feat!: remove url token auth

LouisHaftmann · LouisHaftmann · commit 8e97edab1c05 · 2025-02-01T14:36:05.000+01:00
diff --git a/.env b/.env
@@ -1,4 +1,3 @@
-URL_ACCESS_TOKEN=test_token
 API_BASE_URL=http://localhost:3000
 DEBUG=true
 
diff --git a/lib/auth.ts b/lib/auth.ts
diff --git a/lib/env.ts b/lib/env.ts
@@ -4,7 +4,6 @@ const booleanSchema = z.string().transform((v) => v.toLowerCase() === 'true')
 
 const envSchema = z.object({
   ENABLE_DIRECT_DOWNLOADS: booleanSchema.default('false'),
-  URL_ACCESS_TOKEN: z.string().min(1),
   CLEANUP_OLDER_THAN_DAYS: z.coerce.number().int().min(0).default(90),
   API_BASE_URL: z.string().url(),
   STORAGE_DRIVER: z.string().toLowerCase().default('filesystem'),
diff --git a/package.json b/package.json
@@ -16,7 +16,7 @@
     "lint:ci": "eslint --cache --cache-strategy content . && prettier --check --cache --cache-strategy content .",
     "lint:fix": "eslint --fix --cache . && prettier --write --cache .",
     "type-check": "tsc -p tsconfig.json --noEmit",
-    "action": "act -v --env ACTIONS_CACHE_URL=http://host.docker.internal:3000/test_token/ --container-architecture linux/amd64 -W tests",
+    "action": "act -v --env ACTIONS_CACHE_URL=http://host.docker.internal:3000/ --container-architecture linux/amd64 -W tests",
     "test:watch": "DEBUG=true VITEST_DB_DRIVER=sqlite VITEST_STORAGE_DRIVER=filesystem vitest --watch --ui",
     "test:run": "vitest run"
   },
diff --git a/plugins/setup.ts b/plugins/setup.ts
@@ -19,19 +19,17 @@ export default defineNitroPlugin(async (nitro) => {
     }
 
     logger.error(
-      `Response: ${event.method} ${obfuscateTokenFromPath(event.path)} > ${error instanceof H3Error ? error.statusCode : '[no status code]'}\n`,
+      `Response: ${event.method} ${event.path} > ${error instanceof H3Error ? error.statusCode : '[no status code]'}\n`,
       error,
     )
   })
 
   if (ENV.DEBUG) {
     nitro.hooks.hook('request', (event) => {
-      logger.debug(`Request: ${event.method} ${obfuscateTokenFromPath(event.path)}`)
+      logger.debug(`Request: ${event.method} ${event.path}`)
     })
     nitro.hooks.hook('afterResponse', (event) => {
-      logger.debug(
-        `Response: ${event.method} ${obfuscateTokenFromPath(event.path)} > ${getResponseStatus(event)}`,
-      )
+      logger.debug(`Response: ${event.method} ${event.path} > ${getResponseStatus(event)}`)
     })
   }
 
@@ -60,9 +58,3 @@ export default defineNitroPlugin(async (nitro) => {
 
   if (process.send) process.send('nitro:ready')
 })
-
-function obfuscateTokenFromPath(path: string) {
-  const split = path.split('/_apis')
-  if (split.length <= 1) return path
-  return `/<secret_token>/_apis${split[1]}`
-}
diff --git a/routes/[token]/_apis/artifactcache/cache.get.ts b/routes/[token]/_apis/artifactcache/cache.get.ts
diff --git a/routes/[token]/_apis/artifactcache/caches/[cacheId].patch.ts b/routes/[token]/_apis/artifactcache/caches/[cacheId].patch.ts
diff --git a/routes/[token]/_apis/artifactcache/caches/[cacheId].post.ts b/routes/[token]/_apis/artifactcache/caches/[cacheId].post.ts
diff --git a/routes/[token]/_apis/artifactcache/caches/index.post.ts b/routes/[token]/_apis/artifactcache/caches/index.post.ts
diff --git a/routes/_apis/artifactcache/cache.get.ts b/routes/_apis/artifactcache/cache.get.ts
@@ -0,0 +1,32 @@
+import { z } from 'zod'
+
+import { useStorageAdapter } from '~/lib/storage'
+
+const queryParamSchema = z.object({
+  keys: z
+    .string()
+    .min(1)
+    .transform((value) => value.split(',')),
+  version: z.string().min(1),
+})
+
+export default defineEventHandler(async (event) => {
+  const parsedQuery = queryParamSchema.safeParse(getQuery(event))
+  if (!parsedQuery.success)
+    throw createError({
+      statusCode: 400,
+      statusMessage: `Invalid query parameters: ${parsedQuery.error.message}`,
+    })
+
+  const { keys, version } = parsedQuery.data
+
+  const adapter = await useStorageAdapter()
+  const storageEntry = await adapter.getCacheEntry(keys, version)
+
+  if (!storageEntry) {
+    setResponseStatus(event, 204)
+    return
+  }
+
+  return storageEntry
+})
diff --git a/routes/_apis/artifactcache/caches/[cacheId].patch.ts b/routes/_apis/artifactcache/caches/[cacheId].patch.ts
@@ -0,0 +1,47 @@
+import type { Buffer } from 'node:buffer'
+
+import { z } from 'zod'
+import { logger } from '~/lib/logger'
+
+import { useStorageAdapter } from '~/lib/storage'
+
+const pathParamsSchema = z.object({
+  cacheId: z.coerce.number(),
+})
+
+export default defineEventHandler(async (event) => {
+  const parsedPathParams = pathParamsSchema.safeParse(event.context.params)
+  if (!parsedPathParams.success)
+    throw createError({
+      statusCode: 400,
+      statusMessage: `Invalid path parameters: ${parsedPathParams.error.message}`,
+    })
+
+  const { cacheId } = parsedPathParams.data
+
+  const stream = getRequestWebStream(event)
+  if (!stream) {
+    logger.debug('Upload: Request body is not a stream')
+    throw createError({ statusCode: 400, statusMessage: 'Request body must be a stream' })
+  }
+
+  const contentRangeHeader = getHeader(event, 'content-range')
+  if (!contentRangeHeader) {
+    logger.debug("Upload: 'content-range' header not found")
+    throw createError({ statusCode: 400, statusMessage: "'content-range' header is required" })
+  }
+
+  const { start, end } = parseContentRangeHeader(contentRangeHeader)
+  if (Number.isNaN(start) || Number.isNaN(end)) {
+    logger.debug(`Upload: Invalid 'content-range' header (${contentRangeHeader})`)
+    throw createError({ statusCode: 400, statusMessage: 'Invalid content-range header' })
+  }
+
+  const adapter = await useStorageAdapter()
+  await adapter.uploadChunk(cacheId, stream as ReadableStream<Buffer>, start, end)
+})
+
+function parseContentRangeHeader(contentRange: string) {
+  const [start, end] = contentRange.replace('bytes', '').replace('/*', '').trim().split('-')
+  return { start: Number.parseInt(start), end: Number.parseInt(end) }
+}
diff --git a/routes/_apis/artifactcache/caches/[cacheId].post.ts b/routes/_apis/artifactcache/caches/[cacheId].post.ts
@@ -0,0 +1,35 @@
+import { z } from 'zod'
+
+import { useStorageAdapter } from '~/lib/storage'
+
+const pathParamsSchema = z.object({
+  cacheId: z.coerce.number(),
+})
+
+const bodySchema = z.object({
+  size: z.number().positive(),
+})
+
+export default defineEventHandler(async (event) => {
+  const parsedPathParams = pathParamsSchema.safeParse(event.context.params)
+  if (!parsedPathParams.success)
+    throw createError({
+      statusCode: 400,
+      statusMessage: `Invalid path parameters: ${parsedPathParams.error.message}`,
+    })
+
+  const { cacheId } = parsedPathParams.data
+
+  const body = (await readBody(event)) as unknown
+  const parsedBody = bodySchema.safeParse(body)
+  if (!parsedBody.success)
+    throw createError({
+      statusCode: 400,
+      statusMessage: `Invalid body: ${parsedBody.error.message}`,
+    })
+
+  const { size } = parsedBody.data
+
+  const adapter = await useStorageAdapter()
+  await adapter.commitCache(cacheId, size)
+})
diff --git a/routes/_apis/artifactcache/caches/index.post.ts b/routes/_apis/artifactcache/caches/index.post.ts
@@ -0,0 +1,24 @@
+import { z } from 'zod'
+
+import { useStorageAdapter } from '~/lib/storage'
+
+const bodySchema = z.object({
+  key: z.string().min(1),
+  version: z.string(),
+  cacheSize: z.number().positive().nullish(),
+})
+
+export default defineEventHandler(async (event) => {
+  const body = (await readBody(event)) as unknown
+  const parsedBody = bodySchema.safeParse(body)
+  if (!parsedBody.success)
+    throw createError({
+      statusCode: 400,
+      statusMessage: `Invalid body: ${parsedBody.error.message}`,
+    })
+
+  const { cacheSize, key, version } = parsedBody.data
+
+  const adapter = await useStorageAdapter()
+  return adapter.reserveCache(key, version, cacheSize ?? undefined)
+})
diff --git a/tests/.env.base b/tests/.env.base
@@ -1,5 +1,4 @@
-URL_ACCESS_TOKEN=test_token
 API_BASE_URL=http://localhost:3000
 NODE_ENV=development
 RUNNER_TEMP=tests/temp/runner
-ACTIONS_CACHE_URL=http://localhost:3000/test_token/
+ACTIONS_CACHE_URL=http://localhost:3000/
diff --git a/tests/utils.ts b/tests/utils.ts
@@ -1,7 +1,7 @@
 import ky from 'ky'
 
 export const cacheApi = ky.extend({
-  prefixUrl: 'http://localhost:3000/test_token/_apis/artifactcache',
+  prefixUrl: 'http://localhost:3000/_apis/artifactcache',
   throwHttpErrors: false,
 })
 

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,3 @@`
`1`		`-URL_ACCESS_TOKEN=test_token`
`2`	`1`	`API_BASE_URL=http://localhost:3000`
`3`	`2`	`DEBUG=true`
`4`	`3`