@camox/api 0.2.0-alpha.5

package/src/lib/resolve-environment.ts

@@ -0,0 +1,218 @@
+import { ORPCError } from "@orpc/server";
+import { and, eq } from "drizzle-orm";
+
+import type { Database } from "../db";
+import {
+  blockDefinitions,
+  blocks,
+  environments,
+  files,
+  layouts,
+  pages,
+  repeatableItems,
+} from "../schema";
+
+export async function resolveEnvironment(
+  db: Database,
+  projectId: number,
+  environmentName: string,
+  options?: { autoCreate?: boolean },
+) {
+  let environment = await db
+    .select()
+    .from(environments)
+    .where(and(eq(environments.projectId, projectId), eq(environments.name, environmentName)))
+    .get();
+
+  let created = false;
+
+  if (!environment && options?.autoCreate) {
+    const now = Date.now();
+    environment = await db
+      .insert(environments)
+      .values({
+        projectId,
+        name: environmentName,
+        type: "development",
+        createdAt: now,
+        updatedAt: now,
+      })
+      .returning()
+      .get();
+
+    await forkProductionContent(db, projectId, environment.id);
+    created = true;
+  }
+
+  if (!environment) {
+    throw new ORPCError("NOT_FOUND", {
+      message: `Environment "${environmentName}" not found`,
+    });
+  }
+  return { ...environment, created };
+}
+
+// ---------------------------------------------------------------------------
+// Fork production content into a new environment
+// ---------------------------------------------------------------------------
+
+function remapFileIds(content: unknown, fileIdMap: Map<number, number>): unknown {
+  if (content === null || content === undefined) return content;
+  if (Array.isArray(content)) {
+    return content.map((item) => remapFileIds(item, fileIdMap));
+  }
+  if (typeof content === "object") {
+    const obj = content as Record<string, unknown>;
+    if ("_fileId" in obj && typeof obj._fileId === "number") {
+      const newId = fileIdMap.get(obj._fileId);
+      if (newId !== undefined) {
+        return { ...obj, _fileId: newId };
+      }
+    }
+    const result: Record<string, unknown> = {};
+    for (const [key, value] of Object.entries(obj)) {
+      result[key] = remapFileIds(value, fileIdMap);
+    }
+    return result;
+  }
+  return content;
+}
+
+async function forkProductionContent(db: Database, projectId: number, newEnvironmentId: number) {
+  const prodEnv = await db
+    .select()
+    .from(environments)
+    .where(and(eq(environments.projectId, projectId), eq(environments.type, "production")))
+    .get();
+  if (!prodEnv) return;
+
+  const now = Date.now();
+
+  // 1. Block definitions
+  const prodDefs = await db
+    .select()
+    .from(blockDefinitions)
+    .where(eq(blockDefinitions.environmentId, prodEnv.id));
+  for (const def of prodDefs) {
+    const { id: _, ...rest } = def;
+    await db
+      .insert(blockDefinitions)
+      .values({ ...rest, environmentId: newEnvironmentId, createdAt: now, updatedAt: now });
+  }
+
+  // 2. Files (same blob/URL, new environment) — build ID mapping
+  const fileIdMap = new Map<number, number>();
+  const prodFiles = await db.select().from(files).where(eq(files.environmentId, prodEnv.id));
+  for (const file of prodFiles) {
+    const { id: _, ...rest } = file;
+    const newFile = await db
+      .insert(files)
+      .values({ ...rest, environmentId: newEnvironmentId, createdAt: now, updatedAt: now })
+      .returning()
+      .get();
+    fileIdMap.set(file.id, newFile.id);
+  }
+
+  // 3. Layouts — build ID mapping
+  const layoutIdMap = new Map<number, number>();
+  const prodLayouts = await db.select().from(layouts).where(eq(layouts.environmentId, prodEnv.id));
+  for (const layout of prodLayouts) {
+    const { id: _, ...rest } = layout;
+    const newLayout = await db
+      .insert(layouts)
+      .values({ ...rest, environmentId: newEnvironmentId, createdAt: now, updatedAt: now })
+      .returning()
+      .get();
+    layoutIdMap.set(layout.id, newLayout.id);
+  }
+
+  // 4. Layout blocks + their repeatable items
+  const blockIdMap = new Map<number, number>();
+  for (const [oldLayoutId, newLayoutId] of layoutIdMap) {
+    const layoutBlocks = await db.select().from(blocks).where(eq(blocks.layoutId, oldLayoutId));
+    for (const block of layoutBlocks) {
+      const { id: _, ...rest } = block;
+      const newBlock = await db
+        .insert(blocks)
+        .values({
+          ...rest,
+          layoutId: newLayoutId,
+          content: remapFileIds(rest.content, fileIdMap),
+          createdAt: now,
+          updatedAt: now,
+        })
+        .returning()
+        .get();
+      blockIdMap.set(block.id, newBlock.id);
+    }
+  }
+
+  // 5. Pages — sort by id so parents are inserted before children
+  const pageIdMap = new Map<number, number>();
+  const prodPages = await db.select().from(pages).where(eq(pages.environmentId, prodEnv.id));
+  prodPages.sort((a, b) => a.id - b.id);
+
+  for (const page of prodPages) {
+    const { id: _, ...rest } = page;
+    const newPage = await db
+      .insert(pages)
+      .values({
+        ...rest,
+        environmentId: newEnvironmentId,
+        layoutId: layoutIdMap.get(page.layoutId) ?? page.layoutId,
+        parentPageId: page.parentPageId ? (pageIdMap.get(page.parentPageId) ?? null) : null,
+        createdAt: now,
+        updatedAt: now,
+      })
+      .returning()
+      .get();
+    pageIdMap.set(page.id, newPage.id);
+  }
+
+  // 6. Page blocks
+  for (const [oldPageId, newPageId] of pageIdMap) {
+    const pageBlocks = await db.select().from(blocks).where(eq(blocks.pageId, oldPageId));
+    for (const block of pageBlocks) {
+      const { id: _, ...rest } = block;
+      const newBlock = await db
+        .insert(blocks)
+        .values({
+          ...rest,
+          pageId: newPageId,
+          content: remapFileIds(rest.content, fileIdMap),
+          createdAt: now,
+          updatedAt: now,
+        })
+        .returning()
+        .get();
+      blockIdMap.set(block.id, newBlock.id);
+    }
+  }
+
+  // 7. Repeatable items for all copied blocks — sort by id so parents come first
+  for (const [oldBlockId, newBlockId] of blockIdMap) {
+    const items = await db
+      .select()
+      .from(repeatableItems)
+      .where(eq(repeatableItems.blockId, oldBlockId));
+    items.sort((a, b) => a.id - b.id);
+
+    const itemIdMap = new Map<number, number>();
+    for (const item of items) {
+      const { id: _, ...rest } = item;
+      const newItem = await db
+        .insert(repeatableItems)
+        .values({
+          ...rest,
+          blockId: newBlockId,
+          parentItemId: item.parentItemId ? (itemIdMap.get(item.parentItemId) ?? null) : null,
+          content: remapFileIds(rest.content, fileIdMap),
+          createdAt: now,
+          updatedAt: now,
+        })
+        .returning()
+        .get();
+      itemIdMap.set(item.id, newItem.id);
+    }
+  }
+}

package/src/lib/schedule-ai-job.ts

@@ -0,0 +1,21 @@
+type AiJobType = "summary" | "fileMetadata" | "seo";
+type EntityTable = "blocks" | "repeatableItems" | "files" | "pages";
+
+export function scheduleAiJob(
+  doNamespace: DurableObjectNamespace,
+  options: {
+    entityTable: EntityTable;
+    entityId: number;
+    type: AiJobType;
+    delayMs: number;
+  },
+) {
+  const name = `${options.entityTable}:${options.entityId}:${options.type}`;
+  const id = doNamespace.idFromName(name);
+  const stub = doNamespace.get(id);
+  return stub.fetch("http://do/schedule", {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify(options),
+  });
+}

package/src/lib/slug.ts

@@ -0,0 +1,42 @@
+import { eq } from "drizzle-orm";
+import {
+  adjectives,
+  animals,
+  NumberDictionary,
+  uniqueNamesGenerator,
+} from "unique-names-generator";
+
+import type { Database } from "../db";
+import { projects } from "../schema";
+
+const numberDictionary = NumberDictionary.generate({ min: 10, max: 99 });
+
+function generateSlug(): string {
+  return uniqueNamesGenerator({
+    dictionaries: [adjectives, animals, numberDictionary],
+    separator: "-",
+    style: "lowerCase",
+  });
+}
+
+/**
+ * Generates a unique human-readable slug (e.g. "swift-falcon-42")
+ * and verifies it doesn't collide with an existing project slug.
+ * Retries up to 10 times on collision.
+ */
+export async function generateUniqueSlug(db: Database): Promise<string> {
+  for (let attempt = 0; attempt < 10; attempt++) {
+    const slug = generateSlug();
+    const existing = await db
+      .select({ id: projects.id })
+      .from(projects)
+      .where(eq(projects.slug, slug))
+      .get();
+
+    if (!existing) {
+      return slug;
+    }
+  }
+
+  throw new Error("Failed to generate a unique slug after 10 attempts");
+}

package/src/middleware.ts

@@ -0,0 +1,10 @@
+import { createMiddleware } from "hono/factory";
+
+import type { AppEnv } from "./types";
+
+export const requireAuth = createMiddleware<AppEnv>(async (c, next) => {
+  if (!c.var.user) {
+    return c.json({ error: "Unauthorized" }, 401);
+  }
+  await next();
+});

package/src/orpc.ts

@@ -0,0 +1,65 @@
+import { os, ORPCError } from "@orpc/server";
+
+import type { Database } from "./db";
+import type { Auth } from "./routes/auth";
+import type { Bindings } from "./types";
+
+// --- Context types ---
+
+export type BaseContext = {
+  db: Database;
+  user: Auth["$Infer"]["Session"]["user"] | null;
+  session: Auth["$Infer"]["Session"]["session"] | null;
+  env: Bindings;
+  headers: Headers;
+  environmentName: string;
+};
+
+export type AuthedContext = BaseContext & {
+  user: Auth["$Infer"]["Session"]["user"];
+  session: Auth["$Infer"]["Session"]["session"];
+};
+
+// --- Base procedures ---
+
+/** Public procedure — available to anyone, no auth required */
+export const pub = os.$context<BaseContext>().use(async ({ next, path }) => {
+  try {
+    return await next();
+  } catch (error) {
+    if (error instanceof ORPCError && error.status < 500) {
+      throw error;
+    }
+    console.error(`[oRPC] ${path.join(".")} →`, error);
+    throw error;
+  }
+});
+
+/** Sync procedure — requires either a valid session or the x-sync-secret header */
+export const synced = pub.use(async ({ context, next }) => {
+  if (context.user && context.session) {
+    return next({ context });
+  }
+
+  const secret = context.headers.get("x-sync-secret");
+  if (!secret || secret !== context.env.SYNC_SECRET) {
+    throw new ORPCError("UNAUTHORIZED");
+  }
+
+  return next({ context });
+});
+
+/** Authed procedure — requires authenticated user */
+export const authed = pub.use(async ({ context, next }) => {
+  if (!context.user || !context.session) {
+    throw new ORPCError("UNAUTHORIZED");
+  }
+
+  return next({
+    context: {
+      ...context,
+      user: context.user,
+      session: context.session,
+    },
+  });
+});

package/src/router.ts

@@ -0,0 +1,19 @@
+import { blockDefinitionProcedures } from "./routes/block-definitions";
+import { blockProcedures } from "./routes/blocks";
+import { fileProcedures } from "./routes/files";
+import { layoutProcedures } from "./routes/layouts";
+import { pageProcedures } from "./routes/pages";
+import { projectProcedures } from "./routes/projects";
+import { repeatableItemProcedures } from "./routes/repeatable-items";
+
+export const router = {
+  projects: projectProcedures,
+  pages: pageProcedures,
+  blocks: blockProcedures,
+  layouts: layoutProcedures,
+  files: fileProcedures,
+  repeatableItems: repeatableItemProcedures,
+  blockDefinitions: blockDefinitionProcedures,
+};
+
+export type Router = typeof router;

package/src/routes/auth.ts

@@ -0,0 +1,110 @@
+import { betterAuth } from "better-auth";
+import { drizzleAdapter } from "better-auth/adapters/drizzle";
+import { bearer, oneTimeToken, organization } from "better-auth/plugins";
+import { Hono } from "hono";
+import { cors } from "hono/cors";
+
+import type { Database } from "../db";
+import { crossDomain } from "../lib/cross-domain";
+import {
+  user,
+  session,
+  account,
+  verification,
+  organizationTable,
+  member,
+  invitation,
+} from "../schema";
+import type { AppEnv, Bindings } from "../types";
+
+// --- Auth Factory ---
+
+const authSchema = {
+  user,
+  session,
+  account,
+  verification,
+  organization: organizationTable,
+  member,
+  invitation,
+};
+
+function generateSlug(name: string): string {
+  const base = name
+    .toLowerCase()
+    .replace(/[^a-z0-9]+/g, "-")
+    .replace(/^-|-$/g, "");
+  const suffix = crypto.randomUUID().slice(0, 8);
+  return `${base}-${suffix}`;
+}
+
+export function createAuth(db: Database, env: Bindings) {
+  const auth = betterAuth({
+    database: drizzleAdapter(db, {
+      provider: "sqlite",
+      schema: authSchema,
+    }),
+    baseURL: env.BETTER_AUTH_URL,
+    secret: env.BETTER_AUTH_SECRET,
+    emailAndPassword: {
+      enabled: true,
+      requireEmailVerification: false,
+    },
+    socialProviders: {
+      github: {
+        clientId: env.GITHUB_CLIENT_ID,
+        clientSecret: env.GITHUB_CLIENT_SECRET,
+      },
+      google: {
+        clientId: env.GOOGLE_CLIENT_ID,
+        clientSecret: env.GOOGLE_CLIENT_SECRET,
+      },
+    },
+    session: {
+      expiresIn: 60 * 60 * 24 * 90, // 90 days
+      updateAge: 60 * 60 * 24, // refresh session expiry daily
+    },
+    // Accept requests from any origin — Camox sites run on arbitrary customer domains
+    trustedOrigins: ["*"],
+    plugins: [organization(), crossDomain({ siteUrl: env.SITE_URL }), oneTimeToken(), bearer()],
+    databaseHooks: {
+      user: {
+        create: {
+          after: async (user) => {
+            const orgName = `${user.name}'s team`;
+            const slug = generateSlug(orgName);
+            await auth.api.createOrganization({
+              body: {
+                name: orgName,
+                slug,
+                userId: user.id,
+              },
+            });
+          },
+        },
+      },
+    },
+  });
+  return auth;
+}
+
+export type Auth = ReturnType<typeof createAuth>;
+
+// --- Routes ---
+
+export const authRoutes = new Hono<AppEnv>()
+  .use(
+    "*",
+    cors({
+      origin: (origin) => origin,
+      allowHeaders: ["Content-Type", "Authorization"],
+      allowMethods: ["POST", "GET", "OPTIONS"],
+      exposeHeaders: ["Content-Length", "Set-Better-Auth-Cookie"],
+      maxAge: 600,
+      credentials: true,
+    }),
+  )
+  .on(["POST", "GET"], "/*", async (c) => {
+    const auth = createAuth(c.var.db, c.env);
+    return auth.handler(c.req.raw);
+  });

package/src/routes/block-definitions.ts

@@ -0,0 +1,216 @@
+import { ORPCError } from "@orpc/server";
+import { and, eq } from "drizzle-orm";
+import { z } from "zod";
+
+import { resolveEnvironment } from "../lib/resolve-environment";
+import { pub, synced } from "../orpc";
+import { blockDefinitions, projects } from "../schema";
+
+// --- Procedures ---
+
+const definitionSchema = z.object({
+  projectSlug: z.string(),
+  blockId: z.string(),
+  title: z.string(),
+  description: z.string(),
+  contentSchema: z.unknown(),
+  settingsSchema: z.unknown().optional(),
+  defaultContent: z.unknown().optional(),
+  defaultSettings: z.unknown().optional(),
+  layoutOnly: z.boolean().optional(),
+});
+
+const syncSchema = z.object({
+  projectSlug: z.string(),
+  definitions: z.array(
+    z.object({
+      blockId: z.string(),
+      title: z.string(),
+      description: z.string(),
+      contentSchema: z.unknown(),
+      settingsSchema: z.unknown().optional(),
+      defaultContent: z.unknown().optional(),
+      defaultSettings: z.unknown().optional(),
+      layoutOnly: z.boolean().optional(),
+    }),
+  ),
+});
+
+const list = pub.input(z.object({ projectId: z.number() })).handler(async ({ context, input }) => {
+  const environment = await resolveEnvironment(
+    context.db,
+    input.projectId,
+    context.environmentName,
+  );
+  const result = await context.db
+    .select()
+    .from(blockDefinitions)
+    .where(
+      and(
+        eq(blockDefinitions.projectId, input.projectId),
+        eq(blockDefinitions.environmentId, environment.id),
+      ),
+    );
+  return result;
+});
+
+const sync = synced.input(syncSchema).handler(async ({ context, input }) => {
+  const { projectSlug, definitions } = input;
+  const project = await context.db
+    .select()
+    .from(projects)
+    .where(eq(projects.slug, projectSlug))
+    .get();
+  if (!project) throw new ORPCError("NOT_FOUND");
+  const projectId = project.id;
+  const environment = await resolveEnvironment(context.db, projectId, context.environmentName, {
+    autoCreate: true,
+  });
+  const now = Date.now();
+  const results = [];
+
+  for (const def of definitions) {
+    const existing = await context.db
+      .select()
+      .from(blockDefinitions)
+      .where(
+        and(
+          eq(blockDefinitions.projectId, projectId),
+          eq(blockDefinitions.environmentId, environment.id),
+          eq(blockDefinitions.blockId, def.blockId),
+        ),
+      )
+      .get();
+
+    if (existing) {
+      const updated = await context.db
+        .update(blockDefinitions)
+        .set({
+          title: def.title,
+          description: def.description,
+          contentSchema: def.contentSchema,
+          settingsSchema: def.settingsSchema ?? null,
+          defaultContent: def.defaultContent ?? null,
+          defaultSettings: def.defaultSettings ?? null,
+          layoutOnly: def.layoutOnly ?? null,
+          updatedAt: now,
+        })
+        .where(eq(blockDefinitions.id, existing.id))
+        .returning()
+        .get();
+      results.push(updated);
+    } else {
+      const created = await context.db
+        .insert(blockDefinitions)
+        .values({
+          projectId,
+          environmentId: environment.id,
+          blockId: def.blockId,
+          title: def.title,
+          description: def.description,
+          contentSchema: def.contentSchema,
+          settingsSchema: def.settingsSchema ?? null,
+          defaultContent: def.defaultContent ?? null,
+          defaultSettings: def.defaultSettings ?? null,
+          layoutOnly: def.layoutOnly ?? null,
+          createdAt: now,
+          updatedAt: now,
+        })
+        .returning()
+        .get();
+      results.push(created);
+    }
+  }
+
+  return { results, environmentCreated: environment.created };
+});
+
+const upsert = synced.input(definitionSchema).handler(async ({ context, input }) => {
+  const { projectSlug, ...body } = input;
+  const project = await context.db
+    .select()
+    .from(projects)
+    .where(eq(projects.slug, projectSlug))
+    .get();
+  if (!project) throw new ORPCError("NOT_FOUND");
+  const projectId = project.id;
+  const environment = await resolveEnvironment(context.db, projectId, context.environmentName, {
+    autoCreate: true,
+  });
+  const now = Date.now();
+
+  const existing = await context.db
+    .select()
+    .from(blockDefinitions)
+    .where(
+      and(
+        eq(blockDefinitions.projectId, projectId),
+        eq(blockDefinitions.environmentId, environment.id),
+        eq(blockDefinitions.blockId, body.blockId),
+      ),
+    )
+    .get();
+
+  if (existing) {
+    const result = await context.db
+      .update(blockDefinitions)
+      .set({
+        title: body.title,
+        description: body.description,
+        contentSchema: body.contentSchema,
+        settingsSchema: body.settingsSchema ?? null,
+        defaultContent: body.defaultContent ?? null,
+        defaultSettings: body.defaultSettings ?? null,
+        layoutOnly: body.layoutOnly ?? null,
+        updatedAt: now,
+      })
+      .where(eq(blockDefinitions.id, existing.id))
+      .returning()
+      .get();
+    return { ...result, action: "updated" as const };
+  }
+
+  const result = await context.db
+    .insert(blockDefinitions)
+    .values({
+      ...body,
+      projectId,
+      environmentId: environment.id,
+      settingsSchema: body.settingsSchema ?? null,
+      defaultContent: body.defaultContent ?? null,
+      defaultSettings: body.defaultSettings ?? null,
+      layoutOnly: body.layoutOnly ?? null,
+      createdAt: now,
+      updatedAt: now,
+    })
+    .returning()
+    .get();
+  return { ...result, action: "created" as const };
+});
+
+const deleteFn = synced
+  .input(z.object({ projectSlug: z.string(), blockId: z.string() }))
+  .handler(async ({ context, input }) => {
+    const { projectSlug, blockId } = input;
+    const project = await context.db
+      .select()
+      .from(projects)
+      .where(eq(projects.slug, projectSlug))
+      .get();
+    if (!project) throw new ORPCError("NOT_FOUND");
+    const environment = await resolveEnvironment(context.db, project.id, context.environmentName);
+    const result = await context.db
+      .delete(blockDefinitions)
+      .where(
+        and(
+          eq(blockDefinitions.projectId, project.id),
+          eq(blockDefinitions.environmentId, environment.id),
+          eq(blockDefinitions.blockId, blockId),
+        ),
+      )
+      .returning()
+      .get();
+    return { deleted: !!result, blockId };
+  });
+
+export const blockDefinitionProcedures = { list, sync, upsert, delete: deleteFn };