@goscribe/server 1.0.6 → 1.0.7

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@goscribe/server",
-  "version": "1.0.6",
+  "version": "1.0.7",
   "description": "",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -28,6 +28,7 @@
     "compression": "^1.8.1",
     "cookie": "^1.0.2",
     "cors": "^2.8.5",
+    "dotenv": "^17.2.1",
     "express": "^5.1.0",
     "helmet": "^8.1.0",
     "morgan": "^1.10.1",

package/src/context.ts

@@ -9,6 +9,7 @@ export async function createContext({ req, res }: CreateExpressContextOptions) {
 
   // Only use custom auth cookie
   const custom = verifyCustomAuthCookie(cookies["auth_token"]);
+  
   if (custom) {
     return { db: prisma, session: { user: { id: custom.userId } } as any, req, res, cookies };
   }

package/src/lib/auth.ts

@@ -3,26 +3,38 @@ import crypto from "node:crypto";
 
 // Custom HMAC cookie: auth_token = base64(userId).hex(hmacSHA256(base64(userId), secret))
 export function verifyCustomAuthCookie(cookieValue: string | undefined): { userId: string } | null {
-  if (!cookieValue) return null;
+  if (!cookieValue) {
+    return null;
+  }
+  
   const secret = process.env.CUSTOM_AUTH_SECRET;
-  if (!secret) return null;
+  
+  if (!secret) {
+    return null;
+  }
 
   const parts = cookieValue.split(".");
-  if (parts.length !== 2) return null;
+  
+  if (parts.length !== 2) {
+    return null;
+  }
   const [base64UserId, signatureHex] = parts;
 
   let userId: string;
   try {
     const buf = Buffer.from(base64UserId, "base64url");
     userId = buf.toString("utf8");
-  } catch {
+  } catch (error) {
     return null;
   }
 
   const hmac = crypto.createHmac("sha256", secret);
   hmac.update(base64UserId);
   const expected = hmac.digest("hex");
-  if (!timingSafeEqualHex(signatureHex, expected)) return null;
+  
+  if (!timingSafeEqualHex(signatureHex, expected)) {
+    return null;
+  }
 
   return { userId };
 }

package/src/routers/_app.ts

@@ -2,8 +2,8 @@ import { inferRouterInputs, inferRouterOutputs } from '@trpc/server';
 import { router } from '../trpc.js';
 import { auth } from './auth.js';
 import { workspace } from './workspace.js';
-import { flashcards } from './flashcards';
-import { worksheets } from './worksheets';
+import { flashcards } from './flashcards.js';
+import { worksheets } from './worksheets.js';
 
 export const appRouter = router({
   auth,

package/src/routers/auth.ts

@@ -2,6 +2,21 @@ import { z } from 'zod';
 import { router, publicProcedure, authedProcedure } from '../trpc.js';
 import bcrypt from 'bcryptjs';
 import { serialize } from 'cookie';
+import crypto from 'node:crypto';
+
+// Helper to create custom auth token
+function createCustomAuthToken(userId: string): string {
+  const secret = process.env.AUTH_SECRET;
+  if (!secret) {
+    throw new Error("AUTH_SECRET is not set");
+  }
+  
+  const base64UserId = Buffer.from(userId, 'utf8').toString('base64url');
+  const hmac = crypto.createHmac('sha256', secret);
+  hmac.update(base64UserId);
+  const signature = hmac.digest('hex');
+  return `${base64UserId}.${signature}`;
+}
 
 export const auth = router({
   signup: publicProcedure
@@ -49,47 +64,61 @@ export const auth = router({
         throw new Error("Invalid credentials");
       }
 
-      const session = await ctx.db.session.create({
-        data: {
-          userId: user.id,
-          expires: new Date(Date.now() + 1000 * 60 * 60 * 24 * 30),
-        },
+      // Create custom auth token
+      const authToken = createCustomAuthToken(user.id);
+
+      // Set the cookie immediately after successful login
+      const cookieValue = serialize("auth_token", authToken, {
+        httpOnly: true,
+        secure: process.env.NODE_ENV === "production",
+        sameSite: "lax",
+        path: "/",
+        maxAge: 60 * 60 * 24 * 30, // 30 days
       });
+      
+      ctx.res.setHeader("Set-Cookie", cookieValue);
 
-      return { id: session.id, session: session.id, user: { id: user.id, email: user.email, name: user.name, image: user.image } };
+      return { 
+        id: user.id, 
+        email: user.email, 
+        name: user.name, 
+        image: user.image 
+      };
     }),
   getSession: publicProcedure.query(async ({ ctx }) => {
-    const session = await ctx.db.session.findUnique({
-      where: {
-        id: ctx.session?.id,
-      },
-    });
-
-    if (!session) {
-      throw new Error("Session not found");
-    }
-
-    if (session.expires < new Date()) {
-      throw new Error("Session expired");
+    // Just return the current session from context
+    if (!ctx.session) {
+      throw new Error("No session found");
     }
 
     const user = await ctx.db.user.findUnique({
-      where: { id: session.userId },
+      where: { id: (ctx.session as any).user.id },
     });
 
     if (!user) {
       throw new Error("User not found");
     }
 
-    ctx.res.setHeader("Set-Cookie", serialize("auth_token", session.id, {
+    return { 
+      user: { 
+        id: user.id, 
+        email: user.email, 
+        name: user.name, 
+        image: user.image 
+      } 
+    };
+  }),
+  logout: publicProcedure.mutation(async ({ ctx }) => {
+    // Clear the auth cookie
+    ctx.res.setHeader("Set-Cookie", serialize("auth_token", "", {
       httpOnly: true,
       secure: process.env.NODE_ENV === "production",
-      sameSite: "none", // cross-origin XHR needs None
+      sameSite: "lax",
       path: "/",
-      maxAge: 60 * 60 * 24 * 7,
+      maxAge: 0, // Expire immediately
     }));
 
-    return { id: session.id, userId: session.userId, user: { id: user.id, email: user.email, name: user.name, image: user.image } };
+    return { success: true };
   }),
 });
 

package/src/routers/flashcards.ts

@@ -20,6 +20,12 @@ export const flashcards = router({
       if (!workspace) throw new TRPCError({ code: 'NOT_FOUND' });
       return ctx.db.artifact.findMany({
         where: { workspaceId: input.workspaceId, type: ArtifactType.FLASHCARD_SET },
+        include: {
+          versions: {
+            orderBy: { version: 'desc' },
+            take: 1, // Get only the latest version
+          },
+        },
         orderBy: { updatedAt: 'desc' },
       });
     }),

package/src/routers/worksheets.ts

@@ -24,12 +24,18 @@ export const worksheets = router({
       if (!workspace) throw new TRPCError({ code: 'NOT_FOUND' });
       return ctx.db.artifact.findMany({
         where: { workspaceId: input.workspaceId, type: ArtifactType.WORKSHEET },
+        include: {
+          versions: {
+            orderBy: { version: 'desc' },
+            take: 1, // Get only the latest version
+          },
+        },
         orderBy: { updatedAt: 'desc' },
       });
     }),
 
   // Create a worksheet set
-  createSet: authedProcedure
+  createWorksheet: authedProcedure
     .input(z.object({ workspaceId: z.string().uuid(), title: z.string().min(1).max(120) }))
     .mutation(async ({ ctx, input }) => {
       const workspace = await ctx.db.workspace.findFirst({
@@ -47,25 +53,25 @@ export const worksheets = router({
     }),
 
   // Get a worksheet with its questions
-  getSet: authedProcedure
-    .input(z.object({ setId: z.string().uuid() }))
+  getWorksheet: authedProcedure
+    .input(z.object({ worksheetId: z.string().uuid() }))
     .query(async ({ ctx, input }) => {
-      const set = await ctx.db.artifact.findFirst({
+      const worksheet = await ctx.db.artifact.findFirst({
         where: {
-          id: input.setId,
+          id: input.worksheetId,
           type: ArtifactType.WORKSHEET,
           workspace: { ownerId: ctx.session.user.id },
         },
         include: { questions: true },
       });
-      if (!set) throw new TRPCError({ code: 'NOT_FOUND' });
-      return set;
+      if (!worksheet) throw new TRPCError({ code: 'NOT_FOUND' });
+      return worksheet;
     }),
 
   // Add a question to a worksheet
-  createQuestion: authedProcedure
+  createWorksheetQuestion: authedProcedure
     .input(z.object({
-      setId: z.string().uuid(),
+      worksheetId: z.string().uuid(),
       prompt: z.string().min(1),
       answer: z.string().optional(),
       difficulty: z.enum(['EASY', 'MEDIUM', 'HARD']).optional(),
@@ -73,13 +79,13 @@ export const worksheets = router({
       meta: z.record(z.string(), z.unknown()).optional(),
     }))
     .mutation(async ({ ctx, input }) => {
-      const set = await ctx.db.artifact.findFirst({
-        where: { id: input.setId, type: ArtifactType.WORKSHEET, workspace: { ownerId: ctx.session.user.id } },
+      const worksheet = await ctx.db.artifact.findFirst({
+        where: { id: input.worksheetId, type: ArtifactType.WORKSHEET, workspace: { ownerId: ctx.session.user.id } },
       });
-      if (!set) throw new TRPCError({ code: 'NOT_FOUND' });
+      if (!worksheet) throw new TRPCError({ code: 'NOT_FOUND' });
       return ctx.db.worksheetQuestion.create({
         data: {
-          artifactId: input.setId,
+          artifactId: input.worksheetId,
           prompt: input.prompt,
           answer: input.answer,
           difficulty: (input.difficulty ?? Difficulty.MEDIUM) as any,
@@ -90,9 +96,9 @@ export const worksheets = router({
     }),
 
   // Update a question
-  updateQuestion: authedProcedure
+  updateWorksheetQuestion: authedProcedure
     .input(z.object({
-      questionId: z.string().uuid(),
+      worksheetQuestionId: z.string().uuid(),
       prompt: z.string().optional(),
       answer: z.string().optional(),
       difficulty: z.enum(['EASY', 'MEDIUM', 'HARD']).optional(),
@@ -101,11 +107,11 @@ export const worksheets = router({
     }))
     .mutation(async ({ ctx, input }) => {
       const q = await ctx.db.worksheetQuestion.findFirst({
-        where: { id: input.questionId, artifact: { type: ArtifactType.WORKSHEET, workspace: { ownerId: ctx.session.user.id } } },
+        where: { id: input.worksheetQuestionId, artifact: { type: ArtifactType.WORKSHEET, workspace: { ownerId: ctx.session.user.id } } },
       });
       if (!q) throw new TRPCError({ code: 'NOT_FOUND' });
       return ctx.db.worksheetQuestion.update({
-        where: { id: input.questionId },
+        where: { id: input.worksheetQuestionId },
         data: {
           prompt: input.prompt ?? q.prompt,
           answer: input.answer ?? q.answer,
@@ -117,23 +123,23 @@ export const worksheets = router({
     }),
 
   // Delete a question
-  deleteQuestion: authedProcedure
-    .input(z.object({ questionId: z.string().uuid() }))
+  deleteWorksheetQuestion: authedProcedure
+    .input(z.object({ worksheetQuestionId: z.string().uuid() }))
     .mutation(async ({ ctx, input }) => {
       const q = await ctx.db.worksheetQuestion.findFirst({
-        where: { id: input.questionId, artifact: { workspace: { ownerId: ctx.session.user.id } } },
+        where: { id: input.worksheetQuestionId, artifact: { workspace: { ownerId: ctx.session.user.id } } },
       });
       if (!q) throw new TRPCError({ code: 'NOT_FOUND' });
-      await ctx.db.worksheetQuestion.delete({ where: { id: input.questionId } });
+      await ctx.db.worksheetQuestion.delete({ where: { id: input.worksheetQuestionId } });
       return true;
     }),
 
   // Delete a worksheet set and its questions
-  deleteSet: authedProcedure
-    .input(z.object({ setId: z.string().uuid() }))
+  deleteWorksheet: authedProcedure
+      .input(z.object({ worksheetId: z.string().uuid() }))
     .mutation(async ({ ctx, input }) => {
       const deleted = await ctx.db.artifact.deleteMany({
-        where: { id: input.setId, type: ArtifactType.WORKSHEET, workspace: { ownerId: ctx.session.user.id } },
+        where: { id: input.worksheetId, type: ArtifactType.WORKSHEET, workspace: { ownerId: ctx.session.user.id } },
       });
       if (deleted.count === 0) throw new TRPCError({ code: 'NOT_FOUND' });
       return true;

package/src/server.ts

@@ -1,3 +1,4 @@
+import 'dotenv/config';
 import express from 'express';
 import cors from 'cors';
 import helmet from 'helmet';