npm - instaserve - Versions diffs - 1.1.9 → 1.1.11 - Mend

instaserve 1.1.9 → 1.1.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/instaserve CHANGED Viewed

@@ -3,7 +3,7 @@
 import chalk from 'chalk'
 import fs from 'node:fs'
 import path from 'node:path'
-import { pathToFileURL } from 'node:url'
+import { pathToFileURL, fileURLToPath } from 'node:url'
 console.log(chalk.cyan('\nInstaserve - Instant Web Stack\n'))
 console.log(chalk.yellow('Usage:'))
@@ -20,20 +20,20 @@ console.log(chalk.green('  -secure') + '           Enable HTTPS (requires cert.p
 console.log(chalk.green('  -help') + '             Show this help message\n')
 if (process.argv.includes('-help')) {
-    process.exit(0)
+  process.exit(0)
 }
 const args = process.argv.slice(2)
 // Handle generate-routes command
 if (args[0] === 'generate-routes') {
-    const routesFile = path.resolve(process.cwd(), './routes.js')
-    if (fs.existsSync(routesFile)) {
-        console.error(chalk.red(`Error: routes.js already exists`))
-        process.exit(1)
-    }
-    const sampleRoutes = `export default {
+  const routesFile = path.resolve(process.cwd(), './routes.js')
+  if (fs.existsSync(routesFile)) {
+    console.error(chalk.red(`Error: routes.js already exists`))
+    process.exit(1)
+  }
+  const sampleRoutes = `export default {
     // Middleware functions (prefixed with _) run on every request
     // Return false to continue processing, or a value to use as response
@@ -71,27 +71,41 @@ if (args[0] === 'generate-routes') {
     }
 }
 `
-    fs.writeFileSync(routesFile, sampleRoutes)
-    console.log(chalk.green(`✓ Created routes.js`))
-    process.exit(0)
+  fs.writeFileSync(routesFile, sampleRoutes)
+  console.log(chalk.green(`✓ Created routes.js`))
+  const __dirname = path.dirname(fileURLToPath(import.meta.url))
+  const sourceLib = path.join(__dirname, 'lib')
+  if (fs.existsSync(sourceLib)) {
+    const destLib = path.join(process.cwd(), 'lib')
+    if (!fs.existsSync(destLib)) {
+      fs.cpSync(sourceLib, destLib, { recursive: true })
+      console.log(chalk.green(`✓ Created lib/`))
+    } else {
+      console.log(chalk.yellow(`! lib/ directory already exists, skipping copy`))
+    }
+  }
+  process.exit(0)
 }
 import server from './module.mjs'
 const params = {}
 for (let i = 0; i < args.length; i++) {
-    const arg = args[i]
-    if (arg.startsWith('-')) {
-        const key = arg.slice(1)
-        const nextArg = args[i + 1]
-        if (nextArg && !nextArg.startsWith('-')) {
-            params[key] = nextArg
-            i++ // Skip the next argument since we used it
-        } else {
-            params[key] = true // Boolean flag
-        }
+  const arg = args[i]
+  if (arg.startsWith('-')) {
+    const key = arg.slice(1)
+    const nextArg = args[i + 1]
+    if (nextArg && !nextArg.startsWith('-')) {
+      params[key] = nextArg
+      i++ // Skip the next argument since we used it
+    } else {
+      params[key] = true // Boolean flag
     }
+  }
 }
 // Load routes file
@@ -101,37 +115,37 @@ const routesFileParam = params.api || './routes.js'
 const routesFileSpecified = !!params.api
 // Resolve to absolute path from current working directory
-const routesFile = path.isAbsolute(routesFileParam)
-    ? routesFileParam
-    : path.resolve(process.cwd(), routesFileParam)
+const routesFile = path.isAbsolute(routesFileParam)
+  ? routesFileParam
+  : path.resolve(process.cwd(), routesFileParam)
 if (routesFileSpecified && !fs.existsSync(routesFile)) {
-    console.error(chalk.red(`Error: Routes file "${routesFileParam}" does not exist`))
-    process.exit(1)
+  console.error(chalk.red(`Error: Routes file "${routesFileParam}" does not exist`))
+  process.exit(1)
 }
 if (fs.existsSync(routesFile)) {
-    try {
-        const routesFileURL = pathToFileURL(routesFile).href
-        const imported = await import(routesFileURL)
-        routes = imported.default || imported
-        if (!routes || typeof routes !== 'object' || Array.isArray(routes)) {
-            console.error(chalk.red(`Error: Routes file "${routesFileParam}" must export a default object`))
-            process.exit(1)
-        }
-        for (const [key, handler] of Object.entries(routes)) {
-            if (typeof handler !== 'function') {
-                console.error(chalk.red(`Error: Route "${key}" in "${routesFileParam}" must be a function`))
-                process.exit(1)
-            }
-        }
-        routesFilePath = routesFile
-    } catch (e) {
-        console.error(chalk.red(`Error: Could not load routes file "${routesFileParam}": ${e.message}`))
+  try {
+    const routesFileURL = pathToFileURL(routesFile).href
+    const imported = await import(routesFileURL)
+    routes = imported.default || imported
+    if (!routes || typeof routes !== 'object' || Array.isArray(routes)) {
+      console.error(chalk.red(`Error: Routes file "${routesFileParam}" must export a default object`))
+      process.exit(1)
+    }
+    for (const [key, handler] of Object.entries(routes)) {
+      if (typeof handler !== 'function') {
+        console.error(chalk.red(`Error: Route "${key}" in "${routesFileParam}" must be a function`))
         process.exit(1)
+      }
     }
+    routesFilePath = routesFile
+  } catch (e) {
+    console.error(chalk.red(`Error: Could not load routes file "${routesFileParam}": ${e.message}`))
+    process.exit(1)
+  }
 }
 server(routes, params.port ? parseInt(params.port) : undefined, params.ip, routesFilePath)

package/lib/auth0.js ADDED Viewed

@@ -0,0 +1,45 @@
+export default {
+  "GET /login": (req, res) => {
+    const REDIRECT_URI = "https://${req.headers.host}/callback";
+    const state = crypto.randomBytes(16).toString("hex");
+    global.a0state = state;
+    const url = `https://${secrets.auth0_domain}/authorize?response_type=code&client_id=${secrets.auth0_clientid}&redirect_uri=${encodeURIComponent(REDIRECT_URI)}&scope=openid%20profile%20email&state=${encodeURIComponent(state)}`;
+    res.writeHead(302, { Location: url });
+    res.end();
+  },
+  "GET /logout": (req, res, data) => {
+    const token = req.headers.cookie?.match(/token=([^;]+)/)?.[1];
+    console.log(`logout: ${token}`);
+    if (token) {
+      global.sqlite.prepare("UPDATE users SET token = NULL WHERE token = ?").run(token);
+    }
+    res.setHeader("Set-Cookie", "token=; Path=/; HttpOnly; Secure; SameSite=Lax");
+    res.writeHead(302, { Location: "/" });
+    res.end();
+  },
+  "GET /callback": async (req, res, data) => {
+    const REDIRECT_URI = "https://${req.headers.host}/callback";
+    const tokenRes = await fetch("https://digplan.auth0.com/oauth/token", {
+      method: "POST",
+      headers: { "content-type": "application/json" },
+      body: JSON.stringify({
+        grant_type: "authorization_code",
+        client_id: secrets.auth0_clientid,
+        client_secret: secrets.auth0_clientsecret,
+        code: data.code,
+        redirect_uri: REDIRECT_URI
+      }),
+    })
+    const tokens = await tokenRes.json();
+    // decrypt token
+    const id_token = tokens.id_token;
+    const payload = JSON.parse(Buffer.from(id_token.split('.')[1], 'base64').toString());
+    const auth_token = crypto.randomBytes(32).toString("hex");
+    sqlite.prepare("INSERT INTO users (id, username, token) VALUES (?, ?, ?) ON CONFLICT DO UPDATE SET token = ?, name = ?, picture = ?")
+      .run(payload.email, payload.name, auth_token, auth_token, payload.name, payload.picture);
+    res.setHeader("Set-Cookie", `username=${payload.email}; Path=/;`);
+    res.setHeader("Set-Cookie", `name=${payload.name}; Path=/;`);
+    res.setHeader("Set-Cookie", `token=${auth_token}; Path=/;`);
+    return `<script>localStorage.setItem('name', '${payload.name}');localStorage.setItem('pic', '${payload.picture}');window.location.href = '/';</script>`;
+  }
+}

package/lib/r2.js ADDED Viewed

@@ -0,0 +1,217 @@
+import https from 'https';
+import crypto from 'crypto';
+import { URL } from 'url';
+// --- Core SigV4 Utilities ---
+const hashSHA256 = (str) => crypto.createHash('sha256').update(str).digest('hex');
+const hmacSHA256 = (key, str) => crypto.createHmac('sha256', key).update(str).digest();
+/**
+ * FINAL FIX: Strict S3 encoding for the Object Key (Canonical URI Path).
+ * This function encodes all necessary characters (including spaces as %20)
+ * but preserves the path separator ('/'). It also ensures hex codes are uppercase,
+ * which is critical for signature matching in some S3 implementations.
+ */
+const encodePath = (path) => {
+  // 1. Encode all path components fully
+  const segments = path.split('/').map(segment => encodeURIComponent(segment));
+  // 2. Join the segments back with unencoded slashes
+  const encodedPath = segments.join('/');
+  // 3. Normalize: replace common encoding issues with uppercase hex for consistency
+  // S3 requires these replacements for canonical request:
+  return encodedPath.replace(/[!'()*]/g, function (c) {
+    return '%' + c.charCodeAt(0).toString(16).toUpperCase();
+  });
+};
+/**
+ * Creates SigV4 signed request components for Cloudflare R2 (S3-compatible).
+ */
+function signR2(method, bucket, key, body, accessKeyId, secretAccessKey, accountId, queryString = '') {
+  const service = 's3', region = 'auto';
+  const now = new Date();
+  const dateStamp = now.toISOString().slice(0, 10).replace(/-/g, '');
+  // Date format (YYYYMMDDTHHMMSSZ)
+  const amzDate = now.toISOString().substring(0, 19).replace(/[:-]/g, '') + 'Z';
+  // 1. Canonical URI - Uses the final, strict encodePath
+  const objectPath = key ? encodePath(key) : '';
+  const canonicalUri = `/${bucket}${objectPath ? '/' + objectPath : ''}`;
+  // 2. Canonical Query String (Encoded, Sorted)
+  const canonicalQuerystring = queryString ? queryString.split('&')
+    .map(p => {
+      const [k, v = ''] = p.split('=');
+      // Decode then re-encode to prevent double encoding
+      return {
+        k: encodeURIComponent(decodeURIComponent(k)),
+        v: encodeURIComponent(decodeURIComponent(v))
+      };
+    })
+    .sort((a, b) => a.k.localeCompare(b.k) || a.v.localeCompare(b.v))
+    .map(p => `${p.k}=${p.v}`).join('&') : '';
+  // 3. Headers & Payload
+  const host = `${accountId}.r2.cloudflarestorage.com`;
+  const payloadHash = ['GET', 'DELETE'].includes(method) ? 'UNSIGNED-PAYLOAD' : hashSHA256(body ?? '');
+  const signedHeaders = 'host;x-amz-content-sha256;x-amz-date';
+  const canonicalHeaders = `host:${host}\nx-amz-content-sha256:${payloadHash}\nx-amz-date:${amzDate}\n`;
+  // 4. Canonical Request
+  const canonicalRequest = [method, canonicalUri, canonicalQuerystring, canonicalHeaders, signedHeaders, payloadHash].join('\n');
+  // 5. String to Sign & 6. Signature (Key Derivation)
+  const credentialScope = `${dateStamp}/${region}/${service}/aws4_request`;
+  const stringToSign = ['AWS4-HMAC-SHA256', amzDate, credentialScope, hashSHA256(canonicalRequest)].join('\n');
+  // Key derivation condensed
+  const kSigning = hmacSHA256(
+    hmacSHA256(hmacSHA256(hmacSHA256(Buffer.from('AWS4' + secretAccessKey, 'utf8'), dateStamp), region), service),
+    'aws4_request'
+  );
+  const signature = crypto.createHmac('sha256', kSigning).update(stringToSign).digest('hex');
+  // 7. Authorization Header & Final Request Prep
+  const authorization = `AWS4-HMAC-SHA256 Credential=${accessKeyId}/${credentialScope}, SignedHeaders=${signedHeaders}, Signature=${signature}`;
+  // The URL must also use the same, correctly encoded objectPath
+  const url = `https://${host}${canonicalUri}${canonicalQuerystring ? '?' + canonicalQuerystring : ''}`;
+  const headers = {
+    Host: host, 'x-amz-date': amzDate, 'x-amz-content-sha256': payloadHash, Authorization: authorization
+  };
+  if (body !== null && typeof body !== 'undefined') {
+    headers['Content-Length'] = Buffer.isBuffer(body) ? body.length : Buffer.byteLength(body);
+  }
+  return { url, headers, body, method };
+}
+// ---- R2 request helper ----
+function requestR2({ method, url, headers, body }) {
+  return new Promise((resolve, reject) => {
+    const { hostname, pathname, search } = new URL(url);
+    const req = https.request({ hostname, port: 443, path: pathname + (search || ''), method, headers }, res => {
+      const chunks = [];
+      res.on('data', c => chunks.push(c));
+      res.on('end', () => {
+        const data = Buffer.concat(chunks).toString();
+        if (res.statusCode >= 200 && res.statusCode < 308) {
+          resolve(data);
+        } else {
+          reject(new Error(`R2 request failed: Status ${res.statusCode} ${res.statusMessage}. Body: ${data.substring(0, 300)}`));
+        }
+      });
+    });
+    req.on('error', reject);
+    if (body) req.write(body);
+    req.end();
+  });
+}
+// --- API Helpers ---
+const getSecrets = ({ cloudflareAccessKeyId, cloudflareSecretAccessKey, cloudflareAccountId }) => (
+  [cloudflareAccessKeyId, cloudflareSecretAccessKey, cloudflareAccountId]
+);
+async function uploadToR2(bucket, key, body, contentType, secrets) {
+  if (!body) body = Buffer.alloc(0);
+  const signed = signR2('PUT', bucket, key, body, ...getSecrets(secrets));
+  signed.headers['Content-Type'] = contentType || 'application/octet-stream';
+  await requestR2(signed);
+  return { success: true };
+}
+async function downloadFromR2(bucket, key, secrets) {
+  const signed = signR2('GET', bucket, key, null, ...getSecrets(secrets));
+  const { hostname, pathname, search } = new URL(signed.url);
+  return new Promise((resolve, reject) => {
+    const req = https.request({
+      hostname,
+      port: 443,
+      path: pathname + (search || ''),
+      method: 'GET',
+      headers: signed.headers
+    }, res => {
+      if (res.statusCode >= 200 && res.statusCode < 308) {
+        resolve(res);
+      } else {
+        let errorData = '';
+        res.on('data', chunk => errorData += chunk);
+        res.on('end', () => {
+          reject(new Error(`Download failed: ${res.statusCode} ${errorData.substring(0, 200)}`));
+        });
+      }
+    });
+    req.on('error', reject);
+    req.end();
+  });
+}
+async function deleteFromR2(bucket, key, secrets) {
+  await requestR2(signR2('DELETE', bucket, key, null, ...getSecrets(secrets)));
+  return { success: true };
+}
+async function listR2Files(bucket, prefix, secrets) {
+  const qs = prefix ? `list-type=2&prefix=${encodeURIComponent(prefix)}` : 'list-type=2';
+  const data = await requestR2(signR2('GET', bucket, '', null, ...getSecrets(secrets), qs));
+  const keys = [...data.matchAll(/<Key>(.*?)<\/Key>/g)].map(([, k]) => k);
+  const sizes = [...data.matchAll(/<Size>(\d+)<\/Size>/g)].map(([, s]) => parseInt(s, 10));
+  const mods = [...data.matchAll(/<LastModified>(.*?)<\/LastModified>/g)].map(([, m]) => m);
+  return keys.map((k, i) => ({ key: k, size: sizes[i] || 0, lastModified: mods[i] || '' }));
+}
+function getSignedDownloadUrl(bucket, key, secrets) {
+  return signR2('GET', bucket, key, null, ...getSecrets(secrets)).url;
+}
+export const fileRoutes = {
+  upload: async (req, res, data) => {
+    try {
+      let body = data.body;
+      if (typeof body === 'string') {
+        body = Buffer.from(body, 'base64');
+      } else if (body) {
+        body = Buffer.from(body);
+      } else {
+        body = Buffer.alloc(0);
+      }
+      return await uploadToR2(data.bucket, data.key, body, data.contentType, data.secrets);
+    } catch (e) { return { error: e.message }; }
+  },
+  download: async (req, res, data) => {
+    try {
+      return await downloadFromR2(data.bucket, data.key, data.secrets);
+    } catch (e) { return { error: e.message }; }
+  },
+  delete: async (req, res, data) => {
+    try {
+      return await deleteFromR2(data.bucket, data.key, data.secrets);
+    } catch (e) { return { error: e.message }; }
+  },
+  "POST /files": async (req, res, data) => {
+    try {
+      return await listR2Files(data.bucket, data.prefix, data.secrets);
+    } catch (e) { return { error: e.message }; }
+  }
+};
+export {
+  uploadToR2,
+  downloadFromR2,
+  deleteFromR2,
+  listR2Files,
+  getSignedDownloadUrl
+};

package/lib/sqlite.js ADDED Viewed

@@ -0,0 +1,39 @@
+import Database from "better-sqlite3";
+import { fileRoutes } from "./lib/file-routes.js";
+import secrets from "./secrets.js";
+import crypto from "crypto";
+// Initialize database
+global.sqlite = new Database("data.db");
+sqlite.prepare("CREATE TABLE IF NOT EXISTS users (id TEXT PRIMARY KEY, username TEXT, pass TEXT, token TEXT, picture TEXT, name TEXT, email TEXT)").run();
+sqlite.prepare("CREATE TABLE IF NOT EXISTS kv (key TEXT PRIMARY KEY, value TEXT)").run();
+// Combine all routes
+export default {
+  _auth: (req, res, data) => {
+    if (req.url.match(/js|html|css/)) return;
+    if (req.url == "/") return 401;
+    if (req.url.startsWith("/register") || req.url.startsWith("/login")) return;
+    const token = req.headers.cookie?.split('token=')[1].split(';')[0];
+    if (!token) { return 401; }
+    const user = sqlite.prepare("SELECT * FROM users WHERE token = ?").get(token);
+    if (!user) return 401;
+    req.user = user.username;
+  },
+  "POST /api": (req, res, data) => {
+    sqlite.prepare("INSERT OR REPLACE INTO kv (key, value) VALUES (?, ?)").run(req.user + ":" + data.key, data.value);
+    return sqlite.prepare("SELECT substr(key, instr(key, ':') + 1) AS key, value FROM kv WHERE key = ?").get(req.user + ":" + data.key);
+  },
+  "GET /api": (req, res, data) => {
+    return sqlite.prepare("SELECT substr(key, instr(key, ':') + 1) AS key, value FROM kv WHERE key = ?").get(req.user + ":" + data.key) || {};
+  },
+  "GET /all": (req, res, data) => {
+    const rows = sqlite.prepare("SELECT substr(key, instr(key, ':') + 1) AS key, value FROM kv WHERE key LIKE ?").all(req.user + ":%");
+    return rows || [];
+  },
+  "DELETE /api": (req, res, data) => {
+    sqlite.prepare("DELETE FROM kv WHERE key = ?").run(req.user + ":" + data.key);
+    return { deleted: true, key: data.key };
+  }
+};

package/module.mjs CHANGED Viewed

@@ -43,9 +43,7 @@ export default async function (routes, port = params.port || 3000, ip = params.i
   if (publicDir.includes('..')) {
     throw new Error('Public directory path cannot contain ".."')
   }
-  if (!fs.existsSync(publicDir)) {
-    throw new Error(`Public directory "${publicDir}" does not exist`)
-  }
   const requestHandler = async (r, s) => {
     let sdata = '', rrurl = r.url || ''

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "instaserve",
-  "version": "1.1.9",
+  "version": "1.1.11",
   "description": "Instant web stack",
   "main": "module.mjs",
   "bin": "./instaserve",