ts/api/handlers/repository.api.ts

/**
 * Repository API handlers
 */

import type { IApiContext, IApiResponse } from '../router.ts';
import { PermissionService } from '../../services/permission.service.ts';
import { AuditService } from '../../services/audit.service.ts';
import { Repository, Organization } from '../../models/index.ts';
import type { TRegistryProtocol, TRepositoryVisibility } from '../../interfaces/auth.interfaces.ts';

export class RepositoryApi {
  private permissionService: PermissionService;

  constructor(permissionService: PermissionService) {
    this.permissionService = permissionService;
  }

  /**
   * GET /api/v1/organizations/:orgId/repositories
   */
  public async list(ctx: IApiContext): Promise<IApiResponse> {
    if (!ctx.actor?.userId) {
      return { status: 401, body: { error: 'Authentication required' } };
    }

    const { orgId } = ctx.params;

    try {
      const repositories = await this.permissionService.getAccessibleRepositories(
        ctx.actor.userId,
        orgId
      );

      return {
        status: 200,
        body: {
          repositories: repositories.map((repo) => ({
            id: repo.id,
            name: repo.name,
            description: repo.description,
            protocol: repo.protocol,
            visibility: repo.visibility,
            isPublic: repo.isPublic,
            packageCount: repo.packageCount,
            createdAt: repo.createdAt,
          })),
        },
      };
    } catch (error) {
      console.error('[RepositoryApi] List error:', error);
      return { status: 500, body: { error: 'Failed to list repositories' } };
    }
  }

  /**
   * GET /api/v1/repositories/:id
   */
  public async get(ctx: IApiContext): Promise<IApiResponse> {
    const { id } = ctx.params;

    try {
      const repo = await Repository.findById(id);
      if (!repo) {
        return { status: 404, body: { error: 'Repository not found' } };
      }

      // Check access
      if (!repo.isPublic && ctx.actor?.userId) {
        const permissions = await this.permissionService.resolvePermissions({
          userId: ctx.actor.userId,
          organizationId: repo.organizationId,
          repositoryId: repo.id,
        });

        if (!permissions.canRead) {
          return { status: 403, body: { error: 'Access denied' } };
        }
      }

      return {
        status: 200,
        body: {
          id: repo.id,
          organizationId: repo.organizationId,
          name: repo.name,
          description: repo.description,
          protocol: repo.protocol,
          visibility: repo.visibility,
          isPublic: repo.isPublic,
          packageCount: repo.packageCount,
          storageBytes: repo.storageBytes,
          createdAt: repo.createdAt,
        },
      };
    } catch (error) {
      console.error('[RepositoryApi] Get error:', error);
      return { status: 500, body: { error: 'Failed to get repository' } };
    }
  }

  /**
   * POST /api/v1/organizations/:orgId/repositories
   */
  public async create(ctx: IApiContext): Promise<IApiResponse> {
    if (!ctx.actor?.userId) {
      return { status: 401, body: { error: 'Authentication required' } };
    }

    const { orgId } = ctx.params;

    // Check admin permission
    const canManage = await this.permissionService.canManageOrganization(ctx.actor.userId, orgId);
    if (!canManage) {
      return { status: 403, body: { error: 'Admin access required' } };
    }

    try {
      const body = await ctx.request.json();
      const { name, description, protocol, visibility } = body as {
        name: string;
        description?: string;
        protocol?: TRegistryProtocol;
        visibility?: TRepositoryVisibility;
      };

      if (!name) {
        return { status: 400, body: { error: 'Repository name is required' } };
      }

      // Validate name format
      if (!/^[a-z0-9]([a-z0-9._-]*[a-z0-9])?$/.test(name)) {
        return {
          status: 400,
          body: { error: 'Name must be lowercase alphanumeric with optional dots, hyphens, or underscores' },
        };
      }

      // Check org exists
      const org = await Organization.findById(orgId);
      if (!org) {
        return { status: 404, body: { error: 'Organization not found' } };
      }

      // Create repository using the model's factory method
      const repo = await Repository.createRepository({
        organizationId: orgId,
        name,
        description,
        protocol: protocol || 'npm',
        visibility: visibility || 'private',
        createdById: ctx.actor.userId,
      });

      // Audit log
      await AuditService.withContext({
        actorId: ctx.actor.userId,
        actorType: 'user',
        actorIp: ctx.ip,
        organizationId: orgId,
      }).logRepositoryCreated(repo.id, repo.name, orgId);

      return {
        status: 201,
        body: {
          id: repo.id,
          organizationId: repo.organizationId,
          name: repo.name,
          description: repo.description,
          protocol: repo.protocol,
          visibility: repo.visibility,
          isPublic: repo.isPublic,
          createdAt: repo.createdAt,
        },
      };
    } catch (error) {
      console.error('[RepositoryApi] Create error:', error);
      return { status: 500, body: { error: 'Failed to create repository' } };
    }
  }

  /**
   * PUT /api/v1/repositories/:id
   */
  public async update(ctx: IApiContext): Promise<IApiResponse> {
    if (!ctx.actor?.userId) {
      return { status: 401, body: { error: 'Authentication required' } };
    }

    const { id } = ctx.params;

    try {
      const repo = await Repository.findById(id);
      if (!repo) {
        return { status: 404, body: { error: 'Repository not found' } };
      }

      // Check admin permission
      const canManage = await this.permissionService.canManageRepository(
        ctx.actor.userId,
        repo.organizationId,
        id
      );
      if (!canManage) {
        return { status: 403, body: { error: 'Admin access required' } };
      }

      const body = await ctx.request.json();
      const { description, visibility } = body as {
        description?: string;
        visibility?: TRepositoryVisibility;
      };

      if (description !== undefined) repo.description = description;
      if (visibility !== undefined) repo.visibility = visibility;

      await repo.save();

      return {
        status: 200,
        body: {
          id: repo.id,
          name: repo.name,
          description: repo.description,
          protocol: repo.protocol,
          visibility: repo.visibility,
          isPublic: repo.isPublic,
        },
      };
    } catch (error) {
      console.error('[RepositoryApi] Update error:', error);
      return { status: 500, body: { error: 'Failed to update repository' } };
    }
  }

  /**
   * DELETE /api/v1/repositories/:id
   */
  public async delete(ctx: IApiContext): Promise<IApiResponse> {
    if (!ctx.actor?.userId) {
      return { status: 401, body: { error: 'Authentication required' } };
    }

    const { id } = ctx.params;

    try {
      const repo = await Repository.findById(id);
      if (!repo) {
        return { status: 404, body: { error: 'Repository not found' } };
      }

      // Check admin permission
      const canManage = await this.permissionService.canManageRepository(
        ctx.actor.userId,
        repo.organizationId,
        id
      );
      if (!canManage) {
        return { status: 403, body: { error: 'Admin access required' } };
      }

      // Check for packages
      if (repo.packageCount > 0) {
        return {
          status: 400,
          body: { error: 'Cannot delete repository with packages. Remove all packages first.' },
        };
      }

      await repo.delete();

      return {
        status: 200,
        body: { message: 'Repository deleted successfully' },
      };
    } catch (error) {
      console.error('[RepositoryApi] Delete error:', error);
      return { status: 500, body: { error: 'Failed to delete repository' } };
    }
  }
}
feat: implement account settings and API tokens management - Added SettingsComponent for user profile management, including display name and password change functionality. - Introduced TokensComponent for managing API tokens, including creation and revocation. - Created LayoutComponent for consistent application layout with navigation and user information. - Established main application structure in index.html and main.ts. - Integrated Tailwind CSS for styling and responsive design. - Configured TypeScript settings for strict type checking and module resolution. 2025-11-27 22:15:38 +00:00			`/**`
			`* Repository API handlers`
			`*/`

			`import type { IApiContext, IApiResponse } from '../router.ts';`
			`import { PermissionService } from '../../services/permission.service.ts';`
			`import { AuditService } from '../../services/audit.service.ts';`
			`import { Repository, Organization } from '../../models/index.ts';`
fix(registry): align registry integrations with updated auth, storage, repository, and audit models 2026-03-20 14:14:39 +00:00			`import type { TRegistryProtocol, TRepositoryVisibility } from '../../interfaces/auth.interfaces.ts';`
feat: implement account settings and API tokens management - Added SettingsComponent for user profile management, including display name and password change functionality. - Introduced TokensComponent for managing API tokens, including creation and revocation. - Created LayoutComponent for consistent application layout with navigation and user information. - Established main application structure in index.html and main.ts. - Integrated Tailwind CSS for styling and responsive design. - Configured TypeScript settings for strict type checking and module resolution. 2025-11-27 22:15:38 +00:00
			`export class RepositoryApi {`
			`private permissionService: PermissionService;`

			`constructor(permissionService: PermissionService) {`
			`this.permissionService = permissionService;`
			`}`

			`/**`
			`* GET /api/v1/organizations/:orgId/repositories`
			`*/`
			`public async list(ctx: IApiContext): Promise<IApiResponse> {`
			`if (!ctx.actor?.userId) {`
			`return { status: 401, body: { error: 'Authentication required' } };`
			`}`

			`const { orgId } = ctx.params;`

			`try {`
			`const repositories = await this.permissionService.getAccessibleRepositories(`
			`ctx.actor.userId,`
			`orgId`
			`);`

			`return {`
			`status: 200,`
			`body: {`
			`repositories: repositories.map((repo) => ({`
			`id: repo.id,`
			`name: repo.name,`
			`description: repo.description,`
fix(registry): align registry integrations with updated auth, storage, repository, and audit models 2026-03-20 14:14:39 +00:00			`protocol: repo.protocol,`
			`visibility: repo.visibility,`
feat: implement account settings and API tokens management - Added SettingsComponent for user profile management, including display name and password change functionality. - Introduced TokensComponent for managing API tokens, including creation and revocation. - Created LayoutComponent for consistent application layout with navigation and user information. - Established main application structure in index.html and main.ts. - Integrated Tailwind CSS for styling and responsive design. - Configured TypeScript settings for strict type checking and module resolution. 2025-11-27 22:15:38 +00:00			`isPublic: repo.isPublic,`
			`packageCount: repo.packageCount,`
			`createdAt: repo.createdAt,`
			`})),`
			`},`
			`};`
			`} catch (error) {`
			`console.error('[RepositoryApi] List error:', error);`
			`return { status: 500, body: { error: 'Failed to list repositories' } };`
			`}`
			`}`

			`/**`
			`* GET /api/v1/repositories/:id`
			`*/`
			`public async get(ctx: IApiContext): Promise<IApiResponse> {`
			`const { id } = ctx.params;`

			`try {`
			`const repo = await Repository.findById(id);`
			`if (!repo) {`
			`return { status: 404, body: { error: 'Repository not found' } };`
			`}`

			`// Check access`
			`if (!repo.isPublic && ctx.actor?.userId) {`
			`const permissions = await this.permissionService.resolvePermissions({`
			`userId: ctx.actor.userId,`
			`organizationId: repo.organizationId,`
			`repositoryId: repo.id,`
			`});`

			`if (!permissions.canRead) {`
			`return { status: 403, body: { error: 'Access denied' } };`
			`}`
			`}`

			`return {`
			`status: 200,`
			`body: {`
			`id: repo.id,`
			`organizationId: repo.organizationId,`
			`name: repo.name,`
			`description: repo.description,`
fix(registry): align registry integrations with updated auth, storage, repository, and audit models 2026-03-20 14:14:39 +00:00			`protocol: repo.protocol,`
			`visibility: repo.visibility,`
feat: implement account settings and API tokens management - Added SettingsComponent for user profile management, including display name and password change functionality. - Introduced TokensComponent for managing API tokens, including creation and revocation. - Created LayoutComponent for consistent application layout with navigation and user information. - Established main application structure in index.html and main.ts. - Integrated Tailwind CSS for styling and responsive design. - Configured TypeScript settings for strict type checking and module resolution. 2025-11-27 22:15:38 +00:00			`isPublic: repo.isPublic,`
			`packageCount: repo.packageCount,`
			`storageBytes: repo.storageBytes,`
			`createdAt: repo.createdAt,`
			`},`
			`};`
			`} catch (error) {`
			`console.error('[RepositoryApi] Get error:', error);`
			`return { status: 500, body: { error: 'Failed to get repository' } };`
			`}`
			`}`

			`/**`
			`* POST /api/v1/organizations/:orgId/repositories`
			`*/`
			`public async create(ctx: IApiContext): Promise<IApiResponse> {`
			`if (!ctx.actor?.userId) {`
			`return { status: 401, body: { error: 'Authentication required' } };`
			`}`

			`const { orgId } = ctx.params;`

			`// Check admin permission`
			`const canManage = await this.permissionService.canManageOrganization(ctx.actor.userId, orgId);`
			`if (!canManage) {`
			`return { status: 403, body: { error: 'Admin access required' } };`
			`}`

			`try {`
			`const body = await ctx.request.json();`
fix(registry): align registry integrations with updated auth, storage, repository, and audit models 2026-03-20 14:14:39 +00:00			`const { name, description, protocol, visibility } = body as {`
			`name: string;`
			`description?: string;`
			`protocol?: TRegistryProtocol;`
			`visibility?: TRepositoryVisibility;`
			`};`
feat: implement account settings and API tokens management - Added SettingsComponent for user profile management, including display name and password change functionality. - Introduced TokensComponent for managing API tokens, including creation and revocation. - Created LayoutComponent for consistent application layout with navigation and user information. - Established main application structure in index.html and main.ts. - Integrated Tailwind CSS for styling and responsive design. - Configured TypeScript settings for strict type checking and module resolution. 2025-11-27 22:15:38 +00:00
			`if (!name) {`
			`return { status: 400, body: { error: 'Repository name is required' } };`
			`}`

			`// Validate name format`
fix(registry): align registry integrations with updated auth, storage, repository, and audit models 2026-03-20 14:14:39 +00:00			`if (!/^[a-z0-9]([a-z0-9._-]*[a-z0-9])?$/.test(name)) {`
feat: implement account settings and API tokens management - Added SettingsComponent for user profile management, including display name and password change functionality. - Introduced TokensComponent for managing API tokens, including creation and revocation. - Created LayoutComponent for consistent application layout with navigation and user information. - Established main application structure in index.html and main.ts. - Integrated Tailwind CSS for styling and responsive design. - Configured TypeScript settings for strict type checking and module resolution. 2025-11-27 22:15:38 +00:00			`return {`
			`status: 400,`
fix(registry): align registry integrations with updated auth, storage, repository, and audit models 2026-03-20 14:14:39 +00:00			`body: { error: 'Name must be lowercase alphanumeric with optional dots, hyphens, or underscores' },`
feat: implement account settings and API tokens management - Added SettingsComponent for user profile management, including display name and password change functionality. - Introduced TokensComponent for managing API tokens, including creation and revocation. - Created LayoutComponent for consistent application layout with navigation and user information. - Established main application structure in index.html and main.ts. - Integrated Tailwind CSS for styling and responsive design. - Configured TypeScript settings for strict type checking and module resolution. 2025-11-27 22:15:38 +00:00			`};`
			`}`

			`// Check org exists`
			`const org = await Organization.findById(orgId);`
			`if (!org) {`
			`return { status: 404, body: { error: 'Organization not found' } };`
			`}`

fix(registry): align registry integrations with updated auth, storage, repository, and audit models 2026-03-20 14:14:39 +00:00			`// Create repository using the model's factory method`
			`const repo = await Repository.createRepository({`
			`organizationId: orgId,`
			`name,`
			`description,`
			`protocol: protocol \|\| 'npm',`
			`visibility: visibility \|\| 'private',`
			`createdById: ctx.actor.userId,`
			`});`
feat: implement account settings and API tokens management - Added SettingsComponent for user profile management, including display name and password change functionality. - Introduced TokensComponent for managing API tokens, including creation and revocation. - Created LayoutComponent for consistent application layout with navigation and user information. - Established main application structure in index.html and main.ts. - Integrated Tailwind CSS for styling and responsive design. - Configured TypeScript settings for strict type checking and module resolution. 2025-11-27 22:15:38 +00:00
			`// Audit log`
			`await AuditService.withContext({`
			`actorId: ctx.actor.userId,`
			`actorType: 'user',`
			`actorIp: ctx.ip,`
			`organizationId: orgId,`
			`}).logRepositoryCreated(repo.id, repo.name, orgId);`

			`return {`
			`status: 201,`
			`body: {`
			`id: repo.id,`
			`organizationId: repo.organizationId,`
			`name: repo.name,`
			`description: repo.description,`
fix(registry): align registry integrations with updated auth, storage, repository, and audit models 2026-03-20 14:14:39 +00:00			`protocol: repo.protocol,`
			`visibility: repo.visibility,`
feat: implement account settings and API tokens management - Added SettingsComponent for user profile management, including display name and password change functionality. - Introduced TokensComponent for managing API tokens, including creation and revocation. - Created LayoutComponent for consistent application layout with navigation and user information. - Established main application structure in index.html and main.ts. - Integrated Tailwind CSS for styling and responsive design. - Configured TypeScript settings for strict type checking and module resolution. 2025-11-27 22:15:38 +00:00			`isPublic: repo.isPublic,`
			`createdAt: repo.createdAt,`
			`},`
			`};`
			`} catch (error) {`
			`console.error('[RepositoryApi] Create error:', error);`
			`return { status: 500, body: { error: 'Failed to create repository' } };`
			`}`
			`}`

			`/**`
			`* PUT /api/v1/repositories/:id`
			`*/`
			`public async update(ctx: IApiContext): Promise<IApiResponse> {`
			`if (!ctx.actor?.userId) {`
			`return { status: 401, body: { error: 'Authentication required' } };`
			`}`

			`const { id } = ctx.params;`

			`try {`
			`const repo = await Repository.findById(id);`
			`if (!repo) {`
			`return { status: 404, body: { error: 'Repository not found' } };`
			`}`

			`// Check admin permission`
			`const canManage = await this.permissionService.canManageRepository(`
			`ctx.actor.userId,`
			`repo.organizationId,`
			`id`
			`);`
			`if (!canManage) {`
			`return { status: 403, body: { error: 'Admin access required' } };`
			`}`

			`const body = await ctx.request.json();`
fix(registry): align registry integrations with updated auth, storage, repository, and audit models 2026-03-20 14:14:39 +00:00			`const { description, visibility } = body as {`
			`description?: string;`
			`visibility?: TRepositoryVisibility;`
			`};`
feat: implement account settings and API tokens management - Added SettingsComponent for user profile management, including display name and password change functionality. - Introduced TokensComponent for managing API tokens, including creation and revocation. - Created LayoutComponent for consistent application layout with navigation and user information. - Established main application structure in index.html and main.ts. - Integrated Tailwind CSS for styling and responsive design. - Configured TypeScript settings for strict type checking and module resolution. 2025-11-27 22:15:38 +00:00
			`if (description !== undefined) repo.description = description;`
fix(registry): align registry integrations with updated auth, storage, repository, and audit models 2026-03-20 14:14:39 +00:00			`if (visibility !== undefined) repo.visibility = visibility;`
feat: implement account settings and API tokens management - Added SettingsComponent for user profile management, including display name and password change functionality. - Introduced TokensComponent for managing API tokens, including creation and revocation. - Created LayoutComponent for consistent application layout with navigation and user information. - Established main application structure in index.html and main.ts. - Integrated Tailwind CSS for styling and responsive design. - Configured TypeScript settings for strict type checking and module resolution. 2025-11-27 22:15:38 +00:00
			`await repo.save();`

			`return {`
			`status: 200,`
			`body: {`
			`id: repo.id,`
			`name: repo.name,`
			`description: repo.description,`
fix(registry): align registry integrations with updated auth, storage, repository, and audit models 2026-03-20 14:14:39 +00:00			`protocol: repo.protocol,`
			`visibility: repo.visibility,`
feat: implement account settings and API tokens management - Added SettingsComponent for user profile management, including display name and password change functionality. - Introduced TokensComponent for managing API tokens, including creation and revocation. - Created LayoutComponent for consistent application layout with navigation and user information. - Established main application structure in index.html and main.ts. - Integrated Tailwind CSS for styling and responsive design. - Configured TypeScript settings for strict type checking and module resolution. 2025-11-27 22:15:38 +00:00			`isPublic: repo.isPublic,`
			`},`
			`};`
			`} catch (error) {`
			`console.error('[RepositoryApi] Update error:', error);`
			`return { status: 500, body: { error: 'Failed to update repository' } };`
			`}`
			`}`

			`/**`
			`* DELETE /api/v1/repositories/:id`
			`*/`
			`public async delete(ctx: IApiContext): Promise<IApiResponse> {`
			`if (!ctx.actor?.userId) {`
			`return { status: 401, body: { error: 'Authentication required' } };`
			`}`

			`const { id } = ctx.params;`

			`try {`
			`const repo = await Repository.findById(id);`
			`if (!repo) {`
			`return { status: 404, body: { error: 'Repository not found' } };`
			`}`

			`// Check admin permission`
			`const canManage = await this.permissionService.canManageRepository(`
			`ctx.actor.userId,`
			`repo.organizationId,`
			`id`
			`);`
			`if (!canManage) {`
			`return { status: 403, body: { error: 'Admin access required' } };`
			`}`

			`// Check for packages`
			`if (repo.packageCount > 0) {`
			`return {`
			`status: 400,`
			`body: { error: 'Cannot delete repository with packages. Remove all packages first.' },`
			`};`
			`}`

			`await repo.delete();`

			`return {`
			`status: 200,`
			`body: { message: 'Repository deleted successfully' },`
			`};`
			`} catch (error) {`
			`console.error('[RepositoryApi] Delete error:', error);`
			`return { status: 500, body: { error: 'Failed to delete repository' } };`
			`}`
			`}`
			`}`