@clipin/convex-wearables 0.0.2 → 0.0.3

package/src/component/httpHandlers.ts

@@ -0,0 +1,153 @@
+/**
+ * HTTP action handlers for OAuth callbacks and provider webhooks.
+ *
+ * These are Convex httpAction endpoints that handle:
+ * 1. OAuth callback redirects (GET /oauth/callback)
+ * 2. Provider webhook pushes (POST /webhooks/:provider)
+ */
+
+import { internal } from "./_generated/api";
+import { httpAction } from "./_generated/server";
+
+// ---------------------------------------------------------------------------
+// OAuth callback handler
+// ---------------------------------------------------------------------------
+
+/**
+ * Handles the OAuth redirect callback from a provider.
+ *
+ * Expected query params:
+ *   - state: The OAuth state token
+ *   - code: The authorization code
+ *
+ * The host app must mount this at a route and pass client credentials
+ * via the component configuration.
+ */
+export const oauthCallback = httpAction(async (ctx, request) => {
+  const url = new URL(request.url);
+  const state = url.searchParams.get("state");
+  const code = url.searchParams.get("code");
+  const error = url.searchParams.get("error");
+
+  if (error) {
+    return new Response(JSON.stringify({ error: `OAuth error: ${error}` }), {
+      status: 400,
+      headers: { "Content-Type": "application/json" },
+    });
+  }
+
+  if (!state || !code) {
+    return new Response(JSON.stringify({ error: "Missing state or code parameter" }), {
+      status: 400,
+      headers: { "Content-Type": "application/json" },
+    });
+  }
+
+  // Look up the state to find which provider and user this is for
+  const oauthState = await ctx.runQuery(internal.oauthStates.getByState, {
+    state,
+  });
+
+  if (!oauthState) {
+    return new Response(JSON.stringify({ error: "Invalid or expired OAuth state" }), {
+      status: 400,
+      headers: { "Content-Type": "application/json" },
+    });
+  }
+
+  // Return the state and code to be processed by the client-side handler.
+  // The host app will call handleCallback action with credentials.
+  return new Response(
+    JSON.stringify({
+      state,
+      code,
+      provider: oauthState.provider,
+      userId: oauthState.userId,
+    }),
+    { status: 200, headers: { "Content-Type": "application/json" } },
+  );
+});
+
+// ---------------------------------------------------------------------------
+// Strava webhook verification (GET)
+// ---------------------------------------------------------------------------
+
+/**
+ * Strava webhook subscription verification.
+ * Strava sends a GET request with hub.challenge to verify the endpoint.
+ */
+export const stravaWebhookVerify = httpAction(async (_ctx, request) => {
+  const url = new URL(request.url);
+  const mode = url.searchParams.get("hub.mode");
+  const challenge = url.searchParams.get("hub.challenge");
+  const _verifyToken = url.searchParams.get("hub.verify_token");
+
+  if (mode !== "subscribe" || !challenge) {
+    return new Response("Invalid request", { status: 400 });
+  }
+
+  // The verify token should match what was set during subscription creation.
+  // For now, accept any verify token — the host app should validate this
+  // in their configuration.
+  return new Response(JSON.stringify({ "hub.challenge": challenge }), {
+    status: 200,
+    headers: { "Content-Type": "application/json" },
+  });
+});
+
+// ---------------------------------------------------------------------------
+// Strava webhook events (POST)
+// ---------------------------------------------------------------------------
+
+/**
+ * Handles incoming Strava webhook events.
+ *
+ * Strava pushes activity create/update/delete events here.
+ * We process activity creates/updates by fetching the full activity
+ * and storing it. Deletes are handled by removing the corresponding event.
+ */
+export const stravaWebhookEvent = httpAction(async (_ctx, request) => {
+  try {
+    const body = await request.json();
+
+    // Strava webhook payload format:
+    // { object_type: "activity", object_id: 123, aspect_type: "create"|"update"|"delete",
+    //   owner_id: 456, subscription_id: 789 }
+    const { object_type, object_id, aspect_type, owner_id } = body;
+
+    if (object_type !== "activity") {
+      // We only handle activity events for now
+      return new Response("OK", { status: 200 });
+    }
+
+    const ownerId = String(owner_id);
+    const connection = await _ctx.runQuery(internal.connections.getByProviderUser, {
+      provider: "strava",
+      providerUserId: ownerId,
+    });
+
+    if (!connection) {
+      return new Response("OK", { status: 200 });
+    }
+
+    if (aspect_type === "delete") {
+      await _ctx.runMutation(internal.events.deleteByExternalId, {
+        externalId: `strava-${object_id}`,
+      });
+      return new Response("OK", { status: 200 });
+    }
+
+    const now = Date.now();
+    await _ctx.runMutation(internal.syncWorkflow.requestConnectionSync, {
+      connectionId: connection._id,
+      mode: "webhook",
+      triggerSource: `strava:${aspect_type}:${object_id}`,
+      windowStart: now - 30 * 24 * 60 * 60 * 1000,
+      windowEnd: now + 5 * 60 * 1000,
+    });
+
+    return new Response("OK", { status: 200 });
+  } catch {
+    return new Response("Internal error", { status: 500 });
+  }
+});

package/src/component/lifecycle.test.ts

@@ -0,0 +1,179 @@
+import { convexTest } from "convex-test";
+import { describe, expect, it } from "vitest";
+import schema from "./schema";
+import { modules } from "./test.setup";
+
+describe("lifecycle", () => {
+  describe("deleteAllUserData", () => {
+    it("deletes all data across all tables for a user", async () => {
+      const t = convexTest(schema, modules);
+
+      // Seed user-1 data
+      const { connId, dsId } = await t.run(async (ctx) => {
+        const connId = await ctx.db.insert("connections", {
+          userId: "user-1",
+          provider: "garmin",
+          accessToken: "token",
+          status: "active",
+        });
+        const dsId = await ctx.db.insert("dataSources", {
+          userId: "user-1",
+          provider: "garmin",
+          connectionId: connId,
+        });
+        await ctx.db.insert("dataPoints", {
+          dataSourceId: dsId,
+          seriesType: "heart_rate",
+          recordedAt: 1710000000000,
+          value: 72,
+        });
+        await ctx.db.insert("events", {
+          dataSourceId: dsId,
+          userId: "user-1",
+          category: "workout",
+          type: "running",
+          startDatetime: 1710000000000,
+        });
+        await ctx.db.insert("dailySummaries", {
+          userId: "user-1",
+          date: "2026-03-15",
+          category: "activity",
+          totalSteps: 10000,
+        });
+        await ctx.db.insert("syncJobs", {
+          connectionId: connId,
+          userId: "user-1",
+          provider: "garmin",
+          idempotencyKey: "lifecycle-1",
+          status: "completed",
+          startedAt: 1710000000000,
+        });
+        await ctx.db.insert("backfillJobs", {
+          connectionId: connId,
+          userId: "user-1",
+          provider: "garmin",
+          dataType: "dailies",
+          status: "completed",
+          startedAt: 1710000000000,
+        });
+        return { connId, dsId };
+      });
+
+      // Seed user-2 data (should NOT be deleted)
+      await t.run(async (ctx) => {
+        const c2 = await ctx.db.insert("connections", {
+          userId: "user-2",
+          provider: "strava",
+          accessToken: "token-2",
+          status: "active",
+        });
+        const ds2 = await ctx.db.insert("dataSources", {
+          userId: "user-2",
+          provider: "strava",
+          connectionId: c2,
+        });
+        await ctx.db.insert("events", {
+          dataSourceId: ds2,
+          userId: "user-2",
+          category: "workout",
+          type: "cycling",
+          startDatetime: 1710000000000,
+        });
+      });
+
+      // Delete user-1 data (simulate what lifecycle.deleteAllUserData does)
+      await t.run(async (ctx) => {
+        // Delete backfill jobs
+        const backfills = await ctx.db
+          .query("backfillJobs")
+          .withIndex("by_connection", (idx) => idx.eq("connectionId", connId))
+          .collect();
+        for (const bf of backfills) await ctx.db.delete(bf._id);
+
+        // Delete connections
+        const conns = await ctx.db
+          .query("connections")
+          .withIndex("by_user", (idx) => idx.eq("userId", "user-1"))
+          .collect();
+        for (const c of conns) await ctx.db.delete(c._id);
+
+        // Delete data points
+        const points = await ctx.db
+          .query("dataPoints")
+          .withIndex("by_source_type_time", (idx) => idx.eq("dataSourceId", dsId))
+          .collect();
+        for (const p of points) await ctx.db.delete(p._id);
+
+        // Delete data sources
+        const sources = await ctx.db
+          .query("dataSources")
+          .withIndex("by_user_provider", (idx) => idx.eq("userId", "user-1"))
+          .collect();
+        for (const s of sources) await ctx.db.delete(s._id);
+
+        // Delete events
+        const events = await ctx.db
+          .query("events")
+          .withIndex("by_user_category_time", (idx) => idx.eq("userId", "user-1"))
+          .collect();
+        for (const e of events) await ctx.db.delete(e._id);
+
+        // Delete summaries
+        const summaries = await ctx.db
+          .query("dailySummaries")
+          .withIndex("by_user_date", (idx) => idx.eq("userId", "user-1"))
+          .collect();
+        for (const s of summaries) await ctx.db.delete(s._id);
+
+        // Delete sync jobs
+        const jobs = await ctx.db
+          .query("syncJobs")
+          .withIndex("by_user", (idx) => idx.eq("userId", "user-1"))
+          .collect();
+        for (const j of jobs) await ctx.db.delete(j._id);
+      });
+
+      // Verify user-1 data is gone
+      const user1Conns = await t.run(async (ctx) => {
+        return await ctx.db
+          .query("connections")
+          .withIndex("by_user", (idx) => idx.eq("userId", "user-1"))
+          .collect();
+      });
+      expect(user1Conns).toHaveLength(0);
+
+      const user1Events = await t.run(async (ctx) => {
+        return await ctx.db
+          .query("events")
+          .withIndex("by_user_category_time", (idx) => idx.eq("userId", "user-1"))
+          .collect();
+      });
+      expect(user1Events).toHaveLength(0);
+
+      const user1Summaries = await t.run(async (ctx) => {
+        return await ctx.db
+          .query("dailySummaries")
+          .withIndex("by_user_date", (idx) => idx.eq("userId", "user-1"))
+          .collect();
+      });
+      expect(user1Summaries).toHaveLength(0);
+
+      // Verify user-2 data is intact
+      const user2Conns = await t.run(async (ctx) => {
+        return await ctx.db
+          .query("connections")
+          .withIndex("by_user", (idx) => idx.eq("userId", "user-2"))
+          .collect();
+      });
+      expect(user2Conns).toHaveLength(1);
+
+      const user2Events = await t.run(async (ctx) => {
+        return await ctx.db
+          .query("events")
+          .withIndex("by_user_category_time", (idx) => idx.eq("userId", "user-2"))
+          .collect();
+      });
+      expect(user2Events).toHaveLength(1);
+    });
+  });
+});

package/src/component/lifecycle.ts

@@ -0,0 +1,87 @@
+import { v } from "convex/values";
+import { mutation } from "./_generated/server";
+
+/**
+ * Delete ALL data for a user across all component tables.
+ * Used for GDPR compliance and account deletion.
+ *
+ * This is a "best-effort" deletion within a single mutation.
+ * For users with very large amounts of data, the host app should
+ * call this repeatedly or use a workflow.
+ */
+export const deleteAllUserData = mutation({
+  args: { userId: v.string() },
+  returns: v.null(),
+  handler: async (ctx, args) => {
+    const { userId } = args;
+
+    // 1. Delete connections
+    const connections = await ctx.db
+      .query("connections")
+      .withIndex("by_user", (idx) => idx.eq("userId", userId))
+      .collect();
+    for (const conn of connections) {
+      // Delete backfill jobs for this connection
+      const backfills = await ctx.db
+        .query("backfillJobs")
+        .withIndex("by_connection", (idx) => idx.eq("connectionId", conn._id))
+        .collect();
+      for (const bf of backfills) {
+        await ctx.db.delete(bf._id);
+      }
+      await ctx.db.delete(conn._id);
+    }
+
+    // 2. Delete data sources and their data points
+    const sources = await ctx.db
+      .query("dataSources")
+      .withIndex("by_user_provider", (idx) => idx.eq("userId", userId))
+      .collect();
+    for (const source of sources) {
+      // Delete data points in batches
+      let points = await ctx.db
+        .query("dataPoints")
+        .withIndex("by_source_type_time", (idx) => idx.eq("dataSourceId", source._id))
+        .take(500);
+      while (points.length > 0) {
+        for (const p of points) {
+          await ctx.db.delete(p._id);
+        }
+        points = await ctx.db
+          .query("dataPoints")
+          .withIndex("by_source_type_time", (idx) => idx.eq("dataSourceId", source._id))
+          .take(500);
+      }
+      await ctx.db.delete(source._id);
+    }
+
+    // 3. Delete events
+    const events = await ctx.db
+      .query("events")
+      .withIndex("by_user_category_time", (idx) => idx.eq("userId", userId))
+      .collect();
+    for (const event of events) {
+      await ctx.db.delete(event._id);
+    }
+
+    // 4. Delete daily summaries
+    const summaries = await ctx.db
+      .query("dailySummaries")
+      .withIndex("by_user_date", (idx) => idx.eq("userId", userId))
+      .collect();
+    for (const summary of summaries) {
+      await ctx.db.delete(summary._id);
+    }
+
+    // 5. Delete sync jobs
+    const jobs = await ctx.db
+      .query("syncJobs")
+      .withIndex("by_user", (idx) => idx.eq("userId", userId))
+      .collect();
+    for (const job of jobs) {
+      await ctx.db.delete(job._id);
+    }
+
+    return null;
+  },
+});

package/src/component/menstrualCycles.ts

@@ -0,0 +1,124 @@
+import { v } from "convex/values";
+import { internalMutation, query } from "./_generated/server";
+import { providerName } from "./schema";
+
+// ---------------------------------------------------------------------------
+// Queries
+// ---------------------------------------------------------------------------
+
+/**
+ * Get menstrual cycle records for a user within a date range.
+ */
+export const getByUserDateRange = query({
+  args: {
+    userId: v.string(),
+    startDate: v.string(), // ISO date "2026-01-01"
+    endDate: v.string(),
+  },
+  returns: v.array(v.any()),
+  handler: async (ctx, args) => {
+    return await ctx.db
+      .query("menstrualCycles")
+      .withIndex("by_user_date", (idx) =>
+        idx
+          .eq("userId", args.userId)
+          .gte("periodStartDate", args.startDate)
+          .lte("periodStartDate", args.endDate),
+      )
+      .collect();
+  },
+});
+
+/**
+ * Get the latest menstrual cycle record for a user.
+ */
+export const getLatest = query({
+  args: { userId: v.string() },
+  returns: v.any(),
+  handler: async (ctx, args) => {
+    return await ctx.db
+      .query("menstrualCycles")
+      .withIndex("by_user_date", (idx) => idx.eq("userId", args.userId))
+      .order("desc")
+      .first();
+  },
+});
+
+// ---------------------------------------------------------------------------
+// Mutations
+// ---------------------------------------------------------------------------
+
+/**
+ * Upsert a menstrual cycle record. Deduplicates by externalId.
+ */
+export const upsert = internalMutation({
+  args: {
+    userId: v.string(),
+    provider: providerName,
+    externalId: v.optional(v.string()),
+    periodStartDate: v.string(),
+    dayInCycle: v.optional(v.number()),
+    cycleLength: v.optional(v.number()),
+    predictedCycleLength: v.optional(v.number()),
+    periodLength: v.optional(v.number()),
+    currentPhase: v.optional(v.number()),
+    currentPhaseType: v.optional(v.string()),
+    lengthOfCurrentPhase: v.optional(v.number()),
+    daysUntilNextPhase: v.optional(v.number()),
+    isPredictedCycle: v.optional(v.boolean()),
+    fertileWindowStart: v.optional(v.number()),
+    lengthOfFertileWindow: v.optional(v.number()),
+    lastUpdatedAt: v.optional(v.number()),
+    isPregnant: v.optional(v.boolean()),
+    pregnancyDueDate: v.optional(v.string()),
+    pregnancyOriginalDueDate: v.optional(v.string()),
+    pregnancyCycleStartDate: v.optional(v.string()),
+    pregnancyTitle: v.optional(v.string()),
+    numberOfBabies: v.optional(v.string()),
+  },
+  returns: v.id("menstrualCycles"),
+  handler: async (ctx, args) => {
+    // Dedup by externalId
+    if (args.externalId) {
+      const existing = await ctx.db
+        .query("menstrualCycles")
+        .withIndex("by_external_id", (idx) => idx.eq("externalId", args.externalId))
+        .first();
+      if (existing) {
+        await ctx.db.patch(existing._id, args);
+        return existing._id;
+      }
+    }
+
+    // Dedup by user + periodStartDate
+    const existing = await ctx.db
+      .query("menstrualCycles")
+      .withIndex("by_user_date", (idx) =>
+        idx.eq("userId", args.userId).eq("periodStartDate", args.periodStartDate),
+      )
+      .first();
+
+    if (existing) {
+      await ctx.db.patch(existing._id, args);
+      return existing._id;
+    }
+
+    return await ctx.db.insert("menstrualCycles", args);
+  },
+});
+
+/**
+ * Delete all menstrual cycle data for a user.
+ */
+export const deleteByUser = internalMutation({
+  args: { userId: v.string() },
+  handler: async (ctx, args) => {
+    const records = await ctx.db
+      .query("menstrualCycles")
+      .withIndex("by_user_provider", (idx) => idx.eq("userId", args.userId))
+      .collect();
+    for (const r of records) {
+      await ctx.db.delete(r._id);
+    }
+  },
+});