npm - insforge - Versions diffs - 0.3.3 → 1.2.10 - Mend

insforge 0.3.3 → 1.2.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (507) hide show

package/auth/src/pages/SignInPage.tsx ADDED Viewed

@@ -0,0 +1,57 @@
+import { useCallback, useEffect } from 'react';
+import { useSearchParams } from 'react-router-dom';
+import { SignIn } from '@insforge/react';
+import broadcastService, { BroadcastEventType, BroadcastEvent } from '../lib/broadcastService';
+import { ErrorCard } from '../components/ErrorCard';
+export function SignInPage() {
+  const [searchParams] = useSearchParams();
+  const redirectUrl = searchParams.get('redirect');
+  // Listen for email verification success from other tabs
+  useEffect(() => {
+    if (!redirectUrl) {
+      return;
+    }
+    const unsubscribeVerified = broadcastService.subscribe(
+      BroadcastEventType.EMAIL_VERIFIED_SUCCESS,
+      (event: BroadcastEvent) => {
+        const { accessToken, user } = event.data || {};
+        if (accessToken && user) {
+          // Email verified in another tab, redirect with token
+          try {
+            const finalUrl = new URL(redirectUrl, window.location.origin);
+            const params = new URLSearchParams();
+            params.set('access_token', accessToken);
+            params.set('user_id', user.id);
+            params.set('email', user.email);
+            params.set('name', user.name);
+            finalUrl.search = params.toString();
+            window.location.href = finalUrl.toString();
+          } catch {
+            console.error('Failed to redirect to final URL');
+          }
+        }
+      }
+    );
+    return () => {
+      unsubscribeVerified();
+    };
+  }, [redirectUrl]);
+  const handleError = useCallback((error: Error) => {
+    console.error('Sign in failed:', error);
+  }, []);
+  if (!redirectUrl) {
+    return (
+      <ErrorCard title="Missing Redirect URL">
+        <p>No redirect URL provided. Please check the URL and try again.</p>
+      </ErrorCard>
+    );
+  }
+  return <SignIn onError={handleError} />;
+}

package/auth/src/pages/SignUpPage.tsx ADDED Viewed

@@ -0,0 +1,57 @@
+import { useCallback, useEffect } from 'react';
+import { useSearchParams } from 'react-router-dom';
+import { SignUp } from '@insforge/react';
+import broadcastService, { BroadcastEventType, BroadcastEvent } from '../lib/broadcastService';
+import { ErrorCard } from '../components/ErrorCard';
+export function SignUpPage() {
+  const [searchParams] = useSearchParams();
+  const redirectUrl = searchParams.get('redirect');
+  // Listen for email verification success from other tabs
+  useEffect(() => {
+    if (!redirectUrl) {
+      return;
+    }
+    const unsubscribeVerified = broadcastService.subscribe(
+      BroadcastEventType.EMAIL_VERIFIED_SUCCESS,
+      (event: BroadcastEvent) => {
+        const { accessToken, user } = event.data || {};
+        if (accessToken && user) {
+          // Email verified in another tab, redirect with token
+          try {
+            const finalUrl = new URL(redirectUrl, window.location.origin);
+            const params = new URLSearchParams();
+            params.set('access_token', accessToken);
+            params.set('user_id', user.id);
+            params.set('email', user.email);
+            params.set('name', user.name);
+            finalUrl.search = params.toString();
+            window.location.href = finalUrl.toString();
+          } catch {
+            console.error('Failed to redirect to final URL');
+          }
+        }
+      }
+    );
+    return () => {
+      unsubscribeVerified();
+    };
+  }, [redirectUrl]);
+  const handleError = useCallback((error: Error) => {
+    console.error('Sign up failed:', error);
+  }, []);
+  if (!redirectUrl) {
+    return (
+      <ErrorCard title="Missing Redirect URL">
+        <p>No redirect URL provided. Please check the URL and try again.</p>
+      </ErrorCard>
+    );
+  }
+  return <SignUp onError={handleError} />;
+}

package/auth/src/pages/VerifyEmailPage.tsx ADDED Viewed

@@ -0,0 +1,20 @@
+import { useSearchParams } from 'react-router-dom';
+import { VerifyEmail } from '@insforge/react';
+import broadcastService, { BroadcastEventType } from '../lib/broadcastService';
+export function VerifyEmailPage() {
+  const [searchParams] = useSearchParams();
+  const token = searchParams.get('token');
+  return (
+    <VerifyEmail
+      token={token || ''}
+      onSuccess={(data) => {
+        broadcastService.broadcast(BroadcastEventType.EMAIL_VERIFIED_SUCCESS, data);
+      }}
+      onError={(error) => {
+        console.error('Email verification failed:', error);
+      }}
+    />
+  );
+}

package/auth/src/vite-env.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+/// <reference types="vite/client" />
+/// <reference types="vite-plugin-svgr/client" />
+interface ImportMetaEnv {
+  readonly VITE_API_BASE_URL?: string;
+}
+interface ImportMeta {
+  readonly env: ImportMetaEnv;
+}

package/auth/tsconfig.json ADDED Viewed

@@ -0,0 +1,32 @@
+{
+  "compilerOptions": {
+    "target": "ES2020",
+    "useDefineForClassFields": true,
+    "lib": ["ES2020", "DOM", "DOM.Iterable"],
+    "module": "ESNext",
+    "skipLibCheck": true,
+    /* Bundler mode */
+    "moduleResolution": "bundler",
+    "allowImportingTsExtensions": true,
+    "resolveJsonModule": true,
+    "isolatedModules": true,
+    "noEmit": true,
+    "jsx": "react-jsx",
+    /* Linting */
+    "strict": true,
+    "noUnusedLocals": true,
+    "noUnusedParameters": true,
+    "noFallthroughCasesInSwitch": true,
+    /* Path mapping */
+    "baseUrl": ".",
+    "paths": {
+      "@/*": ["./src/*"]
+    }
+  },
+  "include": ["src"],
+  "references": [{ "path": "./tsconfig.node.json" }]
+}

package/auth/tsconfig.node.json ADDED Viewed

@@ -0,0 +1,11 @@
+{
+  "compilerOptions": {
+    "composite": true,
+    "skipLibCheck": true,
+    "module": "ESNext",
+    "moduleResolution": "bundler",
+    "allowSyntheticDefaultImports": true
+  },
+  "include": ["vite.config.ts"]
+}

package/auth/vite.config.ts ADDED Viewed

@@ -0,0 +1,25 @@
+import { defineConfig } from 'vite';
+import react from '@vitejs/plugin-react';
+import tailwindcss from '@tailwindcss/vite';
+import path from 'path';
+export default defineConfig({
+  base: '/auth/',
+  plugins: [react(), tailwindcss()],
+  resolve: {
+    alias: {
+      '@': path.resolve(__dirname, './src'),
+    },
+  },
+  server: {
+    port: 7132,
+    host: true,
+    strictPort: false,
+    watch: {
+      usePolling: true,
+    },
+  },
+  build: {
+    outDir: '../dist/auth',
+  },
+});

package/backend/package.json CHANGED Viewed

@@ -16,12 +16,12 @@
     "test:coverage": "vitest run --coverage",
     "test:ui": "vitest --ui",
     "test:e2e": "./tests/run-all-tests.sh",
-    "migrate:up": "node-pg-migrate up --migrations-table _migrations",
-    "migrate:down": "node-pg-migrate down --migrations-table _migrations",
-    "migrate:create": "node-pg-migrate create --migrations-table _migrations",
-    "migrate:redo": "node-pg-migrate redo --migrations-table _migrations",
-    "migrate:up:local": "dotenv -e ../.env -- node-pg-migrate up --migrations-table _migrations",
-    "migrate:down:local": "dotenv -e ../.env -- node-pg-migrate down --migrations-table _migrations"
+    "migrate:up": "node-pg-migrate up --migrations-dir src/infra/database/migrations --migrations-table _migrations",
+    "migrate:down": "node-pg-migrate down --migrations-dir src/infra/database/migrations --migrations-table _migrations",
+    "migrate:create": "node-pg-migrate create --migrations-dir src/infra/database/migrations --migrations-table _migrations",
+    "migrate:redo": "node-pg-migrate redo --migrations-dir src/infra/database/migrations --migrations-table _migrations",
+    "migrate:up:local": "dotenv -e ../.env -- node-pg-migrate up --migrations-dir src/infra/database/migrations --migrations-table _migrations",
+    "migrate:down:local": "dotenv -e ../.env -- node-pg-migrate down --migrations-dir src/infra/database/migrations --migrations-table _migrations"
   },
   "keywords": [
     "backend-as-a-service",
@@ -32,14 +32,13 @@
     "@asteasolutions/zod-to-openapi": "^7.3.4",
     "@aws-sdk/client-cloudwatch-logs": "^3.713.0",
     "@aws-sdk/client-s3": "^3.713.0",
+    "@aws-sdk/cloudfront-signer": "^3.901.0",
     "@aws-sdk/s3-presigned-post": "^3.879.0",
     "@aws-sdk/s3-request-presigner": "^3.879.0",
     "@databases/split-sql-query": "^1.0.4",
     "@databases/sql": "^3.3.0",
     "@types/multer": "^1.4.13",
-    "@types/node-pg-migrate": "^2.3.1",
     "@types/pg": "^8.15.4",
-    "@types/socket.io": "^3.0.2",
     "axios": "^1.11.0",
     "bcryptjs": "^3.0.2",
     "cors": "^2.8.5",
@@ -48,7 +47,7 @@
     "express": "^4.19.2",
     "express-rate-limit": "^7.1.5",
     "google-auth-library": "^10.1.0",
-    "jose": "^6.0.12",
+    "jose": "^6.1.0",
     "jsonwebtoken": "^9.0.2",
     "multer": "^2.0.2",
     "node-fetch": "^3.3.2",
@@ -70,6 +69,7 @@
     "tsup": "^8.5.0",
     "tsx": "^4.7.1",
     "typescript": "^5.3.3",
+    "vite-tsconfig-paths": "^5.1.4",
     "vitest": "^3.2.4"
   }
 }

package/backend/src/api/{middleware → middlewares}/auth.ts RENAMED Viewed

@@ -1,9 +1,8 @@
 import { Request, Response, NextFunction } from 'express';
-import { AuthService } from '@/core/auth/auth.js';
+import { TokenManager } from '@/infra/security/token.manager.js';
 import { AppError } from './error.js';
 import { ERROR_CODES, NEXT_ACTION } from '@/types/error-constants.js';
-import { verifyCloudToken } from '@/utils/cloud-token.js';
-import { SecretsService } from '@/core/secrets/secrets.js';
+import { SecretService } from '@/services/secrets/secret.service.js';
 export interface AuthRequest extends Request {
   user?: {
@@ -16,8 +15,8 @@ export interface AuthRequest extends Request {
   projectId?: string;
 }
-const authService = AuthService.getInstance();
-const secretService = new SecretsService();
+const tokenManager = TokenManager.getInstance();
+const secretService = SecretService.getInstance();
 // Helper function to extract Bearer token
 function extractBearerToken(authHeader: string | undefined): string | null {
@@ -86,7 +85,7 @@ export async function verifyAdmin(req: AuthRequest, res: Response, next: NextFun
     }
     // For admin, we use JWT tokens
-    const payload = authService.verifyToken(token);
+    const payload = tokenManager.verifyToken(token);
     if (payload.role !== 'project_admin') {
       throw new AppError(
@@ -167,7 +166,7 @@ export function verifyToken(req: AuthRequest, _res: Response, next: NextFunction
     }
     // Verify JWT token
-    const payload = authService.verifyToken(token);
+    const payload = tokenManager.verifyToken(token);
     // Validate token has a role
     if (!payload.role) {
@@ -215,8 +214,8 @@ export async function verifyCloudBackend(req: AuthRequest, _res: Response, next:
       );
     }
-    // Use helper function to verify cloud token
-    const { projectId } = await verifyCloudToken(token);
+    // Use TokenManager to verify cloud token
+    const { projectId } = await tokenManager.verifyCloudToken(token);
     // Set project_id on request for use in route handlers
     req.projectId = projectId;

package/backend/src/api/middlewares/rate-limiters.ts ADDED Viewed

@@ -0,0 +1,127 @@
+import rateLimit from 'express-rate-limit';
+import { Request, Response, NextFunction } from 'express';
+import { AppError } from './error.js';
+import { ERROR_CODES } from '@/types/error-constants.js';
+/**
+ * Store for tracking per-email cooldowns
+ * Maps email -> last request timestamp
+ */
+const emailCooldowns = new Map<string, number>();
+/**
+ * Cleanup old cooldown entries every 5 minutes
+ */
+setInterval(
+  () => {
+    const now = Date.now();
+    const fiveMinutes = 5 * 60 * 1000;
+    for (const [email, timestamp] of emailCooldowns.entries()) {
+      if (now - timestamp > fiveMinutes) {
+        emailCooldowns.delete(email);
+      }
+    }
+  },
+  5 * 60 * 1000
+);
+/**
+ * Per-IP rate limiter for email otp requests
+ * Prevents brute-force attacks, resource exhaustion, and enumeration from single IP
+ *
+ * Limits: 5 requests per 15 minutes per IP
+ * Counts ALL requests (both successful and failed) to prevent abuse
+ */
+export const sendEmailOTPRateLimiter = rateLimit({
+  windowMs: 15 * 60 * 1000, // 15 minutes
+  max: 5, // Limit each IP to 5 requests per windowMs
+  standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
+  legacyHeaders: false, // Disable the `X-RateLimit-*` headers
+  handler: (_req: Request, _res: Response, next: NextFunction) => {
+    next(
+      new AppError(
+        'Too many send email verification requests from this IP. Please try again in 15 minutes.',
+        429,
+        ERROR_CODES.TOO_MANY_REQUESTS
+      )
+    );
+  },
+  // Count all requests (both successes and failures) to prevent resource exhaustion and enumeration
+  skipSuccessfulRequests: false,
+  skipFailedRequests: false,
+});
+/**
+ * Per-IP rate limiter for email OTP verification attempts
+ * Prevents brute-force code guessing
+ *
+ * Limits: 10 attempts per 15 minutes per IP
+ */
+export const verifyOTPRateLimiter = rateLimit({
+  windowMs: 15 * 60 * 1000, // 15 minutes
+  max: 10, // Limit each IP to 10 verification attempts per windowMs
+  standardHeaders: true,
+  legacyHeaders: false,
+  handler: (_req: Request, _res: Response, next: NextFunction) => {
+    next(
+      new AppError(
+        'Too many verification attempts from this IP. Please try again in 15 minutes.',
+        429,
+        ERROR_CODES.TOO_MANY_REQUESTS
+      )
+    );
+  },
+  skipSuccessfulRequests: true, // Don't count successful verifications
+  skipFailedRequests: false, // Count failed attempts to prevent brute force
+});
+/**
+ * Per-email cooldown middleware
+ * Prevents enumeration attacks by enforcing minimum time between requests for same email
+ *
+ * Cooldown: 60 seconds between requests for same email
+ */
+export const perEmailCooldown = (cooldownMs: number = 60000) => {
+  return (req: Request, _res: Response, next: NextFunction) => {
+    const email = req.body?.email?.toLowerCase();
+    if (!email) {
+      // If no email in body, let it pass (will be caught by validation)
+      return next();
+    }
+    const now = Date.now();
+    const lastRequest = emailCooldowns.get(email);
+    if (lastRequest && now - lastRequest < cooldownMs) {
+      const remainingMs = cooldownMs - (now - lastRequest);
+      const remainingSec = Math.ceil(remainingMs / 1000);
+      throw new AppError(
+        `Please wait ${remainingSec} seconds before requesting another code for this email`,
+        429,
+        ERROR_CODES.TOO_MANY_REQUESTS
+      );
+    }
+    // Update last request time
+    emailCooldowns.set(email, now);
+    next();
+  };
+};
+/**
+ * Combined rate limiter for sending email otp requests
+ * Applies both per-IP and per-email limits
+ */
+export const sendEmailOTPLimiter = [
+  sendEmailOTPRateLimiter,
+  perEmailCooldown(60000), // 60 second cooldown per email
+];
+/**
+ * Rate limiter for OTP verification attempts (email OTP verification)
+ * Only per-IP limit, no per-email limit (to allow legitimate retries)
+ */
+export const verifyOTPLimiter = [verifyOTPRateLimiter];

package/backend/src/api/routes/{ai.ts → ai/index.routes.ts} RENAMED Viewed

@@ -1,15 +1,15 @@
 import { Router, Response, NextFunction } from 'express';
-import { ChatService } from '@/core/ai/chat';
-import { AuthRequest, verifyAdmin, verifyUser } from '../middleware/auth';
-import { ImageService } from '@/core/ai/image';
-import { AIModelService } from '@/core/ai/model';
-import { AppError } from '@/api/middleware/error';
-import { ERROR_CODES } from '@/types/error-constants';
-import { successResponse } from '@/utils/response';
-import { AIConfigService } from '@/core/ai/config';
-import { AIUsageService } from '@/core/ai/usage';
-import { AIClientService } from '@/core/ai/client';
-import { AuditService } from '@/core/logs/audit';
+import { ChatCompletionService } from '@/services/ai/chat-completion.service.js';
+import { AuthRequest, verifyAdmin, verifyUser } from '../../middlewares/auth.js';
+import { ImageGenerationService } from '@/services/ai/image-generation.service.js';
+import { AIModelService } from '@/services/ai/ai-model.service.js';
+import { AppError } from '@/api/middlewares/error.js';
+import { ERROR_CODES } from '@/types/error-constants.js';
+import { successResponse } from '@/utils/response.js';
+import { AIConfigService } from '@/services/ai/ai-config.service.js';
+import { AIUsageService } from '@/services/ai/ai-usage.service.js';
+import { AIClientService } from '@/providers/ai/openrouter.provider.js';
+import { AuditService } from '@/services/logs/audit.service.js';
 import {
   createAIConfigurationRequestSchema,
   updateAIConfigurationRequestSchema,
@@ -20,25 +20,21 @@ import {
 } from '@insforge/shared-schemas';
 const router = Router();
-const chatService = new ChatService();
-const aiConfigService = new AIConfigService();
-const aiUsageService = new AIUsageService();
+const chatService = ChatCompletionService.getInstance();
+const aiConfigService = AIConfigService.getInstance();
+const aiUsageService = AIUsageService.getInstance();
 const auditService = AuditService.getInstance();
 /**
  * GET /api/ai/models
  * Get all available AI models in ListModelsResponse format
  */
-router.get('/models', verifyAdmin, async (req: AuthRequest, res: Response) => {
+router.get('/models', verifyAdmin, async (req: AuthRequest, res: Response, next: NextFunction) => {
   try {
     const models = await AIModelService.getModels();
-    res.json(models);
+    successResponse(res, models);
   } catch (error) {
-    console.error('Error getting models:', error);
-    res.status(500).json({
-      error: 'Failed to get models list',
-      details: error instanceof Error ? error.message : String(error),
-    });
+    next(error);
   }
 });
@@ -98,7 +94,7 @@ router.post(
       // Non-streaming requests
       const result = await chatService.chat(messages, options);
-      res.json(result);
+      successResponse(res, result);
     } catch (error) {
       if (error instanceof AppError) {
         next(error);
@@ -133,9 +129,9 @@ router.post(
         );
       }
-      const result = await ImageService.generate(validationResult.data);
+      const result = await ImageGenerationService.generate(validationResult.data);
-      res.json(result);
+      successResponse(res, result);
     } catch (error) {
       if (error instanceof AppError) {
         next(error);