blockrate-server 0.1.0

package/src/stores/sqlite.ts

@@ -0,0 +1,131 @@
+import { Database } from "bun:sqlite";
+import { drizzle } from "drizzle-orm/bun-sqlite";
+import { and, eq, gte, sql } from "drizzle-orm";
+import { readdirSync, readFileSync } from "node:fs";
+import { dirname, join } from "node:path";
+import { fileURLToPath } from "node:url";
+import { tenants, events } from "../schema.sqlite";
+import type { BlockRateStore, NewStoredEvent, StatsQuery, StatsRow, StoredTenant } from "../store";
+
+export class SqliteStore implements BlockRateStore {
+  private sqlite: Database;
+  private db: ReturnType<typeof drizzle<{ tenants: typeof tenants; events: typeof events }>>;
+
+  constructor(path = "./blockrate.db") {
+    this.sqlite = new Database(path);
+    this.sqlite.exec("PRAGMA journal_mode = WAL;");
+    this.sqlite.exec("PRAGMA foreign_keys = ON;");
+    this.db = drizzle(this.sqlite, { schema: { tenants, events } });
+    this.runMigrations();
+  }
+
+  private runMigrations() {
+    const here = dirname(fileURLToPath(import.meta.url));
+    const migrationsDir = join(here, "..", "..", "drizzle");
+    let files: string[];
+    try {
+      files = readdirSync(migrationsDir)
+        .filter((f) => f.endsWith(".sql"))
+        .sort();
+    } catch {
+      return;
+    }
+    this.sqlite.exec(
+      "CREATE TABLE IF NOT EXISTS __migrations (name TEXT PRIMARY KEY, applied_at INTEGER NOT NULL);",
+    );
+    const applied = new Set(
+      this.sqlite
+        .query("SELECT name FROM __migrations")
+        .all()
+        .map((r: any) => r.name as string),
+    );
+    for (const file of files) {
+      if (applied.has(file)) continue;
+      const migrationSql = readFileSync(join(migrationsDir, file), "utf8");
+      this.sqlite.transaction(() => {
+        for (const stmt of migrationSql.split("--> statement-breakpoint")) {
+          const trimmed = stmt.trim();
+          if (trimmed) this.sqlite.exec(trimmed);
+        }
+        this.sqlite
+          .query("INSERT INTO __migrations (name, applied_at) VALUES (?, ?)")
+          .run(file, Math.floor(Date.now() / 1000));
+      })();
+    }
+  }
+
+  async findTenantByApiKey(apiKey: string): Promise<StoredTenant | null> {
+    const row = this.db.select().from(tenants).where(eq(tenants.apiKey, apiKey)).get();
+    return row ?? null;
+  }
+
+  async findTenantByName(name: string): Promise<StoredTenant | null> {
+    const row = this.db.select().from(tenants).where(eq(tenants.name, name)).get();
+    return row ?? null;
+  }
+
+  async createTenant(input: { name: string; apiKey: string }): Promise<StoredTenant> {
+    this.db.insert(tenants).values(input).run();
+    return (await this.findTenantByApiKey(input.apiKey))!;
+  }
+
+  async listTenants(): Promise<StoredTenant[]> {
+    return this.db.select().from(tenants).all();
+  }
+
+  async deleteTenant(name: string): Promise<boolean> {
+    const row = await this.findTenantByName(name);
+    if (!row) return false;
+    this.db.delete(events).where(eq(events.tenantId, row.id)).run();
+    this.db.delete(tenants).where(eq(tenants.id, row.id)).run();
+    return true;
+  }
+
+  async updateTenantApiKey(name: string, apiKey: string): Promise<boolean> {
+    const row = await this.findTenantByName(name);
+    if (!row) return false;
+    this.db.update(tenants).set({ apiKey }).where(eq(tenants.id, row.id)).run();
+    return true;
+  }
+
+  async insertEvents(rows: NewStoredEvent[]): Promise<void> {
+    if (rows.length === 0) return;
+    this.db.insert(events).values(rows).run();
+  }
+
+  async getStats(query: StatsQuery): Promise<StatsRow[]> {
+    const where = query.service
+      ? and(
+          eq(events.tenantId, query.tenantId),
+          eq(events.service, query.service),
+          gte(events.timestamp, query.since),
+        )
+      : and(eq(events.tenantId, query.tenantId), gte(events.timestamp, query.since));
+
+    const rows = this.db
+      .select({
+        provider: events.provider,
+        total: sql<number>`COUNT(*)`.as("total"),
+        blocked: sql<number>`SUM(CASE WHEN ${events.status} = 'blocked' THEN 1 ELSE 0 END)`.as(
+          "blocked",
+        ),
+        avgLatency: sql<number>`AVG(${events.latency})`.as("avg_latency"),
+      })
+      .from(events)
+      .where(where)
+      .groupBy(events.provider)
+      .all();
+
+    return rows.map((r) => ({
+      provider: r.provider,
+      total: Number(r.total),
+      blocked: Number(r.blocked),
+      blockRate: Number(r.total) > 0 ? Number(r.blocked) / Number(r.total) : 0,
+      avgLatency: Math.round(Number(r.avgLatency) || 0),
+    }));
+  }
+
+  close(): void {
+    this.sqlite.close();
+  }
+}

package/src/tenant.ts

@@ -0,0 +1,34 @@
+import { randomBytes } from "node:crypto";
+import type { BlockRateStore, StoredTenant } from "./store";
+
+export function generateApiKey(): string {
+  return "br_" + randomBytes(24).toString("hex");
+}
+
+export async function createTenant(
+  store: BlockRateStore,
+  name: string,
+  apiKey: string = generateApiKey(),
+): Promise<StoredTenant> {
+  const existing = await store.findTenantByName(name);
+  if (existing) {
+    throw new Error(`Tenant "${name}" already exists`);
+  }
+  return store.createTenant({ name, apiKey });
+}
+
+export async function listTenants(store: BlockRateStore): Promise<StoredTenant[]> {
+  return store.listTenants();
+}
+
+export async function deleteTenant(store: BlockRateStore, name: string): Promise<boolean> {
+  return store.deleteTenant(name);
+}
+
+export async function rotateTenantKey(store: BlockRateStore, name: string): Promise<string | null> {
+  const existing = await store.findTenantByName(name);
+  if (!existing) return null;
+  const newKey = generateApiKey();
+  await store.updateTenantApiKey(name, newKey);
+  return newKey;
+}

package/src/ua.ts

@@ -0,0 +1,40 @@
+/**
+ * Truncate a full User-Agent string to just "browser family + major version".
+ *
+ * We never want to persist full UA strings because they're PII-adjacent
+ * (high fingerprinting entropy). Keeping only browser + major version
+ * preserves the one slice analytics actually cares about — "does block
+ * rate differ by browser?" — while dropping everything else.
+ *
+ * Examples:
+ *   "Mozilla/5.0 ... Chrome/131.0.0.0 Safari/537.36" → "Chrome 131"
+ *   "Mozilla/5.0 ... Firefox/124.0"                  → "Firefox 124"
+ *   "Mozilla/5.0 ... Version/17.3 Safari/605.1.15"   → "Safari 17"
+ *   ""                                               → "unknown"
+ */
+export function truncateUserAgent(ua: string | null | undefined): string {
+  if (!ua) return "unknown";
+
+  // Order matters — Edge and Opera include "Chrome" and "Safari" substrings,
+  // Samsung Internet includes "Chrome", so match the specific ones first.
+  const patterns: [RegExp, string][] = [
+    [/Edg(?:e|iOS|A)?\/(\d+)/, "Edge"],
+    [/OPR\/(\d+)/, "Opera"],
+    [/SamsungBrowser\/(\d+)/, "Samsung Internet"],
+    [/FxiOS\/(\d+)/, "Firefox"],
+    [/Firefox\/(\d+)/, "Firefox"],
+    [/CriOS\/(\d+)/, "Chrome"],
+    [/Chrome\/(\d+)/, "Chrome"],
+    [/Version\/(\d+)[\d.]*\s+(?:Mobile\/\S+\s+)?Safari/, "Safari"],
+  ];
+
+  for (const [re, name] of patterns) {
+    const match = re.exec(ua);
+    if (match) {
+      const result = `${name} ${match[1]}`;
+      return result.length > 64 ? result.slice(0, 64) : result;
+    }
+  }
+
+  return "other";
+}

package/src/validate.ts

@@ -0,0 +1,17 @@
+import { z } from "zod";
+
+export const providerResultSchema = z.object({
+  name: z.string().min(1).max(64),
+  status: z.enum(["loaded", "blocked"]),
+  latency: z.number().int().min(0).max(60_000),
+});
+
+export const blockRatePayloadSchema = z.object({
+  timestamp: z.string().datetime(),
+  url: z.string().max(2048),
+  userAgent: z.string().max(1024),
+  service: z.string().min(1).max(64).optional(),
+  providers: z.array(providerResultSchema).min(1).max(64),
+});
+
+export type BlockRatePayload = z.infer<typeof blockRatePayloadSchema>;