@fleetbase/registry-bridge-engine 0.1.4 → 0.1.6

package/server/src/Http/Controllers/Internal/v1/RegistryAuthController.php

@@ -8,6 +8,7 @@ use Fleetbase\RegistryBridge\Http\Requests\AddRegistryUserRequest;
 use Fleetbase\RegistryBridge\Http\Requests\AuthenticateRegistryUserRequest;
 use Fleetbase\RegistryBridge\Http\Requests\RegistryAuthRequest;
 use Fleetbase\RegistryBridge\Http\Resources\RegistryUser as RegistryUserResource;
+use Fleetbase\RegistryBridge\Models\RegistryDeveloperAccount;
 use Fleetbase\RegistryBridge\Models\RegistryExtension;
 use Fleetbase\RegistryBridge\Models\RegistryUser;
 use Fleetbase\RegistryBridge\Support\Bridge;
@@ -88,34 +89,59 @@ class RegistryAuthController extends Controller
         $identity = $request->input('identity');
         $password = $request->input('password');
 
-        // Find user by email or username
+        // First, try to find a cloud user
         $user = User::where(function ($query) use ($identity) {
             $query->where('email', $identity)->orWhere('phone', $identity)->orWhere('username', $identity);
         })->first();
 
-        // Authenticate user with password
-        if (Auth::isInvalidPassword($password, $user->password)) {
+        if ($user && Auth::isValidPassword($password, $user->password)) {
+            // Cloud user authentication
+            $registryUser = RegistryUser::firstOrCreate(
+                [
+                    'company_uuid' => $user->company_uuid,
+                    'user_uuid'    => $user->uuid,
+                ],
+                [
+                    'account_type' => 'cloud',
+                    'scope'        => '*',
+                    'expires_at'   => now()->addYear(),
+                    'name'         => $user->public_id . ' developer token',
+                ]
+            );
+
+            return new RegistryUserResource($registryUser);
+        }
+
+        // If not a cloud user, try Registry Developer Account
+        $developerAccount = RegistryDeveloperAccount::where(function ($query) use ($identity) {
+            $query->where('email', $identity)->orWhere('username', $identity);
+        })->first();
+
+        if (!$developerAccount) {
             return response()->error('Invalid credentials.', 401);
         }
 
-        // Get existing token for current user
-        $registryUser = RegistryUser::where(['company_uuid' => $user->company_uuid, 'user_uuid' => $user->uuid])->first();
-        if (!$registryUser) {
-            // Create registry user
-            $registryUser = RegistryUser::create([
-                'company_uuid' => $user->company_uuid,
-                'user_uuid'    => $user->uuid,
-                'scope'        => '*',
-                'expires_at'   => now()->addYear(),
-                'name'         => $user->public_id . ' developer token',
-            ]);
+        if ($developerAccount->status !== 'active') {
+            return response()->error('Account is not active. Please verify your email.', 401);
         }
 
-        // If no token response with error
-        if (!$registryUser) {
-            return response()->error('Unable to authenticate.');
+        if (Auth::isInvalidPassword($password, $developerAccount->password)) {
+            return response()->error('Invalid credentials.', 401);
         }
 
+        // Developer account authentication
+        $registryUser = RegistryUser::firstOrCreate(
+            [
+                'developer_account_uuid' => $developerAccount->uuid,
+            ],
+            [
+                'account_type' => 'developer',
+                'scope'        => '*',
+                'expires_at'   => now()->addYear(),
+                'name'         => $developerAccount->username . ' developer token',
+            ]
+        );
+
         return new RegistryUserResource($registryUser);
     }
 
@@ -266,29 +292,53 @@ class RegistryAuthController extends Controller
 
         // Find package
         $extension = RegistryExtension::findByPackageName($package);
+
         if (!$extension) {
-            return response()->error('Attempting to publish extension which has no record.', 401);
+            // First time publishing - create extension record
+            $publisherUuid = $registryUser->isDeveloperAccount()
+                ? $registryUser->developer_account_uuid
+                : $registryUser->company_uuid;
+
+            $extension = RegistryExtension::create([
+                'uuid'             => (string) Str::uuid(),
+                'package_name'     => $package,
+                'publisher_type'   => $registryUser->account_type,
+                'publisher_uuid'   => $publisherUuid,
+                'company_uuid'     => $registryUser->company_uuid, // Keep for backwards compatibility
+                'status'           => 'published',
+                'payment_required' => false, // Default to free
+            ]);
+
+            return response()->json(['allowed' => true]);
         }
 
-        // If user is not admin respond with error
-        // For now only admin is allowed to publish to registry
-        // This may change in the future with approval/reject flow
-        if ($registryUser->isNotAdmin()) {
-            return response()->error('User is not allowed publish to the registry.', 401);
+        // Check ownership
+        if ($registryUser->isCloudAccount()) {
+            if ($extension->publisher_type === 'cloud' && $extension->publisher_uuid !== $registryUser->company_uuid) {
+                return response()->error('You do not own this extension.', 403);
+            }
+        } elseif ($registryUser->isDeveloperAccount()) {
+            if ($extension->publisher_type === 'developer' && $extension->publisher_uuid !== $registryUser->developer_account_uuid) {
+                return response()->error('You do not own this extension.', 403);
+            }
         }
 
-        // Extension should be approved
-        if (!in_array($extension->status, ['approved', 'published'])) {
-            return response()->error('Attempting to publish extension which is not approved.', 401);
+        // If publisher types don't match, deny access
+        if ($extension->publisher_type !== $registryUser->account_type) {
+            return response()->error('Account type mismatch for this extension.', 403);
         }
 
-        // Change status to published
+        // Update extension status
         if ($action === 'publish') {
             $extension->update(['status' => 'published']);
-            $extension->currentBundle()->update(['status' => 'published']);
+            if ($extension->currentBundle) {
+                $extension->currentBundle->update(['status' => 'published']);
+            }
         } elseif ($action === 'unpublish') {
             $extension->update(['status' => 'unpublished']);
-            $extension->currentBundle()->update(['status' => 'unpublished']);
+            if ($extension->currentBundle) {
+                $extension->currentBundle->update(['status' => 'unpublished']);
+            }
         }
 
         // Passed all checks

package/server/src/Http/Controllers/Internal/v1/RegistryDeveloperAccountController.php

@@ -0,0 +1,355 @@
+<?php
+
+namespace Fleetbase\RegistryBridge\Http\Controllers\Internal\v1;
+
+use Fleetbase\Http\Controllers\Controller;
+use Fleetbase\Models\VerificationCode;
+use Fleetbase\RegistryBridge\Models\RegistryDeveloperAccount;
+use Fleetbase\RegistryBridge\Models\RegistryUser;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Hash;
+use Illuminate\Support\Facades\Validator;
+use Illuminate\Support\Str;
+
+class RegistryDeveloperAccountController extends Controller
+{
+    /**
+     * Register a new Registry Developer Account.
+     *
+     * @return \Illuminate\Http\JsonResponse
+     */
+    public function register(Request $request)
+    {
+        $validator = Validator::make($request->all(), [
+            'username' => 'required|string|min:3|max:255|unique:registry_developer_accounts,username|regex:/^[a-zA-Z0-9_-]+$/',
+            'email'    => 'required|email|unique:registry_developer_accounts,email',
+            'password' => 'required|string|min:8',
+            'name'     => 'nullable|string|max:255',
+        ]);
+
+        if ($validator->fails()) {
+            return response()->json([
+                'errors' => $validator->errors(),
+            ], 422);
+        }
+
+        $validated = $validator->validated();
+
+        $account = RegistryDeveloperAccount::create([
+            'uuid'               => (string) Str::uuid(),
+            'username'           => $validated['username'],
+            'email'              => $validated['email'],
+            'password'           => Hash::make($validated['password']),
+            'name'               => $validated['name'] ?? $validated['username'],
+            'status'             => 'pending_verification',
+            'verification_token' => Str::random(64),
+        ]);
+
+        // Send verification email
+        $this->sendVerificationEmail($account);
+
+        return response()->json([
+            'status'  => 'success',
+            'message' => 'Account created successfully. Please check your email to verify your account.',
+            'account' => [
+                'uuid'     => $account->uuid,
+                'username' => $account->username,
+                'email'    => $account->email,
+            ],
+        ], 201);
+    }
+
+    /**
+     * Verify email address using verification code.
+     *
+     * @return \Illuminate\Http\JsonResponse
+     */
+    public function verifyEmail(Request $request)
+    {
+        $code  = $request->input('code');
+        $email = $request->input('email');
+
+        if (!$code || !$email) {
+            return response()->error('Verification code and email are required.', 400);
+        }
+
+        // Find the account
+        $account = RegistryDeveloperAccount::where('email', $email)->first();
+
+        if (!$account) {
+            return response()->error('Account not found.', 404);
+        }
+
+        if ($account->isActive()) {
+            return response()->json([
+                'status'  => 'success',
+                'message' => 'Email already verified.',
+            ]);
+        }
+
+        // Find the verification code
+        $verificationCode = VerificationCode::where('subject_uuid', $account->uuid)
+            ->where('subject_type', RegistryDeveloperAccount::class)
+            ->where('for', 'registry_developer_account_verification')
+            ->where('code', $code)
+            ->whereIn('status', ['pending', null])  // Support both pending and NULL status
+            ->first();
+
+        if (!$verificationCode) {
+            return response()->error('Invalid or expired verification code.', 400);
+        }
+
+        // Check if code is expired
+        if ($verificationCode->hasExpired()) {
+            return response()->error('Verification code has expired.', 400);
+        }
+
+        // Mark as verified
+        $account->markEmailAsVerified();
+        $verificationCode->update(['status' => 'used']);
+
+        // Generate registry token for the developer account
+        $token = RegistryUser::generateToken();
+
+        $registryUser = RegistryUser::firstOrCreate(
+            [
+                'developer_account_uuid' => $account->uuid,
+                'account_type'           => 'developer',
+            ],
+            [
+                'token' => $token,
+                'name'  => $account->name,
+            ]
+        );
+
+        // If registry user already exists, update the token
+        if (!$registryUser->wasRecentlyCreated) {
+            $registryUser->update(['token' => $token]);
+        }
+
+        return response()->json([
+            'status'  => 'success',
+            'message' => 'Email verified successfully. You can now log in.',
+            'token'   => $token,
+        ]);
+    }
+
+    /**
+     * Resend verification email.
+     *
+     * @return \Illuminate\Http\JsonResponse
+     */
+    public function resendVerification(Request $request)
+    {
+        $email = $request->input('email');
+
+        if (!$email) {
+            return response()->error('Email is required.', 400);
+        }
+
+        $account = RegistryDeveloperAccount::where('email', $email)->first();
+
+        if (!$account) {
+            return response()->error('Account not found.', 404);
+        }
+
+        if ($account->isActive()) {
+            return response()->json([
+                'status'  => 'success',
+                'message' => 'Email already verified.',
+            ]);
+        }
+
+        // Generate new token
+        $account->generateVerificationToken();
+
+        // Resend verification email
+        $this->sendVerificationEmail($account);
+
+        return response()->json([
+            'status'  => 'success',
+            'message' => 'Verification email sent.',
+        ]);
+    }
+
+    /**
+     * Get account profile.
+     *
+     * @return \Illuminate\Http\JsonResponse
+     */
+    public function profile(Request $request)
+    {
+        // This would require middleware to authenticate the user
+        // For now, we'll accept a token parameter
+        $token = $request->bearerToken() ?? $request->input('token');
+
+        if (!$token) {
+            return response()->error('Authentication required.', 401);
+        }
+
+        $registryUser = RegistryUser::findFromToken($token);
+
+        if (!$registryUser || $registryUser->account_type !== 'developer') {
+            return response()->error('Invalid token or not a developer account.', 403);
+        }
+
+        $account = $registryUser->developerAccount;
+
+        if (!$account) {
+            return response()->error('Developer account not found.', 404);
+        }
+
+        return response()->json([
+            'uuid'              => $account->uuid,
+            'username'          => $account->username,
+            'email'             => $account->email,
+            'name'              => $account->name,
+            'avatar_url'        => $account->avatar_url,
+            'github_username'   => $account->github_username,
+            'website'           => $account->website,
+            'bio'               => $account->bio,
+            'status'            => $account->status,
+            'email_verified_at' => $account->email_verified_at,
+            'created_at'        => $account->created_at,
+        ]);
+    }
+
+    /**
+     * Update account profile.
+     *
+     * @return \Illuminate\Http\JsonResponse
+     */
+    public function updateProfile(Request $request)
+    {
+        $token = $request->bearerToken() ?? $request->input('token');
+
+        if (!$token) {
+            return response()->error('Authentication required.', 401);
+        }
+
+        $registryUser = RegistryUser::findFromToken($token);
+
+        if (!$registryUser || $registryUser->account_type !== 'developer') {
+            return response()->error('Invalid token or not a developer account.', 403);
+        }
+
+        $account = $registryUser->developerAccount;
+
+        if (!$account) {
+            return response()->error('Developer account not found.', 404);
+        }
+
+        $validator = Validator::make($request->all(), [
+            'name'            => 'nullable|string|max:255',
+            'avatar_url'      => 'nullable|url|max:500',
+            'github_username' => 'nullable|string|max:255',
+            'website'         => 'nullable|url|max:500',
+            'bio'             => 'nullable|string|max:1000',
+        ]);
+
+        if ($validator->fails()) {
+            return response()->json([
+                'errors' => $validator->errors(),
+            ], 422);
+        }
+
+        $account->update($validator->validated());
+
+        return response()->json([
+            'status'  => 'success',
+            'message' => 'Profile updated successfully.',
+            'account' => $account,
+        ]);
+    }
+
+    /**
+     * Generate or regenerate registry token for authenticated developer account.
+     *
+     * @return \Illuminate\Http\JsonResponse
+     */
+    public function generateToken(Request $request)
+    {
+        $email    = $request->input('email');
+        $password = $request->input('password');
+
+        if (!$email || !$password) {
+            return response()->error('Email and password are required.', 400);
+        }
+
+        // Find the account
+        $account = RegistryDeveloperAccount::where('email', $email)->first();
+
+        if (!$account) {
+            return response()->error('Account not found.', 404);
+        }
+
+        // Verify password
+        if (!Hash::check($password, $account->password)) {
+            return response()->error('Invalid credentials.', 401);
+        }
+
+        // Check if account is active
+        if (!$account->isActive()) {
+            return response()->error('Account is not active. Please verify your email first.', 403);
+        }
+
+        // Generate new token
+        $token = RegistryUser::generateToken();
+
+        // Find or create registry user
+        $registryUser = RegistryUser::firstOrCreate(
+            [
+                'developer_account_uuid' => $account->uuid,
+                'account_type'           => 'developer',
+            ],
+            [
+                'token' => $token,
+                'name'  => $account->name,
+            ]
+        );
+
+        // If registry user already exists, regenerate the token
+        if (!$registryUser->wasRecentlyCreated) {
+            $registryUser->update(['token' => $token]);
+        }
+
+        return response()->json([
+            'status'  => 'success',
+            'message' => $registryUser->wasRecentlyCreated ? 'Token generated successfully.' : 'Token regenerated successfully.',
+            'token'   => $token,
+        ]);
+    }
+
+    /**
+     * Send verification email to the account.
+     *
+     * @return void
+     */
+    private function sendVerificationEmail(RegistryDeveloperAccount $account)
+    {
+        try {
+            VerificationCode::generateEmailVerificationFor(
+                $account,
+                'registry_developer_account_verification',
+                [
+                    'subject' => 'Verify your Registry Developer Account',
+                    'content' => function ($verificationCode) use ($account) {
+                        return "Hello {$account->name},\n\n" .
+                               "Thank you for registering a Registry Developer Account!\n\n" .
+                               "Your verification code is: {$verificationCode->code}\n\n" .
+                               "To verify your account, copy and paste this command into your terminal:\n\n" .
+                               "flb verify -e {$account->email} -c {$verificationCode->code}\n\n" .
+                               "This code will expire in 1 hour.\n\n" .
+                               'If you did not create this account, please ignore this email.';
+                    },
+                ]
+            );
+        } catch (\Exception $e) {
+            // Log the error but don't fail registration
+            logger()->error('Failed to send verification email', [
+                'email' => $account->email,
+                'error' => $e->getMessage(),
+            ]);
+        }
+    }
+}

package/server/src/Http/Controllers/Internal/v1/RegistryExtensionController.php

@@ -23,6 +23,34 @@ class RegistryExtensionController extends RegistryBridgeController
      */
     public $resource = 'registry_extension';
 
+    /**
+     * Display a public list of all published extensions.
+     *
+     * This endpoint is publicly accessible and returns all extensions with a status of 'published'.
+     * The results are cached for 15 minutes to improve performance and reduce database load.
+     * This endpoint is designed to be called by self-hosted instances to discover available extensions.
+     *
+     * @param Request $request the incoming HTTP request
+     *
+     * @return \Illuminate\Http\JsonResponse the collection of published extensions
+     */
+    public function listPublicExtensions(Request $request)
+    {
+        $cacheKey = 'public-extensions-list';
+        $cacheTtl = now()->addMinutes(15);
+
+        $extensions = \Illuminate\Support\Facades\Cache::remember($cacheKey, $cacheTtl, function () {
+            return RegistryExtension::where('status', 'published')
+                ->with(['author', 'category', 'currentBundle'])
+                ->orderBy('install_count', 'desc')
+                ->get();
+        });
+
+        $this->resource::wrap('registryExtensions');
+
+        return $this->resource::collection($extensions);
+    }
+
     /**
      * Creates a record with request payload.
      *

package/server/src/Http/Controllers/Internal/v1/RegistryPaymentsController.php

@@ -162,25 +162,56 @@ class RegistryPaymentsController extends Controller
             $extension->flushCache();
         }
 
+        // Determine purchaser (Company or RegistryDeveloperAccount)
+        $purchaser     = null;
+        $purchaserType = null;
+        $purchaserUuid = null;
+
+        // Check if authenticated via session (cloud user)
+        if (session('company')) {
+            $purchaserUuid = session('company');
+            $purchaserType = 'Fleetbase\\Models\\Company';
+        }
+        // Check if authenticated via bearer token (developer account)
+        elseif ($request->bearerToken()) {
+            $registryUser = \Fleetbase\RegistryBridge\Models\RegistryUser::where('token', $request->bearerToken())->first();
+            if ($registryUser && $registryUser->developer_account_uuid) {
+                $purchaserUuid = $registryUser->developer_account_uuid;
+                $purchaserType = 'Fleetbase\\RegistryBridge\\Models\\RegistryDeveloperAccount';
+            }
+        }
+
+        if (!$purchaserUuid || !$purchaserType) {
+            return response()->error('Unable to identify purchaser. Please ensure you are logged in.');
+        }
+
         // Check if already purchased
-        $purchaseRecordExists = RegistryExtensionPurchase::where(['company_uuid' => session('company'), 'extension_uuid' => $extension->uuid])->exists();
+        $purchaseRecordExists = RegistryExtensionPurchase::where([
+            'purchaser_uuid' => $purchaserUuid,
+            'purchaser_type' => $purchaserType,
+            'extension_uuid' => $extension->uuid,
+        ])->exists();
+
         if ($purchaseRecordExists) {
             return response()->json(['status' => 'purchase_complete', 'extension' => $extension]);
         }
 
-        $stripe          = Utils::getStripeClient();
+        $stripe = Utils::getStripeClient();
         try {
             $session = $stripe->checkout->sessions->retrieve($request->input('checkout_session_id'));
             if (isset($session->status) && $session->status === 'complete') {
                 RegistryExtensionPurchase::firstOrCreate(
                     [
-                        'company_uuid'   => session('company'),
+                        'purchaser_uuid' => $purchaserUuid,
+                        'purchaser_type' => $purchaserType,
                         'extension_uuid' => $extension->uuid,
                     ],
                     [
                         'stripe_checkout_session_id' => $session->id,
                         'stripe_payment_intent_id'   => $session->payment_intent,
                         'locked_price'               => $session->amount_total,
+                        // Keep company_uuid for backward compatibility if it's a company
+                        'company_uuid'               => $purchaserType === 'Fleetbase\\Models\\Company' ? $purchaserUuid : null,
                     ]
                 );
             }
@@ -224,4 +255,44 @@ class RegistryPaymentsController extends Controller
 
         return FleetbaseResource::collection($payments)->additional(['total_amount' => $totalPurchaseAmount]);
     }
+
+    /**
+     * Creates a Stripe account session for account management.
+     *
+     * This method creates a session that allows connected accounts to manage their account details,
+     * including updating bank account information, business details, and other settings.
+     *
+     * @param Request $request the incoming HTTP request
+     *
+     * @return \Illuminate\Http\JsonResponse returns a JSON response with the session's client secret or an error message
+     */
+    public function createAccountManagementSession(Request $request)
+    {
+        $stripe  = Utils::getStripeClient();
+        $company = Auth::getCompany();
+
+        if (!$company || !$company->stripe_connect_id) {
+            return response()->error('Stripe Connect account not found for this company.');
+        }
+
+        try {
+            $accountSession = $stripe->accountSessions->create([
+                'account'    => $company->stripe_connect_id,
+                'components' => [
+                    'account_management' => [
+                        'enabled'  => true,
+                        'features' => [
+                            'external_account_collection' => true,
+                        ],
+                    ],
+                ],
+            ]);
+
+            return response()->json([
+                'clientSecret' => $accountSession->client_secret,
+            ]);
+        } catch (\Exception $e) {
+            return response()->error($e->getMessage());
+        }
+    }
 }