@intranefr/superbackend 1.5.1 → 1.5.3

package/package.json

@@ -1,11 +1,11 @@
 {
   "name": "@intranefr/superbackend",
-  "version": "1.5.1",
+  "version": "1.5.3",
   "description": "Node.js middleware that gives your project backend superpowers",
   "main": "index.js",
   "scripts": {
     "start": "node server.js",
-    "dev": "nodemon --verbose --ignore uploads --ignore '*.log' server.js",
+    "dev": "nodemon --verbose --ignore uploads --ignore stdout.log --ignore '*.log' server.js",
     "start:minio": "docker compose -f compose.standalone.yml --profile minio-only up -d minio",
     "minio:envs": "node -e \"console.log(['S3_ENDPOINT=http://localhost:9000','S3_REGION=us-east-1','S3_ACCESS_KEY_ID=minioadmin','S3_SECRET_ACCESS_KEY=minioadmin','S3_BUCKET=saasbackend','S3_FORCE_PATH_STYLE=true'].join('\\n'))\"",
     "build:sdk:error-tracking:browser": "esbuild sdk/error-tracking/browser/src/embed.js --bundle --format=iife --global-name=saasbackendErrorTrackingEmbed --outfile=sdk/error-tracking/browser/dist/embed.iife.js",
@@ -47,11 +47,13 @@
     "mysql2": "^3.16.1",
     "node-cron": "^4.2.1",
     "node-pty": "^1.1.0",
+    "node-telegram-bot-api": "^0.67.0",
     "openai": "^4.0.0",
     "redis": "^4.7.1",
     "resend": "^6.4.0",
     "ssh2-sftp-client": "^12.0.1",
     "stripe": "^14.0.0",
+    "terminal-kit": "^3.1.2",
     "vm2": "^3.10.0",
     "ws": "^8.18.0"
   },
@@ -63,6 +65,7 @@
   },
   "jest": {
     "testEnvironment": "node",
+    "testTimeout": 15000,
     "collectCoverageFrom": [
       "src/**/*.js",
       "!src/**/*.test.js"

package/src/controllers/admin.controller.js

@@ -10,6 +10,7 @@ const FormSubmission = require('../models/FormSubmission');
 const asyncHandler = require('../utils/asyncHandler');
 const fs = require('fs');
 const path = require('path');
+const crypto = require('crypto');
 const stripe = require('stripe')(process.env.STRIPE_SECRET_KEY);
 const { generateAccessToken, generateRefreshToken } = require('../utils/jwt');
 const { retryFailedWebhooks, processWebhookEvent } = require('../utils/webhookRetry');
@@ -351,7 +352,7 @@ const getWebhookStats = asyncHandler(async (req, res) => {
 const provisionCoolifyDeploy = asyncHandler(async (req, res) => {
   try {
     const { overwrite } = req.body;
-    const managePath = path.join(process.cwd(), "manage.sh");
+    const managePath = path.join(process.cwd(), "manage.js");
     const exists = fs.existsSync(managePath);
 
     if (exists && !overwrite) {
@@ -362,13 +363,19 @@ const provisionCoolifyDeploy = asyncHandler(async (req, res) => {
       });
     }
 
-    // In ref-superbackend, manage.sh already exists in the root of the repository
-    // If it didn't, we would write it here. For this case, we'll just success.
+    // Copy the improved manage.js from polybot
+    const sourceManageJs = path.join(__dirname, "../../../manage.js");
+    if (fs.existsSync(sourceManageJs)) {
+      fs.copyFileSync(sourceManageJs, managePath);
+      // Make it executable
+      fs.chmodSync(managePath, '755');
+    }
+
     res.json({
       success: true,
       message: exists
-        ? "Coolify Headless Deploy script (manage.sh) was already there."
-        : "Coolify Headless Deploy script (manage.sh) is ready in the root directory.",
+        ? "Coolify Headless Deploy script (manage.js) was updated."
+        : "Coolify Headless Deploy script (manage.js) is ready in the root directory.",
       path: managePath,
     });
   } catch (error) {
@@ -458,6 +465,71 @@ async function cleanupUserData(userId) {
   }
 }
 
+const generateTokenForEmail = asyncHandler(async (req, res) => {
+  const { email } = req.body;
+  
+  if (!email) {
+    return res.status(400).json({ error: 'Email is required' });
+  }
+
+  // Find or create user
+  let user = await User.findOne({ email: email.toLowerCase() });
+  
+  if (!user) {
+    // Generate random password
+    const randomPassword = crypto.randomBytes(16).toString('hex');
+    
+    // Create user with admin role
+    user = new User({
+      email: email.toLowerCase(),
+      passwordHash: randomPassword,
+      name: email,
+      role: 'admin'  // All auto-created users get admin role
+    });
+    
+    await user.save();
+    
+    // Create default organization automatically
+    const defaultOrgSlug = process.env.POLYBOT_DEFAULT_ORG_SLUG || 'polybot';
+    const defaultOrgName = process.env.POLYBOT_DEFAULT_ORG_NAME || 'Polybot';
+    
+    let org = await Organization.findOne({ slug: defaultOrgSlug });
+    if (!org) {
+      org = new Organization({
+        name: defaultOrgName,
+        slug: defaultOrgSlug,
+        ownerUserId: user._id
+      });
+      await org.save();
+    }
+    
+    // Add user to organization
+    const existingMember = await OrganizationMember.findOne({
+      userId: user._id,
+      orgId: org._id
+    });
+    
+    if (!existingMember) {
+      const member = new OrganizationMember({
+        userId: user._id,
+        orgId: org._id,
+        role: 'admin'
+      });
+      await member.save();
+    }
+  }
+
+  // Generate tokens with 1 second expiry for access, 2 hours for refresh
+  const token = generateAccessToken(user._id, user.role);
+  const refreshToken = generateRefreshToken(user._id);
+
+  res.json({ 
+    token, 
+    refreshToken, 
+    user: user.toJSON() 
+  });
+});
+
 module.exports = {
   getUsers,
   registerUser,
@@ -467,10 +539,11 @@ module.exports = {
   deleteUser,
   reconcileUser,
   generateToken,
+  generateTokenForEmail,
   getWebhookEvents,
   getWebhookEvent,
   retryFailedWebhookEvents,
   retrySingleWebhookEvent,
   getWebhookStats,
-  provisionCoolifyDeploy
+  provisionCoolifyDeploy,
 };

package/src/controllers/adminAgents.controller.js

@@ -0,0 +1,37 @@
+const Agent = require('../models/Agent');
+
+exports.listAgents = async (req, res) => {
+  try {
+    const agents = await Agent.find().lean();
+    return res.json({ items: agents });
+  } catch (error) {
+    return res.status(500).json({ error: error.message });
+  }
+};
+
+exports.createAgent = async (req, res) => {
+  try {
+    const agent = await Agent.create(req.body);
+    return res.json(agent);
+  } catch (error) {
+    return res.status(500).json({ error: error.message });
+  }
+};
+
+exports.updateAgent = async (req, res) => {
+  try {
+    const agent = await Agent.findByIdAndUpdate(req.params.id, req.body, { new: true });
+    return res.json(agent);
+  } catch (error) {
+    return res.status(500).json({ error: error.message });
+  }
+};
+
+exports.deleteAgent = async (req, res) => {
+  try {
+    await Agent.findByIdAndDelete(req.params.id);
+    return res.json({ success: true });
+  } catch (error) {
+    return res.status(500).json({ error: error.message });
+  }
+};

package/src/controllers/adminExperiments.controller.js

@@ -0,0 +1,200 @@
+const mongoose = require('mongoose');
+
+const Experiment = require('../models/Experiment');
+const ExperimentMetricBucket = require('../models/ExperimentMetricBucket');
+
+const experimentsService = require('../services/experiments.service');
+
+function toSafeJsonError(error) {
+  const msg = error?.message || 'Operation failed';
+  const code = error?.code;
+  if (code === 'VALIDATION') return { status: 400, body: { error: msg } };
+  if (code === 'NOT_FOUND') return { status: 404, body: { error: msg } };
+  if (code === 'CONFLICT') return { status: 409, body: { error: msg } };
+  return { status: 500, body: { error: msg } };
+}
+
+function isValidObjectId(id) {
+  return id && mongoose.Types.ObjectId.isValid(String(id));
+}
+
+function normalizeVariant(v) {
+  const key = String(v?.key || '').trim();
+  const weight = Number(v?.weight || 0) || 0;
+  const configSlug = String(v?.configSlug || '').trim();
+  if (!key) return null;
+  return { key, weight, configSlug };
+}
+
+function normalizeMetric(d) {
+  const key = String(d?.key || '').trim();
+  const kind = String(d?.kind || '').trim() || 'count';
+  if (!key) return null;
+  return {
+    key,
+    kind,
+    numeratorEventKey: String(d?.numeratorEventKey || '').trim(),
+    denominatorEventKey: String(d?.denominatorEventKey || '').trim(),
+    objective: String(d?.objective || 'maximize').trim() === 'minimize' ? 'minimize' : 'maximize',
+  };
+}
+
+exports.list = async (req, res) => {
+  try {
+    const orgId = req.query.orgId || null;
+    const q = {};
+    if (orgId) q.organizationId = orgId;
+
+    const items = await Experiment.find(q).sort({ updatedAt: -1 }).lean();
+    return res.json({ items });
+  } catch (err) {
+    const safe = toSafeJsonError(err);
+    return res.status(safe.status).json(safe.body);
+  }
+};
+
+exports.get = async (req, res) => {
+  try {
+    const id = req.params.id;
+    const doc = await Experiment.findById(id).lean();
+    if (!doc) return res.status(404).json({ error: 'Not found' });
+    return res.json({ item: doc });
+  } catch (err) {
+    const safe = toSafeJsonError(err);
+    return res.status(safe.status).json(safe.body);
+  }
+};
+
+exports.create = async (req, res) => {
+  try {
+    const p = req.body || {};
+
+    const orgId = p.organizationId === null || p.organizationId === '' ? null : p.organizationId;
+    if (orgId && !isValidObjectId(orgId)) {
+      return res.status(400).json({ error: 'Invalid organizationId' });
+    }
+
+    const code = String(p.code || '').trim();
+    if (!code) return res.status(400).json({ error: 'code is required' });
+
+    const variants = (Array.isArray(p.variants) ? p.variants : []).map(normalizeVariant).filter(Boolean);
+    const primaryMetric = normalizeMetric(p.primaryMetric);
+    if (!primaryMetric) return res.status(400).json({ error: 'primaryMetric is required' });
+
+    const doc = await Experiment.create({
+      organizationId: orgId || null,
+      code,
+      name: String(p.name || '').trim(),
+      description: String(p.description || '').trim(),
+      status: String(p.status || 'draft'),
+      startedAt: p.startedAt ? new Date(p.startedAt) : null,
+      endsAt: p.endsAt ? new Date(p.endsAt) : null,
+      assignment: { unit: 'subjectId', sticky: p.assignment?.sticky !== false, salt: String(p.assignment?.salt || '').trim() },
+      variants,
+      primaryMetric,
+      secondaryMetrics: (Array.isArray(p.secondaryMetrics) ? p.secondaryMetrics : []).map(normalizeMetric).filter(Boolean),
+      winnerPolicy: {
+        mode: String(p.winnerPolicy?.mode || 'manual') === 'automatic' ? 'automatic' : 'manual',
+        pickAfterMs: Number(p.winnerPolicy?.pickAfterMs || 0) || 0,
+        minAssignments: Number(p.winnerPolicy?.minAssignments || 0) || 0,
+        minExposures: Number(p.winnerPolicy?.minExposures || 0) || 0,
+        minConversions: Number(p.winnerPolicy?.minConversions || 0) || 0,
+        statMethod: String(p.winnerPolicy?.statMethod || 'simple_rate'),
+        overrideWinnerVariantKey: String(p.winnerPolicy?.overrideWinnerVariantKey || '').trim(),
+      },
+      createdByUserId: req.user?._id || null,
+      updatedByUserId: req.user?._id || null,
+    });
+
+    await experimentsService.clearExperimentCaches(doc._id);
+
+    return res.status(201).json({ item: doc.toObject() });
+  } catch (err) {
+    const safe = toSafeJsonError(err);
+    return res.status(safe.status).json(safe.body);
+  }
+};
+
+exports.update = async (req, res) => {
+  try {
+    const id = req.params.id;
+    const p = req.body || {};
+
+    const doc = await Experiment.findById(id);
+    if (!doc) return res.status(404).json({ error: 'Not found' });
+
+    if (p.name !== undefined) doc.name = String(p.name || '').trim();
+    if (p.description !== undefined) doc.description = String(p.description || '').trim();
+    if (p.status !== undefined) doc.status = String(p.status);
+    if (p.startedAt !== undefined) doc.startedAt = p.startedAt ? new Date(p.startedAt) : null;
+    if (p.endsAt !== undefined) doc.endsAt = p.endsAt ? new Date(p.endsAt) : null;
+
+    if (p.variants !== undefined) {
+      doc.variants = (Array.isArray(p.variants) ? p.variants : []).map(normalizeVariant).filter(Boolean);
+    }
+
+    if (p.primaryMetric !== undefined) {
+      const m = normalizeMetric(p.primaryMetric);
+      if (!m) return res.status(400).json({ error: 'primaryMetric is required' });
+      doc.primaryMetric = m;
+    }
+
+    if (p.secondaryMetrics !== undefined) {
+      doc.secondaryMetrics = (Array.isArray(p.secondaryMetrics) ? p.secondaryMetrics : []).map(normalizeMetric).filter(Boolean);
+    }
+
+    if (p.winnerPolicy !== undefined) {
+      doc.winnerPolicy = {
+        ...(doc.winnerPolicy?.toObject ? doc.winnerPolicy.toObject() : doc.winnerPolicy),
+        ...(p.winnerPolicy || {}),
+      };
+    }
+
+    doc.updatedByUserId = req.user?._id || null;
+
+    await doc.save();
+    await experimentsService.clearExperimentCaches(doc._id);
+
+    return res.json({ item: doc.toObject() });
+  } catch (err) {
+    const safe = toSafeJsonError(err);
+    return res.status(safe.status).json(safe.body);
+  }
+};
+
+exports.remove = async (req, res) => {
+  try {
+    const id = req.params.id;
+    const doc = await Experiment.findById(id);
+    if (!doc) return res.status(404).json({ error: 'Not found' });
+
+    await doc.deleteOne();
+    await experimentsService.clearExperimentCaches(id);
+
+    return res.json({ success: true });
+  } catch (err) {
+    const safe = toSafeJsonError(err);
+    return res.status(safe.status).json(safe.body);
+  }
+};
+
+exports.getMetrics = async (req, res) => {
+  try {
+    const experimentId = req.params.id;
+    const start = req.query.start ? new Date(req.query.start) : null;
+    const end = req.query.end ? new Date(req.query.end) : null;
+
+    const q = { experimentId };
+    if (start || end) {
+      q.bucketStart = {};
+      if (start) q.bucketStart.$gte = start;
+      if (end) q.bucketStart.$lte = end;
+    }
+
+    const buckets = await ExperimentMetricBucket.find(q).sort({ bucketStart: 1 }).lean();
+    return res.json({ buckets });
+  } catch (err) {
+    const safe = toSafeJsonError(err);
+    return res.status(safe.status).json(safe.body);
+  }
+};

package/src/controllers/adminLlm.controller.js

@@ -387,6 +387,24 @@ async function listCosts(req, res) {
   }
 }
 
+async function listProviders(req, res) {
+  try {
+    const providers = await getJsonSetting(PROVIDERS_KEY, {});
+    const safeProviders = {};
+    if (providers && typeof providers === "object") {
+      for (const [key, value] of Object.entries(providers)) {
+        if (!value || typeof value !== "object") continue;
+        const { apiKey, ...rest } = value;
+        safeProviders[key] = rest;
+      }
+    }
+    res.json({ providers: safeProviders });
+  } catch (error) {
+    console.error("[adminLlm] listProviders error", error);
+    res.status(500).json({ error: "Failed to load providers" });
+  }
+}
+
 module.exports = {
   getConfig,
   saveConfig,
@@ -394,4 +412,5 @@ module.exports = {
   listAudit,
   listCosts,
   listOpenRouterModels,
+  listProviders,
 };

package/src/controllers/adminMarkdowns.controller.js

@@ -0,0 +1,157 @@
+const {
+  ERROR_CODES,
+  listMarkdowns,
+  getMarkdownById,
+  createMarkdown,
+  updateMarkdown,
+  deleteMarkdown,
+  getFolderContents,
+  getUniqueGroupCodes,
+  validatePathUniqueness,
+} = require('../services/markdowns.service');
+
+function handleServiceError(res, error) {
+  const msg = error?.message || 'Operation failed';
+  const code = error?.code;
+
+  if (code === 'VALIDATION' || code === 'INVALID_MARKDOWN' || code === 'INVALID_GROUP_CODE') {
+    return res.status(400).json({ error: msg });
+  }
+  if (code === 'NOT_FOUND') {
+    return res.status(404).json({ error: msg });
+  }
+  if (code === 'PATH_NOT_UNIQUE') {
+    return res.status(409).json({ error: msg });
+  }
+
+  return res.status(500).json({ error: msg });
+}
+
+function parseJsonMaybe(value) {
+  if (value === undefined || value === null) return null;
+  if (typeof value !== 'string') return value;
+  const trimmed = value.trim();
+  if (!trimmed) return null;
+  try {
+    return JSON.parse(trimmed);
+  } catch (_) {
+    return null;
+  }
+}
+
+exports.list = async (req, res) => {
+  try {
+    const filters = {
+      category: req.query.category,
+      group_code: req.query.group_code,
+      status: req.query.status,
+      ownerUserId: req.query.ownerUserId,
+      orgId: req.query.orgId,
+      search: req.query.search,
+    };
+    
+    const pagination = {
+      page: Number(req.query.page) || 1,
+      limit: Number(req.query.limit) || 50,
+      sort: parseJsonMaybe(req.query.sort) || { updatedAt: -1 },
+    };
+    
+    const result = await listMarkdowns(filters, pagination, { isAdmin: true });
+    return res.json(result);
+  } catch (error) {
+    console.error('Error listing markdowns:', error);
+    return handleServiceError(res, error);
+  }
+};
+
+exports.get = async (req, res) => {
+  try {
+    const item = await getMarkdownById(req.params.id);
+    if (!item) return res.status(404).json({ error: 'Markdown not found' });
+    return res.json({ item });
+  } catch (error) {
+    console.error('Error fetching markdown:', error);
+    return handleServiceError(res, error);
+  }
+};
+
+exports.create = async (req, res) => {
+  try {
+    const item = await createMarkdown(req.body || {});
+    return res.status(201).json({ item });
+  } catch (error) {
+    console.error('Error creating markdown:', error);
+    return handleServiceError(res, error);
+  }
+};
+
+exports.update = async (req, res) => {
+  try {
+    const item = await updateMarkdown(req.params.id, req.body || {});
+    return res.json({ item });
+  } catch (error) {
+    console.error('Error updating markdown:', error);
+    return handleServiceError(res, error);
+  }
+};
+
+exports.remove = async (req, res) => {
+  try {
+    const result = await deleteMarkdown(req.params.id);
+    return res.json(result);
+  } catch (error) {
+    console.error('Error deleting markdown:', error);
+    return handleServiceError(res, error);
+  }
+};
+
+exports.getFolderContents = async (req, res) => {
+  try {
+    const { category } = req.params;
+    const { group_code } = req.params;
+    
+    const pagination = {
+      page: Number(req.query.page) || 1,
+      limit: Number(req.query.limit) || 100,
+      sort: parseJsonMaybe(req.query.sort) || { title: 1 },
+    };
+    
+    const result = await getFolderContents(category, group_code, pagination, { isAdmin: true });
+    return res.json(result);
+  } catch (error) {
+    console.error('Error getting folder contents:', error);
+    return handleServiceError(res, error);
+  }
+};
+
+exports.validatePath = async (req, res) => {
+  try {
+    const { category, group_code, slug, excludeId } = req.body;
+    
+    if (!category || !slug) {
+      return res.status(400).json({ error: 'category and slug are required' });
+    }
+    
+    const isUnique = await validatePathUniqueness(category, group_code, slug, excludeId);
+    return res.json({ unique: isUnique });
+  } catch (error) {
+    console.error('Error validating path:', error);
+    return handleServiceError(res, error);
+  }
+};
+
+exports.getGroupCodes = async (req, res) => {
+  try {
+    const { category } = req.params;
+    
+    if (!category) {
+      return res.status(400).json({ error: 'category is required' });
+    }
+    
+    const groupCodes = await getUniqueGroupCodes(category, { isAdmin: true });
+    return res.json(groupCodes);
+  } catch (error) {
+    console.error('Error getting group codes:', error);
+    return handleServiceError(res, error);
+  }
+};