@rebasepro/server-core 0.0.1-canary.09e5ec5

package/src/auth/slack-oauth.ts

@@ -0,0 +1,71 @@
+import type { OAuthProvider, OAuthProviderProfile } from "./interfaces";
+import { z } from "zod";
+
+/**
+ * Creates a Slack OAuth Provider integration (OAuth 2.0 / "Sign in with Slack").
+ * Uses the OpenID Connect flow with the "openid,email,profile" scopes.
+ */
+export function createSlackProvider(config: { clientId: string; clientSecret: string }): OAuthProvider<{ code: string; redirectUri: string }> {
+    return {
+        id: "slack",
+        schema: z.object({
+            code: z.string().min(1, "Auth code is required"),
+            redirectUri: z.string().url("Valid redirect URI is required")
+        }),
+        verify: async (payload: { code: string; redirectUri: string }): Promise<OAuthProviderProfile | null> => {
+            try {
+                const tokenResponse = await fetch("https://slack.com/api/openid.connect.token", {
+                    method: "POST",
+                    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+                    body: new URLSearchParams({
+                        client_id: config.clientId,
+                        client_secret: config.clientSecret,
+                        code: payload.code,
+                        redirect_uri: payload.redirectUri,
+                        grant_type: "authorization_code"
+                    })
+                });
+
+                if (!tokenResponse.ok) {
+                    console.error("Failed to get Slack access token:", await tokenResponse.text());
+                    return null;
+                }
+
+                const tokenData = await tokenResponse.json() as { ok: boolean; access_token?: string; error?: string };
+                if (!tokenData.ok || !tokenData.access_token) {
+                    console.error("Slack token exchange failed:", tokenData.error);
+                    return null;
+                }
+
+                const profileResponse = await fetch("https://slack.com/api/openid.connect.userInfo", {
+                    headers: { "Authorization": `Bearer ${tokenData.access_token}` }
+                });
+
+                if (!profileResponse.ok) {
+                    console.error("Failed to get Slack user info:", await profileResponse.text());
+                    return null;
+                }
+
+                const p = await profileResponse.json() as {
+                    ok: boolean; sub: string; name?: string;
+                    email?: string; picture?: string; email_verified?: boolean;
+                };
+
+                if (!p.ok || !p.email) {
+                    console.error("Slack user has no email");
+                    return null;
+                }
+
+                return {
+                    providerId: p.sub,
+                    email: p.email,
+                    displayName: p.name || null,
+                    photoUrl: p.picture || null
+                };
+            } catch (error) {
+                console.error("Slack OAuth error:", error);
+                return null;
+            }
+        }
+    };
+}

package/src/auth/spotify-oauth.ts

@@ -0,0 +1,67 @@
+import type { OAuthProvider, OAuthProviderProfile } from "./interfaces";
+import { z } from "zod";
+
+/**
+ * Creates a Spotify OAuth Provider integration.
+ * Uses the authorization code flow with the "user-read-email" scope.
+ */
+export function createSpotifyProvider(config: { clientId: string; clientSecret: string }): OAuthProvider<{ code: string; redirectUri: string }> {
+    return {
+        id: "spotify",
+        schema: z.object({
+            code: z.string().min(1, "Auth code is required"),
+            redirectUri: z.string().url("Valid redirect URI is required")
+        }),
+        verify: async (payload: { code: string; redirectUri: string }): Promise<OAuthProviderProfile | null> => {
+            try {
+                const basicAuth = Buffer.from(`${config.clientId}:${config.clientSecret}`).toString("base64");
+
+                const tokenResponse = await fetch("https://accounts.spotify.com/api/token", {
+                    method: "POST",
+                    headers: {
+                        "Content-Type": "application/x-www-form-urlencoded",
+                        "Authorization": `Basic ${basicAuth}`
+                    },
+                    body: new URLSearchParams({
+                        grant_type: "authorization_code",
+                        code: payload.code,
+                        redirect_uri: payload.redirectUri
+                    })
+                });
+
+                if (!tokenResponse.ok) {
+                    console.error("Failed to get Spotify access token:", await tokenResponse.text());
+                    return null;
+                }
+
+                const tokenData = await tokenResponse.json() as { access_token: string };
+
+                const profileResponse = await fetch("https://api.spotify.com/v1/me", {
+                    headers: { "Authorization": `Bearer ${tokenData.access_token}` }
+                });
+
+                if (!profileResponse.ok) {
+                    console.error("Failed to get Spotify user info:", await profileResponse.text());
+                    return null;
+                }
+
+                const p = await profileResponse.json() as {
+                    id: string; display_name?: string | null;
+                    email?: string; images?: Array<{ url: string }>;
+                };
+
+                if (!p.email) { console.error("Spotify user has no email"); return null; }
+
+                return {
+                    providerId: p.id,
+                    email: p.email,
+                    displayName: p.display_name || null,
+                    photoUrl: p.images?.[0]?.url || null
+                };
+            } catch (error) {
+                console.error("Spotify OAuth error:", error);
+                return null;
+            }
+        }
+    };
+}

package/src/auth/twitter-oauth.ts

@@ -0,0 +1,120 @@
+import type { OAuthProvider, OAuthProviderProfile } from "./interfaces";
+import { z } from "zod";
+
+/**
+ * Creates a Twitter/X OAuth 2.0 Provider integration.
+ *
+ * Uses OAuth 2.0 with PKCE (authorization code flow). The frontend must include
+ * the PKCE `code_verifier` when sending the authorization code.
+ *
+ * Twitter API v2 requires the "tweet.read" and "users.read" scopes at minimum,
+ * plus "offline.access" if refresh tokens are needed on Twitter's side.
+ */
+export function createTwitterProvider(config: { clientId: string; clientSecret: string }): OAuthProvider<{
+            code: string;
+            redirectUri: string;
+            codeVerifier: string;
+        }> {
+    return {
+        id: "twitter",
+        schema: z.object({
+            code: z.string().min(1, "Auth code is required"),
+            redirectUri: z.string().url("Valid redirect URI is required"),
+            codeVerifier: z.string().min(1, "PKCE code verifier is required")
+        }),
+        verify: async (payload: {
+            code: string;
+            redirectUri: string;
+            codeVerifier: string;
+        }): Promise<OAuthProviderProfile | null> => {
+            try {
+                // Twitter OAuth 2.0 uses Basic auth for the token endpoint
+                const basicAuth = Buffer.from(`${config.clientId}:${config.clientSecret}`).toString("base64");
+
+                // Exchange code for access token
+                const tokenResponse = await fetch("https://api.twitter.com/2/oauth2/token", {
+                    method: "POST",
+                    headers: {
+                        "Content-Type": "application/x-www-form-urlencoded",
+                        "Authorization": `Basic ${basicAuth}`
+                    },
+                    body: new URLSearchParams({
+                        code: payload.code,
+                        grant_type: "authorization_code",
+                        redirect_uri: payload.redirectUri,
+                        code_verifier: payload.codeVerifier
+                    })
+                });
+
+                if (!tokenResponse.ok) {
+                    console.error("Failed to get Twitter access token:", await tokenResponse.text());
+                    return null;
+                }
+
+                const tokenData = await tokenResponse.json() as { access_token: string };
+                const accessToken = tokenData.access_token;
+
+                // Fetch user profile from Twitter API v2
+                const profileResponse = await fetch(
+                    "https://api.twitter.com/2/users/me?user.fields=id,name,username,profile_image_url",
+                    {
+                        headers: { "Authorization": `Bearer ${accessToken}` }
+                    }
+                );
+
+                if (!profileResponse.ok) {
+                    console.error("Failed to get Twitter user info:", await profileResponse.text());
+                    return null;
+                }
+
+                const profileResult = await profileResponse.json() as {
+                    data: {
+                        id: string;
+                        name: string;
+                        username: string;
+                        profile_image_url?: string;
+                    };
+                };
+
+                const profileData = profileResult.data;
+
+                // Twitter does NOT expose email via API v2 by default.
+                // It requires elevated access. If we can't get an email, we
+                // generate a placeholder email — the user can update it later.
+                // For apps with elevated access, fetch from v1.1 endpoint.
+                let email: string | null = null;
+                try {
+                    const emailResponse = await fetch(
+                        "https://api.twitter.com/1.1/account/verify_credentials.json?include_email=true",
+                        {
+                            headers: { "Authorization": `Bearer ${accessToken}` }
+                        }
+                    );
+                    if (emailResponse.ok) {
+                        const emailData = await emailResponse.json() as { email?: string };
+                        email = emailData.email || null;
+                    }
+                } catch {
+                    // Elevated access not available — fall through
+                }
+
+                if (!email) {
+                    // Construct a deterministic placeholder email from the Twitter user ID.
+                    // This allows the account to be created and linked; the user should
+                    // update their email through the profile settings.
+                    email = `${profileData.id}@twitter.placeholder.rebase`;
+                }
+
+                return {
+                    providerId: profileData.id,
+                    email,
+                    displayName: profileData.name || profileData.username || null,
+                    photoUrl: profileData.profile_image_url?.replace("_normal", "_400x400") || null
+                };
+            } catch (error) {
+                console.error("Twitter OAuth error:", error);
+                return null;
+            }
+        }
+    };
+}

package/src/bootstrappers/index.ts

@@ -0,0 +1 @@
+// PostgresBootstrapper was moved to @rebasepro/server-postgresql

package/src/collections/BackendCollectionRegistry.ts

@@ -0,0 +1,20 @@
+import { CollectionRegistry } from "@rebasepro/common";
+import { CollectionRegistryInterface } from "../db/interfaces";
+import { EntityCollection } from "@rebasepro/types";
+
+/**
+ * Backend-agnostic collection registry.
+ * Satisfies CollectionRegistryInterface through inheritance from CollectionRegistry.
+ */
+export class BackendCollectionRegistry extends CollectionRegistry implements CollectionRegistryInterface {
+
+    /**
+     * Get the available relation keys for a given collection path.
+     * Maps from the collection's relation property names to the relation names.
+     */
+    getRelationKeysForCollection(collectionPath: string): string[] {
+        const collection = this.getCollectionByPath(collectionPath) as (EntityCollection & { relations?: { relationName?: string, localKey?: string }[] }) | undefined;
+        if (!collection?.relations) return [];
+        return collection.relations.map(r => (r.relationName || r.localKey || "") as string).filter(Boolean);
+    }
+}

package/src/collections/loader.ts

@@ -0,0 +1,49 @@
+import { EntityCollection } from "@rebasepro/types";
+import * as fs from "fs";
+import * as path from "path";
+import { pathToFileURL } from "url";
+
+/**
+ * Asynchronously load collection files from a directory for backend initialization
+ */
+export async function loadCollectionsFromDirectory(directory: string): Promise<EntityCollection[]> {
+    const collections: EntityCollection[] = [];
+    try {
+        if (!fs.existsSync(directory)) {
+            console.warn(`[loadCollectionsFromDirectory] Collections directory not found: ${directory}`);
+            return collections;
+        }
+
+        const files = fs.readdirSync(directory);
+        for (const file of files) {
+            // Only load .ts and .js files, ignore test files and declaration files
+            if ((file.endsWith(".ts") || file.endsWith(".js")) &&
+                !file.includes(".test.") &&
+                !file.endsWith(".d.ts") &&
+                file !== "index.ts" && file !== "index.js") {
+
+                const filePath = path.join(directory, file);
+                try {
+                    const fileUrl = pathToFileURL(filePath).href;
+
+                    // Use new Function to compile dynamic import natively and bypass tsc converting import() to require()
+                    const dynamicImport = new Function("url", "return import(url)");
+                    const module = await dynamicImport(fileUrl);
+
+                    // Expect the collection to be the default export
+                    if (module && module.default) {
+                        collections.push(module.default);
+                    } else {
+                        console.warn(`[loadCollectionsFromDirectory] File ${file} does not have a default export. Skipping.`);
+                    }
+                } catch (err: unknown) {
+                    const message = err instanceof Error ? err.message : String(err);
+                    console.error(`[loadCollectionsFromDirectory] Failed to load collection from ${file}: ${message}`);
+                }
+            }
+        }
+    } catch (err) {
+        console.error(`[loadCollectionsFromDirectory] Error reading collections directory: ${err}`);
+    }
+    return collections;
+}

package/src/cron/cron-loader.ts

@@ -0,0 +1,89 @@
+import * as fs from "fs";
+import * as path from "path";
+import { pathToFileURL } from "url";
+import type { CronJobDefinition } from "@rebasepro/types";
+
+export interface LoadedCronJob {
+    /** Job ID derived from filename (e.g. "cleanup-sessions"). */
+    id: string;
+    /** The full definition. */
+    definition: CronJobDefinition;
+}
+
+/**
+ * Auto-discover cron job files from a directory.
+ *
+ * Each file should default-export a `CronJobDefinition`.
+ * The filename (without extension) becomes the job ID:
+ *   `crons/cleanup-sessions.ts` → id = "cleanup-sessions"
+ *
+ * Follows the same discovery pattern as `loadFunctionsFromDirectory`.
+ */
+export async function loadCronJobsFromDirectory(
+    directory: string
+): Promise<LoadedCronJob[]> {
+    const jobs: LoadedCronJob[] = [];
+
+    if (!fs.existsSync(directory)) {
+        return jobs;
+    }
+
+    const files = fs.readdirSync(directory);
+    for (const file of files) {
+        if (
+            (file.endsWith(".ts") || file.endsWith(".js")) &&
+            !file.includes(".test.") &&
+            !file.endsWith(".d.ts") &&
+            file !== "index.ts" &&
+            file !== "index.js"
+        ) {
+            const filePath = path.join(directory, file);
+            try {
+                const fileUrl = pathToFileURL(filePath).href;
+
+                // Native dynamic import — bypasses tsc down-compilation
+                const dynamicImport = new Function("url", "return import(url)");
+                const mod = await dynamicImport(fileUrl);
+
+                const exported: unknown = mod.default;
+
+                if (!exported || typeof exported !== "object") {
+                    console.warn(
+                        `[cron] ${file}: no valid default export. Skipping.`
+                    );
+                    continue;
+                }
+
+                const def = exported as Record<string, unknown>;
+                if (typeof def.schedule !== "string" || typeof def.handler !== "function") {
+                    console.warn(
+                        `[cron] ${file}: default export missing required 'schedule' or 'handler'. Skipping.`
+                    );
+                    continue;
+                }
+
+                const id = path.basename(file, path.extname(file));
+                const definition: CronJobDefinition = {
+                    schedule: def.schedule as string,
+                    name: (def.name as string) || id,
+                    description: def.description as string | undefined,
+                    enabled: def.enabled !== false,
+                    timeoutSeconds: (def.timeoutSeconds as number) || 300,
+                    handler: def.handler as CronJobDefinition["handler"]
+                };
+
+                jobs.push({ id,
+definition });
+                console.log(`⏰ Loaded cron job: ${id} (${definition.schedule})`);
+            } catch (err: unknown) {
+                const message =
+                    err instanceof Error ? err.message : String(err);
+                console.error(
+                    `[cron] Failed to load ${file}: ${message}`
+                );
+            }
+        }
+    }
+
+    return jobs;
+}