fluxy-bot 0.1.0

package/worker/codex-auth.ts

@@ -0,0 +1,199 @@
+/**
+ * Codex OAuth PKCE flow for ChatGPT Plus/Pro subscription authentication.
+ * Adapted from CodeDeck's CodexOAuthService for server-side Node.js.
+ *
+ * Spins up a temporary HTTP server on port 1455 to capture the OAuth callback.
+ * Credentials are stored in ~/.codex/codedeck-auth.json.
+ */
+
+import crypto from 'crypto';
+import http from 'http';
+import fs from 'fs';
+import path from 'path';
+import os from 'os';
+import { log } from '../shared/logger.js';
+
+const OAUTH_CONFIG = {
+  AUTHORIZE_URL: 'https://auth.openai.com/oauth/authorize',
+  TOKEN_URL: 'https://auth.openai.com/oauth/token',
+  REDIRECT_URI: 'http://localhost:1455/auth/callback',
+  CLIENT_ID: 'app_EMoamEEZ73f0CkXaXp7hrann',
+  SCOPES: 'openid profile email offline_access',
+  PORT: 1455,
+};
+
+const AUTH_DIR = path.join(os.homedir(), '.codex');
+const AUTH_FILE = path.join(AUTH_DIR, 'codedeck-auth.json');
+
+let codeVerifier: string | null = null;
+let oauthState: string | null = null;
+let callbackServer: http.Server | null = null;
+
+/* ── Helpers ── */
+
+function stopCallbackServer(): void {
+  if (callbackServer) {
+    try { callbackServer.close(); } catch {}
+    callbackServer = null;
+  }
+}
+
+function storeCredentials(tokens: any): void {
+  if (!fs.existsSync(AUTH_DIR)) {
+    fs.mkdirSync(AUTH_DIR, { recursive: true });
+  }
+
+  const credentials: Record<string, any> = {
+    access_token: tokens.access_token,
+    token_type: tokens.token_type || 'Bearer',
+  };
+
+  if (tokens.refresh_token) credentials.refresh_token = tokens.refresh_token;
+  if (tokens.id_token) credentials.id_token = tokens.id_token;
+  if (tokens.expires_in) {
+    credentials.expires_at = Date.now() + (tokens.expires_in - 300) * 1000;
+  }
+
+  // Decode JWT claims for account info
+  try {
+    const payload = JSON.parse(Buffer.from(tokens.access_token.split('.')[1], 'base64url').toString());
+    const authClaims = payload['https://api.openai.com/auth'] || {};
+    if (authClaims.chatgpt_account_id) credentials.chatgpt_account_id = authClaims.chatgpt_account_id;
+    if (authClaims.chatgpt_plan_type) credentials.chatgpt_plan_type = authClaims.chatgpt_plan_type;
+  } catch {
+    log.warn('Codex: failed to decode JWT claims');
+  }
+
+  fs.writeFileSync(AUTH_FILE, JSON.stringify(credentials, null, 2), 'utf-8');
+  try { fs.chmodSync(AUTH_FILE, 0o600); } catch {}
+  log.ok('Codex credentials stored');
+}
+
+async function exchangeCode(code: string): Promise<{ success: boolean; error?: string }> {
+  if (!codeVerifier) {
+    return { success: false, error: 'No code verifier — OAuth flow was not started.' };
+  }
+
+  try {
+    const payload = new URLSearchParams({
+      grant_type: 'authorization_code',
+      client_id: OAUTH_CONFIG.CLIENT_ID,
+      code,
+      redirect_uri: OAUTH_CONFIG.REDIRECT_URI,
+      code_verifier: codeVerifier,
+    });
+
+    const response = await fetch(OAUTH_CONFIG.TOKEN_URL, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+      body: payload.toString(),
+    });
+
+    if (!response.ok) {
+      return { success: false, error: `Authentication failed (${response.status}). Please try again.` };
+    }
+
+    const tokens = await response.json();
+    storeCredentials(tokens);
+    codeVerifier = null;
+    oauthState = null;
+    return { success: true };
+  } catch (err: any) {
+    return { success: false, error: err.message };
+  }
+}
+
+/* ── Public API ── */
+
+export function startCodexOAuth(): Promise<{ success: boolean; authUrl?: string; error?: string }> {
+  return new Promise((resolve) => {
+    stopCallbackServer();
+
+    // Generate PKCE
+    codeVerifier = crypto.randomBytes(32).toString('base64url');
+    const codeChallenge = crypto.createHash('sha256').update(codeVerifier).digest('base64url');
+    oauthState = crypto.randomUUID();
+
+    // Start local callback server
+    callbackServer = http.createServer((req, res) => {
+      if (!req.url?.startsWith('/auth/callback')) {
+        res.writeHead(404);
+        res.end();
+        return;
+      }
+
+      const url = new URL(req.url, `http://localhost:${OAUTH_CONFIG.PORT}`);
+      const code = url.searchParams.get('code');
+      const returnedState = url.searchParams.get('state');
+      const error = url.searchParams.get('error');
+
+      res.writeHead(200, { 'Content-Type': 'text/html' });
+      res.end(`<html><body style="font-family:sans-serif;text-align:center;padding:60px;background:#0a0a0a;color:#fff">
+        <h2>${error ? 'Authentication Failed' : 'Authenticated!'}</h2>
+        <p style="color:#888">${error || 'You can close this tab and return to Fluxy.'}</p>
+      </body></html>`);
+
+      stopCallbackServer();
+
+      if (error || !code || returnedState !== oauthState) return;
+      exchangeCode(code);
+    });
+
+    callbackServer.listen(OAUTH_CONFIG.PORT, '127.0.0.1', () => {
+      log.ok(`Codex OAuth callback server on port ${OAUTH_CONFIG.PORT}`);
+
+      const params = new URLSearchParams({
+        response_type: 'code',
+        client_id: OAUTH_CONFIG.CLIENT_ID,
+        redirect_uri: OAUTH_CONFIG.REDIRECT_URI,
+        scope: OAUTH_CONFIG.SCOPES,
+        code_challenge: codeChallenge,
+        code_challenge_method: 'S256',
+        state: oauthState!,
+        id_token_add_organizations: 'true',
+        codex_cli_simplified_flow: 'true',
+      });
+
+      resolve({ success: true, authUrl: `${OAUTH_CONFIG.AUTHORIZE_URL}?${params.toString()}` });
+    });
+
+    callbackServer.on('error', (err: any) => {
+      const error = err.code === 'EADDRINUSE'
+        ? `Port ${OAUTH_CONFIG.PORT} is busy. Close other Codex instances.`
+        : err.message;
+      resolve({ success: false, error });
+    });
+  });
+}
+
+export function cancelCodexOAuth(): void {
+  stopCallbackServer();
+  codeVerifier = null;
+  oauthState = null;
+}
+
+export function getCodexAuthStatus(): { authenticated: boolean; plan?: string; error?: string } {
+  try {
+    if (!fs.existsSync(AUTH_FILE)) return { authenticated: false };
+    const creds = JSON.parse(fs.readFileSync(AUTH_FILE, 'utf-8'));
+    if (!creds.access_token) return { authenticated: false };
+    if (creds.expires_at && Date.now() >= creds.expires_at) {
+      return { authenticated: false, error: 'Token expired' };
+    }
+    return { authenticated: true, plan: creds.chatgpt_plan_type || 'plus' };
+  } catch (err: any) {
+    return { authenticated: false, error: err.message };
+  }
+}
+
+export function readCodexAccessToken(): string | null {
+  try {
+    if (!fs.existsSync(AUTH_FILE)) return null;
+    const creds = JSON.parse(fs.readFileSync(AUTH_FILE, 'utf-8'));
+    if (!creds.access_token) return null;
+    if (creds.expires_at && Date.now() >= creds.expires_at) return null;
+    return creds.access_token;
+  } catch {
+    return null;
+  }
+}

package/worker/db.ts

@@ -0,0 +1,75 @@
+import Database from 'better-sqlite3';
+import fs from 'fs';
+import { paths, DATA_DIR } from '../shared/paths.js';
+
+const SCHEMA = `
+CREATE TABLE IF NOT EXISTS conversations (
+  id TEXT PRIMARY KEY DEFAULT (lower(hex(randomblob(8)))),
+  title TEXT,
+  model TEXT,
+  created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+  updated_at DATETIME DEFAULT CURRENT_TIMESTAMP
+);
+CREATE TABLE IF NOT EXISTS messages (
+  id TEXT PRIMARY KEY DEFAULT (lower(hex(randomblob(8)))),
+  conversation_id TEXT NOT NULL REFERENCES conversations(id) ON DELETE CASCADE,
+  role TEXT NOT NULL CHECK (role IN ('user', 'assistant', 'system')),
+  content TEXT NOT NULL,
+  tokens_in INTEGER,
+  tokens_out INTEGER,
+  model TEXT,
+  created_at DATETIME DEFAULT CURRENT_TIMESTAMP
+);
+CREATE INDEX IF NOT EXISTS idx_msg_conv ON messages(conversation_id, created_at);
+CREATE TABLE IF NOT EXISTS settings (
+  key TEXT PRIMARY KEY,
+  value TEXT NOT NULL,
+  updated_at DATETIME DEFAULT CURRENT_TIMESTAMP
+);
+`;
+
+let db: Database.Database;
+
+export function initDb(): void {
+  fs.mkdirSync(DATA_DIR, { recursive: true });
+  db = new Database(paths.db);
+  db.pragma('journal_mode = WAL');
+  db.pragma('foreign_keys = ON');
+  db.exec(SCHEMA);
+}
+
+export function closeDb(): void { db?.close(); }
+
+// Conversations
+export function createConversation(title?: string, model?: string) {
+  return db.prepare('INSERT INTO conversations (title, model) VALUES (?, ?) RETURNING *').get(title ?? null, model ?? null) as any;
+}
+export function listConversations(limit = 50) {
+  return db.prepare('SELECT * FROM conversations ORDER BY updated_at DESC LIMIT ?').all(limit);
+}
+export function deleteConversation(id: string) {
+  db.prepare('DELETE FROM conversations WHERE id = ?').run(id);
+}
+
+// Messages
+export function addMessage(convId: string, role: string, content: string, meta?: { tokens_in?: number; tokens_out?: number; model?: string }) {
+  const msg = db.prepare('INSERT INTO messages (conversation_id, role, content, tokens_in, tokens_out, model) VALUES (?, ?, ?, ?, ?, ?) RETURNING *')
+    .get(convId, role, content, meta?.tokens_in ?? null, meta?.tokens_out ?? null, meta?.model ?? null);
+  db.prepare('UPDATE conversations SET updated_at = CURRENT_TIMESTAMP WHERE id = ?').run(convId);
+  return msg as any;
+}
+export function getMessages(convId: string) {
+  return db.prepare('SELECT * FROM messages WHERE conversation_id = ? ORDER BY created_at ASC').all(convId);
+}
+
+// Settings
+export function getSetting(key: string): string | undefined {
+  return (db.prepare('SELECT value FROM settings WHERE key = ?').get(key) as any)?.value;
+}
+export function setSetting(key: string, value: string) {
+  db.prepare('INSERT INTO settings (key, value) VALUES (?, ?) ON CONFLICT(key) DO UPDATE SET value = excluded.value, updated_at = CURRENT_TIMESTAMP').run(key, value);
+}
+export function getAllSettings() {
+  const rows = db.prepare('SELECT key, value FROM settings').all() as { key: string; value: string }[];
+  return Object.fromEntries(rows.map((r) => [r.key, r.value]));
+}

package/worker/index.ts

@@ -0,0 +1,169 @@
+import express from 'express';
+import { createServer } from 'http';
+import { WebSocketServer, WebSocket } from 'ws';
+import { loadConfig, saveConfig } from '../shared/config.js';
+import { createProvider, type AiProvider, type ChatMessage } from '../shared/ai.js';
+import { paths } from '../shared/paths.js';
+import { log } from '../shared/logger.js';
+import { initDb, closeDb, createConversation, listConversations, deleteConversation, addMessage, getMessages, getSetting, getAllSettings, setSetting } from './db.js';
+import { startCodexOAuth, cancelCodexOAuth, getCodexAuthStatus, readCodexAccessToken } from './codex-auth.js';
+import { startClaudeOAuth, exchangeClaudeCode, getClaudeAuthStatus, readClaudeAccessToken } from './claude-auth.js';
+
+const port = parseInt(process.env.WORKER_PORT || '3001', 10);
+const config = loadConfig();
+
+// Database
+initDb();
+
+// AI provider (for chatbot feature)
+let ai: AiProvider | null = null;
+if (config.ai.provider && (config.ai.apiKey || config.ai.provider === 'ollama')) {
+  ai = createProvider(config.ai.provider, config.ai.apiKey, config.ai.baseUrl);
+  log.ok(`Worker AI: ${config.ai.provider} (${config.ai.model})`);
+}
+
+// Express
+const app = express();
+app.use(express.json());
+
+app.get('/api/health', (_, res) => res.json({ status: 'ok' }));
+app.get('/api/conversations', (_, res) => res.json(listConversations()));
+app.get('/api/conversations/:id', (req, res) => {
+  const msgs = getMessages(req.params.id);
+  res.json({ id: req.params.id, messages: msgs });
+});
+app.delete('/api/conversations/:id', (req, res) => { deleteConversation(req.params.id); res.json({ ok: true }); });
+app.get('/api/settings', (_, res) => res.json(getAllSettings()));
+app.put('/api/settings/:key', (req, res) => {
+  setSetting(req.params.key, req.body.value);
+  res.json({ ok: true });
+});
+
+// ── Codex OAuth routes ──
+
+app.post('/api/auth/codex/start', async (_req, res) => {
+  const result = await startCodexOAuth();
+  res.json(result);
+});
+
+app.post('/api/auth/codex/cancel', (_req, res) => {
+  cancelCodexOAuth();
+  res.json({ ok: true });
+});
+
+app.get('/api/auth/codex/status', (_req, res) => {
+  res.json(getCodexAuthStatus());
+});
+
+// ── Claude OAuth routes ──
+
+app.post('/api/auth/claude/start', (_req, res) => {
+  res.json(startClaudeOAuth());
+});
+
+app.post('/api/auth/claude/exchange', async (req, res) => {
+  const { code } = req.body;
+  if (!code) { res.json({ success: false, error: 'No code provided' }); return; }
+  const result = await exchangeClaudeCode(code);
+  res.json(result);
+});
+
+app.get('/api/auth/claude/status', (_req, res) => {
+  res.json(getClaudeAuthStatus());
+});
+
+// ── Onboarding ──
+
+app.post('/api/onboard', (req, res) => {
+  const { userName, agentName, provider, model, apiKey, baseUrl } = req.body;
+  setSetting('user_name', userName || '');
+  setSetting('agent_name', agentName || 'Fluxy');
+  setSetting('onboard_complete', 'true');
+
+  config.ai.provider = provider || '';
+  config.ai.model = model || '';
+  config.ai.baseUrl = baseUrl || undefined;
+
+  // Read OAuth token if no API key provided
+  if (!apiKey && provider === 'openai') {
+    config.ai.apiKey = readCodexAccessToken() || '';
+  } else if (!apiKey && provider === 'anthropic') {
+    config.ai.apiKey = readClaudeAccessToken() || '';
+  } else {
+    config.ai.apiKey = apiKey || '';
+  }
+
+  saveConfig(config);
+
+  if (config.ai.provider && (config.ai.apiKey || config.ai.provider === 'ollama')) {
+    ai = createProvider(config.ai.provider, config.ai.apiKey, config.ai.baseUrl);
+    log.ok(`AI reconfigured: ${config.ai.provider} (${config.ai.model})`);
+  }
+
+  res.json({ ok: true });
+});
+
+// Serve PWA
+app.use(express.static(paths.dist));
+app.get('/{*splat}', (_, res) => res.sendFile('index.html', { root: paths.dist }));
+
+// HTTP + WebSocket
+const server = createServer(app);
+const wss = new WebSocketServer({ server, path: '/ws' });
+
+const activeStreams = new Map<string, AbortController>();
+
+wss.on('connection', (ws: WebSocket) => {
+  ws.on('message', (raw) => {
+    const msg = JSON.parse(raw.toString());
+
+    if (msg.type === 'user:message') {
+      const { conversationId, content } = msg.data;
+      let convId = conversationId;
+      if (!convId) convId = createConversation(content.slice(0, 50), config.ai.model).id;
+
+      addMessage(convId, 'user', content);
+
+      if (!ai) {
+        ws.send(JSON.stringify({ type: 'bot:error', data: { conversationId: convId, error: 'AI not configured' } }));
+        return;
+      }
+
+      const history = getMessages(convId) as { role: string; content: string }[];
+      const systemPrompt = getSetting('system_prompt');
+      const messages: ChatMessage[] = [
+        ...(systemPrompt ? [{ role: 'system' as const, content: systemPrompt }] : []),
+        ...history.map((m) => ({ role: m.role as ChatMessage['role'], content: m.content })),
+      ];
+
+      ws.send(JSON.stringify({ type: 'bot:typing', data: { conversationId: convId } }));
+      const ctrl = new AbortController();
+      activeStreams.set(convId, ctrl);
+
+      ai.chat(
+        messages,
+        config.ai.model,
+        (token) => ws.send(JSON.stringify({ type: 'bot:token', data: { conversationId: convId, token } })),
+        (full, usage) => {
+          const m = addMessage(convId, 'assistant', full, { tokens_in: usage?.tokensIn, tokens_out: usage?.tokensOut, model: config.ai.model });
+          ws.send(JSON.stringify({ type: 'bot:response', data: { conversationId: convId, messageId: (m as any).id, content: full } }));
+          activeStreams.delete(convId);
+        },
+        (err) => {
+          ws.send(JSON.stringify({ type: 'bot:error', data: { conversationId: convId, error: err.message } }));
+          activeStreams.delete(convId);
+        },
+        ctrl.signal,
+      );
+    }
+
+    if (msg.type === 'user:stop') {
+      const ctrl = activeStreams.get(msg.data.conversationId);
+      if (ctrl) { ctrl.abort(); activeStreams.delete(msg.data.conversationId); }
+    }
+  });
+});
+
+server.listen(port, () => log.ok(`Worker on port ${port}`));
+
+process.on('SIGTERM', () => { closeDb(); server.close(); process.exit(0); });