@push.rocks/smartregistry 1.8.0 → 2.0.0

package/ts/00_commitinfo_data.ts

@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@push.rocks/smartregistry',
-  version: '1.8.0',
+  version: '2.0.0',
   description: 'A composable TypeScript library implementing OCI, NPM, Maven, Cargo, Composer, PyPI, and RubyGems registries for building unified container and package registries'
 }

package/ts/classes.smartregistry.ts

@@ -41,7 +41,7 @@ export class SmartRegistry {
 
     // Initialize OCI registry if enabled
     if (this.config.oci?.enabled) {
-      const ociBasePath = this.config.oci.basePath || '/oci';
+      const ociBasePath = this.config.oci.basePath ?? '/oci';
       const ociRegistry = new OciRegistry(this.storage, this.authManager, ociBasePath);
       await ociRegistry.init();
       this.registries.set('oci', ociRegistry);
@@ -49,7 +49,7 @@ export class SmartRegistry {
 
     // Initialize NPM registry if enabled
     if (this.config.npm?.enabled) {
-      const npmBasePath = this.config.npm.basePath || '/npm';
+      const npmBasePath = this.config.npm.basePath ?? '/npm';
       const registryUrl = `http://localhost:5000${npmBasePath}`; // TODO: Make configurable
       const npmRegistry = new NpmRegistry(this.storage, this.authManager, npmBasePath, registryUrl);
       await npmRegistry.init();
@@ -58,7 +58,7 @@ export class SmartRegistry {
 
     // Initialize Maven registry if enabled
     if (this.config.maven?.enabled) {
-      const mavenBasePath = this.config.maven.basePath || '/maven';
+      const mavenBasePath = this.config.maven.basePath ?? '/maven';
       const registryUrl = `http://localhost:5000${mavenBasePath}`; // TODO: Make configurable
       const mavenRegistry = new MavenRegistry(this.storage, this.authManager, mavenBasePath, registryUrl);
       await mavenRegistry.init();
@@ -67,7 +67,7 @@ export class SmartRegistry {
 
     // Initialize Cargo registry if enabled
     if (this.config.cargo?.enabled) {
-      const cargoBasePath = this.config.cargo.basePath || '/cargo';
+      const cargoBasePath = this.config.cargo.basePath ?? '/cargo';
       const registryUrl = `http://localhost:5000${cargoBasePath}`; // TODO: Make configurable
       const cargoRegistry = new CargoRegistry(this.storage, this.authManager, cargoBasePath, registryUrl);
       await cargoRegistry.init();
@@ -76,7 +76,7 @@ export class SmartRegistry {
 
     // Initialize Composer registry if enabled
     if (this.config.composer?.enabled) {
-      const composerBasePath = this.config.composer.basePath || '/composer';
+      const composerBasePath = this.config.composer.basePath ?? '/composer';
       const registryUrl = `http://localhost:5000${composerBasePath}`; // TODO: Make configurable
       const composerRegistry = new ComposerRegistry(this.storage, this.authManager, composerBasePath, registryUrl);
       await composerRegistry.init();
@@ -85,7 +85,7 @@ export class SmartRegistry {
 
     // Initialize PyPI registry if enabled
     if (this.config.pypi?.enabled) {
-      const pypiBasePath = this.config.pypi.basePath || '/pypi';
+      const pypiBasePath = this.config.pypi.basePath ?? '/pypi';
       const registryUrl = `http://localhost:5000`; // TODO: Make configurable
       const pypiRegistry = new PypiRegistry(this.storage, this.authManager, pypiBasePath, registryUrl);
       await pypiRegistry.init();
@@ -94,7 +94,7 @@ export class SmartRegistry {
 
     // Initialize RubyGems registry if enabled
     if (this.config.rubygems?.enabled) {
-      const rubygemsBasePath = this.config.rubygems.basePath || '/rubygems';
+      const rubygemsBasePath = this.config.rubygems.basePath ?? '/rubygems';
       const registryUrl = `http://localhost:5000${rubygemsBasePath}`; // TODO: Make configurable
       const rubygemsRegistry = new RubyGemsRegistry(this.storage, this.authManager, rubygemsBasePath, registryUrl);
       await rubygemsRegistry.init();
@@ -153,7 +153,7 @@ export class SmartRegistry {
 
     // Route to PyPI registry (also handles /simple prefix)
     if (this.config.pypi?.enabled) {
-      const pypiBasePath = this.config.pypi.basePath || '/pypi';
+      const pypiBasePath = this.config.pypi.basePath ?? '/pypi';
       if (path.startsWith(pypiBasePath) || path.startsWith('/simple')) {
         const pypiRegistry = this.registries.get('pypi');
         if (pypiRegistry) {

package/ts/core/classes.authmanager.ts

@@ -1,4 +1,5 @@
 import type { IAuthConfig, IAuthToken, ICredentials, TRegistryProtocol } from './interfaces.core.js';
+import * as crypto from 'crypto';
 
 /**
  * Unified authentication manager for all registry protocols
@@ -136,7 +137,7 @@ export class AuthManager {
    * @param userId - User ID
    * @param scopes - Permission scopes
    * @param expiresIn - Expiration time in seconds
-   * @returns JWT token string
+   * @returns JWT token string (HMAC-SHA256 signed)
    */
   public async createOciToken(
     userId: string,
@@ -158,9 +159,17 @@ export class AuthManager {
       access: this.scopesToOciAccess(scopes),
     };
 
-    // In production, use proper JWT library with signing
-    // For now, return JSON string (mock JWT)
-    return JSON.stringify(payload);
+    // Create JWT with HMAC-SHA256 signature
+    const header = { alg: 'HS256', typ: 'JWT' };
+    const headerB64 = Buffer.from(JSON.stringify(header)).toString('base64url');
+    const payloadB64 = Buffer.from(JSON.stringify(payload)).toString('base64url');
+
+    const signature = crypto
+      .createHmac('sha256', this.config.jwtSecret)
+      .update(`${headerB64}.${payloadB64}`)
+      .digest('base64url');
+
+    return `${headerB64}.${payloadB64}.${signature}`;
   }
 
   /**
@@ -170,8 +179,25 @@ export class AuthManager {
    */
   public async validateOciToken(jwt: string): Promise<IAuthToken | null> {
     try {
-      // In production, verify JWT signature
-      const payload = JSON.parse(jwt);
+      const parts = jwt.split('.');
+      if (parts.length !== 3) {
+        return null;
+      }
+
+      const [headerB64, payloadB64, signatureB64] = parts;
+
+      // Verify signature
+      const expectedSignature = crypto
+        .createHmac('sha256', this.config.jwtSecret)
+        .update(`${headerB64}.${payloadB64}`)
+        .digest('base64url');
+
+      if (signatureB64 !== expectedSignature) {
+        return null;
+      }
+
+      // Decode and parse payload
+      const payload = JSON.parse(Buffer.from(payloadB64, 'base64url').toString('utf-8'));
 
       // Check expiration
       const now = Math.floor(Date.now() / 1000);
@@ -179,6 +205,11 @@ export class AuthManager {
         return null;
       }
 
+      // Check not-before time
+      if (payload.nbf && payload.nbf > now) {
+        return null;
+      }
+
       // Convert to unified token format
       const scopes = this.ociAccessToScopes(payload.access || []);
 

package/ts/oci/classes.ociregistry.ts

@@ -180,11 +180,7 @@ export class OciRegistry extends BaseRegistry {
     body?: Buffer | any
   ): Promise<IResponse> {
     if (!await this.checkPermission(token, repository, 'push')) {
-      return {
-        status: 401,
-        headers: {},
-        body: this.createError('DENIED', 'Insufficient permissions'),
-      };
+      return this.createUnauthorizedResponse(repository, 'push');
     }
 
     // Check for monolithic upload (digest + body provided)
@@ -255,11 +251,7 @@ export class OciRegistry extends BaseRegistry {
     }
 
     if (!await this.checkPermission(token, session.repository, 'push')) {
-      return {
-        status: 401,
-        headers: {},
-        body: this.createError('DENIED', 'Insufficient permissions'),
-      };
+      return this.createUnauthorizedResponse(session.repository, 'push');
     }
 
     switch (method) {
@@ -336,11 +328,7 @@ export class OciRegistry extends BaseRegistry {
     token: IAuthToken | null
   ): Promise<IResponse> {
     if (!await this.checkPermission(token, repository, 'pull')) {
-      return {
-        status: 401,
-        headers: {},
-        body: null,
-      };
+      return this.createUnauthorizedHeadResponse(repository, 'pull');
     }
 
     // Similar logic as getManifest but return headers only
@@ -437,11 +425,7 @@ export class OciRegistry extends BaseRegistry {
     }
 
     if (!await this.checkPermission(token, repository, 'delete')) {
-      return {
-        status: 401,
-        headers: {},
-        body: this.createError('DENIED', 'Insufficient permissions'),
-      };
+      return this.createUnauthorizedResponse(repository, 'delete');
     }
 
     await this.storage.deleteOciManifest(repository, digest);
@@ -460,11 +444,7 @@ export class OciRegistry extends BaseRegistry {
     range?: string
   ): Promise<IResponse> {
     if (!await this.checkPermission(token, repository, 'pull')) {
-      return {
-        status: 401,
-        headers: {},
-        body: this.createError('DENIED', 'Insufficient permissions'),
-      };
+      return this.createUnauthorizedResponse(repository, 'pull');
     }
 
     const data = await this.storage.getOciBlob(digest);
@@ -492,7 +472,7 @@ export class OciRegistry extends BaseRegistry {
     token: IAuthToken | null
   ): Promise<IResponse> {
     if (!await this.checkPermission(token, repository, 'pull')) {
-      return { status: 401, headers: {}, body: null };
+      return this.createUnauthorizedHeadResponse(repository, 'pull');
     }
 
     const exists = await this.storage.ociBlobExists(digest);
@@ -518,11 +498,7 @@ export class OciRegistry extends BaseRegistry {
     token: IAuthToken | null
   ): Promise<IResponse> {
     if (!await this.checkPermission(token, repository, 'delete')) {
-      return {
-        status: 401,
-        headers: {},
-        body: this.createError('DENIED', 'Insufficient permissions'),
-      };
+      return this.createUnauthorizedResponse(repository, 'delete');
     }
 
     await this.storage.deleteOciBlob(digest);
@@ -631,11 +607,7 @@ export class OciRegistry extends BaseRegistry {
     query: Record<string, string>
   ): Promise<IResponse> {
     if (!await this.checkPermission(token, repository, 'pull')) {
-      return {
-        status: 401,
-        headers: {},
-        body: this.createError('DENIED', 'Insufficient permissions'),
-      };
+      return this.createUnauthorizedResponse(repository, 'pull');
     }
 
     const tags = await this.getTagsData(repository);
@@ -660,11 +632,7 @@ export class OciRegistry extends BaseRegistry {
     query: Record<string, string>
   ): Promise<IResponse> {
     if (!await this.checkPermission(token, repository, 'pull')) {
-      return {
-        status: 401,
-        headers: {},
-        body: this.createError('DENIED', 'Insufficient permissions'),
-      };
+      return this.createUnauthorizedResponse(repository, 'pull');
     }
 
     const response: IReferrersResponse = {
@@ -712,6 +680,33 @@ export class OciRegistry extends BaseRegistry {
     };
   }
 
+  /**
+   * Create an unauthorized response with proper WWW-Authenticate header.
+   * Per OCI Distribution Spec, 401 responses MUST include WWW-Authenticate header.
+   */
+  private createUnauthorizedResponse(repository: string, action: string): IResponse {
+    return {
+      status: 401,
+      headers: {
+        'WWW-Authenticate': `Bearer realm="${this.basePath}/v2/token",service="registry",scope="repository:${repository}:${action}"`,
+      },
+      body: this.createError('DENIED', 'Insufficient permissions'),
+    };
+  }
+
+  /**
+   * Create an unauthorized HEAD response (no body per HTTP spec).
+   */
+  private createUnauthorizedHeadResponse(repository: string, action: string): IResponse {
+    return {
+      status: 401,
+      headers: {
+        'WWW-Authenticate': `Bearer realm="${this.basePath}/v2/token",service="registry",scope="repository:${repository}:${action}"`,
+      },
+      body: null,
+    };
+  }
+
   private startUploadSessionCleanup(): void {
     this.cleanupInterval = setInterval(() => {
       const now = new Date();

package/ts/plugins.ts

@@ -4,11 +4,12 @@ import * as path from 'path';
 export { path };
 
 // @push.rocks scope
+import * as smartarchive from '@push.rocks/smartarchive';
 import * as smartbucket from '@push.rocks/smartbucket';
 import * as smartlog from '@push.rocks/smartlog';
 import * as smartpath from '@push.rocks/smartpath';
 
-export { smartbucket, smartlog, smartpath };
+export { smartarchive, smartbucket, smartlog, smartpath };
 
 // @tsclass scope
 import * as tsclass from '@tsclass/tsclass';

package/ts/pypi/classes.pypiregistry.ts

@@ -85,14 +85,14 @@ export class PypiRegistry extends BaseRegistry {
       return this.handleUpload(context, token);
     }
 
-    // Package metadata JSON API: GET /pypi/{package}/json
-    const jsonMatch = path.match(/^\/pypi\/([^\/]+)\/json$/);
+    // Package metadata JSON API: GET /{package}/json
+    const jsonMatch = path.match(/^\/([^\/]+)\/json$/);
     if (jsonMatch && context.method === 'GET') {
       return this.handlePackageJson(jsonMatch[1]);
     }
 
-    // Version-specific JSON API: GET /pypi/{package}/{version}/json
-    const versionJsonMatch = path.match(/^\/pypi\/([^\/]+)\/([^\/]+)\/json$/);
+    // Version-specific JSON API: GET /{package}/{version}/json
+    const versionJsonMatch = path.match(/^\/([^\/]+)\/([^\/]+)\/json$/);
     if (versionJsonMatch && context.method === 'GET') {
       return this.handleVersionJson(versionJsonMatch[1], versionJsonMatch[2]);
     }
@@ -118,7 +118,7 @@ export class PypiRegistry extends BaseRegistry {
     return {
       status: 404,
       headers: { 'Content-Type': 'application/json' },
-      body: Buffer.from(JSON.stringify({ message: 'Not Found' })),
+      body: { error: 'Not Found' },
     };
   }
 
@@ -185,7 +185,7 @@ export class PypiRegistry extends BaseRegistry {
           'Content-Type': 'application/vnd.pypi.simple.v1+json',
           'Cache-Control': 'public, max-age=600'
         },
-        body: Buffer.from(JSON.stringify(response)),
+        body: response,
       };
     } else {
       // PEP 503: HTML response
@@ -200,7 +200,7 @@ export class PypiRegistry extends BaseRegistry {
           'Content-Type': 'text/html; charset=utf-8',
           'Cache-Control': 'public, max-age=600'
         },
-        body: Buffer.from(html),
+        body: html,
       };
     }
   }
@@ -215,11 +215,7 @@ export class PypiRegistry extends BaseRegistry {
     // Get package metadata
     const metadata = await this.storage.getPypiPackageMetadata(normalized);
     if (!metadata) {
-      return {
-        status: 404,
-        headers: { 'Content-Type': 'text/html; charset=utf-8' },
-        body: Buffer.from('<html><body><h1>404 Not Found</h1></body></html>'),
-      };
+      return this.errorResponse(404, 'Package not found');
     }
 
     // Build file list from all versions
@@ -251,7 +247,7 @@ export class PypiRegistry extends BaseRegistry {
           'Content-Type': 'application/vnd.pypi.simple.v1+json',
           'Cache-Control': 'public, max-age=300'
         },
-        body: Buffer.from(JSON.stringify(response)),
+        body: response,
       };
     } else {
       // PEP 503: HTML response
@@ -266,7 +262,7 @@ export class PypiRegistry extends BaseRegistry {
           'Content-Type': 'text/html; charset=utf-8',
           'Cache-Control': 'public, max-age=300'
         },
-        body: Buffer.from(html),
+        body: html,
       };
     }
   }
@@ -315,7 +311,7 @@ export class PypiRegistry extends BaseRegistry {
           'Content-Type': 'application/json',
           'WWW-Authenticate': 'Basic realm="PyPI"'
         },
-        body: Buffer.from(JSON.stringify({ message: 'Authentication required' })),
+        body: { error: 'Authentication required' },
       };
     }
 
@@ -327,11 +323,13 @@ export class PypiRegistry extends BaseRegistry {
         return this.errorResponse(400, 'Invalid upload request');
       }
 
-      // Extract required fields
+      // Extract required fields - support both nested and flat body formats
       const packageName = formData.name;
       const version = formData.version;
-      const filename = formData.content?.filename;
-      const fileData = formData.content?.data as Buffer;
+      // Support both: formData.content.filename (multipart parsed) and formData.filename (flat)
+      const filename = formData.content?.filename || formData.filename;
+      // Support both: formData.content.data (multipart parsed) and formData.content (Buffer directly)
+      const fileData = (formData.content?.data || (Buffer.isBuffer(formData.content) ? formData.content : null)) as Buffer;
       const filetype = formData.filetype; // 'bdist_wheel' or 'sdist'
       const pyversion = formData.pyversion;
 
@@ -431,12 +429,12 @@ export class PypiRegistry extends BaseRegistry {
       });
 
       return {
-        status: 200,
+        status: 201,
         headers: { 'Content-Type': 'application/json' },
-        body: Buffer.from(JSON.stringify({
+        body: {
           message: 'Package uploaded successfully',
           url: `${this.registryUrl}/pypi/packages/${normalized}/${filename}`
-        })),
+        },
       };
     } catch (error) {
       this.logger.log('error', 'Upload failed', { error: (error as Error).message });
@@ -455,7 +453,7 @@ export class PypiRegistry extends BaseRegistry {
       return {
         status: 404,
         headers: { 'Content-Type': 'application/json' },
-        body: Buffer.from(JSON.stringify({ message: 'File not found' })),
+        body: { error: 'File not found' },
       };
     }
 
@@ -472,6 +470,7 @@ export class PypiRegistry extends BaseRegistry {
 
   /**
    * Handle package JSON API (all versions)
+   * Returns format compatible with official PyPI JSON API
    */
   private async handlePackageJson(packageName: string): Promise<IResponse> {
     const normalized = helpers.normalizePypiPackageName(packageName);
@@ -481,18 +480,67 @@ export class PypiRegistry extends BaseRegistry {
       return this.errorResponse(404, 'Package not found');
     }
 
+    // Find latest version for info
+    const versions = Object.keys(metadata.versions || {});
+    const latestVersion = versions.length > 0 ? versions[versions.length - 1] : null;
+    const latestMeta = latestVersion ? metadata.versions[latestVersion] : null;
+
+    // Build URLs array from latest version files
+    const urls = latestMeta?.files?.map((file: any) => ({
+      filename: file.filename,
+      url: `${this.registryUrl}/pypi/packages/${normalized}/${file.filename}`,
+      digests: file.hashes,
+      requires_python: file['requires-python'],
+      size: file.size,
+      upload_time: file['upload-time'],
+      packagetype: file.filetype,
+      python_version: file.python_version,
+    })) || [];
+
+    // Build releases object
+    const releases: Record<string, any[]> = {};
+    for (const [ver, verMeta] of Object.entries(metadata.versions || {})) {
+      releases[ver] = (verMeta as any).files?.map((file: any) => ({
+        filename: file.filename,
+        url: `${this.registryUrl}/pypi/packages/${normalized}/${file.filename}`,
+        digests: file.hashes,
+        requires_python: file['requires-python'],
+        size: file.size,
+        upload_time: file['upload-time'],
+        packagetype: file.filetype,
+        python_version: file.python_version,
+      })) || [];
+    }
+
+    const response = {
+      info: {
+        name: normalized,
+        version: latestVersion,
+        summary: latestMeta?.metadata?.summary,
+        description: latestMeta?.metadata?.description,
+        author: latestMeta?.metadata?.author,
+        author_email: latestMeta?.metadata?.['author-email'],
+        license: latestMeta?.metadata?.license,
+        requires_python: latestMeta?.files?.[0]?.['requires-python'],
+        ...latestMeta?.metadata,
+      },
+      urls,
+      releases,
+    };
+
     return {
       status: 200,
       headers: {
         'Content-Type': 'application/json',
         'Cache-Control': 'public, max-age=300'
       },
-      body: Buffer.from(JSON.stringify(metadata)),
+      body: response,
     };
   }
 
   /**
    * Handle version-specific JSON API
+   * Returns format compatible with official PyPI JSON API
    */
   private async handleVersionJson(packageName: string, version: string): Promise<IResponse> {
     const normalized = helpers.normalizePypiPackageName(packageName);
@@ -502,13 +550,42 @@ export class PypiRegistry extends BaseRegistry {
       return this.errorResponse(404, 'Version not found');
     }
 
+    const verMeta = metadata.versions[version];
+
+    // Build URLs array from version files
+    const urls = verMeta.files?.map((file: any) => ({
+      filename: file.filename,
+      url: `${this.registryUrl}/pypi/packages/${normalized}/${file.filename}`,
+      digests: file.hashes,
+      requires_python: file['requires-python'],
+      size: file.size,
+      upload_time: file['upload-time'],
+      packagetype: file.filetype,
+      python_version: file.python_version,
+    })) || [];
+
+    const response = {
+      info: {
+        name: normalized,
+        version,
+        summary: verMeta.metadata?.summary,
+        description: verMeta.metadata?.description,
+        author: verMeta.metadata?.author,
+        author_email: verMeta.metadata?.['author-email'],
+        license: verMeta.metadata?.license,
+        requires_python: verMeta.files?.[0]?.['requires-python'],
+        ...verMeta.metadata,
+      },
+      urls,
+    };
+
     return {
       status: 200,
       headers: {
         'Content-Type': 'application/json',
         'Cache-Control': 'public, max-age=300'
       },
-      body: Buffer.from(JSON.stringify(metadata.versions[version])),
+      body: response,
     };
   }
 
@@ -570,11 +647,11 @@ export class PypiRegistry extends BaseRegistry {
    * Helper: Create error response
    */
   private errorResponse(status: number, message: string): IResponse {
-    const error: IPypiError = { message, status };
+    const error: IPypiError = { error: message, status };
     return {
       status,
       headers: { 'Content-Type': 'application/json' },
-      body: Buffer.from(JSON.stringify(error)),
+      body: error,
     };
   }
 }

package/ts/pypi/interfaces.pypi.ts

@@ -244,7 +244,7 @@ export interface IPypiUploadResponse {
  */
 export interface IPypiError {
   /** Error message */
-  message: string;
+  error: string;
   /** HTTP status code */
   status?: number;
   /** Additional error details */