backend-manager 5.0.75 → 5.0.77

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "backend-manager",
-  "version": "5.0.75",
+  "version": "5.0.77",
   "description": "Quick tools for developing Firebase functions",
   "main": "src/manager/index.js",
   "bin": {
@@ -74,7 +74,6 @@
     "npm-api": "^1.0.1",
     "paypal-server-api": "^2.0.14",
     "pushid": "^1.0.0",
-    "resolve-account": "^1.0.26",
     "shortid": "^2.2.17",
     "uid-generator": "^2.0.0",
     "uuid": "^9.0.1",

package/src/manager/cron/daily/ghostii-auto-publisher.js

@@ -16,7 +16,6 @@ const USER_AGENT = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
 
 // State
 let postId;
-let appObject;
 
 /**
  * Ghostii Auto Publisher cron job
@@ -30,11 +29,8 @@ module.exports = async ({ Manager, assistant, context, libraries }) => {
   // Set post ID
   postId = moment().unix();
 
-  // Get app content
-  appObject = await getAppData(Manager.config.app.id).catch((e) => e);
-  if (appObject instanceof Error) {
-    throw appObject;
-  }
+  // Build app object from local config
+  const appObject = buildAppObject(Manager.config);
 
   // Log
   assistant.log('App object', appObject);
@@ -44,8 +40,6 @@ module.exports = async ({ Manager, assistant, context, libraries }) => {
 
   // Loop through each item
   for (const settings of settingsArray) {
-    const appId = settings.app || appObject.id;
-
     // Fix settings
     settings.articles = settings.articles || 0;
     settings.sources = randomize(settings.sources || []);
@@ -53,16 +47,23 @@ module.exports = async ({ Manager, assistant, context, libraries }) => {
     settings.prompt = settings.prompt || '';
     settings.chance = settings.chance || 1.0;
     settings.author = settings.author || undefined;
-    settings.app = await getAppData(appId).catch((e) => e);
 
-    // Check for errors
-    if (settings.app instanceof Error) {
-      assistant.error('Error fetching app data', settings.app);
-      continue;
+    // Resolve app data for this ghostii item
+    if (settings.app && settings.appUrl) {
+      // Cross-app: fetch from the other project's /app endpoint
+      settings.app = await fetchRemoteApp(settings.appUrl).catch((e) => e);
+
+      if (settings.app instanceof Error) {
+        assistant.error('Error fetching remote app data', settings.app);
+        continue;
+      }
+    } else {
+      // Same-app: use local config
+      settings.app = appObject;
     }
 
     // Log
-    assistant.log(`Settings (app=${appId})`, settings);
+    assistant.log(`Settings (app=${settings.app.id})`, settings);
 
     // Quit if articles are disabled
     if (!settings.articles || !settings.sources.length) {
@@ -88,6 +89,35 @@ module.exports = async ({ Manager, assistant, context, libraries }) => {
   }
 };
 
+/**
+ * Build app object from Manager.config (same shape as getApp response)
+ */
+function buildAppObject(config) {
+  return {
+    id: config.app?.id,
+    name: config.brand?.name,
+    brand: {
+      description: config.brand?.description || '',
+    },
+    url: config.brand?.url,
+    github: {
+      user: config.github?.user,
+      repo: (config.github?.repo_website || '').split('/').pop(),
+    },
+  };
+}
+
+/**
+ * Fetch app data from a remote BEM project's /app endpoint
+ */
+function fetchRemoteApp(appUrl) {
+  return fetch(`${appUrl}/backend-manager/app`, {
+    timeout: 30000,
+    tries: 3,
+    response: 'json',
+  });
+}
+
 async function harvest(assistant, settings) {
   const date = moment().format('MMMM YYYY');
 
@@ -151,18 +181,6 @@ async function harvest(assistant, settings) {
   }
 }
 
-function getAppData(id) {
-  return fetch('https://us-central1-itw-creative-works.cloudfunctions.net/getApp', {
-    method: 'post',
-    timeout: 30000,
-    tries: 3,
-    response: 'json',
-    body: {
-      id: id,
-    },
-  });
-}
-
 function getURLContent(url) {
   return fetch(url, {
     timeout: 30000,

package/src/manager/functions/core/actions/api/firebase/get-providers.js

@@ -1,4 +1,3 @@
-const fetch = require('wonderful-fetch');
 const { merge } = require('lodash');
 
 function Module() {
@@ -8,9 +7,7 @@ function Module() {
 Module.prototype.main = function () {
   const self = this;
   const Manager = self.Manager;
-  const Api = self.Api;
   const assistant = self.assistant;
-  const payload = self.payload;
 
   return new Promise(async function(resolve, reject) {
     const defaultProviders = {
@@ -40,14 +37,8 @@ Module.prototype.main = function () {
       },
     }
 
-    // Get app
-    const appObject = await self.getAppObject();
-    if (appObject instanceof Error) {
-      return reject(assistant.errorify(`Failed to get app object: ${appObject}`, {code: 500}));
-    }
-
-    // Merge the default providers with the app providers
-    const providers = merge(defaultProviders, appObject.authentication);
+    // Merge the default providers with the config providers
+    const providers = merge(defaultProviders, Manager.config.authentication || {});
 
     // Reformat the object so it's just provider=true/false
     const finalProviders = {};
@@ -64,39 +55,4 @@ Module.prototype.main = function () {
 
 };
 
-// Get app object
-Module.prototype.getAppObject = function () {
-  const self = this;
-
-  const Manager = self.Manager;
-  const Api = self.Api;
-  const assistant = self.assistant;
-  const payload = self.payload;
-
-  return new Promise(async function(resolve, reject) {
-    const id = Manager.config.app.id;
-
-    // Get the app settings
-    fetch(`https://us-central1-itw-creative-works.cloudfunctions.net/getApp`, {
-      method: 'post',
-      response: 'json',
-      body: {
-        id: id,
-      }
-    })
-    .then((r) => {
-      assistant.log('getAppObject(): Response', r);
-
-      // If data is missing, return an error
-      if (!r) {
-        throw new Error(`App with id ${id} not found`);
-      }
-
-      // Return the app object
-      return resolve(r);
-    })
-    .catch(e => reject(e));
-  });
-};
-
 module.exports = Module;

package/src/manager/functions/core/actions/api/general/send-email.js

@@ -49,7 +49,7 @@ Module.prototype.main = function () {
     }
 
     const storage = Manager.storage({temporary: true});
-    const ipPath = ['api:general:send-email', 'ips', assistant.request.geolocation.ip];
+    const ipPath = ['api:general:send-email', 'ips', assistant.request.geolocation.ip || 'unknown'];
     const emailPath = ['api:general:send-email', 'emails', payload.data.payload.email];
 
     const ipData = storage.get(ipPath).value() || {};

package/src/manager/functions/core/actions/api/special/setup-electron-manager-client.js

@@ -1,3 +1,6 @@
+const path = require('path');
+const { buildPublicConfig } = require(path.join(__dirname, '..', '..', '..', '..', '..', 'routes', 'app', 'get.js'));
+
 function Module() {
 
 }
@@ -11,10 +14,7 @@ Module.prototype.main = function () {
 
   return new Promise(async function(resolve, reject) {
 
-    const fetch = Manager.require('wonderful-fetch');
-
     let uid = payload.data.payload.uid;
-    const app = payload.data.payload.appId || payload.data.payload.app || Manager.config.app.id;
     let config = payload.data.payload.config || {};
 
     let uuid = null;
@@ -68,32 +68,17 @@ Module.prototype.main = function () {
       config = {};
     }
 
-    // Fetch app details
-    await fetch('https://us-central1-itw-creative-works.cloudfunctions.net/getApp', {
-      method: 'post',
-      timeout: 30000,
-      tries: 3,
-      response: 'json',
-      body: {
-        id: app,
-      },
-    })
-    .then(result => {
-      return resolve({
-        data: {
-          uuid: uuid,
-          signInToken: signInToken,
-          timestamp: new Date().toISOString(),
-          ip: assistant.request.geolocation.ip,
-          country: assistant.request.geolocation.country,
-          app: result,
-          config: config,
-        }
-      });
-    })
-    .catch(e => {
-      return reject(assistant.errorify(`Error fetching app details: ${e}`, {code: 500}));
-    })
+    return resolve({
+      data: {
+        uuid: uuid,
+        signInToken: signInToken,
+        timestamp: new Date().toISOString(),
+        ip: assistant.request.geolocation.ip,
+        country: assistant.request.geolocation.country,
+        app: buildPublicConfig(Manager.config),
+        config: config,
+      }
+    });
 
   });
 

package/src/manager/functions/core/actions/api/user/submit-feedback.js

@@ -1,5 +1,4 @@
 const pushid = require('pushid');
-const fetch = require('wonderful-fetch');
 const powertools = require('node-powertools');
 
 function Module() {
@@ -34,55 +33,42 @@ Module.prototype.main = function () {
         decision.promptReview = true;
       }
 
-      // Get app data
-      fetch(`https://us-central1-itw-creative-works.cloudfunctions.net/getApp`, {
-        method: 'post',
-        response: 'json',
-        body: {
-          id: Manager.config.app.id,
-        }
-      })
-      .then((response) => {
-        response.reviews = response.reviews || {};
-        response.reviews.enabled = typeof response.reviews.enabled === 'undefined' ? true : response.reviews.enabled;
-        response.reviews.sites = response.reviews.sites || [];
+      // Get review config from local config
+      const reviews = { ...(Manager.config.reviews || {}) };
+      reviews.enabled = typeof reviews.enabled === 'undefined' ? true : reviews.enabled;
+      reviews.sites = reviews.sites || [];
 
-        // If reviews are enabled and there are review sites, prompt review
-        if (response.reviews.enabled && response.reviews.sites.length > 0) {
-          decision.reviewURL = powertools.random(response.reviews.sites);
-        } else {
-          decision.promptReview = false;
-        }
+      // If reviews are enabled and there are review sites, prompt review
+      if (decision.promptReview && reviews.enabled && reviews.sites.length > 0) {
+        decision.reviewURL = powertools.random(reviews.sites);
+      } else {
+        decision.promptReview = false;
+      }
 
-        assistant.log('Feedback submitted', docId, {appReviewData: response.reviews, request: request, decision: decision});
+      assistant.log('Feedback submitted', docId, {appReviewData: reviews, request: request, decision: decision});
 
-        // Save feedback to firestore
-        self.libraries.admin.firestore().doc(`feedback/${docId}`)
-        .set({
-          created: assistant.meta.startTime,
-          feedback: request,
-          decision: decision,
-          owner: {
-            uid: user?.auth?.uid ?? null,
-          },
-          metadata: Manager.Metadata().set({tag: 'user:submit-feedback'}),
-        }, {merge: true})
-        .then(r => {
-          return resolve({
-            data: {
-              review: decision,
-              originalRequest: request,
-            }
-          });
-        })
-        .catch((e) => {
-          return reject(assistant.errorify(`Failed to save feedback: ${e.message}`, {code: 500, sentry: true}));
-        })
+      // Save feedback to firestore
+      self.libraries.admin.firestore().doc(`feedback/${docId}`)
+      .set({
+        created: assistant.meta.startTime,
+        feedback: request,
+        decision: decision,
+        owner: {
+          uid: user?.auth?.uid ?? null,
+        },
+        metadata: Manager.Metadata().set({tag: 'user:submit-feedback'}),
+      }, {merge: true})
+      .then(r => {
+        return resolve({
+          data: {
+            review: decision,
+            originalRequest: request,
+          }
+        });
       })
       .catch((e) => {
-        return reject(assistant.errorify(`Failed to get app: ${e.message}`, {code: 500, sentry: true}));
+        return reject(assistant.errorify(`Failed to save feedback: ${e.message}`, {code: 500, sentry: true}));
       })
-
     })
     .catch((e) => {
       return reject(e);

package/src/manager/functions/core/actions/api.js

@@ -82,7 +82,7 @@ Module.prototype.main = function() {
       // Log
       // assistant.log(`Executing: ${resolved.command}`, self.payload, JSON.stringify(self.payload))
       // assistant.log(`Resolved URL: ${Manager.project.functionsUrl}?command=${encodeURIComponent(resolved.command)}&payload=${encodeURIComponent(JSON.stringify(self.assistant.request.data.payload))}`)
-      assistant.log(`bm_api(${resolved.command}): Request (${geolocation.ip} @ ${geolocation.country}, ${geolocation.region}, ${geolocation.city}) [${method} > ${strippedUrl}]`, JSON.stringify(assistant.request.data));
+      assistant.log(`bm_api(${resolved.command}): Request (${geolocation.ip || 'unknown'} @ ${geolocation.country || '?'}, ${geolocation.region || '?'}, ${geolocation.city || '?'}) [${method} > ${strippedUrl}]`, JSON.stringify(assistant.request.data));
       assistant.log(`bm_api(${resolved.command}): Headers`, JSON.stringify(headers));
 
 

package/src/manager/helpers/analytics.js

@@ -23,21 +23,21 @@ function Analytics(Manager, options) {
 
   // Set request properties
   self.request = {
-    ip: self.assistant?.request?.geolocation?.ip || '127.0.0.1',
-    country: self.assistant?.request?.geolocation?.country || '',
-    city: self.assistant?.request?.geolocation?.city || '',
-    region: self.assistant?.request?.geolocation?.region || '',
-    referrer: self.assistant?.request?.referrer || '',
-    userAgent: self.assistant?.request?.client?.userAgent || '',
-    language: (self.assistant?.request?.client?.language || '').split(',')[0],
+    ip: self.assistant?.request?.geolocation?.ip || null,
+    country: self.assistant?.request?.geolocation?.country || null,
+    city: self.assistant?.request?.geolocation?.city || null,
+    region: self.assistant?.request?.geolocation?.region || null,
+    referrer: self.assistant?.request?.referrer || null,
+    userAgent: self.assistant?.request?.client?.userAgent || null,
+    language: (self.assistant?.request?.client?.language || '').split(',')[0] || null,
     mobile: self.assistant?.request?.client?.mobile || false,
-    platform: self.assistant?.request?.client?.platform || '',
+    platform: self.assistant?.request?.client?.platform || null,
     name: self.assistant?.meta?.name || '',
   }
 
   // Remove blacklisted user agents
-  self.request.userAgent = BLOCKED_USER_AGENTS.some((regex) => self.request.userAgent.match(regex))
-    ? ''
+  self.request.userAgent = self.request.userAgent && BLOCKED_USER_AGENTS.some((regex) => self.request.userAgent.match(regex))
+    ? null
     : self.request.userAgent;
 
   // Fix options

package/src/manager/helpers/api-manager.js

@@ -170,7 +170,7 @@ ApiManager.prototype.getUser = async function (assistant) {
     // console.log('---authenticatedUser', authenticatedUser);
     const planId = authenticatedUser?.subscription?.product?.id || 'basic';
     let workingUID = !authenticatedUser.authenticated
-      ? uuidv5(assistant.request.geolocation.ip, '1b671a64-40d5-491e-99b0-da01ff1f3341')
+      ? uuidv5(assistant.request.geolocation.ip || 'unknown', '1b671a64-40d5-491e-99b0-da01ff1f3341')
       : authenticatedUser.auth.uid
     authenticatedUser.ip = assistant.request.geolocation.ip;
     authenticatedUser.country = assistant.request.geolocation.country;

package/src/manager/helpers/assistant.js

@@ -221,7 +221,8 @@ BackendAssistant.prototype.init = function (ref, options) {
   }
   self.request.url = tryUrl(self);
   self.request.path = self.ref.req.path || '';
-  self.request.user = self.resolveAccount({authenticated: false});
+  self.request.user = self.Manager.User({}).properties;
+  self.request.user.authenticated = false;
 
   // Set body and query
   if (options.accept === 'json') {
@@ -656,7 +657,8 @@ BackendAssistant.prototype.authenticate = async function (options) {
 
     // Resolve the user
     if (options.resolve) {
-      self.request.user = self.resolveAccount(user);
+      self.request.user = self.Manager.User(user).properties;
+      self.request.user.authenticated = user.authenticated || false;
       return self.request.user;
     } else {
       return user;
@@ -763,11 +765,6 @@ BackendAssistant.prototype.authenticate = async function (options) {
   }
 };
 
-BackendAssistant.prototype.resolveAccount = function (user) {
-  const ResolveAccount = new (require('resolve-account'))();
-
-  return ResolveAccount.resolve(undefined, user)
-}
 
 BackendAssistant.prototype.parseRepo = function (repo) {
   let repoSplit = repo.split('/');
@@ -795,43 +792,35 @@ BackendAssistant.prototype.parseRepo = function (repo) {
 BackendAssistant.prototype.getHeaderIp = function (headers) {
   headers = headers || {};
 
-  return (
+  const value =
     // these are present for cloudflare requests (11/21/2020)
     headers['cf-connecting-ip']
     || headers['fastly-temp-xff']
 
     // these are present for non-cloudflare requests (11/21/2020)
     || headers['x-appengine-user-ip']
-    || headers['x-forwarded-for']
+    || headers['x-forwarded-for'];
 
     // Not sure about these
     // || headers['fastly-client-ip']
 
-    // If unsure, return local IP
-    || '127.0.0.1'
-  )
-  .split(',')[0]
-  .trim();
+  return value ? value.split(',')[0].trim() : null;
 }
 
 BackendAssistant.prototype.getHeaderContinent = function (headers) {
   headers = headers || {};
 
-  return (
+  const value =
     // these are present for cloudflare requests (11/21/2020)
-    headers['cf-ipcontinent']
+    headers['cf-ipcontinent'];
 
-    // If unsure, return ZZ
-    || 'ZZ'
-  )
-  .split(',')[0]
-  .trim();
+  return value ? value.split(',')[0].trim() : null;
 }
 
 BackendAssistant.prototype.getHeaderCountry = function (headers) {
   headers = headers || {};
 
-  return (
+  const value =
     // these are present for cloudflare requests (11/21/2020)
     headers['cf-ipcountry']
 
@@ -839,46 +828,34 @@ BackendAssistant.prototype.getHeaderCountry = function (headers) {
     || headers['x-country-code']
 
     // these are present for non-cloudflare requests (11/21/2020)
-    || headers['x-appengine-country']
+    || headers['x-appengine-country'];
 
-    // If unsure, return ZZ
-    || 'ZZ'
-  )
-  .split(',')[0]
-  .trim();
+  return value ? value.split(',')[0].trim() : null;
 }
 
 BackendAssistant.prototype.getHeaderRegion = function (headers) {
   headers = headers || {};
 
-  return (
+  const value =
     // these are present for cloudflare requests (11/21/2020)
     headers['cf-region']
 
     // these are present for non-cloudflare requests (11/21/2020)
-    || headers['x-appengine-region']
+    || headers['x-appengine-region'];
 
-    // If unsure, return unknown
-    || 'Unknown'
-  )
-  .split(',')[0]
-  .trim();
+  return value ? value.split(',')[0].trim() : null;
 }
 
 BackendAssistant.prototype.getHeaderCity = function (headers) {
   headers = headers || {};
 
-  return (
+  const value =
     // these are present for cloudflare requests (11/21/2020)
     headers['cf-ipcity']
 
-    || headers['x-appengine-city']
+    || headers['x-appengine-city'];
 
-    // If unsure, return unknown
-    || 'Unknown'
-  )
-  .split(',')[0]
-  .trim();
+  return value ? value.split(',')[0].trim() : null;
 }
 
 BackendAssistant.prototype.getHeaderLatitude = function (headers) {
@@ -917,33 +894,27 @@ BackendAssistant.prototype.getHeaderLongitude = function (headers) {
 BackendAssistant.prototype.getHeaderUserAgent = function (headers) {
   headers = headers || {};
 
-  return (
-    headers['user-agent']
-    || ''
-  )
-  .trim();
+  const value = headers['user-agent'];
+
+  return value ? value.trim() : null;
 }
 
 BackendAssistant.prototype.getHeaderLanguage = function (headers) {
   headers = headers || {};
 
-  return (
+  const value =
     headers['accept-language']
-    || headers['x-orig-accept-language']
-    || ''
-  )
-  .trim();
+    || headers['x-orig-accept-language'];
+
+  return value ? value.trim() : null;
 }
 
 BackendAssistant.prototype.getHeaderPlatform = function (headers) {
   headers = headers || {};
 
-  return (
-    headers['sec-ch-ua-platform']
-    || ''
-  )
-  .replace(/"/ig, '')
-  .trim();
+  const value = headers['sec-ch-ua-platform'];
+
+  return value ? value.replace(/"/ig, '').trim() : null;
 }
 
 BackendAssistant.prototype.getHeaderMobile = function (headers) {
@@ -959,7 +930,7 @@ BackendAssistant.prototype.getHeaderUrl = function (headers) {
   const self = this;
   headers = headers || {};
 
-  return (
+  const value =
     // Origin header (most reliable for CORS requests)
     headers['origin']
 
@@ -968,12 +939,9 @@ BackendAssistant.prototype.getHeaderUrl = function (headers) {
     || headers['referer']
 
     // Reconstruct from host and path if available
-    || (headers['host'] ? `https://${headers['host']}${self.ref.req?.originalUrl || self.ref.req?.url || ''}` : '')
+    || (headers['host'] ? `https://${headers['host']}${self.ref.req?.originalUrl || self.ref.req?.url || ''}` : null);
 
-    // If unsure, return empty string
-    || ''
-  )
-  .trim();
+  return value ? value.trim() : null;
 }
 
 /**

package/src/manager/helpers/middleware.js

@@ -78,7 +78,7 @@ Middleware.prototype.run = function (libPath, options) {
     const strippedUrl = stripUrl(url);
 
     // Log
-    assistant.log(`Middleware.process(): Request (${geolocation.ip} @ ${geolocation.country}, ${geolocation.region}, ${geolocation.city}) [${method} > ${strippedUrl}]`, safeStringify(data));
+    assistant.log(`Middleware.process(): Request (${geolocation.ip || 'unknown'} @ ${geolocation.country || '?'}, ${geolocation.region || '?'}, ${geolocation.city || '?'}) [${method} > ${strippedUrl}]`, safeStringify(data));
     assistant.log(`Middleware.process(): Headers`, safeStringify(headers));
 
     // Set paths
@@ -133,6 +133,7 @@ Middleware.prototype.run = function (libPath, options) {
       const uuid = assistant?.usage?.user?.auth?.uid
         || assistant.request.user.auth.uid
         || assistant.request.geolocation.ip
+        || 'unknown'
 
       assistant.analytics = Manager.Analytics({
         assistant: assistant,

package/src/manager/helpers/usage.js

@@ -59,7 +59,7 @@ Usage.prototype.init = function (assistant, options) {
     self.storage = Manager.storage({name: 'usage', temporary: true, clear: options.clear, log: options.log});
 
     // Set local key
-    self.key = (options.key || self.assistant.request.geolocation.ip || '')
+    self.key = (options.key || self.assistant.request.geolocation.ip || 'unknown')
       // .replace(/[\.:]/g, '_');
 
     // Set paths

package/src/manager/helpers/user.js

@@ -51,7 +51,7 @@ function User(Manager, settings, options) {
         timestampUNIX: getWithDefault(settings?.subscription?.expires?.timestampUNIX, oldDateUNIX, defaults),
       },
       trial: {
-        activated: getWithDefault(settings?.subscription?.trial?.activated, false, defaults),
+        claimed: getWithDefault(settings?.subscription?.trial?.claimed, false, defaults),
         expires: {
           timestamp: getWithDefault(settings?.subscription?.trial?.expires?.timestamp, oldDate, defaults),
           timestampUNIX: getWithDefault(settings?.subscription?.trial?.expires?.timestampUNIX, oldDateUNIX, defaults),
@@ -109,24 +109,24 @@ function User(Manager, settings, options) {
         timestampUNIX: getWithDefault(settings?.activity?.created?.timestampUNIX, nowUNIX, defaults),
       },
       geolocation: {
-        ip: getWithDefault(settings?.activity?.geolocation?.ip, '', defaults),
-        continent: getWithDefault(settings?.activity?.geolocation?.continent, '', defaults),
-        country: getWithDefault(settings?.activity?.geolocation?.country, '', defaults),
-        region: getWithDefault(settings?.activity?.geolocation?.region, '', defaults),
-        city: getWithDefault(settings?.activity?.geolocation?.city, '', defaults),
+        ip: settings?.activity?.geolocation?.ip ?? null,
+        continent: settings?.activity?.geolocation?.continent ?? null,
+        country: settings?.activity?.geolocation?.country ?? null,
+        region: settings?.activity?.geolocation?.region ?? null,
+        city: settings?.activity?.geolocation?.city ?? null,
         latitude: getWithDefault(settings?.activity?.geolocation?.latitude, 0, defaults),
         longitude: getWithDefault(settings?.activity?.geolocation?.longitude, 0, defaults),
       },
       client: {
-        language: getWithDefault(settings?.activity?.client?.language, '', defaults),
+        language: settings?.activity?.client?.language ?? null,
         mobile: getWithDefault(settings?.activity?.client?.mobile, false, defaults),
-        device: getWithDefault(settings?.activity?.client?.device, '', defaults),
-        platform: getWithDefault(settings?.activity?.client?.platform, '', defaults),
-        browser: getWithDefault(settings?.activity?.client?.browser, '', defaults),
-        vendor: getWithDefault(settings?.activity?.client?.vendor, '', defaults),
-        runtime: getWithDefault(settings?.activity?.client?.runtime, '', defaults),
-        userAgent: getWithDefault(settings?.activity?.client?.userAgent, '', defaults),
-        url: getWithDefault(settings?.activity?.client?.url, '', defaults),
+        device: settings?.activity?.client?.device ?? null,
+        platform: settings?.activity?.client?.platform ?? null,
+        browser: settings?.activity?.client?.browser ?? null,
+        vendor: settings?.activity?.client?.vendor ?? null,
+        runtime: settings?.activity?.client?.runtime ?? null,
+        userAgent: settings?.activity?.client?.userAgent ?? null,
+        url: settings?.activity?.client?.url ?? null,
       },
     },
     api: {
@@ -138,7 +138,7 @@ function User(Manager, settings, options) {
         period: getWithDefault(settings?.usage?.requests?.period, 0, defaults),
         total: getWithDefault(settings?.usage?.requests?.total, 0, defaults),
         last: {
-          id: getWithDefault(settings?.usage?.requests?.last?.id, '', defaults),
+          id: settings?.usage?.requests?.last?.id ?? null,
           timestamp: getWithDefault(settings?.usage?.requests?.last?.timestamp, oldDate, defaults),
           timestampUNIX: getWithDefault(settings?.usage?.requests?.last?.timestampUNIX, oldDateUNIX, defaults),
         },
@@ -149,19 +149,19 @@ function User(Manager, settings, options) {
         timestamp: getWithDefault(settings?.personal?.birthday?.timestamp, oldDate, defaults),
         timestampUNIX: getWithDefault(settings?.personal?.birthday?.timestampUNIX, oldDateUNIX, defaults),
       },
-      gender: getWithDefault(settings?.personal?.gender, '', defaults),
+      gender: settings?.personal?.gender ?? null,
       location: {
-        country: getWithDefault(settings?.personal?.location?.country, '', defaults),
-        region: getWithDefault(settings?.personal?.location?.region, '', defaults),
-        city: getWithDefault(settings?.personal?.location?.city, '', defaults),
+        country: settings?.personal?.location?.country ?? null,
+        region: settings?.personal?.location?.region ?? null,
+        city: settings?.personal?.location?.city ?? null,
       },
       name: {
-        first: getWithDefault(settings?.personal?.name?.first, '', defaults),
-        last: getWithDefault(settings?.personal?.name?.last, '', defaults),
+        first: settings?.personal?.name?.first ?? null,
+        last: settings?.personal?.name?.last ?? null,
       },
       company: {
-        name: getWithDefault(settings?.personal?.company?.name, '', defaults),
-        position: getWithDefault(settings?.personal?.company?.position, '', defaults),
+        name: settings?.personal?.company?.name ?? null,
+        position: settings?.personal?.company?.position ?? null,
       },
       telephone: {
         countryCode: getWithDefault(settings?.personal?.telephone?.countryCode, 0, defaults),

package/src/manager/index.js

@@ -1111,37 +1111,6 @@ Manager.prototype.setupCustomServer = function (_library, options) {
   });
 }
 
-// Setup Custom Server
-Manager.prototype.getApp = function (id) {
-  const self = this;
-
-  // Get the app
-  return new Promise(function(resolve, reject) {
-    const fetch = require('wonderful-fetch');
-
-    // Set ID
-    id = id || self.config.app.id;
-
-    // If no ID, reject
-    if (!id) {
-      return reject(new Error('No ID provided'));
-    }
-
-    // Fetch the app
-    fetch(`https://us-central1-itw-creative-works.cloudfunctions.net/getApp`, {
-      method: 'post',
-      response: 'json',
-      timeout: 30000,
-      tries: 3,
-      body: {
-        id: id,
-      }
-    })
-    .then((r) => resolve(r))
-    .catch((e) => reject(e));
-  });
-}
-
 function resolveProjectPackage(dir) {
   try {
     return require(path.resolve(dir, 'functions', 'package.json'));

package/src/manager/libraries/openai.js

@@ -243,7 +243,7 @@ OpenAI.prototype.request = function (options) {
     // Load prompt
     const prompt = loadContent(options.prompt, _log);
     const message = loadContent(options.message, _log);
-    const user = options.user?.auth?.uid || assistant.request.geolocation.ip;
+    const user = options.user?.auth?.uid || assistant.request.geolocation.ip || 'unknown';
 
     // Log
     _log('Prompt', prompt);

package/src/manager/routes/app/get.js

@@ -0,0 +1,41 @@
+/**
+ * GET /app - Public app configuration
+ * Returns a safe subset of the project's config (no secrets)
+ */
+module.exports = async ({ assistant, Manager }) => {
+  const config = Manager.config;
+
+  return assistant.respond(buildPublicConfig(config));
+};
+
+/**
+ * Build a public-safe config object from Manager.config
+ * Excludes sensitive fields: sentry, google_analytics, ghostii, etc.
+ */
+function buildPublicConfig(config) {
+  return {
+    id: config.app?.id,
+    name: config.brand?.name,
+    description: config.brand?.description,
+    url: config.brand?.url,
+    email: config.brand?.contact?.email,
+    images: config.brand?.images || {},
+    github: {
+      user: config.github?.user,
+      repo: (config.github?.repo_website || '').split('/').pop(),
+    },
+    authentication: config.authentication || {},
+    reviews: config.reviews || {},
+    firebaseConfig: config.firebaseConfig || {},
+    products: (config.products || []).map(p => ({
+      id: p.id,
+      name: p.name,
+      type: p.type,
+      limits: p.limits || {},
+      trial: p.trial || {},
+      prices: p.prices || {},
+    })),
+  };
+}
+
+module.exports.buildPublicConfig = buildPublicConfig;

package/src/manager/routes/firebase/providers/get.js

@@ -5,8 +5,6 @@
 const { merge } = require('lodash');
 
 module.exports = async ({ assistant, Manager, analytics }) => {
-  const fetch = Manager.require('wonderful-fetch');
-
   const defaultProviders = {
     ['password']: {
       enabled: true,
@@ -34,14 +32,8 @@ module.exports = async ({ assistant, Manager, analytics }) => {
     },
   };
 
-  // Get app object
-  const appObject = await getAppObject(Manager, assistant).catch(e => e);
-  if (appObject instanceof Error) {
-    return assistant.respond(`Failed to get app object: ${appObject}`, { code: 500 });
-  }
-
-  // Merge the default providers with the app providers
-  const providers = merge(defaultProviders, appObject.authentication);
+  // Merge the default providers with the config providers
+  const providers = merge(defaultProviders, Manager.config.authentication || {});
 
   // Reformat the object so it's just provider=true/false
   const finalProviders = {};
@@ -56,25 +48,3 @@ module.exports = async ({ assistant, Manager, analytics }) => {
 
   return assistant.respond(finalProviders);
 };
-
-// Helper: Get app object from ITW
-async function getAppObject(Manager, assistant) {
-  const fetch = Manager.require('wonderful-fetch');
-  const id = Manager.config.app.id;
-
-  const result = await fetch('https://us-central1-itw-creative-works.cloudfunctions.net/getApp', {
-    method: 'post',
-    response: 'json',
-    body: {
-      id: id,
-    }
-  });
-
-  assistant.log('getAppObject(): Response', result);
-
-  if (!result) {
-    throw new Error(`App with id ${id} not found`);
-  }
-
-  return result;
-}

package/src/manager/routes/general/email/post.js

@@ -43,7 +43,7 @@ module.exports = async ({ assistant, Manager, settings, analytics }) => {
 
   // Check spam filter using local storage
   const storage = Manager.storage({ temporary: true });
-  const ipPath = ['api:general:email', 'ips', assistant.request.geolocation.ip];
+  const ipPath = ['api:general:email', 'ips', assistant.request.geolocation.ip || 'unknown'];
   const emailPath = ['api:general:email', 'emails', settings.email];
 
   const ipData = storage.get(ipPath).value() || {};

package/src/manager/routes/special/electron-client/post.js

@@ -2,13 +2,14 @@
  * POST /special/electron-client - Setup Electron Manager client
  * Returns client configuration with optional auth
  */
+const path = require('path');
+const { buildPublicConfig } = require(path.join(__dirname, '..', '..', 'app', 'get.js'));
+
 module.exports = async ({ assistant, Manager, settings, analytics, libraries }) => {
-  const fetch = Manager.require('wonderful-fetch');
   const { admin } = libraries;
 
   // appId/app fallback to Manager.config
   let uid = settings.uid;
-  const app = settings.appId || settings.app || Manager.config.app.id;
   let config = settings.config;
 
   let uuid = null;
@@ -42,21 +43,6 @@ module.exports = async ({ assistant, Manager, settings, analytics, libraries })
     config = {};
   }
 
-  // Fetch app details
-  const appDetails = await fetch('https://us-central1-itw-creative-works.cloudfunctions.net/getApp', {
-    method: 'post',
-    timeout: 30000,
-    tries: 3,
-    response: 'json',
-    body: {
-      id: app,
-    },
-  }).catch(e => e);
-
-  if (appDetails instanceof Error) {
-    return assistant.respond(`Error fetching app details: ${appDetails}`, { code: 500 });
-  }
-
   // Track analytics
   analytics.event('special/electron-client', { action: 'setup' });
 
@@ -66,7 +52,7 @@ module.exports = async ({ assistant, Manager, settings, analytics, libraries })
     timestamp: new Date().toISOString(),
     ip: assistant.request.geolocation.ip,
     country: assistant.request.geolocation.country,
-    app: appDetails,
+    app: buildPublicConfig(Manager.config),
     config: config,
   });
 };

package/src/manager/routes/user/feedback/post.js

@@ -1,5 +1,4 @@
 const pushid = require('pushid');
-const fetch = require('wonderful-fetch');
 const powertools = require('node-powertools');
 
 /**
@@ -30,17 +29,8 @@ module.exports = async ({ assistant, Manager, user, settings, libraries }) => {
     decision.promptReview = true;
   }
 
-  // Get app data for review URLs
-  const appResponse = await fetch('https://us-central1-itw-creative-works.cloudfunctions.net/getApp', {
-    method: 'post',
-    response: 'json',
-    body: { id: Manager.config.app.id },
-  }).catch((e) => {
-    assistant.error(`Failed to get app: ${e.message}`);
-    return {};
-  });
-
-  const reviews = appResponse.reviews || {};
+  // Get review config from local config
+  const reviews = { ...(Manager.config.reviews || {}) };
   reviews.enabled = typeof reviews.enabled === 'undefined' ? true : reviews.enabled;
   reviews.sites = reviews.sites || [];
 

package/src/manager/schemas/app/get.js

@@ -0,0 +1 @@
+module.exports = () => ({});

package/src/test/test-accounts.js

@@ -2,7 +2,7 @@ const uuid = require('uuid');
 
 /**
  * Helper to create a future expiration date for premium subscriptions
- * resolve-account checks subscription.expires to determine if subscription is active
+ * User() checks subscription.expires to determine if subscription is active
  * If expires is in the past (or default 1970), subscription gets downgraded to basic
  */
 function getFutureExpires(years = 10) {
@@ -38,7 +38,7 @@ function getPastExpires(years = 1) {
  * - properties: Object to merge into user doc after auth:on-create
  *
  * IMPORTANT: Premium accounts MUST have subscription.expires set to a future date
- * or resolve-account will downgrade them to basic
+ * and subscription.status set to 'active'
  */
 const STATIC_ACCOUNTS = {
   admin: {

package/templates/backend-manager-config.json

@@ -2,6 +2,7 @@
   brand: {
     id: 'my-app',
     name: 'My Brand',
+    description: '',
     url: 'https://example.com',
     contact: {
       email: 'support@example.com',
@@ -16,6 +17,14 @@
     user: 'username',
     repo_website: 'https://github.com/username/backend-manager',
   },
+  authentication: {
+    'password': { enabled: true },
+    'google.com': { enabled: true },
+  },
+  reviews: {
+    enabled: true,
+    sites: [],
+  },
   sentry: {
     dsn: 'https://d965557418748jd749d837asf00552f@o777489.ingest.sentry.io/8789941',
   },
@@ -45,6 +54,8 @@
       prompt: '',
       chance: 1.0,
       author: 'alex-raeburn',
+      // app: 'other-app-id',              // Optional: target a different app
+      // appUrl: 'https://api.otherapp.com', // Required if app is set (fetches /backend-manager/app)
     }
   ],
   products: [

package/test/routes/user/user.js

@@ -1,8 +1,8 @@
 /**
  * Test: GET /user
  * Tests the user resolve endpoint
- * Returns RESOLVED user account info for authenticated users
- * Validates that resolve-account correctly processes user data
+ * Returns user account info for authenticated users
+ * Validates that User() correctly structures user data
  */
 module.exports = {
   description: 'User resolve (account info)',
@@ -129,9 +129,9 @@ module.exports = {
       },
     },
 
-    // Test 6: Premium expired user - verify subscription is downgraded to basic
+    // Test 6: Premium expired user - verify subscription retains product but shows cancelled status
     {
-      name: 'premium-expired-user-downgraded',
+      name: 'premium-expired-user-cancelled',
       auth: 'premium-expired',
       timeout: 15000,
 
@@ -145,8 +145,9 @@ module.exports = {
         // Verify auth properties
         assert.equal(user.auth.uid, accounts['premium-expired'].uid, 'UID should match expired premium test account');
 
-        // Verify subscription - expired premium should be downgraded to basic by resolve-account
-        assert.equal(user.subscription.product.id, 'basic', 'Expired premium subscription should be downgraded to basic');
+        // Verify subscription - product.id stays premium, status reflects cancellation
+        assert.equal(user.subscription.product.id, 'premium', 'Product ID should remain premium');
+        assert.equal(user.subscription.status, 'cancelled', 'Status should be cancelled');
       },
     },
   ],