@qwickapps/server 1.5.1 → 1.6.0

package/src/plugins/qwickbrain/types.ts

@@ -0,0 +1,146 @@
+/**
+ * QwickBrain Plugin Types
+ *
+ * Type definitions for the QwickBrain MCP proxy plugin.
+ *
+ * Copyright (c) 2025 QwickApps.com. All rights reserved.
+ */
+
+/**
+ * Configuration for the QwickBrain plugin
+ */
+export interface QwickBrainPluginConfig {
+  /**
+   * Base URL of the QwickBrain instance (via Tailscale)
+   * Example: "http://macmini.tailnet-xxx.ts.net:8080"
+   */
+  qwickbrainUrl: string;
+
+  /**
+   * Request timeout in milliseconds
+   * @default 30000
+   */
+  timeout?: number;
+
+  /**
+   * Which MCP tools to expose publicly
+   * Use '*' to expose all tools, or provide a list of tool names
+   * @default '*'
+   */
+  exposedTools?: string[] | '*';
+
+  /**
+   * API configuration
+   */
+  api?: {
+    /**
+     * Enable API routes
+     * @default true
+     */
+    enabled?: boolean;
+
+    /**
+     * API route prefix (mounted under /api)
+     * @default '/mcp'
+     */
+    prefix?: string;
+  };
+
+  /**
+   * Authentication configuration
+   */
+  auth?: {
+    /**
+     * Require authentication for MCP tool endpoints
+     * When true, /mcp/tools and /mcp/tools/:name require valid auth
+     * Status endpoint (/mcp/status) is always public
+     * @default true
+     */
+    required?: boolean;
+
+    /**
+     * Roles required to access MCP tools (optional)
+     * If set, user must have at least one of these roles
+     */
+    allowedRoles?: string[];
+  };
+
+  /**
+   * Rate limiting configuration
+   */
+  rateLimit?: MCPRateLimitConfig;
+
+  /**
+   * Enable debug logging
+   * @default false
+   */
+  debug?: boolean;
+}
+
+/**
+ * MCP Tool definition from QwickBrain
+ */
+export interface MCPToolDefinition {
+  name: string;
+  description: string;
+  inputSchema: {
+    type: 'object';
+    properties: Record<string, unknown>;
+    required?: string[];
+  };
+}
+
+/**
+ * MCP Tool call request
+ */
+export interface MCPToolCallRequest {
+  name: string;
+  arguments: Record<string, unknown>;
+}
+
+/**
+ * MCP Tool call response
+ */
+export interface MCPToolCallResponse {
+  content: Array<{
+    type: 'text' | 'image' | 'resource';
+    text?: string;
+    data?: string;
+    mimeType?: string;
+  }>;
+  isError?: boolean;
+}
+
+/**
+ * QwickBrain connection status
+ */
+export interface QwickBrainConnectionStatus {
+  connected: boolean;
+  lastCheck: Date;
+  latencyMs?: number;
+  error?: string;
+  tailscaleStatus?: 'connected' | 'disconnected' | 'unknown';
+}
+
+/**
+ * Rate limit configuration for MCP requests
+ */
+export interface MCPRateLimitConfig {
+  /**
+   * Enable rate limiting
+   * @default true
+   */
+  enabled?: boolean;
+
+  /**
+   * Requests per minute per client
+   * @default 60
+   */
+  perClientPerMinute?: number;
+
+  /**
+   * Total requests per minute (global)
+   * @default 1000
+   */
+  globalPerMinute?: number;
+}

package/src/plugins/users/__tests__/postgres-store.test.ts

@@ -19,6 +19,7 @@ const mockUser: User = {
   external_id: 'auth0|abc123',
   provider: 'auth0',
   picture: 'https://example.com/avatar.jpg',
+  status: 'active',
   metadata: {
     identifiers: {
       auth0_user_id: 'auth0|abc123',

package/src/plugins/users/__tests__/users-plugin.test.ts

@@ -44,6 +44,7 @@ describe('Users Plugin', () => {
     external_id: 'auth0|abc123',
     provider: 'auth0',
     picture: 'https://example.com/avatar.jpg',
+    status: 'active',
     created_at: new Date('2025-01-01'),
     updated_at: new Date('2025-01-01'),
     last_login_at: new Date('2025-12-13'),
@@ -64,6 +65,8 @@ describe('Users Plugin', () => {
     delete: vi.fn().mockResolvedValue(true),
     search: vi.fn().mockResolvedValue({ users: [mockUser], total: 1, page: 1, limit: 20, totalPages: 1 }),
     updateLastLogin: vi.fn().mockResolvedValue(undefined),
+    getByInvitationToken: vi.fn().mockResolvedValue(mockUser),
+    acceptInvitation: vi.fn().mockResolvedValue(mockUser),
     shutdown: vi.fn().mockResolvedValue(undefined),
   });
 

package/src/plugins/users/stores/postgres-store.ts

@@ -72,6 +72,9 @@ export function postgresUserStore(config: PostgresUserStoreConfig): UserStore {
           external_id VARCHAR(255),
           provider VARCHAR(50),
           picture TEXT,
+          status VARCHAR(20) DEFAULT 'active',
+          invitation_token VARCHAR(255),
+          invitation_expires_at TIMESTAMPTZ,
           metadata JSONB DEFAULT '{}',
           created_at TIMESTAMPTZ DEFAULT NOW(),
           updated_at TIMESTAMPTZ DEFAULT NOW(),
@@ -80,6 +83,41 @@ export function postgresUserStore(config: PostgresUserStoreConfig): UserStore {
 
         CREATE INDEX IF NOT EXISTS idx_${usersTable}_email ON ${usersTableFull}(email);
         CREATE INDEX IF NOT EXISTS idx_${usersTable}_external_id ON ${usersTableFull}(external_id, provider);
+        CREATE INDEX IF NOT EXISTS idx_${usersTable}_invitation_token ON ${usersTableFull}(invitation_token);
+        CREATE INDEX IF NOT EXISTS idx_${usersTable}_status ON ${usersTableFull}(status);
+      `);
+
+      // Add new columns to existing tables (migration)
+      await getPool().query(`
+        DO $$
+        BEGIN
+          IF NOT EXISTS (
+            SELECT 1 FROM information_schema.columns
+            WHERE table_schema = '${schema}'
+            AND table_name = '${usersTable}'
+            AND column_name = 'status'
+          ) THEN
+            ALTER TABLE ${usersTableFull} ADD COLUMN status VARCHAR(20) DEFAULT 'active';
+          END IF;
+
+          IF NOT EXISTS (
+            SELECT 1 FROM information_schema.columns
+            WHERE table_schema = '${schema}'
+            AND table_name = '${usersTable}'
+            AND column_name = 'invitation_token'
+          ) THEN
+            ALTER TABLE ${usersTableFull} ADD COLUMN invitation_token VARCHAR(255);
+          END IF;
+
+          IF NOT EXISTS (
+            SELECT 1 FROM information_schema.columns
+            WHERE table_schema = '${schema}'
+            AND table_name = '${usersTable}'
+            AND column_name = 'invitation_expires_at'
+          ) THEN
+            ALTER TABLE ${usersTableFull} ADD COLUMN invitation_expires_at TIMESTAMPTZ;
+          END IF;
+        END $$;
       `);
     },
 
@@ -263,6 +301,7 @@ export function postgresUserStore(config: PostgresUserStoreConfig): UserStore {
       const {
         query,
         provider,
+        status,
         page = 1,
         limit = 20,
         sortBy = 'created_at',
@@ -285,6 +324,12 @@ export function postgresUserStore(config: PostgresUserStoreConfig): UserStore {
         paramIndex++;
       }
 
+      if (status) {
+        conditions.push(`status = $${paramIndex}`);
+        values.push(status);
+        paramIndex++;
+      }
+
       const whereClause = conditions.length > 0 ? `WHERE ${conditions.join(' AND ')}` : '';
 
       // Validate sort column to prevent SQL injection
@@ -322,6 +367,30 @@ export function postgresUserStore(config: PostgresUserStoreConfig): UserStore {
       await getPool().query(`UPDATE ${usersTableFull} SET last_login_at = NOW() WHERE id = $1`, [id]);
     },
 
+    async getByInvitationToken(token: string): Promise<User | null> {
+      const result = await getPool().query(
+        `SELECT * FROM ${usersTableFull} WHERE invitation_token = $1 AND invitation_expires_at > NOW()`,
+        [token]
+      );
+      return (result.rows[0] as User) || null;
+    },
+
+    async acceptInvitation(token: string): Promise<User | null> {
+      const result = await getPool().query(
+        `UPDATE ${usersTableFull}
+         SET status = 'active',
+             invitation_token = NULL,
+             invitation_expires_at = NULL,
+             updated_at = NOW()
+         WHERE invitation_token = $1
+           AND invitation_expires_at > NOW()
+           AND status = 'invited'
+         RETURNING *`,
+        [token]
+      );
+      return (result.rows[0] as User) || null;
+    },
+
     async shutdown(): Promise<void> {
       // Pool is managed externally, nothing to do here
     },

package/src/plugins/users/types.ts

@@ -9,6 +9,11 @@
  * Copyright (c) 2025 QwickApps.com. All rights reserved.
  */
 
+/**
+ * User status in the system
+ */
+export type UserStatus = 'invited' | 'active' | 'suspended';
+
 /**
  * User record in the database
  */
@@ -25,6 +30,12 @@ export interface User {
   provider?: string;
   /** Profile picture URL */
   picture?: string;
+  /** User status */
+  status: UserStatus;
+  /** Invitation token (set when user is invited) */
+  invitation_token?: string;
+  /** Invitation expiration timestamp */
+  invitation_expires_at?: Date;
   /** Additional metadata (JSON) */
   metadata?: Record<string, unknown>;
   /** When the user was created */
@@ -90,6 +101,8 @@ export interface UserSearchParams {
   query?: string;
   /** Filter by provider */
   provider?: string;
+  /** Filter by status */
+  status?: UserStatus;
   /** Page number (1-indexed) */
   page?: number;
   /** Items per page */
@@ -182,6 +195,18 @@ export interface UserStore {
    */
   updateLastLogin(id: string): Promise<void>;
 
+  /**
+   * Get a user by invitation token (only if invitation is valid and not expired)
+   */
+  getByInvitationToken(token: string): Promise<User | null>;
+
+  /**
+   * Accept an invitation by token.
+   * Sets status to 'active' and clears invitation token fields.
+   * Returns the updated user or null if token is invalid/expired.
+   */
+  acceptInvitation(token: string): Promise<User | null>;
+
   /**
    * Shutdown the store
    */

package/ui/src/App.tsx

@@ -18,6 +18,7 @@ import { AuthPage } from './pages/AuthPage';
 import { RateLimitPage } from './pages/RateLimitPage';
 import { NotificationsPage } from './pages/NotificationsPage';
 import { IntegrationsPage } from './pages/IntegrationsPage';
+import { APIKeysPage } from './pages/APIKeysPage';
 import { PluginPage } from './pages/PluginPage';
 import { NotFoundPage } from './pages/NotFoundPage';
 import { api, type MenuContribution } from './api/controlPanelApi';
@@ -41,10 +42,11 @@ const coreNavigationItems: NavigationItem[] = [
 // Built-in optional navigation items - shown if corresponding plugin is registered
 const builtInPluginNavItems: Record<string, NavigationItem> = {
   users: { id: 'users', label: 'Users', route: '/users', icon: 'people' },
+  'api-keys': { id: 'api-keys', label: 'API Keys', route: '/api-keys', icon: 'key' },
 };
 
 // Routes that have dedicated page components
-const dedicatedRoutes = new Set(['/', '/plugins', '/logs', '/system', '/users', '/entitlements', '/auth', '/rate-limits', '/notifications', '/integrations']);
+const dedicatedRoutes = new Set(['/', '/plugins', '/logs', '/system', '/users', '/entitlements', '/auth', '/rate-limits', '/notifications', '/integrations', '/api-keys']);
 
 // Package version - injected at build time or fallback
 const SERVER_VERSION = '1.0.0';
@@ -222,6 +224,9 @@ export function App() {
             {registeredPlugins.has('ai-proxy') && (
               <Route path="/integrations" element={<IntegrationsPage />} />
             )}
+            {registeredPlugins.has('api-keys') && (
+              <Route path="/api-keys" element={<APIKeysPage />} />
+            )}
 
             {/* Dynamic plugin routes - render generic PluginPage for non-dedicated routes */}
             {pluginMenuItems