instaserve 1.1.8 → 1.1.10

package/instaserve

@@ -3,7 +3,7 @@
 import chalk from 'chalk'
 import fs from 'node:fs'
 import path from 'node:path'
-import { pathToFileURL } from 'node:url'
+import { pathToFileURL, fileURLToPath } from 'node:url'
 
 console.log(chalk.cyan('\nInstaserve - Instant Web Stack\n'))
 console.log(chalk.yellow('Usage:'))
@@ -20,20 +20,20 @@ console.log(chalk.green('  -secure') + '           Enable HTTPS (requires cert.p
 console.log(chalk.green('  -help') + '             Show this help message\n')
 
 if (process.argv.includes('-help')) {
-    process.exit(0)
+  process.exit(0)
 }
 
 const args = process.argv.slice(2)
 
 // Handle generate-routes command
 if (args[0] === 'generate-routes') {
-    const routesFile = path.resolve(process.cwd(), './routes.js')
-    if (fs.existsSync(routesFile)) {
-        console.error(chalk.red(`Error: routes.js already exists`))
-        process.exit(1)
-    }
-    
-    const sampleRoutes = `export default {
+  const routesFile = path.resolve(process.cwd(), './routes.js')
+  if (fs.existsSync(routesFile)) {
+    console.error(chalk.red(`Error: routes.js already exists`))
+    process.exit(1)
+  }
+
+  const sampleRoutes = `export default {
     // Middleware functions (prefixed with _) run on every request
     // Return false to continue processing, or a value to use as response
     
@@ -71,27 +71,41 @@ if (args[0] === 'generate-routes') {
     }
 }
 `
-    
-    fs.writeFileSync(routesFile, sampleRoutes)
-    console.log(chalk.green(`✓ Created routes.js`))
-    process.exit(0)
+
+  fs.writeFileSync(routesFile, sampleRoutes)
+  console.log(chalk.green(`✓ Created routes.js`))
+
+  const __dirname = path.dirname(fileURLToPath(import.meta.url))
+  const sourceLib = path.join(__dirname, 'lib')
+
+  if (fs.existsSync(sourceLib)) {
+    const destLib = path.join(process.cwd(), 'lib')
+    if (!fs.existsSync(destLib)) {
+      fs.cpSync(sourceLib, destLib, { recursive: true })
+      console.log(chalk.green(`✓ Created lib/`))
+    } else {
+      console.log(chalk.yellow(`! lib/ directory already exists, skipping copy`))
+    }
+  }
+
+  process.exit(0)
 }
 
 import server from './module.mjs'
 
 const params = {}
 for (let i = 0; i < args.length; i++) {
-    const arg = args[i]
-    if (arg.startsWith('-')) {
-        const key = arg.slice(1)
-        const nextArg = args[i + 1]
-        if (nextArg && !nextArg.startsWith('-')) {
-            params[key] = nextArg
-            i++ // Skip the next argument since we used it
-        } else {
-            params[key] = true // Boolean flag
-        }
+  const arg = args[i]
+  if (arg.startsWith('-')) {
+    const key = arg.slice(1)
+    const nextArg = args[i + 1]
+    if (nextArg && !nextArg.startsWith('-')) {
+      params[key] = nextArg
+      i++ // Skip the next argument since we used it
+    } else {
+      params[key] = true // Boolean flag
     }
+  }
 }
 
 // Load routes file
@@ -101,37 +115,37 @@ const routesFileParam = params.api || './routes.js'
 const routesFileSpecified = !!params.api
 
 // Resolve to absolute path from current working directory
-const routesFile = path.isAbsolute(routesFileParam) 
-    ? routesFileParam 
-    : path.resolve(process.cwd(), routesFileParam)
+const routesFile = path.isAbsolute(routesFileParam)
+  ? routesFileParam
+  : path.resolve(process.cwd(), routesFileParam)
 
 if (routesFileSpecified && !fs.existsSync(routesFile)) {
-    console.error(chalk.red(`Error: Routes file "${routesFileParam}" does not exist`))
-    process.exit(1)
+  console.error(chalk.red(`Error: Routes file "${routesFileParam}" does not exist`))
+  process.exit(1)
 }
 
 if (fs.existsSync(routesFile)) {
-    try {
-        const routesFileURL = pathToFileURL(routesFile).href
-        const imported = await import(routesFileURL)
-        routes = imported.default || imported
-        
-        if (!routes || typeof routes !== 'object' || Array.isArray(routes)) {
-            console.error(chalk.red(`Error: Routes file "${routesFileParam}" must export a default object`))
-            process.exit(1)
-        }
-        
-        for (const [key, handler] of Object.entries(routes)) {
-            if (typeof handler !== 'function') {
-                console.error(chalk.red(`Error: Route "${key}" in "${routesFileParam}" must be a function`))
-                process.exit(1)
-            }
-        }
-        routesFilePath = routesFile
-    } catch (e) {
-        console.error(chalk.red(`Error: Could not load routes file "${routesFileParam}": ${e.message}`))
+  try {
+    const routesFileURL = pathToFileURL(routesFile).href
+    const imported = await import(routesFileURL)
+    routes = imported.default || imported
+
+    if (!routes || typeof routes !== 'object' || Array.isArray(routes)) {
+      console.error(chalk.red(`Error: Routes file "${routesFileParam}" must export a default object`))
+      process.exit(1)
+    }
+
+    for (const [key, handler] of Object.entries(routes)) {
+      if (typeof handler !== 'function') {
+        console.error(chalk.red(`Error: Route "${key}" in "${routesFileParam}" must be a function`))
         process.exit(1)
+      }
     }
+    routesFilePath = routesFile
+  } catch (e) {
+    console.error(chalk.red(`Error: Could not load routes file "${routesFileParam}": ${e.message}`))
+    process.exit(1)
+  }
 }
 
 server(routes, params.port ? parseInt(params.port) : undefined, params.ip, routesFilePath) 

package/lib/auth0.js

@@ -0,0 +1,45 @@
+export default {
+  "GET /login": (req, res) => {
+    const REDIRECT_URI = "https://${req.headers.host}/callback";
+    const state = crypto.randomBytes(16).toString("hex");
+    global.a0state = state;
+    const url = `https://${secrets.auth0_domain}/authorize?response_type=code&client_id=${secrets.auth0_clientid}&redirect_uri=${encodeURIComponent(REDIRECT_URI)}&scope=openid%20profile%20email&state=${encodeURIComponent(state)}`;
+    res.writeHead(302, { Location: url });
+    res.end();
+  },
+  "GET /logout": (req, res, data) => {
+    const token = req.headers.cookie?.match(/token=([^;]+)/)?.[1];
+    console.log(`logout: ${token}`);
+    if (token) {
+      global.sqlite.prepare("UPDATE users SET token = NULL WHERE token = ?").run(token);
+    }
+    res.setHeader("Set-Cookie", "token=; Path=/; HttpOnly; Secure; SameSite=Lax");
+    res.writeHead(302, { Location: "/" });
+    res.end();
+  },
+  "GET /callback": async (req, res, data) => {
+    const REDIRECT_URI = "https://${req.headers.host}/callback";
+    const tokenRes = await fetch("https://digplan.auth0.com/oauth/token", {
+      method: "POST",
+      headers: { "content-type": "application/json" },
+      body: JSON.stringify({
+        grant_type: "authorization_code",
+        client_id: secrets.auth0_clientid,
+        client_secret: secrets.auth0_clientsecret,
+        code: data.code,
+        redirect_uri: REDIRECT_URI
+      }),
+    })
+    const tokens = await tokenRes.json();
+    // decrypt token
+    const id_token = tokens.id_token;
+    const payload = JSON.parse(Buffer.from(id_token.split('.')[1], 'base64').toString());
+    const auth_token = crypto.randomBytes(32).toString("hex");
+    sqlite.prepare("INSERT INTO users (id, username, token) VALUES (?, ?, ?) ON CONFLICT DO UPDATE SET token = ?, name = ?, picture = ?")
+      .run(payload.email, payload.name, auth_token, auth_token, payload.name, payload.picture);
+    res.setHeader("Set-Cookie", `username=${payload.email}; Path=/;`);
+    res.setHeader("Set-Cookie", `name=${payload.name}; Path=/;`);
+    res.setHeader("Set-Cookie", `token=${auth_token}; Path=/;`);
+    return `<script>localStorage.setItem('name', '${payload.name}');localStorage.setItem('pic', '${payload.picture}');window.location.href = '/';</script>`;
+  }
+}

package/lib/r2.js

@@ -0,0 +1,217 @@
+import https from 'https';
+import crypto from 'crypto';
+import { URL } from 'url';
+
+// --- Core SigV4 Utilities ---
+
+const hashSHA256 = (str) => crypto.createHash('sha256').update(str).digest('hex');
+const hmacSHA256 = (key, str) => crypto.createHmac('sha256', key).update(str).digest();
+
+/**
+ * FINAL FIX: Strict S3 encoding for the Object Key (Canonical URI Path).
+ * This function encodes all necessary characters (including spaces as %20)
+ * but preserves the path separator ('/'). It also ensures hex codes are uppercase,
+ * which is critical for signature matching in some S3 implementations.
+ */
+const encodePath = (path) => {
+  // 1. Encode all path components fully
+  const segments = path.split('/').map(segment => encodeURIComponent(segment));
+
+  // 2. Join the segments back with unencoded slashes
+  const encodedPath = segments.join('/');
+
+  // 3. Normalize: replace common encoding issues with uppercase hex for consistency
+  // S3 requires these replacements for canonical request:
+  return encodedPath.replace(/[!'()*]/g, function (c) {
+    return '%' + c.charCodeAt(0).toString(16).toUpperCase();
+  });
+};
+
+
+/**
+ * Creates SigV4 signed request components for Cloudflare R2 (S3-compatible).
+ */
+function signR2(method, bucket, key, body, accessKeyId, secretAccessKey, accountId, queryString = '') {
+  const service = 's3', region = 'auto';
+  const now = new Date();
+  const dateStamp = now.toISOString().slice(0, 10).replace(/-/g, '');
+
+  // Date format (YYYYMMDDTHHMMSSZ)
+  const amzDate = now.toISOString().substring(0, 19).replace(/[:-]/g, '') + 'Z';
+
+  // 1. Canonical URI - Uses the final, strict encodePath
+  const objectPath = key ? encodePath(key) : '';
+  const canonicalUri = `/${bucket}${objectPath ? '/' + objectPath : ''}`;
+
+  // 2. Canonical Query String (Encoded, Sorted)
+  const canonicalQuerystring = queryString ? queryString.split('&')
+    .map(p => {
+      const [k, v = ''] = p.split('=');
+      // Decode then re-encode to prevent double encoding
+      return {
+        k: encodeURIComponent(decodeURIComponent(k)),
+        v: encodeURIComponent(decodeURIComponent(v))
+      };
+    })
+    .sort((a, b) => a.k.localeCompare(b.k) || a.v.localeCompare(b.v))
+    .map(p => `${p.k}=${p.v}`).join('&') : '';
+
+  // 3. Headers & Payload
+  const host = `${accountId}.r2.cloudflarestorage.com`;
+  const payloadHash = ['GET', 'DELETE'].includes(method) ? 'UNSIGNED-PAYLOAD' : hashSHA256(body ?? '');
+  const signedHeaders = 'host;x-amz-content-sha256;x-amz-date';
+  const canonicalHeaders = `host:${host}\nx-amz-content-sha256:${payloadHash}\nx-amz-date:${amzDate}\n`;
+
+  // 4. Canonical Request
+  const canonicalRequest = [method, canonicalUri, canonicalQuerystring, canonicalHeaders, signedHeaders, payloadHash].join('\n');
+
+  // 5. String to Sign & 6. Signature (Key Derivation)
+  const credentialScope = `${dateStamp}/${region}/${service}/aws4_request`;
+  const stringToSign = ['AWS4-HMAC-SHA256', amzDate, credentialScope, hashSHA256(canonicalRequest)].join('\n');
+
+  // Key derivation condensed
+  const kSigning = hmacSHA256(
+    hmacSHA256(hmacSHA256(hmacSHA256(Buffer.from('AWS4' + secretAccessKey, 'utf8'), dateStamp), region), service),
+    'aws4_request'
+  );
+  const signature = crypto.createHmac('sha256', kSigning).update(stringToSign).digest('hex');
+
+  // 7. Authorization Header & Final Request Prep
+  const authorization = `AWS4-HMAC-SHA256 Credential=${accessKeyId}/${credentialScope}, SignedHeaders=${signedHeaders}, Signature=${signature}`;
+
+  // The URL must also use the same, correctly encoded objectPath
+  const url = `https://${host}${canonicalUri}${canonicalQuerystring ? '?' + canonicalQuerystring : ''}`;
+
+  const headers = {
+    Host: host, 'x-amz-date': amzDate, 'x-amz-content-sha256': payloadHash, Authorization: authorization
+  };
+
+  if (body !== null && typeof body !== 'undefined') {
+    headers['Content-Length'] = Buffer.isBuffer(body) ? body.length : Buffer.byteLength(body);
+  }
+
+  return { url, headers, body, method };
+}
+
+// ---- R2 request helper ----
+function requestR2({ method, url, headers, body }) {
+  return new Promise((resolve, reject) => {
+    const { hostname, pathname, search } = new URL(url);
+    const req = https.request({ hostname, port: 443, path: pathname + (search || ''), method, headers }, res => {
+      const chunks = [];
+      res.on('data', c => chunks.push(c));
+      res.on('end', () => {
+        const data = Buffer.concat(chunks).toString();
+        if (res.statusCode >= 200 && res.statusCode < 308) {
+          resolve(data);
+        } else {
+          reject(new Error(`R2 request failed: Status ${res.statusCode} ${res.statusMessage}. Body: ${data.substring(0, 300)}`));
+        }
+      });
+    });
+    req.on('error', reject);
+    if (body) req.write(body);
+    req.end();
+  });
+}
+
+// --- API Helpers ---
+
+const getSecrets = ({ cloudflareAccessKeyId, cloudflareSecretAccessKey, cloudflareAccountId }) => (
+  [cloudflareAccessKeyId, cloudflareSecretAccessKey, cloudflareAccountId]
+);
+
+async function uploadToR2(bucket, key, body, contentType, secrets) {
+  if (!body) body = Buffer.alloc(0);
+  const signed = signR2('PUT', bucket, key, body, ...getSecrets(secrets));
+  signed.headers['Content-Type'] = contentType || 'application/octet-stream';
+  await requestR2(signed);
+  return { success: true };
+}
+
+async function downloadFromR2(bucket, key, secrets) {
+  const signed = signR2('GET', bucket, key, null, ...getSecrets(secrets));
+  const { hostname, pathname, search } = new URL(signed.url);
+
+  return new Promise((resolve, reject) => {
+    const req = https.request({
+      hostname,
+      port: 443,
+      path: pathname + (search || ''),
+      method: 'GET',
+      headers: signed.headers
+    }, res => {
+      if (res.statusCode >= 200 && res.statusCode < 308) {
+        resolve(res);
+      } else {
+        let errorData = '';
+        res.on('data', chunk => errorData += chunk);
+        res.on('end', () => {
+          reject(new Error(`Download failed: ${res.statusCode} ${errorData.substring(0, 200)}`));
+        });
+      }
+    });
+    req.on('error', reject);
+    req.end();
+  });
+}
+
+async function deleteFromR2(bucket, key, secrets) {
+  await requestR2(signR2('DELETE', bucket, key, null, ...getSecrets(secrets)));
+  return { success: true };
+}
+
+async function listR2Files(bucket, prefix, secrets) {
+  const qs = prefix ? `list-type=2&prefix=${encodeURIComponent(prefix)}` : 'list-type=2';
+
+  const data = await requestR2(signR2('GET', bucket, '', null, ...getSecrets(secrets), qs));
+
+  const keys = [...data.matchAll(/<Key>(.*?)<\/Key>/g)].map(([, k]) => k);
+  const sizes = [...data.matchAll(/<Size>(\d+)<\/Size>/g)].map(([, s]) => parseInt(s, 10));
+  const mods = [...data.matchAll(/<LastModified>(.*?)<\/LastModified>/g)].map(([, m]) => m);
+
+  return keys.map((k, i) => ({ key: k, size: sizes[i] || 0, lastModified: mods[i] || '' }));
+}
+
+function getSignedDownloadUrl(bucket, key, secrets) {
+  return signR2('GET', bucket, key, null, ...getSecrets(secrets)).url;
+}
+
+export const fileRoutes = {
+  upload: async (req, res, data) => {
+    try {
+      let body = data.body;
+      if (typeof body === 'string') {
+        body = Buffer.from(body, 'base64');
+      } else if (body) {
+        body = Buffer.from(body);
+      } else {
+        body = Buffer.alloc(0);
+      }
+      return await uploadToR2(data.bucket, data.key, body, data.contentType, data.secrets);
+    } catch (e) { return { error: e.message }; }
+  },
+  download: async (req, res, data) => {
+    try {
+      return await downloadFromR2(data.bucket, data.key, data.secrets);
+    } catch (e) { return { error: e.message }; }
+  },
+  delete: async (req, res, data) => {
+    try {
+      return await deleteFromR2(data.bucket, data.key, data.secrets);
+    } catch (e) { return { error: e.message }; }
+  },
+  "POST /files": async (req, res, data) => {
+    try {
+      return await listR2Files(data.bucket, data.prefix, data.secrets);
+    } catch (e) { return { error: e.message }; }
+  }
+};
+
+export {
+  uploadToR2,
+  downloadFromR2,
+  deleteFromR2,
+  listR2Files,
+  getSignedDownloadUrl
+};

package/lib/sqlite.js

@@ -0,0 +1,39 @@
+import Database from "better-sqlite3";
+import { fileRoutes } from "./lib/file-routes.js";
+import secrets from "./secrets.js";
+import crypto from "crypto";
+
+// Initialize database
+global.sqlite = new Database("data.db");
+sqlite.prepare("CREATE TABLE IF NOT EXISTS users (id TEXT PRIMARY KEY, username TEXT, pass TEXT, token TEXT, picture TEXT, name TEXT, email TEXT)").run();
+sqlite.prepare("CREATE TABLE IF NOT EXISTS kv (key TEXT PRIMARY KEY, value TEXT)").run();
+
+// Combine all routes
+export default {
+  _auth: (req, res, data) => {
+    if (req.url.match(/js|html|css/)) return;
+    if (req.url == "/") return 401;
+    if (req.url.startsWith("/register") || req.url.startsWith("/login")) return;
+
+    const token = req.headers.cookie?.split('token=')[1].split(';')[0];
+    if (!token) { return 401; }
+    const user = sqlite.prepare("SELECT * FROM users WHERE token = ?").get(token);
+    if (!user) return 401;
+    req.user = user.username;
+  },
+  "POST /api": (req, res, data) => {
+    sqlite.prepare("INSERT OR REPLACE INTO kv (key, value) VALUES (?, ?)").run(req.user + ":" + data.key, data.value);
+    return sqlite.prepare("SELECT substr(key, instr(key, ':') + 1) AS key, value FROM kv WHERE key = ?").get(req.user + ":" + data.key);
+  },
+  "GET /api": (req, res, data) => {
+    return sqlite.prepare("SELECT substr(key, instr(key, ':') + 1) AS key, value FROM kv WHERE key = ?").get(req.user + ":" + data.key) || {};
+  },
+  "GET /all": (req, res, data) => {
+    const rows = sqlite.prepare("SELECT substr(key, instr(key, ':') + 1) AS key, value FROM kv WHERE key LIKE ?").all(req.user + ":%");
+    return rows || [];
+  },
+  "DELETE /api": (req, res, data) => {
+    sqlite.prepare("DELETE FROM kv WHERE key = ?").run(req.user + ":" + data.key);
+    return { deleted: true, key: data.key };
+  }
+};

package/module.mjs

@@ -62,7 +62,9 @@ export default async function (routes, port = params.port || 3000, ip = params.i
         s.writeHead(result)
         s.end()
       } else {
-        s.end(typeof result === 'string' ? result : JSON.stringify(result))
+        if (result != "SSE") {
+          s.end(typeof result === 'string' ? result : JSON.stringify(result))
+        }
       }
     }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "instaserve",
-  "version": "1.1.8",
+  "version": "1.1.10",
   "description": "Instant web stack",
   "main": "module.mjs",
   "bin": "./instaserve",
@@ -9,6 +9,7 @@
   },
   "type": "module",
   "dependencies": {
-    "chalk": "^5.6.2"
+    "chalk": "^5.6.2",
+    "instaserve": "^1.1.9"
   }
-}
+}

package/test.js

@@ -1,28 +0,0 @@
-export default {
-    // Middleware functions (prefixed with _) run on every request
-    // Return false to continue processing, or a value to use as response
-    
-    // Example: Log all requests
-    _log: (req, res, data) => {
-        console.log(`${req.method} ${req.url}`)
-        return false // Continue to next middleware or route
-    },
-
-    // Example: Basic authentication (commented out)
-    // _auth: (req, res, data) => {
-    //     if (!data.token) {
-    //         res.writeHead(401)
-    //         return 'Unauthorized'
-    //     }
-    //     return false // Continue if authorized
-    // },
-
-    // Regular route handlers
-    hello: (req, res, data) => {
-        return { message: 'Hello World' }
-    },
-
-    api: (req, res, data) => {
-        return { message: 'API endpoint', data }
-    }
-}