wiki-plugin-shoppe 0.0.23 → 0.0.25

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wiki-plugin-shoppe",
-  "version": "0.0.23",
+  "version": "0.0.25",
   "description": "Multi-tenant digital goods shoppe for federated wiki, powered by Sanora",
   "keywords": [
     "wiki",

package/server/scripts/shoppe-sign.js

@@ -185,7 +185,7 @@ function createZip() {
       execSync(`powershell -NoProfile -Command "${psCmd}"`, { stdio: 'pipe' });
     } else {
       execSync(
-        `zip -r "${outputZip}" . -x "*/shoppe-key.json"`,
+        `zip -r "${outputZip}" . -x "*/shoppe-key.json" -x "*.mp4" -x "*.mov" -x "*.mkv" -x "*.webm" -x "*.avi"`,
         { cwd: SHOPPE_DIR, stdio: 'pipe' }
       );
     }
@@ -273,6 +273,71 @@ async function orders() {
   console.log('');
 }
 
+// ── upload — generate a signed shoppe URL for video uploading ────────────────
+
+async function upload() {
+  let sessionless;
+  try {
+    sessionless = require('sessionless-node');
+  } catch (err) {
+    console.error('❌  sessionless-node is not installed.');
+    console.error('   Run: npm install');
+    process.exit(1);
+  }
+
+  const manifest = readManifest();
+
+  if (!manifest.uuid) {
+    console.error('❌  manifest.json is missing uuid.');
+    process.exit(1);
+  }
+
+  if (fs.existsSync(LOCAL_KEY)) {
+    console.error('⚠️   shoppe-key.json is still in this folder.');
+    console.error('   Run  node shoppe-sign.js init  first.');
+    process.exit(1);
+  }
+
+  const keyData = loadStoredKey(manifest.uuid);
+
+  const timestamp = Date.now().toString();
+  const message   = timestamp + manifest.uuid;
+
+  sessionless.getKeys = () => ({ pubKey: keyData.pubKey, privateKey: keyData.privateKey });
+  const signature = await sessionless.sign(message);
+
+  const wikiUrlArg = process.argv[3];
+  const baseUrl    = wikiUrlArg
+    ? wikiUrlArg.replace(/\/+$/, '')
+    : manifest.wikiUrl
+      ? manifest.wikiUrl.replace(/\/plugin.*$/, '')
+      : null;
+
+  const shoppePath = `/plugin/shoppe/${manifest.uuid}?timestamp=${timestamp}&signature=${encodeURIComponent(signature)}`;
+  const fullUrl    = baseUrl ? `${baseUrl}${shoppePath}` : null;
+
+  console.log('\n🎬  Signed shoppe URL for video uploading (valid for 24 hours):\n');
+  if (fullUrl) {
+    console.log('   ' + fullUrl);
+  } else {
+    console.log('   Path: ' + shoppePath);
+    console.log('\n   Prepend your wiki URL, e.g.:');
+    console.log('   https://mywiki.com' + shoppePath);
+    console.log('\n   Or pass your wiki URL as an argument:');
+    console.log('   node shoppe-sign.js upload https://mywiki.com');
+  }
+
+  if (fullUrl) {
+    console.log('\n   Opening in browser...');
+    try {
+      const open = process.platform === 'win32' ? 'start' :
+                   process.platform === 'darwin' ? 'open' : 'xdg-open';
+      execSync(`${open} "${fullUrl}"`, { stdio: 'ignore' });
+    } catch (_) {}
+  }
+  console.log('');
+}
+
 // ── payouts — open Stripe Connect Express onboarding ─────────────────────────
 
 async function payouts() {
@@ -347,6 +412,11 @@ async function payouts() {
 const command = process.argv[2];
 if (command === 'init') {
   init();
+} else if (command === 'upload') {
+  upload().catch(err => {
+    console.error('❌ ', err.message);
+    process.exit(1);
+  });
 } else if (command === 'orders') {
   orders().catch(err => {
     console.error('❌ ', err.message);

package/server/server.js

@@ -261,6 +261,13 @@ function generateBundleBuffer(tenant, ownerPrivateKey, ownerPubKey, wikiOrigin)
     'Add or update content, then run `node shoppe-sign.js` again.',
     'Each upload overwrites existing items and adds new ones.',
     '',
+    '## Uploading videos',
+    '',
+    'Run: `node shoppe-sign.js upload`',
+    '',
+    'Opens your shoppe page with a signed URL (valid for 24 hours).',
+    'Any video items without a file will show an "Upload Video" button.',
+    '',
     '## Viewing orders',
     '',
     'Run: `node shoppe-sign.js orders`',
@@ -560,6 +567,20 @@ async function sanoraUploadImage(tenant, title, imageBuffer, filename) {
 
 // ============================================================
 // LUCILLE HELPERS
+async function sanoraDeleteProduct(tenant, title) {
+  const { uuid, keys } = tenant;
+  const timestamp = Date.now().toString();
+  const message = timestamp + uuid + title;
+
+  sessionless.getKeys = () => keys;
+  const signature = await sessionless.sign(message);
+
+  await fetch(
+    `${getSanoraUrl()}/user/${uuid}/product/${encodeURIComponent(title)}?timestamp=${timestamp}&signature=${encodeURIComponent(signature)}`,
+    { method: 'DELETE' }
+  );
+}
+
 // ============================================================
 
 async function lucilleCreateUser(lucilleUrl) {
@@ -1125,26 +1146,10 @@ async function processArchive(zipPath) {
             await sanoraUploadImage(tenant, title, coverBuf, coverFile);
           }
 
-          // Video file → Lucille (with content-hash deduplication)
-          const videoFiles = fs.readdirSync(entryPath).filter(f => VIDEO_EXTS.has(path.extname(f).toLowerCase()));
-          if (videoFiles.length > 0) {
-            const videoFilename = videoFiles[0];
-            const videoBuf = fs.readFileSync(path.join(entryPath, videoFilename));
-            const localHash = crypto.createHash('sha256').update(videoBuf).digest('hex');
-
-            const existing = existingLucilleVideos[title];
-            if (existing && existing.contentHash && existing.contentHash === localHash) {
-              console.log(`[shoppe]   ⏩ video unchanged, skipping upload: ${title}`);
-              results.videos.push({ title, price, skipped: true });
-            } else {
-              await lucilleRegisterVideo(tenant, title, description, tags, effectiveLucilleUrl);
-              await lucilleUploadVideo(tenant, title, videoBuf, videoFilename, effectiveLucilleUrl);
-              results.videos.push({ title, price });
-              console.log(`[shoppe]   🎬 video: ${title}`);
-            }
-          } else {
-            results.warnings.push(`video "${title}": no video file found (expected .mp4/.mov/.mkv/.webm/.avi)`);
-          }
+          // Register video metadata in Lucille (file upload happens separately via upload-info endpoint)
+          await lucilleRegisterVideo(tenant, title, description, tags, effectiveLucilleUrl);
+          results.videos.push({ title, price });
+          console.log(`[shoppe]   🎬 video registered: ${title} (upload file separately)`);
         } catch (err) {
           console.warn(`[shoppe]   ⚠️  video ${entry}: ${err.message}`);
           results.warnings.push(`video "${entry}": ${err.message}`);
@@ -1262,7 +1267,8 @@ async function getShoppeGoods(tenant) {
       shipping: product.shipping || 0,
       image: product.image ? `${getSanoraUrl()}/images/${product.image}` : null,
       url: (bucketName && redirects[bucketName]) || defaultUrl,
-      ...(lucillePlayerUrl && { lucillePlayerUrl })
+      ...(lucillePlayerUrl && { lucillePlayerUrl }),
+      ...(product.category === 'video' && { shoppeId: tenant.uuid })
     };
     const bucket = goods[bucketName];
     if (bucket) bucket.push(item);
@@ -1398,12 +1404,12 @@ const CATEGORY_EMOJI = { book: '📚', music: '🎵', post: '📝', album: '🖼
 // Validate an owner-signed request (used for browser-facing owner routes).
 // Expects req.query.timestamp and req.query.signature.
 // Returns an error string if invalid, null if valid.
-function checkOwnerSignature(req, tenant) {
+function checkOwnerSignature(req, tenant, maxAgeMs = 5 * 60 * 1000) {
   if (!tenant.ownerPubKey) return 'This shoppe was registered before owner signing was added';
   const { timestamp, signature } = req.query;
   if (!timestamp || !signature) return 'Missing timestamp or signature — generate a fresh URL with: node shoppe-sign.js orders';
   const age = Date.now() - parseInt(timestamp, 10);
-  if (isNaN(age) || age < 0 || age > 5 * 60 * 1000) return 'URL has expired — generate a new one with: node shoppe-sign.js orders';
+  if (isNaN(age) || age < 0 || age > maxAgeMs) return 'URL has expired — generate a new one with: node shoppe-sign.js orders';
   const message = timestamp + tenant.uuid;
   if (!sessionless.verifySignature(signature, message, tenant.ownerPubKey)) return 'Signature invalid';
   return null;
@@ -1539,12 +1545,35 @@ function renderCards(items, category) {
   }
   return items.map(item => {
     const isVideo = !!item.lucillePlayerUrl;
+    const isUnuploadedVideo = item.shoppeId && !item.lucillePlayerUrl;
     const imgHtml = item.image
       ? `<div class="card-img${isVideo ? ' card-video-play' : ''}"><img src="${item.image}" alt="" loading="lazy"></div>`
-      : `<div class="card-img-placeholder">${CATEGORY_EMOJI[category] || '🎁'}</div>`;
+      : isUnuploadedVideo
+        ? `<div class="card-img-placeholder card-video-upload"><span style="font-size:44px">🎬</span></div>`
+        : `<div class="card-img-placeholder">${CATEGORY_EMOJI[category] || '🎁'}</div>`;
     const priceHtml = (item.price > 0 || category === 'product')
       ? `<div class="price">$${(item.price / 100).toFixed(2)}${item.shipping ? ` <span class="shipping">+ $${(item.shipping / 100).toFixed(2)} shipping</span>` : ''}</div>`
       : '';
+    if (isUnuploadedVideo) {
+      const safeTitle = item.title.replace(/'/g, "\\'");
+      return `
+      <div class="card" id="video-card-${item.shoppeId}-${item.title.replace(/[^a-z0-9]/gi,'_')}">
+        ${imgHtml}
+        <div class="card-body">
+          <div class="card-title">${item.title}</div>
+          ${item.description ? `<div class="card-desc">${item.description}</div>` : ''}
+          ${priceHtml}
+          <div class="video-upload-area" id="upload-area-${item.shoppeId}-${item.title.replace(/[^a-z0-9]/gi,'_')}">
+            <label class="upload-btn-label">
+              📁 Upload Video
+              <input type="file" accept="video/*" style="display:none"
+                onchange="startVideoUpload(this,'${item.shoppeId}','${safeTitle}')">
+            </label>
+            <div class="upload-progress" style="display:none"></div>
+          </div>
+        </div>
+      </div>`;
+    }
     const clickHandler = isVideo
       ? `playVideo('${item.lucillePlayerUrl}')`
       : `window.open('${item.url}','_blank')`;
@@ -1560,7 +1589,7 @@ function renderCards(items, category) {
   }).join('');
 }
 
-function generateShoppeHTML(tenant, goods) {
+function generateShoppeHTML(tenant, goods, uploadAuth = null) {
   const total = Object.values(goods).flat().length;
   const tabs = [
     { id: 'all',          label: 'All',              count: total,                       always: true },
@@ -1622,6 +1651,12 @@ function generateShoppeHTML(tenant, goods) {
     .video-modal-content iframe { width: 100%; height: 100%; border: none; display: block; }
     .video-modal-close { position: absolute; top: 10px; right: 12px; z-index: 2; background: rgba(0,0,0,0.5); border: none; color: #fff; font-size: 20px; line-height: 1; padding: 4px 10px; border-radius: 6px; cursor: pointer; }
     .video-modal-close:hover { background: rgba(0,0,0,0.8); }
+    .card-video-upload { cursor: default !important; }
+    .upload-btn-label { display: inline-block; background: #0066cc; color: white; border-radius: 8px; padding: 8px 16px; font-size: 13px; font-weight: 600; cursor: pointer; margin-top: 8px; }
+    .upload-btn-label:hover { background: #0052a3; }
+    .upload-progress { margin-top: 8px; font-size: 12px; color: #555; }
+    .upload-progress-bar { height: 4px; background: #e0e0e0; border-radius: 2px; margin-top: 4px; overflow: hidden; }
+    .upload-progress-bar-fill { height: 100%; background: #0066cc; border-radius: 2px; transition: width 0.2s; }
   </style>
 </head>
 <body>
@@ -1653,6 +1688,7 @@ function generateShoppeHTML(tenant, goods) {
     </div>
   </div>
   <script>
+    const UPLOAD_AUTH = ${uploadAuth ? JSON.stringify(uploadAuth) : 'null'};
     function show(id, tab) {
       document.querySelectorAll('.section').forEach(s => s.classList.remove('active'));
       document.querySelectorAll('.tab').forEach(t => t.classList.remove('active'));
@@ -1668,6 +1704,58 @@ function generateShoppeHTML(tenant, goods) {
       document.getElementById('video-iframe').src = '';
     }
     document.addEventListener('keydown', e => { if (e.key === 'Escape') closeVideo(); });
+
+    async function startVideoUpload(input, shoppeId, title) {
+      const file = input.files[0];
+      if (!file) return;
+
+      const areaId = 'upload-area-' + shoppeId + '-' + title.replace(/[^a-z0-9]/gi,'_');
+      const area = document.getElementById(areaId);
+      const progressDiv = area.querySelector('.upload-progress');
+      const label = area.querySelector('.upload-btn-label');
+
+      label.style.display = 'none';
+      progressDiv.style.display = 'block';
+      progressDiv.innerHTML = 'Getting upload credentials…';
+
+      try {
+        if (!UPLOAD_AUTH) throw new Error('Not authorized to upload — visit the shoppe via a signed URL (node shoppe-sign.js upload)');
+        const authParams = '?timestamp=' + encodeURIComponent(UPLOAD_AUTH.timestamp) + '&signature=' + encodeURIComponent(UPLOAD_AUTH.signature);
+        const infoRes = await fetch('/plugin/shoppe/' + shoppeId + '/video/' + encodeURIComponent(title) + '/upload-info' + authParams);
+        if (!infoRes.ok) throw new Error('Could not get upload credentials (' + infoRes.status + ')');
+        const { uploadUrl, timestamp, signature } = await infoRes.json();
+
+        progressDiv.innerHTML = 'Uploading… 0%<div class="upload-progress-bar"><div class="upload-progress-bar-fill" id="fill-' + areaId + '" style="width:0%"></div></div>';
+
+        const form = new FormData();
+        form.append('video', file, file.name);
+
+        await new Promise((resolve, reject) => {
+          const xhr = new XMLHttpRequest();
+          xhr.upload.onprogress = e => {
+            if (e.lengthComputable) {
+              const pct = Math.round(e.loaded / e.total * 100);
+              progressDiv.querySelector('div').textContent = '';
+              progressDiv.firstChild.textContent = 'Uploading… ' + pct + '%';
+              const fill = document.getElementById('fill-' + areaId);
+              if (fill) fill.style.width = pct + '%';
+            }
+          };
+          xhr.onload = () => xhr.status === 200 ? resolve() : reject(new Error('Upload failed: ' + xhr.status));
+          xhr.onerror = () => reject(new Error('Network error during upload'));
+          xhr.open('PUT', uploadUrl);
+          xhr.setRequestHeader('x-pn-timestamp', timestamp);
+          xhr.setRequestHeader('x-pn-signature', signature);
+          xhr.send(form);
+        });
+
+        progressDiv.innerHTML = '✅ Uploaded! Reloading…';
+        setTimeout(() => location.reload(), 1500);
+      } catch (err) {
+        progressDiv.innerHTML = '❌ ' + err.message;
+        label.style.display = 'inline-block';
+      }
+    }
   </script>
 </body>
 </html>`;
@@ -1800,6 +1888,36 @@ async function startServer(params) {
     res.json({ success: true, tenants: safe });
   });
 
+  // Delete a shoppe tenant (owner only)
+  app.delete('/plugin/shoppe/:identifier', owner, async (req, res) => {
+    try {
+      const tenant = getTenantByIdentifier(req.params.identifier);
+      if (!tenant) return res.status(404).json({ error: 'tenant not found' });
+
+      // Fetch all products from Sanora and fire-and-forget delete each one
+      const sanoraUrl = getSanoraUrl();
+      fetch(`${sanoraUrl}/products/${tenant.uuid}`)
+        .then(r => r.json())
+        .then(products => {
+          for (const title of Object.keys(products)) {
+            sanoraDeleteProduct(tenant, title).catch(err =>
+              console.warn(`[shoppe] delete product "${title}" failed:`, err.message)
+            );
+          }
+        })
+        .catch(err => console.warn('[shoppe] fetch products for delete failed:', err.message));
+
+      // Remove tenant from local registry
+      const tenants = loadTenants();
+      delete tenants[tenant.uuid];
+      saveTenants(tenants);
+
+      res.json({ success: true, deleted: tenant.uuid });
+    } catch (err) {
+      res.status(404).json({ error: err.message });
+    }
+  });
+
   // Public directory — name, emojicode, and shoppe URL only
   app.get('/plugin/shoppe/directory', (req, res) => {
     const tenants = loadTenants();
@@ -2473,6 +2591,35 @@ async function startServer(params) {
     }
   });
 
+  // GET /plugin/shoppe/:id/video/:title/upload-info
+  // Returns a pre-signed lucille upload URL so the browser can PUT the video file directly to lucille.
+  // Auth: shoppe tenant owner signature (timestamp + uuid), valid for 24 hours.
+  // Generate the signed URL with: node shoppe-sign.js upload
+  app.get('/plugin/shoppe/:identifier/video/:title/upload-info', async (req, res) => {
+    try {
+      const tenant = getTenantByIdentifier(req.params.identifier);
+      if (!tenant) return res.status(404).json({ error: 'tenant not found' });
+
+      const sigErr = checkOwnerSignature(req, tenant, 24 * 60 * 60 * 1000);
+      if (sigErr) return res.status(403).json({ error: sigErr });
+
+      if (!tenant.lucilleKeys) return res.status(400).json({ error: 'tenant has no lucille user — re-register' });
+
+      const title = req.params.title;
+      const lucilleBase = getLucilleUrl().replace(/\/$/, '');
+      const { uuid: lucilleUuid, pubKey, privateKey } = tenant.lucilleKeys;
+
+      const timestamp = Date.now().toString();
+      sessionless.getKeys = () => ({ pubKey, privateKey });
+      const signature = await sessionless.sign(timestamp + pubKey);
+
+      const uploadUrl = `${lucilleBase}/user/${lucilleUuid}/video/${encodeURIComponent(title)}/file`;
+      res.json({ uploadUrl, timestamp, signature });
+    } catch (err) {
+      res.status(500).json({ error: err.message });
+    }
+  });
+
   // Goods JSON (public)
   app.get('/plugin/shoppe/:identifier/goods', async (req, res) => {
     try {
@@ -2492,8 +2639,14 @@ async function startServer(params) {
       const tenant = getTenantByIdentifier(req.params.identifier);
       if (!tenant) return res.status(404).send('<h1>Shoppe not found</h1>');
       const goods = await getShoppeGoods(tenant);
+
+      // Check if the request carries a valid owner signature — if so, embed auth
+      // params in the page so the upload button can authenticate with upload-info.
+      const sigErr = checkOwnerSignature(req, tenant, 24 * 60 * 60 * 1000);
+      const uploadAuth = sigErr ? null : { timestamp: req.query.timestamp, signature: req.query.signature };
+
       res.set('Content-Type', 'text/html');
-      res.send(generateShoppeHTML(tenant, goods));
+      res.send(generateShoppeHTML(tenant, goods, uploadAuth));
     } catch (err) {
       console.error('[shoppe] page error:', err);
       res.status(500).send(`<h1>Error</h1><p>${err.message}</p>`);