@goscribe/server 1.0.5 → 1.0.7

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@goscribe/server",
-  "version": "1.0.5",
+  "version": "1.0.7",
   "description": "",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -24,11 +24,11 @@
     "@google-cloud/storage": "^7.17.0",
     "@prisma/client": "^6.14.0",
     "@trpc/server": "^11.5.0",
-    "@types/cookie": "^1.0.0",
     "bcryptjs": "^3.0.2",
     "compression": "^1.8.1",
     "cookie": "^1.0.2",
     "cors": "^2.8.5",
+    "dotenv": "^17.2.1",
     "express": "^5.1.0",
     "helmet": "^8.1.0",
     "morgan": "^1.10.1",
@@ -38,6 +38,7 @@
   },
   "devDependencies": {
     "@types/compression": "^1.8.1",
+    "@types/cookie": "^1.0.0",
     "@types/cors": "^2.8.19",
     "@types/express": "^5.0.3",
     "@types/morgan": "^1.9.10",

package/src/context.ts

@@ -9,6 +9,7 @@ export async function createContext({ req, res }: CreateExpressContextOptions) {
 
   // Only use custom auth cookie
   const custom = verifyCustomAuthCookie(cookies["auth_token"]);
+  
   if (custom) {
     return { db: prisma, session: { user: { id: custom.userId } } as any, req, res, cookies };
   }

package/src/lib/auth.ts

@@ -3,26 +3,38 @@ import crypto from "node:crypto";
 
 // Custom HMAC cookie: auth_token = base64(userId).hex(hmacSHA256(base64(userId), secret))
 export function verifyCustomAuthCookie(cookieValue: string | undefined): { userId: string } | null {
-  if (!cookieValue) return null;
+  if (!cookieValue) {
+    return null;
+  }
+  
   const secret = process.env.CUSTOM_AUTH_SECRET;
-  if (!secret) return null;
+  
+  if (!secret) {
+    return null;
+  }
 
   const parts = cookieValue.split(".");
-  if (parts.length !== 2) return null;
+  
+  if (parts.length !== 2) {
+    return null;
+  }
   const [base64UserId, signatureHex] = parts;
 
   let userId: string;
   try {
     const buf = Buffer.from(base64UserId, "base64url");
     userId = buf.toString("utf8");
-  } catch {
+  } catch (error) {
     return null;
   }
 
   const hmac = crypto.createHmac("sha256", secret);
   hmac.update(base64UserId);
   const expected = hmac.digest("hex");
-  if (!timingSafeEqualHex(signatureHex, expected)) return null;
+  
+  if (!timingSafeEqualHex(signatureHex, expected)) {
+    return null;
+  }
 
   return { userId };
 }

package/src/routers/_app.ts

@@ -2,10 +2,14 @@ import { inferRouterInputs, inferRouterOutputs } from '@trpc/server';
 import { router } from '../trpc.js';
 import { auth } from './auth.js';
 import { workspace } from './workspace.js';
+import { flashcards } from './flashcards.js';
+import { worksheets } from './worksheets.js';
 
 export const appRouter = router({
   auth,
-  workspace
+  workspace,
+  flashcards,
+  worksheets,
 });
 
 // Export type for client inference

package/src/routers/auth.ts

@@ -1,6 +1,22 @@
 import { z } from 'zod';
 import { router, publicProcedure, authedProcedure } from '../trpc.js';
 import bcrypt from 'bcryptjs';
+import { serialize } from 'cookie';
+import crypto from 'node:crypto';
+
+// Helper to create custom auth token
+function createCustomAuthToken(userId: string): string {
+  const secret = process.env.AUTH_SECRET;
+  if (!secret) {
+    throw new Error("AUTH_SECRET is not set");
+  }
+  
+  const base64UserId = Buffer.from(userId, 'utf8').toString('base64url');
+  const hmac = crypto.createHmac('sha256', secret);
+  hmac.update(base64UserId);
+  const signature = hmac.digest('hex');
+  return `${base64UserId}.${signature}`;
+}
 
 export const auth = router({
   signup: publicProcedure
@@ -48,39 +64,61 @@ export const auth = router({
         throw new Error("Invalid credentials");
       }
 
-      const session = await ctx.db.session.create({
-        data: {
-          userId: user.id,
-          expires: new Date(Date.now() + 1000 * 60 * 60 * 24 * 30),
-        },
+      // Create custom auth token
+      const authToken = createCustomAuthToken(user.id);
+
+      // Set the cookie immediately after successful login
+      const cookieValue = serialize("auth_token", authToken, {
+        httpOnly: true,
+        secure: process.env.NODE_ENV === "production",
+        sameSite: "lax",
+        path: "/",
+        maxAge: 60 * 60 * 24 * 30, // 30 days
       });
+      
+      ctx.res.setHeader("Set-Cookie", cookieValue);
 
-      return { id: session.id, session: session.id, user: { id: user.id, email: user.email, name: user.name, image: user.image } };
+      return { 
+        id: user.id, 
+        email: user.email, 
+        name: user.name, 
+        image: user.image 
+      };
     }),
   getSession: publicProcedure.query(async ({ ctx }) => {
-    const session = await ctx.db.session.findUnique({
-      where: {
-        id: ctx.session?.id,
-      },
-    });
-
-    if (!session) {
-      throw new Error("Session not found");
-    }
-
-    if (session.expires < new Date()) {
-      throw new Error("Session expired");
+    // Just return the current session from context
+    if (!ctx.session) {
+      throw new Error("No session found");
     }
 
     const user = await ctx.db.user.findUnique({
-      where: { id: session.userId },
+      where: { id: (ctx.session as any).user.id },
     });
 
     if (!user) {
       throw new Error("User not found");
     }
 
-    return { id: session.id, userId: session.userId, user: { id: user.id, email: user.email, name: user.name, image: user.image } };
+    return { 
+      user: { 
+        id: user.id, 
+        email: user.email, 
+        name: user.name, 
+        image: user.image 
+      } 
+    };
+  }),
+  logout: publicProcedure.mutation(async ({ ctx }) => {
+    // Clear the auth cookie
+    ctx.res.setHeader("Set-Cookie", serialize("auth_token", "", {
+      httpOnly: true,
+      secure: process.env.NODE_ENV === "production",
+      sameSite: "lax",
+      path: "/",
+      maxAge: 0, // Expire immediately
+    }));
+
+    return { success: true };
   }),
 });
 

package/src/routers/flashcards.ts

@@ -0,0 +1,135 @@
+import { z } from 'zod';
+import { TRPCError } from '@trpc/server';
+import { router, authedProcedure } from '../trpc.js';
+// Prisma enum values mapped manually to avoid type import issues in ESM
+const ArtifactType = {
+  STUDY_GUIDE: 'STUDY_GUIDE',
+  FLASHCARD_SET: 'FLASHCARD_SET',
+  WORKSHEET: 'WORKSHEET',
+  MEETING_SUMMARY: 'MEETING_SUMMARY',
+  PODCAST_EPISODE: 'PODCAST_EPISODE',
+} as const;
+
+export const flashcards = router({
+  listSets: authedProcedure
+    .input(z.object({ workspaceId: z.string().uuid() }))
+    .query(async ({ ctx, input }) => {
+      const workspace = await ctx.db.workspace.findFirst({
+        where: { id: input.workspaceId, ownerId: ctx.session.user.id },
+      });
+      if (!workspace) throw new TRPCError({ code: 'NOT_FOUND' });
+      return ctx.db.artifact.findMany({
+        where: { workspaceId: input.workspaceId, type: ArtifactType.FLASHCARD_SET },
+        include: {
+          versions: {
+            orderBy: { version: 'desc' },
+            take: 1, // Get only the latest version
+          },
+        },
+        orderBy: { updatedAt: 'desc' },
+      });
+    }),
+
+  createSet: authedProcedure
+    .input(z.object({ workspaceId: z.string().uuid(), title: z.string().min(1).max(120) }))
+    .mutation(async ({ ctx, input }) => {
+      const workspace = await ctx.db.workspace.findFirst({
+        where: { id: input.workspaceId, ownerId: ctx.session.user.id },
+      });
+      if (!workspace) throw new TRPCError({ code: 'NOT_FOUND' });
+      return ctx.db.artifact.create({
+        data: {
+          workspaceId: input.workspaceId,
+          type: ArtifactType.FLASHCARD_SET,
+          title: input.title,
+          createdById: ctx.session.user.id,
+        },
+      });
+    }),
+
+  getSet: authedProcedure
+    .input(z.object({ setId: z.string().uuid() }))
+    .query(async ({ ctx, input }) => {
+      const set = await ctx.db.artifact.findFirst({
+        where: {
+          id: input.setId,
+          type: ArtifactType.FLASHCARD_SET,
+          workspace: { ownerId: ctx.session.user.id },
+        },
+        include: { flashcards: true },
+      });
+      if (!set) throw new TRPCError({ code: 'NOT_FOUND' });
+      return set;
+    }),
+
+  createCard: authedProcedure
+    .input(z.object({
+      setId: z.string().uuid(),
+      front: z.string().min(1),
+      back: z.string().min(1),
+      tags: z.array(z.string()).optional(),
+      order: z.number().int().optional(),
+    }))
+    .mutation(async ({ ctx, input }) => {
+      const set = await ctx.db.artifact.findFirst({
+        where: { id: input.setId, type: ArtifactType.FLASHCARD_SET, workspace: { ownerId: ctx.session.user.id } },
+      });
+      if (!set) throw new TRPCError({ code: 'NOT_FOUND' });
+      return ctx.db.flashcard.create({
+        data: {
+          artifactId: input.setId,
+          front: input.front,
+          back: input.back,
+          tags: input.tags ?? [],
+          order: input.order ?? 0,
+        },
+      });
+    }),
+
+  updateCard: authedProcedure
+    .input(z.object({
+      cardId: z.string().uuid(),
+      front: z.string().optional(),
+      back: z.string().optional(),
+      tags: z.array(z.string()).optional(),
+      order: z.number().int().optional(),
+    }))
+    .mutation(async ({ ctx, input }) => {
+      const card = await ctx.db.flashcard.findFirst({
+        where: { id: input.cardId, artifact: { type: ArtifactType.FLASHCARD_SET, workspace: { ownerId: ctx.session.user.id } } },
+      });
+      if (!card) throw new TRPCError({ code: 'NOT_FOUND' });
+      return ctx.db.flashcard.update({
+        where: { id: input.cardId },
+        data: {
+          front: input.front ?? card.front,
+          back: input.back ?? card.back,
+          tags: input.tags ?? card.tags,
+          order: input.order ?? card.order,
+        },
+      });
+    }),
+
+  deleteCard: authedProcedure
+    .input(z.object({ cardId: z.string().uuid() }))
+    .mutation(async ({ ctx, input }) => {
+      const card = await ctx.db.flashcard.findFirst({
+        where: { id: input.cardId, artifact: { workspace: { ownerId: ctx.session.user.id } } },
+      });
+      if (!card) throw new TRPCError({ code: 'NOT_FOUND' });
+      await ctx.db.flashcard.delete({ where: { id: input.cardId } });
+      return true;
+    }),
+
+  deleteSet: authedProcedure
+    .input(z.object({ setId: z.string().uuid() }))
+    .mutation(async ({ ctx, input }) => {
+      const deleted = await ctx.db.artifact.deleteMany({
+        where: { id: input.setId, type: ArtifactType.FLASHCARD_SET, workspace: { ownerId: ctx.session.user.id } },
+      });
+      if (deleted.count === 0) throw new TRPCError({ code: 'NOT_FOUND' });
+      return true;
+    }),
+});
+
+

package/src/routers/worksheets.ts

@@ -0,0 +1,149 @@
+import { z } from 'zod';
+import { TRPCError } from '@trpc/server';
+import { router, authedProcedure } from '../trpc.js';
+
+// Avoid importing Prisma enums directly; mirror values as string literals
+const ArtifactType = {
+  WORKSHEET: 'WORKSHEET',
+} as const;
+
+const Difficulty = {
+  EASY: 'EASY',
+  MEDIUM: 'MEDIUM',
+  HARD: 'HARD',
+} as const;
+
+export const worksheets = router({
+  // List all worksheet artifacts for a workspace
+  listSets: authedProcedure
+    .input(z.object({ workspaceId: z.string().uuid() }))
+    .query(async ({ ctx, input }) => {
+      const workspace = await ctx.db.workspace.findFirst({
+        where: { id: input.workspaceId, ownerId: ctx.session.user.id },
+      });
+      if (!workspace) throw new TRPCError({ code: 'NOT_FOUND' });
+      return ctx.db.artifact.findMany({
+        where: { workspaceId: input.workspaceId, type: ArtifactType.WORKSHEET },
+        include: {
+          versions: {
+            orderBy: { version: 'desc' },
+            take: 1, // Get only the latest version
+          },
+        },
+        orderBy: { updatedAt: 'desc' },
+      });
+    }),
+
+  // Create a worksheet set
+  createWorksheet: authedProcedure
+    .input(z.object({ workspaceId: z.string().uuid(), title: z.string().min(1).max(120) }))
+    .mutation(async ({ ctx, input }) => {
+      const workspace = await ctx.db.workspace.findFirst({
+        where: { id: input.workspaceId, ownerId: ctx.session.user.id },
+      });
+      if (!workspace) throw new TRPCError({ code: 'NOT_FOUND' });
+      return ctx.db.artifact.create({
+        data: {
+          workspaceId: input.workspaceId,
+          type: ArtifactType.WORKSHEET,
+          title: input.title,
+          createdById: ctx.session.user.id,
+        },
+      });
+    }),
+
+  // Get a worksheet with its questions
+  getWorksheet: authedProcedure
+    .input(z.object({ worksheetId: z.string().uuid() }))
+    .query(async ({ ctx, input }) => {
+      const worksheet = await ctx.db.artifact.findFirst({
+        where: {
+          id: input.worksheetId,
+          type: ArtifactType.WORKSHEET,
+          workspace: { ownerId: ctx.session.user.id },
+        },
+        include: { questions: true },
+      });
+      if (!worksheet) throw new TRPCError({ code: 'NOT_FOUND' });
+      return worksheet;
+    }),
+
+  // Add a question to a worksheet
+  createWorksheetQuestion: authedProcedure
+    .input(z.object({
+      worksheetId: z.string().uuid(),
+      prompt: z.string().min(1),
+      answer: z.string().optional(),
+      difficulty: z.enum(['EASY', 'MEDIUM', 'HARD']).optional(),
+      order: z.number().int().optional(),
+      meta: z.record(z.string(), z.unknown()).optional(),
+    }))
+    .mutation(async ({ ctx, input }) => {
+      const worksheet = await ctx.db.artifact.findFirst({
+        where: { id: input.worksheetId, type: ArtifactType.WORKSHEET, workspace: { ownerId: ctx.session.user.id } },
+      });
+      if (!worksheet) throw new TRPCError({ code: 'NOT_FOUND' });
+      return ctx.db.worksheetQuestion.create({
+        data: {
+          artifactId: input.worksheetId,
+          prompt: input.prompt,
+          answer: input.answer,
+          difficulty: (input.difficulty ?? Difficulty.MEDIUM) as any,
+          order: input.order ?? 0,
+          meta: input.meta as any,
+        },
+      });
+    }),
+
+  // Update a question
+  updateWorksheetQuestion: authedProcedure
+    .input(z.object({
+      worksheetQuestionId: z.string().uuid(),
+      prompt: z.string().optional(),
+      answer: z.string().optional(),
+      difficulty: z.enum(['EASY', 'MEDIUM', 'HARD']).optional(),
+      order: z.number().int().optional(),
+      meta: z.record(z.string(), z.unknown()).optional(),
+    }))
+    .mutation(async ({ ctx, input }) => {
+      const q = await ctx.db.worksheetQuestion.findFirst({
+        where: { id: input.worksheetQuestionId, artifact: { type: ArtifactType.WORKSHEET, workspace: { ownerId: ctx.session.user.id } } },
+      });
+      if (!q) throw new TRPCError({ code: 'NOT_FOUND' });
+      return ctx.db.worksheetQuestion.update({
+        where: { id: input.worksheetQuestionId },
+        data: {
+          prompt: input.prompt ?? q.prompt,
+          answer: input.answer ?? q.answer,
+          difficulty: (input.difficulty ?? q.difficulty) as any,
+          order: input.order ?? q.order,
+          meta: (input.meta ?? q.meta) as any,
+        },
+      });
+    }),
+
+  // Delete a question
+  deleteWorksheetQuestion: authedProcedure
+    .input(z.object({ worksheetQuestionId: z.string().uuid() }))
+    .mutation(async ({ ctx, input }) => {
+      const q = await ctx.db.worksheetQuestion.findFirst({
+        where: { id: input.worksheetQuestionId, artifact: { workspace: { ownerId: ctx.session.user.id } } },
+      });
+      if (!q) throw new TRPCError({ code: 'NOT_FOUND' });
+      await ctx.db.worksheetQuestion.delete({ where: { id: input.worksheetQuestionId } });
+      return true;
+    }),
+
+  // Delete a worksheet set and its questions
+  deleteWorksheet: authedProcedure
+      .input(z.object({ worksheetId: z.string().uuid() }))
+    .mutation(async ({ ctx, input }) => {
+      const deleted = await ctx.db.artifact.deleteMany({
+        where: { id: input.worksheetId, type: ArtifactType.WORKSHEET, workspace: { ownerId: ctx.session.user.id } },
+      });
+      if (deleted.count === 0) throw new TRPCError({ code: 'NOT_FOUND' });
+      return true;
+    }),
+});
+
+

package/src/routers/workspace.ts

@@ -1,16 +1,17 @@
 import { z } from 'zod';
+import { TRPCError } from '@trpc/server';
 import { router, publicProcedure, authedProcedure } from '../trpc.js';
 import { bucket } from '../lib/storage.js';
-import { FileAsset } from '@prisma/client';
 
 export const workspace = router({
-  // Mutation with Zod input
+  // List current user's workspaces
   list: authedProcedure
-    .query(async ({ ctx, input }) => {
+    .query(async ({ ctx }) => {
       const workspaces = await ctx.db.workspace.findMany({
         where: {
-          ownerId: ctx.session?.user.id,
+          ownerId: ctx.session.user.id,
         },
+        orderBy: { updatedAt: 'desc' },
       });
       return workspaces;
     }),
@@ -20,25 +21,26 @@ export const workspace = router({
         name: z.string().min(1).max(100),
         description: z.string().max(500).optional(),
      }))
-    .mutation(({ ctx, input}) => {
-      return ctx.db.workspace.create({
+    .mutation(async ({ ctx, input}) => {
+      const ws = await ctx.db.workspace.create({
         data: {
           title: input.name,
           description: input.description,
-          ownerId: ctx.session?.user.id,
+          ownerId: ctx.session.user.id,
         },
       });
+      return ws;
     }),
   get: authedProcedure
     .input(z.object({
         id: z.string().uuid(),
      }))
-    .query(({ ctx, input }) => {
-      return ctx.db.workspace.findUnique({
-        where: {
-          id: input.id,
-        },
+    .query(async ({ ctx, input }) => {
+      const ws = await ctx.db.workspace.findFirst({
+        where: { id: input.id, ownerId: ctx.session.user.id },
       });
+      if (!ws) throw new TRPCError({ code: 'NOT_FOUND' });
+      return ws;
     }),
   update: authedProcedure
     .input(z.object({
@@ -46,27 +48,29 @@ export const workspace = router({
         name: z.string().min(1).max(100).optional(),
         description: z.string().max(500).optional(),
      }))
-    .mutation(({ ctx, input }) => {
-      return ctx.db.workspace.update({
-        where: {
-          id: input.id,
-        },
+    .mutation(async ({ ctx, input }) => {
+      const existed = await ctx.db.workspace.findFirst({
+        where: { id: input.id, ownerId: ctx.session.user.id },
+      });
+      if (!existed) throw new TRPCError({ code: 'NOT_FOUND' });
+      const updated = await ctx.db.workspace.update({
+        where: { id: input.id },
         data: {
-          title: input.name,
+          title: input.name ?? existed.title,
           description: input.description,
         },
-      }); 
+      });
+      return updated; 
     }), 
     delete: authedProcedure
     .input(z.object({
         id: z.string().uuid(),
      }))
-    .mutation(({ ctx, input }) => {
-      ctx.db.workspace.delete({
-        where: {
-          id: input.id,
-        },
+    .mutation(async ({ ctx, input }) => {
+      const deleted = await ctx.db.workspace.deleteMany({
+        where: { id: input.id, ownerId: ctx.session.user.id },
       });
+      if (deleted.count === 0) throw new TRPCError({ code: 'NOT_FOUND' });
       return true;
     }),
     uploadFiles: authedProcedure
@@ -81,6 +85,9 @@ export const workspace = router({
         ),
      }))
     .mutation(async ({ ctx, input }) => {
+      // ensure workspace belongs to user
+      const ws = await ctx.db.workspace.findFirst({ where: { id: input.id, ownerId: ctx.session.user.id } });
+      if (!ws) throw new TRPCError({ code: 'NOT_FOUND' });
       const results = [];
 
       for (const file of input.files) {
@@ -127,31 +134,32 @@ export const workspace = router({
         fileId: z.array(z.string().uuid()),
         id: z.string().uuid(),
      }))
-    .mutation(({ ctx, input }) => {
-      const files = ctx.db.fileAsset.findMany({
+    .mutation(async ({ ctx, input }) => {
+      // ensure files are in the user's workspace
+      const files = await ctx.db.fileAsset.findMany({
         where: {
           id: { in: input.fileId },
           workspaceId: input.id,
+          userId: ctx.session.user.id,
         },
       });
+      // Delete from GCS (best-effort)
+      for (const file of files) {
+        if (file.bucket && file.objectKey) {
+          const gcsFile: import('@google-cloud/storage').File = bucket.file(file.objectKey);
+          gcsFile.delete({ ignoreNotFound: true }).catch((err: unknown) => {
+            console.error(`Error deleting file ${file.objectKey} from bucket ${file.bucket}:`, err);
+          });
+        }
+      }
 
-      // Delete from GCS
-      files.then((fileRecords: FileAsset[]) => {
-        fileRecords.forEach((file: FileAsset) => {
-          if (file.bucket && file.objectKey) {
-        const gcsFile: import('@google-cloud/storage').File = bucket.file(file.objectKey);
-        gcsFile.delete({ ignoreNotFound: true }).catch((err: unknown) => {
-          console.error(`Error deleting file ${file.objectKey} from bucket ${file.bucket}:`, err);
-        });
-          }
-        });
-      });
-
-      return ctx.db.fileAsset.deleteMany({
+      await ctx.db.fileAsset.deleteMany({
         where: {
           id: { in: input.fileId },
           workspaceId: input.id,
+          userId: ctx.session.user.id,
         },
       });
+      return true;
     }),
 });

package/src/server.ts

@@ -1,3 +1,4 @@
+import 'dotenv/config';
 import express from 'express';
 import cors from 'cors';
 import helmet from 'helmet';