mirrors/opencode
1
0
Fork 0
mirror of https://github.com/sst/opencode.git synced 2025-08-31 18:27:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

convert share backend to hono app
Some checks are pending
deploy / deploy (push) Waiting to run
Details

Browse source
This commit is contained in:
Frank 2025-07-29 16:39:48 -04:00
parent a129e122aa
commit 4a46144419
8 changed files with 202 additions and 238 deletions
Download patch file Download diff file Expand all files Collapse all files

4
bun.lock
View file

@ -14,6 +14,7 @@
"dependencies": { "dependencies": {
"@octokit/auth-app": "8.0.1", "@octokit/auth-app": "8.0.1",
"@octokit/rest": "22.0.0", "@octokit/rest": "22.0.0",
"hono": "catalog:",
"jose": "6.0.11", "jose": "6.0.11",
}, },
"devDependencies": { "devDependencies": {
@ -41,7 +42,7 @@
"decimal.js": "10.5.0", "decimal.js": "10.5.0",
"diff": "8.0.2", "diff": "8.0.2",
"gray-matter": "4.0.3", "gray-matter": "4.0.3",
"hono": "4.7.10", "hono": "catalog:",
"hono-openapi": "0.4.8", "hono-openapi": "0.4.8",
"isomorphic-git": "1.32.1", "isomorphic-git": "1.32.1",
"open": "10.1.2", "open": "10.1.2",
@ -133,6 +134,7 @@
"catalog": { "catalog": {
"@types/node": "22.13.9", "@types/node": "22.13.9",
"ai": "5.0.0-beta.21", "ai": "5.0.0-beta.21",
"hono": "4.7.10",
"typescript": "5.8.2", "typescript": "5.8.2",
"zod": "3.25.49", "zod": "3.25.49",
}, },

7
package.json
View file

@ -15,10 +15,11 @@
"packages/*" "packages/*"
], ],
"catalog": { "catalog": {
"typescript": "5.8.2",
"@types/node": "22.13.9", "@types/node": "22.13.9",
"zod": "3.25.49", "ai": "5.0.0-beta.21",
"ai": "5.0.0-beta.21" "hono": "4.7.10",
"typescript": "5.8.2",
"zod": "3.25.49"
} }
}, },
"devDependencies": { "devDependencies": {

1
packages/function/package.json
View file

@ -12,6 +12,7 @@
"dependencies": { "dependencies": {
"@octokit/auth-app": "8.0.1", "@octokit/auth-app": "8.0.1",
"@octokit/rest": "22.0.0", "@octokit/rest": "22.0.0",
"hono": "catalog:",
"jose": "6.0.11" "jose": "6.0.11"
} }
} }

406
packages/function/src/api.ts
View file

@ -1,3 +1,4 @@
import { Hono } from "hono"
import { DurableObject } from "cloudflare:workers" import { DurableObject } from "cloudflare:workers"
import { randomUUID } from "node:crypto" import { randomUUID } from "node:crypto"
import { jwtVerify, createRemoteJWKSet } from "jose" import { jwtVerify, createRemoteJWKSet } from "jose"
@ -111,165 +112,156 @@ export class SyncServer extends DurableObject<Env> {
} }
} }
export default { export default new Hono<{ Bindings: Env }>()
async fetch(request: Request, env: Env, ctx: ExecutionContext): Promise<Response> { .get("/", (c) => c.text("Hello, world!"))
const url = new URL(request.url) .post("/share_create", async (c) => {
const splits = url.pathname.split("/") const body = await c.req.json<{ sessionID: string }>()
const method = splits[1] const sessionID = body.sessionID
const short = SyncServer.shortName(sessionID)
if (request.method === "GET" && method === "") { const id = c.env.SYNC_SERVER.idFromName(short)
return new Response("Hello, world!", { const stub = c.env.SYNC_SERVER.get(id)
headers: { "Content-Type": "text/plain" }, const secret = await stub.share(sessionID)
}) return c.json({
secret,
url: `https://${c.env.WEB_DOMAIN}/s/${short}`,
})
})
.post("/share_delete", async (c) => {
const body = await c.req.json<{ sessionID: string; secret: string }>()
const sessionID = body.sessionID
const secret = body.secret
const id = c.env.SYNC_SERVER.idFromName(SyncServer.shortName(sessionID))
const stub = c.env.SYNC_SERVER.get(id)
await stub.assertSecret(secret)
await stub.clear()
return c.json({})
})
.post("/share_delete_admin", async (c) => {
const id = c.env.SYNC_SERVER.idFromName("oVF8Rsiv")
const stub = c.env.SYNC_SERVER.get(id)
await stub.clear()
return c.json({})
})
.post("/share_sync", async (c) => {
const body = await c.req.json<{
sessionID: string
secret: string
key: string
content: any
}>()
const name = SyncServer.shortName(body.sessionID)
const id = c.env.SYNC_SERVER.idFromName(name)
const stub = c.env.SYNC_SERVER.get(id)
await stub.assertSecret(body.secret)
await stub.publish(body.key, body.content)
return c.json({})
})
.get("/share_poll", async (c) => {
const upgradeHeader = c.req.header("Upgrade")
if (!upgradeHeader || upgradeHeader !== "websocket") {
return c.text("Error: Upgrade header is required", { status: 426 })
} }
const id = c.req.query("id")
console.log("share_poll", id)
if (!id) return c.text("Error: Share ID is required", { status: 400 })
const stub = c.env.SYNC_SERVER.get(c.env.SYNC_SERVER.idFromName(id))
return stub.fetch(c.req.raw)
})
.get("/share_data", async (c) => {
const id = c.req.query("id")
console.log("share_data", id)
if (!id) return c.text("Error: Share ID is required", { status: 400 })
const stub = c.env.SYNC_SERVER.get(c.env.SYNC_SERVER.idFromName(id))
const data = await stub.getData()
if (request.method === "POST" && method === "share_create") { let info
const body = await request.json<any>() const messages: Record<string, any> = {}
const sessionID = body.sessionID data.forEach((d) => {
const short = SyncServer.shortName(sessionID) const [root, type, ...splits] = d.key.split("/")
const id = env.SYNC_SERVER.idFromName(short) if (root !== "session") return
const stub = env.SYNC_SERVER.get(id) if (type === "info") {
const secret = await stub.share(sessionID) info = d.content
return new Response( return
JSON.stringify({
secret,
url: `https://${env.WEB_DOMAIN}/s/${short}`,
}),
{
headers: { "Content-Type": "application/json" },
},
)
}
if (request.method === "POST" && method === "share_delete") {
const body = await request.json<any>()
const sessionID = body.sessionID
const secret = body.secret
const id = env.SYNC_SERVER.idFromName(SyncServer.shortName(sessionID))
const stub = env.SYNC_SERVER.get(id)
await stub.assertSecret(secret)
await stub.clear()
return new Response(JSON.stringify({}), {
headers: { "Content-Type": "application/json" },
})
}
if (request.method === "POST" && method === "share_delete_admin") {
const id = env.SYNC_SERVER.idFromName("oVF8Rsiv")
const stub = env.SYNC_SERVER.get(id)
await stub.clear()
return new Response(JSON.stringify({}), {
headers: { "Content-Type": "application/json" },
})
}
if (request.method === "POST" && method === "share_sync") {
const body = await request.json<{
sessionID: string
secret: string
key: string
content: any
}>()
const name = SyncServer.shortName(body.sessionID)
const id = env.SYNC_SERVER.idFromName(name)
const stub = env.SYNC_SERVER.get(id)
await stub.assertSecret(body.secret)
await stub.publish(body.key, body.content)
return new Response(JSON.stringify({}), {
headers: { "Content-Type": "application/json" },
})
}
if (request.method === "GET" && method === "share_poll") {
const upgradeHeader = request.headers.get("Upgrade")
if (!upgradeHeader || upgradeHeader !== "websocket") {
return new Response("Error: Upgrade header is required", {
status: 426,
})
} }
const id = url.searchParams.get("id") if (type === "message") {
console.log("share_poll", id) messages[d.content.id] = {
if (!id) return new Response("Error: Share ID is required", { status: 400 }) parts: [],
const stub = env.SYNC_SERVER.get(env.SYNC_SERVER.idFromName(id)) ...d.content,
return stub.fetch(request) }
} }
if (type === "part") {
messages[d.content.messageID].parts.push(d.content)
}
})
if (request.method === "GET" && method === "share_data") { return c.json({ info, messages })
const id = url.searchParams.get("id") })
console.log("share_data", id) /**
if (!id) return new Response("Error: Share ID is required", { status: 400 }) * Used by the GitHub action to get GitHub installation access token given the OIDC token
const stub = env.SYNC_SERVER.get(env.SYNC_SERVER.idFromName(id)) */
const data = await stub.getData() .post("/exchange_github_app_token", async (c) => {
const EXPECTED_AUDIENCE = "opencode-github-action"
const GITHUB_ISSUER = "https://token.actions.githubusercontent.com"
const JWKS_URL = `${GITHUB_ISSUER}/.well-known/jwks`
let info // get Authorization header
const messages: Record<string, any> = {} const token = c.req.header("Authorization")?.replace(/^Bearer /, "")
data.forEach((d) => { if (!token) return c.json({ error: "Authorization header is required" }, { status: 401 })
const [root, type, ...splits] = d.key.split("/")
if (root !== "session") return // verify token
if (type === "info") { const JWKS = createRemoteJWKSet(new URL(JWKS_URL))
info = d.content let owner, repo
return try {
} const { payload } = await jwtVerify(token, JWKS, {
if (type === "message") { issuer: GITHUB_ISSUER,
messages[d.content.id] = { audience: EXPECTED_AUDIENCE,
parts: [],
...d.content,
}
}
if (type === "part") {
messages[d.content.messageID].parts.push(d.content)
}
}) })
const sub = payload.sub // e.g. 'repo:my-org/my-repo:ref:refs/heads/main'
return new Response( const parts = sub.split(":")[1].split("/")
JSON.stringify({ owner = parts[0]
info, repo = parts[1]
messages, } catch (err) {
}), console.error("Token verification failed:", err)
{ return c.json({ error: "Invalid or expired token" }, { status: 403 })
headers: { "Content-Type": "application/json" },
},
)
} }
/** // Create app JWT token
* Used by the GitHub action to get GitHub installation access token given the OIDC token const auth = createAppAuth({
*/ appId: Resource.GITHUB_APP_ID.value,
if (request.method === "POST" && method === "exchange_github_app_token") { privateKey: Resource.GITHUB_APP_PRIVATE_KEY.value,
const EXPECTED_AUDIENCE = "opencode-github-action" })
const GITHUB_ISSUER = "https://token.actions.githubusercontent.com" const appAuth = await auth({ type: "app" })
const JWKS_URL = `${GITHUB_ISSUER}/.well-known/jwks`
// Lookup installation
const octokit = new Octokit({ auth: appAuth.token })
const { data: installation } = await octokit.apps.getRepoInstallation({ owner, repo })
// Get installation token
const installationAuth = await auth({ type: "installation", installationId: installation.id })
return c.json({ token: installationAuth.token })
})
/**
* Used by the GitHub action to get GitHub installation access token given user PAT token (used when testing `opencode github run` locally)
*/
.post("/exchange_github_app_token_with_pat", async (c) => {
const body = await c.req.json<{ owner: string; repo: string }>()
const owner = body.owner
const repo = body.repo
try {
// get Authorization header // get Authorization header
const authHeader = request.headers.get("Authorization") const authHeader = c.req.header("Authorization")
const token = authHeader?.replace(/^Bearer /, "") const token = authHeader?.replace(/^Bearer /, "")
if (!token) if (!token) throw new Error("Authorization header is required")
return new Response(JSON.stringify({ error: "Authorization header is required" }), {
status: 401,
headers: { "Content-Type": "application/json" },
})
// verify token // Verify permissions
const JWKS = createRemoteJWKSet(new URL(JWKS_URL)) const userClient = new Octokit({ auth: token })
let owner, repo const { data: repoData } = await userClient.repos.get({ owner, repo })
try { if (!repoData.permissions.admin && !repoData.permissions.push && !repoData.permissions.maintain)
const { payload } = await jwtVerify(token, JWKS, { throw new Error("User does not have write permissions")
issuer: GITHUB_ISSUER,
audience: EXPECTED_AUDIENCE,
})
const sub = payload.sub // e.g. 'repo:my-org/my-repo:ref:refs/heads/main'
const parts = sub.split(":")[1].split("/")
owner = parts[0]
repo = parts[1]
} catch (err) {
console.error("Token verification failed:", err)
return new Response(JSON.stringify({ error: "Invalid or expired token" }), {
status: 403,
headers: { "Content-Type": "application/json" },
})
}
// Create app JWT token // Get installation token
const auth = createAppAuth({ const auth = createAppAuth({
appId: Resource.GITHUB_APP_ID.value, appId: Resource.GITHUB_APP_ID.value,
privateKey: Resource.GITHUB_APP_PRIVATE_KEY.value, privateKey: Resource.GITHUB_APP_PRIVATE_KEY.value,
@ -277,99 +269,49 @@ export default {
const appAuth = await auth({ type: "app" }) const appAuth = await auth({ type: "app" })
// Lookup installation // Lookup installation
const octokit = new Octokit({ auth: appAuth.token }) const appClient = new Octokit({ auth: appAuth.token })
const { data: installation } = await octokit.apps.getRepoInstallation({ owner, repo }) const { data: installation } = await appClient.apps.getRepoInstallation({ owner, repo })
// Get installation token // Get installation token
const installationAuth = await auth({ type: "installation", installationId: installation.id }) const installationAuth = await auth({ type: "installation", installationId: installation.id })
return new Response(JSON.stringify({ token: installationAuth.token }), { return c.json({ token: installationAuth.token })
headers: { "Content-Type": "application/json" }, } catch (e: any) {
}) let error = e
if (e instanceof Error) {
error = e.message
}
return c.json({ error }, { status: 401 })
} }
})
/**
* Used by the opencode CLI to check if the GitHub app is installed
*/
.get("/get_github_app_installation", async (c) => {
const owner = c.req.query("owner")
const repo = c.req.query("repo")
/** const auth = createAppAuth({
* Used by the GitHub action to get GitHub installation access token given user PAT token (used when testing `opencode github run` locally) appId: Resource.GITHUB_APP_ID.value,
*/ privateKey: Resource.GITHUB_APP_PRIVATE_KEY.value,
if (request.method === "POST" && method === "exchange_github_app_token_with_pat") { })
const body = await request.json<any>() const appAuth = await auth({ type: "app" })
const owner = body.owner
const repo = body.repo
try { // Lookup installation
// get Authorization header const octokit = new Octokit({ auth: appAuth.token })
const authHeader = request.headers.get("Authorization") let installation
const token = authHeader?.replace(/^Bearer /, "") try {
if (!token) throw new Error("Authorization header is required") const ret = await octokit.apps.getRepoInstallation({ owner, repo })
installation = ret.data
// Verify permissions } catch (err) {
const userClient = new Octokit({ auth: token }) if (err instanceof Error && err.message.includes("Not Found")) {
const { data: repoData } = await userClient.repos.get({ owner, repo }) // not installed
if (!repoData.permissions.admin && !repoData.permissions.push && !repoData.permissions.maintain) } else {
throw new Error("User does not have write permissions") throw err
// Get installation token
const auth = createAppAuth({
appId: Resource.GITHUB_APP_ID.value,
privateKey: Resource.GITHUB_APP_PRIVATE_KEY.value,
})
const appAuth = await auth({ type: "app" })
// Lookup installation
const appClient = new Octokit({ auth: appAuth.token })
const { data: installation } = await appClient.apps.getRepoInstallation({ owner, repo })
// Get installation token
const installationAuth = await auth({ type: "installation", installationId: installation.id })
return new Response(JSON.stringify({ token: installationAuth.token }), {
headers: { "Content-Type": "application/json" },
})
} catch (e: any) {
let error = e
if (e instanceof Error) {
error = e.message
}
return new Response(JSON.stringify({ error }), {
status: 401,
headers: { "Content-Type": "application/json" },
})
} }
} }
/** return c.json({ installation })
* Used by the opencode CLI to check if the GitHub app is installed })
*/ .all("*", (c) => c.text("Not Found"))
if (request.method === "GET" && method === "get_github_app_installation") {
const owner = url.searchParams.get("owner")
const repo = url.searchParams.get("repo")
const auth = createAppAuth({
appId: Resource.GITHUB_APP_ID.value,
privateKey: Resource.GITHUB_APP_PRIVATE_KEY.value,
})
const appAuth = await auth({ type: "app" })
// Lookup installation
const octokit = new Octokit({ auth: appAuth.token })
let installation
try {
const ret = await octokit.apps.getRepoInstallation({ owner, repo })
installation = ret.data
} catch (err) {
if (err instanceof Error && err.message.includes("Not Found")) {
// not installed
} else {
throw err
}
}
return new Response(JSON.stringify({ installation }), {
headers: { "Content-Type": "application/json" },
})
}
return new Response("Not Found", { status: 404 })
},
}

2
packages/opencode/package.json
View file

@ -40,7 +40,7 @@
"decimal.js": "10.5.0", "decimal.js": "10.5.0",
"diff": "8.0.2", "diff": "8.0.2",
"gray-matter": "4.0.3", "gray-matter": "4.0.3",
"hono": "4.7.10", "hono": "catalog:",
"hono-openapi": "0.4.8", "hono-openapi": "0.4.8",
"isomorphic-git": "1.32.1", "isomorphic-git": "1.32.1",
"open": "10.1.2", "open": "10.1.2",

2
packages/opencode/src/cli/cmd/github.ts
View file

@ -274,7 +274,7 @@ export const GithubInstallCommand = cmd({
// Wait for installation // Wait for installation
s.message("Waiting for GitHub app to be installed") s.message("Waiting for GitHub app to be installed")
const MAX_RETRIES = 60 const MAX_RETRIES = 120
let retries = 0 let retries = 0
do { do {
const installation = await getInstallation() const installation = await getInstallation()

9
packages/sdk/sst-env.d.ts vendored Normal file
View file

@ -0,0 +1,9 @@
/* This file is auto-generated by SST. Do not edit. */
/* tslint:disable */
/* eslint-disable */
/* deno-fmt-ignore-file */
/// <reference path="../../sst-env.d.ts" />
import "sst"
export {}

9
sdks/vscode/sst-env.d.ts vendored Normal file
View file

@ -0,0 +1,9 @@
/* This file is auto-generated by SST. Do not edit. */
/* tslint:disable */
/* eslint-disable */
/* deno-fmt-ignore-file */
/// <reference path="../../sst-env.d.ts" />
import "sst"
export {}