auramaxx 0.0.1

package/src/app/api/workspace/[id]/apps/[wid]/route.ts

@@ -0,0 +1,119 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { PrismaClient } from '@prisma/client';
+import { requireWorkspaceAdmin } from '../../../auth';
+
+const prisma = new PrismaClient();
+
+// PATCH /api/workspace/[id]/apps/[wid] - Update app
+export async function PATCH(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string; wid: string }> }
+) {
+  try {
+    const unauthorized = await requireWorkspaceAdmin(request);
+    if (unauthorized) return unauthorized;
+
+    const { id: workspaceId, wid: appId } = await params;
+    const body = await request.json();
+    const { x, y, width, height, zIndex, isVisible, isLocked, config } = body;
+
+    // Verify app exists and belongs to workspace
+    const existing = await prisma.workspaceApp.findUnique({
+      where: { id: appId },
+    });
+
+    if (!existing) {
+      return NextResponse.json(
+        { success: false, error: 'App not found' },
+        { status: 404 }
+      );
+    }
+
+    if (existing.workspaceId !== workspaceId) {
+      return NextResponse.json(
+        { success: false, error: 'App does not belong to this workspace' },
+        { status: 400 }
+      );
+    }
+
+    const updateData: Record<string, unknown> = {};
+    if (x !== undefined) updateData.x = x;
+    if (y !== undefined) updateData.y = y;
+    if (width !== undefined) updateData.width = width;
+    if (height !== undefined) updateData.height = height;
+    if (zIndex !== undefined) updateData.zIndex = zIndex;
+    if (isVisible !== undefined) updateData.isVisible = isVisible;
+    if (isLocked !== undefined) updateData.isLocked = isLocked;
+    if (config !== undefined) updateData.config = JSON.stringify(config);
+
+    const app = await prisma.workspaceApp.update({
+      where: { id: appId },
+      data: updateData,
+    });
+
+    return NextResponse.json({
+      success: true,
+      app: {
+        id: app.id,
+        workspaceId: app.workspaceId,
+        appType: app.appType,
+        x: app.x,
+        y: app.y,
+        width: app.width,
+        height: app.height,
+        zIndex: app.zIndex,
+        isVisible: app.isVisible,
+        isLocked: app.isLocked,
+        config: app.config ? JSON.parse(app.config) : null,
+      },
+    });
+  } catch (error) {
+    console.error('Failed to update app:', error);
+    return NextResponse.json(
+      { success: false, error: 'Failed to update app' },
+      { status: 500 }
+    );
+  }
+}
+
+// DELETE /api/workspace/[id]/apps/[wid] - Remove app
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string; wid: string }> }
+) {
+  try {
+    const unauthorized = await requireWorkspaceAdmin(request);
+    if (unauthorized) return unauthorized;
+
+    const { id: workspaceId, wid: appId } = await params;
+
+    // Verify app exists and belongs to workspace
+    const existing = await prisma.workspaceApp.findUnique({
+      where: { id: appId },
+    });
+
+    if (!existing) {
+      return NextResponse.json(
+        { success: false, error: 'App not found' },
+        { status: 404 }
+      );
+    }
+
+    if (existing.workspaceId !== workspaceId) {
+      return NextResponse.json(
+        { success: false, error: 'App does not belong to this workspace' },
+        { status: 400 }
+      );
+    }
+
+    await prisma.workspaceApp.delete({ where: { id: appId } });
+
+    return NextResponse.json({ success: true });
+  } catch (error) {
+    console.error('Failed to delete app:', error);
+    return NextResponse.json(
+      { success: false, error: 'Failed to delete app' },
+      { status: 500 }
+    );
+  }
+}

package/src/app/api/workspace/[id]/apps/route.ts

@@ -0,0 +1,81 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { PrismaClient } from '@prisma/client';
+import { requireWorkspaceAdmin } from '../../auth';
+
+const prisma = new PrismaClient();
+
+// POST /api/workspace/[id]/apps - Add app to workspace
+export async function POST(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> }
+) {
+  try {
+    const unauthorized = await requireWorkspaceAdmin(request);
+    if (unauthorized) return unauthorized;
+
+    const { id: workspaceId } = await params;
+    const body = await request.json();
+    const { appType, x, y, width, height, zIndex, isVisible, isLocked, config } = body;
+
+    if (!appType) {
+      return NextResponse.json(
+        { success: false, error: 'appType is required' },
+        { status: 400 }
+      );
+    }
+
+    // Verify workspace exists
+    const workspace = await prisma.workspace.findUnique({ where: { id: workspaceId } });
+    if (!workspace) {
+      return NextResponse.json(
+        { success: false, error: 'Workspace not found' },
+        { status: 404 }
+      );
+    }
+
+    // Get max zIndex for this workspace
+    const maxZ = await prisma.workspaceApp.aggregate({
+      where: { workspaceId },
+      _max: { zIndex: true },
+    });
+    const newZIndex = zIndex ?? (maxZ._max.zIndex ?? 9) + 1;
+
+    const app = await prisma.workspaceApp.create({
+      data: {
+        workspaceId,
+        appType,
+        x: x ?? 20,
+        y: y ?? 20,
+        width: width ?? 320,
+        height: height ?? 280,
+        zIndex: newZIndex,
+        isVisible: isVisible ?? true,
+        isLocked: isLocked ?? false,
+        config: config ? JSON.stringify(config) : null,
+      },
+    });
+
+    return NextResponse.json({
+      success: true,
+      app: {
+        id: app.id,
+        workspaceId: app.workspaceId,
+        appType: app.appType,
+        x: app.x,
+        y: app.y,
+        width: app.width,
+        height: app.height,
+        zIndex: app.zIndex,
+        isVisible: app.isVisible,
+        isLocked: app.isLocked,
+        config: app.config ? JSON.parse(app.config) : null,
+      },
+    });
+  } catch (error) {
+    console.error('Failed to add app:', error);
+    return NextResponse.json(
+      { success: false, error: 'Failed to add app' },
+      { status: 500 }
+    );
+  }
+}

package/src/app/api/workspace/[id]/export/route.ts

@@ -0,0 +1,67 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { PrismaClient } from '@prisma/client';
+import { requireWorkspaceAdmin } from '../../auth';
+
+const prisma = new PrismaClient();
+
+// GET /api/workspace/[id]/export - Export workspace as JSON
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> }
+) {
+  try {
+    const unauthorized = await requireWorkspaceAdmin(request);
+    if (unauthorized) return unauthorized;
+
+    const { id } = await params;
+
+    const workspace = await prisma.workspace.findUnique({
+      where: { id },
+      include: {
+        apps: true,
+      },
+    });
+
+    if (!workspace) {
+      return NextResponse.json(
+        { success: false, error: 'Workspace not found' },
+        { status: 404 }
+      );
+    }
+
+    const exportData = {
+      version: 1,
+      exportedAt: new Date().toISOString(),
+      workspace: {
+        name: workspace.name,
+        slug: workspace.slug,
+        icon: workspace.icon,
+        order: workspace.order,
+        isDefault: workspace.isDefault,
+        isCloseable: workspace.isCloseable,
+      },
+      apps: workspace.apps.map((w: any) => ({
+        appType: w.appType,
+        x: w.x,
+        y: w.y,
+        width: w.width,
+        height: w.height,
+        zIndex: w.zIndex,
+        isVisible: w.isVisible,
+        isLocked: w.isLocked,
+        config: w.config ? JSON.parse(w.config) : null,
+      })),
+    };
+
+    return NextResponse.json({
+      success: true,
+      data: exportData,
+    });
+  } catch (error) {
+    console.error('Failed to export workspace:', error);
+    return NextResponse.json(
+      { success: false, error: 'Failed to export workspace' },
+      { status: 500 }
+    );
+  }
+}

package/src/app/api/workspace/[id]/route.ts

@@ -0,0 +1,168 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { PrismaClient } from '@prisma/client';
+import { requireWorkspaceAdmin } from '../auth';
+
+const prisma = new PrismaClient();
+
+// GET /api/workspace/[id] - Get workspace with apps
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> }
+) {
+  try {
+    const unauthorized = await requireWorkspaceAdmin(request);
+    if (unauthorized) return unauthorized;
+
+    const { id } = await params;
+
+    const workspace = await prisma.workspace.findUnique({
+      where: { id },
+      include: {
+        apps: {
+          orderBy: { zIndex: 'asc' },
+        },
+      },
+    });
+
+    if (!workspace) {
+      return NextResponse.json(
+        { success: false, error: 'Workspace not found' },
+        { status: 404 }
+      );
+    }
+
+    return NextResponse.json({
+      success: true,
+      workspace: {
+        id: workspace.id,
+        name: workspace.name,
+        slug: workspace.slug,
+        icon: workspace.icon,
+        order: workspace.order,
+        isDefault: workspace.isDefault,
+        isCloseable: workspace.isCloseable,
+      },
+      apps: workspace.apps.map((w: any) => ({
+        id: w.id,
+        workspaceId: w.workspaceId,
+        appType: w.appType,
+        x: w.x,
+        y: w.y,
+        width: w.width,
+        height: w.height,
+        zIndex: w.zIndex,
+        isVisible: w.isVisible,
+        isLocked: w.isLocked,
+        config: w.config ? JSON.parse(w.config) : null,
+      })),
+    });
+  } catch (error) {
+    console.error('Failed to get workspace:', error);
+    return NextResponse.json(
+      { success: false, error: 'Failed to get workspace' },
+      { status: 500 }
+    );
+  }
+}
+
+// PATCH /api/workspace/[id] - Update workspace
+export async function PATCH(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> }
+) {
+  try {
+    const unauthorized = await requireWorkspaceAdmin(request);
+    if (unauthorized) return unauthorized;
+
+    const { id } = await params;
+    const body = await request.json();
+    const { name, icon, order, isDefault, isCloseable } = body;
+
+    // Check if workspace exists
+    const existing = await prisma.workspace.findUnique({ where: { id } });
+    if (!existing) {
+      return NextResponse.json(
+        { success: false, error: 'Workspace not found' },
+        { status: 404 }
+      );
+    }
+
+    // If setting as default, unset existing default
+    if (isDefault) {
+      await prisma.workspace.updateMany({
+        where: { isDefault: true, id: { not: id } },
+        data: { isDefault: false },
+      });
+    }
+
+    const workspace = await prisma.workspace.update({
+      where: { id },
+      data: {
+        name: name ?? existing.name,
+        icon: icon ?? existing.icon,
+        order: order ?? existing.order,
+        isDefault: isDefault ?? existing.isDefault,
+        isCloseable: isCloseable ?? existing.isCloseable,
+      },
+    });
+
+    return NextResponse.json({
+      success: true,
+      workspace: {
+        id: workspace.id,
+        name: workspace.name,
+        slug: workspace.slug,
+        icon: workspace.icon,
+        order: workspace.order,
+        isDefault: workspace.isDefault,
+        isCloseable: workspace.isCloseable,
+      },
+    });
+  } catch (error) {
+    console.error('Failed to update workspace:', error);
+    return NextResponse.json(
+      { success: false, error: 'Failed to update workspace' },
+      { status: 500 }
+    );
+  }
+}
+
+// DELETE /api/workspace/[id] - Delete workspace
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> }
+) {
+  try {
+    const unauthorized = await requireWorkspaceAdmin(request);
+    if (unauthorized) return unauthorized;
+
+    const { id } = await params;
+
+    // Check if workspace exists and is closeable
+    const workspace = await prisma.workspace.findUnique({ where: { id } });
+    if (!workspace) {
+      return NextResponse.json(
+        { success: false, error: 'Workspace not found' },
+        { status: 404 }
+      );
+    }
+
+    if (!workspace.isCloseable) {
+      return NextResponse.json(
+        { success: false, error: 'Cannot delete non-closeable workspace' },
+        { status: 400 }
+      );
+    }
+
+    // Cascade delete will remove apps
+    await prisma.workspace.delete({ where: { id } });
+
+    return NextResponse.json({ success: true });
+  } catch (error) {
+    console.error('Failed to delete workspace:', error);
+    return NextResponse.json(
+      { success: false, error: 'Failed to delete workspace' },
+      { status: 500 }
+    );
+  }
+}

package/src/app/api/workspace/auth.ts

@@ -0,0 +1,40 @@
+import { NextRequest, NextResponse } from 'next/server';
+
+const WALLET_API = process.env.WALLET_SERVER_URL || 'http://localhost:4242';
+
+/**
+ * Validate admin access with explicit token validation.
+ * This must never trust public endpoints like GET /setup.
+ */
+async function validateAdmin(authHeader: string | null): Promise<boolean> {
+  if (!authHeader) return false;
+  const [scheme, token] = authHeader.trim().split(/\s+/, 2);
+  if (!scheme || scheme.toLowerCase() !== 'bearer' || !token) return false;
+
+  try {
+    const resp = await fetch(`${WALLET_API}/auth/validate`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ token }),
+      cache: 'no-store',
+    });
+    if (!resp.ok) return false;
+    const data = await resp.json() as { valid?: boolean; isAdmin?: boolean };
+    return data.valid === true && data.isAdmin === true;
+  } catch {
+    return false;
+  }
+}
+
+export async function requireWorkspaceAdmin(
+  request: NextRequest
+): Promise<NextResponse | null> {
+  const authHeader = request.headers.get('authorization');
+  const isAdmin = await validateAdmin(authHeader);
+  if (isAdmin) return null;
+
+  return NextResponse.json(
+    { success: false, error: 'Admin access required' },
+    { status: 403 }
+  );
+}

package/src/app/api/workspace/config/route.ts

@@ -0,0 +1,121 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { PrismaClient } from '@prisma/client';
+import { requireWorkspaceAdmin } from '../auth';
+
+const prisma = new PrismaClient();
+
+type ParsedChainConfig = AppConfigData & Record<string, ChainConfig>;
+
+function parseChainConfig(raw?: string | null): ParsedChainConfig {
+  if (!raw) return {};
+  try {
+    const parsed = JSON.parse(raw);
+    if (parsed && typeof parsed === 'object') {
+      return parsed;
+    }
+  } catch (error) {
+    console.warn('Invalid AppConfig.chainConfig JSON, falling back to empty overrides:', error);
+  }
+  return {};
+}
+
+export interface ChainConfig {
+  rpc: string;
+  chainId: number;
+  explorer: string;
+}
+
+export interface AppConfigData {
+  chainOverrides?: Record<string, ChainConfig>;
+}
+
+// GET /api/workspace/config - Get global app configuration
+export async function GET(request: NextRequest) {
+  try {
+    const unauthorized = await requireWorkspaceAdmin(request);
+    if (unauthorized) return unauthorized;
+
+    const config = await prisma.appConfig.findUnique({
+      where: { id: 'global' },
+    });
+
+    if (!config) {
+      return NextResponse.json({
+        success: true,
+        config: { chainOverrides: {} },
+      });
+    }
+
+    const chainConfig = parseChainConfig(config.chainConfig);
+
+    return NextResponse.json({
+      success: true,
+      config: {
+        // Handle both old format (direct overrides) and new format (nested)
+        chainOverrides: chainConfig.chainOverrides || chainConfig,
+      },
+    });
+  } catch (error) {
+    console.error('Failed to get app config:', error);
+    return NextResponse.json(
+      { success: false, error: 'Failed to get app config' },
+      { status: 500 }
+    );
+  }
+}
+
+// POST /api/workspace/config - Update global app configuration
+export async function POST(request: NextRequest) {
+  try {
+    const unauthorized = await requireWorkspaceAdmin(request);
+    if (unauthorized) return unauthorized;
+
+    const body = await request.json();
+    const { chainOverrides } = body as AppConfigData;
+
+    // Validate chain overrides if provided
+    if (chainOverrides) {
+      for (const [chain, config] of Object.entries(chainOverrides)) {
+        if (!config.rpc || typeof config.rpc !== 'string') {
+          return NextResponse.json(
+            { success: false, error: `Invalid RPC for chain ${chain}` },
+            { status: 400 }
+          );
+        }
+        if (!config.chainId || typeof config.chainId !== 'number') {
+          return NextResponse.json(
+            { success: false, error: `Invalid chainId for chain ${chain}` },
+            { status: 400 }
+          );
+        }
+      }
+    }
+
+    // Upsert the global config
+    const updated = await prisma.appConfig.upsert({
+      where: { id: 'global' },
+      create: {
+        id: 'global',
+        chainConfig: JSON.stringify(chainOverrides || {}),
+      },
+      update: {
+        chainConfig: JSON.stringify(chainOverrides || {}),
+      },
+    });
+
+    const parsedConfig = parseChainConfig(updated.chainConfig ?? undefined);
+
+    return NextResponse.json({
+      success: true,
+      config: {
+        chainOverrides: parsedConfig,
+      },
+    });
+  } catch (error) {
+    console.error('Failed to update app config:', error);
+    return NextResponse.json(
+      { success: false, error: 'Failed to update app config' },
+      { status: 500 }
+    );
+  }
+}