@qwickapps/server 1.3.1 → 1.4.0

package/src/plugins/auth/index.ts

@@ -16,7 +16,20 @@ export {
 } from './auth-plugin.js';
 
 // Environment-based configuration
-export { createAuthPluginFromEnv, getAuthStatus } from './env-config.js';
+export {
+  createAuthPluginFromEnv,
+  getAuthStatus,
+  setAuthConfigStore,
+  getAdapterWrapper,
+} from './env-config.js';
+export type { AuthEnvPluginOptionsExtended } from './env-config.js';
+
+// Config store
+export { postgresAuthConfigStore } from './config-store.js';
+
+// Adapter wrapper
+export { createAdapterWrapper } from './adapter-wrapper.js';
+export type { AdapterWrapper } from './adapter-wrapper.js';
 
 // Types
 export type {
@@ -32,6 +45,14 @@ export type {
   AuthPluginState,
   AuthEnvPluginOptions,
   AuthConfigStatus,
+  // Runtime config types
+  AuthAdapterType,
+  RuntimeAuthConfig,
+  UpdateAuthConfigRequest,
+  TestProviderRequest,
+  TestProviderResponse,
+  AuthConfigStore,
+  PostgresAuthConfigStoreConfig,
 } from './types.js';
 export { isAuthenticatedRequest } from './types.js';
 

package/src/plugins/auth/types.ts

@@ -243,3 +243,141 @@ export interface AuthConfigStatus {
   /** Current configuration with secrets masked */
   config?: Record<string, string>;
 }
+
+// ═══════════════════════════════════════════════════════════════════════════
+// Runtime Configuration Types
+// ═══════════════════════════════════════════════════════════════════════════
+
+/**
+ * Supported adapter types for runtime configuration
+ */
+export type AuthAdapterType = 'auth0' | 'supabase' | 'supertokens' | 'basic';
+
+/**
+ * Runtime auth configuration (persisted to database)
+ */
+export interface RuntimeAuthConfig {
+  /** Which adapter to use */
+  adapter: AuthAdapterType | null;
+
+  /** Adapter-specific configuration */
+  config: {
+    auth0?: Auth0AdapterConfig;
+    supabase?: SupabaseAdapterConfig;
+    supertokens?: SupertokensAdapterConfig;
+    basic?: BasicAdapterConfig;
+  };
+
+  /** General auth settings */
+  settings: {
+    authRequired?: boolean;
+    excludePaths?: string[];
+    debug?: boolean;
+  };
+
+  /** When the config was last updated */
+  updatedAt: string;
+
+  /** Who updated the config (optional) */
+  updatedBy?: string;
+}
+
+/**
+ * Request body for PUT /api/auth/config
+ */
+export interface UpdateAuthConfigRequest {
+  /** Which adapter to use */
+  adapter: AuthAdapterType;
+
+  /** Adapter-specific configuration */
+  config: Record<string, unknown>;
+
+  /** General settings (optional) */
+  settings?: {
+    authRequired?: boolean;
+    excludePaths?: string[];
+  };
+}
+
+/**
+ * Request body for POST /api/auth/test-provider
+ */
+export interface TestProviderRequest {
+  /** Which adapter to test */
+  adapter: AuthAdapterType;
+
+  /** Adapter configuration to test */
+  config: Record<string, unknown>;
+
+  /** For social provider test (optional) */
+  provider?: 'google' | 'github' | 'apple';
+}
+
+/**
+ * Response for POST /api/auth/test-provider
+ */
+export interface TestProviderResponse {
+  /** Whether the test was successful */
+  success: boolean;
+
+  /** Human-readable message */
+  message: string;
+
+  /** Additional details */
+  details?: {
+    latency?: number;
+    version?: string;
+  };
+}
+
+/**
+ * Auth configuration store interface
+ */
+export interface AuthConfigStore {
+  /** Store name for identification */
+  name: string;
+
+  /** Initialize the store (create tables if needed) */
+  initialize(): Promise<void>;
+
+  /** Load configuration from store */
+  load(): Promise<RuntimeAuthConfig | null>;
+
+  /** Save configuration to store */
+  save(config: RuntimeAuthConfig): Promise<void>;
+
+  /** Delete configuration (revert to env vars) */
+  delete(): Promise<boolean>;
+
+  /**
+   * Subscribe to configuration changes
+   * Returns unsubscribe function
+   */
+  onChange(callback: (config: RuntimeAuthConfig | null) => void): () => void;
+
+  /** Shutdown and cleanup */
+  shutdown(): Promise<void>;
+}
+
+/**
+ * PostgreSQL auth config store configuration
+ */
+export interface PostgresAuthConfigStoreConfig {
+  /** PostgreSQL pool instance or factory function for lazy initialization */
+  pool: unknown | (() => unknown);
+
+  /** Table name (default: 'auth_config') */
+  tableName?: string;
+
+  /** Schema name (default: 'public') */
+  schema?: string;
+
+  /** Auto-create table on initialization (default: true) */
+  autoCreateTable?: boolean;
+
+  /** Enable pg_notify for cross-instance config updates (default: true) */
+  enableNotify?: boolean;
+
+  /** Channel name for pg_notify (default: 'auth_config_changed') */
+  notifyChannel?: string;
+}

package/src/plugins/index.ts

@@ -30,6 +30,8 @@ export {
   createAuthPlugin,
   createAuthPluginFromEnv,
   getAuthStatus,
+  setAuthConfigStore,
+  postgresAuthConfigStore,
   isAuthenticated,
   getAuthenticatedUser,
   getAccessToken,
@@ -54,6 +56,8 @@ export type {
   AuthPluginState,
   AuthEnvPluginOptions,
   AuthConfigStatus,
+  AuthConfigStore,
+  PostgresAuthConfigStoreConfig,
 } from './auth/index.js';
 
 // Users plugin
@@ -156,3 +160,48 @@ export type {
   PostgresPreferencesStoreConfig,
   PreferencesApiConfig,
 } from './preferences/index.js';
+
+// Rate Limit plugin
+export {
+  createRateLimitPlugin,
+  createRateLimitPluginFromEnv,
+  getRateLimitConfigStatus,
+  postgresRateLimitStore,
+  createRateLimitCache,
+  createNoOpCache,
+  createSlidingWindowStrategy,
+  createFixedWindowStrategy,
+  createTokenBucketStrategy,
+  getStrategy,
+  rateLimitMiddleware,
+  rateLimitStatusMiddleware,
+  RateLimitService,
+  getRateLimitService,
+  isLimited,
+  checkLimit,
+  incrementLimit,
+  getRemainingRequests,
+  getLimitStatus,
+  clearLimit,
+  createCleanupJob,
+} from './rate-limit/index.js';
+export type {
+  RateLimitPluginConfig,
+  RateLimitEnvPluginOptions,
+  RateLimitStrategy,
+  LimitStatus,
+  Strategy,
+  StrategyOptions,
+  StrategyContext,
+  StoredLimit,
+  IncrementOptions,
+  RateLimitStore,
+  PostgresRateLimitStoreConfig,
+  CachedLimit,
+  RateLimitCache,
+  RateLimitCacheConfig,
+  RateLimitMiddlewareOptions,
+  CheckLimitOptions,
+  CleanupJob,
+  CleanupJobConfig,
+} from './rate-limit/index.js';

package/src/plugins/rate-limit/__tests__/rate-limit-plugin.test.ts

@@ -0,0 +1,259 @@
+/**
+ * Rate Limit Plugin Tests
+ *
+ * Copyright (c) 2025 QwickApps.com. All rights reserved.
+ */
+
+import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
+import type { RateLimitStore, RateLimitCache, CachedLimit, StoredLimit, IncrementOptions } from '../types.js';
+import { RateLimitService } from '../rate-limit-service.js';
+import { createSlidingWindowStrategy } from '../strategies/sliding-window.js';
+import { createFixedWindowStrategy } from '../strategies/fixed-window.js';
+import { createTokenBucketStrategy } from '../strategies/token-bucket.js';
+
+// Mock store implementation
+function createMockStore(): RateLimitStore {
+  const records = new Map<string, StoredLimit>();
+
+  return {
+    name: 'mock',
+
+    async initialize(): Promise<void> {
+      // No-op
+    },
+
+    async get(key: string): Promise<StoredLimit | null> {
+      return records.get(key) || null;
+    },
+
+    async increment(key: string, options: IncrementOptions): Promise<StoredLimit> {
+      const now = new Date();
+      const windowMs = options.windowMs;
+      const windowStart = new Date(now.getTime() - (now.getTime() % windowMs));
+      const windowEnd = new Date(windowStart.getTime() + windowMs);
+
+      const existing = records.get(key);
+      if (existing && existing.windowStart.getTime() === windowStart.getTime()) {
+        existing.count += options.amount || 1;
+        existing.updatedAt = now;
+        return existing;
+      }
+
+      const newRecord: StoredLimit = {
+        id: `mock-${Date.now()}`,
+        key,
+        count: options.amount || 1,
+        maxRequests: options.maxRequests,
+        windowMs: options.windowMs,
+        windowStart,
+        windowEnd,
+        strategy: options.strategy,
+        userId: options.userId,
+        tenantId: options.tenantId,
+        ipAddress: options.ipAddress,
+        createdAt: now,
+        updatedAt: now,
+      };
+      records.set(key, newRecord);
+      return newRecord;
+    },
+
+    async clear(key: string): Promise<boolean> {
+      return records.delete(key);
+    },
+
+    async cleanup(): Promise<number> {
+      const now = Date.now();
+      let deleted = 0;
+      for (const [key, record] of records) {
+        if (record.windowEnd.getTime() < now) {
+          records.delete(key);
+          deleted++;
+        }
+      }
+      return deleted;
+    },
+
+    async shutdown(): Promise<void> {
+      records.clear();
+    },
+  };
+}
+
+// Mock cache implementation
+function createMockCache(): RateLimitCache {
+  const cache = new Map<string, { value: CachedLimit; expiresAt: number }>();
+
+  return {
+    name: 'mock',
+
+    async get(key: string): Promise<CachedLimit | null> {
+      const entry = cache.get(key);
+      if (!entry) return null;
+      if (entry.expiresAt <= Date.now()) {
+        cache.delete(key);
+        return null;
+      }
+      return entry.value;
+    },
+
+    async set(key: string, value: CachedLimit, ttlMs: number): Promise<void> {
+      cache.set(key, { value, expiresAt: Date.now() + ttlMs });
+    },
+
+    async increment(key: string, amount = 1): Promise<number | null> {
+      const entry = cache.get(key);
+      if (!entry || entry.expiresAt <= Date.now()) return null;
+      entry.value.count += amount;
+      return entry.value.count;
+    },
+
+    async delete(key: string): Promise<boolean> {
+      return cache.delete(key);
+    },
+
+    isAvailable(): boolean {
+      return true;
+    },
+
+    async shutdown(): Promise<void> {
+      cache.clear();
+    },
+  };
+}
+
+describe('RateLimitService', () => {
+  let store: RateLimitStore;
+  let cache: RateLimitCache;
+  let service: RateLimitService;
+
+  beforeEach(() => {
+    store = createMockStore();
+    cache = createMockCache();
+    service = new RateLimitService({
+      store,
+      cache,
+      defaults: {
+        windowMs: 60000,
+        maxRequests: 100,
+        strategy: 'sliding-window',
+      },
+    });
+  });
+
+  afterEach(async () => {
+    await store.shutdown();
+    await cache.shutdown();
+  });
+
+  describe('checkLimit', () => {
+    it('should return not limited for first request', async () => {
+      const status = await service.checkLimit('test:key', { increment: false });
+
+      expect(status.limited).toBe(false);
+      expect(status.current).toBe(0);
+      expect(status.limit).toBe(100);
+      expect(status.remaining).toBe(100);
+    });
+
+    it('should use provided options over defaults', async () => {
+      const status = await service.checkLimit('test:key', {
+        maxRequests: 50,
+        windowMs: 30000,
+        increment: false,
+      });
+
+      expect(status.limit).toBe(50);
+    });
+  });
+
+  describe('incrementLimit', () => {
+    it('should increment the counter', async () => {
+      const status1 = await service.incrementLimit('test:key');
+      expect(status1.current).toBe(1);
+      expect(status1.remaining).toBe(99);
+
+      const status2 = await service.incrementLimit('test:key');
+      expect(status2.current).toBe(2);
+      expect(status2.remaining).toBe(98);
+    });
+
+    it('should return limited when max reached', async () => {
+      // Set low limit for testing
+      for (let i = 0; i < 5; i++) {
+        await service.incrementLimit('test:key', { maxRequests: 5 });
+      }
+
+      const status = await service.incrementLimit('test:key', { maxRequests: 5 });
+      expect(status.limited).toBe(true);
+      expect(status.remaining).toBe(0);
+    });
+  });
+
+  describe('isLimited', () => {
+    it('should return false when not limited', async () => {
+      const limited = await service.isLimited('test:key');
+      expect(limited).toBe(false);
+    });
+
+    it('should return true when limited', async () => {
+      // Exhaust the limit
+      for (let i = 0; i < 5; i++) {
+        await service.incrementLimit('test:key', { maxRequests: 5 });
+      }
+
+      const limited = await service.isLimited('test:key', { maxRequests: 5 });
+      expect(limited).toBe(true);
+    });
+  });
+
+  describe('clearLimit', () => {
+    it('should clear the limit', async () => {
+      // Create some limits
+      await service.incrementLimit('test:key');
+      await service.incrementLimit('test:key');
+
+      // Verify exists
+      const beforeStatus = await service.checkLimit('test:key', { increment: false });
+      expect(beforeStatus.current).toBeGreaterThan(0);
+
+      // Clear
+      await service.clearLimit('test:key');
+
+      // Verify cleared
+      const afterStatus = await service.checkLimit('test:key', { increment: false });
+      expect(afterStatus.current).toBe(0);
+    });
+  });
+});
+
+describe('Strategies', () => {
+  describe('Sliding Window', () => {
+    it('should create strategy with correct name', () => {
+      const strategy = createSlidingWindowStrategy();
+      expect(strategy.name).toBe('sliding-window');
+    });
+  });
+
+  describe('Fixed Window', () => {
+    it('should create strategy with correct name', () => {
+      const strategy = createFixedWindowStrategy();
+      expect(strategy.name).toBe('fixed-window');
+    });
+  });
+
+  describe('Token Bucket', () => {
+    it('should create strategy with correct name', () => {
+      const strategy = createTokenBucketStrategy();
+      expect(strategy.name).toBe('token-bucket');
+    });
+  });
+});
+
+describe('Types', () => {
+  it('should export all required types', async () => {
+    // This test verifies that the types module compiles correctly
+    const types = await import('../types.js');
+    expect(types).toBeDefined();
+  });
+});

package/src/plugins/rate-limit/cleanup.ts

@@ -0,0 +1,117 @@
+/**
+ * Rate Limit Cleanup Job
+ *
+ * Periodically removes expired rate limit records from the database.
+ *
+ * Copyright (c) 2025 QwickApps.com. All rights reserved.
+ */
+
+import type { RateLimitStore } from './types.js';
+
+/**
+ * Cleanup job configuration
+ */
+export interface CleanupJobConfig {
+  /** Store to clean up */
+  store: RateLimitStore;
+
+  /** Cleanup interval in milliseconds (default: 300000 = 5 min) */
+  intervalMs?: number;
+
+  /** Enable debug logging */
+  debug?: boolean;
+}
+
+/**
+ * Cleanup job state
+ */
+export interface CleanupJob {
+  /** Start the cleanup job */
+  start(): void;
+
+  /** Stop the cleanup job */
+  stop(): void;
+
+  /** Run cleanup immediately */
+  runNow(): Promise<number>;
+
+  /** Check if job is running */
+  isRunning(): boolean;
+}
+
+/**
+ * Create a cleanup job
+ *
+ * @param config Cleanup configuration
+ * @returns CleanupJob instance
+ */
+export function createCleanupJob(config: CleanupJobConfig): CleanupJob {
+  const {
+    store,
+    intervalMs = 300000, // 5 minutes default
+    debug = false,
+  } = config;
+
+  let intervalId: ReturnType<typeof setInterval> | null = null;
+  let isRunningCleanup = false;
+
+  function log(message: string, data?: Record<string, unknown>) {
+    if (debug) {
+      console.log(`[RateLimitCleanup] ${message}`, data || '');
+    }
+  }
+
+  async function runCleanup(): Promise<number> {
+    if (isRunningCleanup) {
+      log('Cleanup already in progress, skipping');
+      return 0;
+    }
+
+    isRunningCleanup = true;
+    try {
+      log('Starting cleanup');
+      const startTime = Date.now();
+      const deletedCount = await store.cleanup();
+      const duration = Date.now() - startTime;
+
+      log('Cleanup complete', { deletedCount, durationMs: duration });
+      return deletedCount;
+    } catch (error) {
+      console.error('[RateLimitCleanup] Error during cleanup:', error);
+      return 0;
+    } finally {
+      isRunningCleanup = false;
+    }
+  }
+
+  return {
+    start() {
+      if (intervalId) {
+        log('Cleanup job already running');
+        return;
+      }
+
+      log('Starting cleanup job', { intervalMs });
+      intervalId = setInterval(runCleanup, intervalMs);
+
+      // Run initial cleanup after a short delay
+      setTimeout(runCleanup, 10000);
+    },
+
+    stop() {
+      if (intervalId) {
+        log('Stopping cleanup job');
+        clearInterval(intervalId);
+        intervalId = null;
+      }
+    },
+
+    async runNow(): Promise<number> {
+      return runCleanup();
+    },
+
+    isRunning(): boolean {
+      return intervalId !== null;
+    },
+  };
+}