@vltpkg/vsr 0.2.0

package/src/routes/search.ts

@@ -0,0 +1,50 @@
+import type { HonoContext } from '../../types.ts'
+
+export async function searchPackages(c: HonoContext) {
+  try {
+    const query = c.req.query('text') || ''
+    const scope = c.req.query('scope')
+
+    if (!query.trim()) {
+      return c.json({ objects: [], total: 0 }, 200)
+    }
+
+    const results = await c.db.searchPackages(query, scope)
+
+    return c.json({
+      objects: results.map(pkg => ({
+        package: {
+          name: pkg.name,
+          scope: pkg.name.startsWith('@') ? pkg.name.split('/')[0] : 'unscoped',
+          version: pkg.version || '1.0.0',
+          description: pkg.description || '',
+          keywords: pkg.keywords || [],
+          date: pkg.lastUpdated || new Date().toISOString(),
+          links: {
+            npm: `https://www.npmjs.com/package/${pkg.name}`,
+            homepage: pkg.homepage,
+            repository: pkg.repository,
+            bugs: pkg.bugs
+          },
+          author: pkg.author,
+          publisher: pkg.publisher,
+          maintainers: pkg.maintainers || []
+        },
+        score: {
+          final: 1.0,
+          detail: {
+            quality: 1.0,
+            popularity: 1.0,
+            maintenance: 1.0
+          }
+        },
+        searchScore: 1.0
+      })),
+      total: results.length,
+      time: new Date().toISOString()
+    })
+  } catch (error) {
+    console.error('[SEARCH ERROR]', error)
+    return c.json({ error: 'Search failed' }, 500)
+  }
+}

package/src/routes/static.ts

@@ -0,0 +1,53 @@
+import { serveStatic } from 'hono/cloudflare-workers'
+import type { HonoContext } from '../../types.ts'
+
+/**
+ * Handles static asset serving
+ */
+export const handleStaticAssets = serveStatic({
+  root: './src/assets/public'
+} as any)
+
+/**
+ * Handles favicon requests
+ */
+export const handleFavicon = serveStatic({
+  path: './src/assets/public/images/favicon/favicon.ico'
+} as any)
+
+/**
+ * Handles robots.txt requests
+ */
+export function handleRobots(c: HonoContext) {
+  return c.text(`User-agent: *
+Allow: /
+
+Sitemap: ${c.req.url.replace(/\/robots\.txt$/, '/sitemap.xml')}`)
+}
+
+/**
+ * Handles manifest.json requests for PWA
+ */
+export function handleManifest(c: HonoContext) {
+  return c.json({
+    name: 'VLT Serverless Registry',
+    short_name: 'VSR',
+    description: 'A serverless npm registry',
+    start_url: '/',
+    display: 'standalone',
+    background_color: '#ffffff',
+    theme_color: '#000000',
+    icons: [
+      {
+        src: '/public/images/favicon/web-app-manifest-192x192.png',
+        sizes: '192x192',
+        type: 'image/png'
+      },
+      {
+        src: '/public/images/favicon/web-app-manifest-512x512.png',
+        sizes: '512x512',
+        type: 'image/png'
+      }
+    ]
+  })
+}

package/src/routes/tokens.ts

@@ -0,0 +1,102 @@
+// import { v4 as uuidv4 } from 'uuid' // Removed unused import
+import { getAuthedUser, getTokenFromHeader } from '../utils/auth.ts'
+import type { HonoContext, TokenCreateRequest, TokenScope } from '../../types.ts'
+
+export async function getToken(c: HonoContext) {
+  const token = c.req.param('token')
+  if (!token) {
+    return c.json({ error: 'Token parameter required' }, 400)
+  }
+
+  const tokenData = await c.db.getToken(token)
+  if (!tokenData) {
+    return c.json({ error: 'Token not found' }, 404)
+  }
+
+  return c.json(tokenData)
+}
+
+export async function postToken(c: HonoContext) {
+  try {
+    const body = await c.req.json() as TokenCreateRequest & { token: string }
+    const authToken = getTokenFromHeader(c)
+
+    if (!body.token || !body.uuid || !body.scope) {
+      return c.json({ error: 'Missing required fields: token, uuid, scope' }, 400)
+    }
+
+    // Use the enhanced database operation that includes validation
+    await c.db.upsertToken(body.token, body.uuid, body.scope, authToken || undefined)
+    return c.json({ success: true })
+  } catch (error) {
+    const err = error as Error
+    // Handle validation errors
+    if (err.message.includes('Invalid uuid')) {
+      return c.json({ error: err.message }, 400)
+    } else if (err.message.includes('Unauthorized')) {
+      return c.json({ error: 'Unauthorized' }, 401)
+    }
+
+    // Handle other errors
+    console.error('Error in postToken:', error)
+    return c.json({ error: 'Internal server error' }, 500)
+  }
+}
+
+// scope is optional (only for privileged tokens) - ex. "read:@scope/pkg" or "read+write:@scope/pkg"
+export async function putToken(c: HonoContext) {
+  try {
+    const token = c.req.param('token')
+    const body = await c.req.json() as { uuid: string; scope: TokenScope[] }
+    const authToken = getTokenFromHeader(c)
+
+    if (!token) {
+      return c.json({ error: 'Token parameter required' }, 400)
+    }
+
+    if (!body.uuid || !body.scope) {
+      return c.json({ error: 'Missing required fields: uuid, scope' }, 400)
+    }
+
+    // Use the enhanced database operation that includes validation
+    await c.db.upsertToken(token, body.uuid, body.scope, authToken || undefined)
+    return c.json({ success: true })
+  } catch (error) {
+    const err = error as Error
+    // Handle validation errors
+    if (err.message.includes('Invalid uuid')) {
+      return c.json({ error: err.message }, 400)
+    } else if (err.message.includes('Unauthorized')) {
+      return c.json({ error: 'Unauthorized' }, 401)
+    }
+
+    // Handle other errors
+    console.error('Error in putToken:', error)
+    return c.json({ error: 'Internal server error' }, 500)
+  }
+}
+
+export async function deleteToken(c: HonoContext) {
+  try {
+    const token = c.req.param('token')
+    const authToken = getTokenFromHeader(c)
+
+    if (!token) {
+      return c.json({ error: 'Token parameter required' }, 400)
+    }
+
+    // Use the enhanced database operation that includes validation
+    await c.db.deleteToken(token, authToken || undefined)
+    return c.json({ success: true })
+  } catch (error) {
+    const err = error as Error
+    // Handle validation errors
+    if (err.message.includes('Unauthorized')) {
+      return c.json({ error: 'Unauthorized' }, 401)
+    }
+
+    // Handle other errors
+    console.error('Error in deleteToken:', error)
+    return c.json({ error: 'Internal server error' }, 500)
+  }
+}

package/src/routes/users.ts

@@ -0,0 +1,14 @@
+import { getAuthedUser } from '../utils/auth.ts'
+import type { HonoContext } from '../../types.ts'
+
+export async function getUsername(c: HonoContext) {
+  const user = await getAuthedUser({ c })
+  const uuid = user?.uuid || 'anonymous'
+  return c.json({ username: uuid }, 200)
+}
+
+export async function getUserProfile(c: HonoContext) {
+  const user = await getAuthedUser({ c })
+  const uuid = user?.uuid || 'anonymous'
+  return c.json({ name: uuid }, 200)
+}

package/src/utils/auth.ts

@@ -0,0 +1,145 @@
+import { packageSpec } from './packages.ts'
+import type { HonoContext, TokenScope, TokenAccess, AuthUser } from '../../types.ts'
+
+export function getTokenFromHeader(c: HonoContext): string | null {
+  const auth = c.req.header('Authorization')
+  if (auth && auth.startsWith('Bearer ')) {
+    return auth.substring(7).trim()
+  }
+  return null
+}
+
+export function parseTokenAccess({ scope, pkg, uuid }: { scope: TokenScope[]; pkg?: string; uuid: string }): TokenAccess {
+  const read = ['get']
+  const write = ['put', 'post', 'delete']
+  let temp: TokenAccess = {
+    anyUser: false,
+    specificUser: false,
+    anyPackage: false,
+    specificPackage: false,
+    readAccess: false,
+    writeAccess: false,
+    methods: []
+  }
+
+  // TODO: add for multiple package access/aliases in scopes
+  const alternates: Record<string, string> = {}
+
+  scope.map(s => {
+    if (s.types.pkg) {
+      if (s.values.includes('*')) {
+        temp.anyPackage = true
+      }
+      if (pkg && (s.values.includes(pkg) || (alternates[pkg] && s.values.includes(alternates[pkg])))) {
+        temp.specificPackage = true
+      }
+      if ((temp.anyPackage || temp.specificPackage) && s.types.pkg.read) {
+        temp.readAccess = true
+      }
+      if ((temp.anyPackage || temp.specificPackage) && s.types.pkg.write) {
+        temp.writeAccess = true
+      }
+    }
+    if (s.types.user) {
+      if (s.values.includes('*')) {
+        temp.anyUser = true
+      }
+      if (s.values.includes(`~${uuid}`)) {
+        temp.specificUser = true
+      }
+      if ((temp.anyUser || temp.specificUser) && s.types.user.read) {
+        temp.readAccess = true
+      }
+      if ((temp.anyUser || temp.specificUser) && s.types.user.write) {
+        temp.writeAccess = true
+      }
+    }
+  })
+
+  temp.methods = (temp.readAccess ? read : []).concat(temp.writeAccess ? write : [])
+  return temp
+}
+
+export function isUserRoute(path: string): boolean {
+  const routes = [
+    'ping',
+    'whoami',
+    'vlt/tokens',
+    'npm/v1/user',
+    'npm/v1/tokens',
+    'org/',
+  ]
+  return !!routes.filter(r => path.startsWith(`/-/${r}`)).length
+}
+
+export async function getUserFromToken({ c, token }: { c: HonoContext; token: string }): Promise<AuthUser> {
+  const result = await c.db.getToken(token)
+  if (!result) return { uuid: null, scope: null, token }
+
+  // Handle the case when scope is already an object (for tests)
+  let scope = result.scope
+  if (typeof scope === 'string') {
+    try {
+      scope = JSON.parse(scope) as TokenScope[]
+    } catch (e) {
+      console.error('Failed to parse scope JSON:', e)
+      return { uuid: null, scope: null, token }
+    }
+  }
+
+  return {
+    uuid: result.uuid,
+    scope: scope,
+    token
+  }
+}
+
+export async function getAuthedUser({ c, token }: { c: HonoContext; token?: string | null }): Promise<AuthUser | null> {
+  const authToken = token || getTokenFromHeader(c)
+  if (!authToken) {
+    return null
+  }
+  return await getUserFromToken({ c, token: authToken })
+}
+
+export async function verifyToken(token: string, c: HonoContext): Promise<boolean> {
+  const method = c.req.method ? c.req.method.toLowerCase() : ''
+
+  if (!token) {
+    return false
+  }
+
+  const { uuid, scope } = await getUserFromToken({ c, token })
+
+  if (!uuid || !scope || !scope.length) {
+    return false
+  } else {
+    const { path } = c.req
+    const { pkg } = packageSpec(c)
+    const routeType = (isUserRoute(path)) ? 'user' : pkg ? 'pkg' : null
+
+    // determine access
+    const {
+      anyUser,
+      specificUser,
+      anyPackage,
+      specificPackage,
+      methods
+    } = parseTokenAccess({ scope, pkg, uuid })
+
+    const methodAllowed = methods.includes(method)
+
+    // if the route is a user route
+    if (routeType === 'user') {
+      return methodAllowed && (anyUser || specificUser)
+    }
+
+    // handle package routes
+    if (routeType === 'pkg') {
+      return methodAllowed && (anyPackage || specificPackage)
+    }
+
+    // fallback to false (should be unreachable code path)
+    return false
+  }
+}