@promptbook/cli 0.104.0-8 → 0.104.0

package/apps/agents-server/src/utils/auth.ts

@@ -1,133 +0,0 @@
-import { createHash, randomBytes, scrypt, timingSafeEqual } from 'crypto';
-import { promisify } from 'util';
-import { PASSWORD_SECURITY_CONFIG } from '../../../../security.config';
-
-const scryptAsync = promisify(scrypt);
-
-/**
- * Validates password input to prevent edge cases and DoS attacks
- *
- * @param password The password to validate
- * @throws Error if password is invalid
- */
-function validatePasswordInput(password: string): void {
-    if (typeof password !== 'string') {
-        throw new Error('Password must be a string');
-    }
-    if (password.length === 0) {
-        throw new Error('Password cannot be empty');
-    }
-    if (password.length < PASSWORD_SECURITY_CONFIG.MIN_PASSWORD_LENGTH) {
-        throw new Error(`Password must be at least ${PASSWORD_SECURITY_CONFIG.MIN_PASSWORD_LENGTH} characters`);
-    }
-    // Note: No hard max limit - long passwords are compacted via compactPassword()
-}
-
-/**
- * Compacts a password for secure processing
- *
- * If the password is within MAX_PASSWORD_LENGTH, it is returned as-is.
- * If longer, the password is split at MAX_PASSWORD_LENGTH and the second part
- * is hashed with SHA256 before being appended to the first part.
- *
- * This prevents DoS attacks via extremely long passwords while still utilizing
- * the full entropy of longer passwords.
- *
- * @param password The password to compact
- * @returns The compacted password
- */
-function compactPassword(password: string): string {
-    if (password.length <= PASSWORD_SECURITY_CONFIG.MAX_PASSWORD_LENGTH) {
-        return password;
-    }
-
-    const firstPart = password.slice(0, PASSWORD_SECURITY_CONFIG.MAX_PASSWORD_LENGTH);
-    const secondPart = password.slice(PASSWORD_SECURITY_CONFIG.MAX_PASSWORD_LENGTH);
-
-    // Hash the overflow part with SHA256 to bound its length while preserving entropy
-    const secondPartHash = createHash('sha256').update(secondPart, 'utf8').digest('hex');
-
-    return firstPart + secondPartHash;
-}
-
-/**
- * Hashes a password using scrypt with secure parameters
- *
- * @param password The plain text password (minimum 8 characters, no maximum - long passwords are compacted)
- * @returns The salt and hash formatted as "salt:hash"
- * @throws Error if password validation fails
- */
-export async function hashPassword(password: string): Promise<string> {
-    validatePasswordInput(password);
-
-    // Compact long passwords to prevent DoS while preserving entropy
-    const compactedPassword = compactPassword(password);
-
-    const salt = randomBytes(PASSWORD_SECURITY_CONFIG.SALT_LENGTH).toString('hex');
-    const derivedKey = (await scryptAsync(compactedPassword, salt, PASSWORD_SECURITY_CONFIG.KEY_LENGTH)) as Buffer;
-
-    // Clear password from memory as soon as possible (best effort)
-    // Note: JavaScript strings are immutable, so this is limited in effectiveness
-    return `${salt}:${derivedKey.toString('hex')}`;
-}
-
-/**
- * Verifies a password against a stored hash using constant-time comparison
- *
- * @param password The plain text password to verify
- * @param storedHash The stored hash in format "salt:hash"
- * @returns True if the password matches, false otherwise
- */
-export async function verifyPassword(password: string, storedHash: string): Promise<boolean> {
-    // Validate inputs
-    if (typeof password !== 'string' || typeof storedHash !== 'string') {
-        return false;
-    }
-
-    if (password.length === 0) {
-        return false;
-    }
-
-    // Compact long passwords the same way as during hashing
-    const compactedPassword = compactPassword(password);
-
-    const parts = storedHash.split(':');
-    if (parts.length !== 2) {
-        return false;
-    }
-
-    const [salt, key] = parts;
-    if (!salt || !key) {
-        return false;
-    }
-
-    // Validate salt and key format (should be hex strings of expected length)
-    const expectedSaltLength = PASSWORD_SECURITY_CONFIG.SALT_LENGTH * 2; // hex encoding doubles length
-    const expectedKeyLength = PASSWORD_SECURITY_CONFIG.KEY_LENGTH * 2;
-
-    if (salt.length !== expectedSaltLength || key.length !== expectedKeyLength) {
-        return false;
-    }
-
-    // Validate hex format
-    const hexRegex = /^[0-9a-fA-F]+$/;
-    if (!hexRegex.test(salt) || !hexRegex.test(key)) {
-        return false;
-    }
-
-    try {
-        const derivedKey = (await scryptAsync(compactedPassword, salt, PASSWORD_SECURITY_CONFIG.KEY_LENGTH)) as Buffer;
-        const keyBuffer = Buffer.from(key, 'hex');
-
-        // Ensure buffers are same length before timing-safe comparison
-        // This should always be true given our validation, but defense in depth
-        if (derivedKey.length !== keyBuffer.length) {
-            return false;
-        }
-
-        return timingSafeEqual(derivedKey, keyBuffer);
-    } catch {
-        // Any error during verification should return false, not leak information
-        return false;
-    }
-}

package/apps/agents-server/src/utils/authenticateUser.ts

@@ -1,42 +0,0 @@
-import { $getTableName } from '../database/$getTableName';
-import { $provideSupabaseForServer } from '../database/$provideSupabaseForServer';
-import { AgentsServerDatabase } from '../database/schema';
-import { verifyPassword } from './auth';
-
-export type AuthenticatedUser = {
-    username: string;
-    isAdmin: boolean;
-};
-
-export async function authenticateUser(username: string, password: string): Promise<AuthenticatedUser | null> {
-    // 1. Check if it's the environment admin
-    if (username === 'admin' && process.env.ADMIN_PASSWORD && password === process.env.ADMIN_PASSWORD) {
-        return { username: 'admin', isAdmin: true };
-    }
-
-    // 2. Check DB users
-    try {
-        const supabase = $provideSupabaseForServer();
-        const { data: user, error } = await supabase
-            .from(await $getTableName('User'))
-            .select('*')
-            .eq('username', username)
-            .single();
-
-        if (error || !user) {
-            return null;
-        }
-
-        const userRow = user as AgentsServerDatabase['public']['Tables']['User']['Row'];
-        const isValid = await verifyPassword(password, userRow.passwordHash);
-
-        if (!isValid) {
-            return null;
-        }
-
-        return { username: userRow.username, isAdmin: userRow.isAdmin };
-    } catch (error) {
-        console.error('Authentication error:', error);
-        return null;
-    }
-}

package/apps/agents-server/src/utils/cache/SupabaseCacheStorage.ts

@@ -1,55 +0,0 @@
-import { TODO_any } from '@promptbook-local/types';
-import { $getTableName } from '../../database/$getTableName';
-import { $provideSupabaseForServer } from '../../database/$provideSupabaseForServer';
-import { Json } from '../../database/schema';
-
-/**
- * Storage for LLM cache using Supabase
- */
-export class SupabaseCacheStorage {
-    // implements PromptbookStorage<TODO_any>
-
-    /**
-     * Returns the current value associated with the given key, or null if the given key does not exist in the list associated with the object.
-     */
-    public async getItem(key: string): Promise<TODO_any | null> {
-        const supabase = $provideSupabaseForServer();
-        const tableName = await $getTableName('LlmCache');
-
-        const { data } = await supabase.from(tableName).select('value').eq('hash', key).maybeSingle();
-
-        if (!data) {
-            return null;
-        }
-
-        return data.value;
-    }
-
-    /**
-     * Sets the value of the pair identified by key to value, creating a new key/value pair if none existed for key previously.
-     */
-    public async setItem(key: string, value: TODO_any): Promise<void> {
-        const supabase = $provideSupabaseForServer();
-        const tableName = await $getTableName('LlmCache');
-
-        await supabase.from(tableName).upsert(
-            {
-                hash: key,
-                value: value as Json,
-            },
-            {
-                onConflict: 'hash',
-            },
-        );
-    }
-
-    /**
-     * Removes the key/value pair with the given key from the list associated with the object, if a key/value pair with the given key exists
-     */
-    public async removeItem(key: string): Promise<void> {
-        const supabase = $provideSupabaseForServer();
-        const tableName = await $getTableName('LlmCache');
-
-        await supabase.from(tableName).delete().eq('hash', key);
-    }
-}

package/apps/agents-server/src/utils/cdn/classes/DigitalOceanSpaces.ts

@@ -1,119 +0,0 @@
-import { GetObjectCommand, PutObjectCommand, PutObjectCommandInput, S3Client } from '@aws-sdk/client-s3';
-import { NotYetImplementedError } from '@promptbook-local/core';
-import { gzip, ungzip } from 'node-gzip';
-import { TODO_USE } from '../../../../../../src/utils/organization/TODO_USE';
-import { validateMimeType } from '../../validators/validateMimeType';
-import type { IFile, IIFilesStorageWithCdn } from '../interfaces/IFilesStorage';
-
-type IDigitalOceanSpacesConfig = {
-    readonly bucket: string;
-    readonly pathPrefix: string;
-    readonly endpoint: string;
-    readonly accessKeyId: string;
-    readonly secretAccessKey: string;
-    readonly cdnPublicUrl: URL;
-    readonly gzip: boolean;
-
-    // TODO: [⛳️] Probbably prefix should be in this config not on the consumer side
-};
-
-export class DigitalOceanSpaces implements IIFilesStorageWithCdn {
-    public get cdnPublicUrl() {
-        return this.config.cdnPublicUrl;
-    }
-
-    private s3: S3Client;
-
-    public constructor(private readonly config: IDigitalOceanSpacesConfig) {
-        this.s3 = new S3Client({
-            region: 'auto',
-            endpoint: 'https://' + config.endpoint,
-            credentials: {
-                accessKeyId: config.accessKeyId,
-                secretAccessKey: config.secretAccessKey,
-            },
-        });
-    }
-
-    public getItemUrl(key: string): URL {
-        return new URL(this.config.pathPrefix + '/' + key, this.cdnPublicUrl);
-    }
-
-    public async getItem(key: string): Promise<IFile | null> {
-        const parameters = {
-            Bucket: this.config.bucket,
-            Key: this.config.pathPrefix + '/' + key,
-        };
-
-        try {
-            const { Body, ContentType, ContentEncoding } = await this.s3.send(new GetObjectCommand(parameters));
-
-            // const blob = new Blob([await Body?.transformToByteArray()!]);
-
-            if (ContentEncoding === 'gzip') {
-                return {
-                    type: validateMimeType(ContentType),
-                    data: await ungzip(await Body!.transformToByteArray()),
-                };
-            } else {
-                return {
-                    type: validateMimeType(ContentType),
-                    data: (await Body!.transformToByteArray()) as Buffer,
-                };
-            }
-        } catch (error) {
-            if (error instanceof Error && error.name.match(/^NoSuchKey/)) {
-                return null;
-            } else {
-                throw error;
-            }
-        }
-    }
-
-    public async removeItem(key: string): Promise<void> {
-        TODO_USE(key);
-        throw new NotYetImplementedError(`DigitalOceanSpaces.removeItem is not implemented yet`);
-    }
-
-    public async setItem(key: string, file: IFile): Promise<void> {
-        // TODO: Put putObjectRequestAdditional into processedFile
-        const putObjectRequestAdditional: Partial<PutObjectCommandInput> = {};
-
-        let processedFile: IFile;
-        if (this.config.gzip) {
-            const gzipped = await gzip(file.data);
-            const sizePercentageAfterCompression = gzipped.byteLength / file.data.byteLength;
-            if (sizePercentageAfterCompression < 0.7) {
-                // consolex.log(`Gzipping ${key} (${Math.floor(sizePercentageAfterCompression * 100)}%)`);
-                processedFile = { ...file, data: gzipped };
-                putObjectRequestAdditional.ContentEncoding = 'gzip';
-            } else {
-                processedFile = file;
-                // consolex.log(`NOT Gzipping ${key} (${Math.floor(sizePercentageAfterCompression * 100)}%)`);
-            }
-        } else {
-            processedFile = file;
-        }
-
-        const uploadResult = await this.s3.send(
-            new PutObjectCommand({
-                Bucket: this.config.bucket,
-                Key: this.config.pathPrefix + '/' + key,
-                ContentType: processedFile.type,
-                ...putObjectRequestAdditional,
-                Body: processedFile.data,
-                // TODO: Public read access / just private to extending class
-                ACL: 'public-read',
-            }),
-        );
-
-        if (!uploadResult.ETag) {
-            throw new Error(`Upload result does not contain ETag`);
-        }
-    }
-}
-
-/**
- * TODO: Implement Read-only mode
- * TODO: [☹️] Unite with `PromptbookStorage` and move to `/src/...`
- */

package/apps/agents-server/src/utils/cdn/classes/TrackedFilesStorage.ts

@@ -1,57 +0,0 @@
-import { SupabaseClient } from '@supabase/supabase-js';
-import { $getTableName } from '../../../database/$getTableName';
-import { AgentsServerDatabase } from '../../../database/schema';
-import type { IFile, IIFilesStorageWithCdn } from '../interfaces/IFilesStorage';
-
-export class TrackedFilesStorage implements IIFilesStorageWithCdn {
-    public constructor(
-        private readonly inner: IIFilesStorageWithCdn,
-        private readonly supabase: SupabaseClient<AgentsServerDatabase>,
-    ) {}
-
-    public get cdnPublicUrl(): URL {
-        return this.inner.cdnPublicUrl;
-    }
-
-    public get pathPrefix(): string | undefined {
-        return this.inner.pathPrefix;
-    }
-
-    public getItemUrl(key: string): URL {
-        return this.inner.getItemUrl(key);
-    }
-
-    public async getItem(key: string): Promise<IFile | null> {
-        return this.inner.getItem(key);
-    }
-
-    public async removeItem(key: string): Promise<void> {
-        return this.inner.removeItem(key);
-    }
-
-    public async setItem(key: string, file: IFile): Promise<void> {
-        console.log('!!! 0', { key, file });
-
-        await this.inner.setItem(key, file);
-
-        try {
-            const { userId, purpose } = file;
-            const cdnUrl = this.getItemUrl(key).href;
-
-            console.log('!!! 1', { userId, purpose, cdnUrl, key, file });
-
-            await this.supabase.from(await $getTableName('File')).insert({
-                userId: userId || null,
-                fileName: key,
-                fileSize: file.fileSize ?? file.data.length,
-                fileType: file.type,
-                cdnUrl,
-                purpose: purpose || 'UNKNOWN',
-            });
-
-            console.log('!!! 2', { userId, purpose, cdnUrl, key, file });
-        } catch (error) {
-            console.error('Failed to track upload:', error);
-        }
-    }
-}

package/apps/agents-server/src/utils/cdn/classes/VercelBlobStorage.ts

@@ -1,68 +0,0 @@
-import { del, put } from '@vercel/blob';
-import { validateMimeType } from '../../validators/validateMimeType';
-import type { IFile, IIFilesStorageWithCdn } from '../interfaces/IFilesStorage';
-
-type IVercelBlobStorageConfig = {
-    readonly token: string;
-    readonly cdnPublicUrl: URL;
-    readonly pathPrefix?: string;
-    // Note: Vercel Blob automatically handles compression/serving
-};
-
-export class VercelBlobStorage implements IIFilesStorageWithCdn {
-    public get cdnPublicUrl() {
-        return this.config.cdnPublicUrl;
-    }
-
-    public get pathPrefix() {
-        return this.config.pathPrefix;
-    }
-
-    public constructor(private readonly config: IVercelBlobStorageConfig) {}
-
-    public getItemUrl(key: string): URL {
-        const path = this.config.pathPrefix ? `${this.config.pathPrefix}/${key}` : key;
-        return new URL(path, this.cdnPublicUrl);
-    }
-
-    public async getItem(key: string): Promise<IFile | null> {
-        const url = this.getItemUrl(key);
-
-        const response = await fetch(url);
-
-        if (response.status === 404) {
-            return null;
-        }
-
-        if (!response.ok) {
-            throw new Error(`Failed to fetch blob from ${url}: ${response.statusText}`);
-        }
-
-        const arrayBuffer = await response.arrayBuffer();
-        const buffer = Buffer.from(arrayBuffer);
-        const contentType = response.headers.get('content-type') || 'application/octet-stream';
-
-        return {
-            type: validateMimeType(contentType),
-            data: buffer,
-        };
-    }
-
-    public async removeItem(key: string): Promise<void> {
-        const url = this.getItemUrl(key).toString();
-        await del(url, { token: this.config.token });
-    }
-
-    public async setItem(key: string, file: IFile): Promise<void> {
-        const path = this.config.pathPrefix ? `${this.config.pathPrefix}/${key}` : key;
-
-        await put(path, file.data, {
-            access: 'public',
-            addRandomSuffix: false,
-            contentType: file.type,
-            token: this.config.token,
-            allowOverwrite: true, // <- TODO: This is inefficient, we should check first if the file exists and only then decide to overwrite or not
-            // Note: We rely on Vercel Blob for compression
-        });
-    }
-}

package/apps/agents-server/src/utils/cdn/interfaces/IFilesStorage.ts

@@ -1,50 +0,0 @@
-import type { string_mime_type } from '../../../../../../src/types/typeAliases';
-import type { IStorage } from './IStorage';
-
-export type IFile = {
-    // Maybe TODO name: string_name;
-    type: string_mime_type;
-    data: Buffer;
-
-    /**
-     * User who uploaded the file
-     */
-    userId?: number;
-
-    /**
-     * Purpose of the upload (e.g. KNOWLEDGE, SERVER_FAVICON_URL)
-     */
-    purpose?: string;
-
-    /**
-     * Size of the file in bytes
-     *
-     * Note: This is optional, if not provided, the size of the buffer is used
-     */
-    fileSize?: number;
-};
-
-/**
- * Represents storage that will store each keypair in a separate file.
- */
-export type IFilesStorage = Omit<IStorage<IFile>, 'length' | 'clear' | 'key'>;
-
-/**
- * Represents storage that can give public deterministic  URL for each file
- */
-export type IIFilesStorageWithCdn = IFilesStorage & {
-    readonly cdnPublicUrl: URL;
-    readonly pathPrefix?: string;
-    getItemUrl(key: string): URL;
-};
-
-/**
- * TODO: Probably not deterministic and async getItemUrl
- * TODO: Probably just createUrlMaker
- * TODO: List method
- * TODO: Glob method
- * TODO: Subfolder (similar to PrefixStorage) method
- * TODO: Subscribe, list, sub(folder) should be part of LIB everstorage
- * TODO: Probably implement observe through RxJS
- * TODO: [☹️] Unite with `PromptbookStorage` and move to `/src/...`
- */

package/apps/agents-server/src/utils/cdn/interfaces/IStorage.ts

@@ -1,14 +0,0 @@
-// Note: This is a simplified version of the IStorage interface based on the usage in the project.
-export type IStorage<T> = {
-    readonly length: Promise<number>;
-    clear(): Promise<void>;
-    getItem(key: string): Promise<T | null>;
-    key(index: number): Promise<string | null>;
-    removeItem(key: string): Promise<void>;
-    setItem(key: string, value: T): Promise<void>;
-};
-
-
-/**
- * TODO: [☹️] Unite with `PromptbookStorage` and move to `/src/...`
- */

package/apps/agents-server/src/utils/cdn/utils/getUserFileCdnKey.ts

@@ -1,28 +0,0 @@
-import hexEncoder from 'crypto-js/enc-hex';
-import sha256 from 'crypto-js/sha256';
-import type { string_uri } from '../../../../../../src/types/typeAliases';
-import { titleToName } from '../../../../../../src/utils/normalization/titleToName';
-import { nameToSubfolderPath } from './nameToSubfolderPath';
-
-/**
- * Generates a path for the user content
- */
-export function getUserFileCdnKey(file: Buffer, originalFilename: string): string_uri {
-    const hash = sha256(hexEncoder.parse(file.toString('hex'))).toString(/* hex */);
-    //    <- TODO: [🥬] Encapsulate sha256 to some private utility function
-
-    const originalFilenameParts = originalFilename.split('.');
-    const extension = originalFilenameParts.pop();
-    const name = titleToName(originalFilenameParts.join('.'));
-
-    const filename = name + '.' + extension;
-    // <- Note: [⛳️] Preserving original file name
-
-    return `user/files/${nameToSubfolderPath(hash).join('/')}/${filename}`;
-}
-
-/**
- * TODO: [🌍] Unite this logic in one place
- * TODO: Way to garbage unused uploaded files
- * TODO: Probably separate util countBufferHash
- */

package/apps/agents-server/src/utils/cdn/utils/nameToSubfolderPath.ts

@@ -1,9 +0,0 @@
-import type { string_name } from '../../../../../../src/types/typeAliases';
-
-export function nameToSubfolderPath(name: string_name): Array<string> {
-    return [name.substr(0, 2).toLowerCase(), name.substr(2, 5).toLowerCase()];
-}
-
-/**
- * TODO: [🐱‍🚀] Use `nameToSubfolderPath` from src
- */

package/apps/agents-server/src/utils/cdn/utils/nextRequestToNodeRequest.ts

@@ -1,27 +0,0 @@
-import { TODO_any } from '@promptbook-local/types';
-import { NextRequest } from 'next/server';
-import { Readable } from 'node:stream';
-
-export async function nextRequestToNodeRequest(nextRequest: NextRequest): Promise<Readable> {
-    const reader = nextRequest.body?.getReader();
-
-    if (!reader) {
-        throw new Error(`Can not get nextRequest.body.getReader()`);
-    }
-
-    const nodeStream = new Readable({
-        async read() {
-            const { done, value } = await reader.read();
-            if (done) this.push(null);
-            else this.push(Buffer.from(value));
-        },
-    });
-
-    // Fake IncomingMessage with headers
-    (nodeStream as TODO_any).headers = Object.fromEntries(nextRequest.headers.entries());
-    (nodeStream as TODO_any).method = nextRequest.method;
-    (nodeStream as TODO_any).url = nextRequest.url;
-    (nodeStream as TODO_any).socket = {}; // required by formidable
-
-    return nodeStream;
-}