@m5kdev/backend 0.1.4 → 0.2.0

package/src/modules/access/access.service.ts

@@ -1,81 +0,0 @@
-import type { Statements } from "better-auth/plugins/access";
-import { err, ok } from "neverthrow";
-import type { AccessRepository } from "#modules/access/access.repository";
-import type { AccessControlRoles } from "#modules/access/access.utils";
-import type { ServerResultAsync } from "#modules/base/base.dto";
-import { BaseService } from "#modules/base/base.service";
-
-type User = {
-  id: string;
-  role: string;
-};
-
-export class AccessService<T extends Statements> extends BaseService<
-  { access: AccessRepository },
-  never
-> {
-  acr: AccessControlRoles<T>;
-
-  constructor(repositories: { access: AccessRepository }, acr: AccessControlRoles<T>) {
-    super(repositories);
-    this.acr = acr;
-  }
-
-  authorize(
-    level: "user" | "team" | "organization",
-    role: string,
-    request: any,
-    connector: "OR" | "AND" = "AND"
-  ) {
-    try {
-      return !!this.acr[level][role].authorize(request, connector).success;
-    } catch (error) {
-      console.error(error);
-      return false;
-    }
-  }
-
-  async checkAccess(
-    user: User,
-    level: "team" | "organization",
-    levelId: string,
-    request: any,
-    connector: "OR" | "AND" = "AND"
-  ): ServerResultAsync<boolean> {
-    const role =
-      level === "organization"
-        ? await this.repository.access.getOrganizationRole(user.id, levelId)
-        : await this.repository.access.getTeamRole(user.id, levelId);
-    if (role.isErr()) return err(role.error);
-    return ok(this.authorize(level, role.value, request, connector));
-  }
-
-  async hasAccess(
-    user: User,
-    level: "user" | "team" | "organization",
-    levelId: string,
-    request: any,
-    connector: "OR" | "AND" = "AND"
-  ): ServerResultAsync<boolean> {
-    // FIXME: catch all admin user access for now
-    if (user.role === "admin") return ok(true);
-    const userAccess = this.authorize("user", user.role, request, connector);
-    if (level === "user") return ok(userAccess && user.id === levelId);
-    if (userAccess) return ok(true);
-
-    const organizationAccess = await this.checkAccess(
-      user,
-      "organization",
-      levelId,
-      request,
-      connector
-    );
-    if (organizationAccess.isErr()) return err(organizationAccess.error);
-    if (level === "organization") return organizationAccess;
-    if (organizationAccess.value) return ok(true);
-
-    const teamAccess = await this.checkAccess(user, "team", levelId, request, connector);
-    if (teamAccess.isErr()) return err(teamAccess.error);
-    return teamAccess;
-  }
-}

package/src/modules/access/access.test.ts

@@ -1,216 +0,0 @@
-import { createClient } from "@libsql/client";
-import type { LibSQLDatabase } from "drizzle-orm/libsql";
-import { drizzle } from "drizzle-orm/libsql";
-import fs from "fs";
-import path from "path";
-import { AccessRepository } from "#modules/access/access.repository";
-import { AccessService } from "#modules/access/access.service";
-import { createAccessRoles } from "#modules/access/access.utils";
-import * as authSchema from "#modules/auth/auth.db";
-
-describe("AccessService", () => {
-  const statements = {
-    project: ["create", "share", "update", "delete"],
-  } as const;
-
-  const roleDefinitions = {
-    user: {
-      admin: { project: ["create", "share", "update"] },
-    },
-    team: {
-      admin: { project: ["create", "share", "update"] },
-    },
-    organization: {
-      admin: { project: ["create", "share", "update"] },
-    },
-  } as const;
-
-  const acr = createAccessRoles(statements, roleDefinitions);
-  // Minimal repository stub; not used by authorize() unit tests
-  const accessService = new AccessService({ access: {} as unknown as AccessRepository }, acr);
-
-  describe("user level", () => {
-    it("allows defined action", () => {
-      expect(accessService.authorize("user", "admin", { project: ["create"] })).toBe(true);
-    });
-
-    it("denies undefined action", () => {
-      expect(accessService.authorize("user", "admin", { project: ["delete"] })).toBe(false);
-    });
-
-    it("handles AND vs OR connectors for multiple actions", () => {
-      // admin has create but not delete
-      expect(
-        accessService.authorize("user", "admin", { project: ["create", "delete"] }, "AND")
-      ).toBe(false);
-      expect(
-        accessService.authorize(
-          "user",
-          "admin",
-          { project: { actions: ["create", "delete"], connector: "OR" } },
-          "OR"
-        )
-      ).toBe(true);
-    });
-  });
-
-  describe("team level", () => {
-    it("allows defined action", () => {
-      expect(accessService.authorize("team", "admin", { project: ["share"] })).toBe(true);
-    });
-
-    it("denies undefined action", () => {
-      expect(accessService.authorize("team", "admin", { project: ["delete"] })).toBe(false);
-    });
-  });
-
-  describe("organization level", () => {
-    it("allows defined action", () => {
-      expect(accessService.authorize("organization", "admin", { project: ["update"] })).toBe(true);
-    });
-
-    it("denies undefined action", () => {
-      expect(accessService.authorize("organization", "admin", { project: ["delete"] })).toBe(false);
-    });
-  });
-});
-
-describe("AccessRepository (libsql local)", () => {
-  const dbFile = path.join(__dirname, "access.test.sqlite");
-  const url = `file:${dbFile}`;
-  const client = createClient({ url });
-  type Schema = typeof authSchema;
-  type Orm = LibSQLDatabase<Schema>;
-  const orm = drizzle(client, { schema: authSchema }) as Orm;
-  const repo = new AccessRepository({ orm, schema: authSchema as Schema }, {});
-
-  beforeAll(async () => {
-    // Create minimal tables required for tests
-    await client.execute(`
-      CREATE TABLE IF NOT EXISTS members (
-        id TEXT PRIMARY KEY,
-        organization_id TEXT NOT NULL,
-        user_id TEXT NOT NULL,
-        role TEXT NOT NULL
-      );
-    `);
-    await client.execute(`
-      CREATE TABLE IF NOT EXISTS teammembers (
-        id TEXT PRIMARY KEY,
-        team_id TEXT NOT NULL,
-        user_id TEXT NOT NULL,
-        role TEXT NOT NULL
-      );
-    `);
-  });
-
-  beforeEach(async () => {
-    await client.execute({
-      sql: "INSERT INTO members (id, organization_id, user_id, role) VALUES (?, ?, ?, ?)",
-      args: ["m1", "org1", "user1", "admin"],
-    });
-    await client.execute({
-      sql: "INSERT INTO teammembers (id, team_id, user_id, role) VALUES (?, ?, ?, ?)",
-      args: ["tm1", "team1", "user1", "admin"],
-    });
-  });
-
-  afterEach(async () => {
-    await client.execute("DELETE FROM members;");
-    await client.execute("DELETE FROM teammembers;");
-  });
-
-  afterAll(async () => {
-    try {
-      await client.close();
-    } catch {}
-    try {
-      if (fs.existsSync(dbFile)) fs.unlinkSync(dbFile);
-    } catch {}
-  });
-
-  it("returns organization role for user", async () => {
-    const res = await repo.getOrganizationRole("user1", "org1");
-    expect(res.isOk()).toBe(true);
-    if (res.isOk()) expect(res.value).toBe("admin");
-  });
-
-  it("returns team role for user", async () => {
-    const res = await repo.getTeamRole("user1", "team1");
-    expect(res.isOk()).toBe(true);
-    if (res.isOk()) expect(res.value).toBe("admin");
-  });
-
-  describe("AccessService.hasAccess (with repo)", () => {
-    const hasAccessStatements = {
-      project: ["create", "share", "update", "delete"],
-    } as const;
-
-    const hasAccessRoles = {
-      user: {
-        member: { project: ["create"] },
-      },
-      team: {
-        manager: { project: ["share"] },
-      },
-      organization: {
-        manager: { project: ["update"] },
-      },
-    } as const;
-
-    const acr2 = createAccessRoles(hasAccessStatements, hasAccessRoles);
-    const service = new AccessService({ access: repo }, acr2);
-
-    it("admin override grants access", async () => {
-      const result = await service.hasAccess(
-        { id: "any", role: "admin" },
-        "organization",
-        "whatever",
-        { project: ["delete"] }
-      );
-      expect(result.isOk()).toBe(true);
-      if (result.isOk()) expect(result.value).toBe(true);
-    });
-
-    it("user level access only for self and allowed action", async () => {
-      const allowSelf = await service.hasAccess({ id: "user2", role: "member" }, "user", "user2", {
-        project: ["create"],
-      });
-      expect(allowSelf.isOk()).toBe(true);
-      if (allowSelf.isOk()) expect(allowSelf.value).toBe(true);
-
-      const denyOther = await service.hasAccess({ id: "user2", role: "member" }, "user", "other", {
-        project: ["create"],
-      });
-      expect(denyOther.isOk()).toBe(true);
-      if (denyOther.isOk()) expect(denyOther.value).toBe(false);
-    });
-
-    it("organization membership grants access based on repo role", async () => {
-      await client.execute({
-        sql: "INSERT INTO members (id, organization_id, user_id, role) VALUES (?, ?, ?, ?)",
-        args: ["m2", "org2", "user2", "manager"],
-      });
-      const result = await service.hasAccess(
-        { id: "user2", role: "member" },
-        "organization",
-        "org2",
-        { project: ["update"] }
-      );
-      expect(result.isOk()).toBe(true);
-      if (result.isOk()) expect(result.value).toBe(true);
-    });
-
-    it("team membership grants access based on repo role", async () => {
-      await client.execute({
-        sql: "INSERT INTO teammembers (id, team_id, user_id, role) VALUES (?, ?, ?, ?)",
-        args: ["tm2", "team2", "user2", "manager"],
-      });
-      const result = await service.hasAccess({ id: "user2", role: "member" }, "team", "team2", {
-        project: ["share"],
-      });
-      expect(result.isOk()).toBe(true);
-      if (result.isOk()) expect(result.value).toBe(true);
-    });
-  });
-});

package/src/modules/access/access.utils.ts

@@ -1,46 +0,0 @@
-import {
-  type AccessControl,
-  createAccessControl,
-  type Role,
-  type Statements,
-  type Subset,
-} from "better-auth/plugins/access";
-
-export type AccessControlRoles<T extends Statements> = {
-  ac: AccessControl<T>;
-  user: Record<string, Role<Subset<keyof T, T>>>;
-  team: Record<string, Role<Subset<keyof T, T>>>;
-  organization: Record<string, Role<Subset<keyof T, T>>>;
-};
-
-// Allow defining role statements with any subset of resources from T
-// and only actions permitted by each resource definition in T
-export type RoleDefinition<T extends Statements> = {
-  [K in keyof T]?: T[K] extends readonly (infer A)[] ? readonly A[] : never;
-};
-
-export type RoleDefinitions<T extends Statements> = {
-  user: Record<string, RoleDefinition<T>>;
-  team: Record<string, RoleDefinition<T>>;
-  organization: Record<string, RoleDefinition<T>>;
-};
-
-export function createAccessRoles<T extends Statements>(
-  statements: T,
-  roleDefinitions: RoleDefinitions<T>
-): AccessControlRoles<T> {
-  const ac = createAccessControl(statements);
-  const user: Record<string, Role<Subset<keyof T, T>>> = {};
-  const team: Record<string, Role<Subset<keyof T, T>>> = {};
-  const organization: Record<string, Role<Subset<keyof T, T>>> = {};
-  for (const [roleName, roleStatements] of Object.entries(roleDefinitions.user)) {
-    user[roleName] = ac.newRole(roleStatements as unknown as Subset<keyof T, T>);
-  }
-  for (const [roleName, roleStatements] of Object.entries(roleDefinitions.team)) {
-    team[roleName] = ac.newRole(roleStatements as unknown as Subset<keyof T, T>);
-  }
-  for (const [roleName, roleStatements] of Object.entries(roleDefinitions.organization)) {
-    organization[roleName] = ac.newRole(roleStatements as unknown as Subset<keyof T, T>);
-  }
-  return { ac, user, team, organization };
-}

package/src/modules/ai/ai.db.ts

@@ -1,38 +0,0 @@
-import { integer, real, sqliteTable as table, text } from "drizzle-orm/sqlite-core";
-import { v4 as uuidv4 } from "uuid";
-import { organizations, teams, users } from "#modules/auth/auth.db";
-
-export const chats = table("chats", {
-  id: text("id").primaryKey().$default(uuidv4),
-  userId: text("user_id")
-    .notNull()
-    .references(() => users.id, { onDelete: "cascade" }),
-  title: text("title"),
-  type: text("type"),
-  conversation: text("conversation", { mode: "json" }),
-  createdAt: integer("created_at", { mode: "timestamp" }).$default(() => new Date()),
-  updatedAt: integer("updated_at", { mode: "timestamp" })
-    .notNull()
-    .$default(() => new Date()),
-});
-
-export const aiUsage = table("ai_usage", {
-  id: text("id").primaryKey().$default(uuidv4),
-  userId: text("user_id").references(() => users.id, { onDelete: "cascade" }),
-  teamId: text("team_id").references(() => teams.id, { onDelete: "cascade" }),
-  organizationId: text("organization_id").references(() => organizations.id, {
-    onDelete: "cascade",
-  }),
-  feature: text("feature").notNull(),
-  provider: text("provider").notNull(),
-  model: text("model").notNull(),
-  inputTokens: integer("input_tokens"),
-  outputTokens: integer("output_tokens"),
-  totalTokens: integer("total_tokens"),
-  cost: real("cost"),
-  traceId: text("trace_id"),
-  createdAt: integer("created_at", { mode: "timestamp" })
-    .notNull()
-    .$default(() => new Date()),
-  metadata: text("metadata", { mode: "json" }),
-});

package/src/modules/ai/ai.prompt.ts

@@ -1,47 +0,0 @@
-import type { AiModel } from "@m5kdev/commons/modules/ai/ai.constants";
-import mustache from "mustache";
-import { logger } from "#utils/logger";
-
-export class Prompt<C extends Record<string, string>> {
-  public prompt: string;
-  public name?: string;
-  public type: "text" | "chat";
-  public config?: {
-    model?: AiModel;
-    temperature?: number;
-    supported_languages?: string[];
-  };
-  public version?: number;
-  public labels?: string[];
-  public tags?: string[];
-
-  constructor(
-    prompt: string,
-    settings?: {
-      name?: string;
-      type?: "text" | "chat";
-      config?: {
-        model?: AiModel;
-        temperature?: number;
-        supported_languages?: string[];
-      };
-      version?: number;
-      labels?: string[];
-      tags?: string[];
-    }
-  ) {
-    this.prompt = prompt;
-    this.name = settings?.name;
-    this.type = settings?.type ?? "text";
-    this.config = settings?.config;
-    this.version = settings?.version;
-    this.labels = settings?.labels;
-    this.tags = settings?.tags;
-  }
-
-  compile(context: C): string {
-    const result = mustache.render(this.prompt.trim(), context);
-    logger.debug(`[PROMPT]: ${result.trim()}`);
-    return result.trim();
-  }
-}

package/src/modules/ai/ai.repository.ts

@@ -1,53 +0,0 @@
-import type { InferInsertModel, InferSelectModel } from "drizzle-orm";
-import { eq, sql } from "drizzle-orm";
-import type { LibSQLDatabase } from "drizzle-orm/libsql";
-import { ok } from "neverthrow";
-import * as ai from "#modules/ai/ai.db";
-import type { ServerResultAsync } from "#modules/base/base.dto";
-import { BaseTableRepository } from "#modules/base/base.repository";
-
-const schema = { ...ai };
-type Schema = typeof schema;
-type Orm = LibSQLDatabase<Schema>;
-
-export type AiUsageRow = InferSelectModel<Schema["aiUsage"]>;
-export type AiUsageInsert = InferInsertModel<Schema["aiUsage"]>;
-
-export interface CreateAiUsageInput {
-  userId?: string;
-  teamId?: string;
-  organizationId?: string;
-  feature: string;
-  provider: string;
-  model: string;
-  inputTokens?: number;
-  outputTokens?: number;
-  totalTokens?: number;
-  cost?: number;
-  traceId?: string;
-  metadata?: unknown;
-}
-
-export class AiUsageRepository extends BaseTableRepository<
-  Orm,
-  Schema,
-  Record<string, never>,
-  Schema["aiUsage"]
-> {
-  getUsage(
-    userId: string
-  ): ServerResultAsync<Pick<AiUsageRow, "inputTokens" | "outputTokens" | "totalTokens" | "cost">> {
-    return this.throwableAsync(async () => {
-      const [usage] = await this.orm
-        .select({
-          inputTokens: sql<number>`SUM(${this.table.inputTokens})`,
-          outputTokens: sql<number>`SUM(${this.table.outputTokens})`,
-          totalTokens: sql<number>`SUM(${this.table.totalTokens})`,
-          cost: sql<number>`SUM(${this.table.cost})`,
-        })
-        .from(this.table)
-        .where(eq(this.table.userId, userId));
-      return ok(usage);
-    });
-  }
-}

package/src/modules/ai/ai.router.ts

@@ -1,148 +0,0 @@
-// import { openai } from "@ai-sdk/openai";
-// import { open}
-// import { withTracing } from "@posthog/ai";
-// import {
-//   appendClientMessage,
-//   appendResponseMessages,
-//   type Message,
-//   streamText,
-//   type Tool,
-// } from "ai";
-// import bodyParser from "body-parser";
-// import { and, eq } from "drizzle-orm";
-// import express, { type Response, type Router } from "express";
-// import { v4 as uuidv4 } from "uuid";
-// import type { AuthRequest, createAuthMiddleware } from "../auth/auth.middleware";
-// import { type Orm, schema } from "../db";
-// import { logger } from "../logger";
-// import { posthogClient } from "../posthog";
-
-// export type Tooling = Record<
-//   string,
-//   {
-//     getMesseges: (chatId: string) => Promise<Message[]>;
-//     getTools: (chatId: string) => Promise<
-//       Record<
-//         string,
-//         {
-//           tool: Tool;
-//           handler?: (
-//             chatId: string,
-//             args: unknown,
-//             user: NonNullable<AuthRequest["user"]>
-//           ) => Promise<void>;
-//         }
-//       >
-//     >;
-//   }
-// >;
-
-// export function tracedOpenAiModel(
-//   model: Parameters<typeof openai>[0],
-//   clientOptions: Parameters<typeof withTracing>[2]
-// ) {
-//   return withTracing(openai(model), posthogClient, clientOptions);
-// }
-
-// async function getRouteSettings(id: string, name: string, settings: Tooling) {
-//   const entity = settings[name as keyof typeof settings];
-//   if (!entity) return { tools: {}, entityMesseges: [], entityTools: {} };
-
-//   const entityTools = await entity.getTools(id);
-//   const entityMesseges = await entity.getMesseges(id);
-
-//   const tools = Object.entries(entityTools).reduce<
-//     Record<string, (typeof entityTools)[keyof typeof entityTools]["tool"]>
-//   >((acc, [key, value]) => {
-//     acc[key] = value.tool as (typeof entityTools)[keyof typeof entityTools]["tool"];
-//     return acc;
-//   }, {});
-
-//   return { tools, entityMesseges, entityTools };
-// }
-
-// export function createAiRouter(
-//   orm: Orm,
-//   authMiddleware: ReturnType<typeof createAuthMiddleware>,
-//   settings: Tooling
-// ) {
-//   const aiRouter: Router = express.Router();
-
-//   aiRouter.use(bodyParser.json());
-
-//   aiRouter.post("/completion/:name", authMiddleware, async (req: AuthRequest, res: Response) => {
-//     try {
-//       const { id, message } = req.body as {
-//         id: string;
-//         message: Message;
-//       };
-//       logger.info(req.body, "body");
-//       const { name } = req.params;
-//       const user = req.user!;
-//       logger.info(message, "Received message:");
-
-//       const { tools, entityMesseges, entityTools } = await getRouteSettings(id, name, settings);
-
-//       const [chat] = await orm
-//         .select()
-//         .from(schema.chats)
-//         .where(and(eq(schema.chats.id, id), eq(schema.chats.userId, user.id)));
-//       if (!chat) throw new Error("Chat not found");
-
-//       const messages = appendClientMessage({
-//         messages: (chat.conversation || []) as Message[],
-//         message,
-//       });
-
-//       // Process any tool invocations in the message
-//       const toolInvocation = message?.parts?.find((p) => p.type === "tool-invocation");
-
-//       if (toolInvocation) {
-//         logger.info(toolInvocation, "Processing tool invocation:");
-//         const tool =
-//           entityTools[toolInvocation.toolInvocation.toolName as keyof typeof entityTools];
-//         if (tool?.handler) {
-//           const result = await tool.handler(id, toolInvocation.toolInvocation.args, user);
-//           logger.info({ result }, "Tool handler result:");
-//         }
-//       }
-
-//       logger.info([...entityMesseges, ...messages], "Processed messages");
-
-//       const result = streamText({
-//         model: tracedOpenAiModel("gpt-4o", {
-//           posthogDistinctId: user.id,
-//           posthogProperties: { conversation_id: id, paid: true },
-//           posthogPrivacyMode: false,
-//         }),
-//         experimental_generateMessageId: uuidv4,
-//         messages: [...entityMesseges, ...messages],
-//         async onFinish({ response }) {
-//           logger.info(response, "Final response:");
-//           try {
-//             await orm
-//               .update(schema.chats)
-//               .set({
-//                 conversation: appendResponseMessages({
-//                   messages,
-//                   responseMessages: response.messages,
-//                 }),
-//               })
-//               .where(eq(schema.chats.id, id));
-//           } catch (error) {
-//             logger.error("Error in onFinish handler:", error);
-//           }
-//         },
-//         tools,
-//       });
-
-//       result.consumeStream();
-//       result.pipeDataStreamToResponse(res);
-//     } catch (error) {
-//       logger.error(error, "Error in ai handler");
-//       res.status(500).send({ error: "Internal Server Error" });
-//     }
-//   });
-
-//   return aiRouter;
-// }