archicore 0.2.0 → 0.2.2

package/dist/server/services/cache.js

@@ -0,0 +1,245 @@
+/**
+ * ArchiCore Redis Cache Service
+ *
+ * Provides caching for API responses to improve performance
+ */
+import Redis from 'ioredis';
+import { Logger } from '../../utils/logger.js';
+const DEFAULT_TTL = 300; // 5 minutes
+const CACHE_PREFIX = 'archicore:';
+class CacheService {
+    client = null;
+    enabled = false;
+    memoryCache = new Map();
+    async connect() {
+        const redisUrl = process.env.REDIS_URL || 'redis://localhost:6379';
+        try {
+            this.client = new Redis(redisUrl, {
+                maxRetriesPerRequest: 3,
+                retryStrategy: (times) => {
+                    if (times > 3) {
+                        Logger.warn('Redis connection failed, using memory cache fallback');
+                        return null;
+                    }
+                    return Math.min(times * 100, 3000);
+                },
+                lazyConnect: true,
+            });
+            await this.client.connect();
+            this.client.on('error', (err) => {
+                Logger.error('Redis error:', err.message);
+                this.enabled = false;
+            });
+            this.client.on('connect', () => {
+                Logger.info('Redis connected');
+                this.enabled = true;
+            });
+            this.client.on('close', () => {
+                Logger.warn('Redis connection closed');
+                this.enabled = false;
+            });
+            // Test connection
+            await this.client.ping();
+            this.enabled = true;
+            Logger.success('Redis cache enabled');
+        }
+        catch (error) {
+            Logger.warn('Redis not available, using memory cache');
+            this.enabled = false;
+            this.client = null;
+        }
+    }
+    getKey(key, prefix) {
+        return `${CACHE_PREFIX}${prefix || ''}${key}`;
+    }
+    /**
+     * Get value from cache
+     */
+    async get(key, prefix) {
+        const fullKey = this.getKey(key, prefix);
+        // Try Redis first
+        if (this.enabled && this.client) {
+            try {
+                const data = await this.client.get(fullKey);
+                if (data) {
+                    return JSON.parse(data);
+                }
+            }
+            catch (error) {
+                Logger.error('Cache get error:', error);
+            }
+        }
+        // Fallback to memory cache
+        const cached = this.memoryCache.get(fullKey);
+        if (cached && cached.expires > Date.now()) {
+            return cached.data;
+        }
+        // Clean up expired entry
+        if (cached) {
+            this.memoryCache.delete(fullKey);
+        }
+        return null;
+    }
+    /**
+     * Set value in cache
+     */
+    async set(key, value, options = {}) {
+        const fullKey = this.getKey(key, options.prefix);
+        const ttl = options.ttl || DEFAULT_TTL;
+        const serialized = JSON.stringify(value);
+        // Try Redis first
+        if (this.enabled && this.client) {
+            try {
+                await this.client.setex(fullKey, ttl, serialized);
+                return;
+            }
+            catch (error) {
+                Logger.error('Cache set error:', error);
+            }
+        }
+        // Fallback to memory cache
+        this.memoryCache.set(fullKey, {
+            data: value,
+            expires: Date.now() + (ttl * 1000),
+        });
+        // Clean up old memory cache entries periodically
+        if (this.memoryCache.size > 1000) {
+            this.cleanupMemoryCache();
+        }
+    }
+    /**
+     * Delete value from cache
+     */
+    async del(key, prefix) {
+        const fullKey = this.getKey(key, prefix);
+        if (this.enabled && this.client) {
+            try {
+                await this.client.del(fullKey);
+            }
+            catch (error) {
+                Logger.error('Cache del error:', error);
+            }
+        }
+        this.memoryCache.delete(fullKey);
+    }
+    /**
+     * Delete all keys matching pattern
+     */
+    async delPattern(pattern) {
+        const fullPattern = this.getKey(pattern);
+        if (this.enabled && this.client) {
+            try {
+                const keys = await this.client.keys(fullPattern);
+                if (keys.length > 0) {
+                    await this.client.del(...keys);
+                }
+            }
+            catch (error) {
+                Logger.error('Cache delPattern error:', error);
+            }
+        }
+        // Clean memory cache matching pattern
+        const regex = new RegExp(fullPattern.replace(/\*/g, '.*'));
+        for (const key of this.memoryCache.keys()) {
+            if (regex.test(key)) {
+                this.memoryCache.delete(key);
+            }
+        }
+    }
+    /**
+     * Clear all cache
+     */
+    async flush() {
+        if (this.enabled && this.client) {
+            try {
+                const keys = await this.client.keys(`${CACHE_PREFIX}*`);
+                if (keys.length > 0) {
+                    await this.client.del(...keys);
+                }
+            }
+            catch (error) {
+                Logger.error('Cache flush error:', error);
+            }
+        }
+        this.memoryCache.clear();
+    }
+    /**
+     * Get or set cache with callback
+     */
+    async getOrSet(key, callback, options = {}) {
+        const cached = await this.get(key, options.prefix);
+        if (cached !== null) {
+            return cached;
+        }
+        const value = await callback();
+        await this.set(key, value, options);
+        return value;
+    }
+    /**
+     * Check if cache is available
+     */
+    isEnabled() {
+        return this.enabled;
+    }
+    /**
+     * Get cache stats
+     */
+    async getStats() {
+        let keys = 0;
+        if (this.enabled && this.client) {
+            try {
+                const allKeys = await this.client.keys(`${CACHE_PREFIX}*`);
+                keys = allKeys.length;
+            }
+            catch (error) {
+                Logger.error('Cache stats error:', error);
+            }
+            return { enabled: true, type: 'redis', keys };
+        }
+        return {
+            enabled: false,
+            type: 'memory',
+            keys: this.memoryCache.size
+        };
+    }
+    /**
+     * Cleanup expired memory cache entries
+     */
+    cleanupMemoryCache() {
+        const now = Date.now();
+        for (const [key, value] of this.memoryCache.entries()) {
+            if (value.expires < now) {
+                this.memoryCache.delete(key);
+            }
+        }
+    }
+    /**
+     * Disconnect from Redis
+     */
+    async disconnect() {
+        if (this.client) {
+            await this.client.quit();
+            this.client = null;
+            this.enabled = false;
+        }
+    }
+}
+// Singleton instance
+export const cache = new CacheService();
+// Cache key generators
+export const cacheKeys = {
+    project: (projectId) => `project:${projectId}`,
+    projectAnalysis: (projectId) => `analysis:${projectId}`,
+    projectMetrics: (projectId) => `metrics:${projectId}`,
+    projectSearch: (projectId, query) => `search:${projectId}:${query}`,
+    user: (userId) => `user:${userId}`,
+    userProjects: (userId) => `user-projects:${userId}`,
+};
+// TTL presets (in seconds)
+export const cacheTTL = {
+    short: 60, // 1 minute
+    medium: 300, // 5 minutes
+    long: 3600, // 1 hour
+    day: 86400, // 24 hours
+};
+//# sourceMappingURL=cache.js.map

package/dist/server/services/database.d.ts

@@ -0,0 +1,43 @@
+/**
+ * PostgreSQL Database Service for ArchiCore
+ *
+ * Connection pooling and schema management
+ */
+import pg from 'pg';
+declare class DatabaseService {
+    private pool;
+    private initialized;
+    private initPromise;
+    /**
+     * Initialize database connection pool
+     */
+    init(): Promise<void>;
+    private _init;
+    /**
+     * Initialize database schema
+     */
+    private initSchema;
+    /**
+     * Check if database is available
+     */
+    isAvailable(): boolean;
+    /**
+     * Get a client from the pool
+     */
+    getClient(): Promise<pg.PoolClient>;
+    /**
+     * Execute a query
+     */
+    query<T extends pg.QueryResultRow = any>(text: string, params?: any[]): Promise<pg.QueryResult<T>>;
+    /**
+     * Execute a transaction
+     */
+    transaction<T>(callback: (client: pg.PoolClient) => Promise<T>): Promise<T>;
+    /**
+     * Close the connection pool
+     */
+    close(): Promise<void>;
+}
+export declare const db: DatabaseService;
+export {};
+//# sourceMappingURL=database.d.ts.map

package/dist/server/services/database.js

@@ -0,0 +1,221 @@
+/**
+ * PostgreSQL Database Service for ArchiCore
+ *
+ * Connection pooling and schema management
+ */
+import pg from 'pg';
+import { Logger } from '../../utils/logger.js';
+const { Pool } = pg;
+// Database schema version for migrations
+const SCHEMA_VERSION = 1;
+// SQL schema for ArchiCore
+const SCHEMA_SQL = `
+-- Users table
+CREATE TABLE IF NOT EXISTS users (
+  id VARCHAR(64) PRIMARY KEY,
+  email VARCHAR(255) UNIQUE NOT NULL,
+  username VARCHAR(100) NOT NULL,
+  password_hash VARCHAR(255),
+  avatar TEXT,
+  tier VARCHAR(20) NOT NULL DEFAULT 'free',
+  provider VARCHAR(20) NOT NULL DEFAULT 'email',
+  provider_id VARCHAR(255),
+  created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
+  last_login_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
+
+  -- Usage tracking (reset daily)
+  requests_today INTEGER DEFAULT 0,
+  full_analysis_today INTEGER DEFAULT 0,
+  projects_today INTEGER DEFAULT 0,
+  usage_reset_date DATE DEFAULT CURRENT_DATE,
+
+  -- Subscription info
+  subscription_id VARCHAR(64),
+  subscription_status VARCHAR(20),
+  subscription_end_date TIMESTAMP WITH TIME ZONE
+);
+
+-- Sessions table
+CREATE TABLE IF NOT EXISTS sessions (
+  token VARCHAR(128) PRIMARY KEY,
+  user_id VARCHAR(64) NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+  expires_at TIMESTAMP WITH TIME ZONE NOT NULL,
+  created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
+);
+
+-- Audit logs table
+CREATE TABLE IF NOT EXISTS audit_logs (
+  id VARCHAR(64) PRIMARY KEY,
+  user_id VARCHAR(64) REFERENCES users(id) ON DELETE SET NULL,
+  username VARCHAR(100),
+  action VARCHAR(50) NOT NULL,
+  severity VARCHAR(20) NOT NULL DEFAULT 'info',
+  ip VARCHAR(45),
+  user_agent TEXT,
+  details JSONB,
+  success BOOLEAN DEFAULT true,
+  error_message TEXT,
+  created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
+);
+
+-- Projects table (for future use)
+CREATE TABLE IF NOT EXISTS projects (
+  id VARCHAR(64) PRIMARY KEY,
+  user_id VARCHAR(64) NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+  name VARCHAR(255) NOT NULL,
+  description TEXT,
+  repo_url TEXT,
+  repo_provider VARCHAR(20),
+  repo_id VARCHAR(255),
+  webhook_secret TEXT,
+  last_analyzed_at TIMESTAMP WITH TIME ZONE,
+  created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
+  updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
+);
+
+-- Schema version tracking
+CREATE TABLE IF NOT EXISTS schema_version (
+  version INTEGER PRIMARY KEY,
+  applied_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
+);
+
+-- Indexes for performance
+CREATE INDEX IF NOT EXISTS idx_sessions_user_id ON sessions(user_id);
+CREATE INDEX IF NOT EXISTS idx_sessions_expires_at ON sessions(expires_at);
+CREATE INDEX IF NOT EXISTS idx_audit_logs_user_id ON audit_logs(user_id);
+CREATE INDEX IF NOT EXISTS idx_audit_logs_action ON audit_logs(action);
+CREATE INDEX IF NOT EXISTS idx_audit_logs_created_at ON audit_logs(created_at);
+CREATE INDEX IF NOT EXISTS idx_projects_user_id ON projects(user_id);
+CREATE INDEX IF NOT EXISTS idx_users_email ON users(email);
+CREATE INDEX IF NOT EXISTS idx_users_provider ON users(provider, provider_id);
+`;
+class DatabaseService {
+    pool = null;
+    initialized = false;
+    initPromise = null;
+    /**
+     * Initialize database connection pool
+     */
+    async init() {
+        if (this.initialized)
+            return;
+        if (this.initPromise)
+            return this.initPromise;
+        this.initPromise = this._init();
+        return this.initPromise;
+    }
+    async _init() {
+        const databaseUrl = process.env.DATABASE_URL;
+        if (!databaseUrl) {
+            Logger.warn('DATABASE_URL not set - using JSON file storage');
+            return;
+        }
+        try {
+            this.pool = new Pool({
+                connectionString: databaseUrl,
+                max: 20, // Maximum pool size
+                idleTimeoutMillis: 30000,
+                connectionTimeoutMillis: 5000,
+            });
+            // Test connection
+            const client = await this.pool.connect();
+            await client.query('SELECT NOW()');
+            client.release();
+            // Initialize schema
+            await this.initSchema();
+            this.initialized = true;
+            Logger.success('PostgreSQL connected with connection pool (max: 20)');
+        }
+        catch (error) {
+            Logger.error('PostgreSQL connection failed:', error);
+            this.pool = null;
+            throw error;
+        }
+    }
+    /**
+     * Initialize database schema
+     */
+    async initSchema() {
+        if (!this.pool)
+            return;
+        try {
+            // Create schema
+            await this.pool.query(SCHEMA_SQL);
+            // Check/update schema version
+            const result = await this.pool.query('SELECT version FROM schema_version ORDER BY version DESC LIMIT 1');
+            if (result.rows.length === 0) {
+                await this.pool.query('INSERT INTO schema_version (version) VALUES ($1)', [SCHEMA_VERSION]);
+                Logger.info(`Database schema initialized (v${SCHEMA_VERSION})`);
+            }
+            else {
+                const currentVersion = result.rows[0].version;
+                if (currentVersion < SCHEMA_VERSION) {
+                    // Run migrations here if needed
+                    await this.pool.query('INSERT INTO schema_version (version) VALUES ($1)', [SCHEMA_VERSION]);
+                    Logger.info(`Database schema migrated to v${SCHEMA_VERSION}`);
+                }
+            }
+        }
+        catch (error) {
+            Logger.error('Schema initialization failed:', error);
+            throw error;
+        }
+    }
+    /**
+     * Check if database is available
+     */
+    isAvailable() {
+        return this.pool !== null && this.initialized;
+    }
+    /**
+     * Get a client from the pool
+     */
+    async getClient() {
+        if (!this.pool) {
+            throw new Error('Database not initialized');
+        }
+        return this.pool.connect();
+    }
+    /**
+     * Execute a query
+     */
+    async query(text, params) {
+        if (!this.pool) {
+            throw new Error('Database not initialized');
+        }
+        return this.pool.query(text, params);
+    }
+    /**
+     * Execute a transaction
+     */
+    async transaction(callback) {
+        const client = await this.getClient();
+        try {
+            await client.query('BEGIN');
+            const result = await callback(client);
+            await client.query('COMMIT');
+            return result;
+        }
+        catch (error) {
+            await client.query('ROLLBACK');
+            throw error;
+        }
+        finally {
+            client.release();
+        }
+    }
+    /**
+     * Close the connection pool
+     */
+    async close() {
+        if (this.pool) {
+            await this.pool.end();
+            this.pool = null;
+            this.initialized = false;
+            Logger.info('Database connection pool closed');
+        }
+    }
+}
+// Export singleton instance
+export const db = new DatabaseService();
+//# sourceMappingURL=database.js.map

package/dist/server/services/encryption.d.ts

@@ -0,0 +1,48 @@
+/**
+ * Encryption Service for ArchiCore
+ *
+ * AES-256-GCM encryption for sensitive data
+ */
+declare class EncryptionService {
+    private key;
+    private initialized;
+    /**
+     * Initialize encryption with key from environment
+     */
+    init(): void;
+    /**
+     * Encrypt a string value
+     */
+    encrypt(plaintext: string): string;
+    /**
+     * Decrypt a string value
+     */
+    decrypt(ciphertext: string): string;
+    /**
+     * Hash a value (one-way, for comparison)
+     */
+    hash(value: string): string;
+    /**
+     * Check if a value is encrypted (starts with valid base64 of correct length)
+     */
+    isEncrypted(value: string): boolean;
+    /**
+     * Encrypt if not already encrypted
+     */
+    ensureEncrypted(value: string): string;
+    /**
+     * Mask sensitive data for logging (show only last 4 chars)
+     */
+    mask(value: string): string;
+    /**
+     * Generate a secure random token
+     */
+    generateToken(length?: number): string;
+    /**
+     * Generate a secure random secret
+     */
+    generateSecret(length?: number): string;
+}
+export declare const encryption: EncryptionService;
+export {};
+//# sourceMappingURL=encryption.d.ts.map

package/dist/server/services/encryption.js

@@ -0,0 +1,148 @@
+/**
+ * Encryption Service for ArchiCore
+ *
+ * AES-256-GCM encryption for sensitive data
+ */
+import crypto from 'crypto';
+import { Logger } from '../../utils/logger.js';
+const ALGORITHM = 'aes-256-gcm';
+const IV_LENGTH = 16;
+const AUTH_TAG_LENGTH = 16;
+// const SALT_LENGTH = 32; // Reserved for future use
+class EncryptionService {
+    key = null;
+    initialized = false;
+    /**
+     * Initialize encryption with key from environment
+     */
+    init() {
+        if (this.initialized)
+            return;
+        const encryptionKey = process.env.ENCRYPTION_KEY;
+        if (!encryptionKey) {
+            Logger.warn('ENCRYPTION_KEY not set - generating temporary key (NOT FOR PRODUCTION)');
+            // Generate a temporary key for development
+            this.key = crypto.randomBytes(32);
+        }
+        else {
+            // Derive key from password using PBKDF2
+            const salt = process.env.ENCRYPTION_SALT || 'archicore-default-salt';
+            this.key = crypto.pbkdf2Sync(encryptionKey, salt, 100000, 32, 'sha256');
+        }
+        this.initialized = true;
+        Logger.info('Encryption service initialized');
+    }
+    /**
+     * Encrypt a string value
+     */
+    encrypt(plaintext) {
+        if (!this.key) {
+            this.init();
+        }
+        try {
+            // Generate random IV
+            const iv = crypto.randomBytes(IV_LENGTH);
+            // Create cipher
+            const cipher = crypto.createCipheriv(ALGORITHM, this.key, iv);
+            // Encrypt
+            let encrypted = cipher.update(plaintext, 'utf8', 'hex');
+            encrypted += cipher.final('hex');
+            // Get auth tag
+            const authTag = cipher.getAuthTag();
+            // Combine: iv + authTag + encrypted
+            const combined = Buffer.concat([
+                iv,
+                authTag,
+                Buffer.from(encrypted, 'hex')
+            ]);
+            return combined.toString('base64');
+        }
+        catch (error) {
+            Logger.error('Encryption failed:', error);
+            throw new Error('Encryption failed');
+        }
+    }
+    /**
+     * Decrypt a string value
+     */
+    decrypt(ciphertext) {
+        if (!this.key) {
+            this.init();
+        }
+        try {
+            // Decode from base64
+            const combined = Buffer.from(ciphertext, 'base64');
+            // Extract components
+            const iv = combined.subarray(0, IV_LENGTH);
+            const authTag = combined.subarray(IV_LENGTH, IV_LENGTH + AUTH_TAG_LENGTH);
+            const encrypted = combined.subarray(IV_LENGTH + AUTH_TAG_LENGTH);
+            // Create decipher
+            const decipher = crypto.createDecipheriv(ALGORITHM, this.key, iv);
+            decipher.setAuthTag(authTag);
+            // Decrypt
+            let decrypted = decipher.update(encrypted);
+            decrypted = Buffer.concat([decrypted, decipher.final()]);
+            return decrypted.toString('utf8');
+        }
+        catch (error) {
+            Logger.error('Decryption failed:', error);
+            throw new Error('Decryption failed');
+        }
+    }
+    /**
+     * Hash a value (one-way, for comparison)
+     */
+    hash(value) {
+        const salt = process.env.ENCRYPTION_SALT || 'archicore-default-salt';
+        return crypto
+            .createHmac('sha256', salt)
+            .update(value)
+            .digest('hex');
+    }
+    /**
+     * Check if a value is encrypted (starts with valid base64 of correct length)
+     */
+    isEncrypted(value) {
+        try {
+            const decoded = Buffer.from(value, 'base64');
+            // Minimum length: IV (16) + AuthTag (16) + at least 1 byte encrypted
+            return decoded.length > IV_LENGTH + AUTH_TAG_LENGTH;
+        }
+        catch {
+            return false;
+        }
+    }
+    /**
+     * Encrypt if not already encrypted
+     */
+    ensureEncrypted(value) {
+        if (this.isEncrypted(value)) {
+            return value;
+        }
+        return this.encrypt(value);
+    }
+    /**
+     * Mask sensitive data for logging (show only last 4 chars)
+     */
+    mask(value) {
+        if (value.length <= 4) {
+            return '****';
+        }
+        return '*'.repeat(value.length - 4) + value.slice(-4);
+    }
+    /**
+     * Generate a secure random token
+     */
+    generateToken(length = 32) {
+        return crypto.randomBytes(length).toString('hex');
+    }
+    /**
+     * Generate a secure random secret
+     */
+    generateSecret(length = 64) {
+        return crypto.randomBytes(length).toString('base64url');
+    }
+}
+// Export singleton instance
+export const encryption = new EncryptionService();
+//# sourceMappingURL=encryption.js.map