maven-proxy 1.0.1

package/src/cert/truststore-utils.js

@@ -0,0 +1,289 @@
+import fs from "node:fs";
+import path from "node:path";
+import os from "node:os";
+import { spawnSync } from "node:child_process";
+
+const SUPPORTED_STORE_TYPES = new Set(["JKS", "PKCS12"]);
+
+function runCommand(command, args) {
+  const result = spawnSync(command, args, {
+    stdio: "inherit",
+    shell: false,
+  });
+
+  if (result.error) {
+    throw result.error;
+  }
+
+  if (result.status !== 0) {
+    throw new Error(`Command failed: ${command} ${args.join(" ")}`);
+  }
+}
+
+function runCommandCapture(command, args) {
+  const result = spawnSync(command, args, {
+    shell: false,
+    encoding: "utf8",
+  });
+
+  if (result.error) {
+    throw result.error;
+  }
+
+  if (result.status !== 0) {
+    const stderr = (result.stderr || "").trim();
+    throw new Error(
+      stderr || `Command failed: ${command} ${args.join(" ")}`,
+    );
+  }
+
+  return result.stdout || "";
+}
+
+export function assertKeytoolAvailable() {
+  const result = spawnSync("keytool", ["-help"], {
+    shell: false,
+    encoding: "utf8",
+  });
+
+  if (result.error) {
+    throw new Error(`keytool is not available: ${result.error.message}`);
+  }
+
+  if (result.status !== 0) {
+    const stderr = (result.stderr || "").trim();
+    throw new Error(stderr || "keytool is not available.");
+  }
+}
+
+function getDefaultCacertsPath(javaHome) {
+  return path.join(javaHome, "lib", "security", "cacerts");
+}
+
+function parseAliasesFromListOutput(output) {
+  const aliases = new Set();
+  const verboseMatches = output.matchAll(/Alias name:\s*(.+)\s*$/gm);
+  for (const match of verboseMatches) {
+    aliases.add(match[1].trim());
+  }
+
+  if (aliases.size > 0) {
+    return aliases;
+  }
+
+  // Fallback for non-verbose list format: "<alias>, <date>, <entryType>, ..."
+  const listMatches = output.matchAll(/^([^,\r\n]+),\s.+$/gm);
+  for (const match of listMatches) {
+    aliases.add(match[1].trim());
+  }
+
+  return aliases;
+}
+
+function listTrustStoreAliases({ storePath, storePass, storeType }) {
+  const output = runCommandCapture("keytool", [
+    "-list",
+    "-v",
+    "-keystore",
+    storePath,
+    "-storepass",
+    storePass,
+    "-storetype",
+    storeType,
+  ]);
+
+  return parseAliasesFromListOutput(output);
+}
+
+function validateMergeOptions(options) {
+  if (!options || typeof options !== "object") {
+    throw new Error("Merge options are required.");
+  }
+
+  const required = ["sourcePath", "targetPath", "sourcePassword", "targetPassword"];
+  for (const key of required) {
+    if (!options[key]) {
+      throw new Error(`Missing required option: ${key}`);
+    }
+  }
+
+  const sourceType = String(options.sourceType || "JKS").toUpperCase();
+  const targetType = String(options.targetType || "JKS").toUpperCase();
+
+  if (!SUPPORTED_STORE_TYPES.has(sourceType)) {
+    throw new Error(`Invalid sourceType: ${sourceType}. Use JKS or PKCS12.`);
+  }
+
+  if (!SUPPORTED_STORE_TYPES.has(targetType)) {
+    throw new Error(`Invalid targetType: ${targetType}. Use JKS or PKCS12.`);
+  }
+
+  const resolvedSourcePath = path.resolve(options.sourcePath);
+  const resolvedTargetPath = path.resolve(options.targetPath);
+
+  if (resolvedSourcePath === resolvedTargetPath) {
+    throw new Error("sourcePath and targetPath must be different.");
+  }
+
+  if (!fs.existsSync(options.sourcePath)) {
+    throw new Error(`Source truststore not found: ${options.sourcePath}`);
+  }
+
+  const sourceStats = fs.statSync(options.sourcePath);
+  if (!sourceStats.isFile()) {
+    throw new Error(`Source truststore is not a file: ${options.sourcePath}`);
+  }
+
+  if (fs.existsSync(options.targetPath)) {
+    const targetStats = fs.statSync(options.targetPath);
+    if (!targetStats.isFile()) {
+      throw new Error(`Target truststore path is not a file: ${options.targetPath}`);
+    }
+  }
+
+  const mode = options.onConflict || "fail";
+  if (!["fail", "overwrite"].includes(mode)) {
+    throw new Error(`Invalid onConflict mode: ${mode}. Use \"fail\" or \"overwrite\".`);
+  }
+
+  return {
+    onConflict: mode,
+    sourceType,
+    targetType,
+  };
+}
+
+export function getTrustStoreCommands(runtimeConfig) {
+  const isWindows = os.platform() === "win32";
+  const javaHome = runtimeConfig.javaHome || (isWindows ? "%JAVA_HOME%" : "$JAVA_HOME");
+  const defaultCacerts = isWindows
+    ? `${javaHome}\\lib\\security\\cacerts`
+    : `${javaHome}/lib/security/cacerts`;
+
+  const copyCmd = isWindows
+    ? `Copy-Item "${defaultCacerts}" "${runtimeConfig.trustStorePath}"`
+    : `cp "${defaultCacerts}" "${runtimeConfig.trustStorePath}"`;
+
+  const importCmd = `keytool -importcert -noprompt -trustcacerts -alias "${runtimeConfig.trustStoreAlias}" -file "${runtimeConfig.rootCertPath}" -keystore "${runtimeConfig.trustStorePath}" -storepass "${runtimeConfig.trustStorePassword}"`;
+  const listCmd = `keytool -list -v -keystore "${runtimeConfig.trustStorePath}" -storepass "${runtimeConfig.trustStorePassword}" -alias "${runtimeConfig.trustStoreAlias}"`;
+
+  return { copyCmd, importCmd, listCmd };
+}
+
+export function initTrustStore(runtimeConfig) {
+  assertKeytoolAvailable();
+
+  if (!runtimeConfig || !runtimeConfig.javaHome) {
+    throw new Error("JAVA_HOME is required to initialize trust store.");
+  }
+
+  const defaultCacerts = getDefaultCacertsPath(runtimeConfig.javaHome);
+
+  if (!fs.existsSync(defaultCacerts)) {
+    throw new Error(`JDK cacerts not found: ${defaultCacerts}`);
+  }
+
+  if (!fs.existsSync(runtimeConfig.rootCertPath)) {
+    throw new Error(`Root certificate not found: ${runtimeConfig.rootCertPath}`);
+  }
+
+  fs.mkdirSync(path.dirname(runtimeConfig.trustStorePath), { recursive: true });
+
+  if (!fs.existsSync(runtimeConfig.trustStorePath)) {
+    fs.copyFileSync(defaultCacerts, runtimeConfig.trustStorePath);
+  }
+
+  runCommand("keytool", [
+    "-importcert",
+    "-noprompt",
+    "-trustcacerts",
+    "-alias",
+    runtimeConfig.trustStoreAlias,
+    "-file",
+    runtimeConfig.rootCertPath,
+    "-keystore",
+    runtimeConfig.trustStorePath,
+    "-storepass",
+    runtimeConfig.trustStorePassword,
+  ]);
+
+  runCommand("keytool", [
+    "-list",
+    "-v",
+    "-keystore",
+    runtimeConfig.trustStorePath,
+    "-storepass",
+    runtimeConfig.trustStorePassword,
+    "-alias",
+    runtimeConfig.trustStoreAlias,
+  ]);
+}
+
+export function mergeTrustStores(options) {
+  assertKeytoolAvailable();
+
+  const validated = validateMergeOptions(options);
+  const onConflict = validated.onConflict;
+  const sourceType = validated.sourceType;
+  const targetType = validated.targetType;
+  const dryRun = Boolean(options.dryRun);
+
+  if (!dryRun) {
+    fs.mkdirSync(path.dirname(options.targetPath), { recursive: true });
+  }
+
+  if (onConflict === "fail" && fs.existsSync(options.targetPath)) {
+    const sourceAliases = listTrustStoreAliases({
+      storePath: options.sourcePath,
+      storePass: options.sourcePassword,
+      storeType: sourceType,
+    });
+    const targetAliases = listTrustStoreAliases({
+      storePath: options.targetPath,
+      storePass: options.targetPassword,
+      storeType: targetType,
+    });
+
+    const conflicts = [...sourceAliases].filter((alias) => targetAliases.has(alias));
+    if (conflicts.length > 0) {
+      throw new Error(
+        `Alias conflict detected: ${conflicts.join(", ")}. Use --on-conflict overwrite to continue.`,
+      );
+    }
+  }
+
+  if (dryRun) {
+    return {
+      dryRun: true,
+      checkedSource: options.sourcePath,
+      checkedTarget: options.targetPath,
+      onConflict,
+      sourceType,
+      targetType,
+      targetExists: fs.existsSync(options.targetPath),
+    };
+  }
+
+  const args = [
+    "-importkeystore",
+    "-srckeystore",
+    options.sourcePath,
+    "-srcstoretype",
+    sourceType,
+    "-srcstorepass",
+    options.sourcePassword,
+    "-destkeystore",
+    options.targetPath,
+    "-deststoretype",
+    targetType,
+    "-deststorepass",
+    options.targetPassword,
+  ];
+
+  if (onConflict === "overwrite") {
+    args.push("-noprompt");
+  }
+
+  runCommand("keytool", args);
+}
+

package/src/common/console-log-file.js

@@ -0,0 +1,62 @@
+import util from "node:util";
+import { DailyLogFile } from "./daily-log-file.js";
+
+const MIRROR_INSTALLED = Symbol.for("maven-proxy.console-log-file.installed");
+const GLOBAL_ERROR_HOOK_INSTALLED = Symbol.for("maven-proxy.global-error-hook.installed");
+
+function mirrorConsoleMethod({ level, originalMethod, logFile }) {
+  return (...args) => {
+    originalMethod(...args);
+
+    const line = `[${new Date().toISOString()}] [${level}] ${util.format(...args)}`;
+    logFile.appendLine(line).catch((error) => {
+      process.stderr.write(`[maven-proxy] write console log failed: ${error.message}\n`);
+    });
+  };
+}
+
+export function installConsoleLogFileMirror({ logDir, retentionDays = 7 }) {
+  if (globalThis[MIRROR_INSTALLED]) {
+    return;
+  }
+  globalThis[MIRROR_INSTALLED] = true;
+
+  const logFile = new DailyLogFile({
+    logDir,
+    filePrefix: "console",
+    retentionDays,
+  });
+
+  console.log = mirrorConsoleMethod({
+    level: "INFO",
+    originalMethod: console.log.bind(console),
+    logFile,
+  });
+
+  console.warn = mirrorConsoleMethod({
+    level: "WARN",
+    originalMethod: console.warn.bind(console),
+    logFile,
+  });
+
+  console.error = mirrorConsoleMethod({
+    level: "ERROR",
+    originalMethod: console.error.bind(console),
+    logFile,
+  });
+}
+
+export function installGlobalErrorLogging() {
+  if (globalThis[GLOBAL_ERROR_HOOK_INSTALLED]) {
+    return;
+  }
+  globalThis[GLOBAL_ERROR_HOOK_INSTALLED] = true;
+
+  process.on("uncaughtExceptionMonitor", (error, origin) => {
+    console.error(`[global-error] uncaughtException origin=${origin}`, error);
+  });
+
+  process.on("unhandledRejection", (reason) => {
+    console.error("[global-error] unhandledRejection", reason);
+  });
+}

package/src/common/daily-log-file.js

@@ -0,0 +1,79 @@
+import fs from "node:fs";
+import path from "node:path";
+
+function toDateStampLocal(date = new Date()) {
+  const year = String(date.getFullYear());
+  const month = String(date.getMonth() + 1).padStart(2, "0");
+  const day = String(date.getDate()).padStart(2, "0");
+  return `${year}-${month}-${day}`;
+}
+
+function escapeRegExp(text) {
+  return text.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+
+export class DailyLogFile {
+  constructor({ logDir, filePrefix, retentionDays = 7 }) {
+    this.logDir = logDir;
+    this.filePrefix = filePrefix;
+    this.retentionDays = Math.max(1, Number.parseInt(retentionDays, 10) || 7);
+    this.ensureDirPromise = null;
+    this.lastCleanupStamp = "";
+  }
+
+  async ensureDir() {
+    if (!this.ensureDirPromise) {
+      this.ensureDirPromise = fs.promises.mkdir(this.logDir, { recursive: true });
+    }
+    await this.ensureDirPromise;
+  }
+
+  getDailyLogPath(date = new Date()) {
+    return path.join(this.logDir, `${this.filePrefix}-${toDateStampLocal(date)}.log`);
+  }
+
+  async cleanupOldLogsIfNeeded(date = new Date()) {
+    const todayStamp = toDateStampLocal(date);
+    if (this.lastCleanupStamp === todayStamp) {
+      return;
+    }
+
+    this.lastCleanupStamp = todayStamp;
+
+    const cutoff = new Date(date);
+    cutoff.setHours(0, 0, 0, 0);
+    cutoff.setDate(cutoff.getDate() - (this.retentionDays - 1));
+    const cutoffStamp = toDateStampLocal(cutoff);
+
+    const pattern = new RegExp(`^${escapeRegExp(this.filePrefix)}-(\\d{4}-\\d{2}-\\d{2})\\.log$`);
+    const entries = await fs.promises.readdir(this.logDir, { withFileTypes: true });
+
+    const deleteTasks = [];
+    for (const entry of entries) {
+      if (!entry.isFile()) {
+        continue;
+      }
+
+      const match = entry.name.match(pattern);
+      if (!match) {
+        continue;
+      }
+
+      const dateStamp = match[1];
+      if (dateStamp < cutoffStamp) {
+        deleteTasks.push(fs.promises.unlink(path.join(this.logDir, entry.name)));
+      }
+    }
+
+    if (deleteTasks.length > 0) {
+      await Promise.all(deleteTasks);
+    }
+  }
+
+  async appendLine(line, date = new Date()) {
+    await this.ensureDir();
+    await this.cleanupOldLogsIfNeeded(date);
+    const content = line.endsWith("\n") ? line : `${line}\n`;
+    await fs.promises.appendFile(this.getDailyLogPath(date), content, "utf8");
+  }
+}

package/src/common/domain-match.js

@@ -0,0 +1,39 @@
+function escapeRegExp(value) {
+  return value.replace(/[.*+?^${}()|[\\]\\]/g, "\\$&");
+}
+
+function wildcardToRegExp(pattern) {
+  const escaped = pattern
+    .split("*")
+    .map((segment) => escapeRegExp(segment))
+    .join(".*");
+  return new RegExp(`^${escaped}$`, "i");
+}
+
+export function matchesDomain(hostname, patterns) {
+  if (!hostname || !patterns || patterns.length === 0) {
+    return false;
+  }
+
+  const host = hostname.toLowerCase();
+
+  for (const rawPattern of patterns) {
+    const pattern = rawPattern.trim().toLowerCase();
+    if (!pattern) {
+      continue;
+    }
+
+    if (pattern.includes("*")) {
+      if (wildcardToRegExp(pattern).test(host)) {
+        return true;
+      }
+      continue;
+    }
+
+    if (host === pattern || host.endsWith(`.${pattern}`)) {
+      return true;
+    }
+  }
+
+  return false;
+}

package/src/common/download-log-writer.js

@@ -0,0 +1,27 @@
+import { DailyLogFile } from "./daily-log-file.js";
+
+export class DownloadLogWriter {
+  constructor(logDir, retentionDays = 7) {
+    this.logFile = new DailyLogFile({
+      logDir,
+      filePrefix: "download",
+      retentionDays,
+    });
+  }
+
+  async append(event, url, details = {}) {
+    const record = {
+      time: new Date().toISOString(),
+      event,
+      url,
+      ...details,
+    };
+    await this.logFile.appendLine(JSON.stringify(record));
+  }
+
+  write(event, url, details = {}) {
+    this.append(event, url, details).catch((error) => {
+      console.warn(`[downloader] write download log failed: ${error.message}`);
+    });
+  }
+}

package/src/common/ecosystem.js

@@ -0,0 +1,64 @@
+const MAVEN_ARTIFACT_EXTENSIONS = new Set([
+  ".pom",
+  ".jar",
+  ".aar",
+  ".war",
+  ".module",
+  ".xml",
+  ".sha1",
+  ".md5",
+]);
+
+function safeDecode(pathname) {
+  try {
+    return decodeURIComponent(pathname || "/");
+  } catch {
+    return pathname || "/";
+  }
+}
+
+function hasExtension(pathname, extensions) {
+  const lower = String(pathname || "").toLowerCase();
+  for (const ext of extensions) {
+    if (lower.endsWith(ext)) {
+      return true;
+    }
+  }
+  return false;
+}
+
+export function detectPackageEcosystem(urlObj, config, matchesDomain) {
+  const hostname = String(urlObj.hostname || "").toLowerCase();
+  const pathname = safeDecode(urlObj.pathname || "/");
+  const lowerPath = pathname.toLowerCase();
+
+  if (matchesDomain(hostname, config.npmRegistryDomains || [])) {
+    return "npm";
+  }
+
+  if (matchesDomain(hostname, config.mavenRepoDomains || [])) {
+    return "maven";
+  }
+
+  if (lowerPath.startsWith("/maven2/") || hasExtension(lowerPath, MAVEN_ARTIFACT_EXTENSIONS)) {
+    return "maven";
+  }
+
+  if (
+    lowerPath.startsWith("/-/v1/") ||
+    /\/\/-\/.+\.tgz$/i.test(lowerPath) ||
+    lowerPath.startsWith("/@")
+  ) {
+    return "npm";
+  }
+
+  if (hostname.includes("npm")) {
+    return "npm";
+  }
+
+  if (hostname.includes("maven") || hostname.includes("jitpack") || hostname.includes("gradle")) {
+    return "maven";
+  }
+
+  return "generic";
+}