@knotpad/app 0.1.0 → 0.1.1

package/app/api/graph/route.tsx

@@ -1,242 +0,0 @@
-import { NextRequest, NextResponse } from "next/server";
-import { auth } from "@/auth";
-import { prisma } from "@/lib/prisma";
-import { getActiveWorkspaceId } from "@/lib/workspace";
-import { rateLimit } from "@/lib/rate-limit";
-import { decryptContent } from "@/lib/note-crypto";
-
-export type GraphNodeType = "note" | "task" | "person" | "agent" | "folder";
-
-export type GraphNode = {
-  id: string;
-  type: GraphNodeType;
-  label: string;
-  href?: string;
-  status?: string;
-};
-
-export type GraphEdge = {
-  source: string;
-  target: string;
-  type: "contains" | "assigned" | "references";
-};
-
-export type GraphData = { nodes: GraphNode[]; edges: GraphEdge[] };
-
-export async function GET(req: NextRequest) {
-  const session = await auth();
-  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
-
-  const rl = rateLimit(`graph:${session.user.id}`, 20, 60_000);
-  if (rl.limited) {
-    return NextResponse.json({ error: "Too many requests" }, { status: 429, headers: { "Retry-After": String(rl.retryAfter) } });
-  }
-
-  const activeWs = await getActiveWorkspaceId(session.user.id);
-  const member = await prisma.workspaceMember.findFirst({
-    where: { userId: session.user.id, workspaceId: activeWs ?? undefined },
-    include: {
-      workspace: {
-        include: {
-          folders: { select: { id: true, name: true } },
-          notes: {
-            include: {
-              tasks: {
-                include: {
-                  assignee: { select: { id: true, name: true, email: true } },
-                  // Cross-note references: notes that mention this task via ((title))
-                  references: { select: { noteId: true } },
-                },
-              },
-            },
-          },
-          members: {
-            include: { user: { select: { id: true, name: true, email: true } } },
-          },
-        },
-      },
-    },
-  });
-  if (!member) return NextResponse.json({ error: "No workspace" }, { status: 404 });
-
-  const nodes: GraphNode[] = [];
-  const edges: GraphEdge[] = [];
-  const personSet = new Set<string>();
-  const edgeSet = new Set<string>(); // dedupe edges
-
-  function addEdge(source: string, target: string, type: GraphEdge["type"]) {
-    const key = `${source}→${target}:${type}`;
-    if (edgeSet.has(key)) return;
-    edgeSet.add(key);
-    edges.push({ source, target, type });
-  }
-
-  // ── Folder nodes (amber) ─────────────────────────────────────────────────
-  for (const folder of member.workspace.folders) {
-    nodes.push({
-      id: `folder-${folder.id}`,
-      type: "folder",
-      label: folder.name,
-    });
-  }
-
-  // ── Note + Task nodes ────────────────────────────────────────────────────
-  const noteIdSet = new Set(member.workspace.notes.map((n) => n.id));
-
-  // Build lookup maps: title → node id for resolving [[note]] and ((task)) refs
-  const noteTitleToId = new Map<string, string>();
-  const taskTitleToId = new Map<string, string>();
-
-  for (const note of member.workspace.notes) {
-    noteTitleToId.set(note.title.toLowerCase(), note.id);
-    for (const task of note.tasks) {
-      taskTitleToId.set(task.title.toLowerCase(), task.id);
-    }
-  }
-
-  // Regex patterns for extracting references from note content
-  const NOTE_REF_RE = /\[\[([^\]]+)\]\]/g;
-  const TASK_REF_RE = /\(\(([^)]+)\)\)/g;
-  const TASK_LINE_RE = /^(\s*)-\s+\[([ x])\]\s+(.+)$/;
-
-  for (const note of member.workspace.notes) {
-    nodes.push({
-      id: `note-${note.id}`,
-      type: "note",
-      label: note.title,
-      href: `/notes/${note.id}`,
-    });
-
-    // Folder → Note containment edge
-    if (note.folderId) {
-      addEdge(`folder-${note.folderId}`, `note-${note.id}`, "contains");
-    }
-
-    for (const task of note.tasks) {
-      // Agent-assigned tasks rendered as blue, human as teal
-      const taskNodeType: GraphNodeType = task.assigneeType === "AGENT" ? "agent" : "task";
-      const taskNodeId = `task-${task.id}`;
-
-      nodes.push({
-        id: taskNodeId,
-        type: taskNodeType,
-        label: task.title,
-        href: `/tasks/${task.id}?from=/graph`,
-        status: task.status,
-      });
-
-      // Note → Task containment edge (source note owns the task)
-      addEdge(`note-${note.id}`, taskNodeId, "contains");
-
-      // ── Assignee edges ─────────────────────────────────────────────────
-      if (task.assignee) {
-        const personId = `person-${task.assignee.id}`;
-        if (!personSet.has(personId)) {
-          personSet.add(personId);
-          nodes.push({
-            id: personId,
-            type: "person",
-            label: task.assignee.name ?? task.assignee.email ?? "Unknown",
-          });
-        }
-        addEdge(taskNodeId, personId, "assigned");
-      } else if (task.assigneeType === "AGENT" && task.claimedByAlias) {
-        const agentPersonId = `agent-person-${task.claimedByAlias}`;
-        if (!personSet.has(agentPersonId)) {
-          personSet.add(agentPersonId);
-          nodes.push({ id: agentPersonId, type: "agent", label: `@agent:${task.claimedByAlias}` });
-        }
-        addEdge(taskNodeId, agentPersonId, "assigned");
-      }
-
-      // ── Cross-note reference edges (from TaskReference table) ────────
-      // For each note that has a ((task title)) mention pointing at this task,
-      // draw a dashed "references" edge: referencing-note → this-task.
-      // Skip if the reference comes from the task's own source note (already
-      // shown as a "contains" edge above).
-      for (const ref of task.references) {
-        if (ref.noteId !== note.id && noteIdSet.has(ref.noteId)) {
-          addEdge(`note-${ref.noteId}`, taskNodeId, "references");
-        }
-      }
-    }
-
-    // ── Parse decrypted note content for inline references ────────────────
-    // This catches:
-    //   - Note-level [[note]] refs → note-to-note edges
-    //   - Note-level ((task)) refs → note-to-task edges
-    //   - Task-level [[note]] refs → task-to-note edges
-    //   - Task-level ((task)) refs → task-to-task edges
-    try {
-      const plain = await decryptContent(note.content, note.workspaceId);
-      const lines = plain.split("\n");
-      const ownTaskIds = new Set(note.tasks.map((t) => t.id));
-
-      for (const rawLine of lines) {
-        const taskMatch = TASK_LINE_RE.exec(rawLine);
-
-        if (taskMatch) {
-          // This is a task line — resolve refs from the task node
-          const lineText = taskMatch[3];
-          // Strip metadata to get the clean task title for lookup
-          const cleanTitle = lineText
-            .replace(/\[\[[^\]]*\]\]/g, "")
-            .replace(/\(\([^)]*\)\)/g, "")
-            .replace(/@[\w-]+/g, "")
-            .replace(/<[^>]+>/g, "")
-            .replace(/\d{4}-\d{2}-\d{2}(\.\.\d{4}-\d{2}-\d{2})?/g, "")
-            .replace(/\s*<!--task::[A-Z_]+-->/g, "")
-            .trim();
-          const srcTaskId = taskTitleToId.get(cleanTitle.toLowerCase());
-          if (!srcTaskId) continue;
-          const srcTaskNodeId = `task-${srcTaskId}`;
-
-          // [[note title]] refs inside task line → task-to-note edge
-          let m: RegExpExecArray | null;
-          const noteRefRe = new RegExp(NOTE_REF_RE.source, "g");
-          while ((m = noteRefRe.exec(lineText)) !== null) {
-            const refNoteId = noteTitleToId.get(m[1].trim().toLowerCase());
-            if (refNoteId && refNoteId !== note.id) {
-              addEdge(srcTaskNodeId, `note-${refNoteId}`, "references");
-            }
-          }
-
-          // ((task title)) refs inside task line → task-to-task edge
-          const taskRefRe = new RegExp(TASK_REF_RE.source, "g");
-          while ((m = taskRefRe.exec(lineText)) !== null) {
-            const refTaskId = taskTitleToId.get(m[1].trim().toLowerCase());
-            if (refTaskId && refTaskId !== srcTaskId) {
-              addEdge(srcTaskNodeId, `task-${refTaskId}`, "references");
-            }
-          }
-        } else {
-          // Non-task line — resolve refs from the note node
-          const noteNodeId = `note-${note.id}`;
-
-          let m: RegExpExecArray | null;
-          const noteRefRe = new RegExp(NOTE_REF_RE.source, "g");
-          while ((m = noteRefRe.exec(rawLine)) !== null) {
-            const refNoteId = noteTitleToId.get(m[1].trim().toLowerCase());
-            if (refNoteId && refNoteId !== note.id) {
-              addEdge(noteNodeId, `note-${refNoteId}`, "references");
-            }
-          }
-
-          const taskRefRe = new RegExp(TASK_REF_RE.source, "g");
-          while ((m = taskRefRe.exec(rawLine)) !== null) {
-            const refTaskId = taskTitleToId.get(m[1].trim().toLowerCase());
-            // Skip tasks this note already owns — they have a "contains" edge,
-            // so a redundant "references" edge would just draw a doubled line.
-            if (refTaskId && !ownTaskIds.has(refTaskId)) {
-              addEdge(noteNodeId, `task-${refTaskId}`, "references");
-            }
-          }
-        }
-      }
-    } catch {
-      // If decryption fails, skip inline references for this note
-    }
-  }
-
-  return NextResponse.json({ nodes, edges } satisfies GraphData);
-}

package/app/api/guest/route.tsx

@@ -1,58 +0,0 @@
-import { NextResponse } from "next/server";
-import { prisma } from "@/lib/prisma";
-import { seedDefaultKanbanStatuses } from "@/lib/kanban-status";
-
-const IS_CLOUD = process.env.IS_CLOUD === "true";
-
-// Creates (or, on desktop, reuses) a local-only guest account.
-// Guest: no email, no password — full local features, no cloud sync.
-//
-// Desktop/NPX (IS_CLOUD=false): there is ONE persistent local identity, so
-// relaunching the app returns the user to the same notes instead of minting a
-// fresh empty workspace every time. Cloud (IS_CLOUD=true): mint a unique guest
-// per call (each browser is a different visitor; a shared identity would collide).
-export async function POST() {
-  if (!IS_CLOUD) {
-    // Reuse the existing unclaimed local guest (passwordHash still null — a
-    // claimed/upgraded account no longer qualifies, see /api/account/claim).
-    const existing = await prisma.user.findFirst({
-      where: { email: { endsWith: "@local.brief" }, passwordHash: null },
-      orderBy: { createdAt: "asc" },
-      select: { id: true, email: true },
-    });
-    if (existing) {
-      return NextResponse.json({ email: existing.email, guestId: existing.id }, { status: 200 });
-    }
-  }
-
-  const guestId = crypto.randomUUID();
-  const internalEmail = `guest_${guestId}@local.brief`;
-
-  const user = await prisma.$transaction(async (tx) => {
-    const newUser = await tx.user.create({
-      data: {
-        email: internalEmail,
-        name: "Guest",
-        role: "OWNER",
-      },
-    });
-
-    const slug = `guest-${guestId.slice(0, 8)}`;
-    const workspace = await tx.workspace.create({
-      data: {
-        name: "My Workspace",
-        slug,
-        members: { create: { userId: newUser.id, role: "OWNER" } },
-      },
-    });
-
-    // Seed the default kanban statuses so the board/list/badges work out of the
-    // box (mirrors /api/register; the old guest route skipped this).
-    await seedDefaultKanbanStatuses(workspace.id, tx);
-
-    return newUser;
-  });
-
-  // Return the internal credentials so the client can sign in via NextAuth
-  return NextResponse.json({ email: user.email, guestId }, { status: 201 });
-}

package/app/api/health/route.tsx

@@ -1,10 +0,0 @@
-import { NextResponse } from "next/server";
-
-// Tiny always-200 reachability probe. No auth, no DB — used by the client
-// online-status helper and the service worker to confirm the server is actually
-// reachable (navigator.onLine alone can't tell us that).
-export const dynamic = "force-dynamic";
-
-export function GET() {
-  return NextResponse.json({ ok: true, ts: Date.now() });
-}

package/app/api/holidays/countries/route.tsx

@@ -1,14 +0,0 @@
-import { NextResponse } from "next/server";
-import Holidays from "date-holidays";
-
-export async function GET() {
-  const hd = new Holidays();
-  const raw = hd.getCountries() as Record<string, string>;
-  const countries = Object.entries(raw)
-    .map(([code, name]) => ({ code, name }))
-    .sort((a, b) => a.name.localeCompare(b.name));
-  return NextResponse.json(
-    { countries },
-    { headers: { "Cache-Control": "public, max-age=86400" } }
-  );
-}

package/app/api/holidays/route.tsx

@@ -1,49 +0,0 @@
-/**
- * General-purpose public holidays endpoint powered by the `date-holidays` npm library.
- * Computes holidays locally — no external network dependency.
- *
- * Query params:
- *   country – ISO 3166-1 alpha-2 code, e.g. "MY"  (required)
- *   state   – region/state sub-code, e.g. "KUL"   (optional)
- *   year    – 4-digit year                         (required)
- *
- * GET /api/holidays/countries           → { countries: { code, name }[] }
- * GET /api/holidays/states?country=XX   → { states: { code, name }[] }
- * GET /api/holidays?country=XX&year=YYYY[&state=YY] → { holidays: { name, date, is_subject_to_change }[] }
- */
-import { NextRequest, NextResponse } from "next/server";
-import Holidays from "date-holidays";
-
-export async function GET(req: NextRequest) {
-  const { searchParams } = req.nextUrl;
-  const country = searchParams.get("country");
-  const state   = searchParams.get("state") ?? undefined;
-  const year    = searchParams.get("year");
-
-  if (!country) {
-    return NextResponse.json({ error: "country param required" }, { status: 400 });
-  }
-  if (!year || !/^\d{4}$/.test(year)) {
-    return NextResponse.json({ error: "year param required (YYYY)" }, { status: 400 });
-  }
-
-  try {
-    const hd = new Holidays(country, state ?? "");
-    const raw = hd.getHolidays(Number(year));
-
-    const holidays = raw
-      .filter((h) => h.type === "public")
-      .map((h) => ({
-        name: h.name,
-        date: h.date.slice(0, 10),
-        is_subject_to_change: false,
-      }));
-
-    return NextResponse.json(
-      { holidays },
-      { headers: { "Cache-Control": "public, max-age=86400, stale-while-revalidate=3600" } }
-    );
-  } catch {
-    return NextResponse.json({ error: "Failed to compute holidays for the given country/state" }, { status: 400 });
-  }
-}

package/app/api/holidays/states/route.tsx

@@ -1,21 +0,0 @@
-import { NextRequest, NextResponse } from "next/server";
-import Holidays from "date-holidays";
-
-export async function GET(req: NextRequest) {
-  const country = req.nextUrl.searchParams.get("country");
-  if (!country) {
-    return NextResponse.json({ error: "country param required" }, { status: 400 });
-  }
-  const hd = new Holidays();
-  const raw = hd.getStates(country) as Record<string, string> | undefined;
-  if (!raw) {
-    return NextResponse.json({ states: [] });
-  }
-  const states = Object.entries(raw)
-    .map(([code, name]) => ({ code, name }))
-    .sort((a, b) => a.name.localeCompare(b.name));
-  return NextResponse.json(
-    { states },
-    { headers: { "Cache-Control": "public, max-age=86400" } }
-  );
-}

package/app/api/invites/[token]/route.tsx

@@ -1,131 +0,0 @@
-import { NextRequest, NextResponse } from "next/server";
-import { auth } from "@/auth";
-import { prisma } from "@/lib/prisma";
-import { stripe } from "@/lib/stripe";
-
-export async function GET(
-  _req: NextRequest,
-  { params }: { params: Promise<{ token: string }> }
-) {
-  const { token } = await params;
-
-  const invite = await prisma.inviteToken.findUnique({
-    where: { token },
-    include: { workspace: { select: { name: true } }, invitedBy: { select: { name: true } } },
-  });
-
-  if (!invite) return NextResponse.json({ error: "Invite not found" }, { status: 404 });
-  if (invite.acceptedAt) return NextResponse.json({ error: "Already accepted" }, { status: 410 });
-  if (invite.expiresAt < new Date()) return NextResponse.json({ error: "Invite expired" }, { status: 410 });
-
-  return NextResponse.json({
-    email: invite.email,
-    workspaceName: invite.workspace.name,
-    invitedBy: invite.invitedBy.name,
-    role: invite.role,
-  });
-}
-
-// POST = accept invite
-export async function POST(
-  _req: NextRequest,
-  { params }: { params: Promise<{ token: string }> }
-) {
-  const session = await auth();
-  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
-
-  const { token } = await params;
-
-  const invite = await prisma.inviteToken.findUnique({
-    where: { token },
-    include: { workspace: true },
-  });
-  if (!invite) return NextResponse.json({ error: "Invalid invite" }, { status: 404 });
-  if (invite.acceptedAt) return NextResponse.json({ error: "Already used" }, { status: 410 });
-  if (invite.expiresAt < new Date()) return NextResponse.json({ error: "Expired" }, { status: 410 });
-  if (invite.email !== session.user.email) {
-    return NextResponse.json({ error: "This invite was sent to a different email" }, { status: 403 });
-  }
-
-  const workspace = invite.workspace;
-
-  await prisma.$transaction(async (tx) => {
-    // Re-activate if previously revoked, otherwise create fresh
-    const existingMember = await tx.workspaceMember.findUnique({
-      where: { userId_workspaceId: { userId: session.user.id, workspaceId: workspace.id } },
-    });
-
-    if (existingMember) {
-      await tx.workspaceMember.update({
-        where: { id: existingMember.id },
-        data: { role: invite.role, revokedAt: null },
-      });
-    } else {
-      await tx.workspaceMember.create({
-        data: { userId: session.user.id, workspaceId: workspace.id, role: invite.role },
-      });
-    }
-
-    await tx.inviteToken.update({
-      where: { token },
-      data: { acceptedAt: new Date() },
-    });
-
-    await tx.notification.create({
-      data: {
-        userId: invite.invitedById,
-        type: "invite_accepted",
-        title: `${session.user.name ?? session.user.email} accepted your invite`,
-        body: `They've joined the workspace as ${invite.role.toLowerCase()}.`,
-      },
-    });
-  });
-
-  // Increment Stripe seat quantity if workspace has an active subscription
-  if (workspace.stripeSubId) {
-    try {
-      const sub = await stripe.subscriptions.retrieve(workspace.stripeSubId);
-      const item = sub.items.data[0];
-      if (item) {
-        const newQuantity = (item.quantity ?? 1) + 1;
-        await stripe.subscriptionItems.update(item.id, {
-          quantity: newQuantity,
-          proration_behavior: "create_prorations", // charge immediately for new seat
-        });
-        await prisma.workspace.update({
-          where: { id: workspace.id },
-          data: { seatCount: newQuantity },
-        });
-      }
-    } catch {
-      // Non-fatal: Stripe seat sync failure doesn't block the join.
-      // Seat count will reconcile on next webhook or manual billing check.
-    }
-  }
-
-  return NextResponse.json({ workspaceId: workspace.id });
-}
-
-// DELETE = revoke invite
-export async function DELETE(
-  _req: NextRequest,
-  { params }: { params: Promise<{ token: string }> }
-) {
-  const session = await auth();
-  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
-
-  const { token } = await params;
-
-  const invite = await prisma.inviteToken.findUnique({ where: { token } });
-  if (!invite) return NextResponse.json({ error: "Not found" }, { status: 404 });
-
-  const member = await prisma.workspaceMember.findFirst({
-    where: { userId: session.user.id, workspaceId: invite.workspaceId, revokedAt: null },
-  });
-  if (!member || member.role === "MEMBER") {
-    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
-  }
-
-  await prisma.inviteToken.delete({ where: { token } });
-  return NextResponse.json({ ok: true });
-}

package/app/api/invites/route.tsx

@@ -1,74 +0,0 @@
-import { NextRequest, NextResponse } from "next/server";
-import { auth } from "@/auth";
-import { prisma } from "@/lib/prisma";
-
-export async function POST(req: NextRequest) {
-  const session = await auth();
-  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
-
-  const body = await req.json();
-  const { email, role = "MEMBER", workspaceId } = body;
-
-  if (!email) return NextResponse.json({ error: "Email required" }, { status: 400 });
-  if (!["MEMBER", "ADMIN"].includes(role)) {
-    return NextResponse.json({ error: "Invalid role" }, { status: 400 });
-  }
-
-  // Find the workspace the caller wants to invite into
-  const member = workspaceId
-    ? await prisma.workspaceMember.findFirst({
-        where: { userId: session.user.id, workspaceId, revokedAt: null },
-        include: { workspace: true },
-      })
-    : await prisma.workspaceMember.findFirst({
-        where: { userId: session.user.id, revokedAt: null },
-        include: { workspace: true },
-        orderBy: { joinedAt: "asc" },
-      });
-
-  if (!member) return NextResponse.json({ error: "No workspace found" }, { status: 404 });
-  if (member.role === "MEMBER") {
-    return NextResponse.json({ error: "Only owners and admins can invite" }, { status: 403 });
-  }
-
-  const { workspace } = member;
-
-  // Personal workspaces cannot have invites — owner must upgrade to Team Pro first
-  if (workspace.type === "PERSONAL") {
-    return NextResponse.json(
-      {
-        error: "upgrade_required",
-        message: "Inviting members requires a Team Pro workspace.",
-      },
-      { status: 402 }
-    );
-  }
-
-  // Check if already an active member
-  const existing = await prisma.user.findUnique({
-    where: { email },
-    include: {
-      workspaces: { where: { workspaceId: workspace.id, revokedAt: null } },
-    },
-  });
-  if (existing?.workspaces.length) {
-    return NextResponse.json({ error: "User is already a member" }, { status: 409 });
-  }
-
-  const expiresAt = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000);
-
-  const invite = await prisma.inviteToken.create({
-    data: {
-      email,
-      role,
-      workspaceId: workspace.id,
-      invitedById: session.user.id,
-      expiresAt,
-    },
-  });
-
-  const appUrl = process.env.NEXT_PUBLIC_APP_URL ?? "http://localhost:3000";
-  const link = `${appUrl}/invite/${invite.token}`;
-
-  return NextResponse.json({ link, token: invite.token }, { status: 201 });
-}

package/app/api/mcp/generate-token/route.tsx

@@ -1,55 +0,0 @@
-import { NextRequest, NextResponse } from "next/server";
-import { auth } from "@/auth";
-import { prisma } from "@/lib/prisma";
-import { signMcpToken } from "@/lib/mcp-auth";
-
-export async function POST(req: NextRequest) {
-  const session = await auth();
-  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
-
-  const body = await req.json().catch(() => ({}));
-  const requestedWorkspaceId: string | undefined = body?.workspaceId;
-
-  let workspaceId: string;
-
-  if (requestedWorkspaceId) {
-    const member = await prisma.workspaceMember.findFirst({
-      where: { userId: session.user.id, workspaceId: requestedWorkspaceId, revokedAt: null },
-    });
-    if (!member) return NextResponse.json({ error: "Not a member of that workspace" }, { status: 403 });
-    workspaceId = requestedWorkspaceId;
-  } else {
-    const member = await prisma.workspaceMember.findFirst({
-      where: { userId: session.user.id, revokedAt: null },
-    });
-    if (!member) return NextResponse.json({ error: "No workspace" }, { status: 404 });
-    workspaceId = member.workspaceId;
-  }
-
-  // Revoke any existing active tokens for this user+workspace
-  await prisma.mcpToken.updateMany({
-    where: { userId: session.user.id, workspaceId, revokedAt: null },
-    data: { revokedAt: new Date() },
-  });
-
-  const record = await prisma.mcpToken.create({
-    data: {
-      token: "pending",
-      userId: session.user.id,
-      workspaceId,
-    },
-  });
-
-  const jwt = await signMcpToken({
-    userId: session.user.id,
-    workspaceId,
-    tokenId: record.id,
-  });
-
-  await prisma.mcpToken.update({
-    where: { id: record.id },
-    data: { token: jwt },
-  });
-
-  return NextResponse.json({ id: record.id, token: jwt, alias: null }, { status: 201 });
-}