npm - @promptbook/cli - Versions diffs - 0.103.0-47 → 0.103.0-49 - Mend

@promptbook/cli 0.103.0-47 → 0.103.0-49

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (133) hide show

package/apps/agents-server/src/utils/getCurrentUser.ts ADDED Viewed

@@ -0,0 +1,32 @@
+import { cookies } from 'next/headers';
+import { getSession } from './session';
+export type UserInfo = {
+    username: string;
+    isAdmin: boolean;
+};
+export async function getCurrentUser(): Promise<UserInfo | null> {
+    // Check session
+    const session = await getSession();
+    if (session) {
+        return {
+            username: session.username,
+            isAdmin: session.isAdmin
+        };
+    }
+    // Check legacy admin token
+    if (process.env.ADMIN_PASSWORD) {
+        const cookieStore = await cookies();
+        const adminToken = cookieStore.get('adminToken');
+        if (adminToken?.value === process.env.ADMIN_PASSWORD) {
+            return {
+                username: 'admin',
+                isAdmin: true
+            };
+        }
+    }
+    return null;
+}

package/apps/agents-server/src/utils/isIpAllowed.ts ADDED Viewed

@@ -0,0 +1,101 @@
+import { isIPv4, isIPv6 } from 'net';
+/**
+ * Checks if the IP address is allowed based on the allowed IPs list
+ *
+ * @param clientIp - The IP address of the client
+ * @param allowedIps - Comma separated list of allowed IPs or CIDR ranges
+ * @returns true if the IP is allowed, false otherwise
+ */
+export function isIpAllowed(clientIp: string, allowedIps: string | null | undefined): boolean {
+    if (!allowedIps || allowedIps.trim() === '') {
+        return true;
+    }
+    const allowedList = allowedIps.split(',').map((ip) => ip.trim());
+    for (const allowed of allowedList) {
+        if (allowed === '') {
+            continue;
+        }
+        if (allowed.includes('/')) {
+            // CIDR
+            if (isIpInCidr(clientIp, allowed)) {
+                return true;
+            }
+        } else {
+            // Single IP
+            if (clientIp === allowed) {
+                return true;
+            }
+        }
+    }
+    return false;
+}
+function isIpInCidr(ip: string, cidr: string): boolean {
+    try {
+        const [range, bitsStr] = cidr.split('/');
+        const bits = parseInt(bitsStr, 10);
+        if (isIPv4(ip) && isIPv4(range)) {
+            return isIPv4InCidr(ip, range, bits);
+        } else if (isIPv6(ip) && isIPv6(range)) {
+            return isIPv6InCidr(ip, range, bits);
+        } else if (isIPv6(ip) && isIPv4(range)) {
+            // Check if IPv6 is IPv4-mapped
+            if (ip.startsWith('::ffff:')) {
+                return isIPv4InCidr(ip.substring(7), range, bits);
+            }
+        }
+    } catch (error) {
+        console.error(`Error checking CIDR ${cidr} for IP ${ip}:`, error);
+    }
+    return false;
+}
+function ipToLong(ip: string): number {
+    return (
+        ip.split('.').reduce((acc, octet) => {
+            return (acc << 8) + parseInt(octet, 10);
+        }, 0) >>> 0
+    );
+}
+function isIPv4InCidr(ip: string, range: string, bits: number): boolean {
+    const mask = ~((1 << (32 - bits)) - 1);
+    const ipLong = ipToLong(ip);
+    const rangeLong = ipToLong(range);
+    return (ipLong & mask) === (rangeLong & mask);
+}
+function parseIPv6(ip: string): bigint {
+    // Expand ::
+    let fullIp = ip;
+    if (ip.includes('::')) {
+        const parts = ip.split('::');
+        const left = parts[0].split(':').filter(Boolean);
+        const right = parts[1].split(':').filter(Boolean);
+        const missing = 8 - (left.length + right.length);
+        const zeros = Array(missing).fill('0');
+        fullIp = [...left, ...zeros, ...right].join(':');
+    }
+    const parts = fullIp.split(':');
+    let value = BigInt(0);
+    for (const part of parts) {
+        value = (value << BigInt(16)) + BigInt(parseInt(part || '0', 16));
+    }
+    return value;
+}
+function isIPv6InCidr(ip: string, range: string, bits: number): boolean {
+    const ipBigInt = parseIPv6(ip);
+    const rangeBigInt = parseIPv6(range);
+    const mask = (BigInt(1) << BigInt(128)) - BigInt(1) ^ ((BigInt(1) << BigInt(128 - bits)) - BigInt(1));
+    return (ipBigInt & mask) === (rangeBigInt & mask);
+}

package/apps/agents-server/src/utils/isUserAdmin.ts ADDED Viewed

@@ -0,0 +1,31 @@
+import { cookies } from 'next/headers';
+import { getSession } from './session';
+/**
+ * Checks if the current user is an admin
+ *
+ * Note: If `process.env.ADMIN_PASSWORD` is not set, everyone is admin
+ *
+ * @returns true if the user is admin
+ */
+export async function isUserAdmin(): Promise<boolean> {
+    if (!process.env.ADMIN_PASSWORD) {
+        return true;
+    }
+    // Check legacy admin token
+    const cookieStore = await cookies();
+    const adminToken = cookieStore.get('adminToken');
+    if (adminToken?.value === process.env.ADMIN_PASSWORD) {
+        return true;
+    }
+    // Check session
+    const session = await getSession();
+    if (session?.isAdmin) {
+        return true;
+    }
+    return false;
+}

package/apps/agents-server/src/utils/session.ts ADDED Viewed

@@ -0,0 +1,50 @@
+import { createHmac } from 'crypto';
+import { cookies } from 'next/headers';
+const SESSION_COOKIE_NAME = 'sessionToken';
+const SECRET_KEY = process.env.ADMIN_PASSWORD || 'default-secret-key-change-me';
+type SessionUser = {
+    username: string;
+    isAdmin: boolean;
+};
+export async function setSession(user: SessionUser) {
+    const payload = JSON.stringify(user);
+    const signature = createHmac('sha256', SECRET_KEY).update(payload).digest('hex');
+    const token = `${Buffer.from(payload).toString('base64')}.${signature}`;
+    (await cookies()).set(SESSION_COOKIE_NAME, token, {
+        httpOnly: true,
+        secure: process.env.NODE_ENV === 'production',
+        path: '/',
+        maxAge: 60 * 60 * 24 * 7, // 1 week
+    });
+}
+export async function clearSession() {
+    (await cookies()).delete(SESSION_COOKIE_NAME);
+    // Also clear legacy adminToken
+    (await cookies()).delete('adminToken');
+}
+export async function getSession(): Promise<SessionUser | null> {
+    const cookieStore = await cookies();
+    const token = cookieStore.get(SESSION_COOKIE_NAME)?.value;
+    if (!token) return null;
+    const [payloadBase64, signature] = token.split('.');
+    if (!payloadBase64 || !signature) return null;
+    const payload = Buffer.from(payloadBase64, 'base64').toString('utf-8');
+    const expectedSignature = createHmac('sha256', SECRET_KEY).update(payload).digest('hex');
+    if (signature !== expectedSignature) return null;
+    try {
+        return JSON.parse(payload) as SessionUser;
+    } catch {
+        return null;
+    }
+}

package/apps/agents-server/tailwind.config.ts CHANGED Viewed

@@ -15,6 +15,8 @@ const config: Config = {
             colors: {
                 background: 'var(--background)',
                 foreground: 'var(--foreground)',
+                'promptbook-blue': '#7aebff',
+                'promptbook-blue-dark': '#30a8bd',
             },
         },
     },