@doccov/api 0.3.7 → 0.5.0

package/src/routes/api-keys.ts

@@ -0,0 +1,127 @@
+import { Hono } from 'hono';
+import { nanoid } from 'nanoid';
+import { auth } from '../auth/config';
+import { db } from '../db/client';
+import { generateApiKey } from '../utils/api-keys';
+
+export const apiKeysRoute = new Hono();
+
+// List keys for org
+apiKeysRoute.get('/', async (c) => {
+  const orgId = c.req.query('orgId');
+  if (!orgId) return c.json({ error: 'orgId required' }, 400);
+
+  const session = await auth.api.getSession({ headers: c.req.raw.headers });
+  if (!session) return c.json({ error: 'Unauthorized' }, 401);
+
+  const membership = await db
+    .selectFrom('org_members')
+    .where('orgId', '=', orgId)
+    .where('userId', '=', session.user.id)
+    .select('role')
+    .executeTakeFirst();
+
+  if (!membership) return c.json({ error: 'Not a member' }, 403);
+
+  const keys = await db
+    .selectFrom('api_keys')
+    .where('orgId', '=', orgId)
+    .select(['id', 'name', 'keyPrefix', 'lastUsedAt', 'expiresAt', 'createdAt'])
+    .orderBy('createdAt', 'desc')
+    .execute();
+
+  return c.json({ keys });
+});
+
+// Create key (paid only)
+apiKeysRoute.post('/', async (c) => {
+  const { orgId, name, expiresIn } = await c.req.json<{
+    orgId: string;
+    name: string;
+    expiresIn?: number;
+  }>();
+
+  if (!orgId || !name) return c.json({ error: 'orgId and name required' }, 400);
+
+  const session = await auth.api.getSession({ headers: c.req.raw.headers });
+  if (!session) return c.json({ error: 'Unauthorized' }, 401);
+
+  const membership = await db
+    .selectFrom('org_members')
+    .innerJoin('organizations', 'organizations.id', 'org_members.orgId')
+    .where('org_members.orgId', '=', orgId)
+    .where('org_members.userId', '=', session.user.id)
+    .where('org_members.role', 'in', ['owner', 'admin'])
+    .select(['org_members.role', 'organizations.plan'])
+    .executeTakeFirst();
+
+  if (!membership) return c.json({ error: 'Admin access required' }, 403);
+
+  if (membership.plan === 'free') {
+    return c.json(
+      {
+        error: 'API keys require a paid plan',
+        upgrade: 'https://doccov.com/pricing',
+      },
+      403,
+    );
+  }
+
+  const { key, hash, prefix } = generateApiKey();
+  const id = nanoid(21);
+  const expiresAt = expiresIn ? new Date(Date.now() + expiresIn * 24 * 60 * 60 * 1000) : null;
+
+  await db
+    .insertInto('api_keys')
+    .values({
+      id,
+      orgId,
+      name,
+      keyHash: hash,
+      keyPrefix: prefix,
+      expiresAt,
+    })
+    .execute();
+
+  return c.json(
+    {
+      id,
+      key, // Shown once!
+      name,
+      prefix,
+      expiresAt,
+      message: 'Save this key now. It cannot be retrieved again.',
+    },
+    201,
+  );
+});
+
+// Revoke key
+apiKeysRoute.delete('/:keyId', async (c) => {
+  const keyId = c.req.param('keyId');
+
+  const session = await auth.api.getSession({ headers: c.req.raw.headers });
+  if (!session) return c.json({ error: 'Unauthorized' }, 401);
+
+  const key = await db
+    .selectFrom('api_keys')
+    .where('id', '=', keyId)
+    .select(['id', 'orgId'])
+    .executeTakeFirst();
+
+  if (!key) return c.json({ error: 'Key not found' }, 404);
+
+  const membership = await db
+    .selectFrom('org_members')
+    .where('orgId', '=', key.orgId)
+    .where('userId', '=', session.user.id)
+    .where('role', 'in', ['owner', 'admin'])
+    .select('role')
+    .executeTakeFirst();
+
+  if (!membership) return c.json({ error: 'Admin access required' }, 403);
+
+  await db.deleteFrom('api_keys').where('id', '=', keyId).execute();
+
+  return c.json({ deleted: true });
+});

package/src/routes/auth.ts

@@ -0,0 +1,62 @@
+import { Hono } from 'hono';
+import { auth } from '../auth/config';
+import { createPersonalOrg } from '../auth/hooks';
+import { db } from '../db/client';
+
+export const authRoute = new Hono();
+
+// Custom routes BEFORE better-auth catch-all
+
+// Get current session with orgs
+authRoute.get('/session', async (c) => {
+  const session = await auth.api.getSession({ headers: c.req.raw.headers });
+
+  if (!session) {
+    return c.json({ user: null, session: null, organizations: [] });
+  }
+
+  // Get user's orgs
+  const memberships = await db
+    .selectFrom('org_members')
+    .innerJoin('organizations', 'organizations.id', 'org_members.orgId')
+    .where('org_members.userId', '=', session.user.id)
+    .select([
+      'organizations.id',
+      'organizations.name',
+      'organizations.slug',
+      'organizations.plan',
+      'organizations.isPersonal',
+      'org_members.role',
+    ])
+    .execute();
+
+  return c.json({
+    user: session.user,
+    session: session.session,
+    organizations: memberships,
+  });
+});
+
+// Webhook for post-signup actions
+authRoute.post('/webhook/user-created', async (c) => {
+  const { userId, email, name } = await c.req.json();
+
+  // Check if user already has an org
+  const existingMembership = await db
+    .selectFrom('org_members')
+    .where('userId', '=', userId)
+    .select('id')
+    .executeTakeFirst();
+
+  if (!existingMembership) {
+    await createPersonalOrg(userId, name, email);
+  }
+
+  return c.json({ ok: true });
+});
+
+// Better Auth handles all other routes
+authRoute.on(['GET', 'POST'], '/*', async (c) => {
+  const response = await auth.handler(c.req.raw);
+  return response;
+});

package/src/routes/badge.ts

@@ -1,8 +1,11 @@
+import { fetchSpec } from '@doccov/sdk';
+import { validateSpec } from '@openpkg-ts/spec';
 import { Hono } from 'hono';
-import { fetchSpecFromGitHub } from '../utils/github';
 
 export const badgeRoute = new Hono();
 
+type BadgeStyle = 'flat' | 'flat-square' | 'for-the-badge';
+
 type BadgeColor =
   | 'brightgreen'
   | 'green'
@@ -16,6 +19,7 @@ interface BadgeOptions {
   label: string;
   message: string;
   color: BadgeColor;
+  style?: BadgeStyle;
 }
 
 function getColorForScore(score: number): BadgeColor {
@@ -27,22 +31,17 @@ function getColorForScore(score: number): BadgeColor {
   return 'red';
 }
 
-function generateBadgeSvg(options: BadgeOptions): string {
-  const { label, message, color } = options;
-
-  const colors: Record<BadgeColor, string> = {
-    brightgreen: '#4c1',
-    green: '#97ca00',
-    yellowgreen: '#a4a61d',
-    yellow: '#dfb317',
-    orange: '#fe7d37',
-    red: '#e05d44',
-    lightgrey: '#9f9f9f',
-  };
-
-  const bgColor = colors[color];
-
-  // Simple badge dimensions
+const BADGE_COLORS: Record<BadgeColor, string> = {
+  brightgreen: '#4c1',
+  green: '#97ca00',
+  yellowgreen: '#a4a61d',
+  yellow: '#dfb317',
+  orange: '#fe7d37',
+  red: '#e05d44',
+  lightgrey: '#9f9f9f',
+};
+
+function generateFlatBadge(label: string, message: string, bgColor: string): string {
   const labelWidth = label.length * 7 + 10;
   const messageWidth = message.length * 7 + 10;
   const totalWidth = labelWidth + messageWidth;
@@ -70,49 +69,139 @@ function generateBadgeSvg(options: BadgeOptions): string {
 </svg>`;
 }
 
+function generateFlatSquareBadge(label: string, message: string, bgColor: string): string {
+  const labelWidth = label.length * 7 + 10;
+  const messageWidth = message.length * 7 + 10;
+  const totalWidth = labelWidth + messageWidth;
+
+  return `<svg xmlns="http://www.w3.org/2000/svg" width="${totalWidth}" height="20" role="img" aria-label="${label}: ${message}">
+  <title>${label}: ${message}</title>
+  <g shape-rendering="crispEdges">
+    <rect width="${labelWidth}" height="20" fill="#555"/>
+    <rect x="${labelWidth}" width="${messageWidth}" height="20" fill="${bgColor}"/>
+  </g>
+  <g fill="#fff" text-anchor="middle" font-family="Verdana,Geneva,DejaVu Sans,sans-serif" text-rendering="geometricPrecision" font-size="11">
+    <text x="${labelWidth / 2}" y="14">${label}</text>
+    <text x="${labelWidth + messageWidth / 2}" y="14">${message}</text>
+  </g>
+</svg>`;
+}
+
+function generateForTheBadge(label: string, message: string, bgColor: string): string {
+  const labelUpper = label.toUpperCase();
+  const messageUpper = message.toUpperCase();
+  const labelWidth = labelUpper.length * 10 + 20;
+  const messageWidth = messageUpper.length * 10 + 20;
+  const totalWidth = labelWidth + messageWidth;
+
+  return `<svg xmlns="http://www.w3.org/2000/svg" width="${totalWidth}" height="28" role="img" aria-label="${label}: ${message}">
+  <title>${label}: ${message}</title>
+  <g shape-rendering="crispEdges">
+    <rect width="${labelWidth}" height="28" fill="#555"/>
+    <rect x="${labelWidth}" width="${messageWidth}" height="28" fill="${bgColor}"/>
+  </g>
+  <g fill="#fff" text-anchor="middle" font-family="Verdana,Geneva,DejaVu Sans,sans-serif" text-rendering="geometricPrecision" font-size="10" font-weight="bold">
+    <text x="${labelWidth / 2}" y="18">${labelUpper}</text>
+    <text x="${labelWidth + messageWidth / 2}" y="18">${messageUpper}</text>
+  </g>
+</svg>`;
+}
+
+function generateBadgeSvg(options: BadgeOptions): string {
+  const { label, message, color, style = 'flat' } = options;
+  const bgColor = BADGE_COLORS[color];
+
+  switch (style) {
+    case 'flat-square':
+      return generateFlatSquareBadge(label, message, bgColor);
+    case 'for-the-badge':
+      return generateForTheBadge(label, message, bgColor);
+    default:
+      return generateFlatBadge(label, message, bgColor);
+  }
+}
+
+/**
+ * Compute coverage score from spec exports if not already present.
+ */
+function computeCoverageScore(spec: { exports?: { description?: string }[] }): number {
+  const exports = spec.exports ?? [];
+  if (exports.length === 0) return 0;
+
+  const documented = exports.filter((e) => e.description && e.description.trim().length > 0);
+  return Math.round((documented.length / exports.length) * 100);
+}
+
+// Cache headers: 5min max-age, stale-if-error for resilience
+const CACHE_HEADERS_SUCCESS = {
+  'Content-Type': 'image/svg+xml',
+  'Cache-Control': 'public, max-age=300, stale-if-error=3600',
+};
+
+const CACHE_HEADERS_ERROR = {
+  'Content-Type': 'image/svg+xml',
+  'Cache-Control': 'no-cache',
+};
+
 // GET /badge/:owner/:repo
 badgeRoute.get('/:owner/:repo', async (c) => {
   const { owner, repo } = c.req.param();
-  const branch = c.req.query('branch') ?? 'main';
+
+  // Query params for customization
+  const ref = c.req.query('ref') ?? c.req.query('branch') ?? 'main';
+  const specPath = c.req.query('path') ?? c.req.query('package') ?? 'openpkg.json';
+  const style = (c.req.query('style') ?? 'flat') as BadgeStyle;
 
   try {
-    const spec = await fetchSpecFromGitHub(owner, repo, branch);
+    const spec = await fetchSpec(owner, repo, { ref, path: specPath });
 
     if (!spec) {
       const svg = generateBadgeSvg({
         label: 'docs',
         message: 'not found',
         color: 'lightgrey',
+        style,
       });
 
-      return c.body(svg, 404, {
-        'Content-Type': 'image/svg+xml',
-        'Cache-Control': 'no-cache',
+      return c.body(svg, 404, CACHE_HEADERS_ERROR);
+    }
+
+    // Validate spec against schema
+    const validation = validateSpec(spec);
+    if (!validation.ok) {
+      const svg = generateBadgeSvg({
+        label: 'docs',
+        message: 'invalid',
+        color: 'lightgrey',
+        style,
       });
+
+      return c.body(svg, 422, CACHE_HEADERS_ERROR);
     }
 
-    const coverageScore = spec.docs?.coverageScore ?? 0;
+    // Use docs.coverageScore if present (enriched spec), otherwise compute from exports
+    // Note: The spec type has changed - check for generation.analysis or similar patterns
+    const coverageScore =
+      (spec as { docs?: { coverageScore?: number } }).docs?.coverageScore ??
+      computeCoverageScore(spec);
+
     const svg = generateBadgeSvg({
       label: 'docs',
       message: `${coverageScore}%`,
       color: getColorForScore(coverageScore),
+      style,
     });
 
-    return c.body(svg, 200, {
-      'Content-Type': 'image/svg+xml',
-      'Cache-Control': 'public, max-age=300', // Cache for 5 minutes
-    });
+    return c.body(svg, 200, CACHE_HEADERS_SUCCESS);
   } catch {
     const svg = generateBadgeSvg({
       label: 'docs',
       message: 'error',
       color: 'red',
+      style,
     });
 
-    return c.body(svg, 500, {
-      'Content-Type': 'image/svg+xml',
-      'Cache-Control': 'no-cache',
-    });
+    return c.body(svg, 500, CACHE_HEADERS_ERROR);
   }
 });
 
@@ -120,5 +209,6 @@ badgeRoute.get('/:owner/:repo', async (c) => {
 badgeRoute.get('/:owner/:repo.svg', async (c) => {
   const { owner, repo } = c.req.param();
   const repoName = repo.replace(/\.svg$/, '');
-  return c.redirect(`/badge/${owner}/${repoName}`);
+  const query = new URL(c.req.url).search;
+  return c.redirect(`/badge/${owner}/${repoName}${query}`);
 });

package/src/routes/billing.ts

@@ -0,0 +1,267 @@
+import { getPlanLimits, type Plan } from '@doccov/db';
+import { CustomerPortal, Webhooks } from '@polar-sh/hono';
+import { Hono } from 'hono';
+import { auth } from '../auth/config';
+import { db } from '../db/client';
+
+export const billingRoute = new Hono();
+
+const POLAR_ACCESS_TOKEN = process.env.POLAR_ACCESS_TOKEN!;
+const POLAR_WEBHOOK_SECRET = process.env.POLAR_WEBHOOK_SECRET!;
+const SITE_URL = process.env.SITE_URL || 'http://localhost:3000';
+const API_URL = process.env.API_URL || 'http://localhost:3001';
+
+const PRODUCTS = {
+  team: process.env.POLAR_PRODUCT_TEAM!,
+  pro: process.env.POLAR_PRODUCT_PRO!,
+};
+
+const POLAR_API =
+  process.env.NODE_ENV === 'production' ? 'https://api.polar.sh' : 'https://sandbox-api.polar.sh';
+
+// ============ Checkout ============
+billingRoute.get('/checkout', async (c) => {
+  const plan = c.req.query('plan') as 'team' | 'pro';
+  const orgId = c.req.query('orgId');
+
+  if (!plan || !PRODUCTS[plan]) {
+    return c.json({ error: 'Invalid plan' }, 400);
+  }
+  if (!orgId) {
+    return c.json({ error: 'orgId required' }, 400);
+  }
+
+  const session = await auth.api.getSession({ headers: c.req.raw.headers });
+  if (!session) {
+    return c.redirect(`${SITE_URL}/login?callbackUrl=/pricing`);
+  }
+
+  // Verify user is owner/admin of org
+  const membership = await db
+    .selectFrom('org_members')
+    .where('orgId', '=', orgId)
+    .where('userId', '=', session.user.id)
+    .where('role', 'in', ['owner', 'admin'])
+    .select('id')
+    .executeTakeFirst();
+
+  if (!membership) {
+    return c.json({ error: 'Not authorized' }, 403);
+  }
+
+  // Create Polar checkout session via API
+  const res = await fetch(`${POLAR_API}/v1/checkouts/`, {
+    method: 'POST',
+    headers: {
+      Authorization: `Bearer ${POLAR_ACCESS_TOKEN}`,
+      'Content-Type': 'application/json',
+    },
+    body: JSON.stringify({
+      products: [PRODUCTS[plan]],
+      success_url: `${SITE_URL}/dashboard?upgraded=true`,
+      metadata: { orgId, plan },
+      customer_email: session.user.email,
+    }),
+  });
+
+  if (!res.ok) {
+    const error = await res.text();
+    console.error('Polar checkout error:', error);
+    return c.json({ error: 'Failed to create checkout session' }, 500);
+  }
+
+  const checkout = await res.json();
+  return c.redirect(checkout.url);
+});
+
+// ============ Customer Portal ============
+billingRoute.get('/portal', async (c) => {
+  const orgId = c.req.query('orgId');
+  if (!orgId) return c.json({ error: 'orgId required' }, 400);
+
+  const session = await auth.api.getSession({ headers: c.req.raw.headers });
+  if (!session) return c.redirect(`${SITE_URL}/login`);
+
+  const org = await db
+    .selectFrom('organizations')
+    .innerJoin('org_members', 'org_members.orgId', 'organizations.id')
+    .where('organizations.id', '=', orgId)
+    .where('org_members.userId', '=', session.user.id)
+    .where('org_members.role', 'in', ['owner', 'admin'])
+    .select(['organizations.polarCustomerId'])
+    .executeTakeFirst();
+
+  if (!org?.polarCustomerId) {
+    return c.json({ error: 'No billing account found' }, 404);
+  }
+
+  const portalHandler = CustomerPortal({
+    accessToken: POLAR_ACCESS_TOKEN,
+    getCustomerId: async () => org.polarCustomerId!,
+    server: process.env.NODE_ENV === 'production' ? 'production' : 'sandbox',
+  });
+
+  return portalHandler(c);
+});
+
+// ============ Webhooks ============
+billingRoute.post(
+  '/webhook',
+  Webhooks({
+    webhookSecret: POLAR_WEBHOOK_SECRET,
+
+    onSubscriptionActive: async (payload) => {
+      const subscription = payload.data;
+      const metadata = subscription.metadata as { orgId?: string; plan?: string };
+
+      if (!metadata?.orgId || !metadata?.plan) {
+        console.error('Missing metadata:', subscription.id);
+        return;
+      }
+
+      await db
+        .updateTable('organizations')
+        .set({
+          plan: metadata.plan as 'team' | 'pro',
+          polarCustomerId: subscription.customerId,
+          polarSubscriptionId: subscription.id,
+        })
+        .where('id', '=', metadata.orgId)
+        .execute();
+
+      console.log(`Org ${metadata.orgId} upgraded to ${metadata.plan}`);
+    },
+
+    onSubscriptionCanceled: async (payload) => {
+      const subscription = payload.data;
+
+      const org = await db
+        .selectFrom('organizations')
+        .where('polarSubscriptionId', '=', subscription.id)
+        .select('id')
+        .executeTakeFirst();
+
+      if (org) {
+        await db
+          .updateTable('organizations')
+          .set({ plan: 'free' })
+          .where('id', '=', org.id)
+          .execute();
+      }
+    },
+
+    onSubscriptionRevoked: async (payload) => {
+      const subscription = payload.data;
+
+      const org = await db
+        .selectFrom('organizations')
+        .where('polarSubscriptionId', '=', subscription.id)
+        .select('id')
+        .executeTakeFirst();
+
+      if (org) {
+        await db
+          .updateTable('organizations')
+          .set({ plan: 'free', polarSubscriptionId: null })
+          .where('id', '=', org.id)
+          .execute();
+      }
+    },
+  }),
+);
+
+// ============ Status ============
+billingRoute.get('/status', async (c) => {
+  const orgId = c.req.query('orgId');
+  if (!orgId) return c.json({ error: 'orgId required' }, 400);
+
+  const session = await auth.api.getSession({ headers: c.req.raw.headers });
+  if (!session) return c.json({ error: 'Unauthorized' }, 401);
+
+  const org = await db
+    .selectFrom('organizations')
+    .innerJoin('org_members', 'org_members.orgId', 'organizations.id')
+    .where('organizations.id', '=', orgId)
+    .where('org_members.userId', '=', session.user.id)
+    .select([
+      'organizations.plan',
+      'organizations.polarCustomerId',
+      'organizations.polarSubscriptionId',
+      'organizations.aiCallsUsed',
+      'organizations.aiCallsResetAt',
+    ])
+    .executeTakeFirst();
+
+  if (!org) return c.json({ error: 'Organization not found' }, 404);
+
+  return c.json({
+    plan: org.plan,
+    hasSubscription: !!org.polarSubscriptionId,
+    usage: { aiCalls: org.aiCallsUsed, resetAt: org.aiCallsResetAt },
+    portalUrl: org.polarCustomerId ? `${API_URL}/billing/portal?orgId=${orgId}` : null,
+  });
+});
+
+// ============ Usage Details ============
+billingRoute.get('/usage', async (c) => {
+  const orgId = c.req.query('orgId');
+  if (!orgId) return c.json({ error: 'orgId required' }, 400);
+
+  const session = await auth.api.getSession({ headers: c.req.raw.headers });
+  if (!session) return c.json({ error: 'Unauthorized' }, 401);
+
+  // Get org with member count
+  const org = await db
+    .selectFrom('organizations')
+    .innerJoin('org_members', 'org_members.orgId', 'organizations.id')
+    .where('organizations.id', '=', orgId)
+    .where('org_members.userId', '=', session.user.id)
+    .select([
+      'organizations.id',
+      'organizations.plan',
+      'organizations.aiCallsUsed',
+      'organizations.aiCallsResetAt',
+    ])
+    .executeTakeFirst();
+
+  if (!org) return c.json({ error: 'Organization not found' }, 404);
+
+  // Get member count
+  const memberResult = await db
+    .selectFrom('org_members')
+    .where('orgId', '=', orgId)
+    .select(db.fn.countAll<number>().as('count'))
+    .executeTakeFirst();
+
+  const seats = memberResult?.count ?? 1;
+  const limits = getPlanLimits(org.plan as Plan);
+
+  // Calculate next reset date
+  const now = new Date();
+  const resetAt = org.aiCallsResetAt || new Date(now.getFullYear(), now.getMonth() + 1, 1);
+  const shouldReset = !org.aiCallsResetAt || now >= org.aiCallsResetAt;
+  const aiUsed = shouldReset ? 0 : org.aiCallsUsed;
+
+  // Calculate pricing based on plan
+  const pricing: Record<string, number> = { free: 0, team: 15, pro: 49 };
+  const monthlyCost = (pricing[org.plan] ?? 0) * seats;
+
+  return c.json({
+    plan: org.plan,
+    seats,
+    monthlyCost,
+    aiCalls: {
+      used: aiUsed,
+      limit: limits.aiCallsPerMonth === Infinity ? 'unlimited' : limits.aiCallsPerMonth,
+      resetAt: resetAt.toISOString(),
+    },
+    analyses: {
+      limit: limits.analysesPerDay === Infinity ? 'unlimited' : limits.analysesPerDay,
+      resetAt: 'daily',
+    },
+    history: {
+      days: limits.historyDays,
+    },
+    privateRepos: limits.privateRepos === Infinity,
+  });
+});