hypercore-fetch 9.3.1 → 9.5.0

package/README.md

@@ -53,6 +53,10 @@ Thus you can get the previous version of a file by using `hyper://NAME/$/version
 
 If the resource is a file, it may contain the `Last-Modified` header if the file has had a `metadata.mtime` flag set upon update.
 
+If the resource is a directory, it will contain the `Allow` header to
+indicate whether a hyperdrive is writable (`'HEAD,GET'`) or not
+(`'HEAD,GET,PUT,DELETE'`).
+
 ### `fetch('hyper://NAME/example.txt', {method: 'GET'})`
 
 This will attempt to load `example.txt` from the archive labeled by `NAME`.
@@ -124,6 +128,9 @@ The `body` can be any of the options supported by the Fetch API such as a `Strin
 
 Note that this is only available with the `writable: true` flag.
 
+An attempt to `PUT` a file to a hyperdrive which is not writable will
+fail with status `403`.
+
 ### `fetch('hyper://NAME/folder/', {method: 'PUT', body: new FormData()})`
 
 You can add multiple files to a folder using the `PUT` method with a [FormData](https://developer.mozilla.org/en-US/docs/Web/API/FormData) body.
@@ -141,6 +148,11 @@ You can delete a file or directory tree in a Hyperdrive by using the `DELETE` me
 
 `NAME` can either be the 52 character [z32 encoded](https://github.com/mafintosh/z32) key for a Hyperdrive or Hypercore , or a domain to parse with the [DNSLink](https://www.dnslink.io/) standard.
 
+Note that this is only available with the `writable: true` flag.
+
+An attempt to `DELETE` a file in a hyperdrive which is not writable
+will fail with status `403`.
+
 ### `fetch('hyper://NAME/$/extensions/')`
 
 You can list the current [hypercore extensions](https://github.com/hypercore-protocol/hypercore#ext--feedregisterextensionname-handlers) that are enabled by doing a `GET` on the `/$/extensions/` directory.
@@ -200,3 +212,8 @@ You can get older views of data in an archive by using the special `/$/version`
 From there, you can use `GET` and `HEAD` requests with allt he same headers and querystring paramters as non-versioned paths to data.
 
 Note that you cannot `PUT` or `DELETE` data in a versioned folder.
+
+
+## Limitations:
+
+- Since we make use of the special directory `$`, you cannot store files in this folder. If this is a major blocker, feel free to open an issue with alternative folder names we should consider.

package/index.js

@@ -25,6 +25,16 @@ const MIME_EVENT_STREAM = 'text/event-stream; charset=utf-8'
 const HEADER_CONTENT_TYPE = 'Content-Type'
 const HEADER_LAST_MODIFIED = 'Last-Modified'
 
+const WRITABLE_METHODS = [
+  'PUT',
+  'DELETE'
+]
+
+const BASIC_METHODS = [
+  'HEAD',
+  'GET'
+]
+
 export const ERROR_KEY_NOT_CREATED = 'Must create key with POST before reading'
 
 const INDEX_FILES = [
@@ -79,7 +89,9 @@ export default async function makeHyperFetch ({
     router.get(`hyper://${SPECIAL_DOMAIN}/`, getKey)
     router.post(`hyper://${SPECIAL_DOMAIN}/`, createKey)
 
+    router.put(`hyper://*/${SPECIAL_FOLDER}/${VERSION_FOLDER_NAME}/**`, putFilesVersioned)
     router.put('hyper://*/**', putFiles)
+    router.delete(`hyper://*/${SPECIAL_FOLDER}/${VERSION_FOLDER_NAME}/**`, deleteFilesVersioned)
     router.delete('hyper://*/**', deleteFiles)
   }
 
@@ -244,7 +256,7 @@ export default async function makeHyperFetch ({
 
   async function listenExtension (request) {
     const { hostname, pathname: rawPathname } = new URL(request.url)
-    const pathname = decodeURI(rawPathname)
+    const pathname = decodeURI(ensureLeadingSlash(rawPathname))
     const name = pathname.slice(`/${SPECIAL_FOLDER}/${EXTENSIONS_FOLDER_NAME}/`.length)
 
     const core = await getCore(`hyper://${hostname}/`)
@@ -266,7 +278,7 @@ export default async function makeHyperFetch ({
 
   async function broadcastExtension (request) {
     const { hostname, pathname: rawPathname } = new URL(request.url)
-    const pathname = decodeURI(rawPathname)
+    const pathname = decodeURI(ensureLeadingSlash(rawPathname))
 
     const name = pathname.slice(`/${SPECIAL_FOLDER}/${EXTENSIONS_FOLDER_NAME}/`.length)
 
@@ -281,7 +293,7 @@ export default async function makeHyperFetch ({
 
   async function extensionToPeer (request) {
     const { hostname, pathname: rawPathname } = new URL(request.url)
-    const pathname = decodeURI(rawPathname)
+    const pathname = decodeURI(ensureLeadingSlash(rawPathname))
 
     const subFolder = pathname.slice(`/${SPECIAL_FOLDER}/${EXTENSIONS_FOLDER_NAME}/`.length)
     const [name, extensionPeer] = subFolder.split('/')
@@ -345,12 +357,16 @@ export default async function makeHyperFetch ({
 
   async function putFiles (request) {
     const { hostname, pathname: rawPathname } = new URL(request.url)
-    const pathname = decodeURI(rawPathname)
+    const pathname = decodeURI(ensureLeadingSlash(rawPathname))
     const contentType = request.headers.get('Content-Type') || ''
     const isFormData = contentType.includes('multipart/form-data')
 
     const drive = await getDrive(`hyper://${hostname}`)
 
+    if (!drive.db.feed.writable) {
+      return { status: 403, body: `Cannot PUT file to read-only drive: ${drive.url}`, headers: { Location: request.url } }
+    }
+
     if (isFormData) {
       // It's a form! Get the files out and process them
       const formData = await request.formData()
@@ -367,25 +383,37 @@ export default async function makeHyperFetch ({
         )
       }
     } else {
-      await pipelinePromise(
-        Readable.from(request.body),
-        drive.createWriteStream(pathname, {
-          metadata: {
-            mtime: Date.now()
-          }
-        })
-      )
+      if (pathname.endsWith('/')) {
+        return { status: 405, body: 'Cannot PUT file with trailing slash', headers: { Location: request.url } }
+      } else {
+        await pipelinePromise(
+          Readable.from(request.body),
+          drive.createWriteStream(pathname, {
+            metadata: {
+              mtime: Date.now()
+            }
+          })
+        )
+      }
     }
 
     return { status: 201, headers: { Location: request.url } }
   }
 
+  function putFilesVersioned (request) {
+    return { status: 405, body: 'Cannot PUT file to old version', headers: { Location: request.url } }
+  }
+
   async function deleteFiles (request) {
     const { hostname, pathname: rawPathname } = new URL(request.url)
-    const pathname = decodeURI(rawPathname)
+    const pathname = decodeURI(ensureLeadingSlash(rawPathname))
 
     const drive = await getDrive(`hyper://${hostname}`)
 
+    if (!drive.db.feed.writable) {
+      return { status: 403, body: `Cannot DELETE file in read-only drive: ${drive.url}`, headers: { Location: request.url } }
+    }
+
     if (pathname.endsWith('/')) {
       let didDelete = false
       for await (const entry of drive.list(pathname)) {
@@ -408,10 +436,14 @@ export default async function makeHyperFetch ({
     return { status: 200 }
   }
 
+  function deleteFilesVersioned (request) {
+    return { status: 405, body: 'Cannot DELETE old version', headers: { Location: request.url } }
+  }
+
   async function headFilesVersioned (request) {
     const url = new URL(request.url)
     const { hostname, pathname: rawPathname, searchParams } = url
-    const pathname = decodeURI(rawPathname)
+    const pathname = decodeURI(ensureLeadingSlash(rawPathname))
 
     const accept = request.headers.get('Accept') || ''
     const isRanged = request.headers.get('Range') || ''
@@ -419,7 +451,7 @@ export default async function makeHyperFetch ({
 
     const parts = pathname.split('/')
     const version = parts[3]
-    const realPath = parts.slice(4).join('/')
+    const realPath = ensureLeadingSlash(parts.slice(4).join('/'))
 
     const drive = await getDrive(`hyper://${hostname}`)
 
@@ -431,7 +463,7 @@ export default async function makeHyperFetch ({
   async function headFiles (request) {
     const url = new URL(request.url)
     const { hostname, pathname: rawPathname, searchParams } = url
-    const pathname = decodeURI(rawPathname)
+    const pathname = decodeURI(ensureLeadingSlash(rawPathname))
 
     const accept = request.headers.get('Accept') || ''
     const isRanged = request.headers.get('Range') || ''
@@ -446,10 +478,15 @@ export default async function makeHyperFetch ({
     const isDirectory = pathname.endsWith('/')
     const fullURL = new URL(pathname, drive.url).href
 
+    const isWritable = writable && drive.db.feed.writable
+
+    const Allow = isWritable ? BASIC_METHODS.concat(WRITABLE_METHODS) : BASIC_METHODS
+
     const resHeaders = {
       ETag: `${drive.version}`,
       'Accept-Ranges': 'bytes',
-      Link: `<${fullURL}>; rel="canonical"`
+      Link: `<${fullURL}>; rel="canonical"`,
+      Allow
     }
 
     if (isDirectory) {
@@ -507,7 +544,7 @@ export default async function makeHyperFetch ({
       return { status: 404, body: 'Not Found' }
     }
 
-    resHeaders.ETag = `${entry.seq}`
+    resHeaders.ETag = `${entry.seq + 1}`
     resHeaders['Content-Length'] = `${entry.value.blob.byteLength}`
 
     const contentType = getMimeType(path)
@@ -546,7 +583,7 @@ export default async function makeHyperFetch ({
   async function getFilesVersioned (request) {
     const url = new URL(request.url)
     const { hostname, pathname: rawPathname, searchParams } = url
-    const pathname = decodeURI(rawPathname)
+    const pathname = decodeURI(ensureLeadingSlash(rawPathname))
 
     const accept = request.headers.get('Accept') || ''
     const isRanged = request.headers.get('Range') || ''
@@ -554,7 +591,7 @@ export default async function makeHyperFetch ({
 
     const parts = pathname.split('/')
     const version = parts[3]
-    const realPath = parts.slice(4).join('/')
+    const realPath = ensureLeadingSlash(parts.slice(4).join('/'))
 
     const drive = await getDrive(`hyper://${hostname}`)
 
@@ -567,7 +604,7 @@ export default async function makeHyperFetch ({
   async function getFiles (request) {
     const url = new URL(request.url)
     const { hostname, pathname: rawPathname, searchParams } = url
-    const pathname = decodeURI(rawPathname)
+    const pathname = decodeURI(ensureLeadingSlash(rawPathname))
 
     const accept = request.headers.get('Accept') || ''
     const isRanged = request.headers.get('Range') || ''
@@ -651,7 +688,7 @@ async function serveFile (drive, pathname, isRanged) {
   const entry = await drive.entry(pathname)
 
   const resHeaders = {
-    ETag: `${entry.seq}`,
+    ETag: `${entry.seq + 1}`,
     [HEADER_CONTENT_TYPE]: contentType,
     'Accept-Ranges': 'bytes',
     Link: `<${fullURL}>; rel="canonical"`
@@ -749,3 +786,7 @@ function getMimeType (path) {
   if (mimeType.startsWith('text/')) mimeType = `${mimeType}; charset=utf-8`
   return mimeType
 }
+
+function ensureLeadingSlash (path) {
+  return path.startsWith('/') ? path : '/' + path
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hypercore-fetch",
-  "version": "9.3.1",
+  "version": "9.5.0",
   "description": "Implementation of Fetch that uses the Dat SDK for loading p2p content",
   "type": "module",
   "main": "index.js",

package/test.js

@@ -128,7 +128,7 @@ test('HEAD request', async (t) => {
   const headersLink = headResponse.headers.get('Link')
 
   // Version at which the file was added
-  t.equal(headersEtag, '1', 'Headers got expected etag')
+  t.equal(headersEtag, '2', 'Headers got expected etag')
   t.equal(headersContentType, 'text/plain; charset=utf-8', 'Headers got expected mime type')
   t.ok(headersContentLength, "Headers have 'Content-Length' set.")
   t.ok(headersLastModified, "Headers have 'Last-Modified' set.")
@@ -467,7 +467,7 @@ test('EventSource extension messages', async (t) => {
 })
 
 test('Resolve DNS', async (t) => {
-  const loadResponse = await fetch('hyper://example2.mauve.moe/?noResolve')
+  const loadResponse = await fetch('hyper://blog.mauve.moe/?noResolve')
 
   const entries = await loadResponse.json()
 
@@ -484,7 +484,7 @@ test('Error on invalid hostname', async (t) => {
   }
 })
 
-test('GET older version of file from VERSION folder', async (t) => {
+test('Old versions in VERSION folder', async (t) => {
   const created = await nextURL(t)
 
   const fileName = 'example.txt'
@@ -494,6 +494,7 @@ test('GET older version of file from VERSION folder', async (t) => {
 
   const fileURL = new URL(`/${fileName}`, created)
   const versionFileURL = new URL(`/$/version/2/${fileName}`, created)
+  const versionRootURL = new URL('/$/version/1/', created)
 
   await checkResponse(
     await fetch(fileURL, { method: 'PUT', body: data1 }), t
@@ -502,13 +503,120 @@ test('GET older version of file from VERSION folder', async (t) => {
     await fetch(fileURL, { method: 'PUT', body: data2 }), t
   )
 
-  const versionedResponse = await fetch(versionFileURL)
+  const versionedFileResponse = await fetch(versionFileURL)
+  await checkResponse(versionedFileResponse, t, 'Able to GET versioned file')
+  const versionedFileData = await versionedFileResponse.text()
+  t.equal(versionedFileData, data1, 'Old data got loaded')
 
-  await checkResponse(versionedResponse, t, 'Able to GET versioned file')
+  const versionedRootResponse = await fetch(versionRootURL)
+  await checkResponse(versionedRootResponse, t, 'Able to GET versioned root')
+  const versionedRootContents = await versionedRootResponse.json()
+  t.deepEqual(versionedRootContents, [], 'Old root content got loaded')
 
-  const versionedData = await versionedResponse.text()
+  // PUT on old version should fail
+  const putResponse = await fetch(versionFileURL, {
+    method: 'PUT',
+    body: SAMPLE_CONTENT
+  })
+  if (putResponse.ok) {
+    throw new Error('PUT old version of file should have failed')
+  } else {
+    t.equal(putResponse.status, 405, 'PUT old version returned status 405 Not Allowed')
+  }
+
+  // DELETE on old version should fail
+  const deleteResponse = await fetch(versionFileURL, {
+    method: 'delete'
+  })
+  if (deleteResponse.ok) {
+    throw new Error('DELETE old version of file should have failed')
+  } else {
+    t.equal(deleteResponse.status, 405, 'DELETE old version returned status 405 Not Allowed')
+  }
+})
+
+test('Handle empty string pathname', async (t) => {
+  const created = await nextURL(t)
+  const urlObject = new URL('', created)
+  const urlNoTrailingSlash = urlObject.href.slice(0, -1)
+  const versionedURLObject = new URL('/$/version/3/', created)
+  const versionedURLNoTrailingSlash = versionedURLObject.href.slice(0, -1)
+
+  // PUT
+  const putResponse = await fetch(urlNoTrailingSlash, { method: 'PUT', body: SAMPLE_CONTENT })
+  if (putResponse.ok) {
+    throw new Error('PUT file at the root directory should have failed')
+  } else {
+    t.pass('PUT file at root directory threw an error')
+  }
+
+  // PUT FormData
+  const formData = new FormData()
+  formData.append('file', new Blob([SAMPLE_CONTENT]), 'example.txt')
+  formData.append('file', new Blob([SAMPLE_CONTENT]), 'example2.txt')
+
+  await checkResponse(
+    await fetch(urlNoTrailingSlash, {
+      method: 'put',
+      body: formData
+    }), t
+  )
+
+  // DELETE
+  await checkResponse(await fetch(urlNoTrailingSlash, { method: 'DELETE' }), t)
+
+  // HEAD
+  const headResponse = await fetch(urlNoTrailingSlash, { method: 'HEAD' })
+  await checkResponse(headResponse, t)
+  t.deepEqual(headResponse.headers.get('Etag'), '5', 'HEAD request returns correct Etag')
+
+  // HEAD (versioned)
+  const versionedHeadResponse = await fetch(versionedURLNoTrailingSlash, { method: 'HEAD' })
+  await checkResponse(versionedHeadResponse, t)
+  t.deepEqual(versionedHeadResponse.headers.get('Etag'), '3', 'Versioned HEAD request returns correct Etag')
+
+  // GET
+  const getResponse = await fetch(urlNoTrailingSlash)
+  await checkResponse(getResponse, t)
+  t.deepEqual(await getResponse.json(), [], 'Returns empty root directory')
+
+  // GET (versioned)
+  const versionedGetResponse = await fetch(versionedURLNoTrailingSlash)
+  await checkResponse(versionedGetResponse, t)
+  t.deepEqual(await versionedGetResponse.json(), ['example.txt', 'example2.txt'], 'Returns root directory prior to DELETE')
+})
+
+test('Return status 403 Forbidden on attempt to modify read-only hyperdrive', async (t) => {
+  const readOnlyURL = 'hyper://blog.mauve.moe/new-file.txt'
+  const putResponse = await fetch(readOnlyURL, { method: 'PUT', body: SAMPLE_CONTENT })
+  if (putResponse.ok) {
+    throw new Error('PUT file to read-only drive should have failed')
+  } else {
+    t.equal(putResponse.status, 403, 'PUT file to read-only drive returned status 403 Forbidden')
+  }
+
+  const deleteResponse = await fetch(readOnlyURL, { method: 'DELETE' })
+  if (deleteResponse.ok) {
+    throw new Error('DELETE file in read-only drive should have failed')
+  } else {
+    t.equal(deleteResponse.status, 403, 'DELETE file to read-only drive returned status 403 Forbidden')
+  }
+})
+
+test('Check hyperdrive writability', async (t) => {
+  const created = await nextURL(t)
 
-  t.equal(versionedData, data1, 'Old data got loaded')
+  const readOnlyRootDirectory = 'hyper://blog.mauve.moe/?noResolve'
+  const readOnlyHeadResponse = await fetch(readOnlyRootDirectory, { method: 'HEAD' })
+  await checkResponse(readOnlyHeadResponse, t, 'Able to load HEAD')
+  const readOnlyHeadersAllow = readOnlyHeadResponse.headers.get('Allow')
+  t.equal(readOnlyHeadersAllow, 'HEAD,GET', 'Expected read-only Allows header')
+
+  const writableRootDirectory = new URL('/', created)
+  const writableHeadResponse = await fetch(writableRootDirectory, { method: 'HEAD' })
+  await checkResponse(writableHeadResponse, t, 'Able to load HEAD')
+  const writableHeadersAllow = writableHeadResponse.headers.get('Allow')
+  t.equal(writableHeadersAllow, 'HEAD,GET,PUT,DELETE', 'Expected writable Allows header')
 })
 
 async function checkResponse (response, t, successMessage = 'Response OK') {