@nuraly/lumenjs 0.1.3 → 0.1.4

package/dist/cli.js

@@ -9,19 +9,32 @@ function getArg(name) {
     return undefined;
 }
 const USAGE = `Usage:
-  lumenjs dev   [--project <dir>] [--port <port>] [--base <path>] [--editor-mode]
-  lumenjs build [--project <dir>] [--out <dir>]
-  lumenjs serve [--project <dir>] [--port <port>]
-  lumenjs add   <integration>`;
-if (!command || !['dev', 'build', 'serve', 'add'].includes(command)) {
+  lumenjs create <name> [--template <default|blog|dashboard|social>]
+  lumenjs dev    [--project <dir>] [--port <port>] [--base <path>] [--editor-mode]
+  lumenjs build  [--project <dir>] [--out <dir>]
+  lumenjs serve  [--project <dir>] [--port <port>]
+  lumenjs add    <integration>
+  lumenjs db seed [--force] [--project <dir>]`;
+if (!command || !['create', 'dev', 'build', 'serve', 'add', 'db'].includes(command)) {
     console.error(USAGE);
     process.exit(1);
 }
 const projectDir = path.resolve(getArg('project') || '.');
 async function main() {
-    if (command === 'dev') {
+    if (command === 'create') {
+        const { createProject } = await import('./create.js');
+        const name = args[1];
+        const template = getArg('template') || 'default';
+        await createProject(name, template);
+        return;
+    }
+    else if (command === 'dev') {
         const { createDevServer } = await import('./dev-server/server.js');
         const port = parseInt(getArg('port') || '3000', 10);
+        if (isNaN(port) || port < 1 || port > 65535) {
+            console.error(`Invalid port number. Must be between 1 and 65535.`);
+            process.exit(1);
+        }
         const editorMode = args.includes('--editor-mode');
         const base = getArg('base') || '/';
         console.log(`[LumenJS] Starting dev server...`);
@@ -53,11 +66,29 @@ async function main() {
     else if (command === 'serve') {
         const { serveProject } = await import('./build/serve.js');
         const port = parseInt(getArg('port') || '3000', 10);
+        if (isNaN(port) || port < 1 || port > 65535) {
+            console.error(`Invalid port number. Must be between 1 and 65535.`);
+            process.exit(1);
+        }
         console.log(`[LumenJS] Starting production server...`);
         console.log(`  Project: ${projectDir}`);
         console.log(`  Port: ${port}`);
         await serveProject({ projectDir, port });
     }
+    else if (command === 'db') {
+        const subcommand = args[1];
+        if (subcommand === 'seed') {
+            const { setProjectDir } = await import('./db/context.js');
+            const { runSeed } = await import('./db/seed.js');
+            setProjectDir(projectDir);
+            const force = args.includes('--force');
+            await runSeed(projectDir, force);
+        }
+        else {
+            console.error(`Unknown db subcommand: ${subcommand}\n\n${USAGE}`);
+            process.exit(1);
+        }
+    }
 }
 main().catch(err => {
     console.error('[LumenJS] Failed to start:', err);

package/dist/communication/encryption.d.ts

@@ -0,0 +1,35 @@
+import type { KeyBundle, EncryptedEnvelope } from './types.js';
+import type { CommunicationStore } from './store.js';
+import type { LumenDb } from '../db/index.js';
+/** Context for encryption handlers */
+export interface EncryptionContext {
+    userId: string;
+    store: CommunicationStore;
+    /** Emit data to the current socket */
+    push: (data: any) => void;
+    /** Emit to a specific user's sockets */
+    emitToUser: (targetUserId: string, data: any) => void;
+    /** LumenJS database instance (optional) */
+    db?: LumenDb;
+}
+/**
+ * Handle a client uploading their public key bundle.
+ * Server stores the bundle — it never sees private keys.
+ */
+export declare function handleUploadKeys(ctx: EncryptionContext, data: KeyBundle): Promise<void>;
+/**
+ * Handle a client requesting another user's key bundle for session setup.
+ * Pops one one-time pre-key (consumed once).
+ */
+export declare function handleRequestKeys(ctx: EncryptionContext, data: {
+    recipientId: string;
+}): Promise<void>;
+/**
+ * Relay a session initialization message to the recipient.
+ * The server never reads the envelope — just forwards it.
+ */
+export declare function handleSessionInit(ctx: EncryptionContext, data: {
+    recipientId: string;
+    sessionId: string;
+    envelope: EncryptedEnvelope;
+}): void;

package/dist/communication/encryption.js

@@ -0,0 +1,90 @@
+// ── Key Upload ──────────────────────────────────────────────────
+/**
+ * Handle a client uploading their public key bundle.
+ * Server stores the bundle — it never sees private keys.
+ */
+export async function handleUploadKeys(ctx, data) {
+    // Ensure the bundle belongs to the sender
+    const bundle = {
+        ...data,
+        userId: ctx.userId,
+        uploadedAt: new Date().toISOString(),
+    };
+    // Store in memory
+    ctx.store.setKeyBundle(ctx.userId, bundle);
+    // Persist to DB if available
+    if (ctx.db) {
+        await ctx.db.run(`INSERT OR REPLACE INTO encryption_keys (user_id, identity_key, signed_pre_key_id, signed_pre_key, signed_pre_key_signature, uploaded_at)
+       VALUES (?, ?, ?, ?, ?, ?)`, ctx.userId, bundle.identityKey, bundle.signedPreKey.keyId, bundle.signedPreKey.publicKey, bundle.signedPreKeySignature, bundle.uploadedAt);
+        // Replace one-time pre-keys
+        await ctx.db.run(`DELETE FROM encryption_prekeys WHERE user_id = ?`, ctx.userId);
+        for (const otk of bundle.oneTimePreKeys) {
+            await ctx.db.run(`INSERT INTO encryption_prekeys (user_id, key_id, public_key) VALUES (?, ?, ?)`, ctx.userId, otk.keyId, otk.publicKey);
+        }
+    }
+    ctx.push({ event: 'encryption:keys-uploaded', data: { userId: ctx.userId, keyCount: bundle.oneTimePreKeys.length } });
+}
+// ── Key Request ─────────────────────────────────────────────────
+/**
+ * Handle a client requesting another user's key bundle for session setup.
+ * Pops one one-time pre-key (consumed once).
+ */
+export async function handleRequestKeys(ctx, data) {
+    let bundle = ctx.store.getKeyBundle(data.recipientId);
+    // Try loading from DB if not in memory
+    if (!bundle && ctx.db) {
+        const row = await ctx.db.get(`SELECT * FROM encryption_keys WHERE user_id = ?`, data.recipientId);
+        if (row) {
+            const prekeys = await ctx.db.all(`SELECT key_id, public_key FROM encryption_prekeys WHERE user_id = ? ORDER BY key_id`, data.recipientId);
+            bundle = {
+                userId: data.recipientId,
+                identityKey: row.identity_key,
+                signedPreKey: { keyId: row.signed_pre_key_id, publicKey: row.signed_pre_key },
+                signedPreKeySignature: row.signed_pre_key_signature,
+                oneTimePreKeys: prekeys.map((pk) => ({ keyId: pk.key_id, publicKey: pk.public_key })),
+                uploadedAt: row.uploaded_at,
+            };
+            ctx.store.setKeyBundle(data.recipientId, bundle);
+        }
+    }
+    if (!bundle) {
+        ctx.push({ event: 'encryption:keys-response', data: { error: 'no_keys', recipientId: data.recipientId } });
+        return;
+    }
+    // Pop one one-time pre-key (consumed once per session)
+    const oneTimePreKey = ctx.store.popOneTimePreKey(data.recipientId);
+    // Remove from DB too
+    if (oneTimePreKey && ctx.db) {
+        await ctx.db.run(`DELETE FROM encryption_prekeys WHERE user_id = ? AND key_id = ?`, data.recipientId, oneTimePreKey.keyId);
+    }
+    const response = {
+        recipientId: data.recipientId,
+        identityKey: bundle.identityKey,
+        signedPreKey: bundle.signedPreKey,
+        signedPreKeySignature: bundle.signedPreKeySignature,
+        oneTimePreKey,
+    };
+    ctx.push({ event: 'encryption:keys-response', data: response });
+    // Notify recipient if their one-time pre-keys are depleted
+    if (ctx.store.getOneTimePreKeyCount(data.recipientId) === 0) {
+        ctx.emitToUser(data.recipientId, {
+            event: 'encryption:keys-depleted',
+            data: { userId: data.recipientId },
+        });
+    }
+}
+// ── Session Init Relay ──────────────────────────────────────────
+/**
+ * Relay a session initialization message to the recipient.
+ * The server never reads the envelope — just forwards it.
+ */
+export function handleSessionInit(ctx, data) {
+    ctx.emitToUser(data.recipientId, {
+        event: 'encryption:session-init',
+        data: {
+            senderId: ctx.userId,
+            sessionId: data.sessionId,
+            envelope: data.envelope,
+        },
+    });
+}

package/dist/communication/handlers/context.d.ts

@@ -0,0 +1,27 @@
+import type { CommunicationConfig } from '../types.js';
+import type { CommunicationStore } from '../store.js';
+import type { LumenDb } from '../../db/index.js';
+import type { StorageAdapter } from '../../storage/adapters/types.js';
+/** Context passed to every handler from the socket connection */
+export interface HandlerContext {
+    userId: string;
+    store: CommunicationStore;
+    /** Resolved communication config */
+    config: CommunicationConfig;
+    /** Emit data to the current socket */
+    push: (data: any) => void;
+    /** Broadcast to all sockets in a room */
+    broadcastAll: (room: string, data: any) => void;
+    /** Broadcast to all sockets in a room except the sender */
+    broadcast: (room: string, data: any) => void;
+    /** Join a socket room */
+    joinRoom: (room: string) => void;
+    /** Leave a socket room */
+    leaveRoom: (room: string) => void;
+    /** Emit data to all sockets for a specific user */
+    emitToUser?: (userId: string, data: any) => void;
+    /** LumenJS database instance (optional — only if app has DB set up) */
+    db?: LumenDb;
+    /** Storage adapter for file uploads (optional — only if storage is configured) */
+    storage?: StorageAdapter;
+}

package/dist/communication/handlers/context.js

@@ -0,0 +1 @@
+export {};

package/dist/communication/handlers/conversation.d.ts

@@ -0,0 +1,24 @@
+import type { HandlerContext } from './context.js';
+export declare function handleConversationCreate(ctx: HandlerContext, data: {
+    type: 'direct' | 'group';
+    name?: string;
+    participantIds: string[];
+}): Promise<void>;
+export declare function handleConversationJoin(ctx: HandlerContext, data: {
+    conversationId: string;
+}): Promise<void>;
+export declare function handleConversationLeave(ctx: HandlerContext, data: {
+    conversationId: string;
+}): void;
+export declare function handleConversationArchive(ctx: HandlerContext, data: {
+    conversationId: string;
+    archived: boolean;
+}): Promise<void>;
+export declare function handleConversationMute(ctx: HandlerContext, data: {
+    conversationId: string;
+    muted: boolean;
+}): Promise<void>;
+export declare function handleConversationPin(ctx: HandlerContext, data: {
+    conversationId: string;
+    pinned: boolean;
+}): Promise<void>;

package/dist/communication/handlers/conversation.js

@@ -0,0 +1,113 @@
+// ── Conversation ────────────────────────────────────────────────
+export async function handleConversationCreate(ctx, data) {
+    const now = new Date().toISOString();
+    let conversation;
+    if (ctx.db) {
+        const convId = crypto.randomUUID();
+        await ctx.db.run(`INSERT INTO conversations (id, type, name, created_at, updated_at) VALUES (?, ?, ?, ?, ?)`, convId, data.type, data.name || null, now, now);
+        // Add the creator as a participant with 'owner' role
+        const allParticipantIds = [ctx.userId, ...data.participantIds.filter(id => id !== ctx.userId)];
+        for (const uid of allParticipantIds) {
+            const role = uid === ctx.userId ? 'owner' : 'member';
+            await ctx.db.run(`INSERT INTO conversation_participants (conversation_id, user_id, role, joined_at) VALUES (?, ?, ?, ?)`, convId, uid, role, now);
+        }
+        conversation = {
+            id: convId,
+            type: data.type,
+            name: data.name,
+            participants: allParticipantIds.map(uid => ({
+                userId: uid,
+                displayName: '',
+                role: uid === ctx.userId ? 'owner' : 'member',
+                joinedAt: now,
+                presence: ctx.store.getPresence(uid)?.status || 'offline',
+            })),
+            createdAt: now,
+            updatedAt: now,
+            unreadCount: 0,
+        };
+    }
+    else {
+        const allParticipantIds = [ctx.userId, ...data.participantIds.filter(id => id !== ctx.userId)];
+        conversation = {
+            id: crypto.randomUUID(),
+            type: data.type,
+            name: data.name,
+            participants: allParticipantIds.map(uid => ({
+                userId: uid,
+                displayName: '',
+                role: uid === ctx.userId ? 'owner' : 'member',
+                joinedAt: now,
+                presence: ctx.store.getPresence(uid)?.status || 'offline',
+            })),
+            createdAt: now,
+            updatedAt: now,
+            unreadCount: 0,
+        };
+    }
+    // Auto-join the creator to the conversation room
+    ctx.joinRoom(`conv:${conversation.id}`);
+    // Notify the creator
+    ctx.push({ event: 'conversation:new', data: conversation });
+    // Notify other participants (they haven't joined the room yet)
+    if (ctx.emitToUser) {
+        for (const uid of data.participantIds) {
+            if (uid !== ctx.userId) {
+                ctx.emitToUser(uid, { event: 'conversation:new', data: conversation });
+            }
+        }
+    }
+}
+export async function handleConversationJoin(ctx, data) {
+    // Verify the user is an actual participant of this conversation
+    if (ctx.db) {
+        const row = await ctx.db.get('SELECT 1 FROM conversation_participants WHERE conversation_id = ? AND user_id = ?', data.conversationId, ctx.userId);
+        if (!row) {
+            ctx.push({ event: 'error', data: { code: 'FORBIDDEN', message: 'Not a participant of this conversation' } });
+            return;
+        }
+    }
+    ctx.joinRoom(`conv:${data.conversationId}`);
+    ctx.store.addConversationMember(data.conversationId, ctx.userId);
+    ctx.store.joinConversation(ctx.userId, data.conversationId);
+}
+export function handleConversationLeave(ctx, data) {
+    ctx.leaveRoom(`conv:${data.conversationId}`);
+    ctx.store.removeConversationMember(data.conversationId, ctx.userId);
+    ctx.store.leaveConversation(ctx.userId, data.conversationId);
+}
+export async function handleConversationArchive(ctx, data) {
+    // Verify the user is a participant
+    if (ctx.db) {
+        const row = await ctx.db.get('SELECT 1 FROM conversation_participants WHERE conversation_id = ? AND user_id = ?', data.conversationId, ctx.userId);
+        if (!row) {
+            ctx.push({ event: 'error', data: { code: 'FORBIDDEN', message: 'Not a participant of this conversation' } });
+            return;
+        }
+        await ctx.db.run(`UPDATE conversations SET archived = ?, updated_at = ? WHERE id = ?`, data.archived ? 1 : 0, new Date().toISOString(), data.conversationId);
+    }
+    ctx.broadcastAll(`conv:${data.conversationId}`, {
+        event: 'conversation:updated',
+        data: { id: data.conversationId, archived: data.archived },
+    });
+}
+export async function handleConversationMute(ctx, data) {
+    if (ctx.db) {
+        await ctx.db.run(`UPDATE conversation_participants SET muted = ?, updated_at = ? WHERE conversation_id = ? AND user_id = ?`, data.muted ? 1 : 0, new Date().toISOString(), data.conversationId, ctx.userId);
+    }
+    // Only notify the requesting user — mute is per-user
+    ctx.push({
+        event: 'conversation:updated',
+        data: { id: data.conversationId, muted: data.muted },
+    });
+}
+export async function handleConversationPin(ctx, data) {
+    if (ctx.db) {
+        await ctx.db.run(`UPDATE conversation_participants SET pinned = ?, updated_at = ? WHERE conversation_id = ? AND user_id = ?`, data.pinned ? 1 : 0, new Date().toISOString(), data.conversationId, ctx.userId);
+    }
+    // Only notify the requesting user — pin is per-user
+    ctx.push({
+        event: 'conversation:updated',
+        data: { id: data.conversationId, pinned: data.pinned },
+    });
+}

package/dist/communication/handlers/file-upload.d.ts

@@ -0,0 +1,17 @@
+import type { HandlerContext } from './context.js';
+/**
+ * Handle a client requesting a presigned upload URL for a chat file attachment.
+ *
+ * E2E security model:
+ *   1. Client encrypts the file locally (AES-256-GCM with a random key).
+ *   2. This handler returns a presigned PUT URL — the server never sees the plaintext.
+ *   3. Client PUTs the encrypted blob directly to storage (S3 / local).
+ *   4. The file encryption key is included inside the Signal message envelope,
+ *      encrypted per-recipient. The server cannot decrypt either the file or the key.
+ */
+export declare function handleFileUploadRequest(ctx: HandlerContext, data: {
+    conversationId: string;
+    mimeType: string;
+    size: number;
+    fileName: string;
+}): Promise<void>;

package/dist/communication/handlers/file-upload.js

@@ -0,0 +1,62 @@
+// ── File Upload (Presigned URL) ──────────────────────────────────
+/**
+ * Handle a client requesting a presigned upload URL for a chat file attachment.
+ *
+ * E2E security model:
+ *   1. Client encrypts the file locally (AES-256-GCM with a random key).
+ *   2. This handler returns a presigned PUT URL — the server never sees the plaintext.
+ *   3. Client PUTs the encrypted blob directly to storage (S3 / local).
+ *   4. The file encryption key is included inside the Signal message envelope,
+ *      encrypted per-recipient. The server cannot decrypt either the file or the key.
+ */
+export async function handleFileUploadRequest(ctx, data) {
+    if (!ctx.storage) {
+        ctx.push({
+            event: 'file:upload-error',
+            data: { code: 'STORAGE_NOT_CONFIGURED', message: 'Storage is not configured on this server.' },
+        });
+        return;
+    }
+    // Validate against file upload config
+    if (ctx.config.fileUpload) {
+        const { maxFileSize, allowedMimeTypes } = ctx.config.fileUpload;
+        if (data.size > maxFileSize) {
+            ctx.push({
+                event: 'file:upload-error',
+                data: {
+                    code: 'FILE_TOO_LARGE',
+                    message: `File size ${data.size} exceeds maximum allowed size of ${maxFileSize} bytes.`,
+                },
+            });
+            return;
+        }
+        if (allowedMimeTypes && allowedMimeTypes.length > 0 && !allowedMimeTypes.includes(data.mimeType)) {
+            ctx.push({
+                event: 'file:upload-error',
+                data: {
+                    code: 'MIME_TYPE_NOT_ALLOWED',
+                    message: `MIME type '${data.mimeType}' is not allowed.`,
+                },
+            });
+            return;
+        }
+    }
+    // Generate a unique file key scoped to the conversation
+    const fileId = crypto.randomUUID();
+    const ext = data.fileName.includes('.') ? `.${data.fileName.split('.').pop()}` : '';
+    const key = `conversations/${data.conversationId}/${fileId}${ext}`;
+    const presigned = await ctx.storage.presignPut(key, {
+        mimeType: data.mimeType,
+        expiresIn: 300, // 5 minutes to complete the upload
+        maxSize: ctx.config.fileUpload?.maxFileSize,
+    });
+    ctx.push({
+        event: 'file:upload-ready',
+        data: {
+            fileId,
+            uploadUrl: presigned.uploadUrl,
+            key: presigned.key,
+            expiresAt: presigned.expiresAt,
+        },
+    });
+}

package/dist/communication/handlers/messaging.d.ts

@@ -0,0 +1,30 @@
+import type { Message, MessageAttachment, MessageForward, EncryptedEnvelope } from '../types.js';
+import type { HandlerContext } from './context.js';
+export declare function handleMessageSend(ctx: HandlerContext, data: {
+    conversationId: string;
+    content: string;
+    type: Message['type'];
+    replyTo?: string;
+    attachment?: MessageAttachment;
+    encrypted?: boolean;
+    envelope?: EncryptedEnvelope;
+}): Promise<void>;
+export declare function handleMessageRead(ctx: HandlerContext, data: {
+    conversationId: string;
+    messageId: string;
+}): Promise<void>;
+export declare function handleMessageReact(ctx: HandlerContext, data: {
+    messageId: string;
+    conversationId: string;
+    emoji: string;
+}): Promise<void>;
+export declare function handleMessageEdit(ctx: HandlerContext, data: {
+    messageId: string;
+    conversationId: string;
+    content: string;
+}): Promise<void>;
+export declare function handleMessageDelete(ctx: HandlerContext, data: {
+    messageId: string;
+    conversationId: string;
+}): Promise<void>;
+export declare function handleMessageForward(ctx: HandlerContext, data: MessageForward): Promise<void>;