@qwickapps/server 1.0.0 → 1.1.7

package/dist-ui/index.html

@@ -4,7 +4,7 @@
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>Control Panel</title>
-    <script type="module" crossorigin src="/assets/index-Bk7ypbI4.js"></script>
+    <script type="module" crossorigin src="/assets/index-CW1BviRn.js"></script>
     <link rel="stylesheet" crossorigin href="/assets/index-CiizQQnb.css">
   </head>
   <body>

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@qwickapps/server",
-  "version": "1.0.0",
+  "version": "1.1.7",
   "description": "Plugin-based application server framework for building websites, APIs, admin dashboards, and full-stack products",
   "type": "module",
   "main": "dist/index.js",
@@ -55,9 +55,13 @@
     "@types/cors": "^2.8.17",
     "@types/express": "^4.17.21",
     "@types/node": "^20.10.5",
+    "@types/pg": "^8.11.0",
     "@types/react": "^18.2.0",
+    "ioredis": "^5.4.0",
+    "pg": "^8.13.0",
     "@types/react-dom": "^18.2.0",
     "@vitejs/plugin-react": "^4.3.4",
+    "express-openid-connect": "^2.19.3",
     "react": "^18.2.0",
     "react-dom": "^18.2.0",
     "react-router-dom": "^6.30.1",
@@ -66,11 +70,23 @@
     "vitest": "^2.1.0"
   },
   "peerDependencies": {
-    "@qwickapps/react-framework": ">=1.0.0"
+    "@qwickapps/react-framework": ">=1.0.0",
+    "express-openid-connect": ">=2.0.0",
+    "ioredis": ">=5.0.0",
+    "pg": ">=8.0.0"
   },
   "peerDependenciesMeta": {
     "@qwickapps/react-framework": {
       "optional": true
+    },
+    "express-openid-connect": {
+      "optional": true
+    },
+    "ioredis": {
+      "optional": true
+    },
+    "pg": {
+      "optional": true
     }
   },
   "keywords": [

package/src/core/control-panel.ts

@@ -14,7 +14,8 @@ import { existsSync } from 'node:fs';
 import { fileURLToPath } from 'node:url';
 import { dirname, join } from 'node:path';
 import { HealthManager } from './health-manager.js';
-import { initializeLogging, getControlPanelLogger, getLoggingSubsystem, type LoggingConfig } from './logging.js';
+import { initializeLogging, getControlPanelLogger, type LoggingConfig } from './logging.js';
+import { createRouteGuard } from './guards.js';
 import type {
   ControlPanelConfig,
   ControlPanelPlugin,
@@ -94,35 +95,15 @@ export function createControlPanel(options: CreateControlPanelOptions): ControlP
   }
   app.use(compression());
 
-  // Basic auth middleware if configured
-  if (config.auth?.enabled && config.auth.provider === 'basic' && config.auth.users) {
-    app.use((req, res, next) => {
-      const authHeader = req.headers.authorization;
-      if (!authHeader || !authHeader.startsWith('Basic ')) {
-        res.set('WWW-Authenticate', 'Basic realm="Control Panel"');
-        return res.status(401).json({ error: 'Authentication required' });
-      }
-
-      const base64Credentials = authHeader.substring(6);
-      const credentials = Buffer.from(base64Credentials, 'base64').toString('utf-8');
-      const [username, password] = credentials.split(':');
-
-      const validUser = config.auth!.users!.find(
-        (u) => u.username === username && u.password === password
-      );
-
-      if (!validUser) {
-        return res.status(401).json({ error: 'Invalid credentials' });
-      }
-
-      next();
-    });
+  // Apply route guard if configured
+  if (config.guard && config.guard.type !== 'none') {
+    const guardMiddleware = createRouteGuard(config.guard);
+    app.use(guardMiddleware);
   }
 
-  // Custom auth middleware
-  if (config.auth?.enabled && config.auth.provider === 'custom' && config.auth.customMiddleware) {
-    app.use(config.auth.customMiddleware);
-  }
+  // Get mount path (defaults to /cpanel)
+  const mountPath = config.mountPath || '/cpanel';
+  const apiBasePath = mountPath === '/' ? '/api' : `${mountPath}/api`;
 
   // Request logging
   app.use((req, _res, next) => {
@@ -130,8 +111,8 @@ export function createControlPanel(options: CreateControlPanelOptions): ControlP
     next();
   });
 
-  // Mount router
-  app.use('/api', router);
+  // Mount router at the configured path
+  app.use(apiBasePath, router);
 
   // Built-in routes
 
@@ -173,7 +154,7 @@ export function createControlPanel(options: CreateControlPanelOptions): ControlP
   });
 
   /**
-   * Serve dashboard UI
+   * Serve dashboard UI at the configured mount path
    *
    * Priority:
    * 1. If useRichUI is true and dist-ui exists, serve React SPA
@@ -185,25 +166,33 @@ export function createControlPanel(options: CreateControlPanelOptions): ControlP
     const hasRichUI = existsSync(effectiveUiPath);
     const useRichUI = config.useRichUI !== false && hasRichUI;
 
-    logger.debug(`Dashboard config: __dirname=${__dirname}, effectiveUiPath=${effectiveUiPath}, hasRichUI=${hasRichUI}, useRichUI=${useRichUI}`);
+    logger.debug(`Dashboard config: mountPath=${mountPath}, effectiveUiPath=${effectiveUiPath}, hasRichUI=${hasRichUI}, useRichUI=${useRichUI}`);
 
     if (useRichUI) {
-      logger.info(`Serving rich React UI from ${effectiveUiPath}`);
-      // Serve static assets from dist-ui
-      app.use(express.static(effectiveUiPath));
-
-      // SPA fallback - serve index.html for all non-API routes
-      app.get('*', (req: Request, res: Response, next) => {
-        // Skip API routes (must check for /api/ with trailing slash to avoid matching /api-keys etc)
-        if (req.path.startsWith('/api/') || req.path === '/api') {
+      logger.debug(`Serving React UI from ${effectiveUiPath}`);
+      // Serve static assets from dist-ui at the mount path
+      app.use(mountPath, express.static(effectiveUiPath));
+
+      // SPA fallback - serve index.html for all non-API routes under the mount path
+      app.get(`${mountPath}/*`, (req: Request, res: Response, next) => {
+        // Skip API routes
+        if (req.path.startsWith(apiBasePath)) {
           return next();
         }
         res.sendFile(join(effectiveUiPath, 'index.html'));
       });
+
+      // Also serve the mount path root
+      if (mountPath !== '/') {
+        app.get(mountPath, (_req: Request, res: Response) => {
+          res.sendFile(join(effectiveUiPath, 'index.html'));
+        });
+      }
     } else {
-      logger.info('Serving basic HTML dashboard');
-      app.get('/', (_req: Request, res: Response) => {
-        const html = generateDashboardHtml(config, healthManager.getResults());
+      logger.debug(`Serving basic HTML dashboard`);
+      const dashboardPath = mountPath === '/' ? '/' : mountPath;
+      app.get(dashboardPath, (_req: Request, res: Response) => {
+        const html = generateDashboardHtml(config, healthManager.getResults(), mountPath);
         res.type('html').send(html);
       });
     }
@@ -220,7 +209,7 @@ export function createControlPanel(options: CreateControlPanelOptions): ControlP
 
   // Register plugin
   const registerPlugin = async (plugin: ControlPanelPlugin): Promise<void> => {
-    logger.info(`Registering plugin: ${plugin.name}`);
+    logger.debug(`Registering plugin: ${plugin.name}`);
 
     // Register routes
     if (plugin.routes) {
@@ -249,7 +238,7 @@ export function createControlPanel(options: CreateControlPanelOptions): ControlP
     }
 
     registeredPlugins.push(plugin);
-    logger.info(`Plugin registered: ${plugin.name}`);
+    logger.debug(`Plugin registered: ${plugin.name}`);
   };
 
   // Get diagnostics report
@@ -287,10 +276,7 @@ export function createControlPanel(options: CreateControlPanelOptions): ControlP
 
     return new Promise((resolve) => {
       server = app.listen(config.port, () => {
-        logger.info(`Control panel started on port ${config.port}`);
-        logger.info(`Dashboard: http://localhost:${config.port}`);
-        logger.info(`Health: http://localhost:${config.port}/api/health`);
-        logger.info(`Diagnostics: http://localhost:${config.port}/api/diagnostics`);
+        logger.info(`Control panel listening on port ${config.port}`);
         resolve();
       });
     });
@@ -334,8 +320,10 @@ export function createControlPanel(options: CreateControlPanelOptions): ControlP
  */
 function generateDashboardHtml(
   config: ControlPanelConfig,
-  health: Record<string, { status: string; latency?: number; lastChecked: Date }>
+  health: Record<string, { status: string; latency?: number; lastChecked: Date }>,
+  mountPath: string = '/cpanel'
 ): string {
+  const apiBasePath = mountPath === '/' ? '/api' : `${mountPath}/api`;
   const healthEntries = Object.entries(health);
   const overallStatus = healthEntries.every((e) => e[1].status === 'healthy')
     ? 'healthy'
@@ -478,9 +466,9 @@ function generateDashboardHtml(
 
     <div class="api-links">
       <strong>API:</strong>
-      <a href="/api/health">Health</a>
-      <a href="/api/info">Info</a>
-      <a href="/api/diagnostics">Diagnostics</a>
+      <a href="${apiBasePath}/health">Health</a>
+      <a href="${apiBasePath}/info">Info</a>
+      <a href="${apiBasePath}/diagnostics">Diagnostics</a>
     </div>
   </div>
 

package/src/core/gateway.ts

@@ -23,7 +23,6 @@ import type { ControlPanelConfig, ControlPanelPlugin, Logger } from './types.js'
 import { createControlPanel } from './control-panel.js';
 import { initializeLogging, getControlPanelLogger, type LoggingConfig } from './logging.js';
 import { createProxyMiddleware, type Options } from 'http-proxy-middleware';
-import { randomBytes } from 'crypto';
 import express from 'express';
 import { existsSync } from 'fs';
 import { resolve } from 'path';
@@ -56,31 +55,47 @@ export interface GatewayConfig {
   /** Quick links for the control panel */
   links?: ControlPanelConfig['links'];
 
-  /** Path to custom React UI dist folder */
+  /** Path to custom React UI dist folder for the control panel */
   customUiPath?: string;
 
   /**
-   * API paths to proxy to the internal service.
-   * Defaults to ['/api/v1'] if not specified.
-   * The gateway always proxies /health to the internal service.
+   * Mount path for the control panel.
+   * Defaults to '/cpanel'.
    */
-  proxyPaths?: string[];
+  controlPanelPath?: string;
 
   /**
-   * Authentication mode for the control panel (not the API).
-   * - 'none': No authentication (not recommended for production)
-   * - 'basic': HTTP Basic Auth with username/password
-   * - 'auto': Auto-generate password on startup (default)
+   * Route guard for the control panel.
+   * Defaults to auto-generated basic auth.
    */
-  authMode?: 'none' | 'basic' | 'auto';
+  controlPanelGuard?: ControlPanelConfig['guard'];
 
-  /** Basic auth username (defaults to 'admin') */
-  basicAuthUser?: string;
+  /**
+   * Frontend app configuration for the root path (/).
+   * If not provided, root path is not handled by the gateway.
+   */
+  frontendApp?: {
+    /** Redirect to another URL */
+    redirectUrl?: string;
+    /** Path to static files to serve */
+    staticPath?: string;
+    /** Landing page configuration */
+    landingPage?: {
+      title: string;
+      heading?: string;
+      description?: string;
+      links?: Array<{ label: string; url: string }>;
+    };
+  };
 
-  /** Basic auth password (required if authMode is 'basic') */
-  basicAuthPassword?: string;
+  /**
+   * API paths to proxy to the internal service.
+   * Defaults to ['/api/v1'] if not specified.
+   * The gateway always proxies /health to the internal service.
+   */
+  proxyPaths?: string[];
 
-  /** Logger instance (deprecated: use logging config instead) */
+  /** Logger instance */
   logger?: Logger;
 
   /** Logging configuration */
@@ -131,63 +146,106 @@ export interface GatewayInstance {
 
 
 /**
- * Basic auth middleware for gateway protection (control panel only)
- * - Skips localhost requests
- * - Skips API routes (/api/v1/*) - they have their own service auth
- * - Skips health endpoints - these should be public
- * - Requires valid credentials for non-localhost control panel access
+ * Generate landing page HTML for the frontend app
  */
-function createBasicAuthMiddleware(
-  username: string,
-  password: string,
-  apiPaths: string[]
-) {
-  const expectedAuth = `Basic ${Buffer.from(`${username}:${password}`).toString('base64')}`;
-
-  return (req: Request, res: Response, next: NextFunction) => {
-    const path = req.path;
-
-    // Skip auth for API routes - they use their own authentication
-    for (const apiPath of apiPaths) {
-      if (path.startsWith(apiPath)) {
-        return next();
-      }
+function generateLandingPageHtml(
+  config: NonNullable<GatewayConfig['frontendApp']>['landingPage'],
+  controlPanelPath: string
+): string {
+  if (!config) return '';
+
+  const primaryColor = '#6366f1';
+
+  const links = config.links || [
+    { label: 'Control Panel', url: controlPanelPath },
+  ];
+
+  const linksHtml = links
+    .map(
+      (link) =>
+        `<a href="${link.url}" class="link">${link.label}</a>`
+    )
+    .join('');
+
+  return `<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>${config.title}</title>
+  <style>
+    * { margin: 0; padding: 0; box-sizing: border-box; }
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+      background: linear-gradient(135deg, #0f172a 0%, #1e293b 100%);
+      color: #e2e8f0;
+      min-height: 100vh;
+      display: flex;
+      align-items: center;
+      justify-content: center;
     }
-
-    // Skip auth for health endpoints - these should be publicly accessible
-    if (path === '/health' || path === '/api/health') {
-      return next();
+    .container {
+      text-align: center;
+      max-width: 600px;
+      padding: 2rem;
     }
-
-    // Allow localhost without auth
-    const remoteAddress = req.ip || req.socket?.remoteAddress || '';
-    const host = req.hostname || req.headers.host || '';
-    const isLocalhost =
-      host === 'localhost' ||
-      host === '127.0.0.1' ||
-      host.startsWith('localhost:') ||
-      host.startsWith('127.0.0.1:') ||
-      remoteAddress === '127.0.0.1' ||
-      remoteAddress === '::1' ||
-      remoteAddress === '::ffff:127.0.0.1';
-
-    if (isLocalhost) {
-      return next();
+    h1 {
+      font-size: 2.5rem;
+      color: ${primaryColor};
+      margin-bottom: 1rem;
     }
-
-    // Check for valid basic auth
-    const authHeader = req.headers.authorization;
-    if (authHeader === expectedAuth) {
-      return next();
+    p {
+      font-size: 1.125rem;
+      color: #94a3b8;
+      margin-bottom: 2rem;
+      line-height: 1.6;
     }
-
-    // Request authentication
-    res.setHeader('WWW-Authenticate', 'Basic realm="Control Panel"');
-    res.status(401).json({
-      error: 'Unauthorized',
-      message: 'Authentication required.',
-    });
-  };
+    .links {
+      display: flex;
+      flex-wrap: wrap;
+      gap: 1rem;
+      justify-content: center;
+    }
+    .link {
+      display: inline-block;
+      padding: 0.875rem 2rem;
+      background: ${primaryColor};
+      color: white;
+      text-decoration: none;
+      border-radius: 0.5rem;
+      font-weight: 500;
+      transition: all 0.2s;
+    }
+    .link:hover {
+      transform: translateY(-2px);
+      box-shadow: 0 10px 20px rgba(0,0,0,0.3);
+    }
+    .footer {
+      position: fixed;
+      bottom: 1rem;
+      left: 0;
+      right: 0;
+      text-align: center;
+      color: #64748b;
+      font-size: 0.875rem;
+    }
+    .footer a {
+      color: ${primaryColor};
+      text-decoration: none;
+    }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <h1>${config.heading || config.title}</h1>
+    ${config.description ? `<p>${config.description}</p>` : ''}
+    ${linksHtml ? `<div class="links">${linksHtml}</div>` : ''}
+  </div>
+  <div class="footer">
+    Powered by <a href="https://qwickapps.com" target="_blank">QwickApps</a>
+  </div>
+</body>
+</html>`;
 }
 
 /**
@@ -238,12 +296,11 @@ export function createGateway(
   const servicePort = config.servicePort || parseInt(process.env.SERVICE_PORT || '3100', 10);
   const nodeEnv = process.env.NODE_ENV || 'development';
 
-  // Auth configuration
-  const authMode = config.authMode || 'auto';
-  const basicAuthUser = config.basicAuthUser || process.env.BASIC_AUTH_USER || 'admin';
-  const providedPassword = config.basicAuthPassword || process.env.BASIC_AUTH_PASSWORD;
-  const basicAuthPassword = providedPassword || (authMode === 'auto' ? randomBytes(16).toString('base64url') : '');
-  const isPasswordAutoGenerated = !providedPassword && authMode === 'auto';
+  // Control panel mount path (defaults to /cpanel)
+  const controlPanelPath = config.controlPanelPath || '/cpanel';
+
+  // Guard configuration for control panel
+  const guardConfig = config.controlPanelGuard;
 
   // API paths to proxy
   const proxyPaths = config.proxyPaths || ['/api/v1'];
@@ -260,19 +317,18 @@ export function createGateway(
       cors: config.corsOrigins ? { origins: config.corsOrigins } : undefined,
       // Skip body parsing for proxied paths
       skipBodyParserPaths: [...proxyPaths, '/health'],
-      // Disable built-in dashboard if custom UI is provided
-      disableDashboard: !!config.customUiPath,
+      // Mount path for control panel
+      mountPath: controlPanelPath,
+      // Route guard
+      guard: guardConfig,
+      // Custom UI path
+      customUiPath: config.customUiPath,
       links: config.links,
     },
     plugins: config.plugins || [],
     logger,
   });
 
-  // Add basic auth middleware if enabled
-  if (authMode === 'basic' || authMode === 'auto') {
-    controlPanel.app.use(createBasicAuthMiddleware(basicAuthUser, basicAuthPassword, proxyPaths));
-  }
-
   // Setup proxy middleware for API paths
   const setupProxyMiddleware = () => {
     const target = `http://localhost:${servicePort}`;
@@ -325,18 +381,41 @@ export function createGateway(
     controlPanel.app.use(createProxyMiddleware(healthProxyOptions));
   };
 
-  // Serve custom React UI if provided
-  const setupCustomUI = () => {
-    if (config.customUiPath && existsSync(config.customUiPath)) {
-      logger.info(`Serving custom UI from ${config.customUiPath}`);
-      controlPanel.app.use(express.static(config.customUiPath));
-
-      // SPA fallback
-      controlPanel.app.get('*', (req, res, next) => {
-        if (req.path.startsWith('/api/') || req.path === '/api') {
-          return next();
-        }
-        res.sendFile(resolve(config.customUiPath!, 'index.html'));
+  // Setup frontend app at root path
+  const setupFrontendApp = () => {
+    if (!config.frontendApp) {
+      return;
+    }
+
+    const { redirectUrl, staticPath, landingPage } = config.frontendApp;
+
+    // Priority 1: Redirect
+    if (redirectUrl) {
+      logger.info(`Frontend app: Redirecting / to ${redirectUrl}`);
+      controlPanel.app.get('/', (_req, res) => {
+        res.redirect(redirectUrl);
+      });
+      return;
+    }
+
+    // Priority 2: Serve static files
+    if (staticPath && existsSync(staticPath)) {
+      logger.info(`Frontend app: Serving static files from ${staticPath}`);
+      controlPanel.app.use('/', express.static(staticPath));
+
+      // SPA fallback for root
+      controlPanel.app.get('/', (_req, res) => {
+        res.sendFile(resolve(staticPath, 'index.html'));
+      });
+      return;
+    }
+
+    // Priority 3: Landing page
+    if (landingPage) {
+      logger.info(`Frontend app: Serving landing page`);
+      controlPanel.app.get('/', (_req, res) => {
+        const html = generateLandingPageHtml(landingPage, controlPanelPath);
+        res.type('html').send(html);
       });
     }
   };
@@ -352,47 +431,37 @@ export function createGateway(
     // 2. Setup proxy middleware (after service is started)
     setupProxyMiddleware();
 
-    // 3. Setup custom UI (after proxy middleware)
-    setupCustomUI();
+    // 3. Setup frontend app at root path
+    setupFrontendApp();
 
     // 4. Start control panel gateway
     await controlPanel.start();
 
+    // Calculate API base path
+    const apiBasePath = controlPanelPath === '/' ? '/api' : `${controlPanelPath}/api`;
+
     // Log startup info
-    logger.info('');
-    logger.info('========================================');
-    logger.info(`  ${config.productName} Gateway`);
-    logger.info('========================================');
-    logger.info('');
-    logger.info(`  Gateway Port:  ${gatewayPort} (public)`);
-    logger.info(`  Service Port:  ${servicePort} (internal)`);
-    logger.info('');
-
-    if (authMode === 'basic' || authMode === 'auto') {
-      logger.info('  Control Panel Auth: HTTP Basic Auth');
-      logger.info('  ----------------------------------------');
-      logger.info(`    Username: ${basicAuthUser}`);
-      if (isPasswordAutoGenerated) {
-        logger.info(`    Password: ${basicAuthPassword}`);
-        logger.info('    (auto-generated, set BASIC_AUTH_PASSWORD to use a fixed password)');
-      } else {
-        logger.info('    Password: ********** (from environment)');
-      }
-      logger.info('  ----------------------------------------');
+    logger.info(`${config.productName} Gateway`);
+    logger.info(`Gateway Port:  ${gatewayPort} (public)`);
+    logger.info(`Service Port:  ${servicePort} (internal)`);
+    
+    if (guardConfig && guardConfig.type === 'basic') {
+      logger.info(`Control Panel Auth: HTTP Basic Auth - Username: ${guardConfig.username}`);
+    } else if (guardConfig && guardConfig.type !== 'none') {
+      logger.info(`Control Panel Auth: ${guardConfig.type}`);
     } else {
-      logger.info('  Control Panel Auth: None (not recommended)');
+      logger.info('Control Panel Auth: None (not recommended)');
     }
 
-    logger.info('');
-    logger.info('  Endpoints:');
-    logger.info(`    GET  /                    - Control Panel UI`);
-    logger.info(`    GET  /api/health          - Gateway health`);
-    logger.info(`    GET  /health              - Service health (proxied)`);
+    if (config.frontendApp) {
+      logger.info(`Frontend App: GET  /`);
+    }
+    logger.info(`Control Panel UI: GET ${controlPanelPath.padEnd(20)}`);
+    logger.info(`Gateway Health: GET ${apiBasePath}/health`);
+    logger.info(`Service Health: GET /health`);
     for (const apiPath of proxyPaths) {
-      logger.info(`    *    ${apiPath}/*             - Service API (proxied)`);
+      logger.info(`Service API: * ${apiPath}/*`);
     }
-    logger.info('========================================');
-    logger.info('');
   };
 
   const stop = async (): Promise<void> => {