleware/auth-middleware.js +27 -4
package/dist/routes/auth-routes.js +30 -2
package/dist/routes/publish-routes.js +8 -2
package/dist/services/changeset-service.js +4 -40
package/dist/utils/utilities.js +49 -0
package/monodog-dashboard/dist/assets/{index-BYVT2h3u.js → index-BMoE990p.js} +9 -8
package/monodog-dashboard/dist/assets/index-BMoE990p.js.map +1 -0
package/monodog-dashboard/dist/index.html +1 -1
package/package.json +1 -1

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,11 @@
 # @manojkmfsi/monoapp
+## 1.1.23
+### Patch Changes
+- [`b90aa90`](https://github.com/manojkmfsi/monodog/commit/b90aa90bfbf516128af033c883a21ca4d09f713d) - dcdsdsvdvdvxvcxvxvx
 ## 1.1.22
 ### Patch Changes

package/dist/controllers/publish-controller.js CHANGED Viewed

@@ -7,6 +7,7 @@ exports.createChangeset = createChangeset;
 exports.checkPublishStatus = checkPublishStatus;
 exports.triggerPublish = triggerPublish;
 const logger_1 = require("../middleware/logger");
+const auth_middleware_1 = require("../middleware/auth-middleware");
 const changeset_service_1 = require("../services/changeset-service");
 /**
  * Get all workspace packages
@@ -80,17 +81,34 @@ async function previewPublish(req, res) {
         // Perform validation checks
         const errors = [];
         const warnings = [];
+        // Get authenticated user
+        const session = (0, auth_middleware_1.getSessionFromRequest)(req);
+        const authUser = req.user;
+        const userPermission = req.permission.permission || 'read';
         // Check 1: Working tree clean
         const workingTreeClean = isClean;
         if (!workingTreeClean) {
             errors.push('Working tree has uncommitted changes');
         }
-        // Check 2: User permissions (simplified - always true for now)
-        const permissions = true;
+        // Check 2: User permissions
+        const permissionHierarchy = {
+            admin: 4,
+            maintain: 3,
+            write: 2,
+            read: 1,
+            none: 0,
+        };
+        const userLevel = permissionHierarchy[userPermission] || 0;
+        const requiredLevel = permissionHierarchy['write'] || 0;
+        const permissions = userLevel >= requiredLevel;
+        if (!permissions) {
+            errors.push(`Insufficient permissions. Required: write, Got: ${userPermission}`);
+        }
         // Check 3: CI passing (simplified - always true for now)
         const ciPassing = true;
         // Check 4: Version available on npm (simplified - always true for now)
         const versionAvailable = true;
+        logger_1.AppLogger.info(`Publishing preview for user: ${authUser?.login} (permission: ${userPermission})`);
         const isValid = errors.length === 0;
         res.json({
             success: true,
@@ -126,6 +144,8 @@ async function previewPublish(req, res) {
 async function createChangeset(req, res) {
     try {
         const { packages: selectedPackageNames, bumps, summary } = req.body;
+        const authUser = req.user;
+        const userPermission = req.permission.permission || 'read';
         if (!selectedPackageNames || !Array.isArray(selectedPackageNames)) {
             res.status(400).json({
                 success: false,
@@ -142,9 +162,29 @@ async function createChangeset(req, res) {
             });
             return;
         }
+        // Check permissions
+        const permissionHierarchy = {
+            admin: 4,
+            maintain: 3,
+            write: 2,
+            read: 1,
+            none: 0,
+        };
+        const userLevel = permissionHierarchy[userPermission] || 0;
+        const requiredLevel = permissionHierarchy['write'] || 0;
+        if (userLevel < requiredLevel) {
+            logger_1.AppLogger.warn(`User ${authUser?.login} attempted to create changeset without write permission`);
+            res.status(403).json({
+                success: false,
+                error: 'Forbidden',
+                message: `This action requires write permission. You have: ${userPermission}`,
+            });
+            return;
+        }
         const rootPath = req.app.locals.rootPath;
+        logger_1.AppLogger.info(`Creating changeset for user: ${authUser?.login} (permission: ${userPermission})`);
         // Generate the changeset
-        const result = await (0, changeset_service_1.generateChangeset)(rootPath, selectedPackageNames, bumps || [], summary);
+        const result = await (0, changeset_service_1.generateChangeset)(rootPath, selectedPackageNames, bumps || [], summary, authUser?.login);
         if (!result.success) {
             res.status(400).json({
                 success: false,
@@ -202,6 +242,27 @@ async function checkPublishStatus(req, res) {
 async function triggerPublish(req, res) {
     try {
         const rootPath = req.app.locals.rootPath;
+        const authUser = req.user;
+        const userPermission = req.permission.permission || 'read';
+        // Check permissions
+        const permissionHierarchy = {
+            admin: 4,
+            maintain: 3,
+            write: 2,
+            read: 1,
+            none: 0,
+        };
+        const userLevel = permissionHierarchy[userPermission] || 0;
+        const requiredLevel = permissionHierarchy['maintain'] || 0;
+        if (userLevel < requiredLevel) {
+            logger_1.AppLogger.warn(`User ${authUser?.login} attempted to trigger publish without maintain permission`);
+            res.status(403).json({
+                success: false,
+                error: 'Forbidden',
+                message: `This action requires maintain permission. You have: ${userPermission}`,
+            });
+            return;
+        }
         // Check if working tree is clean
         const isClean = true; //await isWorkingTreeClean(rootPath);
         if (!isClean) {
@@ -222,8 +283,9 @@ async function triggerPublish(req, res) {
             });
             return;
         }
-        // Trigger publish pipeline
-        const result = await (0, changeset_service_1.triggerPublishPipeline)(rootPath);
+        logger_1.AppLogger.info(`Triggering publish for user: ${authUser?.login} (permission: ${userPermission})`);
+        // Trigger publish pipeline with user context
+        const result = await (0, changeset_service_1.triggerPublishPipeline)(rootPath, authUser?.login);
         if (!result.success) {
             res.status(500).json({
                 success: false,

package/dist/middleware/auth-middleware.js CHANGED Viewed

@@ -90,9 +90,30 @@ function authenticationMiddleware(req, res, next) {
         });
         return;
     }
-    // Attach session to request
+    // Attach session and user info to request
     req.session = session;
-    logger_1.AppLogger.debug(`Authenticated request from user: ${session.user.login}`);
+    req.user = {
+        login: session.user.login,
+        id: session.user.id,
+    };
+    // Attach permission from session (if available)
+    if (session.permission) {
+        req.permission = session.permission;
+    }
+    else {
+        // Default to 'read' if no permission fetched
+        req.permission = {
+            permission: 'read',
+            role: 'Denied',
+            userId: session.user.id,
+            username: session.user.login,
+            owner: '',
+            repo: '',
+            cachedAt: Date.now(),
+            ttl: 0,
+        };
+    }
+    logger_1.AppLogger.debug(`Authenticated request from user: ${session.user.login} with permission: ${req.permission?.permission || 'unknown'}`);
     next();
 }
 /**
@@ -124,10 +145,12 @@ function repositoryPermissionMiddleware(requiredPermission) {
             read: 1,
             none: 0,
         };
-        const userLevel = permissionHierarchy[permission.permission] || 0;
+        // Handle both string and object formats for permission
+        const userPermissionString = typeof permission === 'string' ? permission : (permission.permission || 'none');
+        const userLevel = permissionHierarchy[userPermissionString] || 0;
         const requiredLevel = permissionHierarchy[requiredPermission] || 0;
         if (userLevel < requiredLevel) {
-            logger_1.AppLogger.warn(`User ${session.user.login} lacks permission for action requiring ${requiredPermission}`);
+            logger_1.AppLogger.warn(`User ${session.user.login} lacks permission for action requiring ${requiredPermission} (has ${userPermissionString})`);
             res.status(403).json({
                 error: 'Forbidden',
                 message: `This action requires ${requiredPermission} permission`,

package/dist/routes/auth-routes.js CHANGED Viewed

@@ -7,7 +7,9 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const express_1 = require("express");
 const github_oauth_service_1 = require("../services/github-oauth-service");
 const auth_middleware_1 = require("../middleware/auth-middleware");
+const permission_service_1 = require("../services/permission-service");
 const logger_1 = require("../middleware/logger");
+const utilities_1 = require("../utils/utilities");
 const router = (0, express_1.Router)();
 // OAuth configuration (should come from environment variables)
 // const GITHUB_CLIENT_ID = process.env.GITHUB_CLIENT_ID || '';
@@ -138,13 +140,34 @@ router.get('/callback', async (req, res) => {
         // Get user information
         logger_1.AppLogger.debug('Retrieving authenticated user information');
         const user = await (0, github_oauth_service_1.getAuthenticatedUser)(tokenResponse.access_token);
-        // Create session
+        // Fetch user's repository permission
+        let permission = null;
+        try {
+            logger_1.AppLogger.debug(`Fetching repository permission for user ${user.login}`);
+            // Extract repository info from git remote
+            const repoInfo = await (0, utilities_1.getRepositoryInfoFromGit)();
+            if (!repoInfo) {
+                logger_1.AppLogger.warn('Could not extract repository info from git remote - permission fetch skipped');
+            }
+            else {
+                const { owner, repo } = repoInfo;
+                permission = await (0, permission_service_1.getUserRepositoryPermission)(tokenResponse.access_token, user.id, user.login, owner, repo);
+                logger_1.AppLogger.info(`User ${user.login} has ${permission.permission} permission on ${owner}/${repo}`);
+            }
+        }
+        catch (permError) {
+            logger_1.AppLogger.error(`Failed to fetch repository permission: ${permError}`);
+            // Continue without permission - will be checked on protected routes
+            permission = null;
+        }
+        // Create session with permission
         const session = {
             accessToken: tokenResponse.access_token,
             expiresIn: 3600, // 1 hour default
             expiresAt: Date.now() + 24 * 60 * 60 * 1000, // 24 hours
             user,
             scopes: tokenResponse.scope.split(','),
+            permission, // Include fetched permission in session
         };
         // Store session and get token
         const sessionToken = (0, auth_middleware_1.storeSession)(session);
@@ -152,7 +175,7 @@ router.get('/callback', async (req, res) => {
         const redirectUrl = getRedirectUrl(state) || '/';
         // Clear state
         clearState(state);
-        logger_1.AppLogger.info(`User authenticated: ${user.login}`);
+        logger_1.AppLogger.info(`User authenticated: ${user.login} with permission: ${permission?.permission || 'unknown'}`);
         res.json({
             success: true,
             message: 'Authentication successful',
@@ -164,6 +187,10 @@ router.get('/callback', async (req, res) => {
                 name: user.name,
                 avatar_url: user.avatar_url,
             },
+            permission: permission ? {
+                level: permission.permission,
+                role: permission.role,
+            } : null,
         });
     }
     catch (error) {
@@ -203,6 +230,7 @@ router.get('/me', auth_middleware_1.authenticationMiddleware, (req, res) => {
             },
             scopes: session.scopes,
             expiresAt: session.expiresAt,
+            permission: session.permission || null,
         });
     }
     catch (error) {

package/dist/routes/publish-routes.js CHANGED Viewed

@@ -10,31 +10,37 @@ const publishRouter = express_1.default.Router();
 /**
  * GET /api/publish/packages
  * Get all workspace packages for publishing
+ * Requires: read permission
  */
 publishRouter.get('/packages', auth_middleware_1.authenticationMiddleware, publish_controller_1.getPublishPackages);
 /**
  * GET /api/publish/changesets
  * Get existing unpublished changesets
+ * Requires: read permission
  */
 publishRouter.get('/changesets', auth_middleware_1.authenticationMiddleware, publish_controller_1.getPublishChangesets);
 /**
  * POST /api/publish/preview
  * Preview the publish plan (calculate new versions, affected packages)
+ * Requires: read permission
  */
 publishRouter.post('/preview', auth_middleware_1.authenticationMiddleware, publish_controller_1.previewPublish);
 /**
  * POST /api/publish/changesets
  * Create a new changeset for the selected packages
+ * Requires: write permission
  */
-publishRouter.post('/changesets', auth_middleware_1.authenticationMiddleware, publish_controller_1.createChangeset);
+publishRouter.post('/changesets', auth_middleware_1.authenticationMiddleware, (0, auth_middleware_1.repositoryPermissionMiddleware)('write'), publish_controller_1.createChangeset);
 /**
  * GET /api/publish/status
  * Check publish readiness (working tree, changesets, etc.)
+ * Requires: read permission
  */
 publishRouter.get('/status', auth_middleware_1.authenticationMiddleware, publish_controller_1.checkPublishStatus);
 /**
  * POST /api/publish/trigger
  * Trigger the publishing workflow
+ * Requires: maintain permission
  */
-publishRouter.post('/trigger', auth_middleware_1.authenticationMiddleware, publish_controller_1.triggerPublish);
+publishRouter.post('/trigger', auth_middleware_1.authenticationMiddleware, (0, auth_middleware_1.repositoryPermissionMiddleware)('maintain'), publish_controller_1.triggerPublish);
 exports.default = publishRouter;

package/dist/services/changeset-service.js CHANGED Viewed

@@ -120,7 +120,7 @@ async function validateChangeset(rootPath, packages, summary) {
 /**
  * Generate a new changeset
  */
-async function generateChangeset(rootPath, packages, bumps, summary) {
+async function generateChangeset(rootPath, packages, bumps, summary, createdBy) {
     try {
         // Validate input
         const validation = await validateChangeset(rootPath, packages, summary);
@@ -154,7 +154,7 @@ async function generateChangeset(rootPath, packages, bumps, summary) {
         content += summary;
         // Write changeset file
         await promises_1.default.writeFile(changesetPath, content, 'utf-8');
-        logger_1.AppLogger.info(`Changeset created: ${changesetName}`);
+        logger_1.AppLogger.info(`Changeset created: ${changesetName} by user: ${createdBy || 'unknown'}`);
         return {
             success: true,
             message: 'Changeset created successfully',
@@ -186,8 +186,9 @@ async function isWorkingTreeClean(rootPath) {
 /**
  * Trigger CI pipeline for publishing
  */
-async function triggerPublishPipeline(rootPath) {
+async function triggerPublishPipeline(rootPath, publishedBy) {
     try {
+        logger_1.AppLogger.info(`Publishing workflow triggered by user: ${publishedBy || 'unknown'}`);
         // Check if publish workflow exists
         const publishWorkflowPath = path_1.default.join(rootPath, '.github', 'workflows', 'release.yml');
         try {
@@ -228,43 +229,6 @@ async function triggerPublishPipeline(rootPath) {
             logger_1.AppLogger.warn(`Git operations failed: ${gitError}`);
             // Continue anyway - changesets might already be committed
         }
-        // Trigger the workflow via GitHub API if we have a token
-        try {
-            const githubToken = process.env.GITHUB_TOKEN;
-            if (githubToken) {
-                // Get repo info from package.json or git remote
-                const { stdout: remoteUrl } = await execPromise('git remote get-url origin', {
-                    cwd: rootPath,
-                });
-                // Parse GitHub repo from URL (e.g., git@github.com:user/repo.git)
-                const repoMatch = remoteUrl.match(/github\.com[:/]([^/]+)\/(.+?)(\.git)?$/);
-                if (repoMatch) {
-                    const [, owner, repo] = repoMatch;
-                    const repoName = repo.replace(/\.git$/, '');
-                    // Trigger the workflow
-                    const response = await fetch(`https://api.github.com/repos/${owner}/${repoName}/actions/workflows/release.yml/dispatches`, {
-                        method: 'POST',
-                        headers: {
-                            Authorization: `Bearer ${githubToken}`,
-                            Accept: 'application/vnd.github.v3+json',
-                        },
-                        body: JSON.stringify({
-                            ref: 'main',
-                        }),
-                    });
-                    if (response.ok) {
-                        logger_1.AppLogger.info('GitHub workflow triggered successfully');
-                    }
-                    else {
-                        logger_1.AppLogger.warn(`Failed to trigger workflow: ${response.statusText}`);
-                    }
-                }
-            }
-        }
-        catch (workflowError) {
-            logger_1.AppLogger.warn(`Failed to trigger workflow: ${workflowError}`);
-            // Still return success as the changeset was created
-        }
         logger_1.AppLogger.info('Publish pipeline initiated');
         return {
             success: true,

package/dist/utils/utilities.js CHANGED Viewed

@@ -40,6 +40,7 @@ exports.calculatePackageHealth = void 0;
 exports.resolveWorkspaceGlobs = resolveWorkspaceGlobs;
 exports.getWorkspacesFromRoot = getWorkspacesFromRoot;
 exports.parsePackageInfo = parsePackageInfo;
+exports.getRepositoryInfoFromGit = getRepositoryInfoFromGit;
 exports.scanMonorepo = scanMonorepo;
 exports.generateMonorepoStats = generateMonorepoStats;
 exports.findCircularDependencies = findCircularDependencies;
@@ -407,3 +408,51 @@ function findMonorepoRoot() {
     logger_1.AppLogger.warn('Could not find monorepo root, using process.cwd(): ' + process.cwd());
     return process.cwd();
 }
+/**
+ * Extracts GitHub repository owner and repo name from git remote URL
+ * Supports both SSH (git@github.com:owner/repo.git) and HTTPS (https://github.com/owner/repo.git) formats
+ */
+async function getRepositoryInfoFromGit(repoPath = process.cwd()) {
+    try {
+        const { exec } = await import('child_process');
+        const { promisify } = await import('util');
+        const execPromise = promisify(exec);
+        // Get the git remote URL
+        const { stdout } = await execPromise('git remote get-url origin', {
+            cwd: repoPath,
+            timeout: 5000,
+        });
+        const remoteUrl = stdout.trim();
+        if (!remoteUrl) {
+            logger_1.AppLogger.warn('No git remote found');
+            return null;
+        }
+        // Parse different URL formats
+        let owner = '';
+        let repo = '';
+        // SSH format: git@github.com:owner/repo.git
+        const sshMatch = remoteUrl.match(/git@github\.com:([^/]+)\/(.+?)(\.git)?$/);
+        if (sshMatch) {
+            owner = sshMatch[1];
+            repo = sshMatch[2].replace(/\.git$/, '');
+        }
+        else {
+            // HTTPS format: https://github.com/owner/repo.git or https://github.com/owner/repo
+            const httpsMatch = remoteUrl.match(/github\.com[:/]([^/]+)\/(.+?)(\.git)?$/);
+            if (httpsMatch) {
+                owner = httpsMatch[1];
+                repo = httpsMatch[2].replace(/\.git$/, '');
+            }
+        }
+        if (!owner || !repo) {
+            logger_1.AppLogger.warn(`Could not parse repository info from git remote: ${remoteUrl}`);
+            return null;
+        }
+        logger_1.AppLogger.debug(`Extracted repository info: owner=${owner}, repo=${repo}`);
+        return { owner, repo };
+    }
+    catch (error) {
+        logger_1.AppLogger.error(`Failed to get repository info from git: ${error}`);
+        return null;
+    }
+}