@camstack/server 0.1.7 → 0.1.8

package/src/main.ts

@@ -46,12 +46,15 @@ import { registerHealthRoutes } from "./api/health/health.routes";
 import { registerOauth2Routes } from "./api/oauth2/oauth2-routes.js";
 import {
   AddonRouteRegistry,
+  DataPlaneRegistry,
+  proxyToUpstream,
 } from "@camstack/core";
 import type { FastifyRequest, FastifyReply } from "fastify";
 import { loadBootstrapConfig, setupInfra } from "./boot/boot-config";
 import { bootManual } from "./manual-boot";
 
 import { PostBootService } from "./boot/post-boot.service";
+import { runIntegrationIdBackfill } from "./boot/integration-id-backfill";
 
 // ---- Process-level error handlers ----
 
@@ -236,6 +239,7 @@ async function bootstrap() {
   // Instantiate new core services
   const loggingService = app.get(LoggingService);
   const addonRouteRegistry = new AddonRouteRegistry();
+  const dataPlaneRegistry = new DataPlaneRegistry();
 
   // Use Fastify-managed notification/toast wrappers (globally provided by NotificationModule)
   const { NotificationServiceWrapper } =
@@ -251,6 +255,7 @@ async function bootstrap() {
   // Wire AddonRouteRegistry and NotificationService
   const addonRegistry = app.get(AddonRegistryService);
   addonRegistry.setAddonRouteRegistry(addonRouteRegistry);
+  addonRegistry.setDataPlaneRegistry(dataPlaneRegistry);
 
   // ── Configure the CapabilityRegistry (created in AddonRegistryService constructor) ──
   const capabilityRegistry = addonRegistry.getCapabilityRegistry();
@@ -703,6 +708,59 @@ async function bootstrap() {
         else if (Array.isArray(v)) headers[k] = v.join(",");
       }
 
+      // ── HTTP data-plane: reverse-proxy to the addon's own listener ───────
+      // Checked BEFORE control routes. A hit means the addon serves this prefix
+      // via `ctx.dataPlane` (it streams the bytes with real req/res); the hub
+      // authenticates here, then pipes. Same origin/cert as the admin-ui.
+      const dpMatch = dataPlaneRegistry.match(addonId, subPath);
+      if (dpMatch) {
+        const access = dpMatch.endpoint.access;
+        if (access !== "public") {
+          const authHeader = request.headers.authorization;
+          const cookieToken = request.cookies?.[SESSION_COOKIE];
+          if (!authHeader && !cookieToken) {
+            return reply.status(401).send({ error: "Unauthorized" });
+          }
+          const token = authHeader ? authHeader.replace("Bearer ", "") : cookieToken!;
+          if (token.startsWith("cst_")) {
+            const userMgmt = capabilityRegistry?.getSingleton("user-management");
+            if (!userMgmt) return reply.status(503).send({ error: "User management not available" });
+            const scopedToken = await userMgmt.validateScopedToken({ token });
+            const scopeOk = scopedToken?.scopes.some(
+              (scope: { type: string; target?: string }) => scope.type === "addon" && scope.target === addonId,
+            );
+            if (!scopedToken || !scopeOk) {
+              return reply.status(403).send({ error: "Token scope mismatch" });
+            }
+          } else {
+            try {
+              const payload = authService.verifyToken(token);
+              if (access === "admin" && !payload.isAdmin) {
+                return reply.status(403).send({ error: "Admin required" });
+              }
+            } catch {
+              return reply.status(401).send({ error: "Invalid token" });
+            }
+          }
+        }
+        const qIdx = request.url.indexOf("?");
+        const query = qIdx >= 0 ? request.url.slice(qIdx) : "";
+        // Forward the FULL sub-path INCLUDING the prefix — the addon's facility
+        // multiplexes by prefix, so it strips the prefix itself. (`dpMatch.rest`
+        // is only used to pick the endpoint, not to rewrite the path.)
+        const upstreamPath = `/${subPath}${query}`;
+        // Take over the socket — `proxyToUpstream` drives the raw response.
+        reply.hijack();
+        proxyToUpstream({
+          baseUrl: dpMatch.endpoint.baseUrl,
+          secret: dpMatch.endpoint.secret,
+          upstreamPath,
+          clientReq: request.raw,
+          clientRes: reply.raw,
+        });
+        return;
+      }
+
       const match = addonRouteRegistry.matchRoute(method, fullPath);
       if (!match) {
         if (method === "GET" && spaIndexHtml) {
@@ -1027,6 +1085,40 @@ async function bootstrap() {
   // Post-boot: fork workers, register device streams, emit system.boot
   const postBoot = app.get(PostBootService);
   await postBoot.run({ port, host, dataPath, trpcRegistered });
+
+  // One-time backfill: stamp integrationId on devices created before the
+  // device-manager forwarder started stamping it (legacy camera providers),
+  // so deleting their integration cascades them. Idempotent — only touches
+  // untagged top-level devices of single-instance addons.
+  try {
+    const dmForBackfill = capabilityRegistry.getSingleton('device-manager') as {
+      listAll?: (input: { addonId?: string }) => Promise<readonly {
+        id: number; addonId: string; parentDeviceId: number | null; integrationId?: string
+      }[]>
+      setIntegrationId?: (input: { deviceId: number; integrationId: string }) => Promise<void>
+    } | null
+    const integrationRegistry = addonRegistry.getIntegrationRegistry()
+    if (dmForBackfill?.listAll && dmForBackfill?.setIntegrationId && integrationRegistry) {
+      const listAll = dmForBackfill.listAll
+      const setIntegrationId = dmForBackfill.setIntegrationId
+      const backfillLogger = loggingService.createLogger('integration-backfill')
+      await runIntegrationIdBackfill({
+        listIntegrations: async () =>
+          (await integrationRegistry.listIntegrations()).map((i) => ({ id: i.id, addonId: i.addonId })),
+        listDevices: async () =>
+          (await listAll({})).map((d) => ({
+            id: d.id, addonId: d.addonId, parentDeviceId: d.parentDeviceId, integrationId: d.integrationId,
+          })),
+        setIntegrationId: (deviceId, integrationId) => setIntegrationId({ deviceId, integrationId }),
+        logger: {
+          info: (message, meta) => backfillLogger.info(message, { meta }),
+          warn: (message, meta) => backfillLogger.warn(message, { meta }),
+        },
+      })
+    }
+  } catch (err) {
+    console.warn('[bootstrap] integrationId backfill skipped:', err instanceof Error ? err.message : err)
+  }
 }
 
 /**

package/src/core/storage/settings-store.spec.ts

@@ -1,213 +0,0 @@
- 
-// server/backend/src/core/storage/settings-store.spec.ts
-import { describe, it, expect, beforeEach, afterEach } from 'vitest'
-import { SettingsStore } from './settings-store'
-import { RUNTIME_DEFAULTS } from '../config/config.schema'
-
-// Use an in-memory SQLite DB for tests so no temp files are created.
-function makeStore(): SettingsStore {
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any, @typescript-eslint/no-unsafe-call -- 
-  return new (SettingsStore as any)(':memory:') as SettingsStore
-}
-
-// Re-open the private constructor with ':memory:' by temporarily patching the
-// constructor argument. SettingsStore accepts a dbPath string; ':memory:' is
-// the special better-sqlite3 in-memory sentinel.
-function createStore(): SettingsStore {
-  return new SettingsStore(':memory:')
-}
-
-describe('SettingsStore — system settings', () => {
-  let store: SettingsStore
-
-  beforeEach(() => { store = createStore() })
-  afterEach(() => { store.close() })
-
-  it('returns undefined for a key that does not exist', () => {
-    expect(store.getSystem('nonexistent')).toBeUndefined()
-  })
-
-  it('stores and retrieves a string value', () => {
-    store.setSystem('logging.level', 'debug')
-    expect(store.getSystem('logging.level')).toBe('debug')
-  })
-
-  it('stores and retrieves a number value', () => {
-    store.setSystem('retention.days', 30)
-    expect(store.getSystem('retention.days')).toBe(30)
-  })
-
-  it('stores and retrieves a boolean value', () => {
-    store.setSystem('features.streaming', true)
-    expect(store.getSystem('features.streaming')).toBe(true)
-  })
-
-  it('stores and retrieves a nested object (JSON serialization)', () => {
-    const obj = { a: 1, b: [1, 2, 3], c: { nested: true } }
-    store.setSystem('complex.key', obj)
-    expect(store.getSystem('complex.key')).toEqual(obj)
-  })
-
-  it('overwrites an existing key', () => {
-    store.setSystem('logging.level', 'info')
-    store.setSystem('logging.level', 'warn')
-    expect(store.getSystem('logging.level')).toBe('warn')
-  })
-
-  it('getAllSystem returns all stored keys', () => {
-    store.setSystem('key.a', 1)
-    store.setSystem('key.b', 2)
-    const all = store.getAllSystem()
-    expect(all['key.a']).toBe(1)
-    expect(all['key.b']).toBe(2)
-  })
-
-  it('getAllSystem returns empty object when no keys are set', () => {
-    expect(store.getAllSystem()).toEqual({})
-  })
-})
-
-describe('SettingsStore — addon settings', () => {
-  let store: SettingsStore
-
-  beforeEach(() => { store = createStore() })
-  afterEach(() => { store.close() })
-
-  it('returns undefined for a missing addon key', () => {
-    expect(store.getAddon('sqlite-storage', 'dbPath')).toBeUndefined()
-  })
-
-  it('stores and retrieves a value scoped by addonId', () => {
-    store.setAddon('sqlite-storage', 'dbPath', '/data/camstack.db')
-    expect(store.getAddon('sqlite-storage', 'dbPath')).toBe('/data/camstack.db')
-  })
-
-  it('scopes values: different addons do not share keys', () => {
-    store.setAddon('addon-a', 'sharedKey', 'value-a')
-    store.setAddon('addon-b', 'sharedKey', 'value-b')
-    expect(store.getAddon('addon-a', 'sharedKey')).toBe('value-a')
-    expect(store.getAddon('addon-b', 'sharedKey')).toBe('value-b')
-  })
-
-  it('getAllAddon returns only keys for the requested addon', () => {
-    store.setAddon('addon-a', 'key1', 10)
-    store.setAddon('addon-a', 'key2', 20)
-    store.setAddon('addon-b', 'key1', 99)
-    const all = store.getAllAddon('addon-a')
-    expect(all).toEqual({ key1: 10, key2: 20 })
-  })
-
-  it('setAllAddon replaces all keys atomically', () => {
-    store.setAddon('my-addon', 'old', 'gone')
-    store.setAllAddon('my-addon', { newKey: 'newVal', another: 42 })
-    const all = store.getAllAddon('my-addon')
-    expect(all).toEqual({ newKey: 'newVal', another: 42 })
-    expect(store.getAddon('my-addon', 'old')).toBeUndefined()
-  })
-
-  it('setAllAddon does not affect other addons', () => {
-    store.setAddon('other-addon', 'keep', 'me')
-    store.setAllAddon('my-addon', { x: 1 })
-    expect(store.getAddon('other-addon', 'keep')).toBe('me')
-  })
-})
-
-describe('SettingsStore — provider settings', () => {
-  let store: SettingsStore
-
-  beforeEach(() => { store = createStore() })
-  afterEach(() => { store.close() })
-
-  it('returns undefined for a missing provider key', () => {
-    expect(store.getProvider('prov-1', 'url')).toBeUndefined()
-  })
-
-  it('stores and retrieves a provider value', () => {
-    store.setProvider('prov-1', 'url', 'http://localhost:8554')
-    expect(store.getProvider('prov-1', 'url')).toBe('http://localhost:8554')
-  })
-
-  it('scopes values between providers', () => {
-    store.setProvider('prov-1', 'url', 'http://host-a')
-    store.setProvider('prov-2', 'url', 'http://host-b')
-    expect(store.getProvider('prov-1', 'url')).toBe('http://host-a')
-    expect(store.getProvider('prov-2', 'url')).toBe('http://host-b')
-  })
-
-  it('getAllProvider returns all keys for a provider', () => {
-    store.setProvider('prov-1', 'url', 'http://x')
-    store.setProvider('prov-1', 'port', 8554)
-    expect(store.getAllProvider('prov-1')).toEqual({ url: 'http://x', port: 8554 })
-  })
-})
-
-describe('SettingsStore — device settings', () => {
-  let store: SettingsStore
-
-  beforeEach(() => { store = createStore() })
-  afterEach(() => { store.close() })
-
-  it('returns undefined for a missing device key', () => {
-    expect(store.getDevice('cam-1', 'label')).toBeUndefined()
-  })
-
-  it('stores and retrieves a device value', () => {
-    store.setDevice('cam-1', 'label', 'Front Door')
-    expect(store.getDevice('cam-1', 'label')).toBe('Front Door')
-  })
-
-  it('scopes values between devices', () => {
-    store.setDevice('cam-1', 'label', 'A')
-    store.setDevice('cam-2', 'label', 'B')
-    expect(store.getDevice('cam-1', 'label')).toBe('A')
-    expect(store.getDevice('cam-2', 'label')).toBe('B')
-  })
-
-  it('getAllDevice returns all keys for a device', () => {
-    store.setDevice('cam-1', 'label', 'Cam 1')
-    store.setDevice('cam-1', 'enabled', true)
-    expect(store.getAllDevice('cam-1')).toEqual({ label: 'Cam 1', enabled: true })
-  })
-})
-
-describe('SettingsStore — first boot seeding', () => {
-  let store: SettingsStore
-
-  beforeEach(() => { store = createStore() })
-  afterEach(() => { store.close() })
-
-  it('isSystemSettingsEmpty returns true on a fresh DB', () => {
-    expect(store.isSystemSettingsEmpty()).toBe(true)
-  })
-
-  it('seedDefaults populates system_settings with RUNTIME_DEFAULTS', () => {
-    store.seedDefaults()
-    expect(store.isSystemSettingsEmpty()).toBe(false)
-    for (const [key, expected] of Object.entries(RUNTIME_DEFAULTS)) {
-      expect(store.getSystem(key)).toEqual(expected)
-    }
-  })
-
-  it('seedDefaults does not overwrite existing values (INSERT OR IGNORE)', () => {
-    store.setSystem('logging.level', 'debug')
-    store.seedDefaults()
-    // The manually set value should survive — seedDefaults uses INSERT OR IGNORE
-    expect(store.getSystem('logging.level')).toBe('debug')
-  })
-
-  it('second boot: seedDefaults is skipped when table is not empty', () => {
-    store.seedDefaults()
-    // Simulate a manual override then "re-boot"
-    store.setSystem('logging.level', 'warn')
-
-    // On second boot we would call seedDefaults only when isEmpty — simulate that guard
-    if (!store.isSystemSettingsEmpty()) {
-      // No-op: skip seeding
-    } else {
-      store.seedDefaults()
-    }
-
-    // Value from first seed should remain (not reverted to RUNTIME_DEFAULTS)
-    expect(store.getSystem('logging.level')).toBe('warn')
-  })
-})

package/src/core/storage/settings-store.ts

@@ -1,2 +0,0 @@
-// Re-export from @camstack/core (sqlite-storage builtin)
-export { SettingsStore } from '@camstack/core'

package/src/core/storage/sql-schema.spec.ts

@@ -1,140 +0,0 @@
-// server/backend/src/core/storage/sql-schema.spec.ts
-import { describe, it, expect } from 'vitest'
-import { addonTableToDdl, CORE_TABLE_DDL, type AddonTableSchema } from './sql-schema'
-
-describe('CORE_TABLE_DDL', () => {
-  it('is a non-empty readonly array of strings', () => {
-    expect(CORE_TABLE_DDL.length).toBeGreaterThan(0)
-    for (const stmt of CORE_TABLE_DDL) {
-      expect(typeof stmt).toBe('string')
-      expect(stmt.length).toBeGreaterThan(0)
-    }
-  })
-
-  it('contains CREATE TABLE IF NOT EXISTS for core tables', () => {
-    // `detection_events`, `audio_levels`, `track_trails` were removed
-    // in the P12b sweep — they're now owned by `addon-pipeline-analytics`
-    // via `declareCollection` (pipeline-analytics:motion-events,
-    // :object-events, :audio-events, :tracks, :media). The hub-core
-    // DDL only carries the foundational settings + device registry
-    // tables.
-    const tables = ['system_settings', 'addon_settings', 'provider_settings', 'device_settings', 'devices']
-    for (const table of tables) {
-      const found = CORE_TABLE_DDL.some(stmt => stmt.includes(`CREATE TABLE IF NOT EXISTS ${table}`))
-      expect(found, `Expected DDL for table "${table}"`).toBe(true)
-    }
-  })
-
-  it('contains indexes for the devices table', () => {
-    const found = CORE_TABLE_DDL.some(stmt => stmt.includes('idx_devices_addon'))
-    expect(found).toBe(true)
-  })
-})
-
-describe('addonTableToDdl', () => {
-  it('generates a CREATE TABLE statement with single primary key', () => {
-    const schema: AddonTableSchema = {
-      name: 'my_addon_events',
-      columns: [
-        { name: 'id', type: 'TEXT', primaryKey: true },
-        { name: 'timestamp', type: 'INTEGER', notNull: true },
-        { name: 'payload', type: 'JSON' },
-      ],
-    }
-
-    const stmts = addonTableToDdl(schema)
-    expect(stmts).toHaveLength(1)
-    const ddl = stmts[0]
-    expect(ddl).toContain('CREATE TABLE IF NOT EXISTS my_addon_events')
-    expect(ddl).toContain('id TEXT')
-    expect(ddl).toContain('timestamp INTEGER NOT NULL')
-    expect(ddl).toContain('payload JSON')
-    expect(ddl).toContain('PRIMARY KEY (id)')
-  })
-
-  it('generates a CREATE TABLE with composite primary key', () => {
-    const schema: AddonTableSchema = {
-      name: 'composite_pk_table',
-      columns: [
-        { name: 'addon_id', type: 'TEXT', primaryKey: true, notNull: true },
-        { name: 'key', type: 'TEXT', primaryKey: true, notNull: true },
-        { name: 'value', type: 'JSON', notNull: true },
-      ],
-    }
-
-    const stmts = addonTableToDdl(schema)
-    expect(stmts[0]).toContain('PRIMARY KEY (addon_id, key)')
-    expect(stmts[0]).toContain('addon_id TEXT NOT NULL')
-    expect(stmts[0]).toContain('key TEXT NOT NULL')
-  })
-
-  it('generates indexes when provided', () => {
-    const schema: AddonTableSchema = {
-      name: 'indexed_table',
-      columns: [
-        { name: 'id', type: 'TEXT', primaryKey: true },
-        { name: 'device_id', type: 'TEXT', notNull: true },
-        { name: 'ts', type: 'INTEGER', notNull: true },
-      ],
-      indexes: [
-        { name: 'idx_indexed_device_ts', columns: ['device_id', 'ts'] },
-        { name: 'idx_unique_id', columns: ['id'], unique: true },
-      ],
-    }
-
-    const stmts = addonTableToDdl(schema)
-    expect(stmts).toHaveLength(3)
-    expect(stmts[1]).toContain('CREATE INDEX IF NOT EXISTS idx_indexed_device_ts ON indexed_table(device_id, ts)')
-    expect(stmts[2]).toContain('CREATE UNIQUE INDEX IF NOT EXISTS idx_unique_id ON indexed_table(id)')
-  })
-
-  it('generates no PRIMARY KEY clause when no column is marked primaryKey', () => {
-    const schema: AddonTableSchema = {
-      name: 'no_pk_table',
-      columns: [
-        { name: 'col1', type: 'TEXT' },
-        { name: 'col2', type: 'INTEGER' },
-      ],
-    }
-
-    const stmts = addonTableToDdl(schema)
-    expect(stmts[0]).not.toContain('PRIMARY KEY')
-  })
-
-  it('produces valid SQL string (no syntax placeholders)', () => {
-    const schema: AddonTableSchema = {
-      name: 'valid_sql_table',
-      columns: [
-        { name: 'id', type: 'TEXT', primaryKey: true },
-        { name: 'data', type: 'JSON' },
-      ],
-    }
-
-    const stmts = addonTableToDdl(schema)
-    for (const stmt of stmts) {
-      // Should not contain template placeholders or undefined
-      expect(stmt).not.toContain('undefined')
-      expect(stmt).not.toContain('${')
-      expect(stmt.trim().length).toBeGreaterThan(0)
-    }
-  })
-
-  it('handles all column types correctly', () => {
-    const schema: AddonTableSchema = {
-      name: 'all_types',
-      columns: [
-        { name: 'text_col', type: 'TEXT' },
-        { name: 'int_col', type: 'INTEGER' },
-        { name: 'real_col', type: 'REAL' },
-        { name: 'json_col', type: 'JSON' },
-      ],
-    }
-
-    const stmts = addonTableToDdl(schema)
-    const ddl = stmts[0]
-    expect(ddl).toContain('text_col TEXT')
-    expect(ddl).toContain('int_col INTEGER')
-    expect(ddl).toContain('real_col REAL')
-    expect(ddl).toContain('json_col JSON')
-  })
-})

package/src/core/storage/sql-schema.ts

@@ -1,3 +0,0 @@
-// Re-export from @camstack/core (sqlite-storage builtin)
-export { CORE_TABLE_DDL, addonTableToDdl } from '@camstack/core'
-export type { AddonTableSchema } from '@camstack/core'