@chaaskit/server 0.1.0

package/dist/middleware/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/middleware/auth.ts"],"names":[],"mappings":"AACA,OAAO,GAAG,MAAM,cAAc,CAAC;AAC/B,OAAO,EAAE,EAAE,EAAE,MAAM,cAAc,CAAC;AAElC,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAC7C,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAWhD,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,iBAAiB,CAAC;AAE/D,MAAM,UAAU,aAAa,CAAC,MAAc,EAAE,KAAa;IACzD,OAAO,GAAG,CAAC,IAAI,CACb,EAAE,MAAM,EAAE,KAAK,EAAuC,EACtD,UAAU,EACV,EAAE,SAAS,EAAE,IAAI,EAAE,CACpB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,KAAa;IACvC,OAAO,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,UAAU,CAAiB,CAAC;AACvD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,GAAY,EACZ,GAAa,EACb,IAAkB;IAElB,IAAI,CAAC;QACH,yFAAyF;QACzF,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;YACb,IAAI,EAAE,CAAC;YACP,OAAO;QACT,CAAC;QAED,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAE3B,oDAAoD;QACpD,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;QAC7C,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC;QAEvC,MAAM,KAAK,GAAG,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC;YAC7C,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;YACrB,CAAC,CAAC,WAAW,CAAC;QAEhB,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,6CAA6C;YAC7C,IAAI,MAAM,CAAC,IAAI,CAAC,oBAAoB,EAAE,CAAC;gBACrC,IAAI,EAAE,CAAC;gBACP,OAAO;YACT,CAAC;YACD,MAAM,IAAI,QAAQ,CAAC,WAAW,CAAC,YAAY,EAAE,yBAAyB,CAAC,CAAC;QAC1E,CAAC;QAED,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;QAEnC,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC;YACpC,KAAK,EAAE,EAAE,EAAE,EAAE,OAAO,CAAC,MAAM,EAAE;YAC7B,MAAM,EAAE;gBACN,EAAE,EAAE,IAAI;gBACR,KAAK,EAAE,IAAI;gBACX,IAAI,EAAE,IAAI;gBACV,SAAS,EAAE,IAAI;gBACf,OAAO,EAAE,IAAI;gBACb,aAAa,EAAE,IAAI;gBACnB,IAAI,EAAE,IAAI;gBACV,OAAO,EAAE,IAAI;gBACb,iBAAiB,EAAE,IAAI;gBACvB,eAAe,EAAE,IAAI;aACtB;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,QAAQ,CAAC,WAAW,CAAC,YAAY,EAAE,gBAAgB,CAAC,CAAC;QACjE,CAAC;QAED,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC;QAChB,IAAI,EAAE,CAAC;IACT,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,QAAQ,EAAE,CAAC;YAC9B,IAAI,CAAC,KAAK,CAAC,CAAC;YACZ,OAAO;QACT,CAAC;QACD,IAAI,CAAC,IAAI,QAAQ,CAAC,WAAW,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC,CAAC;IAChE,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,GAAY,EACZ,GAAa,EACb,IAAkB;IAElB,IAAI,CAAC;QACH,yFAAyF;QACzF,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;YACb,IAAI,EAAE,CAAC;YACP,OAAO;QACT,CAAC;QAED,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;QAC7C,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC;QAEvC,MAAM,KAAK,GAAG,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC;YAC7C,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;YACrB,CAAC,CAAC,WAAW,CAAC;QAEhB,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,IAAI,EAAE,CAAC;YACP,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;QAEnC,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC;YACpC,KAAK,EAAE,EAAE,EAAE,EAAE,OAAO,CAAC,MAAM,EAAE;YAC7B,MAAM,EAAE;gBACN,EAAE,EAAE,IAAI;gBACR,KAAK,EAAE,IAAI;gBACX,IAAI,EAAE,IAAI;gBACV,SAAS,EAAE,IAAI;gBACf,OAAO,EAAE,IAAI;gBACb,aAAa,EAAE,IAAI;gBACnB,IAAI,EAAE,IAAI;gBACV,OAAO,EAAE,IAAI;gBACb,iBAAiB,EAAE,IAAI;gBACvB,eAAe,EAAE,IAAI;aACtB;SACF,CAAC,CAAC;QAEH,IAAI,IAAI,EAAE,CAAC;YACT,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC;QAClB,CAAC;QAED,IAAI,EAAE,CAAC;IACT,CAAC;IAAC,MAAM,CAAC;QACP,uCAAuC;QACvC,IAAI,EAAE,CAAC;IACT,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,GAAY,EACZ,GAAa,EACb,IAAkB;IAElB,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;QACd,IAAI,CAAC,IAAI,QAAQ,CAAC,WAAW,CAAC,YAAY,EAAE,yBAAyB,CAAC,CAAC,CAAC;QACxE,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,WAAW,GAAG,MAAM,CAAC,KAAK,EAAE,MAAM,IAAI,EAAE,CAAC;IAE/C,6CAA6C;IAC7C,MAAM,aAAa,GAAG,WAAW,CAAC,IAAI,CACpC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,KAAK,GAAG,CAAC,IAAK,CAAC,KAAK,CAAC,WAAW,EAAE,CACjE,CAAC;IAEF,kEAAkE;IAClE,IAAI,CAAC,aAAa,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;QACxC,IAAI,CAAC,IAAI,QAAQ,CAAC,WAAW,CAAC,SAAS,EAAE,uBAAuB,CAAC,CAAC,CAAC;QACnE,OAAO;IACT,CAAC;IAED,IAAI,EAAE,CAAC;AACT,CAAC;AAED,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAE5D;;;GAGG;AACH,SAAS,yBAAyB,CAAC,GAAY;IAC7C,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAE3B,8BAA8B;IAC9B,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,KAAK,CAAC;IACf,CAAC;IAED,sBAAsB;IACtB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,OAAO,EAAE,CAAC;QAC5C,OAAO,KAAK,CAAC;IACf,CAAC;IAED,uDAAuD;IACvD,IAAI,CAAC,cAAc,EAAE,EAAE,CAAC;QACtB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,2BAA2B;IAC3B,IAAI,GAAG,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;QAC3B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,0BAA0B;IAC1B,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,GAAY,EACZ,GAAa,EACb,IAAkB;IAElB,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;QACd,IAAI,CAAC,IAAI,QAAQ,CAAC,WAAW,CAAC,YAAY,EAAE,yBAAyB,CAAC,CAAC,CAAC;QACxE,OAAO;IACT,CAAC;IAED,IAAI,yBAAyB,CAAC,GAAG,CAAC,EAAE,CAAC;QACnC,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC;YACrC,KAAK,EAAE,oBAAoB;YAC3B,IAAI,EAAE,oBAAoB;YAC1B,OAAO,EAAE,8CAA8C;SACxD,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,IAAI,EAAE,CAAC;AACT,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,GAAY,EACZ,GAAa,EACb,IAAkB;IAElB,4DAA4D;IAC5D,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;QACd,IAAI,EAAE,CAAC;QACP,OAAO;IACT,CAAC;IAED,+CAA+C;IAC/C,IAAI,yBAAyB,CAAC,GAAG,CAAC,EAAE,CAAC;QACnC,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC;YACrC,KAAK,EAAE,oBAAoB;YAC3B,IAAI,EAAE,oBAAoB;YAC1B,OAAO,EAAE,8CAA8C;SACxD,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,IAAI,EAAE,CAAC;AACT,CAAC"}

package/dist/middleware/errorHandler.js

@@ -0,0 +1,41 @@
+import { ZodError } from 'zod';
+import { HTTP_STATUS } from '@chaaskit/shared';
+export class AppError extends Error {
+    statusCode;
+    code;
+    constructor(statusCode, message, code) {
+        super(message);
+        this.statusCode = statusCode;
+        this.code = code;
+        this.name = 'AppError';
+    }
+}
+export function errorHandler(err, req, res, _next) {
+    console.error('Error:', err);
+    if (err instanceof AppError) {
+        res.status(err.statusCode).json({
+            error: {
+                message: err.message,
+                code: err.code,
+            },
+        });
+        return;
+    }
+    if (err instanceof ZodError) {
+        res.status(HTTP_STATUS.BAD_REQUEST).json({
+            error: {
+                message: 'Validation error',
+                code: 'VALIDATION_ERROR',
+                details: err.errors,
+            },
+        });
+        return;
+    }
+    res.status(HTTP_STATUS.INTERNAL_SERVER_ERROR).json({
+        error: {
+            message: 'Internal server error',
+            code: 'INTERNAL_ERROR',
+        },
+    });
+}
+//# sourceMappingURL=errorHandler.js.map

package/dist/middleware/errorHandler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"errorHandler.js","sourceRoot":"","sources":["../../src/middleware/errorHandler.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,KAAK,CAAC;AAC/B,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAE/C,MAAM,OAAO,QAAS,SAAQ,KAAK;IAExB;IAEA;IAHT,YACS,UAAkB,EACzB,OAAe,EACR,IAAa;QAEpB,KAAK,CAAC,OAAO,CAAC,CAAC;QAJR,eAAU,GAAV,UAAU,CAAQ;QAElB,SAAI,GAAJ,IAAI,CAAS;QAGpB,IAAI,CAAC,IAAI,GAAG,UAAU,CAAC;IACzB,CAAC;CACF;AAED,MAAM,UAAU,YAAY,CAC1B,GAAU,EACV,GAAY,EACZ,GAAa,EACb,KAAmB;IAEnB,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IAE7B,IAAI,GAAG,YAAY,QAAQ,EAAE,CAAC;QAC5B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC;YAC9B,KAAK,EAAE;gBACL,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,IAAI,EAAE,GAAG,CAAC,IAAI;aACf;SACF,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,IAAI,GAAG,YAAY,QAAQ,EAAE,CAAC;QAC5B,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC;YACvC,KAAK,EAAE;gBACL,OAAO,EAAE,kBAAkB;gBAC3B,IAAI,EAAE,kBAAkB;gBACxB,OAAO,EAAE,GAAG,CAAC,MAAM;aACpB;SACF,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,qBAAqB,CAAC,CAAC,IAAI,CAAC;QACjD,KAAK,EAAE;YACL,OAAO,EAAE,uBAAuB;YAChC,IAAI,EAAE,gBAAgB;SACvB;KACF,CAAC,CAAC;AACL,CAAC"}

package/dist/middleware/mcpServerAuth.js

@@ -0,0 +1,164 @@
+/**
+ * MCP Server Authentication Middleware
+ *
+ * Authenticates requests to the MCP server endpoint using:
+ * 1. API keys (Bearer token matching API key format)
+ * 2. OAuth tokens (Phase 2 - to be added)
+ *
+ * Returns 401 with WWW-Authenticate header if not authorized.
+ */
+import bcrypt from 'bcryptjs';
+import { db } from '@chaaskit/db';
+import { HTTP_STATUS } from '@chaaskit/shared';
+import { getConfig } from '../config/loader.js';
+/**
+ * Build the OAuth authorization server URL for WWW-Authenticate header
+ */
+function getAuthorizationServerUrl() {
+    const apiUrl = process.env.API_URL || 'http://localhost:3000';
+    return `${apiUrl}/.well-known/oauth-authorization-server`;
+}
+/**
+ * Validate an API key and return user info if valid
+ */
+async function validateApiKey(apiKey) {
+    const config = getConfig();
+    const keyPrefix = config.api?.keyPrefix || 'sk-';
+    // Check if it looks like our API key format
+    if (!apiKey.startsWith(keyPrefix)) {
+        return null;
+    }
+    // Find keys by prefix and check hash
+    const storedPrefixLength = keyPrefix.length + 6;
+    const searchPrefix = apiKey.slice(0, storedPrefixLength);
+    const candidates = await db.apiKey.findMany({
+        where: { keyPrefix: searchPrefix },
+        select: {
+            id: true,
+            keyHash: true,
+            userId: true,
+            teamId: true,
+            expiresAt: true,
+        },
+    });
+    for (const candidate of candidates) {
+        if (await bcrypt.compare(apiKey, candidate.keyHash)) {
+            // Check expiration
+            if (candidate.expiresAt && candidate.expiresAt < new Date()) {
+                return null;
+            }
+            // If team-scoped, verify user is still a member
+            if (candidate.teamId) {
+                const membership = await db.teamMember.findFirst({
+                    where: { userId: candidate.userId, teamId: candidate.teamId },
+                });
+                if (!membership) {
+                    return null;
+                }
+            }
+            // Update lastUsedAt (fire and forget)
+            db.apiKey
+                .update({
+                where: { id: candidate.id },
+                data: { lastUsedAt: new Date() },
+            })
+                .catch(() => { });
+            return {
+                userId: candidate.userId,
+                teamId: candidate.teamId || undefined,
+            };
+        }
+    }
+    return null;
+}
+/**
+ * Validate an OAuth access token and return user info if valid
+ */
+async function validateOAuthToken(token) {
+    // Hash the token to look it up
+    const crypto = await import('crypto');
+    const tokenHash = crypto.createHash('sha256').update(token).digest('hex');
+    const oauthToken = await db.oAuthToken.findUnique({
+        where: { tokenHash },
+        select: {
+            id: true,
+            userId: true,
+            expiresAt: true,
+            revokedAt: true,
+            client: {
+                select: {
+                    isActive: true,
+                },
+            },
+        },
+    });
+    if (!oauthToken) {
+        return null;
+    }
+    // Check if token is expired
+    if (oauthToken.expiresAt < new Date()) {
+        return null;
+    }
+    // Check if token is revoked
+    if (oauthToken.revokedAt) {
+        return null;
+    }
+    // Check if client is still active
+    if (!oauthToken.client.isActive) {
+        return null;
+    }
+    return {
+        userId: oauthToken.userId,
+    };
+}
+/**
+ * MCP Server Authentication Middleware
+ *
+ * Checks for Bearer token in Authorization header and validates it as either
+ * an API key or OAuth access token.
+ */
+export async function mcpServerAuth(req, res, next) {
+    const config = getConfig();
+    const serverConfig = config.mcp?.server;
+    // Check if MCP server is enabled
+    if (!serverConfig?.enabled) {
+        res.status(HTTP_STATUS.NOT_FOUND).json({
+            error: 'MCP server is not enabled',
+        });
+        return;
+    }
+    const authHeader = req.headers.authorization;
+    if (!authHeader?.startsWith('Bearer ')) {
+        // No auth provided - return 401 with WWW-Authenticate
+        res.status(HTTP_STATUS.UNAUTHORIZED);
+        res.setHeader('WWW-Authenticate', `Bearer resource_metadata="${getAuthorizationServerUrl()}"`);
+        res.json({
+            error: 'unauthorized',
+            error_description: 'Bearer token required',
+        });
+        return;
+    }
+    const token = authHeader.slice(7); // Remove "Bearer "
+    // Try API key validation first
+    const apiKeyResult = await validateApiKey(token);
+    if (apiKeyResult) {
+        req.mcpContext = apiKeyResult;
+        return next();
+    }
+    // Try OAuth token validation if OAuth is enabled
+    if (serverConfig.oauth?.enabled) {
+        const oauthResult = await validateOAuthToken(token);
+        if (oauthResult) {
+            req.mcpContext = oauthResult;
+            return next();
+        }
+    }
+    // No valid token found
+    res.status(HTTP_STATUS.UNAUTHORIZED);
+    res.setHeader('WWW-Authenticate', `Bearer resource_metadata="${getAuthorizationServerUrl()}", error="invalid_token"`);
+    res.json({
+        error: 'invalid_token',
+        error_description: 'The access token is invalid or expired',
+    });
+}
+//# sourceMappingURL=mcpServerAuth.js.map

package/dist/middleware/mcpServerAuth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcpServerAuth.js","sourceRoot":"","sources":["../../src/middleware/mcpServerAuth.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,MAAM,MAAM,UAAU,CAAC;AAC9B,OAAO,EAAE,EAAE,EAAE,MAAM,cAAc,CAAC;AAClC,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAchD;;GAEG;AACH,SAAS,yBAAyB;IAChC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,uBAAuB,CAAC;IAC9D,OAAO,GAAG,MAAM,yCAAyC,CAAC;AAC5D,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,cAAc,CAC3B,MAAc;IAEd,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,SAAS,GAAG,MAAM,CAAC,GAAG,EAAE,SAAS,IAAI,KAAK,CAAC;IAEjD,4CAA4C;IAC5C,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAClC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,qCAAqC;IACrC,MAAM,kBAAkB,GAAG,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC;IAChD,MAAM,YAAY,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,kBAAkB,CAAC,CAAC;IAEzD,MAAM,UAAU,GAAG,MAAM,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC;QAC1C,KAAK,EAAE,EAAE,SAAS,EAAE,YAAY,EAAE;QAClC,MAAM,EAAE;YACN,EAAE,EAAE,IAAI;YACR,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,IAAI;YACZ,MAAM,EAAE,IAAI;YACZ,SAAS,EAAE,IAAI;SAChB;KACF,CAAC,CAAC;IAEH,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,IAAI,MAAM,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;YACpD,mBAAmB;YACnB,IAAI,SAAS,CAAC,SAAS,IAAI,SAAS,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;gBAC5D,OAAO,IAAI,CAAC;YACd,CAAC;YAED,gDAAgD;YAChD,IAAI,SAAS,CAAC,MAAM,EAAE,CAAC;gBACrB,MAAM,UAAU,GAAG,MAAM,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC;oBAC/C,KAAK,EAAE,EAAE,MAAM,EAAE,SAAS,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,MAAM,EAAE;iBAC9D,CAAC,CAAC;gBACH,IAAI,CAAC,UAAU,EAAE,CAAC;oBAChB,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YAED,sCAAsC;YACtC,EAAE,CAAC,MAAM;iBACN,MAAM,CAAC;gBACN,KAAK,EAAE,EAAE,EAAE,EAAE,SAAS,CAAC,EAAE,EAAE;gBAC3B,IAAI,EAAE,EAAE,UAAU,EAAE,IAAI,IAAI,EAAE,EAAE;aACjC,CAAC;iBACD,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YAEnB,OAAO;gBACL,MAAM,EAAE,SAAS,CAAC,MAAM;gBACxB,MAAM,EAAE,SAAS,CAAC,MAAM,IAAI,SAAS;aACtC,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,kBAAkB,CAC/B,KAAa;IAEb,+BAA+B;IAC/B,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC;IACtC,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAE1E,MAAM,UAAU,GAAG,MAAM,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC;QAChD,KAAK,EAAE,EAAE,SAAS,EAAE;QACpB,MAAM,EAAE;YACN,EAAE,EAAE,IAAI;YACR,MAAM,EAAE,IAAI;YACZ,SAAS,EAAE,IAAI;YACf,SAAS,EAAE,IAAI;YACf,MAAM,EAAE;gBACN,MAAM,EAAE;oBACN,QAAQ,EAAE,IAAI;iBACf;aACF;SACF;KACF,CAAC,CAAC;IAEH,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,4BAA4B;IAC5B,IAAI,UAAU,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;QACtC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,4BAA4B;IAC5B,IAAI,UAAU,CAAC,SAAS,EAAE,CAAC;QACzB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,kCAAkC;IAClC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;QAChC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO;QACL,MAAM,EAAE,UAAU,CAAC,MAAM;KAC1B,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,GAAY,EACZ,GAAa,EACb,IAAkB;IAElB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,YAAY,GAAG,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC;IAExC,iCAAiC;IACjC,IAAI,CAAC,YAAY,EAAE,OAAO,EAAE,CAAC;QAC3B,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC;YACrC,KAAK,EAAE,2BAA2B;SACnC,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;IAE7C,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACvC,sDAAsD;QACtD,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;QACrC,GAAG,CAAC,SAAS,CACX,kBAAkB,EAClB,6BAA6B,yBAAyB,EAAE,GAAG,CAC5D,CAAC;QACF,GAAG,CAAC,IAAI,CAAC;YACP,KAAK,EAAE,cAAc;YACrB,iBAAiB,EAAE,uBAAuB;SAC3C,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,mBAAmB;IAEtD,+BAA+B;IAC/B,MAAM,YAAY,GAAG,MAAM,cAAc,CAAC,KAAK,CAAC,CAAC;IACjD,IAAI,YAAY,EAAE,CAAC;QACjB,GAAG,CAAC,UAAU,GAAG,YAAY,CAAC;QAC9B,OAAO,IAAI,EAAE,CAAC;IAChB,CAAC;IAED,iDAAiD;IACjD,IAAI,YAAY,CAAC,KAAK,EAAE,OAAO,EAAE,CAAC;QAChC,MAAM,WAAW,GAAG,MAAM,kBAAkB,CAAC,KAAK,CAAC,CAAC;QACpD,IAAI,WAAW,EAAE,CAAC;YAChB,GAAG,CAAC,UAAU,GAAG,WAAW,CAAC;YAC7B,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;IACH,CAAC;IAED,uBAAuB;IACvB,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;IACrC,GAAG,CAAC,SAAS,CACX,kBAAkB,EAClB,6BAA6B,yBAAyB,EAAE,0BAA0B,CACnF,CAAC;IACF,GAAG,CAAC,IAAI,CAAC;QACP,KAAK,EAAE,eAAe;QACtB,iBAAiB,EAAE,wCAAwC;KAC5D,CAAC,CAAC;AACL,CAAC"}

package/dist/middleware/requestLogger.js

@@ -0,0 +1,9 @@
+export function requestLogger(req, res, next) {
+    const start = Date.now();
+    res.on('finish', () => {
+        const duration = Date.now() - start;
+        console.log(`${req.method} ${req.path} ${res.statusCode} ${duration}ms`);
+    });
+    next();
+}
+//# sourceMappingURL=requestLogger.js.map

package/dist/middleware/requestLogger.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"requestLogger.js","sourceRoot":"","sources":["../../src/middleware/requestLogger.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,aAAa,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB;IAC3E,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAEzB,GAAG,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE;QACpB,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;QACpC,OAAO,CAAC,GAAG,CACT,GAAG,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,UAAU,IAAI,QAAQ,IAAI,CAC5D,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,IAAI,EAAE,CAAC;AACT,CAAC"}

package/dist/middleware/team.js

@@ -0,0 +1,132 @@
+import { db } from '@chaaskit/db';
+import { AppError } from './errorHandler.js';
+import { HTTP_STATUS } from '@chaaskit/shared';
+const ROLE_HIERARCHY = {
+    owner: 4,
+    admin: 3,
+    member: 2,
+    viewer: 1,
+};
+/**
+ * Middleware factory that requires the user to have at least the specified role in a team.
+ * Expects teamId to be in req.params.teamId
+ */
+export function requireTeamRole(minRole) {
+    return async (req, res, next) => {
+        try {
+            if (!req.user) {
+                throw new AppError(HTTP_STATUS.UNAUTHORIZED, 'Authentication required');
+            }
+            const teamId = req.params.teamId;
+            if (!teamId) {
+                throw new AppError(HTTP_STATUS.BAD_REQUEST, 'Team ID is required');
+            }
+            // Check if team exists and is not archived
+            const team = await db.team.findUnique({
+                where: { id: teamId },
+                select: { id: true, archivedAt: true },
+            });
+            if (!team) {
+                throw new AppError(HTTP_STATUS.NOT_FOUND, 'Team not found');
+            }
+            if (team.archivedAt) {
+                throw new AppError(HTTP_STATUS.FORBIDDEN, 'Team is archived');
+            }
+            // Get user's membership in this team
+            const membership = await db.teamMember.findUnique({
+                where: {
+                    teamId_userId: {
+                        teamId,
+                        userId: req.user.id,
+                    },
+                },
+                include: {
+                    user: {
+                        select: {
+                            id: true,
+                            email: true,
+                            name: true,
+                            avatarUrl: true,
+                        },
+                    },
+                },
+            });
+            if (!membership) {
+                throw new AppError(HTTP_STATUS.FORBIDDEN, 'You are not a member of this team');
+            }
+            const userRoleLevel = ROLE_HIERARCHY[membership.role] || 0;
+            const requiredRoleLevel = ROLE_HIERARCHY[minRole];
+            if (userRoleLevel < requiredRoleLevel) {
+                throw new AppError(HTTP_STATUS.FORBIDDEN, `This action requires at least ${minRole} role`);
+            }
+            req.teamMember = {
+                id: membership.id,
+                teamId: membership.teamId,
+                userId: membership.userId,
+                role: membership.role,
+                createdAt: membership.createdAt,
+                user: membership.user,
+            };
+            next();
+        }
+        catch (error) {
+            if (error instanceof AppError) {
+                next(error);
+                return;
+            }
+            next(new AppError(HTTP_STATUS.INTERNAL_SERVER_ERROR, 'Team authorization failed'));
+        }
+    };
+}
+/**
+ * Middleware to verify user has access to a team thread.
+ * Expects threadId to be in req.params.threadId or req.body.threadId
+ */
+export async function requireTeamThreadAccess(req, res, next) {
+    try {
+        if (!req.user) {
+            throw new AppError(HTTP_STATUS.UNAUTHORIZED, 'Authentication required');
+        }
+        const threadId = req.params.threadId || req.body.threadId;
+        if (!threadId) {
+            next();
+            return;
+        }
+        const thread = await db.thread.findUnique({
+            where: { id: threadId },
+            select: { id: true, teamId: true, userId: true },
+        });
+        if (!thread) {
+            throw new AppError(HTTP_STATUS.NOT_FOUND, 'Thread not found');
+        }
+        // If it's a personal thread, check ownership
+        if (!thread.teamId) {
+            if (thread.userId !== req.user.id) {
+                throw new AppError(HTTP_STATUS.FORBIDDEN, 'You do not have access to this thread');
+            }
+            next();
+            return;
+        }
+        // If it's a team thread, check membership
+        const membership = await db.teamMember.findUnique({
+            where: {
+                teamId_userId: {
+                    teamId: thread.teamId,
+                    userId: req.user.id,
+                },
+            },
+        });
+        if (!membership) {
+            throw new AppError(HTTP_STATUS.FORBIDDEN, 'You do not have access to this team thread');
+        }
+        next();
+    }
+    catch (error) {
+        if (error instanceof AppError) {
+            next(error);
+            return;
+        }
+        next(new AppError(HTTP_STATUS.INTERNAL_SERVER_ERROR, 'Thread authorization failed'));
+    }
+}
+//# sourceMappingURL=team.js.map

package/dist/middleware/team.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"team.js","sourceRoot":"","sources":["../../src/middleware/team.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,EAAE,EAAE,MAAM,cAAc,CAAC;AAClC,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAC7C,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAW/C,MAAM,cAAc,GAA6B;IAC/C,KAAK,EAAE,CAAC;IACR,KAAK,EAAE,CAAC;IACR,MAAM,EAAE,CAAC;IACT,MAAM,EAAE,CAAC;CACV,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,OAAiB;IAC/C,OAAO,KAAK,EACV,GAAY,EACZ,GAAa,EACb,IAAkB,EACH,EAAE;QACjB,IAAI,CAAC;YACH,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;gBACd,MAAM,IAAI,QAAQ,CAAC,WAAW,CAAC,YAAY,EAAE,yBAAyB,CAAC,CAAC;YAC1E,CAAC;YAED,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC;YACjC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,IAAI,QAAQ,CAAC,WAAW,CAAC,WAAW,EAAE,qBAAqB,CAAC,CAAC;YACrE,CAAC;YAED,2CAA2C;YAC3C,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC;gBACpC,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;gBACrB,MAAM,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE;aACvC,CAAC,CAAC;YAEH,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,MAAM,IAAI,QAAQ,CAAC,WAAW,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;YAC9D,CAAC;YAED,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;gBACpB,MAAM,IAAI,QAAQ,CAAC,WAAW,CAAC,SAAS,EAAE,kBAAkB,CAAC,CAAC;YAChE,CAAC;YAED,qCAAqC;YACrC,MAAM,UAAU,GAAG,MAAM,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC;gBAChD,KAAK,EAAE;oBACL,aAAa,EAAE;wBACb,MAAM;wBACN,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC,EAAE;qBACpB;iBACF;gBACD,OAAO,EAAE;oBACP,IAAI,EAAE;wBACJ,MAAM,EAAE;4BACN,EAAE,EAAE,IAAI;4BACR,KAAK,EAAE,IAAI;4BACX,IAAI,EAAE,IAAI;4BACV,SAAS,EAAE,IAAI;yBAChB;qBACF;iBACF;aACF,CAAC,CAAC;YAEH,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,MAAM,IAAI,QAAQ,CAAC,WAAW,CAAC,SAAS,EAAE,mCAAmC,CAAC,CAAC;YACjF,CAAC;YAED,MAAM,aAAa,GAAG,cAAc,CAAC,UAAU,CAAC,IAAgB,CAAC,IAAI,CAAC,CAAC;YACvE,MAAM,iBAAiB,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;YAElD,IAAI,aAAa,GAAG,iBAAiB,EAAE,CAAC;gBACtC,MAAM,IAAI,QAAQ,CAChB,WAAW,CAAC,SAAS,EACrB,iCAAiC,OAAO,OAAO,CAChD,CAAC;YACJ,CAAC;YAED,GAAG,CAAC,UAAU,GAAG;gBACf,EAAE,EAAE,UAAU,CAAC,EAAE;gBACjB,MAAM,EAAE,UAAU,CAAC,MAAM;gBACzB,MAAM,EAAE,UAAU,CAAC,MAAM;gBACzB,IAAI,EAAE,UAAU,CAAC,IAAgB;gBACjC,SAAS,EAAE,UAAU,CAAC,SAAS;gBAC/B,IAAI,EAAE,UAAU,CAAC,IAAI;aACtB,CAAC;YAEF,IAAI,EAAE,CAAC;QACT,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,QAAQ,EAAE,CAAC;gBAC9B,IAAI,CAAC,KAAK,CAAC,CAAC;gBACZ,OAAO;YACT,CAAC;YACD,IAAI,CAAC,IAAI,QAAQ,CAAC,WAAW,CAAC,qBAAqB,EAAE,2BAA2B,CAAC,CAAC,CAAC;QACrF,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,GAAY,EACZ,GAAa,EACb,IAAkB;IAElB,IAAI,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;YACd,MAAM,IAAI,QAAQ,CAAC,WAAW,CAAC,YAAY,EAAE,yBAAyB,CAAC,CAAC;QAC1E,CAAC;QAED,MAAM,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC,QAAQ,IAAI,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC;QAC1D,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,IAAI,EAAE,CAAC;YACP,OAAO;QACT,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC;YACxC,KAAK,EAAE,EAAE,EAAE,EAAE,QAAQ,EAAE;YACvB,MAAM,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE;SACjD,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,QAAQ,CAAC,WAAW,CAAC,SAAS,EAAE,kBAAkB,CAAC,CAAC;QAChE,CAAC;QAED,6CAA6C;QAC7C,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YACnB,IAAI,MAAM,CAAC,MAAM,KAAK,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;gBAClC,MAAM,IAAI,QAAQ,CAAC,WAAW,CAAC,SAAS,EAAE,uCAAuC,CAAC,CAAC;YACrF,CAAC;YACD,IAAI,EAAE,CAAC;YACP,OAAO;QACT,CAAC;QAED,0CAA0C;QAC1C,MAAM,UAAU,GAAG,MAAM,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC;YAChD,KAAK,EAAE;gBACL,aAAa,EAAE;oBACb,MAAM,EAAE,MAAM,CAAC,MAAM;oBACrB,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC,EAAE;iBACpB;aACF;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,QAAQ,CAAC,WAAW,CAAC,SAAS,EAAE,4CAA4C,CAAC,CAAC;QAC1F,CAAC;QAED,IAAI,EAAE,CAAC;IACT,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,QAAQ,EAAE,CAAC;YAC9B,IAAI,CAAC,KAAK,CAAC,CAAC;YACZ,OAAO;QACT,CAAC;QACD,IAAI,CAAC,IAAI,QAAQ,CAAC,WAAW,CAAC,qBAAqB,EAAE,6BAA6B,CAAC,CAAC,CAAC;IACvF,CAAC;AACH,CAAC"}