gitnexushub 0.4.1 → 0.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -20,11 +20,45 @@
|
|
|
20
20
|
const fs = require('fs');
|
|
21
21
|
const path = require('path');
|
|
22
22
|
const os = require('os');
|
|
23
|
+
const crypto = require('crypto');
|
|
23
24
|
const http = require('http');
|
|
24
25
|
const https = require('https');
|
|
25
26
|
const { spawnSync } = require('child_process');
|
|
26
27
|
const { URL } = require('url');
|
|
27
28
|
|
|
29
|
+
/**
|
|
30
|
+
* Device fingerprint — stable per-machine identity the hub uses to bind
|
|
31
|
+
* device-scoped tokens. MUST match the algorithm in
|
|
32
|
+
* gitnexus-connect/src/fingerprint.ts (same SHA-256 of
|
|
33
|
+
* `hostname:username:platform:arch`, truncated to 16 hex chars) so the
|
|
34
|
+
* hook's requests share the same identity as `gnx connect`'s.
|
|
35
|
+
*
|
|
36
|
+
* Reimplemented inline here because the hook is a dependency-free .cjs
|
|
37
|
+
* and cannot import from the compiled connect bundle.
|
|
38
|
+
*/
|
|
39
|
+
function computeFingerprint() {
|
|
40
|
+
const identity = `${os.hostname()}:${os.userInfo().username}:${os.platform()}:${os.arch()}`;
|
|
41
|
+
return crypto.createHash('sha256').update(identity).digest('hex').slice(0, 16);
|
|
42
|
+
}
|
|
43
|
+
|
|
44
|
+
function getDeviceName() {
|
|
45
|
+
return `${os.userInfo().username}@${os.hostname()}`;
|
|
46
|
+
}
|
|
47
|
+
|
|
48
|
+
/**
|
|
49
|
+
* Build the header bag the hub's auth middleware requires. Device tokens
|
|
50
|
+
* (issued by `gnx connect`) are rejected without both `X-Device-Fingerprint`
|
|
51
|
+
* and `X-Device-Name` — omitting them surfaces as a 403 and the hook would
|
|
52
|
+
* silently bail, so every call must go through this helper.
|
|
53
|
+
*/
|
|
54
|
+
function authHeaders(config) {
|
|
55
|
+
return {
|
|
56
|
+
Authorization: `Bearer ${config.hubToken}`,
|
|
57
|
+
'X-Device-Fingerprint': computeFingerprint(),
|
|
58
|
+
'X-Device-Name': getDeviceName(),
|
|
59
|
+
};
|
|
60
|
+
}
|
|
61
|
+
|
|
28
62
|
const HOOK_TIMEOUT_MS = 1500;
|
|
29
63
|
const CONFIG_PATH = path.join(os.homedir(), '.gitnexus', 'config.json');
|
|
30
64
|
const REGISTRY_PATH = path.join(os.homedir(), '.gitnexus', 'connect-registry.json');
|
|
@@ -298,7 +332,7 @@ async function handlePreToolUse(input, config, entry) {
|
|
|
298
332
|
|
|
299
333
|
const res = await httpPostJson(
|
|
300
334
|
`${config.hubUrl}/api/repos/${entry.hubRepoId}/augment`,
|
|
301
|
-
|
|
335
|
+
authHeaders(config),
|
|
302
336
|
{ pattern },
|
|
303
337
|
);
|
|
304
338
|
if (!res || res.status !== 200 || !res.body || !res.body.text) return;
|
|
@@ -360,9 +394,10 @@ async function handlePostToolUse(input, config, entry) {
|
|
|
360
394
|
|
|
361
395
|
let meta = readMetaCache(entry.hubRepoId);
|
|
362
396
|
if (!meta) {
|
|
363
|
-
const res = await httpGetJson(
|
|
364
|
-
|
|
365
|
-
|
|
397
|
+
const res = await httpGetJson(
|
|
398
|
+
`${config.hubUrl}/api/repos/${entry.hubRepoId}/meta`,
|
|
399
|
+
authHeaders(config),
|
|
400
|
+
);
|
|
366
401
|
if (!res || res.status !== 200 || !res.body) return;
|
|
367
402
|
meta = res.body;
|
|
368
403
|
writeMetaCache(entry.hubRepoId, meta);
|
package/package.json
CHANGED