npm - @playcademy/vite-plugin - Versions diffs - 0.0.1-beta.13 → 0.0.1-beta.14 - Mend

@playcademy/vite-plugin 0.0.1-beta.13 → 0.0.1-beta.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +116 -11
package/package.json +2 -2

package/dist/index.js CHANGED Viewed

@@ -94353,7 +94353,7 @@ var logger = (fn = console.log) => {
 };
 var package_default = {
   name: "@playcademy/sandbox",
-  version: "0.1.0-beta.9",
+  version: "0.1.0-beta.10",
   description: "Local development server for Playcademy game development",
   type: "module",
   exports: {
@@ -114581,7 +114581,10 @@ var SAMPLE_INVENTORY = [
 ];
 async function seedDemoData(db) {
   try {
-    await db.insert(users).values(DEMO_USER);
+    const allDemoUsers = Object.values(DEMO_USERS);
+    for (const user of allDemoUsers) {
+      await db.insert(users).values(user).onConflictDoNothing();
+    }
     for (const item of SAMPLE_ITEMS) {
       await db.insert(items).values(item);
     }
@@ -114740,19 +114743,65 @@ async function seedCurrentProjectGame(db, project) {
     throw error2;
   }
 }
+function extractTokenFromHeader(authHeader) {
+  if (!authHeader?.startsWith("Bearer ")) {
+    return null;
+  }
+  return authHeader.substring(7);
+}
+function parseJwtToken(token) {
+  try {
+    const parts2 = token.split(".");
+    if (parts2.length === 3 && parts2[1]) {
+      const payload = JSON.parse(atob(parts2[1]));
+      return payload.uid || null;
+    }
+  } catch (error2) {
+    console.warn("Failed to decode JWT token:", error2);
+  }
+  return null;
+}
+function resolveUserId(token) {
+  const demoUser = DEMO_TOKENS[token];
+  if (demoUser) {
+    return demoUser.id;
+  }
+  if (token.includes(".")) {
+    return parseJwtToken(token);
+  }
+  return null;
+}
+async function fetchUserFromDatabase(db, userId) {
+  try {
+    const user = await db.query.users.findFirst({
+      where: eq(users.id, userId)
+    });
+    return user || null;
+  } catch (error2) {
+    console.error("Error fetching user from database:", error2);
+    throw error2;
+  }
+}
 function setupAuth() {
   return async (c2, next) => {
     const authHeader = c2.req.header("Authorization");
-    if (authHeader?.startsWith("Bearer ")) {
-      const token = authHeader.substring(7);
-      const demoUser = DEMO_TOKENS[token];
-      if (demoUser) {
-        c2.set("user", demoUser);
-        await next();
-        return;
-      }
+    const token = extractTokenFromHeader(authHeader);
+    if (!token) {
+      throw new Error("No authorization token provided");
+    }
+    const targetUserId = resolveUserId(token);
+    if (!targetUserId) {
+      throw new Error("No user found for provided token");
+    }
+    const db = c2.get("db");
+    if (!db) {
+      throw new Error("Database not available in context");
     }
-    c2.set("user", DEMO_USERS.admin);
+    const user = await fetchUserFromDatabase(db, targetUserId);
+    if (!user) {
+      throw new Error(`User not found: ${targetUserId}`);
+    }
+    c2.set("user", user);
     await next();
   };
 }
@@ -114777,6 +114826,9 @@ class ApiError extends Error {
   static notFound(message = "Not found") {
     return new ApiError(404, "NOT_FOUND", message);
   }
+  static methodNotAllowed(message = "Method not allowed") {
+    return new ApiError(405, "METHOD_NOT_ALLOWED", message);
+  }
   static badRequest(message = "Bad request", details) {
     return new ApiError(400, "BAD_REQUEST", message, details);
   }
@@ -119723,6 +119775,10 @@ usersRouter.post("/xp/add", async (c2) => {
     return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
+usersRouter.all("/", async (c2) => {
+  const error2 = ApiError.methodNotAllowed("Method not allowed");
+  return c2.json(createErrorResponse(error2), 405);
+});
 var healthRouter = new Hono2;
 healthRouter.get("/", (c2) => c2.json({ status: "ok", timestamp: new Date().toISOString() }));
 async function getUserInventory(ctx) {
@@ -119926,6 +119982,10 @@ inventoryRouter.post("/remove", async (c2) => {
     return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
+inventoryRouter.all("/", async (c2) => {
+  const error2 = ApiError.methodNotAllowed("Method not allowed");
+  return c2.json(createErrorResponse(error2), 405);
+});
 function assertError(err2) {
   if (!isError(err2)) {
     throw new Error("Parameter was not an error");
@@ -123614,6 +123674,10 @@ gamesRouter.delete("/:gameId/items/:itemId/shop-listing", async (c2) => {
     return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
+gamesRouter.all("/", async (c2) => {
+  const error2 = ApiError.methodNotAllowed("Method not allowed");
+  return c2.json(createErrorResponse(error2), 405);
+});
 var manifestRouter = new Hono2;
 manifestRouter.get("/", async (c2) => {
   const baseUrl = new URL(c2.req.url).origin;
@@ -123740,6 +123804,10 @@ shopRouter.get("/view", async (c2) => {
     return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
+shopRouter.all("/view", async (c2) => {
+  const error2 = ApiError.methodNotAllowed("Method not allowed");
+  return c2.json(createErrorResponse(error2), 405);
+});
 var itemsRouter = new Hono2;
 itemsRouter.get("/resolve", async (c2) => {
   const ctx = {
@@ -123852,6 +123920,10 @@ itemsRouter.delete("/:itemId", async (c2) => {
     return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
+itemsRouter.all("/", async (c2) => {
+  const error2 = ApiError.methodNotAllowed("Method not allowed");
+  return c2.json(createErrorResponse(error2), 405);
+});
 async function listCurrencies(ctx) {
   const user = ctx.user;
   log2.debug("[API] listing currencies", { userId: user?.id || "anonymous" });
@@ -123882,6 +123954,9 @@ async function getCurrencyById(ctx) {
   if (!currencyId) {
     throw ApiError.badRequest("Missing currency ID");
   }
+  if (!isValidUUID(currencyId)) {
+    throw ApiError.unprocessableEntity("Invalid UUID format for currency ID");
+  }
   try {
     const db = getDatabase();
     const currency = await db.query.currencies.findFirst({
@@ -123953,6 +124028,9 @@ async function updateCurrency(ctx) {
   if (!currencyId) {
     throw ApiError.badRequest("Missing currency ID");
   }
+  if (!isValidUUID(currencyId)) {
+    throw ApiError.unprocessableEntity("Invalid UUID format for currency ID");
+  }
   let requestBody;
   try {
     requestBody = await ctx.request.json();
@@ -124003,6 +124081,9 @@ async function deleteCurrency(ctx) {
   if (!currencyId) {
     throw ApiError.badRequest("Missing currency ID");
   }
+  if (!isValidUUID(currencyId)) {
+    throw ApiError.unprocessableEntity("Invalid UUID format for currency ID");
+  }
   try {
     const db = getDatabase();
     const result = await db.delete(currencies).where(eq(currencies.id, currencyId)).returning({ id: currencies.id });
@@ -124110,6 +124191,10 @@ currenciesRouter.delete("/:currencyId", async (c2) => {
     return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
+currenciesRouter.all("/", async (c2) => {
+  const error2 = ApiError.methodNotAllowed("Method not allowed");
+  return c2.json(createErrorResponse(error2), 405);
+});
 async function getMapElements(ctx) {
   const user = ctx.user;
   if (!user) {
@@ -124215,6 +124300,10 @@ mapsRouter.get("/:identifier", async (c2) => {
     return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
+mapsRouter.all("/", async (c2) => {
+  const error2 = ApiError.methodNotAllowed("Method not allowed");
+  return c2.json(createErrorResponse(error2), 405);
+});
 async function createShopListing(ctx) {
   const user = ctx.user;
   if (!user || user.role !== "admin") {
@@ -124509,6 +124598,10 @@ shopListingsRouter.delete("/:listingId", async (c2) => {
     return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
+shopListingsRouter.all("/", async (c2) => {
+  const error2 = ApiError.methodNotAllowed("Method not allowed");
+  return c2.json(createErrorResponse(error2), 405);
+});
 async function applyForDeveloperStatus(ctx) {
   const user = ctx.user;
   log2.debug("[API] applying for developer status", {
@@ -124765,6 +124858,10 @@ devRouter.delete("/keys/:keyId", async (c2) => {
     return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
+devRouter.all("/", async (c2) => {
+  const error2 = ApiError.methodNotAllowed("Method not allowed");
+  return c2.json(createErrorResponse(error2), 405);
+});
 var levelsRouter = new Hono2;
 levelsRouter.get("/config", async (c2) => {
   const ctx = {
@@ -124802,6 +124899,10 @@ levelsRouter.get("/config/:level", async (c2) => {
     return c2.json(createUnknownErrorResponse(error2), 500);
   }
 });
+levelsRouter.all("/", async (c2) => {
+  const error2 = ApiError.methodNotAllowed("Method not allowed");
+  return c2.json(createErrorResponse(error2), 405);
+});
 async function startServer(options) {
   const { port, verbose = false, project, memoryOnly = false, seed = true } = options;
   const db = await setupDatabase(memoryOnly ? ":memory:" : undefined);
@@ -124815,6 +124916,10 @@ async function startServer(options) {
   app.use("*", cors({ origin: "*", credentials: true }));
   if (verbose)
     app.use("*", logger());
+  app.use("/api/*", async (c2, next) => {
+    c2.set("db", db);
+    await next();
+  });
   app.route("/health", healthRouter);
   app.route("/api", manifestRouter);
   app.use("/api/*", setupAuth());

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "@playcademy/vite-plugin",
-    "version": "0.0.1-beta.13",
+    "version": "0.0.1-beta.14",
     "type": "module",
     "exports": {
         ".": {
@@ -27,7 +27,7 @@
         "picocolors": "^1.1.1"
     },
     "devDependencies": {
-        "@playcademy/sandbox": "0.1.0-beta.9",
+        "@playcademy/sandbox": "0.1.0-beta.10",
         "@types/archiver": "^6.0.3",
         "@types/bun": "latest",
         "yocto-spinner": "^0.2.2"