@cyberismo/backend 0.0.21 → 0.0.23

package/src/domain/cardTypes/service.ts

@@ -54,126 +54,72 @@ export async function updateFieldVisibility(
 ): Promise<void> {
   const { fieldName, group: targetGroup, index: targetIndex } = body;
 
-  // Get current card type data
-  const cardType = await commands.showCmd.showResource(
-    cardTypeName,
-    'cardTypes',
-  );
-  if (!cardType) {
-    throw new Error(`Card type '${cardTypeName}' not found`);
-  }
+  await commands.atomic(async () => {
+    // Read is now inside the write lock
+    const cardType = await commands.showCmd.showResource(
+      cardTypeName,
+      'cardTypes',
+    );
+    if (!cardType) {
+      throw new Error(`Card type '${cardTypeName}' not found`);
+    }
 
-  const customFields = cardType.customFields || [];
-  const alwaysVisibleFields = cardType.alwaysVisibleFields || [];
-  const optionallyVisibleFields = cardType.optionallyVisibleFields || [];
+    const customFields = cardType.customFields || [];
+    const alwaysVisibleFields = cardType.alwaysVisibleFields || [];
+    const optionallyVisibleFields = cardType.optionallyVisibleFields || [];
 
-  // Validate that the field exists in customFields
-  const fieldExists = customFields.some(
-    (f: { name: string }) => f.name === fieldName,
-  );
-  if (!fieldExists) {
-    throw new Error(
-      `Field '${fieldName}' does not exist in card type '${cardTypeName}'. `,
+    // Validate that the field exists in customFields
+    const fieldExists = customFields.some(
+      (f: { name: string }) => f.name === fieldName,
     );
-  }
+    if (!fieldExists) {
+      throw new Error(
+        `Field '${fieldName}' does not exist in card type '${cardTypeName}'. `,
+      );
+    }
 
-  const currentGroup = getCurrentGroup(
-    alwaysVisibleFields,
-    optionallyVisibleFields,
-    fieldName,
-  );
+    const currentGroup = getCurrentGroup(
+      alwaysVisibleFields,
+      optionallyVisibleFields,
+      fieldName,
+    );
 
-  // If same group, just handle reordering
-  if (currentGroup === targetGroup) {
-    if (targetGroup === 'hidden') {
-      // Nothing to reorder in hidden group
+    // If same group, just handle reordering
+    if (currentGroup === targetGroup) {
+      if (targetGroup !== 'hidden' && targetIndex !== undefined) {
+        await commands.updateCmd.applyResourceOperation(
+          cardTypeName,
+          { key: groupToKey[targetGroup] },
+          { name: 'rank', target: fieldName, newIndex: targetIndex },
+        );
+      }
       return;
     }
 
-    if (targetIndex !== undefined) {
-      await commands.updateCmd.applyResourceOperation(
-        cardTypeName,
-        {
-          key: groupToKey[targetGroup],
-        },
-        {
-          name: 'rank',
-          target: fieldName,
-          newIndex: targetIndex,
-        },
-      );
-    }
-    return;
-  }
-
-  // Different group - need to remove from old and add to new
-  let removedFromOld = false;
-
-  try {
     // Remove from current group (if not hidden)
     if (currentGroup !== 'hidden') {
       await commands.updateCmd.applyResourceOperation(
         cardTypeName,
-        {
-          key: groupToKey[currentGroup],
-        },
-        {
-          name: 'remove',
-          target: fieldName,
-        },
+        { key: groupToKey[currentGroup] },
+        { name: 'remove', target: fieldName },
       );
-      removedFromOld = true;
     }
 
     // Add to new group (if not hidden)
     if (targetGroup !== 'hidden') {
       await commands.updateCmd.applyResourceOperation(
         cardTypeName,
-        {
-          key: groupToKey[targetGroup],
-        },
-        {
-          name: 'add',
-          target: fieldName,
-        },
+        { key: groupToKey[targetGroup] },
+        { name: 'add', target: fieldName },
       );
 
-      // Reorder if index specified
       if (targetIndex !== undefined) {
         await commands.updateCmd.applyResourceOperation(
           cardTypeName,
-          {
-            key: groupToKey[targetGroup],
-          },
-          {
-            name: 'rank',
-            target: fieldName,
-            newIndex: targetIndex,
-          },
-        );
-      }
-    }
-  } catch (error) {
-    // Attempt rollback if we removed from old group but failed to add to new
-    if (removedFromOld && currentGroup !== 'hidden') {
-      try {
-        await commands.updateCmd.applyResourceOperation(
-          cardTypeName,
-          {
-            key: groupToKey[currentGroup],
-          },
-          {
-            name: 'add',
-            target: fieldName,
-          },
-        );
-      } catch {
-        // Rollback failed - log but throw original error
-        console.error(
-          `Rollback failed for field '${fieldName}' in card type '${cardTypeName}'`,
+          { key: groupToKey[targetGroup] },
+          { name: 'rank', target: fieldName, newIndex: targetIndex },
         );
       }
     }
-    throw error;
-  }
+  }, `Update field visibility for ${cardTypeName}`);
 }

package/src/domain/cards/index.ts

@@ -13,10 +13,20 @@
 
 import { type Context, Hono } from 'hono';
 import type { ContentfulStatusCode } from 'hono/utils/http-status';
+import { streamSSE } from 'hono/streaming';
 import { getCardDetails } from './lib.js';
 import * as cardService from './service.js';
 import { isSSGContext, ssgParams } from 'hono/ssg';
 import type { AppContext } from '../../types.js';
+import { UserRole } from '../../types.js';
+import { presenceStore } from './presence.js';
+import { requireRole } from '../../middleware/auth.js';
+import { zValidator } from '../../middleware/zvalidator.js';
+import {
+  createLinkSchema,
+  removeLinkSchema,
+  updateLinkSchema,
+} from './schema.js';
 
 const router = new Hono();
 
@@ -34,7 +44,7 @@ const router = new Hono();
  *       500:
  *         description: project_path not set.
  */
-router.get('/', async (c) => {
+router.get('/', requireRole(UserRole.Reader), async (c) => {
   const commands = c.get('commands');
 
   try {
@@ -75,6 +85,7 @@ router.get('/', async (c) => {
  */
 router.get(
   '/:key',
+  requireRole(UserRole.Reader),
   ssgParams(async (c: AppContext) => {
     const commands = c.get('commands');
     const opts = c.get('tree');
@@ -144,7 +155,7 @@ router.get(
  *       500:
  *         description: project_path not set.
  */
-router.patch('/:key', async (c) => {
+router.patch('/:key', requireRole(UserRole.Editor), async (c) => {
   const commands = c.get('commands');
   const key = c.req.param('key');
   if (!key) {
@@ -201,7 +212,7 @@ router.patch('/:key', async (c) => {
  *       500:
  *         description: project_path not set.
  */
-router.delete('/:key', async (c) => {
+router.delete('/:key', requireRole(UserRole.Editor), async (c) => {
   const commands = c.get('commands');
   const key = c.req.param('key');
   if (!key) {
@@ -244,7 +255,7 @@ router.delete('/:key', async (c) => {
  *       500:
  *         description: project_path not set
  */
-router.post('/:key', async (c) => {
+router.post('/:key', requireRole(UserRole.Editor), async (c) => {
   const key = c.req.param('key');
   if (!key) {
     return c.text('No search key', 400);
@@ -300,7 +311,7 @@ router.post('/:key', async (c) => {
  *       500:
  *         description: Server error
  */
-router.post('/:key/attachments', async (c) => {
+router.post('/:key/attachments', requireRole(UserRole.Editor), async (c) => {
   const commands = c.get('commands');
   const key = c.req.param('key');
 
@@ -354,25 +365,33 @@ router.post('/:key/attachments', async (c) => {
  *       500:
  *         description: Server error
  */
-router.delete('/:key/attachments/:filename', async (c) => {
-  const commands = c.get('commands');
-  const { key, filename } = c.req.param();
+router.delete(
+  '/:key/attachments/:filename',
+  requireRole(UserRole.Editor),
+  async (c) => {
+    const commands = c.get('commands');
+    const { key, filename } = c.req.param();
 
-  try {
-    const result = await cardService.removeAttachment(commands, key, filename);
-    return c.json(result);
-  } catch (error) {
-    return c.json(
-      {
-        error:
-          error instanceof Error
-            ? error.message
-            : 'Failed to remove attachment',
-      },
-      500,
-    );
-  }
-});
+    try {
+      const result = await cardService.removeAttachment(
+        commands,
+        key,
+        filename,
+      );
+      return c.json(result);
+    } catch (error) {
+      return c.json(
+        {
+          error:
+            error instanceof Error
+              ? error.message
+              : 'Failed to remove attachment',
+        },
+        500,
+      );
+    }
+  },
+);
 
 /**
  * @swagger
@@ -398,23 +417,29 @@ router.delete('/:key/attachments/:filename', async (c) => {
  *       500:
  *         description: Server error
  */
-router.post('/:key/attachments/:filename/open', async (c) => {
-  const commands = c.get('commands');
-  const { key, filename } = c.req.param();
+router.post(
+  '/:key/attachments/:filename/open',
+  requireRole(UserRole.Reader),
+  async (c) => {
+    const commands = c.get('commands');
+    const { key, filename } = c.req.param();
 
-  try {
-    const result = await cardService.openAttachment(commands, key, filename);
-    return c.json(result);
-  } catch (error) {
-    return c.json(
-      {
-        error:
-          error instanceof Error ? error.message : 'Failed to open attachment',
-      },
-      500,
-    );
-  }
-});
+    try {
+      const result = await cardService.openAttachment(commands, key, filename);
+      return c.json(result);
+    } catch (error) {
+      return c.json(
+        {
+          error:
+            error instanceof Error
+              ? error.message
+              : 'Failed to open attachment',
+        },
+        500,
+      );
+    }
+  },
+);
 
 /**
  * @swagger
@@ -443,7 +468,7 @@ router.post('/:key/attachments/:filename/open', async (c) => {
  *       500:
  *         description: Server error
  */
-router.post('/:key/parse', async (c) => {
+router.post('/:key/parse', requireRole(UserRole.Reader), async (c) => {
   const commands = c.get('commands');
   const key = c.req.param('key');
   const { content } = await c.req.json();
@@ -497,33 +522,36 @@ router.post('/:key/parse', async (c) => {
  *       500:
  *         description: Server error
  */
-router.post('/:key/links', async (c) => {
-  const commands = c.get('commands');
-  const key = c.req.param('key');
-  const { toCard, linkType, description } = await c.req.json();
-
-  if (!toCard || !linkType) {
-    return c.json({ error: 'toCard and linkType are required' }, 400);
-  }
+router.post(
+  '/:key/links',
+  requireRole(UserRole.Editor),
+  zValidator('json', createLinkSchema),
+  async (c) => {
+    const commands = c.get('commands');
+    const key = c.req.param('key');
+    const { toCard, linkType, description, direction } = c.req.valid('json');
 
-  try {
-    const result = await cardService.createLink(
-      commands,
-      key,
-      toCard,
-      linkType,
-      description,
-    );
-    return c.json(result);
-  } catch (error) {
-    return c.json(
-      {
-        error: error instanceof Error ? error.message : 'Failed to create link',
-      },
-      500,
-    );
-  }
-});
+    try {
+      const result = await cardService.createLink(
+        commands,
+        key,
+        toCard,
+        linkType,
+        direction,
+        description,
+      );
+      return c.json(result);
+    } catch (error) {
+      return c.json(
+        {
+          error:
+            error instanceof Error ? error.message : 'Failed to create link',
+        },
+        500,
+      );
+    }
+  },
+);
 
 /**
  * @swagger
@@ -556,33 +584,122 @@ router.post('/:key/links', async (c) => {
  *       500:
  *         description: Server error
  */
-router.delete('/:key/links', async (c) => {
-  const commands = c.get('commands');
-  const key = c.req.param('key');
-  const { toCard, linkType, description } = await c.req.json();
+router.delete(
+  '/:key/links',
+  requireRole(UserRole.Editor),
+  zValidator('json', removeLinkSchema),
+  async (c) => {
+    const commands = c.get('commands');
+    const key = c.req.param('key');
+    const { toCard, linkType, description, direction } = c.req.valid('json');
 
-  if (!toCard || !linkType) {
-    return c.json({ error: 'toCard and linkType are required' }, 400);
-  }
+    try {
+      const result = await cardService.removeLink(
+        commands,
+        key,
+        toCard,
+        linkType,
+        direction,
+        description,
+      );
+      return c.json(result);
+    } catch (error) {
+      return c.json(
+        {
+          error:
+            error instanceof Error ? error.message : 'Failed to remove link',
+        },
+        500,
+      );
+    }
+  },
+);
 
-  try {
-    const result = await cardService.removeLink(
-      commands,
-      key,
+/**
+ * @swagger
+ * /api/cards/{key}/links:
+ *   put:
+ *     summary: Update a link between cards
+ *     parameters:
+ *       - name: key
+ *         in: path
+ *         required: true
+ *         schema:
+ *           type: string
+ *     requestBody:
+ *       content:
+ *         application/json:
+ *           schema:
+ *             type: object
+ *             properties:
+ *               toCard:
+ *                 type: string
+ *               linkType:
+ *                 type: string
+ *               description:
+ *                 type: string
+ *               direction:
+ *                 type: string
+ *               previousToCard:
+ *                 type: string
+ *               previousLinkType:
+ *                 type: string
+ *               previousDirection:
+ *                 type: string
+ *               previousDescription:
+ *                 type: string
+ *     responses:
+ *       200:
+ *         description: Link updated successfully
+ *       400:
+ *         description: Invalid request
+ *       500:
+ *         description: Server error
+ */
+router.put(
+  '/:key/links',
+  requireRole(UserRole.Editor),
+  zValidator('json', updateLinkSchema),
+  async (c) => {
+    const commands = c.get('commands');
+    const key = c.req.param('key');
+
+    const {
       toCard,
       linkType,
       description,
-    );
-    return c.json(result);
-  } catch (error) {
-    return c.json(
-      {
-        error: error instanceof Error ? error.message : 'Failed to remove link',
-      },
-      500,
-    );
-  }
-});
+      direction,
+      previousToCard,
+      previousLinkType,
+      previousDirection,
+      previousDescription,
+    } = c.req.valid('json');
+
+    try {
+      const result = await cardService.updateLink(
+        commands,
+        key,
+        toCard,
+        linkType,
+        direction,
+        previousToCard,
+        previousLinkType,
+        previousDirection,
+        description,
+        previousDescription,
+      );
+      return c.json(result);
+    } catch (error) {
+      return c.json(
+        {
+          error:
+            error instanceof Error ? error.message : 'Failed to update link',
+        },
+        500,
+      );
+    }
+  },
+);
 
 /**
  * @swagger
@@ -610,11 +727,12 @@ router.delete('/:key/links', async (c) => {
  */
 router.get(
   '/:key/a/:attachment',
+  requireRole(UserRole.Reader),
   ssgParams(async (c: Context) => {
     const commands = c.get('commands');
     return await cardService.findRelevantAttachments(commands, c.get('tree'));
   }),
-  (c) => {
+  async (c) => {
     const commands = c.get('commands');
     const { key, attachment } = c.req.param();
     const filename = decodeURI(attachment);
@@ -624,7 +742,7 @@ router.get(
     }
 
     try {
-      const attachmentResponse = cardService.getAttachment(
+      const attachmentResponse = await cardService.getAttachment(
         commands,
         key,
         filename,
@@ -652,5 +770,55 @@ router.get(
     }
   },
 );
+/**
+ * @swagger
+ * /api/cards/{key}/presence:
+ *   get:
+ *     summary: SSE stream of users currently viewing or editing this card
+ *     parameters:
+ *       - name: key
+ *         in: path
+ *         required: true
+ *         description: Card key (string)
+ *       - name: mode
+ *         in: query
+ *         required: false
+ *         schema:
+ *           type: string
+ *           enum: [viewing, editing]
+ *         description: Whether the user is viewing or editing (default: viewing)
+ *     responses:
+ *       200:
+ *         description: SSE stream with presence events
+ */
+router.get('/:key/presence', requireRole(UserRole.Reader), (c) => {
+  const key = c.req.param('key');
+  const mode = c.req.query('mode') === 'editing' ? 'editing' : 'viewing';
+  const user = c.get('user');
+
+  if (!key) {
+    return c.text('No card key', 400);
+  }
 
+  return streamSSE(c, async (stream) => {
+    const connId = presenceStore.add(
+      key,
+      user,
+      mode,
+      (data) => void stream.writeSSE(data),
+    );
+
+    let aborted = false;
+    stream.onAbort(() => {
+      aborted = true;
+      presenceStore.remove(key, connId);
+    });
+
+    // Keep connection alive with periodic heartbeat
+    while (!aborted) {
+      await stream.write(': hb\n\n');
+      await stream.sleep(30000);
+    }
+  });
+});
 export default router;