create-fluxstack 1.5.2 → 1.5.3

package/plugins/crypto-auth/cli/make-protected-route.command.ts

@@ -0,0 +1,383 @@
+/**
+ * CLI Command: make:protected-route
+ * Gera rotas protegidas automaticamente
+ */
+
+import type { CliCommand, CliContext } from '@/core/plugins/types'
+import { writeFileSync, existsSync, mkdirSync } from 'fs'
+import { join } from 'path'
+
+const ROUTE_TEMPLATES = {
+  required: (name: string, pascalName: string) => `/**
+ * ${pascalName} Routes
+ * 🔒 Autenticação obrigatória
+ * Auto-gerado pelo comando: flux crypto-auth:make:route ${name} --auth required
+ */
+
+import { Elysia, t } from 'elysia'
+import { cryptoAuthRequired, getCryptoAuthUser } from '@/plugins/crypto-auth/server'
+
+export const ${name}Routes = new Elysia({ prefix: '/${name}' })
+
+  // ========================================
+  // 🔒 ROTAS PROTEGIDAS (autenticação obrigatória)
+  // ========================================
+  .guard({}, (app) =>
+    app.use(cryptoAuthRequired())
+
+      // GET /api/${name}
+      .get('/', ({ request }) => {
+        const user = getCryptoAuthUser(request)!
+
+        return {
+          success: true,
+          message: 'Lista de ${name}',
+          user: {
+            publicKey: user.publicKey.substring(0, 16) + '...',
+            isAdmin: user.isAdmin
+          },
+          data: []
+        }
+      })
+
+      // GET /api/${name}/:id
+      .get('/:id', ({ request, params }) => {
+        const user = getCryptoAuthUser(request)!
+
+        return {
+          success: true,
+          message: 'Detalhes de ${name}',
+          id: params.id,
+          user: user.publicKey.substring(0, 8) + '...'
+        }
+      })
+
+      // POST /api/${name}
+      .post('/', ({ request, body }) => {
+        const user = getCryptoAuthUser(request)!
+        const data = body as any
+
+        return {
+          success: true,
+          message: '${pascalName} criado com sucesso',
+          createdBy: user.publicKey.substring(0, 8) + '...',
+          data
+        }
+      }, {
+        body: t.Object({
+          // Adicione seus campos aqui
+          name: t.String({ minLength: 3 })
+        })
+      })
+
+      // PUT /api/${name}/:id
+      .put('/:id', ({ request, params, body }) => {
+        const user = getCryptoAuthUser(request)!
+        const data = body as any
+
+        return {
+          success: true,
+          message: '${pascalName} atualizado',
+          id: params.id,
+          updatedBy: user.publicKey.substring(0, 8) + '...',
+          data
+        }
+      }, {
+        body: t.Object({
+          name: t.String({ minLength: 3 })
+        })
+      })
+
+      // DELETE /api/${name}/:id
+      .delete('/:id', ({ request, params }) => {
+        const user = getCryptoAuthUser(request)!
+
+        return {
+          success: true,
+          message: '${pascalName} deletado',
+          id: params.id,
+          deletedBy: user.publicKey.substring(0, 8) + '...'
+        }
+      })
+  )
+`,
+
+  admin: (name: string, pascalName: string) => `/**
+ * ${pascalName} Routes
+ * 👑 Apenas administradores
+ * Auto-gerado pelo comando: flux crypto-auth:make:route ${name} --auth admin
+ */
+
+import { Elysia, t } from 'elysia'
+import { cryptoAuthAdmin, getCryptoAuthUser } from '@/plugins/crypto-auth/server'
+
+export const ${name}Routes = new Elysia({ prefix: '/${name}' })
+
+  // ========================================
+  // 👑 ROTAS ADMIN (apenas administradores)
+  // ========================================
+  .guard({}, (app) =>
+    app.use(cryptoAuthAdmin())
+
+      // GET /api/${name}
+      .get('/', ({ request }) => {
+        const user = getCryptoAuthUser(request)!
+
+        return {
+          success: true,
+          message: 'Painel administrativo de ${name}',
+          admin: user.publicKey.substring(0, 8) + '...',
+          data: []
+        }
+      })
+
+      // POST /api/${name}
+      .post('/', ({ request, body }) => {
+        const user = getCryptoAuthUser(request)!
+        const data = body as any
+
+        return {
+          success: true,
+          message: '${pascalName} criado pelo admin',
+          admin: user.publicKey.substring(0, 8) + '...',
+          data
+        }
+      }, {
+        body: t.Object({
+          name: t.String({ minLength: 3 })
+        })
+      })
+
+      // DELETE /api/${name}/:id
+      .delete('/:id', ({ request, params }) => {
+        const user = getCryptoAuthUser(request)!
+
+        return {
+          success: true,
+          message: '${pascalName} deletado pelo admin',
+          id: params.id,
+          admin: user.publicKey.substring(0, 8) + '...'
+        }
+      })
+  )
+`,
+
+  optional: (name: string, pascalName: string) => `/**
+ * ${pascalName} Routes
+ * 🌓 Autenticação opcional
+ * Auto-gerado pelo comando: flux crypto-auth:make:route ${name} --auth optional
+ */
+
+import { Elysia } from 'elysia'
+import { cryptoAuthOptional, getCryptoAuthUser } from '@/plugins/crypto-auth/server'
+
+export const ${name}Routes = new Elysia({ prefix: '/${name}' })
+
+  // ========================================
+  // 🌐 ROTA PÚBLICA
+  // ========================================
+  .get('/', () => ({
+    success: true,
+    message: 'Lista pública de ${name}',
+    data: []
+  }))
+
+  // ========================================
+  // 🌓 ROTAS COM AUTH OPCIONAL
+  // ========================================
+  .guard({}, (app) =>
+    app.use(cryptoAuthOptional())
+
+      // GET /api/${name}/:id
+      .get('/:id', ({ request, params }) => {
+        const user = getCryptoAuthUser(request)
+        const isAuthenticated = !!user
+
+        return {
+          success: true,
+          id: params.id,
+          message: isAuthenticated
+            ? \`${pascalName} personalizado para \${user.publicKey.substring(0, 8)}...\`
+            : 'Visualização pública de ${name}',
+          // Conteúdo extra apenas para autenticados
+          premiumContent: isAuthenticated ? 'Conteúdo exclusivo' : null,
+          viewer: isAuthenticated
+            ? user.publicKey.substring(0, 8) + '...'
+            : 'Visitante anônimo'
+        }
+      })
+  )
+`,
+
+  public: (name: string, pascalName: string) => `/**
+ * ${pascalName} Routes
+ * 🌐 Totalmente público
+ * Auto-gerado pelo comando: flux crypto-auth:make:route ${name} --auth public
+ */
+
+import { Elysia } from 'elysia'
+
+export const ${name}Routes = new Elysia({ prefix: '/${name}' })
+
+  // ========================================
+  // 🌐 ROTAS PÚBLICAS
+  // ========================================
+
+  // GET /api/${name}
+  .get('/', () => ({
+    success: true,
+    message: 'Lista de ${name}',
+    data: []
+  }))
+
+  // GET /api/${name}/:id
+  .get('/:id', ({ params }) => ({
+    success: true,
+    id: params.id,
+    message: 'Detalhes de ${name}'
+  }))
+`
+}
+
+function toPascalCase(str: string): string {
+  return str
+    .split(/[-_]/)
+    .map(word => word.charAt(0).toUpperCase() + word.slice(1).toLowerCase())
+    .join('')
+}
+
+export const makeProtectedRouteCommand: CliCommand = {
+  name: 'crypto-auth:make:route',
+  description: 'Gera um arquivo de rotas com proteção crypto-auth',
+  category: 'Crypto Auth',
+  aliases: ['crypto-auth:generate:route'],
+
+  arguments: [
+    {
+      name: 'name',
+      description: 'Nome da rota (ex: posts, users, admin)',
+      required: true,
+      type: 'string'
+    }
+  ],
+
+  options: [
+    {
+      name: 'auth',
+      short: 'a',
+      description: 'Tipo de autenticação (required, admin, optional, public)',
+      type: 'string',
+      default: 'required',
+      choices: ['required', 'admin', 'optional', 'public']
+    },
+    {
+      name: 'output',
+      short: 'o',
+      description: 'Diretório de saída (padrão: app/server/routes)',
+      type: 'string',
+      default: 'app/server/routes'
+    },
+    {
+      name: 'force',
+      short: 'f',
+      description: 'Sobrescrever arquivo existente',
+      type: 'boolean',
+      default: false
+    }
+  ],
+
+  examples: [
+    'flux crypto-auth:make:route posts',
+    'flux crypto-auth:make:route admin --auth admin',
+    'flux crypto-auth:make:route feed --auth optional',
+    'flux crypto-auth:make:route articles --auth required --force'
+  ],
+
+  handler: async (args, options, context) => {
+    const [name] = args as [string]
+    const { auth, output, force } = options as {
+      auth: 'required' | 'admin' | 'optional' | 'public'
+      output: string
+      force: boolean
+    }
+
+    // Validar nome
+    if (!/^[a-z][a-z0-9-]*$/.test(name)) {
+      console.error('❌ Nome inválido. Use apenas letras minúsculas, números e hífens.')
+      console.error('   Exemplos válidos: posts, my-posts, user-settings')
+      return
+    }
+
+    const pascalName = toPascalCase(name)
+    const fileName = `${name}.routes.ts`
+    const outputDir = join(context.workingDir, output)
+    const filePath = join(outputDir, fileName)
+
+    // Verificar se arquivo existe
+    if (existsSync(filePath) && !force) {
+      console.error(`❌ Arquivo já existe: ${filePath}`)
+      console.error('   Use --force para sobrescrever')
+      return
+    }
+
+    // Criar diretório se não existir
+    if (!existsSync(outputDir)) {
+      mkdirSync(outputDir, { recursive: true })
+    }
+
+    // Gerar código
+    const template = ROUTE_TEMPLATES[auth]
+    const code = template(name, pascalName)
+
+    // Escrever arquivo
+    writeFileSync(filePath, code, 'utf-8')
+
+    console.log(`\n✅ Rota criada com sucesso!`)
+    console.log(`📁 Arquivo: ${filePath}`)
+    console.log(`🔐 Tipo de auth: ${auth}`)
+
+    // Instruções de uso
+    console.log(`\n📋 Próximos passos:`)
+    console.log(`\n1. Importar a rota em app/server/routes/index.ts:`)
+    console.log(`   import { ${name}Routes } from './${name}.routes'`)
+    console.log(`\n2. Registrar no apiRoutes:`)
+    console.log(`   export const apiRoutes = new Elysia({ prefix: '/api' })`)
+    console.log(`     .use(${name}Routes)`)
+    console.log(`\n3. Rotas disponíveis:`)
+
+    const routes = {
+      required: [
+        `GET    /api/${name}`,
+        `GET    /api/${name}/:id`,
+        `POST   /api/${name}`,
+        `PUT    /api/${name}/:id`,
+        `DELETE /api/${name}/:id`
+      ],
+      admin: [
+        `GET    /api/${name}`,
+        `POST   /api/${name}`,
+        `DELETE /api/${name}/:id`
+      ],
+      optional: [
+        `GET    /api/${name}`,
+        `GET    /api/${name}/:id`
+      ],
+      public: [
+        `GET    /api/${name}`,
+        `GET    /api/${name}/:id`
+      ]
+    }
+
+    routes[auth].forEach(route => console.log(`   ${route}`))
+
+    console.log(`\n4. Testar (sem auth):`)
+    console.log(`   curl http://localhost:3000/api/${name}`)
+
+    if (auth !== 'public') {
+      const expectedStatus = auth === 'optional' ? '200 (sem conteúdo premium)' : '401'
+      console.log(`   Esperado: ${expectedStatus}`)
+    }
+
+    console.log(`\n🚀 Pronto! Inicie o servidor com: bun run dev`)
+  }
+}

package/plugins/crypto-auth/client/CryptoAuthClient.ts

@@ -0,0 +1,302 @@
+/**
+ * Cliente de Autenticação Criptográfica
+ * Sistema baseado em assinatura Ed25519 SEM sessões no servidor
+ *
+ * Funcionamento:
+ * 1. Cliente gera par de chaves Ed25519 localmente
+ * 2. Chave privada NUNCA sai do navegador
+ * 3. Cada requisição é assinada automaticamente
+ * 4. Servidor valida assinatura usando chave pública recebida
+ */
+
+import { ed25519 } from '@noble/curves/ed25519'
+import { sha256 } from '@noble/hashes/sha256'
+import { bytesToHex, hexToBytes } from '@noble/hashes/utils'
+
+export interface KeyPair {
+  publicKey: string
+  privateKey: string
+  createdAt: Date
+}
+
+export interface AuthConfig {
+  storage?: 'localStorage' | 'sessionStorage' | 'memory'
+  autoInit?: boolean
+}
+
+export interface SignedRequestOptions extends RequestInit {
+  skipAuth?: boolean
+}
+
+export class CryptoAuthClient {
+  private keys: KeyPair | null = null
+  private config: AuthConfig
+  private storage: Storage | Map<string, string>
+  private readonly STORAGE_KEY = 'fluxstack_crypto_keys'
+
+  constructor(config: AuthConfig = {}) {
+    this.config = {
+      storage: 'localStorage',
+      autoInit: true,
+      ...config
+    }
+
+    // Configurar storage
+    if (this.config.storage === 'localStorage' && typeof localStorage !== 'undefined') {
+      this.storage = localStorage
+    } else if (this.config.storage === 'sessionStorage' && typeof sessionStorage !== 'undefined') {
+      this.storage = sessionStorage
+    } else {
+      this.storage = new Map<string, string>()
+    }
+
+    // Auto-inicializar se configurado
+    if (this.config.autoInit) {
+      this.initialize()
+    }
+  }
+
+  /**
+   * Inicializar (gerar ou carregar chaves)
+   */
+  initialize(): KeyPair {
+    // Tentar carregar chaves existentes
+    const existingKeys = this.loadKeys()
+    if (existingKeys) {
+      this.keys = existingKeys
+      return existingKeys
+    }
+
+    // Criar novo par de chaves
+    return this.createNewKeys()
+  }
+
+  /**
+   * Criar novo par de chaves
+   * NUNCA envia chave privada ao servidor!
+   */
+  createNewKeys(): KeyPair {
+    // Gerar par de chaves Ed25519
+    const privateKey = ed25519.utils.randomPrivateKey()
+    const publicKey = ed25519.getPublicKey(privateKey)
+
+    const keys: KeyPair = {
+      publicKey: bytesToHex(publicKey),
+      privateKey: bytesToHex(privateKey),
+      createdAt: new Date()
+    }
+
+    this.keys = keys
+    this.saveKeys(keys)
+
+    return keys
+  }
+
+  /**
+   * Fazer requisição autenticada com assinatura
+   */
+  async fetch(url: string, options: SignedRequestOptions = {}): Promise<Response> {
+    const { skipAuth = false, ...fetchOptions } = options
+
+    if (skipAuth) {
+      return fetch(url, fetchOptions)
+    }
+
+    if (!this.keys) {
+      this.initialize()
+    }
+
+    if (!this.keys) {
+      throw new Error('Chaves não inicializadas')
+    }
+
+    // Preparar dados de autenticação
+    const timestamp = Date.now()
+    const nonce = this.generateNonce()
+    const message = this.buildMessage(fetchOptions.method || 'GET', url, fetchOptions.body)
+    const signature = this.signMessage(message, timestamp, nonce)
+
+    // Adicionar headers de autenticação
+    const headers = {
+      'Content-Type': 'application/json',
+      ...fetchOptions.headers,
+      'x-public-key': this.keys.publicKey,
+      'x-timestamp': timestamp.toString(),
+      'x-nonce': nonce,
+      'x-signature': signature
+    }
+
+    return fetch(url, {
+      ...fetchOptions,
+      headers
+    })
+  }
+
+  /**
+   * Obter chaves atuais
+   */
+  getKeys(): KeyPair | null {
+    return this.keys
+  }
+
+  /**
+   * Verificar se tem chaves
+   */
+  isInitialized(): boolean {
+    return this.keys !== null
+  }
+
+  /**
+   * Limpar chaves (logout)
+   */
+  clearKeys(): void {
+    this.keys = null
+    if (this.storage instanceof Map) {
+      this.storage.delete(this.STORAGE_KEY)
+    } else {
+      this.storage.removeItem(this.STORAGE_KEY)
+    }
+  }
+
+  /**
+   * Importar chave privada existente
+   * @param privateKeyHex - Chave privada em formato hexadecimal (64 caracteres)
+   * @returns KeyPair com as chaves importadas
+   * @throws Error se a chave privada for inválida
+   */
+  importPrivateKey(privateKeyHex: string): KeyPair {
+    // Validar formato
+    if (!/^[a-fA-F0-9]{64}$/.test(privateKeyHex)) {
+      throw new Error('Chave privada inválida. Deve ter 64 caracteres hexadecimais.')
+    }
+
+    try {
+      // Converter hex para bytes
+      const privateKeyBytes = hexToBytes(privateKeyHex)
+
+      // Derivar chave pública da privada
+      const publicKeyBytes = ed25519.getPublicKey(privateKeyBytes)
+
+      const keys: KeyPair = {
+        publicKey: bytesToHex(publicKeyBytes),
+        privateKey: privateKeyHex.toLowerCase(),
+        createdAt: new Date()
+      }
+
+      this.keys = keys
+      this.saveKeys(keys)
+
+      return keys
+    } catch (error) {
+      throw new Error('Erro ao importar chave privada: ' + (error as Error).message)
+    }
+  }
+
+  /**
+   * Exportar chave privada (para backup)
+   * @returns Chave privada em formato hexadecimal
+   * @throws Error se não houver chaves inicializadas
+   */
+  exportPrivateKey(): string {
+    if (!this.keys) {
+      throw new Error('Nenhuma chave inicializada para exportar')
+    }
+
+    return this.keys.privateKey
+  }
+
+  /**
+   * Assinar mensagem
+   */
+  private signMessage(message: string, timestamp: number, nonce: string): string {
+    if (!this.keys) {
+      throw new Error('Chaves não inicializadas')
+    }
+
+    // Construir mensagem completa: publicKey:timestamp:nonce:message
+    const fullMessage = `${this.keys.publicKey}:${timestamp}:${nonce}:${message}`
+    const messageHash = sha256(new TextEncoder().encode(fullMessage))
+
+    const privateKeyBytes = hexToBytes(this.keys.privateKey)
+    const signature = ed25519.sign(messageHash, privateKeyBytes)
+
+    return bytesToHex(signature)
+  }
+
+  /**
+   * Construir mensagem para assinatura
+   */
+  private buildMessage(method: string, url: string, body?: BodyInit | null): string {
+    let message = `${method}:${url}`
+
+    if (body) {
+      if (typeof body === 'string') {
+        message += `:${body}`
+      } else {
+        message += `:${JSON.stringify(body)}`
+      }
+    }
+
+    return message
+  }
+
+  /**
+   * Gerar nonce aleatório
+   */
+  private generateNonce(): string {
+    const bytes = new Uint8Array(16)
+    crypto.getRandomValues(bytes)
+    return bytesToHex(bytes)
+  }
+
+  /**
+   * Carregar chaves do storage
+   */
+  private loadKeys(): KeyPair | null {
+    try {
+      let data: string | null
+
+      if (this.storage instanceof Map) {
+        data = this.storage.get(this.STORAGE_KEY) || null
+      } else {
+        data = this.storage.getItem(this.STORAGE_KEY)
+      }
+
+      if (!data) {
+        return null
+      }
+
+      const parsed = JSON.parse(data)
+
+      return {
+        publicKey: parsed.publicKey,
+        privateKey: parsed.privateKey,
+        createdAt: new Date(parsed.createdAt)
+      }
+    } catch (error) {
+      console.error('Erro ao carregar chaves:', error)
+      return null
+    }
+  }
+
+  /**
+   * Salvar chaves no storage
+   */
+  private saveKeys(keys: KeyPair): void {
+    try {
+      const data = JSON.stringify({
+        publicKey: keys.publicKey,
+        privateKey: keys.privateKey,
+        createdAt: keys.createdAt.toISOString()
+      })
+
+      if (this.storage instanceof Map) {
+        this.storage.set(this.STORAGE_KEY, data)
+      } else {
+        this.storage.setItem(this.STORAGE_KEY, data)
+      }
+    } catch (error) {
+      console.error('Erro ao salvar chaves:', error)
+    }
+  }
+}