@intranefr/superbackend 1.4.3 → 1.5.0

package/src/controllers/admin.controller.js

@@ -1,11 +1,19 @@
 const User = require('../models/User');
 const StripeWebhookEvent = require('../models/StripeWebhookEvent');
+const Organization = require('../models/Organization');
+const OrganizationMember = require('../models/OrganizationMember');
+const Asset = require('../models/Asset');
+const Notification = require('../models/Notification');
+const Invite = require('../models/Invite');
+const EmailLog = require('../models/EmailLog');
+const FormSubmission = require('../models/FormSubmission');
 const asyncHandler = require('../utils/asyncHandler');
 const fs = require('fs');
 const path = require('path');
 const stripe = require('stripe')(process.env.STRIPE_SECRET_KEY);
 const { generateAccessToken, generateRefreshToken } = require('../utils/jwt');
 const { retryFailedWebhooks, processWebhookEvent } = require('../utils/webhookRetry');
+const { auditMiddleware } = require('../services/auditLogger');
 
 // Get all users
 const getUsers = asyncHandler(async (req, res) => {
@@ -17,6 +25,53 @@ const getUsers = asyncHandler(async (req, res) => {
   res.json(users.map(u => u.toJSON()));
 });
 
+// Register new user (admin only)
+const registerUser = asyncHandler(async (req, res) => {
+  const { email, password, name, role = 'user' } = req.body;
+
+  // Validation
+  if (!email || !password) {
+    return res.status(400).json({ error: 'Email and password are required' });
+  }
+
+  if (password.length < 6) {
+    return res.status(400).json({ error: 'Password must be at least 6 characters' });
+  }
+
+  if (!['user', 'admin'].includes(role)) {
+    return res.status(400).json({ error: 'Role must be either "user" or "admin"' });
+  }
+
+  const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+  if (!emailRegex.test(email)) {
+    return res.status(400).json({ error: 'Invalid email format' });
+  }
+
+  // Check if user already exists
+  const existingUser = await User.findOne({ email: email.toLowerCase() });
+  if (existingUser) {
+    return res.status(409).json({ error: 'Email already registered' });
+  }
+
+  // Create new user
+  const user = new User({
+    email: email.toLowerCase(),
+    passwordHash: password, // Will be hashed by pre-save hook
+    name: name || '',
+    role: role
+  });
+
+  await user.save();
+
+  // Log the admin action
+  console.log(`Admin registered new user: ${user.email} with role: ${user.role}`);
+
+  res.status(201).json({
+    success: true,
+    user: user.toJSON()
+  });
+});
+
 // Get single user
 const getUser = asyncHandler(async (req, res) => {
   const user = await User.findById(req.params.id);
@@ -290,7 +345,7 @@ const provisionCoolifyDeploy = asyncHandler(async (req, res) => {
       });
     }
 
-    // In ref-saasbackend, manage.sh already exists in the root of the repository
+    // In ref-superbackend, manage.sh already exists in the root of the repository
     // If it didn't, we would write it here. For this case, we'll just success.
     res.json({
       success: true,
@@ -305,11 +360,94 @@ const provisionCoolifyDeploy = asyncHandler(async (req, res) => {
   }
 });
 
+// Delete user (admin only)
+const deleteUser = asyncHandler(async (req, res) => {
+  
+  const userId = req.params.id;
+  
+  // 1. Validate user exists
+  const user = await User.findById(userId);
+  if (!user) {
+    return res.status(404).json({ error: 'User not found' });
+  }
+  
+  // 2. Prevent self-deletion
+  // Note: In a real implementation, you'd get the admin ID from req.admin or similar
+  // For now, we'll skip this check as the basic auth doesn't provide user identity
+  
+  // 3. Check if this is the last admin
+  const adminCount = await User.countDocuments({ role: 'admin' });
+  if (user.role === 'admin' && adminCount <= 1) {
+    return res.status(400).json({ error: 'Cannot delete the last admin user' });
+  }
+  
+  // 4. Cleanup dependencies
+  await cleanupUserData(userId);
+  
+  // 5. Delete user
+  await User.findByIdAndDelete(userId);
+  
+  // 6. Log action
+  console.log(`Admin deleted user: ${user.email} (${userId})`);
+  
+  res.json({ message: 'User deleted successfully' });
+});
+
+// Helper function to clean up user data
+async function cleanupUserData(userId) {
+  
+  try {
+    // Handle organizations owned by user
+    const ownedOrgs = await Organization.find({ ownerUserId: userId });
+    for (const org of ownedOrgs) {
+      // Check if organization has other members
+      const memberCount = await OrganizationMember.countDocuments({ 
+        orgId: org._id, 
+        userId: { $ne: userId } 
+      });
+      
+      if (memberCount === 0) {
+        // Delete organization if no other members
+        await Organization.findByIdAndDelete(org._id);
+        console.log(`Deleted organization ${org.name} (${org._id}) - no other members`);
+      } else {
+        // Remove owner but keep organization
+        org.ownerUserId = null;
+        await org.save();
+        console.log(`Removed owner from organization ${org.name} (${org._id}) - has other members`);
+      }
+    }
+    
+    // Remove from all organization memberships
+    await OrganizationMember.deleteMany({ userId: userId });
+    
+    // Delete user's assets
+    await Asset.deleteMany({ ownerUserId: userId });
+    
+    // Delete notifications
+    await Notification.deleteMany({ userId: userId });
+    
+    // Clean up other references
+    await Invite.deleteMany({ createdByUserId: userId });
+    await EmailLog.deleteMany({ userId: userId });
+    await FormSubmission.deleteMany({ userId: userId });
+    
+    // Note: We keep ActivityLog and AuditEvent for audit purposes
+    
+    console.log(`Completed cleanup for user ${userId}`);
+  } catch (error) {
+    console.error('Error during user cleanup:', error);
+    throw error;
+  }
+}
+
 module.exports = {
   getUsers,
+  registerUser,
   getUser,
   updateUserSubscription,
   updateUserPassword,
+  deleteUser,
   reconcileUser,
   generateToken,
   getWebhookEvents,

package/src/controllers/adminHeadless.controller.js

@@ -7,6 +7,12 @@ const {
   getDynamicModel,
 } = require('../services/headlessModels.service');
 
+const {
+  listExternalCollections,
+  inferExternalModelFromCollection,
+  createOrUpdateExternalModel,
+} = require('../services/headlessExternalModels.service');
+
 const llmService = require('../services/llm.service');
 const { getSettingValue } = require('../services/globalSettings.service');
 const { createAuditEvent, getBasicAuthActor } = require('../services/audit.service');
@@ -399,6 +405,82 @@ exports.deleteModel = async (req, res) => {
   }
 };
 
+// External models (Mongo collections)
+exports.listExternalCollections = async (req, res) => {
+  try {
+    const q = String(req.query.q || '').trim() || null;
+    const includeSystem = String(req.query.includeSystem || '').trim().toLowerCase() === 'true';
+    const items = await listExternalCollections({ q, includeSystem });
+    return res.json({ items });
+  } catch (error) {
+    console.error('Error listing external mongo collections:', error);
+    return handleServiceError(res, error);
+  }
+};
+
+exports.inferExternalCollection = async (req, res) => {
+  try {
+    const body = req.body && typeof req.body === 'object' ? req.body : {};
+    const collectionName = String(body.collectionName || '').trim();
+    const sampleSize = body.sampleSize;
+    const result = await inferExternalModelFromCollection({ collectionName, sampleSize });
+    return res.json(result);
+  } catch (error) {
+    console.error('Error inferring external collection schema:', error);
+    return handleServiceError(res, error);
+  }
+};
+
+exports.importExternalModel = async (req, res) => {
+  try {
+    const body = req.body && typeof req.body === 'object' ? req.body : {};
+    const collectionName = String(body.collectionName || '').trim();
+    const codeIdentifier = String(body.codeIdentifier || '').trim();
+    const displayName = String(body.displayName || '').trim();
+    const sampleSize = body.sampleSize;
+
+    const result = await createOrUpdateExternalModel({
+      collectionName,
+      codeIdentifier,
+      displayName,
+      sampleSize,
+    });
+
+    return res.status(result.created ? 201 : 200).json({ item: result.item, inference: result.inference });
+  } catch (error) {
+    console.error('Error importing external model:', error);
+    return handleServiceError(res, error);
+  }
+};
+
+exports.syncExternalModel = async (req, res) => {
+  try {
+    const codeIdentifier = String(req.params.codeIdentifier || '').trim();
+    const existing = await getModelDefinitionByCode(codeIdentifier);
+    if (!existing) return res.status(404).json({ error: 'Model not found' });
+
+    const isExternal = existing.sourceType === 'external' || existing.isExternal === true;
+    if (!isExternal) {
+      return res.status(400).json({ error: 'Model is not external' });
+    }
+
+    const body = req.body && typeof req.body === 'object' ? req.body : {};
+    const sampleSize = body.sampleSize;
+
+    const result = await createOrUpdateExternalModel({
+      collectionName: existing.sourceCollectionName,
+      codeIdentifier: existing.codeIdentifier,
+      displayName: existing.displayName,
+      sampleSize,
+    });
+
+    return res.json({ item: result.item, inference: result.inference });
+  } catch (error) {
+    console.error('Error syncing external model:', error);
+    return handleServiceError(res, error);
+  }
+};
+
 exports.validateModelDefinition = async (req, res) => {
   try {
     const body = req.body || {};

package/src/controllers/adminMigration.controller.js

@@ -1,7 +1,11 @@
 const migrationService = require('../services/migration.service');
 
 function getModelRegistry() {
-  return globalThis?.saasbackend?.models || null;
+  // Try new registry first, then fallback to old registry for backward compatibility
+  if (globalThis?.saasbackend?.models && !globalThis?.superbackend?.models) {
+    console.warn('Deprecation: globalThis.saasbackend is deprecated. Use globalThis.superbackend instead.');
+  }
+  return globalThis?.superbackend?.models || globalThis?.saasbackend?.models || null;
 }
 
 function getModelByName(modelName) {

package/src/controllers/adminScripts.controller.js

@@ -0,0 +1,229 @@
+const ScriptDefinition = require('../models/ScriptDefinition');
+const ScriptRun = require('../models/ScriptRun');
+const { startRun, getRunBus } = require('../services/scriptsRunner.service');
+
+function toSafeJsonError(error) {
+  const msg = error?.message || 'Operation failed';
+  const code = error?.code;
+  if (code === 'VALIDATION') return { status: 400, body: { error: msg } };
+  if (code === 'NOT_FOUND') return { status: 404, body: { error: msg } };
+  if (code === 'CONFLICT') return { status: 409, body: { error: msg } };
+  return { status: 500, body: { error: msg } };
+}
+
+function normalizeEnv(env) {
+  const items = Array.isArray(env) ? env : [];
+  const out = [];
+  for (const it of items) {
+    if (!it || typeof it !== 'object') continue;
+    const key = String(it.key || '').trim();
+    if (!key) continue;
+    out.push({ key, value: String(it.value || '') });
+  }
+  return out;
+}
+
+exports.listScripts = async (req, res) => {
+  try {
+    const items = await ScriptDefinition.find().sort({ updatedAt: -1 }).lean();
+    res.json({ items });
+  } catch (err) {
+    const safe = toSafeJsonError(err);
+    res.status(safe.status).json(safe.body);
+  }
+};
+
+exports.getScript = async (req, res) => {
+  try {
+    const doc = await ScriptDefinition.findById(req.params.id).lean();
+    if (!doc) return res.status(404).json({ error: 'Not found' });
+    res.json({ item: doc });
+  } catch (err) {
+    const safe = toSafeJsonError(err);
+    res.status(safe.status).json(safe.body);
+  }
+};
+
+exports.createScript = async (req, res) => {
+  try {
+    const payload = req.body || {};
+
+    const doc = await ScriptDefinition.create({
+      name: String(payload.name || '').trim(),
+      codeIdentifier: String(payload.codeIdentifier || '').trim(),
+      description: String(payload.description || ''),
+      type: String(payload.type || '').trim(),
+      runner: String(payload.runner || '').trim(),
+      script: String(payload.script || ''),
+      defaultWorkingDirectory: String(payload.defaultWorkingDirectory || ''),
+      env: normalizeEnv(payload.env),
+      timeoutMs: payload.timeoutMs === undefined ? undefined : Number(payload.timeoutMs),
+      enabled: payload.enabled === undefined ? true : Boolean(payload.enabled),
+    });
+
+    res.status(201).json({ item: doc.toObject() });
+  } catch (err) {
+    const safe = toSafeJsonError(err);
+    res.status(safe.status).json(safe.body);
+  }
+};
+
+exports.updateScript = async (req, res) => {
+  try {
+    const payload = req.body || {};
+
+    const doc = await ScriptDefinition.findById(req.params.id);
+    if (!doc) return res.status(404).json({ error: 'Not found' });
+
+    if (payload.name !== undefined) doc.name = String(payload.name || '').trim();
+    if (payload.codeIdentifier !== undefined) doc.codeIdentifier = String(payload.codeIdentifier || '').trim();
+    if (payload.description !== undefined) doc.description = String(payload.description || '');
+    if (payload.type !== undefined) doc.type = String(payload.type || '').trim();
+    if (payload.runner !== undefined) doc.runner = String(payload.runner || '').trim();
+    if (payload.script !== undefined) doc.script = String(payload.script || '');
+    if (payload.defaultWorkingDirectory !== undefined) {
+      doc.defaultWorkingDirectory = String(payload.defaultWorkingDirectory || '');
+    }
+    if (payload.env !== undefined) doc.env = normalizeEnv(payload.env);
+    if (payload.timeoutMs !== undefined) doc.timeoutMs = Number(payload.timeoutMs || 0);
+    if (payload.enabled !== undefined) doc.enabled = Boolean(payload.enabled);
+
+    await doc.save();
+    res.json({ item: doc.toObject() });
+  } catch (err) {
+    const safe = toSafeJsonError(err);
+    res.status(safe.status).json(safe.body);
+  }
+};
+
+exports.deleteScript = async (req, res) => {
+  try {
+    const doc = await ScriptDefinition.findById(req.params.id);
+    if (!doc) return res.status(404).json({ error: 'Not found' });
+    await doc.deleteOne();
+    res.json({ ok: true });
+  } catch (err) {
+    const safe = toSafeJsonError(err);
+    res.status(safe.status).json(safe.body);
+  }
+};
+
+exports.runScript = async (req, res) => {
+  try {
+    const doc = await ScriptDefinition.findById(req.params.id);
+    if (!doc) return res.status(404).json({ error: 'Not found' });
+    if (!doc.enabled) return res.status(400).json({ error: 'Script is disabled' });
+
+    const result = await startRun(doc, { trigger: 'manual', meta: { actorType: 'basicAuth' } });
+    res.json(result);
+  } catch (err) {
+    const safe = toSafeJsonError(err);
+    res.status(safe.status).json(safe.body);
+  }
+};
+
+exports.getRun = async (req, res) => {
+  try {
+    const run = await ScriptRun.findById(req.params.runId).lean();
+    if (!run) return res.status(404).json({ error: 'Not found' });
+    res.json({ item: run });
+  } catch (err) {
+    const safe = toSafeJsonError(err);
+    res.status(safe.status).json(safe.body);
+  }
+};
+
+exports.listRuns = async (req, res) => {
+  try {
+    const filter = {};
+    if (req.query.scriptId) filter.scriptId = req.query.scriptId;
+
+    const items = await ScriptRun.find(filter)
+      .sort({ createdAt: -1 })
+      .limit(50)
+      .lean();
+
+    res.json({ items });
+  } catch (err) {
+    const safe = toSafeJsonError(err);
+    res.status(safe.status).json(safe.body);
+  }
+};
+
+exports.streamRun = async (req, res) => {
+  try {
+    const runId = String(req.params.runId);
+
+    res.status(200);
+    res.setHeader('Content-Type', 'text/event-stream');
+    res.setHeader('Cache-Control', 'no-cache');
+    res.setHeader('Connection', 'keep-alive');
+
+    const bus = getRunBus(runId);
+
+    const since = Number(req.query.since || 0);
+    if (bus) {
+      const existing = bus.snapshot(since);
+      for (const e of existing) {
+        res.write(`event: ${e.type}\n`);
+        res.write(`data: ${JSON.stringify(e)}\n\n`);
+      }
+
+      const onEvent = (e) => {
+        res.write(`event: ${e.type}\n`);
+        res.write(`data: ${JSON.stringify(e)}\n\n`);
+      };
+      const cleanup = () => {
+        clearInterval(heartbeat);
+        bus.emitter.off('event', onEvent);
+        bus.emitter.off('close', onClose);
+      };
+
+      const onClose = () => {
+        cleanup();
+        res.end();
+      };
+
+      const heartbeat = setInterval(() => {
+        res.write(`: ping\n\n`);
+      }, 15000);
+      heartbeat.unref();
+
+      bus.emitter.on('event', onEvent);
+      bus.emitter.once('close', onClose);
+
+      req.on('close', () => {
+        cleanup();
+      });
+
+      return;
+    }
+
+    const run = await ScriptRun.findById(runId).lean();
+    if (!run) {
+      res.write(`event: error\n`);
+      res.write(`data: ${JSON.stringify({ error: 'Not found' })}\n\n`);
+      return res.end();
+    }
+
+    if (run.outputTail) {
+      res.write(`event: log\n`);
+      res.write(
+        `data: ${JSON.stringify({ seq: 1, type: 'log', ts: new Date().toISOString(), stream: 'stdout', line: run.outputTail })}\n\n`,
+      );
+    }
+    res.write(`event: status\n`);
+    res.write(
+      `data: ${JSON.stringify({ seq: 2, type: 'status', ts: new Date().toISOString(), status: run.status, exitCode: run.exitCode })}\n\n`,
+    );
+    res.write(`event: done\n`);
+    res.write(
+      `data: ${JSON.stringify({ seq: 3, type: 'done', ts: new Date().toISOString(), status: run.status, exitCode: run.exitCode })}\n\n`,
+    );
+    return res.end();
+  } catch (err) {
+    res.write(`event: error\n`);
+    res.write(`data: ${JSON.stringify({ error: err?.message || 'Stream error' })}\n\n`);
+    return res.end();
+  }
+};

package/src/controllers/adminTerminals.controller.js

@@ -0,0 +1,39 @@
+const {
+  createSession,
+  listSessions,
+  killSession,
+} = require('../services/terminals.service');
+
+function handleError(res, err) {
+  const msg = err?.message || 'Operation failed';
+  const code = err?.code;
+  if (code === 'NOT_FOUND') return res.status(404).json({ error: msg });
+  if (code === 'LIMIT') return res.status(429).json({ error: msg });
+  return res.status(500).json({ error: msg });
+}
+
+exports.createSession = async (req, res) => {
+  try {
+    const { cols, rows } = req.body || {};
+    const result = createSession({ cols, rows });
+    res.json(result);
+  } catch (err) {
+    handleError(res, err);
+  }
+};
+
+exports.listSessions = async (req, res) => {
+  try {
+    res.json({ items: listSessions() });
+  } catch (err) {
+    handleError(res, err);
+  }
+};
+
+exports.killSession = async (req, res) => {
+  try {
+    res.json(killSession(req.params.sessionId));
+  } catch (err) {
+    handleError(res, err);
+  }
+};