npm - @doccov/api - Versions diffs - 0.4.0 → 0.5.0 - Mend

@doccov/api 0.4.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/CHANGELOG.md +13 -0
package/package.json +3 -3
package/src/index.ts +30 -2
package/src/middleware/anonymous-rate-limit.ts +131 -0
package/src/routes/ai.ts +353 -0
package/src/routes/badge.ts +122 -32
package/src/routes/billing.ts +65 -0
package/src/routes/coverage.ts +34 -16
package/src/routes/demo.ts +297 -0
package/src/routes/github-app.ts +368 -0
package/src/routes/invites.ts +90 -0
package/src/routes/orgs.ts +249 -0
package/src/utils/github-app.ts +196 -0
package/src/utils/github-checks.ts +278 -0
package/src/utils/remote-analyzer.ts +251 -0
package/src/utils/github.ts +0 -5

package/src/routes/orgs.ts CHANGED Viewed

@@ -3,6 +3,8 @@ import { nanoid } from 'nanoid';
 import { auth } from '../auth/config';
 import { db } from '../db/client';
+const SITE_URL = process.env.SITE_URL || 'http://localhost:3000';
 type Session = Awaited<ReturnType<typeof auth.api.getSession>>;
 type Env = {
@@ -136,3 +138,250 @@ orgsRoute.post('/:slug/projects', async (c) => {
   return c.json({ project }, 201);
 });
+// ============ Members ============
+// List org members
+orgsRoute.get('/:slug/members', async (c) => {
+  const session = c.get('session');
+  const { slug } = c.req.param();
+  // Verify membership
+  const org = await db
+    .selectFrom('organizations')
+    .innerJoin('org_members', 'org_members.orgId', 'organizations.id')
+    .where('organizations.slug', '=', slug)
+    .where('org_members.userId', '=', session.user.id)
+    .select(['organizations.id as orgId', 'org_members.role as myRole'])
+    .executeTakeFirst();
+  if (!org) {
+    return c.json({ error: 'Organization not found' }, 404);
+  }
+  const members = await db
+    .selectFrom('org_members')
+    .innerJoin('user', 'user.id', 'org_members.userId')
+    .where('org_members.orgId', '=', org.orgId)
+    .select([
+      'org_members.id',
+      'org_members.userId',
+      'org_members.role',
+      'org_members.createdAt',
+      'user.email',
+      'user.name',
+      'user.image',
+    ])
+    .orderBy('org_members.createdAt', 'asc')
+    .execute();
+  return c.json({ members, myRole: org.myRole });
+});
+// Create invite
+orgsRoute.post('/:slug/invites', async (c) => {
+  const session = c.get('session');
+  const { slug } = c.req.param();
+  const body = await c.req.json<{ email: string; role: 'admin' | 'member' }>();
+  // Verify owner/admin
+  const org = await db
+    .selectFrom('organizations')
+    .innerJoin('org_members', 'org_members.orgId', 'organizations.id')
+    .where('organizations.slug', '=', slug)
+    .where('org_members.userId', '=', session.user.id)
+    .where('org_members.role', 'in', ['owner', 'admin'])
+    .select(['organizations.id as orgId', 'organizations.name'])
+    .executeTakeFirst();
+  if (!org) {
+    return c.json({ error: 'Forbidden' }, 403);
+  }
+  // Check if already a member
+  const existingMember = await db
+    .selectFrom('org_members')
+    .innerJoin('user', 'user.id', 'org_members.userId')
+    .where('org_members.orgId', '=', org.orgId)
+    .where('user.email', '=', body.email)
+    .select('org_members.id')
+    .executeTakeFirst();
+  if (existingMember) {
+    return c.json({ error: 'User is already a member' }, 400);
+  }
+  const token = nanoid(32);
+  const expiresAt = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000); // 7 days
+  const invite = await db
+    .insertInto('org_invites')
+    .values({
+      id: nanoid(21),
+      orgId: org.orgId,
+      email: body.email,
+      role: body.role || 'member',
+      token,
+      expiresAt,
+      createdBy: session.user.id,
+    })
+    .returningAll()
+    .executeTakeFirst();
+  const inviteUrl = `${SITE_URL}/invite/${token}`;
+  return c.json({ invite, inviteUrl }, 201);
+});
+// List pending invites
+orgsRoute.get('/:slug/invites', async (c) => {
+  const session = c.get('session');
+  const { slug } = c.req.param();
+  // Verify owner/admin
+  const org = await db
+    .selectFrom('organizations')
+    .innerJoin('org_members', 'org_members.orgId', 'organizations.id')
+    .where('organizations.slug', '=', slug)
+    .where('org_members.userId', '=', session.user.id)
+    .where('org_members.role', 'in', ['owner', 'admin'])
+    .select(['organizations.id as orgId'])
+    .executeTakeFirst();
+  if (!org) {
+    return c.json({ error: 'Forbidden' }, 403);
+  }
+  const invites = await db
+    .selectFrom('org_invites')
+    .where('orgId', '=', org.orgId)
+    .where('expiresAt', '>', new Date())
+    .select(['id', 'email', 'role', 'expiresAt', 'createdAt'])
+    .orderBy('createdAt', 'desc')
+    .execute();
+  return c.json({ invites });
+});
+// Delete invite
+orgsRoute.delete('/:slug/invites/:inviteId', async (c) => {
+  const session = c.get('session');
+  const { slug, inviteId } = c.req.param();
+  // Verify owner/admin
+  const org = await db
+    .selectFrom('organizations')
+    .innerJoin('org_members', 'org_members.orgId', 'organizations.id')
+    .where('organizations.slug', '=', slug)
+    .where('org_members.userId', '=', session.user.id)
+    .where('org_members.role', 'in', ['owner', 'admin'])
+    .select(['organizations.id as orgId'])
+    .executeTakeFirst();
+  if (!org) {
+    return c.json({ error: 'Forbidden' }, 403);
+  }
+  await db
+    .deleteFrom('org_invites')
+    .where('id', '=', inviteId)
+    .where('orgId', '=', org.orgId)
+    .execute();
+  return c.json({ success: true });
+});
+// Update member role
+orgsRoute.patch('/:slug/members/:userId', async (c) => {
+  const session = c.get('session');
+  const { slug, userId } = c.req.param();
+  const body = await c.req.json<{ role: 'admin' | 'member' }>();
+  // Verify owner
+  const org = await db
+    .selectFrom('organizations')
+    .innerJoin('org_members', 'org_members.orgId', 'organizations.id')
+    .where('organizations.slug', '=', slug)
+    .where('org_members.userId', '=', session.user.id)
+    .where('org_members.role', '=', 'owner')
+    .select(['organizations.id as orgId'])
+    .executeTakeFirst();
+  if (!org) {
+    return c.json({ error: 'Only owner can change roles' }, 403);
+  }
+  // Don't allow changing owner role
+  const targetMember = await db
+    .selectFrom('org_members')
+    .where('orgId', '=', org.orgId)
+    .where('userId', '=', userId)
+    .select('role')
+    .executeTakeFirst();
+  if (!targetMember) {
+    return c.json({ error: 'Member not found' }, 404);
+  }
+  if (targetMember.role === 'owner') {
+    return c.json({ error: 'Cannot change owner role' }, 400);
+  }
+  await db
+    .updateTable('org_members')
+    .set({ role: body.role })
+    .where('orgId', '=', org.orgId)
+    .where('userId', '=', userId)
+    .execute();
+  return c.json({ success: true });
+});
+// Remove member
+orgsRoute.delete('/:slug/members/:userId', async (c) => {
+  const session = c.get('session');
+  const { slug, userId } = c.req.param();
+  // Verify owner/admin
+  const org = await db
+    .selectFrom('organizations')
+    .innerJoin('org_members', 'org_members.orgId', 'organizations.id')
+    .where('organizations.slug', '=', slug)
+    .where('org_members.userId', '=', session.user.id)
+    .where('org_members.role', 'in', ['owner', 'admin'])
+    .select(['organizations.id as orgId', 'org_members.role as myRole'])
+    .executeTakeFirst();
+  if (!org) {
+    return c.json({ error: 'Forbidden' }, 403);
+  }
+  // Don't allow removing owner
+  const targetMember = await db
+    .selectFrom('org_members')
+    .where('orgId', '=', org.orgId)
+    .where('userId', '=', userId)
+    .select('role')
+    .executeTakeFirst();
+  if (!targetMember) {
+    return c.json({ error: 'Member not found' }, 404);
+  }
+  if (targetMember.role === 'owner') {
+    return c.json({ error: 'Cannot remove owner' }, 400);
+  }
+  // Admins can only remove members, not other admins
+  if (org.myRole === 'admin' && targetMember.role === 'admin') {
+    return c.json({ error: 'Admins cannot remove other admins' }, 403);
+  }
+  await db
+    .deleteFrom('org_members')
+    .where('orgId', '=', org.orgId)
+    .where('userId', '=', userId)
+    .execute();
+  return c.json({ success: true });
+});

package/src/utils/github-app.ts ADDED Viewed

@@ -0,0 +1,196 @@
+/**
+ * GitHub App utilities for token management and API access
+ */
+import { SignJWT } from 'jose';
+import { db } from '../db/client';
+const GITHUB_APP_ID = process.env.GITHUB_APP_ID!;
+const GITHUB_APP_PRIVATE_KEY = process.env.GITHUB_APP_PRIVATE_KEY!;
+/**
+ * Generate a JWT for GitHub App authentication
+ */
+async function generateAppJWT(): Promise<string> {
+  const privateKey = await importPrivateKey(GITHUB_APP_PRIVATE_KEY);
+  const jwt = await new SignJWT({})
+    .setProtectedHeader({ alg: 'RS256' })
+    .setIssuedAt()
+    .setIssuer(GITHUB_APP_ID)
+    .setExpirationTime('10m')
+    .sign(privateKey);
+  return jwt;
+}
+/**
+ * Import PEM private key for signing
+ */
+async function importPrivateKey(pem: string) {
+  // Handle escaped newlines from env vars
+  const formattedPem = pem.replace(/\\n/g, '\n');
+  const pemContents = formattedPem
+    .replace('-----BEGIN RSA PRIVATE KEY-----', '')
+    .replace('-----END RSA PRIVATE KEY-----', '')
+    .replace(/\s/g, '');
+  const binaryKey = Uint8Array.from(atob(pemContents), (c) => c.charCodeAt(0));
+  return crypto.subtle.importKey(
+    'pkcs8',
+    binaryKey,
+    { name: 'RSASSA-PKCS1-v1_5', hash: 'SHA-256' },
+    false,
+    ['sign'],
+  );
+}
+/**
+ * Get or refresh installation access token
+ */
+export async function getInstallationToken(orgId: string): Promise<string | null> {
+  const installation = await db
+    .selectFrom('github_installations')
+    .where('orgId', '=', orgId)
+    .select(['id', 'installationId', 'accessToken', 'tokenExpiresAt'])
+    .executeTakeFirst();
+  if (!installation) {
+    return null;
+  }
+  // Check if token is still valid (with 5 min buffer)
+  const now = new Date();
+  const expiresAt = installation.tokenExpiresAt;
+  const isExpired = !expiresAt || new Date(expiresAt.getTime() - 5 * 60 * 1000) <= now;
+  if (!isExpired && installation.accessToken) {
+    return installation.accessToken;
+  }
+  // Refresh the token
+  try {
+    const jwt = await generateAppJWT();
+    const response = await fetch(
+      `https://api.github.com/app/installations/${installation.installationId}/access_tokens`,
+      {
+        method: 'POST',
+        headers: {
+          Authorization: `Bearer ${jwt}`,
+          Accept: 'application/vnd.github+json',
+          'X-GitHub-Api-Version': '2022-11-28',
+        },
+      },
+    );
+    if (!response.ok) {
+      console.error('Failed to get installation token:', await response.text());
+      return null;
+    }
+    const data = (await response.json()) as { token: string; expires_at: string };
+    // Update token in database
+    await db
+      .updateTable('github_installations')
+      .set({
+        accessToken: data.token,
+        tokenExpiresAt: new Date(data.expires_at),
+        updatedAt: new Date(),
+      })
+      .where('id', '=', installation.id)
+      .execute();
+    return data.token;
+  } catch (err) {
+    console.error('Error refreshing installation token:', err);
+    return null;
+  }
+}
+/**
+ * Get installation token by installation ID (for webhooks)
+ */
+export async function getTokenByInstallationId(installationId: string): Promise<string | null> {
+  const installation = await db
+    .selectFrom('github_installations')
+    .where('installationId', '=', installationId)
+    .select(['orgId'])
+    .executeTakeFirst();
+  if (!installation) {
+    return null;
+  }
+  return getInstallationToken(installation.orgId);
+}
+/**
+ * List repositories accessible to an installation
+ */
+export async function listInstallationRepos(
+  orgId: string,
+): Promise<Array<{ id: number; name: string; full_name: string; private: boolean }> | null> {
+  const token = await getInstallationToken(orgId);
+  if (!token) return null;
+  try {
+    const response = await fetch('https://api.github.com/installation/repositories', {
+      headers: {
+        Authorization: `Bearer ${token}`,
+        Accept: 'application/vnd.github+json',
+        'X-GitHub-Api-Version': '2022-11-28',
+      },
+    });
+    if (!response.ok) {
+      console.error('Failed to list repos:', await response.text());
+      return null;
+    }
+    const data = (await response.json()) as {
+      repositories: Array<{ id: number; name: string; full_name: string; private: boolean }>;
+    };
+    return data.repositories;
+  } catch (err) {
+    console.error('Error listing repos:', err);
+    return null;
+  }
+}
+/**
+ * Fetch file content from a private repo
+ */
+export async function fetchRepoFile(
+  orgId: string,
+  owner: string,
+  repo: string,
+  path: string,
+  ref?: string,
+): Promise<string | null> {
+  const token = await getInstallationToken(orgId);
+  if (!token) return null;
+  try {
+    const url = new URL(`https://api.github.com/repos/${owner}/${repo}/contents/${path}`);
+    if (ref) url.searchParams.set('ref', ref);
+    const response = await fetch(url.toString(), {
+      headers: {
+        Authorization: `Bearer ${token}`,
+        Accept: 'application/vnd.github.raw+json',
+        'X-GitHub-Api-Version': '2022-11-28',
+      },
+    });
+    if (!response.ok) {
+      return null;
+    }
+    return response.text();
+  } catch {
+    return null;
+  }
+}