ahok-skill 1.3.1

package/dist/server/middleware/auth.js

@@ -0,0 +1,137 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.authenticate_api_request = authenticate_api_request;
+exports.log_authenticated_request = log_authenticated_request;
+const cfg_1 = require("../../core/cfg");
+const crypto_1 = __importDefault(require("crypto"));
+const rate_limit_store = new Map();
+const auth_config = {
+    api_key: cfg_1.env.api_key,
+    api_key_header: "x-api-key",
+    rate_limit_enabled: cfg_1.env.rate_limit_enabled,
+    rate_limit_window_ms: cfg_1.env.rate_limit_window_ms,
+    rate_limit_max_requests: cfg_1.env.rate_limit_max_requests,
+    public_endpoints: [
+        "/health",
+        "/api/system/health",
+        "/api/system/stats",
+        "/dashboard/health",
+        "/auth",
+    ],
+};
+function is_public_endpoint(path) {
+    return auth_config.public_endpoints.some((e) => path === e || path.startsWith(e));
+}
+function extract_api_key(req) {
+    const x_api_key = req.headers[auth_config.api_key_header];
+    if (x_api_key)
+        return x_api_key;
+    const auth_header = req.headers["authorization"];
+    if (auth_header) {
+        if (auth_header.startsWith("Bearer "))
+            return auth_header.slice(7);
+        if (auth_header.startsWith("ApiKey "))
+            return auth_header.slice(7);
+    }
+    return null;
+}
+function validate_api_key(provided, expected) {
+    if (!provided || !expected || provided.length !== expected.length)
+        return false;
+    return crypto_1.default.timingSafeEqual(Buffer.from(provided), Buffer.from(expected));
+}
+function check_rate_limit(client_id) {
+    if (!auth_config.rate_limit_enabled)
+        return { allowed: true, remaining: -1, reset_time: -1 };
+    const now = Date.now();
+    const data = rate_limit_store.get(client_id);
+    if (!data || now >= data.reset_time) {
+        const new_data = {
+            count: 1,
+            reset_time: now + auth_config.rate_limit_window_ms,
+        };
+        rate_limit_store.set(client_id, new_data);
+        return {
+            allowed: true,
+            remaining: auth_config.rate_limit_max_requests - 1,
+            reset_time: new_data.reset_time,
+        };
+    }
+    data.count++;
+    rate_limit_store.set(client_id, data);
+    const remaining = auth_config.rate_limit_max_requests - data.count;
+    return {
+        allowed: data.count <= auth_config.rate_limit_max_requests,
+        remaining: Math.max(0, remaining),
+        reset_time: data.reset_time,
+    };
+}
+function get_client_id(req, api_key) {
+    if (api_key)
+        return crypto_1.default
+            .createHash("sha256")
+            .update(api_key)
+            .digest("hex")
+            .slice(0, 16);
+    return req.ip || req.connection.remoteAddress || "unknown";
+}
+async function authenticate_api_request(req, res, next) {
+    const path = req.path || req.url;
+    if (is_public_endpoint(path))
+        return next();
+    const provided = extract_api_key(req);
+    if (!provided) {
+        return res.status(401).json({
+            error: "authentication_required",
+            message: "API key required",
+        });
+    }
+    // 1. Check master key
+    if (auth_config.api_key && validate_api_key(provided, auth_config.api_key)) {
+        req.user = { user_id: "admin", is_admin: true };
+        return next();
+    }
+    // 2. Check database for individual API keys
+    try {
+        const { q } = require("../../core/db");
+        let user = await q.get_user_by_api_key.get(provided);
+        if (!user) {
+            // Check secondary memory keys
+            user = await q.get_user_by_memory_key.get(provided);
+        }
+        if (user) {
+            // Check usage vs capacity
+            if (user.memory_usage >= user.memory_capacity && req.method === "POST" && path.includes("/memories")) {
+                return res.status(403).json({
+                    error: "capacity_exceeded",
+                    message: "Memory capacity reached. Please upgrade your plan.",
+                });
+            }
+            req.user = user;
+            if (user.key_id) {
+                req.key_id = user.key_id;
+                req.key_label = user.key_label;
+            }
+            return next();
+        }
+    }
+    catch (err) {
+        console.error("[AUTH] Database lookup failed:", err);
+    }
+    return res.status(403).json({ error: "invalid_api_key" });
+}
+function log_authenticated_request(req, res, next) {
+    const key = extract_api_key(req);
+    if (key)
+        console.log(`[AUTH] ${req.method} ${req.path} [${crypto_1.default.createHash("sha256").update(key).digest("hex").slice(0, 8)}...]`);
+    next();
+}
+setInterval(() => {
+    const now = Date.now();
+    for (const [id, data] of rate_limit_store.entries())
+        if (now >= data.reset_time)
+            rate_limit_store.delete(id);
+}, 5 * 60 * 1000);

package/dist/server/routes/auth.js

@@ -0,0 +1,186 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.auth = void 0;
+const db_1 = require("../../core/db");
+const crypto_1 = __importDefault(require("crypto"));
+const stripe_1 = __importDefault(require("stripe"));
+const stripe = new stripe_1.default(process.env.STRIPE_SECRET_KEY || "", {
+    apiVersion: "2025-01-27.acacia",
+});
+const backend_1 = require("@clerk/backend");
+const clerk = (0, backend_1.createClerkClient)({ secretKey: process.env.CLERK_SECRET_KEY });
+const auth = (app) => {
+    // Sync user from Clerk with JWT verification
+    app.post("/auth/clerk-sync", async (req, res) => {
+        try {
+            const token = req.headers.authorization?.replace("Bearer ", "");
+            if (!token)
+                return res.status(401).json({ error: "No token provided" });
+            const session = await (0, backend_1.verifyToken)(token, { secretKey: process.env.CLERK_SECRET_KEY });
+            const clerk_id = session.sub;
+            const { email } = req.body;
+            let user = await db_1.q.get_user_by_clerk_id.get(clerk_id);
+            if (!user) {
+                // Create new user
+                const user_id = crypto_1.default.randomUUID();
+                const api_key = `opm_${crypto_1.default.randomBytes(24).toString("hex")}`;
+                // Create Stripe customer
+                let stripe_customer_id = "";
+                try {
+                    const customer = await stripe.customers.create({
+                        email,
+                        metadata: { clerk_id, user_id },
+                    });
+                    stripe_customer_id = customer.id;
+                }
+                catch (e) {
+                    console.error("[STRIPE] Customer creation failed:", e);
+                }
+                await db_1.q.ins_user.run(user_id, clerk_id, api_key, stripe_customer_id, null, // subscription_id
+                1000, // default capacity
+                0, // current usage
+                "", // summary
+                0, // reflection_count
+                Date.now(), Date.now());
+                user = await db_1.q.get_user_by_clerk_id.get(clerk_id);
+            }
+            else if (!user.stripe_customer_id && email) {
+                // Backward compatibility: create Stripe customer for existing user
+                try {
+                    const customer = await stripe.customers.create({
+                        email,
+                        metadata: { clerk_id: user.clerk_id, user_id: user.user_id },
+                    });
+                    await db_1.q.upd_user_billing.run(user.user_id, customer.id, user.stripe_subscription_id, user.memory_capacity, Date.now());
+                    user.stripe_customer_id = customer.id;
+                    console.log(`[STRIPE] Fixed missing customer for ${clerk_id}`);
+                }
+                catch (e) {
+                    console.error("[STRIPE] Customer repair failed:", e);
+                }
+            }
+            res.json(user);
+        }
+        catch (err) {
+            console.error("[AUTH] Clerk Sync Error:", err);
+            res.status(500).json({ error: err.message, stack: err.stack });
+        }
+    });
+    // Create Stripe Checkout Session with JWT verification
+    app.post("/auth/create-checkout", async (req, res) => {
+        try {
+            const token = req.headers.authorization?.replace("Bearer ", "");
+            if (!token)
+                return res.status(401).json({ error: "No token provided" });
+            const clerkSession = await (0, backend_1.verifyToken)(token, { secretKey: process.env.CLERK_SECRET_KEY });
+            const clerk_id = clerkSession.sub;
+            const { plan } = req.body;
+            const user = await db_1.q.get_user_by_clerk_id.get(clerk_id);
+            if (!user)
+                return res.status(404).json({ error: "User not found" });
+            const priceMap = {
+                "pro": 2000, // $20.00
+                "enterprise": 10000, // $100.00
+            };
+            const checkoutOptions = {
+                payment_method_types: ["card"],
+                line_items: [{
+                        price_data: {
+                            currency: "usd",
+                            product_data: {
+                                name: `OpenMemory ${plan.toUpperCase()} Plan`,
+                            },
+                            unit_amount: priceMap[plan] || 2000,
+                            recurring: { interval: "month" },
+                        },
+                        quantity: 1,
+                    }],
+                mode: "subscription",
+                success_url: `${process.env.DASHBOARD_URL}/success?session_id={CHECKOUT_SESSION_ID}`,
+                cancel_url: `${process.env.DASHBOARD_URL}/cancel`,
+                metadata: { clerk_id, plan },
+            };
+            if (user.stripe_customer_id) {
+                checkoutOptions.customer = user.stripe_customer_id;
+            }
+            else {
+                // Should have been fixed by clerk-sync, but use email as fallback
+                const clerkUser = await clerk.users.getUser(clerk_id);
+                checkoutOptions.customer_email = clerkUser.emailAddresses[0]?.emailAddress;
+            }
+            const session = await stripe.checkout.sessions.create(checkoutOptions);
+            res.json({ url: session.url });
+        }
+        catch (err) {
+            console.error("[STRIPE] Checkout Error:", err);
+            res.status(500).json({ error: err.message, stack: err.stack });
+        }
+    });
+    // Create Stripe Customer Portal Session
+    app.post("/auth/create-portal", async (req, res) => {
+        try {
+            const token = req.headers.authorization?.replace("Bearer ", "");
+            if (!token)
+                return res.status(401).json({ error: "No token provided" });
+            const clerkSession = await (0, backend_1.verifyToken)(token, { secretKey: process.env.CLERK_SECRET_KEY });
+            const clerk_id = clerkSession.sub;
+            const user = await db_1.q.get_user_by_clerk_id.get(clerk_id);
+            if (!user || !user.stripe_customer_id) {
+                return res.status(400).json({ error: "User or customer not found" });
+            }
+            const session = await stripe.billingPortal.sessions.create({
+                customer: user.stripe_customer_id,
+                return_url: `${process.env.DASHBOARD_URL}/dashboard`,
+            });
+            res.json({ url: session.url });
+        }
+        catch (err) {
+            console.error("[STRIPE] Portal Error:", err);
+            res.status(500).json({ error: err.message });
+        }
+    });
+    // Stripe Webhook
+    app.post("/auth/stripe-webhook", async (req, res) => {
+        const sig = req.headers["stripe-signature"];
+        let event;
+        try {
+            event = stripe.webhooks.constructEvent(req.rawBody || JSON.stringify(req.body), sig, process.env.STRIPE_WEBHOOK_SECRET || "");
+        }
+        catch (err) {
+            return res.status(400).send(`Webhook Error: ${err.message}`);
+        }
+        if (event.type === "checkout.session.completed") {
+            const session = event.data.object;
+            const clerk_id = session.metadata?.clerk_id;
+            const plan = session.metadata?.plan;
+            if (clerk_id) {
+                const user = await db_1.q.get_user_by_clerk_id.get(clerk_id);
+                if (user) {
+                    const capacityMap = {
+                        "pro": 50000,
+                        "enterprise": 1000000,
+                    };
+                    const new_capacity = capacityMap[plan] || 50000;
+                    await db_1.q.upd_user_billing.run(user.user_id, user.stripe_customer_id, session.subscription, new_capacity, Date.now());
+                    console.log(`[STRIPE] Updated capacity for ${clerk_id} to ${new_capacity}`);
+                }
+            }
+        }
+        else if (event.type === "customer.subscription.deleted") {
+            const subscription = event.data.object;
+            const customer_id = subscription.customer;
+            // Downgrade user to free tier
+            const user = await db_1.q.get_user_by_stripe_customer_id.get(customer_id);
+            if (user) {
+                await db_1.q.upd_user_billing.run(user.user_id, user.stripe_customer_id, null, 1000, // back to free tier
+                Date.now());
+                console.log(`[STRIPE] Downgraded ${user.clerk_id} to free tier`);
+            }
+        }
+        res.json({ received: true });
+    });
+};
+exports.auth = auth;

package/dist/server/routes/compression.js

@@ -0,0 +1,108 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.compression = compression;
+const compress_1 = require("../../ops/compress");
+function compression(app) {
+    app.post("/api/compression/compress", async (req, res) => {
+        try {
+            const { text, algorithm } = req.body;
+            if (!text)
+                return res.status(400).json({ error: "text required" });
+            let r;
+            if (algorithm &&
+                ["semantic", "syntactic", "aggressive"].includes(algorithm)) {
+                r = compress_1.compressionEngine.compress(text, algorithm);
+            }
+            else {
+                r = compress_1.compressionEngine.auto(text);
+            }
+            res.json({ ok: true, comp: r.comp, m: r.metrics, hash: r.hash });
+        }
+        catch (e) {
+            res.status(500).json({ error: e.message });
+        }
+    });
+    app.post("/api/compression/batch", async (req, res) => {
+        try {
+            const { texts, algorithm = "semantic" } = req.body;
+            if (!Array.isArray(texts))
+                return res.status(400).json({ error: "texts must be array" });
+            if (!["semantic", "syntactic", "aggressive"].includes(algorithm))
+                return res.status(400).json({ error: "invalid algo" });
+            const r = compress_1.compressionEngine.batch(texts, algorithm);
+            res.json({
+                ok: true,
+                results: r.map((x) => ({
+                    comp: x.comp,
+                    m: x.metrics,
+                    hash: x.hash,
+                })),
+                total: r.reduce((s, x) => s + x.metrics.saved, 0),
+            });
+        }
+        catch (e) {
+            res.status(500).json({ error: e.message });
+        }
+    });
+    app.post("/api/compression/analyze", async (req, res) => {
+        try {
+            const { text } = req.body;
+            if (!text)
+                return res.status(400).json({ error: "text required" });
+            const a = compress_1.compressionEngine.analyze(text);
+            let best = "semantic";
+            let max = 0;
+            for (const [algo, m] of Object.entries(a)) {
+                const met = m;
+                if (met.pct > max) {
+                    max = met.pct;
+                    best = algo;
+                }
+            }
+            res.json({
+                ok: true,
+                analysis: a,
+                rec: {
+                    algo: best,
+                    save: a[best].pct.toFixed(2) + "%",
+                    lat: a[best].latency.toFixed(2) + "ms",
+                },
+            });
+        }
+        catch (e) {
+            res.status(500).json({ error: e.message });
+        }
+    });
+    app.get("/api/compression/stats", async (req, res) => {
+        try {
+            const s = compress_1.compressionEngine.getStats();
+            res.json({
+                ok: true,
+                stats: {
+                    ...s,
+                    avgRatio: (s.avgRatio * 100).toFixed(2) + "%",
+                    totalPct: s.ogTok > 0
+                        ? ((s.saved / s.ogTok) * 100).toFixed(2) + "%"
+                        : "0%",
+                    lat: s.latency.toFixed(2) + "ms",
+                    avgLat: s.total > 0
+                        ? (s.latency / s.total).toFixed(2) + "ms"
+                        : "0ms",
+                },
+            });
+        }
+        catch (e) {
+            res.status(500).json({ error: e.message });
+        }
+    });
+    app.post("/api/compression/reset", async (req, res) => {
+        try {
+            compress_1.compressionEngine.reset();
+            compress_1.compressionEngine.clear();
+            res.json({ ok: true, msg: "reset done" });
+        }
+        catch (e) {
+            res.status(500).json({ error: e.message });
+        }
+    });
+}