@vltpkg/registry-client 1.0.0-rc.22 → 1.0.0-rc.24

package/dist/otplease.js

@@ -0,0 +1,62 @@
+import { error } from '@vltpkg/error-cause';
+import { getWebAuthChallenge } from "./web-auth-challenge.js";
+import { urlOpen } from '@vltpkg/url-open';
+import { createInterface } from 'node:readline/promises';
+// eslint-disable-next-line no-console
+const log = (msg) => console.error(msg);
+const question = async (text) => {
+    const rl = createInterface({
+        input: process.stdin,
+        output: process.stdout,
+    });
+    const answer = await rl.question(text);
+    rl.close();
+    return answer;
+};
+const otpChallengeNotice = /^Open ([^ ]+) to use your security key for authentication or enter OTP from your authenticator app/i;
+export const otplease = async (client, options, response) => {
+    const waHeader = String(response.headers['www-authenticate'] ?? '');
+    const wwwAuth = new Set(waHeader ? waHeader.toLowerCase().split(/,\s*/) : []);
+    if (wwwAuth.has('ipaddress')) {
+        throw error('Authorization is not allowed from your ip address', {
+            response,
+        });
+    }
+    if (wwwAuth.has('otp')) {
+        // do a web auth opener to get otp token
+        const challenge = getWebAuthChallenge(await response.body.json().catch(() => null));
+        if (challenge) {
+            return {
+                ...options,
+                otp: (await client.webAuthOpener(challenge)).token,
+            };
+        }
+        const { 'npm-notice': npmNotice } = response.headers;
+        if (npmNotice) {
+            const notice = String(npmNotice);
+            const match = otpChallengeNotice.exec(notice);
+            if (match?.[1]) {
+                await urlOpen(match[1]);
+                log(notice);
+                return {
+                    ...options,
+                    otp: await question('OTP: '),
+                };
+            }
+        }
+        throw error('Unrecognized OTP authentication challenge', {
+            response,
+        });
+    }
+    if (wwwAuth.size) {
+        throw error('Unknown authentication challenge', { response });
+    }
+    // see if the body is prompting for otp
+    const text = await response.body.text().catch(() => '');
+    if (text.toLowerCase().includes('one-time pass')) {
+        return {
+            ...options,
+            otp: await question(text),
+        };
+    }
+};

package/dist/raw-header.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Give it a key, and it'll return the value of that header as a Uint8Array
+ */
+export declare const getRawHeader: (headers: Uint8Array[], key: string) => Uint8Array | undefined;
+/**
+ * Give it a key and value, and it'll overwrite or add the header entry
+ */
+export declare const setRawHeader: (headers: Uint8Array[], key: string, value: Uint8Array | string) => Uint8Array[];

package/dist/raw-header.js

@@ -0,0 +1,33 @@
+import { getDecodedValue, getEncondedValue, } from "./string-encoding.js";
+/**
+ * Give it a key, and it'll return the value of that header as a Uint8Array
+ */
+export const getRawHeader = (headers, key) => {
+    const k = key.toLowerCase();
+    for (let i = 0; i < headers.length; i += 2) {
+        const name = headers[i];
+        if (name?.length === key.length &&
+            getDecodedValue(name).toLowerCase() === k) {
+            return headers[i + 1];
+        }
+    }
+};
+/**
+ * Give it a key and value, and it'll overwrite or add the header entry
+ */
+export const setRawHeader = (headers, key, value) => {
+    const k = key.toLowerCase();
+    const encVal = typeof value === 'string' ? getEncondedValue(value) : value;
+    for (let i = 0; i < headers.length; i += 2) {
+        const name = headers[i];
+        if (name?.length === k.length &&
+            getDecodedValue(name).toLowerCase() === k) {
+            return [
+                ...headers.slice(0, i + 1),
+                encVal,
+                ...headers.slice(i + 2),
+            ];
+        }
+    }
+    return [...headers, getEncondedValue(k), encVal];
+};

package/dist/redirect.d.ts

@@ -0,0 +1,22 @@
+import type { CacheEntry } from './cache-entry.ts';
+import type { RegistryClientRequestOptions } from './index.ts';
+export type RedirectStatus = 301 | 302 | 303 | 307 | 308;
+export type RedirectResponse = CacheEntry & {
+    statusCode: RedirectStatus;
+    getHeader(key: 'location'): Uint8Array | undefined;
+};
+export declare const isRedirect: (response: CacheEntry) => response is RedirectResponse;
+/**
+ * If this response is allowed to follow the redirect (because max has not
+ * been hit, and the new location has not been seen already), then return
+ * the [url, options] to use for the subsequent request.
+ *
+ * Return [] if the response should be returned as-is.
+ *
+ * Throws an error if maxRedirections is hit or the redirections set already
+ * contains the new location.
+ *
+ * Ensure that the response is in fact a redirection first, by calling
+ * {@link isRedirect} on it.
+ */
+export declare const redirect: (options: RegistryClientRequestOptions, response: RedirectResponse, from: URL) => [] | [URL, RegistryClientRequestOptions];

package/dist/redirect.js

@@ -0,0 +1,64 @@
+// given a RegistryClientOptions object, and a redirection response,
+import { error } from '@vltpkg/error-cause';
+const redirectStatuses = new Set([301, 302, 303, 307, 308]);
+export const isRedirect = (response) => redirectStatuses.has(response.statusCode) &&
+    !!response.getHeader('location')?.length;
+/**
+ * If this response is allowed to follow the redirect (because max has not
+ * been hit, and the new location has not been seen already), then return
+ * the [url, options] to use for the subsequent request.
+ *
+ * Return [] if the response should be returned as-is.
+ *
+ * Throws an error if maxRedirections is hit or the redirections set already
+ * contains the new location.
+ *
+ * Ensure that the response is in fact a redirection first, by calling
+ * {@link isRedirect} on it.
+ */
+export const redirect = (options, response, from) => {
+    const { redirections = new Set(), maxRedirections = 10 } = options;
+    if (maxRedirections <= 0)
+        return [];
+    if (redirections.size >= maxRedirections) {
+        throw error('Maximum redirections exceeded', {
+            max: maxRedirections,
+            found: [...redirections],
+            url: from,
+        });
+    }
+    const location = response.getHeaderString('location');
+    /* c8 ignore start */
+    if (!location)
+        throw error('Location header missing from redirect response');
+    /* c8 ignore stop */
+    const nextURL = new URL(location, from);
+    if (redirections.has(String(nextURL))) {
+        throw error('Redirection cycle detected', {
+            max: maxRedirections,
+            found: [...redirections],
+            url: from,
+        });
+    }
+    const nextOptions = {
+        ...options,
+        redirections,
+    };
+    // eslint-disable-next-line @typescript-eslint/no-deprecated -- thats why we are deleting it
+    delete nextOptions.path;
+    redirections.add(String(nextURL));
+    switch (response.statusCode) {
+        case 303: {
+            // drop body, change method to GET
+            nextOptions.method = 'GET';
+            nextOptions.body = undefined;
+            // fallthrough
+        }
+        case 301:
+        case 302: // some user agents treat as 303, but they're wrong
+        case 307:
+        case 308: {
+            return [nextURL, nextOptions];
+        }
+    }
+};

package/dist/revalidate.d.ts

@@ -0,0 +1,4 @@
+export declare const __CODE_SPLIT_SCRIPT_NAME: string;
+export declare const main: (cache?: string, input?: NodeJS.ReadStream & {
+    fd: 0;
+}) => Promise<boolean>;

package/dist/revalidate.js

@@ -0,0 +1,50 @@
+// This needs to live in the same workspace as the RegistryClient, because
+// otherwise we have a cyclical dependency cycle of dependencies in a cycle,
+// which is even more cyclical than this description describing it.
+import { pathToFileURL } from 'node:url';
+import { RegistryClient } from "./index.js";
+export const __CODE_SPLIT_SCRIPT_NAME = import.meta.filename;
+const isMain = (path) => path === __CODE_SPLIT_SCRIPT_NAME ||
+    path === pathToFileURL(__CODE_SPLIT_SCRIPT_NAME).toString();
+export const main = async (cache, input = process.stdin) => {
+    if (!cache) {
+        return false;
+    }
+    const reqs = await new Promise(res => {
+        const chunks = [];
+        let chunkLen = 0;
+        input.on('data', chunk => {
+            chunks.push(chunk);
+            chunkLen += chunk.length;
+        });
+        input.on('end', () => {
+            const reqs = Buffer.concat(chunks, chunkLen)
+                .toString()
+                .split('\0')
+                .filter(i => !!i && (i.startsWith('GET ') || i.startsWith('HEAD ')))
+                .map(i => i.startsWith('GET ') ?
+                ['GET', new URL(i.substring('GET '.length))]
+                : ['HEAD', new URL(i.substring('HEAD '.length))]);
+            res(reqs);
+        });
+    });
+    if (!reqs.length) {
+        return false;
+    }
+    const rc = new RegistryClient({ cache });
+    await Promise.all(reqs.map(async ([method, url]) => {
+        await rc.request(url, {
+            method,
+            staleWhileRevalidate: false,
+        });
+    }));
+    return true;
+};
+if (isMain(process.argv[1])) {
+    process.title = 'vlt-cache-revalidate';
+    const cacheFolder = process.argv.length === 2 ? undefined : process.argv.at(-1);
+    const res = await main(cacheFolder, process.stdin);
+    if (!res) {
+        process.exit(1);
+    }
+}

package/dist/set-cache-headers.d.ts

@@ -0,0 +1,3 @@
+import type { CacheEntry } from './cache-entry.ts';
+import type { RegistryClientRequestOptions } from './index.ts';
+export declare const setCacheHeaders: (options: RegistryClientRequestOptions, entry?: CacheEntry) => void;

package/dist/set-cache-headers.js

@@ -0,0 +1,16 @@
+// Set the cache headers on a request options object
+// based on what we know from a CacheEntry
+import { addHeader } from "./add-header.js";
+export const setCacheHeaders = (options, entry) => {
+    if (!entry)
+        return;
+    const etag = entry.getHeader('etag')?.toString();
+    if (etag) {
+        options.headers = addHeader(options.headers, 'if-none-match', etag);
+    }
+    const date = entry.getHeader('date')?.toString() ??
+        entry.getHeader('last-modified')?.toString();
+    if (date) {
+        options.headers = addHeader(options.headers, 'if-modified-since', date);
+    }
+};

package/dist/set-raw-header.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Given a rawHeaders array of [key, value, key2, value2, ...],
+ * overwrite the current value of a header, or if not found, append
+ */
+export declare const setRawHeader: (headers: Uint8Array[], key: string, value: Uint8Array | string) => Uint8Array[];

package/dist/set-raw-header.js

@@ -0,0 +1,20 @@
+import { getDecodedValue, getEncondedValue, } from "./string-encoding.js";
+/**
+ * Given a rawHeaders array of [key, value, key2, value2, ...],
+ * overwrite the current value of a header, or if not found, append
+ */
+export const setRawHeader = (headers, key, value) => {
+    key = key.toLowerCase();
+    const keyBuf = getEncondedValue(key);
+    const valBuf = getEncondedValue(value);
+    for (let i = 0; i < headers.length; i += 2) {
+        const k = headers[i];
+        if (k?.length === keyBuf.length &&
+            getDecodedValue(k).toLowerCase() === key) {
+            headers[i + 1] = valBuf;
+            return headers;
+        }
+    }
+    headers.push(keyBuf, valBuf);
+    return headers;
+};

package/dist/string-encoding.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Decodes a string from a Uint8Array
+ */
+export declare const getDecodedValue: (value: string | Uint8Array | undefined) => string;
+/**
+ * Encodes a string to a Uint8Array
+ */
+export declare const getEncondedValue: (value: Uint8Array | string | undefined) => Uint8Array;

package/dist/string-encoding.js

@@ -0,0 +1,24 @@
+const decoder = new TextDecoder();
+/**
+ * Decodes a string from a Uint8Array
+ */
+export const getDecodedValue = (value) => {
+    if (value == undefined)
+        return '';
+    if (typeof value === 'string')
+        return value;
+    const res = decoder.decode(value);
+    return res;
+};
+/**
+ * Encodes a string to a Uint8Array
+ */
+export const getEncondedValue = (value) => {
+    if (value == undefined)
+        return new Uint8Array(0);
+    if (typeof value === 'string') {
+        const res = Buffer.from(value);
+        return res;
+    }
+    return value;
+};

package/dist/token-response.d.ts

@@ -0,0 +1,4 @@
+export type TokenResponse = {
+    token: string;
+};
+export declare const getTokenResponse: (b: unknown) => TokenResponse | undefined;

package/dist/token-response.js

@@ -0,0 +1,7 @@
+export const getTokenResponse = (b) => (!!b &&
+    typeof b === 'object' &&
+    'token' in b &&
+    typeof b.token === 'string' &&
+    b.token) ?
+    { token: b.token }
+    : undefined;

package/dist/web-auth-challenge.d.ts

@@ -0,0 +1,5 @@
+export type WebAuthChallenge = {
+    doneUrl: string;
+    authUrl: string;
+};
+export declare const getWebAuthChallenge: (o: unknown) => WebAuthChallenge | undefined;

package/dist/web-auth-challenge.js

@@ -0,0 +1,13 @@
+export const getWebAuthChallenge = (o) => {
+    if (!!o &&
+        typeof o === 'object' &&
+        'doneUrl' in o &&
+        typeof o.doneUrl === 'string' &&
+        o.doneUrl) {
+        // Publishes use authUrl, but login uses loginUrl
+        const authUrl = 'authUrl' in o && typeof o.authUrl === 'string' ? o.authUrl
+            : 'loginUrl' in o && typeof o.loginUrl === 'string' ? o.loginUrl
+                : undefined;
+        return authUrl ? { doneUrl: o.doneUrl, authUrl } : undefined;
+    }
+};

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@vltpkg/registry-client",
   "description": "Fetch package artifacts and metadata from registries",
-  "version": "1.0.0-rc.22",
+  "version": "1.0.0-rc.24",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/vltpkg/vltpkg.git",
@@ -12,14 +12,14 @@
     "email": "support@vlt.sh"
   },
   "dependencies": {
-    "@vltpkg/cache": "1.0.0-rc.22",
-    "@vltpkg/cache-unzip": "1.0.0-rc.22",
-    "@vltpkg/error-cause": "1.0.0-rc.22",
-    "@vltpkg/keychain": "1.0.0-rc.22",
-    "@vltpkg/output": "1.0.0-rc.22",
-    "@vltpkg/types": "1.0.0-rc.22",
-    "@vltpkg/url-open": "1.0.0-rc.22",
-    "@vltpkg/xdg": "1.0.0-rc.22",
+    "@vltpkg/cache": "1.0.0-rc.24",
+    "@vltpkg/cache-unzip": "1.0.0-rc.24",
+    "@vltpkg/error-cause": "1.0.0-rc.24",
+    "@vltpkg/keychain": "1.0.0-rc.24",
+    "@vltpkg/output": "1.0.0-rc.24",
+    "@vltpkg/types": "1.0.0-rc.24",
+    "@vltpkg/url-open": "1.0.0-rc.24",
+    "@vltpkg/xdg": "1.0.0-rc.24",
     "cache-control-parser": "^2.0.6",
     "package-json-from-dist": "^1.0.1",
     "undici": "^7.16.0"
@@ -53,18 +53,18 @@
     "extends": "../../tap-config.yaml"
   },
   "prettier": "../../.prettierrc.js",
-  "module": "./src/index.ts",
+  "module": "./dist/index.js",
   "type": "module",
   "exports": {
     "./package.json": "./package.json",
     ".": {
       "import": {
-        "default": "./src/index.ts"
+        "default": "./dist/index.js"
       }
     },
     "./cache-entry": {
       "import": {
-        "default": "./src/cache-entry.ts"
+        "default": "./dist/cache-entry.js"
       }
     }
   },