@push.rocks/smartregistry 2.2.0 → 2.2.2

package/ts/core/classes.authmanager.ts

@@ -52,37 +52,40 @@ export class AuthManager {
     return token;
   }
 
-  // ========================================================================
-  // NPM AUTHENTICATION
-  // ========================================================================
-
   /**
-   * Create an NPM token
+   * Generic protocol token creation (internal helper)
    * @param userId - User ID
+   * @param protocol - Protocol type (npm, maven, composer, etc.)
    * @param readonly - Whether the token is readonly
-   * @returns NPM UUID token
+   * @returns UUID token string
    */
-  public async createNpmToken(userId: string, readonly: boolean = false): Promise<string> {
-    if (!this.config.npmTokens.enabled) {
-      throw new Error('NPM tokens are not enabled');
-    }
-
-    const scopes = readonly ? ['npm:*:*:read'] : ['npm:*:*:*'];
-    return this.createUuidToken(userId, 'npm', scopes, readonly);
+  private async createProtocolToken(
+    userId: string,
+    protocol: TRegistryProtocol,
+    readonly: boolean
+  ): Promise<string> {
+    const scopes = readonly
+      ? [`${protocol}:*:*:read`]
+      : [`${protocol}:*:*:*`];
+    return this.createUuidToken(userId, protocol, scopes, readonly);
   }
 
   /**
-   * Validate an NPM token
-   * @param token - NPM UUID token
+   * Generic protocol token validation (internal helper)
+   * @param token - UUID token string
+   * @param protocol - Expected protocol type
    * @returns Auth token object or null
    */
-  public async validateNpmToken(token: string): Promise<IAuthToken | null> {
+  private async validateProtocolToken(
+    token: string,
+    protocol: TRegistryProtocol
+  ): Promise<IAuthToken | null> {
     if (!this.isValidUuid(token)) {
       return null;
     }
 
     const authToken = this.tokenStore.get(token);
-    if (!authToken || authToken.type !== 'npm') {
+    if (!authToken || authToken.type !== protocol) {
       return null;
     }
 
@@ -95,12 +98,46 @@ export class AuthManager {
     return authToken;
   }
 
+  /**
+   * Generic protocol token revocation (internal helper)
+   * @param token - UUID token string
+   */
+  private async revokeProtocolToken(token: string): Promise<void> {
+    this.tokenStore.delete(token);
+  }
+
+  // ========================================================================
+  // NPM AUTHENTICATION
+  // ========================================================================
+
+  /**
+   * Create an NPM token
+   * @param userId - User ID
+   * @param readonly - Whether the token is readonly
+   * @returns NPM UUID token
+   */
+  public async createNpmToken(userId: string, readonly: boolean = false): Promise<string> {
+    if (!this.config.npmTokens.enabled) {
+      throw new Error('NPM tokens are not enabled');
+    }
+    return this.createProtocolToken(userId, 'npm', readonly);
+  }
+
+  /**
+   * Validate an NPM token
+   * @param token - NPM UUID token
+   * @returns Auth token object or null
+   */
+  public async validateNpmToken(token: string): Promise<IAuthToken | null> {
+    return this.validateProtocolToken(token, 'npm');
+  }
+
   /**
    * Revoke an NPM token
    * @param token - NPM UUID token
    */
   public async revokeNpmToken(token: string): Promise<void> {
-    this.tokenStore.delete(token);
+    return this.revokeProtocolToken(token);
   }
 
   /**
@@ -265,8 +302,7 @@ export class AuthManager {
    * @returns Maven UUID token
    */
   public async createMavenToken(userId: string, readonly: boolean = false): Promise<string> {
-    const scopes = readonly ? ['maven:*:*:read'] : ['maven:*:*:*'];
-    return this.createUuidToken(userId, 'maven', scopes, readonly);
+    return this.createProtocolToken(userId, 'maven', readonly);
   }
 
   /**
@@ -275,22 +311,7 @@ export class AuthManager {
    * @returns Auth token object or null
    */
   public async validateMavenToken(token: string): Promise<IAuthToken | null> {
-    if (!this.isValidUuid(token)) {
-      return null;
-    }
-
-    const authToken = this.tokenStore.get(token);
-    if (!authToken || authToken.type !== 'maven') {
-      return null;
-    }
-
-    // Check expiration if set
-    if (authToken.expiresAt && authToken.expiresAt < new Date()) {
-      this.tokenStore.delete(token);
-      return null;
-    }
-
-    return authToken;
+    return this.validateProtocolToken(token, 'maven');
   }
 
   /**
@@ -298,7 +319,7 @@ export class AuthManager {
    * @param token - Maven UUID token
    */
   public async revokeMavenToken(token: string): Promise<void> {
-    this.tokenStore.delete(token);
+    return this.revokeProtocolToken(token);
   }
 
   // ========================================================================
@@ -312,8 +333,7 @@ export class AuthManager {
    * @returns Composer UUID token
    */
   public async createComposerToken(userId: string, readonly: boolean = false): Promise<string> {
-    const scopes = readonly ? ['composer:*:*:read'] : ['composer:*:*:*'];
-    return this.createUuidToken(userId, 'composer', scopes, readonly);
+    return this.createProtocolToken(userId, 'composer', readonly);
   }
 
   /**
@@ -322,22 +342,7 @@ export class AuthManager {
    * @returns Auth token object or null
    */
   public async validateComposerToken(token: string): Promise<IAuthToken | null> {
-    if (!this.isValidUuid(token)) {
-      return null;
-    }
-
-    const authToken = this.tokenStore.get(token);
-    if (!authToken || authToken.type !== 'composer') {
-      return null;
-    }
-
-    // Check expiration if set
-    if (authToken.expiresAt && authToken.expiresAt < new Date()) {
-      this.tokenStore.delete(token);
-      return null;
-    }
-
-    return authToken;
+    return this.validateProtocolToken(token, 'composer');
   }
 
   /**
@@ -345,7 +350,7 @@ export class AuthManager {
    * @param token - Composer UUID token
    */
   public async revokeComposerToken(token: string): Promise<void> {
-    this.tokenStore.delete(token);
+    return this.revokeProtocolToken(token);
   }
 
   // ========================================================================
@@ -359,8 +364,7 @@ export class AuthManager {
    * @returns Cargo UUID token
    */
   public async createCargoToken(userId: string, readonly: boolean = false): Promise<string> {
-    const scopes = readonly ? ['cargo:*:*:read'] : ['cargo:*:*:*'];
-    return this.createUuidToken(userId, 'cargo', scopes, readonly);
+    return this.createProtocolToken(userId, 'cargo', readonly);
   }
 
   /**
@@ -369,22 +373,7 @@ export class AuthManager {
    * @returns Auth token object or null
    */
   public async validateCargoToken(token: string): Promise<IAuthToken | null> {
-    if (!this.isValidUuid(token)) {
-      return null;
-    }
-
-    const authToken = this.tokenStore.get(token);
-    if (!authToken || authToken.type !== 'cargo') {
-      return null;
-    }
-
-    // Check expiration if set
-    if (authToken.expiresAt && authToken.expiresAt < new Date()) {
-      this.tokenStore.delete(token);
-      return null;
-    }
-
-    return authToken;
+    return this.validateProtocolToken(token, 'cargo');
   }
 
   /**
@@ -392,7 +381,7 @@ export class AuthManager {
    * @param token - Cargo UUID token
    */
   public async revokeCargoToken(token: string): Promise<void> {
-    this.tokenStore.delete(token);
+    return this.revokeProtocolToken(token);
   }
 
   // ========================================================================
@@ -406,8 +395,7 @@ export class AuthManager {
    * @returns PyPI UUID token
    */
   public async createPypiToken(userId: string, readonly: boolean = false): Promise<string> {
-    const scopes = readonly ? ['pypi:*:*:read'] : ['pypi:*:*:*'];
-    return this.createUuidToken(userId, 'pypi', scopes, readonly);
+    return this.createProtocolToken(userId, 'pypi', readonly);
   }
 
   /**
@@ -416,22 +404,7 @@ export class AuthManager {
    * @returns Auth token object or null
    */
   public async validatePypiToken(token: string): Promise<IAuthToken | null> {
-    if (!this.isValidUuid(token)) {
-      return null;
-    }
-
-    const authToken = this.tokenStore.get(token);
-    if (!authToken || authToken.type !== 'pypi') {
-      return null;
-    }
-
-    // Check expiration if set
-    if (authToken.expiresAt && authToken.expiresAt < new Date()) {
-      this.tokenStore.delete(token);
-      return null;
-    }
-
-    return authToken;
+    return this.validateProtocolToken(token, 'pypi');
   }
 
   /**
@@ -439,7 +412,7 @@ export class AuthManager {
    * @param token - PyPI UUID token
    */
   public async revokePypiToken(token: string): Promise<void> {
-    this.tokenStore.delete(token);
+    return this.revokeProtocolToken(token);
   }
 
   // ========================================================================
@@ -453,8 +426,7 @@ export class AuthManager {
    * @returns RubyGems UUID token
    */
   public async createRubyGemsToken(userId: string, readonly: boolean = false): Promise<string> {
-    const scopes = readonly ? ['rubygems:*:*:read'] : ['rubygems:*:*:*'];
-    return this.createUuidToken(userId, 'rubygems', scopes, readonly);
+    return this.createProtocolToken(userId, 'rubygems', readonly);
   }
 
   /**
@@ -463,22 +435,7 @@ export class AuthManager {
    * @returns Auth token object or null
    */
   public async validateRubyGemsToken(token: string): Promise<IAuthToken | null> {
-    if (!this.isValidUuid(token)) {
-      return null;
-    }
-
-    const authToken = this.tokenStore.get(token);
-    if (!authToken || authToken.type !== 'rubygems') {
-      return null;
-    }
-
-    // Check expiration if set
-    if (authToken.expiresAt && authToken.expiresAt < new Date()) {
-      this.tokenStore.delete(token);
-      return null;
-    }
-
-    return authToken;
+    return this.validateProtocolToken(token, 'rubygems');
   }
 
   /**
@@ -486,7 +443,7 @@ export class AuthManager {
    * @param token - RubyGems UUID token
    */
   public async revokeRubyGemsToken(token: string): Promise<void> {
-    this.tokenStore.delete(token);
+    return this.revokeProtocolToken(token);
   }
 
   // ========================================================================
@@ -495,57 +452,42 @@ export class AuthManager {
 
   /**
    * Validate any token (NPM, Maven, OCI, PyPI, RubyGems, Composer, Cargo)
+   * Optimized: O(1) lookup when protocol hint provided
    * @param tokenString - Token string (UUID or JWT)
-   * @param protocol - Expected protocol type
+   * @param protocol - Expected protocol type (optional, improves performance)
    * @returns Auth token object or null
    */
   public async validateToken(
     tokenString: string,
     protocol?: TRegistryProtocol
   ): Promise<IAuthToken | null> {
-    // Try UUID-based tokens (NPM, Maven, Composer, Cargo, PyPI, RubyGems)
-    if (this.isValidUuid(tokenString)) {
-      // Try NPM token
-      const npmToken = await this.validateNpmToken(tokenString);
-      if (npmToken && (!protocol || protocol === 'npm')) {
-        return npmToken;
-      }
-
-      // Try Maven token
-      const mavenToken = await this.validateMavenToken(tokenString);
-      if (mavenToken && (!protocol || protocol === 'maven')) {
-        return mavenToken;
-      }
-
-      // Try Composer token
-      const composerToken = await this.validateComposerToken(tokenString);
-      if (composerToken && (!protocol || protocol === 'composer')) {
-        return composerToken;
-      }
-
-      // Try Cargo token
-      const cargoToken = await this.validateCargoToken(tokenString);
-      if (cargoToken && (!protocol || protocol === 'cargo')) {
-        return cargoToken;
-      }
-
-      // Try PyPI token
-      const pypiToken = await this.validatePypiToken(tokenString);
-      if (pypiToken && (!protocol || protocol === 'pypi')) {
-        return pypiToken;
+    // OCI uses JWT (contains dots), not UUID - check first if OCI is expected
+    if (protocol === 'oci' || tokenString.includes('.')) {
+      const ociToken = await this.validateOciToken(tokenString);
+      if (ociToken && (!protocol || protocol === 'oci')) {
+        return ociToken;
       }
-
-      // Try RubyGems token
-      const rubygemsToken = await this.validateRubyGemsToken(tokenString);
-      if (rubygemsToken && (!protocol || protocol === 'rubygems')) {
-        return rubygemsToken;
+      // If protocol was explicitly OCI but validation failed, return null
+      if (protocol === 'oci') {
+        return null;
       }
     }
 
-    // Try OCI JWT
-    const ociToken = await this.validateOciToken(tokenString);
-    if (ociToken && (!protocol || protocol === 'oci')) {
-      return ociToken;
+    // UUID-based tokens: single O(1) Map lookup
+    if (this.isValidUuid(tokenString)) {
+      const authToken = this.tokenStore.get(tokenString);
+      if (authToken) {
+        // If protocol specified, verify it matches
+        if (protocol && authToken.type !== protocol) {
+          return null;
+        }
+        // Check expiration
+        if (authToken.expiresAt && authToken.expiresAt < new Date()) {
+          this.tokenStore.delete(tokenString);
+          return null;
+        }
+        return authToken;
+      }
     }
 
     return null;

package/ts/core/helpers.buffer.ts

@@ -0,0 +1,34 @@
+/**
+ * Shared buffer utilities for consistent binary data handling across all registry types.
+ *
+ * This module addresses the common issue where `Buffer.isBuffer(Uint8Array)` returns `false`,
+ * which can cause data handling bugs when binary data arrives as Uint8Array instead of Buffer.
+ */
+
+/**
+ * Check if value is binary data (Buffer or Uint8Array)
+ */
+export function isBinaryData(value: unknown): value is Buffer | Uint8Array {
+  return Buffer.isBuffer(value) || value instanceof Uint8Array;
+}
+
+/**
+ * Convert any binary-like data to Buffer.
+ * Handles Buffer, Uint8Array, string, and objects.
+ *
+ * @param data - The data to convert to Buffer
+ * @returns A Buffer containing the data
+ */
+export function toBuffer(data: unknown): Buffer {
+  if (Buffer.isBuffer(data)) {
+    return data;
+  }
+  if (data instanceof Uint8Array) {
+    return Buffer.from(data);
+  }
+  if (typeof data === 'string') {
+    return Buffer.from(data, 'utf-8');
+  }
+  // Fallback: serialize object to JSON
+  return Buffer.from(JSON.stringify(data));
+}

package/ts/maven/classes.mavenregistry.ts

@@ -7,6 +7,7 @@ import { BaseRegistry } from '../core/classes.baseregistry.js';
 import type { RegistryStorage } from '../core/classes.registrystorage.js';
 import type { AuthManager } from '../core/classes.authmanager.js';
 import type { IRequestContext, IResponse, IAuthToken } from '../core/interfaces.core.js';
+import { toBuffer } from '../core/helpers.buffer.js';
 import type { IMavenCoordinate, IMavenMetadata, IChecksums } from './interfaces.maven.js';
 import {
   pathToGAV,
@@ -296,7 +297,7 @@ export class MavenRegistry extends BaseRegistry {
     coordinate: IMavenCoordinate,
     body: Buffer | any
   ): Promise<IResponse> {
-    const data = Buffer.isBuffer(body) ? body : Buffer.from(JSON.stringify(body));
+    const data = toBuffer(body);
 
     // Validate POM if uploading .pom file
     if (coordinate.extension === 'pom') {

package/ts/npm/classes.npmregistry.ts

@@ -113,7 +113,7 @@ export class NpmRegistry extends BaseRegistry {
     const unpublishVersionMatch = path.match(/^\/(@?[^\/]+(?:\/[^\/]+)?)\/-\/([^\/]+)$/);
     if (unpublishVersionMatch && context.method === 'DELETE') {
       const [, packageName, version] = unpublishVersionMatch;
-      console.log(`[unpublishVersionMatch] packageName=${packageName}, version=${version}`);
+      this.logger.log('debug', 'unpublishVersionMatch', { packageName, version });
       return this.unpublishVersion(packageName, version, token);
     }
 
@@ -121,7 +121,7 @@ export class NpmRegistry extends BaseRegistry {
     const unpublishPackageMatch = path.match(/^\/(@?[^\/]+(?:\/[^\/]+)?)\/-rev\/([^\/]+)$/);
     if (unpublishPackageMatch && context.method === 'DELETE') {
       const [, packageName, rev] = unpublishPackageMatch;
-      console.log(`[unpublishPackageMatch] packageName=${packageName}, rev=${rev}`);
+      this.logger.log('debug', 'unpublishPackageMatch', { packageName, rev });
       return this.unpublishPackage(packageName, token);
     }
 
@@ -129,7 +129,7 @@ export class NpmRegistry extends BaseRegistry {
     const versionMatch = path.match(/^\/(@?[^\/]+(?:\/[^\/]+)?)\/([^\/]+)$/);
     if (versionMatch) {
       const [, packageName, version] = versionMatch;
-      console.log(`[versionMatch] matched! packageName=${packageName}, version=${version}`);
+      this.logger.log('debug', 'versionMatch', { packageName, version });
       return this.handlePackageVersion(packageName, version, token);
     }
 
@@ -137,7 +137,7 @@ export class NpmRegistry extends BaseRegistry {
     const packageMatch = path.match(/^\/(@?[^\/]+(?:\/[^\/]+)?)$/);
     if (packageMatch) {
       const packageName = packageMatch[1];
-      console.log(`[packageMatch] matched! packageName=${packageName}`);
+      this.logger.log('debug', 'packageMatch', { packageName });
       return this.handlePackage(context.method, packageName, context.body, context.query, token);
     }
 
@@ -254,11 +254,11 @@ export class NpmRegistry extends BaseRegistry {
     version: string,
     token: IAuthToken | null
   ): Promise<IResponse> {
-    console.log(`[handlePackageVersion] packageName=${packageName}, version=${version}`);
+    this.logger.log('debug', 'handlePackageVersion', { packageName, version });
     const packument = await this.storage.getNpmPackument(packageName);
-    console.log(`[handlePackageVersion] packument found:`, !!packument);
+    this.logger.log('debug', 'handlePackageVersion packument', { found: !!packument });
     if (packument) {
-      console.log(`[handlePackageVersion] versions:`, Object.keys(packument.versions || {}));
+      this.logger.log('debug', 'handlePackageVersion versions', { versions: Object.keys(packument.versions || {}) });
     }
     if (!packument) {
       return {
@@ -621,7 +621,7 @@ export class NpmRegistry extends BaseRegistry {
         }
       }
     } catch (error) {
-      console.error('[handleSearch] Error:', error);
+      this.logger.log('error', 'handleSearch failed', { error: (error as Error).message });
     }
 
     // Apply pagination

package/ts/oci/classes.ociregistry.ts

@@ -738,7 +738,7 @@ export class OciRegistry extends BaseRegistry {
   }
 
   private generateUploadId(): string {
-    return `${Date.now()}-${Math.random().toString(36).substr(2, 9)}`;
+    return `${Date.now()}-${Math.random().toString(36).substring(2, 11)}`;
   }
 
   private async calculateDigest(data: Buffer): Promise<string> {

package/ts/pypi/classes.pypiregistry.ts

@@ -3,6 +3,7 @@ import { BaseRegistry } from '../core/classes.baseregistry.js';
 import { RegistryStorage } from '../core/classes.registrystorage.js';
 import { AuthManager } from '../core/classes.authmanager.js';
 import type { IRequestContext, IResponse, IAuthToken } from '../core/interfaces.core.js';
+import { isBinaryData, toBuffer } from '../core/helpers.buffer.js';
 import type {
   IPypiPackageMetadata,
   IPypiFile,
@@ -328,8 +329,9 @@ export class PypiRegistry extends BaseRegistry {
       const version = formData.version;
       // Support both: formData.content.filename (multipart parsed) and formData.filename (flat)
       const filename = formData.content?.filename || formData.filename;
-      // Support both: formData.content.data (multipart parsed) and formData.content (Buffer directly)
-      const fileData = (formData.content?.data || (Buffer.isBuffer(formData.content) ? formData.content : null)) as Buffer;
+      // Support both: formData.content.data (multipart parsed) and formData.content (Buffer/Uint8Array directly)
+      const rawContent = formData.content?.data || (isBinaryData(formData.content) ? formData.content : null);
+      const fileData = rawContent ? toBuffer(rawContent) : null;
       const filetype = formData.filetype; // 'bdist_wheel' or 'sdist'
       const pyversion = formData.pyversion;
 

package/ts/rubygems/helpers.rubygems.ts

@@ -455,9 +455,8 @@ export async function extractGemMetadata(gemData: Buffer): Promise<{
     }
 
     return null;
-  } catch (error) {
-    // Log error for debugging but return null gracefully
-    console.error('Failed to extract gem metadata:', error);
+  } catch (_error) {
+    // Error handled gracefully - return null and let caller handle missing metadata
     return null;
   }
 }