server.js

import http from 'node:http'
import { readFileSync } from 'node:fs'
import { fileURLToPath } from 'node:url'
import { dirname, join } from 'node:path'
import { makeBadge, ValidationError } from 'badge-maker'

const __dirname = dirname(fileURLToPath(import.meta.url))
const LOGO_TEMPLATE = readFileSync(join(__dirname, 'logo-mark.svg'), 'utf8')
const INDEX_PATH = join(__dirname, 'public', 'index.html')

function readIndexHtml() {
  return readFileSync(INDEX_PATH, 'utf8')
}

const STYLES = new Set([
  'plastic',
  'flat',
  'flat-square',
  'for-the-badge',
  'social',
])

const DEFAULT_LINK = 'https://npmx.dev/'
const LABEL = 'npmx'
const MAX_MESSAGE_LEN = 64
const MAX_PKG_LEN = 214
const DEFAULT_FETCH_TIMEOUT_MS = Number(process.env.NPM_REGISTRY_TIMEOUT_MS) || 5000
const DEFAULT_VERSION_CACHE_TTL_MS = Number(process.env.NPM_VERSION_CACHE_TTL_MS) || 120000

function npmxPackageUrl(pkgName) {
  if (
    pkgName.includes('..') ||
    pkgName.startsWith('/') ||
    pkgName.includes('\\') ||
    pkgName.includes('?') ||
    pkgName.includes('#')
  ) {
    throw new Error('Invalid package name')
  }
  return `https://npmx.dev/package/${pkgName}`
}

function parseHex(value, fallback) {
  if (value == null || value === '') return fallback
  const raw = String(value).trim()
  const withHash = raw.startsWith('#') ? raw : `#${raw}`
  if (!/^#[0-9a-f]{3}$|^#[0-9a-f]{6}$/i.test(withHash)) {
    throw new Error(`Invalid hex color: ${value}`)
  }
  return withHash.toLowerCase()
}

function wantsIcon(q) {
  const v = (q.get('icon') ?? '1').trim().toLowerCase()
  if (v === '0' || v === 'false' || v === 'off' || v === 'no') {
    return false
  }
  if (
    v === '1' ||
    v === 'true' ||
    v === 'on' ||
    v === 'yes' ||
    v === ''
  ) {
    return true
  }
  throw new Error('Invalid icon (use 1 or 0)')
}

function logoDataUrl(color) {
  const svg = LOGO_TEMPLATE.replace(/__LOGO_COLOR__/g, color)
  return `data:image/svg+xml;base64,${Buffer.from(svg, 'utf8').toString('base64')}`
}

async function fetchNpmVersion(pkg, { fetchImpl = fetch, timeoutMs = DEFAULT_FETCH_TIMEOUT_MS } = {}) {
  const controller = new AbortController()
  const timeout = setTimeout(() => controller.abort(), timeoutMs)

  try {
    const name = encodeURIComponent(pkg)
    const res = await fetchImpl(`https://registry.npmjs.org/${name}/latest`, {
      headers: { accept: 'application/json' },
      signal: controller.signal,
    })
    if (res.status === 404) {
      const err = new Error('Package not found')
      err.code = 'ENOTFOUND'
      throw err
    }
    if (!res.ok) {
      const err = new Error(`npm registry ${res.status}`)
      err.code = 'EREGISTRY'
      throw err
    }
    const data = await res.json()
    if (!data?.version) {
      const err = new Error('Missing version in registry response')
      err.code = 'EBADJSON'
      throw err
    }
    return String(data.version)
  } catch (err) {
    if (err?.name === 'AbortError') {
      const timeoutErr = new Error('npm registry timeout')
      timeoutErr.code = 'ETIMEOUT'
      throw timeoutErr
    }
    throw err
  } finally {
    clearTimeout(timeout)
  }
}

function clampStr(s, max) {
  if (s.length <= max) return s
  return `${s.slice(0, max - 1)}…`
}

async function getCachedNpmVersion(pkg, cache, inflight, options) {
  const now = Date.now()
  const cached = cache.get(pkg)
  if (cached && cached.expiresAt > now) {
    return cached.version
  }

  const pending = inflight.get(pkg)
  if (pending) {
    return pending
  }

  const request = fetchNpmVersion(pkg, options)
    .then((version) => {
      cache.set(pkg, {
        version,
        expiresAt: Date.now() + options.cacheTtlMs,
      })
      return version
    })
    .finally(() => {
      inflight.delete(pkg)
    })

  inflight.set(pkg, request)
  return request
}

async function handleBadge(url, options = {}) {
  const q = url.searchParams
  const {
    defaultPkg = (process.env.DEFAULT_NPM_PKG ?? '').trim(),
    versionCache = new Map(),
    inflightRequests = new Map(),
    fetchImpl = fetch,
    fetchTimeoutMs = DEFAULT_FETCH_TIMEOUT_MS,
    cacheTtlMs = DEFAULT_VERSION_CACHE_TTL_MS,
  } = options

  let message = (q.get('message') ?? '').trim()
  const pkg = (q.get('pkg') ?? '').trim()

  if (message && pkg) {
    const err = new Error('Use either `message` or `pkg`, not both')
    err.code = 'EBADQUERY'
    throw err
  }

  let resolvedPkg = ''
  if (pkg) {
    resolvedPkg = pkg
  } else if (!message && defaultPkg) {
    resolvedPkg = defaultPkg
  }

  if (resolvedPkg) {
    if (resolvedPkg.length > MAX_PKG_LEN) {
      throw new Error('Package name too long')
    }
    const version = await getCachedNpmVersion(
      resolvedPkg,
      versionCache,
      inflightRequests,
      {
        fetchImpl,
        timeoutMs: fetchTimeoutMs,
        cacheTtlMs,
      },
    )
    message = `v${version}`
  }

  if (!message) {
    message = 'npmx.dev'
  }

  message = clampStr(message, MAX_MESSAGE_LEN)

  const color = resolvedPkg
    ? 'brightgreen'
    : (q.get('color') ?? 'informational')
  const labelColor = q.get('labelColor') ?? ''
  const styleRaw = (q.get('style') ?? 'flat').trim()
  if (!STYLES.has(styleRaw)) {
    throw new Error(
      `Invalid style (use ${[...STYLES].join(', ')})`,
    )
  }

  const showIcon = wantsIcon(q)
  const logoColor = parseHex(
    q.get('logoColor') ?? q.get('accent'),
    '#51c8fc',
  )

  const defaultLink = resolvedPkg ? npmxPackageUrl(resolvedPkg) : DEFAULT_LINK
  const linkLeft = (q.get('link') ?? defaultLink).trim() || defaultLink
  const linkRight = (q.get('linkRight') ?? linkLeft).trim() || linkLeft

  const format = {
    label: LABEL,
    message,
    color,
    style: styleRaw,
    links: [linkLeft, linkRight],
  }

  if (showIcon) {
    format.logoBase64 = logoDataUrl(logoColor)
  }

  if (labelColor) {
    format.labelColor = labelColor
  }

  return makeBadge(format)
}

function send(res, status, body, headers = {}) {
  const h = { ...headers }
  if (typeof body === 'string' && !h['content-type']) {
    h['content-type'] = 'text/plain; charset=utf-8'
  }
  res.writeHead(status, h)
  res.end(body)
}

const HELP_TEXT = [
  'npmx badge server',
  '',
  'Label is always "npmx".',
  '',
  'Version (npm registry latest):',
  '  GET /badge.svg?pkg=react',
  '  (optional) DEFAULT_NPM_PKG=my-pkg env → /badge.svg with no query fetches that version',
  '',
  'Custom message (no registry):',
  '  GET /badge.svg?message=1.0.0',
  '',
  'Icon: icon=1 (default) or icon=0 / false / off / no to hide the logo',
  'Logo color (single hex): logoColor (alias: accent), default #51c8fc',
  '',
  'Color: registry version badges (?pkg= or DEFAULT_NPM_PKG) always use brightgreen for the',
  '  value segment; the color query is ignored there. For custom messages only, color sets the',
  '  right segment (Shields-style; SVG via badge-maker).',
  '',
  'Other: labelColor, style (flat|flat-square|plastic|for-the-badge|social),',
  'link, linkRight (default: https://npmx.dev/package/<pkg> when version is from a package,',
  `  else ${DEFAULT_LINK})`,
  '',
  'Web UI: GET /',
].join('\n')

export function createBadgeServer(options = {}) {
  const versionCache = options.versionCache ?? new Map()
  const inflightRequests = options.inflightRequests ?? new Map()
  const fetchImpl = options.fetchImpl ?? fetch
  const fetchTimeoutMs = options.fetchTimeoutMs ?? DEFAULT_FETCH_TIMEOUT_MS
  const cacheTtlMs = options.cacheTtlMs ?? DEFAULT_VERSION_CACHE_TTL_MS
  const defaultPkg = options.defaultPkg ?? (process.env.DEFAULT_NPM_PKG ?? '').trim()
  const logger = options.logger ?? console.error

  return http.createServer(async (req, res) => {
    try {
      const url = new URL(req.url ?? '/', `http://${req.headers.host}`)

      if (req.method !== 'GET') {
        send(res, 405, 'Method not allowed', { allow: 'GET' })
        return
      }

      if (
        url.pathname === '/' ||
        url.pathname === '' ||
        url.pathname === '/index.html'
      ) {
        send(res, 200, readIndexHtml(), {
          'content-type': 'text/html; charset=utf-8',
          'cache-control': 'no-cache',
        })
        return
      }

      if (url.pathname === '/help') {
        send(res, 200, HELP_TEXT, { 'cache-control': 'no-cache' })
        return
      }

      if (url.pathname !== '/badge.svg') {
        send(res, 404, 'Not found')
        return
      }

      const svg = await handleBadge(url, {
        defaultPkg,
        versionCache,
        inflightRequests,
        fetchImpl,
        fetchTimeoutMs,
        cacheTtlMs,
      })
      const q = url.searchParams
      const explicitPkg = q.has('pkg') && q.get('pkg')?.trim()
      const versionBacked =
        explicitPkg || (!q.get('message')?.trim() && defaultPkg)
      const maxAge = versionBacked ? 120 : 300
      send(res, 200, svg, {
        'content-type': 'image/svg+xml; charset=utf-8',
        'cache-control': `public, max-age=${maxAge}`,
        'access-control-allow-origin': '*',
      })
    } catch (e) {
      if (e instanceof ValidationError) {
        send(res, 400, e.message)
        return
      }
      if (e.code === 'ENOTFOUND') {
        send(res, 404, e.message)
        return
      }
      if (e.code === 'EREGISTRY' || e.code === 'EBADJSON') {
        send(res, 502, e.message)
        return
      }
      if (e.code === 'ETIMEOUT') {
        send(res, 504, e.message)
        return
      }
      if (e.code === 'EBADQUERY') {
        send(res, 400, e.message)
        return
      }
      if (
        e.message?.startsWith('Invalid') ||
        e.message?.includes('Invalid style') ||
        e.message?.includes('Invalid icon')
      ) {
        send(res, 400, e.message)
        return
      }
      logger(e)
      send(res, 500, 'Internal error')
    }
  })
}

const isMainModule = process.argv[1] === fileURLToPath(import.meta.url)

if (isMainModule) {
  const port = Number(process.env.PORT) || 3000
  const server = createBadgeServer()
  server.listen(port, () => {
    console.error(`npmx-badge listening on http://localhost:${port}`)
  })
}