@qwickapps/server 1.3.0 → 1.4.0

package/src/plugins/users/types.ts

@@ -207,3 +207,41 @@ export interface UsersPluginConfig {
   /** Enable debug logging */
   debug?: boolean;
 }
+
+/**
+ * Comprehensive user information aggregated from multiple plugins.
+ * Used by /users/:id/info and /users/sync endpoints.
+ */
+export interface UserInfo {
+  /** Core user data from users plugin */
+  user: User;
+  /** User's entitlements (if entitlements plugin loaded) */
+  entitlements?: string[];
+  /** User's preferences (if preferences plugin loaded) */
+  preferences?: Record<string, unknown>;
+  /** Active ban info (if bans plugin loaded, null if not banned) */
+  ban?: {
+    id: string;
+    reason: string;
+    banned_at: Date;
+    expires_at?: Date;
+  } | null;
+  /** User's roles (if roles plugin loaded - future) */
+  roles?: string[];
+}
+
+/**
+ * Input for POST /users/sync endpoint
+ */
+export interface UserSyncInput {
+  /** User's email address */
+  email: string;
+  /** External provider ID (e.g., Auth0 user_id) */
+  external_id: string;
+  /** Provider name (e.g., 'auth0', 'google') */
+  provider: string;
+  /** User's display name (optional) */
+  name?: string;
+  /** Profile picture URL (optional) */
+  picture?: string;
+}

package/src/plugins/users/users-plugin.ts

@@ -18,10 +18,18 @@ import type {
   CreateUserInput,
   UpdateUserInput,
   UserSearchParams,
+  UserInfo,
+  UserSyncInput,
 } from './types.js';
+// Import helpers from other plugins for buildUserInfo
+// Note: These imports are used dynamically based on registry.hasPlugin() checks
+import { getEntitlements } from '../entitlements/entitlements-plugin.js';
+import { getPreferences } from '../preferences/preferences-plugin.js';
+import { getActiveBan } from '../bans/bans-plugin.js';
 
 // Store instance for helper access
 let currentStore: UserStore | null = null;
+let currentRegistry: PluginRegistry | null = null;
 
 /**
  * Create the Users plugin
@@ -49,8 +57,9 @@ export function createUsersPlugin(config: UsersPluginConfig): Plugin {
       await config.store.initialize();
       log('Users plugin migrations complete');
 
-      // Store reference for helper access
+      // Store references for helper access
       currentStore = config.store;
+      currentRegistry = registry;
 
       // Register health check
       registry.registerHealthCheck({
@@ -191,6 +200,69 @@ export function createUsersPlugin(config: UsersPluginConfig): Plugin {
             }
           },
         });
+
+        // GET /users/:id/info - Get comprehensive user info
+        registry.addRoute({
+          method: 'get',
+          path: `${apiPrefix}/:id/info`,
+          pluginId: 'users',
+          handler: async (req: Request, res: Response) => {
+            try {
+              const user = await config.store.getById(req.params.id);
+              if (!user) {
+                return res.status(404).json({ error: 'User not found' });
+              }
+
+              const info = await buildUserInfo(user, registry);
+              res.json(info);
+            } catch (error) {
+              console.error('[UsersPlugin] Get user info error:', error);
+              res.status(500).json({ error: 'Failed to get user info' });
+            }
+          },
+        });
+
+        // POST /users/sync - Find or create user, return comprehensive info
+        registry.addRoute({
+          method: 'post',
+          path: `${apiPrefix}/sync`,
+          pluginId: 'users',
+          handler: async (req: Request, res: Response) => {
+            try {
+              const input = req.body as UserSyncInput;
+
+              // Normalize and validate email
+              const email = input.email?.trim().toLowerCase();
+              const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+              if (!email || !emailRegex.test(email)) {
+                return res.status(400).json({ error: 'Valid email is required' });
+              }
+
+              // Validate required fields
+              if (!input.external_id) {
+                return res.status(400).json({ error: 'external_id is required' });
+              }
+              if (!input.provider) {
+                return res.status(400).json({ error: 'provider is required' });
+              }
+
+              // Find or create user
+              const user = await findOrCreateUser({
+                email: email,
+                external_id: input.external_id,
+                provider: input.provider,
+                name: input.name?.trim(),
+                picture: input.picture?.trim(),
+              });
+
+              const info = await buildUserInfo(user, registry);
+              res.json(info);
+            } catch (error) {
+              console.error('[UsersPlugin] User sync error:', error);
+              res.status(500).json({ error: 'Failed to sync user' });
+            }
+          },
+        });
       }
 
       log('Users plugin started');
@@ -200,6 +272,7 @@ export function createUsersPlugin(config: UsersPluginConfig): Plugin {
       log('Stopping users plugin');
       await config.store.shutdown();
       currentStore = null;
+      currentRegistry = null;
       log('Users plugin stopped');
     },
   };
@@ -260,10 +333,7 @@ export async function findOrCreateUser(data: {
   // Try to find by email
   user = await currentStore.getByEmail(data.email);
   if (user) {
-    // Update with external ID if not set
-    if (!user.external_id) {
-      await currentStore.update(user.id, {});
-    }
+    // Note: external_id cannot be updated after user creation for security reasons
     await currentStore.updateLastLogin(user.id);
     return user;
   }
@@ -279,3 +349,70 @@ export async function findOrCreateUser(data: {
 
   return user;
 }
+
+/**
+ * Build comprehensive user info by aggregating data from all loaded plugins.
+ * This helper fetches data from entitlements, preferences, and bans plugins
+ * in parallel (if they are loaded) and returns a unified UserInfo object.
+ */
+export async function buildUserInfo(user: User, registry: PluginRegistry): Promise<UserInfo> {
+  const info: UserInfo = { user };
+
+  // Fetch data from other plugins in parallel
+  const promises: Promise<void>[] = [];
+
+  if (registry.hasPlugin('entitlements')) {
+    promises.push(
+      getEntitlements(user.email)
+        .then((result) => {
+          info.entitlements = result.entitlements;
+        })
+        .catch((error) => {
+          console.error('[UsersPlugin] Failed to fetch entitlements:', error);
+          // Continue without entitlements - don't fail the whole request
+        })
+    );
+  }
+
+  if (registry.hasPlugin('preferences')) {
+    promises.push(
+      getPreferences(user.id)
+        .then((prefs) => {
+          info.preferences = prefs;
+        })
+        .catch((error) => {
+          console.error('[UsersPlugin] Failed to fetch preferences:', error);
+          // Continue without preferences - don't fail the whole request
+        })
+    );
+  }
+
+  if (registry.hasPlugin('bans')) {
+    promises.push(
+      getActiveBan(user.id)
+        .then((ban) => {
+          // Transform Ban to UserInfo.ban shape (only include relevant fields)
+          info.ban = ban
+            ? {
+                id: ban.id,
+                reason: ban.reason,
+                banned_at: ban.banned_at,
+                expires_at: ban.expires_at,
+              }
+            : null;
+        })
+        .catch((error) => {
+          console.error('[UsersPlugin] Failed to fetch ban status:', error);
+          // Continue without ban info - don't fail the whole request
+        })
+    );
+  }
+
+  // Future: roles plugin
+  // if (registry.hasPlugin('roles')) {
+  //   promises.push(getUserRoles(user.id).then(roles => info.roles = roles));
+  // }
+
+  await Promise.all(promises);
+  return info;
+}

package/ui/src/App.tsx

@@ -3,12 +3,20 @@ import { BrowserRouter, Routes, Route } from 'react-router-dom';
 import { QwickApp, ProductLogo, Text } from '@qwickapps/react-framework';
 import { Link, Box } from '@mui/material';
 import { defaultConfig } from './config/AppConfig';
-import { DashboardWidgetProvider } from './dashboard';
+import {
+  DashboardWidgetProvider,
+  WidgetComponentRegistryProvider,
+  getBuiltInWidgetComponents,
+} from './dashboard';
 import { DashboardPage } from './pages/DashboardPage';
 import { LogsPage } from './pages/LogsPage';
 import { SystemPage } from './pages/SystemPage';
+import { PluginsPage } from './pages/PluginsPage';
 import { UsersPage } from './pages/UsersPage';
 import { EntitlementsPage } from './pages/EntitlementsPage';
+import { AuthPage } from './pages/AuthPage';
+import { RateLimitPage } from './pages/RateLimitPage';
+import { IntegrationsPage } from './pages/IntegrationsPage';
 import { PluginPage } from './pages/PluginPage';
 import { NotFoundPage } from './pages/NotFoundPage';
 import { api, type MenuContribution } from './api/controlPanelApi';
@@ -24,6 +32,7 @@ interface NavigationItem {
 // Core navigation items always shown
 const coreNavigationItems: NavigationItem[] = [
   { id: 'dashboard', label: 'Dashboard', route: '/', icon: 'dashboard' },
+  { id: 'plugins', label: 'Plugins', route: '/plugins', icon: 'extension' },
   { id: 'logs', label: 'Logs', route: '/logs', icon: 'article' },
   { id: 'system', label: 'System', route: '/system', icon: 'settings' },
 ];
@@ -34,7 +43,7 @@ const builtInPluginNavItems: Record<string, NavigationItem> = {
 };
 
 // Routes that have dedicated page components
-const dedicatedRoutes = new Set(['/', '/logs', '/system', '/users', '/entitlements']);
+const dedicatedRoutes = new Set(['/', '/plugins', '/logs', '/system', '/users', '/entitlements', '/auth', '/rate-limits', '/integrations']);
 
 // Package version - injected at build time or fallback
 const SERVER_VERSION = '1.0.0';
@@ -175,19 +184,21 @@ export function App() {
 
   return (
     <BrowserRouter basename={basePath || undefined}>
-      <DashboardWidgetProvider>
-        <QwickApp
-          config={defaultConfig}
-          logo={logo}
-          footerContent={footerContent}
-          enableScaffolding={true}
-          navigationItems={navigationItems}
-          showThemeSwitcher={true}
-          showPaletteSwitcher={true}
-        >
+      <WidgetComponentRegistryProvider initialComponents={getBuiltInWidgetComponents()}>
+        <DashboardWidgetProvider>
+          <QwickApp
+            config={defaultConfig}
+            logo={logo}
+            footerContent={footerContent}
+            enableScaffolding={true}
+            navigationItems={navigationItems}
+            showThemeSwitcher={true}
+            showPaletteSwitcher={true}
+          >
           <Routes>
             {/* Core routes */}
             <Route path="/" element={<DashboardPage />} />
+            <Route path="/plugins" element={<PluginsPage />} />
             <Route path="/logs" element={<LogsPage />} />
             <Route path="/system" element={<SystemPage />} />
 
@@ -198,6 +209,15 @@ export function App() {
             {registeredPlugins.has('entitlements') && (
               <Route path="/entitlements" element={<EntitlementsPage />} />
             )}
+            {registeredPlugins.has('auth') && (
+              <Route path="/auth" element={<AuthPage />} />
+            )}
+            {registeredPlugins.has('rate-limit') && (
+              <Route path="/rate-limits" element={<RateLimitPage />} />
+            )}
+            {registeredPlugins.has('ai-proxy') && (
+              <Route path="/integrations" element={<IntegrationsPage />} />
+            )}
 
             {/* Dynamic plugin routes - render generic PluginPage for non-dedicated routes */}
             {pluginMenuItems
@@ -212,8 +232,9 @@ export function App() {
 
             <Route path="*" element={<NotFoundPage />} />
           </Routes>
-        </QwickApp>
-      </DashboardWidgetProvider>
+          </QwickApp>
+        </DashboardWidgetProvider>
+      </WidgetComponentRegistryProvider>
     </BrowserRouter>
   );
 }

package/ui/src/api/controlPanelApi.ts

@@ -203,6 +203,180 @@ export interface UiContributionsResponse {
   plugins: Array<{ id: string; name: string; version?: string; status: string }>;
 }
 
+// ==================
+// Plugin Detail Types
+// ==================
+
+export interface ConfigContribution {
+  id: string;
+  component: string;
+  title?: string;
+  pluginId: string;
+}
+
+export interface PluginContributions {
+  routes: Array<{ method: string; path: string }>;
+  menuItems: MenuContribution[];
+  pages: PageContribution[];
+  widgets: WidgetContribution[];
+  config?: ConfigContribution;
+}
+
+export interface PluginInfo {
+  id: string;
+  name: string;
+  version?: string;
+  status: 'starting' | 'active' | 'stopped' | 'error';
+  error?: string;
+  contributionCounts: {
+    routes: number;
+    menuItems: number;
+    pages: number;
+    widgets: number;
+    hasConfig: boolean;
+  };
+}
+
+export interface PluginsResponse {
+  plugins: PluginInfo[];
+}
+
+export interface PluginDetailResponse {
+  id: string;
+  name: string;
+  version?: string;
+  status: 'starting' | 'active' | 'stopped' | 'error';
+  error?: string;
+  contributions: PluginContributions;
+}
+
+// ==================
+// Auth Config Types
+// ==================
+
+export type AuthPluginState = 'disabled' | 'enabled' | 'error';
+export type AuthAdapterType = 'auth0' | 'supabase' | 'supertokens' | 'basic';
+
+export interface AuthConfigStatus {
+  state: AuthPluginState;
+  adapter: string | null;
+  error?: string;
+  missingVars?: string[];
+  config?: Record<string, string>;
+  /** Runtime config from database (if available) */
+  runtimeConfig?: RuntimeAuthConfig;
+}
+
+export interface RuntimeAuthConfig {
+  adapter: AuthAdapterType | null;
+  config: {
+    auth0?: Auth0AdapterConfig;
+    supabase?: SupabaseAdapterConfig;
+    supertokens?: SupertokensAdapterConfig;
+    basic?: BasicAdapterConfig;
+  };
+  settings: {
+    authRequired?: boolean;
+    excludePaths?: string[];
+    debug?: boolean;
+  };
+  updatedAt: string;
+  updatedBy?: string;
+}
+
+export interface Auth0AdapterConfig {
+  domain: string;
+  clientId: string;
+  clientSecret: string;
+  baseUrl: string;
+  secret: string;
+  audience?: string;
+  scopes?: string[];
+  allowedRoles?: string[];
+  allowedDomains?: string[];
+}
+
+export interface SupabaseAdapterConfig {
+  url: string;
+  anonKey: string;
+}
+
+export interface BasicAdapterConfig {
+  username: string;
+  password: string;
+  realm?: string;
+}
+
+export interface SupertokensAdapterConfig {
+  connectionUri: string;
+  apiKey?: string;
+  appName: string;
+  apiDomain: string;
+  websiteDomain: string;
+  apiBasePath?: string;
+  websiteBasePath?: string;
+  enableEmailPassword?: boolean;
+  socialProviders?: {
+    google?: { clientId: string; clientSecret: string };
+    apple?: { clientId: string; clientSecret: string; keyId: string; teamId: string };
+    github?: { clientId: string; clientSecret: string };
+  };
+}
+
+export interface UpdateAuthConfigRequest {
+  adapter: AuthAdapterType;
+  config: Record<string, unknown>;
+  settings?: {
+    authRequired?: boolean;
+    excludePaths?: string[];
+  };
+}
+
+export interface TestProviderRequest {
+  adapter: AuthAdapterType;
+  config: Record<string, unknown>;
+  provider?: 'google' | 'github' | 'apple';
+}
+
+export interface TestProviderResponse {
+  success: boolean;
+  message: string;
+  details?: {
+    latency?: number;
+    version?: string;
+  };
+}
+
+// ==================
+// Rate Limit Config Types
+// ==================
+
+export type RateLimitStrategy = 'sliding-window' | 'fixed-window' | 'token-bucket';
+
+export interface RateLimitConfig {
+  windowMs: number;
+  maxRequests: number;
+  strategy: RateLimitStrategy;
+  cleanupEnabled: boolean;
+  cleanupIntervalMs: number;
+  store: string;
+  cache: string;
+  cacheAvailable: boolean;
+}
+
+export interface RateLimitConfigUpdateRequest {
+  windowMs?: number;
+  maxRequests?: number;
+  strategy?: RateLimitStrategy;
+  cleanupEnabled?: boolean;
+  cleanupIntervalMs?: number;
+}
+
+export interface RateLimitConfigUpdateResponse {
+  success: boolean;
+  config: RateLimitConfig;
+}
+
 class ControlPanelApi {
   private baseUrl: string;
 
@@ -218,6 +392,33 @@ class ControlPanelApi {
     this.baseUrl = baseUrl;
   }
 
+  /**
+   * Get the base URL for API requests.
+   */
+  getBaseUrl(): string {
+    return this.baseUrl;
+  }
+
+  /**
+   * Generic fetch method for API requests.
+   * Automatically prepends the base URL and /api prefix.
+   */
+  async fetch<T = unknown>(path: string, options?: RequestInit): Promise<T> {
+    const url = `${this.baseUrl}/api${path.startsWith('/') ? path : `/${path}`}`;
+    const response = await fetch(url, {
+      ...options,
+      headers: {
+        'Content-Type': 'application/json',
+        ...options?.headers,
+      },
+    });
+    if (!response.ok) {
+      const error = await response.json().catch(() => ({}));
+      throw new Error(error.error || error.message || `Request failed: ${response.statusText}`);
+    }
+    return response.json();
+  }
+
   // ==================
   // Plugin Feature Detection
   // ==================
@@ -477,7 +678,7 @@ class ControlPanelApi {
   // Plugins API
   // ==================
 
-  async getPlugins(): Promise<{ plugins: Array<{ id: string; name: string; version?: string }> }> {
+  async getPlugins(): Promise<PluginsResponse> {
     const response = await fetch(`${this.baseUrl}/api/plugins`);
     if (!response.ok) {
       throw new Error(`Plugins request failed: ${response.statusText}`);
@@ -485,6 +686,17 @@ class ControlPanelApi {
     return response.json();
   }
 
+  async getPluginDetail(id: string): Promise<PluginDetailResponse> {
+    const response = await fetch(`${this.baseUrl}/api/plugins/${encodeURIComponent(id)}`);
+    if (!response.ok) {
+      if (response.status === 404) {
+        throw new Error(`Plugin not found: ${id}`);
+      }
+      throw new Error(`Plugin detail request failed: ${response.statusText}`);
+    }
+    return response.json();
+  }
+
   // ==================
   // UI Contributions API
   // ==================
@@ -496,6 +708,119 @@ class ControlPanelApi {
     }
     return response.json();
   }
+
+  // ==================
+  // Auth Config API
+  // ==================
+
+  async getAuthConfigStatus(): Promise<AuthConfigStatus> {
+    const response = await fetch(`${this.baseUrl}/api/auth/config/status`);
+    if (!response.ok) {
+      // Return disabled state if endpoint not available
+      if (response.status === 404) {
+        return { state: 'disabled', adapter: null };
+      }
+      throw new Error(`Auth config status request failed: ${response.statusText}`);
+    }
+    return response.json();
+  }
+
+  async getAuthConfig(): Promise<AuthConfigStatus> {
+    const response = await fetch(`${this.baseUrl}/api/auth/config`);
+    if (!response.ok) {
+      if (response.status === 404) {
+        return { state: 'disabled', adapter: null };
+      }
+      throw new Error(`Auth config request failed: ${response.statusText}`);
+    }
+    return response.json();
+  }
+
+  /**
+   * Update auth configuration (save to database for hot-reload)
+   */
+  async updateAuthConfig(request: UpdateAuthConfigRequest): Promise<{ success: boolean; message: string }> {
+    const response = await fetch(`${this.baseUrl}/api/auth/config`, {
+      method: 'PUT',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify(request),
+    });
+    if (!response.ok) {
+      const error = await response.json().catch(() => ({}));
+      throw new Error(error.error || `Auth config update failed: ${response.statusText}`);
+    }
+    return response.json();
+  }
+
+  /**
+   * Delete auth configuration (revert to environment variables)
+   */
+  async deleteAuthConfig(): Promise<{ success: boolean; message: string }> {
+    const response = await fetch(`${this.baseUrl}/api/auth/config`, {
+      method: 'DELETE',
+    });
+    if (!response.ok) {
+      const error = await response.json().catch(() => ({}));
+      throw new Error(error.error || `Auth config delete failed: ${response.statusText}`);
+    }
+    return response.json();
+  }
+
+  /**
+   * Test auth provider connection without saving
+   */
+  async testAuthProvider(request: TestProviderRequest): Promise<TestProviderResponse> {
+    const response = await fetch(`${this.baseUrl}/api/auth/test-provider`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify(request),
+    });
+    if (!response.ok) {
+      const error = await response.json().catch(() => ({}));
+      throw new Error(error.error || `Provider test failed: ${response.statusText}`);
+    }
+    return response.json();
+  }
+
+  /**
+   * Test current auth provider connection (uses existing env/runtime config)
+   */
+  async testCurrentAuthProvider(): Promise<TestProviderResponse> {
+    const response = await fetch(`${this.baseUrl}/api/auth/test-current`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+    });
+    if (!response.ok) {
+      const error = await response.json().catch(() => ({}));
+      throw new Error(error.error || `Provider test failed: ${response.statusText}`);
+    }
+    return response.json();
+  }
+
+  // ==================
+  // Rate Limit Config API
+  // ==================
+
+  async getRateLimitConfig(): Promise<RateLimitConfig> {
+    const response = await fetch(`${this.baseUrl}/api/rate-limit/config`);
+    if (!response.ok) {
+      throw new Error(`Rate limit config request failed: ${response.statusText}`);
+    }
+    return response.json();
+  }
+
+  async updateRateLimitConfig(updates: RateLimitConfigUpdateRequest): Promise<RateLimitConfigUpdateResponse> {
+    const response = await fetch(`${this.baseUrl}/api/rate-limit/config`, {
+      method: 'PUT',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify(updates),
+    });
+    if (!response.ok) {
+      const error = await response.json().catch(() => ({}));
+      throw new Error(error.error || `Rate limit config update failed: ${response.statusText}`);
+    }
+    return response.json();
+  }
 }
 
 export const api = new ControlPanelApi();