@monkeyplus/flow 6.0.17 → 6.0.18

package/cms/server/routes/api/auth/[...auth].mjs

@@ -0,0 +1,5 @@
+import { defineEventHandler } from "nitro/h3";
+import { auth } from "#cms-utils/auth";
+export default defineEventHandler(async (event) => {
+  return auth.handler(event.req);
+});

package/cms/server/routes/api/draft.d.ts

@@ -0,0 +1,3 @@
+import type { H3Event } from 'nitro';
+declare const _default: (event: H3Event) => Promise<any>;
+export default _default;

package/cms/server/routes/api/draft.mjs

@@ -0,0 +1,26 @@
+import { getQuery, HTTPError, readBody } from "nitro/h3";
+import { useStorage } from "nitro/storage";
+export default async (event) => {
+  const query = getQuery(event);
+  if (event.req.method === "GET") {
+    const file = query.file;
+    if (!file) {
+      return new HTTPError({
+        statusCode: 400,
+        statusMessage: "File is required",
+        message: "File is required"
+      });
+    }
+    const data = await useStorage("draft").getItem(file);
+    return data || {};
+  }
+  if (event.req.method === "DELETE") {
+    return {};
+  }
+  const body = await readBody(event);
+  if (!body?.file || !body?.data) {
+    throw new Error("Missing file or data");
+  }
+  await useStorage("draft").setItem(body.file, body.data);
+  return "world";
+};

package/cms/server/routes/api/repos/remote/[repo]/blobs/[file]/index.d.ts

@@ -0,0 +1,2 @@
+declare const _default: any;
+export default _default;

package/cms/server/routes/api/repos/remote/[repo]/blobs/[file]/index.mjs

@@ -0,0 +1,20 @@
+import { defineHandler, defineRouteMeta } from "nitro";
+import { ghRepoBlob } from "#cms-utils/github";
+defineRouteMeta({
+  openAPI: {
+    description: "(disabled - redirects to raw.githubusercontent.com)",
+    tags: ["hidden"]
+  }
+});
+export default defineHandler(async (event) => {
+  const repo = `${event.context.params.repo}`;
+  const fileSha = event.context.params.file;
+  const res = await ghRepoBlob(repo, fileSha);
+  const file = res;
+  return {
+    meta: {
+      sha: res.sha
+    },
+    file
+  };
+});

package/cms/server/routes/api/repos/remote/[repo]/blobs/index.post.d.ts

@@ -0,0 +1,2 @@
+declare const _default: import("h3").EventHandlerWithFetch<import("h3").EventHandlerRequest, Promise<any>>;
+export default _default;

package/cms/server/routes/api/repos/remote/[repo]/blobs/index.post.mjs

@@ -0,0 +1,8 @@
+import { defineEventHandler, readBody } from "h3";
+import { ghCreateBlob } from "#cms-utils/github";
+export default defineEventHandler(async (event) => {
+  const repo = event.context.params.repo;
+  const body = await readBody(event);
+  const res = await ghCreateBlob(repo, body);
+  return res;
+});

package/cms/server/routes/api/repos/remote/[repo]/branches/[branch]/index.d.ts

@@ -0,0 +1,2 @@
+declare const _default: import("h3").EventHandlerWithFetch<import("h3").EventHandlerRequest, Promise<any>>;
+export default _default;

package/cms/server/routes/api/repos/remote/[repo]/branches/[branch]/index.mjs

@@ -0,0 +1,8 @@
+import { defineEventHandler } from "h3";
+import { ghGetBranch } from "#cms-utils/github";
+export default defineEventHandler(async (event) => {
+  const repo = event.context.params.repo;
+  const branch = event.context.params.branch;
+  const res = await ghGetBranch(repo, branch);
+  return res;
+});

package/cms/server/routes/api/repos/remote/[repo]/commits/index.post.d.ts

@@ -0,0 +1,2 @@
+declare const _default: import("h3").EventHandlerWithFetch<import("h3").EventHandlerRequest, Promise<any>>;
+export default _default;

package/cms/server/routes/api/repos/remote/[repo]/commits/index.post.mjs

@@ -0,0 +1,8 @@
+import { defineEventHandler, readBody } from "h3";
+import { ghCreateCommit } from "#cms-utils/github";
+export default defineEventHandler(async (event) => {
+  const repo = event.context.params.repo;
+  const body = await readBody(event);
+  const res = await ghCreateCommit(repo, body);
+  return res;
+});

package/cms/server/routes/api/repos/remote/[repo]/files/[branch]/index.d.ts

@@ -0,0 +1,2 @@
+declare const _default: any;
+export default _default;

package/cms/server/routes/api/repos/remote/[repo]/files/[branch]/index.mjs

@@ -0,0 +1,38 @@
+import { defineHandler, defineRouteMeta } from "nitro";
+import { getQuery, HTTPError } from "nitro/h3";
+import { ghRepoFile, ghRepoFiles } from "#cms-utils/github";
+defineRouteMeta({
+  openAPI: {
+    description: "(disabled - redirects to raw.githubusercontent.com)",
+    tags: ["hidden"]
+  }
+});
+export default defineHandler(async (event) => {
+  const repo = `${event.context.params.repo}`;
+  const branch = event.context.params.branch;
+  const query = getQuery(event);
+  if (query.file) {
+    return await ghRepoFile(repo, query.file, branch);
+  }
+  if (!query.folder) {
+    return new HTTPError({
+      message: "No folder provided",
+      statusCode: 400
+    });
+  }
+  const res = await ghRepoFiles(repo, `${branch}:${query.folder}`);
+  const files = res.tree.filter((i) => i.type === "blob").map(
+    (i) => ({
+      path: i.path,
+      mode: i.mode,
+      sha: i.sha,
+      size: i.size
+    })
+  );
+  return {
+    meta: {
+      sha: res.sha
+    },
+    files
+  };
+});

package/cms/server/routes/api/repos/remote/[repo]/files/index.post.d.ts

@@ -0,0 +1,2 @@
+declare const _default: import("h3").EventHandlerWithFetch<import("h3").EventHandlerRequest, Promise<any>>;
+export default _default;

package/cms/server/routes/api/repos/remote/[repo]/files/index.post.mjs

@@ -0,0 +1,8 @@
+import { defineEventHandler, readBody } from "h3";
+import { ghCreateTree } from "#cms-utils/github";
+export default defineEventHandler(async (event) => {
+  const repo = event.context.params.repo;
+  const body = await readBody(event);
+  const res = await ghCreateTree(repo, body);
+  return res;
+});

package/cms/server/routes/api/repos/remote/[repo]/refs/heads/[branch]/index.patch.d.ts

@@ -0,0 +1,2 @@
+declare const _default: import("h3").EventHandlerWithFetch<import("h3").EventHandlerRequest, Promise<any>>;
+export default _default;

package/cms/server/routes/api/repos/remote/[repo]/refs/heads/[branch]/index.patch.mjs

@@ -0,0 +1,9 @@
+import { defineEventHandler, readBody } from "h3";
+import { ghUpdateRef } from "#cms-utils/github";
+export default defineEventHandler(async (event) => {
+  const repo = event.context.params.repo;
+  const branch = event.context.params.branch;
+  const body = await readBody(event);
+  const res = await ghUpdateRef(repo, branch, body);
+  return res;
+});

package/cms/server/utils/auth.d.ts

@@ -0,0 +1,3 @@
+export declare const auth: import("better-auth/*").Auth<{
+    database: (options: import("better-auth/*").BetterAuthOptions) => import("better-auth/*").DBAdapter<import("better-auth/*").BetterAuthOptions>;
+}>;

package/cms/server/utils/auth.mjs

@@ -0,0 +1,16 @@
+import { betterAuth } from "better-auth";
+import { drizzleAdapter } from "better-auth/adapters/drizzle";
+import * as schema from "../database/schema.mjs";
+import { db } from "./db.mjs";
+export const auth = betterAuth({
+  database: drizzleAdapter(db, {
+    provider: "sqlite",
+    schema
+  })
+  //   socialProviders: {
+  //     github: {
+  //       clientId: process.env.GITHUB_CLIENT_ID as string,
+  //       clientSecret: process.env.GITHUB_CLIENT_SECRET as string,
+  //     },
+  //   },
+});

package/cms/server/utils/db.d.ts

@@ -0,0 +1,3 @@
+export declare const db: import("drizzle-orm/libsql").LibSQLDatabase<Record<string, never>> & {
+    $client: import("@libsql/client/.").Client;
+};

package/cms/server/utils/db.mjs

@@ -0,0 +1,5 @@
+import process from "node:process";
+import { createClient } from "@libsql/client";
+import { drizzle } from "drizzle-orm/libsql";
+const client = createClient({ url: process.env.DATABASE_URL || "file:local.db" });
+export const db = drizzle(client);

package/cms/server/utils/github.d.ts

@@ -0,0 +1,15 @@
+import type { CacheOptions } from 'nitro/types';
+export declare const commonCacheOptions: CacheOptions;
+export declare const ghFetch: any;
+export declare function ghFetchNoCache<T = any>(url: string, opts?: RequestInit): Promise<T>;
+export declare const ghRepo: any;
+export declare const ghRepoContributors: any;
+export declare const ghRepoFiles: any;
+export declare const ghRepoFile: any;
+export declare const ghRepoBlob: any;
+export declare const ghMarkdown: any;
+export declare function ghCreateBlob(repo: string, body: any): Promise<any>;
+export declare function ghCreateTree(repo: string, body: any): Promise<any>;
+export declare function ghCreateCommit(repo: string, body: any): Promise<any>;
+export declare function ghUpdateRef(repo: string, branch: string, body: any): Promise<any>;
+export declare function ghGetBranch(repo: string, branch: string): Promise<any>;

package/cms/server/utils/github.mjs

@@ -0,0 +1,160 @@
+import process from "node:process";
+import { defineCachedFunction } from "nitro/cache";
+import { HTTPError } from "nitro/h3";
+import { joinURL } from "ufo";
+import { acquireGHToken, formatDuration, ghTokens, retryAfterSeconds } from "#cms-utils/github_token";
+const OWNER = process.env.GH_OWNER;
+console.log(OWNER);
+export const commonCacheOptions = {
+  group: "gh",
+  maxAge: 60 * 60 * 24,
+  // 24 hours
+  staleMaxAge: 60 * 60 * 48,
+  // 48 hours
+  // base: ["/cache", "/redis"],
+  base: ["/cache"]
+};
+function cacheOptions(name) {
+  return {
+    ...commonCacheOptions,
+    name
+  };
+}
+export const ghFetch = defineCachedFunction(
+  async (url, opts = {}) => {
+    const token = await acquireGHToken();
+    if (!token) {
+      const soonestReset = ghTokens.filter((t) => t.valid && t.reset).sort((a, b) => (a.reset || 0) - (b.reset || 0))[0];
+      const resetInfo = soonestReset?.reset ? ` Rate limit resets in ${formatDuration(soonestReset.reset - Date.now())}.` : "";
+      const invalidCount = ghTokens.filter((t) => t.valid === false).length;
+      const exhaustedCount = ghTokens.filter((t) => t.valid && (t.remaining || 0) === 0).length;
+      const retryAfter = retryAfterSeconds(soonestReset?.reset);
+      throw new HTTPError({
+        message: `No valid GitHub token available (${ghTokens.length} configured: ${invalidCount} invalid, ${exhaustedCount} rate-limited).${resetInfo} You can help by installing the GitHub App: https://github.com/apps/ungh-app`,
+        statusCode: 429,
+        headers: { "Retry-After": String(retryAfter) }
+      });
+    }
+    const fullUrl = url.startsWith("/") ? url : `/${url}`;
+    console.log("URL", fullUrl);
+    const res = await fetch(`https://api.github.com${fullUrl}`, {
+      ...opts,
+      method: (opts.method || "GET").toUpperCase(),
+      headers: {
+        "User-Agent": "fetch",
+        "Authorization": `token ${token.token}`,
+        ...opts.headers
+      }
+    });
+    token.updateStatus(res);
+    if (!res.ok) {
+      throw new HTTPError({
+        message: `GitHub API error: ${res.status} ${res.statusText}`,
+        statusCode: res.status
+      });
+    }
+    const contentType = res.headers.get("content-type") || "";
+    return contentType.includes("application/json") ? await res.json() : await res.text();
+  },
+  {
+    ...cacheOptions("api"),
+    integrity: "v1",
+    validate(entry) {
+      if (!entry.value || isEmptyArray(entry.value) || entry.value?.total_count === 0 || isEmptyArray(entry.value?.items)) {
+        return false;
+      }
+      return true;
+    }
+  }
+);
+export async function ghFetchNoCache(url, opts = {}) {
+  const token = await acquireGHToken();
+  if (!token) {
+    throw new HTTPError({
+      message: "No valid GitHub token available",
+      statusCode: 429
+    });
+  }
+  const fullUrl = url.startsWith("/") ? url : `/${url}`;
+  const res = await fetch(`https://api.github.com${fullUrl}`, {
+    ...opts,
+    method: (opts.method || "GET").toUpperCase(),
+    headers: {
+      "User-Agent": "fetch",
+      "Authorization": `token ${token.token}`,
+      "Accept": "application/vnd.github+json",
+      ...opts.headers
+    }
+  });
+  token.updateStatus(res);
+  if (!res.ok) {
+    throw new HTTPError({
+      message: `GitHub API error: ${res.status} ${res.statusText}`,
+      statusCode: res.status
+    });
+  }
+  const contentType = res.headers.get("content-type") || "";
+  return contentType.includes("application/json") ? await res.json() : await res.text();
+}
+export const ghRepo = defineCachedFunction((repo) => {
+  return ghFetch(`/repos/${repo}`);
+}, cacheOptions("repo"));
+export const ghRepoContributors = defineCachedFunction((repo) => {
+  return ghFetch(`/repos/${repo}/contributors`);
+}, cacheOptions("contributors"));
+export const ghRepoFiles = defineCachedFunction((repo, ref) => {
+  repo = joinURL(OWNER, repo);
+  return ghFetch(`/repos/${repo}/git/trees/${ref}?recursive=1`);
+}, cacheOptions("files"));
+export const ghRepoFile = defineCachedFunction((repo, ref, branch) => {
+  repo = joinURL(OWNER, repo);
+  return ghFetch(`/repos/${repo}/contents/${ref}?branch=${branch}`);
+}, cacheOptions("file"));
+export const ghRepoBlob = defineCachedFunction((repo, sha) => {
+  repo = joinURL(OWNER, repo);
+  return ghFetch(`/repos/${repo}/git/blobs/${sha}`);
+}, cacheOptions("blobs"));
+export const ghMarkdown = defineCachedFunction(
+  (markdown, repo, _id) => {
+    if (!markdown) {
+      return "";
+    }
+    return ghFetch("/markdown", {
+      method: "POST",
+      headers: {
+        accept: "application/vnd.github+json"
+      },
+      body: JSON.stringify({
+        text: markdown,
+        context: repo
+      })
+    });
+  },
+  {
+    ...cacheOptions("markdown"),
+    getKey: (_markdown, repo, id) => `${repo}/${id}`
+  }
+);
+function isEmptyArray(val) {
+  return Array.isArray(val) && val.length === 0;
+}
+export async function ghCreateBlob(repo, body) {
+  repo = joinURL(OWNER, repo);
+  return ghFetchNoCache(`/repos/${repo}/git/blobs`, { method: "POST", body: JSON.stringify(body) });
+}
+export async function ghCreateTree(repo, body) {
+  repo = joinURL(OWNER, repo);
+  return ghFetchNoCache(`/repos/${repo}/git/trees`, { method: "POST", body: JSON.stringify(body) });
+}
+export async function ghCreateCommit(repo, body) {
+  repo = joinURL(OWNER, repo);
+  return ghFetchNoCache(`/repos/${repo}/git/commits`, { method: "POST", body: JSON.stringify(body) });
+}
+export async function ghUpdateRef(repo, branch, body) {
+  repo = joinURL(OWNER, repo);
+  return ghFetchNoCache(`/repos/${repo}/git/refs/heads/${branch}`, { method: "PATCH", body: JSON.stringify(body) });
+}
+export async function ghGetBranch(repo, branch) {
+  repo = joinURL(OWNER, repo);
+  return ghFetchNoCache(`/repos/${repo}/git/refs/heads/${branch}`);
+}

package/cms/server/utils/github_token.d.ts

@@ -0,0 +1,71 @@
+/** Represents a GitHub API token with rate limit tracking and validation. */
+export declare class GHToken {
+    token: string;
+    valid?: boolean;
+    remaining?: number;
+    limit?: number;
+    reset?: number;
+    _lastValidated?: number;
+    _app?: boolean;
+    _appInstallationId?: string;
+    constructor(token: string, opts?: {
+        app?: boolean;
+        appInstallationId?: string;
+    });
+    get maskedToken(): string;
+    toJSON(): {
+        token: string;
+        valid: boolean | undefined;
+        remaining: number | undefined;
+        limit: number | undefined;
+        reset: number | undefined;
+    };
+    toString(): string;
+    updateStatus(res: Response): void;
+    /** NOTE: Each call consumes one API request to fetch rate limit info. */
+    validate(): Promise<void>;
+    /** Returns true if this token needs revalidation */
+    isStale(now?: number): boolean;
+    /** Clears expired rate limit state */
+    clearExpiredLimits(now?: number): void;
+    /** Whether this token is usable for requests */
+    get available(): boolean | undefined;
+}
+/** All registered GitHub tokens (PAT and App-generated). */
+export declare const ghTokens: GHToken[];
+/** Bootstraps all App tokens (once), then re-validates all tokens. Use for status page. */
+export declare function ensureAllTokensValidated(): Promise<void>;
+/** Validates tokens until one is available, then continues the rest in background. Idempotent (once). */
+export declare const ensureTokensValidated: (() => Promise<void>) & {
+    reset: () => void;
+};
+/**
+ * Revalidates only tokens that haven't been validated in the last minute.
+ * Concurrent callers share the same in-flight promise (coalesced, not once).
+ * Returns true if any tokens were revalidated.
+ */
+export declare const revalidateGHTokens: (() => Promise<boolean>) & {
+    reset: () => void;
+};
+/** Returns the best available token (highest remaining quota), or `undefined` if none available. */
+export declare function getGHToken(): GHToken | undefined;
+/** Ensures tokens are validated and returns the best available one. Revalidates if needed. */
+export declare function acquireGHToken(): Promise<GHToken | undefined>;
+/** Returns aggregate rate limit stats across all tokens. */
+export declare function getAggregateRateLimit(): {
+    remaining: number;
+    limit: number;
+    reset: number | undefined;
+};
+/** Computes a Retry-After value in seconds from a reset timestamp, with ~0-30 min random jitter. */
+export declare function retryAfterSeconds(resetMs: number | undefined, fallback?: number): number;
+/** Formats a duration in milliseconds to a human-readable string (e.g. `"5m"`, `"1h30m"`). */
+export declare function formatDuration(ms: number): string;
+/** Bootstraps GitHub App installation tokens (samples up to 5 random installations). Coalesced (not once). */
+export declare const ensureAppToken: (() => Promise<void>) & {
+    reset: () => void;
+};
+/** Creates an RS256-signed JWT for GitHub App authentication. Exported for testing. */
+export declare function _createAppJWT(appId: string, privateKey: string): Promise<string>;
+/** Encodes a UTF-8 string to base64url. Exported for testing. */
+export declare function _base64url(str: string): string;