@undefineds.co/xpod 0.1.6 → 0.2.0-preview.2

package/dist/api/handlers/ProvisionHandler.js

@@ -0,0 +1,161 @@
+"use strict";
+/**
+ * Provision Handler
+ *
+ * Cloud 端的 SP 注册 API
+ *
+ * POST /provision/nodes  - SP 注册（公开，无需认证）
+ *   返回 nodeId、nodeToken、serviceToken、provisionCode（自包含 JWT）
+ *
+ * provisionCode 是自包含 token，编码了 SP 的 publicUrl 和 serviceToken。
+ * CSS 侧的 ProvisionPodCreator 解码后直接回调 SP，不需要查数据库。
+ *
+ * GET /provision/status  - Local 端 SP 状态查询（公开）
+ *   返回 SP 配置状态，供 Linx 查询
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerProvisionRoutes = registerProvisionRoutes;
+exports.registerProvisionStatusRoute = registerProvisionStatusRoute;
+const global_logger_factory_1 = require("global-logger-factory");
+const ProvisionCodeCodec_1 = require("../../provision/ProvisionCodeCodec");
+/** 默认 24 小时 */
+const DEFAULT_TTL = 24 * 60 * 60;
+function registerProvisionRoutes(server, options) {
+    const logger = (0, global_logger_factory_1.getLoggerFor)('ProvisionHandler');
+    const { repository, baseUrl, baseStorageDomain } = options;
+    const ttl = options.provisionCodeTtl ?? DEFAULT_TTL;
+    const codec = new ProvisionCodeCodec_1.ProvisionCodeCodec(baseUrl);
+    /**
+     * POST /provision/nodes
+     *
+     * SP 注册端点（公开，SP 启动时调用，此时用户可能还没有 Cloud 账号）
+     *
+     * Request:
+     *   { publicUrl: string, nodeId?: string, displayName?: string, ipv4?: string, serviceToken?: string }
+     *
+     * Response 201:
+     *   { nodeId, nodeToken, serviceToken, provisionCode, spDomain? }
+     */
+    server.post('/provision/nodes', async (request, response) => {
+        let body;
+        try {
+            body = await readJsonBody(request) ?? {};
+        }
+        catch {
+            sendJson(response, 400, { error: 'Invalid JSON body' });
+            return;
+        }
+        if (!body.publicUrl) {
+            sendJson(response, 400, { error: 'publicUrl is required' });
+            return;
+        }
+        try {
+            new URL(body.publicUrl);
+        }
+        catch {
+            sendJson(response, 400, { error: 'Invalid publicUrl format' });
+            return;
+        }
+        try {
+            const result = await repository.registerSpNode({
+                publicUrl: body.publicUrl,
+                displayName: body.displayName,
+                nodeId: body.nodeId,
+                serviceToken: body.serviceToken,
+            });
+            // 预分配子域名前缀（不创建 DNS 记录，延迟到心跳健康检查通过后）
+            // DB 只存前缀，完整 FQDN 由 DnsCoordinator 的 rootDomain 拼接
+            // 用 nodeId sanitize 后做前缀（去掉非 DNS 字符，截断到 63 字符）
+            const subdomainPrefix = baseStorageDomain
+                ? result.nodeId.replace(/[^a-z0-9-]/gi, '').toLowerCase().slice(0, 63) || result.nodeId.split('-')[0]
+                : undefined;
+            const spDomain = subdomainPrefix
+                ? `${subdomainPrefix}.${baseStorageDomain}`
+                : undefined;
+            // 如果提供了 ipv4，存入节点信息（供后续健康检查使用）
+            if (body.ipv4 || subdomainPrefix) {
+                await repository.updateNodeMode(result.nodeId, {
+                    accessMode: 'direct',
+                    ipv4: body.ipv4,
+                    subdomain: subdomainPrefix,
+                });
+            }
+            // 生成自包含 provisionCode（编码了 SP 信息，CSS 解码后直接回调 SP）
+            const provisionCode = codec.encode({
+                spUrl: body.publicUrl,
+                serviceToken: result.serviceToken,
+                nodeId: result.nodeId,
+                spDomain,
+                exp: Math.floor(Date.now() / 1000) + ttl,
+            });
+            logger.info(`Registered SP node ${result.nodeId} at ${body.publicUrl}${spDomain ? `, spDomain: ${spDomain}` : ''}`);
+            const responseBody = {
+                nodeId: result.nodeId,
+                nodeToken: result.nodeToken,
+                serviceToken: result.serviceToken,
+                provisionCode,
+            };
+            if (spDomain) {
+                responseBody.spDomain = spDomain;
+            }
+            sendJson(response, 201, responseBody);
+        }
+        catch (error) {
+            logger.error(`Failed to register SP node: ${error}`);
+            sendJson(response, 500, { error: 'Failed to register SP node' });
+        }
+    }, { public: true });
+    logger.info('Provision routes registered');
+}
+function registerProvisionStatusRoute(server, options) {
+    const logger = (0, global_logger_factory_1.getLoggerFor)('ProvisionStatusHandler');
+    server.get('/provision/status', async (_request, response) => {
+        const registered = Boolean(options.nodeId && options.cloudUrl);
+        const body = {
+            registered,
+        };
+        if (registered) {
+            body.cloudUrl = options.cloudUrl;
+            body.nodeId = options.nodeId;
+            if (options.spDomain) {
+                body.spDomain = options.spDomain;
+            }
+            if (options.cloudBaseUrl) {
+                const provisionUrl = options.provisionCode
+                    ? `${options.cloudBaseUrl.replace(/\/$/, '')}/.account/?provisionCode=${encodeURIComponent(options.provisionCode)}`
+                    : `${options.cloudBaseUrl.replace(/\/$/, '')}/.account/`;
+                body.provisionUrl = provisionUrl;
+            }
+        }
+        sendJson(response, 200, body);
+    }, { public: true });
+    logger.info('Provision status route registered');
+}
+async function readJsonBody(request) {
+    return new Promise((resolve, reject) => {
+        let data = '';
+        request.setEncoding('utf8');
+        request.on('data', (chunk) => {
+            data += chunk;
+        });
+        request.on('end', () => {
+            if (!data) {
+                resolve(undefined);
+                return;
+            }
+            try {
+                resolve(JSON.parse(data));
+            }
+            catch (error) {
+                reject(error);
+            }
+        });
+        request.on('error', reject);
+    });
+}
+function sendJson(response, status, data) {
+    response.statusCode = status;
+    response.setHeader('Content-Type', 'application/json');
+    response.end(JSON.stringify(data));
+}
+//# sourceMappingURL=ProvisionHandler.js.map

package/dist/api/handlers/ProvisionHandler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ProvisionHandler.js","sourceRoot":"","sources":["../../../src/api/handlers/ProvisionHandler.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;AAqBH,0DAiGC;AAkBD,oEA+BC;AApKD,iEAAqD;AAGrD,2EAAwE;AAYxE,eAAe;AACf,MAAM,WAAW,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;AAEjC,SAAgB,uBAAuB,CACrC,MAAiB,EACjB,OAAgC;IAEhC,MAAM,MAAM,GAAG,IAAA,oCAAY,EAAC,kBAAkB,CAAC,CAAC;IAChD,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,iBAAiB,EAAE,GAAG,OAAO,CAAC;IAC3D,MAAM,GAAG,GAAG,OAAO,CAAC,gBAAgB,IAAI,WAAW,CAAC;IACpD,MAAM,KAAK,GAAG,IAAI,uCAAkB,CAAC,OAAO,CAAC,CAAC;IAE9C;;;;;;;;;;OAUG;IACH,MAAM,CAAC,IAAI,CAAC,kBAAkB,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE;QAC1D,IAAI,IAAyG,CAAC;QAC9G,IAAI,CAAC;YACH,IAAI,GAAG,MAAM,YAAY,CAAC,OAAO,CAAQ,IAAI,EAAE,CAAC;QAClD,CAAC;QAAC,MAAM,CAAC;YACP,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC,CAAC;YACxD,OAAO;QACT,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;YAC5D,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,IAAI,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC1B,CAAC;QAAC,MAAM,CAAC;YACP,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC,CAAC;YAC/D,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,cAAc,CAAC;gBAC7C,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,YAAY,EAAE,IAAI,CAAC,YAAY;aAChC,CAAC,CAAC;YAEH,oCAAoC;YACpC,mDAAmD;YACnD,+CAA+C;YAC/C,MAAM,eAAe,GAAG,iBAAiB;gBACvC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBACrG,CAAC,CAAC,SAAS,CAAC;YACd,MAAM,QAAQ,GAAG,eAAe;gBAC9B,CAAC,CAAC,GAAG,eAAe,IAAI,iBAAiB,EAAE;gBAC3C,CAAC,CAAC,SAAS,CAAC;YAEd,+BAA+B;YAC/B,IAAI,IAAI,CAAC,IAAI,IAAI,eAAe,EAAE,CAAC;gBACjC,MAAM,UAAU,CAAC,cAAc,CAAC,MAAM,CAAC,MAAM,EAAE;oBAC7C,UAAU,EAAE,QAAQ;oBACpB,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,SAAS,EAAE,eAAe;iBAC3B,CAAC,CAAC;YACL,CAAC;YAED,gDAAgD;YAChD,MAAM,aAAa,GAAG,KAAK,CAAC,MAAM,CAAC;gBACjC,KAAK,EAAE,IAAI,CAAC,SAAS;gBACrB,YAAY,EAAE,MAAM,CAAC,YAAY;gBACjC,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,QAAQ;gBACR,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,GAAG;aACzC,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CAAC,sBAAsB,MAAM,CAAC,MAAM,OAAO,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC,CAAC,CAAC,eAAe,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAEpH,MAAM,YAAY,GAA4B;gBAC5C,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,SAAS,EAAE,MAAM,CAAC,SAAS;gBAC3B,YAAY,EAAE,MAAM,CAAC,YAAY;gBACjC,aAAa;aACd,CAAC;YACF,IAAI,QAAQ,EAAE,CAAC;gBACb,YAAY,CAAC,QAAQ,GAAG,QAAQ,CAAC;YACnC,CAAC;YAED,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,YAAY,CAAC,CAAC;QACxC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,+BAA+B,KAAK,EAAE,CAAC,CAAC;YACrD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,4BAA4B,EAAE,CAAC,CAAC;QACnE,CAAC;IACH,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;IAErB,MAAM,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;AAC7C,CAAC;AAkBD,SAAgB,4BAA4B,CAC1C,MAAiB,EACjB,OAA+B;IAE/B,MAAM,MAAM,GAAG,IAAA,oCAAY,EAAC,wBAAwB,CAAC,CAAC;IAEtD,MAAM,CAAC,GAAG,CAAC,mBAAmB,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,EAAE;QAC3D,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,QAAQ,CAAC,CAAC;QAE/D,MAAM,IAAI,GAA4B;YACpC,UAAU;SACX,CAAC;QAEF,IAAI,UAAU,EAAE,CAAC;YACf,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;YACjC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;YAC7B,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;gBACrB,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;YACnC,CAAC;YACD,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;gBACzB,MAAM,YAAY,GAAG,OAAO,CAAC,aAAa;oBACxC,CAAC,CAAC,GAAG,OAAO,CAAC,YAAY,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,4BAA4B,kBAAkB,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE;oBACnH,CAAC,CAAC,GAAG,OAAO,CAAC,YAAY,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,YAAY,CAAC;gBAC3D,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;YACnC,CAAC;QACH,CAAC;QAED,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;IAChC,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;IAErB,MAAM,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;AACnD,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,OAAwB;IAClD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAC5B,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACnC,IAAI,IAAI,KAAK,CAAC;QAChB,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YACrB,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,CAAC,SAAS,CAAC,CAAC;gBACnB,OAAO;YACT,CAAC;YACD,IAAI,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;YAC5B,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,KAAK,CAAC,CAAC;YAChB,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,QAAQ,CAAC,QAAwB,EAAE,MAAc,EAAE,IAAa;IACvE,QAAQ,CAAC,UAAU,GAAG,MAAM,CAAC;IAC7B,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;IACvD,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;AACrC,CAAC","sourcesContent":["/**\n * Provision Handler\n *\n * Cloud 端的 SP 注册 API\n *\n * POST /provision/nodes  - SP 注册（公开，无需认证）\n *   返回 nodeId、nodeToken、serviceToken、provisionCode（自包含 JWT）\n *\n * provisionCode 是自包含 token，编码了 SP 的 publicUrl 和 serviceToken。\n * CSS 侧的 ProvisionPodCreator 解码后直接回调 SP，不需要查数据库。\n *\n * GET /provision/status  - Local 端 SP 状态查询（公开）\n *   返回 SP 配置状态，供 Linx 查询\n */\n\nimport type { ServerResponse, IncomingMessage } from 'node:http';\nimport { getLoggerFor } from 'global-logger-factory';\nimport type { ApiServer } from '../ApiServer';\nimport type { EdgeNodeRepository } from '../../identity/drizzle/EdgeNodeRepository';\nimport { ProvisionCodeCodec } from '../../provision/ProvisionCodeCodec';\n\nexport interface ProvisionHandlerOptions {\n  repository: EdgeNodeRepository;\n  /** Cloud baseUrl，用于派生 provisionCode 签名密钥 */\n  baseUrl: string;\n  /** 节点域名根域名，如 \"undefineds.site\" */\n  baseStorageDomain?: string;\n  /** provisionCode 有效期（秒），默认 24 小时 */\n  provisionCodeTtl?: number;\n}\n\n/** 默认 24 小时 */\nconst DEFAULT_TTL = 24 * 60 * 60;\n\nexport function registerProvisionRoutes(\n  server: ApiServer,\n  options: ProvisionHandlerOptions,\n): void {\n  const logger = getLoggerFor('ProvisionHandler');\n  const { repository, baseUrl, baseStorageDomain } = options;\n  const ttl = options.provisionCodeTtl ?? DEFAULT_TTL;\n  const codec = new ProvisionCodeCodec(baseUrl);\n\n  /**\n   * POST /provision/nodes\n   *\n   * SP 注册端点（公开，SP 启动时调用，此时用户可能还没有 Cloud 账号）\n   *\n   * Request:\n   *   { publicUrl: string, nodeId?: string, displayName?: string, ipv4?: string, serviceToken?: string }\n   *\n   * Response 201:\n   *   { nodeId, nodeToken, serviceToken, provisionCode, spDomain? }\n   */\n  server.post('/provision/nodes', async (request, response) => {\n    let body: { publicUrl?: string; nodeId?: string; displayName?: string; ipv4?: string; serviceToken?: string };\n    try {\n      body = await readJsonBody(request) as any ?? {};\n    } catch {\n      sendJson(response, 400, { error: 'Invalid JSON body' });\n      return;\n    }\n\n    if (!body.publicUrl) {\n      sendJson(response, 400, { error: 'publicUrl is required' });\n      return;\n    }\n\n    try {\n      new URL(body.publicUrl);\n    } catch {\n      sendJson(response, 400, { error: 'Invalid publicUrl format' });\n      return;\n    }\n\n    try {\n      const result = await repository.registerSpNode({\n        publicUrl: body.publicUrl,\n        displayName: body.displayName,\n        nodeId: body.nodeId,\n        serviceToken: body.serviceToken,\n      });\n\n      // 预分配子域名前缀（不创建 DNS 记录，延迟到心跳健康检查通过后）\n      // DB 只存前缀，完整 FQDN 由 DnsCoordinator 的 rootDomain 拼接\n      // 用 nodeId sanitize 后做前缀（去掉非 DNS 字符，截断到 63 字符）\n      const subdomainPrefix = baseStorageDomain\n        ? result.nodeId.replace(/[^a-z0-9-]/gi, '').toLowerCase().slice(0, 63) || result.nodeId.split('-')[0]\n        : undefined;\n      const spDomain = subdomainPrefix\n        ? `${subdomainPrefix}.${baseStorageDomain}`\n        : undefined;\n\n      // 如果提供了 ipv4，存入节点信息（供后续健康检查使用）\n      if (body.ipv4 || subdomainPrefix) {\n        await repository.updateNodeMode(result.nodeId, {\n          accessMode: 'direct',\n          ipv4: body.ipv4,\n          subdomain: subdomainPrefix,\n        });\n      }\n\n      // 生成自包含 provisionCode（编码了 SP 信息，CSS 解码后直接回调 SP）\n      const provisionCode = codec.encode({\n        spUrl: body.publicUrl,\n        serviceToken: result.serviceToken,\n        nodeId: result.nodeId,\n        spDomain,\n        exp: Math.floor(Date.now() / 1000) + ttl,\n      });\n\n      logger.info(`Registered SP node ${result.nodeId} at ${body.publicUrl}${spDomain ? `, spDomain: ${spDomain}` : ''}`);\n\n      const responseBody: Record<string, unknown> = {\n        nodeId: result.nodeId,\n        nodeToken: result.nodeToken,\n        serviceToken: result.serviceToken,\n        provisionCode,\n      };\n      if (spDomain) {\n        responseBody.spDomain = spDomain;\n      }\n\n      sendJson(response, 201, responseBody);\n    } catch (error) {\n      logger.error(`Failed to register SP node: ${error}`);\n      sendJson(response, 500, { error: 'Failed to register SP node' });\n    }\n  }, { public: true });\n\n  logger.info('Provision routes registered');\n}\n\n/**\n * Local 端 SP 状态查询路由\n */\nexport interface ProvisionStatusOptions {\n  /** Cloud API 端点 */\n  cloudUrl?: string;\n  /** 节点 ID */\n  nodeId?: string;\n  /** SP 子域名 */\n  spDomain?: string;\n  /** Cloud baseUrl，用于拼 provisionUrl */\n  cloudBaseUrl?: string;\n  /** provisionCode（可选，由环境变量传入） */\n  provisionCode?: string;\n}\n\nexport function registerProvisionStatusRoute(\n  server: ApiServer,\n  options: ProvisionStatusOptions,\n): void {\n  const logger = getLoggerFor('ProvisionStatusHandler');\n\n  server.get('/provision/status', async (_request, response) => {\n    const registered = Boolean(options.nodeId && options.cloudUrl);\n\n    const body: Record<string, unknown> = {\n      registered,\n    };\n\n    if (registered) {\n      body.cloudUrl = options.cloudUrl;\n      body.nodeId = options.nodeId;\n      if (options.spDomain) {\n        body.spDomain = options.spDomain;\n      }\n      if (options.cloudBaseUrl) {\n        const provisionUrl = options.provisionCode\n          ? `${options.cloudBaseUrl.replace(/\\/$/, '')}/.account/?provisionCode=${encodeURIComponent(options.provisionCode)}`\n          : `${options.cloudBaseUrl.replace(/\\/$/, '')}/.account/`;\n        body.provisionUrl = provisionUrl;\n      }\n    }\n\n    sendJson(response, 200, body);\n  }, { public: true });\n\n  logger.info('Provision status route registered');\n}\n\nasync function readJsonBody(request: IncomingMessage): Promise<unknown> {\n  return new Promise((resolve, reject) => {\n    let data = '';\n    request.setEncoding('utf8');\n    request.on('data', (chunk: string) => {\n      data += chunk;\n    });\n    request.on('end', () => {\n      if (!data) {\n        resolve(undefined);\n        return;\n      }\n      try {\n        resolve(JSON.parse(data));\n      } catch (error) {\n        reject(error);\n      }\n    });\n    request.on('error', reject);\n  });\n}\n\nfunction sendJson(response: ServerResponse, status: number, data: unknown): void {\n  response.statusCode = status;\n  response.setHeader('Content-Type', 'application/json');\n  response.end(JSON.stringify(data));\n}\n"]}

package/dist/api/handlers/QuotaHandler.d.ts

@@ -1,20 +1,20 @@
 import type { ApiServer } from '../ApiServer';
 import type { QuotaService } from '../../quota/QuotaService';
-import type { AccountRepository } from '../../identity/drizzle/AccountRepository';
+import type { UsageRepository } from '../../storage/quota/UsageRepository';
 export interface QuotaHandlerOptions {
     quotaService: QuotaService;
-    accountRepo: AccountRepository;
+    usageRepo: UsageRepository;
 }
 /**
  * Handler for quota management API
  *
- * These endpoints are for internal billing system use.
- * They require authentication via client credentials.
+ * Supports four resource types: storage, bandwidth, compute, token.
+ * Requires ServiceAuthContext with 'quota:write' scope for mutations.
  *
- * GET    /v1/quota/accounts/:accountId - Get account quota
+ * GET    /v1/quota/accounts/:accountId - Get account quota + usage
  * PUT    /v1/quota/accounts/:accountId - Set account quota
- * DELETE /v1/quota/accounts/:accountId - Clear account quota
- * GET    /v1/quota/pods/:podId - Get pod quota
+ * DELETE /v1/quota/accounts/:accountId - Clear account quota (revert to defaults)
+ * GET    /v1/quota/pods/:podId - Get pod quota + usage
  * PUT    /v1/quota/pods/:podId - Set pod quota
  * DELETE /v1/quota/pods/:podId - Clear pod quota
  */

package/dist/api/handlers/QuotaHandler.js

@@ -2,31 +2,46 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.registerQuotaRoutes = registerQuotaRoutes;
 const global_logger_factory_1 = require("global-logger-factory");
+const AuthContext_1 = require("../auth/AuthContext");
 /**
  * Handler for quota management API
  *
- * These endpoints are for internal billing system use.
- * They require authentication via client credentials.
+ * Supports four resource types: storage, bandwidth, compute, token.
+ * Requires ServiceAuthContext with 'quota:write' scope for mutations.
  *
- * GET    /v1/quota/accounts/:accountId - Get account quota
+ * GET    /v1/quota/accounts/:accountId - Get account quota + usage
  * PUT    /v1/quota/accounts/:accountId - Set account quota
- * DELETE /v1/quota/accounts/:accountId - Clear account quota
- * GET    /v1/quota/pods/:podId - Get pod quota
+ * DELETE /v1/quota/accounts/:accountId - Clear account quota (revert to defaults)
+ * GET    /v1/quota/pods/:podId - Get pod quota + usage
  * PUT    /v1/quota/pods/:podId - Set pod quota
  * DELETE /v1/quota/pods/:podId - Clear pod quota
  */
 function registerQuotaRoutes(server, options) {
     const logger = (0, global_logger_factory_1.getLoggerFor)('QuotaHandler');
-    const { quotaService, accountRepo } = options;
-    // GET /api/quota/accounts/:accountId
+    const { quotaService, usageRepo } = options;
+    // GET /v1/quota/accounts/:accountId
     server.get('/v1/quota/accounts/:accountId', async (request, response, params) => {
         const accountId = decodeURIComponent(params.accountId);
         try {
-            const limit = await quotaService.getAccountLimit(accountId);
+            const quota = await quotaService.getAccountQuota(accountId);
+            const usage = await usageRepo.getAccountUsage(accountId);
             sendJson(response, 200, {
-                type: 'account',
                 accountId,
-                quotaLimit: limit ?? null,
+                quota: {
+                    storageLimitBytes: quota.storageLimitBytes,
+                    bandwidthLimitBps: quota.bandwidthLimitBps,
+                    computeLimitSeconds: quota.computeLimitSeconds,
+                    tokenLimitMonthly: quota.tokenLimitMonthly,
+                },
+                usage: {
+                    storageBytes: usage?.storageBytes ?? 0,
+                    ingressBytes: usage?.ingressBytes ?? 0,
+                    egressBytes: usage?.egressBytes ?? 0,
+                    computeSeconds: usage?.computeSeconds ?? 0,
+                    tokensUsed: usage?.tokensUsed ?? 0,
+                    periodStart: usage?.periodStart ? new Date(usage.periodStart * 1000).toISOString() : null,
+                },
+                source: hasCustomQuota(usage) ? 'custom' : 'default',
             });
         }
         catch (error) {
@@ -34,8 +49,11 @@ function registerQuotaRoutes(server, options) {
             sendJson(response, 500, { error: 'Failed to get quota' });
         }
     });
-    // PUT /api/quota/accounts/:accountId
+    // PUT /v1/quota/accounts/:accountId
     server.put('/v1/quota/accounts/:accountId', async (request, response, params) => {
+        if (!requireScope(request, response, 'quota:write')) {
+            return;
+        }
         const accountId = decodeURIComponent(params.accountId);
         const body = await readJsonBody(request);
         if (!body || typeof body !== 'object') {
@@ -43,24 +61,19 @@ function registerQuotaRoutes(server, options) {
             return;
         }
         const payload = body;
-        if (!Object.prototype.hasOwnProperty.call(payload, 'quotaLimit')) {
-            sendJson(response, 400, { error: 'Body must include quotaLimit' });
-            return;
-        }
-        const quota = extractQuota(payload.quotaLimit);
-        if (quota === undefined) {
-            sendJson(response, 400, { error: 'quotaLimit must be a non-negative number or null' });
+        const partial = extractQuotaFields(payload);
+        if (!partial) {
+            sendJson(response, 400, { error: 'Body must include at least one quota field (storageLimitBytes, bandwidthLimitBps, computeLimitSeconds, tokenLimitMonthly)' });
             return;
         }
         try {
-            await quotaService.setAccountLimit(accountId, quota);
-            const latest = await quotaService.getAccountLimit(accountId);
-            logger.info(`Set account ${accountId} quota to ${quota}`);
+            await quotaService.setAccountQuota(accountId, partial);
+            const latest = await quotaService.getAccountQuota(accountId);
+            logger.info(`Set account ${accountId} quota: ${JSON.stringify(partial)}`);
             sendJson(response, 200, {
                 status: 'updated',
-                targetType: 'account',
-                targetId: accountId,
-                quotaLimit: latest ?? null,
+                accountId,
+                quota: latest,
             });
         }
         catch (error) {
@@ -68,16 +81,18 @@ function registerQuotaRoutes(server, options) {
             sendJson(response, 500, { error: 'Failed to set quota' });
         }
     });
-    // DELETE /api/quota/accounts/:accountId
+    // DELETE /v1/quota/accounts/:accountId
     server.delete('/v1/quota/accounts/:accountId', async (request, response, params) => {
+        if (!requireScope(request, response, 'quota:write')) {
+            return;
+        }
         const accountId = decodeURIComponent(params.accountId);
         try {
-            await quotaService.setAccountLimit(accountId, null);
+            await quotaService.clearAccountQuota(accountId);
             logger.info(`Cleared account ${accountId} quota`);
             sendJson(response, 200, {
                 status: 'cleared',
-                targetType: 'account',
-                targetId: accountId,
+                accountId,
             });
         }
         catch (error) {
@@ -85,22 +100,30 @@ function registerQuotaRoutes(server, options) {
             sendJson(response, 500, { error: 'Failed to clear quota' });
         }
     });
-    // GET /api/quota/pods/:podId
+    // GET /v1/quota/pods/:podId
     server.get('/v1/quota/pods/:podId', async (request, response, params) => {
         const podId = decodeURIComponent(params.podId);
         try {
-            const podInfo = await accountRepo.getPodInfo(podId);
-            if (!podInfo) {
-                sendJson(response, 404, { error: 'Pod not found' });
-                return;
-            }
-            const limit = await quotaService.getPodLimit(podId);
+            const quota = await quotaService.getPodQuota(podId);
+            const usage = await usageRepo.getPodUsage(podId);
             sendJson(response, 200, {
-                type: 'pod',
                 podId,
-                accountId: podInfo.accountId,
-                baseUrl: podInfo.baseUrl ?? null,
-                quotaLimit: limit ?? null,
+                accountId: usage?.accountId ?? null,
+                quota: {
+                    storageLimitBytes: quota.storageLimitBytes,
+                    bandwidthLimitBps: quota.bandwidthLimitBps,
+                    computeLimitSeconds: quota.computeLimitSeconds,
+                    tokenLimitMonthly: quota.tokenLimitMonthly,
+                },
+                usage: {
+                    storageBytes: usage?.storageBytes ?? 0,
+                    ingressBytes: usage?.ingressBytes ?? 0,
+                    egressBytes: usage?.egressBytes ?? 0,
+                    computeSeconds: usage?.computeSeconds ?? 0,
+                    tokensUsed: usage?.tokensUsed ?? 0,
+                    periodStart: usage?.periodStart ? new Date(usage.periodStart * 1000).toISOString() : null,
+                },
+                source: hasCustomQuota(usage) ? 'custom' : 'default',
             });
         }
         catch (error) {
@@ -108,8 +131,11 @@ function registerQuotaRoutes(server, options) {
             sendJson(response, 500, { error: 'Failed to get quota' });
         }
     });
-    // PUT /api/quota/pods/:podId
+    // PUT /v1/quota/pods/:podId
     server.put('/v1/quota/pods/:podId', async (request, response, params) => {
+        if (!requireScope(request, response, 'quota:write')) {
+            return;
+        }
         const podId = decodeURIComponent(params.podId);
         const body = await readJsonBody(request);
         if (!body || typeof body !== 'object') {
@@ -117,29 +143,19 @@ function registerQuotaRoutes(server, options) {
             return;
         }
         const payload = body;
-        if (!Object.prototype.hasOwnProperty.call(payload, 'quotaLimit')) {
-            sendJson(response, 400, { error: 'Body must include quotaLimit' });
-            return;
-        }
-        const quota = extractQuota(payload.quotaLimit);
-        if (quota === undefined) {
-            sendJson(response, 400, { error: 'quotaLimit must be a non-negative number or null' });
+        const partial = extractQuotaFields(payload);
+        if (!partial) {
+            sendJson(response, 400, { error: 'Body must include at least one quota field' });
             return;
         }
         try {
-            const podInfo = await accountRepo.getPodInfo(podId);
-            if (!podInfo) {
-                sendJson(response, 404, { error: 'Pod not found' });
-                return;
-            }
-            await quotaService.setPodLimit(podId, quota);
-            const latest = await quotaService.getPodLimit(podId);
-            logger.info(`Set pod ${podId} quota to ${quota}`);
+            await quotaService.setPodQuota(podId, partial);
+            const latest = await quotaService.getPodQuota(podId);
+            logger.info(`Set pod ${podId} quota: ${JSON.stringify(partial)}`);
             sendJson(response, 200, {
                 status: 'updated',
-                targetType: 'pod',
-                targetId: podId,
-                quotaLimit: latest ?? null,
+                podId,
+                quota: latest,
             });
         }
         catch (error) {
@@ -147,21 +163,18 @@ function registerQuotaRoutes(server, options) {
             sendJson(response, 500, { error: 'Failed to set quota' });
         }
     });
-    // DELETE /api/quota/pods/:podId
+    // DELETE /v1/quota/pods/:podId
     server.delete('/v1/quota/pods/:podId', async (request, response, params) => {
+        if (!requireScope(request, response, 'quota:write')) {
+            return;
+        }
         const podId = decodeURIComponent(params.podId);
         try {
-            const podInfo = await accountRepo.getPodInfo(podId);
-            if (!podInfo) {
-                sendJson(response, 404, { error: 'Pod not found' });
-                return;
-            }
-            await quotaService.setPodLimit(podId, null);
+            await quotaService.clearPodQuota(podId);
             logger.info(`Cleared pod ${podId} quota`);
             sendJson(response, 200, {
                 status: 'cleared',
-                targetType: 'pod',
-                targetId: podId,
+                podId,
             });
         }
         catch (error) {
@@ -170,14 +183,71 @@ function registerQuotaRoutes(server, options) {
         }
     });
 }
-function extractQuota(value) {
-    if (value === null) {
-        return null;
+/**
+ * Check if the request has the required scope. Sends 403 if not.
+ */
+function requireScope(request, response, scope) {
+    if (!request.auth) {
+        sendJson(response, 401, { error: 'Authentication required' });
+        return false;
+    }
+    // Service tokens need explicit scope; Solid users with admin role can also access
+    if (request.auth.type === 'service') {
+        if (!(0, AuthContext_1.hasScope)(request.auth, scope)) {
+            sendJson(response, 403, { error: `Missing required scope: ${scope}` });
+            return false;
+        }
+        return true;
+    }
+    // Allow Solid auth (for admin users) - actual admin check can be added later
+    if (request.auth.type === 'solid') {
+        return true;
+    }
+    sendJson(response, 403, { error: 'Insufficient permissions' });
+    return false;
+}
+const QUOTA_FIELDS = ['storageLimitBytes', 'bandwidthLimitBps', 'computeLimitSeconds', 'tokenLimitMonthly'];
+function extractQuotaFields(payload) {
+    const result = {};
+    let hasField = false;
+    for (const field of QUOTA_FIELDS) {
+        if (Object.prototype.hasOwnProperty.call(payload, field)) {
+            const value = payload[field];
+            if (value === null) {
+                result[field] = null;
+                hasField = true;
+            }
+            else if (typeof value === 'number' && Number.isFinite(value) && value >= 0) {
+                result[field] = value;
+                hasField = true;
+            }
+            else {
+                return undefined; // Invalid value
+            }
+        }
     }
-    if (typeof value !== 'number' || !Number.isFinite(value) || value < 0) {
-        return undefined;
+    // Backward compat: support legacy 'quotaLimit' field
+    if (!hasField && Object.prototype.hasOwnProperty.call(payload, 'quotaLimit')) {
+        const value = payload.quotaLimit;
+        if (value === null) {
+            result.storageLimitBytes = null;
+            hasField = true;
+        }
+        else if (typeof value === 'number' && Number.isFinite(value) && value >= 0) {
+            result.storageLimitBytes = value;
+            hasField = true;
+        }
+    }
+    return hasField ? result : undefined;
+}
+function hasCustomQuota(usage) {
+    if (!usage) {
+        return false;
     }
-    return value;
+    return typeof usage.storageLimitBytes === 'number'
+        || typeof usage.bandwidthLimitBps === 'number'
+        || typeof usage.computeLimitSeconds === 'number'
+        || typeof usage.tokenLimitMonthly === 'number';
 }
 async function readJsonBody(request) {
     return new Promise((resolve, reject) => {

package/dist/api/handlers/QuotaHandler.js.map

@@ -1 +1 @@
-{"version":3,"file":"QuotaHandler.js","sourceRoot":"","sources":["../../../src/api/handlers/QuotaHandler.ts"],"names":[],"mappings":";;AAyBA,kDAiLC;AAzMD,iEAAqD;AAWrD;;;;;;;;;;;;GAYG;AACH,SAAgB,mBAAmB,CAAC,MAAiB,EAAE,OAA4B;IACjF,MAAM,MAAM,GAAG,IAAA,oCAAY,EAAC,cAAc,CAAC,CAAC;IAC5C,MAAM,EAAE,YAAY,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;IAE9C,qCAAqC;IACrC,MAAM,CAAC,GAAG,CAAC,+BAA+B,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE;QAC9E,MAAM,SAAS,GAAG,kBAAkB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAEvD,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;YAC5D,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,IAAI,EAAE,SAAS;gBACf,SAAS;gBACT,UAAU,EAAE,KAAK,IAAI,IAAI;aAC1B,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,gCAAgC,KAAK,EAAE,CAAC,CAAC;YACtD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,qCAAqC;IACrC,MAAM,CAAC,GAAG,CAAC,+BAA+B,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE;QAC9E,MAAM,SAAS,GAAG,kBAAkB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACvD,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;QAEzC,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtC,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,oCAAoC,EAAE,CAAC,CAAC;YACzE,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,IAA+B,CAAC;QAChD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,EAAE,CAAC;YACjE,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,8BAA8B,EAAE,CAAC,CAAC;YACnE,OAAO;QACT,CAAC;QAED,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAC/C,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,kDAAkD,EAAE,CAAC,CAAC;YACvF,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,YAAY,CAAC,eAAe,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;YACrD,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;YAE7D,MAAM,CAAC,IAAI,CAAC,eAAe,SAAS,aAAa,KAAK,EAAE,CAAC,CAAC;YAE1D,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,MAAM,EAAE,SAAS;gBACjB,UAAU,EAAE,SAAS;gBACrB,QAAQ,EAAE,SAAS;gBACnB,UAAU,EAAE,MAAM,IAAI,IAAI;aAC3B,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,gCAAgC,KAAK,EAAE,CAAC,CAAC;YACtD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,wCAAwC;IACxC,MAAM,CAAC,MAAM,CAAC,+BAA+B,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE;QACjF,MAAM,SAAS,GAAG,kBAAkB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAEvD,IAAI,CAAC;YACH,MAAM,YAAY,CAAC,eAAe,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;YAEpD,MAAM,CAAC,IAAI,CAAC,mBAAmB,SAAS,QAAQ,CAAC,CAAC;YAElD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,MAAM,EAAE,SAAS;gBACjB,UAAU,EAAE,SAAS;gBACrB,QAAQ,EAAE,SAAS;aACpB,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,kCAAkC,KAAK,EAAE,CAAC,CAAC;YACxD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,6BAA6B;IAC7B,MAAM,CAAC,GAAG,CAAC,uBAAuB,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE;QACtE,MAAM,KAAK,GAAG,kBAAkB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAE/C,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;YACpD,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC;gBACpD,OAAO;YACT,CAAC;YAED,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;YACpD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,IAAI,EAAE,KAAK;gBACX,KAAK;gBACL,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,OAAO,EAAE,OAAO,CAAC,OAAO,IAAI,IAAI;gBAChC,UAAU,EAAE,KAAK,IAAI,IAAI;aAC1B,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,4BAA4B,KAAK,EAAE,CAAC,CAAC;YAClD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,6BAA6B;IAC7B,MAAM,CAAC,GAAG,CAAC,uBAAuB,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE;QACtE,MAAM,KAAK,GAAG,kBAAkB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC/C,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;QAEzC,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtC,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,oCAAoC,EAAE,CAAC,CAAC;YACzE,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,IAA+B,CAAC;QAChD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,EAAE,CAAC;YACjE,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,8BAA8B,EAAE,CAAC,CAAC;YACnE,OAAO;QACT,CAAC;QAED,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAC/C,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,kDAAkD,EAAE,CAAC,CAAC;YACvF,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;YACpD,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC;gBACpD,OAAO;YACT,CAAC;YAED,MAAM,YAAY,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;YAC7C,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;YAErD,MAAM,CAAC,IAAI,CAAC,WAAW,KAAK,aAAa,KAAK,EAAE,CAAC,CAAC;YAElD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,MAAM,EAAE,SAAS;gBACjB,UAAU,EAAE,KAAK;gBACjB,QAAQ,EAAE,KAAK;gBACf,UAAU,EAAE,MAAM,IAAI,IAAI;aAC3B,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,4BAA4B,KAAK,EAAE,CAAC,CAAC;YAClD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,gCAAgC;IAChC,MAAM,CAAC,MAAM,CAAC,uBAAuB,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE;QACzE,MAAM,KAAK,GAAG,kBAAkB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAE/C,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;YACpD,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC;gBACpD,OAAO;YACT,CAAC;YAED,MAAM,YAAY,CAAC,WAAW,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;YAE5C,MAAM,CAAC,IAAI,CAAC,eAAe,KAAK,QAAQ,CAAC,CAAC;YAE1C,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,MAAM,EAAE,SAAS;gBACjB,UAAU,EAAE,KAAK;gBACjB,QAAQ,EAAE,KAAK;aAChB,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,8BAA8B,KAAK,EAAE,CAAC,CAAC;YACpD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,YAAY,CAAC,KAAc;IAClC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;QACtE,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,OAA6B;IACvD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAC5B,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACnC,IAAI,IAAI,KAAK,CAAC;QAChB,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YACrB,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,CAAC,SAAS,CAAC,CAAC;gBACnB,OAAO;YACT,CAAC;YACD,IAAI,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;YAC5B,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,CAAC,SAAS,CAAC,CAAC;YACrB,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,QAAQ,CAAC,QAAwB,EAAE,MAAc,EAAE,IAAa;IACvE,QAAQ,CAAC,UAAU,GAAG,MAAM,CAAC;IAC7B,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;IACvD,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;AACrC,CAAC","sourcesContent":["import type { ServerResponse } from 'node:http';\nimport { getLoggerFor } from 'global-logger-factory';\nimport type { AuthenticatedRequest } from '../middleware/AuthMiddleware';\nimport type { ApiServer } from '../ApiServer';\nimport type { QuotaService } from '../../quota/QuotaService';\nimport type { AccountRepository } from '../../identity/drizzle/AccountRepository';\n\nexport interface QuotaHandlerOptions {\n  quotaService: QuotaService;\n  accountRepo: AccountRepository;\n}\n\n/**\n * Handler for quota management API\n * \n * These endpoints are for internal billing system use.\n * They require authentication via client credentials.\n * \n * GET    /v1/quota/accounts/:accountId - Get account quota\n * PUT    /v1/quota/accounts/:accountId - Set account quota\n * DELETE /v1/quota/accounts/:accountId - Clear account quota\n * GET    /v1/quota/pods/:podId - Get pod quota\n * PUT    /v1/quota/pods/:podId - Set pod quota\n * DELETE /v1/quota/pods/:podId - Clear pod quota\n */\nexport function registerQuotaRoutes(server: ApiServer, options: QuotaHandlerOptions): void {\n  const logger = getLoggerFor('QuotaHandler');\n  const { quotaService, accountRepo } = options;\n\n  // GET /api/quota/accounts/:accountId\n  server.get('/v1/quota/accounts/:accountId', async (request, response, params) => {\n    const accountId = decodeURIComponent(params.accountId);\n\n    try {\n      const limit = await quotaService.getAccountLimit(accountId);\n      sendJson(response, 200, {\n        type: 'account',\n        accountId,\n        quotaLimit: limit ?? null,\n      });\n    } catch (error) {\n      logger.error(`Failed to get account quota: ${error}`);\n      sendJson(response, 500, { error: 'Failed to get quota' });\n    }\n  });\n\n  // PUT /api/quota/accounts/:accountId\n  server.put('/v1/quota/accounts/:accountId', async (request, response, params) => {\n    const accountId = decodeURIComponent(params.accountId);\n    const body = await readJsonBody(request);\n\n    if (!body || typeof body !== 'object') {\n      sendJson(response, 400, { error: 'Request body must be a JSON object' });\n      return;\n    }\n\n    const payload = body as Record<string, unknown>;\n    if (!Object.prototype.hasOwnProperty.call(payload, 'quotaLimit')) {\n      sendJson(response, 400, { error: 'Body must include quotaLimit' });\n      return;\n    }\n\n    const quota = extractQuota(payload.quotaLimit);\n    if (quota === undefined) {\n      sendJson(response, 400, { error: 'quotaLimit must be a non-negative number or null' });\n      return;\n    }\n\n    try {\n      await quotaService.setAccountLimit(accountId, quota);\n      const latest = await quotaService.getAccountLimit(accountId);\n      \n      logger.info(`Set account ${accountId} quota to ${quota}`);\n      \n      sendJson(response, 200, {\n        status: 'updated',\n        targetType: 'account',\n        targetId: accountId,\n        quotaLimit: latest ?? null,\n      });\n    } catch (error) {\n      logger.error(`Failed to set account quota: ${error}`);\n      sendJson(response, 500, { error: 'Failed to set quota' });\n    }\n  });\n\n  // DELETE /api/quota/accounts/:accountId\n  server.delete('/v1/quota/accounts/:accountId', async (request, response, params) => {\n    const accountId = decodeURIComponent(params.accountId);\n\n    try {\n      await quotaService.setAccountLimit(accountId, null);\n      \n      logger.info(`Cleared account ${accountId} quota`);\n      \n      sendJson(response, 200, {\n        status: 'cleared',\n        targetType: 'account',\n        targetId: accountId,\n      });\n    } catch (error) {\n      logger.error(`Failed to clear account quota: ${error}`);\n      sendJson(response, 500, { error: 'Failed to clear quota' });\n    }\n  });\n\n  // GET /api/quota/pods/:podId\n  server.get('/v1/quota/pods/:podId', async (request, response, params) => {\n    const podId = decodeURIComponent(params.podId);\n\n    try {\n      const podInfo = await accountRepo.getPodInfo(podId);\n      if (!podInfo) {\n        sendJson(response, 404, { error: 'Pod not found' });\n        return;\n      }\n\n      const limit = await quotaService.getPodLimit(podId);\n      sendJson(response, 200, {\n        type: 'pod',\n        podId,\n        accountId: podInfo.accountId,\n        baseUrl: podInfo.baseUrl ?? null,\n        quotaLimit: limit ?? null,\n      });\n    } catch (error) {\n      logger.error(`Failed to get pod quota: ${error}`);\n      sendJson(response, 500, { error: 'Failed to get quota' });\n    }\n  });\n\n  // PUT /api/quota/pods/:podId\n  server.put('/v1/quota/pods/:podId', async (request, response, params) => {\n    const podId = decodeURIComponent(params.podId);\n    const body = await readJsonBody(request);\n\n    if (!body || typeof body !== 'object') {\n      sendJson(response, 400, { error: 'Request body must be a JSON object' });\n      return;\n    }\n\n    const payload = body as Record<string, unknown>;\n    if (!Object.prototype.hasOwnProperty.call(payload, 'quotaLimit')) {\n      sendJson(response, 400, { error: 'Body must include quotaLimit' });\n      return;\n    }\n\n    const quota = extractQuota(payload.quotaLimit);\n    if (quota === undefined) {\n      sendJson(response, 400, { error: 'quotaLimit must be a non-negative number or null' });\n      return;\n    }\n\n    try {\n      const podInfo = await accountRepo.getPodInfo(podId);\n      if (!podInfo) {\n        sendJson(response, 404, { error: 'Pod not found' });\n        return;\n      }\n\n      await quotaService.setPodLimit(podId, quota);\n      const latest = await quotaService.getPodLimit(podId);\n      \n      logger.info(`Set pod ${podId} quota to ${quota}`);\n      \n      sendJson(response, 200, {\n        status: 'updated',\n        targetType: 'pod',\n        targetId: podId,\n        quotaLimit: latest ?? null,\n      });\n    } catch (error) {\n      logger.error(`Failed to set pod quota: ${error}`);\n      sendJson(response, 500, { error: 'Failed to set quota' });\n    }\n  });\n\n  // DELETE /api/quota/pods/:podId\n  server.delete('/v1/quota/pods/:podId', async (request, response, params) => {\n    const podId = decodeURIComponent(params.podId);\n\n    try {\n      const podInfo = await accountRepo.getPodInfo(podId);\n      if (!podInfo) {\n        sendJson(response, 404, { error: 'Pod not found' });\n        return;\n      }\n\n      await quotaService.setPodLimit(podId, null);\n      \n      logger.info(`Cleared pod ${podId} quota`);\n      \n      sendJson(response, 200, {\n        status: 'cleared',\n        targetType: 'pod',\n        targetId: podId,\n      });\n    } catch (error) {\n      logger.error(`Failed to clear pod quota: ${error}`);\n      sendJson(response, 500, { error: 'Failed to clear quota' });\n    }\n  });\n}\n\nfunction extractQuota(value: unknown): number | null | undefined {\n  if (value === null) {\n    return null;\n  }\n  if (typeof value !== 'number' || !Number.isFinite(value) || value < 0) {\n    return undefined;\n  }\n  return value;\n}\n\nasync function readJsonBody(request: AuthenticatedRequest): Promise<unknown> {\n  return new Promise((resolve, reject) => {\n    let data = '';\n    request.setEncoding('utf8');\n    request.on('data', (chunk: string) => {\n      data += chunk;\n    });\n    request.on('end', () => {\n      if (!data) {\n        resolve(undefined);\n        return;\n      }\n      try {\n        resolve(JSON.parse(data));\n      } catch {\n        resolve(undefined);\n      }\n    });\n    request.on('error', reject);\n  });\n}\n\nfunction sendJson(response: ServerResponse, status: number, data: unknown): void {\n  response.statusCode = status;\n  response.setHeader('Content-Type', 'application/json');\n  response.end(JSON.stringify(data));\n}\n"]}
+{"version":3,"file":"QuotaHandler.js","sourceRoot":"","sources":["../../../src/api/handlers/QuotaHandler.ts"],"names":[],"mappings":";;AA0BA,kDA8LC;AAvND,iEAAqD;AAKrD,qDAA+C;AAO/C;;;;;;;;;;;;GAYG;AACH,SAAgB,mBAAmB,CAAC,MAAiB,EAAE,OAA4B;IACjF,MAAM,MAAM,GAAG,IAAA,oCAAY,EAAC,cAAc,CAAC,CAAC;IAC5C,MAAM,EAAE,YAAY,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;IAE5C,oCAAoC;IACpC,MAAM,CAAC,GAAG,CAAC,+BAA+B,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE;QAC9E,MAAM,SAAS,GAAG,kBAAkB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAEvD,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;YAC5D,MAAM,KAAK,GAAG,MAAM,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;YAEzD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,SAAS;gBACT,KAAK,EAAE;oBACL,iBAAiB,EAAE,KAAK,CAAC,iBAAiB;oBAC1C,iBAAiB,EAAE,KAAK,CAAC,iBAAiB;oBAC1C,mBAAmB,EAAE,KAAK,CAAC,mBAAmB;oBAC9C,iBAAiB,EAAE,KAAK,CAAC,iBAAiB;iBAC3C;gBACD,KAAK,EAAE;oBACL,YAAY,EAAE,KAAK,EAAE,YAAY,IAAI,CAAC;oBACtC,YAAY,EAAE,KAAK,EAAE,YAAY,IAAI,CAAC;oBACtC,WAAW,EAAE,KAAK,EAAE,WAAW,IAAI,CAAC;oBACpC,cAAc,EAAE,KAAK,EAAE,cAAc,IAAI,CAAC;oBAC1C,UAAU,EAAE,KAAK,EAAE,UAAU,IAAI,CAAC;oBAClC,WAAW,EAAE,KAAK,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI;iBAC1F;gBACD,MAAM,EAAE,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;aACrD,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,gCAAgC,KAAK,EAAE,CAAC,CAAC;YACtD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,oCAAoC;IACpC,MAAM,CAAC,GAAG,CAAC,+BAA+B,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE;QAC9E,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,QAAQ,EAAE,aAAa,CAAC,EAAE,CAAC;YACpD,OAAO;QACT,CAAC;QAED,MAAM,SAAS,GAAG,kBAAkB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACvD,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;QAEzC,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtC,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,oCAAoC,EAAE,CAAC,CAAC;YACzE,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,IAA+B,CAAC;QAChD,MAAM,OAAO,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAC5C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,2HAA2H,EAAE,CAAC,CAAC;YAChK,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,YAAY,CAAC,eAAe,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YACvD,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;YAE7D,MAAM,CAAC,IAAI,CAAC,eAAe,SAAS,WAAW,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;YAE1E,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,MAAM,EAAE,SAAS;gBACjB,SAAS;gBACT,KAAK,EAAE,MAAM;aACd,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,gCAAgC,KAAK,EAAE,CAAC,CAAC;YACtD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,uCAAuC;IACvC,MAAM,CAAC,MAAM,CAAC,+BAA+B,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE;QACjF,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,QAAQ,EAAE,aAAa,CAAC,EAAE,CAAC;YACpD,OAAO;QACT,CAAC;QAED,MAAM,SAAS,GAAG,kBAAkB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAEvD,IAAI,CAAC;YACH,MAAM,YAAY,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;YAEhD,MAAM,CAAC,IAAI,CAAC,mBAAmB,SAAS,QAAQ,CAAC,CAAC;YAElD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,MAAM,EAAE,SAAS;gBACjB,SAAS;aACV,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,kCAAkC,KAAK,EAAE,CAAC,CAAC;YACxD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,4BAA4B;IAC5B,MAAM,CAAC,GAAG,CAAC,uBAAuB,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE;QACtE,MAAM,KAAK,GAAG,kBAAkB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAE/C,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;YACpD,MAAM,KAAK,GAAG,MAAM,SAAS,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;YAEjD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,KAAK;gBACL,SAAS,EAAE,KAAK,EAAE,SAAS,IAAI,IAAI;gBACnC,KAAK,EAAE;oBACL,iBAAiB,EAAE,KAAK,CAAC,iBAAiB;oBAC1C,iBAAiB,EAAE,KAAK,CAAC,iBAAiB;oBAC1C,mBAAmB,EAAE,KAAK,CAAC,mBAAmB;oBAC9C,iBAAiB,EAAE,KAAK,CAAC,iBAAiB;iBAC3C;gBACD,KAAK,EAAE;oBACL,YAAY,EAAE,KAAK,EAAE,YAAY,IAAI,CAAC;oBACtC,YAAY,EAAE,KAAK,EAAE,YAAY,IAAI,CAAC;oBACtC,WAAW,EAAE,KAAK,EAAE,WAAW,IAAI,CAAC;oBACpC,cAAc,EAAE,KAAK,EAAE,cAAc,IAAI,CAAC;oBAC1C,UAAU,EAAE,KAAK,EAAE,UAAU,IAAI,CAAC;oBAClC,WAAW,EAAE,KAAK,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI;iBAC1F;gBACD,MAAM,EAAE,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;aACrD,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,4BAA4B,KAAK,EAAE,CAAC,CAAC;YAClD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,4BAA4B;IAC5B,MAAM,CAAC,GAAG,CAAC,uBAAuB,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE;QACtE,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,QAAQ,EAAE,aAAa,CAAC,EAAE,CAAC;YACpD,OAAO;QACT,CAAC;QAED,MAAM,KAAK,GAAG,kBAAkB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC/C,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;QAEzC,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtC,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,oCAAoC,EAAE,CAAC,CAAC;YACzE,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,IAA+B,CAAC;QAChD,MAAM,OAAO,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAC5C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,4CAA4C,EAAE,CAAC,CAAC;YACjF,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,YAAY,CAAC,WAAW,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;YAC/C,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;YAErD,MAAM,CAAC,IAAI,CAAC,WAAW,KAAK,WAAW,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;YAElE,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,MAAM,EAAE,SAAS;gBACjB,KAAK;gBACL,KAAK,EAAE,MAAM;aACd,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,4BAA4B,KAAK,EAAE,CAAC,CAAC;YAClD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,+BAA+B;IAC/B,MAAM,CAAC,MAAM,CAAC,uBAAuB,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE;QACzE,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,QAAQ,EAAE,aAAa,CAAC,EAAE,CAAC;YACpD,OAAO;QACT,CAAC;QAED,MAAM,KAAK,GAAG,kBAAkB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAE/C,IAAI,CAAC;YACH,MAAM,YAAY,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;YAExC,MAAM,CAAC,IAAI,CAAC,eAAe,KAAK,QAAQ,CAAC,CAAC;YAE1C,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,MAAM,EAAE,SAAS;gBACjB,KAAK;aACN,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,8BAA8B,KAAK,EAAE,CAAC,CAAC;YACpD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,OAA6B,EAAE,QAAwB,EAAE,KAAa;IAC1F,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QAClB,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,CAAC;QAC9D,OAAO,KAAK,CAAC;IACf,CAAC;IACD,kFAAkF;IAClF,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QACpC,IAAI,CAAC,IAAA,sBAAQ,EAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,CAAC;YACnC,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,2BAA2B,KAAK,EAAE,EAAE,CAAC,CAAC;YACvE,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,6EAA6E;IAC7E,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QAClC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC,CAAC;IAC/D,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,YAAY,GAAG,CAAC,mBAAmB,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,mBAAmB,CAAU,CAAC;AAErH,SAAS,kBAAkB,CAAC,OAAgC;IAC1D,MAAM,MAAM,GAAkC,EAAE,CAAC;IACjD,IAAI,QAAQ,GAAG,KAAK,CAAC;IAErB,KAAK,MAAM,KAAK,IAAI,YAAY,EAAE,CAAC;QACjC,IAAI,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,EAAE,CAAC;YACzD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC;YAC7B,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;gBACnB,MAAM,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC;gBACrB,QAAQ,GAAG,IAAI,CAAC;YAClB,CAAC;iBAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;gBAC7E,MAAM,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC;gBACtB,QAAQ,GAAG,IAAI,CAAC;YAClB,CAAC;iBAAM,CAAC;gBACN,OAAO,SAAS,CAAC,CAAC,gBAAgB;YACpC,CAAC;QACH,CAAC;IACH,CAAC;IAED,qDAAqD;IACrD,IAAI,CAAC,QAAQ,IAAI,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,EAAE,CAAC;QAC7E,MAAM,KAAK,GAAG,OAAO,CAAC,UAAU,CAAC;QACjC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YACnB,MAAM,CAAC,iBAAiB,GAAG,IAAI,CAAC;YAChC,QAAQ,GAAG,IAAI,CAAC;QAClB,CAAC;aAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;YAC7E,MAAM,CAAC,iBAAiB,GAAG,KAAK,CAAC;YACjC,QAAQ,GAAG,IAAI,CAAC;QAClB,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;AACvC,CAAC;AAED,SAAS,cAAc,CAAC,KAAmK;IACzL,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,OAAO,KAAK,CAAC,iBAAiB,KAAK,QAAQ;WAC7C,OAAO,KAAK,CAAC,iBAAiB,KAAK,QAAQ;WAC3C,OAAO,KAAK,CAAC,mBAAmB,KAAK,QAAQ;WAC7C,OAAO,KAAK,CAAC,iBAAiB,KAAK,QAAQ,CAAC;AACnD,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,OAA6B;IACvD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAC5B,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACnC,IAAI,IAAI,KAAK,CAAC;QAChB,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YACrB,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,CAAC,SAAS,CAAC,CAAC;gBACnB,OAAO;YACT,CAAC;YACD,IAAI,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;YAC5B,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,CAAC,SAAS,CAAC,CAAC;YACrB,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,QAAQ,CAAC,QAAwB,EAAE,MAAc,EAAE,IAAa;IACvE,QAAQ,CAAC,UAAU,GAAG,MAAM,CAAC;IAC7B,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;IACvD,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;AACrC,CAAC","sourcesContent":["import type { ServerResponse } from 'node:http';\nimport { getLoggerFor } from 'global-logger-factory';\nimport type { AuthenticatedRequest } from '../middleware/AuthMiddleware';\nimport type { ApiServer } from '../ApiServer';\nimport type { QuotaService } from '../../quota/QuotaService';\nimport type { UsageRepository } from '../../storage/quota/UsageRepository';\nimport { hasScope } from '../auth/AuthContext';\n\nexport interface QuotaHandlerOptions {\n  quotaService: QuotaService;\n  usageRepo: UsageRepository;\n}\n\n/**\n * Handler for quota management API\n *\n * Supports four resource types: storage, bandwidth, compute, token.\n * Requires ServiceAuthContext with 'quota:write' scope for mutations.\n *\n * GET    /v1/quota/accounts/:accountId - Get account quota + usage\n * PUT    /v1/quota/accounts/:accountId - Set account quota\n * DELETE /v1/quota/accounts/:accountId - Clear account quota (revert to defaults)\n * GET    /v1/quota/pods/:podId - Get pod quota + usage\n * PUT    /v1/quota/pods/:podId - Set pod quota\n * DELETE /v1/quota/pods/:podId - Clear pod quota\n */\nexport function registerQuotaRoutes(server: ApiServer, options: QuotaHandlerOptions): void {\n  const logger = getLoggerFor('QuotaHandler');\n  const { quotaService, usageRepo } = options;\n\n  // GET /v1/quota/accounts/:accountId\n  server.get('/v1/quota/accounts/:accountId', async (request, response, params) => {\n    const accountId = decodeURIComponent(params.accountId);\n\n    try {\n      const quota = await quotaService.getAccountQuota(accountId);\n      const usage = await usageRepo.getAccountUsage(accountId);\n\n      sendJson(response, 200, {\n        accountId,\n        quota: {\n          storageLimitBytes: quota.storageLimitBytes,\n          bandwidthLimitBps: quota.bandwidthLimitBps,\n          computeLimitSeconds: quota.computeLimitSeconds,\n          tokenLimitMonthly: quota.tokenLimitMonthly,\n        },\n        usage: {\n          storageBytes: usage?.storageBytes ?? 0,\n          ingressBytes: usage?.ingressBytes ?? 0,\n          egressBytes: usage?.egressBytes ?? 0,\n          computeSeconds: usage?.computeSeconds ?? 0,\n          tokensUsed: usage?.tokensUsed ?? 0,\n          periodStart: usage?.periodStart ? new Date(usage.periodStart * 1000).toISOString() : null,\n        },\n        source: hasCustomQuota(usage) ? 'custom' : 'default',\n      });\n    } catch (error) {\n      logger.error(`Failed to get account quota: ${error}`);\n      sendJson(response, 500, { error: 'Failed to get quota' });\n    }\n  });\n\n  // PUT /v1/quota/accounts/:accountId\n  server.put('/v1/quota/accounts/:accountId', async (request, response, params) => {\n    if (!requireScope(request, response, 'quota:write')) {\n      return;\n    }\n\n    const accountId = decodeURIComponent(params.accountId);\n    const body = await readJsonBody(request);\n\n    if (!body || typeof body !== 'object') {\n      sendJson(response, 400, { error: 'Request body must be a JSON object' });\n      return;\n    }\n\n    const payload = body as Record<string, unknown>;\n    const partial = extractQuotaFields(payload);\n    if (!partial) {\n      sendJson(response, 400, { error: 'Body must include at least one quota field (storageLimitBytes, bandwidthLimitBps, computeLimitSeconds, tokenLimitMonthly)' });\n      return;\n    }\n\n    try {\n      await quotaService.setAccountQuota(accountId, partial);\n      const latest = await quotaService.getAccountQuota(accountId);\n\n      logger.info(`Set account ${accountId} quota: ${JSON.stringify(partial)}`);\n\n      sendJson(response, 200, {\n        status: 'updated',\n        accountId,\n        quota: latest,\n      });\n    } catch (error) {\n      logger.error(`Failed to set account quota: ${error}`);\n      sendJson(response, 500, { error: 'Failed to set quota' });\n    }\n  });\n\n  // DELETE /v1/quota/accounts/:accountId\n  server.delete('/v1/quota/accounts/:accountId', async (request, response, params) => {\n    if (!requireScope(request, response, 'quota:write')) {\n      return;\n    }\n\n    const accountId = decodeURIComponent(params.accountId);\n\n    try {\n      await quotaService.clearAccountQuota(accountId);\n\n      logger.info(`Cleared account ${accountId} quota`);\n\n      sendJson(response, 200, {\n        status: 'cleared',\n        accountId,\n      });\n    } catch (error) {\n      logger.error(`Failed to clear account quota: ${error}`);\n      sendJson(response, 500, { error: 'Failed to clear quota' });\n    }\n  });\n\n  // GET /v1/quota/pods/:podId\n  server.get('/v1/quota/pods/:podId', async (request, response, params) => {\n    const podId = decodeURIComponent(params.podId);\n\n    try {\n      const quota = await quotaService.getPodQuota(podId);\n      const usage = await usageRepo.getPodUsage(podId);\n\n      sendJson(response, 200, {\n        podId,\n        accountId: usage?.accountId ?? null,\n        quota: {\n          storageLimitBytes: quota.storageLimitBytes,\n          bandwidthLimitBps: quota.bandwidthLimitBps,\n          computeLimitSeconds: quota.computeLimitSeconds,\n          tokenLimitMonthly: quota.tokenLimitMonthly,\n        },\n        usage: {\n          storageBytes: usage?.storageBytes ?? 0,\n          ingressBytes: usage?.ingressBytes ?? 0,\n          egressBytes: usage?.egressBytes ?? 0,\n          computeSeconds: usage?.computeSeconds ?? 0,\n          tokensUsed: usage?.tokensUsed ?? 0,\n          periodStart: usage?.periodStart ? new Date(usage.periodStart * 1000).toISOString() : null,\n        },\n        source: hasCustomQuota(usage) ? 'custom' : 'default',\n      });\n    } catch (error) {\n      logger.error(`Failed to get pod quota: ${error}`);\n      sendJson(response, 500, { error: 'Failed to get quota' });\n    }\n  });\n\n  // PUT /v1/quota/pods/:podId\n  server.put('/v1/quota/pods/:podId', async (request, response, params) => {\n    if (!requireScope(request, response, 'quota:write')) {\n      return;\n    }\n\n    const podId = decodeURIComponent(params.podId);\n    const body = await readJsonBody(request);\n\n    if (!body || typeof body !== 'object') {\n      sendJson(response, 400, { error: 'Request body must be a JSON object' });\n      return;\n    }\n\n    const payload = body as Record<string, unknown>;\n    const partial = extractQuotaFields(payload);\n    if (!partial) {\n      sendJson(response, 400, { error: 'Body must include at least one quota field' });\n      return;\n    }\n\n    try {\n      await quotaService.setPodQuota(podId, partial);\n      const latest = await quotaService.getPodQuota(podId);\n\n      logger.info(`Set pod ${podId} quota: ${JSON.stringify(partial)}`);\n\n      sendJson(response, 200, {\n        status: 'updated',\n        podId,\n        quota: latest,\n      });\n    } catch (error) {\n      logger.error(`Failed to set pod quota: ${error}`);\n      sendJson(response, 500, { error: 'Failed to set quota' });\n    }\n  });\n\n  // DELETE /v1/quota/pods/:podId\n  server.delete('/v1/quota/pods/:podId', async (request, response, params) => {\n    if (!requireScope(request, response, 'quota:write')) {\n      return;\n    }\n\n    const podId = decodeURIComponent(params.podId);\n\n    try {\n      await quotaService.clearPodQuota(podId);\n\n      logger.info(`Cleared pod ${podId} quota`);\n\n      sendJson(response, 200, {\n        status: 'cleared',\n        podId,\n      });\n    } catch (error) {\n      logger.error(`Failed to clear pod quota: ${error}`);\n      sendJson(response, 500, { error: 'Failed to clear quota' });\n    }\n  });\n}\n\n/**\n * Check if the request has the required scope. Sends 403 if not.\n */\nfunction requireScope(request: AuthenticatedRequest, response: ServerResponse, scope: string): boolean {\n  if (!request.auth) {\n    sendJson(response, 401, { error: 'Authentication required' });\n    return false;\n  }\n  // Service tokens need explicit scope; Solid users with admin role can also access\n  if (request.auth.type === 'service') {\n    if (!hasScope(request.auth, scope)) {\n      sendJson(response, 403, { error: `Missing required scope: ${scope}` });\n      return false;\n    }\n    return true;\n  }\n  // Allow Solid auth (for admin users) - actual admin check can be added later\n  if (request.auth.type === 'solid') {\n    return true;\n  }\n  sendJson(response, 403, { error: 'Insufficient permissions' });\n  return false;\n}\n\nconst QUOTA_FIELDS = ['storageLimitBytes', 'bandwidthLimitBps', 'computeLimitSeconds', 'tokenLimitMonthly'] as const;\n\nfunction extractQuotaFields(payload: Record<string, unknown>): Record<string, number | null> | undefined {\n  const result: Record<string, number | null> = {};\n  let hasField = false;\n\n  for (const field of QUOTA_FIELDS) {\n    if (Object.prototype.hasOwnProperty.call(payload, field)) {\n      const value = payload[field];\n      if (value === null) {\n        result[field] = null;\n        hasField = true;\n      } else if (typeof value === 'number' && Number.isFinite(value) && value >= 0) {\n        result[field] = value;\n        hasField = true;\n      } else {\n        return undefined; // Invalid value\n      }\n    }\n  }\n\n  // Backward compat: support legacy 'quotaLimit' field\n  if (!hasField && Object.prototype.hasOwnProperty.call(payload, 'quotaLimit')) {\n    const value = payload.quotaLimit;\n    if (value === null) {\n      result.storageLimitBytes = null;\n      hasField = true;\n    } else if (typeof value === 'number' && Number.isFinite(value) && value >= 0) {\n      result.storageLimitBytes = value;\n      hasField = true;\n    }\n  }\n\n  return hasField ? result : undefined;\n}\n\nfunction hasCustomQuota(usage: { storageLimitBytes?: number | null; bandwidthLimitBps?: number | null; computeLimitSeconds?: number | null; tokenLimitMonthly?: number | null } | undefined): boolean {\n  if (!usage) {\n    return false;\n  }\n  return typeof usage.storageLimitBytes === 'number'\n    || typeof usage.bandwidthLimitBps === 'number'\n    || typeof usage.computeLimitSeconds === 'number'\n    || typeof usage.tokenLimitMonthly === 'number';\n}\n\nasync function readJsonBody(request: AuthenticatedRequest): Promise<unknown> {\n  return new Promise((resolve, reject) => {\n    let data = '';\n    request.setEncoding('utf8');\n    request.on('data', (chunk: string) => {\n      data += chunk;\n    });\n    request.on('end', () => {\n      if (!data) {\n        resolve(undefined);\n        return;\n      }\n      try {\n        resolve(JSON.parse(data));\n      } catch {\n        resolve(undefined);\n      }\n    });\n    request.on('error', reject);\n  });\n}\n\nfunction sendJson(response: ServerResponse, status: number, data: unknown): void {\n  response.statusCode = status;\n  response.setHeader('Content-Type', 'application/json');\n  response.end(JSON.stringify(data));\n}\n"]}

package/dist/api/handlers/SubdomainClientHandler.js

@@ -74,7 +74,7 @@ function registerSubdomainClientRoutes(server, options) {
             sendJson(response, 400, { error: 'Invalid request body' });
             return;
         }
-        const { subdomain, localPort, publicIp } = body;
+        const { subdomain, localPort, ipv4 } = body;
         if (!subdomain || typeof subdomain !== 'string') {
             sendJson(response, 400, { error: 'Missing "subdomain" field' });
             return;
@@ -87,7 +87,7 @@ function registerSubdomainClientRoutes(server, options) {
             const result = await client.register({
                 subdomain,
                 localPort,
-                publicIp: typeof publicIp === 'string' ? publicIp : undefined,
+                ipv4: typeof ipv4 === 'string' ? ipv4 : undefined,
             });
             sendJson(response, 201, result);
         }