insforge 1.2.10 → 1.3.0

package/backend/src/infra/socket/socket.manager.ts

@@ -2,17 +2,19 @@ import { Server as HttpServer } from 'http';
 import { Server as SocketIOServer, Socket } from 'socket.io';
 import logger from '@/utils/logger.js';
 import { TokenManager } from '@/infra/security/token.manager.js';
-import {
-  ServerEvents,
-  ClientEvents,
+import { ServerEvents, ClientEvents, SocketMetadata, NotificationPayload } from '@/types/socket.js';
+import type {
+  SubscribeChannelPayload,
+  PublishEventPayload,
   SocketMessage,
-  SocketMetadata,
-  NotificationPayload,
-  SubscribePayload,
-  UnsubscribePayload,
-} from '@/types/socket.js';
+  SocketMessageMeta,
+  SubscribeResponse,
+  UnsubscribeChannelPayload,
+} from '@insforge/shared-schemas';
 import { AppError } from '@/api/middlewares/error.js';
 import { ERROR_CODES, NEXT_ACTION } from '@/types/error-constants.js';
+import { RealtimeAuthService } from '@/services/realtime/realtime-auth.service.js';
+import { RealtimeMessageService } from '@/services/realtime/realtime-message.service.js';
 
 const tokenManager = TokenManager.getInstance();
 
@@ -188,14 +190,22 @@ export class SocketManager {
    * Setup handlers for client events
    */
   private setupClientEventHandlers(socket: Socket): void {
-    // Handle subscription requests
-    socket.on(ClientEvents.SUBSCRIBE, (payload: SubscribePayload) => {
-      this.handleSubscribe(socket, payload);
+    // Handle realtime channel subscribe with ack callback
+    socket.on(
+      ClientEvents.REALTIME_SUBSCRIBE,
+      (payload: SubscribeChannelPayload, ack: (response: SubscribeResponse) => void) => {
+        void this.handleRealtimeSubscribe(socket, payload, ack);
+      }
+    );
+
+    // Handle realtime channel unsubscribe (fire-and-forget, no ack needed)
+    socket.on(ClientEvents.REALTIME_UNSUBSCRIBE, (payload: UnsubscribeChannelPayload) => {
+      this.handleRealtimeUnsubscribe(socket, payload);
     });
 
-    // Handle unsubscription requests
-    socket.on(ClientEvents.UNSUBSCRIBE, (payload: UnsubscribePayload) => {
-      this.handleUnsubscribe(socket, payload);
+    // Handle realtime publish (client-initiated messages)
+    socket.on(ClientEvents.REALTIME_PUBLISH, (payload: PublishEventPayload) => {
+      void this.handleRealtimePublish(socket, payload);
     });
 
     // Update last activity on any event
@@ -208,70 +218,181 @@ export class SocketManager {
   }
 
   /**
-   * Handle channel subscription
+   * Handle realtime channel subscribe request
    */
-  private handleSubscribe(socket: Socket, payload: SubscribePayload): void {
-    const metadata = this.socketMetadata.get(socket.id);
-    if (!metadata) {
-      return;
+  private async handleRealtimeSubscribe(
+    socket: Socket,
+    payload: SubscribeChannelPayload,
+    ack?: (response: SubscribeResponse) => void
+  ): Promise<void> {
+    const authService = RealtimeAuthService.getInstance();
+    const { channel } = payload;
+    const userId = socket.data.user?.id;
+    const userRole = socket.data.user?.role;
+
+    try {
+      // Check subscribe permission via RLS SELECT policy
+      const canSubscribe = await authService.checkSubscribePermission(channel, userId, userRole);
+
+      if (!canSubscribe) {
+        ack?.({
+          ok: false,
+          channel,
+          error: { code: 'UNAUTHORIZED', message: 'Not authorized to subscribe to this channel' },
+        });
+        return;
+      }
+
+      const roomName = `realtime:${channel}`;
+      await socket.join(roomName);
+
+      const metadata = this.socketMetadata.get(socket.id);
+      if (metadata) {
+        metadata.subscriptions.add(roomName);
+      }
+
+      ack?.({ ok: true, channel });
+
+      logger.debug('Socket subscribed to realtime channel', {
+        socketId: socket.id,
+        channel,
+      });
+    } catch (error) {
+      logger.error('Error handling realtime subscribe', { error, channel });
+      ack?.({
+        ok: false,
+        channel,
+        error: { code: 'INTERNAL_ERROR', message: 'Failed to subscribe to channel' },
+      });
     }
+  }
 
-    void socket.join(payload.channel);
-    metadata.subscriptions.add(payload.channel);
+  /**
+   * Handle realtime channel unsubscribe request (fire-and-forget)
+   */
+  private handleRealtimeUnsubscribe(socket: Socket, payload: UnsubscribeChannelPayload): void {
+    const { channel } = payload;
+    const roomName = `realtime:${channel}`;
 
-    logger.debug('Socket subscribed to channel', {
-      socketId: socket.id,
-      channel: payload.channel,
-    });
+    void socket.leave(roomName);
+
+    const metadata = this.socketMetadata.get(socket.id);
+    if (metadata) {
+      metadata.subscriptions.delete(roomName);
+    }
+
+    logger.debug('Socket unsubscribed from realtime channel', { socketId: socket.id, channel });
   }
 
   /**
-   * Handle channel unsubscription
+   * Handle realtime publish request (client-initiated message)
+   * Inserts message to DB - trigger handles pg_notify, broadcast, and stats update.
    */
-  private handleUnsubscribe(socket: Socket, payload: UnsubscribePayload): void {
+  private async handleRealtimePublish(socket: Socket, payload: PublishEventPayload): Promise<void> {
+    const { channel, event, payload: eventPayload } = payload;
+    const userId = socket.data.user?.id;
+    const userRole = socket.data.user?.role;
+
+    // Check if client has subscribed to this channel
+    const roomName = `realtime:${channel}`;
     const metadata = this.socketMetadata.get(socket.id);
-    if (!metadata) {
+    if (!metadata?.subscriptions.has(roomName)) {
+      socket.emit(ServerEvents.REALTIME_ERROR, {
+        channel,
+        code: 'NOT_SUBSCRIBED',
+        message: 'Must subscribe to channel before publishing messages',
+      });
       return;
     }
 
-    void socket.leave(payload.channel);
-    metadata.subscriptions.delete(payload.channel);
+    try {
+      // Insert message directly - trigger will handle pg_notify and broadcasting
+      const messageService = RealtimeMessageService.getInstance();
+      const result = await messageService.insertMessage(
+        channel,
+        event,
+        eventPayload,
+        userId,
+        userRole
+      );
+
+      if (!result) {
+        socket.emit(ServerEvents.REALTIME_ERROR, {
+          channel,
+          code: 'UNAUTHORIZED',
+          message: 'Not authorized to publish to this channel',
+        });
+        return;
+      }
 
-    logger.debug('Socket unsubscribed from channel', {
-      socketId: socket.id,
-      channel: payload.channel,
-    });
+      logger.debug('Client message inserted', {
+        socketId: socket.id,
+        channel,
+        event,
+      });
+    } catch (error) {
+      logger.error('Error handling realtime publish', { error, channel });
+      socket.emit(ServerEvents.REALTIME_ERROR, {
+        channel,
+        code: 'INTERNAL_ERROR',
+        message: 'Failed to publish message',
+      });
+    }
   }
 
   /**
-   * Emit event to specific socket with type safety
+   * Build a SocketMessage with meta and payload
    */
-  emitToSocket<T>(socket: Socket, event: ServerEvents, payload: T): void {
-    const message: SocketMessage<T> = {
-      type: event,
-      payload,
-      timestamp: Date.now(),
-      id: this.generateMessageId(),
-    };
+  private buildSocketMessage<T extends object>(
+    payload: T,
+    meta: Omit<SocketMessageMeta, 'messageId' | 'timestamp'> & { messageId?: string }
+  ): SocketMessage & T {
+    return {
+      ...payload,
+      meta: {
+        ...meta,
+        messageId: meta.messageId || this.generateMessageId(),
+        timestamp: new Date().toISOString(),
+      },
+    } as SocketMessage & T;
+  }
+
+  /**
+   * Emit message to specific socket
+   */
+  emitToSocket<T extends object>(
+    socket: Socket,
+    event: string,
+    payload: T,
+    senderType: 'system' | 'user' = 'system',
+    senderId?: string,
+    messageId?: string
+  ): void {
+    const message = this.buildSocketMessage(payload, {
+      channel: socket.id,
+      senderType,
+      senderId,
+      messageId,
+    });
     socket.emit(event, message);
   }
 
   /**
    * Broadcast to all connected clients
    */
-  broadcastToAll<T>(event: ServerEvents, payload: T): void {
+  broadcastToAll<T extends object>(
+    event: string,
+    payload: T,
+    senderType: 'system' | 'user' = 'system',
+    senderId?: string,
+    messageId?: string
+  ): void {
     if (!this.io) {
       logger.warn('Socket.IO server not initialized');
       return;
     }
 
-    const message: SocketMessage<T> = {
-      type: event,
-      payload,
-      timestamp: Date.now(),
-      id: this.generateMessageId(),
-    };
-
+    const message = this.buildSocketMessage(payload, { senderType, senderId, messageId });
     this.io.emit(event, message);
 
     logger.info('Broadcasted message to all clients', {
@@ -283,25 +404,38 @@ export class SocketManager {
   /**
    * Broadcast to specific room
    */
-  broadcastToRoom<T>(room: string, event: ServerEvents, payload?: T): void {
+  broadcastToRoom<T extends object>(
+    room: string,
+    event: string,
+    payload: T,
+    senderType: 'system' | 'user',
+    senderId?: string,
+    messageId?: string
+  ): void {
     if (!this.io) {
       logger.warn('Socket.IO server not initialized');
       return;
     }
 
-    const message: SocketMessage<T> = {
-      type: event,
-      payload,
-      timestamp: Date.now(),
-      id: this.generateMessageId(),
-    };
-
+    const message = this.buildSocketMessage(payload, {
+      channel: room,
+      senderType,
+      senderId,
+      messageId,
+    });
     this.io.to(room).emit(event, message);
 
-    logger.info('Broadcasted message to room', {
-      event,
-      room,
-    });
+    logger.debug('Broadcasted message to room', { event, room });
+  }
+
+  /**
+   * Get the number of sockets in a room
+   */
+  getRoomSize(room: string): number {
+    if (!this.io) {
+      return 0;
+    }
+    return this.io.sockets.adapter.rooms.get(room)?.size || 0;
   }
 
   /**
@@ -368,11 +502,11 @@ export class SocketManager {
   close(): void {
     if (this.io) {
       // Notify all clients about server shutdown
-      this.broadcastToAll<NotificationPayload>(ServerEvents.NOTIFICATION, {
+      this.broadcastToAll(ServerEvents.NOTIFICATION, {
         level: 'warning',
         title: 'Server Shutdown',
         message: 'Server is shutting down',
-      });
+      } as NotificationPayload);
 
       // Close all connections
       void this.io.close();

package/backend/src/providers/ai/openrouter.provider.ts

@@ -41,8 +41,8 @@ interface OpenRouterLimitation {
   };
 }
 
-export class AIClientService {
-  private static instance: AIClientService;
+export class OpenRouterProvider {
+  private static instance: OpenRouterProvider;
   private cloudCredentials: CloudCredentials | undefined;
   private openRouterClient: OpenAI | null = null;
   private currentApiKey: string | undefined;
@@ -51,11 +51,11 @@ export class AIClientService {
 
   private constructor() {}
 
-  static getInstance(): AIClientService {
-    if (!AIClientService.instance) {
-      AIClientService.instance = new AIClientService();
+  static getInstance(): OpenRouterProvider {
+    if (!OpenRouterProvider.instance) {
+      OpenRouterProvider.instance = new OpenRouterProvider();
     }
-    return AIClientService.instance;
+    return OpenRouterProvider.instance;
   }
 
   /**
@@ -100,9 +100,9 @@ export class AIClientService {
 
   /**
    * Get the OpenAI client, creating or updating it as needed
-   * This is the main method services should use
+   * Used internally by sendRequest()
    */
-  async getClient(): Promise<OpenAI> {
+  private async getClient(): Promise<OpenAI> {
     if (!this.openRouterClient) {
       this.openRouterClient = this.createClient(await this.getApiKey());
       return this.openRouterClient;
@@ -349,6 +349,9 @@ export class AIClientService {
         logger.info(`Received ${error.status} insufficient credits, renewing API key...`);
         await this.renewCloudApiKey();
 
+        // Get fresh client with renewed API key
+        const renewedClient = await this.getClient();
+
         // Retry with exponential backoff (3 attempts)
         const maxRetries = 3;
 
@@ -360,7 +363,7 @@ export class AIClientService {
             );
             await new Promise((resolve) => setTimeout(resolve, backoffMs));
 
-            const result = await request(client);
+            const result = await request(renewedClient);
             logger.info('Request succeeded after API key renewal');
             return result;
           } catch (retryError) {

package/backend/src/providers/email/base.provider.ts

@@ -1,4 +1,5 @@
 import { EmailTemplate } from '@/types/email.js';
+import { SendRawEmailRequest } from '@insforge/shared-schemas';
 
 /**
  * Email provider interface
@@ -25,14 +26,10 @@ export interface EmailProvider {
   ): Promise<void>;
 
   /**
-   * Send raw email with custom subject and body
-   * Optional - not all providers may support this
-   * @param to - Recipient email address
-   * @param subject - Email subject
-   * @param html - HTML email body
-   * @param text - Plain text email body (optional)
+   * Send custom/raw email (optional - not all providers may support this)
+   * @param options - Email options (to, subject, html, cc, bcc, from, replyTo)
    */
-  sendRaw?(to: string, subject: string, html: string, text?: string): Promise<void>;
+  sendRaw?(options: SendRawEmailRequest): Promise<void>;
 
   /**
    * Check if provider supports template-based emails

package/backend/src/providers/email/cloud.provider.ts

@@ -5,6 +5,7 @@ import logger from '@/utils/logger.js';
 import { AppError } from '@/api/middlewares/error.js';
 import { ERROR_CODES } from '@/types/error-constants.js';
 import { EmailTemplate } from '@/types/email.js';
+import { SendRawEmailRequest } from '@insforge/shared-schemas';
 import { EmailProvider } from './base.provider.js';
 
 /**
@@ -184,4 +185,87 @@ export class CloudEmailProvider implements EmailProvider {
       );
     }
   }
+
+  /**
+   * Send custom/raw email via cloud backend
+   */
+  async sendRaw(options: SendRawEmailRequest): Promise<void> {
+    try {
+      const projectId = config.cloud.projectId;
+      const apiHost = config.cloud.apiHost;
+      const signToken = this.generateSignToken();
+
+      const url = `${apiHost}/email/v1/${projectId}/send-on-demand`;
+      const response = await axios.post(url, options, {
+        headers: {
+          'Content-Type': 'application/json',
+          sign: signToken,
+        },
+        timeout: 10000,
+      });
+
+      if (response.data?.success) {
+        logger.info('Raw email sent successfully', { projectId });
+      } else {
+        throw new AppError(
+          'Email service returned unsuccessful response',
+          500,
+          ERROR_CODES.INTERNAL_ERROR
+        );
+      }
+    } catch (error) {
+      if (axios.isAxiosError(error)) {
+        const status = error.response?.status;
+        const message = error.response?.data?.message || error.message;
+
+        logger.error('Failed to send raw email via cloud backend', {
+          projectId: config.cloud.projectId,
+          status,
+          message,
+        });
+
+        if (status === 401) {
+          throw new AppError(
+            'Authentication failed with cloud email service.',
+            status,
+            ERROR_CODES.AUTH_UNAUTHORIZED
+          );
+        } else if (status === 403) {
+          throw new AppError(
+            'Custom email service is not available for free plan. Please upgrade to use this feature.',
+            status,
+            ERROR_CODES.FORBIDDEN
+          );
+        } else if (status === 429) {
+          throw new AppError(
+            'Email rate limit exceeded. Starter plan is limited 10 emails per hour, and Pro plan is limited 50 emails per hour',
+            status,
+            ERROR_CODES.RATE_LIMITED
+          );
+        } else if (status === 400) {
+          throw new AppError(
+            `Invalid email request: ${message}`,
+            status,
+            ERROR_CODES.INVALID_INPUT
+          );
+        } else {
+          throw new AppError(
+            `Failed to send email: ${message}`,
+            status || 500,
+            ERROR_CODES.INTERNAL_ERROR
+          );
+        }
+      }
+
+      if (error instanceof AppError) {
+        throw error;
+      }
+
+      throw new AppError(
+        `Failed to send email: ${error instanceof Error ? error.message : 'Unknown error'}`,
+        500,
+        ERROR_CODES.INTERNAL_ERROR
+      );
+    }
+  }
 }