instaserve 1.1.18 → 1.1.21

package/api.txt

@@ -41,7 +41,7 @@ POST /upload
   Upload a file.
   Body (JSON):
   {
-    "bucket": "my-bucket-name",
+    "bucket": "my-bucket-name", // Optional if env var set
     "key": "filename.jpg",
     "body": "base64_encoded_string_contents",
     "contentType": "image/jpeg"
@@ -49,13 +49,13 @@ POST /upload
 
 POST /files
   List files in a bucket.
-  Body (JSON): { "bucket": "my-bucket-name" }
+  Body (JSON): { "bucket": "my-bucket-name" } // Bucket optional if env var set
   Returns: List of file objects (key, size, lastModified).
 
 GET /download?bucket=my-bucket-name&key=filename.jpg
-  Download a file directly.
+  Download a file directly. Bucket optional if env var set.
   (Available via the 'download' route handler)
 
 GET /delete?bucket=my-bucket-name&key=filename.jpg
-  Delete a file.
+  Delete a file. Bucket optional if env var set.
   (Available via the 'delete' route handler)

package/lib/auth0.js

@@ -41,7 +41,7 @@ export default {
     if (token) {
       global.sqlite.prepare("UPDATE users SET token = NULL WHERE token = ?").run(token);
     }
-    res.setHeader("Set-Cookie", "token=; Path=/; HttpOnly; Secure; SameSite=Lax");
+    res.setHeader("Set-Cookie", "token=; Path=/; HttpOnly; Secure; SameSite=Strict");
     res.writeHead(302, { Location: LOGGEDOUT_REDIRECT });
     res.end();
   },

package/lib/r2.js

@@ -5,6 +5,7 @@ import { URL } from 'url';
 const cloudflareAccessKeyId = process.env.CLOUDFLARE_ACCESS_KEY_ID || process.env.cloudflareAccessKeyId;
 const cloudflareSecretAccessKey = process.env.CLOUDFLARE_SECRET_ACCESS_KEY || process.env.cloudflareSecretAccessKey;
 const cloudflareAccountId = process.env.CLOUDFLARE_ACCOUNT_ID || process.env.cloudflareAccountId;
+const cloudflareBucket = process.env.CLOUDFLARE_BUCKET || process.env.cloudflareBucket || process.env.CLOUDFLARE_BUCKET_NAME || process.env.cloudflareBucketName;
 
 if (!cloudflareAccessKeyId || !cloudflareSecretAccessKey || !cloudflareAccountId) {
   console.warn("Cloudflare environment variables not set! Please set CLOUDFLARE_ACCESS_KEY_ID, CLOUDFLARE_SECRET_ACCESS_KEY, and CLOUDFLARE_ACCOUNT_ID.");
@@ -152,6 +153,7 @@ const getSecrets = ({ cloudflareAccessKeyId, cloudflareSecretAccessKey, cloudfla
 );
 
 async function uploadToR2(bucket, key, body, contentType, secrets) {
+  bucket = bucket || cloudflareBucket;
   if (!body) body = Buffer.alloc(0);
   const signed = signR2('PUT', bucket, key, body, ...getSecrets(secrets));
   signed.headers['Content-Type'] = contentType || 'application/octet-stream';
@@ -160,6 +162,7 @@ async function uploadToR2(bucket, key, body, contentType, secrets) {
 }
 
 async function downloadFromR2(bucket, key, secrets) {
+  bucket = bucket || cloudflareBucket;
   const signed = signR2('GET', bucket, key, null, ...getSecrets(secrets));
   const { hostname, pathname, search } = new URL(signed.url);
 
@@ -187,11 +190,13 @@ async function downloadFromR2(bucket, key, secrets) {
 }
 
 async function deleteFromR2(bucket, key, secrets) {
+  bucket = bucket || cloudflareBucket;
   await requestR2(signR2('DELETE', bucket, key, null, ...getSecrets(secrets)));
   return { success: true };
 }
 
 async function listR2Files(bucket, prefix, secrets) {
+  bucket = bucket || cloudflareBucket;
   const qs = prefix ? `list-type=2&prefix=${encodeURIComponent(prefix)}` : 'list-type=2';
 
   const data = await requestR2(signR2('GET', bucket, '', null, ...getSecrets(secrets), qs));
@@ -204,6 +209,7 @@ async function listR2Files(bucket, prefix, secrets) {
 }
 
 function getSignedDownloadUrl(bucket, key, secrets) {
+  bucket = bucket || cloudflareBucket;
   return signR2('GET', bucket, key, null, ...getSecrets(secrets)).url;
 }
 
@@ -229,8 +235,30 @@ export const fileRoutes = {
   },
   download: async (req, res, data) => {
     try {
-      return await downloadFromR2(data.bucket, data.key, data.secrets || defaultSecrets);
-    } catch (e) { return { error: e.message }; }
+      const r2Msg = await downloadFromR2(data.bucket, data.key, data.secrets || defaultSecrets);
+      res.writeHead(r2Msg.statusCode, r2Msg.statusMessage, r2Msg.headers);
+
+      await new Promise((resolve, reject) => {
+        r2Msg.pipe(res);
+        r2Msg.on('error', (err) => {
+          res.destroy(err);
+          reject(err);
+        });
+        res.on('finish', resolve);
+        res.on('error', reject);
+      });
+
+      // returning nothing to prevent sendResponse from interfering
+      return;
+    } catch (e) {
+      // If headers weren't sent yet, we can return error JSON
+      if (!res.headersSent) {
+        return { error: e.message };
+      }
+      // If headers were sent, we can't cleanly return JSON, 
+      // but the stream error handling above usually takes care of destroying the socket.
+      console.error("Download stream error:", e);
+    }
   },
   delete: async (req, res, data) => {
     try {

package/package.json

@@ -1,11 +1,11 @@
 {
   "name": "instaserve",
-  "version": "1.1.18",
+  "version": "1.1.21",
   "description": "Instant web stack",
   "main": "module.mjs",
   "bin": "./instaserve",
   "scripts": {
-    "start": "node instaserve",
+    "start": "node instaserve -api ./routes-full.js -secure -port 3001 -public ./public",
     "test": "./test_api.sh"
   },
   "type": "module",

package/public/index.html

@@ -0,0 +1,346 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Instaserve App</title>
+    <!-- Google Fonts for Modern Typography -->
+    <link rel="preconnect" href="https://fonts.googleapis.com">
+    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
+    <link href="https://fonts.googleapis.com/css2?family=Outfit:wght@300;400;600;700&display=swap" rel="stylesheet">
+    <style>
+        :root {
+            /* HSL Color Palette - Vibrant & Premium */
+            --primary: 220 90% 56%; /* #2563eb */
+            --primary-dark: 220 90% 46%;
+            --bg-color: 220 30% 98%;
+            --card-bg: 0 0% 100%;
+            --text-main: 220 20% 15%;
+            --text-secondary: 220 15% 40%;
+            --success: 150 70% 40%;
+            --radius-md: 16px;
+            --radius-sm: 8px;
+            --shadow-soft: 0 10px 40px -10px rgba(37, 99, 235, 0.15);
+            --shadow-hover: 0 20px 50px -12px rgba(37, 99, 235, 0.25);
+        }
+
+        /* Dark Mode Support */
+        @media (prefers-color-scheme: dark) {
+            :root {
+                --bg-color: 220 30% 8%;
+                --card-bg: 220 25% 12%;
+                --text-main: 220 30% 95%;
+                --text-secondary: 220 15% 60%;
+                --shadow-soft: 0 10px 40px -10px rgba(0, 0, 0, 0.5);
+            }
+        }
+
+        * { margin: 0; padding: 0; box-sizing: border-box; font-family: 'Outfit', sans-serif; }
+        
+        body {
+            background-color: hsl(var(--bg-color));
+            color: hsl(var(--text-main));
+            min-height: 100vh;
+            display: flex;
+            flex-direction: column;
+            align-items: center;
+            justify-content: center;
+            transition: background-color 0.3s ease, color 0.3s ease;
+            overflow-x: hidden;
+            position: relative;
+        }
+
+        /* Subtle Background Gradient Orb */
+        .bg-orb {
+            position: absolute;
+            width: 600px;
+            height: 600px;
+            border-radius: 50%;
+            background: radial-gradient(circle, hsla(var(--primary), 0.15), transparent 70%);
+            top: -100px;
+            left: 50%;
+            transform: translateX(-50%);
+            z-index: -1;
+            pointer-events: none;
+            animation: pulse-orb 10s ease-in-out infinite alternate;
+        }
+
+        @keyframes pulse-orb {
+            0% { transform: translateX(-50%) scale(0.9); opacity: 0.8; }
+            100% { transform: translateX(-50%) scale(1.1); opacity: 1; }
+        }
+
+        .container {
+            width: 100%;
+            max-width: 480px;
+            padding: 2rem;
+            text-align: center;
+        }
+
+        .auth-card {
+            background: hsl(var(--card-bg));
+            padding: 3rem 2rem;
+            border-radius: var(--radius-md);
+            box-shadow: var(--shadow-soft);
+            backdrop-filter: blur(10px);
+            border: 1px solid hsla(var(--primary), 0.1);
+            transform: translateY(0);
+            transition: transform 0.3s cubic-bezier(0.34, 1.56, 0.64, 1), box-shadow 0.3s ease;
+        }
+
+        .auth-card:hover {
+            transform: translateY(-5px);
+            box-shadow: var(--shadow-hover);
+        }
+
+        h1 {
+            font-size: 2.5rem;
+            font-weight: 700;
+            margin-bottom: 0.5rem;
+            background: linear-gradient(135deg, hsl(var(--primary)), hsl(260 80% 60%));
+            -webkit-background-clip: text;
+            -webkit-text-fill-color: transparent;
+            letter-spacing: -0.03em;
+        }
+
+        p.subtitle {
+            font-size: 1.1rem;
+            color: hsl(var(--text-secondary));
+            margin-bottom: 2rem;
+            line-height: 1.5;
+        }
+
+        /* User Profile State */
+        .profile-view {
+            display: none; /* Hidden by default */
+            flex-direction: column;
+            align-items: center;
+            gap: 1rem;
+            animation: fadeIn 0.5s ease;
+        }
+
+        .profile-pic {
+            width: 80px;
+            height: 80px;
+            border-radius: 50%;
+            object-fit: cover;
+            border: 3px solid hsl(var(--primary));
+            margin-bottom: 0.5rem;
+            box-shadow: 0 4px 12px hsla(var(--primary), 0.3);
+        }
+
+        .welcome-text {
+            font-size: 1.5rem;
+            font-weight: 600;
+        }
+        
+        .status-badge {
+            background-color: hsla(var(--success), 0.1);
+            color: hsl(var(--success));
+            padding: 6px 16px;
+            border-radius: 20px;
+            font-size: 0.85rem;
+            font-weight: 600;
+            display: inline-flex;
+            align-items: center;
+            gap: 6px;
+        }
+        
+        .status-badge::before {
+            content: '';
+            width: 8px;
+            height: 8px;
+            background-color: currentColor;
+            border-radius: 50%;
+            display: inline-block;
+        }
+
+        /* Buttons */
+        .btn {
+            display: inline-block;
+            text-decoration: none;
+            padding: 14px 28px;
+            border-radius: var(--radius-sm);
+            font-weight: 600;
+            font-size: 1rem;
+            transition: all 0.2s ease;
+            cursor: pointer;
+            border: none;
+            width: 100%;
+        }
+
+        .btn-primary {
+            background-color: hsl(var(--primary));
+            color: white;
+            box-shadow: 0 4px 12px hsla(var(--primary), 0.4);
+        }
+
+        .btn-primary:hover {
+            background-color: hsl(var(--primary-dark));
+            transform: translateY(-2px);
+            box-shadow: 0 8px 16px hsla(var(--primary), 0.5);
+        }
+
+        .btn-secondary {
+            background-color: hsla(var(--text-main), 0.05);
+            color: hsl(var(--text-main));
+            margin-top: 1rem;
+        }
+
+        .btn-secondary:hover {
+            background-color: hsla(var(--text-main), 0.1);
+        }
+        
+        /* Loading/Guest State */
+        .guest-view {
+            display: none;
+            animation: fadeIn 0.5s ease;
+        }
+        
+        /* Testing Controls Styles */
+        .btn-sm {
+            padding: 6px 12px;
+            border-radius: 6px;
+            border: 1px solid #ddd;
+            background: white;
+            cursor: pointer;
+            font-size: 0.9rem;
+            transition: all 0.2s;
+            color: #333;
+        }
+        .btn-sm:hover {
+            background: #f9fafb;
+            border-color: #ccc;
+        }
+        .section-title { font-size: 1rem; color: hsl(var(--text-main)); font-weight: 600; margin-top: 1.5rem; text-align: left; }
+        .input-field { width: 100%; padding: 8px; border-radius: 6px; border: 1px solid #ddd; margin-bottom: 0.5rem; }
+
+        @keyframes fadeIn {
+            from { opacity: 0; transform: translateY(10px); }
+            to { opacity: 1; transform: translateY(0); }
+        }
+    </style>
+</head>
+<body>
+    <div class="bg-orb"></div>
+    <div class="container">
+        <div class="auth-card">
+            <h1>Instaserve</h1>
+            
+            <!-- Guest View -->
+            <div id="guest-view" class="guest-view">
+                <p class="subtitle">Secure, fast, and instant web stack.<br>Sign in to access your dashboard.</p>
+                <a href="/login" class="btn btn-primary">Sign In with Auth0</a>
+                <div style="margin-top: 1.5rem; font-size: 0.9rem; color: hsl(var(--text-secondary));">
+                    Powered by Node.js & SQLite
+                </div>
+            </div>
+
+            <!-- Profile View -->
+            <div id="profile-view" class="profile-view">
+                <img id="user-pic" src="" alt="Profile Picture" class="profile-pic">
+                <div class="welcome-text">Hi, <span id="user-name">User</span>!</div>
+                <div class="status-badge">Authenticated</div>
+                
+                <!-- Testing Controls -->
+                <div style="width: 100%; text-align: left; margin-top: 0.5rem; border-top: 1px solid hsla(var(--text-main), 0.1); padding-top: 1rem;">
+                    <h3 class="section-title">SQLite KV Store</h3>
+                    <div style="display: flex; gap: 0.5rem; margin-top: 0.5rem;">
+                        <input type="text" id="kv-key" placeholder="Key" style="flex: 1; padding: 8px; border-radius: 6px; border: 1px solid #ddd;">
+                        <input type="text" id="kv-value" placeholder="Value" style="flex: 1; padding: 8px; border-radius: 6px; border: 1px solid #ddd;">
+                    </div>
+                    <div style="display: flex; gap: 0.5rem; margin-top: 0.5rem; flex-wrap: wrap;">
+                        <button onclick="api('POST', '/api', { key: val('kv-key'), value: val('kv-value') })" class="btn-sm">Set</button>
+                        <button onclick="api('GET', '/api?key=' + val('kv-key'))" class="btn-sm">Get</button>
+                        <button onclick="api('DELETE', '/api', { key: val('kv-key') })" class="btn-sm">Delete</button>
+                        <button onclick="api('GET', '/all')" class="btn-sm">List All</button>
+                    </div>
+
+                    <h3 class="section-title">R2 Storage</h3>
+                    <div style="margin-top: 0.5rem;">
+                        <input type="text" id="r2-bucket" placeholder="Bucket Name (Optional)" class="input-field">
+                        <input type="file" id="r2-file" style="margin-bottom: 0.5rem; width: 100%;">
+                        <div style="display: flex; gap: 0.5rem;">
+                            <button onclick="uploadFile()" class="btn-sm">Upload File</button>
+                            <button onclick="listFiles()" class="btn-sm">List Files</button>
+                        </div>
+                    </div>
+
+                    <div id="output" style="margin-top: 1rem; background: #f3f4f6; padding: 10px; border-radius: 6px; font-family: monospace; font-size: 0.85rem; min-height: 60px; max-height: 200px; overflow-y: auto; white-space: pre-wrap; word-break: break-all; color: #333;">Result output...</div>
+                </div>
+
+                <a href="/logout" class="btn btn-secondary" onclick="localStorage.clear()" style="margin-top: 1.5rem;">Sign Out</a>
+            </div>
+
+        </div>
+    </div>
+
+    <script>
+        // Check for user session in localStorage (set by auth0.js callback)
+        document.addEventListener('DOMContentLoaded', () => {
+            const name = localStorage.getItem('name');
+            const pic = localStorage.getItem('pic');
+            
+            if (name) {
+                // User is logged in
+                document.getElementById('profile-view').style.display = 'flex';
+                document.getElementById('user-name').textContent = name;
+                if (pic) {
+                    document.getElementById('user-pic').src = pic;
+                }
+            } else {
+                // User is guest
+                document.getElementById('guest-view').style.display = 'block';
+            }
+        });
+
+        const val = (id) => document.getElementById(id).value;
+        const log = (data) => document.getElementById('output').textContent = typeof data === 'object' ? JSON.stringify(data, null, 2) : data;
+
+        async function api(method, url, body) {
+            try {
+                const opts = { method };
+                if (body && method !== 'GET') {
+                    opts.headers = { 'Content-Type': 'application/json' };
+                    opts.body = JSON.stringify(body);
+                }
+                const res = await fetch(url, opts);
+                // Try parsing JSON, fallback to text if fail or empty
+                const text = await res.text();
+                try {
+                    log(JSON.parse(text));
+                } catch {
+                    log(text || 'OK');
+                }
+            } catch (e) {
+                log('Error: ' + e.message);
+            }
+        }
+
+        async function uploadFile() {
+            const bucket = val('r2-bucket');
+            const fileInput = document.getElementById('r2-file');
+            const file = fileInput.files[0];
+            if (!file) return log('Please select a file.');
+
+            const reader = new FileReader();
+            reader.onload = async () => {
+                const base64 = reader.result.split(',')[1];
+                await api('POST', '/upload', {
+                    bucket,
+                    key: file.name,
+                    body: base64,
+                    contentType: file.type
+                });
+            };
+            reader.readAsDataURL(file);
+        }
+
+        async function listFiles() {
+            const bucket = val('r2-bucket');
+
+            await api('POST', '/files', { bucket });
+        }
+    </script>
+</body>
+</html>

package/routes.js

@@ -0,0 +1,57 @@
+export default {
+  // Middleware functions (prefixed with _) run on every request
+  // Return false to continue processing, or a value to use as response
+
+  // Example: Log all requests
+  _log: (req, res, data) => {
+    console.log(`${req.method} ${req.url}`)
+    return false // Continue to next middleware or route
+  },
+
+  // Example: Basic authentication (commented out)
+  // _auth: (req, res, data) => {
+  //     if (!data.token) {
+  //         res.writeHead(401)
+  //         return 'Unauthorized'
+  //     }
+  //     return false // Continue if authorized
+  // },
+
+  // Regular route handlers
+  hello: async (req, res, data) => {
+    await new Promise(r => setTimeout(r, 2000));
+    res.setHeader('some', 'head')
+    return { message: 'Hello World' }
+  },
+
+  api: (req, res, data) => {
+    return { message: 'API endpoint', data }
+  },
+
+  example429: (req, res, data) => {
+    return 429; // This will return a status code 429
+  },
+
+  "POST /examplepost": (req, res, data) => {
+    return { message: 'Example POST endpoint', data }
+  },
+
+  "GET /sse": (req, res, data) => {
+    res.writeHead(200, {
+      'Content-Type': 'text/event-stream',
+      'Cache-Control': 'no-cache',
+      'Connection': 'keep-alive'
+    })
+    var x = 3;
+    const interval = setInterval(() => {
+      if (x <= 0) {
+        clearInterval(interval)
+        res.end()
+        return
+      }
+      res.write(`data: Hello World ${x}\n\n`)
+      x--
+    }, 1000)
+    return "SSE"
+  },
+}

package/test_api.sh

@@ -139,6 +139,65 @@ else
   echo "  ❌ FAIL: $RESPONSE"
 fi
 
+# File API Tests
+TEST_FILE_KEY="test_file.txt"
+TEST_FILE_CONTENT="Hello R2 File Test"
+# Use base64 without newlines
+TEST_FILE_B64=$(echo -n "$TEST_FILE_CONTENT" | base64 | tr -d '\n')
+
+echo ""
+echo "--- File API Tests ---"
+
+# Test 5.1: Upload File
+echo "- Testing POST /upload..."
+RESPONSE=$(curl -k -s -X POST "$BASE_URL/upload" \
+  -H "Cookie: token=$TEST_TOKEN" \
+  -H "Content-Type: application/json" \
+  -d "{\"key\": \"$TEST_FILE_KEY\", \"body\": \"$TEST_FILE_B64\", \"contentType\": \"text/plain\"}")
+
+if [[ "$RESPONSE" == *"true"* ]]; then
+  echo "  ✅ PASS"
+else
+  echo "  ❌ FAIL: $RESPONSE"
+fi
+
+# Test 5.2: Download File
+echo "- Testing GET /download..."
+RESPONSE=$(curl -k -s "$BASE_URL/download?key=$TEST_FILE_KEY" \
+  -H "Cookie: token=$TEST_TOKEN")
+
+if [[ "$RESPONSE" == *"$TEST_FILE_CONTENT"* ]]; then
+  echo "  ✅ PASS: Content matches"
+else
+  echo "  ❌ FAIL: Content mismatch or error. Got: $RESPONSE"
+fi
+
+# Test 5.3: List Files
+echo "- Testing POST /files (List)..."
+RESPONSE=$(curl -k -s -X POST "$BASE_URL/files" \
+  -H "Cookie: token=$TEST_TOKEN" \
+  -H "Content-Type: application/json" \
+  -d "{}")
+
+if [[ "$RESPONSE" == *"$TEST_FILE_KEY"* ]]; then
+  echo "  ✅ PASS: Found file in list"
+else
+  echo "  ❌ FAIL: $RESPONSE"
+fi
+
+# Test 5.4: Delete File
+echo "- Testing POST /delete..."
+RESPONSE=$(curl -k -s -X POST "$BASE_URL/delete" \
+  -H "Cookie: token=$TEST_TOKEN" \
+  -H "Content-Type: application/json" \
+  -d "{\"key\": \"$TEST_FILE_KEY\"}")
+
+if [[ "$RESPONSE" == *"true"* ]]; then
+  echo "  ✅ PASS"
+else
+  echo "  ❌ FAIL: $RESPONSE"
+fi
+
 # 7. Test Login Redirect
 echo "- Testing GET /login (Expect 302 Redirect to Auth0)..."
 LOGIN_HTTP_CODE=$(curl -k -s -o /dev/null -w "%{http_code}" "$BASE_URL/login")