add support for cache-signatures (#10)

* cache signatures

* mnemonic

---------

Co-authored-by: nomo-fe <[email protected]>

README.md

@@ -53,6 +53,8 @@ The `nomo-webon-cli` is configured with a file `nomo_cli.config.cjs`.
 See the following example for configuring your deployTargets:
 
 ```JavaScript
+const mnemonic = process.env.CACHE_SIGN_MNEMONIC;
+
 const nomoCliConfig = {
   deployTargets: {
     production: {
@@ -79,6 +81,11 @@ const nomoCliConfig = {
          * If true, the WebOn will be deployed both as a tar.gz as well as a normal website.
          */
         hybrid: true,
+
+        /**
+         * If set, the cli will generate a signature of the tar.gz-cache.
+        */
+        mnemonic,
       },
     },
     staging: {

package.json

@@ -1,6 +1,6 @@
 {
   "name": "nomo-webon-cli",
-  "version": "0.1.9",
+  "version": "0.1.10",
   "description": "A CLI for building and deploying Nomo WebOns",
   "repository": {
     "type": "git",
@@ -25,6 +25,7 @@
   },
   "dependencies": {
     "commander": "^6.1.0",
+    "ethers": "^6.11.1",
     "inquirer": "^7.3.3",
     "semver": "^7.5.4",
     "tar": "^6.2.0",

src/init/interface.ts

@@ -25,15 +25,11 @@ export interface NomoManifest {
    * See https://semver.org/ for details.
    */
   webon_version: string;
-  /**
-   * If true, then the WebOn could be displayed in both card-mode and fullscreen-mode.
-   * If false, then the WebOn will only be displayed in fullscreen-mode.
-   */
-  card_mode?: boolean;
-  /**
-   * If defined, then the WebOn can decide whether a navigation bar should be shown or not.
+    /**
+   * If set, the Nomo App will reject a cache if the signature cannot be verified.
+   * cache_sig should be an Ethereum-styled message signature of a tar.gz-cache.
    */
-  show_navbar?: boolean;
+    cache_sig?: string;
 }
 
 export interface GeneratedFile {
@@ -47,6 +43,7 @@ export interface RawSSHConfig {
   publicBaseUrl: string;
   sshPort?: number;
   hybrid?: boolean;
+  mnemonic?: string;
 }
 
 export interface DeployTargetConfig {

src/services/sign-webon.ts

@@ -0,0 +1,41 @@
+import { resolve } from "path";
+import { readFileSync, existsSync, writeFileSync } from "fs";
+import { logFatal } from "../util/util";
+import { NomoManifest } from "../init/interface";
+import { Wallet } from "ethers";
+import { ethers } from "ethers";
+
+export async function signWebOn(args: {
+  manifestPath: string;
+  tarFilePath: string;
+  mnemonic: string;
+}): Promise<void> {
+  console.log("Mnemonic found in config. Creating a signature of the cache...");
+
+  const manifestPath = resolve(args.manifestPath);
+  if (!existsSync(manifestPath)) {
+    logFatal(`Manifest does not exist: ${manifestPath}`);
+  }
+  const tarFilePath = resolve(args.manifestPath);
+  if (!existsSync(tarFilePath)) {
+    logFatal(`tar.gz file to sign does not exist: ${tarFilePath}`);
+  }
+
+  const nomoManifestContent = readFileSync(manifestPath, "utf-8");
+  const nomoManifest: NomoManifest = JSON.parse(nomoManifestContent);
+
+  const tarFileContent = readFileSync(tarFilePath);
+
+  const ethersSigner = Wallet.fromPhrase(args.mnemonic);
+  const cache_sig = await ethersSigner.signMessage(tarFileContent);
+  const signerAddress = ethers.verifyMessage(tarFileContent, cache_sig);
+
+  nomoManifest.cache_sig = cache_sig;
+
+  const newManifestContent = JSON.stringify(nomoManifest, null, 2);
+
+  writeFileSync(manifestPath, newManifestContent);
+  console.log(
+    `Wrote a cache-signature for address ${signerAddress} to ${manifestPath}`
+  );
+}

src/services/ssh-manager.ts

@@ -11,6 +11,7 @@ import { manifestChecks } from "../util/validate-manifest";
 
 import { SSHOperations } from "./ssh-operations";
 import { RawSSHConfig } from "../init/interface";
+import { signWebOn } from "./sign-webon";
 import path from "path";
 
 const manifestPath = getCachedNomoManifestPath();
@@ -24,6 +25,14 @@ export async function connectAndDeploy(args: {
   await extractAndCache({
     tarFilePath: args.archive,
   });
+  const mnemonic = args.rawSSH.mnemonic;
+  if (mnemonic) {
+    await signWebOn({ manifestPath, tarFilePath: args.archive, mnemonic });
+  } else {
+    console.log(
+      "No mnemonic found in config. Skipping the creation of a cache-signature..."
+    );
+  }
 
   const { sshOperations, sshBaseDir, publicBaseUrl } =
     await validateDeploymentConfig(args.deployTarget, args.rawSSH);

src/services/ssh-operations.ts

@@ -68,8 +68,8 @@ export class SSHOperations {
       filePath,
       sshConfig,
     });
-    // Rename the file to "manifest" on the remote server
-    const renameManifestCommand = `${this.sshConnect} "mv ${path.join(
+    // Copy the "nomo_manifest.json" to "manifest" to comply with the deploy-system-V2
+    const renameManifestCommand = `${this.sshConnect} "cp ${path.join(
       sshConfig.sshBaseDir,
       path.basename(filePath)
     )} ${path.join(sshConfig.sshBaseDir, "manifest")}"`;

src/util/extract-tar-gz.ts

@@ -24,17 +24,6 @@ export async function extractAndCache(args: {
       cwd: resolve(destinationDir),
     });
 
-    /* Maybe possible to fetch fileNames as stream before extracting:
-    const getEntryFilenamesSync = (tarFilePath as any) => {
-      const filenames = requiredFiles;
-      tar.t({
-        file: tarFilePath,
-        onentry: (entry) => filenames.push(entry.path),
-        sync: true,
-      });
-      return filenames
-    };*/
-
     const missingFiles = requiredFiles.filter((file) => {
       const filePath = join(resolve(destinationDir), "/out/", file);
       return !existsSync(filePath);

src/util/util.ts

@@ -29,11 +29,7 @@ export function readCliConfig(): NomoCliConfigs {
     return nomoCliConfig;
   } catch (e) {
     console.error(e);
-    logFatal(
-      "Could not find " +
-        getDebugPath(cliPath) +
-        ", run nomo-webon-cli init <assetDir> to create one. "
-    );
+    logFatal("Could not load " + getDebugPath(cliPath));
   }
 }