create-svc 0.1.9 → 0.1.11

package/templates/variants/bun-hono/src/auth.ts

@@ -0,0 +1,181 @@
+type AuthConfig = {
+  enabled: boolean;
+  issuer: string;
+  audience: string;
+  jwksUrl: string;
+};
+
+type JwtHeader = {
+  alg?: string;
+  kid?: string;
+};
+
+type JwtClaims = {
+  iss?: string;
+  aud?: string | string[];
+  exp?: number;
+  nbf?: number;
+  sub?: string;
+  client_id?: string;
+  scope?: string;
+};
+
+type Jwk = JsonWebKey & {
+  kid?: string;
+};
+
+type Jwks = {
+  keys: Jwk[];
+};
+
+const encoder = new TextEncoder();
+const jwksCache = new Map<string, { expiresAt: number; jwks: Jwks }>();
+
+export function authMiddleware(getConfig = authConfigFromEnv) {
+  return async (context: any, next: () => Promise<void>) => {
+    const config = getConfig();
+    if (!config.enabled) {
+      await next();
+      return;
+    }
+
+    const authorization = context.req.header("authorization") ?? "";
+    const token = bearerToken(authorization);
+    if (!token) {
+      return context.json({ error: "missing bearer token", code: "unauthorized" }, 401);
+    }
+
+    try {
+      await verifyAccessToken(token, config);
+      await next();
+    } catch {
+      return context.json({ error: "invalid bearer token", code: "unauthorized" }, 401);
+    }
+  };
+}
+
+export function authConfigFromEnv(): AuthConfig {
+  return {
+    enabled: truthy(Bun.env.AUTH_ENABLED),
+    issuer: Bun.env.AUTH_ISSUER ?? "",
+    audience: Bun.env.AUTH_AUDIENCE ?? "",
+    jwksUrl: Bun.env.AUTH_JWKS_URL ?? "",
+  };
+}
+
+async function verifyAccessToken(token: string, config: AuthConfig): Promise<JwtClaims> {
+  const parts = token.split(".");
+  if (parts.length !== 3 || !config.issuer || !config.audience || !config.jwksUrl) {
+    throw new Error("invalid auth config or token");
+  }
+
+  const [encodedHeader, encodedPayload, encodedSignature] = parts;
+  const header = decodeJSON<JwtHeader>(encodedHeader);
+  const claims = decodeJSON<JwtClaims>(encodedPayload);
+  const jwks = await fetchJwks(config.jwksUrl);
+  const key = selectKey(jwks, header);
+  if (!key || !header.alg) {
+    throw new Error("matching jwk not found");
+  }
+
+  const algorithm = importAlgorithm(header.alg, key);
+  const cryptoKey = await crypto.subtle.importKey("jwk", key, algorithm.import, false, ["verify"]);
+  const verified = await crypto.subtle.verify(
+    algorithm.verify,
+    cryptoKey,
+    toArrayBuffer(decodeBase64Url(encodedSignature)),
+    encoder.encode(`${encodedHeader}.${encodedPayload}`)
+  );
+  if (!verified) {
+    throw new Error("bad signature");
+  }
+
+  validateClaims(claims, config);
+  return claims;
+}
+
+async function fetchJwks(jwksUrl: string): Promise<Jwks> {
+  const cached = jwksCache.get(jwksUrl);
+  if (cached && cached.expiresAt > Date.now()) {
+    return cached.jwks;
+  }
+
+  const response = await fetch(jwksUrl);
+  if (!response.ok) {
+    throw new Error(`jwks fetch failed: ${response.status}`);
+  }
+  const jwks = (await response.json()) as Jwks;
+  jwksCache.set(jwksUrl, { jwks, expiresAt: Date.now() + 5 * 60 * 1000 });
+  return jwks;
+}
+
+function selectKey(jwks: Jwks, header: JwtHeader): Jwk | undefined {
+  if (header.kid) {
+    return jwks.keys.find((key) => key.kid === header.kid);
+  }
+  return jwks.keys.length === 1 ? jwks.keys[0] : undefined;
+}
+
+function importAlgorithm(alg: string, key: JsonWebKey) {
+  if (alg === "RS256") {
+    return {
+      import: { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" },
+      verify: { name: "RSASSA-PKCS1-v1_5" },
+    } as const;
+  }
+  if (alg === "ES256" && key.crv === "P-256") {
+    return {
+      import: { name: "ECDSA", namedCurve: "P-256" },
+      verify: { name: "ECDSA", hash: "SHA-256" },
+    } as const;
+  }
+  if (alg === "EdDSA" && key.crv === "Ed25519") {
+    return {
+      import: { name: "Ed25519" },
+      verify: { name: "Ed25519" },
+    } as const;
+  }
+  throw new Error(`unsupported jwt alg: ${alg}`);
+}
+
+function validateClaims(claims: JwtClaims, config: AuthConfig) {
+  const now = Math.floor(Date.now() / 1000);
+  if (claims.iss !== config.issuer) {
+    throw new Error("issuer mismatch");
+  }
+  if (!audienceMatches(claims.aud, config.audience)) {
+    throw new Error("audience mismatch");
+  }
+  if (typeof claims.exp !== "number" || claims.exp <= now - 30) {
+    throw new Error("token expired");
+  }
+  if (typeof claims.nbf === "number" && claims.nbf > now + 30) {
+    throw new Error("token not active");
+  }
+}
+
+function audienceMatches(audience: JwtClaims["aud"], expected: string) {
+  return Array.isArray(audience) ? audience.includes(expected) : audience === expected;
+}
+
+function decodeJSON<T>(value: string): T {
+  return JSON.parse(new TextDecoder().decode(decodeBase64Url(value))) as T;
+}
+
+function decodeBase64Url(value: string): Uint8Array {
+  const base64 = value.replace(/-/g, "+").replace(/_/g, "/").padEnd(Math.ceil(value.length / 4) * 4, "=");
+  return Uint8Array.from(atob(base64), (char) => char.charCodeAt(0));
+}
+
+function toArrayBuffer(bytes: Uint8Array): ArrayBuffer {
+  return bytes.buffer.slice(bytes.byteOffset, bytes.byteOffset + bytes.byteLength) as ArrayBuffer;
+}
+
+function bearerToken(value: string) {
+  const [scheme, token] = value.trim().split(/\s+/, 2);
+  return /^Bearer$/i.test(scheme) ? token : "";
+}
+
+function truthy(value: string | undefined) {
+  return ["1", "true", "yes", "on"].includes((value ?? "").trim().toLowerCase());
+}

package/templates/variants/bun-hono/src/db/client.ts

@@ -0,0 +1,15 @@
+import { SQL } from "bun";
+import { drizzle } from "drizzle-orm/bun-sql";
+
+export function requireDatabaseUrl() {
+  const databaseUrl = Bun.env.DATABASE_URL?.trim();
+  if (!databaseUrl) {
+    throw new Error("DATABASE_URL is required");
+  }
+  return databaseUrl;
+}
+
+export function createDb(databaseUrl = requireDatabaseUrl()) {
+  const client = new SQL(databaseUrl);
+  return drizzle({ client });
+}

package/templates/variants/bun-hono/src/db/repository.ts

@@ -0,0 +1,126 @@
+import { desc, eq } from "drizzle-orm";
+import type { createDb } from "./client";
+import { waitlistEntries, waitlistTriggers } from "./schema";
+import type { WaitlistEntry, WaitlistTrigger } from "../waitlist/types";
+
+type Database = ReturnType<typeof createDb>;
+type WaitlistEntryRow = typeof waitlistEntries.$inferSelect;
+
+type CreateEntryRecord = {
+  id: string;
+  email: string;
+  name: string | null;
+  company: string | null;
+  source: string | null;
+};
+
+type CreateTriggerRecord = {
+  id: string;
+  type: string;
+  entryId: string | null;
+  payload: unknown;
+};
+
+export class WaitlistRepository {
+  constructor(private readonly db: Database) {}
+
+  async createEntry(input: CreateEntryRecord): Promise<WaitlistEntry> {
+    const now = new Date();
+    const [row] = await this.db
+      .insert(waitlistEntries)
+      .values({
+        id: input.id,
+        email: input.email,
+        name: input.name,
+        company: input.company,
+        source: input.source,
+        status: "joined",
+        createdAt: now,
+        updatedAt: now,
+      })
+      .returning();
+    return toWaitlistEntry(row);
+  }
+
+  async getEntryById(entryId: string): Promise<WaitlistEntry | null> {
+    const [row] = await this.db.select().from(waitlistEntries).where(eq(waitlistEntries.id, entryId)).limit(1);
+    return row ? toWaitlistEntry(row) : null;
+  }
+
+  async getEntryByEmail(email: string): Promise<WaitlistEntry | null> {
+    const [row] = await this.db.select().from(waitlistEntries).where(eq(waitlistEntries.email, email)).limit(1);
+    return row ? toWaitlistEntry(row) : null;
+  }
+
+  async listEntries(input: { status?: string | null; limit?: number | null } = {}): Promise<WaitlistEntry[]> {
+    const limit = clampLimit(input.limit);
+    const rows = input.status
+      ? await this.db
+          .select()
+          .from(waitlistEntries)
+          .where(eq(waitlistEntries.status, input.status as WaitlistEntryRow["status"]))
+          .orderBy(desc(waitlistEntries.createdAt))
+          .limit(limit)
+      : await this.db.select().from(waitlistEntries).orderBy(desc(waitlistEntries.createdAt)).limit(limit);
+    return rows.map(toWaitlistEntry);
+  }
+
+  async updateEntryStatus(entryId: string, status: WaitlistEntryRow["status"]): Promise<WaitlistEntry | null> {
+    const [row] = await this.db
+      .update(waitlistEntries)
+      .set({
+        status,
+        updatedAt: new Date(),
+      })
+      .where(eq(waitlistEntries.id, entryId))
+      .returning();
+    return row ? toWaitlistEntry(row) : null;
+  }
+
+  async createTrigger(input: CreateTriggerRecord): Promise<WaitlistTrigger> {
+    const [row] = await this.db
+      .insert(waitlistTriggers)
+      .values({
+        id: input.id,
+        type: input.type,
+        entryId: input.entryId,
+        status: "queued",
+        payloadJson: JSON.stringify(input.payload ?? {}),
+        createdAt: new Date(),
+      })
+      .returning();
+    return toWaitlistTrigger(row);
+  }
+}
+
+function clampLimit(value: number | null | undefined) {
+  if (!value || !Number.isFinite(value)) {
+    return 100;
+  }
+  return Math.min(Math.max(Math.trunc(value), 1), 500);
+}
+
+function toWaitlistEntry(row: WaitlistEntryRow): WaitlistEntry {
+  return {
+    id: row.id,
+    email: row.email,
+    name: row.name,
+    company: row.company,
+    source: row.source,
+    status: row.status,
+    createdAt: row.createdAt.toISOString(),
+    updatedAt: row.updatedAt.toISOString(),
+  };
+}
+
+function toWaitlistTrigger(row: typeof waitlistTriggers.$inferSelect): WaitlistTrigger {
+  return {
+    id: row.id,
+    type: row.type,
+    entryId: row.entryId,
+    status: row.status,
+    payload: JSON.parse(row.payloadJson),
+    createdAt: row.createdAt.toISOString(),
+    processedAt: row.processedAt?.toISOString() ?? null,
+  };
+}

package/templates/variants/bun-hono/src/db/schema.ts

@@ -0,0 +1,26 @@
+import { pgTable, text, timestamp, uniqueIndex } from "drizzle-orm/pg-core";
+
+export const waitlistEntries = pgTable(
+  "waitlist_entries",
+  {
+    id: text("id").primaryKey(),
+    email: text("email").notNull(),
+    name: text("name"),
+    company: text("company"),
+    source: text("source"),
+    status: text("status").$type<"joined" | "invited" | "converted" | "archived">().notNull().default("joined"),
+    createdAt: timestamp("created_at", { withTimezone: true, mode: "date" }).notNull().defaultNow(),
+    updatedAt: timestamp("updated_at", { withTimezone: true, mode: "date" }).notNull().defaultNow(),
+  },
+  (table) => [uniqueIndex("waitlist_entries_email_key").on(table.email)]
+);
+
+export const waitlistTriggers = pgTable("waitlist_triggers", {
+  id: text("id").primaryKey(),
+  type: text("type").notNull(),
+  entryId: text("entry_id").references(() => waitlistEntries.id),
+  status: text("status").$type<"queued" | "processed" | "failed">().notNull().default("queued"),
+  payloadJson: text("payload_json").notNull(),
+  createdAt: timestamp("created_at", { withTimezone: true, mode: "date" }).notNull().defaultNow(),
+  processedAt: timestamp("processed_at", { withTimezone: true, mode: "date" }),
+});

package/templates/variants/bun-hono/src/index.ts

@@ -1,24 +1,155 @@
 import { Hono } from "hono";
+import { authMiddleware } from "./auth";
+import { AppError, createDefaultWaitlistService, type WaitlistService } from "./waitlist/service";
+import { startTemporalWorker } from "./temporal/worker";
 
-export function createApp() {
+export function createApp(service: WaitlistService) {
   const app = new Hono();
 
-  app.get("/healthz", (context) => context.json({ status: "ok", runtime: "bun", framework: "hono" }));
-  app.get("/", (context) => {
-    const databaseConfigured = Boolean(Bun.env.DATABASE_URL?.trim());
-    return context.json({
+  app.get("/healthz", (context) => context.json({ status: "ok" }));
+  app.get("/readyz", (context) => context.json({ status: "ok" }));
+  app.get("/", (context) =>
+    context.json({
       service: "{{SERVICE_NAME}}",
-      databaseConfigured,
-    });
+      domain: "waitlist",
+      apiOrigin: "https://api.{{SERVICE_NAME}}.anmho.com",
+    })
+  );
+
+  app.use("/v1/*", authMiddleware());
+
+  app.post("/v1/waitlist", async (context) => {
+    try {
+      const body = await context.req.json();
+      const result = await service.joinWaitlist({
+        email: String(body.email ?? ""),
+        name: body.name ?? null,
+        company: body.company ?? null,
+        source: body.source ?? null,
+      });
+      return context.json(result, result.created ? 201 : 200);
+    } catch (error) {
+      return writeError(context, error);
+    }
+  });
+
+  app.get("/v1/waitlist", async (context) => {
+    try {
+      return context.json({ entry: await service.getWaitlistEntryByEmail(context.req.query("email") ?? "") });
+    } catch (error) {
+      return writeError(context, error);
+    }
+  });
+
+  app.get("/v1/waitlist/:entryId", async (context) => {
+    try {
+      return context.json({ entry: await service.getWaitlistEntry(context.req.param("entryId")) });
+    } catch (error) {
+      return writeError(context, error);
+    }
+  });
+
+  app.get("/v1/admin/waitlist", async (context) => {
+    try {
+      return context.json({
+        entries: await service.listWaitlistEntries({
+          status: context.req.query("status"),
+          limit: parseOptionalNumber(context.req.query("limit")),
+        }),
+      });
+    } catch (error) {
+      return writeError(context, error);
+    }
+  });
+
+  app.patch("/v1/admin/waitlist/:entryId", async (context) => {
+    try {
+      const body = await context.req.json();
+      return context.json({
+        entry: await service.updateWaitlistEntry({
+          entryId: context.req.param("entryId"),
+          status: String(body.status ?? ""),
+        }),
+      });
+    } catch (error) {
+      return writeError(context, error);
+    }
+  });
+
+  app.get("/v1/admin/waitlist/export", async (context) => {
+    try {
+      const csv = await service.exportWaitlistEntries({
+        status: context.req.query("status"),
+        limit: parseOptionalNumber(context.req.query("limit")),
+      });
+      return new Response(csv, {
+        headers: {
+          "Content-Type": "text/csv; charset=utf-8",
+          "Content-Disposition": 'attachment; filename="waitlist.csv"',
+        },
+      });
+    } catch (error) {
+      return writeError(context, error);
+    }
   });
 
+  app.post("/v1/triggers/waitlist", async (context) => {
+    try {
+      const body = await context.req.json().catch(() => ({}));
+      const trigger = await service.recordTrigger({
+        type: String(body.type ?? "manual"),
+        entryId: body.entry_id ?? body.entryId ?? null,
+        payload: body,
+      });
+      return context.json({ trigger }, 202);
+    } catch (error) {
+      return writeError(context, error);
+    }
+  });
+
+  app.post("/webhooks/:provider", async (context) => {
+    try {
+      const rawBody = await context.req.text();
+      const trigger = await service.recordTrigger({
+        type: `webhook.${context.req.param("provider")}`,
+        entryId: null,
+        payload: {
+          headers: Object.fromEntries(context.req.raw.headers),
+          rawBody,
+        },
+      });
+      return context.json({ trigger }, 202);
+    } catch (error) {
+      return writeError(context, error);
+    }
+  });
+
+  app.get("/webhooks/:provider/health", (context) => context.json({ status: "ok", provider: context.req.param("provider") }));
+
   return app;
 }
 
+function writeError(context: any, error: unknown) {
+  if (error instanceof AppError) {
+    return context.json({ error: error.message, code: error.code }, error.status);
+  }
+
+  console.error(error);
+  return context.json({ error: "internal server error", code: "internal" }, 500);
+}
+
+function parseOptionalNumber(value: string | undefined) {
+  return value ? Number(value) : null;
+}
+
 if (import.meta.main) {
-  const app = createApp();
+  const temporalWorker = await startTemporalWorker();
+  if (temporalWorker) {
+    console.log(`Temporal worker polling ${temporalWorker.taskQueue}`);
+  }
+
   Bun.serve({
-    port: Number(Bun.env.PORT ?? 8080),
-    fetch: app.fetch,
+    port: Number(Bun.env.PORT ?? 3000),
+    fetch: createApp(createDefaultWaitlistService()).fetch,
   });
 }

package/templates/variants/bun-hono/src/temporal/activities.ts

@@ -0,0 +1,14 @@
+export type WaitlistFollowUpInput = {
+  triggerId?: string;
+  email?: string;
+  type: string;
+};
+
+export async function recordWaitlistFollowUp(input: WaitlistFollowUpInput) {
+  return {
+    status: "queued",
+    triggerId: input.triggerId ?? null,
+    email: input.email ?? null,
+    type: input.type,
+  };
+}

package/templates/variants/bun-hono/src/temporal/worker.ts

@@ -0,0 +1,38 @@
+import { NativeConnection, Worker } from "@temporalio/worker";
+import * as activities from "./activities";
+
+export function temporalWorkerEnabled() {
+  return (Bun.env.TEMPORAL_ENABLED ?? "").trim().toLowerCase() === "true";
+}
+
+export async function startTemporalWorker() {
+  if (!temporalWorkerEnabled()) {
+    return undefined;
+  }
+
+  const address = Bun.env.TEMPORAL_ADDRESS || "localhost:7233";
+  const namespace = Bun.env.TEMPORAL_NAMESPACE || "default";
+  const taskQueue = Bun.env.TEMPORAL_TASK_QUEUE || "{{SERVICE_NAME}}";
+  const apiKey = Bun.env.TEMPORAL_API_KEY?.trim();
+  const connection = await NativeConnection.connect({
+    address,
+    ...(apiKey ? { apiKey } : {}),
+  });
+  const worker = await Worker.create({
+    connection,
+    namespace,
+    taskQueue,
+    workflowsPath: new URL("./workflows.ts", import.meta.url).pathname,
+    activities,
+  });
+  const running = worker.run();
+
+  return {
+    taskQueue,
+    async shutdown() {
+      worker.shutdown();
+      await running.catch(() => undefined);
+      await connection.close();
+    },
+  };
+}

package/templates/variants/bun-hono/src/temporal/workflows.ts

@@ -0,0 +1,10 @@
+import { proxyActivities } from "@temporalio/workflow";
+import type * as activities from "./activities";
+
+const { recordWaitlistFollowUp } = proxyActivities<typeof activities>({
+  startToCloseTimeout: "1 minute",
+});
+
+export async function waitlistFollowUpWorkflow(input: activities.WaitlistFollowUpInput) {
+  return await recordWaitlistFollowUp(input);
+}