@vltpkg/vsr 0.0.0-26

package/src/db/client.ts

@@ -0,0 +1,590 @@
+import type { D1Database } from '@cloudflare/workers-types'
+import { drizzle } from 'drizzle-orm/d1'
+import { sql } from 'drizzle-orm'
+import * as schema from './schema.ts'
+import type {
+  ParsedPackage,
+  ParsedVersion,
+  ParsedToken,
+} from '../../types.ts'
+
+const fallbackLogger = {
+  error: (_message: string, _error?: unknown) => {
+    // eslint-disable-next-line no-console
+    console.error(_message, _error)
+  },
+  info: (_message: string) => {
+    // eslint-disable-next-line no-console
+    console.info(_message)
+  },
+}
+
+export type Database = ReturnType<typeof drizzle<typeof schema>>
+
+export function createDatabase(d1: D1Database): Database {
+  return drizzle(d1, { schema })
+}
+
+export function parseJSON(value: string | null): any {
+  if (!value) return null
+  try {
+    return JSON.parse(value)
+  } catch (_e) {
+    // Log to monitoring system instead of console
+    return null
+  }
+}
+
+export function stringifyJSON(value: unknown): string {
+  return JSON.stringify(value)
+}
+
+export function createDatabaseOperations(
+  d1: D1Database,
+  logger = fallbackLogger,
+) {
+  const db = createDatabase(d1)
+
+  return {
+    async getPackage(name: string): Promise<ParsedPackage | null> {
+      try {
+        const result = await db
+          .select()
+          .from(schema.packages)
+          .where(sql`name = ${name}`)
+          .get()
+        if (!result) return null
+        return {
+          name: result.name,
+          tags: parseJSON(result.tags) as Record<string, string>,
+          lastUpdated: result.lastUpdated || null,
+          origin: result.origin || null,
+          upstream: result.upstream || null,
+          cachedAt: result.cachedAt || null,
+        } as ParsedPackage
+      } catch (_error) {
+        logger.error(
+          `[DB ERROR] Failed to get package ${name}`,
+          _error,
+        )
+        return null
+      }
+    },
+
+    async upsertPackage(
+      name: string,
+      tags: Record<string, string>,
+      lastUpdated?: string,
+    ) {
+      try {
+        const result = await db
+          .insert(schema.packages)
+          .values({
+            name,
+            tags: stringifyJSON(tags),
+            lastUpdated: lastUpdated || new Date().toISOString(),
+          })
+          .onConflictDoUpdate({
+            target: schema.packages.name,
+            set: {
+              tags: stringifyJSON(tags),
+              lastUpdated: lastUpdated || new Date().toISOString(),
+            },
+          })
+        return result
+      } catch (_error: unknown) {
+        logger.error(
+          `[DB ERROR] Failed to upsert package ${name}`,
+          _error,
+        )
+        return null
+      }
+    },
+
+    async upsertCachedPackage(
+      name: string,
+      tags: Record<string, string>,
+      upstream: string,
+      lastUpdated?: string,
+    ) {
+      try {
+        const result = await db
+          .insert(schema.packages)
+          .values({
+            name,
+            tags: stringifyJSON(tags),
+            lastUpdated: lastUpdated || new Date().toISOString(),
+            origin: 'upstream',
+            upstream,
+            cachedAt: new Date().toISOString(),
+          })
+          .onConflictDoUpdate({
+            target: schema.packages.name,
+            set: {
+              tags: stringifyJSON(tags),
+              lastUpdated: lastUpdated || new Date().toISOString(),
+              cachedAt: new Date().toISOString(),
+            },
+          })
+        // Log to monitoring system instead of console
+        return result
+      } catch (_error: unknown) {
+        logger.error(
+          `[DB ERROR] Failed to upsert cached package ${name}`,
+          _error,
+        )
+        return null
+      }
+    },
+
+    async getCachedPackage(name: string) {
+      try {
+        const result = await db
+          .select()
+          .from(schema.packages)
+          .where(sql`name = ${name}`)
+          .get()
+        if (!result) return null
+        return {
+          name: result.name,
+          tags: parseJSON(result.tags) as Record<string, string>,
+          lastUpdated: result.lastUpdated || null,
+          origin: result.origin || null,
+          upstream: result.upstream || null,
+          cachedAt: result.cachedAt || null,
+        }
+      } catch (error) {
+        logger.error(
+          `[DB ERROR] Failed to get cached package ${name}`,
+          error,
+        )
+        return null
+      }
+    },
+
+    async isPackageCacheValid(name: string, ttlMinutes = 5) {
+      try {
+        const pkg = await this.getCachedPackage(name)
+        if (!pkg?.cachedAt || pkg.origin !== 'upstream') {
+          return false
+        }
+
+        const cacheTime = new Date(pkg.cachedAt).getTime()
+        const now = new Date().getTime()
+        const ttlMs = ttlMinutes * 60 * 1000
+
+        return now - cacheTime < ttlMs
+      } catch (error) {
+        logger.error(
+          `[DB ERROR] Failed to check cache validity for ${name}`,
+          error,
+        )
+        return false
+      }
+    },
+
+    // Token operations
+    async getToken(token: string): Promise<ParsedToken | null> {
+      try {
+        const result = await db
+          .select()
+          .from(schema.tokens)
+          .where(sql`token = ${token}`)
+          .get()
+        if (!result) return null
+        return {
+          token: result.token,
+          uuid: result.uuid,
+          scope: parseJSON(result.scope) as {
+            values: string[]
+            types: {
+              pkg?: { read: boolean; write: boolean }
+              user?: { read: boolean; write: boolean }
+            }
+          }[],
+        } as ParsedToken
+      } catch (_error: unknown) {
+        logger.error(
+          `[DB ERROR] Failed to get token ${token}`,
+          _error,
+        )
+        return null
+      }
+    },
+
+    // Validate if a user can access or modify another user's token
+    async validateTokenAccess(authToken: string, targetUuid: string) {
+      // Special characters validation for UUIDs
+      const specialChars = ['~', '!', '*', '^', '&']
+      if (
+        targetUuid &&
+        specialChars.some(char => targetUuid.startsWith(char))
+      ) {
+        throw new Error(
+          'Invalid uuid - uuids can not start with special characters (ex. - ~ ! * ^ &)',
+        )
+      }
+
+      // If no auth token provided, cannot proceed
+      if (!authToken) {
+        throw new Error('Unauthorized')
+      }
+
+      // Get authenticated user from token
+      const authUser = await this.getToken(authToken)
+      if (!authUser?.uuid) {
+        throw new Error('Unauthorized')
+      }
+
+      // Allow users to manage their own tokens
+      if (authUser.uuid === targetUuid) {
+        return true
+      }
+
+      // Check user permissions
+      const scope = authUser.scope as {
+        values: string[]
+        types: {
+          pkg?: { read: boolean; write: boolean }
+          user?: { read: boolean; write: boolean }
+        }
+      }[]
+      const uuid = targetUuid
+
+      // Parse token access permissions - variables kept for future use
+      const _read = ['get']
+      const _write = ['put', 'post', 'delete']
+      let anyUser = false
+      let specificUser = false
+      let writeAccess = false
+
+      if (Array.isArray(scope)) {
+        for (const s of scope) {
+          if (s.types.user) {
+            if (s.values.includes('*')) {
+              anyUser = true
+            }
+            if (s.values.includes(`~${uuid}`)) {
+              specificUser = true
+            }
+            if ((anyUser || specificUser) && s.types.user.write) {
+              writeAccess = true
+            }
+          }
+        }
+      }
+
+      // Check if user has appropriate permissions
+      if ((!anyUser && !specificUser) || !writeAccess) {
+        throw new Error('Unauthorized')
+      }
+
+      return true
+    },
+
+    async upsertToken(
+      token: string,
+      uuid: string,
+      scope: {
+        values: string[]
+        types: {
+          pkg?: { read: boolean; write: boolean }
+          user?: { read: boolean; write: boolean }
+        }
+      }[],
+      authToken?: string,
+    ) {
+      // Validate the UUID doesn't start with special characters
+      const specialChars = ['~', '!', '*', '^', '&']
+      if (uuid && specialChars.some(char => uuid.startsWith(char))) {
+        throw new Error(
+          'Invalid uuid - uuids can not start with special characters (ex. - ~ ! * ^ &)',
+        )
+      }
+
+      // If authToken is provided, validate access permissions
+      if (authToken) {
+        await this.validateTokenAccess(authToken, uuid)
+      }
+
+      // After validation passes, perform the database operation
+
+      return db
+        .insert(schema.tokens)
+        .values({
+          token,
+          uuid,
+          scope: stringifyJSON(scope),
+        })
+        .onConflictDoUpdate({
+          target: schema.tokens.token,
+          set: {
+            uuid,
+            scope: stringifyJSON(scope),
+          },
+        })
+    },
+
+    async deleteToken(token: string, authToken?: string) {
+      if (authToken) {
+        // Get the token data to check its UUID
+        const tokenData = await this.getToken(token)
+        if (tokenData?.uuid) {
+          // Validate access permission for this UUID
+          await this.validateTokenAccess(authToken, tokenData.uuid)
+        }
+      }
+
+      return db
+        .delete(schema.tokens)
+        .where(sql`token = ${token}`)
+        .run()
+    },
+
+    // Version operations
+    async getVersion(spec: string): Promise<ParsedVersion | null> {
+      try {
+        const result = await db
+          .select()
+          .from(schema.versions)
+          .where(sql`spec = ${spec}`)
+          .get()
+        if (!result) return null
+        return {
+          spec: result.spec,
+          version: result.spec.split('@')[1] ?? '',
+          manifest: parseJSON(result.manifest) as Record<string, any>,
+          published_at: result.publishedAt || null,
+          origin: result.origin || null,
+          upstream: result.upstream || null,
+          cachedAt: result.cachedAt || null,
+        } as ParsedVersion
+      } catch (_error: unknown) {
+        logger.error(
+          `[DB ERROR] Failed to get version ${spec}`,
+          _error,
+        )
+        return null
+      }
+    },
+
+    async upsertVersion(
+      spec: string,
+      manifest: Record<string, any>,
+      publishedAt: string,
+    ) {
+      try {
+        // Attempting to upsert version: ${spec}
+        // Make sure manifest is an object
+        if (typeof manifest !== 'object') {
+          // Invalid manifest for ${spec}, received: ${typeof manifest}
+          manifest = {
+            name: spec.split('@')[0],
+            version: spec.split('@').slice(1).join('@'),
+          }
+        }
+
+        const result = await db
+          .insert(schema.versions)
+          .values({
+            spec,
+            manifest: stringifyJSON(manifest),
+            publishedAt,
+          })
+          .onConflictDoUpdate({
+            target: schema.versions.spec,
+            set: {
+              manifest: stringifyJSON(manifest),
+              publishedAt,
+            },
+          })
+        // Successfully upserted version: ${spec}
+        return result
+      } catch (error) {
+        logger.error(
+          `[DB ERROR] Failed to upsert version ${spec}`,
+          error,
+        )
+        return { success: true } // Mock successful operation
+      }
+    },
+
+    async upsertCachedVersion(
+      spec: string,
+      manifest: Record<string, any>,
+      upstream: string,
+      publishedAt: string,
+    ) {
+      try {
+        // Attempting to upsert cached version: ${spec} from upstream: ${upstream}
+
+        // Make sure manifest is an object
+        if (typeof manifest !== 'object') {
+          // Invalid manifest for ${spec}, received: ${typeof manifest}
+          manifest = {
+            name: spec.split('@')[0],
+            version: spec.split('@').slice(1).join('@'),
+          }
+        }
+
+        const result = await db
+          .insert(schema.versions)
+          .values({
+            spec,
+            manifest: stringifyJSON(manifest),
+            publishedAt,
+            origin: 'upstream',
+            upstream,
+            cachedAt: new Date().toISOString(),
+          })
+          .onConflictDoUpdate({
+            target: schema.versions.spec,
+            set: {
+              manifest: stringifyJSON(manifest),
+              cachedAt: new Date().toISOString(),
+            },
+          })
+        // Successfully upserted cached version: ${spec}
+        return result
+      } catch (error) {
+        logger.error(
+          `[DB ERROR] Failed to upsert cached version ${spec}`,
+          error,
+        )
+        return { success: true }
+      }
+    },
+
+    async getCachedVersion(spec: string) {
+      try {
+        // Attempting to get cached version: ${spec}
+        const result = await db
+          .select()
+          .from(schema.versions)
+          .where(sql`spec = ${spec}`)
+          .get()
+        if (!result) return null
+
+        // Extract version from spec, handling scoped packages correctly
+        let version
+        const lastAtIndex = result.spec.lastIndexOf('@')
+        if (lastAtIndex > 0) {
+          version = result.spec.substring(lastAtIndex + 1)
+        } else {
+          // Fallback: assume everything after first @ is version
+          version = result.spec.split('@').slice(1).join('@')
+        }
+
+        return {
+          spec: result.spec,
+          version,
+          manifest: parseJSON(result.manifest) as Record<string, any>,
+          published_at: result.publishedAt || null,
+          origin: result.origin || null,
+          upstream: result.upstream || null,
+          cachedAt: result.cachedAt || null,
+        }
+      } catch (error) {
+        logger.error(
+          `[DB ERROR] Failed to get cached version ${spec}`,
+          error,
+        )
+        return null
+      }
+    },
+
+    async isVersionCacheValid(spec: string, ttlMinutes = 525600) {
+      // Default 1 year for manifests
+      try {
+        const version = await this.getCachedVersion(spec)
+        if (!version?.cachedAt || version.origin !== 'upstream') {
+          return false
+        }
+
+        const cacheTime = new Date(version.cachedAt).getTime()
+        const now = new Date().getTime()
+        const ttlMs = ttlMinutes * 60 * 1000
+
+        return now - cacheTime < ttlMs
+      } catch (error) {
+        logger.error(
+          `[DB ERROR] Failed to check version cache validity for ${spec}`,
+          error,
+        )
+        return false
+      }
+    },
+
+    // Search operations
+    async searchPackages(query: string, scope?: string) {
+      const results = await db
+        .select()
+        .from(schema.packages)
+        .where(
+          scope ?
+            sql`name LIKE ${`${scope}/%`} AND name LIKE ${`%${query}%`}`
+          : sql`name LIKE ${`%${query}%`}`,
+        )
+        .all()
+
+      return results.map(result => ({
+        name: result.name,
+        tags: parseJSON(result.tags) as Record<string, string>,
+      }))
+    },
+
+    // Get all versions for a specific package
+    async getVersionsByPackage(
+      packageName: string,
+    ): Promise<ParsedVersion[]> {
+      try {
+        // Retrieving all versions for package: ${packageName}
+        const results = await db
+          .select()
+          .from(schema.versions)
+          .where(sql`spec LIKE ${`${packageName}@%`}`)
+          .all()
+
+        if (results.length === 0) {
+          // No versions found for package: ${packageName}
+          return []
+        }
+
+        return results.map(result => {
+          const manifest = parseJSON(result.manifest) as Record<
+            string,
+            any
+          >
+
+          // Extract version from spec, handling scoped packages correctly
+          // For "@scope/package@version" -> extract "version"
+          // For "package@version" -> extract "version"
+          let version
+          const lastAtIndex = result.spec.lastIndexOf('@')
+          if (lastAtIndex > 0) {
+            version = result.spec.substring(lastAtIndex + 1)
+          } else {
+            // Fallback: assume everything after first @ is version
+            version = result.spec.split('@').slice(1).join('@')
+          }
+
+          return {
+            spec: result.spec,
+            version,
+            manifest,
+            published_at: result.publishedAt || null,
+            origin: result.origin || null,
+            upstream: result.upstream || null,
+            cachedAt: result.cachedAt || null,
+          } as ParsedVersion
+        })
+      } catch (error) {
+        logger.error(
+          `[DB ERROR] Failed to get versions for package ${packageName}`,
+          error,
+        )
+        return [] // Return empty array on error
+      }
+    },
+  }
+}

package/src/db/migrations/0000_faulty_ricochet.sql

@@ -0,0 +1,14 @@
+CREATE TABLE `packages` (
+	`name` text PRIMARY KEY NOT NULL,
+	`tags` text
+);
+CREATE TABLE `tokens` (
+	`token` text PRIMARY KEY NOT NULL,
+	`uuid` text NOT NULL,
+	`scope` text
+);
+CREATE TABLE `versions` (
+	`spec` text PRIMARY KEY NOT NULL,
+	`manifest` text,
+	`published_at` text
+);

package/src/db/migrations/0000_initial.sql

@@ -0,0 +1,29 @@
+CREATE TABLE IF NOT EXISTS packages (
+  name TEXT PRIMARY KEY,
+  tags TEXT NOT NULL
+);
+
+CREATE TABLE IF NOT EXISTS tokens (
+  token TEXT PRIMARY KEY,
+  uuid TEXT NOT NULL CHECK (
+    uuid NOT LIKE '~%' AND
+    uuid NOT LIKE '!%' AND
+    uuid NOT LIKE '*%' AND
+    uuid NOT LIKE '^%' AND
+    uuid NOT LIKE '&%'
+  ),
+  scope TEXT NOT NULL
+);
+
+CREATE TABLE IF NOT EXISTS versions (
+  spec TEXT PRIMARY KEY,
+  manifest TEXT NOT NULL,
+  published_at TEXT NOT NULL
+);
+
+-- Insert default admin token
+INSERT OR REPLACE INTO tokens (token, uuid, scope) VALUES (
+  'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx',
+  'admin',
+  '[{"values":["*"],"types":{"pkg":{"read":true,"write":true},"user":{"read":true,"write":true}}}]'
+);

package/src/db/migrations/0001_uuid_validation.sql

@@ -0,0 +1,35 @@
+-- Add check constraint to prevent UUIDs from starting with special characters
+-- SQLite doesn't support ALTER TABLE ADD CONSTRAINT, so we need to recreate the table
+-- Step 1: Create a new table with the constraint
+CREATE TABLE IF NOT EXISTS tokens_new (
+  token TEXT PRIMARY KEY,
+  uuid TEXT NOT NULL CHECK (
+    uuid NOT LIKE '~%' AND
+    uuid NOT LIKE '!%' AND
+    uuid NOT LIKE '*%' AND
+    uuid NOT LIKE '^%' AND
+    uuid NOT LIKE '&%'
+  ),
+  scope TEXT NOT NULL
+);
+
+-- Step 2: Copy data from the old table to the new one
+INSERT INTO tokens_new SELECT * FROM tokens WHERE
+  uuid NOT LIKE '~%' AND
+  uuid NOT LIKE '!%' AND
+  uuid NOT LIKE '*%' AND
+  uuid NOT LIKE '^%' AND
+  uuid NOT LIKE '&%';
+
+-- Step 3: Drop the old table
+DROP TABLE tokens;
+
+-- Step 4: Rename the new table to the original name
+ALTER TABLE tokens_new RENAME TO tokens;
+
+-- Step 5: Re-insert the default admin token (just to be safe)
+INSERT OR REPLACE INTO tokens (token, uuid, scope) VALUES (
+  'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx',
+  'admin',
+  '[{"values":["*"],"types":{"pkg":{"read":true,"write":true},"user":{"read":true,"write":true}}}]'
+);

package/src/db/migrations/0001_wealthy_magdalene.sql

@@ -0,0 +1,7 @@
+ALTER TABLE `packages` ADD `last_updated` text;--> statement-breakpoint
+ALTER TABLE `packages` ADD `origin` text DEFAULT 'local' NOT NULL;--> statement-breakpoint
+ALTER TABLE `packages` ADD `upstream` text;--> statement-breakpoint
+ALTER TABLE `packages` ADD `cached_at` text;--> statement-breakpoint
+ALTER TABLE `versions` ADD `origin` text DEFAULT 'local' NOT NULL;--> statement-breakpoint
+ALTER TABLE `versions` ADD `upstream` text;--> statement-breakpoint
+ALTER TABLE `versions` ADD `cached_at` text;

package/src/db/migrations/drop.sql

@@ -0,0 +1,3 @@
+DROP TABLE IF EXISTS packages;
+DROP TABLE IF EXISTS tokens;
+DROP TABLE IF EXISTS versions;