npm - insforge - Versions diffs - 0.3.2 → 1.2.10 - Mend

insforge 0.3.2 → 1.2.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (507) hide show

package/backend/src/api/routes/auth.ts DELETED Viewed

@@ -1,386 +0,0 @@
-import { Router, Request, Response, NextFunction } from 'express';
-import { AuthService } from '@/core/auth/auth.js';
-import { AuditService } from '@/core/logs/audit.js';
-import { AppError } from '@/api/middleware/error.js';
-import { ERROR_CODES } from '@/types/error-constants.js';
-import { successResponse } from '@/utils/response.js';
-import { AuthRequest, verifyAdmin } from '@/api/middleware/auth.js';
-import oauthRouter from './auth.oauth.js';
-import {
-  userIdSchema,
-  createUserRequestSchema,
-  createSessionRequestSchema,
-  createAdminSessionRequestSchema,
-  deleteUsersRequestSchema,
-  listUsersRequestSchema,
-  type CreateUserResponse,
-  type CreateSessionResponse,
-  type CreateAdminSessionResponse,
-  type GetCurrentSessionResponse,
-  type ListUsersResponse,
-  type DeleteUsersResponse,
-  exchangeAdminSessionRequestSchema,
-} from '@insforge/shared-schemas';
-import { UserRecord } from '@/types/auth.js';
-const router = Router();
-const authService = AuthService.getInstance();
-const auditService = AuditService.getInstance();
-// Mount OAuth routes
-router.use('/oauth', oauthRouter);
-// POST /api/auth/users - Create a new user (registration)
-router.post('/users', async (req: Request, res: Response, next: NextFunction) => {
-  try {
-    const validationResult = createUserRequestSchema.safeParse(req.body);
-    if (!validationResult.success) {
-      throw new AppError(
-        validationResult.error.issues.map((e) => `${e.path.join('.')}: ${e.message}`).join(', '),
-        400,
-        ERROR_CODES.INVALID_INPUT
-      );
-    }
-    const { email, password, name } = validationResult.data;
-    const result: CreateUserResponse = await authService.register(email, password, name);
-    successResponse(res, result);
-  } catch (error) {
-    next(error);
-  }
-});
-// POST /api/auth/sessions - Create a new session (login)
-router.post('/sessions', async (req: Request, res: Response, next: NextFunction) => {
-  try {
-    const validationResult = createSessionRequestSchema.safeParse(req.body);
-    if (!validationResult.success) {
-      throw new AppError(
-        validationResult.error.issues.map((e) => `${e.path.join('.')}: ${e.message}`).join(', '),
-        400,
-        ERROR_CODES.INVALID_INPUT
-      );
-    }
-    const { email, password } = validationResult.data;
-    const result: CreateSessionResponse = await authService.login(email, password);
-    successResponse(res, result);
-  } catch (error) {
-    next(error);
-  }
-});
-// POST /api/auth/admin/sessions/exchange - Create admin session
-router.post('/admin/sessions/exchange', async (req: Request, res: Response, next: NextFunction) => {
-  try {
-    const validationResult = exchangeAdminSessionRequestSchema.safeParse(req.body);
-    if (!validationResult.success) {
-      throw new AppError(
-        validationResult.error.issues.map((e) => `${e.path.join('.')}: ${e.message}`).join(', '),
-        400,
-        ERROR_CODES.INVALID_INPUT
-      );
-    }
-    const { code } = validationResult.data;
-    const result: CreateAdminSessionResponse =
-      await authService.adminLoginWithAuthorizationCode(code);
-    successResponse(res, result);
-  } catch (error) {
-    if (error instanceof AppError) {
-      next(error);
-    } else {
-      // Convert other errors (like JWT verification errors) to 400
-      next(
-        new AppError(
-          'Failed to exchange admin session' + (error instanceof Error ? `: ${error.message}` : ''),
-          400,
-          ERROR_CODES.INVALID_INPUT
-        )
-      );
-    }
-  }
-});
-// POST /api/auth/admin/sessions - Create admin session
-router.post('/admin/sessions', (req: Request, res: Response, next: NextFunction) => {
-  try {
-    const validationResult = createAdminSessionRequestSchema.safeParse(req.body);
-    if (!validationResult.success) {
-      throw new AppError(
-        validationResult.error.issues.map((e) => `${e.path.join('.')}: ${e.message}`).join(', '),
-        400,
-        ERROR_CODES.INVALID_INPUT
-      );
-    }
-    const { email, password } = validationResult.data;
-    const result: CreateAdminSessionResponse = authService.adminLogin(email, password);
-    successResponse(res, result);
-  } catch (error) {
-    next(error);
-  }
-});
-// GET /api/auth/sessions/current - Get current session user
-router.get('/sessions/current', (req: Request, res: Response, next: NextFunction) => {
-  try {
-    const authHeader = req.headers.authorization;
-    if (!authHeader || !authHeader.startsWith('Bearer ')) {
-      throw new AppError('No token provided', 401, ERROR_CODES.AUTH_INVALID_CREDENTIALS);
-    }
-    const token = authHeader.substring(7);
-    const payload = authService.verifyToken(token);
-    const response: GetCurrentSessionResponse = {
-      user: {
-        id: payload.sub,
-        email: payload.email,
-        role: payload.role,
-      },
-    };
-    res.json(response);
-  } catch {
-    next(new AppError('Invalid token', 401, ERROR_CODES.AUTH_INVALID_CREDENTIALS));
-  }
-});
-// GET /api/auth/users - List all users (admin only)
-router.get('/users', verifyAdmin, async (req: Request, res: Response, next: NextFunction) => {
-  try {
-    const queryValidation = listUsersRequestSchema.safeParse(req.query);
-    const queryParams = queryValidation.success ? queryValidation.data : req.query;
-    const { limit = '10', offset = '0', search } = queryParams || {};
-    const db = authService.getDb();
-    let query = `
-      SELECT
-        u.id,
-        u.email,
-        u.name,
-        u.email_verified,
-        u.created_at,
-        u.updated_at,
-        u.password,
-        STRING_AGG(a.provider, ',') as providers
-      FROM _accounts u
-      LEFT JOIN _account_providers a ON u.id = a.user_id
-    `;
-    const params: (string | number)[] = [];
-    if (search) {
-      query += ' WHERE u.email LIKE ? OR u.name LIKE ?';
-      params.push(`%${search}%`, `%${search}%`);
-    }
-    query += ' GROUP BY u.id ORDER BY u.created_at DESC LIMIT ? OFFSET ?';
-    params.push(parseInt(limit as string), parseInt(offset as string));
-    const dbUsers = await db.prepare(query).all(...params);
-    // Simple transformation - just format the provider as identities
-    const users = dbUsers.map((dbUser: UserRecord) => {
-      const identities = [];
-      const providers: string[] = [];
-      // Add social providers if any
-      if (dbUser.providers) {
-        dbUser.providers.split(',').forEach((provider: string) => {
-          identities.push({ provider });
-          providers.push(provider);
-        });
-      }
-      // Add email provider if password exists
-      if (dbUser.password) {
-        identities.push({ provider: 'email' });
-        providers.push('email');
-      }
-      // Use first provider to determine type: 'email' or 'social'
-      const firstProvider = providers[0];
-      const provider_type = firstProvider === 'email' ? 'email' : 'social';
-      // Return for frontend compatibility
-      return {
-        id: dbUser.id,
-        email: dbUser.email,
-        name: dbUser.name,
-        emailVerified: dbUser.email_verified,
-        createdAt: dbUser.created_at,
-        updatedAt: dbUser.updated_at,
-        identities: identities,
-        providerType: provider_type,
-      };
-    });
-    let countQuery = 'SELECT COUNT(*) as count FROM _accounts';
-    const countParams: string[] = [];
-    if (search) {
-      countQuery += ' WHERE email LIKE ? OR name LIKE ?';
-      countParams.push(`%${search}%`, `%${search}%`);
-    }
-    const { count } = (await db.prepare(countQuery).get(...countParams)) as { count: number };
-    const response: ListUsersResponse = {
-      data: users,
-      pagination: {
-        offset: parseInt(offset as string),
-        limit: parseInt(limit as string),
-        total: count,
-      },
-    };
-    res.json(response);
-  } catch (error) {
-    next(error);
-  }
-});
-// GET /api/auth/users/:id - Get specific user (admin only)
-router.get(
-  '/users/:userId',
-  verifyAdmin,
-  async (req: Request, res: Response, next: NextFunction) => {
-    try {
-      // Validate userId path parameter directly
-      const userIdValidation = userIdSchema.safeParse(req.params.userId);
-      if (!userIdValidation.success) {
-        throw new AppError('Invalid user ID format', 400, ERROR_CODES.INVALID_INPUT);
-      }
-      const userId = userIdValidation.data;
-      const db = authService.getDb();
-      const dbUser = (await db
-        .prepare(
-          `
-      SELECT
-        u.id,
-        u.email,
-        u.name,
-        u.email_verified,
-        u.created_at,
-        u.updated_at,
-        u.password,
-        STRING_AGG(a.provider, ',') as providers
-      FROM _accounts u
-      LEFT JOIN _account_providers a ON u.id = a.user_id
-      WHERE u.id = ?
-      GROUP BY u.id
-    `
-        )
-        .get(userId)) as UserRecord | undefined;
-      if (!dbUser) {
-        throw new AppError('User not found', 404, ERROR_CODES.NOT_FOUND);
-      }
-      // Simple transformation - just format the provider as identities
-      const identities = [];
-      const providers: string[] = [];
-      // Add social providers if any
-      if (dbUser.providers) {
-        dbUser.providers.split(',').forEach((provider: string) => {
-          identities.push({ provider });
-          providers.push(provider);
-        });
-      }
-      // Add email provider if password exists
-      if (dbUser.password) {
-        identities.push({ provider: 'Email' });
-        providers.push('email');
-      }
-      // Use first provider to determine type: 'email' or 'social'
-      const firstProvider = providers[0];
-      const provider_type = firstProvider === 'email' ? 'Email' : 'Social';
-      // Return snake_case for frontend compatibility
-      const user = {
-        id: dbUser.id,
-        email: dbUser.email,
-        name: dbUser.name,
-        email_verified: dbUser.email_verified,
-        created_at: dbUser.created_at,
-        updated_at: dbUser.updated_at,
-        identities: identities,
-        provider_type: provider_type,
-      };
-      res.json(user);
-    } catch (error) {
-      next(error);
-    }
-  }
-);
-// DELETE /api/auth/users - Delete users (batch operation, admin only)
-router.delete(
-  '/users',
-  verifyAdmin,
-  async (req: AuthRequest, res: Response, next: NextFunction) => {
-    try {
-      const validationResult = deleteUsersRequestSchema.safeParse(req.body);
-      if (!validationResult.success) {
-        throw new AppError(
-          validationResult.error.issues.map((e) => `${e.path.join('.')}: ${e.message}`).join(', '),
-          400,
-          ERROR_CODES.INVALID_INPUT
-        );
-      }
-      const { userIds } = validationResult.data;
-      const db = authService.getDb();
-      const placeholders = userIds.map(() => '?').join(',');
-      await db.prepare(`DELETE FROM _accounts WHERE id IN (${placeholders})`).run(...userIds);
-      // Log audit for user deletion
-      await auditService.log({
-        actor: req.user?.email || 'api-key',
-        action: 'DELETE_USERS',
-        module: 'AUTH',
-        details: {
-          userIds,
-          deletedCount: userIds.length,
-        },
-        ip_address: req.ip,
-      });
-      const response: DeleteUsersResponse = {
-        message: 'Users deleted successfully',
-        deletedCount: userIds.length,
-      };
-      res.json(response);
-    } catch (error) {
-      next(error);
-    }
-  }
-);
-// POST /api/auth/tokens/anon - Generate anonymous JWT token (never expires)
-router.post('/tokens/anon', verifyAdmin, (_req: Request, res: Response, next: NextFunction) => {
-  try {
-    const token = authService.generateAnonToken();
-    successResponse(res, {
-      accessToken: token,
-      message: 'Anonymous token generated successfully (never expires)',
-    });
-  } catch (error) {
-    next(error);
-  }
-});
-export default router;

package/backend/src/api/routes/docs.ts DELETED Viewed

@@ -1,66 +0,0 @@
-import { Router } from 'express';
-import { readFile } from 'fs/promises';
-import path from 'path';
-import { fileURLToPath } from 'url';
-import { successResponse, errorResponse } from '@/utils/response.js';
-import { ERROR_CODES } from '@/types/error-constants.js';
-const __filename = fileURLToPath(import.meta.url);
-const __dirname = path.dirname(__filename);
-const router = Router();
-// Define available documentation files
-const DOCS_MAP: Record<string, string> = {
-  instructions: 'insforge-instructions-sdk.md',
-  'db-api': 'insforge-db-sdk.md',
-  'auth-api': 'insforge-auth-sdk.md',
-  'storage-api': 'insforge-storage-sdk.md',
-  debug: 'insforge-debug-sdk.md',
-  project: 'insforge-project-sdk.md',
-};
-// GET /api/docs/:docType - Get specific documentation
-router.get('/:docType', async (req, res, next) => {
-  try {
-    const { docType } = req.params;
-    // Validate doc type
-    const docFileName = DOCS_MAP[docType];
-    if (!docFileName) {
-      return errorResponse(res, ERROR_CODES.NOT_FOUND, 'Documentation not found', 404);
-    }
-    // Read the documentation file
-    // PROJECT_ROOT is set in the docker-compose.yml file to point to the InsForge directory
-    const projectRoot = process.env.PROJECT_ROOT || path.resolve(__dirname, '../../../..');
-    const filePath = path.join(projectRoot, 'docs', docFileName);
-    const content = await readFile(filePath, 'utf-8');
-    // Traditional REST: return documentation directly
-    return successResponse(res, {
-      type: docType,
-      content,
-    });
-  } catch (error) {
-    // If file doesn't exist or other error
-    if (error instanceof Error && 'code' in error && error.code === 'ENOENT') {
-      return errorResponse(res, ERROR_CODES.NOT_FOUND, 'Documentation file not found', 404);
-    }
-    next(error);
-  }
-});
-// GET /api/docs - List available documentation
-router.get('/', (_req, res) => {
-  const available = Object.keys(DOCS_MAP).map((key) => ({
-    type: key,
-    filename: DOCS_MAP[key],
-    endpoint: `/api/docs/${key}`,
-  }));
-  // Traditional REST: return list directly
-  return successResponse(res, available);
-});
-export { router as docsRouter };

package/backend/src/api/routes/functions.ts DELETED Viewed

@@ -1,183 +0,0 @@
-import { Router, Response } from 'express';
-import { AuthRequest, verifyAdmin } from '@/api/middleware/auth.js';
-import { FunctionsService } from '@/core/functions/functions.js';
-import { AuditService } from '@/core/logs/audit.js';
-import { AppError } from '@/api/middleware/error.js';
-import logger from '@/utils/logger.js';
-import { functionUploadRequestSchema, functionUpdateRequestSchema } from '@insforge/shared-schemas';
-const router = Router();
-const functionsService = FunctionsService.getInstance();
-const auditService = AuditService.getInstance();
-/**
- * GET /api/functions
- * List all edge functions
- */
-router.get('/', verifyAdmin, async (req: AuthRequest, res: Response) => {
-  try {
-    const result = await functionsService.listFunctions();
-    res.json(result);
-  } catch {
-    res.status(500).json({ error: 'Failed to list functions' });
-  }
-});
-/**
- * GET /api/functions/:slug
- * Get specific function details including code
- */
-router.get('/:slug', verifyAdmin, async (req: AuthRequest, res: Response) => {
-  try {
-    const { slug } = req.params;
-    const func = await functionsService.getFunction(slug);
-    if (!func) {
-      return res.status(404).json({ error: 'Function not found' });
-    }
-    res.json(func);
-  } catch {
-    res.status(500).json({ error: 'Failed to get function' });
-  }
-});
-/**
- * POST /api/functions
- * Create a new function
- */
-router.post('/', verifyAdmin, async (req: AuthRequest, res: Response) => {
-  try {
-    const validation = functionUploadRequestSchema.safeParse(req.body);
-    if (!validation.success) {
-      return res.status(400).json({
-        error: 'Invalid request',
-        details: validation.error.issues,
-      });
-    }
-    const created = await functionsService.createFunction(validation.data);
-    // Log audit event
-    logger.info(`Function ${created.name} (${created.slug}) created by ${req.user?.email}`);
-    await auditService.log({
-      actor: req.user?.email || 'api-key',
-      action: 'CREATE_FUNCTION',
-      module: 'FUNCTIONS',
-      details: {
-        functionId: created.id,
-        slug: created.slug,
-        name: created.name,
-        status: created.status,
-      },
-      ip_address: req.ip,
-    });
-    res.status(201).json({
-      success: true,
-      function: created,
-    });
-  } catch (error) {
-    if (error instanceof AppError) {
-      return res.status(error.statusCode).json({
-        error: error.code,
-        message: error.message,
-      });
-    }
-    res.status(500).json({
-      error: 'INTERNAL_ERROR',
-      message: error instanceof Error ? error.message : 'Failed to create function',
-    });
-  }
-});
-/**
- * PUT /api/functions/:slug
- * Update an existing function
- */
-router.put('/:slug', verifyAdmin, async (req: AuthRequest, res: Response) => {
-  try {
-    const { slug } = req.params;
-    const validation = functionUpdateRequestSchema.safeParse(req.body);
-    if (!validation.success) {
-      return res.status(400).json({
-        error: 'Invalid request',
-        details: validation.error.issues,
-      });
-    }
-    const updated = await functionsService.updateFunction(slug, validation.data);
-    if (!updated) {
-      return res.status(404).json({ error: 'Function not found' });
-    }
-    // Log audit event
-    logger.info(`Function ${slug} updated by ${req.user?.email}`);
-    await auditService.log({
-      actor: req.user?.email || 'api-key',
-      action: 'UPDATE_FUNCTION',
-      module: 'FUNCTIONS',
-      details: {
-        slug,
-        changes: validation.data,
-      },
-      ip_address: req.ip,
-    });
-    res.json({
-      success: true,
-      function: updated,
-    });
-  } catch (error) {
-    if (error instanceof AppError) {
-      return res.status(error.statusCode).json({
-        error: error.code,
-        message: error.message,
-      });
-    }
-    res.status(500).json({
-      error: 'INTERNAL_ERROR',
-      message: error instanceof Error ? error.message : 'Failed to update function',
-    });
-  }
-});
-/**
- * DELETE /api/functions/:slug
- * Delete a function
- */
-router.delete('/:slug', verifyAdmin, async (req: AuthRequest, res: Response) => {
-  try {
-    const { slug } = req.params;
-    const deleted = await functionsService.deleteFunction(slug);
-    if (!deleted) {
-      return res.status(404).json({ error: 'Function not found' });
-    }
-    // Log audit event
-    logger.info(`Function ${slug} deleted by ${req.user?.email}`);
-    await auditService.log({
-      actor: req.user?.email || 'api-key',
-      action: 'DELETE_FUNCTION',
-      module: 'FUNCTIONS',
-      details: {
-        slug,
-      },
-      ip_address: req.ip,
-    });
-    res.json({
-      success: true,
-      message: `Function ${slug} deleted successfully`,
-    });
-  } catch {
-    res.status(500).json({ error: 'Failed to delete function' });
-  }
-});
-export default router;