@seanmozeik/s3up 0.3.1

package/src/lib/progress-bar.ts

@@ -0,0 +1,155 @@
+// src/lib/progress-bar.ts
+// Custom gradient progress bar for chunked uploads
+
+import gradient from 'gradient-string';
+import { frappe, gradientColors, theme } from '../ui/theme';
+
+// Create gradient using existing Catppuccin palette
+const progressGradient = gradient([...gradientColors.banner]);
+
+export interface ProgressState {
+  filename: string;
+  completedParts: number;
+  totalParts: number;
+  bytesUploaded: number;
+  totalBytes: number;
+  startTime: number;
+  recentSamples: { time: number; bytes: number }[];
+}
+
+/**
+ * Create initial progress state
+ */
+export function createProgressState(
+  filename: string,
+  totalParts: number,
+  totalBytes: number
+): ProgressState {
+  return {
+    bytesUploaded: 0,
+    completedParts: 0,
+    filename,
+    recentSamples: [{ bytes: 0, time: Date.now() }],
+    startTime: Date.now(),
+    totalBytes,
+    totalParts
+  };
+}
+
+/**
+ * Update progress state with a completed part
+ */
+export function updateProgress(state: ProgressState, bytesUploaded: number): void {
+  state.completedParts++;
+  state.bytesUploaded += bytesUploaded;
+
+  // Add sample for speed calculation (keep last 30 seconds for slow uploads)
+  const now = Date.now();
+  state.recentSamples.push({ bytes: state.bytesUploaded, time: now });
+
+  // Remove samples older than 30 seconds
+  const cutoff = now - 30000;
+  state.recentSamples = state.recentSamples.filter((s) => s.time >= cutoff);
+}
+
+/**
+ * Calculate transfer speed (bytes per second)
+ * Uses overall average if recent samples insufficient
+ */
+function calculateSpeed(state: ProgressState): number {
+  // Try recent samples first
+  if (state.recentSamples.length >= 2) {
+    const oldest = state.recentSamples[0];
+    const newest = state.recentSamples[state.recentSamples.length - 1];
+
+    const timeDiff = (newest.time - oldest.time) / 1000;
+    if (timeDiff > 0) {
+      const bytesDiff = newest.bytes - oldest.bytes;
+      return bytesDiff / timeDiff;
+    }
+  }
+
+  // Fall back to overall average speed
+  const elapsed = (Date.now() - state.startTime) / 1000;
+  if (elapsed > 0 && state.bytesUploaded > 0) {
+    return state.bytesUploaded / elapsed;
+  }
+
+  return 0;
+}
+
+/**
+ * Format bytes to human readable
+ */
+function formatBytes(bytes: number): string {
+  if (bytes === 0) return '0 B';
+  const k = 1024;
+  const sizes = ['B', 'KB', 'MB', 'GB'];
+  const i = Math.floor(Math.log(bytes) / Math.log(k));
+  return `${(bytes / k ** i).toFixed(1)} ${sizes[i]}`;
+}
+
+/**
+ * Format speed to human readable
+ */
+function formatSpeed(bytesPerSecond: number): string {
+  return `${formatBytes(bytesPerSecond)}/s`;
+}
+
+/**
+ * Render the progress bar string
+ */
+export function renderProgressBar(state: ProgressState, width = 30): string {
+  const percent =
+    state.totalBytes > 0 ? Math.round((state.bytesUploaded / state.totalBytes) * 100) : 0;
+  const filledWidth = Math.round((percent / 100) * width);
+  const emptyWidth = width - filledWidth;
+
+  // Create bar characters
+  const filledBar = '█'.repeat(filledWidth);
+  const emptyBar = '░'.repeat(emptyWidth);
+
+  // Apply gradient to filled portion
+  const gradientBar = filledWidth > 0 ? progressGradient(filledBar) : '';
+  const fullBar = gradientBar + frappe.surface0(emptyBar);
+
+  // Calculate speed
+  const speed = calculateSpeed(state);
+  const speedStr = formatSpeed(speed);
+
+  // Format: ████░░░░░░ [5/20] 25% (12.3 MB/s)
+  const chunkInfo = `[${state.completedParts}/${state.totalParts}]`;
+  const percentStr = `${percent}%`;
+
+  return `${fullBar} ${frappe.subtext0(chunkInfo)} ${frappe.text(percentStr)} ${theme.dim(`(${speedStr})`)}`;
+}
+
+/**
+ * Render progress line with filename (for terminal output)
+ */
+export function renderProgressLine(state: ProgressState): string {
+  const bar = renderProgressBar(state);
+  return `  ${bar}`;
+}
+
+/**
+ * Clear line and move cursor to start
+ */
+export function clearLine(): void {
+  process.stdout.write('\r\x1b[K');
+}
+
+/**
+ * Write progress to terminal (same line)
+ */
+export function writeProgress(state: ProgressState): void {
+  clearLine();
+  process.stdout.write(renderProgressLine(state));
+}
+
+/**
+ * Finish progress (move to next line)
+ */
+export function finishProgress(): void {
+  console.log();
+}

package/src/lib/providers.ts

@@ -0,0 +1,150 @@
+// src/lib/providers.ts
+import { deleteConfigSecret, getConfigSecret, setConfigSecret } from './secrets.js';
+
+export type Provider = 'aws' | 'r2' | 'digitalocean' | 'backblaze' | 'custom';
+
+export interface ProviderInfo {
+  name: string;
+  description: string;
+  requiresRegion: boolean;
+  requiresAccountId: boolean;
+  requiresEndpoint: boolean;
+  regions?: string[];
+}
+
+export const PROVIDERS: Record<Provider, ProviderInfo> = {
+  aws: {
+    description: 'Amazon Web Services S3',
+    name: 'AWS S3',
+    regions: [
+      'us-east-1',
+      'us-east-2',
+      'us-west-1',
+      'us-west-2',
+      'eu-west-1',
+      'eu-west-2',
+      'eu-west-3',
+      'eu-central-1',
+      'eu-north-1',
+      'ap-northeast-1',
+      'ap-northeast-2',
+      'ap-northeast-3',
+      'ap-southeast-1',
+      'ap-southeast-2',
+      'ap-south-1',
+      'sa-east-1',
+      'ca-central-1'
+    ],
+    requiresAccountId: false,
+    requiresEndpoint: false,
+    requiresRegion: true
+  },
+  backblaze: {
+    description: 'Backblaze B2 Cloud Storage',
+    name: 'Backblaze B2',
+    regions: ['us-west-000', 'us-west-001', 'us-west-002', 'us-west-004', 'eu-central-003'],
+    requiresAccountId: false,
+    requiresEndpoint: false,
+    requiresRegion: true
+  },
+  custom: {
+    description: 'Custom S3-compatible endpoint (MinIO, etc.)',
+    name: 'Custom S3',
+    requiresAccountId: false,
+    requiresEndpoint: true,
+    requiresRegion: false
+  },
+  digitalocean: {
+    description: 'DigitalOcean Spaces Object Storage',
+    name: 'DigitalOcean Spaces',
+    regions: ['nyc3', 'ams3', 'sgp1', 'fra1', 'sfo2', 'sfo3', 'blr1', 'syd1'],
+    requiresAccountId: false,
+    requiresEndpoint: false,
+    requiresRegion: true
+  },
+  r2: {
+    description: 'Cloudflare R2 Storage',
+    name: 'Cloudflare R2',
+    requiresAccountId: true,
+    requiresEndpoint: false,
+    requiresRegion: false
+  }
+};
+
+export interface S3Config {
+  provider: Provider;
+  accessKeyId: string;
+  secretAccessKey: string;
+  bucket: string;
+  publicUrlBase: string;
+  region?: string;
+  accountId?: string;
+  endpoint?: string;
+}
+
+/**
+ * Get the S3 endpoint URL for a provider
+ */
+export function getEndpoint(config: S3Config): string {
+  switch (config.provider) {
+    case 'aws':
+      return `https://s3.${config.region}.amazonaws.com`;
+    case 'r2':
+      return `https://${config.accountId}.r2.cloudflarestorage.com`;
+    case 'digitalocean':
+      return `https://${config.region}.digitaloceanspaces.com`;
+    case 'backblaze':
+      return `https://s3.${config.region}.backblazeb2.com`;
+    case 'custom':
+      if (!config.endpoint) {
+        throw new Error('Custom provider requires endpoint');
+      }
+      return config.endpoint;
+    default:
+      throw new Error(`Unknown provider: ${config.provider}`);
+  }
+}
+
+/**
+ * Load config from secrets/environment (single keychain prompt)
+ */
+export async function loadConfig(): Promise<S3Config | null> {
+  const json = await getConfigSecret();
+  if (!json) {
+    return null;
+  }
+
+  try {
+    const config = JSON.parse(json) as S3Config;
+
+    // Validate required fields
+    if (
+      !config.provider ||
+      !config.accessKeyId ||
+      !config.secretAccessKey ||
+      !config.bucket ||
+      !config.publicUrlBase
+    ) {
+      return null;
+    }
+
+    return config;
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Save config to secrets (single keychain entry)
+ */
+export async function saveConfig(config: S3Config): Promise<void> {
+  await setConfigSecret(JSON.stringify(config));
+}
+
+/**
+ * Delete all stored config
+ */
+export async function deleteConfig(): Promise<number> {
+  const deleted = await deleteConfigSecret();
+  return deleted ? 1 : 0;
+}

package/src/lib/s3.test.ts

@@ -0,0 +1,42 @@
+// src/lib/s3.test.ts
+import { describe, expect, test } from 'bun:test';
+import { createS3Client, parseAge } from './s3';
+
+describe('parseAge', () => {
+  test('parses days', () => {
+    expect(parseAge('1d')).toBe(24 * 60 * 60 * 1000);
+    expect(parseAge('7d')).toBe(7 * 24 * 60 * 60 * 1000);
+  });
+
+  test('parses hours', () => {
+    expect(parseAge('12h')).toBe(12 * 60 * 60 * 1000);
+  });
+
+  test('parses minutes', () => {
+    expect(parseAge('30m')).toBe(30 * 60 * 1000);
+  });
+
+  test('parses zero', () => {
+    expect(parseAge('0')).toBe(0);
+  });
+
+  test('defaults to days if no unit', () => {
+    expect(parseAge('5')).toBe(5 * 24 * 60 * 60 * 1000);
+  });
+});
+
+describe('createS3Client', () => {
+  test('creates client from config', () => {
+    const config = {
+      accessKeyId: 'test-key',
+      bucket: 'test-bucket',
+      provider: 'aws' as const,
+      publicUrlBase: 'https://cdn.example.com',
+      region: 'us-east-1',
+      secretAccessKey: 'test-secret'
+    };
+
+    const client = createS3Client(config);
+    expect(client).toBeDefined();
+  });
+});

package/src/lib/s3.ts

@@ -0,0 +1,124 @@
+// src/lib/s3.ts
+import { S3Client } from 'bun';
+import { getEndpoint, type S3Config } from './providers';
+
+export interface S3Object {
+  key: string;
+  size: number;
+  lastModified: Date;
+  etag?: string;
+}
+
+export interface ListResult {
+  objects: S3Object[];
+  isTruncated: boolean;
+  nextContinuationToken?: string;
+}
+
+export function createS3Client(config: S3Config): S3Client {
+  return new S3Client({
+    accessKeyId: config.accessKeyId,
+    bucket: config.bucket,
+    endpoint: getEndpoint(config),
+    secretAccessKey: config.secretAccessKey
+  });
+}
+
+export async function listObjects(
+  client: S3Client,
+  prefix?: string,
+  maxKeys = 1000
+): Promise<ListResult> {
+  const result = await client.list({
+    maxKeys,
+    prefix
+  });
+
+  const objects: S3Object[] = (result.contents ?? []).map((item) => ({
+    etag: item.eTag,
+    key: item.key,
+    lastModified: new Date(item.lastModified ?? Date.now()),
+    size: item.size ?? 0
+  }));
+
+  return {
+    isTruncated: result.isTruncated ?? false,
+    nextContinuationToken: result.nextContinuationToken,
+    objects
+  };
+}
+
+export async function listAllObjects(client: S3Client, prefix?: string): Promise<S3Object[]> {
+  const allObjects: S3Object[] = [];
+  let continuationToken: string | undefined;
+  let hasMore = true;
+
+  while (hasMore) {
+    const result = await client.list({
+      maxKeys: 1000,
+      prefix,
+      startAfter: continuationToken
+    });
+
+    const objects: S3Object[] = (result.contents ?? []).map((item) => ({
+      etag: item.eTag,
+      key: item.key,
+      lastModified: new Date(item.lastModified ?? Date.now()),
+      size: item.size ?? 0
+    }));
+
+    allObjects.push(...objects);
+
+    if (result.isTruncated && objects.length > 0) {
+      continuationToken = objects[objects.length - 1].key;
+    } else {
+      hasMore = false;
+    }
+  }
+
+  return allObjects;
+}
+
+export async function deleteObject(client: S3Client, key: string): Promise<void> {
+  await client.delete(key);
+}
+
+export async function deleteObjects(
+  client: S3Client,
+  keys: string[]
+): Promise<{ deleted: number; errors: string[] }> {
+  const errors: string[] = [];
+  let deleted = 0;
+
+  for (const key of keys) {
+    try {
+      await client.delete(key);
+      deleted++;
+    } catch (err) {
+      errors.push(`${key}: ${err instanceof Error ? err.message : String(err)}`);
+    }
+  }
+
+  return { deleted, errors };
+}
+
+export function parseAge(age: string): number {
+  if (age === '0') return 0;
+
+  const match = age.match(/^(\d+)([dhm])?$/);
+  if (!match) return 0;
+
+  const value = parseInt(match[1], 10);
+  const unit = match[2] || 'd';
+
+  switch (unit) {
+    case 'd':
+      return value * 24 * 60 * 60 * 1000;
+    case 'h':
+      return value * 60 * 60 * 1000;
+    case 'm':
+      return value * 60 * 1000;
+    default:
+      return value * 24 * 60 * 60 * 1000;
+  }
+}

package/src/lib/secrets.ts

@@ -0,0 +1,81 @@
+// src/lib/secrets.ts
+
+const SECRETS_SERVICE = 'com.s3up.cli';
+const CONFIG_KEY = 'S3UP_CONFIG';
+
+// In-memory cache to avoid multiple keychain prompts per process
+let configCache: string | null | undefined;
+
+/**
+ * Get the full config JSON from keychain (single prompt)
+ */
+export async function getConfigSecret(): Promise<string | null> {
+  // Check cache first
+  if (configCache !== undefined) {
+    return configCache;
+  }
+
+  // Check environment variable
+  const envValue = process.env[CONFIG_KEY];
+  if (envValue) {
+    configCache = envValue;
+    return envValue;
+  }
+
+  // Try system credential store via Bun.secrets
+  try {
+    const value = await Bun.secrets.get({
+      name: CONFIG_KEY,
+      service: SECRETS_SERVICE
+    });
+    configCache = value;
+    return value;
+  } catch {
+    configCache = null;
+    return null;
+  }
+}
+
+/**
+ * Store config JSON in system credential store
+ */
+export async function setConfigSecret(value: string): Promise<void> {
+  try {
+    await Bun.secrets.set({
+      name: CONFIG_KEY,
+      service: SECRETS_SERVICE,
+      value
+    });
+    configCache = value;
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    if (process.platform === 'linux' && msg.includes('libsecret')) {
+      throw new Error(
+        'libsecret not found. Install it with:\n' +
+          '  Ubuntu/Debian: sudo apt install libsecret-1-0\n' +
+          '  Fedora/RHEL:   sudo dnf install libsecret\n' +
+          '  Arch:          sudo pacman -S libsecret\n' +
+          'Or use environment variables instead.'
+      );
+    }
+    throw err;
+  }
+}
+
+/**
+ * Delete config from system credential store
+ */
+export async function deleteConfigSecret(): Promise<boolean> {
+  configCache = undefined;
+  return await Bun.secrets.delete({
+    name: CONFIG_KEY,
+    service: SECRETS_SERVICE
+  });
+}
+
+/**
+ * Get the secrets service name (for external tools)
+ */
+export function getSecretsService(): string {
+  return SECRETS_SERVICE;
+}

package/src/lib/signing.ts

@@ -0,0 +1,151 @@
+// src/lib/signing.ts
+// AWS Signature Version 4 signing using Bun's native crypto
+
+export interface AwsCredentials {
+  accessKeyId: string;
+  secretAccessKey: string;
+  region: string;
+}
+
+export interface SignedRequest {
+  url: string;
+  method: string;
+  headers: Record<string, string>;
+}
+
+/**
+ * SHA256 hash of data
+ */
+function sha256(data: string | Uint8Array): string {
+  const hasher = new Bun.CryptoHasher('sha256');
+  hasher.update(data);
+  return hasher.digest('hex');
+}
+
+/**
+ * HMAC-SHA256
+ */
+function hmacSha256(key: string | Uint8Array, data: string): Uint8Array {
+  const keyBuffer = typeof key === 'string' ? new TextEncoder().encode(key) : key;
+  const hasher = new Bun.CryptoHasher('sha256', keyBuffer);
+  hasher.update(data);
+  return new Uint8Array(hasher.digest());
+}
+
+/**
+ * Get AWS signing key
+ */
+function getSigningKey(
+  secretKey: string,
+  dateStamp: string,
+  region: string,
+  service: string
+): Uint8Array {
+  const kDate = hmacSha256(`AWS4${secretKey}`, dateStamp);
+  const kRegion = hmacSha256(kDate, region);
+  const kService = hmacSha256(kRegion, service);
+  const kSigning = hmacSha256(kService, 'aws4_request');
+  return kSigning;
+}
+
+/**
+ * Format date for AWS (YYYYMMDD'T'HHMMSS'Z')
+ */
+function toAmzDate(date: Date): string {
+  return date.toISOString().replace(/[:-]|\.\d{3}/g, '');
+}
+
+/**
+ * Format date stamp (YYYYMMDD)
+ */
+function toDateStamp(date: Date): string {
+  return toAmzDate(date).slice(0, 8);
+}
+
+/**
+ * Sign an AWS request using SigV4
+ */
+export function signRequest(
+  method: string,
+  url: string,
+  headers: Record<string, string>,
+  body: string | Uint8Array | null,
+  credentials: AwsCredentials,
+  service = 's3'
+): SignedRequest {
+  const parsedUrl = new URL(url);
+  const now = new Date();
+  const amzDate = toAmzDate(now);
+  const dateStamp = toDateStamp(now);
+
+  // Ensure host header
+  const signedHeaders: Record<string, string> = {
+    ...headers,
+    host: parsedUrl.host,
+    'x-amz-content-sha256': body ? sha256(body) : sha256(''),
+    'x-amz-date': amzDate
+  };
+
+  // Canonical headers (lowercase, sorted)
+  const headerKeys = Object.keys(signedHeaders)
+    .map((k) => k.toLowerCase())
+    .sort();
+  const getHeaderValue = (lowerKey: string): string => {
+    const originalKey = Object.keys(signedHeaders).find((h) => h.toLowerCase() === lowerKey);
+    return originalKey ? signedHeaders[originalKey] : '';
+  };
+  const canonicalHeaders = `${headerKeys.map((k) => `${k}:${getHeaderValue(k)}`).join('\n')}\n`;
+  const signedHeadersStr = headerKeys.join(';');
+
+  // Canonical request
+  const canonicalUri = parsedUrl.pathname;
+  const canonicalQuerystring = parsedUrl.searchParams.toString();
+  const payloadHash = body ? sha256(body) : sha256('');
+
+  const canonicalRequest = [
+    method,
+    canonicalUri,
+    canonicalQuerystring,
+    canonicalHeaders,
+    signedHeadersStr,
+    payloadHash
+  ].join('\n');
+
+  // String to sign
+  const algorithm = 'AWS4-HMAC-SHA256';
+  const credentialScope = `${dateStamp}/${credentials.region}/${service}/aws4_request`;
+  const stringToSign = [algorithm, amzDate, credentialScope, sha256(canonicalRequest)].join('\n');
+
+  // Calculate signature
+  const signingKey = getSigningKey(
+    credentials.secretAccessKey,
+    dateStamp,
+    credentials.region,
+    service
+  );
+  const signatureHasher = new Bun.CryptoHasher('sha256', signingKey);
+  signatureHasher.update(stringToSign);
+  const signature = signatureHasher.digest('hex');
+
+  // Authorization header
+  const authorization = `${algorithm} Credential=${credentials.accessKeyId}/${credentialScope}, SignedHeaders=${signedHeadersStr}, Signature=${signature}`;
+
+  return {
+    headers: {
+      ...signedHeaders,
+      authorization
+    },
+    method,
+    url
+  };
+}
+
+/**
+ * Helper to get region from endpoint for non-AWS providers
+ */
+export function getRegionForSigning(provider: string, region?: string): string {
+  // R2 and other S3-compatible services use 'auto' or a specific region
+  if (provider === 'r2') return 'auto';
+  if (provider === 'custom') return region ?? 'us-east-1';
+  return region ?? 'us-east-1';
+}