cognova 0.1.0

package/server/api/tasks/[id]/index.put.ts

@@ -0,0 +1,70 @@
+import { eq } from 'drizzle-orm'
+import { getDb, schema } from '~~/server/db'
+import { requireDb } from '~~/server/utils/db-guard'
+import type { UpdateTaskInput } from '~~/shared/types'
+
+export default defineEventHandler(async (event) => {
+  requireDb(event)
+
+  const id = getRouterParam(event, 'id')
+
+  if (!id)
+    throw createError({ statusCode: 400, message: 'Task ID is required' })
+
+  const body = await readBody<UpdateTaskInput>(event)
+
+  // Validate priority if provided
+  if (body.priority !== undefined && (body.priority < 1 || body.priority > 3))
+    throw createError({ statusCode: 400, message: 'Priority must be 1 (Low), 2 (Medium), or 3 (High)' })
+
+  const db = getDb()
+
+  // Check task exists
+  const [existing] = await db
+    .select({ id: schema.tasks.id, status: schema.tasks.status })
+    .from(schema.tasks)
+    .where(eq(schema.tasks.id, id))
+    .limit(1)
+
+  if (!existing)
+    throw createError({ statusCode: 404, message: 'Task not found' })
+
+  const userId = event.context.user?.id
+
+  const updates: Record<string, unknown> = {
+    modifiedAt: new Date(),
+    modifiedBy: userId
+  }
+
+  if (body.title !== undefined) updates.title = body.title.trim()
+  if (body.description !== undefined) updates.description = body.description?.trim() || null
+  if (body.priority !== undefined) updates.priority = body.priority
+  if (body.projectId !== undefined) updates.projectId = body.projectId || null
+  if (body.tags !== undefined) updates.tags = body.tags
+  if (body.dueDate !== undefined) updates.dueDate = body.dueDate ? new Date(body.dueDate) : null
+
+  // Handle status change
+  if (body.status !== undefined) {
+    updates.status = body.status
+
+    // Auto-set completedAt when marking as done
+    if (body.status === 'done' && existing.status !== 'done')
+      updates.completedAt = new Date()
+    else if (body.status !== 'done' && existing.status === 'done')
+      updates.completedAt = null
+  }
+
+  await db
+    .update(schema.tasks)
+    .set(updates)
+    .where(eq(schema.tasks.id, id))
+
+  // Fetch updated task with project relation
+  const [task] = await db.query.tasks.findMany({
+    where: (tasks, { eq }) => eq(tasks.id, id),
+    with: { project: true },
+    limit: 1
+  })
+
+  return { data: task }
+})

package/server/api/tasks/[id]/restore.post.ts

@@ -0,0 +1,49 @@
+import { eq } from 'drizzle-orm'
+import { getDb, schema } from '~~/server/db'
+import { requireDb } from '~~/server/utils/db-guard'
+
+export default defineEventHandler(async (event) => {
+  requireDb(event)
+
+  const id = getRouterParam(event, 'id')
+
+  if (!id)
+    throw createError({ statusCode: 400, message: 'Task ID is required' })
+
+  const db = getDb()
+
+  // Check task exists
+  const [existing] = await db
+    .select({ id: schema.tasks.id, deletedAt: schema.tasks.deletedAt })
+    .from(schema.tasks)
+    .where(eq(schema.tasks.id, id))
+    .limit(1)
+
+  if (!existing)
+    throw createError({ statusCode: 404, message: 'Task not found' })
+
+  if (!existing.deletedAt)
+    throw createError({ statusCode: 400, message: 'Task is not deleted' })
+
+  const userId = event.context.user?.id
+
+  // Restore
+  await db
+    .update(schema.tasks)
+    .set({
+      deletedAt: null,
+      deletedBy: null,
+      modifiedAt: new Date(),
+      modifiedBy: userId
+    })
+    .where(eq(schema.tasks.id, id))
+
+  // Fetch updated task with project relation
+  const [task] = await db.query.tasks.findMany({
+    where: (tasks, { eq }) => eq(tasks.id, id),
+    with: { project: true },
+    limit: 1
+  })
+
+  return { data: task }
+})

package/server/api/tasks/index.get.ts

@@ -0,0 +1,53 @@
+import { eq, isNull, ilike, inArray, and, or } from 'drizzle-orm'
+import { getDb, schema } from '~~/server/db'
+import { requireDb } from '~~/server/utils/db-guard'
+
+export default defineEventHandler(async (event) => {
+  requireDb(event)
+
+  const query = getQuery(event)
+  const includeDeleted = query.includeDeleted === 'true'
+  const status = query.status as string | string[] | undefined
+  const projectId = query.projectId as string | undefined
+  const search = query.search as string | undefined
+
+  const db = getDb()
+
+  const conditions = []
+
+  // Soft delete filter
+  if (!includeDeleted)
+    conditions.push(isNull(schema.tasks.deletedAt))
+
+  // Status filter (can be single or array)
+  if (status) {
+    const statuses = (Array.isArray(status) ? status : [status]) as ('todo' | 'in_progress' | 'done' | 'blocked')[]
+    conditions.push(inArray(schema.tasks.status, statuses))
+  }
+
+  // Project filter
+  if (projectId)
+    conditions.push(eq(schema.tasks.projectId, projectId))
+
+  // Search filter (title and description)
+  if (search) {
+    const searchPattern = `%${search}%`
+    conditions.push(
+      or(
+        ilike(schema.tasks.title, searchPattern),
+        ilike(schema.tasks.description, searchPattern)
+      )
+    )
+  }
+
+  const tasks = await db.query.tasks.findMany({
+    where: conditions.length > 0 ? and(...conditions) : undefined,
+    with: {
+      project: true,
+      creator: true
+    },
+    orderBy: (tasks, { desc }) => [desc(tasks.createdAt)]
+  })
+
+  return { data: tasks }
+})

package/server/api/tasks/index.post.ts

@@ -0,0 +1,47 @@
+import { getDb, schema } from '~~/server/db'
+import { requireDb } from '~~/server/utils/db-guard'
+import type { CreateTaskInput } from '~~/shared/types'
+
+export default defineEventHandler(async (event) => {
+  requireDb(event)
+
+  const body = await readBody<CreateTaskInput>(event)
+
+  if (!body.title?.trim())
+    throw createError({ statusCode: 400, message: 'Task title is required' })
+
+  // Validate priority if provided
+  if (body.priority !== undefined && (body.priority < 1 || body.priority > 3))
+    throw createError({ statusCode: 400, message: 'Priority must be 1 (Low), 2 (Medium), or 3 (High)' })
+
+  const db = getDb()
+
+  const userId = event.context.user?.id
+
+  const result = await db
+    .insert(schema.tasks)
+    .values({
+      title: body.title.trim(),
+      description: body.description?.trim() || null,
+      status: body.status || 'todo',
+      priority: body.priority ?? 2,
+      projectId: body.projectId || null,
+      dueDate: body.dueDate ? new Date(body.dueDate) : null,
+      tags: body.tags || [],
+      createdBy: userId
+    })
+    .returning()
+
+  const task = result[0]
+  if (!task)
+    throw createError({ statusCode: 500, message: 'Failed to create task' })
+
+  // Fetch with project relation
+  const [taskWithProject] = await db.query.tasks.findMany({
+    where: (tasks, { eq }) => eq(tasks.id, task.id),
+    with: { project: true },
+    limit: 1
+  })
+
+  return { data: taskWithProject }
+})

package/server/api/tasks/tags.get.ts

@@ -0,0 +1,21 @@
+import { isNull } from 'drizzle-orm'
+import { getDb, schema } from '~~/server/db'
+import { requireDb } from '~~/server/utils/db-guard'
+
+export default defineEventHandler(async (event) => {
+  requireDb(event)
+
+  const db = getDb()
+
+  // Get all unique tags from non-deleted tasks
+  const result = await db
+    .select({ tags: schema.tasks.tags })
+    .from(schema.tasks)
+    .where(isNull(schema.tasks.deletedAt))
+
+  // Flatten and deduplicate tags
+  const allTags = result.flatMap(r => r.tags || [])
+  const uniqueTags = [...new Set(allTags)].sort()
+
+  return { data: uniqueTags }
+})

package/server/api/user/email.patch.ts

@@ -0,0 +1,56 @@
+import { eq } from 'drizzle-orm'
+import { getDb, schema } from '../../db'
+import { auth } from '../../utils/auth'
+
+export default defineEventHandler(async (event) => {
+  const session = await auth.api.getSession({ headers: event.headers })
+
+  if (!session?.user) {
+    throw createError({
+      statusCode: 401,
+      message: 'Unauthorized'
+    })
+  }
+
+  const body = await readBody<{ email: string }>(event)
+
+  if (!body.email) {
+    throw createError({
+      statusCode: 400,
+      message: 'Email is required'
+    })
+  }
+
+  // Basic email validation
+  const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/
+  if (!emailRegex.test(body.email)) {
+    throw createError({
+      statusCode: 400,
+      message: 'Invalid email format'
+    })
+  }
+
+  const db = getDb()
+
+  // Check if email is already taken by another user
+  const existingUser = await db
+    .select()
+    .from(schema.user)
+    .where(eq(schema.user.email, body.email))
+    .limit(1)
+
+  if (existingUser.length > 0 && existingUser[0]!.id !== session.user.id) {
+    throw createError({
+      statusCode: 409,
+      message: 'Email is already in use'
+    })
+  }
+
+  // Update the user's email directly
+  await db
+    .update(schema.user)
+    .set({ email: body.email })
+    .where(eq(schema.user.id, session.user.id))
+
+  return { success: true, email: body.email }
+})

package/server/db/index.ts

@@ -0,0 +1,76 @@
+import { drizzle } from 'drizzle-orm/postgres-js'
+import postgres from 'postgres'
+import { sql } from 'drizzle-orm'
+import * as schema from './schema'
+import { setDbState } from '~~/server/utils/db-state'
+
+interface DbConfig {
+  ssl: boolean | 'require' | 'prefer'
+  max: number
+  idleTimeout: number
+  connectTimeout: number
+}
+
+function getDbConfig(): DbConfig {
+  const url = process.env.DATABASE_URL || ''
+  const isNeon = url.includes('neon.tech')
+  const isLocal = url.includes('localhost') || url.includes('db:5432') || url.includes('127.0.0.1')
+
+  return {
+    ssl: isNeon ? 'require' : false,
+    max: isLocal ? 10 : 5,
+    idleTimeout: isNeon ? 20 : 0,
+    connectTimeout: isNeon ? 10 : 5
+  }
+}
+
+let queryClient: ReturnType<typeof postgres> | null = null
+let db: ReturnType<typeof drizzle<typeof schema>> | null = null
+
+export function getDb() {
+  if (!db) {
+    const connectionString = process.env.DATABASE_URL
+    if (!connectionString)
+      throw new Error('DATABASE_URL not configured')
+
+    const config = getDbConfig()
+    queryClient = postgres(connectionString, {
+      ssl: config.ssl,
+      max: config.max,
+      idle_timeout: config.idleTimeout,
+      connect_timeout: config.connectTimeout
+    })
+    db = drizzle(queryClient, { schema })
+  }
+  return db
+}
+
+export function getQueryClient() {
+  if (!queryClient)
+    getDb()
+  return queryClient!
+}
+
+export async function warmupDb(): Promise<boolean> {
+  try {
+    const database = getDb()
+    await database.execute(sql`SELECT 1`)
+    setDbState(true)
+    console.log('[db] Connection verified')
+    return true
+  } catch (error) {
+    console.error('[db] Warmup failed:', error)
+    setDbState(false, error instanceof Error ? error.message : 'Connection failed')
+    return false
+  }
+}
+
+export async function closeDb(): Promise<void> {
+  if (queryClient) {
+    await queryClient.end()
+    queryClient = null
+    db = null
+  }
+}
+
+export { schema }

package/server/db/migrate.ts

@@ -0,0 +1,41 @@
+import { migrate } from 'drizzle-orm/postgres-js/migrator'
+import { sql } from 'drizzle-orm'
+import { getDb } from './index'
+
+const MIGRATION_LOCK_ID = 728492 // Arbitrary but consistent ID
+
+export async function runMigrations(): Promise<boolean> {
+  const db = getDb()
+
+  console.log('[db] Attempting to acquire migration lock...')
+
+  try {
+    // Try to acquire advisory lock (non-blocking)
+    const lockResult = await db.execute<{ pg_try_advisory_lock: boolean }>(
+      sql`SELECT pg_try_advisory_lock(${MIGRATION_LOCK_ID})`
+    )
+
+    const acquired = lockResult[0]?.pg_try_advisory_lock === true
+
+    if (!acquired) {
+      console.log('[db] Migration lock held by another instance, skipping')
+      return false
+    }
+
+    console.log('[db] Lock acquired, running migrations...')
+    await migrate(db, { migrationsFolder: './server/drizzle/migrations' })
+    console.log('[db] Migrations complete')
+
+    return true
+  } catch (error) {
+    console.error('[db] Migration failed:', error)
+    throw error
+  } finally {
+    // Always release the lock
+    try {
+      await db.execute(sql`SELECT pg_advisory_unlock(${MIGRATION_LOCK_ID})`)
+    } catch {
+      // Ignore unlock errors
+    }
+  }
+}