npm - @wopr-network/platform-core - Versions diffs - 1.67.1 → 1.69.0 - Mend

@wopr-network/platform-core 1.67.1 → 1.69.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (81) hide show

package/dist/auth/better-auth.js +7 -0
package/dist/backup/types.d.ts +1 -1
package/dist/email/client.js +16 -0
package/dist/server/__tests__/build-container.test.d.ts +1 -0
package/dist/server/__tests__/build-container.test.js +339 -0
package/dist/server/__tests__/container.test.d.ts +1 -0
package/dist/server/__tests__/container.test.js +170 -0
package/dist/server/__tests__/lifecycle.test.d.ts +1 -0
package/dist/server/__tests__/lifecycle.test.js +90 -0
package/dist/server/__tests__/mount-routes.test.d.ts +1 -0
package/dist/server/__tests__/mount-routes.test.js +151 -0
package/dist/server/boot-config.d.ts +51 -0
package/dist/server/boot-config.js +7 -0
package/dist/server/container.d.ts +81 -0
package/dist/server/container.js +134 -0
package/dist/server/index.d.ts +33 -0
package/dist/server/index.js +66 -0
package/dist/server/lifecycle.d.ts +25 -0
package/dist/server/lifecycle.js +46 -0
package/dist/server/middleware/__tests__/admin-auth.test.d.ts +1 -0
package/dist/server/middleware/__tests__/admin-auth.test.js +59 -0
package/dist/server/middleware/__tests__/tenant-proxy.test.d.ts +1 -0
package/dist/server/middleware/__tests__/tenant-proxy.test.js +268 -0
package/dist/server/middleware/admin-auth.d.ts +18 -0
package/dist/server/middleware/admin-auth.js +38 -0
package/dist/server/middleware/tenant-proxy.d.ts +56 -0
package/dist/server/middleware/tenant-proxy.js +162 -0
package/dist/server/mount-routes.d.ts +30 -0
package/dist/server/mount-routes.js +74 -0
package/dist/server/routes/__tests__/admin.test.d.ts +1 -0
package/dist/server/routes/__tests__/admin.test.js +267 -0
package/dist/server/routes/__tests__/crypto-webhook.test.d.ts +1 -0
package/dist/server/routes/__tests__/crypto-webhook.test.js +137 -0
package/dist/server/routes/__tests__/provision-webhook.test.d.ts +1 -0
package/dist/server/routes/__tests__/provision-webhook.test.js +212 -0
package/dist/server/routes/__tests__/stripe-webhook.test.d.ts +1 -0
package/dist/server/routes/__tests__/stripe-webhook.test.js +65 -0
package/dist/server/routes/admin.d.ts +111 -0
package/dist/server/routes/admin.js +273 -0
package/dist/server/routes/crypto-webhook.d.ts +23 -0
package/dist/server/routes/crypto-webhook.js +82 -0
package/dist/server/routes/provision-webhook.d.ts +38 -0
package/dist/server/routes/provision-webhook.js +160 -0
package/dist/server/routes/stripe-webhook.d.ts +10 -0
package/dist/server/routes/stripe-webhook.js +29 -0
package/dist/server/test-container.d.ts +15 -0
package/dist/server/test-container.js +103 -0
package/dist/trpc/auth-helpers.d.ts +17 -0
package/dist/trpc/auth-helpers.js +26 -0
package/dist/trpc/container-factories.d.ts +300 -0
package/dist/trpc/container-factories.js +80 -0
package/dist/trpc/index.d.ts +2 -0
package/dist/trpc/index.js +2 -0
package/package.json +8 -3
package/src/auth/better-auth.ts +8 -0
package/src/email/client.ts +18 -0
package/src/server/__tests__/build-container.test.ts +402 -0
package/src/server/__tests__/container.test.ts +204 -0
package/src/server/__tests__/lifecycle.test.ts +106 -0
package/src/server/__tests__/mount-routes.test.ts +169 -0
package/src/server/boot-config.ts +84 -0
package/src/server/container.ts +237 -0
package/src/server/index.ts +92 -0
package/src/server/lifecycle.ts +62 -0
package/src/server/middleware/__tests__/admin-auth.test.ts +67 -0
package/src/server/middleware/__tests__/tenant-proxy.test.ts +308 -0
package/src/server/middleware/admin-auth.ts +51 -0
package/src/server/middleware/tenant-proxy.ts +192 -0
package/src/server/mount-routes.ts +113 -0
package/src/server/routes/__tests__/admin.test.ts +320 -0
package/src/server/routes/__tests__/crypto-webhook.test.ts +167 -0
package/src/server/routes/__tests__/provision-webhook.test.ts +323 -0
package/src/server/routes/__tests__/stripe-webhook.test.ts +73 -0
package/src/server/routes/admin.ts +334 -0
package/src/server/routes/crypto-webhook.ts +110 -0
package/src/server/routes/provision-webhook.ts +212 -0
package/src/server/routes/stripe-webhook.ts +36 -0
package/src/server/test-container.ts +120 -0
package/src/trpc/auth-helpers.ts +28 -0
package/src/trpc/container-factories.ts +114 -0
package/src/trpc/index.ts +9 -0

package/src/server/routes/__tests__/provision-webhook.test.ts ADDED Viewed

@@ -0,0 +1,323 @@
+import { describe, expect, it, vi } from "vitest";
+import type { FleetServices } from "../../container.js";
+import { createTestContainer } from "../../test-container.js";
+import { createProvisionWebhookRoutes, type ProvisionWebhookConfig } from "../provision-webhook.js";
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+const SECRET = "test-provision-secret-1234";
+function makeConfig(overrides?: Partial<ProvisionWebhookConfig>): ProvisionWebhookConfig {
+  return {
+    provisionSecret: SECRET,
+    instanceImage: "ghcr.io/test/app:latest",
+    containerPort: 3000,
+    maxInstancesPerTenant: 5,
+    gatewayUrl: "http://gateway:4000",
+    containerPrefix: "test",
+    ...overrides,
+  };
+}
+function makeFleet(): FleetServices {
+  return {
+    manager: {
+      create: vi.fn().mockResolvedValue({
+        id: "inst-001",
+        containerId: "docker-abc",
+        containerName: "test-myapp",
+        url: "http://test-myapp:3000",
+        profile: { id: "inst-001", name: "myapp", tenantId: "tenant-1" },
+      }),
+      remove: vi.fn().mockResolvedValue(undefined),
+      status: vi.fn().mockResolvedValue({
+        id: "inst-001",
+        name: "myapp",
+        state: "running",
+      }),
+    } as never,
+    docker: {} as never,
+    proxy: {
+      addRoute: vi.fn().mockResolvedValue(undefined),
+      removeRoute: vi.fn(),
+      updateHealth: vi.fn(),
+      getRoutes: vi.fn().mockReturnValue([]),
+      start: vi.fn().mockResolvedValue(undefined),
+      stop: vi.fn().mockResolvedValue(undefined),
+      reload: vi.fn().mockResolvedValue(undefined),
+    },
+    profileStore: {
+      init: vi.fn().mockResolvedValue(undefined),
+      save: vi.fn().mockResolvedValue(undefined),
+      get: vi.fn().mockResolvedValue(null),
+      list: vi.fn().mockResolvedValue([]),
+      delete: vi.fn().mockResolvedValue(true),
+    },
+    serviceKeyRepo: {
+      generate: vi.fn().mockResolvedValue("key-abc"),
+      resolve: vi.fn().mockResolvedValue(null),
+      revokeByInstance: vi.fn().mockResolvedValue(undefined),
+      revokeByTenant: vi.fn().mockResolvedValue(undefined),
+    } as never,
+  };
+}
+function buildApp(opts?: { fleet?: FleetServices | null; config?: Partial<ProvisionWebhookConfig> }) {
+  const container = createTestContainer({
+    fleet: opts?.fleet !== undefined ? opts.fleet : makeFleet(),
+  });
+  const config = makeConfig(opts?.config);
+  return createProvisionWebhookRoutes(container, config);
+}
+async function request(
+  app: ReturnType<typeof buildApp>,
+  method: string,
+  path: string,
+  body?: unknown,
+  headers?: Record<string, string>,
+) {
+  const init: RequestInit = {
+    method,
+    headers: {
+      "Content-Type": "application/json",
+      ...headers,
+    },
+  };
+  if (body !== undefined) {
+    init.body = JSON.stringify(body);
+  }
+  return app.request(path, init);
+}
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+describe("createProvisionWebhookRoutes", () => {
+  // ---- Auth tests (apply to all endpoints) ----
+  it("returns 401 without authorization header", async () => {
+    const app = buildApp();
+    const res = await request(app, "POST", "/create", { tenantId: "t1", subdomain: "test" });
+    expect(res.status).toBe(401);
+    const json = await res.json();
+    expect(json.error).toBe("Unauthorized");
+  });
+  it("returns 401 with wrong secret", async () => {
+    const app = buildApp();
+    const res = await request(
+      app,
+      "POST",
+      "/create",
+      { tenantId: "t1", subdomain: "test" },
+      {
+        Authorization: "Bearer wrong-secret",
+      },
+    );
+    expect(res.status).toBe(401);
+    const json = await res.json();
+    expect(json.error).toBe("Unauthorized");
+  });
+  // ---- Fleet not configured ----
+  it("returns 501 when fleet not configured (container.fleet is null)", async () => {
+    const app = buildApp({ fleet: null });
+    const res = await request(
+      app,
+      "POST",
+      "/create",
+      { tenantId: "t1", subdomain: "test" },
+      {
+        Authorization: `Bearer ${SECRET}`,
+      },
+    );
+    expect(res.status).toBe(501);
+    const json = await res.json();
+    expect(json.error).toBe("Fleet management not configured");
+  });
+  it("returns 501 on destroy when fleet not configured", async () => {
+    const app = buildApp({ fleet: null });
+    const res = await request(
+      app,
+      "POST",
+      "/destroy",
+      { instanceId: "inst-001" },
+      {
+        Authorization: `Bearer ${SECRET}`,
+      },
+    );
+    expect(res.status).toBe(501);
+  });
+  it("returns 501 on budget when fleet not configured", async () => {
+    const app = buildApp({ fleet: null });
+    const res = await request(
+      app,
+      "PUT",
+      "/budget",
+      { instanceId: "inst-001", tenantEntityId: "te-1", budgetCents: 1000 },
+      { Authorization: `Bearer ${SECRET}` },
+    );
+    expect(res.status).toBe(501);
+  });
+  // ---- Create endpoint ----
+  it("handles create webhook with valid auth and payload", async () => {
+    const fleet = makeFleet();
+    const app = buildApp({ fleet });
+    const res = await request(
+      app,
+      "POST",
+      "/create",
+      { tenantId: "tenant-1", subdomain: "myapp" },
+      { Authorization: `Bearer ${SECRET}` },
+    );
+    expect(res.status).toBe(201);
+    const json = await res.json();
+    expect(json.ok).toBe(true);
+    expect(json.instanceId).toBe("inst-001");
+    expect(json.subdomain).toBe("myapp");
+    expect(json.containerUrl).toBe("http://test-myapp:3000");
+    // Verify fleet.create was called with generic env var names
+    expect(fleet.manager.create).toHaveBeenCalledTimes(1);
+    const createCall = (fleet.manager.create as ReturnType<typeof vi.fn>).mock.calls[0][0];
+    expect(createCall.env.HOSTED_MODE).toBe("true");
+    expect(createCall.env.DEPLOYMENT_MODE).toBe("hosted_proxy");
+    expect(createCall.env.DEPLOYMENT_EXPOSURE).toBe("private");
+    expect(createCall.env.MIGRATION_AUTO_APPLY).toBe("true");
+    // Verify NO product-specific prefixes
+    expect(createCall.env.PAPERCLIP_HOSTED_MODE).toBeUndefined();
+    expect(createCall.env.PAPERCLIP_DEPLOYMENT_MODE).toBeUndefined();
+    // Verify proxy route was registered
+    expect(fleet.proxy.addRoute).toHaveBeenCalledTimes(1);
+  });
+  it("returns 422 on create when required fields are missing", async () => {
+    const app = buildApp();
+    const res = await request(
+      app,
+      "POST",
+      "/create",
+      { tenantId: "tenant-1" }, // missing subdomain
+      { Authorization: `Bearer ${SECRET}` },
+    );
+    expect(res.status).toBe(422);
+    const json = await res.json();
+    expect(json.error).toContain("Missing required fields");
+  });
+  // ---- Destroy endpoint ----
+  it("handles destroy webhook with valid auth and instanceId", async () => {
+    const fleet = makeFleet();
+    const app = buildApp({ fleet });
+    const res = await request(
+      app,
+      "POST",
+      "/destroy",
+      { instanceId: "inst-001" },
+      { Authorization: `Bearer ${SECRET}` },
+    );
+    expect(res.status).toBe(200);
+    const json = await res.json();
+    expect(json.ok).toBe(true);
+    expect(fleet.serviceKeyRepo.revokeByInstance).toHaveBeenCalledWith("inst-001");
+    expect(fleet.manager.remove).toHaveBeenCalledWith("inst-001");
+    expect(fleet.proxy.removeRoute).toHaveBeenCalledWith("inst-001");
+  });
+  it("returns 422 on destroy when instanceId is missing", async () => {
+    const app = buildApp();
+    const res = await request(
+      app,
+      "POST",
+      "/destroy",
+      {},
+      {
+        Authorization: `Bearer ${SECRET}`,
+      },
+    );
+    expect(res.status).toBe(422);
+    const json = await res.json();
+    expect(json.error).toContain("Missing required field");
+  });
+  // ---- Budget endpoint ----
+  it("handles budget webhook with valid auth and payload", async () => {
+    const fleet = makeFleet();
+    const app = buildApp({ fleet });
+    const res = await request(
+      app,
+      "PUT",
+      "/budget",
+      { instanceId: "inst-001", tenantEntityId: "te-1", budgetCents: 5000 },
+      { Authorization: `Bearer ${SECRET}` },
+    );
+    expect(res.status).toBe(200);
+    const json = await res.json();
+    expect(json.ok).toBe(true);
+    expect(json.budgetCents).toBe(5000);
+  });
+  it("returns 422 on budget when required fields are missing", async () => {
+    const app = buildApp();
+    const res = await request(
+      app,
+      "PUT",
+      "/budget",
+      { instanceId: "inst-001" }, // missing tenantEntityId, budgetCents
+      { Authorization: `Bearer ${SECRET}` },
+    );
+    expect(res.status).toBe(422);
+    const json = await res.json();
+    expect(json.error).toContain("Missing required fields");
+  });
+  // ---- Generic env var names ----
+  it("uses generic env var names with no PAPERCLIP_ prefix anywhere", async () => {
+    const fleet = makeFleet();
+    const app = buildApp({ fleet });
+    await request(
+      app,
+      "POST",
+      "/create",
+      { tenantId: "tenant-1", subdomain: "myapp" },
+      { Authorization: `Bearer ${SECRET}` },
+    );
+    const createCall = (fleet.manager.create as ReturnType<typeof vi.fn>).mock.calls[0][0];
+    const envKeys = Object.keys(createCall.env);
+    for (const key of envKeys) {
+      expect(key).not.toMatch(/^PAPERCLIP_/);
+    }
+    // Verify expected generic names are present
+    expect(envKeys).toContain("HOSTED_MODE");
+    expect(envKeys).toContain("DEPLOYMENT_MODE");
+    expect(envKeys).toContain("DEPLOYMENT_EXPOSURE");
+    expect(envKeys).toContain("MIGRATION_AUTO_APPLY");
+    expect(envKeys).toContain("PROVISION_SECRET");
+  });
+});

package/src/server/routes/__tests__/stripe-webhook.test.ts ADDED Viewed

@@ -0,0 +1,73 @@
+import { Hono } from "hono";
+import { describe, expect, it, vi } from "vitest";
+import { createTestContainer } from "../../test-container.js";
+import { createStripeWebhookRoutes } from "../stripe-webhook.js";
+function makeApp(stripeOverride?: unknown) {
+  const container = createTestContainer(
+    stripeOverride !== undefined ? { stripe: stripeOverride as ReturnType<typeof createTestContainer>["stripe"] } : {},
+  );
+  const app = new Hono();
+  app.route("/api/webhooks/stripe", createStripeWebhookRoutes(container));
+  return app;
+}
+describe("stripe webhook route", () => {
+  it("returns 501 when stripe not configured", async () => {
+    const app = makeApp(null);
+    const res = await app.request("/api/webhooks/stripe", { method: "POST" });
+    expect(res.status).toBe(501);
+  });
+  it("returns 400 when stripe-signature header missing", async () => {
+    const app = makeApp({
+      stripe: {},
+      webhookSecret: "whsec_test",
+      customerRepo: {},
+      processor: { handleWebhook: vi.fn() },
+    });
+    const res = await app.request("/api/webhooks/stripe", {
+      method: "POST",
+      body: "{}",
+    });
+    expect(res.status).toBe(400);
+    const body = await res.json();
+    expect(body.error).toBe("Missing stripe-signature header");
+  });
+  it("returns 200 on valid webhook", async () => {
+    const handleWebhook = vi.fn().mockResolvedValue({ handled: true, event_type: "checkout.session.completed" });
+    const app = makeApp({
+      stripe: {},
+      webhookSecret: "whsec_test",
+      customerRepo: {},
+      processor: { handleWebhook },
+    });
+    const res = await app.request("/api/webhooks/stripe", {
+      method: "POST",
+      headers: { "stripe-signature": "t=123,v1=abc" },
+      body: '{"type":"checkout.session.completed"}',
+    });
+    expect(res.status).toBe(200);
+    expect(handleWebhook).toHaveBeenCalledOnce();
+  });
+  it("returns 400 when processor throws (bad signature)", async () => {
+    const handleWebhook = vi.fn().mockRejectedValue(new Error("Signature verification failed"));
+    const app = makeApp({
+      stripe: {},
+      webhookSecret: "whsec_test",
+      customerRepo: {},
+      processor: { handleWebhook },
+    });
+    const res = await app.request("/api/webhooks/stripe", {
+      method: "POST",
+      headers: { "stripe-signature": "t=123,v1=bad" },
+      body: "invalid",
+    });
+    expect(res.status).toBe(400);
+    const body = await res.json();
+    expect(body.error).toBe("Webhook processing failed");
+  });
+});