gitspace 0.2.0-rc.1

package/worker/src/handlers/subdomains.ts

@@ -0,0 +1,376 @@
+/**
+ * Subdomain handlers
+ *
+ * CRUD operations for subdomains and tunnel management
+ */
+
+import { Hono } from 'hono';
+import type { Env, Subdomain } from '../types';
+import type { AuthContext } from '../middleware/auth';
+import {
+  createTunnel,
+  configureTunnelIngress,
+  deleteTunnel,
+  createDNSRecords,
+  deleteDNSRecords,
+  createCustomHostname,
+  deleteCustomHostname,
+  encryptToken,
+  decryptToken,
+} from '../services/cloudflare';
+
+const app = new Hono<{ Bindings: Env; Variables: AuthContext }>();
+
+// Subdomain limits
+const FREE_SUBDOMAIN_LIMIT = 3;
+const PAID_SUBDOMAIN_LIMIT = 10;
+
+// Subdomain format validation
+const SUBDOMAIN_REGEX = /^[a-z0-9][a-z0-9-]{1,18}[a-z0-9]$/;
+
+/**
+ * List user's subdomains
+ * GET /subdomains
+ */
+app.get('/', async (c) => {
+  const user = c.get('user');
+
+  const subdomains = await c.env.DB.prepare(
+    `
+    SELECT id, subdomain, status, is_primary, created_at, updated_at
+    FROM subdomains
+    WHERE user_id = ? AND status != 'deleted'
+    ORDER BY is_primary DESC, created_at DESC
+  `
+  )
+    .bind(user.id)
+    .all();
+
+  return c.json(subdomains.results);
+});
+
+/**
+ * Check subdomain availability
+ * GET /subdomains/check?name=xxx
+ */
+app.get('/check', async (c) => {
+  const name = c.req.query('name')?.toLowerCase();
+
+  if (!name) {
+    return c.json({ available: false, reason: 'Subdomain name required' });
+  }
+
+  // Check format
+  if (!SUBDOMAIN_REGEX.test(name)) {
+    return c.json({
+      available: false,
+      reason: 'Invalid format. Use 3-20 lowercase letters, numbers, and hyphens.',
+    });
+  }
+
+  // Check reserved
+  const reserved = await c.env.DB.prepare(
+    'SELECT 1 FROM reserved_subdomains WHERE subdomain = ?'
+  )
+    .bind(name)
+    .first();
+
+  if (reserved) {
+    return c.json({ available: false, reason: 'This subdomain is reserved' });
+  }
+
+  // Check taken
+  const existing = await c.env.DB.prepare(
+    "SELECT 1 FROM subdomains WHERE subdomain = ? AND status != 'deleted'"
+  )
+    .bind(name)
+    .first();
+
+  if (existing) {
+    return c.json({ available: false, reason: 'This subdomain is already taken' });
+  }
+
+  return c.json({ available: true });
+});
+
+/**
+ * Reserve a subdomain
+ * POST /subdomains
+ */
+app.post('/', async (c) => {
+  const user = c.get('user');
+  const body = await c.req.json<{ subdomain: string; isPrimary?: boolean }>();
+  const subdomain = body.subdomain?.toLowerCase();
+
+  // Validate format
+  if (!subdomain || !SUBDOMAIN_REGEX.test(subdomain)) {
+    return c.json(
+      {
+        error: 'Invalid subdomain format. Use 3-20 lowercase letters, numbers, and hyphens.',
+      },
+      400
+    );
+  }
+
+  // Check reserved
+  const reserved = await c.env.DB.prepare(
+    'SELECT reason FROM reserved_subdomains WHERE subdomain = ?'
+  )
+    .bind(subdomain)
+    .first<{ reason: string }>();
+
+  if (reserved) {
+    return c.json({ error: `This subdomain is reserved (${reserved.reason})` }, 400);
+  }
+
+  // Check if subdomain exists
+  const existing = await c.env.DB.prepare(
+    "SELECT id, user_id, status FROM subdomains WHERE subdomain = ?"
+  )
+    .bind(subdomain)
+    .first<{ id: string; user_id: string; status: string }>();
+
+  if (existing) {
+    // If it belongs to another user and is active, reject
+    if (existing.user_id !== user.id && existing.status !== 'deleted') {
+      return c.json({ error: 'This subdomain is already taken' }, 400);
+    }
+
+    // If it's the same user or was deleted, we'll reconfigure it
+    // Delete the old record first (we'll create a fresh one)
+    if (existing.user_id === user.id || existing.status === 'deleted') {
+      await c.env.DB.prepare('DELETE FROM subdomains WHERE id = ?')
+        .bind(existing.id)
+        .run();
+    }
+  }
+
+  // Check user's subdomain limit
+  const countResult = await c.env.DB.prepare(
+    "SELECT COUNT(*) as count FROM subdomains WHERE user_id = ? AND status = 'active'"
+  )
+    .bind(user.id)
+    .first<{ count: number }>();
+
+  const count = countResult?.count ?? 0;
+  if (count >= FREE_SUBDOMAIN_LIMIT) {
+    return c.json(
+      { error: `Subdomain limit reached (${FREE_SUBDOMAIN_LIMIT} for free tier)` },
+      400
+    );
+  }
+
+  // Create tunnel via Cloudflare API
+  let tunnel;
+  try {
+    tunnel = await createTunnel(c.env, subdomain);
+  } catch (error) {
+    console.error('Tunnel creation failed:', error);
+    return c.json({ error: 'Failed to create tunnel' }, 500);
+  }
+
+  // Configure tunnel ingress (routes traffic to local relay on port 4480)
+  try {
+    await configureTunnelIngress(c.env, tunnel.id, subdomain);
+  } catch (error) {
+    // Cleanup: delete the tunnel we just created
+    await deleteTunnel(c.env, tunnel.id).catch(() => {});
+    console.error('Tunnel ingress configuration failed:', error);
+    return c.json({ error: 'Failed to configure tunnel' }, 500);
+  }
+
+  // Create DNS records
+  let dnsRecordIds: string[];
+  try {
+    dnsRecordIds = await createDNSRecords(c.env, subdomain, tunnel.id);
+  } catch (error) {
+    // Cleanup: delete the tunnel we just created
+    await deleteTunnel(c.env, tunnel.id).catch(() => {});
+    console.error('DNS creation failed:', error);
+    return c.json({ error: 'Failed to create DNS records' }, 500);
+  }
+
+  // Create custom hostname for wildcard SSL (Cloudflare for SaaS)
+  let customHostnameId: string | null = null;
+  try {
+    const customHostname = await createCustomHostname(c.env, subdomain);
+    customHostnameId = customHostname.id;
+    console.log(`Custom hostname created: ${customHostname.hostname} (${customHostname.status})`);
+  } catch (error) {
+    // Non-fatal: wildcard SSL won't work but base subdomain will
+    console.error('Custom hostname creation failed (non-fatal):', error);
+  }
+
+  // Encrypt tunnel token for storage
+  const encryptedToken = await encryptToken(c.env, tunnel.token);
+
+  // Check if this is user's first subdomain (set as primary)
+  const isPrimary = count === 0 || body.isPrimary;
+
+  // If setting as primary, unset other primaries
+  if (isPrimary) {
+    await c.env.DB.prepare(
+      "UPDATE subdomains SET is_primary = 0 WHERE user_id = ? AND status = 'active'"
+    )
+      .bind(user.id)
+      .run();
+  }
+
+  // Store in database
+  const now = Date.now();
+  const subdomainId = crypto.randomUUID();
+
+  await c.env.DB.prepare(
+    `
+    INSERT INTO subdomains (
+      id, subdomain, user_id, tunnel_id, dns_record_ids, custom_hostname_id,
+      tunnel_token_encrypted, status, is_primary, created_at, updated_at
+    ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+  `
+  )
+    .bind(
+      subdomainId,
+      subdomain,
+      user.id,
+      tunnel.id,
+      JSON.stringify(dnsRecordIds),
+      customHostnameId,
+      encryptedToken,
+      'active',
+      isPrimary ? 1 : 0,
+      now,
+      now
+    )
+    .run();
+
+  return c.json({
+    id: subdomainId,
+    subdomain,
+    hosts: [`${subdomain}.gitspace.sh`, `*.${subdomain}.gitspace.sh`],
+    isPrimary,
+  });
+});
+
+/**
+ * Get tunnel token for a subdomain (for CLI)
+ * GET /subdomains/:subdomain/token
+ */
+app.get('/:subdomain/token', async (c) => {
+  const user = c.get('user');
+  const subdomain = c.req.param('subdomain');
+
+  const record = await c.env.DB.prepare(
+    `
+    SELECT tunnel_token_encrypted
+    FROM subdomains
+    WHERE subdomain = ? AND user_id = ? AND status = 'active'
+  `
+  )
+    .bind(subdomain, user.id)
+    .first<{ tunnel_token_encrypted: string }>();
+
+  if (!record) {
+    return c.json({ error: 'Subdomain not found' }, 404);
+  }
+
+  const tunnelToken = await decryptToken(c.env, record.tunnel_token_encrypted);
+
+  return c.json({ tunnelToken });
+});
+
+/**
+ * Set a subdomain as primary
+ * POST /subdomains/:subdomain/set-primary
+ */
+app.post('/:subdomain/set-primary', async (c) => {
+  const user = c.get('user');
+  const subdomain = c.req.param('subdomain');
+
+  // Verify ownership
+  const record = await c.env.DB.prepare(
+    "SELECT id FROM subdomains WHERE subdomain = ? AND user_id = ? AND status = 'active'"
+  )
+    .bind(subdomain, user.id)
+    .first();
+
+  if (!record) {
+    return c.json({ error: 'Subdomain not found' }, 404);
+  }
+
+  // Unset all primaries
+  await c.env.DB.prepare(
+    "UPDATE subdomains SET is_primary = 0 WHERE user_id = ? AND status = 'active'"
+  )
+    .bind(user.id)
+    .run();
+
+  // Set this one as primary
+  await c.env.DB.prepare(
+    'UPDATE subdomains SET is_primary = 1, updated_at = ? WHERE subdomain = ? AND user_id = ?'
+  )
+    .bind(Date.now(), subdomain, user.id)
+    .run();
+
+  return c.json({ success: true });
+});
+
+/**
+ * Delete a subdomain
+ * DELETE /subdomains/:subdomain
+ */
+app.delete('/:subdomain', async (c) => {
+  const user = c.get('user');
+  const subdomain = c.req.param('subdomain');
+
+  const record = await c.env.DB.prepare(
+    `
+    SELECT id, tunnel_id, dns_record_ids, custom_hostname_id
+    FROM subdomains
+    WHERE subdomain = ? AND user_id = ? AND status = 'active'
+  `
+  )
+    .bind(subdomain, user.id)
+    .first<{ id: string; tunnel_id: string; dns_record_ids: string; custom_hostname_id: string | null }>();
+
+  if (!record) {
+    return c.json({ error: 'Subdomain not found' }, 404);
+  }
+
+  // Delete tunnel (this immediately blocks new connections)
+  try {
+    await deleteTunnel(c.env, record.tunnel_id);
+  } catch (error) {
+    console.error('Tunnel deletion failed:', error);
+    // Continue anyway to clean up database
+  }
+
+  // Delete DNS records
+  try {
+    const dnsRecordIds = JSON.parse(record.dns_record_ids) as string[];
+    await deleteDNSRecords(c.env, dnsRecordIds);
+  } catch (error) {
+    console.error('DNS deletion failed:', error);
+    // Continue anyway
+  }
+
+  // Delete custom hostname (Cloudflare for SaaS)
+  if (record.custom_hostname_id) {
+    try {
+      await deleteCustomHostname(c.env, record.custom_hostname_id);
+    } catch (error) {
+      console.error('Custom hostname deletion failed:', error);
+      // Continue anyway
+    }
+  }
+
+  // Mark as deleted in database
+  await c.env.DB.prepare(
+    "UPDATE subdomains SET status = 'deleted', updated_at = ? WHERE id = ?"
+  )
+    .bind(Date.now(), record.id)
+    .run();
+
+  return c.json({ success: true });
+});
+
+export default app;

package/worker/src/handlers/user.ts

@@ -0,0 +1,98 @@
+/**
+ * User handlers
+ *
+ * Endpoints for user profile and token management
+ */
+
+import { Hono } from 'hono';
+import type { Env } from '../types';
+import type { AuthContext } from '../middleware/auth';
+
+const app = new Hono<{ Bindings: Env; Variables: AuthContext }>();
+
+/**
+ * Get current user info
+ * GET /me
+ */
+app.get('/', (c) => {
+  const user = c.get('user');
+
+  return c.json({
+    id: user.id,
+    github_username: user.github_username,
+    email: user.email,
+    name: user.name,
+    avatar_url: user.avatar_url,
+    created_at: user.created_at,
+  });
+});
+
+/**
+ * List user's tokens
+ * GET /me/tokens
+ */
+app.get('/tokens', async (c) => {
+  const user = c.get('user');
+
+  const tokens = await c.env.DB.prepare(
+    `
+    SELECT id, prefix, device_name, device_fingerprint, created_at, expires_at, last_used_at
+    FROM tokens
+    WHERE user_id = ? AND revoked_at IS NULL
+    ORDER BY created_at DESC
+  `
+  )
+    .bind(user.id)
+    .all();
+
+  return c.json(
+    tokens.results.map((t) => ({
+      id: t.id,
+      prefix: t.prefix,
+      device_name: t.device_name,
+      created_at: t.created_at,
+      expires_at: t.expires_at,
+      last_used_at: t.last_used_at,
+    }))
+  );
+});
+
+/**
+ * Revoke a token
+ * DELETE /me/tokens/:tokenId
+ */
+app.delete('/tokens/:tokenId', async (c) => {
+  const user = c.get('user');
+  const tokenId = c.req.param('tokenId');
+
+  const result = await c.env.DB.prepare(
+    `
+    UPDATE tokens
+    SET revoked_at = ?
+    WHERE id = ? AND user_id = ?
+  `
+  )
+    .bind(Date.now(), tokenId, user.id)
+    .run();
+
+  if (result.meta.changes === 0) {
+    return c.json({ error: 'Token not found' }, 404);
+  }
+
+  return c.json({ success: true });
+});
+
+/**
+ * Delete user account (and all associated data)
+ * DELETE /me
+ */
+app.delete('/', async (c) => {
+  const user = c.get('user');
+
+  // This will cascade delete tokens, sessions, subdomains, etc.
+  await c.env.DB.prepare('DELETE FROM users WHERE id = ?').bind(user.id).run();
+
+  return c.json({ success: true });
+});
+
+export default app;

package/worker/src/index.ts

@@ -0,0 +1,70 @@
+/**
+ * gitspace.sh API Worker
+ *
+ * Entry point for the Cloudflare Worker handling:
+ * - GitHub OAuth authentication
+ * - Subdomain/tunnel management
+ * - User management
+ */
+
+import { Hono } from 'hono';
+import { cors } from 'hono/cors';
+import type { Env, User } from './types';
+import { authMiddleware, type AuthContext } from './middleware/auth';
+import authHandlers from './handlers/auth';
+import userHandlers from './handlers/user';
+import subdomainHandlers from './handlers/subdomains';
+
+// Create app with typed bindings
+const app = new Hono<{ Bindings: Env; Variables: AuthContext }>();
+
+// CORS for portal and CLI
+app.use(
+  '*',
+  cors({
+    origin: ['https://gitspace.sh', 'http://localhost:5173'],
+    credentials: true,
+    allowMethods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
+    allowHeaders: ['Content-Type', 'Authorization', 'X-Device-Fingerprint'],
+  })
+);
+
+// Health check
+app.get('/health', (c) => {
+  return c.json({ status: 'ok', timestamp: Date.now() });
+});
+
+// Public config (for CLI to fetch GitHub Client ID)
+app.get('/config', (c) => {
+  return c.json({
+    github_client_id: c.env.GITHUB_CLIENT_ID,
+    version: '1.0.0',
+  });
+});
+
+// Public routes (no auth required)
+app.route('/auth', authHandlers);
+
+// Protected routes (require valid token)
+app.use('/me/*', authMiddleware);
+app.use('/subdomains/*', authMiddleware);
+app.route('/me', userHandlers);
+app.route('/subdomains', subdomainHandlers);
+
+// Root redirect to portal
+app.get('/', (c) => {
+  return c.redirect(c.env.PORTAL_URL);
+});
+
+// 404 handler
+app.notFound((c) => {
+  return c.json({ error: 'Not found' }, 404);
+});
+
+// Error handler
+app.onError((err, c) => {
+  console.error('Worker error:', err);
+  return c.json({ error: 'Internal server error' }, 500);
+});
+
+export default app;

package/worker/src/middleware/auth.ts

@@ -0,0 +1,152 @@
+/**
+ * Authentication middleware for protected routes
+ *
+ * Validates Bearer tokens and attaches user to context.
+ * Tokens are stored as SHA-256 hashes in D1.
+ */
+
+import type { Context, Next } from 'hono';
+import type { Env, User, Token } from '../types';
+
+export interface AuthContext {
+  user: User;
+  token: Token;
+}
+
+/**
+ * Hash a token using SHA-256
+ */
+export async function hashToken(token: string): Promise<string> {
+  const encoder = new TextEncoder();
+  const data = encoder.encode(token);
+  const hashBuffer = await crypto.subtle.digest('SHA-256', data);
+  const hashArray = Array.from(new Uint8Array(hashBuffer));
+  return hashArray.map((b) => b.toString(16).padStart(2, '0')).join('');
+}
+
+/**
+ * Middleware to validate Bearer token and attach user to context
+ */
+export async function authMiddleware(
+  c: Context<{ Bindings: Env; Variables: AuthContext }>,
+  next: Next
+): Promise<Response | void> {
+  const authHeader = c.req.header('Authorization');
+
+  if (!authHeader?.startsWith('Bearer ')) {
+    return c.json({ error: 'Missing or invalid Authorization header' }, 401);
+  }
+
+  const tokenPlain = authHeader.slice(7);
+
+  // Validate token format
+  if (!tokenPlain.startsWith('gst_') || tokenPlain.length < 20) {
+    return c.json({ error: 'Invalid token format' }, 401);
+  }
+
+  // Hash token to look up in database
+  const tokenHash = await hashToken(tokenPlain);
+
+  // Look up token and join with user
+  const result = await c.env.DB.prepare(`
+    SELECT
+      t.id as token_id, t.prefix, t.user_id, t.device_name, t.device_fingerprint,
+      t.created_at as token_created_at, t.expires_at, t.last_used_at, t.revoked_at,
+      u.id, u.github_id, u.github_username, u.email, u.name, u.avatar_url,
+      u.created_at, u.updated_at
+    FROM tokens t
+    JOIN users u ON t.user_id = u.id
+    WHERE t.id = ?
+      AND t.revoked_at IS NULL
+      AND (t.expires_at IS NULL OR t.expires_at > ?)
+  `)
+    .bind(tokenHash, Date.now())
+    .first();
+
+  if (!result) {
+    return c.json({ error: 'Invalid or expired token' }, 401);
+  }
+
+  // Build user and token objects
+  const user: User = {
+    id: result.id as string,
+    github_id: result.github_id as string,
+    github_username: result.github_username as string,
+    email: result.email as string | null,
+    name: result.name as string | null,
+    avatar_url: result.avatar_url as string | null,
+    created_at: result.created_at as number,
+    updated_at: result.updated_at as number,
+  };
+
+  const token: Token = {
+    id: result.token_id as string,
+    prefix: result.prefix as string,
+    user_id: result.user_id as string,
+    device_name: result.device_name as string | null,
+    device_fingerprint: result.device_fingerprint as string | null,
+    created_at: result.token_created_at as number,
+    expires_at: result.expires_at as number | null,
+    last_used_at: result.last_used_at as number | null,
+    revoked_at: result.revoked_at as number | null,
+  };
+
+  // Enforce device fingerprint binding when present
+  if (token.device_fingerprint) {
+    const deviceFingerprint = c.req.header('X-Device-Fingerprint');
+    if (!deviceFingerprint) {
+      return c.json({ error: 'Missing device fingerprint' }, 401);
+    }
+    if (deviceFingerprint !== token.device_fingerprint) {
+      return c.json({ error: 'Invalid device fingerprint' }, 401);
+    }
+  }
+
+  // Attach to context
+  c.set('user', user);
+  c.set('token', token);
+
+  // Update last_used_at (fire-and-forget)
+  c.executionCtx.waitUntil(
+    c.env.DB.prepare('UPDATE tokens SET last_used_at = ? WHERE id = ?')
+      .bind(Date.now(), tokenHash)
+      .run()
+  );
+
+  await next();
+}
+
+/**
+ * Validate a session cookie (for portal)
+ */
+export async function validateSession(
+  db: D1Database,
+  sessionId: string
+): Promise<User | null> {
+  const result = await db
+    .prepare(
+      `
+    SELECT u.*
+    FROM sessions s
+    JOIN users u ON s.user_id = u.id
+    WHERE s.id = ? AND s.expires_at > ?
+  `
+    )
+    .bind(sessionId, Date.now())
+    .first();
+
+  if (!result) {
+    return null;
+  }
+
+  return {
+    id: result.id as string,
+    github_id: result.github_id as string,
+    github_username: result.github_username as string,
+    email: result.email as string | null,
+    name: result.name as string | null,
+    avatar_url: result.avatar_url as string | null,
+    created_at: result.created_at as number,
+    updated_at: result.updated_at as number,
+  };
+}