npm - @playcademy/sandbox - Versions diffs - 0.1.0-beta.10 → 0.1.0-beta.11 - Mend

@playcademy/sandbox 0.1.0-beta.10 → 0.1.0-beta.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/cli.js CHANGED Viewed

@@ -52810,7 +52810,7 @@ var logger = (fn = console.log) => {
 // package.json
 var package_default = {
   name: "@playcademy/sandbox",
-  version: "0.1.0-beta.9",
+  version: "0.1.0-beta.10",
   description: "Local development server for Playcademy game development",
   type: "module",
   exports: {
@@ -73167,7 +73167,10 @@ var SAMPLE_INVENTORY = [
 // src/database/seed.ts
 async function seedDemoData(db) {
   try {
-    await db.insert(users).values(DEMO_USER);
+    const allDemoUsers = Object.values(DEMO_USERS);
+    for (const user of allDemoUsers) {
+      await db.insert(users).values(user).onConflictDoNothing();
+    }
     for (const item of SAMPLE_ITEMS) {
       await db.insert(items).values(item);
     }
@@ -73328,19 +73331,65 @@ async function seedCurrentProjectGame(db, project) {
 }
 // src/lib/auth.ts
+function extractTokenFromHeader(authHeader) {
+  if (!authHeader?.startsWith("Bearer ")) {
+    return null;
+  }
+  return authHeader.substring(7);
+}
+function parseJwtToken(token) {
+  try {
+    const parts2 = token.split(".");
+    if (parts2.length === 3 && parts2[1]) {
+      const payload = JSON.parse(atob(parts2[1]));
+      return payload.uid || null;
+    }
+  } catch (error2) {
+    console.warn("Failed to decode JWT token:", error2);
+  }
+  return null;
+}
+function resolveUserId(token) {
+  const demoUser = DEMO_TOKENS[token];
+  if (demoUser) {
+    return demoUser.id;
+  }
+  if (token.includes(".")) {
+    return parseJwtToken(token);
+  }
+  return null;
+}
+async function fetchUserFromDatabase(db, userId) {
+  try {
+    const user = await db.query.users.findFirst({
+      where: eq(users.id, userId)
+    });
+    return user || null;
+  } catch (error2) {
+    console.error("Error fetching user from database:", error2);
+    throw error2;
+  }
+}
 function setupAuth() {
   return async (c2, next) => {
     const authHeader = c2.req.header("Authorization");
-    if (authHeader?.startsWith("Bearer ")) {
-      const token = authHeader.substring(7);
-      const demoUser = DEMO_TOKENS[token];
-      if (demoUser) {
-        c2.set("user", demoUser);
-        await next();
-        return;
-      }
+    const token = extractTokenFromHeader(authHeader);
+    if (!token) {
+      throw new Error("No authorization token provided");
+    }
+    const targetUserId = resolveUserId(token);
+    if (!targetUserId) {
+      throw new Error("No user found for provided token");
+    }
+    const db = c2.get("db");
+    if (!db) {
+      throw new Error("Database not available in context");
     }
-    c2.set("user", DEMO_USERS.admin);
+    const user = await fetchUserFromDatabase(db, targetUserId);
+    if (!user) {
+      throw new Error(`User not found: ${targetUserId}`);
+    }
+    c2.set("user", user);
     await next();
   };
 }
@@ -73366,6 +73415,9 @@ class ApiError extends Error {
   static notFound(message = "Not found") {
     return new ApiError(404, "NOT_FOUND", message);
   }
+  static methodNotAllowed(message = "Method not allowed") {
+    return new ApiError(405, "METHOD_NOT_ALLOWED", message);
+  }
   static badRequest(message = "Bad request", details) {
     return new ApiError(400, "BAD_REQUEST", message, details);
   }
@@ -78345,6 +78397,10 @@ usersRouter.post("/xp/add", async (c2) => {
     return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
+usersRouter.all("/", async (c2) => {
+  const error2 = ApiError.methodNotAllowed("Method not allowed");
+  return c2.json(createErrorResponse(error2), 405);
+});
 // src/routes/health.ts
 var healthRouter = new Hono2;
 healthRouter.get("/", (c2) => c2.json({ status: "ok", timestamp: new Date().toISOString() }));
@@ -78552,6 +78608,10 @@ inventoryRouter.post("/remove", async (c2) => {
     return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
+inventoryRouter.all("/", async (c2) => {
+  const error2 = ApiError.methodNotAllowed("Method not allowed");
+  return c2.json(createErrorResponse(error2), 405);
+});
 // ../../node_modules/ulidx/dist/node/index.js
 import crypto3 from "node:crypto";
@@ -82333,6 +82393,10 @@ gamesRouter.delete("/:gameId/items/:itemId/shop-listing", async (c2) => {
     return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
+gamesRouter.all("/", async (c2) => {
+  const error2 = ApiError.methodNotAllowed("Method not allowed");
+  return c2.json(createErrorResponse(error2), 405);
+});
 // src/routes/manifest.ts
 var manifestRouter = new Hono2;
 manifestRouter.get("/", async (c2) => {
@@ -82463,6 +82527,10 @@ shopRouter.get("/view", async (c2) => {
     return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
+shopRouter.all("/view", async (c2) => {
+  const error2 = ApiError.methodNotAllowed("Method not allowed");
+  return c2.json(createErrorResponse(error2), 405);
+});
 // src/routes/items.ts
 var itemsRouter = new Hono2;
 itemsRouter.get("/resolve", async (c2) => {
@@ -82576,6 +82644,10 @@ itemsRouter.delete("/:itemId", async (c2) => {
     return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
+itemsRouter.all("/", async (c2) => {
+  const error2 = ApiError.methodNotAllowed("Method not allowed");
+  return c2.json(createErrorResponse(error2), 405);
+});
 // ../api-core/src/currencies/index.ts
 async function listCurrencies(ctx) {
   const user = ctx.user;
@@ -82607,6 +82679,9 @@ async function getCurrencyById(ctx) {
   if (!currencyId) {
     throw ApiError.badRequest("Missing currency ID");
   }
+  if (!isValidUUID(currencyId)) {
+    throw ApiError.unprocessableEntity("Invalid UUID format for currency ID");
+  }
   try {
     const db = getDatabase();
     const currency = await db.query.currencies.findFirst({
@@ -82678,6 +82753,9 @@ async function updateCurrency(ctx) {
   if (!currencyId) {
     throw ApiError.badRequest("Missing currency ID");
   }
+  if (!isValidUUID(currencyId)) {
+    throw ApiError.unprocessableEntity("Invalid UUID format for currency ID");
+  }
   let requestBody;
   try {
     requestBody = await ctx.request.json();
@@ -82728,6 +82806,9 @@ async function deleteCurrency(ctx) {
   if (!currencyId) {
     throw ApiError.badRequest("Missing currency ID");
   }
+  if (!isValidUUID(currencyId)) {
+    throw ApiError.unprocessableEntity("Invalid UUID format for currency ID");
+  }
   try {
     const db = getDatabase();
     const result = await db.delete(currencies).where(eq(currencies.id, currencyId)).returning({ id: currencies.id });
@@ -82837,6 +82918,10 @@ currenciesRouter.delete("/:currencyId", async (c2) => {
     return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
+currenciesRouter.all("/", async (c2) => {
+  const error2 = ApiError.methodNotAllowed("Method not allowed");
+  return c2.json(createErrorResponse(error2), 405);
+});
 // ../api-core/src/maps/index.ts
 async function getMapElements(ctx) {
   const user = ctx.user;
@@ -82945,6 +83030,10 @@ mapsRouter.get("/:identifier", async (c2) => {
     return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
+mapsRouter.all("/", async (c2) => {
+  const error2 = ApiError.methodNotAllowed("Method not allowed");
+  return c2.json(createErrorResponse(error2), 405);
+});
 // ../api-core/src/shop-listings/index.ts
 async function createShopListing(ctx) {
   const user = ctx.user;
@@ -83242,6 +83331,10 @@ shopListingsRouter.delete("/:listingId", async (c2) => {
     return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
+shopListingsRouter.all("/", async (c2) => {
+  const error2 = ApiError.methodNotAllowed("Method not allowed");
+  return c2.json(createErrorResponse(error2), 405);
+});
 // ../api-core/src/dev/index.ts
 async function applyForDeveloperStatus(ctx) {
   const user = ctx.user;
@@ -83501,6 +83594,10 @@ devRouter.delete("/keys/:keyId", async (c2) => {
     return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
+devRouter.all("/", async (c2) => {
+  const error2 = ApiError.methodNotAllowed("Method not allowed");
+  return c2.json(createErrorResponse(error2), 405);
+});
 // src/routes/levels.ts
 var levelsRouter = new Hono2;
 levelsRouter.get("/config", async (c2) => {
@@ -83539,6 +83636,10 @@ levelsRouter.get("/config/:level", async (c2) => {
     return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
+levelsRouter.all("/", async (c2) => {
+  const error2 = ApiError.methodNotAllowed("Method not allowed");
+  return c2.json(createErrorResponse(error2), 405);
+});
 // src/server.ts
 async function startServer(options) {
   const { port, verbose = false, project, memoryOnly = false, seed = true } = options;
@@ -83553,6 +83654,10 @@ async function startServer(options) {
   app.use("*", cors({ origin: "*", credentials: true }));
   if (verbose)
     app.use("*", logger());
+  app.use("/api/*", async (c2, next) => {
+    c2.set("db", db);
+    await next();
+  });
   app.route("/health", healthRouter);
   app.route("/api", manifestRouter);
   app.use("/api/*", setupAuth());

package/dist/lib/auth.d.ts CHANGED Viewed

@@ -1,2 +1,5 @@
 import type { Context, Next } from 'hono';
+/**
+ * Setup authentication middleware for sandbox
+ */
 export declare function setupAuth(): (c: Context, next: Next) => Promise<void>;

package/dist/server.js CHANGED Viewed

@@ -50900,7 +50900,7 @@ var logger = (fn = console.log) => {
 // package.json
 var package_default = {
   name: "@playcademy/sandbox",
-  version: "0.1.0-beta.9",
+  version: "0.1.0-beta.10",
   description: "Local development server for Playcademy game development",
   type: "module",
   exports: {
@@ -71257,7 +71257,10 @@ var SAMPLE_INVENTORY = [
 // src/database/seed.ts
 async function seedDemoData(db) {
   try {
-    await db.insert(users).values(DEMO_USER);
+    const allDemoUsers = Object.values(DEMO_USERS);
+    for (const user of allDemoUsers) {
+      await db.insert(users).values(user).onConflictDoNothing();
+    }
     for (const item of SAMPLE_ITEMS) {
       await db.insert(items).values(item);
     }
@@ -71418,19 +71421,65 @@ async function seedCurrentProjectGame(db, project) {
 }
 // src/lib/auth.ts
+function extractTokenFromHeader(authHeader) {
+  if (!authHeader?.startsWith("Bearer ")) {
+    return null;
+  }
+  return authHeader.substring(7);
+}
+function parseJwtToken(token) {
+  try {
+    const parts2 = token.split(".");
+    if (parts2.length === 3 && parts2[1]) {
+      const payload = JSON.parse(atob(parts2[1]));
+      return payload.uid || null;
+    }
+  } catch (error2) {
+    console.warn("Failed to decode JWT token:", error2);
+  }
+  return null;
+}
+function resolveUserId(token) {
+  const demoUser = DEMO_TOKENS[token];
+  if (demoUser) {
+    return demoUser.id;
+  }
+  if (token.includes(".")) {
+    return parseJwtToken(token);
+  }
+  return null;
+}
+async function fetchUserFromDatabase(db, userId) {
+  try {
+    const user = await db.query.users.findFirst({
+      where: eq(users.id, userId)
+    });
+    return user || null;
+  } catch (error2) {
+    console.error("Error fetching user from database:", error2);
+    throw error2;
+  }
+}
 function setupAuth() {
   return async (c2, next) => {
     const authHeader = c2.req.header("Authorization");
-    if (authHeader?.startsWith("Bearer ")) {
-      const token = authHeader.substring(7);
-      const demoUser = DEMO_TOKENS[token];
-      if (demoUser) {
-        c2.set("user", demoUser);
-        await next();
-        return;
-      }
+    const token = extractTokenFromHeader(authHeader);
+    if (!token) {
+      throw new Error("No authorization token provided");
+    }
+    const targetUserId = resolveUserId(token);
+    if (!targetUserId) {
+      throw new Error("No user found for provided token");
+    }
+    const db = c2.get("db");
+    if (!db) {
+      throw new Error("Database not available in context");
     }
-    c2.set("user", DEMO_USERS.admin);
+    const user = await fetchUserFromDatabase(db, targetUserId);
+    if (!user) {
+      throw new Error(`User not found: ${targetUserId}`);
+    }
+    c2.set("user", user);
     await next();
   };
 }
@@ -71456,6 +71505,9 @@ class ApiError extends Error {
   static notFound(message = "Not found") {
     return new ApiError(404, "NOT_FOUND", message);
   }
+  static methodNotAllowed(message = "Method not allowed") {
+    return new ApiError(405, "METHOD_NOT_ALLOWED", message);
+  }
   static badRequest(message = "Bad request", details) {
     return new ApiError(400, "BAD_REQUEST", message, details);
   }
@@ -76435,6 +76487,10 @@ usersRouter.post("/xp/add", async (c2) => {
     return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
+usersRouter.all("/", async (c2) => {
+  const error2 = ApiError.methodNotAllowed("Method not allowed");
+  return c2.json(createErrorResponse(error2), 405);
+});
 // src/routes/health.ts
 var healthRouter = new Hono2;
 healthRouter.get("/", (c2) => c2.json({ status: "ok", timestamp: new Date().toISOString() }));
@@ -76642,6 +76698,10 @@ inventoryRouter.post("/remove", async (c2) => {
     return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
+inventoryRouter.all("/", async (c2) => {
+  const error2 = ApiError.methodNotAllowed("Method not allowed");
+  return c2.json(createErrorResponse(error2), 405);
+});
 // ../../node_modules/ulidx/dist/node/index.js
 import crypto3 from "node:crypto";
@@ -80423,6 +80483,10 @@ gamesRouter.delete("/:gameId/items/:itemId/shop-listing", async (c2) => {
     return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
+gamesRouter.all("/", async (c2) => {
+  const error2 = ApiError.methodNotAllowed("Method not allowed");
+  return c2.json(createErrorResponse(error2), 405);
+});
 // src/routes/manifest.ts
 var manifestRouter = new Hono2;
 manifestRouter.get("/", async (c2) => {
@@ -80553,6 +80617,10 @@ shopRouter.get("/view", async (c2) => {
     return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
+shopRouter.all("/view", async (c2) => {
+  const error2 = ApiError.methodNotAllowed("Method not allowed");
+  return c2.json(createErrorResponse(error2), 405);
+});
 // src/routes/items.ts
 var itemsRouter = new Hono2;
 itemsRouter.get("/resolve", async (c2) => {
@@ -80666,6 +80734,10 @@ itemsRouter.delete("/:itemId", async (c2) => {
     return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
+itemsRouter.all("/", async (c2) => {
+  const error2 = ApiError.methodNotAllowed("Method not allowed");
+  return c2.json(createErrorResponse(error2), 405);
+});
 // ../api-core/src/currencies/index.ts
 async function listCurrencies(ctx) {
   const user = ctx.user;
@@ -80697,6 +80769,9 @@ async function getCurrencyById(ctx) {
   if (!currencyId) {
     throw ApiError.badRequest("Missing currency ID");
   }
+  if (!isValidUUID(currencyId)) {
+    throw ApiError.unprocessableEntity("Invalid UUID format for currency ID");
+  }
   try {
     const db = getDatabase();
     const currency = await db.query.currencies.findFirst({
@@ -80768,6 +80843,9 @@ async function updateCurrency(ctx) {
   if (!currencyId) {
     throw ApiError.badRequest("Missing currency ID");
   }
+  if (!isValidUUID(currencyId)) {
+    throw ApiError.unprocessableEntity("Invalid UUID format for currency ID");
+  }
   let requestBody;
   try {
     requestBody = await ctx.request.json();
@@ -80818,6 +80896,9 @@ async function deleteCurrency(ctx) {
   if (!currencyId) {
     throw ApiError.badRequest("Missing currency ID");
   }
+  if (!isValidUUID(currencyId)) {
+    throw ApiError.unprocessableEntity("Invalid UUID format for currency ID");
+  }
   try {
     const db = getDatabase();
     const result = await db.delete(currencies).where(eq(currencies.id, currencyId)).returning({ id: currencies.id });
@@ -80927,6 +81008,10 @@ currenciesRouter.delete("/:currencyId", async (c2) => {
     return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
+currenciesRouter.all("/", async (c2) => {
+  const error2 = ApiError.methodNotAllowed("Method not allowed");
+  return c2.json(createErrorResponse(error2), 405);
+});
 // ../api-core/src/maps/index.ts
 async function getMapElements(ctx) {
   const user = ctx.user;
@@ -81035,6 +81120,10 @@ mapsRouter.get("/:identifier", async (c2) => {
     return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
+mapsRouter.all("/", async (c2) => {
+  const error2 = ApiError.methodNotAllowed("Method not allowed");
+  return c2.json(createErrorResponse(error2), 405);
+});
 // ../api-core/src/shop-listings/index.ts
 async function createShopListing(ctx) {
   const user = ctx.user;
@@ -81332,6 +81421,10 @@ shopListingsRouter.delete("/:listingId", async (c2) => {
     return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
+shopListingsRouter.all("/", async (c2) => {
+  const error2 = ApiError.methodNotAllowed("Method not allowed");
+  return c2.json(createErrorResponse(error2), 405);
+});
 // ../api-core/src/dev/index.ts
 async function applyForDeveloperStatus(ctx) {
   const user = ctx.user;
@@ -81591,6 +81684,10 @@ devRouter.delete("/keys/:keyId", async (c2) => {
     return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
+devRouter.all("/", async (c2) => {
+  const error2 = ApiError.methodNotAllowed("Method not allowed");
+  return c2.json(createErrorResponse(error2), 405);
+});
 // src/routes/levels.ts
 var levelsRouter = new Hono2;
 levelsRouter.get("/config", async (c2) => {
@@ -81629,6 +81726,10 @@ levelsRouter.get("/config/:level", async (c2) => {
     return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
+levelsRouter.all("/", async (c2) => {
+  const error2 = ApiError.methodNotAllowed("Method not allowed");
+  return c2.json(createErrorResponse(error2), 405);
+});
 // src/server.ts
 async function startServer(options) {
   const { port, verbose = false, project, memoryOnly = false, seed = true } = options;
@@ -81643,6 +81744,10 @@ async function startServer(options) {
   app.use("*", cors({ origin: "*", credentials: true }));
   if (verbose)
     app.use("*", logger());
+  app.use("/api/*", async (c2, next) => {
+    c2.set("db", db);
+    await next();
+  });
   app.route("/health", healthRouter);
   app.route("/api", manifestRouter);
   app.use("/api/*", setupAuth());

package/dist/types.d.ts CHANGED Viewed

@@ -1,7 +1,9 @@
 import type { User } from '@playcademy/data/types';
+import type { setupDatabase } from './database';
 export type HonoEnv = {
     Variables: {
         user: User | null;
+        db: Awaited<ReturnType<typeof setupDatabase>>;
     };
 };
 export interface ProjectInfo {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "@playcademy/sandbox",
-    "version": "0.1.0-beta.10",
+    "version": "0.1.0-beta.11",
     "description": "Local development server for Playcademy game development",
     "type": "module",
     "exports": {

package/dist/routes/admin.d.ts DELETED Viewed

	@@ -1 +0,0 @@
1	- export {};