npm - @vltpkg/vsr - Versions diffs - 0.0.0-26 → 0.0.0-27 - Mend

@vltpkg/vsr 0.0.0-26 → 0.0.0-27

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (107) hide show

package/LICENSE +10 -114
package/dist/README.md +1 -0
package/dist/assets/public/favicon.ico +0 -0
package/dist/assets/public/fonts/courier-bold-italic.ttf +0 -0
package/dist/assets/public/fonts/courier-bold.ttf +0 -0
package/dist/assets/public/fonts/courier-italic.ttf +0 -0
package/dist/assets/public/fonts/courier-regular.ttf +0 -0
package/dist/assets/public/fonts/geist-mono.ttf +0 -0
package/dist/assets/public/fonts/inter.ttf +0 -0
package/dist/assets/public/index.html +70 -0
package/dist/assets/public/index.js +1300 -0
package/dist/assets/public/index.js.map +7 -0
package/dist/assets/public/main.css +1 -0
package/dist/bin/vsr.js +771 -0
package/dist/index.js +28283 -0
package/dist/index.js.map +8 -0
package/package.json +6 -49
package/DEPLOY.md +0 -163
package/config.ts +0 -221
package/drizzle.config.js +0 -40
package/info/COMPARISONS.md +0 -37
package/info/CONFIGURATION.md +0 -143
package/info/CONTRIBUTING.md +0 -32
package/info/DATABASE_SETUP.md +0 -108
package/info/GRANULAR_ACCESS_TOKENS.md +0 -160
package/info/PROJECT_STRUCTURE.md +0 -291
package/info/ROADMAP.md +0 -27
package/info/SUPPORT.md +0 -39
package/info/TESTING.md +0 -301
package/info/USER_SUPPORT.md +0 -31
package/scripts/build-assets.js +0 -31
package/scripts/build-bin.js +0 -62
package/scripts/prepack.js +0 -27
package/src/bin/vsr.ts +0 -484
package/src/db/client.ts +0 -590
package/src/db/migrations/0000_faulty_ricochet.sql +0 -14
package/src/db/migrations/0000_initial.sql +0 -29
package/src/db/migrations/0001_uuid_validation.sql +0 -35
package/src/db/migrations/0001_wealthy_magdalene.sql +0 -7
package/src/db/migrations/drop.sql +0 -3
package/src/db/migrations/meta/0000_snapshot.json +0 -104
package/src/db/migrations/meta/0001_snapshot.json +0 -155
package/src/db/migrations/meta/_journal.json +0 -20
package/src/db/schema.ts +0 -43
package/src/index.ts +0 -434
package/src/middleware/config.ts +0 -79
package/src/middleware/telemetry.ts +0 -43
package/src/queue/index.ts +0 -97
package/src/routes/access.ts +0 -852
package/src/routes/docs.ts +0 -63
package/src/routes/misc.ts +0 -469
package/src/routes/packages.ts +0 -2823
package/src/routes/ping.ts +0 -39
package/src/routes/search.ts +0 -131
package/src/routes/static.ts +0 -74
package/src/routes/tokens.ts +0 -259
package/src/routes/users.ts +0 -68
package/src/utils/auth.ts +0 -202
package/src/utils/cache.ts +0 -587
package/src/utils/config.ts +0 -50
package/src/utils/database.ts +0 -69
package/src/utils/docs.ts +0 -146
package/src/utils/packages.ts +0 -453
package/src/utils/response.ts +0 -125
package/src/utils/routes.ts +0 -64
package/src/utils/spa.ts +0 -52
package/src/utils/tracing.ts +0 -52
package/src/utils/upstream.ts +0 -172
package/test/access.test.ts +0 -705
package/test/audit.test.ts +0 -828
package/test/dashboard.test.ts +0 -693
package/test/dist-tags.test.ts +0 -678
package/test/manifest.test.ts +0 -436
package/test/packument.test.ts +0 -530
package/test/ping.test.ts +0 -41
package/test/search.test.ts +0 -472
package/test/setup.ts +0 -130
package/test/static.test.ts +0 -646
package/test/tokens.test.ts +0 -389
package/test/utils/auth.test.ts +0 -214
package/test/utils/packages.test.ts +0 -235
package/test/utils/response.test.ts +0 -184
package/test/whoami.test.ts +0 -119
package/tsconfig.json +0 -16
package/tsconfig.worker.json +0 -3
package/typedoc.mjs +0 -2
package/types.ts +0 -598
package/vitest.config.ts +0 -25
package/vlt.json.example +0 -56
package/wrangler.json +0 -65
/package/{src → dist}/assets/public/images/bg.png +0 -0
/package/{src → dist}/assets/public/images/clients/logo-bun.png +0 -0
/package/{src → dist}/assets/public/images/clients/logo-deno.png +0 -0
/package/{src → dist}/assets/public/images/clients/logo-npm.png +0 -0
/package/{src → dist}/assets/public/images/clients/logo-pnpm.png +0 -0
/package/{src → dist}/assets/public/images/clients/logo-vlt.png +0 -0
/package/{src → dist}/assets/public/images/clients/logo-yarn.png +0 -0
/package/{src → dist}/assets/public/images/favicon/apple-touch-icon.png +0 -0
/package/{src → dist}/assets/public/images/favicon/favicon-96x96.png +0 -0
/package/{src → dist}/assets/public/images/favicon/favicon.ico +0 -0
/package/{src → dist}/assets/public/images/favicon/favicon.svg +0 -0
/package/{src → dist}/assets/public/images/favicon/site.webmanifest +0 -0
/package/{src → dist}/assets/public/images/favicon/web-app-manifest-192x192.png +0 -0
/package/{src → dist}/assets/public/images/favicon/web-app-manifest-512x512.png +0 -0
/package/{src → dist}/assets/public/styles/styles.css +0 -0
/package/{src → dist}/bin/demo/package.json +0 -0
/package/{src → dist}/bin/demo/vlt.json +0 -0

package/test/tokens.test.ts DELETED Viewed

@@ -1,389 +0,0 @@
-import { describe, it, expect } from 'vitest'
-import { env } from 'cloudflare:test'
-import { app } from '../src/index.ts'
-describe('Token Management Endpoints', () => {
-  describe('Root Registry Token Management', () => {
-    describe('GET /-/tokens', () => {
-      it('should require authentication for token listing', async () => {
-        const res = await app.request('/-/tokens', {}, env)
-        expect([200, 400, 401].includes(res.status)).toBe(true)
-        expect(res.headers.get('content-type')).toContain(
-          'application/json',
-        )
-      })
-      it('should handle authenticated token listing', async () => {
-        const res = await app.request(
-          '/-/tokens',
-          {
-            headers: {
-              Authorization: 'Bearer test-admin-token-12345',
-            },
-          },
-          env,
-        )
-        expect([200, 400, 401].includes(res.status)).toBe(true)
-        expect(res.headers.get('content-type')).toContain(
-          'application/json',
-        )
-      })
-      it('should return proper JSON structure for token list', async () => {
-        const res = await app.request('/-/tokens', {}, env)
-        expect([200, 400, 401].includes(res.status)).toBe(true)
-        if (res.status === 200) {
-          const data = (await res.json()) as any
-          expect(data).toBeDefined()
-        }
-      })
-    })
-    describe('POST /-/tokens', () => {
-      it('should handle token creation requests', async () => {
-        const res = await app.request(
-          '/-/tokens',
-          {
-            method: 'POST',
-            headers: {
-              'Content-Type': 'application/json',
-            },
-            body: JSON.stringify({
-              password: 'test-password',
-              readonly: false,
-              cidr_whitelist: [],
-            }),
-          },
-          env,
-        )
-        expect([200, 400, 401, 500].includes(res.status)).toBe(true)
-        expect(res.headers.get('content-type')).toContain(
-          'application/json',
-        )
-      })
-      it('should handle token creation with readonly flag', async () => {
-        const res = await app.request(
-          '/-/tokens',
-          {
-            method: 'POST',
-            headers: {
-              'Content-Type': 'application/json',
-            },
-            body: JSON.stringify({
-              password: 'test-password',
-              readonly: true,
-              cidr_whitelist: [],
-            }),
-          },
-          env,
-        )
-        expect([200, 400, 401, 500].includes(res.status)).toBe(true)
-        expect(res.headers.get('content-type')).toContain(
-          'application/json',
-        )
-      })
-      it('should validate required fields for token creation', async () => {
-        const res = await app.request(
-          '/-/tokens',
-          {
-            method: 'POST',
-            headers: {
-              'Content-Type': 'application/json',
-            },
-            body: JSON.stringify({}),
-          },
-          env,
-        )
-        expect([400, 401, 500].includes(res.status)).toBe(true)
-      })
-    })
-    describe('PUT /-/tokens', () => {
-      it('should handle token update requests', async () => {
-        const res = await app.request(
-          '/-/tokens',
-          {
-            method: 'PUT',
-            headers: {
-              'Content-Type': 'application/json',
-            },
-            body: JSON.stringify({
-              token: 'existing-token',
-              readonly: true,
-            }),
-          },
-          env,
-        )
-        expect([200, 400, 401, 404, 500].includes(res.status)).toBe(
-          true,
-        )
-        expect(res.headers.get('content-type')).toContain(
-          'application/json',
-        )
-      })
-      it('should handle token scope updates', async () => {
-        const res = await app.request(
-          '/-/tokens',
-          {
-            method: 'PUT',
-            headers: {
-              'Content-Type': 'application/json',
-            },
-            body: JSON.stringify({
-              token: 'existing-token',
-              cidr_whitelist: ['192.168.1.0/24'],
-            }),
-          },
-          env,
-        )
-        expect([200, 400, 401, 404, 500].includes(res.status)).toBe(
-          true,
-        )
-      })
-    })
-    describe('DELETE /-/tokens/{token}', () => {
-      it('should handle token deletion requests', async () => {
-        const res = await app.request(
-          '/-/tokens/test-token-to-delete',
-          {
-            method: 'DELETE',
-          },
-          env,
-        )
-        expect([200, 401, 404, 500].includes(res.status)).toBe(true)
-        if (res.status !== 404) {
-          expect(res.headers.get('content-type')).toContain(
-            'application/json',
-          )
-        }
-      })
-      it('should require valid token for deletion', async () => {
-        const res = await app.request(
-          '/-/tokens/invalid-token',
-          {
-            method: 'DELETE',
-          },
-          env,
-        )
-        expect([401, 404, 500].includes(res.status)).toBe(true)
-      })
-      it('should handle authenticated token deletion', async () => {
-        const res = await app.request(
-          '/-/tokens/test-token-to-delete',
-          {
-            method: 'DELETE',
-            headers: {
-              Authorization: 'Bearer test-admin-token-12345',
-            },
-          },
-          env,
-        )
-        expect([200, 404, 500].includes(res.status)).toBe(true)
-      })
-    })
-  })
-  describe('Upstream Registry Token Management', () => {
-    describe('Upstream Token Endpoints', () => {
-      it('should handle upstream token listing', async () => {
-        const res = await app.request('/npm/-/tokens', {}, env)
-        expect([200, 400, 401].includes(res.status)).toBe(true)
-        expect(res.headers.get('content-type')).toContain(
-          'application/json',
-        )
-      })
-      it('should handle upstream token creation', async () => {
-        const res = await app.request(
-          '/npm/-/tokens',
-          {
-            method: 'POST',
-            headers: {
-              'Content-Type': 'application/json',
-            },
-            body: JSON.stringify({
-              password: 'test-password',
-              readonly: false,
-            }),
-          },
-          env,
-        )
-        expect([200, 400, 401, 500].includes(res.status)).toBe(true)
-      })
-      it('should handle upstream token updates', async () => {
-        const res = await app.request(
-          '/npm/-/tokens',
-          {
-            method: 'PUT',
-            headers: {
-              'Content-Type': 'application/json',
-            },
-            body: JSON.stringify({
-              token: 'existing-token',
-              readonly: true,
-            }),
-          },
-          env,
-        )
-        expect([200, 400, 401, 404, 500].includes(res.status)).toBe(
-          true,
-        )
-      })
-      it('should handle upstream token deletion', async () => {
-        const res = await app.request(
-          '/npm/-/tokens/test-token',
-          {
-            method: 'DELETE',
-          },
-          env,
-        )
-        expect([200, 401, 404, 500].includes(res.status)).toBe(true)
-      })
-    })
-    describe('Different Upstream Registries', () => {
-      it('should handle JSR token management', async () => {
-        const res = await app.request('/jsr/-/tokens', {}, env)
-        expect([200, 400, 401].includes(res.status)).toBe(true)
-      })
-      it('should handle custom upstream token management', async () => {
-        const res = await app.request('/custom/-/tokens', {}, env)
-        expect([200, 400, 401].includes(res.status)).toBe(true)
-      })
-      it('should handle local upstream token management', async () => {
-        const res = await app.request('/local/-/tokens', {}, env)
-        expect([200, 400, 401].includes(res.status)).toBe(true)
-      })
-    })
-  })
-  describe('Token Response Structure', () => {
-    describe('Token List Response', () => {
-      it('should return proper structure for token listing', async () => {
-        const res = await app.request('/-/tokens', {}, env)
-        expect([200, 400, 401].includes(res.status)).toBe(true)
-        if (res.status === 200) {
-          const data = (await res.json()) as any
-          expect(data).toBeDefined()
-          // Token list structure validation would depend on actual implementation
-        }
-      })
-    })
-    describe('Token Creation Response', () => {
-      it('should return token details on successful creation', async () => {
-        const res = await app.request(
-          '/-/tokens',
-          {
-            method: 'POST',
-            headers: {
-              'Content-Type': 'application/json',
-            },
-            body: JSON.stringify({
-              password: 'test-password',
-              readonly: false,
-            }),
-          },
-          env,
-        )
-        if (res.status === 200) {
-          const data = (await res.json()) as any
-          expect(data).toBeDefined()
-          // Would validate token structure based on implementation
-        }
-      })
-    })
-  })
-  describe('Error Handling', () => {
-    describe('Invalid Requests', () => {
-      it('should handle malformed JSON in token creation', async () => {
-        const res = await app.request(
-          '/-/tokens',
-          {
-            method: 'POST',
-            headers: {
-              'Content-Type': 'application/json',
-            },
-            body: 'invalid-json',
-          },
-          env,
-        )
-        expect([400, 500].includes(res.status)).toBe(true)
-      })
-      it('should handle missing content-type header', async () => {
-        const res = await app.request(
-          '/-/tokens',
-          {
-            method: 'POST',
-            body: JSON.stringify({
-              password: 'test-password',
-            }),
-          },
-          env,
-        )
-        expect([400, 415, 500].includes(res.status)).toBe(true)
-      })
-    })
-    describe('Authentication Errors', () => {
-      it('should handle invalid authentication tokens', async () => {
-        const res = await app.request(
-          '/-/tokens/some-token',
-          {
-            method: 'DELETE',
-            headers: {
-              Authorization: 'Bearer invalid-token',
-            },
-          },
-          env,
-        )
-        expect([401, 404, 500].includes(res.status)).toBe(true)
-      })
-      it('should handle malformed authorization headers', async () => {
-        const res = await app.request(
-          '/-/tokens/some-token',
-          {
-            method: 'DELETE',
-            headers: {
-              Authorization: 'InvalidFormat',
-            },
-          },
-          env,
-        )
-        expect([401, 404, 500].includes(res.status)).toBe(true)
-      })
-    })
-  })
-  describe('Response Headers and Caching', () => {
-    describe('Content-Type Headers', () => {
-      it('should set appropriate content-type for token responses', async () => {
-        const res = await app.request('/-/tokens', {}, env)
-        expect(res.headers.get('content-type')).toContain(
-          'application/json',
-        )
-      })
-    })
-    describe('Security Headers', () => {
-      it('should include security headers in token responses', async () => {
-        const res = await app.request('/-/tokens', {}, env)
-        // Security headers would be validated based on implementation
-        expect(res.status).toBeDefined()
-      })
-    })
-  })
-})

package/test/utils/auth.test.ts DELETED Viewed

@@ -1,214 +0,0 @@
-import { describe, it, expect, vi } from 'vitest'
-import {
-  getTokenFromHeader,
-  parseTokenAccess,
-} from '../../src/utils/auth.ts'
-import type { HonoContext, TokenScope } from '../../types.ts'
-describe('Auth Utils', () => {
-  describe('getTokenFromHeader', () => {
-    it('should extract token from Bearer authorization header', () => {
-      const mockContext = {
-        req: {
-          header: vi.fn().mockReturnValue('Bearer test-token-12345'),
-        },
-      } as unknown as HonoContext
-      const token = getTokenFromHeader(mockContext)
-      expect(token).toBe('test-token-12345')
-      expect(mockContext.req.header).toHaveBeenCalledWith(
-        'Authorization',
-      )
-    })
-    it('should handle Bearer token with extra whitespace', () => {
-      const mockContext = {
-        req: {
-          header: vi
-            .fn()
-            .mockReturnValue('Bearer   test-token-with-spaces   '),
-        },
-      } as unknown as HonoContext
-      const token = getTokenFromHeader(mockContext)
-      expect(token).toBe('test-token-with-spaces')
-    })
-    it('should return null for missing authorization header', () => {
-      const mockContext = {
-        req: {
-          header: vi.fn().mockReturnValue(undefined),
-        },
-      } as unknown as HonoContext
-      const token = getTokenFromHeader(mockContext)
-      expect(token).toBeNull()
-    })
-    it('should return null for non-Bearer authorization header', () => {
-      const mockContext = {
-        req: {
-          header: vi.fn().mockReturnValue('Basic dXNlcjpwYXNz'),
-        },
-      } as unknown as HonoContext
-      const token = getTokenFromHeader(mockContext)
-      expect(token).toBeNull()
-    })
-    it('should return empty string for malformed Bearer header', () => {
-      const mockContext = {
-        req: {
-          header: vi.fn().mockReturnValue('Bearer '),
-        },
-      } as unknown as HonoContext
-      const token = getTokenFromHeader(mockContext)
-      expect(token).toBe('')
-    })
-  })
-  describe('parseTokenAccess', () => {
-    it('should parse read-only access for any package', () => {
-      const scope: TokenScope[] = [
-        {
-          types: { pkg: { read: true, write: false } },
-          values: ['*'],
-        },
-      ]
-      const access = parseTokenAccess({
-        scope,
-        uuid: 'test-user-uuid',
-      })
-      expect(access.anyPackage).toBe(true)
-      expect(access.specificPackage).toBe(false)
-      expect(access.readAccess).toBe(true)
-      expect(access.writeAccess).toBe(false)
-      expect(access.methods).toEqual(['get'])
-    })
-    it('should parse write access for specific package', () => {
-      const scope: TokenScope[] = [
-        {
-          types: { pkg: { read: false, write: true } },
-          values: ['my-package'],
-        },
-      ]
-      const access = parseTokenAccess({
-        scope,
-        pkg: 'my-package',
-        uuid: 'test-user-uuid',
-      })
-      expect(access.anyPackage).toBe(false)
-      expect(access.specificPackage).toBe(true)
-      expect(access.readAccess).toBe(false)
-      expect(access.writeAccess).toBe(true)
-      expect(access.methods).toEqual(['put', 'post', 'delete'])
-    })
-    it('should parse user-specific access', () => {
-      const scope: TokenScope[] = [
-        {
-          types: { user: { read: true, write: true } },
-          values: ['~test-user-uuid'],
-        },
-      ]
-      const access = parseTokenAccess({
-        scope,
-        uuid: 'test-user-uuid',
-      })
-      expect(access.anyUser).toBe(false)
-      expect(access.specificUser).toBe(true)
-      expect(access.readAccess).toBe(true)
-      expect(access.writeAccess).toBe(true)
-      expect(access.methods).toEqual(['get', 'put', 'post', 'delete'])
-    })
-    it('should parse wildcard user access', () => {
-      const scope: TokenScope[] = [
-        {
-          types: { user: { read: true, write: false } },
-          values: ['*'],
-        },
-      ]
-      const access = parseTokenAccess({
-        scope,
-        uuid: 'any-user-uuid',
-      })
-      expect(access.anyUser).toBe(true)
-      expect(access.specificUser).toBe(false)
-      expect(access.readAccess).toBe(true)
-      expect(access.writeAccess).toBe(false)
-    })
-    it('should handle multiple scopes with combined permissions', () => {
-      const scope: TokenScope[] = [
-        {
-          types: { pkg: { read: true, write: false } },
-          values: ['package-1'],
-        },
-        {
-          types: { pkg: { read: false, write: true } },
-          values: ['package-1'],
-        },
-      ]
-      const access = parseTokenAccess({
-        scope,
-        pkg: 'package-1',
-        uuid: 'test-user-uuid',
-      })
-      expect(access.specificPackage).toBe(true)
-      expect(access.readAccess).toBe(true)
-      expect(access.writeAccess).toBe(true)
-      expect(access.methods).toEqual(['get', 'put', 'post', 'delete'])
-    })
-    it('should handle empty scope array', () => {
-      const scope: TokenScope[] = []
-      const access = parseTokenAccess({
-        scope,
-        uuid: 'test-user-uuid',
-      })
-      expect(access.anyUser).toBe(false)
-      expect(access.specificUser).toBe(false)
-      expect(access.anyPackage).toBe(false)
-      expect(access.specificPackage).toBe(false)
-      expect(access.readAccess).toBe(false)
-      expect(access.writeAccess).toBe(false)
-      expect(access.methods).toEqual([])
-    })
-    it('should handle scope with no matching package', () => {
-      const scope: TokenScope[] = [
-        {
-          types: { pkg: true, user: false },
-          values: ['other-package'],
-          methods: ['get', 'put'],
-        },
-      ]
-      const access = parseTokenAccess({
-        scope,
-        pkg: 'my-package',
-        uuid: 'test-user-uuid',
-      })
-      expect(access.specificPackage).toBe(false)
-      expect(access.readAccess).toBe(false)
-      expect(access.writeAccess).toBe(false)
-      expect(access.methods).toEqual([])
-    })
-  })
-})