@goscribe/server 1.1.7 → 1.3.0

package/src/lib/email.ts

@@ -0,0 +1,230 @@
+import nodemailer from 'nodemailer';
+import { logger } from './logger.js';
+import { env } from './env.js';
+
+// Commented out Resend flow as requested
+// import { Resend } from 'resend';
+// const resend = env.RESEND_API_KEY ? new Resend(env.RESEND_API_KEY) : null;
+
+const transporter = nodemailer.createTransport({
+  host: env.SMTP_HOST,
+  port: env.SMTP_PORT,
+  secure: env.SMTP_SECURE,
+  auth: {
+    user: env.SMTP_USER,
+    pass: env.SMTP_PASSWORD,
+  },
+});
+
+const FROM_EMAIL = env.EMAIL_FROM;
+const APP_URL = env.FRONTEND_URL;
+
+export async function sendVerificationEmail(
+  email: string,
+  token: string,
+  name?: string | null
+): Promise<boolean> {
+  const verifyUrl = `${APP_URL}/verify-email?token=${token}`;
+  const greeting = name ? `, ${name}` : '';
+
+  const html = `
+    <div style="font-family:system-ui,sans-serif;max-width:480px;margin:0 auto;padding:40px 20px;">
+      <h2 style="font-size:20px;font-weight:600;margin-bottom:8px;">Welcome to Scribe${greeting}!</h2>
+      <p style="color:#6b7280;font-size:14px;line-height:1.6;margin-bottom:24px;">
+        Please verify your email address to get the most out of your account.
+      </p>
+      <a href="${verifyUrl}" style="display:inline-block;background-color:#7c3aed;color:#fff;text-decoration:none;padding:10px 24px;border-radius:6px;font-size:14px;font-weight:500;">Verify Email</a>
+      <p style="color:#9ca3af;font-size:12px;margin-top:32px;line-height:1.5;">
+        If you did not create an account on Scribe, you can safely ignore this email.
+        This link expires in 24 hours.
+      </p>
+    </div>
+  `;
+
+  try {
+    if (!env.SMTP_HOST) {
+      logger.warn('Email service not configured (SMTP_HOST missing). Logging email content instead:');
+      logger.info(`Verification Email to ${email}: ${verifyUrl}`);
+      return true;
+    }
+
+    await transporter.sendMail({
+      from: FROM_EMAIL,
+      to: email,
+      subject: 'Verify your email - Scribe',
+      html,
+    });
+
+    logger.info(`Verification email sent to ${email}`);
+    return true;
+  } catch (err) {
+    logger.error('Email send error:', err);
+    return false;
+  }
+}
+
+export async function sendInvitationEmail(invitation: {
+  email: string;
+  token: string;
+  role: string;
+  workspaceTitle: string;
+  invitedByName: string;
+}): Promise<boolean> {
+  const inviteUrl = `${APP_URL}/accept-invite?token=${invitation.token}`;
+
+  const html = `
+    <div style="font-family:system-ui,sans-serif;max-width:480px;margin:0 auto;padding:40px 20px;">
+      <h2 style="font-size:20px;font-weight:600;margin-bottom:8px;">Workspace Invitation</h2>
+      <p style="color:#374151;font-size:14px;line-height:1.6;margin-bottom:16px;">
+        <strong>${invitation.invitedByName}</strong> has invited you to join the <strong>${invitation.workspaceTitle}</strong> workspace as a <strong>${invitation.role}</strong>.
+      </p>
+      <p style="color:#6b7280;font-size:14px;line-height:1.6;margin-bottom:24px;">
+        Click the button below to accept the invitation and start collaborating.
+      </p>
+      <a href="${inviteUrl}" style="display:inline-block;background-color:#7c3aed;color:#fff;text-decoration:none;padding:10px 24px;border-radius:6px;font-size:14px;font-weight:500;">Accept Invitation</a>
+      <p style="color:#9ca3af;font-size:12px;margin-top:32px;line-height:1.5;">
+        This invitation was sent to ${invitation.email}. If you weren't expecting this invitation, you can safely ignore this email.
+      </p>
+    </div>
+  `;
+
+  try {
+    if (!env.SMTP_HOST) {
+      logger.warn('Email service not configured (SMTP_HOST missing). Logging invitation link instead:');
+      logger.info(`Invitation Link for ${invitation.email}: ${inviteUrl}`);
+      return true;
+    }
+
+    await transporter.sendMail({
+      from: FROM_EMAIL,
+      to: invitation.email,
+      subject: `Invitation to join ${invitation.workspaceTitle} on Scribe`,
+      html,
+    });
+
+    logger.info(`Invitation email sent to ${invitation.email}`);
+    return true;
+  } catch (err) {
+    logger.error('Email send error:', err);
+    return false;
+  }
+}
+
+export async function sendAccountDeletionScheduledEmail(email: string, token: string): Promise<boolean> {
+  const restoreUrl = `${APP_URL}/restore-account?token=${token}`;
+
+  const html = `
+    <div style="font-family:system-ui,sans-serif;max-width:480px;margin:0 auto;padding:40px 20px;">
+      <h2 style="font-size:20px;font-weight:600;margin-bottom:8px;color:#dc2626;">Account Deletion Scheduled</h2>
+      <p style="color:#374151;font-size:14px;line-height:1.6;margin-bottom:16px;">
+        Your account is scheduled for permanent deletion in 30 days.
+      </p>
+      <p style="color:#6b7280;font-size:14px;line-height:1.6;margin-bottom:24px;">
+        If you change your mind, you can restore your account by clicking the button below. This link will remain active during the 30-day grace period.
+      </p>
+      <a href="${restoreUrl}" style="display:inline-block;background-color:#7c3aed;color:#fff;text-decoration:none;padding:10px 24px;border-radius:6px;font-size:14px;font-weight:500;">Restore Account</a>
+      <p style="color:#9ca3af;font-size:12px;margin-top:32px;line-height:1.5;">
+        If you meant to delete your account, you can safely ignore this email.
+      </p>
+    </div>
+  `;
+
+  try {
+    if (!env.SMTP_HOST) {
+      logger.warn('Email service not configured (SMTP_HOST missing). Logging email content instead:');
+      logger.info(`Account Deletion Scheduled Email to ${email}: ${restoreUrl}`);
+      return true;
+    }
+
+    await transporter.sendMail({
+      from: FROM_EMAIL,
+      to: email,
+      subject: 'Account Deletion Scheduled - Scribe',
+      html,
+    });
+
+    logger.info(`Account deletion scheduled email sent to ${email}`);
+    return true;
+  } catch (err) {
+    logger.error('Email send error:', err);
+    return false;
+  }
+}
+
+export async function sendPasswordResetEmail(
+  email: string,
+  token: string,
+  name?: string | null
+): Promise<boolean> {
+  const resetUrl = `${APP_URL}/reset-password?token=${encodeURIComponent(token)}`;
+  const greeting = name ? `, ${name}` : '';
+
+  const html = `
+    <div style="font-family:system-ui,sans-serif;max-width:480px;margin:0 auto;padding:40px 20px;">
+      <h2 style="font-size:20px;font-weight:600;margin-bottom:8px;">Reset your password${greeting}</h2>
+      <p style="color:#6b7280;font-size:14px;line-height:1.6;margin-bottom:24px;">
+        We received a request to reset your Scribe password. Click the button below to choose a new password.
+      </p>
+      <a href="${resetUrl}" style="display:inline-block;background-color:#7c3aed;color:#fff;text-decoration:none;padding:10px 24px;border-radius:6px;font-size:14px;font-weight:500;">Reset password</a>
+      <p style="color:#9ca3af;font-size:12px;margin-top:32px;line-height:1.5;">
+        If you did not request this, you can ignore this email. This link expires in 1 hour.
+      </p>
+    </div>
+  `;
+
+  try {
+    if (!env.SMTP_HOST) {
+      logger.warn('Email service not configured (SMTP_HOST missing). Logging reset link instead:');
+      logger.info(`Password reset for ${email}: ${resetUrl}`);
+      return true;
+    }
+
+    await transporter.sendMail({
+      from: FROM_EMAIL,
+      to: email,
+      subject: 'Reset your password - Scribe',
+      html,
+    });
+
+    logger.info(`Password reset email sent to ${email}`);
+    return true;
+  } catch (err) {
+    logger.error('Email send error:', err);
+    return false;
+  }
+}
+
+export async function sendAccountRestoredEmail(email: string): Promise<boolean> {
+  const loginUrl = `${APP_URL}/login`;
+
+  const html = `
+    <div style="font-family:system-ui,sans-serif;max-width:480px;margin:0 auto;padding:40px 20px;">
+      <h2 style="font-size:20px;font-weight:600;margin-bottom:8px;color:#16a34a;">Account Restored Successfully</h2>
+      <p style="color:#374151;font-size:14px;line-height:1.6;margin-bottom:16px;">
+        Your account has been successfully restored. Your data is safe and your account deletion process has been cancelled.
+      </p>
+      <a href="${loginUrl}" style="display:inline-block;background-color:#7c3aed;color:#fff;text-decoration:none;padding:10px 24px;border-radius:6px;font-size:14px;font-weight:500;">Log In</a>
+    </div>
+  `;
+
+  try {
+    if (!env.SMTP_HOST) {
+      logger.warn('Email service not configured (SMTP_HOST missing). Logging email content instead:');
+      logger.info(`Account Restored Email to ${email}`);
+      return true;
+    }
+
+    await transporter.sendMail({
+      from: FROM_EMAIL,
+      to: email,
+      subject: 'Account Restored - Scribe',
+      html,
+    });
+
+    logger.info(`Account restored email sent to ${email}`);
+    return true;
+  } catch (err) {
+    logger.error('Email send error:', err);
+    return false;
+  }
+}

package/src/lib/env.ts

@@ -10,37 +10,54 @@ const envSchema = z.object({
   // Database
   DATABASE_URL: z.string().url(),
   DIRECT_URL: z.string().url().optional(),
-  
+
   // Server
   PORT: z.string().regex(/^\d+$/).default('3001').transform(Number),
   NODE_ENV: z.enum(['development', 'production', 'test']).default('development'),
-  
+
   // Auth
   BETTER_AUTH_SECRET: z.string().min(32).optional(),
   BETTER_AUTH_URL: z.string().url().optional(),
-  
+
   // Storage
   GOOGLE_CLOUD_PROJECT_ID: z.string().optional(),
   GOOGLE_CLOUD_BUCKET_NAME: z.string().optional(),
   GOOGLE_APPLICATION_CREDENTIALS: z.string().optional(),
-  
+
   // Pusher
   PUSHER_APP_ID: z.string().optional(),
   PUSHER_KEY: z.string().optional(),
   PUSHER_SECRET: z.string().optional(),
   PUSHER_CLUSTER: z.string().optional(),
-  
+
   // Inference
   INFERENCE_API_URL: z.string().url().optional(),
-  
+
   // CORS
   FRONTEND_URL: z.string().url().default('http://localhost:3000'),
+
+  // Email
+  SMTP_HOST: z.string(),
+  SMTP_PORT: z.string().regex(/^\d+$/).default('587').transform(Number),
+  SMTP_USER: z.string().optional(),
+  SMTP_PASSWORD: z.string().optional(),
+  SMTP_SECURE: z.enum(['true', 'false']).default('false').transform((v) => v === 'true'),
+  EMAIL_FROM: z.string().default('Scribe <noreply@goscribe.app>'),
+  // Stripe
+  STRIPE_SECRET_KEY: z.string().startsWith('sk_').optional(),
+  STRIPE_SUCCESS_URL: z.string().url().default('http://localhost:3000/payment-success'),
+  STRIPE_CANCEL_URL: z.string().url().default('http://localhost:3000/payment-cancel'),
+  STRIPE_PRICE_SUB_BASIC: z.string().startsWith('price_').optional(),
+  STRIPE_PRICE_SUB_PRO: z.string().startsWith('price_').optional(),
+  STRIPE_PRICE_CREDITS_1000: z.string().startsWith('price_').optional(),
+  STRIPE_WEBHOOK_SECRET: z.string().startsWith('whsec_').optional(),
 });
 
 /**
  * Parsed and validated environment variables
  */
 export const env = envSchema.parse(process.env);
+// console.log('DEBUG: SMTP_HOST loaded:', env.SMTP_HOST ? 'Yes' : 'No');
 
 /**
  * Check if running in production

package/src/lib/inference.ts

@@ -5,15 +5,15 @@ const openai = new OpenAI({
     baseURL: process.env.INFERENCE_BASE_URL,
 });
 
-async function inference(prompt: string) {
+async function inference(messages: { role: 'system' | 'user' | 'assistant', content: string }[]) {
     try {
         const response = await openai.chat.completions.create({
             model: "command-a-03-2025",
-            messages: [{ role: "user", content: prompt }],
+            messages: messages,
         });
         return response;
     } catch (error) {
-        console.error('Inference error:', error);
+        // Inference error logged at call site
         throw error;
     }
 }

package/src/lib/logger.ts

@@ -163,7 +163,8 @@ class Logger {
     return `\x1b[90m${time}\x1b[0m`; // Gray color
   }
 
-  private formatContext(context: string): string {
+  private formatContext(context: string | unknown): string {
+    if (typeof context !== 'string') return '';
     const icon = CONTEXT_ICONS[context.toUpperCase()] || '📦';
     return `\x1b[94m${icon}${context}\x1b[0m `; // Blue color
   }
@@ -248,20 +249,36 @@ class Logger {
     }
   }
 
-  error(message: string, context?: string, metadata?: Record<string, any>, error?: Error): void {
-    this.log(LogLevel.ERROR, message, context, metadata, error);
+  error(message: string, contextOrError?: string | Error | unknown, metadata?: Record<string, any>, error?: Error): void {
+    if (contextOrError instanceof Error) {
+      this.log(LogLevel.ERROR, message, undefined, metadata, contextOrError);
+    } else {
+      this.log(LogLevel.ERROR, message, contextOrError as string | undefined, metadata, error);
+    }
   }
 
-  warn(message: string, context?: string, metadata?: Record<string, any>): void {
-    this.log(LogLevel.WARN, message, context, metadata);
+  warn(message: string, contextOrMeta?: string | Record<string, any>, metadata?: Record<string, any>): void {
+    if (typeof contextOrMeta === 'object' && contextOrMeta !== null) {
+      this.log(LogLevel.WARN, message, undefined, contextOrMeta as Record<string, any>);
+    } else {
+      this.log(LogLevel.WARN, message, contextOrMeta as string | undefined, metadata);
+    }
   }
 
-  info(message: string, context?: string, metadata?: Record<string, any>): void {
-    this.log(LogLevel.INFO, message, context, metadata);
+  info(message: string, contextOrMeta?: string | Record<string, any>, metadata?: Record<string, any>): void {
+    if (typeof contextOrMeta === 'object' && contextOrMeta !== null) {
+      this.log(LogLevel.INFO, message, undefined, contextOrMeta as Record<string, any>);
+    } else {
+      this.log(LogLevel.INFO, message, contextOrMeta as string | undefined, metadata);
+    }
   }
 
-  debug(message: string, context?: string, metadata?: Record<string, any>): void {
-    this.log(LogLevel.DEBUG, message, context, metadata);
+  debug(message: string, contextOrMeta?: string | Record<string, any>, metadata?: Record<string, any>): void {
+    if (typeof contextOrMeta === 'object' && contextOrMeta !== null) {
+      this.log(LogLevel.DEBUG, message, undefined, contextOrMeta as Record<string, any>);
+    } else {
+      this.log(LogLevel.DEBUG, message, contextOrMeta as string | undefined, metadata);
+    }
   }
 
   trace(message: string, context?: string, metadata?: Record<string, any>): void {

package/src/lib/notification-service.test.ts

@@ -0,0 +1,106 @@
+import test from 'node:test';
+import assert from 'node:assert/strict';
+import PusherService from './pusher.js';
+import { NotificationType, createNotification } from './notification-service.js';
+
+type FakeNotification = {
+  id: string;
+  userId: string;
+  type: string;
+  title: string;
+  body: string;
+  content?: string;
+  sourceId?: string;
+  createdAt: Date;
+  read: boolean;
+};
+
+function createFakeDb() {
+  const store: FakeNotification[] = [];
+
+  const db = {
+    notification: {
+      async findFirst(args: any) {
+        const where = args?.where ?? {};
+        return (
+          store.find((item) => {
+            if (where.userId && item.userId !== where.userId) return false;
+            if (where.type && item.type !== where.type) return false;
+            if (where.sourceId && item.sourceId !== where.sourceId) return false;
+            return true;
+          }) ?? null
+        );
+      },
+      async create(args: any) {
+        const data = args.data;
+        const item: FakeNotification = {
+          id: `n_${store.length + 1}`,
+          userId: data.userId,
+          type: data.type,
+          title: data.title,
+          body: data.body,
+          content: data.content,
+          sourceId: data.sourceId,
+          createdAt: new Date(),
+          read: false,
+        };
+        store.push(item);
+        return item;
+      },
+      async count(args: any) {
+        const where = args?.where ?? {};
+        return store.filter((item) => {
+          if (where.userId && item.userId !== where.userId) return false;
+          if (where.read !== undefined && item.read !== where.read) return false;
+          return true;
+        }).length;
+      },
+    },
+  };
+
+  return { db, store };
+}
+
+test('createNotification deduplicates by sourceId', async () => {
+  const { db, store } = createFakeDb();
+  const originalEmit = PusherService.emitNotificationNew;
+  PusherService.emitNotificationNew = async () => {};
+
+  await createNotification(db, {
+    userId: 'u1',
+    type: NotificationType.PAYMENT_SUCCEEDED,
+    title: 'Payment successful',
+    body: 'Paid',
+    sourceId: 'source-1',
+  });
+  await createNotification(db, {
+    userId: 'u1',
+    type: NotificationType.PAYMENT_SUCCEEDED,
+    title: 'Payment successful',
+    body: 'Paid',
+    sourceId: 'source-1',
+  });
+
+  assert.equal(store.length, 1);
+  PusherService.emitNotificationNew = originalEmit;
+});
+
+test('createNotification emits unread count payload', async () => {
+  const { db } = createFakeDb();
+  const originalEmit = PusherService.emitNotificationNew;
+  let capturedUnread = -1;
+
+  PusherService.emitNotificationNew = async (_userId, payload) => {
+    capturedUnread = payload.unreadCount;
+  };
+
+  await createNotification(db, {
+    userId: 'u1',
+    type: NotificationType.GENERAL,
+    title: 'Hello',
+    body: 'World',
+  });
+
+  assert.equal(capturedUnread, 1);
+  PusherService.emitNotificationNew = originalEmit;
+});