@intranefr/superbackend 1.5.0 → 1.5.2

package/src/controllers/adminScripts.controller.js

@@ -1,6 +1,8 @@
 const ScriptDefinition = require('../models/ScriptDefinition');
 const ScriptRun = require('../models/ScriptRun');
+const { basicAuth } = require('../middleware/auth');
 const { startRun, getRunBus } = require('../services/scriptsRunner.service');
+const { logAuditSync } = require('../services/auditLogger');
 
 function toSafeJsonError(error) {
   const msg = error?.message || 'Operation failed';
@@ -23,6 +25,35 @@ function normalizeEnv(env) {
   return out;
 }
 
+// Helper functions for base64 handling
+function isBase64(str) {
+  try {
+    return Buffer.from(str, 'base64').toString('base64') === str;
+  } catch (err) {
+    return false;
+  }
+}
+
+function isValidBase64(str) {
+  try {
+    Buffer.from(str, 'base64');
+    return true;
+  } catch (err) {
+    return false;
+  }
+}
+
+function decodeScriptContent(script, format) {
+  if (format === 'base64') {
+    try {
+      return Buffer.from(script, 'base64').toString('utf8');
+    } catch (err) {
+      throw new Error('Failed to decode base64 script content');
+    }
+  }
+  return script;
+}
+
 exports.listScripts = async (req, res) => {
   try {
     const items = await ScriptDefinition.find().sort({ updatedAt: -1 }).lean();
@@ -45,42 +76,115 @@ exports.getScript = async (req, res) => {
 };
 
 exports.createScript = async (req, res) => {
+  let created = null;
   try {
+    console.log('[createScript] Starting script creation...');
+    console.log('[createScript] Request body keys:', Object.keys(req.body || {}));
+    
     const payload = req.body || {};
+    console.log('[createScript] Payload name:', payload.name);
+    console.log('[createScript] Payload type:', payload.type);
+    console.log('[createScript] Payload runner:', payload.runner);
+    console.log('[createScript] Script length:', (payload.script || '').length);
+    console.log('[createScript] Script format:', payload.scriptFormat);
+
+    // Handle script content encoding
+    let scriptContent = String(payload.script || '');
+    let scriptFormat = payload.scriptFormat || 'string';
+
+    // Auto-detect base64 if not specified and content looks like base64
+    if (scriptFormat === 'string' && isBase64(scriptContent)) {
+      scriptFormat = 'base64';
+      console.log('[createScript] Auto-detected base64 format');
+    }
+
+    // Validate base64 content if format is base64
+    if (scriptFormat === 'base64' && !isValidBase64(scriptContent)) {
+      console.log('[createScript] Invalid base64 content detected');
+      throw new Error('Invalid base64 script content');
+    }
 
+    console.log('[createScript] About to create ScriptDefinition...');
     const doc = await ScriptDefinition.create({
       name: String(payload.name || '').trim(),
       codeIdentifier: String(payload.codeIdentifier || '').trim(),
       description: String(payload.description || ''),
       type: String(payload.type || '').trim(),
       runner: String(payload.runner || '').trim(),
-      script: String(payload.script || ''),
+      script: scriptContent,
+      scriptFormat: scriptFormat,
       defaultWorkingDirectory: String(payload.defaultWorkingDirectory || ''),
       env: normalizeEnv(payload.env),
       timeoutMs: payload.timeoutMs === undefined ? undefined : Number(payload.timeoutMs),
       enabled: payload.enabled === undefined ? true : Boolean(payload.enabled),
     });
+    
+    console.log('[createScript] ScriptDefinition created successfully');
 
+    created = doc.toObject();
+    console.log('[createScript] About to create audit entry...');
+    console.log('[createScript] Script created successfully:', { name: created.name, id: created._id });
+    
+    logAuditSync({
+      req,
+      action: 'scripts.create',
+      outcome: 'success',
+      entityType: 'ScriptDefinition',
+      entityId: created._id,
+      data: { name: created.name },
+    });
+    
+    console.log('[createScript] About to send response...');
     res.status(201).json({ item: doc.toObject() });
+    console.log('[createScript] Response sent successfully');
   } catch (err) {
+    console.log('[createScript] ERROR occurred:', err);
+    console.log('[createScript] ERROR stack:', err.stack);
+    console.log('[createScript] ERROR message:', err.message);
+    console.log('[createScript] ERROR code:', err.code);
+    
+    console.log('[createScript] Script creation failed:', { error: err?.message || 'Operation failed' });
     const safe = toSafeJsonError(err);
+    console.log('[createScript] Safe error:', safe);
     res.status(safe.status).json(safe.body);
   }
 };
 
 exports.updateScript = async (req, res) => {
+  let before = null;
+  let after = null;
   try {
     const payload = req.body || {};
 
     const doc = await ScriptDefinition.findById(req.params.id);
     if (!doc) return res.status(404).json({ error: 'Not found' });
 
+    before = doc.toObject();
+
+    // Handle script content encoding
+    if (payload.script !== undefined) {
+      let scriptContent = String(payload.script || '');
+      let scriptFormat = payload.scriptFormat || doc.scriptFormat || 'string';
+
+      // Auto-detect base64 if not specified and content looks like base64
+      if (scriptFormat === 'string' && isBase64(scriptContent)) {
+        scriptFormat = 'base64';
+      }
+
+      // Validate base64 content if format is base64
+      if (scriptFormat === 'base64' && !isValidBase64(scriptContent)) {
+        throw new Error('Invalid base64 script content');
+      }
+
+      doc.script = scriptContent;
+      doc.scriptFormat = scriptFormat;
+    }
+
     if (payload.name !== undefined) doc.name = String(payload.name || '').trim();
     if (payload.codeIdentifier !== undefined) doc.codeIdentifier = String(payload.codeIdentifier || '').trim();
     if (payload.description !== undefined) doc.description = String(payload.description || '');
     if (payload.type !== undefined) doc.type = String(payload.type || '').trim();
     if (payload.runner !== undefined) doc.runner = String(payload.runner || '').trim();
-    if (payload.script !== undefined) doc.script = String(payload.script || '');
     if (payload.defaultWorkingDirectory !== undefined) {
       doc.defaultWorkingDirectory = String(payload.defaultWorkingDirectory || '');
     }
@@ -89,34 +193,52 @@ exports.updateScript = async (req, res) => {
     if (payload.enabled !== undefined) doc.enabled = Boolean(payload.enabled);
 
     await doc.save();
+    after = doc.toObject();
+    console.log('[updateScript] Script updated successfully:', { name: after.name, id: after._id });
     res.json({ item: doc.toObject() });
   } catch (err) {
+    console.log('[updateScript] ERROR occurred:', err);
+    console.log('[updateScript] ERROR message:', err.message);
     const safe = toSafeJsonError(err);
     res.status(safe.status).json(safe.body);
   }
 };
 
 exports.deleteScript = async (req, res) => {
+  let before = null;
   try {
     const doc = await ScriptDefinition.findById(req.params.id);
     if (!doc) return res.status(404).json({ error: 'Not found' });
+    before = doc.toObject();
     await doc.deleteOne();
+
+    console.log('[deleteScript] Script deleted successfully:', { name: before.name, id: before._id });
     res.json({ ok: true });
   } catch (err) {
+    console.log('[deleteScript] ERROR occurred:', err);
+    console.log('[deleteScript] ERROR message:', err.message);
     const safe = toSafeJsonError(err);
     res.status(safe.status).json(safe.body);
   }
 };
 
 exports.runScript = async (req, res) => {
+  let script = null;
   try {
     const doc = await ScriptDefinition.findById(req.params.id);
     if (!doc) return res.status(404).json({ error: 'Not found' });
     if (!doc.enabled) return res.status(400).json({ error: 'Script is disabled' });
 
-    const result = await startRun(doc, { trigger: 'manual', meta: { actorType: 'basicAuth' } });
-    res.json(result);
+    script = doc.toObject();
+
+    const runDoc = await startRun(doc, { trigger: 'manual', meta: { actorType: 'basicAuth' } });
+
+    console.log('[runScript] Script executed successfully:', { name: script.name, runId: runDoc._id });
+
+    res.json({ runId: String(runDoc._id) });
   } catch (err) {
+    console.log('[runScript] ERROR occurred:', err);
+    console.log('[runScript] ERROR message:', err.message);
     const safe = toSafeJsonError(err);
     res.status(safe.status).json(safe.body);
   }

package/src/controllers/adminSeoConfig.controller.js

@@ -1,4 +1,3 @@
-const OpenAI = require('openai');
 const fs = require('fs');
 const path = require('path');
 
@@ -15,6 +14,9 @@ const {
   DEFAULT_OG_PNG_OUTPUT_PATH,
 } = require('../services/seoConfig.service');
 
+const llmService = require('../services/llm.service');
+const { resolveLlmProviderModel } = require('../services/llmDefaults.service');
+
 function handleServiceError(res, error) {
   const msg = error?.message || 'Operation failed';
   const code = error?.code;
@@ -231,6 +233,7 @@ exports.seoConfigAiGenerateEntry = async (req, res) => {
     const viewPath = String(req.body?.viewPath || '').trim();
     const routePath = validateRoutePathOrThrow(req.body?.routePath);
     const modelOverride = req.body?.model;
+    const providerKeyOverride = req.body?.providerKey;
 
     if (!viewPath || !viewPath.endsWith('.ejs')) {
       return res.status(400).json({ error: 'viewPath is required and must end with .ejs' });
@@ -250,12 +253,18 @@ exports.seoConfigAiGenerateEntry = async (req, res) => {
       return res.status(400).json({ error: 'view file is too large' });
     }
 
-    const apiKey = await getSeoconfigOpenRouterApiKey();
-    if (!apiKey) {
-      return res.status(400).json({ error: 'AI is disabled (missing OpenRouter API key)' });
-    }
+    const resolved = await resolveLlmProviderModel({
+      systemKey: 'seoConfig.entry.generate',
+      providerKey: providerKeyOverride,
+      model: modelOverride,
+    });
 
-    const model = modelOverride || (await getSeoconfigOpenRouterModel());
+    const legacyApiKey = await getSeoconfigOpenRouterApiKey();
+    const runtimeOptions = (resolved.providerKey === 'openrouter' && legacyApiKey)
+      ? { apiKey: legacyApiKey, baseUrl: 'https://openrouter.ai/api/v1' }
+      : {};
+
+    const model = resolved.model || (await getSeoconfigOpenRouterModel());
 
     const { data } = await getSeoConfigData();
     const siteName = data?.siteName || '';
@@ -263,11 +272,6 @@ exports.seoConfigAiGenerateEntry = async (req, res) => {
 
     const ejsSource = await fs.promises.readFile(abs, 'utf8');
 
-    const client = new OpenAI({
-      apiKey,
-      baseURL: 'https://openrouter.ai/api/v1',
-    });
-
     const prompt = buildSeoEntryPromptFromEjs({
       routePath,
       viewRelPath: viewPath,
@@ -276,15 +280,20 @@ exports.seoConfigAiGenerateEntry = async (req, res) => {
       baseUrl,
     });
 
-    const resp = await client.chat.completions.create({
-      model,
-      messages: [{ role: 'user', content: prompt }],
-    });
+    const resp = await llmService.callAdhoc(
+      {
+        providerKey: resolved.providerKey,
+        model,
+        messages: [{ role: 'user', content: prompt }],
+        promptKeyForAudit: 'seoConfig.entry.generate',
+      },
+      runtimeOptions,
+    );
 
-    const out = resp.choices?.[0]?.message?.content || '';
+    const out = resp.content || '';
     const entry = parseAiJsonObjectOrThrow(out);
 
-    return res.json({ routePath, entry, model });
+    return res.json({ routePath, entry, model, providerKey: resolved.providerKey });
   } catch (error) {
     const code = error?.code;
     if (code === 'VALIDATION') {
@@ -323,6 +332,7 @@ exports.seoConfigAiImproveEntry = async (req, res) => {
     const routePath = validateRoutePathOrThrow(req.body?.routePath);
     const instruction = String(req.body?.instruction || '').trim();
     const modelOverride = req.body?.model;
+    const providerKeyOverride = req.body?.providerKey;
 
     if (!instruction) {
       return res.status(400).json({ error: 'instruction is required' });
@@ -331,12 +341,18 @@ exports.seoConfigAiImproveEntry = async (req, res) => {
       return res.status(400).json({ error: 'instruction is too large' });
     }
 
-    const apiKey = await getSeoconfigOpenRouterApiKey();
-    if (!apiKey) {
-      return res.status(400).json({ error: 'AI is disabled (missing OpenRouter API key)' });
-    }
+    const resolved = await resolveLlmProviderModel({
+      systemKey: 'seoConfig.entry.improve',
+      providerKey: providerKeyOverride,
+      model: modelOverride,
+    });
 
-    const model = modelOverride || (await getSeoconfigOpenRouterModel());
+    const legacyApiKey = await getSeoconfigOpenRouterApiKey();
+    const runtimeOptions = (resolved.providerKey === 'openrouter' && legacyApiKey)
+      ? { apiKey: legacyApiKey, baseUrl: 'https://openrouter.ai/api/v1' }
+      : {};
+
+    const model = resolved.model || (await getSeoconfigOpenRouterModel());
 
     const { data } = await getSeoConfigData();
     const siteName = data?.siteName || '';
@@ -346,11 +362,6 @@ exports.seoConfigAiImproveEntry = async (req, res) => {
       return res.status(404).json({ error: `No existing entry for ${routePath}` });
     }
 
-    const client = new OpenAI({
-      apiKey,
-      baseURL: 'https://openrouter.ai/api/v1',
-    });
-
     const prompt = buildSeoEntryPromptImprove({
       routePath,
       existingEntry,
@@ -359,15 +370,20 @@ exports.seoConfigAiImproveEntry = async (req, res) => {
       baseUrl,
     });
 
-    const resp = await client.chat.completions.create({
-      model,
-      messages: [{ role: 'user', content: prompt }],
-    });
+    const resp = await llmService.callAdhoc(
+      {
+        providerKey: resolved.providerKey,
+        model,
+        messages: [{ role: 'user', content: prompt }],
+        promptKeyForAudit: 'seoConfig.entry.improve',
+      },
+      runtimeOptions,
+    );
 
-    const out = resp.choices?.[0]?.message?.content || '';
+    const out = resp.content || '';
     const entry = parseAiJsonObjectOrThrow(out);
 
-    return res.json({ routePath, entry, model });
+    return res.json({ routePath, entry, model, providerKey: resolved.providerKey });
   } catch (error) {
     const code = error?.code;
     if (code === 'VALIDATION') {
@@ -469,6 +485,7 @@ exports.aiEditSvg = async (req, res) => {
     const svgRaw = req.body?.svgRaw;
     const instruction = req.body?.instruction;
     const modelOverride = req.body?.model;
+    const providerKeyOverride = req.body?.providerKey;
 
     if (typeof svgRaw !== 'string' || svgRaw.trim() === '') {
       return res.status(400).json({ error: 'svgRaw is required' });
@@ -484,30 +501,36 @@ exports.aiEditSvg = async (req, res) => {
       return res.status(400).json({ error: 'instruction is too large' });
     }
 
-    const apiKey = await getSeoconfigOpenRouterApiKey();
-    if (!apiKey) {
-      return res.status(400).json({ error: 'AI is disabled (missing OpenRouter API key)' });
-    }
+    const resolved = await resolveLlmProviderModel({
+      systemKey: 'seoConfig.ogSvg.edit',
+      providerKey: providerKeyOverride,
+      model: modelOverride,
+    });
 
-    const model = modelOverride || (await getSeoconfigOpenRouterModel());
+    const legacyApiKey = await getSeoconfigOpenRouterApiKey();
+    const runtimeOptions = (resolved.providerKey === 'openrouter' && legacyApiKey)
+      ? { apiKey: legacyApiKey, baseUrl: 'https://openrouter.ai/api/v1' }
+      : {};
 
-    const client = new OpenAI({
-      apiKey,
-      baseURL: 'https://openrouter.ai/api/v1',
-    });
+    const model = resolved.model || (await getSeoconfigOpenRouterModel());
 
     const prompt = buildSvgAiPrompt({ svg: svgRaw, instruction });
-    const resp = await client.chat.completions.create({
-      model,
-      messages: [{ role: 'user', content: prompt }],
-    });
+    const resp = await llmService.callAdhoc(
+      {
+        providerKey: resolved.providerKey,
+        model,
+        messages: [{ role: 'user', content: prompt }],
+        promptKeyForAudit: 'seoConfig.ogSvg.edit',
+      },
+      runtimeOptions,
+    );
 
-    const out = resp.choices?.[0]?.message?.content?.trim() || '';
+    const out = String(resp.content || '').trim();
     if (!out.startsWith('<svg') || !out.includes('</svg>')) {
       return res.status(500).json({ error: 'AI returned invalid SVG' });
     }
 
-    return res.json({ svgRaw: out, model });
+    return res.json({ svgRaw: out, model, providerKey: resolved.providerKey });
   } catch (error) {
     console.error('Error editing SVG with AI:', error);
     return res.status(500).json({ error: error?.message || 'Failed to edit SVG' });