wp-studio 1.7.7-alpha1

package/dist/cli/browser-CgWK-yoe.js

@@ -0,0 +1,44 @@
+import { spawn } from "child_process";
+async function openBrowser(url) {
+  const platform = process.platform;
+  let cmd;
+  let args;
+  switch (platform) {
+    case "darwin":
+      cmd = "open";
+      args = [url];
+      break;
+    case "win32":
+      cmd = "PowerShell";
+      args = [
+        "-NoProfile",
+        "-NonInteractive",
+        "-ExecutionPolicy",
+        "Bypass",
+        "-Command",
+        "Start",
+        `"${url}"`
+      ];
+      break;
+    case "linux":
+      cmd = "xdg-open";
+      args = [url];
+      break;
+    default:
+      return Promise.reject(new Error("Unsupported platform"));
+  }
+  return new Promise((resolve, reject) => {
+    const child = spawn(cmd, args);
+    child.on("error", reject);
+    child.on("exit", (code) => {
+      if (code === 0) {
+        resolve();
+      } else {
+        reject(new Error("Failed to open browser"));
+      }
+    });
+  });
+}
+export {
+  openBrowser as o
+};

package/dist/cli/certificate-manager-DdBumKZp.js

@@ -0,0 +1,250 @@
+import { execFile } from "node:child_process";
+import crypto from "node:crypto";
+import fs from "node:fs";
+import path from "node:path";
+import { domainToASCII } from "node:url";
+import { promisify } from "node:util";
+import sudo from "@vscode/sudo-prompt";
+import forge from "node-forge";
+import { Q as getAppdataDirectory } from "./appdata-07CF2rhg.js";
+const execFilePromise = promisify(execFile);
+function createNameConstraintsExtension(domains) {
+  const asn1 = forge.asn1;
+  const domainsToSequence = (domains2) => domains2.map((domain) => {
+    const generalName = asn1.create(asn1.Class.CONTEXT_SPECIFIC, 2, false, domain);
+    return asn1.create(
+      asn1.Class.UNIVERSAL,
+      asn1.Type.SEQUENCE,
+      true,
+      [generalName]
+      // The minimum value is DEFAULT 0, so we can omit it for simplicity
+      // The maximum value is OPTIONAL and we don't need it
+    );
+  });
+  const nameConstraintsComponents = [];
+  nameConstraintsComponents.push(
+    asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, domainsToSequence(domains))
+  );
+  const nameConstraintsValue = asn1.create(
+    asn1.Class.UNIVERSAL,
+    asn1.Type.SEQUENCE,
+    true,
+    nameConstraintsComponents
+  );
+  return {
+    id: "2.5.29.30",
+    // nameConstraints OID
+    critical: true,
+    value: nameConstraintsValue
+  };
+}
+const CA_NAME = "WordPress Studio CA";
+const CA_CERT_VALIDITY_DAYS = 3650;
+const SITE_CERT_VALIDITY_DAYS = 825;
+const CERT_DIRECTORY = path.join(getAppdataDirectory(), "certificates");
+const CA_CERT_PATH = path.join(CERT_DIRECTORY, "studio-ca.crt");
+const CA_KEY_PATH = path.join(CERT_DIRECTORY, "studio-ca.key");
+function initializeCertificatesDirectory() {
+  if (!fs.existsSync(path.join(CERT_DIRECTORY, "domains"))) {
+    fs.mkdirSync(path.join(CERT_DIRECTORY, "domains"), { recursive: true });
+  }
+}
+async function ensureRootCA() {
+  if (fs.existsSync(CA_CERT_PATH) && fs.existsSync(CA_KEY_PATH)) {
+    return {
+      cert: fs.readFileSync(CA_CERT_PATH, "utf8"),
+      key: fs.readFileSync(CA_KEY_PATH, "utf8")
+    };
+  }
+  console.log("Generating new root CA certificate…");
+  const keys = forge.pki.rsa.generateKeyPair(2048);
+  const cert = forge.pki.createCertificate();
+  cert.publicKey = keys.publicKey;
+  cert.serialNumber = crypto.randomBytes(20).toString("hex");
+  const now = /* @__PURE__ */ new Date();
+  cert.validity.notBefore = now;
+  cert.validity.notAfter = new Date(now.getTime());
+  cert.validity.notAfter.setDate(now.getDate() + CA_CERT_VALIDITY_DAYS);
+  const attrs = [
+    { name: "commonName", value: CA_NAME },
+    { name: "countryName", value: "US" },
+    { name: "organizationName", value: "WordPress Studio" }
+  ];
+  cert.setSubject(attrs);
+  cert.setIssuer(attrs);
+  cert.setExtensions([
+    {
+      name: "basicConstraints",
+      cA: true,
+      critical: true,
+      pathLenConstraint: 0
+      // Can only sign end entity certificates, not intermediate CAs
+    },
+    {
+      name: "keyUsage",
+      critical: true,
+      keyCertSign: true,
+      cRLSign: true
+    },
+    {
+      name: "extKeyUsage",
+      serverAuth: true,
+      clientAuth: true
+    },
+    createNameConstraintsExtension([".local"])
+  ]);
+  cert.sign(keys.privateKey, forge.md.sha256.create());
+  const certPem = forge.pki.certificateToPem(cert);
+  const keyPem = forge.pki.privateKeyToPem(keys.privateKey);
+  initializeCertificatesDirectory();
+  fs.writeFileSync(CA_CERT_PATH, certPem);
+  fs.writeFileSync(CA_KEY_PATH, keyPem);
+  fs.chmodSync(CA_CERT_PATH, 448);
+  fs.chmodSync(CA_KEY_PATH, 448);
+  await trustRootCA();
+  return { cert: certPem, key: keyPem };
+}
+async function isRootCATrusted() {
+  if (!fs.existsSync(CA_CERT_PATH)) {
+    return false;
+  }
+  if (process.platform === "win32") {
+    try {
+      const { stdout } = await execFilePromise("certutil", ["-verify", CA_CERT_PATH]);
+      const hasValidPolicies = stdout.includes("Verified Application Policies:") && stdout.includes("Server Authentication");
+      return hasValidPolicies;
+    } catch (error) {
+      return false;
+    }
+  } else if (process.platform === "darwin") {
+    try {
+      await execFilePromise("security", ["verify-cert", "-r", CA_CERT_PATH, "-p", "ssl"]);
+      return true;
+    } catch (error) {
+      return false;
+    }
+  }
+  return false;
+}
+async function trustRootCA() {
+  try {
+    if (await isRootCATrusted()) {
+      console.log("Root CA is already trusted in the system store");
+      return;
+    }
+    const platform = process.platform;
+    if (platform === "win32") {
+      await new Promise((resolve, reject) => {
+        sudo.exec(
+          `certutil -addstore -f "ROOT" "${CA_CERT_PATH}"`,
+          { name: "WordPress Studio" },
+          (error) => {
+            if (error) {
+              console.error("Error adding certificate to system trust store:", error);
+              reject(error);
+            } else {
+              console.log("Root CA trusted in Windows certificate store");
+              resolve();
+            }
+          }
+        );
+      });
+    } else {
+      console.error("Unsupported platform for automatic certificate trust:", platform);
+    }
+  } catch (error) {
+    console.error("Failed to trust root CA:", error);
+    throw error;
+  }
+}
+async function generateSiteCertificate(domain) {
+  try {
+    const punycodeDomain = domainToASCII(domain);
+    const siteCertPath = path.join(CERT_DIRECTORY, "domains", `${domain}.crt`);
+    const siteKeyPath = path.join(CERT_DIRECTORY, "domains", `${domain}.key`);
+    if (fs.existsSync(siteCertPath) && fs.existsSync(siteKeyPath)) {
+      return {
+        cert: fs.readFileSync(siteCertPath, "utf8"),
+        key: fs.readFileSync(siteKeyPath, "utf8")
+      };
+    }
+    const { cert: caCert, key: caKey } = await ensureRootCA();
+    const caPrivateKey = forge.pki.privateKeyFromPem(caKey);
+    const caCertObj = forge.pki.certificateFromPem(caCert);
+    const keys = forge.pki.rsa.generateKeyPair(2048);
+    const cert = forge.pki.createCertificate();
+    cert.publicKey = keys.publicKey;
+    cert.serialNumber = crypto.randomBytes(20).toString("hex");
+    const now = /* @__PURE__ */ new Date();
+    cert.validity.notBefore = now;
+    cert.validity.notAfter = new Date(now.getTime());
+    cert.validity.notAfter.setDate(now.getDate() + SITE_CERT_VALIDITY_DAYS);
+    const attrs = [
+      { name: "commonName", value: punycodeDomain },
+      { name: "countryName", value: "US" },
+      { name: "organizationName", value: "WordPress Studio" }
+    ];
+    cert.setSubject(attrs);
+    cert.setIssuer(caCertObj.subject.attributes);
+    cert.setExtensions([
+      {
+        name: "basicConstraints",
+        cA: false,
+        critical: true
+      },
+      {
+        name: "keyUsage",
+        critical: true,
+        digitalSignature: true,
+        keyEncipherment: true
+      },
+      {
+        name: "extKeyUsage",
+        serverAuth: true
+      },
+      {
+        name: "subjectAltName",
+        altNames: [
+          {
+            type: 2,
+            // DNS
+            value: punycodeDomain
+          }
+        ]
+      }
+    ]);
+    cert.sign(caPrivateKey, forge.md.sha256.create());
+    const certPem = forge.pki.certificateToPem(cert);
+    const keyPem = forge.pki.privateKeyToPem(keys.privateKey);
+    initializeCertificatesDirectory();
+    fs.writeFileSync(siteCertPath, certPem);
+    fs.writeFileSync(siteKeyPath, keyPem);
+    return { cert: certPem, key: keyPem };
+  } catch (error) {
+    console.error(`Failed to generate certificate for ${domain}:`, error);
+    throw error;
+  }
+}
+function deleteSiteCertificate(domain) {
+  try {
+    const siteCertPath = path.join(CERT_DIRECTORY, "domains", `${domain}.crt`);
+    const siteKeyPath = path.join(CERT_DIRECTORY, "domains", `${domain}.key`);
+    let deletedFiles = false;
+    if (fs.existsSync(siteCertPath)) {
+      fs.unlinkSync(siteCertPath);
+      deletedFiles = true;
+    }
+    if (fs.existsSync(siteKeyPath)) {
+      fs.unlinkSync(siteKeyPath);
+      deletedFiles = true;
+    }
+    return deletedFiles;
+  } catch (error) {
+    console.error(`Failed to delete certificate for ${domain}:`, error);
+    return false;
+  }
+}
+export {
+  deleteSiteCertificate as d,
+  generateSiteCertificate as g
+};

package/dist/cli/create-BHVhkvTx.js

@@ -0,0 +1,80 @@
+import os from "os";
+import path from "path";
+import { g as getWordPressVersion } from "./get-wordpress-version-BwSCJujO.js";
+import { P as PreviewCommandLoggerAction } from "./logger-actions-OaIvl-ai.js";
+import { sprintf, __ } from "@wordpress/i18n";
+import { f as calculateDirectorySizeForArchive, h as DEMO_SITE_SIZE_LIMIT_BYTES, L as LoggerError, j as DEMO_SITE_SIZE_LIMIT_GB, a as Logger, k as getSiteByFolder, g as getAuthToken, m as uploadArchive, w as waitForSiteReady } from "./appdata-07CF2rhg.js";
+import { a as archiveSiteContent, c as cleanup } from "./archive-xDmkN4wb.js";
+import { s as saveSnapshotToAppdata } from "./snapshots-6XE53y_F.js";
+async function validateSiteSize(siteFolder) {
+  const wpContentPath = path.join(siteFolder, "wp-content");
+  const wpContentSize = await calculateDirectorySizeForArchive(wpContentPath);
+  if (wpContentSize > DEMO_SITE_SIZE_LIMIT_BYTES) {
+    throw new LoggerError(
+      sprintf(
+        __(
+          "Your site exceeds the %d GB size limit. Please, consider removing unnecessary media files, plugins, or themes from wp-content."
+        ),
+        DEMO_SITE_SIZE_LIMIT_GB
+      )
+    );
+  }
+  return true;
+}
+async function runCommand(siteFolder) {
+  const archivePath = path.join(
+    os.tmpdir(),
+    `${path.basename(siteFolder)}-${Date.now()}.zip`
+  );
+  const logger = new Logger();
+  try {
+    logger.reportStart(PreviewCommandLoggerAction.VALIDATE, __("Validating…"));
+    await getSiteByFolder(siteFolder);
+    await validateSiteSize(siteFolder);
+    const token = await getAuthToken();
+    logger.reportSuccess(__("Validation successful"), true);
+    logger.reportStart(PreviewCommandLoggerAction.ARCHIVE, __("Creating archive…"));
+    await archiveSiteContent(siteFolder, archivePath);
+    logger.reportSuccess(__("Archive created"));
+    logger.reportStart(PreviewCommandLoggerAction.UPLOAD, __("Uploading archive…"));
+    const wordpressVersion = getWordPressVersion(siteFolder);
+    const uploadResponse = await uploadArchive(archivePath, token.accessToken, wordpressVersion);
+    logger.reportSuccess(__("Archive uploaded"));
+    logger.reportStart(PreviewCommandLoggerAction.READY, __("Creating preview site…"));
+    await waitForSiteReady(uploadResponse.site_id, token.accessToken);
+    logger.reportSuccess(
+      sprintf(__("Preview site available at: %s"), `https://${uploadResponse.site_url}`)
+    );
+    logger.reportStart(PreviewCommandLoggerAction.APPDATA, __("Saving preview site to Studio…"));
+    const snapshot = await saveSnapshotToAppdata(
+      siteFolder,
+      uploadResponse.site_id,
+      uploadResponse.site_url
+    );
+    logger.reportSuccess(__("Preview site saved to Studio"));
+    logger.reportKeyValuePair("name", snapshot.name ?? "");
+    logger.reportKeyValuePair("url", snapshot.url);
+  } catch (error) {
+    if (error instanceof LoggerError) {
+      logger.reportError(error);
+    } else {
+      const loggerError = new LoggerError(__("Failed to create preview site"), error);
+      logger.reportError(loggerError);
+    }
+  } finally {
+    void cleanup(archivePath);
+  }
+}
+const registerCommand = (yargs) => {
+  return yargs.command({
+    command: "create",
+    describe: __("Create a preview site"),
+    handler: async (argv) => {
+      await runCommand(argv.path);
+    }
+  });
+};
+export {
+  registerCommand,
+  runCommand
+};