@goscribe/server 1.2.0 → 1.3.1

package/src/scripts/purge-deleted-users.ts

@@ -0,0 +1,167 @@
+import { PrismaClient } from '@prisma/client';
+import { supabaseClient } from '../lib/storage.js';
+import { logger } from '../lib/logger.js';
+import { env } from '../lib/env.js';
+import { notifyAdminsAccountPermanentlyDeleted } from '../lib/notification-service.js';
+import {
+  ActivityLogCategory,
+  ActivityLogStatus,
+} from '@prisma/client';
+import { recordExplicitActivity } from '../lib/activity_log_service.js';
+
+const db = new PrismaClient();
+
+async function purgeDeletedUsers() {
+    try {
+        const startedAt = Date.now();
+        let status: ActivityLogStatus = ActivityLogStatus.SUCCESS;
+        let errorCode: string | null = null;
+        let purgedUsers = 0;
+
+        logger.info('Starting scheduled purge for deleted users...');
+
+        // Find users whose deletedAt is older than 30 days
+        const thirtyDaysAgo = new Date();
+        thirtyDaysAgo.setDate(thirtyDaysAgo.getDate() - 30);
+
+        const usersToPurge = await db.user.findMany({
+            where: {
+                deletedAt: {
+                    lte: thirtyDaysAgo,
+                },
+            },
+            select: {
+                id: true,
+                name: true,
+                email: true,
+                profilePicture: {
+                    select: {
+                        objectKey: true,
+                    }
+                }
+            },
+        });
+
+        if (usersToPurge.length === 0) {
+            logger.info('No users found past the 30-day grace period.');
+            await recordExplicitActivity({
+                db,
+                actorUserId: null,
+                action: 'cron.purgeDeletedUsers',
+                category: ActivityLogCategory.SYSTEM,
+                status: ActivityLogStatus.SUCCESS,
+                errorCode: null,
+                durationMs: Date.now() - startedAt,
+                forceWrite: true,
+                metadata: {
+                    usersFound: 0,
+                    usersPurged: 0,
+                    graceDays: 30,
+                },
+            });
+            return;
+        }
+
+        logger.info(`Found ${usersToPurge.length} user(s) to purge. Processing...`);
+
+        for (const user of usersToPurge) {
+            logger.info(`Purging user: ${user.id} (${user.email})`);
+
+            try {
+                // 1. Delete associated files from Supabase Storage
+                //    (Prisma cascade will delete the FileAsset DB record, but we need to delete the actual file first)
+
+                // Let's get all file assets owned by the user
+                const userFiles = await db.fileAsset.findMany({
+                    where: { userId: user.id },
+                    select: { objectKey: true, bucket: true },
+                });
+
+                for (const file of userFiles) {
+                    if (file.objectKey && file.bucket) {
+                        try {
+                            const { error } = await supabaseClient.storage
+                                .from(file.bucket)
+                                .remove([file.objectKey]);
+
+                            if (error) {
+                                logger.error(`Failed to delete file from Supabase: ${file.objectKey}`, error);
+                            } else {
+                                logger.info(`Deleted file from Supabase: ${file.objectKey}`);
+                            }
+                        } catch (storageError) {
+                            logger.error(`Exception during Supabase deletion for ${file.objectKey}:`, storageError);
+                        }
+                    }
+                }
+
+                await notifyAdminsAccountPermanentlyDeleted(db, {
+                    id: user.id,
+                    name: user.name,
+                    email: user.email,
+                }).catch(() => {});
+
+                // 2. Finally, delete the User from the database
+                //    (Prisma onDelete: Cascade will handle almost everything else depending on schema)
+                await db.user.delete({
+                    where: { id: user.id },
+                });
+
+                purgedUsers += 1;
+                logger.info(`Successfully purged user: ${user.id}`);
+            } catch (userError) {
+                status = ActivityLogStatus.FAILURE;
+                errorCode =
+                    userError instanceof Error ? userError.message : String(userError);
+                logger.error(`Failed to purge user ${user.id}:`, userError);
+            }
+        }
+
+        if (status === ActivityLogStatus.SUCCESS) {
+            logger.info('Purge process completed successfully.');
+        } else {
+            logger.warn('Purge process completed with failures.');
+        }
+
+        await recordExplicitActivity({
+            db,
+            actorUserId: null,
+            action: 'cron.purgeDeletedUsers',
+            category: ActivityLogCategory.SYSTEM,
+            status,
+            errorCode,
+            durationMs: Date.now() - startedAt,
+            forceWrite: true,
+            metadata: {
+                usersFound: usersToPurge.length,
+                usersPurged: purgedUsers,
+                graceDays: 30,
+            },
+        });
+    } catch (error) {
+        const startedAt = Date.now();
+        await recordExplicitActivity({
+            db,
+            actorUserId: null,
+            action: 'cron.purgeDeletedUsers',
+            category: ActivityLogCategory.SYSTEM,
+            status: ActivityLogStatus.FAILURE,
+            errorCode:
+                error instanceof Error ? error.message : String(error),
+            durationMs: Date.now() - startedAt,
+            forceWrite: true,
+        }).catch(() => {});
+
+        logger.error('Critical error during user purge process:', error);
+    } finally {
+        await db.$disconnect();
+    }
+}
+
+// Run the script
+purgeDeletedUsers().then(() => {
+    process.exit(0);
+}).catch((error) => {
+    console.error("Unhandled error:", error);
+    process.exit(1);
+});

package/src/server.ts

@@ -11,6 +11,11 @@ import { createContext } from './context.js';
 import { prisma } from './lib/prisma.js';
 import { logger } from './lib/logger.js';
 import { supabaseClient } from './lib/storage.js';
+import {
+  ActivityLogCategory,
+  ActivityLogStatus,
+} from '@prisma/client';
+import { recordExplicitActivity } from './lib/activity_log_service.js';
 
 const PORT = process.env.PORT ? Number(process.env.PORT) : 3001;
 
@@ -19,7 +24,7 @@ async function main() {
 
   // Middlewares
   app.use(cors({
-    origin: ['https://www.scribe.study', 'https://scribe.study', 'http://localhost:3000'],
+    origin: ['https://www.scribe.study', 'https://scribe.study', 'http://localhost:3000', 'http://localhost:3002'],
     credentials: true, // allow cookies
     methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
     allowedHeaders: ['Content-Type', 'Authorization', 'Cookie', 'Set-Cookie'],
@@ -37,11 +42,121 @@ async function main() {
       }
     }
   }));
-  
+
   app.use(compression());
+
+  // Stripe Webhook (Must be before express.json() for raw body)
+  app.post('/stripe/webhook', express.raw({ type: 'application/json' }), async (req, res) => {
+    const sig = req.headers['stripe-signature'];
+    const { stripe } = await import('./lib/stripe.js');
+    const { env } = await import('./lib/env.js');
+    const subscriptionService = await import('./lib/subscription_service.js');
+
+    let event;
+
+    try {
+      if (!sig || !env.STRIPE_WEBHOOK_SECRET) {
+        throw new Error('Missing stripe-signature or STRIPE_WEBHOOK_SECRET');
+      }
+      event = stripe?.webhooks.constructEvent(req.body, sig, env.STRIPE_WEBHOOK_SECRET);
+    } catch (err: any) {
+      logger.error(`Webhook signature verification failed: ${err.message}`, 'STRIPE');
+      await recordExplicitActivity({
+        db: prisma,
+        actorUserId: null,
+        action: 'stripe.webhook.signatureVerificationFailed',
+        category: ActivityLogCategory.SYSTEM,
+        status: ActivityLogStatus.FAILURE,
+        errorCode: err?.message ?? 'unknown',
+        durationMs: 0,
+        forceWrite: true,
+      }).catch(() => {});
+      return res.status(400).send(`Webhook Error: ${err.message}`);
+    }
+
+    // Handle the event
+    try {
+      const startedAt = Date.now();
+      let status: ActivityLogStatus = ActivityLogStatus.SUCCESS;
+      let errorCode: string | null = null;
+
+      // Best-effort: some webhook objects include metadata.userId
+      let actorUserId: string | null | undefined = undefined;
+      try {
+        const obj = event?.data?.object as any;
+        const md = obj?.metadata;
+        if (md && typeof md.userId === 'string') actorUserId = md.userId;
+      } catch {
+        actorUserId = undefined;
+      }
+
+      switch (event?.type) {
+        case 'checkout.session.completed':
+          await subscriptionService.handleCheckoutCompleted(event);
+          break;
+        case 'customer.subscription.created':
+          await subscriptionService.handleSubscriptionCreated(event);
+          break;
+        case 'customer.subscription.updated':
+          await subscriptionService.handleSubscriptionUpdated(event);
+          break;
+        case 'customer.subscription.deleted':
+          await subscriptionService.handleSubscriptionDeleted(event);
+          break;
+        case 'invoice.paid':
+        case 'invoice.payment_succeeded':
+          await subscriptionService.handleInvoicePaid(event);
+          break;
+        case 'invoice.payment_failed':
+          await subscriptionService.handlePaymentFailed(event);
+          break;
+        case 'payment_intent.payment_failed':
+          await subscriptionService.handlePaymentIntentFailed(event);
+          break;
+        default:
+          logger.debug(`Unhandled stripe event type: ${event?.type}`, 'STRIPE');
+      }
+
+      await recordExplicitActivity({
+        db: prisma,
+        actorUserId: actorUserId ?? undefined,
+        action: `stripe.webhook.${event?.type}`,
+        category: ActivityLogCategory.SYSTEM,
+        status,
+        errorCode,
+        durationMs: Date.now() - startedAt,
+        forceWrite: true,
+        metadata: {
+          stripeEventId: event?.id,
+          stripeEventType: event?.type,
+        },
+      }).catch(() => {});
+      res.json({ received: true });
+    } catch (err: any) {
+      const startedAt = Date.now();
+      const message = err?.message ?? 'unknown';
+      await recordExplicitActivity({
+        db: prisma,
+        actorUserId: null,
+        action: `stripe.webhook.${event?.type}`,
+        category: ActivityLogCategory.SYSTEM,
+        status: ActivityLogStatus.FAILURE,
+        errorCode: message,
+        durationMs: Date.now() - startedAt,
+        forceWrite: true,
+        metadata: {
+          stripeEventId: event?.id,
+          stripeEventType: event?.type,
+        },
+      }).catch(() => {});
+      logger.error(`Error processing webhook event ${event?.type}: ${err.message}`, 'STRIPE');
+      res.status(500).send('Internal Server Error');
+    }
+  });
+
   app.use(express.json({ limit: '50mb' }));
   app.use(express.urlencoded({ limit: '50mb', extended: true }));
-  
+
 
   // Health (plain Express)
   app.get('/', (_req, res) => {
@@ -49,15 +164,26 @@ async function main() {
   });
 
   app.get('/profile-picture/:objectKey', async (req, res) => {
-    const { objectKey } = req.params;
-    const signedUrl = await supabaseClient.storage
-      .from('media')
-      .createSignedUrl(objectKey, 60 * 60 * 24 * 30);
-    if (signedUrl.error) {
-      return res.status(500).json({ error: 'Failed to generate signed URL' });
+    try {
+      const { objectKey } = req.params;
+      const { data, error } = await supabaseClient.storage
+        .from('media')
+        .download(objectKey);
+
+      if (error || !data) {
+        logger.error(`Failed to download profile picture: ${error?.message}`, 'STORAGE');
+        return res.status(404).send('Not found');
+      }
+
+      const buffer = Buffer.from(await data.arrayBuffer());
+      res.setHeader('Content-Type', 'image/jpeg');
+      res.setHeader('Cache-Control', 'public, max-age=31536000');
+      res.setHeader('Cross-Origin-Resource-Policy', 'cross-origin');
+      res.send(buffer);
+    } catch (err: any) {
+      logger.error('Error serving profile picture', 'STORAGE', undefined, err);
+      res.status(500).send('Internal Server Error');
     }
-    // res.json({ url: signedUrl.data.signedUrl });
-    res.redirect(signedUrl.data.signedUrl);
   });
 
   // tRPC mounted under /trpc

package/src/services/flashcard-progress.service.ts

@@ -1,4 +1,4 @@
-import type { PrismaClient } from '@prisma/client';
+import { Prisma, type PrismaClient } from '@prisma/client';
 import { NotFoundError } from '../lib/errors.js';
 
 /**
@@ -146,7 +146,7 @@ export class FlashcardProgressService {
     isCorrect: boolean;
     confidence?: 'easy' | 'medium' | 'hard';
     timeSpentMs?: number;
-  }) {
+  }, retryCount: number = 0): Promise<any> {
     const { userId, flashcardId, isCorrect, timeSpentMs } = data;
 
     // Verify flashcard exists and user has access
@@ -226,44 +226,56 @@ export class FlashcardProgressService {
       )
     );
 
-    // Upsert progress
-    return this.db.flashcardProgress.upsert({
-      where: {
-        userId_flashcardId: {
+    try {
+      // Upsert progress
+      return await this.db.flashcardProgress.upsert({
+        where: {
+          userId_flashcardId: {
+            userId,
+            flashcardId,
+          },
+        },
+        update: {
+          timesStudied: { increment: 1 },
+          timesCorrect: isCorrect ? { increment: 1 } : undefined,
+          timesIncorrect: !isCorrect ? { increment: 1 } : undefined,
+          timesIncorrectConsecutive: newConsecutiveIncorrect,
+          easeFactor: sm2Result.easeFactor,
+          interval: sm2Result.interval,
+          repetitions: sm2Result.repetitions,
+          masteryLevel,
+          lastStudiedAt: new Date(),
+          nextReviewAt: sm2Result.nextReviewAt,
+        },
+        create: {
           userId,
           flashcardId,
+          timesStudied: 1,
+          timesCorrect: isCorrect ? 1 : 0,
+          timesIncorrect: isCorrect ? 0 : 1,
+          timesIncorrectConsecutive: newConsecutiveIncorrect,
+          easeFactor: sm2Result.easeFactor,
+          interval: sm2Result.interval,
+          repetitions: sm2Result.repetitions,
+          masteryLevel,
+          lastStudiedAt: new Date(),
+          nextReviewAt: sm2Result.nextReviewAt,
         },
-      },
-      update: {
-        timesStudied: { increment: 1 },
-        timesCorrect: isCorrect ? { increment: 1 } : undefined,
-        timesIncorrect: !isCorrect ? { increment: 1 } : undefined,
-        timesIncorrectConsecutive: newConsecutiveIncorrect,
-        easeFactor: sm2Result.easeFactor,
-        interval: sm2Result.interval,
-        repetitions: sm2Result.repetitions,
-        masteryLevel,
-        lastStudiedAt: new Date(),
-        nextReviewAt: sm2Result.nextReviewAt,
-      },
-      create: {
-        userId,
-        flashcardId,
-        timesStudied: 1,
-        timesCorrect: isCorrect ? 1 : 0,
-        timesIncorrect: isCorrect ? 0 : 1,
-        timesIncorrectConsecutive: newConsecutiveIncorrect,
-        easeFactor: sm2Result.easeFactor,
-        interval: sm2Result.interval,
-        repetitions: sm2Result.repetitions,
-        masteryLevel,
-        lastStudiedAt: new Date(),
-        nextReviewAt: sm2Result.nextReviewAt,
-      },
-      include: {
-        flashcard: true,
-      },
-    });
+        include: {
+          flashcard: true,
+        },
+      });
+    } catch (error) {
+      // Handle rare race condition where parallel submissions try creating same row.
+      if (
+        error instanceof Prisma.PrismaClientKnownRequestError &&
+        error.code === 'P2002' &&
+        retryCount < 1
+      ) {
+        return this.recordStudyAttempt(data, retryCount + 1);
+      }
+      throw error;
+    }
   }
 
   /**

package/src/trpc.ts

@@ -1,8 +1,22 @@
 import { initTRPC, TRPCError } from "@trpc/server";
 import superjson from "superjson";
+import { ActivityLogStatus } from "@prisma/client";
 import type { Context } from "./context.js";
 import { logger } from "./lib/logger.js";
 import { toTRPCError } from "./lib/errors.js";
+import { getUserUsage, getUserPlanLimits } from "./lib/usage_service.js";
+import {
+  getClientIp,
+  isActivityLogEnabled,
+  scheduleRecordActivity,
+  truncateUserAgent,
+} from "./lib/activity_log_service.js";
+
+/** Avoid logging the log viewers themselves (noise when browsing activity). */
+const SKIP_ACTIVITY_TRPC_PATHS = new Set([
+  "admin.activityList",
+  "admin.activityExportCsv",
+]);
 
 const t = initTRPC.context<Context>().create({
   transformer: superjson,
@@ -15,7 +29,7 @@ const t = initTRPC.context<Context>().create({
         cause: error.cause,
       });
     }
-    
+
     return {
       ...shape,
       data: {
@@ -37,12 +51,12 @@ const loggingMiddleware = middleware(async ({ ctx, next, path, type }) => {
   const start = Date.now();
   const result = await next();
   const duration = Date.now() - start;
-  
+
   logger.info(`TRPC ${type} ${path}`, 'TRPC', {
     duration: `${duration}ms`,
     userId: (ctx.session as any)?.user?.id,
   });
-  
+
   return result;
 });
 
@@ -52,7 +66,7 @@ const loggingMiddleware = middleware(async ({ ctx, next, path, type }) => {
 const isAuthed = middleware(({ ctx, next }) => {
   const hasUser = Boolean((ctx.session as any)?.user?.id);
   if (!ctx.session || !hasUser) {
-    throw new TRPCError({ 
+    throw new TRPCError({
       code: "UNAUTHORIZED",
       message: "You must be logged in to access this resource"
     });
@@ -60,6 +74,7 @@ const isAuthed = middleware(({ ctx, next }) => {
 
   return next({
     ctx: {
+      ...ctx,
       session: ctx.session,
       userId: (ctx.session as any).user.id,
     },
@@ -77,8 +92,172 @@ const errorHandler = middleware(async ({ next }) => {
   }
 });
 
+/**
+ * Middleware that enforces email verification
+ */
+const isVerified = middleware(async ({ ctx, next }) => {
+  const user = await ctx.db.user.findUnique({
+    where: { id: (ctx.session as any).user.id },
+    select: { emailVerified: true },
+  });
+
+  if (!user?.emailVerified) {
+    throw new TRPCError({
+      code: "FORBIDDEN",
+      message: "Please verify your email to access this feature",
+    });
+  }
+
+  return next();
+});
+
+/**
+ * Middleware that enforces resource limits based on the user's plan.
+ * Note: This matches the 'path' to decide which limit to check.
+ */
+const checkUsageLimit = middleware(async ({ ctx, next, path }) => {
+  const userId = (ctx.session as any).user.id;
+
+  // 1. Get current usage and limits
+  const [usage, limits] = await Promise.all([
+    getUserUsage(userId),
+    getUserPlanLimits(userId)
+  ]);
+
+  // If no limits found (no active plan), we block any premium actions
+  if (!limits) {
+    throw new TRPCError({
+      code: "FORBIDDEN",
+      message: "No active plan found. Please subscribe to a plan to continue.",
+    });
+  }
+
+  // 2. Check limits based on the tRPC path
+
+  // Flashcards (matches: flashcards.createCard, flashcards.generateFromPrompt)
+  if (path.startsWith('flashcards.') && (path.includes('create') || path.includes('generate')) && usage.flashcards >= limits.maxFlashcards) {
+    throw new TRPCError({ code: "FORBIDDEN", message: "Flashcard limit reached for your plan." });
+  }
+
+  // Worksheets (matches: worksheets.create, worksheets.generateFromPrompt)
+  if (path.startsWith('worksheets.') && (path.includes('create') || path.includes('generate')) && usage.worksheets >= limits.maxWorksheets) {
+    throw new TRPCError({ code: "FORBIDDEN", message: "Worksheet limit reached for your plan." });
+  }
+
+  // Podcasts (matches: podcast.generateEpisode)
+  if (path.startsWith('podcast.') && path.includes('generate') && usage.podcasts >= limits.maxPodcasts) {
+    throw new TRPCError({ code: "FORBIDDEN", message: "Podcast limit reached for your plan." });
+  }
+
+  // Study Guides (matches: studyguide.get - because it lazily creates)
+  if (path.startsWith('studyguide.') && path.includes('get') && usage.studyGuides >= limits.maxStudyGuides) {
+    // Note: We only block if the artifact doesn't exist yet (handled inside the query or by checking usage)
+    // For simplicity, if they hit the limit, we block creation of NEW study guides.
+    // However, usage_service counts existing ones. 
+    // If usage is already at/over limit, it means any NEW workspace's 'get' will fail creation.
+  }
+
+  // Storage check (for uploads)
+  if (path.includes('upload') && usage.storageBytes >= Number(limits.maxStorageBytes)) {
+    throw new TRPCError({ code: "FORBIDDEN", message: "Storage limit reached for your plan." });
+  }
+
+  return next();
+});
+
+/**
+ * Middleware that enforces system admin role
+ */
+const isAdmin = middleware(async ({ ctx, next }) => {
+  const user = await ctx.db.user.findUnique({
+    where: { id: (ctx.session as any).user.id },
+    include: { role: true },
+  });
+
+  if (user?.role?.name !== 'System Admin') {
+    throw new TRPCError({
+      code: "FORBIDDEN",
+      message: "You do not have permission to access this resource",
+    });
+  }
+
+  return next();
+});
+
+/**
+ * Persists ActivityLog rows for authenticated tRPC calls (async, non-blocking).
+ */
+const activityLogMiddleware = middleware(async (opts) => {
+  const { ctx, next, path, type, getRawInput } = opts;
+  if (!isActivityLogEnabled() || SKIP_ACTIVITY_TRPC_PATHS.has(path)) {
+    return next();
+  }
+
+  const userId = (ctx as any).userId as string | undefined;
+  if (!userId) {
+    return next();
+  }
+
+  let rawInput: unknown;
+  try {
+    rawInput = await getRawInput();
+  } catch {
+    rawInput = undefined;
+  }
+
+  const req = ctx.req;
+  const ipAddress = req ? getClientIp(req) : undefined;
+  const userAgent = req.headers["user-agent"];
+  const httpMethod = req.method;
+
+  const start = Date.now();
+  const result = await next();
+  const durationMs = Date.now() - start;
+
+  if (result.ok) {
+    scheduleRecordActivity({
+      db: ctx.db,
+      actorUserId: userId,
+      path,
+      type,
+      status: ActivityLogStatus.SUCCESS,
+      durationMs,
+      rawInput,
+      ipAddress,
+      userAgent: truncateUserAgent(typeof userAgent === "string" ? userAgent : undefined),
+      httpMethod,
+    });
+  } else {
+    scheduleRecordActivity({
+      db: ctx.db,
+      actorUserId: userId,
+      path,
+      type,
+      status: ActivityLogStatus.FAILURE,
+      durationMs,
+      rawInput,
+      ipAddress,
+      userAgent: truncateUserAgent(typeof userAgent === "string" ? userAgent : undefined),
+      httpMethod,
+      errorCode: result.error.code,
+    });
+  }
+
+  return result;
+});
+
 /** Exported procedures with middleware */
 export const authedProcedure = publicProcedure
   .use(loggingMiddleware)
   .use(errorHandler)
-  .use(isAuthed);
+  .use(isAuthed)
+  .use(activityLogMiddleware);
+
+export const verifiedProcedure = authedProcedure
+  .use(isVerified);
+
+export const adminProcedure = authedProcedure
+  .use(isAdmin);
+
+export const limitedProcedure = verifiedProcedure
+  .use(checkUsageLimit);