@knotpad/app 0.1.0 → 0.1.2

package/app/api/calendar-feeds/events/route.tsx

@@ -1,82 +0,0 @@
-import { NextRequest, NextResponse } from "next/server";
-import { auth } from "@/auth";
-import { prisma } from "@/lib/prisma";
-import { apiError, unauthorized } from "@/lib/api-error";
-
-const DATE_RE = /^\d{4}-\d{2}-\d{2}$/;
-
-export async function GET(req: NextRequest) {
-  const session = await auth();
-  if (!session) return unauthorized();
-
-  const { searchParams } = req.nextUrl;
-  const start = searchParams.get("start");
-  const end = searchParams.get("end");
-  if (!start || !end || !DATE_RE.test(start) || !DATE_RE.test(end)) {
-    return apiError("start and end query params required (YYYY-MM-DD)", 400);
-  }
-
-  const rangeStart = new Date(`${start}T00:00:00.000Z`);
-  const rangeEnd = new Date(`${end}T23:59:59.999Z`);
-
-  const events = await prisma.calendarFeedEvent.findMany({
-    where: {
-      feed: { userId: session.user.id, enabled: true },
-      start: { lte: rangeEnd },
-      end: { gte: rangeStart },
-    },
-    include: { feed: { select: { id: true, label: true, color: true } } },
-    orderBy: { start: "asc" },
-  });
-
-  const byDate: Record<
-    string,
-    { title: string; start: string; end: string; allDay: boolean; feedId: string; feedLabel: string; feedColor: string }[]
-  > = {};
-
-  for (const e of events) {
-    if (e.allDay) {
-      const eventStartStr = e.start.toISOString().slice(0, 10);
-      const eventEndStr = e.end.toISOString().slice(0, 10);
-      const overlapStartStr = eventStartStr < start ? start : eventStartStr;
-      const overlapEndStr = eventEndStr > end ? end : eventEndStr;
-
-      const cursor = new Date(`${overlapStartStr}T00:00:00.000Z`);
-      const limit = new Date(`${overlapEndStr}T00:00:00.000Z`);
-      while (cursor <= limit) {
-        const key = cursor.toISOString().slice(0, 10);
-        (byDate[key] ??= []).push({
-          title: e.title,
-          start: e.start.toISOString(),
-          end: e.end.toISOString(),
-          allDay: e.allDay,
-          feedId: e.feed.id,
-          feedLabel: e.feed.label,
-          feedColor: e.feed.color,
-        });
-        cursor.setUTCDate(cursor.getUTCDate() + 1);
-      }
-    } else {
-      // Bucket multi-day events under each day they overlap within the range.
-      const dayCursor = new Date(Math.max(e.start.getTime(), rangeStart.getTime()));
-      dayCursor.setUTCHours(0, 0, 0, 0);
-      const last = new Date(Math.min(e.end.getTime(), rangeEnd.getTime()));
-
-      while (dayCursor <= last) {
-        const key = dayCursor.toISOString().slice(0, 10);
-        (byDate[key] ??= []).push({
-          title: e.title,
-          start: e.start.toISOString(),
-          end: e.end.toISOString(),
-          allDay: e.allDay,
-          feedId: e.feed.id,
-          feedLabel: e.feed.label,
-          feedColor: e.feed.color,
-        });
-        dayCursor.setUTCDate(dayCursor.getUTCDate() + 1);
-      }
-    }
-  }
-
-  return NextResponse.json({ events: byDate });
-}

package/app/api/calendar-feeds/route.tsx

@@ -1,52 +0,0 @@
-import { NextRequest, NextResponse } from "next/server";
-import { auth } from "@/auth";
-import { prisma } from "@/lib/prisma";
-import { apiError, parseJson, unauthorized } from "@/lib/api-error";
-import { createFeedSchema } from "@/lib/validation/calendar-feed";
-import { encryptFeedUrl } from "@/lib/calendar-feed-crypto";
-import { generateSalt } from "@/lib/encryption";
-import { fetchAndCacheFeed } from "@/lib/calendar-feed";
-import { MAX_CALENDAR_FEEDS } from "@/lib/limits";
-
-export async function GET() {
-  const session = await auth();
-  if (!session) return unauthorized();
-
-  const feeds = await prisma.calendarFeed.findMany({
-    where: { userId: session.user.id },
-    orderBy: { createdAt: "asc" },
-    select: { id: true, label: true, color: true, enabled: true, lastFetchedAt: true, lastError: true },
-  });
-
-  return NextResponse.json(feeds);
-}
-
-export async function POST(req: NextRequest) {
-  const session = await auth();
-  if (!session) return unauthorized();
-
-  const parsed = await parseJson(req, createFeedSchema);
-  if (parsed.response) return parsed.response;
-  const { label, url, color } = parsed.data;
-
-  const count = await prisma.calendarFeed.count({ where: { userId: session.user.id } });
-  if (count >= MAX_CALENDAR_FEEDS) {
-    return apiError(`You can connect up to ${MAX_CALENDAR_FEEDS} calendars`, 400);
-  }
-
-  const salt = generateSalt();
-  const encryptedUrl = await encryptFeedUrl(url, salt);
-
-  const feed = await prisma.calendarFeed.create({
-    data: { userId: session.user.id, label, encryptedUrl, urlSalt: salt, color: color ?? "sky" },
-  });
-
-  const result = await fetchAndCacheFeed(feed.id);
-
-  const updated = await prisma.calendarFeed.findUnique({
-    where: { id: feed.id },
-    select: { id: true, label: true, color: true, enabled: true, lastFetchedAt: true, lastError: true },
-  });
-
-  return NextResponse.json({ ...updated, syncOk: result.ok }, { status: 201 });
-}

package/app/api/calendar-feeds/sync-all/route.tsx

@@ -1,34 +0,0 @@
-import { NextResponse } from "next/server";
-import { auth } from "@/auth";
-import { prisma } from "@/lib/prisma";
-import { unauthorized } from "@/lib/api-error";
-import { fetchAndCacheFeed } from "@/lib/calendar-feed";
-import { rateLimit } from "@/lib/rate-limit";
-
-/** POST /api/calendar-feeds/sync-all — refresh every enabled feed for the user. */
-export async function POST() {
-  const session = await auth();
-  if (!session) return unauthorized();
-
-  const limit = rateLimit(`calendar-feed-sync-all:${session.user.id}`, 3, 60_000);
-  if (limit.limited) {
-    return NextResponse.json(
-      { error: "Too many sync requests, please wait a moment" },
-      { status: 429, headers: { "Retry-After": String(limit.retryAfter) } },
-    );
-  }
-
-  const feeds = await prisma.calendarFeed.findMany({
-    where: { userId: session.user.id, enabled: true },
-    select: { id: true },
-  });
-
-  // Run syncs sequentially to avoid hammering upstream servers
-  const results: { id: string; ok: boolean; error?: string }[] = [];
-  for (const feed of feeds) {
-    const r = await fetchAndCacheFeed(feed.id);
-    results.push({ id: feed.id, ...r });
-  }
-
-  return NextResponse.json({ results });
-}

package/app/api/cron/calendar-feeds/route.tsx

@@ -1,31 +0,0 @@
-/**
- * Cron-triggered calendar feed sync.
- * Refreshes cached events for all enabled CalendarFeed subscriptions.
- * Secured with CRON_SECRET header (same pattern as app/api/cron/sync/route.tsx).
- */
-
-import { NextRequest, NextResponse } from "next/server";
-import { prisma } from "@/lib/prisma";
-import { fetchAndCacheFeed } from "@/lib/calendar-feed";
-
-export async function POST(req: NextRequest) {
-  const cronSecret = process.env.CRON_SECRET;
-  if (!cronSecret || req.headers.get("authorization") !== `Bearer ${cronSecret}`) {
-    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
-  }
-
-  const feeds = await prisma.calendarFeed.findMany({
-    where: { enabled: true },
-    select: { id: true },
-  });
-
-  const results = await Promise.allSettled(feeds.map((f) => fetchAndCacheFeed(f.id)));
-
-  const summary = results.map((r, i) => ({
-    feedId: feeds[i].id,
-    ok: r.status === "fulfilled" ? r.value.ok : false,
-    error: r.status === "fulfilled" ? r.value.error : String(r.reason),
-  }));
-
-  return NextResponse.json({ synced: summary.length, summary });
-}

package/app/api/cron/stale-tasks/route.tsx

@@ -1,51 +0,0 @@
-import { NextRequest, NextResponse } from "next/server";
-import { prisma } from "@/lib/prisma";
-
-// Called by a cron job or scheduled trigger every 15 minutes.
-// Marks claimed tasks with no heartbeat for >4hrs as stale and auto-releases them.
-// Protected by a simple CRON_SECRET header.
-export async function POST(req: NextRequest) {
-  const cronSecret = process.env.CRON_SECRET;
-  if (!cronSecret || req.headers.get("authorization") !== `Bearer ${cronSecret}`) {
-    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
-  }
-
-  const staleThreshold = new Date(Date.now() - 4 * 60 * 60 * 1000);
-
-  const staleTasks = await prisma.task.findMany({
-    where: {
-      status: { in: ["CLAIMED", "IN_PROGRESS"] },
-      claimedBy: { not: null },
-      lastHeartbeat: { lt: staleThreshold },
-    },
-    include: { workspace: { include: { members: { where: { role: "OWNER" } } } } },
-  });
-
-  let released = 0;
-  for (const task of staleTasks) {
-    const owner = task.workspace.members[0];
-    await prisma.$transaction(async (tx) => {
-      await tx.task.update({
-        where: { id: task.id },
-        data: { status: "OPEN", claimedBy: null, claimedByAlias: null, claimedAt: null, lastHeartbeat: null },
-      });
-      await tx.auditLog.create({
-        data: { taskId: task.id, action: "auto_released", detail: "auto-released after 4hr inactivity" },
-      });
-      if (owner) {
-        await tx.notification.create({
-          data: {
-            userId: owner.userId,
-            type: "stale_release",
-            title: `Task auto-released: "${task.title}"`,
-            body: "No heartbeat for 4 hours. Returned to agent pool.",
-            taskId: task.id,
-          },
-        });
-      }
-    });
-    released++;
-  }
-
-  return NextResponse.json({ released });
-}

package/app/api/cron/sync/route.tsx

@@ -1,34 +0,0 @@
-/**
- * Cron-triggered sync endpoint.
- * Called every 5 minutes by the hosting platform's scheduler (Dokploy/Nixpacks cron).
- * Secured with CRON_SECRET header to prevent unauthorized triggers.
- */
-
-import { NextRequest, NextResponse } from "next/server";
-import { prisma } from "@/lib/prisma";
-import { runProFlush } from "@/lib/pro-flush";
-
-export async function POST(req: NextRequest) {
-  const cronSecret = process.env.CRON_SECRET;
-  if (!cronSecret || req.headers.get("authorization") !== `Bearer ${cronSecret}`) {
-    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
-  }
-
-  // Find all cloud-enabled pro workspaces
-  const workspaces = await prisma.workspace.findMany({
-    where: { isPro: true, isCloud: true },
-    select: { id: true },
-  });
-
-  const results = await Promise.allSettled(
-    workspaces.map((w) => runProFlush(w.id))
-  );
-
-  const summary = results.map((r, i) => ({
-    workspaceId: workspaces[i].id,
-    status: r.status === "fulfilled" ? r.value.status : "error",
-    error: r.status === "rejected" ? String(r.reason) : undefined,
-  }));
-
-  return NextResponse.json({ synced: summary.length, summary });
-}

package/app/api/devices/[deviceId]/route.tsx

@@ -1,25 +0,0 @@
-import { NextRequest, NextResponse } from "next/server";
-import { auth } from "@/auth";
-import { prisma } from "@/lib/prisma";
-
-export async function DELETE(
-  _req: NextRequest,
-  { params }: { params: Promise<{ deviceId: string }> }
-) {
-  const session = await auth();
-  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
-
-  const { deviceId } = await params;
-
-  const device = await prisma.deviceSession.findUnique({ where: { id: deviceId } });
-  if (!device || device.userId !== session.user.id) {
-    return NextResponse.json({ error: "Not found" }, { status: 404 });
-  }
-
-  await prisma.deviceSession.update({
-    where: { id: deviceId },
-    data: { revokedAt: new Date() },
-  });
-
-  return NextResponse.json({ ok: true });
-}

package/app/api/devices/route.tsx

@@ -1,41 +0,0 @@
-import { NextRequest, NextResponse } from "next/server";
-import { auth } from "@/auth";
-import { prisma } from "@/lib/prisma";
-
-export async function GET() {
-  const session = await auth();
-  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
-
-  const devices = await prisma.deviceSession.findMany({
-    where: { userId: session.user.id, revokedAt: null },
-    orderBy: { lastActive: "desc" },
-  });
-
-  return NextResponse.json(devices.map((d) => ({
-    id: d.id,
-    deviceName: d.deviceName,
-    deviceId: d.deviceId,
-    lastActive: d.lastActive.toISOString(),
-    createdAt: d.createdAt.toISOString(),
-  })));
-}
-
-export async function POST(req: NextRequest) {
-  const session = await auth();
-  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
-
-  const { deviceId, deviceName } = await req.json();
-  if (!deviceId) return NextResponse.json({ error: "deviceId required" }, { status: 400 });
-
-  const device = await prisma.deviceSession.upsert({
-    where: { deviceId },
-    create: {
-      userId: session.user.id,
-      deviceId,
-      deviceName: deviceName ?? "Unknown Device",
-    },
-    update: { lastActive: new Date(), revokedAt: null },
-  });
-
-  return NextResponse.json({ id: device.id });
-}

package/app/api/export/route.tsx

@@ -1,40 +0,0 @@
-/**
- * Export all notes in the workspace as a single JSON payload.
- * Each note is rendered as clean markdown (no internal badge comments).
- *
- * The response is a Knotpad JSON export file (version 1), accepted by POST /api/restore.
- */
-import { NextResponse } from "next/server";
-import { auth } from "@/auth";
-import { prisma } from "@/lib/prisma";
-import { buildWorkspaceBackup } from "@/lib/backup/export-workspace-backup";
-import { rateLimit } from "@/lib/rate-limit";
-
-export async function GET() {
-  const session = await auth();
-  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
-
-  const rl = rateLimit(`export:${session.user.id}`, 5, 60_000);
-  if (rl.limited) {
-    return NextResponse.json({ error: "Too many requests" }, { status: 429, headers: { "Retry-After": String(rl.retryAfter) } });
-  }
-
-  const member = await prisma.workspaceMember.findFirst({
-    where: { userId: session.user.id },
-    include: { workspace: true },
-  });
-  if (!member) return NextResponse.json({ error: "No workspace" }, { status: 404 });
-
-  const { filename, payload } = await buildWorkspaceBackup(
-    member.workspaceId,
-    member.workspace.name,
-    member.workspace.slug
-  );
-
-  return new NextResponse(JSON.stringify(payload, null, 2), {
-    headers: {
-      "Content-Type": "application/json",
-      "Content-Disposition": `attachment; filename="${filename}"`,
-    },
-  });
-}

package/app/api/feedback/route.tsx

@@ -1,54 +0,0 @@
-import { NextRequest, NextResponse } from "next/server";
-import { auth } from "@/auth";
-import { prisma } from "@/lib/prisma";
-import { z } from "zod";
-
-const feedbackSchema = z.object({
-  type: z.enum(["feedback", "bug", "feature_request"]),
-  subject: z.string().min(1).max(200),
-  message: z.string().min(1).max(5000),
-});
-
-export async function POST(req: NextRequest) {
-  const session = await auth();
-  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
-
-  const body = await req.json();
-  const parsed = feedbackSchema.safeParse(body);
-  if (!parsed.success) {
-    return NextResponse.json({ error: "Invalid input", details: parsed.error.flatten() }, { status: 400 });
-  }
-
-  const { type, subject, message } = parsed.data;
-
-  const feedback = await prisma.feedback.create({
-    data: {
-      userId: session.user.id,
-      type,
-      subject,
-      message,
-    },
-  });
-
-  return NextResponse.json({ id: feedback.id, success: true });
-}
-
-export async function GET() {
-  const session = await auth();
-  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
-
-  const feedback = await prisma.feedback.findMany({
-    where: { userId: session.user.id },
-    orderBy: { createdAt: "desc" },
-    take: 50,
-    select: {
-      id: true,
-      type: true,
-      subject: true,
-      message: true,
-      createdAt: true,
-    },
-  });
-
-  return NextResponse.json(feedback);
-}

package/app/api/folders/[folderId]/route.tsx

@@ -1,51 +0,0 @@
-import { NextRequest, NextResponse } from "next/server";
-import { auth } from "@/auth";
-import { getPrimaryDb } from "@/lib/prisma";
-import { getActiveWorkspaceId } from "@/lib/workspace";
-
-async function ownedFolder(userId: string, folderId: string) {
-  const workspaceId = await getActiveWorkspaceId(userId);
-  if (!workspaceId) return null;
-  const db = await getPrimaryDb(workspaceId);
-  const folder = await db.folder.findFirst({ where: { id: folderId, workspaceId } });
-  return folder ? { folder, workspaceId, db } : null;
-}
-
-export async function PATCH(
-  req: NextRequest,
-  { params }: { params: Promise<{ folderId: string }> }
-) {
-  const session = await auth();
-  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
-
-  const { folderId } = await params;
-  const owned = await ownedFolder(session.user.id, folderId);
-  if (!owned) return NextResponse.json({ error: "Not found" }, { status: 404 });
-
-  const { name } = await req.json().catch(() => ({}));
-  const trimmed = typeof name === "string" ? name.trim() : "";
-  if (!trimmed) return NextResponse.json({ error: "name required" }, { status: 400 });
-
-  const folder = await owned.db.folder.update({
-    where: { id: folderId },
-    data: { name: trimmed.slice(0, 120) },
-    select: { id: true, name: true },
-  });
-  return NextResponse.json(folder);
-}
-
-export async function DELETE(
-  _req: NextRequest,
-  { params }: { params: Promise<{ folderId: string }> }
-) {
-  const session = await auth();
-  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
-
-  const { folderId } = await params;
-  const owned = await ownedFolder(session.user.id, folderId);
-  if (!owned) return NextResponse.json({ error: "Not found" }, { status: 404 });
-
-  // Notes keep existing; their folderId is set to null via the FK (onDelete: SetNull).
-  await owned.db.folder.delete({ where: { id: folderId } });
-  return NextResponse.json({ ok: true });
-}

package/app/api/folders/route.tsx

@@ -1,37 +0,0 @@
-import { NextRequest, NextResponse } from "next/server";
-import { auth } from "@/auth";
-import { prisma, getPrimaryDb, isConnectionError } from "@/lib/prisma";
-import { getActiveWorkspaceId } from "@/lib/workspace";
-
-const MAX_NAME_LEN = 120;
-
-export async function POST(req: NextRequest) {
-  const session = await auth();
-  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
-
-  const workspaceId = await getActiveWorkspaceId(session.user.id);
-  if (!workspaceId) return NextResponse.json({ error: "No workspace" }, { status: 404 });
-
-  const { name } = await req.json().catch(() => ({}));
-  const trimmed = typeof name === "string" ? name.trim() : "";
-  if (!trimmed) return NextResponse.json({ error: "name required" }, { status: 400 });
-  if (trimmed.length > MAX_NAME_LEN) return NextResponse.json({ error: "name too long" }, { status: 400 });
-
-  const db = await getPrimaryDb(workspaceId);
-  try {
-    const folder = await db.folder.create({
-      data: { name: trimmed, workspaceId },
-      select: { id: true, name: true },
-    });
-    return NextResponse.json(folder, { status: 201 });
-  } catch (err) {
-    if (isConnectionError(err) && db !== prisma) {
-      const folder = await prisma.folder.create({
-        data: { name: trimmed, workspaceId },
-        select: { id: true, name: true },
-      });
-      return NextResponse.json(folder, { status: 201 });
-    }
-    throw err;
-  }
-}