@stackmemoryai/stackmemory 0.3.20 → 0.3.22

package/dist/servers/railway/index.js

@@ -83,8 +83,9 @@ class RailwayMCPServer {
       await this.pgPool.query(`
         CREATE TABLE IF NOT EXISTS users (
           id TEXT PRIMARY KEY,
-          email TEXT,
+          email TEXT UNIQUE,
           name TEXT,
+          password_hash TEXT,
           tier TEXT DEFAULT 'free',
           role TEXT DEFAULT 'user',
           created_at TIMESTAMPTZ DEFAULT NOW(),
@@ -95,6 +96,10 @@ class RailwayMCPServer {
         await this.pgPool.query(`ALTER TABLE users ADD COLUMN role TEXT DEFAULT 'user'`);
       } catch {
       }
+      try {
+        await this.pgPool.query(`ALTER TABLE users ADD COLUMN password_hash TEXT`);
+      } catch {
+      }
       try {
         await this.pgPool.query(`ALTER TABLE project_members ADD CONSTRAINT project_members_role_check CHECK (role IN ('admin','owner','editor','viewer'))`);
       } catch {
@@ -183,8 +188,9 @@ class RailwayMCPServer {
 
         CREATE TABLE IF NOT EXISTS users (
           id TEXT PRIMARY KEY,
-          email TEXT,
+          email TEXT UNIQUE,
           name TEXT,
+          password_hash TEXT,
           tier TEXT DEFAULT 'free',
           role TEXT DEFAULT 'user',
           created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
@@ -242,7 +248,7 @@ class RailwayMCPServer {
         for (const q of queries) {
           try {
             await this.pgPool.query(q);
-          } catch (e2) {
+          } catch (e) {
           }
         }
         await this.pgPool.query("INSERT INTO railway_schema_version (version, description) VALUES ($1, $2) ON CONFLICT (version) DO NOTHING", [version, description]);
@@ -271,6 +277,10 @@ class RailwayMCPServer {
         `ALTER TABLE project_members ADD CONSTRAINT project_members_role_check CHECK (role IN ('admin','owner','editor','viewer'))`,
         `ALTER TABLE users ADD CONSTRAINT users_role_check CHECK (role IN ('admin','user'))`
       ]);
+      await apply(4, "password authentication", [
+        `ALTER TABLE users ADD COLUMN IF NOT EXISTS password_hash TEXT`,
+        `ALTER TABLE users ADD CONSTRAINT users_email_unique UNIQUE (email)`
+      ]);
     } else {
       this.db.exec(`CREATE TABLE IF NOT EXISTS railway_schema_version (version INTEGER PRIMARY KEY, applied_at DATETIME DEFAULT CURRENT_TIMESTAMP, description TEXT)`);
       const row = this.db.prepare("SELECT COALESCE(MAX(version), 0) AS v FROM railway_schema_version").get();
@@ -307,6 +317,9 @@ class RailwayMCPServer {
         `CREATE TABLE IF NOT EXISTS admin_sessions (id TEXT PRIMARY KEY, user_id TEXT NOT NULL, created_at DATETIME DEFAULT CURRENT_TIMESTAMP, expires_at DATETIME NOT NULL, user_agent TEXT, ip TEXT)`,
         `CREATE INDEX IF NOT EXISTS idx_admin_sessions_user ON admin_sessions(user_id)`
       ]);
+      apply(3, "password authentication", [
+        `ALTER TABLE users ADD COLUMN password_hash TEXT`
+      ]);
     }
   }
   // TTL cleanup for admin sessions
@@ -318,10 +331,13 @@ class RailwayMCPServer {
         if (this.pgPool) {
           await this.pgPool.query("DELETE FROM admin_sessions WHERE expires_at <= NOW()");
         } else if (this.db) {
-          this.db.prepare('DELETE FROM admin_sessions WHERE datetime(expires_at) <= datetime("now")').run();
+          const tableExists = this.db.prepare(`SELECT name FROM sqlite_master WHERE type='table' AND name='admin_sessions'`).get();
+          if (tableExists) {
+            this.db.prepare('DELETE FROM admin_sessions WHERE datetime(expires_at) <= datetime("now")').run();
+          }
         }
-      } catch {
-        console.warn("Admin session cleanup failed:", e);
+      } catch (error) {
+        console.warn("Admin session cleanup failed:", error);
       }
     };
     run();
@@ -346,7 +362,7 @@ class RailwayMCPServer {
     }
   }
   async authenticate(req, res, next) {
-    if (req.path === "/health" || req.path === "/health/db") {
+    if (req.path === "/health" || req.path === "/api/health" || req.path === "/health/db") {
       return next();
     }
     const authHeader = req.headers.authorization;
@@ -362,8 +378,8 @@ class RailwayMCPServer {
         }
         req.user = valid;
         return next();
-      } catch (e2) {
-        return res.status(500).json({ error: e2.message || "Auth error" });
+      } catch (e) {
+        return res.status(500).json({ error: e.message || "Auth error" });
       }
     }
     if (config.authMode === "jwt" && process.env["AUTH0_DOMAIN"]) {
@@ -435,7 +451,7 @@ class RailwayMCPServer {
     next();
   }
   setupRoutes() {
-    this.app.get("/health", (req, res) => {
+    const healthHandler = (req, res) => {
       const health = {
         status: "healthy",
         version: "1.0.0",
@@ -444,7 +460,9 @@ class RailwayMCPServer {
         environment: config.environment
       };
       res.json(health);
-    });
+    };
+    this.app.get("/health", healthHandler);
+    this.app.get("/api/health", healthHandler);
     this.app.get("/", (req, res) => {
       res.json({
         name: "StackMemory Railway Server",
@@ -457,6 +475,176 @@ class RailwayMCPServer {
         }
       });
     });
+    this.app.post("/auth/signup", async (req, res) => {
+      try {
+        const { email, password, name } = req.body;
+        if (!email || !password) {
+          return res.status(400).json({
+            success: false,
+            error: "Email and password are required"
+          });
+        }
+        if (this.pgPool) {
+          const existingUser = await this.pgPool.query(
+            "SELECT id FROM users WHERE email = $1",
+            [email]
+          );
+          if (existingUser.rowCount > 0) {
+            return res.status(409).json({
+              success: false,
+              error: "User already exists"
+            });
+          }
+        } else {
+          const existingUser = this.db.prepare("SELECT id FROM users WHERE email = ?").get(email);
+          if (existingUser) {
+            return res.status(409).json({
+              success: false,
+              error: "User already exists"
+            });
+          }
+        }
+        const passwordHash = await bcrypt.hash(password, 10);
+        const userId = `user_${Date.now()}_${Math.random().toString(36).substring(7)}`;
+        if (this.pgPool) {
+          await this.pgPool.query(
+            "INSERT INTO users (id, email, name, password_hash, tier, role) VALUES ($1, $2, $3, $4, $5, $6)",
+            [userId, email, name || email.split("@")[0], passwordHash, "free", "user"]
+          );
+        } else {
+          this.db.prepare(
+            "INSERT INTO users (id, email, name, password_hash, tier, role) VALUES (?, ?, ?, ?, ?, ?)"
+          ).run(userId, email, name || email.split("@")[0], passwordHash, "free", "user");
+        }
+        const apiKey = `sk_${Math.random().toString(36).substring(2)}${Math.random().toString(36).substring(2)}`;
+        const apiKeyHash = await bcrypt.hash(apiKey, 10);
+        if (this.pgPool) {
+          await this.pgPool.query(
+            "INSERT INTO api_keys (key_hash, user_id, name) VALUES ($1, $2, $3)",
+            [apiKeyHash, userId, "Default API Key"]
+          );
+        } else {
+          this.db.prepare(
+            "INSERT INTO api_keys (key_hash, user_id, name) VALUES (?, ?, ?)"
+          ).run(apiKeyHash, userId, "Default API Key");
+        }
+        const token = jwt.sign(
+          { sub: userId, email, role: "user" },
+          config.jwtSecret,
+          { expiresIn: "30d" }
+        );
+        res.json({
+          success: true,
+          apiKey,
+          token,
+          email,
+          userId,
+          message: "Account created successfully"
+        });
+      } catch (error) {
+        console.error("Signup error:", error);
+        res.status(500).json({
+          success: false,
+          error: "Failed to create account"
+        });
+      }
+    });
+    this.app.post("/auth/login", async (req, res) => {
+      try {
+        const { email, password } = req.body;
+        if (!email || !password) {
+          return res.status(400).json({
+            success: false,
+            error: "Email and password are required"
+          });
+        }
+        let user = null;
+        if (this.pgPool) {
+          const result = await this.pgPool.query(
+            "SELECT id, email, name, password_hash, tier, role FROM users WHERE email = $1",
+            [email]
+          );
+          user = result.rows[0];
+        } else {
+          user = this.db.prepare(
+            "SELECT id, email, name, password_hash, tier, role FROM users WHERE email = ?"
+          ).get(email);
+        }
+        if (!user) {
+          return res.status(401).json({
+            success: false,
+            error: "Invalid credentials"
+          });
+        }
+        const validPassword = await bcrypt.compare(password, user.password_hash);
+        if (!validPassword) {
+          return res.status(401).json({
+            success: false,
+            error: "Invalid credentials"
+          });
+        }
+        let apiKey = null;
+        if (this.pgPool) {
+          const keyResult = await this.pgPool.query(
+            "SELECT id FROM api_keys WHERE user_id = $1 AND revoked = false LIMIT 1",
+            [user.id]
+          );
+          if (keyResult.rowCount === 0) {
+            apiKey = `sk_${Math.random().toString(36).substring(2)}${Math.random().toString(36).substring(2)}`;
+            const apiKeyHash = await bcrypt.hash(apiKey, 10);
+            await this.pgPool.query(
+              "INSERT INTO api_keys (key_hash, user_id, name) VALUES ($1, $2, $3)",
+              [apiKeyHash, user.id, "Default API Key"]
+            );
+          } else {
+            apiKey = `sk_${Math.random().toString(36).substring(2)}${Math.random().toString(36).substring(2)}`;
+            const apiKeyHash = await bcrypt.hash(apiKey, 10);
+            await this.pgPool.query(
+              "UPDATE api_keys SET key_hash = $1, last_used = NOW() WHERE id = $2",
+              [apiKeyHash, keyResult.rows[0].id]
+            );
+          }
+        } else {
+          const keyRow = this.db.prepare(
+            "SELECT id FROM api_keys WHERE user_id = ? AND revoked = 0 LIMIT 1"
+          ).get(user.id);
+          if (!keyRow) {
+            apiKey = `sk_${Math.random().toString(36).substring(2)}${Math.random().toString(36).substring(2)}`;
+            const apiKeyHash = await bcrypt.hash(apiKey, 10);
+            this.db.prepare(
+              "INSERT INTO api_keys (key_hash, user_id, name) VALUES (?, ?, ?)"
+            ).run(apiKeyHash, user.id, "Default API Key");
+          } else {
+            apiKey = `sk_${Math.random().toString(36).substring(2)}${Math.random().toString(36).substring(2)}`;
+            const apiKeyHash = await bcrypt.hash(apiKey, 10);
+            this.db.prepare(
+              "UPDATE api_keys SET key_hash = ?, last_used = CURRENT_TIMESTAMP WHERE id = ?"
+            ).run(apiKeyHash, keyRow.id);
+          }
+        }
+        const token = jwt.sign(
+          { sub: user.id, email: user.email, role: user.role },
+          config.jwtSecret,
+          { expiresIn: "30d" }
+        );
+        res.json({
+          success: true,
+          apiKey,
+          token,
+          email: user.email,
+          userId: user.id,
+          databaseUrl: process.env.DATABASE_URL,
+          // For client configuration
+          message: "Login successful"
+        });
+      } catch (error) {
+        console.error("Login error:", error);
+        res.status(500).json({
+          success: false,
+          error: "Login failed"
+        });
+      }
+    });
     this.app.post("/api/context/save", async (req, res) => {
       try {
         const { projectId = "default", content, type = "general", metadata = {} } = req.body;
@@ -507,7 +695,7 @@ class RailwayMCPServer {
         res.status(500).json({ error: error.message });
       }
     });
-    const parseCookies2 = (cookieHeader) => {
+    const parseCookies = (cookieHeader) => {
       const out = {};
       if (!cookieHeader) return out;
       cookieHeader.split(";").forEach((p) => {
@@ -516,15 +704,15 @@ class RailwayMCPServer {
       });
       return out;
     };
-    const setJwtCookie2 = (res, token) => {
+    const setJwtCookie = (res, token) => {
       const flags = ["Path=/", "HttpOnly", "SameSite=Lax"];
       if (process.env["NODE_ENV"] === "production") flags.push("Secure");
       res.setHeader("Set-Cookie", `sm_admin_jwt=${encodeURIComponent(token)}; ${flags.join("; ")}`);
     };
-    const clearJwtCookie2 = (res) => {
+    const clearJwtCookie = (res) => {
       res.setHeader("Set-Cookie", "sm_admin_jwt=; Path=/; HttpOnly; Max-Age=0; SameSite=Lax");
     };
-    const verifyAdminJwt2 = (token) => {
+    const verifyAdminJwt = (token) => {
       try {
         const secret = process.env["ADMIN_JWT_SECRET"] || "dev-admin-secret";
         const payload = jwt.verify(token, secret);
@@ -544,10 +732,10 @@ class RailwayMCPServer {
     const requireAdmin = (req, res, next) => {
       const user = req.user || {};
       if (user.role === "admin") return next();
-      const cookies = parseCookies2(req.headers.cookie);
+      const cookies = parseCookies(req.headers.cookie);
       const t = cookies["sm_admin_jwt"];
       if (t) {
-        const verified = verifyAdminJwt2(t);
+        const verified = verifyAdminJwt(t);
         if (verified) {
           checkDbSession(verified.jti).then((ok) => {
             if (ok) return next();
@@ -580,8 +768,8 @@ class RailwayMCPServer {
         }
         const rows = this.db.prepare("SELECT id, name, is_public, created_at, updated_at FROM projects ORDER BY updated_at DESC").all();
         return res.json({ projects: rows });
-      } catch (e2) {
-        res.status(500).json({ error: e2.message });
+      } catch (e) {
+        res.status(500).json({ error: e.message });
       }
     });
     this.app.post("/admin/api/projects", requireAdmin, async (req, res) => {
@@ -594,8 +782,8 @@ class RailwayMCPServer {
         }
         this.db.prepare("INSERT OR IGNORE INTO projects (id, name, is_public) VALUES (?, ?, ?)").run(id, name || id, isPublic ? 1 : 0);
         return res.json({ success: true });
-      } catch (e2) {
-        res.status(500).json({ error: e2.message });
+      } catch (e) {
+        res.status(500).json({ error: e.message });
       }
     });
     this.app.patch("/admin/api/projects/:id/visibility", requireAdmin, async (req, res) => {
@@ -609,8 +797,8 @@ class RailwayMCPServer {
         }
         this.db.prepare("UPDATE projects SET is_public = ?, updated_at = CURRENT_TIMESTAMP WHERE id = ?").run(isPublic ? 1 : 0, pid);
         return res.json({ success: true });
-      } catch (e2) {
-        res.status(500).json({ error: e2.message });
+      } catch (e) {
+        res.status(500).json({ error: e.message });
       }
     });
     this.app.get("/admin/api/projects/:id/members", requireAdmin, async (req, res) => {
@@ -625,8 +813,8 @@ class RailwayMCPServer {
         }
         const stmt = this.db.prepare("SELECT pm.user_id, pm.role, u.email, u.name FROM project_members pm LEFT JOIN users u ON u.id = pm.user_id WHERE pm.project_id = ? ORDER BY pm.role");
         return res.json({ members: stmt.all(pid) });
-      } catch (e2) {
-        res.status(500).json({ error: e2.message });
+      } catch (e) {
+        res.status(500).json({ error: e.message });
       }
     });
     this.app.put("/admin/api/projects/:id/members", requireAdmin, async (req, res) => {
@@ -645,8 +833,8 @@ class RailwayMCPServer {
         }
         this.db.prepare("INSERT INTO project_members (project_id, user_id, role) VALUES (?, ?, ?) ON CONFLICT(project_id, user_id) DO UPDATE SET role = ?").run(pid, userId, role, role);
         return res.json({ success: true });
-      } catch (e2) {
-        res.status(500).json({ error: e2.message });
+      } catch (e) {
+        res.status(500).json({ error: e.message });
       }
     });
     this.app.delete("/admin/api/projects/:id/members/:userId", requireAdmin, async (req, res) => {
@@ -659,8 +847,8 @@ class RailwayMCPServer {
         }
         this.db.prepare("DELETE FROM project_members WHERE project_id = ? AND user_id = ?").run(pid, uid);
         return res.json({ success: true });
-      } catch (e2) {
-        res.status(500).json({ error: e2.message });
+      } catch (e) {
+        res.status(500).json({ error: e.message });
       }
     });
     this.app.get("/admin/api/sessions", requireAdmin, async (_req, res) => {
@@ -671,8 +859,8 @@ class RailwayMCPServer {
         }
         const rows = this.db.prepare("SELECT id, user_id, created_at, expires_at, user_agent, ip FROM admin_sessions ORDER BY created_at DESC").all();
         return res.json({ sessions: rows });
-      } catch (e2) {
-        res.status(500).json({ error: e2.message });
+      } catch (e) {
+        res.status(500).json({ error: e.message });
       }
     });
     this.app.delete("/admin/api/sessions/:id", requireAdmin, async (req, res) => {
@@ -684,13 +872,13 @@ class RailwayMCPServer {
           this.db.prepare("DELETE FROM admin_sessions WHERE id = ?").run(id);
         }
         res.json({ success: true });
-      } catch (e2) {
-        res.status(500).json({ error: e2.message });
+      } catch (e) {
+        res.status(500).json({ error: e.message });
       }
     });
     this.app.post("/admin/api/sessions/refresh", requireAdmin, async (req, res) => {
       try {
-        const cookies = parseCookies2(req.headers.cookie);
+        const cookies = parseCookies(req.headers.cookie);
         const t = cookies["sm_admin_jwt"];
         if (!t) return res.status(400).json({ error: "No session" });
         const secret = process.env["ADMIN_JWT_SECRET"] || "dev-admin-secret";
@@ -708,7 +896,8 @@ class RailwayMCPServer {
           } else {
             this.db.prepare("DELETE FROM admin_sessions WHERE id = ?").run(oldJti);
           }
-        } catch {
+        } catch (error) {
+          console.warn("Failed to delete session during refresh:", error);
         }
         const jti = Math.random().toString(36).slice(2) + Math.random().toString(36).slice(2);
         const hours = parseInt(process.env["ADMIN_SESSION_HOURS"] || "8", 10);
@@ -726,8 +915,8 @@ class RailwayMCPServer {
         if (process.env["NODE_ENV"] === "production") flags.push("Secure");
         res.setHeader("Set-Cookie", `sm_admin_jwt=${encodeURIComponent(token)}; ${flags.join("; ")}`);
         return res.json({ success: true });
-      } catch (e2) {
-        res.status(500).json({ error: e2.message });
+      } catch (e) {
+        res.status(500).json({ error: e.message });
       }
     });
     this.app.get("/admin", requireAdmin, (req, res) => {
@@ -879,6 +1068,63 @@ loadSessions();
         }
       });
     }
+    this.app.get("/admin/login", (_req, res) => {
+      res.setHeader("Content-Type", "text/html");
+      res.send(`<!doctype html><html><head><meta charset="utf-8"/><title>Admin Login</title>
+<style>body{font-family:system-ui;margin:40px} input{padding:8px;margin:4px} button{padding:8px}</style></head>
+<body><h3>Admin Login</h3>
+<p>Paste an admin API key to manage projects and members.</p>
+<form method="POST" action="/admin/login">
+  <input type="password" name="apiKey" placeholder="sk-..." style="min-width:360px" required/>
+  <div><button type="submit">Login</button></div>
+  <p style="color:#666">Your key is validated server-side and not stored in the browser; a short-lived session cookie is created.</p>
+</form>
+</body></html>`);
+    });
+    this.app.post("/admin/login", express.urlencoded({ extended: false }), async (req, res) => {
+      try {
+        const apiKey = req.body?.apiKey || "";
+        if (!apiKey) return res.status(400).send("Missing API key");
+        const u = await this.validateApiKey(apiKey);
+        if (!u || u.role !== "admin") return res.status(403).send("Not an admin API key");
+        const jti = Math.random().toString(36).slice(2) + Math.random().toString(36).slice(2);
+        const hours = parseInt(process.env["ADMIN_SESSION_HOURS"] || "8", 10);
+        const expMs = Date.now() + hours * 3600 * 1e3;
+        const expDateIso = new Date(expMs).toISOString();
+        const ua = req.headers["user-agent"] || "";
+        const ip = req.headers["x-forwarded-for"] || req.socket.remoteAddress || "";
+        if (this.pgPool) {
+          await this.pgPool.query("INSERT INTO admin_sessions (id, user_id, expires_at, user_agent, ip) VALUES ($1, $2, $3, $4, $5)", [jti, u.id, expDateIso, ua, ip]);
+        } else {
+          this.db.prepare("INSERT INTO admin_sessions (id, user_id, expires_at, user_agent, ip) VALUES (?, ?, ?, ?, ?)").run(jti, u.id, expDateIso, ua, ip);
+        }
+        const token = jwt.sign({ sub: u.id, role: "admin", jti }, process.env["ADMIN_JWT_SECRET"] || "dev-admin-secret", { expiresIn: hours + "h" });
+        setJwtCookie(res, token);
+        res.redirect("/admin");
+      } catch (e) {
+        res.status(500).send("Login failed");
+      }
+    });
+    this.app.get("/admin/logout", async (req, res) => {
+      const cookies = parseCookies(req.headers.cookie);
+      const t = cookies["sm_admin_jwt"];
+      if (t) {
+        const verified = verifyAdminJwt(t);
+        if (verified) {
+          try {
+            if (this.pgPool) {
+              await this.pgPool.query("DELETE FROM admin_sessions WHERE id = $1", [verified.jti]);
+            } else {
+              this.db.prepare("DELETE FROM admin_sessions WHERE id = ?").run(verified.jti);
+            }
+          } catch (error) {
+            console.warn("Failed to delete session during logout:", error);
+          }
+        }
+      }
+      clearJwtCookie(res);
+      res.redirect("/admin/login");
+    });
   }
   setupWebSocket() {
     this.wss = new WebSocketServer({
@@ -1096,60 +1342,4 @@ process.on("SIGINT", () => {
   console.log("Shutting down...");
   process.exit(0);
 });
-(void 0).app.get("/admin/login", (_req, res) => {
-  res.setHeader("Content-Type", "text/html");
-  res.send(`<!doctype html><html><head><meta charset="utf-8"/><title>Admin Login</title>
-<style>body{font-family:system-ui;margin:40px} input{padding:8px;margin:4px} button{padding:8px}</style></head>
-<body><h3>Admin Login</h3>
-<p>Paste an admin API key to manage projects and members.</p>
-<form method="POST" action="/admin/login">
-  <input type="password" name="apiKey" placeholder="sk-..." style="min-width:360px" required/>
-  <div><button type="submit">Login</button></div>
-  <p style="color:#666">Your key is validated server-side and not stored in the browser; a short-lived session cookie is created.</p>
-</form>
-</body></html>`);
-});
-(void 0).app.post("/admin/login", express.urlencoded({ extended: false }), async (req, res) => {
-  try {
-    const apiKey = req.body?.apiKey || "";
-    if (!apiKey) return res.status(400).send("Missing API key");
-    const u = await (void 0).validateApiKey(apiKey);
-    if (!u || u.role !== "admin") return res.status(403).send("Not an admin API key");
-    const jti = Math.random().toString(36).slice(2) + Math.random().toString(36).slice(2);
-    const hours = parseInt(process.env["ADMIN_SESSION_HOURS"] || "8", 10);
-    const expMs = Date.now() + hours * 3600 * 1e3;
-    const expDateIso = new Date(expMs).toISOString();
-    const ua = req.headers["user-agent"] || "";
-    const ip = req.headers["x-forwarded-for"] || req.socket.remoteAddress || "";
-    if ((void 0).pgPool) {
-      await (void 0).pgPool.query("INSERT INTO admin_sessions (id, user_id, expires_at, user_agent, ip) VALUES ($1, $2, $3, $4, $5)", [jti, u.id, expDateIso, ua, ip]);
-    } else {
-      (void 0).db.prepare("INSERT INTO admin_sessions (id, user_id, expires_at, user_agent, ip) VALUES (?, ?, ?, ?, ?)").run(jti, u.id, expDateIso, ua, ip);
-    }
-    const token = jwt.sign({ sub: u.id, role: "admin", jti }, process.env["ADMIN_JWT_SECRET"] || "dev-admin-secret", { expiresIn: hours + "h" });
-    setJwtCookie(res, token);
-    res.redirect("/admin");
-  } catch (e2) {
-    res.status(500).send("Login failed");
-  }
-});
-(void 0).app.get("/admin/logout", async (req, res) => {
-  const cookies = parseCookies(req.headers.cookie);
-  const t = cookies["sm_admin_jwt"];
-  if (t) {
-    const verified = verifyAdminJwt(t);
-    if (verified) {
-      try {
-        if ((void 0).pgPool) {
-          await (void 0).pgPool.query("DELETE FROM admin_sessions WHERE id = $1", [verified.jti]);
-        } else {
-          (void 0).db.prepare("DELETE FROM admin_sessions WHERE id = ?").run(verified.jti);
-        }
-      } catch {
-      }
-    }
-  }
-  clearJwtCookie(res);
-  res.redirect("/admin/login");
-});
 //# sourceMappingURL=index.js.map