@vltpkg/vsr 0.0.0-26

package/src/routes/ping.ts

@@ -0,0 +1,39 @@
+import { URL } from '../../config.ts'
+import { createRoute, z } from '@hono/zod-openapi'
+import type { Context } from 'hono'
+
+export const pingRoute = createRoute({
+  method: 'get',
+  path: '/-/ping',
+  tags: ['Health Check'],
+  summary: 'Ping',
+  description: `Check if the server is alive
+\`\`\`bash
+$ npm ping
+npm notice PING ${URL}
+npm notice PONG 13ms
+\`\`\``,
+  request: {},
+  responses: {
+    200: {
+      content: {
+        'application/json': {
+          schema: z.object({}),
+        },
+      },
+      headers: z.object({
+        'npm-notice': z.string().openapi({
+          description: 'Contains "PONG" for npm client compatibility',
+          example: 'PONG',
+        }),
+      }),
+      description: 'Server is alive',
+    },
+  },
+})
+
+// Ping route handler
+export function handlePing(c: Context): Response {
+  c.header('npm-notice', 'PONG')
+  return c.json({}, 200)
+}

package/src/routes/search.ts

@@ -0,0 +1,131 @@
+import type { HonoContext } from '../../types.ts'
+import { createRoute, z } from '@hono/zod-openapi'
+
+/**
+ * Search for packages by text query
+ */
+export async function searchPackages(c: HonoContext) {
+  try {
+    const text = c.req.query('text')
+
+    if (!text) {
+      return c.json(
+        {
+          error: 'Missing required parameter "text"',
+        },
+        400,
+      )
+    }
+
+    // Use the existing database search function
+    const results = await c.get('db').searchPackages(text)
+
+    return c.json(results)
+  } catch (error) {
+    // TODO: Replace with proper logging system
+    // eslint-disable-next-line no-console
+    console.error('Search error:', error)
+    return c.json(
+      {
+        error: 'Internal server error',
+      },
+      500,
+    )
+  }
+}
+
+// Route definition for OpenAPI documentation
+export const searchPackagesRoute = createRoute({
+  method: 'get',
+  path: '/-/search',
+  tags: ['Search'],
+  summary: 'Search Packages',
+  description: `Search for packages by text query
+\`\`\`bash
+$ npm search react
+\`\`\``,
+  request: {
+    query: z.object({
+      text: z.string().describe('Search query string'),
+      size: z
+        .string()
+        .optional()
+        .describe('Number of results to return (default: 20)'),
+      from: z
+        .string()
+        .optional()
+        .describe('Offset for pagination (default: 0)'),
+    }),
+  },
+  responses: {
+    200: {
+      content: {
+        'application/json': {
+          schema: z.object({
+            objects: z.array(
+              z.object({
+                package: z.object({
+                  name: z.string(),
+                  version: z.string(),
+                  description: z.string().optional(),
+                  keywords: z.array(z.string()).optional(),
+                  date: z.string().optional(),
+                  links: z
+                    .object({
+                      npm: z.string().optional(),
+                      homepage: z.string().optional(),
+                      repository: z.string().optional(),
+                      bugs: z.string().optional(),
+                    })
+                    .optional(),
+                  author: z
+                    .object({
+                      name: z.string(),
+                      email: z.string().optional(),
+                    })
+                    .optional(),
+                  publisher: z
+                    .object({
+                      username: z.string(),
+                      email: z.string().optional(),
+                    })
+                    .optional(),
+                  maintainers: z
+                    .array(
+                      z.object({
+                        username: z.string(),
+                        email: z.string().optional(),
+                      }),
+                    )
+                    .optional(),
+                }),
+                score: z.object({
+                  final: z.number(),
+                  detail: z.object({
+                    quality: z.number(),
+                    popularity: z.number(),
+                    maintenance: z.number(),
+                  }),
+                }),
+                searchScore: z.number(),
+              }),
+            ),
+            total: z.number(),
+            time: z.string(),
+          }),
+        },
+      },
+      description: 'Search results',
+    },
+    400: {
+      content: {
+        'application/json': {
+          schema: z.object({
+            error: z.string(),
+          }),
+        },
+      },
+      description: 'Bad request - missing text parameter',
+    },
+  },
+})

package/src/routes/static.ts

@@ -0,0 +1,74 @@
+import type { HonoContext } from '../../types.ts'
+
+/**
+ * Handles static asset serving
+ */
+export const handleStaticAssets = async (c: HonoContext) => {
+  try {
+    // eslint-disable-next-line @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access
+    const response = (await c.env.ASSETS.fetch(c.req.raw)) as Response
+
+    // If the ASSETS binding returns a 404, return a proper 404 response
+    // with mutable headers to avoid the secure headers middleware conflict
+    if (response.status === 404) {
+      return await c.notFound()
+    }
+
+    // For other non-200 responses, create a new response to avoid header conflicts
+    if (!response.ok) {
+      return c.text('Asset not available', response.status as any)
+    }
+
+    return response
+  } catch (error) {
+    // TODO: Replace with proper logging system
+    // eslint-disable-next-line no-console
+    console.error('Error serving static asset:', error)
+    return c.text('Internal Server Error', 500)
+  }
+}
+
+/**
+ * Handles favicon requests
+ */
+export const handleFavicon = async (c: HonoContext) => {
+  // Redirect to the correct favicon path
+  return c.redirect('/public/images/favicon/favicon.ico', 301)
+}
+
+/**
+ * Handles robots.txt requests
+ */
+export function handleRobots(c: HonoContext) {
+  return c.text(`User-agent: *
+Allow: /
+
+Sitemap: ${c.req.url.replace(/\/robots\.txt$/, '/sitemap.xml')}`)
+}
+
+/**
+ * Handles manifest.json requests for PWA
+ */
+export function handleManifest(c: HonoContext) {
+  return c.json({
+    name: 'VLT Serverless Registry',
+    short_name: 'VSR',
+    description: 'A serverless npm registry',
+    start_url: '/',
+    display: 'standalone',
+    background_color: '#ffffff',
+    theme_color: '#000000',
+    icons: [
+      {
+        src: '/public/images/favicon/web-app-manifest-192x192.png',
+        sizes: '192x192',
+        type: 'image/png',
+      },
+      {
+        src: '/public/images/favicon/web-app-manifest-512x512.png',
+        sizes: '512x512',
+        type: 'image/png',
+      },
+    ],
+  })
+}

package/src/routes/tokens.ts

@@ -0,0 +1,259 @@
+// import { v4 as uuidv4 } from 'uuid' // Removed unused import
+import { getTokenFromHeader } from '../utils/auth.ts'
+import type {
+  HonoContext,
+  DatabaseOperations,
+  TokenScope,
+} from '../../types.ts'
+import { createRoute, z } from '@hono/zod-openapi'
+
+// Helper function to get typed database from context
+function getDb(c: HonoContext): DatabaseOperations {
+  return c.get('db')
+}
+
+export async function getToken(c: HonoContext) {
+  const token = c.req.param('token')
+  if (!token) {
+    return c.json({ error: 'Token parameter required' }, 400)
+  }
+
+  const tokenData = await getDb(c).getToken(token)
+  if (!tokenData) {
+    return c.json({ error: 'Token not found' }, 404)
+  }
+
+  return c.json(tokenData)
+}
+
+export async function postToken(c: HonoContext) {
+  try {
+    // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
+    const body = await c.req.json()
+    const authToken = getTokenFromHeader(c)
+
+    // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
+    if (!body.token || !body.uuid || !body.scope) {
+      return c.json(
+        { error: 'Missing required fields: token, uuid, scope' },
+        400,
+      )
+    }
+
+    // Use the enhanced database operation that includes validation
+    await getDb(c).upsertToken(
+      // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
+      body.token as string,
+      // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
+      body.uuid as string,
+      // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
+      body.scope as TokenScope[],
+      authToken ?? undefined,
+    )
+    return c.json({ success: true })
+  } catch (error) {
+    const err = error as Error
+    // Handle validation errors
+    if (err.message.includes('Invalid uuid')) {
+      return c.json({ error: err.message }, 400)
+    } else if (err.message.includes('Unauthorized')) {
+      return c.json({ error: 'Unauthorized' }, 401)
+    }
+
+    // Handle other errors - log to monitoring system instead of console
+    return c.json({ error: 'Internal server error' }, 500)
+  }
+}
+
+// scope is optional (only for privileged tokens) - ex. "read:@scope/pkg" or "read+write:@scope/pkg"
+export async function putToken(c: HonoContext) {
+  try {
+    const token = c.req.param('token')
+    // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
+    const body = await c.req.json()
+    const authToken = getTokenFromHeader(c)
+
+    if (!token) {
+      return c.json({ error: 'Token parameter required' }, 400)
+    }
+
+    // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
+    if (!body.uuid || !body.scope) {
+      return c.json(
+        { error: 'Missing required fields: uuid, scope' },
+        400,
+      )
+    }
+
+    // Use the enhanced database operation that includes validation
+    await getDb(c).upsertToken(
+      token,
+      // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
+      body.uuid as string,
+      // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
+      body.scope as TokenScope[],
+      authToken ?? undefined,
+    )
+    return c.json({ success: true })
+  } catch (error) {
+    const err = error as Error
+    // Handle validation errors
+    if (err.message.includes('Invalid uuid')) {
+      return c.json({ error: err.message }, 400)
+    } else if (err.message.includes('Unauthorized')) {
+      return c.json({ error: 'Unauthorized' }, 401)
+    }
+
+    // Handle other errors - log to monitoring system instead of console
+    return c.json({ error: 'Internal server error' }, 500)
+  }
+}
+
+export async function deleteToken(c: HonoContext) {
+  try {
+    const token = c.req.param('token')
+    const authToken = getTokenFromHeader(c)
+
+    if (!token) {
+      return c.json({ error: 'Token parameter required' }, 400)
+    }
+
+    // Use the enhanced database operation that includes validation
+    await getDb(c).deleteToken(token, authToken ?? undefined)
+    return c.json({ success: true })
+  } catch (error) {
+    const err = error as Error
+    // Handle validation errors
+    if (err.message.includes('Unauthorized')) {
+      return c.json({ error: 'Unauthorized' }, 401)
+    }
+
+    // Handle other errors - log to monitoring system instead of console
+    return c.json({ error: 'Internal server error' }, 500)
+  }
+}
+
+// Route definitions for OpenAPI documentation
+export const getTokensRoute = createRoute({
+  method: 'get',
+  path: '/-/tokens',
+  tags: ['Authentication'],
+  summary: 'List Tokens',
+  description: `List all authentication tokens for the authenticated user
+\`\`\`bash
+$ npm token list
+\`\`\``,
+  request: {},
+  responses: {
+    200: {
+      content: {
+        'application/json': {
+          schema: z.array(
+            z.object({
+              token: z.string(),
+              key: z.string(),
+              cidr_whitelist: z.array(z.string()).optional(),
+              readonly: z.boolean(),
+              automation: z.boolean(),
+              created: z.string(),
+              updated: z.string(),
+            }),
+          ),
+        },
+      },
+      description: 'List of tokens',
+    },
+  },
+})
+
+export const createTokenRoute = createRoute({
+  method: 'post',
+  path: '/-/tokens',
+  tags: ['Authentication'],
+  summary: 'Create Token',
+  description: `Create a new authentication token
+\`\`\`bash
+$ npm token create
+\`\`\``,
+  request: {
+    body: {
+      content: {
+        'application/json': {
+          schema: z.object({
+            token: z.string(),
+            uuid: z.string(),
+            scope: z.string(),
+          }),
+        },
+      },
+    },
+  },
+  responses: {
+    201: {
+      content: {
+        'application/json': {
+          schema: z.object({
+            token: z.string(),
+            key: z.string(),
+          }),
+        },
+      },
+      description: 'Token created successfully',
+    },
+  },
+})
+
+export const updateTokenRoute = createRoute({
+  method: 'put',
+  path: '/-/tokens',
+  tags: ['Authentication'],
+  summary: 'Update Token',
+  description: `Update an existing authentication token`,
+  request: {
+    body: {
+      content: {
+        'application/json': {
+          schema: z.object({
+            token: z.string(),
+            uuid: z.string(),
+            scope: z.string(),
+          }),
+        },
+      },
+    },
+  },
+  responses: {
+    200: {
+      content: {
+        'application/json': {
+          schema: z.object({
+            token: z.string(),
+            key: z.string(),
+          }),
+        },
+      },
+      description: 'Token updated successfully',
+    },
+  },
+})
+
+export const deleteTokenRoute = createRoute({
+  method: 'delete',
+  path: '/-/tokens/token/{token}',
+  tags: ['Authentication'],
+  summary: 'Delete Token',
+  description: `Delete an authentication token
+\`\`\`bash
+$ npm token revoke <token>
+\`\`\``,
+  request: {
+    params: z.object({
+      token: z.string(),
+    }),
+  },
+  responses: {
+    204: {
+      description: 'Token deleted successfully',
+    },
+  },
+})

package/src/routes/users.ts

@@ -0,0 +1,68 @@
+import { getAuthedUser } from '../utils/auth.ts'
+import type { HonoContext } from '../../types.ts'
+import { createRoute, z } from '@hono/zod-openapi'
+
+export async function getUsername(c: HonoContext) {
+  const user = await getAuthedUser({ c })
+  const uuid = user?.uuid || 'anonymous'
+  return c.json({ username: uuid }, 200)
+}
+
+export async function getUserProfile(c: HonoContext) {
+  const user = await getAuthedUser({ c })
+  const uuid = user?.uuid || 'anonymous'
+  return c.json({ name: uuid }, 200)
+}
+
+// Route definitions for OpenAPI documentation
+export const userProfileRoute = createRoute({
+  method: 'get',
+  path: '/-/user',
+  tags: ['Authentication'],
+  summary: 'Get User Profile',
+  description: `Returns profile object associated with auth token
+\`\`\`bash
+$ npm profile
+name: johnsmith
+created: 2015-02-26T01:26:01.124Z
+updated: 2023-01-10T21:55:32.118Z
+\`\`\``,
+  request: {},
+  responses: {
+    200: {
+      content: {
+        'application/json': {
+          schema: z.object({
+            name: z.string(),
+          }),
+        },
+      },
+      description: 'User Profile',
+    },
+  },
+})
+
+export const whoamiRoute = createRoute({
+  method: 'get',
+  path: '/-/whoami',
+  tags: ['Authentication'],
+  summary: 'Who Am I',
+  description: `Returns the username of the authenticated user
+\`\`\`bash
+$ npm whoami
+johnsmith
+\`\`\``,
+  request: {},
+  responses: {
+    200: {
+      content: {
+        'application/json': {
+          schema: z.object({
+            username: z.string(),
+          }),
+        },
+      },
+      description: 'Username',
+    },
+  },
+})