@glwhappen/web-code 1.32.0

package/server/modules/database/repositories/scan-state.db.ts

@@ -0,0 +1,42 @@
+import { getConnection } from '@/modules/database/connection.js';
+
+type ScanStateRow = {
+  last_scanned_at: string;
+};
+
+export const scanStateDb = {
+    getLastScannedAt() {
+        const db = getConnection();
+
+        const row = db
+            .prepare(`SELECT last_scanned_at FROM scan_state WHERE id = 1`)
+            .get() as ScanStateRow;
+
+        if (!row) {
+            return null; // Before any scan, the row is undefined.
+        }
+
+        let lastScannedDate: Date | null = null;
+        const lastScannedStr = row.last_scanned_at;
+
+        if (lastScannedStr) {
+            // SQLite CURRENT_TIMESTAMP returns UTC in "YYYY-MM-DD HH:MM:SS" format.
+            // Replace space with 'T' and append 'Z' to parse reliably in JS across all platforms.
+            lastScannedDate = new Date(lastScannedStr.replace(' ', 'T') + 'Z');
+        }
+
+        return lastScannedDate;
+    },
+
+    updateLastScannedAt(scannedAt: Date = new Date()) {
+        const db = getConnection();
+        const sqliteTimestamp = scannedAt.toISOString().slice(0, 19).replace('T', ' ');
+
+        db.prepare(`
+            INSERT INTO scan_state (id, last_scanned_at)
+            VALUES (1, ?)
+            ON CONFLICT (id)
+            DO UPDATE SET last_scanned_at = excluded.last_scanned_at
+        `).run(sqliteTimestamp);
+    }
+};

package/server/modules/database/repositories/sessions.db.integration.test.ts

@@ -0,0 +1,78 @@
+import assert from 'node:assert/strict';
+import { mkdtemp, rm } from 'node:fs/promises';
+import { tmpdir } from 'node:os';
+import path from 'node:path';
+import test from 'node:test';
+
+import { closeConnection } from '@/modules/database/connection.js';
+import { initializeDatabase } from '@/modules/database/init-db.js';
+import { sessionsDb } from '@/modules/database/repositories/sessions.db.js';
+import { userDb } from '@/modules/database/repositories/users.js';
+
+async function withIsolatedDatabase(
+  runTest: (userId: number) => void | Promise<void>,
+): Promise<void> {
+  const previousDatabasePath = process.env.DATABASE_PATH;
+  const tempDirectory = await mkdtemp(path.join(tmpdir(), 'sessions-db-'));
+  const databasePath = path.join(tempDirectory, 'auth.db');
+
+  closeConnection();
+  process.env.DATABASE_PATH = databasePath;
+  await initializeDatabase();
+
+  const created = userDb.createUser('test-user', 'hash');
+  const userId = Number(created.id);
+
+  try {
+    await runTest(userId);
+  } finally {
+    closeConnection();
+    if (previousDatabasePath === undefined) {
+      delete process.env.DATABASE_PATH;
+    } else {
+      process.env.DATABASE_PATH = previousDatabasePath;
+    }
+    await rm(tempDirectory, { recursive: true, force: true });
+  }
+}
+
+test('session archive queries hide archived rows from active project views', async () => {
+  await withIsolatedDatabase((userId) => {
+    sessionsDb.createSession(userId, 'session-active', 'claude', '/workspace/demo-project', 'Active Session');
+    sessionsDb.createSession(userId, 'session-archived', 'claude', '/workspace/demo-project', 'Archived Session');
+    sessionsDb.updateSessionIsArchived(userId, 'session-archived', true);
+
+    const activeSessions = sessionsDb.getAllSessions(userId);
+    const archivedSessions = sessionsDb.getArchivedSessions(userId);
+    const activeProjectSessions = sessionsDb.getSessionsByProjectPath(userId, '/workspace/demo-project');
+    const allProjectSessions = sessionsDb.getSessionsByProjectPathIncludingArchived(userId, '/workspace/demo-project');
+
+    assert.deepEqual(activeSessions.map((session) => session.session_id), ['session-active']);
+    assert.deepEqual(archivedSessions.map((session) => session.session_id), ['session-archived']);
+    assert.deepEqual(activeProjectSessions.map((session) => session.session_id), ['session-active']);
+    assert.deepEqual(
+      allProjectSessions.map((session) => session.session_id).sort(),
+      ['session-active', 'session-archived'],
+    );
+    assert.equal(sessionsDb.countSessionsByProjectPath(userId, '/workspace/demo-project'), 1);
+  });
+});
+
+test('createSession reactivates archived rows when the session becomes active again', async () => {
+  await withIsolatedDatabase((userId) => {
+    sessionsDb.createSession(userId, 'session-reused', 'claude', '/workspace/demo-project', 'First Name');
+    sessionsDb.updateSessionIsArchived(userId, 'session-reused', true);
+
+    sessionsDb.createSession(userId, 'session-reused', 'claude', '/workspace/demo-project', 'Updated Name');
+
+    const activeSessions = sessionsDb.getAllSessions(userId);
+    const archivedSessions = sessionsDb.getArchivedSessions(userId);
+    const restoredSession = sessionsDb.getSessionById(userId, 'session-reused');
+
+    assert.equal(activeSessions.length, 1);
+    assert.equal(activeSessions[0]?.session_id, 'session-reused');
+    assert.equal(activeSessions[0]?.custom_name, 'Updated Name');
+    assert.equal(archivedSessions.length, 0);
+    assert.equal(restoredSession?.isArchived, 0);
+  });
+});

package/server/modules/database/repositories/sessions.db.ts

@@ -0,0 +1,230 @@
+import { getConnection } from '@/modules/database/connection.js';
+import { projectsDb } from '@/modules/database/repositories/projects.db.js';
+import { normalizeProjectPath } from '@/shared/utils.js';
+
+type SessionRow = {
+  session_id: string;
+  user_id: number;
+  provider: string;
+  project_path: string | null;
+  jsonl_path: string | null;
+  custom_name: string | null;
+  isArchived: number;
+  created_at: string;
+  updated_at: string;
+};
+
+type SessionMetadataLookupRow = Pick<
+  SessionRow,
+  'session_id' | 'user_id' | 'provider' | 'project_path' | 'jsonl_path' | 'custom_name' | 'isArchived' | 'created_at' | 'updated_at'
+>;
+
+function normalizeTimestamp(value?: string): string | null {
+  if (!value) return null;
+
+  const parsed = new Date(value);
+  if (Number.isNaN(parsed.getTime())) {
+    return null;
+  }
+
+  return parsed.toISOString();
+}
+
+function normalizeProjectPathForProvider(provider: string, projectPath: string): string {
+  void provider;
+  return normalizeProjectPath(projectPath);
+}
+
+export const sessionsDb = {
+  createSession(
+    userId: number,
+    sessionId: string,
+    provider: string,
+    projectPath: string,
+    customName?: string,
+    createdAt?: string,
+    updatedAt?: string,
+    jsonlPath?: string | null
+  ): string {
+    const db = getConnection();
+    const createdAtValue = normalizeTimestamp(createdAt);
+    const updatedAtValue = normalizeTimestamp(updatedAt);
+    const normalizedProjectPath = normalizeProjectPathForProvider(provider, projectPath);
+
+    // First, ensure the project path is recorded in the projects table,
+    // since it's a foreign key in the sessions table.
+    projectsDb.createProjectPath(userId, normalizedProjectPath);
+
+    db.prepare(
+      `INSERT INTO sessions (session_id, user_id, provider, custom_name, project_path, jsonl_path, isArchived, created_at, updated_at)
+       VALUES (?, ?, ?, ?, ?, ?, 0, COALESCE(?, CURRENT_TIMESTAMP), COALESCE(?, CURRENT_TIMESTAMP))
+       ON CONFLICT(user_id, session_id) DO UPDATE SET
+         provider = excluded.provider,
+         updated_at = excluded.updated_at,
+         project_path = excluded.project_path,
+         jsonl_path = excluded.jsonl_path,
+         isArchived = 0,
+         custom_name = COALESCE(excluded.custom_name, sessions.custom_name)`
+    ).run(
+      sessionId,
+      userId,
+      provider,
+      customName ?? null,
+      normalizedProjectPath,
+      jsonlPath ?? null,
+      createdAtValue,
+      updatedAtValue
+    );
+
+    return sessionId;
+  },
+
+  updateSessionCustomName(userId: number, sessionId: string, customName: string): void {
+    const db = getConnection();
+    db.prepare(
+      `UPDATE sessions
+       SET custom_name = ?
+       WHERE user_id = ? AND session_id = ?`
+    ).run(customName, userId, sessionId);
+  },
+
+  getSessionById(userId: number, sessionId: string): SessionMetadataLookupRow | null {
+    const db = getConnection();
+    const row = db
+      .prepare(
+        `SELECT session_id, user_id, provider, project_path, jsonl_path, custom_name, isArchived, created_at, updated_at
+         FROM sessions
+         WHERE user_id = ? AND session_id = ?
+         ORDER BY updated_at DESC
+         LIMIT 1`
+      )
+      .get(userId, sessionId) as SessionMetadataLookupRow | undefined;
+
+    return row ?? null;
+  },
+
+  getAllSessions(userId: number): SessionRow[] {
+    const db = getConnection();
+    return db
+      .prepare(
+        `SELECT session_id, user_id, provider, project_path, jsonl_path, custom_name, isArchived, created_at, updated_at
+         FROM sessions
+         WHERE user_id = ? AND isArchived = 0`
+      )
+      .all(userId) as SessionRow[];
+  },
+
+  /**
+   * Archived rows are intentionally queried separately so the caller can render
+   * them in a dedicated view without reintroducing them into active session lists.
+   */
+  getArchivedSessions(userId: number): SessionRow[] {
+    const db = getConnection();
+    return db
+      .prepare(
+        `SELECT session_id, user_id, provider, project_path, jsonl_path, custom_name, isArchived, created_at, updated_at
+         FROM sessions
+         WHERE user_id = ? AND isArchived = 1
+         ORDER BY datetime(COALESCE(updated_at, created_at)) DESC, session_id DESC`
+      )
+      .all(userId) as SessionRow[];
+  },
+
+  getSessionsByProjectPath(userId: number, projectPath: string): SessionRow[] {
+    const db = getConnection();
+    const normalizedProjectPath = normalizeProjectPath(projectPath);
+    return db
+      .prepare(
+        `SELECT session_id, user_id, provider, project_path, jsonl_path, custom_name, isArchived, created_at, updated_at
+         FROM sessions
+         WHERE user_id = ? AND project_path = ?
+           AND isArchived = 0`
+      )
+      .all(userId, normalizedProjectPath) as SessionRow[];
+  },
+
+  /**
+   * Permanent project deletion must see every session row for the path,
+   * including archived ones, so their transcript files can be cleaned up.
+   */
+  getSessionsByProjectPathIncludingArchived(userId: number, projectPath: string): SessionRow[] {
+    const db = getConnection();
+    const normalizedProjectPath = normalizeProjectPath(projectPath);
+    return db
+      .prepare(
+        `SELECT session_id, user_id, provider, project_path, jsonl_path, custom_name, isArchived, created_at, updated_at
+         FROM sessions
+         WHERE user_id = ? AND project_path = ?`
+      )
+      .all(userId, normalizedProjectPath) as SessionRow[];
+  },
+
+  getSessionsByProjectPathPage(userId: number, projectPath: string, limit: number, offset: number): SessionRow[] {
+    const db = getConnection();
+    const normalizedProjectPath = normalizeProjectPath(projectPath);
+    return db
+      .prepare(
+        `SELECT session_id, user_id, provider, project_path, jsonl_path, custom_name, isArchived, created_at, updated_at
+         FROM sessions
+         WHERE user_id = ? AND project_path = ?
+           AND isArchived = 0
+         ORDER BY datetime(COALESCE(updated_at, created_at)) DESC, session_id DESC
+         LIMIT ? OFFSET ?`
+      )
+      .all(userId, normalizedProjectPath, limit, offset) as SessionRow[];
+  },
+
+  countSessionsByProjectPath(userId: number, projectPath: string): number {
+    const db = getConnection();
+    const normalizedProjectPath = normalizeProjectPath(projectPath);
+    const row = db
+      .prepare(
+        `SELECT COUNT(*) AS count
+         FROM sessions
+         WHERE user_id = ? AND project_path = ?
+           AND isArchived = 0`
+      )
+      .get(userId, normalizedProjectPath) as { count: number } | undefined;
+
+    return Number(row?.count ?? 0);
+  },
+
+  deleteSessionsByProjectPath(userId: number, projectPath: string): void {
+    const db = getConnection();
+    const normalizedProjectPath = normalizeProjectPath(projectPath);
+    db.prepare(`DELETE FROM sessions WHERE user_id = ? AND project_path = ?`).run(userId, normalizedProjectPath);
+  },
+
+  getSessionName(userId: number, sessionId: string, provider: string): string | null {
+    const db = getConnection();
+    const row = db
+      .prepare(
+        `SELECT custom_name
+         FROM sessions
+         WHERE user_id = ? AND session_id = ? AND provider = ?`
+      )
+      .get(userId, sessionId, provider) as { custom_name: string | null } | undefined;
+
+    return row?.custom_name ?? null;
+  },
+
+  /**
+   * Soft-delete and restore both use the same flag update so callers keep the
+   * row, metadata, and file path intact while toggling visibility.
+   */
+  updateSessionIsArchived(userId: number, sessionId: string, isArchived: boolean): void {
+    const db = getConnection();
+    db.prepare(
+      `UPDATE sessions
+       SET isArchived = ?
+       WHERE user_id = ? AND session_id = ?`
+    ).run(isArchived ? 1 : 0, userId, sessionId);
+  },
+
+  deleteSessionById(userId: number, sessionId: string): boolean {
+    const db = getConnection();
+    return (
+      db.prepare('DELETE FROM sessions WHERE user_id = ? AND session_id = ?').run(userId, sessionId).changes > 0
+    );
+  },
+};

package/server/modules/database/repositories/users.ts

@@ -0,0 +1,186 @@
+/**
+ * User repository.
+ *
+ * Provides typed CRUD operations for the `users` table.
+ */
+
+import { getConnection } from '@/modules/database/connection.js';
+
+type UserRow = {
+  id: number;
+  username: string;
+  password_hash: string;
+  created_at: string;
+  last_login: string | null;
+  is_active: number;
+  git_name: string | null;
+  git_email: string | null;
+  has_completed_onboarding: number;
+  is_admin: number;
+};
+
+type UserPublicRow = {
+  id: number;
+  username: string;
+  created_at: string;
+  last_login: string | null;
+  isAdmin: boolean;
+};
+
+type UserGitConfig = {
+  git_name: string | null;
+  git_email: string | null;
+};
+
+type CreateUserOptions = {
+  isAdmin?: boolean;
+};
+
+type CreateUserResult = {
+  id: number;
+  username: string;
+  isAdmin: boolean;
+};
+
+const normalizePublicUser = (
+  row:
+    | Pick<UserRow, 'id' | 'username' | 'created_at' | 'last_login' | 'is_admin'>
+    | undefined,
+): UserPublicRow | undefined => {
+  if (!row) {
+    return undefined;
+  }
+
+  return {
+    id: row.id,
+    username: row.username,
+    created_at: row.created_at,
+    last_login: row.last_login,
+    isAdmin: row.is_admin === 1,
+  };
+};
+
+export const userDb = {
+  /** Returns true if at least one user exists in the database. */
+  hasUsers(): boolean {
+    const db = getConnection();
+    const row = db.prepare('SELECT COUNT(*) as count FROM users').get() as {
+      count: number;
+    };
+    return row.count > 0;
+  },
+
+  /** Inserts a new user and returns the created public fields. */
+  createUser(username: string, passwordHash: string, options: CreateUserOptions = {}): CreateUserResult {
+    const db = getConnection();
+    const isAdmin = options.isAdmin ?? false;
+    const result = db
+      .prepare('INSERT INTO users (username, password_hash, is_admin) VALUES (?, ?, ?)')
+      .run(username, passwordHash, isAdmin ? 1 : 0);
+
+    return {
+      id: Number(result.lastInsertRowid),
+      username,
+      isAdmin,
+    };
+  },
+
+  /** Looks up an active user by username, including password hash for auth verification. */
+  getUserByUsername(username: string): UserRow | undefined {
+    const db = getConnection();
+    return db
+      .prepare('SELECT * FROM users WHERE username = ? AND is_active = 1')
+      .get(username) as UserRow | undefined;
+  },
+
+  /** Updates the last_login timestamp. Non-fatal — logs but does not throw. */
+  updateLastLogin(userId: number): void {
+    try {
+      const db = getConnection();
+      db.prepare('UPDATE users SET last_login = CURRENT_TIMESTAMP WHERE id = ?').run(userId);
+    } catch (err) {
+      const message = err instanceof Error ? err.message : String(err);
+      console.error('Failed to update last login', { error: message });
+    }
+  },
+
+  /** Returns public user fields by ID (no password hash). */
+  getUserById(userId: number): UserPublicRow | undefined {
+    const db = getConnection();
+    const row = db
+      .prepare(
+        'SELECT id, username, created_at, last_login, is_admin FROM users WHERE id = ? AND is_active = 1'
+      )
+      .get(userId) as Pick<UserRow, 'id' | 'username' | 'created_at' | 'last_login' | 'is_admin'> | undefined;
+
+    return normalizePublicUser(row);
+  },
+
+  /** Returns the first active user. Used for single-user mode lookups. */
+  getFirstUser(): UserPublicRow | undefined {
+    const db = getConnection();
+    const row = db
+      .prepare(
+        'SELECT id, username, created_at, last_login, is_admin FROM users WHERE is_active = 1 ORDER BY id ASC LIMIT 1'
+      )
+      .get() as Pick<UserRow, 'id' | 'username' | 'created_at' | 'last_login' | 'is_admin'> | undefined;
+
+    return normalizePublicUser(row);
+  },
+
+  listUsers(): UserPublicRow[] {
+    const db = getConnection();
+    const rows = db
+      .prepare(
+        'SELECT id, username, created_at, last_login, is_admin FROM users WHERE is_active = 1 ORDER BY id ASC'
+      )
+      .all() as Array<Pick<UserRow, 'id' | 'username' | 'created_at' | 'last_login' | 'is_admin'>>;
+
+    return rows.map((row) => normalizePublicUser(row)).filter(Boolean) as UserPublicRow[];
+  },
+
+  deleteUser(userId: number): boolean {
+    const db = getConnection();
+    const result = db.prepare('DELETE FROM users WHERE id = ?').run(userId);
+    return result.changes > 0;
+  },
+
+  /** Stores the user's preferred git name and email. */
+  updateGitConfig(userId: number, gitName: string, gitEmail: string): void {
+    const db = getConnection();
+    db.prepare('UPDATE users SET git_name = ?, git_email = ? WHERE id = ?').run(
+      gitName,
+      gitEmail,
+      userId,
+    );
+  },
+
+  /** Retrieves the user's git identity (name + email). */
+  getGitConfig(userId: number): UserGitConfig | undefined {
+    const db = getConnection();
+    return db
+      .prepare('SELECT git_name, git_email FROM users WHERE id = ?')
+      .get(userId) as UserGitConfig | undefined;
+  },
+
+  /** Marks onboarding as complete for the given user. */
+  completeOnboarding(userId: number): void {
+    const db = getConnection();
+    db.prepare('UPDATE users SET has_completed_onboarding = 1 WHERE id = ?').run(userId);
+  },
+
+  /** Returns true if the user has finished the onboarding flow. */
+  hasCompletedOnboarding(userId: number): boolean {
+    const db = getConnection();
+    const row = db
+      .prepare('SELECT has_completed_onboarding FROM users WHERE id = ?')
+      .get(userId) as { has_completed_onboarding: number } | undefined;
+    return row?.has_completed_onboarding === 1;
+  },
+
+  /** Updates the password hash for a given user. */
+  updatePassword(userId: number, passwordHash: string): void {
+    const db = getConnection();
+    db.prepare('UPDATE users SET password_hash = ? WHERE id = ?').run(passwordHash, userId);
+  },
+};

package/server/modules/database/repositories/vapid-keys.ts

@@ -0,0 +1,57 @@
+/**
+ * VAPID keys repository.
+ *
+ * Stores and retrieves the Web Push VAPID key pair.
+ */
+
+import { getConnection } from '@/modules/database/connection.js';
+
+type VapidKeyRow = {
+  public_key: string;
+  private_key: string;
+};
+
+type VapidKeyPair = {
+  publicKey: string;
+  privateKey: string;
+};
+
+export const vapidKeysDb = {
+  /** Returns the latest stored VAPID key pair, or null when unset. */
+  getVapidKeys(): VapidKeyPair | null {
+    const db = getConnection();
+    const row = db
+      .prepare(
+        'SELECT public_key, private_key FROM vapid_keys ORDER BY id DESC LIMIT 1'
+      )
+      .get() as Pick<VapidKeyRow, 'public_key' | 'private_key'> | undefined;
+
+    if (!row) return null;
+    return {
+      publicKey: row.public_key,
+      privateKey: row.private_key,
+    };
+  },
+
+  /** Persists a new VAPID key pair. */
+  createVapidKeys(publicKey: string, privateKey: string): void {
+    const db = getConnection();
+    db.prepare(
+      'INSERT INTO vapid_keys (public_key, private_key) VALUES (?, ?)'
+    ).run(publicKey, privateKey);
+  },
+
+  /** Replaces all existing keys with a fresh pair. */
+  updateVapidKeys(publicKey: string, privateKey: string): void {
+    const db = getConnection();
+    db.prepare('DELETE FROM vapid_keys').run();
+    vapidKeysDb.createVapidKeys(publicKey, privateKey);
+  },
+
+  /** Deletes all VAPID key rows. */
+  deleteVapidKeys(): void {
+    const db = getConnection();
+    db.prepare('DELETE FROM vapid_keys').run();
+  },
+};
+