@zooid/server 0.0.1

package/src/routes/opml.test.ts

@@ -0,0 +1,131 @@
+import { describe, it, expect, beforeAll, beforeEach } from 'vitest';
+import { env } from 'cloudflare:test';
+import app from '../index';
+import { setupTestDb, cleanTestDb } from '../test-utils';
+import { createToken } from '../lib/jwt';
+
+const JWT_SECRET = 'test-jwt-secret';
+
+async function adminRequest(path: string, options: RequestInit = {}) {
+  const token = await createToken({ scope: 'admin' }, JWT_SECRET);
+  const headers = new Headers(options.headers);
+  headers.set('Authorization', `Bearer ${token}`);
+  headers.set('Content-Type', 'application/json');
+  return app.request(
+    path,
+    { ...options, headers },
+    { ...env, ZOOID_JWT_SECRET: JWT_SECRET },
+  );
+}
+
+describe('OPML routes', () => {
+  beforeAll(async () => {
+    await setupTestDb();
+  });
+
+  beforeEach(async () => {
+    await cleanTestDb();
+  });
+
+  describe('GET /api/v1/opml', () => {
+    it('returns valid OPML with correct content type', async () => {
+      await adminRequest('/api/v1/channels', {
+        method: 'POST',
+        body: JSON.stringify({
+          id: 'signals',
+          name: 'Signals',
+          description: 'Market signals',
+          is_public: true,
+        }),
+      });
+
+      const res = await app.request(
+        '/api/v1/opml',
+        {},
+        { ...env, ZOOID_JWT_SECRET: JWT_SECRET },
+      );
+
+      expect(res.status).toBe(200);
+      expect(res.headers.get('Content-Type')).toBe('text/x-opml');
+
+      const xml = await res.text();
+      expect(xml).toContain('<?xml version="1.0" encoding="UTF-8"?>');
+      expect(xml).toContain('<opml');
+      expect(xml).toContain('version="2.0"');
+      expect(xml).toContain('Signals');
+      expect(xml).toContain('/api/v1/channels/signals/rss');
+      expect(xml).toContain('/signals');
+    });
+
+    it('only includes public channels', async () => {
+      await adminRequest('/api/v1/channels', {
+        method: 'POST',
+        body: JSON.stringify({
+          id: 'public-ch',
+          name: 'Public',
+          is_public: true,
+        }),
+      });
+      await adminRequest('/api/v1/channels', {
+        method: 'POST',
+        body: JSON.stringify({
+          id: 'private-ch',
+          name: 'Private',
+          is_public: false,
+        }),
+      });
+
+      const res = await app.request(
+        '/api/v1/opml',
+        {},
+        { ...env, ZOOID_JWT_SECRET: JWT_SECRET },
+      );
+
+      const xml = await res.text();
+      expect(xml).toContain('Public');
+      expect(xml).not.toContain('Private');
+    });
+
+    it('returns empty body when no channels', async () => {
+      const res = await app.request(
+        '/api/v1/opml',
+        {},
+        { ...env, ZOOID_JWT_SECRET: JWT_SECRET },
+      );
+
+      expect(res.status).toBe(200);
+      const xml = await res.text();
+      expect(xml).toContain('<opml');
+      expect(xml).not.toContain('xmlUrl');
+    });
+
+    it('includes multiple channels as outlines', async () => {
+      await adminRequest('/api/v1/channels', {
+        method: 'POST',
+        body: JSON.stringify({
+          id: 'alpha',
+          name: 'Alpha',
+          is_public: true,
+        }),
+      });
+      await adminRequest('/api/v1/channels', {
+        method: 'POST',
+        body: JSON.stringify({
+          id: 'beta',
+          name: 'Beta',
+          is_public: true,
+        }),
+      });
+
+      const res = await app.request(
+        '/api/v1/opml',
+        {},
+        { ...env, ZOOID_JWT_SECRET: JWT_SECRET },
+      );
+
+      const xml = await res.text();
+      expect(xml).toContain('alpha/rss');
+      expect(xml).toContain('beta/rss');
+    });
+  });
+});

package/src/routes/opml.ts

@@ -0,0 +1,41 @@
+import { Hono } from 'hono';
+import type { Bindings, Variables } from '../types';
+import { listChannels } from '../db/queries';
+import { buildXml } from '../lib/xml';
+
+type Env = { Bindings: Bindings; Variables: Variables };
+
+export const opml = new Hono<Env>();
+
+opml.get('/opml', async (c) => {
+  const db = c.env.DB;
+  const channels = await listChannels(db);
+  const url = new URL(c.req.url);
+  const baseUrl = `${url.protocol}//${url.host}`;
+
+  const outlines = channels
+    .filter((ch) => ch.is_public)
+    .map((ch) => ({
+      '@_text': ch.name,
+      '@_type': 'rss',
+      '@_xmlUrl': `${baseUrl}/api/v1/channels/${ch.id}/rss`,
+      '@_htmlUrl': `${baseUrl}/${ch.id}`,
+      ...(ch.description ? { '@_description': ch.description } : {}),
+    }));
+
+  const xml = buildXml({
+    opml: {
+      '@_version': '2.0',
+      head: {
+        title: `Zooid Channels — ${url.host}`,
+      },
+      body: {
+        outline: outlines,
+      },
+    },
+  });
+
+  return c.body(xml, 200, {
+    'Content-Type': 'text/x-opml',
+  });
+});

package/src/routes/rss.test.ts

@@ -0,0 +1,224 @@
+import { describe, it, expect, beforeAll, beforeEach } from 'vitest';
+import { env } from 'cloudflare:test';
+import app from '../index';
+import { setupTestDb, cleanTestDb } from '../test-utils';
+import { createToken } from '../lib/jwt';
+
+const JWT_SECRET = 'test-jwt-secret';
+
+async function adminRequest(path: string, options: RequestInit = {}) {
+  const token = await createToken({ scope: 'admin' }, JWT_SECRET);
+  const headers = new Headers(options.headers);
+  headers.set('Authorization', `Bearer ${token}`);
+  headers.set('Content-Type', 'application/json');
+  return app.request(
+    path,
+    { ...options, headers },
+    { ...env, ZOOID_JWT_SECRET: JWT_SECRET },
+  );
+}
+
+async function publishRequest(
+  path: string,
+  options: RequestInit = {},
+  channel: string,
+) {
+  const token = await createToken(
+    { scope: 'publish', channel, sub: 'test-publisher' },
+    JWT_SECRET,
+  );
+  const headers = new Headers(options.headers);
+  headers.set('Authorization', `Bearer ${token}`);
+  headers.set('Content-Type', 'application/json');
+  return app.request(
+    path,
+    { ...options, headers },
+    { ...env, ZOOID_JWT_SECRET: JWT_SECRET },
+  );
+}
+
+describe('RSS routes', () => {
+  beforeAll(async () => {
+    await setupTestDb();
+  });
+
+  beforeEach(async () => {
+    await cleanTestDb();
+    await adminRequest('/api/v1/channels', {
+      method: 'POST',
+      body: JSON.stringify({
+        id: 'rss-channel',
+        name: 'RSS Channel',
+        description: 'Test RSS feed',
+        is_public: true,
+      }),
+    });
+    await adminRequest('/api/v1/channels', {
+      method: 'POST',
+      body: JSON.stringify({
+        id: 'priv-rss',
+        name: 'Private RSS',
+        is_public: false,
+      }),
+    });
+  });
+
+  describe('GET /channels/:channelId/rss', () => {
+    it('returns valid RSS XML with correct content type', async () => {
+      await publishRequest(
+        '/api/v1/channels/rss-channel/events',
+        {
+          method: 'POST',
+          body: JSON.stringify({
+            type: 'signal',
+            data: { market: 'test', shift: 0.05 },
+          }),
+        },
+        'rss-channel',
+      );
+
+      const res = await app.request(
+        '/api/v1/channels/rss-channel/rss',
+        {},
+        { ...env, ZOOID_JWT_SECRET: JWT_SECRET },
+      );
+
+      expect(res.status).toBe(200);
+      expect(res.headers.get('Content-Type')).toBe('application/rss+xml');
+
+      const xml = await res.text();
+      expect(xml).toContain('<?xml version="1.0" encoding="UTF-8"?>');
+      expect(xml).toContain('<rss version="2.0">');
+      expect(xml).toContain('<title>RSS Channel</title>');
+      expect(xml).toContain('<description>Test RSS feed</description>');
+      expect(xml).toContain('<item>');
+      expect(xml).toContain('<guid>');
+    });
+
+    it('formats data as YAML by default', async () => {
+      await publishRequest(
+        '/api/v1/channels/rss-channel/events',
+        {
+          method: 'POST',
+          body: JSON.stringify({
+            type: 'signal',
+            data: { market: 'election', shift: 0.07 },
+          }),
+        },
+        'rss-channel',
+      );
+
+      const res = await app.request(
+        '/api/v1/channels/rss-channel/rss',
+        {},
+        { ...env, ZOOID_JWT_SECRET: JWT_SECRET },
+      );
+
+      const xml = await res.text();
+      // YAML-style: key: value
+      expect(xml).toContain('market: election');
+      expect(xml).toContain('shift: 0.07');
+    });
+
+    it('formats data as JSON when format=json', async () => {
+      await publishRequest(
+        '/api/v1/channels/rss-channel/events',
+        {
+          method: 'POST',
+          body: JSON.stringify({
+            type: 'signal',
+            data: { market: 'election' },
+          }),
+        },
+        'rss-channel',
+      );
+
+      const res = await app.request(
+        '/api/v1/channels/rss-channel/rss?format=json',
+        {},
+        { ...env, ZOOID_JWT_SECRET: JWT_SECRET },
+      );
+
+      const xml = await res.text();
+      // JSON stays raw inside CDATA
+      expect(xml).toContain('"market"');
+    });
+
+    it('includes event type and publisher in title', async () => {
+      await publishRequest(
+        '/api/v1/channels/rss-channel/events',
+        {
+          method: 'POST',
+          body: JSON.stringify({
+            type: 'odds_shift',
+            data: { v: 1 },
+          }),
+        },
+        'rss-channel',
+      );
+
+      const res = await app.request(
+        '/api/v1/channels/rss-channel/rss',
+        {},
+        { ...env, ZOOID_JWT_SECRET: JWT_SECRET },
+      );
+
+      const xml = await res.text();
+      expect(xml).toContain('[odds_shift]');
+      expect(xml).toContain('test-publisher');
+    });
+
+    it('returns empty feed when no events', async () => {
+      const res = await app.request(
+        '/api/v1/channels/rss-channel/rss',
+        {},
+        { ...env, ZOOID_JWT_SECRET: JWT_SECRET },
+      );
+
+      expect(res.status).toBe(200);
+      const xml = await res.text();
+      expect(xml).toContain('<rss version="2.0">');
+      expect(xml).not.toContain('<item>');
+    });
+
+    it('allows public channel without auth', async () => {
+      const res = await app.request(
+        '/api/v1/channels/rss-channel/rss',
+        {},
+        { ...env, ZOOID_JWT_SECRET: JWT_SECRET },
+      );
+      expect(res.status).toBe(200);
+    });
+
+    it('requires token query param for private channel', async () => {
+      const res = await app.request(
+        '/api/v1/channels/priv-rss/rss',
+        {},
+        { ...env, ZOOID_JWT_SECRET: JWT_SECRET },
+      );
+      expect(res.status).toBe(401);
+    });
+
+    it('accepts token via query param for private channel', async () => {
+      const token = await createToken(
+        { scope: 'subscribe', channel: 'priv-rss', sub: 'sub-1' },
+        JWT_SECRET,
+      );
+      const res = await app.request(
+        `/api/v1/channels/priv-rss/rss?token=${token}`,
+        {},
+        { ...env, ZOOID_JWT_SECRET: JWT_SECRET },
+      );
+      expect(res.status).toBe(200);
+    });
+
+    it('returns 404 for non-existent channel', async () => {
+      const res = await app.request(
+        '/api/v1/channels/nonexistent/rss',
+        {},
+        { ...env, ZOOID_JWT_SECRET: JWT_SECRET },
+      );
+      expect(res.status).toBe(404);
+    });
+  });
+});

package/src/routes/rss.ts

@@ -0,0 +1,91 @@
+import { Hono } from 'hono';
+import { stringify } from 'yaml';
+import type { Bindings, Variables, ZooidEvent } from '../types';
+import { getChannel } from '../db/queries';
+import { pollEvents, cleanupExpiredEvents } from '../db/queries';
+import { verifyToken } from '../lib/jwt';
+import { buildXml } from '../lib/xml';
+
+type Env = { Bindings: Bindings; Variables: Variables };
+
+export const rss = new Hono<Env>();
+
+rss.get('/channels/:channelId/rss', async (c) => {
+  const channelId = c.req.param('channelId');
+  const db = c.env.DB;
+
+  const channel = await getChannel(db, channelId);
+  if (!channel) {
+    return c.json({ error: 'Channel not found' }, 404);
+  }
+
+  // Auth: public channels need no auth, private channels use ?token= query param
+  if (channel.is_public !== 1) {
+    const tokenStr = c.req.query('token');
+    if (!tokenStr) {
+      return c.json(
+        { error: 'Subscribe token required for private channel' },
+        401,
+      );
+    }
+
+    try {
+      const payload = await verifyToken(tokenStr, c.env.ZOOID_JWT_SECRET);
+      if (payload.scope !== 'admin' && payload.scope !== 'subscribe') {
+        return c.json({ error: 'Insufficient permissions' }, 403);
+      }
+      if (payload.scope === 'subscribe' && payload.channel !== channelId) {
+        return c.json({ error: 'Token not valid for this channel' }, 403);
+      }
+    } catch {
+      return c.json({ error: 'Invalid or expired token' }, 401);
+    }
+  }
+
+  await cleanupExpiredEvents(db, channelId);
+
+  const result = await pollEvents(db, channelId, { limit: 50 });
+  const format = c.req.query('format') || 'yaml';
+
+  const items = result.events.map((event) => formatItem(event, format));
+
+  const xml = buildXml({
+    rss: {
+      '@_version': '2.0',
+      channel: {
+        title: channel.name,
+        description: channel.description || '',
+        ...(items.length > 0 ? { item: items } : {}),
+      },
+    },
+  });
+
+  return c.body(xml, 200, {
+    'Content-Type': 'application/rss+xml',
+  });
+});
+
+function formatItem(
+  event: ZooidEvent,
+  format: string,
+): Record<string, unknown> {
+  const type = event.type || 'event';
+  const publisher = event.publisher_id || 'unknown';
+
+  let data: Record<string, unknown>;
+  try {
+    data = JSON.parse(event.data);
+  } catch {
+    data = {};
+  }
+
+  const description =
+    format === 'json' ? JSON.stringify(data, null, 2) : stringify(data).trim();
+
+  return {
+    title: `[${type}] ${publisher}`,
+    description: `<![CDATA[${description}]]>`,
+    pubDate: new Date(event.created_at).toUTCString(),
+    guid: event.id,
+  };
+}

package/src/routes/server-meta.test.ts

@@ -0,0 +1,157 @@
+import { describe, it, expect, beforeAll, beforeEach } from 'vitest';
+import { env } from 'cloudflare:test';
+import app from '../index';
+import { setupTestDb, cleanTestDb } from '../test-utils';
+import { createToken } from '../lib/jwt';
+
+const JWT_SECRET = 'test-jwt-secret';
+
+async function authRequest(
+  path: string,
+  options: RequestInit = {},
+  scope: 'admin' | 'publish' | 'subscribe' = 'admin',
+  channel?: string,
+) {
+  const token = await createToken({ scope, channel }, JWT_SECRET);
+  const headers = new Headers(options.headers);
+  headers.set('Authorization', `Bearer ${token}`);
+  headers.set('Content-Type', 'application/json');
+  return app.request(
+    path,
+    { ...options, headers },
+    { ...env, ZOOID_JWT_SECRET: JWT_SECRET },
+  );
+}
+
+describe('Server meta routes', () => {
+  beforeAll(async () => {
+    await setupTestDb();
+  });
+
+  beforeEach(async () => {
+    await cleanTestDb();
+  });
+
+  describe('GET /api/v1/server', () => {
+    it('returns defaults when no row exists', async () => {
+      const res = await app.request(
+        '/api/v1/server',
+        {},
+        { ...env, ZOOID_JWT_SECRET: JWT_SECRET },
+      );
+      expect(res.status).toBe(200);
+      const body = (await res.json()) as Record<string, unknown>;
+      expect(body.name).toBe('Zooid');
+      expect(body.description).toBeNull();
+      expect(body.tags).toEqual([]);
+      expect(body.owner).toBeNull();
+      expect(body.company).toBeNull();
+      expect(body.email).toBeNull();
+      expect(body.updated_at).toBeTruthy();
+    });
+
+    it('returns stored metadata after update', async () => {
+      await authRequest('/api/v1/server', {
+        method: 'PUT',
+        body: JSON.stringify({
+          name: 'My Server',
+          description: 'Test server',
+          tags: ['ai', 'agents'],
+          owner: 'tester',
+        }),
+      });
+
+      const res = await app.request(
+        '/api/v1/server',
+        {},
+        { ...env, ZOOID_JWT_SECRET: JWT_SECRET },
+      );
+      expect(res.status).toBe(200);
+      const body = (await res.json()) as Record<string, unknown>;
+      expect(body.name).toBe('My Server');
+      expect(body.description).toBe('Test server');
+      expect(body.tags).toEqual(['ai', 'agents']);
+      expect(body.owner).toBe('tester');
+    });
+
+    it('does not require authentication', async () => {
+      const res = await app.request(
+        '/api/v1/server',
+        {},
+        { ...env, ZOOID_JWT_SECRET: JWT_SECRET },
+      );
+      expect(res.status).toBe(200);
+    });
+  });
+
+  describe('PUT /api/v1/server', () => {
+    it('creates server metadata with admin token', async () => {
+      const res = await authRequest('/api/v1/server', {
+        method: 'PUT',
+        body: JSON.stringify({
+          name: 'My Zooid',
+          description: 'A cool server',
+          tags: ['crypto', 'trading'],
+          owner: 'alice',
+          company: 'Acme',
+          email: 'alice@acme.com',
+        }),
+      });
+
+      expect(res.status).toBe(200);
+      const body = (await res.json()) as Record<string, unknown>;
+      expect(body.name).toBe('My Zooid');
+      expect(body.description).toBe('A cool server');
+      expect(body.tags).toEqual(['crypto', 'trading']);
+      expect(body.owner).toBe('alice');
+      expect(body.company).toBe('Acme');
+      expect(body.email).toBe('alice@acme.com');
+      expect(body.updated_at).toBeTruthy();
+    });
+
+    it('updates existing metadata (upsert)', async () => {
+      await authRequest('/api/v1/server', {
+        method: 'PUT',
+        body: JSON.stringify({ name: 'First Name', owner: 'alice' }),
+      });
+
+      const res = await authRequest('/api/v1/server', {
+        method: 'PUT',
+        body: JSON.stringify({ name: 'Updated Name', owner: 'bob' }),
+      });
+
+      expect(res.status).toBe(200);
+      const body = (await res.json()) as Record<string, unknown>;
+      expect(body.name).toBe('Updated Name');
+      expect(body.owner).toBe('bob');
+    });
+
+    it('rejects without auth', async () => {
+      const res = await app.request(
+        '/api/v1/server',
+        {
+          method: 'PUT',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify({ name: 'No Auth' }),
+        },
+        { ...env, ZOOID_JWT_SECRET: JWT_SECRET },
+      );
+
+      expect(res.status).toBe(401);
+    });
+
+    it('rejects with non-admin token', async () => {
+      const res = await authRequest(
+        '/api/v1/server',
+        {
+          method: 'PUT',
+          body: JSON.stringify({ name: 'No Auth' }),
+        },
+        'publish',
+        'some-channel',
+      );
+
+      expect(res.status).toBe(403);
+    });
+  });
+});