@versdotsh/reef 0.1.2

package/examples/services/reports/store.ts

@@ -0,0 +1,110 @@
+/**
+ * Reports store — markdown reports with tagging.
+ */
+
+import { ulid } from "ulid";
+import { readFileSync, writeFileSync, mkdirSync, existsSync } from "node:fs";
+import { dirname } from "node:path";
+
+export interface Report {
+  id: string;
+  title: string;
+  author: string;
+  content: string;
+  tags: string[];
+  createdAt: string;
+  updatedAt: string;
+}
+
+export interface CreateReportInput {
+  title: string;
+  author: string;
+  content: string;
+  tags?: string[];
+}
+
+export interface ReportFilters {
+  author?: string;
+  tag?: string;
+}
+
+export class ValidationError extends Error {
+  constructor(message: string) { super(message); this.name = "ValidationError"; }
+}
+
+export class ReportsStore {
+  private reports = new Map<string, Report>();
+  private filePath: string;
+  private writeTimer: ReturnType<typeof setTimeout> | null = null;
+
+  constructor(filePath = "data/reports.json") {
+    this.filePath = filePath;
+    this.load();
+  }
+
+  private load(): void {
+    try {
+      if (existsSync(this.filePath)) {
+        const raw = readFileSync(this.filePath, "utf-8");
+        const data = JSON.parse(raw);
+        if (Array.isArray(data.reports)) {
+          for (const r of data.reports) this.reports.set(r.id, r);
+        }
+      }
+    } catch {
+      this.reports = new Map();
+    }
+  }
+
+  private scheduleSave(): void {
+    if (this.writeTimer) return;
+    this.writeTimer = setTimeout(() => {
+      this.writeTimer = null;
+      this.flush();
+    }, 100);
+  }
+
+  flush(): void {
+    if (this.writeTimer) { clearTimeout(this.writeTimer); this.writeTimer = null; }
+    const dir = dirname(this.filePath);
+    if (!existsSync(dir)) mkdirSync(dir, { recursive: true });
+    writeFileSync(this.filePath, JSON.stringify({ reports: Array.from(this.reports.values()) }, null, 2));
+  }
+
+  create(input: CreateReportInput): Report {
+    if (!input.title?.trim()) throw new ValidationError("title is required");
+    if (!input.author?.trim()) throw new ValidationError("author is required");
+    if (!input.content?.trim()) throw new ValidationError("content is required");
+
+    const now = new Date().toISOString();
+    const report: Report = {
+      id: ulid(),
+      title: input.title.trim(),
+      author: input.author.trim(),
+      content: input.content,
+      tags: input.tags || [],
+      createdAt: now,
+      updatedAt: now,
+    };
+
+    this.reports.set(report.id, report);
+    this.scheduleSave();
+    return report;
+  }
+
+  get(id: string): Report | undefined { return this.reports.get(id); }
+
+  list(filters?: ReportFilters): Report[] {
+    let results = Array.from(this.reports.values());
+    if (filters?.author) results = results.filter((r) => r.author === filters.author);
+    if (filters?.tag) results = results.filter((r) => r.tags.includes(filters.tag!));
+    results.sort((a, b) => b.createdAt.localeCompare(a.createdAt));
+    return results;
+  }
+
+  delete(id: string): boolean {
+    const existed = this.reports.delete(id);
+    if (existed) this.scheduleSave();
+    return existed;
+  }
+}

package/examples/services/ui/auth.ts

@@ -0,0 +1,61 @@
+/**
+ * Magic link auth for the web UI.
+ *
+ * Flow: agent generates a magic link via POST /auth/magic-link (bearer auth),
+ * user opens it in browser, gets a session cookie, UI proxies API calls.
+ */
+
+import { ulid } from "ulid";
+
+interface MagicLink {
+  token: string;
+  expiresAt: string;
+}
+
+interface Session {
+  id: string;
+  createdAt: string;
+  expiresAt: string;
+}
+
+const magicLinks = new Map<string, MagicLink>();
+const sessions = new Map<string, Session>();
+
+const LINK_TTL_MS = 5 * 60 * 1000; // 5 minutes
+const SESSION_TTL_MS = 24 * 60 * 60 * 1000; // 24 hours
+
+export function createMagicLink(): MagicLink {
+  const token = ulid();
+  const expiresAt = new Date(Date.now() + LINK_TTL_MS).toISOString();
+  const link: MagicLink = { token, expiresAt };
+  magicLinks.set(token, link);
+  return link;
+}
+
+export function consumeMagicLink(token: string): boolean {
+  const link = magicLinks.get(token);
+  if (!link) return false;
+  magicLinks.delete(token);
+  return new Date(link.expiresAt).getTime() > Date.now();
+}
+
+export function createSession(): Session {
+  const session: Session = {
+    id: ulid(),
+    createdAt: new Date().toISOString(),
+    expiresAt: new Date(Date.now() + SESSION_TTL_MS).toISOString(),
+  };
+  sessions.set(session.id, session);
+  return session;
+}
+
+export function validateSession(sessionId: string | undefined): boolean {
+  if (!sessionId) return false;
+  const session = sessions.get(sessionId);
+  if (!session) return false;
+  if (new Date(session.expiresAt).getTime() < Date.now()) {
+    sessions.delete(sessionId);
+    return false;
+  }
+  return true;
+}

package/examples/services/ui/index.ts

@@ -0,0 +1,16 @@
+/**
+ * UI service module — web dashboard with magic link auth and API proxy.
+ */
+
+import type { ServiceModule } from "../src/core/types.js";
+import { createRoutes } from "./routes.js";
+
+const ui: ServiceModule = {
+  name: "ui",
+  description: "Web dashboard",
+  routes: createRoutes(),
+  mountAtRoot: true, // Serves at /ui/*, /auth/* — handles its own session auth
+  requiresAuth: false,
+};
+
+export default ui;

package/examples/services/ui/routes.ts

@@ -0,0 +1,160 @@
+/**
+ * UI routes — serves the dashboard, handles magic link auth, proxies API calls.
+ */
+
+import { Hono } from "hono";
+import { createMagicLink, consumeMagicLink, createSession, validateSession } from "./auth.js";
+import { readFileSync } from "node:fs";
+import { join } from "node:path";
+
+const AUTH_TOKEN = process.env.VERS_AUTH_TOKEN || "test-token";
+
+function getStaticDir(): string {
+  return join(import.meta.dir, "static");
+}
+
+function getSessionId(c: any): string | undefined {
+  const cookie = c.req.header("cookie") || "";
+  const match = cookie.match(/(?:^|;\s*)session=([^;]+)/);
+  return match?.[1];
+}
+
+function hasBearerAuth(c: any): boolean {
+  const auth = c.req.header("authorization") || "";
+  return auth === `Bearer ${AUTH_TOKEN}`;
+}
+
+export function createRoutes(): Hono {
+  const routes = new Hono();
+
+  // --- Auth ---
+
+  // Generate magic link (requires bearer auth)
+  routes.post("/auth/magic-link", (c) => {
+    if (!hasBearerAuth(c)) return c.json({ error: "Unauthorized" }, 401);
+
+    const link = createMagicLink();
+    const host = c.req.header("host") || "localhost:3000";
+    const proto = c.req.header("x-forwarded-proto") || "https";
+    const url = `${proto}://${host}/ui/login?token=${link.token}`;
+    return c.json({ url, expiresAt: link.expiresAt });
+  });
+
+  // Login page / magic link consumer
+  routes.get("/ui/login", (c) => {
+    const token = c.req.query("token");
+
+    if (token) {
+      const valid = consumeMagicLink(token);
+      if (valid) {
+        const session = createSession();
+        return c.html(
+          `<html><head><meta http-equiv="refresh" content="0;url=/ui/"></head></html>`,
+          200,
+          { "Set-Cookie": `session=${session.id}; Path=/; HttpOnly; SameSite=Lax; Max-Age=86400` },
+        );
+      }
+      return c.html(`
+        <html><body style="background:#0a0a0a;color:#f55;font-family:monospace;padding:2em">
+          <h2>Invalid or expired link</h2>
+          <p>Request a new magic link from the API.</p>
+        </body></html>
+      `, 401);
+    }
+
+    return c.html(`
+      <html><body style="background:#0a0a0a;color:#888;font-family:monospace;padding:2em">
+        <h2>Fleet Services Dashboard</h2>
+        <p>Access requires a magic link. Generate one via:</p>
+        <pre style="color:#4f9">POST /auth/magic-link</pre>
+      </body></html>
+    `);
+  });
+
+  // --- Session-protected UI routes ---
+
+  routes.use("/ui/*", async (c, next) => {
+    const path = new URL(c.req.url).pathname;
+    if (path === "/ui/login" || path.startsWith("/ui/static/")) return next();
+
+    // In dev mode (no auth token set), skip session check
+    if (!process.env.VERS_AUTH_TOKEN) return next();
+
+    const sessionId = getSessionId(c);
+    if (!validateSession(sessionId)) return c.redirect("/ui/login");
+    return next();
+  });
+
+  // Dashboard
+  routes.get("/ui/", (c) => {
+    try {
+      const html = readFileSync(join(getStaticDir(), "index.html"), "utf-8");
+      return c.html(html);
+    } catch {
+      return c.text("Dashboard files not found", 500);
+    }
+  });
+
+  // Static files
+  routes.get("/ui/static/:file", (c) => {
+    const file = c.req.param("file");
+    if (file.includes("..") || file.includes("/")) return c.text("Not found", 404);
+
+    try {
+      const content = readFileSync(join(getStaticDir(), file), "utf-8");
+      const ext = file.split(".").pop();
+      const contentType =
+        ext === "css" ? "text/css" :
+        ext === "js" ? "application/javascript" :
+        "text/plain";
+      return c.body(content, 200, { "Content-Type": contentType });
+    } catch {
+      return c.text("Not found", 404);
+    }
+  });
+
+  // --- API proxy (injects bearer token so browser never needs it) ---
+
+  routes.all("/ui/api/*", async (c) => {
+    const url = new URL(c.req.url);
+    const apiPath = url.pathname.replace(/^\/ui\/api/, "");
+    const queryString = url.search;
+
+    const port = process.env.PORT || "3000";
+    const internalUrl = `http://127.0.0.1:${port}${apiPath}${queryString}`;
+
+    const headers: Record<string, string> = {
+      Authorization: `Bearer ${AUTH_TOKEN}`,
+    };
+    const contentType = c.req.header("content-type");
+    if (contentType) headers["Content-Type"] = contentType;
+
+    const method = c.req.method;
+    const body = method !== "GET" && method !== "HEAD" ? await c.req.text() : undefined;
+
+    try {
+      const resp = await fetch(internalUrl, { method, headers, body });
+
+      // SSE passthrough
+      if (resp.headers.get("content-type")?.includes("text/event-stream")) {
+        return new Response(resp.body, {
+          status: resp.status,
+          headers: {
+            "Content-Type": "text/event-stream",
+            "Cache-Control": "no-cache",
+            Connection: "keep-alive",
+          },
+        });
+      }
+
+      const text = await resp.text();
+      return c.body(text, resp.status as any, {
+        "Content-Type": resp.headers.get("content-type") || "application/json",
+      });
+    } catch (e) {
+      return c.json({ error: "Proxy error", details: String(e) }, 502);
+    }
+  });
+
+  return routes;
+}