@goscribe/server 1.0.4 → 1.0.6

package/src/routers/_app.ts

@@ -2,10 +2,14 @@ import { inferRouterInputs, inferRouterOutputs } from '@trpc/server';
 import { router } from '../trpc.js';
 import { auth } from './auth.js';
 import { workspace } from './workspace.js';
+import { flashcards } from './flashcards';
+import { worksheets } from './worksheets';
 
 export const appRouter = router({
   auth,
-  workspace
+  workspace,
+  flashcards,
+  worksheets,
 });
 
 // Export type for client inference

package/src/routers/auth.ts

@@ -1,6 +1,7 @@
 import { z } from 'zod';
 import { router, publicProcedure, authedProcedure } from '../trpc.js';
 import bcrypt from 'bcryptjs';
+import { serialize } from 'cookie';
 
 export const auth = router({
   signup: publicProcedure
@@ -48,7 +49,14 @@ export const auth = router({
         throw new Error("Invalid credentials");
       }
 
-      return { id: user.id, email: user.email, name: user.name };
+      const session = await ctx.db.session.create({
+        data: {
+          userId: user.id,
+          expires: new Date(Date.now() + 1000 * 60 * 60 * 24 * 30),
+        },
+      });
+
+      return { id: session.id, session: session.id, user: { id: user.id, email: user.email, name: user.name, image: user.image } };
     }),
   getSession: publicProcedure.query(async ({ ctx }) => {
     const session = await ctx.db.session.findUnique({
@@ -73,6 +81,14 @@ export const auth = router({
       throw new Error("User not found");
     }
 
+    ctx.res.setHeader("Set-Cookie", serialize("auth_token", session.id, {
+      httpOnly: true,
+      secure: process.env.NODE_ENV === "production",
+      sameSite: "none", // cross-origin XHR needs None
+      path: "/",
+      maxAge: 60 * 60 * 24 * 7,
+    }));
+
     return { id: session.id, userId: session.userId, user: { id: user.id, email: user.email, name: user.name, image: user.image } };
   }),
 });

package/src/routers/flashcards.ts

@@ -0,0 +1,129 @@
+import { z } from 'zod';
+import { TRPCError } from '@trpc/server';
+import { router, authedProcedure } from '../trpc.js';
+// Prisma enum values mapped manually to avoid type import issues in ESM
+const ArtifactType = {
+  STUDY_GUIDE: 'STUDY_GUIDE',
+  FLASHCARD_SET: 'FLASHCARD_SET',
+  WORKSHEET: 'WORKSHEET',
+  MEETING_SUMMARY: 'MEETING_SUMMARY',
+  PODCAST_EPISODE: 'PODCAST_EPISODE',
+} as const;
+
+export const flashcards = router({
+  listSets: authedProcedure
+    .input(z.object({ workspaceId: z.string().uuid() }))
+    .query(async ({ ctx, input }) => {
+      const workspace = await ctx.db.workspace.findFirst({
+        where: { id: input.workspaceId, ownerId: ctx.session.user.id },
+      });
+      if (!workspace) throw new TRPCError({ code: 'NOT_FOUND' });
+      return ctx.db.artifact.findMany({
+        where: { workspaceId: input.workspaceId, type: ArtifactType.FLASHCARD_SET },
+        orderBy: { updatedAt: 'desc' },
+      });
+    }),
+
+  createSet: authedProcedure
+    .input(z.object({ workspaceId: z.string().uuid(), title: z.string().min(1).max(120) }))
+    .mutation(async ({ ctx, input }) => {
+      const workspace = await ctx.db.workspace.findFirst({
+        where: { id: input.workspaceId, ownerId: ctx.session.user.id },
+      });
+      if (!workspace) throw new TRPCError({ code: 'NOT_FOUND' });
+      return ctx.db.artifact.create({
+        data: {
+          workspaceId: input.workspaceId,
+          type: ArtifactType.FLASHCARD_SET,
+          title: input.title,
+          createdById: ctx.session.user.id,
+        },
+      });
+    }),
+
+  getSet: authedProcedure
+    .input(z.object({ setId: z.string().uuid() }))
+    .query(async ({ ctx, input }) => {
+      const set = await ctx.db.artifact.findFirst({
+        where: {
+          id: input.setId,
+          type: ArtifactType.FLASHCARD_SET,
+          workspace: { ownerId: ctx.session.user.id },
+        },
+        include: { flashcards: true },
+      });
+      if (!set) throw new TRPCError({ code: 'NOT_FOUND' });
+      return set;
+    }),
+
+  createCard: authedProcedure
+    .input(z.object({
+      setId: z.string().uuid(),
+      front: z.string().min(1),
+      back: z.string().min(1),
+      tags: z.array(z.string()).optional(),
+      order: z.number().int().optional(),
+    }))
+    .mutation(async ({ ctx, input }) => {
+      const set = await ctx.db.artifact.findFirst({
+        where: { id: input.setId, type: ArtifactType.FLASHCARD_SET, workspace: { ownerId: ctx.session.user.id } },
+      });
+      if (!set) throw new TRPCError({ code: 'NOT_FOUND' });
+      return ctx.db.flashcard.create({
+        data: {
+          artifactId: input.setId,
+          front: input.front,
+          back: input.back,
+          tags: input.tags ?? [],
+          order: input.order ?? 0,
+        },
+      });
+    }),
+
+  updateCard: authedProcedure
+    .input(z.object({
+      cardId: z.string().uuid(),
+      front: z.string().optional(),
+      back: z.string().optional(),
+      tags: z.array(z.string()).optional(),
+      order: z.number().int().optional(),
+    }))
+    .mutation(async ({ ctx, input }) => {
+      const card = await ctx.db.flashcard.findFirst({
+        where: { id: input.cardId, artifact: { type: ArtifactType.FLASHCARD_SET, workspace: { ownerId: ctx.session.user.id } } },
+      });
+      if (!card) throw new TRPCError({ code: 'NOT_FOUND' });
+      return ctx.db.flashcard.update({
+        where: { id: input.cardId },
+        data: {
+          front: input.front ?? card.front,
+          back: input.back ?? card.back,
+          tags: input.tags ?? card.tags,
+          order: input.order ?? card.order,
+        },
+      });
+    }),
+
+  deleteCard: authedProcedure
+    .input(z.object({ cardId: z.string().uuid() }))
+    .mutation(async ({ ctx, input }) => {
+      const card = await ctx.db.flashcard.findFirst({
+        where: { id: input.cardId, artifact: { workspace: { ownerId: ctx.session.user.id } } },
+      });
+      if (!card) throw new TRPCError({ code: 'NOT_FOUND' });
+      await ctx.db.flashcard.delete({ where: { id: input.cardId } });
+      return true;
+    }),
+
+  deleteSet: authedProcedure
+    .input(z.object({ setId: z.string().uuid() }))
+    .mutation(async ({ ctx, input }) => {
+      const deleted = await ctx.db.artifact.deleteMany({
+        where: { id: input.setId, type: ArtifactType.FLASHCARD_SET, workspace: { ownerId: ctx.session.user.id } },
+      });
+      if (deleted.count === 0) throw new TRPCError({ code: 'NOT_FOUND' });
+      return true;
+    }),
+});
+
+

package/src/routers/worksheets.ts

@@ -0,0 +1,143 @@
+import { z } from 'zod';
+import { TRPCError } from '@trpc/server';
+import { router, authedProcedure } from '../trpc.js';
+
+// Avoid importing Prisma enums directly; mirror values as string literals
+const ArtifactType = {
+  WORKSHEET: 'WORKSHEET',
+} as const;
+
+const Difficulty = {
+  EASY: 'EASY',
+  MEDIUM: 'MEDIUM',
+  HARD: 'HARD',
+} as const;
+
+export const worksheets = router({
+  // List all worksheet artifacts for a workspace
+  listSets: authedProcedure
+    .input(z.object({ workspaceId: z.string().uuid() }))
+    .query(async ({ ctx, input }) => {
+      const workspace = await ctx.db.workspace.findFirst({
+        where: { id: input.workspaceId, ownerId: ctx.session.user.id },
+      });
+      if (!workspace) throw new TRPCError({ code: 'NOT_FOUND' });
+      return ctx.db.artifact.findMany({
+        where: { workspaceId: input.workspaceId, type: ArtifactType.WORKSHEET },
+        orderBy: { updatedAt: 'desc' },
+      });
+    }),
+
+  // Create a worksheet set
+  createSet: authedProcedure
+    .input(z.object({ workspaceId: z.string().uuid(), title: z.string().min(1).max(120) }))
+    .mutation(async ({ ctx, input }) => {
+      const workspace = await ctx.db.workspace.findFirst({
+        where: { id: input.workspaceId, ownerId: ctx.session.user.id },
+      });
+      if (!workspace) throw new TRPCError({ code: 'NOT_FOUND' });
+      return ctx.db.artifact.create({
+        data: {
+          workspaceId: input.workspaceId,
+          type: ArtifactType.WORKSHEET,
+          title: input.title,
+          createdById: ctx.session.user.id,
+        },
+      });
+    }),
+
+  // Get a worksheet with its questions
+  getSet: authedProcedure
+    .input(z.object({ setId: z.string().uuid() }))
+    .query(async ({ ctx, input }) => {
+      const set = await ctx.db.artifact.findFirst({
+        where: {
+          id: input.setId,
+          type: ArtifactType.WORKSHEET,
+          workspace: { ownerId: ctx.session.user.id },
+        },
+        include: { questions: true },
+      });
+      if (!set) throw new TRPCError({ code: 'NOT_FOUND' });
+      return set;
+    }),
+
+  // Add a question to a worksheet
+  createQuestion: authedProcedure
+    .input(z.object({
+      setId: z.string().uuid(),
+      prompt: z.string().min(1),
+      answer: z.string().optional(),
+      difficulty: z.enum(['EASY', 'MEDIUM', 'HARD']).optional(),
+      order: z.number().int().optional(),
+      meta: z.record(z.string(), z.unknown()).optional(),
+    }))
+    .mutation(async ({ ctx, input }) => {
+      const set = await ctx.db.artifact.findFirst({
+        where: { id: input.setId, type: ArtifactType.WORKSHEET, workspace: { ownerId: ctx.session.user.id } },
+      });
+      if (!set) throw new TRPCError({ code: 'NOT_FOUND' });
+      return ctx.db.worksheetQuestion.create({
+        data: {
+          artifactId: input.setId,
+          prompt: input.prompt,
+          answer: input.answer,
+          difficulty: (input.difficulty ?? Difficulty.MEDIUM) as any,
+          order: input.order ?? 0,
+          meta: input.meta as any,
+        },
+      });
+    }),
+
+  // Update a question
+  updateQuestion: authedProcedure
+    .input(z.object({
+      questionId: z.string().uuid(),
+      prompt: z.string().optional(),
+      answer: z.string().optional(),
+      difficulty: z.enum(['EASY', 'MEDIUM', 'HARD']).optional(),
+      order: z.number().int().optional(),
+      meta: z.record(z.string(), z.unknown()).optional(),
+    }))
+    .mutation(async ({ ctx, input }) => {
+      const q = await ctx.db.worksheetQuestion.findFirst({
+        where: { id: input.questionId, artifact: { type: ArtifactType.WORKSHEET, workspace: { ownerId: ctx.session.user.id } } },
+      });
+      if (!q) throw new TRPCError({ code: 'NOT_FOUND' });
+      return ctx.db.worksheetQuestion.update({
+        where: { id: input.questionId },
+        data: {
+          prompt: input.prompt ?? q.prompt,
+          answer: input.answer ?? q.answer,
+          difficulty: (input.difficulty ?? q.difficulty) as any,
+          order: input.order ?? q.order,
+          meta: (input.meta ?? q.meta) as any,
+        },
+      });
+    }),
+
+  // Delete a question
+  deleteQuestion: authedProcedure
+    .input(z.object({ questionId: z.string().uuid() }))
+    .mutation(async ({ ctx, input }) => {
+      const q = await ctx.db.worksheetQuestion.findFirst({
+        where: { id: input.questionId, artifact: { workspace: { ownerId: ctx.session.user.id } } },
+      });
+      if (!q) throw new TRPCError({ code: 'NOT_FOUND' });
+      await ctx.db.worksheetQuestion.delete({ where: { id: input.questionId } });
+      return true;
+    }),
+
+  // Delete a worksheet set and its questions
+  deleteSet: authedProcedure
+    .input(z.object({ setId: z.string().uuid() }))
+    .mutation(async ({ ctx, input }) => {
+      const deleted = await ctx.db.artifact.deleteMany({
+        where: { id: input.setId, type: ArtifactType.WORKSHEET, workspace: { ownerId: ctx.session.user.id } },
+      });
+      if (deleted.count === 0) throw new TRPCError({ code: 'NOT_FOUND' });
+      return true;
+    }),
+});
+
+

package/src/routers/workspace.ts

@@ -1,16 +1,17 @@
 import { z } from 'zod';
+import { TRPCError } from '@trpc/server';
 import { router, publicProcedure, authedProcedure } from '../trpc.js';
 import { bucket } from '../lib/storage.js';
-import { FileAsset } from '@prisma/client';
 
 export const workspace = router({
-  // Mutation with Zod input
+  // List current user's workspaces
   list: authedProcedure
-    .query(async ({ ctx, input }) => {
+    .query(async ({ ctx }) => {
       const workspaces = await ctx.db.workspace.findMany({
         where: {
-          ownerId: ctx.session?.user.id,
+          ownerId: ctx.session.user.id,
         },
+        orderBy: { updatedAt: 'desc' },
       });
       return workspaces;
     }),
@@ -20,25 +21,26 @@ export const workspace = router({
         name: z.string().min(1).max(100),
         description: z.string().max(500).optional(),
      }))
-    .mutation(({ ctx, input}) => {
-      return ctx.db.workspace.create({
+    .mutation(async ({ ctx, input}) => {
+      const ws = await ctx.db.workspace.create({
         data: {
           title: input.name,
           description: input.description,
-          ownerId: ctx.session?.user.id,
+          ownerId: ctx.session.user.id,
         },
       });
+      return ws;
     }),
   get: authedProcedure
     .input(z.object({
         id: z.string().uuid(),
      }))
-    .query(({ ctx, input }) => {
-      return ctx.db.workspace.findUnique({
-        where: {
-          id: input.id,
-        },
+    .query(async ({ ctx, input }) => {
+      const ws = await ctx.db.workspace.findFirst({
+        where: { id: input.id, ownerId: ctx.session.user.id },
       });
+      if (!ws) throw new TRPCError({ code: 'NOT_FOUND' });
+      return ws;
     }),
   update: authedProcedure
     .input(z.object({
@@ -46,27 +48,29 @@ export const workspace = router({
         name: z.string().min(1).max(100).optional(),
         description: z.string().max(500).optional(),
      }))
-    .mutation(({ ctx, input }) => {
-      return ctx.db.workspace.update({
-        where: {
-          id: input.id,
-        },
+    .mutation(async ({ ctx, input }) => {
+      const existed = await ctx.db.workspace.findFirst({
+        where: { id: input.id, ownerId: ctx.session.user.id },
+      });
+      if (!existed) throw new TRPCError({ code: 'NOT_FOUND' });
+      const updated = await ctx.db.workspace.update({
+        where: { id: input.id },
         data: {
-          title: input.name,
+          title: input.name ?? existed.title,
           description: input.description,
         },
-      }); 
+      });
+      return updated; 
     }), 
     delete: authedProcedure
     .input(z.object({
         id: z.string().uuid(),
      }))
-    .mutation(({ ctx, input }) => {
-      ctx.db.workspace.delete({
-        where: {
-          id: input.id,
-        },
+    .mutation(async ({ ctx, input }) => {
+      const deleted = await ctx.db.workspace.deleteMany({
+        where: { id: input.id, ownerId: ctx.session.user.id },
       });
+      if (deleted.count === 0) throw new TRPCError({ code: 'NOT_FOUND' });
       return true;
     }),
     uploadFiles: authedProcedure
@@ -81,6 +85,9 @@ export const workspace = router({
         ),
      }))
     .mutation(async ({ ctx, input }) => {
+      // ensure workspace belongs to user
+      const ws = await ctx.db.workspace.findFirst({ where: { id: input.id, ownerId: ctx.session.user.id } });
+      if (!ws) throw new TRPCError({ code: 'NOT_FOUND' });
       const results = [];
 
       for (const file of input.files) {
@@ -127,31 +134,32 @@ export const workspace = router({
         fileId: z.array(z.string().uuid()),
         id: z.string().uuid(),
      }))
-    .mutation(({ ctx, input }) => {
-      const files = ctx.db.fileAsset.findMany({
+    .mutation(async ({ ctx, input }) => {
+      // ensure files are in the user's workspace
+      const files = await ctx.db.fileAsset.findMany({
         where: {
           id: { in: input.fileId },
           workspaceId: input.id,
+          userId: ctx.session.user.id,
         },
       });
+      // Delete from GCS (best-effort)
+      for (const file of files) {
+        if (file.bucket && file.objectKey) {
+          const gcsFile: import('@google-cloud/storage').File = bucket.file(file.objectKey);
+          gcsFile.delete({ ignoreNotFound: true }).catch((err: unknown) => {
+            console.error(`Error deleting file ${file.objectKey} from bucket ${file.bucket}:`, err);
+          });
+        }
+      }
 
-      // Delete from GCS
-      files.then((fileRecords: FileAsset[]) => {
-        fileRecords.forEach((file: FileAsset) => {
-          if (file.bucket && file.objectKey) {
-        const gcsFile: import('@google-cloud/storage').File = bucket.file(file.objectKey);
-        gcsFile.delete({ ignoreNotFound: true }).catch((err: unknown) => {
-          console.error(`Error deleting file ${file.objectKey} from bucket ${file.bucket}:`, err);
-        });
-          }
-        });
-      });
-
-      return ctx.db.fileAsset.deleteMany({
+      await ctx.db.fileAsset.deleteMany({
         where: {
           id: { in: input.fileId },
           workspaceId: input.id,
+          userId: ctx.session.user.id,
         },
       });
+      return true;
     }),
 });