@knotpad/app 0.1.0 → 0.1.1

package/app/api/billing/migrate/route.tsx

@@ -1,163 +0,0 @@
-import { NextRequest, NextResponse } from "next/server";
-import { prisma, getCloudPrisma } from "@/lib/prisma";
-
-export const dynamic = "force-dynamic";
-
-const BATCH = 100;
-
-export async function POST(req: NextRequest) {
-  // Secured with the same CRON_SECRET used by the sync cron.
-  const cronSecret = process.env.CRON_SECRET;
-  if (!cronSecret || req.headers.get("authorization") !== `Bearer ${cronSecret}`) {
-    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
-  }
-
-  const body = await req.json().catch(() => ({}));
-  const { workspaceId } = body as { workspaceId?: string };
-  if (!workspaceId) return NextResponse.json({ error: "workspaceId required" }, { status: 400 });
-
-  const cloud = getCloudPrisma();
-  if (!cloud) {
-    return NextResponse.json({ error: "Cloud not configured" }, { status: 503 });
-  }
-
-  // Idempotency: if cloud already has notes for this workspace, just refresh the sync timestamp.
-  const existingCount = await cloud.note.count({ where: { workspaceId } });
-  if (existingCount > 0) {
-    await cloud.syncState.upsert({
-      where: { workspaceId },
-      update: { lastSyncedAt: new Date() },
-      create: { workspaceId, lastSyncedAt: new Date() },
-    });
-    return NextResponse.json({ migrated: 0, alreadyDone: true });
-  }
-
-  // Ensure the workspace record exists in Neon (may already be there from auth adapter).
-  const workspace = await prisma.workspace.findUnique({ where: { id: workspaceId } });
-  if (!workspace) return NextResponse.json({ error: "Workspace not found" }, { status: 404 });
-
-  await cloud.workspace.upsert({
-    where: { id: workspaceId },
-    create: {
-      id: workspace.id,
-      name: workspace.name,
-      slug: workspace.slug,
-      type: workspace.type,
-      planType: workspace.planType,
-      licenseType: workspace.licenseType,
-      isCloud: workspace.isCloud,
-      isPro: workspace.isPro,
-      seatCount: workspace.seatCount,
-      stripeId: workspace.stripeId,
-      stripeSubId: workspace.stripeSubId,
-      encryptionSalt: workspace.encryptionSalt,
-      createdAt: workspace.createdAt,
-    },
-    update: {
-      isPro: workspace.isPro,
-      isCloud: workspace.isCloud,
-      planType: workspace.planType,
-      encryptionSalt: workspace.encryptionSalt,
-    },
-  });
-
-  // Copy folders (notes reference them via FK)
-  const folders = await prisma.folder.findMany({ where: { workspaceId } });
-  for (let i = 0; i < folders.length; i += BATCH) {
-    await cloud.folder.createMany({
-      data: folders.slice(i, i + BATCH).map((f) => ({
-        id: f.id, name: f.name, workspaceId: f.workspaceId, createdAt: f.createdAt,
-      })),
-      skipDuplicates: true,
-    });
-  }
-
-  // Copy notes (tasks reference them via FK); ciphertext is portable byte-for-byte
-  const notes = await prisma.note.findMany({ where: { workspaceId } });
-  for (let i = 0; i < notes.length; i += BATCH) {
-    await cloud.note.createMany({
-      data: notes.slice(i, i + BATCH).map((n) => ({
-        id: n.id,
-        title: n.title,
-        content: n.content,
-        workspaceId: n.workspaceId,
-        folderId: n.folderId,
-        isLocked: n.isLocked,
-        cloudOnly: n.cloudOnly,
-        version: n.version,
-        deviceId: n.deviceId,
-        createdAt: n.createdAt,
-        updatedAt: n.updatedAt,
-      })),
-      skipDuplicates: true,
-    });
-  }
-
-  // Copy tasks
-  const tasks = await prisma.task.findMany({ where: { workspaceId } });
-  for (let i = 0; i < tasks.length; i += BATCH) {
-    await cloud.task.createMany({
-      data: tasks.slice(i, i + BATCH).map((t) => ({
-        id: t.id,
-        title: t.title,
-        status: t.status,
-        noteId: t.noteId,
-        workspaceId: t.workspaceId,
-        assigneeId: t.assigneeId,
-        assigneeType: t.assigneeType,
-        claimedBy: t.claimedBy,
-        claimedByAlias: t.claimedByAlias,
-        claimedAt: t.claimedAt,
-        lastHeartbeat: t.lastHeartbeat,
-        fileRefs: t.fileRefs,
-        startDate: t.startDate,
-        dueDate: t.dueDate,
-        syncLocal: t.syncLocal,
-        version: t.version,
-        deviceId: t.deviceId,
-        createdAt: t.createdAt,
-        updatedAt: t.updatedAt,
-      })),
-      skipDuplicates: true,
-    });
-  }
-
-  // Copy task references
-  const refs = await prisma.taskReference.findMany({
-    where: { task: { workspaceId } },
-  });
-  for (let i = 0; i < refs.length; i += BATCH) {
-    await cloud.taskReference.createMany({
-      data: refs.slice(i, i + BATCH).map((r) => ({
-        id: r.id, taskId: r.taskId, noteId: r.noteId, snippet: r.snippet,
-      })),
-      skipDuplicates: true,
-    });
-  }
-
-  // Copy tombstones
-  const tombstones = await prisma.tombstone.findMany({ where: { workspaceId } });
-  for (let i = 0; i < tombstones.length; i += BATCH) {
-    await cloud.tombstone.createMany({
-      data: tombstones.slice(i, i + BATCH).map((t) => ({
-        id: t.id, workspaceId: t.workspaceId, entityType: t.entityType,
-        entityId: t.entityId, deletedAt: t.deletedAt,
-      })),
-      skipDuplicates: true,
-    });
-  }
-
-  // Seed SyncState so the flush worker starts clean
-  await cloud.syncState.upsert({
-    where: { workspaceId },
-    update: { lastSyncedAt: new Date() },
-    create: { workspaceId, lastSyncedAt: new Date() },
-  });
-
-  return NextResponse.json({
-    migrated: notes.length,
-    notes: notes.length,
-    tasks: tasks.length,
-    folders: folders.length,
-  });
-}

package/app/api/billing/portal/route.tsx

@@ -1,24 +0,0 @@
-import { NextResponse } from "next/server";
-import { auth } from "@/auth";
-import { prisma } from "@/lib/prisma";
-import { stripe, APP_URL } from "@/lib/stripe";
-
-export async function POST() {
-  const session = await auth();
-  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
-
-  const member = await prisma.workspaceMember.findFirst({
-    where: { userId: session.user.id, role: "OWNER" },
-    include: { workspace: true },
-  });
-  if (!member?.workspace.stripeId) {
-    return NextResponse.json({ error: "No billing account found" }, { status: 404 });
-  }
-
-  const portalSession = await stripe.billingPortal.sessions.create({
-    customer: member.workspace.stripeId,
-    return_url: `${APP_URL}/settings/billing`,
-  });
-
-  return NextResponse.json({ url: portalSession.url });
-}

package/app/api/billing/setup-intent/route.tsx

@@ -1,55 +0,0 @@
-import { NextRequest, NextResponse } from "next/server";
-import { auth } from "@/auth";
-import { prisma } from "@/lib/prisma";
-import { stripe } from "@/lib/stripe";
-
-/**
- * POST /api/billing/setup-intent
- * Body: { workspaceId }
- *
- * Creates a Stripe SetupIntent so the client can collect a card
- * using Stripe Elements without leaving the page.
- * Returns { clientSecret, customerId }.
- */
-export async function POST(req: NextRequest) {
-  const session = await auth();
-  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
-
-  const body = await req.json().catch(() => ({}));
-  const { workspaceId } = body;
-
-  if (!workspaceId) {
-    return NextResponse.json({ error: "workspaceId required" }, { status: 400 });
-  }
-
-  const member = await prisma.workspaceMember.findFirst({
-    where: { userId: session.user.id, workspaceId, role: { in: ["OWNER", "ADMIN"] }, revokedAt: null },
-    include: { workspace: true },
-  });
-  if (!member) return NextResponse.json({ error: "Must be owner or admin" }, { status: 403 });
-
-  const { workspace } = member;
-
-  // Create or reuse Stripe customer
-  let customerId = workspace.stripeId;
-  if (!customerId) {
-    const customer = await stripe.customers.create({
-      email: session.user.email ?? undefined,
-      name: session.user.name ?? undefined,
-      metadata: { workspaceId: workspace.id },
-    });
-    customerId = customer.id;
-    await prisma.workspace.update({
-      where: { id: workspace.id },
-      data: { stripeId: customerId },
-    });
-  }
-
-  const setupIntent = await stripe.setupIntents.create({
-    customer: customerId,
-    payment_method_types: ["card"],
-    metadata: { workspaceId: workspace.id },
-  });
-
-  return NextResponse.json({ clientSecret: setupIntent.client_secret, customerId });
-}

package/app/api/billing/status/route.tsx

@@ -1,36 +0,0 @@
-import { NextResponse } from "next/server";
-import { auth } from "@/auth";
-import { prisma } from "@/lib/prisma";
-import { isWorkspacePro, isWorkspaceCloud } from "@/lib/license";
-
-export async function GET() {
-  const session = await auth();
-  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
-
-  // Return all workspaces the user belongs to (active members only)
-  const memberships = await prisma.workspaceMember.findMany({
-    where: { userId: session.user.id, revokedAt: null },
-    include: {
-      workspace: {
-        include: { _count: { select: { members: { where: { revokedAt: null } } } } },
-      },
-    },
-    orderBy: { joinedAt: "asc" },
-  });
-
-  const workspaces = memberships.map((m) => ({
-    id: m.workspace.id,
-    name: m.workspace.name,
-    type: m.workspace.type,
-    planType: m.workspace.planType,
-    isPro: isWorkspacePro(m.workspace),
-    isCloud: isWorkspaceCloud(m.workspace),
-    seatCount: m.workspace.seatCount,
-    memberCount: m.workspace._count.members,
-    stripeId: m.workspace.stripeId,
-    isOwner: m.role === "OWNER",
-    role: m.role,
-  }));
-
-  return NextResponse.json({ workspaces });
-}

package/app/api/billing/subscribe/route.tsx

@@ -1,85 +0,0 @@
-import { NextRequest, NextResponse } from "next/server";
-import { auth } from "@/auth";
-import { prisma } from "@/lib/prisma";
-import { stripe, PRICE_ID_PERSONAL_PRO, PRICE_ID_TEAM_PRO } from "@/lib/stripe";
-
-/**
- * POST /api/billing/subscribe
- * Body: { paymentMethodId, plan, seats, workspaceId? }
- *
- * Called after Stripe Elements confirms the SetupIntent.
- * Attaches the saved card to the customer, creates the subscription,
- * and updates the workspace plan immediately (webhook will reconcile).
- */
-export async function POST(req: NextRequest) {
-  const session = await auth();
-  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
-
-  const body = await req.json().catch(() => ({}));
-  const { paymentMethodId, plan, seats: rawSeats, workspaceId } = body;
-
-  if (!paymentMethodId) return NextResponse.json({ error: "paymentMethodId required" }, { status: 400 });
-
-  const isTeam = plan === "team";
-  const seats: number = isTeam ? Math.max(2, parseInt(rawSeats ?? "2")) : 1;
-  const planType = isTeam ? "TEAM_PRO" : "PERSONAL_PRO";
-  const priceId = isTeam ? PRICE_ID_TEAM_PRO : PRICE_ID_PERSONAL_PRO;
-
-  const member = workspaceId
-    ? await prisma.workspaceMember.findFirst({
-        where: { userId: session.user.id, workspaceId, role: { in: ["OWNER", "ADMIN"] }, revokedAt: null },
-        include: { workspace: true },
-      })
-    : await prisma.workspaceMember.findFirst({
-        where: { userId: session.user.id, role: { in: ["OWNER", "ADMIN"] }, revokedAt: null },
-        include: { workspace: true },
-      });
-
-  if (!member) return NextResponse.json({ error: "Must be owner or admin" }, { status: 403 });
-
-  const { workspace } = member;
-  const customerId = workspace.stripeId;
-  if (!customerId) return NextResponse.json({ error: "No Stripe customer — call setup-intent first" }, { status: 400 });
-
-  // Guard: prevent double-charging if user submits twice or workspace is already subscribed.
-  if (workspace.stripeSubId) {
-    return NextResponse.json(
-      { error: "Workspace already has an active subscription", subscriptionId: workspace.stripeSubId },
-      { status: 409 }
-    );
-  }
-
-  // Attach PaymentMethod to customer and set as default
-  await stripe.paymentMethods.attach(paymentMethodId, { customer: customerId });
-  await stripe.customers.update(customerId, {
-    invoice_settings: { default_payment_method: paymentMethodId },
-  });
-
-  // Create the subscription
-  const subscription = await stripe.subscriptions.create({
-    customer: customerId,
-    items: [{ price: priceId, quantity: seats }],
-    default_payment_method: paymentMethodId,
-    metadata: { workspaceId: workspace.id, planType },
-  });
-
-  const active = subscription.status === "active" || subscription.status === "trialing";
-
-  // Optimistically update workspace — webhook will reconcile
-  await prisma.workspace.update({
-    where: { id: workspace.id },
-    data: {
-      planType: active ? planType : workspace.planType,
-      isPro: active,
-      isCloud: active,
-      stripeSubId: subscription.id,
-      seatCount: seats,
-    },
-  });
-
-  return NextResponse.json({
-    subscriptionId: subscription.id,
-    status: subscription.status,
-    planType,
-  });
-}

package/app/api/billing/webhook/route.tsx

@@ -1,199 +0,0 @@
-import { NextRequest, NextResponse } from "next/server";
-import Stripe from "stripe";
-import { prisma } from "@/lib/prisma";
-import { stripe } from "@/lib/stripe";
-
-export const dynamic = "force-dynamic";
-
-export async function POST(req: NextRequest) {
-  const body = await req.text();
-  const sig = req.headers.get("stripe-signature");
-
-  if (!sig || !process.env.STRIPE_WEBHOOK_SECRET) {
-    return NextResponse.json({ error: "Missing signature" }, { status: 400 });
-  }
-
-  let event: Stripe.Event;
-  try {
-    event = stripe.webhooks.constructEvent(body, sig, process.env.STRIPE_WEBHOOK_SECRET);
-  } catch {
-    return NextResponse.json({ error: "Webhook signature verification failed" }, { status: 400 });
-  }
-
-  // ── Idempotency guard ──────────────────────────────────────────────────────
-  // Stripe retries events for up to 3 days on non-2xx responses. Store the
-  // event ID before processing so replays are ignored without re-running logic.
-  const alreadyProcessed = await prisma.stripeWebhookEvent.findUnique({
-    where: { id: event.id },
-  });
-  if (alreadyProcessed) {
-    return NextResponse.json({ received: true });
-  }
-  await prisma.stripeWebhookEvent.create({
-    data: { id: event.id, type: event.type },
-  });
-  // ────────────────────────────────────────────────────────────────────────────
-
-  console.log(`[brief/webhook] processing event ${event.id} (${event.type})`);
-
-  switch (event.type) {
-    case "checkout.session.completed": {
-      const session = event.data.object as Stripe.Checkout.Session;
-      const workspaceId = session.metadata?.workspaceId;
-      const planType = session.metadata?.planType as "PERSONAL_PRO" | "TEAM_PRO" | undefined;
-      const subId = typeof session.subscription === "string" ? session.subscription : session.subscription?.id;
-
-      if (!workspaceId || !planType || !subId) {
-        console.warn(`[brief/webhook] checkout.session.completed missing metadata`, { workspaceId, planType, subId });
-        break;
-      }
-
-      const sub = await stripe.subscriptions.retrieve(subId);
-      const quantity = sub.items.data[0]?.quantity ?? 1;
-
-      await prisma.workspace.update({
-        where: { id: workspaceId },
-        data: {
-          planType,
-          isPro: true,
-          isCloud: true,
-          stripeSubId: subId,
-          seatCount: quantity,
-        },
-      });
-
-      // Fire-and-forget: copy local PGlite data to Neon for cloud-first mode.
-      // The migrate endpoint is idempotent — safe to retry.
-      const migrateUrl = `${process.env.NEXTAUTH_URL}/api/billing/migrate`;
-      fetch(migrateUrl, {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/json",
-          Authorization: `Bearer ${process.env.CRON_SECRET ?? ""}`,
-        },
-        body: JSON.stringify({ workspaceId }),
-        signal: AbortSignal.timeout(10_000),
-      }).catch((err) => console.error("[brief/webhook] migration trigger failed:", err));
-
-      break;
-    }
-
-    case "customer.subscription.updated": {
-      const sub = event.data.object as Stripe.Subscription;
-      const workspaceId = sub.metadata?.workspaceId;
-      if (!workspaceId) {
-        console.warn(`[brief/webhook] subscription.updated missing workspaceId metadata`);
-        break;
-      }
-
-      const quantity = sub.items.data[0]?.quantity ?? 1;
-      const active = sub.status === "active" || sub.status === "trialing";
-
-      if (active) {
-        await prisma.workspace.update({
-          where: { id: workspaceId },
-          data: { seatCount: quantity },
-        });
-      } else {
-        // Subscription lapsed — downgrade workspace
-        await prisma.workspace.update({
-          where: { id: workspaceId },
-          data: {
-            planType: "FREE",
-            isPro: false,
-            isCloud: false,
-            stripeSubId: null,
-          },
-        });
-      }
-      break;
-    }
-
-    case "customer.subscription.deleted":
-    case "customer.subscription.paused": {
-      // Both deleted and paused mean the user loses access.
-      const sub = event.data.object as Stripe.Subscription;
-      const workspaceId = sub.metadata?.workspaceId;
-      if (!workspaceId) {
-        console.warn(`[brief/webhook] ${event.type} missing workspaceId metadata`);
-        break;
-      }
-
-      await prisma.workspace.update({
-        where: { id: workspaceId },
-        data: {
-          planType: "FREE",
-          isPro: false,
-          isCloud: false,
-          stripeSubId: null,
-          seatCount: 1,
-        },
-      });
-      break;
-    }
-
-    case "invoice.payment_failed": {
-      // Renewal failed — downgrade until payment is recovered.
-      // In API version 2026-04-22.dahlia, the subscription lives under parent.subscription_details.
-      const invoice = event.data.object as Stripe.Invoice;
-      const subRef = invoice.parent?.subscription_details?.subscription;
-      const subId = typeof subRef === "string" ? subRef : subRef?.id;
-      if (!subId) break;
-
-      const sub = await stripe.subscriptions.retrieve(subId);
-      const workspaceId = sub.metadata?.workspaceId;
-      if (!workspaceId) break;
-
-      await prisma.workspace.update({
-        where: { id: workspaceId },
-        data: {
-          planType: "FREE",
-          isPro: false,
-          isCloud: false,
-          stripeSubId: null,
-          seatCount: 1,
-        },
-      });
-      console.log(`[brief/webhook] workspace ${workspaceId} downgraded — invoice.payment_failed`);
-      break;
-    }
-
-    case "invoice.payment_succeeded": {
-      const invoice = event.data.object as Stripe.Invoice;
-      const subRef = invoice.parent?.subscription_details?.subscription;
-      const subId = typeof subRef === "string" ? subRef : subRef?.id;
-      if (!subId) break;
-
-      const sub = await stripe.subscriptions.retrieve(subId);
-      const workspaceId = sub.metadata?.workspaceId;
-      if (!workspaceId) break;
-
-      // Don't re-upgrade if already pro (first invoice fires this too)
-      const workspace = await prisma.workspace.findUnique({ where: { id: workspaceId } });
-      if (workspace?.isPro) break;
-
-      const quantity = sub.items.data[0]?.quantity ?? 1;
-      const planType = sub.metadata?.planType as "PERSONAL_PRO" | "TEAM_PRO" | undefined;
-      if (!planType) break;
-
-      await prisma.workspace.update({
-        where: { id: workspaceId },
-        data: {
-          planType,
-          isPro: true,
-          isCloud: true,
-          stripeSubId: subId,
-          seatCount: quantity,
-        },
-      });
-      console.log(`[brief/webhook] workspace ${workspaceId} re-activated — invoice.payment_succeeded`);
-      break;
-    }
-
-    default:
-      // Unknown event type — safe to ignore
-      break;
-  }
-
-  return NextResponse.json({ received: true });
-}

package/app/api/calendar-feeds/[feedId]/route.tsx

@@ -1,67 +0,0 @@
-import { NextRequest, NextResponse } from "next/server";
-import { auth } from "@/auth";
-import { prisma } from "@/lib/prisma";
-import { notFound, parseJson, unauthorized } from "@/lib/api-error";
-import { updateFeedSchema } from "@/lib/validation/calendar-feed";
-import { encryptFeedUrl } from "@/lib/calendar-feed-crypto";
-import { generateSalt } from "@/lib/encryption";
-import { fetchAndCacheFeed } from "@/lib/calendar-feed";
-
-export async function PATCH(
-  req: NextRequest,
-  { params }: { params: Promise<{ feedId: string }> }
-) {
-  const session = await auth();
-  if (!session) return unauthorized();
-
-  const { feedId } = await params;
-  const feed = await prisma.calendarFeed.findFirst({
-    where: { id: feedId, userId: session.user.id },
-  });
-  if (!feed) return notFound();
-
-  const parsed = await parseJson(req, updateFeedSchema);
-  if (parsed.response) return parsed.response;
-  const { label, url, enabled, color } = parsed.data;
-
-  const data: { label?: string; enabled?: boolean; color?: string; encryptedUrl?: string; urlSalt?: string } = {};
-  if (label !== undefined) data.label = label;
-  if (enabled !== undefined) data.enabled = enabled;
-  if (color !== undefined) data.color = color;
-  if (url !== undefined) {
-    const salt = generateSalt();
-    data.encryptedUrl = await encryptFeedUrl(url, salt);
-    data.urlSalt = salt;
-  }
-
-  await prisma.calendarFeed.update({ where: { id: feedId }, data });
-
-  if (url !== undefined) {
-    await fetchAndCacheFeed(feedId);
-  }
-
-  const updated = await prisma.calendarFeed.findUnique({
-    where: { id: feedId },
-    select: { id: true, label: true, color: true, enabled: true, lastFetchedAt: true, lastError: true },
-  });
-
-  return NextResponse.json(updated);
-}
-
-export async function DELETE(
-  _req: NextRequest,
-  { params }: { params: Promise<{ feedId: string }> }
-) {
-  const session = await auth();
-  if (!session) return unauthorized();
-
-  const { feedId } = await params;
-  const feed = await prisma.calendarFeed.findFirst({
-    where: { id: feedId, userId: session.user.id },
-  });
-  if (!feed) return notFound();
-
-  await prisma.calendarFeed.delete({ where: { id: feedId } });
-
-  return NextResponse.json({ ok: true });
-}

package/app/api/calendar-feeds/[feedId]/sync/route.tsx

@@ -1,37 +0,0 @@
-import { NextRequest, NextResponse } from "next/server";
-import { auth } from "@/auth";
-import { prisma } from "@/lib/prisma";
-import { notFound, unauthorized } from "@/lib/api-error";
-import { fetchAndCacheFeed } from "@/lib/calendar-feed";
-import { rateLimit } from "@/lib/rate-limit";
-
-export async function POST(
-  req: NextRequest,
-  { params }: { params: Promise<{ feedId: string }> }
-) {
-  const session = await auth();
-  if (!session) return unauthorized();
-
-  const limit = rateLimit(`calendar-feed-sync:${session.user.id}`, 10, 60_000);
-  if (limit.limited) {
-    return NextResponse.json(
-      { error: "Too many sync requests, please wait a moment" },
-      { status: 429, headers: { "Retry-After": String(limit.retryAfter) } }
-    );
-  }
-
-  const { feedId } = await params;
-  const feed = await prisma.calendarFeed.findFirst({
-    where: { id: feedId, userId: session.user.id },
-  });
-  if (!feed) return notFound();
-
-  const result = await fetchAndCacheFeed(feedId);
-
-  const updated = await prisma.calendarFeed.findUnique({
-    where: { id: feedId },
-    select: { id: true, label: true, enabled: true, lastFetchedAt: true, lastError: true },
-  });
-
-  return NextResponse.json({ ...updated, syncOk: result.ok });
-}