@pierre/storage 0.0.3 → 0.0.6

package/README.md

@@ -68,6 +68,59 @@ const readOnlyUrl = await repo.getRemoteURL({
 // - 'repo:write' - Create a repository
 ```
 
+### Working with Repository Content
+
+Once you have a repository instance, you can perform various Git operations:
+
+```typescript
+const repo = await store.createRepo();
+// or
+const repo = await store.findOne({ id: 'existing-repo-id' });
+
+// Get file content
+const file = await repo.getFile({
+  path: 'README.md',
+  ref: 'main', // optional, defaults to default branch
+});
+console.log(file.content);
+
+// List all files in the repository
+const files = await repo.listFiles({
+  ref: 'main', // optional, defaults to default branch
+});
+console.log(files.paths); // Array of file paths
+
+// List branches
+const branches = await repo.listBranches({
+  limit: 10,
+  cursor: undefined, // for pagination
+});
+console.log(branches.branches);
+
+// List commits
+const commits = await repo.listCommits({
+  branch: 'main', // optional
+  limit: 20,
+  cursor: undefined, // for pagination
+});
+console.log(commits.commits);
+
+// Get branch diff
+const branchDiff = await repo.getBranchDiff({
+  branch: 'feature-branch',
+  base: 'main', // optional, defaults to main
+});
+console.log(branchDiff.stats);
+console.log(branchDiff.files);
+
+// Get commit diff
+const commitDiff = await repo.getCommitDiff({
+  sha: 'abc123...',
+});
+console.log(commitDiff.stats);
+console.log(commitDiff.files);
+```
+
 ## API Reference
 
 ### GitStorage
@@ -100,12 +153,129 @@ interface FindOneOptions {
 interface Repo {
   id: string;
   getRemoteURL(options?: GetRemoteURLOptions): Promise<string>;
+  getFile(options: GetFileOptions): Promise<GetFileResponse>;
+  listFiles(options?: ListFilesOptions): Promise<ListFilesResponse>;
+  listBranches(options?: ListBranchesOptions): Promise<ListBranchesResponse>;
+  listCommits(options?: ListCommitsOptions): Promise<ListCommitsResponse>;
+  getBranchDiff(options: GetBranchDiffOptions): Promise<GetBranchDiffResponse>;
+  getCommitDiff(options: GetCommitDiffOptions): Promise<GetCommitDiffResponse>;
 }
 
 interface GetRemoteURLOptions {
   permissions?: ('git:write' | 'git:read' | 'repo:write')[];
   ttl?: number; // Time to live in seconds (default: 31536000 = 1 year)
 }
+
+// Git operation interfaces
+interface GetFileOptions {
+  path: string;
+  ref?: string; // Branch, tag, or commit SHA
+}
+
+interface GetFileResponse {
+  path: string;
+  ref: string;
+  content: string;
+  size: number;
+  is_binary: boolean;
+}
+
+interface ListFilesOptions {
+  ref?: string; // Branch, tag, or commit SHA
+}
+
+interface ListFilesResponse {
+  paths: string[]; // Array of file paths
+  ref: string; // The resolved reference
+}
+
+interface ListBranchesOptions {
+  cursor?: string;
+  limit?: number;
+}
+
+interface ListBranchesResponse {
+  branches: BranchInfo[];
+  next_cursor?: string;
+  has_more: boolean;
+}
+
+interface BranchInfo {
+  cursor: string;
+  name: string;
+  head_sha: string;
+  created_at: string;
+}
+
+interface ListCommitsOptions {
+  branch?: string;
+  cursor?: string;
+  limit?: number;
+}
+
+interface ListCommitsResponse {
+  commits: CommitInfo[];
+  next_cursor?: string;
+  has_more: boolean;
+}
+
+interface CommitInfo {
+  sha: string;
+  message: string;
+  author_name: string;
+  author_email: string;
+  committer_name: string;
+  committer_email: string;
+  date: string;
+}
+
+interface GetBranchDiffOptions {
+  branch: string;
+  base?: string; // Defaults to 'main'
+}
+
+interface GetCommitDiffOptions {
+  sha: string;
+}
+
+interface GetBranchDiffResponse {
+  branch: string;
+  base: string;
+  stats: DiffStats;
+  files: FileDiff[];
+  filtered_files: FilteredFile[];
+}
+
+interface GetCommitDiffResponse {
+  sha: string;
+  stats: DiffStats;
+  files: FileDiff[];
+  filtered_files: FilteredFile[];
+}
+
+interface DiffStats {
+  files: number;
+  additions: number;
+  deletions: number;
+  changes: number;
+}
+
+interface FileDiff {
+  path: string;
+  state: string;
+  old_path?: string;
+  bytes: number;
+  is_eof: boolean;
+  diff: string;
+}
+
+interface FilteredFile {
+  path: string;
+  state: string;
+  old_path?: string;
+  bytes: number;
+  is_eof: boolean;
+}
 ```
 
 ## Authentication

package/dist/index.cjs

@@ -1,12 +1,398 @@
 'use strict';
 
 var jose = require('jose');
+var snakecaseKeys = require('snakecase-keys');
+
+function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
+
+var snakecaseKeys__default = /*#__PURE__*/_interopDefault(snakecaseKeys);
+
+// src/index.ts
+
+// src/fetch.ts
+var ApiFetcher = class {
+  constructor(API_BASE_URL2, version) {
+    this.API_BASE_URL = API_BASE_URL2;
+    this.version = version;
+    console.log("api fetcher created", API_BASE_URL2, version);
+  }
+  getBaseUrl() {
+    return `${this.API_BASE_URL}/api/v${this.version}`;
+  }
+  getRequestUrl(path) {
+    if (typeof path === "string") {
+      return `${this.getBaseUrl()}/${path}`;
+    } else if (path.params) {
+      const paramStr = new URLSearchParams(path.params).toString();
+      return `${this.getBaseUrl()}/${path.path}${paramStr ? `?${paramStr}` : ""}`;
+    } else {
+      return `${this.getBaseUrl()}/${path.path}`;
+    }
+  }
+  async fetch(path, method, jwt, options) {
+    const requestUrl = this.getRequestUrl(path);
+    const requestOptions = {
+      method,
+      headers: {
+        Authorization: `Bearer ${jwt}`,
+        "Content-Type": "application/json"
+      }
+    };
+    if (method !== "GET" && typeof path !== "string" && path.body) {
+      requestOptions.body = JSON.stringify(path.body);
+    }
+    const response = await fetch(requestUrl, requestOptions);
+    if (!response.ok) {
+      const allowed = options?.allowedStatus ?? [];
+      if (!allowed.includes(response.status)) {
+        throw new Error(`Failed to fetch ${method} ${requestUrl}: ${response.statusText}`);
+      }
+    }
+    return response;
+  }
+  async get(path, jwt, options) {
+    return this.fetch(path, "GET", jwt, options);
+  }
+  async post(path, jwt, options) {
+    return this.fetch(path, "POST", jwt, options);
+  }
+  async put(path, jwt, options) {
+    return this.fetch(path, "PUT", jwt, options);
+  }
+  async delete(path, jwt, options) {
+    return this.fetch(path, "DELETE", jwt, options);
+  }
+};
+
+// src/util.ts
+function timingSafeEqual(a, b) {
+  const bufferA = typeof a === "string" ? new TextEncoder().encode(a) : a;
+  const bufferB = typeof b === "string" ? new TextEncoder().encode(b) : b;
+  if (bufferA.length !== bufferB.length) return false;
+  let result = 0;
+  for (let i = 0; i < bufferA.length; i++) {
+    result |= bufferA[i] ^ bufferB[i];
+  }
+  return result === 0;
+}
+async function getEnvironmentCrypto() {
+  if (!globalThis.crypto) {
+    const { webcrypto } = await import('crypto');
+    return webcrypto;
+  }
+  return globalThis.crypto;
+}
+async function createHmac(algorithm, secret, data) {
+  if (!secret || secret.length === 0) {
+    throw new Error("Secret is required");
+  }
+  const crypto2 = await getEnvironmentCrypto();
+  const encoder = new TextEncoder();
+  const key = await crypto2.subtle.importKey(
+    "raw",
+    encoder.encode(secret),
+    { name: "HMAC", hash: "SHA-256" },
+    false,
+    ["sign"]
+  );
+  const signature = await crypto2.subtle.sign("HMAC", key, encoder.encode(data));
+  return Array.from(new Uint8Array(signature)).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+
+// src/webhook.ts
+var DEFAULT_MAX_AGE_SECONDS = 300;
+function parseSignatureHeader(header) {
+  if (!header || typeof header !== "string") {
+    return null;
+  }
+  let timestamp = "";
+  let signature = "";
+  const elements = header.split(",");
+  for (const element of elements) {
+    const trimmedElement = element.trim();
+    const parts = trimmedElement.split("=", 2);
+    if (parts.length !== 2) {
+      continue;
+    }
+    const [key, value] = parts;
+    switch (key) {
+      case "t":
+        timestamp = value;
+        break;
+      case "sha256":
+        signature = value;
+        break;
+    }
+  }
+  if (!timestamp || !signature) {
+    return null;
+  }
+  return { timestamp, signature };
+}
+async function validateWebhookSignature(payload, signatureHeader, secret, options = {}) {
+  if (!secret || secret.length === 0) {
+    return {
+      valid: false,
+      error: "Empty secret is not allowed"
+    };
+  }
+  const parsed = parseSignatureHeader(signatureHeader);
+  if (!parsed) {
+    return {
+      valid: false,
+      error: "Invalid signature header format"
+    };
+  }
+  const timestamp = Number.parseInt(parsed.timestamp, 10);
+  if (isNaN(timestamp)) {
+    return {
+      valid: false,
+      error: "Invalid timestamp in signature"
+    };
+  }
+  const maxAge = options.maxAgeSeconds ?? DEFAULT_MAX_AGE_SECONDS;
+  if (maxAge > 0) {
+    const now = Math.floor(Date.now() / 1e3);
+    const age = now - timestamp;
+    if (age > maxAge) {
+      return {
+        valid: false,
+        error: `Webhook timestamp too old (${age} seconds)`,
+        timestamp
+      };
+    }
+    if (age < -60) {
+      return {
+        valid: false,
+        error: "Webhook timestamp is in the future",
+        timestamp
+      };
+    }
+  }
+  const payloadStr = typeof payload === "string" ? payload : payload.toString("utf8");
+  const signedData = `${parsed.timestamp}.${payloadStr}`;
+  const expectedSignature = await createHmac("sha256", secret, signedData);
+  const expectedBuffer = Buffer.from(expectedSignature);
+  const actualBuffer = Buffer.from(parsed.signature);
+  if (expectedBuffer.length !== actualBuffer.length) {
+    return {
+      valid: false,
+      error: "Invalid signature",
+      timestamp
+    };
+  }
+  const signaturesMatch = timingSafeEqual(expectedBuffer, actualBuffer);
+  if (!signaturesMatch) {
+    return {
+      valid: false,
+      error: "Invalid signature",
+      timestamp
+    };
+  }
+  return {
+    valid: true,
+    timestamp
+  };
+}
+async function validateWebhook(payload, headers, secret, options = {}) {
+  const signatureHeader = headers["x-pierre-signature"] || headers["X-Pierre-Signature"];
+  if (!signatureHeader || Array.isArray(signatureHeader)) {
+    return {
+      valid: false,
+      error: "Missing or invalid X-Pierre-Signature header"
+    };
+  }
+  const eventType = headers["x-pierre-event"] || headers["X-Pierre-Event"];
+  if (!eventType || Array.isArray(eventType)) {
+    return {
+      valid: false,
+      error: "Missing or invalid X-Pierre-Event header"
+    };
+  }
+  const validationResult = await validateWebhookSignature(
+    payload,
+    signatureHeader,
+    secret,
+    options
+  );
+  if (!validationResult.valid) {
+    return validationResult;
+  }
+  const payloadStr = typeof payload === "string" ? payload : payload.toString("utf8");
+  let parsedPayload;
+  try {
+    parsedPayload = JSON.parse(payloadStr);
+  } catch {
+    return {
+      valid: false,
+      error: "Invalid JSON payload",
+      timestamp: validationResult.timestamp
+    };
+  }
+  return {
+    valid: true,
+    eventType,
+    timestamp: validationResult.timestamp,
+    payload: parsedPayload
+  };
+}
 
 // src/index.ts
 var API_BASE_URL = "https://api.git.storage";
 var STORAGE_BASE_URL = "git.storage";
-var GitStorage = class {
+var API_VERSION = 1;
+var apiInstanceMap = /* @__PURE__ */ new Map();
+function getApiInstance(baseUrl, version) {
+  if (!apiInstanceMap.has(`${baseUrl}--${version}`)) {
+    apiInstanceMap.set(`${baseUrl}--${version}`, new ApiFetcher(baseUrl, version));
+  }
+  return apiInstanceMap.get(`${baseUrl}--${version}`);
+}
+var RepoImpl = class {
+  constructor(id, options, generateJWT) {
+    this.id = id;
+    this.options = options;
+    this.generateJWT = generateJWT;
+    this.api = getApiInstance(
+      this.options.apiBaseUrl ?? API_BASE_URL,
+      this.options.apiVersion ?? API_VERSION
+    );
+  }
+  api;
+  async getRemoteURL(urlOptions) {
+    const storageBaseUrl = this.options.storageBaseUrl ?? STORAGE_BASE_URL;
+    const url = new URL(`https://${this.options.name}.${storageBaseUrl}/${this.id}.git`);
+    url.username = `t`;
+    url.password = await this.generateJWT(this.id, urlOptions);
+    return url.toString();
+  }
+  async getFile(options) {
+    const jwt = await this.generateJWT(this.id, {
+      permissions: ["git:read"],
+      ttl: options?.ttl ?? 1 * 60 * 60
+      // 1hr in seconds
+    });
+    const params = {
+      path: options.path
+    };
+    if (options.ref) {
+      params.ref = options.ref;
+    }
+    const response = await this.api.get({ path: "repos/file", params }, jwt);
+    return await response.json();
+  }
+  async listFiles(options) {
+    const jwt = await this.generateJWT(this.id, {
+      permissions: ["git:read"],
+      ttl: options?.ttl ?? 1 * 60 * 60
+      // 1hr in seconds
+    });
+    const params = options?.ref ? { ref: options.ref } : void 0;
+    const response = await this.api.get({ path: "repos/files", params }, jwt);
+    return await response.json();
+  }
+  async listBranches(options) {
+    const jwt = await this.generateJWT(this.id, {
+      permissions: ["git:read"],
+      ttl: options?.ttl ?? 1 * 60 * 60
+      // 1hr in seconds
+    });
+    let params;
+    if (options?.cursor || !options?.limit) {
+      params = {};
+      if (options?.cursor) {
+        params.cursor = options.cursor;
+      }
+      if (typeof options?.limit == "number") {
+        params.limit = options.limit.toString();
+      }
+    }
+    const response = await this.api.get({ path: "repos/branches", params }, jwt);
+    return await response.json();
+  }
+  async listCommits(options) {
+    const jwt = await this.generateJWT(this.id, {
+      permissions: ["git:read"],
+      ttl: options?.ttl ?? 1 * 60 * 60
+      // 1hr in seconds
+    });
+    let params;
+    if (options?.branch || options?.cursor || options?.limit) {
+      params = {};
+      if (options?.branch) {
+        params.branch = options.branch;
+      }
+      if (options?.cursor) {
+        params.cursor = options.cursor;
+      }
+      if (typeof options?.limit == "number") {
+        params.limit = options.limit.toString();
+      }
+    }
+    const response = await this.api.get({ path: "repos/commits", params }, jwt);
+    return await response.json();
+  }
+  async getBranchDiff(options) {
+    const jwt = await this.generateJWT(this.id, {
+      permissions: ["git:read"],
+      ttl: options?.ttl ?? 1 * 60 * 60
+      // 1hr in seconds
+    });
+    const params = {
+      branch: options.branch
+    };
+    if (options.base) {
+      params.base = options.base;
+    }
+    const response = await this.api.get({ path: "repos/branches/diff", params }, jwt);
+    return await response.json();
+  }
+  async getCommitDiff(options) {
+    const jwt = await this.generateJWT(this.id, {
+      permissions: ["git:read"],
+      ttl: options?.ttl ?? 1 * 60 * 60
+      // 1hr in seconds
+    });
+    const params = {
+      sha: options.sha
+    };
+    const response = await this.api.get({ path: "repos/diff", params }, jwt);
+    return await response.json();
+  }
+  async getCommit(options) {
+    const jwt = await this.generateJWT(this.id, {
+      permissions: ["git:read"],
+      ttl: options?.ttl ?? 1 * 60 * 60
+      // 1hr in seconds
+    });
+    const params = {
+      repo: this.id,
+      sha: options.sha
+    };
+    const response = await this.api.get({ path: "commit", params }, jwt);
+    return await response.json();
+  }
+  async repull(options) {
+    const jwt = await this.generateJWT(this.id, {
+      permissions: ["git:write"],
+      ttl: options?.ttl ?? 1 * 60 * 60
+      // 1hr in seconds
+    });
+    const body = {};
+    if (options.ref) {
+      body.ref = options.ref;
+    }
+    const response = await this.api.post({ path: "repos/repull", body }, jwt);
+    if (response.status !== 202) {
+      throw new Error(`Repull failed: ${response.status} ${await response.text()}`);
+    }
+    return;
+  }
+};
+var GitStorage = class _GitStorage {
+  static overrides = {};
   options;
+  api;
   constructor(options) {
     if (!options || options.name === void 0 || options.key === void 0 || options.name === null || options.key === null) {
       throw new Error(
@@ -19,11 +405,21 @@ var GitStorage = class {
     if (typeof options.key !== "string" || options.key.trim() === "") {
       throw new Error("GitStorage key must be a non-empty string.");
     }
+    const resolvedApiBaseUrl = options.apiBaseUrl ?? _GitStorage.overrides.apiBaseUrl ?? API_BASE_URL;
+    const resolvedApiVersion = options.apiVersion ?? _GitStorage.overrides.apiVersion ?? API_VERSION;
+    const resolvedStorageBaseUrl = options.storageBaseUrl ?? _GitStorage.overrides.storageBaseUrl ?? STORAGE_BASE_URL;
+    this.api = getApiInstance(resolvedApiBaseUrl, resolvedApiVersion);
     this.options = {
       key: options.key,
-      name: options.name
+      name: options.name,
+      apiBaseUrl: resolvedApiBaseUrl,
+      apiVersion: resolvedApiVersion,
+      storageBaseUrl: resolvedStorageBaseUrl
     };
   }
+  static override(options) {
+    this.overrides = Object.assign({}, this.overrides, options);
+  }
   /**
    * Create a new repository
    * @returns The created repository
@@ -32,27 +428,24 @@ var GitStorage = class {
     const repoId = options?.id || crypto.randomUUID();
     const jwt = await this.generateJWT(repoId, {
       permissions: ["repo:write"],
-      ttl: 1 * 60 * 60
+      ttl: options?.ttl ?? 1 * 60 * 60
       // 1hr in seconds
     });
-    const response = await fetch(`${API_BASE_URL}/api/v1/repos`, {
-      method: "POST",
-      headers: {
-        Authorization: `Bearer ${jwt}`
+    const baseRepoOptions = options?.baseRepo ? {
+      provider: "github",
+      ...snakecaseKeys__default.default(options.baseRepo)
+    } : null;
+    const createRepoPath = baseRepoOptions ? {
+      path: "repos",
+      body: {
+        base_repo: baseRepoOptions
       }
-    });
-    if (!response.ok) {
-      throw new Error(`Failed to create repository: ${response.statusText}`);
+    } : "repos";
+    const resp = await this.api.post(createRepoPath, jwt, { allowedStatus: [409] });
+    if (resp.status === 409) {
+      throw new Error("Repository already exists");
     }
-    return {
-      id: repoId,
-      getRemoteURL: async (urlOptions) => {
-        const url = new URL(`https://${this.options.name}.${STORAGE_BASE_URL}/${repoId}.git`);
-        url.username = `t`;
-        url.password = await this.generateJWT(repoId, urlOptions);
-        return url.toString();
-      }
-    };
+    return new RepoImpl(repoId, this.options, this.generateJWT.bind(this));
   }
   /**
    * Find a repository by ID
@@ -60,15 +453,15 @@ var GitStorage = class {
    * @returns The found repository
    */
   async findOne(options) {
-    return {
-      id: options.id,
-      getRemoteURL: async (urlOptions) => {
-        const url = new URL(`https://${this.options.name}.${STORAGE_BASE_URL}/${options.id}.git`);
-        url.username = `t`;
-        url.password = await this.generateJWT(options.id, urlOptions);
-        return url.toString();
-      }
-    };
+    const jwt = await this.generateJWT(options.id, {
+      permissions: ["git:read"],
+      ttl: 1 * 60 * 60
+    });
+    const resp = await this.api.get("repo", jwt, { allowedStatus: [404] });
+    if (resp.status === 404) {
+      return null;
+    }
+    return new RepoImpl(options.id, this.options, this.generateJWT.bind(this));
   }
   /**
    * Get the current configuration
@@ -104,5 +497,8 @@ function createClient(options) {
 
 exports.GitStorage = GitStorage;
 exports.createClient = createClient;
+exports.parseSignatureHeader = parseSignatureHeader;
+exports.validateWebhook = validateWebhook;
+exports.validateWebhookSignature = validateWebhookSignature;
 //# sourceMappingURL=index.cjs.map
 //# sourceMappingURL=index.cjs.map