npm - @sleep2agi/commhub-server - Versions diffs - 0.5.0-preview.20 → 0.5.0-preview.21 - Mend

@sleep2agi/commhub-server 0.5.0-preview.20 → 0.5.0-preview.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@sleep2agi/commhub-server",
-  "version": "0.5.0-preview.20",
+  "version": "0.5.0-preview.21",
   "description": "CommHub MCP Server — AI Agent communication hub with SSE push, MCP protocol, and REST API",
   "type": "module",
   "main": "src/index.ts",

package/src/auth.ts CHANGED Viewed

@@ -133,6 +133,27 @@ export function createNetwork(userId: string, name: string, description?: string
   return { ok: true, network_id: networkId, network_name: name };
 }
+export function listTokens(userId: string) {
+  return db.query<any, [string]>(
+    "SELECT token_id, name, scope, network_id, last_used_at, created_at FROM api_tokens WHERE user_id = ?1 ORDER BY created_at DESC"
+  ).all(userId);
+}
+export function createToken(userId: string, name: string, networkId?: string): { ok: boolean; token?: string; token_id?: string; error?: string } {
+  const token = generateToken();
+  const tokenId = generateId("tok");
+  db.run(
+    "INSERT INTO api_tokens (token_id, token_hash, user_id, network_id, name, scope) VALUES (?1, ?2, ?3, ?4, ?5, ?6)",
+    [tokenId, hashToken(token), userId, networkId || null, name, "full"]
+  );
+  return { ok: true, token, token_id: tokenId };
+}
+export function revokeToken(userId: string, tokenId: string): { ok: boolean; error?: string } {
+  const result = db.run("DELETE FROM api_tokens WHERE token_id = ?1 AND user_id = ?2", [tokenId, userId]);
+  return result.changes > 0 ? { ok: true } : { ok: false, error: "token not found" };
+}
 export function changePassword(userId: string, oldPassword: string, newPassword: string): { ok: boolean; error?: string } {
   if (!newPassword || newPassword.length < 6) return { ok: false, error: "new password must be at least 6 characters" };
   const user = db.query<any, [string]>("SELECT password_hash FROM users WHERE user_id = ?1").get(userId);

package/src/index.ts CHANGED Viewed

@@ -4,7 +4,7 @@ import { z } from "zod/v4";
 import { registerTools } from "./tools.js";
 import { db, logTaskEvent, logAudit } from "./db.js";
 import { createSSEStream, pushEvent, pushBroadcast, getSSEStats } from "./push.js";
-import { register, login, resolveToken, getUserNetworks, createNetwork, changePassword, type AuthUser } from "./auth.js";
+import { register, login, resolveToken, getUserNetworks, createNetwork, changePassword, listTokens, createToken, revokeToken, type AuthUser } from "./auth.js";
 const PORT = Number(process.env.PORT) || 9200;
 const AUTH_TOKEN = process.env.COMMHUB_AUTH_TOKEN;
@@ -305,6 +305,42 @@ Bun.serve({
       }
     }
+    // ── V3: Token management ──
+    if (url.pathname === "/api/auth/tokens" && req.method === "GET") {
+      const token = req.headers.get("Authorization")?.replace("Bearer ", "");
+      if (!token) return withCors(req, Response.json({ ok: false, error: "auth required" }, { status: 401 }));
+      const resolved = resolveToken(token);
+      if (!resolved) return withCors(req, Response.json({ ok: false, error: "invalid token" }, { status: 401 }));
+      const tokens = listTokens(resolved.user.user_id);
+      return withCors(req, Response.json({ ok: true, tokens }));
+    }
+    if (url.pathname === "/api/auth/tokens" && req.method === "POST") {
+      const token = req.headers.get("Authorization")?.replace("Bearer ", "");
+      if (!token) return withCors(req, Response.json({ ok: false, error: "auth required" }, { status: 401 }));
+      const resolved = resolveToken(token);
+      if (!resolved) return withCors(req, Response.json({ ok: false, error: "invalid token" }, { status: 401 }));
+      try {
+        const body = await req.json() as any;
+        const result = createToken(resolved.user.user_id, body.name || "api-token", body.network_id);
+        if (result.ok) logAudit(resolved.user.user_id, resolved.user.username, "token_created", "token", result.token_id);
+        return withCors(req, Response.json(result));
+      } catch (e: any) {
+        return withCors(req, Response.json({ ok: false, error: e.message }, { status: 400 }));
+      }
+    }
+    const tokenDeleteMatch = url.pathname.match(/^\/api\/auth\/tokens\/([^/]+)$/);
+    if (tokenDeleteMatch && req.method === "DELETE") {
+      const token = req.headers.get("Authorization")?.replace("Bearer ", "");
+      if (!token) return withCors(req, Response.json({ ok: false, error: "auth required" }, { status: 401 }));
+      const resolved = resolveToken(token);
+      if (!resolved) return withCors(req, Response.json({ ok: false, error: "invalid token" }, { status: 401 }));
+      const result = revokeToken(resolved.user.user_id, tokenDeleteMatch[1]);
+      if (result.ok) logAudit(resolved.user.user_id, resolved.user.username, "token_revoked", "token", tokenDeleteMatch[1]);
+      return withCors(req, Response.json(result, { status: result.ok ? 200 : 404 }));
+    }
     // ── V3: Network management ──
     if (url.pathname === "/api/networks" && req.method === "GET") {
       const token = req.headers.get("Authorization")?.replace("Bearer ", "") || url.searchParams.get("token");