@eventmodelers/node-kit 0.0.10 → 0.0.12

package/templates/root/server.ts

@@ -0,0 +1,213 @@
+import {join} from 'path';
+import {getApplication, startAPI, WebApiSetup} from '@event-driven-io/emmett-expressjs';
+import {glob} from "glob";
+import express, {Application, Request, Response} from 'express';
+import {jsonBigIntReplacer} from './src/util/sanitize';
+import {requireUser} from "./src/supabase/requireUser";
+import {requireBotApiToken} from "./src/slices/change/requireApiToken";
+import {mcpAuthRouter} from '@modelcontextprotocol/sdk/server/auth/router.js';
+import type {SupabaseOAuthProvider} from './src/slices/mcp/SupabaseOAuthProvider';
+import {isOrgLicenseActive, CallerContext} from "./src/slices/organization/OrganizationLicense/IsLicenseActive";
+import {getKnexInstance, closeDb} from "./src/common/db";
+import swaggerUi from 'swagger-ui-express'
+import {specs} from './src/swagger';
+import cors from 'cors';
+import {testPageHtml} from "./src/slices/internal/testing/routes";
+import {findEventstore} from "./src/common/loadPostgresEventstore";
+import {PostgresEventStore} from "@event-driven-io/emmett-postgresql";
+
+async function startServer() {
+
+    const eventStore = await findEventstore()
+    const slicesBase = join(__dirname, 'dist/src/slices');
+    const routesPattern = join(slicesBase, '**/routes{,-*}.js');
+
+    const routeFiles = await glob(routesPattern, {nodir: true});
+    console.log('Found route files:', routeFiles);
+
+    const processorPattern = join(slicesBase, '**/processor{,-*}.js');
+    const processorFiles = await glob(processorPattern, {nodir: true});
+    console.log('Found processor files:', processorFiles);
+
+    const commonPattern = join(__dirname, 'src/common/routes{,-*}.@(ts|js)');
+    const commonRouteFiles = await glob(commonPattern, {nodir: true});
+    console.log('Found common route files:', commonRouteFiles);
+
+
+    const rootApp: Application = express();
+    rootApp.set('json replacer', jsonBigIntReplacer);
+
+    const corsOrigins = process.env.CORS_ORIGINS?.split(',').map(o => o.trim()) ?? ['http://localhost:3000', 'http://localhost:3001'];
+    rootApp.use(cors({
+        origin: corsOrigins,
+        credentials: true,
+        methods: ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS'],
+        allowedHeaders: ['Content-Type', 'Content-Encoding',  'accept-encoding', 'Authorization','x-user-id','x-causation-id','x-correlation-id']
+    }));
+
+    const webApis: WebApiSetup[] = [];
+
+    for (const file of routeFiles.concat(commonRouteFiles)) {
+        const webApiModule: { api: () => WebApiSetup } = await import(file);
+        if (typeof webApiModule.api == 'function') {
+            var module = webApiModule.api()
+            webApis.push(module);
+        } else {
+            console.error(`Expected api function to be defined in ${file}`);
+        }
+    }
+
+    const startedProcessors: Array<{ stop: () => Promise<void> }> = [];
+
+    for (const processorFile of processorFiles) {
+        const processor: { processor: { start: (eventStore: PostgresEventStore) => Promise<void>; stop: () => Promise<void> } } = await import(processorFile);
+        if (typeof processor.processor.start == "function") {
+            console.log(`starting processor ${processorFile}`)
+            processor.processor.start(eventStore).catch(err => console.error(`Processor ${processorFile} failed:`, err));
+            startedProcessors.push(processor.processor);
+        }
+    }
+
+    const shutdown = async (signal: string) => {
+        console.log(`${signal} received, shutting down processors...`);
+        await Promise.allSettled(startedProcessors.map(p => p.stop()));
+        await eventStore.close();
+        await closeDb();
+        console.log('shutdown complete');
+        process.exit(0);
+    };
+
+    process.on('SIGINT', () => shutdown('SIGINT'));
+    process.on('SIGTERM', () => shutdown('SIGTERM'));
+
+    // Get the main application from emmett
+    const childApp: Application = getApplication({
+        apis: webApis,
+        disableJsonMiddleware: false,
+        enableDefaultExpressEtag: true,
+    });
+    childApp.set('json replacer', jsonBigIntReplacer);
+
+    // Add your custom routes to the main application (BEFORE the catch-all)
+    if (process.env.TESTING === 'true') {
+        childApp.get('/internal/test', (req: Request, res: Response) => {
+            res.setHeader('Content-Type', 'text/html');
+            res.send(testPageHtml);
+        });
+    }
+
+    // Protected user info endpoint - requires JWT token in Authorization header
+    childApp.get('/api/user', async (req: Request, res: Response) => {
+        console.log('API user route hit'); // Debug log
+        try {
+            const result = await requireUser(req, res, false)
+            if (result.error) {
+                // Response already sent by requireUser if sendUnauthorized=true
+                if (!res.headersSent) {
+                    res.status(401).json({error: result.error})
+                }
+            } else {
+                res.status(200).json({
+                    user_id: result.user.id,
+                    email: result.user.email,
+                    metadata: result.user.user_metadata
+                })
+            }
+        } catch (error) {
+            console.error('Error in /api/user:', error);
+            if (!res.headersSent) {
+                res.status(500).json({error: 'Internal server error'});
+            }
+        }
+    });
+
+    // Swagger UI endpoints
+    childApp.use('/api-docs', swaggerUi.serve);
+    childApp.get('/api-docs', swaggerUi.setup(specs, {
+        swaggerOptions: {
+            urls: [
+                {
+                    url: '/swagger.json',
+                    name: 'JSON',
+                },
+            ],
+        },
+    }));
+
+    // OpenAPI spec endpoint
+    childApp.get('/swagger.json', (req: Request, res: Response) => {
+        res.setHeader('Content-Type', 'application/json');
+        res.send(specs);
+    });
+
+    const port = parseInt(process.env.PORT || '3000', 10);
+    console.log(`> Ready on port ${port}`);
+
+    const authenticate = async (req: Request, res: Response, next: () => void) => {
+        if (req.headers["x-token"]) {
+            const auth = await requireBotApiToken(req, res);
+            if (!auth) return;
+            req.tokenAuth = auth;
+        } else {
+            const principal = await requireUser(req, res, true);
+            if (principal.error) return;
+            req.userAuth = {id: principal.user.id, email: principal.user.email};
+        }
+        next();
+    };
+
+    rootApp.use('/api/org', authenticate);
+    rootApp.use('/api/boards', authenticate);
+    rootApp.use('/api/snapshots', authenticate);
+    rootApp.use('/api/takesnapshot', authenticate);
+    rootApp.use('/api/replay', authenticate);
+
+    rootApp.use('/api/org', async (req: Request, res: Response, next) => {
+        const boardMatch = req.path.match(/^\/([^/]+)\/boards\/([^/]+)\//);
+        if (!boardMatch) return next();
+
+        const [, orgId, boardId] = boardMatch;
+        const caller: CallerContext = req.tokenAuth
+            ? {kind: 'token', organizationId: req.tokenAuth.organizationId}
+            : {kind: 'user', userId: req.userAuth!.id};
+
+        const result = await isOrgLicenseActive(orgId, boardId, caller);
+        if (!result.active) return res.status(403).json({error: 'license_inactive', reason: result.reason});
+
+        next();
+    });
+
+    rootApp.use((req: Request, _res: Response, next) => {
+        console.log(`[${req.method}] ${req.path}`);
+        next();
+    });
+
+    const backendUrl = process.env.BACKEND_URL;
+    // Load oauthProvider from the same compiled dist module that routes.js uses,
+    // so both share the same in-memory pendingAuths/authCodes Maps.
+    const providerPath = join(__dirname, 'dist/src/slices/mcp/SupabaseOAuthProvider.js');
+    const {oauthProvider} = await import(providerPath) as {oauthProvider: SupabaseOAuthProvider};
+    rootApp.use(express.json());
+    rootApp.use(mcpAuthRouter({
+        provider: oauthProvider,
+        issuerUrl: new URL(backendUrl),
+        resourceServerUrl: new URL(`${backendUrl}/mcp`),
+        scopesSupported: ['mcp:tools'],
+    }));
+
+    rootApp.use(childApp)
+    // Start the main application
+    startAPI(rootApp, {port: port});
+
+    process.on('unhandledRejection', (reason, promise) => {
+        console.error('⛔ Unhandled Rejection:', reason);
+        if (reason instanceof Error && reason.stack) {
+            console.error('Stack trace:\n', reason.stack);
+        }
+    });
+}
+
+startServer().catch(error => {
+    console.error('Failed to start server:', error);
+    process.exit(1);
+});

package/templates/root/setup-env.sh

@@ -0,0 +1,55 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+prompt() {
+  local var_name="$1"
+  local prompt_text="$2"
+  local value
+  read -rp "$prompt_text: " value
+  if [[ -z "$value" ]]; then
+    echo "Error: $var_name cannot be empty." >&2
+    exit 1
+  fi
+  echo "$value"
+}
+
+prompt_secret() {
+  local var_name="$1"
+  local prompt_text="$2"
+  local value
+  read -rsp "$prompt_text: " value
+  echo "" >&2
+  if [[ -z "$value" ]]; then
+    echo "Error: $var_name cannot be empty." >&2
+    exit 1
+  fi
+  echo "$value"
+}
+
+echo "=== Supabase .env setup ==="
+echo ""
+
+PROJECT_ID=$(prompt SUPABASE_PROJECT_ID "Supabase Project ID")
+DB_PASSWORD=$(prompt_secret SUPABASE_DB_PASSWORD "Database Password")
+PUBLISHABLE_KEY=$(prompt_secret SUPABASE_PUBLISHABLE_KEY "Supabase Publishable Key")
+SECRET_KEY=$(prompt_secret SUPABASE_SECRET_KEY "Supabase Secret Key")
+BACKEND_URL=$(prompt BACKEND_URL "Backend URL (e.g. https://api.yourapp.com)")
+CORS_ORIGINS=$(prompt CORS_ORIGINS "Allowed CORS origins, comma-separated (e.g. https://app.yourapp.com)")
+
+cat > .env <<EOF
+SUPABASE_URL=https://${PROJECT_ID}.supabase.co
+SUPABASE_PUBLISHABLE_KEY=${PUBLISHABLE_KEY}
+SUPABASE_DB_URL=postgresql://postgres.${PROJECT_ID}:${DB_PASSWORD}@aws-1-eu-central-1.pooler.supabase.com:5432/postgres?prepareThreshold=0
+SUPABASE_SECRET_KEY=${SECRET_KEY}
+
+BACKEND_URL=${BACKEND_URL}
+CORS_ORIGINS=${CORS_ORIGINS}
+
+# Flyway configuration
+FLYWAY_URL=jdbc:postgresql://aws-1-eu-west-1.pooler.supabase.com:6543/postgres?user=postgres.${PROJECT_ID}&password=${DB_PASSWORD}
+FLYWAY_USER=postgres.${PROJECT_ID}
+FLYWAY_PASSWORD=${DB_PASSWORD}
+EOF
+
+echo ""
+echo ".env created successfully."

package/templates/root/src/common/assertions.ts

@@ -0,0 +1,6 @@
+export function assertNotEmpty<T>(value: T): NonNullable<T> {
+    if (value === null || value === undefined) {
+        throw new Error("Expected non-empty value");
+    }
+    return value!!;
+}

package/templates/root/src/common/db.ts

@@ -0,0 +1,32 @@
+import knex, {Knex} from "knex";
+import pg from "pg";
+
+export const postgresUrl = process.env.SUPABASE_DB_URL ?? "missing-url"
+
+let knexInstance: Knex | null = null;
+let sharedPool: pg.Pool | null = null;
+
+export const getKnexInstance = (): Knex => {
+    if (!knexInstance) {
+        knexInstance = knex({
+            client: 'pg',
+            connection: postgresUrl,
+            pool: { min: 0, max: 5 },
+        });
+    }
+    return knexInstance;
+};
+
+export const getSharedPool = (): pg.Pool => {
+    if (!sharedPool) {
+        sharedPool = new pg.Pool({ connectionString: postgresUrl, max: 5 });
+    }
+    return sharedPool;
+};
+
+export const closeDb = async (): Promise<void> => {
+    await knexInstance?.destroy();
+    await sharedPool?.end();
+    knexInstance = null;
+    sharedPool = null;
+};

package/templates/root/src/common/loadPostgresEventstore.ts

@@ -0,0 +1,39 @@
+import {getPostgreSQLEventStore} from "@event-driven-io/emmett-postgresql";
+import {projections} from "@event-driven-io/emmett";
+import {postgresUrl, getSharedPool} from "./db";
+import {CreatedOrganizationsProjection} from "../slices/organization/CreatedOrganizations/CreatedOrganizationsProjection";
+import {OrganizationLicenseProjection} from "../slices/organization/OrganizationLicense/OrganizationLicenseProjection";
+import {InvitesProjection} from "../slices/organization/Invites/InvitesProjection";
+import {OrganizationBoardsProjection} from "../slices/organization/OrganizationBoards/OrganizationBoardsProjection";
+import {ActiveTokensProjection} from "../slices/organization/ActiveTokens/ActiveTokensProjection";
+import {LicenseSeatsProjection} from "../slices/organization/LicenseSeats/LicenseSeatsProjection";
+import {UserOrganizationsProjection} from "../slices/organization/UserOrganizations/UserOrganizationsProjection";
+import {EnabledUsersProjection} from "../slices/beta/EnabledUsers/EnabledUsersProjection";
+
+let eventStoreInstance: ReturnType<typeof getPostgreSQLEventStore> | null = null;
+
+export const findEventstore = async () => {
+    if (!eventStoreInstance) {
+        eventStoreInstance = getPostgreSQLEventStore(postgresUrl, {
+            schema: {
+                autoMigration: "CreateOrUpdate"
+            },
+            connectionOptions: {
+                pooled: true,
+                pool: getSharedPool(),
+            },
+            projections: projections.inline([
+                CreatedOrganizationsProjection,
+                OrganizationLicenseProjection,
+                InvitesProjection,
+                OrganizationBoardsProjection,
+                ActiveTokensProjection,
+                LicenseSeatsProjection,
+                UserOrganizationsProjection,
+                EnabledUsersProjection,
+            ]),
+        });
+        await eventStoreInstance.schema.migrate();
+    }
+    return eventStoreInstance;
+};

package/templates/root/src/common/parseEndpoint.ts

@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) 2025 Nebulit GmbH
+ * Licensed under the MIT License.
+ */
+
+const serviceURI = "http://localhost:3000"
+
+export function parseEndpoint(endpoint: string, data?: any) {
+    var parsedEndpoint = endpoint?.startsWith("/") ? endpoint.substring(1) : endpoint
+    return serviceURI + "/" + lowercaseFirstCharacter(parsedEndpoint).replace(/{(\w+)}/g, (match, param) => {
+        return param && data && data[param] !== undefined ? data[param] : match;
+    })
+}
+
+
+export function parseQueryEndpoint(
+    endpoint: string,
+    queries?: Record<string, string>
+) {
+    const parsedEndpoint = endpoint.startsWith("/")
+        ? endpoint.substring(1)
+        : endpoint;
+
+    const basePath =
+        serviceURI + "/api/query/" + parsedEndpoint;
+
+    const queryString = queries
+        ? "?" + new URLSearchParams(filterEmptyEntries(queries)).toString()
+        : "";
+
+    return basePath + queryString;
+}
+
+function filterEmptyEntries(queries?: Record<string, string>): Record<string, string> {
+    if (!queries) return {};
+    return Object.fromEntries(
+        Object.entries(queries).filter(([key, value]) => value !== "")
+    );
+}
+
+
+function lowercaseFirstCharacter(inputString: string) {
+    // Check if the string is not empty
+    if (inputString?.length > 0) {
+        // Capitalize the first character and concatenate the rest of the string
+        return inputString.charAt(0).toLowerCase() + inputString.substring(1);
+    } else {
+        // Return an empty string if the input is empty
+        return "";
+    }
+}

package/templates/root/src/common/processorDlq.ts

@@ -0,0 +1,28 @@
+import {getKnexInstance} from './db';
+import type {AnyRecordedMessageMetadata, RecordedMessage} from '@event-driven-io/emmett';
+
+export const storeDlqMessage = async (
+    processorId: string,
+    message: RecordedMessage<any, AnyRecordedMessageMetadata>,
+    error: unknown,
+): Promise<void> => {
+
+    try {
+        console.log(`Processing DLQ ${JSON.stringify({ type: message.type, data: message.data, metadata: message.metadata } , (key, value) =>
+            typeof value === 'bigint' ? value.toString() : value
+        )}`)
+        await getKnexInstance()('processor_dlq').insert({
+            processor_id: processorId,
+            stream_id: message.metadata.streamName,
+            event:  JSON.parse(
+                JSON.stringify({ type: message.type, data: message.data, metadata: message.metadata } , (key, value) =>
+                    typeof value === 'bigint' ? value.toString() : value
+                )
+            ),
+            error: error instanceof Error ? error.message : String(error),
+        });
+    } catch (dlqError) {
+        console.error('Failed to write to processor_dlq:', dlqError);
+    }
+};
+

package/templates/root/src/common/realtimeBroadcast.ts

@@ -0,0 +1,19 @@
+const url = `${process.env.SUPABASE_URL}/realtime/v1/api/broadcast`;
+const key = process.env.SUPABASE_SECRET_KEY!;
+
+export async function broadcastRealtime(topic: string, event: string, payload: unknown, privateChannel = true): Promise<void> {
+    const res = await fetch(url, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+            'Authorization': `Bearer ${key}`,
+            'apikey': key,
+        },
+        body: JSON.stringify({
+            messages: [{ topic, event, payload, private: privateChannel }],
+        }),
+    });
+    if (!res.ok) {
+        throw new Error(`realtime broadcast failed: ${res.status} ${await res.text()}`);
+    }
+}

package/templates/root/src/common/replay.ts

@@ -0,0 +1,16 @@
+import {PostgreSQLProjectionDefinition, rebuildPostgreSQLProjections} from "@event-driven-io/emmett-postgresql";
+import {postgresUrl} from "./db";
+import {glob} from "glob";
+import path from "path";
+
+const slicesRoot = path.resolve(__dirname, '../slices');
+
+export const replayProjection = async (projectionName: string): Promise<void> => {
+    const [filePath] = await glob(`**/${projectionName}.{ts|js}`, {cwd: slicesRoot, absolute: true});
+    if (!filePath) throw new Error(`Projection not found: ${projectionName}`);
+
+    const projectionImport = await import(filePath);
+    const projection: PostgreSQLProjectionDefinition = projectionImport[projectionName];
+
+    return rebuildPostgreSQLProjections({projection, connectionString: postgresUrl}).start();
+}

package/templates/root/src/common/routes.ts

@@ -0,0 +1,19 @@
+import {Request, Response, Router} from 'express';
+import {WebApiSetup} from "@event-driven-io/emmett-expressjs";
+import {assertNotEmpty} from "../util/assertions";
+import {replayProjection} from "./replay";
+
+
+export const api =
+    (
+        // external dependencies
+    ): WebApiSetup =>
+        (router: Router): void => {
+
+            router.post('/api/replay/:projection', async (req: Request, res: Response) => {
+                const projection = assertNotEmpty(req.params.projection)
+                await replayProjection(projection)
+                res.status(200).json({"projection":projection})
+            });
+        };
+

package/templates/root/src/common/testHelpers.ts

@@ -0,0 +1,54 @@
+import {execSync} from 'child_process';
+import {readFileSync, writeFileSync, unlinkSync} from 'fs';
+import {tmpdir} from 'os';
+import {join} from 'path';
+import knex from 'knex';
+
+export async function runFlywayMigrations(connectionString: string): Promise<void> {
+    const stubsPath = join(process.cwd(), 'supabase', 'migrations', '_V0__supabase_stubs.sql');
+    const stubsSql = readFileSync(stubsPath, 'utf8');
+    const db = knex({client: 'pg', connection: connectionString});
+    try {
+        await db.raw(stubsSql);
+    } finally {
+        await db.destroy();
+    }
+
+    const url = new URL(connectionString);
+    const jdbcUrl = `jdbc:postgresql://${url.hostname}:${url.port || 5432}${url.pathname}`;
+    const user = url.username;
+    const password = url.password;
+
+    const tempConfigPath = join(tmpdir(), `flyway-test-${Date.now()}.conf`);
+    const migrationsPath = join(process.cwd(), 'supabase', 'migrations');
+
+    const config = `
+flyway.url=${jdbcUrl}
+flyway.user=${user}
+flyway.password=${password}
+flyway.locations=filesystem:${migrationsPath}
+flyway.schemas=public
+flyway.placeholderReplacement=false
+flyway.validateOnMigrate=true
+flyway.cleanDisabled=false
+`;
+
+    try {
+        writeFileSync(tempConfigPath, config, 'utf8');
+        execSync(`flyway -configFiles=${tempConfigPath} migrate`, {
+            stdio: 'pipe',
+            encoding: 'utf8'
+        });
+    } catch (error: any) {
+        console.error('Flyway migration failed:', error.message);
+        if (error.stdout) console.error('STDOUT:', error.stdout);
+        if (error.stderr) console.error('STDERR:', error.stderr);
+        throw new Error(`Flyway migration failed: ${error.message}`);
+    } finally {
+        try {
+            unlinkSync(tempConfigPath);
+        } catch {
+            // ignore
+        }
+    }
+}

package/templates/root/src/slices/example/routes.ts

@@ -0,0 +1,134 @@
+import {Request, Response, Router} from 'express';
+import {WebApiSetup} from '@event-driven-io/emmett-expressjs';
+import {getKnexInstance} from '../../common/db';
+import {requireUser} from '../../supabase/requireUser';
+import {assertNotEmpty} from '../../util/assertions';
+
+export const api = (): WebApiSetup => (router: Router): void => {
+
+    /**
+     * @openapi
+     * /api/org/{orgId}/examples:
+     *   get:
+     *     summary: List all examples for an organization
+     *     tags: [Example]
+     *     security:
+     *       - bearerAuth: []
+     *     parameters:
+     *       - in: path
+     *         name: orgId
+     *         required: true
+     *         schema: { type: string }
+     *     responses:
+     *       200:
+     *         description: List of examples
+     *       401:
+     *         description: Unauthorized
+     */
+    router.get('/api/org/:orgId/examples', async (req: Request, res: Response) => {
+        const auth = await requireUser(req, res);
+        if (auth.error) return;
+
+        const {orgId} = req.params;
+        const db = getKnexInstance();
+
+        const rows = await db('examples').where({organization_id: orgId}).select('*');
+        res.status(200).json(rows);
+    });
+
+    /**
+     * @openapi
+     * /api/org/{orgId}/examples:
+     *   post:
+     *     summary: Create a new example
+     *     tags: [Example]
+     *     security:
+     *       - bearerAuth: []
+     *     parameters:
+     *       - in: path
+     *         name: orgId
+     *         required: true
+     *         schema: { type: string }
+     *     requestBody:
+     *       required: true
+     *       content:
+     *         application/json:
+     *           schema:
+     *             type: object
+     *             required: [name]
+     *             properties:
+     *               name:
+     *                 type: string
+     *     responses:
+     *       201:
+     *         description: Example created
+     *       400:
+     *         description: name is required
+     *       401:
+     *         description: Unauthorized
+     */
+    router.post('/api/org/:orgId/examples', async (req: Request, res: Response) => {
+        const auth = await requireUser(req, res);
+        if (auth.error) return;
+
+        const {orgId} = req.params;
+        const {name} = req.body as {name?: string};
+
+        if (!name) {
+            res.status(400).json({error: 'name is required'});
+            return;
+        }
+
+        const db = getKnexInstance();
+        const [row] = await db('examples')
+            .insert({organization_id: orgId, name, created_by: auth.user.id})
+            .returning('*');
+
+        res.status(201).json(row);
+    });
+
+    /**
+     * @openapi
+     * /api/org/{orgId}/examples/{id}:
+     *   delete:
+     *     summary: Delete an example by id
+     *     tags: [Example]
+     *     security:
+     *       - bearerAuth: []
+     *     parameters:
+     *       - in: path
+     *         name: orgId
+     *         required: true
+     *         schema: { type: string }
+     *       - in: path
+     *         name: id
+     *         required: true
+     *         schema: { type: string }
+     *     responses:
+     *       200:
+     *         description: Example deleted
+     *       401:
+     *         description: Unauthorized
+     *       404:
+     *         description: Not found
+     */
+    router.delete('/api/org/:orgId/examples/:id', async (req: Request, res: Response) => {
+        const auth = await requireUser(req, res);
+        if (auth.error) return;
+
+        const orgId = assertNotEmpty(req.params.orgId);
+        const id = assertNotEmpty(req.params.id);
+
+        const db = getKnexInstance();
+        const deleted = await db('examples')
+            .where({id, organization_id: orgId})
+            .delete();
+
+        if (!deleted) {
+            res.status(404).json({error: 'not found'});
+            return;
+        }
+
+        res.status(200).json({ok: true});
+    });
+};