@nativesquare/soma 0.11.0 → 0.13.0

package/src/component/strava/public.ts

@@ -1,393 +1,393 @@
-// ─── Strava Component Actions ────────────────────────────────────────────────
-// Public actions that handle the full Strava OAuth + sync lifecycle.
-// The host app calls these through the Soma class, which threads the
-// credentials automatically from env vars or constructor config.
-
-import { v } from "convex/values";
-import { action } from "../_generated/server";
-import { api, internal } from "../_generated/api";
-import type { Doc, Id } from "../_generated/dataModel";
-import { createStravaClient } from "./client.js";
-import { listAllActivities } from "./utils.js";
-import {
-  getLoggedInAthlete,
-  getActivityById,
-  getActivityStreams,
-} from "./types/stravaApi/sdk.gen.js";
-import { generateState } from "../utils.js";
-import {
-  buildAuthUrl,
-  exchangeCode,
-  refreshToken as refreshStravaToken,
-} from "./auth.js";
-import { transformActivity } from "./transform/activity.js";
-import { transformAthlete } from "./transform/athlete.js";
-
-// ─── Public Actions ──────────────────────────────────────────────────────────
-
-/**
- * Generate a Strava OAuth authorization URL.
- *
- * The state parameter is stored in the component's `pendingOAuth` table
- * so that `completeStravaOAuth` can look it up automatically when the
- * callback fires via `registerRoutes`.
- */
-export const getStravaAuthUrl = action({
-  args: {
-    clientId: v.string(),
-    redirectUri: v.string(),
-    scope: v.optional(v.string()),
-    userId: v.string(),
-  },
-  handler: async (ctx, args) => {
-    const state = generateState();
-
-    const authUrl = buildAuthUrl({
-      clientId: args.clientId,
-      redirectUri: args.redirectUri,
-      scope: args.scope,
-      state,
-    });
-
-    await ctx.runMutation(internal.strava.private.storePendingOAuth, {
-      provider: "STRAVA",
-      state,
-      userId: args.userId,
-    });
-
-    return { authUrl, state };
-  },
-});
-
-/**
- * Complete a Strava OAuth flow using stored pending state.
- *
- * Called internally by `registerRoutes` — the callback handler calls
- * this with the `code` and `state` from the redirect. The action looks
- * up the pending state (userId) stored during `getStravaAuthUrl`,
- * exchanges for tokens, creates the connection, stores tokens, and
- * cleans up the pending entry.
- *
- * The host app is responsible for calling `syncStrava` afterwards.
- */
-export const completeStravaOAuth = action({
-  args: {
-    code: v.string(),
-    state: v.string(),
-    clientId: v.string(),
-    clientSecret: v.string(),
-  },
-  returns: v.object({
-    connectionId: v.string(),
-    userId: v.string(),
-  }),
-  handler: async (ctx, args): Promise<{
-    connectionId: Id<"connections">;
-    userId: string;
-  }> => {
-    // 1. Look up pending state
-    const pending: Doc<"pendingOAuth"> | null = await ctx.runQuery(
-      internal.strava.private.getPendingOAuth,
-      { state: args.state },
-    );
-    if (!pending) {
-      throw new Error(
-        "No pending Strava OAuth state found for this state parameter. " +
-        "The authorization may have expired or was already used.",
-      );
-    }
-
-    // 2. Exchange authorization code for tokens
-    const tokens = await exchangeCode({
-      clientId: args.clientId,
-      clientSecret: args.clientSecret,
-      code: args.code,
-    });
-
-    // 3. Clean up pending entry
-    await ctx.runMutation(
-      internal.strava.private.deletePendingOAuth,
-      { state: args.state },
-    );
-
-    // 4. Create/reactivate the Soma connection
-    const connectionId: Id<"connections"> = await ctx.runMutation(
-      api.public.connect,
-      {
-        userId: pending.userId,
-        provider: "STRAVA",
-      },
-    );
-
-    // 5. Store OAuth tokens
-    await ctx.runMutation(
-      internal.strava.private.storeTokens,
-      {
-        connectionId,
-        accessToken: tokens.access_token,
-        refreshToken: tokens.refresh_token,
-        expiresAt: tokens.expires_at,
-      },
-    );
-
-    return {
-      connectionId,
-      userId: pending.userId,
-    };
-  },
-});
-
-/**
- * Incremental Strava sync for an already-connected user.
- *
- * Looks up the stored tokens, auto-refreshes if expired, then syncs
- * the athlete profile and activities.
- *
- * Returns `{ synced, errors }`.
- */
-export const syncStrava = action({
-  args: {
-    userId: v.string(),
-    clientId: v.string(),
-    clientSecret: v.string(),
-    after: v.optional(v.number()),
-  },
-  returns: v.object({
-    synced: v.object({ athletes: v.number(), activities: v.number() }),
-    errors: v.array(
-      v.object({ type: v.string(), id: v.string(), error: v.string() }),
-    ),
-  }),
-  handler: async (ctx, args): Promise<{
-    synced: { athletes: number; activities: number };
-    errors: Array<{ type: string; id: string; error: string }>;
-  }> => {
-    // 1. Look up connection
-    const connection: Doc<"connections"> | null = await ctx.runQuery(
-      internal.private.getConnectionByProvider,
-      { userId: args.userId, provider: "STRAVA" },
-    );
-    if (!connection) {
-      throw new Error(
-        `No Strava connection found for user "${args.userId}". ` +
-        "Connect to Strava first via getStravaAuthUrl.",
-      );
-    }
-    if (!connection.active) {
-      throw new Error(
-        `Strava connection for user "${args.userId}" is inactive. Reconnect first.`,
-      );
-    }
-
-    const connectionId = connection._id;
-
-    // 2. Get stored tokens
-    const tokenDoc: Doc<"providerTokens"> | null = await ctx.runQuery(
-      internal.strava.private.getTokens,
-      { connectionId },
-    );
-    if (!tokenDoc) {
-      throw new Error(
-        `No tokens found for Strava connection. ` +
-        "The connection may have been created before token storage was available.",
-      );
-    }
-
-    // 3. Auto-refresh if token is expired or expiring within 5 minutes
-    let accessToken = tokenDoc.accessToken;
-    const now = Math.floor(Date.now() / 1000);
-    if (!tokenDoc.refreshToken || !tokenDoc.expiresAt) {
-      throw new Error(
-        "Strava tokens are missing refreshToken or expiresAt. " +
-        "This connection may have been created with an incompatible version.",
-      );
-    }
-    if (tokenDoc.expiresAt < now + 300) {
-      const refreshed = await refreshStravaToken({
-        clientId: args.clientId,
-        clientSecret: args.clientSecret,
-        refreshToken: tokenDoc.refreshToken,
-      });
-      accessToken = refreshed.access_token;
-      await ctx.runMutation(
-        internal.strava.private.storeTokens,
-        {
-          connectionId,
-          accessToken: refreshed.access_token,
-          refreshToken: refreshed.refresh_token,
-          expiresAt: refreshed.expires_at,
-        },
-      );
-    }
-
-    // 4. Sync all data types
-    const result = await ctx.runAction(api.strava.public.syncAllTypes, {
-      accessToken,
-      connectionId,
-      userId: args.userId,
-      after: args.after,
-    });
-
-    // 5. Update lastDataUpdate timestamp
-    await ctx.runMutation(
-      api.public.updateConnection,
-      {
-        connectionId,
-        lastDataUpdate: new Date().toISOString(),
-      },
-    );
-
-    return { synced: result.synced, errors: result.errors };
-  },
-});
-
-// ─── Sync Engine ────────────────────────────────────────────────────────────
-
-/**
- * Fetch and ingest all Strava data types for a connected user.
- *
- * Called by syncStrava after obtaining a valid access token.
- */
-export const syncAllTypes = action({
-  args: {
-    accessToken: v.string(),
-    connectionId: v.id("connections"),
-    userId: v.string(),
-    after: v.optional(v.number()),
-    before: v.optional(v.number()),
-  },
-  handler: async (ctx, args) => {
-    const { accessToken, connectionId, userId } = args;
-    const client = createStravaClient(accessToken);
-
-    const synced = { athletes: 0, activities: 0 };
-    const errors: Array<{ type: string; id: string; error: string }> = [];
-
-    // ── Athlete ──────────────────────────────────────────────────────────
-    try {
-      const { data: athlete, error } = await getLoggedInAthlete({ client });
-      if (error || !athlete) throw new Error(error ? JSON.stringify(error) : "No athlete data");
-      const data = transformAthlete(athlete);
-      await ctx.runMutation(api.public.ingestAthlete, {
-        connectionId,
-        userId,
-        ...data,
-      } as never);
-      synced.athletes++;
-    } catch (err) {
-      errors.push({
-        type: "athlete",
-        id: "fetch",
-        error: err instanceof Error ? err.message : String(err),
-      });
-    }
-
-    // ── Activities ───────────────────────────────────────────────────────
-    try {
-      const summaries = await listAllActivities(client, {
-        after: args.after,
-        before: args.before,
-      });
-      for (const summary of summaries) {
-        if (summary.id == null) continue;
-        try {
-          const { data: detailed, error: detailError } = await getActivityById({ client, path: { id: summary.id } });
-          if (detailError || !detailed) throw new Error(detailError ? JSON.stringify(detailError) : "No activity data");
-
-          const { data: streams } = await getActivityStreams({
-            client,
-            path: { id: summary.id },
-            query: {
-              keys: ["time", "heartrate", "watts", "cadence", "latlng", "altitude", "velocity_smooth", "grade_smooth", "distance", "temp"],
-              key_by_type: true,
-            },
-          });
-
-          const data = transformActivity(detailed, { streams: streams ?? undefined });
-          await ctx.runMutation(api.public.ingestActivity, {
-            connectionId,
-            userId,
-            ...data,
-          } as never);
-          synced.activities++;
-        } catch (err) {
-          errors.push({
-            type: "activity",
-            id: String(summary.id),
-            error: err instanceof Error ? err.message : String(err),
-          });
-        }
-      }
-    } catch (err) {
-      errors.push({
-        type: "activity",
-        id: "fetch",
-        error: err instanceof Error ? err.message : String(err),
-      });
-    }
-
-    return { synced, errors };
-  },
-});
-
-// ─── Disconnect ─────────────────────────────────────────────────────────────
-
-/**
- * Disconnect a user from Strava.
- *
- * Revokes the token at Strava (best-effort), deletes stored tokens,
- * and sets the connection to inactive.
- */
-export const disconnectStrava = action({
-  args: {
-    userId: v.string(),
-    clientId: v.string(),
-    clientSecret: v.string(),
-  },
-  returns: v.null(),
-  handler: async (ctx, args) => {
-    // 1. Look up connection
-    const connection: Doc<"connections"> | null = await ctx.runQuery(
-      internal.private.getConnectionByProvider,
-      { userId: args.userId, provider: "STRAVA" },
-    );
-    if (!connection) {
-      throw new Error(
-        `No Strava connection found for user "${args.userId}".`,
-      );
-    }
-
-    const connectionId = connection._id;
-
-    // 2. Revoke token at Strava (best-effort, don't fail if it errors)
-    const tokenDoc: Doc<"providerTokens"> | null = await ctx.runQuery(
-      internal.strava.private.getTokens,
-      { connectionId },
-    );
-    if (tokenDoc) {
-      try {
-        await fetch("https://www.strava.com/oauth/deauthorize", {
-          method: "POST",
-          headers: { "Content-Type": "application/x-www-form-urlencoded" },
-          body: `access_token=${tokenDoc.accessToken}`,
-        });
-      } catch {
-        // Deauthorization is best-effort — clean up locally regardless
-      }
-
-      // 3. Delete stored tokens
-      const _deleted: null = await ctx.runMutation(
-        internal.strava.private.deleteTokens,
-        { connectionId },
-      );
-    }
-
-    // 4. Set connection inactive
-    const _disconnected: null = await ctx.runMutation(api.public.disconnect, {
-      userId: args.userId,
-      provider: "STRAVA",
-    });
-
-    return null;
-  },
-});
+// ─── Strava Component Actions ────────────────────────────────────────────────
+// Public actions that handle the full Strava OAuth + sync lifecycle.
+// The host app calls these through the Soma class, which threads the
+// credentials automatically from env vars or constructor config.
+
+import { v } from "convex/values";
+import { action } from "../_generated/server";
+import { api, internal } from "../_generated/api";
+import type { Doc, Id } from "../_generated/dataModel";
+import { createStravaClient } from "./client.js";
+import { listAllActivities } from "./utils.js";
+import {
+  getLoggedInAthlete,
+  getActivityById,
+  getActivityStreams,
+} from "./types/stravaApi/sdk.gen.js";
+import { generateState } from "../utils.js";
+import {
+  buildAuthUrl,
+  exchangeCode,
+  refreshToken as refreshStravaToken,
+} from "./auth.js";
+import { transformActivity } from "./transform/activity.js";
+import { transformAthlete } from "./transform/athlete.js";
+
+// ─── Public Actions ──────────────────────────────────────────────────────────
+
+/**
+ * Generate a Strava OAuth authorization URL.
+ *
+ * The state parameter is stored in the component's `pendingOAuth` table
+ * so that `completeStravaOAuth` can look it up automatically when the
+ * callback fires via `registerRoutes`.
+ */
+export const getStravaAuthUrl = action({
+  args: {
+    clientId: v.string(),
+    redirectUri: v.string(),
+    scope: v.optional(v.string()),
+    userId: v.string(),
+  },
+  handler: async (ctx, args) => {
+    const state = generateState();
+
+    const authUrl = buildAuthUrl({
+      clientId: args.clientId,
+      redirectUri: args.redirectUri,
+      scope: args.scope,
+      state,
+    });
+
+    await ctx.runMutation(internal.strava.private.storePendingOAuth, {
+      provider: "STRAVA",
+      state,
+      userId: args.userId,
+    });
+
+    return { authUrl, state };
+  },
+});
+
+/**
+ * Complete a Strava OAuth flow using stored pending state.
+ *
+ * Called internally by `registerRoutes` — the callback handler calls
+ * this with the `code` and `state` from the redirect. The action looks
+ * up the pending state (userId) stored during `getStravaAuthUrl`,
+ * exchanges for tokens, creates the connection, stores tokens, and
+ * cleans up the pending entry.
+ *
+ * The host app is responsible for calling `syncStrava` afterwards.
+ */
+export const completeStravaOAuth = action({
+  args: {
+    code: v.string(),
+    state: v.string(),
+    clientId: v.string(),
+    clientSecret: v.string(),
+  },
+  returns: v.object({
+    connectionId: v.string(),
+    userId: v.string(),
+  }),
+  handler: async (ctx, args): Promise<{
+    connectionId: Id<"connections">;
+    userId: string;
+  }> => {
+    // 1. Look up pending state
+    const pending: Doc<"pendingOAuth"> | null = await ctx.runQuery(
+      internal.strava.private.getPendingOAuth,
+      { state: args.state },
+    );
+    if (!pending) {
+      throw new Error(
+        "No pending Strava OAuth state found for this state parameter. " +
+        "The authorization may have expired or was already used.",
+      );
+    }
+
+    // 2. Exchange authorization code for tokens
+    const tokens = await exchangeCode({
+      clientId: args.clientId,
+      clientSecret: args.clientSecret,
+      code: args.code,
+    });
+
+    // 3. Clean up pending entry
+    await ctx.runMutation(
+      internal.strava.private.deletePendingOAuth,
+      { state: args.state },
+    );
+
+    // 4. Create/reactivate the Soma connection
+    const connectionId: Id<"connections"> = await ctx.runMutation(
+      api.public.connect,
+      {
+        userId: pending.userId,
+        provider: "STRAVA",
+      },
+    );
+
+    // 5. Store OAuth tokens
+    await ctx.runMutation(
+      internal.strava.private.storeTokens,
+      {
+        connectionId,
+        accessToken: tokens.access_token,
+        refreshToken: tokens.refresh_token,
+        expiresAt: tokens.expires_at,
+      },
+    );
+
+    return {
+      connectionId,
+      userId: pending.userId,
+    };
+  },
+});
+
+/**
+ * Incremental Strava sync for an already-connected user.
+ *
+ * Looks up the stored tokens, auto-refreshes if expired, then syncs
+ * the athlete profile and activities.
+ *
+ * Returns `{ synced, errors }`.
+ */
+export const syncStrava = action({
+  args: {
+    userId: v.string(),
+    clientId: v.string(),
+    clientSecret: v.string(),
+    after: v.optional(v.number()),
+  },
+  returns: v.object({
+    data: v.object({ synced: v.object({ athletes: v.number(), activities: v.number() }) }),
+    errors: v.array(
+      v.object({ type: v.string(), id: v.string(), message: v.string() }),
+    ),
+  }),
+  handler: async (ctx, args): Promise<{
+    data: { synced: { athletes: number; activities: number } };
+    errors: Array<{ type: string; id: string; message: string }>;
+  }> => {
+    // 1. Look up connection
+    const connection: Doc<"connections"> | null = await ctx.runQuery(
+      internal.private.getConnectionByProvider,
+      { userId: args.userId, provider: "STRAVA" },
+    );
+    if (!connection) {
+      throw new Error(
+        `No Strava connection found for user "${args.userId}". ` +
+        "Connect to Strava first via getStravaAuthUrl.",
+      );
+    }
+    if (!connection.active) {
+      throw new Error(
+        `Strava connection for user "${args.userId}" is inactive. Reconnect first.`,
+      );
+    }
+
+    const connectionId = connection._id;
+
+    // 2. Get stored tokens
+    const tokenDoc: Doc<"providerTokens"> | null = await ctx.runQuery(
+      internal.strava.private.getTokens,
+      { connectionId },
+    );
+    if (!tokenDoc) {
+      throw new Error(
+        `No tokens found for Strava connection. ` +
+        "The connection may have been created before token storage was available.",
+      );
+    }
+
+    // 3. Auto-refresh if token is expired or expiring within 5 minutes
+    let accessToken = tokenDoc.accessToken;
+    const now = Math.floor(Date.now() / 1000);
+    if (!tokenDoc.refreshToken || !tokenDoc.expiresAt) {
+      throw new Error(
+        "Strava tokens are missing refreshToken or expiresAt. " +
+        "This connection may have been created with an incompatible version.",
+      );
+    }
+    if (tokenDoc.expiresAt < now + 300) {
+      const refreshed = await refreshStravaToken({
+        clientId: args.clientId,
+        clientSecret: args.clientSecret,
+        refreshToken: tokenDoc.refreshToken,
+      });
+      accessToken = refreshed.access_token;
+      await ctx.runMutation(
+        internal.strava.private.storeTokens,
+        {
+          connectionId,
+          accessToken: refreshed.access_token,
+          refreshToken: refreshed.refresh_token,
+          expiresAt: refreshed.expires_at,
+        },
+      );
+    }
+
+    // 4. Sync all data types
+    const result = await ctx.runAction(api.strava.public.syncAllTypes, {
+      accessToken,
+      connectionId,
+      userId: args.userId,
+      after: args.after,
+    });
+
+    // 5. Update lastDataUpdate timestamp
+    await ctx.runMutation(
+      api.public.updateConnection,
+      {
+        connectionId,
+        lastDataUpdate: new Date().toISOString(),
+      },
+    );
+
+    return { data: { synced: result.data.synced }, errors: result.errors };
+  },
+});
+
+// ─── Sync Engine ────────────────────────────────────────────────────────────
+
+/**
+ * Fetch and ingest all Strava data types for a connected user.
+ *
+ * Called by syncStrava after obtaining a valid access token.
+ */
+export const syncAllTypes = action({
+  args: {
+    accessToken: v.string(),
+    connectionId: v.id("connections"),
+    userId: v.string(),
+    after: v.optional(v.number()),
+    before: v.optional(v.number()),
+  },
+  handler: async (ctx, args) => {
+    const { accessToken, connectionId, userId } = args;
+    const client = createStravaClient(accessToken);
+
+    const synced = { athletes: 0, activities: 0 };
+    const errors: Array<{ type: string; id: string; message: string }> = [];
+
+    // ── Athlete ──────────────────────────────────────────────────────────
+    try {
+      const { data: athlete, error } = await getLoggedInAthlete({ client });
+      if (error || !athlete) throw new Error(error ? JSON.stringify(error) : "No athlete data");
+      const data = transformAthlete(athlete);
+      await ctx.runMutation(api.public.ingestAthlete, {
+        connectionId,
+        userId,
+        ...data,
+      } as never);
+      synced.athletes++;
+    } catch (err) {
+      errors.push({
+        type: "athlete",
+        id: "fetch",
+        message: err instanceof Error ? err.message : String(err),
+      });
+    }
+
+    // ── Activities ───────────────────────────────────────────────────────
+    try {
+      const summaries = await listAllActivities(client, {
+        after: args.after,
+        before: args.before,
+      });
+      for (const summary of summaries) {
+        if (summary.id == null) continue;
+        try {
+          const { data: detailed, error: detailError } = await getActivityById({ client, path: { id: summary.id } });
+          if (detailError || !detailed) throw new Error(detailError ? JSON.stringify(detailError) : "No activity data");
+
+          const { data: streams } = await getActivityStreams({
+            client,
+            path: { id: summary.id },
+            query: {
+              keys: ["time", "heartrate", "watts", "cadence", "latlng", "altitude", "velocity_smooth", "grade_smooth", "distance", "temp"],
+              key_by_type: true,
+            },
+          });
+
+          const data = transformActivity(detailed, { streams: streams ?? undefined });
+          await ctx.runMutation(api.public.ingestActivity, {
+            connectionId,
+            userId,
+            ...data,
+          } as never);
+          synced.activities++;
+        } catch (err) {
+          errors.push({
+            type: "activity",
+            id: String(summary.id),
+            message: err instanceof Error ? err.message : String(err),
+          });
+        }
+      }
+    } catch (err) {
+      errors.push({
+        type: "activity",
+        id: "fetch",
+        message: err instanceof Error ? err.message : String(err),
+      });
+    }
+
+    return { data: { synced }, errors };
+  },
+});
+
+// ─── Disconnect ─────────────────────────────────────────────────────────────
+
+/**
+ * Disconnect a user from Strava.
+ *
+ * Revokes the token at Strava (best-effort), deletes stored tokens,
+ * and sets the connection to inactive.
+ */
+export const disconnectStrava = action({
+  args: {
+    userId: v.string(),
+    clientId: v.string(),
+    clientSecret: v.string(),
+  },
+  returns: v.null(),
+  handler: async (ctx, args) => {
+    // 1. Look up connection
+    const connection: Doc<"connections"> | null = await ctx.runQuery(
+      internal.private.getConnectionByProvider,
+      { userId: args.userId, provider: "STRAVA" },
+    );
+    if (!connection) {
+      throw new Error(
+        `No Strava connection found for user "${args.userId}".`,
+      );
+    }
+
+    const connectionId = connection._id;
+
+    // 2. Revoke token at Strava (best-effort, don't fail if it errors)
+    const tokenDoc: Doc<"providerTokens"> | null = await ctx.runQuery(
+      internal.strava.private.getTokens,
+      { connectionId },
+    );
+    if (tokenDoc) {
+      try {
+        await fetch("https://www.strava.com/oauth/deauthorize", {
+          method: "POST",
+          headers: { "Content-Type": "application/x-www-form-urlencoded" },
+          body: `access_token=${tokenDoc.accessToken}`,
+        });
+      } catch {
+        // Deauthorization is best-effort — clean up locally regardless
+      }
+
+      // 3. Delete stored tokens
+      const _deleted: null = await ctx.runMutation(
+        internal.strava.private.deleteTokens,
+        { connectionId },
+      );
+    }
+
+    // 4. Set connection inactive
+    const _disconnected: null = await ctx.runMutation(api.public.disconnect, {
+      userId: args.userId,
+      provider: "STRAVA",
+    });
+
+    return null;
+  },
+});