@syncular/server-hono 0.0.6-95 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (104) hide show
  1. package/README.md +5 -23
  2. package/dist/admin-page.d.ts +14 -0
  3. package/dist/admin-page.js +217 -0
  4. package/dist/admin.d.ts +39 -0
  5. package/dist/admin.js +142 -0
  6. package/dist/index.d.ts +16 -14
  7. package/dist/index.js +134 -23
  8. package/package.json +19 -53
  9. package/src/admin-page.ts +217 -0
  10. package/src/admin.ts +193 -0
  11. package/src/index.ts +175 -31
  12. package/dist/api-key-auth.d.ts +0 -49
  13. package/dist/api-key-auth.d.ts.map +0 -1
  14. package/dist/api-key-auth.js +0 -110
  15. package/dist/api-key-auth.js.map +0 -1
  16. package/dist/blobs.d.ts +0 -69
  17. package/dist/blobs.d.ts.map +0 -1
  18. package/dist/blobs.js +0 -383
  19. package/dist/blobs.js.map +0 -1
  20. package/dist/console/gateway.d.ts +0 -33
  21. package/dist/console/gateway.d.ts.map +0 -1
  22. package/dist/console/gateway.js +0 -2534
  23. package/dist/console/gateway.js.map +0 -1
  24. package/dist/console/index.d.ts +0 -11
  25. package/dist/console/index.d.ts.map +0 -1
  26. package/dist/console/index.js +0 -11
  27. package/dist/console/index.js.map +0 -1
  28. package/dist/console/routes.d.ts +0 -33
  29. package/dist/console/routes.d.ts.map +0 -1
  30. package/dist/console/routes.js +0 -2890
  31. package/dist/console/routes.js.map +0 -1
  32. package/dist/console/schemas.d.ts +0 -490
  33. package/dist/console/schemas.d.ts.map +0 -1
  34. package/dist/console/schemas.js +0 -303
  35. package/dist/console/schemas.js.map +0 -1
  36. package/dist/console/types.d.ts +0 -142
  37. package/dist/console/types.d.ts.map +0 -1
  38. package/dist/console/types.js +0 -2
  39. package/dist/console/types.js.map +0 -1
  40. package/dist/console/ui.d.ts +0 -38
  41. package/dist/console/ui.d.ts.map +0 -1
  42. package/dist/console/ui.js +0 -43
  43. package/dist/console/ui.js.map +0 -1
  44. package/dist/create-server.d.ts +0 -68
  45. package/dist/create-server.d.ts.map +0 -1
  46. package/dist/create-server.js +0 -109
  47. package/dist/create-server.js.map +0 -1
  48. package/dist/index.d.ts.map +0 -1
  49. package/dist/index.js.map +0 -1
  50. package/dist/openapi.d.ts +0 -45
  51. package/dist/openapi.d.ts.map +0 -1
  52. package/dist/openapi.js +0 -59
  53. package/dist/openapi.js.map +0 -1
  54. package/dist/proxy/connection-manager.d.ts +0 -78
  55. package/dist/proxy/connection-manager.d.ts.map +0 -1
  56. package/dist/proxy/connection-manager.js +0 -251
  57. package/dist/proxy/connection-manager.js.map +0 -1
  58. package/dist/proxy/index.d.ts +0 -8
  59. package/dist/proxy/index.d.ts.map +0 -1
  60. package/dist/proxy/index.js +0 -8
  61. package/dist/proxy/index.js.map +0 -1
  62. package/dist/proxy/routes.d.ts +0 -74
  63. package/dist/proxy/routes.d.ts.map +0 -1
  64. package/dist/proxy/routes.js +0 -147
  65. package/dist/proxy/routes.js.map +0 -1
  66. package/dist/rate-limit.d.ts +0 -101
  67. package/dist/rate-limit.d.ts.map +0 -1
  68. package/dist/rate-limit.js +0 -186
  69. package/dist/rate-limit.js.map +0 -1
  70. package/dist/routes.d.ts +0 -145
  71. package/dist/routes.d.ts.map +0 -1
  72. package/dist/routes.js +0 -1471
  73. package/dist/routes.js.map +0 -1
  74. package/dist/ws.d.ts +0 -235
  75. package/dist/ws.d.ts.map +0 -1
  76. package/dist/ws.js +0 -614
  77. package/dist/ws.js.map +0 -1
  78. package/src/__tests__/blob-routes.test.ts +0 -424
  79. package/src/__tests__/console-gateway-live-routes.test.ts +0 -297
  80. package/src/__tests__/console-gateway-routes.test.ts +0 -1364
  81. package/src/__tests__/console-routes.test.ts +0 -1543
  82. package/src/__tests__/console-ui.test.ts +0 -114
  83. package/src/__tests__/create-server.test.ts +0 -342
  84. package/src/__tests__/pull-chunk-storage.test.ts +0 -576
  85. package/src/__tests__/rate-limit.test.ts +0 -78
  86. package/src/__tests__/realtime-bridge.test.ts +0 -135
  87. package/src/__tests__/sync-rate-limit-routing.test.ts +0 -185
  88. package/src/__tests__/ws-connection-manager.test.ts +0 -176
  89. package/src/api-key-auth.ts +0 -179
  90. package/src/blobs.ts +0 -534
  91. package/src/console/gateway.ts +0 -3603
  92. package/src/console/index.ts +0 -11
  93. package/src/console/routes.ts +0 -3748
  94. package/src/console/schemas.ts +0 -434
  95. package/src/console/types.ts +0 -151
  96. package/src/console/ui.ts +0 -100
  97. package/src/create-server.ts +0 -206
  98. package/src/openapi.ts +0 -74
  99. package/src/proxy/connection-manager.ts +0 -340
  100. package/src/proxy/index.ts +0 -8
  101. package/src/proxy/routes.ts +0 -223
  102. package/src/rate-limit.ts +0 -321
  103. package/src/routes.ts +0 -2007
  104. package/src/ws.ts +0 -802
@@ -1,3748 +0,0 @@
1
- /**
2
- * @syncular/server-hono - Console API routes
3
- *
4
- * Provides monitoring and operations endpoints for the @syncular dashboard.
5
- *
6
- * Endpoints:
7
- * - GET /stats - Sync statistics
8
- * - GET /commits - Paginated commit list
9
- * - GET /commits/:seq - Single commit with changes
10
- * - GET /clients - Client cursor list
11
- * - GET /handlers - Registered handlers
12
- * - POST /prune - Trigger pruning
13
- * - POST /prune/preview - Preview pruning (dry run)
14
- * - POST /compact - Trigger compaction
15
- * - DELETE /clients/:id - Evict client
16
- */
17
-
18
- import { logSyncEvent } from '@syncular/core';
19
- import type { SqlFamily, SyncCoreDb, SyncServerAuth } from '@syncular/server';
20
- import {
21
- compactChanges,
22
- computePruneWatermarkCommitSeq,
23
- notifyExternalDataChange,
24
- pruneSync,
25
- readSyncStats,
26
- } from '@syncular/server';
27
- import type { Context } from 'hono';
28
- import { Hono } from 'hono';
29
- import { cors } from 'hono/cors';
30
- import { describeRoute, resolver, validator as zValidator } from 'hono-openapi';
31
- import { type Generated, type Kysely, type Selectable, sql } from 'kysely';
32
- import { z } from 'zod';
33
- import {
34
- type ApiKeyType,
35
- ApiKeyTypeSchema,
36
- type ConsoleApiKey,
37
- ConsoleApiKeyBulkRevokeRequestSchema,
38
- type ConsoleApiKeyBulkRevokeResponse,
39
- ConsoleApiKeyBulkRevokeResponseSchema,
40
- ConsoleApiKeyCreateRequestSchema,
41
- type ConsoleApiKeyCreateResponse,
42
- ConsoleApiKeyCreateResponseSchema,
43
- ConsoleApiKeyRevokeResponseSchema,
44
- ConsoleApiKeySchema,
45
- ConsoleBlobDeleteResponseSchema,
46
- ConsoleBlobListQuerySchema,
47
- ConsoleBlobListResponseSchema,
48
- type ConsoleChange,
49
- type ConsoleClearEventsResult,
50
- ConsoleClearEventsResultSchema,
51
- type ConsoleClient,
52
- ConsoleClientSchema,
53
- type ConsoleCommitDetail,
54
- ConsoleCommitDetailSchema,
55
- type ConsoleCommitListItem,
56
- ConsoleCommitListItemSchema,
57
- type ConsoleCompactResult,
58
- ConsoleCompactResultSchema,
59
- type ConsoleEvictResult,
60
- ConsoleEvictResultSchema,
61
- type ConsoleHandler,
62
- ConsoleHandlerSchema,
63
- type ConsoleOperationEvent,
64
- ConsoleOperationEventSchema,
65
- ConsoleOperationsQuerySchema,
66
- type ConsoleOperationType,
67
- type ConsolePaginatedResponse,
68
- ConsolePaginatedResponseSchema,
69
- ConsolePaginationQuerySchema,
70
- ConsolePartitionedPaginationQuerySchema,
71
- ConsolePartitionQuerySchema,
72
- type ConsolePruneEventsResult,
73
- ConsolePruneEventsResultSchema,
74
- type ConsolePrunePreview,
75
- ConsolePrunePreviewSchema,
76
- type ConsolePruneResult,
77
- ConsolePruneResultSchema,
78
- type ConsoleRequestEvent,
79
- ConsoleRequestEventSchema,
80
- type ConsoleRequestPayload,
81
- ConsoleRequestPayloadSchema,
82
- type ConsoleTimelineItem,
83
- ConsoleTimelineItemSchema,
84
- ConsoleTimelineQuerySchema,
85
- type LatencyPercentiles,
86
- LatencyQuerySchema,
87
- type LatencyStatsResponse,
88
- LatencyStatsResponseSchema,
89
- type LiveEvent,
90
- type SyncStats,
91
- SyncStatsSchema,
92
- type TimeseriesBucket,
93
- TimeseriesQuerySchema,
94
- type TimeseriesStatsResponse,
95
- TimeseriesStatsResponseSchema,
96
- } from './schemas';
97
- import type {
98
- ConsoleAuthResult,
99
- ConsoleEventEmitter,
100
- ConsoleEventListener,
101
- CreateConsoleRoutesOptions,
102
- } from './types';
103
-
104
- /**
105
- * Create a simple console event emitter for broadcasting live events.
106
- */
107
- export function createConsoleEventEmitter(options?: {
108
- maxHistory?: number;
109
- }): ConsoleEventEmitter {
110
- const listeners = new Set<ConsoleEventListener>();
111
- const history: LiveEvent[] = [];
112
- const maxHistory = Math.max(1, options?.maxHistory ?? 500);
113
-
114
- return {
115
- addListener(listener: ConsoleEventListener) {
116
- listeners.add(listener);
117
- },
118
- removeListener(listener: ConsoleEventListener) {
119
- listeners.delete(listener);
120
- },
121
- emit(event: LiveEvent) {
122
- history.push(event);
123
- if (history.length > maxHistory) {
124
- history.splice(0, history.length - maxHistory);
125
- }
126
- for (const listener of listeners) {
127
- try {
128
- listener(event);
129
- } catch {
130
- // Ignore errors in listeners
131
- }
132
- }
133
- },
134
- replay(replayOptions) {
135
- const sinceMs = replayOptions?.since
136
- ? Date.parse(replayOptions.since)
137
- : Number.NaN;
138
- const hasSince = Number.isFinite(sinceMs);
139
- const normalizedPartitionId = replayOptions?.partitionId?.trim();
140
- const hasPartitionFilter = Boolean(normalizedPartitionId);
141
-
142
- const filteredByTime = hasSince
143
- ? history.filter((event) => {
144
- const eventMs = Date.parse(event.timestamp);
145
- return Number.isFinite(eventMs) && eventMs > sinceMs;
146
- })
147
- : history;
148
-
149
- const filtered = hasPartitionFilter
150
- ? filteredByTime.filter((event) => {
151
- const eventPartitionId = event.data.partitionId;
152
- return (
153
- typeof eventPartitionId === 'string' &&
154
- eventPartitionId === normalizedPartitionId
155
- );
156
- })
157
- : filteredByTime;
158
-
159
- const normalizedLimit =
160
- replayOptions?.limit && replayOptions.limit > 0
161
- ? Math.floor(replayOptions.limit)
162
- : 100;
163
- const limited = filtered.slice(-normalizedLimit);
164
- return [...limited];
165
- },
166
- };
167
- }
168
-
169
- function coerceNumber(value: unknown): number | null {
170
- if (value === null || value === undefined) return null;
171
- if (typeof value === 'number') return Number.isFinite(value) ? value : null;
172
- if (typeof value === 'bigint')
173
- return Number.isFinite(Number(value)) ? Number(value) : null;
174
- if (typeof value === 'string') {
175
- const n = Number(value);
176
- return Number.isFinite(n) ? n : null;
177
- }
178
- return null;
179
- }
180
-
181
- function parseDate(value: string | null | undefined): number | null {
182
- if (!value) return null;
183
- const parsed = Date.parse(value);
184
- return Number.isFinite(parsed) ? parsed : null;
185
- }
186
-
187
- function includesSearchTerm(
188
- value: string | null | undefined,
189
- searchTerm: string | null
190
- ): boolean {
191
- if (!searchTerm) return true;
192
- if (!value) return false;
193
- return value.toLowerCase().includes(searchTerm);
194
- }
195
-
196
- function parseJsonValue(value: unknown): unknown {
197
- if (value === null || value === undefined) return null;
198
- if (typeof value !== 'string') return value;
199
- try {
200
- return JSON.parse(value);
201
- } catch {
202
- return value;
203
- }
204
- }
205
-
206
- function parseScopesSummary(
207
- value: unknown
208
- ): Record<string, string | string[]> | null {
209
- const parsed = parseJsonValue(value);
210
- if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed)) {
211
- return null;
212
- }
213
-
214
- const summary: Record<string, string | string[]> = {};
215
- for (const [key, entry] of Object.entries(parsed)) {
216
- if (typeof entry === 'string') {
217
- summary[key] = entry;
218
- continue;
219
- }
220
- if (!Array.isArray(entry)) continue;
221
- summary[key] = entry.filter(
222
- (value): value is string => typeof value === 'string'
223
- );
224
- }
225
-
226
- return Object.keys(summary).length > 0 ? summary : null;
227
- }
228
-
229
- function getClientActivityState(args: {
230
- connectionCount: number;
231
- updatedAt: string | null | undefined;
232
- }): 'active' | 'idle' | 'stale' {
233
- if (args.connectionCount > 0) {
234
- return 'active';
235
- }
236
-
237
- const updatedAtMs = parseDate(args.updatedAt);
238
- if (updatedAtMs === null) {
239
- return 'stale';
240
- }
241
-
242
- const ageMs = Date.now() - updatedAtMs;
243
- if (ageMs <= 60_000) {
244
- return 'active';
245
- }
246
- if (ageMs <= 5 * 60_000) {
247
- return 'idle';
248
- }
249
- return 'stale';
250
- }
251
-
252
- type TimeseriesInterval = 'minute' | 'hour' | 'day';
253
- type TimeseriesRange = '1h' | '6h' | '24h' | '7d' | '30d';
254
-
255
- function rangeToMs(range: TimeseriesRange): number {
256
- if (range === '1h') return 60 * 60 * 1000;
257
- if (range === '6h') return 6 * 60 * 60 * 1000;
258
- if (range === '24h') return 24 * 60 * 60 * 1000;
259
- if (range === '7d') return 7 * 24 * 60 * 60 * 1000;
260
- return 30 * 24 * 60 * 60 * 1000;
261
- }
262
-
263
- function intervalToMs(interval: TimeseriesInterval): number {
264
- if (interval === 'minute') return 60 * 1000;
265
- if (interval === 'hour') return 60 * 60 * 1000;
266
- return 24 * 60 * 60 * 1000;
267
- }
268
-
269
- function intervalToSqliteBucketFormat(interval: TimeseriesInterval): string {
270
- if (interval === 'minute') return '%Y-%m-%dT%H:%M:00.000Z';
271
- if (interval === 'hour') return '%Y-%m-%dT%H:00:00.000Z';
272
- return '%Y-%m-%dT00:00:00.000Z';
273
- }
274
-
275
- type TimeseriesBucketAccumulator = {
276
- pushCount: number;
277
- pullCount: number;
278
- errorCount: number;
279
- totalLatency: number;
280
- eventCount: number;
281
- };
282
-
283
- function createEmptyTimeseriesAccumulator(): TimeseriesBucketAccumulator {
284
- return {
285
- pushCount: 0,
286
- pullCount: 0,
287
- errorCount: 0,
288
- totalLatency: 0,
289
- eventCount: 0,
290
- };
291
- }
292
-
293
- function createTimeseriesBucketMap(args: {
294
- startTime: Date;
295
- rangeMs: number;
296
- intervalMs: number;
297
- }): Map<string, TimeseriesBucketAccumulator> {
298
- const map = new Map<string, TimeseriesBucketAccumulator>();
299
- const bucketCount = Math.ceil(args.rangeMs / args.intervalMs);
300
-
301
- for (let i = 0; i < bucketCount; i++) {
302
- const bucketTimestamp = new Date(
303
- args.startTime.getTime() + i * args.intervalMs
304
- ).toISOString();
305
- map.set(bucketTimestamp, createEmptyTimeseriesAccumulator());
306
- }
307
-
308
- return map;
309
- }
310
-
311
- function normalizeBucketTimestamp(value: unknown): string | null {
312
- if (value instanceof Date) {
313
- return value.toISOString();
314
- }
315
- if (typeof value !== 'string') {
316
- return null;
317
- }
318
- const parsed = Date.parse(value);
319
- if (!Number.isFinite(parsed)) return null;
320
- return new Date(parsed).toISOString();
321
- }
322
-
323
- function finalizeTimeseriesBuckets(
324
- bucketMap: Map<string, TimeseriesBucketAccumulator>
325
- ): TimeseriesBucket[] {
326
- return Array.from(bucketMap.entries())
327
- .sort(([a], [b]) => a.localeCompare(b))
328
- .map(([timestamp, data]) => ({
329
- timestamp,
330
- pushCount: data.pushCount,
331
- pullCount: data.pullCount,
332
- errorCount: data.errorCount,
333
- avgLatencyMs:
334
- data.eventCount > 0 ? data.totalLatency / data.eventCount : 0,
335
- }));
336
- }
337
-
338
- function calculatePercentiles(latencies: number[]): LatencyPercentiles {
339
- if (latencies.length === 0) {
340
- return { p50: 0, p90: 0, p99: 0 };
341
- }
342
-
343
- const sorted = [...latencies].sort((a, b) => a - b);
344
- const getPercentile = (p: number): number => {
345
- const index = Math.ceil((p / 100) * sorted.length) - 1;
346
- return sorted[Math.max(0, index)] ?? 0;
347
- };
348
-
349
- return {
350
- p50: getPercentile(50),
351
- p90: getPercentile(90),
352
- p99: getPercentile(99),
353
- };
354
- }
355
-
356
- // ============================================================================
357
- // Route Schemas
358
- // ============================================================================
359
-
360
- const ErrorResponseSchema = z.object({
361
- error: z.string(),
362
- message: z.string().optional(),
363
- });
364
-
365
- const commitSeqParamSchema = z.object({ seq: z.coerce.number().int() });
366
- const clientIdParamSchema = z.object({ id: z.string().min(1) });
367
- const eventIdParamSchema = z.object({ id: z.coerce.number().int() });
368
- const apiKeyIdParamSchema = z.object({ id: z.string().min(1) });
369
-
370
- const eventsQuerySchema = ConsolePartitionedPaginationQuerySchema.extend({
371
- eventType: z.enum(['push', 'pull']).optional(),
372
- actorId: z.string().optional(),
373
- clientId: z.string().optional(),
374
- requestId: z.string().optional(),
375
- traceId: z.string().optional(),
376
- outcome: z.string().optional(),
377
- });
378
-
379
- const commitDetailQuerySchema = ConsolePartitionQuerySchema;
380
- const eventDetailQuerySchema = ConsolePartitionQuerySchema;
381
- const evictClientQuerySchema = ConsolePartitionQuerySchema;
382
- const apiKeyStatusSchema = z.enum(['active', 'revoked', 'expiring']);
383
-
384
- const apiKeysQuerySchema = ConsolePaginationQuerySchema.extend({
385
- type: ApiKeyTypeSchema.optional(),
386
- status: apiKeyStatusSchema.optional(),
387
- expiresWithinDays: z.coerce.number().int().min(1).max(365).optional(),
388
- });
389
-
390
- const handlersResponseSchema = z.object({
391
- items: z.array(ConsoleHandlerSchema),
392
- });
393
-
394
- export function createConsoleRoutes<
395
- DB extends SyncCoreDb,
396
- Auth extends SyncServerAuth,
397
- F extends SqlFamily = SqlFamily,
398
- >(options: CreateConsoleRoutesOptions<DB, Auth, F>): Hono {
399
- const routes = new Hono();
400
-
401
- routes.onError((error, context) => {
402
- const message =
403
- error instanceof Error ? error.message : 'Unknown console error';
404
- console.error('[console] route error', error);
405
- return context.json(
406
- {
407
- error: 'CONSOLE_ROUTE_ERROR',
408
- message,
409
- },
410
- 500
411
- );
412
- });
413
-
414
- interface SyncRequestEventsTable {
415
- event_id: number;
416
- partition_id: string;
417
- request_id: string | null;
418
- trace_id: string | null;
419
- span_id: string | null;
420
- event_type: string;
421
- sync_path: string;
422
- transport_path: string;
423
- actor_id: string;
424
- client_id: string;
425
- status_code: number;
426
- outcome: string;
427
- response_status: string;
428
- error_code: string | null;
429
- duration_ms: number;
430
- commit_seq: number | null;
431
- operation_count: number | null;
432
- row_count: number | null;
433
- subscription_count: number | null;
434
- scopes_summary: unknown | null;
435
- tables: unknown;
436
- error_message: string | null;
437
- payload_ref: string | null;
438
- created_at: string;
439
- }
440
-
441
- interface SyncRequestPayloadsTable {
442
- payload_ref: string;
443
- partition_id: string;
444
- request_payload: unknown;
445
- response_payload: unknown | null;
446
- created_at: string;
447
- }
448
-
449
- interface SyncApiKeysTable {
450
- key_id: string;
451
- key_hash: string;
452
- key_prefix: string;
453
- name: string;
454
- key_type: string;
455
- scope_keys: unknown | null;
456
- actor_id: string | null;
457
- created_at: string;
458
- expires_at: string | null;
459
- last_used_at: string | null;
460
- revoked_at: string | null;
461
- }
462
-
463
- interface SyncOperationEventsTable {
464
- operation_id: Generated<number>;
465
- operation_type: string;
466
- console_user_id: string | null;
467
- partition_id: string | null;
468
- target_client_id: string | null;
469
- request_payload: unknown | null;
470
- result_payload: unknown | null;
471
- created_at: Generated<string>;
472
- }
473
-
474
- type SyncOperationEventRow = Selectable<SyncOperationEventsTable>;
475
-
476
- interface ConsoleDb extends SyncCoreDb {
477
- sync_request_events: SyncRequestEventsTable;
478
- sync_request_payloads: SyncRequestPayloadsTable;
479
- sync_operation_events: SyncOperationEventsTable;
480
- sync_api_keys: SyncApiKeysTable;
481
- }
482
-
483
- const db = options.db as Pick<
484
- Kysely<ConsoleDb>,
485
- 'selectFrom' | 'insertInto' | 'updateTable' | 'deleteFrom'
486
- >;
487
- const metricsAggregationMode = options.metrics?.aggregationMode ?? 'auto';
488
- const rawFallbackMaxEvents = Math.max(
489
- 1,
490
- options.metrics?.rawFallbackMaxEvents ?? 5000
491
- );
492
-
493
- // Ensure console schema exists before handlers query console tables.
494
- const consoleSchemaReadyPromise = (
495
- options.consoleSchemaReady ??
496
- options.dialect.ensureConsoleSchema?.(options.db) ??
497
- Promise.resolve()
498
- ).catch((err) => {
499
- console.error('[console] Failed to ensure console schema:', err);
500
- throw err;
501
- });
502
-
503
- // CORS configuration
504
- const corsOrigins = options.corsOrigins ?? [
505
- 'http://localhost:5173',
506
- 'https://console.sync.dev',
507
- ];
508
- const allowWildcardCors = corsOrigins === '*';
509
-
510
- routes.use(
511
- '*',
512
- cors({
513
- origin: allowWildcardCors ? '*' : corsOrigins,
514
- allowMethods: ['GET', 'POST', 'DELETE', 'OPTIONS'],
515
- allowHeaders: [
516
- 'Content-Type',
517
- 'Authorization',
518
- 'X-Syncular-Transport-Path',
519
- 'Baggage',
520
- 'Sentry-Trace',
521
- 'Traceparent',
522
- 'Tracestate',
523
- ],
524
- exposeHeaders: ['X-Total-Count'],
525
- credentials: !allowWildcardCors,
526
- })
527
- );
528
-
529
- const ensureConsoleSchemaReady = async (
530
- c: Context
531
- ): Promise<Response | null> => {
532
- try {
533
- await consoleSchemaReadyPromise;
534
- return null;
535
- } catch {
536
- return c.json({ error: 'CONSOLE_SCHEMA_UNAVAILABLE' }, 503);
537
- }
538
- };
539
-
540
- routes.use('*', async (c, next) => {
541
- const readyError = await ensureConsoleSchemaReady(c);
542
- if (readyError) {
543
- return readyError;
544
- }
545
- await next();
546
- });
547
-
548
- // Auth middleware
549
- const requireAuth = async (c: Context): Promise<ConsoleAuthResult | null> => {
550
- const auth = await options.authenticate(c);
551
- if (!auth) {
552
- return null;
553
- }
554
- return auth;
555
- };
556
-
557
- const requestEventSelectColumns = [
558
- 'event_id',
559
- 'partition_id',
560
- 'request_id',
561
- 'trace_id',
562
- 'span_id',
563
- 'event_type',
564
- 'sync_path',
565
- 'transport_path',
566
- 'actor_id',
567
- 'client_id',
568
- 'status_code',
569
- 'outcome',
570
- 'response_status',
571
- 'error_code',
572
- 'duration_ms',
573
- 'commit_seq',
574
- 'operation_count',
575
- 'row_count',
576
- 'subscription_count',
577
- 'scopes_summary',
578
- 'tables',
579
- 'error_message',
580
- 'payload_ref',
581
- 'created_at',
582
- ] as const;
583
-
584
- const mapRequestEvent = (
585
- row: SyncRequestEventsTable
586
- ): ConsoleRequestEvent => ({
587
- eventId: coerceNumber(row.event_id) ?? 0,
588
- partitionId: row.partition_id ?? 'default',
589
- requestId: row.request_id ?? '',
590
- traceId: row.trace_id ?? null,
591
- spanId: row.span_id ?? null,
592
- eventType: row.event_type === 'push' ? 'push' : 'pull',
593
- syncPath: row.sync_path === 'ws-push' ? 'ws-push' : 'http-combined',
594
- transportPath: row.transport_path === 'relay' ? 'relay' : 'direct',
595
- actorId: row.actor_id ?? '',
596
- clientId: row.client_id ?? '',
597
- statusCode: coerceNumber(row.status_code) ?? 0,
598
- outcome: row.outcome ?? '',
599
- responseStatus: row.response_status ?? 'unknown',
600
- errorCode: row.error_code ?? null,
601
- durationMs: coerceNumber(row.duration_ms) ?? 0,
602
- commitSeq: coerceNumber(row.commit_seq),
603
- operationCount: coerceNumber(row.operation_count),
604
- rowCount: coerceNumber(row.row_count),
605
- subscriptionCount: coerceNumber(row.subscription_count),
606
- scopesSummary: parseScopesSummary(row.scopes_summary),
607
- tables: options.dialect.dbToArray(row.tables),
608
- errorMessage: row.error_message ?? null,
609
- payloadRef: row.payload_ref ?? null,
610
- createdAt: row.created_at ?? '',
611
- });
612
-
613
- const operationEventSelectColumns = [
614
- 'operation_id',
615
- 'operation_type',
616
- 'console_user_id',
617
- 'partition_id',
618
- 'target_client_id',
619
- 'request_payload',
620
- 'result_payload',
621
- 'created_at',
622
- ] as const;
623
-
624
- const mapOperationEvent = (
625
- row: SyncOperationEventRow
626
- ): ConsoleOperationEvent => ({
627
- operationId: coerceNumber(row.operation_id) ?? 0,
628
- operationType:
629
- row.operation_type === 'prune' ||
630
- row.operation_type === 'compact' ||
631
- row.operation_type === 'notify_data_change' ||
632
- row.operation_type === 'evict_client'
633
- ? row.operation_type
634
- : 'prune',
635
- consoleUserId: row.console_user_id ?? null,
636
- partitionId: row.partition_id ?? null,
637
- targetClientId: row.target_client_id ?? null,
638
- requestPayload: parseJsonValue(row.request_payload),
639
- resultPayload: parseJsonValue(row.result_payload),
640
- createdAt: row.created_at ?? '',
641
- });
642
-
643
- const deleteUnreferencedPayloadSnapshots = async (): Promise<number> => {
644
- const result = await db
645
- .deleteFrom('sync_request_payloads')
646
- .where(
647
- 'payload_ref',
648
- 'not in',
649
- db
650
- .selectFrom('sync_request_events')
651
- .select('payload_ref')
652
- .where('payload_ref', 'is not', null)
653
- )
654
- .executeTakeFirst();
655
- return Number(result?.numDeletedRows ?? 0);
656
- };
657
-
658
- const recordOperationEvent = async (event: {
659
- operationType: ConsoleOperationType;
660
- consoleUserId?: string;
661
- partitionId?: string | null;
662
- targetClientId?: string | null;
663
- requestPayload?: unknown;
664
- resultPayload?: unknown;
665
- }) => {
666
- await db
667
- .insertInto('sync_operation_events')
668
- .values({
669
- operation_type: event.operationType,
670
- console_user_id: event.consoleUserId ?? null,
671
- partition_id: event.partitionId ?? null,
672
- target_client_id: event.targetClientId ?? null,
673
- request_payload:
674
- event.requestPayload === undefined
675
- ? null
676
- : JSON.stringify(event.requestPayload),
677
- result_payload:
678
- event.resultPayload === undefined
679
- ? null
680
- : JSON.stringify(event.resultPayload),
681
- })
682
- .execute();
683
- };
684
-
685
- const shouldUseRawMetrics = async (
686
- startIso: string,
687
- partitionId?: string
688
- ): Promise<boolean> => {
689
- if (metricsAggregationMode === 'raw') {
690
- return true;
691
- }
692
- if (metricsAggregationMode === 'aggregated') {
693
- return false;
694
- }
695
-
696
- let countQuery = db
697
- .selectFrom('sync_request_events')
698
- .select(({ fn }) => fn.countAll().as('total'))
699
- .where('created_at', '>=', startIso);
700
-
701
- if (partitionId) {
702
- countQuery = countQuery.where('partition_id', '=', partitionId);
703
- }
704
-
705
- const countRow = await countQuery.executeTakeFirst();
706
- const total = coerceNumber(countRow?.total) ?? 0;
707
- return total <= rawFallbackMaxEvents;
708
- };
709
-
710
- // -------------------------------------------------------------------------
711
- // GET /stats
712
- // -------------------------------------------------------------------------
713
-
714
- routes.get(
715
- '/stats',
716
- describeRoute({
717
- tags: ['console'],
718
- summary: 'Get sync statistics',
719
- responses: {
720
- 200: {
721
- description: 'Sync statistics',
722
- content: {
723
- 'application/json': { schema: resolver(SyncStatsSchema) },
724
- },
725
- },
726
- 401: {
727
- description: 'Unauthenticated',
728
- content: {
729
- 'application/json': { schema: resolver(ErrorResponseSchema) },
730
- },
731
- },
732
- },
733
- }),
734
- zValidator('query', ConsolePartitionQuerySchema),
735
- async (c) => {
736
- const auth = await requireAuth(c);
737
- if (!auth) return c.json({ error: 'UNAUTHENTICATED' }, 401);
738
- const { partitionId } = c.req.valid('query');
739
-
740
- const stats: SyncStats = await readSyncStats(options.db, {
741
- partitionId,
742
- });
743
-
744
- logSyncEvent({
745
- event: 'console.stats',
746
- consoleUserId: auth.consoleUserId,
747
- });
748
-
749
- return c.json(stats, 200);
750
- }
751
- );
752
-
753
- // -------------------------------------------------------------------------
754
- // GET /stats/timeseries
755
- // -------------------------------------------------------------------------
756
-
757
- routes.get(
758
- '/stats/timeseries',
759
- describeRoute({
760
- tags: ['console'],
761
- summary: 'Get time-series statistics',
762
- responses: {
763
- 200: {
764
- description: 'Time-series statistics',
765
- content: {
766
- 'application/json': {
767
- schema: resolver(TimeseriesStatsResponseSchema),
768
- },
769
- },
770
- },
771
- 401: {
772
- description: 'Unauthenticated',
773
- content: {
774
- 'application/json': { schema: resolver(ErrorResponseSchema) },
775
- },
776
- },
777
- },
778
- }),
779
- zValidator('query', TimeseriesQuerySchema),
780
- async (c) => {
781
- const auth = await requireAuth(c);
782
- if (!auth) return c.json({ error: 'UNAUTHENTICATED' }, 401);
783
-
784
- const { interval, range, partitionId } = c.req.valid('query');
785
-
786
- const rangeMs = rangeToMs(range);
787
- const startTime = new Date(Date.now() - rangeMs);
788
- const startIso = startTime.toISOString();
789
- const intervalMs = intervalToMs(interval);
790
- const bucketMap = createTimeseriesBucketMap({
791
- startTime,
792
- rangeMs,
793
- intervalMs,
794
- });
795
- const useRawMetrics = await shouldUseRawMetrics(startIso, partitionId);
796
-
797
- if (useRawMetrics) {
798
- let eventsQuery = db
799
- .selectFrom('sync_request_events')
800
- .select(['event_type', 'duration_ms', 'outcome', 'created_at'])
801
- .where('created_at', '>=', startIso);
802
-
803
- if (partitionId) {
804
- eventsQuery = eventsQuery.where('partition_id', '=', partitionId);
805
- }
806
-
807
- const events = await eventsQuery.orderBy('created_at', 'asc').execute();
808
-
809
- for (const event of events) {
810
- const eventTime = parseDate(event.created_at);
811
- if (eventTime === null) continue;
812
- const bucketIndex = Math.floor(
813
- (eventTime - startTime.getTime()) / intervalMs
814
- );
815
- const bucketTime = new Date(
816
- startTime.getTime() + bucketIndex * intervalMs
817
- ).toISOString();
818
-
819
- let bucket = bucketMap.get(bucketTime);
820
- if (!bucket) {
821
- bucket = createEmptyTimeseriesAccumulator();
822
- bucketMap.set(bucketTime, bucket);
823
- }
824
-
825
- if (event.event_type === 'push') {
826
- bucket.pushCount++;
827
- } else if (event.event_type === 'pull') {
828
- bucket.pullCount++;
829
- }
830
-
831
- if (event.outcome === 'error') {
832
- bucket.errorCount++;
833
- }
834
-
835
- const durationMs = coerceNumber(event.duration_ms);
836
- if (durationMs !== null) {
837
- bucket.totalLatency += durationMs;
838
- bucket.eventCount++;
839
- }
840
- }
841
- } else {
842
- const partitionFilter = partitionId
843
- ? sql`and partition_id = ${partitionId}`
844
- : sql``;
845
-
846
- if (options.dialect.family === 'sqlite') {
847
- const bucketFormat = intervalToSqliteBucketFormat(interval);
848
- const rowsResult = await sql<{
849
- bucket: unknown;
850
- push_count: unknown;
851
- pull_count: unknown;
852
- error_count: unknown;
853
- avg_latency_ms: unknown;
854
- }>`
855
- select
856
- strftime(${bucketFormat}, created_at) as bucket,
857
- sum(case when event_type = 'push' then 1 else 0 end) as push_count,
858
- sum(case when event_type = 'pull' then 1 else 0 end) as pull_count,
859
- sum(case when outcome = 'error' then 1 else 0 end) as error_count,
860
- avg(duration_ms) as avg_latency_ms
861
- from ${sql.table('sync_request_events')}
862
- where created_at >= ${startIso}
863
- ${partitionFilter}
864
- group by 1
865
- order by 1 asc
866
- `.execute(options.db);
867
-
868
- for (const row of rowsResult.rows) {
869
- const bucketTimestamp = normalizeBucketTimestamp(row.bucket);
870
- if (!bucketTimestamp) continue;
871
-
872
- let bucket = bucketMap.get(bucketTimestamp);
873
- if (!bucket) {
874
- bucket = createEmptyTimeseriesAccumulator();
875
- bucketMap.set(bucketTimestamp, bucket);
876
- }
877
-
878
- const pushCount = coerceNumber(row.push_count) ?? 0;
879
- const pullCount = coerceNumber(row.pull_count) ?? 0;
880
- const errorCount = coerceNumber(row.error_count) ?? 0;
881
- const avgLatencyMs = coerceNumber(row.avg_latency_ms);
882
- const rowEventCount = pushCount + pullCount;
883
-
884
- bucket.pushCount += pushCount;
885
- bucket.pullCount += pullCount;
886
- bucket.errorCount += errorCount;
887
- if (avgLatencyMs !== null && rowEventCount > 0) {
888
- bucket.totalLatency += avgLatencyMs * rowEventCount;
889
- bucket.eventCount += rowEventCount;
890
- }
891
- }
892
- } else {
893
- const rowsResult = await sql<{
894
- bucket: unknown;
895
- push_count: unknown;
896
- pull_count: unknown;
897
- error_count: unknown;
898
- avg_latency_ms: unknown;
899
- }>`
900
- select
901
- date_trunc(${interval}, created_at::timestamptz) as bucket,
902
- count(*) filter (where event_type = 'push') as push_count,
903
- count(*) filter (where event_type = 'pull') as pull_count,
904
- count(*) filter (where outcome = 'error') as error_count,
905
- avg(duration_ms) as avg_latency_ms
906
- from ${sql.table('sync_request_events')}
907
- where created_at >= ${startIso}
908
- ${partitionFilter}
909
- group by 1
910
- order by 1 asc
911
- `.execute(options.db);
912
-
913
- for (const row of rowsResult.rows) {
914
- const bucketTimestamp = normalizeBucketTimestamp(row.bucket);
915
- if (!bucketTimestamp) continue;
916
-
917
- let bucket = bucketMap.get(bucketTimestamp);
918
- if (!bucket) {
919
- bucket = createEmptyTimeseriesAccumulator();
920
- bucketMap.set(bucketTimestamp, bucket);
921
- }
922
-
923
- const pushCount = coerceNumber(row.push_count) ?? 0;
924
- const pullCount = coerceNumber(row.pull_count) ?? 0;
925
- const errorCount = coerceNumber(row.error_count) ?? 0;
926
- const avgLatencyMs = coerceNumber(row.avg_latency_ms);
927
- const rowEventCount = pushCount + pullCount;
928
-
929
- bucket.pushCount += pushCount;
930
- bucket.pullCount += pullCount;
931
- bucket.errorCount += errorCount;
932
- if (avgLatencyMs !== null && rowEventCount > 0) {
933
- bucket.totalLatency += avgLatencyMs * rowEventCount;
934
- bucket.eventCount += rowEventCount;
935
- }
936
- }
937
- }
938
- }
939
-
940
- const buckets: TimeseriesBucket[] = finalizeTimeseriesBuckets(bucketMap);
941
-
942
- const response: TimeseriesStatsResponse = {
943
- buckets,
944
- interval,
945
- range,
946
- };
947
-
948
- return c.json(response, 200);
949
- }
950
- );
951
-
952
- // -------------------------------------------------------------------------
953
- // GET /stats/latency
954
- // -------------------------------------------------------------------------
955
-
956
- routes.get(
957
- '/stats/latency',
958
- describeRoute({
959
- tags: ['console'],
960
- summary: 'Get latency percentiles',
961
- responses: {
962
- 200: {
963
- description: 'Latency percentiles',
964
- content: {
965
- 'application/json': {
966
- schema: resolver(LatencyStatsResponseSchema),
967
- },
968
- },
969
- },
970
- 401: {
971
- description: 'Unauthenticated',
972
- content: {
973
- 'application/json': { schema: resolver(ErrorResponseSchema) },
974
- },
975
- },
976
- },
977
- }),
978
- zValidator('query', LatencyQuerySchema),
979
- async (c) => {
980
- const auth = await requireAuth(c);
981
- if (!auth) return c.json({ error: 'UNAUTHENTICATED' }, 401);
982
-
983
- const { range, partitionId } = c.req.valid('query');
984
-
985
- const rangeMs = rangeToMs(range);
986
- const startTime = new Date(Date.now() - rangeMs);
987
- const startIso = startTime.toISOString();
988
- const useRawMetrics = await shouldUseRawMetrics(startIso, partitionId);
989
-
990
- if (!useRawMetrics && options.dialect.family !== 'sqlite') {
991
- const partitionFilter = partitionId
992
- ? sql`and partition_id = ${partitionId}`
993
- : sql``;
994
- const rowsResult = await sql<{
995
- event_type: unknown;
996
- p50: unknown;
997
- p90: unknown;
998
- p99: unknown;
999
- }>`
1000
- select
1001
- event_type,
1002
- percentile_disc(0.5) within group (order by duration_ms) as p50,
1003
- percentile_disc(0.9) within group (order by duration_ms) as p90,
1004
- percentile_disc(0.99) within group (order by duration_ms) as p99
1005
- from ${sql.table('sync_request_events')}
1006
- where created_at >= ${startIso}
1007
- ${partitionFilter}
1008
- group by event_type
1009
- `.execute(options.db);
1010
-
1011
- const push: LatencyPercentiles = { p50: 0, p90: 0, p99: 0 };
1012
- const pull: LatencyPercentiles = { p50: 0, p90: 0, p99: 0 };
1013
-
1014
- for (const row of rowsResult.rows) {
1015
- const eventType = row.event_type === 'push' ? 'push' : 'pull';
1016
- const target = eventType === 'push' ? push : pull;
1017
- target.p50 = coerceNumber(row.p50) ?? 0;
1018
- target.p90 = coerceNumber(row.p90) ?? 0;
1019
- target.p99 = coerceNumber(row.p99) ?? 0;
1020
- }
1021
-
1022
- const aggregatedResponse: LatencyStatsResponse = {
1023
- push,
1024
- pull,
1025
- range,
1026
- };
1027
- return c.json(aggregatedResponse, 200);
1028
- }
1029
-
1030
- // Raw fallback path (default for local/dev and SQLite)
1031
- let eventsQuery = db
1032
- .selectFrom('sync_request_events')
1033
- .select(['event_type', 'duration_ms'])
1034
- .where('created_at', '>=', startIso);
1035
-
1036
- if (partitionId) {
1037
- eventsQuery = eventsQuery.where('partition_id', '=', partitionId);
1038
- }
1039
-
1040
- const events = await eventsQuery.execute();
1041
-
1042
- const pushLatencies: number[] = [];
1043
- const pullLatencies: number[] = [];
1044
-
1045
- for (const event of events) {
1046
- const durationMs = coerceNumber(event.duration_ms);
1047
- if (durationMs !== null) {
1048
- if (event.event_type === 'push') {
1049
- pushLatencies.push(durationMs);
1050
- } else if (event.event_type === 'pull') {
1051
- pullLatencies.push(durationMs);
1052
- }
1053
- }
1054
- }
1055
-
1056
- const response: LatencyStatsResponse = {
1057
- push: calculatePercentiles(pushLatencies),
1058
- pull: calculatePercentiles(pullLatencies),
1059
- range,
1060
- };
1061
-
1062
- return c.json(response, 200);
1063
- }
1064
- );
1065
-
1066
- // -------------------------------------------------------------------------
1067
- // GET /timeline
1068
- // -------------------------------------------------------------------------
1069
-
1070
- routes.get(
1071
- '/timeline',
1072
- describeRoute({
1073
- tags: ['console'],
1074
- summary: 'List timeline items',
1075
- responses: {
1076
- 200: {
1077
- description: 'Paginated merged timeline',
1078
- content: {
1079
- 'application/json': {
1080
- schema: resolver(
1081
- ConsolePaginatedResponseSchema(ConsoleTimelineItemSchema)
1082
- ),
1083
- },
1084
- },
1085
- },
1086
- 401: {
1087
- description: 'Unauthenticated',
1088
- content: {
1089
- 'application/json': { schema: resolver(ErrorResponseSchema) },
1090
- },
1091
- },
1092
- },
1093
- }),
1094
- zValidator('query', ConsoleTimelineQuerySchema),
1095
- async (c) => {
1096
- const auth = await requireAuth(c);
1097
- if (!auth) return c.json({ error: 'UNAUTHENTICATED' }, 401);
1098
-
1099
- const {
1100
- limit,
1101
- offset,
1102
- view,
1103
- partitionId,
1104
- eventType,
1105
- actorId,
1106
- clientId,
1107
- requestId,
1108
- traceId,
1109
- table,
1110
- outcome,
1111
- search,
1112
- from,
1113
- to,
1114
- } = c.req.valid('query');
1115
-
1116
- const items: ConsoleTimelineItem[] = [];
1117
- const normalizedSearchTerm = search?.trim().toLowerCase() || null;
1118
- const normalizedTable = table?.trim() || null;
1119
-
1120
- if (
1121
- view !== 'events' &&
1122
- !eventType &&
1123
- !outcome &&
1124
- !requestId &&
1125
- !traceId
1126
- ) {
1127
- let commitsQuery = db
1128
- .selectFrom('sync_commits')
1129
- .select([
1130
- 'commit_seq',
1131
- 'actor_id',
1132
- 'client_id',
1133
- 'client_commit_id',
1134
- 'created_at',
1135
- 'change_count',
1136
- 'affected_tables',
1137
- ]);
1138
-
1139
- if (partitionId) {
1140
- commitsQuery = commitsQuery.where('partition_id', '=', partitionId);
1141
- }
1142
- if (actorId) {
1143
- commitsQuery = commitsQuery.where('actor_id', '=', actorId);
1144
- }
1145
- if (clientId) {
1146
- commitsQuery = commitsQuery.where('client_id', '=', clientId);
1147
- }
1148
- if (from) {
1149
- commitsQuery = commitsQuery.where('created_at', '>=', from);
1150
- }
1151
- if (to) {
1152
- commitsQuery = commitsQuery.where('created_at', '<=', to);
1153
- }
1154
-
1155
- const commitRows = await commitsQuery.execute();
1156
- for (const row of commitRows) {
1157
- const commit: ConsoleCommitListItem = {
1158
- commitSeq: coerceNumber(row.commit_seq) ?? 0,
1159
- actorId: row.actor_id ?? '',
1160
- clientId: row.client_id ?? '',
1161
- clientCommitId: row.client_commit_id ?? '',
1162
- createdAt: row.created_at ?? '',
1163
- changeCount: coerceNumber(row.change_count) ?? 0,
1164
- affectedTables: options.dialect.dbToArray(row.affected_tables),
1165
- };
1166
-
1167
- items.push({
1168
- type: 'commit',
1169
- timestamp: commit.createdAt,
1170
- commit,
1171
- event: null,
1172
- });
1173
- }
1174
- }
1175
-
1176
- if (view !== 'commits') {
1177
- let eventsQuery = db
1178
- .selectFrom('sync_request_events')
1179
- .select(requestEventSelectColumns);
1180
-
1181
- if (partitionId) {
1182
- eventsQuery = eventsQuery.where('partition_id', '=', partitionId);
1183
- }
1184
- if (eventType) {
1185
- eventsQuery = eventsQuery.where('event_type', '=', eventType);
1186
- }
1187
- if (actorId) {
1188
- eventsQuery = eventsQuery.where('actor_id', '=', actorId);
1189
- }
1190
- if (clientId) {
1191
- eventsQuery = eventsQuery.where('client_id', '=', clientId);
1192
- }
1193
- if (requestId) {
1194
- eventsQuery = eventsQuery.where('request_id', '=', requestId);
1195
- }
1196
- if (traceId) {
1197
- eventsQuery = eventsQuery.where('trace_id', '=', traceId);
1198
- }
1199
- if (outcome) {
1200
- eventsQuery = eventsQuery.where('outcome', '=', outcome);
1201
- }
1202
- if (from) {
1203
- eventsQuery = eventsQuery.where('created_at', '>=', from);
1204
- }
1205
- if (to) {
1206
- eventsQuery = eventsQuery.where('created_at', '<=', to);
1207
- }
1208
-
1209
- const eventRows = await eventsQuery.execute();
1210
- for (const row of eventRows) {
1211
- const event = mapRequestEvent(row);
1212
-
1213
- items.push({
1214
- type: 'event',
1215
- timestamp: event.createdAt,
1216
- commit: null,
1217
- event,
1218
- });
1219
- }
1220
- }
1221
-
1222
- const filteredItems = items.filter((item) => {
1223
- if (item.type === 'commit') {
1224
- const commit = item.commit;
1225
- if (!commit) return false;
1226
-
1227
- if (
1228
- normalizedTable &&
1229
- !(commit.affectedTables ?? []).includes(normalizedTable)
1230
- ) {
1231
- return false;
1232
- }
1233
-
1234
- if (!normalizedSearchTerm) return true;
1235
-
1236
- const searchableCommitFields = [
1237
- String(commit.commitSeq),
1238
- commit.actorId,
1239
- commit.clientId,
1240
- commit.clientCommitId,
1241
- ...(commit.affectedTables ?? []),
1242
- ];
1243
-
1244
- return searchableCommitFields.some((field) =>
1245
- includesSearchTerm(field, normalizedSearchTerm)
1246
- );
1247
- }
1248
-
1249
- const event = item.event;
1250
- if (!event) return false;
1251
-
1252
- if (
1253
- normalizedTable &&
1254
- !(event.tables ?? []).includes(normalizedTable)
1255
- ) {
1256
- return false;
1257
- }
1258
-
1259
- if (!normalizedSearchTerm) return true;
1260
-
1261
- const searchableEventFields = [
1262
- String(event.eventId),
1263
- event.requestId,
1264
- event.traceId ?? '',
1265
- event.actorId,
1266
- event.clientId,
1267
- event.outcome,
1268
- event.responseStatus,
1269
- event.errorCode ?? '',
1270
- event.errorMessage ?? '',
1271
- ...(event.tables ?? []),
1272
- ];
1273
-
1274
- return searchableEventFields.some((field) =>
1275
- includesSearchTerm(field, normalizedSearchTerm)
1276
- );
1277
- });
1278
-
1279
- filteredItems.sort(
1280
- (a, b) => (parseDate(b.timestamp) ?? 0) - (parseDate(a.timestamp) ?? 0)
1281
- );
1282
-
1283
- const total = filteredItems.length;
1284
- const pagedItems = filteredItems.slice(offset, offset + limit);
1285
-
1286
- const response: ConsolePaginatedResponse<ConsoleTimelineItem> = {
1287
- items: pagedItems,
1288
- total,
1289
- offset,
1290
- limit,
1291
- };
1292
-
1293
- c.header('X-Total-Count', String(total));
1294
- return c.json(response, 200);
1295
- }
1296
- );
1297
-
1298
- // -------------------------------------------------------------------------
1299
- // GET /commits
1300
- // -------------------------------------------------------------------------
1301
-
1302
- routes.get(
1303
- '/commits',
1304
- describeRoute({
1305
- tags: ['console'],
1306
- summary: 'List commits',
1307
- responses: {
1308
- 200: {
1309
- description: 'Paginated commit list',
1310
- content: {
1311
- 'application/json': {
1312
- schema: resolver(
1313
- ConsolePaginatedResponseSchema(ConsoleCommitListItemSchema)
1314
- ),
1315
- },
1316
- },
1317
- },
1318
- 401: {
1319
- description: 'Unauthenticated',
1320
- content: {
1321
- 'application/json': { schema: resolver(ErrorResponseSchema) },
1322
- },
1323
- },
1324
- },
1325
- }),
1326
- zValidator('query', ConsolePartitionedPaginationQuerySchema),
1327
- async (c) => {
1328
- const auth = await requireAuth(c);
1329
- if (!auth) return c.json({ error: 'UNAUTHENTICATED' }, 401);
1330
-
1331
- const { limit, offset, partitionId } = c.req.valid('query');
1332
-
1333
- let query = db
1334
- .selectFrom('sync_commits')
1335
- .select([
1336
- 'commit_seq',
1337
- 'actor_id',
1338
- 'client_id',
1339
- 'client_commit_id',
1340
- 'created_at',
1341
- 'change_count',
1342
- 'affected_tables',
1343
- ]);
1344
-
1345
- let countQuery = db
1346
- .selectFrom('sync_commits')
1347
- .select(({ fn }) => fn.countAll().as('total'));
1348
-
1349
- if (partitionId) {
1350
- query = query.where('partition_id', '=', partitionId);
1351
- countQuery = countQuery.where('partition_id', '=', partitionId);
1352
- }
1353
-
1354
- const [rows, countRow] = await Promise.all([
1355
- query
1356
- .orderBy('commit_seq', 'desc')
1357
- .limit(limit)
1358
- .offset(offset)
1359
- .execute(),
1360
- countQuery.executeTakeFirst(),
1361
- ]);
1362
-
1363
- const items: ConsoleCommitListItem[] = rows.map((row) => ({
1364
- commitSeq: coerceNumber(row.commit_seq) ?? 0,
1365
- actorId: row.actor_id ?? '',
1366
- clientId: row.client_id ?? '',
1367
- clientCommitId: row.client_commit_id ?? '',
1368
- createdAt: row.created_at ?? '',
1369
- changeCount: coerceNumber(row.change_count) ?? 0,
1370
- affectedTables: options.dialect.dbToArray(row.affected_tables),
1371
- }));
1372
-
1373
- const total = coerceNumber(countRow?.total) ?? 0;
1374
-
1375
- const response: ConsolePaginatedResponse<ConsoleCommitListItem> = {
1376
- items,
1377
- total,
1378
- offset,
1379
- limit,
1380
- };
1381
-
1382
- c.header('X-Total-Count', String(total));
1383
- return c.json(response, 200);
1384
- }
1385
- );
1386
-
1387
- // -------------------------------------------------------------------------
1388
- // GET /commits/:seq
1389
- // -------------------------------------------------------------------------
1390
-
1391
- routes.get(
1392
- '/commits/:seq',
1393
- describeRoute({
1394
- tags: ['console'],
1395
- summary: 'Get commit details',
1396
- responses: {
1397
- 200: {
1398
- description: 'Commit with changes',
1399
- content: {
1400
- 'application/json': { schema: resolver(ConsoleCommitDetailSchema) },
1401
- },
1402
- },
1403
- 400: {
1404
- description: 'Invalid request',
1405
- content: {
1406
- 'application/json': { schema: resolver(ErrorResponseSchema) },
1407
- },
1408
- },
1409
- 401: {
1410
- description: 'Unauthenticated',
1411
- content: {
1412
- 'application/json': { schema: resolver(ErrorResponseSchema) },
1413
- },
1414
- },
1415
- 404: {
1416
- description: 'Not found',
1417
- content: {
1418
- 'application/json': { schema: resolver(ErrorResponseSchema) },
1419
- },
1420
- },
1421
- },
1422
- }),
1423
- zValidator('param', commitSeqParamSchema),
1424
- zValidator('query', commitDetailQuerySchema),
1425
- async (c) => {
1426
- const auth = await requireAuth(c);
1427
- if (!auth) return c.json({ error: 'UNAUTHENTICATED' }, 401);
1428
-
1429
- const { seq } = c.req.valid('param');
1430
- const { partitionId } = c.req.valid('query');
1431
-
1432
- let commitQuery = db
1433
- .selectFrom('sync_commits')
1434
- .select([
1435
- 'commit_seq',
1436
- 'actor_id',
1437
- 'client_id',
1438
- 'client_commit_id',
1439
- 'created_at',
1440
- 'change_count',
1441
- 'affected_tables',
1442
- ])
1443
- .where('commit_seq', '=', seq);
1444
-
1445
- if (partitionId) {
1446
- commitQuery = commitQuery.where('partition_id', '=', partitionId);
1447
- }
1448
-
1449
- const commitRow = await commitQuery.executeTakeFirst();
1450
-
1451
- if (!commitRow) {
1452
- return c.json({ error: 'NOT_FOUND' }, 404);
1453
- }
1454
-
1455
- let changesQuery = db
1456
- .selectFrom('sync_changes')
1457
- .select([
1458
- 'change_id',
1459
- 'table',
1460
- 'row_id',
1461
- 'op',
1462
- 'row_json',
1463
- 'row_version',
1464
- 'scopes',
1465
- ])
1466
- .where('commit_seq', '=', seq);
1467
-
1468
- if (partitionId) {
1469
- changesQuery = changesQuery.where('partition_id', '=', partitionId);
1470
- }
1471
-
1472
- const changeRows = await changesQuery
1473
- .orderBy('change_id', 'asc')
1474
- .execute();
1475
-
1476
- const changes: ConsoleChange[] = changeRows.map((row) => ({
1477
- changeId: coerceNumber(row.change_id) ?? 0,
1478
- table: row.table ?? '',
1479
- rowId: row.row_id ?? '',
1480
- op: row.op === 'delete' ? 'delete' : 'upsert',
1481
- rowJson:
1482
- typeof row.row_json === 'string'
1483
- ? (() => {
1484
- try {
1485
- return JSON.parse(row.row_json);
1486
- } catch {
1487
- return row.row_json;
1488
- }
1489
- })()
1490
- : row.row_json,
1491
- rowVersion: coerceNumber(row.row_version),
1492
- scopes:
1493
- typeof row.scopes === 'string'
1494
- ? JSON.parse(row.scopes || '{}')
1495
- : (row.scopes ?? {}),
1496
- }));
1497
-
1498
- const commit: ConsoleCommitDetail = {
1499
- commitSeq: coerceNumber(commitRow.commit_seq) ?? 0,
1500
- actorId: commitRow.actor_id ?? '',
1501
- clientId: commitRow.client_id ?? '',
1502
- clientCommitId: commitRow.client_commit_id ?? '',
1503
- createdAt: commitRow.created_at ?? '',
1504
- changeCount: coerceNumber(commitRow.change_count) ?? 0,
1505
- affectedTables: Array.isArray(commitRow.affected_tables)
1506
- ? commitRow.affected_tables
1507
- : typeof commitRow.affected_tables === 'string'
1508
- ? JSON.parse(commitRow.affected_tables || '[]')
1509
- : [],
1510
- changes,
1511
- };
1512
-
1513
- return c.json(commit, 200);
1514
- }
1515
- );
1516
-
1517
- // -------------------------------------------------------------------------
1518
- // GET /clients
1519
- // -------------------------------------------------------------------------
1520
-
1521
- routes.get(
1522
- '/clients',
1523
- describeRoute({
1524
- tags: ['console'],
1525
- summary: 'List clients',
1526
- responses: {
1527
- 200: {
1528
- description: 'Paginated client list',
1529
- content: {
1530
- 'application/json': {
1531
- schema: resolver(
1532
- ConsolePaginatedResponseSchema(ConsoleClientSchema)
1533
- ),
1534
- },
1535
- },
1536
- },
1537
- 401: {
1538
- description: 'Unauthenticated',
1539
- content: {
1540
- 'application/json': { schema: resolver(ErrorResponseSchema) },
1541
- },
1542
- },
1543
- },
1544
- }),
1545
- zValidator('query', ConsolePartitionedPaginationQuerySchema),
1546
- async (c) => {
1547
- const auth = await requireAuth(c);
1548
- if (!auth) return c.json({ error: 'UNAUTHENTICATED' }, 401);
1549
-
1550
- const { limit, offset, partitionId } = c.req.valid('query');
1551
-
1552
- let clientsQuery = db
1553
- .selectFrom('sync_client_cursors')
1554
- .select([
1555
- 'client_id',
1556
- 'actor_id',
1557
- 'cursor',
1558
- 'effective_scopes',
1559
- 'updated_at',
1560
- ]);
1561
- let countQuery = db
1562
- .selectFrom('sync_client_cursors')
1563
- .select(({ fn }) => fn.countAll().as('total'));
1564
- let maxCommitSeqQuery = db
1565
- .selectFrom('sync_commits')
1566
- .select(({ fn }) => fn.max('commit_seq').as('max_commit_seq'));
1567
-
1568
- if (partitionId) {
1569
- clientsQuery = clientsQuery.where('partition_id', '=', partitionId);
1570
- countQuery = countQuery.where('partition_id', '=', partitionId);
1571
- maxCommitSeqQuery = maxCommitSeqQuery.where(
1572
- 'partition_id',
1573
- '=',
1574
- partitionId
1575
- );
1576
- }
1577
-
1578
- const [rows, countRow, maxCommitSeqRow] = await Promise.all([
1579
- clientsQuery
1580
- .orderBy('updated_at', 'desc')
1581
- .limit(limit)
1582
- .offset(offset)
1583
- .execute(),
1584
- countQuery.executeTakeFirst(),
1585
- maxCommitSeqQuery.executeTakeFirst(),
1586
- ]);
1587
-
1588
- const maxCommitSeq = coerceNumber(maxCommitSeqRow?.max_commit_seq) ?? 0;
1589
- const pagedClientIds = rows
1590
- .map((row) => row.client_id)
1591
- .filter((clientId): clientId is string => typeof clientId === 'string');
1592
-
1593
- const latestEventsByClientId = new Map<
1594
- string,
1595
- {
1596
- createdAt: string;
1597
- eventType: 'push' | 'pull';
1598
- outcome: string;
1599
- transportPath: 'direct' | 'relay';
1600
- }
1601
- >();
1602
-
1603
- if (pagedClientIds.length > 0) {
1604
- let recentEventsQuery = db
1605
- .selectFrom('sync_request_events')
1606
- .select([
1607
- 'client_id',
1608
- 'event_type',
1609
- 'outcome',
1610
- 'created_at',
1611
- 'transport_path',
1612
- ])
1613
- .where('client_id', 'in', pagedClientIds);
1614
-
1615
- if (partitionId) {
1616
- recentEventsQuery = recentEventsQuery.where(
1617
- 'partition_id',
1618
- '=',
1619
- partitionId
1620
- );
1621
- }
1622
-
1623
- const recentEventRows = await recentEventsQuery
1624
- .orderBy('created_at', 'desc')
1625
- .execute();
1626
-
1627
- for (const row of recentEventRows) {
1628
- const clientId = row.client_id;
1629
- if (!clientId || latestEventsByClientId.has(clientId)) {
1630
- continue;
1631
- }
1632
-
1633
- const eventType = row.event_type === 'push' ? 'push' : 'pull';
1634
-
1635
- latestEventsByClientId.set(clientId, {
1636
- createdAt: row.created_at ?? '',
1637
- eventType,
1638
- outcome: row.outcome ?? '',
1639
- transportPath: row.transport_path === 'relay' ? 'relay' : 'direct',
1640
- });
1641
- }
1642
- }
1643
-
1644
- const items: ConsoleClient[] = rows.map((row) => {
1645
- const clientId = row.client_id ?? '';
1646
- const cursor = coerceNumber(row.cursor) ?? 0;
1647
- const latestEvent = latestEventsByClientId.get(clientId);
1648
- const connectionCount =
1649
- options.wsConnectionManager?.getConnectionCount(clientId) ?? 0;
1650
- const connectionPath =
1651
- options.wsConnectionManager?.getClientTransportPath(clientId) ??
1652
- latestEvent?.transportPath ??
1653
- 'direct';
1654
-
1655
- return {
1656
- clientId,
1657
- actorId: row.actor_id ?? '',
1658
- cursor,
1659
- lagCommitCount: Math.max(0, maxCommitSeq - cursor),
1660
- connectionPath,
1661
- connectionMode: connectionCount > 0 ? 'realtime' : 'polling',
1662
- realtimeConnectionCount: connectionCount,
1663
- isRealtimeConnected: connectionCount > 0,
1664
- activityState: getClientActivityState({
1665
- connectionCount,
1666
- updatedAt: row.updated_at,
1667
- }),
1668
- lastRequestAt: latestEvent?.createdAt ?? null,
1669
- lastRequestType: latestEvent?.eventType ?? null,
1670
- lastRequestOutcome: latestEvent?.outcome ?? null,
1671
- effectiveScopes: options.dialect.dbToScopes(row.effective_scopes),
1672
- updatedAt: row.updated_at ?? '',
1673
- };
1674
- });
1675
-
1676
- const total = coerceNumber(countRow?.total) ?? 0;
1677
-
1678
- const response: ConsolePaginatedResponse<ConsoleClient> = {
1679
- items,
1680
- total,
1681
- offset,
1682
- limit,
1683
- };
1684
-
1685
- c.header('X-Total-Count', String(total));
1686
- return c.json(response, 200);
1687
- }
1688
- );
1689
-
1690
- // -------------------------------------------------------------------------
1691
- // GET /handlers
1692
- // -------------------------------------------------------------------------
1693
-
1694
- routes.get(
1695
- '/handlers',
1696
- describeRoute({
1697
- tags: ['console'],
1698
- summary: 'List registered handlers',
1699
- responses: {
1700
- 200: {
1701
- description: 'Handler list',
1702
- content: {
1703
- 'application/json': { schema: resolver(handlersResponseSchema) },
1704
- },
1705
- },
1706
- 401: {
1707
- description: 'Unauthenticated',
1708
- content: {
1709
- 'application/json': { schema: resolver(ErrorResponseSchema) },
1710
- },
1711
- },
1712
- },
1713
- }),
1714
- async (c) => {
1715
- const auth = await requireAuth(c);
1716
- if (!auth) return c.json({ error: 'UNAUTHENTICATED' }, 401);
1717
-
1718
- const items: ConsoleHandler[] = options.handlers.map((handler) => ({
1719
- table: handler.table,
1720
- dependsOn: handler.dependsOn,
1721
- snapshotChunkTtlMs: handler.snapshotChunkTtlMs,
1722
- }));
1723
-
1724
- return c.json({ items }, 200);
1725
- }
1726
- );
1727
-
1728
- // -------------------------------------------------------------------------
1729
- // GET /operations - Operation audit log
1730
- // -------------------------------------------------------------------------
1731
-
1732
- routes.get(
1733
- '/operations',
1734
- describeRoute({
1735
- tags: ['console'],
1736
- summary: 'List operation audit events',
1737
- responses: {
1738
- 200: {
1739
- description: 'Paginated operation events',
1740
- content: {
1741
- 'application/json': {
1742
- schema: resolver(
1743
- ConsolePaginatedResponseSchema(ConsoleOperationEventSchema)
1744
- ),
1745
- },
1746
- },
1747
- },
1748
- 401: {
1749
- description: 'Unauthenticated',
1750
- content: {
1751
- 'application/json': { schema: resolver(ErrorResponseSchema) },
1752
- },
1753
- },
1754
- },
1755
- }),
1756
- zValidator('query', ConsoleOperationsQuerySchema),
1757
- async (c) => {
1758
- const auth = await requireAuth(c);
1759
- if (!auth) return c.json({ error: 'UNAUTHENTICATED' }, 401);
1760
-
1761
- const { limit, offset, operationType, partitionId } =
1762
- c.req.valid('query');
1763
-
1764
- let query = db
1765
- .selectFrom('sync_operation_events')
1766
- .select(operationEventSelectColumns);
1767
-
1768
- let countQuery = db
1769
- .selectFrom('sync_operation_events')
1770
- .select(({ fn }) => fn.countAll().as('total'));
1771
-
1772
- if (operationType) {
1773
- query = query.where('operation_type', '=', operationType);
1774
- countQuery = countQuery.where('operation_type', '=', operationType);
1775
- }
1776
- if (partitionId) {
1777
- query = query.where('partition_id', '=', partitionId);
1778
- countQuery = countQuery.where('partition_id', '=', partitionId);
1779
- }
1780
-
1781
- const [rows, countRow] = await Promise.all([
1782
- query
1783
- .orderBy('created_at', 'desc')
1784
- .limit(limit)
1785
- .offset(offset)
1786
- .execute(),
1787
- countQuery.executeTakeFirst(),
1788
- ]);
1789
-
1790
- const items = rows.map((row) => mapOperationEvent(row));
1791
- const total = coerceNumber(countRow?.total) ?? 0;
1792
-
1793
- const response: ConsolePaginatedResponse<ConsoleOperationEvent> = {
1794
- items,
1795
- total,
1796
- offset,
1797
- limit,
1798
- };
1799
-
1800
- c.header('X-Total-Count', String(total));
1801
- return c.json(response, 200);
1802
- }
1803
- );
1804
-
1805
- // -------------------------------------------------------------------------
1806
- // POST /prune/preview
1807
- // -------------------------------------------------------------------------
1808
-
1809
- routes.post(
1810
- '/prune/preview',
1811
- describeRoute({
1812
- tags: ['console'],
1813
- summary: 'Preview pruning',
1814
- responses: {
1815
- 200: {
1816
- description: 'Prune preview',
1817
- content: {
1818
- 'application/json': { schema: resolver(ConsolePrunePreviewSchema) },
1819
- },
1820
- },
1821
- 401: {
1822
- description: 'Unauthenticated',
1823
- content: {
1824
- 'application/json': { schema: resolver(ErrorResponseSchema) },
1825
- },
1826
- },
1827
- },
1828
- }),
1829
- async (c) => {
1830
- const auth = await requireAuth(c);
1831
- if (!auth) return c.json({ error: 'UNAUTHENTICATED' }, 401);
1832
-
1833
- const watermarkCommitSeq = await computePruneWatermarkCommitSeq(
1834
- options.db,
1835
- options.prune
1836
- );
1837
-
1838
- // Count commits that would be deleted
1839
- const countRow = await db
1840
- .selectFrom('sync_commits')
1841
- .select(({ fn }) => fn.countAll().as('count'))
1842
- .where('commit_seq', '<=', watermarkCommitSeq)
1843
- .executeTakeFirst();
1844
-
1845
- const commitsToDelete = coerceNumber(countRow?.count) ?? 0;
1846
-
1847
- const preview: ConsolePrunePreview = {
1848
- watermarkCommitSeq,
1849
- commitsToDelete,
1850
- };
1851
-
1852
- return c.json(preview, 200);
1853
- }
1854
- );
1855
-
1856
- // -------------------------------------------------------------------------
1857
- // POST /prune
1858
- // -------------------------------------------------------------------------
1859
-
1860
- routes.post(
1861
- '/prune',
1862
- describeRoute({
1863
- tags: ['console'],
1864
- summary: 'Trigger pruning',
1865
- responses: {
1866
- 200: {
1867
- description: 'Prune result',
1868
- content: {
1869
- 'application/json': { schema: resolver(ConsolePruneResultSchema) },
1870
- },
1871
- },
1872
- 401: {
1873
- description: 'Unauthenticated',
1874
- content: {
1875
- 'application/json': { schema: resolver(ErrorResponseSchema) },
1876
- },
1877
- },
1878
- },
1879
- }),
1880
- async (c) => {
1881
- const auth = await requireAuth(c);
1882
- if (!auth) return c.json({ error: 'UNAUTHENTICATED' }, 401);
1883
-
1884
- const watermarkCommitSeq = await computePruneWatermarkCommitSeq(
1885
- options.db,
1886
- options.prune
1887
- );
1888
-
1889
- const deletedCommits = await pruneSync(options.db, {
1890
- watermarkCommitSeq,
1891
- keepNewestCommits: options.prune?.keepNewestCommits,
1892
- });
1893
-
1894
- logSyncEvent({
1895
- event: 'console.prune',
1896
- consoleUserId: auth.consoleUserId,
1897
- deletedCommits,
1898
- watermarkCommitSeq,
1899
- });
1900
- await recordOperationEvent({
1901
- operationType: 'prune',
1902
- consoleUserId: auth.consoleUserId,
1903
- requestPayload: {
1904
- watermarkCommitSeq,
1905
- keepNewestCommits: options.prune?.keepNewestCommits ?? null,
1906
- },
1907
- resultPayload: { deletedCommits, watermarkCommitSeq },
1908
- });
1909
-
1910
- const result: ConsolePruneResult = { deletedCommits };
1911
- return c.json(result, 200);
1912
- }
1913
- );
1914
-
1915
- // -------------------------------------------------------------------------
1916
- // POST /compact
1917
- // -------------------------------------------------------------------------
1918
-
1919
- routes.post(
1920
- '/compact',
1921
- describeRoute({
1922
- tags: ['console'],
1923
- summary: 'Trigger compaction',
1924
- responses: {
1925
- 200: {
1926
- description: 'Compact result',
1927
- content: {
1928
- 'application/json': {
1929
- schema: resolver(ConsoleCompactResultSchema),
1930
- },
1931
- },
1932
- },
1933
- 401: {
1934
- description: 'Unauthenticated',
1935
- content: {
1936
- 'application/json': { schema: resolver(ErrorResponseSchema) },
1937
- },
1938
- },
1939
- },
1940
- }),
1941
- async (c) => {
1942
- const auth = await requireAuth(c);
1943
- if (!auth) return c.json({ error: 'UNAUTHENTICATED' }, 401);
1944
-
1945
- const fullHistoryHours = options.compact?.fullHistoryHours ?? 24 * 7;
1946
-
1947
- const deletedChanges = await compactChanges(options.db, {
1948
- dialect: options.dialect,
1949
- options: { fullHistoryHours },
1950
- });
1951
-
1952
- logSyncEvent({
1953
- event: 'console.compact',
1954
- consoleUserId: auth.consoleUserId,
1955
- deletedChanges,
1956
- fullHistoryHours,
1957
- });
1958
- await recordOperationEvent({
1959
- operationType: 'compact',
1960
- consoleUserId: auth.consoleUserId,
1961
- requestPayload: { fullHistoryHours },
1962
- resultPayload: { deletedChanges },
1963
- });
1964
-
1965
- const result: ConsoleCompactResult = { deletedChanges };
1966
- return c.json(result, 200);
1967
- }
1968
- );
1969
-
1970
- // -------------------------------------------------------------------------
1971
- // POST /notify-data-change
1972
- // -------------------------------------------------------------------------
1973
-
1974
- const NotifyDataChangeRequestSchema = z.object({
1975
- tables: z.array(z.string().min(1)).min(1),
1976
- partitionId: z.string().optional(),
1977
- });
1978
-
1979
- const NotifyDataChangeResponseSchema = z.object({
1980
- commitSeq: z.number(),
1981
- tables: z.array(z.string()),
1982
- deletedChunks: z.number(),
1983
- });
1984
-
1985
- routes.post(
1986
- '/notify-data-change',
1987
- describeRoute({
1988
- tags: ['console'],
1989
- summary: 'Notify external data change',
1990
- description:
1991
- 'Creates a synthetic commit to force re-bootstrap for affected tables. ' +
1992
- 'Use after pipeline imports or direct DB writes to notify connected clients.',
1993
- responses: {
1994
- 200: {
1995
- description: 'Notification result',
1996
- content: {
1997
- 'application/json': {
1998
- schema: resolver(NotifyDataChangeResponseSchema),
1999
- },
2000
- },
2001
- },
2002
- 400: {
2003
- description: 'Invalid request',
2004
- content: {
2005
- 'application/json': { schema: resolver(ErrorResponseSchema) },
2006
- },
2007
- },
2008
- 401: {
2009
- description: 'Unauthenticated',
2010
- content: {
2011
- 'application/json': { schema: resolver(ErrorResponseSchema) },
2012
- },
2013
- },
2014
- },
2015
- }),
2016
- zValidator('json', NotifyDataChangeRequestSchema),
2017
- async (c) => {
2018
- const auth = await requireAuth(c);
2019
- if (!auth) return c.json({ error: 'UNAUTHENTICATED' }, 401);
2020
-
2021
- const body = c.req.valid('json');
2022
-
2023
- const result = await notifyExternalDataChange({
2024
- db: options.db,
2025
- dialect: options.dialect,
2026
- tables: body.tables,
2027
- partitionId: body.partitionId,
2028
- });
2029
-
2030
- logSyncEvent({
2031
- event: 'console.notify_data_change',
2032
- consoleUserId: auth.consoleUserId,
2033
- tables: body.tables,
2034
- commitSeq: result.commitSeq,
2035
- deletedChunks: result.deletedChunks,
2036
- });
2037
- await recordOperationEvent({
2038
- operationType: 'notify_data_change',
2039
- consoleUserId: auth.consoleUserId,
2040
- partitionId: body.partitionId ?? null,
2041
- requestPayload: {
2042
- tables: body.tables,
2043
- partitionId: body.partitionId ?? null,
2044
- },
2045
- resultPayload: result,
2046
- });
2047
-
2048
- // Wake all WS clients so they pull immediately
2049
- if (options.wsConnectionManager) {
2050
- options.wsConnectionManager.notifyAllClients(result.commitSeq);
2051
- }
2052
-
2053
- return c.json(result, 200);
2054
- }
2055
- );
2056
-
2057
- // -------------------------------------------------------------------------
2058
- // DELETE /clients/:id
2059
- // -------------------------------------------------------------------------
2060
-
2061
- routes.delete(
2062
- '/clients/:id',
2063
- describeRoute({
2064
- tags: ['console'],
2065
- summary: 'Evict client',
2066
- responses: {
2067
- 200: {
2068
- description: 'Evict result',
2069
- content: {
2070
- 'application/json': { schema: resolver(ConsoleEvictResultSchema) },
2071
- },
2072
- },
2073
- 400: {
2074
- description: 'Invalid request',
2075
- content: {
2076
- 'application/json': { schema: resolver(ErrorResponseSchema) },
2077
- },
2078
- },
2079
- 401: {
2080
- description: 'Unauthenticated',
2081
- content: {
2082
- 'application/json': { schema: resolver(ErrorResponseSchema) },
2083
- },
2084
- },
2085
- },
2086
- }),
2087
- zValidator('param', clientIdParamSchema),
2088
- zValidator('query', evictClientQuerySchema),
2089
- async (c) => {
2090
- const auth = await requireAuth(c);
2091
- if (!auth) return c.json({ error: 'UNAUTHENTICATED' }, 401);
2092
-
2093
- const { id: clientId } = c.req.valid('param');
2094
- const { partitionId } = c.req.valid('query');
2095
-
2096
- let deleteQuery = db
2097
- .deleteFrom('sync_client_cursors')
2098
- .where('client_id', '=', clientId);
2099
-
2100
- if (partitionId) {
2101
- deleteQuery = deleteQuery.where('partition_id', '=', partitionId);
2102
- }
2103
-
2104
- const res = await deleteQuery.executeTakeFirst();
2105
-
2106
- const evicted = Number(res?.numDeletedRows ?? 0) > 0;
2107
-
2108
- logSyncEvent({
2109
- event: 'console.evict_client',
2110
- consoleUserId: auth.consoleUserId,
2111
- clientId,
2112
- evicted,
2113
- });
2114
- await recordOperationEvent({
2115
- operationType: 'evict_client',
2116
- consoleUserId: auth.consoleUserId,
2117
- partitionId: partitionId ?? null,
2118
- targetClientId: clientId,
2119
- requestPayload: { clientId, partitionId: partitionId ?? null },
2120
- resultPayload: { evicted },
2121
- });
2122
-
2123
- const result: ConsoleEvictResult = { evicted };
2124
- return c.json(result, 200);
2125
- }
2126
- );
2127
-
2128
- // -------------------------------------------------------------------------
2129
- // GET /events - Paginated request events list
2130
- // -------------------------------------------------------------------------
2131
-
2132
- routes.get(
2133
- '/events',
2134
- describeRoute({
2135
- tags: ['console'],
2136
- summary: 'List request events',
2137
- responses: {
2138
- 200: {
2139
- description: 'Paginated event list',
2140
- content: {
2141
- 'application/json': {
2142
- schema: resolver(
2143
- ConsolePaginatedResponseSchema(ConsoleRequestEventSchema)
2144
- ),
2145
- },
2146
- },
2147
- },
2148
- 401: {
2149
- description: 'Unauthenticated',
2150
- content: {
2151
- 'application/json': { schema: resolver(ErrorResponseSchema) },
2152
- },
2153
- },
2154
- },
2155
- }),
2156
- zValidator('query', eventsQuerySchema),
2157
- async (c) => {
2158
- const auth = await requireAuth(c);
2159
- if (!auth) return c.json({ error: 'UNAUTHENTICATED' }, 401);
2160
-
2161
- const {
2162
- limit,
2163
- offset,
2164
- partitionId,
2165
- eventType,
2166
- actorId,
2167
- clientId,
2168
- requestId,
2169
- traceId,
2170
- outcome,
2171
- } = c.req.valid('query');
2172
-
2173
- let query = db
2174
- .selectFrom('sync_request_events')
2175
- .select(requestEventSelectColumns);
2176
-
2177
- let countQuery = db
2178
- .selectFrom('sync_request_events')
2179
- .select(({ fn }) => fn.countAll().as('total'));
2180
-
2181
- if (partitionId) {
2182
- query = query.where('partition_id', '=', partitionId);
2183
- countQuery = countQuery.where('partition_id', '=', partitionId);
2184
- }
2185
- if (eventType) {
2186
- query = query.where('event_type', '=', eventType);
2187
- countQuery = countQuery.where('event_type', '=', eventType);
2188
- }
2189
- if (actorId) {
2190
- query = query.where('actor_id', '=', actorId);
2191
- countQuery = countQuery.where('actor_id', '=', actorId);
2192
- }
2193
- if (clientId) {
2194
- query = query.where('client_id', '=', clientId);
2195
- countQuery = countQuery.where('client_id', '=', clientId);
2196
- }
2197
- if (requestId) {
2198
- query = query.where('request_id', '=', requestId);
2199
- countQuery = countQuery.where('request_id', '=', requestId);
2200
- }
2201
- if (traceId) {
2202
- query = query.where('trace_id', '=', traceId);
2203
- countQuery = countQuery.where('trace_id', '=', traceId);
2204
- }
2205
- if (outcome) {
2206
- query = query.where('outcome', '=', outcome);
2207
- countQuery = countQuery.where('outcome', '=', outcome);
2208
- }
2209
-
2210
- const [rows, countRow] = await Promise.all([
2211
- query
2212
- .orderBy('created_at', 'desc')
2213
- .limit(limit)
2214
- .offset(offset)
2215
- .execute(),
2216
- countQuery.executeTakeFirst(),
2217
- ]);
2218
-
2219
- const items: ConsoleRequestEvent[] = rows.map((row) =>
2220
- mapRequestEvent(row)
2221
- );
2222
-
2223
- const total = coerceNumber(countRow?.total) ?? 0;
2224
-
2225
- const response: ConsolePaginatedResponse<ConsoleRequestEvent> = {
2226
- items,
2227
- total,
2228
- offset,
2229
- limit,
2230
- };
2231
-
2232
- c.header('X-Total-Count', String(total));
2233
- return c.json(response, 200);
2234
- }
2235
- );
2236
-
2237
- // -------------------------------------------------------------------------
2238
- // GET /events/live - WebSocket for live activity feed
2239
- // NOTE: Must be defined BEFORE /events/:id to avoid route conflict
2240
- // -------------------------------------------------------------------------
2241
-
2242
- if (
2243
- options.eventEmitter &&
2244
- options.websocket?.enabled &&
2245
- options.websocket?.upgradeWebSocket
2246
- ) {
2247
- const emitter = options.eventEmitter;
2248
- const upgradeWebSocket = options.websocket.upgradeWebSocket;
2249
- const heartbeatIntervalMs = options.websocket.heartbeatIntervalMs ?? 30000;
2250
-
2251
- type WebSocketLike = {
2252
- send: (data: string) => void;
2253
- close: (code?: number, reason?: string) => void;
2254
- };
2255
-
2256
- const wsState = new WeakMap<
2257
- WebSocketLike,
2258
- {
2259
- listener: ConsoleEventListener | null;
2260
- heartbeatInterval: ReturnType<typeof setInterval> | null;
2261
- authTimeout: ReturnType<typeof setTimeout> | null;
2262
- isAuthenticated: boolean;
2263
- }
2264
- >();
2265
-
2266
- const closeUnauthenticated = (ws: WebSocketLike) => {
2267
- try {
2268
- ws.send(JSON.stringify({ type: 'error', message: 'UNAUTHENTICATED' }));
2269
- } catch {
2270
- // ignore send errors
2271
- }
2272
- ws.close(4001, 'Unauthenticated');
2273
- };
2274
-
2275
- const cleanup = (ws: WebSocketLike) => {
2276
- const state = wsState.get(ws);
2277
- if (!state) return;
2278
- if (state.listener) {
2279
- emitter.removeListener(state.listener);
2280
- }
2281
- if (state.heartbeatInterval) {
2282
- clearInterval(state.heartbeatInterval);
2283
- }
2284
- if (state.authTimeout) {
2285
- clearTimeout(state.authTimeout);
2286
- }
2287
- wsState.delete(ws);
2288
- };
2289
-
2290
- routes.get(
2291
- '/events/live',
2292
- upgradeWebSocket(async (c) => {
2293
- const authHeader = c.req.header('Authorization');
2294
- const partitionId = c.req.query('partitionId')?.trim() || undefined;
2295
- const replaySince = c.req.query('since');
2296
- const replayLimitRaw = c.req.query('replayLimit');
2297
- const replayLimitNumber = replayLimitRaw
2298
- ? Number.parseInt(replayLimitRaw, 10)
2299
- : Number.NaN;
2300
- const replayLimit = Number.isFinite(replayLimitNumber)
2301
- ? Math.max(1, Math.min(500, replayLimitNumber))
2302
- : 100;
2303
- const mockContext = {
2304
- req: {
2305
- header: (name: string) =>
2306
- name === 'Authorization' ? authHeader : undefined,
2307
- query: () => undefined,
2308
- },
2309
- } as unknown as Context;
2310
-
2311
- const initialAuth = await options.authenticate(mockContext);
2312
-
2313
- const authenticateWithBearer = async (token: string) => {
2314
- const trimmedToken = token.trim();
2315
- if (!trimmedToken) return null;
2316
- const authContext = {
2317
- req: {
2318
- header: (name: string) =>
2319
- name === 'Authorization' ? `Bearer ${trimmedToken}` : undefined,
2320
- query: () => undefined,
2321
- },
2322
- } as unknown as Context;
2323
- return options.authenticate(authContext);
2324
- };
2325
-
2326
- return {
2327
- onOpen(_event, ws) {
2328
- const state = {
2329
- listener: null,
2330
- heartbeatInterval: null,
2331
- authTimeout: null,
2332
- isAuthenticated: false,
2333
- } as {
2334
- listener: ConsoleEventListener | null;
2335
- heartbeatInterval: ReturnType<typeof setInterval> | null;
2336
- authTimeout: ReturnType<typeof setTimeout> | null;
2337
- isAuthenticated: boolean;
2338
- };
2339
- wsState.set(ws, state);
2340
-
2341
- const startAuthenticatedSession = () => {
2342
- if (state.isAuthenticated) return;
2343
- state.isAuthenticated = true;
2344
- if (state.authTimeout) {
2345
- clearTimeout(state.authTimeout);
2346
- state.authTimeout = null;
2347
- }
2348
-
2349
- const listener: ConsoleEventListener = (event) => {
2350
- if (partitionId) {
2351
- const eventPartitionId = event.data.partitionId;
2352
- if (
2353
- typeof eventPartitionId !== 'string' ||
2354
- eventPartitionId !== partitionId
2355
- ) {
2356
- return;
2357
- }
2358
- }
2359
- try {
2360
- ws.send(JSON.stringify(event));
2361
- } catch {
2362
- // Connection closed
2363
- }
2364
- };
2365
-
2366
- emitter.addListener(listener);
2367
- state.listener = listener;
2368
-
2369
- ws.send(
2370
- JSON.stringify({
2371
- type: 'connected',
2372
- timestamp: new Date().toISOString(),
2373
- })
2374
- );
2375
-
2376
- const replayEvents = emitter.replay({
2377
- since: replaySince,
2378
- limit: replayLimit,
2379
- partitionId,
2380
- });
2381
- for (const replayEvent of replayEvents) {
2382
- try {
2383
- ws.send(JSON.stringify(replayEvent));
2384
- } catch {
2385
- // Connection closed
2386
- break;
2387
- }
2388
- }
2389
-
2390
- const heartbeatInterval = setInterval(() => {
2391
- try {
2392
- ws.send(
2393
- JSON.stringify({
2394
- type: 'heartbeat',
2395
- timestamp: new Date().toISOString(),
2396
- })
2397
- );
2398
- } catch {
2399
- clearInterval(heartbeatInterval);
2400
- }
2401
- }, heartbeatIntervalMs);
2402
- state.heartbeatInterval = heartbeatInterval;
2403
- };
2404
-
2405
- if (initialAuth) {
2406
- startAuthenticatedSession();
2407
- return;
2408
- }
2409
-
2410
- state.authTimeout = setTimeout(() => {
2411
- const current = wsState.get(ws);
2412
- if (!current || current.isAuthenticated) {
2413
- return;
2414
- }
2415
- closeUnauthenticated(ws);
2416
- cleanup(ws);
2417
- }, 5_000);
2418
- },
2419
- async onMessage(event, ws) {
2420
- const state = wsState.get(ws);
2421
- if (!state || state.isAuthenticated) {
2422
- return;
2423
- }
2424
-
2425
- if (typeof event.data !== 'string') {
2426
- closeUnauthenticated(ws);
2427
- cleanup(ws);
2428
- return;
2429
- }
2430
-
2431
- let token = '';
2432
- try {
2433
- const parsed = JSON.parse(event.data) as {
2434
- type?: unknown;
2435
- token?: unknown;
2436
- };
2437
- if (
2438
- parsed.type === 'auth' &&
2439
- typeof parsed.token === 'string' &&
2440
- parsed.token.trim().length > 0
2441
- ) {
2442
- token = parsed.token;
2443
- }
2444
- } catch {
2445
- // Ignore parse errors and close as unauthenticated below.
2446
- }
2447
-
2448
- if (!token) {
2449
- closeUnauthenticated(ws);
2450
- cleanup(ws);
2451
- return;
2452
- }
2453
-
2454
- const auth = await authenticateWithBearer(token);
2455
- const currentState = wsState.get(ws);
2456
- if (!currentState || currentState.isAuthenticated) {
2457
- return;
2458
- }
2459
- if (!auth) {
2460
- closeUnauthenticated(ws);
2461
- cleanup(ws);
2462
- return;
2463
- }
2464
-
2465
- currentState.isAuthenticated = true;
2466
- if (currentState.authTimeout) {
2467
- clearTimeout(currentState.authTimeout);
2468
- currentState.authTimeout = null;
2469
- }
2470
-
2471
- const listener: ConsoleEventListener = (liveEvent) => {
2472
- if (partitionId) {
2473
- const eventPartitionId = liveEvent.data.partitionId;
2474
- if (
2475
- typeof eventPartitionId !== 'string' ||
2476
- eventPartitionId !== partitionId
2477
- ) {
2478
- return;
2479
- }
2480
- }
2481
- try {
2482
- ws.send(JSON.stringify(liveEvent));
2483
- } catch {
2484
- // Connection closed
2485
- }
2486
- };
2487
-
2488
- emitter.addListener(listener);
2489
- currentState.listener = listener;
2490
-
2491
- ws.send(
2492
- JSON.stringify({
2493
- type: 'connected',
2494
- timestamp: new Date().toISOString(),
2495
- })
2496
- );
2497
-
2498
- const replayEvents = emitter.replay({
2499
- since: replaySince,
2500
- limit: replayLimit,
2501
- partitionId,
2502
- });
2503
- for (const replayEvent of replayEvents) {
2504
- try {
2505
- ws.send(JSON.stringify(replayEvent));
2506
- } catch {
2507
- // Connection closed
2508
- break;
2509
- }
2510
- }
2511
-
2512
- const heartbeatInterval = setInterval(() => {
2513
- try {
2514
- ws.send(
2515
- JSON.stringify({
2516
- type: 'heartbeat',
2517
- timestamp: new Date().toISOString(),
2518
- })
2519
- );
2520
- } catch {
2521
- clearInterval(heartbeatInterval);
2522
- }
2523
- }, heartbeatIntervalMs);
2524
- currentState.heartbeatInterval = heartbeatInterval;
2525
- },
2526
- onClose(_event, ws) {
2527
- cleanup(ws);
2528
- },
2529
- onError(_event, ws) {
2530
- cleanup(ws);
2531
- },
2532
- };
2533
- })
2534
- );
2535
- }
2536
-
2537
- // -------------------------------------------------------------------------
2538
- // GET /events/:id - Single event detail
2539
- // -------------------------------------------------------------------------
2540
-
2541
- routes.get(
2542
- '/events/:id',
2543
- describeRoute({
2544
- tags: ['console'],
2545
- summary: 'Get event details',
2546
- responses: {
2547
- 200: {
2548
- description: 'Event details',
2549
- content: {
2550
- 'application/json': {
2551
- schema: resolver(ConsoleRequestEventSchema),
2552
- },
2553
- },
2554
- },
2555
- 400: {
2556
- description: 'Invalid request',
2557
- content: {
2558
- 'application/json': { schema: resolver(ErrorResponseSchema) },
2559
- },
2560
- },
2561
- 401: {
2562
- description: 'Unauthenticated',
2563
- content: {
2564
- 'application/json': { schema: resolver(ErrorResponseSchema) },
2565
- },
2566
- },
2567
- 404: {
2568
- description: 'Not found',
2569
- content: {
2570
- 'application/json': { schema: resolver(ErrorResponseSchema) },
2571
- },
2572
- },
2573
- },
2574
- }),
2575
- zValidator('param', eventIdParamSchema),
2576
- zValidator('query', eventDetailQuerySchema),
2577
- async (c) => {
2578
- const auth = await requireAuth(c);
2579
- if (!auth) return c.json({ error: 'UNAUTHENTICATED' }, 401);
2580
-
2581
- const { id: eventId } = c.req.valid('param');
2582
- const { partitionId } = c.req.valid('query');
2583
-
2584
- let eventQuery = db
2585
- .selectFrom('sync_request_events')
2586
- .select(requestEventSelectColumns)
2587
- .where('event_id', '=', eventId);
2588
-
2589
- if (partitionId) {
2590
- eventQuery = eventQuery.where('partition_id', '=', partitionId);
2591
- }
2592
-
2593
- const row = await eventQuery.executeTakeFirst();
2594
-
2595
- if (!row) {
2596
- return c.json({ error: 'NOT_FOUND' }, 404);
2597
- }
2598
-
2599
- return c.json(mapRequestEvent(row), 200);
2600
- }
2601
- );
2602
-
2603
- // -------------------------------------------------------------------------
2604
- // GET /events/:id/payload - payload snapshot detail (if retained)
2605
- // -------------------------------------------------------------------------
2606
-
2607
- routes.get(
2608
- '/events/:id/payload',
2609
- describeRoute({
2610
- tags: ['console'],
2611
- summary: 'Get event payload snapshot',
2612
- responses: {
2613
- 200: {
2614
- description: 'Payload snapshot details',
2615
- content: {
2616
- 'application/json': {
2617
- schema: resolver(ConsoleRequestPayloadSchema),
2618
- },
2619
- },
2620
- },
2621
- 400: {
2622
- description: 'Invalid request',
2623
- content: {
2624
- 'application/json': { schema: resolver(ErrorResponseSchema) },
2625
- },
2626
- },
2627
- 401: {
2628
- description: 'Unauthenticated',
2629
- content: {
2630
- 'application/json': { schema: resolver(ErrorResponseSchema) },
2631
- },
2632
- },
2633
- 404: {
2634
- description: 'Not found',
2635
- content: {
2636
- 'application/json': { schema: resolver(ErrorResponseSchema) },
2637
- },
2638
- },
2639
- },
2640
- }),
2641
- zValidator('param', eventIdParamSchema),
2642
- zValidator('query', eventDetailQuerySchema),
2643
- async (c) => {
2644
- const auth = await requireAuth(c);
2645
- if (!auth) return c.json({ error: 'UNAUTHENTICATED' }, 401);
2646
-
2647
- const { id: eventId } = c.req.valid('param');
2648
- const { partitionId } = c.req.valid('query');
2649
-
2650
- let eventQuery = db
2651
- .selectFrom('sync_request_events')
2652
- .select(['payload_ref', 'partition_id'])
2653
- .where('event_id', '=', eventId);
2654
-
2655
- if (partitionId) {
2656
- eventQuery = eventQuery.where('partition_id', '=', partitionId);
2657
- }
2658
-
2659
- const eventRow = await eventQuery.executeTakeFirst();
2660
-
2661
- if (!eventRow) {
2662
- return c.json({ error: 'NOT_FOUND' }, 404);
2663
- }
2664
-
2665
- const payloadRef = eventRow.payload_ref;
2666
- if (!payloadRef) {
2667
- return c.json(
2668
- { error: 'NOT_FOUND', message: 'No payload snapshot recorded' },
2669
- 404
2670
- );
2671
- }
2672
-
2673
- const payloadRow = await db
2674
- .selectFrom('sync_request_payloads')
2675
- .select([
2676
- 'payload_ref',
2677
- 'partition_id',
2678
- 'request_payload',
2679
- 'response_payload',
2680
- 'created_at',
2681
- ])
2682
- .where('payload_ref', '=', payloadRef)
2683
- .where('partition_id', '=', eventRow.partition_id)
2684
- .executeTakeFirst();
2685
-
2686
- if (!payloadRow) {
2687
- return c.json(
2688
- { error: 'NOT_FOUND', message: 'Payload snapshot not available' },
2689
- 404
2690
- );
2691
- }
2692
-
2693
- const payload: ConsoleRequestPayload = {
2694
- payloadRef: payloadRow.payload_ref,
2695
- partitionId: payloadRow.partition_id,
2696
- requestPayload: parseJsonValue(payloadRow.request_payload),
2697
- responsePayload: parseJsonValue(payloadRow.response_payload),
2698
- createdAt: payloadRow.created_at,
2699
- };
2700
-
2701
- return c.json(payload, 200);
2702
- }
2703
- );
2704
-
2705
- // -------------------------------------------------------------------------
2706
- // DELETE /events - Clear all events
2707
- // -------------------------------------------------------------------------
2708
-
2709
- routes.delete(
2710
- '/events',
2711
- describeRoute({
2712
- tags: ['console'],
2713
- summary: 'Clear all events',
2714
- responses: {
2715
- 200: {
2716
- description: 'Clear result',
2717
- content: {
2718
- 'application/json': {
2719
- schema: resolver(ConsoleClearEventsResultSchema),
2720
- },
2721
- },
2722
- },
2723
- 401: {
2724
- description: 'Unauthenticated',
2725
- content: {
2726
- 'application/json': { schema: resolver(ErrorResponseSchema) },
2727
- },
2728
- },
2729
- },
2730
- }),
2731
- async (c) => {
2732
- const auth = await requireAuth(c);
2733
- if (!auth) return c.json({ error: 'UNAUTHENTICATED' }, 401);
2734
-
2735
- const res = await db.deleteFrom('sync_request_events').executeTakeFirst();
2736
-
2737
- const deletedCount = Number(res?.numDeletedRows ?? 0);
2738
- const payloadDeletedCount = await deleteUnreferencedPayloadSnapshots();
2739
-
2740
- logSyncEvent({
2741
- event: 'console.clear_events',
2742
- consoleUserId: auth.consoleUserId,
2743
- deletedCount,
2744
- payloadDeletedCount,
2745
- });
2746
-
2747
- const result: ConsoleClearEventsResult = { deletedCount };
2748
- return c.json(result, 200);
2749
- }
2750
- );
2751
-
2752
- // -------------------------------------------------------------------------
2753
- // POST /events/prune - Prune old events
2754
- // -------------------------------------------------------------------------
2755
-
2756
- routes.post(
2757
- '/events/prune',
2758
- describeRoute({
2759
- tags: ['console'],
2760
- summary: 'Prune old events',
2761
- responses: {
2762
- 200: {
2763
- description: 'Prune result',
2764
- content: {
2765
- 'application/json': {
2766
- schema: resolver(ConsolePruneEventsResultSchema),
2767
- },
2768
- },
2769
- },
2770
- 401: {
2771
- description: 'Unauthenticated',
2772
- content: {
2773
- 'application/json': { schema: resolver(ErrorResponseSchema) },
2774
- },
2775
- },
2776
- },
2777
- }),
2778
- async (c) => {
2779
- const auth = await requireAuth(c);
2780
- if (!auth) return c.json({ error: 'UNAUTHENTICATED' }, 401);
2781
-
2782
- // Prune events older than 7 days or keep max 10000 events
2783
- const cutoffDate = new Date(Date.now() - 7 * 24 * 60 * 60 * 1000);
2784
-
2785
- // Delete by date first
2786
- const resByDate = await db
2787
- .deleteFrom('sync_request_events')
2788
- .where('created_at', '<', cutoffDate.toISOString())
2789
- .executeTakeFirst();
2790
-
2791
- let deletedCount = Number(resByDate?.numDeletedRows ?? 0);
2792
-
2793
- // Then delete oldest if we still have more than 10000 events
2794
- const countRow = await db
2795
- .selectFrom('sync_request_events')
2796
- .select(({ fn }) => fn.countAll().as('total'))
2797
- .executeTakeFirst();
2798
-
2799
- const total = coerceNumber(countRow?.total) ?? 0;
2800
- const maxEvents = 10000;
2801
-
2802
- if (total > maxEvents) {
2803
- // Find event_id cutoff to keep only newest maxEvents
2804
- const cutoffRow = await db
2805
- .selectFrom('sync_request_events')
2806
- .select(['event_id'])
2807
- .orderBy('event_id', 'desc')
2808
- .offset(maxEvents)
2809
- .limit(1)
2810
- .executeTakeFirst();
2811
-
2812
- if (cutoffRow) {
2813
- const cutoffEventId = coerceNumber(cutoffRow.event_id);
2814
- if (cutoffEventId !== null) {
2815
- const resByCount = await db
2816
- .deleteFrom('sync_request_events')
2817
- .where('event_id', '<=', cutoffEventId)
2818
- .executeTakeFirst();
2819
-
2820
- deletedCount += Number(resByCount?.numDeletedRows ?? 0);
2821
- }
2822
- }
2823
- }
2824
-
2825
- const payloadDeletedCount = await deleteUnreferencedPayloadSnapshots();
2826
-
2827
- logSyncEvent({
2828
- event: 'console.prune_events',
2829
- consoleUserId: auth.consoleUserId,
2830
- deletedCount,
2831
- payloadDeletedCount,
2832
- });
2833
-
2834
- const result: ConsolePruneEventsResult = { deletedCount };
2835
- return c.json(result, 200);
2836
- }
2837
- );
2838
-
2839
- // -------------------------------------------------------------------------
2840
- // GET /api-keys - List all API keys
2841
- // -------------------------------------------------------------------------
2842
-
2843
- routes.get(
2844
- '/api-keys',
2845
- describeRoute({
2846
- tags: ['console'],
2847
- summary: 'List API keys',
2848
- responses: {
2849
- 200: {
2850
- description: 'Paginated API key list',
2851
- content: {
2852
- 'application/json': {
2853
- schema: resolver(
2854
- ConsolePaginatedResponseSchema(ConsoleApiKeySchema)
2855
- ),
2856
- },
2857
- },
2858
- },
2859
- 401: {
2860
- description: 'Unauthenticated',
2861
- content: {
2862
- 'application/json': { schema: resolver(ErrorResponseSchema) },
2863
- },
2864
- },
2865
- },
2866
- }),
2867
- zValidator('query', apiKeysQuerySchema),
2868
- async (c) => {
2869
- const auth = await requireAuth(c);
2870
- if (!auth) return c.json({ error: 'UNAUTHENTICATED' }, 401);
2871
-
2872
- const {
2873
- limit,
2874
- offset,
2875
- type: keyType,
2876
- status,
2877
- expiresWithinDays,
2878
- } = c.req.valid('query');
2879
-
2880
- let query = db
2881
- .selectFrom('sync_api_keys')
2882
- .select([
2883
- 'key_id',
2884
- 'key_prefix',
2885
- 'name',
2886
- 'key_type',
2887
- 'scope_keys',
2888
- 'actor_id',
2889
- 'created_at',
2890
- 'expires_at',
2891
- 'last_used_at',
2892
- 'revoked_at',
2893
- ]);
2894
-
2895
- let countQuery = db
2896
- .selectFrom('sync_api_keys')
2897
- .select(({ fn }) => fn.countAll().as('total'));
2898
-
2899
- if (keyType) {
2900
- query = query.where('key_type', '=', keyType);
2901
- countQuery = countQuery.where('key_type', '=', keyType);
2902
- }
2903
-
2904
- const now = new Date();
2905
- const nowIso = now.toISOString();
2906
- const expiringThresholdIso = new Date(
2907
- now.getTime() + (expiresWithinDays ?? 14) * 24 * 60 * 60 * 1000
2908
- ).toISOString();
2909
-
2910
- if (status === 'active') {
2911
- query = query
2912
- .where('revoked_at', 'is', null)
2913
- .where((eb) =>
2914
- eb.or([eb('expires_at', 'is', null), eb('expires_at', '>', nowIso)])
2915
- );
2916
- countQuery = countQuery
2917
- .where('revoked_at', 'is', null)
2918
- .where((eb) =>
2919
- eb.or([eb('expires_at', 'is', null), eb('expires_at', '>', nowIso)])
2920
- );
2921
- } else if (status === 'revoked') {
2922
- query = query.where('revoked_at', 'is not', null);
2923
- countQuery = countQuery.where('revoked_at', 'is not', null);
2924
- } else if (status === 'expiring') {
2925
- query = query
2926
- .where('revoked_at', 'is', null)
2927
- .where('expires_at', '>', nowIso)
2928
- .where('expires_at', '<=', expiringThresholdIso);
2929
- countQuery = countQuery
2930
- .where('revoked_at', 'is', null)
2931
- .where('expires_at', '>', nowIso)
2932
- .where('expires_at', '<=', expiringThresholdIso);
2933
- }
2934
-
2935
- const [rows, countRow] = await Promise.all([
2936
- query
2937
- .orderBy('created_at', 'desc')
2938
- .limit(limit)
2939
- .offset(offset)
2940
- .execute(),
2941
- countQuery.executeTakeFirst(),
2942
- ]);
2943
-
2944
- const items: ConsoleApiKey[] = rows.map((row) => ({
2945
- keyId: row.key_id ?? '',
2946
- keyPrefix: row.key_prefix ?? '',
2947
- name: row.name ?? '',
2948
- keyType: row.key_type as ApiKeyType,
2949
- scopeKeys: options.dialect.dbToArray(row.scope_keys),
2950
- actorId: row.actor_id ?? null,
2951
- createdAt: row.created_at ?? '',
2952
- expiresAt: row.expires_at ?? null,
2953
- lastUsedAt: row.last_used_at ?? null,
2954
- revokedAt: row.revoked_at ?? null,
2955
- }));
2956
-
2957
- const totalCount = coerceNumber(countRow?.total) ?? 0;
2958
-
2959
- const response: ConsolePaginatedResponse<ConsoleApiKey> = {
2960
- items,
2961
- total: totalCount,
2962
- offset,
2963
- limit,
2964
- };
2965
-
2966
- c.header('X-Total-Count', String(totalCount));
2967
- return c.json(response, 200);
2968
- }
2969
- );
2970
-
2971
- // -------------------------------------------------------------------------
2972
- // POST /api-keys - Create new API key
2973
- // -------------------------------------------------------------------------
2974
-
2975
- routes.post(
2976
- '/api-keys',
2977
- describeRoute({
2978
- tags: ['console'],
2979
- summary: 'Create API key',
2980
- responses: {
2981
- 201: {
2982
- description: 'Created API key',
2983
- content: {
2984
- 'application/json': {
2985
- schema: resolver(ConsoleApiKeyCreateResponseSchema),
2986
- },
2987
- },
2988
- },
2989
- 400: {
2990
- description: 'Invalid request',
2991
- content: {
2992
- 'application/json': { schema: resolver(ErrorResponseSchema) },
2993
- },
2994
- },
2995
- 401: {
2996
- description: 'Unauthenticated',
2997
- content: {
2998
- 'application/json': { schema: resolver(ErrorResponseSchema) },
2999
- },
3000
- },
3001
- },
3002
- }),
3003
- zValidator('json', ConsoleApiKeyCreateRequestSchema),
3004
- async (c) => {
3005
- const auth = await requireAuth(c);
3006
- if (!auth) return c.json({ error: 'UNAUTHENTICATED' }, 401);
3007
-
3008
- const body = c.req.valid('json');
3009
-
3010
- // Generate key components
3011
- const keyId = generateKeyId();
3012
- const secretKey = generateSecretKey(body.keyType);
3013
- const keyHash = await hashApiKey(secretKey);
3014
- const keyPrefix = secretKey.slice(0, 12);
3015
-
3016
- // Calculate expiry
3017
- let expiresAt: string | null = null;
3018
- if (body.expiresInDays && body.expiresInDays > 0) {
3019
- expiresAt = new Date(
3020
- Date.now() + body.expiresInDays * 24 * 60 * 60 * 1000
3021
- ).toISOString();
3022
- }
3023
-
3024
- const scopeKeys = body.scopeKeys ?? [];
3025
- const now = new Date().toISOString();
3026
-
3027
- // Insert into database
3028
- await db
3029
- .insertInto('sync_api_keys')
3030
- .values({
3031
- key_id: keyId,
3032
- key_hash: keyHash,
3033
- key_prefix: keyPrefix,
3034
- name: body.name,
3035
- key_type: body.keyType,
3036
- scope_keys: options.dialect.arrayToDb(scopeKeys),
3037
- actor_id: body.actorId ?? null,
3038
- created_at: now,
3039
- expires_at: expiresAt,
3040
- last_used_at: null,
3041
- revoked_at: null,
3042
- })
3043
- .execute();
3044
-
3045
- logSyncEvent({
3046
- event: 'console.create_api_key',
3047
- consoleUserId: auth.consoleUserId,
3048
- keyId,
3049
- keyType: body.keyType,
3050
- });
3051
-
3052
- const key: ConsoleApiKey = {
3053
- keyId,
3054
- keyPrefix,
3055
- name: body.name,
3056
- keyType: body.keyType,
3057
- scopeKeys,
3058
- actorId: body.actorId ?? null,
3059
- createdAt: now,
3060
- expiresAt,
3061
- lastUsedAt: null,
3062
- revokedAt: null,
3063
- };
3064
-
3065
- const response: ConsoleApiKeyCreateResponse = {
3066
- key,
3067
- secretKey,
3068
- };
3069
-
3070
- return c.json(response, 201);
3071
- }
3072
- );
3073
-
3074
- // -------------------------------------------------------------------------
3075
- // GET /api-keys/:id - Get single API key
3076
- // -------------------------------------------------------------------------
3077
-
3078
- routes.get(
3079
- '/api-keys/:id',
3080
- describeRoute({
3081
- tags: ['console'],
3082
- summary: 'Get API key',
3083
- responses: {
3084
- 200: {
3085
- description: 'API key details',
3086
- content: {
3087
- 'application/json': { schema: resolver(ConsoleApiKeySchema) },
3088
- },
3089
- },
3090
- 401: {
3091
- description: 'Unauthenticated',
3092
- content: {
3093
- 'application/json': { schema: resolver(ErrorResponseSchema) },
3094
- },
3095
- },
3096
- 404: {
3097
- description: 'Not found',
3098
- content: {
3099
- 'application/json': { schema: resolver(ErrorResponseSchema) },
3100
- },
3101
- },
3102
- },
3103
- }),
3104
- zValidator('param', apiKeyIdParamSchema),
3105
- async (c) => {
3106
- const auth = await requireAuth(c);
3107
- if (!auth) return c.json({ error: 'UNAUTHENTICATED' }, 401);
3108
-
3109
- const { id: keyId } = c.req.valid('param');
3110
-
3111
- const row = await db
3112
- .selectFrom('sync_api_keys')
3113
- .select([
3114
- 'key_id',
3115
- 'key_prefix',
3116
- 'name',
3117
- 'key_type',
3118
- 'scope_keys',
3119
- 'actor_id',
3120
- 'created_at',
3121
- 'expires_at',
3122
- 'last_used_at',
3123
- 'revoked_at',
3124
- ])
3125
- .where('key_id', '=', keyId)
3126
- .executeTakeFirst();
3127
-
3128
- if (!row) {
3129
- return c.json({ error: 'NOT_FOUND' }, 404);
3130
- }
3131
-
3132
- const key: ConsoleApiKey = {
3133
- keyId: row.key_id ?? '',
3134
- keyPrefix: row.key_prefix ?? '',
3135
- name: row.name ?? '',
3136
- keyType: row.key_type as ApiKeyType,
3137
- scopeKeys: options.dialect.dbToArray(row.scope_keys),
3138
- actorId: row.actor_id ?? null,
3139
- createdAt: row.created_at ?? '',
3140
- expiresAt: row.expires_at ?? null,
3141
- lastUsedAt: row.last_used_at ?? null,
3142
- revokedAt: row.revoked_at ?? null,
3143
- };
3144
-
3145
- return c.json(key, 200);
3146
- }
3147
- );
3148
-
3149
- // -------------------------------------------------------------------------
3150
- // DELETE /api-keys/:id - Revoke API key (soft delete)
3151
- // -------------------------------------------------------------------------
3152
-
3153
- routes.delete(
3154
- '/api-keys/:id',
3155
- describeRoute({
3156
- tags: ['console'],
3157
- summary: 'Revoke API key',
3158
- responses: {
3159
- 200: {
3160
- description: 'Revoke result',
3161
- content: {
3162
- 'application/json': {
3163
- schema: resolver(ConsoleApiKeyRevokeResponseSchema),
3164
- },
3165
- },
3166
- },
3167
- 401: {
3168
- description: 'Unauthenticated',
3169
- content: {
3170
- 'application/json': { schema: resolver(ErrorResponseSchema) },
3171
- },
3172
- },
3173
- },
3174
- }),
3175
- zValidator('param', apiKeyIdParamSchema),
3176
- async (c) => {
3177
- const auth = await requireAuth(c);
3178
- if (!auth) return c.json({ error: 'UNAUTHENTICATED' }, 401);
3179
-
3180
- const { id: keyId } = c.req.valid('param');
3181
- const now = new Date().toISOString();
3182
-
3183
- const res = await db
3184
- .updateTable('sync_api_keys')
3185
- .set({ revoked_at: now })
3186
- .where('key_id', '=', keyId)
3187
- .where('revoked_at', 'is', null)
3188
- .executeTakeFirst();
3189
-
3190
- const revoked = Number(res?.numUpdatedRows ?? 0) > 0;
3191
-
3192
- logSyncEvent({
3193
- event: 'console.revoke_api_key',
3194
- consoleUserId: auth.consoleUserId,
3195
- keyId,
3196
- revoked,
3197
- });
3198
-
3199
- return c.json({ revoked }, 200);
3200
- }
3201
- );
3202
-
3203
- // -------------------------------------------------------------------------
3204
- // POST /api-keys/bulk-revoke - Revoke multiple API keys
3205
- // -------------------------------------------------------------------------
3206
-
3207
- routes.post(
3208
- '/api-keys/bulk-revoke',
3209
- describeRoute({
3210
- tags: ['console'],
3211
- summary: 'Bulk revoke API keys',
3212
- responses: {
3213
- 200: {
3214
- description: 'Bulk revoke result',
3215
- content: {
3216
- 'application/json': {
3217
- schema: resolver(ConsoleApiKeyBulkRevokeResponseSchema),
3218
- },
3219
- },
3220
- },
3221
- 400: {
3222
- description: 'Invalid request',
3223
- content: {
3224
- 'application/json': { schema: resolver(ErrorResponseSchema) },
3225
- },
3226
- },
3227
- 401: {
3228
- description: 'Unauthenticated',
3229
- content: {
3230
- 'application/json': { schema: resolver(ErrorResponseSchema) },
3231
- },
3232
- },
3233
- },
3234
- }),
3235
- zValidator('json', ConsoleApiKeyBulkRevokeRequestSchema),
3236
- async (c) => {
3237
- const auth = await requireAuth(c);
3238
- if (!auth) return c.json({ error: 'UNAUTHENTICATED' }, 401);
3239
-
3240
- const body = c.req.valid('json');
3241
- const keyIds = [...new Set(body.keyIds.map((keyId) => keyId.trim()))]
3242
- .filter((keyId) => keyId.length > 0)
3243
- .slice(0, 200);
3244
-
3245
- if (keyIds.length === 0) {
3246
- return c.json(
3247
- { error: 'INVALID_REQUEST', message: 'No API key IDs provided' },
3248
- 400
3249
- );
3250
- }
3251
-
3252
- const now = new Date().toISOString();
3253
- const existingRows = await db
3254
- .selectFrom('sync_api_keys')
3255
- .select(['key_id', 'revoked_at'])
3256
- .where('key_id', 'in', keyIds)
3257
- .execute();
3258
-
3259
- const existingById = new Map(
3260
- existingRows.map((row) => [row.key_id, row.revoked_at])
3261
- );
3262
-
3263
- const notFoundKeyIds: string[] = [];
3264
- const alreadyRevokedKeyIds: string[] = [];
3265
- const revokeCandidateKeyIds: string[] = [];
3266
-
3267
- for (const keyId of keyIds) {
3268
- const revokedAt = existingById.get(keyId);
3269
- if (revokedAt === undefined) {
3270
- notFoundKeyIds.push(keyId);
3271
- } else if (revokedAt !== null) {
3272
- alreadyRevokedKeyIds.push(keyId);
3273
- } else {
3274
- revokeCandidateKeyIds.push(keyId);
3275
- }
3276
- }
3277
-
3278
- let revokedCount = 0;
3279
- if (revokeCandidateKeyIds.length > 0) {
3280
- const updateResult = await db
3281
- .updateTable('sync_api_keys')
3282
- .set({ revoked_at: now })
3283
- .where('key_id', 'in', revokeCandidateKeyIds)
3284
- .where('revoked_at', 'is', null)
3285
- .executeTakeFirst();
3286
-
3287
- revokedCount = Number(updateResult?.numUpdatedRows ?? 0);
3288
- }
3289
-
3290
- const response: ConsoleApiKeyBulkRevokeResponse = {
3291
- requestedCount: keyIds.length,
3292
- revokedCount,
3293
- alreadyRevokedCount: alreadyRevokedKeyIds.length,
3294
- notFoundCount: notFoundKeyIds.length,
3295
- revokedKeyIds: revokeCandidateKeyIds,
3296
- alreadyRevokedKeyIds,
3297
- notFoundKeyIds,
3298
- };
3299
-
3300
- logSyncEvent({
3301
- event: 'console.bulk_revoke_api_keys',
3302
- consoleUserId: auth.consoleUserId,
3303
- requestedCount: response.requestedCount,
3304
- revokedCount: response.revokedCount,
3305
- alreadyRevokedCount: response.alreadyRevokedCount,
3306
- notFoundCount: response.notFoundCount,
3307
- });
3308
-
3309
- return c.json(response, 200);
3310
- }
3311
- );
3312
-
3313
- // -------------------------------------------------------------------------
3314
- // POST /api-keys/:id/rotate/stage - Stage rotate API key (keep old active)
3315
- // -------------------------------------------------------------------------
3316
-
3317
- routes.post(
3318
- '/api-keys/:id/rotate/stage',
3319
- describeRoute({
3320
- tags: ['console'],
3321
- summary: 'Stage rotate API key',
3322
- responses: {
3323
- 200: {
3324
- description: 'Staged API key replacement',
3325
- content: {
3326
- 'application/json': {
3327
- schema: resolver(ConsoleApiKeyCreateResponseSchema),
3328
- },
3329
- },
3330
- },
3331
- 401: {
3332
- description: 'Unauthenticated',
3333
- content: {
3334
- 'application/json': { schema: resolver(ErrorResponseSchema) },
3335
- },
3336
- },
3337
- 404: {
3338
- description: 'Not found',
3339
- content: {
3340
- 'application/json': { schema: resolver(ErrorResponseSchema) },
3341
- },
3342
- },
3343
- },
3344
- }),
3345
- zValidator('param', apiKeyIdParamSchema),
3346
- async (c) => {
3347
- const auth = await requireAuth(c);
3348
- if (!auth) return c.json({ error: 'UNAUTHENTICATED' }, 401);
3349
-
3350
- const { id: keyId } = c.req.valid('param');
3351
- const now = new Date().toISOString();
3352
-
3353
- const existingRow = await db
3354
- .selectFrom('sync_api_keys')
3355
- .select([
3356
- 'name',
3357
- 'key_type',
3358
- 'scope_keys',
3359
- 'actor_id',
3360
- 'expires_at',
3361
- 'revoked_at',
3362
- ])
3363
- .where('key_id', '=', keyId)
3364
- .where('revoked_at', 'is', null)
3365
- .executeTakeFirst();
3366
-
3367
- if (!existingRow) {
3368
- return c.json({ error: 'NOT_FOUND' }, 404);
3369
- }
3370
-
3371
- const newKeyId = generateKeyId();
3372
- const keyType = existingRow.key_type as ApiKeyType;
3373
- const secretKey = generateSecretKey(keyType);
3374
- const keyHash = await hashApiKey(secretKey);
3375
- const keyPrefix = secretKey.slice(0, 12);
3376
- const scopeKeys = options.dialect.dbToArray(existingRow.scope_keys);
3377
-
3378
- await db
3379
- .insertInto('sync_api_keys')
3380
- .values({
3381
- key_id: newKeyId,
3382
- key_hash: keyHash,
3383
- key_prefix: keyPrefix,
3384
- name: existingRow.name,
3385
- key_type: keyType,
3386
- scope_keys: options.dialect.arrayToDb(scopeKeys),
3387
- actor_id: existingRow.actor_id ?? null,
3388
- created_at: now,
3389
- expires_at: existingRow.expires_at,
3390
- last_used_at: null,
3391
- revoked_at: null,
3392
- })
3393
- .execute();
3394
-
3395
- logSyncEvent({
3396
- event: 'console.stage_rotate_api_key',
3397
- consoleUserId: auth.consoleUserId,
3398
- oldKeyId: keyId,
3399
- newKeyId,
3400
- });
3401
-
3402
- const key: ConsoleApiKey = {
3403
- keyId: newKeyId,
3404
- keyPrefix,
3405
- name: existingRow.name,
3406
- keyType,
3407
- scopeKeys,
3408
- actorId: existingRow.actor_id ?? null,
3409
- createdAt: now,
3410
- expiresAt: existingRow.expires_at ?? null,
3411
- lastUsedAt: null,
3412
- revokedAt: null,
3413
- };
3414
-
3415
- const response: ConsoleApiKeyCreateResponse = {
3416
- key,
3417
- secretKey,
3418
- };
3419
-
3420
- return c.json(response, 200);
3421
- }
3422
- );
3423
-
3424
- // -------------------------------------------------------------------------
3425
- // POST /api-keys/:id/rotate - Rotate API key
3426
- // -------------------------------------------------------------------------
3427
-
3428
- routes.post(
3429
- '/api-keys/:id/rotate',
3430
- describeRoute({
3431
- tags: ['console'],
3432
- summary: 'Rotate API key',
3433
- responses: {
3434
- 200: {
3435
- description: 'Rotated API key',
3436
- content: {
3437
- 'application/json': {
3438
- schema: resolver(ConsoleApiKeyCreateResponseSchema),
3439
- },
3440
- },
3441
- },
3442
- 401: {
3443
- description: 'Unauthenticated',
3444
- content: {
3445
- 'application/json': { schema: resolver(ErrorResponseSchema) },
3446
- },
3447
- },
3448
- 404: {
3449
- description: 'Not found',
3450
- content: {
3451
- 'application/json': { schema: resolver(ErrorResponseSchema) },
3452
- },
3453
- },
3454
- },
3455
- }),
3456
- zValidator('param', apiKeyIdParamSchema),
3457
- async (c) => {
3458
- const auth = await requireAuth(c);
3459
- if (!auth) return c.json({ error: 'UNAUTHENTICATED' }, 401);
3460
-
3461
- const { id: keyId } = c.req.valid('param');
3462
- const now = new Date().toISOString();
3463
-
3464
- // Get existing key
3465
- const existingRow = await db
3466
- .selectFrom('sync_api_keys')
3467
- .select([
3468
- 'key_id',
3469
- 'name',
3470
- 'key_type',
3471
- 'scope_keys',
3472
- 'actor_id',
3473
- 'expires_at',
3474
- ])
3475
- .where('key_id', '=', keyId)
3476
- .where('revoked_at', 'is', null)
3477
- .executeTakeFirst();
3478
-
3479
- if (!existingRow) {
3480
- return c.json({ error: 'NOT_FOUND' }, 404);
3481
- }
3482
-
3483
- // Revoke old key
3484
- await db
3485
- .updateTable('sync_api_keys')
3486
- .set({ revoked_at: now })
3487
- .where('key_id', '=', keyId)
3488
- .execute();
3489
-
3490
- // Create new key with same properties
3491
- const newKeyId = generateKeyId();
3492
- const keyType = existingRow.key_type as ApiKeyType;
3493
- const secretKey = generateSecretKey(keyType);
3494
- const keyHash = await hashApiKey(secretKey);
3495
- const keyPrefix = secretKey.slice(0, 12);
3496
-
3497
- const scopeKeys = options.dialect.dbToArray(existingRow.scope_keys);
3498
-
3499
- await db
3500
- .insertInto('sync_api_keys')
3501
- .values({
3502
- key_id: newKeyId,
3503
- key_hash: keyHash,
3504
- key_prefix: keyPrefix,
3505
- name: existingRow.name,
3506
- key_type: keyType,
3507
- scope_keys: options.dialect.arrayToDb(scopeKeys),
3508
- actor_id: existingRow.actor_id ?? null,
3509
- created_at: now,
3510
- expires_at: existingRow.expires_at,
3511
- last_used_at: null,
3512
- revoked_at: null,
3513
- })
3514
- .execute();
3515
-
3516
- logSyncEvent({
3517
- event: 'console.rotate_api_key',
3518
- consoleUserId: auth.consoleUserId,
3519
- oldKeyId: keyId,
3520
- newKeyId,
3521
- });
3522
-
3523
- const key: ConsoleApiKey = {
3524
- keyId: newKeyId,
3525
- keyPrefix,
3526
- name: existingRow.name,
3527
- keyType,
3528
- scopeKeys,
3529
- actorId: existingRow.actor_id ?? null,
3530
- createdAt: now,
3531
- expiresAt: existingRow.expires_at ?? null,
3532
- lastUsedAt: null,
3533
- revokedAt: null,
3534
- };
3535
-
3536
- const response: ConsoleApiKeyCreateResponse = {
3537
- key,
3538
- secretKey,
3539
- };
3540
-
3541
- return c.json(response, 200);
3542
- }
3543
- );
3544
-
3545
- // -----------------------------------------------------------------------
3546
- // Storage endpoints
3547
- // -----------------------------------------------------------------------
3548
- const bucket = options.blobBucket;
3549
-
3550
- routes.get(
3551
- '/storage',
3552
- describeRoute({
3553
- tags: ['console'],
3554
- summary: 'List storage items',
3555
- responses: {
3556
- 200: {
3557
- description: 'Paginated list of storage items',
3558
- content: {
3559
- 'application/json': {
3560
- schema: resolver(ConsoleBlobListResponseSchema),
3561
- },
3562
- },
3563
- },
3564
- 401: {
3565
- description: 'Unauthenticated',
3566
- content: {
3567
- 'application/json': { schema: resolver(ErrorResponseSchema) },
3568
- },
3569
- },
3570
- },
3571
- }),
3572
- zValidator('query', ConsoleBlobListQuerySchema),
3573
- async (c) => {
3574
- const auth = await requireAuth(c);
3575
- if (!auth) return c.json({ error: 'UNAUTHENTICATED' }, 401);
3576
-
3577
- if (!bucket) {
3578
- return c.json({ error: 'BLOB_STORAGE_NOT_CONFIGURED' }, 501);
3579
- }
3580
-
3581
- const { prefix, cursor, limit } = c.req.valid('query');
3582
- const listed = await bucket.list({
3583
- prefix: prefix || undefined,
3584
- cursor: cursor || undefined,
3585
- limit,
3586
- });
3587
-
3588
- return c.json(
3589
- {
3590
- items: listed.objects.map((obj) => ({
3591
- key: obj.key,
3592
- size: obj.size,
3593
- uploaded: obj.uploaded.toISOString(),
3594
- httpMetadata: obj.httpMetadata?.contentType
3595
- ? { contentType: obj.httpMetadata.contentType }
3596
- : undefined,
3597
- })),
3598
- truncated: listed.truncated,
3599
- cursor: listed.cursor ?? null,
3600
- },
3601
- 200
3602
- );
3603
- }
3604
- );
3605
-
3606
- routes.get(
3607
- '/storage/:key{.+}/download',
3608
- describeRoute({
3609
- tags: ['console'],
3610
- summary: 'Download a storage item',
3611
- responses: {
3612
- 200: { description: 'Storage item contents' },
3613
- 401: {
3614
- description: 'Unauthenticated',
3615
- content: {
3616
- 'application/json': { schema: resolver(ErrorResponseSchema) },
3617
- },
3618
- },
3619
- 404: {
3620
- description: 'Blob not found',
3621
- content: {
3622
- 'application/json': { schema: resolver(ErrorResponseSchema) },
3623
- },
3624
- },
3625
- },
3626
- }),
3627
- async (c) => {
3628
- const auth = await requireAuth(c);
3629
- if (!auth) return c.json({ error: 'UNAUTHENTICATED' }, 401);
3630
-
3631
- if (!bucket) {
3632
- return c.json({ error: 'BLOB_STORAGE_NOT_CONFIGURED' }, 501);
3633
- }
3634
-
3635
- const key = decodeURIComponent(c.req.param('key'));
3636
- const object = await bucket.get(key);
3637
- if (!object) {
3638
- return c.json({ error: 'BLOB_NOT_FOUND' }, 404);
3639
- }
3640
-
3641
- const headers = new Headers();
3642
- headers.set('Content-Length', String(object.size));
3643
- headers.set(
3644
- 'Content-Type',
3645
- object.httpMetadata?.contentType ?? 'application/octet-stream'
3646
- );
3647
- const filename = key.split('/').pop() || key;
3648
- headers.set(
3649
- 'Content-Disposition',
3650
- `attachment; filename="${filename.replace(/"/g, '\\"')}"`
3651
- );
3652
-
3653
- return new Response(object.body as ReadableStream, {
3654
- status: 200,
3655
- headers,
3656
- });
3657
- }
3658
- );
3659
-
3660
- routes.delete(
3661
- '/storage/:key{.+}',
3662
- describeRoute({
3663
- tags: ['console'],
3664
- summary: 'Delete a storage item',
3665
- responses: {
3666
- 200: {
3667
- description: 'Storage item deleted',
3668
- content: {
3669
- 'application/json': {
3670
- schema: resolver(ConsoleBlobDeleteResponseSchema),
3671
- },
3672
- },
3673
- },
3674
- 401: {
3675
- description: 'Unauthenticated',
3676
- content: {
3677
- 'application/json': { schema: resolver(ErrorResponseSchema) },
3678
- },
3679
- },
3680
- },
3681
- }),
3682
- async (c) => {
3683
- const auth = await requireAuth(c);
3684
- if (!auth) return c.json({ error: 'UNAUTHENTICATED' }, 401);
3685
-
3686
- if (!bucket) {
3687
- return c.json({ error: 'BLOB_STORAGE_NOT_CONFIGURED' }, 501);
3688
- }
3689
-
3690
- const key = decodeURIComponent(c.req.param('key'));
3691
- await bucket.delete(key);
3692
- return c.json({ deleted: true }, 200);
3693
- }
3694
- );
3695
-
3696
- return routes;
3697
- }
3698
-
3699
- // ===========================================================================
3700
- // API Key Utilities
3701
- // ===========================================================================
3702
-
3703
- function generateKeyId(): string {
3704
- const bytes = new Uint8Array(16);
3705
- crypto.getRandomValues(bytes);
3706
- return Array.from(bytes, (b) => b.toString(16).padStart(2, '0')).join('');
3707
- }
3708
-
3709
- function generateSecretKey(keyType: ApiKeyType): string {
3710
- const bytes = new Uint8Array(24);
3711
- crypto.getRandomValues(bytes);
3712
- const random = Array.from(bytes, (b) => b.toString(16).padStart(2, '0')).join(
3713
- ''
3714
- );
3715
- return `sk_${keyType}_${random}`;
3716
- }
3717
-
3718
- async function hashApiKey(secretKey: string): Promise<string> {
3719
- const encoder = new TextEncoder();
3720
- const data = encoder.encode(secretKey);
3721
- const hashBuffer = await crypto.subtle.digest('SHA-256', data);
3722
- const hashArray = new Uint8Array(hashBuffer);
3723
- return Array.from(hashArray, (b) => b.toString(16).padStart(2, '0')).join('');
3724
- }
3725
-
3726
- /**
3727
- * Creates a simple token-based authenticator for local development.
3728
- * The token can be set via SYNC_CONSOLE_TOKEN env var or passed directly.
3729
- */
3730
- export function createTokenAuthenticator(
3731
- token?: string
3732
- ): (c: Context) => Promise<ConsoleAuthResult | null> {
3733
- const expectedToken = (token ?? process.env.SYNC_CONSOLE_TOKEN)?.trim() ?? '';
3734
-
3735
- return async (c: Context) => {
3736
- if (!expectedToken) return null;
3737
-
3738
- const authHeader = c.req.header('Authorization')?.trim();
3739
- if (authHeader?.startsWith('Bearer ')) {
3740
- const bearerToken = authHeader.slice(7).trim();
3741
- if (bearerToken === expectedToken) {
3742
- return { consoleUserId: 'token' };
3743
- }
3744
- }
3745
-
3746
- return null;
3747
- };
3748
- }