@lastbrain/app 0.1.23 → 0.1.25

package/dist/scripts/init-app.js

@@ -48,14 +48,16 @@ export async function initApp(options) {
     await createNextStructure(targetDir, force, useHeroUI, withAuth);
     // 4. Créer les fichiers de configuration
     await createConfigFiles(targetDir, force, useHeroUI);
-    // 5. Créer .gitignore et .env.local.example
+    // 5. Créer le système de proxy storage
+    await createStorageProxy(targetDir, force);
+    // 6. Créer .gitignore et .env.local.example
     await createGitIgnore(targetDir, force);
     await createEnvExample(targetDir, force);
-    // 6. Créer la structure Supabase avec migrations
+    // 7. Créer la structure Supabase avec migrations
     await createSupabaseStructure(targetDir, force);
-    // 7. Ajouter les scripts NPM
+    // 8. Ajouter les scripts NPM
     await addScriptsToPackageJson(targetDir);
-    // 8. Enregistrer les modules sélectionnés
+    // 9. Enregistrer les modules sélectionnés
     if (withAuth || selectedModules.length > 0) {
         await saveModulesConfig(targetDir, selectedModules, withAuth);
     }
@@ -221,6 +223,7 @@ async function addDependencies(targetDir, useHeroUI, withAuth, selectedModules =
     // Ajouter les dépendances HeroUI si nécessaire
     if (useHeroUI) {
         // Tous les packages HeroUI nécessaires (car @lastbrain/ui les ré-exporte)
+        requiredDeps["@heroui/system"] = "^2.4.23";
         requiredDeps["@heroui/theme"] = "^2.4.23";
         requiredDeps["@heroui/accordion"] = "^2.2.24";
         requiredDeps["@heroui/alert"] = "^2.2.27";
@@ -900,31 +903,24 @@ async function addScriptsToPackageJson(targetDir) {
     // Détecter si le projet cible est dans un workspace
     const targetIsInMonorepo = fs.existsSync(path.join(targetDir, "../../../packages/core/package.json")) ||
         fs.existsSync(path.join(targetDir, "../../packages/core/package.json"));
-    let scriptsPrefix = "node node_modules/@lastbrain/app/dist/scripts/";
-    if (targetIsInMonorepo) {
-        // Dans un monorepo, utiliser pnpm exec pour résoudre correctement les workspace packages
-        scriptsPrefix = "pnpm exec lastbrain ";
+    let scriptsPrefix = "lastbrain";
+    if (!targetIsInMonorepo) {
+        // Hors monorepo, utiliser le chemin direct vers le CLI
+        scriptsPrefix = "node node_modules/@lastbrain/app/dist/cli.js";
     }
     const scripts = {
+        predev: targetIsInMonorepo
+            ? "pnpm --filter @lastbrain/core build && pnpm --filter @lastbrain/ui build && pnpm --filter @lastbrain/module-auth build && pnpm --filter @lastbrain/module-ai build"
+            : "echo 'No prebuild needed outside monorepo'",
         dev: "next dev",
         build: "next build",
         start: "next start",
         lint: "next lint",
-        lastbrain: targetIsInMonorepo
-            ? "pnpm exec lastbrain"
-            : "node node_modules/@lastbrain/app/dist/cli.js",
-        "build:modules": targetIsInMonorepo
-            ? "pnpm exec lastbrain module:build"
-            : "node node_modules/@lastbrain/app/dist/scripts/module-build.js",
-        "db:migrations:sync": targetIsInMonorepo
-            ? "pnpm exec lastbrain db:migrations:sync"
-            : "node node_modules/@lastbrain/app/dist/scripts/db-migrations-sync.js",
-        "db:init": targetIsInMonorepo
-            ? "pnpm exec lastbrain db:init"
-            : "node node_modules/@lastbrain/app/dist/scripts/db-init.js",
-        "readme:create": targetIsInMonorepo
-            ? "pnpm exec lastbrain readme:create"
-            : "node node_modules/@lastbrain/app/dist/scripts/readme-build.js",
+        lastbrain: targetIsInMonorepo ? "lastbrain" : "node node_modules/@lastbrain/app/dist/cli.js",
+        "build:modules": `${scriptsPrefix} module:build`,
+        "db:migrations:sync": `${scriptsPrefix} db:migrations:sync`,
+        "db:init": `${scriptsPrefix} db:init`,
+        "readme:create": `${scriptsPrefix} readme:create`,
     };
     pkg.scripts = { ...pkg.scripts, ...scripts };
     await fs.writeJson(pkgPath, pkg, { spaces: 2 });
@@ -957,3 +953,339 @@ async function saveModulesConfig(targetDir, selectedModules, withAuth) {
     await fs.writeJson(modulesConfigPath, { modules }, { spaces: 2 });
     console.log(chalk.green("✓ Configuration des modules sauvegardée"));
 }
+async function createStorageProxy(targetDir, force) {
+    console.log(chalk.yellow("\n🗂️  Création du système de proxy storage..."));
+    // Créer le dossier lib
+    const libDir = path.join(targetDir, "lib");
+    await fs.ensureDir(libDir);
+    // 1. Créer lib/bucket-config.ts
+    const bucketConfigPath = path.join(libDir, "bucket-config.ts");
+    if (!fs.existsSync(bucketConfigPath) || force) {
+        const bucketConfigContent = `/**
+ * Storage configuration for buckets and access control
+ */
+
+export interface BucketConfig {
+  name: string;
+  isPublic: boolean;
+  description: string;
+  allowedFileTypes?: string[];
+  maxFileSize?: number; // in bytes
+  customAccessControl?: (userId: string, filePath: string) => boolean;
+}
+
+export const BUCKET_CONFIGS: Record<string, BucketConfig> = {
+  avatar: {
+    name: "avatar",
+    isPublic: true,
+    description: "User profile pictures and avatars",
+    allowedFileTypes: ["image/jpeg", "image/png", "image/webp", "image/gif"],
+    maxFileSize: 10 * 1024 * 1024, // 10MB
+  },
+  app: {
+    name: "app",
+    isPublic: false,
+    description: "Private user files and documents",
+    maxFileSize: 100 * 1024 * 1024, // 100MB
+    customAccessControl: (userId: string, filePath: string) => {
+      // Users can only access files in their own folder (app/{userId}/...)
+      return filePath.startsWith(\`\${userId}/\`);
+    },
+  },
+  // Example for future buckets:
+  // public: {
+  //   name: "public",
+  //   isPublic: true,
+  //   description: "Publicly accessible files like logos, banners",
+  //   allowedFileTypes: ["image/jpeg", "image/png", "image/webp", "application/pdf"],
+  //   maxFileSize: 50 * 1024 * 1024, // 50MB
+  // },
+  // documents: {
+  //   name: "documents",
+  //   isPublic: false,
+  //   description: "Private documents requiring authentication",
+  //   allowedFileTypes: ["application/pdf", "application/msword", "text/plain"],
+  //   maxFileSize: 25 * 1024 * 1024, // 25MB
+  // },
+};
+
+/**
+ * Get bucket configuration
+ */
+export function getBucketConfig(bucketName: string): BucketConfig | null {
+  return BUCKET_CONFIGS[bucketName] || null;
+}
+
+/**
+ * Check if bucket is public
+ */
+export function isPublicBucket(bucketName: string): boolean {
+  const config = getBucketConfig(bucketName);
+  return config?.isPublic ?? false;
+}
+
+/**
+ * Check if user has access to a specific file
+ */
+export function hasFileAccess(bucketName: string, userId: string, filePath: string): boolean {
+  const config = getBucketConfig(bucketName);
+  if (!config) return false;
+
+  // Public buckets are accessible to everyone
+  if (config.isPublic) return true;
+
+  // Private buckets require authentication
+  if (!userId) return false;
+
+  // Apply custom access control if defined
+  if (config.customAccessControl) {
+    return config.customAccessControl(userId, filePath);
+  }
+
+  return true;
+}
+
+/**
+ * Validate file type for bucket
+ */
+export function isValidFileType(bucketName: string, contentType: string): boolean {
+  const config = getBucketConfig(bucketName);
+  if (!config || !config.allowedFileTypes) return true;
+
+  return config.allowedFileTypes.includes(contentType);
+}
+
+/**
+ * Check if file size is within bucket limits
+ */
+export function isValidFileSize(bucketName: string, fileSize: number): boolean {
+  const config = getBucketConfig(bucketName);
+  if (!config || !config.maxFileSize) return true;
+
+  return fileSize <= config.maxFileSize;
+}`;
+        await fs.writeFile(bucketConfigPath, bucketConfigContent);
+        console.log(chalk.green("✓ lib/bucket-config.ts créé"));
+    }
+    // 2. Créer lib/storage.ts
+    const storagePath = path.join(libDir, "storage.ts");
+    if (!fs.existsSync(storagePath) || force) {
+        const storageContent = `/**
+ * Build storage proxy URL for files in Supabase buckets
+ * 
+ * @param bucket - The bucket name (e.g., "avatar", "app")
+ * @param path - The file path within the bucket
+ * @returns Proxied URL (e.g., "/api/storage/avatar/user_128_123456.webp")
+ */
+export function buildStorageUrl(bucket: string, path: string): string {
+  // Remove leading slash if present
+  const cleanPath = path.startsWith("/") ? path.slice(1) : path;
+  
+  // Remove bucket prefix from path if present (e.g., "avatar/file.jpg" -> "file.jpg")
+  const pathWithoutBucket = cleanPath.startsWith(bucket + "/") 
+    ? cleanPath.slice(bucket.length + 1)
+    : cleanPath;
+  
+  return \`/api/storage/\${bucket}/\${pathWithoutBucket}\`;
+}
+
+/**
+ * Extract bucket and path from a storage URL
+ * 
+ * @param url - Storage URL (can be proxied URL or Supabase public URL)
+ * @returns Object with bucket and path, or null if not a valid storage URL
+ */
+export function parseStorageUrl(url: string): { bucket: string; path: string } | null {
+  // Handle proxy URLs like "/api/storage/avatar/file.jpg"
+  const proxyMatch = url.match(/^\\/api\\/storage\\/([^\\/]+)\\/(.+)$/);
+  if (proxyMatch) {
+    return {
+      bucket: proxyMatch[1],
+      path: proxyMatch[2]
+    };
+  }
+  
+  // Handle Supabase public URLs
+  const supabaseMatch = url.match(/\\/storage\\/v1\\/object\\/public\\/([^\\/]+)\\/(.+)$/);
+  if (supabaseMatch) {
+    return {
+      bucket: supabaseMatch[1],
+      path: supabaseMatch[2]
+    };
+  }
+  
+  return null;
+}
+
+/**
+ * Convert a Supabase storage path to proxy URL
+ * 
+ * @param storagePath - Path like "avatar/file.jpg" or "app/user/file.pdf"
+ * @returns Proxied URL
+ */
+export function storagePathToProxyUrl(storagePath: string): string {
+  const parts = storagePath.split("/");
+  if (parts.length < 2) {
+    throw new Error("Invalid storage path format");
+  }
+  
+  const bucket = parts[0];
+  const path = parts.slice(1).join("/");
+  
+  return buildStorageUrl(bucket, path);
+}
+
+/**
+ * List of public buckets that don't require authentication
+ */
+export const PUBLIC_BUCKETS = ["avatar"];
+
+/**
+ * List of private buckets that require authentication
+ */
+export const PRIVATE_BUCKETS = ["app"];
+
+/**
+ * Check if a bucket is public
+ */
+export function isPublicBucket(bucket: string): boolean {
+  return PUBLIC_BUCKETS.includes(bucket);
+}
+
+/**
+ * Check if a bucket is private
+ */
+export function isPrivateBucket(bucket: string): boolean {
+  return PRIVATE_BUCKETS.includes(bucket);
+}`;
+        await fs.writeFile(storagePath, storageContent);
+        console.log(chalk.green("✓ lib/storage.ts créé"));
+    }
+    // 3. Créer app/api/storage/[bucket]/[...path]/route.ts
+    const apiStorageDir = path.join(targetDir, "app", "api", "storage", "[bucket]", "[...path]");
+    await fs.ensureDir(apiStorageDir);
+    const routePath = path.join(apiStorageDir, "route.ts");
+    if (!fs.existsSync(routePath) || force) {
+        const routeContent = `import { NextRequest, NextResponse } from "next/server";
+import { getSupabaseServerClient } from "@lastbrain/core/server";
+import { getBucketConfig, hasFileAccess } from "@/lib/bucket-config";
+
+/**
+ * GET /api/storage/[bucket]/[...path]
+ * Proxy for Supabase Storage files with clean URLs and access control
+ * 
+ * Examples:
+ * - /api/storage/avatar/user_128_123456.webp
+ * - /api/storage/app/user/documents/file.pdf
+ */
+export async function GET(
+  request: NextRequest,
+  props: { params: Promise<{ bucket: string; path: string[] }> }
+) {
+  try {
+    const { bucket, path } = await props.params;
+    const filePath = path.join("/");
+
+    // Check if bucket exists in our configuration
+    const bucketConfig = getBucketConfig(bucket);
+    if (!bucketConfig) {
+      return new NextResponse("Bucket not allowed", { status: 403 });
+    }
+
+    const supabase = await getSupabaseServerClient();
+    let userId: string | null = null;
+
+    // Get user for private buckets or custom access control
+    if (!bucketConfig.isPublic) {
+      const { data: { user }, error: authError } = await supabase.auth.getUser();
+      
+      if (authError || !user) {
+        return new NextResponse("Unauthorized", { status: 401 });
+      }
+
+      userId = user.id;
+    }
+
+    // Check file access permissions
+    if (!hasFileAccess(bucket, userId || "", filePath)) {
+      return new NextResponse("Forbidden - Access denied to this file", { status: 403 });
+    }
+
+    // Get file from Supabase Storage
+    const { data: file, error } = await supabase.storage
+      .from(bucket)
+      .download(filePath);
+
+    if (error) {
+      console.error("Storage download error:", error);
+      if (error.message.includes("not found")) {
+        return new NextResponse("File not found", { status: 404 });
+      }
+      return new NextResponse("Storage error", { status: 500 });
+    }
+
+    if (!file) {
+      return new NextResponse("File not found", { status: 404 });
+    }
+
+    // Convert blob to array buffer
+    const arrayBuffer = await file.arrayBuffer();
+
+    // Determine content type from file extension
+    const getContentType = (filename: string): string => {
+      const ext = filename.toLowerCase().split(".").pop();
+      const mimeTypes: Record<string, string> = {
+        // Images
+        jpg: "image/jpeg",
+        jpeg: "image/jpeg",
+        png: "image/png",
+        gif: "image/gif",
+        webp: "image/webp",
+        svg: "image/svg+xml",
+        // Documents
+        pdf: "application/pdf",
+        doc: "application/msword",
+        docx: "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
+        xls: "application/vnd.ms-excel",
+        xlsx: "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
+        // Text
+        txt: "text/plain",
+        csv: "text/csv",
+        // Videos
+        mp4: "video/mp4",
+        avi: "video/x-msvideo",
+        mov: "video/quicktime",
+        // Audio
+        mp3: "audio/mpeg",
+        wav: "audio/wav",
+        // Archives
+        zip: "application/zip",
+        rar: "application/x-rar-compressed",
+      };
+      return mimeTypes[ext || ""] || "application/octet-stream";
+    };
+
+    const contentType = getContentType(filePath);
+
+    // Create response with proper headers
+    const response = new NextResponse(arrayBuffer, {
+      status: 200,
+      headers: {
+        "Content-Type": contentType,
+        "Cache-Control": "public, max-age=31536000, immutable", // Cache for 1 year
+        "Content-Length": arrayBuffer.byteLength.toString(),
+      },
+    });
+
+    return response;
+
+  } catch (error) {
+    console.error("Storage proxy error:", error);
+    return new NextResponse("Internal server error", { status: 500 });
+  }
+}`;
+        await fs.writeFile(routePath, routeContent);
+        console.log(chalk.green("✓ app/api/storage/[bucket]/[...path]/route.ts créé"));
+    }
+    console.log(chalk.green("✓ Système de proxy storage configuré"));
+}

package/dist/scripts/module-add.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"module-add.d.ts","sourceRoot":"","sources":["../../src/scripts/module-add.ts"],"names":[],"mappings":"AAMA,UAAU,gBAAgB;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,OAAO,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B;AAGD,eAAO,MAAM,iBAAiB,EAAE,gBAAgB,EAsB/C,CAAC;AAEF,wBAAsB,SAAS,CAAC,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,iBAwMpE"}
+{"version":3,"file":"module-add.d.ts","sourceRoot":"","sources":["../../src/scripts/module-add.ts"],"names":[],"mappings":"AAMA,UAAU,gBAAgB;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,OAAO,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B;AAGD,eAAO,MAAM,iBAAiB,EAAE,gBAAgB,EAsB/C,CAAC;AAEF,wBAAsB,SAAS,CAAC,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,iBAsMpE"}

package/dist/scripts/module-add.js

@@ -63,7 +63,7 @@ export async function addModule(moduleName, targetDir) {
         process.exit(1);
     }
     // 5. Copier les migrations du module
-    let copiedMigrationFiles = [];
+    const copiedMigrationFiles = [];
     if (module.hasMigrations) {
         console.log(chalk.yellow("\n📋 Copie des migrations du module..."));
         // Trouver le chemin du module installé

package/dist/scripts/script-runner.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Exécute un script via node en ajustant le chemin
+ */
+export declare function runScript(scriptName: string, args?: string[]): Promise<void>;
+//# sourceMappingURL=script-runner.d.ts.map

package/dist/scripts/script-runner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"script-runner.d.ts","sourceRoot":"","sources":["../../src/scripts/script-runner.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,wBAAsB,SAAS,CAAC,UAAU,EAAE,MAAM,EAAE,IAAI,GAAE,MAAM,EAAO,iBAqBtE"}

package/dist/scripts/script-runner.js

@@ -0,0 +1,25 @@
+import { spawn } from "child_process";
+import path from "path";
+/**
+ * Exécute un script via node en ajustant le chemin
+ */
+export async function runScript(scriptName, args = []) {
+    return new Promise((resolve, reject) => {
+        const scriptPath = path.join(__dirname, `${scriptName}.js`);
+        const child = spawn("node", [scriptPath, ...args], {
+            stdio: "inherit",
+            env: { ...process.env, PROJECT_ROOT: process.cwd() }
+        });
+        child.on("close", (code) => {
+            if (code === 0) {
+                resolve();
+            }
+            else {
+                reject(new Error(`Script ${scriptName} exited with code ${code}`));
+            }
+        });
+        child.on("error", (error) => {
+            reject(error);
+        });
+    });
+}