insforge 0.3.2 → 1.2.10

package/.github/workflows/deploy-aws.yml

@@ -1,130 +0,0 @@
-name: Deploy to AWS EC2
-
-on:
-  push:
-    branches: [main, master]
-  workflow_dispatch:
-
-jobs:
-  deploy:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Deploy to EC2
-        uses: appleboy/ssh-action@v1.0.0
-        with:
-          host: ${{ secrets.EC2_HOST }}
-          username: ec2-user
-          key: ${{ secrets.EC2_SSH_KEY }}
-          port: 22
-          script: |
-            # Install required dependencies if not present
-            if ! command -v git &> /dev/null; then
-              echo "Installing git..."
-              sudo yum update -y
-              sudo yum install -y git
-            fi
-
-            if ! command -v docker &> /dev/null; then
-              echo "Installing Docker..."
-              sudo yum update -y
-              sudo yum install -y docker
-              sudo systemctl start docker
-              sudo systemctl enable docker
-              sudo usermod -aG docker ec2-user
-              
-              # Install docker-compose plugin
-              sudo mkdir -p /usr/local/lib/docker/cli-plugins
-              sudo curl -SL https://github.com/docker/compose/releases/download/v2.23.0/docker-compose-linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-compose
-              sudo chmod +x /usr/local/lib/docker/cli-plugins/docker-compose
-              
-              # Also install standalone docker-compose for compatibility
-              sudo curl -L "https://github.com/docker/compose/releases/download/v2.23.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
-              sudo chmod +x /usr/local/bin/docker-compose
-            fi
-            
-            # Navigate to application directory
-            mkdir -p ~/insforge
-            cd ~/insforge
-
-            # Pull latest code or fresh clone
-            if [ -d ".git" ]; then
-              # Clean up old branches and reset to latest
-              git remote prune origin
-              git fetch --all --prune
-              # Use the branch that triggered the workflow
-              git checkout ${{ github.ref_name }} || git checkout main || git checkout master
-              git reset --hard origin/${{ github.ref_name }} || git reset --hard origin/main || git reset --hard origin/master
-            else
-              # Remove existing non-git directory if it exists
-              if [ -d ~/insforge ] && [ ! -d ~/insforge/.git ]; then
-                rm -rf ~/insforge/*
-                rm -rf ~/insforge/.*
-              fi
-              # Clone using SSH (since we set up SSH key)
-              git clone git@github.com:InsForge/insforge.git ~/insforge
-              cd ~/insforge
-              # Stay on default branch instead of detached HEAD
-              # git checkout ${{ github.sha }}  # Commented out to avoid detached HEAD
-            fi
-
-            # Create .env file matching .env.example structure
-            cat > .env << EOF
-            # Server Configuration
-            PORT=7130
-            
-            # PostgreSQL Configuration
-            POSTGRES_USER=postgres
-            POSTGRES_PASSWORD=postgres
-            POSTGRES_DB=insforge
-            
-            API_BASE_URL=http://localhost:7130
-            VITE_API_BASE_URL=http://localhost:7130
-            
-            # Authentication
-            JWT_SECRET=your-secret-jwt-key-must-be-32-characters-minimum
-            ADMIN_EMAIL=admin@example.com
-            ADMIN_PASSWORD=change-this-password
-            
-            # Logflare
-            LOGFLARE_PUBLIC_ACCESS_TOKEN=your-super-secret-and-long-logflare-key-public
-            LOGFLARE_PRIVATE_ACCESS_TOKEN=your-super-secret-and-long-logflare-key-private
-            
-            # Docker
-            DOCKER_SOCKET_LOCATION=/var/run/docker.sock
-            
-            EOF
-
-            # Ensure we're in the right directory with docker-compose.yml
-            cd ~/insforge
-            
-            # Stop ALL containers regardless of which compose file started them
-            # This ensures clean slate even if previous deploy used different compose file
-            sudo docker stop $(sudo docker ps -aq) || true
-            sudo docker rm $(sudo docker ps -aq) || true
-            
-            # Also try to stop using both compose files (in case either was used)
-            # IMPORTANT: Specify -f for dev file too, to avoid default file selection
-            sudo /usr/local/bin/docker-compose -f docker-compose.yml down -v || true
-            sudo /usr/local/bin/docker-compose -f docker-compose.prod.yml down -v || true
-            
-            # Clean up any orphaned volumes and networks
-            sudo docker volume prune -f || true
-            sudo docker network prune -f || true
-            
-            # Build fresh image with no cache and latest base images
-            sudo /usr/local/bin/docker-compose -f docker-compose.prod.yml build --no-cache --pull
-            
-            # Now start fresh with production compose
-            sudo /usr/local/bin/docker-compose -f docker-compose.prod.yml up -d
-
-            # Clean up old images
-            sudo docker image prune -af
-
-            # Check deployment status
-            sleep 10
-            sudo /usr/local/bin/docker-compose -f docker-compose.prod.yml ps
-            sudo /usr/local/bin/docker-compose -f docker-compose.prod.yml logs --tail=50

package/backend/src/api/routes/agent.ts

@@ -1,29 +0,0 @@
-import { Router, Request, Response } from 'express';
-import { AgentAPIDocService } from '@/core/documentation/agent.js';
-import { AppError } from '@/api/middleware/error.js';
-import { ERROR_CODES } from '@/types/error-constants.js';
-import { successResponse } from '@/utils/response.js';
-import logger from '@/utils/logger.js';
-
-const router = Router();
-const agentAPIDocService = AgentAPIDocService.getInstance();
-
-/**
- * GET /api/agent-docs
- * Get AI-native API documentation optimized for LLMs
- */
-router.get('/', async (_req: Request, res: Response, next) => {
-  try {
-    const agentDocs = await agentAPIDocService.generateAgentDocumentation();
-    successResponse(res, agentDocs);
-  } catch (error) {
-    logger.error('Failed to generate agent API documentation', {
-      error: error instanceof Error ? error.message : String(error),
-    });
-    next(
-      new AppError('Failed to generate agent API documentation', 500, ERROR_CODES.INTERNAL_ERROR)
-    );
-  }
-});
-
-export { router as agentDocsRouter };

package/backend/src/api/routes/auth.oauth.ts

@@ -1,482 +0,0 @@
-import { Router, Request, Response, NextFunction } from 'express';
-import { AuthService } from '@/core/auth/auth.js';
-import { OAuthConfigService } from '@/core/auth/oauth.js';
-import { AuditService } from '@/core/logs/audit.js';
-import { AppError } from '@/api/middleware/error.js';
-import { ERROR_CODES } from '@/types/error-constants.js';
-import { successResponse } from '@/utils/response.js';
-import { AuthRequest, verifyAdmin } from '@/api/middleware/auth.js';
-import logger from '@/utils/logger.js';
-import jwt from 'jsonwebtoken';
-import { SocketService } from '@/core/socket/socket.js';
-import { DataUpdateResourceType, ServerEvents } from '@/core/socket/types.js';
-import {
-  createOAuthConfigRequestSchema,
-  updateOAuthConfigRequestSchema,
-  type ListOAuthConfigsResponse,
-} from '@insforge/shared-schemas';
-import { isOAuthSharedKeysAvailable } from '@/utils/environment.js';
-
-const router = Router();
-const authService = AuthService.getInstance();
-const oauthConfigService = OAuthConfigService.getInstance();
-const auditService = AuditService.getInstance();
-
-// GET /api/auth/oauth/google - Initialize Google OAuth flow
-router.get('/google', async (req: Request, res: Response, next: NextFunction) => {
-  try {
-    const { redirect_uri } = req.query;
-    if (!redirect_uri) {
-      throw new AppError('Redirect URI is required', 400, ERROR_CODES.INVALID_INPUT);
-    }
-
-    const jwtPayload = {
-      provider: 'google',
-      redirectUri: redirect_uri ? (redirect_uri as string) : undefined,
-      createdAt: Date.now(),
-    };
-    const state = jwt.sign(jwtPayload, process.env.JWT_SECRET || 'default_secret', {
-      algorithm: 'HS256',
-      expiresIn: '1h', // Set expiration time for the state token
-    });
-    const authUrl = await authService.generateGoogleAuthUrl(state);
-
-    res.json({ authUrl });
-  } catch (error) {
-    logger.error('Google OAuth error', { error });
-    next(
-      new AppError(
-        'Google OAuth is not properly configured. Please check your oauth configurations.',
-        500,
-        ERROR_CODES.AUTH_OAUTH_CONFIG_ERROR
-      )
-    );
-  }
-});
-
-// GET /api/auth/oauth/github - Initialize GitHub OAuth flow
-router.get('/github', async (req: Request, res: Response, next: NextFunction) => {
-  try {
-    const { redirect_uri } = req.query;
-    if (!redirect_uri) {
-      throw new AppError('Redirect URI is required', 400, ERROR_CODES.INVALID_INPUT);
-    }
-
-    const jwtPayload = {
-      provider: 'github',
-      redirectUri: redirect_uri ? (redirect_uri as string) : undefined,
-      createdAt: Date.now(),
-    };
-    const state = jwt.sign(jwtPayload, process.env.JWT_SECRET || 'default_secret', {
-      algorithm: 'HS256',
-      expiresIn: '1h', // Set expiration time for the state token
-    });
-
-    const authUrl = await authService.generateGitHubAuthUrl(state);
-
-    res.json({ authUrl });
-  } catch (error) {
-    logger.error('GitHub OAuth error', { error });
-    next(
-      new AppError(
-        'GitHub OAuth is not properly configured. Please check your oauth configurations.',
-        500,
-        ERROR_CODES.AUTH_OAUTH_CONFIG_ERROR
-      )
-    );
-  }
-});
-
-// GET /api/auth/oauth/shared/callback/:state - Shared callback for OAuth providers
-router.get('/shared/callback/:state', async (req: Request, res: Response, next: NextFunction) => {
-  try {
-    const { state } = req.params;
-    const { success, error, payload } = req.query;
-
-    if (!state) {
-      logger.warn('Shared OAuth callback called without state parameter');
-      throw new AppError('State parameter is required', 400, ERROR_CODES.INVALID_INPUT);
-    }
-
-    let redirectUri: string;
-    let provider: string;
-    try {
-      const decodedState = jwt.verify(state, process.env.JWT_SECRET || 'default_secret') as {
-        provider: string;
-        redirectUri: string;
-      };
-      redirectUri = decodedState.redirectUri || '/';
-      provider = decodedState.provider || '';
-    } catch {
-      logger.warn('Invalid state parameter', { state });
-      throw new AppError('Invalid state parameter', 400, ERROR_CODES.INVALID_INPUT);
-    }
-
-    if (!['google', 'github'].includes(provider)) {
-      logger.warn('Invalid provider in state', { provider });
-      throw new AppError('Invalid provider in state', 400, ERROR_CODES.INVALID_INPUT);
-    }
-    if (!redirectUri) {
-      throw new AppError('Redirect URL is required', 400, ERROR_CODES.INVALID_INPUT);
-    }
-
-    if (success !== 'true') {
-      const errorMessage = error || 'OAuth authentication failed';
-      logger.warn('Shared OAuth callback failed', { error: errorMessage, provider });
-      return res.redirect(`${redirectUri}?error=${encodeURIComponent(String(errorMessage))}`);
-    }
-    if (!payload) {
-      throw new AppError('No payload provided in callback', 400, ERROR_CODES.INVALID_INPUT);
-    }
-
-    const payloadData = JSON.parse(Buffer.from(payload as string, 'base64').toString('utf8'));
-    let result;
-    if (provider === 'google') {
-      // Handle Google OAuth payload
-      const googleUserInfo = {
-        sub: payloadData.providerId,
-        email: payloadData.email,
-        name: payloadData.name || '',
-        userName: payloadData.userName || '',
-        picture: payloadData.avatar || '',
-      };
-      result = await authService.findOrCreateGoogleUser(googleUserInfo);
-    } else if (provider === 'github') {
-      // Handle GitHub OAuth payload
-      const githubUserInfo = {
-        id: payloadData.providerId,
-        login: payloadData.login || '',
-        email: payloadData.email,
-        name: payloadData.name || '',
-        avatar_url: payloadData.avatar || '',
-      };
-      result = await authService.findOrCreateGitHubUser(githubUserInfo);
-    }
-
-    const finalredirectUri = new URL(redirectUri);
-    finalredirectUri.searchParams.set('access_token', result?.accessToken ?? '');
-    finalredirectUri.searchParams.set('user_id', result?.user.id ?? '');
-    finalredirectUri.searchParams.set('email', result?.user.email ?? '');
-    finalredirectUri.searchParams.set('name', result?.user.name ?? '');
-    res.redirect(finalredirectUri.toString());
-  } catch (error) {
-    logger.error('Shared OAuth callback error', { error });
-    next(error);
-  }
-});
-
-// GET /api/auth/oauth/:provider/callback - OAuth provider callback
-router.get('/:provider/callback', async (req: Request, res: Response, _: NextFunction) => {
-  try {
-    const { provider } = req.params;
-    const { code, state, token } = req.query;
-
-    let redirectUri = '/';
-
-    if (state) {
-      try {
-        const stateData = jwt.verify(
-          state as string,
-          process.env.JWT_SECRET || 'default_secret'
-        ) as {
-          provider: string;
-          redirectUri: string;
-        };
-        redirectUri = stateData.redirectUri || '/';
-      } catch {
-        // Invalid state
-      }
-    }
-
-    if (!['google', 'github'].includes(provider)) {
-      throw new AppError('Invalid provider', 400, ERROR_CODES.INVALID_INPUT);
-    }
-
-    let result;
-
-    if (provider === 'google') {
-      let id_token: string;
-
-      if (token) {
-        id_token = token as string;
-      } else if (code) {
-        const tokens = await authService.exchangeCodeToTokenByGoogle(code as string);
-        id_token = tokens.id_token;
-      } else {
-        throw new AppError(
-          'No authorization code or token provided',
-          400,
-          ERROR_CODES.INVALID_INPUT
-        );
-      }
-
-      const googleUserInfo = await authService.verifyGoogleToken(id_token);
-      result = await authService.findOrCreateGoogleUser(googleUserInfo);
-    } else if (provider === 'github') {
-      if (!code) {
-        throw new AppError('No authorization code provided', 400, ERROR_CODES.INVALID_INPUT);
-      }
-
-      const accessToken = await authService.exchangeGitHubCodeForToken(code as string);
-      const githubUserInfo = await authService.getGitHubUserInfo(accessToken);
-      result = await authService.findOrCreateGitHubUser(githubUserInfo);
-    }
-
-    // Create URL with JWT token and user info (like the working example)
-    const finalredirectUri = new URL(redirectUri);
-    finalredirectUri.searchParams.set('access_token', result?.accessToken ?? '');
-    finalredirectUri.searchParams.set('user_id', result?.user.id ?? '');
-    finalredirectUri.searchParams.set('email', result?.user.email ?? '');
-    finalredirectUri.searchParams.set('name', result?.user.name ?? '');
-
-    logger.info('OAuth callback successful, redirecting with token', {
-      redirectUri: finalredirectUri.toString(),
-      hasAccessToken: !!result?.accessToken,
-      userId: result?.user.id,
-    });
-
-    // Redirect directly to the app with token in URL
-    return res.redirect(finalredirectUri.toString());
-  } catch (error) {
-    logger.error('OAuth callback error', {
-      error: error instanceof Error ? error.message : error,
-      stack: error instanceof Error ? error.stack : undefined,
-      provider: req.params.provider,
-      hasCode: !!req.query.code,
-      hasState: !!req.query.state,
-      hasToken: !!req.query.token,
-    });
-
-    // Redirect to app with error message
-    const { state } = req.query;
-    const redirectUri = state
-      ? (() => {
-          try {
-            const stateData = JSON.parse(Buffer.from(state as string, 'base64').toString());
-            return stateData.redirectUri || '/';
-          } catch {
-            return '/';
-          }
-        })()
-      : '/';
-
-    const errorMessage = error instanceof Error ? error.message : 'OAuth authentication failed';
-
-    // Redirect with error in URL parameters
-    const errorredirectUri = new URL(redirectUri);
-    errorredirectUri.searchParams.set('error', errorMessage);
-
-    return res.redirect(errorredirectUri.toString());
-  }
-});
-
-// ============= OAuth Configuration Management Endpoints =============
-
-// GET /api/auth/oauth/configs - List all OAuth configurations (admin only)
-router.get('/configs', verifyAdmin, async (req: AuthRequest, res: Response, next: NextFunction) => {
-  try {
-    const configs = await oauthConfigService.getAllConfigs();
-
-    const response: ListOAuthConfigsResponse = {
-      data: configs,
-      count: configs.length,
-    };
-    successResponse(res, response);
-  } catch (error) {
-    logger.error('Failed to list OAuth configurations', { error });
-    next(error);
-  }
-});
-
-// GET /api/auth/oauth/configs/:provider - Get specific OAuth configuration (admin only)
-router.get(
-  '/configs/:provider',
-  verifyAdmin,
-  async (req: AuthRequest, res: Response, next: NextFunction) => {
-    try {
-      const provider = req.params.provider;
-      if (!provider || provider.length === 0 || provider.length > 50) {
-        throw new AppError('Invalid provider name', 400, ERROR_CODES.INVALID_INPUT);
-      }
-      const config = await oauthConfigService.getConfigByProvider(provider);
-      const clientSecret = await oauthConfigService.getClientSecretByProvider(provider);
-
-      if (!config) {
-        throw new AppError(
-          `OAuth configuration for ${provider} not found`,
-          404,
-          ERROR_CODES.NOT_FOUND
-        );
-      }
-
-      successResponse(res, { ...config, clientSecret });
-    } catch (error) {
-      logger.error('Failed to get OAuth configuration', { error, provider: req.params.provider });
-      next(error);
-    }
-  }
-);
-
-// POST /api/auth/oauth/configs - Create new OAuth configuration (admin only)
-router.post(
-  '/configs',
-  verifyAdmin,
-  async (req: AuthRequest, res: Response, next: NextFunction) => {
-    try {
-      const validationResult = createOAuthConfigRequestSchema.safeParse(req.body);
-      if (!validationResult.success) {
-        throw new AppError(
-          validationResult.error.issues.map((e) => `${e.path.join('.')}: ${e.message}`).join(', '),
-          400,
-          ERROR_CODES.INVALID_INPUT
-        );
-      }
-
-      const input = validationResult.data;
-
-      // Check if using shared keys when not allowed
-      if (input.useSharedKey && !isOAuthSharedKeysAvailable()) {
-        throw new AppError(
-          'Shared OAuth keys are not enabled in this environment',
-          400,
-          ERROR_CODES.AUTH_OAUTH_CONFIG_ERROR
-        );
-      }
-
-      const config = await oauthConfigService.createConfig(input);
-
-      await auditService.log({
-        actor: req.user?.email || 'api-key',
-        action: 'CREATE_OAUTH_CONFIG',
-        module: 'AUTH',
-        details: {
-          provider: input.provider,
-          useSharedKey: input.useSharedKey || false,
-        },
-        ip_address: req.ip,
-      });
-
-      // Broadcast configuration change
-      const socket = SocketService.getInstance();
-      socket.broadcastToRoom('role:project_admin', ServerEvents.DATA_UPDATE, {
-        resource: DataUpdateResourceType.AUTH_SCHEMA,
-      });
-
-      successResponse(res, config);
-    } catch (error) {
-      logger.error('Failed to create OAuth configuration', { error });
-      next(error);
-    }
-  }
-);
-
-// PUT /api/auth/oauth/configs/:provider - Update OAuth configuration (admin only)
-router.put(
-  '/configs/:provider',
-  verifyAdmin,
-  async (req: AuthRequest, res: Response, next: NextFunction) => {
-    try {
-      const provider = req.params.provider;
-      if (!provider || provider.length === 0 || provider.length > 50) {
-        throw new AppError('Invalid provider name', 400, ERROR_CODES.INVALID_INPUT);
-      }
-
-      const validationResult = updateOAuthConfigRequestSchema.safeParse(req.body);
-      if (!validationResult.success) {
-        throw new AppError(
-          validationResult.error.issues.map((e) => `${e.path.join('.')}: ${e.message}`).join(', '),
-          400,
-          ERROR_CODES.INVALID_INPUT
-        );
-      }
-
-      const input = validationResult.data;
-
-      // Check if using shared keys when not allowed
-      if (input.useSharedKey && !isOAuthSharedKeysAvailable()) {
-        throw new AppError(
-          'Shared OAuth keys are not enabled in this environment',
-          400,
-          ERROR_CODES.AUTH_OAUTH_CONFIG_ERROR
-        );
-      }
-
-      const config = await oauthConfigService.updateConfig(provider, input);
-
-      await auditService.log({
-        actor: req.user?.email || 'api-key',
-        action: 'UPDATE_OAUTH_CONFIG',
-        module: 'AUTH',
-        details: {
-          provider,
-          updatedFields: Object.keys(input),
-        },
-        ip_address: req.ip,
-      });
-
-      // Broadcast configuration change
-      const socket = SocketService.getInstance();
-      socket.broadcastToRoom('role:project_admin', ServerEvents.DATA_UPDATE, {
-        resource: DataUpdateResourceType.AUTH_SCHEMA,
-      });
-
-      successResponse(res, config);
-    } catch (error) {
-      logger.error('Failed to update OAuth configuration', {
-        error,
-        provider: req.params.provider,
-      });
-      next(error);
-    }
-  }
-);
-
-// DELETE /api/auth/oauth/configs/:provider - Delete OAuth configuration (admin only)
-router.delete(
-  '/configs/:provider',
-  verifyAdmin,
-  async (req: AuthRequest, res: Response, next: NextFunction) => {
-    try {
-      const provider = req.params.provider;
-      if (!provider || provider.length === 0 || provider.length > 50) {
-        throw new AppError('Invalid provider name', 400, ERROR_CODES.INVALID_INPUT);
-      }
-      const deleted = await oauthConfigService.deleteConfig(provider);
-
-      if (!deleted) {
-        throw new AppError(
-          `OAuth configuration for ${provider} not found`,
-          404,
-          ERROR_CODES.NOT_FOUND
-        );
-      }
-
-      await auditService.log({
-        actor: req.user?.email || 'api-key',
-        action: 'DELETE_OAUTH_CONFIG',
-        module: 'AUTH',
-        details: { provider },
-        ip_address: req.ip,
-      });
-
-      // Broadcast configuration change
-      const socket = SocketService.getInstance();
-      socket.broadcastToRoom('role:project_admin', ServerEvents.DATA_UPDATE, {
-        resource: DataUpdateResourceType.AUTH_SCHEMA,
-      });
-
-      successResponse(res, {
-        success: true,
-        message: `OAuth configuration for ${provider} deleted successfully`,
-      });
-    } catch (error) {
-      logger.error('Failed to delete OAuth configuration', {
-        error,
-        provider: req.params.provider,
-      });
-      next(error);
-    }
-  }
-);
-
-export default router;