@adens/openwa 0.1.0

package/server/index.js

@@ -0,0 +1,163 @@
+const fs = require("fs");
+const path = require("path");
+const { spawnSync } = require("child_process");
+const { createServer } = require("http");
+const next = require("next");
+const openModule = require("open");
+const { Server } = require("socket.io");
+const { getConfig } = require("./config");
+const { initializeDatabase } = require("./database/init");
+const { createApp } = require("./express/create-app");
+const chatService = require("./services/chat-service");
+const sessionService = require("./services/session-service");
+const { registerSocketHandlers, userRoom } = require("./socket/register");
+const { ensureRuntimeDirs, webDir } = require("./utils/paths");
+const { SessionManager } = require("./whatsapp/session-manager");
+const openBrowser = openModule.default || openModule;
+function shouldProxyToBackend(req) {
+  const url = new URL(req.url || "/", "http://localhost");
+  return url.pathname === "/health" || url.pathname === "/version" || url.pathname === "/docs" || url.pathname.startsWith("/docs/");
+}
+
+async function proxyToBackend(req, res, config) {
+  const targetUrl = `${config.backendUrl}${req.url}`;
+  const response = await fetch(targetUrl, {
+    method: req.method,
+    headers: {
+      accept: req.headers.accept || "*/*"
+    }
+  });
+
+  res.statusCode = response.status;
+  response.headers.forEach((value, key) => {
+    res.setHeader(key, value);
+  });
+
+  const body = Buffer.from(await response.arrayBuffer());
+  res.end(body);
+}
+
+function ensureWebBuild(config) {
+  if (config.dev) {
+    return;
+  }
+
+  const buildIdPath = path.join(webDir, ".next", "BUILD_ID");
+  if (fs.existsSync(buildIdPath)) {
+    return;
+  }
+
+  console.log("Next.js production build not found. Building dashboard automatically...");
+  const result = spawnSync("npm", ["run", "build:web"], {
+    cwd: path.dirname(webDir),
+    stdio: "inherit",
+    env: process.env,
+    shell: true
+  });
+
+  if (result.status !== 0) {
+    throw new Error("Automatic Next.js build failed.");
+  }
+}
+
+async function startOpenWA({ dev = false } = {}) {
+  const config = getConfig({ dev });
+  process.env.NEXT_PUBLIC_API_URL = config.backendUrl;
+  process.env.NEXT_PUBLIC_SOCKET_URL = config.backendUrl;
+
+  ensureRuntimeDirs();
+  await initializeDatabase();
+  ensureWebBuild(config);
+
+  const nextApp = next({
+    dev: config.dev,
+    dir: webDir
+  });
+
+  await nextApp.prepare();
+  const nextHandler = nextApp.getRequestHandler();
+
+  const sessionManager = new SessionManager({ config });
+  const app = createApp({
+    config,
+    sessionManager
+  });
+
+  const backendServer = createServer(app);
+  const frontendServer = createServer(async (req, res) => {
+    try {
+      if (shouldProxyToBackend(req)) {
+        await proxyToBackend(req, res, config);
+        return;
+      }
+
+      await nextHandler(req, res);
+    } catch (error) {
+      res.statusCode = 502;
+      res.setHeader("content-type", "application/json");
+      res.end(JSON.stringify({ error: error.message }));
+    }
+  });
+  const io = new Server(backendServer, {
+    cors: {
+      origin: config.frontendUrl,
+      credentials: true
+    }
+  });
+
+  sessionManager.on("session-status", (payload) => {
+    io.to(userRoom(payload.userId)).emit("session_status_update", payload);
+  });
+
+  sessionManager.on("incoming-message", async (payload) => {
+    try {
+      const result = await chatService.storeIncomingMessage(payload);
+      io.to(userRoom(payload.userId)).emit("new_message", result.message);
+      io.to(userRoom(payload.userId)).emit("contact_list_update", result.chat);
+    } catch (error) {
+      console.error("Failed to persist incoming WhatsApp message.", error);
+    }
+  });
+
+  sessionManager.on("workspace-sync", (payload) => {
+    io.to(userRoom(payload.userId)).emit("workspace_synced", payload);
+  });
+
+  registerSocketHandlers({
+    io,
+    config,
+    sessionManager
+  });
+
+  await new Promise((resolve) => {
+    backendServer.listen(config.backendPort, config.host, resolve);
+  });
+
+  await new Promise((resolve) => {
+    frontendServer.listen(config.frontendPort, config.host, resolve);
+  });
+
+  const reconnectableSessions = await sessionService.listReconnectableSessions();
+  await sessionManager.hydrate(reconnectableSessions);
+
+  console.log("OpenWA is running 🚀\n");
+  console.log(`Dashboard: ${config.frontendUrl}`);
+  console.log(`Backend API: ${config.backendUrl}`);
+  console.log("WhatsApp Sessions: ready");
+  console.log("Socket: connected");
+  console.log("Database: connected");
+
+  if (config.autoOpenBrowser) {
+    try {
+      await openBrowser(config.frontendUrl);
+    } catch (error) {
+      console.warn(`Browser auto-open failed: ${error.message}`);
+    }
+  }
+
+  return { app, backendServer, frontendServer, io };
+}
+
+module.exports = {
+  startOpenWA
+};

package/server/services/api-key-service.js

@@ -0,0 +1,131 @@
+const crypto = require("crypto");
+const { prisma } = require("../database/client");
+
+function sanitizeUser(user) {
+  return {
+    id: user.id,
+    name: user.name,
+    email: user.email,
+    createdAt: user.createdAt
+  };
+}
+
+function hashApiKey(secret) {
+  return crypto.createHash("sha256").update(String(secret || "")).digest("hex");
+}
+
+function generateApiKeySecret() {
+  return `owa_live_${crypto.randomBytes(24).toString("hex")}`;
+}
+
+function sanitizeApiKey(record) {
+  return {
+    id: record.id,
+    name: record.name,
+    keyPrefix: record.keyPrefix,
+    last4: record.last4,
+    maskedKey: `${record.keyPrefix}...${record.last4}`,
+    lastUsedAt: record.lastUsedAt,
+    createdAt: record.createdAt,
+    updatedAt: record.updatedAt
+  };
+}
+
+async function retryOnSqliteTimeout(operation) {
+  try {
+    return await operation();
+  } catch (error) {
+    if (error?.code !== "P1008") {
+      throw error;
+    }
+
+    await new Promise((resolve) => setTimeout(resolve, 100));
+    return operation();
+  }
+}
+
+async function listApiKeys(userId) {
+  const apiKeys = await prisma.apiKey.findMany({
+    where: { userId },
+    orderBy: { createdAt: "desc" }
+  });
+
+  return apiKeys.map(sanitizeApiKey);
+}
+
+async function createApiKey(userId, { name }) {
+  const trimmedName = String(name || "").trim();
+  if (!trimmedName) {
+    throw new Error("API key name is required.");
+  }
+
+  const secret = generateApiKeySecret();
+  const record = await retryOnSqliteTimeout(() =>
+    prisma.apiKey.create({
+      data: {
+        userId,
+        name: trimmedName,
+        keyHash: hashApiKey(secret),
+        keyPrefix: secret.slice(0, 12),
+        last4: secret.slice(-4)
+      }
+    })
+  );
+
+  return {
+    apiKey: sanitizeApiKey(record),
+    secret
+  };
+}
+
+async function revokeApiKey(userId, apiKeyId) {
+  const result = await retryOnSqliteTimeout(() =>
+    prisma.apiKey.deleteMany({
+      where: {
+        id: apiKeyId,
+        userId
+      }
+    })
+  );
+
+  if (!result.count) {
+    throw new Error("API key not found.");
+  }
+
+  return { ok: true };
+}
+
+async function getUserFromApiKey(secret) {
+  if (!secret) {
+    return null;
+  }
+
+  const record = await prisma.apiKey.findUnique({
+    where: {
+      keyHash: hashApiKey(secret)
+    },
+    include: {
+      user: true
+    }
+  });
+
+  if (!record) {
+    return null;
+  }
+
+  await retryOnSqliteTimeout(() =>
+    prisma.apiKey.update({
+      where: { id: record.id },
+      data: { lastUsedAt: new Date() }
+    })
+  );
+
+  return sanitizeUser(record.user);
+}
+
+module.exports = {
+  createApiKey,
+  getUserFromApiKey,
+  listApiKeys,
+  revokeApiKey
+};

package/server/services/auth-service.js

@@ -0,0 +1,162 @@
+const bcrypt = require("bcryptjs");
+const jwt = require("jsonwebtoken");
+const { prisma } = require("../database/client");
+const { getUserFromApiKey } = require("./api-key-service");
+
+async function retryOnSqliteTimeout(operation) {
+  let lastError = null;
+  for (const delayMs of [0, 100, 250, 500]) {
+    if (delayMs > 0) {
+      await new Promise((resolve) => setTimeout(resolve, delayMs));
+    }
+
+    try {
+      return await operation();
+    } catch (error) {
+      if (error?.code !== "P1008") {
+        throw error;
+      }
+
+      lastError = error;
+    }
+  }
+
+  throw lastError;
+}
+
+function isSqliteTimeoutError(error) {
+  return error?.code === "P1008";
+}
+
+function sanitizeUser(user) {
+  return {
+    id: user.id,
+    name: user.name,
+    email: user.email,
+    createdAt: user.createdAt
+  };
+}
+
+function issueToken(user, config) {
+  return jwt.sign({ sub: user.id, email: user.email }, config.jwtSecret, {
+    expiresIn: "7d"
+  });
+}
+
+async function registerUser({ name, email, password, config }) {
+  const normalizedEmail = String(email || "").trim().toLowerCase();
+
+  if (!name || !normalizedEmail || !password) {
+    throw new Error("Name, email, and password are required.");
+  }
+
+  const existingUser = await retryOnSqliteTimeout(() =>
+    prisma.user.findUnique({
+      where: { email: normalizedEmail }
+    })
+  );
+
+  if (existingUser) {
+    throw new Error("Email is already registered.");
+  }
+
+  const passwordHash = await bcrypt.hash(password, 10);
+  const user = await prisma.user.create({
+    data: {
+      name: String(name).trim(),
+      email: normalizedEmail,
+      passwordHash
+    }
+  });
+
+  return {
+    token: issueToken(user, config),
+    user: sanitizeUser(user)
+  };
+}
+
+async function loginUser({ email, password, config }) {
+  const normalizedEmail = String(email || "").trim().toLowerCase();
+  const user = await retryOnSqliteTimeout(() =>
+    prisma.user.findUnique({
+      where: { email: normalizedEmail }
+    })
+  );
+
+  if (!user) {
+    throw new Error("Invalid email or password.");
+  }
+
+  const matches = await bcrypt.compare(password, user.passwordHash);
+  if (!matches) {
+    throw new Error("Invalid email or password.");
+  }
+
+  return {
+    token: issueToken(user, config),
+    user: sanitizeUser(user)
+  };
+}
+
+async function getUserFromToken(token, config) {
+  if (!token) {
+    return null;
+  }
+
+  const payload = jwt.verify(token, config.jwtSecret);
+  const user = await retryOnSqliteTimeout(() =>
+    prisma.user.findUnique({
+      where: { id: payload.sub }
+    })
+  );
+
+  return user ? sanitizeUser(user) : null;
+}
+
+function createAuthMiddleware(config, { allowApiKey = true } = {}) {
+  return async (req, res, next) => {
+    try {
+      const header = req.headers.authorization || "";
+      const bearerValue = header.startsWith("Bearer ") ? header.slice(7) : null;
+      const headerApiKey = req.headers["x-api-key"] || req.headers["x-openwa-api-key"] || null;
+      const apiKey = allowApiKey ? headerApiKey || (String(bearerValue || "").startsWith("owa_live_") ? bearerValue : null) : null;
+      const token = apiKey ? null : bearerValue;
+
+      if (!token && !apiKey) {
+        return res.status(401).json({ error: "Authentication required." });
+      }
+
+      const user = apiKey ? await getUserFromApiKey(apiKey) : await getUserFromToken(token, config);
+      if (!user) {
+        return res.status(401).json({ error: apiKey ? "Invalid API key." : "Invalid token." });
+      }
+
+      req.user = user;
+      return next();
+    } catch (error) {
+      if (isSqliteTimeoutError(error)) {
+        return res.status(503).json({ error: "Database is busy. Please try again." });
+      }
+
+      return res.status(401).json({ error: error.message });
+    }
+  };
+}
+
+function authMiddleware(config) {
+  return createAuthMiddleware(config, { allowApiKey: true });
+}
+
+function dashboardAuthMiddleware(config) {
+  return createAuthMiddleware(config, { allowApiKey: false });
+}
+
+module.exports = {
+  authMiddleware,
+  dashboardAuthMiddleware,
+  getUserFromToken,
+  isSqliteTimeoutError,
+  loginUser,
+  registerUser,
+  sanitizeUser
+};