proofzero · alfl · Mar 17, 2022 · Mar 16, 2022
diff --git a/.github/settings.yml b/.github/settings.yml
@@ -1,7 +1,9 @@
+---
 # These settings are synced to GitHub by https://probot.github.io/apps/settings/
 
 repository:
-  # See https://docs.github.com/en/rest/reference/repos#update-a-repository for all available settings.
+  # See https://docs.github.com/en/rest/reference/repos#update-a-repository
+  # for all available settings.
 
   # The name of the repository. Changing this will rename the repository
   name: web3-publish
@@ -21,14 +23,17 @@ repository:
   # Either `true` to enable issues for this repository, `false` to disable them.
   has_issues: true
 
-  # Either `true` to enable projects for this repository, or `false` to disable them.
-  # If projects are disabled for the organization, passing `true` will cause an API error.
+  # Either `true` to enable projects for this repository, or `false` to disable
+  # them.
+  # If projects are disabled for the organization, passing `true` will cause an
+  # API error.
   has_projects: true
 
   # Either `true` to enable the wiki for this repository, `false` to disable it.
   has_wiki: true
 
-  # Either `true` to enable downloads for this repository, `false` to disable them.
+  # Either `true` to enable downloads for this repository, `false` to disable
+  # them.
   has_downloads: false
 
   # Updates the default branch for this repository.
@@ -46,7 +51,8 @@ repository:
   # rebase-merging.
   allow_rebase_merge: false
 
-  # Either `true` to enable automatic deletion of branches on merge, or `false` to disable
+  # Either `true` to enable automatic deletion of branches on merge, or `false`
+  # to disable
   delete_branch_on_merge: true
 
   # Either `true` to enable automated security fixes, or `false` to disable
@@ -65,36 +71,40 @@ labels:
 
   - name: question
     color: '#d876e3'
-    description: Indicates that an issue, pull request, or discussion needs more information
+    description: "Indicates that an issue, pull request, or discussion needs \"
+    more information"
 
   - name: enhancement
     color: '#a2eeef'
     description: Indicates new feature requests
-  
+
   - name: good-first-issue
     color: '#7057ff'
     description: Indicates a good issue for first-time contributors
-  
+
   - name: documentation
     color: '#0075ca'
     description: Indicates a need for improvements or additions to documentation
-  
+
   - name: help-wanted
     color: '#008672'
-    description: Indicates that a maintainer wants help on an issue or pull request
+    description: "Indicates that a maintainer wants help on an issue or pull \"
+    request"
 
   - name: invalid
     color: '#e4e669'
-    description: Indicates that an issue, pull request, or discussion is no longer relevant
+    description: "Indicates that an issue, pull request, or discussion is no \"
+    longer relevant"
 
   - name: wontfix
     color: '#FFFFFF'
-    description: Indicates that work won't continue on an issue, pull request, or discussion
+    description: "Indicates that work won't continue on an issue, pull \"
+    request, or discussion"
 
   - name: duplicate
     color: '#cfd3d7'
     description: Indicates similar issues, pull requests, or discussions
-  
+
   - name: security
     color: '#D93F0B'
     description: Indicates a security issue
@@ -111,29 +121,39 @@ branches:
     # https://docs.github.com/en/rest/reference/repos#update-branch-protection
     # Branch Protection settings. Set to null to disable
     protection:
-      # Required. Require at least one approving review on a pull request, before merging. Set to null to disable.
+      # Required. Require at least one approving review on a pull request,
+      # before merging. Set to null to disable.
       required_pull_request_reviews:
         # The number of approvals required. (1-6)
         required_approving_review_count: 1
         # Dismiss approved reviews automatically when a new commit is pushed.
         dismiss_stale_reviews: true
         # Blocks merge until code owners have reviewed.
         require_code_owner_reviews: false
-        # Specify which users and teams can dismiss pull request reviews. Pass an empty dismissal_restrictions object to disable. User and team dismissal_restrictions are only available for organization-owned repositories. Omit this parameter for personal repositories.
+        # Specify which users and teams can dismiss pull request reviews. Pass
+        # an empty dismissal_restrictions object to disable. User and team
+        # dismissal_restrictions are only available for organization-owned
+        # repositories. Omit this parameter for personal repositories.
         dismissal_restrictions:
           users: []
           teams: []
-      # Required. Require status checks to pass before merging. Set to null to disable
+      # Required. Require status checks to pass before merging. Set to null to
+      # disable
       required_status_checks:
         # Required. Require branches to be up to date before merging.
         strict: true
-        # Required. The list of status checks to require in order to merge into this branch
+        # Required. The list of status checks to require in order to merge into
+        # this branch
         contexts: []
-      # Required. Enforce all configured restrictions for administrators. Set to true to enforce required status checks for repository administrators. Set to null to disable.
+      # Required. Enforce all configured restrictions for administrators. Set to
+      # true to enforce required status checks for repository administrators.
+      # Set to null to disable.
       enforce_admins: true
       # Prevent merge commits from being pushed to matching branches
       required_linear_history: true
-      # Required. Restrict who can push to this branch. Team and user restrictions are only available for organization-owned repositories. Set to null to disable.
+      # Required. Restrict who can push to this branch. Team and user
+      # restrictions are only available for organization-owned repositories. Set
+      # to null to disable.
       restrictions:
         apps: []
         users: []

diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -1,6 +1,6 @@
 ---
 name: build and test
-on:
+on:  # yamllint disable-line rule:truthy
   pull_request:
     branches:
       - main
@@ -18,4 +18,3 @@ jobs:
       - run: npm install
       - run: npm run test
       - run: npm run build
-
diff --git a/.github/workflows/yamllint.yaml b/.github/workflows/yamllint.yaml
@@ -1,6 +1,6 @@
 ---
 name: 'Yamllint'
-on:
+on:  # yamllint disable-line rule:truthy
   - pull_request
 
 jobs:

diff --git a/README.md b/README.md
@@ -104,10 +104,6 @@ into our graph.
 IPFS. If `false` names and metadata are created. If `true` names and metadata
 are created and the content is pinned on IPFS.
 
-- `skip` is a boolean that tells us to skip key generation, treat `secret`
-as a base64-encoded key exported directly from go-ipfs, and use it for publishing.
-This is useful for migrating already-published names to Kubelt.
-
 - `core` is the name of your custom core (default is ours: `kbt`). For now, think
 of cores as namespaces. Within a core, specified `name`s are considered unique.
 Contact us to create your core.

diff --git a/action.yaml b/action.yaml
@@ -26,12 +26,9 @@ inputs:
   published:
     description: 'Whether the content is published. Default false.'
     required: false
-  skip:
-    description: 'Whether to skip key generation and simply use the passed secret.'
-    required: false
   core:
-    description: "The core (namespace) that you want to publish your names under. \"
-    Default is 'kbt'."
+    description: "The core (namespace) that you want to publish your names \"
+    under. Default is 'kbt'."
     required: false
   domain:
     description: "The custom domain to which we're publishing (requires \"

diff --git a/dist/index.js b/dist/index.js
@@ -43512,8 +43512,6 @@ const { CID } = __nccwpck_require__(6447)
 const { base36 } = __nccwpck_require__(9587)
 
 // For HTTP comms:
-const http = __nccwpck_require__(3685)
-const https = __nccwpck_require__(5687)
 const fetch = __nccwpck_require__(8311)
 const FormData = __nccwpck_require__(3101)
 
@@ -43654,7 +43652,7 @@ async function getBody(as, filepath) {
         })
 }
 
-async function start(secret, globspec, namespec, core, domain, published, skip, as, limit = -1, endpoint = 'https://api.pndo.xyz') {
+async function start(secret, globspec, namespec, core, domain = 'https://api.pndo.xyz', published, skip, as, limit = -1, endpoint) {
     return glob(globspec).then(async files => {
         const limiter = limit < 0 ? files.length : limit
         const requestMap = files.slice(0, limiter).map(async file => {
@@ -43693,8 +43691,7 @@ async function start(secret, globspec, namespec, core, domain, published, skip,
                         'path': file,
                         'as': as,
                     }),
-                    'X-Public-Key': encodedPubKey, // TODO: publishing key?
-                    'X-Signature': encodedPubKey, // TODO: publishing key?
+                    'X-Public-Key': encodedPubKey,
                 },
                 retry: 3,      // node-fetch-retry option -- number of attempts
                 pause: 500,    // node-fetch-retry option -- millisecond delay
@@ -43712,15 +43709,12 @@ async function start(secret, globspec, namespec, core, domain, published, skip,
             // If we're overriding the domain, use the override (for testing).
             const urlbase = endpoint || domain
 
-            ////////////////////////////////////////////////////////////////////
-            // TODO: Needs refactor. Uses v1 endpoint for speed.
-            ////////////////////////////////////////////////////////////////////
-            let v1_promise = null
+            let v0_promise = null
             if ('dag' == as) {
                 const cid = carfile.roots[0].toString()
-                const url_v1 = new URL(humanName, new URL('/v0/api/content/' + core + '/', urlbase))
-                //console.log(url_v1.toString())
-                v1_promise = fs.open(file)
+                const url_v0 = new URL(humanName, new URL('/v0/api/content/' + core + '/', urlbase))
+                //console.log(url_v0.toString())
+                v0_promise = fs.open(file)
                     .then(async fd => {
                         const opts = options //JSON.parse(JSON.stringify(options))
                         opts.headers['content-type'] = 'application/json'
@@ -43729,7 +43723,14 @@ async function start(secret, globspec, namespec, core, domain, published, skip,
                         opts.body = await fd.readFile()//createReadStream()
                         fd.close()
 
-                        return fetch(url_v1, opts)
+                        //console.log('body', opts.body.length)
+                        const raw_sig = Buffer.from(await publishingKey.sign(opts.body))
+                        //console.log(raw_sig)
+                        const b64_sig = raw_sig.toString('base64')
+                        //console.log(b64_sig)
+                        opts.headers['x-signature'] = b64_sig
+
+                        return fetch(url_v0, opts)
                             .then(r => r.json()).then(j => {
                                 //fd.close()
                                 j.metadata.box.name = '/' + core + '/' + humanName
@@ -43739,48 +43740,8 @@ async function start(secret, globspec, namespec, core, domain, published, skip,
                             })
                     })
             }
-            ////////////////////////////////////////////////////////////////////
-
-            // Make recalls to the previous API version fire-and-forget:
-
-            /*const url = new URL(contentName, new URL('/last/api/content/kbt/', urlbase))
-            let v0_request = null
-
-            /*options.port = url.port
-            options.hostname = url.hostname
-            options.protocol = url.protocol
-            options.path = url.pathname
 
-            v0_request = 'https:' == options.protocol.toLowerCase() ? https.request(options) : http.request(options)
-
-            if ('file' != as) {
-                v0_request.write(await body.readFile())
-                body.close()
-            } else {
-                v0_request.write(await body.fd.readFile())
-                body.fd.close()
-            }
-
-            v0_request.end()
-
-            /*fetch(url, options)
-                .then(response => response.json())
-                .then(json => {
-                    json.metadata.box.name = '/' + core + '/' + humanName
-                    json.metadata.box.key = encodedPubKey
-                    return json
-                })
-                .catch(e => { console.log('failed at url: ', url, e) })
-                .finally(() => {
-               })
-
-            if (v0_request && v1_promise) {
-                // Fire Estuary and Wasabi, but resolve when one comes back.
-                return Promise.any([v0_request, v1_promise])
-            } else {
-                return v0_request || v1_promise
-            }/**/
-            return v1_promise
+            return v0_promise
         })
 
         return Promise.all(requestMap)
@@ -44258,7 +44219,6 @@ const corename  = core.getInput('core',   { required: false }) || 'kbt'
 const domain    = core.getInput('domain', { required: false }) || 'https://api.pndo.xyz'
 
 const published = core.getBooleanInput('published', {required: false}) || false
-const skip      = core.getBooleanInput('skip',      {required: false}) || false
 
 const as = lib.getAs(core.getInput('as',  { required: false }))
 
@@ -44269,7 +44229,7 @@ async function go () {
         corename,
         domain,
         published,
-        skip,
+        true, // deprecate skip
         as))
 }
 

diff --git a/index.js b/index.js
@@ -8,7 +8,6 @@ const corename  = core.getInput('core',   { required: false }) || 'kbt'
 const domain    = core.getInput('domain', { required: false }) || 'https://api.pndo.xyz'
 
 const published = core.getBooleanInput('published', {required: false}) || false
-const skip      = core.getBooleanInput('skip',      {required: false}) || false
 
 const as = lib.getAs(core.getInput('as',  { required: false }))
 
@@ -19,7 +18,7 @@ async function go () {
         corename,
         domain,
         published,
-        skip,
+        true, // deprecate skip
         as))
 }
 

diff --git a/src/library.js b/src/library.js
@@ -157,7 +157,7 @@ async function getBody(as, filepath) {
         })
 }
 
-async function start(secret, globspec, namespec, core, domain, published, skip, as, limit = -1, endpoint = 'https://api.pndo.xyz') {
+async function start(secret, globspec, namespec, core, domain = 'https://api.pndo.xyz', published, skip, as, limit = -1, endpoint) {
     return glob(globspec).then(async files => {
         const limiter = limit < 0 ? files.length : limit
         const requestMap = files.slice(0, limiter).map(async file => {

diff --git a/test/test.js b/test/test.js
@@ -258,21 +258,25 @@ tap.test('Test getBody', async t => {
 })
 
 /*tap.test('Test the whole deal', async t => {
-    const secret_fixture = process.env['SECRET']
+    const secret_fixture = process.env['MY_SECRET_PUBLISHING_KEY']
     const globspec_fixture = 'test/fixtures/*.json'
+    //const globspec_fixture = 'test/metadata-sample/metadata/unrevealed/*'//0x505141a16f47f9df0655564c65b8452ffc21f79b3d9d9799446e8de93bccb751' //test/fixtures/*.json'
+    //const globspec_fixture = 'test/metadata-sample/metadata/revealed/0x002df423ac0842d53131042dd8ffa394425390862f9718bdf51aa0fe12721036'
     const namespec_fixture = 'path'
     const core_fixture = 'test'
-    const domain_fixture = 'https://api.pndo.xyz'
+    const domain_fixture = 'https://pndo-worker-staging.admin1337.workers.dev'
     const published_fixture = true
     const skip_fixture = true
     //const skip_fixture = false
     const as_fixture = 'dag'
-    const limit = 10
+    const limit = 100
 
     // Assumes `wrangler dev` is serving the pando worker locally.
     //const test_endpoint = 'http://127.0.0.1:8787'
-    const test_endpoint = 'https://staging.pndo.xyz'
+    //const test_endpoint = 'https://staging.pndo.xyz'
+    //const test_endpoint = 'https://pndo-worker-staging.admin1337.workers.dev'
     //const test_endpoint = 'https://api.pndo.xyz'
+    const test_endpoint = null
 
     // TODO: This should take a mock because it fires requests.
     const results = await lib.start(secret_fixture,
@@ -286,6 +290,7 @@ tap.test('Test getBody', async t => {
         limit,
         test_endpoint)
 
+    //console.log(JSON.stringify(results))
     const result_fixture = [{"metadata":{"published":true,"human":"revealed.json","path":"test/fixtures/revealed.json","as":"dag","box":{"cid":"bafyreicdv7bpbli5xqkm453qljawxrl4caikjojzhlcp4c5crthvwbvgbu","name":"/test/revealed.json","key":"CAESQC7y6BZeKlnsYe/brQYgofcYF9CPB4EWtR12wEG9Wtu8m4Pce9l+YAzsMtqzm3dUj8gw/bJbDDTEAr0H9m2N7xQ="}}},{"metadata":{"published":true,"human":"unrevealed.json","path":"test/fixtures/unrevealed.json","as":"dag","box":{"cid":"bafyreiakhygqrybainjazlvdntdso3jusx5zx3hhuqkdddmymbffj7f7te","name":"/test/unrevealed.json","key":"CAESQC7y6BZeKlnsYe/brQYgofcYF9CPB4EWtR12wEG9Wtu8m4Pce9l+YAzsMtqzm3dUj8gw/bJbDDTEAr0H9m2N7xQ="}}}]
     t.match(results, result_fixture)