@goscribe/server 1.0.10 → 1.1.0

package/dist/lib/auth.js

@@ -1,44 +1,117 @@
-// src/server/auth.ts
+/**
+ * Authentication utilities for custom HMAC-based cookie verification.
+ *
+ * This module provides secure authentication using HMAC-SHA256 signatures
+ * to verify user identity through signed cookies.
+ *
+ * @fileoverview Custom authentication system with HMAC cookie verification
+ * @author Scribe Team
+ * @version 1.0.0
+ */
 import crypto from "node:crypto";
-// Custom HMAC cookie: auth_token = base64(userId).hex(hmacSHA256(base64(userId), secret))
+/**
+ * Verifies a custom HMAC-signed authentication cookie.
+ *
+ * The cookie format is: `base64(userId).hex(hmacSHA256(base64(userId), secret))`
+ *
+ * @param cookieValue - The raw cookie value to verify, or undefined if no cookie exists
+ * @returns Authentication result with userId if valid, null if invalid or missing
+ *
+ * @example
+ * ```typescript
+ * const result = verifyCustomAuthCookie("dXNlcjEyMw.abc123def456...");
+ * if (result) {
+ *   console.log(`Authenticated user: ${result.userId}`);
+ * }
+ * ```
+ *
+ * @throws {Error} Never throws - returns null for all error conditions
+ */
 export function verifyCustomAuthCookie(cookieValue) {
+    // Early return for missing cookie
     if (!cookieValue) {
         return null;
     }
+    // Get authentication secret from environment
     const secret = process.env.AUTH_SECRET;
     if (!secret) {
         return null;
     }
+    // Parse cookie format: base64UserId.signatureHex
     const parts = cookieValue.split(".");
     if (parts.length !== 2) {
         return null;
     }
     const [base64UserId, signatureHex] = parts;
-    let userId;
+    // Decode the user ID from base64url encoding
+    const userId = decodeBase64UrlUserId(base64UserId);
+    if (!userId) {
+        return null;
+    }
+    // Verify the HMAC signature
+    const isValidSignature = verifyHmacSignature(base64UserId, signatureHex, secret);
+    if (!isValidSignature) {
+        return null;
+    }
+    return { userId };
+}
+/**
+ * Decodes a base64url-encoded user ID string.
+ *
+ * @param base64UserId - The base64url-encoded user ID
+ * @returns The decoded user ID string, or null if decoding fails
+ *
+ * @private
+ */
+function decodeBase64UrlUserId(base64UserId) {
     try {
-        const buf = Buffer.from(base64UserId, "base64url");
-        userId = buf.toString("utf8");
+        const buffer = Buffer.from(base64UserId, "base64url");
+        return buffer.toString("utf8");
     }
     catch (error) {
         return null;
     }
+}
+/**
+ * Verifies an HMAC-SHA256 signature against the expected value.
+ *
+ * @param data - The data that was signed (base64url-encoded user ID)
+ * @param signatureHex - The hex-encoded signature to verify
+ * @param secret - The secret key used for signing
+ * @returns True if the signature is valid, false otherwise
+ *
+ * @private
+ */
+function verifyHmacSignature(data, signatureHex, secret) {
     const hmac = crypto.createHmac("sha256", secret);
-    hmac.update(base64UserId);
-    const expected = hmac.digest("hex");
-    if (!timingSafeEqualHex(signatureHex, expected)) {
-        return null;
-    }
-    return { userId };
+    hmac.update(data);
+    const expectedSignature = hmac.digest("hex");
+    return timingSafeEqualHex(signatureHex, expectedSignature);
 }
+/**
+ * Performs a timing-safe comparison of two hex-encoded strings.
+ *
+ * This function prevents timing attacks by ensuring the comparison
+ * takes the same amount of time regardless of where the strings differ.
+ *
+ * @param a - First hex string to compare
+ * @param b - Second hex string to compare
+ * @returns True if the strings are equal, false otherwise
+ *
+ * @private
+ */
 function timingSafeEqualHex(a, b) {
     try {
-        const ab = Buffer.from(a, "hex");
-        const bb = Buffer.from(b, "hex");
-        if (ab.length !== bb.length)
+        const bufferA = Buffer.from(a, "hex");
+        const bufferB = Buffer.from(b, "hex");
+        // Length check prevents timing attacks on different-length inputs
+        if (bufferA.length !== bufferB.length) {
             return false;
-        return crypto.timingSafeEqual(ab, bb);
+        }
+        return crypto.timingSafeEqual(bufferA, bufferB);
     }
     catch {
+        // Return false for any parsing errors
         return false;
     }
 }

package/dist/lib/env.d.ts

@@ -0,0 +1,32 @@
+/**
+ * Parsed and validated environment variables
+ */
+export declare const env: {
+    DATABASE_URL: string;
+    PORT: number;
+    NODE_ENV: "production" | "development" | "test";
+    FRONTEND_URL: string;
+    DIRECT_URL?: string | undefined;
+    BETTER_AUTH_SECRET?: string | undefined;
+    BETTER_AUTH_URL?: string | undefined;
+    GOOGLE_CLOUD_PROJECT_ID?: string | undefined;
+    GOOGLE_CLOUD_BUCKET_NAME?: string | undefined;
+    GOOGLE_APPLICATION_CREDENTIALS?: string | undefined;
+    PUSHER_APP_ID?: string | undefined;
+    PUSHER_KEY?: string | undefined;
+    PUSHER_SECRET?: string | undefined;
+    PUSHER_CLUSTER?: string | undefined;
+    INFERENCE_API_URL?: string | undefined;
+};
+/**
+ * Check if running in production
+ */
+export declare const isProduction: boolean;
+/**
+ * Check if running in development
+ */
+export declare const isDevelopment: boolean;
+/**
+ * Check if running in test
+ */
+export declare const isTest: boolean;

package/dist/lib/env.js

@@ -0,0 +1,46 @@
+import { z } from 'zod';
+import dotenv from 'dotenv';
+dotenv.config();
+/**
+ * Environment variable schema
+ */
+const envSchema = z.object({
+    // Database
+    DATABASE_URL: z.string().url(),
+    DIRECT_URL: z.string().url().optional(),
+    // Server
+    PORT: z.string().regex(/^\d+$/).default('3001').transform(Number),
+    NODE_ENV: z.enum(['development', 'production', 'test']).default('development'),
+    // Auth
+    BETTER_AUTH_SECRET: z.string().min(32).optional(),
+    BETTER_AUTH_URL: z.string().url().optional(),
+    // Storage
+    GOOGLE_CLOUD_PROJECT_ID: z.string().optional(),
+    GOOGLE_CLOUD_BUCKET_NAME: z.string().optional(),
+    GOOGLE_APPLICATION_CREDENTIALS: z.string().optional(),
+    // Pusher
+    PUSHER_APP_ID: z.string().optional(),
+    PUSHER_KEY: z.string().optional(),
+    PUSHER_SECRET: z.string().optional(),
+    PUSHER_CLUSTER: z.string().optional(),
+    // Inference
+    INFERENCE_API_URL: z.string().url().optional(),
+    // CORS
+    FRONTEND_URL: z.string().url().default('http://localhost:3000'),
+});
+/**
+ * Parsed and validated environment variables
+ */
+export const env = envSchema.parse(process.env);
+/**
+ * Check if running in production
+ */
+export const isProduction = env.NODE_ENV === 'production';
+/**
+ * Check if running in development
+ */
+export const isDevelopment = env.NODE_ENV === 'development';
+/**
+ * Check if running in test
+ */
+export const isTest = env.NODE_ENV === 'test';

package/dist/lib/errors.d.ts

@@ -0,0 +1,33 @@
+import { TRPCError } from '@trpc/server';
+/**
+ * Custom error classes for better error handling
+ */
+export declare class AppError extends Error {
+    code: string;
+    statusCode: number;
+    isOperational: boolean;
+    constructor(message: string, code: string, statusCode?: number, isOperational?: boolean);
+}
+export declare class ValidationError extends AppError {
+    constructor(message: string);
+}
+export declare class NotFoundError extends AppError {
+    constructor(resource?: string);
+}
+export declare class UnauthorizedError extends AppError {
+    constructor(message?: string);
+}
+export declare class ForbiddenError extends AppError {
+    constructor(message?: string);
+}
+export declare class ConflictError extends AppError {
+    constructor(message: string);
+}
+/**
+ * Convert AppError to TRPCError
+ */
+export declare function toTRPCError(error: unknown): TRPCError;
+/**
+ * Error handler for async functions
+ */
+export declare function asyncHandler<T extends (...args: any[]) => Promise<any>>(fn: T): T;

package/dist/lib/errors.js

@@ -0,0 +1,78 @@
+import { TRPCError } from '@trpc/server';
+/**
+ * Custom error classes for better error handling
+ */
+export class AppError extends Error {
+    constructor(message, code, statusCode = 500, isOperational = true) {
+        super(message);
+        this.code = code;
+        this.statusCode = statusCode;
+        this.isOperational = isOperational;
+        this.name = this.constructor.name;
+        Error.captureStackTrace(this, this.constructor);
+    }
+}
+export class ValidationError extends AppError {
+    constructor(message) {
+        super(message, 'VALIDATION_ERROR', 400);
+    }
+}
+export class NotFoundError extends AppError {
+    constructor(resource = 'Resource') {
+        super(`${resource} not found`, 'NOT_FOUND', 404);
+    }
+}
+export class UnauthorizedError extends AppError {
+    constructor(message = 'Unauthorized') {
+        super(message, 'UNAUTHORIZED', 401);
+    }
+}
+export class ForbiddenError extends AppError {
+    constructor(message = 'Forbidden') {
+        super(message, 'FORBIDDEN', 403);
+    }
+}
+export class ConflictError extends AppError {
+    constructor(message) {
+        super(message, 'CONFLICT', 409);
+    }
+}
+/**
+ * Convert AppError to TRPCError
+ */
+export function toTRPCError(error) {
+    if (error instanceof AppError) {
+        const codeMap = {
+            400: 'BAD_REQUEST',
+            401: 'UNAUTHORIZED',
+            403: 'FORBIDDEN',
+            404: 'NOT_FOUND',
+            409: 'CONFLICT',
+            500: 'INTERNAL_SERVER_ERROR',
+        };
+        return new TRPCError({
+            code: codeMap[error.statusCode] || 'INTERNAL_SERVER_ERROR',
+            message: error.message,
+            cause: error,
+        });
+    }
+    if (error instanceof TRPCError) {
+        return error;
+    }
+    // Default error
+    return new TRPCError({
+        code: 'INTERNAL_SERVER_ERROR',
+        message: error instanceof Error ? error.message : 'An unexpected error occurred',
+        cause: error,
+    });
+}
+/**
+ * Error handler for async functions
+ */
+export function asyncHandler(fn) {
+    return ((...args) => {
+        return Promise.resolve(fn(...args)).catch((error) => {
+            throw toTRPCError(error);
+        });
+    });
+}

package/dist/lib/inference.d.ts

@@ -1,2 +1,5 @@
-declare function inference(prompt: string, tag: string): Promise<Response>;
+import OpenAI from 'openai';
+declare function inference(prompt: string): Promise<OpenAI.Chat.Completions.ChatCompletion & {
+    _request_id?: string | null;
+}>;
 export default inference;

package/dist/lib/inference.js

@@ -1,15 +1,13 @@
-async function inference(prompt, tag) {
+import OpenAI from 'openai';
+const openai = new OpenAI({
+    apiKey: process.env.INFERENCE_API_KEY,
+    baseURL: process.env.INFERENCE_BASE_URL,
+});
+async function inference(prompt) {
     try {
-        const response = await fetch("https://proxy-ai.onrender.com/api/cohere/inference", {
-            method: "POST",
-            headers: {
-                "Content-Type": "application/json",
-            },
-            body: JSON.stringify({
-                prompt: prompt,
-                model: "command-r-plus",
-                max_tokens: 2000,
-            }),
+        const response = await openai.chat.completions.create({
+            model: "command-a-03-2025",
+            messages: [{ role: "user", content: prompt }],
         });
         return response;
     }

package/dist/lib/logger.d.ts

@@ -0,0 +1,62 @@
+export declare enum LogLevel {
+    ERROR = 0,
+    WARN = 1,
+    INFO = 2,
+    DEBUG = 3,
+    TRACE = 4
+}
+export interface LogEntry {
+    timestamp: string;
+    level: string;
+    message: string;
+    context?: string;
+    metadata?: Record<string, any>;
+    error?: {
+        name: string;
+        message: string;
+        stack?: string;
+    };
+}
+export interface LoggerConfig {
+    level: LogLevel;
+    enableConsole: boolean;
+    enableFile: boolean;
+    logDir?: string;
+    maxFileSize?: number;
+    maxFiles?: number;
+    format?: 'json' | 'pretty';
+}
+declare class Logger {
+    private config;
+    private logStream?;
+    constructor(config?: Partial<LoggerConfig>);
+    private setupFileLogging;
+    private shouldLog;
+    private formatLogEntry;
+    private formatLevel;
+    private formatTimestamp;
+    private formatContext;
+    private formatMetadata;
+    private formatValue;
+    private formatError;
+    private log;
+    error(message: string, context?: string, metadata?: Record<string, any>, error?: Error): void;
+    warn(message: string, context?: string, metadata?: Record<string, any>): void;
+    info(message: string, context?: string, metadata?: Record<string, any>): void;
+    debug(message: string, context?: string, metadata?: Record<string, any>): void;
+    trace(message: string, context?: string, metadata?: Record<string, any>): void;
+    http(method: string, url: string, statusCode: number, responseTime?: number, context?: string): void;
+    private getHttpStatusIcon;
+    database(operation: string, table: string, duration?: number, context?: string): void;
+    private getDatabaseOperationIcon;
+    auth(action: string, userId?: string, context?: string): void;
+    trpc(procedure: string, input?: any, output?: any, duration?: number, context?: string): void;
+    updateConfig(newConfig: Partial<LoggerConfig>): void;
+    progress(message: string, current: number, total: number, context?: string): void;
+    private createProgressBar;
+    success(message: string, context?: string, metadata?: Record<string, any>): void;
+    failure(message: string, context?: string, metadata?: Record<string, any>, error?: Error): void;
+    close(): void;
+}
+export declare const logger: Logger;
+export { Logger };