@valentinkolb/cloud 0.1.0

package/src/config/env.ts

@@ -0,0 +1,23 @@
+/**
+ * Environment variable parsing.
+ * All env vars are parsed and validated here, then exported as typed `env` object.
+ */
+
+const str = (key: string, fallback: string = ""): string => process.env[key] ?? fallback;
+
+const int = (key: string, fallback: number): number => {
+  const value = process.env[key];
+  const parsed = parseInt(value ?? "", 10);
+  return isNaN(parsed) ? fallback : parsed;
+};
+
+
+export const env = {
+  // Application (infrastructure — not changeable at runtime)
+  APP_SECRET: str("APP_SECRET"),
+  PORT: int("PORT", 3000),
+  IS_DEVELOPMENT: process.env.NODE_ENV === "development",
+
+  // Admin login (local emergency access — token-based, no IPA required)
+  ADMIN_LOGIN_TOKEN: str("ADMIN_LOGIN_TOKEN"),
+} as const;

package/src/config/index.ts

@@ -0,0 +1,6 @@
+/**
+ * Main config export.
+ * Re-exports env vars. SSR config is per-app via defineApp().
+ */
+
+export { env } from "./env";

package/src/config/ssr.ts

@@ -0,0 +1,58 @@
+/**
+ * SSR configuration and helpers.
+ */
+
+import { createConfig } from "@valentinkolb/ssr";
+import { createSSRHandler } from "@valentinkolb/ssr/hono";
+import { env } from "./env";
+import { dirname, resolve } from "node:path";
+import { fileURLToPath } from "node:url";
+
+/** Cache-busting version stamp — changes on every server start / rebuild. */
+const v = Date.now();
+
+type PageOptions = {
+  title?: string;
+  description?: string;
+  theme?: "light" | "dark";
+};
+
+export const { config, plugin, html } = createConfig<PageOptions>({
+  dev: env.IS_DEVELOPMENT,
+  verbose: true,
+  // Scan all workspace packages so app islands are bundled too (not only core islands).
+  rootDir: resolve(dirname(fileURLToPath(import.meta.url)), "..", "..", ".."),
+
+  template: ({ body, scripts, title, description, theme }) => {
+    // If theme is explicitly set, don't let the script override it
+    const themeFixed = theme !== undefined;
+    return `<!DOCTYPE html>
+<html lang="de" class="${theme ?? "light"}"${themeFixed ? " data-theme-fixed" : ""}>
+  <head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="view-transition" content="same-origin">
+    <title>${title ?? "StuVe"}</title>
+    <meta name="description" content="${description ?? "Cloud workspace"}">
+    <meta name="theme-color" content="#09090b">
+    <meta name="mobile-web-app-capable" content="yes">
+    <link rel="icon" href="/branding/favicon">
+    <link rel="stylesheet" href="/public/build.css?v=${v}">
+    <link rel="stylesheet" href="/public/katex.css?v=${v}">
+    <script>
+      (function() {
+        var el = document.documentElement;
+        if (!el.hasAttribute('data-theme-fixed')) {
+          var theme = document.cookie.match(/theme=([^;]+)/)?.[1] || 'light';
+          el.classList.add(theme);
+        }
+      })();
+    </script>
+  </head>
+  <body>
+    ${body}
+  </body>
+  ${scripts}
+</html>`;
+  },
+});
+
+export const ssr = createSSRHandler(html);

package/src/contracts/app.ts

@@ -0,0 +1,140 @@
+import type { Role, User } from "./shared";
+
+/**
+ * One link entry contributed by an app to the global legal/info footer
+ * (login page, app footer, rail dropdown). Aggregated across all running
+ * apps via `listLegalLinks()`.
+ */
+export type LegalLink = {
+  label: string;
+  href: string;
+  icon?: string;
+};
+
+export type AppMeta = {
+  id: string;
+  name: string;
+  icon: string;
+  description: string;
+  adminHref?: string;
+  /**
+   * Top-level URL prefixes the gateway routes to this app. The gateway
+   * is dumb — it just builds a prefix-trie from these strings.
+   */
+  routes: readonly string[];
+  nav?: {
+    href: string;
+    match?: string;
+    section: "primary" | "more" | "hidden";
+    requiresAuth?: boolean;
+    requiresRoles?: Role[];
+  };
+  /**
+   * Legal/info pages this app owns. Aggregated app-wide and rendered in
+   * login footer, app Footer, and the rail "more" dropdown. Each app
+   * contributes its own (e.g. settings → terms/privacy/imprint, faq → FAQ).
+   */
+  legalLinks?: LegalLink[];
+  /**
+   * Dashboard widget endpoints this app exposes. Each entry references an
+   * HTTP endpoint that returns a `WidgetResponse` (see `contracts/widgets.ts`).
+   * The dashboard app fetches these with the user's session forwarded; the
+   * endpoint is responsible for permission / role gating and returns 204 to
+   * silently skip rendering for the current user.
+   */
+  widgets?: WidgetEndpoint[];
+};
+
+export type WidgetEndpoint = {
+  /** Unique-within-the-app id, e.g. "open-requests". */
+  id: string;
+  /** Absolute path on the app's HTTP service, e.g. "/api/accounts/widget/open-requests". */
+  path: string;
+};
+
+export type RuntimeAppMeta = AppMeta & {
+  searchTags?: string[];
+  searchHelp?: string;
+  searchTagHelp?: AppSearchTagHelpEntry[];
+};
+
+export type CloudLogger = {
+  debug: (message: string, metadata?: Record<string, unknown>) => void;
+  info: (message: string, metadata?: Record<string, unknown>) => void;
+  warn: (message: string, metadata?: Record<string, unknown>) => void;
+  error: (message: string, metadata?: Record<string, unknown>) => void;
+};
+
+export type CloudRuntime = {
+  apps: readonly RuntimeAppMeta[];
+};
+
+export type CloudContext = {
+  logger: (source: string) => CloudLogger;
+  settings: {
+    get: <T = unknown>(key: string) => Promise<T>;
+    set: (key: string, value: unknown) => Promise<void>;
+  };
+  runtime: CloudRuntime;
+};
+
+export type CloudLifecycleContext = CloudContext;
+
+export type AppLifecycle = {
+  setup?: (ctx: CloudContext) => Promise<void>;
+  start?: (ctx: CloudContext) => Promise<void>;
+  stop?: (ctx: CloudContext) => Promise<void>;
+};
+
+export type SearchPriority = 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9;
+
+export type AppSearchContext = {
+  get: <K extends "user" | "sessionToken">(key: K) => K extends "user" ? User : string;
+};
+
+export type AppSearchInput = {
+  query: string;
+  tags: string[];
+  limit: number;
+  ctx: AppSearchContext;
+};
+
+export type AppSearchMetadataEntry = {
+  label: string;
+  value: string;
+};
+
+export type AppSearchTagHelpEntry = {
+  tag: string;
+  help: string;
+};
+
+export type AppSearchResult = {
+  id: string;
+  title: string;
+  href: string;
+  preview?: string;
+  icon?: string;
+  priority?: SearchPriority;
+  metadata?: AppSearchMetadataEntry[];
+  previewUrl?: string;
+};
+
+export type AppCapabilities = {
+  search?: {
+    tags?: readonly string[];
+    help?: string;
+    tagHelp?: readonly AppSearchTagHelpEntry[];
+    run: (input: AppSearchInput) => Promise<AppSearchResult[]>;
+  };
+};
+
+/**
+ * Removes query parameters from a navigation href so path matching stays stable.
+ */
+export const stripQuery = (href: string): string => href.split("?")[0] ?? href;
+
+/**
+ * Resolves the active-path matcher for a nav entry.
+ */
+export const resolveNavMatch = (meta: AppMeta): string | undefined => meta.nav?.match ?? (meta.nav ? stripQuery(meta.nav.href) : undefined);

package/src/contracts/index.ts

@@ -0,0 +1,5 @@
+export * from "./app";
+export * from "./shared";
+export * from "./registry";
+export * from "./profile";
+export * from "./widgets";

package/src/contracts/profile.ts

@@ -0,0 +1,67 @@
+import { z } from "zod";
+
+/**
+ * Schemas for account profile / password / request inputs. Live in core
+ * contracts so both the core `/api/me` router and the accounts admin app can
+ * consume the same shapes without cross-app imports.
+ */
+
+const SSH_PUBLIC_KEY_PATTERN = /^(ssh-(rsa|ed25519|dss)|ecdsa-sha2-nistp(256|384|521))\s+[A-Za-z0-9+/=]+(?:\s+.+)?$/;
+
+/**
+ * IPA-only self-service fields. Exposed so an admin schema can compose the
+ * same inner shape without extending the refined self-service schema.
+ */
+export const IpaProfileFieldsSchema = z.object({
+  phone: z.string().optional(),
+  address: z
+    .object({
+      street: z.string().optional(),
+      postalCode: z.string().optional(),
+      city: z.string().optional(),
+      state: z.string().optional(),
+    })
+    .optional(),
+  sshPublicKeys: z.array(z.string().regex(SSH_PUBLIC_KEY_PATTERN, "Invalid SSH public key format")).optional(),
+});
+
+export const UpdateProfileSchema = z
+  .object({
+    givenname: z.string().min(1).optional(),
+    sn: z.string().min(1).optional(),
+    displayName: z.string().min(1).optional(),
+    ipa: IpaProfileFieldsSchema.optional(),
+  })
+  .refine(
+    (data) => data.givenname !== undefined || data.sn !== undefined || data.displayName !== undefined || data.ipa !== undefined,
+    { message: "At least one profile field must be provided" },
+  );
+
+export const ChangePasswordSchema = z
+  .object({
+    currentPassword: z.string().min(1),
+    newPassword: z.string().min(8),
+    confirmPassword: z.string().min(1),
+  })
+  .refine((data) => data.newPassword === data.confirmPassword, {
+    message: "Passwords do not match",
+    path: ["confirmPassword"],
+  });
+
+export const ChangeExpiredPasswordSchema = z
+  .object({
+    username: z.string().min(1),
+    currentPassword: z.string().min(1),
+    newPassword: z.string().min(8),
+    confirmPassword: z.string().min(1),
+  })
+  .refine((data) => data.newPassword === data.confirmPassword, {
+    message: "Passwords do not match",
+    path: ["confirmPassword"],
+  });
+
+export const CreateAccountRequestSchema = z.object({
+  phone: z.string().optional().describe("Optional phone number for the request"),
+  comment: z.string().optional().describe("Why do you need a FreeIPA account?"),
+  acceptedAgb: z.literal(true).describe("Must accept terms of service"),
+});

package/src/contracts/registry.ts

@@ -0,0 +1,50 @@
+/**
+ * App-registry entry type. Populated internally by `defineApp()` + the
+ * heartbeat runtime; never parsed from external input — plain TS types are
+ * enough for type safety (no runtime validation needed).
+ */
+
+export type AppRegistryNav = {
+  href: string;
+  match?: string;
+  section: "primary" | "more" | "hidden";
+  requiresAuth?: boolean;
+  requiresRoles?: string[];
+  adminHref?: string;
+};
+
+export type AppRegistrySearch = {
+  tags: string[];
+  help: string;
+  tagHelp: Array<{ tag: string; help: string }>;
+  endpoint: string;
+};
+
+export type AppRegistryLegalLink = {
+  label: string;
+  href: string;
+  icon?: string;
+};
+
+export type AppRegistryWidget = {
+  id: string;
+  /** Absolute path on the app's HTTP service, e.g. "/api/quotes/widget/random". */
+  path: string;
+};
+
+export type AppRegistryEntry = {
+  id: string;
+  name: string;
+  icon: string;
+  description: string;
+  baseUrl: string;
+  /**
+   * Top-level URL prefixes the gateway routes to this app. The gateway
+   * builds a prefix-trie from these strings, no derivation or heuristics.
+   */
+  routes: readonly string[];
+  nav?: AppRegistryNav;
+  search?: AppRegistrySearch;
+  legalLinks?: AppRegistryLegalLink[];
+  widgets?: AppRegistryWidget[];
+};

package/src/contracts/settings-types.ts

@@ -0,0 +1,84 @@
+/**
+ * Type-level scaffolding for `defineApp({ settings: { ... } })`.
+ *
+ * These types let TypeScript derive a per-app `Settings` shape from the literal
+ * settings declaration in defineApp. The derived shape is:
+ *
+ *   1. **Flat** — `{ "files.filegate_url": string, "freeipa.enable": boolean, ... }`
+ *      (used by the typed async API: `app.settings.get("files.filegate_url")`)
+ *
+ *   2. **Nested + readonly** — `{ files: { filegate_url: string }, freeipa: { enable: boolean } }`
+ *      (used by the per-request snapshot exposed via `c.get("settings")`)
+ *
+ * No runtime in this file — pure TypeScript.
+ */
+import type { SettingOption } from "../services/settings/defaults";
+
+// ── Setting definition shape (what users write inside defineApp.settings) ───
+
+type EnvResolver = () => unknown;
+
+type CommonDef = {
+  label?: string;
+  description?: string;
+  envBootstrap?: EnvResolver;
+  envFallback?: EnvResolver;
+};
+
+type StringLikeKind = "string" | "text" | "email" | "url" | "secret" | "image" | "cron" | "timezone" | "template";
+
+export type AppSettingDef =
+  | (CommonDef & { kind: StringLikeKind; default: string; placeholder?: string; templateVars?: readonly string[] })
+  | (CommonDef & { kind: "boolean"; default: boolean })
+  | (CommonDef & { kind: "number"; default: number; min?: number; max?: number; placeholder?: string })
+  | (CommonDef & { kind: "enum"; default: string; options: ReadonlyArray<SettingOption> })
+  | (CommonDef & { kind: "string_list"; default: readonly string[]; placeholder?: string })
+  | (CommonDef & { kind: "number_list"; default: readonly number[]; placeholder?: string });
+
+/** A map of setting-key → definition. The key strings are dotted paths like "files.filegate_url". */
+export type AppSettingsMap = Record<string, AppSettingDef>;
+
+// ── Type-level transforms ───────────────────────────────────────────────────
+
+/** Map a setting `kind` literal to the runtime value type returned by reads. */
+export type KindToType<K extends string> =
+  K extends "boolean" ? boolean :
+  K extends "number" ? number :
+  K extends "string_list" ? string[] :
+  K extends "number_list" ? number[] :
+  string;
+
+/**
+ * Derive a flat `{ key: value }` map from a SettingsMap.
+ *
+ * Example:
+ *   SettingsFlat<{ "app.name": { kind: "string"; default: "" } }>
+ *   = { readonly "app.name": string }
+ */
+export type SettingsFlat<S extends Record<string, { kind: string }>> = {
+  readonly [K in keyof S]: KindToType<S[K]["kind"]>;
+};
+
+/**
+ * Recursively un-flatten dotted-key maps into nested objects.
+ *
+ * Example:
+ *   Unflatten<{ "files.filegate_url": string; "files.base_homes": string; "app.name": string }>
+ *   = { readonly files: { readonly filegate_url: string; readonly base_homes: string }, readonly app: { readonly name: string } }
+ */
+export type Unflatten<T extends Record<string, unknown>> = {
+  readonly [K in Extract<keyof T, string> as K extends `${infer Head}.${string}` ? Head : K]:
+    K extends `${infer Head}.${string}`
+      ? Unflatten<{ [P in Extract<keyof T, `${Head}.${string}`> as P extends `${Head}.${infer R}` ? R : never]: T[P] }>
+      : T[K];
+};
+
+/**
+ * Final per-app Settings shape: nested, readonly, derived from the App type.
+ *
+ * Used by `AppContext<App>` to type `c.get("settings")` correctly per-app.
+ */
+export type AppSettings<App> =
+  App extends { readonly _settings: infer S extends Record<string, { kind: string }> }
+    ? Unflatten<SettingsFlat<S>>
+    : never;

package/src/contracts/shared.ts

@@ -0,0 +1,258 @@
+import { z } from "zod";
+
+export const RoleSchema = z.enum([
+  "admin",
+  "ipa",
+  "guest",
+  "group-manager",
+  "local",
+  "user",
+  "ipa/user",
+  "ipa/guest",
+  "local/user",
+  "local/guest",
+]);
+export type Role = z.infer<typeof RoleSchema>;
+
+export const UserProviderSchema = z.enum(["ipa", "local"]);
+export type UserProvider = z.infer<typeof UserProviderSchema>;
+
+export const UserProfileSchema = z.enum(["user", "guest"]);
+export type UserProfile = z.infer<typeof UserProfileSchema>;
+
+export const SpecialRoleSchema = z.enum(["*", "authenticated", "anonymous"]);
+export type SpecialRole = z.infer<typeof SpecialRoleSchema>;
+export type RoleOrSpecial = Role | SpecialRole;
+
+export const hasRole = (user: { roles: Role[] }, ...roles: Role[]): boolean => roles.some((role) => user.roles.includes(role));
+
+export const BaseUserSchema = z.object({
+  id: z.string(),
+  uid: z.string(),
+  roles: z.array(RoleSchema),
+  provider: UserProviderSchema,
+  profile: UserProfileSchema,
+  givenname: z.string(),
+  sn: z.string(),
+  displayName: z.string(),
+  mail: z.string().nullable(),
+});
+export type BaseUser = z.infer<typeof BaseUserSchema>;
+
+export const IpaUserDataSchema = z.object({
+  uidNumber: z.number().nullable(),
+  phone: z.string().nullable(),
+  employeeType: z.string().nullable(),
+  mobile: z.string().nullable(),
+  address: z.object({
+    street: z.string().nullable(),
+    postalCode: z.string().nullable(),
+    city: z.string().nullable(),
+    state: z.string().nullable(),
+  }),
+  passwordExpires: z.string().nullable(),
+  lastLoginIpa: z.string().nullable(),
+  syncedAt: z.string().nullable(),
+  sshPublicKeys: z.array(z.string()),
+  sshFingerprints: z.array(z.string()),
+});
+export type IpaUserData = z.infer<typeof IpaUserDataSchema>;
+
+const RichUserFields = {
+  accountExpires: z.string().nullable(),
+  lastLoginLocal: z.string().nullable(),
+  memberofGroup: z.array(z.string()),
+  memberofGroupIds: z.array(z.uuid()),
+  manages: z.array(z.string()),
+  managesGroupIds: z.array(z.uuid()),
+} satisfies z.ZodRawShape;
+
+export const IpaUserSchema = BaseUserSchema.extend({
+  provider: z.literal("ipa"),
+  ipa: IpaUserDataSchema,
+  ...RichUserFields,
+});
+export type IpaUser = z.infer<typeof IpaUserSchema>;
+
+export const LocalUserSchema = BaseUserSchema.extend({
+  provider: z.literal("local"),
+  ipa: z.null(),
+  ...RichUserFields,
+});
+export type LocalUser = z.infer<typeof LocalUserSchema>;
+
+export const UserSchema = z.discriminatedUnion("provider", [IpaUserSchema, LocalUserSchema]);
+export type User = z.infer<typeof UserSchema>;
+
+export const BaseGroupSchema = z.object({
+  id: z.uuid(),
+  provider: UserProviderSchema,
+  name: z.string(),
+  description: z.string().nullable(),
+  gidnumber: z.number().nullable(),
+});
+export type BaseGroup = z.infer<typeof BaseGroupSchema>;
+
+export const EntityKindSchema = z.enum(["user", "group"]);
+export type EntityKind = z.infer<typeof EntityKindSchema>;
+
+export const EntityRelationSchema = z.object({
+  direct: z.boolean().optional(),
+});
+export type EntityRelation = z.infer<typeof EntityRelationSchema>;
+
+export const EntityListItemSchema = z.discriminatedUnion("kind", [
+  z.object({
+    kind: z.literal("user"),
+    user: BaseUserSchema,
+    relation: EntityRelationSchema.optional(),
+  }),
+  z.object({
+    kind: z.literal("group"),
+    group: BaseGroupSchema,
+    relation: EntityRelationSchema.optional(),
+  }),
+]);
+export type EntityListItem = z.infer<typeof EntityListItemSchema>;
+
+export const GroupMemberSchema = z.object({
+  type: z.enum(["user", "group"]),
+  id: z.string(),
+  displayName: z.string().nullable(),
+});
+export type GroupMember = z.infer<typeof GroupMemberSchema>;
+
+export const SearchQuerySchema = z.object({
+  search: z.string().optional(),
+});
+
+export const PaginationQuerySchema = z.object({
+  page: z.coerce.number().int().positive().optional().default(1),
+  per_page: z.coerce.number().int().min(1).max(100).optional().default(20),
+});
+export type PaginationQuery = z.infer<typeof PaginationQuerySchema>;
+
+export const PaginationResponseSchema = z.object({
+  page: z.number(),
+  per_page: z.number(),
+  total: z.number(),
+  total_pages: z.number(),
+  has_next: z.boolean(),
+});
+export type PaginationResponse = z.infer<typeof PaginationResponseSchema>;
+
+export type PaginationParams = {
+  page: number;
+  perPage: number;
+  offset: number;
+};
+
+export const parsePagination = (query: { page?: number; per_page?: number }): PaginationParams => {
+  const page = query.page ?? 1;
+  const perPage = query.per_page ?? 20;
+  const offset = (page - 1) * perPage;
+  return { page, perPage, offset };
+};
+
+export const createPagination = (params: PaginationParams, total: number): PaginationResponse => {
+  const totalPages = Math.ceil(total / params.perPage);
+  return {
+    page: params.page,
+    per_page: params.perPage,
+    total,
+    total_pages: totalPages,
+    has_next: params.page < totalPages,
+  };
+};
+
+export const ErrorResponseSchema = z.object({
+  message: z.string(),
+  code: z.string().optional(),
+});
+export type ErrorResponse = z.infer<typeof ErrorResponseSchema>;
+
+export const MessageResponseSchema = z.object({
+  message: z.string(),
+});
+export type MessageResponse = z.infer<typeof MessageResponseSchema>;
+
+export type MutationResult<T = void> = { ok: true; data: T } | { ok: false; error: string; status: 400 | 401 | 403 | 404 | 409 | 500 };
+
+export const PermissionLevelSchema = z.enum(["none", "read", "write", "admin"]);
+export type PermissionLevel = z.infer<typeof PermissionLevelSchema>;
+
+export const PrincipalSchema = z.discriminatedUnion("type", [
+  z.object({ type: z.literal("user"), userId: z.uuid() }),
+  z.object({ type: z.literal("group"), groupId: z.uuid() }),
+  z.object({ type: z.literal("authenticated") }),
+  z.object({ type: z.literal("public") }),
+]);
+export type Principal = z.infer<typeof PrincipalSchema>;
+
+export const AccessEntrySchema = z.object({
+  id: z.uuid(),
+  principal: PrincipalSchema,
+  permission: PermissionLevelSchema,
+  createdAt: z.string(),
+  displayName: z.string().optional(),
+});
+export type AccessEntry = z.infer<typeof AccessEntrySchema>;
+
+export const NotebookPresenceParticipantSchema = z.object({
+  userId: z.uuid(),
+  displayName: z.string(),
+  color: z.string(),
+  peerCount: z.number().int().positive(),
+  joinedAt: z.string(),
+});
+export type NotebookPresenceParticipant = z.infer<typeof NotebookPresenceParticipantSchema>;
+
+export const GrantAccessSchema = z.object({
+  principal: PrincipalSchema,
+  permission: PermissionLevelSchema,
+});
+export type GrantAccess = z.infer<typeof GrantAccessSchema>;
+
+export const UpdateAccessSchema = z.object({
+  permission: PermissionLevelSchema,
+});
+export type UpdateAccess = z.infer<typeof UpdateAccessSchema>;
+
+// ── Settings (browser-safe types) ────────────────────────────────────
+
+export type SettingKind =
+  | "string"
+  | "text"
+  | "email"
+  | "url"
+  | "secret"
+  | "image"
+  | "boolean"
+  | "number"
+  | "enum"
+  | "string_list"
+  | "number_list"
+  | "cron"
+  | "timezone"
+  | "template";
+
+export type SettingOption = {
+  value: string;
+  label: string;
+};
+
+export type SettingEntry = {
+  key: string;
+  label: string;
+  kind: SettingKind;
+  description: string;
+  placeholder?: string;
+  group: string;
+  value: unknown;
+  default: unknown;
+  isCustom: boolean;
+  templateVars?: string[];
+  options?: SettingOption[];
+  min?: number;
+  max?: number;
+};