@igstack/app-catalog-backend-core 0.0.1

package/src/modules/icons/iconRouter.ts

@@ -0,0 +1,180 @@
+import { z } from 'zod'
+import { getDbClient } from '../../db'
+import { generateChecksum, getImageDimensions } from '../assets/assetUtils'
+import { getExtensionFromMimeType } from './iconUtils'
+import { adminProcedure, publicProcedure, router } from '../../server/trpcSetup'
+
+export function createIconRouter() {
+  return router({
+    list: publicProcedure.query(async () => {
+      const prisma = getDbClient()
+      return prisma.dbAsset.findMany({
+        where: { assetType: 'icon' },
+        select: {
+          id: true,
+          name: true,
+          mimeType: true,
+          fileSize: true,
+          createdAt: true,
+          updatedAt: true,
+        },
+        orderBy: { name: 'asc' },
+      })
+    }),
+
+    getOne: publicProcedure
+      .input(z.object({ id: z.string() }))
+      .query(async ({ input }) => {
+        const prisma = getDbClient()
+        return prisma.dbAsset.findFirst({
+          where: {
+            id: input.id,
+            assetType: 'icon',
+          },
+          select: {
+            id: true,
+            name: true,
+            mimeType: true,
+            fileSize: true,
+            createdAt: true,
+            updatedAt: true,
+          },
+        })
+      }),
+
+    create: adminProcedure
+      .input(
+        z.object({
+          name: z.string().min(1), // Name with extension (e.g., "jira.svg")
+          content: z.string(), // base64 encoded binary
+          mimeType: z.string(),
+          fileSize: z.number().int().positive(),
+        }),
+      )
+      .mutation(async ({ input }) => {
+        const prisma = getDbClient()
+        // Convert base64 to Buffer
+        const buffer = Buffer.from(input.content, 'base64')
+
+        // Generate checksum and extract dimensions
+        const checksum = generateChecksum(buffer)
+        const { width, height } = await getImageDimensions(buffer)
+
+        let name = input.name
+        // Add extension if not already present in name
+        if (!name.includes('.')) {
+          const extension = getExtensionFromMimeType(input.mimeType)
+          name = `${name}.${extension}`
+        }
+
+        // Check if asset with same checksum already exists
+        const existing = await prisma.dbAsset.findFirst({
+          where: { checksum, assetType: 'icon' },
+        })
+
+        if (existing) {
+          // Return existing asset if content is identical
+          return existing
+        }
+
+        return prisma.dbAsset.create({
+          data: {
+            name,
+            assetType: 'icon',
+            content: new Uint8Array(buffer),
+            checksum,
+            mimeType: input.mimeType,
+            fileSize: input.fileSize,
+            width,
+            height,
+          },
+        })
+      }),
+
+    update: adminProcedure
+      .input(
+        z.object({
+          id: z.string(),
+          name: z.string().min(1).optional(), // Name with extension (e.g., "jira.svg")
+          content: z.string().optional(), // base64 encoded binary
+          mimeType: z.string().optional(),
+          fileSize: z.number().int().positive().optional(),
+        }),
+      )
+      .mutation(async ({ input }) => {
+        const prisma = getDbClient()
+        const { id, content, name, ...rest } = input
+
+        const data: Record<string, unknown> = { ...rest }
+
+        if (content) {
+          const buffer = Buffer.from(content, 'base64')
+          data.content = new Uint8Array(buffer)
+          data.checksum = generateChecksum(buffer)
+
+          const { width, height } = await getImageDimensions(buffer)
+          data.width = width
+          data.height = height
+        }
+
+        // If name is being updated and doesn't have extension, add it
+        if (name) {
+          if (!name.includes('.') && input.mimeType) {
+            const extension = getExtensionFromMimeType(input.mimeType)
+            data.name = `${name}.${extension}`
+          } else {
+            data.name = name
+          }
+        }
+
+        return prisma.dbAsset.update({
+          where: { id },
+          data,
+        })
+      }),
+
+    delete: adminProcedure
+      .input(z.object({ id: z.string() }))
+      .mutation(async ({ input }) => {
+        const prisma = getDbClient()
+        return prisma.dbAsset.delete({
+          where: { id: input.id },
+        })
+      }),
+
+    deleteMany: adminProcedure
+      .input(z.object({ ids: z.array(z.string()) }))
+      .mutation(async ({ input }) => {
+        const prisma = getDbClient()
+        return prisma.dbAsset.deleteMany({
+          where: {
+            id: { in: input.ids },
+            assetType: 'icon',
+          },
+        })
+      }),
+
+    // Serve icon binary content
+    getContent: publicProcedure
+      .input(z.object({ id: z.string() }))
+      .query(async ({ input }) => {
+        const prisma = getDbClient()
+        const asset = await prisma.dbAsset.findFirst({
+          where: {
+            id: input.id,
+            assetType: 'icon',
+          },
+          select: { content: true, mimeType: true, name: true },
+        })
+        if (!asset) {
+          throw new Error('Icon not found')
+        }
+        // Return base64 encoded content
+        return {
+          content: Buffer.from(asset.content).toString('base64'),
+          mimeType: asset.mimeType,
+          name: asset.name,
+        }
+      }),
+  })
+}

package/src/modules/icons/iconService.ts

@@ -0,0 +1,73 @@
+import { getDbClient } from '../../db'
+import { generateChecksum, getImageDimensions } from '../assets/assetUtils'
+
+export interface UpsertIconInput {
+  name: string
+  content: Buffer
+  mimeType: string
+  fileSize: number
+}
+
+/**
+ * Upsert an icon to the database.
+ * If an icon with the same name exists, it will be updated.
+ * Otherwise, a new icon will be created.
+ */
+export async function upsertIcon(input: UpsertIconInput) {
+  const prisma = getDbClient()
+  
+  const checksum = generateChecksum(input.content)
+  const { width, height } = await getImageDimensions(input.content)
+  
+  return prisma.dbAsset.upsert({
+    where: { name: input.name },
+    update: {
+      content: new Uint8Array(input.content),
+      checksum,
+      mimeType: input.mimeType,
+      fileSize: input.fileSize,
+      width,
+      height,
+    },
+    create: {
+      name: input.name,
+      assetType: 'icon',
+      content: new Uint8Array(input.content),
+      checksum,
+      mimeType: input.mimeType,
+      fileSize: input.fileSize,
+      width,
+      height,
+    },
+  })
+}
+
+/**
+ * Upsert multiple icons to the database.
+ * This is more efficient than calling upsertIcon multiple times.
+ */
+export async function upsertIcons(icons: Array<UpsertIconInput>) {
+  const results: Array<Awaited<ReturnType<typeof upsertIcon>>> = []
+  for (const icon of icons) {
+    const result = await upsertIcon(icon)
+    results.push(result)
+  }
+  return results
+}
+
+/**
+ * Get an asset (icon or screenshot) by name from the database.
+ * Returns the asset content, mimeType, and name if found.
+ */
+export async function getAssetByName(name: string) {
+  const prisma = getDbClient()
+  
+  return prisma.dbAsset.findUnique({
+    where: { name },
+    select: {
+      content: true,
+      mimeType: true,
+      name: true,
+    },
+  })
+}

package/src/modules/icons/iconUtils.ts

@@ -0,0 +1,46 @@
+/**
+ * Get file extension from MIME type
+ */
+export function getExtensionFromMimeType(mimeType: string): string {
+  const mimeMap: Record<string, string> = {
+    'image/svg+xml': 'svg',
+    'image/png': 'png',
+    'image/jpeg': 'jpg',
+    'image/jpg': 'jpg',
+    'image/webp': 'webp',
+    'image/gif': 'gif',
+    'image/bmp': 'bmp',
+    'image/tiff': 'tiff',
+    'image/x-icon': 'ico',
+    'image/vnd.microsoft.icon': 'ico',
+  }
+
+  return mimeMap[mimeType.toLowerCase()] || 'bin'
+}
+
+/**
+ * Get file extension from filename
+ */
+export function getExtensionFromFilename(filename: string): string {
+  const match = filename.match(/\.([^.]+)$/)
+  return match?.[1]?.toLowerCase() || ''
+}
+
+/**
+ * Get MIME type from extension
+ */
+export function getMimeTypeFromExtension(extension: string): string {
+  const extMap: Record<string, string> = {
+    svg: 'image/svg+xml',
+    png: 'image/png',
+    jpg: 'image/jpeg',
+    jpeg: 'image/jpeg',
+    webp: 'image/webp',
+    gif: 'image/gif',
+    bmp: 'image/bmp',
+    tiff: 'image/tiff',
+    ico: 'image/x-icon',
+  }
+
+  return extMap[extension.toLowerCase()] || 'application/octet-stream'
+}

package/src/prisma-json-types.d.ts

@@ -0,0 +1,34 @@
+/* eslint-disable @typescript-eslint/consistent-type-imports */
+/**
+ * Prisma JSON Types Declaration
+ *
+ * This file provides type definitions for JSON fields in Prisma models.
+ * The prisma-json-types-generator reads JSDoc comments like `/// [TypeName]`
+ * on JSON fields and references them as `PrismaJson.TypeName`.
+ *
+ * We must declare these types in the global PrismaJson namespace for
+ * TypeScript to properly infer types throughout the tRPC chain.
+ *
+ * @see https://github.com/arthurfiorette/prisma-json-types-generator
+ */
+
+declare global {
+  namespace PrismaJson {
+    // DbApprovalMethod.config - Type-specific configuration
+    type ApprovalMethodConfig = import('./types/index').ApprovalMethodConfig
+
+    // DbAppForCatalog.accessRequest - Per-app approval configuration
+    type AppAccessRequest = import('./types/index').AppAccessRequest
+
+    // DbAppForCatalog.links - Array of links
+    interface AppLink {
+      displayName?: string
+      url: string
+    }
+
+    // AppRole used within accessRequest
+    type AppRole = import('./types/index').AppRole
+  }
+}
+
+export {}

package/src/server/controller.ts

@@ -0,0 +1,47 @@
+import { getAppCatalogData } from '../modules/appCatalog/service'
+import type { AppCatalogData } from '../types'
+
+import { createAppCatalogAdminRouter } from '../modules/appCatalogAdmin/appCatalogAdminRouter.js'
+import { createApprovalMethodRouter } from '../modules/approvalMethod/approvalMethodRouter.js'
+import { createScreenshotRouter } from '../modules/assets/screenshotRouter.js'
+import type { BetterAuth } from '../modules/auth/auth'
+import { createAuthRouter } from '../modules/auth/authRouter.js'
+import { createIconRouter } from '../modules/icons/iconRouter.js'
+import { publicProcedure, router, t } from './trpcSetup'
+
+/**
+ * Create the main tRPC router with optional auth instance
+ * @param auth - Optional Better Auth instance for auth-related queries
+ */
+export function createTrpcRouter(auth?: BetterAuth) {
+  return router({
+    authConfig: publicProcedure.query(async ({ ctx }) => {
+      return {
+        adminGroups: ctx.adminGroups,
+      }
+    }),
+
+    appCatalog: publicProcedure.query(
+      async ({ ctx }): Promise<AppCatalogData> => {
+        return await getAppCatalogData(ctx.companySpecificBackend.getApps)
+      },
+    ),
+
+    // Icon management routes
+    icon: createIconRouter(),
+
+    // Screenshot management routes
+    screenshot: createScreenshotRouter(),
+
+    // App catalog admin routes
+    appCatalogAdmin: createAppCatalogAdminRouter(),
+
+    // Approval method routes
+    approvalMethod: createApprovalMethodRouter(),
+
+    // Auth routes (requires auth instance)
+    auth: createAuthRouter(t, auth),
+  })
+}
+
+export type TRPCRouter = ReturnType<typeof createTrpcRouter>

package/src/server/ehStaticControllerContract.ts

@@ -0,0 +1,19 @@
+export interface EhStaticControllerContract {
+  methods: { 
+    getIcon: { method: string; url: string }
+    getScreenshot: { method: string; url: string }
+  }
+}
+
+export const staticControllerContract: EhStaticControllerContract = {
+  methods: {
+    getIcon: {
+      method: 'get',
+      url: 'icon/:icon',
+    },
+    getScreenshot: {
+      method: 'get',
+      url: 'screenshot/:id',
+    },
+  },
+}

package/src/server/ehTrpcContext.ts

@@ -0,0 +1,26 @@
+import type { AppCatalogCompanySpecificBackend } from '../types'
+import type { User } from 'better-auth/types'
+
+export interface EhTrpcContext {
+  companySpecificBackend: AppCatalogCompanySpecificBackend
+  user: User | null
+  adminGroups: Array<string>
+}
+
+export interface EhTrpcContextOptions {
+  companySpecificBackend: AppCatalogCompanySpecificBackend
+  user?: User | null
+  adminGroups: Array<string>
+}
+
+export function createEhTrpcContext({
+  companySpecificBackend,
+  user = null,
+  adminGroups,
+}: EhTrpcContextOptions): EhTrpcContext {
+  return {
+    companySpecificBackend,
+    user,
+    adminGroups,
+  }
+}

package/src/server/trpcSetup.ts

@@ -0,0 +1,89 @@
+import { TRPCError, initTRPC } from '@trpc/server'
+import type { EhTrpcContext } from './ehTrpcContext'
+import { isAdmin } from '../modules/auth/authorizationUtils'
+
+/**
+ * Initialization of tRPC backend
+ * Should be done only once per backend!
+ */
+export const t = initTRPC.context<EhTrpcContext>().create({
+  errorFormatter({ error, shape }: { error: unknown; shape: unknown }) {
+    // Log all tRPC errors to console
+    console.error('[tRPC Error]', {
+      path: (shape as { data?: { path?: string } }).data?.path,
+      code: (error as { code?: string }).code,
+      message: (error as { message?: string }).message,
+      cause: (error as { cause?: unknown }).cause,
+      stack: (error as { stack?: string }).stack,
+    })
+    return shape
+  },
+})
+
+/**
+ * Export reusable router and procedure helpers
+ */
+export const router = t.router
+export const publicProcedure = t.procedure
+
+/**
+ * Middleware to check if user is authenticated
+ */
+const isAuthenticated = t.middleware(({ ctx, next }) => {
+  if (!ctx.user) {
+    throw new TRPCError({
+      code: 'UNAUTHORIZED',
+      message: 'You must be logged in to access this resource',
+    })
+  }
+  return next({
+    ctx: {
+      ...ctx,
+      user: ctx.user,
+    },
+  })
+})
+
+/**
+ * Middleware to check if user is an admin
+ */
+const isAdminMiddleware = t.middleware(({ ctx, next }) => {
+  if (!ctx.user) {
+    throw new TRPCError({
+      code: 'UNAUTHORIZED',
+      message: 'You must be logged in to access this resource',
+    })
+  }
+
+  console.log('[isAdminMiddleware] === ADMIN CHECK DEBUG ===')
+  console.log('[isAdminMiddleware] User:', ctx.user.email)
+  console.log('[isAdminMiddleware] Required admin groups:', ctx.adminGroups)
+  console.log('[isAdminMiddleware] Calling isAdmin()...')
+
+  const hasAdminAccess = isAdmin(ctx.user, ctx.adminGroups)
+  console.log('[isAdminMiddleware] Has admin access:', hasAdminAccess)
+
+  if (!hasAdminAccess) {
+    throw new TRPCError({
+      code: 'FORBIDDEN',
+      message: `You must be an admin to access this resource. Required groups: ${ctx.adminGroups.join(', ') || 'env_hopper_ui_super_admins'}`,
+    })
+  }
+
+  return next({
+    ctx: {
+      ...ctx,
+      user: ctx.user,
+    },
+  })
+})
+
+/**
+ * Admin procedure that requires admin permissions
+ */
+export const adminProcedure = t.procedure.use(isAdminMiddleware)
+
+/**
+ * Protected procedure that requires authentication (but not admin)
+ */
+export const protectedProcedure = t.procedure.use(isAuthenticated)

package/src/types/backend/api.ts

@@ -0,0 +1,73 @@
+import type { EhAppIndexed } from '../common/app/appTypes'
+import type {
+  EhAppPageIndexed,
+  EhAppUiIndexed,
+} from '../common/app/ui/appUiTypes'
+import type {
+  EhBackendCredentialInput,
+  EhBackendUiDefaultsInput,
+} from './common'
+import type { EhBackendDataSourceInput } from './dataSources'
+
+export interface EhBackendVersionsRequestParams {
+  envNames: Array<string>
+  appNames: Array<string>
+}
+
+export interface EhBackendVersionsReturn {
+  envIds: Array<string>
+  appIds: Array<string>
+}
+
+export interface EhBackendPageInput extends EhAppPageIndexed {
+  slug: string
+  title?: string
+  url: string
+  credentialsRefs?: Array<string>
+}
+
+export interface EhBackendAppUIBaseInput {
+  credentials?: Array<EhBackendCredentialInput>
+  defaults?: EhBackendUiDefaultsInput
+}
+
+export interface EhBackendAppUIInput
+  extends EhBackendAppUIBaseInput, EhAppUiIndexed {
+  pages: Array<EhBackendPageInput>
+}
+
+export interface EhBackendTagsDescriptionDataIndexed {
+  descriptions: Array<EhBackendTagDescriptionDataIndexed>
+}
+
+export interface EhBackendTagDescriptionDataIndexed {
+  tagKey: string
+  displayName?: string
+  fixedTagValues?: Array<EhBackendTagFixedTagValue>
+}
+
+export interface EhBackendTagFixedTagValue {
+  tagValue: string
+  displayName: string
+}
+
+export interface EhBackendAppInput extends EhAppIndexed {
+  ui?: EhBackendAppUIInput
+  dataSources?: Array<EhBackendDataSourceInput>
+}
+
+export interface EhContextIndexed {
+  slug: string
+  displayName: string
+  /**
+   * The value is shared across envs (By default: false)
+   */
+  isSharedAcrossEnvs?: boolean
+  defaultFixedValues?: Array<string>
+}
+export type EhBackendAppDto = EhAppIndexed
+
+export interface EhAppsMeta {
+  defaultIcon?: string
+  tags: EhBackendTagsDescriptionDataIndexed
+}

package/src/types/backend/common.ts

@@ -0,0 +1,10 @@
+export interface EhBackendUiDefaultsInput {
+  credentialsRefs: Array<string>
+}
+
+export interface EhBackendCredentialInput {
+  slug: string
+  desc?: string
+  username: string
+  password: string
+}

package/src/types/backend/companySpecificBackend.ts

@@ -0,0 +1,5 @@
+import type { AppForCatalog } from '../common/appCatalogTypes'
+
+export interface AppCatalogCompanySpecificBackend {
+  getApps?: () => Promise<Array<AppForCatalog>>
+}

package/src/types/backend/dataSources.ts

@@ -0,0 +1,25 @@
+import type { EhMetaDictionary } from '../common/sharedTypes'
+
+export interface EhBackendDataSourceInputCommon {
+  meta?: EhMetaDictionary
+}
+
+export interface EhBackendDataSourceInputDb {
+  slug?: string
+  type: 'db'
+  url: string
+  username: string
+  password: string
+}
+
+export interface EhBackendDataSourceInputKafka {
+  slug?: string
+  type: 'kafka'
+  topics: {
+    consumer?: Array<string>
+    producer?: Array<string>
+  }
+}
+
+export type EhBackendDataSourceInput = EhBackendDataSourceInputCommon &
+  (EhBackendDataSourceInputDb | EhBackendDataSourceInputKafka)

package/src/types/backend/deployments.ts

@@ -0,0 +1,40 @@
+import type { EhMetaDictionary } from '../common/sharedTypes'
+
+export interface EhBackendEnvironmentInput {
+  slug: string
+  displayName?: string
+  description?: string
+  meta?: EhMetaDictionary
+}
+
+export interface EhBackendDeploymentInput {
+  envId: string
+  appId: string
+  displayVersion: string
+  meta?: EhMetaDictionary
+}
+
+export interface EhBackendDeployableInput {
+  slug: string
+  meta?: {
+    config: string
+  }
+}
+
+/**
+ * Latest - backend returned latest data.
+ * Cached - backend in process of updating data, but returned cached data.
+ */
+export type EhBackendDataFreshness = 'latest' | 'cached'
+
+export interface EhBackendDataVersion {
+  version: string
+  freshness: EhBackendDataFreshness
+}
+
+export interface EhBackendDeployment {
+  appName: string
+  deployableServiceName: string
+  envName: string
+  version: EhBackendDataVersion
+}

package/src/types/common/app/appTypes.ts

@@ -0,0 +1,13 @@
+import type { EhMetaDictionary, Tag } from '../sharedTypes'
+import type { EhAppUiIndexed } from './ui/appUiTypes'
+
+export interface EhAppIndexed {
+  slug: string
+  displayName: string
+  abbr?: string
+  aliases?: Array<string>
+  ui?: EhAppUiIndexed
+  tags?: Array<Tag>
+  iconName?: string
+  meta?: EhMetaDictionary
+}