git-userhub 3.0.6 → 3.0.8

package/bin/git-user.js

@@ -4,21 +4,44 @@ const { spawn } = require('child_process');
 const fs = require('fs');
 const path = require('path');
 const os = require('os');
+const https = require('https');
+const crypto = require('crypto');
+const tar = require('tar');
+const PKG_JSON = require('../package.json');
+
+const REPO = 'divyo-argha/git-user';
+const VERSION = `v${PKG_JSON.version}`;
+
+// --- START PINNED HASHES ---
+const PINNED_HASHES = {
+    "git-user_darwin_arm64.tar.gz": {
+      "archive": "759e6a4137bc9caed58b393f751fa4c670a3dea98ef072a6551f38d41a9fc9ce",
+      "binary": "9b39841ca909f8dfcffff9a856771a65a8615ffb5e872e4c1108f0fa2e0d1752"
+    },
+    "git-user_darwin_x86_64.tar.gz": {
+      "archive": "eda5a46ea9f440174408d33659de38b7623da28b94ee447a3dc7fa509ffced83",
+      "binary": "efd1e62a40659f5e9132448ae5d1c5a5f23069a5277db73641de726cd28c55f1"
+    },
+    "git-user_linux_arm64.tar.gz": {
+      "archive": "3e311264bedf0672eee3625396d2e42d1c72d2a263a56fe2a7de9e5c54a2e2d3",
+      "binary": "f177a44c4c7d0a79840a404b669ce924c0117d58db6d407880007684efea64a2"
+    },
+    "git-user_linux_x86_64.tar.gz": {
+      "archive": "aab7e800a2b49a265409e0fbc3c64d4282b334bca222ea975532bd92dc7869dc",
+      "binary": "31172516986f3020bda2d5186ef7034919c09690399f849dcc980b542ed060f8"
+    },
+    "git-user_windows_x86_64.tar.gz": {
+      "archive": "eee27a75cfa131053b0901d8432216881aae25fda4586258b9b357ffa3558455",
+      "binary": "36e2ebc6272fe828b9b6a49d2623a049d001e826cca2c6ad428f178e9ca09403"
+    }
+  };
+// --- END PINNED HASHES ---
 
-// Detect platform and architecture
 const platform = os.platform();
 const arch = os.arch();
 
-const platformMap = {
-  'darwin': 'darwin',
-  'linux': 'linux',
-  'win32': 'windows'
-};
-
-const archMap = {
-  'x64': 'amd64',
-  'arm64': 'arm64'
-};
+const platformMap = { 'darwin': 'darwin', 'linux': 'linux', 'win32': 'windows' };
+const archMap = { 'x64': 'x86_64', 'arm64': 'arm64' };
 
 const osName = platformMap[platform];
 const archName = archMap[arch];
@@ -29,38 +52,106 @@ if (!osName || !archName) {
   process.exit(1);
 }
 
-const pkgPlatform = platform === 'win32' ? 'windows' : platform;
-const pkgName = `git-userhub-${pkgPlatform}-${arch}`;
-
-let binaryPath;
-try {
-  // Find the sub-package directory by resolving its package.json
-  const subPkgPath = require.resolve(`${pkgName}/package.json`);
-  binaryPath = path.join(path.dirname(subPkgPath), 'bin', `git-user${ext}`);
-} catch (e) {
-  console.error(`❌ git-user native binary not installed!`);
-  console.error(`   npm should have installed the optional dependency '${pkgName}'.`);
-  console.error(`   Please try reinstalling the package.`);
-  process.exit(1);
+const finalBinaryName = `git-user-${platform}-${arch}${ext}`;
+const finalBinaryPath = path.join(__dirname, finalBinaryName);
+const assetName = `git-user_${osName}_${archName}.tar.gz`;
+const pinnedData = PINNED_HASHES[assetName];
+
+function computeHashSync(filePath) {
+  const hash = crypto.createHash('sha256');
+  const buffer = fs.readFileSync(filePath);
+  hash.update(buffer);
+  return hash.digest('hex');
 }
 
-if (!fs.existsSync(binaryPath)) {
-  console.error(`❌ git-user binary not found at ${binaryPath}`);
-  console.error(`   Please ensure the package was correctly installed.`);
-  process.exit(1);
+function computeHash(file) {
+  return new Promise((resolve, reject) => {
+    const hash = crypto.createHash('sha256');
+    const stream = fs.createReadStream(file);
+    stream.on('data', d => hash.update(d));
+    stream.on('end', () => resolve(hash.digest('hex')));
+    stream.on('error', reject);
+  });
 }
 
-// Forward all arguments to the bundled binary
-const child = spawn(binaryPath, process.argv.slice(2), {
-  stdio: 'inherit',
-  shell: false
-});
+function runBinary() {
+  if (pinnedData) {
+    const currentHash = computeHashSync(finalBinaryPath);
+    if (currentHash !== pinnedData.binary) {
+      console.error(`❌ Security Error: Cached binary hash mismatch! Deleting compromised binary.`);
+      fs.unlinkSync(finalBinaryPath);
+      process.exit(1);
+    }
+  }
 
-child.on('exit', (code) => {
-  process.exit(code || 0);
-});
+  const child = spawn(finalBinaryPath, process.argv.slice(2), {
+    stdio: 'inherit',
+    shell: false
+  });
 
-child.on('error', (err) => {
-  console.error('❌ Failed to start git-user:', err.message);
-  process.exit(1);
-});
+  child.on('exit', (code) => process.exit(code || 0));
+  child.on('error', (err) => {
+    console.error('❌ Failed to start git-user:', err.message);
+    process.exit(1);
+  });
+}
+
+if (fs.existsSync(finalBinaryPath)) {
+  runBinary();
+  return;
+}
+
+// FIRST RUN: Download binary
+console.log(`[git-user] Downloading cryptographically signed binary for ${platform}-${arch}...`);
+
+function fetchFile(url, dest) {
+  return new Promise((resolve, reject) => {
+    https.get(url, { headers: { 'User-Agent': 'node' } }, (res) => {
+      if (res.statusCode === 301 || res.statusCode === 302) {
+        return fetchFile(res.headers.location, dest).then(resolve).catch(reject);
+      }
+      if (res.statusCode !== 200) return reject(new Error(`Download Error ${res.statusCode}`));
+      const file = fs.createWriteStream(dest);
+      res.pipe(file);
+      file.on('finish', () => { file.close(); resolve(); });
+    }).on('error', reject);
+  });
+}
+
+async function install() {
+  try {
+    const archivePath = path.join(__dirname, assetName);
+    const downloadUrl = `https://github.com/${REPO}/releases/download/${VERSION}/${assetName}`;
+
+    await fetchFile(downloadUrl, archivePath);
+    
+    if (pinnedData) {
+      const archiveHash = await computeHash(archivePath);
+      if (archiveHash !== pinnedData.archive) {
+        throw new Error("Archive checksum mismatch! Connection may be compromised.");
+      }
+    }
+
+    const binaryNameInArchive = platform === 'win32' ? 'git-user.exe' : 'git-user';
+    await tar.extract({ 
+      file: archivePath, 
+      cwd: __dirname,
+      filter: (p) => p.replace(/^\.\//, '') === binaryNameInArchive
+    });
+
+    const extractedPath = path.join(__dirname, binaryNameInArchive);
+    fs.renameSync(extractedPath, finalBinaryPath);
+
+    if (platform !== 'win32') fs.chmodSync(finalBinaryPath, 0o755);
+
+    fs.unlinkSync(archivePath);
+
+    console.log(`[git-user] Installation and verification complete.\n`);
+    runBinary();
+  } catch (err) {
+    console.error(`\n❌ git-user installation failed: ${err.message}`);
+    process.exit(1);
+  }
+}
+
+install();

package/package.json

@@ -1,23 +1,13 @@
 {
   "name": "git-userhub",
-  "version": "3.0.6",
+  "version": "3.0.8",
   "description": "Switch Git accounts in one command. No config editing. No SSH key chaos.",
   "bin": {
     "git-user": "bin/git-user.js"
   },
   "scripts": {
     "test": "echo \"No tests yet\" && exit 0",
-    "release": "node scripts/release.js"
-  },
-  "optionalDependencies": {
-    "git-userhub-darwin-arm64": "3.0.6",
-    "git-userhub-darwin-x64": "3.0.6",
-    "git-userhub-linux-arm64": "3.0.6",
-    "git-userhub-linux-x64": "3.0.6",
-    "git-userhub-windows-x64": "3.0.6"
-  },
-  "devDependencies": {
-    "tar": "^7.4.3"
+    "prepublishOnly": "node scripts/inject-hashes.js"
   },
   "keywords": [
     "git",
@@ -54,5 +44,8 @@
   ],
   "config": {
     "repo": "divyo-argha/git-user"
+  },
+  "dependencies": {
+    "tar": "^7.5.16"
   }
-}
+}

package/packages/checksums.txt

@@ -1,6 +0,0 @@
-228e32fdccc3b553ddcefad445a75548c9df5ca03190879d7050008128449742  git-user_darwin_arm64.tar.gz
-5191fda6093bf66946a53504bb3ef0accf776d74d9b3467e36c9cd2c8d7df1a1  git-user_darwin_x86_64.tar.gz
-e43a1171aeedc8f3bd92ddeb38e2b50fbabe5058c5874874c6295f8ea6ca716e  git-user_linux_arm64.tar.gz
-fd97690f902462b0f68ab930dd5e6c63ba33a1d5999851787091cf745fcbec60  git-user_linux_x86_64.tar.gz
-3b5ad0b0bfaeb0f2464b123d764cd5da9db2a3f496676e5d27c2ff8fc6957f75  git-user_windows_arm64.tar.gz
-2a15ecc32d0ae3d419f541477aff8687463cd3ab600807d96ed44ec50ecc7503  git-user_windows_x86_64.tar.gz

package/packages/git-userhub-darwin-arm64/README.md

@@ -1,4 +0,0 @@
-# git-userhub-darwin-arm64
-This package contains the native binary for git-userhub on darwin arm64.
-
-This is an internal package and shouldn't be installed directly. Install `git-userhub` instead.

package/packages/git-userhub-darwin-arm64/package.json

@@ -1,19 +0,0 @@
-{
-  "name": "git-userhub-darwin-arm64",
-  "version": "3.0.6",
-  "description": "The darwin arm64 binary for git-userhub",
-  "os": [
-    "darwin"
-  ],
-  "cpu": [
-    "arm64"
-  ],
-  "bin": {
-    "git-user": "bin/git-user"
-  },
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/divyo-argha/git-user.git"
-  },
-  "license": "MIT"
-}

package/packages/git-userhub-darwin-x64/README.md

@@ -1,4 +0,0 @@
-# git-userhub-darwin-x64
-This package contains the native binary for git-userhub on darwin x64.
-
-This is an internal package and shouldn't be installed directly. Install `git-userhub` instead.

package/packages/git-userhub-darwin-x64/package.json

@@ -1,19 +0,0 @@
-{
-  "name": "git-userhub-darwin-x64",
-  "version": "3.0.6",
-  "description": "The darwin x64 binary for git-userhub",
-  "os": [
-    "darwin"
-  ],
-  "cpu": [
-    "x64"
-  ],
-  "bin": {
-    "git-user": "bin/git-user"
-  },
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/divyo-argha/git-user.git"
-  },
-  "license": "MIT"
-}

package/packages/git-userhub-linux-arm64/README.md

@@ -1,4 +0,0 @@
-# git-userhub-linux-arm64
-This package contains the native binary for git-userhub on linux arm64.
-
-This is an internal package and shouldn't be installed directly. Install `git-userhub` instead.

package/packages/git-userhub-linux-arm64/package.json

@@ -1,19 +0,0 @@
-{
-  "name": "git-userhub-linux-arm64",
-  "version": "3.0.6",
-  "description": "The linux arm64 binary for git-userhub",
-  "os": [
-    "linux"
-  ],
-  "cpu": [
-    "arm64"
-  ],
-  "bin": {
-    "git-user": "bin/git-user"
-  },
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/divyo-argha/git-user.git"
-  },
-  "license": "MIT"
-}

package/packages/git-userhub-linux-x64/README.md

@@ -1,4 +0,0 @@
-# git-userhub-linux-x64
-This package contains the native binary for git-userhub on linux x64.
-
-This is an internal package and shouldn't be installed directly. Install `git-userhub` instead.

package/packages/git-userhub-linux-x64/package.json

@@ -1,19 +0,0 @@
-{
-  "name": "git-userhub-linux-x64",
-  "version": "3.0.6",
-  "description": "The linux x64 binary for git-userhub",
-  "os": [
-    "linux"
-  ],
-  "cpu": [
-    "x64"
-  ],
-  "bin": {
-    "git-user": "bin/git-user"
-  },
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/divyo-argha/git-user.git"
-  },
-  "license": "MIT"
-}

package/packages/git-userhub-windows-x64/README.md

@@ -1,4 +0,0 @@
-# git-userhub-windows-x64
-This package contains the native binary for git-userhub on win32 x64.
-
-This is an internal package and shouldn't be installed directly. Install `git-userhub` instead.

package/packages/git-userhub-windows-x64/package.json

@@ -1,19 +0,0 @@
-{
-  "name": "git-userhub-windows-x64",
-  "version": "3.0.6",
-  "description": "The win32 x64 binary for git-userhub",
-  "os": [
-    "win32"
-  ],
-  "cpu": [
-    "x64"
-  ],
-  "bin": {
-    "git-user": "bin/git-user.exe"
-  },
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/divyo-argha/git-user.git"
-  },
-  "license": "MIT"
-}