@mdguggenbichler/slugbase-core 0.0.1

package/backend/dist/routes/tags.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tags.js","sourceRoot":"","sources":["../../src/routes/tags.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAC1D,OAAO,EAAe,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACjE,OAAO,EAAE,EAAE,IAAI,MAAM,EAAE,MAAM,MAAM,CAAC;AACpC,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AACrF,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAEjD,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC;AACxB,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;AAE1B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,wBAAwB;AACxB,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;IACjC,MAAM,OAAO,GAAG,GAAkB,CAAC;IACnC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,OAAO,CAAC,IAAK,CAAC,EAAE,CAAC;QAChC,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;QAElC,cAAc;QACd,MAAM,MAAM,GAAI,GAAG,CAAC,KAAK,CAAC,OAAkB,IAAI,cAAc,CAAC;QAC/D,IAAI,OAAO,GAAG,mBAAmB,CAAC;QAClC,IAAI,MAAM,KAAK,gBAAgB,EAAE,CAAC;YAChC,OAAO,GAAG,0BAA0B,CAAC;QACvC,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,0DAA0D,OAAO,EAAE,EAAE,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;QAClH,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjB,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IACjD,CAAC;AACH,CAAC,CAAC,CAAC;AAEH;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,iBAAiB;AACjB,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;IACpC,MAAM,OAAO,GAAG,GAAkB,CAAC;IACnC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,OAAO,CAAC,IAAK,CAAC,EAAE,CAAC;QAChC,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;QAClC,MAAM,EAAE,EAAE,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;QAE1B,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,mEAAmE,EAAE,CAAC,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;QACxH,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC;QAC1D,CAAC;QACD,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAChB,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IACjD,CAAC;AACH,CAAC,CAAC,CAAC;AAEH;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyCG;AACH,aAAa;AACb,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;IAClC,MAAM,OAAO,GAAG,GAAkB,CAAC;IACnC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,OAAO,CAAC,IAAK,CAAC,EAAE,CAAC;QAChC,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;QAClC,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC;QAE1B,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC7D,CAAC;QAED,6BAA6B;QAC7B,MAAM,cAAc,GAAG,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;QAC5E,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,CAAC;YAC1B,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,CAAC,KAAK,EAAE,CAAC,CAAC;QAC/D,CAAC;QACD,MAAM,aAAa,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;QAE3C,qCAAqC;QACrC,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,sEAAsE,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,aAAa,CAAC,CAAC,CAAC;QAC3I,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mCAAmC,EAAE,CAAC,CAAC;QAC9E,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC;QACvB,MAAM,OAAO,CAAC,qEAAqE,EAAE,CAAC,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,aAAa,CAAC,CAAC,CAAC;QAE/H,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,mDAAmD,EAAE,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC;QACnG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC5B,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IACjD,CAAC;AACH,CAAC,CAAC,CAAC;AAEH;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuCG;AACH,aAAa;AACb,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;IACpC,MAAM,OAAO,GAAG,GAAkB,CAAC;IACnC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,OAAO,CAAC,IAAK,CAAC,EAAE,CAAC;QAChC,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;QAClC,MAAM,EAAE,EAAE,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;QAC1B,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC;QAE1B,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC7D,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,mEAAmE,EAAE,CAAC,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;QACxH,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC;QAC1D,CAAC;QAED,6BAA6B;QAC7B,MAAM,cAAc,GAAG,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;QAC5E,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,CAAC;YAC1B,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,CAAC,KAAK,EAAE,CAAC,CAAC;QAC/D,CAAC;QACD,MAAM,aAAa,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;QAE3C,8BAA8B;QAC9B,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,kFAAkF,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,EAAE,CAAC,CAAC,CAAC;QAC3J,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mCAAmC,EAAE,CAAC,CAAC;QAC9E,CAAC;QAED,MAAM,OAAO,CAAC,yDAAyD,EAAE,CAAC,aAAa,EAAE,EAAE,EAAE,QAAQ,CAAC,CAAC,CAAC;QACxG,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,mDAAmD,EAAE,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC,CAAC;QACpG,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACpB,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IACjD,CAAC;AACH,CAAC,CAAC,CAAC;AAEH;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AACH,aAAa;AACb,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;IACvC,MAAM,OAAO,GAAG,GAAkB,CAAC;IACnC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,OAAO,CAAC,IAAK,CAAC,EAAE,CAAC;QAChC,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;QAClC,MAAM,EAAE,EAAE,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;QAE1B,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,mEAAmE,EAAE,CAAC,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;QACxH,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC;QAC1D,CAAC;QAED,MAAM,OAAO,CAAC,iDAAiD,EAAE,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC,CAAC;QACjF,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,aAAa,EAAE,CAAC,CAAC;IACvC,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IACjD,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,eAAe,MAAM,CAAC"}

package/backend/dist/routes/teams.d.ts

@@ -0,0 +1,3 @@
+declare const router: import("express-serve-static-core").Router;
+export default router;
+//# sourceMappingURL=teams.d.ts.map

package/backend/dist/routes/teams.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"teams.d.ts","sourceRoot":"","sources":["../../src/routes/teams.ts"],"names":[],"mappings":"AAKA,QAAA,MAAM,MAAM,4CAAW,CAAC;AA0DxB,eAAe,MAAM,CAAC"}

package/backend/dist/routes/teams.js

@@ -0,0 +1,60 @@
+import { Router } from 'express';
+import { query } from '../db/index.js';
+import { requireAuth } from '../middleware/auth.js';
+import { getTenantId } from '../utils/tenant.js';
+const router = Router();
+router.use(requireAuth());
+/**
+ * @swagger
+ * /api/teams:
+ *   get:
+ *     summary: Get teams for current user
+ *     description: Returns all teams that the authenticated user is a member of
+ *     tags: [Teams]
+ *     security:
+ *       - cookieAuth: []
+ *       - bearerAuth: []
+ *     responses:
+ *       200:
+ *         description: List of teams the user is a member of
+ *         content:
+ *           application/json:
+ *             schema:
+ *               type: array
+ *               items:
+ *                 type: object
+ *                 properties:
+ *                   id:
+ *                     type: string
+ *                     example: "123e4567-e89b-12d3-a456-426614174000"
+ *                   name:
+ *                     type: string
+ *                     example: "Development Team"
+ *                   description:
+ *                     type: string
+ *                     nullable: true
+ *                     example: "Team for development work"
+ *                   created_at:
+ *                     type: string
+ *                     format: date-time
+ *       401:
+ *         description: Unauthorized
+ */
+router.get('/', async (req, res) => {
+    const authReq = req;
+    try {
+        const userId = authReq.user.id;
+        const tenantId = getTenantId(req);
+        const teams = await query(`SELECT t.* FROM teams t
+       INNER JOIN team_members tm ON t.id = tm.team_id
+       WHERE tm.user_id = ? AND tm.tenant_id = ? AND t.tenant_id = ?
+       ORDER BY t.name`, [userId, tenantId, tenantId]);
+        const teamsList = Array.isArray(teams) ? teams : (teams ? [teams] : []);
+        res.json(teamsList);
+    }
+    catch (error) {
+        res.status(500).json({ error: error.message });
+    }
+});
+export default router;
+//# sourceMappingURL=teams.js.map

package/backend/dist/routes/teams.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"teams.js","sourceRoot":"","sources":["../../src/routes/teams.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,KAAK,EAAE,MAAM,gBAAgB,CAAC;AACvC,OAAO,EAAe,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACjE,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAEjD,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC;AACxB,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;AAE1B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AACH,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;IACjC,MAAM,OAAO,GAAG,GAAkB,CAAC;IACnC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,OAAO,CAAC,IAAK,CAAC,EAAE,CAAC;QAChC,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;QAClC,MAAM,KAAK,GAAG,MAAM,KAAK,CACvB;;;uBAGiB,EACjB,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAC7B,CAAC;QACF,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACxE,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACtB,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IACjD,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,eAAe,MAAM,CAAC"}

package/backend/dist/routes/tokens.d.ts

@@ -0,0 +1,3 @@
+declare const router: import("express-serve-static-core").Router;
+export default router;
+//# sourceMappingURL=tokens.d.ts.map

package/backend/dist/routes/tokens.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokens.d.ts","sourceRoot":"","sources":["../../src/routes/tokens.ts"],"names":[],"mappings":"AAMA,QAAA,MAAM,MAAM,4CAAW,CAAC;AAyJxB,eAAe,MAAM,CAAC"}

package/backend/dist/routes/tokens.js

@@ -0,0 +1,157 @@
+import { Router } from 'express';
+import { requireAuth } from '../middleware/auth.js';
+import { tokenCreateRateLimiter } from '../middleware/security.js';
+import * as apiTokens from '../services/api-tokens.js';
+import { getTenantId } from '../utils/tenant.js';
+const router = Router();
+router.use(requireAuth());
+/**
+ * @swagger
+ * /api/tokens:
+ *   get:
+ *     summary: List API tokens
+ *     description: Returns the authenticated user's API tokens. Tokens are masked (sb_********************************). Never returns plaintext.
+ *     tags: [API Tokens]
+ *     security:
+ *       - cookieAuth: []
+ *       - bearerAuth: []
+ *       - apiTokenAuth: []
+ *     responses:
+ *       200:
+ *         description: List of tokens
+ *         content:
+ *           application/json:
+ *             schema:
+ *               type: array
+ *               items:
+ *                 type: object
+ *                 properties:
+ *                   id:
+ *                     type: string
+ *                   name:
+ *                     type: string
+ *                   created_at:
+ *                     type: string
+ *                     format: date-time
+ *                   last_used_at:
+ *                     type: string
+ *                     format: date-time
+ *                     nullable: true
+ *       401:
+ *         description: Unauthorized
+ */
+router.get('/', async (req, res) => {
+    const authReq = req;
+    const userId = authReq.user.id;
+    const tenantId = getTenantId(req);
+    try {
+        const tokens = await apiTokens.listTokens(userId, tenantId);
+        res.json(tokens);
+    }
+    catch (error) {
+        res.status(500).json({ error: error.message });
+    }
+});
+/**
+ * @swagger
+ * /api/tokens:
+ *   post:
+ *     summary: Create API token
+ *     description: Creates a new personal API token. The plaintext token is returned ONLY ONCE. Store it securely; it cannot be retrieved again.
+ *     tags: [API Tokens]
+ *     security:
+ *       - cookieAuth: []
+ *       - bearerAuth: []
+ *     requestBody:
+ *       required: true
+ *       content:
+ *         application/json:
+ *           schema:
+ *             type: object
+ *             required:
+ *               - name
+ *             properties:
+ *               name:
+ *                 type: string
+ *                 description: Descriptive name for the token (e.g. CLI, CI/CD)
+ *                 maxLength: 100
+ *     responses:
+ *       200:
+ *         description: Token created (plaintext returned once)
+ *         content:
+ *           application/json:
+ *             schema:
+ *               type: object
+ *               properties:
+ *                 token:
+ *                   type: string
+ *                   description: The plaintext token. Store securely; never shown again.
+ *                 id:
+ *                   type: string
+ *                 name:
+ *                   type: string
+ *                 created_at:
+ *                   type: string
+ *                   format: date-time
+ *       400:
+ *         description: Validation error (name required, max tokens exceeded)
+ *       401:
+ *         description: Unauthorized
+ *       429:
+ *         description: Too many token creation attempts
+ */
+router.post('/', tokenCreateRateLimiter, async (req, res) => {
+    const authReq = req;
+    const userId = authReq.user.id;
+    const tenantId = getTenantId(req);
+    const { name } = req.body;
+    if (!name || typeof name !== 'string') {
+        return res.status(400).json({ error: 'Token name is required' });
+    }
+    const result = await apiTokens.createToken(userId, name, tenantId);
+    if (!result.success) {
+        return res.status(400).json({ error: result.error });
+    }
+    res.status(201).json(result.data);
+});
+/**
+ * @swagger
+ * /api/tokens/{id}:
+ *   delete:
+ *     summary: Revoke API token
+ *     description: Revokes an API token. The token stops working immediately. Idempotent.
+ *     tags: [API Tokens]
+ *     security:
+ *       - cookieAuth: []
+ *       - bearerAuth: []
+ *       - apiTokenAuth: []
+ *     parameters:
+ *       - in: path
+ *         name: id
+ *         required: true
+ *         schema:
+ *           type: string
+ *     responses:
+ *       200:
+ *         description: Token revoked
+ *       400:
+ *         description: Token not found
+ *       401:
+ *         description: Unauthorized
+ */
+router.delete('/:id', async (req, res) => {
+    const authReq = req;
+    const userId = authReq.user.id;
+    const tenantId = getTenantId(req);
+    const { id } = req.params;
+    if (!id) {
+        return res.status(400).json({ error: 'Token ID is required' });
+    }
+    const result = await apiTokens.revokeToken(userId, id, tenantId);
+    if (!result.success) {
+        return res.status(400).json({ error: result.error });
+    }
+    res.json({ message: 'Token revoked' });
+});
+export default router;
+//# sourceMappingURL=tokens.js.map

package/backend/dist/routes/tokens.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokens.js","sourceRoot":"","sources":["../../src/routes/tokens.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAe,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACjE,OAAO,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AACnE,OAAO,KAAK,SAAS,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAEjD,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC;AACxB,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;AAE1B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkCG;AACH,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;IACjC,MAAM,OAAO,GAAG,GAAkB,CAAC;IACnC,MAAM,MAAM,GAAG,OAAO,CAAC,IAAK,CAAC,EAAE,CAAC;IAChC,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;IAClC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,UAAU,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAC5D,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACnB,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IACjD,CAAC;AACH,CAAC,CAAC,CAAC;AAEH;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+CG;AACH,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,sBAAsB,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;IAC1D,MAAM,OAAO,GAAG,GAAkB,CAAC;IACnC,MAAM,MAAM,GAAG,OAAO,CAAC,IAAK,CAAC,EAAE,CAAC;IAChC,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;IAClC,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC;IAC1B,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtC,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,wBAAwB,EAAE,CAAC,CAAC;IACnE,CAAC;IACD,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,WAAW,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IACnE,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;IACvD,CAAC;IACD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;AACpC,CAAC,CAAC,CAAC;AAEH;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;IACvC,MAAM,OAAO,GAAG,GAAkB,CAAC;IACnC,MAAM,MAAM,GAAG,OAAO,CAAC,IAAK,CAAC,EAAE,CAAC;IAChC,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;IAClC,MAAM,EAAE,EAAE,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;IAC1B,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,sBAAsB,EAAE,CAAC,CAAC;IACjE,CAAC;IACD,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,WAAW,CAAC,MAAM,EAAE,EAAE,EAAE,QAAQ,CAAC,CAAC;IACjE,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;IACvD,CAAC;IACD,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,eAAe,EAAE,CAAC,CAAC;AACzC,CAAC,CAAC,CAAC;AAEH,eAAe,MAAM,CAAC"}

package/backend/dist/routes/users.d.ts

@@ -0,0 +1,3 @@
+declare const router: import("express-serve-static-core").Router;
+export default router;
+//# sourceMappingURL=users.d.ts.map

package/backend/dist/routes/users.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"users.d.ts","sourceRoot":"","sources":["../../src/routes/users.ts"],"names":[],"mappings":"AAQA,QAAA,MAAM,MAAM,4CAAW,CAAC;AAuNxB,eAAe,MAAM,CAAC"}

package/backend/dist/routes/users.js

@@ -0,0 +1,199 @@
+import { Router } from 'express';
+import { queryOne, execute } from '../db/index.js';
+import { requireAuth } from '../middleware/auth.js';
+import { validateEmail, normalizeEmail, validateLength, sanitizeString } from '../utils/validation.js';
+import { v4 as uuidv4 } from 'uuid';
+import crypto from 'crypto';
+import { sendEmailVerificationEmail } from '../utils/email.js';
+const router = Router();
+router.use(requireAuth());
+/**
+ * @swagger
+ * /api/users/me:
+ *   get:
+ *     summary: Get current user profile
+ *     description: Returns the authenticated user's profile information
+ *     tags: [Users]
+ *     security:
+ *       - cookieAuth: []
+ *       - bearerAuth: []
+ *     responses:
+ *       200:
+ *         description: User profile
+ *         content:
+ *           application/json:
+ *             schema:
+ *               type: object
+ *               properties:
+ *                 id:
+ *                   type: string
+ *                 email:
+ *                   type: string
+ *                 name:
+ *                   type: string
+ *                 user_key:
+ *                   type: string
+ *                 is_admin:
+ *                   type: boolean
+ *                 language:
+ *                   type: string
+ *                   example: "en"
+ *                 theme:
+ *                   type: string
+ *                   example: "auto"
+ *       401:
+ *         description: Unauthorized
+ */
+// Get current user profile
+router.get('/me', async (req, res) => {
+    const authReq = req;
+    try {
+        const userId = authReq.user.id;
+        const user = await queryOne('SELECT id, email, name, user_key, is_admin, language, theme, ai_suggestions_enabled, email_pending, oidc_provider, oidc_sub FROM users WHERE id = ?', [userId]);
+        res.json(user);
+    }
+    catch (error) {
+        res.status(500).json({ error: error.message });
+    }
+});
+/**
+ * @swagger
+ * /api/users/me:
+ *   put:
+ *     summary: Update user settings
+ *     description: Updates the authenticated user's profile information including email, name, language, and theme preferences
+ *     tags: [Users]
+ *     security:
+ *       - cookieAuth: []
+ *       - bearerAuth: []
+ *     requestBody:
+ *       required: true
+ *       content:
+ *         application/json:
+ *           schema:
+ *             type: object
+ *             properties:
+ *               email:
+ *                 type: string
+ *                 format: email
+ *                 example: "updated@example.com"
+ *                 description: User's email address (must be unique)
+ *               name:
+ *                 type: string
+ *                 example: "Updated Name"
+ *                 description: User's display name
+ *               language:
+ *                 type: string
+ *                 enum: [en, de, fr]
+ *                 example: "en"
+ *                 description: User's preferred language
+ *               theme:
+ *                 type: string
+ *                 enum: [light, dark, auto]
+ *                 example: "auto"
+ *                 description: User's preferred theme
+ *     responses:
+ *       200:
+ *         description: User settings updated successfully
+ *       400:
+ *         description: Invalid input or email already exists
+ *       401:
+ *         description: Unauthorized
+ */
+// Update user settings
+router.put('/me', async (req, res) => {
+    const authReq = req;
+    try {
+        const userId = authReq.user.id;
+        const { email, name, language, theme, ai_suggestions_enabled } = req.body;
+        const existing = await queryOne('SELECT * FROM users WHERE id = ?', [userId]);
+        if (!existing) {
+            return res.status(404).json({ error: 'User not found' });
+        }
+        const updates = [];
+        const params = [];
+        // Validate and update email if provided
+        if (email !== undefined) {
+            // Check if user is connected to OIDC provider - email cannot be changed for OIDC users
+            if (existing.oidc_provider) {
+                return res.status(400).json({ error: 'Email cannot be changed for OIDC-authenticated users. Email is managed by your identity provider.' });
+            }
+            const emailValidation = validateEmail(email);
+            if (!emailValidation.valid) {
+                return res.status(400).json({ error: emailValidation.error });
+            }
+            const normalizedEmail = normalizeEmail(email);
+            // Check if email is actually changing
+            if (normalizedEmail !== existing.email) {
+                // Check if new email is already in use
+                const emailExists = await queryOne('SELECT id FROM users WHERE email = ? AND id != ?', [normalizedEmail, userId]);
+                if (emailExists) {
+                    return res.status(400).json({ error: 'User with this email already exists' });
+                }
+                // Check if there's already a pending email verification
+                const pendingEmail = existing.email_pending;
+                if (pendingEmail && pendingEmail !== normalizedEmail) {
+                    // Cancel previous verification tokens
+                    await execute('UPDATE email_verification_tokens SET used = TRUE WHERE user_id = ? AND used = FALSE', [userId]);
+                }
+                // Generate verification token
+                const token = crypto.randomBytes(32).toString('hex');
+                const tokenId = uuidv4();
+                const expiresAt = new Date();
+                expiresAt.setHours(expiresAt.getHours() + 24); // 24 hours expiration
+                // Store token in database
+                await execute('INSERT INTO email_verification_tokens (id, user_id, token, new_email, expires_at) VALUES (?, ?, ?, ?, ?)', [tokenId, userId, token, normalizedEmail, expiresAt.toISOString()]);
+                // Set pending email (don't update actual email yet)
+                await execute('UPDATE users SET email_pending = ? WHERE id = ?', [normalizedEmail, userId]);
+                // Build verification URL
+                const baseUrl = process.env.FRONTEND_URL || 'http://localhost:3000';
+                const verificationUrl = `${baseUrl}/verify-email?token=${token}`;
+                // Send verification email to the NEW email address
+                await sendEmailVerificationEmail(normalizedEmail, token, verificationUrl, normalizedEmail);
+                // Return success but indicate email verification is required
+                return res.json({
+                    message: 'Email change requested. Please check your new email address for a verification link.',
+                    emailVerificationRequired: true,
+                    currentEmail: existing.email,
+                    pendingEmail: normalizedEmail,
+                });
+            }
+            // If email hasn't changed, no action needed
+        }
+        // Validate and update name if provided
+        if (name !== undefined) {
+            const nameValidation = validateLength(name, 'Name', 1, 255);
+            if (!nameValidation.valid) {
+                return res.status(400).json({ error: nameValidation.error });
+            }
+            updates.push('name = ?');
+            params.push(sanitizeString(name));
+        }
+        if (language !== undefined) {
+            updates.push('language = ?');
+            params.push(language);
+        }
+        if (theme !== undefined) {
+            updates.push('theme = ?');
+            params.push(theme);
+        }
+        if (ai_suggestions_enabled !== undefined) {
+            const DB_TYPE = process.env.DB_TYPE || 'sqlite';
+            const val = ai_suggestions_enabled === true || ai_suggestions_enabled === 'true';
+            updates.push('ai_suggestions_enabled = ?');
+            params.push(DB_TYPE === 'postgresql' ? val : (val ? 1 : 0));
+        }
+        if (updates.length === 0) {
+            return res.status(400).json({ error: 'No fields to update' });
+        }
+        params.push(userId);
+        await execute(`UPDATE users SET ${updates.join(', ')} WHERE id = ?`, params);
+        const user = await queryOne('SELECT id, email, name, user_key, is_admin, language, theme, ai_suggestions_enabled FROM users WHERE id = ?', [userId]);
+        res.json(user);
+    }
+    catch (error) {
+        res.status(500).json({ error: error.message });
+    }
+});
+export default router;
+//# sourceMappingURL=users.js.map

package/backend/dist/routes/users.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"users.js","sourceRoot":"","sources":["../../src/routes/users.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,EAAe,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACjE,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AACvG,OAAO,EAAE,EAAE,IAAI,MAAM,EAAE,MAAM,MAAM,CAAC;AACpC,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,0BAA0B,EAAE,MAAM,mBAAmB,CAAC;AAE/D,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC;AACxB,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;AAE1B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AACH,2BAA2B;AAC3B,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;IACnC,MAAM,OAAO,GAAG,GAAkB,CAAC;IACnC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,OAAO,CAAC,IAAK,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,qJAAqJ,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;QAC7L,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjB,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IACjD,CAAC;AACH,CAAC,CAAC,CAAC;AAEH;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2CG;AACH,uBAAuB;AACvB,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;IACnC,MAAM,OAAO,GAAG,GAAkB,CAAC;IACnC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,OAAO,CAAC,IAAK,CAAC,EAAE,CAAC;QAChC,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,sBAAsB,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC;QAE1E,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,kCAAkC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;QAC9E,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;QAC3D,CAAC;QAED,MAAM,OAAO,GAAa,EAAE,CAAC;QAC7B,MAAM,MAAM,GAAU,EAAE,CAAC;QAEzB,wCAAwC;QACxC,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,uFAAuF;YACvF,IAAK,QAAgB,CAAC,aAAa,EAAE,CAAC;gBACpC,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mGAAmG,EAAE,CAAC,CAAC;YAC9I,CAAC;YAED,MAAM,eAAe,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;YAC7C,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,CAAC;gBAC3B,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,eAAe,CAAC,KAAK,EAAE,CAAC,CAAC;YAChE,CAAC;YACD,MAAM,eAAe,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;YAE9C,sCAAsC;YACtC,IAAI,eAAe,KAAM,QAAgB,CAAC,KAAK,EAAE,CAAC;gBAChD,uCAAuC;gBACvC,MAAM,WAAW,GAAG,MAAM,QAAQ,CAAC,kDAAkD,EAAE,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC,CAAC;gBAClH,IAAI,WAAW,EAAE,CAAC;oBAChB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,qCAAqC,EAAE,CAAC,CAAC;gBAChF,CAAC;gBAED,wDAAwD;gBACxD,MAAM,YAAY,GAAI,QAAgB,CAAC,aAAa,CAAC;gBACrD,IAAI,YAAY,IAAI,YAAY,KAAK,eAAe,EAAE,CAAC;oBACrD,sCAAsC;oBACtC,MAAM,OAAO,CACX,qFAAqF,EACrF,CAAC,MAAM,CAAC,CACT,CAAC;gBACJ,CAAC;gBAED,8BAA8B;gBAC9B,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;gBACrD,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC;gBACzB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;gBAC7B,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,sBAAsB;gBAErE,0BAA0B;gBAC1B,MAAM,OAAO,CACX,0GAA0G,EAC1G,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,eAAe,EAAE,SAAS,CAAC,WAAW,EAAE,CAAC,CACnE,CAAC;gBAEF,oDAAoD;gBACpD,MAAM,OAAO,CAAC,iDAAiD,EAAE,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC,CAAC;gBAE5F,yBAAyB;gBACzB,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,uBAAuB,CAAC;gBACpE,MAAM,eAAe,GAAG,GAAG,OAAO,uBAAuB,KAAK,EAAE,CAAC;gBAEjE,mDAAmD;gBACnD,MAAM,0BAA0B,CAAC,eAAe,EAAE,KAAK,EAAE,eAAe,EAAE,eAAe,CAAC,CAAC;gBAE3F,6DAA6D;gBAC7D,OAAO,GAAG,CAAC,IAAI,CAAC;oBACd,OAAO,EAAE,sFAAsF;oBAC/F,yBAAyB,EAAE,IAAI;oBAC/B,YAAY,EAAG,QAAgB,CAAC,KAAK;oBACrC,YAAY,EAAE,eAAe;iBAC9B,CAAC,CAAC;YACL,CAAC;YACD,4CAA4C;QAC9C,CAAC;QAED,uCAAuC;QACvC,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;YACvB,MAAM,cAAc,GAAG,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC;YAC5D,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,CAAC;gBAC1B,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,CAAC,KAAK,EAAE,CAAC,CAAC;YAC/D,CAAC;YACD,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACzB,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC;QACpC,CAAC;QAED,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;YAC3B,OAAO,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACxB,CAAC;QACD,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAC1B,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC;QAED,IAAI,sBAAsB,KAAK,SAAS,EAAE,CAAC;YACzC,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,QAAQ,CAAC;YAChD,MAAM,GAAG,GAAG,sBAAsB,KAAK,IAAI,IAAI,sBAAsB,KAAK,MAAM,CAAC;YACjF,OAAO,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;YAC3C,MAAM,CAAC,IAAI,CAAC,OAAO,KAAK,YAAY,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9D,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC,CAAC;QAChE,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACpB,MAAM,OAAO,CAAC,oBAAoB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;QAE7E,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,6GAA6G,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;QACrJ,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjB,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IACjD,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,eAAe,MAAM,CAAC"}

package/backend/dist/services/ai-suggestions.d.ts

@@ -0,0 +1,29 @@
+/**
+ * AI-based bookmark suggestions (title, slug, tags).
+ * Uses OpenAI GPT-4o-mini with structured JSON output.
+ * Data minimization: only sanitized URL and optional page title sent to AI.
+ */
+export interface AISuggestionResult {
+    title: string;
+    slug: string;
+    tags: string[];
+    language: string;
+    confidence: number;
+}
+/**
+ * Sanitize URL for AI: remove fragments, strip secret params, keep only utm_* query params.
+ */
+export declare function sanitizeUrlForAI(url: string): string;
+/**
+ * Call AI provider (OpenAI) for bookmark suggestions.
+ * @param sanitizedUrl - sanitized URL (domain + path, no secrets)
+ * @param pageTitle - optional page title (from fetch or request)
+ * @param pageDescription - optional page description (from meta tags)
+ * @param apiKey - decrypted API key
+ * @param model - model name (default gpt-4o-mini)
+ * @param timeoutMs - request timeout (default 10000)
+ * @param userLanguage - user's preferred language (ISO 639-1), output in this language
+ * @param siteName - optional og:site_name from page (brand)
+ */
+export declare function callAIProvider(sanitizedUrl: string, pageTitle: string | undefined, pageDescription: string | undefined, apiKey: string, model?: string, timeoutMs?: number, userLanguage?: string, siteName?: string): Promise<AISuggestionResult | null>;
+//# sourceMappingURL=ai-suggestions.d.ts.map

package/backend/dist/services/ai-suggestions.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ai-suggestions.d.ts","sourceRoot":"","sources":["../../src/services/ai-suggestions.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAYH,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAsBpD;AAqFD;;;;;;;;;;GAUG;AACH,wBAAsB,cAAc,CAClC,YAAY,EAAE,MAAM,EACpB,SAAS,EAAE,MAAM,GAAG,SAAS,EAC7B,eAAe,EAAE,MAAM,GAAG,SAAS,EACnC,MAAM,EAAE,MAAM,EACd,KAAK,GAAE,MAAsB,EAC7B,SAAS,GAAE,MAAc,EACzB,YAAY,GAAE,MAAa,EAC3B,QAAQ,CAAC,EAAE,MAAM,GAChB,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAyCpC"}