@symbiosis-lab/moss-plugin-github 1.5.1

package/src/token.ts

@@ -0,0 +1,202 @@
+/**
+ * Token Storage Module
+ *
+ * Handles secure storage and retrieval of GitHub access tokens.
+ *
+ * Storage strategy:
+ * 1. Primary: Plugin cookies (via moss-api getPluginCookie/setPluginCookie)
+ * 2. Fallback: In-memory cache (for current session)
+ *
+ * Tokens are used for GitHub REST API authentication.
+ * The git credential helper is checked opportunistically (works when git
+ * is installed, silently falls through to OAuth when it's not).
+ */
+
+import { getPluginCookie, setPluginCookie, executeBinary } from "@symbiosis-lab/moss-api";
+
+const GITHUB_HOST = "github.com";
+const TOKEN_COOKIE_NAME = "__github_access_token";
+
+// In-memory fallback cache
+let cachedToken: string | null = null;
+
+/**
+ * Format credentials for git credential helper input
+ * (Used for documentation and potential future stdin support)
+ */
+export function formatCredentialInput(
+  host: string,
+  protocol: string,
+  username?: string,
+  password?: string
+): string {
+  const lines = [`protocol=${protocol}`, `host=${host}`];
+  if (username) lines.push(`username=${username}`);
+  if (password) lines.push(`password=${password}`);
+  lines.push(""); // Empty line to signal end of input
+  return lines.join("\n");
+}
+
+/**
+ * Parse git credential helper output
+ */
+export function parseCredentialOutput(output: string): {
+  username?: string;
+  password?: string;
+} {
+  const result: { username?: string; password?: string } = {};
+
+  for (const line of output.split("\n")) {
+    const [key, ...valueParts] = line.split("=");
+    const value = valueParts.join("="); // Handle = in values
+
+    if (key === "username") {
+      result.username = value;
+    } else if (key === "password") {
+      result.password = value;
+    }
+  }
+
+  return result;
+}
+
+/**
+ * Try to retrieve GitHub token from git credential helper
+ *
+ * Uses `git credential fill` with stdin input to query the system's
+ * configured credential helper (e.g., macOS Keychain, Windows Credential Manager).
+ *
+ * @returns The token if found in git credentials, null otherwise
+ */
+export async function getTokenFromGit(gitPath: string = "git"): Promise<string | null> {
+  try {
+    console.log("   Checking git credential helper for GitHub token...");
+
+    // Format the credential request for github.com
+    const input = formatCredentialInput(GITHUB_HOST, "https");
+
+    // Execute git credential fill with stdin
+    const result = await executeBinary({
+      binaryPath: gitPath,
+      args: ["credential", "fill"],
+      stdin: input,
+      timeoutMs: 5000,
+    });
+
+    if (!result.success) {
+      console.log("   No credentials found in git credential helper");
+      return null;
+    }
+
+    // Parse the credential output
+    const { password } = parseCredentialOutput(result.stdout);
+
+    if (password) {
+      console.log("   Found GitHub token in git credential helper");
+      return password;
+    }
+
+    console.log("   Git credential helper returned no password");
+    return null;
+  } catch (error) {
+    console.log(`   Git credential helper failed: ${error}`);
+    return null;
+  }
+}
+
+/**
+ * Store a GitHub access token
+ *
+ * Uses plugin cookie storage with in-memory fallback.
+ * Note: Plugin identity and project path are auto-detected from runtime context.
+ */
+export async function storeToken(token: string): Promise<boolean> {
+  try {
+    console.log("   Storing GitHub access token...");
+
+    // Store in plugin cookies
+    try {
+      await setPluginCookie([
+        {
+          name: TOKEN_COOKIE_NAME,
+          value: token,
+          domain: GITHUB_HOST,
+        },
+      ]);
+      console.log("   Token stored in plugin cookies");
+    } catch (error) {
+      console.warn(`   Could not store in cookies: ${error}`);
+    }
+
+    // Always cache in memory as fallback
+    cachedToken = token;
+
+    console.log("   Token stored successfully");
+    return true;
+  } catch (error) {
+    console.error(`   Error storing token: ${error}`);
+    return false;
+  }
+}
+
+/**
+ * Retrieve GitHub access token
+ *
+ * Checks plugin cookies first, then falls back to memory cache.
+ * Note: Plugin identity and project path are auto-detected from runtime context.
+ */
+export async function getToken(): Promise<string | null> {
+  // Check memory cache first (faster)
+  if (cachedToken) {
+    return cachedToken;
+  }
+
+  // Try plugin cookies
+  try {
+    const cookies = await getPluginCookie();
+    const tokenCookie = cookies?.find((c) => c.name === TOKEN_COOKIE_NAME);
+
+    if (tokenCookie) {
+      cachedToken = tokenCookie.value;
+      return cachedToken;
+    }
+  } catch {
+    // Cookie retrieval failed, token not available
+  }
+
+  return null;
+}
+
+/**
+ * Clear the cached token
+ */
+export function clearTokenCache(): void {
+  cachedToken = null;
+}
+
+/**
+ * Remove GitHub access token
+ * Note: Plugin identity and project path are auto-detected from runtime context.
+ */
+export async function clearToken(): Promise<boolean> {
+  try {
+    console.log("   Clearing GitHub access token...");
+
+    // Clear from plugin cookies
+    try {
+      await setPluginCookie([]);
+    } catch {
+      // Ignore cookie clear errors
+    }
+
+    // Clear memory cache
+    cachedToken = null;
+
+    console.log("   Token cleared successfully");
+    return true;
+  } catch (error) {
+    console.error(`   Error clearing token: ${error}`);
+    return false;
+  }
+}
+

package/src/types.ts

@@ -0,0 +1,91 @@
+/**
+ * Plugin-specific type definitions for the GitHub Pages Deployer Plugin
+ *
+ * Common types (DeployContext, HookResult, PluginMessage, etc.) are imported
+ * from @symbiosis-lab/moss-api.
+ */
+
+// Re-export SDK types for convenience
+export type {
+  DeployContext,
+  ConfigureDomainContext,
+  HookResult,
+  DeploymentInfo,
+  ProjectInfo,
+  PluginMessage,
+  DnsTarget,
+  DnsRecord,
+} from "@symbiosis-lab/moss-api";
+
+// ============================================================================
+// GitHub OAuth Device Flow Types
+// ============================================================================
+
+/**
+ * Response from GitHub's device code endpoint
+ * POST https://github.com/login/device/code
+ */
+export interface DeviceCodeResponse {
+  /** The device verification code (used for polling) */
+  device_code: string;
+  /** The user code to display to the user */
+  user_code: string;
+  /** The URL where user enters the code */
+  verification_uri: string;
+  /** Pre-filled URL with user_code embedded (user just clicks "Continue") */
+  verification_uri_complete?: string;
+  /** Seconds until the codes expire */
+  expires_in: number;
+  /** Minimum seconds between poll requests */
+  interval: number;
+}
+
+/**
+ * Response from GitHub's access token endpoint
+ * POST https://github.com/login/oauth/access_token
+ */
+export interface TokenResponse {
+  /** The access token (present on success) */
+  access_token?: string;
+  /** Token type, usually "bearer" */
+  token_type?: string;
+  /** Granted scopes */
+  scope?: string;
+  /** Error code (present on failure) */
+  error?: string;
+  /** Human-readable error description */
+  error_description?: string;
+}
+
+/**
+ * GitHub user response from /user endpoint
+ * Used to validate tokens
+ */
+export interface GitHubUser {
+  login: string;
+  id: number;
+  name?: string;
+  email?: string;
+}
+
+/**
+ * Authentication state for the plugin
+ */
+export interface AuthState {
+  /** Whether user is authenticated */
+  isAuthenticated: boolean;
+  /** GitHub username if authenticated */
+  username?: string;
+  /** Token scopes if authenticated */
+  scopes?: string[];
+}
+
+/**
+ * Configuration for the auth module
+ */
+export interface AuthConfig {
+  /** GitHub OAuth App Client ID */
+  clientId: string;
+  /** Required OAuth scopes */
+  scopes: string[];
+}

package/src/utils.ts

@@ -0,0 +1,108 @@
+/**
+ * Utility functions for the GitHub Deployer Plugin
+ *
+ * This module wraps SDK utilities with plugin-specific functionality.
+ */
+
+import {
+  setMessageContext,
+  reportProgress as sdkReportProgress,
+  reportError as sdkReportError,
+  showToast as sdkShowToast,
+  dismissToast as sdkDismissToast,
+  closeBrowser as sdkCloseBrowser,
+  type ToastOptions,
+} from "@symbiosis-lab/moss-api";
+
+// Re-export ToastOptions type for convenience
+export type { ToastOptions };
+
+// ============================================================================
+// Plugin Configuration
+// ============================================================================
+
+const PLUGIN_NAME = "github";
+
+// Initialize message context on load
+setMessageContext(PLUGIN_NAME, "deploy");
+
+// ============================================================================
+// Re-exports from SDK (with plugin context)
+// ============================================================================
+
+/**
+ * Set the current hook name for message routing
+ */
+export function setCurrentHookName(name: string): void {
+  setMessageContext(PLUGIN_NAME, name);
+}
+
+/**
+ * Report progress to moss during long-running operations
+ */
+export async function reportProgress(
+  phase: string,
+  current: number,
+  total: number,
+  message?: string
+): Promise<void> {
+  await sdkReportProgress(phase, current, total, message);
+}
+
+/**
+ * Report an error to moss during hook execution
+ */
+export async function reportError(
+  error: string,
+  context?: string,
+  fatal = false
+): Promise<void> {
+  await sdkReportError(error, context, fatal);
+}
+
+// ============================================================================
+// Toast Utilities
+// ============================================================================
+
+/**
+ * Show a toast notification in the main moss UI
+ *
+ * @example
+ * ```typescript
+ * // Success toast with clickable action
+ * await showToast({
+ *   message: "Deployed!",
+ *   variant: "success",
+ *   actions: [{ label: "View site", url: "https://..." }],
+ *   duration: 8000
+ * });
+ * ```
+ */
+export async function showToast(options: ToastOptions | string): Promise<void> {
+  await sdkShowToast(options);
+}
+
+/**
+ * Dismiss a toast by ID
+ */
+export async function dismissToast(id: string): Promise<void> {
+  await sdkDismissToast(id);
+}
+
+/**
+ * Close the action panel
+ */
+export async function closeBrowser(): Promise<void> {
+  await sdkCloseBrowser();
+}
+
+// ============================================================================
+// Async Utilities
+// ============================================================================
+
+/**
+ * Sleep for specified milliseconds
+ */
+export function sleep(ms: number): Promise<void> {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}

package/src/workflow.ts

@@ -0,0 +1,79 @@
+/**
+ * GitHub Actions workflow template and creation
+ */
+
+import { writeFile, fileExists } from "@symbiosis-lab/moss-api";
+
+/**
+ * GitHub Actions workflow template for deploying to GitHub Pages
+ * This is extracted from the original deploy.rs
+ */
+export const WORKFLOW_TEMPLATE = `# moss GitHub Pages Deployment
+# This workflow deploys your pre-built site from .moss/build/current/ to GitHub Pages
+# Generated by moss - https://mosspub.com
+
+name: Deploy to GitHub Pages
+
+on:
+  push:
+    branches: [BRANCH_PLACEHOLDER]
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+concurrency:
+  group: "pages"
+  cancel-in-progress: false
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    environment:
+      name: github-pages
+      url: \${{ steps.deployment.outputs.page_url }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Pages
+        uses: actions/configure-pages@v4
+
+      - name: Upload artifact
+        uses: actions/upload-pages-artifact@v3
+        with:
+          path: .moss/build/current
+
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v4
+`;
+
+/**
+ * Generate the workflow content with the correct branch
+ */
+export function generateWorkflowContent(branch: string): string {
+  return WORKFLOW_TEMPLATE.replace("BRANCH_PLACEHOLDER", branch);
+}
+
+/**
+ * Create the GitHub Actions workflow file
+ */
+export async function createWorkflowFile(branch: string): Promise<void> {
+  console.log("   Creating .github/workflows/moss-deploy.yml...");
+
+  const content = generateWorkflowContent(branch);
+
+  await writeFile(".github/workflows/moss-deploy.yml", content);
+
+  console.log("   Workflow file created");
+}
+
+/**
+ * Check if the workflow file already exists
+ */
+export async function workflowExists(): Promise<boolean> {
+  return fileExists(".github/workflows/moss-deploy.yml");
+}

package/test-helpers/mock-github-api.ts

@@ -0,0 +1,217 @@
+/**
+ * Mock GitHub API helpers for integration testing
+ *
+ * Provides utilities to mock GitHub OAuth Device Flow responses
+ * for testing authentication without hitting real APIs.
+ */
+
+import type { DeviceCodeResponse, TokenResponse, GitHubUser } from "../src/types";
+
+/**
+ * Configuration for mocking GitHub API responses
+ */
+export interface MockGitHubConfig {
+  /** Response for POST /login/device/code */
+  deviceCodeResponse?: DeviceCodeResponse;
+  /** Response(s) for POST /login/oauth/access_token - can be a single response or array for sequence */
+  tokenResponse?: TokenResponse | TokenResponse[];
+  /** Response for GET /user (token validation) */
+  userResponse?: GitHubUser | null;
+  /** OAuth scopes to return in X-OAuth-Scopes header */
+  scopes?: string[];
+}
+
+/**
+ * Default mock responses for successful auth flow
+ */
+export const defaultDeviceCodeResponse: DeviceCodeResponse = {
+  device_code: "test-device-code-123",
+  user_code: "ABCD-1234",
+  verification_uri: "https://github.com/login/device",
+  verification_uri_complete: "https://github.com/login/device?user_code=ABCD-1234",
+  expires_in: 900,
+  interval: 5,
+};
+
+export const defaultTokenResponse: TokenResponse = {
+  access_token: "gho_test_token_abc123",
+  token_type: "bearer",
+  scope: "repo,workflow",
+};
+
+export const defaultUserResponse: GitHubUser = {
+  login: "testuser",
+  id: 12345,
+  name: "Test User",
+  email: "test@example.com",
+};
+
+/**
+ * Error responses for various failure scenarios
+ */
+export const authorizationPendingResponse: TokenResponse = {
+  error: "authorization_pending",
+  error_description: "The authorization request is still pending.",
+};
+
+export const expiredTokenResponse: TokenResponse = {
+  error: "expired_token",
+  error_description: "The device_code has expired.",
+};
+
+export const accessDeniedResponse: TokenResponse = {
+  error: "access_denied",
+  error_description: "The user denied authorization.",
+};
+
+export const slowDownResponse: TokenResponse = {
+  error: "slow_down",
+  error_description: "Too many requests. Please slow down.",
+};
+
+/**
+ * Create a mock Response object
+ */
+function createMockResponse(body: unknown, status = 200, headers: Record<string, string> = {}): Response {
+  return {
+    ok: status >= 200 && status < 300,
+    status,
+    statusText: status === 200 ? "OK" : "Error",
+    headers: new Headers(headers),
+    json: async () => body,
+    text: async () => JSON.stringify(body),
+  } as Response;
+}
+
+/**
+ * Create a mock fetch function for testing
+ */
+export function createMockFetch(config: MockGitHubConfig = {}) {
+  let tokenResponseIndex = 0;
+
+  return async (url: string | URL | Request, _init?: RequestInit): Promise<Response> => {
+    const urlString = typeof url === "string" ? url : url instanceof URL ? url.toString() : url.url;
+
+    // Device code endpoint
+    if (urlString.includes("/login/device/code")) {
+      const response = config.deviceCodeResponse || defaultDeviceCodeResponse;
+      return createMockResponse(response);
+    }
+
+    // Token endpoint
+    if (urlString.includes("/login/oauth/access_token")) {
+      let response: TokenResponse;
+
+      if (Array.isArray(config.tokenResponse)) {
+        // Return responses in sequence
+        response = config.tokenResponse[tokenResponseIndex] || config.tokenResponse[config.tokenResponse.length - 1];
+        tokenResponseIndex++;
+      } else {
+        response = config.tokenResponse || defaultTokenResponse;
+      }
+
+      return createMockResponse(response);
+    }
+
+    // User endpoint (token validation)
+    if (urlString.includes("/user")) {
+      if (config.userResponse === null) {
+        return createMockResponse({ message: "Bad credentials" }, 401);
+      }
+
+      const user = config.userResponse || defaultUserResponse;
+      const scopes = config.scopes || ["repo", "workflow"];
+
+      return createMockResponse(user, 200, {
+        "X-OAuth-Scopes": scopes.join(", "),
+      });
+    }
+
+    // Unknown endpoint
+    throw new Error(`Unmocked URL: ${urlString}`);
+  };
+}
+
+/**
+ * Mock browser functions for testing
+ */
+export function createMockBrowser() {
+  let isOpen = false;
+  let currentUrl = "";
+
+  return {
+    openBrowser: async (url: string) => {
+      isOpen = true;
+      currentUrl = url;
+    },
+    closeBrowser: async () => {
+      isOpen = false;
+      currentUrl = "";
+    },
+    isOpen: () => isOpen,
+    getCurrentUrl: () => currentUrl,
+  };
+}
+
+/**
+ * Mock git credential helper for testing
+ */
+export function createMockCredentialHelper() {
+  const store: Map<string, { username: string; password: string }> = new Map();
+
+  return {
+    store: (host: string, username: string, password: string) => {
+      store.set(host, { username, password });
+    },
+    get: (host: string) => store.get(host),
+    clear: (host: string) => store.delete(host),
+    hasCredentials: (host: string) => store.has(host),
+    reset: () => store.clear(),
+  };
+}
+
+/**
+ * Setup GitHub API mocks using MockTauriContext.urlConfig
+ *
+ * This sets up URL responses for the GitHub OAuth Device Flow endpoints
+ * to work with moss-api's httpPost function which uses Tauri IPC.
+ *
+ * @param ctx - MockTauriContext from setupMockTauri()
+ * @param config - Mock response configuration
+ */
+export function setupGitHubApiMocks(
+  ctx: { urlConfig: { setResponse: (url: string, response: Record<string, unknown>) => void } },
+  config: MockGitHubConfig = {}
+): void {
+  // Device code endpoint
+  const deviceCodeResponse = config.deviceCodeResponse || defaultDeviceCodeResponse;
+  ctx.urlConfig.setResponse("https://github.com/login/device/code", {
+    status: 200,
+    ok: true,
+    contentType: "application/json",
+    bodyBase64: btoa(JSON.stringify(deviceCodeResponse)),
+  });
+
+  // Token endpoint - handle single response or first in sequence
+  const tokenResponse = Array.isArray(config.tokenResponse)
+    ? config.tokenResponse[0]
+    : config.tokenResponse || defaultTokenResponse;
+  ctx.urlConfig.setResponse("https://github.com/login/oauth/access_token", {
+    status: 200,
+    ok: true,
+    contentType: "application/json",
+    bodyBase64: btoa(JSON.stringify(tokenResponse)),
+  });
+
+  // User endpoint (for token validation - GET request, uses fetch_url)
+  const userResponse = config.userResponse !== null
+    ? config.userResponse || defaultUserResponse
+    : { message: "Bad credentials" };
+  const userStatus = config.userResponse === null ? 401 : 200;
+  ctx.urlConfig.setResponse("https://api.github.com/user", {
+    status: userStatus,
+    ok: userStatus === 200,
+    contentType: "application/json",
+    bodyBase64: btoa(JSON.stringify(userResponse)),
+  });
+}