@fyresmith/hive-server 4.0.0 → 5.0.0

package/lib/managedState.js

@@ -1,40 +1,130 @@
-import { randomBytes } from 'crypto';
+import { randomBytes, timingSafeEqual } from 'crypto';
 import { existsSync } from 'fs';
 import { mkdir, readFile, writeFile } from 'fs/promises';
-import { dirname, resolve, join } from 'path';
+import { dirname, join, resolve } from 'path';
 
-const STATE_VERSION = 1;
+const STATE_VERSION = 2;
 const STATE_REL_PATH = join('.hive', 'managed-state.json');
 
 function nowIso() {
   return new Date().toISOString();
 }
 
-function normalizeOwnerId(value) {
-  return String(value ?? '').trim();
+function compareHexConstantTime(expectedHex, actualHex) {
+  const expected = Buffer.from(String(expectedHex ?? ''), 'hex');
+  const actual = Buffer.from(String(actualHex ?? ''), 'hex');
+  if (expected.length === 0 || actual.length === 0) return false;
+  if (expected.length !== actual.length) return false;
+  return timingSafeEqual(expected, actual);
+}
+
+function assertNonEmptyString(value, fieldName) {
+  const out = String(value ?? '').trim();
+  if (!out) {
+    throw new Error(`[managed] Missing required field: ${fieldName}`);
+  }
+  return out;
+}
+
+function assertIsoDate(value, fieldName) {
+  const out = assertNonEmptyString(value, fieldName);
+  const ts = Date.parse(out);
+  if (!Number.isFinite(ts)) {
+    throw new Error(`[managed] Invalid ISO timestamp in ${fieldName}`);
+  }
+  return out;
+}
+
+function normalizeMember(raw) {
+  if (!raw || typeof raw !== 'object') {
+    throw new Error('[managed] Invalid member record');
+  }
+
+  return {
+    id: assertNonEmptyString(raw.id, 'members[].id'),
+    username: assertNonEmptyString(raw.username, 'members[].username'),
+    addedAt: assertIsoDate(raw.addedAt, 'members[].addedAt'),
+    addedBy: assertNonEmptyString(raw.addedBy, 'members[].addedBy'),
+    pendingBootstrapHash: String(raw.pendingBootstrapHash ?? '').trim() || null,
+    pendingBootstrapIssuedAt: String(raw.pendingBootstrapIssuedAt ?? '').trim() || null,
+    pendingBootstrapExpiresAt: String(raw.pendingBootstrapExpiresAt ?? '').trim() || null,
+  };
+}
+
+function normalizeInvite(raw) {
+  if (!raw || typeof raw !== 'object') {
+    throw new Error('[managed] Invalid invite record');
+  }
+
+  return {
+    code: assertNonEmptyString(raw.code, 'invites[].code'),
+    createdAt: assertIsoDate(raw.createdAt, 'invites[].createdAt'),
+    createdBy: assertNonEmptyString(raw.createdBy, 'invites[].createdBy'),
+    usedAt: String(raw.usedAt ?? '').trim() || null,
+    usedBy: String(raw.usedBy ?? '').trim() || null,
+    revokedAt: String(raw.revokedAt ?? '').trim() || null,
+    downloadTicketHash: String(raw.downloadTicketHash ?? '').trim() || null,
+    downloadTicketIssuedAt: String(raw.downloadTicketIssuedAt ?? '').trim() || null,
+    downloadTicketExpiresAt: String(raw.downloadTicketExpiresAt ?? '').trim() || null,
+    downloadTicketUsedAt: String(raw.downloadTicketUsedAt ?? '').trim() || null,
+  };
 }
 
 export function getManagedStatePath(vaultPath) {
-  const root = resolve(vaultPath);
-  return join(root, STATE_REL_PATH);
+  if (process.env.HIVE_STATE_PATH) {
+    return join(resolve(process.env.HIVE_STATE_PATH), 'managed-state.json');
+  }
+  return join(resolve(vaultPath), STATE_REL_PATH);
 }
 
 function normalizeState(raw) {
-  if (!raw || typeof raw !== 'object') return null;
-  const ownerDiscordId = normalizeOwnerId(raw.ownerDiscordId);
-  const vaultId = String(raw.vaultId ?? '').trim();
-  const initializedAt = String(raw.initializedAt ?? '').trim();
-  if (!ownerDiscordId || !vaultId || !initializedAt) return null;
+  if (!raw || typeof raw !== 'object') {
+    throw new Error('[managed] Invalid state payload');
+  }
+
+  if (raw.version !== STATE_VERSION) {
+    throw new Error(
+      `[managed] Unsupported managed state version (${String(raw.version ?? 'unknown')}). This build requires a fresh setup.`,
+    );
+  }
 
-  const members = raw.members && typeof raw.members === 'object' ? raw.members : {};
-  const invites = raw.invites && typeof raw.invites === 'object' ? raw.invites : {};
+  const ownerId = assertNonEmptyString(raw.ownerId, 'ownerId');
+  const vaultId = assertNonEmptyString(raw.vaultId, 'vaultId');
+  const initializedAt = assertIsoDate(raw.initializedAt, 'initializedAt');
+  const vaultName = String(raw.vaultName ?? '').trim() || null;
+
+  const membersRaw = raw.members;
+  if (!membersRaw || typeof membersRaw !== 'object' || Array.isArray(membersRaw)) {
+    throw new Error('[managed] Invalid members object');
+  }
+  const invitesRaw = raw.invites;
+  if (!invitesRaw || typeof invitesRaw !== 'object' || Array.isArray(invitesRaw)) {
+    throw new Error('[managed] Invalid invites object');
+  }
+
+  const members = {};
+  for (const [id, value] of Object.entries(membersRaw)) {
+    const member = normalizeMember(value);
+    members[id] = member;
+  }
+
+  const invites = {};
+  for (const [code, value] of Object.entries(invitesRaw)) {
+    const invite = normalizeInvite(value);
+    invites[code] = invite;
+  }
+
+  if (!members[ownerId]) {
+    throw new Error('[managed] Owner must exist in members map');
+  }
 
   return {
     version: STATE_VERSION,
     managed: true,
-    ownerDiscordId,
+    ownerId,
     vaultId,
     initializedAt,
+    vaultName,
     members,
     invites,
   };
@@ -51,9 +141,6 @@ export async function loadManagedState(vaultPath) {
 export async function saveManagedState(vaultPath, state) {
   const filePath = getManagedStatePath(vaultPath);
   const normalized = normalizeState(state);
-  if (!normalized) {
-    throw new Error('Invalid managed state payload');
-  }
   await mkdir(dirname(filePath), { recursive: true });
   await writeFile(filePath, `${JSON.stringify(normalized, null, 2)}\n`, 'utf-8');
   return normalized;
@@ -61,7 +148,7 @@ export async function saveManagedState(vaultPath, state) {
 
 export function getRole(state, userId) {
   if (!state) return 'none';
-  if (userId === state.ownerDiscordId) return 'owner';
+  if (userId === state.ownerId) return 'owner';
   if (state.members?.[userId]) return 'member';
   return 'none';
 }
@@ -70,58 +157,52 @@ export function isMember(state, userId) {
   return getRole(state, userId) !== 'none';
 }
 
-export async function assertOwnerConsistency(vaultPath, ownerDiscordId) {
-  const state = await loadManagedState(vaultPath);
-  if (!state) return null;
-  const configuredOwner = normalizeOwnerId(ownerDiscordId);
-  if (!configuredOwner) {
-    throw new Error('OWNER_DISCORD_ID is required');
-  }
-  if (state.ownerDiscordId !== configuredOwner) {
-    throw new Error(
-      `[managed] owner mismatch: state=${state.ownerDiscordId} env=${configuredOwner}. Update OWNER_DISCORD_ID or reset managed state.`,
-    );
-  }
-  return state;
-}
-
 function nextInviteCode() {
   return randomBytes(6).toString('hex');
 }
 
-export async function initManagedState({ vaultPath, ownerDiscordId, ownerUser }) {
+function getValidInviteOrThrow(state, code) {
+  const invite = state.invites?.[code];
+  if (!invite) throw new Error('Invite not found');
+  if (invite.revokedAt) throw new Error('Invite revoked');
+  if (invite.usedAt) throw new Error('Invite already used');
+  return invite;
+}
+
+export async function initManagedState({ vaultPath, ownerId: ownerIdParam, ownerUser, vaultName }) {
   const existing = await loadManagedState(vaultPath);
   if (existing) return existing;
 
-  const ownerId = normalizeOwnerId(ownerDiscordId);
-  if (!ownerId) throw new Error('OWNER_DISCORD_ID is required');
+  const ownerId = assertNonEmptyString(ownerIdParam, 'ownerId');
+  const ownerUsername = String(ownerUser?.username ?? '').trim() || ownerId;
 
   const state = {
     version: STATE_VERSION,
     managed: true,
-    ownerDiscordId: ownerId,
+    ownerId,
     vaultId: randomBytes(16).toString('hex'),
     initializedAt: nowIso(),
+    vaultName: String(vaultName ?? '').trim() || null,
     members: {},
     invites: {},
   };
 
   state.members[ownerId] = {
     id: ownerId,
-    username: ownerUser?.username || ownerId,
+    username: ownerUsername,
     addedAt: nowIso(),
     addedBy: ownerId,
+    pendingBootstrapHash: null,
+    pendingBootstrapIssuedAt: null,
+    pendingBootstrapExpiresAt: null,
   };
 
   return saveManagedState(vaultPath, state);
 }
 
-export async function createInvite({ vaultPath, ownerDiscordId, createdBy }) {
+export async function createInvite({ vaultPath, createdBy }) {
   const state = await loadManagedState(vaultPath);
   if (!state) throw new Error('Managed vault is not initialized');
-  if (state.ownerDiscordId !== normalizeOwnerId(ownerDiscordId)) {
-    throw new Error('Owner mismatch');
-  }
 
   let code = nextInviteCode();
   while (state.invites[code]) {
@@ -131,10 +212,14 @@ export async function createInvite({ vaultPath, ownerDiscordId, createdBy }) {
   state.invites[code] = {
     code,
     createdAt: nowIso(),
-    createdBy,
+    createdBy: assertNonEmptyString(createdBy, 'createdBy'),
     usedAt: null,
     usedBy: null,
     revokedAt: null,
+    downloadTicketHash: null,
+    downloadTicketIssuedAt: null,
+    downloadTicketExpiresAt: null,
+    downloadTicketUsedAt: null,
   };
   await saveManagedState(vaultPath, state);
   return state.invites[code];
@@ -146,6 +231,14 @@ export async function listInvites(vaultPath) {
   return Object.values(state.invites).sort((a, b) => a.createdAt.localeCompare(b.createdAt));
 }
 
+export async function getInvite(vaultPath, code) {
+  const state = await loadManagedState(vaultPath);
+  if (!state) throw new Error('Managed vault is not initialized');
+  const invite = state.invites?.[code];
+  if (!invite) return null;
+  return invite;
+}
+
 export async function revokeInvite({ vaultPath, code }) {
   const state = await loadManagedState(vaultPath);
   if (!state) throw new Error('Managed vault is not initialized');
@@ -162,15 +255,12 @@ export async function pairMember({ vaultPath, code, user }) {
   const state = await loadManagedState(vaultPath);
   if (!state) throw new Error('Managed vault is not initialized');
 
+  const invite = getValidInviteOrThrow(state, code);
+
   if (isMember(state, user.id)) {
     return { state, paired: false, reason: 'already-member' };
   }
 
-  const invite = state.invites[code];
-  if (!invite) throw new Error('Invite not found');
-  if (invite.revokedAt) throw new Error('Invite revoked');
-  if (invite.usedAt) throw new Error('Invite already used');
-
   invite.usedAt = nowIso();
   invite.usedBy = user.id;
 
@@ -178,24 +268,140 @@ export async function pairMember({ vaultPath, code, user }) {
     id: user.id,
     username: user.username,
     addedAt: nowIso(),
-    addedBy: invite.createdBy || state.ownerDiscordId,
+    addedBy: invite.createdBy || state.ownerId,
+    pendingBootstrapHash: null,
+    pendingBootstrapIssuedAt: null,
+    pendingBootstrapExpiresAt: null,
   };
 
   await saveManagedState(vaultPath, state);
   return { state, paired: true, reason: 'paired' };
 }
 
-export async function removeMember({ vaultPath, discordId }) {
+export async function setInviteDownloadTicket({
+  vaultPath,
+  code,
+  memberId,
+  ticketHash,
+  expiresAt,
+}) {
+  const state = await loadManagedState(vaultPath);
+  if (!state) throw new Error('Managed vault is not initialized');
+
+  const invite = state.invites?.[code];
+  if (!invite) throw new Error('Invite not found');
+  if (invite.revokedAt) throw new Error('Invite revoked');
+  if (!invite.usedAt || !invite.usedBy) throw new Error('Invite has not been claimed yet');
+  if (invite.usedBy !== memberId) throw new Error('Invite does not belong to this member');
+
+  invite.downloadTicketHash = assertNonEmptyString(ticketHash, 'ticketHash');
+  invite.downloadTicketIssuedAt = nowIso();
+  invite.downloadTicketExpiresAt = assertIsoDate(expiresAt, 'expiresAt');
+  invite.downloadTicketUsedAt = null;
+
+  await saveManagedState(vaultPath, state);
+  return invite;
+}
+
+export async function consumeInviteDownloadTicket({ vaultPath, ticketHash }) {
+  const state = await loadManagedState(vaultPath);
+  if (!state) throw new Error('Managed vault is not initialized');
+
+  const normalizedHash = assertNonEmptyString(ticketHash, 'ticketHash');
+  const invite = Object.values(state.invites).find((row) =>
+    compareHexConstantTime(String(row.downloadTicketHash ?? ''), normalizedHash),
+  );
+  if (!invite) {
+    throw new Error('Download ticket is invalid');
+  }
+  if (!invite.usedAt || !invite.usedBy) {
+    throw new Error('Invite has not been claimed yet');
+  }
+  if (invite.downloadTicketUsedAt) {
+    throw new Error('Download ticket already used');
+  }
+  const expiresAt = String(invite.downloadTicketExpiresAt ?? '').trim();
+  if (!expiresAt) {
+    throw new Error('Download ticket is invalid');
+  }
+  const expiresMs = Date.parse(expiresAt);
+  if (!Number.isFinite(expiresMs) || Date.now() > expiresMs) {
+    throw new Error('Download ticket expired');
+  }
+
+  invite.downloadTicketUsedAt = nowIso();
+  await saveManagedState(vaultPath, state);
+  return {
+    invite,
+    memberId: invite.usedBy,
+    vaultId: state.vaultId,
+  };
+}
+
+export async function setMemberBootstrapSecret({ vaultPath, userId, tokenHash, expiresAt }) {
+  const state = await loadManagedState(vaultPath);
+  if (!state) throw new Error('Managed vault is not initialized');
+
+  const member = state.members?.[userId];
+  if (!member) {
+    throw new Error('Member not found');
+  }
+
+  member.pendingBootstrapHash = assertNonEmptyString(tokenHash, 'tokenHash');
+  member.pendingBootstrapIssuedAt = nowIso();
+  member.pendingBootstrapExpiresAt = assertIsoDate(expiresAt, 'expiresAt');
+
+  await saveManagedState(vaultPath, state);
+  return { state, member };
+}
+
+export async function consumeMemberBootstrapSecretByToken({ vaultPath, tokenHash, vaultId }) {
+  const state = await loadManagedState(vaultPath);
+  if (!state) throw new Error('Managed vault is not initialized');
+  if (String(vaultId ?? '') !== state.vaultId) {
+    throw new Error('Invalid vault ID');
+  }
+
+  const incomingHash = String(tokenHash ?? '').trim();
+  if (!incomingHash) {
+    throw new Error('Invalid bootstrap token');
+  }
+
+  const member = Object.values(state.members ?? {}).find((candidate) =>
+    compareHexConstantTime(String(candidate.pendingBootstrapHash ?? ''), incomingHash),
+  );
+  if (!member) {
+    throw new Error('Invalid bootstrap token');
+  }
+
+  const expiresAt = String(member.pendingBootstrapExpiresAt ?? '').trim();
+  if (!expiresAt) {
+    throw new Error('No pending bootstrap token for member');
+  }
+  const expiresMs = Date.parse(expiresAt);
+  if (!Number.isFinite(expiresMs) || Date.now() > expiresMs) {
+    throw new Error('Bootstrap token expired');
+  }
+
+  member.pendingBootstrapHash = null;
+  member.pendingBootstrapIssuedAt = null;
+  member.pendingBootstrapExpiresAt = null;
+
+  await saveManagedState(vaultPath, state);
+  return { state, member };
+}
+
+export async function removeMember({ vaultPath, userId }) {
   const state = await loadManagedState(vaultPath);
   if (!state) throw new Error('Managed vault is not initialized');
-  if (discordId === state.ownerDiscordId) {
+  if (userId === state.ownerId) {
     throw new Error('Cannot remove owner');
   }
-  const existing = state.members?.[discordId];
+  const existing = state.members?.[userId];
   if (!existing) {
     return { removed: false, state };
   }
-  delete state.members[discordId];
+  delete state.members[userId];
   await saveManagedState(vaultPath, state);
   return { removed: true, state, member: existing };
 }
@@ -216,10 +422,11 @@ export function describeManagedStatus(state, userId) {
   return {
     managedInitialized: true,
     vaultId: state.vaultId,
+    vaultName: state.vaultName ?? null,
     role,
     isOwner: role === 'owner',
     isMember: role === 'owner' || role === 'member',
-    ownerDiscordId: state.ownerDiscordId,
+    ownerId: state.ownerId,
     memberCount: Object.keys(state.members ?? {}).length,
     initializedAt: state.initializedAt,
   };

package/lib/setupOrchestrator.js

@@ -0,0 +1,76 @@
+import { createOwnerAccount } from './accountState.js';
+import { initManagedState } from './managedState.js';
+import { join, resolve } from 'path';
+import { mkdir, readdir, writeFile } from 'fs/promises';
+import { existsSync } from 'fs';
+
+function slugifyVaultName(name) {
+  return String(name ?? '')
+    .trim()
+    .toLowerCase()
+    .replace(/[^a-z0-9]+/g, '-')
+    .replace(/^-+|-+$/g, '')
+    .slice(0, 80) || 'hive-vault';
+}
+
+async function ensureDirectory(path) {
+  await mkdir(path, { recursive: true });
+}
+
+async function assertDirectoryEmpty(path) {
+  if (!existsSync(path)) return;
+  const entries = await readdir(path);
+  if (entries.length > 0) {
+    throw new Error(`Target vault folder is not empty: ${path}`);
+  }
+}
+
+export async function createVaultAtParent({
+  parentPath,
+  vaultName,
+}) {
+  const base = String(parentPath ?? '').trim();
+  if (!base) {
+    throw new Error('Vault parent folder is required');
+  }
+
+  const parent = resolve(base);
+  await ensureDirectory(parent);
+
+  const vaultDir = join(parent, slugifyVaultName(vaultName));
+  await assertDirectoryEmpty(vaultDir);
+  await ensureDirectory(vaultDir);
+
+  const welcomePath = join(vaultDir, 'Welcome.md');
+  await writeFile(
+    welcomePath,
+    `# ${String(vaultName ?? 'Hive Vault').trim() || 'Hive Vault'}\n\nThis vault was initialized by Hive setup.\n`,
+    'utf-8',
+  );
+
+  return vaultDir;
+}
+
+export async function initializeOwnerManagedVault({
+  vaultPath,
+  vaultName,
+  ownerEmail,
+  ownerDisplayName,
+  ownerPassword,
+}) {
+  const account = await createOwnerAccount({
+    vaultPath,
+    email: ownerEmail,
+    displayName: ownerDisplayName,
+    password: ownerPassword,
+  });
+
+  const state = await initManagedState({
+    vaultPath,
+    ownerId: account.id,
+    ownerUser: { username: account.displayName },
+    vaultName,
+  });
+
+  return { account, state };
+}

package/lib/yjsServer.js

@@ -204,10 +204,9 @@ export async function forceCloseRoom(relPath) {
   await closeRoom(docName, { closeClients: true, reason: 'forced' });
 }
 
-export function startYjsServer(broadcastFileUpdated) {
+export function startYjsServer(httpServer, broadcastFileUpdated) {
   broadcastRef = broadcastFileUpdated;
-  const port = parseInt(process.env.YJS_PORT ?? '3001', 10);
-  const wss = new WebSocketServer({ port });
+  const wss = new WebSocketServer({ noServer: true });
 
   wss.on('connection', async (conn, req) => {
     const url = new URL(req.url, 'http://localhost');
@@ -253,14 +252,17 @@ export function startYjsServer(broadcastFileUpdated) {
       // it already populated and send that content as sync step 1, so clients
       // never see an empty doc and Y.Text never gets double-initialized.
       const ydoc = getYDoc(rawDocName, true);
-      try {
-        const absPath = vault.safePath(relPath);
-        const content = readFileSync(absPath, 'utf-8');
-        if (content) {
-          ydoc.getText('content').insert(0, content);
+      const yText = ydoc.getText('content');
+      if (yText.length === 0) {          // guard: skip if doc already has content
+        try {
+          const absPath = vault.safePath(relPath);
+          const content = readFileSync(absPath, 'utf-8');
+          if (content) {
+            yText.insert(0, content);
+          }
+        } catch {
+          // File doesn't exist yet — start with empty document
         }
-      } catch {
-        // File doesn't exist yet — start with empty document
       }
     }
 
@@ -274,6 +276,5 @@ export function startYjsServer(broadcastFileUpdated) {
     }
   });
 
-  console.log(`[yjs] WebSocket server listening on port ${port}`);
   return wss;
 }

package/package.json

@@ -1,12 +1,13 @@
 {
   "name": "@fyresmith/hive-server",
-  "version": "4.0.0",
+  "version": "5.0.0",
   "type": "module",
   "description": "Collaborative Obsidian vault server",
   "main": "index.js",
   "files": [
     "bin",
     "cli",
+    "assets",
     "lib",
     "routes",
     "index.js",
@@ -34,7 +35,6 @@
     "chalk": "^5.6.2",
     "chokidar": "^3.6.0",
     "commander": "^13.1.0",
-    "discord-oauth2": "^2.12.0",
     "dotenv": "^16.4.5",
     "execa": "^9.6.0",
     "express": "^4.19.2",
@@ -44,6 +44,7 @@
     "which": "^6.0.0",
     "ws": "^8.17.1",
     "y-websocket": "^1.5.4",
+    "yazl": "^2.5.1",
     "yjs": "^13.6.18"
   },
   "devDependencies": {