npm - insforge - Versions diffs - 1.3.0 → 1.4.8 - Mend

insforge 1.3.0 → 1.4.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (269) hide show

package/CHANGELOG.md +2 -0
package/auth/package.json +5 -3
package/auth/src/lib/broadcastService.ts +115 -117
package/auth/src/lib/insforge.ts +8 -0
package/auth/src/main.tsx +2 -4
package/auth/src/pages/SignInPage.tsx +60 -60
package/auth/src/pages/SignUpPage.tsx +60 -60
package/auth/src/pages/VerifyEmailPage.tsx +18 -0
package/auth/tsconfig.json +2 -1
package/backend/package.json +10 -6
package/backend/src/api/middlewares/rate-limiters.ts +127 -127
package/backend/src/api/routes/ai/index.routes.ts +475 -468
package/backend/src/api/routes/auth/index.routes.ts +85 -32
package/backend/src/api/routes/auth/oauth.routes.ts +11 -6
package/backend/src/api/routes/database/index.routes.ts +2 -0
package/backend/src/api/routes/database/records.routes.ts +39 -175
package/backend/src/api/routes/database/rpc.routes.ts +69 -0
package/backend/src/api/routes/deployments/index.routes.ts +192 -0
package/backend/src/api/routes/docs/index.routes.ts +3 -2
package/backend/src/api/routes/email/index.routes.ts +35 -35
package/backend/src/api/routes/functions/index.routes.ts +3 -3
package/backend/src/api/routes/metadata/index.routes.ts +26 -0
package/backend/src/api/routes/webhooks/index.routes.ts +109 -0
package/backend/src/infra/database/database.manager.ts +0 -10
package/backend/src/infra/database/migrations/018_schema-rework.sql +441 -0
package/backend/src/infra/database/migrations/019_create-deployments-table.sql +36 -0
package/backend/src/infra/database/migrations/020_add-audio-modality.sql +11 -0
package/backend/src/infra/database/migrations/bootstrap/bootstrap-migrations.js +103 -0
package/backend/src/infra/security/token.manager.ts +1 -4
package/backend/src/providers/ai/openrouter.provider.ts +12 -3
package/backend/src/providers/database/base.provider.ts +39 -0
package/backend/src/providers/database/cloud.provider.ts +159 -0
package/backend/src/providers/deployments/vercel.provider.ts +516 -0
package/backend/src/server.ts +19 -7
package/backend/src/services/ai/ai-config.service.ts +6 -6
package/backend/src/services/ai/ai-model.service.ts +60 -60
package/backend/src/services/ai/ai-usage.service.ts +7 -7
package/backend/src/services/ai/chat-completion.service.ts +415 -220
package/backend/src/services/ai/helpers.ts +64 -64
package/backend/src/services/ai/index.ts +13 -13
package/backend/src/services/auth/auth-config.service.ts +4 -4
package/backend/src/services/auth/auth-otp.service.ts +6 -6
package/backend/src/services/auth/auth.service.ts +134 -74
package/backend/src/services/auth/index.ts +4 -4
package/backend/src/services/auth/oauth-config.service.ts +12 -12
package/backend/src/services/database/database-advance.service.ts +19 -55
package/backend/src/services/database/database-table.service.ts +38 -85
package/backend/src/services/database/postgrest-proxy.service.ts +165 -0
package/backend/src/services/deployments/deployment.service.ts +693 -0
package/backend/src/services/functions/function.service.ts +61 -41
package/backend/src/services/logs/audit.service.ts +10 -10
package/backend/src/services/secrets/secret.service.ts +101 -27
package/backend/src/services/storage/storage.service.ts +30 -30
package/backend/src/services/usage/usage.service.ts +6 -6
package/backend/src/types/ai.ts +8 -0
package/backend/src/types/auth.ts +5 -1
package/backend/src/types/database.ts +2 -0
package/backend/src/types/deployments.ts +33 -0
package/backend/src/types/storage.ts +1 -1
package/backend/src/types/webhooks.ts +45 -0
package/backend/src/utils/cookies.ts +34 -35
package/backend/src/utils/environment.ts +0 -14
package/backend/src/utils/s3-config-loader.ts +64 -64
package/backend/src/utils/seed.ts +334 -301
package/backend/src/utils/sql-parser.ts +126 -0
package/backend/src/utils/utils.ts +114 -114
package/backend/src/utils/validations.ts +10 -10
package/backend/tests/local/test-rpc.sh +141 -0
package/backend/tests/local/test-secrets.sh +1 -1
package/backend/tests/manual/test-ai-model-plugins.sh +258 -0
package/backend/tests/manual/test-rawsql-modes.sh +24 -24
package/backend/tests/unit/database-advance.test.ts +326 -0
package/backend/tests/unit/helpers.test.ts +2 -2
package/claude-plugin/skills/insforge-schema-patterns/SKILL.md +13 -10
package/docker-compose.prod.yml +1 -1
package/docker-compose.yml +1 -1
package/docs/agent-docs/deployment.md +79 -0
package/docs/changelog.mdx +165 -72
package/docs/core-concepts/ai/architecture.mdx +1 -23
package/docs/core-concepts/ai/sdk.mdx +26 -1
package/docs/core-concepts/authentication/architecture.mdx +6 -8
package/docs/core-concepts/authentication/sdk.mdx +387 -91
package/docs/core-concepts/authentication/ui-components/customization.mdx +460 -256
package/docs/core-concepts/authentication/ui-components/nextjs.mdx +50 -24
package/docs/core-concepts/authentication/ui-components/react-router.mdx +18 -19
package/docs/core-concepts/authentication/ui-components/react.mdx +26 -19
package/docs/core-concepts/database/architecture.mdx +58 -21
package/docs/core-concepts/database/pgvector.mdx +138 -0
package/docs/core-concepts/database/sdk.mdx +17 -17
package/docs/core-concepts/deployments/architecture.mdx +152 -0
package/docs/core-concepts/email/architecture.mdx +4 -2
package/docs/core-concepts/functions/architecture.mdx +1 -1
package/docs/core-concepts/functions/sdk.mdx +0 -1
package/docs/core-concepts/realtime/architecture.mdx +1 -1
package/docs/core-concepts/storage/architecture.mdx +1 -1
package/docs/core-concepts/storage/sdk.mdx +25 -25
package/docs/docs.json +14 -6
package/docs/favicon.png +0 -0
package/docs/favicon.svg +3 -18
package/docs/images/changelog/dec-2025/apple-oauth.mp4 +0 -0
package/docs/images/changelog/dec-2025/moreModels.png +0 -0
package/docs/images/changelog/dec-2025/multi-region.webp +0 -0
package/docs/images/changelog/dec-2025/postgres-connection.webp +0 -0
package/docs/images/changelog/dec-2025/realtime2.png +0 -0
package/docs/images/mcp-setup/CC-MCP-1.mp4 +0 -0
package/docs/images/mcp-setup/CC-MCP-2.mp4 +0 -0
package/docs/images/mcp-setup/Cursor-MCP-1.mp4 +0 -0
package/docs/images/mcp-setup/Cursor-MCP-2.mp4 +0 -0
package/docs/images/mcp-setup/Cursor-MCP-3.mp4 +0 -0
package/docs/images/mcp-setup/claude-code-connect.png +0 -0
package/docs/images/mcp-setup/cline-1.png +0 -0
package/docs/images/mcp-setup/cline-2.png +0 -0
package/docs/images/mcp-setup/cline-3.png +0 -0
package/docs/images/mcp-setup/connect-project.png +0 -0
package/docs/images/mcp-setup/copilot-1.png +0 -0
package/docs/images/mcp-setup/copilot-2.png +0 -0
package/docs/images/mcp-setup/copilot-3.png +0 -0
package/docs/images/mcp-setup/mcp-json-1.png +0 -0
package/docs/images/mcp-setup/mcp-json-2.png +0 -0
package/docs/images/mcp-setup/qoder-1.png +0 -0
package/docs/images/mcp-setup/qoder-2.png +0 -0
package/docs/images/mcp-setup/roocode-1.png +0 -0
package/docs/images/mcp-setup/roocode-2.png +0 -0
package/docs/images/mcp-setup/trae-1.png +0 -0
package/docs/images/mcp-setup/trae-2.png +0 -0
package/docs/images/mcp-setup/trae-3.png +0 -0
package/docs/images/mcp-setup/trae-4.png +0 -0
package/docs/images/mcp-setup/trae-5.png +0 -0
package/docs/images/mcp-setup/windsurf-1.png +0 -0
package/docs/images/mcp-setup/windsurf-2.png +0 -0
package/docs/insforge-instructions-sdk.md +7 -3
package/docs/introduction.mdx +9 -8
package/docs/mcp-setup.mdx +332 -0
package/docs/oauth-server.mdx +563 -0
package/docs/partnership.mdx +79 -10
package/docs/quickstart.mdx +1 -1
package/docs/vscode-extension.mdx +74 -0
package/eslint.config.js +1 -0
package/examples/response-examples.md +1 -1
package/frontend/package.json +1 -1
package/frontend/src/App.tsx +8 -3
package/frontend/src/assets/logos/antigravity.svg +1 -0
package/frontend/src/assets/logos/copilot.svg +10 -0
package/frontend/src/assets/logos/deepseek.svg +139 -0
package/frontend/src/assets/logos/kiro.svg +9 -0
package/frontend/src/assets/logos/qoder.svg +4 -0
package/frontend/src/assets/logos/qwen.svg +15 -0
package/frontend/src/components/CodeBlock.tsx +2 -2
package/frontend/src/components/ConnectCTA.tsx +3 -2
package/frontend/src/components/datagrid/DataGrid.tsx +90 -62
package/frontend/src/components/datagrid/datagridTypes.tsx +2 -1
package/frontend/src/components/datagrid/index.ts +1 -1
package/frontend/src/components/index.ts +0 -1
package/frontend/src/components/layout/AppHeader.tsx +4 -27
package/frontend/src/components/layout/AppSidebar.tsx +85 -100
package/frontend/src/components/layout/Layout.tsx +34 -32
package/frontend/src/components/layout/PrimaryMenu.tsx +12 -4
package/frontend/src/components/radix/Select.tsx +151 -151
package/frontend/src/features/ai/components/AIConfigCard.tsx +200 -200
package/frontend/src/features/ai/components/AIEmptyState.tsx +23 -23
package/frontend/src/features/ai/components/ModalityFilterSidebar.tsx +102 -101
package/frontend/src/features/ai/components/ModelSelectionDialog.tsx +135 -135
package/frontend/src/features/ai/components/ModelSelectionGrid.tsx +51 -51
package/frontend/src/features/ai/components/SystemPromptDialog.tsx +118 -118
package/frontend/src/features/ai/components/index.ts +6 -6
package/frontend/src/features/ai/helpers.ts +147 -141
package/frontend/src/features/ai/pages/AIPage.tsx +166 -166
package/frontend/src/features/auth/components/AuthPreview.tsx +96 -96
package/frontend/src/features/auth/components/UsersDataGrid.tsx +55 -31
package/frontend/src/features/auth/components/index.ts +5 -5
package/frontend/src/features/auth/pages/AuthMethodsPage.tsx +275 -275
package/frontend/src/features/dashboard/pages/DashboardPage.tsx +1 -1
package/frontend/src/features/database/components/DatabaseDataGrid.tsx +0 -2
package/frontend/src/features/database/components/ForeignKeyCell.tsx +38 -11
package/frontend/src/features/database/components/ForeignKeyPopover.tsx +18 -8
package/frontend/src/features/database/components/LinkRecordModal.tsx +61 -13
package/frontend/src/features/database/components/RecordFormField.tsx +1 -1
package/frontend/src/features/database/components/TableSidebar.tsx +0 -3
package/frontend/src/features/database/components/TablesEmptyState.tsx +1 -1
package/frontend/src/features/database/components/TemplatePreview.tsx +1 -2
package/frontend/src/features/database/constants.ts +16 -28
package/frontend/src/features/database/hooks/useCSVImport.ts +3 -2
package/frontend/src/features/database/hooks/useRawSQL.ts +3 -2
package/frontend/src/features/database/hooks/useTables.ts +5 -7
package/frontend/src/features/database/pages/FunctionsPage.tsx +0 -5
package/frontend/src/features/database/pages/IndexesPage.tsx +0 -5
package/frontend/src/features/database/pages/PoliciesPage.tsx +0 -5
package/frontend/src/features/database/pages/SQLEditorPage.tsx +2 -2
package/frontend/src/features/database/pages/TriggersPage.tsx +0 -5
package/frontend/src/features/database/services/advance.service.ts +1 -15
package/frontend/src/features/database/services/record.service.ts +4 -20
package/frontend/src/features/database/services/table.service.ts +1 -4
package/frontend/src/features/database/templates/ai-chatbot.ts +6 -6
package/frontend/src/features/database/templates/ecommerce-platform.ts +2 -2
package/frontend/src/features/database/templates/instagram-clone.ts +10 -10
package/frontend/src/features/database/templates/notion-clone.ts +8 -8
package/frontend/src/features/database/templates/reddit-clone.ts +10 -10
package/frontend/src/features/deployments/components/DeploymentRow.tsx +93 -0
package/frontend/src/features/deployments/components/DeploymentsEmptyState.tsx +15 -0
package/frontend/src/features/deployments/hooks/useDeployments.ts +157 -0
package/frontend/src/features/deployments/pages/DeploymentsPage.tsx +318 -0
package/frontend/src/features/deployments/services/deployments.service.ts +63 -0
package/frontend/src/features/functions/components/FunctionRow.tsx +72 -72
package/frontend/src/features/functions/components/FunctionsSidebar.tsx +56 -56
package/frontend/src/features/functions/components/SecretRow.tsx +3 -3
package/frontend/src/features/functions/components/index.ts +5 -5
package/frontend/src/features/functions/hooks/useFunctions.ts +5 -4
package/frontend/src/features/functions/hooks/useSecrets.ts +6 -9
package/frontend/src/features/functions/pages/SecretsPage.tsx +118 -118
package/frontend/src/features/functions/services/function.service.ts +8 -25
package/frontend/src/features/functions/services/secret.service.ts +23 -41
package/frontend/src/features/login/pages/CloudLoginPage.tsx +125 -118
package/frontend/src/features/logs/components/LogDetailPanel.tsx +41 -0
package/frontend/src/features/logs/components/LogsDataGrid.tsx +32 -1
package/frontend/src/features/logs/components/index.ts +1 -0
package/frontend/src/features/logs/pages/LogsPage.tsx +36 -6
package/frontend/src/features/onboard/components/ApiCredentialsSection.tsx +59 -0
package/frontend/src/features/onboard/components/ConnectionStringSection.tsx +180 -0
package/frontend/src/features/onboard/components/McpConnectionSection.tsx +159 -0
package/frontend/src/features/onboard/components/OnboardingController.tsx +68 -0
package/frontend/src/features/onboard/components/OnboardingModal.tsx +121 -267
package/frontend/src/features/onboard/components/ShowPasswordButton.tsx +21 -0
package/frontend/src/features/onboard/components/index.ts +9 -4
package/frontend/src/features/onboard/components/mcp/CursorDeeplinkGenerator.tsx +1 -1
package/frontend/src/features/onboard/components/mcp/QoderDeeplinkGenerator.tsx +36 -0
package/frontend/src/features/onboard/components/mcp/helpers.tsx +123 -98
package/frontend/src/features/onboard/components/mcp/index.ts +4 -3
package/frontend/src/features/onboard/index.ts +17 -13
package/frontend/src/features/settings/pages/SettingsPage.tsx +349 -0
package/frontend/src/features/visualizer/components/AuthNode.tsx +4 -4
package/frontend/src/features/visualizer/components/SchemaVisualizer.tsx +21 -8
package/frontend/src/features/visualizer/pages/VisualizerPage.tsx +10 -1
package/frontend/src/index.css +249 -249
package/frontend/src/lib/contexts/ModalContext.tsx +35 -0
package/frontend/src/lib/hooks/useMetadata.ts +45 -1
package/frontend/src/lib/hooks/useModal.tsx +2 -0
package/frontend/src/lib/routing/AppRoutes.tsx +103 -99
package/frontend/src/lib/services/metadata.service.ts +20 -3
package/frontend/src/lib/utils/menuItems.ts +223 -207
package/frontend/src/lib/utils/utils.ts +196 -196
package/functions/server.ts +315 -315
package/functions/worker-template.js +1 -1
package/openapi/ai.yaml +115 -5
package/openapi/auth.yaml +97 -17
package/openapi/logs.yaml +0 -2
package/openapi/metadata.yaml +0 -2
package/openapi/records.yaml +21 -21
package/openapi/tables.yaml +1 -2
package/package.json +1 -1
package/shared-schemas/package.json +1 -1
package/shared-schemas/src/ai-api.schema.ts +251 -143
package/shared-schemas/src/ai.schema.ts +63 -63
package/shared-schemas/src/auth-api.schema.ts +34 -6
package/shared-schemas/src/auth.schema.ts +17 -10
package/shared-schemas/src/cloud-events.schema.ts +26 -0
package/shared-schemas/src/deployments-api.schema.ts +55 -0
package/shared-schemas/src/deployments.schema.ts +30 -0
package/shared-schemas/src/docs.schema.ts +8 -2
package/shared-schemas/src/email-api.schema.ts +30 -30
package/shared-schemas/src/functions-api.schema.ts +13 -4
package/shared-schemas/src/functions.schema.ts +1 -1
package/shared-schemas/src/index.ts +22 -18
package/shared-schemas/src/metadata.schema.ts +30 -4
package/shared-schemas/src/secrets-api.schema.ts +44 -0
package/shared-schemas/src/secrets.schema.ts +15 -0
package/zeabur/README.md +13 -0
package/zeabur/template.yml +20 -51
package/backend/src/types/profile.ts +0 -55
package/frontend/src/components/ProjectInfoModal.tsx +0 -128

package/backend/src/api/routes/auth/index.routes.ts CHANGED Viewed

@@ -10,11 +10,7 @@ import { successResponse } from '@/utils/response.js';
 import { AuthRequest, verifyAdmin, verifyToken } from '@/api/middlewares/auth.js';
 import oauthRouter from './oauth.routes.js';
 import { sendEmailOTPLimiter, verifyOTPLimiter } from '@/api/middlewares/rate-limiters.js';
-import {
-  REFRESH_TOKEN_COOKIE_NAME,
-  setAuthCookie,
-  clearAuthCookie,
-} from '@/utils/cookies.js';
+import { REFRESH_TOKEN_COOKIE_NAME, setAuthCookie, clearAuthCookie } from '@/utils/cookies.js';
 import {
   userIdSchema,
   createUserRequestSchema,
@@ -27,6 +23,7 @@ import {
   sendResetPasswordEmailRequestSchema,
   exchangeResetPasswordTokenRequestSchema,
   resetPasswordRequestSchema,
+  updateProfileRequestSchema,
   type CreateUserResponse,
   type CreateSessionResponse,
   type VerifyEmailResponse,
@@ -34,6 +31,7 @@ import {
   type ResetPasswordResponse,
   type CreateAdminSessionResponse,
   type GetCurrentSessionResponse,
+  type GetProfileResponse,
   type ListUsersResponse,
   type DeleteUsersResponse,
   type GetPublicAuthConfigResponse,
@@ -74,6 +72,60 @@ router.get('/public-config', async (req: Request, res: Response, next: NextFunct
   }
 });
+// PATCH /api/auth/profiles/current - Update current user's profile (authenticated)
+router.patch(
+  '/profiles/current',
+  verifyToken,
+  async (req: AuthRequest, res: Response, next: NextFunction) => {
+    try {
+      if (!req.user) {
+        throw new AppError('User not authenticated', 401, ERROR_CODES.AUTH_INVALID_CREDENTIALS);
+      }
+      const validationResult = updateProfileRequestSchema.safeParse(req.body);
+      if (!validationResult.success) {
+        throw new AppError(
+          validationResult.error.issues.map((e) => `${e.path.join('.')}: ${e.message}`).join(', '),
+          400,
+          ERROR_CODES.INVALID_INPUT
+        );
+      }
+      const { profile } = validationResult.data;
+      const result = await authService.updateProfile(req.user.id, profile);
+      const response: GetProfileResponse = result;
+      successResponse(res, response);
+    } catch (error) {
+      next(error);
+    }
+  }
+);
+// GET /api/auth/profiles/:userId - Get user profile by ID (public endpoint)
+router.get('/profiles/:userId', async (req: Request, res: Response, next: NextFunction) => {
+  try {
+    const userIdValidation = userIdSchema.safeParse(req.params.userId);
+    if (!userIdValidation.success) {
+      throw new AppError('Invalid user ID format', 400, ERROR_CODES.INVALID_INPUT);
+    }
+    const userId = userIdValidation.data;
+    const userProfile = await authService.getProfileById(userId);
+    if (!userProfile) {
+      throw new AppError('User not found', 404, ERROR_CODES.NOT_FOUND);
+    }
+    const response: GetProfileResponse = userProfile;
+    successResponse(res, response);
+  } catch (error) {
+    next(error);
+  }
+});
 // Email Authentication Configuration Routes
 // GET /api/auth/config - Get authentication configurations (admin only)
 router.get('/config', verifyAdmin, async (req: AuthRequest, res: Response, next: NextFunction) => {
@@ -128,16 +180,15 @@ router.post('/users', async (req: Request, res: Response, next: NextFunction) =>
       );
     }
-    const { email, password, name } = validationResult.data;
-    const result: CreateUserResponse = await authService.register(email, password, name);
+    const { email, password, name, options } = validationResult.data;
+    const result: CreateUserResponse = await authService.register(email, password, name, options);
     // Set refresh token in httpOnly cookie and generate CSRF token
-    let csrfToken: string | null = null;
     if (result.accessToken && result.user) {
       const tokenManager = TokenManager.getInstance();
       const refreshToken = tokenManager.generateRefreshToken(result.user.id);
-      setAuthCookie(res, REFRESH_TOKEN_COOKIE_NAME, refreshToken);
-      csrfToken = tokenManager.generateCsrfToken(refreshToken);
+      setAuthCookie(req, res, REFRESH_TOKEN_COOKIE_NAME, refreshToken);
+      result.csrfToken = tokenManager.generateCsrfToken(refreshToken);
     }
     const socket = SocketManager.getInstance();
@@ -148,7 +199,7 @@ router.post('/users', async (req: Request, res: Response, next: NextFunction) =>
       'system'
     );
-    successResponse(res, { ...result, csrfToken });
+    successResponse(res, result);
   } catch (error) {
     next(error);
   }
@@ -172,10 +223,10 @@ router.post('/sessions', async (req: Request, res: Response, next: NextFunction)
     // Set refresh token in httpOnly cookie and generate CSRF token
     const tokenManager = TokenManager.getInstance();
     const refreshToken = tokenManager.generateRefreshToken(result.user.id);
-    setAuthCookie(res, REFRESH_TOKEN_COOKIE_NAME, refreshToken);
-    const csrfToken = tokenManager.generateCsrfToken(refreshToken);
+    setAuthCookie(req, res, REFRESH_TOKEN_COOKIE_NAME, refreshToken);
+    result.csrfToken = tokenManager.generateCsrfToken(refreshToken);
-    successResponse(res, { ...result, csrfToken });
+    successResponse(res, result);
   } catch (error) {
     next(error);
   }
@@ -206,7 +257,7 @@ router.post('/refresh', async (req: Request, res: Response, next: NextFunction)
     if (!user) {
       logger.warn('[Auth:Refresh] User not found for valid refresh token', { userId: payload.sub });
-      clearAuthCookie(res, REFRESH_TOKEN_COOKIE_NAME);
+      clearAuthCookie(req, res, REFRESH_TOKEN_COOKIE_NAME);
       throw new AppError('User not found', 401, ERROR_CODES.AUTH_UNAUTHORIZED);
     }
@@ -220,7 +271,7 @@ router.post('/refresh', async (req: Request, res: Response, next: NextFunction)
     // Generate new refresh token (token rotation for security)
     const newRefreshToken = tokenManager.generateRefreshToken(user.id);
-    setAuthCookie(res, REFRESH_TOKEN_COOKIE_NAME, newRefreshToken);
+    setAuthCookie(req, res, REFRESH_TOKEN_COOKIE_NAME, newRefreshToken);
     const newCsrfToken = tokenManager.generateCsrfToken(newRefreshToken);
     successResponse(res, {
@@ -230,15 +281,15 @@ router.post('/refresh', async (req: Request, res: Response, next: NextFunction)
     });
   } catch (error) {
     // Clear invalid cookie on error
-    clearAuthCookie(res, REFRESH_TOKEN_COOKIE_NAME);
+    clearAuthCookie(req, res, REFRESH_TOKEN_COOKIE_NAME);
     next(error);
   }
 });
 // POST /api/auth/logout - Logout and clear refresh token cookie
-router.post('/logout', (_req: Request, res: Response, next: NextFunction) => {
+router.post('/logout', (req: Request, res: Response, next: NextFunction) => {
   try {
-    clearAuthCookie(res, REFRESH_TOKEN_COOKIE_NAME);
+    clearAuthCookie(req, res, REFRESH_TOKEN_COOKIE_NAME);
     successResponse(res, {
       success: true,
@@ -307,18 +358,19 @@ router.post('/admin/sessions', (req: Request, res: Response, next: NextFunction)
 router.get(
   '/sessions/current',
   verifyToken,
-  (req: AuthRequest, res: Response, next: NextFunction) => {
+  async (req: AuthRequest, res: Response, next: NextFunction) => {
     try {
       if (!req.user) {
         throw new AppError('User not authenticated', 401, ERROR_CODES.AUTH_INVALID_CREDENTIALS);
       }
+      const user = await authService.getUserSchemaById(req.user.id);
+      if (!user) {
+        throw new AppError('User not found', 401, ERROR_CODES.AUTH_INVALID_CREDENTIALS);
+      }
       const response: GetCurrentSessionResponse = {
-        user: {
-          id: req.user.id,
-          email: req.user.email,
-          role: req.user.role as 'authenticated' | 'project_admin',
-        },
+        user,
       };
       successResponse(res, response);
@@ -359,7 +411,7 @@ router.get('/users', verifyAdmin, async (req: Request, res: Response, next: Next
   }
 });
-// GET /api/auth/users/:id - Get specific user (admin only)
+// GET /api/auth/users/:userId - Get specific user (admin only)
 router.get(
   '/users/:userId',
   verifyAdmin,
@@ -375,7 +427,7 @@ router.get(
       const user = await authService.getUserSchemaById(userId);
       if (!user) {
-        throw new AppError('User not found', 404, ERROR_CODES.NOT_FOUND);
+        throw new AppError('User does not exist', 404, ERROR_CODES.NOT_FOUND);
       }
       successResponse(res, user);
@@ -458,7 +510,7 @@ router.post(
         );
       }
-      const { email } = validationResult.data;
+      const { email, options } = validationResult.data;
       // Get auth config to determine verification method
       const authConfig = await authConfigService.getAuthConfig();
@@ -467,7 +519,8 @@ router.post(
       // Note: User enumeration is prevented at service layer
       // Service returns gracefully (no error) if user not found
       if (method === 'link') {
-        await authService.sendVerificationEmailWithLink(email);
+        const redirectTo = authConfig.signInRedirectTo || options?.emailRedirectTo;
+        await authService.sendVerificationEmailWithLink(email, redirectTo);
       } else {
         await authService.sendVerificationEmailWithCode(email);
       }
@@ -536,9 +589,9 @@ router.post(
       // Set refresh token in httpOnly cookie and generate CSRF token
       const tokenManager = TokenManager.getInstance();
       const refreshToken = tokenManager.generateRefreshToken(result.user.id);
-      setAuthCookie(res, REFRESH_TOKEN_COOKIE_NAME, refreshToken);
-      const csrfToken = tokenManager.generateCsrfToken(refreshToken);
-      successResponse(res, { ...result, csrfToken });
+      setAuthCookie(req, res, REFRESH_TOKEN_COOKIE_NAME, refreshToken);
+      result.csrfToken = tokenManager.generateCsrfToken(refreshToken);
+      successResponse(res, result);
     } catch (error) {
       next(error);
     }

package/backend/src/api/routes/auth/oauth.routes.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import { Router, Request, Response, NextFunction } from 'express';
 import { AuthService } from '@/services/auth/auth.service.js';
 import { OAuthConfigService } from '@/services/auth/oauth-config.service.js';
+import { AuthConfigService } from '@/services/auth/auth-config.service.js';
 import { AuditService } from '@/services/logs/audit.service.js';
 import { TokenManager } from '@/infra/security/token.manager.js';
 import { AppError } from '@/api/middlewares/error.js';
@@ -20,6 +21,7 @@ import { isOAuthSharedKeysAvailable } from '@/utils/environment.js';
 const router = Router();
 const authService = AuthService.getInstance();
+const authConfigService = AuthConfigService.getInstance();
 const oAuthConfigService = OAuthConfigService.getInstance();
 const auditService = AuditService.getInstance();
@@ -246,14 +248,17 @@ router.get('/:provider', async (req: Request, res: Response, next: NextFunction)
     }
     const validatedProvider = providerValidation.data;
+    const authConfig = await authConfigService.getAuthConfig();
-    if (!redirect_uri) {
+    const redirectUri = authConfig.signInRedirectTo || redirect_uri;
+    if (!redirectUri) {
       throw new AppError('Redirect URI is required', 400, ERROR_CODES.INVALID_INPUT);
     }
     const jwtPayload = {
       provider: validatedProvider,
-      redirectUri: redirect_uri ? (redirect_uri as string) : undefined,
+      redirectUri,
       createdAt: Date.now(),
     };
     const jwtSecret = validateJwtSecret();
@@ -346,7 +351,7 @@ router.get('/shared/callback/:state', async (req: Request, res: Response, next:
     // Set refresh token in httpOnly cookie and generate CSRF token
     const tokenManager = TokenManager.getInstance();
     const refreshToken = tokenManager.generateRefreshToken(result.user.id);
-    setAuthCookie(res, REFRESH_TOKEN_COOKIE_NAME, refreshToken);
+    setAuthCookie(req, res, REFRESH_TOKEN_COOKIE_NAME, refreshToken);
     const csrfToken = tokenManager.generateCsrfToken(refreshToken);
     const params = new URLSearchParams();
@@ -354,7 +359,7 @@ router.get('/shared/callback/:state', async (req: Request, res: Response, next:
     params.set('access_token', result.accessToken);
     params.set('user_id', result.user.id);
     params.set('email', result.user.email);
-    params.set('name', result.user.name);
+    params.set('name', String(result?.user?.profile?.name));
     params.set('csrf_token', csrfToken);
     res.redirect(`${redirectUri}?${params.toString()}`);
@@ -425,7 +430,7 @@ const handleOAuthCallback = async (req: Request, res: Response, next: NextFuncti
       // Set refresh token in httpOnly cookie and generate CSRF token
       const tokenManager = TokenManager.getInstance();
       const refreshToken = tokenManager.generateRefreshToken(result.user.id);
-      setAuthCookie(res, REFRESH_TOKEN_COOKIE_NAME, refreshToken);
+      setAuthCookie(req, res, REFRESH_TOKEN_COOKIE_NAME, refreshToken);
       const csrfToken = tokenManager.generateCsrfToken(refreshToken);
       // Construct redirect URL with query parameters
@@ -434,7 +439,7 @@ const handleOAuthCallback = async (req: Request, res: Response, next: NextFuncti
       params.set('access_token', result.accessToken);
       params.set('user_id', result.user.id);
       params.set('email', result.user.email);
-      params.set('name', result.user.name);
+      params.set('name', String(result?.user?.profile?.name));
       params.set('csrf_token', csrfToken);
       const finalRedirectUri = `${redirectUri}?${params.toString()}`;

package/backend/src/api/routes/database/index.routes.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import { Router, Response, NextFunction } from 'express';
 import { databaseTablesRouter } from './tables.routes.js';
 import { databaseRecordsRouter } from './records.routes.js';
+import { databaseRpcRouter } from './rpc.routes.js';
 import databaseAdvanceRouter from './advance.routes.js';
 import { DatabaseService } from '@/services/database/database.service.js';
 import { verifyAdmin, AuthRequest } from '@/api/middlewares/auth.js';
@@ -13,6 +14,7 @@ const databaseService = DatabaseService.getInstance();
 // Mount database sub-routes
 router.use('/tables', databaseTablesRouter);
 router.use('/records', databaseRecordsRouter);
+router.use('/rpc', databaseRpcRouter);
 router.use('/advance', databaseAdvanceRouter);
 /**

package/backend/src/api/routes/database/records.routes.ts CHANGED Viewed

@@ -1,80 +1,41 @@
 import { Router, Response, NextFunction } from 'express';
 import axios from 'axios';
-import http from 'http';
-import https from 'https';
 import { AuthRequest, extractApiKey } from '@/api/middlewares/auth.js';
 import { DatabaseManager } from '@/infra/database/database.manager.js';
-import { TokenManager } from '@/infra/security/token.manager.js';
 import { AppError } from '@/api/middlewares/error.js';
 import { ERROR_CODES } from '@/types/error-constants.js';
 import { validateTableName } from '@/utils/validations.js';
 import { DatabaseRecord } from '@/types/database.js';
 import { successResponse } from '@/utils/response.js';
-import logger from '@/utils/logger.js';
-import { SecretService } from '@/services/secrets/secret.service.js';
 import { SocketManager } from '@/infra/socket/socket.manager.js';
 import { DataUpdateResourceType, ServerEvents } from '@/types/socket.js';
 import { DatabaseResourceUpdate } from '@/utils/sql-parser.js';
+import { PostgrestProxyService } from '@/services/database/postgrest-proxy.service.js';
 const router = Router();
-const secretService = SecretService.getInstance();
-const postgrestUrl = process.env.POSTGREST_BASE_URL || 'http://localhost:5430';
+const proxyService = PostgrestProxyService.getInstance();
-// Create a dedicated HTTP agent with connection pooling for PostgREST
-// Optimized connection pool for Docker network communication
-const httpAgent = new http.Agent({
-  keepAlive: true,
-  keepAliveMsecs: 5000, // Shorter for Docker network
-  maxSockets: 20, // Reduced for stability
-  maxFreeSockets: 5,
-  timeout: 10000, // Match axios timeout
-});
-const httpsAgent = new https.Agent({
-  keepAlive: true,
-  keepAliveMsecs: 5000,
-  maxSockets: 20,
-  maxFreeSockets: 5,
-  timeout: 10000,
-});
-// Create axios instance with optimized configuration for PostgREST
-const postgrestAxios = axios.create({
-  httpAgent,
-  httpsAgent,
-  timeout: 10000, // Increased timeout for stability
-  maxRedirects: 0,
-  // Additional connection stability options
-  headers: {
-    Connection: 'keep-alive',
-    'Keep-Alive': 'timeout=5, max=10',
-  },
-});
-// Generate admin token once and reuse
-// If user request with api key, this token should be added automatically.
-const tokenManager = TokenManager.getInstance();
-const adminToken = tokenManager.generateAdminToken();
-// anonymous users can access the database, postgREST does not require authentication, however we seed to unwrap session token for better auth, thus
-// we need to verify user token below.
-// router.use(verifyUserOrApiKey);
+/**
+ * Helper to handle PostgREST proxy errors
+ */
+function handleProxyError(error: unknown, res: Response, next: NextFunction) {
+  if (axios.isAxiosError(error) && error.response) {
+    res.status(error.response.status).json(error.response.data);
+  } else {
+    next(error);
+  }
+}
 /**
- * Forward database requests to PostgREST
+ * Forward database table requests to PostgREST
  */
 const forwardToPostgrest = async (req: AuthRequest, res: Response, next: NextFunction) => {
   const { tableName } = req.params;
   const wildcardPath = req.params[0] || '';
-  // Build the target URL early so it's available in error handling
-  const targetPath = wildcardPath ? `/${tableName}/${wildcardPath}` : `/${tableName}`;
-  const targetUrl = `${postgrestUrl}${targetPath}`;
+  const path = wildcardPath ? `/${tableName}/${wildcardPath}` : `/${tableName}`;
   try {
-    // Validate table name with operation type
-    const method = req.method.toUpperCase();
+    // Validate table name
     try {
       validateTableName(tableName);
     } catch (error) {
@@ -84,11 +45,14 @@ const forwardToPostgrest = async (req: AuthRequest, res: Response, next: NextFun
       throw new AppError('Invalid table name', 400, ERROR_CODES.INVALID_INPUT);
     }
-    // Process request body for POST/PATCH/PUT operations
-    if (['POST', 'PATCH', 'PUT'].includes(method) && req.body && typeof req.body === 'object') {
+    // Process request body for POST/PATCH/PUT (filter empty values based on column types)
+    const method = req.method.toUpperCase();
+    let body = req.body;
+    if (['POST', 'PATCH', 'PUT'].includes(method) && body && typeof body === 'object') {
       const columnTypeMap = await DatabaseManager.getColumnTypeMap(tableName);
-      if (Array.isArray(req.body)) {
-        req.body = req.body.map((item) => {
+      if (Array.isArray(body)) {
+        body = body.map((item) => {
           if (item && typeof item === 'object') {
             const filtered: DatabaseRecord = {};
             for (const key in item) {
@@ -102,7 +66,6 @@ const forwardToPostgrest = async (req: AuthRequest, res: Response, next: NextFun
           return item;
         });
       } else {
-        const body = req.body as DatabaseRecord;
         for (const key in body) {
           if (columnTypeMap[key] === 'uuid' && body[key] === '') {
             delete body[key];
@@ -111,100 +74,31 @@ const forwardToPostgrest = async (req: AuthRequest, res: Response, next: NextFun
       }
     }
-    // Forward the request
-    const axiosConfig: {
-      method: string;
-      url: string;
-      params: unknown;
-      headers: Record<string, string | string[] | undefined>;
-      data?: unknown;
-    } = {
+    // Forward to PostgREST via service
+    const result = await proxyService.forward({
       method: req.method,
-      url: targetUrl,
-      params: req.query,
-      headers: {
-        ...req.headers,
-        host: undefined, // Remove host header
-        'content-length': undefined, // Let axios calculate
-      },
-    };
-    // Check for API key using shared logic
-    const apiKey = extractApiKey(req);
-    // If we have an API key, verify it and use admin token for PostgREST
-    if (apiKey) {
-      const isValid = await secretService.verifyApiKey(apiKey);
-      if (isValid) {
-        axiosConfig.headers.authorization = `Bearer ${adminToken}`;
-      }
-    }
-    // Add body for methods that support it
-    if (['POST', 'PUT', 'PATCH'].includes(req.method)) {
-      axiosConfig.data = req.body;
-    }
-    // Enhanced retry logic with improved error handling
-    let response;
-    let lastError;
-    const maxRetries = 3; // Increased retries for connection resets
-    for (let attempt = 1; attempt <= maxRetries; attempt++) {
-      try {
-        response = await postgrestAxios(axiosConfig);
-        break; // Success, exit retry loop
-      } catch (error) {
-        lastError = error;
-        // Retry on network errors (ECONNRESET, ECONNREFUSED, timeout) but not HTTP errors
-        const shouldRetry = axios.isAxiosError(error) && !error.response && attempt < maxRetries;
-        if (shouldRetry) {
-          logger.warn(`PostgREST request failed, retrying (attempt ${attempt}/${maxRetries})`, {
-            url: targetUrl,
-            errorCode: error.code,
-            message: error.message,
-          });
-          // Enhanced exponential backoff: 200ms, 500ms, 1000ms
-          const backoffDelay = Math.min(200 * Math.pow(2.5, attempt - 1), 1000);
-          await new Promise((resolve) => setTimeout(resolve, backoffDelay));
-        } else {
-          throw error; // Don't retry on HTTP errors or last attempt
-        }
-      }
-    }
-    if (!response) {
-      throw lastError || new Error('Failed to get response from PostgREST');
-    }
+      path,
+      query: req.query as Record<string, unknown>,
+      headers: req.headers as Record<string, string | string[] | undefined>,
+      body: ['POST', 'PUT', 'PATCH'].includes(req.method) ? body : undefined,
+      apiKey: extractApiKey(req) ?? undefined,
+    });
     // Forward response headers
-    Object.entries(response.headers).forEach(([key, value]) => {
-      const keyLower = key.toLowerCase();
-      if (
-        keyLower !== 'content-length' &&
-        keyLower !== 'transfer-encoding' &&
-        keyLower !== 'connection' &&
-        keyLower !== 'content-encoding'
-      ) {
-        res.setHeader(key, value);
-      }
-    });
+    const headers = PostgrestProxyService.filterHeaders(result.headers);
+    Object.entries(headers).forEach(([key, value]) => res.setHeader(key, value));
     // Handle empty responses
-    let responseData = response.data;
+    let responseData = result.data;
     if (
-      response.data === undefined ||
-      (typeof response.data === 'string' && response.data.trim() === '')
+      result.data === undefined ||
+      (typeof result.data === 'string' && result.data.trim() === '')
     ) {
       responseData = [];
     }
-    // Only send socket events for mutations (POST, DELETE)
-    const mutationMethods = ['POST', 'DELETE'];
-    if (mutationMethods.includes(req.method.toUpperCase())) {
+    // Broadcast socket events for mutations
+    if (['POST', 'DELETE'].includes(method)) {
       const socket = SocketManager.getInstance();
       socket.broadcastToRoom(
         'role:project_admin',
@@ -217,39 +111,9 @@ const forwardToPostgrest = async (req: AuthRequest, res: Response, next: NextFun
       );
     }
-    successResponse(res, responseData, response.status);
+    successResponse(res, responseData, result.status);
   } catch (error) {
-    if (axios.isAxiosError(error)) {
-      // Log more detailed error information
-      logger.error('PostgREST request failed', {
-        url: targetUrl,
-        method: req.method,
-        error: {
-          code: error.code,
-          message: error.message,
-          response: error.response?.data,
-          responseStatus: error.response?.status,
-        },
-      });
-      // Forward PostgREST errors
-      if (error.response) {
-        res.status(error.response.status).json(error.response.data);
-      } else {
-        // Network error - connection refused, DNS failure, etc.
-        const errorMessage =
-          error.code === 'ECONNREFUSED'
-            ? 'PostgREST connection refused'
-            : error.code === 'ENOTFOUND'
-              ? 'PostgREST service not found'
-              : 'Database service unavailable';
-        next(new AppError(errorMessage, 503, ERROR_CODES.INTERNAL_ERROR));
-      }
-    } else {
-      logger.error('Unexpected error in database route', { error });
-      next(error);
-    }
+    handleProxyError(error, res, next);
   }
 };

package/backend/src/api/routes/database/rpc.routes.ts ADDED Viewed

@@ -0,0 +1,69 @@
+import { Router, Response, NextFunction } from 'express';
+import axios from 'axios';
+import { AuthRequest, extractApiKey } from '@/api/middlewares/auth.js';
+import { AppError } from '@/api/middlewares/error.js';
+import { ERROR_CODES } from '@/types/error-constants.js';
+import { validateFunctionName } from '@/utils/validations.js';
+import { successResponse } from '@/utils/response.js';
+import { PostgrestProxyService } from '@/services/database/postgrest-proxy.service.js';
+const router = Router();
+const proxyService = PostgrestProxyService.getInstance();
+/**
+ * Helper to handle PostgREST proxy errors
+ */
+function handleProxyError(error: unknown, res: Response, next: NextFunction) {
+  if (axios.isAxiosError(error) && error.response) {
+    res.status(error.response.status).json(error.response.data);
+  } else {
+    next(error);
+  }
+}
+/**
+ * Forward RPC calls to PostgREST
+ */
+const forwardRpcToPostgrest = async (req: AuthRequest, res: Response, next: NextFunction) => {
+  const { functionName } = req.params;
+  try {
+    // Validate function name
+    try {
+      validateFunctionName(functionName);
+    } catch (error) {
+      if (error instanceof AppError) {
+        throw error;
+      }
+      throw new AppError(`Invalid function name: ${functionName}`, 400, ERROR_CODES.INVALID_INPUT);
+    }
+    const result = await proxyService.forward({
+      method: req.method,
+      path: `/rpc/${functionName}`,
+      query: req.query as Record<string, unknown>,
+      headers: req.headers as Record<string, string | string[] | undefined>,
+      body: req.body,
+      apiKey: extractApiKey(req) ?? undefined,
+    });
+    const headers = PostgrestProxyService.filterHeaders(result.headers);
+    Object.entries(headers).forEach(([key, value]) => res.setHeader(key, value));
+    let responseData = result.data;
+    if (
+      result.data === undefined ||
+      (typeof result.data === 'string' && result.data.trim() === '')
+    ) {
+      responseData = null;
+    }
+    successResponse(res, responseData, result.status);
+  } catch (error) {
+    handleProxyError(error, res, next);
+  }
+};
+router.all('/:functionName', forwardRpcToPostgrest);
+export { router as databaseRpcRouter };