gitspace 0.2.0-rc.1

package/src/commands/host.ts

@@ -0,0 +1,396 @@
+/**
+ * Host commands for gitspace.sh hosting
+ *
+ * Handles subdomain management: reserve, release, list, set-primary, status
+ */
+
+import { existsSync, writeFileSync, readFileSync } from 'fs';
+import { join } from 'path';
+import { getSecret, setSecret, deleteSecret } from '../utils/secrets.js';
+import { getSpacesDir } from '../core/config.js';
+import { getPublicKeyWithoutPassword } from '../core/identity.js';
+import { logger } from '../utils/logger.js';
+import { SpacesError } from '../types/errors.js';
+
+// API Configuration
+const API_BASE = process.env.GITSPACE_API_URL || 'https://api.gitspace.sh';
+
+// ============================================================================
+// Types
+// ============================================================================
+
+/**
+ * Host configuration stored in ~/.gitspace/host.json
+ * Non-sensitive data only - tunnel tokens are in keychain
+ */
+export interface HostConfig {
+  subdomain: string;
+  subdomains?: string[];
+  createdAt: number;
+}
+
+interface SubdomainInfo {
+  id: string;
+  subdomain: string;
+  status: string;
+  is_primary: number;
+  created_at: number;
+  updated_at: number;
+}
+
+interface SubdomainCreateResponse {
+  id: string;
+  subdomain: string;
+  hosts: string[];
+  isPrimary: boolean;
+}
+
+// ============================================================================
+// Host Config Management
+// ============================================================================
+
+/**
+ * Get the host config file path
+ */
+function getHostConfigPath(): string {
+  return join(getSpacesDir(), 'host.json');
+}
+
+/**
+ * Read host config from disk
+ */
+export function readHostConfig(): HostConfig | null {
+  const configPath = getHostConfigPath();
+  if (!existsSync(configPath)) {
+    return null;
+  }
+
+  try {
+    const content = readFileSync(configPath, 'utf-8');
+    return JSON.parse(content) as HostConfig;
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Write host config to disk
+ */
+function writeHostConfig(config: HostConfig): void {
+  const configPath = getHostConfigPath();
+  writeFileSync(configPath, JSON.stringify(config, null, 2), {
+    encoding: 'utf-8',
+    mode: 0o600,
+  });
+}
+
+/**
+ * Update host config after subdomain changes
+ */
+async function syncHostConfig(): Promise<void> {
+  const token = await getSecret('GITSPACE_TOKEN');
+  if (!token) return;
+
+  try {
+    const headers = await getAuthHeaders();
+    const res = await fetch(`${API_BASE}/subdomains`, { headers });
+
+    if (!res.ok) return;
+
+    const subdomains: SubdomainInfo[] = await res.json();
+    const activeSubdomains = subdomains.filter((s) => s.status === 'active');
+    const primary = activeSubdomains.find((s) => s.is_primary);
+
+    if (primary) {
+      writeHostConfig({
+        subdomain: primary.subdomain,
+        subdomains: activeSubdomains.map((s) => s.subdomain),
+        createdAt: primary.created_at,
+      });
+    }
+  } catch {
+    // Ignore sync errors
+  }
+}
+
+// ============================================================================
+// Helper: Get Auth Token
+// ============================================================================
+
+async function getAuthToken(): Promise<string> {
+  const token = await getSecret('GITSPACE_TOKEN');
+  if (!token) {
+    throw new SpacesError(
+      'Not logged in.\n\nRun: gssh auth login',
+      'USER_ERROR'
+    );
+  }
+  return token;
+}
+
+async function getAuthHeaders(
+  extra: Record<string, string> = {}
+): Promise<Record<string, string>> {
+  const token = await getAuthToken();
+  const identity = getPublicKeyWithoutPassword();
+  if (!identity) {
+    throw new SpacesError(
+      'Identity not found.\n\nRun: gssh identity init',
+      'USER_ERROR',
+      1
+    );
+  }
+  return {
+    Authorization: `Bearer ${token}`,
+    'X-Device-Fingerprint': identity.signingPublicKey,
+    ...extra,
+  };
+}
+
+// ============================================================================
+// Reserve Subdomain
+// ============================================================================
+
+/**
+ * Reserve a subdomain on gitspace.sh
+ */
+export async function hostReserve(subdomain: string): Promise<void> {
+  const headers = await getAuthHeaders();
+  const jsonHeaders = { ...headers, 'Content-Type': 'application/json' };
+
+  // Normalize subdomain
+  subdomain = subdomain.toLowerCase().trim();
+
+  // Check availability
+  logger.info('Checking availability...');
+  const checkRes = await fetch(
+    `${API_BASE}/subdomains/check?name=${encodeURIComponent(subdomain)}`,
+    {
+      headers,
+    }
+  );
+
+  if (!checkRes.ok) {
+    throw new SpacesError(
+      `Failed to check availability: ${checkRes.statusText}`,
+      'SYSTEM_ERROR'
+    );
+  }
+
+  const { available, reason } = await checkRes.json();
+  if (!available) {
+    throw new SpacesError(
+      `Subdomain "${subdomain}" is not available: ${reason}`,
+      'USER_ERROR'
+    );
+  }
+
+  // Reserve
+  logger.info('Creating tunnel...');
+  const res = await fetch(`${API_BASE}/subdomains`, {
+    method: 'POST',
+    headers: jsonHeaders,
+    body: JSON.stringify({ subdomain }),
+  });
+
+  if (!res.ok) {
+    const error = await res.json().catch(() => ({ error: res.statusText }));
+    throw new SpacesError(`Failed to reserve: ${error.error}`, 'USER_ERROR');
+  }
+
+  const data: SubdomainCreateResponse = await res.json();
+
+  logger.info('Configuring DNS...');
+
+  // Fetch and store tunnel token in keychain
+  logger.info('Saving credentials...');
+  const tokenRes = await fetch(
+    `${API_BASE}/subdomains/${subdomain}/token`,
+    {
+      headers,
+    }
+  );
+
+  if (!tokenRes.ok) {
+    throw new SpacesError('Failed to get tunnel token', 'SYSTEM_ERROR');
+  }
+
+  const { tunnelToken } = await tokenRes.json();
+  await setSecret(`TUNNEL_TOKEN_${subdomain}`, tunnelToken);
+
+  // Update local host config
+  await syncHostConfig();
+
+  logger.log('');
+  logger.success(`Reserved: ${data.subdomain}.gitspace.sh`);
+  logger.log(`  Wildcard: *.${data.subdomain}.gitspace.sh`);
+  if (data.isPrimary) {
+    logger.dim('  (set as primary)');
+  }
+
+  logger.log('');
+  logger.log("Run 'spaces' to start hosting.");
+}
+
+// ============================================================================
+// Release Subdomain
+// ============================================================================
+
+/**
+ * Release a subdomain
+ */
+export async function hostRelease(subdomain?: string): Promise<void> {
+  const headers = await getAuthHeaders();
+
+  // If no subdomain specified, show list and exit
+  if (!subdomain) {
+    logger.log('Please specify a subdomain to release:');
+    logger.command('  gssh host release <subdomain>');
+    logger.log('');
+    logger.log('To see your subdomains:');
+    logger.command('  gssh host list');
+    return;
+  }
+
+  subdomain = subdomain.toLowerCase().trim();
+
+  const res = await fetch(`${API_BASE}/subdomains/${subdomain}`, {
+    method: 'DELETE',
+    headers,
+  });
+
+  if (!res.ok) {
+    const error = await res.json().catch(() => ({ error: res.statusText }));
+    throw new SpacesError(`Failed to release: ${error.error}`, 'USER_ERROR');
+  }
+
+  // Clear local tunnel token
+  await deleteSecret(`TUNNEL_TOKEN_${subdomain}`);
+
+  // Update local host config
+  await syncHostConfig();
+
+  logger.success(`Released: ${subdomain}.gitspace.sh`);
+}
+
+// ============================================================================
+// List Subdomains
+// ============================================================================
+
+/**
+ * List user's subdomains
+ */
+export async function hostList(): Promise<void> {
+  const headers = await getAuthHeaders();
+
+  const res = await fetch(`${API_BASE}/subdomains`, { headers });
+
+  if (!res.ok) {
+    throw new SpacesError(
+      `Failed to list subdomains: ${res.statusText}`,
+      'SYSTEM_ERROR'
+    );
+  }
+
+  const subdomains: SubdomainInfo[] = await res.json();
+
+  if (subdomains.length === 0) {
+    logger.log('No subdomains reserved.');
+    logger.log('');
+    logger.log('Reserve one with:');
+    logger.command('  gssh host reserve <name>');
+    return;
+  }
+
+  logger.log('Your subdomains:\n');
+  for (const sub of subdomains) {
+    const primary = sub.is_primary ? ' (primary)' : '';
+    const status = sub.status === 'active' ? '\u2713' : '\u2717';
+    logger.log(`  ${status} ${sub.subdomain}.gitspace.sh${primary}`);
+    logger.dim(`    Created: ${new Date(sub.created_at).toLocaleDateString()}`);
+  }
+
+  logger.log(`\n${subdomains.length}/3 subdomains used (free tier)`);
+}
+
+// ============================================================================
+// Set Primary
+// ============================================================================
+
+/**
+ * Set a subdomain as primary for `gssh serve`
+ */
+export async function hostSetPrimary(subdomain: string): Promise<void> {
+  const headers = await getAuthHeaders();
+  subdomain = subdomain.toLowerCase().trim();
+
+  const res = await fetch(`${API_BASE}/subdomains/${subdomain}/set-primary`, {
+    method: 'POST',
+    headers,
+  });
+
+  if (!res.ok) {
+    const error = await res.json().catch(() => ({ error: res.statusText }));
+    throw new SpacesError(`Failed: ${error.error}`, 'USER_ERROR');
+  }
+
+  // Update local host config
+  await syncHostConfig();
+
+  logger.success(`${subdomain}.gitspace.sh is now your primary subdomain`);
+}
+
+// ============================================================================
+// Status
+// ============================================================================
+
+/**
+ * Show hosting status
+ */
+export async function hostStatus(): Promise<void> {
+  let headers: Record<string, string>;
+  try {
+    headers = await getAuthHeaders();
+  } catch {
+    logger.log('Not logged in or identity not found');
+    logger.dim('Run: gssh auth login');
+    return;
+  }
+
+  try {
+    const res = await fetch(`${API_BASE}/subdomains`, { headers });
+
+    if (!res.ok) {
+      logger.log('Could not fetch subdomains');
+      return;
+    }
+
+    const subdomains: SubdomainInfo[] = await res.json();
+    const primary = subdomains.find((s) => s.is_primary && s.status === 'active');
+
+    if (!primary) {
+      logger.log('No primary subdomain set.');
+      logger.dim('Run: gssh host reserve <name>');
+      return;
+    }
+
+    logger.log(`Primary: ${primary.subdomain}.gitspace.sh`);
+    logger.log(`Status: ${primary.status}`);
+
+    // Check if tunnel token exists locally
+    const tunnelToken = await getSecret(`TUNNEL_TOKEN_${primary.subdomain}`);
+    logger.log(`Tunnel token: ${tunnelToken ? 'configured' : 'missing'}`);
+
+    if (!tunnelToken) {
+      logger.dim('Run: gssh host reserve ' + primary.subdomain + ' (to refresh token)');
+    }
+  } catch {
+    logger.log('Could not verify status (API unreachable)');
+
+    // Show local config
+    const hostConfig = readHostConfig();
+    if (hostConfig) {
+      logger.log(`Local config: ${hostConfig.subdomain}.gitspace.sh`);
+    }
+  }
+}

package/src/commands/identity.ts

@@ -0,0 +1,184 @@
+/**
+ * Identity command implementation
+ * Handles 'gssh identity init' and 'gssh identity show'
+ */
+
+import { createHash } from 'crypto';
+import { logger } from '../utils/logger.js';
+import { promptPassword, promptInput, promptConfirm } from '../utils/prompts.js';
+import {
+  generateAndSaveKeypair,
+  loadKeypair,
+  keypairExists,
+  getPublicKeyWithoutPassword,
+} from '../core/identity.js';
+import {
+  NoIdentityError,
+  IdentityExistsError,
+  SpacesError,
+} from '../types/errors.js';
+
+/**
+ * Initialize a new identity keypair
+ */
+export async function initIdentity(options: { force?: boolean } = {}): Promise<void> {
+  // Check if keypair already exists
+  if (keypairExists() && !options.force) {
+    throw new IdentityExistsError();
+  }
+
+  // If force flag is set and keypair exists, confirm
+  if (options.force && keypairExists()) {
+    const confirmed = await promptConfirm(
+      'This will overwrite your existing identity. Are you sure?',
+      false
+    );
+
+    if (!confirmed) {
+      logger.info('Cancelled');
+      return;
+    }
+  }
+
+  // Prompt for password (twice for confirmation)
+  const password = await promptPassword('Enter password to encrypt your identity:');
+
+  if (!password) {
+    logger.info('Cancelled');
+    return;
+  }
+
+  if (password.length < 8) {
+    throw new SpacesError(
+      'Password must be at least 8 characters long',
+      'USER_ERROR',
+      1
+    );
+  }
+
+  const confirmPassword = await promptPassword('Confirm password:');
+
+  if (!confirmPassword) {
+    logger.info('Cancelled');
+    return;
+  }
+
+  if (password !== confirmPassword) {
+    throw new SpacesError(
+      'Passwords do not match',
+      'USER_ERROR',
+      1
+    );
+  }
+
+  // Prompt for optional label
+  const label = await promptInput('Enter an optional label for this identity (e.g., "My Laptop"):', {
+    default: '',
+  });
+
+  // Generate and save keypair
+  logger.info('Generating keypair...');
+  const identity = await generateAndSaveKeypair(
+    password,
+    label || undefined,
+    options.force || false
+  );
+
+  logger.success('Identity created successfully');
+
+  // Display public key info (identity is PublicIdentity, keys are base64 strings)
+  const signingKeyBytes = Buffer.from(identity.signingPublicKey, 'base64');
+  const keyExchangeKeyBytes = Buffer.from(identity.keyExchangePublicKey, 'base64');
+  const fingerprint = formatFingerprint(signingKeyBytes);
+  const publicKeyString = formatPublicKey(signingKeyBytes, keyExchangeKeyBytes);
+
+  logger.log('');
+  logger.bold('Identity Information:');
+  logger.log(`  ID:          ${identity.id}`);
+  logger.log(`  Fingerprint: ${fingerprint}`);
+  if (identity.label) {
+    logger.log(`  Label:       ${identity.label}`);
+  }
+  logger.log('');
+  logger.bold('Public Key:');
+  logger.log(`  ${publicKeyString}`);
+  logger.log('');
+  logger.dim('Keep your password safe. You will need it to use this identity.');
+}
+
+/**
+ * Show identity information
+ */
+export async function showIdentity(
+  options: { fingerprint?: boolean; json?: boolean } = {}
+): Promise<void> {
+  // Check if keypair exists
+  if (!keypairExists()) {
+    throw new NoIdentityError();
+  }
+
+  // Read public key (no password needed)
+  const publicIdentity = getPublicKeyWithoutPassword();
+
+  if (!publicIdentity) {
+    throw new NoIdentityError();
+  }
+
+  // JSON output
+  if (options.json) {
+    console.log(JSON.stringify(publicIdentity, null, 2));
+    return;
+  }
+
+  // Fingerprint output
+  if (options.fingerprint) {
+    const signingPublicKeyBytes = Buffer.from(publicIdentity.signingPublicKey, 'base64');
+    const fingerprint = formatFingerprint(signingPublicKeyBytes);
+    logger.log(fingerprint);
+    return;
+  }
+
+  // Default output: full public key
+  const publicKeyString = formatPublicKey(
+    Buffer.from(publicIdentity.signingPublicKey, 'base64'),
+    Buffer.from(publicIdentity.keyExchangePublicKey, 'base64')
+  );
+
+  logger.bold('Identity Information:');
+  logger.log(`  ID:          ${publicIdentity.id}`);
+  if (publicIdentity.label) {
+    logger.log(`  Label:       ${publicIdentity.label}`);
+  }
+  logger.log('');
+  logger.bold('Public Key:');
+  logger.log(`  ${publicKeyString}`);
+  logger.log('');
+  logger.bold('Fingerprint:');
+  logger.log(`  ${formatFingerprint(Buffer.from(publicIdentity.signingPublicKey, 'base64'))}`);
+}
+
+/**
+ * Format fingerprint as first 16 hex chars of SHA-256 hash with colons
+ */
+function formatFingerprint(signingPublicKey: Uint8Array): string {
+  const hash = createHash('sha256').update(signingPublicKey).digest('hex');
+  const first16 = hash.substring(0, 16);
+
+  // Add colons every 2 characters
+  const parts: string[] = [];
+  for (let i = 0; i < first16.length; i += 2) {
+    parts.push(first16.substring(i, i + 2));
+  }
+
+  return parts.join(':');
+}
+
+/**
+ * Format public key as gssh-pub:BASE64_SIGNING:BASE64_KEYEXCHANGE
+ */
+function formatPublicKey(signingPublicKey: Uint8Array, keyExchangePublicKey: Uint8Array): string {
+  const signingB64 = Buffer.from(signingPublicKey).toString('base64');
+  const keyExchangeB64 = Buffer.from(keyExchangePublicKey).toString('base64');
+
+  return `gssh-pub:${signingB64}:${keyExchangeB64}`;
+}